Version in base suite: 11.8.6-0+deb13u1 Base version: mariadb_11.8.6-0+deb13u1 Target version: mariadb_11.8.8-0+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mariadb/mariadb_11.8.6-0+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mariadb/mariadb_11.8.8-0+deb13u1.dsc /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server2-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server2-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server3-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server3-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server4-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server4-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server5-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server5-key.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/client-sm2.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/root-sm2.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.der |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl.rc |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/main/outfile.result |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/std_data/mdev-39404-binlog.000001 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/std_data/mdev-39408.mb |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.mo |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.eot |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.ttf |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff2 |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff |binary /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff2 |binary mariadb-11.8.8/.gitignore | 4 mariadb-11.8.8/CMakeLists.txt | 16 mariadb-11.8.8/CONTRIBUTING.md | 34 mariadb-11.8.8/Docs/INFO_SRC | 10 mariadb-11.8.8/Docs/README-wsrep | 485 mariadb-11.8.8/VERSION | 2 mariadb-11.8.8/client/mysql.cc | 113 mariadb-11.8.8/client/mysql_upgrade.c | 2 mariadb-11.8.8/client/mysqladmin.cc | 8 mariadb-11.8.8/client/mysqlbinlog.cc | 31 mariadb-11.8.8/client/mysqlcheck.c | 15 mariadb-11.8.8/client/mysqldump.cc | 89 mariadb-11.8.8/client/mysqltest.cc | 94 mariadb-11.8.8/cmake/build_configurations/mysql_release.cmake | 149 mariadb-11.8.8/cmake/cpack_rpm.cmake | 4 mariadb-11.8.8/cmake/libutils.cmake | 6 mariadb-11.8.8/cmake/make_dist.cmake.in | 29 mariadb-11.8.8/cmake/os/Windows.cmake | 2 mariadb-11.8.8/cmake/pcre.cmake | 7 mariadb-11.8.8/cmake/plugin.cmake | 16 mariadb-11.8.8/cmake/submodule_info.cmake | 16 mariadb-11.8.8/config.h.cmake | 5 mariadb-11.8.8/dbug/dbug.c | 20 mariadb-11.8.8/debian/additions/debian-start | 13 mariadb-11.8.8/debian/additions/debian-start.inc.sh | 56 mariadb-11.8.8/debian/changelog | 32 mariadb-11.8.8/debian/control | 1 mariadb-11.8.8/debian/mariadb-server.mysql.default | 4 mariadb-11.8.8/debian/patches/Fix-misc-spelling-in-MariaDB-Server-repository.patch | 34 mariadb-11.8.8/debian/patches/MDEV-37411-suppress-new-warning-about-native-aio.patch | 4 mariadb-11.8.8/debian/patches/MDEV-38811-skip-grant-tables-crash.patch | 32 mariadb-11.8.8/debian/patches/env-perl-usr-bin-perl.patch | 2 mariadb-11.8.8/debian/patches/series | 1 mariadb-11.8.8/debian/patches/startup-message.patch | 4 mariadb-11.8.8/debian/salsa-ci.yml | 4 mariadb-11.8.8/debian/tests/configuration-tracing | 1 mariadb-11.8.8/debian/tests/traces/mariadbd-verbose-help.expected | 12 mariadb-11.8.8/extra/CMakeLists.txt | 66 mariadb-11.8.8/extra/generate_option_list.cc | 346 mariadb-11.8.8/extra/mariabackup/backup_copy.cc | 10 mariadb-11.8.8/extra/mariabackup/backup_mysql.cc | 2 mariadb-11.8.8/extra/mariabackup/common.h | 2 mariadb-11.8.8/extra/mariabackup/ds_local.cc | 16 mariadb-11.8.8/extra/mariabackup/ds_stdout.cc | 8 mariadb-11.8.8/extra/mariabackup/ds_tmpfile.cc | 8 mariadb-11.8.8/extra/mariabackup/xbcloud.cc | 12 mariadb-11.8.8/extra/mariabackup/xbstream.cc | 5 mariadb-11.8.8/extra/mariabackup/xtrabackup.cc | 148 mariadb-11.8.8/extra/mariadb_migrate_config_file.c | 2566 mariadb-11.8.8/extra/readline/display.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.codespellexcludelines | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/.cyignore | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/.editorconfig | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/CMakeLists.txt | 108 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/entrypoint.sh | 194 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/main.c | 137 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/run-renode.resc | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/startup_stm32h753.c | 101 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h753.ld | 109 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h7xx_hal_conf.h | 208 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/toolchain-arm-none-eabi.cmake | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/user_settings.h | 95 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/openssl-ech.sh | 192 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/tls-anvil-test.sh | 285 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ada.yml | 67 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/arduino.yml | 53 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async-examples.yml | 111 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async.yml | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/bind.yml | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake-autoconf.yml | 41 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake.yml | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/codespell.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/coverity-scan-fixes.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/curl.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cyrus-sasl.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/disable-pk-algs.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/fil-c.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/grpc.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/hostap-vm.yml | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/intelasm-c-fallback.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ipmitool.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/jwt-cpp.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libspdm.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libvncserver.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/linuxkm.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/memcached.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/mosquitto.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msmtp.yml | 108 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msys2.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/net-snmp.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nginx.yml | 86 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-malloc.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-tls.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nss.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ntp.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ocsp.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openldap.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssh.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssl-ech.yml | 165 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/opensslcoexist.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/os-check.yml | 63 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/packaging.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pam-ipmi.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pq-all.yml | 22 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/psk.yml | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/python.yml | 142 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/renode-stm32h753.yml | 271 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rng-tools.yml | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rust-wrapper.yml | 47 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/smallStackSize.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/socat.yml | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/softhsm.yml | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/sssd.yml | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/symbol-prefixes.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/threadx.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/tls-anvil.yml | 96 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/trackmemory.yml | 60 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/win-csharp-test.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfCrypt-Wconversion.yml | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfsm.yml | 63 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/xcode.yml | 89 mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/.gitignore | 35 mariadb-11.8.8/extra/wolfssl/wolfssl/.wolfssl_known_macro_extras | 116 mariadb-11.8.8/extra/wolfssl/wolfssl/CMakeLists.txt | 336 mariadb-11.8.8/extra/wolfssl/wolfssl/ChangeLog.md | 352 mariadb-11.8.8/extra/wolfssl/wolfssl/Docker/Dockerfile | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.cpp | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/Cpu0_Main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/wolf_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/deos_malloc.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_config_h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_test_paths.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/component.mk | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Header/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/armtarget.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/benchmark_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/wolf_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/DSP/Makefile | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/Makefile | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify-benchmark.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/current_time.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/common/minimum-startup.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/test/test-main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Infineon/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/benchmark/main.cpp | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/testwolfcrypt/main.cpp | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/wolfcrypt_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Conf/user_settings.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptTest/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoClient/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoServer/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleClient/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleServer/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Src/ssl-dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/client-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/server-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfCrypt.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfSSL.txt | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert2425 | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert3389 | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/wolfssl_netos_custom.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/include/main.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/src/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-client/client-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-cmac/cmac-test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-server/server-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/strings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/unistd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/test/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/strings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/unistd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/util.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/include.am | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject | 417 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject | 34 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c | 106 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/.gitignore | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/README.md | 193 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject | 358 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h | 108 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/include.am | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject | 355 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project | 34 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject | 341 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project | 579 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml | 1297 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/starcore_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/test_wolf.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/wolf_tasks.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WICED-STUDIO/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN/user_settings.h | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.vcxproj | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h.140-2-deprecated | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv5/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv6/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.m | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/main.m | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/wolfssl_example.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/build-wolfssl-framework.sh | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/include.am | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/client-tls13.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/ca-cert.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/startup.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/target.ld | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/apps.wolfcrypttest.pkg.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/crypto.wolfssl.pkg.yml | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/INSTALL | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/LICENSING | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/Makefile.am | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/README | 201 mariadb-11.8.8/extra/wolfssl/wolfssl/README-async.md | 558 mariadb-11.8.8/extra/wolfssl/wolfssl/README.md | 222 mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Make.defs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Makefile | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/SCRIPTS-LIST | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/async-check.sh | 104 mariadb-11.8.8/extra/wolfssl/wolfssl/autogen.sh | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/Makefile | 97 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/README.md | 104 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/bsdkm_wc_port.h | 116 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/include.am | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod.c | 1032 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod_aes.c | 347 mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/x86_vecreg.c | 225 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/ca-issuers-cert.pem | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/multi-aia-cert.pem | 23 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/overflow-aia-cert.pem | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ca-cert.pem | 92 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.pem | 54 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/bad_time_fmt.pem | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/crl_reason.pem | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_57oct.pem | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_64oct.pem | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum.pem | 43 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum2.pem | 43 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/gencrls.sh | 79 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/include.am | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/README.txt | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/ca_collection.pem | 83 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/include.am | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/include.am | 22 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts-for-test.sh | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts.sh | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-crl.pem | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-chain-noroot.pem | 58 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts.sh | 139 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts/wolfssl.cnf | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.pem | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/client-sm2.pem | 34 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/fix_sm2_spki.py | 179 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/gen-sm2-certs.sh | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/root-sm2.pem | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/self-sm2-cert.pem | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.pem | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2.pem | 52 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.pem | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncdns.pem | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.pem | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.pem | 27 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/gen-ext-certs.sh | 74 mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/include.am | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/Config.cmake.in | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/README.md | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/consumer/CMakeLists.txt | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/consumer/README.md | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/consumer/main.c | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/functions.cmake | 62 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/include.am | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/options.h.in | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-config-version.cmake.in | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-targets.cmake.in | 27 mariadb-11.8.8/extra/wolfssl/wolfssl/configure.ac | 1006 mariadb-11.8.8/extra/wolfssl/wolfssl/debian/libwolfssl-dev.install | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/devin_lifeguard.yaml | 145 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/aes.h | 1617 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/arc4.h | 35 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ascon.h | 452 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/asn_public.h | 1808 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/blake2.h | 60 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/bn.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/camellia.h | 134 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha.h | 66 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha20_poly1305.h | 91 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h | 287 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/coding.h | 148 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/compress.h | 52 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cryptocb.h | 37 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve25519.h | 446 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve448.h | 443 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/des3.h | 228 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dh.h | 213 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h | 466 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dsa.h | 230 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ecc.h | 1474 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/eccsi.h | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed25519.h | 706 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed448.h | 651 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/error-crypt.h | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/evp.h | 250 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hash.h | 306 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hmac.h | 501 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/iotsafe.h | 315 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/kdf.h | 258 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/logging.h | 43 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md2.h | 62 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md4.h | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md5.h | 86 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/memory.h | 515 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ocsp.h | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pem.h | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs11.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs7.h | 690 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/poly1305.h | 99 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/psa.h | 47 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pwdbased.h | 142 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/quic.h | 654 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/random.h | 210 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ripemd.h | 56 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h | 963 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sakke.h | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha.h | 69 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha256.h | 120 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha3.h | 1213 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha512.h | 84 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/signature.h | 98 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/siphash.h | 90 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/srp.h | 326 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ssl.h | 9286 +- mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/tfm.h | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/types.h | 119 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_encrypt.h | 150 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_port.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wolfio.h | 392 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h | 1825 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/arc4.h | 54 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ascon.h | 105 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn.h | 309 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn_public.h | 1554 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/blake2.h | 341 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/camellia.h | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha.h | 41 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h | 278 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h | 79 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/coding.h | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/compress.h | 128 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cryptocb.h | 142 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve25519.h | 345 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve448.h | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/des3.h | 121 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dh.h | 686 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/doxygen_pages.h | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dsa.h | 295 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h | 1281 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed25519.h | 217 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed448.h | 49 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hash.h | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md2.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md4.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md5.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/memory.h | 57 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs11.h | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs7.h | 1354 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/poly1305.h | 72 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/psa.h | 62 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pwdbased.h | 170 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/quic.h | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/random.h | 386 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ripemd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h | 607 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha.h | 125 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha256.h | 351 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha3.h | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha512.h | 828 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/signature.h | 207 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/srp.h | 51 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h | 455 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/types.h | 298 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_encrypt.h | 121 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_port.h | 693 mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wolfio.h | 804 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/asn1.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/gen_oid_names.rb | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/oid_names.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/Makefile | 73 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/README.md | 57 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_client.c | 680 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_server.c | 502 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.c | 145 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.h | 80 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/include.am | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/user_settings.h | 98 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.c | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.c | 258 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/README.md | 23 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/include.am | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_EBSnet.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_all.h | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_baremetal.h | 231 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_ca.h | 210 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_curve25519nonblock.h | 88 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_dtls13.h | 211 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_eccnonblock.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_espressif.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv2.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv5.h | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_min_ecc.h | 114 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_openssl_compat.h | 273 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pkcs7.h | 216 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_platformio.h | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pq.h | 232 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_rsa_only.h | 238 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_stm32.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_template.h | 84 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls13.h | 214 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfboot_keytools.h | 200 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfssh.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolftpm.h | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/include.am | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/include.am | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.c | 1196 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.h | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/pem/pem.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client-dtls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server-dtls.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.c | 314 mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/fips-check.sh | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/fips-hash.sh | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/gencertbuf.pl | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Kbuild | 67 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Makefile | 201 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/README.md | 146 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/get_thread_size.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/include.am | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash-wrapper.sh | 109 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash.c | 419 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c | 797 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.h | 239 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h | 454 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_aes_glue.c | 68 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_dh_glue.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdh_glue.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdsa_glue.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_rsa_glue.c | 136 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_sha_glue.c | 905 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_exports.c.template | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_hooks.c | 1023 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch | 462 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch | 462 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch | 484 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/pie_redirect_table.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/x86_vector_register_glue.c | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_bsdkm.m4 | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_linuxkm.m4 | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/mcapi_test.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/benchmark_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/test_main.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/mqx/util_lib/Sources/util.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/asn1_oid_sum.pl | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/benchmark.test | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-gen-openssl.test | 165 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-revoked.test | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtls.test | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtlscid.test | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/include.am | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-responder-openssl-interop.test | 567 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-ca-as-responder.test | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-wolfssl-responder.test | 764 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling.test | 304 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling2.test | 363 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling_tls13multi.test | 255 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl.test | 409 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl_srtp.test | 80 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/pkcallbacks.test | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/psk.test | 32 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/rsapss.test | 141 mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/trusted_peer.test | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/src/bio.c | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/src/conf.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/src/crl.c | 1231 mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls.c | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls13.c | 223 mariadb-11.8.8/extra/wolfssl/wolfssl/src/include.am | 59 mariadb-11.8.8/extra/wolfssl/wolfssl/src/internal.c | 4337 - mariadb-11.8.8/extra/wolfssl/wolfssl/src/keys.c | 102 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ocsp.c | 844 mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk.c | 9463 -- mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_ec.c | 5613 + mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_rsa.c | 3943 + mariadb-11.8.8/extra/wolfssl/wolfssl/src/quic.c | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/src/sniffer.c | 178 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl.c | 6582 - mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_cert.c | 1761 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_crl_ocsp.c | 634 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_pk.c | 1609 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_asn1.c | 103 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_bn.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_certman.c | 839 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_crypto.c | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_ech.c | 775 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_load.c | 554 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_misc.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_p7p12.c | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sess.c | 136 mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sk.c | 135 mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls.c | 2519 mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls13.c | 1747 mariadb-11.8.8/extra/wolfssl/wolfssl/src/wolfio.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509.c | 2026 mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509_str.c | 194 mariadb-11.8.8/extra/wolfssl/wolfssl/sslSniffer/sslSnifferTest/snifftest.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api.c |25100 +------ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api.h | 35 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api_decl.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/create_ocsp_test_blobs.py | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/include.am | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.c | 1050 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon_kats.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.c | 466 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.h | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.c | 50 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.c | 2542 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.h | 65 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.c | 188 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.c | 131 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_digest.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.c | 658 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.h | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.c | 58 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.c | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.c | 581 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.c | 2866 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.h | 112 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.c | 588 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.h | 58 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.c | 2361 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.h | 102 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.c | 139 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.c | 76 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.c | 8005 ++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.c | 80 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.c | 657 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.h | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp_test_blobs.h | 830 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.c | 54 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.c | 580 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.c | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.c | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.c | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.c | 465 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.h | 45 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.c | 1321 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.h | 54 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.c | 1261 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.h | 65 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.c | 340 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.h | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.c | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.c | 1726 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.h | 88 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.c | 535 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.h | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.c | 782 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.h | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.c | 2277 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.h | 93 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.c | 248 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.h | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.c | 247 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.h | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.c | 518 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.h | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.c | 717 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.h | 42 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.c | 350 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.h | 42 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.c | 1845 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.h | 70 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.c | 276 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.h | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.c | 482 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.h | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.c | 640 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.h | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.c | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.c | 1174 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.h | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.c | 108 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.c | 1687 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.h | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.c | 198 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.c | 729 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.h | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/include.am | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/quic.c | 80 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/srp.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/suites.c | 206 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-frag.conf | 47 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra-frag.conf | 95 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra.conf | 51 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-frag.conf | 96 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid.conf | 51 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone-frag.conf | 47 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone.conf | 27 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq.conf | 27 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-ecc-cust-curves.conf | 62 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-fails.conf | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag-dtls.conf | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag.conf | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid-extra.conf | 119 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid.conf | 120 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-standalone.conf | 60 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq.conf | 60 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.c | 32 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.c | 57 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.h | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/tests/w64wrapper.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/include.am | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.c | 181 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.vcproj | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.vcxproj | 1 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c | 459 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c | 2036 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.asm | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.asm | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.S | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.asm | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/arc4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ascon.c | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asm.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c |13593 +-- mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn_orig.c | 9623 ++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/async.c | 1184 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2b.c | 203 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2s.c | 200 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/camellia.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c | 55 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.asm | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c | 35 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/coding.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/compress.c | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c | 83 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c | 391 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve448.c | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/des3.c | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c | 407 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c | 770 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c | 142 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c | 68 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/error.c | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c | 383 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp_pk.c | 1914 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_lms.c | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_mlkem.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c | 32 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_448.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_low_mem.c | 252 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_operations.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_128.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S | 9521 ++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mont_small.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_12.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_17.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_20.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_24.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_28.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_3.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_32.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_4.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_48.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_6.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_64.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_7.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_8.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_9.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_small_set.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_12.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_17.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_20.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_24.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_28.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_3.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_32.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_4.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_48.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_6.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_64.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_7.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_8.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_9.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_small_set.i | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_low_mem.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_operations.c | 732 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c | 737 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c | 135 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hpke.c | 367 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/include.am | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c | 55 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c | 22 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c | 48 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c | 784 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305.c | 22 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.asm | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_aes.c | 58 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_hash.c | 35 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/wc_afalg.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S |15537 ++++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c |14584 ++++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S | 186 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c | 186 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S | 894 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c | 911 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm.S |14076 ++++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm_c.c |13211 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm.S | 510 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm_c.c | 504 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S | 3308 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519_c.c | 3302 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S | 76 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm.S | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm.S | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCell.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCellHash.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S | 4436 + mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c | 4574 + mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519_c.c | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S | 966 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c | 1087 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/atmel/atmel.c | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c | 31 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_aes.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_driver.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_error.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_integrity.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_qnx.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_sha.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_aes.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_cmac.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hash.c | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hmac.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_init.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_qnx.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_rsa.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_seco.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_x25519.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README.md | 265 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README_Octeon.md | 236 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_nitrox.c | 1234 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_octeon_sync.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cuda/aes-cuda.cu | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/README.md | 102 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/psoc6_crypto.c | 1043 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_aes.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hash.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c | 31 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/wc_devcrypto.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/README.md | 410 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist.c | 5108 + mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_mem.c | 1131 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_sync.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c | 52 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_aes.c | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_dh.c | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_ecc.c | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hash.c | 31 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hmac.c | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_rsa.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/max3266x.c | 709 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/maxq10xx.c | 53 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/mynewt/mynewt_port.c | 105 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nrf51.c | 61 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/dcp_port.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/ksdk_port.c | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/se050_port.c | 174 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/pic32/pic32mz-crypt.c | 98 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S | 3241 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c | 3250 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c | 7673 ++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_aes.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_hash.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_pkcbs.c | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-aes.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-chacha.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-poly1305.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha256.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha3.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha512.c | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/rpi_pico/pico.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_aes.c | 87 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_ecc.c | 89 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_hash.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_random.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/README.md | 196 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c | 261 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stsafe.c | 1916 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c | 27 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-ccm.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-des3.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-hash.c | 57 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/tropicsquare/tropic01.c | 63 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-glue.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-trng.c | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pwdbased.c | 223 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/random.c | 1824 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rc2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ripemd.c | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rng_bank.c | 940 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c | 338 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c | 70 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c | 81 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3.c | 238 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3_asm.S | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c | 176 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512_asm.S | 98 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/signature.c | 55 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm2.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm4.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c | 447 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c | 115 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c | 210 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c | 201 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c | 138 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c | 490 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c | 1462 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm32.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm64.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_armthumb.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c32.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c64.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_cortexm.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c | 174 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.S | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.asm | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/srp.c | 68 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_encrypt.c | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mldsa_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem.c | 289 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_asm.S | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_poly.c | 1284 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_pkcs11.c | 1687 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c | 210 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_slhdsa.c | 7321 ++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfentropy.c | 954 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfevent.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfmath.c | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/README.md | 182 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.c | 5202 + mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.h | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test_paths.h.in | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/callbacks.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/certs_test.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/crl.h | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/error-ssl.h | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/internal.h | 350 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ocsp.h | 43 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/aes.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1t.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bn.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/buffer.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/camellia.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cms.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/compat_types.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/conf.h | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/des.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dh.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec25519.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdh.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed25519.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/err.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/evp.h | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/fips_rand.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/hmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/kdf.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/lhash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md5.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/modes.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/obj_mac.h | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/objects.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ocsp.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ossl_typ.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pem.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs12.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs7.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rand.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rc4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ripemd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/safestack.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/srp.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h | 63 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/stack.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/tls1.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/txt_db.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509.h | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509_vfy.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509v3.h | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/options.h.in | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/quic.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer_error.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ssl.h | 185 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/test.h | 59 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h.in | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h | 150 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ascon.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h | 527 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h | 82 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/async.h | 470 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-impl.h | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-int.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2.h | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/camellia.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha20_poly1305.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/coding.h | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/compress.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve25519.h | 66 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dh.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h | 168 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/eccsi.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h | 50 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_lms.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_mlkem.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_xmss.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_operations.h | 61 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fips_test.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_operations.h | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h | 78 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hpke.h | 31 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources_asm.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/lms.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md2.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md4.h | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mem_track.h | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mlkem.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/oid_sum.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs11.h | 602 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs12.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h | 26 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/poly1305.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/arm/cryptoCell.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/atmel/atmel.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_driver.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_error.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_qnx.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h | 217 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h | 93 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist.h | 520 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_mem.h | 64 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_sync.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x.h | 65 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/maxq10xx.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nrf51.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/dcp_port.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/ksdk_port.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/se050_port.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/rpi_pico/pico.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_aes.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_random.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stm32.h | 31 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stsafe.h | 132 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-ccm.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-hash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h | 157 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rc2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ripemd.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rng_bank.h | 181 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sakke.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/selftest.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h | 551 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha3.h | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h | 55 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/signature.h | 14 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/siphash.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm2.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm3.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm4.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp.h | 19 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/srp.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h | 125 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_encrypt.h | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_mlkem.h | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_pkcs11.h | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h | 175 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_slhdsa.h | 380 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_xmss.h | 8 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfentropy.h | 72 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfevent.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfio.h | 52 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/.gitignore | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/README.md | 40 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/ada_binding.c | 145 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/alire.toml | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/default.gpr | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples.gpr | 78 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/.gitignore | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/alire.toml | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/examples.gpr | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/aes_verify_main.adb | 103 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/rsa_verify_main.adb | 518 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/sha256_main.adb | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.adb | 173 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.ads | 141 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.adb | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.ads | 42 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.adb | 463 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.ads | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client_main.adb | 32 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.adb | 493 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.ads | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server_main.adb | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/include.am | 44 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.adb | 174 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.ads | 142 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.adb | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.ads | 43 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/.gitignore | 4 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/README.md | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/alire.toml | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.adb | 162 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.ads | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb | 464 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads | 23 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.adb | 146 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.ads | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.adb | 121 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.ads | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.adb | 23 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.ads | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/tests.adb | 15 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/tests.gpr | 36 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/valgrind.supp | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.adb | 453 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.ads | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client_main.adb | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.adb | 477 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.ads | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server_main.adb | 39 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/user_settings.h | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.adb | 89 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.ads | 77 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.adb | 1296 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.ads | 398 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.gpr | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/user_settings.h | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/X509.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/Makefile | 10 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/README.md | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/include.am | 83 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md | 30 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock | 294 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml | 25 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Makefile | 17 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/README.md | 86 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/build.rs | 489 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/headers.h | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs | 2575 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs | 582 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs | 342 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs | 416 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs | 668 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs | 1586 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs | 1316 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs | 1976 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs | 1411 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs | 1336 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs | 34 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs | 275 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs | 338 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs | 773 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs | 84 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs | 785 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs | 792 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs | 144 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/random.rs | 394 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs | 1297 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs | 2394 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs | 24 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs | 13 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs | 865 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs | 205 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs | 275 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs | 146 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs | 212 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs | 437 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs | 344 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs | 262 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs | 266 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs | 46 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs | 56 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs | 265 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs | 470 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs | 340 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs | 34 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs | 99 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs | 149 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs | 339 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.lock | 294 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.toml | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Makefile | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/build.rs | 182 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/headers.h | 21 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/lib.rs | 22 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/sys.rs | 16 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt.rs | 33 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs | 2618 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs | 416 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/dh.rs | 1520 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs | 1865 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs | 1411 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs | 1336 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs | 273 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs | 330 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs | 773 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/prf.rs | 136 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/random.rs | 218 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs | 1243 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/sha.rs | 2394 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_aes.rs | 867 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_cmac.rs | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_dh.rs | 204 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ecc.rs | 321 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed25519.rs | 256 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed448.rs | 260 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hkdf.rs | 38 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hmac.rs | 47 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_kdf.rs | 249 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_prf.rs | 28 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_random.rs | 72 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_rsa.rs | 140 mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_sha.rs | 339 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt | 9 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/Kconfig | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/include.am | 12 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/CMakeLists.txt | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/boards/native_sim.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/CMakeLists.txt | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/boards/native_sim.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj-no-malloc.conf | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj.conf | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_legacy.conf | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_v4.1.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/CMakeLists.txt | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/prj.conf | 11 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf | 5 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf | 6 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/CMakeLists.txt | 20 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/prj.conf | 7 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf | 3 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings-no-malloc.h | 2 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings.h | 18 mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/zephyr_init.c | 2 mariadb-11.8.8/include/CMakeLists.txt | 3 mariadb-11.8.8/include/byte_order_generic.h | 96 mariadb-11.8.8/include/byte_order_generic_x86.h | 89 mariadb-11.8.8/include/byte_order_generic_x86_64.h | 125 mariadb-11.8.8/include/my_base.h | 15 mariadb-11.8.8/include/my_byteorder.h | 273 mariadb-11.8.8/include/my_cpu.h | 4 mariadb-11.8.8/include/my_default.h | 1 mariadb-11.8.8/include/my_sys.h | 6 mariadb-11.8.8/include/my_virtual_mem.h | 4 mariadb-11.8.8/include/my_xml.h | 8 mariadb-11.8.8/include/mysql/plugin.h | 2 mariadb-11.8.8/include/mysql/plugin_audit.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_auth.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_data_type.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_encryption.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_ftparser.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_function.h.pp | 4 mariadb-11.8.8/include/mysql/plugin_password_validation.h.pp | 4 mariadb-11.8.8/include/mysql/service_encryption.h | 2 mariadb-11.8.8/include/mysql_com.h | 1 mariadb-11.8.8/include/mysql_version.h.in | 2 mariadb-11.8.8/include/mysqld_default_groups.h | 4 mariadb-11.8.8/include/password.h | 13 mariadb-11.8.8/include/source_revision.h | 2 mariadb-11.8.8/include/violite.h | 5 mariadb-11.8.8/libmariadb/.github/workflows/ci.yml | 41 mariadb-11.8.8/libmariadb/CMakeLists.txt | 44 mariadb-11.8.8/libmariadb/cmake/FindGSSAPI.cmake | 22 mariadb-11.8.8/libmariadb/cmake/FindHogweed.cmake | 4 mariadb-11.8.8/libmariadb/cmake/FindIconv.cmake | 16 mariadb-11.8.8/libmariadb/cmake/FindNettle.cmake | 4 mariadb-11.8.8/libmariadb/cmake/WindowsCache.cmake | 8 mariadb-11.8.8/libmariadb/cmake/check_include_files.cmake | 4 mariadb-11.8.8/libmariadb/cmake/check_types.cmake | 8 mariadb-11.8.8/libmariadb/cmake/install.cmake | 2 mariadb-11.8.8/libmariadb/cmake/misc.cmake | 18 mariadb-11.8.8/libmariadb/cmake/plugins.cmake | 6 mariadb-11.8.8/libmariadb/docs/Home.md | 33 mariadb-11.8.8/libmariadb/docs/TLS-SSL-Changes-in-MariaDB-Connector-C-3.4.md | 51 mariadb-11.8.8/libmariadb/docs/_Footer.md | 1 mariadb-11.8.8/libmariadb/docs/_Sidebar.md | 10 mariadb-11.8.8/libmariadb/docs/activate_non_blocking.md | 31 mariadb-11.8.8/libmariadb/docs/api.md | 12 mariadb-11.8.8/libmariadb/docs/async_api.md | 17 mariadb-11.8.8/libmariadb/docs/binlog_api.md | 6 mariadb-11.8.8/libmariadb/docs/blocking_functions.md | 5 mariadb-11.8.8/libmariadb/docs/build_client_apps.md | 76 mariadb-11.8.8/libmariadb/docs/compiling.md | 25 mariadb-11.8.8/libmariadb/docs/config_files.md | 90 mariadb-11.8.8/libmariadb/docs/configuration_options.md | 59 mariadb-11.8.8/libmariadb/docs/datastructures.md | 105 mariadb-11.8.8/libmariadb/docs/dyncol_api.md | 37 mariadb-11.8.8/libmariadb/docs/dyncol_structures.md | 55 mariadb-11.8.8/libmariadb/docs/dyncol_typesanddefs.md | 40 mariadb-11.8.8/libmariadb/docs/example_non_blocking.md | 96 mariadb-11.8.8/libmariadb/docs/generic_api.md | 84 mariadb-11.8.8/libmariadb/docs/install.md | 5 mariadb-11.8.8/libmariadb/docs/libmysql_compat.md | 160 mariadb-11.8.8/libmariadb/docs/libmysql_libmariadb.md | 160 mariadb-11.8.8/libmariadb/docs/mariadb_cancel.md | 23 mariadb-11.8.8/libmariadb/docs/mariadb_config.md | 56 mariadb-11.8.8/libmariadb/docs/mariadb_connect.md | 37 mariadb-11.8.8/libmariadb/docs/mariadb_connection.md | 18 mariadb-11.8.8/libmariadb/docs/mariadb_convert_string.md | 16 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_check.md | 21 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_cmp_named.md | 20 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_count.md | 25 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_named.md | 35 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_num.md | 35 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_errors.md | 15 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_named.md | 23 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_num.md | 23 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_free.md | 20 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_named.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_num.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_has_names.md | 21 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_init.md | 21 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_json.md | 24 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_json.md | 25 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_named.md | 30 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_num.md | 30 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_unpack.md | 33 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_named.md | 33 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_num.md | 33 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_double.md | 24 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_long.md | 24 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_str.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_value_init.md | 18 mariadb-11.8.8/libmariadb/docs/mariadb_field_attr.md | 68 mariadb-11.8.8/libmariadb/docs/mariadb_free_rpl_event.md | 18 mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_name.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_nr.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_get_info.md | 18 mariadb-11.8.8/libmariadb/docs/mariadb_get_infov.md | 132 mariadb-11.8.8/libmariadb/docs/mariadb_reconnect.md | 25 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_close.md | 21 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_errno.md | 25 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_error.md | 25 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_extract_rows.md | 27 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_fetch.md | 28 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_get_optionsv.md | 31 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_init.md | 28 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_open.md | 21 mariadb-11.8.8/libmariadb/docs/mariadb_rpl_optionsv.md | 35 mariadb-11.8.8/libmariadb/docs/mariadb_stmt_execute_direct.md | 76 mariadb-11.8.8/libmariadb/docs/mariadb_stmt_fetch_fields.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_affected_rows.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_autocommit.md | 62 mariadb-11.8.8/libmariadb/docs/mysql_change_user.md | 34 mariadb-11.8.8/libmariadb/docs/mysql_character_set_name.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_client_find_plugin.md | 30 mariadb-11.8.8/libmariadb/docs/mysql_close.md | 19 mariadb-11.8.8/libmariadb/docs/mysql_commit.md | 22 mariadb-11.8.8/libmariadb/docs/mysql_data_seek.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_debug.md | 13 mariadb-11.8.8/libmariadb/docs/mysql_dump_debug_info.md | 21 mariadb-11.8.8/libmariadb/docs/mysql_embedded.md | 16 mariadb-11.8.8/libmariadb/docs/mysql_eof.md | 22 mariadb-11.8.8/libmariadb/docs/mysql_errno.md | 23 mariadb-11.8.8/libmariadb/docs/mysql_error.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_fetch_field.md | 30 mariadb-11.8.8/libmariadb/docs/mysql_fetch_field_direct.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_fetch_fields.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_fetch_lengths.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_fetch_row.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_field_count.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_field_seek.md | 30 mariadb-11.8.8/libmariadb/docs/mysql_field_tell.md | 21 mariadb-11.8.8/libmariadb/docs/mysql_free_result.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_get_character_set_info.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_get_client_info.md | 20 mariadb-11.8.8/libmariadb/docs/mysql_get_client_version.md | 20 mariadb-11.8.8/libmariadb/docs/mysql_get_host_info.md | 20 mariadb-11.8.8/libmariadb/docs/mysql_get_parameters.md | 15 mariadb-11.8.8/libmariadb/docs/mysql_get_proto_info.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_get_server_info.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_get_server_version.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_get_socket.md | 21 mariadb-11.8.8/libmariadb/docs/mysql_get_ssl_cipher.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value_ms.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_hex_string.md | 29 mariadb-11.8.8/libmariadb/docs/mysql_info.md | 34 mariadb-11.8.8/libmariadb/docs/mysql_init.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_insert_id.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_kill.md | 33 mariadb-11.8.8/libmariadb/docs/mysql_load_plugin.md | 36 mariadb-11.8.8/libmariadb/docs/mysql_more_results.md | 31 mariadb-11.8.8/libmariadb/docs/mysql_net_field_length.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_net_read_packet.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_next_result.md | 29 mariadb-11.8.8/libmariadb/docs/mysql_num_fields.md | 22 mariadb-11.8.8/libmariadb/docs/mysql_num_rows.md | 23 mariadb-11.8.8/libmariadb/docs/mysql_options.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_options4.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_optionsv.md | 206 mariadb-11.8.8/libmariadb/docs/mysql_ping.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_query.md | 33 mariadb-11.8.8/libmariadb/docs/mysql_read_query_result.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_real_connect.md | 65 mariadb-11.8.8/libmariadb/docs/mysql_real_connect_non_block.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_real_escape_string.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_real_query.md | 33 mariadb-11.8.8/libmariadb/docs/mysql_refresh.md | 37 mariadb-11.8.8/libmariadb/docs/mysql_reset_connection.md | 40 mariadb-11.8.8/libmariadb/docs/mysql_rollback.md | 23 mariadb-11.8.8/libmariadb/docs/mysql_row_seek.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_row_tell.md | 23 mariadb-11.8.8/libmariadb/docs/mysql_select_db.md | 64 mariadb-11.8.8/libmariadb/docs/mysql_send_query.md | 30 mariadb-11.8.8/libmariadb/docs/mysql_server_end.md | 20 mariadb-11.8.8/libmariadb/docs/mysql_server_init.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_first.md | 42 mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_next.md | 35 mariadb-11.8.8/libmariadb/docs/mysql_set_character_set.md | 73 mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_default.md | 18 mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_handler.md | 48 mariadb-11.8.8/libmariadb/docs/mysql_set_server_option.md | 32 mariadb-11.8.8/libmariadb/docs/mysql_shutdown.md | 31 mariadb-11.8.8/libmariadb/docs/mysql_sqlstate.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_ssl_set.md | 44 mariadb-11.8.8/libmariadb/docs/mysql_stat.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_stmt_affected_rows.md | 22 mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_get.md | 37 mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_set.md | 39 mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_param.md | 30 mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_result.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_close.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_stmt_data_seek.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_errno.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_stmt_error.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_stmt_execute.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch_column.md | 32 mariadb-11.8.8/libmariadb/docs/mysql_stmt_field_count.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_free_result.md | 21 mariadb-11.8.8/libmariadb/docs/mysql_stmt_init.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_insert_id.md | 23 mariadb-11.8.8/libmariadb/docs/mysql_stmt_more_results.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_next_result.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_num_rows.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_count.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_metadata.md | 18 mariadb-11.8.8/libmariadb/docs/mysql_stmt_prepare.md | 34 mariadb-11.8.8/libmariadb/docs/mysql_stmt_reset.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_stmt_result_metadata.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_seek.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_tell.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_stmt_send_long_data.md | 32 mariadb-11.8.8/libmariadb/docs/mysql_stmt_sqlstate.md | 24 mariadb-11.8.8/libmariadb/docs/mysql_stmt_store_result.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_stmt_warning_count.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_store_result.md | 27 mariadb-11.8.8/libmariadb/docs/mysql_thread_end.md | 22 mariadb-11.8.8/libmariadb/docs/mysql_thread_id.md | 28 mariadb-11.8.8/libmariadb/docs/mysql_thread_init.md | 25 mariadb-11.8.8/libmariadb/docs/mysql_thread_safe.md | 18 mariadb-11.8.8/libmariadb/docs/mysql_use_result.md | 26 mariadb-11.8.8/libmariadb/docs/mysql_warning_count.md | 26 mariadb-11.8.8/libmariadb/docs/prerequisites.md | 20 mariadb-11.8.8/libmariadb/docs/ps_api.md | 47 mariadb-11.8.8/libmariadb/docs/restrictions_non_blocking.md | 13 mariadb-11.8.8/libmariadb/docs/rpl_api_example.md | 47 mariadb-11.8.8/libmariadb/docs/rpl_api_reference.md | 12 mariadb-11.8.8/libmariadb/docs/rpl_data_structures.md | 283 mariadb-11.8.8/libmariadb/docs/rpl_types_definitions.md | 104 mariadb-11.8.8/libmariadb/docs/types.md | 186 mariadb-11.8.8/libmariadb/include/ma_crypt.h | 9 mariadb-11.8.8/libmariadb/include/ma_global.h | 5 mariadb-11.8.8/libmariadb/include/mariadb_com.h | 2 mariadb-11.8.8/libmariadb/include/mariadb_rpl.h | 15 mariadb-11.8.8/libmariadb/libmariadb/CMakeLists.txt | 36 mariadb-11.8.8/libmariadb/libmariadb/ma_charset.c | 6 mariadb-11.8.8/libmariadb/libmariadb/ma_default.c | 95 mariadb-11.8.8/libmariadb/libmariadb/ma_password.c | 13 mariadb-11.8.8/libmariadb/libmariadb/ma_stmt_codec.c | 90 mariadb-11.8.8/libmariadb/libmariadb/mariadb_lib.c | 121 mariadb-11.8.8/libmariadb/libmariadb/mariadb_rpl.c | 76 mariadb-11.8.8/libmariadb/libmariadb/mariadb_stmt.c | 28 mariadb-11.8.8/libmariadb/libmariadb/secure/schannel.c | 5 mariadb-11.8.8/libmariadb/plugins/auth/CMakeLists.txt | 2 mariadb-11.8.8/libmariadb/plugins/auth/ed25519.c | 6 mariadb-11.8.8/libmariadb/plugins/auth/my_auth.c | 31 mariadb-11.8.8/libmariadb/plugins/auth/parsec.c | 5 mariadb-11.8.8/libmariadb/plugins/auth/ref10/keypair.c | 3 mariadb-11.8.8/libmariadb/plugins/auth/ref10/open.c | 3 mariadb-11.8.8/libmariadb/plugins/auth/ref10/sign.c | 9 mariadb-11.8.8/libmariadb/plugins/io/CMakeLists.txt | 4 mariadb-11.8.8/libmariadb/unittest/libmariadb/CMakeLists.txt | 16 mariadb-11.8.8/libmariadb/unittest/libmariadb/async.c | 3 mariadb-11.8.8/libmariadb/unittest/libmariadb/charset.c | 46 mariadb-11.8.8/libmariadb/unittest/libmariadb/connection.c | 185 mariadb-11.8.8/libmariadb/unittest/libmariadb/misc.c | 2 mariadb-11.8.8/libmariadb/unittest/libmariadb/my_test.h | 24 mariadb-11.8.8/libmariadb/unittest/libmariadb/ps.c | 100 mariadb-11.8.8/libmariadb/unittest/libmariadb/ps_bugs.c | 48 mariadb-11.8.8/libmariadb/unittest/libmariadb/rpl_api.c | 283 mariadb-11.8.8/libmysqld/CMakeLists.txt | 2 mariadb-11.8.8/libmysqld/libmysql.c | 6 mariadb-11.8.8/mariadb-plugin-columnstore.install.generated | 1 mariadb-11.8.8/mysql-test/CMakeLists.txt | 5 mariadb-11.8.8/mysql-test/include/varchar.inc | 3 mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process.cc | 3 mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process_win.cc | 2 mariadb-11.8.8/mysql-test/lib/generate-ssl-certs.sh | 4 mariadb-11.8.8/mysql-test/lib/mtr_cases.pm | 2 mariadb-11.8.8/mysql-test/main/alter_table.result | 23 mariadb-11.8.8/mysql-test/main/alter_table.test | 26 mariadb-11.8.8/mysql-test/main/alter_table_errors.result | 13 mariadb-11.8.8/mysql-test/main/alter_table_errors.test | 16 mariadb-11.8.8/mysql-test/main/analyze_format_json.result | 79 mariadb-11.8.8/mysql-test/main/analyze_format_json.test | 16 mariadb-11.8.8/mysql-test/main/analyze_format_json_timings.result | 4 mariadb-11.8.8/mysql-test/main/bad_user_table.result | 30 mariadb-11.8.8/mysql-test/main/bad_user_table.test | 50 mariadb-11.8.8/mysql-test/main/case.result | 38 mariadb-11.8.8/mysql-test/main/case.test | 37 mariadb-11.8.8/mysql-test/main/create.result | 13 mariadb-11.8.8/mysql-test/main/create.test | 17 mariadb-11.8.8/mysql-test/main/cte_recursive.result | 4 mariadb-11.8.8/mysql-test/main/ctype_binary.result | 12 mariadb-11.8.8/mysql-test/main/ctype_cp1251.result | 12 mariadb-11.8.8/mysql-test/main/ctype_latin1.result | 12 mariadb-11.8.8/mysql-test/main/ctype_ucs.result | 12 mariadb-11.8.8/mysql-test/main/ctype_utf8.result | 12 mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.result | 14 mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.test | 20 mariadb-11.8.8/mysql-test/main/ddl_i18n_koi8r.result | 36 mariadb-11.8.8/mysql-test/main/ddl_i18n_utf8.result | 36 mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.result | 39 mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.test | 20 mariadb-11.8.8/mysql-test/main/derived_split_innodb.result | 2 mariadb-11.8.8/mysql-test/main/dyncol.result | 13 mariadb-11.8.8/mysql-test/main/dyncol.test | 18 mariadb-11.8.8/mysql-test/main/empty_user_table.result | 16 mariadb-11.8.8/mysql-test/main/empty_user_table.test | 36 mariadb-11.8.8/mysql-test/main/events_processlist.result | 22 mariadb-11.8.8/mysql-test/main/events_processlist.test | 53 mariadb-11.8.8/mysql-test/main/explain_json.result | 6 mariadb-11.8.8/mysql-test/main/func_equal.result | 10 mariadb-11.8.8/mysql-test/main/func_equal.test | 13 mariadb-11.8.8/mysql-test/main/func_gconcat.result | 18 mariadb-11.8.8/mysql-test/main/func_gconcat.test | 12 mariadb-11.8.8/mysql-test/main/func_hybrid_type.result | 46 mariadb-11.8.8/mysql-test/main/func_json.result | 177 mariadb-11.8.8/mysql-test/main/func_json.test | 113 mariadb-11.8.8/mysql-test/main/func_json_notembedded.result | 2 mariadb-11.8.8/mysql-test/main/func_json_notembedded.test | 2 mariadb-11.8.8/mysql-test/main/func_math.result | 243 mariadb-11.8.8/mysql-test/main/func_math.test | 157 mariadb-11.8.8/mysql-test/main/func_str.result | 47 mariadb-11.8.8/mysql-test/main/func_str.test | 37 mariadb-11.8.8/mysql-test/main/gis-json.result | 19 mariadb-11.8.8/mysql-test/main/gis-json.test | 11 mariadb-11.8.8/mysql-test/main/gis-precise.result | 14 mariadb-11.8.8/mysql-test/main/gis-precise.test | 10 mariadb-11.8.8/mysql-test/main/gis-rtree.result | 6 mariadb-11.8.8/mysql-test/main/gis-rtree.test | 6 mariadb-11.8.8/mysql-test/main/gis.result | 99 mariadb-11.8.8/mysql-test/main/gis.test | 61 mariadb-11.8.8/mysql-test/main/grant5.result | 22 mariadb-11.8.8/mysql-test/main/grant5.test | 26 mariadb-11.8.8/mysql-test/main/grant_server.result | 23 mariadb-11.8.8/mysql-test/main/grant_server.test | 29 mariadb-11.8.8/mysql-test/main/group_by.test | 1 mariadb-11.8.8/mysql-test/main/having.result | 24 mariadb-11.8.8/mysql-test/main/having.test | 25 mariadb-11.8.8/mysql-test/main/innodb_group.result | 16 mariadb-11.8.8/mysql-test/main/innodb_group.test | 16 mariadb-11.8.8/mysql-test/main/intersect.result | 6 mariadb-11.8.8/mysql-test/main/join_cache_debug.result | 2 mariadb-11.8.8/mysql-test/main/limit_rows_examined.result | 14 mariadb-11.8.8/mysql-test/main/limit_rows_examined.test | 12 mariadb-11.8.8/mysql-test/main/lock_view.result | 14 mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.result | 822 mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.test | 603 mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.result | 17 mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.test | 83 mariadb-11.8.8/mysql-test/main/mdev-33070.cnf | 7 mariadb-11.8.8/mysql-test/main/mdev-33070.opt | 1 mariadb-11.8.8/mysql-test/main/mdev-33070.result | 35 mariadb-11.8.8/mysql-test/main/mdev-33070.test | 83 mariadb-11.8.8/mysql-test/main/mdev_38998.result | 29 mariadb-11.8.8/mysql-test/main/mdev_38998.test | 26 mariadb-11.8.8/mysql-test/main/mdev_39118-win.cnf | 4 mariadb-11.8.8/mysql-test/main/mdev_39118-win.result | 6 mariadb-11.8.8/mysql-test/main/mdev_39118-win.test | 9 mariadb-11.8.8/mysql-test/main/mdev_39118.cnf | 4 mariadb-11.8.8/mysql-test/main/mdev_39118.result | 6 mariadb-11.8.8/mysql-test/main/mdev_39118.test | 9 mariadb-11.8.8/mysql-test/main/metadata.result | 4 mariadb-11.8.8/mysql-test/main/mix2_myisam.result | 5 mariadb-11.8.8/mysql-test/main/mrr_icp_extra.result | 5 mariadb-11.8.8/mysql-test/main/myisam.result | 5 mariadb-11.8.8/mysql-test/main/myisam_enable_keys-10506.result | 2 mariadb-11.8.8/mysql-test/main/mysql-interactive.result | 63 mariadb-11.8.8/mysql-test/main/mysql-interactive.test | 52 mariadb-11.8.8/mysql-test/main/mysql_upgrade.result | 15 mariadb-11.8.8/mysql-test/main/mysql_upgrade.test | 22 mariadb-11.8.8/mysql-test/main/mysqlbinlog.result | 20 mariadb-11.8.8/mysql-test/main/mysqlbinlog.test | 8 mariadb-11.8.8/mysql-test/main/mysqlcheck.result | 8 mariadb-11.8.8/mysql-test/main/mysqlcheck.test | 9 mariadb-11.8.8/mysql-test/main/mysqld--help-aria.result | 2 mariadb-11.8.8/mysql-test/main/mysqld--help.result | 3 mariadb-11.8.8/mysql-test/main/mysqldump-compat-102.result | 3 mariadb-11.8.8/mysql-test/main/mysqldump-nl.result | 5 mariadb-11.8.8/mysql-test/main/mysqldump.result | 161 mariadb-11.8.8/mysql-test/main/mysqldump.test | 81 mariadb-11.8.8/mysql-test/main/mysqltest.result | 11 mariadb-11.8.8/mysql-test/main/mysqltest.test | 23 mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.result | 26 mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.test | 73 mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.result | 9 mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.test | 10 mariadb-11.8.8/mysql-test/main/opt_trace.result | 61 mariadb-11.8.8/mysql-test/main/opt_trace.test | 43 mariadb-11.8.8/mysql-test/main/order_by_limit_join.result | 155 mariadb-11.8.8/mysql-test/main/order_by_limit_join.test | 82 mariadb-11.8.8/mysql-test/main/outfile.test | 37 mariadb-11.8.8/mysql-test/main/parser.result | 14 mariadb-11.8.8/mysql-test/main/parser.test | 17 mariadb-11.8.8/mysql-test/main/partition_grant.result | 91 mariadb-11.8.8/mysql-test/main/partition_grant.test | 84 mariadb-11.8.8/mysql-test/main/ps_mem_leaks.result | 52 mariadb-11.8.8/mysql-test/main/ps_mem_leaks.test | 57 mariadb-11.8.8/mysql-test/main/query_cache.result | 34 mariadb-11.8.8/mysql-test/main/query_cache.test | 51 mariadb-11.8.8/mysql-test/main/rowid_filter_innodb.result | 4 mariadb-11.8.8/mysql-test/main/sargable_date_cond.result | 2 mariadb-11.8.8/mysql-test/main/set_operation_oracle.result | 69 mariadb-11.8.8/mysql-test/main/set_operation_oracle.test | 47 mariadb-11.8.8/mysql-test/main/skip_grants.result | 41 mariadb-11.8.8/mysql-test/main/skip_grants.test | 8 mariadb-11.8.8/mysql-test/main/socket_conflict.result | 17 mariadb-11.8.8/mysql-test/main/socket_conflict.test | 60 mariadb-11.8.8/mysql-test/main/sp-error.result | 7 mariadb-11.8.8/mysql-test/main/sp-error.test | 11 mariadb-11.8.8/mysql-test/main/sp-security.result | 35 mariadb-11.8.8/mysql-test/main/sp-security.test | 25 mariadb-11.8.8/mysql-test/main/subselect_nulls.result | 47 mariadb-11.8.8/mysql-test/main/subselect_nulls.test | 45 mariadb-11.8.8/mysql-test/main/temp_table.result | 21 mariadb-11.8.8/mysql-test/main/temp_table.test | 17 mariadb-11.8.8/mysql-test/main/trigger-33083.result | 76 mariadb-11.8.8/mysql-test/main/trigger-33083.test | 92 mariadb-11.8.8/mysql-test/main/trigger.result | 5 mariadb-11.8.8/mysql-test/main/trigger_notembedded.result | 6 mariadb-11.8.8/mysql-test/main/trigger_wl3253.result | 21 mariadb-11.8.8/mysql-test/main/type_enum.result | 13 mariadb-11.8.8/mysql-test/main/type_enum.test | 13 mariadb-11.8.8/mysql-test/main/type_newdecimal.result | 32 mariadb-11.8.8/mysql-test/main/type_newdecimal.test | 22 mariadb-11.8.8/mysql-test/main/union.result | 8 mariadb-11.8.8/mysql-test/main/vector.result | 17 mariadb-11.8.8/mysql-test/main/vector.test | 18 mariadb-11.8.8/mysql-test/main/vector_funcs.result | 10 mariadb-11.8.8/mysql-test/main/vector_funcs.test | 7 mariadb-11.8.8/mysql-test/main/vector_innodb.result | 12 mariadb-11.8.8/mysql-test/main/vector_innodb.test | 13 mariadb-11.8.8/mysql-test/main/view.result | 19 mariadb-11.8.8/mysql-test/main/view.test | 13 mariadb-11.8.8/mysql-test/main/win_orderby.result | 48 mariadb-11.8.8/mysql-test/main/win_orderby.test | 30 mariadb-11.8.8/mysql-test/main/xml.result | 92 mariadb-11.8.8/mysql-test/main/xml.test | 74 mariadb-11.8.8/mysql-test/mariadb-test-run.pl | 11 mariadb-11.8.8/mysql-test/mtr.out-of-source | 9 mariadb-11.8.8/mysql-test/std_data/galera-cert.pem | 87 mariadb-11.8.8/mysql-test/std_data/galera-key.pem | 28 mariadb-11.8.8/mysql-test/std_data/galera-upgrade-ca-cert.pem | 32 mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-cert.pem | 87 mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-key.pem | 28 mariadb-11.8.8/mysql-test/std_data/ldml/Index.xml | 5 mariadb-11.8.8/mysql-test/std_data/server-new-cert.pem | 205 mariadb-11.8.8/mysql-test/std_data/server-new-key.pem | 103 mariadb-11.8.8/mysql-test/std_data/upgrade/user-100625-utf8mb3.frm | 16 mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_row_mix_innodb_myisam.result | 2 mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_show_binlog_events_session_variables.result | 9 mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result | 2 mariadb-11.8.8/mysql-test/suite/binlog/r/foreign_key.result | 2 mariadb-11.8.8/mysql-test/suite/binlog/t/binlog_show_binlog_events_session_variables.test | 25 mariadb-11.8.8/mysql-test/suite/binlog_encryption/rpl_typeconv.result | 2 mariadb-11.8.8/mysql-test/suite/compat/oracle/r/func_to_char.result | 11 mariadb-11.8.8/mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result | 8 mariadb-11.8.8/mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result | 12 mariadb-11.8.8/mysql-test/suite/compat/oracle/t/func_to_char.test | 8 mariadb-11.8.8/mysql-test/suite/encryption/t/innodb-first-page-read.opt | 5 mariadb-11.8.8/mysql-test/suite/engines/iuds/r/insert_decimal.result | 4 mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-22232.result | 4 mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30418.result | 2 mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30612.result | 11 mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39011.result | 23 mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39685.result | 13 mariadb-11.8.8/mysql-test/suite/galera/r/galera_fk_truncate.result | 10 mariadb-11.8.8/mysql-test/suite/galera/r/galera_galera_info.result | 17 mariadb-11.8.8/mysql-test/suite/galera/r/galera_max_ws_rows.result | 112 mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key_server.result | 24 mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump,debug.rdiff | 193 mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_debug.result | 381 mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_with_key,debug.rdiff | 193 mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key_server.result | 27 mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_max_ws_rows.result | 1 mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_donor.result | 30 mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_method.result | 44 mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_receive_address.result | 17 mariadb-11.8.8/mysql-test/suite/galera/r/galera_wsrep_notify_cmd_injection.result | 10 mariadb-11.8.8/mysql-test/suite/galera/t/GCF-360.cnf | 15 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-22232.test | 4 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30418.test | 9 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30612.test | 17 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.cnf | 7 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.test | 54 mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39685.test | 18 mariadb-11.8.8/mysql-test/suite/galera/t/galera_as_slave_replay.cnf | 2 mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.cnf | 9 mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.test | 16 mariadb-11.8.8/mysql-test/suite/galera/t/galera_galera_info.test | 27 mariadb-11.8.8/mysql-test/suite/galera/t/galera_max_ws_rows.test | 104 mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.cnf | 4 mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.test | 6 mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.cnf | 4 mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.test | 6 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test | 59 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump.test | 1 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.cnf | 10 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.test | 17 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_with_key.test | 1 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf | 13 mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.test | 99 mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_max_ws_rows.test | 1 mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_donor.test | 27 mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_method.test | 36 mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_receive_address.test | 26 mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.cnf | 10 mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.test | 30 mariadb-11.8.8/mysql-test/suite/galera_3nodes/r/MDEV-36360.result | 3 mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/MDEV-36360.test | 10 mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.cnf | 4 mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.test | 2 mariadb-11.8.8/mysql-test/suite/gcol/r/innodb_virtual_basic.result | 14 mariadb-11.8.8/mysql-test/suite/gcol/t/innodb_virtual_basic.test | 5 mariadb-11.8.8/mysql-test/suite/handler/heap.result | 6 mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.result | 16 mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.test | 38 mariadb-11.8.8/mysql-test/suite/innodb/include/check_core_dump_trim.inc | 104 mariadb-11.8.8/mysql-test/suite/innodb/r/alter_algorithm.result | 58 mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_bulk.result | 11 mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_stats.result | 16 mariadb-11.8.8/mysql-test/suite/innodb/r/alter_crash.result | 32 mariadb-11.8.8/mysql-test/suite/innodb/r/autoinc_import.result | 32 mariadb-11.8.8/mysql-test/suite/innodb/r/buffer_pool_in_core_dump.result | 31 mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key.result | 31 mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key_not_windows.result | 11 mariadb-11.8.8/mysql-test/suite/innodb/r/import_cfg_corrupt.result | 71 mariadb-11.8.8/mysql-test/suite/innodb/r/innodb.result | 5 mariadb-11.8.8/mysql-test/suite/innodb/r/innodb_ctype_ldml.result | 8 mariadb-11.8.8/mysql-test/suite/innodb/r/lock_isolation.result | 34 mariadb-11.8.8/mysql-test/suite/innodb/r/log_corruption_recovery.result | 2 mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size,release.rdiff | 37 mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size.result | 19 mariadb-11.8.8/mysql-test/suite/innodb/r/mem_pressure,32bit.rdiff | 2 mariadb-11.8.8/mysql-test/suite/innodb/r/snapshot_isolation_race.result | 37 mariadb-11.8.8/mysql-test/suite/innodb/r/stat_tables.result | 13 mariadb-11.8.8/mysql-test/suite/innodb/r/sys_defragment_fail.result | 1 mariadb-11.8.8/mysql-test/suite/innodb/r/sys_truncate_debug.result | 39 mariadb-11.8.8/mysql-test/suite/innodb/r/table_flags.result | 9 mariadb-11.8.8/mysql-test/suite/innodb/r/undo_upgrade_debug.result | 4 mariadb-11.8.8/mysql-test/suite/innodb/r/xa_recovery.result | 1 mariadb-11.8.8/mysql-test/suite/innodb/t/alter_algorithm.inc | 15 mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_bulk.test | 5 mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_stats.test | 19 mariadb-11.8.8/mysql-test/suite/innodb/t/alter_crash.test | 34 mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.opt | 2 mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.test | 56 mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key.test | 25 mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key_not_windows.test | 12 mariadb-11.8.8/mysql-test/suite/innodb/t/import_cfg_corrupt.test | 220 mariadb-11.8.8/mysql-test/suite/innodb/t/innodb_ctype_ldml.test | 6 mariadb-11.8.8/mysql-test/suite/innodb/t/lock_isolation.test | 32 mariadb-11.8.8/mysql-test/suite/innodb/t/log_corruption_recovery.test | 2 mariadb-11.8.8/mysql-test/suite/innodb/t/log_file_size.test | 23 mariadb-11.8.8/mysql-test/suite/innodb/t/snapshot_isolation_race.test | 58 mariadb-11.8.8/mysql-test/suite/innodb/t/stat_tables.test | 14 mariadb-11.8.8/mysql-test/suite/innodb/t/sys_defragment_fail.test | 2 mariadb-11.8.8/mysql-test/suite/innodb/t/sys_truncate_debug.test | 42 mariadb-11.8.8/mysql-test/suite/innodb/t/table_flags.test | 9 mariadb-11.8.8/mysql-test/suite/innodb/t/undo_upgrade_debug.test | 10 mariadb-11.8.8/mysql-test/suite/innodb/t/xa_recovery.test | 6 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/1.result | 2 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/alter_spatial_index.result | 15 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/create_spatial_index.result | 8 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/gis.result | 2 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result | 6 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/point_big.result | 6 mariadb-11.8.8/mysql-test/suite/innodb_gis/r/rtree_add_index.result | 2 mariadb-11.8.8/mysql-test/suite/innodb_gis/t/1.test | 2 mariadb-11.8.8/mysql-test/suite/innodb_gis/t/gis.test | 2 mariadb-11.8.8/mysql-test/suite/innodb_gis/t/rtree_add_index.test | 2 mariadb-11.8.8/mysql-test/suite/json/r/json_table_notembedded.result | 2 mariadb-11.8.8/mysql-test/suite/json/t/json_table_notembedded.test | 2 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.result | 6 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.test | 6 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.result | 6 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.test | 6 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.result | 6 mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.test | 6 mariadb-11.8.8/mysql-test/suite/maria/maria.result | 5 mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.result | 9 mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.test | 24 mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.result | 9 mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.test | 13 mariadb-11.8.8/mysql-test/suite/mariabackup/xb_fulltext_encrypted.test | 2 mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.result | 5 mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.test | 8 mariadb-11.8.8/mysql-test/suite/merge/merge.result | 77 mariadb-11.8.8/mysql-test/suite/merge/merge.test | 72 mariadb-11.8.8/mysql-test/suite/parts/r/alter_table.result | 24 mariadb-11.8.8/mysql-test/suite/parts/r/partition_alter_innodb.result | 9 mariadb-11.8.8/mysql-test/suite/parts/t/alter_table.test | 26 mariadb-11.8.8/mysql-test/suite/parts/t/partition_alter_innodb.test | 10 mariadb-11.8.8/mysql-test/suite/perfschema/r/sxlock_func.result | 2 mariadb-11.8.8/mysql-test/suite/perfschema/r/table_schema.result | 4 mariadb-11.8.8/mysql-test/suite/perfschema/r/threads_mysql.result | 12 mariadb-11.8.8/mysql-test/suite/plugins/r/feedback_os_release.result | 5 mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38431.result | 3 mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38550.result | 45 mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.opt | 2 mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.test | 68 mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38431.test | 2 mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38550.test | 64 mariadb-11.8.8/mysql-test/suite/plugins/t/show_all_plugins.test | 1 mariadb-11.8.8/mysql-test/suite/roles/definer.result | 58 mariadb-11.8.8/mysql-test/suite/rpl/include/check_slave_skip_errors.inc | 23 mariadb-11.8.8/mysql-test/suite/rpl/include/check_type.inc | 6 mariadb-11.8.8/mysql-test/suite/rpl/r/binlog_check_constraint_checks_flag.result | 24 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_alter_rollback.result | 4 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_change_master_implicit_gtid_warning.result | 36 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_from_mysql80.result | 4 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_gtid_excess_initial_delay.result | 2 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_heartbeat_basic.result | 12 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev382.result | 2 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38731.result | 20 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38734.result | 17 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_read_old_relay_log_info.result | 7 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_skip_error.result | 3 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_temporary_error2_skip_all.result | 3 mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_typeconv.result | 2 mariadb-11.8.8/mysql-test/suite/rpl/t/binlog_check_constraint_checks_flag.test | 36 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_change_master_implicit_gtid_warning.test | 52 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_gtid_excess_initial_delay.test | 9 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_heartbeat_basic.test | 16 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38731.test | 21 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38734.test | 21 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_memory_engine_truncate_on_restart.test | 2 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_read_old_relay_log_info.test | 25 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_row_foreign_key_mdl.test | 1 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error-slave.opt | 2 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error.test | 2 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2.test | 5 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2_skip_all.test | 1 mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_typeconv.test | 4 mariadb-11.8.8/mysql-test/suite/s3/debug.result | 4 mariadb-11.8.8/mysql-test/suite/sql_sequence/create.result | 4 mariadb-11.8.8/mysql-test/suite/sql_sequence/create.test | 9 mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.result | 23 mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.test | 12 mariadb-11.8.8/mysql-test/suite/sql_sequence/next.result | 11 mariadb-11.8.8/mysql-test/suite/sql_sequence/next.test | 13 mariadb-11.8.8/mysql-test/suite/sql_sequence/other.result | 6 mariadb-11.8.8/mysql-test/suite/sql_sequence/other.test | 6 mariadb-11.8.8/mysql-test/suite/sys_vars/r/group_concat_max_len_func.result | 24 mariadb-11.8.8/mysql-test/suite/sys_vars/r/innodb_buffer_pool_in_core_dump_basic.result | 24 mariadb-11.8.8/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result | 8 mariadb-11.8.8/mysql-test/suite/sys_vars/r/session_track_system_variables_basic.result | 102 mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit.rdiff | 87 mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb.result | 14 mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result | 2 mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result | 2 mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_wsrep.result | 2 mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_slave_fk_checks_basic.result | 12 mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_sst_receive_address_basic.result | 19 mariadb-11.8.8/mysql-test/suite/sys_vars/t/group_concat_max_len_func.test | 10 mariadb-11.8.8/mysql-test/suite/sys_vars/t/innodb_buffer_pool_in_core_dump_basic.test | 31 mariadb-11.8.8/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test | 10 mariadb-11.8.8/mysql-test/suite/sys_vars/t/session_track_system_variables_basic.test | 87 mariadb-11.8.8/mysql-test/suite/sys_vars/t/sysvars_innodb.test | 2 mariadb-11.8.8/mysql-test/suite/sys_vars/t/wsrep_sst_receive_address_basic.test | 9 mariadb-11.8.8/mysql-test/suite/sysschema/r/pr_ps_setup_show_enabled.result | 2 mariadb-11.8.8/mysql-test/suite/sysschema/r/v_metrics.result | 2 mariadb-11.8.8/mysql-test/suite/sysschema/r/v_ps_check_lost_instrumentation.result | 2 mariadb-11.8.8/mysql-test/suite/sysschema/r/v_schema_redundant_indexes.result | 4 mariadb-11.8.8/mysql-test/suite/vcol/r/races.result | 14 mariadb-11.8.8/mysql-test/suite/vcol/r/vcol_keys_innodb.result | 20 mariadb-11.8.8/mysql-test/suite/vcol/t/races.test | 56 mariadb-11.8.8/mysql-test/suite/vcol/t/vcol_keys_innodb.test | 22 mariadb-11.8.8/mysql-test/suite/versioning/r/partition.result | 13 mariadb-11.8.8/mysql-test/suite/versioning/t/partition.test | 16 mariadb-11.8.8/mysql-test/suite/wsrep/r/variables.result | 2 mariadb-11.8.8/mysql-test/suite/wsrep/r/variables_debug.result | 2 mariadb-11.8.8/mysql-test/suite/wsrep/r/wsrep_provider_plugin_defaults.result | 14 mariadb-11.8.8/mysql-test/suite/wsrep/t/variables.test | 2 mariadb-11.8.8/mysql-test/suite/wsrep/t/variables_debug.test | 2 mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_protocol_versions.test | 2 mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_provider_plugin.test | 2 mariadb-11.8.8/mysys/file_logger.c | 12 mariadb-11.8.8/mysys/ma_dyncol.c | 10 mariadb-11.8.8/mysys/mf_getdate.c | 47 mariadb-11.8.8/mysys/mf_path.c | 4 mariadb-11.8.8/mysys/my_atomic_writes.c | 5 mariadb-11.8.8/mysys/my_copy.c | 2 mariadb-11.8.8/mysys/my_default.c | 17 mariadb-11.8.8/mysys/my_file.c | 24 mariadb-11.8.8/mysys/my_getopt.c | 2 mariadb-11.8.8/mysys/my_getwd.c | 2 mariadb-11.8.8/mysys/my_largepage.c | 11 mariadb-11.8.8/mysys/my_lib.c | 14 mariadb-11.8.8/mysys/my_open.c | 3 mariadb-11.8.8/mysys/my_redel.c | 3 mariadb-11.8.8/mysys/my_symlink.c | 19 mariadb-11.8.8/mysys/my_virtual_mem.c | 21 mariadb-11.8.8/mysys/testhash.c | 10 mariadb-11.8.8/plugin/auth_mysql_sha2/mysql_sha2.c | 2 mariadb-11.8.8/plugin/auth_pam/testing/CMakeLists.txt | 9 mariadb-11.8.8/plugin/auth_pam/testing/mariadb_mtr.conf | 2 mariadb-11.8.8/plugin/auth_parsec/server_parsec.cc | 2 mariadb-11.8.8/plugin/feedback/feedback.cc | 2 mariadb-11.8.8/plugin/feedback/utils.cc | 73 mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/suite.pm | 15 mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test | 2 mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_plugin.inc | 1 mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test | 2 mariadb-11.8.8/plugin/type_inet/sql_type_inet.cc | 2 mariadb-11.8.8/scripts/galera_new_cluster.sh | 2 mariadb-11.8.8/scripts/mariadb_system_tables_fix.sql | 15 mariadb-11.8.8/scripts/wsrep_sst_common.sh | 9 mariadb-11.8.8/scripts/wsrep_sst_mariabackup.sh | 14 mariadb-11.8.8/scripts/wsrep_sst_rsync.sh | 7 mariadb-11.8.8/sql-common/my_user.c | 2 mariadb-11.8.8/sql/field.cc | 22 mariadb-11.8.8/sql/filesort.cc | 2 mariadb-11.8.8/sql/gcalc_slicescan.cc | 57 mariadb-11.8.8/sql/gcalc_slicescan.h | 3 mariadb-11.8.8/sql/gcalc_tools.cc | 8 mariadb-11.8.8/sql/ha_partition.cc | 13 mariadb-11.8.8/sql/ha_partition.h | 4 mariadb-11.8.8/sql/ha_sequence.h | 4 mariadb-11.8.8/sql/handler.cc | 15 mariadb-11.8.8/sql/handler.h | 104 mariadb-11.8.8/sql/item.cc | 56 mariadb-11.8.8/sql/item.h | 30 mariadb-11.8.8/sql/item_cmpfunc.h | 24 mariadb-11.8.8/sql/item_geofunc.cc | 109 mariadb-11.8.8/sql/item_jsonfunc.cc | 118 mariadb-11.8.8/sql/item_jsonfunc.h | 17 mariadb-11.8.8/sql/item_strfunc.cc | 15 mariadb-11.8.8/sql/item_strfunc.h | 7 mariadb-11.8.8/sql/item_subselect.cc | 8 mariadb-11.8.8/sql/item_sum.cc | 11 mariadb-11.8.8/sql/item_timefunc.cc | 24 mariadb-11.8.8/sql/item_vectorfunc.h | 5 mariadb-11.8.8/sql/item_windowfunc.cc | 3 mariadb-11.8.8/sql/item_windowfunc.h | 10 mariadb-11.8.8/sql/json_table.cc | 2 mariadb-11.8.8/sql/lex_ident.h | 31 mariadb-11.8.8/sql/log.cc | 48 mariadb-11.8.8/sql/log.h | 6 mariadb-11.8.8/sql/log_event.cc | 8 mariadb-11.8.8/sql/log_event.h | 20 mariadb-11.8.8/sql/log_event_client.cc | 32 mariadb-11.8.8/sql/log_event_server.cc | 28 mariadb-11.8.8/sql/mdl.h | 9 mariadb-11.8.8/sql/multi_range_read.cc | 2 mariadb-11.8.8/sql/my_decimal.cc | 12 mariadb-11.8.8/sql/my_json_writer.cc | 17 mariadb-11.8.8/sql/my_json_writer.h | 12 mariadb-11.8.8/sql/mysql_upgrade_service.cc | 8 mariadb-11.8.8/sql/mysqld.cc | 123 mariadb-11.8.8/sql/mysqld.h | 7 mariadb-11.8.8/sql/opt_range.cc | 3 mariadb-11.8.8/sql/opt_subselect.cc | 13 mariadb-11.8.8/sql/opt_trace.cc | 14 mariadb-11.8.8/sql/password.c | 6 mariadb-11.8.8/sql/privilege.h | 1 mariadb-11.8.8/sql/protocol.cc | 10 mariadb-11.8.8/sql/proxy_protocol.cc | 13 mariadb-11.8.8/sql/rpl_gtid.cc | 37 mariadb-11.8.8/sql/rpl_gtid.h | 3 mariadb-11.8.8/sql/rpl_mi.cc | 29 mariadb-11.8.8/sql/rpl_rli.cc | 7 mariadb-11.8.8/sql/service_wsrep.cc | 4 mariadb-11.8.8/sql/session_tracker.cc | 60 mariadb-11.8.8/sql/session_tracker.h | 2 mariadb-11.8.8/sql/set_var.cc | 8 mariadb-11.8.8/sql/set_var.h | 10 mariadb-11.8.8/sql/share/charsets/Index.xml | 115 mariadb-11.8.8/sql/share/errmsg-utf8.txt | 36 mariadb-11.8.8/sql/slave.cc | 338 mariadb-11.8.8/sql/slave.h | 2 mariadb-11.8.8/sql/sp_instr.cc | 12 mariadb-11.8.8/sql/spatial.cc | 100 mariadb-11.8.8/sql/sql_acl.cc | 58 mariadb-11.8.8/sql/sql_admin.cc | 23 mariadb-11.8.8/sql/sql_alter.cc | 14 mariadb-11.8.8/sql/sql_base.cc | 91 mariadb-11.8.8/sql/sql_base.h | 2 mariadb-11.8.8/sql/sql_cache.cc | 83 mariadb-11.8.8/sql/sql_class.cc | 31 mariadb-11.8.8/sql/sql_class.h | 8 mariadb-11.8.8/sql/sql_const.h | 6 mariadb-11.8.8/sql/sql_db.cc | 2 mariadb-11.8.8/sql/sql_debug.h | 3 mariadb-11.8.8/sql/sql_derived.cc | 1 mariadb-11.8.8/sql/sql_explain.cc | 6 mariadb-11.8.8/sql/sql_insert.cc | 41 mariadb-11.8.8/sql/sql_lex.cc | 118 mariadb-11.8.8/sql/sql_lex.h | 12 mariadb-11.8.8/sql/sql_load.cc | 8 mariadb-11.8.8/sql/sql_parse.cc | 32 mariadb-11.8.8/sql/sql_partition.cc | 5 mariadb-11.8.8/sql/sql_plugin.cc | 95 mariadb-11.8.8/sql/sql_prepare.cc | 82 mariadb-11.8.8/sql/sql_profile.cc | 3 mariadb-11.8.8/sql/sql_repl.cc | 5 mariadb-11.8.8/sql/sql_select.cc | 32 mariadb-11.8.8/sql/sql_sequence.cc | 4 mariadb-11.8.8/sql/sql_servers.cc | 4 mariadb-11.8.8/sql/sql_show.cc | 60 mariadb-11.8.8/sql/sql_statistics.h | 2 mariadb-11.8.8/sql/sql_table.cc | 91 mariadb-11.8.8/sql/sql_test.cc | 44 mariadb-11.8.8/sql/sql_test.h | 33 mariadb-11.8.8/sql/sql_trigger.cc | 2 mariadb-11.8.8/sql/sql_tvc.cc | 4 mariadb-11.8.8/sql/sql_type.cc | 14 mariadb-11.8.8/sql/sql_type.h | 5 mariadb-11.8.8/sql/sql_type_geom.cc | 85 mariadb-11.8.8/sql/sql_union.cc | 16 mariadb-11.8.8/sql/sql_update.cc | 34 mariadb-11.8.8/sql/sql_view.cc | 16 mariadb-11.8.8/sql/sql_window.cc | 9 mariadb-11.8.8/sql/sql_yacc.yy | 112 mariadb-11.8.8/sql/sys_vars.cc | 24 mariadb-11.8.8/sql/sys_vars.inl | 16 mariadb-11.8.8/sql/table.cc | 67 mariadb-11.8.8/sql/table.h | 14 mariadb-11.8.8/sql/threadpool_generic.cc | 2 mariadb-11.8.8/sql/udf_example.c | 14 mariadb-11.8.8/sql/unireg.cc | 2 mariadb-11.8.8/sql/wsrep_applier.cc | 4 mariadb-11.8.8/sql/wsrep_high_priority_service.cc | 5 mariadb-11.8.8/sql/wsrep_mysqld.cc | 556 mariadb-11.8.8/sql/wsrep_mysqld.h | 26 mariadb-11.8.8/sql/wsrep_notify.cc | 41 mariadb-11.8.8/sql/wsrep_schema.cc | 218 mariadb-11.8.8/sql/wsrep_schema.h | 9 mariadb-11.8.8/sql/wsrep_sst.cc | 60 mariadb-11.8.8/sql/wsrep_var.cc | 85 mariadb-11.8.8/sql/wsrep_var.h | 2 mariadb-11.8.8/sql/wsrep_xid.h | 4 mariadb-11.8.8/sql/yy_mariadb.cc |34507 +++++----- mariadb-11.8.8/sql/yy_mariadb.hh | 10 mariadb-11.8.8/sql/yy_oracle.cc |32045 ++++----- mariadb-11.8.8/sql/yy_oracle.hh | 10 mariadb-11.8.8/storage/archive/ha_archive.cc | 14 mariadb-11.8.8/storage/archive/ha_archive.h | 8 mariadb-11.8.8/storage/columnstore/CMakeLists.txt | 1 mariadb-11.8.8/storage/columnstore/columnstore/.drone.jsonnet | 78 mariadb-11.8.8/storage/columnstore/columnstore/CMakeLists.txt | 4 mariadb-11.8.8/storage/columnstore/columnstore/VERSION | 2 mariadb-11.8.8/storage/columnstore/columnstore/build/bootstrap_mcs.sh | 2 mariadb-11.8.8/storage/columnstore/columnstore/build/build_cmapi.sh | 7 mariadb-11.8.8/storage/columnstore/columnstore/build/check_mcs_cli_docs.sh | 206 mariadb-11.8.8/storage/columnstore/columnstore/build/prepare_test_container.sh | 83 mariadb-11.8.8/storage/columnstore/columnstore/build/report_test_stage.sh | 13 mariadb-11.8.8/storage/columnstore/columnstore/build/run_mtr.sh | 24 mariadb-11.8.8/storage/columnstore/columnstore/build/run_regression.sh | 6 mariadb-11.8.8/storage/columnstore/columnstore/build/utils.sh | 24 mariadb-11.8.8/storage/columnstore/columnstore/cmake/boost.cmake | 2 mariadb-11.8.8/storage/columnstore/columnstore/cmake/selinux_policy.cmake | 18 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/CMakeLists.txt | 15 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmake/cmapi_misc.cmake | 60 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/controllers/endpoints.py | 197 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/invariant_checks.py | 6 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_cluster_tool/cluster_app.py | 13 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_node_control/models/node_config.py | 90 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements-dev.txt | 15 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.in | 2 mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.txt | 36 mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_deb.sh | 10 mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_rpm.sh | 11 mariadb-11.8.8/storage/columnstore/columnstore/datatypes/mcs_datatype.cpp | 10 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/CMakeLists.txt | 7 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/ddl.y | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackageproc/ddlpackageprocessor.h | 1 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/CMakeLists.txt | 7 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/vendordmlstatement.cpp | 4 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.cpp | 14 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.h | 55 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.cpp | 91 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.h | 5 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.cpp | 3 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/simplecolumn.cpp | 64 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/windowfunctioncolumn.h | 15 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/fifo.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_execplantojoblist.cpp | 151 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_subquery.cpp | 24 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.cpp | 203 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.h | 5 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/joblistfactory.cpp | 285 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/pdictionaryscan.cpp | 8 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/primitivemsg.h | 4 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerystep.h | 12 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerytransformer.cpp | 21 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tuple-bps.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.cpp | 2630 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.h | 170 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/CMakeLists.txt | 1 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/columnstore.cnf | 4 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_from_sub.cpp | 37 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs.cpp | 5 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_common.h | 20 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_ddl.cpp | 6 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan.cpp | 265 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan_walks.cpp | 6 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_impl_if.h | 6 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_opt_rewrites.cpp | 9 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_pushdown.cpp | 11 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_subquery.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_view.cpp | 8 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_window_function.cpp | 10 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/idb_mysql.h | 16 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/install_mcs_mysql.sh.in | 43 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore.h | 13 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore_partitions.cpp | 163 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/CMakeLists.txt | 3 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.cpp | 148 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.h | 41 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.cpp | 12 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.cpp | 592 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.h | 32 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.cpp | 5 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.h | 14 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.cpp | 8 mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.h | 75 mariadb-11.8.8/storage/columnstore/columnstore/docs/QueryAccelerator.md | 22 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/disabled.def | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-basic.result | 46 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-cyclic.result | 48 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-error-cases.result | 56 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-left-join-null-driving.result | 30 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-root.result | 36 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-table.result | 62 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multiple-recursive-references.result | 18 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-nested-subquery-anchor.result | 48 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-filter-level.result | 31 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-operations.result | 88 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-sequences.result | 65 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-test-linear-rec.result | 32 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-type-coercion-path.result | 37 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-6293-partitions-table.result | 12 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/group_by_ambiguous.result | 465 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcol-4525.result | 12 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs65_crossengine_order_by.result | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs87_alter_column.result | 4 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/suite.opt | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-basic.test | 47 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-cyclic.test | 37 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-error-cases.test | 92 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-left-join-null-driving.test | 34 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-root.test | 38 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-table.test | 74 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multiple-recursive-references.test | 27 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-nested-subquery-anchor.test | 55 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-filter-level.test | 37 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-operations.test | 109 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-sequences.test | 74 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-test-linear-rec.test | 35 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-type-coercion-path.test | 42 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-6293-partitions-table.test | 34 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/group_by_ambiguous.test | 489 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcol-4525.test | 5 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs65_crossengine_order_by.test | 2 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs87_alter_column.test | 5 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs88_import_export_csv.test | 4 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.result | 8 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.test | 8 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.result | 12 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.test | 26 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.result | 148 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.test | 179 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.result | 34 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.test | 54 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.opt | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.result | 2626 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.test | 170 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/disabled.def | 3 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-4778.result | 2 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.result | 9 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.test | 10 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/suite.opt | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/suite.opt | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7574_datatypetestm1.test | 4 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7575_datatypetestm2.test | 4 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.opt | 20 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.result | 75 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.test | 111 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.result | 14 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.test | 7 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/suite.opt | 1 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/include/have_queryacc_routines.inc | 6 mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/setup/regression_env_setup.test | 5 mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/blockrequestprocessor.cpp | 20 mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/stats.h | 10 mariadb-11.8.8/storage/columnstore/columnstore/primitives/linux-port/column.cpp | 19 mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/columncommand.cpp | 20 mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/primitiveserver.cpp | 10 mariadb-11.8.8/storage/columnstore/columnstore/storage-manager/CMakeLists.txt | 1 mariadb-11.8.8/storage/columnstore/columnstore/tests/scripts/run_mtr.sh | 15 mariadb-11.8.8/storage/columnstore/columnstore/tools/passwd/secrets.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/CMakeLists.txt | 2 mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/main.cpp | 18 mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.cpp | 287 mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.h | 48 mariadb-11.8.8/storage/columnstore/columnstore/utils/idbdatafile/CMakeLists.txt | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/asan.yml | 53 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/distcheck.yml | 25 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/docs.yml | 25 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/scanbuild.yml | 30 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/usan.yml | 53 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.gitignore | 1 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.readthedocs.yaml | 35 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/README.rst | 16 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/VERSION.txt | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/configure.ac | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/__init__.py | 99 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/breadcrumbs.html | 84 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/footer.html | 58 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/layout.html | 272 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.po | 206 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.po | 136 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.po | 201 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.po | 169 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.po | 166 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.po | 161 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.po | 169 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.po | 23 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.po | 23 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.po | 192 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.po | 188 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.po | 188 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.po | 137 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.po | 161 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.po | 191 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.po | 189 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sphinx.pot | 182 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.po | 151 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.po | 143 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.po | 188 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.po | 23 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/search.html | 16 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/searchbox.html | 6 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/badge_only.css | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.svg | 2671 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css | 6 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/badge_only.js | 1 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/theme.js | 48 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/versions.js_t | 125 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/theme.conf | 19 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/versions.html | 37 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/functions.rst | 32 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/types.rst | 22 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/appendix/version_history.rst | 22 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/libmarias3/marias3.h | 9 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/assume_role.c | 9 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/marias3.c | 30 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/request.c | 72 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/sha256_i.h | 14 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/structs.h | 3 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_host.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_no_type.c | 180 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/content_type.c | 148 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/copy.c | 8 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/custom_malloc.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/include.am | 10 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/large_file.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/list.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/longlist.c | 6 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/prefix.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/read_cb.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/small_buffer.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/snowman.c | 2 mariadb-11.8.8/storage/columnstore/columnstore/utils/loggingcpp/CMakeLists.txt | 6 mariadb-11.8.8/storage/columnstore/columnstore/utils/querystats/querystats.cpp | 1 mariadb-11.8.8/storage/columnstore/columnstore/utils/rowgroup/rowgroup.h | 1 mariadb-11.8.8/storage/columnstore/columnstore/utils/windowfunction/wf_stats.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmshmimpl.cpp | 15 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmtypes.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/dbrm.h | 1 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.cpp | 5 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.h | 8 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavecomm.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavenode.cpp | 6 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_bulkloadbuffer.cpp | 138 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_colextinf.h | 8 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfo.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfocompressed.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/server/we_ddlcommon.h | 1 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_blockop.cpp | 4 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_brm.cpp | 2 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_type.h | 2 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_typeext.h | 1 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.cpp | 90 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.h | 4 mariadb-11.8.8/storage/columnstore/columnstore/writeengine/wrapper/we_colop.cpp | 8 mariadb-11.8.8/storage/connect/CMakeLists.txt | 12 mariadb-11.8.8/storage/connect/LICENSE.Info-Zip | 58 mariadb-11.8.8/storage/connect/array.cpp | 2 mariadb-11.8.8/storage/connect/bson.cpp | 8 mariadb-11.8.8/storage/connect/bsonudf.cpp | 8 mariadb-11.8.8/storage/connect/cmgoconn.cpp | 4 mariadb-11.8.8/storage/connect/colblk.cpp | 4 mariadb-11.8.8/storage/connect/csort.cpp | 2 mariadb-11.8.8/storage/connect/domdoc.cpp | 2 mariadb-11.8.8/storage/connect/filamdbf.cpp | 2 mariadb-11.8.8/storage/connect/filamfix.cpp | 18 mariadb-11.8.8/storage/connect/filamgz.cpp | 2 mariadb-11.8.8/storage/connect/filamtxt.cpp | 4 mariadb-11.8.8/storage/connect/filamvct.cpp | 18 mariadb-11.8.8/storage/connect/filamzip.cpp | 2 mariadb-11.8.8/storage/connect/global.h | 2 mariadb-11.8.8/storage/connect/ha_connect.cc | 8 mariadb-11.8.8/storage/connect/ints.h | 57 mariadb-11.8.8/storage/connect/ioapi.c | 6 mariadb-11.8.8/storage/connect/ioapi.h | 47 mariadb-11.8.8/storage/connect/javaconn.cpp | 3 mariadb-11.8.8/storage/connect/jdbconn.cpp | 11 mariadb-11.8.8/storage/connect/json.cpp | 8 mariadb-11.8.8/storage/connect/jsonudf.cpp | 8 mariadb-11.8.8/storage/connect/libdoc.cpp | 2 mariadb-11.8.8/storage/connect/macutil.cpp | 9 mariadb-11.8.8/storage/connect/myconn.cpp | 19 mariadb-11.8.8/storage/connect/mysql-test/connect/disabled.def | 1 mariadb-11.8.8/storage/connect/mysql-test/connect/r/csv.result | 36 mariadb-11.8.8/storage/connect/mysql-test/connect/r/ini.result | 24 mariadb-11.8.8/storage/connect/mysql-test/connect/r/jdbc.result | 103 mariadb-11.8.8/storage/connect/mysql-test/connect/r/odbc_sqlite3.result | 20 mariadb-11.8.8/storage/connect/mysql-test/connect/r/oem.result | 12 mariadb-11.8.8/storage/connect/mysql-test/connect/r/rest.result | 8 mariadb-11.8.8/storage/connect/mysql-test/connect/t/bson_udf.test | 1 mariadb-11.8.8/storage/connect/mysql-test/connect/t/csv.test | 18 mariadb-11.8.8/storage/connect/mysql-test/connect/t/grant.test | 2 mariadb-11.8.8/storage/connect/mysql-test/connect/t/have_odbc_sqlite3.inc | 2 mariadb-11.8.8/storage/connect/mysql-test/connect/t/ini.test | 12 mariadb-11.8.8/storage/connect/mysql-test/connect/t/jdbc.test | 3 mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf.test | 1 mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf_bin.test | 1 mariadb-11.8.8/storage/connect/mysql-test/connect/t/odbc_sqlite3.test | 19 mariadb-11.8.8/storage/connect/mysql-test/connect/t/oem.test | 26 mariadb-11.8.8/storage/connect/mysql-test/connect/t/rest.test | 14 mariadb-11.8.8/storage/connect/odbconn.cpp | 7 mariadb-11.8.8/storage/connect/plgdbutl.cpp | 4 mariadb-11.8.8/storage/connect/plugutil.cpp | 3 mariadb-11.8.8/storage/connect/rcmsg.c | 4 mariadb-11.8.8/storage/connect/reldef.cpp | 22 mariadb-11.8.8/storage/connect/restget.cpp | 2 mariadb-11.8.8/storage/connect/skipset.h | 366 mariadb-11.8.8/storage/connect/tabcol.cpp | 6 mariadb-11.8.8/storage/connect/tabdos.cpp | 6 mariadb-11.8.8/storage/connect/tabext.cpp | 8 mariadb-11.8.8/storage/connect/tabfix.cpp | 22 mariadb-11.8.8/storage/connect/tabfix.h | 5 mariadb-11.8.8/storage/connect/tabfmt.cpp | 2 mariadb-11.8.8/storage/connect/tabjdbc.cpp | 2 mariadb-11.8.8/storage/connect/tabjson.cpp | 4 mariadb-11.8.8/storage/connect/table.cpp | 4 mariadb-11.8.8/storage/connect/tabmac.cpp | 11 mariadb-11.8.8/storage/connect/tabmul.cpp | 19 mariadb-11.8.8/storage/connect/tabodbc.cpp | 2 mariadb-11.8.8/storage/connect/tabpivot.cpp | 3 mariadb-11.8.8/storage/connect/tabrest.cpp | 34 mariadb-11.8.8/storage/connect/tabsys.cpp | 22 mariadb-11.8.8/storage/connect/tabutil.cpp | 8 mariadb-11.8.8/storage/connect/tabvct.cpp | 4 mariadb-11.8.8/storage/connect/tabwmi.cpp | 14 mariadb-11.8.8/storage/connect/tabxml.cpp | 21 mariadb-11.8.8/storage/connect/tabzip.cpp | 4 mariadb-11.8.8/storage/connect/unzip.c | 33 mariadb-11.8.8/storage/connect/unzip.h | 13 mariadb-11.8.8/storage/connect/valblk.cpp | 4 mariadb-11.8.8/storage/connect/value.cpp | 34 mariadb-11.8.8/storage/connect/xindex.cpp | 11 mariadb-11.8.8/storage/connect/xobject.cpp | 14 mariadb-11.8.8/storage/connect/zip.c | 391 mariadb-11.8.8/storage/connect/zip.h | 35 mariadb-11.8.8/storage/federated/ha_federated.cc | 13 mariadb-11.8.8/storage/federatedx/ha_federatedx.cc | 9 mariadb-11.8.8/storage/heap/hp_test1.c | 6 mariadb-11.8.8/storage/heap/hp_test2.c | 12 mariadb-11.8.8/storage/innobase/btr/btr0cur.cc | 2 mariadb-11.8.8/storage/innobase/buf/buf0buddy.cc | 1 mariadb-11.8.8/storage/innobase/buf/buf0buf.cc | 131 mariadb-11.8.8/storage/innobase/buf/buf0dblwr.cc | 13 mariadb-11.8.8/storage/innobase/buf/buf0dump.cc | 8 mariadb-11.8.8/storage/innobase/buf/buf0flu.cc | 389 mariadb-11.8.8/storage/innobase/dict/dict0crea.cc | 22 mariadb-11.8.8/storage/innobase/dict/dict0dict.cc | 23 mariadb-11.8.8/storage/innobase/dict/dict0stats_bg.cc | 3 mariadb-11.8.8/storage/innobase/dict/drop.cc | 55 mariadb-11.8.8/storage/innobase/fil/fil0fil.cc | 7 mariadb-11.8.8/storage/innobase/fsp/fsp0fsp.cc | 241 mariadb-11.8.8/storage/innobase/fsp/fsp0sysspace.cc | 21 mariadb-11.8.8/storage/innobase/fts/fts0blex.cc | 17 mariadb-11.8.8/storage/innobase/fts/fts0config.cc | 3 mariadb-11.8.8/storage/innobase/fts/fts0opt.cc | 73 mariadb-11.8.8/storage/innobase/fts/fts0pars.cc | 30 mariadb-11.8.8/storage/innobase/fts/fts0sql.cc | 9 mariadb-11.8.8/storage/innobase/fts/fts0tlex.cc | 20 mariadb-11.8.8/storage/innobase/handler/ha_innodb.cc | 266 mariadb-11.8.8/storage/innobase/handler/ha_innodb.h | 8 mariadb-11.8.8/storage/innobase/handler/handler0alter.cc | 34 mariadb-11.8.8/storage/innobase/ibuf/ibuf0ibuf.cc | 9 mariadb-11.8.8/storage/innobase/include/buf0buf.h | 36 mariadb-11.8.8/storage/innobase/include/buf0flu.h | 22 mariadb-11.8.8/storage/innobase/include/dict0crea.inl | 10 mariadb-11.8.8/storage/innobase/include/dict0dict.h | 8 mariadb-11.8.8/storage/innobase/include/dict0mem.h | 38 mariadb-11.8.8/storage/innobase/include/fil0fil.h | 3 mariadb-11.8.8/storage/innobase/include/fts0blex.h | 4 mariadb-11.8.8/storage/innobase/include/fts0fts.h | 18 mariadb-11.8.8/storage/innobase/include/fts0pars.h | 2 mariadb-11.8.8/storage/innobase/include/fts0priv.h | 3 mariadb-11.8.8/storage/innobase/include/fts0priv.inl | 5 mariadb-11.8.8/storage/innobase/include/fts0tlex.h | 4 mariadb-11.8.8/storage/innobase/include/ha_prototypes.h | 5 mariadb-11.8.8/storage/innobase/include/log0log.h | 37 mariadb-11.8.8/storage/innobase/include/log0recv.h | 10 mariadb-11.8.8/storage/innobase/include/mach0data.inl | 54 mariadb-11.8.8/storage/innobase/include/row0log.h | 20 mariadb-11.8.8/storage/innobase/include/row0purge.h | 58 mariadb-11.8.8/storage/innobase/include/row0vers.h | 10 mariadb-11.8.8/storage/innobase/include/small_vector.h | 1 mariadb-11.8.8/storage/innobase/include/srv0start.h | 3 mariadb-11.8.8/storage/innobase/include/srw_lock.h | 50 mariadb-11.8.8/storage/innobase/include/trx0purge.h | 36 mariadb-11.8.8/storage/innobase/include/trx0trx.h | 41 mariadb-11.8.8/storage/innobase/include/trx0types.h | 4 mariadb-11.8.8/storage/innobase/include/trx0undo.h | 2 mariadb-11.8.8/storage/innobase/include/univ.i | 1 mariadb-11.8.8/storage/innobase/include/ut0ut.h | 3 mariadb-11.8.8/storage/innobase/lock/lock0lock.cc | 60 mariadb-11.8.8/storage/innobase/log/log0log.cc | 254 mariadb-11.8.8/storage/innobase/log/log0recv.cc | 123 mariadb-11.8.8/storage/innobase/mem/mem0mem.cc | 3 mariadb-11.8.8/storage/innobase/mtr/mtr0mtr.cc | 18 mariadb-11.8.8/storage/innobase/os/os0file.cc | 3 mariadb-11.8.8/storage/innobase/pars/lexyy.cc | 115 mariadb-11.8.8/storage/innobase/pars/make_bison.sh | 1 mariadb-11.8.8/storage/innobase/pars/make_flex.sh | 1 mariadb-11.8.8/storage/innobase/pars/pars0grm.cc | 236 mariadb-11.8.8/storage/innobase/row/row0import.cc | 40 mariadb-11.8.8/storage/innobase/row/row0ins.cc | 10 mariadb-11.8.8/storage/innobase/row/row0log.cc | 30 mariadb-11.8.8/storage/innobase/row/row0merge.cc | 2 mariadb-11.8.8/storage/innobase/row/row0mysql.cc | 31 mariadb-11.8.8/storage/innobase/row/row0purge.cc | 92 mariadb-11.8.8/storage/innobase/row/row0uins.cc | 2 mariadb-11.8.8/storage/innobase/row/row0undo.cc | 2 mariadb-11.8.8/storage/innobase/row/row0vers.cc | 9 mariadb-11.8.8/storage/innobase/srv/srv0mon.cc | 2 mariadb-11.8.8/storage/innobase/srv/srv0srv.cc | 2 mariadb-11.8.8/storage/innobase/srv/srv0start.cc | 236 mariadb-11.8.8/storage/innobase/sync/srw_lock.cc | 122 mariadb-11.8.8/storage/innobase/trx/trx0purge.cc | 253 mariadb-11.8.8/storage/innobase/trx/trx0rec.cc | 36 mariadb-11.8.8/storage/innobase/trx/trx0trx.cc | 27 mariadb-11.8.8/storage/innobase/trx/trx0undo.cc | 2 mariadb-11.8.8/storage/innobase/ut/ut0ut.cc | 31 mariadb-11.8.8/storage/maria/aria_chk.c | 10 mariadb-11.8.8/storage/maria/ha_maria.cc | 1 mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/asan.yml | 53 mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/distcheck.yml | 25 mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/docs.yml | 25 mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/scanbuild.yml | 30 mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/usan.yml | 53 mariadb-11.8.8/storage/maria/libmarias3/.readthedocs.yaml | 35 mariadb-11.8.8/storage/maria/libmarias3/README.rst | 16 mariadb-11.8.8/storage/maria/libmarias3/VERSION.txt | 2 mariadb-11.8.8/storage/maria/libmarias3/docs/api/functions.rst | 7 mariadb-11.8.8/storage/maria/libmarias3/docs/appendix/version_history.rst | 22 mariadb-11.8.8/storage/maria/libmarias3/src/assume_role.c | 12 mariadb-11.8.8/storage/maria/libmarias3/src/debug.c | 2 mariadb-11.8.8/storage/maria/libmarias3/src/debug.h | 2 mariadb-11.8.8/storage/maria/libmarias3/src/marias3.c | 7 mariadb-11.8.8/storage/maria/libmarias3/src/request.c | 58 mariadb-11.8.8/storage/maria/libmarias3/src/sha256_i.h | 14 mariadb-11.8.8/storage/maria/libmarias3/src/structs.h | 8 mariadb-11.8.8/storage/maria/libmarias3/tests/basic.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/basic_host.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/basic_no_type.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/content_type.c | 12 mariadb-11.8.8/storage/maria/libmarias3/tests/copy.c | 8 mariadb-11.8.8/storage/maria/libmarias3/tests/custom_malloc.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/large_file.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/list.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/longlist.c | 6 mariadb-11.8.8/storage/maria/libmarias3/tests/prefix.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/read_cb.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/small_buffer.c | 2 mariadb-11.8.8/storage/maria/libmarias3/tests/snowman.c | 2 mariadb-11.8.8/storage/maria/ma_bitmap.c | 10 mariadb-11.8.8/storage/maria/ma_blockrec.c | 2 mariadb-11.8.8/storage/maria/ma_blockrec.h | 2 mariadb-11.8.8/storage/maria/ma_check.c | 3 mariadb-11.8.8/storage/maria/ma_control_file.c | 26 mariadb-11.8.8/storage/maria/ma_create.c | 20 mariadb-11.8.8/storage/maria/ma_rt_index.c | 5 mariadb-11.8.8/storage/maria/ma_sp_key.c | 3 mariadb-11.8.8/storage/maria/ma_test1.c | 17 mariadb-11.8.8/storage/maria/ma_test2.c | 22 mariadb-11.8.8/storage/maria/test_ma_backup.c | 14 mariadb-11.8.8/storage/mroonga/ha_mroonga.cpp | 120 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/create_table_index_flags_invalid.result | 13 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/fulltext_found_rows.result | 1 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_auto-escape.result | 6 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_select.result | 4 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_ascii.result | 32 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_cp932.result | 32 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_eucjpms.result | 32 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_html_dynamic_keyword.result | 1 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_japanese.result | 32 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_default_tokenizer_disable.result | 5 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_enable_operations_recording_insert.result | 28 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_log_file_reject_null.result | 7 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_parameter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_parameter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_cp932.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_utf8.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_type_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_index_token_filters_one_token_filter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_change_token_filter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_disable_keys_fulltext_table.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_enable_keys_fulltext_table.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_fulltext_vector_other_table.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_int_other_table.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_cp932.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_utf8.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_parameter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_parameter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_type_comment.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_default_tokenizer.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_flags_invalid.test | 34 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_normalizer_index_bin.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_multiple_token_filters.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_one_token_filter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_parameter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_multiple_token_filters.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_one_token_filter.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_existent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_nonexistent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_existent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_nonexistent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_existent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_nonexistent.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/fulltext_found_rows.test | 5 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_auto-escape.test | 5 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_select.test | 2 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_special-database-name.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_dynamic_keyword.test | 15 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_multiple_keywords.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_normalizer.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_default.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_normalizer.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_ascii.test | 16 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_cp932.test | 16 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_eucjpms.test | 16 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_dynamic_keyword.test | 13 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_multiple_keywords.test | 3 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_japanese.test | 16 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_default_tokenizer_disable.test | 25 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_enable_operations_recording_insert.test | 14 mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_log_file_reject_null.test | 30 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_command.cpp | 1 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_highlight_html.cpp | 9 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_normalize.cpp | 20 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_query_expand.cpp | 6 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet.cpp | 18 mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet_html.cpp | 9 mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/db.c | 4 mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/grn_ecmascript.c | 164 mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/io.c | 2 mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/proc/proc_snippet.c | 2 mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/ts/ts_expr_node.c | 2 mariadb-11.8.8/storage/myisam/ha_myisam.cc | 1 mariadb-11.8.8/storage/myisam/mi_create.c | 20 mariadb-11.8.8/storage/myisam/mi_extra.c | 2 mariadb-11.8.8/storage/myisam/mi_test1.c | 14 mariadb-11.8.8/storage/myisam/mi_test2.c | 22 mariadb-11.8.8/storage/myisam/myisamchk.c | 10 mariadb-11.8.8/storage/myisam/myisamlog.c | 20 mariadb-11.8.8/storage/myisam/rt_index.c | 3 mariadb-11.8.8/storage/myisam/sp_key.c | 3 mariadb-11.8.8/storage/oqgraph/README | 4 mariadb-11.8.8/storage/oqgraph/graphcore-config.h | 4 mariadb-11.8.8/storage/oqgraph/graphcore-graph.cc | 4 mariadb-11.8.8/storage/oqgraph/graphcore-graph.h | 4 mariadb-11.8.8/storage/oqgraph/graphcore-types.h | 4 mariadb-11.8.8/storage/oqgraph/graphcore.cc | 4 mariadb-11.8.8/storage/oqgraph/graphcore.h | 4 mariadb-11.8.8/storage/oqgraph/ha_oqgraph.cc | 7 mariadb-11.8.8/storage/oqgraph/ha_oqgraph.h | 4 mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/boundary_conditions.test | 10 mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/general.inc | 2 mariadb-11.8.8/storage/oqgraph/oqgraph_judy.cc | 4 mariadb-11.8.8/storage/oqgraph/oqgraph_judy.h | 4 mariadb-11.8.8/storage/oqgraph/oqgraph_shim.cc | 4 mariadb-11.8.8/storage/oqgraph/oqgraph_shim.h | 4 mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.cc | 6 mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.h | 4 mariadb-11.8.8/storage/perfschema/table_events_statements.cc | 3 mariadb-11.8.8/storage/perfschema/table_events_waits.cc | 16 mariadb-11.8.8/storage/perfschema/table_global_status.cc | 2 mariadb-11.8.8/storage/perfschema/table_helper.cc | 5 mariadb-11.8.8/storage/perfschema/table_helper.h | 17 mariadb-11.8.8/storage/perfschema/table_processlist.cc | 2 mariadb-11.8.8/storage/perfschema/table_session_status.cc | 2 mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/mdev_38732.result | 22 mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/xa_cmd.result | 9 mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/mdev_38732.test | 26 mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/xa_cmd.test | 10 mariadb-11.8.8/storage/spider/spd_conn.cc | 4 mariadb-11.8.8/storage/spider/spd_db_conn.cc | 20 mariadb-11.8.8/storage/spider/spd_db_conn.h | 2 mariadb-11.8.8/storage/spider/spd_db_mysql.cc | 54 mariadb-11.8.8/storage/spider/spd_db_mysql.h | 1 mariadb-11.8.8/storage/spider/spd_direct_sql.cc | 2 mariadb-11.8.8/storage/spider/spd_group_by_handler.cc | 4 mariadb-11.8.8/storage/spider/spd_include.h | 1 mariadb-11.8.8/storage/spider/spd_ping_table.cc | 12 mariadb-11.8.8/storage/spider/spd_table.cc | 10 mariadb-11.8.8/storage/spider/spd_trx.cc | 16 mariadb-11.8.8/strings/ctype-uca1400.c | 3 mariadb-11.8.8/strings/ctype.c | 15 mariadb-11.8.8/strings/decimal.c | 93 mariadb-11.8.8/strings/dtoa.c | 8 mariadb-11.8.8/strings/json_lib.c | 34 mariadb-11.8.8/strings/strcoll.inl | 8 mariadb-11.8.8/strings/xml.c | 161 mariadb-11.8.8/support-files/mariadb.service.in | 5 mariadb-11.8.8/support-files/mariadb@.service.in | 5 mariadb-11.8.8/tests/insert_test.c | 2 mariadb-11.8.8/tests/mysql_client_test.c | 268 mariadb-11.8.8/tests/select_test.c | 2 mariadb-11.8.8/tests/showdb_test.c | 2 mariadb-11.8.8/tests/ssl_test.c | 2 mariadb-11.8.8/unittest/json_lib/json_lib-t.c | 2 mariadb-11.8.8/unittest/mysys/CMakeLists.txt | 1 mariadb-11.8.8/unittest/mysys/base64-t.c | 8 mariadb-11.8.8/unittest/mysys/ma_dyncol-t.c | 14 mariadb-11.8.8/unittest/mysys/my_symlink-t.c | 85 mariadb-11.8.8/unittest/mytap/tap.c | 29 mariadb-11.8.8/unittest/sql/my_json_writer-t.cc | 939 mariadb-11.8.8/unittest/strings/strings-t.c | 2 mariadb-11.8.8/win/packaging/CMakeLists.txt | 2 mariadb-11.8.8/win/packaging/heidisql.cmake | 19 mariadb-11.8.8/win/upgrade_wizard/upgradeDlg.cpp | 8 mariadb-11.8.8/zlib/.cmake-format.yaml | 245 mariadb-11.8.8/zlib/CMakeLists.txt | 53 mariadb-11.8.8/zlib/ChangeLog | 51 mariadb-11.8.8/zlib/FAQ | 46 mariadb-11.8.8/zlib/INDEX | 3 mariadb-11.8.8/zlib/LICENSE | 2 mariadb-11.8.8/zlib/README | 28 mariadb-11.8.8/zlib/compress.c | 44 mariadb-11.8.8/zlib/contrib/nuget/nuget.csproj | 43 mariadb-11.8.8/zlib/contrib/nuget/nuget.sln | 22 mariadb-11.8.8/zlib/contrib/vstudio/vc17/miniunz.vcxproj | 409 mariadb-11.8.8/zlib/contrib/vstudio/vc17/minizip.vcxproj | 405 mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlib.vcxproj | 473 mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlibdll.vcxproj | 409 mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlib.rc | 32 mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibstat.vcxproj | 602 mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.def | 158 mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.sln | 179 mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.vcxproj | 875 mariadb-11.8.8/zlib/crc32.c | 164 mariadb-11.8.8/zlib/deflate.c | 176 mariadb-11.8.8/zlib/deflate.h | 8 mariadb-11.8.8/zlib/gzguts.h | 64 mariadb-11.8.8/zlib/gzlib.c | 103 mariadb-11.8.8/zlib/gzread.c | 296 mariadb-11.8.8/zlib/gzwrite.c | 269 mariadb-11.8.8/zlib/infback.c | 87 mariadb-11.8.8/zlib/inffast.c | 13 mariadb-11.8.8/zlib/inffixed.h | 182 mariadb-11.8.8/zlib/inflate.c | 189 mariadb-11.8.8/zlib/inflate.h | 2 mariadb-11.8.8/zlib/inftrees.c | 143 mariadb-11.8.8/zlib/inftrees.h | 4 mariadb-11.8.8/zlib/make_vms.com | 867 mariadb-11.8.8/zlib/qnx/package.qpg | 141 mariadb-11.8.8/zlib/treebuild.xml | 116 mariadb-11.8.8/zlib/trees.c | 28 mariadb-11.8.8/zlib/uncompr.c | 62 mariadb-11.8.8/zlib/watcom/watcom_f.mak | 43 mariadb-11.8.8/zlib/watcom/watcom_l.mak | 43 mariadb-11.8.8/zlib/win32/DLL_FAQ.txt | 2 mariadb-11.8.8/zlib/win32/Makefile.gcc | 10 mariadb-11.8.8/zlib/win32/README-WIN32.txt | 16 mariadb-11.8.8/zlib/win32/zlib.def | 7 mariadb-11.8.8/zlib/win32/zlib1.rc | 9 mariadb-11.8.8/zlib/zconf.h.cmakein | 52 mariadb-11.8.8/zlib/zconf.h.in | 46 mariadb-11.8.8/zlib/zlib.3 | 22 mariadb-11.8.8/zlib/zlib.h | 307 mariadb-11.8.8/zlib/zlib.pc.cmakein | 9 mariadb-11.8.8/zlib/zlib.pc.in | 1 mariadb-11.8.8/zlib/zutil.c | 84 mariadb-11.8.8/zlib/zutil.h | 99 3260 files changed, 398834 insertions(+), 154381 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpayiy9ye_/mariadb_11.8.6-0+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpayiy9ye_/mariadb_11.8.8-0+deb13u1.dsc: no acceptable signature found diff -Nru mariadb-11.8.6/.gitignore mariadb-11.8.8/.gitignore --- mariadb-11.8.6/.gitignore 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/.gitignore 2026-05-24 09:58:30.000000000 +0000 @@ -30,6 +30,7 @@ Docs/INFO_SRC Makefile TAGS +all_plugins/ mariadb-plugin-columnstore.install.generated Testing/ tmp/ @@ -59,8 +60,11 @@ extra/innochecksum extra/jemalloc/build/ extra/jemalloc/tmp/ +extra/generate_option_list extra/mariabackup/mariabackup extra/mariabackup/mbstream +extra/mariadb-migrate-config-file +extra/mariadbd_options.h extra/my_print_defaults extra/mysql_waitpid extra/mysqld_safe_helper diff -Nru mariadb-11.8.6/CMakeLists.txt mariadb-11.8.8/CMakeLists.txt --- mariadb-11.8.6/CMakeLists.txt 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/CMakeLists.txt 2026-05-24 09:58:30.000000000 +0000 @@ -261,6 +261,16 @@ ENDIF() ENDIF() +# SANs, with their additional processing workload, should have a basic +# but debuggable optimization unless user specifies otherwise. +IF((WITH_ASAN OR WITH_UBSAN OR WITH_TSAN OR WITH_MSAN) + AND NOT CMAKE_C_FLAGS MATCHES "-O[0-9sgzf]" + AND NOT CMAKE_CXX_FLAGS MATCHES "-O[0-9sgzf]" + AND NOT CMAKE_C_FLAGS_${CMAKE_BUILD_TYPE} MATCHES "-O[0-9sgzf]" + AND NOT CMAKE_CXX_FLAGS_${CMAKE_BUILD_TYPE} MATCHES "-O[0-9sgzf]") + MY_CHECK_AND_SET_COMPILER_FLAG("-Og") +ENDIF() + OPTION(WITH_GPROF "Enable profiling with gprof" OFF) IF (WITH_GPROF) MY_CHECK_AND_SET_COMPILER_FLAG("-pg -g -no-pie -fPIC") @@ -486,7 +496,6 @@ ADD_SUBDIRECTORY(mysys) ADD_SUBDIRECTORY(mysys_ssl) ADD_SUBDIRECTORY(client) -ADD_SUBDIRECTORY(extra) ADD_SUBDIRECTORY(libservices) ADD_SUBDIRECTORY(sql/share) @@ -512,6 +521,8 @@ ENDIF() ENDIF() +ADD_SUBDIRECTORY(extra) + IF(UNIX) ADD_SUBDIRECTORY(man) ENDIF() @@ -585,9 +596,6 @@ IF(UNIX) INSTALL_DOCUMENTATION(Docs/INSTALL-BINARY COMPONENT Readme) - IF(WITH_WSREP) - INSTALL_DOCUMENTATION(Docs/README-wsrep COMPONENT Readme) - ENDIF() ENDIF() INCLUDE(build_depends) diff -Nru mariadb-11.8.6/CONTRIBUTING.md mariadb-11.8.8/CONTRIBUTING.md --- mariadb-11.8.6/CONTRIBUTING.md 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/CONTRIBUTING.md 2026-05-24 09:58:30.000000000 +0000 @@ -8,21 +8,23 @@ - [maria-developers mailing list](https://lists.mariadb.org/postorius/lists/developers.lists.mariadb.org/) - [maria-discuss mailing list](https://lists.mariadb.org/postorius/lists/discuss.lists.mariadb.org/) - [maria-docs mailing list](https://lists.mariadb.org/postorius/lists/docs.lists.mariadb.org/) -- The MariaDB Foundation and MariaDB Corporation have a presence on Reddit, Twitter and Facebook. See the [social media page](https://mariadb.com/docs/general-resources/community/joining-the-community). +- The MariaDB Foundation and MariaDB Corporation have a presence on Reddit, Twitter and Facebook. See the [social media page](https://mariadb.com/docs/general-resources/community/joining-the-community). ### Help document MariaDB ----- -- Contribute towards [documenting MariaDB Server](https://mariadb.com/docs/general-resources/about/readme/contributing-documentation) and its ecosystem by adding new content or improving existing content. -- [Translate](https://mariadb.com/docs/general-resources/about/readme/contributing-documentation) existing documentation. +--- +- Contribute towards [documenting MariaDB Server](https://mariadb.com/docs/general-resources/about/readme/contributing-documentation) and its ecosystem by adding new content or improving existing content. +- [Translate](https://mariadb.com/docs/general-resources/about/readme/contributing-documentation) existing documentation. + +### Help develop MariaDB +--- +- Fix bugs or develop new features +- Review code contributions +- Test bug fixes and features +- Participate in packaging for different distributions -### Help debug and develop MariaDB ------ -- [Report bugs](https://jira.mariadb.org/) -- Test development versions -- Write code to fix bugs or develop new features (see [Getting Started for Developers](https://mariadb.org/getting-started-for-developers)).See also [list of beginner friendly tasks](https://jira.mariadb.org/browse/MDEV-15736?jql=resolution%20%3D%20Unresolved%20AND%20labels%20%3D%20beginner-friendly%20ORDER%20BY%20updated%20DESC) -- Help with code quality control -- Participate in packaging for different Linux distributions -- Coding standards for the main source code can be found in [CODING_STANDARDS.md](CODING_STANDARDS.md). +Check the [list of beginner friendly tasks](https://jira.mariadb.org/issues/?jql=status%3DConfirmed%20AND%20labels%3Dbeginner-friendly%20ORDER%20BY%20updated%20DESC). Or talk to the [MariaDB developers](#engage-online-with-other-community-members). + +See also [Getting Started for Developers](https://mariadb.org/getting-started-for-developers). Coding standards for the main source code can be found in [CODING_STANDARDS.md](CODING_STANDARDS.md). ### Sponsor or donate --- @@ -32,10 +34,10 @@ --- - Attend an event - [Events and Conferences page](https://mariadb.org/events/) - - [mariadb.meetup.com](http://mariadb.meetup.com/) + - [mariadb.meetup.com](https://mariadb.meetup.com/) -### Live QA for beginner contributors ----- +### Live Q&A for beginner contributors +--- MariaDB has a dedicated time each week when we answer new contributor questions live on Zulip. From 8:00 to 10:00 UTC on Mondays, and 10:00 to 12:00 UTC on Thursdays, anyone can ask any questions they’d like, and a live developer will be available to assist. @@ -43,5 +45,5 @@ ### Additional resources ---- - - [MariaDB Foundation ](https://mariadb.org/) + - [MariaDB Foundation](https://mariadb.org/) - [MariaDB Documentation](https://mariadb.com/docs/) diff -Nru mariadb-11.8.6/Docs/INFO_SRC mariadb-11.8.8/Docs/INFO_SRC --- mariadb-11.8.6/Docs/INFO_SRC 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/Docs/INFO_SRC 2026-05-24 09:58:35.000000000 +0000 @@ -1,8 +1,8 @@ -commit: 9bfea48ce1214cc4470f6f6f8a4e30352cef84e7 -date: 2026-01-31 14:08:54 +0100 -build-date: 2026-01-31 13:27:52 +0000 -short: 9bfea48c +commit: 46a8eb42a520193686d9a16d4cea4b3e002917e4 +date: 2026-05-24 11:53:55 +0200 +build-date: 2026-05-24 09:58:35 +0000 +short: 46a8eb42 branch: bb-11.8-release -MariaDB source 11.8.6 +MariaDB source 11.8.8 diff -Nru mariadb-11.8.6/Docs/README-wsrep mariadb-11.8.8/Docs/README-wsrep --- mariadb-11.8.6/Docs/README-wsrep 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/Docs/README-wsrep 1970-01-01 00:00:00.000000000 +0000 @@ -1,485 +0,0 @@ -Codership Oy -http://www.codership.com - - -DISCLAIMER - -THIS SOFTWARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER -EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. -IN NO EVENT SHALL CODERSHIP OY BE HELD LIABLE TO ANY PARTY FOR ANY DAMAGES -RESULTING DIRECTLY OR INDIRECTLY FROM THE USE OF THIS SOFTWARE. - -Trademark Information. - -MySQL is a trademark or registered trademark of Oracle and/or its affiliates. -Other trademarks are the property of their respective owners. - -Licensing Information. - -Please see file COPYING that came with this distribution - -Source code can be found at -wsrep API: https://launchpad.net/wsrep -MySQL patch: https://launchpad.net/codership-mysql - - -ABOUT THIS DOCUMENT - -This document covers installation and configuration issues specific to this -wsrep-patched MySQL distribution by Codership. It does not cover the use or -administration of MySQL server per se. The reader is assumed to know how to -install, configure, administer and use standard MySQL server version 5.1.xx. - - - MYSQL-5.5.x/wsrep-23.x - -CONTENTS: -========= -1. WHAT IS WSREP PATCH FOR MYSQL -2. INSTALLATION -3. FIRST TIME SETUP - 3.1 CONFIGURATION FILES - 3.2 DATABASE PRIVILEGES - 3.3 CHECK AND CORRECT FIREWALL SETTINGS - 3.4 SELINUX - 3.5 APPARMOR - 3.6 CONNECT TO CLUSTER -4. UPGRADING FROM MySQL 5.1.x -5. CONFIGURATION OPTIONS - 5.1 MANDATORY MYSQL OPTIONS - 5.2 WSREP OPTIONS -6. ONLINE SCHEMA UPGRADE - 6.1 TOTAL ORDER ISOLATION (TOI) - 6.2 ROLLING SCHEMA UPGRADE (RSU) -7. LIMITATIONS - - -1. WHAT IS WSREP PATCH FOR MYSQL/INNODB - -Wsrep API developed by Codership Oy is a modern generic (database-agnostic) -replication API for transactional databases with a goal to make database -replication/logging subsystem completely modular and pluggable. It is developed -with flexibility and completeness in mind to satisfy a broad range of modern -replication scenarios. It is equally suitable for synchronous and asynchronous, -master-slave and multi-master replication. - -wsrep stands for Write Set REPlication. - -Wsrep patch for MySQL/InnoDB allows MySQL server to load and use various wsrep -API implementations ("wsrep providers") with different qualities of service. -Without wsrep provider MySQL-wsrep server will function like a regular -standalone server. - - -2. INSTALLATION - -In the examples below mysql authentication options are omitted for brevity. - -2.1 Download and install mysql-wsrep package. - -Download binary package for your Linux distribution from -https://launchpad.net/codership-mysql/ - -2.1.1 On Debian and Debian-derived distributions. - -Upgrade from mysql-server-5.0 to mysql-wsrep is not supported yet, please -upgrade to mysql-server-5.1 first. - -If you're installing over an existing mysql installation, mysql-server-wsrep -will conflict with the mysql-server-5.1 package, so remove it first: - -$ sudo apt-get remove mysql-server-5.1 mysql-server-core-5.1 - -mysql-server-wsrep requires psmisc and mysql-client-5.1.47 (or later). -MySQL 5.1 packages can be found from backports repositories. -For further information about configuring and using Debian or Ubuntu -backports, see: - -* http://backports.debian.org - -* https://help.ubuntu.com/community/UbuntuBackports - -For example, installation of required packages on Debian Lenny: - -$ sudo apt-get install psmisc -$ sudo apt-get -t lenny-backports install mysql-client-5.1 - -Now you should be able to install the mysql-wsrep package: - -$ sudo dpkg -i - -2.1.2 On CentOS and similar RPM-based distributions. - -If you're migrating from existing MySQL installation, there are two variants: - - a) If you're already using official MySQL-server-community 5.1.x RPM from - Oracle: - - # rpm -e mysql-server - - b) If you're upgrading from the stock mysql-5.0.77 on CentOS: - - 1) Make sure that the following packages are not installed: - # rpm --nodeps --allmatches -e mysql-server mysql-test mysql-bench - - 2) Install *official* MySQL-shared-compat-5.1.x from - http://dev.mysql.com/downloads/mysql/5.1.html - -Actual installation: - - # rpm -Uvh - - If this fails due to unsatisfied dependencies, install missing packages - (e.g. yum install perl-DBI) and retry. - -Additional packages to consider (if not yet installed): - * galera (multi-master replication provider, https://launchpad.net/galera) - * MySQL-client-community (for connecting to server and mysqldump-based SST) - * rsync (for rsync-based SST) - * mariabackup and nc (for mariabackup-based SST) - -2.2 Upgrade system tables. - -If you're upgrading a previous MySQL installation, it might be advisable to -upgrade system tables. To do that start mysqld and run mysql_upgrade command. -Consult MySQL documentation in case of errors. Normally they are not critical -and can be ignored unless specific functionality is needed. - - -3. FIRST TIME SETUP - -Unless you're upgrading an already installed mysql-wsrep package, you will need -to set up a few things to prepare the server for operation. - -3.1 CONFIGURATION FILES - -* Make sure system-wide my.cnf does not bind mysqld to 127.0.0.1. That is, if - you have the following line in [mysqld] section, comment it out: - - #bind-address = 127.0.0.1 - -* Make sure system-wide my.cnf contains "!includedir /etc/mysql/conf.d/" line. - -* Edit /etc/mysql/conf.d/wsrep.cnf and set wsrep_provider option by specifying - a path to the provider library. If you don't have a provider, leave it as it is. - -* When a new node joins the cluster it'll have to receive a state snapshot from - one of the peers. This requires a privileged MySQL account with access from - the rest of the cluster. Edit /etc/mysql/conf.d/wsrep.cnf and set mysql - login/password pair for SST, for example: - - wsrep_sst_auth=wsrep_sst:wspass - -* See CONFIGURATION section below about other configuration parameters that you - might want to change at this point. - -3.2 DATABASE PRIVILEGES - -Restart MySQL server and connect to it as root to grant privileges to SST -account (empty users confuse MySQL authentication matching rules, we need to -delete them too): - -$ mysql -e "SET wsrep_on=OFF; DELETE FROM mysql.user WHERE user='';" -$ mysql -e "SET wsrep_on=OFF; GRANT ALL ON *.* TO wsrep_sst@'%' IDENTIFIED BY 'wspass'"; - -3.3 CHECK AND CORRECT FIREWALL SETTINGS. - -MySQL-wsrep server needs to be accessible from other cluster members through -its client listening socket and through wsrep provider socket. See your -distribution and wsrep provider documentation for details. For example on -CentOS you might need to do something along these lines: - -# iptables --insert RH-Firewall-1-INPUT 1 --proto tcp --source /24 --destination /32 --dport 3306 -j ACCEPT -# iptables --insert RH-Firewall-1-INPUT 1 --proto tcp --source /24 --destination /32 --dport 4567 -j ACCEPT - -If there is a NAT firewall between the nodes, it must be configured to allow -direct connections between the nodes (e.g. via port forwarding). - -3.4 SELINUX - -If you have SELinux enabled, it may block mysqld from doing required operations. -You'll need to either disable it or configure to allow mysqld to run external -programs and open listen sockets at unprivileged ports (i.e. things that -an unprivileged user can do). See SELinux documentation about it. - -To quickly disable SELinux: -1) run 'setenforce 0' as root. -2) set 'SELINUX=permissive' in /etc/selinux/config - -3.5 APPARMOR - -AppArmor automatically comes with Ubuntu and may also prevent mysqld to from -opening additional ports or run scripts. See AppArmor documentation about its -configuration. To disable AppArmor for mysqld: - -$ cd /etc/apparmor.d/disable/ -$ sudo ln -s /etc/apparmor.d/usr.sbin.mysqld -$ sudo service apparmor restart - - -3.6 CONNECT TO CLUSTER - -Now you're ready to connect to cluster by setting wsrep_cluster_address variable -and monitor status of wsrep provider: - -mysql> SET GLOBAL wsrep_cluster_address=''; -mysql> SHOW STATUS LIKE 'wsrep%'; - - -4 UPGRADING FROM MySQL 5.1.x - -!!! THESE INSTRUCTIONS ARE PRELIMINARY AND INCOMPLETE !!! - -1) BEFORE UPGRADE (while running 5.1.x): - - comment out 'wsrep_provider' setting from configuration files - (my.cnf and/or wsrep.cnf) - - If performing a rolling upgrade on a running cluster, set - wsrep_sst_method=mysqldump. - You might also need to configure wsrep_sst_receive_address and - wsrep_sst_auth appropriately. mysqldump is the only way to transfer data - from 5.1.x to 5.5.x reliably. - - remove innodb_plugin settings from configuration files. - -2) Perform upgrade as usual: - http://dev.mysql.com/doc/refman/5.5/en/upgrading-from-previous-series.html - Don't forget to run 'mysql_upgrade' command. - -3) AFTER UPGRADING individual node: - - uncomment 'wsrep_provider' line in configuration file. - - restart the server and join the cluster. - -4) AFTER UPGRADING the whole cluster: - - revert to usual wsrep SST settings if not 'mysqldump'. - - -5. CONFIGURATION OPTIONS - -5.1 MANDATORY MYSQL OPTIONS - -binlog_format=ROW - This option is required to use row-level replication as opposed to - statement-level. For performance and consistency considerations don't change - that. As a side effect, binlog, if turned on, can be ROW only. In future this - option won't have special meaning. - -innodb_autoinc_lock_mode=2 - This is a required parameter. Without it INSERTs into tables with - AUTO_INCREMENT column may fail. - autoinc lock modes 0 and 1 can cause unresolved deadlock, and make - the system unresponsive. - -5.2 WSREP OPTIONS - -All options are optional except for wsrep_provider, wsrep_cluster_address, and -wsrep_sst_auth. - -wsrep_provider=none - A full path to the library that implements WSREP interface. If none is - specified, the server behaves like a regular mysqld. - -wsrep_provider_options= - Provider-specific option string. Check wsrep provider documentation or - http://www.codership.com/wiki - -wsrep_cluster_address= - Provider-specific cluster address string. This is used to connect a node to - the desired cluster. This option can be given either on mysqld startup or set - during runtime. See wsrep provider documentation for possible values. - -wsrep_cluster_name="my_wsrep_cluster" - Logical cluster name, must be the same for all nodes of the cluster. - -wsrep_node_address= - An option to explicitly specify the network address of the node in the form -
[:port] if autoguessing for some reason does not produce desirable - results (multiple network interfaces, NAT, etc.) - If not explicitly overridden by wsrep_sst_receive_address, the
part - will be used to listen for SST (see below). And the whole
[:port] - will be passed to the wsrep provider to be used as a base address in its - communications. - -wsrep_node_name= - Human readable node name (for easier log reading only). Defaults to hostname. - -wsrep_slave_threads=1 - The number of threads dedicated to the processing of writesets from other nodes. - For best performance should be few per CPU core. - -wsrep_dbug_option - Options for the built-in DBUG library (independent from what MySQL uses). - Empty by default. Not currently in use. - -wsrep_debug=0 - Enable debug-level logging. - -wsrep_convert_LOCK_to_trx=0 - Implicitly convert locking sessions into transactions inside mysqld. By - itself it does not mean support for locking sessions, but it prevents the - database from going into logically inconsistent state. Note however, that - loading large database dump with LOCK statements might result in abnormally - large transactions and cause an out-of-memory condition - -wsrep_retry_autocommit=1 - Retry autocommit queries and single statement transactions should they fail - certification test. This is analogous to rescheduling an autocommit query - should it go into a deadlock with other transactions in the database lock - manager. - -wsrep_auto_increment_control=1 - Automatically adjust auto_increment_increment and auto_increment_offset - variables based on the number of nodes in the cluster. Significantly reduces - certification conflict rate for INSERTS. - -wsrep_drupal_282555_workaround=1 - MySQL seems to have an obscure bug when INSERT into table with - AUTO_INCREMENT column with NULL value for that column can fail with a - duplicate key error. When this option is on, it retries such INSERTs. - Required for stable Drupal operation. Documented at: - http://bugs.mysql.com/bug.php?id=41984 - http://drupal.org/node/282555 - -wsrep_causal_reads=0 - Enforce strict READ COMMITTED semantics on reads and transactions. May - result in additional latencies. It is a session variable. - -wsrep_OSU_method=TOI - Online Schema Upgrade (OSU) can be performed with two alternative methods: - Total Order Isolation (TOI) runs DDL statement in all cluster nodes in - same total order sequence locking the affected table for the duration of the - operation. This may result in the whole cluster being blocked for the - duration of the operation. - Rolling Schema Upgrade (RSU) executes the DDL statement only locally, thus - blocking only one cluster node. During the DDL processing, the node - is not replicating and may be unable to process replication events (due to - table lock). Once DDL operation is complete, the node will catch up and sync - with the cluster to become fully operational again. The DDL statement or - its effects are not replicated, so it is the user's responsibility to manually - perform this operation on each of the nodes. - -wsrep_forced_binlog_format=none - Force every transaction to use given binlog format. When this variable is - set to something else than NONE, all transactions will use the given forced - format, regardless of what the client session has specified in binlog_format. - Valid choices for wsrep_forced_binlog_format are: ROW, STATEMENT, MIXED and - special value NONE, meaning that there is no forced binlog format in effect. - This variable was introduced to support STATEMENT format replication during - rolling schema upgrade processing. However, in most cases ROW replication - is valid for asymmetric schema replication. - -State snapshot transfer options. - -When a new node joins the cluster it has to synchronize its initial state with -the other cluster members by transferring state snapshot from one of them. -The options below govern how this happens and should be set up before attempting -to join or start a cluster. - -wsrep_sst_method=rsync - What method to use to copy database state to a newly joined node. Supported - methods: - - mysqldump: slow (except for small datasets) but allows for upgrade - between major MySQL versions or InnoDB features. - - rsync: much faster on large datasets (default). - - rsync_wan: same as rsync but with deltaxfer to minimize network traffic. - - mariabackup: very fast and practically non-blocking SST method based on - mariabackup tool (enhanced version of Percona's xtrabackup). - - (for mariabackup to work the following settings must be present in my.cnf - on all nodes: - [mysqld] - wsrep_sst_auth=root: - datadir= - [client] - socket= - ) - -wsrep_sst_receive_address= - Address (hostname:port) at which this node wants to receive state snapshot. - Defaults to mysqld bind address, and if that is not specified (0.0.0.0) - - to the first IP of eth0 + mysqld bind port. - NOTE: check that your firewall allows connections to this address from other - cluster nodes. - -wsrep_sst_auth= - Authentication information needed for state transfer. Depends on the state - transfer method. For mysqldump-based SST it is - : - and should be the same on all nodes - it is used to authenticate with both - state snapshot receiver and state snapshot donor. - -wsrep_sst_donor= - A name of the node which should serve as state snapshot donor. This allows - controlling which node will serve the state snapshot request. By default the - most suitable node is chosen by the wsrep provider. This is the same as given in - wsrep_node_name. - - -6. ONLINE SCHEMA UPGRADE - - Schema upgrades mean any data definition statements (DDL statements) run - for the database. They change the database structure and are non- - transactional. - - Release 22.3 brings a new method for performing schema upgrades. A user can - now choose whether to use the traditional total order isolation or new - rolling schema upgrade method. The OSU method choice is done by global - parameter: 'wsrep_OSU_method'. - -6.1 Total Order Isolation (TOI) - - With earlier releases, DDL processing happened always by Total Order - Isolation (TOI) method. With TOI, the DDL was scheduled to be processed in - same transaction sequencing 'slot' in each cluster node. - The processing is secured by locking the affected table from any other use. - With TOI method, the whole cluster has part of the database locked for the - duration of the DDL processing. - -6.2 Rolling Schema Upgrade (RSU) - - Rolling schema upgrade is a new DDL processing method, where DDL will be - processed locally for the node. The node is disconnected of the replication - for the duration of the DDL processing, so that there is only DDL statement - processing in the node and it does not block the rest of the cluster. When - the DDL processing is complete, the node applies delayed replication events - and synchronizes back with the cluster. - The DDL can then be executed cluster-wide by running the same DDL statement - for each node in turn. When this rolling schema upgrade proceeds, part of - the cluster will have old schema structure and part of the cluster will have - new schema structure. - - -7. LIMITATIONS - -1) Currently replication works only with InnoDB storage engine. Any writes to - tables of other types, including system (mysql.*) tables are not replicated. - However, DDL statements are replicated in statement level, and changes - to mysql.* tables will get replicated that way. - So, you can safely issue: CREATE USER..., - but issuing: INSERT INTO mysql.user..., will not be replicated. - -2) DELETE operation is unsupported on tables without primary key. Also rows in - tables without primary key may appear in different order on different nodes. - As a result SELECT...LIMIT... may return slightly different sets. - -3) Unsupported queries: - * LOCK/UNLOCK TABLES cannot be supported in multi-master setups. - * lock functions (GET_LOCK(), RELEASE_LOCK()... ) - -4) Query log cannot be directed to a table. If you enable query logging, - you must forward the log to a file: - log_output = FILE - Use general_log and general_log_file to choose query logging and the - log file name - -5) Maximum allowed transaction size is defined by wsrep_max_ws_rows and - wsrep_max_ws_size. Anything bigger (e.g. huge LOAD DATA) will be rejected. - -6) Due to cluster level optimistic concurrency control, transaction issuing - COMMIT may still be aborted at that stage. There can be two transactions. - writing to same rows and committing in separate cluster nodes, and only one - of them can successfully commit. The failing one will be aborted. - For cluster level aborts, MySQL/galera cluster gives back deadlock error. - code (Error: 1213 SQLSTATE: 40001 (ER_LOCK_DEADLOCK)). - -7) XA transactions can not be supported due to possible rollback on commit. - diff -Nru mariadb-11.8.6/VERSION mariadb-11.8.8/VERSION --- mariadb-11.8.6/VERSION 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/VERSION 2026-05-24 09:58:30.000000000 +0000 @@ -1,4 +1,4 @@ MYSQL_VERSION_MAJOR=11 MYSQL_VERSION_MINOR=8 -MYSQL_VERSION_PATCH=6 +MYSQL_VERSION_PATCH=8 SERVER_MATURITY=stable diff -Nru mariadb-11.8.6/client/mysql.cc mariadb-11.8.8/client/mysql.cc --- mariadb-11.8.6/client/mysql.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysql.cc 2026-05-24 09:58:30.000000000 +0000 @@ -1166,8 +1166,9 @@ static void print_table_data_vertically(MYSQL_RES *result); static void print_warnings(void); static void print_last_query_cost(void); -static void end_timer(ulonglong start_time, char *buff); -static void nice_time(double sec,char *buff,bool part_second); +static void end_timer(ulonglong start_time, char *buff, size_t buff_size); +static void nice_time(double sec, char *buff, size_t buff_size, + bool part_second); extern "C" sig_handler mysql_end(int sig) __attribute__ ((noreturn)); extern "C" sig_handler handle_sigint(int sig); #if defined(HAVE_TERMIOS_H) && defined(GWINSZ_IN_SYS_IOCTL) @@ -1425,18 +1426,20 @@ histfile=my_strdup(PSI_NOT_INSTRUMENTED, histfile, MYF(MY_WME)); else if ((home= getenv("HOME"))) { + size_t histfile_size= + strlen(home) + strlen("/.mysql_history") + 2; histfile=(char*) my_malloc(PSI_NOT_INSTRUMENTED, - strlen(home) + strlen("/.mariadb_history")+2, MYF(MY_WME)); + histfile_size, MYF(MY_WME)); if (histfile) { - sprintf(histfile,"%s/.mariadb_history", home); + snprintf(histfile, histfile_size, "%s/.mariadb_history", home); if (my_access(histfile, F_OK)) { /* no .mariadb_history, look for historical name and use if present */ - sprintf(histfile,"%s/.mysql_history", home); + snprintf(histfile, histfile_size, "%s/.mysql_history", home); /* and go back to original if not found */ if (my_access(histfile, F_OK)) - sprintf(histfile,"%s/.mariadb_history", home); + snprintf(histfile, histfile_size, "%s/.mariadb_history", home); } char link_name[FN_REFLEN]; if (my_readlink(link_name, histfile, 0) == 0 && @@ -1458,19 +1461,31 @@ if (verbose) tee_fprintf(stdout, "Reading history-file %s\n",histfile); read_history(histfile); - if (!(histfile_tmp= (char*) my_malloc(PSI_NOT_INSTRUMENTED, - strlen(histfile) + 5, MYF(MY_WME)))) { - fprintf(stderr, "Couldn't allocate memory for temp histfile!\n"); - exit(1); + /* Extra space for the suffix appended to histfile: + "." - separator (sizeof = 2, includes NUL) + + PID - up to 20 digits (ULONG_MAX = 18446744073709551615) + + ".TMP"- extension (sizeof = 5, includes NUL, doubles + as the string NUL terminator) + sizeof(".") and sizeof(".TMP") each carry a NUL, so the sum + over-allocates by one byte, which is intentional. */ + size_t hlen= strlen(histfile) + sizeof(".") + 20 + sizeof(".TMP"); + if (!(histfile_tmp= (char*) my_malloc(PSI_NOT_INSTRUMENTED, hlen, MYF(MY_WME)))) + { + fprintf(stderr, "Couldn't allocate memory for temp histfile!\n"); + exit(1); + } + /* Include PID in name to avoid rename collision when concurrent sessions exit. */ + /* pid_t is signed but getpid() always returns a non-negative value (POSIX). */ + snprintf(histfile_tmp, hlen, "%s.%lu.TMP", histfile, + (unsigned long) getpid()); } - sprintf(histfile_tmp, "%s.TMP", histfile); } } #endif - sprintf(buff, "%s", + snprintf(buff, sizeof(buff), "%s", "Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.\n"); put_info(buff,INFO_INFO); status.exit_status= read_and_execute(!status.batch); @@ -1641,7 +1656,7 @@ interrupted_query= 2; /* kill_buffer is always big enough because max length of %lu is 15 */ - sprintf(kill_buffer, "KILL %s%lu", + snprintf(kill_buffer, sizeof(kill_buffer), "KILL %s%lu", (interrupted_query == 1) ? "QUERY " : "", mysql_thread_id(&mysql)); if (verbose) @@ -2701,7 +2716,7 @@ } else { - sprintf(buff,"Unknown command '\\%c'.",inchar); + snprintf(buff, sizeof(buff), "Unknown command '\\%c'.", inchar); if (put_info(buff,INFO_ERROR) > 0) DBUG_RETURN(1); *out++='\\'; @@ -3217,7 +3232,7 @@ j=0; while ((sql_field=mysql_fetch_field(fields))) { - sprintf(buf,"%.64s.%.64s",table_row[0],sql_field->name); + snprintf(buf, sizeof(buf), "%.64s.%.64s",table_row[0], sql_field->name); field_names[i][j] = strdup_root(&hash_mem_root,buf); add_word(&ht,field_names[i][j]); field_names[i][num_fields+j] = strdup_root(&hash_mem_root, @@ -3622,7 +3637,6 @@ timer= microsecond_interval_timer(); executing_query= 1; error= mysql_real_query_for_lazy(buffer->ptr(),buffer->length()); - report_progress_end(); #ifdef HAVE_READLINE if (status.add_to_history) @@ -3660,8 +3674,9 @@ goto end; } + report_progress_end(); if (verbose >= 3 || !opt_silent) - end_timer(timer, time_buff); + end_timer(timer, time_buff, sizeof(time_buff)); else time_buff[0]= '\0'; @@ -3697,9 +3712,9 @@ print_tab_data(result); else print_table_data(result); - sprintf(buff,"%ld %s in set", - (long) mysql_num_rows(result), - (long) mysql_num_rows(result) == 1 ? "row" : "rows"); + snprintf(buff, sizeof(buff), "%llu %s in set", + (unsigned long long) mysql_num_rows(result), + mysql_num_rows(result) == 1 ? "row" : "rows"); end_pager(); if (mysql_errno(&mysql)) { @@ -3712,9 +3727,9 @@ else if (mysql_affected_rows(&mysql) == ~(ulonglong) 0) strmov(buff,"Query OK"); else - sprintf(buff,"Query OK, %ld %s affected", - (long) mysql_affected_rows(&mysql), - (long) mysql_affected_rows(&mysql) == 1 ? "row" : "rows"); + snprintf(buff, sizeof(buff), "Query OK, %llu %s affected", + (unsigned long long) mysql_affected_rows(&mysql), + mysql_affected_rows(&mysql) == 1 ? "row" : "rows"); pos=strend(buff); if ((warnings= mysql_warning_count(&mysql))) @@ -3892,7 +3907,7 @@ ff2s_check_flag(ON_UPDATE_NOW); #undef ff2s_check_flag if (f) - sprintf(s, " unknows=0x%04x", f); + snprintf(s, sizeof(buf) - (size_t)(s - buf), " unknown=0x%04x", f); return buf; } @@ -3967,6 +3982,16 @@ tee_putc((int)' ', output_file); } +static inline MYSQL_ROW fetch_row(MYSQL_RES *result) +{ + MYSQL_ROW row = mysql_fetch_row(result); +#ifndef EMBEDDED_LIBRARY + if (last_progress_report_length) { + report_progress_end(); + } +#endif + return row; +} static void print_table_data(MYSQL_RES *result) @@ -4023,7 +4048,7 @@ tee_puts((char*) separator.ptr(), PAGER); } - while ((cur= mysql_fetch_row(result))) + while ((cur = fetch_row(result))) { if (interrupted_query) break; @@ -4195,7 +4220,7 @@ } (void) tee_fputs("", PAGER); } - while ((cur = mysql_fetch_row(result))) + while ((cur = fetch_row(result))) { if (interrupted_query) break; @@ -4231,7 +4256,7 @@ PAGER); fields = mysql_fetch_fields(result); - while ((cur = mysql_fetch_row(result))) + while ((cur = fetch_row(result))) { if (interrupted_query) break; @@ -4275,7 +4300,7 @@ } mysql_field_seek(result,0); - for (uint row_count=1; (cur= mysql_fetch_row(result)); row_count++) + for (uint row_count=1; (cur = fetch_row(result)); row_count++) { if (interrupted_query) break; @@ -4476,7 +4501,7 @@ } (void) tee_fputs("\n", PAGER); } - while ((cur = mysql_fetch_row(result))) + while ((cur = fetch_row(result))) { lengths=mysql_fetch_lengths(result); field= mysql_fetch_fields(result); @@ -4633,8 +4658,10 @@ strxmov(buff,editor," ",filename,NullS); if ((error= system(buff))) { - char errmsg[100]; - sprintf(errmsg, "Command '%.40s' failed", buff); +#define EDITOR_FAIL_MSG "Command '%.40s' failed" + char errmsg[sizeof(EDITOR_FAIL_MSG) - 1 + 40]; + snprintf(errmsg, sizeof(errmsg), EDITOR_FAIL_MSG, buff); +#undef EDITOR_FAIL_MSG put_info(errmsg, INFO_ERROR, 0, NullS); goto err; } @@ -4780,9 +4807,9 @@ if (connected) { - sprintf(buff,"Connection id: %lu",mysql_thread_id(&mysql)); + snprintf(buff, sizeof(buff), "Connection id: %lu",mysql_thread_id(&mysql)); put_info(buff,INFO_INFO); - sprintf(buff,"Current database: %.128s\n", + snprintf(buff, sizeof(buff), "Current database: %.128s\n", current_db ? current_db : "*** NONE ***"); put_info(buff,INFO_INFO); } @@ -5134,7 +5161,7 @@ if (safe_updates) { char init_command[100]; - sprintf(init_command, + snprintf(init_command, sizeof(init_command), "SET SQL_SAFE_UPDATES=1,SQL_SELECT_LIMIT=%lu,MAX_JOIN_SIZE=%lu", select_limit,max_join_size); mysql_options(&mysql, MYSQL_INIT_COMMAND, init_command); @@ -5330,7 +5357,7 @@ tee_fprintf(stdout, "%.*s\t\t\t", (int) (pos-status_str), status_str); if ((status_str= str2int(pos,10,0,LONG_MAX,(long*) &sec))) { - nice_time((double) sec,buff,0); + nice_time((double) sec,buff, sizeof(buff),0); tee_puts(buff, stdout); /* print nice time */ while (*status_str == ' ') status_str++; /* to next info */ @@ -5549,8 +5576,10 @@ len("4294967296 days, 23 hours, 59 minutes, 60.000 seconds") -> 53 */ -static void nice_time(double sec, char *buff, bool part_second) +static void nice_time(double sec, char *buff, size_t buff_size, + bool part_second) { + char *buff_end= buff + buff_size; ulong tmp; if (sec >= 3600.0*24) { @@ -5574,21 +5603,23 @@ buff=strmov(buff," min "); } if (part_second) - sprintf(buff,"%.3f sec",sec); + snprintf(buff, buff_end - buff, "%.3f sec", sec); else - sprintf(buff,"%d sec",(int) sec); + snprintf(buff, buff_end - buff, "%d sec", (int) sec); } -static void end_timer(ulonglong start_time, char *buff) +static void end_timer(ulonglong start_time, char *buff, size_t buff_size) { double sec; + if (buff_size < 4) + return; buff[0]=' '; buff[1]='('; sec= (microsecond_interval_timer() - start_time) / (double) (1000 * 1000); - nice_time(sec, buff + 2, 1); - strmov(strend(buff),")"); + nice_time(sec, buff + 2, buff_size - 2, 1); + snprintf(strend(buff), buff_size - (strend(buff) - buff), ")"); } static const char *construct_prompt() diff -Nru mariadb-11.8.6/client/mysql_upgrade.c mariadb-11.8.8/client/mysql_upgrade.c --- mariadb-11.8.6/client/mysql_upgrade.c 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysql_upgrade.c 2026-05-24 09:58:30.000000000 +0000 @@ -511,7 +511,7 @@ static void find_tool(char *tool_executable_name, const char *tool_name, const char *self_name) { - char *last_fn_libchar; + const char *last_fn_libchar; DYNAMIC_STRING ds_tmp; DBUG_ENTER("find_tool"); DBUG_PRINT("enter", ("progname: %s", my_progname)); diff -Nru mariadb-11.8.6/client/mysqladmin.cc mariadb-11.8.8/client/mysqladmin.cc --- mariadb-11.8.6/client/mysqladmin.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysqladmin.cc 2026-05-24 09:58:30.000000000 +0000 @@ -684,7 +684,7 @@ } if (maybe_disable_binlog(mysql)) return -1; - sprintf(buff,"create database `%.*s`",FN_REFLEN,argv[1]); + snprintf(buff, sizeof(buff), "create database `%.*s`",FN_REFLEN,argv[1]); if (mysql_query(mysql,buff)) { my_printf_error(0,"CREATE DATABASE failed; error: '%-.200s'", @@ -725,7 +725,7 @@ if (opt_shutdown_wait_for_slaves) { - sprintf(buff, "SHUTDOWN WAIT FOR ALL SLAVES"); + snprintf(buff, sizeof(buff), "SHUTDOWN WAIT FOR ALL SLAVES"); if (mysql_query(mysql, buff)) { my_printf_error(0, "%s failed; error: '%-.200s'", @@ -1128,7 +1128,7 @@ } else crypted_pw[0]=0; /* No password */ - sprintf(buff,"set password='%s',sql_log_off=0",crypted_pw); + snprintf(buff, sizeof(buff), "set password='%s',sql_log_off=0",crypted_pw); if (mysql_query(mysql,"set sql_log_off=1")) { @@ -1373,7 +1373,7 @@ return -1; } } - sprintf(name_buff,"drop database `%.*s`",FN_REFLEN,db); + snprintf(name_buff, sizeof(name_buff), "drop database `%.*s`",FN_REFLEN,db); if (mysql_query(mysql,name_buff)) { my_printf_error(0, "DROP DATABASE %s failed;\nerror: '%s'", error_flags, diff -Nru mariadb-11.8.6/client/mysqlbinlog.cc mariadb-11.8.8/client/mysqlbinlog.cc --- mariadb-11.8.6/client/mysqlbinlog.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysqlbinlog.cc 2026-05-24 09:58:30.000000000 +0000 @@ -313,13 +313,14 @@ @retval -1 Error (can't find new filename). @retval >=0 Found file. */ - File create_unique_file(char *filename, char *file_name_end) + File create_unique_file(char *filename, char *file_name_end, + size_t buf_remaining) { File res; /* If we have to try more than 1000 times, something is seriously wrong */ for (uint version= 0; version<1000; version++) { - sprintf(file_name_end,"-%x",version); + snprintf(file_name_end, buf_remaining, "-%x", version); if ((res= my_create(filename,0, O_CREAT|O_EXCL|O_BINARY|O_WRONLY,MYF(0)))!=-1) return res; @@ -441,9 +442,12 @@ ptr= fname + target_dir_name_len; memcpy(ptr,bname,blen); ptr+= blen; - ptr+= sprintf(ptr, "-%x", file_id); + //ptr points to fname (with the size = full_len) + target_dir_name_len + //so the rest of fname has size full_len - target_dir_name_len + ptr+= snprintf(ptr, full_len - target_dir_name_len, "-%x", file_id); - if ((file= create_unique_file(fname,ptr)) < 0) + if ((file= create_unique_file(fname, ptr, + full_len - (size_t) (ptr - fname))) < 0) { error("Could not construct local filename %s%s.", target_dir_name,bname); @@ -1225,8 +1229,7 @@ exit(1); } - memset(tmp_sql, 0, sizeof(tmp_sql)); - sprintf(tmp_sql, " " + snprintf(tmp_sql, sizeof(tmp_sql), " " "SELECT Group_concat(cols) " "FROM (SELECT 'op_type char(1)' cols " " UNION ALL " @@ -1272,13 +1275,11 @@ } else { - memset(tmp_sql, 0, sizeof(tmp_sql)); - sprintf(tmp_sql, "__%s", map->get_table_name()); + snprintf(tmp_sql, sizeof(tmp_sql), "__%s", map->get_table_name()); ev->set_flashback_review_tablename(tmp_sql); } - memset(tmp_sql, 0, sizeof(tmp_sql)); - tmp_sql_offset= sprintf(tmp_sql, "CREATE TABLE IF NOT EXISTS"); - tmp_sql_offset+= sprintf(tmp_sql + tmp_sql_offset, " `%s`.`%s` (%s) %s", + tmp_sql_offset= snprintf(tmp_sql, sizeof(tmp_sql), "CREATE TABLE IF NOT EXISTS"); + tmp_sql_offset+= snprintf(tmp_sql + tmp_sql_offset, sizeof(tmp_sql) - (uint) tmp_sql_offset, " `%s`.`%s` (%s) %s", ev->get_flashback_review_dbname(), ev->get_flashback_review_tablename(), row[0], @@ -1302,7 +1303,7 @@ else { memset(tmp_str, 0, sizeof(tmp_str)); - sprintf(tmp_str, "__%s", map->get_table_name()); + snprintf(tmp_str, sizeof(tmp_str), "__%s", map->get_table_name()); ev->set_flashback_review_tablename(tmp_str); } } @@ -2547,9 +2548,9 @@ char buf[256]; rpl_gtid *start_gtid= &start_gtids[gtid_idx]; - sprintf(buf, "%u-%u-%llu", - start_gtid->domain_id, start_gtid->server_id, - start_gtid->seq_no); + snprintf(buf, sizeof(buf), "%u-%u-%llu", + start_gtid->domain_id, start_gtid->server_id, + start_gtid->seq_no); query_str.append(buf, strlen(buf)); if (gtid_idx < n_start_gtids - 1) query_str.append(','); diff -Nru mariadb-11.8.6/client/mysqlcheck.c mariadb-11.8.8/client/mysqlcheck.c --- mariadb-11.8.6/client/mysqlcheck.c 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysqlcheck.c 2026-05-24 09:58:30.000000000 +0000 @@ -984,7 +984,7 @@ DBUG_ASSERT(strlen(op)+strlen(tables)+strlen(options)+8+1 <= query_size); /* No backticks here as we added them before */ - query_length= sprintf(query, "%s%s%s %s", op, + query_length= snprintf(query, query_size, "%s%s%s %s", op, tab_view, tables, options); table_name= tables; } @@ -1013,7 +1013,7 @@ print_result(); if (opt_flush_tables) { - query_length= sprintf(query, "FLUSH TABLES %s", table_name); + query_length= snprintf(query, query_size, "FLUSH TABLES %s", table_name); if (mysql_real_query(sock, query, (ulong)query_length)) { DBerror(sock, query); @@ -1073,7 +1073,7 @@ continue; } if (status && changed) - printf("%-50s %s", row[0], row[3]); + printf("%-50s %s\n", row[0], row[3]); else if (!status && changed) { /* @@ -1086,16 +1086,16 @@ */ if (!strcmp(row[2],"error") && strstr(row[3],"REPAIR ")) { - printf("%-50s %s", row[0], "Needs upgrade with REPAIR"); + printf("%-50s %s\n", row[0], "Needs upgrade with REPAIR"); array4repair= strstr(row[3], "VIEW") ? &views4repair : &tables4repair; } else if (!strcmp(row[2],"error") && strstr(row[3],"ALTER TABLE")) { - printf("%-50s %s", row[0], "Needs upgrade with ALTER TABLE FORCE"); + printf("%-50s %s\n", row[0], "Needs upgrade with ALTER TABLE FORCE"); array4repair= &tables4rebuild; } else - printf("%s\n%-9s: %s", row[0], row[2], row[3]); + printf("%s\n%-9s: %s\n", row[0], row[2], row[3]); if (strcmp(row[2],"note")) { found_error=1; @@ -1104,9 +1104,8 @@ } } else - printf("%-9s: %s", row[2], row[3]); + printf("%-9s: %s\n", row[2], row[3]); strmov(prev, row[0]); - putchar('\n'); } /* add the last table to be repaired to the list */ if (found_error && opt_auto_repair && what_to_do != DO_REPAIR) diff -Nru mariadb-11.8.6/client/mysqldump.cc mariadb-11.8.8/client/mysqldump.cc --- mariadb-11.8.6/client/mysqldump.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysqldump.cc 2026-05-24 09:58:30.000000000 +0000 @@ -134,6 +134,8 @@ opt_alltspcs=0, opt_notspcs= 0, opt_logging, opt_header=0, opt_update_history= 0, opt_drop_trigger= 0, opt_dump_history= 0; +static my_bool opt_galera_info= 0; + #define OPT_SYSTEM_ALL 1 #define OPT_SYSTEM_USERS 2 #define OPT_SYSTEM_PLUGINS 4 @@ -620,6 +622,9 @@ {"default_auth", 0, "Default authentication client-side plugin to use.", &opt_default_auth, &opt_default_auth, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"galera-info", 0, "Include galera info at the end of dump.", + &opt_galera_info, &opt_galera_info, 0, GET_BOOL, + NO_ARG, 0, 0, 0, 0, 0, 0}, {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0} }; @@ -673,6 +678,7 @@ return my_strcasecmp_latin1(a, b); } +static int dump_galera_info(MYSQL *mysql_con); /* Print the supplied message if in verbose mode @@ -872,7 +878,7 @@ if (opt_dump_date) { char time_str[20]; - get_date(time_str, GETDATE_DATE_TIME, 0); + get_date(time_str, sizeof(time_str), GETDATE_DATE_TIME, 0); print_comment(sql_file, 0, "-- Dump completed on %s\n", time_str); } else @@ -2812,7 +2818,7 @@ C_STRING_WITH_LEN(" EVENT")); fprintf(sql_file, - "/*!50106 %s */ %s\n", + "/*!50106 %s \n*/ %s\n", (const char *) (query_str != NULL ? query_str : row[3]), (const char *) delimiter); @@ -3038,7 +3044,8 @@ fprintf(sql_file, "DELIMITER ;;\n" - "%s ;;\n" + "%s\n" + ";;\n" "DELIMITER ;\n", (const char *) row[2]); @@ -3415,13 +3422,13 @@ The actual column value doesn't matter anyway, since the view will be dropped at run time. */ - fprintf(sql_file, " 1 AS %s", + fprintf(sql_file, " NULL AS %s", quote_name(row[0], name_buff, 0)); while((row= mysql_fetch_row(result))) { /* col name, col type */ - fprintf(sql_file, ",\n 1 AS %s", + fprintf(sql_file, ",\n NULL AS %s", quote_name(row[0], name_buff, 0)); } @@ -3976,7 +3983,7 @@ C_STRING_WITH_LEN(" TRIGGER")); fprintf(sql_file, "DELIMITER ;;\n" - "/*!50003 %s */;;\n" + "/*!50003 %s \n*/;;\n" "DELIMITER ;\n", (const char *) (query_str != NULL ? query_str : row[2])); @@ -6358,7 +6365,8 @@ static int do_show_master_status(MYSQL *mysql_con, int consistent_binlog_pos, int have_mariadb_gtid, int use_gtid, - char *set_gtid_pos) + char *set_gtid_pos, + size_t set_gtid_pos_size) { MYSQL_ROW row; MYSQL_RES *UNINIT_VAR(master); @@ -6433,8 +6441,8 @@ "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); } - sprintf(set_gtid_pos, fmt_gtid_pos, - (!use_gtid ? "-- " : comment_prefix), gtid_pos); + snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos, + (!use_gtid ? "-- " : comment_prefix), gtid_pos); } /* SHOW MASTER STATUS reports file and position */ @@ -6485,7 +6493,7 @@ { char query[160]; if (multi_source) - sprintf(query, "STOP SLAVE '%.80s' SQL_THREAD", row[0]); + snprintf(query, sizeof(query), "STOP SLAVE '%.80s' SQL_THREAD", row[0]); else strmov(query, "STOP SLAVE SQL_THREAD"); @@ -6524,7 +6532,8 @@ } static int do_show_slave_status(MYSQL *mysql_con, int have_mariadb_gtid, - int use_gtid, char* set_gtid_pos) + int use_gtid, char *set_gtid_pos, + size_t set_gtid_pos_size) { MYSQL_RES *UNINIT_VAR(slave); MYSQL_ROW row; @@ -6569,7 +6578,8 @@ "\n-- A corresponding to the below dump-slave " "CHANGE-MASTER settings to the slave gtid state is printed " "later in the file.\n"); - sprintf(set_gtid_pos, fmt_gtid_pos, gtid_comment_prefix, gtid_pos); + snprintf(set_gtid_pos, set_gtid_pos_size, fmt_gtid_pos, + gtid_comment_prefix, gtid_pos); } if (use_gtid) print_comment(md_result_file, 0, @@ -6645,7 +6655,7 @@ { char query[160]; if (multi_source) - sprintf(query, "START SLAVE '%.80s' SQL_THREAD", row[0]); + snprintf(query, sizeof(query), "START SLAVE '%.80s' SQL_THREAD", row[0]); else strmov(query, "START SLAVE SQL_THREAD"); @@ -7575,11 +7585,15 @@ if (opt_master_data && do_show_master_status(mysql, consistent_binlog_pos, have_mariadb_gtid, - opt_use_gtid, master_set_gtid_pos)) + opt_use_gtid, + master_set_gtid_pos, + sizeof(master_set_gtid_pos))) goto err; if (opt_slave_data && do_show_slave_status(mysql, have_mariadb_gtid, - opt_use_gtid, slave_set_gtid_pos)) + opt_use_gtid, + slave_set_gtid_pos, + sizeof(slave_set_gtid_pos))) goto err; if (opt_single_transaction && do_unlock_tables(mysql)) /* unlock but no commit! */ goto err; @@ -7652,6 +7666,8 @@ if (opt_slave_data && slave_set_gtid_pos[0]) do_print_set_gtid_slave_pos(slave_set_gtid_pos, FALSE); + if (opt_galera_info && dump_galera_info(mysql)) goto err; + /* add 'START SLAVE' to end of dump */ if (opt_slave_apply && add_slave_statements()) goto err; @@ -7691,3 +7707,46 @@ return(first_error); } /* main */ + +static int dump_galera_info(MYSQL *mysql_con) +{ + MYSQL_RES *wsrep_on_res; + MYSQL_ROW wsrep_on_row; + my_bool wsrep_on = FALSE; + char *wsrep_on_val = NULL; + + // Galera information exists only if this node is part of cluster + if (mysql_query_with_error_report(mysql_con, &wsrep_on_res, + "SHOW VARIABLES LIKE 'wsrep_on'")) + return 1; + + wsrep_on_row = mysql_fetch_row(wsrep_on_res); + wsrep_on_val = wsrep_on_row ? (char *)wsrep_on_row[1] : NULL; + wsrep_on = (wsrep_on_val && strcmp(wsrep_on_val, "OFF")) ? TRUE : FALSE; + mysql_free_result(wsrep_on_res); + + if (wsrep_on) + { + MYSQL_RES *wsrep_checkpoint_res; + MYSQL_ROW wsrep_checkpoint_row; + char *wsrep_checkpoint_val = NULL; + + if (mysql_query_with_error_report(mysql_con, &wsrep_checkpoint_res, + "SHOW STATUS LIKE 'wsrep_checkpoint_position'")) + return 1; + + wsrep_checkpoint_row = mysql_fetch_row(wsrep_checkpoint_res); + wsrep_checkpoint_val = wsrep_checkpoint_row ? (char *)wsrep_checkpoint_row[1] : NULL; + + if (wsrep_checkpoint_val) + { + fprintf(md_result_file, + "SET GLOBAL wsrep_start_position = '%s';\n", + wsrep_checkpoint_val); + + } + mysql_free_result(wsrep_checkpoint_res); + } + + return 0; +} diff -Nru mariadb-11.8.6/client/mysqltest.cc mariadb-11.8.8/client/mysqltest.cc --- mariadb-11.8.6/client/mysqltest.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/client/mysqltest.cc 2026-05-24 09:58:30.000000000 +0000 @@ -1543,12 +1543,12 @@ } else { - if (!(v= var_get(p, &p, 0, 0))) + if (!(v= var_get(p, &p, 0, 0)) || !v->str_val) { report_or_die( "Bad variable in eval"); DBUG_VOID_RETURN; } - dynstr_append_mem(query_eval, v->str_val, v->str_val_len); + dynstr_append_mem(query_eval, v->str_val, v->str_val_len); } break; case '\\': @@ -2157,15 +2157,16 @@ SYNOPSIS cat_file ds - pointer to dynamic string where to add the files content - filename - name of the file to read - + filename - name of the file to read + max_lines - number of lines to print. 0 == all */ -int cat_file(DYNAMIC_STRING* ds, const char* filename) +int cat_file(DYNAMIC_STRING* ds, const char* filename, uint max_lines) { int fd; size_t len; char *buff; + uint line= 0; // Enough for mtr if ((fd= my_open(filename, O_RDONLY, MYF(0))) < 0) return 1; @@ -2182,28 +2183,35 @@ len= my_read(fd, (uchar*)buff, len, MYF(0)); my_close(fd, MYF(0)); + if (!max_lines) + max_lines= 10000; // Enough for mtr + + char *p= buff, *start= buff, *end=buff+len; + while (p < end && line < max_lines) { - char *p= buff, *start= buff,*end=buff+len; - while (p < end) + /* Convert cr/lf to lf */ + if (*p == '\r' && p+1 < end && *(p+1)== '\n') { - /* Convert cr/lf to lf */ - if (*p == '\r' && p+1 < end && *(p+1)== '\n') - { - /* Add fake newline instead of cr and output the line */ - *p= '\n'; - p++; /* Step past the "fake" newline */ - *p= 0; - replace_dynstr_append_mem(ds, start, p-start); - p++; /* Step past the "fake" newline */ - start= p; - } - else - p++; + /* Add fake newline instead of cr and output the line */ + *p= '\n'; + p++; /* Step past the "fake" newline */ + *p= 0; + replace_dynstr_append_mem(ds, start, p-start); + p++; /* Step past the "fake" newline */ + start= p; + line++; + } + else + { + if (*p == '\n') + line++; + p++; } - /* Output any chars that migh be left */ - *p= 0; - replace_dynstr_append_mem(ds, start, p-start); } + /* Output any chars that migh be left */ + *p= 0; + replace_dynstr_append_mem(ds, start, p-start); + my_free(buff); return 0; } @@ -2450,11 +2458,11 @@ dynstr_append_mem(&ds_tmp, STRING_WITH_LEN(" --- ")); dynstr_append_mem(&ds_tmp, filename1, strlen(filename1)); dynstr_append_mem(&ds_tmp, STRING_WITH_LEN(" >>>\n")); - cat_file(&ds_tmp, filename1); + cat_file(&ds_tmp, filename1, 0); dynstr_append_mem(&ds_tmp, STRING_WITH_LEN("<<<\n --- ")); dynstr_append_mem(&ds_tmp, filename1, strlen(filename1)); dynstr_append_mem(&ds_tmp, STRING_WITH_LEN(" >>>\n")); - cat_file(&ds_tmp, filename2); + cat_file(&ds_tmp, filename2, 0); dynstr_append_mem(&ds_tmp, STRING_WITH_LEN("<<<<\n")); } @@ -2920,7 +2928,7 @@ if (!raw && v->int_dirty) { - sprintf(v->str_val, "%d", v->int_val); + snprintf(v->str_val, v->alloced_len, "%d", v->int_val); v->int_dirty= false; v->str_val_len = strlen(v->str_val); } @@ -2982,7 +2990,7 @@ { if (v->int_dirty) { - sprintf(v->str_val, "%d", v->int_val); + snprintf(v->str_val, v->alloced_len, "%d", v->int_val); v->int_dirty=false; v->str_val_len= strlen(v->str_val); } @@ -4851,9 +4859,11 @@ void do_cat_file(struct st_command *command) { int error; - static DYNAMIC_STRING ds_filename; + static DYNAMIC_STRING ds_filename, ds_lines; + uint lines= 0; const struct command_arg cat_file_args[] = { - { "filename", ARG_STRING, TRUE, &ds_filename, "File to read from" } + { "filename", ARG_STRING, TRUE, &ds_filename, "File to read from" }, + { "lines", ARG_STRING, FALSE, &ds_lines, "Number of lines to print"} }; DBUG_ENTER("do_cat_file"); @@ -4865,9 +4875,13 @@ DBUG_PRINT("info", ("Reading from, file: %s", ds_filename.str)); - error= cat_file(&ds_res, ds_filename.str); + if (ds_lines.length) + lines= atoi(ds_lines.str); + + error= cat_file(&ds_res, ds_filename.str, lines); handle_command_error(command, error, my_errno); dynstr_free(&ds_filename); + dynstr_free(&ds_lines); DBUG_VOID_RETURN; } @@ -5259,7 +5273,8 @@ if (!master_pos.file[0]) die("Calling 'sync_with_master' without calling 'save_master_pos'"); - sprintf(query_buf, "select master_pos_wait('%s', %ld, %d, '%s')", + snprintf(query_buf, sizeof(query_buf), + "select master_pos_wait('%s', %ld, %d, '%s')", master_pos.file, master_pos.pos + offset, timeout, connection_name); @@ -6156,9 +6171,9 @@ size_t b_len= b.length(); // Skip leading whitespace - while (a_len > 0 && isspace(*a_ptr)) + while (a_len > 0 && my_isspace(charset_info, *a_ptr)) a_ptr++, a_len--; - while (b_len > 0 && isspace(*b_ptr)) + while (b_len > 0 && my_isspace(charset_info, *b_ptr)) b_ptr++, b_len--; // Handle empty strings (treat as 0) @@ -6180,8 +6195,8 @@ // Find actual numeric length (digits only) size_t a_digits= 0, b_digits= 0; - for (size_t i= 0; i < a_len && isdigit(a_ptr[i]); i++) a_digits++; - for (size_t i= 0; i < b_len && isdigit(b_ptr[i]); i++) b_digits++; + for (size_t i= 0; i < a_len && my_isdigit(charset_info, a_ptr[i]); i++) a_digits++; + for (size_t i= 0; i < b_len && my_isdigit(charset_info, b_ptr[i]); i++) b_digits++; // Handle zero cases after removing leading zeros bool a_is_zero= (a_digits == 0); @@ -6244,7 +6259,7 @@ if (!args[0].is_numeric) die("abs() requires numeric argument"); - result->set_int(abs(args[0].to_int())); + result->set_int(llabs(args[0].to_int())); } @@ -9282,8 +9297,9 @@ /* Parse and evaluate test expression */ expr_start= strchr(p, '('); - if (!expr_start++) + if (!expr_start) die("missing '(' in %s", cmd_name); + expr_start++; while (my_isspace(charset_info, *expr_start)) expr_start++; @@ -10870,7 +10886,7 @@ const char *info) { char buf[40], buff2[21]; - size_t len= sprintf(buf,"affected rows: %s\n", llstr(affected_rows, buff2)); + size_t len= snprintf(buf, sizeof(buf), "affected rows: %s\n", llstr(affected_rows, buff2)); dynstr_append_mem(ds, buf, len); if (info) { @@ -13281,7 +13297,7 @@ case Q_DIFF_FILES: do_diff_files(command); break; case Q_SEND_QUIT: do_send_quit(command); break; case Q_CHANGE_USER: do_change_user(command); break; - case Q_CAT_FILE: do_cat_file(command); break; + case Q_CAT_FILE: do_cat_file(command); command_executed++; break; case Q_COPY_FILE: do_copy_file(command); break; case Q_MOVE_FILE: do_move_file(command); break; case Q_CHMOD_FILE: do_chmod_file(command); break; diff -Nru mariadb-11.8.6/cmake/build_configurations/mysql_release.cmake mariadb-11.8.8/cmake/build_configurations/mysql_release.cmake --- mariadb-11.8.6/cmake/build_configurations/mysql_release.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/build_configurations/mysql_release.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -171,152 +171,3 @@ ENDIF() ENDIF() ENDIF() - -# Compiler options -IF(UNIX) - - # Default GCC flags - IF(CMAKE_C_COMPILER_ID STREQUAL "GNU") - SET(COMMON_C_FLAGS "-g -fno-omit-frame-pointer -fno-strict-aliasing -Wno-uninitialized") - STRING(APPEND CMAKE_C_FLAGS_DEBUG " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " ${COMMON_C_FLAGS}") - # MariaDB uses -O3 for release builds - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}") - ENDIF() - IF(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - SET(COMMON_CXX_FLAGS "-g -fno-omit-frame-pointer -fno-strict-aliasing -Wno-uninitialized") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " ${COMMON_CXX_FLAGS}") - # MariaDB uses -O3 for release builds - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}") - ENDIF() - - # IBM Z flags - IF(CMAKE_SYSTEM_PROCESSOR MATCHES "s390x") - IF(RPM MATCHES "(rhel|centos)6" OR RPM MATCHES "(suse|sles)11") - SET(z_flags "-funroll-loops -march=z9-109 -mtune=z10") - ELSEIF(RPM MATCHES "(rhel|centos)7" OR RPM MATCHES "(suse|sles)12") - SET(z_flags "-funroll-loops -march=z196 -mtune=zEC12") - ELSE() - SET(z_flags "") - ENDIF() - - IF(CMAKE_C_COMPILER_ID STREQUAL "GNU") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " ${z_flags}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " ${z_flags}") - ENDIF() - IF(CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " ${z_flags}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " ${z_flags}") - ENDIF() - UNSET(z_flags) - ENDIF() - - # HPUX flags - IF(CMAKE_SYSTEM_NAME MATCHES "HP-UX") - IF(CMAKE_C_COMPILER_ID MATCHES "HP") - IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ia64") - SET(COMMON_C_FLAGS "+DSitanium2 -mt -AC99") - SET(COMMON_CXX_FLAGS "+DSitanium2 -mt -Aa") - STRING(APPEND CMAKE_C_FLAGS_DEBUG " +O0 -g ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " +O0 -g ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " +O0 -g ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " +O0 -g ${COMMON_CXX_FLAGS}") - # We have seen compiler bugs with optimisation and -g, so disabled for now - STRING(APPEND CMAKE_C_FLAGS_RELEASE " +O2 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " +O2 ${COMMON_CXX_FLAGS}") - ENDIF() - ENDIF() - SET(WITH_SSL no) - ENDIF() - - # Linux flags - IF(CMAKE_SYSTEM_NAME MATCHES "Linux") - IF(CMAKE_C_COMPILER_ID MATCHES "Intel") - SET(COMMON_C_FLAGS "-static-intel -static-libgcc -g -mp -restrict") - SET(COMMON_CXX_FLAGS "-static-intel -static-libgcc -g -mp -restrict -fno-exceptions") - IF(CMAKE_SYSTEM_PROCESSOR MATCHES "ia64") - SET(COMMON_C_FLAGS "${COMMON_C_FLAGS} -no-ftz -no-prefetch") - SET(COMMON_CXX_FLAGS "${COMMON_CXX_FLAGS} -no-ftz -no-prefetch") - ENDIF() - STRING(APPEND CMAKE_C_FLAGS_DEBUG " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " -unroll2 -ip ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " -unroll2 -ip ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " -unroll2 -ip ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " -unroll2 -ip ${COMMON_CXX_FLAGS}") - - # MariaDB uses -O3 for release builds. - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}") - SET(WITH_SSL no) - ENDIF() - ENDIF() - - # Default Clang flags - IF(CMAKE_C_COMPILER_ID MATCHES "Clang") - SET(COMMON_C_FLAGS "-g -fno-omit-frame-pointer -fno-strict-aliasing -Wno-parentheses-equality -Wno-string-plus-int") - STRING(APPEND CMAKE_C_FLAGS_DEBUG " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " ${COMMON_C_FLAGS}") - # MariaDB uses -O3 for release builds. - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO}") - ENDIF() - IF(CMAKE_CXX_COMPILER_ID MATCHES "Clang") - SET(COMMON_CXX_FLAGS "-g -fno-omit-frame-pointer -fno-strict-aliasing -Wno-parentheses-equality -Wno-string-plus-int") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " ${COMMON_CXX_FLAGS}") - # MariaDB uses -O3 for release builds. - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}") - STRING(REGEX REPLACE "-O2" "-O3" CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO}") - ENDIF() - - # Solaris flags - IF(CMAKE_SYSTEM_NAME MATCHES "SunOS") - IF(CMAKE_SYSTEM_VERSION VERSION_GREATER "5.9") - # Link mysqld with mtmalloc on Solaris 10 and later - SET(WITH_MYSQLD_LDFLAGS "-lmtmalloc" CACHE STRING "") - ENDIF() - IF(CMAKE_C_COMPILER_ID MATCHES "SunPro") - IF(CMAKE_SYSTEM_PROCESSOR MATCHES "i386") - SET(COMMON_C_FLAGS "-g -mt -fsimple=1 -ftrap=%none -nofstore -xbuiltin=%all -xlibmil -xlibmopt -xtarget=generic") - SET(COMMON_CXX_FLAGS "-g0 -mt -fsimple=1 -ftrap=%none -nofstore -xbuiltin=%all -features=no%except -xlibmil -xlibmopt -xtarget=generic") - STRING(APPEND CMAKE_C_FLAGS_DEBUG " -xO1 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " -xO1 ${COMMON_CXX_FLAGS}") - IF(32BIT) - STRING(APPEND CMAKE_C_FLAGS_RELEASE " -xO2 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " -xO2 ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " -xO2 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " -xO2 ${COMMON_CXX_FLAGS}") - ELSEIF(64BIT) - STRING(APPEND CMAKE_C_FLAGS_RELEASE " -xO3 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " -xO3 ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " -xO3 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " -xO3 ${COMMON_CXX_FLAGS}") - ENDIF() - ELSE() - # Assume !x86 is SPARC - SET(COMMON_C_FLAGS "-g -Xa -xstrconst -mt") - SET(COMMON_CXX_FLAGS "-g0 -noex -mt") - IF(32BIT) - STRING(APPEND COMMON_C_FLAGS " -xarch=sparc") - STRING(APPEND COMMON_CXX_FLAGS " -xarch=sparc") - ENDIF() - STRING(APPEND CMAKE_C_FLAGS_DEBUG " ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_DEBUG " ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELEASE " -xO3 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELEASE " -xO3 ${COMMON_CXX_FLAGS}") - STRING(APPEND CMAKE_C_FLAGS_RELWITHDEBINFO " -xO3 ${COMMON_C_FLAGS}") - STRING(APPEND CMAKE_CXX_FLAGS_RELWITHDEBINFO " -xO3 ${COMMON_CXX_FLAGS}") - ENDIF() - ENDIF() - ENDIF() -ENDIF() diff -Nru mariadb-11.8.6/cmake/cpack_rpm.cmake mariadb-11.8.8/cmake/cpack_rpm.cmake --- mariadb-11.8.6/cmake/cpack_rpm.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/cpack_rpm.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -229,10 +229,6 @@ SETA(CPACK_RPM_common_PACKAGE_CONFLICTS "MariaDB-server < 10.6.1") -SETA(CPACK_RPM_common_PACKAGE_OBSOLETES - "mysql-common") -SETA(CPACK_RPM_common_PACKAGE_PROVIDES - "mysql-common") SETA(CPACK_RPM_devel_PACKAGE_OBSOLETES "MySQL-devel") diff -Nru mariadb-11.8.6/cmake/libutils.cmake mariadb-11.8.8/cmake/libutils.cmake --- mariadb-11.8.6/cmake/libutils.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/libutils.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -212,11 +212,7 @@ ELSE() # Generic Unix, Cygwin or MinGW. In post-build step, call # script, that uses a MRI script to append static archives. - IF(CMAKE_VERSION VERSION_LESS "3.0") - SET(MRI_SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/${TARGET}.mri") - ELSE() - SET(MRI_SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/${TARGET}-$.mri") - ENDIF() + SET(MRI_SCRIPT "${CMAKE_CURRENT_BINARY_DIR}/${TARGET}.mri") SET(MRI_SCRIPT_TPL "${MRI_SCRIPT}.tpl") SET(SCRIPT_CONTENTS "CREATE $\n") diff -Nru mariadb-11.8.6/cmake/make_dist.cmake.in mariadb-11.8.8/cmake/make_dist.cmake.in --- mariadb-11.8.6/cmake/make_dist.cmake.in 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/make_dist.cmake.in 2026-05-24 09:58:30.000000000 +0000 @@ -46,30 +46,13 @@ WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} RESULT_VARIABLE RESULT ) - IF(NOT RESULT EQUAL 0) - SET(GIT_EXECUTABLE) - ENDIF() - EXECUTE_PROCESS( - COMMAND "${GIT_EXECUTABLE}" submodule foreach "${GIT_EXECUTABLE} checkout-index --all --prefix=${PACKAGE_DIR}/$path/" - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} - RESULT_VARIABLE RESULT - ) - IF(NOT RESULT EQUAL 0) - SET(GIT_EXECUTABLE) + IF(RESULT EQUAL 0) + EXECUTE_PROCESS( + COMMAND "${GIT_EXECUTABLE}" submodule foreach --recursive "${GIT_EXECUTABLE} checkout-index --all --prefix=${PACKAGE_DIR}/$displaypath/" + WORKING_DIRECTORY ${CMAKE_SOURCE_DIR} + RESULT_VARIABLE RESULT + ) ENDIF() - EXECUTE_PROCESS( - COMMAND "${GIT_EXECUTABLE}" submodule foreach "${GIT_EXECUTABLE} checkout-index --all --prefix=${PACKAGE_DIR}/wsrep-lib/$path/" - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/wsrep-lib - RESULT_VARIABLE RESULT - ) - IF(NOT RESULT EQUAL 0) - SET(GIT_EXECUTABLE) - ENDIF() - EXECUTE_PROCESS( - COMMAND "${GIT_EXECUTABLE}" submodule foreach "${GIT_EXECUTABLE} checkout-index --all --prefix=${PACKAGE_DIR}/storage/columnstore/columnstore/$path/" - WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}/storage/columnstore/columnstore - RESULT_VARIABLE RESULT - ) IF(NOT RESULT EQUAL 0) SET(GIT_EXECUTABLE) ENDIF() diff -Nru mariadb-11.8.6/cmake/os/Windows.cmake mariadb-11.8.8/cmake/os/Windows.cmake --- mariadb-11.8.6/cmake/os/Windows.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/os/Windows.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -221,5 +221,3 @@ # this is out of place, not really a system check set(FN_NO_CASE_SENSE 1) set(USE_SYMDIR 1) -set(HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT 1) - diff -Nru mariadb-11.8.6/cmake/pcre.cmake mariadb-11.8.8/cmake/pcre.cmake --- mariadb-11.8.6/cmake/pcre.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/pcre.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -94,8 +94,13 @@ PKG_CHECK_MODULES(PCRE libpcre2-8) # in case pkg-config or libpcre2-8.pc is not installed: CHECK_LIBRARY_EXISTS(pcre2-8 pcre2_match_8 "${PCRE_LIBRARY_DIRS}" HAVE_PCRE2_MATCH_8) + find_path(PCRE2_INCLUDE_DIR NAMES pcre2.h) + MESSAGE_ONCE(PCRE2_H "Looking for include file pcre2.h: ${PCRE2_INCLUDE_DIR}") + IF (PCRE2_INCLUDE_DIR) + SET(PCRE_INCLUDE_DIRS ${PCRE2_INCLUDE_DIR}) + ENDIF() ENDIF() - IF(NOT HAVE_PCRE2_MATCH_8 OR WITH_PCRE STREQUAL "bundled") + IF(NOT HAVE_PCRE2_MATCH_8 OR NOT PCRE_INCLUDE_DIRS OR WITH_PCRE STREQUAL "bundled") IF (WITH_PCRE STREQUAL "system") MESSAGE(FATAL_ERROR "system pcre2-8 library is not found or unusable") ENDIF() diff -Nru mariadb-11.8.6/cmake/plugin.cmake mariadb-11.8.8/cmake/plugin.cmake --- mariadb-11.8.6/cmake/plugin.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/cmake/plugin.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -108,6 +108,17 @@ MESSAGE(FATAL_ERROR "Invalid value for PLUGIN_${plugin}") ENDIF() + # Validate that the requested build mode is compatible with what the + # plugin actually supports. STATIC_ONLY plugins cannot be built as + # dynamic modules, and MODULE_ONLY plugins cannot be linked statically. + IF(PLUGIN_${plugin} STREQUAL "DYNAMIC" AND ARG_STATIC_ONLY) + MESSAGE(FATAL_ERROR "Plugin ${plugin} is STATIC_ONLY and cannot be built" + " with -DPLUGIN_${plugin}=DYNAMIC. Remove this option or use STATIC.") + ELSEIF(PLUGIN_${plugin} STREQUAL "STATIC" AND ARG_MODULE_ONLY) + MESSAGE(FATAL_ERROR "Plugin ${plugin} is MODULE_ONLY and cannot be built" + " with -DPLUGIN_${plugin}=STATIC. Remove this option or use DYNAMIC.") + ENDIF() + IF(ARG_STORAGE_ENGINE) SET(with_var "WITH_${plugin}_STORAGE_ENGINE" ) ELSE() @@ -289,6 +300,11 @@ IF(ARG_CONFIG AND INSTALL_SYSCONF2DIR) INSTALL(FILES ${ARG_CONFIG} COMPONENT ${ARG_COMPONENT} DESTINATION ${INSTALL_SYSCONF2DIR}) ENDIF() + IF(NOT ARG_CLIENT) + GET_PROPERTY(my_list GLOBAL PROPERTY SERVER_DYNAMIC_PLUGINS) + LIST(APPEND my_list ${target}) + SET_PROPERTY(GLOBAL PROPERTY SERVER_DYNAMIC_PLUGINS "${my_list}") + ENDIF() ENDIF() GET_FILENAME_COMPONENT(subpath ${CMAKE_CURRENT_SOURCE_DIR} NAME) diff -Nru mariadb-11.8.6/cmake/submodule_info.cmake mariadb-11.8.8/cmake/submodule_info.cmake --- mariadb-11.8.6/cmake/submodule_info.cmake 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/cmake/submodule_info.cmake 2026-05-24 09:58:35.000000000 +0000 @@ -1,20 +1,20 @@ -SET(extra/wolfssl/wolfssl_TAG v5.8.4-stable) -SET(extra/wolfssl/wolfssl_REVISION 59f4fa568) +SET(extra/wolfssl/wolfssl_TAG v5.9.1-stable) +SET(extra/wolfssl/wolfssl_REVISION 1d363f3ad) SET(extra/wolfssl/wolfssl_URL https://github.com/wolfSSL/wolfssl.git) -SET(libmariadb_TAG no-tag) -SET(libmariadb_REVISION 7bb4e6cd) +SET(libmariadb_TAG v3.4.9) +SET(libmariadb_REVISION 64e9fe09) SET(libmariadb_URL https://github.com/MariaDB/mariadb-connector-c.git) SET(libmariadb/docs_TAG no-tag) SET(libmariadb/docs_REVISION 7e12bce) SET(libmariadb/docs_URL https://github.com/mariadb-corporation/mariadb-connector-c.wiki.git) SET(storage/columnstore/columnstore_TAG no-tag) -SET(storage/columnstore/columnstore_REVISION df0dc3630) +SET(storage/columnstore/columnstore_REVISION 962e861c6) SET(storage/columnstore/columnstore_URL https://github.com/mariadb-corporation/mariadb-columnstore-engine.git) SET(storage/columnstore/columnstore/utils/libmarias3/libmarias3_TAG no-tag) -SET(storage/columnstore/columnstore/utils/libmarias3/libmarias3_REVISION d9cb536) +SET(storage/columnstore/columnstore/utils/libmarias3/libmarias3_REVISION f74150b) SET(storage/columnstore/columnstore/utils/libmarias3/libmarias3_URL https://github.com/mariadb-corporation/libmarias3.git) SET(storage/maria/libmarias3_TAG no-tag) -SET(storage/maria/libmarias3_REVISION 0d5babb) +SET(storage/maria/libmarias3_REVISION 0e0df5e) SET(storage/maria/libmarias3_URL https://github.com/mariadb-corporation/libmarias3.git) SET(storage/rocksdb/rocksdb_TAG no-tag) SET(storage/rocksdb/rocksdb_REVISION 79f08d7ff) @@ -27,5 +27,5 @@ SET(wsrep-lib/wsrep-API/v26_URL https://github.com/codership/wsrep-API.git) SET(ALL_SUBMODULES "extra/wolfssl/wolfssl;libmariadb;libmariadb/docs;storage/columnstore/columnstore;storage/columnstore/columnstore/utils/libmarias3/libmarias3;storage/maria/libmarias3;storage/rocksdb/rocksdb;wsrep-lib;wsrep-lib/wsrep-API/v26") SET(GIT_REMOTE_ORIGIN_URL "https://github.com/MariaDB/server") -SET(GIT_REV_SHORT "9bfea48c") +SET(GIT_REV_SHORT "46a8eb42") diff -Nru mariadb-11.8.6/config.h.cmake mariadb-11.8.8/config.h.cmake --- mariadb-11.8.6/config.h.cmake 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/config.h.cmake 2026-05-24 09:58:30.000000000 +0000 @@ -446,11 +446,6 @@ /* This should mean case insensitive file system */ #cmakedefine FN_NO_CASE_SENSE 1 -/* Whether an anonymous private mapping is unaccessible after -madvise(MADV_DONTNEED) or madvise(MADV_FREE) or similar has been invoked; -this is the case with Microsoft Windows VirtualFree(MEM_DECOMMIT) */ -#cmakedefine HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT 1 - #cmakedefine HAVE_CHARSET_armscii8 1 #cmakedefine HAVE_CHARSET_ascii 1 #cmakedefine HAVE_CHARSET_big5 1 diff -Nru mariadb-11.8.6/dbug/dbug.c mariadb-11.8.8/dbug/dbug.c --- mariadb-11.8.6/dbug/dbug.c 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/dbug/dbug.c 2026-05-24 09:58:30.000000000 +0000 @@ -221,6 +221,9 @@ static struct settings init_settings; static const char *db_process= 0;/* Pointer to process name; argv[0] */ my_bool _dbug_on_= TRUE; /* FALSE if no debugging at all */ +static char * command_line= 0; /* copy of controls */ +#define FREE_COMMAND_LINE do{ free(command_line); command_line= 0; }while(0) + typedef struct _db_code_state_ { const char *process; /* Pointer to process name; usually argv[0] */ @@ -900,10 +903,17 @@ void _db_set_init_(const char *control) { CODE_STATE tmp_cs; + FREE_COMMAND_LINE; + command_line= strdup(control); + if (unlikely(!command_line)) + { + /* We can not return error so just return */ + return; + } bzero((uchar*) &tmp_cs, sizeof(tmp_cs)); tmp_cs.stack= &init_settings; tmp_cs.process= db_process ? db_process : "dbug"; - DbugParse(&tmp_cs, control); + DbugParse(&tmp_cs, command_line); } /* @@ -1689,6 +1699,8 @@ pthread_mutex_destroy(&THR_LOCK_dbug); init_done= 0; _dbug_on_= 0; + /* see Writable() */ + FREE_COMMAND_LINE; } @@ -2159,7 +2171,11 @@ } else { - lastslash= strrchr(pathname, '/'); + /* + It is safe because we made duplicate of the string + in _db_set_init_() and freed in _db_end_() + */ + lastslash= (char *)strrchr(pathname, '/'); if (lastslash != NULL) *lastslash= '\0'; else diff -Nru mariadb-11.8.6/debian/additions/debian-start mariadb-11.8.8/debian/additions/debian-start --- mariadb-11.8.6/debian/additions/debian-start 2026-03-02 10:03:47.000000000 +0000 +++ mariadb-11.8.8/debian/additions/debian-start 2026-06-26 13:13:13.000000000 +0000 @@ -22,20 +22,18 @@ . /etc/default/mariadb fi +# Variable used in check_root_accounts() +# shellcheck disable=SC2034 MARIADB="/usr/bin/mariadb --defaults-extra-file=/etc/mysql/debian.cnf" -MYADMIN="/usr/bin/mariadb-admin --defaults-extra-file=/etc/mysql/debian.cnf" + # Don't run full mariadb-upgrade on every server restart, use --version-check to do it only once +# Variable used in upgrade_system_tables_if_necessary() +# shellcheck disable=SC2034 MYUPGRADE="/usr/bin/mariadb-upgrade --defaults-extra-file=/etc/mysql/debian.cnf --version-check --silent" -MYCHECK_SUBJECT="WARNING: mariadb-check has found corrupt tables" -MYCHECK_RCPT="${MYCHECK_RCPT:-root}" - -## Checking for corrupt, not cleanly closed (only for MyISAM and Aria engines) and upgrade needing tables. # The following commands should be run when the server is up but in background # where they do not block the server start and in one shell instance so that # they run sequentially. They are supposed not to echo anything to stdout. -# If you want to disable the check for crashed tables comment -# "check_for_crashed_tables" out. # (There may be no output to stdout inside the background process!) # Need to ignore SIGHUP, as otherwise a SIGHUP can sometimes abort the upgrade @@ -44,7 +42,6 @@ ( upgrade_system_tables_if_necessary; check_root_accounts; - check_for_crashed_tables; ) >&2 & exit 0 diff -Nru mariadb-11.8.6/debian/additions/debian-start.inc.sh mariadb-11.8.8/debian/additions/debian-start.inc.sh --- mariadb-11.8.6/debian/additions/debian-start.inc.sh 2026-03-02 10:03:14.000000000 +0000 +++ mariadb-11.8.8/debian/additions/debian-start.inc.sh 2026-06-26 13:13:13.000000000 +0000 @@ -3,62 +3,6 @@ # This file is included by /etc/mysql/debian-start # -## Check MyISAM and Aria unclosed tables. -# - Requires the server to be up. -# - Is supposed to run silently in background. -function check_for_crashed_tables() { - set -e - set -u - - # But do it in the background to not stall the boot process. - logger -p daemon.info -i -t"$0" "Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables" - - # Checking for $? is unreliable so the size of the output is checked. - # Some table handlers like HEAP do not support CHECK TABLE. - tempfile=$(mktemp) - - # We have to use xargs in this case, because a for loop barfs on the - # spaces in the thing to be looped over. - - # If a crashed table is encountered, the "mariadb" command will return with a status different from 0 - # - # The first query will generate lines like. - # select count(*) into @discard from 'mysql'.'db' - # The second line will load all tables without printing any actual results, - # but may show warnings and definitely is expected to have some error and - # exit code if crashed tables are encountered. - # - # Note that inside single quotes must be quoted with '\'' (to be outside of single quotes). - set +e - # The $MARIADB is intentionally used to expand into a command and arguments - # shellcheck disable=SC2086,SC2016 - echo ' - SELECT CONCAT('\''select count(*) into @discard from `'\'', TABLE_SCHEMA, '\''`.`'\'', TABLE_NAME, '\''`'\'') - FROM information_schema.TABLES WHERE TABLE_SCHEMA<>"INFORMATION_SCHEMA" AND TABLE_SCHEMA<>"PERFORMANCE_SCHEMA" - AND (ENGINE="MyISAM" OR ENGINE="Aria") - ' | \ - LC_ALL=C $MARIADB --skip-column-names --batch | \ - xargs --no-run-if-empty -i $MARIADB --skip-column-names --silent --batch --force -e "{}" &> "${tempfile}" - set -e - - if [ -s "$tempfile" ] - then - ( - /bin/echo -e "\n" \ - "Improperly closed tables are also reported if clients are accessing\n" \ - "the tables *now*. A list of current connections is below.\n"; - $MYADMIN processlist status - ) >> "${tempfile}" - # Check for presence as a dependency on mailx would require an MTA. - if [ -x /usr/bin/mailx ] - then - mailx -e -s"$MYCHECK_SUBJECT" "$MYCHECK_RCPT" < "$tempfile" - fi - (echo "$MYCHECK_SUBJECT"; cat "${tempfile}") | logger -p daemon.warn -i -t"$0" - fi - rm "${tempfile}" -} - ## Check for tables needing an upgrade. # - Requires the server to be up. # - Is supposed to run silently in background. diff -Nru mariadb-11.8.6/debian/changelog mariadb-11.8.8/debian/changelog --- mariadb-11.8.6/debian/changelog 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/changelog 2026-06-26 13:13:13.000000000 +0000 @@ -1,3 +1,35 @@ +mariadb (1:11.8.8-0+deb13u1) trixie; urgency=medium + + * New upstream version 11.8.8 with critical fix for regression in 11.8.7 as + noted at https://mariadb.com/docs/release-notes/community-server/11.8/11.8.8 + and for the following security issues: + - CVE-2026-48165 + - CVE-2026-48163 + * Previous upstream version 11.8.7 included fixes for several defects as noted + at https://mariadb.com/docs/release-notes/community-server/11.8/11.8.7 as + well the following security issues: + - CVE-2026-44173 + - CVE-2026-44172 + - CVE-2026-44171 + - CVE-2026-44170 + - CVE-2026-44169 + - CVE-2026-44168 + * New upstream version included fixes for these Debian tracked issues: + - MDEV-38698 Upgrade did not fix charset and collation for mysql.user, + leading to "Illegal mix of collations" errors on upgrades or when trying + to restore backups (Closes: #1104533, #1126850, #1137221) + - MDEV-39479 Mroonga hangs on invalid index flag (Closes: #1110683) + - MDEV-38811 Crash in information_schema.table_constraints when running in + 'skip-grant-tables' mode (Closes: #1127431, affected Akonadi) + * Also cherry-pick the following upstream debian/ changes: + - MDEV-34902 debian-start erroneously reports issues (includes security fix) + * Update configuration traces to match changes in system variables + - new variable 'innodb-buffer-pool-in-core-dump' (default: FALSE) + - new default value 0->8796093022208 in 'innodb-buffer-pool-size-max' + * Salsa CI: Disable the uscan job as it is incompatible with MariaDB + + -- Otto Kekäläinen Fri, 26 Jun 2026 13:13:13 +0000 + mariadb (1:11.8.6-0+deb13u1) trixie; urgency=medium [ Otto Kekäläinen ] diff -Nru mariadb-11.8.6/debian/control mariadb-11.8.8/debian/control --- mariadb-11.8.6/debian/control 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/control 2026-06-26 13:13:13.000000000 +0000 @@ -593,7 +593,6 @@ Package: mariadb-server Architecture: any Suggests: - mailx, mariadb-test, netcat-openbsd, Recommends: diff -Nru mariadb-11.8.6/debian/mariadb-server.mysql.default mariadb-11.8.8/debian/mariadb-server.mysql.default --- mariadb-11.8.6/debian/mariadb-server.mysql.default 2026-03-02 04:26:11.000000000 +0000 +++ mariadb-11.8.8/debian/mariadb-server.mysql.default 2026-06-26 13:13:13.000000000 +0000 @@ -16,7 +16,3 @@ # If the server is still not responding after the delay, the script won't be executed and an error will be thrown on the syslog. # Default: 30 #MYSQLD_STARTUP_TIMEOUT=30 - -# The email recipient(s) of the output of the check for crashed and improperly closed MyISAM and Aria tables done at each server start by the "/etc/mysql/debian-start" script. -# Default: root -#MYCHECK_RCPT="root" diff -Nru mariadb-11.8.6/debian/patches/Fix-misc-spelling-in-MariaDB-Server-repository.patch mariadb-11.8.8/debian/patches/Fix-misc-spelling-in-MariaDB-Server-repository.patch --- mariadb-11.8.6/debian/patches/Fix-misc-spelling-in-MariaDB-Server-repository.patch 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/Fix-misc-spelling-in-MariaDB-Server-repository.patch 2026-06-26 13:13:13.000000000 +0000 @@ -61,7 +61,7 @@ "terminates with an error. Default is 0, in which case mariadb-backup waits " "indefinitely for BACKUP STAGE START to finish", diff --git a/extra/mariabackup/xtrabackup.cc b/extra/mariabackup/xtrabackup.cc -index effbac0..377082a 100644 +index dec69a0..8c218ff 100644 --- a/extra/mariabackup/xtrabackup.cc +++ b/extra/mariabackup/xtrabackup.cc @@ -220,7 +220,7 @@ uint xtrabackup_compress = FALSE; @@ -73,7 +73,7 @@ in milliseconds (default is 1 second) */ ulint xtrabackup_log_copy_interval = 1000; static ulong max_buf_pool_modified_pct; -@@ -1808,7 +1808,7 @@ struct my_option xb_client_options[]= { +@@ -1809,7 +1809,7 @@ struct my_option xb_client_options[]= { {"startup-wait-timeout", OPT_LOCK_WAIT_TIMEOUT, "This option specifies time in seconds that mariadb-backup should wait for " "BACKUP STAGE START to complete. BACKUP STAGE START has to wait until all " @@ -82,7 +82,7 @@ "If there are still such queries when the timeout expires, mariadb-backup " "terminates with an error. Default is 0, in which case mariadb-backup waits " "indefinitely for BACKUP STAGE START to finish", -@@ -5852,7 +5852,7 @@ void CorruptedPages::backup_fix_ddl(ds_ctxt *ds_data, ds_ctxt *ds_meta) +@@ -5868,7 +5868,7 @@ void CorruptedPages::backup_fix_ddl(ds_ctxt *ds_data, ds_ctxt *ds_meta) } /* Mariabackup doesn't detect any FILE_OP for the deferred @@ -92,7 +92,7 @@ for (auto space_name: defer_space_names) { if (!check_if_skip_table(space_name.c_str())) { diff --git a/mysql-test/main/mysqld--help.result b/mysql-test/main/mysqld--help.result -index 44a92c2..4422900 100644 +index 2c65abf..6e3a414 100644 --- a/mysql-test/main/mysqld--help.result +++ b/mysql-test/main/mysqld--help.result @@ -826,13 +826,14 @@ The following specify which files/extra groups are read (specified before remain @@ -118,10 +118,10 @@ Cost of checking a key against the end key condition --optimizer-key-copy-cost=# diff --git a/mysql-test/suite/sys_vars/r/sysvars_innodb.result b/mysql-test/suite/sys_vars/r/sysvars_innodb.result -index b9f1e8b..bf590a5 100644 +index 988eb24..5540f6f 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result -@@ -565,7 +565,7 @@ SESSION_VALUE NULL +@@ -555,7 +555,7 @@ SESSION_VALUE NULL DEFAULT_VALUE OFF VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BOOLEAN @@ -131,7 +131,7 @@ NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result -index f127a28..df7647d 100644 +index aad92d5..ec1e062 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result +++ b/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result @@ -2505,7 +2505,7 @@ COMMAND_LINE_ARGUMENT REQUIRED @@ -144,7 +144,7 @@ NUMERIC_MAX_VALUE 4294967295 NUMERIC_BLOCK_SIZE 1 diff --git a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result -index 9ead8d4..3b79975 100644 +index 11f168d..1f37da6 100644 --- a/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result +++ b/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result @@ -2715,7 +2715,7 @@ COMMAND_LINE_ARGUMENT REQUIRED @@ -157,10 +157,10 @@ NUMERIC_MAX_VALUE 4294967295 NUMERIC_BLOCK_SIZE 1 diff --git a/sql/opt_subselect.cc b/sql/opt_subselect.cc -index 0bf1998..4ebb368 100644 +index ad10ab5..fb6806a 100644 --- a/sql/opt_subselect.cc +++ b/sql/opt_subselect.cc -@@ -6894,7 +6894,7 @@ bool JOIN::choose_subquery_plan(table_map join_tables) +@@ -6895,7 +6895,7 @@ bool JOIN::choose_subquery_plan(table_map join_tables) add("rows", inner_record_count_1). add("materialization_cost", materialize_strategy_cost). add("in_exist_cost", in_exists_strategy_cost). @@ -169,7 +169,7 @@ } DBUG_PRINT("info", -@@ -6932,7 +6932,7 @@ bool JOIN::choose_subquery_plan(table_map join_tables) +@@ -6933,7 +6933,7 @@ bool JOIN::choose_subquery_plan(table_map join_tables) { Json_writer_object trace_wrapper(thd); Json_writer_object trace_subquery(thd, "subquery_plan_revert"); @@ -179,7 +179,7 @@ } diff --git a/sql/sql_select.cc b/sql/sql_select.cc -index fa73d52..1e697a5 100644 +index 60f3e45..5b50f6f 100644 --- a/sql/sql_select.cc +++ b/sql/sql_select.cc @@ -11831,7 +11831,7 @@ double recompute_join_cost_with_limit(const JOIN *join, bool skip_sorting, @@ -191,7 +191,7 @@ execution. @detail -@@ -15318,7 +15318,7 @@ void JOIN::drop_unused_derived_keys() +@@ -15317,7 +15317,7 @@ void JOIN::drop_unused_derived_keys() } /* We dropped all keys except the chosen one and unique keys. @@ -201,7 +201,7 @@ tab->ref.key= 0; } diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc -index 3c2fee2..545821d 100644 +index ad4bb1f..e1b5dca 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -2973,7 +2973,7 @@ static Sys_var_ulong Sys_optimizer_selectivity_sampling_limit( @@ -214,7 +214,7 @@ "(A conservative setting here would be is a high value, like 100 so " "the short-cutting plan is used if it promises a speedup of 100x or " diff --git a/storage/connect/odbconn.cpp b/storage/connect/odbconn.cpp -index 520b82d..a782570 100644 +index 1b35bfa..10a0666 100644 --- a/storage/connect/odbconn.cpp +++ b/storage/connect/odbconn.cpp @@ -281,7 +281,7 @@ static CATPARM *AllocCatInfo(PGLOBAL g, CATINFO fid, PCSZ db, @@ -227,10 +227,10 @@ } catch (const char *msg) { htrc(g->Message, msg); diff --git a/storage/innobase/handler/ha_innodb.cc b/storage/innobase/handler/ha_innodb.cc -index 21dbe9c..40b974a 100644 +index a38ca1c..18fa9c0 100644 --- a/storage/innobase/handler/ha_innodb.cc +++ b/storage/innobase/handler/ha_innodb.cc -@@ -19866,7 +19866,7 @@ static MYSQL_SYSVAR_BOOL(immediate_scrub_data_uncompressed, +@@ -19924,7 +19924,7 @@ static MYSQL_SYSVAR_BOOL(immediate_scrub_data_uncompressed, static MYSQL_SYSVAR_BOOL(encrypt_temporary_tables, innodb_encrypt_temporary_tables, PLUGIN_VAR_OPCMDARG | PLUGIN_VAR_READONLY, diff -Nru mariadb-11.8.6/debian/patches/MDEV-37411-suppress-new-warning-about-native-aio.patch mariadb-11.8.8/debian/patches/MDEV-37411-suppress-new-warning-about-native-aio.patch --- mariadb-11.8.6/debian/patches/MDEV-37411-suppress-new-warning-about-native-aio.patch 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/MDEV-37411-suppress-new-warning-about-native-aio.patch 2026-06-26 13:13:13.000000000 +0000 @@ -38,10 +38,10 @@ 1 file changed, 2 insertions(+) diff --git a/mysql-test/mariadb-test-run.pl b/mysql-test/mariadb-test-run.pl -index 6739995..8d88e4d 100755 +index 3e1dceb..66d875b 100755 --- a/mysql-test/mariadb-test-run.pl +++ b/mysql-test/mariadb-test-run.pl -@@ -4498,6 +4498,8 @@ sub extract_warning_lines ($$) { +@@ -4507,6 +4507,8 @@ sub extract_warning_lines ($$) { qr/error .*connecting to master/, qr/InnoDB: Dumping buffer pool.*/, qr/InnoDB: Buffer pool.*/, diff -Nru mariadb-11.8.6/debian/patches/MDEV-38811-skip-grant-tables-crash.patch mariadb-11.8.8/debian/patches/MDEV-38811-skip-grant-tables-crash.patch --- mariadb-11.8.6/debian/patches/MDEV-38811-skip-grant-tables-crash.patch 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/MDEV-38811-skip-grant-tables-crash.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -From: Sergei Golubchik -Date: Fri, 13 Feb 2026 15:22:57 +0100 -Subject: [PATCH] MDEV-38811 crash in information_schema.table_constraints - when --skip-grant-tables - -acl_get_all3() wasn't expecting --skip-grant-tables - -Multiple users reported Akonadi crashing with MariaDB 11.8.6. Downgrading to -11.8.5 fixed it. Reason most likely due to upstream regression as described -in detail in bug reports. - -Origin: https://github.com/MariaDB/server/commit/87309d3d4bb8f48910d05b0ca5ee989bcdd6b053.patch -Bug: https://jira.mariadb.org/browse/MDEV-38811 -Forwarded: not-needed ---- - sql/sql_acl.cc | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc -index a583c0b..b6abd27 100644 ---- a/sql/sql_acl.cc -+++ b/sql/sql_acl.cc -@@ -3927,6 +3927,9 @@ privilege_t acl_get(const char *host, const char *ip, - privilege_t acl_get_all3(Security_context *sctx, const char *db, - bool db_is_patern) - { -+ if (!initialized) -+ return DB_ACLS; -+ - privilege_t access= acl_get(sctx->host, sctx->ip, - sctx->priv_user, db, db_is_patern); - if (sctx->priv_role[0]) diff -Nru mariadb-11.8.6/debian/patches/env-perl-usr-bin-perl.patch mariadb-11.8.8/debian/patches/env-perl-usr-bin-perl.patch --- mariadb-11.8.6/debian/patches/env-perl-usr-bin-perl.patch 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/env-perl-usr-bin-perl.patch 2026-06-26 13:13:13.000000000 +0000 @@ -54,7 +54,7 @@ # Copyright (c) 2005, 2011, Oracle and/or its affiliates. All rights reserved. # diff --git a/mysql-test/mariadb-test-run.pl b/mysql-test/mariadb-test-run.pl -index bc9845b..6739995 100755 +index 7b913f1..3e1dceb 100755 --- a/mysql-test/mariadb-test-run.pl +++ b/mysql-test/mariadb-test-run.pl @@ -1,4 +1,4 @@ diff -Nru mariadb-11.8.6/debian/patches/series mariadb-11.8.8/debian/patches/series --- mariadb-11.8.6/debian/patches/series 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/series 2026-06-26 13:13:13.000000000 +0000 @@ -8,4 +8,3 @@ Improve-output-from-mariadb-secure-installation-to-be-mor.patch MDEV-37411-suppress-new-warning-about-native-aio.patch include-debian-in-test-merge-alter-result.patch -MDEV-38811-skip-grant-tables-crash.patch diff -Nru mariadb-11.8.6/debian/patches/startup-message.patch mariadb-11.8.8/debian/patches/startup-message.patch --- mariadb-11.8.6/debian/patches/startup-message.patch 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/patches/startup-message.patch 2026-06-26 13:13:13.000000000 +0000 @@ -39,10 +39,10 @@ 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sql/mysqld.cc b/sql/mysqld.cc -index 251c342..c8595a5 100644 +index 890fd2d..36ccb19 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc -@@ -5043,13 +5043,23 @@ static int init_server_components() +@@ -5110,13 +5110,23 @@ static int init_server_components() /* Print source revision hash, as one of the first lines, if not the diff -Nru mariadb-11.8.6/debian/salsa-ci.yml mariadb-11.8.8/debian/salsa-ci.yml --- mariadb-11.8.6/debian/salsa-ci.yml 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/salsa-ci.yml 2026-06-26 13:13:13.000000000 +0000 @@ -35,6 +35,10 @@ SALSA_CI_DISABLE_RC_BUGS: 0 # Testing https://salsa.debian.org/salsa-ci-team/pipeline#git-attributes SALSA_CI_DISABLE_GBP_SETUP_GITATTRIBUTES: 1 + # The directory https://archive.mariadb.org/mariadb-11.8/source/ only contains + # the sources of the latest MariaDB release, and thus running uscan for past + # releases will always fail, and thus uscan job should be disabled on Salsa CI + SALSA_CI_DISABLE_USCAN: 1 .build-package: # Extend Salsa-CI build jobs to have longer timeout as the default GitLab diff -Nru mariadb-11.8.6/debian/tests/configuration-tracing mariadb-11.8.8/debian/tests/configuration-tracing --- mariadb-11.8.6/debian/tests/configuration-tracing 2026-03-02 10:03:47.000000000 +0000 +++ mariadb-11.8.8/debian/tests/configuration-tracing 2026-06-26 13:13:13.000000000 +0000 @@ -71,6 +71,7 @@ normalize_value version-source-revision - # 32-bit systems (i386, armel, armhf) have lower values + normalize_value innodb-buffer-pool-size-max 8796093022208 # 32-bit: 0 normalize_value innodb-io-capacity-max 18446744073709551615 # 32-bit: 4294967295 normalize_value max-binlog-cache-size 18446744073709547520 # 32-bit: 4294963200 normalize_value max-binlog-stmt-cache-size 18446744073709547520 # 32-bit: 4294963200 diff -Nru mariadb-11.8.6/debian/tests/traces/mariadbd-verbose-help.expected mariadb-11.8.8/debian/tests/traces/mariadbd-verbose-help.expected --- mariadb-11.8.6/debian/tests/traces/mariadbd-verbose-help.expected 2026-03-06 13:13:13.000000000 +0000 +++ mariadb-11.8.8/debian/tests/traces/mariadbd-verbose-help.expected 2026-06-26 13:13:13.000000000 +0000 @@ -6,7 +6,7 @@ Default options are read from the following files in the given order: /etc/my.cnf /etc/mysql/my.cnf ~/.my.cnf -The following groups are read: mysqld server mysqld-11.8 mariadb mariadb-11.8 mariadbd mariadbd-11.8 client-server galera +The following groups are read: mysqld server mysqld-11.8 mariadb mariadb-11.8 mariadb-11 mariadbd mariadbd-11.8 mariadbd-11 client-server galera The following options may be given as the first argument: --print-defaults Print the program argument list and exit. --no-defaults Don't read default options from any option file. @@ -628,6 +628,8 @@ --innodb-buffer-pool-filename=name Filename to/from which to dump/load the InnoDB buffer pool + --innodb-buffer-pool-in-core-dump + Include the buffer pool in core dump --innodb-buffer-pool-load-abort Abort a currently running load of the buffer pool --innodb-buffer-pool-load-at-startup @@ -2030,7 +2032,8 @@ the transaction) --show-slave-auth-info Show user and password in SHOW SLAVE HOSTS on this master - --silent-startup Don't print [Note] to the error log during startup + --silent-startup Don't print [Note] or failed plugin_loads to the error + log during startup --skip-grant-tables Start without grant tables. This gives all users FULL ACCESS to all tables --skip-host-cache Don't cache host names @@ -2497,6 +2500,8 @@ statement --wsrep-slave-FK-checks Should slave thread do foreign key constraint checks + (deprecated, has no effect). Deprecated, will be removed + in a future release. (Defaults to on; use --skip-wsrep-slave-FK-checks to disable.) --wsrep-slave-UK-checks Should slave thread do secondary index uniqueness checks @@ -2696,12 +2701,13 @@ innodb-buffer-pool-dump-now FALSE innodb-buffer-pool-dump-pct 25 innodb-buffer-pool-filename ib_buffer_pool +innodb-buffer-pool-in-core-dump FALSE innodb-buffer-pool-load-abort FALSE innodb-buffer-pool-load-at-startup TRUE innodb-buffer-pool-load-now FALSE innodb-buffer-pool-size 134217728 innodb-buffer-pool-size-auto-min 0 -innodb-buffer-pool-size-max 0 +innodb-buffer-pool-size-max 8796093022208 innodb-buffer-pool-stats ON innodb-checksum-algorithm full_crc32 innodb-cmp ON diff -Nru mariadb-11.8.6/extra/CMakeLists.txt mariadb-11.8.8/extra/CMakeLists.txt --- mariadb-11.8.6/extra/CMakeLists.txt 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/CMakeLists.txt 2026-05-24 09:58:30.000000000 +0000 @@ -13,7 +13,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA -INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${ZLIB_INCLUDE_DIRS}) +INCLUDE_DIRECTORIES(${CMAKE_SOURCE_DIR}/include ${ZLIB_INCLUDE_DIRS} ${PCRE_INCLUDE_DIRS}) # Default install component for the files is Server here SET(MYSQL_INSTALL_COMPONENT Server) @@ -46,6 +46,70 @@ DEPENDS ${CMAKE_BINARY_DIR}/include/mysqld_error.h.tmp) +# this approach doesn't work with cross-compiing (runs mariadbd) +# and doesn't work with ASAN, because LSAN complains about RocksDB (MDEV-36345). +IF(NOT CMAKE_CROSSCOMPILING AND NOT WITH_ASAN AND TARGET mariadbd) + ADD_EXECUTABLE(generate_option_list generate_option_list.cc) + TARGET_LINK_LIBRARIES(generate_option_list mysys pcre2-8) + TARGET_INCLUDE_DIRECTORIES(generate_option_list PRIVATE ${PCRE_INCLUDE_DIRS}) + GET_PROPERTY(dynamic_plugins GLOBAL PROPERTY SERVER_DYNAMIC_PLUGINS) + GET_PROPERTY(is_multi_config GLOBAL PROPERTY GENERATOR_IS_MULTI_CONFIG) + IF(is_multi_config) + SET(my_plugin_dir "${CMAKE_BINARY_DIR}/all_plugins/$") + ELSE() + SET(my_plugin_dir "${CMAKE_BINARY_DIR}/all_plugins") + ENDIF() + + SET(populate_plugin_dir) + SET(plugin_load) + LIST(APPEND populate_plugin_dir + COMMAND ${CMAKE_COMMAND} -E rm -rf "${my_plugin_dir}" + COMMAND ${CMAKE_COMMAND} -E make_directory "${my_plugin_dir}" + ) + FOREACH(target ${dynamic_plugins}) + LIST(APPEND plugin_load "$") + IF(WIN32) + SET(maybe_create_hardlink || ${CMAKE_COMMAND} -E create_hardlink + $ + "${my_plugin_dir}/$") + ENDIF() + LIST(APPEND populate_plugin_dir + COMMAND ${CMAKE_COMMAND} -E create_symlink + $ + "${my_plugin_dir}/$" + ${maybe_create_hardlink}) + ENDFOREACH() + + IF(NOT plugin_load) + SET(plugin_load " ") + ENDIF() + + STRING(REPLACE ";" ":" escaped_plugin_load "${plugin_load}") + SET(genhdr ${CMAKE_BINARY_DIR}/extra/mariadbd_options.h) + ADD_CUSTOM_COMMAND(OUTPUT ${genhdr} + # COMMAND ${CMAKE_COMMAND} -E echo "Executing ${populate_plugin_dir}" + ${populate_plugin_dir} + #COMMAND ${CMAKE_COMMAND} -E echo "Executing generate_option_list $ ${my_plugin_dir} ${escaped_plugin_load} ${genhdr}" + COMMAND generate_option_list "$" "${my_plugin_dir}" "${escaped_plugin_load}" "${genhdr}" + COMMAND_EXPAND_LISTS + ) + + ADD_CUSTOM_TARGET(gen_mariadbd_options_h + DEPENDS ${genhdr} + + ) + + MYSQL_ADD_EXECUTABLE(mariadb-migrate-config-file + mariadb_migrate_config_file.c + ${genhdr} + COMPONENT Client) + + # Make sure consumers cannot compile before the header exists: + SET_SOURCE_FILES_PROPERTIES("${genhdr}" PROPERTIES GENERATED TRUE) + TARGET_LINK_LIBRARIES(mariadb-migrate-config-file PRIVATE mysys) + TARGET_INCLUDE_DIRECTORIES(mariadb-migrate-config-file PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) +ENDIF() + MYSQL_ADD_EXECUTABLE(my_print_defaults my_print_defaults.c COMPONENT Client) TARGET_LINK_LIBRARIES(my_print_defaults mysys) diff -Nru mariadb-11.8.6/extra/generate_option_list.cc mariadb-11.8.8/extra/generate_option_list.cc --- mariadb-11.8.6/extra/generate_option_list.cc 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/generate_option_list.cc 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,346 @@ +/* Copyright (c) 2024, Väinö Mäkelä + With some small changes by Michael Widenius + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 + USA */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#define PCRE2_STATIC 1 /* Important on Windows */ +#include "pcre2.h" + +struct parsed +{ + std::set options; + std::map> enums; + std::map> sets; +}; + +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) + __attribute__((no_sanitize("memory"))) /* we may run with uninstrumented std::string */ +# endif +#endif + +std::string read_output(FILE *f) +{ + char buf[4096]; + size_t read_bytes; + std::string output; + do + { + read_bytes= std::fread(buf, 1, sizeof buf, f); + output.append(buf, read_bytes); + } while (read_bytes > 0); + return output; +} + + +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) + __attribute__((no_sanitize("memory"))) /* we may run with uninstrumented std::string */ +# endif +#endif + + +std::string call_mariadbd(const char *mariadbd_path, const char *plugin_dir, const char *plugin_load) +{ + std::string output; + std::ostringstream command; +#ifdef _WIN32 + command << "\""; +#endif + command << "\"" << mariadbd_path << "\""; + command << " --no-defaults" + " --silent-startup" + " --plugin-maturity=unknown" + " --plugin-dir="; + command << plugin_dir << ""; + if (plugin_load[0] != ' ' || !plugin_load[0]) + { + command << " \"--plugin-load="; + command << plugin_load; + command << "\""; + } + command << " --verbose" + " --help"; +#ifdef _WIN32 + command << "\""; +#endif + std::cout << "Executing command: " << command.str() << '\n'; + FILE *f= my_popen(command.str().c_str(), "r"); + if (!f) + { + perror("failed to read mariadbd output"); + my_pclose(f); + exit(1); + } + output= read_output(f); + my_pclose(f); + return output; +} + +std::string remove_paretheses(std::string &str) +{ + std::string result; + bool in_parens= false; + for (auto it= str.begin(); it != str.end(); ++it) + { + if (*it == '(') + { + in_parens= true; + } + else if (in_parens && *it == ')') + { + in_parens= false; + } + else if (!in_parens) + { + result.push_back(*it); + } + } + return result; +} + +std::vector split_list(std::string &str) +{ + std::vector result; + std::string current; + std::string parens_removed= remove_paretheses(str); + bool seen_dot= false; + + for (auto it= parens_removed.begin(); it != parens_removed.end(); ++it) + { + switch (*it) { + case ' ': + case '\t': + case '\n': + case '\r': + case ',': + seen_dot= false; + if (!current.empty()) + result.push_back(current); + current.clear(); + break; + case '.': + seen_dot= true; + break; + default: + if (seen_dot) + current.push_back('.'); + current.push_back(*it); + } + } + if (!current.empty()) + result.push_back(current); + return result; +} + +std::string capture_group(std::string &str, PCRE2_SIZE *ovector, int group) +{ + return str.substr(ovector[2 * group], + ovector[2 * group + 1] - ovector[2 * group]); +} + + +/* + Ignore some special mariadb options from using enum/set +*/ + +bool ignore_option(std::string *option) +{ + /* + wsrep_provider must not be threated as an enum as in mariadbd --help is both + a string and an enum. + */ + if (!strcmp(option->c_str(), "wsrep_provider")) + return 1; // Ignore + return 0; +} + + +struct parsed parse_output(std::string &output) +{ + struct parsed result= {}; + const char *pattern= + "# Consider all lines that start with ' --' or ' -x, --'as options.\n" + "^\\ \\ (?:-.,\\ )?--([^\\ =\\[]+)\n" + "(?:\n" + " # Check for possible enum or set values until we hit\n" + " # ' -' at the start of a line. This won't work for\n" + " # the last option but should work for most ones.\n" + " (?:(? enum_options; + std::vector set_options; + int rc= pcre2_match(re, (PCRE2_SPTR8) output.c_str(), output.length(), + offset, 0, match_data, nullptr); + if (rc == PCRE2_ERROR_NOMATCH) + { + break; + } + if (rc < 0) + { + std::cerr << "Matching error " << rc << '\n'; + exit(1); + } + + offset= ovector[1]; + option= capture_group(output, ovector, 1); + std::replace(option.begin(), option.end(), '-', '_'); + if (rc > 2 && ovector[2 * 2] != PCRE2_UNSET) + { + enum_part= capture_group(output, ovector, 2); + enum_options= split_list(enum_part); + } + if (rc > 3 && ovector[2 * 3] != PCRE2_UNSET) + { + set_part= capture_group(output, ovector, 3); + set_options= split_list(set_part); + } + + result.options.insert(option); + if (ignore_option(&option)) + continue; + + if (!enum_options.empty()) + { + result.enums.emplace(option, enum_options); + } + if (!set_options.empty()) + { + result.sets.emplace(option, set_options); + } + } + + pcre2_match_data_free(match_data); + pcre2_code_free(re); + return result; +} + +void write_typelibs(std::ostream &out, + std::map> &map) +{ + for (auto option= map.begin(); option != map.end(); ++option) + { + const std::string &option_name= (*option).first; + const std::vector &values= (*option).second; + out << "\nstatic const char *valid_" << option_name << "_values[] = {\n"; + for (auto value= values.begin(); value != values.end(); ++value) + { + out << "\"" << *value << "\",\n"; + } + out << "0\n};\n"; + out << "static TYPELIB valid_" << option_name << "_values_typelib = {\n" + << "array_elements(valid_" << option_name << "_values)-1,\n" + << "\"\", valid_" << option_name << "_values, 0, 0};\n"; + } +} + +void write_typelib_map(std::ostream &out, std::string name, + std::map> &map) +{ + out << "\nstatic const char *mariadbd_" << name << "_options[] = {\n"; + for (auto option= map.begin(); option != map.end(); ++option) + { + out << "\"" << (*option).first << "\",\n"; + } + out << "};\n" + << "\nstatic TYPELIB *mariadbd_" << name << "_typelibs[] = {\n"; + for (auto option= map.begin(); option != map.end(); ++option) + { + out << "&valid_" << (*option).first << "_values_typelib,\n"; + } + out << "};\n"; +} + +void write_output(const char *path, struct parsed &parsed_output) +{ + std::ofstream out(path); + out << "/* Automatically generated by generate_option_list */\n\n"; + out << "#ifndef _mariadbd_options_h\n"; + out << "#define _mariadbd_options_h\n"; + out << "static const char *mariadbd_valid_options[]= {\n"; + for (auto option= parsed_output.options.begin(); + option != parsed_output.options.end(); ++option) + { + out << '\"' << *option << "\",\n"; + } + out << "};\n"; + + write_typelibs(out, parsed_output.enums); + write_typelib_map(out, "enum", parsed_output.enums); + + write_typelibs(out, parsed_output.sets); + write_typelib_map(out, "set", parsed_output.sets); + + out << "#endif /* _mariadbd_options_h */\n"; +} + +int main(int argc, const char *argv[]) +{ + std::string mariadbd_output; + struct parsed parsed_output; + + if (argc != 5) + { + std::cerr << "usage: " << argv[0] << " \n"; + return 1; + } + MY_INIT(argv[0]); + mariadbd_output= call_mariadbd(argv[1], argv[2], argv[3]); + parsed_output= parse_output(mariadbd_output); + write_output(argv[4], parsed_output); + + my_end(0); + exit(0); +} diff -Nru mariadb-11.8.6/extra/mariabackup/backup_copy.cc mariadb-11.8.8/extra/mariabackup/backup_copy.cc --- mariadb-11.8.6/extra/mariabackup/backup_copy.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/backup_copy.cc 2026-05-24 09:58:30.000000000 +0000 @@ -1753,7 +1753,7 @@ for (uint i = 1; i <= TRX_SYS_MAX_UNDO_SPACES; i++) { char filename[20]; - sprintf(filename, "undo%03u", i); + snprintf(filename, sizeof(filename), "undo%03u", i); if (!file_exists(filename)) { break; } @@ -1952,6 +1952,14 @@ msg(thread_n,"%s\n", message.str().c_str()); + /* all valid *.qp files are table-name-safe */ + for (const char *s=filepath; *s; s++) + if (!isalnum(*s) && !strchr("-.@/_#", *s)) + { + msg(thread_n,"Error: invalid file name\n"); + return(false); + } + if (system(cmd.str().c_str()) != 0) { return(false); } diff -Nru mariadb-11.8.6/extra/mariabackup/backup_mysql.cc mariadb-11.8.8/extra/mariabackup/backup_mysql.cc --- mariadb-11.8.6/extra/mariabackup/backup_mysql.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/backup_mysql.cc 2026-05-24 09:58:30.000000000 +0000 @@ -148,7 +148,7 @@ char mysql_port_str[std::numeric_limits::digits10 + 3]; const char *user= opt_user ? opt_user : get_os_user(); - sprintf(mysql_port_str, "%d", opt_port); + snprintf(mysql_port_str, sizeof(mysql_port_str), "%d", opt_port); if (connection == NULL) { msg("Failed to init MariaDB struct: %s.", diff -Nru mariadb-11.8.6/extra/mariabackup/common.h mariadb-11.8.8/extra/mariabackup/common.h --- mariadb-11.8.6/extra/mariabackup/common.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/common.h 2026-05-24 09:58:30.000000000 +0000 @@ -54,7 +54,7 @@ { return -1; } - vsprintf(*strp, fmt, args); + vsnprintf(*strp, len + 1, fmt, args); return len; } diff -Nru mariadb-11.8.6/extra/mariabackup/ds_local.cc mariadb-11.8.8/extra/mariabackup/ds_local.cc --- mariadb-11.8.6/extra/mariabackup/ds_local.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/ds_local.cc 2026-05-24 09:58:30.000000000 +0000 @@ -136,6 +136,7 @@ local_file = (ds_local_file_t *) (file + 1); local_file->fd = fd; + posix_fadvise(local_file->fd, 0, 0, POSIX_FADV_DONTNEED); local_file->init_ibd_done = 0; local_file->is_ibd = (path_len > 5) && !strcmp(fullpath + path_len - 5, ".ibd"); local_file->compressed = 0; @@ -166,9 +167,7 @@ size_t n_bytes = MY_MIN(pagesize, len - written); size_t datasize= trim_binary_zeros(ptr,n_bytes); if (datasize > 0) { - if (!my_write(fd, ptr, datasize, MYF(MY_WME | MY_NABP))) - posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED); - else + if (my_write(fd, ptr, datasize, MYF(MY_WME | MY_NABP))) return 1; } if (datasize < n_bytes) { @@ -242,11 +241,10 @@ return write_compressed(fd, b, len, local_file->pagesize); } - if (!my_write(fd, b , len, MYF(MY_WME | MY_NABP))) { - posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED); - return 0; + if (my_write(fd, b , len, MYF(MY_WME | MY_NABP))) { + return 1; } - return 1; + return 0; } static @@ -283,7 +281,9 @@ ret = set_eof(fd); } - my_close(fd, MYF(MY_WME)); + if (my_close(fd, MYF(MY_WME)) != 0) + ret= 1; + my_free(file); return ret; } diff -Nru mariadb-11.8.6/extra/mariabackup/ds_stdout.cc mariadb-11.8.8/extra/mariabackup/ds_stdout.cc --- mariadb-11.8.6/extra/mariabackup/ds_stdout.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/ds_stdout.cc 2026-05-24 09:58:30.000000000 +0000 @@ -84,6 +84,7 @@ #endif stdout_file->fd = my_fileno(stdout); + posix_fadvise(stdout_file->fd, 0, 0, POSIX_FADV_DONTNEED); file->path = (char *) stdout_file + sizeof(ds_stdout_file_t); memcpy(file->path, fullpath, pathlen); @@ -99,12 +100,11 @@ { File fd = ((ds_stdout_file_t *) file->ptr)->fd; - if (!my_write(fd, buf, len, MYF(MY_WME | MY_NABP))) { - posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED); - return 0; + if (my_write(fd, buf, len, MYF(MY_WME | MY_NABP))) { + return 1; } - return 1; + return 0; } static diff -Nru mariadb-11.8.6/extra/mariabackup/ds_tmpfile.cc mariadb-11.8.8/extra/mariabackup/ds_tmpfile.cc --- mariadb-11.8.6/extra/mariabackup/ds_tmpfile.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/ds_tmpfile.cc 2026-05-24 09:58:30.000000000 +0000 @@ -115,6 +115,7 @@ tmp_file->orig_path = (char *) tmp_file + sizeof(ds_tmp_file_t); tmp_file->fd = fd; + posix_fadvise(tmp_file->fd, 0, 0, POSIX_FADV_DONTNEED); memcpy(tmp_file->orig_path, path, path_len); /* Store the real temporary file name in file->path */ @@ -138,12 +139,11 @@ { File fd = ((ds_tmp_file_t *) file->ptr)->fd; - if (!my_write(fd, buf, len, MYF(MY_WME | MY_NABP))) { - posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED); - return 0; + if (my_write(fd, buf, len, MYF(MY_WME | MY_NABP))) { + return 1; } - return 1; + return 0; } static int diff -Nru mariadb-11.8.6/extra/mariabackup/xbcloud.cc mariadb-11.8.8/extra/mariabackup/xbcloud.cc --- mariadb-11.8.6/extra/mariabackup/xbcloud.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/xbcloud.cc 2026-05-24 09:58:30.000000000 +0000 @@ -490,7 +490,7 @@ int i; for (i = 0, p = out; i < hash_len; i++, p+=2) { - sprintf(p, "%02x", hash[i]); + snprintf(p, 3, "%02x", hash[i]); } return out; @@ -548,6 +548,7 @@ CURLcode res; long http_code; char *hdr_buf = NULL; + size_t hdr_buf_size = 0; struct curl_slist *slist = NULL; if (opt_swift_user == NULL) { @@ -564,18 +565,19 @@ if (curl != NULL) { - hdr_buf = (char *)(calloc(14 + max(strlen(opt_swift_user), - strlen(opt_swift_key)), 1)); + hdr_buf_size = 14 + max(strlen(opt_swift_user), + strlen(opt_swift_key)); + hdr_buf = (char *)(calloc(hdr_buf_size, 1)); if (!hdr_buf) { res = CURLE_FAILED_INIT; goto cleanup; } - sprintf(hdr_buf, "X-Auth-User: %s", opt_swift_user); + snprintf(hdr_buf, hdr_buf_size, "X-Auth-User: %s", opt_swift_user); slist = curl_slist_append(slist, hdr_buf); - sprintf(hdr_buf, "X-Auth-Key: %s", opt_swift_key); + snprintf(hdr_buf, hdr_buf_size, "X-Auth-Key: %s", opt_swift_key); slist = curl_slist_append(slist, hdr_buf); curl_easy_setopt(curl, CURLOPT_VERBOSE, opt_verbose); diff -Nru mariadb-11.8.6/extra/mariabackup/xbstream.cc mariadb-11.8.8/extra/mariabackup/xbstream.cc --- mariadb-11.8.6/extra/mariabackup/xbstream.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/xbstream.cc 2026-05-24 09:58:30.000000000 +0000 @@ -313,6 +313,11 @@ file_entry_t *entry; ds_file_t *file; + if (*path == '.' || *path == '/' || strstr(path, "/../")) { + msg("%s: invalid filename %s", my_progname, path); + return NULL; + } + entry = (file_entry_t *) my_malloc(PSI_NOT_INSTRUMENTED, sizeof(file_entry_t), MYF(MY_WME | MY_ZEROFILL)); if (entry == NULL) { diff -Nru mariadb-11.8.6/extra/mariabackup/xtrabackup.cc mariadb-11.8.8/extra/mariabackup/xtrabackup.cc --- mariadb-11.8.6/extra/mariabackup/xtrabackup.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/mariabackup/xtrabackup.cc 2026-05-24 09:58:30.000000000 +0000 @@ -404,6 +404,7 @@ char *opt_socket; uint opt_port; char *opt_log_bin; +char *opt_login_path; const char *query_type_names[] = { "ALL", "UPDATE", "SELECT", NullS}; @@ -1851,6 +1852,11 @@ &opt_log_innodb_page_corruption, &opt_log_innodb_page_corruption, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, + {"login-path", 0, 0, &opt_login_path, &opt_login_path, 0, + GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"apply-log", 0, 0, &xtrabackup_prepare, &xtrabackup_prepare, + 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, + #define MYSQL_CLIENT #include "sslopt-longopts.h" #undef MYSQL_CLIENT @@ -2647,7 +2653,7 @@ log_sys.format == log_t::FORMAT_ENC_11 ? log_t::FORMAT_ENC_11 : log_t::FORMAT_10_8); mach_write_to_8(LOG_HEADER_START_LSN + log_hdr_buf, - log_sys.next_checkpoint_lsn); + log_sys.last_checkpoint_lsn); snprintf(reinterpret_cast(LOG_HEADER_CREATOR + log_hdr_buf), 16, "Backup %u.%u.%u", MYSQL_VERSION_ID / 10000, MYSQL_VERSION_ID / 100 % 100, @@ -2655,7 +2661,7 @@ if (log_sys.is_encrypted()) log_crypt_write_header(log_hdr_buf + LOG_HEADER_CREATOR_END); mach_write_to_4(508 + log_hdr_buf, my_crc32c(0, log_hdr_buf, 508)); - mach_write_to_8(log_hdr_buf + 0x1000, log_sys.next_checkpoint_lsn); + mach_write_to_8(log_hdr_buf + 0x1000, log_sys.last_checkpoint_lsn); mach_write_to_8(log_hdr_buf + 0x1008, recv_sys.lsn); mach_write_to_4(log_hdr_buf + 0x103c, my_crc32c(0, log_hdr_buf + 0x1000, 60)); @@ -2687,9 +2693,14 @@ } ut_ad(srv_force_recovery <= SRV_FORCE_IGNORE_CORRUPT); + mysql_mutex_lock(&recv_sys.mutex); ut_ad(recv_no_log_write); - buf_flush_sync(); + if (recv_sys.recovery_on) + recv_sys.apply(true); + mysql_mutex_unlock(&recv_sys.mutex); recv_sys.debug_free(); + + buf_flush_sync_batch(0, false); ut_ad(!os_aio_pending_reads()); ut_d(mysql_mutex_lock(&buf_pool.flush_list_mutex)); ut_ad(!buf_pool.get_oldest_modification(0)); @@ -2724,7 +2735,7 @@ return true; } - recv_sys.lsn= log_sys.next_checkpoint_lsn= + recv_sys.lsn= log_sys.last_checkpoint_lsn= log_get_lsn() - SIZE_OF_FILE_CHECKPOINT; log_sys.set_latest_format(false); // not encrypted log_hdr_init(); @@ -3631,7 +3642,7 @@ return true; msg("Was only able to copy log from " LSN_PF " to " LSN_PF ", not " LSN_PF "; try increasing innodb_log_file_size", - log_sys.next_checkpoint_lsn, last_lsn, lsn); + log_sys.last_checkpoint_lsn.load(), last_lsn, lsn); return false; } @@ -4159,13 +4170,15 @@ strcpy(info->name, ent->d_name); + size_t full_path_size= strlen(dirname) + strlen(ent->d_name) + 10; full_path = static_cast( - ut_malloc_nokey(strlen(dirname) + strlen(ent->d_name) + 10)); + ut_malloc_nokey(full_path_size)); if (!full_path) { return -1; } - sprintf(full_path, "%s/%s", dirname, ent->d_name); + snprintf(full_path, full_path_size, + "%s/%s", dirname, ent->d_name); ret = stat(full_path, &statinfo); @@ -4819,11 +4832,14 @@ goto end; } - rlimit.rlim_cur = rlimit.rlim_max = max_file_limit; + rlimit.rlim_cur = max_file_limit; if (setrlimit(RLIMIT_NOFILE, &rlimit)) { /* Use original value */ max_file_limit = static_cast(old_cur); + + msg( "setrlimit failed %d %s limit S: %" PRIu64 " H: %" PRIu64, + errno, strerror(errno), rlimit.rlim_cur, rlimit.rlim_max); } else { rlimit.rlim_cur = 0; /* Safety if next call fails */ @@ -4886,9 +4902,9 @@ /* read the latest checkpoint lsn */ if (recv_sys.find_checkpoint() == DB_SUCCESS && log_sys.is_latest()) { - if (log_sys.next_checkpoint_lsn > lsn) - lsn= log_sys.next_checkpoint_lsn; - metadata_to_lsn= log_sys.next_checkpoint_lsn; + metadata_to_lsn= log_sys.last_checkpoint_lsn; + if (metadata_to_lsn > lsn) + lsn= metadata_to_lsn; msg("mariabackup: The latest check point (for incremental): '" LSN_PF "'", metadata_to_lsn); } @@ -4964,15 +4980,15 @@ if (xtrabackup_extra_lsndir) { char filename[FN_REFLEN]; - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, - MB_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", + xtrabackup_extra_lsndir, MB_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("Error: failed to write metadata " "to '%s'.", filename); return false; } - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, - MB_INFO); + snprintf(filename, sizeof(filename), "%s/%s", + xtrabackup_extra_lsndir, MB_INFO); if (!write_xtrabackup_info(m_data, mysql_connection, filename, false, false)) { msg("Error: failed to write info " @@ -5531,7 +5547,7 @@ /* get current checkpoint_lsn */ { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); mysql_mutex_lock(&recv_sys.mutex); dberr_t err = recv_sys.find_checkpoint(); log_sys.latch.wr_unlock(); @@ -5592,7 +5608,7 @@ } /* label it */ - recv_sys.file_checkpoint = log_sys.next_checkpoint_lsn; + recv_sys.file_checkpoint = log_sys.last_checkpoint_lsn; log_hdr_init(); /* Write log header*/ if (ds_write(dst_log_file, log_hdr_buf, 12288)) { @@ -5623,7 +5639,7 @@ mysql_mutex_lock(&recv_sys.mutex); backup_log_parse = recv_sys.get_backup_parser(); - recv_sys.lsn = log_sys.next_checkpoint_lsn; + recv_sys.lsn = log_sys.last_checkpoint_lsn; const bool log_copy_failed = xtrabackup_copy_logfile(true); @@ -5682,7 +5698,7 @@ backup_datasinks.destroy(); msg("Redo log (from LSN " LSN_PF " to " LSN_PF ") was copied.", - log_sys.next_checkpoint_lsn, recv_sys.lsn); + log_sys.last_checkpoint_lsn.load(), recv_sys.lsn); xb_filters_free(); xb_data_files_close(); @@ -6941,7 +6957,7 @@ if (xtrabackup_incremental) { char inc_filename[FN_REFLEN]; - sprintf(inc_filename, "%s/%s", xtrabackup_incremental_dir, + snprintf(inc_filename, sizeof(inc_filename), "%s/%s", xtrabackup_incremental_dir, MB_CORRUPTED_PAGES_FILE); corrupted_pages.read_from_file(inc_filename); } @@ -7010,14 +7026,14 @@ metadata_last_lsn = incremental_last_lsn; } - sprintf(filename, "%s/%s", xtrabackup_target_dir, MB_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_target_dir, MB_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("mariabackup: Error: failed to write metadata " "to '%s'", filename); ok = false; } else if (xtrabackup_extra_lsndir) { - sprintf(filename, "%s/%s", xtrabackup_extra_lsndir, MB_METADATA_FILENAME); + snprintf(filename, sizeof(filename), "%s/%s", xtrabackup_extra_lsndir, MB_METADATA_FILENAME); if (!xtrabackup_write_metadata(filename)) { msg("mariabackup: Error: failed to write " "metadata to '%s'", filename); @@ -7294,6 +7310,13 @@ die("could not initialize error messages"); } + +my_bool xb_early_options(const struct my_option *opt, const char *argument, + const char *) +{ + return 0; +} + /** Handle mariabackup options. The options are handled with the following order: @@ -7354,7 +7377,6 @@ mysqld_args.push_back(argv[0]); mariabackup_args.push_back(argv[0]); - /* scan options for group and config file to load defaults from */ for (i= 1; i < argc; i++) { char *optend= strcend(argv[i], '='); @@ -7366,41 +7388,45 @@ } else mariabackup_args.push_back(argv[i]); - - if (strncmp(argv[i], "--defaults-group", optend - argv[i]) == 0) - { - defaults_group= optend + 1; - server_default_groups.push_back(defaults_group); - } - else if (strncmp(argv[i], "--login-path", optend - argv[i]) == 0) - { - append_defaults_group(optend + 1, xb_client_default_groups, - array_elements(xb_client_default_groups)); - } - else if (!strncmp(argv[i], "--prepare", optend - argv[i])) - { - prepare= true; - } - else if (!strncmp(argv[i], "--apply-log", optend - argv[i])) - { - prepare= true; - } - else if (!strncmp(argv[i], "--incremental-dir", optend - argv[i]) && - *optend) - { - target_dir= optend + 1; - } - else if (!strncmp(argv[i], "--target-dir", optend - argv[i]) && - *optend && !target_dir) - { - target_dir= optend + 1; - } - else if (!*optend && argv[i][0] != '-' && !target_dir) - { - target_dir= argv[i]; - } } + mariabackup_args.push_back(nullptr); + *argv_client= *argv_server= *argv_backup= &mariabackup_args[0]; + int argc_backup= static_cast(mariabackup_args.size() - 1); + int argc_client= argc_backup; + int argc_server= argc_backup; + + auto early_args= mariabackup_args; + char **argv_early= &early_args[0]; + int argc_early= argc_backup; + + /* We want xtrabackup to ignore unknown options, because it only + recognizes a small subset of server variables */ + my_getopt_skip_unknown = TRUE; + + handle_options(&argc_early, &argv_early, xb_server_options, + xb_early_options); + argv_early--; argc_early++; + handle_options(&argc_early, &argv_early, xb_client_options, + xb_early_options); + + if (defaults_group) + server_default_groups.push_back(defaults_group); + + if (xtrabackup_prepare) + prepare= true; + + if (opt_login_path) + append_defaults_group(opt_login_path, xb_client_default_groups, + array_elements(xb_client_default_groups)); + + if (xtrabackup_incremental_dir) + target_dir= xtrabackup_incremental_dir; + else if (xtrabackup_target_dir != xtrabackup_real_target_dir) + target_dir= xtrabackup_target_dir; + else if (argc_early > 0) + target_dir= argv_early[0]; + server_default_groups.push_back(NULL); snprintf(conf_file, sizeof(conf_file), "my"); @@ -7418,12 +7444,6 @@ } } - mariabackup_args.push_back(nullptr); - *argv_client= *argv_server= *argv_backup= &mariabackup_args[0]; - int argc_backup= static_cast(mariabackup_args.size() - 1); - int argc_client= argc_backup; - int argc_server= argc_backup; - /* 1) Load server groups and process server options, ignore unknown options */ @@ -7439,10 +7459,6 @@ "# This MySQL options file was generated by XtraBackup.\n" "[" << defaults_group << "]\n"; - /* We want xtrabackup to ignore unknown options, because it only - recognizes a small subset of server variables */ - my_getopt_skip_unknown = TRUE; - /* Reset u_max_value for all options, as we don't want the --maximum-... modifier to set the actual option values */ for (my_option *optp= xb_server_options; optp->name; optp++) { diff -Nru mariadb-11.8.6/extra/mariadb_migrate_config_file.c mariadb-11.8.8/extra/mariadb_migrate_config_file.c --- mariadb-11.8.6/extra/mariadb_migrate_config_file.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/mariadb_migrate_config_file.c 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,2566 @@ +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2011, 2018, 2026 MariaDB Corporation + Copyright (c) 2024, Väinö Mäkelä + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA */ + +#define VER "1.0" +#include +#include "mariadbd_options.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if!defined (X_OK) && defined(_WIN32) +#define X_OK 0 /* Test existence of file with access() */ +#endif + + +#define load_default_groups mariadbd_groups +#include +#undef load_default_groups + +const char *mysqld_groups[]= +{ + "mysqld", "server", 0, 0 +}; + +const char *client_server_group= "client-server"; + +/* The following is from my_getopt.c */ +static const char *special_opt_prefix[]= +{"skip", "disable", "enable", "maximum", "loose", "autoset", 0}; +static const uint special_opt_prefix_lengths[]= +{ 4, 7, 6, 7, 5, 7, 0}; + +#ifndef WEXITSTATUS +# ifdef _WIN32 +# define WEXITSTATUS(stat_val) (stat_val) +# else +# define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +# endif +#endif + +struct upgrade_ctx +{ + MEM_ROOT *alloc; + TYPELIB *group; /* Default groups and extra groups */ + DYNAMIC_ARRAY updated_files; + my_bool failed; +}; + + +enum edit_mode +{ + EDIT_MODE_NONE, + EDIT_MODE_REMOVE, + EDIT_MODE_COMMENT, + EDIT_MODE_INLINE, + EDIT_MODE_LAST, +}; + +static const char *edit_mode_values[]= +{ + "", "remove", "comment", "inline", "last", NullS +}; +static TYPELIB edit_mode_typelib= +{array_elements(edit_mode_values) - 1, "", edit_mode_values, NULL, NULL}; + +enum from_mode +{ + FROM_MYSQL, + FROM_MARIADB, +}; + +static const char *from_mode_values[]= +{ + "MySQL", "MariaDB", NullS +}; +static TYPELIB from_mode_typelib= +{array_elements(from_mode_values) - 1, "", from_mode_values, NULL, NULL}; + +struct RENAMED_OPTIONS +{ + const char *from, *to; +}; + +struct RENAMED_OPTIONS renamed_options[]= +{ + {"innodb_stats_sample_pages", "innodb_stats_transient_sample_pages" }, + {NullS, NullS}, +}; + + +LEX_CSTRING mysql_name= {STRING_WITH_LEN("mysql")}; +LEX_CSTRING mysqld_name= {STRING_WITH_LEN("mysqld")}; +LEX_CSTRING mariadb_name= {STRING_WITH_LEN("mariadb")}; + +static const char *opt_error_group="mysqld-5.7"; +static const char *opt_unsupported_group="options-not-recognized-by-mariadbd"; +static my_bool opt_update; +static my_bool opt_backup; +static my_bool opt_print; +static my_bool opt_no_myisam_options; +static my_bool opt_add_skip_slave_start; +static my_bool opt_add_mariadb_replication_compatibility; +static my_bool opt_add_mysql_replication_compatibility; +static my_bool opt_add_client_server_group; +static my_bool opt_silent; +static my_bool opt_update_paths; +static my_bool opt_copy_mysqld_groups; +static my_bool add_new_options_once=0, new_options_added= 0; +static uint audit_plugin_warning= 0; +static const char **groups_to_use; +static const char *opt_mariadbd= ""; +static ulong opt_edit_mode, opt_convert_from; +static size_t global_copied_lines=0, global_unsupported_lines= 0; +static size_t global_mariadbd_additions= 0; + +static PSI_memory_key key_memory_upgrade_config; +static PSI_file_key key_file_cnf; +static size_t global_update_count= 0; +static my_bool give_error_for_missing_files= 0; +static my_bool opt_mariadbd_testing; +static const char *mariadb_replication_compatibility_comment= + "# The following options enable MySQL to replicate to MariaDB"; +static const char *mysql_replication_compatibility_comment= + "# The following options enable MariaDB to replicate to MySQL"; + +/* Options found that require special handling */ +static longlong value_port; +static char *value_socket= 0; +static my_bool found_skip_slave_start= FALSE; +static my_bool found_innodb_log_files_in_group= 0; +static my_bool found_innodb_log_file_size= 0; +static my_bool found_character_set_server= 0; +static my_bool found_client_server_group= 0; +static my_bool found_mariadb_replication_compatibility= 0; +static my_bool found_mysql_replication_compatibility= 0; + +static uint value_innodb_log_files_in_group= 0; +static ulonglong value_innodb_log_file_size= 0; +static char suffix_innodb_log_file_size; + + +#ifdef _WIN32 +static const char *f_extensions[]= { ".ini", ".cnf", 0 }; +#else +static const char *f_extensions[]= { ".cnf", 0 }; +#endif + +static uint count_array_elements(DYNAMIC_ARRAY *array); +static my_bool delete_line(DYNAMIC_ARRAY *array, char *line); + +/** + Remove the -upgrade-config-orig backups of the updated files if + successful and replace the updated files with the backups if not. +*/ + +static int finish_updated_files(struct upgrade_ctx *ctx, my_bool success) +{ + size_t i; + if (!opt_silent && success && ctx->updated_files.elements) + fputs("Updated files:\n", stdout); + for (i= 0; i < ctx->updated_files.elements; i++) + { + char *name = *(char **)dynamic_array_ptr(&ctx->updated_files, i); + const char *suffix = "-upgrade-config-orig"; + size_t orig_len = strlen(name) + strlen(suffix) + 1; + char *orig = my_malloc(key_memory_upgrade_config, orig_len, MYF(MY_WME)); + if (!orig) + return 1; + strmov(strmov(orig, name), suffix); + if (success) + { + fprintf(stdout, "%s\n", name); + my_delete(orig, MYF(0)); + } + else + { + if (my_redel(name, orig, 0, MYF(MY_WME | MY_REDEL_MAKE_BACKUP))) + { + my_free(orig); + return 1; + } + } + my_free(orig); + my_free(name); + } + delete_dynamic(&ctx->updated_files); + return 0; +} + + +/** + Run a command using the shell, storing its output in the supplied dynamic + string. +*/ +static int run_command(char* cmd, + DYNAMIC_STRING *ds_res) +{ + char buf[512]= {0}; + FILE *res_file; + int error; + + if (!(res_file= my_popen(cmd, "r"))) + { + fprintf(stderr, "popen(\"%s\", \"r\") failed\n", cmd); + return -1; + } + + while (fgets(buf, sizeof(buf), res_file)) + { +#ifdef _WIN32 + /* Strip '\r' off newlines. */ + size_t len = strlen(buf); + if (len > 1 && buf[len - 2] == '\r' && buf[len - 1] == '\n') + { + buf[len - 2] = '\n'; + buf[len - 1] = 0; + } +#endif + dynstr_append(ds_res, buf); + } + + error= my_pclose(res_file); + return WEXITSTATUS(error); +} + + +/** + Run `mariadbd --help --verbose` with the supplied arguments and write its + stderr output to ds_res. +*/ +static int run_mariadbd(const char *mariadbd_path, + DYNAMIC_STRING *ds_res, + const char **defaults_args, + int defaults_args_count) +{ + int ret; + int i; + DYNAMIC_STRING ds_cmdline; + + if (init_dynamic_string(&ds_cmdline, IF_WIN("\"", ""), FN_REFLEN, FN_REFLEN)) + { + fputs("Out of memory\n", stderr); + return -1; + } + + dynstr_append_os_quoted(&ds_cmdline, mariadbd_path, NullS); + dynstr_append(&ds_cmdline, " "); + + for (i= 0; i < defaults_args_count; i++) + { + dynstr_append_os_quoted(&ds_cmdline, defaults_args[i], NullS); + dynstr_append(&ds_cmdline, " "); + } + + dynstr_append(&ds_cmdline, "--help "); + dynstr_append(&ds_cmdline, "--verbose "); + dynstr_append(&ds_cmdline, "--silent-startup "); + dynstr_append(&ds_cmdline, "--log-warnings=0 "); + dynstr_append(&ds_cmdline, "2>&1 "); + dynstr_append(&ds_cmdline, IF_WIN("1>NUL", "1>/dev/null")); + +#ifdef _WIN32 + dynstr_append(&ds_cmdline, "\""); +#endif + + ret= run_command(ds_cmdline.str, ds_res); + dynstr_free(&ds_cmdline); + return ret; +} + + +/** + Test whether mariadbd can be launched with --no-defaults. +*/ +static int test_mariadbd(const char *mariadbd_name) +{ + DYNAMIC_STRING ds_tmp; + const char *defaults_argument = "--no-defaults"; + int err= 0; + + if (init_dynamic_string(&ds_tmp, "", 32, 32)) + { + fputs("Out of memory\n", stderr); + return -1; + } + + if (run_mariadbd(mariadbd_name, + &ds_tmp, + &defaults_argument, + 1)) + { + fprintf(stderr, "Can't execute %s\n", mariadbd_name); + err= 1; + } + + dynstr_free(&ds_tmp); + return err; +} + + +static int compare_options(const void *a, const void *b) +{ + const char *first= *(const char **)a; + const char *second= *(const char **)b; + return strcmp(first, second); +} + + +static my_bool mariadbd_option_exists(const char *option) +{ + return bsearch(&option, mariadbd_valid_options, + array_elements(mariadbd_valid_options), + sizeof(mariadbd_valid_options[0]), + compare_options) != NULL; +} + + +static my_bool mariadbd_valid_enum_value(const char *option, const char *value) +{ + const char **option_ptr= bsearch(&option, mariadbd_enum_options, + array_elements(mariadbd_enum_options), + sizeof(mariadbd_enum_options[0]), + compare_options); + longlong val; + int error; + if (!option_ptr) + return TRUE; + if (find_type(value, + mariadbd_enum_typelibs[option_ptr - mariadbd_enum_options], + FIND_TYPE_BASIC) != 0) + return TRUE; + val= my_strtoll10(value, (char**) 0, &error); + return (error == 0 && val < mariadbd_enum_typelibs[option_ptr - + mariadbd_enum_options]->count); +} + + +/** + Check whether the given value is a valid set value for the given + option. + Returns 0 on success and the first invalid set index on + failure. If the option is not a set option, returns 0. +*/ + +static int mariadbd_check_set_value(const char *option, const char *value) +{ + const char **option_ptr= bsearch(&option, mariadbd_set_options, + array_elements(mariadbd_set_options), + sizeof(mariadbd_set_options[0]), + compare_options); + TYPELIB *typelib; + int error_pos= 0; + if (!option_ptr) + return 0; + typelib = mariadbd_set_typelibs[option_ptr - mariadbd_set_options]; + find_typeset(value, typelib, &error_pos); + if (error_pos) + { + ulonglong num; + char *endptr; + + if (!my_strcasecmp_latin1(value, "all")) + return 0; + + num= strtol(value, &endptr, 10); + if (!*endptr) + { + if ((num >> 1) >= (1ULL << (typelib->count - 1))) + return 1; + return 0; + } + } + return error_pos; +} + + +enum plugin_check_result +{ + PLUGINS_OK, + AUDIT_PLUGIN, +}; + +static enum plugin_check_result check_plugins(const char *option, + const char *value) +{ + if (!strcmp(option, "plugin_load") || !strcmp(option, "plugin_load_add")) + { + if (!strcmp(value, "audit_log")) + return AUDIT_PLUGIN; + return PLUGINS_OK; + } + return PLUGINS_OK; +} + + +static my_bool check_plugin_option(struct upgrade_ctx *ctx, + const char *option, + const char *value, + char *name, + uint line) +{ + + enum plugin_check_result plugin_check_result; + + if ((plugin_check_result= check_plugins(option, value)) != PLUGINS_OK) + { + if (!opt_print) + { + switch (plugin_check_result) { + case PLUGINS_OK: break; /* Impossible */ + case AUDIT_PLUGIN: + if (!audit_plugin_warning++ && !opt_silent) + fprintf(stdout, "In %s at line %d: Please replace audit_log " + "with the server_audit plugin\n", name, line); + } + return 1; + } + } + return 0; +} + +/* + Skip over keyword and get argument after keyword + + SYNOPSIS + get_argument() + keyword Include directive keyword + kwlen Length of keyword + ptr Pointer to the keword in the line under process + line line number + + RETURN + 0 error + # Returns pointer to the argument after the keyword. +*/ + +static char *get_argument(const char *keyword, size_t kwlen, + char *ptr, char *name, uint line) +{ + char *end; + + /* Skip over "include / includedir keyword" and following whitespace */ + + for (ptr+= kwlen - 1; + my_isspace(&my_charset_latin1, ptr[0]); + ptr++) + {} + + /* + Trim trailing whitespace from directory name + The -1 below is for the newline added by fgets() + Note that my_isspace() is true for \r and \n + */ + for (end= ptr + strlen(ptr) - 1; + my_isspace(&my_charset_latin1, *(end - 1)); + end--) + {} + end[0]= 0; /* Cut off end space */ + + /* Print error msg if there is nothing after !include* directive */ + if (end <= ptr) + { + fprintf(stderr, + "error: Wrong '!%s' directive in config file: %s at line %d\n", + keyword, name, line); + return 0; + } + return ptr; +} + + +static char *find_end_comment(char *ptr) +{ + char quote= 0; /* we are inside quote marks */ + char escape= 0; /* symbol is protected by escape chagacter */ + + for (; *ptr; ptr++) + { + if ((*ptr == '\'' || *ptr == '\"') && !escape) + { + if (!quote) + quote= *ptr; + else if (quote == *ptr) + quote= 0; + } + /* We are not inside a string */ + if (!quote && *ptr == '#') + return ptr; + escape= (quote && *ptr == '\\' && !escape); + } + return ptr; +} + +struct generator +{ + /* the memory root for allocating line strings */ + MEM_ROOT alloc; + /* array of strings for the main content */ + DYNAMIC_ARRAY main; + /* + array of strings for options that should be added to the error_group + section + */ + DYNAMIC_ARRAY old_version; + /* + array of strings for options that should be added to the unsupported_group + section + */ + DYNAMIC_ARRAY unsupported_version; + /* array of strings to be added to the mariadbd section */ + DYNAMIC_ARRAY mariadbd_additions; + /* array of strings to be added to the client_server section */ + DYNAMIC_ARRAY client_server; + + struct upgrade_ctx *ctx; /* Current context */ + + const char *name; /* config file name */ + int start_of_group; /* Start of current group */ + int mariadbd_group_start; /* Start of last mariadbd group */ + uint line; /* Current line number */ + /* + one past the last index of the original mariadbd section in the main array + */ + int mariadbd_group_end; + /* the current group from which options are read */ + const char *input_group; + /* + The current group in the generated output. This may be different from + input_group if lines are moved between groups. + */ + char *output_group; + /* whether last main line is empty or not */ + my_bool prev_empty; + /* If we should copy [mysqld-xxx] options to [mariadbd] */ + my_bool copy_code_to_mariadb; + /* If current file is valid */ + my_bool file_valid; +}; + +static void generator_init(struct generator *generator) +{ + init_alloc_root(key_memory_upgrade_config, &generator->alloc, 512, 0, MYF(0)); + init_dynamic_array2(key_memory_upgrade_config, + &generator->main, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + init_dynamic_array2(key_memory_upgrade_config, + &generator->old_version, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + init_dynamic_array2(key_memory_upgrade_config, + &generator->unsupported_version, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + init_dynamic_array2(key_memory_upgrade_config, + &generator->mariadbd_additions, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + init_dynamic_array2(key_memory_upgrade_config, + &generator->client_server, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + generator->mariadbd_group_end= -1; + generator->input_group= NULL; + generator->output_group= NULL; + /* don't add extra newlines to the beginning */ + generator->prev_empty= TRUE; + generator->copy_code_to_mariadb= 0; +} + + +/* + Delete data in mariadbd_additions that was found in last [mariadbd] group + + This is needed to ensure that we don't generate new lines into the + [mariadbd] group if we run the program twice on it +*/ + +static void delete_dup_data_from_mariadbd_group(struct generator *generator) +{ + if (generator->mariadbd_group_end >= 0) + { + for (int i= generator->mariadbd_group_start; + i < generator->mariadbd_group_end; + i++) + { + char *element= *(char **) dynamic_array_ptr(&generator->main, i); + delete_line(&generator->mariadbd_additions, element); + } + } +} + + +static my_bool change_output_group(struct generator *generator, + const char *group) +{ + char *group_dupe= my_strdup(key_memory_upgrade_config, group, MYF(0)); + if (!group_dupe) + return TRUE; + my_free(generator->output_group); + generator->output_group= group_dupe; + return FALSE; +} + +/* + Generate output lines for one section + Returns number of lines added +*/ + + +static int generate_write_section(FILE *target_file, + struct generator *generator, + DYNAMIC_ARRAY *array, + const char *group_name) +{ + int lines= 0; + if (array->elements > 0) + { + if (!generator->prev_empty) + fputc('\n', target_file); + fprintf(target_file, "[%s]\n", group_name); + change_output_group(generator, group_name); + for (uint i= 0; i < array->elements; i++) + { + char *element= *(char **)dynamic_array_ptr(array, i); + if (element) + { + fputs(element, target_file); + lines++; + } + } + generator->prev_empty= 0; + } + return lines; +} + + +/* + Generate output lines + Returns true if file changed +*/ + +static my_bool generator_write(MYSQL_FILE *f, struct generator *generator) +{ + FILE *target_file= f ? f->m_file : stdout; + size_t i; + size_t lines_handled= 0; + size_t new_lines; + + delete_dup_data_from_mariadbd_group(generator); + + if (generator->mariadbd_group_end >= 0) + { + /* + There was a mariadbd group in the file. Put all generated mariadbd + options into this group. + */ + for (i= 0; i < (size_t)generator->mariadbd_group_end; i++) + { + char *element= *(char **) dynamic_array_ptr(&generator->main, i); + fputs(element, target_file); + } + for (i= 0; i < generator->mariadbd_additions.elements; i++) + { + char *element= (*(char **) + dynamic_array_ptr(&generator->mariadbd_additions, i)); + if (element) /* Ignore deleted elements */ + { + fputs(element, target_file); + generator->prev_empty= element[0] == '\n'; + lines_handled++; + } + } + for (i= (size_t)generator->mariadbd_group_end; + i < generator->main.elements; + i++) + { + char *element= *(char **) dynamic_array_ptr(&generator->main, i); + fputs(element, target_file); + generator->prev_empty= element[0] == '\n'; + } + } + else + { + for (i= 0; i < generator->main.elements; i++) + { + char *element= *(char **) dynamic_array_ptr(&generator->main, i); + fputs(element, target_file); + generator->prev_empty= element[0] == '\n'; + } + + if (count_array_elements(&generator->mariadbd_additions) > 0) + lines_handled+= generate_write_section(target_file, + generator, + &generator->mariadbd_additions, + "mariadbd"); + } + generate_write_section(target_file, generator, + &generator->old_version, opt_error_group); + generate_write_section(target_file, generator, + &generator->unsupported_version, + opt_unsupported_group); + generate_write_section(target_file, generator, + &generator->client_server, + client_server_group); + + new_lines= (lines_handled + generator->old_version.elements + + generator->unsupported_version.elements + + generator->client_server.elements); + if (new_lines) + { + global_update_count+= new_lines; + generator->copy_code_to_mariadb= 0; + } + return new_lines != 0; +} + + +static void generator_count_lines(struct generator *generator) +{ + int mariadbd_additions; + + delete_dup_data_from_mariadbd_group(generator); + mariadbd_additions= count_array_elements(&generator->mariadbd_additions); + global_mariadbd_additions+= mariadbd_additions; + global_update_count+= (mariadbd_additions + + generator->old_version.elements + + generator->unsupported_version.elements + + generator->client_server.elements); + global_copied_lines+= generator->old_version.elements; + global_unsupported_lines+= generator->unsupported_version.elements; +} + + +static void report_line_changes() +{ + if (!opt_print && !opt_silent && opt_edit_mode == EDIT_MODE_NONE) + { + if (global_mariadbd_additions) + fprintf(stdout, "%lld line/lines would be copied to [mariadbd] group\n", + (longlong) global_mariadbd_additions); + if (global_copied_lines > 0) + fprintf(stdout, "%lld line/lines would be copied to [%s] group\n", + (longlong) global_copied_lines, opt_error_group); + if (global_unsupported_lines) + fprintf(stdout, "%lld line/lines would be copied to [%s] group\n", + (longlong) global_unsupported_lines, opt_unsupported_group); + } +} + + +static void generator_free(struct generator *generator) +{ + free_root(&generator->alloc, MYF(0)); + delete_dynamic(&generator->main); + delete_dynamic(&generator->old_version); + delete_dynamic(&generator->unsupported_version); + delete_dynamic(&generator->mariadbd_additions); + delete_dynamic(&generator->client_server); + my_free(generator->output_group); +} + + +/* Called on include of new default file */ + +static void generator_reset(struct generator *generator) +{ + generator->main.elements= 0; + generator->old_version.elements= 0; + generator->unsupported_version.elements= 0; + generator->mariadbd_additions.elements= 0; + generator->mariadbd_group_end= -1; +} + + +static char *print_alloc(MEM_ROOT *alloc, const char *format, va_list args) +{ + int length; + char *p= NULL; + va_list args2; + va_copy(args2, args); + + length= vsnprintf(p, 0, format, args) + 1; + p= alloc_root(alloc, length); + if (!p) + return NULL; + vsnprintf(p, length, format, args2); + va_end(args2); + return p; +} + +static my_bool vadd_line(MEM_ROOT *alloc, DYNAMIC_ARRAY *array, + const char *format, va_list args) +{ + char *p; + p= print_alloc(alloc, format, args); + if (!p) + return TRUE; + return insert_dynamic(array, &p); +} + +static my_bool add_line(MEM_ROOT *alloc, DYNAMIC_ARRAY *array, + const char *format, ...) +{ + va_list args; + my_bool res; + va_start(args, format); + res= vadd_line(alloc, array, format, args); + va_end(args); + return res; +} + +/* + Delete elements from array if it already exits. + + Delete is done by setting pointer to string element to 0; +*/ + +static my_bool delete_line(DYNAMIC_ARRAY *array, char *line) +{ + for (uint i= 0; i < array->elements ; i++) + { + char *element= *dynamic_element(array, i, char**); + if (element && !strcmp(element, line)) + { + *((char**) dynamic_array_ptr(array, i))= NullS; + return 1; + } + } + return 0; +} + + +/* Count not null elements in the array */ + +static uint count_array_elements(DYNAMIC_ARRAY *array) +{ + uint count= 0; + for (uint i= 0; i < array->elements ; i++) + if (*dynamic_element(array, i, char**)) + count++; + return count; +} + +enum line_type +{ + LINE_TYPE_EMPTY, + LINE_TYPE_OPTION, + LINE_TYPE_OTHER, + LINE_TYPE_PASSTHROUGH +}; + + +static my_bool add_main_line(struct generator *generator, enum line_type type, + const char *format, ...) +{ + va_list args; + my_bool res; + /* Ensure that --print without edit doesn't loose space */ + my_bool delay_empty= (type == LINE_TYPE_EMPTY && + opt_edit_mode != EDIT_MODE_NONE); + + /* generator->input_group is empty for comments at top of include files */ + if (!delay_empty && generator->input_group && + (!generator->output_group || + strcmp(generator->input_group, generator->output_group))) + { + if (add_line(&generator->alloc, &generator->main, + generator->prev_empty ? "[%s]\n" : "\n[%s]\n", + generator->input_group)) + return TRUE; + if (change_output_group(generator, generator->input_group)) + return TRUE; + generator->start_of_group= (int) generator->main.elements; + } + va_start(args, format); + res= vadd_line(&generator->alloc, &generator->main, format, args); + va_end(args); + if (!res) + { + if (type == LINE_TYPE_OPTION && + !strcmp(generator->input_group, "mariadbd")) + { + generator->mariadbd_group_start= generator->start_of_group; + generator->mariadbd_group_end= (int) generator->main.elements; + } + + generator->prev_empty= (type == LINE_TYPE_EMPTY); + } + return res; +} + + +/* + Change file paths from /mysql ending with /, \, . space or \n to /mariadbd + + If string contains 'from' return allocated string otherwise return + NullS +*/ + +char *change_file_path(const char *line, LEX_CSTRING *from, LEX_CSTRING *to) +{ + const char *pos; + + for (pos= line ; (pos= strstr(pos, from->str)); pos++) + { + char end= pos[from->length]; + if (pos != line && (pos[-1] == '/' || pos[-1] == '\\') && + (end == pos[-1] || end == 0 || my_isspace(&my_charset_latin1, end) || + end == '.')) + { + /* Found path, change 'from' to 'to' */ + char *path= my_malloc(key_memory_upgrade_config, + strlen(line) - from->length + to->length + 1, + MYF(MY_WME)); + if (!path) + break; + memcpy(path, line, (size_t) (pos - line)); + strxmov(path + (pos - line), to->str, pos + from->length, NullS); + return path; + } + } + return NullS; +} + + + +/* Change path with warning */ + +static char *path_changed(struct generator *generator, const char *line) +{ + char *new_line; + if (!(new_line= change_file_path(line, &mysql_name, &mariadb_name)) && + !(new_line= change_file_path(line, &mysqld_name, &mariadb_name))) + return 0; + + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE) + { + fprintf(stdout, "In %s at line %d: '%.*s' would be " + "replaced with '%.*s'\n", generator->name, generator->line, + (int) strlen(line)-1, line, + (int) strlen(new_line)-1, new_line); + global_update_count++; + // generator->ctx->failed= 1; + } + return new_line; +} + + +/* + find new name of renamed option +*/ + +const char *renamed_option(const char *option) +{ + struct RENAMED_OPTIONS *options; + for (options= renamed_options; options->from ; options++) + if (!strcmp(option, options->from)) + return options->to; + return 0; +} + + +void error_unknown_option(struct generator *generator, + struct upgrade_ctx *ctx, + const char *option, const char *value, + const char *org_line) +{ + const char *renamed; + + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE && + !generator->copy_code_to_mariadb) + { + if ((renamed= renamed_option(option))) + { + if (value) + fprintf(stdout, "In %s at line %u: '%.*s' would be " + "replaced with '%s=%.*s'\n", generator->name, generator->line, + (int) strlen(org_line)-1, org_line, renamed, + (int) strlen(value)-1, value); + else + fprintf(stdout, "In %s at line %u: '%.*s' would be " + "replaced with '%s'\n", generator->name, generator->line, + (int) strlen(org_line)-1, org_line, renamed); + } + else + { + fprintf(stdout, "In %s at line %u: Invalid option %s\n", generator->name, + generator->line, option); + } + // ctx->failed= 1; + global_update_count++; + } + if (!strncmp(option, STRING_WITH_LEN("audit_log")) && + !audit_plugin_warning++ && !opt_silent) + fprintf(stdout, "Warning: Please replace audit_log with the server_audit " + "plugin\n"); +} + + +/* + Store value for socket= option if used + @return 1 if socket found + @return 0 no socket. +*/ + +my_bool check_if_socket(const char *option, const char *value) +{ + if (!strcmp(option, "socket")) + { + const char *end; + my_free(value_socket); + + /* The string may have an '\n' if paths has changed */ + if (!(end= strchr(value, '\n'))) + end= strend(value); + value_socket= my_strndup(key_memory_upgrade_config, value, (end-value), + MYF(MY_WME)); + return 1; /* Socket found */ + } + return 0; +} + +/** + Write the given line to generator output as specified by opt_edit_mode. + Returns false on success and true on failure. +*/ +static my_bool generator_add_line(struct generator *generator, const char *line, + enum line_type type, my_bool is_valid) +{ + if (generator->copy_code_to_mariadb && is_valid && type != LINE_TYPE_EMPTY) + { + /* Copy lines from [mysqld-XXX] group to [mariadbd] */ + const char *pos= line, *new_line= 0; + if (opt_update_paths && + (new_line= path_changed(generator, line))) + pos= new_line; + add_line(&generator->alloc, &generator->mariadbd_additions, "%s", pos); + my_free((char*) new_line); + } + if (generator->copy_code_to_mariadb) + is_valid= 1; /* Print line to [mysqld-XXX] groups */ + + switch (opt_edit_mode) { + case EDIT_MODE_REMOVE: + global_update_count+= MY_TEST(!is_valid); + return is_valid ? add_main_line(generator, type, "%s", line) : FALSE; + case EDIT_MODE_LAST: + if (is_valid || type == LINE_TYPE_EMPTY) + return add_main_line(generator, type, "%s", line); + if (strcmp(generator->input_group, "mariadbd")) + return add_line(&generator->alloc, &generator->old_version, "%s", line); + return add_line(&generator->alloc, &generator->unsupported_version, "%s", + line); + case EDIT_MODE_COMMENT: + global_update_count+= MY_TEST(!is_valid); + return add_main_line(generator, type, is_valid ? "%s" : "#%s", line); + case EDIT_MODE_INLINE: + { + const char *old_input_group= generator->input_group; + my_bool res= TRUE; + global_update_count+= MY_TEST(!is_valid); + if (!is_valid) + generator->input_group= (strcmp(generator->input_group, "mariadbd") ? + opt_error_group : + opt_unsupported_group); + if (!add_main_line(generator, is_valid ? type : LINE_TYPE_OTHER, "%s", + line)) + res= FALSE; + generator->input_group= old_input_group; + return res; + } + case EDIT_MODE_NONE: + return opt_print ? add_main_line(generator, type, "%s", line) : 0; + } + return TRUE; +} + + +static int process_default_file_with_ext(struct upgrade_ctx *ctx, + const char *dir, const char *ext, + const char *config_file, + int recursion_level) +{ + char name[FN_REFLEN + 10], buff[4096], curr_gr[4096], *ptr, *end, **tmp_ext; + char tmp_name[FN_REFLEN + 30], restored_name[FN_REFLEN + 30]; + char option_buff[4096+2], conv_option[128], tmp[FN_REFLEN]; + char *value, *option, *option_value_start, *new_line, *end_of_option; + const char *renamed; + static const char includedir_keyword[]= "includedir"; + static const char include_keyword[]= "include"; + const int max_recursion_level= 10; + MYSQL_FILE *fp; + MYSQL_FILE *tmp_fp= NULL; + my_bool group_is_mariadbd= FALSE; + my_bool group_is_mysqld= FALSE; + uint option_start; + enum { NONE, PARSE, SKIP } found_group= NONE; + my_bool skip_prefix= 0, generator_inited= 0; + size_t i; + MY_DIR *search_dir; + FILEINFO *search_file; + struct generator generator; + + if (recursion_level == 0) + { + value_port= 0; + my_free(value_socket); + value_socket= 0; + found_skip_slave_start= FALSE; + found_innodb_log_files_in_group= 0; + found_innodb_log_file_size= 0; + found_character_set_server= 0; + value_innodb_log_files_in_group= 0; + value_innodb_log_file_size= 0; + suffix_innodb_log_file_size= 0; + found_mariadb_replication_compatibility= 0; + found_mysql_replication_compatibility= 0; + found_client_server_group= 0; + } + + if (safe_strlen(dir) + strlen(config_file) >= FN_REFLEN-3) + return 0; /* Ignore wrong paths */ + if (dir) + { + end=convert_dirname(name, dir, NullS); + if (dir[0] == FN_HOMELIB) /* Add . to filenames in home */ + *end++='.'; + strxmov(end,config_file,ext,NullS); + } + else + { + strmov(name,config_file); + } + fn_format(name,name,"","",4); +#if !defined(_WIN32) + { + MY_STAT stat_info; + if (!my_stat(name,&stat_info, + MYF(give_error_for_missing_files ? MY_WME : 0))) + return 1; + /* + Ignore world-writable regular files (exceptions apply). + This is mainly done to protect us to not read a file that may be + modified by anyone. + + Also check access so that read only mounted (EROFS) + or immutable files (EPERM) that are suitable protections. + + The main case we are allowing is a container readonly volume mount + from a filesystem that doesn't have unix permissions. This will + have a 0777 permission and access will set errno = EROFS. + + Note if a ROFS has a file with permissions 04n6, access sets errno + EACCESS, rather the ROFS, so in this case we'll error, even though + the ROFS is protecting the file. + + An ideal, race free, implementation would do fstat / fstatvfs / ioctl + for permission, read only filesystem, and immutability resprectively. + */ + if ((stat_info.st_mode & S_IWOTH) && + (stat_info.st_mode & S_IFMT) == S_IFREG && + (access(name, W_OK) == 0 || (errno != EROFS && errno != EPERM))) + { + fprintf(stderr, "Warning: World-writable config file '%s' is ignored\n", + name); + return 0; + } + } +#endif + if (!(fp= mysql_file_fopen(key_file_cnf, name, O_RDONLY, MYF(MY_WME)))) + return 1; /* Ignore wrong files */ + + if (opt_update) + { + strmov(strmov(tmp_name, name), "-upgrade-config"); + strmov(strmov(restored_name, name), "-upgrade-config-orig"); + if (!(tmp_fp= mysql_file_fopen(key_file_cnf, tmp_name, + O_RDWR | O_CREAT | O_TRUNC, MYF(0)))) + { + fprintf(stderr, "error: Failed to open %s for writing: %s\n", tmp_name, + strerror(errno)); + goto err; + } + } + + generator_init(&generator); + generator_inited= 1; + generator.name= name; + generator.ctx= ctx; + generator.file_valid= TRUE; + generator.line= 0; + + if (opt_print || (opt_edit_mode != EDIT_MODE_NONE && !opt_update)) + fprintf(stdout, "### File %s:\n", name); + while (mysql_file_fgets(buff, sizeof(buff) - 3, fp)) + { + my_bool line_valid= TRUE; + int invalid_set_index; + generator.line++; + /* Ignore comment and empty lines */ + for (ptr= buff; my_isspace(&my_charset_latin1, *ptr); ptr++) + {} + + /* Ensure line ends with \n (delete_line code depends one this) */ + end= strend(ptr); + if (end != ptr && end[-1] != '\n') + { + end[0]= '\n'; + end[1]= 0; + } + + if (*ptr == '#' || *ptr == ';' || !*ptr) + { + if (is_prefix(ptr, mariadb_replication_compatibility_comment)) + { + /* File is already updated */ + found_mariadb_replication_compatibility= 0; + } + if (is_prefix(ptr, mysql_replication_compatibility_comment)) + { + /* File is already updated */ + found_mysql_replication_compatibility= 0; + } + generator_add_line(&generator, buff, + *ptr ? LINE_TYPE_OTHER : LINE_TYPE_EMPTY, line_valid); + continue; + } + + /* Configuration File Directives */ + if (*ptr == '!' || *ptr == '?') + { + /* Write out current cached items before include directive */ + my_bool prev_empty= generator.prev_empty; + if (opt_print || opt_update) + { + if (generator_write(tmp_fp, &generator)) + generator.file_valid= FALSE; + } + else + generator_count_lines(&generator); + generator_reset(&generator); + /* Ensure that when using --print we get !include next */ + if (prev_empty && !generator.prev_empty) + generator_add_line(&generator, "\n", LINE_TYPE_EMPTY, 1); + generator_add_line(&generator, buff, LINE_TYPE_PASSTHROUGH, 1); + generator_write(tmp_fp, &generator); + generator_reset(&generator); + + if (recursion_level >= max_recursion_level) + { + for (end= ptr + strlen(ptr) - 1; + my_isspace(&my_charset_latin1, *(end - 1)); + end--) + {} + end[0]= 0; + fprintf(stderr, + "Warning: skipping '%s' directive as maximum include" + "recursion level was reached in file %s at line %d\n", + ptr, name, generator.line); + continue; + } + + /* skip over `!' and following whitespace */ + for (++ptr; my_isspace(&my_charset_latin1, ptr[0]); ptr++) + {} + + if ((!strncmp(ptr, includedir_keyword, + sizeof(includedir_keyword) - 1)) && + my_isspace(&my_charset_latin1, ptr[sizeof(includedir_keyword) - 1])) + { + if (!(ptr= get_argument(includedir_keyword, + sizeof(includedir_keyword), + ptr, name, generator.line))) + goto err; + + if (!(search_dir= my_dir(ptr, MYF(MY_WME | MY_WANT_SORT)))) + goto err; + + for (i= 0; i < search_dir->number_of_files; i++) + { + search_file= search_dir->dir_entry + i; + ext= fn_ext2(search_file->name); + + /* check extension */ + for (tmp_ext= (char**) f_extensions; *tmp_ext; tmp_ext++) + { + if (!strcmp(ext, *tmp_ext)) + break; + } + + if (*tmp_ext) + { + fn_format(tmp, search_file->name, ptr, "", + MY_UNPACK_FILENAME | MY_SAFE_PATH); + + process_default_file_with_ext(ctx, "", "", tmp, + recursion_level + 1); + if (opt_print || (opt_edit_mode != EDIT_MODE_NONE && !opt_update)) + fprintf(stdout, "### Back in %s:\n", name); + } + } + + my_dirend(search_dir); + } + else if ((!strncmp(ptr, include_keyword, sizeof(include_keyword) - 1)) && + my_isspace(&my_charset_latin1, ptr[sizeof(include_keyword)-1])) + { + if (!(ptr= get_argument(include_keyword, + sizeof(include_keyword), ptr, + name, generator.line))) + goto err; + + process_default_file_with_ext(ctx, "", "", ptr, recursion_level + 1); + if (opt_print || (opt_edit_mode != EDIT_MODE_NONE && !opt_update)) + fprintf(stdout, "### Back in %s:\n", name); + } + continue; + } + + if (*ptr == '[') /* Group name */ + { + if (!(end=(char *) strchr(++ptr,']'))) + { + fprintf(stderr, + "error: Wrong group definition in config file: %s at line %d\n", + name, generator.line); + goto err; + } + /* Remove end space */ + for ( ; my_isspace(&my_charset_latin1,end[-1]) ; end--) ; + end[0]=0; + + strmake(curr_gr, ptr, MY_MIN((size_t) (end-ptr), sizeof(curr_gr)-1)); + group_is_mariadbd= !strcmp(curr_gr, "mariadbd"); + group_is_mysqld= (!strcmp(curr_gr, "mysqld") || + !strcmp(curr_gr, "server")); + found_client_server_group|= !strcmp(curr_gr, client_server_group); + + generator.copy_code_to_mariadb= 0; + found_group= find_type(curr_gr, ctx->group, FIND_TYPE_NO_PREFIX) + ? PARSE : SKIP; + /* Ensure we process all groups with the mysqld prefix */ + if (found_group == SKIP) + { + if (!strncmp(curr_gr, "mysqld-", 7) && opt_copy_mysqld_groups) + { + found_group= PARSE; + /* Copy all valid code from the mysqld- group to the mariadbd group */ + generator.copy_code_to_mariadb= 1; + } + } + + generator.input_group= curr_gr; + if (found_group == PARSE && group_is_mariadbd) + { + /** + Force the mariadbd group to be emitted to allow potentially adding + new lines to it. + */ + generator_add_line(&generator, "", LINE_TYPE_OPTION, TRUE); + } + continue; + } + switch (found_group) { + case NONE: + fprintf(stderr, + "error: Found option without preceding group in config " + "file: %s at line: %d\n", + name, generator.line); + goto err; + case PARSE: + if (opt_print && opt_edit_mode == EDIT_MODE_NONE) + { + generator_add_line(&generator, buff, LINE_TYPE_OPTION, TRUE); + continue; + } + break; + case SKIP: + if (group_is_mariadbd && + (opt_edit_mode == EDIT_MODE_INLINE || + opt_edit_mode == EDIT_MODE_LAST)) + { + /* Remove lines with the /mysql/ path */ + char *pos= change_file_path(buff, &mariadb_name, &mysql_name); + if (pos) + { + delete_line(&generator.mariadbd_additions, pos); + my_free(pos); + } + delete_line(&generator.mariadbd_additions, buff); + } + generator_add_line(&generator, buff, LINE_TYPE_OPTION, line_valid); + continue; + } + + end= end_of_option= find_end_comment(ptr); + if ((value= strchr(ptr, '=')) && value < end_of_option) + end= value; + else + value= 0; + + for ( ; my_isspace(&my_charset_latin1,end[-1]) ; end--) + ; + ptr= strmake(option_buff, ptr, (size_t) (end-ptr)); + + /* Change '-' to '_' in the option */ + { + char *from, *from_end, *to; + from_end= option_buff + sizeof(conv_option)-1; + for (from= option_buff, to= conv_option; + *from && from < from_end; + from++, to++) + *to= (*from == '-') ? '_' : *from; + *to= 0; + option_start= 0; + skip_prefix= 0; + + /* Ignore some prefix */ + for (uint i= 0; special_opt_prefix[i] ; i++) + { + if (!strncmp(conv_option, special_opt_prefix[i], + special_opt_prefix_lengths[i]) && + conv_option[special_opt_prefix_lengths[i]] == '_' && + conv_option[special_opt_prefix_lengths[i]+1]) + { + option_start= special_opt_prefix_lengths[i]+1; + skip_prefix= i == 0; /* skip- */ + break; + } + } + } + option= conv_option + option_start; + + if (value) + { + /* Remove pre- and end space */ + char *value_end; + my_bool tmp; + + for (value++ ; my_isspace(&my_charset_latin1,*value); value++) ; + value_end= end_of_option; + /* + We don't have to test for value_end >= value as we know there is + an '=' before + */ + for ( ; my_isspace(&my_charset_latin1,value_end[-1]) ; value_end--) ; + if (value_end < value) /* Empty string */ + value_end= value; + + /* remove quotes around argument */ + if ((*value == '\"' || *value == '\'') && /* First char is quote */ + (value + 1 < value_end ) && /* String is longer than 1 */ + *value == value_end[-1] ) /* First char is equal to last char */ + { + value++; + value_end--; + } + *ptr++= 0; + option_value_start= ptr; + + tmp= mariadbd_option_exists(option); + if (!tmp && skip_prefix && mariadbd_option_exists(conv_option)) + { + /* Option only exists with the 'skip-' prefix */ + tmp= 1; + option= conv_option; /* Option with skip- prefix */ + } + if (!tmp) + { + if (generator.copy_code_to_mariadb) /* [mysqld-#] group */ + { + /* Changes will be detected in generator_write() */ + generator_add_line(&generator, buff, LINE_TYPE_OPTION, FALSE); + continue; + } + line_valid= FALSE; + generator.file_valid= FALSE; + + error_unknown_option(&generator, ctx, conv_option, value, buff); + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE) + continue; + } + for ( ; value != value_end; value++) + { + if (*value == '\\' && value != value_end-1) + { + switch(*++value) { + case 'n': + *ptr++='\n'; + break; + case 't': + *ptr++= '\t'; + break; + case 'r': + *ptr++ = '\r'; + break; + case 'b': + *ptr++ = '\b'; + break; + case 's': + *ptr++= ' '; /* space */ + break; + case '\"': + *ptr++= '\"'; + break; + case '\'': + *ptr++= '\''; + break; + case '\\': + *ptr++= '\\'; + break; + default: /* Unknown; Keep '\' */ + *ptr++= '\\'; + *ptr++= *value; + break; + } + } + else + *ptr++= *value; + } + *ptr=0; + if (!mariadbd_valid_enum_value(option, option_value_start)) + { + line_valid= FALSE; + generator.file_valid= FALSE; + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE) + { + fprintf(stdout, + "In %s at line %d: Invalid enum value '%s' for option %s\n", + name, generator.line, option_value_start, option); + global_update_count++; + // ctx->failed= 1; + continue; + } + } + else if ((invalid_set_index= + mariadbd_check_set_value(option, option_value_start))) + { + line_valid= FALSE; + generator.file_valid= FALSE; + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE) + { + fprintf(stdout, "In %s at line %d: Invalid set value '%s' at " + "index %d for option %s\n", + name, generator.line, option_value_start, invalid_set_index, + option); + global_update_count++; + // ctx->failed= 1; + continue; + } + } + else if (check_plugin_option(ctx, option, option_value_start, name, + generator.line)) + { + line_valid= FALSE; + generator.file_valid= FALSE; + } + else if (group_is_mysqld && line_valid && + opt_update_paths && + (new_line= path_changed(&generator, buff))) + { + line_valid= FALSE; + + /* We have alread validated that buff contains an '=' */ + check_if_socket(option, strchr(new_line, '=')+1); + if ((opt_edit_mode == EDIT_MODE_INLINE || + opt_edit_mode == EDIT_MODE_LAST)) + { + generator_add_line(&generator, buff, LINE_TYPE_OPTION, FALSE); + add_line(&generator.alloc, &generator.mariadbd_additions, "%s", + new_line); + my_free(new_line); + continue; + } + my_free(new_line); + } + else if (!group_is_mariadbd && + !strcmp(option, "key_buffer_size") && + (opt_no_myisam_options || opt_convert_from == FROM_MYSQL) && + ((!opt_print && opt_edit_mode == EDIT_MODE_NONE) || + opt_edit_mode == EDIT_MODE_INLINE || + opt_edit_mode == EDIT_MODE_LAST)) + { + generator.file_valid= FALSE; + if (opt_edit_mode == EDIT_MODE_NONE) + { + { + fprintf(stdout, "In %s at line %d: key_buffer_size needs " + "modifications. If you want to git rid of this warning and " + "keep as it now, move it to the [mariadbd] group\n", + name, generator.line); + global_update_count++; + } + continue; + } + generator_add_line(&generator, buff, LINE_TYPE_OPTION, FALSE); + if (opt_no_myisam_options) + { + add_line(&generator.alloc, &generator.mariadbd_additions, + "key_buffer_size=64K # Recommended value if no " + "MyISAM tables\n"); + snprintf(conv_option, sizeof(conv_option)-1, + "aria_pagecache_buffer_size=%s", + option_value_start); + add_line(&generator.alloc, &generator.mariadbd_additions, "%s\n", + conv_option); + if (!opt_silent) + fprintf(stdout, "Note: '%s' added to [mariadbd] group\n", + conv_option); + } + else if (opt_convert_from == FROM_MYSQL) + { + add_line(&generator.alloc, &generator.mariadbd_additions, "%s", buff); + add_line(&generator.alloc, &generator.mariadbd_additions, + "#key_buffer_size=64K " + "# Recommended value if no MyISAM tables\n"); + snprintf(conv_option, sizeof(conv_option)-1, + "aria_pagecache_buffer_size=%s", + option_value_start); + add_line(&generator.alloc, &generator.mariadbd_additions, "%s\n", + conv_option); + if (!opt_silent) + fprintf(stdout, "Note: %s added to [mariadbd] group\n", + conv_option); + } + continue; + } + else if (!group_is_mariadbd && + !strcmp(option, "innodb_log_files_in_group")) + { + found_innodb_log_files_in_group= 1; + value_innodb_log_files_in_group= atoi(option_value_start); + if (!value_innodb_log_files_in_group) + value_innodb_log_files_in_group= 1; /* Ensure it is not 0 */ + } + else if (!strcmp(option, "innodb_log_file_size")) + { + if (group_is_mariadbd) + { + /* Already handled. Don't add it again */ + found_innodb_log_file_size= 0; + found_innodb_log_files_in_group= 0; + } + else + { + int error; + char *int_end= 0; + value_innodb_log_file_size= my_strtoll10(option_value_start, + &int_end, &error); + found_innodb_log_file_size= (value_innodb_log_file_size != 0 && + error == 0); + suffix_innodb_log_file_size= *int_end; + } + } + else if (!strcmp(option, "character_set_server") || + !strcmp(option, "collation_server")) + { + found_character_set_server= 1; + } + else if (group_is_mysqld && !strcmp(option, "port")) + { + int error; + char *int_end= 0; + value_port= my_strtoll10(option_value_start, &int_end, &error); + } + else if (group_is_mysqld && check_if_socket(option, option_value_start)) + { + } + else if ((renamed= renamed_option(option))) + { + generator_add_line(&generator, buff, LINE_TYPE_OPTION, FALSE); + add_line(&generator.alloc, &generator.mariadbd_additions, + "%s=%s\n", renamed, option_value_start); + continue; + } + } /* !value */ + else if (!group_is_mariadbd && !strcmp(option, "skip_slave_start")) + { + found_skip_slave_start= TRUE; + } + else if (!mariadbd_option_exists(option) && + !(skip_prefix && mariadbd_option_exists(conv_option))) + { + line_valid= FALSE; + generator.file_valid= FALSE; + + error_unknown_option(&generator, ctx, conv_option, NullS, buff); + + if (!opt_print && opt_edit_mode == EDIT_MODE_NONE && + !generator.copy_code_to_mariadb) + continue; + } + else if ((renamed= renamed_option(option))) + { + generator_add_line(&generator, buff, LINE_TYPE_OPTION, FALSE); + add_line(&generator.alloc, &generator.mariadbd_additions, + "%s\n", renamed); + continue; + } + generator_add_line(&generator, buff, LINE_TYPE_OPTION, line_valid); + } + mysql_file_fclose(fp, MYF(0)); + fp= 0; + + if (recursion_level == 0) + { + if (found_innodb_log_file_size && found_innodb_log_files_in_group) + { + generator.file_valid= FALSE; + snprintf(conv_option, sizeof(conv_option)-1, + "innodb_log_file_size=%llu%c", + value_innodb_log_file_size * value_innodb_log_files_in_group, + (my_islower(&my_charset_latin1, suffix_innodb_log_file_size) || + my_isupper(&my_charset_latin1, suffix_innodb_log_file_size)) ? + suffix_innodb_log_file_size : ' '); + add_line(&generator.alloc, &generator.mariadbd_additions, "%s\n", conv_option); + if (!opt_silent) + fprintf(stdout, "Note: '%s' added to [mariadbd] group based on " + "innodb_log_file_size * innodb_log_files_in_group\n", conv_option); + found_innodb_log_file_size= found_innodb_log_files_in_group= 0; + } + if (opt_add_client_server_group && !found_client_server_group) + { + if (value_port) + add_line(&generator.alloc, &generator.client_server, + "port=%lld\n", value_port); + if (value_socket) + { + add_line(&generator.alloc, &generator.client_server, + "socket=%s\n", value_socket); + my_free(value_socket); + value_socket= 0; + } + } + /* The following options should only be added once */ + if (!add_new_options_once || !new_options_added) + { + new_options_added= 1; + + /* Add generated options to mariadbd section */ + if (opt_add_skip_slave_start && !found_skip_slave_start) + { + generator.file_valid= FALSE; + add_line(&generator.alloc, &generator.mariadbd_additions, + "skip_slave_start\n"); + found_skip_slave_start= 0; + } + if (opt_add_mariadb_replication_compatibility && + !found_mariadb_replication_compatibility) + { + generator.file_valid= FALSE; + /* We do this line by line to get correct row numbers for reporting */ + add_line(&generator.alloc, &generator.old_version, + "%s\n", mariadb_replication_compatibility_comment); + add_line(&generator.alloc, &generator.old_version, + "loose-binlog_row_value_options=\"\"\n"); + add_line(&generator.alloc, &generator.old_version, + "loose-binlog_transaction_compression=0\n"); + add_line(&generator.alloc, &generator.old_version, + "# Not required, but recommended for cross_replication\n"); + add_line(&generator.alloc, &generator.old_version, + "binlog_format=row\n"); + } + if (opt_add_mysql_replication_compatibility && + !found_mysql_replication_compatibility) + { + add_line(&generator.alloc, &generator.mariadbd_additions, + "%s\n", mysql_replication_compatibility_comment); + add_line(&generator.alloc, &generator.mariadbd_additions, + "encrypt_binlog=0\n"); + add_line(&generator.alloc, &generator.mariadbd_additions, + "log_bin_compress=0\n"); + add_line(&generator.alloc, &generator.mariadbd_additions, + "# Not required, but recommended for cross_replication\n"); + add_line(&generator.alloc, &generator.mariadbd_additions, + "binlog_format=row\n"); + if (!found_character_set_server) + { + add_line(&generator.alloc, &generator.mariadbd_additions, + "# Character set to be able to replicate new tables to " + "MySQL 8.0\n"); + add_line(&generator.alloc, &generator.mariadbd_additions, + "character_set_server=utf8mb4\n"); + add_line(&generator.alloc, &generator.mariadbd_additions, + "collation_server=utf8mb4_0900_ai_ci\n"); + if (!opt_silent) + fprintf(stdout, "Note: Added MySQL default character sets and " + "collation to [mariadbd] to be able to replicate to " + "MySQL\n"); + found_character_set_server= 0; + } + } + } + } + if (opt_print || opt_update) + { + if (generator_write(tmp_fp, &generator)) + generator.file_valid= 0; + } + else + generator_count_lines(&generator); + generator_free(&generator); + if (recursion_level == 0) + { + my_free(value_socket); + value_socket= 0; + } + + if (tmp_fp) + { + mysql_file_fclose(tmp_fp, MYF(0)); + tmp_fp= 0; + if (generator.file_valid) + { + my_delete(tmp_name, MYF(0)); + } + else + { + myf redel_flags = opt_backup ? MYF(MY_REDEL_MAKE_BACKUP) : MYF(0); + char *duped_name= my_strdup(key_memory_upgrade_config, name, MYF(0)); + if (!duped_name || insert_dynamic(&ctx->updated_files, &duped_name)) + goto err; + /* + Copy the file in case running mariadbd fails and the update must be + reverted. + */ + if (my_copy(name, restored_name, MYF(0))) + { + fprintf(stderr, "error: Failed to copy %s to %s: %s", + name, restored_name, strerror(errno)); + return -1; + } + if (my_redel(name, tmp_name, time(NULL), redel_flags)) + { + fprintf(stderr, "error: Failed to rename %s to %s: %s", + tmp_name, name, strerror(errno)); + return -1; + } + } + } + if (opt_print || (opt_edit_mode != EDIT_MODE_NONE && !opt_update)) + fputc('\n', stdout); + return(0); + +err: + if (fp) + mysql_file_fclose(fp, MYF(0)); + if (tmp_fp) + mysql_file_fclose(tmp_fp, MYF(0)); + if (generator_inited) + generator_free(&generator); + if (recursion_level == 0) + { + my_free(value_socket); + value_socket= 0; + } + return -1; /* Fatal error */ +} + + +static int process_default_file(struct upgrade_ctx *ctx, + const char *dir, + const char *config_file) +{ + char **ext; + const char *empty_list[]= { "", 0 }; + my_bool have_ext= fn_ext(config_file)[0] != 0; + const char **exts_to_use= have_ext ? empty_list : f_extensions; + + for (ext= (char**) exts_to_use; *ext; ext++) + { + int error; + if ((error= process_default_file_with_ext(ctx, dir, *ext, config_file, + 0)) < 0) + return error; + } + return 0; +} + + +static int process_option_files(const char *conf_file, + struct upgrade_ctx *ctx, + const char **default_directories) +{ + const char **dirs; + int error= 0; + + if (my_defaults_group_suffix) + { + /* Handle --defaults-group-suffix= */ + uint i; + const char **extra_groups; + const size_t instance_len= strlen(my_defaults_group_suffix); + char *ptr; + TYPELIB *group= ctx->group; + + if (!(extra_groups= + (const char**)alloc_root(ctx->alloc, + (2*group->count+1)*sizeof(char*)))) + return 2; + + for (i= 0; i < group->count; i++) + { + size_t len; + extra_groups[i]= group->type_names[i]; /** copy group */ + + len= strlen(extra_groups[i]); + if (!(ptr= alloc_root(ctx->alloc, (uint) (len+instance_len+1)))) + return 2; + + extra_groups[i+group->count]= ptr; + + /** Construct new group */ + memcpy(ptr, extra_groups[i], len); + memcpy(ptr+len, my_defaults_group_suffix, instance_len+1); + } + + group->count*= 2; + group->type_names= extra_groups; + group->type_names[group->count]= 0; + } + + if (my_defaults_file) + { + if ((error= process_default_file_with_ext(ctx, "", "", + my_defaults_file, 0)) < 0) + goto err; + if (error > 0) + { + fprintf(stderr, "Could not open required defaults file: %s\n", + my_defaults_file); + goto err; + } + } + else if (dirname_length(conf_file) || !default_directories) + { + if ((error= process_default_file(ctx, NullS, conf_file)) < 0) + goto err; + } + else + { + for (dirs= default_directories ; *dirs; dirs++) + { + if (**dirs) + { + if (process_default_file(ctx, *dirs, conf_file) < 0) + goto err; + } + else if (my_defaults_extra_file) + { + if ((error= process_default_file_with_ext(ctx, "", "", + my_defaults_extra_file, + 0)) < 0) + goto err; /* Fatal error */ + if (error > 0) + { + fprintf(stderr, "Could not open required defaults file: %s\n", + my_defaults_extra_file); + goto err; + } + } + } + } + + return 0; + +err: + fprintf(stderr,"Fatal error in defaults handling. Program aborted\n"); + return 1; +} + + +/* + Process defaults + + @args default_args --default options. Sent forward to mariadbd + @args default_args_count Number of default options + + @return 0 ok + @return 1 general error + @return 2 memory allocation error +*/ + +static int process_defaults(const char *conf_file, + const char **groups, + const char **dirs, + const char **defaults_args, + int defaults_args_count) +{ + int error= 0; + MEM_ROOT alloc; + TYPELIB group; + struct upgrade_ctx ctx; + char executable[FN_REFLEN]; + + init_alloc_root(key_memory_upgrade_config, &alloc, 512, 0, MYF(0)); + + group.count= 0; + group.name= "defaults"; + group.type_names= groups; + + for (; *groups ; groups++) + group.count++; + + ctx.alloc= &alloc; + ctx.group= &group; + init_dynamic_array2(key_memory_upgrade_config, + &ctx.updated_files, + sizeof(char *), + NULL, + 0, + 0, + MYF(0)); + ctx.failed= 0; + + if ((error= process_option_files(conf_file, &ctx, dirs))) + { + finish_updated_files(&ctx, FALSE); + free_root(&alloc,MYF(0)); + return error; + } + + if (opt_mariadbd_testing) + { + DYNAMIC_STRING mariadbd_output; + const char *mariadbd_name= IF_WIN("mariadbd.exe", "mariadbd"); + const char *used_name; + + if (opt_mariadbd) + used_name= opt_mariadbd; + else + { + used_name= mariadbd_name; + if (!(error= (find_file_in_path(executable, mariadbd_name) != 0))) + used_name= executable; + } + if (!error) + error= access(used_name, X_OK); + + if (error) + { + fprintf(stderr, + "Cannot execute '%s' to test if the new option files " + "works (error %d)\n" + "Try specifiying the full path for the MariaDB server with " + "--mariadbd=...\n", + used_name, (int) errno); + finish_updated_files(&ctx, 1); + return 1; + } + + if (init_dynamic_string(&mariadbd_output, "", 32, 32)) + goto err; + if (!test_mariadbd(used_name) && + (error= run_mariadbd(used_name, &mariadbd_output, defaults_args, + defaults_args_count))) + { + if (ctx.updated_files.elements) + fprintf(stderr, "error: Failed to run %s with the updated files, " + "reverting\n", used_name); + else + fprintf(stderr, "error: Failed to run %s with the original files.\n", + used_name); + if (error > 0) + fprintf(stderr, "mariadbd output:\n%s", mariadbd_output.str); + } + dynstr_free(&mariadbd_output); + } + + if (finish_updated_files(&ctx, error == 0)) + error= 1; + free_root(&alloc, MYF(0)); + return error; + +err: + finish_updated_files(&ctx, FALSE); + free_root(&alloc, MYF(0)); + return 1; +} + + +static const char *config_file="my"; /* Default config file */ + +enum upgrade_config_options +{ + OPT_UPDATE = 256, + OPT_BACKUP, + OPT_ERROR_GROUP, + OPT_UNSUPPORTED_GROUP, + OPT_EDIT, + OPT_PRINT, + OPT_NO_MYISAM_OPTIONS, + OPT_ADD_SKIP_SLAVE_START, + OPT_FIX_ALL, + OPT_CONVERT_FROM, + OPT_UPDATE_PATHS, + OPT_VERIFY, + OPT_MARIADBD, + OPT_ADD_MYSQL_REPLICATION_COMPATIBILITY, + OPT_ADD_MARIADB_REPLICATION_COMPATIBILITY, + OPT_COPY_MYSQLD_GROUPS, + OPT_GENERATE_CLIENT_SERVER_GROUP +}; + +static struct my_option my_long_options[] = +{ + {"add-skip-slave-start", OPT_ADD_SKIP_SLAVE_START, + "Add skip_slave_start to the [mariadbd] group if not present.", + &opt_add_skip_slave_start, &opt_add_skip_slave_start, + 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"add-mariadb-replication-compatibility", + OPT_ADD_MARIADB_REPLICATION_COMPATIBILITY, + "Add options to [error-group] to enable MySQL to replicate to MariaDB. " + "Options added are: " + "binlog-row-value-options=\"\" binlog_transaction_compression=0 and " + "binlog_format=row.", + &opt_add_mariadb_replication_compatibility, + &opt_add_mariadb_replication_compatibility, + 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"add-mysql-replication-compatibility", + OPT_ADD_MYSQL_REPLICATION_COMPATIBILITY, + "Add options to [mariadbd] section to enable MariaDB to replicate to MySQL.", + &opt_add_mysql_replication_compatibility, + &opt_add_mysql_replication_compatibility, + 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"add-client-server-group", + OPT_ADD_MYSQL_REPLICATION_COMPATIBILITY, + "Add a [client-server] group if it does not exists. This will contain the " + "last port and socket found in the [mysqld] or [server] groups.", + &opt_add_client_server_group, + &opt_add_client_server_group, + 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"backup", OPT_BACKUP, + "Backup the updated configuration files. The backup file name are of the " + "type: 'original_name'-timestamp.BAK", + &opt_backup, &opt_backup, 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"copy-mysqld-groups", OPT_COPY_MYSQLD_GROUPS, + "Copy valid MariaDB options from [mysqld-###] groups to the [mariadbd] " + "group.", + &opt_copy_mysqld_groups, &opt_copy_mysqld_groups, 0, GET_BOOL, NO_ARG, TRUE, + 0, 0, 0, 0, 0}, + {"error-group", OPT_ERROR_GROUP, + "Group to use for options not supported by MariaDB when using " + "--edit=[inline|last]. Should be set usually to something like " + "'mysqld-#.##' when moving from MySQL and 'unknown' when upgrading " + "MariaDB or if there are already [mariadbd] groups in the config files.", + &opt_error_group, &opt_error_group, + 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"edit", OPT_EDIT, + "Select what to do with invalid options. '' (default) no changes. " + "'remove' removes them. 'comment' comments them with '#'. " + "inline' adds [error_group] before unknown options. " + "'last' moves incompatible or mariadbd specific options to the end of " + "the given file under [error_group], [unsupported_group] or [mariadbd].", + &opt_edit_mode, &opt_edit_mode, &edit_mode_typelib, GET_ENUM, + REQUIRED_ARG, EDIT_MODE_NONE, 0, 0, 0, 0, 0}, + {"fix-all", OPT_FIX_ALL, + "Same as --no-myisam --from=mysql --add-skip-slave-start " + "--add-mysql-replication-compatibility " + "--add-mariadb-replication-compatibility --add-client-server-group " + "--edit=last", + 0, 0, 0, GET_NO_ARG, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"from", OPT_CONVERT_FROM, + "Options are MySQL (default) or MariaDB. Used to specify if your are " + "upgrading from MySQL or an earlier MariaDB version. " + "When upgrading from MySQL, only the MySQL groups [mysqld] and [server] " + "are processed. If MariaDB is specified, all MariaDB entries read by " + "the current MariaDB version (" MYSQL_SERVER_VERSION ") will be processed. " + "Note that when upgrading from an earlier MariaDB version, mariadb-upgrade " + "is the preferred tool! This tool is in this case mainly useful to check " + "if there is any incompatibilities in the MariaDB configuration files.", + &opt_convert_from, &opt_convert_from, &from_mode_typelib, GET_ENUM, + REQUIRED_ARG, FROM_MYSQL, 0, 0, 0, 0, 0}, + {"help", '?', "Display this help message and exit.", + 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, + {"mariadbd", OPT_MARIADBD, + "Path to the mariadbd server. Used to verify if the config file changes " + "succeeded.", + &opt_mariadbd, &opt_mariadbd, 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"no-myisam", OPT_NO_MYISAM_OPTIONS, + "Assume no usage of MyISAM tables. Makes the MyISAM buffers very small " + "to save memory. " + "Useful when moving to MariaDB when there are no user data in MyISAM " + "tables. This option only has an effect if the config file contains " + "settings of the key-buffer-size variable.", + &opt_no_myisam_options, &opt_no_myisam_options, 0, GET_BOOL, NO_ARG, + FALSE, 0, 0, 0, 0, 0}, + {"print", OPT_PRINT, "Print upgraded files to stdout. The 'edit' option " + "decides the output format.", + &opt_print, &opt_print, 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"silent", 's', "Print less information", + &opt_silent, &opt_silent, 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"update", OPT_UPDATE, "Update the configuration files in place.", + &opt_update, &opt_update, 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"update-paths", OPT_UPDATE_PATHS, + "When used with --from=mysql, change file paths having /mysql or /mysqld " + "ending with '/', '.', space, or new line to /mariadbd. This is intended " + "to be used when you want to run MySQL and MariaDB on the same system.", + &opt_update_paths, &opt_update_paths, + 0, GET_BOOL, NO_ARG, FALSE, 0, 0, 0, 0, 0}, + {"unsupported-group", OPT_UNSUPPORTED_GROUP, + "Group to use for options in [mariadbd] group that is not supported by " + "MariaDB when using '--edit=[inline|last] --from=mariadb'.", + &opt_unsupported_group, &opt_unsupported_group, + 0, GET_STR, REQUIRED_ARG, 0, 0, 0, 0, 0, 0}, + {"verify", OPT_VERIFY, + "Verify updates by testing the used config files through mariadbd. " + "Disabled if --print is used. " + "Note that verify only works if one uses --defaults-file=# or if one does " + "not specify any configuration files on the command line. " + "When using verify the mariadbd option has also to be used.", + &opt_mariadbd_testing, &opt_mariadbd_testing, 0, GET_BOOL, NO_ARG, FALSE, + 0, 0, 0, 0, 0}, + {"version", 'V', "Output version information and exit.", + 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, + {0, 0, 0, 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0} +}; + +static void cleanup_and_exit(int exit_code) __attribute__ ((noreturn)); +static void cleanup_and_exit(int exit_code) +{ + my_end(0); + exit(exit_code); +} + + +static void print_to_width(const char *line, uint width) +{ + const char *start= line, *space= 0; + fputs("- ", stdout); + + for (start= line ; *line ; line++) + { + if ((uint)(line-start) >= width) + { + if (!space) + space= line; /* No space */ + for ( ; start < space ; start++) + putchar(*start); + fputs("\n ", stdout); + while (*start == ' ') + start++; + space= 0; + } + if (*line == ' ') + space= line; + } + printf("%s:\n", start); +} + + +static void pe(const char *example, const char *description) +{ + print_to_width(description, 77); + fprintf(stdout, "%s %s\n\n", + my_progname + dirname_length(my_progname), + example); +} + + +static void usage() __attribute__ ((noreturn)); +static void usage() +{ + print_version(); + puts("This software comes with ABSOLUTELY NO WARRANTY. This is free " + "software,\nand you are welcome to modify and redistribute it under " + "the GPL license\n"); + puts("Display or change unrecognized MariaDB options in MariaDB/MySQL\n" + "configuration files. This is useful when planning an upgrade from\n" + "MySQL to MariaDB or to check if there are some unsupported\n" + "options in the option files.\n" + "This program can print errors, print the changed files, update the\n" + "configuration files in place.\n" + "When running with the options:\n" + "--update --edit=last --error-group=mysqld-5.7\n" + "The configuration files will be changed so that they should work\n" + "with both MySQL 5.7 and MariaDB. You should provide the currently\n" + "used MySQL version if --error-group is used.\n"); + + printf("Usage: %s [--print | --update] [OPTIONS] [OPTION_FILES]\n\n", + my_progname); + puts("If OPTION_FILES is not provided, all default MariaDB configuration\n" + "files will be printed/upgraded"); + + my_print_default_files(config_file); + puts(""); + my_print_help(my_long_options); + + puts(""); + puts("If moving from MYSQL, the recommended usage is to use the following " + "3 steps:"); + puts(""); + puts("- Check if there is anything that needs changing:"); + puts("mariadb-migrate-config-file --from=mysql"); + puts(""); + puts("- Check how the new configuration files would look like:"); + puts("mariadb-migrate-config-file --from=mysql --edit=last --print"); + puts(""); + puts("- Modify all configuration files keeping backups of the originals:"); + puts("mariadb-migrate-config-file --from=mysql --edit=last --update " + "--backup --error-group=mysqld-5.7\n"); + + puts("Examples:"); + pe("", "Go through all my.cnf and included files and print not supported " + "options. The groups checked are [server], [mysqld] and [mysqld-###]. " + "Options valid for MariaDB in [mysqld-###] groups are copied to " + "the [mariadbd] group"); + pe("--from=mariadb", + "Go through all my.cnf and include files and print options not supported " + "by the current MariaDB version. All MariaDB groups read by mariadbd are " + "checked"); + pe("~/.my.cnf", "Print not supported options in ~/.my.cnf"); + pe("--defaults-file=/etc/my.cnf --verify=1 --mariadbd=#path-to-mariadbd#", + "Go through /etc/my.cnf and print all not supported options. Check also " + "the by running it through the MariaDB server"); + pe("--print", "Print the current content of all my.cnf and included files " + "(no changes)"); + pe("--print --edit=last --update-paths", + "As print, but change all paths from /mysql to /mariadbd. Useful to " + "check the effect of --update-paths"); + pe("--print --edit=last", + "Print modified version of all my.cnf and included files where supported " + "options from [mysqld-###] groups are copied to a [mariadbd] group at " + "the end of the file. Not supported options from [mysqld] and [server] " + "are moved to [mysqld-5.7] (default value of 'error_group')"); + pe("--print --edit=inline --error-group=mysqld-8.0", + "Print modified version of all my.cnf and included files where supported " + "options from [mysqld-###] groups are copied inline to [mariadbd] " + "groups. Not supported options in the [mysqld] and [server] groups are " + "moved to [mysqld-8.0]"); + pe("--print --edit=remove", + "Print modified version of all my.cnf and includedfiles where supported " + "options from [mysqld-###] groups are copied to a [mariadbd] group. " + "Not supported options from [mysqld] and [server] are removed"); + pe("--print --edit=comment", + "As '--remove', but not supported options are commented"); + pe("--edit=update --edit=inline --backup", + "Modify all my.cnf and included files. Supported options from " + "[mysqld-###] groups are copied to [mariadbd] groups. Not supported " + "options in the [mysqld] and [server] groups are moved to a " + "[mysqld-5.7] group. " + "The original of the changed config files are stored as backup files. " + "If no option files are specified the mariadbd server will be started " + "using them to verify that the new options files works with it"); + pe("--update --edit=inline --error_group=unknown --from=mariadb", + "Move all unknown mariadbd options to the group [unknown]"); + pe("--fix-all", + "Use all common options when converting from MySQL to MariaDB. " + "See definition for --fix-all for more details"); + + my_print_variables(my_long_options); + cleanup_and_exit(0); +} + + +static my_bool +get_one_option(const struct my_option *opt __attribute__((unused)), + const char *argument __attribute__((unused)), + const char *filename __attribute__((unused))) +{ + switch (opt->id) { + case 'I': + case '?': + usage(); + case 'V': + print_version(); + cleanup_and_exit(0); + case OPT_FIX_ALL: + opt_no_myisam_options= TRUE; + opt_add_skip_slave_start= TRUE; + opt_edit_mode= EDIT_MODE_LAST; + opt_convert_from= FROM_MYSQL; + opt_add_mariadb_replication_compatibility= 1; + opt_add_mysql_replication_compatibility= 1; + opt_add_client_server_group= 1; + break; + } + return 0; +} + + +static int get_options(int *argc,char ***argv) +{ + int ho_error; + + if ((ho_error=handle_options(argc, argv, my_long_options, get_one_option))) + cleanup_and_exit(ho_error); + + if (opt_update && opt_edit_mode == EDIT_MODE_NONE) + { + fputs("error: --update requires the '--edit=xxx' option\n", stderr); + cleanup_and_exit(1); + } + if ((!opt_error_group || !opt_unsupported_group) && + (opt_edit_mode == EDIT_MODE_INLINE || + opt_edit_mode == EDIT_MODE_LAST)) + { + fputs("error: Selected --edit mode requires --error-group and " + "--unsupported-group\n", stderr); + cleanup_and_exit(1); + } + if (opt_print && opt_update) + { + fputs("error: --print and --update can't be specified simultaneously\n", + stderr); + cleanup_and_exit(1); + } + if (!opt_print && !opt_update && opt_edit_mode != EDIT_MODE_NONE && + !opt_silent) + { + puts("Note: edit_mode used without print/update. --print assumed"); + opt_print= 1; + } + if (opt_print && opt_edit_mode == EDIT_MODE_NONE && opt_update_paths) + { + puts("Note: --print --update-paths without edit mode set will not " + "show updated paths"); + } + if (opt_print) + { + opt_silent= 1; /* Don't print notes with --print */ + opt_mariadbd_testing= 0; + } + if (opt_update_paths && opt_convert_from != FROM_MYSQL) + opt_update_paths= 0; + + groups_to_use= (opt_convert_from == FROM_MYSQL ? + mysqld_groups : mariadbd_groups); + return 0; +} + + +int main(int argc, char **argv) +{ + int count, error= 0, args_used; + char *tmp_arguments[4]; + char **arguments, **org_argv; + const char **default_directories; + MY_INIT(argv[0]); + + org_argv= argv; + args_used= get_defaults_options(argv); + + /* Copy defaults-xxx arguments & program name */ + count= args_used; + arguments= tmp_arguments; + memcpy((char*) arguments, (char*) org_argv, count*sizeof(*org_argv)); + arguments[count]= 0; + + /* + We already process --defaults* options at the beginning in + get_defaults_options(). So skip --defaults* options and + pass remaining options to handle_options(). + */ + org_argv+=args_used-1; + argc-=args_used-1; + + /* Check out the args */ + if (get_options(&argc, &org_argv)) + cleanup_and_exit(1); + + if (argc) + { + give_error_for_missing_files= 1; + /* We cannot test a list of provided option files */ + opt_mariadbd_testing= 0; + for (; argc-- ; org_argv++) + { + count= args_used; + arguments= tmp_arguments; + if ((error= my_load_defaults(*org_argv, groups_to_use, + &count, &arguments, 0))) + goto handle_error; + error= process_defaults(*org_argv, groups_to_use, + 0, + (const char **)(argv + 1), + args_used - 1); + free_defaults(arguments); + if (error) + goto handle_error; + } + } + else + { + /* Write 'add options' only to the first found config file */ + add_new_options_once= 1; + if ((error= my_load_defaults(config_file, groups_to_use, + &count, &arguments, &default_directories))) + goto handle_error; + /* + The defaults-xxx arguments are still intact at the beginning of argv and + can be passed to mariadbd for testing the updated configuration files. + */ + error= process_defaults(config_file, groups_to_use, + default_directories, + (const char **)(argv + 1), + args_used - 1); + free_defaults(arguments); + if (error) + goto handle_error; + } + + report_line_changes(); + + if (!opt_silent && !opt_print) + { + if (global_update_count) + { + if (opt_update) + fprintf(stdout, "%d issue/issues fixed\n", (int) global_update_count); + else + fprintf(stdout, "%d issue/issues found\n", (int) global_update_count); + } + else + printf("No issues found\n"); + } + cleanup_and_exit(error != 0 || + (!opt_update && !opt_print && global_update_count != 0) ? + 2 : 0); + +handle_error: + DBUG_ASSERT(error); + if (error == 4) /* --print-defaults */ + { + free_defaults(arguments); + cleanup_and_exit(0); + } + cleanup_and_exit(2); +} diff -Nru mariadb-11.8.6/extra/readline/display.c mariadb-11.8.8/extra/readline/display.c --- mariadb-11.8.6/extra/readline/display.c 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/extra/readline/display.c 2026-05-24 09:58:30.000000000 +0000 @@ -2285,7 +2285,7 @@ void _rl_redisplay_after_sigwinch () { - char *t; + const char *t; /* Clear the current line and put the cursor at column 0. Make sure the right thing happens if we have wrapped to a new screen line. */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.codespellexcludelines mariadb-11.8.8/extra/wolfssl/wolfssl/.codespellexcludelines --- mariadb-11.8.6/extra/wolfssl/wolfssl/.codespellexcludelines 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.codespellexcludelines 2026-05-24 09:58:33.000000000 +0000 @@ -13,6 +13,7 @@ const uint8_t* hashIn, int hashSz) XMEMCPY(hash + (curveSz - hashSz), hashIn, hashSz); 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */ + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */ \pagenumbering{alph} DES3_KEY_SIZE = 24, /* 3 des ede */ /* functions added to support above needed, removed TOOM and KARATSUBA */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.cyignore mariadb-11.8.8/extra/wolfssl/wolfssl/.cyignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/.cyignore 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.cyignore 2026-05-24 09:58:33.000000000 +0000 @@ -7,6 +7,7 @@ $(SEARCH_wolfssl)/mqx $(SEARCH_wolfssl)/tirtos $(SEARCH_wolfssl)/tests +$(SEARCH_wolfssl)/sslSniffer $(SEARCH_wolfssl)/testsuite $(SEARCH_wolfssl)/wolfcrypt/src/port/autosar $(SEARCH_wolfssl)/zephyr @@ -26,6 +27,8 @@ $(SEARCH_wolfssl)/wolfcrypt/src/sp_x86_64_asm.S $(SEARCH_wolfssl)/wolfcrypt/src/sp_sm2_x86_64_asm.S $(SEARCH_wolfssl)/wolfcrypt/src/wc_kyber_asm.S +$(SEARCH_wolfssl)/wolfcrypt/src/wc_mldsa_asm.S +$(SEARCH_wolfssl)/wolfcrypt/src/wc_mlkem_asm.S $(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-aes-asm.S $(SEARCH_wolfssl)/wolfcrypt/src/port/arm/armv8-32-curve25519.S diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.editorconfig mariadb-11.8.8/extra/wolfssl/wolfssl/.editorconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/.editorconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.editorconfig 2026-05-24 09:58:33.000000000 +0000 @@ -8,3 +8,6 @@ charset = utf-8 trim_trailing_whitespace = true insert_final_newline = true + +[*.{ads,adb,gpr}] +indent_size = 3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/CMakeLists.txt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,108 @@ +cmake_minimum_required(VERSION 3.18) +project(wolfcrypt_stm32h753 LANGUAGES C ASM) + +set(WOLFSSL_ROOT "/opt/wolfssl" CACHE PATH "wolfSSL source") + +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) +enable_language(ASM) + +# Include paths for CMSIS device headers and STM32 HAL +# Order matters: CMSIS must come before HAL +include_directories(BEFORE + ${CMAKE_SOURCE_DIR} + /opt/CMSIS_5/CMSIS/Core/Include # Core CMSIS (core_cm7.h, etc.) - must be first + /opt/cmsis-device-h7/Include # Device-specific CMSIS (stm32h7xx.h) + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/Legacy + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc +) + +# STM32 HAL source files (minimal set for CRYP and HASH) +# Note: These files are cloned in the Dockerfile before CMake runs +set(HAL_SRC_DIR /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Src) + +# Check if HAL directory exists, then add source files +if(EXISTS ${HAL_SRC_DIR}) + set(HAL_SOURCES + ${HAL_SRC_DIR}/stm32h7xx_hal.c + ${HAL_SRC_DIR}/stm32h7xx_hal_rcc.c + ${HAL_SRC_DIR}/stm32h7xx_hal_rcc_ex.c + ${HAL_SRC_DIR}/stm32h7xx_hal_cortex.c + ${HAL_SRC_DIR}/stm32h7xx_hal_dma.c + ${HAL_SRC_DIR}/stm32h7xx_hal_dma_ex.c + ${HAL_SRC_DIR}/stm32h7xx_hal_rng.c + # CRYP HAL files enabled for AES_GCM only + ${HAL_SRC_DIR}/stm32h7xx_hal_cryp.c + ${HAL_SRC_DIR}/stm32h7xx_hal_cryp_ex.c + # HASH HAL files disabled - Renode doesn't implement HASH peripheral + # ${HAL_SRC_DIR}/stm32h7xx_hal_hash.c + # ${HAL_SRC_DIR}/stm32h7xx_hal_hash_ex.c + ) +else() + message(WARNING "HAL source directory not found: ${HAL_SRC_DIR}") + set(HAL_SOURCES "") +endif() + +# wolfSSL build options +set(WOLFSSL_USER_SETTINGS ON CACHE BOOL "Use user_settings.h") +set(WOLFSSL_CRYPT_TESTS OFF CACHE BOOL "") +set(WOLFSSL_EXAMPLES OFF CACHE BOOL "") +set(BUILD_SHARED_LIBS OFF CACHE BOOL "") + +add_subdirectory(${WOLFSSL_ROOT} ${CMAKE_BINARY_DIR}/wolfssl-build EXCLUDE_FROM_ALL) +target_include_directories(wolfssl PRIVATE + /opt/CMSIS_5/CMSIS/Core/Include # Core CMSIS first + /opt/cmsis-device-h7/Include # Device CMSIS + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/Legacy + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc + ${CMAKE_SOURCE_DIR} # For stm32h7xx_hal_conf.h +) +# Suppress the GENSEED_FORTEST warning (expected for emulation/test builds) +target_compile_options(wolfssl PRIVATE -Wno-cpp) + +# wolfSSL STM32 port source file (needed for HASH and CRYPTO hardware acceleration) +set(WOLFSSL_STM32_PORT_SRC ${WOLFSSL_ROOT}/wolfcrypt/src/port/st/stm32.c) + +add_executable(wolfcrypt_test.elf + startup_stm32h753.c + main.c + ${WOLFSSL_ROOT}/wolfcrypt/test/test.c + ${HAL_SOURCES} + ${WOLFSSL_STM32_PORT_SRC} +) + +target_include_directories(wolfcrypt_test.elf PRIVATE + ${CMAKE_SOURCE_DIR} + ${WOLFSSL_ROOT} + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc + /opt/STM32CubeH7/Drivers/STM32H7xx_HAL_Driver/Inc/Legacy +) + +target_compile_definitions(wolfcrypt_test.elf PRIVATE + WOLFSSL_USER_SETTINGS + STM32H753xx + USE_HAL_DRIVER + USE_HAL_CONF # Enable HAL configuration + # NO_AES_CBC is defined in user_settings.h, no need to define it here +) + +# HAL source files need the same compile options and must include stdint.h +# Disable all warnings for HAL files (third-party code we don't control) +set_source_files_properties(${HAL_SOURCES} PROPERTIES + COMPILE_FLAGS "-mcpu=cortex-m7 -mthumb -mfpu=fpv5-d16 -mfloat-abi=hard -ffunction-sections -fdata-sections -Os -include stdint.h -w" +) + +target_compile_options(wolfcrypt_test.elf PRIVATE + -mcpu=cortex-m7 -mthumb -mfpu=fpv5-d16 -mfloat-abi=hard + -ffunction-sections -fdata-sections -Os +) + +target_link_options(wolfcrypt_test.elf PRIVATE + -T${CMAKE_SOURCE_DIR}/stm32h753.ld + -Wl,--gc-sections + -nostartfiles + -specs=nano.specs + -specs=nosys.specs +) + +target_link_libraries(wolfcrypt_test.elf PRIVATE wolfssl m c gcc nosys) + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/entrypoint.sh mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/entrypoint.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/entrypoint.sh 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/entrypoint.sh 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,194 @@ +#!/bin/bash +set -euo pipefail + +LOG=/tmp/wolfcrypt-renode.log +TIMEOUT=300 # Maximum 5 minutes + +echo "Running wolfCrypt test in Renode..." + +# Try to find Renode binary in common installation locations +# When installed via .deb package, Renode is typically in /usr/bin/renode +RENODE_BIN="${RENODE_BIN:-$(command -v renode 2>/dev/null || true)}" +if [ -z "$RENODE_BIN" ]; then + # Check common installation paths (order matters - check standard locations first) + for path in /usr/bin/renode /usr/local/bin/renode /opt/renode/renode; do + if [ -x "$path" ]; then + RENODE_BIN="$path" + break + fi + done +fi + +if [ -z "$RENODE_BIN" ] || [ ! -x "$RENODE_BIN" ]; then + echo "Renode binary not found in image." + echo "Checked paths: /usr/bin/renode, /usr/local/bin/renode, /opt/renode/renode" + echo "PATH: $PATH" + which renode || echo "renode not in PATH" + exit 2 +fi + +echo "Using Renode binary: $RENODE_BIN" + +# Determine Renode root directory (where platforms/ directory is located) +if [ -d "/opt/renode/platforms" ]; then + RENODE_ROOT="/opt/renode" +elif [ -d "/usr/lib/renode/platforms" ]; then + RENODE_ROOT="/usr/lib/renode" +elif [ -d "/usr/share/renode/platforms" ]; then + RENODE_ROOT="/usr/share/renode" +else + # Try to find Renode root by checking where the binary is + RENODE_DIR=$(dirname "$(readlink -f "${RENODE_BIN}" 2>/dev/null || echo "${RENODE_BIN}")") + if [ -d "${RENODE_DIR}/../platforms" ]; then + RENODE_ROOT=$(readlink -f "${RENODE_DIR}/.." 2>/dev/null || echo "${RENODE_DIR}/..") + else + echo "Warning: Could not determine Renode root directory" + RENODE_ROOT="" + fi +fi + +# Set RENODE_ROOT environment variable (Renode uses this to find platform files) +if [ -n "$RENODE_ROOT" ]; then + export RENODE_ROOT + echo "Using Renode root: ${RENODE_ROOT}" + # Also create .renode-root file in firmware directory as backup + echo "${RENODE_ROOT}" > /opt/firmware/.renode-root + chmod 644 /opt/firmware/.renode-root +else + echo "ERROR: Could not determine Renode root directory" + exit 1 +fi + +# Verify platform file exists +PLATFORM_FILE="${RENODE_ROOT}/platforms/cpus/stm32h753.repl" +if [ ! -f "${PLATFORM_FILE}" ]; then + echo "ERROR: Platform file not found at ${PLATFORM_FILE}" + echo "Searching for platform files..." + find "${RENODE_ROOT}" -name "stm32h753.repl" 2>/dev/null | head -5 || true + exit 1 +fi + +echo "Platform file found at: ${PLATFORM_FILE}" + +# Change to firmware directory +cd /opt/firmware + +# Create a modified Renode script with absolute path to platform file +# This avoids the .renode-root file lookup issue +cat > /opt/firmware/run-renode-absolute.resc < "${LOG}" 2>&1 & +RENODE_PID=$! +echo "Renode PID: $RENODE_PID" + +# Monitor the log for completion, errors, and flush output frequently +START_TIME=$(date +%s) +RESULT="" +LAST_LOG_SIZE=0 + +while true; do + # Check if Renode is still running + if ! kill -0 "$RENODE_PID" 2>/dev/null; then + break + fi + + # Flush new log content to stdout (unbuffered) + if [ -f "${LOG}" ]; then + CURRENT_LOG_SIZE=$(stat -f%z "${LOG}" 2>/dev/null || stat -c%s "${LOG}" 2>/dev/null || echo 0) + if [ "$CURRENT_LOG_SIZE" -gt "$LAST_LOG_SIZE" ]; then + # Output new lines + tail -c +$((LAST_LOG_SIZE + 1)) "${LOG}" 2>/dev/null | head -c $((CURRENT_LOG_SIZE - LAST_LOG_SIZE)) + LAST_LOG_SIZE=$CURRENT_LOG_SIZE + fi + fi + + # Check for Renode errors (must check before completion to catch errors early) + if grep -q "\[ERROR\]" "${LOG}" 2>/dev/null; then + echo "" + echo "ERROR: Renode reported an error!" + RESULT="renode_error" + break + fi + + # Check for completion messages + if grep -q "=== wolfCrypt test passed! ===" "${LOG}" 2>/dev/null; then + RESULT="passed" + break + fi + + if grep -q "=== wolfCrypt test FAILED ===" "${LOG}" 2>/dev/null; then + RESULT="failed" + break + fi + + # Check timeout + CURRENT_TIME=$(date +%s) + ELAPSED=$((CURRENT_TIME - START_TIME)) + if [ "$ELAPSED" -ge "$TIMEOUT" ]; then + echo "" + echo "Timeout after ${TIMEOUT} seconds" + RESULT="timeout" + break + fi + + sleep 0.5 +done + +# Kill Renode if still running +if kill -0 "$RENODE_PID" 2>/dev/null; then + kill "$RENODE_PID" 2>/dev/null || true + wait "$RENODE_PID" 2>/dev/null || true +fi + +# Show the log output +cat "${LOG}" + +# Report result +case "$RESULT" in + passed) + echo "" + echo "wolfCrypt tests completed successfully." + exit 0 + ;; + failed) + echo "" + echo "wolfCrypt tests FAILED." + exit 1 + ;; + renode_error) + echo "" + echo "Renode reported an error - test aborted." + exit 1 + ;; + timeout) + echo "" + echo "wolfCrypt tests timed out after ${TIMEOUT} seconds." + exit 1 + ;; + *) + echo "" + echo "wolfCrypt tests did not report a result." + exit 1 + ;; +esac + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/main.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,137 @@ +/* main.c - Entry point for wolfCrypt test on STM32H753 under Renode + * + * Runs the wolfCrypt test suite with output via USART3. + */ + +#include +#include +#include + +/* wolfCrypt test entry point */ +extern int wolfcrypt_test(void *args); + +/* USART3 registers (STM32H7) */ +#define USART3_BASE 0x40004800UL +#define USART3_CR1 (*(volatile uint32_t *)(USART3_BASE + 0x00)) +#define USART3_BRR (*(volatile uint32_t *)(USART3_BASE + 0x0C)) +#define USART3_ISR (*(volatile uint32_t *)(USART3_BASE + 0x1C)) +#define USART3_TDR (*(volatile uint32_t *)(USART3_BASE + 0x28)) + +#define USART_CR1_UE (1 << 0) +#define USART_CR1_TE (1 << 3) +#define USART_ISR_TXE (1 << 7) + +/* RCC registers for enabling USART3 clock */ +#define RCC_BASE 0x58024400UL +#define RCC_APB1LENR (*(volatile uint32_t *)(RCC_BASE + 0xE8)) +#define RCC_APB1LENR_USART3EN (1 << 18) + +static void uart_init(void) +{ + /* Enable USART3 clock */ + RCC_APB1LENR |= RCC_APB1LENR_USART3EN; + + /* Configure USART3: 115200 baud at 64MHz HSI */ + USART3_BRR = 64000000 / 115200; + USART3_CR1 = USART_CR1_UE | USART_CR1_TE; +} + +static void uart_putc(char c) +{ + while (!(USART3_ISR & USART_ISR_TXE)) + ; + USART3_TDR = c; +} + +static void uart_puts(const char *s) +{ + while (*s) { + if (*s == '\n') + uart_putc('\r'); + uart_putc(*s++); + } +} + +/* newlib _write syscall - redirects printf to UART */ +int _write(int fd, const char *buf, int len) +{ + (void)fd; + for (int i = 0; i < len; i++) { + if (buf[i] == '\n') + uart_putc('\r'); + uart_putc(buf[i]); + } + return len; +} + +/* Heap management for malloc - required by printf with format strings */ +extern char __heap_start__; +extern char __heap_end__; + +void *_sbrk(ptrdiff_t incr) +{ + static char *heap_ptr = NULL; + char *prev_heap_ptr; + + if (heap_ptr == NULL) { + heap_ptr = &__heap_start__; + } + + prev_heap_ptr = heap_ptr; + + if (heap_ptr + incr > &__heap_end__) { + /* Out of heap memory */ + return (void *)-1; + } + + heap_ptr += incr; + return prev_heap_ptr; +} + +/* Simple counter for time - used by GENSEED_FORTEST */ +static volatile uint32_t tick_counter = 0; + +/* time() stub for wolfSSL GENSEED_FORTEST */ +#include +time_t time(time_t *t) +{ + tick_counter += 12345; /* Simple pseudo-random increment */ + time_t val = (time_t)tick_counter; + if (t) + *t = val; + return val; +} + +/* Result variable - can be monitored by Renode at fixed address */ +volatile int test_result __attribute__((section(".data"))) = -1; +volatile int test_complete __attribute__((section(".data"))) = 0; + + +int main(int argc, char **argv) +{ + (void)argc; + (void)argv; + + setvbuf(stdin, NULL, _IONBF, 0); + setvbuf(stdout, NULL, _IONBF, 0); + setvbuf(stderr, NULL, _IONBF, 0); + uart_init(); + uart_puts("\n\n=== Starting wolfCrypt test ===\n\n"); + + test_result = wolfcrypt_test(NULL); + test_complete = 1; + + if (test_result == 0) { + uart_puts("\n\n=== wolfCrypt test passed! ===\n"); + } else { + uart_puts("\n\n=== wolfCrypt test FAILED ===\n"); + } + + /* Spin forever after the test completes */ + while (1) { + __asm__ volatile ("wfi"); + } + + return test_result; +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/run-renode.resc mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/run-renode.resc --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/run-renode.resc 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/run-renode.resc 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +# Renode test script for STM32H753 +# Note: @platforms/cpus/stm32h753.repl is relative to Renode root +# If RENODE_ROOT is set, Renode will use it; otherwise it looks for .renode-root file +using sysbus + +mach create "stm32h753" + +# Try relative path first (works if RENODE_ROOT or .renode-root is set correctly) +# If this fails, the absolute path will be tried in entrypoint.sh +machine LoadPlatformDescription @platforms/cpus/stm32h753.repl + +sysbus LoadELF @/opt/firmware/wolfcrypt_test.elf + +# Connect USART3 to the console for wolfCrypt output +showAnalyzer usart3 + +# Start emulation and run for a long time +# The entrypoint script will kill Renode when test completes +emulation RunFor "600s" + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/startup_stm32h753.c mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/startup_stm32h753.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/startup_stm32h753.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/startup_stm32h753.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,101 @@ +/* Minimal startup code for STM32H753 running under Renode */ + +#include +#include + +extern int main(int argc, char** argv); + +void Default_Handler(void); +void Reset_Handler(void); + +/* Symbols provided by the linker script */ +extern unsigned long _estack; +extern unsigned long __data_start__; +extern unsigned long __data_end__; +extern unsigned long __bss_start__; +extern unsigned long __bss_end__; +extern unsigned long _sidata; /* start of .data in flash */ + +/* Minimal init_array support */ +extern void (*__preinit_array_start[])(void); +extern void (*__preinit_array_end[])(void); +extern void (*__init_array_start[])(void); +extern void (*__init_array_end[])(void); + +static void call_init_array(void) +{ + size_t count, i; + + count = __preinit_array_end - __preinit_array_start; + for (i = 0; i < count; i++) + __preinit_array_start[i](); + + count = __init_array_end - __init_array_start; + for (i = 0; i < count; i++) + __init_array_start[i](); +} + +void Reset_Handler(void) +{ + unsigned long *src, *dst; + + /* Copy .data from flash to RAM */ + src = &_sidata; + for (dst = &__data_start__; dst < &__data_end__;) + *dst++ = *src++; + + /* Zero .bss */ + for (dst = &__bss_start__; dst < &__bss_end__;) + *dst++ = 0; + + /* Call static constructors */ + call_init_array(); + + /* Call main */ + (void)main(0, (char**)0); + + /* Infinite loop after main returns */ + while (1) { + __asm__ volatile ("wfi"); + } +} + +void Default_Handler(void) +{ + while (1) { + __asm__ volatile ("wfi"); + } +} + +/* Exception handlers - all weak aliases to Default_Handler */ +void NMI_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void HardFault_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void MemManage_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void BusFault_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void UsageFault_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void SVC_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void DebugMon_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void PendSV_Handler(void) __attribute__((weak, alias("Default_Handler"))); +void SysTick_Handler(void) __attribute__((weak, alias("Default_Handler"))); + +/* Vector table */ +__attribute__ ((section(".isr_vector"), used)) +void (* const g_pfnVectors[])(void) = { + (void (*)(void))(&_estack), /* Initial stack pointer */ + Reset_Handler, /* Reset Handler */ + NMI_Handler, /* NMI Handler */ + HardFault_Handler, /* Hard Fault Handler */ + MemManage_Handler, /* MPU Fault Handler */ + BusFault_Handler, /* Bus Fault Handler */ + UsageFault_Handler, /* Usage Fault Handler */ + 0, /* Reserved */ + 0, /* Reserved */ + 0, /* Reserved */ + 0, /* Reserved */ + SVC_Handler, /* SVCall Handler */ + DebugMon_Handler, /* Debug Monitor Handler */ + 0, /* Reserved */ + PendSV_Handler, /* PendSV Handler */ + SysTick_Handler /* SysTick Handler */ + /* IRQ vectors would continue here */ +}; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h753.ld mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h753.ld --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h753.ld 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h753.ld 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,109 @@ +/* Minimal STM32H753 memory map for Renode run */ +MEMORY +{ + FLASH (rx) : ORIGIN = 0x08000000, LENGTH = 2048K + DTCM (xrw) : ORIGIN = 0x20000000, LENGTH = 128K + RAM (xrw) : ORIGIN = 0x24000000, LENGTH = 512K +} + +_estack = ORIGIN(RAM) + LENGTH(RAM); +_Min_Heap_Size = 128K; +_Min_Stack_Size = 128K; + +ENTRY(Reset_Handler) + +SECTIONS +{ + .isr_vector : + { + . = ALIGN(4); + KEEP(*(.isr_vector)) + . = ALIGN(4); + } > FLASH + + .text : + { + . = ALIGN(4); + *(.text*) + *(.rodata*) + *(.glue_7) + *(.glue_7t) + *(.eh_frame) + . = ALIGN(4); + _etext = .; + } > FLASH + + .ARM.extab : + { + *(.ARM.extab* .gnu.linkonce.armextab.*) + } > FLASH + + .ARM.exidx : + { + __exidx_start = .; + *(.ARM.exidx*) + __exidx_end = .; + } > FLASH + + .preinit_array : + { + PROVIDE_HIDDEN(__preinit_array_start = .); + KEEP(*(.preinit_array*)) + PROVIDE_HIDDEN(__preinit_array_end = .); + } > FLASH + + .init_array : + { + PROVIDE_HIDDEN(__init_array_start = .); + KEEP(*(SORT(.init_array.*))) + KEEP(*(.init_array*)) + PROVIDE_HIDDEN(__init_array_end = .); + } > FLASH + + .fini_array : + { + PROVIDE_HIDDEN(__fini_array_start = .); + KEEP(*(SORT(.fini_array.*))) + KEEP(*(.fini_array*)) + PROVIDE_HIDDEN(__fini_array_end = .); + } > FLASH + + /* Location in flash where .data will be stored */ + _sidata = LOADADDR(.data); + + .data : + { + . = ALIGN(4); + __data_start__ = .; + *(.data*) + . = ALIGN(4); + __data_end__ = .; + } > RAM AT> FLASH + + .bss : + { + . = ALIGN(4); + __bss_start__ = .; + *(.bss*) + *(COMMON) + . = ALIGN(4); + __bss_end__ = .; + } > RAM + + .heap_stack (NOLOAD): + { + . = ALIGN(8); + PROVIDE(__heap_start__ = .); + . = . + _Min_Heap_Size; + PROVIDE(__heap_end__ = .); + PROVIDE(end = __heap_end__); + . = ALIGN(8); + PROVIDE(__stack_start__ = .); + . = . + _Min_Stack_Size; + PROVIDE(__stack_end__ = .); + } > RAM +} + +PROVIDE(_init = 0); +PROVIDE(_fini = 0); + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h7xx_hal_conf.h mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h7xx_hal_conf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h7xx_hal_conf.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/stm32h7xx_hal_conf.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,208 @@ +/* Minimal HAL configuration for STM32H753 wolfCrypt build under Renode. + * RNG and CRYP HAL are enabled. CRYP is used for AES_GCM only (other AES modes disabled). + * HASH is disabled as Renode doesn't implement it. + */ + +#ifndef STM32H7xx_HAL_CONF_H +#define STM32H7xx_HAL_CONF_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------- Module Selection ----------------------------- */ +#define HAL_MODULE_ENABLED +#define HAL_CORTEX_MODULE_ENABLED +#define HAL_RCC_MODULE_ENABLED +#define HAL_GPIO_MODULE_ENABLED +#define HAL_RNG_MODULE_ENABLED +#define HAL_CRYP_MODULE_ENABLED /* Enabled for AES_GCM only */ +/* #define HAL_HASH_MODULE_ENABLED */ /* Disabled - Renode doesn't implement HASH */ +#define HAL_DMA_MODULE_ENABLED +#define HAL_FLASH_MODULE_ENABLED +#define HAL_PWR_MODULE_ENABLED +#define HAL_EXTI_MODULE_ENABLED + +/* Disabled modules (explicit for clarity) */ +/* #define HAL_SDRAM_MODULE_ENABLED */ + +/* ------------------------- Oscillator Values ---------------------------- */ +#if !defined(HSE_VALUE) +#define HSE_VALUE 25000000UL /* External oscillator frequency in Hz */ +#endif + +#if !defined(HSE_STARTUP_TIMEOUT) +#define HSE_STARTUP_TIMEOUT 100UL /* Time out for HSE start up in ms */ +#endif + +#if !defined(CSI_VALUE) +#define CSI_VALUE 4000000UL /* Internal oscillator CSI in Hz */ +#endif + +#if !defined(HSI_VALUE) +#define HSI_VALUE 64000000UL /* Internal oscillator HSI in Hz */ +#endif + +#if !defined(HSI48_VALUE) +#define HSI48_VALUE 48000000UL /* Value of the Internal High Speed oscillator for USB in Hz */ +#endif + +#if !defined(LSE_VALUE) +#define LSE_VALUE 32768UL /* External low speed oscillator in Hz */ +#endif + +#if !defined(LSE_STARTUP_TIMEOUT) +#define LSE_STARTUP_TIMEOUT 5000UL /* Time out for LSE start up in ms */ +#endif + +#if !defined(LSI_VALUE) +#define LSI_VALUE 32000UL /* Internal low speed oscillator in Hz */ +#endif + +#if !defined(EXTERNAL_CLOCK_VALUE) +#define EXTERNAL_CLOCK_VALUE 12288000UL /* External audio clock in Hz */ +#endif + +/* ------------------------- System Configuration -------------------------- */ +#define VDD_VALUE 3300UL /* Value of VDD in mV */ +#define TICK_INT_PRIORITY 0x0FUL /* Tick interrupt priority */ +#define USE_RTOS 0U +#define PREFETCH_ENABLE 0U +#define USE_HAL_ADC_REGISTER_CALLBACKS 0U +#define USE_HAL_CEC_REGISTER_CALLBACKS 0U +#define USE_HAL_COMP_REGISTER_CALLBACKS 0U +#define USE_HAL_CORDIC_REGISTER_CALLBACKS 0U +#define USE_HAL_CRYP_REGISTER_CALLBACKS 0U +#define USE_HAL_DAC_REGISTER_CALLBACKS 0U +#define USE_HAL_DCMI_REGISTER_CALLBACKS 0U +#define USE_HAL_DFSDM_REGISTER_CALLBACKS 0U +#define USE_HAL_DMA_REGISTER_CALLBACKS 0U +#define USE_HAL_DMA2D_REGISTER_CALLBACKS 0U +#define USE_HAL_DSI_REGISTER_CALLBACKS 0U +#define USE_HAL_DTS_REGISTER_CALLBACKS 0U +#define USE_HAL_ETH_REGISTER_CALLBACKS 0U +#define USE_HAL_FDCAN_REGISTER_CALLBACKS 0U +#define USE_HAL_FMAC_REGISTER_CALLBACKS 0U +#define USE_HAL_GFXMMU_REGISTER_CALLBACKS 0U +#define USE_HAL_HASH_REGISTER_CALLBACKS 0U +#define USE_HAL_HCD_REGISTER_CALLBACKS 0U +#define USE_HAL_HRTIM_REGISTER_CALLBACKS 0U +#define USE_HAL_I2C_REGISTER_CALLBACKS 0U +#define USE_HAL_I2S_REGISTER_CALLBACKS 0U +#define USE_HAL_IRDA_REGISTER_CALLBACKS 0U +#define USE_HAL_JPEG_REGISTER_CALLBACKS 0U +#define USE_HAL_LPTIM_REGISTER_CALLBACKS 0U +#define USE_HAL_LTDC_REGISTER_CALLBACKS 0U +#define USE_HAL_MDIOS_REGISTER_CALLBACKS 0U +#define USE_HAL_MMC_REGISTER_CALLBACKS 0U +#define USE_HAL_NAND_REGISTER_CALLBACKS 0U +#define USE_HAL_NOR_REGISTER_CALLBACKS 0U +#define USE_HAL_OPAMP_REGISTER_CALLBACKS 0U +#define USE_HAL_OSPI_REGISTER_CALLBACKS 0U +#define USE_HAL_OTFDEC_REGISTER_CALLBACKS 0U +#define USE_HAL_PCD_REGISTER_CALLBACKS 0U +#define USE_HAL_PSSI_REGISTER_CALLBACKS 0U +#define USE_HAL_QSPI_REGISTER_CALLBACKS 0U +#define USE_HAL_RNG_REGISTER_CALLBACKS 0U +#define USE_HAL_RTC_REGISTER_CALLBACKS 0U +#define USE_HAL_SAI_REGISTER_CALLBACKS 0U +#define USE_HAL_SD_REGISTER_CALLBACKS 0U +#define USE_HAL_SDRAM_REGISTER_CALLBACKS 0U +#define USE_HAL_SMARTCARD_REGISTER_CALLBACKS 0U +#define USE_HAL_SMBUS_REGISTER_CALLBACKS 0U +#define USE_HAL_SPDIFRX_REGISTER_CALLBACKS 0U +#define USE_HAL_SPI_REGISTER_CALLBACKS 0U +#define USE_HAL_SRAM_REGISTER_CALLBACKS 0U +#define USE_HAL_SWPMI_REGISTER_CALLBACKS 0U +#define USE_HAL_TIM_REGISTER_CALLBACKS 0U +#define USE_HAL_UART_REGISTER_CALLBACKS 0U +#define USE_HAL_USART_REGISTER_CALLBACKS 0U +#define USE_HAL_WWDG_REGISTER_CALLBACKS 0U +#define USE_HAL_XSPI_REGISTER_CALLBACKS 0U + +/* ------------------------- SPI peripheral configuration ------------------ */ +#define USE_SPI_CRC 0U + +/* ------------------------- Assertion ------------------------------------- */ +/* #define USE_FULL_ASSERT 1U */ +#define assert_param(expr) ((void)0U) + +/* ------------------------- Ethernet Configuration ------------------------ */ +#define ETH_TX_DESC_CNT 4U +#define ETH_RX_DESC_CNT 4U +#define ETH_MAC_ADDR0 0x02U +#define ETH_MAC_ADDR1 0x00U +#define ETH_MAC_ADDR2 0x00U +#define ETH_MAC_ADDR3 0x00U +#define ETH_MAC_ADDR4 0x00U +#define ETH_MAC_ADDR5 0x00U + +/* ------------------------- Include HAL headers --------------------------- */ +/** + * @brief Include module's header file + */ + +#ifdef HAL_RCC_MODULE_ENABLED + #include "stm32h7xx_hal_rcc.h" +#endif /* HAL_RCC_MODULE_ENABLED */ + +#ifdef HAL_GPIO_MODULE_ENABLED + #include "stm32h7xx_hal_gpio.h" +#endif /* HAL_GPIO_MODULE_ENABLED */ + +#ifdef HAL_DMA_MODULE_ENABLED + #include "stm32h7xx_hal_dma.h" +#endif /* HAL_DMA_MODULE_ENABLED */ + +#ifdef HAL_CORTEX_MODULE_ENABLED + #include "stm32h7xx_hal_cortex.h" +#endif /* HAL_CORTEX_MODULE_ENABLED */ + +#ifdef HAL_EXTI_MODULE_ENABLED + #include "stm32h7xx_hal_exti.h" +#endif /* HAL_EXTI_MODULE_ENABLED */ + +#ifdef HAL_FLASH_MODULE_ENABLED + #include "stm32h7xx_hal_flash.h" +#endif /* HAL_FLASH_MODULE_ENABLED */ + +#ifdef HAL_PWR_MODULE_ENABLED + #include "stm32h7xx_hal_pwr.h" +#endif /* HAL_PWR_MODULE_ENABLED */ + +#ifdef HAL_RNG_MODULE_ENABLED + #include "stm32h7xx_hal_rng.h" +#endif /* HAL_RNG_MODULE_ENABLED */ + +/* CRYP enabled for AES_GCM only */ +#ifdef HAL_CRYP_MODULE_ENABLED + #include "stm32h7xx_hal_cryp.h" +#endif + +/* #ifdef HAL_HASH_MODULE_ENABLED + #include "stm32h7xx_hal_hash.h" +#endif */ + +/* Exported macro ------------------------------------------------------------*/ +#ifdef USE_FULL_ASSERT +/** + * @brief The assert_param macro is used for function's parameters check. + * @param expr: If expr is false, it calls assert_failed function + * which reports the name of the source file and the source + * line number of the call that failed. + * If expr is true, it returns no value. + * @retval None + */ + #define assert_param(expr) ((expr) ? (void)0U : assert_failed((uint8_t *)__FILE__, __LINE__)) +/* Exported functions ------------------------------------------------------- */ + void assert_failed(uint8_t *file, uint32_t line); +#else + #define assert_param(expr) ((void)0U) +#endif /* USE_FULL_ASSERT */ + +#ifdef __cplusplus +} +#endif + +#endif /* STM32H7xx_HAL_CONF_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/toolchain-arm-none-eabi.cmake mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/toolchain-arm-none-eabi.cmake --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/toolchain-arm-none-eabi.cmake 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/toolchain-arm-none-eabi.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +set(CMAKE_SYSTEM_NAME Generic) +set(CMAKE_SYSTEM_PROCESSOR arm) + +set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY) + +set(CMAKE_C_COMPILER arm-none-eabi-gcc) +set(CMAKE_CXX_COMPILER arm-none-eabi-g++) +set(CMAKE_ASM_COMPILER arm-none-eabi-gcc) + +set(CMAKE_AR arm-none-eabi-ar) +set(CMAKE_RANLIB arm-none-eabi-ranlib) + +set(CMAKE_C_STANDARD 11) + +set(CPU_FLAGS "-mcpu=cortex-m7 -mthumb -mfpu=fpv5-d16 -mfloat-abi=hard") +set(OPT_FLAGS "-Os -ffunction-sections -fdata-sections") +set(CMSIS_INCLUDES "-I/opt/cmsis-device-h7/Include -I/opt/CMSIS_5/CMSIS/Core/Include -I/opt/firmware") + +set(CMAKE_C_FLAGS_INIT "${CPU_FLAGS} ${OPT_FLAGS} ${CMSIS_INCLUDES} -DSTM32H753xx") +set(CMAKE_CXX_FLAGS_INIT "${CPU_FLAGS} ${OPT_FLAGS} ${CMSIS_INCLUDES} -DSTM32H753xx") +set(CMAKE_ASM_FLAGS_INIT "${CPU_FLAGS}") + +set(CMAKE_EXE_LINKER_FLAGS_INIT "-Wl,--gc-sections -static") + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/user_settings.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/renode-test/stm32h753/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,95 @@ +/* user_settings_renode.h - wolfSSL/wolfCrypt configuration for STM32H753 under Renode + * + * Minimal, semihosting-friendly build for Cortex-M7 / STM32H753. + * Hardware RNG and CRYPTO (AES-GCM only) are enabled via Renode's STM32H753 emulation. + * HASH is disabled as Renode doesn't implement the HASH peripheral. + */ + +#ifndef USER_SETTINGS_RENODE_H +#define USER_SETTINGS_RENODE_H + +/* ------------------------- Platform ------------------------------------- */ +#define WOLFSSL_ARM_CORTEX_M +#define WOLFSSL_STM32H7 /* STM32H7 series (includes H753) */ +#define WOLFSSL_STM32_CUBEMX /* Use STM32 HAL for CRYPTO */ +/* NO_STM32_CRYPTO is NOT defined, so CRYPTO will be enabled */ +/* Disable HASH - Renode doesn't implement HASH peripheral */ +#define NO_STM32_HASH + +/* Required for consistent math library settings (CTC_SETTINGS) */ +#define SIZEOF_LONG 4 +#define SIZEOF_LONG_LONG 8 + +/* ------------------------- Threading / OS ------------------------------- */ +#define SINGLE_THREADED + +/* ------------------------- Filesystem / I/O ----------------------------- */ +#define WOLFSSL_NO_CURRDIR +#define NO_FILESYSTEM +#define NO_WRITEV + +/* ------------------------- wolfCrypt Only ------------------------------- */ +#define WOLFCRYPT_ONLY +#define NO_DH +#define NO_DSA +/* Disable DES/3DES - Renode CRYPTO only supports AES_GCM */ +#define NO_DES +#define NO_DES3 + +/* ------------------------- AES Mode Configuration ----------------------- */ +/* Disable all AES modes except GCM - Renode CRYPTO only supports AES_GCM */ +/* NO_AES_CBC prevents HAVE_AES_CBC from being defined in settings.h */ +#define NO_AES_CBC + +/* ------------------------- RNG Configuration ---------------------------- */ +/* Enable STM32 hardware RNG (emulated by Renode) using direct register access */ +#define WOLFSSL_STM32_RNG_NOLIB +/* NO_STM32_RNG is NOT defined, so STM32_RNG will be auto-enabled */ +#define NO_DEV_RANDOM +#define HAVE_HASHDRBG + +/* ------------------------- Math Library --------------------------------- */ +/* Use SP Math (Single Precision) - modern, efficient, and secure */ +#define WOLFSSL_SP_MATH_ALL +#define WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_ARM_CORTEX_M_ASM +#define SP_WORD_SIZE 32 + +/* ------------------------- Crypto Hardening ----------------------------- */ +#define WC_RSA_BLINDING +#define ECC_TIMING_RESISTANT + +/* ------------------------- Size Optimization ---------------------------- */ +#define WOLFSSL_SMALL_STACK + +/* ------------------------- Test Configuration --------------------------- */ +/* Use smaller key sizes for faster test runs in emulation */ +#define BENCH_EMBEDDED + +/* Use our own main() instead of the one in test.c */ +#define NO_MAIN_DRIVER + +/* ------------------------- Post-options.h cleanup ----------------------- */ +/* Ensure unsupported AES modes stay disabled even after options.h processing */ +/* These undefs will be processed after options.h includes, preventing + * Renode-unsupported modes from being used */ +#ifdef HAVE_AES_CBC +#undef HAVE_AES_CBC +#endif +#ifdef HAVE_AES_ECB +#undef HAVE_AES_ECB +#endif +#ifdef HAVE_AES_CTR +#undef HAVE_AES_CTR +#endif +#ifdef HAVE_AES_CFB +#undef HAVE_AES_CFB +#endif +#ifdef HAVE_AES_OFB +#undef HAVE_AES_OFB +#endif + +#endif /* USER_SETTINGS_RENODE_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/scripts/openssl-ech.sh mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/openssl-ech.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/scripts/openssl-ech.sh 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/openssl-ech.sh 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,192 @@ +#!/bin/bash + +set -e + +cleanup() { + if [ -f "$TMP_LOG" ]; then + cat "$TMP_LOG" + rm -f "$TMP_LOG" + fi +} +trap cleanup EXIT + +usage() { + echo "Usage: $0 [--suite ] [--workspace ]" + exit 1 +} + +MODE="" +SUITE="" + +WORKSPACE=${GITHUB_WORKSPACE:-"."} + +if [ $# -lt 1 ]; then + usage +fi + +case "$1" in + client|server) MODE="$1" ;; + *) usage ;; +esac +shift + +while [ $# -gt 0 ]; do + case "$1" in + --suite) + [ -z "$2" ] && { echo "ERROR: --suite requires a value"; exit 1; } + SUITE="$2" + shift 2 + echo "" + echo "Using suite: $SUITE" + echo "" + ;; + --workspace) + [ -z "$2" ] && { echo "ERROR: --workspace requires a value"; exit 1; } + WORKSPACE="$2" + shift 2 + ;; + *) echo "Unknown argument: $1"; usage ;; + esac +done + +OPENSSL=${OPENSSL:-"openssl"} +WOLFSSL_CLIENT=${WOLFSSL_CLIENT:-"$WORKSPACE/examples/client/client"} +WOLFSSL_SERVER=${WOLFSSL_SERVER:-"$WORKSPACE/examples/server/server"} +CERT_DIR=${CERT_DIR:-"$WORKSPACE/certs"} + +TMP_LOG="$WORKSPACE/tmp_file.log" +PRIV_NAME="ech-private-name.com" +PUB_NAME="ech-public-name.com" +MAX_WAIT=50 + +openssl_server(){ + local ech_file="$WORKSPACE/ech_config.pem" + local ech_config="" + local port="" + + rm -f "$ech_file" + + $OPENSSL ech -public_name "$PUB_NAME" -out "$ech_file" $SUITE &>> "$TMP_LOG" + + # parse ECH config from file + ech_config=$(sed -n '/BEGIN ECHCONFIG/,/END ECHCONFIG/{/BEGIN ECHCONFIG\|END ECHCONFIG/d;p}' "$ech_file" | tr -d '\n') + echo "parsed ech config: $ech_config" &>> "$TMP_LOG" + + # start OpenSSL ECH server with ephemeral port and make sure it is + # line-buffered + stdbuf -oL $OPENSSL s_server \ + -tls1_3 \ + -cert "$CERT_DIR/server-cert.pem" \ + -key "$CERT_DIR/server-key.pem" \ + -cert2 "$CERT_DIR/server-cert.pem" \ + -key2 "$CERT_DIR/server-key.pem" \ + -ech_key "$ech_file" \ + -servername "$PRIV_NAME" \ + -accept 0 \ + -naccept 1 \ + &>> "$TMP_LOG" <<< "wolfssl!" & + + # wait for server port to be ready and capture it + counter=0 + while [ -z "$port" ]; do + port=$(grep -m1 "ACCEPT" "$TMP_LOG" | sed 's/.*:\([0-9]*\)$/\1/') + sleep 0.1 + counter=$((counter + 1)) + if [ "$counter" -gt "$MAX_WAIT" ]; then + echo "ERROR: server port not found" &>> "$TMP_LOG" + exit 1 + fi + done + echo "parsed port: $port" &>> "$TMP_LOG" + + # test with wolfssl client + $WOLFSSL_CLIENT -v 4 \ + -p "$port" \ + -S "$PRIV_NAME" \ + --ech "$ech_config" \ + &>> "$TMP_LOG" + + rm -f "$ech_file" + + grep -q "ech_success=1" "$TMP_LOG" +} + +openssl_client(){ + local ready_file="$WORKSPACE/wolfssl_tls13_ready$$" + local ech_config="" + local port=0 + + rm -f "$ready_file" + + # start server with ephemeral port + ready file + # also set server to be line buffered so the log can be grepped + stdbuf -oL $WOLFSSL_SERVER \ + -v 4 \ + -R "$ready_file" \ + -p "$port" \ + -S "$PRIV_NAME" \ + --ech "$PUB_NAME" \ + $SUITE \ + &>> "$TMP_LOG" & + + # wait for server to be ready, then get port + counter=0 + while [ ! -s "$ready_file" ]; do + sleep 0.1 + counter=$((counter + 1)) + if [ "$counter" -gt "$MAX_WAIT" ]; then + echo "ERROR: no ready file" &>> "$TMP_LOG" + exit 1 + fi + done + port="$(cat "$ready_file")" + rm -f "$ready_file" + echo "parsed port: $port" &>> "$TMP_LOG" + + # get ECH config from server + counter=0 + while [ -z "$ech_config" ]; do + ech_config=$(grep -m1 "ECH config (base64): " "$TMP_LOG" \ + 2>/dev/null | sed 's/ECH config (base64): //g') + sleep 0.1 + counter=$((counter + 1)) + if [ "$counter" -gt "$MAX_WAIT" ]; then + echo "ERROR: no ECH configs" &>> "$TMP_LOG" + exit 1 + fi + done + echo "parsed ech config: $ech_config" &>> "$TMP_LOG" + + # Test with OpenSSL s_client using ECH + echo "wolfssl" | $OPENSSL s_client \ + -tls1_3 \ + -connect "localhost:$port" \ + -cert "$CERT_DIR/client-cert.pem" \ + -key "$CERT_DIR/client-key.pem" \ + -CAfile "$CERT_DIR/ca-cert.pem" \ + -servername "$PRIV_NAME" \ + -ech_config_list "$ech_config" \ + &>> "$TMP_LOG" + + grep -q "ECH: success: 1" "$TMP_LOG" +} + +rm -f "$TMP_LOG" + +case "$MODE" in + server) + if [ -n "$SUITE" ]; then + SUITE="-suite $SUITE" + fi + openssl_server + ;; + client) + if [ -n "$SUITE" ]; then + SUITE="--ech-suite $SUITE" + fi + openssl_client + ;; + *) + exit 1 + ;; +esac diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/scripts/tls-anvil-test.sh mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/tls-anvil-test.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/scripts/tls-anvil-test.sh 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/scripts/tls-anvil-test.sh 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,285 @@ +#!/bin/bash +# +# TLS-Anvil RFC compliance test script for wolfSSL +# Usage: ./tls-anvil-test.sh [extra_configure_flags] +# mode: 'server' or 'client' +# extra_configure_flags: additional ./configure options (optional) +# +# This script: +# 1. Builds wolfSSL with appropriate TLS options +# 2. Runs TLS-Anvil Docker container against wolfSSL +# 3. Collects and reports results +# +# Must be run from the wolfSSL source root directory. + +set -e + +MODE="${1:-server}" +EXTRA_FLAGS="${2:-}" + +# Unique name for port/container isolation (set externally or default) +TEST_NAME="${TLS_ANVIL_TEST_NAME:-default}" + +RESULTS_DIR="tls-anvil-results" +TLS_ANVIL_IMAGE="ghcr.io/tls-attacker/tlsanvil:latest" +TIMEOUT_SECONDS=3600 +STRENGTH="${TLS_ANVIL_STRENGTH:-1}" + +# Derive a unique port from the test name to avoid conflicts on parallel runs. +# Produces a port in the range 11111-11999. +PORT_HASH=$(echo -n "$TEST_NAME" | cksum | awk '{print $1}') +WOLFSSL_PORT=$((11111 + (PORT_HASH % 889))) + +# Unique container name per run +CONTAINER_NAME="tls-anvil-${TEST_NAME}-$$" + +log_info() { echo "[INFO] $1"; } +log_warn() { echo "[WARN] $1"; } +log_error() { echo "[ERROR] $1"; } + +cleanup() { + log_info "Cleaning up..." + if [[ -f "$RESULTS_DIR/server.pid" ]]; then + local pid + pid=$(cat "$RESULTS_DIR/server.pid") + kill "$pid" 2>/dev/null || true + wait "$pid" 2>/dev/null || true + rm -f "$RESULTS_DIR/server.pid" + fi + if command -v fuser &> /dev/null; then + fuser -k "${WOLFSSL_PORT}/tcp" 2>/dev/null || true + fi + docker rm -f "$CONTAINER_NAME" 2>/dev/null || true + sleep 1 +} + +ensure_port_available() { + local port=$1 + local attempt=0 + + if command -v fuser &> /dev/null; then + fuser -k "${port}/tcp" 2>/dev/null || true + elif command -v lsof &> /dev/null; then + lsof -ti:"${port}" | xargs kill -9 2>/dev/null || true + fi + + while [ $attempt -lt 10 ]; do + if ! (ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null) | grep -q ":${port} "; then + return 0 + fi + log_warn "Port ${port} still in use, waiting..." + sleep 1 + attempt=$((attempt + 1)) + done + + log_error "Port ${port} still in use after 10 attempts" + return 1 +} + +trap cleanup EXIT + +# Clear any state from a previous run +cleanup + +if [[ "$MODE" != "server" && "$MODE" != "client" ]]; then + log_error "Invalid mode: $MODE. Must be 'server' or 'client'" + exit 1 +fi + +log_info "TLS-Anvil Test - Mode: $MODE, Test: $TEST_NAME (port: $WOLFSSL_PORT)" +log_info "Extra configure flags: $EXTRA_FLAGS" + +mkdir -p "$RESULTS_DIR" + +# --------------------------------------------------------------------------- +# Build wolfSSL +# --------------------------------------------------------------------------- +log_info "Building wolfSSL..." +./autogen.sh + +CONFIGURE_OPTS="--enable-asn=all" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-ocspstapling" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-tlsx" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-dtls" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-opensslextra" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-opensslall" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-supportedcurves" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-session-ticket" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-sni" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-alpn" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-truncatedhmac" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-extended-master" +CONFIGURE_OPTS="$CONFIGURE_OPTS --enable-enc-then-mac" +CONFIGURE_OPTS="$CONFIGURE_OPTS CPPFLAGS=-DWOLFSSL_EXTRA_ALERTS" + +if [[ -n "$EXTRA_FLAGS" ]]; then + CONFIGURE_OPTS="$CONFIGURE_OPTS $EXTRA_FLAGS" +fi + +log_info "Configure options: $CONFIGURE_OPTS" +# shellcheck disable=SC2086 +./configure $CONFIGURE_OPTS + +make clean +make -j"$(nproc)" + +# --------------------------------------------------------------------------- +# Server mode: wolfSSL listens, TLS-Anvil probes as client +# --------------------------------------------------------------------------- +if [[ "$MODE" == "server" ]]; then + log_info "Starting wolfSSL server on port $WOLFSSL_PORT..." + ensure_port_available "$WOLFSSL_PORT" + + if [[ ! -f "certs/server-cert.pem" ]] || [[ ! -f "certs/server-key.pem" ]]; then + log_error "Certificate files not found in certs/ directory" + exit 1 + fi + + # Wrapper loop: restarts the server if it exits so TLS-Anvil can reconnect + # between test cases without the whole run failing. + cat > "$RESULTS_DIR/run-server.sh" << 'SERVERSCRIPT' +#!/bin/bash +CHILD_PID= +cleanup() { + [[ -n "$CHILD_PID" ]] && kill "$CHILD_PID" 2>/dev/null; wait "$CHILD_PID" 2>/dev/null + exit 0 +} +trap cleanup SIGTERM SIGINT +while true; do + ./examples/server/server -p "$1" -C 4 -r -i -d -x \ + -c certs/server-cert.pem -k certs/server-key.pem -v d 2>&1 & + CHILD_PID=$! + wait "$CHILD_PID" + echo "Server exited, restarting in 1 second..." + sleep 1 +done +SERVERSCRIPT + chmod +x "$RESULTS_DIR/run-server.sh" + + "$RESULTS_DIR/run-server.sh" "$WOLFSSL_PORT" > "$RESULTS_DIR/server.log" 2>&1 & + SERVER_PID=$! + echo "$SERVER_PID" > "$RESULTS_DIR/server.pid" + sleep 1 + + if ! kill -0 "$SERVER_PID" 2>/dev/null; then + log_error "wolfSSL server failed to start" + cat "$RESULTS_DIR/server.log" || true + exit 1 + fi + + log_info "wolfSSL server started (PID: $SERVER_PID)" + + if command -v openssl &> /dev/null; then + log_info "Quick connectivity check..." + echo "Q" | timeout 5 openssl s_client \ + -connect "127.0.0.1:$WOLFSSL_PORT" -tls1_2 2>&1 | head -5 \ + || log_warn "Pre-check had issues (not fatal)" + fi + + log_info "Running TLS-Anvil (client mode, timeout: ${TIMEOUT_SECONDS}s, strength: $STRENGTH)..." + ANVIL_EXIT_CODE=0 + timeout "$TIMEOUT_SECONDS" docker run --rm \ + --name "$CONTAINER_NAME" \ + --network host \ + -v "$(pwd)/$RESULTS_DIR:/output" \ + "$TLS_ANVIL_IMAGE" \ + -outputFolder /output \ + -parallelHandshakes 4 \ + -strength "$STRENGTH" \ + -connectionTimeout 200 \ + server \ + -connect "127.0.0.1:$WOLFSSL_PORT" \ + || ANVIL_EXIT_CODE=$? + + log_info "Stopping wolfSSL server..." + kill "$SERVER_PID" 2>/dev/null || true + wait "$SERVER_PID" 2>/dev/null || true + + if [[ "$ANVIL_EXIT_CODE" -ne 0 ]]; then + log_warn "TLS-Anvil exited $ANVIL_EXIT_CODE - last 50 lines of server log:" + tail -50 "$RESULTS_DIR/server.log" || true + fi + +# --------------------------------------------------------------------------- +# Client mode: TLS-Anvil listens, wolfSSL connects on each test case +# --------------------------------------------------------------------------- +else + log_info "Running TLS-Anvil (server mode, wolfSSL as client, timeout: ${TIMEOUT_SECONDS}s)..." + ensure_port_available "$WOLFSSL_PORT" + + WOLFSSL_DIR="$(pwd)" + + # TLS-Anvil calls this script once per test case to trigger a client connection. + cat > "$RESULTS_DIR/trigger-client.sh" << EOF +#!/bin/bash +cd "$WOLFSSL_DIR" +exec ./examples/client/client -h "127.0.0.1" -p "$WOLFSSL_PORT" -d -g -v d +EOF + chmod +x "$RESULTS_DIR/trigger-client.sh" + + ANVIL_EXIT_CODE=0 + timeout "$TIMEOUT_SECONDS" docker run --rm \ + --name "$CONTAINER_NAME" \ + --network host \ + -v "$(pwd)/$RESULTS_DIR:/output" \ + -v "$WOLFSSL_DIR:$WOLFSSL_DIR" \ + "$TLS_ANVIL_IMAGE" \ + -outputFolder /output \ + -parallelHandshakes 3 \ + -parallelTests 3 \ + -strength "$STRENGTH" \ + client \ + -port "$WOLFSSL_PORT" \ + -triggerScript "$WOLFSSL_DIR/$RESULTS_DIR/trigger-client.sh" \ + || ANVIL_EXIT_CODE=$? +fi + +# --------------------------------------------------------------------------- +# Results +# --------------------------------------------------------------------------- +log_info "Checking results..." + +if [[ -f "$RESULTS_DIR/report.json" ]]; then + log_info "report.json found" + if command -v jq &> /dev/null; then + TOTAL=$(jq '.TotalTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + PASS=$( jq '.StrictlySucceededTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + CONCEPT=$(jq '.ConceptuallySucceededTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + PARTIAL=$(jq '.PartiallyFailedTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + FAIL=$( jq '.FullyFailedTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + DISABLED=$(jq '.DisabledTests // "N/A"' "$RESULTS_DIR/report.json" 2>/dev/null || echo "N/A") + log_info " Total: $TOTAL" + log_info " Strictly Passed: $PASS" + log_info " Conceptually OK: $CONCEPT" + log_info " Partially Failed: $PARTIAL" + log_info " Fully Failed: $FAIL" + log_info " Disabled: $DISABLED" + + cat > "$RESULTS_DIR/summary.txt" << EOF +TLS-Anvil Test Summary +====================== +Mode: $MODE +Date: $(date) +Config: $CONFIGURE_OPTS + +Results: + Total: $TOTAL + Strictly Passed: $PASS + Conceptually OK: $CONCEPT + Partially Failed: $PARTIAL + Fully Failed: $FAIL + Disabled: $DISABLED +EOF + fi +else + log_warn "No report.json found" + ls -la "$RESULTS_DIR/" || true +fi + +if [[ "$ANVIL_EXIT_CODE" -ne 0 ]]; then + log_error "TLS-Anvil exited with code $ANVIL_EXIT_CODE" + # Exit non-zero so the workflow step is marked failed + exit "$ANVIL_EXIT_CODE" +fi + +log_info "TLS-Anvil testing complete" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ada.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ada.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ada.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ada.yml 2026-05-24 09:58:33.000000000 +0000 @@ -13,22 +13,61 @@ runs-on: ubuntu-latest steps: - - uses: actions/checkout@master + - uses: actions/checkout@v4 - - name: Install gnat + - name: Install alire + uses: alire-project/setup-alire@v5 + + - name: Install wolfssl Ada + working-directory: ./wrapper/Ada + run: alr install + + - name: Build default.gpr + working-directory: ./wrapper/Ada + run: alr exec -- gprbuild default.gpr -j$(nproc) + + - name: Run Ada wrapper tests + working-directory: ./wrapper/Ada/tests + run: alr run + + - name: Run Ada examples + id: examples + working-directory: ./wrapper/Ada/examples run: | - sudo apt-get update - sudo apt-get install -y gnat gprbuild + alr build + + echo "Running sha256_main example..." + alr run sha256_main - - name: Checkout wolfssl - uses: actions/checkout@master - with: - repository: wolfssl/wolfssl - path: wolfssl + echo "Running aes_verify_main example..." + alr run aes_verify_main - - name: Build wolfssl Ada - working-directory: ./wolfssl/wrapper/Ada + echo "Running rsa_verify_main example..." + alr run rsa_verify_main + + echo "Running TLS server/client example..." + alr run tls_server_main &> server.log & + SERVER_PID=$! + sleep 1 + echo "test message" | alr run tls_client_main --args=127.0.0.1 + kill $SERVER_PID || true + + - name: show errors + if: ${{ failure() && steps.examples.outcome == 'failure' }} + run: cat ./wrapper/Ada/examples/server.log + + - name: Run Ada wrapper tests (valgrind) + working-directory: ./wrapper/Ada/tests run: | - mkdir obj - gprbuild default.gpr - gprbuild examples.gpr + sudo apt-get update + sudo apt-get install -y valgrind + valgrind --leak-check=full --error-exitcode=1 \ + --suppressions=valgrind.supp ./bin/tests + + - name: Run gnatprove on wolfssl + working-directory: ./wrapper/Ada + run: alr gnatprove --level=4 -P wolfssl.gpr -j 0 --warnings=error --checks-as-errors --proof-warnings -U + + - name: Run gnatprove on examples + working-directory: ./wrapper/Ada/examples + run: alr gnatprove --level=4 -P examples.gpr -j 0 --warnings=error --checks-as-errors --proof-warnings -U diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/arduino.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/arduino.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/arduino.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/arduino.yml 2026-05-24 09:58:33.000000000 +0000 @@ -59,7 +59,7 @@ pull_request: branches: [ '**' ] paths: - - 'github/workflows/arduino.yml' + - '.github/workflows/arduino.yml' - 'IDE/ARDUINO/**' - 'src/**' - 'wolfcrypt/**' @@ -94,11 +94,9 @@ - arduino:avr:nano - arduino:avr:uno - arduino:avr:yun - - arduino:samd:mkrwifi1010 - arduino:samd:mkr1000 - arduino:samd:mkrfox1200 - arduino:mbed_edge:edge_control - - arduino:mbed_nano:nanorp2040connect - arduino:mbed_portenta:envie_m7 - arduino:mbed_portenta:portenta_x8 - arduino:renesas_uno:unor4wifi @@ -122,6 +120,15 @@ REPO_OWNER: ${{ github.repository_owner }} steps: + - name: Free disk space + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android + sudo rm -rf /opt/ghc + sudo rm -rf /opt/hostedtoolcache/CodeQL + sudo apt-get clean + df -h + - name: Checkout Repository uses: actions/checkout@v4 @@ -248,7 +255,8 @@ path: | ~/.arduino15 ~/.cache/arduino - ~/.arduino15/staging + # Exclude staging directory from cache to save space + !~/.arduino15/staging # Arduino libraries # Specific to Arduino CI Build (2 of 4) Arduinbo Release wolfSSL for Local Examples @@ -405,6 +413,9 @@ WOLFSSL_EXAMPLES_DIRECTORY="$ARDUINO_ROOT/wolfssl/examples" echo "WOLFSSL_EXAMPLES_DIRECTORY: $WOLFSSL_EXAMPLES_DIRECTORY" + # Limit the number of jobs to 1 to avoid running out of memory + export ARDUINO_CLI_MAX_JOBS=1 + echo "Change directory to Arduino examples..." pushd "$WOLFSSL_EXAMPLES_DIRECTORY" chmod +x ./compile-all-examples.sh @@ -416,3 +427,37 @@ bash ./compile-all-examples.sh ./board_list.txt "${{ matrix.fqbn }}" popd # End Compile Arduino Sketches for Various Boards + + - name: Cleanup to Save Disk Space + if: always() + run: | + echo "Disk usage before cleanup:" + df -h + echo "" + echo "Cleaning up build artifacts and temporary files..." + + # Clean up Arduino build artifacts + find ~/Arduino -name "*.hex" -delete 2>/dev/null || true + find ~/Arduino -name "*.elf" -delete 2>/dev/null || true + find ~/Arduino -name "*.bin" -delete 2>/dev/null || true + find ~/Arduino -name "build" -type d -exec rm -rf {} + 2>/dev/null || true + + rm -rf ~/.arduino15/packages/esp32/tools || true + rm -rf ~/.arduino15/packages/esp32/hardware || true + rm -rf ~/.espressif || true + + # Clean up staging directories + rm -rf ~/.arduino15/staging/* || true + rm -rf ~/.cache/arduino/* || true + + # Clean up git clone of wolfssl-examples + GITHUB_WORK=$(realpath "$GITHUB_WORKSPACE/../..") + rm -rf "$GITHUB_WORK/wolfssl-examples-publish" || true + + # Clean up any temporary files in workspace + find "$GITHUB_WORKSPACE" -name "*.o" -delete 2>/dev/null || true + find "$GITHUB_WORKSPACE" -name "*.a" -delete 2>/dev/null || true + + echo "" + echo "Disk usage after cleanup:" + df -h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/async-examples.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async-examples.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/async-examples.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async-examples.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,111 @@ +name: Async Examples + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + async_examples: + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 10 + strategy: + fail-fast: false + matrix: + async_mode: ['sw', 'cryptocb'] + extra_cflags: + - '' + - '-DWOLFSSL_SMALL_CERT_VERIFY' + - '-DWOLFSSL_STATIC_MEMORY' + name: Async Examples (${{ matrix.async_mode }}, ${{ matrix.extra_cflags || 'default' }}) + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - name: Build async examples (no configure) + run: | + make -C examples/async clean + make -C examples/async ASYNC_MODE=${{ matrix.async_mode }} EXTRA_CFLAGS="${{ matrix.extra_cflags }}" + + - name: Run async examples + run: | + set -euo pipefail + + ASYNC_MODE="${{ matrix.async_mode }}" + MIN_PENDING=100 + + run_pair() { + local label="$1" + shift + local args="$*" + local ready="/tmp/wolfssl_async_ready_${label}" + rm -f "$ready" + + WOLFSSL_ASYNC_READYFILE="$ready" \ + ./examples/async/async_server $args \ + > "/tmp/async_server_${label}.log" 2>&1 & + local pid=$! + + WOLFSSL_ASYNC_READYFILE="$ready" \ + ./examples/async/async_client $args 127.0.0.1 11111 \ + > "/tmp/async_client_${label}.log" 2>&1 + local rc=$? + + kill "$pid" >/dev/null 2>&1 || true + wait "$pid" >/dev/null 2>&1 || true + + if [ "$rc" -ne 0 ]; then + echo "FAIL: $label (exit=$rc)" + return 1 + fi + + # Validate WC_PENDING_E count for sw mode only + # cryptocb mode uses callback pending which isn't tracked the same way + if [ "$ASYNC_MODE" = "sw" ]; then + local count + count=$(awk '/WC_PENDING_E count:/ {print $NF}' \ + "/tmp/async_client_${label}.log") + if [ -z "$count" ] || [ "$count" -lt "$MIN_PENDING" ]; then + echo "FAIL: $label - WC_PENDING_E count too low:" \ + "${count:-missing} (expected >= $MIN_PENDING)" + return 1 + fi + echo "PASS: $label (WC_PENDING_E: $count)" + else + echo "PASS: $label (cryptocb mode - connection successful)" + fi + return 0 + } + + # TLS 1.3 + run_pair ecc_tls13 --ecc + run_pair x25519_tls13 --x25519 + + # TLS 1.2 + run_pair ecc_tls12 --tls12 --ecc + run_pair x25519_tls12 --tls12 --x25519 + + # TLS 1.3 mutual auth + run_pair ecc_tls13_mutual --mutual --ecc + run_pair x25519_tls13_mutual --mutual --x25519 + + # TLS 1.2 mutual auth + run_pair ecc_tls12_mutual --mutual --tls12 --ecc + run_pair x25519_tls12_mutual --mutual --tls12 --x25519 + + + - name: Print async logs + if: ${{ failure() }} + run: | + for f in /tmp/async_server_*.log /tmp/async_client_*.log; do + if [ -f "$f" ]; then + echo "==> $f" + cat "$f" + fi + done diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/async.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/async.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/async.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,13 +18,17 @@ matrix: config: [ # Add new configs here + '--enable-asynccrypt --enable-all --enable-dtls13 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', + '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-mlkem CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-asynccrypt --enable-all --enable-dtls13 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', + '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 --disable-pqc-hybrids --enable-tls-mlkem-standalone CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-asynccrypt --enable-all --enable-dtls13 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFCRYPT_TEST_LINT"', '--enable-asynccrypt-sw --enable-ocspstapling --enable-ocspstapling2 CFLAGS="-pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', '--enable-ocsp CFLAGS="-DTEST_NONBLOCK_CERTS -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: @@ -33,7 +37,7 @@ - name: Test wolfSSL async run: | - ./async-check.sh install + ./autogen.sh ./configure ${{ matrix.config }} make check diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/bind.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/bind.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/bind.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/bind.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -44,10 +44,10 @@ fail-fast: false matrix: # List of releases to test - ref: [ 9.18.0, 9.18.28, 9.18.33 ] + ref: [ 9.18.0, 9.18.28, 9.18.33, 9.20.11 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl @@ -66,7 +66,7 @@ export DEBIAN_FRONTEND=noninteractive sudo apt-get update # hostap dependencies - sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev + sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev liburcu-dev - name: Checkout OSP uses: actions/checkout@v4 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cmake-autoconf.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake-autoconf.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cmake-autoconf.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake-autoconf.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,41 @@ +name: WolfSSL CMake Autoconf Interworking Test + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + build: + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + + steps: +# pull wolfSSL + - uses: actions/checkout@v4 + +# install cmake and autotools + - name: Install cmake + run: | + sudo apt-get update + sudo apt-get install -y cmake autoconf automake libtool + +# build and install wolfssl via autotools for CMake consumer test + - name: Build wolfssl with autotools + run: | + ./autogen.sh + ./configure --prefix="$GITHUB_WORKSPACE/install-autoconf" --enable-all + make -j $(nproc) + make install + +# CMake consumer test using the autotools install + - name: CMake consumer test (autotools install) + run: | + mkdir -p cmake/consumer/build + cd cmake/consumer/build + cmake -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/install-autoconf" .. + cmake --build . + ./wolfssl_consumer + cd .. + rm -rf build diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cmake.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cmake.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cmake.yml 2026-05-24 09:58:33.000000000 +0000 @@ -13,7 +13,7 @@ steps: # pull wolfSSL - - uses: actions/checkout@master + - uses: actions/checkout@v4 # install cmake - name: Install cmake @@ -21,24 +21,16 @@ sudo apt-get update sudo apt-get install -y cmake -# pull wolfssl - - name: Checkout wolfssl - uses: actions/checkout@master - with: - repository: wolfssl/wolfssl - path: wolfssl - # build wolfssl - name: Build wolfssl - working-directory: ./wolfssl run: | mkdir build cd build cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \ -DWOLFSSL_16BIT:BOOL=no -DWOLFSSL_32BIT:BOOL=no -DWOLFSSL_AES:BOOL=yes \ - -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes \ + -DWOLFSSL_AESCBC:BOOL=yes -DWOLFSSL_AESCCM:BOOL=yes -DWOLFSSL_AESCFB:BOOL=yes -DWOLFSSL_AESECB:BOOL=yes \ -DWOLFSSL_AESCTR:BOOL=yes -DWOLFSSL_AESGCM:STRING=yes -DWOLFSSL_AESKEYWRAP:BOOL=yes \ - -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \ + -DWOLFSSL_AESOFB:BOOL=yes -DWOLFSSL_AESCTS:BOOL=yes -DWOLFSSL_AESSIV:BOOL=yes -DWOLFSSL_ALIGN_DATA:BOOL=yes \ -DWOLFSSL_ALPN:BOOL=ON -DWOLFSSL_ALT_CERT_CHAINS:BOOL=ON -DWOLFSSL_ARC4:BOOL=yes \ -DWOLFSSL_ARIA:BOOL=no -DWOLFSSL_ASIO:BOOL=no -DWOLFSSL_ASM:BOOL=yes -DWOLFSSL_ASN:BOOL=yes \ -DWOLFSSL_ASYNC_THREADS:BOOL=no -DWOLFSSL_BASE64_ENCODE:BOOL=yes -DWOLFSSL_CAAM:BOOL=no \ @@ -51,7 +43,7 @@ -DWOLFSSL_CURVE448:STRING=yes -DWOLFSSL_DEBUG:BOOL=yes -DWOLFSSL_DES3:BOOL=ON \ -DWOLFSSL_DES3_TLS_SUITES:BOOL=no -DWOLFSSL_DH:STRING=yes -DWOLFSSL_DH_DEFAULT_PARAMS:BOOL=yes \ -DWOLFSSL_DSA:BOOL=yes -DWOLFSSL_DTLS:BOOL=ON -DWOLFSSL_DTLS13:BOOL=yes \ - -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_ECC:STRING=yes \ + -DWOLFSSL_DTLS_CID:BOOL=yes -DWOLFSSL_DTLS_CH_FRAG:BOOL=yes -DWOLFSSL_ECC:STRING=yes \ -DWOLFSSL_ECCCUSTCURVES:STRING=all -DWOLFSSL_ECCSHAMIR:BOOL=yes \ -DWOLFSSL_ECH:BOOL=yes -DWOLFSSL_ED25519:BOOL=yes -DWOLFSSL_ED448:STRING=yes \ -DWOLFSSL_ENCKEYS:BOOL=yes -DWOLFSSL_ENC_THEN_MAC:BOOL=yes -DWOLFSSL_ERROR_QUEUE:BOOL=yes \ @@ -77,24 +69,22 @@ -DWOLFSSL_TICKET_NONCE_MALLOC:BOOL=yes -DWOLFSSL_TLS13:BOOL=yes -DWOLFSSL_TLSV12:BOOL=yes \ -DWOLFSSL_TLSX:BOOL=yes -DWOLFSSL_TPM:BOOL=yes -DWOLFSSL_CLU:BOOL=yes -DWOLFSSL_USER_SETTINGS:BOOL=no \ -DWOLFSSL_USER_SETTINGS_ASM:BOOL=no -DWOLFSSL_WOLFSSH:BOOL=ON -DWOLFSSL_X86_64_BUILD_ASM:BOOL=yes \ - -DWOLFSSL_MLKEM=1 -DWOLFSSL_LMS=1 -DWOLFSSL_LMSSHA256192=1 -DWOLFSSL_EXPERIMENTAL=1 \ - -DWOLFSSL_X963KDF:BOOL=yes \ - -DCMAKE_C_FLAGS="-DWOLFSSL_DTLS_CH_FRAG" \ + -DWOLFSSL_MLKEM:BOOL=yes -DWOLFSSL_LMS:BOOL=yes -DWOLFSSL_LMSSHA256192:BOOL=yes \ + -DWOLFSSL_X963KDF:BOOL=yes -DWOLFSSL_DILITHIUM:BOOL=yes -DWOLFSSL_PKCS11:BOOL=yes \ + -DWOLFSSL_ECCSI:BOOL=yes -DWOLFSSL_SAKKE:BOOL=yes -DWOLFSSL_SIPHASH:BOOL=yes \ + -DWOLFSSL_WC_RSA_DIRECT:BOOL=yes -DWOLFSSL_PUBLIC_MP:BOOL=yes \ + -DWOLFSSL_EXTRA_PQC_HYBRIDS:BOOL=yes -DWOLFSSL_TLS_NO_MLKEM_STANDALONE:BOOL=no \ .. cmake --build . - ctest -j $(nproc) + ctest -j $(nproc) --output-on-failure cmake --install . # clean up cd .. rm -rf build - # Kyber Cmake broken - # -DWOLFSSL_KYBER:BOOL=yes - # build "lean-tls" wolfssl - name: Build wolfssl with lean-tls - working-directory: ./wolfssl run: | mkdir build cd build @@ -105,5 +95,23 @@ cmake --install . # clean up + cd .. + rm -rf build + +# CMake build with user_settings.h + - name: Build wolfssl with user_settings.h + run: | + mkdir build + cp examples/configs/user_settings_all.h ./build/user_settings.h + cd build + cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON -DWOLFSSL_INSTALL=yes -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/install" \ + -DWOLFSSL_USER_SETTINGS=ON -DWOLFSSL_USER_SETTINGS_ASM=ON -DWOLFSSL_EXAMPLES=ON -DWOLFSSL_CRYPT_TESTS=ON \ + -DCMAKE_C_FLAGS="${CMAKE_C_FLAGS} -I ." \ + .. + cmake --build . + ctest -j $(nproc) + cmake --install . + + # clean up cd .. rm -rf build diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/codespell.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/codespell.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/codespell.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/codespell.yml 2026-05-24 09:58:33.000000000 +0000 @@ -14,7 +14,7 @@ jobs: codespell: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -23,7 +23,7 @@ check_filenames: true check_hidden: true # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive) - ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te, + ignore_words_list: adin,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te,HSI,failT, # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored. exclude_file: '.codespellexcludelines' # To skip files entirely from being processed, add it to the following list: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/coverity-scan-fixes.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/coverity-scan-fixes.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/coverity-scan-fixes.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/coverity-scan-fixes.yml 2026-05-24 09:58:33.000000000 +0000 @@ -10,7 +10,7 @@ jobs: coverity: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 with: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/curl.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/curl.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/curl.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/curl.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -40,7 +40,7 @@ test_curl: name: ${{ matrix.curl_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 15 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cyrus-sasl.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cyrus-sasl.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/cyrus-sasl.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/cyrus-sasl.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ ref: [ 2.1.28 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/disable-pk-algs.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/disable-pk-algs.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/disable-pk-algs.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/disable-pk-algs.yml 2026-05-24 09:58:33.000000000 +0000 @@ -36,7 +36,7 @@ ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-Espressif.yml 2026-05-24 09:58:33.000000000 +0000 @@ -15,7 +15,7 @@ espressif_latest: name: latest Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 12 container: @@ -29,7 +29,7 @@ espressif_v4_4: name: v4.4 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 container: image: espressif/idf:release-v4.4 steps: @@ -39,7 +39,7 @@ espressif_v5_0: name: v5.0 Docker container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 container: image: espressif/idf:release-v5.0 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/docker-OpenWrt.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,7 +18,7 @@ build_library: name: Compile libwolfssl.so if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 container: @@ -42,7 +42,7 @@ compile_container: name: Compile container if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 2 needs: build_library diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/fil-c.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/fil-c.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/fil-c.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/fil-c.yml 2026-05-24 09:58:33.000000000 +0000 @@ -28,7 +28,7 @@ # This should be a safe limit for the tests to run. timeout-minutes: 30 if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 name: ${{ matrix.config }} steps: - name: Download fil-c release diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/grpc.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/grpc.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/grpc.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/grpc.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -52,7 +52,7 @@ h2_ssl_cert_test h2_ssl_session_reuse_test name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/haproxy.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -40,7 +40,7 @@ test_haproxy: name: ${{ matrix.haproxy_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 15 needs: build_wolfssl @@ -72,7 +72,7 @@ - name: Download haproxy if needed if: steps.cache-haproxy.outputs.cache-hit != 'true' - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: haproxy/haproxy ref: ${{matrix.haproxy_ref}} @@ -82,12 +82,12 @@ working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} run: make clean && make TARGET=linux-glibc USE_OPENSSL_WOLFSSL=1 SSL_LIB=$GITHUB_WORKSPACE/build-dir/lib SSL_INC=$GITHUB_WORKSPACE/build-dir/include ADDLIB=-Wl,-rpath,$GITHUB_WORKSPACE/build-dir/lib CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address" - # wlallemand/VTest used in v3.1.0 is no longer available - - name: Patch build-vtest.sh for v3.1.0 - if: matrix.haproxy_ref == 'v3.1.0' + # VTest2 has moved off GitHub; use the last known good tag + - name: Patch build-vtest.sh for VTest2 migration working-directory: build-dir/haproxy-${{ matrix.haproxy_ref }}/scripts run: | - sed -i 's|https://github.com/wlallemand/VTest/archive/refs/heads/haproxy-sd_notify.tar.gz|https://github.com/vtest/VTest2/archive/main.tar.gz|' build-vtest.sh + sed -i 's|https://github.com/wlallemand/VTest/archive/refs/heads/haproxy-sd_notify.tar.gz|https://github.com/vtest/VTest2/archive/refs/tags/last.tar.gz|' build-vtest.sh + sed -i 's|https://github.com/vtest/VTest2/archive/main.tar.gz|https://github.com/vtest/VTest2/archive/refs/tags/last.tar.gz|' build-vtest.sh - name: Build haproxy vtest working-directory: build-dir/haproxy-${{matrix.haproxy_ref}} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/hostap-vm.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/hostap-vm.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/hostap-vm.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/hostap-vm.yml 2026-05-24 09:58:33.000000000 +0000 @@ -2,10 +2,14 @@ # START OF COMMON SECTION on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] + workflow_dispatch: # Allows people to run it manually if they want but + # disables it from running automatically when broken +# To restore this to an auto test delete the above workflow_dispatch line and +# comments and uncomment the below lines for push and pull_request +# push: +# branches: [ 'master', 'main', 'release/**' ] +# pull_request: +# branches: [ '*' ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -80,7 +84,7 @@ - name: Checkout hostap if: steps.cache.outputs.cache-hit != 'true' - run: git clone git://w1.fi/hostap.git hostap + run: git clone https://w1.fi/hostap.git hostap build_uml_linux: name: Build UML (UserMode Linux) @@ -232,6 +236,7 @@ working-directory: hostap/tests/hwsim/auth_serv run: | ./update.sh + ./sha512-generate.sh # Force regeneration of rsa3072-ca.key to get rsa3072-generate.sh to # correctly update all the certs rm rsa3072-ca.key @@ -331,6 +336,10 @@ rm -r /tmp/hwsim-test-logs done < $GITHUB_WORKSPACE/wolfssl/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests + - name: show errors + if: ${{ failure() && steps.testing.outcome == 'failure' }} + run: grep -riP 'fail|error' /tmp/hwsim-test-logs/latest + # The logs are quite big. It hasn't been useful so far so let's not waste # precious gh space. #- name: zip logs diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/intelasm-c-fallback.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/intelasm-c-fallback.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/intelasm-c-fallback.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/intelasm-c-fallback.yml 2026-05-24 09:58:33.000000000 +0000 @@ -22,7 +22,7 @@ ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ipmitool.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ipmitool.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ipmitool.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ipmitool.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,7 +18,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,11 +48,11 @@ git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_wolfssl steps: - name: Install dependencies - run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline8 + run: export DEBIAN_FRONTEND=noninteractive && sudo apt-get update && sudo apt-get install -y libreadline-dev - name: Download lib uses: actions/download-artifact@v4 with: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/jwt-cpp.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/jwt-cpp.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/jwt-cpp.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/jwt-cpp.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,9 +47,9 @@ matrix: config: - ref: 0.7.0 - runner: ubuntu-22.04 + runner: ubuntu-24.04 - ref: 0.6.0 - runner: ubuntu-22.04 + runner: ubuntu-24.04 name: ${{ matrix.config.ref }} runs-on: ${{ matrix.config.runner }} needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libspdm.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libspdm.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libspdm.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libspdm.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ ref: [ 3.7.0 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libssh2.yml 2026-05-24 09:58:33.000000000 +0000 @@ -67,16 +67,21 @@ ref: libssh2-${{ matrix.ref }} path: libssh2 + - name: Update libssh2 test to use a stable version of debian + working-directory: libssh2 + run: | + sed -i 's/testing-slim/oldstable-slim/' tests/openssh_server/Dockerfile + - name: Build libssh2 working-directory: libssh2 run: | autoreconf -fi ./configure --with-crypto=wolfssl --with-libwolfssl-prefix=$GITHUB_WORKSPACE/build-dir + make -j - - name: Update libssh2 test to use a stable version of debian + - name: Pre-build Docker image to avoid concurrent docker build race working-directory: libssh2 - run: | - sed -i 's/testing-slim/oldstable-slim/' tests/openssh_server/Dockerfile + run: docker build -t libssh2/openssh_server tests/openssh_server - name: Run libssh2 tests working-directory: libssh2 @@ -85,6 +90,6 @@ - name: Confirm libssh2 built with wolfSSL run: ldd libssh2/src/.libs/libssh2.so | grep wolfssl - - name: print server logs + - name: print test logs if: ${{ failure() }} run: tail -n +1 libssh2/tests/*.log diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libvncserver.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libvncserver.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/libvncserver.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/libvncserver.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -47,7 +47,7 @@ ref: [ 0.9.13, 0.9.14 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_wolfssl steps: - name: Download lib diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/linuxkm.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/linuxkm.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/linuxkm.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/linuxkm.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,8 +17,8 @@ strategy: matrix: config: [ - 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384', - 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384' + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-lkcapi-register=all --enable-all --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --enable-dual-alg-certs --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-testcert --enable-all-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384', + 'EXTRA_CPPFLAGS=-Werror --enable-option-checking=fatal --enable-linuxkm --enable-linuxkm-pie --enable-reproducible-build --enable-linuxkm-lkcapi-register=all --enable-all-crypto --enable-cryptonly --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-experimental --disable-qt --disable-quic --with-sys-crypto-policy=no --disable-opensslextra --disable-testcert --enable-intelasm --disable-sp-asm --enable-crypttests --enable-linuxkm-benchmarks CFLAGS="-DWOLFSSL_LINUXKM_VERBOSE_DEBUG -DDEBUG_LINUXKM_PIE_SUPPORT -Wframe-larger-than=2048 -Wstack-usage=4096 -DBENCH_EMBEDDED -DBENCH_MIN_RUNTIME_SEC=0.01 -DBENCH_NTIMES=1 -DBENCH_AGREETIMES=1" --with-max-rsa-bits=16384' ] name: build module if: github.repository_owner == 'wolfssl' diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/memcached.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/memcached.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/memcached.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/memcached.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 @@ -48,7 +48,7 @@ - ref: 1.6.22 name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_wolfssl steps: - name: Download lib diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/mosquitto.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/mosquitto.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/mosquitto.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/mosquitto.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL # Just to keep it the same as the testing target if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -45,7 +45,7 @@ ref: [ 2.0.18 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/msmtp.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msmtp.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/msmtp.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msmtp.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,108 @@ +name: msmtp Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + # Just to keep it the same as the testing target + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-opensslextra --enable-opensslall + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-msmtp + path: build-dir.tgz + retention-days: 5 + + msmtp_check: + strategy: + fail-fast: false + matrix: + ref: [ 1.8.28 ] + name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + needs: build_wolfssl + steps: + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-msmtp + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + autoconf automake libtool pkg-config gettext \ + libidn2-dev libsecret-1-dev autopoint + + - name: Checkout msmtp + uses: actions/checkout@v4 + with: + repository: marlam/msmtp + ref: msmtp-${{ matrix.ref }} + path: msmtp-${{ matrix.ref }} + + - name: Apply wolfSSL patch + working-directory: msmtp-${{ matrix.ref }} + run: patch -p1 < $GITHUB_WORKSPACE/osp/msmtp/${{ matrix.ref }}/wolfssl-msmtp-${{ matrix.ref }}.patch + + - name: Regenerate build system + working-directory: msmtp-${{ matrix.ref }} + run: autoreconf -ivf + + - name: Configure msmtp with wolfSSL + working-directory: msmtp-${{ matrix.ref }} + run: | + PKG_CONFIG_PATH=$GITHUB_WORKSPACE/build-dir/lib/pkgconfig \ + ./configure --with-tls=wolfssl + + - name: Build msmtp + working-directory: msmtp-${{ matrix.ref }} + run: make -j$(nproc) + + - name: Run msmtp tests + working-directory: msmtp-${{ matrix.ref }} + run: LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib make check + + - name: Confirm msmtp built with wolfSSL + run: ldd msmtp-${{ matrix.ref }}/src/msmtp | grep wolfssl + + - name: Print test logs on failure + if: ${{ failure() }} + run: tail -n +1 msmtp-${{ matrix.ref }}/tests/*.log diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/msys2.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msys2.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/msys2.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/msys2.yml 2026-05-24 09:58:33.000000000 +0000 @@ -20,7 +20,7 @@ run: shell: msys2 {0} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: msys2/setup-msys2@v2 with: msystem: msys diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/multi-compiler.yml 2026-05-24 09:58:33.000000000 +0000 @@ -31,18 +31,12 @@ - CC: gcc-12 CXX: g++-12 OS: ubuntu-24.04 - - CC: clang-11 - CXX: clang++-11 - OS: ubuntu-22.04 - - CC: clang-12 - CXX: clang++-12 - OS: ubuntu-22.04 - - CC: clang-13 - CXX: clang++-13 - OS: ubuntu-22.04 - CC: clang-14 CXX: clang++-14 OS: ubuntu-24.04 + - CC: clang-19 + CXX: clang++-19 + OS: ubuntu-24.04 if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.OS }} # This should be a safe limit for the tests to run. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/net-snmp.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/net-snmp.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/net-snmp.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/net-snmp.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ test_opts: -e 'agentxperl' name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/nginx.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nginx.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/nginx.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nginx.yml 2026-05-24 09:58:33.000000000 +0000 @@ -12,12 +12,16 @@ cancel-in-progress: true # END OF COMMON SECTION +# clang has better sanitizer support +env: + CC: clang + jobs: build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -31,7 +35,8 @@ uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-nginx ${{ env.wolf_debug_flags }} + configure: >- + --enable-nginx --enable-curve25519 --enable-ed25519 ${{ env.wolf_debug_flags }} install: true - name: tar build-dir @@ -50,6 +55,41 @@ matrix: include: # in general we want to pass all tests that match *ssl* + - ref: 1.28.1 + test-ref: 0fccfcef1278263416043e0bbb3e0116b84026e4 + # Following tests pass with sanitizer on + sanitize-ok: >- + h2_ssl_proxy_cache.t h2_ssl.t h2_ssl_variables.t + h2_ssl_verify_client.t mail_imap_ssl.t mail_ssl_session_reuse.t + mail_ssl.t proxy_ssl_certificate_cache.t + proxy_ssl_certificate_empty.t proxy_ssl_certificate.t + proxy_ssl_certificate_vars.t proxy_ssl_name.t ssl_cache_reload.t + ssl_certificate_aux.t ssl_certificate_cache.t + ssl_certificate_chain.t ssl_certificates.t ssl_certificate.t + ssl_client_escaped_cert.t ssl_crl.t ssl_curve.t ssl_ocsp.t + ssl_password_file.t ssl_proxy_upgrade.t ssl_reject_handshake.t + ssl_session_reuse.t ssl_session_ticket_key.t ssl_sni_protocols.t + ssl_sni_reneg.t ssl_sni_sessions.t ssl_sni.t ssl_stapling.t ssl.t + ssl_verify_client.t ssl_verify_client_trusted.t ssl_verify_depth.t + stream_proxy_ssl_certificate_cache.t stream_proxy_ssl_certificate.t + stream_proxy_ssl_certificate_vars.t + stream_proxy_ssl_name_complex.t stream_proxy_ssl_name.t + stream_ssl_alpn.t stream_ssl_certificate_cache.t + stream_ssl_certificate.t stream_ssl_ocsp.t stream_ssl_preread_alpn.t + stream_ssl_preread_protocol.t stream_ssl_preread.t + stream_ssl_reject_handshake.t stream_ssl_session_reuse.t + stream_ssl_sni_protocols.t stream_ssl_stapling.t stream_ssl.t + stream_ssl_variables.t stream_ssl_verify_client.t + stream_upstream_zone_ssl.t upstream_zone_ssl.t + uwsgi_ssl_certificate.t uwsgi_ssl_certificate_vars.t + # Following tests do not pass with sanitizer on (with OpenSSL too) + sanitize-not-ok: >- + grpc_ssl.t h2_proxy_request_buffering_ssl.t h2_proxy_ssl.t + proxy_request_buffering_ssl.t proxy_ssl_conf_command.t + proxy_ssl_keepalive.t proxy_ssl.t proxy_ssl_verify.t ssl_cache.t + stream_proxy_protocol_ssl.t stream_proxy_ssl_conf_command.t + stream_proxy_ssl.t stream_proxy_ssl_verify.t + - ref: 1.25.0 test-ref: 5b2894ea1afd01a26c589ce11f310df118e42592 # Following tests pass with sanitizer on @@ -107,7 +147,7 @@ stream_proxy_ssl_verify.t name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 needs: build_wolfssl @@ -120,30 +160,19 @@ - name: untar build-dir run: tar -xf build-dir.tgz - - name: Install dependencies - run: | - sudo cpan -iT Proc::Find + - name: Openssl version + run: openssl version -a - # Locking in the version of SSLeay used with testing - - name: Download and install Net::SSLeay 1.94 manually - run: | - curl -LO https://www.cpan.org/modules/by-module/Net/CHRISN/Net-SSLeay-1.94.tar.gz - tar -xzf Net-SSLeay-1.94.tar.gz - cd Net-SSLeay-1.94 - perl Makefile.PL - make - sudo make install + - name: Setup Perl environment + uses: shogo82148/actions-setup-perl@v1 + with: + perl-version: '5.38.2' # SSL version 2.091 changes '' return to undef causing test case to fail. # Locking in the test version to use as 2.090 - - name: Download and install IO::Socket::SSL 2.090 manually + - name: Install dependencies run: | - curl -LO https://www.cpan.org/modules/by-module/IO/IO-Socket-SSL-2.090.tar.gz - tar -xzf IO-Socket-SSL-2.090.tar.gz - cd IO-Socket-SSL-2.090 - perl Makefile.PL - make - sudo make install + cpanm --notest Proc::Find Net::SSLeay@1.94 IO::Socket::SSL@2.090 - name: Checkout wolfssl-nginx uses: actions/checkout@v4 @@ -211,10 +240,6 @@ run: | echo "nginx_c_flags=-O0" >> $GITHUB_ENV - - name: workaround high-entropy ASLR - # not needed after either an update to llvm or runner is done - run: sudo sysctl vm.mmap_rnd_bits=28 - - name: Build nginx with sanitizer working-directory: nginx run: | @@ -229,19 +254,16 @@ working-directory: nginx run: ldd objs/nginx | grep wolfssl - - if: ${{ runner.debug }} - name: Run nginx-tests with sanitizer (debug) + - name: Create LSAN suppression file working-directory: nginx-tests run: | - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \ - TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y \ - TEST_NGINX_BINARY=../nginx/objs/nginx prove -v ${{ matrix.sanitize-ok }} + echo "leak:ngx_worker_process_init" > lsan.supp - if: ${{ !runner.debug }} name: Run nginx-tests with sanitizer working-directory: nginx-tests run: | LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib \ + LSAN_OPTIONS=suppressions=$GITHUB_WORKSPACE/nginx-tests/lsan.supp \ TMPDIR=$GITHUB_WORKSPACE TEST_NGINX_BINARY=../nginx/objs/nginx \ prove ${{ matrix.sanitize-ok }} - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/no-malloc.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-malloc.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/no-malloc.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-malloc.yml 2026-05-24 09:58:33.000000000 +0000 @@ -19,10 +19,12 @@ config: [ # Add new configs here '--enable-rsa --enable-keygen --disable-dh CFLAGS="-DWOLFSSL_NO_MALLOC -DRSA_MIN_SIZE=1024 -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-ecc --enable-rsa --enable-keygen --enable-ed25519 --enable-curve25519 --enable-ed448 --enable-curve448 --enable-mlkem CFLAGS="-DWOLFSSL_NO_MALLOC -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-ecc --enable-rsa --enable-keygen --enable-ed25519 --enable-curve25519 --enable-ed448 --enable-curve448 --enable-mlkem --enable-staticmemory CFLAGS="-DWOLFSSL_NO_MALLOC -pedantic -Wdeclaration-after-statement -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/no-tls.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-tls.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/no-tls.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/no-tls.yml 2026-05-24 09:58:33.000000000 +0000 @@ -22,7 +22,7 @@ ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/nss.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nss.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/nss.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/nss.yml 2026-05-24 09:58:33.000000000 +0000 @@ -21,7 +21,7 @@ build_nss: name: Build nss if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 30 steps: @@ -60,7 +60,7 @@ nss_test: name: Test interop with nss if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_nss timeout-minutes: 10 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ntp.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ntp.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ntp.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ntp.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -44,10 +44,10 @@ fail-fast: false matrix: # List of releases to test - ref: [ 4.2.8p15, 4.2.8p17 ] + ref: [ 4.2.8p15, 4.2.8p17, 4.2.8p18 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ocsp.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ocsp.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/ocsp.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/ocsp.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ ocsp_stapling: name: ocsp stapling if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - name: Checkout wolfSSL diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openldap.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openldap.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openldap.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openldap.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -49,9 +49,11 @@ git_ref: OPENLDAP_REL_ENG_2_5_13 - osp_ref: 2.6.7 git_ref: OPENLDAP_REL_ENG_2_6_7 + - osp_ref: 2.6.9 + git_ref: OPENLDAP_REL_ENG_2_6_9 name: ${{ matrix.osp_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 20 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openssh.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssh.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openssh.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssh.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -71,7 +71,7 @@ connection-timeout name: ${{ matrix.osp_ver }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_wolfssl steps: - name: Download lib diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openssl-ech.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssl-ech.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openssl-ech.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openssl-ech.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,165 @@ +name: OpenSSL ECH Interop Test + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 4 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: >- + --enable-ech --enable-sha512 --enable-aes CFLAGS='-DUSE_FLAT_TEST_H' + install: true + + - name: tar build-dir + run: | + # need server.h and client.h which are not installed normally + cp "$GITHUB_WORKSPACE/wolfssl/examples/server/server.h" \ + build-dir/share/doc/wolfssl/example/server.h + cp "$GITHUB_WORKSPACE/wolfssl/examples/client/client.h" \ + build-dir/share/doc/wolfssl/example/client.h + + # need certs so 'wolfSSL error: wolf root not found' does not show up + cp -r "$GITHUB_WORKSPACE/wolfssl/certs" build-dir/certs + + # need the ech script to run tests + cp "$GITHUB_WORKSPACE/wolfssl/.github/scripts/openssl-ech.sh" \ + build-dir/openssl-ech.sh + + tar -zcf build-dir.tgz build-dir + + - name: Upload built wolfSSL + uses: actions/upload-artifact@v4 + with: + name: wolf-install-openssl-ech + path: build-dir.tgz + retention-days: 5 + + build_openssl_ech: + name: Build OpenSSL (feature/ech) + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 10 + steps: + - name: Checkout OpenSSL feature/ech branch + uses: actions/checkout@v4 + with: + repository: openssl/openssl + ref: feature/ech + path: openssl + + - name: Build OpenSSL + working-directory: openssl + run: | + ./Configure --prefix=$GITHUB_WORKSPACE/openssl-install \ + --openssldir=$GITHUB_WORKSPACE/openssl-install/ssl \ + enable-ech no-docs + make -j$(nproc) + make install_sw + + - name: tar openssl-install + run: tar -zcf openssl-install.tgz openssl-install + + - name: Upload built OpenSSL + uses: actions/upload-artifact@v4 + with: + name: openssl-ech-install + path: openssl-install.tgz + retention-days: 5 + + ech_interop_test: + name: ECH Interop Test + if: github.repository_owner == 'wolfssl' + needs: [build_wolfssl, build_openssl_ech] + runs-on: ubuntu-24.04 + timeout-minutes: 10 + steps: + - name: Download wolfSSL build + uses: actions/download-artifact@v4 + with: + name: wolf-install-openssl-ech + + - name: Download OpenSSL build + uses: actions/download-artifact@v4 + with: + name: openssl-ech-install + + - name: Extract builds + run: | + tar -xzf build-dir.tgz + tar -xzf openssl-install.tgz + + - name: Build wolfssl client and server examples + run: | + export WOLFSSL_INSTALL_DIR="$GITHUB_WORKSPACE/build-dir" + export WOLFSSL_BIN_DIR="$WOLFSSL_INSTALL_DIR/bin" + export CFLAGS="-Wall -I$WOLFSSL_INSTALL_DIR/include" + export LIBS="-L$WOLFSSL_INSTALL_DIR/lib -lm -lwolfssl" + export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib/:$LD_LIBRARY_PATH" + + gcc -o "$WOLFSSL_BIN_DIR/client" \ + "$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example/client.c" \ + $CFLAGS $LIBS -I"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example" + + gcc -o "$WOLFSSL_BIN_DIR/server" \ + "$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example/server.c" \ + $CFLAGS $LIBS -I"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example" + + - name: Interop test + run: | + set -e + + export LD_LIBRARY_PATH="$GITHUB_WORKSPACE/openssl-install/lib64:$GITHUB_WORKSPACE/openssl-install/lib:$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH" + + export OPENSSL="$GITHUB_WORKSPACE/openssl-install/bin/openssl" + export WOLFSSL_CLIENT="$GITHUB_WORKSPACE/build-dir/bin/client" + export WOLFSSL_SERVER="$GITHUB_WORKSPACE/build-dir/bin/server" + export CERT_DIR="$GITHUB_WORKSPACE/build-dir/certs" + LOG_FILE="$GITHUB_WORKSPACE/log_file.log" + + # need to cd into build-dir so the certs/ dir is available for server + cd build-dir + + $OPENSSL version | tee "$LOG_FILE" + + # default suite (DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, HPKE_AES_128_GCM) + echo -e "\nTesting default suite with OpenSSL server and wolfSSL client\n" &>> "$LOG_FILE" + bash ./openssl-ech.sh server &>> "$LOG_FILE" + + echo -e "\nTesting default suite with OpenSSL client and wolfSSL server\n" &>> "$LOG_FILE" + bash ./openssl-ech.sh client &>> "$LOG_FILE" + + # weird suite (DHKEM_P521_HKDF_SHA512, HKDF_SHA256, HPKE_AES_256_GCM) + echo -e "\nTesting weird suite with OpenSSL server and wolfSSL client\n" &>> "$LOG_FILE" + bash ./openssl-ech.sh server --suite "18,1,2" &>> "$LOG_FILE" + + echo -e "\nTesting weird suite with OpenSSL client and wolfSSL server\n" &>> "$LOG_FILE" + bash ./openssl-ech.sh client --suite "18,1,2" &>> "$LOG_FILE" + + # cleanup + rm -f "$LOG_FILE" + + - name: Print debug info on failure + if: ${{ failure() }} + run: | + if [ -s "$GITHUB_WORKSPACE/log_file.log" ]; then + cat "$GITHUB_WORKSPACE/log_file.log" + else + echo "No log file" + fi diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/opensslcoexist.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/opensslcoexist.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/opensslcoexist.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/opensslcoexist.yml 2026-05-24 09:58:33.000000000 +0000 @@ -23,7 +23,7 @@ ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/openvpn.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -42,11 +42,12 @@ strategy: fail-fast: false matrix: - # List of refs to test - ref: [ release/2.6, master ] + # Pinned refs: avoid OpenVPN master until wolfSSL adds any new OpenSSL + # APIs it adopts (e.g. BN_bn2binpad). release/2.6 + latest stable tag. + ref: [ release/2.6, v2.6.19 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/os-check.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/os-check.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/os-check.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/os-check.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-24.04, macos-latest ] config: [ # Add new configs here '', @@ -38,6 +38,12 @@ '--enable-experimental --enable-kyber --enable-dtls --enable-dtls13 --enable-dtls-frag-ch', '--enable-all --enable-dtls13 --enable-dtls-frag-ch', + '--enable-all --enable-dtls13 --enable-dtls-frag-ch --disable-mlkem', + '--enable-all --enable-dtls13 --enable-dtls-frag-ch + --enable-tls-mlkem-standalone', + '--enable-all --enable-dtls13 --enable-dtls-frag-ch + --enable-tls-mlkem-standalone --enable-experimental + --enable-extra-pqc-hybrids', '--enable-dtls --enable-dtls13 --enable-dtls-frag-ch --enable-dtls-mtu', '--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation @@ -53,18 +59,47 @@ '--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB', '--enable-opensslall --enable-opensslextra CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ', + # PKCS#7 with RSA-PSS (CMS RSASSA-PSS signers) + '--enable-pkcs7 CPPFLAGS=-DWC_RSA_PSS', + # PKCS#7 without RSA-PSS + '--enable-pkcs7', '--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ', '--enable-opensslextra=x509small', 'CPPFLAGS=''-DWOLFSSL_EXTRA'' ', '--enable-lms=small,verify-only --enable-xmss=small,verify-only', '--disable-sys-ca-certs', '--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ', - '--enable-all CFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"', + '--enable-all CPPFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"', '--enable-coding=no', '--enable-dtls --enable-dtls13 --enable-ocspstapling --enable-ocspstapling2 --enable-cert-setup-cb --enable-sessioncerts', + '--enable-dtls --enable-dtls13 --enable-tls13 + CPPFLAGS=-DWOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC', '--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info', 'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY', + '--enable-all --enable-certgencache', + '--enable-sessionexport --enable-dtls --enable-dtls13', + '--enable-sessionexport', + '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', + '--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"', + '--enable-all --enable-dilithium --enable-cryptocb --enable-cryptocbutils --enable-pkcallbacks', + '--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"', + '--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC', + 'CPPFLAGS=-DNO_WOLFSSL_CLIENT', + 'CPPFLAGS=-DNO_WOLFSSL_SERVER', + 'CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH', + 'CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''', + 'CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''', + '--enable-all CPPFLAGS=-DNO_WOLFSSL_CLIENT', + '--enable-all CPPFLAGS=-DNO_WOLFSSL_SERVER', + '--enable-all CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH', + '--enable-all CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''', + '--enable-all CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''', + '--enable-curve25519=nonblock --enable-ecc=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK"', + '--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"', + '--enable-ocsp --enable-ocsp-responder --enable-ocspstapling CPPFLAGS="-DWOLFSSL_NONBLOCK_OCSP" --enable-maxfragment', + '--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP', + '--enable-all --enable-writedup', ] name: make check if: github.repository_owner == 'wolfssl' @@ -82,7 +117,7 @@ strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-24.04, macos-latest ] user-settings: [ # Add new user_settings.h here 'examples/configs/user_settings_all.h', @@ -104,15 +139,27 @@ strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-24.04, macos-latest ] user-settings: [ - # Add new user_settings.h here + # Add new user_settings.h here (alphabetical order) + 'examples/configs/user_settings_ca.h', + 'examples/configs/user_settings_dtls13.h', + 'examples/configs/user_settings_EBSnet.h', 'examples/configs/user_settings_eccnonblock.h', + 'examples/configs/user_settings_curve25519nonblock.h', 'examples/configs/user_settings_min_ecc.h', + 'examples/configs/user_settings_openssl_compat.h', + 'examples/configs/user_settings_pkcs7.h', + 'examples/configs/user_settings_rsa_only.h', + 'examples/configs/user_settings_template.h', + 'examples/configs/user_settings_tls12.h', + 'examples/configs/user_settings_tls13.h', 'examples/configs/user_settings_wolfboot_keytools.h', - 'examples/configs/user_settings_wolftpm.h', 'examples/configs/user_settings_wolfssh.h', - 'examples/configs/user_settings_tls12.h', + 'examples/configs/user_settings_wolftpm.h', + # Not included (require special setup): + # - user_settings_pq.h: Requires --enable-experimental + # - user_settings_baremetal.h: Requires static memory, custom platform ] name: make user_setting.h (testwolfcrypt only) if: github.repository_owner == 'wolfssl' @@ -135,7 +182,7 @@ strategy: fail-fast: false matrix: - os: [ ubuntu-22.04, macos-latest ] + os: [ ubuntu-24.04, macos-latest ] name: make user_setting.h (with sed) if: github.repository_owner == 'wolfssl' runs-on: ${{ matrix.os }} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/packaging.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/packaging.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/packaging.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/packaging.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ build_wolfssl: name: Package wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/pam-ipmi.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pam-ipmi.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/pam-ipmi.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pam-ipmi.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,7 +18,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -48,7 +48,7 @@ git_ref: [ e4b13e6725abb178f62ee897fe1c0e81b06a9431 ] name: ${{ matrix.git_ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: build_wolfssl steps: - name: Install dependencies diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/pq-all.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pq-all.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/pq-all.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/pq-all.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,14 +18,28 @@ matrix: config: [ # Add new configs here + '--disable-shared --enable-dilithium --enable-mlkem CFLAGS="-fsanitize=undefined -fno-sanitize-recover=undefined -fno-omit-frame-pointer" LDFLAGS="-fsanitize=undefined" CPPFLAGS="-DWOLFSSL_DILITHIUM_ALIGNMENT=4"', '--enable-intelasm --enable-sp-asm --enable-mlkem=yes,kyber,ml-kem CPPFLAGS="-DWOLFSSL_ML_KEM_USE_OLD_IDS"', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', - '--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', - '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-kyber=yes,original --enable-lms --enable-xmss --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++' + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-smallstack --enable-smallstackcache --enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" CC=c++', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_BLIND_PRIVATE_KEY"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ"', + '--disable-intelasm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', + '--disable-intelasm --enable-smallstack --enable-smallstackcache --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem,small --enable-lms=yes,small --enable-xmss=yes,small --enable-slhdsa=yes,small --enable-dilithium=yes,small --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_NO_LARGE_CODE -DWOLFSSL_DILITHIUM_SIGN_SMALL_MEM -DWOLFSSL_DILITHIUM_VERIFY_SMALL_MEM -DWOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM -DWOLFSSL_DILITHIUM_NO_LARGE_CODE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,512 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,768 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-mlkem=make,enc,dec,1024 --enable-tls-mlkem-standalone --disable-pqc-hybrids --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', + '--enable-intelasm --enable-sp-asm --enable-all --enable-testcert --enable-acert --enable-dtls13 --enable-dtls-mtu --enable-dtls-frag-ch --enable-dtlscid --enable-quic --with-sys-crypto-policy --enable-experimental --enable-mlkem=yes,kyber,ml-kem --enable-lms --enable-xmss --enable-slhdsa --enable-dilithium=yes,no-ctx --enable-dual-alg-certs --disable-qt CPPFLAGS="-pedantic -Wdeclaration-after-statement -DWOLFCRYPT_TEST_LINT -DNO_WOLFSSL_CIPHER_SUITE_TEST -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE"', ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/psk.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/psk.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/psk.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/psk.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,13 +18,14 @@ matrix: config: [ # Add new configs here - '--enable-psk C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-rsa --disable-ecc --disable-dh', - '--disable-oldtls --disable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all', - '--disable-oldtls --disable-tlsv12 --enable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all' + '--enable-psk --disable-mlkem C_EXTRA_FLAGS="-DWOLFSSL_STATIC_PSK -DWOLFSSL_OLDTLS_SHA2_CIPHERSUITES"', + '--enable-psk --disable-mlkem C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --disable-rsa --disable-ecc --disable-dh', + '--disable-oldtls --disable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all --disable-mlkem', + '--disable-oldtls --disable-tlsv12 --enable-tls13 --enable-psk -disable-rsa --disable-dh -disable-ecc --disable-asn C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK --enable-lowresource --enable-singlethreaded --disable-asm --disable-errorstrings --disable-pkcs12 --disable-sha3 --disable-sha224 --disable-sha384 --disable-sha512 --disable-sha --disable-md5 -disable-aescbc --disable-chacha --disable-poly1305 --disable-coding --disable-sp-math-all --disable-mlkem' ] name: make check if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/python.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/python.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/python.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/python.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,142 @@ +name: Python Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: >- + --enable-all --enable-tlsv10 + 'CPPFLAGS=-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON' + check: false + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-python + path: build-dir.tgz + retention-days: 5 + + python_check: + strategy: + fail-fast: false + matrix: + include: + - python_ver: 3.12.11 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + - python_ver: 3.13.4 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + - python_ver: 3.13.7 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + name: Python ${{ matrix.python_ver }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 60 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + build-essential autoconf automake autoconf-archive pkgconf \ + libffi-dev libbz2-dev libreadline-dev libsqlite3-dev \ + zlib1g-dev libncursesw5-dev libgdbm-dev libnss3-dev \ + liblzma-dev uuid-dev pkg-config + + - name: Download wolfSSL + uses: actions/download-artifact@v4 + with: + name: wolf-install-python + + - name: Untar wolfSSL build + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout CPython + uses: actions/checkout@v4 + with: + repository: python/cpython + ref: v${{ matrix.python_ver }} + path: cpython + + - name: Apply wolfSSL patch + working-directory: cpython + run: patch -p1 < $GITHUB_WORKSPACE/osp/Python/wolfssl-python-${{ matrix.python_ver }}.patch + + - name: Build CPython and run SSL and crypto tests + working-directory: cpython + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + rm -f aclocal.m4 + autoreconf -if + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir + make -j test TESTOPTS="-v ${{ matrix.tests }}" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/renode-stm32h753.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/renode-stm32h753.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/renode-stm32h753.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/renode-stm32h753.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,271 @@ +name: Renode STM32H753 Test + +# Platform-specific configuration +# To add a new platform, create a new workflow file based on this template +# and update these variables for the target MCU +env: + PLATFORM_NAME: stm32h753 + PLATFORM_DISPLAY_NAME: STM32H753 + CMSIS_DEVICE_REPO: cmsis-device-h7 + CMSIS_DEVICE_PATH: /opt/cmsis-device-h7 + CMSIS_DEVICE_CACHE_KEY: cmsis-device-h7-v1 + STM32CUBE_REPO: STM32CubeH7 + STM32CUBE_BRANCH: v1.11.2 + STM32CUBE_PATH: /opt/STM32CubeH7 + STM32CUBE_CACHE_KEY: stm32cubeh7-v1.11.2-v1 + HAL_CONFIG_FILE: stm32h7xx_hal_conf.h + HAL_DRIVER_INC_PATH: STM32H7xx_HAL_Driver/Inc + HAL_DRIVER_SRC_PATH: STM32H7xx_HAL_Driver/Src + RENODE_PLATFORM_NAME: stm32h753 + RENODE_REPL_PATH: platforms/cpus/stm32h753.repl + RENODE_TEST_DIR: .github/renode-test/stm32h753 + +on: + push: + branches: [ main, master, develop ] + pull_request: + branches: [ main, master, develop ] + workflow_dispatch: + +jobs: + test: + runs-on: ubuntu-latest + timeout-minutes: 30 + + steps: + - name: Checkout wolfSSL + uses: actions/checkout@v4 + + - name: Set up build environment + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + cmake \ + ninja-build \ + python3 \ + git \ + gcc-arm-none-eabi \ + libnewlib-arm-none-eabi \ + libstdc++-arm-none-eabi-newlib \ + wget \ + unzip + + - name: Cache CMSIS Device + id: cache-cmsis-device + uses: actions/cache@v4 + with: + path: ${{ env.CMSIS_DEVICE_PATH }} + key: ${{ env.CMSIS_DEVICE_CACHE_KEY }} + restore-keys: | + ${{ env.CMSIS_DEVICE_CACHE_KEY }}- + + - name: Cache CMSIS 5 + id: cache-cmsis-5 + uses: actions/cache@v4 + with: + path: /opt/CMSIS_5 + key: cmsis-5-v1 + restore-keys: | + cmsis-5- + + - name: Cache STM32Cube + id: cache-stm32cube + uses: actions/cache@v4 + with: + path: ${{ env.STM32CUBE_PATH }} + key: ${{ env.STM32CUBE_CACHE_KEY }} + restore-keys: | + ${{ env.STM32CUBE_CACHE_KEY }}- + + - name: Cache Renode + id: cache-renode + uses: actions/cache@v4 + with: + path: /opt/renode + key: renode-1.15.3-v1 + restore-keys: | + renode-1.15.3- + + - name: Install Renode dependencies + run: | + # Install Mono and other dependencies needed for Renode (always needed, even when cached) + sudo apt-get install -y --no-install-recommends \ + mono-runtime \ + libmono-cil-dev \ + screen \ + policykit-1 || true + + - name: Install Renode (if not cached) + if: steps.cache-renode.outputs.cache-hit != 'true' + run: | + # Install Renode by extracting .deb (avoids GUI dependency issues for headless use) + cd /tmp + wget -q https://github.com/renode/renode/releases/download/v1.15.3/renode_1.15.3_amd64.deb + # Extract the .deb file + dpkg-deb -x renode_1.15.3_amd64.deb /tmp/renode-extract + # Copy Renode files to system locations + sudo mkdir -p /opt/renode + sudo cp -r /tmp/renode-extract/opt/renode/* /opt/renode/ || true + sudo cp -r /tmp/renode-extract/usr/* /usr/ || true + # Create symlink for easy access + if [ -f /opt/renode/renode ]; then + sudo ln -sf /opt/renode/renode /usr/local/bin/renode + elif [ -f /usr/bin/renode ]; then + echo "Renode already in PATH at /usr/bin/renode" + fi + # Cleanup + rm -rf /tmp/renode-extract renode_1.15.3_amd64.deb + + - name: Setup Renode symlinks and permissions + run: | + # When Renode is cached, we need to recreate /usr/bin/renode wrapper script + # The /usr/bin/renode is a wrapper that checks Mono and calls /opt/renode/bin/Renode.exe + if [ -d /opt/renode ] && [ ! -x /usr/bin/renode ]; then + echo "Renode cached but /usr/bin/renode wrapper missing, recreating..." + # Create the wrapper script + sudo bash -c 'cat > /usr/bin/renode << '\''SCRIPT_EOF'\'' + #!/bin/sh + MONOVERSION=5.20 + REQUIRED_MAJOR=5 + REQUIRED_MINOR=20 + + LAUNCHER=mono + + if ! [ -x "$(command -v $LAUNCHER)" ] + then + echo "$LAUNCHER not found. Renode requires Mono $MONOVERSION or newer. Please refer to documentation for installation instructions. Exiting!" + exit 1 + fi + + # Check installed mono version + INSTALLED_MONO=`$LAUNCHER --version | head -n1 | cut -d'\'' '\'' -f5` + INSTALLED_MONO_MAJOR=`echo $INSTALLED_MONO | cut -d'\''.'\'' -f1` + INSTALLED_MONO_MINOR=`echo $INSTALLED_MONO | cut -d'\''.'\'' -f2` + + if [ $INSTALLED_MONO_MAJOR -lt $REQUIRED_MAJOR ] || [ $INSTALLED_MONO_MAJOR -eq $REQUIRED_MAJOR -a $INSTALLED_MONO_MINOR -lt $REQUIRED_MINOR ] + then + echo "Wrong Mono version detected: $INSTALLED_MONO. Renode requires Mono $MONOVERSION or newer. Please refer to documentation for installation instructions. Exiting!" + exit 1 + fi + + exec $LAUNCHER $MONO_OPTIONS /opt/renode/bin/Renode.exe "$@" + SCRIPT_EOF' + sudo chmod +x /usr/bin/renode + echo "Created /usr/bin/renode wrapper script" + fi + + # Also ensure /usr/local/bin/renode symlink exists + if [ -x /usr/bin/renode ] && [ ! -x /usr/local/bin/renode ]; then + sudo ln -sf /usr/bin/renode /usr/local/bin/renode + echo "Created symlink: /usr/local/bin/renode -> /usr/bin/renode" + fi + + - name: Verify Renode installation + run: | + # Verify Renode is installed and accessible + RENODE_FOUND=false + RENODE_BIN="" + + # Check various possible locations + for path in /opt/renode/renode /opt/renode/bin/renode /usr/local/bin/renode /usr/bin/renode; do + if [ -x "$path" ]; then + echo "Renode found at $path" + "$path" --version || true + RENODE_BIN="$path" + RENODE_FOUND=true + break + fi + done + + if [ "$RENODE_FOUND" != "true" ]; then + echo "ERROR: Renode binary not found or not executable!" + echo "Searching for renode..." + find /opt /usr -name renode -type f 2>/dev/null | head -10 || true + echo "Checking /opt/renode contents:" + ls -la /opt/renode/ 2>/dev/null | head -10 || true + if [ -d /opt/renode ]; then + echo "Checking /opt/renode subdirectories:" + find /opt/renode -type f -name "*renode*" 2>/dev/null | head -10 || true + fi + exit 1 + fi + + + - name: Clone CMSIS Device (if not cached) + if: steps.cache-cmsis-device.outputs.cache-hit != 'true' + run: | + sudo mkdir -p /opt + sudo git clone --depth 1 https://github.com/STMicroelectronics/${{ env.CMSIS_DEVICE_REPO }}.git ${{ env.CMSIS_DEVICE_PATH }} + + - name: Clone CMSIS 5 (if not cached) + if: steps.cache-cmsis-5.outputs.cache-hit != 'true' + run: | + sudo mkdir -p /opt + sudo git clone --depth 1 https://github.com/ARM-software/CMSIS_5.git /opt/CMSIS_5 + + - name: Clone STM32Cube (if not cached) + if: steps.cache-stm32cube.outputs.cache-hit != 'true' + run: | + sudo mkdir -p /opt + sudo git clone --depth 1 --branch ${{ env.STM32CUBE_BRANCH }} --recurse-submodules https://github.com/STMicroelectronics/${{ env.STM32CUBE_REPO }}.git ${{ env.STM32CUBE_PATH }} || \ + (sudo git clone --depth 1 --branch ${{ env.STM32CUBE_BRANCH }} https://github.com/STMicroelectronics/${{ env.STM32CUBE_REPO }}.git ${{ env.STM32CUBE_PATH }} && \ + cd ${{ env.STM32CUBE_PATH }} && sudo git submodule update --init --recursive --depth 1) + + - name: Setup firmware build directory and helper files + run: | + sudo mkdir -p /opt/firmware + # Copy helper files from repository + sudo cp -r ${{ github.workspace }}/${{ env.RENODE_TEST_DIR }}/* /opt/firmware/ + # Copy HAL config to STM32Cube directory + sudo cp /opt/firmware/${{ env.HAL_CONFIG_FILE }} ${{ env.STM32CUBE_PATH }}/Drivers/${{ env.HAL_DRIVER_INC_PATH }}/ 2>/dev/null || true + sudo chmod +x /opt/firmware/entrypoint.sh + # Create .renode-root file so Renode can find platform files + # Try to find Renode installation directory and create .renode-root with proper permissions + if [ -d "/opt/renode/platforms" ]; then + echo "/opt/renode" | sudo tee /opt/firmware/.renode-root > /dev/null + sudo chmod 644 /opt/firmware/.renode-root + elif [ -d "/usr/lib/renode/platforms" ]; then + echo "/usr/lib/renode" | sudo tee /opt/firmware/.renode-root > /dev/null + sudo chmod 644 /opt/firmware/.renode-root + elif [ -d "/usr/share/renode/platforms" ]; then + echo "/usr/share/renode" | sudo tee /opt/firmware/.renode-root > /dev/null + sudo chmod 644 /opt/firmware/.renode-root + fi + + - name: Build wolfSSL firmware (NOT CACHED - rebuilds on every run) + env: + WOLFSSL_ROOT: /opt/wolfssl + run: | + # Copy wolfSSL source (this is NOT cached - fresh checkout each time) + sudo cp -r ${{ github.workspace }} /opt/wolfssl + # Build with CMake + cd /opt/firmware + sudo cmake -G Ninja \ + -DWOLFSSL_USER_SETTINGS=ON \ + -DUSER_SETTINGS_FILE=/opt/firmware/user_settings.h \ + -DCMAKE_TOOLCHAIN_FILE=/opt/firmware/toolchain-arm-none-eabi.cmake \ + -DCMAKE_BUILD_TYPE=Release \ + -DWOLFSSL_CRYPT_TESTS=OFF \ + -DWOLFSSL_EXAMPLES=OFF \ + -B /opt/firmware/build \ + -S /opt/firmware + sudo cmake --build /opt/firmware/build + # Verify ELF file was created and copy it to expected location + if [ -f "/opt/firmware/build/wolfcrypt_test.elf" ]; then + sudo cp /opt/firmware/build/wolfcrypt_test.elf /opt/firmware/wolfcrypt_test.elf + echo "ELF file copied to /opt/firmware/wolfcrypt_test.elf" + ls -lh /opt/firmware/wolfcrypt_test.elf + else + echo "ERROR: ELF file not found at /opt/firmware/build/wolfcrypt_test.elf" + echo "Searching for ELF files..." + find /opt/firmware/build -name "*.elf" 2>/dev/null || true + exit 1 + fi + + - name: Run Renode test + run: | + # Ensure PATH includes standard binary locations for sudo + sudo env PATH="$PATH" /opt/firmware/entrypoint.sh + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/rng-tools.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rng-tools.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/rng-tools.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rng-tools.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -44,10 +44,10 @@ fail-fast: false matrix: # List of releases to test - ref: [ 6.16 ] + ref: [ 6.16, 6.17 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl @@ -101,7 +101,7 @@ # Retry up to five times for i in {1..5}; do TEST_RES=0 - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib make check || TEST_RES=$? + LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib RNGD_JITTER_TIMEOUT=100 make check || TEST_RES=$? if [ "$TEST_RES" -eq "0" ]; then break fi diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/rust-wrapper.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rust-wrapper.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/rust-wrapper.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/rust-wrapper.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ build_wolfssl: name: Build wolfSSL Rust Wrapper if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-24.04 + runs-on: ${{ matrix.os }} # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -24,10 +24,53 @@ uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-all + configure: ${{ matrix.config }} - name: Build Rust Wrapper working-directory: wolfssl run: make -C wrapper/rust - name: Run Rust Wrapper Tests working-directory: wolfssl run: make -C wrapper/rust test + strategy: + matrix: + os: [ ubuntu-24.04, ubuntu-24.04-arm ] + config: [ + # Add new configs here + '', + '--enable-all', + '--enable-all --enable-dilithium', + '--enable-all --enable-mlkem', + '--enable-cryptonly --disable-examples', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aes --disable-aesgcm', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aescbc', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aeseax', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesecb', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesccm', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aescfb', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesctr', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aescts', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesgcm', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesgcm-stream', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesofb', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-aesxts', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-cmac', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-dh', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-ecc', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-ed25519', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-ed25519-stream', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-ed448', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-ed448-stream', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-hkdf', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-hmac', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-rng', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-rsa', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-rsapss', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-sha224', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-sha3', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-sha384', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-sha512', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-shake128', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-shake256', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-srtp-kdf', + '--enable-cryptonly --disable-examples --disable-mlkem --disable-x963kdf', + ] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/smallStackSize.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/smallStackSize.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/smallStackSize.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/smallStackSize.yml 2026-05-24 09:58:33.000000000 +0000 @@ -37,7 +37,7 @@ ] name: build library if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/socat.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/socat.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/socat.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/socat.yml 2026-05-24 09:58:33.000000000 +0000 @@ -16,14 +16,14 @@ build_wolfssl: name: Build wolfSSL if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 4 steps: - name: Build wolfSSL uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-maxfragment --enable-opensslall --enable-opensslextra --enable-dtls --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS' + configure: --enable-all --enable-oldtls --enable-tlsv10 --enable-ipv6 'CPPFLAGS=-DWOLFSSL_NO_DTLS_SIZE_CHECK -DOPENSSL_COMPATIBLE_DEFAULTS' install: true - name: tar build-dir @@ -39,10 +39,18 @@ socat_check: if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 30 needs: build_wolfssl + strategy: + fail-fast: false + matrix: + include: + - socat_version: "1.8.0.0" + expect_fail: "36,64,146,216,309,310,386,399,402,403,459,460,467,468,475,478,491,492,528" + - socat_version: "1.8.0.3" + expect_fail: "146,386,399,402,459,460,467,468,475,478,491,492,495,528" steps: - name: Install prereqs run: @@ -57,7 +65,7 @@ run: tar -xf build-dir.tgz - name: Download socat - run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz + run: curl -O http://www.dest-unreach.org/socat/download/socat-${{ matrix.socat_version }}.tar.gz && tar xvf socat-${{ matrix.socat_version }}.tar.gz - name: Checkout OSP uses: actions/checkout@v4 @@ -66,16 +74,16 @@ path: osp - name: Build socat - working-directory: ./socat-1.8.0.0 + working-directory: ./socat-${{ matrix.socat_version }} run: | - patch -p1 < ../osp/socat/1.8.0.0/socat-1.8.0.0.patch + patch -p1 < ../osp/socat/${{ matrix.socat_version }}/socat-${{ matrix.socat_version }}.patch autoreconf -vfi ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir --enable-default-ipv=4 make - name: Run socat tests - working-directory: ./socat-1.8.0.0 + working-directory: ./socat-${{ matrix.socat_version }} run: | export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH export SHELL=/bin/bash - SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,492,528,530 + SOCAT=$GITHUB_WORKSPACE/socat-${{ matrix.socat_version }}/socat ./test.sh -t 0.5 --expect-fail ${{ matrix.expect_fail }} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/softhsm.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/softhsm.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/softhsm.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/softhsm.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 10 steps: @@ -25,7 +25,7 @@ uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024 + configure: --enable-all --disable-oldnames CFLAGS=-DRSA_MIN_SIZE=1024 install: true check: false @@ -47,7 +47,7 @@ ref: [ 2.6.1 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 20 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/sssd.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/sssd.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/sssd.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/sssd.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ if: github.repository_owner == 'wolfssl' name: Build wolfSSL # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -44,10 +44,10 @@ fail-fast: false matrix: # List of releases to test - ref: [ 2.9.1 ] + ref: [ 2.9.1, 2.10.2 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 container: image: quay.io/sssd/ci-client-devel:ubuntu-latest env: @@ -61,7 +61,8 @@ # Don't prompt for anything export DEBIAN_FRONTEND=noninteractive sudo apt-get update - sudo apt-get install -y build-essential autoconf libldb-dev libldb2 python3-ldb bc + sudo apt-get install -y build-essential autoconf libldb-dev \ + libldb2 python3-ldb bc libcap-dev - name: Setup env run: | diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/stunnel.yml 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ name: Build wolfSSL if: github.repository_owner == 'wolfssl' # Just to keep it the same as the testing target - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 steps: @@ -46,7 +46,7 @@ ref: [ 5.67 ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 4 needs: build_wolfssl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/symbol-prefixes.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/symbol-prefixes.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/symbol-prefixes.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/symbol-prefixes.yml 2026-05-24 09:58:33.000000000 +0000 @@ -21,7 +21,7 @@ ] name: make and analyze if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/threadx.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/threadx.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/threadx.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/threadx.yml 2026-05-24 09:58:33.000000000 +0000 @@ -9,13 +9,13 @@ jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - name: Cache NetXDuo bundle id: cache-netxduo - uses: actions/cache@v3 + uses: actions/cache@v4 with: path: ./v6.4.3_rel.tar.gz key: netxduo-bundle-v6.4.3_rel diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/tls-anvil.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/tls-anvil.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/tls-anvil.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/tls-anvil.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,96 @@ +name: TLS-Anvil RFC Compliance + +on: + schedule: + # Nightly at 2 AM UTC + - cron: '0 2 * * *' + workflow_dispatch: + inputs: + strength: + description: 'TLS-Anvil test strength (1=quick, 2=medium, 3=full)' + default: '1' + required: false + type: choice + options: ['1', '2', '3'] + +jobs: + tls-anvil: + name: ${{ matrix.test-name }} + # Only run from the wolfssl org to avoid burning forks' CI minutes + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 90 + + strategy: + fail-fast: false + matrix: + include: + - test-name: tls12-server + mode: server + extra-flags: '--disable-tls13' + - test-name: tls13-server + mode: server + extra-flags: '--enable-tls13' + - test-name: tls12-client + mode: client + extra-flags: '--disable-tls13' + - test-name: tls13-client + mode: client + extra-flags: '--enable-tls13' + + steps: + - name: Checkout wolfSSL + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt-get update -q + sudo apt-get install -y build-essential autoconf automake libtool jq psmisc || \ + sudo apt-get install -y build-essential autoconf automake libtool jq + + - name: Pull TLS-Anvil Docker image + run: docker pull ghcr.io/tls-attacker/tlsanvil:latest + + - name: Run TLS-Anvil (${{ matrix.test-name }}) + env: + TLS_ANVIL_TEST_NAME: ${{ matrix.test-name }} + TLS_ANVIL_STRENGTH: ${{ inputs.strength || '1' }} + run: | + bash .github/scripts/tls-anvil-test.sh \ + "${{ matrix.mode }}" \ + "${{ matrix.extra-flags }}" + + - name: Summarize results + if: always() + run: | + REPORT="tls-anvil-results/report.json" + { + echo "## TLS-Anvil: ${{ matrix.test-name }}" + echo "" + if [[ -f "$REPORT" ]]; then + echo "| | Count |" + echo "|---|---|" + jq -r ' + "| Total | \(.TotalTests // "N/A") |", + "| Strictly Passed | \(.StrictlySucceededTests // "N/A") |", + "| Conceptually OK | \(.ConceptuallySucceededTests // "N/A") |", + "| Partially Failed | \(.PartiallyFailedTests // "N/A") |", + "| Fully Failed | \(.FullyFailedTests // "N/A") |", + "| Disabled | \(.DisabledTests // "N/A") |" + ' "$REPORT" 2>/dev/null || echo "| (could not parse report.json) | - |" + echo "" + echo "**Category scores:**" + jq -r '.Score | to_entries[] | "- \(.key): \(.value)%"' "$REPORT" 2>/dev/null || true + else + echo "No report.json found - check step logs for errors." + fi + } >> "$GITHUB_STEP_SUMMARY" + + - name: Upload results + if: always() + uses: actions/upload-artifact@v4 + with: + name: tls-anvil-results-${{ matrix.test-name }} + path: tls-anvil-results/ + retention-days: 30 + if-no-files-found: warn diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/trackmemory.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/trackmemory.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/trackmemory.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/trackmemory.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,60 @@ +name: WOLFSSL_TRACK_MEMORY Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + make_check: + strategy: + matrix: + config: [ + # Add new configs here + '--enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"', + '--enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"', + '--enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY"', +# Note the below smallstackcache tests are crucial coverage for the Linux kernel +# module, when targeting a kernel with the randomness patch (linuxkm/patches/) +# applied. +# +# Note, don't combine wolfEntropy with the full TLS cipher suite test -- the implicit wc_InitRng()s in each suite have an enormous CPU footprint. + '--enable-wolfEntropy --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"', + '--enable-intelrdseed --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"', + '--enable-amdrand --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"', + '--disable-asm --enable-wolfEntropy --enable-smallstackcache --enable-smallstack --enable-all CFLAGS="-DWC_RNG_SEED_CB -DWOLFSSL_TRACK_MEMORY -DWOLFSSL_DEBUG_MEMORY -DNO_WOLFSSL_CIPHER_SUITE_TEST"' + ] + name: make check + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 6 + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - name: Test wolfSSL + run: | + ./autogen.sh + ./configure ${{ matrix.config }} + make -j 4 + make check + + - name: Print errors + if: ${{ failure() }} + run: | + for file in scripts/*.log + do + if [ -f "$file" ]; then + echo "${file}:" + cat "$file" + echo "========================================================================" + fi + done diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/win-csharp-test.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/win-csharp-test.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/win-csharp-test.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/win-csharp-test.yml 2026-05-24 09:58:33.000000000 +0000 @@ -27,7 +27,7 @@ steps: - name: Pull wolfssl - uses: actions/checkout@master + uses: actions/checkout@v4 with: repository: wolfssl/wolfssl path: wolfssl @@ -41,7 +41,7 @@ echo $null >> wolfcrypt\src\wolfcrypt_last.c - name: Add MSBuild to PATH - uses: microsoft/setup-msbuild@v1 + uses: microsoft/setup-msbuild@v2 - name: Build working-directory: ${{env.GITHUB_WORKSPACE}} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/wolfCrypt-Wconversion.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfCrypt-Wconversion.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/wolfCrypt-Wconversion.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfCrypt-Wconversion.yml 2026-05-24 09:58:33.000000000 +0000 @@ -18,16 +18,21 @@ matrix: config: [ # Add new configs here - '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"', - '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"', - '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"', - '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion"', - '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128"', - '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion" --enable-32bit CFLAGS=-m32' + '--disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"', + '--enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"', + '--enable-smallstack --disable-asm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"', + '--enable-smallstack --enable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual"', + '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -DNO_INT128 -Wcast-qual"', + '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32', + '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"', + '--enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,no-large-code CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"', + '--enable-smallstack --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"', + '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wdeclaration-after-statement -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual" --enable-32bit CFLAGS=-m32', + '--disable-intelasm --enable-cryptonly --enable-all-crypto --disable-examples --disable-benchmark --disable-crypttests --enable-mlkem=yes,small CPPFLAGS="-DWOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM -DWOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -Wconversion -Warith-conversion -Wenum-conversion -Wfloat-conversion -Wsign-conversion -Wcast-qual -DNO_INT128"', ] name: build library if: github.repository_owner == 'wolfssl' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 # This should be a safe limit for the tests to run. timeout-minutes: 6 steps: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/wolfsm.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfsm.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/wolfsm.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/wolfsm.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,63 @@ +name: wolfSM Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + make_check: + strategy: + fail-fast: false + matrix: + config: [ + # Core SM TLS cipher suites + '--enable-sm2 --enable-sm3 --enable-sm4-gcm --enable-sm4-ccm --enable-sha3', + # All SM4 modes + '--enable-sm2 --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm --enable-sha3', + # SM + all features integration test + '--enable-all --enable-sm2 --enable-sm3 --enable-sm4-ecb --enable-sm4-cbc --enable-sm4-ctr --enable-sm4-gcm --enable-sm4-ccm', + ] + name: make check + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 10 + steps: + - uses: actions/checkout@v4 + name: Checkout wolfSSL + + - uses: actions/checkout@v4 + name: Checkout wolfsm + with: + repository: wolfssl/wolfsm + path: wolfsm + + - name: Install wolfsm + working-directory: wolfsm + run: ./install.sh $GITHUB_WORKSPACE + + - name: Test wolfSSL with wolfSM + run: | + ./autogen.sh + ./configure ${{ matrix.config }} + make + make check + + - name: Print errors + if: ${{ failure() }} + run: | + for file in scripts/*.log + do + if [ -f "$file" ]; then + echo "${file}:" + cat "$file" + echo "========================================================================" + fi + done diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/xcode.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/xcode.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/xcode.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/xcode.yml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,89 @@ +name: Xcode Build Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build: + if: github.repository_owner == 'wolfssl' + runs-on: macos-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + strategy: + matrix: + include: + # macOS builds + - target: wolfssl_osx + arch: arm64 + config: Release + sdk: macosx + name: macOS (ARM64, Release) + - target: wolfssl_osx + arch: x86_64 + config: Release + sdk: macosx + name: macOS (x86_64, Release) + - target: wolfssl_osx + arch: arm64 + config: Debug + sdk: macosx + name: macOS (ARM64, Debug) + - target: wolfssl_osx + arch: x86_64 + config: Debug + sdk: macosx + name: macOS (x86_64, Debug) + # Universal build (both architectures) + - target: wolfssl_osx + arch: arm64 + arch2: x86_64 + config: Release + sdk: macosx + name: macOS (Universal, Release) + universal: true + # tvOS builds + - target: wolfssl_tvos + arch: arm64 + config: Release + sdk: appletvos + name: tvOS (ARM64, Release) + - target: wolfssl_tvos + arch: arm64 + config: Release + sdk: appletvsimulator + name: tvOS Simulator (ARM64, Release) + steps: + - uses: actions/checkout@v4 + + - name: Build wolfSSL with Xcode (${{ matrix.name }}) + working-directory: ./IDE/XCODE + run: | + if [ "${{ matrix.universal }}" == "true" ]; then + xcodebuild -project wolfssl.xcodeproj \ + -target ${{ matrix.target }} \ + -configuration ${{ matrix.config }} \ + -arch ${{ matrix.arch }} \ + -arch ${{ matrix.arch2 }} \ + -sdk ${{ matrix.sdk }} \ + SYMROOT=build \ + OBJROOT=build \ + build + else + xcodebuild -project wolfssl.xcodeproj \ + -target ${{ matrix.target }} \ + -configuration ${{ matrix.config }} \ + -arch ${{ matrix.arch }} \ + -sdk ${{ matrix.sdk }} \ + SYMROOT=build \ + OBJROOT=build \ + build + fi diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.github/workflows/zephyr.yml 2026-05-24 09:58:33.000000000 +0000 @@ -28,7 +28,7 @@ if: github.repository_owner == 'wolfssl' runs-on: ubuntu-22.04 # This should be a safe limit for the tests to run. - timeout-minutes: 25 + timeout-minutes: 45 steps: - name: Install dependencies run: | @@ -42,7 +42,7 @@ make gcc gcc-multilib g++-multilib libsdl2-dev libmagic1 \ autoconf automake bison build-essential ca-certificates cargo ccache chrpath cmake \ cpio device-tree-compiler dfu-util diffstat dos2unix doxygen file flex g++ gawk gcc \ - gcovr git git-core gnupg gperf gtk-sharp2 help2man iproute2 lcov libcairo2-dev \ + gcovr git git-core gnupg gperf gtk-sharp3 help2man iproute2 lcov libcairo2-dev \ libglib2.0-dev libgtk2.0-0 liblocale-gettext-perl libncurses5-dev libpcap-dev \ libpopt0 libsdl1.2-dev libsdl2-dev libssl-dev libtool libtool-bin locales make \ net-tools ninja-build openssh-client parallel pkg-config python3-dev python3-pip \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.gitignore mariadb-11.8.8/extra/wolfssl/wolfssl/.gitignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/.gitignore 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.gitignore 2026-05-24 09:58:33.000000000 +0000 @@ -41,6 +41,9 @@ .tags* cyassl-config wolfssl-config +cmake/wolfssl-config.cmake +cmake/wolfssl-config-version.cmake +cmake/wolfssl-targets.cmake cyassl.sublime* fips.h fips.c @@ -50,16 +53,6 @@ wolfcrypt_last.c selftest.c fipsv2.c -src/async.c -wolfssl/async.h -wolfcrypt/src/async.c -wolfssl/wolfcrypt/async.h -wolfcrypt/src/port/intel/quickassist.c -wolfcrypt/src/port/intel/quickassist_mem.c -wolfcrypt/src/port/cavium/cavium_nitrox.c -wolfssl/wolfcrypt/port/intel/quickassist.h -wolfssl/wolfcrypt/port/intel/quickassist_mem.h -wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ctaocrypt/benchmark/benchmark ctaocrypt/test/testctaocrypt wolfcrypt/benchmark/benchmark @@ -77,6 +70,7 @@ examples/sctp/sctp-client-dtls examples/asn1/asn1 examples/pem/pem +examples/ocsp_responder/ocsp_responder server_ready snifftest output @@ -114,6 +108,10 @@ ecc-key.pem certreq.der certreq.pem +crlRsaOut.pem +crlRsaOut.der +crlEccOut.pem +crlEccOut.der pkcs7cert.der pkcs7authEnvelopedDataAES128GCM.der pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der @@ -248,13 +246,20 @@ linuxkm/linuxkm linuxkm/src linuxkm/patches/src +linuxkm/libwolfssl-user-build +linuxkm/linuxkm-fips-hash *.nds + +# Generated during FreeBSD kernel module build. bsdkm/export_syms bsdkm/i386 bsdkm/libwolfssl.ko bsdkm/machine bsdkm/opt_global.h bsdkm/x86 +bsdkm/bus_if.h +bsdkm/cryptodev_if.h +bsdkm/device_if.h # autotools generated scripts/unit.test @@ -396,6 +401,7 @@ CMakeFiles/ CMakeCache.txt cmake_install.cmake +!cmake/Config.cmake.in # GDB Settings \.gdbinit @@ -478,3 +484,12 @@ # Autogenerated debug trace headers wolfssl/debug-trace-error-codes.h wolfssl/debug-untrace-error-codes.h + +AGENTS.md +CLAUDE.md + +# Code navigation files +compile_commands.json + +# Python cache +__pycache__/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/.wolfssl_known_macro_extras mariadb-11.8.8/extra/wolfssl/wolfssl/.wolfssl_known_macro_extras --- mariadb-11.8.6/extra/wolfssl/wolfssl/.wolfssl_known_macro_extras 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/.wolfssl_known_macro_extras 2026-05-24 09:58:33.000000000 +0000 @@ -52,9 +52,11 @@ CONFIG_ARCH_CHIP_STM32H743ZI CONFIG_ARCH_CHIP_STM32L552ZE CONFIG_ARCH_POSIX +CONFIG_ARCH_TEGRA CONFIG_ARM CONFIG_ARM64 CONFIG_BOARD_NATIVE_POSIX +CONFIG_BOARD_NATIVE_SIM CONFIG_COMPILER_OPTIMIZATION_DEFAULT CONFIG_COMPILER_OPTIMIZATION_NONE CONFIG_COMPILER_OPTIMIZATION_PERF @@ -64,6 +66,7 @@ CONFIG_CRYPTO_CTR CONFIG_CRYPTO_DH CONFIG_CRYPTO_DH_RFC7919_GROUPS +CONFIG_CRYPTO_DRBG CONFIG_CRYPTO_ECB CONFIG_CRYPTO_ECDH CONFIG_CRYPTO_ECDSA @@ -134,10 +137,13 @@ CONFIG_POSIX_API CONFIG_POSIX_THREADS CONFIG_PREEMPT_COUNT +CONFIG_PREEMPT_RT CONFIG_PTHREAD_IPC CONFIG_SCHED_INFO CONFIG_SMP CONFIG_SNTP_TIME_SYNC_METHOD_SMOOTH +CONFIG_STACK_GROWSUP +CONFIG_THREAD_INFO_IN_TASK CONFIG_TIMER_TASK_STACK_DEPTH CONFIG_TIMER_TASK_STACK_SIZE CONFIG_TLS_STACK_WOLFSSL @@ -168,6 +174,7 @@ CONFIG_WOLFSSL_EXAMPLE_NAME_WOLFSSH_TEMPLATE CONFIG_WOLFSSL_HKDF CONFIG_WOLFSSL_MAX_FRAGMENT_LEN +CONFIG_WOLFSSL_MLKEM CONFIG_WOLFSSL_NO_ASN_STRICT CONFIG_WOLFSSL_PSK CONFIG_WOLFSSL_RSA_PSS @@ -181,6 +188,7 @@ CONFIG_X86 CONV_WITH_DIV CPA_CY_API_VERSION_NUM_MAJOR +CPA_CY_API_VERSION_NUM_MINOR CPU_MIMXRT1176DVMAA_cm7 CPU_MK82FN256VLL15 CRLDP_VALIDATE_DATA @@ -210,9 +218,11 @@ ECCSI_ORDER_MORE_BITS_THAN_PRIME ECC_DUMP_OID ECDHE_SIZE +ENABLED_BSDKM_REGISTER ENABLE_SECURE_SOCKETS_LOGS ESP32 ESP8266 +ESPIPE ESP_ENABLE_WOLFSSH ESP_IDF_VERSION ESP_IDF_VERSION_MAJOR @@ -247,6 +257,7 @@ HAL_RTC_MODULE_ENABLED HARDWARE_CACHE_COHERENCY HASH_AlgoMode_HASH +HASH_AlgoMode_HMAC HASH_BYTE_SWAP HASH_CR_LKEY HASH_DIGEST @@ -260,7 +271,6 @@ HAVE_CRL_UPDATE_CB HAVE_CSHARP HAVE_CURL -HAVE_CURVE22519 HAVE_DANE HAVE_ECC239 HAVE_ECC320 @@ -268,7 +278,6 @@ HAVE_ECC_CDH_CAST HAVE_ECC_SM2 HAVE_ESP_CLK -HAVE_FACON HAVE_FIPS_VERSION_PORT HAVE_FUZZER HAVE_INTEL_MULX @@ -276,6 +285,9 @@ HAVE_INTEL_SPEEDUP HAVE_MDK_RTX HAVE_NETX_BSD +HAVE_PKCS11_STATIC +HAVE_PKCS11_V3_STATIC +HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK HAVE_POCO_LIB HAVE_RTP_SYS @@ -285,6 +297,7 @@ HAVE_TM_TYPE HAVE_VALIDATE_DATE HAVE_VA_COPY +HAVE_WC_FIPS_OPTEST_CONTESTFAILURE_EXPORT HAVE_X448 HONOR_MATH_USED_LENGTH HSM_KEY_TYPE_HMAC_224 @@ -345,6 +358,8 @@ MUTEX_DURING_INIT NEED_THREADX_TYPES NETX_DUO +NET_GETDEVRANDOM +NET_GETIFADDRS NET_SECURE_MODULE_EN NOTE_TRIGGER NO_AES_DECRYPT @@ -353,6 +368,7 @@ NO_ASN_OLD_TYPE_NAMES NO_CAMELLIA_CBC NO_CERT +NO_CERT_IN_TICKET NO_CIPHER_SUITE_ALIASES NO_CLIENT_CACHE NO_CLOCK_SPEEDUP @@ -404,6 +420,7 @@ NO_PKCS11_ECDH NO_PKCS11_EC_KEYGEN NO_PKCS11_HMAC +NO_PKCS11_MLDSA NO_PKCS11_RNG NO_PKCS11_RSA NO_PKCS11_RSA_PKCS @@ -414,6 +431,7 @@ NO_POLY1305_ASM NO_PUBLIC_CCM_SET_NONCE NO_PUBLIC_GCM_SET_IV +NO_QAT_RNG NO_RESUME_SUITE_CHECK NO_RNG NO_RNG_MUTEX @@ -421,6 +439,7 @@ NO_SKID NO_SKIP_PREVIEW NO_STDIO_FGETS_REMAP +NO_STM32_HMAC NO_TKERNEL_MEM_POOL NO_TLSX_PSKKEM_PLAIN_ANNOUNCE NO_VERIFY_OID @@ -473,10 +492,12 @@ REDIRECTION_OUT2_KEYID RENESAS_T4_USE RHEL_MAJOR +RHEL_RELEASE_CODE RTC_ALARMSUBSECONDMASK_ALL RTE_CMSIS_RTOS_RTX RTOS_MODULE_NET_AVAIL RTPLATFORM +SAL_IOMMU_CODE SA_INTERRUPT SCEKEY_INSTALLED SHA256_MANY_REGISTERS @@ -538,6 +559,12 @@ STM32_AESGCM_PARTIAL STM32_HW_CLOCK_AUTO STM32_NUTTX_RNG +STSAFE_HOST_KEY_CIPHER +STSAFE_HOST_KEY_MAC +STSAFE_I2C_BUS +STSE_CONF_ECC_BRAINPOOL_P_256 +STSE_CONF_ECC_BRAINPOOL_P_384 +SYS_CLOCK_REALTIME TASK_EXTRA_STACK_SIZE TCP_NODELAY TFM_ALREADY_SET @@ -567,8 +594,10 @@ USE_ECDSA_KEYSZ_HASH_ALGO USE_FULL_ASSERT USE_HAL_DRIVER +USE_LAC_SESSION_FOR_STRUCT_OFFSET USE_NXP_LTC USE_NXP_MMCAU +USE_QAE_STATIC_MEM USE_QAE_THREAD_LS USE_SECRET_CALLBACK USE_STSAFE_RNG_SEED @@ -582,58 +611,61 @@ WC_AES_GCM_DEC_AUTH_EARLY WC_ASN_HASH_SHA256 WC_ASN_RUNTIME_DATE_CHECK_CONTROL -WC_ASYNC_ENABLE_3DES -WC_ASYNC_ENABLE_AES -WC_ASYNC_ENABLE_ARC4 -WC_ASYNC_ENABLE_DH -WC_ASYNC_ENABLE_ECC WC_ASYNC_ENABLE_ECC_KEYGEN -WC_ASYNC_ENABLE_HMAC -WC_ASYNC_ENABLE_MD5 -WC_ASYNC_ENABLE_RSA -WC_ASYNC_ENABLE_RSA_KEYGEN -WC_ASYNC_ENABLE_SHA -WC_ASYNC_ENABLE_SHA224 -WC_ASYNC_ENABLE_SHA256 -WC_ASYNC_ENABLE_SHA3 -WC_ASYNC_ENABLE_SHA384 -WC_ASYNC_ENABLE_SHA512 +WC_ASYNC_NO_3DES +WC_ASYNC_NO_AES +WC_ASYNC_NO_ARC4 WC_ASYNC_NO_CRYPT -WC_ASYNC_NO_HASH +WC_ASYNC_NO_DH +WC_ASYNC_NO_ECC +WC_ASYNC_NO_HMAC +WC_ASYNC_NO_MD5 +WC_ASYNC_NO_PKI +WC_ASYNC_NO_RNG +WC_ASYNC_NO_RSA +WC_ASYNC_NO_RSA_KEYGEN +WC_ASYNC_NO_SHA +WC_ASYNC_NO_SHA224 +WC_ASYNC_NO_SHA256 +WC_ASYNC_NO_SHA3 +WC_ASYNC_NO_SHA384 +WC_ASYNC_NO_SHA512 +WC_ASYNC_NO_X25519 +WC_ASYNC_THREAD_BIND WC_CACHE_RESISTANT_BASE64_TABLE WC_DILITHIUM_CACHE_PRIV_VECTORS WC_DILITHIUM_CACHE_PUB_VECTORS WC_DILITHIUM_FIXED_ARRAY WC_DISABLE_RADIX_ZERO_PAD -WC_ECC_NONBLOCK_ONLY WC_FLAG_DONT_USE_AESNI WC_FORCE_LINUXKM_FORTIFY_SOURCE -WC_LMS_FULL_HASH +WC_HASH_CUSTOM_MAX_BLOCK_SIZE +WC_HASH_CUSTOM_MAX_DIGEST_SIZE +WC_HASH_CUSTOM_MIN_DIGEST_SIZE +WC_NO_ASYNC_SLEEP WC_NO_RNG_SIMPLE WC_NO_STATIC_ASSERT +WC_NO_VERBOSE_RNG WC_PKCS11_FIND_WITH_ID_ONLY +WC_PKCS12_PBKDF_USING_MP_API WC_PROTECT_ENCRYPTED_MEM +WC_RNG_BANK_NO_DEFAULT_SUPPORT WC_RNG_BLOCKING -WC_RSA_DIRECT WC_RSA_NONBLOCK WC_RSA_NONBLOCK_TIME WC_RSA_NO_FERMAT_CHECK WC_RWLOCK_OPS_INLINE -WC_SHA384 -WC_SHA384_DIGEST_SIZE -WC_SHA512 WC_SKIP_INCLUDED_C_FILES WC_SSIZE_TYPE WC_STRICT_SIG WC_USE_PIE_FENCEPOSTS_FOR_FIPS WC_WANT_FLAG_DONT_USE_VECTOR_OPS -WC_XMSS_FULL_HASH WIFIESPAT WIFI_101 WIFI_AVAILABLE WIFI_NINA WIN_REUSE_CRYPT_HANDLE -WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE +WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE_SUPPORT WOLFSENTRY_H WOLFSENTRY_NO_JSON WOLFSSL_32BIT_MILLI_TIME @@ -642,6 +674,7 @@ WOLFSSL_AES_CTR_EXAMPLE WOLFSSL_AFTER_DATE_CLOCK_SKEW WOLFSSL_ALGO_HW_MUTEX +WOLFSSL_ALLOW_AKID_SKID_MATCH WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION WOLFSSL_ALLOW_CRIT_AIA WOLFSSL_ALLOW_CRIT_AKID @@ -653,9 +686,9 @@ WOLFSSL_ALLOW_TLS_SHA1 WOLFSSL_ALTERNATIVE_DOWNGRADE WOLFSSL_ALT_NAMES_NO_REV +WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP WOLFSSL_ARM_ARCH_NEON_64BIT WOLFSSL_ASCON_UNROLL -WOLFSSL_ASNC_CRYPT WOLFSSL_ASN_EXTRA WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32 WOLFSSL_ASN_TEMPLATE_TYPE_CHECK @@ -673,9 +706,6 @@ WOLFSSL_BEFORE_DATE_CLOCK_SKEW WOLFSSL_BIGINT_TYPES WOLFSSL_BIO_NO_FLOW_STATS -WOLFSSL_BLAKE2B_INIT_EACH_FIELD -WOLFSSL_BLAKE2S_INIT_EACH_FIELD -WOLFSSL_BLIND_PRIVATE_KEY WOLFSSL_BYTESWAP32_ASM WOLFSSL_CAAM_BLACK_KEY_AESCCM WOLFSSL_CAAM_BLACK_KEY_SM @@ -688,10 +718,8 @@ WOLFSSL_CONTIKI WOLFSSL_CRL_ALLOW_MISSING_CDP WOLFSSL_DILITHIUM_ASSIGN_KEY -WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM WOLFSSL_DILITHIUM_NO_ASN1 WOLFSSL_DILITHIUM_NO_CHECK_KEY -WOLFSSL_DILITHIUM_NO_LARGE_CODE WOLFSSL_DILITHIUM_NO_MAKE WOLFSSL_DILITHIUM_REVERSE_HASH_OID WOLFSSL_DILITHIUM_SIGN_CHECK_W0 @@ -699,7 +727,6 @@ WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 -WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM WOLFSSL_DISABLE_EARLY_SANITY_CHECKS WOLFSSL_DTLS_DISALLOW_FUTURE WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS @@ -765,27 +792,24 @@ WOLFSSL_MAKE_SYSTEM_NAME_WSL WOLFSSL_MDK5 WOLFSSL_MEM_FAIL_COUNT -WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM WOLFSSL_MLKEM_INVNTT_UNROLL -WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM -WOLFSSL_MLKEM_NO_LARGE_CODE WOLFSSL_MLKEM_NO_MALLOC WOLFSSL_MLKEM_NTT_UNROLL WOLFSSL_MONT_RED_CT WOLFSSL_MP_COND_COPY WOLFSSL_MP_INVMOD_CONSTANT_TIME WOLFSSL_MULTICIRCULATE_ALTNAMELIST -WOLFSSL_NONBLOCK_OCSP +WOLFSSL_NEW_PRIME_CHECK WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API WOLFSSL_NO_BIO_ADDR_IN -WOLFSSL_NO_CLIENT WOLFSSL_NO_CLIENT_CERT_ERROR WOLFSSL_NO_COPY_CERT WOLFSSL_NO_COPY_KEY WOLFSSL_NO_CRL_DATE_CHECK WOLFSSL_NO_CRL_NEXT_DATE WOLFSSL_NO_CT_MAX_MIN +WOLFSSL_NO_DEBUG_CERTS WOLFSSL_NO_DECODE_EXTRA WOLFSSL_NO_DER_TO_PEM WOLFSSL_NO_DH186 @@ -817,7 +841,6 @@ WOLFSSL_NO_XOR_OPS WOLFSSL_NRF51_AES WOLFSSL_OLDTLS_AEAD_CIPHERSUITES -WOLFSSL_OLDTLS_SHA2_CIPHERSUITES WOLFSSL_OLD_SET_CURVES_LIST WOLFSSL_OLD_TIMINGPADVERIFY WOLFSSL_OLD_UNSUPPORTED_EXTENSION @@ -837,7 +860,6 @@ WOLFSSL_PSK_ID_PROTECTION WOLFSSL_PSK_MULTI_ID_PER_CS WOLFSSL_PSK_TLS13_CB -WOLFSSL_PYTHON WOLFSSL_RENESAS_FSPSM_CRYPT_ONLY WOLFSSL_RENESAS_RA6M3 WOLFSSL_RENESAS_RA6M3G @@ -846,6 +868,7 @@ WOLFSSL_RENESAS_TLS WOLFSSL_RENESAS_TSIP_IAREWRX WOLFSSL_REQUIRE_TCA +WOLFSSL_RNG_USE_FULL_SEED WOLFSSL_RSA_CHECK_D_ON_DECRYPT WOLFSSL_RSA_DECRYPT_TO_0_LEN WOLFSSL_RW_THREADED @@ -860,12 +883,11 @@ WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT WOLFSSL_SERVER_EXAMPLE WOLFSSL_SETTINGS_FILE -WOLFSSL_SH224 WOLFSSL_SHA256_ALT_CH_MAJ WOLFSSL_SHA512_HASHTYPE WOLFSSL_SHUTDOWNONCE WOLFSSL_SILABS_TRNG -WOLFSSL_SM4_EBC +WOLFSSL_SLHDSA_FULL_HASH WOLFSSL_SNIFFER_NO_RECOVERY WOLFSSL_SP_ARM32_UDIV WOLFSSL_SP_FAST_NCT_EXPTMOD @@ -873,7 +895,6 @@ WOLFSSL_STACK_CHECK WOLFSSL_STM32F427_RNG WOLFSSL_STM32U5_DHUK -WOLFSSL_STM32_RNG_NOLIB WOLFSSL_STRONGEST_HASH_SIG WOLFSSL_STSAFE_TAKES_SLOT WOLFSSL_TELIT_M2MB @@ -890,6 +911,7 @@ WOLFSSL_TI_CURRTIME WOLFSSL_TLS13_DRAFT WOLFSSL_TLS13_IGNORE_AEAD_LIMITS +WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC WOLFSSL_TLS13_SHA512 WOLFSSL_TLS13_TICKET_BEFORE_FINISHED WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY @@ -907,6 +929,7 @@ WOLFSSL_USE_OPTIONS_H WOLFSSL_VALIDATE_DH_KEYGEN WOLFSSL_WC_LMS_SERIALIZE_STATE +WOLFSSL_WC_SLHDSA_RECURSIVE WOLFSSL_WC_XMSS_NO_SHA256 WOLFSSL_WC_XMSS_NO_SHAKE256 WOLFSSL_WICED_PSEUDO_UNIX_EPOCH_TIME @@ -979,6 +1002,7 @@ __BIG_ENDIAN__ __BORLANDC__ __CCRX__ +__CC_ARM __COMPILER_VER__ __COUNTER__ __CYGWIN__ @@ -1015,6 +1039,7 @@ __NT__ __OS2__ __OpenBSD__ +__PIC__ __PIE__ __POWERPC__ __PPC__ @@ -1037,6 +1062,7 @@ __SDCC_VERSION_PATCH __SIZEOF_INT128__ __SIZEOF_LONG_LONG__ +__SIZEOF_LONG__ __STDC_NO_ATOMICS__ __STDC_VERSION__ __STDC__ @@ -1055,6 +1081,7 @@ __WATCOM_INT64__ __XC32 __XTENSA__ +__ZEPHYR__ __aarch64__ __alpha__ __arch64__ @@ -1064,6 +1091,8 @@ __cplusplus __ghc__ __ghs__ +__has_attribute +__has_include __hpux__ __i386 __i386__ @@ -1076,6 +1105,7 @@ __ppc64__ __ppc__ __riscv +__riscv_mul __riscv_xlen __s390x__ __sparc diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -34,7 +34,7 @@ You must delete them, or cmake will refuse to work.") endif() -project(wolfssl VERSION 5.8.4 LANGUAGES C ASM) +project(wolfssl VERSION 5.9.1 LANGUAGES C ASM) # Set WOLFSSL_ROOT if not already defined if ("${WOLFSSL_ROOT}" STREQUAL "") @@ -53,12 +53,12 @@ # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -set(WOLFSSL_LIBRARY_VERSION_SECOND 0) +set(WOLFSSL_LIBRARY_VERSION_SECOND 2) # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or # WOLFSSL_LIBRARY_VERSION_SECOND is incremented -set(WOLFSSL_LIBRARY_VERSION_THIRD 1) +set(WOLFSSL_LIBRARY_VERSION_THIRD 0) set(LIBTOOL_FULL_VERSION ${WOLFSSL_LIBRARY_VERSION_FIRST}.${WOLFSSL_LIBRARY_VERSION_SECOND}.${WOLFSSL_LIBRARY_VERSION_THIRD}) @@ -427,6 +427,18 @@ list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CID") endif() +# DTLS 1.3 Fragment ClientHello +add_option("WOLFSSL_DTLS_CH_FRAG" + "Enable wolfSSL DTLS 1.3 Fragment ClientHello (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_DTLS_CH_FRAG) + if(NOT WOLFSSL_DTLS13) + message(FATAL_ERROR "DTLS 1.3 Fragment ClientHello is supported only for DTLSv1.3") + endif() + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG") +endif() + # RNG add_option("WOLFSSL_RNG" "Enable compiling and using RNG (default: enabled)" @@ -511,9 +523,6 @@ list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WOLFSSH") endif() -if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS) - list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP") -endif() # TODO: - DTLS-SCTP # - DTLS multicast @@ -601,8 +610,67 @@ # ML-KEM/Kyber add_option(WOLFSSL_MLKEM "Enable the wolfSSL PQ ML-KEM library (default: disabled)" + "yes" "yes;no") + +if (WOLFSSL_MLKEM) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_MLKEM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_MLKEM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256") + + set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT) + set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) +endif() + +# When MLKEM and DTLS 1.3 are both enabled, DTLS ClientHello fragmenting is +# required (PQC keys in ClientHello can exceed MTU), so enable it automatically. +if(WOLFSSL_MLKEM AND WOLFSSL_DTLS13 AND NOT WOLFSSL_DTLS_CH_FRAG) + message(STATUS "MLKEM and DTLS 1.3 are enabled; enabling DTLS ClientHello fragmenting") + override_cache(WOLFSSL_DTLS_CH_FRAG "yes") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_DTLS_CH_FRAG") +endif() + +# Disable ML-KEM as standalone TLS key exchange (non-hybrid); when enabled (default), standalone is disabled +add_option(WOLFSSL_TLS_NO_MLKEM_STANDALONE + "Disable ML-KEM as standalone TLS key exchange (non-hybrid) (default: enabled, i.e. standalone disabled)" + "yes" "yes;no") + +if (WOLFSSL_TLS_NO_MLKEM_STANDALONE) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_TLS_NO_MLKEM_STANDALONE") +endif() + +# PQ/T hybrid combinations +add_option(WOLFSSL_PQC_HYBRIDS + "Enable PQ/T hybrid combinations (default: enabled)" + "yes" "yes;no") + +if (WOLFSSL_PQC_HYBRIDS) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PQC_HYBRIDS") +endif() + +# Dilithium +add_option(WOLFSSL_DILITHIUM + "Enable the wolfSSL PQ Dilithium (ML-DSA) implementation (default: disabled)" "no" "yes;no") +if (WOLFSSL_DILITHIUM) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_DILITHIUM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_DILITHIUM") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHA3") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE128") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SHAKE256") + + set_wolfssl_definitions("HAVE_DILITHIUM" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_DILITHIUM" RESULT) + set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) +endif() + # LMS add_option(WOLFSSL_LMS "Enable the PQ LMS Stateful Hash-based Signature Scheme (default: disabled)" @@ -612,11 +680,31 @@ "Enable the LMS SHA_256_192 truncated variant (default: disabled)" "no" "yes;no") +if (WOLFSSL_LMS) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_HAVE_LMS") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_WC_LMS") + + set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) + + if (WOLFSSL_LMSSHA256192) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_LMS_SHA256_192") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_NO_LMS_SHA256_256") + + set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192" RESULT) + set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT) + endif() +endif() + # Experimental features add_option(WOLFSSL_EXPERIMENTAL "Enable experimental features (default: disabled)" "no" "yes;no") +add_option(WOLFSSL_EXTRA_PQC_HYBRIDS + "Enable extra PQ/T hybrid combinations (default: disabled)" + "no" "yes;no") + message(STATUS "Looking for WOLFSSL_EXPERIMENTAL") if (WOLFSSL_EXPERIMENTAL) message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - found") @@ -652,52 +740,14 @@ message(STATUS "Looking for WOLFSSL_OQS - not found") endif() - # Checking for experimental feature: WOLFSSL_MLKEM - message(STATUS "Looking for WOLFSSL_MLKEM") - if (WOLFSSL_MLKEM) + # Checking for experimental feature: extra PQ/T hybrid combinations + message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS") + if (WOLFSSL_EXTRA_PQC_HYBRIDS) set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 1) - - message(STATUS "Automatically set related requirements for ML-KEM:") - add_definitions("-DWOLFSSL_HAVE_MLKEM") - add_definitions("-DWOLFSSL_WC_MLKEM") - add_definitions("-DWOLFSSL_SHA3") - add_definitions("-DWOLFSSL_SHAKE128") - add_definitions("-DWOLFSSL_SHAKE256") - - set_wolfssl_definitions("WOLFSSL_HAVE_MLKEM" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_MLKEM" RESULT) - set_wolfssl_definitions("WOLFSSL_SHA3" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE128" RESULT) - set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) - message(STATUS "Looking for WOLFSSL_MLKEM - found") + message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS - found") + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_EXTRA_PQC_HYBRIDS") else() - message(STATUS "Looking for WOLFSSL_MLKEM - not found") - endif() - - # Checking for experimental feature: WOLFSSL_LMS - message(STATUS "Looking for WOLFSSL_LMS") - if (WOLFSSL_LMS) - set(WOLFSSL_FOUND_EXPERIMENTAL_FEATURE 2) - - message(STATUS "Automatically set related requirements for LMS") - add_definitions("-DWOLFSSL_HAVE_LMS") - add_definitions("-DWOLFSSL_WC_LMS") - set_wolfssl_definitions("WOLFSSL_HAVE_LMS" RESULT) - set_wolfssl_definitions("WOLFSSL_WC_LMS" RESULT) - message(STATUS "Looking for WOLFSSL_LMS - found") - # Checking for experimental feature: WOLFSSL_LMSSHA256192 - if (WOLFSSL_LMSSHA256192) - message(STATUS "Automatically set related requirements for LMS SHA256-192") - add_definitions("-DWOLFSSL_LMS_SHA256_192") - add_definitions("-DWOLFSSL_NO_LMS_SHA256_256") - set_wolfssl_definitions("WOLFSSL_LMS_SHA256_192" RESULT) - set_wolfssl_definitions("WOLFSSL_NO_LMS_SHA256_256" RESULT) - message(STATUS "Looking for WOLFSSL_LMSSHA256192 - found") - else() - message(STATUS "Looking for WOLFSSL_LMSSHA256192 - not found") - endif() - else() - message(STATUS "Looking for WOLFSSL_LMS - not found") + message(STATUS "Looking for WOLFSSL_EXTRA_PQC_HYBRIDS - not found") endif() # Other experimental feature detection can be added here... @@ -713,16 +763,15 @@ if(WOLFSSL_OQS AND WOLFSSL_MLKEM) message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_MLKEM at the same time.") endif() - + if(WOLFSSL_OQS AND WOLFSSL_DILITHIUM) + message(FATAL_ERROR "Error: cannot enable both WOLFSSL_OQS and WOLFSSL_DILITHIUM at the same time.") + endif() else() # Experimental mode not enabled, but were any experimental features enabled? Error out if so: message(STATUS "Looking for WOLFSSL_EXPERIMENTAL - not found") if (WOLFSSL_OQS) message(FATAL_ERROR "Error: WOLFSSL_OQS requires WOLFSSL_EXPERIMENTAL at this time.") endif() - if(WOLFSSL_MLKEM) - message(FATAL_ERROR "Error: WOLFSSL_MLKEM requires WOLFSSL_EXPERIMENTAL at this time.") - endif() endif() # LMS @@ -735,6 +784,23 @@ "Enable the wolfSSL XMSS implementation (default: disabled)" "no" "yes;no") +# SLH-DSA +add_option(WOLFSSL_SLHDSA + "Enable the wolfSSL SLH-DSA implementation (default: disabled)" + "no" "yes;no") + +if (WOLFSSL_SLHDSA) + message(STATUS "Automatically set related requirements for SLH-DSA") + add_definitions("-DWOLFSSL_HAVE_SLHDSA") + add_definitions("-DWOLFSSL_WC_SLHDSA") + add_definitions("-DWOLFSSL_SHAKE256") + + set_wolfssl_definitions("WOLFSSL_HAVE_SLHDSA" RESULT) + set_wolfssl_definitions("WOLFSSL_WC_SLHDSA" RESULT) + set_wolfssl_definitions("WOLFSSL_SHAKE256" RESULT) + message(STATUS "Looking for WOLFSSL_SLHDSA - found") +endif() + # TODO: - Lean PSK # - Lean TLS # - Low resource @@ -848,6 +914,27 @@ "Enable wolfSSL AES-OFB support (default: disabled)" "no" "yes;no") +# AES-ECB +add_option("WOLFSSL_AESECB" + "Enable wolfSSL AES-ECB support (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_AESECB) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_AES_ECB") +endif() + +# AES-CTS +add_option("WOLFSSL_AESCTS" + "Enable wolfSSL AES-CTS support (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_AESCTS) + if(NOT WOLFSSL_AESCBC) + message(FATAL_ERROR "AES-CTS requires AES-CBC.") + endif() + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_AES_CTS") +endif() + # TODO: - AES-GCM stream # - AES-ARM # - Xilinx hardened crypto @@ -858,7 +945,6 @@ # - Linux dev crpyto calls # - Camellia # - MD2 -# - NULL cipher # - RIPEMD # - BLAKE2 @@ -1037,6 +1123,53 @@ endif() endif() +# ECCSI +add_option("WOLFSSL_ECCSI" + "Enable ECCSI (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_ECCSI) + if (NOT WOLFSSL_ECC) + message(FATAL_ERROR "cannot enable ECCSI without enabling ECC.") + endif() + + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_ECCSI") +endif() + +# SAKKE +add_option("WOLFSSL_SAKKE" + "Enable SAKKE (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_SAKKE) + if (NOT WOLFSSL_ECC) + message(FATAL_ERROR "cannot enable SAKKE without enabling ECC.") + endif() + + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFCRYPT_HAVE_SAKKE") +endif() + +# SipHash +add_option("WOLFSSL_SIPHASH" + "Enable SipHash (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_SIPHASH) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_SIPHASH") +endif() + +add_option("WOLFSSL_PUBLIC_MP" + "Enable public MP API (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_WOLFSSH OR WOLFSSL_WPAS OR WOLFSSL_ECCSI) + override_cache(WOLFSSL_PUBLIC_MP "yes") +endif() + +if(WOLFSSL_PUBLIC_MP) + list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_PUBLIC_MP") +endif() + # TODO: - Compressed key # - FP ECC, fixed point cache ECC # - ECC encrypt @@ -1242,6 +1375,15 @@ endif() endif() +# RSA Direct +add_option("WOLFSSL_WC_RSA_DIRECT" + "Enable RSA Direct (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_RSA AND WOLFSSL_WC_RSA_DIRECT) + list(APPEND WOLFSSL_DEFINITIONS "-DWC_RSA_DIRECT") +endif() + # OAEP add_option("WOLFSSL_OAEP" "Enable RSA OAEP (default: enabled)" @@ -1367,6 +1509,12 @@ if(WOLFSSL_AESCTR) message(FATAL_ERROR "AESCTR requires AES.") endif() + if(WOLFSSL_AESECB) + message(FATAL_ERROR "AES-ECB requires AES.") + endif() + if(WOLFSSL_AESCTS) + message(FATAL_ERROR "AES-CTS requires AES.") + endif() else() if(WOLFSSL_LEAN_PSK) list(APPEND WOLFSSL_DEFINITIONS "-DNO_AES") @@ -1790,6 +1938,8 @@ set(WOLFSSL_X963KDF_HELP_STRING "Enable X9.63 KDF support (default: disabled)") add_option(WOLFSSL_X963KDF ${WOLFSSL_X963KDF_HELP_STRING} "no" "yes;no") +set(WOLFSSL_NULL_CIPHER_HELP_STRING "Enable NULL cipher support (default: disabled)") +add_option(WOLFSSL_NULL_CIPHER ${WOLFSSL_NULL_CIPHER_HELP_STRING} "no" "yes;no") # Encrypt-then-mac add_option("WOLFSSL_ENC_THEN_MAC" @@ -1866,6 +2016,16 @@ list(APPEND WOLFSSL_DEFINITIONS "-DNO_PKCS12") endif() +# PKCS#11 +add_option("WOLFSSL_PKCS11" + "Enable PKCS#11 (default: disabled)" + "no" "yes;no") + +if(WOLFSSL_PKCS11 AND NOT WIN32) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_PKCS11 -DHAVE_WOLF_BIGINT") + list(APPEND WOLFSSL_LINK_LIBS ${CMAKE_DL_LIBS}) +endif() + # PWDBASED has to come after certservice since we want it on w/o explicit on # PWDBASED @@ -1964,7 +2124,6 @@ "no" "yes;no") # TODO: - LIBZ -# - PKCS#11 # - Cavium # - Cavium V # - Cavium Octeon @@ -2063,10 +2222,7 @@ "yes" "yes;no") if(WOLFSSL_SYS_CA_CERTS) - if(NOT WOLFSSL_FILESYSTEM) - message("Can't enable system CA certs without a filesystem.") - override_cache(WOLFSSL_SYS_CA_CERTS "no") - elseif(APPLE) + if(APPLE) # Headers used for MacOS default system CA certs behavior. Only MacOS SDK will have this header check_include_file("Security/SecTrustSettings.h" HAVE_SECURITY_SECTRUSTSETTINGS_H) # Headers used for Apple native cert validation. All device SDKs should have these headers @@ -2100,6 +2256,9 @@ else() message(FATAL_ERROR "Can't enable system CA certs without Apple Security.framework headers.") endif() + elseif(NOT WIN32 AND NOT WOLFSSL_FILESYSTEM) + message("Can't enable system CA certs without a filesystem.") + override_cache(WOLFSSL_SYS_CA_CERTS "no") endif() @@ -2119,13 +2278,14 @@ endif() if(WOLFSSL_TPM) - override_cache(WOLFSSL_KEYGEN "yes") - override_cache(WOLFSSL_CERTGEN "yes") - override_cache(WOLFSSL_CRYPTOCB "yes") - override_cache(WOLFSSL_CERTREQ "yes") - override_cache(WOLFSSL_CERTEXT "yes") - override_cache(WOLFSSL_PKCS7 "yes") - override_cache(WOLFSSL_AESCFB "yes") + override_cache(WOLFSSL_KEYGEN "yes") + override_cache(WOLFSSL_CERTGEN "yes") + override_cache(WOLFSSL_CRYPTOCB "yes") + override_cache(WOLFSSL_CERTREQ "yes") + override_cache(WOLFSSL_CERTEXT "yes") + override_cache(WOLFSSL_PKCS7 "yes") + override_cache(WOLFSSL_AESCFB "yes") + override_cache(WOLFSSL_PUBLIC_MP "yes") list(APPEND WOLFSSL_DEFINITIONS "-DWOLFSSL_ALLOW_ENCODING_CA_FALSE") endif() @@ -2173,6 +2333,10 @@ ) endif() +if(WOLFSSL_NULL_CIPHER) + list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_NULL_CIPHER") +endif() + # Hybrid Public Key Encryption (RFC9180) add_option("WOLFSSL_HPKE" "Enable wolfSSL hybrid public key encryption (default: disabled)" @@ -2523,7 +2687,7 @@ if(${BUILD_SHARED_LIBS}) target_compile_definitions(wolfssl PUBLIC "WOLFSSL_DLL") endif() -target_compile_definitions(wolfssl PUBLIC ${WOLFSSL_DEFINITIONS}) +target_compile_definitions(wolfssl PRIVATE ${WOLFSSL_DEFINITIONS}) #################################################### # Include Directories @@ -2586,6 +2750,7 @@ add_executable(client ${CMAKE_CURRENT_SOURCE_DIR}/examples/client/client.c) target_link_libraries(client wolfssl) + target_compile_definitions(client PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET client PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/examples/client) @@ -2594,6 +2759,7 @@ add_executable(server ${CMAKE_CURRENT_SOURCE_DIR}/examples/server/server.c) target_link_libraries(server wolfssl) + target_compile_definitions(server PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET server PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/examples/server) @@ -2604,6 +2770,7 @@ target_include_directories(echoclient PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) target_link_libraries(echoclient wolfssl) + target_compile_definitions(echoclient PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET echoclient PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/examples/echoclient) @@ -2614,6 +2781,7 @@ target_include_directories(echoserver PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) target_link_libraries(echoserver wolfssl) + target_compile_definitions(echoserver PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET echoserver PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/examples/echoserver) @@ -2623,6 +2791,7 @@ add_executable(tls_bench ${CMAKE_CURRENT_SOURCE_DIR}/examples/benchmark/tls_bench.c) target_link_libraries(tls_bench wolfssl) + target_compile_definitions(tls_bench PRIVATE ${WOLFSSL_DEFINITIONS}) if(CMAKE_USE_PTHREADS_INIT) target_link_libraries(tls_bench Threads::Threads) endif() @@ -2671,6 +2840,7 @@ tests/api/test_ed448.c tests/api/test_mlkem.c tests/api/test_mldsa.c + tests/api/test_slhdsa.c tests/api/test_signature.c tests/api/test_dtls.c tests/api/test_ocsp.c @@ -2693,6 +2863,25 @@ tests/api/test_ossl_mac.c tests/api/test_ossl_rsa.c tests/api/test_ossl_sk.c + tests/api/test_ossl_x509.c + tests/api/test_ossl_x509_ext.c + tests/api/test_ossl_x509_name.c + tests/api/test_ossl_x509_pk.c + tests/api/test_ossl_x509_vp.c + tests/api/test_ossl_x509_io.c + tests/api/test_ossl_x509_crypto.c + tests/api/test_ossl_x509_acert.c + tests/api/test_ossl_x509_info.c + tests/api/test_ossl_x509_str.c + tests/api/test_ossl_x509_lu.c + tests/api/test_ossl_pem.c + tests/api/test_ossl_rand.c + tests/api/test_ossl_obj.c + tests/api/test_ossl_p7p12.c + tests/api/test_evp_digest.c + tests/api/test_evp_cipher.c + tests/api/test_evp_pkey.c + tests/api/test_certman.c tests/api/test_tls13.c tests/srp.c tests/suites.c @@ -2708,6 +2897,7 @@ ${CMAKE_CURRENT_BINARY_DIR}) target_compile_options(unit_test PUBLIC "-DNO_MAIN_DRIVER") target_link_libraries(unit_test wolfssl) + target_compile_definitions(unit_test PRIVATE ${WOLFSSL_DEFINITIONS}) if(CMAKE_USE_PTHREADS_INIT) target_link_libraries(unit_test Threads::Threads) endif() @@ -2733,6 +2923,7 @@ ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c) set_target_properties(wolfcrypttest_lib PROPERTIES OUTPUT_NAME "wolfcrypttest") target_link_libraries(wolfcrypttest_lib wolfssl) + target_compile_definitions(wolfcrypttest_lib PRIVATE ${WOLFSSL_DEFINITIONS}) target_compile_options(wolfcrypttest_lib PRIVATE "-DNO_MAIN_DRIVER") if(WOLFSSL_CRYPT_TESTS_HELP) target_compile_options(wolfcrypttest_lib PRIVATE "-DHAVE_WOLFCRYPT_TEST_OPTIONS") @@ -2743,6 +2934,7 @@ ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/benchmark/benchmark.c) set_target_properties(wolfcryptbench_lib PROPERTIES OUTPUT_NAME "wolfcryptbench") target_link_libraries(wolfcryptbench_lib wolfssl) + target_compile_definitions(wolfcryptbench_lib PRIVATE ${WOLFSSL_DEFINITIONS}) target_compile_options(wolfcryptbench_lib PRIVATE "-DNO_MAIN_DRIVER") endif() @@ -2750,6 +2942,7 @@ add_executable(wolfcrypttest ${CMAKE_CURRENT_SOURCE_DIR}/wolfcrypt/test/test.c) target_link_libraries(wolfcrypttest wolfssl) + target_compile_definitions(wolfcrypttest PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET wolfcrypttest PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/test) @@ -2769,6 +2962,7 @@ target_include_directories(wolfcryptbench PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) target_link_libraries(wolfcryptbench wolfssl) + target_compile_definitions(wolfcryptbench PRIVATE ${WOLFSSL_DEFINITIONS}) set_property(TARGET wolfcryptbench PROPERTY RUNTIME_OUTPUT_DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfcrypt/benchmark) @@ -2923,9 +3117,9 @@ # Install the library install(TARGETS wolfssl EXPORT wolfssl-targets - LIBRARY DESTINATION lib - ARCHIVE DESTINATION lib - RUNTIME DESTINATION bin + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} ) # Install the headers install(DIRECTORY ${WOLFSSL_OUTPUT_BASE}/wolfssl/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/ChangeLog.md mariadb-11.8.8/extra/wolfssl/wolfssl/ChangeLog.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/ChangeLog.md 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/ChangeLog.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,3 +1,342 @@ +# wolfSSL Release 5.9.1 (Apr. 8, 2026) + +Release 5.9.1 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: +* --enable-heapmath is deprecated +* MD5 is now disabled by default + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities + +* [Critical] CVE-2026-5194 +Missing hash/digest size and OID checks allow digests smaller than allowed by FIPS 186-4 or 186-5 (as appropriate), or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions, reducing the security of certificate-based authentication. Affects multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448. Builds that have both ECC and EdDSA or ML-DSA enabled that are doing certificate verification are recommended to update to the latest wolfSSL release. Thanks to Nicholas Carlini from Anthropic for the report. Fixed in PR 10131. + +* [High] CVE-2026-5264 +Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH). Fixed in PR 10076. + +* [High] CVE-2026-5263 +URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. Thanks to Oleh Konko @1seal for the report. Fixed in PR 10048. + +* [High] CVE-2026-5295 +Stack buffer overflow in PKCS7 ORI (Other Recipient Info) OID processing. When parsing a PKCS7 envelope with a crafted ORI OID value, a stack-based buffer overflow can be triggered. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH). Fixed in PR 10116. + +* [High] CVE-2026-5466 +wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5477 +Potential for AES-EAX AEAD and CMAC authentication bypass on messages larger than 4 GiB. An attacker who observes one valid (ciphertext, tag) pair for a >4 GiB EAX message can replace the first 4 GiB of ciphertext arbitrarily while the tag still verifies. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5447 +Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10112. + +* [High] CVE-2026-5500 +wolfSSL's `wc_PKCS7_DecodeAuthEnvelopedData()` does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the `mac` field from 16 bytes to 1 byte, reducing the tag check from 2â»Â¹Â²â¸ to 2â»â¸. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5501 +`wolfSSL_X509_verify_cert()` in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5503 +In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [Med] CVE-2026-5392 +Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData(). This only affects builds with PKCS7 support enabled. Thanks to J Laratro (d0sf3t) for the report. Fixed in PR 10039. + +* [Med] CVE-2026-5446 +ARIA-GCM nonce reuse in TLS 1.2 record encryption. ARIA cipher support requires a proprietary Korean library (MagicCrypto) and --enable-aria, limiting real-world exposure. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10111. + +* [Med] CVE-2026-5460 +When a malicious TLS 1.3 server sends a ServerHello with a truncated PQC hybrid KeyShare (e.g., P256_ML_KEM_512 with 10 bytes instead of the required 768+), the error cleanup path double-frees the KyberKey. Thanks to Calvin Young (eWalker Consulting Inc.) and Enoch Chow (Isomorph Cyber). Fixed in PR 10092. + +* [Med] CVE-2026-5504 +A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. + +* [Med] CVE-2026-5507 +When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. + +* [Low] CVE-2026-5187 +Heap out-of-bounds write in DecodeObjectId() caused by an off-by-one bounds check combined with a sizeof mismatch. A crafted ASN.1 object identifier can trigger a small heap OOB write. Thanks to Yuteng for the report. Fixed in PR 10025. + +* [Low] CVE-2026-5188 +An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation. The original ASN.1 parsing implementation is off by default. Thanks to Muhammad Arya Arjuna Habibullah for the report. Fixed in PR 10024. + +* [Low] CVE-2026-5448 +X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10071. + +* [Low] CVE-2026-5772 +A 1-byte stack buffer over-read exists in the MatchDomainName function in src/internal.c when processing wildcard patterns with the LEFT_MOST_WILDCARD_ONLY flag active. When a wildcard '*' exhausts the entire hostname string (strLen reaches 0), the function proceeds to compare remaining pattern characters against the now-exhausted buffer without a bounds check, causing an out-of-bounds read. Thanks to Zou Dikai for the report. Fixed in PR 10119. + +* [Low] CVE-2026-5778 +An integer underflow exists in the ChaCha20-Poly1305 decryption path where a malformed TLS 1.2 record with a payload shorter than the AEAD MAC size causes the message length calculation to underflow, resulting in an out-of-bounds read. This only affects sniffer builds. Thanks to Zou Dikai for the report. Fixed in PR 10125. + +## Experimental Build Vulnerability + +* [Med] CVE-2026-5393 +Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for testing the fix. Fixed in PR 10079. + +## New Features +* Enabled PQC algorithm ML-KEM (FIPS203) on by default. by @Frauschi (PR 9732) +* Added brainpool curve support to wolfSSL_CTX_set1_sigalgs_list. by @kojo1 (PR 9993) +* Implemented wolfSSL_Atomic_Int_Exchange() in wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c. by @douzzer (PR 10036) +* Added a GPLv2 license exception for VDE (Virtual Distributed Ethernet) to the licensing terms. by @danielinux (PR 10107) +* Added DTLS 1.3/TLS 1.3 write-dup (Duplicate SSL) support so the read-side can delegate post-handshake work (KeyUpdate responses, DTLS13 ACK sending, post-handshake auth) to the write-side, along with new tests and CI coverage. (PR 10006) + +## Post-Quantum Cryptography (PQC) +* Fixed Dilithium API to use byte type for context length parameters, enforcing the 0–255 byte constraint. by @SparkiDev (PR 10010) +* Fixed benchmarking for ML-DSA with static memory enabled. by @JacobBarthelmeh (PR 9970) +* Added checks to verify the private key is set before performing private key operations in Ed25519, Ed448, ML-DSA, and ML-KEM. by @anhu (PR 10083) +* Added buffer size and callback validation checks to wc_LmsKey_Sign to prevent signing with insufficient output buffer or missing required callbacks. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10084) +* Fixed an out-of-bounds shift in the ML-DSA implementation by ensuring the cast is performed before large shift operations in dilithium.c. Thanks to Dominik Blain / COBALT Security for the bug report. by @padelsbach (PR 10096) +* Zeroize sensitive memory buffers in the ML-DSA (Dilithium) implementation to prevent leakage of cryptographic material. by @Frauschi (PR 10100) +* Fixed undefined behavior in SLH-DSA key initialization by casting to unsigned before performing a left shift that could set the MSB. by @padelsbach (PR 10104) +* Added null checks for buffer size and callback validity in the external wc_LmsKey_Sign function to prevent CI failures. by @padelsbach (PR 10105) +* Ensured that the heap buffer used (among others) to store sensitive data during ML-DSA signing is zeroized before freeing the memory. Thanks to Abhinav Agarwal (@abhinavagarwal07) for the report. (PR 10113) +* The legacy non-context ML-DSA (Dilithium) API is now guarded behind WOLFSSL_DILITHIUM_NO_CTX, making the context-aware FIPS 204 API the default and adding a no-ctx configure option to explicitly re-enable the legacy path. by @Frauschi (PR 10047) + +## TLS/DTLS +* Fixed handling of OCSP_WANT_READ return value in the TLS 1.3 handshake message type processing to prevent incorrect error propagation during OCSP stapling operations. by @julek-wolfssl (PR 9995) +* Fixed a bug in the HPKE implementation where the KDF digest was incorrectly used for the KEM, and refactored HPKE-related code out of the TLS/ECH layer into dedicated local functions, adding tests for all 24 algorithm combination variants. by @sebastian-carpenter (PR 9999) +* Fixed DTLS 1.3 ServerHello to not echo the legacy_session_id field, bringing the implementation into compliance with the DTLS 1.3 specification. by @julek-wolfssl (PR 10007) +* Fixed a TLS 1.3 server issue where a mismatched ciphersuite in a second ClientHello following a HelloRetryRequest was incorrectly accepted instead of rejected. by @sebastian-carpenter (PR 10034) +* Fixed a possible memory leak in ECC non-blocking cryptography operations within the TLS layer. by @dgarske (PR 10065) +* Fixed multiple correctness issues in DTLS 1.3 and TLS 1.3 including wrong return values, missing bounds checks, a PSK identity buffer overread, swapped server/client parameters in finished secret derivation, a static array data race, resource leaks, and a potential NULL dereference in the SM3 exporter path. by @gasbytes (PR 10117) + +## ASN and Certificate Parsing +* Added wolfSSL_check_ip_address() to support filtering connections based on Subject Alternative Name (SAN) IP address entries, mirroring the existing domain name check functionality. by @padelsbach (PR 9935) +* Added host name verification from the verification context parameter when calling wolfSSL_X509_verify_cert. by @julek-wolfssl (PR 9952) +* Moved non-template (WOLFSSL_ASN_ORIGINAL) code into asn_orig.c and include from asn.c. by @dgarske (PR 9920) +* Fixed additional potential null pointer dereferences in ASN parsing code identified by Coverity static analysis. by @rlm2002 (PR 9990) +* Fixed wolfssl/wolfcrypt/asn.h to directly include wolfssl/wolfcrypt/sha512.h for WC_SHA384_DIGEST_SIZE and WC_SHA512_DIGEST_SIZE. Previously this relied on transitive include order and broke builds where asn.h is parsed before hash.h/sha512.h. by @danielinux (PR 10014) +* Removed FIPS-conditional guards from the GetASN_BitString length check so the validation applies in all builds. by @embhorn (PR 10027) +* Added validation to reject negative ASN.1 integers in CRL number fields during decoding, preventing an overflow that could corrupt the adjacent hash field. Thanks to Sunwoo Lee for the bug report. by @padelsbach (PR 10087) + +## Hardware and Embedded Ports +* Fixed SE050 hardware security module integration by routing RSA-PSS sign/verify operations through the software path to prevent double-hashing, releasing persistent SE050 key slots on free for RSA, ECC, Ed25519, and Curve25519 keys, and adding missing mutex unlock calls before early returns in RSA crypto functions. by @LinuxJedi (PR 9912) +* When WOLFSSL_NO_HASH_RAW is defined due to hardware hash offload, turn on LMS and XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration. by @LinuxJedi (PR 9946) +* Applied AI-review fixes across hardware and embedded port implementations spanning Espressif, Renesas, Silicon Labs, NXP, STM32, TI, Xilinx, and numerous other targets to improve correctness and code quality. by @SparkiDev (PR 10003) +* Fixed issues found by the testing of the MAX32666 tests. by @night1rider (PR 10035) +* Fixed buffer overflows, key material exposure, mutex leaks, and logic errors across hardware crypto port backends. by @JeremiahM37 (PR 10080) + +## Rust Wrapper +* Released version 1.2.0 of the wolfssl-wolfcrypt Rust crate with updated changelog and README. by @holtrop-wolfssl (PR 9953) +* Updated the Rust wrapper's build script to support cross-compiling and bare-metal targets, including RISC-V architectures. by @holtrop-wolfssl (PR 10031) + +## Build System and Portability +* Removed default declaration of WC_ALLOC_DO_ON_FAILURE. by @julek-wolfssl (PR 9905) +* Refactored wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; added detailed error code tracing. by @douzzer (PR 9937) +* Removed the forced enabling of MD5 when building with --enable-jni so that MD5 can be explicitly disabled in FIPS builds. by @mattia-moffa (PR 10011) +* Changed the example server/client to not modify macro defines that come from how the wolfSSL library is configured when built. by @JacobBarthelmeh (PR 10037) +* Added __extension__ to __GNUC__&&!__STRICT_ANSI__ variant of wc_debug_trace_error_codes_enabled() in wolfssl/wolfcrypt/error-crypt.h, to inhibit false positive "error: ISO C forbids braced-groups within expressions" with -pedantic. by @douzzer (PR 10041) +* Fixed IAR compiler warnings about undefined volatile access order by reading volatile values into local copies before use in expressions. by @embhorn (PR 10045) +* Automatically enables WOLFSSL_SP_4096 when WOLFSSL_HAVE_SP_DH is defined under the --enable-usersettings configuration to fix a missing dependency for C# user settings builds. by @kojo1 (PR 10054) +* Added volatile casting to a port header definition to address a correctness issue. by @anhu (PR 10062) +* Extended the WC_MAYBE_UNUSED macro definition to cover GCC versions greater than 3 to fix a build error in GCC 3.4.0. by @embhorn (PR 10101) +* Fixed a compile error when building with --enable-crl and --disable-ecc by adding the appropriate preprocessor guards around SetBitString in asn.c. by @padelsbach (PR 10118) +* Fixed -Wcast-qual hygiene in wolfCrypt. by @douzzer (PR 10120) + +## Bug Fixes +* Fixed stack memory tracking for the wolfCrypt benchmark. by @Frauschi (PR 9983) +* Fixed a bug in FillSigner where pubKeyStored and subjectCNStored flags were not cleared after transferring pointers from a DecodedCert to a signer, preventing stale NULL pointers from being copied on subsequent calls. by @embhorn (PR 10033) +* Fixed a heap overflow in ssl_DecodePacketInternal caused by silent truncation when summing 64-bit iov_len values into a 32-bit integer, which resulted in an undersized buffer allocation followed by an out-of-bounds copy. by @embhorn (PR 10017) +* Added a bounds check in GetSafeContent to prevent an unsigned integer underflow in the content size calculation when the OID parsed by GetObjectId exceeds the declared ContentInfo SEQUENCE length. by @embhorn (PR 10018) +* Fixed a potential double free issue in non-blocking async handling within ASN parsing. by @dgarske (PR 10022) +* Fixed bounds checking and buffer size calculation in DecodeObjectId to correctly validate two output slots before writing and pass the proper element count instead of byte count when handling unknown ASN.1 extensions. by @embhorn (PR 10025) +* Fixed stack buffer overflow in RSA exponent print via wolfSSL_EVP_PKEY_print_public in evp.c. Printing an RSA public key with a large exponent can overflow a stack buffer in the EVP printing routine. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10088) +* Fixed sanity check on hashLen provided to wc_dilithium_verify_ctx_hash. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10131) +* Disallowed wildcard partial domains when using MatchDomainName. Thanks to Oleh Konko (@1seal) for the report. (PR 9991) +* Fixed a buffer underflow that occurred when a zero-length size was passed to the devcrypto AES-CBC implementation. by @JeremiahM37 (PR 10005) +* Routed BIO_ctrl_pending, BIO_reset, and BIO_get_mem_data through the custom method's ctrlCb when set, enabling fully custom BIO types to handle these operations. by @julek-wolfssl (PR 10004) +* Fixed multiple issues in the SP integer implementation including negative number handling, edge cases when a->used is zero, missing bounds checks, and redundant code, while also re-implementing wc_PKCS12_PBKDF() without MP and adding 128-bit integer types for cleaner PKCS#12 support. by @SparkiDev (PR 10020) +* Fixed functional bugs in x86_64 AES-XTS register clobbering and ARM32 multiply/accumulate source registers, along with assembly label typos, instruction mnemonic corrections, and comment fixes across AES, ChaCha, SHA-3, SHA-512, ML-KEM, and Curve25519 assembly for x86_64, ARM32, and ARM64 targets. by @SparkiDev (PR 10023) +* Fixed a bug in the SP non-blocking ECC mont_inv_order function where the last bit was not being processed during modular inverse computation. by @SparkiDev (PR 10044) +* Added bounds check to prevent potential out-of-bounds access when parsing end-of-content octets in PKCS7 streaming indefinite-length encoding. by @anhu (PR 10039) +* Refactored the "Increment B by 1" loop in wc_PKCS12_PBKDF_ex() to avoid bugprone-inc-dec-in-conditions. by @douzzer (PR 10059) +* Fixed OpenSSL compatibility layer ASN1_INTEGER and ASN1_STRING to be compatible structs. by @julek-wolfssl (PR 10089) +* Fixed potential data truncation in wc_XChaCha20Poly1305_crypt_oneshot() by replacing long int casts with size_t to correctly handle 64-bit sizes on platforms where long int is 32-bit. by @rlm2002 (PR 10091) +* Fixed error handling in the Linux kernel AES AEAD glue code so that scatterwalk_map failures correctly propagate an error code instead of returning success with uninitialized data. by @sameehj (PR 9996) +* Fixed DTLS Fragment Reassembly to not read uninitialized heap contents. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10090) +* Fixed DTLS 1.3 word16 truncation on handshake send size. A handshake message exceeding 65535 bytes causes silent integer truncation when the size is stored in a word16, leading to malformed or truncated handshake transmissions. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10103) +* Fixed invalid-pointer-pair memory errors reported by clang sanitizer with detect_invalid_pointer_pairs=2 in ASAN_OPTIONS. by @douzzer (PR 10095) +* Hardened default builds by enabling ECC curve validation unconditionally, removing the previous dependency on USE_ECC_B_PARAM. Users on older versions can also harden their builds by enabling WOLFSSL_VALIDATE_ECC_IMPORT. by @Frauschi (PR 10133) + +## Documentation and Maintenance +* Added inline Doxygen documentation for previously undocumented macros across TLS, cryptography, and ASN source files, and corrected spelling errors throughout the codebase. by @dgarske (PR 9992) +* Fixed typos in documentation for SSL API function argument descriptions. by @dgarske (PR 10021) +* Updated documentation to reflect support for both FIPS 140-2 and FIPS 140-3. by @anhu (PR 10061) + + +# wolfSSL Release 5.9.0 (Mar. 18, 2026) + +Release 5.9.0 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is deprecated + * MD5 is now disabled by default + +PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. + +## Vulnerabilities + +* [High] CVE-2026-3548 +Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source. Found with internal wolfSSL testing. Fixed in PR 9628 and PR 9873. + +* [High] CVE-2026-3549 +Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving. Found with internal wolfSSL testing, thanks to Oleh Konko for testing. Fixed in PR 9817. + +* [High] CVE-2026-3547 +Out-of-bounds read in ALPN parsing due to incomplete validation. wolfSSL 5.8.4 and earlier contained an out-of-bounds read in ALPN handling when built with ALPN enabled (HAVE_ALPN / --enable-alpn). A crafted ALPN protocol list could trigger an out-of-bounds read, leading to a potential process crash (denial of service). Note that ALPN is disabled by default, but is enabled for these 3rd party compatibility features: enable-apachehttpd, enable-bind, enable-curl, enable-haproxy, enable-hitch, enable-lighty, enable-jni, enable-nginx, enable-quic. Users of these features are recommended to update to 5.9.0. Thanks to Oleh Konko for the report. Fixed in PR 9860. + +* [Med] CVE-2026-2646 +A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable. Thanks to Jonathan Bar Or, and Haruto Kimura (Stella) for the report. Fixed in PR 9748 and PR 9949. + +* [Med] CVE-2026-3849 +Stack Buffer Overflow in wc_HpkeLabeledExtract via oversized ECH config. A vulnerability exists in wolfSSL 5.8.4 and earlier ECH (Encrypted Client Hello) support, where a maliciously crafted ECH config could cause a stack buffer overflow on the client side, leading to client program crash, with a potential for remote execution. This could be exploited by a malicious TLS server supporting ECH. Note that ECH is off by default, and is only enabled with enable-ech. Thanks to Haruto Kimura (Stella) for the report. Fixed in PR 9737. + +* [Low] CVE-2026-0819 +wolfSSL PKCS7 SignedData encoding OOB write (signed attributes). A vulnerability existed in the API wc_PKCS7_EncodeSignedData, and wc_PKCS7_EncodeSignedData_ex, where when encoding signed data with custom attributes, wolfSSL could write past a fixed size array resulting in a stack out of bounds write. This vulnerability only occurred when trying to create a signed PKCS7 encoding with more than 7 signed attributes, and did not affect PKCS7 parsing in general. Thanks to Maor Caplan for the report. Fixed in PR 9630. + +* [Low] CVE-2026-1005 +Integer underflow in wolfSSL packet sniffer. wolfSSL 5.8.4 and earlier allows an attacker to cause a buffer overflow in the AEAD decryption path by injecting a TLS record shorter than the explicit IV plus authentication tag into traffic inspected by ssl_DecodePacket. The underflow wraps a 16-bit length to a large value that is passed to AEAD decryption routines, causing a heap buffer overflow and a potential crash. An unauthenticated attacker can trigger this remotely via malformed TLS Application Data records. The sniffer feature is disabled by default and this only affects builds with --enable-sniffer and AEAD support. Thanks to Prasanth Sundararajan for the report. Fixed in PR 9571. + +* [Low] CVE-2026-2645 +In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 (wolfSSL 5.8.2 and earlier is vulnerable, 5.8.4 is not vulnerable). In 5.8.4 wolfSSL would detect the issue later in the handshake. 5.9.0 was further hardened to catch the issue earlier in the handshake. Thanks to Kai Tian for the report. Fixed in PR 9694. + +* [Low] CVE-2026-3230 +In versions of wolfSSL 5.8.4 and earlier the client does not catch if the required key_share extension is missing from a ServerHello sent after a crafted HelloRetryRequest. In the missing key_share extension case the client still goes through the process of authenticating the server correctly, and would then continue on to establish a connection with a predictable key being derived. Since the authentication of the server is still established, this only is an issue if the server can unknowingly be forced to send the malformed HelloRetryRequest followed by the ServerHello that omits the key_share extension. Thanks to Jaehun Lee for the report. Fixed in PR 9754. + +* [Low] CVE-2026-3229. Integer Overflow in Certificate Chain Allocation. An integer overflow vulnerability existed in the static function wolfssl_add_to_chain, that caused heap corruption when certificate data was written out of bounds of an insufficiently sized certificate buffer. wolfssl_add_to_chain is called by these API: wolfSSL_CTX_add_extra_chain_cert, wolfSSL_CTX_add1_chain_cert, wolfSSL_add0_chain_cert. These API are enabled for 3rd party compatibility features: enable-opensslall, enable-opensslextra, enable-lighty, enable-stunnel, enable-nginx, enable-haproxy. This issue is not remotely exploitable, and would require that the application context loading certificates is compromised. Thanks to Pelioro and Kunyuk for responsibly reporting this issue. Fixed in PR 9827. + +* [Low] CVE-2026-3579 +wolfSSL 5.8.4 and earlier on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted __muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions (sp_256_mul_9, sp_256_sqr_9, etc.), leading to a timing side-channel that may expose sensitive cryptographic data. Thanks to Wind Wong for the report. Fixed in PR 9855. + +* [Low] CVE-2026-3580. Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V. In wolfSSL 5.8.4 and earlier, constant-time masking logic in sp_256_get_entry_256_9 is optimized into conditional branches (bnez) by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret keys via timing analysis. Thanks to Wind Wong for the report. Also fixed in PR 9855. + +* [Low] CVE-2026-3503 +A protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6. Thanks to Hariprasad Kelassery Valsaraj of Temasek Laboratories for the report. Fixed in PR 9734. + +* [Low] CVE-2026-4159 +1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default. Thanks to Haruto Kimura (Stella). Fixed in PR 9945. + +* [Low] CVE-2026-4395 +A heap buffer out of bounds write case existed in wolfSSL version 5.8.4 and earlier when importing an ECC key while built with KCAPI support. The fix implemented added a check on the raw pubkey length in wc_ecc_import_x963 before copying it to an internal struct. KCAPI support is turned off by default and only enabled with builds using --enable-kcapi. Thanks to Haruto Kimura (Stella) for the report. Fixed in PR 9988. + +## New features +* FIPS 205, SLH-DSA implementation by @SparkiDev (PR 9838). +* Added OCSP responder API and support by @julek-wolfssl (PR 9761). +* Add AES CryptoCB key import support by @sameehj (PR 9658). +* Add the RNG bank facility to wolfCrypt, wc_rng_new_bankref() to avoid expensive seeding operations at runtime by @douzzer (PR 9616). + +## Ports, Hardware Integration, and ASM enhancements +* Add Renesas SK-S7G2 support by @miyazakh (PR 9561). +* Support for STM32 HMAC hardware by @dgarske (PR 9745). +* Add STM32G0 hardware crypto support by @danielinux (PR 9707). +* Misc STM32 fixes and testing improvements by @dgarske, @LinuxJedi (PRs 9446, 9563). +* Various Thumb2 AES/SP ASM enhancements and fixes by @SparkiDev (PRs 9464, 9491, 9547, 9615, 9767) +* Add Zephyr 4.1+ build compatibility for wolfssl_tls_sock sample by @night1rider (PR 9765) + +## Rust wrapper +* Added FIPS support by @holtrop (PR 9739). +* Added modules for dilithium (PR 9819), chacha20-poly1305 (PR 9599), curve25519 (PR 9594), blake2 (PR 9586), and LMS (PR 9910), ml-kem (PR 9833) by @holtrop. +* Miscellaneous fixes and enhancements for RSA, ECC, HASHDRBG, HMAC-BLAKE2, and XChaCha20-Poly1305 by @holtrop (PRs 9453, 9499, 9500, 9624, 9687). + +## Post-Quantum Cryptography (PQC) +* General improvements for WOLFSSL_NO_MALLOC PQC support by @douzzer (PR 9674). +* Various ML-DSA bug fixes by @SparkiDev (PRs 9575, 9696). +* Fixed a bug with ML-DSA verification with WOLFSSL_DILITHIUM_SMALL, by @SparkiDev (PR 9760). Reported by Sunwoo Lee and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH). +* ML-KEM bug fixes and improvements by @lealem47, @SparkiDev (PRs 9470, 9621, 9822). +* Collection of ML-KEM fixes including DTLS 1.3 cookie and ClientHello fragment handling, static memory handling, a memory leak in TLS server PQC handling with ECH, and expanded hybrid/individual ML-KEM level test coverage. @Frauschi (PR 9968) + +## TLS/DTLS +* Add support for TLS 1.3 Brainpool curves by @Frauschi (PR 9701). +* DTLS retransmission enhancement by @julek-wolfssl (PR 9623). +* Fix DTLS header size calculation by @rizlik (PR 9513). +* Fix (D)TLS fragmentation size checks by @julek-wolfssl (PR 9592). +* Extend AIA interface by @padelsbach (PR 9728). +* Various TLS 1.3 and extension fixes by @SparkiDev, @AlexLanzano, @embhorn (PRs 9528, 9538, 9466, 9662, 9824, 9934). Thanks to Muhammad Arya Arjuna (pelioro) for the report. +* Improve TLS message order checks by @SparkiDev (PRs 9694, 9718). +* TLS ECH improvements by @sebastian-carpenter (PR 9737). +* Harden compare of mac with TLS 1.3 finished by @JacobBarthelmeh (PR 9864). + +## PKCS +* Add PKCS7 ECC raw sign callback support by @jackctj117 (PR 9656). +* Add RSA-PSS support for SignedData by @sameehj (PR 9742). +* Support for ML-DSA via PKCS#11 by @Frauschi (PRs 9726, 9836). +* Fix PKCS11 object leak in Pkcs11ECDH by @mattia-moffa (PR 9780). +* Fix PKCS#7 SignedData parsing for non-OCTET_STRING content types by @cconlon (PR 9559). +* Add RSA-PSS certificate support for PKCS7 EnvelopedData KTRI by @sameehj (PR 9854). + +## Kernel +* Various linuxkm fixes and enhancements for Tegra kernels by @sameehj, @douzzer (PRs 9478, 9540, 9512). +* freebsdkm: FIPS support (PR 9590), and x86 crypto acceleration support by @philljj (PR 9714). +* Support offline FIPS hash calculation in linuxkm by @douzzer (PR 9800). + +## Testing improvements +* Increase test coverage for PQC and CMake by @Frauschi (PR 9637). +* API testing: split out and better organized test cases by @SparkiDev (PR 9641). +* Added test for session deserialization input validation by @gasbytes (PR 9759). +* Added TLS Anvil workflow by @embhorn (PR 9804). +* Added rng-tools 6.17 testing by @julek-wolfssl (PR 9810). +* Added openldap 2.6.9 testing by @julek-wolfssl (PR 9805). +* Add bind 9.20.11 to the test matrix by @julek-wolfssl (PR 9806). +* Misc testing fixes by @miyazakh, @SparkiDev, @julek-wolfssl, @padelsbach, @rlm2002 (PRs 9584, 9670, 9688, 9710, 9716, 9755). +* Implement a stateful port tracking mechanism for test port assignment that eliminates collisions during high-concurrency test loops in CI by @kaleb-himes (PR 9850). + +## Bug Fixes +* Fix for buffer overflow write in the wolfSSL CAAM (Cryptographic Acceleration and Assurance Module) driver for Integrity OS on i.MX6. Thanks to Luigino Camastra for the report. +* API Documentation: various fixes and improvements: @LinuxJedi, @tamasan238, @kareem-wolfssl, @dgarske (PRs 9458, 9552, 9570, 9585). +* Fix potential memory under-read in TLS ticket processing function. Thanks to Arjuna Arya for the report. +* Fix IP address check in wolfSSL_X509_check_host() by @rlm2002 (PR 9502). +* Check if ctx and ssl are null when checking public key in certificate by @rlm2002 (PR 9506). +* Fix test when ECH and harden are enabled by @embhorn (PR 9510). +* Fix wc_CmacFree() to use correct heap pointer from internal Aes structure by @night1rider (PR 9527). +* Various Coverity analyzer fixes by @rlm2002 (PRs 9437, 9534, 9619, 9646, 9812, 9842, 9887, 9933). +* Fix dereference before Null check by @rlm2002 (PR 9591). +* Fix memory leak in case of handshake error by @Frauschi (PR 9609). +* Fix MatchBaseName by @rizlik (PR 9626). +* ChaCha20 Aarch64 ASM fix by @SparkiDev (PR 9627). +* Fix TLSX_Parse to correctly handle client and server cert type ext with TLS1.3 by @embhorn (PR 9657). +* Fix cert SW issues in Aes and rng by @tmael (PR 9681). +* Various fixes for NO_RNG builds by @dgarske (PRs 9689, 9698). +* Fixes for STSAFE-A120 ECDHE by @dgarske (PR 9703). +* Fix Crash when using Sha224 Callback with MAX32666 by @night1rider (PR 9712). +* Fix for RSA private key parsing (allowing public) and RSA keygen no malloc support by @dgarske (PR 9715). +* Fix null check in ECDSA encode by @padelsbach (PR 9771). +* Various static analyzer fixes by @LinuxJedi (PRs 9786, 9788, 9795, 9801, 9817). +* Fix switch case handling in TLSX_IsGroupSupported function by @Pushyanth-Infineon (PR 9777). +* Fixes to big-endian bugs found in Curve448 and Blake2S by @LinuxJedi (PR 9778). +* Fix cert chain size issue by @embhorn (PR 9827). +* Fix potential memory leak when copying into existing SHA contexts and zero init tmpSha by @night1rider (PR 9829). +* Add sanity checks in key export by @embhorn (PR 9823). Thanks to Muhammad Arya Arjuna (pelioro) for the report. +* CRL enhancements for revoked entries by @padelsbach (PR 9839). +* Fix DRBG_internal alloc in wc_RNG_HealthTestLocal by @embhorn (PR 9847). +* Various CMake fixes and improvements by @Frauschi (PRs 9605, 9725). +* RISC-V 32 no mul SP C: implement multiplication by @SparkiDev (PR 9855). +* ASN: improve handling of ASN.1 parsing/encoding by @SparkiDev (PR 9872). +* Various fixes to CRL parsing by @miyazakh (PRs 9628, 9873). +* Harden hash comparison in TLS1.2 finished by @Frauschi (PR 9874). +* Various fixes to TLS sniffer by @mattia-moffa, @embhorn, @julek-wolfssl, @Frauschi (PRs 9571, 9643, 9867, 9901, 9924). +* Check ivLen in wolfSSL_EVP_CIPHER_CTX_set_iv_length by @philljj (PR 9943). Thanks to Haruto Kimura (Stella) for the report. +* Validate that the ticket length is at least ID_LEN before use in SetTicket, preventing an undersized buffer from being processed by @kareem-wolfssl (PR 9782). +* Enforce null compression in compression_methods list by @julek-wolfssl (PR 9913). +* Additional sanity check on number of groups in set groups function by @JacobBarthelmeh (PR 9861). +* Resolves issues with asynchronous and crypto callback handling, adding test coverage to prevent regressions by @dgarske (PR 9784). +* Fix checkPad to reject zero PKCS#7 padding value by @embhorn (PR 9878). +* Add sanity check on keysize found with ECC point import by @JacobBarthelmeh (PR 9989). +* Adds a range check to ensure session ticket lifetimes are within the bounds permitted by the TLS specification by @Frauschi (PR 9881). +* Fix potential overflows in hash used-size calculation for TI and SE050 implementations by @kareem-wolfssl (PR 9954). +* Correct a constant mismatch where the draft QUIC transport params branch was returning the wrong extension constant, causing incorrect version detection by @embhorn (PR 9868). +* Correct the key type detection logic in Falcon and the SPHINCS+ signature algorithm's else-if chain to properly identify all key variants by @anhu (PR 9979, 9980). +* XMSS: Fix index copy for signing by @SparkiDev (PR 9978). +* Fix pathlen not copied in ASN1_OBJECT_dup and not marked set in X509_add_ext by @cconlon (PR 9940). +* Ensure CheckHeaders length does not exceed packet size in sniffer by @kareem-wolfssl (PR 9947). +* SP fixes: 32-bit ARM assembly fixes modular exponentiation bug by @SparkiDev (PR 9964). +* Fix buffer-overflow in LMS leaf cache indexing by @anhu (PR 9919). + + # wolfSSL Release 5.8.4 (Nov. 20, 2025) Release 5.8.4 has been developed according to wolfSSL's development and QA @@ -29,6 +368,19 @@ * [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 +* [Low CVE-2025-13912] When using the Clang compiler, various optimization levels or flags could result in non-constant-time compiled code. Assembly implementations of the functions in wolfSSL were not affected. The report was done specifically with Clang version 18 but there was shown to be similarities in timing variations when using the optimization levels with Clang 14 and Clang 20. + +On the following architectures, the expected constant-time functions were found to have potential timing variations when specific compiler flags or optimization levels were used. + +AArch64: Using O3, Ofast, or --enable-nontrivial-unswitch with O1/O2 flags leads to possible timing variations with the software implementations of sp_read_radix, sp_div_2_mod_ct, and sp_addmod_ct. Using O3, O2, Ofast, Os, or Oz with --unroll-force-peel-count=50 leads to possible timing variations with wc_AesGcmDecrypt. + +RISC-V: TLS HMAC update/final operations, RSA unpad operations, and DH key pair generation with O1, O2, O3, Ofast, Oz, or Os. wc_AesGcmDecrypt and wc_Chacha_Process with O1, O2, O3, Os, or Ofast. Also SP software operations sp_div_2_mod_ct and sp_addmod_ct using O3 or Ofast. + + +X86_64: TLS HMAC update/final operations and TimingVerifyPad used with verifying the TLS MAC with --fast-isel or --x86-cmov-converter-force-all compile flags. RSA unpad operations, ECC mulmod, and wc_Chacha_Process with the --x86-cmov-converter-force-all flag. DH key agreement, sp_div_2_mod_ct and sp_addmod_ct with O1, O2, O3, Os, or Ofast. wc_AesGcmDecrypt with the compiler flags O2, O3, Os, Ofast, Oz --x86-cmov-converter-force-all | --unroll-force-peel-count=50, or O1 --x86-cmov-converter-force-all. + +Thanks to Jing Liu, Zhiyuan Zhang, LUCÃA MARTÃNEZ GAVIER, Gilles Barthe, Marcel Böhme from Max Planck Institute for Security and Privacy (MPI-SP) for the report. Fixed in PR 9148. + ## New Features * New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) * Initial wolfCrypt FreeBSD kernel module support (PR 9392) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/Docker/Dockerfile mariadb-11.8.8/extra/wolfssl/wolfssl/Docker/Dockerfile --- mariadb-11.8.6/extra/wolfssl/wolfssl/Docker/Dockerfile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/Docker/Dockerfile 2026-05-24 09:58:33.000000000 +0000 @@ -43,7 +43,7 @@ RUN cd /opt/sources && wget -q -O- https://roumenpetrov.info/secsh/src/pkixssh-15.1.tar.gz | tar xzf - && cd pkixssh-15.1 && ./configure --prefix=/opt/pkixssh/ --exec-prefix=/opt/pkixssh/ && make install # Install udp/tcp-proxy -RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main http://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/. +RUN cd /opt/sources && git clone --depth=1 --single-branch --branch=main https://github.com/wolfssl/udp-proxy && cd udp-proxy && make && cp tcp_proxy udp_proxy /bin/. # Install libbacktrace RUN cd /opt/sources && git clone --depth=1 --single-branch https://github.com/ianlancetaylor/libbacktrace.git && cd libbacktrace && mkdir build && cd build && ../configure && make && make install diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.cpp mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.cpp --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl-arduino.cpp 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-arduino.cpp * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ARDUINO/wolfssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/Cpu0_Main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/Cpu0_Main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/Cpu0_Main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/Cpu0_Main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* Cpu0_Main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/wolf_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/wolf_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/AURIX/wolf_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/AURIX/wolf_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/CRYPTOCELL/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/deos_malloc.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/deos_malloc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/deos_malloc.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/deos_malloc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* deos_malloc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_wolfssl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/tls_wolfssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_wolfssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/DEOS/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client_wolfssl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/client_wolfssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client_wolfssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server_wolfssl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/server_wolfssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server_wolfssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/MICRIUM/wolfsslRunTests.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfsslRunTests.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_setting.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ECLIPSE/RTTHREAD/wolfssl_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfsslRunTests.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_config_h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_config_h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_config_h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_config_h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* config.h - dummy * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_test_paths.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_test_paths.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_test_paths.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/dummy_test_paths.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcrypt/test/test_paths.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig template # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig main # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* template main.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/template/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig template # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig main # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_benchmark main.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # ESP8266 Project Makefile for wolfssl_client # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig template # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/Kconfig.projbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig main # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-tls.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client-tls.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_client main.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time_helper.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wifi_connect.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig template # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/Kconfig.projbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig main # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_server main.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server-tls.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time_helper.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wifi_connect.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wifi_connect.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig template # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Kconfig main # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_test main.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/main_wip.c.ex 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time_helper.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ #ifndef _TIME_HELPER_H /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/component.mk mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/component.mk --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/component.mk 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/libs/component.mk 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -16,10 +16,8 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -#/ -#/ -#/ # + # # Component Makefile # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Espressif/ESP-IDF/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Header/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Header/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Header/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Header/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/armtarget.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/armtarget.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/armtarget.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/armtarget.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armtarget.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/benchmark_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/benchmark_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/benchmark_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/benchmark_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/tls_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/wolf_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/wolf_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/wolf_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/GCC-ARM/Source/wolf_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/DSP/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/DSP/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/DSP/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/DSP/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Makefile # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Makefile # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify-benchmark.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify-benchmark.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify-benchmark.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify-benchmark.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecc-verify-benchmark.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/HEXAGON/ecc-verify.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecc-verify.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/benchmark-main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark-main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/current_time.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/current_time.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/current_time.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/benchmark/current_time.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* current-time.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/common/minimum-startup.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/common/minimum-startup.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/common/minimum-startup.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/common/minimum-startup.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* minimum-startup.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/test/test-main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/test/test-main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/test/test-main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-EWARM/Projects/test/test-main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test-main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-MSP430/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-MSP430/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* MSP430 example main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-MSP430/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/IAR-MSP430/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/IAR-MSP430/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Infineon/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Infineon/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Infineon/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Infineon/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/lib_wolfssl/lpc_18xx_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lpc_18xx_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/LPCXPRESSO/wolf_example/src/lpc_18xx_startup.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lpc_18xx_startup.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/M68K/benchmark/main.cpp mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/benchmark/main.cpp --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/M68K/benchmark/main.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/benchmark/main.cpp 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/M68K/testwolfcrypt/main.cpp mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/testwolfcrypt/main.cpp --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/M68K/testwolfcrypt/main.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/M68K/testwolfcrypt/main.cpp 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/benchmark/source/run_benchmark.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* run_benchmark.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/wolfcrypt_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/wolfcrypt_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/wolfcrypt_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MCUEXPRESSO/wolfcrypt_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcrypt_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/LPC43xx/time-LCP43xx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/cert_data.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* certs_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-BARE-METAL.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* config-BEREFOOT.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-FS.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* config-FS.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config-RTX-TCP-FS.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* config-RTX-TCP-FS.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/config.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* config.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/shell.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-CortexM3-4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/time-dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time-dummy.c.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_KEIL_RL.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/MDK-ARM/wolfSSL/wolfssl_MDK_ARM.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_KEIL_RL.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK-ARM/STM32F2xx_StdPeriph_Lib/time-STM32F2xx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time-STM32F2xx.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Conf/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Conf/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Conf/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Conf/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -208,9 +208,9 @@ #endif // // BLAKE2 -#define MDK_CONF_BLAKE2 0 -#if MDK_CONF_BLAKE2 == 1 -#define HAVE_BLAKE2 +#define MDK_CONF_BLAKE2B 0 +#if MDK_CONF_BLAKE2B == 1 +#define HAVE_BLAKE2B #endif // // HMAC diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Inc/wolfssl_MDK_ARM.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_MDK_ARM.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptBenchmark/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptTest/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptTest/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptTest/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/CryptTest/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoClient/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoClient/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoClient/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoClient/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoServer/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoServer/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoServer/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/EchoServer/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleClient/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleClient/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleClient/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleClient/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleServer/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleServer/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleServer/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/SimpleServer/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/shell.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /*shell.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Projects/wolfSSL-Full/time-CortexM3-4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* time-STM32F2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Src/ssl-dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Src/ssl-dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Src/ssl-dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MDK5-ARM/Src/ssl-dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl-dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MPLABX16/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MQX/client-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/client-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MQX/client-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/client-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MQX/server-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/server-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MQX/server-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MQX/server-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/client/client.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/server/server.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/shared/util.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* util.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/avnet_mt3620_sk/inc/hw/template_appliance.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* template_appliance.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/mt3620_rdb/inc/hw/template_appliance.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ -/ * Copyright (C) 2006-2025 wolfSSL Inc. +/ * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/HardwareDefinitions/seeed_mt3620_mdb/inc/hw/template_appliance.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* template_appliance.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfCrypt.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfCrypt.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfCrypt.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfCrypt.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # CMakeLists.txt # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfSSL.txt mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfSSL.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfSSL.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/MYSQL/CMakeLists_wolfSSL.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # CMakeLists.txt # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert2425 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert2425 --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert2425 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert2425 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert3389 mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert3389 --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert3389 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/user_settings.h-cert3389 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/wolfssl_netos_custom.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/wolfssl_netos_custom.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/NETOS/wolfssl_netos_custom.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/NETOS/wolfssl_netos_custom.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_netos_custom.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* PlatformIO wolfssl_benchmark main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_benchmark/src/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* PlatformIO wolfssl_benchmark main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/include/main.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/include/main.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/include/main.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/include/main.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* PlatformIO wolfssl_test main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/src/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/src/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/src/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/PlatformIO/examples/wolfssl_test/src/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* PlatformIO wolfssl_test main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-client/client-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-client/client-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-client/client-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-client/client-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-cmac/cmac-test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-cmac/cmac-test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-cmac/cmac-test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-cmac/cmac-test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cmac-test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-server/server-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-server/server-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/QNX/example-server/server-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/QNX/example-server/server-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/RISCV/SIFIVE-HIFIVE1/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -330,9 +330,9 @@ #endif /* Blake2B */ -#undef HAVE_BLAKE2 +#undef HAVE_BLAKE2B #if 0 - #define HAVE_BLAKE2 + #define HAVE_BLAKE2B #endif /* Blake2S */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/arm_startup.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* arm_startup.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/benchmark_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kinetis_hw.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/retarget.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* retarget.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/ROWLEY-CROSSWORKS-ARM/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/strings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/strings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/strings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/strings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/unistd.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/unistd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/unistd.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/unistd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/common/wolfssl_dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/t4_demo/wolf_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/test/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/test/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/test/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/cs+/Projects/test/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/benchmark-template/src/app_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -18,8 +18,8 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - + + #include "app.h" #include "stdio.h" @@ -37,9 +37,9 @@ #include "nx_api.h" #define CONNECTION_TIMES 100 -#define SERVER_IP IP_ADDRESS(10,22,73,128) -#define TLS_PORT 11111 -#define TCP_PORT 11112 +#define SERVER_IP IP_ADDRESS(192,168,3,10) +#define TLS_PORT 11112 +#define TCP_PORT 11111 static double milliseconds = 0; void timer_callback(timer_callback_args_t * args) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/example_server-template/src/app_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/DK-S7G2/wolfcrypttest-template/src/app_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* app_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/strings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/strings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/strings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/strings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/unistd.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/unistd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/unistd.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/unistd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/common/wolfssl_dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/key_data.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolf_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/Projects/test/src/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/benchmark-wolfcrypt/src/wolfssl_thread_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/src/wolfssl_thread_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/client-wolfssl/wolfssl_thread_entry.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/src/freertos_tcp_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* freertos_tcp_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/util.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/util.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/util.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/common/util.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* util.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/src/wolfssl_thread_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/server-wolfssl/wolfssl_thread_entry.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M3/test-wolfcrypt/src/wolfssl_thread_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_thread_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -17,3 +17,7 @@ EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/test/key_data/key_data.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/wolfssl_demo.h EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/common/user_settings.h +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/README.md +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/generate_SignedCA.sh +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_private.pem +EXTRA_DIST+= IDE/Renesas/e2studio/RA6M4/tools/example_keys/rsa_public.pem diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/key_data/key_data_sce.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/SEGGER_RTT/myprint.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* myprintf.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolf_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RA6M4/test/src/wolfssl_sce_unit_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_sce_unit_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/strings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* strings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/unistd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* unistd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/common/wolfssl_dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/key_data.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolf_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/GR-ROSE/test/src/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/key_data.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX65N/RSK/wolfssl_demo/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/common/wolfssl_dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/.cproject 2026-05-24 09:58:33.000000000 +0000 @@ -14,7 +14,7 @@ @@ -24,13 +24,13 @@ - - - - - - - - - - - - - - - - - - - - @@ -246,13 +503,13 @@ - - - - - - - - - - - - - - - - - - - - - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tcp_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simple_tcp_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/client/simple_tls_tsip_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simpel_tls_tsip_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tcp_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simple_tcp_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/server/simple_tls_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simple_tls_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/test/src/wolfssl_simple_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_simple_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/Simple/wolfssl/.cproject 2026-05-24 09:58:33.000000000 +0000 @@ -24,10 +24,10 @@ - - - - - @@ -63,14 +64,14 @@ - - - - @@ -162,6 +163,7 @@ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -186,64 +186,64 @@ const unsigned char ca_ecc_cert_der_sig[] = { - 0x58, 0x3F, 0x3C, 0x27, 0x4A, 0xC0, 0xA8, 0x35, 0x31, 0xAA, - 0xB6, 0x49, 0x4C, 0x69, 0x48, 0xF6, 0x63, 0xA5, 0x2E, 0x8C, - 0xA4, 0x1E, 0xAF, 0x18, 0x14, 0x11, 0x6A, 0xF7, 0x25, 0xF2, - 0xE1, 0x82, 0x6E, 0xAA, 0x3C, 0xE2, 0x75, 0x6E, 0x81, 0x59, - 0x2E, 0xF1, 0xED, 0xDD, 0xD1, 0x1C, 0xA3, 0xE7, 0xEC, 0x89, - 0xD3, 0x19, 0x1A, 0x59, 0xEB, 0xBA, 0x1D, 0x65, 0xFD, 0x53, - 0x4A, 0x90, 0x6F, 0xA1, 0x06, 0xB3, 0x08, 0xE4, 0x00, 0xF4, - 0x91, 0x45, 0xD8, 0xC9, 0xD8, 0x30, 0x8A, 0x94, 0x9B, 0x48, - 0x60, 0x68, 0xD1, 0x09, 0x84, 0xAE, 0x51, 0xD8, 0xD8, 0x67, - 0x58, 0x58, 0x9B, 0x57, 0x9E, 0x09, 0x9D, 0x1B, 0x3B, 0x22, - 0x67, 0x6A, 0x50, 0x91, 0xF2, 0x60, 0x5E, 0x78, 0x86, 0xF9, - 0x2F, 0xF4, 0xB4, 0xAE, 0x6A, 0xF6, 0x0D, 0xAB, 0x8B, 0xF6, - 0x60, 0x47, 0x8D, 0xD4, 0xEC, 0xE6, 0x9E, 0x57, 0x6C, 0xCC, - 0x4F, 0xF5, 0xCD, 0x20, 0xD7, 0x15, 0x70, 0x50, 0x53, 0x96, - 0x84, 0x6B, 0x9A, 0x07, 0x90, 0x41, 0x14, 0x08, 0x62, 0x87, - 0xF5, 0x20, 0x0E, 0x82, 0xE2, 0x12, 0x5C, 0x1E, 0x72, 0x73, - 0xB8, 0x18, 0x90, 0xCF, 0x98, 0x14, 0xC3, 0xE6, 0xED, 0x89, - 0xA3, 0x7C, 0x67, 0x50, 0x01, 0xCC, 0x48, 0xD2, 0x6A, 0x9C, - 0x9E, 0x4D, 0x44, 0x49, 0x82, 0x5F, 0xC1, 0x2E, 0x18, 0xBE, - 0x23, 0x53, 0xCD, 0x09, 0x85, 0x16, 0x9D, 0x5F, 0x99, 0x78, - 0xA1, 0x78, 0x51, 0xC9, 0x5A, 0x3E, 0x04, 0xBE, 0xE2, 0xF5, - 0x74, 0x7E, 0x6F, 0x89, 0xD9, 0x05, 0x29, 0xC1, 0x5B, 0x57, - 0x3D, 0xE3, 0x5E, 0xB8, 0x4B, 0x93, 0x7D, 0x68, 0x78, 0xF9, - 0x88, 0x1B, 0x8E, 0x78, 0x04, 0x00, 0x54, 0x20, 0x3F, 0x0C, - 0x99, 0x11, 0x1D, 0x90, 0x2C, 0x10, 0x4C, 0xCE, 0xA3, 0x17, - 0xA7, 0xF8, 0xB4, 0xC6, 0xF8, 0x12 + 0x0B, 0x1D, 0x49, 0x40, 0xE8, 0xDA, 0x46, 0xAE, 0x1C, 0x50, + 0xC8, 0x76, 0xF3, 0x57, 0x05, 0x95, 0x89, 0xE1, 0x8B, 0x13, + 0x6B, 0x0F, 0xEB, 0x47, 0x0E, 0x1E, 0x9C, 0x87, 0xBB, 0x07, + 0x6E, 0xE4, 0x6B, 0xDF, 0x5B, 0xEF, 0xA3, 0x2C, 0xD8, 0x07, + 0x91, 0x5B, 0x4E, 0x5B, 0xA1, 0xD0, 0x3E, 0x07, 0x22, 0xAF, + 0x12, 0xF3, 0x0F, 0x62, 0x35, 0x45, 0x82, 0xFC, 0x26, 0x2B, + 0xD1, 0x03, 0x51, 0xAB, 0x35, 0xFE, 0x48, 0x80, 0xC9, 0x68, + 0xA0, 0xE0, 0x54, 0x4A, 0x8F, 0xA7, 0x59, 0xA1, 0xED, 0x57, + 0x3D, 0x9D, 0xC0, 0x6B, 0x22, 0x20, 0xDA, 0x1A, 0xFF, 0xDB, + 0x01, 0x60, 0x59, 0x21, 0x88, 0xD5, 0x5A, 0x40, 0x25, 0x82, + 0xB0, 0x27, 0x54, 0xDC, 0x37, 0x79, 0x70, 0xD1, 0x6C, 0x63, + 0x63, 0xC6, 0x98, 0x63, 0xA9, 0xE6, 0xB7, 0x6C, 0x50, 0xC1, + 0x40, 0xCF, 0xE9, 0x84, 0xC7, 0xB9, 0x8F, 0x7C, 0xC3, 0xE1, + 0xE2, 0x96, 0x67, 0xC6, 0x48, 0x25, 0xD8, 0xB3, 0x40, 0x94, + 0x13, 0xF3, 0x55, 0xF8, 0xC3, 0xEA, 0x39, 0xE1, 0xE9, 0x36, + 0xD1, 0xBE, 0xB2, 0x9C, 0x86, 0xD1, 0x78, 0xE1, 0xC7, 0x67, + 0x3B, 0xD0, 0x10, 0x57, 0x7B, 0x09, 0x33, 0x03, 0x01, 0x8A, + 0xDA, 0x30, 0x1F, 0x74, 0xED, 0x99, 0x8F, 0x93, 0xA2, 0x73, + 0x7B, 0xA6, 0x3A, 0x44, 0x74, 0x9C, 0x5E, 0x19, 0x1B, 0x0B, + 0x63, 0x3A, 0xAF, 0x5C, 0xD5, 0xB4, 0x1C, 0xF0, 0x0B, 0x3F, + 0x15, 0xB3, 0x6B, 0x10, 0x88, 0x93, 0x6C, 0xAB, 0xB4, 0x65, + 0x35, 0xCC, 0x91, 0x9A, 0x19, 0x5D, 0xDF, 0xE0, 0xAC, 0x75, + 0xC3, 0x14, 0x46, 0x2E, 0x7B, 0xF8, 0x73, 0xEB, 0x75, 0xD8, + 0x47, 0xAF, 0x1E, 0x7B, 0x5B, 0xE5, 0x09, 0x01, 0x42, 0x5C, + 0xB3, 0xC6, 0xEB, 0x92, 0xC5, 0x85, 0x6B, 0xD4, 0x22, 0x39, + 0x77, 0x92, 0x13, 0x8A, 0x42, 0x2C }; const int sizeof_ca_ecc_cert_sig = sizeof(ca_ecc_cert_der_sig); /* ./ca-cert.der.sign, */ const unsigned char ca_cert_der_sig[] = { - 0x55, 0x93, 0xCF, 0x28, 0xF7, 0x38, 0x1E, 0xF1, 0x29, 0x5A, - 0xDE, 0x41, 0xCD, 0x83, 0x00, 0x06, 0x79, 0xB3, 0x12, 0x56, - 0xBD, 0x04, 0xCB, 0x97, 0xCC, 0xD2, 0x39, 0x3C, 0x36, 0x94, - 0x8D, 0x66, 0xB0, 0x41, 0xF4, 0xBD, 0x82, 0x8F, 0x03, 0x24, - 0x25, 0x65, 0xA1, 0x85, 0x87, 0xCE, 0x58, 0x0A, 0x45, 0xC6, - 0xB6, 0x38, 0x27, 0x44, 0x2A, 0x7A, 0x9B, 0xA2, 0x71, 0x67, - 0x92, 0xDA, 0xFD, 0x71, 0x88, 0x52, 0xF2, 0xFE, 0x61, 0x33, - 0xCB, 0x7F, 0xB4, 0x47, 0x3D, 0x60, 0xC6, 0x3A, 0x48, 0x44, - 0x6F, 0xA2, 0x16, 0x07, 0xA2, 0x94, 0x50, 0x99, 0x09, 0x7B, - 0x43, 0x04, 0xAD, 0xCA, 0x9C, 0x34, 0xD4, 0x72, 0x4B, 0x79, - 0x31, 0xE1, 0xC5, 0x6C, 0xA7, 0xB4, 0xD8, 0xED, 0x80, 0x79, - 0xBB, 0x69, 0xA0, 0xA6, 0x7A, 0x63, 0x99, 0x02, 0xF7, 0x64, - 0xF0, 0x6D, 0xBB, 0xC5, 0xDA, 0x55, 0x0D, 0x43, 0x7C, 0x30, - 0x74, 0x21, 0x05, 0x35, 0x63, 0xAD, 0x32, 0x76, 0x11, 0xA5, - 0x75, 0xF3, 0x83, 0xEE, 0x05, 0xFB, 0x91, 0x18, 0x5E, 0xCC, - 0x71, 0x49, 0x26, 0x0D, 0xE2, 0xE3, 0xB3, 0xAD, 0xFF, 0x65, - 0xA9, 0x9B, 0xF0, 0x81, 0xE1, 0x5D, 0xC3, 0x4C, 0x82, 0x83, - 0x33, 0xDA, 0xF6, 0x29, 0xC7, 0xC2, 0xA0, 0x23, 0x5D, 0xB1, - 0xCE, 0x82, 0x94, 0x49, 0xC5, 0xC0, 0xE5, 0xED, 0x3B, 0xF6, - 0x79, 0x21, 0x3B, 0xFC, 0x6D, 0xB5, 0x2A, 0xF6, 0x6D, 0xD9, - 0x4C, 0x3E, 0xBF, 0x2E, 0x13, 0xA2, 0x75, 0x93, 0x5A, 0xB4, - 0x2B, 0xF5, 0x74, 0xEF, 0xAE, 0x48, 0xFE, 0x06, 0x2D, 0x3F, - 0xA3, 0xFE, 0x1A, 0xC9, 0x45, 0x1D, 0x15, 0xC8, 0xEF, 0x95, - 0xE2, 0x6F, 0x7D, 0x1E, 0x96, 0xCD, 0x4D, 0xC5, 0x5F, 0xEB, - 0x57, 0x85, 0x54, 0xE4, 0x7F, 0xE0, 0x0F, 0xAD, 0xC3, 0xEE, - 0xBF, 0xFB, 0x43, 0xA6, 0xAB, 0x92 + 0x67, 0xBD, 0x28, 0x1E, 0x1A, 0x17, 0xFD, 0x88, 0x03, 0x8B, + 0xA2, 0x5A, 0x65, 0xB3, 0xF2, 0x17, 0x61, 0xE1, 0x7F, 0x9B, + 0xC3, 0x50, 0xEC, 0x55, 0x61, 0x46, 0x0C, 0xC1, 0x2B, 0x9D, + 0x02, 0xDB, 0x0A, 0x36, 0xA1, 0x49, 0x95, 0x42, 0xD1, 0x1A, + 0x75, 0xEC, 0x39, 0xC2, 0x10, 0xC5, 0x9F, 0xDC, 0x8C, 0xBC, + 0x4E, 0x04, 0xC9, 0x5E, 0x52, 0x6B, 0x42, 0xF0, 0x4E, 0x8D, + 0x0D, 0xDD, 0x01, 0x05, 0x14, 0x77, 0x28, 0x75, 0xB6, 0x36, + 0xA8, 0xD1, 0xA9, 0xB4, 0x46, 0xB5, 0xED, 0xD9, 0x10, 0x62, + 0xEC, 0x3B, 0xA5, 0x5B, 0x10, 0xB7, 0xE2, 0xC7, 0x67, 0x4F, + 0x1A, 0x48, 0x9B, 0xAF, 0x31, 0x9D, 0x21, 0xDC, 0x3B, 0x06, + 0xAC, 0x95, 0x78, 0xE6, 0x2D, 0x5F, 0xA8, 0xAD, 0xCC, 0xD2, + 0x4E, 0xF3, 0x4A, 0xC9, 0x7E, 0x4A, 0x28, 0x51, 0x6D, 0xBC, + 0x8D, 0xA5, 0x57, 0x49, 0x32, 0xC0, 0xE2, 0x48, 0x57, 0x8B, + 0x7D, 0x4D, 0x9B, 0x43, 0x99, 0xF0, 0xC0, 0x21, 0xD0, 0xAF, + 0x3D, 0x5B, 0xE0, 0x4F, 0xC2, 0x7C, 0xCF, 0xCC, 0xDB, 0x9A, + 0x79, 0xB6, 0x7E, 0xA0, 0x53, 0xAA, 0x4D, 0x5B, 0xD0, 0x3A, + 0xBA, 0x7F, 0xCC, 0x99, 0xD6, 0x68, 0xD7, 0x14, 0x85, 0xD7, + 0x8E, 0xE0, 0x1A, 0x6E, 0xE7, 0xC1, 0xD5, 0x2B, 0x35, 0x94, + 0x8E, 0xC1, 0x59, 0xC5, 0xAE, 0x48, 0x22, 0x87, 0x36, 0xC1, + 0xA4, 0xD9, 0x58, 0xC1, 0x2A, 0xD6, 0xFE, 0x45, 0x63, 0xCA, + 0x8F, 0x93, 0x86, 0xEC, 0x8D, 0xC2, 0xFD, 0xE3, 0x62, 0xD6, + 0x4C, 0x43, 0xFE, 0x82, 0x4F, 0xC9, 0x9D, 0xA9, 0xD8, 0xE4, + 0x5C, 0x15, 0x6D, 0xDE, 0xF9, 0x3D, 0x76, 0xB7, 0xBA, 0xF7, + 0x1C, 0xFB, 0x90, 0x74, 0xBB, 0x60, 0x93, 0xA4, 0x0C, 0xA4, + 0xFF, 0x41, 0x1C, 0x18, 0x7E, 0xE8, 0xE3, 0x78, 0xF5, 0x52, + 0x98, 0x50, 0xFD, 0xA8, 0x07, 0xAD }; const int sizeof_ca_cert_sig = sizeof(ca_cert_der_sig); /* ./client-cert.der.sign, */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/key_data.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* key_data.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -294,5 +294,3 @@ /*-- strcasecmp */ #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) -/* use original ASN parsing */ -#define WOLFSSL_ASN_ORIGINAL diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RX72N/EnvisionKit/wolfssl_demo/wolfssl_tsip_unit_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_tsip_unit_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/common/wolfssl_demo.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_demo.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/local_system_init.c 2026-05-24 09:58:33.000000000 +0000 @@ -4,16 +4,16 @@ * Enabled via WOLFSSL_USER_SETTINGS. * * - * Copyright (C) 2024 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * - * This file is part of wolfBoot. + * This file is part of wolfSSL. * - * wolfBoot is free software; you can redistribute it and/or modify + * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * - * wolfBoot is distributed in the hope that it will be useful, + * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/rzn2l_tst_thread_entry.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rzn2l_tst_thread_entry.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/serial_io/app_print.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* app_print.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolf_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/test/wolfssl_rsip_unit_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_sce_unit_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/RZN2L/test/src/wolfssl_dummy.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_dummy.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/.gitignore mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/.gitignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/.gitignore 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,6 @@ +.settings/ +Debug/ +synergy/ +synergy_cfg/ +wolfssl_lib/src/synergy_gen/ +synergy_cfg.txt diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/README.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,193 @@ +wolfSSL simple application projects for SK-S7G2 board +====== + +## 1. Overview +----- + +This repository provides simple sample applications for evaluating wolfSSL on the SK-S7G2 evaluation board (R7FS7G27H3A01CFC, S7G2 MCU). The samples run on Express Logic ThreadX (a real-time operating system) and use NetX/NetX Driver for networking and the SSP-provided drivers for the SK-S7G2 board. + +The sample package includes applications that demonstrate the following functions: + +- Crypto Test: Automatically runs tests for various cryptographic operations. +- Benchmark: Measures execution speed for various cryptographic operations. The benchmark also includes TCP and TLS client tests against a peer server. + +Because the required hardware and software configurations for the evaluation board are already prepared, only minimal setup is needed to run the samples. + +The following sections will walk you through the steps leading up to running the sample application. + +## 2. Target H/W, components and libraries +----- + +This sample program uses the following hardware and software libraries. If a new version of any component is available, update it as appropriate. + +| item | name & version | +|:--|:--| +| Board | SK-S7G2 Starter Kit | +| Device | R7FS7G27H3A01CFC | +| IDE | Renesas e2Studio — Version: 2025-01 (25.1.0) | +| Toolchain | GNU Arm Embedded Toolchain (arm-none-eabi-gcc), e.g. Arm GNU Toolchain 13.3.Rel1 (build arm-13.24) | +| SSP | 2.7.0 | + +The project includes a configuration file that references the following software components. These components are not bundled with this sample; you must download or install them via the e2studio Smart Configurator. + +| Component | version | +|:--|:--| +| Board support package for R7FS7G27H3A01CFC | 2.7.0 | +| Board Support Packages | 2.7.0 | +| SSP Common Code | 2.7.0 | +| Clock Generation Circuit: Provides=[CGC] | 2.7.0 | +| Event Link Controller: Provides=[ELC] | 2.7.0 | +| Factory MCU Information Module: Provides=[FMI] | 2.7.0 | +| I/O Port: Provides=[IO Port] | 2.7.0 | +| S7G2_SK Board Support Files | 2.7.0 | +| Express Logic ThreadX: Provides=[ThreadX] | 2.7.0 | +| Secure Cryptography Engine: Provides=[TRNG, AES, HASH, RSA, DSA, TDES, ARC4, ECC, KEY_INSTALLATION] | 2.7.0 | +| Express Logic NetX Synergy Port: Provides=[NetX Driver], Requires=[NetX] | 2.7.0 | +| General Purpose Timer: Provides=[Timer, GPT] | 2.7.0 | +| Real Time Clock: Provides=[RTC] | 2.7.0 | +| Express Logic NetX: Provides=[NetX], Requires=[ThreadX, NetX Driver] | 2.7.0 | + +> Note: Hardware-accelerated algorithms supported on this board (via the Secure Cryptography Engine / SSP): +> +> - True Random Number Generator (TRNG) +> - SHA-256 +> - AES in ECB mode: AES-128, AES-192, AES-256 +> +> To use the hardware accelerators, enable the "Secure Cryptography Engine" component in the e2studio Smart Configurator and click "Generate Code". On the wolfSSL side, hardware SCE support is enabled with the `WOLFSSL_SCE` compile-time option. In this sample, `WOLFSSL_SCE` is defined in the `user_settings.h` file included in the `wolfSSL_SKS7G2` project (for example: `#define WOLFSSL_SCE`), so the sample will use the Secure Cryptography Engine for the primitives listed above. To force software fallbacks for testing, remove the `WOLFSSL_SCE` define from `user_settings.h` or disable the Secure Cryptography Engine component. + +## 3. Importing sample application project into e2Studio +---- +There is no need to create a new project. Since the project file is already prepared, import the project from the IDE by following the steps below. + +- In e2studio: File > Open Project from File System... > Directory (R) ... Click the import source button and select the folder containing the project to import. +- Four projects are listed for import. Select only the three projects: `wolfbenchmark_test`, `wolfcrypt_test`, and `wolfssl_SKS7G2`, then click Finish. + +You should see the `wolfbenchmark_test`, `wolfcrypt_test`, and `wolfssl_SKS7G2` projects in Project Explorer. + +## 4. Smart configurator file generation +---- +Follow the steps below: + +1. Open the `wolfssl_SKS7G2` project in Project Explorer and double-click the `configuration.xml` file to open the Smart Configurator perspective. +2. Click the "Generate Code" button in the Smart Configurator (top-right of the component settings pane) to generate the required source files. This creates a `src/synergy_gen` folder under the project. + +## 5. Build and run wolfcrypt_test application +----- +1. Build the `wolfssl_SKS7G2` project in Project Explorer, then build the `wolfcrypt_test` project. +2. After a successful build, connect the target board to your PC via USB. +3. Select Run > Debug to open the Debug perspective. +4. The application outputs operating status to standard output. Keep the "Renesas Debug Virtual Console" open to view this output. +5. Press the Run button to start the application. +6. After displaying the crypto test result, the application enters an infinite loop. If output stops, stop debugging. + +## 7. Running benchmark application +----- + +### 7.1 Prepare TCP server as a peer +The benchmark application includes a TCP client. You can use [this TCP server application](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-tcp.c) as the peer server. + +``` +$ gcc server-tcp.c -o server-tcp +$ ./server-tcp +``` + +You can modify the server IP address and port. Those are defined in `app_entry.c` based on your environment: + +``` +#define SERVER_IP IP_ADDRESS(192,168,3,10) +#define TLS_PORT 11112 +#define TCP_PORT 11111 +``` + +### 7.2 Prepare TLS server as a peer +The benchmark application also includes a TLS client. You can use the wolfSSL example TLS server as the peer server: + +``` +$ git clone https://github.com/wolfSSL/wolfssl.git +$ cd wolfssl +$ ./autogen.sh +$ ./configure +$ make +$ ./examples/server/server -bdi -p 11112 -v d +``` + +The `-b` option binds the server to all network interfaces (instead of localhost only). +The `-d` option disables client authentication. +The `-i` option makes the server loop indefinitely (allow repeated connections). +The `-p` option sets the port number. +The `-v` option sets the TLS version. The `d` value allows a downgrade to TLS 1.2 if a TLS 1.3 connection cannot be established. + +### 7.3 Run benchmark application on the board +After building and running the benchmark on the board, the client connects to the server over TCP, exchanges a simple string, and prints output to the Renesas Debug Virtual Console similar to: + +``` +Pinging server to see if up .. got response from server +Benchmarking client TCP connection +Trying to connect to 0xC0A8030A on port 11111 +100 TCP connections took 0.XXXXXX seconds +``` + +You will also see messages on the server console: + +``` +$ ./server-tcp +Waiting for a connection... +Client connected successfully +Client: Hello Server + +Waiting for a connection... +``` + +For TLS benchmark, you will see messages like: + +``` +Benchmarking client TLSv1.2 connection using ECDHE-RSA-AES128-GCM-SHA256 +Trying to connect to 0xC0A8030A on port 11112 +100 TLS connections took YYY.XXXXXX seconds (and ZZZ.XXXXXX tx_time ticks) + +Benchmarking client TLSv1.3 WOLFSSL_ECC_X25519 connection using TLS13_AES128_GCM_SHA256 +Trying to connect to 0xC0A8030A on port 11112 +100 TLS connections took YYY.XXXXXX seconds (and ZZZ.XXXXXX tx_time ticks) + +Benchmarking client TLSv1.3 WOLFSSL_ECC_SECP256R1 connection using TLS13_AES128_GCM_SHA256 +Trying to connect to 0xC0A8030A on port 11112 +100 TLS connections took YYY.XXXXXX seconds (and ZZZ.XXXXXX tx_time ticks) + +Benchmarking client TLSv1.3 WOLFSSL_FFDHE_2048 connection using TLS13_AES128_GCM_SHA256 +Trying to connect to 0xC0A8030A on port 11112 +100 TLS connections took YYY.XXXXXX seconds (and ZZZ.XXXXXX tx_time ticks) +``` + +On the server console you may see: + +``` +$ ./examples/server/server -bdi -p 11112 -v d +listening on port 11112 +SSL version is TLSv1.2 +SSL cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 +SSL curve name is SECP256R1 +... +SSL version is TLSv1.3 +SSL cipher suite is TLS_AES_128_GCM_SHA256 +SSL curve name is X25519 +... +SSL version is TLSv1.3 +SSL cipher suite is TLS_AES_128_GCM_SHA256 +SSL curve name is SECP256R1 +... +SSL version is TLSv1.3 +SSL cipher suite is TLS_AES_128_GCM_SHA256 +SSL curve name is FFDHE_2048 +``` + +Finally, the application runs cryptographic benchmarks. You will see output like: + +``` +wolfCrypt Benchmark (block bytes 1024, min 1.0 sec each) +... +Benchmark complete +``` + +# 8. Support +---- +For support inquiries, email support@wolfssl.com. For Japanese support, contact info@wolfssl.jp. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,358 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,39 @@ + + + wolfbenchmark_test + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + com.renesas.cdt.synergy.contentgen.synergyExecutableNature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src/app_entry.c + 1 + PARENT-2-PROJECT_LOC/DK-S7G2/benchmark-template/src/app_entry.c + + + src/benchmark.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/benchmark/benchmark.c + + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,108 @@ + +#ifndef USER_SETTINGS_H +/* user_settings.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#define USER_SETTINGS_H + +/*#define DEBUG_WOLFSSL*/ + +#define NO_MAIN_DRIVER +#define USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_256 + +/* print out cycles per byte with benchmark + * when component r_wdt WDT is enabled + */ +#define SYNERGY_CYCLE_COUNT +#define BENCH_EMBEDDED + +/* Use turn on all SCE acceleration */ +#define WOLFSSL_SCE + +/* Used to turn off TRNG */ +/* #define WOLFSSL_SCE_NO_TRNG */ + +/* Used to turn off AES hardware acc. */ +/* #define WOLFSSL_SCE_NO_AES */ + +/* Used to turn off HASH hardware acc. */ +/* #define WOLFSSL_SCE_NO_HASH */ + +#if defined(WOLFSSL_SCE_NO_TRNG) + /* use unsafe test seed if TRNG not used (not for production) */ + #define WOLFSSL_GENSEED_FORTEST +#endif + +#define HAVE_ECC +#define ALT_ECC_SIZE + +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define HAVE_ONE_TIME_AUTH +#define HAVE_AESGCM + +#define HAVE_AES_ECB +#define WOLFSSL_AES_DIRECT + +#define TFM_TIMING_RESISTANT +#define WC_RSA_BLINDING +#define ECC_TIMING_RESISTANT + +#define NO_WOLFSSL_DIR + +#define HAVE_NETX +#define THREADX +#define THREADX_NO_DC_PRINTF +#define NO_WRITEV +#define SIZEOF_LONG 4 +#define SIZEOF_LONG_LONG 8 + +#define SP_WORD_SIZE 32 +#define WOLFSSL_SP_NO_DYN_STACK +#define WOLFSSL_SP_NO_3072 +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_SMALL +#define WOLFSSL_SP_NO_MALLOC +/*#define WOLFSSL_SP_NONBLOCK*/ +#define WOLFSSL_HAVE_SP_DH +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_SP_ARM_CORTEX_M_ASM + +/* TLS 1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_FFDHE_2048 +#define HAVE_HKDF +#define WC_RSA_PSS + +#define HAVE_CURVE25519 +#define HAVE_ED25519 +#define WOLFSSL_SHA512 + +/* NETX Duo BSD manual lists the socket len type as an INT */ +#undef XSOCKLENT +#define XSOCKLENT int + +#define USE_WOLF_TIMEVAL_T + +#endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/include.am 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,14 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/.gitignore +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/README.md +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.cproject +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/benchmark_test/.project +EXTRA_DIST+= IDE/Renesas/e2studio/SK-S7G2/common/user_settings.h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.cproject 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,355 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfcrypt_test/.project 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ + + + wolfcrpt_test + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + com.renesas.cdt.synergy.contentgen.synergyExecutableNature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + + + + src/test.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/test/test.c + + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.cproject 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,341 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/.project 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,579 @@ + + + wolfssl_SKS7G2 + + + + + + com.renesas.cdt.synergy.contentgen.synergyBuilder + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + com.renesas.cdt.synergy.contentgen.synergyNature + + + + user_settings.h + 1 + PARENT-1-PROJECT_LOC/common/user_settings.h + + + src/wolfcrypt/aes.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/aes.c + + + src/wolfcrypt/arc4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/arc4.c + + + src/wolfcrypt/ascon.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ascon.c + + + src/wolfcrypt/asm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asm.c + + + src/wolfcrypt/asn.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/asn.c + + + src/wolfcrypt/blake2b.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/blake2b.c + + + src/wolfcrypt/blake2s.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/blake2s.c + + + src/wolfcrypt/camellia.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/camellia.c + + + src/wolfcrypt/chacha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha.c + + + src/wolfcrypt/chacha20_poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/chacha20_poly1305.c + + + src/wolfcrypt/cmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cmac.c + + + src/wolfcrypt/coding.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/coding.c + + + src/wolfcrypt/compress.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/compress.c + + + src/wolfcrypt/cpuid.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cpuid.c + + + src/wolfcrypt/cryptocb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/cryptocb.c + + + src/wolfcrypt/curve25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/curve25519.c + + + src/wolfcrypt/curve448.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/curve448.c + + + src/wolfcrypt/des3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/des3.c + + + src/wolfcrypt/dh.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dh.c + + + src/wolfcrypt/dilithium.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dilithium.c + + + src/wolfcrypt/dsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/dsa.c + + + src/wolfcrypt/ecc.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc.c + + + src/wolfcrypt/ecc_fp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ecc_fp.c + + + src/wolfcrypt/eccsi.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/eccsi.c + + + src/wolfcrypt/ed25519.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ed25519.c + + + src/wolfcrypt/ed448.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ed448.c + + + src/wolfcrypt/error.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/error.c + + + src/wolfcrypt/ext_lms.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ext_lms.c + + + src/wolfcrypt/ext_mlkem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ext_mlkem.c + + + src/wolfcrypt/ext_xmss.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ext_xmss.c + + + src/wolfcrypt/falcon.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/falcon.c + + + src/wolfcrypt/fe_448.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_448.c + + + src/wolfcrypt/fe_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_low_mem.c + + + src/wolfcrypt/fe_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/fe_operations.c + + + src/wolfcrypt/ge_448.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_448.c + + + src/wolfcrypt/ge_low_mem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_low_mem.c + + + src/wolfcrypt/ge_operations.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ge_operations.c + + + src/wolfcrypt/hash.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hash.c + + + src/wolfcrypt/hmac.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hmac.c + + + src/wolfcrypt/hpke.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/hpke.c + + + src/wolfcrypt/integer.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/integer.c + + + src/wolfcrypt/kdf.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/kdf.c + + + src/wolfcrypt/logging.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/logging.c + + + src/wolfcrypt/md2.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md2.c + + + src/wolfcrypt/md4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md4.c + + + src/wolfcrypt/md5.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/md5.c + + + src/wolfcrypt/memory.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/memory.c + + + src/wolfcrypt/pkcs12.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs12.c + + + src/wolfcrypt/pkcs7.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pkcs7.c + + + src/wolfcrypt/poly1305.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/poly1305.c + + + src/wolfcrypt/pwdbased.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/pwdbased.c + + + src/wolfcrypt/random.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/random.c + + + src/wolfcrypt/rc2.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/rc2.c + + + src/wolfcrypt/ripemd.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/ripemd.c + + + src/wolfcrypt/rsa.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/rsa.c + + + src/wolfcrypt/sakke.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sakke.c + + + src/wolfcrypt/sha.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha.c + + + src/wolfcrypt/sha256.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha256.c + + + src/wolfcrypt/sha3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha3.c + + + src/wolfcrypt/sha512.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sha512.c + + + src/wolfcrypt/signature.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/signature.c + + + src/wolfcrypt/siphash.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/siphash.c + + + src/wolfcrypt/sm2.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sm2.c + + + src/wolfcrypt/sm3.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sm3.c + + + src/wolfcrypt/sm4.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sm4.c + + + src/wolfcrypt/sp_arm32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm32.c + + + src/wolfcrypt/sp_arm64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_arm64.c + + + src/wolfcrypt/sp_armthumb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_armthumb.c + + + src/wolfcrypt/sp_c32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c32.c + + + src/wolfcrypt/sp_c64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_c64.c + + + src/wolfcrypt/sp_cortexm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_cortexm.c + + + src/wolfcrypt/sp_dsp32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_dsp32.c + + + src/wolfcrypt/sp_int.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_int.c + + + src/wolfcrypt/sp_sm2_arm32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_arm32.c + + + src/wolfcrypt/sp_sm2_arm64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_arm64.c + + + src/wolfcrypt/sp_sm2_armthumb.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_armthumb.c + + + src/wolfcrypt/sp_sm2_c32.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_c32.c + + + src/wolfcrypt/sp_sm2_c64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_c64.c + + + src/wolfcrypt/sp_sm2_cortexm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_cortexm.c + + + src/wolfcrypt/sp_sm2_x86_64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_sm2_x86_64.c + + + src/wolfcrypt/sp_x86_64.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sp_x86_64.c + + + src/wolfcrypt/sphincs.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/sphincs.c + + + src/wolfcrypt/srp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/srp.c + + + src/wolfcrypt/tfm.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/tfm.c + + + src/wolfcrypt/wc_dsp.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_dsp.c + + + src/wolfcrypt/wc_encrypt.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_encrypt.c + + + src/wolfcrypt/wc_lms.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_lms.c + + + src/wolfcrypt/wc_lms_impl.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_lms_impl.c + + + src/wolfcrypt/wc_mlkem.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_mlkem.c + + + src/wolfcrypt/wc_mlkem_poly.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_mlkem_poly.c + + + src/wolfcrypt/wc_pkcs11.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_pkcs11.c + + + src/wolfcrypt/wc_port.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_port.c + + + src/wolfcrypt/wc_xmss.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_xmss.c + + + src/wolfcrypt/wc_xmss_impl.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wc_xmss_impl.c + + + src/wolfcrypt/wolfevent.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfevent.c + + + src/wolfcrypt/wolfmath.c + 1 + PARENT-5-PROJECT_LOC/wolfcrypt/src/wolfmath.c + + + src/wolfssl/crl.c + 1 + PARENT-5-PROJECT_LOC/src/crl.c + + + src/wolfssl/dtls.c + 1 + PARENT-5-PROJECT_LOC/src/dtls.c + + + src/wolfssl/dtls13.c + 1 + PARENT-5-PROJECT_LOC/src/dtls13.c + + + src/wolfssl/internal.c + 1 + PARENT-5-PROJECT_LOC/src/internal.c + + + src/wolfssl/keys.c + 1 + PARENT-5-PROJECT_LOC/src/keys.c + + + src/wolfssl/ocsp.c + 1 + PARENT-5-PROJECT_LOC/src/ocsp.c + + + src/wolfssl/quic.c + 1 + PARENT-5-PROJECT_LOC/src/quic.c + + + src/wolfssl/sniffer.c + 1 + PARENT-5-PROJECT_LOC/src/sniffer.c + + + src/wolfssl/ssl.c + 1 + PARENT-5-PROJECT_LOC/src/ssl.c + + + src/wolfssl/tls.c + 1 + PARENT-5-PROJECT_LOC/src/tls.c + + + src/wolfssl/tls13.c + 1 + PARENT-5-PROJECT_LOC/src/tls13.c + + + src/wolfssl/wolfio.c + 1 + PARENT-5-PROJECT_LOC/src/wolfio.c + + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/Renesas/e2studio/SK-S7G2/wolfssl_lib/configuration.xml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1297 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Board support package for R7FS7G27H3A01CFC + Renesas.Synergy_mcu_s7g2.2.7.0.pack + + + Board support package for S7G2 + Renesas.Synergy_mcu_s7g2.2.7.0.pack + + + Board support package for S7G2 + Renesas.Synergy_mcu_s7g2.2.7.0.pack + + + SSP Common Code + Renesas.Synergy.2.7.0.pack + + + Clock Generation Circuit: Provides=[CGC] + Renesas.Synergy.2.7.0.pack + + + Event Link Controller: Provides=[ELC] + Renesas.Synergy.2.7.0.pack + + + Factory MCU Information Module: Provides=[FMI] + Renesas.Synergy.2.7.0.pack + + + I/O Port: Provides=[IO Port] + Renesas.Synergy.2.7.0.pack + + + S7G2_SK Board Support Files + Renesas.Synergy_board_s7g2_sk.2.7.0.pack + + + Express Logic ThreadX: Provides=[ThreadX] + Renesas.Synergy.2.7.0.pack + + + Secure Cryptography Engine: Provides=[TRNG, AES, HASH, RSA, DSA, TDES, ARC4, ECC, KEY_INSTALLATION] + Renesas.Synergy.2.7.0.pack + + + Express Logic NetX Synergy Port: Provides=[NetX Driver] , Requires=[NetX] + Renesas.Synergy.2.7.0.pack + + + General Purpose Timer: Provides=[Timer ,GPT] + Renesas.Synergy.2.7.0.pack + + + Real Time Clock: Provides=[RTC] + Renesas.Synergy.2.7.0.pack + + + Express Logic NetX: Provides=[NetX] , Requires=[ThreadX ,NetX Driver] + Renesas.Synergy.2.7.0.pack + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STARCORE/starcore_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/starcore_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STARCORE/starcore_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/starcore_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* starcore_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STARCORE/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STARCORE/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STARCORE/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_example.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/STM32Cube/wolfssl_example.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_example.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/SimplicityStudio/test_wolf.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/test_wolf.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/SimplicityStudio/test_wolf.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/test_wolf.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_wolf.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/SimplicityStudio/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/SimplicityStudio/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/SimplicityStudio/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/client/client.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VS-AZURE-SPHERE/server/server.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VisualDSP/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VisualDSP/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VisualDSP/wolf_tasks.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/wolf_tasks.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/VisualDSP/wolf_tasks.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/VisualDSP/wolf_tasks.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolf-tasks.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WICED-STUDIO/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WICED-STUDIO/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WICED-STUDIO/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WICED-STUDIO/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ - / * Copyright (C) 2006-2025 wolfSSL Inc. + / * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -40,6 +40,11 @@ #define HAVE_CRL #define HAVE_CRL_MONITOR + #define HAVE_OCSP + #define HAVE_OCSP_RESPONDER + #define WOLFSSL_CERT_GEN + #define HAVE_CERTIFICATE_STATUS_REQUEST + #if defined(WOLFSSL_LIB) /* The lib */ #define OPENSSL_EXTRA diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN-SRTP-KDF-140-3/wolfssl-fips.rc 2026-05-24 09:58:33.000000000 +0000 @@ -51,8 +51,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,8,4,0 - PRODUCTVERSION 5,8,4,0 + FILEVERSION 5,9,1,0 + PRODUCTVERSION 5,9,1,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.8.4.0" + VALUE "FileVersion", "5.9.1.0" VALUE "InternalName", "wolfssl-fips" VALUE "LegalCopyright", "Copyright (C) 2023" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.8.4.0" + VALUE "ProductVersion", "5.9.1.0" END END BLOCK "VarFileInfo" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.rc 2026-05-24 09:58:33.000000000 +0000 @@ -51,8 +51,8 @@ // VS_VERSION_INFO VERSIONINFO - FILEVERSION 5,8,4,0 - PRODUCTVERSION 5,8,4,0 + FILEVERSION 5,9,1,0 + PRODUCTVERSION 5,9,1,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -69,12 +69,12 @@ BEGIN VALUE "CompanyName", "wolfSSL Inc." VALUE "FileDescription", "The wolfSSL FIPS embedded SSL library is a lightweight, portable, C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments primarily because of its size, speed, and feature set." - VALUE "FileVersion", "5.8.4.0" + VALUE "FileVersion", "5.9.1.0" VALUE "InternalName", "wolfssl-fips" - VALUE "LegalCopyright", "Copyright (C) 2025" + VALUE "LegalCopyright", "Copyright (C) 2026" VALUE "OriginalFilename", "wolfssl-fips.dll" VALUE "ProductName", "wolfSSL FIPS" - VALUE "ProductVersion", "5.8.4.0" + VALUE "ProductVersion", "5.9.1.0" END END BLOCK "VarFileInfo" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.vcxproj mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.vcxproj --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WIN10/wolfssl-fips.vcxproj 2026-05-24 09:58:33.000000000 +0000 @@ -292,6 +292,8 @@ + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,12 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h.140-2-deprecated mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h.140-2-deprecated --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h.140-2-deprecated 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/WINCE/user_settings.h.140-2-deprecated 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* AppDelegate.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/AppDelegate.m 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* AppDelegate.m * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ViewController.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.m mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.m --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.m 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/ViewController.m 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ViewController.m * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/main.m mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/main.m --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/main.m 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench/main.m 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.m * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/Benchmark/wolfBench.xcodeproj/project.pbxproj 2026-05-24 09:58:33.000000000 +0000 @@ -112,7 +112,7 @@ 9D2E31E3291CE4800082B941 /* dtls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dtls.c; path = ../../../src/dtls.c; sourceTree = ""; }; 9D2E31E6291CE4AC0082B941 /* dtls13.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dtls13.c; path = ../../../src/dtls13.c; sourceTree = ""; }; 9D2E31E8291CE5CB0082B941 /* kdf.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = kdf.c; path = ../../../wolfcrypt/src/kdf.c; sourceTree = ""; }; - A46FE14C2493E8F500A25BE7 /* armv8-chacha-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-chacha-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-chacha-asm.S"; sourceTree = ""; }; + A46FE14C2493E8F500A25BE7 /* armv8-chacha-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-chacha-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-chacha-asm.S"; sourceTree = ""; }; A46FE14D2493E8F600A25BE7 /* sp_int.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sp_int.c; path = ../../../wolfcrypt/src/sp_int.c; sourceTree = ""; }; A46FE1512493E8F600A25BE7 /* sp_cortexm.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = sp_cortexm.c; path = ../../../wolfcrypt/src/sp_cortexm.c; sourceTree = ""; }; A46FE1522493E8F600A25BE7 /* blake2s.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = blake2s.c; path = ../../../wolfcrypt/src/blake2s.c; sourceTree = ""; }; @@ -201,10 +201,10 @@ A4ADF8CE1FCE0C5500A06E90 /* coding.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = coding.c; path = ../../../wolfcrypt/src/coding.c; sourceTree = ""; }; A4ADF8D01FCE0C5500A06E90 /* ge_low_mem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = ge_low_mem.c; path = ../../../wolfcrypt/src/ge_low_mem.c; sourceTree = ""; }; A4DFEC0C1FD4CAA300A7BB33 /* benchmark.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = benchmark.c; path = ../../../wolfcrypt/benchmark/benchmark.c; sourceTree = ""; }; - A4DFEC0E1FD4CB8500A7BB33 /* armv8-sha256-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-sha256-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-sha256-asm.S"; sourceTree = ""; }; - A4DFEC0F1FD4CB8500A7BB33 /* armv8-aes-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-aes-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-aes-asm.S"; sourceTree = ""; }; + A4DFEC0E1FD4CB8500A7BB33 /* armv8-sha256-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-sha256-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-sha256-asm.S"; sourceTree = ""; }; + A4DFEC0F1FD4CB8500A7BB33 /* armv8-aes-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-aes-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-aes-asm.S"; sourceTree = ""; }; A4DFEC3B1FD6B9CC00A7BB33 /* test.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = test.c; path = ../../../wolfcrypt/test/test.c; sourceTree = ""; }; - CB81DE1C24C9284700B98DA6 /* armv8-poly1305-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-poly1305-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-poly1305-asm.S"; sourceTree = ""; }; + CB81DE1C24C9284700B98DA6 /* armv8-poly1305-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-poly1305-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-poly1305-asm.S"; sourceTree = ""; }; CB81DE1E24C93EC000B98DA6 /* armv8-curve25519.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-curve25519.S"; path = "../../../wolfcrypt/src/port/arm/armv8-curve25519.S"; sourceTree = ""; }; CB81DE2224C93FB300B98DA6 /* armv8-sha512-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-sha512-asm.S"; path = "../../../wolfcrypt/src/port/arm/armv8-sha512-asm.S"; sourceTree = ""; }; /* End PBXFileReference section */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE/wolfssl.xcodeproj/project.pbxproj 2026-05-24 09:58:33.000000000 +0000 @@ -1069,11 +1069,11 @@ 700F0C892A2FBE8200755BA7 /* ssl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = ssl.h; path = ../../wolfssl/openssl/ssl.h; sourceTree = ""; }; 700F0C8A2A2FBE8200755BA7 /* rsa.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = rsa.h; path = ../../wolfssl/openssl/rsa.h; sourceTree = ""; }; 9D01058F291CEA4F00A854D3 /* armv8-sha512-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-sha512-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-sha512-asm.S"; sourceTree = ""; }; - 9D010591291CEA4F00A854D3 /* armv8-sha256-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-sha256-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-sha256-asm.S"; sourceTree = ""; }; - 9D010593291CEA4F00A854D3 /* armv8-poly1305-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-poly1305-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-poly1305-asm.S"; sourceTree = ""; }; + 9D010591291CEA4F00A854D3 /* armv8-sha256-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-sha256-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-sha256-asm.S"; sourceTree = ""; }; + 9D010593291CEA4F00A854D3 /* armv8-poly1305-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-poly1305-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-poly1305-asm.S"; sourceTree = ""; }; 9D010595291CEA4F00A854D3 /* armv8-sha3-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-sha3-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-sha3-asm.S"; sourceTree = ""; }; - 9D010596291CEA4F00A854D3 /* armv8-chacha-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-chacha-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-chacha-asm.S"; sourceTree = ""; }; - 9D010598291CEA4F00A854D3 /* armv8-aes-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = "armv8-aes-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-aes-asm.S"; sourceTree = ""; }; + 9D010596291CEA4F00A854D3 /* armv8-chacha-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-chacha-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-chacha-asm.S"; sourceTree = ""; }; + 9D010598291CEA4F00A854D3 /* armv8-aes-asm.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-aes-asm.S"; path = "../../wolfcrypt/src/port/arm/armv8-aes-asm.S"; sourceTree = ""; }; 9D010599291CEA4F00A854D3 /* armv8-curve25519.S */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.asm; name = "armv8-curve25519.S"; path = "../../wolfcrypt/src/port/arm/armv8-curve25519.S"; sourceTree = ""; }; 9D2E31CA291CDF120082B941 /* quic.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = quic.c; path = ../../src/quic.c; sourceTree = ""; }; 9D2E31CB291CDF120082B941 /* dtls.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; name = dtls.c; path = ../../src/dtls.c; sourceTree = ""; }; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/Intel/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/macOS-C++/M1/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv2/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv5/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv5/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv5/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv5/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv6/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv6/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv6/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XCODE-FIPSv6/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XilinxSDK/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XilinxSDK/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XilinxSDK/wolfssl_example.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/wolfssl_example.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/XilinxSDK/wolfssl_example.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/XilinxSDK/wolfssl_example.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_example.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/build-wolfssl-framework.sh mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/build-wolfssl-framework.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/build-wolfssl-framework.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/build-wolfssl-framework.sh 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ # build-wolfssl-framework.sh # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/ContentView.swift 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ContentView.swift * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simple_client_example.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/simple_client_example.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* simple_client_example.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl-multiplatform-Bridging-Header.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-multiplatform-Bridging-Header.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_multiplatformApp.swift 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_multiplatformApp.swift * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_test_driver.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/apple-universal/wolfssl-multiplatform/wolfssl-multiplatform/wolfssl_test_driver.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_test_driver.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -43,6 +43,7 @@ include IDE/Renesas/e2studio/RX65N/RSK/include.am include IDE/Renesas/e2studio/RX72N/EnvisionKit/include.am include IDE/Renesas/e2studio/RZN2L/include.am +include IDE/Renesas/e2studio/SK-S7G2/include.am include IDE/RISCV/include.am include IDE/ROWLEY-CROSSWORKS-ARM/include.am include IDE/SimplicityStudio/include.am diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/ca-cert.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/ca-cert.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/ca-cert.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/ca-cert.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ca-cert.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/devices.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/devices.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devices.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/devices.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/devices.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/devices.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devices.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/memory-tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* memory-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/startup.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/startup.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/startup.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/startup.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* startup.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/target.ld mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/target.ld --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/target.ld 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/target.ld 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* target.ld * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/client-tls13.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/client-tls13.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/client-tls13.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/client-tls13.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client-tls13.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/main.c mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/iotsafe-raspberrypi/main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/mynewt/apps.wolfcrypttest.pkg.yml mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/apps.wolfcrypttest.pkg.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/mynewt/apps.wolfcrypttest.pkg.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/apps.wolfcrypttest.pkg.yml 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/mynewt/crypto.wolfssl.pkg.yml mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/crypto.wolfssl.pkg.yml --- mariadb-11.8.6/extra/wolfssl/wolfssl/IDE/mynewt/crypto.wolfssl.pkg.yml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/IDE/mynewt/crypto.wolfssl.pkg.yml 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/INSTALL mariadb-11.8.8/extra/wolfssl/wolfssl/INSTALL --- mariadb-11.8.6/extra/wolfssl/wolfssl/INSTALL 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/INSTALL 2026-05-24 09:58:33.000000000 +0000 @@ -16,6 +16,9 @@ all the generated build options. This file needs to be included in your application before any other wolfSSL headers. Optionally your application can define WOLFSSL_USE_OPTIONS_H to do this automatically. + Note: Building with configure also installs CMake package files under + $(libdir)/cmake/wolfssl to support find_package(wolfssl). You can disable this + with ./configure --disable-cmake-install. 2. Building on iOS diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/LICENSING mariadb-11.8.8/extra/wolfssl/wolfssl/LICENSING --- mariadb-11.8.6/extra/wolfssl/wolfssl/LICENSING 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/LICENSING 2026-05-24 09:58:33.000000000 +0000 @@ -17,6 +17,12 @@ OpenVPN +SWUpdate + +RPCS3 + +VDE - Virtual Distributed Ethernet + For our users who cannot use wolfSSL under GPLv3, a commercial license to wolfSSL and wolfCrypt is available. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/Makefile.am mariadb-11.8.8/extra/wolfssl/wolfssl/Makefile.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/Makefile.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/Makefile.am 2026-05-24 09:58:33.000000000 +0000 @@ -78,6 +78,9 @@ pkcs7encryptedDataDES3.der \ pkcs7encryptedDataDES.der \ pkcs7envelopedDataAES256CBC_ECDH.der \ + cmake/wolfssl-config.cmake \ + cmake/wolfssl-config-version.cmake \ + cmake/wolfssl-targets.cmake \ pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der \ pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der \ pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der \ @@ -148,6 +151,7 @@ EXTRA_DIST+= fips-hash.sh EXTRA_DIST+= gencertbuf.pl EXTRA_DIST+= README.md +EXTRA_DIST+= README-async.md EXTRA_DIST+= README EXTRA_DIST+= ChangeLog.md EXTRA_DIST+= LICENSING @@ -221,14 +225,21 @@ CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \ CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \ ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE \ - ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE ENABLED_KERNEL_BENCHMARKS + ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE ENABLED_KERNEL_BENCHMARKS \ + FIPS_FLAVOR module: - +$(MAKE) -C linuxkm libwolfssl.ko + +$(MAKE) -C linuxkm module module-update-fips-hash: +$(MAKE) -C linuxkm module-update-fips-hash +module-with-matching-fips-hash: + +$(MAKE) -C linuxkm module-with-matching-fips-hash + +module-with-matching-fips-hash-no-sign: + +$(MAKE) -C linuxkm module-with-matching-fips-hash-no-sign + clean_module: +$(MAKE) -C linuxkm clean @@ -246,8 +257,9 @@ EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \ AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \ AM_CCASFLAGS CCASFLAGS \ - src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS - + src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_BSDKM_REGISTER \ + ENABLED_ASM ENABLED_INTELASM ENABLED_AESNI ENABLED_AESNI_WITH_AVX \ + ENABLED_KERNEL_BENCHMARKS endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/README mariadb-11.8.8/extra/wolfssl/wolfssl/README --- mariadb-11.8.6/extra/wolfssl/wolfssl/README 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/README 2026-05-24 09:58:33.000000000 +0000 @@ -7,8 +7,9 @@ because of its royalty-free pricing and excellent cross platform support. wolfSSL supports industry standards up to the current TLS 1.3 and DTLS 1.3 levels, is up to 20 times smaller than OpenSSL, and offers progressive ciphers -such as ChaCha20, Curve25519, and Blake2b. User benchmarking and feedback -reports dramatically better performance when using wolfSSL over OpenSSL. +such as ChaCha20, Curve25519, BLAKE2b/BLAKE2s and Post-Quantum TLS 1.3 groups. +User benchmarking and feedback reports dramatically better performance when +using wolfSSL over OpenSSL. wolfSSL is powered by the wolfCrypt library. Two versions of the wolfCrypt cryptography library have been FIPS 140-2 validated (Certificate #2425 and @@ -75,77 +76,175 @@ *** end Notes *** -# wolfSSL Release 5.8.4 (Nov. 20, 2025) +# wolfSSL Release 5.9.1 (Apr. 8, 2026) -Release 5.8.4 has been developed according to wolfSSL's development and QA +Release 5.9.1 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is deprecated - * MD5 is now disabled by default +NOTE: +* --enable-heapmath is deprecated +* MD5 is now disabled by default PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275. +* [Critical] CVE-2026-5194 +Missing hash/digest size and OID checks allow digests smaller than allowed by FIPS 186-4 or 186-5 (as appropriate), or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions, reducing the security of certificate-based authentication. Affects multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448. Builds that have both ECC and EdDSA or ML-DSA enabled that are doing certificate verification are recommended to update to the latest wolfSSL release. Thanks to Nicholas Carlini from Anthropic for the report. Fixed in PR 10131. -* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. This affects users who are running wolfSSL on the server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9117. +* [High] CVE-2026-5264 +Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH). Fixed in PR 10076. -* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello that has a key share extension and the server responds with a ServerHello that does not have a key share extension the connection would previously continue on without using PFS. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9112. +* [High] CVE-2026-5263 +URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. Thanks to Oleh Konko @1seal for the report. Fixed in PR 10048. -* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9113. +* [High] CVE-2026-5295 +Stack buffer overflow in PKCS7 ORI (Other Recipient Info) OID processing. When parsing a PKCS7 envelope with a crafted ORI OID value, a stack-based buffer overflow can be triggered. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH). Fixed in PR 10116. +* [High] CVE-2026-5466 +wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. -* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. Previously duplicate CKS extensions were not rejected leading to a potential memory leak when processing a ClientHello. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9132. +* [High] CVE-2026-5477 +Potential for AES-EAX AEAD and CMAC authentication bypass on messages larger than 4 GiB. An attacker who observes one valid (ciphertext, tag) pair for a >4 GiB EAX message can replace the first 4 GiB of ciphertext arbitrarily while the tag still verifies. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. +* [High] CVE-2026-5447 +Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10112. -* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +* [High] CVE-2026-5500 +wolfSSL's `wc_PKCS7_DecodeAuthEnvelopedData()` does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the `mac` field from 16 bytes to 1 byte, reducing the tag check from 2â»Â¹Â²â¸ to 2â»â¸. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. -* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +* [High] CVE-2026-5501 +`wolfSSL_X509_verify_cert()` in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. -* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 +* [High] CVE-2026-5503 +In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [Med] CVE-2026-5392 +Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData(). This only affects builds with PKCS7 support enabled. Thanks to J Laratro (d0sf3t) for the report. Fixed in PR 10039. + +* [Med] CVE-2026-5446 +ARIA-GCM nonce reuse in TLS 1.2 record encryption. ARIA cipher support requires a proprietary Korean library (MagicCrypto) and --enable-aria, limiting real-world exposure. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10111. + +* [Med] CVE-2026-5460 +When a malicious TLS 1.3 server sends a ServerHello with a truncated PQC hybrid KeyShare (e.g., P256_ML_KEM_512 with 10 bytes instead of the required 768+), the error cleanup path double-frees the KyberKey. Thanks to Calvin Young (eWalker Consulting Inc.) and Enoch Chow (Isomorph Cyber). Fixed in PR 10092. + +* [Med] CVE-2026-5504 +A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. + +* [Med] CVE-2026-5507 +When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. + +* [Low] CVE-2026-5187 +Heap out-of-bounds write in DecodeObjectId() caused by an off-by-one bounds check combined with a sizeof mismatch. A crafted ASN.1 object identifier can trigger a small heap OOB write. Thanks to Yuteng for the report. Fixed in PR 10025. + +* [Low] CVE-2026-5188 +An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation. The original ASN.1 parsing implementation is off by default. Thanks to Muhammad Arya Arjuna Habibullah for the report. Fixed in PR 10024. + +* [Low] CVE-2026-5448 +X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10071. + +* [Low] CVE-2026-5772 +A 1-byte stack buffer over-read exists in the MatchDomainName function in src/internal.c when processing wildcard patterns with the LEFT_MOST_WILDCARD_ONLY flag active. When a wildcard '*' exhausts the entire hostname string (strLen reaches 0), the function proceeds to compare remaining pattern characters against the now-exhausted buffer without a bounds check, causing an out-of-bounds read. Thanks to Zou Dikai for the report. Fixed in PR 10119. + +* [Low] CVE-2026-5778 +An integer underflow exists in the ChaCha20-Poly1305 decryption path where a malformed TLS 1.2 record with a payload shorter than the AEAD MAC size causes the message length calculation to underflow, resulting in an out-of-bounds read. This only affects sniffer builds. Thanks to Zou Dikai for the report. Fixed in PR 10125. + +## Experimental Build Vulnerability + +* [Med] CVE-2026-5393 +Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for testing the fix. Fixed in PR 10079. ## New Features -* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) -* Initial wolfCrypt FreeBSD kernel module support (PR 9392) -* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage / OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7 builds with AES keywrap unset. (PR 9018, 9029, 9032) -* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free operations. (PR 9002, 9309) -* Add support for certificate_authorities extension in ClientHello and certificate manager CA-type selection/unloading. (PR 9209, 9046) -* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha, hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328, 9368, 9389, 9357, 9433) -* Rust: support optional heap and dev_id parameters and enable conditional compilation based on C build options. (PR 9407, 9433) -* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware acceleration additions. (PR 9228, 9256, 9185) -* STM32U5 added support for SAES and DHUK. (PR 9087) -* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR 9174) - -## Improvements / Optimizations -* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples, libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096, 9141, 9091, 9122, 9388) -* Improved test ordering and CI test stability (random tests run order changes, FIPS test fixes). (PR 9204, 9257) -* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and example certificate renewals. (PR 9131, 9293, 9262, 9429) -* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add Fetchmail and OpenVPN). (PR 9398, 9413) -* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements. (PR 8902, 9055) -* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family digest selection) and improved crypto-only build cases. (PR 9070, 9252, 9271, 9100, 9194) -* AES & HW offload improvements including AES-CTR support in PKCS11 driver and AES ECB offload sizing fix. (PR 9277, 9364) -* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR 8987, 9225, 9264) -* Renesas FSP / RA examples updated and security-module TLS context improvements. (PR 9047, 9010, 9158, 9150) -* Broad configure/CMake/Autotools workflow improvements (Apple options tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037, 9167, 9161, 9264) -* New assembly introspection / performance helpers for RISC-V and PPC32; benchmarking enhancements (cycle counts). (PR 9101, 9317) -* Update to SGX build for using assembly optimizations. (PR 8463, 9138) -* Testing with Fil-C compiler version to 0.674 (PR 9396) -* Refactors and compressing of small stack code (PR 9153) +* Enabled PQC algorithm ML-KEM (FIPS203) on by default. by @Frauschi (PR 9732) +* Added brainpool curve support to wolfSSL_CTX_set1_sigalgs_list. by @kojo1 (PR 9993) +* Implemented wolfSSL_Atomic_Int_Exchange() in wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c. by @douzzer (PR 10036) +* Added a GPLv2 license exception for VDE (Virtual Distributed Ethernet) to the licensing terms. by @danielinux (PR 10107) +* Added DTLS 1.3/TLS 1.3 write-dup (Duplicate SSL) support so the read-side can delegate post-handshake work (KeyUpdate responses, DTLS13 ACK sending, post-handshake auth) to the write-side, along with new tests and CI coverage. (PR 10006) + +## Post-Quantum Cryptography (PQC) +* Fixed Dilithium API to use byte type for context length parameters, enforcing the 0–255 byte constraint. by @SparkiDev (PR 10010) +* Fixed benchmarking for ML-DSA with static memory enabled. by @JacobBarthelmeh (PR 9970) +* Added checks to verify the private key is set before performing private key operations in Ed25519, Ed448, ML-DSA, and ML-KEM. by @anhu (PR 10083) +* Added buffer size and callback validation checks to wc_LmsKey_Sign to prevent signing with insufficient output buffer or missing required callbacks. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10084) +* Fixed an out-of-bounds shift in the ML-DSA implementation by ensuring the cast is performed before large shift operations in dilithium.c. Thanks to Dominik Blain / COBALT Security for the bug report. by @padelsbach (PR 10096) +* Zeroize sensitive memory buffers in the ML-DSA (Dilithium) implementation to prevent leakage of cryptographic material. by @Frauschi (PR 10100) +* Fixed undefined behavior in SLH-DSA key initialization by casting to unsigned before performing a left shift that could set the MSB. by @padelsbach (PR 10104) +* Added null checks for buffer size and callback validity in the external wc_LmsKey_Sign function to prevent CI failures. by @padelsbach (PR 10105) +* Ensured that the heap buffer used (among others) to store sensitive data during ML-DSA signing is zeroized before freeing the memory. Thanks to Abhinav Agarwal (@abhinavagarwal07) for the report. (PR 10113) +* The legacy non-context ML-DSA (Dilithium) API is now guarded behind WOLFSSL_DILITHIUM_NO_CTX, making the context-aware FIPS 204 API the default and adding a no-ctx configure option to explicitly re-enable the legacy path. by @Frauschi (PR 10047) + +## TLS/DTLS +* Fixed handling of OCSP_WANT_READ return value in the TLS 1.3 handshake message type processing to prevent incorrect error propagation during OCSP stapling operations. by @julek-wolfssl (PR 9995) +* Fixed a bug in the HPKE implementation where the KDF digest was incorrectly used for the KEM, and refactored HPKE-related code out of the TLS/ECH layer into dedicated local functions, adding tests for all 24 algorithm combination variants. by @sebastian-carpenter (PR 9999) +* Fixed DTLS 1.3 ServerHello to not echo the legacy_session_id field, bringing the implementation into compliance with the DTLS 1.3 specification. by @julek-wolfssl (PR 10007) +* Fixed a TLS 1.3 server issue where a mismatched ciphersuite in a second ClientHello following a HelloRetryRequest was incorrectly accepted instead of rejected. by @sebastian-carpenter (PR 10034) +* Fixed a possible memory leak in ECC non-blocking cryptography operations within the TLS layer. by @dgarske (PR 10065) +* Fixed multiple correctness issues in DTLS 1.3 and TLS 1.3 including wrong return values, missing bounds checks, a PSK identity buffer overread, swapped server/client parameters in finished secret derivation, a static array data race, resource leaks, and a potential NULL dereference in the SM3 exporter path. by @gasbytes (PR 10117) + +## ASN and Certificate Parsing +* Added wolfSSL_check_ip_address() to support filtering connections based on Subject Alternative Name (SAN) IP address entries, mirroring the existing domain name check functionality. by @padelsbach (PR 9935) +* Added host name verification from the verification context parameter when calling wolfSSL_X509_verify_cert. by @julek-wolfssl (PR 9952) +* Moved non-template (WOLFSSL_ASN_ORIGINAL) code into asn_orig.c and include from asn.c. by @dgarske (PR 9920) +* Fixed additional potential null pointer dereferences in ASN parsing code identified by Coverity static analysis. by @rlm2002 (PR 9990) +* Fixed wolfssl/wolfcrypt/asn.h to directly include wolfssl/wolfcrypt/sha512.h for WC_SHA384_DIGEST_SIZE and WC_SHA512_DIGEST_SIZE. Previously this relied on transitive include order and broke builds where asn.h is parsed before hash.h/sha512.h. by @danielinux (PR 10014) +* Removed FIPS-conditional guards from the GetASN_BitString length check so the validation applies in all builds. by @embhorn (PR 10027) +* Added validation to reject negative ASN.1 integers in CRL number fields during decoding, preventing an overflow that could corrupt the adjacent hash field. Thanks to Sunwoo Lee for the bug report. by @padelsbach (PR 10087) + +## Hardware and Embedded Ports +* Fixed SE050 hardware security module integration by routing RSA-PSS sign/verify operations through the software path to prevent double-hashing, releasing persistent SE050 key slots on free for RSA, ECC, Ed25519, and Curve25519 keys, and adding missing mutex unlock calls before early returns in RSA crypto functions. by @LinuxJedi (PR 9912) +* When WOLFSSL_NO_HASH_RAW is defined due to hardware hash offload, turn on LMS and XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration. by @LinuxJedi (PR 9946) +* Applied AI-review fixes across hardware and embedded port implementations spanning Espressif, Renesas, Silicon Labs, NXP, STM32, TI, Xilinx, and numerous other targets to improve correctness and code quality. by @SparkiDev (PR 10003) +* Fixed issues found by the testing of the MAX32666 tests. by @night1rider (PR 10035) +* Fixed buffer overflows, key material exposure, mutex leaks, and logic errors across hardware crypto port backends. by @JeremiahM37 (PR 10080) + +## Rust Wrapper +* Released version 1.2.0 of the wolfssl-wolfcrypt Rust crate with updated changelog and README. by @holtrop-wolfssl (PR 9953) +* Updated the Rust wrapper's build script to support cross-compiling and bare-metal targets, including RISC-V architectures. by @holtrop-wolfssl (PR 10031) + +## Build System and Portability +* Removed default declaration of WC_ALLOC_DO_ON_FAILURE. by @julek-wolfssl (PR 9905) +* Refactored wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; added detailed error code tracing. by @douzzer (PR 9937) +* Removed the forced enabling of MD5 when building with --enable-jni so that MD5 can be explicitly disabled in FIPS builds. by @mattia-moffa (PR 10011) +* Changed the example server/client to not modify macro defines that come from how the wolfSSL library is configured when built. by @JacobBarthelmeh (PR 10037) +* Added __extension__ to __GNUC__&&!__STRICT_ANSI__ variant of wc_debug_trace_error_codes_enabled() in wolfssl/wolfcrypt/error-crypt.h, to inhibit false positive "error: ISO C forbids braced-groups within expressions" with -pedantic. by @douzzer (PR 10041) +* Fixed IAR compiler warnings about undefined volatile access order by reading volatile values into local copies before use in expressions. by @embhorn (PR 10045) +* Automatically enables WOLFSSL_SP_4096 when WOLFSSL_HAVE_SP_DH is defined under the --enable-usersettings configuration to fix a missing dependency for C# user settings builds. by @kojo1 (PR 10054) +* Added volatile casting to a port header definition to address a correctness issue. by @anhu (PR 10062) +* Extended the WC_MAYBE_UNUSED macro definition to cover GCC versions greater than 3 to fix a build error in GCC 3.4.0. by @embhorn (PR 10101) +* Fixed a compile error when building with --enable-crl and --disable-ecc by adding the appropriate preprocessor guards around SetBitString in asn.c. by @padelsbach (PR 10118) +* Fixed -Wcast-qual hygiene in wolfCrypt. by @douzzer (PR 10120) ## Bug Fixes -* Removed the test feature using popen when defining the macro WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with having the macro HAVE_HTTP_CLIENT set. There was the potential for vulnerable behavior with the use of popen when the API wolfSSL_BIO_new_connect() was called with this specific build. This exact build configuration is only intended for testing with QEMU and is not enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the report. (PR 9038) -* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw public key import when using the API Ed25519ImportPublic.This was a broken API with the C# wrapper that would crash on use. Thanks to Luigino Camastra from Aisle Research for the bug report. (PR 9291) -* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324) -* TLS 1.2/DTLS improvements: client message order checks, DTLS cookie/exchange and replay protections, better DTLS early-data handling. (PR 9387, 9253, 9205, 9367) -* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints, restore inner server name for ECH, retrying cert candidate chains. (PR 8890, 9234, 8692) -* Sniffer robustness: fix infinite recursion, better handling of OOO appData and partial overlaps, and improved retransmission detection. (PR 9051, 9106, 9140, 9094) -* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067, 9111, 9121) -* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439) -* Avoid uninitialized-variable and GCC warnings; several fixes for undefined-shift/overflow issues. (PR 9020, 9372, 9195) -* Memory & leak fixes in X509 verification and various struct sizing fixes for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036) -* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031, 9263) +* Fixed stack memory tracking for the wolfCrypt benchmark. by @Frauschi (PR 9983) +* Fixed a bug in FillSigner where pubKeyStored and subjectCNStored flags were not cleared after transferring pointers from a DecodedCert to a signer, preventing stale NULL pointers from being copied on subsequent calls. by @embhorn (PR 10033) +* Fixed a heap overflow in ssl_DecodePacketInternal caused by silent truncation when summing 64-bit iov_len values into a 32-bit integer, which resulted in an undersized buffer allocation followed by an out-of-bounds copy. by @embhorn (PR 10017) +* Added a bounds check in GetSafeContent to prevent an unsigned integer underflow in the content size calculation when the OID parsed by GetObjectId exceeds the declared ContentInfo SEQUENCE length. by @embhorn (PR 10018) +* Fixed a potential double free issue in non-blocking async handling within ASN parsing. by @dgarske (PR 10022) +* Fixed bounds checking and buffer size calculation in DecodeObjectId to correctly validate two output slots before writing and pass the proper element count instead of byte count when handling unknown ASN.1 extensions. by @embhorn (PR 10025) +* Fixed stack buffer overflow in RSA exponent print via wolfSSL_EVP_PKEY_print_public in evp.c. Printing an RSA public key with a large exponent can overflow a stack buffer in the EVP printing routine. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10088) +* Fixed sanity check on hashLen provided to wc_dilithium_verify_ctx_hash. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10131) +* Disallowed wildcard partial domains when using MatchDomainName. Thanks to Oleh Konko (@1seal) for the report. (PR 9991) +* Fixed a buffer underflow that occurred when a zero-length size was passed to the devcrypto AES-CBC implementation. by @JeremiahM37 (PR 10005) +* Routed BIO_ctrl_pending, BIO_reset, and BIO_get_mem_data through the custom method's ctrlCb when set, enabling fully custom BIO types to handle these operations. by @julek-wolfssl (PR 10004) +* Fixed multiple issues in the SP integer implementation including negative number handling, edge cases when a->used is zero, missing bounds checks, and redundant code, while also re-implementing wc_PKCS12_PBKDF() without MP and adding 128-bit integer types for cleaner PKCS#12 support. by @SparkiDev (PR 10020) +* Fixed functional bugs in x86_64 AES-XTS register clobbering and ARM32 multiply/accumulate source registers, along with assembly label typos, instruction mnemonic corrections, and comment fixes across AES, ChaCha, SHA-3, SHA-512, ML-KEM, and Curve25519 assembly for x86_64, ARM32, and ARM64 targets. by @SparkiDev (PR 10023) +* Fixed a bug in the SP non-blocking ECC mont_inv_order function where the last bit was not being processed during modular inverse computation. by @SparkiDev (PR 10044) +* Added bounds check to prevent potential out-of-bounds access when parsing end-of-content octets in PKCS7 streaming indefinite-length encoding. by @anhu (PR 10039) +* Refactored the "Increment B by 1" loop in wc_PKCS12_PBKDF_ex() to avoid bugprone-inc-dec-in-conditions. by @douzzer (PR 10059) +* Fixed OpenSSL compatibility layer ASN1_INTEGER and ASN1_STRING to be compatible structs. by @julek-wolfssl (PR 10089) +* Fixed potential data truncation in wc_XChaCha20Poly1305_crypt_oneshot() by replacing long int casts with size_t to correctly handle 64-bit sizes on platforms where long int is 32-bit. by @rlm2002 (PR 10091) +* Fixed error handling in the Linux kernel AES AEAD glue code so that scatterwalk_map failures correctly propagate an error code instead of returning success with uninitialized data. by @sameehj (PR 9996) +* Fixed DTLS Fragment Reassembly to not read uninitialized heap contents. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10090) +* Fixed DTLS 1.3 word16 truncation on handshake send size. A handshake message exceeding 65535 bytes causes silent integer truncation when the size is stored in a word16, leading to malformed or truncated handshake transmissions. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10103) +* Fixed invalid-pointer-pair memory errors reported by clang sanitizer with detect_invalid_pointer_pairs=2 in ASAN_OPTIONS. by @douzzer (PR 10095) +* Hardened default builds by enabling ECC curve validation unconditionally, removing the previous dependency on USE_ECC_B_PARAM. Users on older versions can also harden their builds by enabling WOLFSSL_VALIDATE_ECC_IMPORT. by @Frauschi (PR 10133) + +## Documentation and Maintenance +* Added inline Doxygen documentation for previously undocumented macros across TLS, cryptography, and ASN source files, and corrected spelling errors throughout the codebase. by @dgarske (PR 9992) +* Fixed typos in documentation for SSL API function argument descriptions. by @dgarske (PR 10021) +* Updated documentation to reflect support for both FIPS 140-2 and FIPS 140-3. by @anhu (PR 10061) + For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/README-async.md mariadb-11.8.8/extra/wolfssl/wolfssl/README-async.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/README-async.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/README-async.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,558 @@ +# wolfSSL / wolfCrypt Asynchronous Support + +The asynchronous code was previously maintained at https://github.com/wolfSSL/wolfAsyncCrypt but was integrated into wolfSSL proper starting with release v5.8.4. + +This feature is enabled using: +`./configure --enable-asynccrypt` or `#define WOLFSSL_ASYNC_CRYPT`. + +If async crypto is enabled but no hardware backend is enabled or if `WOLFSSL_ASYNC_CRYPT_SW` is defined, a software backend using wolfCrypt is used instead. This software backend can simulate periodic hardware delays using the macro `WOLF_ASYNC_SW_SKIP_MOD`, which is on by default if `DEBUG_WOLFSSL` is defined. + +## Design + +Each crypto algorithm has its own `WC_ASYNC_DEV` structure, which contains a `WOLF_EVENT`, local crypto context and local hardware context. + +For SSL/TLS the `WOLF_EVENT` context is the `WOLFSSL*` and the type is `WOLF_EVENT_TYPE_ASYNC_WOLFSSL`. For wolfCrypt operations the `WOLF_EVENT` context is the `WC_ASYNC_DEV*` and the type is `WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT`. + +A generic event system has been created using a `WOLF_EVENT` structure when `HAVE_WOLF_EVENT` is defined. The event structure resides in the `WC_ASYNC_DEV`. + +The asynchronous crypto system is modeled after epoll. The implementation uses `wolfSSL_AsyncPoll` or `wolfSSL_CTX_AsyncPoll` to check if any async operations are complete. + +## Hardware Backends + +Supported hardware backends: + +* Intel QuickAssist with QAT 1.6 or QAT 1.7 driver. See README.md in `wolfcrypt/src/port/intel/README.md`. +* Cavium Nitrox III and V. See README.md in `wolfcrypt/src/port/cavium/README.md`. + +## wolfCrypt Backend + +The wolfCrypt backend uses the same API as the hardware backends do. Once an asynchronous operation is initiated with the software backend, subsequent calls to `wolfSSL_AsyncPoll` will call into wolfCrypt to complete the operation. If non-blocking is enabled, for example, for ECC (via `WC_ECC_NONBLOCK`), each `wolfSSL_AsyncPoll` will do a chunk of work for the operation and return, to minimize blocking time. + +## API's + +### ```wolfSSL_AsyncPoll``` +``` +int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags); +``` + +Polls the provided WOLFSSL object's reference to the WOLFSSL_CTX's event queue to see if any operations outstanding for the WOLFSSL object are done. Return the completed event count on success. + +### ```wolfSSL_CTX_AsyncPoll``` +``` +int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount) +``` + +Polls the provided WOLFSSL_CTX context event queue to see if any pending events are done. If the `events` argument is provided then a pointer to the `WOLF_EVENT` will be returned up to `maxEvents`. If `eventCount` is provided then the number of events populated will be returned. The `flags` allows for `WOLF_POLL_FLAG_CHECK_HW` to indicate if the crypto backend (i.e. hardware or wolfCrypt, if the software implementation is being used) should be polled again or just return more events. + +### ```wolfAsync_DevOpen``` +``` +int wolfAsync_DevOpen(int *devId); +``` + +Open the async device and returns an `int` device id for it. + +### ```wolfAsync_DevOpenThread``` +``` +int wolfAsync_DevOpenThread(int *devId, void* threadId); +``` +Opens the async device for a specific thread. A crypto instance is assigned and thread affinity set. + +### ```wolfAsync_DevClose``` +``` +void wolfAsync_DevClose(int *devId) +``` + +Closes the async device. + +### ```wolfAsync_DevCopy``` +``` +int wolfAsync_DevCopy(WC_ASYNC_DEV* src, WC_ASYNC_DEV* dst); +``` + +Copy async device memory safe (not pointers to old device). + +### ```wolfAsync_DevCtxInit``` +``` +int wolfAsync_DevCtxInit(WC_ASYNC_DEV* asyncDev, word32 marker, void* heap, int devId); +``` + +Initialize the device context and open the device hardware using the provided `WC_ASYNC_DEV ` pointer, marker and device id (from wolfAsync_DevOpen). + +### ```wolfAsync_DevCtxFree``` +``` +void wolfAsync_DevCtxFree(WC_ASYNC_DEV* asyncDev); +``` + +Closes and free's the device context. + + +### ```wolfAsync_EventInit``` +``` +int wolfAsync_EventInit(WOLF_EVENT* event, enum WOLF_EVENT_TYPE type, void* context, word32 flags); +``` + +Initialize an event structure with provided type and context. Sets the pending flag and the status code to `WC_PENDING_E`. Current flag options are `WC_ASYNC_FLAG_NONE` and `WC_ASYNC_FLAG_CALL_AGAIN` (indicates crypto needs called again after WC_PENDING_E). + +### ```wolfAsync_EventWait ``` +``` +int wolfAsync_EventWait(WOLF_EVENT* event); +``` + +Waits for the provided event to complete. + +### ```wolfAsync_EventPoll``` +``` +int wolfAsync_EventPoll(WOLF_EVENT* event, WOLF_EVENT_FLAG event_flags); +``` + +Polls the provided event to determine if its done. + +### ```wolfAsync_EventPop ``` + +``` +int wolfAsync_EventPop(WOLF_EVENT* event, enum WOLF_EVENT_TYPE event_type); +``` + +This will check the event to see if the event type matches and the event is complete. If it is then the async return code is returned. If not then `WC_NOT_PENDING_E` is returned. + + +### ```wolfAsync_EventQueuePush``` +``` +int wolfAsync_EventQueuePush(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event); +``` + +Pushes an event to the provided event queue and assigns the provided event. + +### ```wolfAsync_EventQueuePoll``` +``` +int wolfAsync_EventQueuePoll(WOLF_EVENT_QUEUE* queue, void* context_filter, + WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG event_flags, int* eventCount); +``` + +Polls all events in the provided event queue. Optionally filters by context. Will return pointers to the done events. + +### ```wc_AsyncHandle``` +``` +int wc_AsyncHandle(WC_ASYNC_DEV* asyncDev, WOLF_EVENT_QUEUE* queue, word32 flags); +``` + +This will push the event inside asyncDev into the provided queue. + +### ```wc_AsyncWait``` +``` +int wc_AsyncWait(int ret, WC_ASYNC_DEV* asyncDev, word32 flags); +``` + +This will wait until the provided asyncDev is done (or error). + +### ```wolfAsync_HardwareStart``` +``` +int wolfAsync_HardwareStart(void); +``` + +If using multiple threads this allows a way to start the hardware before using `wolfAsync_DevOpen` to ensure the memory system is setup. Ensure that `wolfAsync_HardwareStop` is called on exit. Internally there is a start/stop counter, so this can be called multiple times, but stop must also be called the same number of times to shutdown the hardware. + +### ```wolfAsync_HardwareStop``` +``` +void wolfAsync_HardwareStop(void); +``` + +Stops hardware if internal `--start_count == 0`. + +## Examples + +### TLS Server Example + +```c +int devId = INVALID_DEVID; + +ret = wolfAsync_DevOpen(&devId); +if (ret != 0) { + err_sys("Async device open failed"); +} +wolfSSL_CTX_SetDevId(ctx, devId); + +do { + err = 0; /* reset error */ + ret = wolfSSL_accept(ssl, msg, msgSz, &msgSz); + if (ret <= 0) { + err = wolfSSL_get_error(ssl, 0); + if (err == WC_PENDING_E) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + } +} while (err == WC_PENDING_E); +if (ret != WOLFSSL_SUCCESS) { + err_sys("SSL_connect failed"); +} + +wolfAsync_DevClose(&devId); +``` + +### wolfCrypt RSA Example + +```c +static int devId = INVALID_DEVID; +RsaKey key; + +ret = wolfAsync_DevOpen(&devId); +if (ret != 0) + err_sys("Async device open failed"); + +wc_InitRsaKey_ex(&key, HEAP_HINT, devId); +if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); + do { + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + if (ret >= 0) + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, &key, &rng); + } while (ret == WC_PENDING_E); + wc_FreeRsaKey(&key); +} + +wolfAsync_DevClose(&devId); +``` + +## Build Options + +1. Async multi-threading can be disabled by defining `WC_NO_ASYNC_THREADING`. This only disables internal async threading functions. You are free to use other threading APIs or paradigms in your application. +2. Software benchmarks can be disabled by defining `NO_SW_BENCH`. +3. The `WC_ASYNC_THRESH_NONE` define can be used to disable the cipher thresholds, which are tunable values to determine at what size hardware should be used vs. software. +4. Use `WOLFSSL_DEBUG_MEMORY` and `WOLFSSL_TRACK_MEMORY` to help debug memory issues. QAT also supports `WOLFSSL_DEBUG_MEMORY_PRINT`. + + +## References + +### TLS Client/Server Async Example + +We have a full TLS client/server async examples here: + +* [https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-tls-epoll-perf.c](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/server-tls-epoll-perf.c) + +* [https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-perf.c](https://github.com/wolfSSL/wolfssl-examples/blob/master/tls/client-tls-perf.c) + +#### TLS Threaded epoll Example Building + +```sh +git clone git@github.com:wolfSSL/wolfssl-examples.git +cd wolfssl-examples +cd tls +# For QuickAssist: Uncomment QAT lines at top of Makefile +make +``` + +#### TLS Threaded epoll Example Usage + +```sh +$ ./client-tls-perf -? +perf 4.5.0 (NOTE: All files relative to wolfSSL home dir) +-? Help, print this usage +-p Port to listen on, not 0, default 11111 +-v SSL version [0-3], SSLv3(0) - TLS1.2(3)), default 3 +-l Cipher suite list (: delimited) +-c Certificate file, default ../certs/client-cert.pem +-k Key file, default ../certs/client-key.pem +-A Certificate Authority file, default ../certs/ca-cert.pem +-r Resume session +-n Benchmark connections +-N concurrent connections +-R bytes read from client +-W bytes written to client +-B Benchmark written bytes +``` + +#### TLS Threaded epoll Example Output + +```sh +$ sudo ./server-tls-epoll-threaded -n 10000 +$ sudo ./client-tls-perf -n 10000 + +wolfSSL Server Benchmark 16384 bytes + Num Conns : 10000 + Total : 18575.800 ms + Total Avg : 1.858 ms + t/s : 538.335 + Accept : 35848.428 ms + Accept Avg : 3.585 ms + Total Read bytes : 163840000 bytes + Total Write bytes : 163840000 bytes + Read : 402.212 ms ( 388.476 MBps) + Write : 591.469 ms ( 264.173 MBps) +``` + +## Change Log + +### wolfSSL Async Release v5.8.0 (May 01, 2025) +* Includes all wolfSSL v5.8.0 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-580-apr-24-2025 +* Update for libwolfssl_sources.h refactor. (https://github.com/wolfSSL/wolfAsyncCrypt/pull/77) + +### wolfSSL Async Release v5.7.4 (Oct 29, 2024) +* Includes all wolfSSL v5.7.4 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-574-oct-24-2024 + - Plus fixes for asynchronous release - SHA3/HMAC devId (https://github.com/wolfSSL/wolfssl/pull/8119) +* Fix for Intel QuickAssist RSA Key generation exponent result. (https://github.com/wolfSSL/wolfAsyncCrypt/pull/75) + +### wolfSSL Async Release v5.7.0 (Mar 21, 2023) +* Includes all wolfSSL v5.7.0 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-570-mar-20-2024 + +### wolfSSL Async Release v5.6.6 (Dec 20, 2023) +* Includes all wolfSSL v5.6.6 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-566-dec-19-2023 + - Plus wolfSSL PR 7085 fix for invalid `dh_ffdhe_test` for even P when using Intel QuickAssist. https://github.com/wolfSSL/wolfssl/pull/7085 +* Fix for missing `IntelQaFreeFlatBuffer` with DH enabled and no keygen. (broken in PR #71) +* Add return code checking for wc_AsyncThreadCreate_ex in exit_fail section for pthread_attr_destroy. (PR #72) + +### wolfSSL Async Release v5.6.4 (Oct 30, 2023) +* Fixes for support async with crypto or pk callbacks. +* Rename `WC_NOT_PENDING_E` -> `WC_NO_PENDING_E` + +### wolfSSL Async Release v5.6.3 (June 16, 2023) +* Includes all wolfSSL v5.6.3 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-563-jun-16-2023 +* Add sanity check of index devId before accessing array +* Use the blocking call from the async test + +### wolfSSL Async Release v5.6.0 (Mar 29, 2023) +* Includes all wolfSSL v5.6.0 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-560-mar-24-2023 +* wolfAsyncCrypt github repository became public. + +### wolfSSL Async Release v5.5.4 (Dec 22, 2022) + +* Includes all wolfSSL v5.5.4 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-554-dec-21-2022 +* Use the `wc_ecc_shared_secret_ex` version for async test. Requires https://github.com/wolfSSL/wolfssl/pull/5868 + +### wolfSSL Async Release v5.5.3 (Nov 8, 2022) + +* Includes all wolfSSL v5.5.1-v5.5.3 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-553-nov-2-2022 +* Fix for Intel QAT handling of sign R when cofactor is not 1. https://github.com/wolfSSL/wolfssl/pull/5737 and https://github.com/wolfSSL/wolfAsyncCrypt/pull/54 +* Fix check scalar bits for ECC cofactor. https://github.com/wolfSSL/wolfssl/pull/5737 +* Fixes for async sniffer: https://github.com/wolfSSL/wolfssl/pull/5734 + - Handling of packets with multiple TLS messages. + - Multiple back to back sessions. + - Ensure all pending queued packets are finished before ending pcap processing. +* Fix for various tests that do not properly handle `WC_PENDING_E`. https://github.com/wolfSSL/wolfssl/pull/5773 +* Revert "Fix for sniffer to decode out of order packets". https://github.com/wolfSSL/wolfssl/pull/5771 + +### wolfSSL Async Release v5.5.0 (Sep 2, 2022) + +* Includes all wolfSSL v5.5.0 fixes. See ChangeLog.md here: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-550-aug-30-2022 +* Fix for handling return codes from `pthread_attr_destroy`. +* Fix for async session tickets. https://github.com/wolfSSL/wolfssl/pull/5534 +* Fix for async with OCSP non-blocking in ProcessPeerCerts. https://github.com/wolfSSL/wolfssl/pull/5539 + +### wolfSSL Async Release v5.4.0 (July 11, 2022) +* Fix for DH trim of leading zeros to use memmove. +* Fix to print errors to stderr. +* Fix to consistently return the status of failed pthreads funcs. +* Move async device pointer (https://github.com/wolfSSL/wolfssl/pull/5149) + +### wolfSSL Async Release v5.3.0 (May 5, 2022) + +* Added Intel QuickAssist ECC Key Generation acceleration. Specifically point multiplication similar to our `wc_ecc_mulmod_ex2`. +* Fix for building Intel QAT with SP math all +* Fix for `error: unused function 'IntelQaFreeFlatBuffer'`. +* Fix for handling the Koblitz curve param "a", which is all zeros. +* Fixes for scan-build warnings. +* Includes wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/5101 + +### wolfSSL Async Release v5.2.0 (Feb 21, 2022) + +* Adds `WC_NO_ASYNC_SLEEP` option to hide wc_AsyncSleep for platforms that do not need it. +* Fix for async test anonymous union on some platforms (`#pragma anon_unions` and `HAVE_ANONYMOUS_INLINE_AGGREGATES`) +* Fixes for invalidPrintfArgType_sint (cppcheck) and readability-redundant-preprocessor (clang-tidy). + +### wolfSSL Async Release v5.1.0 (Jan 3rd, 2022) + + +### wolfSSL Async Release v5.0.0 (11/01/2021) + +* Fix for issue with QAT AES GCM input buffer already NUMA and not aligned. + +### wolfSSL Async Release v4.8.0 (07/14/2021) + +* Fix for new QAT 1.7 hash types warning. +* Updated Intel QAT 1.7 build instructions. +* Includes possible HAVE_WOLF_BIGINT leaks in PR https://github.com/wolfSSL/wolfssl/pull/4208 + +### wolfSSL Async Release v4.7.0 (02/20/2021) + +* Fix for ARC4 macro typo + +### wolfSSL Async Release v4.6.0 (12/21/2020) + +* Documentation updates. +* Fixes for Cavium Nitrox and Intel Quick Assist (wolfSSL/wolfssl#3577) with TLS v1.3 + +### wolfSSL Async Release v4.4.0 (04/24/2020) + +* Fix for uninitialized `supSha3` warning. +* Fix for use of incorrect devId for wolfSSL_SHA3_256_Init. +* Fix for QAT with Shake256. +* Fix for QAT example `./build.sh`. + +### wolfSSL Async Release v4.3.0 (12/20/2019) + +* Fix for async date override callback issue. +* Updates to Octeon README. + +### wolfSSL Async Release v4.2.0 (10/22/2019) + +* Fix for QuickAssist DH Agree issue with leading zero bytes. +* Fix for QuickAssist AES CBC issue with previous IV on back-to-back operations. +* Updates to QuickAssist README.md for latest QAT v1.7 driver. +* Instructions for Octeon III (CN7300) use. + +### wolfSSL Async Release v4.0.0 (03/25/2019) + +* Fix for building with QuickAssist v1.7 driver (4.4.0-00023) (was missing usdm_drv during configure with check). +* Fix for building async with file system disabled. +* Fix for SHA-3 runtime detection for not supported in hardware. + +### wolfSSL Async Release v3.15.8 (03/01/2019) - Intermediate release + +* Performance improvements for QuickAssist. +* Added new build option `QAT_POLL_RESP_QUOTA` to indicate maximum number of callbacks to service per poll. The default is 0 (all), was previously 8. +* Added useful QAT_DEBUG logging for ECC and DH operations. +* Cleanup whitespace in quickassist.c. +* Enhanced the Cavium macros for `CAVIUM_MAX_PENDING` and `CAVIUM_MAX_POLL` over-ridable. +* Added build-time override for benchmark thread count `WC_ASYNC_BENCH_THREAD_COUNT`. +* Fixes for wolfCrypt test with asynchronous support enabled and `--enable-nginx`. +* Fix to use QAT for ECC sign and verify when SP is enabled and key was initialized with devId. +* Fixes issues with wolfCrypt test and QAT not properly calling "again" for the ECC sign, verify and shared secret. +* Correct the output for multi-threaded benchmark using `-base10` option. +* Fixes to QAT HMAC enables in benchmark tool. +* Adds new `NO_HW_BENCH` to support using multi-threaded software only benchmarks. + +### wolfSSL Async Release v3.15.7 (12/27/2018) + +* Fixes for various analysis warnings (https://github.com/wolfSSL/wolfssl/pull/2003). +* Added QAT v1.7 driver support. +* Added QAT SHA-3 support. +* Added QAT RSA Key Generation support. +* Added support for new usdm memory driver. +* Added support for detecting QAT version and features. +* Added `QAT_ENABLE_RNG` option to disable QAT TRNG/DRBG. +* Added alternate hashing method to cache all updates (avoids using partial updates). + +### wolfSSL Async Release v3.15.5 (11/09/2018) + +* Fixes for various analysis warnings (https://github.com/wolfSSL/wolfssl/pull/1918). +* Fix for QAT possible double free case where `ctx->symCtx` is not trapped. +* Improved QAT debug messages when using `QAT_DEBUG`. +* Fix for QAT RNG to allow zero length. This resolves PSS case where `wc_RNG_GenerateBlock` is called for saltLen == 0. + + +### wolfSSL Async Release v3.15.3 (06/20/2018) + +* Fixes for fsantize tests with Cavium Nitrox V. +* Removed typedef for `CspHandle`, since its already defined. +* Fixes for a couple of fsanitize warnings. +* Fix for possible leak with large request to `IntelQaDrbg`. + +### wolfSSL Async Release v3.14.4 (04/13/2018) + +* Added Nitrox V ECC. +* Added Nitrox V SHA-224 and SHA-3 +* Added Nitrox V AES GCM +* Added Nitrox III SHA2 384/512 support for HMAC. +* Added error code handling for signature check failure. +* Added error translate for `ERR_PKCS_DECRYPT_INCORRECT` +* Added useful `WOLFSSL_NITROX_DEBUG` and show count for pending checks. +* Cleanup of Nitrox symmetric processing to use single while loops. +* Cleanup to only include some headers in cavium_nitrox.c port. +* Fixes for building against Nitrox III and V SDK. +* Updates to README.md with required CFLAGS/LDFLAGS when building without ./configure. +* Fix for Intel QuickAssist HMAC to use software for unsupported hash algorithms. + + +### wolfSSL Async Release v3.12.2 (10/22/2017) + +* Fix for HMAC QAT when block size aligned. The QAT HMAC final without any buffers will fail incorrectly (bug in QAT 1.6). +* Nitrox fix for rename of `ContextType` to `context_type_t`. Updates to Nitrox README.md. +* Workaround for `USE_QAE_THREAD_LS` issue with realloc from a different thread. +* Fix for hashing to allow zero length. This resolves issue with new empty hash tests. +* Fix bug with blocking async where operation was being free'd before completion. Set freeFunc prior to performing operation and check ret code in poll. +* Fix leak with cipher symmetric context close. +* Fix QAT_DEBUG partialState offset. +* Fixes for symmetric context caching. +* Refactored async event initialization so its done prior to making possible async calls. +* Fix to resolve issue with QAT callbacks and multi-threading. +* The cleanup is now handled in polling function and the event is only marked done from the polling thread that matches the originating thread. +* Fix possible mem leak with multiple threads `g_qatEcdhY` and `g_qatEcdhCofactor1`. +* Fix the block polling to use `ret` instead of `status`. +* Change order of `IntelQaDevClear` and setting `event->ret`. +* Fixes to better handle threading with async. +* Refactor of async event state. +* Refactor to initialize event prior to operation (in case it finishes before adding to queue). +* Fixes issues with AES GCM decrypt that can corrupt up to authTag bytes at end of output buffer provided. +* Optimize the Hmac struct to replace keyRaw with ipad. +* Enhancement to allow reuse of the symmetric context for ciphers. +* Fixes for QuickAssist (QAT) multi-threading. Fix to not set return code until after callback cleanup. +* Disable thread binding to specific CPU by default (enabled now with `WC_ASYNC_THREAD_BIND`). +* Added optional define `QAT_USE_POLLING_CHECK ` to have only one thread polling at a time (not required and doesn't improve performance). +* Reduced default QAT_MAX_PENDING for benchmark to 15 (120/num_threads). +* Fix for IntelQaDrbg to handle buffer over 0xFFFF in length. +* Added working DRBG and TRNG implementations for QAT. +* Fix to set callback status after ret and output have been set. Cleanup of the symmetric context. +* Updates to support refactored dynamic types. +* Fix for QAT symmetric to allow NULL authTag. +* Fix GCC 7 build warning with braces. +* Cleanup formatting. + +### wolfSSL Async Release v3.11.0 (05/05/2017) + +* Fixes for Cavium Nitrox III/V. + - Fix with possible crash when using a request Id that is already complete, due to partial submissions not marking event done. + - Improvements to max buffer lengths. + - Fixes to handle various return code patterns with CNN55XX-SDK. + - All Nitrox V tests and benchmarks pass. Bench: RSA 2048-bit public 336,674 ops/sec and private (CRT) 66,524 ops/sec. + +* Intel QuickAssist support and various async fixes/improvements: + - Added support for Intel QuickAssist v1.6 driver with QuickAssist 8950 hardware + - Added QAE memory option to use static memory list instead of dynamic list using `USE_QAE_STATIC_MEM`. + - Added tracking of deallocs and made the values signed long. + - Improved code for wolf header check and expanded to 16-byte alignment for performance improvement with TLS. + - Added ability to override limit dev access parameters and all configurable QAT fields. + - Added async simulator tests for DH, DES3 CBC and AES CBC/GCM. + - Rename AsyncCryptDev to WC_ASYNC_DEV. + - Refactor to move WOLF_EVENT into WC_ASYNC_DEV. + - Refactor the async struct/enum names to use WC_ naming. + - Refactor of the async event->context to use WOLF_EVENT_TYPE_ASYNC_WOLFSSL or WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT to indicate the type of context pointer. + - Added flag to WOLF_EVENT which is used to determine if the async complete should call into operation again or goto next `WC_ASYNC_FLAG_CALL_AGAIN`. + - Cleanup of the "wolfAsync_DevCtxInit" calls to make sure asyncDev is always cleared if invalid device id is used. + - Eliminated WOLFSSL_ASYNC_CRYPT_STATE. + - Removed async event type WOLF_EVENT_TYPE_ASYNC_ANY. + - Enable the random extra delay option by default for simulator as it helps catch bugs. + - Cleanup for async free to also check marker. + - Refactor of the async wait and handle to reduce duplicate code. + - Added async simulator test for RSA make key. + - Added WC_ASYNC_THRESH_NONE to allow bypass of threshold for testing + - Added static numbers for the async sim test types, for easier debugging of the “testDev->type†value. + - Populate heap hint into asyncDev struct. + - Enhancement to cache the asyncDev to improve poll performance. + - Added async threading helpers and new wolfAsync_DevOpenThread. + - Added WC_NO_ASYNC_THREADING to prevent async threading. + - Added new API “wc_AsyncGetNumberOfCpus†for getting number of CPU’s. + - Added new “wc_AsyncThreadYield†API. + - Added WOLF_ASYNC_MAX_THREADS. + - Added new API for wolfAsync_DevCopy. + - Fix to make sure an async init failure sets the deviceId to INVALID_DEVID. + - Fix for building with async threading support on Mac. + - Fix for using simulator so it supports multiple threads. + +* Moved Intel QuickAssist and Cavium Nitrox III/V code into async repo. +* Added new WC_ASYNC_NO_* options to allow disabling of individual async algorithms. + - New defines are: WC_ASYNC_NO_CRYPT, WC_ASYNC_NO_PKI and WC_ASYNC_NO_HASH. + - Additionally each algorithm has a WC_ASYNC_NO_[ALGO] define. + + +### wolfSSL Async Release v3.9.8 (07/25/2016) + +* Asynchronous wolfCrypt and Cavium Nitrox V support. + +### wolfSSL Async Release v3.9.0 (03/04/2016) + +* Initial version with async simulator and README.md. + + +## Support + +For questions email wolfSSL support at support@wolfssl.com diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/README.md 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -8,8 +8,8 @@ and excellent cross platform support. wolfSSL supports industry standards up to the current [TLS 1.3](https://www.wolfssl.com/tls13) and DTLS 1.3, is up to 20 times smaller than OpenSSL, and offers progressive ciphers such as ChaCha20, -Curve25519, Blake2b and Post-Quantum TLS 1.3 groups. User benchmarking and -feedback reports dramatically better performance when using wolfSSL over +Curve25519, BLAKE2b/BLAKE2s and Post-Quantum TLS 1.3 groups. User benchmarking +and feedback reports dramatically better performance when using wolfSSL over OpenSSL. wolfSSL is powered by the wolfCrypt cryptography library. Two versions of @@ -57,6 +57,29 @@ `WOLFSSL_ALLOW_NO_SUITES` in the event that you desire that, i.e., you're not using TLS cipher suites. +### AES CryptoCB Key Import Support + +wolfSSL supports hardware-accelerated AES operations via CryptoCB. + +When `WOLF_CRYPTO_CB_AES_SETKEY` is defined, wolfSSL invokes a CryptoCB +callback during AES key setup. The callback behavior determines the mode: + +**If callback returns 0 (success):** +- Key is imported to Secure Element/HSM +- Key is NOT copied to wolfSSL RAM (true key isolation) +- GCM tables are NOT generated (full hardware offload) +- All subsequent AES operations route through CryptoCB + +**If callback returns CRYPTOCB_UNAVAILABLE:** +- SE doesn't support key import +- Normal software AES path is used +- Key is copied to devKey for CryptoCB encrypt/decrypt acceleration + +This feature enables TLS 1.3 traffic key protection on embedded platforms +where symmetric keys must never exist in main RAM. + +Enable with: `CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"` + ### Note 2 wolfSSL takes a different approach to certificate verification than OpenSSL does. The default policy for the client is to verify the server, this means @@ -80,77 +103,174 @@ `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.8.4 (Nov. 20, 2025) +# wolfSSL Release 5.9.1 (Apr. 8, 2026) -Release 5.8.4 has been developed according to wolfSSL's development and QA +Release 5.9.1 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance -NOTE: * --enable-heapmath is deprecated - * MD5 is now disabled by default +NOTE: +* --enable-heapmath is deprecated +* MD5 is now disabled by default PR stands for Pull Request, and PR references a GitHub pull request number where the code change was added. ## Vulnerabilities -* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of X25519, which is now turned on as the default for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275. +* [Critical] CVE-2026-5194 +Missing hash/digest size and OID checks allow digests smaller than allowed by FIPS 186-4 or 186-5 (as appropriate), or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions, reducing the security of certificate-based authentication. Affects multiple signature algorithms, including ECDSA/ECC, DSA, ML-DSA, ED25519, and ED448. Builds that have both ECC and EdDSA or ML-DSA enabled that are doing certificate verification are recommended to update to the latest wolfSSL release. Thanks to Nicholas Carlini from Anthropic for the report. Fixed in PR 10131. + +* [High] CVE-2026-5264 +Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH). Fixed in PR 10076. + +* [High] CVE-2026-5263 +URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. Thanks to Oleh Konko @1seal for the report. Fixed in PR 10048. + +* [High] CVE-2026-5295 +Stack buffer overflow in PKCS7 ORI (Other Recipient Info) OID processing. When parsing a PKCS7 envelope with a crafted ORI OID value, a stack-based buffer overflow can be triggered. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH). Fixed in PR 10116. + +* [High] CVE-2026-5466 +wolfSSL's ECCSI signature verifier `wc_VerifyEccsiHash` decodes the `r` and `s` scalars from the signature blob via `mp_read_unsigned_bin` with no check that they lie in `[1, q-1]`. A crafted forged signature could verify against any message for any identity, using only publicly-known constants. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5477 +Potential for AES-EAX AEAD and CMAC authentication bypass on messages larger than 4 GiB. An attacker who observes one valid (ciphertext, tag) pair for a >4 GiB EAX message can replace the first 4 GiB of ciphertext arbitrarily while the tag still verifies. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5447 +Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10112. + +* [High] CVE-2026-5500 +wolfSSL's `wc_PKCS7_DecodeAuthEnvelopedData()` does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the `mac` field from 16 bytes to 1 byte, reducing the tag check from 2â»Â¹Â²â¸ to 2â»â¸. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5501 +`wolfSSL_X509_verify_cert()` in the OpenSSL compatibility layer accepts a certificate chain in which the leaf's signature is not checked, if the attacker supplies an untrusted intermediate with Basic Constraints `CA:FALSE` that is legitimately signed by a trusted root. An attacker who obtains any leaf certificate from a trusted CA (e.g. a free DV cert from Let's Encrypt) can forge a certificate for any subject name with any public key and arbitrary signature bytes, and the function returns `WOLFSSL_SUCCESS` / `X509_V_OK`. The native wolfSSL TLS handshake path (`ProcessPeerCerts`) is not susceptible and the issue is limited to applications using the OpenSSL compatibility API directly. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [High] CVE-2026-5503 +In TLSX_EchChangeSNI, the ctx->extensions branch set extensions unconditionally even when TLSX_Find returned NULL. This caused TLSX_UseSNI to attach the attacker-controlled publicName to the shared WOLFSSL_CTX when no inner SNI was configured. TLSX_EchRestoreSNI then failed to clean it up because its removal was gated on serverNameX != NULL. The inner ClientHello was sized before the pollution but written after it, causing TLSX_SNI_Write to memcpy 255 bytes past the allocation boundary. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10102. + +* [Med] CVE-2026-5392 +Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData(). This only affects builds with PKCS7 support enabled. Thanks to J Laratro (d0sf3t) for the report. Fixed in PR 10039. + +* [Med] CVE-2026-5446 +ARIA-GCM nonce reuse in TLS 1.2 record encryption. ARIA cipher support requires a proprietary Korean library (MagicCrypto) and --enable-aria, limiting real-world exposure. Thanks to Calif.io in collaboration with Claude and Anthropic Research for the report. Fixed in PR 10111. + +* [Med] CVE-2026-5460 +When a malicious TLS 1.3 server sends a ServerHello with a truncated PQC hybrid KeyShare (e.g., P256_ML_KEM_512 with 10 bytes instead of the required 768+), the error cleanup path double-frees the KyberKey. Thanks to Calvin Young (eWalker Consulting Inc.) and Enoch Chow (Isomorph Cyber). Fixed in PR 10092. -* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak through multiple KeyShareEntry with the same group in malicious TLS 1.3 ClientHello messages. This affects users who are running wolfSSL on the server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9117. +* [Med] CVE-2026-5504 +A padding oracle exists in wolfSSL's PKCS7 CBC decryption that could allow an attacker to recover plaintext through repeated decryption queries with modified ciphertext. In previous versions of wolfSSL the interior padding bytes are not validated. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. -* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello that has a key share extension and the server responds with a ServerHello that does not have a key share extension the connection would previously continue on without using PFS. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9112. +* [Med] CVE-2026-5507 +When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the application to call specific session restore APIs. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon of Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10088. -* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256 during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported signature algorithm the server previously could respond as ECDSA P256 being the accepted signature algorithm and the connection would continue with using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9113. +* [Low] CVE-2026-5187 +Heap out-of-bounds write in DecodeObjectId() caused by an off-by-one bounds check combined with a sizeof mismatch. A crafted ASN.1 object identifier can trigger a small heap OOB write. Thanks to Yuteng for the report. Fixed in PR 10025. +* [Low] CVE-2026-5188 +An integer underflow issue exists in wolfSSL when parsing the Subject Alternative Name (SAN) extension of X.509 certificates. A malformed certificate can specify an entry length larger than the enclosing sequence, causing the internal length counter to wrap during parsing. This results in incorrect handling of certificate data. The issue is limited to configurations using the original ASN.1 parsing implementation. The original ASN.1 parsing implementation is off by default. Thanks to Muhammad Arya Arjuna Habibullah for the report. Fixed in PR 10024. -* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension parsing. Previously duplicate CKS extensions were not rejected leading to a potential memory leak when processing a ClientHello. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9132. +* [Low] CVE-2026-5448 +X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL. Thanks to Sunwoo Lee and Seunghyun Yoon, Korea Institute of Energy Technology (KENTECH) for the report. Fixed in PR 10071. +* [Low] CVE-2026-5772 +A 1-byte stack buffer over-read exists in the MatchDomainName function in src/internal.c when processing wildcard patterns with the LEFT_MOST_WILDCARD_ONLY flag active. When a wildcard '*' exhausts the entire hostname string (strLen reaches 0), the function proceeds to compare remaining pattern characters against the now-exhausted buffer without a bounds check, causing an out-of-bounds read. Thanks to Zou Dikai for the report. Fixed in PR 10119. -* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS connections, only from direct calls from an application. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +* [Low] CVE-2026-5778 +An integer underflow exists in the ChaCha20-Poly1305 decryption path where a malformed TLS 1.2 record with a payload shorter than the AEAD MAC size causes the message length calculation to underflow, resulting in an out-of-bounds read. This only affects sniffer builds. Thanks to Zou Dikai for the report. Fixed in PR 10125. -* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The server previously verified the TLS 1.3 PSK binder using a non-constant time method which could potentially leak information about the PSK binder. Thanks to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223. +## Experimental Build Vulnerability -* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest, specifically a weaker digest, rather than those in the CertificateRequest. Thanks to Jaehun Lee from Pohang University of Science and Technology (POSTECH) for the report. Fixed in PR 9395 +* [Med] CVE-2026-5393 +Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for testing the fix. Fixed in PR 10079. ## New Features -* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049) -* Initial wolfCrypt FreeBSD kernel module support (PR 9392) -* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage / OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7 builds with AES keywrap unset. (PR 9018, 9029, 9032) -* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free operations. (PR 9002, 9309) -* Add support for certificate_authorities extension in ClientHello and certificate manager CA-type selection/unloading. (PR 9209, 9046) -* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha, hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328, 9368, 9389, 9357, 9433) -* Rust: support optional heap and dev_id parameters and enable conditional compilation based on C build options. (PR 9407, 9433) -* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware acceleration additions. (PR 9228, 9256, 9185) -* STM32U5 added support for SAES and DHUK. (PR 9087) -* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR 9174) - -## Improvements / Optimizations -* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples, libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096, 9141, 9091, 9122, 9388) -* Improved test ordering and CI test stability (random tests run order changes, FIPS test fixes). (PR 9204, 9257) -* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and example certificate renewals. (PR 9131, 9293, 9262, 9429) -* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add Fetchmail and OpenVPN). (PR 9398, 9413) -* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements. (PR 8902, 9055) -* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family digest selection) and improved crypto-only build cases. (PR 9070, 9252, 9271, 9100, 9194) -* AES & HW offload improvements including AES-CTR support in PKCS11 driver and AES ECB offload sizing fix. (PR 9277, 9364) -* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR 8987, 9225, 9264) -* Renesas FSP / RA examples updated and security-module TLS context improvements. (PR 9047, 9010, 9158, 9150) -* Broad configure/CMake/Autotools workflow improvements (Apple options tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037, 9167, 9161, 9264) -* New assembly introspection / performance helpers for RISC-V and PPC32; benchmarking enhancements (cycle counts). (PR 9101, 9317) -* Update to SGX build for using assembly optimizations. (PR 8463, 9138) -* Testing with Fil-C compiler version to 0.674 (PR 9396) -* Refactors and compressing of small stack code (PR 9153) +* Enabled PQC algorithm ML-KEM (FIPS203) on by default. by @Frauschi (PR 9732) +* Added brainpool curve support to wolfSSL_CTX_set1_sigalgs_list. by @kojo1 (PR 9993) +* Implemented wolfSSL_Atomic_Int_Exchange() in wolfssl/wolfcrypt/wc_port.h and wolfcrypt/src/wc_port.c. by @douzzer (PR 10036) +* Added a GPLv2 license exception for VDE (Virtual Distributed Ethernet) to the licensing terms. by @danielinux (PR 10107) +* Added DTLS 1.3/TLS 1.3 write-dup (Duplicate SSL) support so the read-side can delegate post-handshake work (KeyUpdate responses, DTLS13 ACK sending, post-handshake auth) to the write-side, along with new tests and CI coverage. (PR 10006) + +## Post-Quantum Cryptography (PQC) +* Fixed Dilithium API to use byte type for context length parameters, enforcing the 0–255 byte constraint. by @SparkiDev (PR 10010) +* Fixed benchmarking for ML-DSA with static memory enabled. by @JacobBarthelmeh (PR 9970) +* Added checks to verify the private key is set before performing private key operations in Ed25519, Ed448, ML-DSA, and ML-KEM. by @anhu (PR 10083) +* Added buffer size and callback validation checks to wc_LmsKey_Sign to prevent signing with insufficient output buffer or missing required callbacks. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10084) +* Fixed an out-of-bounds shift in the ML-DSA implementation by ensuring the cast is performed before large shift operations in dilithium.c. Thanks to Dominik Blain / COBALT Security for the bug report. by @padelsbach (PR 10096) +* Zeroize sensitive memory buffers in the ML-DSA (Dilithium) implementation to prevent leakage of cryptographic material. by @Frauschi (PR 10100) +* Fixed undefined behavior in SLH-DSA key initialization by casting to unsigned before performing a left shift that could set the MSB. by @padelsbach (PR 10104) +* Added null checks for buffer size and callback validity in the external wc_LmsKey_Sign function to prevent CI failures. by @padelsbach (PR 10105) +* Ensured that the heap buffer used (among others) to store sensitive data during ML-DSA signing is zeroized before freeing the memory. Thanks to Abhinav Agarwal (@abhinavagarwal07) for the report. (PR 10113) +* The legacy non-context ML-DSA (Dilithium) API is now guarded behind WOLFSSL_DILITHIUM_NO_CTX, making the context-aware FIPS 204 API the default and adding a no-ctx configure option to explicitly re-enable the legacy path. by @Frauschi (PR 10047) + +## TLS/DTLS +* Fixed handling of OCSP_WANT_READ return value in the TLS 1.3 handshake message type processing to prevent incorrect error propagation during OCSP stapling operations. by @julek-wolfssl (PR 9995) +* Fixed a bug in the HPKE implementation where the KDF digest was incorrectly used for the KEM, and refactored HPKE-related code out of the TLS/ECH layer into dedicated local functions, adding tests for all 24 algorithm combination variants. by @sebastian-carpenter (PR 9999) +* Fixed DTLS 1.3 ServerHello to not echo the legacy_session_id field, bringing the implementation into compliance with the DTLS 1.3 specification. by @julek-wolfssl (PR 10007) +* Fixed a TLS 1.3 server issue where a mismatched ciphersuite in a second ClientHello following a HelloRetryRequest was incorrectly accepted instead of rejected. by @sebastian-carpenter (PR 10034) +* Fixed a possible memory leak in ECC non-blocking cryptography operations within the TLS layer. by @dgarske (PR 10065) +* Fixed multiple correctness issues in DTLS 1.3 and TLS 1.3 including wrong return values, missing bounds checks, a PSK identity buffer overread, swapped server/client parameters in finished secret derivation, a static array data race, resource leaks, and a potential NULL dereference in the SM3 exporter path. by @gasbytes (PR 10117) + +## ASN and Certificate Parsing +* Added wolfSSL_check_ip_address() to support filtering connections based on Subject Alternative Name (SAN) IP address entries, mirroring the existing domain name check functionality. by @padelsbach (PR 9935) +* Added host name verification from the verification context parameter when calling wolfSSL_X509_verify_cert. by @julek-wolfssl (PR 9952) +* Moved non-template (WOLFSSL_ASN_ORIGINAL) code into asn_orig.c and include from asn.c. by @dgarske (PR 9920) +* Fixed additional potential null pointer dereferences in ASN parsing code identified by Coverity static analysis. by @rlm2002 (PR 9990) +* Fixed wolfssl/wolfcrypt/asn.h to directly include wolfssl/wolfcrypt/sha512.h for WC_SHA384_DIGEST_SIZE and WC_SHA512_DIGEST_SIZE. Previously this relied on transitive include order and broke builds where asn.h is parsed before hash.h/sha512.h. by @danielinux (PR 10014) +* Removed FIPS-conditional guards from the GetASN_BitString length check so the validation applies in all builds. by @embhorn (PR 10027) +* Added validation to reject negative ASN.1 integers in CRL number fields during decoding, preventing an overflow that could corrupt the adjacent hash field. Thanks to Sunwoo Lee for the bug report. by @padelsbach (PR 10087) + +## Hardware and Embedded Ports +* Fixed SE050 hardware security module integration by routing RSA-PSS sign/verify operations through the software path to prevent double-hashing, releasing persistent SE050 key slots on free for RSA, ECC, Ed25519, and Curve25519 keys, and adding missing mutex unlock calls before early returns in RSA crypto functions. by @LinuxJedi (PR 9912) +* When WOLFSSL_NO_HASH_RAW is defined due to hardware hash offload, turn on LMS and XMSS full hash. Without this they will not compile automatically when there is hardware SHA acceleration. by @LinuxJedi (PR 9946) +* Applied AI-review fixes across hardware and embedded port implementations spanning Espressif, Renesas, Silicon Labs, NXP, STM32, TI, Xilinx, and numerous other targets to improve correctness and code quality. by @SparkiDev (PR 10003) +* Fixed issues found by the testing of the MAX32666 tests. by @night1rider (PR 10035) +* Fixed buffer overflows, key material exposure, mutex leaks, and logic errors across hardware crypto port backends. by @JeremiahM37 (PR 10080) + +## Rust Wrapper +* Released version 1.2.0 of the wolfssl-wolfcrypt Rust crate with updated changelog and README. by @holtrop-wolfssl (PR 9953) +* Updated the Rust wrapper's build script to support cross-compiling and bare-metal targets, including RISC-V architectures. by @holtrop-wolfssl (PR 10031) + +## Build System and Portability +* Removed default declaration of WC_ALLOC_DO_ON_FAILURE. by @julek-wolfssl (PR 9905) +* Refactored wc_Hash* so that known wc_HashType values are unconditionally defined in enum wc_HashType, and always either succeed if used properly, or return HASH_TYPE_E if gated out or used improperly; added detailed error code tracing. by @douzzer (PR 9937) +* Removed the forced enabling of MD5 when building with --enable-jni so that MD5 can be explicitly disabled in FIPS builds. by @mattia-moffa (PR 10011) +* Changed the example server/client to not modify macro defines that come from how the wolfSSL library is configured when built. by @JacobBarthelmeh (PR 10037) +* Added __extension__ to __GNUC__&&!__STRICT_ANSI__ variant of wc_debug_trace_error_codes_enabled() in wolfssl/wolfcrypt/error-crypt.h, to inhibit false positive "error: ISO C forbids braced-groups within expressions" with -pedantic. by @douzzer (PR 10041) +* Fixed IAR compiler warnings about undefined volatile access order by reading volatile values into local copies before use in expressions. by @embhorn (PR 10045) +* Automatically enables WOLFSSL_SP_4096 when WOLFSSL_HAVE_SP_DH is defined under the --enable-usersettings configuration to fix a missing dependency for C# user settings builds. by @kojo1 (PR 10054) +* Added volatile casting to a port header definition to address a correctness issue. by @anhu (PR 10062) +* Extended the WC_MAYBE_UNUSED macro definition to cover GCC versions greater than 3 to fix a build error in GCC 3.4.0. by @embhorn (PR 10101) +* Fixed a compile error when building with --enable-crl and --disable-ecc by adding the appropriate preprocessor guards around SetBitString in asn.c. by @padelsbach (PR 10118) +* Fixed -Wcast-qual hygiene in wolfCrypt. by @douzzer (PR 10120) ## Bug Fixes -* Removed the test feature using popen when defining the macro WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with having the macro HAVE_HTTP_CLIENT set. There was the potential for vulnerable behavior with the use of popen when the API wolfSSL_BIO_new_connect() was called with this specific build. This exact build configuration is only intended for testing with QEMU and is not enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the report. (PR 9038) -* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw public key import when using the API Ed25519ImportPublic.This was a broken API with the C# wrapper that would crash on use. Thanks to Luigino Camastra from Aisle Research for the bug report. (PR 9291) -* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324) -* TLS 1.2/DTLS improvements: client message order checks, DTLS cookie/exchange and replay protections, better DTLS early-data handling. (PR 9387, 9253, 9205, 9367) -* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints, restore inner server name for ECH, retrying cert candidate chains. (PR 8890, 9234, 8692) -* Sniffer robustness: fix infinite recursion, better handling of OOO appData and partial overlaps, and improved retransmission detection. (PR 9051, 9106, 9140, 9094) -* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067, 9111, 9121) -* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439) -* Avoid uninitialized-variable and GCC warnings; several fixes for undefined-shift/overflow issues. (PR 9020, 9372, 9195) -* Memory & leak fixes in X509 verification and various struct sizing fixes for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036) -* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031, 9263) +* Fixed stack memory tracking for the wolfCrypt benchmark. by @Frauschi (PR 9983) +* Fixed a bug in FillSigner where pubKeyStored and subjectCNStored flags were not cleared after transferring pointers from a DecodedCert to a signer, preventing stale NULL pointers from being copied on subsequent calls. by @embhorn (PR 10033) +* Fixed a heap overflow in ssl_DecodePacketInternal caused by silent truncation when summing 64-bit iov_len values into a 32-bit integer, which resulted in an undersized buffer allocation followed by an out-of-bounds copy. by @embhorn (PR 10017) +* Added a bounds check in GetSafeContent to prevent an unsigned integer underflow in the content size calculation when the OID parsed by GetObjectId exceeds the declared ContentInfo SEQUENCE length. by @embhorn (PR 10018) +* Fixed a potential double free issue in non-blocking async handling within ASN parsing. by @dgarske (PR 10022) +* Fixed bounds checking and buffer size calculation in DecodeObjectId to correctly validate two output slots before writing and pass the proper element count instead of byte count when handling unknown ASN.1 extensions. by @embhorn (PR 10025) +* Fixed stack buffer overflow in RSA exponent print via wolfSSL_EVP_PKEY_print_public in evp.c. Printing an RSA public key with a large exponent can overflow a stack buffer in the EVP printing routine. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10088) +* Fixed sanity check on hashLen provided to wc_dilithium_verify_ctx_hash. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the bug report. (PR 10131) +* Disallowed wildcard partial domains when using MatchDomainName. Thanks to Oleh Konko (@1seal) for the report. (PR 9991) +* Fixed a buffer underflow that occurred when a zero-length size was passed to the devcrypto AES-CBC implementation. by @JeremiahM37 (PR 10005) +* Routed BIO_ctrl_pending, BIO_reset, and BIO_get_mem_data through the custom method's ctrlCb when set, enabling fully custom BIO types to handle these operations. by @julek-wolfssl (PR 10004) +* Fixed multiple issues in the SP integer implementation including negative number handling, edge cases when a->used is zero, missing bounds checks, and redundant code, while also re-implementing wc_PKCS12_PBKDF() without MP and adding 128-bit integer types for cleaner PKCS#12 support. by @SparkiDev (PR 10020) +* Fixed functional bugs in x86_64 AES-XTS register clobbering and ARM32 multiply/accumulate source registers, along with assembly label typos, instruction mnemonic corrections, and comment fixes across AES, ChaCha, SHA-3, SHA-512, ML-KEM, and Curve25519 assembly for x86_64, ARM32, and ARM64 targets. by @SparkiDev (PR 10023) +* Fixed a bug in the SP non-blocking ECC mont_inv_order function where the last bit was not being processed during modular inverse computation. by @SparkiDev (PR 10044) +* Added bounds check to prevent potential out-of-bounds access when parsing end-of-content octets in PKCS7 streaming indefinite-length encoding. by @anhu (PR 10039) +* Refactored the "Increment B by 1" loop in wc_PKCS12_PBKDF_ex() to avoid bugprone-inc-dec-in-conditions. by @douzzer (PR 10059) +* Fixed OpenSSL compatibility layer ASN1_INTEGER and ASN1_STRING to be compatible structs. by @julek-wolfssl (PR 10089) +* Fixed potential data truncation in wc_XChaCha20Poly1305_crypt_oneshot() by replacing long int casts with size_t to correctly handle 64-bit sizes on platforms where long int is 32-bit. by @rlm2002 (PR 10091) +* Fixed error handling in the Linux kernel AES AEAD glue code so that scatterwalk_map failures correctly propagate an error code instead of returning success with uninitialized data. by @sameehj (PR 9996) +* Fixed DTLS Fragment Reassembly to not read uninitialized heap contents. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10090) +* Fixed DTLS 1.3 word16 truncation on handshake send size. A handshake message exceeding 65535 bytes causes silent integer truncation when the size is stored in a word16, leading to malformed or truncated handshake transmissions. Thanks to Sunwoo Lee, Woohyun Choi, and Seunghyun Yoon (Korea Institute of Energy Technology, KENTECH) for the report. (PR 10103) +* Fixed invalid-pointer-pair memory errors reported by clang sanitizer with detect_invalid_pointer_pairs=2 in ASAN_OPTIONS. by @douzzer (PR 10095) +* Hardened default builds by enabling ECC curve validation unconditionally, removing the previous dependency on USE_ECC_B_PARAM. Users on older versions can also harden their builds by enabling WOLFSSL_VALIDATE_ECC_IMPORT. by @Frauschi (PR 10133) + +## Documentation and Maintenance +* Added inline Doxygen documentation for previously undocumented macros across TLS, cryptography, and ASN source files, and corrected spelling errors throughout the codebase. by @dgarske (PR 9992) +* Fixed typos in documentation for SSL API function argument descriptions. by @dgarske (PR 10021) +* Updated documentation to reflect support for both FIPS 140-2 and FIPS 140-3. by @anhu (PR 10061) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Make.defs mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Make.defs --- mariadb-11.8.6/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Make.defs 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Make.defs 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ ############################################################################ # apps/crypto/wolfssl/Make.defs # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/RTOS/nuttx/wolfssl/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ ############################################################################ # apps/crypto/wolfssl/Makefile # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/SCRIPTS-LIST mariadb-11.8.8/extra/wolfssl/wolfssl/SCRIPTS-LIST --- mariadb-11.8.6/extra/wolfssl/wolfssl/SCRIPTS-LIST 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/SCRIPTS-LIST 2026-05-24 09:58:33.000000000 +0000 @@ -11,8 +11,6 @@ fips-check.sh - checks if current wolfSSL version works against FIPS wolfCrypt comment out last line to leave working directory -async-check.sh - internal script for validating wolfSSL Async using the simulator. - gencertbuf.pl - creates certs_test.h, our certs / keys C array for easy non filesystem testing diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/async-check.sh mariadb-11.8.8/extra/wolfssl/wolfssl/async-check.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/async-check.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/async-check.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,104 +0,0 @@ -#!/usr/bin/env bash - -# This script creates symbolic links to the required asynchronous -# file for using the asynchronous simulator and make check - -# Fail on any error in script -set -e - -ASYNC_REPO=https://github.com/wolfSSL/wolfAsyncCrypt.git -ASYNC_DIR=${ASYNC_DIR:-wolfAsyncCrypt} - -function Usage() { - printf "Usage: $0 [install|uninstall|test|remove]\n" - printf "\tinstall - get and set up links to wolfAsyncCrypt files\n" - printf "\tuninstall - remove the links to wolfAsyncCrypt\n" - printf "\ttest - install and run 'make check'\n" - printf "\tremove - uninstall and remove wolfAsyncCrypt\n" -} - -function UnlinkFiles() { - unlink ./wolfcrypt/src/async.c - unlink ./wolfssl/wolfcrypt/async.h - unlink ./wolfcrypt/src/port/intel/quickassist.c - unlink ./wolfcrypt/src/port/intel/quickassist_mem.c - unlink ./wolfcrypt/src/port/intel/README.md - unlink ./wolfssl/wolfcrypt/port/intel/quickassist.h - unlink ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h - unlink ./wolfcrypt/src/port/cavium/cavium_nitrox.c - unlink ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h - unlink ./wolfcrypt/src/port/cavium/README.md - - # restore original README.md files - git checkout -- wolfcrypt/src/port/cavium/README.md - git checkout -- wolfcrypt/src/port/intel/README.md -} - -function LinkFiles() { - # link files - ln -s -f ../../${ASYNC_DIR}/wolfcrypt/src/async.c ./wolfcrypt/src/async.c - ln -s -f ../../${ASYNC_DIR}/wolfssl/wolfcrypt/async.h ./wolfssl/wolfcrypt/async.h - ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/quickassist.c ./wolfcrypt/src/port/intel/quickassist.c - ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/quickassist_mem.c ./wolfcrypt/src/port/intel/quickassist_mem.c - ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/intel/README.md ./wolfcrypt/src/port/intel/README.md - ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/intel/quickassist.h ./wolfssl/wolfcrypt/port/intel/quickassist.h - ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/intel/quickassist_mem.h ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h - ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/cavium/cavium_nitrox.c ./wolfcrypt/src/port/cavium/cavium_nitrox.c - ln -s -f ../../../../${ASYNC_DIR}/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h - ln -s -f ../../../../${ASYNC_DIR}/wolfcrypt/src/port/cavium/README.md ./wolfcrypt/src/port/cavium/README.md -} - -function Install() { - if [ -d $ASYNC_DIR ]; - then - echo "Using existing async repo" - else - # make a clone of the wolfAsyncCrypt repository - git clone --depth 1 $ASYNC_REPO $ASYNC_DIR - fi - -# setup auto-conf - ./autogen.sh - LinkFiles -} - -function Uninstall() { - UnlinkFiles -} - -function Test() { - Install - ./configure --enable-asynccrypt --enable-all - make check -} - -function Remove() { - UnlinkFiles - - rm -rf ${ASYNC_DIR} -} - -if [ "$#" -gt 1 ]; then - Usage - exit 1 -fi - -case "x$1" in - "xinstall") - Install - ;; - "xuninstall") - Uninstall - ;; - "xremove") - Remove - ;; - "xtest") - Test - ;; - *) - Usage - exit 1 - ;; -esac - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/autogen.sh mariadb-11.8.8/extra/wolfssl/wolfssl/autogen.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/autogen.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/autogen.sh 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ fi # if and as needed, create empty dummy versions of various files, mostly -# associated with fips/self-test and asynccrypt: +# associated with fips/self-test: for dir in \ ./wolfssl/wolfcrypt/port/intel \ @@ -35,15 +35,7 @@ ./wolfcrypt/src/wolfcrypt_first.c \ ./wolfcrypt/src/wolfcrypt_last.c \ ./wolfssl/wolfcrypt/fips.h \ - ./wolfcrypt/src/selftest.c \ - ./wolfcrypt/src/async.c \ - ./wolfssl/wolfcrypt/async.h \ - ./wolfcrypt/src/port/intel/quickassist.c \ - ./wolfcrypt/src/port/intel/quickassist_mem.c \ - ./wolfcrypt/src/port/cavium/cavium_nitrox.c \ - ./wolfssl/wolfcrypt/port/intel/quickassist.h \ - ./wolfssl/wolfcrypt/port/intel/quickassist_mem.h \ - ./wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h + ./wolfcrypt/src/selftest.c do if [ ! -e "$file" ]; then > "$file" || exit $? diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,13 +1,27 @@ -# wolfssl kernel module name and source, and root dir. -KMOD=libwolfssl -SRCS=wolfkmod.c -WOLFSSL_DIR=../ - -CFLAGS+=-I${WOLFSSL_DIR} -CFLAGS+=-DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER -# debug printing -# CFLAGS+=-DWOLFSSL_BSDKM_VERBOSE_DEBUG -CFLAGS+=$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) +# wolfssl kernel module name and main source, and wolfssl root dir. +KMOD = libwolfssl +SRCS = wolfkmod.c +WOLFSSL_DIR = ../ + +CFLAGS += -I${WOLFSSL_DIR} +CFLAGS += -DWOLFSSL_IGNORE_FILE_WARN -DHAVE_CONFIG_H -DNO_MAIN_DRIVER +# +# debug options +# verbose printing: +# CFLAGS += -DWOLFSSL_BSDKM_VERBOSE_DEBUG +# +# print memory mallocs / frees: +# CFLAGS += -DWOLFSSL_BSDKM_MEMORY_DEBUG +# +# print fpu_kern_enter / leave: +# CFLAGS += WOLFSSL_BSDKM_FPU_DEBUG +# +CFLAGS += $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) + +.if defined(ENABLED_BSDKM_REGISTER) + # These device header files are generated during build. + SRCS += bus_if.h cryptodev_if.h device_if.h +.endif # FreeBSD make does not support GNU make's patsubst and related. Filter # through sed instead. @@ -15,19 +29,26 @@ sed 's|src_libwolfssl_la-||g' | sed 's|\.lo|.o|g' | \ sed 's|wolfcrypt/src/|${WOLFSSL_DIR}/wolfcrypt/src/|g' +# wolfcrypt test .if ${ENABLED_CRYPT_TESTS} == "yes" WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/test/test.o .else - CFLAGS+=-DNO_CRYPT_TEST + CFLAGS += -DNO_CRYPT_TEST +.endif + +# wolfcrypt benchmark +.if ${ENABLED_KERNEL_BENCHMARKS} == "yes" + WOLFSSL_OBJS += ${WOLFSSL_DIR}/wolfcrypt/benchmark/benchmark.o + CFLAGS.benchmark.c += -DWOLFSSL_NO_FLOAT_FMT -DMAIN_NO_ARGS .endif OBJS += ${WOLFSSL_OBJS} # Export no public symbols by default. .if !defined(BSDKM_EXPORT_SYMS) - EXPORT_SYMS=NO + EXPORT_SYMS = NO .else - EXPORT_SYMS=${BSDKM_EXPORT_SYMS} + EXPORT_SYMS = ${BSDKM_EXPORT_SYMS} .endif # Default to live kernel src tree makefile at @@ -39,12 +60,52 @@ .endif .include "${SYSDIR}/conf/kmod.mk" +# +# To use aesni and friends in FreeBSD kernel we need to adjust build flags. +# See these kernel makefiles for reference: +# - /usr/src/sys/modules/aesni/Makefile +# - /usr/src/sys/conf/kern.mk +# +WOLFKMOD_SIMD_BASE = -msse -msse2 -msse4.1 +WOLFKMOD_SIMD_AES = -maes -mpclmul +WOLFKMOD_SIMD_AVX = -mavx -mavx2 + +.if ${ENABLED_AESNI} == "yes" + CFLAGS.aes.c += ${WOLFKMOD_SIMD_BASE} + CFLAGS.aes.c += ${WOLFKMOD_SIMD_AES} +.if ${ENABLED_AESNI_WITH_AVX} == "yes" + CFLAGS.aes.c += ${WOLFKMOD_SIMD_AVX} +.endif # ENABLED_AESNI_WITH_AVX # + CFLAGS.aes.c := ${CFLAGS.aes.c:N-nostdinc} + CFLAGS.aes.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers +.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers +.endif # ENABLED_AESNI + +.if ${ENABLED_ASM} == "yes" +.for f in chacha dilithium poly1305 sha sha256 sha3 sha512 + CFLAGS.${f}.c += ${WOLFKMOD_SIMD_BASE} + CFLAGS.${f}.c += ${WOLFKMOD_SIMD_AVX} + CFLAGS.${f}.c := ${CFLAGS.${f}.c:N-nostdinc} + CFLAGS.${f}.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers +.endfor + +.PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers +.endif # ENABLED_ASM == "yes" + +# wolfcrypt benchmark always needs simd for the floating point timings. +.if ${ENABLED_KERNEL_BENCHMARKS} == "yes" + CFLAGS.benchmark.c += ${WOLFKMOD_SIMD_BASE} + CFLAGS.benchmark.c := ${CFLAGS.benchmark.c:N-nostdinc} + CFLAGS.benchmark.c += -I${SYSDIR}/../contrib/llvm-project/clang/lib/Headers + .PATH: ${SYSDIR}/../contrib/llvm-project/clang/lib/Headers +.endif + # Smooth out a few inconsistencies between FreeBSD default compiler flags # in /usr/src/sys/conf/kern.mk, vs wolfssl harden flags in # m4/ax_harden_compiler_flags.m4. E.g. some FreeBSD header files shorten # 64 to 32 bit, and some wolfcrypt functions cast away const. -CFLAGS+= -Wno-unused-function -CFLAGS+= -Wno-cast-qual -CFLAGS+= -Wno-error=cast-qual -CFLAGS+= -Wno-shorten-64-to-32 -CFLAGS+= -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\"" +CFLAGS += -Wno-unused-function +CFLAGS += -Wno-cast-qual +CFLAGS += -Wno-error=cast-qual +CFLAGS += -Wno-shorten-64-to-32 +CFLAGS += -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS="\" $(KERNEL_EXTRA_CFLAGS)\"" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/README.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,104 @@ +# wolfSSL bsdkm (bsd kernel module) + +libwolfssl supports building as a FreeBSD kernel module (`libwolfssl.ko`). +When loaded, wolfCrypt is made available to the rest of the kernel, allowing +other loadable modules to link to wolfCrypt. + +Supported features: +- wolfCrypt in kernel. +- FIPS-wolfcrypt. +- crypto acceleration: AES-NI, AVX, etc. + +Planned features: +- kernel opencrypto driver registration (supported for internal testing presently). +- full wolfSSL in kernel (kernel TLS). + +## Building and Installing + +Build bsdkm with: + +```sh +./configure --enable-freebsdkm --enable-cryptonly && make +``` + +The default freebsdkm build assumes kernel source tree root at `/usr/src/sys/`. +Use `--with-kernel-source=PATH` to configure a different path. + +Assuming you are targeting your native system, install with: + +```sh +sudo kldload bsdkm/libwolfssl.ko +``` + +You should see it now: +```sh +kldstat -m libwolfssl +Id Refs Name +509 1 libwolfssl +``` + +Unload with: +```sh +sudo kldunload libwolfssl +``` + +### options + +| freebsdkm option | description | +| :--------------------------------- | :--------------------------------------- | +| --with-bsd-export-syms=LIST | Export list of symbols as global.
. Options are 'all', 'none', or
comma separated list of symbols. | +| --with-kernel-source=PATH | Path to kernel tree root (default `/usr/src/sys`) | +| --enable-kernel-benchmarks | Run wolfcrypt benchmark at module load | +| --enable-freebsdkm-crypto-register | Register with the FreeBSD kernel opencrypto
framework (preliminary, for testing) | + +### FIPS + +Building with FIPS is largely the same, with the additional step of +configuring a fips hash. + +1. Build bsdkm (the `fips_hash` here is a placeholder): + +```sh +fips_hash=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +./configure --enable-freebsdkm --enable-cryptonly --enable-fips=v6 \ + CFLAGS="-DWOLFCRYPT_FIPS_CORE_HASH_VALUE=$fips_hash" && make +``` + +2. Attempt first install. This is expected to fail, because the hash was a +placeholder. +```sh +$ sudo kldload bsdkm/libwolfssl.ko +kldload: an error occurred while loading module bsdkm/libwolfssl.ko. Please check dmesg(8) for more details. +``` + +3. Check dmesg output for the updated hash value (yours will be different). +```sh +$ dmesg | tail -n5 +In-core integrity hash check failure. +Rebuild with "WOLFCRYPT_FIPS_CORE_HASH_VALUE=3B144A08F291DBA536324646BBD127447B8F222D29A135780E330351E0DF9F0F". +error: wc_RunAllCast_fips failed at shutdown with return value 19 +info: libwolfssl unloaded +module_register_init: MOD_LOAD (libwolfssl_fips, 0xffffffff842c28d0, 0) error 85 +``` + +4. Repeat steps 1-2 with the new hash value. The load should succeed now. + +``` +$ kldstat -m libwolfssl_fips +Id Refs Name +523 1 libwolfssl_fips +``` + +Unload with +``` +sudo kldunload libwolfssl +``` + +On unload, the FIPS self-test will run a final time and print its status +to system message buffer: + +``` +info: wolfCrypt FIPS re-self-test succeeded at unload: all algorithms re-verified. +info: libwolfssl unloaded +``` + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/bsdkm_wc_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/bsdkm_wc_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/bsdkm_wc_port.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/bsdkm_wc_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* bsdkm_wc_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,21 +37,38 @@ #include #endif /* !CHAR_BIT*/ +#define NO_THREAD_LS +#define NO_ATTRIBUTE_CONSTRUCTOR + +/* and TIME(3) are userspace only in FreeBSD. + * Use a small wrapper around time_second instead. */ +#include +static inline time_t wolfkmod_time(time_t * tloc) { + time_t _now = time_second; + if (tloc) { + *tloc = _now; + } + return _now; +} +#define XTIME wolfkmod_time + /* needed to prevent wolfcrypt/src/asn.c version shadowing * extern global version from /usr/src/sys/sys/systm.h */ #define version wc_version -#define wc_km_printf printf +/* printf and logging defines */ +#define wc_km_printf printf +#define WOLFSSL_DEBUG_PRINTF_FN printf /* str and char utility functions */ -#define XATOI(s) ({ \ - char * endptr = NULL; \ - long _xatoi_ret = strtol(s, &endptr, 10); \ - if ((s) == endptr || *endptr != '\0') { \ - _xatoi_ret = 0; \ - } \ - (int)_xatoi_ret; \ - }) +#define XATOI(s) ({ \ + char * endptr = NULL; \ + long _xatoi_ret = strtol(s, &endptr, 10); \ + if ((s) == endptr || *endptr != '\0') { \ + _xatoi_ret = 0; \ + } \ + (int)_xatoi_ret; \ +}) #if !defined(XMALLOC_OVERRIDE) #error bsdkm requires XMALLOC_OVERRIDE @@ -60,21 +77,71 @@ /* use malloc and free from /usr/include/sys/malloc.h */ extern struct malloc_type M_WOLFSSL[1]; -#define XMALLOC(s, h, t) \ - ({(void)(h); (void)(t); malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO);}) +#if defined(WOLFSSL_BSDKM_MEMORY_DEBUG) + #define XMALLOC(s, h, t) ({ \ + (void)(h); (void)(t); \ + void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \ + printf("info: malloc: %p, M_WOLFSSL, %zu\n", _ptr, (size_t) s); \ + (void *)_ptr; \ + }) -#ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) \ - ({(void)(h); (void)(t); free(p, M_WOLFSSL);}) + #define XFREE(p, h, t) ({ \ + void* _xp; (void)(h); (void)(t); _xp = (p); \ + printf("info: free: %p, M_WOLFSSL\n", p); \ + if(_xp) free(_xp, M_WOLFSSL); \ + }) #else - #define XFREE(p, h, t) \ - ({void* _xp; (void)(h); (void)(t); _xp = (p); \ - if(_xp) free(_xp, M_WOLFSSL);}) -#endif + #define XMALLOC(s, h, t) ({ \ + (void)(h); (void)(t); \ + void * _ptr = malloc(s, M_WOLFSSL, M_WAITOK | M_ZERO); \ + (void *)_ptr; \ + }) + + #define XFREE(p, h, t) ({ \ + void* _xp; (void)(h); (void)(t); _xp = (p); \ + if(_xp) free(_xp, M_WOLFSSL); \ + }) +#endif /* WOLFSSL_BSDKM_DEBUG_MEMORY */ + + +#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS) + int wolfkmod_vecreg_init(void); + void wolfkmod_vecreg_exit(void); + int wolfkmod_vecreg_save(int flags_unused); + void wolfkmod_vecreg_restore(void); + /* wrapper defines for FPU_KERN(9). + * /usr/src/sys/amd64/amd64/fpu.c + * /usr/src/sys/amd64/include/pcb.h + * */ + #ifndef WOLFSSL_USE_SAVE_VECTOR_REGISTERS + #define WOLFSSL_USE_SAVE_VECTOR_REGISTERS + #endif + + #define SAVE_VECTOR_REGISTERS(fail_clause) { \ + int _svr_ret = wolfkmod_vecreg_save(0); \ + if (_svr_ret != 0) { \ + fail_clause \ + } \ + } + + #define SAVE_VECTOR_REGISTERS2() wolfkmod_vecreg_save(0) + + #define RESTORE_VECTOR_REGISTERS() wolfkmod_vecreg_restore() + +#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS */ #if !defined(SINGLE_THREADED) #define WC_MUTEX_OPS_INLINE + /* Copied from wc_port.h */ + #if defined(HAVE_FIPS) && !defined(WOLFSSL_API_PREFIX_MAP) + /* For FIPS keep the function names the same */ + #define wc_InitMutex InitMutex + #define wc_FreeMutex FreeMutex + #define wc_LockMutex LockMutex + #define wc_UnLockMutex UnLockMutex + #endif /* HAVE_FIPS */ + typedef struct wolfSSL_Mutex { struct mtx lock; } wolfSSL_Mutex; @@ -106,12 +173,19 @@ #if defined(WOLFSSL_HAVE_ATOMIC_H) && !defined(WOLFSSL_NO_ATOMICS) #include - typedef volatile int wolfSSL_Atomic_Int; + typedef volatile int wolfSSL_Atomic_Int; typedef volatile unsigned int wolfSSL_Atomic_Uint; #define WOLFSSL_ATOMIC_INITIALIZER(x) (x) - #define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x)) + #define WOLFSSL_ATOMIC_LOAD(x) (int)atomic_load_acq_int(&(x)) + #define WOLFSSL_ATOMIC_LOAD_UINT(x) atomic_load_acq_int(&(x)) #define WOLFSSL_ATOMIC_STORE(x, v) atomic_store_rel_int(&(x), (v)) #define WOLFSSL_ATOMIC_OPS + + #if defined(HAVE_FIPS) + /* There is no corresponding ATOMIC_INIT macro in FreeBSD. + * The FreeBSD equivalent is just an integer initialization. */ + #define ATOMIC_INIT(x) (x) + #endif #endif /* WOLFSSL_HAVE_ATOMIC_H && !WOLFSSL_NO_ATOMICS */ #endif /* WOLFSSL_BSDKM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,10 @@ # included from Top Level Makefile.am # All paths should be given relative to the root -EXTRA_DIST += m4/ax_bsdkm.m4 \ - bsdkm/Makefile \ - bsdkm/wolfkmod.c \ +EXTRA_DIST += m4/ax_bsdkm.m4 \ + bsdkm/Makefile \ + bsdkm/README.md \ + bsdkm/wolfkmod.c \ + bsdkm/wolfkmod_aes.c \ + bsdkm/x86_vecreg.c \ bsdkm/bsdkm_wc_port.h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/wolfkmod.c mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/wolfkmod.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfkmod.c -- wolfssl FreeBSD kernel module. * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,6 +26,12 @@ #include #include +#if defined(BSDKM_CRYPTO_REGISTER) + #include + #include + #include "cryptodev_if.h" +#endif + /* wolf includes */ #include #ifdef WOLFCRYPT_ONLY @@ -33,154 +39,1036 @@ #else #include #endif + +#ifdef HAVE_FIPS + #ifdef USE_CONTESTMUTEX + #error USE_CONTESTMUTEX is incompatible with WOLFSSL_BSDKM + #endif + #include +#endif /* HAVE_FIPS */ + #if !defined(NO_CRYPT_TEST) #include #endif +#if defined(WOLFSSL_KERNEL_BENCHMARKS) + #include +#endif + +#include MALLOC_DEFINE(M_WOLFSSL, "libwolfssl", "wolfSSL kernel memory"); -static int wolfkmod_init(void); -static int wolfkmod_cleanup(void); -static int wolfkmod_load(void); -static int wolfkmod_unload(void); +#if defined(BSDKM_CRYPTO_REGISTER) + #include "bsdkm/wolfkmod_aes.c" +#endif + +/* common functions. */ +static int wolfkmod_init(void); +static int wolfkmod_cleanup(void); +#if !defined(BSDKM_CRYPTO_REGISTER) +/* functions specific to a pure kernel module library build. */ +static int wolfkmod_load(void); +static int wolfkmod_unload(void); +#else +/* functions specific to a kernel crypto driver module build. */ +static void wolfkdriv_identify(driver_t * driver, device_t parent); +static int wolfkdriv_probe(device_t dev); +static int wolfkdriv_attach(device_t dev); +static int wolfkdriv_detach(device_t dev); +static int wolfkdriv_probesession(device_t dev, + const struct crypto_session_params *csp); +static int wolfkdriv_newsession(device_t dev, crypto_session_t cses, + const struct crypto_session_params *csp); +static void wolfkdriv_freesession(device_t dev, crypto_session_t cses); +static int wolfkdriv_process(device_t dev, struct cryptop *crp, int hint); +#endif /* !BSDKM_CRYPTO_REGISTER */ + +#if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS) + #include "bsdkm/x86_vecreg.c" +#endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/ + +#ifdef HAVE_FIPS + #define WOLFKMOD_FIPS_ERR_MSG(hash) ({ \ + printf("In-core integrity hash check failure.\n"); \ + if ((hash)) \ + printf("Rebuild with \"WOLFCRYPT_FIPS_CORE_HASH_VALUE=%s\".\n", \ + hash); \ + else \ + printf("error: could not compute new hash. " \ + "Contact customer support.\n"); \ + }) + + static void wolfkmod_fips_cb(int ok, int err, const char * hash) + { + if ((!ok) || (err != 0)) { + printf("error: libwolfssl FIPS error: %s\n", + wc_GetErrorString(err)); + } + + if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { + WOLFKMOD_FIPS_ERR_MSG(hash); + } + } +#endif /* HAVE_FIPS */ static int wolfkmod_init(void) { - int ret = 0; + int error = 0; + + #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS) + error = wolfkmod_vecreg_init(); + if (error != 0) { + printf("error: wolfkmod_vecreg_init: %d\n", error); + return (ECANCELED); + } + #endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/ + + #ifdef HAVE_FIPS + error = wolfCrypt_SetCb_fips(wolfkmod_fips_cb); + if (error != 0) { + printf("error: wolfCrypt_SetCb_fips failed: %s\n", + wc_GetErrorString(error)); + return (ECANCELED); + } + + fipsEntry(); + + error = wolfCrypt_GetStatus_fips(); + if (error != 0) { + printf("error: wolfCrypt_GetStatus_fips failed: %d: %s\n", + error, wc_GetErrorString(error)); + if (error == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { + const char *newhash = wolfCrypt_GetCoreHash_fips(); + WOLFKMOD_FIPS_ERR_MSG(newhash); + } + return (ECANCELED); + } + #endif /* HAVE_FIPS */ + + #ifdef WC_RNG_SEED_CB + error = wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); + if (error < 0) { + printf("error: wc_SetSeed_Cb failed: %d\n", error); + return (ECANCELED); + } + #endif /* WC_RNG_SEED_CB */ #ifdef WOLFCRYPT_ONLY - ret = wolfCrypt_Init(); - if (ret != 0) { - printf("error: wolfCrypt_Init failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; + error = wolfCrypt_Init(); + if (error != 0) { + printf("error: wolfCrypt_Init failed: %s\n", wc_GetErrorString(error)); + return (ECANCELED); } #else - ret = wolfSSL_Init(); - if (ret != WOLFSSL_SUCCESS) { - printf("error: wolfSSL_Init failed: %s\n", wc_GetErrorString(ret)); - return -ECANCELED; + error = wolfSSL_Init(); + if (error != WOLFSSL_SUCCESS) { + printf("error: wolfSSL_Init failed: %s\n", wc_GetErrorString(error)); + return (ECANCELED); + } + #endif /* WOLFCRYPT_ONLY */ + + #ifdef HAVE_FIPS + error = wc_RunAllCast_fips(); + if (error != 0) { + printf("error: wc_RunAllCast_fips failed with " + "return value %d\n", error); + return (ECANCELED); } + else { + printf("info: FIPS 140-3 wolfCrypt-fips v%d.%d.%d%s%s startup " + "self-test succeeded.\n", + #ifdef HAVE_FIPS_VERSION_MAJOR + HAVE_FIPS_VERSION_MAJOR, + #else + HAVE_FIPS_VERSION, + #endif + #ifdef HAVE_FIPS_VERSION_MINOR + HAVE_FIPS_VERSION_MINOR, + #else + 0, + #endif + #ifdef HAVE_FIPS_VERSION_PATCH + HAVE_FIPS_VERSION_PATCH, + #else + 0, + #endif + #ifdef HAVE_FIPS_VERSION_PORT + "-", + HAVE_FIPS_VERSION_PORT + #else + "", + "" #endif + ); + } + #endif /* HAVE_FIPS */ - return ret; + return (0); } static int wolfkmod_cleanup(void) { - int ret = 0; + int error = 0; #ifdef WOLFCRYPT_ONLY - ret = wolfCrypt_Cleanup(); - if (ret != 0) { - printf("error: wolfCrypt_Cleanup failed: %s\n", wc_GetErrorString(ret)); - } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("info: wolfCrypt " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + error = wolfCrypt_Cleanup(); + if (error != 0) { + printf("error: wolfCrypt_Cleanup failed: %s\n", + wc_GetErrorString(error)); + error = ECANCELED; + goto wolfkmod_cleanup_out; } #else - ret = wolfSSL_Cleanup(); - if (ret != WOLFSSL_SUCCESS) { - printf("error: wolfSSL_Cleanup failed: %s\n", wc_GetErrorString(ret)); + error = wolfSSL_Cleanup(); + if (error != WOLFSSL_SUCCESS) { + printf("error: wolfSSL_Cleanup failed: %s\n", + wc_GetErrorString(error)); + error = ECANCELED; + goto wolfkmod_cleanup_out; } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("info: wolfSSL " LIBWOLFSSL_VERSION_STRING " cleanup complete.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ - } - #endif + #endif /* WOLFCRYPT_ONLY */ - return ret; + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + printf("info: libwolfssl " LIBWOLFSSL_VERSION_STRING + " cleanup complete.\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + error = 0; + +wolfkmod_cleanup_out: + #if defined(WOLFSSL_AESNI) || defined(WOLFSSL_KERNEL_BENCHMARKS) + wolfkmod_vecreg_exit(); + #endif /* WOLFSSL_AESNI || WOLFSSL_KERNEL_BENCHMARKS*/ + + return (error); } +#if !defined(BSDKM_CRYPTO_REGISTER) static int wolfkmod_load(void) { - int ret = 0; + int error = 0; - ret = wolfkmod_init(); - if (ret != 0) { - return -ECANCELED; + error = wolfkmod_init(); + if (error != 0) { + return (ECANCELED); } #ifndef NO_CRYPT_TEST - ret = wolfcrypt_test(NULL); - if (ret != 0) { - printf("error: wolfcrypt test failed with return code: %d\n", ret); + error = wolfcrypt_test(NULL); + if (error != 0) { + printf("error: wolfcrypt test failed: %d\n", error); (void)wolfkmod_cleanup(); - return -ECANCELED; - } - else { - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("wolfCrypt self-test passed.\n"); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + return (ECANCELED); } + printf("info: wolfCrypt self-test passed.\n"); #endif /* NO_CRYPT_TEST */ - /** - * todo: register wolfcrypt algs here with crypto_get_driverid - * and related. - * */ - - if (ret == 0) { - printf("info: libwolfssl loaded\n"); + #ifdef WOLFSSL_KERNEL_BENCHMARKS + error = benchmark_test(NULL); + if (error != 0) { + printf("error: wolfcrypt benchmark failed: %d\n", error); + (void)wolfkmod_cleanup(); + return (ECANCELED); } + printf("info: wolfCrypt benchmark passed.\n"); + #endif /* WOLFSSL_KERNEL_BENCHMARKS */ - return ret; + printf("info: libwolfssl loaded\n"); + + return (0); } static int wolfkmod_unload(void) { - int ret = 0; + int error = 0; - ret = wolfkmod_cleanup(); + #ifdef HAVE_FIPS + error = wc_RunAllCast_fips(); + if (error != 0) { + printf("error: wc_RunAllCast_fips failed at shutdown with " + "return value %d\n", error); + } + else + printf("info: wolfCrypt FIPS re-self-test succeeded at unload: " + "all algorithms re-verified.\n"); + #endif - /** - * todo: unregister wolfcrypt algs here with crypto_unregister_all - * and related. - * */ + error = wolfkmod_cleanup(); - if (ret == 0) { + if (error == 0) { printf("info: libwolfssl unloaded\n"); } - return ret; + return (error); } +#if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) +static const char * wolfkmod_event_to_str(modeventtype_t what) +{ + switch (what) { + case MOD_LOAD: + return "MOD_LOAD"; + case MOD_UNLOAD: + return "MOD_UNLOAD"; + case MOD_SHUTDOWN: + return "MOD_SHUTDOWN"; + case MOD_QUIESCE: + return "MOD_QUIESCE"; + } +} +#endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + /* see /usr/include/sys/module.h for more info. */ static int wolfkmod_event(struct module * m, int what, void * arg) { - int ret = 0; + int error = 0; + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + printf("info: wolfkmod_event: %s\n", wolfkmod_event_to_str(what)); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ switch (what) { case MOD_LOAD: - ret = wolfkmod_load(); + error = wolfkmod_load(); break; case MOD_UNLOAD: - ret = wolfkmod_unload(); + error = wolfkmod_unload(); break; case MOD_SHUTDOWN: case MOD_QUIESCE: default: - #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) - printf("info: not implemented: %d\n", what); - #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ - ret = EOPNOTSUPP; + error = EOPNOTSUPP; } (void)m; (void)arg; - return ret; + return (error); } +#endif /* !BSDKM_CRYPTO_REGISTER */ + +#if defined(BSDKM_CRYPTO_REGISTER) +/* wolfkdriv device driver software context. */ +struct wolfkdriv_softc { + int32_t crid; + device_t dev; +}; + +struct km_aes_ctx { + Aes aes_encrypt; + Aes aes_decrypt; +}; + +typedef struct km_aes_ctx km_aes_ctx; +struct wolfkdriv_session { + km_aes_ctx aes_ctx; + int32_t crid; + int type; + int ivlen; + int klen; +}; + +typedef struct wolfkdriv_session wolfkdriv_session_t; + +static void km_AesFree(Aes * aes) { + if (aes == NULL) { + return; + } + wc_AesFree(aes); + #if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + ForceZero(aes, sizeof(*aes)); + #endif +} + +static void wolfkdriv_aes_ctx_clear(km_aes_ctx * ctx) +{ + if (ctx != NULL) { + km_AesFree(&ctx->aes_encrypt); + km_AesFree(&ctx->aes_decrypt); + } + + #ifdef WOLFKM_DEBUG_AES + printf("info: exiting km_AesExitCommon\n"); + #endif /* WOLFKM_DEBUG_AES */ +} + +static void wolfkdriv_identify(driver_t * driver, device_t parent) +{ + (void)driver; + + /* don't double add wolfkdriv child. */ + if (device_find_child(parent, "libwolf", -1) != NULL) { + return; + } + + BUS_ADD_CHILD(parent, 10, "libwolf", -1); +} + +static int wolfkdriv_probe(device_t dev) +{ + device_set_desc(dev, "wolfSSL crypto"); + return (BUS_PROBE_DEFAULT); +} + +/* + * unregister libwolfssl crypto driver + */ +static void wolfkdriv_unregister(struct wolfkdriv_softc * softc) +{ + if (softc && softc->crid >= 0) { + crypto_unregister_all(softc->crid); + device_printf(softc->dev, "info: crid unregistered: %d\n", softc->crid); + softc->crid = -1; + } + + return; +} + +static int wolfkdriv_attach(device_t dev) +{ + struct wolfkdriv_softc * softc = NULL; + int flags = CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC | + CRYPTOCAP_F_ACCEL_SOFTWARE | CRYPTOCAP_F_HARDWARE; + int ret = 0; + int crid = 0; + int error = 0; + + ret = wolfkmod_init(); + if (ret != 0) { + return (ECANCELED); + } + + /** + * register wolfcrypt algs here with crypto_get_driverid. + * + * The crid is the literal index into the kernel crypto_drivers array: + * - crid >= 0 is valid. + * - crid < 0 is error. + * */ + softc = device_get_softc(dev); + softc->dev = dev; + + softc->crid = crypto_get_driverid(dev, sizeof(wolfkdriv_session_t), flags); + if (softc->crid < 0) { + device_printf(dev, "error: crypto_get_driverid failed: %d\n", + softc->crid); + return (ENXIO); + } + + /* + * various sanity checks + */ + + /* 1. we should find ourself by name */ + crid = crypto_find_driver("libwolf"); + + if (crid != softc->crid) { + device_printf(dev, "error: attach: got crid %d, expected %d\n", crid, + softc->crid); + error = ENXIO; + goto attach_out; + } + + /* 2. test various algs */ + error = wolfkdriv_test_aes(dev, crid); + + if (error) { + device_printf(dev, "error: attach: test_aes: %d\n", error); + error = ENXIO; + goto attach_out; + } + + device_printf(dev, "info: driver loaded: %d\n", crid); + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: exiting attach\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + +attach_out: + if (error) { + wolfkdriv_unregister(softc); + error = ENXIO; + } + + return (error); +} + +static int wolfkdriv_detach(device_t dev) +{ + struct wolfkdriv_softc * softc = NULL; + int ret = 0; + + ret = wolfkmod_cleanup(); + + if (ret == 0) { + /* unregister wolfcrypt algs */ + softc = device_get_softc(dev); + wolfkdriv_unregister(softc); + } + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: exiting detach\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (0); +} + +static int wolfkdriv_probesession(device_t dev, + const struct crypto_session_params *csp) +{ + struct wolfkdriv_softc * softc = NULL; + int error = CRYPTODEV_PROBE_ACCEL_SOFTWARE; + + softc = device_get_softc(dev); + + switch (csp->csp_mode) { + case CSP_MODE_CIPHER: + switch (csp->csp_cipher_alg) { + case CRYPTO_AES_CBC: + break; + default: + error = EINVAL; + break; + } + break; + + case CSP_MODE_AEAD: + switch (csp->csp_cipher_alg) { + case CRYPTO_AES_NIST_GCM_16: + break; + default: + error = EINVAL; + break; + } + break; + case CSP_MODE_DIGEST: + case CSP_MODE_ETA: + default: + error = EINVAL; + break; + } + + (void)softc; + (void)csp; + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: probesession: mode=%d, cipher_alg=%d, error=%d\n", + csp->csp_mode, csp->csp_cipher_alg, error); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + return (error); +} + +static int wolfkdriv_newsession_aes(device_t dev, + wolfkdriv_session_t * session, + const struct crypto_session_params *csp) +{ + int error = 0; + int klen = csp->csp_cipher_klen; /* key len in bytes */ + + switch (csp->csp_cipher_alg) { + case CRYPTO_AES_NIST_GCM_16: + session->type = CRYPTO_AES_NIST_GCM_16; + break; + case CRYPTO_AES_CBC: + session->type = CRYPTO_AES_CBC; + break; + default: + return (EOPNOTSUPP); + } + + if (klen != 16 && klen != 24 && klen != 32) { + device_printf(dev, "info: newsession_cipher: invalid klen: %d\n", klen); + return (EINVAL); + } + + session->klen = klen; + session->ivlen = csp->csp_ivlen; + + /* encrypt */ + error = wc_AesInit(&session->aes_ctx.aes_encrypt, NULL, INVALID_DEVID); + if (error) { + device_printf(dev, "error: newsession_cipher: aes init: %d\n", error); + goto newsession_cipher_out; + } + + if (session->type == CRYPTO_AES_CBC) { + /* Need a separate decrypt structure for aes-cbc. */ + error = wc_AesInit(&session->aes_ctx.aes_decrypt, NULL, INVALID_DEVID); + if (error) { + device_printf(dev, "error: newsession_cipher: aes init: %d\n", + error); + goto newsession_cipher_out; + } + } + +newsession_cipher_out: + + if (error != 0) { + wolfkdriv_aes_ctx_clear(&session->aes_ctx); + return (EINVAL); + } + + return (error); +} + +static int wolfkdriv_newsession(device_t dev, crypto_session_t cses, + const struct crypto_session_params *csp) +{ + wolfkdriv_session_t * session = NULL; + int error = 0; + + /* get the wolfkdriv_session_t context */ + session = crypto_get_driver_session(cses); + + switch (csp->csp_mode) { + case CSP_MODE_DIGEST: + case CSP_MODE_ETA: + device_printf(dev, "info: not supported: %d\n", csp->csp_mode); + error = EOPNOTSUPP; + break; + case CSP_MODE_CIPHER: + case CSP_MODE_AEAD: + error = wolfkdriv_newsession_aes(dev, session, csp); + break; + default: + __assert_unreachable(); + } + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: newsession: mode=%d, cipher_alg=%d, error=%d\n", + csp->csp_mode, csp->csp_cipher_alg, error); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (error); +} + +static void +wolfkdriv_freesession(device_t dev, crypto_session_t cses) +{ + wolfkdriv_session_t * session = NULL; + (void)dev; + + /* get the wolfkdriv_session_t context */ + session = crypto_get_driver_session(cses); + + /* clean it up */ + wolfkdriv_aes_ctx_clear(&session->aes_ctx); + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: exiting freesession\n"); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + return; +} + +static int wolfkdriv_cbc_work(device_t dev, wolfkdriv_session_t * session, + struct cryptop * crp, + const struct crypto_session_params * csp) +{ + struct crypto_buffer_cursor cc_in; + struct crypto_buffer_cursor cc_out; + const unsigned char * in_block = NULL; + const unsigned char * in_seg = NULL; + unsigned char * out_block = NULL; + unsigned char * out_seg = NULL; + Aes aes; + uint8_t iv[WC_AES_BLOCK_SIZE]; + uint8_t block[EALG_MAX_BLOCK_LEN]; + size_t data_len = 0; + size_t seg_len = 0; + size_t in_len = 0; + size_t out_len = 0; + int error = 0; + int is_encrypt = 0; + int type = AES_ENCRYPTION; + + if (csp->csp_cipher_alg != CRYPTO_AES_CBC) { + error = EINVAL; + goto cbc_work_out; + } + + data_len = crp->crp_payload_length; + if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { + is_encrypt = 1; + type = AES_ENCRYPTION; + memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes)); + } + else { + is_encrypt = 0; + type = AES_DECRYPTION; + memcpy(&aes, &session->aes_ctx.aes_decrypt, sizeof(aes)); + } + + /* must be multiple of block size */ + if (data_len % WC_AES_BLOCK_SIZE) { + error = EINVAL; + goto cbc_work_out; + } + + crypto_read_iv(crp, iv); + error = wc_AesSetKey(&aes, csp->csp_cipher_key, + csp->csp_cipher_klen, iv, type); + if (error) { + device_printf(dev, "error: wc_AesSetKey: %d\n", error); + goto cbc_work_out; + } + + /* set up the crypto buffers */ + crypto_cursor_init(&cc_in, &crp->crp_buf); + crypto_cursor_advance(&cc_in, crp->crp_payload_start); + + in_seg = crypto_cursor_segment(&cc_in, &in_len); + + /* handle if the user supplied a separate out buffer. */ + if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { + crypto_cursor_init(&cc_out, &crp->crp_obuf); + crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); + } + else { + cc_out = cc_in; + } + + out_seg = crypto_cursor_segment(&cc_out, &out_len); + + while (data_len) { + /* set up input buffers */ + if (in_len < WC_AES_BLOCK_SIZE) { + /* less than a block in segment */ + crypto_cursor_copydata(&cc_in, WC_AES_BLOCK_SIZE, block); + in_block = block; + in_len = WC_AES_BLOCK_SIZE; + } + else { + in_block = in_seg; + } + + /* set up output buffers */ + if (out_len < WC_AES_BLOCK_SIZE) { + out_block = block; + out_len = WC_AES_BLOCK_SIZE; + } + else { + out_block = out_seg; + } + + /* choose which of data_len, in_len, out_len, is shorter. + * round down to multiple of aes block size. */ + seg_len = rounddown(MIN(data_len, MIN(in_len, out_len)), + WC_AES_BLOCK_SIZE); + + if (is_encrypt) { + error = wc_AesCbcEncrypt(&aes, out_block, in_block, seg_len); + if (error) { + device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error); + goto cbc_work_out; + } + } + else { + error = wc_AesCbcDecrypt(&aes, out_block, in_block, seg_len); + if (error) { + device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error); + goto cbc_work_out; + } + } + + if (out_block == block) { + /* we used the block as local output buffer. copy to cc_out, + * and grab the next out cursor segment. */ + crypto_cursor_copyback(&cc_out, WC_AES_BLOCK_SIZE, block); + out_seg = crypto_cursor_segment(&cc_out, &out_len); + } else { + /* we worked directly in cc_out. advance the cursor. */ + crypto_cursor_advance(&cc_out, seg_len); + out_seg += seg_len; + out_len -= seg_len; + } + + if (in_block == block) { + /* grab a new in cursor segment. */ + in_seg = crypto_cursor_segment(&cc_in, &in_len); + } else { + /* else advance existing in cursor. */ + crypto_cursor_advance(&cc_in, seg_len); + in_seg += seg_len; + in_len -= seg_len; + } + + data_len -= seg_len; + } + +cbc_work_out: + /* cleanup. */ + wc_ForceZero(iv, sizeof(iv)); + wc_ForceZero(block, sizeof(block)); + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: cbc_work: mode=%d, cipher_alg=%d, " + "payload_length=%d, error=%d\n", + csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length, + error); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (error); +} + +static int wolfkdriv_gcm_work(device_t dev, wolfkdriv_session_t * session, + struct cryptop * crp, + const struct crypto_session_params * csp) +{ + struct crypto_buffer_cursor cc_in; + struct crypto_buffer_cursor cc_out; + const unsigned char * in_seg = NULL; + unsigned char * out_seg = NULL; + Aes aes; + uint8_t iv[WC_AES_BLOCK_SIZE]; + uint8_t auth_tag[WC_AES_BLOCK_SIZE]; + size_t data_len = 0; + size_t seg_len = 0; + size_t in_len = 0; + size_t out_len = 0; + int error = 0; + int is_encrypt = 0; + + memcpy(&aes, &session->aes_ctx.aes_encrypt, sizeof(aes)); + + if (csp->csp_cipher_alg != CRYPTO_AES_NIST_GCM_16) { + error = EINVAL; + goto gcm_work_out; + } + + data_len = crp->crp_payload_length; + if (CRYPTO_OP_IS_ENCRYPT(crp->crp_op)) { + is_encrypt = 1; + } + else { + is_encrypt = 0; + } + + error = wc_AesGcmSetKey(&aes, csp->csp_cipher_key, + csp->csp_cipher_klen); + if (error) { + device_printf(dev, "error: wc_AesGcmSetKey: %d\n", error); + goto gcm_work_out; + } + + crypto_read_iv(crp, iv); + error = wc_AesGcmInit(&aes, NULL /* key */, 0 /* keylen */, + iv, csp->csp_ivlen); + if (error) { + device_printf(dev, "error: wc_AesGcmInit: %d\n", error); + goto gcm_work_out; + } + + /* process aad first */ + if (crp->crp_aad != NULL) { + /* they passed aad in separate buffer. */ + if (is_encrypt) { + error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0, + crp->crp_aad, crp->crp_aad_length); + } + else { + error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0, + crp->crp_aad, crp->crp_aad_length); + } + + if (error) { + error = EINVAL; + goto gcm_work_out; + } + } + else { + /* we need to pull aad out of crp->crp_buf from crp_aad_start. */ + size_t aad_len = 0; + + crypto_cursor_init(&cc_in, &crp->crp_buf); + crypto_cursor_advance(&cc_in, crp->crp_aad_start); + + for (aad_len = crp->crp_aad_length; aad_len > 0; aad_len -= seg_len) { + in_seg = crypto_cursor_segment(&cc_in, &in_len); + seg_len = MIN(aad_len, in_len); + + if (is_encrypt) { + error = wc_AesGcmEncryptUpdate(&aes, NULL, NULL, 0, + in_seg, seg_len); + } + else { + error = wc_AesGcmDecryptUpdate(&aes, NULL, NULL, 0, + in_seg, seg_len); + } + + if (error) { + error = EINVAL; + goto gcm_work_out; + } + + crypto_cursor_advance(&cc_in, seg_len); + } + } + + /* + * process cipher/plaintext next + */ + + /* set up the crypto buffers */ + crypto_cursor_init(&cc_in, &crp->crp_buf); + crypto_cursor_advance(&cc_in, crp->crp_payload_start); + + in_seg = crypto_cursor_segment(&cc_in, &in_len); + + /* handle if the user supplied a separate out buffer. */ + if (CRYPTO_HAS_OUTPUT_BUFFER(crp)) { + crypto_cursor_init(&cc_out, &crp->crp_obuf); + crypto_cursor_advance(&cc_out, crp->crp_payload_output_start); + } + else { + cc_out = cc_in; + } + + out_seg = crypto_cursor_segment(&cc_out, &out_len); + + while (data_len) { + /* process through the available segments. */ + in_seg = crypto_cursor_segment(&cc_in, &in_len); + out_seg = crypto_cursor_segment(&cc_out, &out_len); + seg_len = MIN(data_len, MIN(in_len, out_len)); + + if (is_encrypt) { + error = wc_AesGcmEncryptUpdate(&aes, out_seg, in_seg, seg_len, + NULL, 0); + if (error) { + device_printf(dev, "error: wc_AesGcmEncrypt: %d\n", error); + goto gcm_work_out; + } + } + else { + error = wc_AesGcmDecryptUpdate(&aes, out_seg, in_seg, seg_len, + NULL, 0); + if (error) { + device_printf(dev, "error: wc_AesGcmDecrypt: %d\n", error); + goto gcm_work_out; + } + } + + /* advance the cursors by amount processed */ + crypto_cursor_advance(&cc_in, seg_len); + crypto_cursor_advance(&cc_out, seg_len); + + data_len -= seg_len; + } + + /* process auth tag finally */ + if (is_encrypt) { + error = wc_AesGcmEncryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE); + if (error == 0) { + crypto_copyback(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE, + auth_tag); + } + } + else { + crypto_copydata(crp, crp->crp_digest_start, WC_AES_BLOCK_SIZE, + auth_tag); + error = wc_AesGcmDecryptFinal(&aes, auth_tag, WC_AES_BLOCK_SIZE); + if (error) { + error = EBADMSG; + } + } + +gcm_work_out: + /* cleanup. */ + wc_ForceZero(iv, sizeof(iv)); + wc_ForceZero(auth_tag, sizeof(auth_tag)); + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: gcm_work: mode=%d, cipher_alg=%d, " + "payload_length=%d, error=%d\n", + csp->csp_mode, csp->csp_cipher_alg, crp->crp_payload_length, + error); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (error); +} + +static int wolfkdriv_process(device_t dev, struct cryptop * crp, int hint) +{ + const struct crypto_session_params * csp = NULL; + wolfkdriv_session_t * session = NULL; + int error = 0; + (void)hint; + + session = crypto_get_driver_session(crp->crp_session); + csp = crypto_get_params(crp->crp_session); + + switch (csp->csp_mode) { + case CSP_MODE_CIPHER: + error = wolfkdriv_cbc_work(dev, session, crp, csp); + break; + case CSP_MODE_DIGEST: + case CSP_MODE_ETA: + error = EINVAL; + break; + case CSP_MODE_AEAD: + error = wolfkdriv_gcm_work(dev, session, crp, csp); + break; + default: + __assert_unreachable(); + } + + crp->crp_etype = error; + crypto_done(crp); + + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: process: mode=%d, cipher_alg=%d, error=%d\n", + csp->csp_mode, csp->csp_cipher_alg, error); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + return (error); +} + +/* + * wolfkmod as a crypto device driver. + */ +static device_method_t wolfkdriv_methods[] = { + /* device interface methods: called during device setup, etc. */ + DEVMETHOD(device_identify, wolfkdriv_identify), + DEVMETHOD(device_probe, wolfkdriv_probe), + DEVMETHOD(device_attach, wolfkdriv_attach), + DEVMETHOD(device_detach, wolfkdriv_detach), + + /* crypto device session methods: called during crypto session setup, + * work, etc. */ + DEVMETHOD(cryptodev_probesession, wolfkdriv_probesession), + DEVMETHOD(cryptodev_newsession, wolfkdriv_newsession), + DEVMETHOD(cryptodev_freesession, wolfkdriv_freesession), + DEVMETHOD(cryptodev_process, wolfkdriv_process), + + DEVMETHOD_END +}; + +static driver_t wolfkdriv_driver = { + .name = "libwolf", + .methods = wolfkdriv_methods, + .size = sizeof(struct wolfkdriv_softc), +}; + +/* on x86, software-only drivers usually attach to nexus bus. */ +DRIVER_MODULE(libwolfssl, nexus, wolfkdriv_driver, NULL, NULL); +#endif /* BSDKM_CRYPTO_REGISTER */ + +#if !defined(BSDKM_CRYPTO_REGISTER) +/* + * wolfkmod as a pure kernel module. + */ static moduledata_t libwolfmod = { + #ifdef HAVE_FIPS + "libwolfssl_fips", /* module name */ + #else "libwolfssl", /* module name */ + #endif /* HAVE_FIPS */ wolfkmod_event, /* module event handler */ NULL /* extra data, unused */ }; -MODULE_VERSION(libwolfssl, 1); DECLARE_MODULE(libwolfssl, libwolfmod, SI_SUB_DRIVERS, SI_ORDER_MIDDLE); +#endif /* !BSDKM_CRYPTO_REGISTER */ + +MODULE_VERSION(libwolfssl, 1); #endif /* WOLFSSL_BSDKM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/wolfkmod_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/wolfkmod_aes.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/wolfkmod_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,347 @@ +#if !defined(WC_SKIP_INCLUDED_C_FILES) && defined(BSDKM_CRYPTO_REGISTER) +#include + +/* + * the cryptodev framework always calls a callback, even when CRYPTOCAP_F_SYNC. + */ +static int +wolfkdriv_test_crp_callback(struct cryptop * crp) +{ + (void)crp; + return (0); +} + +/* Test aes-cbc with a buffer larger than aes block size. + * Verify direct wolfcrypt API and opencrypto framework return + * same result. */ +static int wolfkdriv_test_aes_cbc_big(device_t dev, int crid) +{ + crypto_session_t session = NULL; + struct crypto_session_params csp; + struct cryptop * crp = NULL; + Aes * aes_encrypt = NULL; + int error = 0; + byte msg[] = { + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20 + }; + byte work1[WC_AES_BLOCK_SIZE * 3]; /* wolfcrypt buffer */ + byte work2[WC_AES_BLOCK_SIZE * 3]; /* opencrypto buffer */ + /* padded to 16-bytes */ + const byte key[] = "0123456789abcdef "; + /* padded to 16-bytes */ + const byte iv[] = "1234567890abcdef "; + + memset(&csp, 0, sizeof(csp)); + memcpy(work1, msg, sizeof(msg)); /* wolfcrypt work buffer */ + memcpy(work2, msg, sizeof(msg)); /* opencrypto work buffer */ + + /* wolfcrypt encrypt */ + aes_encrypt = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); + if (aes_encrypt == NULL) { + error = ENOMEM; + device_printf(dev, "error: malloc failed\n"); + goto test_aes_cbc_big_out; + } + + error = wc_AesInit(aes_encrypt, NULL, INVALID_DEVID); + if (error) { + device_printf(dev, "error: newsession_cipher: aes init: %d\n", error); + goto test_aes_cbc_big_out; + } + + error = wc_AesSetKey(aes_encrypt, key, 16, iv, AES_ENCRYPTION); + if (error) { + device_printf(dev, "error: wc_AesSetKey: %d\n", error); + goto test_aes_cbc_big_out; + } + + error = wc_AesCbcEncrypt(aes_encrypt, work1, work1, sizeof(work1)); + if (error) { + device_printf(dev, "error: wc_AesCbcEncrypt: %d\n", error); + goto test_aes_cbc_big_out; + } + + /* opencrypto encrypt */ + csp.csp_mode = CSP_MODE_CIPHER; + csp.csp_cipher_alg = CRYPTO_AES_CBC; + csp.csp_ivlen = WC_AES_BLOCK_SIZE; + csp.csp_cipher_key = key; + csp.csp_cipher_klen = WC_AES_BLOCK_SIZE; + error = crypto_newsession(&session, &csp, crid); + if (error || session == NULL) { + goto test_aes_cbc_big_out; + } + + crp = crypto_getreq(session, M_WAITOK); + if (crp == NULL) { + device_printf(dev, "error: test_aes: crypto_getreq failed\n"); + goto test_aes_cbc_big_out; + } + + crp->crp_callback = wolfkdriv_test_crp_callback; + crp->crp_op = CRYPTO_OP_ENCRYPT; + crp->crp_flags = CRYPTO_F_IV_SEPARATE; + + memcpy(crp->crp_iv, iv, WC_AES_BLOCK_SIZE); + + crypto_use_buf(crp, work2, sizeof(work2)); + crp->crp_payload_start = 0; + crp->crp_payload_length = sizeof(work2); + + error = crypto_dispatch(crp); + if (error) { + goto test_aes_cbc_big_out; + } + + error = XMEMCMP(work1, work2, sizeof(work2)); + if (error) { + device_printf(dev, "error: test_aes: enc vectors diff: %d\n", error); + goto test_aes_cbc_big_out; + } + + /* opencrypto decrypt */ + crp->crp_op = CRYPTO_OP_DECRYPT; + + error = crypto_dispatch(crp); + if (error) { + goto test_aes_cbc_big_out; + } + + error = XMEMCMP(work2, msg, sizeof(msg)); + if (error) { + device_printf(dev, "error: test_aes: dec vectors diff: %d\n", error); + goto test_aes_cbc_big_out; + } + +test_aes_cbc_big_out: + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: test_aes_cbc_big: error=%d, session=%p, crp=%p\n", + error, (void *)session, (void*)crp); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + if (crp != NULL) { + crypto_freereq(crp); + crp = NULL; + } + + if (session != NULL) { + crypto_freesession(session); + session = NULL; + } + + if (aes_encrypt != NULL) { + wc_AesFree(aes_encrypt); + XFREE(aes_encrypt, NULL, DYNAMIC_TYPE_AES); + aes_encrypt = NULL; + } + + return (error); +} + +/* Test aes-gcm encrypt and decrypt a small buffer with opencrypto + * framework and wolfcrypt. + */ +static int wolfkdriv_test_aes_gcm(device_t dev, int crid) +{ + crypto_session_t session = NULL; + struct crypto_session_params csp; + struct cryptop * crp = NULL; + Aes * enc = NULL; + int error = 0; + + WOLFSSL_SMALL_STACK_STATIC const byte p[] = + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; + + WOLFSSL_SMALL_STACK_STATIC byte a[] = + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t1[] = + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }; + + byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE]; + byte resultC2[sizeof(p) + WC_AES_BLOCK_SIZE]; + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + + XMEMSET(resultC2, 0, sizeof(resultC)); + XMEMCPY(resultC2, p, sizeof(p)); + + /* wolfcrypt encrypt */ + enc = (Aes *)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); + if (enc == NULL) { + error = ENOMEM; + device_printf(dev, "error: malloc failed\n"); + goto test_aes_gcm_out; + } + + error = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (error) { goto test_aes_gcm_out; } + + error = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a)); + if (error) { goto test_aes_gcm_out; } + + error = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1)); + if (error) { goto test_aes_gcm_out; } + + error = XMEMCMP(resultC, c1, sizeof(c1)); + if (error) { goto test_aes_gcm_out; } + + error = XMEMCMP(resultT, t1, sizeof(t1)); + if (error) { goto test_aes_gcm_out; } + + /* + * opencrypto encrypt + * */ + + /* set crypto session params */ + memset(&csp, 0, sizeof(csp)); + csp.csp_flags |= CSP_F_SEPARATE_AAD; + csp.csp_mode = CSP_MODE_AEAD; + csp.csp_cipher_alg = CRYPTO_AES_NIST_GCM_16; + csp.csp_ivlen = sizeof(iv1); + csp.csp_cipher_key = k1; + csp.csp_cipher_klen = sizeof(k1); + + /* get crypto session handle */ + error = crypto_newsession(&session, &csp, crid); + if (error || session == NULL) { + device_printf(dev, "error: test_aes: crypto_newsession: %d, %p\n", + error, (void *)session); + goto test_aes_gcm_out; + } + + /* get a crypto op handle */ + crp = crypto_getreq(session, M_WAITOK); + if (crp == NULL) { + device_printf(dev, "error: test_aes: crypto_getreq failed\n"); + goto test_aes_gcm_out; + } + + /* configure it */ + crp->crp_callback = wolfkdriv_test_crp_callback; + crp->crp_op = (CRYPTO_OP_ENCRYPT | CRYPTO_OP_COMPUTE_DIGEST); + crp->crp_flags = CRYPTO_F_IV_SEPARATE; + + memcpy(crp->crp_iv, iv1, sizeof(iv1)); + + crypto_use_buf(crp, resultC2, sizeof(resultC2)); + crp->crp_payload_start = 0; + crp->crp_payload_length = sizeof(p); + + crp->crp_aad = a; + crp->crp_aad_start = 0; + crp->crp_aad_length = sizeof(a); + crp->crp_digest_start = crp->crp_payload_start + sizeof(p); + + error = crypto_dispatch(crp); + if (error) { + goto test_aes_gcm_out; + } + + error = XMEMCMP(resultC2, c1, sizeof(c1)); + if (error) { goto test_aes_gcm_out; } + + error = XMEMCMP(resultC2 + sizeof(p), t1, sizeof(t1)); + if (error) { goto test_aes_gcm_out; } + + /* opencrypto decrypt */ + crp->crp_op = (CRYPTO_OP_DECRYPT | CRYPTO_OP_VERIFY_DIGEST); + + error = crypto_dispatch(crp); + if (error) { + goto test_aes_gcm_out; + } + + error = XMEMCMP(resultC2, p, sizeof(p)); + if (error) { goto test_aes_gcm_out; } + +test_aes_gcm_out: + #if defined(WOLFSSL_BSDKM_VERBOSE_DEBUG) + device_printf(dev, "info: test_aes_gcm: error=%d, session=%p, crp=%p\n", + error, (void *)session, (void*)crp); + #endif /* WOLFSSL_BSDKM_VERBOSE_DEBUG */ + + if (crp != NULL) { + crypto_freereq(crp); + crp = NULL; + } + + if (session != NULL) { + crypto_freesession(session); + session = NULL; + } + + if (enc != NULL) { + wc_AesFree(enc); + XFREE(enc, NULL, DYNAMIC_TYPE_AES); + enc = NULL; + } + + return (error); +} + + +static int wolfkdriv_test_aes(device_t dev, int crid) +{ + int error = 0; + + if (error == 0) { + error = wolfkdriv_test_aes_cbc_big(dev, crid); + } + + if (error == 0) { + error = wolfkdriv_test_aes_gcm(dev, crid); + } + + return (error); +} +#endif /* !WC_SKIP_INCLUDED_C_FILES && BSDKM_CRYPTO_REGISTER */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/x86_vecreg.c mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/x86_vecreg.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/bsdkm/x86_vecreg.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/bsdkm/x86_vecreg.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,225 @@ +/* x86_vecreg.c -- logic to save and restore vector registers + * on amd64 in FreeBSD kernel. + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* included by bsdkm/wolfkmod.c */ +#ifndef WC_SKIP_INCLUDED_C_FILES + +#include +#include +#include +#include + +struct wolfkmod_fpu_state_t { + volatile lwpid_t td_tid; + volatile u_int nest; +}; + +typedef struct wolfkmod_fpu_state_t wolfkmod_fpu_state_t; + +/* fpu_states array tracks thread id and nesting level of save/restore + * and push/pop vector registers macro calls. It is indexed by raw cpu id, + * and only accessed after the thread calls fpu_kern_enter(), and before + * calling fpu_kern_leave(), and only indexed by the thread's PCPU_GET(cpuid). + * + * after calling fpu_kern_enter(): + * - kernel fpu is enabled + * - migration is disabled + * - soft preempts are disabled + * Hard irq are still possible , but hard irq are forbidden from using FPU + * in FreeBSD kernel. + * */ +static wolfkmod_fpu_state_t * fpu_states = NULL; + +/* check for active td_tid with atomic before proceeding. + * technically not necessary because fpu_kern_enter() gives thread pinning + * to cpu, but just to be safe... + * */ +#define wolfkmod_fpu_get_tid() \ + atomic_load_acq_int(&fpu_states[PCPU_GET(cpuid)].td_tid) + +int wolfkmod_vecreg_init(void) +{ + if (mp_ncpus <= 0) { + printf("error: wolfkmod_vecreg_init: mp_ncpus = %d\n", mp_ncpus); + return (EINVAL); + } + + fpu_states = malloc(mp_ncpus * sizeof(wolfkmod_fpu_state_t), + M_WOLFSSL, M_WAITOK | M_ZERO); + if (fpu_states == NULL) { + printf("error: wolfkmod_vecreg_init: malloc(%lu) failed\n", + mp_ncpus * sizeof(wolfkmod_fpu_state_t)); + return (ENOMEM); + } + + return (0); +} + +void wolfkmod_vecreg_exit(void) +{ + int i = 0; + + if (fpu_states == NULL) { + return; + } + + for (i = 0; i < mp_ncpus; ++i) { + #if defined(WOLFSSL_BSDKM_FPU_DEBUG) + printf("info: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n", + i, fpu_states[i].nest, fpu_states[i].td_tid); + #endif /* WOLFSSL_BSDKM_FPU_DEBUG */ + + if (fpu_states[i].nest != 0 || fpu_states[i].td_tid != 0) { + /* Check for orphaned fpu state. There's nothing we can do + * but log the event and zero the nesting level. */ + printf("error: wolfkmod_vecreg_exit: fpu_states[%d] = %d, %d\n", + i, fpu_states[i].nest, fpu_states[i].td_tid); + fpu_states[i].nest = 0; + } + } + + free(fpu_states, M_WOLFSSL); + fpu_states = NULL; + + return; +} + +/* fpu_kern_enter() and fpu_kern_leave() wrapper defines. + * Build with WOLFSSL_BSDKM_FPU_DEBUG to see verbose FPU logging. + */ +#if defined(WOLFSSL_BSDKM_FPU_DEBUG) + #define wolfkmod_print_curthread(what) \ + printf("%s: cpuid = %d, curthread: td_tid = %d, pid = %d (%s), " \ + "td_critnest = %d, kernfpu = %02x\n", \ + (what), PCPU_GET(cpuid), curthread->td_tid, \ + curthread->td_proc ? curthread->td_proc->p_pid : -1, \ + curthread->td_proc ? curthread->td_proc->p_comm : "noproc", \ + curthread->td_critnest, \ + curthread->td_pcb->pcb_flags & PCB_KERNFPU); + + #define wolfkmod_fpu_kern_enter() \ + wolfkmod_print_curthread("fpu_kern_enter"); \ + fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); + + #define wolfkmod_fpu_kern_leave() \ + wolfkmod_print_curthread("fpu_kern_leave"); \ + fpu_kern_leave(curthread, NULL); +#else + #define wolfkmod_fpu_kern_enter() \ + fpu_kern_enter(curthread, NULL, FPU_KERN_NOCTX); + + #define wolfkmod_fpu_kern_leave() \ + fpu_kern_leave(curthread, NULL); +#endif /* WOLFSSL_BSDKM_FPU_DEBUG */ + +int wolfkmod_vecreg_save(int flags_unused) +{ + (void)flags_unused; + + #if defined(WOLFSSL_BSDKM_FPU_DEBUG) + wolfkmod_print_curthread("wolfkmod_vecreg_save"); + #endif + + if (is_fpu_kern_thread(0)) { + /* kernel fpu threads are special, do nothing. They own a + * persistent, dedicated fpu context. */ + #if defined(WOLFSSL_BSDKM_FPU_DEBUG) + printf("info: wolfkmod_vecreg_save: is fpu kern thread\n"); + #endif + return (0); + } + + if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) { + /* kern fpu is active for this thread. check td_tid and + * increment nesting level. */ + lwpid_t td_tid = wolfkmod_fpu_get_tid(); + if (td_tid != curthread->td_tid) { + printf("error: wolfkmod_vecreg_save: got tid = %d, expected %d\n", + td_tid, curthread->td_tid); + return (EINVAL); + } + fpu_states[PCPU_GET(cpuid)].nest++; + } + else { + /* kern fpu not active for this thread, call fpu_kern_enter(). + * after calling fpu_kern_enter(): + * - kernel fpu is enabled + * - migration is disabled + * - soft preempts are disabled */ + lwpid_t td_tid = 0; + wolfkmod_fpu_kern_enter(); + td_tid = wolfkmod_fpu_get_tid(); + + if (fpu_states[PCPU_GET(cpuid)].nest != 0 || td_tid != 0) { + printf("error: wolfkmod_fpu_kern_enter() with nest: %d, %d\n", + fpu_states[PCPU_GET(cpuid)].nest, td_tid); + return (EINVAL); + } + + /* increment nest and save td_tid. */ + fpu_states[PCPU_GET(cpuid)].nest++; + fpu_states[PCPU_GET(cpuid)].td_tid = curthread->td_tid; + } + + return (0); +} + +void wolfkmod_vecreg_restore(void) +{ + #if defined(WOLFSSL_BSDKM_FPU_DEBUG) + wolfkmod_print_curthread("wolfkmod_vecreg_restore"); + #endif + + if (is_fpu_kern_thread(0)) { + /* kernel fpu threads are special, do nothing. They own a + * persistent, dedicated fpu context. */ + #if defined(WOLFSSL_BSDKM_FPU_DEBUG) + printf("info: wolfkmod_vecreg_restore: is fpu kern thread\n"); + #endif + return; + } + + if (curthread->td_pcb->pcb_flags & PCB_KERNFPU) { + /* kern fpu is active for this thread. check tid and nesting level. */ + lwpid_t td_tid = wolfkmod_fpu_get_tid(); + if (td_tid != curthread->td_tid) { + printf("error: wolfkmod_vecreg_restore: got tid = %d, " + "expected %d\n", td_tid, curthread->td_tid); + return; + } + + /* decrement the nesting level. */ + if (fpu_states[PCPU_GET(cpuid)].nest > 0) { + fpu_states[PCPU_GET(cpuid)].nest--; + } + + /* if last level, zero the thread id then call fpu_kern_leave */ + if (fpu_states[PCPU_GET(cpuid)].nest == 0) { + fpu_states[PCPU_GET(cpuid)].td_tid = 0; + wolfkmod_fpu_kern_leave(); + } + } + + return; +} + +#endif /* !WC_SKIP_INCLUDED_C_FILES */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/ca-issuers-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/ca-issuers-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/ca-issuers-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/ca-issuers-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUDCCAjigAwIBAgIUQy4lyOzJcvFVekNsQWuUegW0kGgwDQYJKoZIhvcNAQEL +BQAwGzEZMBcGA1UEAwwQd29sZnNzbC1haWEtdGVzdDAeFw0yNjAxMjYyMzE1NTZa +Fw0yNzAxMjYyMzE1NTZaMBsxGTAXBgNVBAMMEHdvbGZzc2wtYWlhLXRlc3QwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDM1vUyiX+qtPFhhEqZq3bCUKpd +6QtswO7YWj+us79yh99mIGE7EZlSfTv0n3rn2//m5bQ7a+TSYMkDyNjPEH6Z+ub2 +qW4EJyc4J9DfC+T9gJM4dvsij+F8TUne/o5iCwFdiZEycEj0vtyYh53du3oqlZTY +yt8q4k5INoTl+ELCX/L0YqR/+Fl2qaloK7YHUb3EdSqBEGoa/IEfnxHMreZWhVYd +pSdDnT9rfNqT5Kb2e+eZbZZSouEmebhx9ioRfIXDadSCCa1JNp4fO3YlcDmmEahx +6TcjEmhUt80+hjhJhqrh4vPlxI24qHmfOe+k2qSimpJse/AUuz7wGRjx6ktfAgMB +AAGjgYswgYgwHQYDVR0OBBYEFMvT3KE5dvI6t3KNrcuctkm6wvXMMB8GA1UdIwQY +MBaAFMvT3KE5dvI6t3KNrcuctkm6wvXMMA8GA1UdEwEB/wQFMAMBAf8wNQYIKwYB +BQUHAQEEKTAnMCUGCCsGAQUFBzAChhlodHRwOi8vZXhhbXBsZS5jb20vY2EucGVt +MA0GCSqGSIb3DQEBCwUAA4IBAQCjxEHOlxVfmE8xgcQCnr1b4IK5EBuIMUaS7lko +AHmHvj7z9rr2cxbJhGYQxcttZ4/SQldRqpmiB0cUmko4LbD9yos4FKlyGe3xWvKa +W17SdpJU2PREShGLLqP7bwiWV6wVyo6puwDHLYSjH5vYr+IcSNNc0GuMZg1OhTWt +2PYG2vGbHoNR0/UyNibGmaPBimg0nb2GTizY7yWm+N/yXnWa6Wc5yyiF1zExw/GO +8O/rF0Lg/Gy/v6LnnNmhSOr9ENPKgQEAHFmJRXBXqDYUNhcm2U3PzlfBa06SHFcr +b59n5jgJmcNSwYDJAYKEhMvjBL40DmiWaRfol2DPoIZ7YtRf +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/multi-aia-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/multi-aia-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/multi-aia-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/multi-aia-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDwTCCAqmgAwIBAgIUEcNoHSMtIkVhW/MmkmUEsVoJVQEwDQYJKoZIhvcNAQEL +BQAwITEfMB0GA1UEAwwWd29sZnNzbC1haWEtbXVsdGktdGVzdDAeFw0yNjAxMjcw +MTUwNDRaFw0yNzAxMjcwMTUwNDRaMCExHzAdBgNVBAMMFndvbGZzc2wtYWlhLW11 +bHRpLXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpVdogPQ2I +/nErbxSaNGoYhkwoj1qt+Be1/qWnvZzJ0EBOG4EdioMRIkJzP6W3HoAhkGBrueXf +riN07M3XLocRfE+9C1+jZQxBGRxysns9z7K+i0pBtPN/AXV2RCSz13FFyVyLhLks +2YAL9By36X9R0wsL+Nd4EAQ4ouf0GglmTmtb5rHf2GIno4xFg9tpWosiUTytwgDC +K9lQEQnTnPG6E43N2bszqBc4roOPrYDnd7raNTqcv9yTHM8zwffGJuCogE/Fbr2R +yVubLW28n5/O1Pb47hHuPJv6oHMZgct2SV5OB/mwVgI0eoFMSQZ35o6BpHD0C497 +L2IcoMi8A9rFAgMBAAGjgfAwge0wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAoQw +gbAGCCsGAQUFBwEBBIGjMIGgMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4x +OjIyMjIxMCIGCCsGAQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIyMCkGCCsG +AQUFBzAChh1odHRwOi8vd3d3LndvbGZzc2wuY29tL2NhLnBlbTArBggrBgEFBQcw +AoYfaHR0cHM6Ly93d3cud29sZnNzbC5jb20vY2EyLnBlbTAdBgNVHQ4EFgQU1GNm +eP/LXQk0tFaTeWoNHyLhLZkwDQYJKoZIhvcNAQELBQADggEBACwuXdKYI2Q/Vhd7 +TJFvKdp7BuUopQGEQ+4vR+FoesYXc9MHjZJfMqEffv1MArTeY46At/zvcTeszagi +io+jjGBLOutsAf9WK3PnKMIkGGfro6btZ8QFyKiZ6unMMlqe6cGqrCrNKp8jLP3k +CKZltR5c+MIPhpjoOhNDMOcPMwZBGQJWubwOb4uOu3wv7UWJk/ovKP9WJCUn6wLH +soDs+MHMICkxOvDfPf+F4URVqTbzE8IvSMv38z4cAqsyEfWxr32Dg34S/NmeePFV +7sSDpksvyITGsxjnQulSuUFSmldumQ6GnA4ZUXvCNdJ0zbD/Iib9ud6K05VdWYZP +uyCRkjY= +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/overflow-aia-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/overflow-aia-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/aia/overflow-aia-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/aia/overflow-aia-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEcDCCA1igAwIBAgIUN5kIU1GLRP5bRKctP271p7IGFVowDQYJKoZIhvcNAQEL +BQAwJDEiMCAGA1UEAwwZd29sZnNzbC1haWEtb3ZlcmZsb3ctdGVzdDAeFw0yNjAx +MjcwMTU1NTBaFw0yNzAxMjcwMTU1NTBaMCQxIjAgBgNVBAMMGXdvbGZzc2wtYWlh +LW92ZXJmbG93LXRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDS +eHeAzVuCe44SU8bcyIWLwkA2AABw/ctSBWKAFEd7DYHduRr3diblHERU1Fv5JzYx +JnZquj1IO/qsnSFJYDc9sQmYea89iW8KNPVXKDzdbzhpiQLZL7Yq71ICxxqVLfRr +91lyAj0+Syncrp96olSpMJochVnQ6PqLcc/Gq7CMtrKn5KAN7Mn3+LdAQYU8JjRa +zqEJ8fmkBKbS5watzgnkP2o5jWSpWzpDOxTdw85hju4H9m5Gmun3XVO9dEAN/dqK +vklkzgQGvAMMQMIcgOzw0HxAuvsSNtjgEpIlOir0M7YiC0pYqtMO+thSCmVCvsDR +/nG/iqe6YBSXh6oszGwTAgMBAAGjggGYMIIBlDAMBgNVHRMEBTADAQH/MAsGA1Ud +DwQEAwIChDCCAVYGCCsGAQUFBwEBBIIBSDCCAUQwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjAwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6 +MjIyMjEwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjIwIgYIKwYB +BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjMwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjQwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6 +MjIyMjUwIgYIKwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjYwIgYIKwYB +BQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjcwIgYIKwYBBQUHMAGGFmh0dHA6 +Ly8xMjcuMC4wLjE6MjIyMjgwHQYDVR0OBBYEFJt6TNgqMFBebotXaauIYPpUJi1S +MA0GCSqGSIb3DQEBCwUAA4IBAQA5noHB343sKQqVmmLds0gC/k1UhVA5iftAGmes +uRdNOOCdo2i739DmRAXggetgtatcjDfjxkrvq0Qi+geozZra6uX9FT/hgfw6kDpU +HKzJFy4E0G0HTM8mtJi+aGDZL3Lts+h272eahkT1jVKGAPFugqfz7fKRsMce6eCE +UD5cvtQXX16fGhBxxmUCZPnxMKcj2oNl7RliHphK6ofXuNbKjqjVQfxsTUXSQDyS +ApH5w6iUnAvC5l19qYrBcCVOB6CNJ2CdmvFI//Ox8Jc56HRYYDIdVp2Q3FFA5Z4s +gTLvlumVgihAekD+0zVF9q+AJ4TSbE3cqsQgHF/+p84KxWid +-----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ca-cert.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ca-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ca-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ca-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ca-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,92 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4661 (0x1235) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C = US, ST = Montana, L = Bozeman, O = Sawtooth, OU = Consulting, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Jan 24 20:31:13 2026 GMT + Not After : Oct 20 20:31:13 2028 GMT + Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_2048, OU = Programming-2048, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c3:03:d1:2b:fe:39:a4:32:45:3b:53:c8:84:2b: + 2a:7c:74:9a:bd:aa:2a:52:07:47:d6:a6:36:b2:07: + 32:8e:d0:ba:69:7b:c6:c3:44:9e:d4:81:48:fd:2d: + 68:a2:8b:67:bb:a1:75:c8:36:2c:4a:d2:1b:f7:8b: + ba:cf:0d:f9:ef:ec:f1:81:1e:7b:9b:03:47:9a:bf: + 65:cc:7f:65:24:69:a6:e8:14:89:5b:e4:34:f7:c5: + b0:14:93:f5:67:7b:3a:7a:78:e1:01:56:56:91:a6: + 13:42:8d:d2:3c:40:9c:4c:ef:d1:86:df:37:51:1b: + 0c:a1:3b:f5:f1:a3:4a:35:e4:e1:ce:96:df:1b:7e: + bf:4e:97:d0:10:e8:a8:08:30:81:af:20:0b:43:14: + c5:74:67:b4:32:82:6f:8d:86:c2:88:40:99:36:83: + ba:1e:40:72:22:17:d7:52:65:24:73:b0:ce:ef:19: + cd:ae:ff:78:6c:7b:c0:12:03:d4:4e:72:0d:50:6d: + 3b:a3:3b:a3:99:5e:9d:c8:d9:0c:85:b3:d9:8a:d9: + 54:26:db:6d:fa:ac:bb:ff:25:4c:c4:d1:79:f4:71: + d3:86:40:18:13:b0:63:b5:72:4e:30:c4:97:84:86: + 2d:56:2f:d7:15:f7:7f:c0:ae:f5:fc:5b:e5:fb:a1: + ba:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment + X509v3 Extended Key Usage: + TLS Web Client Authentication + X509v3 Subject Key Identifier: + 33:D8:45:66:D7:68:87:18:7E:54:0D:70:27:91:C7:26:D7:85:65:C0 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 7f:71:41:b2:72:c1:a9:ba:c9:52:40:ea:6d:3d:3d:c0:ae:1e: + 44:cd:f9:a5:d6:ac:34:5f:8b:ed:cd:91:81:0f:05:0f:5e:4b: + b3:18:bf:33:7a:61:a5:25:f1:91:55:c1:12:66:b7:26:3b:9c: + bb:21:1a:0c:72:78:88:57:fa:49:22:e7:80:2f:c1:40:01:66: + 3d:20:63:e7:e3:38:a9:54:39:52:42:d2:b6:38:6b:08:7d:45: + 49:1a:de:b5:64:70:c9:65:ce:0b:94:24:ee:b4:46:67:3c:74: + f0:2a:61:4d:b2:fc:6e:ca:c0:36:a9:b0:d3:5a:e2:15:72:f5: + a4:90:73:b2:37:58:b4:10:39:d3:85:5f:56:91:7e:cf:54:5d: + c6:a7:40:36:bd:ed:f2:af:e5:ce:b6:ea:38:be:47:32:6f:ed: + d2:ba:9d:70:e1:74:2e:f0:27:e4:72:53:75:43:ce:0a:07:b4: + 7e:74:17:00:55:b5:d1:92:e4:42:39:ca:84:51:84:f8:23:a6: + 41:27:fb:20:e2:43:e3:74:d3:ce:95:4e:1f:06:de:65:5e:e3: + 38:e2:eb:f1:a6:ca:6b:7c:56:51:c0:02:1e:6e:3f:51:c1:d5: + 04:c0:3d:57:56:15:65:76:a4:f4:eb:43:27:2c:c3:58:29:5c: + 18:da:e8:fd +-----BEGIN CERTIFICATE----- +MIIE3zCCA8egAwIBAgICEjUwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVT +MRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhT +YXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDEy +NDIwMzExM1oXDTI4MTAyMDIwMzExM1owgZ4xCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRUwEwYDVQQKDAx3b2xmU1NMXzIw +NDgxGTAXBgNVBAsMEFByb2dyYW1taW5nLTIwNDgxGDAWBgNVBAMMD3d3dy53b2xm +c3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJ +KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMMD0Sv+OaQyRTtTyIQrKnx0mr2qKlIH +R9amNrIHMo7Quml7xsNEntSBSP0taKKLZ7uhdcg2LErSG/eLus8N+e/s8YEee5sD +R5q/Zcx/ZSRppugUiVvkNPfFsBST9Wd7Onp44QFWVpGmE0KN0jxAnEzv0YbfN1Eb +DKE79fGjSjXk4c6W3xt+v06X0BDoqAgwga8gC0MUxXRntDKCb42GwohAmTaDuh5A +ciIX11JlJHOwzu8Zza7/eGx7wBID1E5yDVBtO6M7o5lencjZDIWz2YrZVCbbbfqs +u/8lTMTRefRx04ZAGBOwY7VyTjDEl4SGLVYv1xX3f8Cu9fxb5fuhutMCAwEAAaOC +AS0wggEpMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG +CCsGAQUFBwMCMB0GA1UdDgQWBBQz2EVm12iHGH5UDXAnkccm14VlwDCB1AYDVR0j +BIHMMIHJgBQnjmcRdMMmHT/tM2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMC +VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoM +CFNhd3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29s +ZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFD8pESBX +ceeO+RgNynBNWxUqQ9YkMA0GCSqGSIb3DQEBCwUAA4IBAQB/cUGycsGpuslSQOpt +PT3Arh5Ezfml1qw0X4vtzZGBDwUPXkuzGL8zemGlJfGRVcESZrcmO5y7IRoMcniI +V/pJIueAL8FAAWY9IGPn4zipVDlSQtK2OGsIfUVJGt61ZHDJZc4LlCTutEZnPHTw +KmFNsvxuysA2qbDTWuIVcvWkkHOyN1i0EDnThV9WkX7PVF3Gp0A2ve3yr+XOtuo4 +vkcyb+3Sup1w4XQu8CfkclN1Q84KB7R+dBcAVbXRkuRCOcqEUYT4I6ZBJ/sg4kPj +dNPOlU4fBt5lXuM44uvxpsprfFZRwAIebj9RwdUEwD1XVhVldqT060MnLMNYKVwY +2uj9 +-----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/client-ecc-ca-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,54 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 4660 (0x1234) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C = US, ST = Washington, L = Seattle, O = wolfSSL, OU = Development, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Validity + Not Before: Jan 24 20:12:22 2026 GMT + Not After : Oct 20 20:12:22 2028 GMT + Subject: C = US, ST = Oregon, L = Salem, O = Client ECC, OU = Fast, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d: + f5:70:7b:d4:ec:24:8e:19:80:ec:5a:4c:a2:24:03: + 62:2c:9b:da:ef:a2:35:12:43:84:76:16:c6:56:95: + 06:cc:01:a9:bd:f6:75:1a:42:f7:bd:a9:b2:36:22: + 5f:c7:5d:7f:b4 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + EB:D4:4B:59:6B:95:61:3F:51:57:B6:04:4D:89:41:88:44:5C:AB:F2 + X509v3 Authority Key Identifier: + 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Client Authentication + Signature Algorithm: ecdsa-with-SHA256 + Signature Value: + 30:45:02:21:00:9d:4d:72:4a:fb:f7:19:96:e3:d3:c2:75:ed: + b5:39:18:44:e7:61:7d:5e:31:d0:3c:eb:45:b3:6f:38:68:f9: + 1d:02:20:57:c1:19:e8:c8:8a:14:e7:37:d1:93:b3:46:f5:eb: + 8f:24:31:6c:78:d7:cd:b7:c9:8e:09:54:6e:4d:3b:7b:7b +-----BEGIN CERTIFICATE----- +MIICizCCAjGgAwIBAgICEjQwCgYIKoZIzj0EAwIwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDEy +NDIwMTIyMloXDTI4MTAyMDIwMTIyMlowgY0xCzAJBgNVBAYTAlVTMQ8wDQYDVQQI +DAZPcmVnb24xDjAMBgNVBAcMBVNhbGVtMRMwEQYDVQQKDApDbGllbnQgRUNDMQ0w +CwYDVQQLDARGYXN0MRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNC +AARVv/QPRFCaPc6bt/DFTfVwe9TsJI4ZgOxaTKIkA2Ism9rvojUSQ4R2FsZWlQbM +Aam99nUaQve9qbI2Il/HXX+0o3UwczAdBgNVHQ4EFgQU69RLWWuVYT9RV7YETYlB +iERcq/IwHwYDVR0jBBgwFoAUVo6aw/BC3hi5RVVu+ZPP6sPzpSEwDAYDVR0TAQH/ +BAIwADAOBgNVHQ8BAf8EBAMCA6gwEwYDVR0lBAwwCgYIKwYBBQUHAwIwCgYIKoZI +zj0EAwIDSAAwRQIhAJ1Nckr79xmW49PCde21ORhE52F9XjHQPOtFs284aPkdAiBX +wRnoyIoU5zfRk7NG9euPJDFseNfNt8mOCVRuTTt7ew== +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/bad_time_fmt.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/bad_time_fmt.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/bad_time_fmt.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/bad_time_fmt.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB7DCB1QIBATANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UE +CAwCVVMxCzAJBgNVBAcMAlVTMQswCQYDVQQKDAJVUzELMAkGA1UEAwwCVVMxCzAJ +BgNVBAsMAlVTGA0yNDAxMjMwMDAwMDBaGA0zNDAxMjAwMDAwMDBaMDUwMwIUHIAC +LvgfJAXulqYS3LYf4KxwHl4XDTI1MDMxMzAyNDQ0MFowDDAKBgNVHRUEAwoBBqAc +MBowGAYDVR0UBBECDxnP/97adO3y9qRGDM7hQDANBgkqhkiG9w0BAQsFAAOCAQEA +aDY9jBdAJiAujUkaLYLVtzNWF/0SxD5CB4dYIcZMqtPKLn5ykcxkXvnRbVihJ+Kn +AAv9Fkn5iwj77EGwxNjyZktQ4gAmcMhCTBEcAHbmi92tHttot9Sr44+CN+0NaaQD +OflIeVw7Zir90TWufjScy8/e7FkVm+aD5CicrbJWqoe21pB1Q1jS49iNrZzqZ2vw +HLiqNAzpecxwUih/YPe5+CBk5Nq4vICeieGVC/JO9r5SkdDwWQTl0I3kSK6n4Jh7 +53FmIen80F2ZZuZu4/fhJ7C4rlr6W9i6FrK06s5mk1PeYFHKhCkwI8wp8cIudJQD +lLsK2u4CTcuTKdbDLsszYA== +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/crl_reason.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/crl_reason.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/crl_reason.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/crl_reason.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,46 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Last Update: Mar 13 22:04:13 2026 GMT + Next Update: Mar 10 22:04:13 2036 GMT + CRL extensions: + X509v3 CRL Number: + 1 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Mar 13 22:04:13 2026 GMT + CRL entry extensions: + X509v3 CRL Reason Code: + Key Compromise + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 82:60:c0:f2:bb:e1:94:e2:2e:d3:80:80:c6:16:d0:7e:12:20: + 61:64:7b:29:2e:63:68:79:99:43:81:c3:85:e7:d3:65:7a:bb: + ea:50:6d:90:26:aa:a9:66:a8:fb:42:9e:54:6e:7f:7e:4d:59: + 2c:90:21:df:3f:85:82:28:d1:c8:43:66:6c:90:31:e5:d9:89: + 1b:ee:22:61:1f:1a:19:63:e1:5b:11:e4:ca:4d:f8:5c:0b:0c: + ca:df:dc:7b:03:c1:d4:99:3b:a7:39:f9:24:de:8e:51:e6:29: + f1:bc:db:3f:d1:23:1d:08:51:26:2e:a4:9a:58:9a:bc:d0:59: + f2:33:56:c3:c1:d0:d7:0a:d9:e4:99:e0:4e:f5:36:58:b8:7d: + 69:2e:79:d7:5a:67:13:c9:09:f3:95:2c:23:fa:f2:0a:d1:d6: + 6a:32:74:7a:c7:c4:33:8f:38:90:8d:16:7b:d7:03:9a:5c:d3: + f2:b0:b9:d1:a1:de:30:28:0a:b5:65:26:6f:5b:dd:84:b0:f5: + 30:ef:80:2e:34:b9:2d:cd:50:e8:d7:2a:f9:33:86:02:d1:44: + e9:87:91:5e:f1:be:01:40:3f:fc:ec:57:1c:9e:f9:66:fd:78: + 2b:dd:a7:3c:b7:aa:08:a5:50:6f:9d:96:b6:3a:a6:0e:38:27: + b2:f8:a3:e4 +-----BEGIN X509 CRL----- +MIICEjCB+wIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMxEDAOBgNV +BAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3Ro +MRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20x +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI2MDMxMzIyMDQxM1oX +DTM2MDMxMDIyMDQxM1owIjAgAgEBFw0yNjAzMTMyMjA0MTNaMAwwCgYDVR0VBAMK +AQGgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCCYMDyu+GU4i7T +gIDGFtB+EiBhZHspLmNoeZlDgcOF59NlervqUG2QJqqpZqj7Qp5Ubn9+TVkskCHf +P4WCKNHIQ2ZskDHl2Ykb7iJhHxoZY+FbEeTKTfhcCwzK39x7A8HUmTunOfkk3o5R +5inxvNs/0SMdCFEmLqSaWJq80FnyM1bDwdDXCtnkmeBO9TZYuH1pLnnXWmcTyQnz +lSwj+vIK0dZqMnR6x8QzjziQjRZ71wOaXNPysLnRod4wKAq1ZSZvW92EsPUw74Au +NLktzVDo1yr5M4YC0UTph5Fe8b4BQD/87Fccnvlm/Xgr3ac8t6oIpVBvnZa2OqYO +OCey+KPk +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_57oct.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_57oct.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_57oct.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_57oct.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,44 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Last Update: Mar 5 05:15:20 2026 GMT + Next Update: Nov 29 05:15:20 2028 GMT + CRL extensions: + X509v3 CRL Number: + 0x444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Mar 5 05:15:20 2026 GMT + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2d:38:2c:0e:27:b8:55:dd:0c:c5:1b:9d:13:b9:6a:c4:05:6d: + 43:37:41:ee:d7:e1:5e:7f:2c:3e:72:14:9d:0b:f0:89:f8:06: + 3c:75:21:cf:8a:5d:3b:56:3c:c6:a9:b1:56:2e:84:c2:05:60: + 8b:86:33:d0:0b:ab:ba:37:9f:13:af:a1:2e:40:c6:35:f0:b3: + e3:ce:40:2f:4a:65:2b:72:ab:54:c2:56:b7:ca:8a:54:22:c9: + ba:d2:fb:ab:f6:e1:cb:05:ae:25:3a:11:ce:bf:9b:0a:9a:37: + 1a:05:3e:a2:c4:98:68:71:78:70:58:d6:6b:93:97:36:54:7b: + 73:1c:24:5b:19:a8:f4:da:c6:73:f1:58:1a:e6:53:0d:88:d9: + b8:b1:e7:f7:f6:13:4c:8d:86:d7:51:c8:89:93:1f:f0:e5:0a: + 4c:01:21:9b:ad:fe:ed:5b:0f:77:71:8e:3b:ec:3c:e0:c9:3e: + ed:a0:20:f8:51:6c:bc:a9:57:27:13:ff:1d:28:70:41:ce:42: + 05:9f:f5:1f:d4:73:13:89:c0:9e:34:d1:8f:12:9d:07:2b:2e: + 1d:3b:ba:5e:18:72:b7:11:f7:3b:54:59:7d:81:57:1f:25:02: + c5:e1:58:b5:f8:01:e0:62:6d:92:50:bc:c4:f9:26:4e:72:37: + 16:42:e0:c1 +-----BEGIN X509 CRL----- +MIICPTCCASUCAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAzMDUwNTE1MjBa +Fw0yODExMjkwNTE1MjBaMBQwEgIBARcNMjYwMzA1MDUxNTIwWqBGMEQwQgYDVR0U +BDsCOURERERERERERERERERERERERERERERERERERERERERERERERERERERERERE +RERERERERERERERERDANBgkqhkiG9w0BAQsFAAOCAQEALTgsDie4Vd0MxRudE7lq +xAVtQzdB7tfhXn8sPnIUnQvwifgGPHUhz4pdO1Y8xqmxVi6EwgVgi4Yz0Aurujef +E6+hLkDGNfCz485AL0plK3KrVMJWt8qKVCLJutL7q/bhywWuJToRzr+bCpo3GgU+ +osSYaHF4cFjWa5OXNlR7cxwkWxmo9NrGc/FYGuZTDYjZuLHn9/YTTI2G11HIiZMf +8OUKTAEhm63+7VsPd3GOO+w84Mk+7aAg+FFsvKlXJxP/HShwQc5CBZ/1H9RzE4nA +njTRjxKdBysuHTu6XhhytxH3O1RZfYFXHyUCxeFYtfgB4GJtklC8xPkmTnI3FkLg +wQ== +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_64oct.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_64oct.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_64oct.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/crlnum_64oct.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,44 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Last Update: Mar 5 05:15:20 2026 GMT + Next Update: Nov 29 05:15:20 2028 GMT + CRL extensions: + X509v3 CRL Number: + 0x44444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444444 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Mar 5 05:15:20 2026 GMT + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 24:11:b9:3a:df:b5:07:d0:94:b7:1a:73:10:02:f6:13:c5:57: + e3:48:6e:e7:fc:8c:c6:07:15:0b:21:f4:4b:61:d4:1f:98:79: + 8d:02:d6:b5:30:e5:72:85:36:a2:8f:73:32:9b:6c:e1:5b:0f: + 9e:e9:e7:ba:0c:a2:f9:4e:87:84:40:dd:4b:5d:26:e5:87:23: + 01:3e:87:3b:19:86:a6:25:6a:48:73:1c:d5:a0:56:1a:52:65: + 7e:aa:00:b0:2a:6b:ce:95:ce:c0:4f:7c:d7:ef:78:c2:78:b0: + ce:ad:4f:02:e2:ce:56:de:a5:43:5b:ad:78:5a:a7:bc:8d:6e: + ef:86:e1:9e:47:5c:e7:c8:12:81:8d:5a:63:c4:5a:2c:20:54: + da:1e:7f:f0:16:c9:f5:fc:9a:fa:ca:03:73:90:38:11:d1:0e: + 98:34:84:fe:62:1e:8a:20:66:ee:40:09:f1:8d:bc:b5:52:af: + 22:b8:a7:e5:0c:a7:38:e8:4a:9c:09:99:95:ae:cf:a2:8e:a8: + 21:cd:5e:96:a7:ea:4f:bc:a5:be:37:a1:c7:5b:27:3f:b5:99: + 08:62:35:7f:98:2a:20:27:3e:c3:1b:9d:c2:51:66:7c:dd:64: + 38:89:fc:89:fc:c0:54:f9:0d:16:72:44:3c:25:3c:a3:88:b9: + c7:00:df:81 +-----BEGIN X509 CRL----- +MIICRDCCASwCAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAzMDUwNTE1MjBa +Fw0yODExMjkwNTE1MjBaMBQwEgIBARcNMjYwMzA1MDUxNTIwWqBNMEswSQYDVR0U +BEICQERERERERERERERERERERERERERERERERERERERERERERERERERERERERERE +REREREREREREREREREREREREREQwDQYJKoZIhvcNAQELBQADggEBACQRuTrftQfQ +lLcacxAC9hPFV+NIbuf8jMYHFQsh9Eth1B+YeY0C1rUw5XKFNqKPczKbbOFbD57p +57oMovlOh4RA3UtdJuWHIwE+hzsZhqYlakhzHNWgVhpSZX6qALAqa86VzsBPfNfv +eMJ4sM6tTwLizlbepUNbrXhap7yNbu+G4Z5HXOfIEoGNWmPEWiwgVNoef/AWyfX8 +mvrKA3OQOBHRDpg0hP5iHoogZu5ACfGNvLVSryK4p+UMpzjoSpwJmZWuz6KOqCHN +Xpan6k+8pb43ocdbJz+1mQhiNX+YKiAnPsMbncJRZnzdZDiJ/In8wFT5DRZyRDwl +PKOIuccA34E= +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,43 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Last Update: Jan 8 07:15:25 2026 GMT + Next Update: Oct 4 07:15:25 2028 GMT + CRL extensions: + X509v3 CRL Number: + 0xD8AFADA7F08B38E6178BD0E5CD7B0DF80071BA74 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Jan 8 07:15:25 2026 GMT + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0c:45:a0:2e:ba:ad:28:48:eb:61:29:a6:fa:d0:76:8c:96:bb: + 1a:9a:79:90:05:06:78:8e:d2:f6:4d:6d:4c:75:62:d2:b2:91: + f8:e4:59:a9:db:6f:e6:58:fe:f9:2e:7a:67:a7:01:a3:68:ee: + b1:23:a6:25:2a:85:84:3d:bf:86:bf:6d:d5:a6:2d:03:8e:d1: + ac:0f:73:4c:47:ea:fb:75:2e:85:1f:dc:fa:5e:b2:eb:d1:f4: + 75:e9:ae:a9:90:6e:ec:c9:05:db:61:39:30:a8:4e:c3:d2:ce: + 77:2d:ba:bf:fd:74:dc:c6:41:db:65:c4:83:66:9c:91:60:43: + 57:a3:52:bb:9c:b7:fa:30:d3:01:89:7f:5e:c8:06:0a:34:1b: + 77:ce:e8:b4:85:c5:6e:63:50:f3:88:cc:e3:54:7b:29:5c:08: + 4a:7b:35:b4:3f:01:2e:c5:93:4f:7c:7a:17:bf:0d:bd:be:3e: + a9:1b:ef:a0:9c:bc:78:9e:91:99:91:e7:38:63:f1:24:86:02: + 63:81:cb:67:3a:f7:3c:5c:45:87:54:f4:9a:16:25:a2:e5:bd: + ee:7e:9a:28:c0:db:4e:bc:4a:0d:c2:5f:14:ea:9c:8a:42:db: + d2:1d:27:b8:d2:3c:57:4a:bf:46:4a:95:ac:7f:f4:47:22:dd: + d5:dc:52:3f +-----BEGIN X509 CRL----- +MIICGTCCAQECAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAxMDgwNzE1MjVa +Fw0yODEwMDQwNzE1MjVaMBQwEgIBARcNMjYwMTA4MDcxNTI1WqAiMCAwHgYDVR0U +BBcCFQDYr62n8Is45heL0OXNew34AHG6dDANBgkqhkiG9w0BAQsFAAOCAQEADEWg +LrqtKEjrYSmm+tB2jJa7Gpp5kAUGeI7S9k1tTHVi0rKR+ORZqdtv5lj++S56Z6cB +o2jusSOmJSqFhD2/hr9t1aYtA47RrA9zTEfq+3UuhR/c+l6y69H0demuqZBu7MkF +22E5MKhOw9LOdy26v/103MZB22XEg2ackWBDV6NSu5y3+jDTAYl/XsgGCjQbd87o +tIXFbmNQ84jM41R7KVwISns1tD8BLsWTT3x6F78Nvb4+qRvvoJy8eJ6RmZHnOGPx +JIYCY4HLZzr3PFxFh1T0mhYlouW97n6aKMDbTrxKDcJfFOqcikLb0h0nuNI8V0q/ +RkqVrH/0RyLd1dxSPw== +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum2.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum2.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum2.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/extra-crls/large_crlnum2.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,43 @@ +Certificate Revocation List (CRL): + Version 2 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Last Update: Jan 8 07:15:25 2026 GMT + Next Update: Oct 4 07:15:25 2028 GMT + CRL extensions: + X509v3 CRL Number: + 0x8BC28C3B3F7A6344CD464A9FDC837F2009DEB94FD3 +Revoked Certificates: + Serial Number: 01 + Revocation Date: Jan 8 07:15:25 2026 GMT + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 47:71:aa:8d:29:11:90:57:c9:70:78:a5:de:40:ee:c3:da:81: + 68:d0:20:09:af:5b:5f:30:f9:69:14:ff:8a:cf:46:0d:e8:0d: + 45:df:1d:49:ce:05:01:28:a5:34:50:b6:cb:54:9d:a1:42:6c: + f6:e2:66:de:be:e4:90:55:c1:83:e5:4c:26:96:43:29:39:84: + ad:68:3c:0d:5a:d4:e7:ba:7c:21:e9:a1:c2:0c:ad:6f:0c:32: + 71:81:9f:df:7d:c3:0d:92:a4:6f:43:9f:8f:b7:ef:2d:6d:92: + a6:17:cb:c7:4c:2e:3b:a5:2b:2c:74:fa:d1:be:6d:dc:19:04: + d6:b6:56:6c:26:94:8e:13:15:29:12:fe:1a:a4:73:55:df:a5: + c8:d3:d5:99:4a:c6:be:64:1f:90:a9:d8:94:d1:3b:b1:0e:ff: + e4:81:d0:e5:a4:8a:a7:a9:82:fb:a6:86:be:e7:e1:a8:b5:0d: + 87:bb:76:5b:0e:05:1f:d4:82:3c:68:99:ec:ae:ae:8e:4a:72: + cf:3f:8a:7f:b0:a2:69:d9:8c:68:7d:2f:3e:54:e9:fb:70:cf: + d4:ed:1b:61:68:33:4f:93:9b:5f:5e:e9:de:e8:51:66:fd:c8: + 35:40:a0:7d:42:bd:d7:f4:96:cd:c8:72:14:84:cd:f5:19:8c: + a0:5a:b7:72 +-----BEGIN X509 CRL----- +MIICGjCCAQICAQEwDQYJKoZIhvcNAQELBQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYD +VQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290 +aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29t +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tFw0yNjAxMDgwNzE1MjVa +Fw0yODEwMDQwNzE1MjVaMBQwEgIBARcNMjYwMTA4MDcxNTI1WqAjMCEwHwYDVR0U +BBgCFgCLwow7P3pjRM1GSp/cg38gCd65T9MwDQYJKoZIhvcNAQELBQADggEBAEdx +qo0pEZBXyXB4pd5A7sPagWjQIAmvW18w+WkU/4rPRg3oDUXfHUnOBQEopTRQtstU +naFCbPbiZt6+5JBVwYPlTCaWQyk5hK1oPA1a1Oe6fCHpocIMrW8MMnGBn999ww2S +pG9Dn4+37y1tkqYXy8dMLjulKyx0+tG+bdwZBNa2VmwmlI4TFSkS/hqkc1XfpcjT +1ZlKxr5kH5Cp2JTRO7EO/+SB0OWkiqepgvumhr7n4ai1DYe7dlsOBR/Ugjxomeyu +ro5Kcs8/in+womnZjGh9Lz5U6ftwz9TtG2FoM0+Tm19e6d7oUWb9yDVAoH1Cvdf0 +ls3IchSEzfUZjKBat3I= +-----END X509 CRL----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/gencrls.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/gencrls.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/gencrls.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/gencrls.sh 2026-05-24 09:58:33.000000000 +0000 @@ -219,4 +219,83 @@ check_result $? mv tmp crl_rsapss.pem +echo "Step 29 large CRL number( = 20 octets )" +echo d8afada7f08b38e6178bd0e5cd7b0df80071ba74 > crlnumber +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/large_crlnum.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? + +# metadata +echo "Step 29" +openssl crl -in extra-crls/large_crlnum.pem -text > tmp +check_result $? +mv tmp extra-crls/large_crlnum.pem + +echo "Step 30 large CRL number( > 20 octets )" +echo 8bc28c3b3f7a6344cd464a9fdc837f2009deb94fd3 > crlnumber +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/large_crlnum2.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? + +# metadata +echo "Step 31" +openssl crl -in extra-crls/large_crlnum2.pem -text > tmp +check_result $? +mv tmp extra-crls/large_crlnum2.pem + +# OCSP root-ca CRL (empty, no revocations) +cp blank.index.txt demoCA/index.txt + +echo "Step 31" +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out ../ocsp/root-ca-crl.pem -keyfile ../ocsp/root-ca-key.pem -cert ../ocsp/root-ca-cert.pem +check_result $? + +# metadata +echo "Step 32" +openssl crl -in ../ocsp/root-ca-crl.pem -text > tmp +check_result $? +mv tmp ../ocsp/root-ca-crl.pem + +echo "Step 33 larger CRL number( 57 octets )" +python3 -c "print('4' * 114)" > crlnumber # 0x41 * 57 = 114 hex chars crlnumber +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/crlnum_57oct.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? +# metadata +echo "Step 34" +openssl crl -in extra-crls/crlnum_57oct.pem -text > tmp +check_result $? +mv tmp extra-crls/crlnum_57oct.pem + +echo "Step 35 larger CRL number( 64 octets )" +python3 -c "print('4' * 128)" > crlnumber # 0x41 * 64 = 128 hex chars crlnumber +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 1000 -out extra-crls/crlnum_64oct.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? + +# metadata +echo "Step 36" +openssl crl -in extra-crls/crlnum_64oct.pem -text > tmp +check_result $? +mv tmp extra-crls/crlnum_64oct.pem + +# CRL with revoked-entry reason extension for parser/cleanup tests. +cp blank.index.txt demoCA/index.txt +# Reset CRL number state so this test fixture is independent of the +# preceding large-CRL-number steps. +echo "01" > crlnumber +echo "01" > ../crl/crlnumber +echo "Step 37 reason-extension CRL revoke" +openssl ca -config ../renewcerts/wolfssl.cnf -revoke ../server-cert.pem \ + -crl_reason keyCompromise -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? + +echo "Step 38 reason-extension CRL" +openssl ca -config ../renewcerts/wolfssl.cnf -gencrl -crldays 3650 \ + -out crl_reason.pem -keyfile ../ca-key.pem -cert ../ca-cert.pem +check_result $? + +# metadata +echo "Step 39" +openssl crl -in crl_reason.pem -text > tmp +check_result $? +mv tmp crl_reason.pem +cp blank.index.txt demoCA/index.txt + exit 0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/crl/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/crl/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -16,12 +16,18 @@ certs/crl/wolfssl.cnf \ certs/crl/crl.der \ certs/crl/crl2.der \ - certs/crl/crl_rsapss.pem + certs/crl/crl_rsapss.pem \ + certs/crl/crl_reason.pem \ + certs/crl/bad_time_fmt.pem EXTRA_DIST += \ certs/crl/crl.revoked \ certs/crl/extra-crls/ca-int-cert-revoked.pem \ - certs/crl/extra-crls/general-server-crl.pem + certs/crl/extra-crls/general-server-crl.pem \ + certs/crl/extra-crls/large_crlnum.pem \ + certs/crl/extra-crls/large_crlnum2.pem \ + certs/crl/extra-crls/crlnum_57oct.pem \ + certs/crl/extra-crls/crlnum_64oct.pem # Intermediate cert CRL's EXTRA_DIST += \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/external/README.txt mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/README.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/external/README.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/README.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,3 +1,2 @@ -ca_collection.pem contains the two possible Root CA's that login.live.com can -return, either the Baltimore Cyber Trust Root CA or the DigiCert Global Sign -Root CA. +ca_collection.pem contains the Root CA certificates that login.live.com can +return: DigiCert Global Root CA and DigiCert Global Root G2. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/external/ca_collection.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/ca_collection.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/external/ca_collection.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/external/ca_collection.pem 2026-05-24 09:58:33.000000000 +0000 @@ -1,63 +1,3 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: - 08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a - Signature Algorithm: sha1WithRSAEncryption - Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA - Validity - Not Before: Nov 10 00:00:00 2006 GMT - Not After : Nov 10 00:00:00 2031 GMT - Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public-Key: (2048 bit) - Modulus: - 00:e2:3b:e1:11:72:de:a8:a4:d3:a3:57:aa:50:a2: - 8f:0b:77:90:c9:a2:a5:ee:12:ce:96:5b:01:09:20: - cc:01:93:a7:4e:30:b7:53:f7:43:c4:69:00:57:9d: - e2:8d:22:dd:87:06:40:00:81:09:ce:ce:1b:83:bf: - df:cd:3b:71:46:e2:d6:66:c7:05:b3:76:27:16:8f: - 7b:9e:1e:95:7d:ee:b7:48:a3:08:da:d6:af:7a:0c: - 39:06:65:7f:4a:5d:1f:bc:17:f8:ab:be:ee:28:d7: - 74:7f:7a:78:99:59:85:68:6e:5c:23:32:4b:bf:4e: - c0:e8:5a:6d:e3:70:bf:77:10:bf:fc:01:f6:85:d9: - a8:44:10:58:32:a9:75:18:d5:d1:a2:be:47:e2:27: - 6a:f4:9a:33:f8:49:08:60:8b:d4:5f:b4:3a:84:bf: - a1:aa:4a:4c:7d:3e:cf:4f:5f:6c:76:5e:a0:4b:37: - 91:9e:dc:22:e6:6d:ce:14:1a:8e:6a:cb:fe:cd:b3: - 14:64:17:c7:5b:29:9e:32:bf:f2:ee:fa:d3:0b:42: - d4:ab:b7:41:32:da:0c:d4:ef:f8:81:d5:bb:8d:58: - 3f:b5:1b:e8:49:28:a2:70:da:31:04:dd:f7:b2:16: - f2:4c:0a:4e:07:a8:ed:4a:3d:5e:b5:7f:a3:90:c3: - af:27 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Key Usage: critical - Digital Signature, Certificate Sign, CRL Sign - X509v3 Basic Constraints: critical - CA:TRUE - X509v3 Subject Key Identifier: - 03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 - X509v3 Authority Key Identifier: - keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55 - - Signature Algorithm: sha1WithRSAEncryption - cb:9c:37:aa:48:13:12:0a:fa:dd:44:9c:4f:52:b0:f4:df:ae: - 04:f5:79:79:08:a3:24:18:fc:4b:2b:84:c0:2d:b9:d5:c7:fe: - f4:c1:1f:58:cb:b8:6d:9c:7a:74:e7:98:29:ab:11:b5:e3:70: - a0:a1:cd:4c:88:99:93:8c:91:70:e2:ab:0f:1c:be:93:a9:ff: - 63:d5:e4:07:60:d3:a3:bf:9d:5b:09:f1:d5:8e:e3:53:f4:8e: - 63:fa:3f:a7:db:b4:66:df:62:66:d6:d1:6e:41:8d:f2:2d:b5: - ea:77:4a:9f:9d:58:e2:2b:59:c0:40:23:ed:2d:28:82:45:3e: - 79:54:92:26:98:e0:80:48:a8:37:ef:f0:d6:79:60:16:de:ac: - e8:0e:cd:6e:ac:44:17:38:2f:49:da:e1:45:3e:2a:b9:36:53: - cf:3a:50:06:f7:2e:e8:c4:57:49:6c:61:21:18:d5:04:ad:78: - 3c:2c:3a:80:6b:a7:eb:af:15:14:e9:d8:89:c1:b9:38:6c:e2: - 91:6c:8a:ff:64:b9:77:25:57:30:c0:1b:24:a3:e1:dc:e9:df: - 47:7c:b5:b4:24:08:05:30:ec:2d:bd:0b:bf:45:bf:50:b9:a9: - f3:eb:98:01:12:ad:c8:88:c6:98:34:5f:8d:0a:3c:c6:e9:d5: - 95:95:6d:de -----BEGIN CERTIFICATE----- MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 @@ -80,3 +20,26 @@ YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4= -----END CERTIFICATE----- + +-----BEGIN CERTIFICATE----- +MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBH +MjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAwMDBaMGExCzAJBgNVBAYTAlVT +MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j +b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkqhkiG +9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI +2/Ou8jqJkTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx +1x7e/dfgy5SDN67sH0NO3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQ +q2EGnI/yuum06ZIya7XzV+hdG82MHauVBJVJ8zUtluNJbd134/tJS7SsVQepj5Wz +tCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyMUNGPHgm+F6HmIcr9g+UQ +vIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQABo0IwQDAP +BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV +5uNu5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY +1Yl9PMWLSn/pvtsrF9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4 +NeF22d+mQrvHRAiGfzZ0JFrabA0UWTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NG +Fdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBHQRFXGU7Aj64GxJUTFy8bJZ91 +8rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/iyK5S9kJRaTe +pLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl +MrY= +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/certs/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -32,7 +32,9 @@ certs/ecc-client-keyPub.pem \ certs/empty-issuer-cert.pem \ certs/client-ecc-cert.pem \ + certs/client-ecc-ca-cert.pem \ certs/client-ca.pem \ + certs/client-ca-cert.pem \ certs/dh2048.pem \ certs/server-cert.pem \ certs/server-ecc.pem \ @@ -86,11 +88,18 @@ certs/dsa2048.pem EXTRA_DIST += \ + certs/aia/ca-issuers-cert.pem \ + certs/aia/multi-aia-cert.pem \ + certs/aia/overflow-aia-cert.pem + +EXTRA_DIST += \ certs/ca-key.der \ certs/ca-cert.der \ certs/client-cert.der \ certs/client-key.der \ certs/client-ecc-cert.der \ + certs/client-ecc-ca-cert.der \ + certs/client-ca-cert.der \ certs/client-keyPub.der \ certs/client-keyPub.pem \ certs/dh2048.der \ @@ -154,4 +163,3 @@ include certs/rpk/include.am include certs/acert/include.am include certs/mldsa/include.am - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -14,25 +14,47 @@ certs/ocsp/openssl.cnf \ certs/ocsp/renewcerts-for-test.sh \ certs/ocsp/intermediate1-ca-key.pem \ + certs/ocsp/intermediate1-ca-key.der \ certs/ocsp/intermediate1-ca-cert.pem \ + certs/ocsp/intermediate1-ca-cert.der \ certs/ocsp/intermediate2-ca-key.pem \ + certs/ocsp/intermediate2-ca-key.der \ certs/ocsp/intermediate2-ca-cert.pem \ + certs/ocsp/intermediate2-ca-cert.der \ certs/ocsp/intermediate3-ca-key.pem \ + certs/ocsp/intermediate3-ca-key.der \ certs/ocsp/intermediate3-ca-cert.pem \ + certs/ocsp/intermediate3-ca-cert.der \ certs/ocsp/ocsp-responder-key.pem \ + certs/ocsp/ocsp-responder-key.der \ certs/ocsp/ocsp-responder-cert.pem \ + certs/ocsp/ocsp-responder-cert.der \ certs/ocsp/server1-key.pem \ + certs/ocsp/server1-key.der \ certs/ocsp/server1-cert.pem \ + certs/ocsp/server1-cert.der \ + certs/ocsp/server1-chain-noroot.pem \ certs/ocsp/server2-key.pem \ + certs/ocsp/server2-key.der \ certs/ocsp/server2-cert.pem \ + certs/ocsp/server2-cert.der \ certs/ocsp/server3-key.pem \ + certs/ocsp/server3-key.der \ certs/ocsp/server3-cert.pem \ + certs/ocsp/server3-cert.der \ certs/ocsp/server4-key.pem \ + certs/ocsp/server4-key.der \ certs/ocsp/server4-cert.pem \ + certs/ocsp/server4-cert.der \ certs/ocsp/server5-key.pem \ + certs/ocsp/server5-key.der \ certs/ocsp/server5-cert.pem \ + certs/ocsp/server5-cert.der \ certs/ocsp/root-ca-key.pem \ + certs/ocsp/root-ca-key.der \ certs/ocsp/root-ca-cert.pem \ + certs/ocsp/root-ca-cert.der \ + certs/ocsp/root-ca-crl.pem \ certs/ocsp/test-response.der \ certs/ocsp/test-response-rsapss.der \ certs/ocsp/test-response-nointern.der \ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate1-ca-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate2-ca-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/intermediate3-ca-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/ocsp-responder-key.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/renewcerts-for-test.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts-for-test.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/renewcerts-for-test.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts-for-test.sh 2026-05-24 09:58:33.000000000 +0000 @@ -1,10 +1,19 @@ #!/bin/sh +# Create a minimal openssl config for `openssl req`. All DN fields come from +# -subj, but openssl req still requires a [distinguished_name] section to +# exist in the config. Using this temp file avoids relying on the system +# openssl.cnf (which may not exist when testing with a custom OpenSSL build). +WOLF_REQ_CONF=$(mktemp) +printf '[req]\ndistinguished_name=req_dn\n[req_dn]\n' > "$WOLF_REQ_CONF" +trap 'rm -f "$WOLF_REQ_CONF"' EXIT + # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial update_cert(){ openssl req \ -new \ + -config "$WOLF_REQ_CONF" \ -key $1-key.pem \ -out $1-cert.csr \ -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=$2/emailAddress=info@wolfssl.com" @@ -32,6 +41,7 @@ openssl req \ -new \ + -config "$WOLF_REQ_CONF" \ -key root-ca-key.pem \ -out root-ca-cert.csr \ -subj "/C=US/ST=Washington/L=Seattle/O=wolfSSL/OU=Engineering/CN=wolfSSL root CA/emailAddress=info@wolfssl.com" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/renewcerts.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/renewcerts.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/renewcerts.sh 2026-05-24 09:58:33.000000000 +0000 @@ -48,6 +48,12 @@ check_result $? "" mv tmp.pem root-ca-cert.pem +echo "OCSP renew certs Step 4" +openssl x509 -in root-ca-cert.pem -outform DER -out root-ca-cert.der +check_result $? "" +openssl rsa -in root-ca-key.pem -outform DER -out root-ca-key.der +check_result $? "" + # $1 cert, $2 name, $3 ca, $4 extensions, $5 serial update_cert() { echo "Updating certificate \"$1-cert.pem\"" @@ -75,6 +81,11 @@ check_result $? "Step 3" mv "$1"_tmp.pem "$1"-cert.pem cat "$3"-cert.pem >> "$1"-cert.pem + + openssl x509 -in "$1"-cert.pem -outform DER -out "$1"-cert.der + check_result $? "Step 4" + openssl rsa -in "$1"-key.pem -outform DER -out "$1"-key.der + check_result $? "Step 5" } update_cert intermediate1-ca "wolfSSL intermediate CA 1" root-ca v3_ca 01 @@ -89,6 +100,11 @@ update_cert server4 "www4.wolfssl.com" intermediate2-ca v3_req2 08 # REVOKED update_cert server5 "www5.wolfssl.com" intermediate3-ca v3_req3 09 +# server1-chain-noroot.pem: server1 + intermediate1 without root-ca +# (used by tests that need a chain where the root is not sent by the server) +head -n "$(grep -n 'END CERTIFICATE' server1-cert.pem | head -2 | tail -1 | cut -d: -f1)" server1-cert.pem > server1-chain-noroot.pem +check_result $? "" + # Create response DER buffer for test openssl ocsp -port 22221 -ndays 1000 -index index-ca-and-intermediate-cas.txt -rsigner ocsp-responder-cert.pem -rkey ocsp-responder-key.pem -CA root-ca-cert.pem -partial_chain & PID=$! Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/root-ca-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-cert.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/root-ca-crl.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-crl.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/root-ca-crl.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-crl.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,13 @@ +-----BEGIN X509 CRL----- +MIIB8TCB2gIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NMIHJvb3Qg +Q0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20XDTI2MDIyNTE5NTQx +MloXDTM2MDIyMzE5NTQxMlqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUA +A4IBAQB25t9Aca9CcNe95wh1Wnbh5iy/bia5+uRgZjc1aj/fylr8hRyWtOJZlG+S +zfNBgqIAvwRVi/Tc8YPhW9Lae5q8Fm3yxoNPLXtjLr+zaDdyvmLxktL+KxlipV94 +UkJfriy3AwsyGtPAL59ziBnJss8MtymrNWO8tRklWQTj10esMZioiJ1DjaiujV3Q +oivVpWT7CiyzL8/mcBDcLhoFwJzgJS8Wz1gWXW91LSKIZdC9QLs7dAml7lHj8P6r +5t/0KDjcitESALpgvrOYTbloUr9vQbklWuiQtmV4m0mqjrdci0DJdi9+00AHI0Cx +Khl2ffvl7QFIATotVj6EKb3FgKhd +-----END X509 CRL----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/root-ca-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/root-ca-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server1-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-cert.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server1-chain-noroot.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-chain-noroot.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server1-chain-noroot.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-chain-noroot.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,58 @@ +-----BEGIN CERTIFICATE----- +MIIE7jCCA9agAwIBAgIBBTANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NM +IGludGVybWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMB4XDTI1MTExMzIwNDEzNloXDTI4MDgwOTIwNDEzNlowgZgxCzAJBgNVBAYT +AlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYD +VQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEZMBcGA1UEAwwQd3d3 +MS53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOaWVXXPipdojLY49noFvjO2 +UUc3ivfbkb6Sa7cAjPLFJG4Y6ZIAgQHcs0woqbeA8ZbPI3ovrvjjDy3TXiPn20yy +XYkWF76+gdv7Em0oSxCgEgQnwcnQeZXv6I2MWZtOcn28SSsiTvhP4gzx6emX+d+M +WgqqOB1DBKOniaHig6RLtU5FiKYiXaypWGeIwdVh770RBSeUR7szpYrK7h+NwG4k +r83Kv4BHcZWsqfFdI2z1S7Sp4cRm++XEoZ+nUdF4zS60Py7igvN/xKf0Mc92Jz/b +LtJuw0cjgqNIQIynwRPwY1BUQ/ZxEuFvpXpYJvf9iztwGKBDugFrs/jVvgUTZDEC +AwEAAaOCATYwggEyMAkGA1UdEwQCMAAwHQYDVR0OBBYEFMxVFQDiRImSY20QXbme +c7ZdOhnKMIHEBgNVHSMEgbwwgbmAFIPGOoksgfQC151M4irAcYJkRNoOoYGdpIGa +MIGXMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwH +U2VhdHRsZTEQMA4GA1UECgwHd29sZlNTTDEUMBIGA1UECwwLRW5naW5lZXJpbmcx +GDAWBgNVBAMMD3dvbGZTU0wgcm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3 +b2xmc3NsLmNvbYIBATALBgNVHQ8EBAMCBeAwMgYIKwYBBQUHAQEEJjAkMCIGCCsG +AQUFBzABhhZodHRwOi8vMTI3LjAuMC4xOjIyMjIxMA0GCSqGSIb3DQEBCwUAA4IB +AQBZVHFAYgrl8GELqy6w3SNRK3u/VHEpTeKUEuzEOhgA2GZTvPk5DroQWfWMWE3d +NVX6fUEtehkfqMQRz6eOQ9KYm8DbeSAj9SiVLgartP6pDJHGMh01LouFr6ghQBTn +gnHcB6O7hFwfHGpHSgEnBdReToInidg2iv4P2absHzgKJk+/WBJmcTNjxKEjA1je +bUymC8YqiV7CjFYvxAFe7wjJfjWfI/3+85YzS1kEO4AGGY5KHCSnpBcSMriG63Kc +2Ni6GQ6chwdBEoYo8CWFU1H02RvKUmeYTLOMsm/Hxx24S4Brhhdu5/opwqCPtsOy +p/wK7eMUb4BBVJMV2Y8KTB4V +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIE8DCCA9igAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlzELMAkGA1UEBhMCVVMx +EzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoM +B3dvbGZTU0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93b2xmU1NM +IHJvb3QgQ0ExHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUx +MTEzMjA0MTM0WhcNMjgwODA5MjA0MTM0WjCBoTELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0VuZ2luZWVyaW5nMSIwIAYDVQQDDBl3b2xmU1NMIGludGVy +bWVkaWF0ZSBDQSAxMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMIIB +IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3rTIXHfgLbH1ua0WRzWgNWVl +xuFAqx60uRO3y4y7d6V22m2Hh/ZKTRPkJj4nh+5bx2o/RTBhVVz2NdFl+pgRo6dV +1b6Rgkv8vpDWUFNjmiwi4TUR3HgCl4rkRpKcUwh23h9TtrjKdz55brzQ4w0wW0z2 +lA0wKWSfBOXb+4lgZ7uvJoNRdyQvKwuhlIEQmOjrJqgefOTEbGcGlVVK3VL08mBt +ASsZkTVtpAhHBnEkANnexlbzi1Ms4pqWpfNi5cTjI/LS/CHqD2J2jdWZSM7cWMS7 +f9qULIB0g8XgsBV+Qf0O8vTweHZ7rSYNqkiWFy8h45UrJjf5qoAv/t72XryXfwID +AQABo4IBOTCCATUwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUg8Y6iSyB9ALXnUzi +KsBxgmRE2g4wgcQGA1UdIwSBvDCBuYAUc7AcpC+Cy89HpTjXsASCOn5yFSGhgZ2k +gZowgZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQH +DAdTZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd29sZlNTTCByb290IENBMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tggFjMAsGA1UdDwQEAwIBBjAyBggrBgEFBQcBAQQmMCQwIgYI +KwYBBQUHMAGGFmh0dHA6Ly8xMjcuMC4wLjE6MjIyMjAwDQYJKoZIhvcNAQELBQAD +ggEBAHfsiTfUNS4k/dLe2ZiHvlKutdT2EzQSLPB4mAef9+R2327rl8cDo+YVbuKU +FmvtWalKEKDMwmF4x/scBEogwfyUxpmwOowvK30VMFPHm3NUb00WpqstilFwHxuO +YAtWi/KUAf2BX3PL7V7MSnHBqRrXxytaZgJ32hDoRUKgfO94/90I9oQvQfUYyaJI +0V22pE0yr4NduWTsQOliOO8b0Y7J6P2z6OGh2hYeJjyCNsuNgGczyjC/kwPInL6i +b6p8diQ9Bpmrp/4S89v9oIq1DcGckLfKfm37/yrD/nyfQejCf0/6S0nEoNC8/Tg0 +Iv/Vg3lwf2wwja2T+7h3ATSvzA4= +-----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server1-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server1-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server2-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server2-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server2-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server2-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server3-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server3-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server3-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server3-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server4-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server4-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server4-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server4-key.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server5-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server5-cert.der differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/ocsp/server5-key.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/ocsp/server5-key.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/renewcerts/wolfssl.cnf mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts/wolfssl.cnf --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/renewcerts/wolfssl.cnf 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts/wolfssl.cnf 2026-05-24 09:58:33.000000000 +0000 @@ -321,6 +321,45 @@ [ crl_dist_points ] crlDistributionPoints=URI:http://www.wolfssl.com/crl.pem +# AIA test certs +[ aia_ca_issuers ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=critical,CA:true +authorityInfoAccess=@aia_ca_issuers_info + +[ aia_ca_issuers_info ] +caIssuers;URI.0=http://example.com/ca.pem + +[ aia_multi ] +subjectKeyIdentifier=hash +basicConstraints=CA:true +keyUsage=digitalSignature, keyCertSign +authorityInfoAccess=@aia_multi_info + +[ aia_multi_info ] +OCSP;URI.0=http://127.0.0.1:22221 +OCSP;URI.1=http://127.0.0.1:22222 +caIssuers;URI.0=http://www.wolfssl.com/ca.pem +caIssuers;URI.1=https://www.wolfssl.com/ca2.pem + +[ aia_overflow ] +subjectKeyIdentifier=hash +basicConstraints=CA:true +keyUsage=digitalSignature, keyCertSign +authorityInfoAccess=@aia_overflow_info + +[ aia_overflow_info ] +OCSP;URI.0=http://127.0.0.1:22220 +OCSP;URI.1=http://127.0.0.1:22221 +OCSP;URI.2=http://127.0.0.1:22222 +OCSP;URI.3=http://127.0.0.1:22223 +OCSP;URI.4=http://127.0.0.1:22224 +OCSP;URI.5=http://127.0.0.1:22225 +OCSP;URI.6=http://127.0.0.1:22226 +OCSP;URI.7=http://127.0.0.1:22227 +OCSP;URI.8=http://127.0.0.1:22228 + #tsa default [ tsa ] default_tsa = tsa_config1 @@ -404,4 +443,3 @@ URI.1 = https://www.wolfssl.com/ otherName.2 = 2.16.840.1.101.3.6.6;FORMAT:HEX,OCT:D1:38:10:D8:28:AF:2C:10:84:35:15:A1:68:58:28:AF:02:10:86:A2:84:E7:39:C3:EB - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/renewcerts.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/renewcerts.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/renewcerts.sh 2026-05-24 09:58:33.000000000 +0000 @@ -21,6 +21,10 @@ # 1024/client-cert.pem # server-ecc-comp.pem # client-ca.pem +# client-ca-cert.der +# client-ca-cert.pem +# client-ecc-ca-cert.der +# client-ecc-ca-cert.pem # test/digsigku.pem # ecc-privOnlyCert.pem # client-uri-cert.pem @@ -31,10 +35,14 @@ # fpki-cert.der # fpki-certpol-cert.der # rid-cert.der +# aia/ca-issuers-cert.pem +# aia/multi-aia-cert.pem +# aia/overflow-aia-cert.pem # updates the following crls: # crl/cliCrl.pem # crl/crl.pem # crl/crl.revoked +# crl/crl_reason.pem # crl/eccCliCRL.pem # crl/eccSrvCRL.pem # @@ -292,6 +300,60 @@ echo "End of section" echo "---------------------------------------------------------------------" ############################################################ + ########## update AIA test certs ########################### + ############################################################ + echo "Updating AIA test certs" + echo "" + mkdir -p aia + + echo "Updating aia/ca-issuers-cert.pem" + echo "" + openssl req -new -newkey rsa:2048 -nodes -keyout aia/ca-issuers-key.pem -subj "/CN=wolfssl-aia-test" -out aia/ca-issuers-cert.csr + check_result $? "Step AIA-1" + + openssl x509 -req -in aia/ca-issuers-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_ca_issuers -signkey aia/ca-issuers-key.pem -out aia/ca-issuers-cert.pem + check_result $? "Step AIA-2" + rm aia/ca-issuers-cert.csr + + openssl x509 -in aia/ca-issuers-cert.pem -text > tmp.pem + check_result $? "Step AIA-3" + mv tmp.pem aia/ca-issuers-cert.pem + rm aia/ca-issuers-key.pem + echo "End of section" + echo "---------------------------------------------------------------------" + + echo "Updating aia/multi-aia-cert.pem" + echo "" + openssl req -new -newkey rsa:2048 -nodes -keyout aia/multi-aia-key.pem -subj "/CN=wolfssl-aia-multi-test" -out aia/multi-aia-cert.csr + check_result $? "Step AIA-4" + + openssl x509 -req -in aia/multi-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_multi -signkey aia/multi-aia-key.pem -out aia/multi-aia-cert.pem + check_result $? "Step AIA-5" + rm aia/multi-aia-cert.csr + + openssl x509 -in aia/multi-aia-cert.pem -text > tmp.pem + check_result $? "Step AIA-6" + mv tmp.pem aia/multi-aia-cert.pem + rm aia/multi-aia-key.pem + echo "End of section" + echo "---------------------------------------------------------------------" + + echo "Updating aia/overflow-aia-cert.pem" + echo "" + openssl req -new -newkey rsa:2048 -nodes -keyout aia/overflow-aia-key.pem -subj "/CN=wolfssl-aia-overflow-test" -out aia/overflow-aia-cert.csr + check_result $? "Step AIA-7" + + openssl x509 -req -in aia/overflow-aia-cert.csr -days 365 -extfile wolfssl.cnf -extensions aia_overflow -signkey aia/overflow-aia-key.pem -out aia/overflow-aia-cert.pem + check_result $? "Step AIA-8" + rm aia/overflow-aia-cert.csr + + openssl x509 -in aia/overflow-aia-cert.pem -text > tmp.pem + check_result $? "Step AIA-9" + mv tmp.pem aia/overflow-aia-cert.pem + rm aia/overflow-aia-key.pem + echo "End of section" + echo "---------------------------------------------------------------------" + ############################################################ ########## update the self-signed ca-cert-chain.der ######## ############################################################ echo "Updating ca-cert-chain.der" @@ -708,6 +770,16 @@ echo "---------------------------------------------------------------------" ############################################################ + ########## generate SM2 certificates ####################### + ############################################################ + echo "Renewing SM2 certificates" + cd sm2 + ./gen-sm2-certs.sh + cd .. + echo "End of section" + echo "---------------------------------------------------------------------" + + ############################################################ ########## update Raw Public Key certificates ############## ############################################################ echo "Updating certificates" @@ -896,6 +968,73 @@ echo "End of section" echo "---------------------------------------------------------------------" + ############################################################ + ########## update and sign client-ca-cert.pem ############## + ############################################################ + echo "Updating client-ca-cert.pem" + echo "" + cat > client-ca-ext.cnf <<'EOF' +[ client_ca ] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints=critical, CA:FALSE +keyUsage=critical, digitalSignature, keyEncipherment +extendedKeyUsage=clientAuth +EOF + check_result $? "Step 1" + + #pipe the following arguments to openssl req... + echo -e "US\\nMontana\\nBozeman\\nwolfSSL_2048\\nProgramming-2048\\n" \ + "www.wolfssl.com\\ninfo@wolfssl.com\\n.\\n.\\n" | \ + openssl req -new -key client-key.pem -config ./wolfssl.cnf -nodes \ + > client-ca-cert-req.pem + check_result $? "Step 2" + + openssl x509 -req -in client-ca-cert-req.pem -extfile client-ca-ext.cnf \ + -extensions client_ca -days 1000 -CA ca-cert.pem -CAkey ca-key.pem \ + -set_serial 0x1235 > client-ca-cert.pem + check_result $? "Step 3" + rm client-ca-cert-req.pem + + openssl x509 -in client-ca-cert.pem -text > tmp.pem + check_result $? "Step 4" + mv tmp.pem client-ca-cert.pem + + openssl x509 -inform PEM -in client-ca-cert.pem -outform DER \ + -out client-ca-cert.der + check_result $? "Step 5" + rm client-ca-ext.cnf + echo "End of section" + echo "---------------------------------------------------------------------" + + ############################################################ + ####### update and sign client-ecc-ca-cert.pem ############# + ############################################################ + echo "Updating client-ecc-ca-cert.pem" + echo "" + #pipe the following arguments to openssl req... + echo -e "US\\nOregon\\nSalem\\nClient ECC\\nFast\\nwww.wolfssl.com\\n" \ + "info@wolfssl.com\\n.\\n.\\n" | \ + openssl req -new -key ecc-client-key.pem -config ./wolfssl.cnf -nodes \ + > client-ecc-ca-cert-req.pem + check_result $? "Step 1" + + openssl x509 -req -in client-ecc-ca-cert-req.pem -extfile wolfssl.cnf \ + -extensions client_ecc -days 1000 -CA ca-ecc-cert.pem \ + -CAkey ca-ecc-key.pem -set_serial 0x1234 > client-ecc-ca-cert.pem + check_result $? "Step 2" + rm client-ecc-ca-cert-req.pem + + openssl x509 -in client-ecc-ca-cert.pem -text > tmp.pem + check_result $? "Step 3" + mv tmp.pem client-ecc-ca-cert.pem + + openssl x509 -inform PEM -in client-ecc-ca-cert.pem -outform DER \ + -out client-ecc-ca-cert.der + check_result $? "Step 4" + echo "End of section" + echo "---------------------------------------------------------------------" + #cleanup the file system now that we're done echo "Performing final steps, cleaning up the file system..." echo "" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/ca-sm2.pem 2026-05-24 09:58:33.000000000 +0000 @@ -3,11 +3,11 @@ Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -29,16 +29,16 @@ Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: SM2-with-SM3 Signature Value: - 30:45:02:20:47:4e:00:03:ab:34:a1:af:59:39:8f:60:36:bf: - 89:88:42:41:27:c1:dd:57:c9:79:cb:1f:56:5c:16:b5:28:bd: - 02:21:00:8b:2e:25:eb:21:9b:a9:2b:a6:6a:5b:db:a7:c7:2b: - 11:df:73:15:ad:e4:c5:c3:c2:f3:b4:b4:67:af:d7:51:1c + 30:46:02:21:00:b2:b9:5b:02:ad:78:f8:52:ba:67:cf:cb:25: + 9b:ba:d9:56:f5:a7:ff:af:25:26:d5:f6:f3:f3:a6:f5:9a:2f: + 9b:02:21:00:bc:96:f3:39:13:76:dc:02:35:39:0e:dc:0a:69: + bf:02:18:b6:01:be:ff:05:d7:2e:f2:7b:67:eb:16:e9:8e:c5 -----BEGIN CERTIFICATE----- -MIICljCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO +MIIClzCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT U0xfU00yMREwDwYDVQQLDAhSb290LVNNMjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDIxNTA2 -MjMwN1oXDTI1MTExMTA2MjMwN1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDIxODE3 +NTY1N1oXDTI4MTExNDE3NTY1N1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjEP MA0GA1UECwwGQ0Etc20yMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xm @@ -46,6 +46,6 @@ /2RjttVCgCC94uICEjuOtACVCYDLVu1Lyo1X5q4F03YnY3E5ibdp5kiArtGpSBKj YzBhMB0GA1UdDgQWBBRHCkh+uwKoWiZXKxmpe2GLf12ZbjAfBgNVHSMEGDAWgBQ0 HXlEFXmhsWOZ4+1lfGSJgP+47DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBhjAKBggqgRzPVQGDdQNIADBFAiBHTgADqzShr1k5j2A2v4mIQkEnwd1XyXnL -H1ZcFrUovQIhAIsuJeshm6krpmpb26fHKxHfcxWt5MXDwvO0tGev11Ec +AwIBhjAKBggqgRzPVQGDdQNJADBGAiEAsrlbAq14+FK6Z8/LJZu62Vb1p/+vJSbV +9vPzpvWaL5sCIQC8lvM5E3bcAjU5DtwKab8CGLYBvv8F1y7ye2frFumOxQ== -----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/client-sm2.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/client-sm2.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/client-sm2.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/client-sm2.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/client-sm2.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/client-sm2.pem 2026-05-24 09:58:33.000000000 +0000 @@ -2,13 +2,13 @@ Data: Version: 3 (0x2) Serial Number: - 60:a0:4a:0b:36:eb:7d:e1:3f:74:29:a9:29:b4:05:6c:17:f7:a6:d4 + 63:dd:75:63:8a:b0:51:4f:9c:4e:ff:6d:55:4e:cd:ee:8f:26:d3:80 Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Client-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Client-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Client-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Client-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -25,7 +25,7 @@ X509v3 Authority Key Identifier: keyid:E4:21:B2:C5:E5:D4:9E:82:CA:F8:67:F2:28:99:F6:85:E8:F1:55:EF DirName:/C=US/ST=Montana/L=Bozeman/O=wolfSSL_sm2/OU=Client-sm2/CN=www.wolfssl.com/emailAddress=info@wolfssl.com/UID=wolfSSL - serial:60:A0:4A:0B:36:EB:7D:E1:3F:74:29:A9:29:B4:05:6C:17:F7:A6:D4 + serial:63:DD:75:63:8A:B0:51:4F:9C:4E:FF:6D:55:4E:CD:EE:8F:26:D3:80 X509v3 Basic Constraints: CA:TRUE X509v3 Subject Alternative Name: @@ -34,17 +34,17 @@ TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: SM2-with-SM3 Signature Value: - 30:46:02:21:00:8f:b2:b5:95:8f:79:f6:5e:75:e5:c5:e9:9a: - 12:d2:0f:78:9f:c0:1d:8d:1c:be:6b:0c:f1:f5:57:60:db:91: - 4f:02:21:00:87:5e:7d:e4:d6:3a:bb:7b:98:27:85:de:7a:f0: - 21:e2:66:a1:9f:26:e0:dd:86:23:b4:c8:c0:46:5a:f2:49:8d + 30:46:02:21:00:dd:98:90:68:35:95:61:2f:11:90:a5:e9:30: + 8b:9a:aa:33:cc:73:8a:76:96:8b:97:8c:4c:c3:10:fc:14:56: + 9b:02:21:00:f8:de:db:67:54:59:ca:98:27:3d:3f:f6:6f:30: + 0c:65:e1:fb:a0:9f:11:ab:ea:76:30:31:c4:66:11:d7:b9:f2 -----BEGIN CERTIFICATE----- -MIIDyTCCA26gAwIBAgIUYKBKCzbrfeE/dCmpKbQFbBf3ptQwCgYIKoEcz1UBg3Uw +MIIDyTCCA26gAwIBAgIUY911Y4qwUU+cTv9tVU7N7o8m04AwCgYIKoEcz1UBg3Uw gbAxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl bWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjETMBEGA1UECwwKQ2xpZW50LXNtMjEY MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv -bGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yMzAyMTUwNjIz -MDdaFw0yNTExMTEwNjIzMDdaMIGwMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u +bGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDAeFw0yNjAyMTgxNzU2 +NTdaFw0yODExMTQxNzU2NTdaMIGwMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECgwLd29sZlNTTF9zbTIxEzAR BgNVBAsMCkNsaWVudC1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0G CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv @@ -55,9 +55,9 @@ VVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoM C3dvbGZTU0xfc20yMRMwEQYDVQQLDApDbGllbnQtc20yMRgwFgYDVQQDDA93d3cu d29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAV -BgoJkiaJk/IsZAEBDAd3b2xmU1NMghRgoEoLNut94T90KakptAVsF/em1DAMBgNV +BgoJkiaJk/IsZAEBDAd3b2xmU1NMghRj3XVjirBRT5xO/21VTs3ujybTgDAMBgNV HRMEBTADAQH/MBwGA1UdEQQVMBOCC2V4YW1wbGUuY29thwR/AAABMB0GA1UdJQQW -MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqgRzPVQGDdQNJADBGAiEAj7K1lY95 -9l515cXpmhLSD3ifwB2NHL5rDPH1V2DbkU8CIQCHXn3k1jq7e5gnhd568CHiZqGf -JuDdhiO0yMBGWvJJjQ== +MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggqgRzPVQGDdQNJADBGAiEA3ZiQaDWV +YS8RkKXpMIuaqjPMc4p2louXjEzDEPwUVpsCIQD43ttnVFnKmCc9P/ZvMAxl4fug +nxGr6nYwMcRmEde58g== -----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/fix_sm2_spki.py mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/fix_sm2_spki.py --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/fix_sm2_spki.py 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/fix_sm2_spki.py 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,179 @@ +#!/usr/bin/env python3 +"""Fix SM2 certificate SubjectPublicKeyInfo algorithm OID. + +OpenSSL 3.x encodes SM2 keys using the generic id-ecPublicKey OID +(1.2.840.10045.2.1) instead of the SM2-specific OID (1.2.156.10197.1.301). +This script patches the SPKI algorithm OID back to SM2 and re-signs the +certificate. + +Usage: fix_sm2_spki.py +""" + +import base64 +import subprocess +import sys +import os +import tempfile + +EC_PUBKEY_OID = bytes([0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01]) +SM2_ALGO_OID = bytes([0x06, 0x08, 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x82, 0x2d]) +SM2_WITH_SM3 = bytes([0x30, 0x0a, 0x06, 0x08, + 0x2a, 0x81, 0x1c, 0xcf, 0x55, 0x01, 0x83, 0x75]) + + +def read_der_length(data, offset): + b = data[offset] + if b < 0x80: + return b, 1 + num_bytes = b & 0x7f + length = 0 + for i in range(num_bytes): + length = (length << 8) | data[offset + 1 + i] + return length, 1 + num_bytes + + +def encode_der_length(length): + if length < 0x80: + return bytes([length]) + elif length < 0x100: + return bytes([0x81, length]) + elif length < 0x10000: + return bytes([0x82, length >> 8, length & 0xff]) + else: + raise ValueError("Length too large: %d" % length) + + +def find_enclosing_sequences(data, target_pos): + """Find length-field offsets of all SEQUENCEs enclosing target_pos.""" + results = [] + + def scan(offset, end): + while offset < end: + tag = data[offset] + offset += 1 + length, len_bytes = read_der_length(data, offset) + len_offset = offset + offset += len_bytes + content_start = offset + content_end = offset + length + + if tag == 0x30 and content_start <= target_pos < content_end: + results.append((len_offset, length, len_bytes)) + scan(content_start, content_end) + return + offset = content_end + + scan(0, len(data)) + return results + + +def patch_tbs_spki_oid(tbs_der): + """Replace id-ecPublicKey with SM2 OID in TBS SubjectPublicKeyInfo.""" + oid_pos = tbs_der.find(EC_PUBKEY_OID) + if oid_pos == -1: + return None # Already has SM2 OID or no EC key + + enclosing = find_enclosing_sequences(tbs_der, oid_pos) + size_diff = len(SM2_ALGO_OID) - len(EC_PUBKEY_OID) + + result = bytearray( + tbs_der[:oid_pos] + SM2_ALGO_OID + tbs_der[oid_pos + len(EC_PUBKEY_OID):] + ) + + for len_offset, old_length, old_len_bytes in enclosing: + new_length = old_length + size_diff + new_len_encoded = encode_der_length(new_length) + if len(new_len_encoded) == old_len_bytes: + result[len_offset:len_offset + old_len_bytes] = new_len_encoded + else: + result[len_offset:len_offset + old_len_bytes] = new_len_encoded + size_diff += len(new_len_encoded) - old_len_bytes + + return bytes(result) + + +def pem_to_der(pem_text): + b64 = ''.join( + line for line in pem_text.split('\n') + if not line.startswith('-----') and line.strip() + ) + return base64.b64decode(b64) + + +def der_to_pem(der_data, label="CERTIFICATE"): + b64 = base64.b64encode(der_data).decode() + lines = [b64[i:i+64] for i in range(0, len(b64), 64)] + return ('-----BEGIN %s-----\n' % label + + '\n'.join(lines) + + '\n-----END %s-----\n' % label) + + +def extract_tbs(cert_der): + assert cert_der[0] == 0x30 + outer_len, outer_len_bytes = read_der_length(cert_der, 1) + tbs_offset = 1 + outer_len_bytes + tbs_len, tbs_len_bytes = read_der_length(cert_der, tbs_offset + 1) + tbs_total = 1 + tbs_len_bytes + tbs_len + return cert_der[tbs_offset:tbs_offset + tbs_total] + + +def sign_tbs(tbs_der, key_pem_path): + """Sign TBS with SM2-with-SM3 using openssl dgst.""" + with tempfile.NamedTemporaryFile(suffix='.der', delete=False) as tbs_f: + tbs_f.write(tbs_der) + tbs_path = tbs_f.name + + sig_path = tbs_path + '.sig' + try: + result = subprocess.run( + ['openssl', 'dgst', '-sm3', '-sign', key_pem_path, + '-out', sig_path, tbs_path], + capture_output=True, text=True + ) + if result.returncode != 0: + raise RuntimeError("openssl dgst failed: " + result.stderr) + + with open(sig_path, 'rb') as f: + return f.read() + finally: + os.unlink(tbs_path) + if os.path.exists(sig_path): + os.unlink(sig_path) + + +def build_cert(tbs_der, sig_der): + bit_string = bytes([0x03, len(sig_der) + 1, 0x00]) + sig_der + cert_body = tbs_der + SM2_WITH_SM3 + bit_string + return bytes([0x30]) + encode_der_length(len(cert_body)) + cert_body + + +def fix_sm2_cert(cert_pem_path, key_pem_path, output_pem_path): + with open(cert_pem_path, 'r') as f: + cert_pem = f.read() + + cert_der = pem_to_der(cert_pem) + tbs = extract_tbs(cert_der) + + new_tbs = patch_tbs_spki_oid(tbs) + if new_tbs is None: + print(" Already has SM2 OID, no patching needed") + if cert_pem_path != output_pem_path: + with open(output_pem_path, 'w') as f: + f.write(cert_pem) + return + + sig = sign_tbs(new_tbs, key_pem_path) + new_cert_der = build_cert(new_tbs, sig) + + with open(output_pem_path, 'w') as f: + f.write(der_to_pem(new_cert_der)) + + print(" Patched SPKI algorithm OID to SM2") + + +if __name__ == '__main__': + if len(sys.argv) != 4: + print("Usage: %s " % sys.argv[0]) + sys.exit(1) + + fix_sm2_cert(sys.argv[1], sys.argv[2], sys.argv[3]) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/gen-sm2-certs.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/gen-sm2-certs.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/gen-sm2-certs.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/gen-sm2-certs.sh 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,7 @@ #!/usr/bin/env bash +SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" + check_result(){ if [ $1 -ne 0 ]; then echo "Failed at \"$2\", Abort" @@ -9,6 +11,15 @@ fi } +# OpenSSL 3.x encodes SM2 keys using the generic id-ecPublicKey OID instead of +# the SM2-specific OID. fix_sm2_spki.py patches the SubjectPublicKeyInfo +# algorithm OID back to SM2 and re-signs the certificate. +fix_sm2_oid(){ + # $1 = cert PEM, $2 = signing key PEM + python3 "${SCRIPT_DIR}/fix_sm2_spki.py" "$1" "$2" "$1" + check_result $? "Fix SM2 SPKI OID in $1" +} + openssl pkey -in root-sm2-priv.pem -noout >/dev/null 2>&1 if [ $? -ne 0 ]; then echo "OpenSSL does not support SM2" @@ -29,6 +40,7 @@ openssl x509 -req -in root-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey root-sm2-priv.pem -out root-sm2.pem check_result $? "Generate certificate" rm root-sm2.csr +fix_sm2_oid root-sm2.pem root-sm2-priv.pem openssl x509 -in root-sm2.pem -outform DER > root-sm2.der check_result $? "Convert to DER" @@ -50,6 +62,7 @@ openssl x509 -req -in ca-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -CA root-sm2.pem -CAkey root-sm2-priv.pem -set_serial 01 -out ca-sm2.pem check_result $? "Generate certificate" rm ca-sm2.csr +fix_sm2_oid ca-sm2.pem root-sm2-priv.pem openssl x509 -in ca-sm2.pem -outform DER > ca-sm2.der check_result $? "Convert to DER" @@ -71,6 +84,7 @@ openssl x509 -req -in self-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions ca_ecc_cert -signkey self-sm2-priv.pem -out self-sm2-cert.pem check_result $? "Generate certificate" rm self-sm2.csr +fix_sm2_oid self-sm2-cert.pem self-sm2-priv.pem openssl x509 -in self-sm2-cert.pem -text > tmp.pem check_result $? "Add text" @@ -90,6 +104,7 @@ openssl x509 -req -in server-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions server_ecc -CA ca-sm2.pem -CAkey ca-sm2-priv.pem -set_serial 01 -out server-sm2-cert.pem check_result $? "Generate certificate" rm server-sm2.csr +fix_sm2_oid server-sm2-cert.pem ca-sm2-priv.pem openssl x509 -in server-sm2-cert.pem -outform DER > server-sm2-cert.der check_result $? "Convert to DER" @@ -113,6 +128,7 @@ openssl x509 -req -in client-sm2.csr -days 1000 -extfile ../renewcerts/wolfssl.cnf -extensions wolfssl_opts -signkey client-sm2-priv.pem -out client-sm2.pem check_result $? "Generate certificate" rm client-sm2.csr +fix_sm2_oid client-sm2.pem client-sm2-priv.pem openssl x509 -in client-sm2.pem -outform DER > client-sm2.der check_result $? "Convert to DER" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/root-sm2.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/root-sm2.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/root-sm2.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/root-sm2.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/root-sm2.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/root-sm2.pem 2026-05-24 09:58:33.000000000 +0000 @@ -2,13 +2,13 @@ Data: Version: 3 (0x2) Serial Number: - 74:9c:dd:a4:b2:67:26:57:29:fb:e9:13:54:e0:34:08:03:2b:70:a9 + 61:2a:93:12:b3:6e:ff:d6:9a:a7:98:c4:49:4d:c6:2c:3e:ea:5a:f9 Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -30,16 +30,16 @@ Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: SM2-with-SM3 Signature Value: - 30:44:02:20:03:27:29:f0:ef:78:26:a1:1a:6a:1e:88:81:e7: - 83:72:5f:3e:e6:08:e8:14:68:bf:4b:0f:68:52:92:aa:8f:a1: - 02:20:0b:fe:1b:14:ba:51:82:65:06:bb:22:d8:1a:a7:9f:54: - 62:eb:8d:b2:d5:13:b3:b8:a2:f3:14:44:b2:a0:21:d0 + 30:46:02:21:00:fe:8d:2f:b9:c9:55:db:2c:d4:89:ff:a1:92: + 03:ce:4a:09:00:7f:c4:b3:b6:55:ae:a1:f6:7b:3e:ed:c4:dd: + 7c:02:21:00:d0:be:9b:4a:a9:cf:52:c1:cd:0d:bc:86:29:9e: + c4:e2:f1:fa:86:f3:73:01:e2:3b:c5:cc:99:0a:bb:c3:a8:ee -----BEGIN CERTIFICATE----- -MIICkTCCAjigAwIBAgIUdJzdpLJnJlcp++kTVOA0CAMrcKkwCgYIKoEcz1UBg3Uw +MIICkzCCAjigAwIBAgIUYSqTErNu/9aap5jESU3GLD7qWvkwCgYIKoEcz1UBg3Uw gZUxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3pl bWFuMRQwEgYDVQQKDAt3b2xmU1NMX1NNMjERMA8GA1UECwwIUm9vdC1TTTIxGDAW BgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xm -c3NsLmNvbTAeFw0yMzAyMTUwNjIzMDdaFw0yNTExMTEwNjIzMDdaMIGVMQswCQYD +c3NsLmNvbTAeFw0yNjAyMTgxNzU2NTdaFw0yODExMTQxNzU2NTdaMIGVMQswCQYD VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIG A1UECgwLd29sZlNTTF9TTTIxETAPBgNVBAsMCFJvb3QtU00yMRgwFgYDVQQDDA93 d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20w @@ -47,6 +47,6 @@ C07mV+zF+FdUcTk8eeFAP7ZR6XzH2i3v0uh5gXuro19rKmyXGl6O2dDMBKNjMGEw HQYDVR0OBBYEFDQdeUQVeaGxY5nj7WV8ZImA/7jsMB8GA1UdIwQYMBaAFDQdeUQV eaGxY5nj7WV8ZImA/7jsMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGG -MAoGCCqBHM9VAYN1A0cAMEQCIAMnKfDveCahGmoeiIHng3JfPuYI6BRov0sPaFKS -qo+hAiAL/hsUulGCZQa7Itgap59UYuuNstUTs7ii8xREsqAh0A== +MAoGCCqBHM9VAYN1A0kAMEYCIQD+jS+5yVXbLNSJ/6GSA85KCQB/xLO2Va6h9ns+ +7cTdfAIhANC+m0qpz1LBzQ28himexOLx+obzcwHiO8XMmQq7w6ju -----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/self-sm2-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/self-sm2-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/self-sm2-cert.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/self-sm2-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -2,15 +2,15 @@ Data: Version: 3 (0x2) Serial Number: - 06:7b:3a:5d:cf:22:a9:6d:6d:78:2b:10:01:51:b6:4c:d4:82:a2:a1 + 26:2d:4b:fe:64:7d:97:44:c8:85:22:01:96:b3:a5:db:1c:64:12:1b Signature Algorithm: SM2-with-SM3 - Issuer: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Issuer: C=AU, ST=QLD, O=wolfSSL, OU=Testing, CN=wolfssl-dev-sm2, emailAddress=info@wolfssl.com, UID=wolfSSL Validity - Not Before: Nov 22 21:28:37 2023 GMT - Not After : Aug 18 21:28:37 2026 GMT - Subject: C = AU, ST = QLD, O = wolfSSL, OU = Testing, CN = wolfssl-dev-sm2, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=AU, ST=QLD, O=wolfSSL, OU=Testing, CN=wolfssl-dev-sm2, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: - Public Key Algorithm: id-ecPublicKey + Public Key Algorithm: sm2 Public-Key: (256 bit) pub: 04:d8:c4:a1:f1:0b:8b:8d:c4:7d:dc:d4:65:b9:a5: @@ -30,23 +30,23 @@ Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: SM2-with-SM3 Signature Value: - 30:44:02:20:0f:c3:2c:36:e3:9f:1c:e9:68:1c:3b:43:18:5b: - c9:8f:e4:fa:dd:33:c1:b8:1c:d3:d4:61:33:f8:37:9d:5a:f4: - 02:20:3a:b9:a8:43:80:cf:38:25:e9:64:d8:26:47:9d:50:04: - 0c:8a:e8:a2:42:e8:63:dd:53:94:7d:38:6d:52:70:fd + 30:45:02:21:00:cb:1a:f6:3d:c5:63:4f:fb:23:c9:22:e5:c6: + 53:12:e0:90:81:42:ef:61:98:0b:c9:93:ff:27:59:e6:81:57: + 25:02:20:45:7a:6e:db:0f:15:c7:90:f0:ad:fe:a6:85:42:d3: + dc:ed:7b:56:e6:12:6e:73:12:55:69:32:c5:16:22:f0:cd -----BEGIN CERTIFICATE----- -MIICjDCCAjOgAwIBAgIUBns6Xc8iqW1teCsQAVG2TNSCoqEwCgYIKoEcz1UBg3Uw +MIICjjCCAjSgAwIBAgIUJi1L/mR9l0TIhSIBlrOl2xxkEhswCgYIKoEcz1UBg3Uw gZMxCzAJBgNVBAYTAkFVMQwwCgYDVQQIDANRTEQxEDAOBgNVBAoMB3dvbGZTU0wx EDAOBgNVBAsMB1Rlc3RpbmcxGDAWBgNVBAMMD3dvbGZzc2wtZGV2LXNtMjEfMB0G CSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixkAQEMB3dv -bGZTU0wwHhcNMjMxMTIyMjEyODM3WhcNMjYwODE4MjEyODM3WjCBkzELMAkGA1UE +bGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBkzELMAkGA1UE BhMCQVUxDDAKBgNVBAgMA1FMRDEQMA4GA1UECgwHd29sZlNTTDEQMA4GA1UECwwH VGVzdGluZzEYMBYGA1UEAwwPd29sZnNzbC1kZXYtc20yMR8wHQYJKoZIhvcNAQkB -FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBZMBMG -ByqGSM49AgEGCCqBHM9VAYItA0IABNjEofELi43EfdzUZbmlVU77rDOrm0OUTEhA -GzPZG8wxwYJWP7DAa5VAUf2IAgGxsJRsBuun2o7ucLblu7Qe57SjYzBhMB0GA1Ud -DgQWBBRul+iYtlu2rocE2xRWZhb0uC2M8jAfBgNVHSMEGDAWgBRul+iYtlu2rocE -2xRWZhb0uC2M8jAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAKBggq -gRzPVQGDdQNHADBEAiAPwyw2458c6WgcO0MYW8mP5PrdM8G4HNPUYTP4N51a9AIg -OrmoQ4DPOCXpZNgmR51QBAyK6KJC6GPdU5R9OG1ScP0= +FhBpbmZvQHdvbGZzc2wuY29tMRcwFQYKCZImiZPyLGQBAQwHd29sZlNTTDBaMBQG +CCqBHM9VAYItBggqgRzPVQGCLQNCAATYxKHxC4uNxH3c1GW5pVVO+6wzq5tDlExI +QBsz2RvMMcGCVj+wwGuVQFH9iAIBsbCUbAbrp9qO7nC25bu0Hue0o2MwYTAdBgNV +HQ4EFgQUbpfomLZbtq6HBNsUVmYW9LgtjPIwHwYDVR0jBBgwFoAUbpfomLZbtq6H +BNsUVmYW9LgtjPIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYI +KoEcz1UBg3UDSAAwRQIhAMsa9j3FY0/7I8ki5cZTEuCQgULvYZgLyZP/J1nmgVcl +AiBFem7bDxXHkPCt/qaFQtPc7XtW5hJucxJVaTLFFiLwzQ== -----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2-cert.pem 2026-05-24 09:58:33.000000000 +0000 @@ -3,11 +3,11 @@ Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Server-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Server-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -33,16 +33,16 @@ SSL Server Signature Algorithm: SM2-with-SM3 Signature Value: - 30:45:02:20:1b:ca:94:28:7f:f6:b2:0d:31:43:50:e1:d5:34: - 17:dd:af:3a:de:81:06:67:9a:b3:06:22:7e:64:ec:fd:0e:b9: - 02:21:00:a1:48:a8:32:d1:05:09:6b:1c:eb:89:12:66:d8:38: - a1:c4:5c:89:09:0f:fd:e9:c0:3b:1d:fb:cd:b5:4c:31:68 + 30:46:02:21:00:96:50:5f:3e:3f:bf:1e:50:6c:9a:5d:4e:8e: + ef:27:a1:4d:fa:b9:75:a6:58:0e:f6:db:60:32:20:e4:31:1d: + 36:02:21:00:e7:cb:5c:9f:85:7d:4c:b5:54:74:e4:45:c4:f0: + 01:53:51:33:07:dd:28:c6:c7:47:ff:d6:dc:b0:e1:36:cc:3b -----BEGIN CERTIFICATE----- -MIIC2DCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO +MIIC2TCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT U0xfc20yMQ8wDQYDVQQLDAZDQS1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixk -AQEMB3dvbGZTU0wwHhcNMjMwMjE1MDYyMzA3WhcNMjUxMTExMDYyMzA3WjCBsDEL +AQEMB3dvbGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBsDEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x FDASBgNVBAoMC3dvbGZTU0xfc20yMRMwEQYDVQQLDApTZXJ2ZXItc20yMRgwFgYD VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz @@ -51,7 +51,7 @@ T6YqCqHWlTPDpgOY5o0FNLCXDN6kx89Tj9GjgYkwgYYwHQYDVR0OBBYEFGeuYP9+ Gw+Vrh+CWfJsVi2T7xcyMB8GA1UdIwQYMBaAFEcKSH67AqhaJlcrGal7YYt/XZlu MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNIADBFAiAbypQof/ay -DTFDUOHVNBfdrzregQZnmrMGIn5k7P0OuQIhAKFIqDLRBQlrHOuJEmbYOKHEXIkJ -D/3pwDsd+821TDFo +BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNJADBGAiEAllBfPj+/ +HlBsml1Oju8noU36uXWmWA7222AyIOQxHTYCIQDny1yfhX1MtVR05EXE8AFTUTMH +3SjGx0f/1tyw4TbMOw== -----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/server-sm2.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/sm2/server-sm2.pem 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/sm2/server-sm2.pem 2026-05-24 09:58:33.000000000 +0000 @@ -3,11 +3,11 @@ Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = Server-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=Server-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -33,16 +33,16 @@ SSL Server Signature Algorithm: SM2-with-SM3 Signature Value: - 30:45:02:20:1b:ca:94:28:7f:f6:b2:0d:31:43:50:e1:d5:34: - 17:dd:af:3a:de:81:06:67:9a:b3:06:22:7e:64:ec:fd:0e:b9: - 02:21:00:a1:48:a8:32:d1:05:09:6b:1c:eb:89:12:66:d8:38: - a1:c4:5c:89:09:0f:fd:e9:c0:3b:1d:fb:cd:b5:4c:31:68 + 30:46:02:21:00:96:50:5f:3e:3f:bf:1e:50:6c:9a:5d:4e:8e: + ef:27:a1:4d:fa:b9:75:a6:58:0e:f6:db:60:32:20:e4:31:1d: + 36:02:21:00:e7:cb:5c:9f:85:7d:4c:b5:54:74:e4:45:c4:f0: + 01:53:51:33:07:dd:28:c6:c7:47:ff:d6:dc:b0:e1:36:cc:3b -----BEGIN CERTIFICATE----- -MIIC2DCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO +MIIC2TCCAn6gAwIBAgIBATAKBggqgRzPVQGDdTCBrDELMAkGA1UEBhMCVVMxEDAO BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT U0xfc20yMQ8wDQYDVQQLDAZDQS1zbTIxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTEXMBUGCgmSJomT8ixk -AQEMB3dvbGZTU0wwHhcNMjMwMjE1MDYyMzA3WhcNMjUxMTExMDYyMzA3WjCBsDEL +AQEMB3dvbGZTU0wwHhcNMjYwMjE4MTc1NjU3WhcNMjgxMTE0MTc1NjU3WjCBsDEL MAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4x FDASBgNVBAoMC3dvbGZTU0xfc20yMRMwEQYDVQQLDApTZXJ2ZXItc20yMRgwFgYD VQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNz @@ -51,20 +51,20 @@ T6YqCqHWlTPDpgOY5o0FNLCXDN6kx89Tj9GjgYkwgYYwHQYDVR0OBBYEFGeuYP9+ Gw+Vrh+CWfJsVi2T7xcyMB8GA1UdIwQYMBaAFEcKSH67AqhaJlcrGal7YYt/XZlu MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUF -BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNIADBFAiAbypQof/ay -DTFDUOHVNBfdrzregQZnmrMGIn5k7P0OuQIhAKFIqDLRBQlrHOuJEmbYOKHEXIkJ -D/3pwDsd+821TDFo +BwMBMBEGCWCGSAGG+EIBAQQEAwIGQDAKBggqgRzPVQGDdQNJADBGAiEAllBfPj+/ +HlBsml1Oju8noU36uXWmWA7222AyIOQxHTYCIQDny1yfhX1MtVR05EXE8AFTUTMH +3SjGx0f/1tyw4TbMOw== -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: SM2-with-SM3 - Issuer: C = US, ST = Montana, L = Bozeman, O = wolfSSL_SM2, OU = Root-SM2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com + Issuer: C=US, ST=Montana, L=Bozeman, O=wolfSSL_SM2, OU=Root-SM2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com Validity - Not Before: Feb 15 06:23:07 2023 GMT - Not After : Nov 11 06:23:07 2025 GMT - Subject: C = US, ST = Montana, L = Bozeman, O = wolfSSL_sm2, OU = CA-sm2, CN = www.wolfssl.com, emailAddress = info@wolfssl.com, UID = wolfSSL + Not Before: Feb 18 17:56:57 2026 GMT + Not After : Nov 14 17:56:57 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL_sm2, OU=CA-sm2, CN=www.wolfssl.com, emailAddress=info@wolfssl.com, UID=wolfSSL Subject Public Key Info: Public Key Algorithm: sm2 Public-Key: (256 bit) @@ -86,16 +86,16 @@ Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: SM2-with-SM3 Signature Value: - 30:45:02:20:47:4e:00:03:ab:34:a1:af:59:39:8f:60:36:bf: - 89:88:42:41:27:c1:dd:57:c9:79:cb:1f:56:5c:16:b5:28:bd: - 02:21:00:8b:2e:25:eb:21:9b:a9:2b:a6:6a:5b:db:a7:c7:2b: - 11:df:73:15:ad:e4:c5:c3:c2:f3:b4:b4:67:af:d7:51:1c + 30:46:02:21:00:b2:b9:5b:02:ad:78:f8:52:ba:67:cf:cb:25: + 9b:ba:d9:56:f5:a7:ff:af:25:26:d5:f6:f3:f3:a6:f5:9a:2f: + 9b:02:21:00:bc:96:f3:39:13:76:dc:02:35:39:0e:dc:0a:69: + bf:02:18:b6:01:be:ff:05:d7:2e:f2:7b:67:eb:16:e9:8e:c5 -----BEGIN CERTIFICATE----- -MIICljCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO +MIIClzCCAjygAwIBAgIBATAKBggqgRzPVQGDdTCBlTELMAkGA1UEBhMCVVMxEDAO BgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAoMC3dvbGZT U0xfU00yMREwDwYDVQQLDAhSb290LVNNMjEYMBYGA1UEAwwPd3d3LndvbGZzc2wu -Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTIzMDIxNTA2 -MjMwN1oXDTI1MTExMTA2MjMwN1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN +Y29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI2MDIxODE3 +NTY1N1oXDTI4MTExNDE3NTY1N1owgawxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdN b250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMX3NtMjEP MA0GA1UECwwGQ0Etc20yMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20xFzAVBgoJkiaJk/IsZAEBDAd3b2xm @@ -103,6 +103,6 @@ /2RjttVCgCC94uICEjuOtACVCYDLVu1Lyo1X5q4F03YnY3E5ibdp5kiArtGpSBKj YzBhMB0GA1UdDgQWBBRHCkh+uwKoWiZXKxmpe2GLf12ZbjAfBgNVHSMEGDAWgBQ0 HXlEFXmhsWOZ4+1lfGSJgP+47DAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQE -AwIBhjAKBggqgRzPVQGDdQNIADBFAiBHTgADqzShr1k5j2A2v4mIQkEnwd1XyXnL -H1ZcFrUovQIhAIsuJeshm6krpmpb26fHKxHfcxWt5MXDwvO0tGev11Ec +AwIBhjAKBggqgRzPVQGDdQNJADBGAiEAsrlbAq14+FK6Z8/LJZu62Vb1p/+vJSbV +9vPzpvWaL5sCIQC8lvM5E3bcAjU5DtwKab8CGLYBvv8F1y7ye2frFumOxQ== -----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-nc-combined.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEWjCCA0KgAwIBAgIUVxNILYrtvic5fahe1thKz5+9MBkwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRgwFgYDVQQLDA9EZXYgYW5kIFRl +c3RpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNjAxMjIyMTE4MjJa +Fw0yODEwMTgyMTE4MjJaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEYMBYGA1UE +CwwPRGV2IGFuZCBUZXN0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu +8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu6 +4CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZ +aHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1U +s+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT +0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMB +AAGjgdUwgdIwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY +MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD +VR0PAQH/BAQDAgGGMC4GA1UdHgEB/wQkMCKgIDAOhgwud29sZnNzbC5jb20wDoIM +LndvbGZzc2wuY29tMDwGCWCGSAGG+EIBDQQvFi1UZXN0aW5nIGNvbWJpbmVkIFVS +SSBhbmQgRE5TIG5hbWUgY29uc3RyYWludHMwDQYJKoZIhvcNAQELBQADggEBAKA5 +4xPLP6RVWnOSkHYi+Cr6KegUOQNxmPVoaAwph+QMR8Z2sdLKIWt9U1xL4lkH6L51 +S54kLMH/jnv2WD9bYvDe+CjWZEM97Nm+YURHDv5QAoqxY9gw9Y8TMGi8xOC5cubR +JXpjN4U60N/mdHbxMQbcuHJLowjXSlCp3q6S+iz2Bh7TaP8w7EoTR6pQEK6nMo6L +C/CRztvpaFgOZ4ia8O8C3EHBaBSECWWtPMyh6WappneKkT2p9wh8LdMB58AjKqoJ +/Zg6lp0Qj+NOhpVYXiT2+RlxVkttZJmLv3DIYH9LMsS8jhnTriIXpx2DaS56dEVn +aFzrG/ecf3YLPUrKgHw= +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncdns.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncdns.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncdns.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncdns.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQzCCAyugAwIBAgIUBd10yS05H9xt7w0qR43nO7q47hUwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcM +CEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5l +ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNjAxMjIyMTE4MjJa +Fw0yODEwMTgyMTE4MjJaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs +YW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDAS +BgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu +8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu6 +4CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZ +aHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1U +s+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT +0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMB +AAGjgb4wgbswHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY +MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD +VR0PAQH/BAQDAgGGMCwGA1UdHgEB/wQiMCCgHjANggt3b2xmc3NsLmNvbTANggtl +eGFtcGxlLmNvbTAnBglghkgBhvhCAQ0EGhYYVGVzdGluZyBuYW1lIGNvbnN0cmFp +bnRzMA0GCSqGSIb3DQEBCwUAA4IBAQCkCFJl/uWp3JinCS01T3vxZF8UT71w165B +Fqz49w4UScy3wStJ/fcP/+M1mxbClvGmfBhNW7l8BNixPU4L9OYs+5/rWsMh6No+ +ZbPjWfkkHRWlmGKVNmk+C9OD7vVOAGVuPhdQGZfs9rYD3AqPk+CYC7AE/o3T97C9 +tGzfpt4ccEjyFV5liDnxr2SvMuG2KBIJovX2+QYXsb4u4tinKyOyvA9PF8nGLYvA +mQk0ZQy+vnYjWv3luU5ZEBBPrRlC9Ph5sOzNKBaKdZ+GAy6UCqMYlFHSzq+0GsnO +I1zCNn1XgpvX6V/31AVYPgiAQj6qMHuYxJR0pQG5kTeN3v+FdXR3 +-----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncip.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIENDCCAxygAwIBAgIUNQdk2FntK/mSUrXLLySPJwId8FowDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCQVUxEzARBgNVBAgMClF1ZWVuc2xhbmQxETAPBgNVBAcM +CEJyaXNiYW5lMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEUMBIGA1UECwwLRW5naW5l +ZXJpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNjAxMjAyMjQ2MTFa +Fw0yODEwMTYyMjQ2MTFaMHsxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApRdWVlbnNs +YW5kMREwDwYDVQQHDAhCcmlzYmFuZTEUMBIGA1UECgwLd29sZlNTTCBJbmMxFDAS +BgNVBAsMC0VuZ2luZWVyaW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu +8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu6 +4CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZ +aHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1U +s+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT +0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMB +AAGjga8wgawwHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MB8GA1UdIwQY +MBaAFLMRMsmSmITiyfjQO24DQsofDo48MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYD +VR0PAQH/BAQDAgGGMBoGA1UdHgEB/wQQMA6gDDAKhwjAqAEA////ADAqBglghkgB +hvhCAQ0EHRYbVGVzdGluZyBJUCBuYW1lIGNvbnN0cmFpbnRzMA0GCSqGSIb3DQEB +CwUAA4IBAQCOpK6M3RK5jcp2E3CaH9bTQfbcbppXJwFHdUG85sjf/K5i6c3/hr3X +eKihdD+h62KgiUZFPrGzEDCLD26EWwiJJCkxakhjtY45r9luLXj3kpUMXQ3aeqXC +M5rtW80w+9Hz0WEkK4UkaKEultWX8mnrF7dH/MHctyyLDcy28qbH5SwAhVqE1XAZ +0j/1Mw0MsQd8ycpbmONhQEgXTVlHspvn/vBcKvGS6oimeTlgO+Ghlnt9eeQfFRT0 +y7MacpE2kULmzy8qzXxqVvQI2V66wz7xC/8BYzj/KBYGwi7e2LeGKU5eEV4622sR +QtT99fpv0XMKNPMTI5Iz9l/ZPWvZgXJE +-----END CERTIFICATE----- Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.der and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.der differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.pem mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.pem --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.pem 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/cert-ext-ncmulti.pem 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEljCCA36gAwIBAgIUL0V4sh34dBCPx7JGnW1VkkjOB4wwDQYJKoZIhvcNAQEL +BQAwezELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAoMC3dvbGZTU0wgSW5jMRgwFgYDVQQLDA9EZXYgYW5kIFRl +c3RpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTAeFw0yNjAxMjIyMTE4MjJa +Fw0yODEwMTgyMTE4MjJaMHsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5h +MRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQKDAt3b2xmU1NMIEluYzEYMBYGA1UE +CwwPRGV2IGFuZCBUZXN0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20wggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAlQjhV0HycW230kVBJwFlxkWu +8rwkMLiVzi9O1vYciLx8n/uoZ3/+XJxRdfeKygfnNS+P4b17wC98q2SoF/zKXXu6 +4CHlci5vLobYlXParBtTuV8/1xkNJU/hY2NRiwtkP61DuKUcXDSzrgCgY8X2fwtZ +aHhzpowYqQJtr8MZAS64EOPGzEC0aaNGM2mHbsS7F6bz6N2tc7x7LyG1/WZRDL1U +s+FtXxy8I3PRCQOJFNIQuWTDKtChlkq84dQaW8egwMFjeA9ENzAyloAyI5Whd7oT +0pdz4l0lyWoNwzlgpLSwaUJCCenYCLwzILNYIqeq68Th5mGDxdKW39nQT63XAgMB +AAGjggEQMIIBDDAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwHwYDVR0j +BBgwFoAUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwEgYDVR0TAQH/BAgwBgEB/wIBADAO +BgNVHQ8BAf8EBAMCAYYwYAYDVR0eAQH/BFYwVKAgMA6CDC5leGFtcGxlLmNvbTAO +gQwuZXhhbXBsZS5jb22hMDAWghQuYmxvY2tlZC5leGFtcGxlLmNvbTAWgRQuYmxv +Y2tlZC5leGFtcGxlLmNvbTBEBglghkgBhvhCAQ0ENxY1VGVzdGluZyBtaXhlZCBw +ZXJtaXR0ZWQgYW5kIGV4Y2x1ZGVkIG5hbWUgY29uc3RyYWludHMwDQYJKoZIhvcN +AQELBQADggEBAEULvBMSjm5ENjZ7WNDnSPXwKm3ka1eK7AUCTmZdMl3Op1ge/yqq +rdkG2xvX4cfAe8iPOUDMyvh/Jf9B8T2njOGnpUTueslRzDvOs7qBo/0VYRalkye9 +Qw0ysgKcvvnevMHMnErGCkLEvL0VmTTmSR9HA8YxRih962fBrv38GZytqmFw/TEm +s0KMQRumxQWPHHAQ/AbWbzCIXZo0kOsZlIZV3geCf9M0klDhG/XLgFJqihwGDeT4 +Yvy1mtqJu87LduC03UKKqbMR0ltTOkoCm5xTjKQuTbHxPBw2q8UVZ7Ud2iE47UXi +c4Zd4IxO9TTO5SCQaZLPq0dhp3SxjgtZ3tw= +-----END CERTIFICATE----- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/gen-ext-certs.sh mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/gen-ext-certs.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/certs/test/gen-ext-certs.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/certs/test/gen-ext-certs.sh 2026-05-24 09:58:33.000000000 +0000 @@ -81,7 +81,7 @@ OUT=certs/test/cert-ext-ncdns -KEYFILE=certs/test/cert-ext-nc-key.der +KEYFILE=certs/test/cert-ext-ncdns-key.der CONFIG=certs/test/cert-ext-ncdns.cfg tee >$CONFIG <$CONFIG <$CONFIG <$CONFIG < +#include + +int main(void) +{ + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + return 1; + } + wolfSSL_Cleanup(); + return 0; +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/functions.cmake mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/functions.cmake --- mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/functions.cmake 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/functions.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -93,8 +93,8 @@ if(WOLFSSL_RIPEMD OR WOLFSSL_USER_SETTINGS) set(BUILD_RIPEMD "yes" PARENT_SCOPE) endif() - if(WOLFSSL_BLAKE2 OR WOLFSSL_USER_SETTINGS) - set(BUILD_BLAKE2 "yes" PARENT_SCOPE) + if(WOLFSSL_BLAKE2B OR WOLFSSL_USER_SETTINGS) + set(BUILD_BLAKE2B "yes" PARENT_SCOPE) endif() if(WOLFSSL_BLAKE2S OR WOLFSSL_USER_SETTINGS) set(BUILD_BLAKE2S "yes" PARENT_SCOPE) @@ -108,6 +108,15 @@ if(WOLFSSL_ECC OR WOLFSSL_USER_SETTINGS) set(BUILD_ECC "yes" PARENT_SCOPE) endif() + if(WOLFSSL_ECCSI OR WOLFSSL_USER_SETTINGS) + set(BUILD_ECCSI "yes" PARENT_SCOPE) + endif() + if(WOLFSSL_SAKKE OR WOLFSSL_USER_SETTINGS) + set(BUILD_SAKKE "yes" PARENT_SCOPE) + endif() + if(WOLFSSL_SIPHASH OR WOLFSSL_USER_SETTINGS) + set(BUILD_SIPHASH "yes" PARENT_SCOPE) + endif() if(WOLFSSL_ED25519 OR WOLFSSL_USER_SETTINGS) set(BUILD_ED25519 "yes" PARENT_SCOPE) endif() @@ -201,6 +210,9 @@ if(WOLFSSL_MLKEM OR WOLFSSL_USER_SETTINGS) set(BUILD_WC_MLKEM "yes" PARENT_SCOPE) endif() + if(WOLFSSL_DILITHIUM OR WOLFSSL_USER_SETTINGS) + set(BUILD_DILITHIUM "yes" PARENT_SCOPE) + endif() if(WOLFSSL_OQS OR WOLFSSL_USER_SETTINGS) set(BUILD_FALCON "yes" PARENT_SCOPE) set(BUILD_SPHINCS "yes" PARENT_SCOPE) @@ -214,6 +226,9 @@ if(WOLFSSL_XMSS OR WOLFSSL_USER_SETTINGS) set(BUILD_WC_XMSS "yes" PARENT_SCOPE) endif() + if(WOLFSSL_SLHDSA OR WOLFSSL_USER_SETTINGS) + set(BUILD_WC_SLHDSA "yes" PARENT_SCOPE) + endif() if(WOLFSSL_ARIA OR WOLFSSL_USER_SETTINGS) message(STATUS "ARIA functions.cmake found WOLFSSL_ARIA") # we cannot actually build, as we only have pre-compiled bin @@ -389,6 +404,10 @@ if(BUILD_INTELASM) list(APPEND LIB_SOURCES wolfcrypt/src/aes_gcm_asm.S) + list(APPEND LIB_SOURCES wolfcrypt/src/sha3_asm.S) + elseif(BUILD_ARMASM) + list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha3-asm_c.c) + list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha3-asm.S) endif() endif() @@ -563,11 +582,13 @@ if(BUILD_ARMASM_INLINE) list(APPEND LIB_SOURCES wolfcrypt/src/port/arm/armv8-sha256.c - wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c) + wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c + wolfcrypt/src/port/arm/armv8-sha256-asm_c.c) else() list(APPEND LIB_SOURCES - wolfcrypt/src/port/arm/armv8-sha256-asm.S - wolfcrypt/src/port/arm/armv8-32-sha256-asm.S) + wolfcrypt/src/port/arm/armv8-sha256.c + wolfcrypt/src/port/arm/armv8-32-sha256-asm.S + wolfcrypt/src/port/arm/armv8-sha256-asm.S) endif() if(BUILD_ARMASM_INLINE AND BUILD_ARM_THUMB) list(APPEND LIB_SOURCES @@ -848,7 +869,7 @@ list(APPEND LIB_SOURCES wolfcrypt/src/ripemd.c) endif() - if(BUILD_BLAKE2) + if(BUILD_BLAKE2B) list(APPEND LIB_SOURCES wolfcrypt/src/blake2b.c) endif() @@ -905,6 +926,18 @@ list(APPEND LIB_SOURCES wolfcrypt/src/ecc.c) endif() + if(BUILD_ECCSI) + list(APPEND LIB_SOURCES wolfcrypt/src/eccsi.c) + endif() + + if(BUILD_SAKKE) + list(APPEND LIB_SOURCES wolfcrypt/src/sakke.c) + endif() + + if(BUILD_SIPHASH) + list(APPEND LIB_SOURCES wolfcrypt/src/siphash.c) + endif() + if(BUILD_CURVE25519) list(APPEND LIB_SOURCES wolfcrypt/src/curve25519.c) if(BUILD_ARMASM) @@ -941,6 +974,10 @@ else() list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c) endif() + if(WOLFSSL_USER_SETTINGS) + # In a user_settings.h build, we need this file, too. + list(APPEND LIB_SOURCES wolfcrypt/src/fe_low_mem.c) + endif() endif() endif() @@ -957,6 +994,11 @@ list(APPEND LIB_SOURCES wolfcrypt/src/fe_operations.c) endif() endif() + + if(WOLFSSL_USER_SETTINGS) + # In a user_settings.h build, we need this file, too. + list(APPEND LIB_SOURCES wolfcrypt/src/ge_low_mem.c) + endif() endif() endif() @@ -990,6 +1032,10 @@ if(BUILD_DILITHIUM) list(APPEND LIB_SOURCES wolfcrypt/src/dilithium.c) + + if(BUILD_INTELASM) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_mldsa_asm.S) + endif() endif() if(BUILD_WC_MLKEM) @@ -1035,6 +1081,10 @@ list(APPEND LIB_SOURCES wolfcrypt/src/wc_xmss_impl.c) endif() + if(BUILD_WC_SLHDSA) + list(APPEND LIB_SOURCES wolfcrypt/src/wc_slhdsa.c) + endif() + if(BUILD_LIBZ) list(APPEND LIB_SOURCES wolfcrypt/src/compress.c) endif() diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,19 @@ EXTRA_DIST += cmake/README.md EXTRA_DIST += cmake/Config.cmake.in +EXTRA_DIST += cmake/wolfssl-config-version.cmake.in +EXTRA_DIST += cmake/wolfssl-targets.cmake.in +EXTRA_DIST += cmake/consumer/CMakeLists.txt +EXTRA_DIST += cmake/consumer/main.c +EXTRA_DIST += cmake/consumer/README.md EXTRA_DIST += cmake/config.in EXTRA_DIST += cmake/functions.cmake EXTRA_DIST += cmake/options.h.in EXTRA_DIST += cmake/modules/FindARIA.cmake EXTRA_DIST += cmake/modules/FindOQS.cmake + +if CMAKE_INSTALL +cmakedir = $(libdir)/cmake/wolfssl +cmake_DATA = cmake/wolfssl-config.cmake \ + cmake/wolfssl-config-version.cmake \ + cmake/wolfssl-targets.cmake +endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/options.h.in mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/options.h.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/options.h.in 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/options.h.in 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* options.h.in * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -96,6 +96,8 @@ #cmakedefine HAVE_CURVE448 #undef HAVE_DH_DEFAULT_PARAMS #cmakedefine HAVE_DH_DEFAULT_PARAMS +#undef HAVE_DILITHIUM +#cmakedefine HAVE_DILITHIUM #undef HAVE_ECC #cmakedefine HAVE_ECC #undef HAVE_ECH @@ -268,6 +270,10 @@ #cmakedefine WOLFSSL_AES_OFB #undef WOLFSSL_AES_SIV #cmakedefine WOLFSSL_AES_SIV +#undef HAVE_AES_ECB +#cmakedefine HAVE_AES_ECB +#undef WOLFSSL_AES_CTS +#cmakedefine WOLFSSL_AES_CTS #undef WOLFSSL_ALT_CERT_CHAINS #cmakedefine WOLFSSL_ALT_CERT_CHAINS #undef WOLFSSL_APPLE_NATIVE_CERT_VALIDATION @@ -300,6 +306,8 @@ #cmakedefine WOLFSSL_DTLS_CID #undef WOLFSSL_DTLS13 #cmakedefine WOLFSSL_DTLS13 +#undef WOLFSSL_DTLS_CH_FRAG +#cmakedefine WOLFSSL_DTLS_CH_FRAG #undef WOLFSSL_EITHER_SIDE #cmakedefine WOLFSSL_EITHER_SIDE #undef WOLFSSL_ENCRYPTED_KEYS @@ -354,6 +362,8 @@ #cmakedefine WOLFSSL_TLS13 #undef WOLFSSL_USE_ALIGN #cmakedefine WOLFSSL_USE_ALIGN +#undef WOLFSSL_USER_SETTINGS +#cmakedefine WOLFSSL_USER_SETTINGS #undef WOLFSSL_USER_SETTINGS_ASM #cmakedefine WOLFSSL_USER_SETTINGS_ASM #undef WOLFSSL_W64_WRAPPER @@ -370,6 +380,10 @@ #cmakedefine WOLFSSL_HAVE_MLKEM #undef WOLFSSL_WC_MLKEM #cmakedefine WOLFSSL_WC_MLKEM +#undef WOLFSSL_TLS_NO_MLKEM_STANDALONE +#cmakedefine WOLFSSL_TLS_NO_MLKEM_STANDALONE +#undef WOLFSSL_WC_DILITHIUM +#cmakedefine WOLFSSL_WC_DILITHIUM #undef NO_WOLFSSL_STUB #cmakedefine NO_WOLFSSL_STUB #undef HAVE_ECC_SECPR2 @@ -394,6 +408,18 @@ #cmakedefine WOLFSSL_HAVE_XMSS #undef WOLFSSL_WC_XMSS #cmakedefine WOLFSSL_WC_XMSS +#undef HAVE_SECRET_CALLBACK +#cmakedefine HAVE_SECRET_CALLBACK +#undef WC_RSA_DIRECT +#cmakedefine WC_RSA_DIRECT +#undef WOLFSSL_HAVE_SLHDSA +#cmakedefine WOLFSSL_HAVE_SLHDSA +#undef WOLFSSL_WC_SLHDSA +#cmakedefine WOLFSSL_WC_SLHDSA +#undef WOLFSSL_PQC_HYBRIDS +#cmakedefine WOLFSSL_PQC_HYBRIDS +#undef WOLFSSL_EXTRA_PQC_HYBRIDS +#cmakedefine WOLFSSL_EXTRA_PQC_HYBRIDS #ifdef __cplusplus } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/wolfssl-config-version.cmake.in mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-config-version.cmake.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/wolfssl-config-version.cmake.in 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-config-version.cmake.in 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,17 @@ +# Generated by autoconf; do not edit. + +set(PACKAGE_VERSION "@PACKAGE_VERSION@") + +# Keep behavior aligned with the native CMake build's AnyNewerVersion semantics: +# compatible when the installed version is >= the requested version. +set(PACKAGE_VERSION_COMPATIBLE FALSE) +set(PACKAGE_VERSION_EXACT FALSE) + +if (PACKAGE_VERSION VERSION_LESS PACKAGE_FIND_VERSION) + # not compatible +else () + set(PACKAGE_VERSION_COMPATIBLE TRUE) + if (PACKAGE_FIND_VERSION STREQUAL PACKAGE_VERSION) + set(PACKAGE_VERSION_EXACT TRUE) + endif () +endif () diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/wolfssl-targets.cmake.in mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-targets.cmake.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/cmake/wolfssl-targets.cmake.in 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/cmake/wolfssl-targets.cmake.in 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +# Generated by autoconf; do not edit. + +if (NOT TARGET wolfssl::wolfssl) + add_library(wolfssl::wolfssl UNKNOWN IMPORTED) + + set(_wolfssl_libdir "@WOLFSSL_LIBDIR_ABS@") + set(_wolfssl_includedir "@WOLFSSL_INCLUDEDIR_ABS@") + + find_library(WOLFSSL_LIBRARY NAMES wolfssl PATHS "${_wolfssl_libdir}" NO_DEFAULT_PATH) + if (NOT WOLFSSL_LIBRARY) + find_library(WOLFSSL_LIBRARY NAMES wolfssl) + endif() + if (NOT WOLFSSL_LIBRARY) + message(FATAL_ERROR "wolfssl library not found. Looked in: ${_wolfssl_libdir}") + endif() + + set_target_properties(wolfssl::wolfssl PROPERTIES + IMPORTED_LOCATION "${WOLFSSL_LIBRARY}" + INTERFACE_INCLUDE_DIRECTORIES "${_wolfssl_includedir}" + ) + + if (@WOLFSSL_HAVE_PTHREAD@) + set_property(TARGET wolfssl::wolfssl APPEND PROPERTY + INTERFACE_LINK_LIBRARIES Threads::Threads + ) + endif() +endif() diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/configure.ac mariadb-11.8.8/extra/wolfssl/wolfssl/configure.ac --- mariadb-11.8.6/extra/wolfssl/wolfssl/configure.ac 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/configure.ac 2026-05-24 09:58:33.000000000 +0000 @@ -1,13 +1,13 @@ # configure.ac # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. (formerly known as CyaSSL) # # -AC_COPYRIGHT([Copyright (C) 2006-2025 wolfSSL Inc.]) +AC_COPYRIGHT([Copyright (C) 2006-2026 wolfSSL Inc.]) AC_PREREQ([2.69]) -AC_INIT([wolfssl],[5.8.4],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) +AC_INIT([wolfssl],[5.9.1],[https://github.com/wolfssl/wolfssl/issues],[wolfssl],[https://www.wolfssl.com]) AC_CONFIG_AUX_DIR([build-aux]) # Inhibit unwanted regeneration of autotools artifacts by Makefile. @@ -33,6 +33,13 @@ AC_ARG_PROGRAM +# Optional CMake package install (enabled by default) +AC_ARG_ENABLE([cmake-install], + [AS_HELP_STRING([--disable-cmake-install],[Disable installation of CMake package files])], + [ ENABLED_CMAKE_INSTALL=$enableval ], + [ ENABLED_CMAKE_INSTALL=yes ]) +AM_CONDITIONAL([CMAKE_INSTALL],[test "x$ENABLED_CMAKE_INSTALL" = "xyes"]) + AC_CONFIG_HEADERS([config.h:config.in]) LT_PREREQ([2.4.2]) @@ -58,12 +65,12 @@ # increment if interfaces have been added # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented -WOLFSSL_LIBRARY_VERSION_SECOND=0 +WOLFSSL_LIBRARY_VERSION_SECOND=2 # increment if source code has changed # set to zero if WOLFSSL_LIBRARY_VERSION_FIRST is incremented or # WOLFSSL_LIBRARY_VERSION_SECOND is incremented -WOLFSSL_LIBRARY_VERSION_THIRD=1 +WOLFSSL_LIBRARY_VERSION_THIRD=0 WOLFSSL_LIBRARY_VERSION=${WOLFSSL_LIBRARY_VERSION_FIRST}:${WOLFSSL_LIBRARY_VERSION_SECOND}:${WOLFSSL_LIBRARY_VERSION_THIRD} AC_SUBST([WOLFSSL_LIBRARY_VERSION_FIRST]) @@ -123,9 +130,36 @@ AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_EXPERIMENTAL_SETTINGS" fi +# Kernel module benchmark +AC_ARG_ENABLE([kernel-benchmarks], + [AS_HELP_STRING([--enable-kernel-benchmarks],[Enable crypto benchmarking autorun at module load time for kernel module (default: disabled)])], + [ENABLED_KERNEL_BENCHMARKS=$enableval], + [ENABLED_KERNEL_BENCHMARKS="no"]) +if test "$ENABLED_KERNEL_BENCHMARKS" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_BENCHMARKS" +fi +AC_SUBST([ENABLED_KERNEL_BENCHMARKS]) -# Linux Kernel Module options (more options later) +AC_ARG_ENABLE([kernel-verbose-debug], + [AS_HELP_STRING([--enable-kernel-verbose-debug],[Enable supplementary runtime debugging messages for kernel module (default: disabled)])], + [ENABLED_KERNEL_VERBOSE_DEBUG=$enableval], + [ENABLED_KERNEL_VERBOSE_DEBUG="no"]) +if test "$ENABLED_KERNEL_VERBOSE_DEBUG" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_VERBOSE_DEBUG" +fi + +AC_ARG_ENABLE([kernel-stack-debug], + [AS_HELP_STRING([--enable-kernel-stack-debug],[Enable runtime reporting of stack usage in kernel module (default: disabled)])], + [ENABLED_KERNEL_STACK_DEBUG=$enableval], + [ENABLED_KERNEL_STACK_DEBUG="no"]) +if test "$ENABLED_KERNEL_STACK_DEBUG" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KERNEL_STACK_DEBUG" +fi +# Linux Kernel Module options (more options later) AC_ARG_ENABLE([linuxkm], [AS_HELP_STRING([--enable-linuxkm],[Enable Linux Kernel Module (default: disabled)])], [ENABLED_LINUXKM=$enableval], @@ -145,6 +179,12 @@ [ENABLED_BSDKM=no] ) +AC_ARG_ENABLE([freebsdkm-crypto-register], + [AS_HELP_STRING([--enable-freebsdkm-crypto-register],[Register wolfCrypt implementations with the FreeBSD kernel opencrypto framework. (default: disabled)])], + [ENABLED_BSDKM_REGISTER=$enableval], + [ENABLED_BSDKM_REGISTER=no] + ) + AC_CHECK_HEADERS([arpa/inet.h fcntl.h limits.h netdb.h netinet/in.h stddef.h time.h sys/ioctl.h sys/socket.h sys/time.h errno.h sys/un.h ctype.h sys/random.h]) AC_CHECK_LIB([network],[socket]) AC_C_BIGENDIAN @@ -314,6 +354,11 @@ [ ENABLED_32BIT=no ] ) +if test "$ENABLED_32BIT" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWC_32BIT_CPU" +fi + # 16-bit compiler support AC_ARG_ENABLE([16bit], [AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])], @@ -384,10 +429,13 @@ # FIPS 140 AC_ARG_ENABLE([fips], - [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2, Will NOT work w/o FIPS license (default: disabled)])], + [AS_HELP_STRING([--enable-fips],[Enable FIPS 140-2/3, Will NOT work w/o FIPS license (default: disabled)])], [ENABLED_FIPS=$enableval], [ENABLED_FIPS="no"]) +FIPS_FLAVOR="$ENABLED_FIPS" +AC_SUBST([FIPS_FLAVOR]) + # wolfProvider Options AC_ARG_ENABLE([wolfprovider], [AS_HELP_STRING([--enable-wolfprovider],[Enable wolfProvider options (default: disabled)])], @@ -566,7 +614,7 @@ ENABLED_FIPS="yes" # for dev, DEF_SP_MATH and DEF_FAST_MATH follow non-FIPS defaults (currently sp-math-all) ], - [v6],[ + [v6|v6-dev],[ FIPS_VERSION="v6" HAVE_FIPS_VERSION=6 HAVE_FIPS_VERSION_MAJOR=6 @@ -578,7 +626,7 @@ ], # Should always remain one ahead of the latest so as not to be confused with # the latest - [ready|v6-ready],[ + [ready],[ FIPS_VERSION="ready" HAVE_FIPS_VERSION=7 HAVE_FIPS_VERSION_MAJOR=7 @@ -588,7 +636,7 @@ DEF_SP_MATH="yes" DEF_FAST_MATH="no" ], - [dev|v6-dev],[ + [dev],[ FIPS_VERSION="dev" HAVE_FIPS_VERSION_MAJOR=7 HAVE_FIPS_VERSION_MINOR=0 @@ -704,23 +752,26 @@ # Remainder of Linux kernel module options, continued from earlier: +ENABLED_LINUXKM_PIE=$ENABLED_FIPS + +AC_ARG_ENABLE([kernel-reloc-tables], + [AS_HELP_STRING([--enable-kernel-reloc-tables],[Enable containerized object build of wolfCrypt module in kernel build (default: disabled)])], + [ENABLED_LINUXKM_PIE=$enableval]) + AC_ARG_ENABLE([linuxkm-pie], - [AS_HELP_STRING([--enable-linuxkm-pie],[Enable relocatable object build of Linux kernel module (default: disabled)])], - [ENABLED_LINUXKM_PIE=$enableval], - [ENABLED_LINUXKM_PIE=$ENABLED_FIPS] - ) + [AS_HELP_STRING([--enable-linuxkm-pie],[Alias for --enable-kernel-reloc-tables])], + [ENABLED_LINUXKM_PIE=$enableval]) + if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_LINUXKM_PIE" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWC_PIE_RELOC_TABLES" + AM_CFLAGS="$AM_CFLAGS -DWC_SYM_RELOC_TABLES" fi AC_SUBST([ENABLED_LINUXKM_PIE]) AC_ARG_ENABLE([linuxkm-benchmarks], [AS_HELP_STRING([--enable-linuxkm-benchmarks],[Enable crypto benchmarking autorun at module load time for Linux kernel module (default: disabled)])], - [ENABLED_KERNEL_BENCHMARKS=$enableval], - [ENABLED_KERNEL_BENCHMARKS=no] - ) -if test "$ENABLED_KERNEL_BENCHMARKS" = "yes" + [ENABLED_KERNEL_BENCHMARKS=$enableval]) +if test "$ENABLED_LINUXKM" = "yes" && test "$ENABLED_KERNEL_BENCHMARKS" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LINUXKM_BENCHMARKS" fi @@ -809,29 +860,41 @@ if test "x$ENABLED_BSDKM" = "xyes" then - # wolfcrypt only, no-asm supported for now. + # note: bsdkm is wolfcrypt only for now. HAVE_KERNEL_MODE=yes KERNEL_MODE_DEFAULTS=yes ENABLED_NO_LIBRARY=yes ENABLED_BENCHMARK=no - ENABLED_ASM=no output_objdir="$(realpath "$output_objdir")/bsdkm" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM -DWC_SIPHASH_NO_ASM" - AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM" AM_CFLAGS="$AM_CFLAGS -DNO_DEV_RANDOM -DNO_WRITEV -DNO_STDIO_FILESYSTEM" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_SOCK -DWOLFSSL_USER_IO" AM_CFLAGS="$AM_CFLAGS -DXMALLOC_OVERRIDE -DWOLFCRYPT_ONLY" AM_CFLAGS="$AM_CFLAGS -DNO_ASN_TIME" + if test "$ax_enable_debug" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BSDKM_VERBOSE_DEBUG" + AM_CFLAGS="$AM_CFLAGS -DNO_WOLFSSL_DEBUG_CERTS" + fi + if test "$KERNEL_ROOT" = ""; then AC_PATH_DEFAULT_BSDKM_SOURCE KERNEL_ROOT="$DEFAULT_BSDKM_ROOT" fi AC_SUBST([KERNEL_ROOT]) AC_SUBST([BSDKM_EXPORT_SYMS]) +fi +if test "x$ENABLED_BSDKM_REGISTER" = "xyes" +then + if test "$ENABLED_AESGCM" != "no" && test "$ENABLED_AESGCM_STREAM" = "no" && test "$enable_aesgcm_stream" != "no" && (test "$ENABLED_FIPS" = "no" || test $HAVE_FIPS_VERSION -ge 6); then + ENABLED_AESGCM_STREAM=yes + fi + + AM_CFLAGS="$AM_CFLAGS -DBSDKM_CRYPTO_REGISTER" + AC_SUBST([ENABLED_BSDKM_REGISTER]) fi # end FreeBSD configure @@ -931,9 +994,21 @@ [ ENABLED_FASTHUGEMATH=no ] ) +# ssl bump build +AC_ARG_ENABLE([bump], + [AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])], + [ ENABLED_BUMP=$enableval ], + [ ENABLED_BUMP=no ] + ) + if test "$ENABLED_BUMP" = "yes" then - ENABLED_FASTHUGEMATH="yes" + AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT" + DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 + if test "$ENABLED_SP_MATH" = "no" && test "$ENABLED_SP_MATH_ALL" = "no" + then + ENABLED_FASTHUGEMATH="yes" + fi fi if test "$ENABLED_FASTHUGEMATH" = "yes" @@ -941,7 +1016,8 @@ ENABLED_FASTMATH="yes" fi -if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64" +if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64") && + test "$ENABLED_32BIT" != "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_X86_64_BUILD" fi @@ -990,21 +1066,26 @@ # Enable all ASN features AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ALL" ENABLED_ASN=yes + ASN_IMPL=template ;; template | yes) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE" ENABLED_ASN=yes + ASN_IMPL=template ;; original) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_ORIGINAL" + ASN_IMPL=original ;; nocrypt) AM_CFLAGS="$AM_CFLAGS -DNO_ASN_CRYPT" enable_pwdbased=no + ASN_IMPL=template ;; no) AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" enable_pwdbased=no + ASN_IMPL=no ;; *) AC_MSG_ERROR([Invalid asn option. Valid are: all, template/yes, original, nocrypt or no. Seen: $ENABLED_ASN.]) @@ -1127,6 +1208,14 @@ test "$enable_dtls13" = "" && enable_dtls13=yes fi + test "$enable_ocsp" = "" && enable_ocsp=yes + test "$enable_ocspstapling" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling=yes + test "$enable_ocspstapling2" = "" && test "$enable_ocsp" != "no" && enable_ocspstapling2=yes + test "$enable_ocsp_responder" = "" && + test "$enable_ocsp" != "no" && + test "$enable_sha" != "no" && + test "$ASN_IMPL" = "template" && + enable_ocsp_responder=yes test "$enable_savesession" = "" && enable_savesession=yes test "$enable_savecert" = "" && enable_savecert=yes test "$enable_postauth" = "" && enable_postauth=yes @@ -1222,9 +1311,6 @@ test "$enable_openvpn" = "" && enable_openvpn=yes test "$enable_asio" = "" && enable_asio=yes test "$enable_libwebsockets" = "" && enable_libwebsockets=yes - if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then - test "$enable_qt" = "" && enable_qt=yes - fi fi fi @@ -1355,13 +1441,13 @@ esac fi -# 32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM. Disable +# RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM. Disable # implicit activation, and error on explicit activation. -if test "$enable_riscv_asm" = "yes" || (test "$enable_armasm" = "yes" && test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be") +if test "$enable_riscv_asm" = "yes" then if test "$enable_aesgcm_stream" = "yes" then - AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.]) + AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.]) fi enable_aesgcm_stream=no fi @@ -1395,6 +1481,7 @@ test "$enable_sep" = "" && enable_sep=yes test "$enable_hkdf" = "" && enable_hkdf=yes test "$enable_eccencrypt" = "" && test "$enable_ecc" != "no" && enable_eccencrypt=yes + test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes test "$enable_psk" = "" && enable_psk=yes test "$enable_cmac" = "" && enable_cmac=yes test "$enable_cmac_kdf" = "" && enable_cmac_kdf=yes @@ -1408,7 +1495,6 @@ test "$enable_pwdbased" = "" && enable_pwdbased=yes test "$enable_aeskeywrap" = "" && enable_aeskeywrap=yes test "$enable_x963kdf" = "" && enable_x963kdf=yes - test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes test "$enable_indef" = "" && enable_indef=yes test "$enable_enckeys" = "" && enable_enckeys=yes test "$enable_hashflags" = "" && enable_hashflags=yes @@ -1416,19 +1502,20 @@ test "$enable_base64encode" = "" && enable_base64encode=yes test "$enable_base16" = "" && enable_base16=yes test "$enable_arc4" = "" && enable_arc4=yes - test "$enable_blake2" = "" && enable_blake2=yes + test "$enable_blake2b" = "" && enable_blake2b=yes test "$enable_blake2s" = "" && enable_blake2s=yes test "$enable_md2" = "" && enable_md2=yes test "$enable_md4" = "" && enable_md4=yes test "$enable_md5" = "" && enable_md5=yes test "$enable_anon" = "" && enable_anon=yes test "$enable_ssh" = "" && test "$enable_hmac" != "no" && enable_ssh=yes + test "$enable_rng_bank" = "" && enable_rng_bank=yes - # the compiler optimizer generates a weird out-of-bounds bss reference for - # find_hole() in the FP_ECC implementation. - if test "$ENABLED_LINUXKM_PIE" != yes + if test "$KERNEL_MODE_DEFAULTS" != "yes" then - test "$enable_fpecc" = "" && test "$enable_ecc" != "no" && enable_fpecc=yes + # Scrypt is excluded from kernel module builds (unless explicitly + # enabled) because of its excessive memory requirements. + test "$enable_scrypt" = "" && test "$enable_hmac" != "no" && enable_scrypt=yes fi if test "x$FIPS_VERSION" != "xv1" @@ -1510,6 +1597,47 @@ AM_CFLAGS="$AM_CFLAGS -DWC_KDF_NIST_SP_800_56C" fi +# kernel-appropriate settings, also in enable-all-crypto above: +if test "$KERNEL_MODE_DEFAULTS" = "yes" && test "$ENABLED_ALL_CRYPT" != "yes" +then + # note several of these are currently on by default, including aesgcm, sha512 + if test "$enable_aes" != "no" + then + test "$enable_aesgcm" = "" && enable_aesgcm=yes + test "$enable_aesccm" = "" && enable_aesccm=yes + test "$enable_aesecb" = "" && enable_aesecb=yes + test "$enable_aesctr" = "" && enable_aesctr=yes + test "$enable_aesofb" = "" && enable_aesofb=yes + test "$enable_cmac" = "" && enable_cmac=yes + fi + test "$enable_sha224" = "" && enable_sha224=yes + test "$enable_sha512" = "" && enable_sha512=yes + test "$enable_sha3" = "" && enable_sha3=yes + test "$enable_keygen" = "" && enable_keygen=yes + if test "$enable_ecc" != "no" + then + test "$enable_eccencrypt" = "" && enable_eccencrypt=yes + test "$enable_fpecc" = "" && enable_fpecc=yes + test "$enable_supportedcurves" = "" && enable_supportedcurves=yes + fi + test "$enable_rng" != "no" && test "$enable_rng_bank" = "" && enable_rng_bank=yes + if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6 + then + test "$enable_aes" != "no" && test "$enable_aescfb" = "" && enable_aescfb=yes + test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes + test "$enable_aes" != "no" && test "$enable_aesxts" = "" && enable_aesxts=yes + test "$enable_aesxts_stream" = "" && test "$enable_aesxts" = "yes" && enable_aesxts_stream=yes + test "$enable_shake128" = "" && test "$enable_sha3" = "yes" && enable_shake128=yes + test "$enable_shake256" = "" && test "$enable_sha3" = "yes" && enable_shake256=yes + test "$enable_compkey" = "" && enable_compkey=yes + fi + # Enable DH const table speedups (eliminates `-lm` math lib dependency) + AM_CFLAGS="$AM_CFLAGS -DHAVE_FFDHE_2048 -DHAVE_FFDHE_3072" + DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DH_EXTRA" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT" +fi + # wolfGuard AC_ARG_ENABLE([wolfguard], [AS_HELP_STRING([--enable-wolfguard],[Enable wolfGuard dependencies (default: disabled)])], @@ -1582,150 +1710,60 @@ # MLKEM # Used: # - SHA3, Shake128 and Shake256 +# +# Note, setup is later, after FIPS setup. + +if test "$enable_shake128" != "no" && + test "$enable_shake256" != "no" && + test "$enable_sha3" != "no" && + (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 7) +then + ENABLED_MLKEM_DEFAULT=yes +else + ENABLED_MLKEM_DEFAULT=no +fi + AC_ARG_ENABLE([mlkem], - [AS_HELP_STRING([--enable-mlkem],[Enable MLKEM (default: disabled)])], + [AS_HELP_STRING([--enable-mlkem],[Enable ML-KEM/Kyber (default: enabled)])], [ ENABLED_MLKEM=$enableval ], - [ ENABLED_MLKEM=no ] + [ ENABLED_MLKEM=$ENABLED_MLKEM_DEFAULT ] ) # note, inherits default from "mlkem" clause above. AC_ARG_ENABLE([kyber], - [AS_HELP_STRING([--enable-kyber],[Enable Kyber/MLKEM (default: disabled)])], + [AS_HELP_STRING([--enable-kyber],[Alias for --enable-mlkem])], [ ENABLED_MLKEM=$enableval ] ) -ENABLED_WC_MLKEM=no -ENABLED_ML_KEM=unset -ENABLED_MLKEM_MAKE_KEY=no -ENABLED_MLKEM_ENCAPSULATE=no -ENABLED_MLKEM_DECAPSULATE=no -for v in `echo $ENABLED_MLKEM | tr "," " "` -do - case $v in - yes) - ENABLED_MLKEM512=yes - ENABLED_MLKEM768=yes - ENABLED_MLKEM1024=yes - ENABLED_MLKEM_MAKE_KEY=yes - ENABLED_MLKEM_ENCAPSULATE=yes - ENABLED_MLKEM_DECAPSULATE=yes - ;; - all) - ENABLED_MLKEM_MAKE_KEY=yes - ENABLED_MLKEM_ENCAPSULATE=yes - ENABLED_MLKEM_DECAPSULATE=yes - ENABLED_ML_KEM=yes - ENABLED_ORIGINAL=yes - ;; - no) - ;; - small) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL" - ;; - cache-a) - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A" - ;; - 512) - ENABLED_MLKEM512=yes - ;; - 768) - ENABLED_MLKEM768=yes - ;; - 1024) - ENABLED_MLKEM1024=yes - ;; - make) - ENABLED_MLKEM_MAKE_KEY=yes - ;; - encapsulate|enc) - ENABLED_MLKEM_ENCAPSULATE=yes - ;; - decapsulate|dec) - ENABLED_MLKEM_DECAPSULATE=yes - ;; - original|kyber) - ENABLED_ORIGINAL=yes - ;; - ml-kem) - ENABLED_ML_KEM=yes - ;; - noasm) - AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM" - ;; - *) - AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.]) - break;; - esac -done - -if test "$ENABLED_MLKEM" != "no" -then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM" - # Use liboqs if specified. - if test "$ENABLED_LIBOQS" = "no"; then - ENABLED_WC_MLKEM=yes - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM" - fi - - if test "$ENABLED_ORIGINAL" = "yes"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER" - if test "$ENABLED_MLKEM512" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" - fi - if test "$ENABLED_MLKEM768" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" - fi - if test "$ENABLED_MLKEM1024" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" - fi - if test "$ENABLED_ML_KEM" = "unset"; then - ENABLED_ML_KEM=no - fi - fi - if test "$ENABLED_ML_KEM" = "unset"; then - ENABLED_ML_KEM=yes - fi - if test "$ENABLED_ML_KEM" = "yes"; then - if test "$ENABLED_MLKEM512" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" - fi - if test "$ENABLED_MLKEM768" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" - fi - if test "$ENABLED_MLKEM1024" = ""; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" - fi - else - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" - fi - if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY" - fi - if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE" - fi - if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE" - fi +AC_ARG_ENABLE([tls-mlkem-standalone], + [AS_HELP_STRING([--enable-tls-mlkem-standalone],[Enable ML-KEM as standalone TLS key exchange (non-hybrid) (default: disabled)])], + [ ENABLED_MLKEM_STANDALONE=$enableval ], + [ ENABLED_MLKEM_STANDALONE=no ] + ) + +AC_ARG_ENABLE([pqc-hybrids], + [AS_HELP_STRING([--enable-pqc-hybrids],[Enable PQ/T hybrid combinations (default: enabled)])], + [ ENABLED_PQC_HYBRIDS=$enableval ], + [ ENABLED_PQC_HYBRIDS=yes ] + ) + +# Extra PQ/T Hybrid combinations +AC_ARG_ENABLE([extra-pqc-hybrids], + [AS_HELP_STRING([--enable-extra-pqc-hybrids],[Enable extra PQ/T hybrid combinations (default: disabled)])], + [ ENABLED_EXTRA_PQC_HYBRIDS=$enableval ], + [ ENABLED_EXTRA_PQC_HYBRIDS=no ] + ) - if test "$ENABLED_WC_MLKEM" = "yes" - then - test "$enable_sha3" = "" && enable_sha3=yes - test "$enable_shake128" = "" && enable_shake128=yes - test "$enable_shake256" = "" && enable_shake256=yes - fi -fi # Dilithium -# - SHA3, Shake128, Shake256 and AES-CTR +# - SHA3, Shake128 and Shake256 AC_ARG_ENABLE([mldsa], - [AS_HELP_STRING([--enable-mldsa],[Enable MLDSA (default: disabled)])], + [AS_HELP_STRING([--enable-mldsa],[Enable ML-DSA/Dilithium (default: disabled)])], [ ENABLED_DILITHIUM=$enableval ], [ ENABLED_DILITHIUM=no ] ) # note, inherits default from "mldsa" clause above. AC_ARG_ENABLE([dilithium], - [AS_HELP_STRING([--enable-dilithium],[Enable Dilithium/MLDSA (default: disabled)])], + [AS_HELP_STRING([--enable-dilithium],[Alias for --enable-mldsa])], [ ENABLED_DILITHIUM=$enableval ] ) @@ -1781,8 +1819,11 @@ draft|fips204-draft) AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_FIPS204_DRAFT" ;; + no-ctx) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DILITHIUM_NO_CTX" + ;; *) - AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87]: $ENABLED_DILITHIUM.]) + AC_MSG_ERROR([Invalid choice for DILITHIUM [all,make,sign,verify,verify-only,small,44,65,87,no-ctx]: $ENABLED_DILITHIUM.]) break;; esac done @@ -2026,15 +2067,124 @@ fi fi +# SLH-DSA +ENABLED_SLHDSA=yes +AC_ARG_ENABLE([slhdsa], + [AS_HELP_STRING([--enable-slhdsa],[Enable SLH-DSA signatures (default: disabled)])], + [ ENABLED_SLHDSA=$enableval ], + [ ENABLED_SLHDSA=no ] + ) + +for v in `echo $ENABLED_SLHDSA | tr "," " "` +do + case $v in + yes) + SLHDSA_PARAM_128S=yes + SLHDSA_PARAM_128F=yes + SLHDSA_PARAM_192S=yes + SLHDSA_PARAM_192F=yes + SLHDSA_PARAM_256S=yes + SLHDSA_PARAM_256F=yes + ;; + no) + ;; + verify-only) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_VERIFY_ONLY" + ;; + small) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA_SMALL" + ;; + small-mem) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA_SMALL_MEM" + ;; + 128s) + SLHDSA_PARAM_128S=yes + ;; + 128f) + SLHDSA_PARAM_128F=yes + ;; + 192s) + SLHDSA_PARAM_192S=yes + ;; + 192f) + SLHDSA_PARAM_192F=yes + ;; + 256s) + SLHDSA_PARAM_256S=yes + ;; + 256f) + SLHDSA_PARAM_256F=yes + ;; + no-s) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_SMALL" + ;; + no-f) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_FAST" + ;; + *) + AC_MSG_ERROR([Invalid choice for SLH-DSA []: $ENABLED_SLHDSA.]) + break;; + esac +done + +if test "$ENABLED_SLHDSA" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_SLHDSA" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_HAVE_SLHDSA" + + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_SLHDSA" + + if test "$SLHDSA_PARAM_128S" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_128S" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_128S" + fi + if test "$SLHDSA_PARAM_128F" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_128F" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_128F" + fi + if test "$SLHDSA_PARAM_192S" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_192S" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_192S" + fi + if test "$SLHDSA_PARAM_192F" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_192F" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_192F" + fi + if test "$SLHDSA_PARAM_256S" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_256S" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_256S" + fi + if test "$SLHDSA_PARAM_256F" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_256F" + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SLHDSA_PARAM_NO_256F" + fi + + enable_shake256=yes +fi + # SINGLE THREADED AC_ARG_ENABLE([singlethreaded], [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])], [ ENABLED_SINGLETHREADED=$enableval ], [ ENABLED_SINGLETHREADED=no ]) +WOLFSSL_HAVE_PTHREAD=0 AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[ AX_PTHREAD([ AC_DEFINE([HAVE_PTHREAD], [1], [Define if you have POSIX threads libraries and header files.]) + WOLFSSL_HAVE_PTHREAD=1 # If AX_PTHREAD is adding -Qunused-arguments, need to prepend with -Xcompiler libtool will use it. Newer # versions of clang don't need the -Q flag when using pthreads. AS_CASE([$PTHREAD_CFLAGS],[-Qunused-arguments*],[PTHREAD_CFLAGS="-Xcompiler $PTHREAD_CFLAGS"]) @@ -2203,6 +2353,19 @@ AM_CFLAGS="$AM_CFLAGS -DWC_NO_RNG" fi +AC_ARG_ENABLE([rng-bank], + [AS_HELP_STRING([--enable-rng-bank],[Enable compiling and using RNG banks (default: disabled)])], + [ ENABLED_RNG_BANK=$enableval ], + [ ENABLED_RNG_BANK=$KERNEL_MODE_DEFAULTS ] + ) + +if test "$ENABLED_RNG_BANK" = "yes" +then + AS_IF([test "$ENABLED_RNG" = "no"], + AC_MSG_ERROR([--enable-rng-bank requires --enable-rng])) + AM_CFLAGS="$AM_CFLAGS -DWC_RNG_BANK_SUPPORT" +fi + # DTLS-SCTP AC_ARG_ENABLE([sctp], @@ -2464,13 +2627,6 @@ [ ENABLED_QT=no ] ) -# ssl bump build -AC_ARG_ENABLE([bump], - [AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])], - [ ENABLED_BUMP=$enableval ], - [ ENABLED_BUMP=no ] - ) - # SNIFFER AC_ARG_ENABLE([sniffer], [AS_HELP_STRING([--enable-sniffer],[Enable wolfSSL sniffer support (default: disabled)])], @@ -2617,7 +2773,8 @@ test "$ENABLED_OPENRESTY" = "yes" || test "$ENABLED_RSYSLOG" = "yes" || \ test "$ENABLED_KRB" = "yes" || test "$ENABLED_CHRONY" = "yes" || \ test "$ENABLED_FFMPEG" = "yes" || test "$ENABLED_STRONGSWAN" = "yes" || \ - test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || test "$ENABLED_HITCH" = "yes" + test "$ENABLED_OPENLDAP" = "yes" || test "x$ENABLED_MOSQUITTO" = "xyes" || \ + test "$ENABLED_HITCH" = "yes" || test "$ENABLED_NGINX" = "yes" then ENABLED_OPENSSLALL="yes" fi @@ -2691,7 +2848,7 @@ if test "$ENABLED_FAULTHARDEN" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_SIG_FAULTS -DWOLFSSL_CHECK_VER_FAULTS" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CHECK_SIG_FAULTS -DWOLFSSL_CHECK_VER_FAULTS -DWC_SHA3_FAULT_HARDEN -DWC_MLKEM_FAULT_HARDEN -DWC_MLDSA_FAULT_HARDEN" fi AC_ARG_ENABLE([compileharden], @@ -2774,14 +2931,6 @@ AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN" fi - -if test "$ENABLED_BUMP" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DLARGE_STATIC_BUFFERS -DWOLFSSL_CERT_GEN -DWOLFSSL_KEY_GEN -DHUGE_SESSION_CACHE -DWOLFSSL_DER_LOAD -DWOLFSSL_ALT_NAMES -DWOLFSSL_TEST_CERT" - DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS=4096 -fi - - # lean TLS build (TLS 1.2 client only (no client auth), ECC256, AES128 and SHA256 w/o Shamir) AC_ARG_ENABLE([leantls], [AS_HELP_STRING([--enable-leantls],[Enable Lean TLS build (default: disabled)])], @@ -3174,7 +3323,7 @@ ENABLED_AESGCM=no fi -if test "$ENABLED_AESGCM" = "yes" && test "$ac_cv_c_bigendian" != "yes" +if test "$ENABLED_AESGCM" = "yes" then ENABLED_AESGCM="4bit" fi @@ -3359,6 +3508,7 @@ ENABLED_ARMASM_CRYPTO="unknown" ENABLED_ARMASM_INLINE="no" +ENABLED_ARMASM_SHA256_SMALL="no" ENABLED_ARMASM_SHA3="unknown" ENABLED_ARMASM_CRYPTO_SM4="no" # ARM Assembly @@ -3382,6 +3532,16 @@ no-crypto) ENABLED_ARMASM_CRYPTO=no ;; + sha256-small) + case $host_cpu in + *arm*) + ;; + *) + AC_MSG_ERROR([SHA256 small option only available on 32-bit ARM CPU.]) + break;; + esac + ENABLED_ARMASM_SHA256_SMALL=yes + ;; sha512-crypto | sha3-crypto) case $host_cpu in *aarch64*) @@ -3449,8 +3609,25 @@ esac ENABLED_ARMASM_BARRIER_DETECT=yes ;; + aes-block-dup) + case $host_cpu in + *arm*) + ;; + *) + AC_MSG_ERROR([AES assembly option only available on 32-bit ARM CPU.]) + break;; + esac + ENABLED_ARMASM_AES_BLOCK_INLINE=yes + ;; *) - AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, sha512-crypto, sha3-crypto): $ENABLED_ARMASM.]) + case $host_cpu in + *aarch64*) + AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, inline, no-crypto, sha512-crypto, sha3-crypto, no-sha512-crypto, no-sha3-crypto, barrier-sb, barrier-detect): $ENABLED_ARMASM.]) + break;; + *arm*) + AC_MSG_ERROR([Invalid choice of ARM asm inclusions (yes, inline, no-crypto, sha256-small, aes-block-dup): $ENABLED_ARMASM.]) + break;; + esac break;; esac done @@ -3578,6 +3755,10 @@ esac fi +if test "$ENABLED_ARMASM_SHA256_SMALL" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_SHA256_SMALL" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_SHA256_SMALL" +fi if test "$ENABLED_ARMASM_SHA3" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_ARMASM_CRYPTO_SHA512 -DWOLFSSL_ARMASM_CRYPTO_SHA3" @@ -3611,6 +3792,9 @@ if test "$ENABLED_ARMASM_INLINE" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_INLINE" fi +if test "$ENABLED_ARMASM_AES_BLOCK_INLINE" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM_AES_BLOCK_INLINE" +fi # RISC-V Assembly AC_ARG_ENABLE([riscv-asm], @@ -3708,6 +3892,9 @@ inline) ENABLED_PPC32_ASM_INLINE=yes ;; + inline-reg) + ENABLED_PPC32_ASM_INLINE_REG=yes + ;; small) ENABLED_PPC32_ASM_SMALL=yes ;; @@ -3725,7 +3912,7 @@ AC_MSG_NOTICE([32-bit PowerPC assembly for SHA-256]) ENABLED_PPC32_ASM=yes fi -if test "$ENABLED_PPC32_ASM_INLINE" = "yes"; then +if test "$ENABLED_PPC32_ASM_INLINE" = "yes" || test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes"; then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PPC32_ASM_INLINE" else AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_PPC32_ASM" @@ -3904,6 +4091,8 @@ ENABLED_X86_ASM=yes fi fi +AC_SUBST([ENABLED_AESNI]) +AC_SUBST([ENABLED_AESNI_WITH_AVX]) AC_ARG_ENABLE([aligndata], [AS_HELP_STRING([--enable-aligndata],[align data for ciphers (default: enabled)])], @@ -3941,12 +4130,17 @@ fi # AMD RDSEED -AC_ARG_ENABLE([amdrand], - [AS_HELP_STRING([--enable-amdrand],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])], +AC_ARG_ENABLE([amdrdseed], + [AS_HELP_STRING([--enable-amdrdseed],[Enable AMD rdseed as preferred RNG seeding source (default: disabled)])], [ ENABLED_AMDRDSEED=$enableval ], [ ENABLED_AMDRDSEED=no ] ) +AC_ARG_ENABLE([amdrand], + [AS_HELP_STRING([--enable-amdrand],[Alias for --enable-amdrdseed])], + [ ENABLED_AMDRDSEED=$enableval ] + ) + if test "$ENABLED_AMDRDSEED" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_AMD_RDSEED" @@ -4248,15 +4442,21 @@ # BLAKE2 +AC_ARG_ENABLE([blake2b], + [AS_HELP_STRING([--enable-blake2b],[Enable wolfSSL BLAKE2b support (default: disabled)])], + [ ENABLED_BLAKE2B=$enableval ], + [ ENABLED_BLAKE2B=no ] + ) + +# Backward-compat synonym for blake2b: AC_ARG_ENABLE([blake2], [AS_HELP_STRING([--enable-blake2],[Enable wolfSSL BLAKE2b support (default: disabled)])], - [ ENABLED_BLAKE2=$enableval ], - [ ENABLED_BLAKE2=no ] + [ ENABLED_BLAKE2B=$enableval ] ) -if test "$ENABLED_BLAKE2" = "yes" +if test "$ENABLED_BLAKE2B" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2 -DHAVE_BLAKE2B" + AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2B" fi @@ -4269,7 +4469,6 @@ if test "$ENABLED_BLAKE2S" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_BLAKE2S" - ENABLED_BLAKE2="yes" fi @@ -4344,18 +4543,26 @@ AM_CFLAGS="$AM_CFLAGS -DWC_SHA3_NO_ASM" fi +if test "$ENABLED_SHA3" != "no" && + (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6) +then + SHAKE_DEFAULT=yes +else + SHAKE_DEFAULT=no +fi + # SHAKE128 AC_ARG_ENABLE([shake128], [AS_HELP_STRING([--enable-shake128],[Enable wolfSSL SHAKE128 support (default: disabled)])], [ ENABLED_SHAKE128=$enableval ], - [ ENABLED_SHAKE128=no ] + [ ENABLED_SHAKE128=$SHAKE_DEFAULT ] ) # SHAKE256 AC_ARG_ENABLE([shake256], [AS_HELP_STRING([--enable-shake256],[Enable wolfSSL SHAKE256 support (default: disabled)])], [ ENABLED_SHAKE256=$enableval ], - [ ENABLED_SHAKE256=no ] + [ ENABLED_SHAKE256=$SHAKE_DEFAULT ] ) # SHA512 @@ -4521,6 +4728,19 @@ fi +# CERT SIGN CALLBACK +AC_ARG_ENABLE([certsigncb], + [AS_HELP_STRING([--enable-certsigncb],[Enable cert signing callback API for TPM/HSM (default: disabled)])], + [ ENABLED_CERTSIGNCB=$enableval ], + [ ENABLED_CERTSIGNCB=no ] + ) + +if test "$ENABLED_CERTSIGNCB" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_SIGN_CB" +fi + + # SEP AC_ARG_ENABLE([sep], [AS_HELP_STRING([--enable-sep],[Enable sep extensions (default: disabled)])], @@ -4746,11 +4966,18 @@ # CURVE25519 AC_ARG_ENABLE([curve25519], - [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled)])], + [AS_HELP_STRING([--enable-curve25519],[Enable Curve25519 (default: disabled). Set to "nonblock" to enable non-blocking support for key gen and shared secret])], [ ENABLED_CURVE25519=$enableval ], [ ENABLED_CURVE25519=no ] ) +# Handle curve25519 nonblock option - enable asynccrypt and asynccrypt-sw early +if test "$ENABLED_CURVE25519" = "nonblock" +then + test -z "$enable_asynccrypt" && enable_asynccrypt=yes + test -z "$enable_asynccrypt_sw" && enable_asynccrypt_sw=yes +fi + if test "$ENABLED_CURVE25519" = "no" && test "$ENABLED_QUIC" = "yes" && test "$ENABLED_FIPS" = "no" then ENABLED_CURVE25519=yes @@ -5524,6 +5751,15 @@ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG" fi +# When MLKEM and DTLS 1.3 are both enabled, DTLS ClientHello fragmenting is +# required (PQC keys in ClientHello can exceed MTU), so enable it automatically. +if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS13" = "xyes" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes" +then + AC_MSG_NOTICE([MLKEM and DTLS 1.3 are enabled; enabling DTLS ClientHello fragmenting]) + ENABLED_DTLS_CH_FRAG=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG" +fi + # CODING AC_ARG_ENABLE([coding], [AS_HELP_STRING([--enable-coding],[Enable Coding base 16/64 (default: enabled)])], @@ -5820,8 +6056,7 @@ if test "$KERNEL_MODE_DEFAULTS" = "yes" && \ test "$ENABLED_AMDRDSEED" != "yes" && \ test "$ENABLED_INTELRDRAND" != "yes" && \ - test "$ENABLED_INTELRDSEED" != "yes" && \ - (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6) + test "$ENABLED_INTELRDSEED" != "yes" then ENABLED_ENTROPY_MEMUSE_DEFAULT=yes else @@ -5833,8 +6068,12 @@ [ ENABLED_ENTROPY_MEMUSE=$enableval ], [ ENABLED_ENTROPY_MEMUSE=$ENABLED_ENTROPY_MEMUSE_DEFAULT ] ) +AC_ARG_ENABLE([wolfentropy], + [AS_HELP_STRING([--enable-wolfentropy],[Alias for --enable-wolfEntropy])], + [ ENABLED_ENTROPY_MEMUSE=$enableval ], + ) AC_ARG_ENABLE([entropy-memuse], - [AS_HELP_STRING([--enable-entropy-memuse],[Enable memuse entropy support (default: disabled)])], + [AS_HELP_STRING([--enable-entropy-memuse],[Alias for --enable-wolfEntropy])], [ ENABLED_ENTROPY_MEMUSE=$enableval ] ) @@ -5851,8 +6090,10 @@ [v6|ready|dev],[ # FIPS 140-3 SRTP-KDF AS_IF([test "$FIPS_VERSION" = "dev"], + ENABLED_FIPS_DEV=yes [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_DEV"]) AS_IF([test "$FIPS_VERSION" = "ready"], + ENABLED_FIPS_READY=yes [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_FIPS_READY"]) AM_CFLAGS="$AM_CFLAGS \ @@ -6184,6 +6425,10 @@ (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_shake256" != "yes")], [enable_shake256="no"; ENABLED_SHAKE256="no"]) + AS_IF([test "$ENABLED_MLKEM" != "no" && + (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_mlkem" != "yes")], + [enable_mlkem="no"; ENABLED_MLKEM="no"]) + AS_IF([test "$ENABLED_MD5" != "no" && (test "$FIPS_VERSION" != "lean-aesgcm-dev" || test "$enable_md5" != "yes")], [enable_md5="no"; ENABLED_MD5="no"; AM_CFLAGS="$AM_CFLAGS -DNO_MD5"]) @@ -6502,6 +6747,9 @@ SELFTEST_VERSION="v1" ]) +AS_IF([test "x$ENABLED_SELFTEST" = "xyes" && test ! -s "${srcdir}/wolfcrypt/src/selftest.c"], + [AC_MSG_ERROR([selftest.c is missing, --enable-selftest requires the CAVP selftest source])]) + AS_CASE([$SELFTEST_VERSION], ["v2"],[ AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_SELFTEST_VERSION=2 -DHAVE_PUBLIC_FFDHE" @@ -6510,6 +6758,194 @@ AM_CFLAGS="$AM_CFLAGS -DHAVE_SELFTEST -DHAVE_PUBLIC_FFDHE" ]) + +# Set ML-KEM flags + +if test "$ENABLED_MLKEM" != "no" +then + if test "$ENABLED_SHA3" = "no" + then + AC_MSG_NOTICE([MLKEM enabled (not explicitly disabled); overriding --disable-sha3 to enable SHA-3]) + ENABLED_SHA3=yes + enable_sha3=yes + fi + + if test "$ENABLED_SHAKE128" = "no" + then + AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake128 to enable SHAKE128]) + ENABLED_SHAKE128=yes + enable_shake128=yes + fi + + if test "$ENABLED_SHAKE256" = "no" + then + AC_MSG_WARN([MLKEM enabled (not explicitly disabled); overriding --disable-shake256 to enable SHAKE256]) + ENABLED_SHAKE256=yes + enable_shake256=yes + fi +fi + +ENABLED_WC_MLKEM=no +ENABLED_ML_KEM=unset +ENABLED_MLKEM_MAKE_KEY=no +ENABLED_MLKEM_ENCAPSULATE=no +ENABLED_MLKEM_DECAPSULATE=no +for v in `echo $ENABLED_MLKEM | tr "," " "` +do + case $v in + yes) + ENABLED_MLKEM512=yes + ENABLED_MLKEM768=yes + ENABLED_MLKEM1024=yes + ENABLED_MLKEM_MAKE_KEY=yes + ENABLED_MLKEM_ENCAPSULATE=yes + ENABLED_MLKEM_DECAPSULATE=yes + ;; + all) + ENABLED_MLKEM_MAKE_KEY=yes + ENABLED_MLKEM_ENCAPSULATE=yes + ENABLED_MLKEM_DECAPSULATE=yes + ENABLED_ML_KEM=yes + ENABLED_ORIGINAL=yes + ;; + no) + ;; + small) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_SMALL" + ;; + no-large-code) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_LARGE_CODE" + ;; + cache-a) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_CACHE_A" + ;; + 512) + ENABLED_MLKEM512=yes + ;; + 768) + ENABLED_MLKEM768=yes + ;; + 1024) + ENABLED_MLKEM1024=yes + ;; + make) + ENABLED_MLKEM_MAKE_KEY=yes + ;; + encapsulate|enc) + ENABLED_MLKEM_ENCAPSULATE=yes + ;; + decapsulate|dec) + ENABLED_MLKEM_DECAPSULATE=yes + ;; + original|kyber) + ENABLED_ORIGINAL=yes + ;; + ml-kem) + ENABLED_ML_KEM=yes + ;; + noasm) + AM_CFLAGS="$AM_CFLAGS -DWC_MLKEM_NO_ASM" + ;; + *) + AC_MSG_ERROR([Invalid choice for MLKEM []: $ENABLED_MLKEM.]) + break;; + esac +done + +if test "$ENABLED_MLKEM" != "no" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAVE_MLKEM" + # Use liboqs if specified. + if test "$ENABLED_LIBOQS" = "no"; then + ENABLED_WC_MLKEM=yes + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WC_MLKEM" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_WC_MLKEM" + fi + + if test "$ENABLED_ORIGINAL" = "yes"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_KYBER" + if test "$ENABLED_MLKEM512" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER512" + fi + if test "$ENABLED_MLKEM768" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER768" + fi + if test "$ENABLED_MLKEM1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_KYBER1024" + fi + if test "$ENABLED_ML_KEM" = "unset"; then + ENABLED_ML_KEM=no + fi + fi + if test "$ENABLED_ML_KEM" = "unset"; then + ENABLED_ML_KEM=yes + fi + if test "$ENABLED_ML_KEM" = "yes"; then + if test "$ENABLED_MLKEM512" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_512" + fi + if test "$ENABLED_MLKEM768" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_768" + fi + if test "$ENABLED_MLKEM1024" = ""; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM_1024" + fi + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_ML_KEM" + fi + if test "$ENABLED_MLKEM_MAKE_KEY" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_MAKE_KEY" + fi + if test "$ENABLED_MLKEM_ENCAPSULATE" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_ENCAPSULATE" + fi + if test "$ENABLED_MLKEM_DECAPSULATE" = "no"; then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_MLKEM_NO_DECAPSULATE" + fi + + if test "$ENABLED_WC_MLKEM" = "yes" + then + test "$enable_sha3" = "" && enable_sha3=yes + test "$enable_shake128" = "" && enable_shake128=yes + test "$enable_shake256" = "" && enable_shake256=yes + fi +fi + +AS_IF([ test "$ENABLED_MLKEM_STANDALONE" = "yes" && test "$ENABLED_ML_KEM" = "no" ],[AC_MSG_ERROR([ML-KEM as standalone TLS key exchange (non-hybrid) requires ML-KEM.])]) +if test "$ENABLED_MLKEM_STANDALONE" != "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_TLS_NO_MLKEM_STANDALONE" +fi + +if test "$ENABLED_PQC_HYBRIDS" = "yes" +then + if test "$ENABLED_ML_KEM" = "no" || test "$ENABLED_MLKEM" = "no" + then + ENABLED_PQC_HYBRIDS=no + elif test "$ENABLED_MLKEM768" = "" && test "$ENABLED_MLKEM1024" = ""; then + AC_MSG_NOTICE([PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024, but both disabled.]) + ENABLED_PQC_HYBRIDS=no + else + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_PQC_HYBRIDS" + fi +fi + +if test "$ENABLED_ML_KEM" != "no" && test "$ENABLED_MLKEM" != "no" +then + if test "$ENABLED_PQC_HYBRIDS" = "no" && test "$ENABLED_MLKEM_STANDALONE" = "no" && test "$ENABLED_CRYPTONLY" = "no" + then + AC_MSG_ERROR([Both hybrid PQ/T and standalone ML-KEM are disabled, so no PQC hybrid combinations will be available.]) + fi +fi + +if test "$ENABLED_EXTRA_PQC_HYBRIDS" = "yes" +then + AS_IF([ test "$ENABLED_EXPERIMENTAL" != "yes" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires --enable-experimental.]) ]) + AS_IF([ test "$ENABLED_ML_KEM" = "no" ],[ AC_MSG_ERROR([extra-pqc-hybrids requires ML-KEM.]) ]) + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_EXTRA_PQC_HYBRIDS" +fi + + AS_IF([test "x$ENABLED_AESXTS" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_XTS -DWOLFSSL_AES_DIRECT"]) AS_IF([test "x$ENABLED_AESXTS" = "xyes" && test "x$ENABLED_INTELASM" = "xyes"], @@ -6857,19 +7293,6 @@ [ ENABLED_OCSP=no ] ) -if test "$ENABLED_OCSP" = "yes" -then - # check openssl command tool for testing ocsp - AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) - - if test "$HAVE_OPENSSL_CMD" = "yes" - then - AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" - else - AC_MSG_WARN([openssl command line tool not available for testing ocsp]) - fi -fi - # Certificate Status Request : a.k.a. OCSP Stapling AC_ARG_ENABLE([ocspstapling], @@ -6938,6 +7361,18 @@ fi +AC_ARG_ENABLE([ocsp-responder], + [AS_HELP_STRING([--enable-ocsp-responder],[Enable OCSP Responder (default: disabled)])], + [ ENABLED_OCSP_RESPONDER=$enableval ], + [ ENABLED_OCSP_RESPONDER=no ] + ) + +if test "x$ENABLED_OCSP_RESPONDER" = "xyes" +then + ENABLED_OCSP="yes" + ENABLED_CERTGEN="yes" +fi + # CRL AC_ARG_ENABLE([crl], [AS_HELP_STRING([--enable-crl],[Enable CRL (Use =io for inline CRL HTTP GET) (default: disabled)])], @@ -7500,7 +7935,7 @@ fi # Small Stack - Cache on object -if test "$KERNEL_MODE_DEFAULTS" = "yes" && (test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -ge 6) +if test "$KERNEL_MODE_DEFAULTS" = "yes" then ENABLED_SMALL_STACK_CACHE_DEFAULT=yes else @@ -7655,6 +8090,11 @@ AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SEND_HRR_COOKIE" ENABLED_SEND_HRR_COOKIE="yes" fi + if test "x$ENABLED_MLKEM" != "xno" && test "x$ENABLED_DTLS_CH_FRAG" != "xyes" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_DTLS_CH_FRAG" + ENABLED_DTLS_CH_FRAG="yes" + fi if test "x$ENABLED_AES" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT" @@ -7668,7 +8108,6 @@ if test "x$ENABLED_OPENSSLEXTRA" = "xno" then - ENABLED_MD5="yes" ENABLED_OPENSSLEXTRA="yes" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" fi @@ -7823,7 +8262,7 @@ if test "$ENABLED_HAPROXY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HAPROXY -DOPENSSL_COMPATIBLE_DEFAULTS" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SIGNER_DER_CERT -DWOLFSSL_KEEP_RNG_SEED_FD_OPEN" # --enable-all defines its own DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS if test -z "$DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS" then @@ -9592,10 +10031,6 @@ if test "$ENABLED_ASYNCCRYPT" = "yes" then AC_MSG_NOTICE([Enabling asynchronous support]) - if ! test -f ${srcdir}/wolfcrypt/src/async.c || ! test -f ${srcdir}/wolfssl/wolfcrypt/async.h - then - AC_MSG_ERROR([--enable-asynccrypt requested, but WOLFSSL_ASYNC_CRYPT source files are missing.]) - fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT -DWOLFSSL_NO_HASH_RAW" @@ -10103,10 +10538,7 @@ if test "x$ENABLED_SYS_CA_CERTS" = "xyes" then - if test "x$ENABLED_FILESYSTEM" = "xno" - then - ENABLED_SYS_CA_CERTS="no" - elif test "x$ENABLED_CERTS" = "xno" + if test "x$ENABLED_CERTS" = "xno" then ENABLED_SYS_CA_CERTS="no" fi @@ -10138,6 +10570,16 @@ AC_MSG_ERROR([Unable to find Apple Security.framework headers]) ]) ;; + mingw*) + ;; + *) + # Only disable on no filesystem non Mac/Windows, as Mac and Windows + # depend on APIs which don't need filesystem support enabled in wolfSSL. + if test "x$ENABLED_FILESYSTEM" = "xno" + then + ENABLED_SYS_CA_CERTS="no" + fi + ;; esac fi @@ -10212,6 +10654,13 @@ AM_CFLAGS="$AM_CFLAGS -DHAVE_OID_ENCODING -DWOLFSSL_NO_ASN_STRICT" + # OCSP responder + if test "$ENABLED_OCSP" = "no"; then + ENABLED_OCSP="yes" + fi + if test "$ENABLED_OCSP_RESPONDER" = "no"; then + ENABLED_OCSP_RESPONDER="yes" + fi fi if test "$ENABLED_STRONGSWAN" = "yes"; then @@ -10256,17 +10705,34 @@ if test "$ENABLED_CURVE25519" != "no" then - if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_LOWRESOURCE" = "yes" + if test "$ENABLED_CURVE25519" = "small" || test "$ENABLED_CURVE25519" = "nonblock" || test "$ENABLED_LOWRESOURCE" = "yes" then AM_CFLAGS="$AM_CFLAGS -DCURVE25519_SMALL" ENABLED_CURVE25519_SMALL=yes fi + if test "$ENABLED_CURVE25519" = "nonblock" + then + AM_CFLAGS="$AM_CFLAGS -DWC_X25519_NONBLOCK" + fi + if test "$ENABLED_CURVE25519" = "no128bit" || test "$ENABLED_32BIT" = "yes" then AM_CFLAGS="$AM_CFLAGS -DNO_CURVED25519_128BIT" fi + if test "$ENABLED_CURVE25519" = "ed" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_USE_ED25519" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_USE_ED25519" + fi + if test "$ENABLED_CURVE25519" = "not-ed" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519" + AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_CURVE25519_NOT_USE_ED25519" + fi + + AM_CFLAGS="$AM_CFLAGS -DHAVE_CURVE25519" AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_CURVE25519" ENABLED_FEMATH=yes @@ -10449,6 +10915,22 @@ AS_IF([test "x$ENABLED_OCSP" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP"]) +AS_IF([test "x$ENABLED_OCSP_RESPONDER" = "xyes"], + [AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP_RESPONDER"]) + +if test "$ENABLED_OCSP" = "yes" +then + # check openssl command tool for testing ocsp + AC_CHECK_PROG([HAVE_OPENSSL_CMD],[openssl],[yes],[no]) + + if test "$HAVE_OPENSSL_CMD" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DHAVE_OPENSSL_CMD" + else + AC_MSG_WARN([openssl command line tool not available for testing ocsp]) + fi +fi + AS_IF([test "x$ENABLED_STRONGSWAN" = "xyes"], [AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_LOG_PRINTF -DWOLFSSL_PUBLIC_MP -DHAVE_EX_DATA" AS_IF([test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 2], @@ -10605,11 +11087,9 @@ if test "$ENABLED_AESGCM" = "no" then AC_MSG_ERROR([AES-GCM streaming is enabled but AES-GCM is disabled.]) - elif test "$ENABLED_RISCV_ASM" = "yes" || \ - (test "$ENABLED_ARMASM" = "yes" && \ - test "$host_cpu" != "aarch64" && test "$host_cpu" != "aarch64_be") + elif test "$ENABLED_RISCV_ASM" = "yes" then - AC_MSG_ERROR([32 bit armasm and RISC-V asm don't yet support WOLFSSL_AESGCM_STREAM.]) + AC_MSG_ERROR([RISC-V asm doesn't yet support WOLFSSL_AESGCM_STREAM.]) else AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESGCM_STREAM" AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_AESGCM_STREAM" @@ -10774,7 +11254,7 @@ # Replace all options and just use WOLFSSL_USER_SETTINGS and # WOLFSSL_USER_SETTINGS_ASM. AM_CFLAGS="-DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM" - AM_CCASFLAGS="$AM_CCASFLAGS -DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM" + AM_CCASFLAGS="-DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM" # Generate assembly-safe user_settings_asm.h (just preprocessor directives # from user_settings.h). @@ -10840,6 +11320,27 @@ LIB_SOCKET_NSL AX_HARDEN_CC_COMPILER_FLAGS +if test "$ENABLED_SELFTEST" = yes || test "$ENABLED_FIPS" = yes +then + if ! test "$ENABLED_FIPS_DEV" = yes && ! test "$ENABLED_FIPS_READY" = yes + then + # rsa.c wc_hash2mgf() switches on enum wc_HashType, which is defined + # outside the FIPS boundary. Unsupported hashes are correctly handled + # by the default clause. + AC_LANG_PUSH([C]) + AX_APPEND_COMPILE_FLAGS([-Wno-switch-enum],,[$ax_append_compile_cflags_extra]) + AC_LANG_POP + fi +fi + +# -Wdeprecated-enum-enum-conversion is on by default in C++20, but conflicts with +# our use of enum constructs to define fungible constants. +if test "$KERNEL_MODE_DEFAULTS" != "yes" +then + AX_CHECK_COMPILE_FLAG([-Werror -Wno-deprecated-enum-enum-conversion], + [AX_APPEND_FLAG([-Wno-deprecated-enum-enum-conversion], [AM_CFLAGS])]) +fi + case $host_os in mingw*) # if mingw then link to ws2_32 for sockets, and crypt32 @@ -10985,6 +11486,7 @@ AM_CONDITIONAL([BUILD_RISCV_ASM],[test "x$ENABLED_RISCV_ASM" = "xyes"]) AM_CONDITIONAL([BUILD_PPC32_ASM],[test "x$ENABLED_PPC32_ASM" = "xyes"]) AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE],[test "x$ENABLED_PPC32_ASM_INLINE" = "xyes"]) +AM_CONDITIONAL([BUILD_PPC32_ASM_INLINE_REG],[test "x$ENABLED_PPC32_ASM_INLINE_REG" = "xyes"]) AM_CONDITIONAL([BUILD_XILINX],[test "x$ENABLED_XILINX" = "xyes"]) AM_CONDITIONAL([BUILD_AESNI],[test "x$ENABLED_AESNI" = "xyes"]) AM_CONDITIONAL([BUILD_INTELASM],[test "x$ENABLED_INTELASM" = "xyes"]) @@ -10995,7 +11497,7 @@ AM_CONDITIONAL([BUILD_CAMELLIA],[test "x$ENABLED_CAMELLIA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_MD2],[test "x$ENABLED_MD2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RIPEMD],[test "x$ENABLED_RIPEMD" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_BLAKE2],[test "x$ENABLED_BLAKE2" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_BLAKE2B],[test "x$ENABLED_BLAKE2B" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_BLAKE2S],[test "x$ENABLED_BLAKE2S" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABLED_SHA384" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -11015,11 +11517,14 @@ AM_CONDITIONAL([BUILD_CURVE448_SMALL],[test "x$ENABLED_CURVE448_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_LMS],[test "x$ENABLED_WC_LMS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_XMSS],[test "x$ENABLED_WC_XMSS" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_WC_SLHDSA],[test "x$ENABLED_SLHDSA" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_WC_MLKEM],[test "x$ENABLED_WC_MLKEM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DILITHIUM],[test "x$ENABLED_DILITHIUM" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_MEMUSE],[test "x$ENABLED_ENTROPY_MEMUSE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_RNG_BANK],[test "$ENABLED_RNG_BANK" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) @@ -11073,6 +11578,7 @@ AM_CONDITIONAL([BUILD_EXAMPLE_SERVERS],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) AM_CONDITIONAL([BUILD_EXAMPLE_CLIENTS],[test "x$ENABLED_EXAMPLES" = "xyes"]) AM_CONDITIONAL([BUILD_EXAMPLE_ASN1],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_ASN_PRINT" = "xyes" && test "$ENABLED_ASN" != "no"]) +AM_CONDITIONAL([BUILD_OCSP_RESPONDER],[test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_OCSP_RESPONDER" = "xyes"]) AM_CONDITIONAL([BUILD_TESTS],[test "x$ENABLED_EXAMPLES" = "xyes"]) AM_CONDITIONAL([BUILD_THREADED_EXAMPLES],[test "x$ENABLED_SINGLETHREADED" = "xno" && test "x$ENABLED_EXAMPLES" = "xyes" && test "x$ENABLED_LEANTLS" = "xno"]) AM_CONDITIONAL([BUILD_WOLFCRYPT_TESTS],[test "x$ENABLED_CRYPT_TESTS" = "xyes"]) @@ -11115,6 +11621,7 @@ AM_CONDITIONAL([BUILD_SMIME],[test "x$ENABLED_SMIME" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_HASHFLAGS],[test "x$ENABLED_HASHFLAGS" = "xyes"]) AM_CONDITIONAL([BUILD_LINUXKM],[test "$ENABLED_LINUXKM" = "yes"]) +AM_CONDITIONAL([BUILD_KERNEL_MODE_DEFAULTS],[test "$KERNEL_MODE_DEFAULTS" != "no"]) AM_CONDITIONAL([BUILD_BSDKM],[test "$ENABLED_BSDKM" = "yes"]) AM_CONDITIONAL([BUILD_KERNEL_MODULE],[test "$ENABLED_BSDKM" = "yes" || test "$ENABLED_LINUXKM" = "yes"]) AM_CONDITIONAL([BUILD_NO_LIBRARY],[test "$ENABLED_NO_LIBRARY" = "yes"]) @@ -11171,6 +11678,26 @@ AC_SUBST([LIB_STATIC_ADD]) AC_SUBST([LIBM]) AC_SUBST([PC_LIBS_PRIVATE]) +AC_SUBST([WOLFSSL_HAVE_PTHREAD]) +HAVE_PTHREAD=$WOLFSSL_HAVE_PTHREAD +AC_SUBST([HAVE_PTHREAD]) +PACKAGE_INIT='' +AC_SUBST([PACKAGE_INIT]) +WOLFSSL_PREFIX_ABS=$prefix +if test "x$WOLFSSL_PREFIX_ABS" = "xNONE"; then + WOLFSSL_PREFIX_ABS=$ac_default_prefix +fi +WOLFSSL_EXEC_PREFIX_ABS=$exec_prefix +if test "x$WOLFSSL_EXEC_PREFIX_ABS" = "xNONE"; then + WOLFSSL_EXEC_PREFIX_ABS=$WOLFSSL_PREFIX_ABS +fi +prefix=$WOLFSSL_PREFIX_ABS +exec_prefix=$WOLFSSL_EXEC_PREFIX_ABS +eval WOLFSSL_LIBDIR_ABS=\"$libdir\" +eval WOLFSSL_INCLUDEDIR_ABS=\"$includedir\" +AC_SUBST([WOLFSSL_PREFIX_ABS]) +AC_SUBST([WOLFSSL_LIBDIR_ABS]) +AC_SUBST([WOLFSSL_INCLUDEDIR_ABS]) # FINAL AC_CONFIG_FILES([stamp-h], [echo timestamp > stamp-h]) @@ -11183,6 +11710,12 @@ rpm/spec wolfcrypt/test/test_paths.h ]) +AS_IF([ test "x$ENABLED_CMAKE_INSTALL" = "xyes" ],[ +AC_CONFIG_FILES([cmake/wolfssl-config.cmake:cmake/Config.cmake.in + cmake/wolfssl-config-version.cmake:cmake/wolfssl-config-version.cmake.in + cmake/wolfssl-targets.cmake:cmake/wolfssl-targets.cmake.in + ]) +]) AC_CONFIG_FILES([scripts/unit.test],[chmod +x scripts/unit.test]) AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules]) @@ -11240,7 +11773,7 @@ echo "/* wolfssl options.h" > $OPTION_FILE echo " * generated from configure options" >> $OPTION_FILE echo " *" >> $OPTION_FILE -echo " * Copyright (C) 2006-2025 wolfSSL Inc." >> $OPTION_FILE +echo " * Copyright (C) 2006-2026 wolfSSL Inc." >> $OPTION_FILE echo " *" >> $OPTION_FILE echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE echo " *" >> $OPTION_FILE @@ -11485,7 +12018,7 @@ echo " * SHAKE128: $ENABLED_SHAKE128" echo " * SHAKE256: $ENABLED_SHAKE256" echo " * SM3: $ENABLED_SM3" -echo " * BLAKE2: $ENABLED_BLAKE2" +echo " * BLAKE2B: $ENABLED_BLAKE2B" echo " * BLAKE2S: $ENABLED_BLAKE2S" echo " * SipHash: $ENABLED_SIPHASH" echo " * CMAC: $ENABLED_CMAC" @@ -11537,6 +12070,7 @@ if test "$ENABLED_LIBXMSS" = "yes"; then echo " * XMSS_ROOT: $XMSS_ROOT" fi +echo " * SLH-DSA $ENABLED_SLHDSA" echo " * MLKEM: $ENABLED_MLKEM" echo " * MLKEM wolfSSL impl: $ENABLED_WC_MLKEM" echo " * DILITHIUM: $ENABLED_DILITHIUM" @@ -11655,6 +12189,10 @@ then ENABLED_PPC32_ASM="inline C" fi +if test "$ENABLED_PPC32_ASM_INLINE_REG" = "yes" +then + ENABLED_PPC32_ASM="inline C Reg" +fi echo " * PPC32 ASM $ENABLED_PPC32_ASM" echo " * Write duplicate: $ENABLED_WRITEDUP" echo " * Xilinx Hardware Acc.: $ENABLED_XILINX" @@ -11678,6 +12216,9 @@ echo " * rwlock: $ENABLED_RWLOCK" echo " * keylog export: $ENABLED_KEYLOG_EXPORT" echo " * AutoSAR : $ENABLED_AUTOSAR" +echo " * ML-KEM standalone: $ENABLED_MLKEM_STANDALONE" +echo " * PQ/T hybrids: $ENABLED_PQC_HYBRIDS" +echo " * Extra PQ/T hybrids: $ENABLED_EXTRA_PQC_HYBRIDS" echo "" echo "---" @@ -11689,11 +12230,6 @@ # Show warnings at bottom so they are noticed ################################################################################ -if test "$ENABLED_ASYNCCRYPT" = "yes" && ! test -s $srcdir/wolfcrypt/src/async.c -then - AC_MSG_WARN([Make sure real async files are loaded. See async-check.sh or the wolfssl/wolfAsyncCrypt GitHub repo.]) -fi - # MinGW static vs shared library # Reference URL from libtool for MinGW is located at # http://www.gnu.org/software/libtool/manual/libtool.html#Cygwin-to-MinGW-Cross diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/debian/libwolfssl-dev.install mariadb-11.8.8/extra/wolfssl/wolfssl/debian/libwolfssl-dev.install --- mariadb-11.8.6/extra/wolfssl/wolfssl/debian/libwolfssl-dev.install 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/debian/libwolfssl-dev.install 2026-05-24 09:58:33.000000000 +0000 @@ -2,5 +2,6 @@ usr/lib/*/libwolfssl.so usr/lib/*/libwolfssl.a usr/lib/*/pkgconfig/wolfssl.pc +usr/lib/*/cmake/wolfssl/* usr/bin/wolfssl-config usr/share/doc/wolfssl/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/devin_lifeguard.yaml mariadb-11.8.8/extra/wolfssl/wolfssl/devin_lifeguard.yaml --- mariadb-11.8.6/extra/wolfssl/wolfssl/devin_lifeguard.yaml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/devin_lifeguard.yaml 1970-01-01 00:00:00.000000000 +0000 @@ -1,145 +0,0 @@ -rules: - - name: no-void-functions - trigger: >- - All functions must return a value. Avoid using void return types to ensure - error values can be propagated upstream. - solution: >- - Change the function to return an appropriate error code or result instead - of void. Ensure all return paths provide a meaningful value. - - name: avoid-recursion - trigger: >- - Recursion is not allowed. Prefer iterative solutions to reduce stack usage - and prevent potential stack overflows. - solution: >- - Refactor the recursive function into an iterative one using loops or other - control structures. - - name: use-forcezero - trigger: >- - Sensitive data such as private keys must be zeroized using `ForceZero()` - to prevent the compiler from optimizing away the zeroization. - solution: >- - Replace `memset` or similar functions with `ForceZero(variable, size)` to - ensure sensitive data is properly cleared from memory. - - name: check-all-return-codes - trigger: >- - Every return code from function calls must be checked to handle errors - appropriately and prevent unexpected behavior. - solution: >- - After each function call, add error handling logic to check the return - value and respond accordingly. - - name: no-memory-leaks - trigger: >- - Memory or resources allocated must have a clear path to being released to - prevent memory leaks. - solution: >- - Ensure that every allocation has a corresponding free or release call. Use - resource management patterns to handle allocations and deallocations. - - name: do-not-change-external-apis - trigger: >- - External facing APIs should not be altered. Instead of modifying an - existing API, create a new version with the necessary parameters. - solution: >- - If additional parameters are needed, create a new function (e.g., `f_ex(a, - b)`) and have the original function (`f(a)`) call the new one with default - or null parameters. - - name: limit-stack-usage - trigger: >- - Functions should not use more than 100 bytes of stack. Excessive stack - usage can lead to stack overflows and reduced performance. - solution: >- - Apply the `WOLFSSL_SMALL_STACK` pattern by dynamically allocating large - variables to minimize stack usage within the function. - - name: prefer-constant-time - trigger: >- - Implement algorithms in constant time to prevent timing attacks and ensure - security. - solution: >- - Review and refactor algorithms to ensure their execution time does not - depend on input values. Use constant-time libraries or functions where - applicable. - - name: use-sizeof - trigger: >- - Avoid hard-coded numeric values for sizes. Use `sizeof()` to ensure - portability and maintainability. - solution: >- - Replace hard-coded sizes with `sizeof(type)` to automatically adapt to - changes in type sizes. - - name: use-typedefs-not-stdint - trigger: >- - Use `byte`, `word16`, `word32` instead of standard integer types like - `uint32_t` to maintain consistency across the codebase. - solution: >- - Replace instances of `uint32_t` and similar types with the designated - typedefs such as `word32`. - - name: use-c-style-comments - trigger: >- - Only C-style comments (`/* */`) are allowed in C code. C++ style comments - (`//`) should not be used. - solution: >- - Replace all `//` comments with `/* */` to adhere to the project's - commenting standards. - - name: pointer-null-check - trigger: >- - Always check for null pointers using the `ptr != NULL` pattern to prevent - dereferencing null pointers. - solution: >- - Add a condition to verify that the pointer is not null before using it, - e.g., `if (ptr != NULL) { /* use ptr */ }`. - - name: declare-const-pointers - trigger: >- - Pointer parameters that are not modified within a function should be - declared as `const` to enhance code safety and clarity. - solution: >- - Add the `const` keyword to pointer parameters that are not intended to be - modified, e.g., `const void *ptr`. - - name: struct-member-order - trigger: >- - Struct members should be ordered in descending size to optimize memory - alignment and reduce padding. - solution: >- - Reorder the members of the struct so that larger data types are declared - before smaller ones. - - name: no-always-success-stubs - trigger: >- - when implementing a stub function that is not fully developed, returning - success unconditionally can hide real logic and debugging information - solution: >- - either implement the stub with real logic or return an appropriate error - code to indicate "not yet implemented," so that failures are not silently - ignored - - name: free-allocated-memory - trigger: |- - allocating memory but forgetting to free it on all code paths - or using functions that allocate buffers without a corresponding free - solution: >- - for every XMALLOC call, ensure there's a matching XFREE on every return - path - - if handing ownership off, confirm the new owner also properly frees it - - name: check-return-codes - trigger: >- - calling library functions that return non-zero in case of error, but not - checking or handling those return values - solution: >- - always verify and handle function return codes - - if ret != 0, do not continue silently; either propagate the error or - handle it - - name: handle-partial-writes - trigger: >- - calling a write function (e.g., wolfSSL_write_ex) that may write only part - of the data, returning fewer bytes than requested or a particular status - solution: >- - if partial writes are possible, loop until the entire buffer is written or - an error occurs - - do not assume a single call wrote or accepted all bytes - - name: manage-ephemeral-objects-correctly - trigger: >- - generating or importing ephemeral objects (e.g., ephemeral keys, ephemeral - certs) and forgetting to finalize or free them, or double-freeing them - solution: >- - coordinate ephemeral object ownership carefully - - ensure ephemeral structures are freed once no longer needed, and avoid - reusing pointers after free diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1021,7 +1021,7 @@ \sa wc_AesInit */ -int wc_AesFree(Aes* aes); +void wc_AesFree(Aes* aes); /*! \ingroup AES @@ -1203,19 +1203,19 @@ \return other negative error values returned if AES or CMAC operations fail. - \param key buffer containing the key to use - \param keySz length of the key buffer in bytes + \param [in] key buffer containing the key to use + \param [in] keySz length of the key buffer in bytes \param[out] out buffer to hold the ciphertext. Should be the same length as the plaintext buffer - \param in plaintext buffer to encrypt - \param inSz length of plaintext buffer - \param nonce the cryptographic nonce to use for EAX operations - \param nonceSz length of nonce buffer in bytes + \param [in] in plaintext buffer to encrypt + \param [in] inSz length of plaintext buffer + \param [in] nonce the cryptographic nonce to use for EAX operations + \param [in] nonceSz length of nonce buffer in bytes \param[out] authTag pointer to the buffer in which to store the authentication tag - \param authTagSz length of the desired authentication tag - \param authIn pointer to the buffer containing input data to authenticate - \param authInSz length of the input authentication data + \param [in] authTagSz length of the desired authentication tag + \param [in] authIn pointer to the buffer containing input data to authenticate + \param [in] authInSz length of the input authentication data _Example_ \code @@ -1266,19 +1266,19 @@ \return other negative error values returned if AES or CMAC operations fail. - \param key byte buffer containing the key to use - \param keySz length of the key buffer in bytes + \param [in] key byte buffer containing the key to use + \param [in] keySz length of the key buffer in bytes \param[out] out buffer to hold the plaintext. Should be the same length as the input ciphertext buffer - \param in ciphertext buffer to decrypt - \param inSz length of ciphertext buffer - \param nonce the cryptographic nonce to use for EAX operations - \param nonceSz length of nonce buffer in bytes - \param authTag buffer that holds the authentication tag to check the + \param [in] in ciphertext buffer to decrypt + \param [in] inSz length of ciphertext buffer + \param [in] nonce the cryptographic nonce to use for EAX operations + \param [in] nonceSz length of nonce buffer in bytes + \param [in] authTag buffer that holds the authentication tag to check the authenticity of the data against - \param authTagSz Length of the input authentication tag - \param authIn pointer to the buffer containing input data to authenticate - \param authInSz length of the input authentication data + \param [in] authTagSz Length of the input authentication tag + \param [in] authIn pointer to the buffer containing input data to authenticate + \param [in] authInSz length of the input authentication data _Example_ \code @@ -1390,13 +1390,13 @@ \return 0 on success \return error code on failure - \param eax AES EAX structure holding the context of the AEAD operation + \param [in] eax AES EAX structure holding the context of the AEAD operation \param[out] out output buffer holding the ciphertext - \param in input buffer holding the plaintext to encrypt - \param inSz size in bytes of the input data buffer - \param authIn (optional) input data to add to the authentication stream + \param [in] in input buffer holding the plaintext to encrypt + \param [in] inSz size in bytes of the input data buffer + \param [in] authIn (optional) input data to add to the authentication stream This argument should be NULL if not used - \param authInSz size in bytes of the input authentication data + \param [in] authInSz size in bytes of the input authentication data _Example_ \code @@ -1455,13 +1455,13 @@ \return 0 on success \return error code on failure - \param eax AES EAX structure holding the context of the AEAD operation + \param [in] eax AES EAX structure holding the context of the AEAD operation \param[out] out output buffer holding the decrypted plaintext - \param in input buffer holding the ciphertext - \param inSz size in bytes of the input data buffer - \param authIn (optional) input data to add to the authentication stream + \param [in] in input buffer holding the ciphertext + \param [in] inSz size in bytes of the input data buffer + \param [in] authIn (optional) input data to add to the authentication stream This argument should be NULL if not used - \param authInSz size in bytes of the input authentication data + \param [in] authInSz size in bytes of the input authentication data _Example_ @@ -1742,13 +1742,13 @@ \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for encryption failures. - \param key pointer to the AES key used for encryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for encryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the encrypted ciphertext. Must be at least the size of the input. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. - \param iv pointer to the initialization vector (IV) used for encryption. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for encryption. Must be 16 bytes. _Example_ @@ -1780,13 +1780,13 @@ \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for encryption failures. - \param key pointer to the AES key used for encryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for encryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the encrypted ciphertext. Must be at least the same size as the input plaintext. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. - \param iv pointer to the initialization vector (IV) used for encryption. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for encryption. Must be 16 bytes. _Example_ \code @@ -1813,13 +1813,13 @@ \return 0 on successful decryption. \return BAD_FUNC_ARG if input arguments are invalid. \return other negative error codes for decryption failures. - \param key pointer to the AES key used for decryption. - \param keySz size of the AES key in bytes (16, 24, or 32 bytes). + \param [in] key pointer to the AES key used for decryption. + \param [in] keySz size of the AES key in bytes (16, 24, or 32 bytes). \param[out] out buffer to hold the decrypted plaintext. Must be at least the same size as the input ciphertext. - \param in pointer to the ciphertext input data to decrypt. - \param inSz size of the ciphertext input data in bytes. - \param iv pointer to the initialization vector (IV) used for decryption. + \param [in] in pointer to the ciphertext input data to decrypt. + \param [in] inSz size of the ciphertext input data in bytes. + \param [in] iv pointer to the initialization vector (IV) used for decryption. Must be 16 bytes. _Example_ \code @@ -1845,14 +1845,14 @@ It processes a chunk of plaintext and stores intermediate data. \return 0 on successful processing. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the encrypted ciphertext. Must be large enough to store the output from this update step. \param[out] outSz size in bytes of the output data written to the \c out buffer. - On input, it should contain the maximum number of bytes that can - be written to the \c out buffer. - \param in pointer to the plaintext input data to encrypt. - \param inSz size of the plaintext input data in bytes. + On input, it should contain the maximum number of bytes that can + be written to the \c out buffer. + \param [in] in pointer to the plaintext input data to encrypt. + \param [in] inSz size of the plaintext input data in bytes. _Example_ \code Aes aes; @@ -1880,7 +1880,7 @@ It processes any remaining plaintext and completes the encryption. \return 0 on successful encryption completion. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the final encrypted ciphertext. Must be large enough to store any remaining ciphertext from this final step. \param[out] outSz size in bytes of the output data written to the \c out buffer. @@ -1913,14 +1913,14 @@ It processes a chunk of ciphertext and stores intermediate data. \return 0 on successful processing. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the decrypted plaintext. Must be large enough to store the output from this update step. \param[out] outSz size in bytes of the output data written to the \c out buffer. On input, it should contain the maximum number of bytes that can be written to the \c out buffer. - \param in pointer to the ciphertext input data to decrypt. - \param inSz size of the ciphertext input data in bytes. + \param [in] in pointer to the ciphertext input data to decrypt. + \param [in] inSz size of the ciphertext input data in bytes. _Example_ \code Aes aes; @@ -1948,7 +1948,7 @@ It processes any remaining ciphertext and completes the decryption. \return 0 on successful decryption completion. \return BAD_FUNC_ARG if input arguments are invalid. - \param aes pointer to the Aes structure holding the context of the operation. + \param [in] aes pointer to the Aes structure holding the context of the operation. \param[out] out buffer to hold the final decrypted plaintext. Must be large enough to store any remaining plaintext from this final step. \param[out] outSz size in bytes of the output data written to the \c out buffer. @@ -1974,3 +1974,1718 @@ \sa wc_AesCtsEncryptFinal */ int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz); + + +/*! + \ingroup AES + \brief This function encrypts data using AES CFB-1 mode (1-bit + feedback). It processes data one bit at a time, making it suitable + for bit-oriented applications. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store encrypted data + \param in pointer to the input buffer containing data to encrypt + (packed to left, e.g., 101 is 0x90) + \param sz size of input in bits + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte plaintext[1] = { 0x90 }; // bits 101 + byte ciphertext[1]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesCfb1Encrypt(&aes, ciphertext, plaintext, 3); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCfb1Decrypt + \sa wc_AesCfb8Encrypt +*/ +int wc_AesCfb1Encrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function encrypts data using AES CFB-8 mode (8-bit + feedback). It processes data one byte at a time, making it suitable + for byte-oriented stream encryption. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store encrypted data + \param in pointer to the input buffer containing data to encrypt + \param sz size of input in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte plaintext[10] = { }; // data to encrypt + byte ciphertext[10]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesCfb8Encrypt(&aes, ciphertext, plaintext, 10); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCfb8Decrypt + \sa wc_AesCfb1Encrypt +*/ +int wc_AesCfb8Encrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function decrypts data using AES CFB-1 mode (1-bit + feedback). It processes data one bit at a time, making it suitable + for bit-oriented applications. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store decrypted data + \param in pointer to the input buffer containing data to decrypt + \param sz size of input in bits + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte ciphertext[1] = { }; // encrypted bits + byte plaintext[1]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesCfb1Decrypt(&aes, plaintext, ciphertext, 3); + if (ret != 0) { + // decryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCfb1Encrypt + \sa wc_AesCfb8Decrypt +*/ +int wc_AesCfb1Decrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function decrypts data using AES CFB-8 mode (8-bit + feedback). It processes data one byte at a time, making it suitable + for byte-oriented stream decryption. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store decrypted data + \param in pointer to the input buffer containing data to decrypt + \param sz size of input in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte ciphertext[10] = { }; // encrypted data + byte plaintext[10]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesCfb8Decrypt(&aes, plaintext, ciphertext, 10); + if (ret != 0) { + // decryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCfb8Encrypt + \sa wc_AesCfb1Decrypt +*/ +int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function encrypts data using AES OFB mode (Output + Feedback). OFB mode turns a block cipher into a stream cipher by + encrypting the IV and XORing with plaintext. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store encrypted data + \param in pointer to the input buffer containing data to encrypt + \param sz size of input in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte plaintext[100] = { }; // data to encrypt + byte ciphertext[100]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesOfbEncrypt(&aes, ciphertext, plaintext, 100); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesOfbDecrypt + \sa wc_AesSetKey +*/ +int wc_AesOfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function decrypts data using AES OFB mode (Output + Feedback). In OFB mode, encryption and decryption are the same + operation. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store decrypted data + \param in pointer to the input buffer containing data to decrypt + \param sz size of input in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + byte ciphertext[100] = { }; // encrypted data + byte plaintext[100]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + int ret = wc_AesOfbDecrypt(&aes, plaintext, ciphertext, 100); + if (ret != 0) { + // decryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesOfbEncrypt + \sa wc_AesSetKey +*/ +int wc_AesOfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function encrypts data using AES ECB mode (Electronic + Codebook). Warning: ECB mode is not recommended for most use cases + as it does not provide semantic security. Each block is encrypted + independently. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store encrypted data + \param in pointer to the input buffer containing data to encrypt + \param sz size of input in bytes (must be multiple of AES_BLOCK_SIZE) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte plaintext[32] = { }; // data to encrypt + byte ciphertext[32]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, NULL, AES_ENCRYPTION); + int ret = wc_AesEcbEncrypt(&aes, ciphertext, plaintext, 32); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesEcbDecrypt + \sa wc_AesSetKey +*/ +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function decrypts data using AES ECB mode (Electronic + Codebook). Warning: ECB mode is not recommended for most use cases + as it does not provide semantic security. Each block is decrypted + independently. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL. + \return Other negative values on error. + + \param aes pointer to the AES structure containing the key + \param out pointer to the output buffer to store decrypted data + \param in pointer to the input buffer containing data to decrypt + \param sz size of input in bytes (must be multiple of AES_BLOCK_SIZE) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte ciphertext[32] = { }; // encrypted data + byte plaintext[32]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, NULL, AES_DECRYPTION); + int ret = wc_AesEcbDecrypt(&aes, plaintext, ciphertext, 32); + if (ret != 0) { + // decryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesEcbEncrypt + \sa wc_AesSetKey +*/ +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); + +/*! + \ingroup AES + \brief This function sets the key and IV for AES CTR mode. It + initializes the AES structure for counter mode encryption or + decryption. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, key, or iv is NULL, or if key length + is invalid. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer (16, 24, or 32 bytes) + \param len length of the key in bytes + \param iv pointer to the initialization vector (16 bytes) + \param dir cipher direction (always use AES_ENCRYPTION for CTR mode) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[16] = { }; // initialization vector + + wc_AesInit(&aes, NULL, INVALID_DEVID); + int ret = wc_AesCtrSetKey(&aes, key, 16, iv, AES_ENCRYPTION); + if (ret != 0) { + // failed to set key + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCtrEncrypt + \sa wc_AesSetKey +*/ +int wc_AesCtrSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, + int dir); + +/*! + \ingroup AES + \brief This function sets the key for AES GCM with an extended key + update parameter. It allows for key updates in certain hardware + implementations. + + \note This function is currently only available when building with + Xilinx hardware acceleration. It requires one of the following build + options: WOLFSSL_XILINX_CRYPT (for Xilinx SecureIP integration) or + WOLFSSL_AFALG_XILINX_AES (for Xilinx AF_ALG support). This API may + be exposed for additional build configurations in the future. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or key is NULL, or if key length is invalid. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer (16, 24, or 32 bytes) + \param len length of the key in bytes + \param kup key update parameter for hardware implementations + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + + wc_AesInit(&aes, NULL, INVALID_DEVID); + int ret = wc_AesGcmSetKey_ex(&aes, key, 16, 0); + if (ret != 0) { + // failed to set key + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmSetKey + \sa wc_AesGcmInit +*/ +int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len, word32 kup); + +/*! + \ingroup AES + \brief This function initializes an AES GCM cipher with key and IV. + It can be called with NULL key to only set the IV, or with NULL IV + to only set the key. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or if parameters are invalid. + \return MEMORY_E If dynamic memory allocation fails. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer, or NULL to skip key setting + \param len length of the key in bytes + \param iv pointer to the IV/nonce buffer, or NULL to skip IV setting + \param ivSz length of the IV/nonce in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // 96-bit nonce + + wc_AesInit(&aes, NULL, INVALID_DEVID); + int ret = wc_AesGcmInit(&aes, key, 16, iv, 12); + if (ret != 0) { + // failed to initialize + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmSetKey + \sa wc_AesGcmEncrypt +*/ +int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, + word32 ivSz); + +/*! + \ingroup AES + \brief This function initializes an AES GCM cipher for encryption. + It is a convenience wrapper around wc_AesGcmInit for encryption + operations. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or if parameters are invalid. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer, or NULL to skip key setting + \param len length of the key in bytes + \param iv pointer to the IV/nonce buffer, or NULL to skip IV setting + \param ivSz length of the IV/nonce in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // 96-bit nonce + + wc_AesInit(&aes, NULL, INVALID_DEVID); + int ret = wc_AesGcmEncryptInit(&aes, key, 16, iv, 12); + if (ret != 0) { + // failed to initialize + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmInit + \sa wc_AesGcmEncryptUpdate +*/ +int wc_AesGcmEncryptInit(Aes* aes, const byte* key, word32 len, + const byte* iv, word32 ivSz); + +/*! + \ingroup AES + \brief This function initializes an AES GCM cipher for encryption and + outputs the IV. This is useful when part of the IV is generated + internally. Must call wc_AesGcmSetIV() before this function to set + the fixed part of the IV. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, ivOut is NULL, or if ivOutSz doesn't + match the cached nonce size. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer, or NULL to skip key setting + \param len length of the key in bytes + \param ivOut pointer to buffer to receive the complete IV + \param ivOutSz length of the IV output buffer in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte ivFixed[4] = { }; // fixed part of IV + byte ivOut[12]; + WC_RNG rng; + + wc_InitRng(&rng); + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmSetIV(&aes, 12, ivFixed, 4, &rng); + int ret = wc_AesGcmEncryptInit_ex(&aes, key, 16, ivOut, 12); + if (ret != 0) { + // failed to initialize + } + wc_AesFree(&aes); + wc_FreeRng(&rng); + \endcode + + \sa wc_AesGcmSetIV + \sa wc_AesGcmEncryptUpdate +*/ +int wc_AesGcmEncryptInit_ex(Aes* aes, const byte* key, word32 len, + byte* ivOut, word32 ivOutSz); + +/*! + \ingroup AES + \brief This function performs an update step of AES GCM encryption. + It processes plaintext and/or additional authentication data (AAD) + in a streaming fashion. + + All the AAD must be passed to update before the plaintext. + The last part of AAD can be passed with the first part of plaintext. + + Must set key and IV before calling this function. + Must call wc_AesGcmInit() before calling this function. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or a length is non-zero but + buffer is NULL. + + \param aes pointer to the AES structure + \param out pointer to buffer to store ciphertext (can be NULL if sz=0) + \param in pointer to plaintext to encrypt (can be NULL if sz=0) + \param sz length of plaintext in bytes + \param authIn pointer to additional authentication data (can be NULL) + \param authInSz length of AAD in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte plaintext[100] = { }; // data + byte ciphertext[100]; + byte aad[20] = { }; // additional data + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmInit(&aes, key, 16, iv, 12); + int ret = wc_AesGcmEncryptUpdate(&aes, ciphertext, plaintext, 100, + aad, 20); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmInit + \sa wc_AesGcmEncryptInit + \sa wc_AesGcmEncryptFinal +*/ +int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief This function finalizes AES GCM encryption and generates the + authentication tag. This must be called after all data has been + processed with wc_AesGcmEncryptUpdate. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or authTag is NULL, or if authTagSz is + invalid. + + \param aes pointer to the AES structure + \param authTag pointer to buffer to store the authentication tag + \param authTagSz length of the authentication tag in bytes (typically + 12 or 16) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte plaintext[100] = { }; // data + byte ciphertext[100]; + byte authTag[16]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmEncryptInit(&aes, key, 16, iv, 12); + wc_AesGcmEncryptUpdate(&aes, ciphertext, plaintext, 100, NULL, 0); + int ret = wc_AesGcmEncryptFinal(&aes, authTag, 16); + if (ret != 0) { + // failed to generate tag + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmEncryptUpdate + \sa wc_AesGcmDecryptFinal +*/ +int wc_AesGcmEncryptFinal(Aes* aes, byte* authTag, word32 authTagSz); + +/*! + \ingroup AES + \brief This function initializes an AES GCM cipher for decryption. + It is a convenience wrapper around wc_AesGcmInit for decryption + operations. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or if parameters are invalid. + + \param aes pointer to the AES structure to initialize + \param key pointer to the key buffer, or NULL to skip key setting + \param len length of the key in bytes + \param iv pointer to the IV/nonce buffer, or NULL to skip IV setting + \param ivSz length of the IV/nonce in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // 96-bit nonce + + wc_AesInit(&aes, NULL, INVALID_DEVID); + int ret = wc_AesGcmDecryptInit(&aes, key, 16, iv, 12); + if (ret != 0) { + // failed to initialize + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmInit + \sa wc_AesGcmDecryptUpdate +*/ +int wc_AesGcmDecryptInit(Aes* aes, const byte* key, word32 len, + const byte* iv, word32 ivSz); + +/*! + \ingroup AES + \brief This function performs an update step of AES GCM decryption. + It processes ciphertext and/or additional authentication data (AAD) + in a streaming fashion. + + All the AAD must be passed to update before the ciphertext. + The last part of AAD can be passed with the first part of ciphertext. + + Must set key and IV before calling this function. + Must call wc_AesGcmInit() before calling this function. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or a length is non-zero but + buffer is NULL. + + \param aes pointer to the AES structure + \param out pointer to buffer to store plaintext (can be NULL if sz=0) + \param in pointer to ciphertext to decrypt (can be NULL if sz=0) + \param sz length of ciphertext in bytes + \param authIn pointer to additional authentication data (can be NULL) + \param authInSz length of AAD in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte ciphertext[100] = { }; // encrypted data + byte plaintext[100]; + byte aad[20] = { }; // additional data + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmInit(&aes, key, 16, iv, 12); + int ret = wc_AesGcmDecryptUpdate(&aes, plaintext, ciphertext, 100, + aad, 20); + if (ret != 0) { + // decryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmInit + \sa wc_AesGcmDecryptInit + \sa wc_AesGcmDecryptFinal +*/ +int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief This function finalizes AES GCM decryption and verifies the + authentication tag. This must be called after all data has been + processed with wc_AesGcmDecryptUpdate. + + \return 0 On success. + \return AES_GCM_AUTH_E If authentication tag verification fails. + \return BAD_FUNC_ARG If aes or authTag is NULL, or if authTagSz is + invalid. + + \param aes pointer to the AES structure + \param authTag pointer to the authentication tag to verify + \param authTagSz length of the authentication tag in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte ciphertext[100] = { }; // encrypted data + byte plaintext[100]; + byte authTag[16] = { }; // received tag + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmDecryptInit(&aes, key, 16, iv, 12); + wc_AesGcmDecryptUpdate(&aes, plaintext, ciphertext, 100, NULL, 0); + int ret = wc_AesGcmDecryptFinal(&aes, authTag, 16); + if (ret != 0) { + // authentication failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmDecryptUpdate + \sa wc_AesGcmEncryptFinal +*/ +int wc_AesGcmDecryptFinal(Aes* aes, const byte* authTag, word32 authTagSz); + +/*! + \ingroup AES + \brief This function sets an external IV for AES GCM. This allows + using an IV that was generated externally or received from another + source. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or iv is NULL, or if ivSz is invalid. + + \param aes pointer to the AES structure + \param iv pointer to the IV/nonce buffer + \param ivSz length of the IV/nonce in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // external nonce + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmSetKey(&aes, key, 16); + int ret = wc_AesGcmSetExtIV(&aes, iv, 12); + if (ret != 0) { + // failed to set IV + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesGcmSetIV + \sa wc_AesGcmInit +*/ +int wc_AesGcmSetExtIV(Aes* aes, const byte* iv, word32 ivSz); + +/*! + \ingroup AES + \brief This function sets the IV for AES GCM with optional random + generation. It can generate part of the IV using an RNG, which is + useful for ensuring IV uniqueness. + + \return 0 On success. + \return BAD_FUNC_ARG If aes is NULL, or if parameters are invalid. + \return Other negative values on RNG or other errors. + + \param aes pointer to the AES structure + \param ivSz total length of the IV/nonce in bytes + \param ivFixed pointer to the fixed part of the IV (can be NULL) + \param ivFixedSz length of the fixed part in bytes + \param rng pointer to initialized RNG for generating random part + (can be NULL if ivFixedSz equals ivSz) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte ivFixed[4] = { }; // fixed part + WC_RNG rng; + + wc_InitRng(&rng); + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmSetKey(&aes, key, 16); + int ret = wc_AesGcmSetIV(&aes, 12, ivFixed, 4, &rng); + if (ret != 0) { + // failed to set IV + } + wc_AesFree(&aes); + wc_FreeRng(&rng); + \endcode + + \sa wc_AesGcmSetExtIV + \sa wc_AesGcmEncryptInit_ex +*/ +int wc_AesGcmSetIV(Aes* aes, word32 ivSz, const byte* ivFixed, + word32 ivFixedSz, WC_RNG* rng); + +/*! + \ingroup AES + \brief This function performs AES GCM encryption with extended + parameters, including IV output. This is a one-shot encryption + function that outputs the generated IV. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param aes pointer to the AES structure + \param out pointer to buffer to store ciphertext + \param in pointer to plaintext to encrypt + \param sz length of plaintext in bytes + \param ivOut pointer to buffer to receive the IV + \param ivOutSz length of the IV output buffer in bytes + \param authTag pointer to buffer to store authentication tag + \param authTagSz length of authentication tag in bytes + \param authIn pointer to additional authentication data + \param authInSz length of AAD in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte ivFixed[4] = { }; // fixed part + byte ivOut[12]; + byte plaintext[100] = { }; // data + byte ciphertext[100]; + byte authTag[16]; + WC_RNG rng; + + wc_InitRng(&rng); + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesGcmSetKey(&aes, key, 16); + wc_AesGcmSetIV(&aes, 12, ivFixed, 4, &rng); + int ret = wc_AesGcmEncrypt_ex(&aes, ciphertext, plaintext, 100, + ivOut, 12, authTag, 16, NULL, 0); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + wc_FreeRng(&rng); + \endcode + + \sa wc_AesGcmEncrypt + \sa wc_AesGcmSetIV +*/ +int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, byte* authTag, + word32 authTagSz, const byte* authIn, + word32 authInSz); + +/*! + \ingroup AES + \brief This function performs GMAC (Galois Message Authentication Code) + generation. GMAC is essentially AES-GCM with no plaintext, used for + authentication only. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key buffer + \param keySz length of the key in bytes (16, 24, or 32) + \param iv pointer to the IV/nonce buffer + \param ivSz length of the IV/nonce in bytes + \param authIn pointer to data to authenticate + \param authInSz length of data to authenticate in bytes + \param authTag pointer to buffer to store authentication tag + \param authTagSz length of authentication tag in bytes + \param rng pointer to initialized RNG (can be NULL if IV is complete) + + _Example_ + \code + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte data[100] = { }; // data to authenticate + byte authTag[16]; + + int ret = wc_Gmac(key, 16, iv, 12, data, 100, authTag, 16, NULL); + if (ret != 0) { + // GMAC generation failed + } + \endcode + + \sa wc_GmacVerify + \sa wc_AesGcmEncrypt +*/ +int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, + const byte* authIn, word32 authInSz, byte* authTag, + word32 authTagSz, WC_RNG* rng); + +/*! + \ingroup AES + \brief This function verifies a GMAC (Galois Message Authentication + Code). It computes the GMAC and compares it with the provided tag. + + \return 0 On successful verification. + \return AES_GCM_AUTH_E If authentication tag verification fails. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key buffer + \param keySz length of the key in bytes (16, 24, or 32) + \param iv pointer to the IV/nonce buffer + \param ivSz length of the IV/nonce in bytes + \param authIn pointer to data to authenticate + \param authInSz length of data to authenticate in bytes + \param authTag pointer to the authentication tag to verify + \param authTagSz length of authentication tag in bytes + + _Example_ + \code + byte key[16] = { }; // 128-bit key + byte iv[12] = { }; // nonce + byte data[100] = { }; // data to authenticate + byte authTag[16] = { }; // received tag + + int ret = wc_GmacVerify(key, 16, iv, 12, data, 100, authTag, 16); + if (ret != 0) { + // GMAC verification failed + } + \endcode + + \sa wc_Gmac + \sa wc_AesGcmDecrypt +*/ +int wc_GmacVerify(const byte* key, word32 keySz, const byte* iv, + word32 ivSz, const byte* authIn, word32 authInSz, + const byte* authTag, word32 authTagSz); + +/*! + \ingroup AES + \brief This function sets the nonce for AES CCM mode. The nonce must + be set before encryption or decryption operations. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or nonce is NULL, or if nonceSz is invalid. + + \param aes pointer to the AES structure + \param nonce pointer to the nonce buffer + \param nonceSz length of the nonce in bytes (7-13 bytes for CCM) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte nonce[12] = { }; // nonce + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesCcmSetKey(&aes, key, 16); + int ret = wc_AesCcmSetNonce(&aes, nonce, 12); + if (ret != 0) { + // failed to set nonce + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCcmEncrypt + \sa wc_AesCcmSetKey +*/ +int wc_AesCcmSetNonce(Aes* aes, const byte* nonce, word32 nonceSz); + +/*! + \ingroup AES + \brief This function performs AES CCM encryption with extended + parameters, including nonce output. This is useful when part of the + nonce is generated internally. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param aes pointer to the AES structure + \param out pointer to buffer to store ciphertext + \param in pointer to plaintext to encrypt + \param sz length of plaintext in bytes + \param ivOut pointer to buffer to receive the nonce + \param ivOutSz length of the nonce output buffer in bytes + \param authTag pointer to buffer to store authentication tag + \param authTagSz length of authentication tag in bytes + \param authIn pointer to additional authentication data + \param authInSz length of AAD in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + byte nonce[12]; + byte plaintext[100] = { }; // data + byte ciphertext[100]; + byte authTag[16]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesCcmSetKey(&aes, key, 16); + int ret = wc_AesCcmEncrypt_ex(&aes, ciphertext, plaintext, 100, + nonce, 12, authTag, 16, NULL, 0); + if (ret != 0) { + // encryption failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesCcmEncrypt + \sa wc_AesCcmSetNonce +*/ +int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, + byte* ivOut, word32 ivOutSz, byte* authTag, + word32 authTagSz, const byte* authIn, + word32 authInSz); + +/*! + \ingroup AES + \brief This function wraps a key using AES Key Wrap algorithm + (RFC 3394). This is commonly used to securely transport + cryptographic keys. + + \return Length of wrapped key in bytes on success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key-encryption key + \param keySz length of the key-encryption key in bytes + \param in pointer to the key to wrap + \param inSz length of the key to wrap in bytes + \param out pointer to buffer to store wrapped key + \param outSz size of output buffer in bytes + \param iv pointer to IV (typically NULL to use default) + + _Example_ + \code + byte kek[16] = { }; // key-encryption key + byte keyToWrap[16] = { }; // key to wrap + byte wrappedKey[24]; + + int wrappedLen = wc_AesKeyWrap(kek, 16, keyToWrap, 16, wrappedKey, + 24, NULL); + if (wrappedLen <= 0) { + // key wrap failed + } + \endcode + + \sa wc_AesKeyUnWrap + \sa wc_AesKeyWrap_ex +*/ +int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, + word32 inSz, byte* out, word32 outSz, const byte* iv); + +/*! + \ingroup AES + \brief This function wraps a key using AES Key Wrap algorithm with + an initialized AES structure. This allows reusing the same AES + structure for multiple wrap operations. + + \return Length of wrapped key in bytes on success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param aes pointer to initialized AES structure + \param in pointer to the key to wrap + \param inSz length of the key to wrap in bytes + \param out pointer to buffer to store wrapped key + \param outSz size of output buffer in bytes + \param iv pointer to IV (typically NULL to use default) + + _Example_ + \code + Aes aes; + byte kek[16] = { }; // key-encryption key + byte keyToWrap[16] = { }; // key to wrap + byte wrappedKey[24]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, kek, 16, NULL, AES_ENCRYPTION); + int wrappedLen = wc_AesKeyWrap_ex(&aes, keyToWrap, 16, wrappedKey, + 24, NULL); + if (wrappedLen <= 0) { + // key wrap failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesKeyWrap + \sa wc_AesKeyUnWrap_ex +*/ +int wc_AesKeyWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, + word32 outSz, const byte* iv); + +/*! + \ingroup AES + \brief This function unwraps a key using AES Key Unwrap algorithm + (RFC 3394). This is used to securely receive cryptographic keys + that were wrapped. + + \return Length of unwrapped key in bytes on success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key-encryption key + \param keySz length of the key-encryption key in bytes + \param in pointer to the wrapped key + \param inSz length of the wrapped key in bytes + \param out pointer to buffer to store unwrapped key + \param outSz size of output buffer in bytes + \param iv pointer to IV (typically NULL to use default) + + _Example_ + \code + byte kek[16] = { }; // key-encryption key + byte wrappedKey[24] = { }; // wrapped key + byte unwrappedKey[16]; + + int unwrappedLen = wc_AesKeyUnWrap(kek, 16, wrappedKey, 24, + unwrappedKey, 16, NULL); + if (unwrappedLen <= 0) { + // key unwrap failed + } + \endcode + + \sa wc_AesKeyWrap + \sa wc_AesKeyUnWrap_ex +*/ +int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, + word32 inSz, byte* out, word32 outSz, const byte* iv); + +/*! + \ingroup AES + \brief This function unwraps a key using AES Key Unwrap algorithm + with an initialized AES structure. This allows reusing the same AES + structure for multiple unwrap operations. + + \return Length of unwrapped key in bytes on success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param aes pointer to initialized AES structure + \param in pointer to the wrapped key + \param inSz length of the wrapped key in bytes + \param out pointer to buffer to store unwrapped key + \param outSz size of output buffer in bytes + \param iv pointer to IV (typically NULL to use default) + + _Example_ + \code + Aes aes; + byte kek[16] = { }; // key-encryption key + byte wrappedKey[24] = { }; // wrapped key + byte unwrappedKey[16]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, kek, 16, NULL, AES_ENCRYPTION); + int unwrappedLen = wc_AesKeyUnWrap_ex(&aes, wrappedKey, 24, + unwrappedKey, 16, NULL); + if (unwrappedLen <= 0) { + // key unwrap failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesKeyUnWrap + \sa wc_AesKeyWrap_ex +*/ +int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out, + word32 outSz, const byte* iv); + +/*! + \ingroup AES + \brief This function encrypts multiple consecutive sectors using AES XTS + mode. It processes multiple sectors in sequence, automatically + incrementing the sector number for each sector. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL, or if sectorSz is 0, + or if sz is less than AES_BLOCK_SIZE. + \return Other negative values on error. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store encrypted data + \param in pointer to plaintext data to encrypt + \param sz total length of data in bytes + \param sector starting sector number for the tweak + \param sectorSz size of each sector in bytes + + _Example_ + \code + XtsAes aes; + byte key[32] = { }; // 256-bit key + byte plaintext[1024] = { }; // data + byte ciphertext[1024]; + + wc_AesXtsSetKey(&aes, key, 32, AES_ENCRYPTION, NULL, INVALID_DEVID); + int ret = wc_AesXtsEncryptConsecutiveSectors(&aes, ciphertext, + plaintext, 1024, 0, 512); + if (ret != 0) { + // encryption failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsDecryptConsecutiveSectors + \sa wc_AesXtsEncryptSector +*/ +int wc_AesXtsEncryptConsecutiveSectors(XtsAes* aes, byte* out, + const byte* in, word32 sz, + word64 sector, word32 sectorSz); + +/*! + \ingroup AES + \brief This function decrypts multiple consecutive sectors using AES XTS + mode. It processes multiple sectors in sequence, automatically + incrementing the sector number for each sector. + + \return 0 On success. + \return BAD_FUNC_ARG If aes, out, or in is NULL, or if sectorSz is 0, + or if sz is less than AES_BLOCK_SIZE. + \return Other negative values on error. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store decrypted data + \param in pointer to ciphertext data to decrypt + \param sz total length of data in bytes + \param sector starting sector number for the tweak + \param sectorSz size of each sector in bytes + + _Example_ + \code + XtsAes aes; + byte key[32] = { }; // 256-bit key + byte ciphertext[1024] = { }; // encrypted data + byte plaintext[1024]; + + wc_AesXtsSetKey(&aes, key, 32, AES_DECRYPTION, NULL, INVALID_DEVID); + int ret = wc_AesXtsDecryptConsecutiveSectors(&aes, plaintext, + ciphertext, 1024, 0, 512); + if (ret != 0) { + // decryption failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsEncryptConsecutiveSectors + \sa wc_AesXtsDecryptSector +*/ +int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, + const byte* in, word32 sz, + word64 sector, word32 sectorSz); + +/*! + \ingroup AES + \brief This function initializes streaming AES XTS encryption. It sets + up the context for processing data in multiple update calls. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param i pointer to the tweak/IV buffer + \param iSz length of the tweak/IV in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + + wc_AesXtsSetKey(&aes, key, 32, AES_ENCRYPTION, NULL, INVALID_DEVID); + int ret = wc_AesXtsEncryptInit(&aes, tweak, 16, &stream); + if (ret != 0) { + // initialization failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsEncryptUpdate + \sa wc_AesXtsEncryptFinal +*/ +int wc_AesXtsEncryptInit(XtsAes* aes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function initializes streaming AES XTS decryption. It sets + up the context for processing data in multiple update calls. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param i pointer to the tweak/IV buffer + \param iSz length of the tweak/IV in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + + wc_AesXtsSetKey(&aes, key, 32, AES_DECRYPTION, NULL, INVALID_DEVID); + int ret = wc_AesXtsDecryptInit(&aes, tweak, 16, &stream); + if (ret != 0) { + // initialization failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsDecryptUpdate + \sa wc_AesXtsDecryptFinal +*/ +int wc_AesXtsDecryptInit(XtsAes* aes, const byte* i, word32 iSz, + struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function performs an update step of streaming AES XTS + encryption. It processes a chunk of data and can be called multiple + times. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store encrypted data + \param in pointer to plaintext data to encrypt + \param sz length of data in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + byte plaintext[100] = { }; // data + byte ciphertext[100]; + + wc_AesXtsSetKey(&aes, key, 32, AES_ENCRYPTION, NULL, INVALID_DEVID); + wc_AesXtsEncryptInit(&aes, tweak, 16, &stream); + int ret = wc_AesXtsEncryptUpdate(&aes, ciphertext, plaintext, 100, + &stream); + if (ret != 0) { + // encryption failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsEncryptInit + \sa wc_AesXtsEncryptFinal +*/ +int wc_AesXtsEncryptUpdate(XtsAes* aes, byte* out, const byte* in, + word32 sz, struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function performs an update step of streaming AES XTS + decryption. It processes a chunk of data and can be called multiple + times. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store decrypted data + \param in pointer to ciphertext data to decrypt + \param sz length of data in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + byte ciphertext[100] = { }; // encrypted data + byte plaintext[100]; + + wc_AesXtsSetKey(&aes, key, 32, AES_DECRYPTION, NULL, INVALID_DEVID); + wc_AesXtsDecryptInit(&aes, tweak, 16, &stream); + int ret = wc_AesXtsDecryptUpdate(&aes, plaintext, ciphertext, 100, + &stream); + if (ret != 0) { + // decryption failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsDecryptInit + \sa wc_AesXtsDecryptFinal +*/ +int wc_AesXtsDecryptUpdate(XtsAes* aes, byte* out, const byte* in, + word32 sz, struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function finalizes streaming AES XTS encryption. It + processes any remaining data and completes the encryption operation. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store final encrypted data + \param in pointer to final plaintext data to encrypt + \param sz length of final data in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + byte plaintext[50] = { }; // final data + byte ciphertext[50]; + + wc_AesXtsSetKey(&aes, key, 32, AES_ENCRYPTION, NULL, INVALID_DEVID); + wc_AesXtsEncryptInit(&aes, tweak, 16, &stream); + // ... update calls ... + int ret = wc_AesXtsEncryptFinal(&aes, ciphertext, plaintext, 50, + &stream); + if (ret != 0) { + // finalization failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsEncryptUpdate + \sa wc_AesXtsEncryptInit +*/ +int wc_AesXtsEncryptFinal(XtsAes* aes, byte* out, const byte* in, + word32 sz, struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function finalizes streaming AES XTS decryption. It + processes any remaining data and completes the decryption operation. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + + \param aes pointer to the XtsAes structure + \param out pointer to buffer to store final decrypted data + \param in pointer to final ciphertext data to decrypt + \param sz length of final data in bytes + \param stream pointer to XtsAesStreamData structure for streaming state + + _Example_ + \code + XtsAes aes; + struct XtsAesStreamData stream; + byte key[32] = { }; // 256-bit key + byte tweak[16] = { }; // tweak value + byte ciphertext[50] = { }; // final encrypted data + byte plaintext[50]; + + wc_AesXtsSetKey(&aes, key, 32, AES_DECRYPTION, NULL, INVALID_DEVID); + wc_AesXtsDecryptInit(&aes, tweak, 16, &stream); + // ... update calls ... + int ret = wc_AesXtsDecryptFinal(&aes, plaintext, ciphertext, 50, + &stream); + if (ret != 0) { + // finalization failed + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsDecryptUpdate + \sa wc_AesXtsDecryptInit +*/ +int wc_AesXtsDecryptFinal(XtsAes* aes, byte* out, const byte* in, + word32 sz, struct XtsAesStreamData *stream); + +/*! + \ingroup AES + \brief This function retrieves the key size from an initialized AES + structure. It returns the size of the key currently set in the AES + object. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or keySize is NULL. + + \param aes pointer to the AES structure + \param keySize pointer to word32 to store the key size in bytes + + _Example_ + \code + Aes aes; + byte key[16] = { }; // 128-bit key + word32 keySize; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, 16, NULL, AES_ENCRYPTION); + int ret = wc_AesGetKeySize(&aes, &keySize); + if (ret == 0) { + // keySize now contains 16 + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesSetKey + \sa wc_AesInit +*/ +int wc_AesGetKeySize(Aes* aes, word32* keySize); + +/*! + \ingroup AES + \brief This function initializes an AES structure with an ID. This is + useful for tracking or identifying specific AES instances in + applications that manage multiple AES contexts. + + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or id is NULL, or if len is invalid. + + \param aes pointer to the AES structure to initialize + \param id pointer to the ID buffer + \param len length of the ID in bytes + \param heap pointer to heap hint for memory allocation (can be NULL) + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software) + + _Example_ + \code + Aes aes; + byte id[8] = { }; // unique identifier + + int ret = wc_AesInit_Id(&aes, id, 8, NULL, INVALID_DEVID); + if (ret != 0) { + // initialization failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesInit + \sa wc_AesInit_Label +*/ +int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, + int devId); + +/*! + \ingroup AES + \brief This function initializes an AES structure with a label string. + This is useful for tracking or identifying specific AES instances with + human-readable names. + + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or label is NULL. + + \param aes pointer to the AES structure to initialize + \param label pointer to the null-terminated label string + \param heap pointer to heap hint for memory allocation (can be NULL) + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software) + + _Example_ + \code + Aes aes; + + int ret = wc_AesInit_Label(&aes, "MyAESContext", NULL, INVALID_DEVID); + if (ret != 0) { + // initialization failed + } + wc_AesFree(&aes); + \endcode + + \sa wc_AesInit + \sa wc_AesInit_Id +*/ +int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); + +/*! + \ingroup AES + \brief This function allocates and initializes a new AES structure. + It returns a pointer to the allocated structure, which must be freed + with wc_AesDelete when no longer needed. These New/Delete functions + are exposed to support allocation of the structure using dynamic memory + to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return Pointer to allocated Aes structure on success. + \return NULL on allocation failure. + + \param heap pointer to heap hint for memory allocation (can be NULL) + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software) + \param result_code pointer to int to store result code (can be NULL) + + _Example_ + \code + int result; + Aes* aes = wc_AesNew(NULL, INVALID_DEVID, &result); + if (aes == NULL || result != 0) { + // allocation or initialization failed + } + // use aes... + wc_AesDelete(aes, &aes); + \endcode + + \sa wc_AesDelete + \sa wc_AesInit +*/ +Aes* wc_AesNew(void* heap, int devId, int *result_code); + +/*! + \ingroup AES + \brief This function frees an AES structure that was allocated with + wc_AesNew. It also sets the pointer to NULL to prevent use-after-free. + These New/Delete functions are exposed to support allocation of the + structure using dynamic memory to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return 0 On success. + \return BAD_FUNC_ARG If aes or aes_p is NULL. + + \param aes pointer to the AES structure to free + \param aes_p pointer to the AES pointer (will be set to NULL) + + _Example_ + \code + Aes* aes = wc_AesNew(NULL, INVALID_DEVID, NULL); + if (aes != NULL) { + // use aes... + int ret = wc_AesDelete(aes, &aes); + // aes is now NULL + } + \endcode + + \sa wc_AesNew + \sa wc_AesFree +*/ +int wc_AesDelete(Aes* aes, Aes** aes_p); + +/*! + \ingroup AES + \brief This function performs AES-SIV (Synthetic IV) encryption with + extended parameters. AES-SIV provides nonce-misuse resistance and + deterministic authenticated encryption. + + \return 0 On success. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key buffer (32, 48, or 64 bytes for SIV) + \param keySz length of the key in bytes + \param assoc pointer to array of associated data structures + \param numAssoc number of associated data items + \param nonce pointer to the nonce buffer (can be NULL) + \param nonceSz length of the nonce in bytes + \param in pointer to plaintext to encrypt + \param inSz length of plaintext in bytes + \param siv pointer to buffer to store the SIV (16 bytes) + \param out pointer to buffer to store ciphertext + + _Example_ + \code + byte key[32] = { }; // 256-bit key for AES-128-SIV + AesSivAssoc assoc[1]; + byte aad[20] = { }; // associated data + byte nonce[12] = { }; // nonce + byte plaintext[100] = { }; // data + byte siv[16]; + byte ciphertext[100]; + + assoc[0].data = aad; + assoc[0].sz = 20; + + int ret = wc_AesSivEncrypt_ex(key, 32, assoc, 1, nonce, 12, + plaintext, 100, siv, ciphertext); + if (ret != 0) { + // encryption failed + } + \endcode + + \sa wc_AesSivDecrypt_ex + \sa wc_AesSivEncrypt +*/ +int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, + const AesSivAssoc* assoc, word32 numAssoc, + const byte* nonce, word32 nonceSz, const byte* in, + word32 inSz, byte* siv, byte* out); + +/*! + \ingroup AES + \brief This function performs AES-SIV (Synthetic IV) decryption with + extended parameters. It verifies the SIV and decrypts the ciphertext. + + \return 0 On successful decryption and verification. + \return AES_SIV_AUTH_E If SIV verification fails. + \return BAD_FUNC_ARG If parameters are invalid. + \return Other negative values on error. + + \param key pointer to the key buffer (32, 48, or 64 bytes for SIV) + \param keySz length of the key in bytes + \param assoc pointer to array of associated data structures + \param numAssoc number of associated data items + \param nonce pointer to the nonce buffer (can be NULL) + \param nonceSz length of the nonce in bytes + \param in pointer to ciphertext to decrypt + \param inSz length of ciphertext in bytes + \param siv pointer to the SIV to verify (16 bytes) + \param out pointer to buffer to store plaintext + + _Example_ + \code + byte key[32] = { }; // 256-bit key for AES-128-SIV + AesSivAssoc assoc[1]; + byte aad[20] = { }; // associated data + byte nonce[12] = { }; // nonce + byte ciphertext[100] = { }; // encrypted data + byte siv[16] = { }; // received SIV + byte plaintext[100]; + + assoc[0].data = aad; + assoc[0].sz = 20; + + int ret = wc_AesSivDecrypt_ex(key, 32, assoc, 1, nonce, 12, + ciphertext, 100, siv, plaintext); + if (ret != 0) { + // decryption or verification failed + } + \endcode + + \sa wc_AesSivEncrypt_ex + \sa wc_AesSivDecrypt +*/ +int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, + const AesSivAssoc* assoc, word32 numAssoc, + const byte* nonce, word32 nonceSz, const byte* in, + word32 inSz, byte* siv, byte* out); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/arc4.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/arc4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/arc4.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/arc4.h 2026-05-24 09:58:33.000000000 +0000 @@ -57,3 +57,57 @@ \sa wc_Arc4Process */ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length); + +/*! + \ingroup ARC4 + \brief This function initializes an ARC4 structure for use with + asynchronous cryptographic operations. It sets up the heap hint and + device ID for hardware acceleration support. + + \return 0 On success. + \return BAD_FUNC_ARG If arc4 is NULL. + + \param arc4 pointer to the Arc4 structure to initialize + \param heap pointer to heap hint for memory allocation (can be NULL) + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software) + + _Example_ + \code + Arc4 arc4; + int ret = wc_Arc4Init(&arc4, NULL, INVALID_DEVID); + if (ret != 0) { + // initialization failed + } + // use arc4 for encryption/decryption + wc_Arc4Free(&arc4); + \endcode + + \sa wc_Arc4SetKey + \sa wc_Arc4Free +*/ +int wc_Arc4Init(Arc4* arc4, void* heap, int devId); + +/*! + \ingroup ARC4 + \brief This function frees an ARC4 structure, releasing any resources + allocated for asynchronous cryptographic operations. It should be + called when the ARC4 structure is no longer needed. + + \return none No return value. + + \param arc4 pointer to the Arc4 structure to free + + _Example_ + \code + Arc4 arc4; + wc_Arc4Init(&arc4, NULL, INVALID_DEVID); + wc_Arc4SetKey(&arc4, key, keyLen); + // use arc4 for encryption/decryption + wc_Arc4Free(&arc4); + \endcode + + \sa wc_Arc4Init + \sa wc_Arc4SetKey +*/ +void wc_Arc4Free(Arc4* arc4); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ascon.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ascon.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ascon.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ascon.h 2026-05-24 09:58:33.000000000 +0000 @@ -466,4 +466,109 @@ */ int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag); +/*! + \ingroup ASCON + \brief This function allocates and initializes a new Ascon Hash256 + context. The returned context must be freed with wc_AsconHash256_Free + when no longer needed. + + \return Pointer to allocated wc_AsconHash256 structure on success. + \return NULL on allocation or initialization failure. + + _Example_ + \code + wc_AsconHash256* hash = wc_AsconHash256_New(); + if (hash == NULL) { + // handle allocation error + } + byte data[]; // data to hash + wc_AsconHash256_Update(hash, data, sizeof(data)); + byte digest[ASCON_HASH256_SZ]; + wc_AsconHash256_Final(hash, digest); + wc_AsconHash256_Free(hash); + \endcode + + \sa wc_AsconHash256_Free + \sa wc_AsconHash256_Init +*/ +wc_AsconHash256* wc_AsconHash256_New(void); + +/*! + \ingroup ASCON + \brief This function frees an Ascon Hash256 context that was allocated + with wc_AsconHash256_New. It clears the context before freeing to + prevent information leakage. + + \return none No return value. + + \param a pointer to the wc_AsconHash256 structure to free + + _Example_ + \code + wc_AsconHash256* hash = wc_AsconHash256_New(); + if (hash != NULL) { + // use hash context + wc_AsconHash256_Free(hash); + } + \endcode + + \sa wc_AsconHash256_New + \sa wc_AsconHash256_Clear +*/ +void wc_AsconHash256_Free(wc_AsconHash256* a); + +/*! + \ingroup ASCON + \brief This function clears an Ascon Hash256 context by zeroing all + internal state. This should be called to securely erase sensitive + data from memory. + + \return none No return value. + + \param a pointer to the wc_AsconHash256 structure to clear + + _Example_ + \code + wc_AsconHash256 hash; + wc_AsconHash256_Init(&hash); + byte data[]; // data to hash + wc_AsconHash256_Update(&hash, data, sizeof(data)); + byte digest[ASCON_HASH256_SZ]; + wc_AsconHash256_Final(&hash, digest); + wc_AsconHash256_Clear(&hash); + \endcode + + \sa wc_AsconHash256_Init + \sa wc_AsconHash256_Free +*/ +void wc_AsconHash256_Clear(wc_AsconHash256* a); + +/*! + \ingroup ASCON + \brief This function allocates and initializes a new Ascon AEAD128 + context. The returned context must be freed with wc_AsconAEAD128_Free + when no longer needed. + + \return Pointer to allocated wc_AsconAEAD128 structure on success. + \return NULL on allocation or initialization failure. + + _Example_ + \code + wc_AsconAEAD128* aead = wc_AsconAEAD128_New(); + if (aead == NULL) { + // handle allocation error + } + byte key[ASCON_AEAD128_KEY_SZ] = { }; // key + byte nonce[ASCON_AEAD128_NONCE_SZ] = { }; // nonce + wc_AsconAEAD128_SetKey(aead, key); + wc_AsconAEAD128_SetNonce(aead, nonce); + // perform encryption/decryption + wc_AsconAEAD128_Free(aead); + \endcode + + \sa wc_AsconAEAD128_Free + \sa wc_AsconAEAD128_Init +*/ +wc_AsconAEAD128* wc_AsconAEAD128_New(void); + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,309 @@ +/*! + \ingroup ASN + \brief This function converts BER (Basic Encoding Rules) formatted data + to DER (Distinguished Encoding Rules) format. BER allows indefinite + length encoding while DER requires definite lengths. This function + calculates definite lengths for all indefinite length items. + + \return 0 On success. + \return ASN_PARSE_E If the BER data is invalid. + \return BAD_FUNC_ARG If ber or derSz are NULL. + \return BUFFER_E If der is not NULL and derSz is too small. + + \param ber pointer to the buffer containing BER formatted data + \param berSz size of the BER data in bytes + \param der pointer to buffer to store DER formatted data (can be NULL + to calculate required size) + \param derSz pointer to size of der buffer; updated with actual size + needed or used + + \note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to + expose APIs marked WOLFSSL_ASN_API. + + _Example_ + \code + byte ber[256] = { }; // BER encoded data + byte der[256]; + word32 derSz = sizeof(der); + + int ret = wc_BerToDer(ber, sizeof(ber), der, &derSz); + if (ret == 0) { + // der now contains DER formatted data of length derSz + } + \endcode + + \sa wc_EncodeObjectId +*/ +int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); + +/*! + \ingroup ASN + \brief This function frees a linked list of alternative names + (DNS_entry structures). It deallocates each node and its associated + name string, IP string, and RID string if present. + + \return none No return value. + + \param altNames pointer to the head of the alternative names linked list + \param heap pointer to heap hint for memory deallocation (can be NULL) + + \note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to + expose APIs marked WOLFSSL_ASN_API. + + _Example_ + \code + DNS_entry* altNames = NULL; + // populate altNames with certificate alternative names + + FreeAltNames(altNames, NULL); + // altNames list is now freed + \endcode + + \sa AltNameNew +*/ +void FreeAltNames(DNS_entry* altNames, void* heap); + +/*! + \ingroup ASN + \brief This function sets an extended callback for handling unknown + certificate extensions during certificate parsing. The callback + receives additional context information compared to the basic + callback. + + \return 0 On success. + \return BAD_FUNC_ARG If cert is NULL. + + \param cert pointer to the DecodedCert structure + \param cb callback function to handle unknown extensions + \param ctx context pointer passed to the callback + + \note This API is not public by default. Define WOLFSSL_PUBLIC_ASN to + expose APIs marked WOLFSSL_ASN_API. + + _Example_ + \code + DecodedCert cert; + + int UnknownExtCallback(const byte* oid, word32 oidSz, int crit, + const byte* der, word32 derSz, void* ctx) { + // handle unknown extension + return 0; + } + + wc_InitDecodedCert(&cert, derCert, derCertSz, NULL); + wc_SetUnknownExtCallbackEx(&cert, UnknownExtCallback, myContext); + wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + \endcode + + \sa wc_SetUnknownExtCallback + \sa wc_InitDecodedCert +*/ +int wc_SetUnknownExtCallbackEx(DecodedCert* cert, + wc_UnknownExtCallbackEx cb, void *ctx); + +/*! + \ingroup ASN + \brief This function verifies the signature on a certificate using a + certificate manager. It checks that the certificate is properly + signed by a trusted CA. + + \return 0 On successful signature verification. + \return ASN_SIG_CONFIRM_E If signature verification fails. + \return Other negative values on error. + + \param cert pointer to the DER encoded certificate + \param certSz size of the certificate in bytes + \param heap pointer to heap hint for memory allocation (can be NULL) + \param cm pointer to certificate manager containing trusted CAs + + _Example_ + \code + byte cert[2048] = { }; // DER encoded certificate + word32 certSz = sizeof(cert); + WOLFSSL_CERT_MANAGER* cm; + + cm = wolfSSL_CertManagerNew(); + wolfSSL_CertManagerLoadCA(cm, "ca-cert.pem", NULL); + + int ret = wc_CheckCertSignature(cert, certSz, NULL, cm); + if (ret == 0) { + // certificate signature is valid + } + wolfSSL_CertManagerFree(cm); + \endcode + + \sa wolfSSL_CertManagerNew + \sa wolfSSL_CertManagerLoadCA +*/ +int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, + void* cm); + +/*! + \ingroup ASN + \brief This function encodes an array of word16 values into an ASN.1 + Object Identifier (OID) in DER format. OIDs are used to identify + algorithms, extensions, and other objects in certificates and + cryptographic protocols. + + \return 0 On success. + \return BAD_FUNC_ARG If in, inSz, or outSz are invalid. + \return BUFFER_E If out is not NULL and outSz is too small. + + \param in pointer to array of word16 values representing OID components + \param inSz number of components in the OID + \param out pointer to buffer to store encoded OID (can be NULL to + calculate size) + \param outSz pointer to size of out buffer; updated with actual size + + _Example_ + \code + word16 oid[] = {1, 2, 840, 113549, 1, 1, 11}; // sha256WithRSAEncryption + byte encoded[32]; + word32 encodedSz = sizeof(encoded); + + int ret = wc_EncodeObjectId(oid, sizeof(oid)/sizeof(word16), + encoded, &encodedSz); + if (ret == 0) { + // encoded contains DER encoded OID + } + \endcode + + \sa wc_BerToDer +*/ +int wc_EncodeObjectId(const word16* in, word32 inSz, byte* out, + word32* outSz); + +/*! + \ingroup ASN + \brief This function sets the algorithm identifier in DER format. It + encodes the algorithm OID and optional parameters based on the + algorithm type and curve size. + + \return Length of the encoded algorithm identifier on success. + \return Negative value on error. + + \param algoOID algorithm object identifier constant + \param output pointer to buffer to store encoded algorithm ID + \param type type of encoding (oidSigType, oidHashType, etc.) + \param curveSz size of the curve for ECC algorithms (0 for non-ECC) + + _Example_ + \code + byte algId[32]; + word32 len; + + len = SetAlgoID(CTC_SHA256wRSA, algId, oidSigType, 0); + if (len > 0) { + // algId contains encoded algorithm identifier + } + \endcode + + \sa wc_EncodeObjectId +*/ +word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); + +/*! + \ingroup ASN + \brief This function decodes a DER encoded Diffie-Hellman public key. + It extracts the public key value from the DER encoding and stores it + in the DhKey structure. + + \return 0 On success. + \return BAD_FUNC_ARG If input, inOutIdx, key, or inSz are invalid. + \return ASN_PARSE_E If the DER encoding is invalid. + \return Other negative values on error. + + \param input pointer to buffer containing DER encoded public key + \param inOutIdx pointer to index in buffer; updated to end of key + \param key pointer to DhKey structure to store decoded public key + \param inSz size of the input buffer + + _Example_ + \code + byte derKey[256] = { }; // DER encoded DH public key + word32 idx = 0; + DhKey key; + + wc_InitDhKey(&key); + int ret = wc_DhPublicKeyDecode(derKey, &idx, &key, sizeof(derKey)); + if (ret == 0) { + // key now contains the decoded public key + } + wc_FreeDhKey(&key); + \endcode + + \sa wc_InitDhKey + \sa wc_DhKeyDecode +*/ +int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, + word32 inSz); + +/*! + \ingroup CertManager + \brief Sign a certificate or CSR using a callback function. + + This function signs a certificate or Certificate Signing Request (CSR) + using a user-provided signing callback. This allows external signing + implementations (e.g., TPM, HSM) without requiring the crypto callback + infrastructure, making it suitable for FIPS-compliant applications. + + The function performs the following: + 1. Hashes the certificate/CSR body according to the signature algorithm + 2. Encodes the hash (RSA) or prepares it for signing (ECC) + 3. Calls the user-provided callback to perform the actual signing + 4. Encodes the signature into the certificate/CSR DER structure + + NOTE: Only RSA and ECC key types are supported. Ed25519, Ed448, and + post-quantum algorithms (Falcon, Dilithium, SPHINCS+) sign messages + directly rather than hashes, so they cannot use this callback-based API. + Use wc_SignCert_ex for those algorithms. + + NOTE: This function does NOT support async crypto (WOLFSSL_ASYNC_CRYPT). + The internal context is local to this function and cannot persist across + async re-entry. + + \param requestSz Size of the certificate body to sign (from Cert.bodySz). + \param sType Signature algorithm type (e.g., CTC_SHA256wRSA, + CTC_SHA256wECDSA). + \param buf Buffer containing the certificate/CSR DER data to sign. + \param buffSz Total size of the buffer (must be large enough for signature). + \param keyType Type of key used for signing. Only RSA_TYPE and ECC_TYPE + are supported. + \param signCb User-provided signing callback function. + \param signCtx Context pointer passed to the signing callback. + \param rng Random number generator (may be NULL if not needed). + + \return Size of the signed certificate/CSR on success. + \return BAD_FUNC_ARG if signCb or buf is NULL, buffSz is 0, or keyType + is not RSA_TYPE or ECC_TYPE. + \return BUFFER_E if the buffer is too small for the signed certificate. + \return MEMORY_E if memory allocation fails. + \return Negative error code on other failures. + + _Example_ + \code + Cert cert; + byte derBuf[4096]; + int derSz; + MySignCtx myCtx; + + wc_InitCert(&cert); + + derSz = wc_MakeCert(&cert, derBuf, sizeof(derBuf), NULL, NULL, &rng); + + derSz = wc_SignCert_cb(cert.bodySz, cert.sigType, derBuf, sizeof(derBuf), + RSA_TYPE, mySignCallback, &myCtx, &rng); + if (derSz > 0) { + printf("Signed certificate is %d bytes\n", derSz); + } + \endcode + + \sa wc_SignCertCb + \sa wc_SignCert + \sa wc_SignCert_ex + \sa wc_MakeCert + \sa wc_MakeCertReq +*/ +int wc_SignCert_cb(int requestSz, int sType, byte* buf, word32 buffSz, + int keyType, wc_SignCertCb signCb, void* signCtx, + WC_RNG* rng); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn_public.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn_public.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn_public.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/asn_public.h 2026-05-24 09:58:33.000000000 +0000 @@ -19,7 +19,7 @@ \sa wc_MakeCert \sa wc_MakeCertReq */ -int wc_InitCert(Cert*); +int wc_InitCert(Cert* cert); /*! \ingroup ASN @@ -54,6 +54,31 @@ Cert* wc_CertNew(void* heap); /*! + \ingroup ASN + \brief Initializes certificate with heap hint and device ID. + + \return 0 on success + \return BAD_FUNC_ARG if cert is NULL + + \param cert Cert structure to initialize + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + + _Example_ + \code + Cert myCert; + int ret = wc_InitCert_ex(&myCert, NULL, INVALID_DEVID); + if (ret != 0) { + // error initializing cert + } + \endcode + + \sa wc_InitCert + \sa wc_MakeCert_ex +*/ +int wc_InitCert_ex(Cert* cert, void* heap, int devId); + +/*! \ingroup ASN \brief This function frees the memory allocated for a cert structure @@ -129,6 +154,248 @@ /*! \ingroup ASN + \brief Makes certificate with generic key type support. + + \return Size of certificate on success + \return MEMORY_E if memory allocation fails + \return BUFFER_E if buffer too small + \return Other error codes on failure + + \param cert Initialized cert structure + \param derBuffer Buffer for generated certificate + \param derSz Size of derBuffer + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + \param rng Random number generator + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + byte derCert[4096]; + RsaKey key; + WC_RNG rng; + int certSz = wc_MakeCert_ex(&myCert, derCert, sizeof(derCert), + RSA_TYPE, &key, &rng); + \endcode + + \sa wc_MakeCert + \sa wc_SignCert_ex +*/ +int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key, WC_RNG* rng); + +/*! + \ingroup ASN + \brief Makes certificate request with generic key type support. + + \return Size of certificate request on success + \return MEMORY_E if memory allocation fails + \return BUFFER_E if buffer too small + \return Other error codes on failure + + \param cert Initialized cert structure + \param derBuffer Buffer for generated certificate request + \param derSz Size of derBuffer + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + byte derCert[4096]; + EccKey key; + int certSz = wc_MakeCertReq_ex(&myCert, derCert, sizeof(derCert), + ECC_TYPE, &key); + \endcode + + \sa wc_MakeCertReq + \sa wc_SignCert_ex +*/ +int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, + int keyType, void* key); + +/*! + \ingroup ASN + \brief Signs certificate with generic key type support. + + \return New size of certificate with signature on success + \return MEMORY_E if memory allocation fails + \return BUFFER_E if buffer too small + \return Other error codes on failure + + \param requestSz Size of certificate body to sign + \param sType Signature type + \param buf Buffer containing certificate to sign + \param buffSz Total size of buffer + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + \param rng Random number generator + + _Example_ + \code + Cert myCert; + byte derCert[4096]; + RsaKey key; + WC_RNG rng; + // Initialize cert and set fields (issuer, subject, dates, etc.) + wc_InitCert(&myCert); + // ... set myCert fields ... + // Generate certificate body (TBS - To Be Signed) + int bodySz = wc_MakeCert_ex(&myCert, derCert, sizeof(derCert), + RSA_TYPE, &key, &rng); + if (bodySz > 0) { + // bodySz is the size of the unsigned certificate body + // Sign the certificate body and append signature + int certSz = wc_SignCert_ex(bodySz, CTC_SHA256wRSA, + derCert, sizeof(derCert), RSA_TYPE, + &key, &rng); + // derCert now contains complete signed certificate of size certSz + } + \endcode + + \sa wc_SignCert + \sa wc_MakeCert_ex +*/ +int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz, + int keyType, void* key, WC_RNG* rng); + +/*! + \ingroup ASN + \brief Makes signature with bit string encoding. This function is used + for dual algorithm certificate signing, where an alternative signature + is created using a secondary key algorithm (e.g., a post-quantum algorithm + alongside a traditional algorithm). + + \note This API is only available when WOLFSSL_DUAL_ALG_CERTS is defined, + which enables support for dual algorithm certificates used in Post-Quantum + cryptography to provide hybrid signing with both traditional and PQ + algorithms. + + \return Size of signature on success + \return Negative on error + + \param sig Output buffer for signature + \param sigSz Size of signature buffer + \param sType Signature type + \param buf Data to sign (typically the TBS - To Be Signed - + certificate data) + \param bufSz Size of data + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + \param rng Random number generator + + _Example_ + \code + byte sig[512], data[256]; + RsaKey key; + WC_RNG rng; + int sigSz = wc_MakeSigWithBitStr(sig, sizeof(sig), CTC_SHA256wRSA, + data, sizeof(data), RSA_TYPE, + &key, &rng); + \endcode + + \sa wc_SignCert_ex + \sa wc_GeneratePreTBS +*/ +int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, + word32 bufSz, int keyType, void* key, + WC_RNG* rng); + +/*! + \ingroup ASN + \brief Gets certificate validity dates. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + + \param cert Certificate structure + \param before Output for notBefore date + \param after Output for notAfter date + + _Example_ + \code + Cert myCert; + struct tm beforeDate, afterDate; + int ret = wc_GetCertDates(&myCert, &beforeDate, &afterDate); + \endcode + + \sa wc_InitCert +*/ +int wc_GetCertDates(Cert* cert, struct tm* before, struct tm* after); + +/*! + \ingroup ASN + \brief Extracts date information from certificate date field. This + function parses an ASN.1 encoded date (including tag and length) and + returns a pointer to the raw date value bytes, the ASN.1 time type, + and the length of the date value. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return ASN_PARSE_E if date parsing fails + + \param certDate Certificate date buffer containing ASN.1 encoded date + (tag + length + value) + \param certDateSz Size of certificate date buffer + \param date Output pointer set to the raw date value bytes (without + tag/length) + \param format Output byte indicating ASN.1 time type: ASN_UTC_TIME + (0x17) or ASN_GENERALIZED_TIME (0x18) + \param length Output length of the raw date value in bytes + + _Example_ + \code + const byte* certDate; + const byte* date; + byte format; + int length; + int ret = wc_GetDateInfo(certDate, certDateSz, &date, + &format, &length); + if (ret == 0) { + // date points to raw time bytes, format indicates UTC or + // Generalized time, length is the number of date value bytes + } + \endcode + + \sa wc_GetCertDates + \sa wc_GetDateAsCalendarTime +*/ +int wc_GetDateInfo(const byte* certDate, int certDateSz, + const byte** date, byte* format, int* length); + +/*! + \ingroup ASN + \brief Converts certificate date to calendar time structure. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return ASN_TIME_E if time conversion fails + + \param date Date buffer + \param length Length of date buffer + \param format Date format (ASN_UTC_TIME or ASN_GENERALIZED_TIME) + \param timearg Pointer to tm structure to fill + + _Example_ + \code + const byte* date; + int length; + byte format; + struct tm timeInfo; + int ret = wc_GetDateAsCalendarTime(date, length, format, + &timeInfo); + \endcode + + \sa wc_GetDateInfo + \sa wc_GetCertDates +*/ +int wc_GetDateAsCalendarTime(const byte* date, int length, + byte format, struct tm* timearg); + +/*! + \ingroup ASN \brief This function makes a certificate signing request using the input certificate and writes the output to derBuffer. It takes in either an @@ -900,6 +1167,32 @@ /*! \ingroup ASN + \brief Sets authority key ID from public key with generic key type. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return MEMORY_E if memory allocation fails + + \param cert Certificate structure + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + RsaKey key; + int ret = wc_SetAuthKeyIdFromPublicKey_ex(&myCert, RSA_TYPE, + &key); + \endcode + + \sa wc_SetAuthKeyIdFromPublicKey +*/ +int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); + +/*! + \ingroup ASN \brief Set AKID from from DER encoded certificate. @@ -991,6 +1284,33 @@ /*! \ingroup ASN + \brief Sets subject key ID from public key with generic key type. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return MEMORY_E if memory allocation fails + \return PUBLIC_KEY_E if error getting public key + + \param cert Certificate structure + \param keyType Key type (RSA_TYPE, ECC_TYPE, ED25519_TYPE, etc.) + \param key Pointer to key structure + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + EccKey key; + int ret = wc_SetSubjectKeyIdFromPublicKey_ex(&myCert, ECC_TYPE, + &key); + \endcode + + \sa wc_SetSubjectKeyIdFromPublicKey +*/ +int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, + void* key); + +/*! + \ingroup ASN \brief Set SKID from public key file in PEM format. Both arguments are required. @@ -1055,6 +1375,58 @@ /*! \ingroup ASN + \brief Sets extended key usage using comma-delimited string. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return MEMORY_E if memory allocation fails + + \param cert Certificate structure + \param value Comma-delimited string of extended key usage values + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + int ret = wc_SetExtKeyUsage(&myCert, + "serverAuth,clientAuth"); + \endcode + + \sa wc_SetKeyUsage + \sa wc_SetExtKeyUsageOID +*/ +int wc_SetExtKeyUsage(Cert *cert, const char *value); + +/*! + \ingroup ASN + \brief Sets extended key usage using OID string. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + \return MEMORY_E if memory allocation fails + + \param cert Certificate structure + \param oid OID string + \param sz Length of OID string + \param idx Index for multiple OIDs + \param heap Heap hint for memory allocation + + _Example_ + \code + Cert myCert; + wc_InitCert(&myCert); + const char* oid = "1.3.6.1.5.5.7.3.1"; + int ret = wc_SetExtKeyUsageOID(&myCert, oid, strlen(oid), + 0, NULL); + \endcode + + \sa wc_SetExtKeyUsage +*/ +int wc_SetExtKeyUsageOID(Cert *cert, const char *oid, word32 sz, + byte idx, void* heap); + +/*! + \ingroup ASN \brief Loads a PEM key from a file and converts to a DER encoded buffer. @@ -1086,6 +1458,31 @@ /*! \ingroup ASN + \brief Loads PEM public key from file to DER buffer. + + \return 0 on success + \return negative on error + + \param fileName Path to PEM file + \param der Pointer to DerBuffer pointer to allocate + + _Example_ + \code + DerBuffer* der = NULL; + int ret = wc_PemPubKeyToDer_ex("pubkey.pem", &der); + if (ret == 0) { + // Use der->buffer and der->length + wc_FreeDer(&der); + } + \endcode + + \sa wc_PemPubKeyToDer + \sa wc_FreeDer +*/ +int wc_PemPubKeyToDer_ex(const char* fileName, DerBuffer** der); + +/*! + \ingroup ASN \brief Convert a PEM encoded public key to DER. Returns the number of bytes written to the buffer or a negative value for an error. @@ -1118,6 +1515,111 @@ /*! \ingroup ASN + \brief Gets PEM header and footer strings for given type. + + \return 0 on success + \return BAD_FUNC_ARG if parameters invalid + + \param type PEM type (CERT_TYPE, PRIVATEKEY_TYPE, etc.) + \param header Pointer to header string pointer + \param footer Pointer to footer string pointer + + _Example_ + \code + const char* header; + const char* footer; + int ret = wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer); + \endcode + + \sa wc_PemToDer +*/ +int wc_PemGetHeaderFooter(int type, const char** header, + const char** footer); + +/*! + \ingroup ASN + \brief Allocates DER buffer with specified length and type. + + \return 0 on success + \return BAD_FUNC_ARG if pDer is NULL + \return MEMORY_E if allocation fails + + \param pDer Pointer to DerBuffer pointer to allocate + \param length Length of buffer to allocate + \param type Buffer type for tracking + \param heap Heap hint for memory allocation + + _Example_ + \code + DerBuffer* der = NULL; + int ret = wc_AllocDer(&der, 1024, CERT_TYPE, NULL); + if (ret == 0) { + // Use der->buffer + wc_FreeDer(&der); + } + \endcode + + \sa wc_FreeDer +*/ +int wc_AllocDer(DerBuffer** pDer, word32 length, int type, + void* heap); + +/*! + \ingroup ASN + \brief Frees DER buffer allocated by wc_AllocDer or wc_PemToDer. + + \param pDer Pointer to DerBuffer pointer to free + + _Example_ + \code + DerBuffer* der = NULL; + wc_AllocDer(&der, 1024, CERT_TYPE, NULL); + // Use der + wc_FreeDer(&der); + \endcode + + \sa wc_AllocDer + \sa wc_PemToDer +*/ +void wc_FreeDer(DerBuffer** pDer); + +/*! + \ingroup ASN + \brief Converts PEM to DER format with encryption info support. + + \return 0 on success + \return negative on error + + \param buff PEM buffer + \param longSz Size of PEM buffer + \param type PEM type (CERT_TYPE, PRIVATEKEY_TYPE, etc.) + \param pDer Pointer to DerBuffer pointer to allocate + \param heap Heap hint for memory allocation + \param info Encryption info for encrypted PEM + \param keyFormat Pointer to store key format + + _Example_ + \code + const unsigned char* pem; + DerBuffer* der = NULL; + EncryptedInfo info; + int keyFormat; + int ret = wc_PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, + NULL, &info, &keyFormat); + if (ret == 0) { + wc_FreeDer(&der); + } + \endcode + + \sa wc_PemCertToDer + \sa wc_FreeDer +*/ +int wc_PemToDer(const unsigned char* buff, long longSz, int type, + DerBuffer** pDer, void* heap, EncryptedInfo* info, + int* keyFormat); + +/*! + \ingroup ASN \brief This function converts a pem certificate to a der certificate, and places the resulting certificate in the derBuf buffer provided. @@ -1310,6 +1812,138 @@ unsigned char* buff, int buffSz, int type); /*! + \ingroup ASN + \brief Loads PEM certificate from file to DER buffer. + + \return 0 on success + \return negative on error + + \param fileName Path to PEM certificate file + \param der Pointer to DerBuffer pointer to allocate + + _Example_ + \code + DerBuffer* der = NULL; + int ret = wc_PemCertToDer_ex("cert.pem", &der); + if (ret == 0) { + // Use der->buffer and der->length + wc_FreeDer(&der); + } + \endcode + + \sa wc_CertPemToDer + \sa wc_FreeDer +*/ +int wc_PemCertToDer_ex(const char* fileName, DerBuffer** der); + +/*! + \ingroup ASN + \brief Adds PKCS padding to buffer for RSA encryption. + + \return Padded size on success + \return 0 on error + + \param buf Buffer to pad + \param sz Current size of data in buffer + \param blockSz Block size for padding + + _Example_ + \code + byte buffer[256]; + word32 dataSz = 100; + word32 paddedSz = wc_PkcsPad(buffer, dataSz, 256); + \endcode + + \sa wc_RsaPublicEncrypt +*/ +word32 wc_PkcsPad(byte* buf, word32 sz, word32 blockSz); + +/*! + \ingroup RSA + \brief Decodes RSA public key and extracts modulus and exponent. + + \return 0 on success + \return negative on error + + \param input DER encoded RSA public key buffer + \param inOutIdx Pointer to index in buffer + \param inSz Size of input buffer + \param n Pointer to modulus pointer + \param nSz Pointer to modulus size + \param e Pointer to exponent pointer + \param eSz Pointer to exponent size + + _Example_ + \code + const byte* n; + const byte* e; + word32 nSz, eSz, idx = 0; + int ret = wc_RsaPublicKeyDecode_ex(derBuf, &idx, derSz, + &n, &nSz, &e, &eSz); + \endcode + + \sa wc_RsaPublicKeyDecode +*/ +int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, + word32 inSz, const byte** n, word32* nSz, + const byte** e, word32* eSz); + +/*! + \ingroup RSA + \brief Calculates DER encoded RSA public key size. + + \return Size on success + \return negative on error + + \param key RSA key structure + \param with_header Include sequence header if non-zero + + _Example_ + \code + RsaKey key; + int derSz = wc_RsaPublicKeyDerSize(&key, 1); + \endcode + + \sa wc_RsaKeyToDer +*/ +int wc_RsaPublicKeyDerSize(RsaKey* key, int with_header); + +/*! + \ingroup RSA + \brief Validates DER encoded RSA private key format. This function + validates the ASN.1 syntax and structure of the RSA private key + (sequences, integer tags, and lengths) without loading the key values + into an RsaKey structure. It does not perform mathematical validation + of the RSA key parameters (e.g., checking if p and q are prime, or if + the key components satisfy RSA mathematical relationships). + + \return 0 on success (valid ASN.1 structure) + \return ASN_PARSE_E if ASN.1 parsing fails + \return ASN_RSA_KEY_E if RSA key structure is invalid + \return BAD_FUNC_ARG if parameters are invalid + + \param input DER encoded RSA private key buffer + \param inOutIdx Pointer to index in buffer (updated on success) + \param keySz Pointer to store modulus size in bytes + \param inSz Size of input buffer + + _Example_ + \code + word32 idx = 0; + int keySz; + int ret = wc_RsaPrivateKeyValidate(derBuf, &idx, &keySz, + derSz); + if (ret == 0) { + // ASN.1 structure is valid, keySz contains modulus size + } + \endcode + + \sa wc_RsaPrivateKeyDecode +*/ +int wc_RsaPrivateKeyValidate(const byte* input, word32* inOutIdx, + int* keySz, word32 inSz); + +/*! \ingroup CertsKeys \brief This function gets the public key in DER format from a populated @@ -1333,6 +1967,145 @@ byte* derKey, word32* derKeySz); /*! + \ingroup DSA + \brief Decodes DSA parameters from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded DSA parameters buffer + \param inOutIdx Pointer to index in buffer + \param key DSA key structure to store parameters + \param inSz Size of input buffer + + _Example_ + \code + DsaKey key; + word32 idx = 0; + int ret = wc_DsaParamsDecode(derBuf, &idx, &key, derSz); + \endcode + + \sa wc_DsaKeyToParamsDer +*/ +int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, + DsaKey* key, word32 inSz); + +/*! + \ingroup DSA + \brief Encodes DSA parameters to DER format. + + \return Size on success + \return negative on error + + \param key DSA key structure with parameters + \param output Buffer for DER encoded parameters + \param inLen Size of output buffer + + _Example_ + \code + DsaKey key; + byte der[1024]; + int derSz = wc_DsaKeyToParamsDer(&key, der, sizeof(der)); + \endcode + + \sa wc_DsaParamsDecode +*/ +int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen); + +/*! + \ingroup DSA + \brief Encodes DSA parameters to DER with size output. + + \return 0 on success + \return negative on error + + \param key DSA key structure with parameters + \param output Buffer for DER encoded parameters + \param inLen Pointer to buffer size (in/out) + + _Example_ + \code + DsaKey key; + byte der[1024]; + word32 derSz = sizeof(der); + int ret = wc_DsaKeyToParamsDer_ex(&key, der, &derSz); + \endcode + + \sa wc_DsaKeyToParamsDer +*/ +int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, + word32* inLen); + +/*! + \ingroup DH + \brief Encodes DH parameters to DER format. + + \return 0 on success + \return negative on error + + \param key DH key structure with parameters + \param out Buffer for DER encoded parameters + \param outSz Pointer to buffer size (in/out) + + _Example_ + \code + DhKey key; + byte der[1024]; + word32 derSz = sizeof(der); + int ret = wc_DhParamsToDer(&key, der, &derSz); + \endcode + + \sa wc_DhKeyToDer +*/ +int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz); + +/*! + \ingroup DH + \brief Encodes DH public key to DER format. + + \return 0 on success + \return negative on error + + \param key DH key structure with public key + \param out Buffer for DER encoded public key + \param outSz Pointer to buffer size (in/out) + + _Example_ + \code + DhKey key; + byte der[1024]; + word32 derSz = sizeof(der); + int ret = wc_DhPubKeyToDer(&key, der, &derSz); + \endcode + + \sa wc_DhKeyToDer +*/ +int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz); + +/*! + \ingroup DH + \brief Encodes DH private key to DER format. + + \return 0 on success + \return negative on error + + \param key DH key structure with private key + \param out Buffer for DER encoded private key + \param outSz Pointer to buffer size (in/out) + + _Example_ + \code + DhKey key; + byte der[1024]; + word32 derSz = sizeof(der); + int ret = wc_DhPrivKeyToDer(&key, der, &derSz); + \endcode + + \sa wc_DhKeyToDer +*/ +int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); + +/*! \ingroup ASN \brief This function reads in an ECC private key from the input buffer, @@ -1393,6 +2166,117 @@ ecc_key* key, word32 inSz); /*! + \ingroup ECC + \brief Encodes ECC private key to DER format. + + \return Size on success + \return negative on error + + \param key ECC key structure with private key + \param output Buffer for DER encoded private key + \param inLen Size of output buffer + + _Example_ + \code + ecc_key key; + byte der[1024]; + int derSz = wc_EccPrivateKeyToDer(&key, der, sizeof(der)); + \endcode + + \sa wc_EccPrivateKeyDecode +*/ +int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, + word32 inLen); + +/*! + \ingroup ECC + \brief Calculates DER encoded ECC key size. + + \return Size on success + \return negative on error + + \param key ECC key structure + \param pub Non-zero to include public key + + _Example_ + \code + ecc_key key; + int derSz = wc_EccKeyDerSize(&key, 1); + \endcode + + \sa wc_EccPrivateKeyToDer +*/ +int wc_EccKeyDerSize(ecc_key* key, int pub); + +/*! + \ingroup ECC + \brief Encodes ECC private key to PKCS#8 format. + + \return Size on success + \return negative on error + + \param key ECC key structure with private key + \param output Buffer for PKCS#8 encoded key + \param inLen Pointer to buffer size (in/out) + + _Example_ + \code + ecc_key key; + byte pkcs8[1024]; + word32 pkcs8Sz = sizeof(pkcs8); + int ret = wc_EccPrivateKeyToPKCS8(&key, pkcs8, &pkcs8Sz); + \endcode + + \sa wc_EccPrivateKeyToDer +*/ +int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, + word32* inLen); + +/*! + \ingroup ECC + \brief Encodes ECC key pair to PKCS#8 format. + + \return Size on success + \return negative on error + + \param key ECC key structure with key pair + \param output Buffer for PKCS#8 encoded key + \param inLen Pointer to buffer size (in/out) + + _Example_ + \code + ecc_key key; + byte pkcs8[1024]; + word32 pkcs8Sz = sizeof(pkcs8); + int ret = wc_EccKeyToPKCS8(&key, pkcs8, &pkcs8Sz); + \endcode + + \sa wc_EccPrivateKeyToPKCS8 +*/ +int wc_EccKeyToPKCS8(ecc_key* key, byte* output, + word32* inLen); + +/*! + \ingroup ECC + \brief Calculates DER encoded ECC public key size. + + \return Size on success + \return negative on error + + \param key ECC key structure + \param with_AlgCurve Include algorithm and curve if non-zero + + _Example_ + \code + ecc_key key; + int derSz = wc_EccPublicKeyDerSize(&key, 1); + \endcode + + \sa wc_EccPublicKeyToDer +*/ +int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve); + +/*! \ingroup ASN \brief This function writes a private ECC key to der format. @@ -1771,6 +2655,345 @@ int withAlg); /*! + \ingroup Ed25519 + \brief Decodes Ed25519 private key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Ed25519 private key buffer + \param inOutIdx Pointer to index in buffer + \param key Ed25519 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + ed25519_key key; + word32 idx = 0; + int ret = wc_Ed25519PrivateKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Ed25519PrivateKeyToDer +*/ +int wc_Ed25519PrivateKeyDecode(const byte* input, word32* inOutIdx, + ed25519_key* key, word32 inSz); + +/*! + \ingroup Ed25519 + \brief Decodes Ed25519 public key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Ed25519 public key buffer + \param inOutIdx Pointer to index in buffer + \param key Ed25519 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + ed25519_key key; + word32 idx = 0; + int ret = wc_Ed25519PublicKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Ed25519PublicKeyToDer +*/ +int wc_Ed25519PublicKeyDecode(const byte* input, word32* inOutIdx, + ed25519_key* key, word32 inSz); + +/*! + \ingroup Ed25519 + \brief Encodes Ed25519 key to DER format. + + \return Size on success + \return negative on error + + \param key Ed25519 key structure + \param output Buffer for DER encoded key + \param inLen Size of output buffer + + _Example_ + \code + ed25519_key key; + byte der[1024]; + int derSz = wc_Ed25519KeyToDer(&key, der, sizeof(der)); + \endcode + + \sa wc_Ed25519PrivateKeyToDer +*/ +int wc_Ed25519KeyToDer(const ed25519_key* key, byte* output, + word32 inLen); + +/*! + \ingroup Ed25519 + \brief Encodes Ed25519 private key to DER format. + + \return Size on success + \return negative on error + + \param key Ed25519 key structure with private key + \param output Buffer for DER encoded private key + \param inLen Size of output buffer + + _Example_ + \code + ed25519_key key; + byte der[1024]; + int derSz = wc_Ed25519PrivateKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Ed25519PrivateKeyDecode +*/ +int wc_Ed25519PrivateKeyToDer(const ed25519_key* key, byte* output, + word32 inLen); + +/*! + \ingroup Ed25519 + \brief Encodes Ed25519 public key to DER format. + + \return Size on success + \return negative on error + + \param key Ed25519 key structure with public key + \param output Buffer for DER encoded public key + \param inLen Size of output buffer + + _Example_ + \code + ed25519_key key; + byte der[1024]; + int derSz = wc_Ed25519PublicKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Ed25519PublicKeyDecode +*/ +int wc_Ed25519PublicKeyToDer(const ed25519_key* key, byte* output, + int inLen); + +/*! + \ingroup Ed448 + \brief Decodes Ed448 private key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Ed448 private key buffer + \param inOutIdx Pointer to index in buffer + \param key Ed448 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + ed448_key key; + word32 idx = 0; + int ret = wc_Ed448PrivateKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Ed448PrivateKeyToDer +*/ +int wc_Ed448PrivateKeyDecode(const byte* input, word32* inOutIdx, + ed448_key* key, word32 inSz); + +/*! + \ingroup Ed448 + \brief Decodes Ed448 public key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Ed448 public key buffer + \param inOutIdx Pointer to index in buffer + \param key Ed448 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + ed448_key key; + word32 idx = 0; + int ret = wc_Ed448PublicKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Ed448PublicKeyToDer +*/ +int wc_Ed448PublicKeyDecode(const byte* input, word32* inOutIdx, + ed448_key* key, word32 inSz); + +/*! + \ingroup Ed448 + \brief Encodes Ed448 key to DER format. + + \return Size on success + \return negative on error + + \param key Ed448 key structure + \param output Buffer for DER encoded key + \param inLen Size of output buffer + + _Example_ + \code + ed448_key key; + byte der[1024]; + int derSz = wc_Ed448KeyToDer(&key, der, sizeof(der)); + \endcode + + \sa wc_Ed448PrivateKeyToDer +*/ +int wc_Ed448KeyToDer(ed448_key* key, byte* output, word32 inLen); + +/*! + \ingroup Ed448 + \brief Encodes Ed448 private key to DER format. + + \return Size on success + \return negative on error + + \param key Ed448 key structure with private key + \param output Buffer for DER encoded private key + \param inLen Size of output buffer + + _Example_ + \code + ed448_key key; + byte der[1024]; + int derSz = wc_Ed448PrivateKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Ed448PrivateKeyDecode +*/ +int wc_Ed448PrivateKeyToDer(ed448_key* key, byte* output, + word32 inLen); + +/*! + \ingroup Ed448 + \brief Encodes Ed448 public key to DER format. + + \return Size on success + \return negative on error + + \param key Ed448 key structure with public key + \param output Buffer for DER encoded public key + \param inLen Size of output buffer + + _Example_ + \code + ed448_key key; + byte der[1024]; + int derSz = wc_Ed448PublicKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Ed448PublicKeyDecode +*/ +int wc_Ed448PublicKeyToDer(ed448_key* key, byte* output, + int inLen); + +/*! + \ingroup Curve448 + \brief Decodes Curve448 private key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Curve448 private key buffer + \param inOutIdx Pointer to index in buffer + \param key Curve448 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + curve448_key key; + word32 idx = 0; + int ret = wc_Curve448PrivateKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Curve448PrivateKeyToDer +*/ +int wc_Curve448PrivateKeyDecode(const byte* input, word32* inOutIdx, + curve448_key* key, word32 inSz); + +/*! + \ingroup Curve448 + \brief Decodes Curve448 public key from DER format. + + \return 0 on success + \return negative on error + + \param input DER encoded Curve448 public key buffer + \param inOutIdx Pointer to index in buffer + \param key Curve448 key structure to store key + \param inSz Size of input buffer + + _Example_ + \code + curve448_key key; + word32 idx = 0; + int ret = wc_Curve448PublicKeyDecode(derBuf, &idx, &key, + derSz); + \endcode + + \sa wc_Curve448PublicKeyToDer +*/ +int wc_Curve448PublicKeyDecode(const byte* input, word32* inOutIdx, + curve448_key* key, word32 inSz); + +/*! + \ingroup Curve448 + \brief Encodes Curve448 private key to DER format. + + \return Size on success + \return negative on error + + \param key Curve448 key structure with private key + \param output Buffer for DER encoded private key + \param inLen Size of output buffer + + _Example_ + \code + curve448_key key; + byte der[1024]; + int derSz = wc_Curve448PrivateKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Curve448PrivateKeyDecode +*/ +int wc_Curve448PrivateKeyToDer(curve448_key* key, byte* output, + word32 inLen); + +/*! + \ingroup Curve448 + \brief Encodes Curve448 public key to DER format. + + \return Size on success + \return negative on error + + \param key Curve448 key structure with public key + \param output Buffer for DER encoded public key + \param inLen Size of output buffer + + _Example_ + \code + curve448_key key; + byte der[1024]; + int derSz = wc_Curve448PublicKeyToDer(&key, der, + sizeof(der)); + \endcode + + \sa wc_Curve448PublicKeyDecode +*/ +int wc_Curve448PublicKeyToDer(curve448_key* key, byte* output, + word32 inLen); + +/*! \ingroup ASN \brief This function encodes a digital signature into the output buffer, @@ -2015,9 +3238,316 @@ /*! \ingroup ASN + \brief Encrypts PKCS#8 key with extended parameters. + + \return Size on success + \return negative on error + + \param key Private key buffer + \param keySz Size of private key + \param out Output buffer for encrypted key + \param outSz Pointer to output buffer size (in/out) + \param password Password for encryption + \param passwordSz Password length + \param vPKCS PKCS version + \param pbeOid PBE algorithm OID + \param encAlgId Encryption algorithm ID + \param salt Salt buffer + \param saltSz Salt size + \param itt Iteration count + \param rng Random number generator + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + + _Example_ + \code + byte key[256], encrypted[512]; + word32 encSz = sizeof(encrypted); + WC_RNG rng; + int ret = wc_EncryptPKCS8Key_ex(key, keySz, encrypted, + &encSz, "password", 8, + PKCS5, PBES2, AES256CBCb, + NULL, 0, 2048, &rng, NULL, + INVALID_DEVID); + \endcode + + \sa wc_EncryptPKCS8Key +*/ +int wc_EncryptPKCS8Key_ex(byte* key, word32 keySz, byte* out, + word32* outSz, const char* password, + int passwordSz, int vPKCS, int pbeOid, + int encAlgId, byte* salt, word32 saltSz, + int itt, WC_RNG* rng, void* heap, + int devId); + +/*! + \ingroup ASN + \brief Gets current time for certificate operations. + + \return 0 on success + \return negative on error + + \param timePtr Pointer to time buffer + \param timeSize Size of time buffer + + _Example_ + \code + time_t currentTime; + int ret = wc_GetTime(¤tTime, sizeof(currentTime)); + \endcode + + \sa wc_GetDateInfo +*/ +int wc_GetTime(void* timePtr, word32 timeSize); + +/*! + \ingroup ASN + \brief Gets encryption info from encrypted PEM. + + \return 0 on success + \return negative on error + + \param info EncryptedInfo structure to populate + \param cipherName Cipher name string + + _Example_ + \code + EncryptedInfo info; + int ret = wc_EncryptedInfoGet(&info, "AES-256-CBC"); + \endcode + + \sa wc_PemToDer +*/ +int wc_EncryptedInfoGet(EncryptedInfo* info, + const char* cipherName); + +/*! + \ingroup ASN + \brief Parses PIV certificate format. + + \return 0 on success + \return negative on error + + \param cert PIV certificate structure to populate + \param buf Buffer containing PIV certificate + \param totalSz Size of buffer + + _Example_ + \code + wc_CertPIV cert; + int ret = wc_ParseCertPIV(&cert, pivBuf, pivSz); + \endcode + + \sa wc_InitDecodedCert +*/ +int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, + word32 totalSz); + +/*! + \ingroup ASN + \brief Extracts subject public key info from certificate. + + \return Size on success + \return negative on error + + \param certDer DER encoded certificate buffer + \param certDerSz Size of certificate + \param pubKeyDer Output buffer for public key + \param pubKeyDerSz Pointer to output buffer size (in/out) + + _Example_ + \code + byte pubKey[1024]; + word32 pubKeySz = sizeof(pubKey); + int ret = wc_GetSubjectPubKeyInfoDerFromCert(certDer, + certSz, + pubKey, + &pubKeySz); + \endcode + + \sa wc_GetPubKeyDerFromCert +*/ +int wc_GetSubjectPubKeyInfoDerFromCert(const byte* certDer, + word32 certDerSz, + byte* pubKeyDer, + word32* pubKeyDerSz); + +/*! + \ingroup ASN + \brief Extracts UUID from certificate. + + \return 0 on success + \return negative on error + + \param cert Decoded certificate structure + \param uuid Output buffer for UUID + \param uuidSz Pointer to UUID buffer size (in/out) + + _Example_ + \code + DecodedCert cert; + byte uuid[16]; + int uuidSz = sizeof(uuid); + int ret = wc_GetUUIDFromCert(&cert, uuid, &uuidSz); + \endcode + + \sa wc_ParseCert +*/ +int wc_GetUUIDFromCert(struct DecodedCert* cert, + byte* uuid, int* uuidSz); + +/*! + \ingroup ASN + \brief Extracts FASCN from certificate. + + \return 0 on success + \return negative on error + + \param cert Decoded certificate structure + \param fascn Output buffer for FASCN + \param fascnSz Pointer to FASCN buffer size (in/out) + + _Example_ + \code + DecodedCert cert; + byte fascn[25]; + int fascnSz = sizeof(fascn); + int ret = wc_GetFASCNFromCert(&cert, fascn, &fascnSz); + \endcode + + \sa wc_ParseCert +*/ +int wc_GetFASCNFromCert(struct DecodedCert* cert, + byte* fascn, int* fascnSz); + +/*! + \ingroup ASN + \brief Generates the pre-TBS (To Be Signed) certificate data from a + decoded certificate. The TBS portion is the certificate data that gets + signed by the certificate authority. This function is used in dual + algorithm certificate creation where the TBS data needs to be extracted + for signing with an alternative algorithm (e.g., a post-quantum algorithm). + + \note This API is only available when WOLFSSL_DUAL_ALG_CERTS is defined, + which enables support for dual algorithm certificates used in Post-Quantum + cryptography to provide hybrid signing with both traditional and PQ + algorithms. + + \return Size of the pre-TBS data on success + \return Negative error code on failure + + \param cert Decoded certificate structure containing the certificate to + extract TBS data from + \param der Output buffer for the pre-TBS DER-encoded data + \param derSz Size of output buffer in bytes + + _Example_ + \code + DecodedCert cert; + byte preTbs[2048]; + int ret = wc_GeneratePreTBS(&cert, preTbs, sizeof(preTbs)); + if (ret > 0) { + // ret contains the size of the pre-TBS data + // preTbs can now be signed with an alternative algorithm + } + \endcode + + \sa wc_MakeCert + \sa wc_MakeSigWithBitStr +*/ +int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der, + int derSz); + +/*! + \ingroup ASN + \brief Initializes decoded attribute certificate structure. + + \return void + + \param acert Attribute certificate structure to initialize + \param heap Heap hint for memory allocation + + _Example_ + \code + DecodedAcert acert; + wc_InitDecodedAcert(&acert, NULL); + \endcode + + \sa wc_FreeDecodedAcert +*/ +void wc_InitDecodedAcert(struct DecodedAcert* acert, + void* heap); + +/*! + \ingroup ASN + \brief Frees decoded attribute certificate structure. + + \return void + + \param acert Attribute certificate structure to free + + _Example_ + \code + DecodedAcert acert; + wc_InitDecodedAcert(&acert, NULL); + wc_FreeDecodedAcert(&acert); + \endcode + + \sa wc_InitDecodedAcert +*/ +void wc_FreeDecodedAcert(struct DecodedAcert * acert); + +/*! + \ingroup ASN + \brief Parses X.509 attribute certificate. + + \return 0 on success + \return negative on error + + \param acert Decoded attribute certificate structure + \param verify Non-zero to verify signature + + _Example_ + \code + DecodedAcert acert; + wc_InitDecodedAcert(&acert, NULL); + int ret = wc_ParseX509Acert(&acert, 1); + \endcode + + \sa wc_VerifyX509Acert +*/ +int wc_ParseX509Acert(struct DecodedAcert* acert, int verify); + +/*! + \ingroup ASN + \brief Verifies X.509 attribute certificate. + + \return 0 on success + \return negative on error + + \param acert Attribute certificate buffer + \param acertSz Size of attribute certificate + \param issuerCert Issuer certificate buffer + \param issuerCertSz Size of issuer certificate + \param cm Certificate manager + + _Example_ + \code + int ret = wc_VerifyX509Acert(acertBuf, acertSz, + issuerBuf, issuerSz, cm); + \endcode + + \sa wc_ParseX509Acert +*/ +int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* issuerCert, + word32 issuerCertSz, void* cm); + +/*! + \ingroup ASN \brief This function takes an encrypted PKCS#8 DER key and decrypts it to - PKCS#8 unencrypted DER. Undoes the encryption done by wc_EncryptPKCS8Key. + PKCS#8 unencrypted DER.Undoes the encryption done by wc_EncryptPKCS8Key. See RFC5208. The input buffer is overwritten with the decrypted data. \return The length of the decrypted buffer on success. @@ -2525,3 +4055,23 @@ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data, word32 len); +/*! + \ingroup ASN + \brief Sets OID to name callback for ASN.1 parsing. + + \return 0 on success + \return negative on error + + \param asn1 ASN.1 structure + \param nameCb Callback function to convert OID to name + + _Example_ + \code + Asn1 asn1; + int ret = wc_Asn1_SetOidToNameCb(&asn1, myOidToNameCb); + \endcode + + \sa wc_Asn1_PrintAll +*/ +int wc_Asn1_SetOidToNameCb(Asn1* asn1, Asn1OidToNameCb nameCb); + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/blake2.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/blake2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/blake2.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/blake2.h 2026-05-24 09:58:33.000000000 +0000 @@ -14,7 +14,7 @@ \code Blake2b b2b; // initialize Blake2b structure with 64 byte digest - wc_InitBlake2b(&b2b, 64); + wc_InitBlake2b(&b2b, WC_BLAKE2B_DIGEST_SIZE); \endcode \sa wc_Blake2bUpdate @@ -41,13 +41,13 @@ int ret; Blake2b b2b; // initialize Blake2b structure with 64 byte digest - wc_InitBlake2b(&b2b, 64); + wc_InitBlake2b(&b2b, WC_BLAKE2B_DIGEST_SIZE); byte plain[] = { // initialize input }; ret = wc_Blake2bUpdate(&b2b, plain, sizeof(plain)); - if( ret != 0) { - // error updating blake2b + if (ret != 0) { + // error updating blake2b } \endcode @@ -78,14 +78,14 @@ \code int ret; Blake2b b2b; - byte hash[64]; + byte hash[WC_BLAKE2B_DIGEST_SIZE]; // initialize Blake2b structure with 64 byte digest - wc_InitBlake2b(&b2b, 64); + wc_InitBlake2b(&b2b, WC_BLAKE2B_DIGEST_SIZE); ... // call wc_Blake2bUpdate to add data to hash - ret = wc_Blake2bFinal(&b2b, hash, 64); - if( ret != 0) { - // error generating blake2b hash + ret = wc_Blake2bFinal(&b2b, hash, WC_BLAKE2B_DIGEST_SIZE); + if (ret != 0) { + // error generating blake2b hash } \endcode @@ -93,3 +93,326 @@ \sa wc_Blake2bUpdate */ int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz); + +/*! + \ingroup BLAKE2 + + \brief Initialize an HMAC-BLAKE2b message authentication code computation. + + \return 0 Returned upon successfully initializing the HMAC-BLAKE2b MAC + computation. + + \param b2b Blake2b structure to be used for the MAC computation. + \param key pointer to the key + \param key_len length of the key + + _Example_ + \code + Blake2b b2b; + int ret; + byte key[] = {4, 5, 6}; + ret = wc_Blake2bHmacInit(&b2b, key); + if (ret != 0) { + // error generating HMAC-BLAKE2b + } + \endcode +*/ +int wc_Blake2bHmacInit(Blake2b * b2b, + const byte * key, size_t key_len); + +/*! + \ingroup BLAKE2 + + \brief Update an HMAC-BLAKE2b message authentication code computation with + additional input data. + + \return 0 Returned upon successfully updating the HMAC-BLAKE2b MAC + computation. + + \param b2b Blake2b structure to be used for the MAC computation. + \param in pointer to the input data + \param in_len length of the input data + + _Example_ + \code + Blake2b b2b; + int ret; + byte key[] = {4, 5, 6}; + byte data[] = {1, 2, 3}; + ret = wc_Blake2bHmacInit(&b2b, key, sizeof(key)); + ret = wc_Blake2bHmacUpdate(&b2b, data, sizeof(data)); + \endcode +*/ +int wc_Blake2bHmacUpdate(Blake2b * b2b, + const byte * in, size_t in_len); + +/*! + \ingroup BLAKE2 + + \brief Finalize an HMAC-BLAKE2b message authentication code computation. + + \return 0 Returned upon successfully finalizing the HMAC-BLAKE2b MAC + computation. + + \param b2b Blake2b structure to be used for the MAC computation. + \param key pointer to the key + \param key_len length of the key + \param out output buffer to store computed MAC + \param out_len length of output buffer + + _Example_ + \code + Blake2b b2b; + int ret; + byte key[] = {4, 5, 6}; + byte data[] = {1, 2, 3}; + byte mac[WC_BLAKE2B_DIGEST_SIZE]; + ret = wc_Blake2bHmacInit(&b2b, key, sizeof(key)); + ret = wc_Blake2bHmacUpdate(&b2b, data, sizeof(data)); + ret = wc_Blake2bHmacFinalize(&b2b, key, sizeof(key), mac, sizezof(mac)); + \endcode +*/ +int wc_Blake2bHmacFinal(Blake2b * b2b, + const byte * key, size_t key_len, + byte * out, size_t out_len); + +/*! + \ingroup BLAKE2 + + \brief Compute the HMAC-BLAKE2b message authentication code of the given + input data using the given key. + + \return 0 Returned upon successfully computing the HMAC-BLAKE2b MAC. + + \param in pointer to the input data + \param in_len length of the input data + \param key pointer to the key + \param key_len length of the key + \param out output buffer to store computed MAC + \param out_len length of output buffer + + _Example_ + \code + int ret; + byte mac[WC_BLAKE2B_DIGEST_SIZE]; + byte data[] = {1, 2, 3}; + byte key[] = {4, 5, 6}; + ret = wc_Blake2bHmac(data, sizeof(data), key, sizeof(key), mac, sizeof(mac)); + if (ret != 0) { + // error generating HMAC-BLAKE2b + } + \endcode +*/ +int wc_Blake2bHmac(const byte * in, size_t in_len, + const byte * key, size_t key_len, + byte * out, size_t out_len); + + +/*! + \ingroup BLAKE2 + + \brief This function initializes a Blake2s structure for use with the + Blake2 hash function. + + \return 0 Returned upon successfully initializing the Blake2s structure and + setting the digest size. + + \param b2s pointer to the Blake2s structure to initialize + \param digestSz length of the blake 2 digest to implement + + _Example_ + \code + Blake2s b2s; + // initialize Blake2s structure with 32 byte digest + wc_InitBlake2s(&b2s, WC_BLAKE2S_DIGEST_SIZE); + \endcode + + \sa wc_Blake2sUpdate +*/ +int wc_InitBlake2s(Blake2s* b2s, word32 digestSz); + +/*! + \ingroup BLAKE2 + + \brief This function updates the Blake2s hash with the given input data. + This function should be called after wc_InitBlake2s, and repeated until + one is ready for the final hash: wc_Blake2sFinal. + + \return 0 Returned upon successfully update the Blake2s structure with + the given data + \return -1 Returned if there is a failure while compressing the input data + + \param b2s pointer to the Blake2s structure to update + \param data pointer to a buffer containing the data to append + \param sz length of the input data to append + + _Example_ + \code + int ret; + Blake2s b2s; + // initialize Blake2s structure with 32 byte digest + wc_InitBlake2s(&b2s, WC_BLAKE2S_DIGEST_SIZE); + + byte plain[] = { // initialize input }; + + ret = wc_Blake2sUpdate(&b2s, plain, sizeof(plain)); + if (ret != 0) { + // error updating blake2s + } + \endcode + + \sa wc_InitBlake2s + \sa wc_Blake2sFinal +*/ +int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz); + +/*! + \ingroup BLAKE2 + + \brief This function computes the Blake2s hash of the previously supplied + input data. The output hash will be of length requestSz, or, if + requestSz==0, the digestSz of the b2s structure. This function should be + called after wc_InitBlake2s and wc_Blake2sUpdate has been processed for + each piece of input data desired. + + \return 0 Returned upon successfully computing the Blake2s hash + \return -1 Returned if there is a failure while parsing the Blake2s hash + + \param b2s pointer to the Blake2s structure to update + \param final pointer to a buffer in which to store the blake2s hash. + Should be of length requestSz + \param requestSz length of the digest to compute. When this is zero, + b2s->digestSz will be used instead + + _Example_ + \code + int ret; + Blake2s b2s; + byte hash[WC_BLAKE2S_DIGEST_SIZE]; + // initialize Blake2s structure with 32 byte digest + wc_InitBlake2s(&b2s, WC_BLAKE2S_DIGEST_SIZE); + ... // call wc_Blake2sUpdate to add data to hash + + ret = wc_Blake2sFinal(&b2s, hash, WC_BLAKE2S_DIGEST_SIZE); + if (ret != 0) { + // error generating blake2s hash + } + \endcode + + \sa wc_InitBlake2s + \sa wc_Blake2sUpdate +*/ +int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz); + +/*! + \ingroup BLAKE2 + + \brief Initialize an HMAC-BLAKE2s message authentication code computation. + + \return 0 Returned upon successfully initializing the HMAC-BLAKE2s MAC + computation. + + \param b2s Blake2s structure to be used for the MAC computation. + \param key pointer to the key + \param key_len length of the key + + _Example_ + \code + Blake2s b2s; + int ret; + byte key[] = {4, 5, 6}; + ret = wc_Blake2sHmacInit(&b2s, key); + if (ret != 0) { + // error generating HMAC-BLAKE2s + } + \endcode +*/ +int wc_Blake2sHmacInit(Blake2s * b2s, + const byte * key, size_t key_len); + +/*! + \ingroup BLAKE2 + + \brief Update an HMAC-BLAKE2s message authentication code computation with + additional input data. + + \return 0 Returned upon successfully updating the HMAC-BLAKE2s MAC + computation. + + \param b2s Blake2s structure to be used for the MAC computation. + \param in pointer to the input data + \param in_len length of the input data + + _Example_ + \code + Blake2s b2s; + int ret; + byte key[] = {4, 5, 6}; + byte data[] = {1, 2, 3}; + ret = wc_Blake2sHmacInit(&b2s, key, sizeof(key)); + ret = wc_Blake2sHmacUpdate(&b2s, data, sizeof(data)); + \endcode +*/ +int wc_Blake2sHmacUpdate(Blake2s * b2s, + const byte * in, size_t in_len); + +/*! + \ingroup BLAKE2 + + \brief Finalize an HMAC-BLAKE2s message authentication code computation. + + \return 0 Returned upon successfully finalizing the HMAC-BLAKE2s MAC + computation. + + \param b2s Blake2s structure to be used for the MAC computation. + \param key pointer to the key + \param key_len length of the key + \param out output buffer to store computed MAC + \param out_len length of output buffer + + _Example_ + \code + Blake2s b2s; + int ret; + byte key[] = {4, 5, 6}; + byte data[] = {1, 2, 3}; + byte mac[WC_BLAKE2S_DIGEST_SIZE]; + ret = wc_Blake2sHmacInit(&b2s, key, sizeof(key)); + ret = wc_Blake2sHmacUpdate(&b2s, data, sizeof(data)); + ret = wc_Blake2sHmacFinalize(&b2s, key, sizeof(key), mac, sizezof(mac)); + \endcode +*/ +int wc_Blake2sHmacFinal(Blake2s * b2s, + const byte * key, size_t key_len, + byte * out, size_t out_len); + +/*! + \ingroup BLAKE2 + + \brief This function computes the HMAC-BLAKE2s message authentication code + of the given input data using the given key. + + \return 0 Returned upon successfully computing the HMAC-BLAKE2s MAC. + + \param in pointer to the input data + \param in_len length of the input data + \param key pointer to the key + \param key_len length of the key + \param out output buffer to store computed MAC + \param out_len length of output buffer + + _Example_ + \code + int ret; + byte mac[WC_BLAKE2S_DIGEST_SIZE]; + byte data[] = {1, 2, 3}; + byte key[] = {4, 5, 6}; + ret = wc_Blake2sHmac(data, sizeof(data), key, sizeof(key), mac, sizeof(mac)); + if (ret != 0) { + // error generating HMAC-BLAKE2s + } + \endcode +*/ +int wc_Blake2sHmac(const byte * in, size_t in_len, + const byte * key, size_t key_len, + byte * out, size_t out_len); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/camellia.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/camellia.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/camellia.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/camellia.h 2026-05-24 09:58:33.000000000 +0000 @@ -35,8 +35,8 @@ \sa wc_CamelliaCbcEncrypt \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaSetKey(Camellia* cam, - const byte* key, word32 len, const byte* iv); +int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, + const byte* iv); /*! \ingroup Camellia @@ -64,7 +64,7 @@ \sa wc_CamelliaSetKey */ -int wc_CamelliaSetIV(Camellia* cam, const byte* iv); +int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv); /*! \ingroup Camellia @@ -92,7 +92,7 @@ \sa wc_CamelliaDecryptDirect */ -int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, +int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! @@ -122,7 +122,7 @@ \sa wc_CamelliaEncryptDirect */ -int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, +int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! @@ -151,7 +151,7 @@ \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaCbcEncrypt(Camellia* cam, +int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); /*! @@ -180,5 +180,5 @@ \sa wc_CamelliaCbcEncrypt */ -int wc_CamelliaCbcDecrypt(Camellia* cam, +int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha.h 2026-05-24 09:58:33.000000000 +0000 @@ -97,3 +97,44 @@ \sa wc_Chacha_Process */ int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); + +/*! + \ingroup ChaCha + \brief This function sets the key and nonce for an XChaCha cipher + context. XChaCha extends ChaCha20 to use a 192-bit nonce instead of + 96 bits, providing better security for applications that need to + encrypt many messages with the same key. + + \return 0 On success. + \return BAD_FUNC_ARG If ctx, key, or nonce is NULL, or if keySz is + invalid, or if nonceSz is not XCHACHA_NONCE_BYTES (24 bytes). + \return Other negative values on error. + + \param ctx pointer to the ChaCha structure to initialize + \param key pointer to the key buffer (16 or 32 bytes) + \param keySz length of the key in bytes (16 or 32) + \param nonce pointer to the nonce buffer (must be 24 bytes) + \param nonceSz length of the nonce in bytes (must be 24) + \param counter initial block counter value (usually 0) + + _Example_ + \code + ChaCha ctx; + byte key[32] = { }; // 256-bit key + byte nonce[24] = { }; // 192-bit nonce + byte plaintext[100] = { }; // data to encrypt + byte ciphertext[100]; + + int ret = wc_XChacha_SetKey(&ctx, key, 32, nonce, 24, 0); + if (ret != 0) { + // error setting XChaCha key + } + wc_Chacha_Process(&ctx, ciphertext, plaintext, 100); + \endcode + + \sa wc_Chacha_SetKey + \sa wc_Chacha_SetIV + \sa wc_Chacha_Process +*/ +int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, + const byte *nonce, word32 nonceSz, word32 counter); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -50,8 +50,8 @@ int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inPlaintext, const word32 inPlaintextLen, + const byte* inAAD, word32 inAADLen, + const byte* inPlaintext, word32 inPlaintextLen, byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); @@ -118,7 +118,277 @@ int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inCiphertext, const word32 inCiphertextLen, + const byte* inAAD, word32 inAADLen, + const byte* inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); + +/*! + \ingroup ChaCha20Poly1305 + \brief Compares two authentication tags in constant time to prevent + timing attacks. + + \return 0 If tags match + \return MAC_CMP_FAILED_E If tags do not match + + \param authTag First authentication tag + \param authTagChk Second authentication tag to compare + + _Example_ + \code + byte tag1[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + byte tag2[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + + int ret = wc_ChaCha20Poly1305_CheckTag(tag1, tag2); + if (ret != 0) { + // tags do not match + } + \endcode + + \sa wc_ChaCha20Poly1305_Decrypt +*/ +int wc_ChaCha20Poly1305_CheckTag( + const byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], + const byte authTagChk[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + +/*! + \ingroup ChaCha20Poly1305 + \brief Initializes a ChaChaPoly_Aead structure for incremental + encryption or decryption operations. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + + \param aead Pointer to ChaChaPoly_Aead structure to initialize + \param inKey 32-byte encryption key + \param inIV 12-byte initialization vector + \param isEncrypt 1 for encryption, 0 for decryption + + _Example_ + \code + ChaChaPoly_Aead aead; + byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; + byte iv[CHACHA20_POLY1305_AEAD_IV_SIZE]; + + int ret = wc_ChaCha20Poly1305_Init(&aead, key, iv, 1); + if (ret != 0) { + // error initializing + } + \endcode + + \sa wc_ChaCha20Poly1305_UpdateAad + \sa wc_ChaCha20Poly1305_UpdateData + \sa wc_ChaCha20Poly1305_Final +*/ +int wc_ChaCha20Poly1305_Init(ChaChaPoly_Aead* aead, + const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], + const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], + int isEncrypt); + +/*! + \ingroup ChaCha20Poly1305 + \brief Updates the AEAD context with additional authenticated data + (AAD). Must be called after Init and before UpdateData. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + + \param aead Pointer to initialized ChaChaPoly_Aead structure + \param inAAD Additional authenticated data + \param inAADLen Length of AAD in bytes + + _Example_ + \code + ChaChaPoly_Aead aead; + byte aad[]; // AAD data + + wc_ChaCha20Poly1305_Init(&aead, key, iv, 1); + int ret = wc_ChaCha20Poly1305_UpdateAad(&aead, aad, sizeof(aad)); + if (ret != 0) { + // error updating AAD + } + \endcode + + \sa wc_ChaCha20Poly1305_Init + \sa wc_ChaCha20Poly1305_UpdateData +*/ +int wc_ChaCha20Poly1305_UpdateAad(ChaChaPoly_Aead* aead, + const byte* inAAD, word32 inAADLen); + +/*! + \ingroup ChaCha20Poly1305 + \brief Encrypts or decrypts data incrementally. Can be called + multiple times to process data in chunks. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + + \param aead Pointer to initialized ChaChaPoly_Aead structure + \param inData Input data (plaintext or ciphertext) + \param outData Output buffer for result + \param dataLen Length of data to process + + _Example_ + \code + ChaChaPoly_Aead aead; + byte plain[]; // plaintext + byte cipher[sizeof(plain)]; + + wc_ChaCha20Poly1305_Init(&aead, key, iv, 1); + wc_ChaCha20Poly1305_UpdateAad(&aead, aad, aadLen); + int ret = wc_ChaCha20Poly1305_UpdateData(&aead, plain, + cipher, sizeof(plain)); + \endcode + + \sa wc_ChaCha20Poly1305_Init + \sa wc_ChaCha20Poly1305_Final +*/ +int wc_ChaCha20Poly1305_UpdateData(ChaChaPoly_Aead* aead, + const byte* inData, byte* outData, word32 dataLen); + +/*! + \ingroup ChaCha20Poly1305 + \brief Finalizes the AEAD operation and generates the + authentication tag. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + + \param aead Pointer to ChaChaPoly_Aead structure + \param outAuthTag Buffer to store 16-byte authentication tag + + _Example_ + \code + ChaChaPoly_Aead aead; + byte authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + + wc_ChaCha20Poly1305_Init(&aead, key, iv, 1); + wc_ChaCha20Poly1305_UpdateAad(&aead, aad, aadLen); + wc_ChaCha20Poly1305_UpdateData(&aead, plain, cipher, plainLen); + int ret = wc_ChaCha20Poly1305_Final(&aead, authTag); + \endcode + + \sa wc_ChaCha20Poly1305_Init + \sa wc_ChaCha20Poly1305_UpdateData +*/ +int wc_ChaCha20Poly1305_Final(ChaChaPoly_Aead* aead, + byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); + +/*! + \ingroup ChaCha20Poly1305 + \brief Initializes XChaCha20-Poly1305 AEAD with extended nonce. + XChaCha20 uses a 24-byte nonce instead of 12-byte. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + + \param aead Pointer to ChaChaPoly_Aead structure + \param ad Additional authenticated data + \param ad_len Length of AAD + \param inKey Encryption key + \param inKeySz Key size (must be 32) + \param inIV Initialization vector + \param inIVSz IV size (must be 24 for XChaCha20) + \param isEncrypt 1 for encryption, 0 for decryption + + _Example_ + \code + ChaChaPoly_Aead aead; + byte key[32]; + byte iv[24]; + byte aad[]; // AAD + + int ret = wc_XChaCha20Poly1305_Init(&aead, aad, sizeof(aad), + key, 32, iv, 24, 1); + \endcode + + \sa wc_XChaCha20Poly1305_Encrypt + \sa wc_XChaCha20Poly1305_Decrypt +*/ +int wc_XChaCha20Poly1305_Init(ChaChaPoly_Aead* aead, + const byte *ad, word32 ad_len, + const byte *inKey, word32 inKeySz, + const byte *inIV, word32 inIVSz, + int isEncrypt); + +/*! + \ingroup ChaCha20Poly1305 + \brief One-shot XChaCha20-Poly1305 encryption with 24-byte nonce. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + \return BUFFER_E If dst_space is insufficient + + \param dst Output buffer for ciphertext and tag + \param dst_space Size of output buffer + \param src Input plaintext + \param src_len Length of plaintext + \param ad Additional authenticated data + \param ad_len Length of AAD + \param nonce 24-byte nonce + \param nonce_len Nonce length (must be 24) + \param key 32-byte encryption key + \param key_len Key length (must be 32) + + _Example_ + \code + byte key[32], nonce[24]; + byte plain[]; // plaintext + byte cipher[sizeof(plain) + 16]; + + int ret = wc_XChaCha20Poly1305_Encrypt(cipher, sizeof(cipher), + plain, sizeof(plain), + NULL, 0, nonce, 24, + key, 32); + \endcode + + \sa wc_XChaCha20Poly1305_Decrypt +*/ +int wc_XChaCha20Poly1305_Encrypt(byte *dst, size_t dst_space, + const byte *src, size_t src_len, + const byte *ad, size_t ad_len, + const byte *nonce, size_t nonce_len, + const byte *key, size_t key_len); + +/*! + \ingroup ChaCha20Poly1305 + \brief One-shot XChaCha20-Poly1305 decryption with 24-byte nonce. + + \return 0 On success + \return BAD_FUNC_ARG If parameters are invalid + \return BUFFER_E If dst_space is insufficient + \return MAC_CMP_FAILED_E If authentication fails + + \param dst Output buffer for plaintext + \param dst_space Size of output buffer + \param src Input ciphertext with tag + \param src_len Length of ciphertext plus tag + \param ad Additional authenticated data + \param ad_len Length of AAD + \param nonce 24-byte nonce + \param nonce_len Nonce length (must be 24) + \param key 32-byte decryption key + \param key_len Key length (must be 32) + + _Example_ + \code + byte key[32], nonce[24]; + byte cipher[]; // ciphertext + tag + byte plain[sizeof(cipher) - 16]; + + int ret = wc_XChaCha20Poly1305_Decrypt(plain, sizeof(plain), + cipher, sizeof(cipher), + NULL, 0, nonce, 24, + key, 32); + if (ret == MAC_CMP_FAILED_E) { + // authentication failed + } + \endcode + + \sa wc_XChaCha20Poly1305_Encrypt +*/ +int wc_XChaCha20Poly1305_Decrypt(byte *dst, size_t dst_space, + const byte *src, size_t src_len, + const byte *ad, size_t ad_len, + const byte *nonce, size_t nonce_len, + const byte *key, size_t key_len); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -206,3 +206,82 @@ \endcode */ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); + +/*! + \ingroup CMAC + \brief Single shot AES-CMAC generation with extended parameters + including heap and device ID. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + + \param cmac Pointer to Cmac structure (can be NULL for one-shot) + \param out Buffer to store MAC output + \param outSz Pointer to output size (in/out) + \param in Input data to authenticate + \param inSz Length of input data + \param key AES key + \param keySz Key size (16, 24, or 32 bytes) + \param heap Heap hint for memory allocation (can be NULL) + \param devId Device ID for hardware acceleration (use + INVALID_DEVID for software) + + _Example_ + \code + byte mac[AES_BLOCK_SIZE]; + word32 macSz = sizeof(mac); + byte key[16], msg[64]; + + int ret = wc_AesCmacGenerate_ex(NULL, mac, &macSz, msg, + sizeof(msg), key, sizeof(key), + NULL, INVALID_DEVID); + \endcode + + \sa wc_AesCmacGenerate + \sa wc_AesCmacVerify_ex +*/ +int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz, + const byte* in, word32 inSz, + const byte* key, word32 keySz, + void* heap, int devId); + +/*! + \ingroup CMAC + \brief Single shot AES-CMAC verification with extended parameters + including heap and device ID. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + \return MAC_CMP_FAILED_E if MAC verification fails + + \param cmac Pointer to Cmac structure (can be NULL for one-shot) + \param check Expected MAC value to verify + \param checkSz Size of expected MAC + \param in Input data to authenticate + \param inSz Length of input data + \param key AES key + \param keySz Key size (16, 24, or 32 bytes) + \param heap Heap hint for memory allocation (can be NULL) + \param devId Device ID for hardware acceleration (use + INVALID_DEVID for software) + + _Example_ + \code + byte mac[AES_BLOCK_SIZE]; + byte key[16], msg[64]; + + int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg, + sizeof(msg), key, sizeof(key), + NULL, INVALID_DEVID); + if (ret == MAC_CMP_FAILED_E) { + // MAC verification failed + } + \endcode + + \sa wc_AesCmacVerify + \sa wc_AesCmacGenerate_ex +*/ +int wc_AesCmacVerify_ex(Cmac* cmac, const byte* check, word32 checkSz, + const byte* in, word32 inSz, + const byte* key, word32 keySz, + void* heap, int devId); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/coding.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/coding.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/coding.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/coding.h 2026-05-24 09:58:33.000000000 +0000 @@ -46,6 +46,8 @@ traditional ‘\n’ line endings, instead of escaped %0A line endings. Upon successfully completing, this function also sets outLen to the number of bytes written to the output buffer. + If there is enough room in out to store an extra byte, a NULL terminator + will be added. This will NOT be included in outLen. \return 0 Returned upon successfully decoding the Base64 encoded input \return BAD_FUNC_ARG Returned if the output buffer is too small to @@ -203,6 +205,8 @@ \ingroup Base_Encoding \brief Encode input to base16 output. + If there is enough room in out to store an extra byte, a NULL terminator + will be added and included in outLen. \return 0 Success \return BAD_FUNC_ARG Returns if in, out, or outLen is null or if outLen is @@ -231,3 +235,43 @@ */ int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen); + +/*! + \ingroup Base_Encoding + \brief This function decodes Base64 encoded input without using + constant-time operations. This is faster than the constant-time + version but may be vulnerable to timing attacks. Use only when + timing attacks are not a concern. + + \return 0 On successfully decoding the Base64 encoded input. + \return BAD_FUNC_ARG If the output buffer is too small to store the + decoded input. + \return ASN_INPUT_E If a character in the input buffer falls outside + of the Base64 range or if there is an invalid line ending. + \return BUFFER_E If running out of buffer while decoding. + + \param in pointer to the input buffer to decode + \param inLen length of the input buffer to decode + \param out pointer to the output buffer to store decoded message + \param outLen pointer to length of output buffer; updated with bytes + written + + _Example_ + \code + byte encoded[] = "SGVsbG8gV29ybGQ="; // "Hello World" in Base64 + byte decoded[64]; + word32 outLen = sizeof(decoded); + + int ret = Base64_Decode_nonCT(encoded, sizeof(encoded)-1, decoded, + &outLen); + if (ret != 0) { + // error decoding input + } + // decoded now contains "Hello World" + \endcode + + \sa Base64_Decode + \sa Base64_Encode +*/ +int Base64_Decode_nonCT(const byte* in, word32 inLen, byte* out, + word32* outLen); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/compress.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/compress.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/compress.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/compress.h 2026-05-24 09:58:33.000000000 +0000 @@ -70,3 +70,131 @@ \sa wc_Compress */ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz); + +/*! + \ingroup Compression + \brief This function compresses the given input data using Huffman + coding with extended parameters. This is similar to wc_Compress but + allows specification of compression flags and window bits for more + control over the compression process. + + \return On successfully compressing the input data, returns the + number of bytes stored in the output buffer + \return COMPRESS_INIT_E Returned if there is an error initializing + the stream for compression + \return COMPRESS_E Returned if an error occurs during compression + + \param out pointer to the output buffer in which to store the + compressed data + \param outSz size available in the output buffer for storage + \param in pointer to the buffer containing the message to compress + \param inSz size of the input message to compress + \param flags flags to control how compression operates + \param windowBits the base two logarithm of the window size (8..15) + + _Example_ + \code + byte message[] = { // initialize text to compress }; + byte compressed[(sizeof(message) + sizeof(message) * .001 + 12)]; + word32 flags = 0; + word32 windowBits = 15; // 32KB window + + int ret = wc_Compress_ex(compressed, sizeof(compressed), message, + sizeof(message), flags, windowBits); + if (ret < 0) { + // error compressing data + } + \endcode + + \sa wc_Compress + \sa wc_DeCompress_ex +*/ +int wc_Compress_ex(byte* out, word32 outSz, const byte* in, word32 inSz, + word32 flags, word32 windowBits); + +/*! + \ingroup Compression + \brief This function decompresses the given compressed data using + Huffman coding with extended parameters. This is similar to + wc_DeCompress but allows specification of window bits for more + control over the decompression process. + + \return On successfully decompressing the input data, returns the + number of bytes stored in the output buffer + \return COMPRESS_INIT_E Returned if there is an error initializing + the stream for decompression + \return COMPRESS_E Returned if an error occurs during decompression + + \param out pointer to the output buffer in which to store the + decompressed data + \param outSz size available in the output buffer for storage + \param in pointer to the buffer containing the message to decompress + \param inSz size of the input message to decompress + \param windowBits the base two logarithm of the window size (8..15) + + _Example_ + \code + byte compressed[] = { // initialize compressed message }; + byte decompressed[MAX_MESSAGE_SIZE]; + int windowBits = 15; + + int ret = wc_DeCompress_ex(decompressed, sizeof(decompressed), + compressed, sizeof(compressed), + windowBits); + if (ret < 0) { + // error decompressing data + } + \endcode + + \sa wc_DeCompress + \sa wc_Compress_ex +*/ +int wc_DeCompress_ex(byte* out, word32 outSz, const byte* in, word32 inSz, + int windowBits); + +/*! + \ingroup Compression + \brief This function decompresses the given compressed data using + Huffman coding with dynamic memory allocation. The output buffer is + allocated dynamically and the caller is responsible for freeing it. + + \return On successfully decompressing the input data, returns the + number of bytes stored in the output buffer + \return COMPRESS_INIT_E Returned if there is an error initializing + the stream for decompression + \return COMPRESS_E Returned if an error occurs during decompression + \return MEMORY_E Returned if memory allocation fails + + \param out pointer to pointer that will be set to the allocated + output buffer + \param max maximum size to allocate for output buffer + \param memoryType type of memory to allocate (DYNAMIC_TYPE_TMP_BUFFER) + \param in pointer to the buffer containing the message to decompress + \param inSz size of the input message to decompress + \param windowBits the base two logarithm of the window size (8..15) + \param heap heap hint for memory allocation (can be NULL) + + _Example_ + \code + byte compressed[] = { // initialize compressed message }; + byte* decompressed = NULL; + int max = 1024 * 1024; // 1MB max + + int ret = wc_DeCompressDynamic(&decompressed, max, + DYNAMIC_TYPE_TMP_BUFFER, compressed, + sizeof(compressed), 15, NULL); + if (ret < 0) { + // error decompressing data + } + else { + // use decompressed data + XFREE(decompressed, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + \endcode + + \sa wc_DeCompress + \sa wc_DeCompress_ex +*/ +int wc_DeCompressDynamic(byte** out, int max, int memoryType, + const byte* in, word32 inSz, int windowBits, + void* heap); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cryptocb.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cryptocb.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cryptocb.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/cryptocb.h 2026-05-24 09:58:33.000000000 +0000 @@ -52,6 +52,17 @@ } } #endif + #if defined(WC_RSA_PSS) && !defined(NO_RSA) + if (info->pk.type == WC_PK_TYPE_RSA_PSS) { + // RSA-PSS sign/verify + ret = wc_RsaPSS_Sign_ex( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, *info->pk.rsa.outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, + RSA_PSS_SALT_LEN_DEFAULT, + info->pk.rsa.key, info->pk.rsa.rng); + } + #endif #ifdef HAVE_ECC if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { // ECDSA @@ -109,3 +120,134 @@ \sa wolfSSL_CTX_SetDevId */ void wc_CryptoCb_UnRegisterDevice(int devId); + +/*! + \ingroup CryptoCb + \brief This function returns the default device ID for crypto + callbacks. This is useful when you want to get the device ID that + was set as the default for the library. + + \return The default device ID, or INVALID_DEVID if no default is set. + + _Example_ + \code + int devId = wc_CryptoCb_DefaultDevID(); + if (devId != INVALID_DEVID) { + // default device ID is set + } + \endcode + + \sa wc_CryptoCb_RegisterDevice + \sa wc_CryptoCb_UnRegisterDevice +*/ +int wc_CryptoCb_DefaultDevID(void); + +/*! + \ingroup CryptoCb + \brief This function sets a callback for finding crypto devices. + The callback is invoked when a device ID needs to be resolved to + a device context. This is useful for dynamic device management. + + \return none No returns. + + \param cb callback function with prototype: + typedef void* (*CryptoDevCallbackFind)(int devId); + + _Example_ + \code + void* myDeviceFindCb(int devId) { + // lookup device context by ID + return deviceContext; + } + + wc_CryptoCb_SetDeviceFindCb(myDeviceFindCb); + \endcode + + \sa wc_CryptoCb_RegisterDevice +*/ +void wc_CryptoCb_SetDeviceFindCb(CryptoDevCallbackFind cb); + +/*! + \ingroup CryptoCb + \brief This function converts a wc_CryptoInfo structure to a + human-readable string for debugging purposes. The string is printed + to stdout and describes the cryptographic operation being performed. + + \return none No returns. + + \param info pointer to the wc_CryptoInfo structure to convert + + _Example_ + \code + int myCryptoCb(int devId, wc_CryptoInfo* info, void* ctx) { + // print debug info about the operation + wc_CryptoCb_InfoString(info); + + // handle the operation + return CRYPTOCB_UNAVAILABLE; + } + \endcode + + \sa wc_CryptoCb_RegisterDevice +*/ +void wc_CryptoCb_InfoString(wc_CryptoInfo* info); + +/*! + \ingroup CryptoCb + + \brief Import an AES key into a CryptoCB device for hardware offload. + + This function allows AES keys to be handled by an external device + (e.g. Secure Element or HSM). When supported, the device callback stores + the key internally and sets an opaque handle in aes->devCtx. + + When CryptoCB AES SetKey support is enabled + (WOLF_CRYPTO_CB_AES_SETKEY), wolfCrypt routes AES-GCM operations + through the CryptoCB interface. + + **TLS Builds (Default):** + - Key bytes ARE stored in wolfCrypt memory (devKey) for fallback + - GCM tables ARE generated for software fallback + - Provides hardware acceleration with automatic fallback + + **Crypto-Only Builds (--disable-tls):** + - Key bytes NOT stored in wolfCrypt memory (true key isolation) + - GCM tables skipped (true hardware offload) + - Callback must handle all GCM operations (SetKey, Encrypt, Decrypt, Free) + + If the callback returns success (0), full AES-GCM offload is assumed. + The callback must handle SetKey, Encrypt, Decrypt, and Free operations. + + \param aes AES context + \param key Pointer to raw AES key material + \param keySz Size of key in bytes + + \return 0 on success + \return CRYPTOCB_UNAVAILABLE if device does not support this operation + \return BAD_FUNC_ARG on invalid parameters + + _Example_ + \code + #include + #include + + Aes aes; + byte key[32] = { /* 256-bit key */ }; + int devId = 1; + + /* Register your CryptoCB callback first */ + wc_CryptoCb_RegisterDevice(devId, myCryptoCallback, NULL); + + wc_AesInit(&aes, NULL, devId); + /* wc_AesGcmSetKey internally calls wc_CryptoCb_AesSetKey */ + if (wc_CryptoCb_AesSetKey(&aes, key, sizeof(key)) == 0) { + /* Key successfully imported to device via callback */ + /* aes.devCtx now contains device handle */ + /* Full GCM offload is assumed - callback must handle all operations */ + } + \endcode + + \sa wc_CryptoCb_RegisterDevice + \sa wc_AesInit +*/ +int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve25519.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -46,7 +46,7 @@ \brief This function computes a shared secret key given a secret private key and a received public key. It stores the generated secret key in the - buffer out and assigns the variable of the secret key to outlen. Only + buffer out and assigns the length of the secret key to outlen. Only supports big endian. \return 0 Returned on successfully computing a shared secret key. @@ -93,7 +93,7 @@ \brief This function computes a shared secret key given a secret private key and a received public key. It stores the generated secret key in the - buffer out and assigns the variable of the secret key to outlen. Supports + buffer out and assigns the length of the secret key to outlen. Supports both big and little endian. \return 0 Returned on successfully computing a shared secret key. @@ -108,7 +108,7 @@ the received public key. \param [out] out Pointer to a buffer in which to store the 32 byte computed secret key. - \param pin,out] outlen Pointer in which to store the length written to the + \param [in,out] outlen Pointer in which to store the length written to the output buffer. \param [in] endian EC25519_BIG_ENDIAN or EC25519_LITTLE_ENDIAN to set which form to use. @@ -361,7 +361,7 @@ \return 0 Returned on successfully exporting the private key from the curve25519_key structure. \return BAD_FUNC_ARG Returned if any input parameters are NULL. - \return ECC_BAD_ARG_E Returned if wc_curve25519_size() is not equal to key. + \return ECC_BAD_ARG_E Returned if *outLen is less than wc_curve25519_size(). \param [in] key Pointer to the structure from which to export the key. \param [out] out Pointer to the buffer in which to store the exported key. @@ -372,7 +372,7 @@ \code int ret; byte priv[32]; - int privSz; + word32 privSz; curve25519_key key; // initialize and make key @@ -402,7 +402,7 @@ \return 0 Returned on successfully exporting the private key from the curve25519_key structure. \return BAD_FUNC_ARG Returned if any input parameters are NULL. - \return ECC_BAD_ARG_E Returned if wc_curve25519_size() is not equal to key. + \return ECC_BAD_ARG_E Returned if *outLen is less than wc_curve25519_size(). \param [in] key Pointer to the structure from which to export the key. \param [out] out Pointer to the buffer in which to store the exported key. @@ -416,7 +416,7 @@ int ret; byte priv[32]; - int privSz; + word32 privSz; curve25519_key key; // initialize and make key ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, @@ -537,7 +537,7 @@ \return BAD_FUNC_ARG Returned if any of the input parameters are NULL. \param [in] pub Pointer to the buffer containing the public key to check. - \param [in] pubLen Length of the public key to check. + \param [in] pubSz Length of the public key to check. \param [in] endian EC25519_BIG_ENDIAN or EC25519_LITTLE_ENDIAN to set which form to use. @@ -656,7 +656,7 @@ \return ECC_BAD_ARG_E Returned if privSz is less than CURVE25519_KEY_SIZE or pubSz is less than CURVE25519_PUB_KEY_SIZE. - \param [in] key Pointer to the curve448_key structure in from which to + \param [in] key Pointer to the curve25519_key structure in from which to export the key pair. \param [out] priv Pointer to the buffer in which to store the private key. \param [in,out] privSz On in, is the size of the priv buffer in bytes. @@ -702,7 +702,7 @@ \return ECC_BAD_ARG_E Returned if privSz is less than CURVE25519_KEY_SIZE or pubSz is less than CURVE25519_PUB_KEY_SIZE. - \param [in] key Pointer to the curve448_key structure in from which to + \param [in] key Pointer to the curve25519_key structure in from which to export the key pair. \param [out] priv Pointer to the buffer in which to store the private key. \param [in,out] privSz On in, is the size of the priv buffer in bytes. @@ -725,7 +725,7 @@ curve25519_key key; // initialize and make key - ret = wc_curve25519_export_key_raw_ex(&key,priv, &privSz, pub, &pubSz, + ret = wc_curve25519_export_key_raw_ex(&key, priv, &privSz, pub, &pubSz, EC25519_BIG_ENDIAN); if (ret != 0) { // error exporting key @@ -769,3 +769,326 @@ */ int wc_curve25519_size(curve25519_key* key); + +/*! + \ingroup Curve25519 + \brief This function generates a Curve25519 public key from a given + private key. This is a lower-level function that operates directly + on byte buffers rather than curve25519_key structures. + + \return 0 On successfully generating the public key + \return ECC_BAD_ARG_E If the key sizes are invalid + \return BAD_FUNC_ARG If any input parameters are NULL + + \param public_size Size of the public key buffer (must be 32) + \param pub Pointer to buffer to store the public key + \param private_size Size of the private key (must be 32) + \param priv Pointer to buffer containing the private key + + _Example_ + \code + byte priv[CURVE25519_KEYSIZE]; + byte pub[CURVE25519_KEYSIZE]; + + // initialize priv with private key + int ret = wc_curve25519_make_pub(sizeof(pub), pub, sizeof(priv), + priv); + if (ret != 0) { + // error generating public key + } + \endcode + + \sa wc_curve25519_make_key + \sa wc_curve25519_make_pub_blind +*/ +int wc_curve25519_make_pub(int public_size, byte* pub, int private_size, + const byte* priv); + +/*! + \ingroup Curve25519 + \brief This function generates a Curve25519 public key from a given + private key with blinding to resist side-channel attacks. This adds + randomization to the scalar multiplication operation. + + \return 0 On successfully generating the public key + \return ECC_BAD_ARG_E If the key sizes are invalid + \return BAD_FUNC_ARG If any input parameters are NULL + + \param public_size Size of the public key buffer (must be 32) + \param pub Pointer to buffer to store the public key + \param private_size Size of the private key (must be 32) + \param priv Pointer to buffer containing the private key + \param rng Pointer to initialized RNG for blinding + + _Example_ + \code + WC_RNG rng; + byte priv[CURVE25519_KEYSIZE]; + byte pub[CURVE25519_KEYSIZE]; + + wc_InitRng(&rng); + // initialize priv with private key + int ret = wc_curve25519_make_pub_blind(sizeof(pub), pub, + sizeof(priv), priv, &rng); + if (ret != 0) { + // error generating public key + } + \endcode + + \sa wc_curve25519_make_pub + \sa wc_curve25519_generic_blind +*/ +int wc_curve25519_make_pub_blind(int public_size, byte* pub, + int private_size, const byte* priv, + WC_RNG* rng); + +/*! + \ingroup Curve25519 + \brief This function performs a generic Curve25519 scalar + multiplication with a custom basepoint. This allows computing + scalar * basepoint for any basepoint, not just the standard + generator. + + \return 0 On successfully computing the result + \return ECC_BAD_ARG_E If the sizes are invalid + \return BAD_FUNC_ARG If any input parameters are NULL + + \param public_size Size of the output buffer (must be 32) + \param pub Pointer to buffer to store the result + \param private_size Size of the scalar (must be 32) + \param priv Pointer to buffer containing the scalar + \param basepoint_size Size of the basepoint (must be 32) + \param basepoint Pointer to buffer containing the basepoint + + _Example_ + \code + byte scalar[CURVE25519_KEYSIZE]; + byte basepoint[CURVE25519_KEYSIZE]; + byte result[CURVE25519_KEYSIZE]; + + // initialize scalar and basepoint + int ret = wc_curve25519_generic(sizeof(result), result, + sizeof(scalar), scalar, + sizeof(basepoint), basepoint); + if (ret != 0) { + // error computing result + } + \endcode + + \sa wc_curve25519_shared_secret + \sa wc_curve25519_generic_blind +*/ +int wc_curve25519_generic(int public_size, byte* pub, int private_size, + const byte* priv, int basepoint_size, + const byte* basepoint); + +/*! + \ingroup Curve25519 + \brief This function performs a generic Curve25519 scalar + multiplication with a custom basepoint and blinding to resist + side-channel attacks. + + \return 0 On successfully computing the result + \return ECC_BAD_ARG_E If the sizes are invalid + \return BAD_FUNC_ARG If any input parameters are NULL + + \param public_size Size of the output buffer (must be 32) + \param pub Pointer to buffer to store the result + \param private_size Size of the scalar (must be 32) + \param priv Pointer to buffer containing the scalar + \param basepoint_size Size of the basepoint (must be 32) + \param basepoint Pointer to buffer containing the basepoint + \param rng Pointer to initialized RNG for blinding + + _Example_ + \code + WC_RNG rng; + byte scalar[CURVE25519_KEYSIZE]; + byte basepoint[CURVE25519_KEYSIZE]; + byte result[CURVE25519_KEYSIZE]; + + wc_InitRng(&rng); + // initialize scalar and basepoint + int ret = wc_curve25519_generic_blind(sizeof(result), result, + sizeof(scalar), scalar, + sizeof(basepoint), basepoint, + &rng); + \endcode + + \sa wc_curve25519_generic + \sa wc_curve25519_make_pub_blind +*/ +int wc_curve25519_generic_blind(int public_size, byte* pub, + int private_size, const byte* priv, + int basepoint_size, const byte* basepoint, + WC_RNG* rng); + +/*! + \ingroup Curve25519 + \brief This function generates a Curve25519 private key using the + given random number generator. This is a lower-level function that + generates only the private key bytes. + + \return 0 On successfully generating the private key + \return ECC_BAD_ARG_E If keysize is invalid + \return BAD_FUNC_ARG If any input parameters are NULL + \return RNG_FAILURE_E If random number generation fails + + \param rng Pointer to initialized RNG + \param keysize Size of the key to generate (must be 32) + \param priv Pointer to buffer to store the private key + + _Example_ + \code + WC_RNG rng; + byte priv[CURVE25519_KEYSIZE]; + + wc_InitRng(&rng); + int ret = wc_curve25519_make_priv(&rng, sizeof(priv), priv); + if (ret != 0) { + // error generating private key + } + \endcode + + \sa wc_curve25519_make_key + \sa wc_curve25519_make_pub +*/ +int wc_curve25519_make_priv(WC_RNG* rng, int keysize, byte* priv); + +/*! + \ingroup Curve25519 + \brief This function initializes a Curve25519 key with extended + parameters, allowing specification of custom heap and device ID + for hardware acceleration. + + \return 0 On successfully initializing the key + \return BAD_FUNC_ARG If key is NULL + + \param key Pointer to the curve25519_key structure to initialize + \param heap Pointer to heap hint for memory allocation (can be + NULL) + \param devId Device ID for hardware acceleration (use + INVALID_DEVID for software only) + + _Example_ + \code + curve25519_key key; + void* heap = NULL; + int devId = INVALID_DEVID; + + int ret = wc_curve25519_init_ex(&key, heap, devId); + if (ret != 0) { + // error initializing key + } + \endcode + + \sa wc_curve25519_init + \sa wc_curve25519_free +*/ +int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); + +/*! + \ingroup Curve25519 + \brief This function sets the RNG to be used with a Curve25519 + key. This is useful for operations that require randomness such + as blinded scalar multiplication. + + \return 0 On successfully setting the RNG + \return BAD_FUNC_ARG If key or rng is NULL + + \param key Pointer to the curve25519_key structure + \param rng Pointer to initialized RNG + + _Example_ + \code + WC_RNG rng; + curve25519_key key; + + wc_InitRng(&rng); + wc_curve25519_init(&key); + int ret = wc_curve25519_set_rng(&key, &rng); + if (ret != 0) { + // error setting RNG + } + \endcode + + \sa wc_curve25519_init + \sa wc_curve25519_make_key +*/ +int wc_curve25519_set_rng(curve25519_key* key, WC_RNG* rng); + +/*! + \ingroup Curve25519 + \brief This function allocates and initializes a new Curve25519 + key structure with extended parameters. The caller is responsible + for freeing the key with wc_curve25519_delete. These New/Delete + functions are exposed to support allocation of the structure using + dynamic memory to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return Pointer to newly allocated curve25519_key on success + \return NULL on failure + + \param heap Pointer to heap hint for memory allocation (can be + NULL) + \param devId Device ID for hardware acceleration (use + INVALID_DEVID for software only) + \param result_code Pointer to store result code (0 on success) + + _Example_ + \code + int ret; + curve25519_key* key; + + key = wc_curve25519_new(NULL, INVALID_DEVID, &ret); + if (key == NULL || ret != 0) { + // error allocating key + } + // use key + wc_curve25519_delete(key, &key); + \endcode + + \sa wc_curve25519_delete + \sa wc_curve25519_init_ex +*/ +curve25519_key* wc_curve25519_new(void* heap, int devId, + int *result_code); + +/*! + \ingroup Curve25519 + \brief This function frees a Curve25519 key structure that was + allocated with wc_curve25519_new and sets the pointer to NULL. + These New/Delete functions are exposed to support allocation of the + structure using dynamic memory to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return 0 On successfully freeing the key + \return BAD_FUNC_ARG If key or key_p is NULL + + \param key Pointer to the curve25519_key structure to free + \param key_p Pointer to the key pointer (will be set to NULL) + + _Example_ + \code + int ret; + curve25519_key* key; + + key = wc_curve25519_new(NULL, INVALID_DEVID, &ret); + // use key + ret = wc_curve25519_delete(key, &key); + if (ret != 0) { + // error freeing key + } + // key is now NULL + \endcode + + \sa wc_curve25519_new + \sa wc_curve25519_free +*/ +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve448.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve448.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/curve448.h 2026-05-24 09:58:33.000000000 +0000 @@ -533,7 +533,7 @@ \return BAD_FUNC_ARG Returned if any of the input parameters are NULL. \param [in] pub Pointer to the buffer containing the public key to check. - \param [in] pubLen Length of the public key to check. + \param [in] pubSz Length of the public key to check. \param [in] endian EC448_BIG_ENDIAN or EC448_LITTLE_ENDIAN to set which form to use. @@ -766,3 +766,37 @@ */ int wc_curve448_size(curve448_key* key); + +/*! + \ingroup Curve448 + \brief This function generates a Curve448 public key from a given + private key. It computes the public key by performing scalar + multiplication of the base point with the private key. + + \return 0 On success. + \return ECC_BAD_ARG_E If public_size is not CURVE448_PUB_KEY_SIZE or + if private_size is not CURVE448_KEY_SIZE. + \return BAD_FUNC_ARG If pub or priv is NULL. + + \param public_size size of the public key buffer (must be 56 bytes) + \param pub pointer to buffer to store the generated public key + \param private_size size of the private key (must be 56 bytes) + \param priv pointer to the private key buffer + + _Example_ + \code + byte priv[CURVE448_KEY_SIZE] = { }; // private key + byte pub[CURVE448_PUB_KEY_SIZE]; + + int ret = wc_curve448_make_pub(CURVE448_PUB_KEY_SIZE, pub, + CURVE448_KEY_SIZE, priv); + if (ret != 0) { + // error generating public key + } + \endcode + + \sa wc_curve448_make_key + \sa wc_curve448_import_private +*/ +int wc_curve448_make_pub(int public_size, byte* pub, int private_size, + const byte* priv); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/des3.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/des3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/des3.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/des3.h 2026-05-24 09:58:33.000000000 +0000 @@ -330,3 +330,124 @@ */ int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); + +/*! + \ingroup 3DES + \brief This function decrypts the input ciphertext and stores the + resulting plaintext in the output buffer. It uses DES encryption + with Electronic Codebook (ECB) mode. Warning: In nearly all use + cases ECB mode is considered to be less secure. Please avoid using + ECB APIs directly whenever possible. + + \return 0 On successfully decrypting the given ciphertext + + \param des pointer to the Des structure to use for decryption + \param out pointer to the buffer in which to store the decrypted + plaintext + \param in pointer to the input buffer containing the ciphertext + \param sz length of the ciphertext to decrypt + + _Example_ + \code + Des dec; + byte cipher[]; // ciphertext to decrypt + byte plain[sizeof(cipher)]; + + wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); + if (wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)) != 0) { + // error decrypting message + } + \endcode + + \sa wc_Des_SetKey + \sa wc_Des_EcbEncrypt +*/ +int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz); + +/*! + \ingroup 3DES + \brief This function decrypts the input ciphertext and stores the + resulting plaintext in the output buffer. It uses Triple DES (3DES) + encryption with Electronic Codebook (ECB) mode. Warning: In nearly + all use cases ECB mode is considered to be less secure. Please + avoid using ECB APIs directly whenever possible. + + \return 0 On successfully decrypting the given ciphertext + + \param des pointer to the Des3 structure to use for decryption + \param out pointer to the buffer in which to store the decrypted + plaintext + \param in pointer to the input buffer containing the ciphertext + \param sz length of the ciphertext to decrypt + + _Example_ + \code + Des3 dec; + byte cipher[]; // ciphertext to decrypt + byte plain[sizeof(cipher)]; + + wc_Des3_SetKey(&dec, key, iv, DES_DECRYPTION); + if (wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)) != 0) { + // error decrypting message + } + \endcode + + \sa wc_Des3_SetKey + \sa wc_Des3_EcbEncrypt +*/ +int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz); + +/*! + \ingroup 3DES + \brief This function initializes a Des3 structure for use with + hardware acceleration and custom memory management. This is an + extended version of the standard initialization that allows + specification of heap hints and device IDs. + + \return 0 On successfully initializing the Des3 structure + \return BAD_FUNC_ARG If des3 is NULL + + \param des3 pointer to the Des3 structure to initialize + \param heap pointer to heap hint for memory allocation (can be NULL) + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software only) + + _Example_ + \code + Des3 des; + void* heap = NULL; + int devId = INVALID_DEVID; + + if (wc_Des3Init(&des, heap, devId) != 0) { + // error initializing Des3 structure + } + \endcode + + \sa wc_Des3_SetKey + \sa wc_Des3Free +*/ +int wc_Des3Init(Des3* des3, void* heap, int devId); + +/*! + \ingroup 3DES + \brief This function frees a Des3 structure and releases any + resources allocated for it. This should be called when finished + using the Des3 structure to prevent memory leaks. + + \return none No returns. + + \param des3 pointer to the Des3 structure to free + + _Example_ + \code + Des3 des; + wc_Des3Init(&des, NULL, INVALID_DEVID); + wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); + // use des for encryption/decryption + wc_Des3Free(&des); + \endcode + + \sa wc_Des3Init + \sa wc_Des3_SetKey +*/ +void wc_Des3Free(Des3* des3); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dh.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -40,7 +40,7 @@ \sa wc_InitDhKey */ -void wc_FreeDhKey(DhKey* key); +int wc_FreeDhKey(DhKey* key); /*! \ingroup Diffie-Hellman @@ -185,7 +185,7 @@ \sa wc_DhSetKey */ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, - word32); + word32 inSz); /*! \ingroup Diffie-Hellman @@ -274,9 +274,348 @@ /*! \ingroup Diffie-Hellman + \brief Encodes DH parameters to DER format for OpenSSL compatibility. + + \return Length of DER encoding on success + \return Negative on error + + \param dh DH parameters to encode + \param out Output buffer pointer (if *out is NULL, allocates buffer) + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + unsigned char* der = NULL; + int derSz = wolfSSL_i2d_DHparams(dh, &der); + if (derSz > 0) { + // use der buffer + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + } + \endcode + + \sa wolfSSL_DH_new +*/ +int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); + +/*! + \ingroup Diffie-Hellman + \brief Allocates and initializes a new DH structure for OpenSSL + compatibility. + + \return Pointer to WOLFSSL_DH on success + \return NULL on failure + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + if (dh == NULL) { + // error allocating DH + } + // use dh + wolfSSL_DH_free(dh); + \endcode + + \sa wolfSSL_DH_free + \sa wolfSSL_DH_generate_key +*/ +WOLFSSL_DH* wolfSSL_DH_new(void); + +/*! + \ingroup Diffie-Hellman + \brief Creates a new DH structure with named group parameters. + + \return Pointer to WOLFSSL_DH on success + \return NULL on failure + + \param nid Named group identifier (e.g., NID_ffdhe2048) + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048); + if (dh == NULL) { + // error creating DH with named group + } + \endcode + + \sa wolfSSL_DH_new +*/ +WOLFSSL_DH* wolfSSL_DH_new_by_nid(int nid); + +/*! + \ingroup Diffie-Hellman + \brief Frees a DH structure. + + \param dh DH structure to free + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + // use dh + wolfSSL_DH_free(dh); + \endcode + + \sa wolfSSL_DH_new +*/ +void wolfSSL_DH_free(WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Duplicates a DH structure. + + \return Pointer to new WOLFSSL_DH on success + \return NULL on failure + + \param dh DH structure to duplicate + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + WOLFSSL_DH* dhCopy = wolfSSL_DH_dup(dh); + \endcode + + \sa wolfSSL_DH_new +*/ +WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Increments reference count for DH structure. + + \return 1 on success + \return 0 on failure + + \param dh DH structure to increment reference + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + int ret = wolfSSL_DH_up_ref(dh); + \endcode + + \sa wolfSSL_DH_free +*/ +int wolfSSL_DH_up_ref(WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Validates DH parameters. + + \return 1 on success + \return 0 on failure + + \param dh DH parameters to check + \param codes Output for validation error codes + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + int codes; + int ret = wolfSSL_DH_check(dh, &codes); + if (ret != 1 || codes != 0) { + // validation failed + } + \endcode + + \sa wolfSSL_DH_generate_key +*/ +int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); + +/*! + \ingroup Diffie-Hellman + \brief Returns size of DH key in bytes. + + \return Key size in bytes on success + \return -1 on failure + + \param dh DH structure + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + int size = wolfSSL_DH_size(dh); + \endcode + + \sa wolfSSL_DH_new +*/ +int wolfSSL_DH_size(WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Generates DH public/private key pair. + + \return 1 on success + \return 0 on failure + + \param dh DH structure with parameters set + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + // set p and g parameters + int ret = wolfSSL_DH_generate_key(dh); + if (ret != 1) { + // key generation failed + } + \endcode + + \sa wolfSSL_DH_compute_key +*/ +int wolfSSL_DH_generate_key(WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Computes shared secret from peer's public key. + + \return Length of shared secret on success + \return -1 on failure + + \param key Output buffer for shared secret + \param pub Peer's public key + \param dh DH structure with private key + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + wolfSSL_DH_generate_key(dh); + byte secret[256]; + WOLFSSL_BIGNUM* peerPub = NULL; // peer's public key + int secretSz = wolfSSL_DH_compute_key(secret, peerPub, dh); + \endcode + + \sa wolfSSL_DH_generate_key +*/ +int wolfSSL_DH_compute_key(unsigned char* key, + const WOLFSSL_BIGNUM* pub, WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Computes shared secret with zero-padding to DH size. + + \return Length of shared secret on success + \return -1 on failure + + \param key Output buffer for shared secret + \param otherPub Peer's public key + \param dh DH structure with private key + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + wolfSSL_DH_generate_key(dh); + byte secret[256]; + WOLFSSL_BIGNUM* peerPub = NULL; + int secretSz = wolfSSL_DH_compute_key_padded(secret, peerPub, dh); + \endcode + + \sa wolfSSL_DH_compute_key +*/ +int wolfSSL_DH_compute_key_padded(unsigned char* key, + const WOLFSSL_BIGNUM* otherPub, + WOLFSSL_DH* dh); + +/*! + \ingroup Diffie-Hellman + \brief Loads DH parameters from DER buffer. + + \return WOLFSSL_SUCCESS on success + \return WOLFSSL_FAILURE on failure + + \param dh DH structure to load into + \param derBuf DER-encoded DH parameters + \param derSz Size of DER buffer + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + byte derBuf[256]; + int ret = wolfSSL_DH_LoadDer(dh, derBuf, sizeof(derBuf)); + \endcode + + \sa wolfSSL_DH_new +*/ +int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, + int derSz); + +/*! + \ingroup Diffie-Hellman + \brief Sets optional private key length. + + \return 1 on success + \return 0 on failure + + \param dh DH structure + \param len Private key length in bits + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + int ret = wolfSSL_DH_set_length(dh, 256); + \endcode + + \sa wolfSSL_DH_generate_key +*/ +int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len); + +/*! + \ingroup Diffie-Hellman + \brief Sets DH parameters p, q, and g. + + \return 1 on success + \return 0 on failure + + \param dh DH structure + \param p Prime modulus (takes ownership) + \param q Subgroup order (takes ownership, can be NULL) + \param g Generator (takes ownership) + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_new(); + WOLFSSL_BIGNUM *p = wolfSSL_BN_new(); + WOLFSSL_BIGNUM *g = wolfSSL_BN_new(); + // set p and g values + int ret = wolfSSL_DH_set0_pqg(dh, p, NULL, g); + \endcode + + \sa wolfSSL_DH_generate_key +*/ +int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, + WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g); + +/*! + \ingroup Diffie-Hellman + \brief Returns DH parameters for 2048-bit MODP group with 256-bit + subgroup. + + \return Pointer to WOLFSSL_DH on success + \return NULL on failure + + _Example_ + \code + WOLFSSL_DH* dh = wolfSSL_DH_get_2048_256(); + if (dh == NULL) { + // error getting standard group + } + \endcode + + \sa wolfSSL_DH_new_by_nid +*/ +WOLFSSL_DH* wolfSSL_DH_get_2048_256(void); + +/*! + \ingroup Diffie-Hellman + \brief Returns FFDHE 2048-bit group parameters. - \brief This function returns ... and requires that HAVE_FFDHE_2048 be - defined. + \return Pointer to DhParams structure + \return NULL if not compiled with HAVE_FFDHE_2048 + + _Example_ + \code + const DhParams* params = wc_Dh_ffdhe2048_Get(); + if (params != NULL) { + // use params + } + \endcode \sa wc_Dh_ffdhe3072_Get \sa wc_Dh_ffdhe4096_Get @@ -287,9 +626,18 @@ /*! \ingroup Diffie-Hellman + \brief Returns FFDHE 3072-bit group parameters. - \brief This function returns ... and requires that HAVE_FFDHE_3072 be - defined. + \return Pointer to DhParams structure + \return NULL if not compiled with HAVE_FFDHE_3072 + + _Example_ + \code + const DhParams* params = wc_Dh_ffdhe3072_Get(); + if (params != NULL) { + // use params + } + \endcode \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe4096_Get @@ -300,9 +648,18 @@ /*! \ingroup Diffie-Hellman + \brief Returns FFDHE 4096-bit group parameters. - \brief This function returns ... and requires that HAVE_FFDHE_4096 be - defined. + \return Pointer to DhParams structure + \return NULL if not compiled with HAVE_FFDHE_4096 + + _Example_ + \code + const DhParams* params = wc_Dh_ffdhe4096_Get(); + if (params != NULL) { + // use params + } + \endcode \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get @@ -313,9 +670,18 @@ /*! \ingroup Diffie-Hellman + \brief Returns FFDHE 6144-bit group parameters. - \brief This function returns ... and requires that HAVE_FFDHE_6144 be - defined. + \return Pointer to DhParams structure + \return NULL if not compiled with HAVE_FFDHE_6144 + + _Example_ + \code + const DhParams* params = wc_Dh_ffdhe6144_Get(); + if (params != NULL) { + // use params + } + \endcode \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get @@ -326,9 +692,18 @@ /*! \ingroup Diffie-Hellman + \brief Returns FFDHE 8192-bit group parameters. - \brief This function returns ... and requires that HAVE_FFDHE_8192 be - defined. + \return Pointer to DhParams structure + \return NULL if not compiled with HAVE_FFDHE_8192 + + _Example_ + \code + const DhParams* params = wc_Dh_ffdhe8192_Get(); + if (params != NULL) { + // use params + } + \endcode \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get @@ -339,6 +714,291 @@ /*! \ingroup Diffie-Hellman + \brief Initializes DH key with heap hint and device ID. + + \return 0 on success + \return BAD_FUNC_ARG if key is NULL + + \param key DH key to initialize + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + + _Example_ + \code + DhKey key; + int ret = wc_InitDhKey_ex(&key, NULL, INVALID_DEVID); + if (ret != 0) { + // error initializing key + } + \endcode + + \sa wc_InitDhKey + \sa wc_FreeDhKey +*/ +int wc_InitDhKey_ex(DhKey* key, void* heap, int devId); + +/*! + \ingroup Diffie-Hellman + \brief Computes shared secret with constant-time operations. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + \return BUFFER_E if output buffer too small + + \param key DH key with parameters + \param agree Output buffer for shared secret + \param agreeSz Input: buffer size, Output: secret size + \param priv Private key + \param privSz Private key size + \param otherPub Peer's public key + \param pubSz Peer's public key size + + _Example_ + \code + DhKey key; + byte agree[256], priv[256], pub[256]; + word32 agreeSz = sizeof(agree); + int ret = wc_DhAgree_ct(&key, agree, &agreeSz, priv, + sizeof(priv), pub, sizeof(pub)); + \endcode + + \sa wc_DhAgree +*/ +int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, + const byte* priv, word32 privSz, + const byte* otherPub, word32 pubSz); + +/*! + \ingroup Diffie-Hellman + \brief Sets DH key to use named group parameters. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + + \param key DH key to configure + \param name Named group identifier + + _Example_ + \code + DhKey key; + wc_InitDhKey(&key); + int ret = wc_DhSetNamedKey(&key, WC_FFDHE_2048); + \endcode + + \sa wc_DhGetNamedKeyParamSize +*/ +int wc_DhSetNamedKey(DhKey* key, int name); + +/*! + \ingroup Diffie-Hellman + \brief Gets parameter sizes for named group. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + + \param name Named group identifier + \param p Output for prime size + \param g Output for generator size + \param q Output for subgroup order size + + _Example_ + \code + word32 pSz, gSz, qSz; + int ret = wc_DhGetNamedKeyParamSize(WC_FFDHE_2048, &pSz, &gSz, + &qSz); + \endcode + + \sa wc_DhSetNamedKey +*/ +int wc_DhGetNamedKeyParamSize(int name, word32* p, word32* g, + word32* q); + +/*! + \ingroup Diffie-Hellman + \brief Gets minimum key size for named group. + + \return Minimum key size in bits + \return 0 if invalid name + + \param name Named group identifier + + _Example_ + \code + word32 minSize = wc_DhGetNamedKeyMinSize(WC_FFDHE_2048); + \endcode + + \sa wc_DhSetNamedKey +*/ +word32 wc_DhGetNamedKeyMinSize(int name); + +/*! + \ingroup Diffie-Hellman + \brief Compares parameters against named group. + + \return 0 if parameters match named group + \return Non-zero if parameters don't match + + \param name Named group identifier + \param noQ 1 to skip q comparison + \param p Prime modulus + \param pSz Prime size + \param g Generator + \param gSz Generator size + \param q Subgroup order + \param qSz Subgroup order size + + _Example_ + \code + byte p[256], g[256]; + int ret = wc_DhCmpNamedKey(WC_FFDHE_2048, 1, p, sizeof(p), + g, sizeof(g), NULL, 0); + \endcode + + \sa wc_DhSetNamedKey +*/ +int wc_DhCmpNamedKey(int name, int noQ, const byte* p, word32 pSz, + const byte* g, word32 gSz, const byte* q, + word32 qSz); + +/*! + \ingroup Diffie-Hellman + \brief Copies named group parameters to buffers. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + \return BUFFER_E if buffers too small + + \param name Named group identifier + \param p Output buffer for prime + \param pSz Input: buffer size, Output: prime size + \param g Output buffer for generator + \param gSz Input: buffer size, Output: generator size + \param q Output buffer for subgroup order + \param qSz Input: buffer size, Output: subgroup order size + + _Example_ + \code + byte p[512], g[512], q[512]; + word32 pSz = sizeof(p), gSz = sizeof(g), qSz = sizeof(q); + int ret = wc_DhCopyNamedKey(WC_FFDHE_2048, p, &pSz, g, &gSz, + q, &qSz); + \endcode + + \sa wc_DhSetNamedKey +*/ +int wc_DhCopyNamedKey(int name, byte* p, word32* pSz, byte* g, + word32* gSz, byte* q, word32* qSz); + +/*! + \ingroup Diffie-Hellman + \brief Generates public key from private key. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + + \param key DH key with parameters set + \param priv Private key + \param privSz Private key size + \param pub Output buffer for public key + \param pubSz Input: buffer size, Output: public key size + + _Example_ + \code + DhKey key; + byte priv[256], pub[256]; + word32 pubSz = sizeof(pub); + int ret = wc_DhGeneratePublic(&key, priv, sizeof(priv), pub, + &pubSz); + \endcode + + \sa wc_DhGenerateKeyPair +*/ +int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz, + byte* pub, word32* pubSz); + +/*! + \ingroup Diffie-Hellman + \brief Imports private and/or public key into DH key. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + + \param key DH key to import into + \param priv Private key (can be NULL) + \param privSz Private key size + \param pub Public key (can be NULL) + \param pubSz Public key size + + _Example_ + \code + DhKey key; + byte priv[256], pub[256]; + int ret = wc_DhImportKeyPair(&key, priv, sizeof(priv), pub, + sizeof(pub)); + \endcode + + \sa wc_DhExportKeyPair +*/ +int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, + const byte* pub, word32 pubSz); + +/*! + \ingroup Diffie-Hellman + \brief Exports private and public key from DH key. + + \return 0 on success + \return BAD_FUNC_ARG if parameters are invalid + \return BUFFER_E if buffers too small + + \param key DH key to export from + \param priv Output buffer for private key + \param pPrivSz Input: buffer size, Output: private key size + \param pub Output buffer for public key + \param pPubSz Input: buffer size, Output: public key size + + _Example_ + \code + DhKey key; + byte priv[256], pub[256]; + word32 privSz = sizeof(priv), pubSz = sizeof(pub); + int ret = wc_DhExportKeyPair(&key, priv, &privSz, pub, &pubSz); + \endcode + + \sa wc_DhImportKeyPair +*/ +int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, + byte* pub, word32* pPubSz); + +/*! + \ingroup Diffie-Hellman + \brief Validates public key value. + + \return 0 if public key is valid + \return BAD_FUNC_ARG if parameters are invalid + \return MP_VAL if public key is invalid + + \param prime Prime modulus + \param primeSz Prime size + \param pub Public key to validate + \param pubSz Public key size + + _Example_ + \code + byte prime[256], pub[256]; + int ret = wc_DhCheckPubValue(prime, sizeof(prime), pub, + sizeof(pub)); + if (ret != 0) { + // invalid public key + } + \endcode + + \sa wc_DhCheckPubKey +*/ +int wc_DhCheckPubValue(const byte* prime, word32 primeSz, + const byte* pub, word32 pubSz); + +/*! + \ingroup Diffie-Hellman \brief Checks DH keys for pair-wise consistency per process in SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. @@ -396,5 +1056,5 @@ /*! \ingroup Diffie-Hellman -*/ + */ int wc_FreeDhKey(DhKey* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/doxygen_pages.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/doxygen_pages.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/doxygen_pages.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/doxygen_pages.h 2026-05-24 09:58:33.000000000 +0000 @@ -51,6 +51,7 @@
  • \ref MD5
  • \ref Password
  • \ref PKCS7
  • +
  • \ref PKCS7_RSA_PSS
  • \ref PKCS11
  • \ref Poly1305
  • \ref RIPEMD
  • @@ -74,4 +75,36 @@ - \ref SAKKE_RSK - \ref SAKKE_Operations */ +/*! + \page AES_CryptoCB_KeyImport AES CryptoCB Key Import + + When enabled via WOLF_CRYPTO_CB_AES_SETKEY, wolfSSL invokes a CryptoCB + callback during AES key setup. The callback behavior determines the mode: + + **If callback returns 0 (success):** + - Key is imported to Secure Element/HSM + - Key is NOT copied to wolfSSL RAM (true key isolation) + - GCM tables are NOT generated (full hardware offload) + - All subsequent AES operations route through CryptoCB + + **If callback returns CRYPTOCB_UNAVAILABLE:** + - SE doesn't support key import + - Normal software AES path is used + - Key is copied to devKey for CryptoCB encrypt/decrypt acceleration + + This mode is compatible with Secure Elements and hardware-backed + key storage and is intended for protecting TLS traffic keys. + + \sa wc_CryptoCb_AesSetKey + \sa \ref Crypto Callbacks +*/ +/*! + \page PKCS7_RSA_PSS PKCS#7 RSA-PSS (CMS) + PKCS#7 SignedData supports RSA-PSS signers (CMS RSASSA-PSS). When WC_RSA_PSS + is defined, use wc_PKCS7_InitWithCert with a signer certificate that has + RSA-PSS (id-RSASSA-PSS) and set hashOID and optional rng; encode produces + full RSASSA-PSS-params (hashAlgorithm, mgfAlgorithm, saltLength, + trailerField). Verify accepts NULL, empty, or absent parameters with + RFC defaults. See \ref PKCS7 for the main API. +*/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dsa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -340,3 +340,298 @@ \sa wc_InitDsaKey */ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa); +/*! + \ingroup DSA + \brief Initializes DSA key with heap hint. + + \return 0 on success + \return negative on failure + + \param key DSA key structure + \param h Heap hint for memory allocation + + _Example_ + \code + DsaKey key; + int ret = wc_InitDsaKey_h(&key, NULL); + \endcode + + \sa wc_InitDsaKey +*/ +int wc_InitDsaKey_h(DsaKey* key, void* h); + +/*! + \ingroup DSA + \brief Signs digest with extended parameters. + + \return 0 on success + \return negative on failure + + \param digest Digest to sign + \param digestSz Digest size + \param out Output signature buffer + \param key DSA key + \param rng Random number generator + + _Example_ + \code + byte digest[WC_SHA_DIGEST_SIZE]; + byte sig[40]; + WC_RNG rng; + int ret = wc_DsaSign_ex(digest, sizeof(digest), sig, &key, + &rng); + \endcode + + \sa wc_DsaSign +*/ +int wc_DsaSign_ex(const byte* digest, word32 digestSz, byte* out, + DsaKey* key, WC_RNG* rng); + +/*! + \ingroup DSA + \brief Verifies signature with extended parameters. + + \return 0 on success + \return negative on failure + + \param digest Digest + \param digestSz Digest size + \param sig Signature buffer + \param key DSA key + \param answer Verification result + + _Example_ + \code + byte digest[WC_SHA_DIGEST_SIZE]; + byte sig[40]; + int answer; + int ret = wc_DsaVerify_ex(digest, sizeof(digest), sig, &key, + &answer); + \endcode + + \sa wc_DsaVerify +*/ +int wc_DsaVerify_ex(const byte* digest, word32 digestSz, + const byte* sig, DsaKey* key, int* answer); + +/*! + \ingroup DSA + \brief Sets DSA public key in output buffer. + + \return Size on success + \return negative on failure + + \param output Output buffer + \param key DSA key + \param outLen Output buffer length + \param with_header Include header flag + + _Example_ + \code + byte output[256]; + int ret = wc_SetDsaPublicKey(output, &key, sizeof(output), 1); + \endcode + + \sa wc_DsaKeyToPublicDer +*/ +int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, + int with_header); + +/*! + \ingroup DSA + \brief Converts DSA key to public DER format. + + \return Size on success + \return negative on failure + + \param key DSA key + \param output Output buffer + \param inLen Output buffer length + + _Example_ + \code + DsaKey key; + WC_RNG rng; + byte output[256]; + + // Initialize key and RNG + wc_InitDsaKey(&key); + wc_InitRng(&rng); + + // Generate DSA key or import existing key + wc_MakeDsaKey(&rng, &key); + + // Convert to public DER format + int ret = wc_DsaKeyToPublicDer(&key, output, sizeof(output)); + if (ret > 0) { + // output contains DER encoded public key of size ret + } + + wc_FreeDsaKey(&key); + wc_FreeRng(&rng); + \endcode + + \sa wc_SetDsaPublicKey +*/ +int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen); + +/*! + \ingroup DSA + \brief Imports DSA parameters from raw format. The parameters p, q, and + g must be provided as ASCII hexadecimal strings (without 0x prefix). + These represent the DSA domain parameters: p is the prime modulus, q is + the prime divisor (subgroup order), and g is the generator. + + \return 0 on success + \return negative on failure + + \param dsa DSA key structure (must be initialized) + \param p P parameter as ASCII hex string (prime modulus) + \param q Q parameter as ASCII hex string (prime divisor/subgroup order) + \param g G parameter as ASCII hex string (generator) + + _Example_ + \code + DsaKey dsa; + wc_InitDsaKey(&dsa); + + // DSA parameters as ASCII hexadecimal strings (example values) + const char* pStr = "E0A67598CD1B763BC98C8ABB333E5DDA0CD3AA0E5E1F" + "B5BA8A7B4EABC10BA338FAE06DD4B90FDA70D7CF0CB0" + "C638BE3341BEC0AF8A7330A3307DED2299A0EE606DF0" + "35177A239C34A912C202AA5F83B9C4A7CF0235B5316B" + "FC6EFB9A248411258B30B839AF172440F32563056CB6" + "7A861158DDD90E6A894C72A5BBEF9E286C6B"; + const char* qStr = "E950511EAB424B9A19A2AEB4E159B7844C589C4F"; + const char* gStr = "D29D5121B0423C2769AB21843E5A3240FF19CACC792D" + "C6E7925E6D1A4E6E4E3D119A3D133C8D3C8C8C8C8C8C" + "8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C" + "8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C"; + + int ret = wc_DsaImportParamsRaw(&dsa, pStr, qStr, gStr); + if (ret == 0) { + // DSA parameters successfully imported + // Can now use dsa for key generation or signing + } + wc_FreeDsaKey(&dsa); + \endcode + + \sa wc_DsaImportParamsRawCheck + \sa wc_InitDsaKey +*/ +int wc_DsaImportParamsRaw(DsaKey* dsa, const char* p, const char* q, + const char* g); + +/*! + \ingroup DSA + \brief Imports DSA parameters from raw format with optional validation. + The parameters p, q, and g must be provided as ASCII hexadecimal strings + (without 0x prefix). The trusted parameter controls whether the prime p + is validated: when trusted=1, prime checking is skipped (use when + parameters come from a trusted source); when trusted=0, performs full + primality testing on p (recommended for untrusted sources). + + \return 0 on success + \return DH_CHECK_PUB_E if p fails primality test (when trusted=0) + \return negative on other failures + + \param dsa DSA key structure (must be initialized) + \param p P parameter as ASCII hex string (prime modulus) + \param q Q parameter as ASCII hex string (prime divisor/subgroup order) + \param g G parameter as ASCII hex string (generator) + \param trusted If 1, skip prime validation (trusted source); if 0, + perform full primality test on p + \param rng Random number generator (required when trusted=0 for + primality testing) + + _Example_ + \code + DsaKey dsa; + WC_RNG rng; + + // Initialize DSA key and RNG + wc_InitDsaKey(&dsa); + wc_InitRng(&rng); + + // DSA parameters as ASCII hexadecimal strings + const char* pStr = "E0A67598CD1B763BC98C8ABB333E5DDA0CD3AA0E5E1F" + "B5BA8A7B4EABC10BA338FAE06DD4B90FDA70D7CF0CB0" + "C638BE3341BEC0AF8A7330A3307DED2299A0EE606DF0" + "35177A239C34A912C202AA5F83B9C4A7CF0235B5316B" + "FC6EFB9A248411258B30B839AF172440F32563056CB6" + "7A861158DDD90E6A894C72A5BBEF9E286C6B"; + const char* qStr = "E950511EAB424B9A19A2AEB4E159B7844C589C4F"; + const char* gStr = "D29D5121B0423C2769AB21843E5A3240FF19CACC792D" + "C6E7925E6D1A4E6E4E3D119A3D133C8D3C8C8C8C8C8C" + "8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C" + "8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C8C"; + + // Import with validation (trusted=0 performs primality test on p) + int ret = wc_DsaImportParamsRawCheck(&dsa, pStr, qStr, gStr, 0, + &rng); + if (ret == 0) { + // Parameters imported and validated successfully + } + + wc_FreeDsaKey(&dsa); + wc_FreeRng(&rng); + \endcode + + \sa wc_DsaImportParamsRaw + \sa wc_InitDsaKey +*/ +int wc_DsaImportParamsRawCheck(DsaKey* dsa, const char* p, + const char* q, const char* g, int trusted, WC_RNG* rng); + +/*! + \ingroup DSA + \brief Exports DSA parameters to raw format. + + \return 0 on success + \return negative on failure + + \param dsa DSA key structure + \param p P parameter buffer + \param pSz P parameter size (in/out) + \param q Q parameter buffer + \param qSz Q parameter size (in/out) + \param g G parameter buffer + \param gSz G parameter size (in/out) + + _Example_ + \code + byte p[256], q[32], g[256]; + word32 pSz = sizeof(p), qSz = sizeof(q), gSz = sizeof(g); + int ret = wc_DsaExportParamsRaw(&dsa, p, &pSz, q, &qSz, g, + &gSz); + \endcode + + \sa wc_DsaImportParamsRaw +*/ +int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz, byte* q, + word32* qSz, byte* g, word32* gSz); + +/*! + \ingroup DSA + \brief Exports DSA key to raw format. + + \return 0 on success + \return negative on failure + + \param dsa DSA key structure + \param x Private key buffer + \param xSz Private key size (in/out) + \param y Public key buffer + \param ySz Public key size (in/out) + + _Example_ + \code + byte x[32], y[256]; + word32 xSz = sizeof(x), ySz = sizeof(y); + int ret = wc_DsaExportKeyRaw(&dsa, x, &xSz, y, &ySz); + \endcode + + \sa wc_DsaImportParamsRaw +*/ +int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, + word32* ySz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -543,12 +543,12 @@ \ingroup ECC \brief This function verifies the ECC signature of a hash to ensure - authenticity. It returns the answer through stat, with 1 corresponding + authenticity. It returns the answer through res, with 1 corresponding to a valid signature, and 0 corresponding to an invalid signature. \return 0 Returned upon successfully performing the signature verification. Note: This does not mean that the signature is verified. - The authenticity information is stored instead in stat + The authenticity information is stored instead in res \return BAD_FUNC_ARG Returned any of the input parameters evaluate to NULL \return MEMORY_E Returned if there is an error allocating memory \return MP_INIT_E may be returned if there is an error while computing @@ -579,7 +579,7 @@ \param hash pointer to the buffer containing the hash of the message verified \param hashlen length of the hash of the message verified - \param stat pointer to the result of the verification. 1 indicates the + \param res pointer to the result of the verification. 1 indicates the message was successfully verified \param key pointer to a public ECC key with which to verify the signature @@ -605,14 +605,14 @@ */ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, - word32 hashlen, int* stat, ecc_key* key); + word32 hashlen, int* res, ecc_key* key); /*! \ingroup ECC - \brief Verify an ECC signature. Result is written to stat. + \brief Verify an ECC signature. Result is written to res. 1 is valid, 0 is invalid. - Note: Do not use the return value to test for valid. Only use stat. + Note: Do not use the return value to test for valid. Only use res. \return MP_OKAY If successful (even if the signature is not valid) \return ECC_BAD_ARG_E Returns if arguments are null or if @@ -623,20 +623,20 @@ \param s The signature S component to verify \param hash The hash (message digest) that was signed \param hashlen The length of the hash (octets) - \param stat Result of signature, 1==valid, 0==invalid + \param res Result of signature, 1==valid, 0==invalid \param key The corresponding public ECC key _Example_ \code mp_int r; mp_int s; - int stat; + int res; byte hash[] = { Some hash } ecc_key key; - if(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &stat, &key) == MP_OKAY) + if(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &res, &key) == MP_OKAY) { - // Check stat + // Check res } \endcode @@ -644,7 +644,7 @@ */ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* stat, ecc_key* key); + word32 hashlen, int* res, ecc_key* key); /*! \ingroup ECC @@ -885,7 +885,7 @@ \sa wc_ecc_del_point */ -int wc_ecc_copy_point(ecc_point* p, ecc_point *r); +int wc_ecc_copy_point(const ecc_point* p, ecc_point *r); /*! \ingroup ECC @@ -983,6 +983,7 @@ \param k The multiplicand. \param G Base point to multiply. \param R Destination of product. + \param a ECC curve parameter a. \param modulus The modulus for the curve. \param map If non-zero maps the point back to affine coordinates, otherwise it's left in jacobian-montgomery form. @@ -997,13 +998,16 @@ // Setup other arguments mp_int multiplicand; mp_int modulus; + mp_int a; int map; + int rc; + rc = wc_ecc_mulmod(&multiplicand, base, destination, &a, &modulus, map); \endcode \sa none */ -int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, +int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); /*! @@ -1534,7 +1538,7 @@ \sa wc_ecc_export_point_der */ -int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, +int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx, ecc_point* point); /*! @@ -1621,7 +1625,7 @@ \sa wc_ecc_sig_size_calc */ -int wc_ecc_sig_size(ecc_key* key); +int wc_ecc_sig_size(const ecc_key* key); /*! @@ -1681,7 +1685,7 @@ \sa wc_ecc_ctx_new */ -void wc_ecc_ctx_free(ecEncCtx*); +void wc_ecc_ctx_free(ecEncCtx* ctx); /*! \ingroup ECC @@ -1779,7 +1783,7 @@ \sa wc_ecc_ctx_set_kdf_salt */ -const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); +const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx); /*! \ingroup ECC @@ -2089,7 +2093,7 @@ \return 0 Returned upon successfully setting the callback context the input message \param key pointer to the ecc_key object - \param ctx pointer to ecc_nb_ctx_t structure with stack data cache for SP + \param ctx pointer to ecc nb_ctx_t structure with stack data cache for SP _Example_ \code @@ -2143,3 +2147,1244 @@ \endcode */ int wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id); + +/*! + \ingroup ECC + \brief Gets private key mp_int from ECC key. + + \return mp_int pointer on success + \return NULL on failure + + \param key ECC key structure + + _Example_ + \code + ecc_key key; + mp_int* priv = wc_ecc_key_get_priv(&key); + \endcode + + \sa wc_ecc_init +*/ +mp_int* wc_ecc_key_get_priv(ecc_key* key); + +/*! + \ingroup ECC + \brief Allocates and initializes new ECC key. + + \return ecc_key pointer on success + \return NULL on failure + + \param heap Heap hint for memory allocation + + _Example_ + \code + ecc_key* key = wc_ecc_key_new(NULL); + if (key != NULL) { + // use key + wc_ecc_key_free(key); + } + \endcode + + \sa wc_ecc_key_free +*/ +ecc_key* wc_ecc_key_new(void* heap); + +/*! + \ingroup ECC + \brief Returns number of supported ECC curve sets. + + \return Number of curve sets + + _Example_ + \code + size_t count = wc_ecc_get_sets_count(); + \endcode + + \sa wc_ecc_get_curve_params +*/ +size_t wc_ecc_get_sets_count(void); + +/*! + \ingroup ECC + \brief Gets curve name from curve ID. + + \return Curve name string on success + \return NULL on failure + + \param curve_id Curve identifier + + _Example_ + \code + const char* name = wc_ecc_get_name(ECC_SECP256R1); + \endcode + + \sa wc_ecc_get_curve_id +*/ +const char* wc_ecc_get_name(int curve_id); + +/*! + \ingroup ECC + \brief Makes ECC key with extended options. + + \return 0 on success + \return negative on error + + \param rng Random number generator + \param keysize Key size in bytes + \param key ECC key structure + \param curve_id Curve identifier + \param flags Additional flags + + _Example_ + \code + WC_RNG rng; + ecc_key key; + int ret = wc_ecc_make_key_ex2(&rng, 32, &key, + ECC_SECP256R1, 0); + \endcode + + \sa wc_ecc_make_key_ex +*/ +int wc_ecc_make_key_ex2(WC_RNG* rng, int keysize, ecc_key* key, + int curve_id, int flags); + +/*! + \ingroup ECC + \brief Checks if point is on curve. + + \return 1 if point is on curve + \return 0 if not on curve + \return negative on error + + \param ecp ECC point + \param a Curve parameter a + \param b Curve parameter b + \param prime Curve prime + + _Example_ + \code + ecc_point* point; + mp_int a, b, prime; + int ret = wc_ecc_is_point(point, &a, &b, &prime); + \endcode + + \sa wc_ecc_point_is_on_curve +*/ +int wc_ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, + mp_int* prime); + +/*! + \ingroup ECC + \brief Gets generator point for curve. + + \return 0 on success + \return negative on error + + \param ecp ECC point to store generator + \param curve_idx Curve index + + _Example_ + \code + ecc_point* gen = wc_ecc_new_point(); + int ret = wc_ecc_get_generator(gen, 0); + \endcode + + \sa wc_ecc_get_curve_params +*/ +int wc_ecc_get_generator(ecc_point* ecp, int curve_idx); + +/*! + \ingroup ECC + \brief Sets deterministic signing mode. + + \return 0 on success + \return negative on error + + \param key ECC key + \param flag Enable/disable flag + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_set_deterministic(&key, 1); + \endcode + + \sa wc_ecc_set_deterministic_ex +*/ +int wc_ecc_set_deterministic(ecc_key* key, byte flag); + +/*! + \ingroup ECC + \brief Sets deterministic signing with hash type. + + \return 0 on success + \return negative on error + + \param key ECC key + \param flag Enable/disable flag + \param hashType Hash algorithm type + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_set_deterministic_ex(&key, 1, WC_HASH_TYPE_SHA256); + \endcode + + \sa wc_ecc_set_deterministic +*/ +int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, + enum wc_HashType hashType); + +/*! + \ingroup ECC + \brief Generates deterministic k value for signing. + + \return 0 on success + \return negative on error + + \param hash Hash value + \param hashSz Hash size + \param hashType Hash algorithm type + \param priv Private key + \param k Output k value + \param order Curve order + \param heap Heap hint + + _Example_ + \code + byte hash[32]; + mp_int priv, k, order; + int ret = wc_ecc_gen_deterministic_k(hash, 32, + WC_HASH_TYPE_SHA256, + &priv, &k, &order, NULL); + \endcode + + \sa wc_ecc_sign_set_k +*/ +int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, + enum wc_HashType hashType, mp_int* priv, mp_int* k, + mp_int* order, void* heap); + +/*! + \ingroup ECC + \brief Sets k value for signing. + + \return 0 on success + \return negative on error + + \param k K value buffer + \param klen K value length + \param key ECC key + + _Example_ + \code + byte k[32]; + ecc_key key; + int ret = wc_ecc_sign_set_k(k, sizeof(k), &key); + \endcode + + \sa wc_ecc_gen_deterministic_k +*/ +int wc_ecc_sign_set_k(const byte* k, word32 klen, ecc_key* key); + +/*! + \ingroup ECC + \brief Initializes ECC key with ID. + + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + + \return 0 on success + \return negative on error + + \param key ECC key + \param id ID buffer + \param len ID length + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + ecc_key key; + unsigned char id[] = "mykey"; + int ret = wc_ecc_init_id(&key, id, sizeof(id), NULL, + INVALID_DEVID); + \endcode + + \sa wc_ecc_init_label +*/ +int wc_ecc_init_id(ecc_key* key, unsigned char* id, int len, + void* heap, int devId); + +/*! + \ingroup ECC + \brief Initializes ECC key with label. + + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + + \return 0 on success + \return negative on error + + \param key ECC key + \param label Label string + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_init_label(&key, "mykey", NULL, + INVALID_DEVID); + \endcode + + \sa wc_ecc_init_id +*/ +int wc_ecc_init_label(ecc_key* key, const char* label, void* heap, + int devId); + +/*! + \ingroup ECC + \brief Sets flags on ECC key. + + \return 0 on success + \return negative on error + + \param key ECC key + \param flags Flags to set + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_set_flags(&key, WC_ECC_FLAG_COFACTOR); + \endcode + + \sa wc_ecc_init +*/ +int wc_ecc_set_flags(ecc_key* key, word32 flags); + +/*! + \ingroup ECC + \brief Initializes fixed-point cache. + + \return none No returns + + _Example_ + \code + wc_ecc_fp_init(); + \endcode + + \sa wc_ecc_init +*/ +void wc_ecc_fp_init(void); + +/*! + \ingroup ECC + \brief Sets RNG for ECC key. + + \return 0 on success + \return negative on error + + \param key ECC key + \param rng Random number generator + + _Example_ + \code + ecc_key key; + WC_RNG rng; + int ret = wc_ecc_set_rng(&key, &rng); + \endcode + + \sa wc_ecc_make_key +*/ +int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); + +/*! + \ingroup ECC + \brief Gets curve index from curve ID. + + \return Curve index on success + \return negative on error + + \param curve_id Curve identifier + + _Example_ + \code + int idx = wc_ecc_get_curve_idx(ECC_SECP256R1); + \endcode + + \sa wc_ecc_get_curve_id +*/ +int wc_ecc_get_curve_idx(int curve_id); + +/*! + \ingroup ECC + \brief Gets curve ID from curve index. + + \return Curve ID on success + \return negative on error + + \param curve_idx Curve index + + _Example_ + \code + int id = wc_ecc_get_curve_id(0); + \endcode + + \sa wc_ecc_get_curve_idx +*/ +int wc_ecc_get_curve_id(int curve_idx); + +/*! + \ingroup ECC + \brief Gets curve size from curve ID. + + \return Key size in bytes on success + \return negative on error + + \param curve_id Curve identifier + + _Example_ + \code + int size = wc_ecc_get_curve_size_from_id(ECC_SECP256R1); + \endcode + + \sa wc_ecc_get_curve_id +*/ +int wc_ecc_get_curve_size_from_id(int curve_id); + +/*! + \ingroup ECC + \brief Gets curve index from curve name. + + \return Curve index on success + \return negative on error + + \param curveName Curve name string + + _Example_ + \code + int idx = wc_ecc_get_curve_idx_from_name("SECP256R1"); + \endcode + + \sa wc_ecc_get_name +*/ +int wc_ecc_get_curve_idx_from_name(const char* curveName); + +/*! + \ingroup ECC + \brief Gets curve size from curve name. + + \return Key size in bytes on success + \return negative on error + + \param curveName Curve name string + + _Example_ + \code + int size = wc_ecc_get_curve_size_from_name("SECP256R1"); + \endcode + + \sa wc_ecc_get_curve_idx_from_name +*/ +int wc_ecc_get_curve_size_from_name(const char* curveName); + +/*! + \ingroup ECC + \brief Gets curve ID from curve name. + + \return Curve ID on success + \return negative on error + + \param curveName Curve name string + + _Example_ + \code + int id = wc_ecc_get_curve_id_from_name("SECP256R1"); + \endcode + + \sa wc_ecc_get_name +*/ +int wc_ecc_get_curve_id_from_name(const char* curveName); + +/*! + \ingroup ECC + \brief Gets curve ID from curve parameters. + + \return Curve ID on success + \return negative on error + + \param fieldSize Field size + \param prime Prime modulus + \param primeSz Prime size + \param Af Curve parameter A + \param AfSz A size + \param Bf Curve parameter B + \param BfSz B size + \param order Curve order + \param orderSz Order size + \param Gx Generator X coordinate + \param GxSz Gx size + \param Gy Generator Y coordinate + \param GySz Gy size + \param cofactor Curve cofactor + + _Example_ + \code + int id = wc_ecc_get_curve_id_from_params(256, prime, 32, + Af, 32, Bf, 32, + order, 32, Gx, 32, + Gy, 32, 1); + \endcode + + \sa wc_ecc_get_curve_params +*/ +int wc_ecc_get_curve_id_from_params(int fieldSize, + const byte* prime, word32 primeSz, const byte* Af, word32 AfSz, + const byte* Bf, word32 BfSz, const byte* order, word32 orderSz, + const byte* Gx, word32 GxSz, const byte* Gy, word32 GySz, + int cofactor); + +/*! + \ingroup ECC + \brief Gets curve ID from domain parameters. + + \return Curve ID on success + \return negative on error + + \param dp Domain parameters + + _Example_ + \code + const ecc_set_type* dp; + int id = wc_ecc_get_curve_id_from_dp_params(dp); + \endcode + + \sa wc_ecc_get_curve_params +*/ +int wc_ecc_get_curve_id_from_dp_params(const ecc_set_type* dp); + +/*! + \ingroup ECC + \brief Gets curve ID from OID. + + \return Curve ID on success + \return negative on error + + \param oid OID buffer + \param len OID length + + _Example_ + \code + byte oid[] = {0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07}; + int id = wc_ecc_get_curve_id_from_oid(oid, sizeof(oid)); + \endcode + + \sa wc_ecc_get_oid +*/ +int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len); + +/*! + \ingroup ECC + \brief Gets curve parameters from curve index. + + \return ecc_set_type pointer on success + \return NULL on failure + + \param curve_idx Curve index + + _Example_ + \code + const ecc_set_type* params = wc_ecc_get_curve_params(0); + \endcode + + \sa wc_ecc_get_curve_idx +*/ +const ecc_set_type* wc_ecc_get_curve_params(int curve_idx); + +/*! + \ingroup ECC + \brief Allocates new ECC point. + + \return ecc_point pointer on success + \return NULL on failure + + _Example_ + \code + ecc_point* point = wc_ecc_new_point(); + if (point != NULL) { + // use point + wc_ecc_del_point(point); + } + \endcode + + \sa wc_ecc_del_point +*/ +ecc_point* wc_ecc_new_point(void); + +/*! + \ingroup ECC + \brief Allocates new ECC point with heap hint. + + \return ecc_point pointer on success + \return NULL on failure + + \param h Heap hint + + _Example_ + \code + ecc_point* point = wc_ecc_new_point_h(NULL); + if (point != NULL) { + // use point + wc_ecc_del_point_h(point, NULL); + } + \endcode + + \sa wc_ecc_del_point_h +*/ +ecc_point* wc_ecc_new_point_h(void* h); + +/*! + \ingroup ECC + \brief Frees ECC point with heap hint. + + \return none No returns + + \param p ECC point to free + \param h Heap hint + + _Example_ + \code + ecc_point* point = wc_ecc_new_point_h(NULL); + // use point + wc_ecc_del_point_h(point, NULL); + \endcode + + \sa wc_ecc_new_point_h +*/ +void wc_ecc_del_point_h(ecc_point* p, void* h); + +/*! + \ingroup ECC + \brief Securely zeros ECC point. + + \return none No returns + + \param p ECC point to zero + + _Example_ + \code + ecc_point* point; + wc_ecc_forcezero_point(point); + \endcode + + \sa wc_ecc_del_point +*/ +void wc_ecc_forcezero_point(ecc_point* p); + +/*! + \ingroup ECC + \brief Checks if point is on curve. + + \return 1 if on curve + \return 0 if not on curve + \return negative on error + + \param p ECC point + \param curve_idx Curve index + + _Example_ + \code + ecc_point* point; + int ret = wc_ecc_point_is_on_curve(point, 0); + \endcode + + \sa wc_ecc_is_point +*/ +int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx); + +/*! + \ingroup ECC + \brief Imports X9.63 format with curve ID. + + \return 0 on success + \return negative on error + + \param in Input buffer + \param inLen Input length + \param key ECC key + \param curve_id Curve identifier + + _Example_ + \code + byte x963[65]; + ecc_key key; + int ret = wc_ecc_import_x963_ex(x963, sizeof(x963), &key, + ECC_SECP256R1); + \endcode + + \sa wc_ecc_import_x963 +*/ +int wc_ecc_import_x963_ex(const byte* in, word32 inLen, + ecc_key* key, int curve_id); + +/*! + \ingroup ECC + \brief Imports private key with curve ID. + + \return 0 on success + \return negative on error + + \param priv Private key buffer + \param privSz Private key size + \param pub Public key buffer + \param pubSz Public key size + \param key ECC key + \param curve_id Curve identifier + + _Example_ + \code + byte priv[32], pub[65]; + ecc_key key; + int ret = wc_ecc_import_private_key_ex(priv, 32, pub, 65, + &key, ECC_SECP256R1); + \endcode + + \sa wc_ecc_import_private_key +*/ +int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ecc_key* key, int curve_id); + +/*! + \ingroup ECC + \brief Converts raw r,s to signature. + + \return 0 on success + \return negative on error + + \param r R value buffer + \param rSz R value size + \param s S value buffer + \param sSz S value size + \param out Output signature buffer + \param outlen Output signature length + + _Example_ + \code + byte r[32], s[32], sig[72]; + word32 sigLen = sizeof(sig); + int ret = wc_ecc_rs_raw_to_sig(r, 32, s, 32, sig, &sigLen); + \endcode + + \sa wc_ecc_sig_to_rs +*/ +int wc_ecc_rs_raw_to_sig(const byte* r, word32 rSz, const byte* s, + word32 sSz, byte* out, word32* outlen); + +/*! + \ingroup ECC + \brief Converts signature to raw r,s. + + \return 0 on success + \return negative on error + + \param sig Signature buffer + \param sigLen Signature length + \param r R value buffer + \param rLen R value length + \param s S value buffer + \param sLen S value length + + _Example_ + \code + byte sig[72], r[32], s[32]; + word32 rLen = 32, sLen = 32; + int ret = wc_ecc_sig_to_rs(sig, 72, r, &rLen, s, &sLen); + \endcode + + \sa wc_ecc_rs_raw_to_sig +*/ +int wc_ecc_sig_to_rs(const byte* sig, word32 sigLen, byte* r, + word32* rLen, byte* s, word32* sLen); + +/*! + \ingroup ECC + \brief Imports raw key with curve ID. + + \return 0 on success + \return negative on error + + \param key ECC key + \param qx X coordinate string + \param qy Y coordinate string + \param d Private key string + \param curve_id Curve identifier + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_import_raw_ex(&key, qxStr, qyStr, dStr, + ECC_SECP256R1); + \endcode + + \sa wc_ecc_import_raw +*/ +int wc_ecc_import_raw_ex(ecc_key* key, const char* qx, + const char* qy, const char* d, int curve_id); + +/*! + \ingroup ECC + \brief Imports unsigned key with curve ID. + + \return 0 on success + \return negative on error + + \param key ECC key + \param qx X coordinate buffer + \param qy Y coordinate buffer + \param d Private key buffer + \param curve_id Curve identifier + + _Example_ + \code + ecc_key key; + byte qx[32], qy[32], d[32]; + int ret = wc_ecc_import_unsigned(&key, qx, qy, d, + ECC_SECP256R1); + \endcode + + \sa wc_ecc_import_raw_ex +*/ +int wc_ecc_import_unsigned(ecc_key* key, const byte* qx, + const byte* qy, const byte* d, int curve_id); + +/*! + \ingroup ECC + \brief Exports key with encoding type. + + \return 0 on success + \return negative on error + + \param key ECC key + \param qx X coordinate buffer + \param qxLen X coordinate length + \param qy Y coordinate buffer + \param qyLen Y coordinate length + \param d Private key buffer + \param dLen Private key length + \param encType Encoding type + + _Example_ + \code + ecc_key key; + byte qx[32], qy[32], d[32]; + word32 qxLen = 32, qyLen = 32, dLen = 32; + int ret = wc_ecc_export_ex(&key, qx, &qxLen, qy, &qyLen, + d, &dLen, 0); + \endcode + + \sa wc_ecc_export_public_raw +*/ +int wc_ecc_export_ex(ecc_key* key, byte* qx, word32* qxLen, + byte* qy, word32* qyLen, byte* d, word32* dLen, int encType); + +/*! + \ingroup ECC + \brief Exports public key in raw format. + + \return 0 on success + \return negative on error + + \param key ECC key + \param qx X coordinate buffer + \param qxLen X coordinate length + \param qy Y coordinate buffer + \param qyLen Y coordinate length + + _Example_ + \code + ecc_key key; + byte qx[32], qy[32]; + word32 qxLen = 32, qyLen = 32; + int ret = wc_ecc_export_public_raw(&key, qx, &qxLen, qy, + &qyLen); + \endcode + + \sa wc_ecc_export_private_raw +*/ +int wc_ecc_export_public_raw(ecc_key* key, byte* qx, + word32* qxLen, byte* qy, word32* qyLen); + +/*! + \ingroup ECC + \brief Exports private key in raw format. + + \return 0 on success + \return negative on error + + \param key ECC key + \param qx X coordinate buffer + \param qxLen X coordinate length + \param qy Y coordinate buffer + \param qyLen Y coordinate length + \param d Private key buffer + \param dLen Private key length + + _Example_ + \code + ecc_key key; + byte qx[32], qy[32], d[32]; + word32 qxLen = 32, qyLen = 32, dLen = 32; + int ret = wc_ecc_export_private_raw(&key, qx, &qxLen, qy, + &qyLen, d, &dLen); + \endcode + + \sa wc_ecc_export_public_raw +*/ +int wc_ecc_export_private_raw(ecc_key* key, byte* qx, + word32* qxLen, byte* qy, word32* qyLen, byte* d, word32* dLen); + +/*! + \ingroup ECC + \brief Exports point in DER format with compression. + + \return Size on success + \return negative on error + + \param curve_idx Curve index + \param point ECC point + \param out Output buffer + \param outLen Output length + \param compressed Compression flag + + _Example_ + \code + ecc_point* point; + byte out[65]; + word32 outLen = sizeof(out); + int ret = wc_ecc_export_point_der_ex(0, point, out, &outLen, + 0); + \endcode + + \sa wc_ecc_export_point_der +*/ +int wc_ecc_export_point_der_ex(const int curve_idx, + ecc_point* point, byte* out, word32* outLen, int compressed); + +/*! + \ingroup ECC + \brief Imports point from DER format. + + \return 0 on success + \return negative on error + + \param in Input buffer + \param inLen Input length + \param curve_idx Curve index + \param point ECC point + \param shortKeySize Short key size flag + + _Example_ + \code + byte der[65]; + ecc_point* point = wc_ecc_new_point(); + int ret = wc_ecc_import_point_der_ex(der, sizeof(der), 0, + point, 0); + \endcode + + \sa wc_ecc_import_point_der +*/ +int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, + const int curve_idx, ecc_point* point, int shortKeySize); + +/*! + \ingroup ECC + \brief Gets OID for curve. + + \return 0 on success + \return negative on error + + \param oidSum OID sum + \param oid OID buffer pointer + \param oidSz OID size pointer + + _Example_ + \code + const byte* oid; + word32 oidSz; + int ret = wc_ecc_get_oid(0x2A8648CE3D030107, &oid, &oidSz); + \endcode + + \sa wc_ecc_get_curve_id_from_oid +*/ +int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz); + +/*! + \ingroup ECC + \brief Sets custom curve parameters. + + \return 0 on success + \return negative on error + + \param key ECC key + \param dp Domain parameters + + _Example_ + \code + ecc_key key; + ecc_set_type dp; + int ret = wc_ecc_set_custom_curve(&key, &dp); + \endcode + + \sa wc_ecc_get_curve_params +*/ +int wc_ecc_set_custom_curve(ecc_key* key, const ecc_set_type* dp); + +/*! + \ingroup ECC + \brief Creates new ECC encryption context. + + \return ecEncCtx pointer on success + \return NULL on failure + + \param flags Context flags + \param rng Random number generator + + _Example_ + \code + WC_RNG rng; + ecEncCtx* ctx = wc_ecc_ctx_new(0, &rng); + \endcode + + \sa wc_ecc_ctx_free +*/ +ecEncCtx* wc_ecc_ctx_new(int flags, WC_RNG* rng); + +/*! + \ingroup ECC + \brief Creates new ECC encryption context with heap. + + \return ecEncCtx pointer on success + \return NULL on failure + + \param flags Context flags + \param rng Random number generator + \param heap Heap hint + + _Example_ + \code + WC_RNG rng; + ecEncCtx* ctx = wc_ecc_ctx_new_ex(0, &rng, NULL); + \endcode + + \sa wc_ecc_ctx_new +*/ +ecEncCtx* wc_ecc_ctx_new_ex(int flags, WC_RNG* rng, void* heap); + +/*! + \ingroup ECC + \brief Resets ECC encryption context. + + \return 0 on success + \return negative on error + + \param ctx ECC encryption context + \param rng Random number generator + + _Example_ + \code + ecEncCtx* ctx; + WC_RNG rng; + int ret = wc_ecc_ctx_reset(ctx, &rng); + \endcode + + \sa wc_ecc_ctx_new +*/ +int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng); + +/*! + \ingroup ECC + \brief Gets own salt from context. + + \return Salt pointer on success + \return NULL on failure + + \param ctx ECC encryption context + + _Example_ + \code + ecEncCtx* ctx; + const byte* salt = wc_ecc_ctx_get_own_salt(ctx); + \endcode + + \sa wc_ecc_ctx_set_own_salt +*/ +const byte* wc_ecc_ctx_get_own_salt(ecEncCtx* ctx); + +/*! + \ingroup ECC + \brief Sets own salt in context. + + \return 0 on success + \return negative on error + + \param ctx ECC encryption context + \param salt Salt buffer + \param sz Salt size + + _Example_ + \code + ecEncCtx* ctx; + byte salt[16]; + int ret = wc_ecc_ctx_set_own_salt(ctx, salt, sizeof(salt)); + \endcode + + \sa wc_ecc_ctx_get_own_salt +*/ +int wc_ecc_ctx_set_own_salt(ecEncCtx* ctx, const byte* salt, + word32 sz); + +/*! + \ingroup ECC + \brief X9.63 Key Derivation Function. + + \return 0 on success + \return negative on error + + \param type Hash type + \param secret Shared secret + \param secretSz Secret size + \param sinfo Shared info + \param sinfoSz Shared info size + \param out Output buffer + \param outSz Output size + + _Example_ + \code + byte secret[32], sinfo[10], out[32]; + int ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, secret, 32, + sinfo, 10, out, 32); + \endcode + + \sa wc_ecc_shared_secret +*/ +int wc_X963_KDF(enum wc_HashType type, const byte* secret, + word32 secretSz, const byte* sinfo, word32 sinfoSz, + byte* out, word32 outSz); + +/*! + \ingroup ECC + \brief Initializes curve cache. + + \return 0 on success + \return negative on error + + _Example_ + \code + int ret = wc_ecc_curve_cache_init(); + \endcode + + \sa wc_ecc_curve_cache_free +*/ +int wc_ecc_curve_cache_init(void); + +/*! + \ingroup ECC + \brief Frees curve cache. + + \return none No returns + + _Example_ + \code + wc_ecc_curve_cache_free(); + \endcode + + \sa wc_ecc_curve_cache_init +*/ +void wc_ecc_curve_cache_free(void); + +/*! + \ingroup ECC + \brief Generates random k value. + + \return 0 on success + \return negative on error + + \param rng Random number generator + \param size Key size + \param k Output k value + \param order Curve order + + _Example_ + \code + WC_RNG rng; + mp_int k, order; + int ret = wc_ecc_gen_k(&rng, 32, &k, &order); + \endcode + + \sa wc_ecc_sign_hash +*/ +int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order); + +/*! + \ingroup ECC + \brief Sets remote handle for hardware. + + \return 0 on success + \return negative on error + + \param key ECC key + \param handle Remote handle + + _Example_ + \code + ecc_key key; + remote_handle64 handle = 0x1234; + int ret = wc_ecc_set_handle(&key, handle); + \endcode + + \sa wc_ecc_init +*/ +int wc_ecc_set_handle(ecc_key* key, remote_handle64 handle); + +/*! + \ingroup ECC + \brief Uses key ID for hardware. + + \return 0 on success + \return negative on error + + \param key ECC key + \param keyId Key identifier + \param flags Flags + + _Example_ + \code + ecc_key key; + int ret = wc_ecc_use_key_id(&key, 1, 0); + \endcode + + \sa wc_ecc_get_key_id +*/ +int wc_ecc_use_key_id(ecc_key* key, word32 keyId, word32 flags); + +/*! + \ingroup ECC + \brief Gets key ID from hardware key. + + \return 0 on success + \return negative on error + + \param key ECC key + \param keyId Key identifier pointer + + _Example_ + \code + ecc_key key; + word32 keyId; + int ret = wc_ecc_get_key_id(&key, &keyId); + \endcode + + \sa wc_ecc_use_key_id +*/ +int wc_ecc_get_key_id(ecc_key* key, word32* keyId); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed25519.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -201,7 +201,7 @@ to sign. \param [in] hashLen Length of the hash of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed25519_key with which to generate the signature. @@ -1087,3 +1087,218 @@ */ int wc_ed25519_sig_size(const ed25519_key* key); +/*! + \ingroup ED25519 + \brief Signs message with extended parameters. + + \return 0 on success + \return negative on failure + + \param in Input message + \param inLen Input message length + \param out Output signature buffer + \param outLen Output signature length pointer + \param key Ed25519 key + \param type Signature type + \param context Context buffer + \param contextLen Context length + + _Example_ + \code + byte msg[] = "message"; + byte sig[ED25519_SIG_SIZE]; + word32 sigLen = sizeof(sig); + int ret = wc_ed25519_sign_msg_ex(msg, sizeof(msg), sig, &sigLen, + &key, Ed25519, NULL, 0); + \endcode + + \sa wc_ed25519_sign_msg +*/ +int wc_ed25519_sign_msg_ex(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed25519_key* key, byte type, const byte* context, + byte contextLen); + +/*! + \ingroup ED25519 + \brief Verifies signature with extended parameters. + + \return 0 on success + \return negative on failure + + \param sig Signature buffer + \param sigLen Signature length + \param msg Message buffer + \param msgLen Message length + \param res Verification result pointer + \param key Ed25519 key + \param type Signature type + \param context Context buffer + \param contextLen Context length + + _Example_ + \code + byte msg[] = "message"; + byte sig[ED25519_SIG_SIZE]; + int res; + int ret = wc_ed25519_verify_msg_ex(sig, sizeof(sig), msg, + sizeof(msg), &res, &key, + Ed25519, NULL, 0); + \endcode + + \sa wc_ed25519_verify_msg +*/ +int wc_ed25519_verify_msg_ex(const byte* sig, word32 sigLen, + const byte* msg, word32 msgLen, int* res, ed25519_key* key, + byte type, const byte* context, byte contextLen); + +/*! + \ingroup ED25519 + \brief Initializes streaming verification. + + \return 0 on success + \return negative on failure + + \param sig Signature buffer + \param sigLen Signature length + \param key Ed25519 key + \param type Signature type + \param context Context buffer + \param contextLen Context length + + _Example_ + \code + byte sig[ED25519_SIG_SIZE]; + int ret = wc_ed25519_verify_msg_init(sig, sizeof(sig), &key, + Ed25519, NULL, 0); + \endcode + + \sa wc_ed25519_verify_msg_update + \sa wc_ed25519_verify_msg_final +*/ +int wc_ed25519_verify_msg_init(const byte* sig, word32 sigLen, + ed25519_key* key, byte type, const byte* context, + byte contextLen); + +/*! + \ingroup ED25519 + \brief Updates streaming verification with message segment. + + \return 0 on success + \return negative on failure + + \param msgSegment Message segment buffer + \param msgSegmentLen Message segment length + \param key Ed25519 key + + _Example_ + \code + byte msgPart[] = "part"; + int ret = wc_ed25519_verify_msg_update(msgPart, sizeof(msgPart), + &key); + \endcode + + \sa wc_ed25519_verify_msg_init + \sa wc_ed25519_verify_msg_final +*/ +int wc_ed25519_verify_msg_update(const byte* msgSegment, + word32 msgSegmentLen, ed25519_key* key); + +/*! + \ingroup ED25519 + \brief Finalizes streaming verification. + + \return 0 on success + \return negative on failure + + \param sig Signature buffer + \param sigLen Signature length + \param res Verification result pointer + \param key Ed25519 key + + _Example_ + \code + byte sig[ED25519_SIG_SIZE]; + int res; + int ret = wc_ed25519_verify_msg_final(sig, sizeof(sig), &res, + &key); + \endcode + + \sa wc_ed25519_verify_msg_init + \sa wc_ed25519_verify_msg_update +*/ +int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, + int* res, ed25519_key* key); + +/*! + \ingroup ED25519 + \brief Initializes Ed25519 key with extended parameters. + + \return 0 on success + \return negative on failure + + \param key Ed25519 key structure + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + + _Example_ + \code + ed25519_key key; + int ret = wc_ed25519_init_ex(&key, NULL, INVALID_DEVID); + \endcode + + \sa wc_ed25519_init +*/ +int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); + +/*! + \ingroup ED25519 + \brief Allocates and initializes new Ed25519 key. These New/Delete + functions are exposed to support allocation of the structure using + dynamic memory to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return ed25519_key pointer on success + \return NULL on failure + + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + \param result_code Result code pointer + + _Example_ + \code + int result; + ed25519_key* key = wc_ed25519_new(NULL, INVALID_DEVID, &result); + \endcode + + \sa wc_ed25519_delete +*/ +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); + +/*! + \ingroup ED25519 + \brief Frees and deletes Ed25519 key. These New/Delete functions are + exposed to support allocation of the structure using dynamic memory + to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return 0 on success + \return negative on failure + + \param key Ed25519 key to delete + \param key_p Pointer to key pointer (set to NULL after delete) + + _Example_ + \code + ed25519_key* key = wc_ed25519_new(NULL, INVALID_DEVID, NULL); + int ret = wc_ed25519_delete(key, &key); + \endcode + + \sa wc_ed25519_new +*/ +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed448.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed448.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ed448.h 2026-05-24 09:58:33.000000000 +0000 @@ -12,10 +12,8 @@ during function execution. \param [in] key Pointer to the ed448_key for which to generate a key. - \param [out] out Pointer to the buffer in which to store the public key. - \param [in,out] outLen Pointer to a word32 object with the size available - in out. Set with the number of bytes written to out after successfully - exporting the public key. + \param [out] pubKey Pointer to the buffer in which to store the public key. + \param [in] pubKeySz Size of the pubKey buffer in bytes. _Example_ \code @@ -93,12 +91,15 @@ function execution. \param [in] in Pointer to the buffer containing the message to sign. - \param [in] inlen Length of the message to sign. + \param [in] inLen Length of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. + \param [in] context Pointer to the buffer containing the context for which + message is being signed. + \param [in] contextLen Length of the context buffer. _Example_ \code @@ -124,8 +125,9 @@ \sa wc_ed448_verify_msg */ -int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, - word32 *outlen, ed448_key* key); +int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed448_key* key, + const byte* context, byte contextLen); /*! \ingroup ED448 @@ -145,7 +147,7 @@ to sign. \param [in] hashLen Length of the hash of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. @@ -198,9 +200,9 @@ function execution. \param [in] in Pointer to the buffer containing the message to sign. - \param [in] inlen Length of the message to sign. + \param [in] inLen Length of the message to sign. \param [out] out Buffer in which to store the generated signature. - \param [in,out] outlen Maximum length of the output buffer. Will store the + \param [in,out] outLen Maximum length of the output buffer. Will store the bytes written to out upon successfully generating a message signature. \param [in] key Pointer to a private ed448_key with which to generate the signature. @@ -257,6 +259,8 @@ \param [in] siglen Length of the signature to verify. \param [in] msg Pointer to the buffer containing the message to verify. \param [in] msgLen Length of the message to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which @@ -310,7 +314,9 @@ \param [in] siglen Length of the signature to verify. \param [in] hash Pointer to the buffer containing the hash of the message to verify. - \param [in] hashLen Length of the hash to verify. + \param [in] hashlen Length of the hash to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which @@ -364,6 +370,8 @@ \param [in] siglen Length of the signature to verify. \param [in] msg Pointer to the buffer containing the message to verify. \param [in] msgLen Length of the message to verify. + \param [out] res Pointer to an int that will be set to 1 for a valid + signature or 0 for an invalid signature after verification completes. \param [in] key Pointer to a public Ed448 key with which to verify the signature. \param [in] context Pointer to the buffer containing the context for which @@ -685,7 +693,7 @@ \sa wc_ed448_export_private_only */ -int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_public(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 @@ -725,7 +733,8 @@ \sa wc_ed448_import_private_key_ex */ -int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private_only(const ed448_key* key, byte* out, + word32* outLen); /*! \ingroup ED448 @@ -768,7 +777,7 @@ \sa wc_ed448_export_private_only */ -int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 @@ -815,7 +824,7 @@ \sa wc_ed448_export_public */ -int wc_ed448_export_key(ed448_key* key, +int wc_ed448_export_key(const ed448_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); @@ -879,7 +888,7 @@ \sa wc_ed448_make_key */ -int wc_ed448_size(ed448_key* key); +int wc_ed448_size(const ed448_key* key); /*! \ingroup ED448 @@ -908,7 +917,7 @@ \sa wc_ed448_pub_size */ -int wc_ed448_priv_size(ed448_key* key); +int wc_ed448_priv_size(const ed448_key* key); /*! \ingroup ED448 @@ -935,7 +944,7 @@ \sa wc_ed448_priv_size */ -int wc_ed448_pub_size(ed448_key* key); +int wc_ed448_pub_size(const ed448_key* key); /*! \ingroup ED448 @@ -963,4 +972,4 @@ \sa wc_ed448_sign_msg */ -int wc_ed448_sig_size(ed448_key* key); +int wc_ed448_sig_size(const ed448_key* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hash.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -98,6 +98,7 @@ \param data the data to hash \param len the length of data \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -365,7 +366,8 @@ \sa wc_Shake128_Update \sa wc_Shake128_Final */ -int wc_Shake128Hash(const byte* data, word32 len, byte* hash); +int wc_Shake128Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); /*! \ingroup SHA @@ -380,6 +382,7 @@ \param data the data to hash \param len the length of data \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -390,7 +393,7 @@ \sa wc_Shake256_Update \sa wc_Shake256_Final */ -int wc_Shake256Hash(const byte* data, word32 len, byte* hash); - +int wc_Shake256Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/iotsafe.h 2026-05-24 09:58:33.000000000 +0000 @@ -288,6 +288,43 @@ */ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id); +/*! + \ingroup IoTSafe + \brief Export an ECC 256-bit public key, from ecc_key object to a + writable public-key slot into the IoT-Safe applet. Equivalent to + wc_iotsafe_ecc_export_public, except that it can be invoked with a + key ID of two or more bytes. + + \return 0 upon success + \return < 0 in case of failure + + \param key the ecc_key object containing the key to be exported + \param key_id pointer to the key id in the IoT-Safe applet where + the public key will be stored + \param id_size the key id size in bytes + + _Example_ + \code + ecc_key key; + word16 keyId = 0x0302; + + wc_ecc_init(&key); + wc_ecc_make_key(&rng, 32, &key); + + int ret = wc_iotsafe_ecc_export_public_ex(&key, (byte*)&keyId, + sizeof(keyId)); + if (ret != 0) { + // error exporting public key + } + \endcode + + \sa wc_iotsafe_ecc_export_public + \sa wc_iotsafe_ecc_import_public_ex + \sa wc_iotsafe_ecc_export_private_ex +*/ +int wc_iotsafe_ecc_export_public_ex(ecc_key *key, byte *key_id, + word16 id_size); + /*! \ingroup IoTSafe @@ -462,4 +499,4 @@ \sa wc_iotsafe_ecc_sign_hash_ex \sa wc_iotsafe_ecc_verify_hash_ex */ -int wc_iotsafe_ecc_gen_k(byte key_id); +int wc_iotsafe_ecc_gen_k_ex(byte *key_id, word16 id_size); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md2.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md2.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md2.h 2026-05-24 09:58:33.000000000 +0000 @@ -24,7 +24,7 @@ \sa wc_Md2Update \sa wc_Md2Final */ -void wc_InitMd2(Md2*); +void wc_InitMd2(wc_Md2* md2); /*! \ingroup MD2 @@ -57,7 +57,7 @@ \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Update(Md2* md2, const byte* data, word32 len); +void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len); /*! \ingroup MD2 @@ -88,7 +88,7 @@ \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Final(Md2* md2, byte* hash); +void wc_Md2Final(wc_Md2* md2, byte* hash); /*! \ingroup MD2 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md4.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md4.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md4.h 2026-05-24 09:58:33.000000000 +0000 @@ -24,7 +24,7 @@ \sa wc_Md4Update \sa wc_Md4Final */ -void wc_InitMd4(Md4*); +void wc_InitMd4(wc_Md4* md4); /*! \ingroup MD4 @@ -57,7 +57,7 @@ \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Update(Md4* md4, const byte* data, word32 len); +void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len); /*! \ingroup MD4 @@ -85,4 +85,4 @@ \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Final(Md4* md4, byte* hash); +void wc_Md4Final(wc_Md4* md4, byte* hash); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md5.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md5.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/md5.h 2026-05-24 09:58:33.000000000 +0000 @@ -33,7 +33,7 @@ \sa wc_Md5Update \sa wc_Md5Final */ -int wc_InitMd5(wc_Md5*); +int wc_InitMd5(wc_Md5* md5); /*! \ingroup MD5 @@ -148,7 +148,7 @@ \sa wc_Md5Update \sa wc_Md5Final */ -void wc_Md5Free(wc_Md5*); +void wc_Md5Free(wc_Md5* md5); /*! \ingroup MD5 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/memory.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/memory.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/memory.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/memory.h 2026-05-24 09:58:33.000000000 +0000 @@ -54,7 +54,7 @@ // process data as desired ... if(tenInts) { - wolfSSL_Free(tenInts); + wolfSSL_Free(tenInts, NULL, DYNAMIC_TYPE_TMP_BUFFER); } \endcode @@ -148,9 +148,8 @@ \sa none */ -int wolfSSL_SetAllocators(wolfSSL_Malloc_cb, - wolfSSL_Free_cb, - wolfSSL_Realloc_cb); +int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, wolfSSL_Free_cb ff, + wolfSSL_Realloc_cb rf); /*! \ingroup Memory @@ -377,10 +376,10 @@ buffers to themselves for their lifetime. WOLFMEM_TRACK_STATS - each SSL keeps track of memory stats while running - \return If successful, 0 will be returned. - \return All unsuccessful return values will be less than 0. + \return Returns 0 on success. + \return Returns a non-zero integer on failure. - \param hint WOLFSSL_HEAP_HINT structure to use + \param pHint WOLFSSL_HEAP_HINT structure to use \param buf memory to use for all operations. \param sz size of memory buffer being passed in. \param flag type of memory. @@ -398,7 +397,7 @@ // load in memory for use ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0); - if (ret != SSL_SUCCESS) { + if (ret) { // handle error case } ... @@ -410,8 +409,8 @@ \sa none */ -int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, - int flag, int max); +int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, + unsigned int sz, int flag, int max); /*! \ingroup Memory @@ -421,16 +420,17 @@ into functions. This extended version allows for custom bucket sizes and distributions instead of using the default predefined sizes. - \return If successful, 0 will be returned. - \return All unsuccessful return values will be less than 0. + \return Returns 0 on success. + \return Returns a non-zero integer on failure. - \param hint WOLFSSL_HEAP_HINT structure to use + \param pHint WOLFSSL_HEAP_HINT handle to initialize + \param listSz number of entries in the size and distribution lists + \param sizeList array of bucket sizes to use + \param distList distribution list matching sizeList \param buf memory to use for all operations. \param sz size of memory buffer being passed in. \param flag type of memory. \param max max concurrent operations (handshakes, IO). - \param bucket_sizes array of bucket sizes to use - \param bucket_count number of bucket sizes in the array _Example_ \code @@ -439,15 +439,17 @@ unsigned char memory[MAX]; int memorySz = MAX; int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; - word16 bucket_sizes[] = {64, 128, 256, 512, 1024}; - int bucket_count = 5; + const word32 sizeList[] = {64, 128, 256, 512, 1024}; + const word32 distList[] = {1, 1, 1, 1, 1}; + unsigned int listSz = (unsigned int)(sizeof(sizeList)/ + sizeof(sizeList[0])); ... // load in memory for use with custom bucket sizes - ret = wc_LoadStaticMemory_ex(&hint, memory, memorySz, flag, 0, - bucket_sizes, bucket_count); - if (ret != SSL_SUCCESS) { + ret = wc_LoadStaticMemory_ex(&hint, listSz, sizeList, distList, + memory, memorySz, flag, 0); + if (ret) { // handle error case } ... @@ -460,8 +462,9 @@ \sa wc_LoadStaticMemory \sa wc_UnloadStaticMemory */ -int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT* hint, unsigned char* buf, unsigned int sz, - int flag, int max, word16* bucket_sizes, int bucket_count); +int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, unsigned int listSz, + const word32 *sizeList, const word32 *distList, + unsigned char* buf, unsigned int sz, int flag, int max); /*! \ingroup Memory @@ -560,7 +563,7 @@ \sa none */ -int wolfSSL_SetDebugMemoryCb(wolfSSL_DebugMemoryCb cb); +void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb); /*! \ingroup Memory @@ -591,16 +594,13 @@ ... // cleanup when done - ret = wc_UnloadStaticMemory(&hint); - if (ret != 0) { - // handle error case - } + wc_UnloadStaticMemory(&hint); \endcode \sa wc_LoadStaticMemory \sa wc_LoadStaticMemory_ex */ -int wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* hint); +void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap); /*! \ingroup Memory @@ -636,4 +636,3 @@ int wolfSSL_StaticBufferSz_ex(unsigned int listSz, const word32 *sizeList, const word32 *distList, byte* buffer, word32 sz, int flag); - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs11.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs11.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs11.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs11.h 2026-05-24 09:58:33.000000000 +0000 @@ -35,6 +35,7 @@ \ingroup PKCS11 */ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, + void* key); /*! \ingroup PKCS11 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs7.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -60,13 +60,13 @@ \param pkcs7 pointer to the PKCS7 structure in which to store the decoded cert - \param cert pointer to a buffer containing a DER formatted ASN.1 + \param der pointer to a buffer containing a DER formatted ASN.1 certificate with which to initialize the PKCS7 structure - \param certSz size of the certificate buffer + \param derSz size of the certificate buffer _Example_ \code - PKCS7 pkcs7; + wc_PKCS7 pkcs7; byte derBuff[] = { }; // initialize with DER-encoded certificate if ( wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)) != 0 ) { // error parsing certificate into pkcs7 format @@ -75,7 +75,7 @@ \sa wc_PKCS7_Free */ -int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); +int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz); /*! \ingroup PKCS7 @@ -96,7 +96,7 @@ \sa wc_PKCS7_InitWithCert */ -void wc_PKCS7_Free(PKCS7* pkcs7); +void wc_PKCS7_Free(wc_PKCS7* pkcs7); /*! \ingroup PKCS7 @@ -139,7 +139,7 @@ \sa wc_PKCS7_InitWithCert */ -int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, +int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -147,7 +147,7 @@ \brief This function builds the PKCS7 signed data content type, encoding the PKCS7 structure into a buffer containing a parsable PKCS7 - signed data packet. + signed data packet. For RSA-PSS signers (WC_RSA_PSS), see \ref PKCS7_RSA_PSS. \return Success On successfully encoding the PKCS7 data into the buffer, returns the index parsed up to in the PKCS7 structure. This index also @@ -217,7 +217,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData */ -int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -317,7 +317,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData_ex */ -int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, word32* outputFootSz); @@ -394,7 +394,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData */ -int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, +int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz); @@ -493,7 +493,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData_ex */ -int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz); @@ -565,7 +565,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_DecodeEnvelopedData */ -int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! @@ -651,7 +651,7 @@ \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeEnvelopedData */ -int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, +int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /*! @@ -725,7 +725,7 @@ \sa wc_PKCS7_InitWithCert */ -int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* pkiMsg, +int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, byte* output, word32 outputSz); /*! @@ -877,3 +877,1329 @@ */ int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, word32 oskSz, const byte ** key, word32 * keySz); + +/*! + \ingroup PKCS7 + \brief Creates new PKCS7 structure. + + \return Pointer to new PKCS7 structure on success + \return NULL on error + + \param none No parameters + + _Example_ + \code + PKCS7* pkcs7 = wolfSSL_PKCS7_new(); + if (pkcs7 != NULL) { + // use pkcs7 + wolfSSL_PKCS7_free(pkcs7); + } + \endcode + + \sa wolfSSL_PKCS7_free +*/ +PKCS7* wolfSSL_PKCS7_new(void); + +/*! + \ingroup PKCS7 + \brief Creates new PKCS7_SIGNED structure. + + \return Pointer to new PKCS7_SIGNED structure on success + \return NULL on error + + \param none No parameters + + _Example_ + \code + PKCS7_SIGNED* p7 = wolfSSL_PKCS7_SIGNED_new(); + if (p7 != NULL) { + // use p7 + wolfSSL_PKCS7_SIGNED_free(p7); + } + \endcode + + \sa wolfSSL_PKCS7_SIGNED_free +*/ +PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void); + +/*! + \ingroup PKCS7 + \brief Frees PKCS7 structure. + + \return none No returns + + \param p7 PKCS7 structure to free + + _Example_ + \code + PKCS7* pkcs7 = wolfSSL_PKCS7_new(); + wolfSSL_PKCS7_free(pkcs7); + \endcode + + \sa wolfSSL_PKCS7_new +*/ +void wolfSSL_PKCS7_free(PKCS7* p7); + +/*! + \ingroup PKCS7 + \brief Frees PKCS7_SIGNED structure. + + \return none No returns + + \param p7 PKCS7_SIGNED structure to free + + _Example_ + \code + PKCS7_SIGNED* p7 = wolfSSL_PKCS7_SIGNED_new(); + wolfSSL_PKCS7_SIGNED_free(p7); + \endcode + + \sa wolfSSL_PKCS7_SIGNED_new +*/ +void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7); + +/*! + \ingroup PKCS7 + \brief Decodes DER-encoded PKCS7 structure. + + \return Pointer to decoded PKCS7 structure on success + \return NULL on error + + \param p7 Pointer to PKCS7 pointer (can be NULL) + \param in Pointer to DER-encoded data + \param len Length of DER data + + _Example_ + \code + PKCS7* p7 = NULL; + const unsigned char* der = ...; // DER data + p7 = wolfSSL_d2i_PKCS7(&p7, &der, derLen); + \endcode + + \sa wolfSSL_i2d_PKCS7 +*/ +PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len); + +/*! + \ingroup PKCS7 + \brief Decodes PKCS7 from BIO. + + \return Pointer to decoded PKCS7 structure on success + \return NULL on error + + \param bio BIO to read from + \param p7 Pointer to PKCS7 pointer (can be NULL) + + _Example_ + \code + WOLFSSL_BIO* bio = wolfSSL_BIO_new_file("pkcs7.der", "rb"); + PKCS7* p7 = wolfSSL_d2i_PKCS7_bio(bio, NULL); + \endcode + + \sa wolfSSL_i2d_PKCS7_bio +*/ +PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7); + +/*! + \ingroup PKCS7 + \brief Encodes PKCS7 to BIO. + + \return Length written on success + \return negative on error + + \param bio BIO to write to + \param p7 PKCS7 structure to encode + + _Example_ + \code + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + int ret = wolfSSL_i2d_PKCS7_bio(bio, p7); + \endcode + + \sa wolfSSL_d2i_PKCS7_bio +*/ +int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7); + +/*! + \ingroup PKCS7 + \brief Encodes PKCS7 to DER. + + \return Length written on success + \return negative on error + + \param p7 PKCS7 structure to encode + \param out Pointer to output buffer pointer + + _Example_ + \code + unsigned char* der = NULL; + int len = wolfSSL_i2d_PKCS7(p7, &der); + \endcode + + \sa wolfSSL_d2i_PKCS7 +*/ +int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out); + +/*! + \ingroup PKCS7 + \brief Creates signed PKCS7 message. + + \return Pointer to signed PKCS7 structure on success + \return NULL on error + + \param signer Signer certificate + \param pkey Private key + \param certs Additional certificates + \param in Input data BIO + \param flags Operation flags + + _Example_ + \code + PKCS7* p7 = wolfSSL_PKCS7_sign(cert, pkey, NULL, bio, 0); + \endcode + + \sa wolfSSL_PKCS7_verify +*/ +PKCS7* wolfSSL_PKCS7_sign(WOLFSSL_X509* signer, WOLFSSL_EVP_PKEY* pkey, + WOLFSSL_STACK* certs, WOLFSSL_BIO* in, int flags); + +/*! + \ingroup PKCS7 + \brief Verifies signed PKCS7 message. + + \return 1 on success + \return 0 or negative on error + + \param p7 PKCS7 structure to verify + \param certs Certificate stack + \param store Certificate store + \param in Input data BIO + \param out Output BIO + \param flags Operation flags + + _Example_ + \code + int ret = wolfSSL_PKCS7_verify(p7, NULL, store, NULL, out, 0); + \endcode + + \sa wolfSSL_PKCS7_sign +*/ +int wolfSSL_PKCS7_verify(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, + WOLFSSL_BIO* out, int flags); + +/*! + \ingroup PKCS7 + \brief Finalizes PKCS7 structure with data. + + \return 1 on success + \return 0 or negative on error + + \param pkcs7 PKCS7 structure + \param in Input data BIO + \param flags Operation flags + + _Example_ + \code + int ret = wolfSSL_PKCS7_final(pkcs7, bio, 0); + \endcode + + \sa wolfSSL_PKCS7_sign +*/ +int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags); + +/*! + \ingroup PKCS7 + \brief Encodes certificates into PKCS7. + + \return 1 on success + \return 0 or negative on error + + \param p7 PKCS7 structure + \param certs Certificate stack + \param out Output BIO + + _Example_ + \code + int ret = wolfSSL_PKCS7_encode_certs(p7, certs, bio); + \endcode + + \sa wolfSSL_PKCS7_to_stack +*/ +int wolfSSL_PKCS7_encode_certs(PKCS7* p7, WOLFSSL_STACK* certs, + WOLFSSL_BIO* out); + +/*! + \ingroup PKCS7 + \brief Converts PKCS7 certificates to stack. + + \return Pointer to certificate stack on success + \return NULL on error + + \param pkcs7 PKCS7 structure + + _Example_ + \code + WOLFSSL_STACK* certs = wolfSSL_PKCS7_to_stack(pkcs7); + \endcode + + \sa wolfSSL_PKCS7_encode_certs +*/ +WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7); + +/*! + \ingroup PKCS7 + \brief Gets signer certificates from PKCS7. + + \return Pointer to signer certificate stack on success + \return NULL on error + + \param p7 PKCS7 structure + \param certs Certificate stack + \param flags Operation flags + + _Example_ + \code + WOLFSSL_STACK* signers = wolfSSL_PKCS7_get0_signers(p7, NULL, 0); + \endcode + + \sa wolfSSL_PKCS7_verify +*/ +WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* p7, WOLFSSL_STACK* certs, + int flags); + +/*! + \ingroup PKCS7 + \brief Writes PKCS7 to BIO in PEM format. + + \return 1 on success + \return 0 or negative on error + + \param bio Output BIO + \param p7 PKCS7 structure + + _Example_ + \code + int ret = wolfSSL_PEM_write_bio_PKCS7(bio, p7); + \endcode + + \sa wolfSSL_SMIME_write_PKCS7 +*/ +int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7); + +/*! + \ingroup PKCS7 + \brief Reads S/MIME PKCS7 from BIO. + + \return Pointer to PKCS7 structure on success + \return NULL on error + + \param in Input BIO + \param bcont Pointer to content BIO pointer + + _Example_ + \code + WOLFSSL_BIO* cont = NULL; + PKCS7* p7 = wolfSSL_SMIME_read_PKCS7(bio, &cont); + \endcode + + \sa wolfSSL_SMIME_write_PKCS7 +*/ +PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, WOLFSSL_BIO** bcont); + +/*! + \ingroup PKCS7 + \brief Writes PKCS7 to BIO in S/MIME format. + + \return 1 on success + \return 0 or negative on error + + \param out Output BIO + \param pkcs7 PKCS7 structure + \param in Input data BIO + \param flags Operation flags + + _Example_ + \code + int ret = wolfSSL_SMIME_write_PKCS7(out, pkcs7, in, 0); + \endcode + + \sa wolfSSL_SMIME_read_PKCS7 +*/ +int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, + WOLFSSL_BIO* in, int flags); + +/*! + \ingroup PKCS7 + \brief Creates new wc_PKCS7 structure. + + \return Pointer to new wc_PKCS7 structure on success + \return NULL on error + + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_PKCS7* pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID); + \endcode + + \sa wc_PKCS7_Init +*/ +wc_PKCS7* wc_PKCS7_New(void* heap, int devId); + +/*! + \ingroup PKCS7 + \brief Sets unknown extension callback. + + \return none No returns + + \param pkcs7 PKCS7 structure + \param cb Callback function + + _Example_ + \code + wc_PKCS7_SetUnknownExtCallback(pkcs7, myCallback); + \endcode + + \sa wc_PKCS7_Init +*/ +void wc_PKCS7_SetUnknownExtCallback(wc_PKCS7* pkcs7, + wc_UnknownExtCallback cb); + +/*! + \ingroup PKCS7 + \brief Initializes wc_PKCS7 structure. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_PKCS7 pkcs7; + int ret = wc_PKCS7_Init(&pkcs7, NULL, INVALID_DEVID); + \endcode + + \sa wc_PKCS7_New +*/ +int wc_PKCS7_Init(wc_PKCS7* pkcs7, void* heap, int devId); + +/*! + \ingroup PKCS7 + \brief Adds certificate to PKCS7. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param der DER-encoded certificate + \param derSz Certificate size + + _Example_ + \code + int ret = wc_PKCS7_AddCertificate(&pkcs7, cert, certSz); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_AddCertificate(wc_PKCS7* pkcs7, byte* der, word32 derSz); + +/*! + \ingroup PKCS7 + \brief Gets attribute value from PKCS7. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param oid Attribute OID + \param oidSz OID size + \param out Output buffer + \param outSz Output buffer size pointer + + _Example_ + \code + byte value[256]; + word32 valueSz = sizeof(value); + int ret = wc_PKCS7_GetAttributeValue(&pkcs7, oid, oidSz, value, + &valueSz); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_GetAttributeValue(wc_PKCS7* pkcs7, const byte* oid, + word32 oidSz, byte* out, word32* outSz); + +/*! + \ingroup PKCS7 + \brief Sets signer identifier type. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param type Identifier type + + _Example_ + \code + int ret = wc_PKCS7_SetSignerIdentifierType(&pkcs7, CMS_SKID); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetSignerIdentifierType(wc_PKCS7* pkcs7, int type); + +/*! + \ingroup PKCS7 + \brief Sets content type. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param contentType Content type OID + \param sz OID size + + _Example_ + \code + int ret = wc_PKCS7_SetContentType(&pkcs7, DATA, sizeof(DATA)); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetContentType(wc_PKCS7* pkcs7, byte* contentType, word32 sz); + +/*! + \ingroup PKCS7 + \brief Gets padding size for block cipher. + + \return Padding size + + \param inputSz Input size + \param blockSz Block size + + _Example_ + \code + int padSz = wc_PKCS7_GetPadSize(dataSz, AES_BLOCK_SIZE); + \endcode + + \sa wc_PKCS7_PadData +*/ +int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz); + +/*! + \ingroup PKCS7 + \brief Pads data for block cipher. + + \return 0 on success + \return negative on error + + \param in Input data + \param inSz Input size + \param out Output buffer + \param outSz Output buffer size + \param blockSz Block size + + _Example_ + \code + int ret = wc_PKCS7_PadData(data, dataSz, padded, paddedSz, + AES_BLOCK_SIZE); + \endcode + + \sa wc_PKCS7_GetPadSize +*/ +int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, + word32 blockSz); + +/*! + \ingroup PKCS7 + \brief Sets custom subject key identifier. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param in SKID data + \param inSz SKID size + + _Example_ + \code + int ret = wc_PKCS7_SetCustomSKID(&pkcs7, skid, skidSz); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetCustomSKID(wc_PKCS7* pkcs7, const byte* in, word16 inSz); + +/*! + \ingroup PKCS7 + \brief Sets detached signature flag. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param flag Detached flag (1=detached, 0=attached) + + _Example_ + \code + int ret = wc_PKCS7_SetDetached(&pkcs7, 1); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetDetached(wc_PKCS7* pkcs7, word16 flag); + +/*! + \ingroup PKCS7 + \brief Disables default signed attributes. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + + _Example_ + \code + int ret = wc_PKCS7_NoDefaultSignedAttribs(&pkcs7); + \endcode + + \sa wc_PKCS7_SetDefaultSignedAttribs +*/ +int wc_PKCS7_NoDefaultSignedAttribs(wc_PKCS7* pkcs7); + +/*! + \ingroup PKCS7 + \brief Sets default signed attributes flag. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param flag Default attributes flag + + _Example_ + \code + int ret = wc_PKCS7_SetDefaultSignedAttribs(&pkcs7, 1); + \endcode + + \sa wc_PKCS7_NoDefaultSignedAttribs +*/ +int wc_PKCS7_SetDefaultSignedAttribs(wc_PKCS7* pkcs7, word16 flag); + +/*! + \ingroup PKCS7 + \brief Allows degenerate PKCS7 (no signers). + + \return none No returns + + \param pkcs7 PKCS7 structure + \param flag Allow degenerate flag + + _Example_ + \code + wc_PKCS7_AllowDegenerate(&pkcs7, 1); + \endcode + + \sa wc_PKCS7_Init +*/ +void wc_PKCS7_AllowDegenerate(wc_PKCS7* pkcs7, word16 flag); + +/*! + \ingroup PKCS7 + \brief Gets signer subject identifier. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param out Output buffer + \param outSz Output buffer size pointer + + _Example_ + \code + byte sid[256]; + word32 sidSz = sizeof(sid); + int ret = wc_PKCS7_GetSignerSID(&pkcs7, sid, &sidSz); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_GetSignerSID(wc_PKCS7* pkcs7, byte* out, word32* outSz); + +/*! + \ingroup PKCS7 + \brief Encodes signed FirmwarePackageData. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param privateKey Private key + \param privateKeySz Private key size + \param signOID Signature algorithm OID + \param hashOID Hash algorithm OID + \param content Content data + \param contentSz Content size + \param signedAttribs Signed attributes + \param signedAttribsSz Signed attributes count + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeSignedFPD(&pkcs7, key, keySz, RSAk, SHAh, + data, dataSz, NULL, 0, out, outSz); + \endcode + + \sa wc_PKCS7_EncodeSignedData +*/ +int wc_PKCS7_EncodeSignedFPD(wc_PKCS7* pkcs7, byte* privateKey, + word32 privateKeySz, int signOID, int hashOID, + byte* content, word32 contentSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Encodes signed encrypted FirmwarePackageData. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param encryptKey Encryption key + \param encryptKeySz Encryption key size + \param privateKey Private key + \param privateKeySz Private key size + \param encryptOID Encryption algorithm OID + \param signOID Signature algorithm OID + \param hashOID Hash algorithm OID + \param content Content data + \param contentSz Content size + \param unprotectedAttribs Unprotected attributes + \param unprotectedAttribsSz Unprotected attributes count + \param signedAttribs Signed attributes + \param signedAttribsSz Signed attributes count + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeSignedEncryptedFPD(&pkcs7, encKey, encKeySz, + key, keySz, AES256CBCb, + RSAk, SHAh, data, dataSz, + NULL, 0, NULL, 0, out, + outSz); + \endcode + + \sa wc_PKCS7_EncodeSignedFPD +*/ +int wc_PKCS7_EncodeSignedEncryptedFPD(wc_PKCS7* pkcs7, byte* encryptKey, + word32 encryptKeySz, byte* privateKey, + word32 privateKeySz, int encryptOID, + int signOID, int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* unprotectedAttribs, + word32 unprotectedAttribsSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Encodes signed compressed FirmwarePackageData. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param privateKey Private key + \param privateKeySz Private key size + \param signOID Signature algorithm OID + \param hashOID Hash algorithm OID + \param content Content data + \param contentSz Content size + \param signedAttribs Signed attributes + \param signedAttribsSz Signed attributes count + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeSignedCompressedFPD(&pkcs7, key, keySz, RSAk, + SHAh, data, dataSz, NULL, + 0, out, outSz); + \endcode + + \sa wc_PKCS7_EncodeSignedFPD +*/ +int wc_PKCS7_EncodeSignedCompressedFPD(wc_PKCS7* pkcs7, byte* privateKey, + word32 privateKeySz, int signOID, + int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Encodes signed encrypted compressed FirmwarePackageData. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param encryptKey Encryption key + \param encryptKeySz Encryption key size + \param privateKey Private key + \param privateKeySz Private key size + \param encryptOID Encryption algorithm OID + \param signOID Signature algorithm OID + \param hashOID Hash algorithm OID + \param content Content data + \param contentSz Content size + \param unprotectedAttribs Unprotected attributes + \param unprotectedAttribsSz Unprotected attributes count + \param signedAttribs Signed attributes + \param signedAttribsSz Signed attributes count + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(&pkcs7, encKey, + encKeySz, key, + keySz, AES256CBCb, + RSAk, SHAh, data, + dataSz, NULL, 0, + NULL, 0, out, + outSz); + \endcode + + \sa wc_PKCS7_EncodeSignedCompressedFPD +*/ +int wc_PKCS7_EncodeSignedEncryptedCompressedFPD(wc_PKCS7* pkcs7, + byte* encryptKey, + word32 encryptKeySz, + byte* privateKey, + word32 privateKeySz, + int encryptOID, int signOID, + int hashOID, byte* content, + word32 contentSz, + PKCS7Attrib* unprotectedAttribs, + word32 unprotectedAttribsSz, + PKCS7Attrib* signedAttribs, + word32 signedAttribsSz, + byte* output, word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Adds KTRI recipient. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param cert Recipient certificate + \param certSz Certificate size + \param options Options flags + + _Example_ + \code + int ret = wc_PKCS7_AddRecipient_KTRI(&pkcs7, cert, certSz, 0); + \endcode + + \sa wc_PKCS7_AddRecipient_KARI +*/ +int wc_PKCS7_AddRecipient_KTRI(wc_PKCS7* pkcs7, const byte* cert, + word32 certSz, int options); + +/*! + \ingroup PKCS7 + \brief Adds KARI recipient. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param cert Recipient certificate + \param certSz Certificate size + \param keyWrapOID Key wrap algorithm OID + \param keyAgreeOID Key agreement algorithm OID + \param ukm User keying material + \param ukmSz UKM size + \param options Options flags + + _Example_ + \code + int ret = wc_PKCS7_AddRecipient_KARI(&pkcs7, cert, certSz, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, + NULL, 0, 0); + \endcode + + \sa wc_PKCS7_AddRecipient_KTRI +*/ +int wc_PKCS7_AddRecipient_KARI(wc_PKCS7* pkcs7, const byte* cert, + word32 certSz, int keyWrapOID, + int keyAgreeOID, byte* ukm, word32 ukmSz, + int options); + +/*! + \ingroup PKCS7 + \brief Sets encryption key. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param key Encryption key + \param keySz Key size + + _Example_ + \code + int ret = wc_PKCS7_SetKey(&pkcs7, key, keySz); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetKey(wc_PKCS7* pkcs7, byte* key, word32 keySz); + +/*! + \ingroup PKCS7 + \brief Adds KEKRI recipient. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param keyWrapOID Key wrap algorithm OID + \param kek Key encryption key + \param kekSz KEK size + \param keyID Key identifier + \param keyIdSz Key ID size + \param timePtr Time pointer + \param otherOID Other OID + \param otherOIDSz Other OID size + \param other Other data + \param otherSz Other data size + \param options Options flags + + _Example_ + \code + int ret = wc_PKCS7_AddRecipient_KEKRI(&pkcs7, AES256_WRAP, kek, kekSz, + keyId, keyIdSz, NULL, NULL, 0, + NULL, 0, 0); + \endcode + + \sa wc_PKCS7_AddRecipient_KTRI +*/ +int wc_PKCS7_AddRecipient_KEKRI(wc_PKCS7* pkcs7, int keyWrapOID, byte* kek, + word32 kekSz, byte* keyID, word32 keyIdSz, + void* timePtr, byte* otherOID, + word32 otherOIDSz, byte* other, + word32 otherSz, int options); + +/*! + \ingroup PKCS7 + \brief Sets password for PWRI. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param passwd Password + \param pLen Password length + + _Example_ + \code + int ret = wc_PKCS7_SetPassword(&pkcs7, password, passwordLen); + \endcode + + \sa wc_PKCS7_AddRecipient_PWRI +*/ +int wc_PKCS7_SetPassword(wc_PKCS7* pkcs7, byte* passwd, word32 pLen); + +/*! + \ingroup PKCS7 + \brief Adds PWRI recipient. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param passwd Password + \param pLen Password length + \param salt Salt + \param saltSz Salt size + \param kdfOID KDF algorithm OID + \param prfOID PRF algorithm OID + \param iterations Iteration count + \param kekEncryptOID KEK encryption algorithm OID + \param options Options flags + + _Example_ + \code + int ret = wc_PKCS7_AddRecipient_PWRI(&pkcs7, password, passwordLen, + salt, saltSz, PBKDF2_OID, HMACh, + 10000, AES256CBCb, 0); + \endcode + + \sa wc_PKCS7_SetPassword +*/ +int wc_PKCS7_AddRecipient_PWRI(wc_PKCS7* pkcs7, byte* passwd, word32 pLen, + byte* salt, word32 saltSz, int kdfOID, + int prfOID, int iterations, + int kekEncryptOID, int options); + +/*! + \ingroup PKCS7 + \brief Sets originator encryption context. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param ctx Context pointer + + _Example_ + \code + int ret = wc_PKCS7_SetOriEncryptCtx(&pkcs7, myContext); + \endcode + + \sa wc_PKCS7_SetOriDecryptCtx +*/ +int wc_PKCS7_SetOriEncryptCtx(wc_PKCS7* pkcs7, void* ctx); + +/*! + \ingroup PKCS7 + \brief Sets originator decryption context. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param ctx Context pointer + + _Example_ + \code + int ret = wc_PKCS7_SetOriDecryptCtx(&pkcs7, myContext); + \endcode + + \sa wc_PKCS7_SetOriEncryptCtx +*/ +int wc_PKCS7_SetOriDecryptCtx(wc_PKCS7* pkcs7, void* ctx); + +/*! + \ingroup PKCS7 + \brief Sets originator decryption callback. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param cb Callback function + + _Example_ + \code + int ret = wc_PKCS7_SetOriDecryptCb(&pkcs7, myDecryptCallback); + \endcode + + \sa wc_PKCS7_SetOriDecryptCtx +*/ +int wc_PKCS7_SetOriDecryptCb(wc_PKCS7* pkcs7, CallbackOriDecrypt cb); + +/*! + \ingroup PKCS7 + \brief Adds ORI recipient. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param cb Originator encryption callback + \param options Options flags + + _Example_ + \code + int ret = wc_PKCS7_AddRecipient_ORI(&pkcs7, myEncryptCallback, 0); + \endcode + + \sa wc_PKCS7_SetOriDecryptCb +*/ +int wc_PKCS7_AddRecipient_ORI(wc_PKCS7* pkcs7, CallbackOriEncrypt cb, + int options); + +/*! + \ingroup PKCS7 + \brief Sets CEK wrap callback. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param wrapCEKCb Wrap CEK callback + + _Example_ + \code + int ret = wc_PKCS7_SetWrapCEKCb(&pkcs7, myWrapCEKCallback); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetWrapCEKCb(wc_PKCS7* pkcs7, CallbackWrapCEK wrapCEKCb); + +/*! + \ingroup PKCS7 + \brief Sets RSA sign raw digest callback. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param cb Callback function + + _Example_ + \code + int ret = wc_PKCS7_SetRsaSignRawDigestCb(&pkcs7, mySignCallback); + \endcode + + \sa wc_PKCS7_Init +*/ +int wc_PKCS7_SetRsaSignRawDigestCb(wc_PKCS7* pkcs7, + CallbackRsaSignRawDigest cb); + +/*! + \ingroup PKCS7 + \brief Encodes authenticated enveloped data. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeAuthEnvelopedData(&pkcs7, out, outSz); + \endcode + + \sa wc_PKCS7_DecodeAuthEnvelopedData +*/ +int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Decodes authenticated enveloped data. + + \return Size of decoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param pkiMsg Input message + \param pkiMsgSz Input message size + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_DecodeAuthEnvelopedData(&pkcs7, msg, msgSz, out, + outSz); + \endcode + + \sa wc_PKCS7_EncodeAuthEnvelopedData +*/ +int wc_PKCS7_DecodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Encodes encrypted data. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeEncryptedData(&pkcs7, out, outSz); + \endcode + + \sa wc_PKCS7_DecodeEncryptedData +*/ +int wc_PKCS7_EncodeEncryptedData(wc_PKCS7* pkcs7, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Sets decode encrypted callback. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param decryptionCb Decryption callback + + _Example_ + \code + int ret = wc_PKCS7_SetDecodeEncryptedCb(&pkcs7, myDecryptCallback); + \endcode + + \sa wc_PKCS7_SetDecodeEncryptedCtx +*/ +int wc_PKCS7_SetDecodeEncryptedCb(wc_PKCS7* pkcs7, + CallbackDecryptContent decryptionCb); + +/*! + \ingroup PKCS7 + \brief Sets decode encrypted context. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param ctx Context pointer + + _Example_ + \code + int ret = wc_PKCS7_SetDecodeEncryptedCtx(&pkcs7, myContext); + \endcode + + \sa wc_PKCS7_SetDecodeEncryptedCb +*/ +int wc_PKCS7_SetDecodeEncryptedCtx(wc_PKCS7* pkcs7, void* ctx); + +/*! + \ingroup PKCS7 + \brief Sets stream mode for PKCS7. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param flag Stream mode flag + \param getContentCb Get content callback + \param streamOutCb Stream output callback + \param ctx Context pointer + + _Example_ + \code + int ret = wc_PKCS7_SetStreamMode(&pkcs7, 1, getContent, streamOut, + ctx); + \endcode + + \sa wc_PKCS7_GetStreamMode +*/ +int wc_PKCS7_SetStreamMode(wc_PKCS7* pkcs7, byte flag, + CallbackGetContent getContentCb, + CallbackStreamOut streamOutCb, void* ctx); + +/*! + \ingroup PKCS7 + \brief Gets stream mode setting. + + \return Stream mode flag + + \param pkcs7 PKCS7 structure + + _Example_ + \code + int mode = wc_PKCS7_GetStreamMode(&pkcs7); + \endcode + + \sa wc_PKCS7_SetStreamMode +*/ +int wc_PKCS7_GetStreamMode(wc_PKCS7* pkcs7); + +/*! + \ingroup PKCS7 + \brief Sets no certificates flag. + + \return 0 on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param flag No certificates flag + + _Example_ + \code + int ret = wc_PKCS7_SetNoCerts(&pkcs7, 1); + \endcode + + \sa wc_PKCS7_GetNoCerts +*/ +int wc_PKCS7_SetNoCerts(wc_PKCS7* pkcs7, byte flag); + +/*! + \ingroup PKCS7 + \brief Gets no certificates flag. + + \return No certificates flag + + \param pkcs7 PKCS7 structure + + _Example_ + \code + int noCerts = wc_PKCS7_GetNoCerts(&pkcs7); + \endcode + + \sa wc_PKCS7_SetNoCerts +*/ +int wc_PKCS7_GetNoCerts(wc_PKCS7* pkcs7); + +/*! + \ingroup PKCS7 + \brief Encodes compressed data. + + \return Size of encoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_EncodeCompressedData(&pkcs7, out, outSz); + \endcode + + \sa wc_PKCS7_DecodeCompressedData +*/ +int wc_PKCS7_EncodeCompressedData(wc_PKCS7* pkcs7, byte* output, + word32 outputSz); + +/*! + \ingroup PKCS7 + \brief Decodes compressed data. + + \return Size of decoded data on success + \return negative on error + + \param pkcs7 PKCS7 structure + \param pkiMsg Input message + \param pkiMsgSz Input message size + \param output Output buffer + \param outputSz Output buffer size + + _Example_ + \code + int ret = wc_PKCS7_DecodeCompressedData(&pkcs7, msg, msgSz, out, + outSz); + \endcode + + \sa wc_PKCS7_EncodeCompressedData +*/ +int wc_PKCS7_DecodeCompressedData(wc_PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, + word32 outputSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/poly1305.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -135,5 +135,73 @@ \sa wc_Poly1305Update \sa wcPoly1305Final */ -int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, - byte* input, word32 sz, byte* tag, word32 tagSz); +int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, + const byte* input, word32 sz, byte* tag, word32 tagSz); + +/*! + \ingroup Poly1305 + \brief Adds padding to Poly1305 context. + + \return 0 on success + \return BAD_FUNC_ARG if ctx is NULL + + \param ctx Poly1305 context + \param lenToPad Length to pad + + _Example_ + \code + Poly1305 ctx; + byte key[32]; + wc_Poly1305SetKey(&ctx, key, sizeof(key)); + int ret = wc_Poly1305_Pad(&ctx, 10); + \endcode + + \sa wc_Poly1305_MAC +*/ +int wc_Poly1305_Pad(Poly1305* ctx, word32 lenToPad); + +/*! + \ingroup Poly1305 + \brief Encodes AAD and data sizes for Poly1305. + + \return 0 on success + \return BAD_FUNC_ARG if ctx is NULL + + \param ctx Poly1305 context + \param aadSz Additional authenticated data size + \param dataSz Data size + + _Example_ + \code + Poly1305 ctx; + byte key[32]; + wc_Poly1305SetKey(&ctx, key, sizeof(key)); + int ret = wc_Poly1305_EncodeSizes(&ctx, 16, 100); + \endcode + + \sa wc_Poly1305_MAC +*/ +int wc_Poly1305_EncodeSizes(Poly1305* ctx, word32 aadSz, word32 dataSz); + +/*! + \ingroup Poly1305 + \brief Encodes AAD and data sizes for Poly1305 using 64-bit values. + + \return 0 on success + \return BAD_FUNC_ARG if ctx is NULL + + \param ctx Poly1305 context + \param aadSz Additional authenticated data size + \param dataSz Data size + + _Example_ + \code + Poly1305 ctx; + byte key[32]; + wc_Poly1305SetKey(&ctx, key, sizeof(key)); + int ret = wc_Poly1305_EncodeSizes64(&ctx, 16, 100); + \endcode + + \sa wc_Poly1305_EncodeSizes +*/ +int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, word64 dataSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/psa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/psa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/psa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/psa.h 2026-05-24 09:58:33.000000000 +0000 @@ -94,3 +94,65 @@ int wolfSSL_psa_set_private_key_id(struct psa_ssl_ctx *ctx, psa_key_id_t id); + +/*! + \ingroup PSA + \brief This function generates random bytes using the PSA crypto API. + This is a wrapper around the PSA random number generation functions. + + \return 0 On success + \return Negative value on error + + \param out pointer to buffer to store random bytes + \param sz number of random bytes to generate + + _Example_ + \code + byte random[32]; + + int ret = wc_psa_get_random(random, sizeof(random)); + if (ret != 0) { + // error generating random bytes + } + \endcode + + \sa wc_RNG_GenerateBlock +*/ +int wc_psa_get_random(unsigned char *out, word32 sz); + +/*! + \ingroup PSA + \brief This function performs AES encryption or decryption using the + PSA crypto API. It supports various AES modes through the algorithm + parameter. + + \return 0 On success + \return Negative value on error + + \param aes pointer to initialized Aes structure + \param input pointer to input data buffer + \param output pointer to output data buffer + \param length length of data to process + \param alg PSA algorithm identifier specifying the AES mode + \param direction encryption (1) or decryption (0) + + _Example_ + \code + Aes aes; + byte key[16] = { }; // AES key + byte input[16] = { }; // plaintext + byte output[16]; + + wc_AesInit(&aes, NULL, INVALID_DEVID); + wc_AesSetKey(&aes, key, sizeof(key), NULL, AES_ENCRYPTION); + int ret = wc_psa_aes_encrypt_decrypt(&aes, input, output, + sizeof(input), + PSA_ALG_ECB_NO_PADDING, 1); + \endcode + + \sa wc_AesEncrypt + \sa wc_AesDecrypt +*/ +int wc_psa_aes_encrypt_decrypt(Aes *aes, const uint8_t *input, + uint8_t *output, size_t length, + psa_algorithm_t alg, int direction); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pwdbased.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pwdbased.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pwdbased.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/pwdbased.h 2026-05-24 09:58:33.000000000 +0000 @@ -168,3 +168,173 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen, const byte* salt, int saltLen, int iterations, int kLen, int hashType, int id); + +/*! + \ingroup Password + \brief Extended version of PBKDF1 with heap hint. + + \return 0 on success + \return BAD_FUNC_ARG on invalid arguments + \return MEMORY_E on memory allocation error + + \param key Output key buffer + \param keyLen Key length + \param iv Output IV buffer + \param ivLen IV length + \param passwd Password buffer + \param passwdLen Password length + \param salt Salt buffer + \param saltLen Salt length + \param iterations Iteration count + \param hashType Hash algorithm type + \param heap Heap hint for memory allocation + + _Example_ + \code + byte key[16], iv[16]; + byte pass[] = "password"; + byte salt[] = "salt"; + int ret = wc_PBKDF1_ex(key, sizeof(key), iv, sizeof(iv), + pass, sizeof(pass), salt, sizeof(salt), 1000, WC_SHA, NULL); + \endcode + + \sa wc_PBKDF1 +*/ +int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen, + const byte* passwd, int passwdLen, const byte* salt, int saltLen, + int iterations, int hashType, void* heap); + +/*! + \ingroup Password + \brief Extended version of PBKDF2 with heap hint and device ID. + + \return 0 on success + \return BAD_FUNC_ARG on invalid arguments + \return MEMORY_E on memory allocation error + + \param output Output key buffer + \param passwd Password buffer + \param pLen Password length + \param salt Salt buffer + \param sLen Salt length + \param iterations Iteration count + \param kLen Key length + \param hashType Hash algorithm type + \param heap Heap hint for memory allocation + \param devId Device ID for hardware acceleration + + _Example_ + \code + byte key[32]; + byte pass[] = "password"; + byte salt[] = "salt"; + int ret = wc_PBKDF2_ex(key, pass, sizeof(pass), salt, + sizeof(salt), 2048, sizeof(key), WC_SHA256, NULL, + INVALID_DEVID); + \endcode + + \sa wc_PBKDF2 +*/ +int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, + const byte* salt, int sLen, int iterations, int kLen, + int hashType, void* heap, int devId); + +/*! + \ingroup Password + \brief Extended version of PKCS12_PBKDF with heap hint. + + \return 0 on success + \return BAD_FUNC_ARG on invalid arguments + \return MEMORY_E on memory allocation error + + \param output Output key buffer + \param passwd Password buffer + \param passLen Password length + \param salt Salt buffer + \param saltLen Salt length + \param iterations Iteration count + \param kLen Key length + \param hashType Hash algorithm type + \param id Purpose identifier (1=key, 2=IV, 3=MAC) + \param heap Heap hint for memory allocation + + _Example_ + \code + byte key[32]; + byte pass[] = "password"; + byte salt[] = "salt"; + int ret = wc_PKCS12_PBKDF_ex(key, pass, sizeof(pass), salt, + sizeof(salt), 2048, sizeof(key), WC_SHA256, 1, NULL); + \endcode + + \sa wc_PKCS12_PBKDF +*/ +int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap); + +/*! + \ingroup Password + \brief Implements scrypt key derivation function. + + \return 0 on success + \return BAD_FUNC_ARG on invalid arguments + \return MEMORY_E on memory allocation error + + \param output Output key buffer + \param passwd Password buffer + \param passLen Password length + \param salt Salt buffer + \param saltLen Salt length + \param cost CPU/memory cost parameter (N) + \param blockSize Block size parameter (r) + \param parallel Parallelization parameter (p) + \param dkLen Derived key length + + _Example_ + \code + byte key[32]; + byte pass[] = "password"; + byte salt[] = "salt"; + int ret = wc_scrypt(key, pass, sizeof(pass), salt, + sizeof(salt), 16384, 8, 1, sizeof(key)); + \endcode + + \sa wc_scrypt_ex +*/ +int wc_scrypt(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int cost, int blockSize, + int parallel, int dkLen); + +/*! + \ingroup Password + \brief Extended scrypt with iteration count instead of cost. + + \return 0 on success + \return BAD_FUNC_ARG on invalid arguments + \return MEMORY_E on memory allocation error + + \param output Output key buffer + \param passwd Password buffer + \param passLen Password length + \param salt Salt buffer + \param saltLen Salt length + \param iterations Iteration count + \param blockSize Block size parameter (r) + \param parallel Parallelization parameter (p) + \param dkLen Derived key length + + _Example_ + \code + byte key[32]; + byte pass[] = "password"; + byte salt[] = "salt"; + int ret = wc_scrypt_ex(key, pass, sizeof(pass), salt, + sizeof(salt), 16384, 8, 1, sizeof(key)); + \endcode + + \sa wc_scrypt +*/ +int wc_scrypt_ex(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, word32 iterations, int blockSize, + int parallel, int dkLen); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/quic.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/quic.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/quic.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/quic.h 2026-05-24 09:58:33.000000000 +0000 @@ -345,6 +345,42 @@ /*! \ingroup QUIC + \brief Perform the QUIC handshake. This function processes CRYPTO + data that has been provided via wolfSSL_provide_quic_data() and + advances the handshake state. It should be called repeatedly until + the handshake is complete. + + \return WOLFSSL_SUCCESS If handshake completed successfully + \return WOLFSSL_FATAL_ERROR If a fatal error occurred + \return Other values indicating handshake is in progress + + \param ssl pointer to a WOLFSSL structure created using + wolfSSL_new() + + _Example_ + \code + WOLFSSL* ssl; + // initialize ssl with QUIC method + + while (!wolfSSL_is_init_finished(ssl)) { + int ret = wolfSSL_quic_do_handshake(ssl); + if (ret == WOLFSSL_FATAL_ERROR) { + // handle error + break; + } + // provide more CRYPTO data if available + } + \endcode + + \sa wolfSSL_provide_quic_data + \sa wolfSSL_quic_read_write + \sa wolfSSL_is_init_finished +*/ +int wolfSSL_quic_do_handshake(WOLFSSL* ssl); + +/*! + \ingroup QUIC + \brief Get the AEAD cipher negotiated in the TLS handshake. \return negotiated cipher or NULL if not determined. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/random.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/random.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/random.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/random.h 2026-05-24 09:58:33.000000000 +0000 @@ -95,7 +95,7 @@ \sa wc_FreeRng \sa wc_RNG_HealthTest */ -int wc_InitRng(WC_RNG*); +int wc_InitRng(WC_RNG* rng); /*! \ingroup Random @@ -140,38 +140,6 @@ /*! \ingroup Random - \brief Creates a new WC_RNG structure. - - - \return WC_RNG structure on success - \return NULL on error - - - \param heap pointer to a heap identifier - \param nonce pointer to the buffer containing the nonce - \param nonceSz length of the nonce - - _Example_ - \code - RNG rng; - byte nonce[] = { initialize nonce }; - word32 nonceSz = sizeof(nonce); - - wc_rng_new(&nonce, nonceSz, &heap); - - - \endcode - - \sa wc_InitRng - \sa wc_rng_free - \sa wc_FreeRng - \sa wc_RNG_HealthTest -*/ -WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap) - -/*! - \ingroup Random - \brief Calls wc_RNG_GenerateBlock to copy a byte of pseudorandom data to b. Will reseed rng if needed. @@ -241,37 +209,7 @@ \sa wc_RNG_GenerateByte, \sa wc_RNG_HealthTest */ -int wc_FreeRng(WC_RNG*); - -/*! - \ingroup Random - - \brief Should be called when RNG no longer needed in order to securely - free rng. - - - \param rng random number generator initialized with wc_InitRng - - _Example_ - \code - RNG rng; - byte nonce[] = { initialize nonce }; - word32 nonceSz = sizeof(nonce); - - rng = wc_rng_new(&nonce, nonceSz, &heap); - - // use rng - - wc_rng_free(&rng); - - \endcode - - \sa wc_InitRng - \sa wc_rng_new - \sa wc_FreeRng - \sa wc_RNG_HealthTest -*/ -WC_RNG* wc_rng_free(WC_RNG* rng); +int wc_FreeRng(WC_RNG* rng); /*! \ingroup Random @@ -325,3 +263,323 @@ int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz, const byte* seedB, word32 seedBSz, byte* output, word32 outputSz); + +/*! + \ingroup Random + \brief Generates seed from OS entropy source. Lower-level function + used internally by wc_InitRng. + + \return 0 On success + \return WINCRYPT_E Failed to acquire context (Windows) + \return CRYPTGEN_E Failed to generate random (Windows) + \return RNG_FAILURE_E Failed to read entropy + + \param os Pointer to OS_Seed structure + \param output Buffer to store seed + \param sz Size of seed in bytes + + _Example_ + \code + OS_Seed os; + byte seed[32]; + int ret = wc_GenerateSeed(&os, seed, sizeof(seed)); + \endcode + + \sa wc_InitRng +*/ +int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz); + +/*! + \ingroup Random + \brief Allocates and initializes new WC_RNG with optional nonce. + + \return Pointer to WC_RNG on success + \return NULL on failure + + \param nonce Nonce buffer (can be NULL) + \param nonceSz Nonce size + \param heap Heap hint (can be NULL) + + _Example_ + \code + WC_RNG* rng = wc_rng_new(NULL, 0, NULL); + wc_rng_free(rng); + \endcode + + \sa wc_rng_free +*/ +WC_RNG* wc_rng_new(byte* nonce, word32 nonceSz, void* heap); + +/*! + \ingroup Random + \brief Allocates and initializes WC_RNG with extended parameters. + + \return 0 On success + \return BAD_FUNC_ARG If rng is NULL + \return MEMORY_E Memory allocation failed + + \param rng Pointer to store WC_RNG pointer + \param nonce Nonce buffer (can be NULL) + \param nonceSz Nonce size + \param heap Heap hint (can be NULL) + \param devId Device ID (INVALID_DEVID for software) + + _Example_ + \code + WC_RNG* rng; + int ret = wc_rng_new_ex(&rng, NULL, 0, NULL, INVALID_DEVID); + wc_rng_free(rng); + \endcode + + \sa wc_rng_new +*/ +int wc_rng_new_ex(WC_RNG **rng, byte* nonce, word32 nonceSz, void* heap, + int devId); + +/*! + \ingroup Random + \brief Frees WC_RNG allocated with wc_rng_new. + + \param rng WC_RNG to free + + _Example_ + \code + WC_RNG* rng = wc_rng_new(NULL, 0, NULL); + wc_rng_free(rng); + \endcode + + \sa wc_rng_new +*/ +void wc_rng_free(WC_RNG* rng); + +/*! + \ingroup Random + \brief Initializes WC_RNG with extended parameters. + + \return 0 On success + \return BAD_FUNC_ARG If rng is NULL + \return RNG_FAILURE_E Initialization failed + + \param rng WC_RNG to initialize + \param heap Heap hint (can be NULL) + \param devId Device ID (INVALID_DEVID for software) + + _Example_ + \code + WC_RNG rng; + int ret = wc_InitRng_ex(&rng, NULL, INVALID_DEVID); + wc_FreeRng(&rng); + \endcode + + \sa wc_InitRng +*/ +int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId); + +/*! + \ingroup Random + \brief Initializes WC_RNG with nonce. + + \return 0 On success + \return BAD_FUNC_ARG If rng is NULL + \return RNG_FAILURE_E Initialization failed + + \param rng WC_RNG to initialize + \param nonce Nonce buffer + \param nonceSz Nonce size + + _Example_ + \code + WC_RNG rng; + byte nonce[16]; + int ret = wc_InitRngNonce(&rng, nonce, sizeof(nonce)); + wc_FreeRng(&rng); + \endcode + + \sa wc_InitRng +*/ +int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz); + +/*! + \ingroup Random + \brief Initializes WC_RNG with nonce and extended parameters. + + \return 0 On success + \return BAD_FUNC_ARG If rng is NULL + \return RNG_FAILURE_E Initialization failed + + \param rng WC_RNG to initialize + \param nonce Nonce buffer + \param nonceSz Nonce size + \param heap Heap hint (can be NULL) + \param devId Device ID (INVALID_DEVID for software) + + _Example_ + \code + WC_RNG rng; + byte nonce[16]; + int ret = wc_InitRngNonce_ex(&rng, nonce, sizeof(nonce), NULL, + INVALID_DEVID); + wc_FreeRng(&rng); + \endcode + + \sa wc_InitRngNonce +*/ +int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz, + void* heap, int devId); + +/*! + \ingroup Random + \brief Sets callback for custom seed generation. + + \return 0 On success + \return BAD_FUNC_ARG If cb is NULL + + \param cb Seed callback function + + _Example_ + \code + int my_cb(OS_Seed* os, byte* out, word32 sz) { return 0; } + wc_SetSeed_Cb(my_cb); + \endcode + + \sa wc_GenerateSeed +*/ +int wc_SetSeed_Cb(wc_RngSeed_Cb cb); + +/*! + \ingroup Random + \brief Reseeds DRBG with new entropy. + + \return 0 On success + \return BAD_FUNC_ARG If rng or seed is NULL + \return RNG_FAILURE_E Reseed failed + + \param rng WC_RNG to reseed + \param seed Seed buffer + \param seedSz Seed size + + _Example_ + \code + WC_RNG rng; + byte seed[32]; + wc_InitRng(&rng); + int ret = wc_RNG_DRBG_Reseed(&rng, seed, sizeof(seed)); + \endcode + + \sa wc_InitRng +*/ +int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed, word32 seedSz); + +/*! + \ingroup Random + \brief Tests seed validity for DRBG. + + \return 0 If valid + \return BAD_FUNC_ARG If seed is NULL + \return ENTROPY_RT_E || ENTROPY_APT_E Validation failed + + \param seed Seed to test + \param seedSz Seed size + + _Example_ + \code + byte seed[32]; + int ret = wc_RNG_TestSeed(seed, sizeof(seed)); + \endcode + + \sa wc_InitRng +*/ +int wc_RNG_TestSeed(const byte* seed, word32 seedSz); + +/*! + \ingroup Random + \brief RNG health test with extended parameters. + + \return 0 On success + \return BAD_FUNC_ARG If required params NULL + \return -1 Test failed + + \param reseed Non-zero to test reseeding + \param nonce Nonce buffer (can be NULL) + \param nonceSz Nonce size + \param seedA Initial seed + \param seedASz Initial seed size + \param seedB Reseed buffer (required if reseed set) + \param seedBSz Reseed size + \param output Output buffer + \param outputSz Output size + \param heap Heap hint (can be NULL) + \param devId Device ID (INVALID_DEVID for software) + + _Example_ + \code + byte seedA[32], seedB[32], out[64]; + int ret = wc_RNG_HealthTest_ex(1, NULL, 0, seedA, 32, seedB, 32, + out, 64, NULL, INVALID_DEVID); + \endcode + + \sa wc_RNG_HealthTest +*/ +int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz, + const byte* seedA, word32 seedASz, + const byte* seedB, word32 seedBSz, byte* output, + word32 outputSz, void* heap, int devId); + +/*! + \ingroup Random + \brief Gets raw entropy without DRBG processing. + + \return 0 On success + \return BAD_FUNC_ARG If raw is NULL + \return RNG_FAILURE_E Failed + + \param raw Buffer for entropy + \param cnt Bytes to retrieve + + _Example_ + \code + byte raw[32]; + int ret = wc_Entropy_GetRawEntropy(raw, sizeof(raw)); + \endcode + + \sa wc_Entropy_Get +*/ +int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt); + +/*! + \ingroup Random + \brief Gets processed entropy with specified bits. + + \return 0 On success + \return BAD_FUNC_ARG If entropy is NULL + \return RNG_FAILURE_E Failed + + \param bits Entropy bits required + \param entropy Buffer for entropy + \param len Buffer size + + _Example_ + \code + byte entropy[32]; + int ret = wc_Entropy_Get(256, entropy, sizeof(entropy)); + \endcode + + \sa wc_Entropy_GetRawEntropy +*/ +int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len); + +/*! + \ingroup Random + \brief Tests entropy source on demand. + + \return 0 On success + \return RNG_FAILURE_E Test failed + + _Example_ + \code + int ret = wc_Entropy_OnDemandTest(); + \endcode + + \sa wc_Entropy_Get +*/ +int wc_Entropy_OnDemandTest(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ripemd.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ripemd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ripemd.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ripemd.h 2026-05-24 09:58:33.000000000 +0000 @@ -23,7 +23,7 @@ \sa wc_RipeMdUpdate \sa wc_RipeMdFinal */ -int wc_InitRipeMd(RipeMd*); +int wc_InitRipeMd(RipeMd* ripemd); /*! \ingroup RIPEMD diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -43,6 +43,9 @@ The key has to be associated with RNG by wc_RsaSetRNG when WC_RSA_BLINDING is enabled. + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + \return 0 Returned upon successfully initializing the RSA structure for use with encryption and decryption \return BAD_FUNC_ARGS Returned if the RSA key pointer evaluates to NULL @@ -351,7 +354,7 @@ \brief Used to verify that the message was signed by RSA key. The output uses the same byte array as the input. - \return >0 Length of text. + \return >0 Length of the digest. \return <0 An error occurred. \param in Byte array to be decrypted. @@ -388,7 +391,7 @@ \brief Used to verify that the message was signed by key. - \return Success Length of text on no error. + \return Success Length of digest on no error. \return MEMORY_E memory exception. \param in The byte array to be decrypted. @@ -522,7 +525,7 @@ \sa wc_RsaPSS_CheckPadding \sa wc_RsaSetRNG */ -int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, +int wc_RsaPSS_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key); @@ -651,7 +654,7 @@ \sa wc_RsaSetRNG */ -int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, +int wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen, byte* out, word32 outLen, const byte* digest, word32 digestLen, enum wc_HashType hash, int mgf, @@ -927,7 +930,7 @@ \sa wc_RsaPSS_CheckPadding_ex \sa wc_RsaSetRNG */ -int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType); /*! @@ -992,7 +995,7 @@ \sa wc_RsaPSS_VerifyCheckInline_ex \sa wc_RsaPSS_CheckPadding */ -int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); /*! \ingroup RSA @@ -1012,7 +1015,7 @@ \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaEncryptSize(RsaKey* key); +int wc_RsaEncryptSize(const RsaKey* key); /*! \ingroup RSA @@ -1389,7 +1392,7 @@ \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, +int wc_RsaFlattenPublicKey(const RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz); /*! @@ -1612,3 +1615,591 @@ */ int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, word32 cpuMHz); +/*! + \ingroup RSA + \brief Initializes RSA key with heap and device ID. + + \return 0 on success + \return negative on error + + \param key RSA key structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + RsaKey key; + int ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitRsaKey +*/ +int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); + +/*! + \ingroup RSA + \brief Allocates and initializes new RSA key. These New/Delete functions + are exposed to support allocation of the structure using dynamic memory + to provide better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return RsaKey pointer on success + \return NULL on failure + + \param heap Heap hint + \param devId Device ID + \param result_code Result code pointer + + _Example_ + \code + int result; + RsaKey* key = wc_NewRsaKey(NULL, INVALID_DEVID, &result); + \endcode + + \sa wc_DeleteRsaKey +*/ +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); + +/*! + \ingroup RSA + \brief Deletes and frees RSA key. These New/Delete functions are exposed + to support allocation of the structure using dynamic memory to provide + better ABI compatibility. + + \note This API is only available when WC_NO_CONSTRUCTORS is not defined. + WC_NO_CONSTRUCTORS is automatically defined when WOLFSSL_NO_MALLOC is + defined. + + \return 0 on success + \return negative on error + + \param key RSA key to delete + \param key_p Pointer to key pointer + + _Example_ + \code + RsaKey* key; + int ret = wc_DeleteRsaKey(key, &key); + \endcode + + \sa wc_NewRsaKey +*/ +int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); + +/*! + \ingroup RSA + \brief Initializes RSA key with label. + + \note This API is only available when WOLF_PRIVATE_KEY_ID is defined, + which is set for PKCS11 support. + + \return 0 on success + \return negative on error + + \param key RSA key structure + \param label Label string + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + RsaKey key; + int ret = wc_InitRsaKey_Label(&key, "mykey", NULL, + INVALID_DEVID); + \endcode + + \sa wc_InitRsaKey_ex +*/ +int wc_InitRsaKey_Label(RsaKey* key, const char* label, void* heap, + int devId); + +/*! + \ingroup RSA + \brief Checks RSA key validity. + + \return 0 on success + \return negative on error + + \param key RSA key to check + + _Example_ + \code + RsaKey key; + int ret = wc_CheckRsaKey(&key); + \endcode + + \sa wc_MakeRsaKey +*/ +int wc_CheckRsaKey(RsaKey* key); + +/*! + \ingroup RSA + \brief Uses key ID for hardware RSA. + + \return 0 on success + \return negative on error + + \param key RSA key + \param keyId Key identifier + \param flags Flags + + _Example_ + \code + RsaKey key; + int ret = wc_RsaUseKeyId(&key, 1, 0); + \endcode + + \sa wc_RsaGetKeyId +*/ +int wc_RsaUseKeyId(RsaKey* key, word32 keyId, word32 flags); + +/*! + \ingroup RSA + \brief Gets key ID from hardware RSA key. + + \return 0 on success + \return negative on error + + \param key RSA key + \param keyId Key identifier pointer + + _Example_ + \code + RsaKey key; + word32 keyId; + int ret = wc_RsaGetKeyId(&key, &keyId); + \endcode + + \sa wc_RsaUseKeyId +*/ +int wc_RsaGetKeyId(RsaKey* key, word32* keyId); + +/*! + \ingroup RSA + \brief Performs RSA operation. + + \return 0 on success + \return negative on error + + \param in Input buffer + \param inLen Input length + \param out Output buffer + \param outLen Output length pointer + \param type Operation type + \param key RSA key + \param rng Random number generator + + _Example_ + \code + RsaKey key; + WC_RNG rng; + byte in[256], out[256]; + word32 outLen = sizeof(out); + int ret = wc_RsaFunction(in, 256, out, &outLen, + RSA_PUBLIC_ENCRYPT, &key, &rng); + \endcode + + \sa wc_RsaPublicEncrypt +*/ +int wc_RsaFunction(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng); + +/*! + \ingroup RSA + \brief Signs with RSA-PSS extended options. + + \return Size of signature on success + \return negative on error + + \param in Input buffer + \param inLen Input length + \param out Output buffer + \param outLen Output buffer size + \param hash Hash type + \param mgf MGF type + \param saltLen Salt length + \param key RSA key + \param rng Random number generator + + _Example_ + \code + RsaKey key; + WC_RNG rng; + byte in[32], sig[256]; + int ret = wc_RsaPSS_Sign_ex(in, 32, sig, sizeof(sig), + WC_HASH_TYPE_SHA256, + WC_MGF1SHA256, 32, &key, &rng); + \endcode + + \sa wc_RsaPSS_Sign +*/ +int wc_RsaPSS_Sign_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, int mgf, int saltLen, + RsaKey* key, WC_RNG* rng); + +/*! + \ingroup RSA + \brief Verifies RSA signature with padding type. + + \return Size of decrypted data on success + \return negative on error + + \param in Input signature + \param inLen Signature length + \param out Output buffer + \param outLen Output buffer size + \param key RSA key + \param pad_type Padding type + + _Example_ + \code + RsaKey key; + byte sig[256], out[256]; + int ret = wc_RsaSSL_Verify_ex(sig, 256, out, sizeof(out), + &key, RSA_PKCS1_PADDING); + \endcode + + \sa wc_RsaSSL_Verify +*/ +int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type); + +/*! + \ingroup RSA + \brief Verifies RSA signature with hash type. + + \return Size of decrypted data on success + \return negative on error + + \param in Input signature + \param inLen Signature length + \param out Output buffer + \param outLen Output buffer size + \param key RSA key + \param pad_type Padding type + \param hash Hash type + + _Example_ + \code + RsaKey key; + byte sig[256], out[256]; + int ret = wc_RsaSSL_Verify_ex2(sig, 256, out, sizeof(out), + &key, RSA_PKCS1_PADDING, + WC_HASH_TYPE_SHA256); + \endcode + + \sa wc_RsaSSL_Verify_ex +*/ +int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type, + enum wc_HashType hash); + +/*! + \ingroup RSA + \brief Verifies RSA-PSS inline with extended options. + + \return Size of verified data on success + \return negative on error + + \param in Input/output buffer + \param inLen Input length + \param out Output pointer + \param hash Hash type + \param mgf MGF type + \param saltLen Salt length + \param key RSA key + + _Example_ + \code + RsaKey key; + byte sig[256]; + byte* out; + int ret = wc_RsaPSS_VerifyInline_ex(sig, 256, &out, + WC_HASH_TYPE_SHA256, + WC_MGF1SHA256, 32, &key); + \endcode + + \sa wc_RsaPSS_VerifyInline +*/ +int wc_RsaPSS_VerifyInline_ex(byte* in, word32 inLen, byte** out, + enum wc_HashType hash, int mgf, int saltLen, RsaKey* key); + +/*! + \ingroup RSA + \brief Verifies RSA-PSS with extended options. + + \return Size of verified data on success + \return negative on error + + \param in Input signature + \param inLen Signature length + \param out Output buffer + \param outLen Output buffer size + \param hash Hash type + \param mgf MGF type + \param saltLen Salt length + \param key RSA key + + _Example_ + \code + RsaKey key; + byte sig[256], out[256]; + int ret = wc_RsaPSS_Verify_ex(sig, 256, out, sizeof(out), + WC_HASH_TYPE_SHA256, + WC_MGF1SHA256, 32, &key); + \endcode + + \sa wc_RsaPSS_Verify +*/ +int wc_RsaPSS_Verify_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, enum wc_HashType hash, int mgf, int saltLen, + RsaKey* key); + +/*! + \ingroup RSA + \brief Checks RSA-PSS padding with extended options. + + \return 0 on success + \return negative on error + + \param in Padded data + \param inLen Padded data length + \param sig Signature + \param sigSz Signature size + \param hashType Hash type + \param saltLen Salt length + \param bits Key size in bits + \param heap Heap hint + + _Example_ + \code + byte padded[256], sig[256]; + int ret = wc_RsaPSS_CheckPadding_ex2(padded, 256, sig, 256, + WC_HASH_TYPE_SHA256, 32, + 2048, NULL); + \endcode + + \sa wc_RsaPSS_CheckPadding_ex +*/ +int wc_RsaPSS_CheckPadding_ex2(const byte* in, word32 inLen, + const byte* sig, word32 sigSz, enum wc_HashType hashType, + int saltLen, int bits, void* heap); + +/*! + \ingroup RSA + \brief Exports RSA key components. + + \return 0 on success + \return negative on error + + \param key RSA key + \param e Public exponent buffer + \param eSz Public exponent size pointer + \param n Modulus buffer + \param nSz Modulus size pointer + \param d Private exponent buffer + \param dSz Private exponent size pointer + \param p Prime p buffer + \param pSz Prime p size pointer + \param q Prime q buffer + \param qSz Prime q size pointer + + _Example_ + \code + RsaKey key; + byte e[3], n[256], d[256], p[128], q[128]; + word32 eSz = 3, nSz = 256, dSz = 256, pSz = 128, qSz = 128; + int ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, + p, &pSz, q, &qSz); + \endcode + + \sa wc_RsaFlattenPublicKey +*/ +int wc_RsaExportKey(const RsaKey* key, byte* e, word32* eSz, + byte* n, word32* nSz, byte* d, word32* dSz, byte* p, + word32* pSz, byte* q, word32* qSz); + +/*! + \ingroup RSA + \brief Checks probable prime with extended options. + + \return 0 on success + \return negative on error + + \param p Prime p buffer + \param pSz Prime p size + \param q Prime q buffer + \param qSz Prime q size + \param e Public exponent buffer + \param eSz Public exponent size + \param nlen Modulus length + \param isPrime Prime result pointer + \param rng Random number generator + + _Example_ + \code + byte p[128], q[128], e[3]; + int isPrime; + WC_RNG rng; + int ret = wc_CheckProbablePrime_ex(p, 128, q, 128, e, 3, + 2048, &isPrime, &rng); + \endcode + + \sa wc_CheckProbablePrime +*/ +int wc_CheckProbablePrime_ex(const byte* p, word32 pSz, + const byte* q, word32 qSz, const byte* e, word32 eSz, + int nlen, int* isPrime, WC_RNG* rng); + +/*! + \ingroup RSA + \brief Checks probable prime. + + \return 0 on success + \return negative on error + + \param p Prime p buffer + \param pSz Prime p size + \param q Prime q buffer + \param qSz Prime q size + \param e Public exponent buffer + \param eSz Public exponent size + \param nlen Modulus length + \param isPrime Prime result pointer + + _Example_ + \code + byte p[128], q[128], e[3]; + int isPrime; + int ret = wc_CheckProbablePrime(p, 128, q, 128, e, 3, 2048, + &isPrime); + \endcode + + \sa wc_CheckProbablePrime_ex +*/ +int wc_CheckProbablePrime(const byte* p, word32 pSz, + const byte* q, word32 qSz, const byte* e, word32 eSz, + int nlen, int* isPrime); + +/*! + \ingroup RSA + \brief Pads data with extended options. + + \return 0 on success + \return negative on error + + \param input Input data + \param inputLen Input length + \param pkcsBlock Output padded block + \param pkcsBlockLen Padded block size + \param padValue Pad value + \param rng Random number generator + \param padType Padding type + \param hType Hash type + \param mgf MGF type + \param optLabel Optional label + \param labelLen Label length + \param saltLen Salt length + \param bits Key size in bits + \param heap Heap hint + + _Example_ + \code + byte in[32], padded[256]; + WC_RNG rng; + int ret = wc_RsaPad_ex(in, 32, padded, 256, 0x00, &rng, + RSA_BLOCK_TYPE_1, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, + NULL, 0, 32, 2048, NULL); + \endcode + + \sa wc_RsaUnPad_ex +*/ +int wc_RsaPad_ex(const byte* input, word32 inputLen, + byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, + WC_RNG* rng, int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, int saltLen, int bits, + void* heap); + +/*! + \ingroup RSA + \brief Unpads data with extended options. + + \return Size of unpadded data on success + \return negative on error + + \param pkcsBlock Padded block + \param pkcsBlockLen Padded block length + \param out Output pointer + \param padValue Pad value + \param padType Padding type + \param hType Hash type + \param mgf MGF type + \param optLabel Optional label + \param labelLen Label length + \param saltLen Salt length + \param bits Key size in bits + \param heap Heap hint + + _Example_ + \code + byte padded[256]; + byte* out; + int ret = wc_RsaUnPad_ex(padded, 256, &out, 0x00, + RSA_BLOCK_TYPE_1, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, + NULL, 0, 32, 2048, NULL); + \endcode + + \sa wc_RsaPad_ex +*/ +int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, + byte** out, byte padValue, int padType, + enum wc_HashType hType, int mgf, byte* optLabel, + word32 labelLen, int saltLen, int bits, void* heap); + +/*! + \ingroup RSA + \brief Decodes raw RSA private key. + + \return 0 on success + \return negative on error + + \param n Modulus buffer + \param nSz Modulus size + \param e Public exponent buffer + \param eSz Public exponent size + \param d Private exponent buffer + \param dSz Private exponent size + \param u Coefficient buffer + \param uSz Coefficient size + \param p Prime p buffer + \param pSz Prime p size + \param q Prime q buffer + \param qSz Prime q size + \param dP dP buffer + \param dPSz dP size + \param dQ dQ buffer + \param dQSz dQ size + \param key RSA key + + _Example_ + \code + RsaKey key; + byte n[256], e[3], d[256], u[256], p[128], q[128]; + byte dP[128], dQ[128]; + int ret = wc_RsaPrivateKeyDecodeRaw(n, 256, e, 3, d, 256, + u, 256, p, 128, q, 128, + dP, 128, dQ, 128, &key); + \endcode + + \sa wc_RsaPrivateKeyDecode +*/ +int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz, + const byte* e, word32 eSz, const byte* d, word32 dSz, + const byte* u, word32 uSz, const byte* p, word32 pSz, + const byte* q, word32 qSz, const byte* dP, word32 dPSz, + const byte* dQ, word32 dQSz, RsaKey* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -24,7 +24,7 @@ \sa wc_ShaUpdate \sa wc_ShaFinal */ -int wc_InitSha(wc_Sha*); +int wc_InitSha(wc_Sha* sha); /*! \ingroup SHA @@ -112,7 +112,7 @@ \sa wc_ShaUpdate \sa wc_ShaFinal */ -void wc_ShaFree(wc_Sha*); +void wc_ShaFree(wc_Sha* sha); /*! \ingroup SHA @@ -142,3 +142,124 @@ \sa wc_InitSha */ int wc_ShaGetHash(wc_Sha* sha, byte* hash); +/*! + \ingroup SHA + \brief Initializes SHA with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha sha; + int ret = wc_InitSha_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha +*/ +int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Gets raw hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha SHA structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha sha; + byte hash[WC_SHA_DIGEST_SIZE]; + int ret = wc_ShaFinalRaw(&sha, hash); + \endcode + + \sa wc_ShaFinal +*/ +int wc_ShaFinalRaw(wc_Sha* sha, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA context. + + \return 0 on success + \return negative on error + + \param src Source SHA structure + \param dst Destination SHA structure + + _Example_ + \code + wc_Sha src, dst; + int ret = wc_ShaCopy(&src, &dst); + \endcode + + \sa wc_InitSha +*/ +int wc_ShaCopy(wc_Sha* src, wc_Sha* dst); + +/*! + \ingroup SHA + \brief Transforms SHA block. + + \return 0 on success + \return negative on error + + \param sha SHA structure + \param data Block data + + _Example_ + \code + wc_Sha sha; + unsigned char block[WC_SHA_BLOCK_SIZE]; + int ret = wc_ShaTransform(&sha, block); + \endcode + + \sa wc_ShaUpdate +*/ +int wc_ShaTransform(wc_Sha* sha, const unsigned char* data); + +/*! + \ingroup SHA + \brief Sets SHA size. + + \return none No returns + + \param sha SHA structure + \param len Size to set + + _Example_ + \code + wc_Sha sha; + wc_ShaSizeSet(&sha, 1000); + \endcode + + \sa wc_ShaUpdate +*/ +void wc_ShaSizeSet(wc_Sha* sha, word32 len); + +/*! + \ingroup SHA + \brief Sets SHA flags. + + \return 0 on success + \return negative on error + + \param sha SHA structure + \param flags Flags to set + + _Example_ + \code + wc_Sha sha; + int ret = wc_ShaSetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha +*/ +int wc_ShaSetFlags(wc_Sha* sha, word32 flags); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha256.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha256.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha256.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha256.h 2026-05-24 09:58:33.000000000 +0000 @@ -24,7 +24,7 @@ \sa wc_Sha256Update \sa wc_Sha256Final */ -int wc_InitSha256(wc_Sha256*); +int wc_InitSha256(wc_Sha256* sha); /*! \ingroup SHA @@ -121,7 +121,7 @@ \sa wc_Sha256Update \sa wc_Sha256Final */ -void wc_Sha256Free(wc_Sha256*); +void wc_Sha256Free(wc_Sha256* sha256); /*! \ingroup SHA @@ -175,7 +175,7 @@ \sa wc_Sha224Update \sa wc_Sha224Final */ -int wc_InitSha224(wc_Sha224*); +int wc_InitSha224(wc_Sha224* sha224); /*! \ingroup SHA @@ -194,7 +194,7 @@ _Example_ \code Sha224 sha224; - byte data[] = { /* Data to be hashed }; + byte data[]; // Data to be hashed word32 len = sizeof(data); if ((ret = wc_InitSha224(&sha224)) != 0) { @@ -227,7 +227,7 @@ _Example_ \code Sha224 sha224; - byte data[] = { /* Data to be hashed }; + byte data[]; // Data to be hashed word32 len = sizeof(data); if ((ret = wc_InitSha224(&sha224)) != 0) { @@ -244,3 +244,344 @@ \sa wc_Sha224Update */ int wc_Sha224Final(wc_Sha224* sha224, byte* hash); + +/*! + \ingroup SHA + \brief Initializes SHA256 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA256 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha256 sha; + int ret = wc_InitSha256_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha256 +*/ +int wc_InitSha256_ex(wc_Sha256* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Gets raw hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha256 SHA256 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha256 sha; + byte hash[WC_SHA256_DIGEST_SIZE]; + int ret = wc_Sha256FinalRaw(&sha, hash); + \endcode + + \sa wc_Sha256Final +*/ +int wc_Sha256FinalRaw(wc_Sha256* sha256, byte* hash); + +/*! + \ingroup SHA + \brief Transforms SHA256 block. + + \return 0 on success + \return negative on error + + \param sha SHA256 structure + \param data Block data + + _Example_ + \code + wc_Sha256 sha; + unsigned char block[WC_SHA256_BLOCK_SIZE]; + int ret = wc_Sha256Transform(&sha, block); + \endcode + + \sa wc_Sha256Update +*/ +int wc_Sha256Transform(wc_Sha256* sha, const unsigned char* data); + +/*! + \ingroup SHA + \brief Hashes single block and outputs result. + + \return 0 on success + \return negative on error + + \param sha SHA256 structure + \param data Block data + \param hash Output hash buffer + + _Example_ + \code + wc_Sha256 sha; + unsigned char block[WC_SHA256_BLOCK_SIZE]; + unsigned char hash[WC_SHA256_DIGEST_SIZE]; + int ret = wc_Sha256HashBlock(&sha, block, hash); + \endcode + + \sa wc_Sha256Transform +*/ +int wc_Sha256HashBlock(wc_Sha256* sha, const unsigned char* data, + unsigned char* hash); + +/*! + \ingroup SHA + \brief Grows SHA256 buffer with input data. This function is only + available when WOLFSSL_HASH_KEEP is defined. It is used for keeping an + internal buffer to hold all data to be hashed rather than iterating + over update, which is necessary for some hardware acceleration + platforms that have restrictions on streaming hash operations. + + \return 0 on success + \return negative on error + + \param sha256 SHA256 structure + \param in Input data + \param inSz Input size + + _Example_ + \code + wc_Sha256 sha; + byte data[100]; + int ret = wc_Sha256_Grow(&sha, data, sizeof(data)); + \endcode + + \sa wc_Sha256Update +*/ +int wc_Sha256_Grow(wc_Sha256* sha256, const byte* in, int inSz); + +/*! + \ingroup SHA + \brief Copies SHA256 context. + + \return 0 on success + \return negative on error + + \param src Source SHA256 structure + \param dst Destination SHA256 structure + + _Example_ + \code + wc_Sha256 src, dst; + int ret = wc_Sha256Copy(&src, &dst); + \endcode + + \sa wc_InitSha256 +*/ +int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst); + +/*! + \ingroup SHA + \brief Sets SHA256 size. + + \return none No returns + + \param sha256 SHA256 structure + \param len Size to set + + _Example_ + \code + wc_Sha256 sha; + wc_Sha256SizeSet(&sha, 1000); + \endcode + + \sa wc_Sha256Update +*/ +void wc_Sha256SizeSet(wc_Sha256* sha256, word32 len); + +/*! + \ingroup SHA + \brief Sets SHA256 flags. + + \return 0 on success + \return negative on error + + \param sha256 SHA256 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha256 sha; + int ret = wc_Sha256SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha256 +*/ +int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA256 flags. + + \return 0 on success + \return negative on error + + \param sha256 SHA256 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha256 sha; + word32 flags; + int ret = wc_Sha256GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha256SetFlags +*/ +int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags); + +/*! + \ingroup SHA + \brief Initializes SHA224 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha224 SHA224 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha224 sha; + int ret = wc_InitSha224_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha224 +*/ +int wc_InitSha224_ex(wc_Sha224* sha224, void* heap, int devId); + +/*! + \ingroup SHA + \brief Frees SHA224 resources. + + \return none No returns + + \param sha224 SHA224 structure + + _Example_ + \code + wc_Sha224 sha; + wc_InitSha224(&sha); + wc_Sha224Free(&sha); + \endcode + + \sa wc_InitSha224 +*/ +void wc_Sha224Free(wc_Sha224* sha224); + +/*! + \ingroup SHA + \brief Grows SHA224 buffer with input data. This function is only + available when WOLFSSL_HASH_KEEP is defined. It is used for keeping an + internal buffer to hold all data to be hashed rather than iterating + over update, which is necessary for some hardware acceleration + platforms that have restrictions on streaming hash operations. + + \return 0 on success + \return negative on error + + \param sha224 SHA224 structure + \param in Input data + \param inSz Input size + + _Example_ + \code + wc_Sha224 sha; + byte data[100]; + int ret = wc_Sha224_Grow(&sha, data, sizeof(data)); + \endcode + + \sa wc_Sha224Update +*/ +int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz); + +/*! + \ingroup SHA + \brief Gets SHA224 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha224 SHA224 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha224 sha; + byte hash[WC_SHA224_DIGEST_SIZE]; + int ret = wc_Sha224GetHash(&sha, hash); + \endcode + + \sa wc_Sha224Final +*/ +int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA224 context. + + \return 0 on success + \return negative on error + + \param src Source SHA224 structure + \param dst Destination SHA224 structure + + _Example_ + \code + wc_Sha224 src, dst; + int ret = wc_Sha224Copy(&src, &dst); + \endcode + + \sa wc_InitSha224 +*/ +int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst); + +/*! + \ingroup SHA + \brief Sets SHA224 flags. + + \return 0 on success + \return negative on error + + \param sha224 SHA224 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha224 sha; + int ret = wc_Sha224SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha224 +*/ +int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA224 flags. + + \return 0 on success + \return negative on error + + \param sha224 SHA224 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha224 sha; + word32 flags; + int ret = wc_Sha224GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha224SetFlags +*/ +int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha3.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -121,7 +121,7 @@ \sa wc_Sha3_224_Update \sa wc_Sha3_224_Final */ -void wc_Sha3_224_Free(wc_Sha3*); +void wc_Sha3_224_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -306,7 +306,7 @@ \sa wc_Sha3_256_Update \sa wc_Sha3_256_Final */ -void wc_Sha3_256_Free(wc_Sha3*); +void wc_Sha3_256_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -491,7 +491,7 @@ \sa wc_Sha3_384_Update \sa wc_Sha3_384_Final */ -void wc_Sha3_384_Free(wc_Sha3*); +void wc_Sha3_384_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -676,7 +676,7 @@ \sa wc_Sha3_512_Update \sa wc_Sha3_512_Final */ -void wc_Sha3_512_Free(wc_Sha3*); +void wc_Sha3_512_Free(wc_Sha3* sha3); /*! \ingroup SHA @@ -809,6 +809,7 @@ \param shake pointer to the shake structure to use for encryption \param hash Byte array to hold hash value. + \param hashLen Number of bytes to write to hash. _Example_ \code @@ -829,7 +830,7 @@ \sa wc_Shake128_GetHash \sa wc_InitShake128 */ -int wc_Shake128_Final(wc_Shake* shake, byte* hash); +int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen); /*! \ingroup SHA @@ -930,7 +931,7 @@ \sa wc_Shake128_Update \sa wc_Shake128_Final */ -void wc_Shake128_Free(wc_Shake*); +void wc_Shake128_Free(wc_Shake* shake); /*! \ingroup SHA @@ -990,7 +991,7 @@ \sa wc_InitShake128 \sa wc_Shake128_GetHash */ -int wc_Shake128_Copy(wc_Shake* shake, wc_Shake* dst); +int wc_Shake128_Copy(wc_Shake* src, wc_Sha3* dst); /*! \ingroup SHA @@ -1185,7 +1186,7 @@ \sa wc_Shake256_Update \sa wc_Shake256_Final */ -void wc_Shake256_Free(wc_Shake*); +void wc_Shake256_Free(wc_Shake* shake); /*! \ingroup SHA @@ -1245,6 +1246,4 @@ \sa wc_InitShake256 \sa wc_Shake256_GetHash */ -int wc_Shake256_Copy(wc_Shake* shake, wc_Shake* dst); - - +int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha512.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha512.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha512.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/sha512.h 2026-05-24 09:58:33.000000000 +0000 @@ -24,7 +24,7 @@ \sa wc_Sha512Update \sa wc_Sha512Final */ -int wc_InitSha512(wc_Sha512*); +int wc_InitSha512(wc_Sha512* sha); /*! \ingroup SHA @@ -116,7 +116,7 @@ \sa wc_Sha384Update \sa wc_Sha384Final */ -int wc_InitSha384(wc_Sha384*); +int wc_InitSha384(wc_Sha384* sha); /*! \ingroup SHA @@ -181,3 +181,827 @@ \sa wc_InitSha384 */ int wc_Sha384Final(wc_Sha384* sha384, byte* hash); + +/*! + \ingroup SHA + \brief Initializes SHA512 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_InitSha512_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha512 +*/ +int wc_InitSha512_ex(wc_Sha512* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Gets raw hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_DIGEST_SIZE]; + int ret = wc_Sha512FinalRaw(&sha, hash); + \endcode + + \sa wc_Sha512Final +*/ +int wc_Sha512FinalRaw(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Frees SHA512 resources. + + \return none No returns + + \param sha SHA512 structure + + _Example_ + \code + wc_Sha512 sha; + wc_InitSha512(&sha); + wc_Sha512Free(&sha); + \endcode + + \sa wc_InitSha512 +*/ +void wc_Sha512Free(wc_Sha512* sha); + +/*! + \ingroup SHA + \brief Gets SHA512 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_DIGEST_SIZE]; + int ret = wc_Sha512GetHash(&sha, hash); + \endcode + + \sa wc_Sha512Final +*/ +int wc_Sha512GetHash(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA512 context. + + \return 0 on success + \return negative on error + + \param src Source SHA512 structure + \param dst Destination SHA512 structure + + _Example_ + \code + wc_Sha512 src, dst; + int ret = wc_Sha512Copy(&src, &dst); + \endcode + + \sa wc_InitSha512 +*/ +int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); + +/*! + \ingroup SHA + \brief Grows SHA512 buffer with input data. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param in Input data + \param inSz Input size + + _Example_ + \code + wc_Sha512 sha; + byte data[100]; + int ret = wc_Sha512_Grow(&sha, data, sizeof(data)); + \endcode + + \sa wc_Sha512Update +*/ +int wc_Sha512_Grow(wc_Sha512* sha512, const byte* in, int inSz); + +/*! + \ingroup SHA + \brief Sets SHA512 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_Sha512SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha512 +*/ +int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA512 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha512 sha; + word32 flags; + int ret = wc_Sha512GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha512SetFlags +*/ +int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags); + +/*! + \ingroup SHA + \brief Transforms SHA512 block. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param data Block data + + _Example_ + \code + wc_Sha512 sha; + unsigned char block[WC_SHA512_BLOCK_SIZE]; + int ret = wc_Sha512Transform(&sha, block); + \endcode + + \sa wc_Sha512Update +*/ +int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data); + +/*! + \ingroup SHA + \brief Initializes SHA512/224. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_InitSha512_224(&sha); + \endcode + + \sa wc_Sha512_224Update +*/ +int wc_InitSha512_224(wc_Sha512* sha); + +/*! + \ingroup SHA + \brief Initializes SHA512/224 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_InitSha512_224_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha512_224 +*/ +int wc_InitSha512_224_ex(wc_Sha512* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Updates SHA512/224 hash with data. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param data Input data + \param len Input size + + _Example_ + \code + wc_Sha512 sha; + byte data[100]; + int ret = wc_Sha512_224Update(&sha, data, sizeof(data)); + \endcode + + \sa wc_InitSha512_224 +*/ +int wc_Sha512_224Update(wc_Sha512* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + \brief Gets raw SHA512/224 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_224_DIGEST_SIZE]; + int ret = wc_Sha512_224FinalRaw(&sha, hash); + \endcode + + \sa wc_Sha512_224Final +*/ +int wc_Sha512_224FinalRaw(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Finalizes SHA512/224 hash. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_224_DIGEST_SIZE]; + int ret = wc_Sha512_224Final(&sha, hash); + \endcode + + \sa wc_Sha512_224Update +*/ +int wc_Sha512_224Final(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Frees SHA512/224 resources. + + \return none No returns + + \param sha SHA512 structure + + _Example_ + \code + wc_Sha512 sha; + wc_InitSha512_224(&sha); + wc_Sha512_224Free(&sha); + \endcode + + \sa wc_InitSha512_224 +*/ +void wc_Sha512_224Free(wc_Sha512* sha); + +/*! + \ingroup SHA + \brief Gets SHA512/224 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_224_DIGEST_SIZE]; + int ret = wc_Sha512_224GetHash(&sha, hash); + \endcode + + \sa wc_Sha512_224Final +*/ +int wc_Sha512_224GetHash(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA512/224 context. + + \return 0 on success + \return negative on error + + \param src Source SHA512 structure + \param dst Destination SHA512 structure + + _Example_ + \code + wc_Sha512 src, dst; + int ret = wc_Sha512_224Copy(&src, &dst); + \endcode + + \sa wc_InitSha512_224 +*/ +int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst); + +/*! + \ingroup SHA + \brief Sets SHA512/224 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_Sha512_224SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha512_224 +*/ +int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA512/224 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha512 sha; + word32 flags; + int ret = wc_Sha512_224GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha512_224SetFlags +*/ +int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags); + +/*! + \ingroup SHA + \brief Transforms SHA512/224 block. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param data Block data + + _Example_ + \code + wc_Sha512 sha; + unsigned char block[WC_SHA512_BLOCK_SIZE]; + int ret = wc_Sha512_224Transform(&sha, block); + \endcode + + \sa wc_Sha512_224Update +*/ +int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data); + +/*! + \ingroup SHA + \brief Initializes SHA512/256. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_InitSha512_256(&sha); + \endcode + + \sa wc_Sha512_256Update +*/ +int wc_InitSha512_256(wc_Sha512* sha); + +/*! + \ingroup SHA + \brief Initializes SHA512/256 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_InitSha512_256_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha512_256 +*/ +int wc_InitSha512_256_ex(wc_Sha512* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Updates SHA512/256 hash with data. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param data Input data + \param len Input size + + _Example_ + \code + wc_Sha512 sha; + byte data[100]; + int ret = wc_Sha512_256Update(&sha, data, sizeof(data)); + \endcode + + \sa wc_InitSha512_256 +*/ +int wc_Sha512_256Update(wc_Sha512* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + \brief Gets raw SHA512/256 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_256_DIGEST_SIZE]; + int ret = wc_Sha512_256FinalRaw(&sha, hash); + \endcode + + \sa wc_Sha512_256Final +*/ +int wc_Sha512_256FinalRaw(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Finalizes SHA512/256 hash. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_256_DIGEST_SIZE]; + int ret = wc_Sha512_256Final(&sha, hash); + \endcode + + \sa wc_Sha512_256Update +*/ +int wc_Sha512_256Final(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Frees SHA512/256 resources. + + \return none No returns + + \param sha SHA512 structure + + _Example_ + \code + wc_Sha512 sha; + wc_InitSha512_256(&sha); + wc_Sha512_256Free(&sha); + \endcode + + \sa wc_InitSha512_256 +*/ +void wc_Sha512_256Free(wc_Sha512* sha); + +/*! + \ingroup SHA + \brief Gets SHA512/256 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha512 sha; + byte hash[WC_SHA512_256_DIGEST_SIZE]; + int ret = wc_Sha512_256GetHash(&sha, hash); + \endcode + + \sa wc_Sha512_256Final +*/ +int wc_Sha512_256GetHash(wc_Sha512* sha512, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA512/256 context. + + \return 0 on success + \return negative on error + + \param src Source SHA512 structure + \param dst Destination SHA512 structure + + _Example_ + \code + wc_Sha512 src, dst; + int ret = wc_Sha512_256Copy(&src, &dst); + \endcode + + \sa wc_InitSha512_256 +*/ +int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst); + +/*! + \ingroup SHA + \brief Sets SHA512/256 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha512 sha; + int ret = wc_Sha512_256SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha512_256 +*/ +int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA512/256 flags. + + \return 0 on success + \return negative on error + + \param sha512 SHA512 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha512 sha; + word32 flags; + int ret = wc_Sha512_256GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha512_256SetFlags +*/ +int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags); + +/*! + \ingroup SHA + \brief Transforms SHA512/256 block. + + \return 0 on success + \return negative on error + + \param sha SHA512 structure + \param data Block data + + _Example_ + \code + wc_Sha512 sha; + unsigned char block[WC_SHA512_BLOCK_SIZE]; + int ret = wc_Sha512_256Transform(&sha, block); + \endcode + + \sa wc_Sha512_256Update +*/ +int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data); + +/*! + \ingroup SHA + \brief Initializes SHA384 with heap and device ID. + + \return 0 on success + \return negative on error + + \param sha SHA384 structure + \param heap Heap hint + \param devId Device ID + + _Example_ + \code + wc_Sha384 sha; + int ret = wc_InitSha384_ex(&sha, NULL, INVALID_DEVID); + \endcode + + \sa wc_InitSha384 +*/ +int wc_InitSha384_ex(wc_Sha384* sha, void* heap, int devId); + +/*! + \ingroup SHA + \brief Gets raw SHA384 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha384 SHA384 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha384 sha; + byte hash[WC_SHA384_DIGEST_SIZE]; + int ret = wc_Sha384FinalRaw(&sha, hash); + \endcode + + \sa wc_Sha384Final +*/ +int wc_Sha384FinalRaw(wc_Sha384* sha384, byte* hash); + +/*! + \ingroup SHA + \brief Frees SHA384 resources. + + \return none No returns + + \param sha SHA384 structure + + _Example_ + \code + wc_Sha384 sha; + wc_InitSha384(&sha); + wc_Sha384Free(&sha); + \endcode + + \sa wc_InitSha384 +*/ +void wc_Sha384Free(wc_Sha384* sha); + +/*! + \ingroup SHA + \brief Gets SHA384 hash without finalizing. + + \return 0 on success + \return negative on error + + \param sha384 SHA384 structure + \param hash Output hash buffer + + _Example_ + \code + wc_Sha384 sha; + byte hash[WC_SHA384_DIGEST_SIZE]; + int ret = wc_Sha384GetHash(&sha, hash); + \endcode + + \sa wc_Sha384Final +*/ +int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash); + +/*! + \ingroup SHA + \brief Copies SHA384 context. + + \return 0 on success + \return negative on error + + \param src Source SHA384 structure + \param dst Destination SHA384 structure + + _Example_ + \code + wc_Sha384 src, dst; + int ret = wc_Sha384Copy(&src, &dst); + \endcode + + \sa wc_InitSha384 +*/ +int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst); + +/*! + \ingroup SHA + \brief Grows SHA384 buffer with input data. + + \return 0 on success + \return negative on error + + \param sha384 SHA384 structure + \param in Input data + \param inSz Input size + + _Example_ + \code + wc_Sha384 sha; + byte data[100]; + int ret = wc_Sha384_Grow(&sha, data, sizeof(data)); + \endcode + + \sa wc_Sha384Update +*/ +int wc_Sha384_Grow(wc_Sha384* sha384, const byte* in, int inSz); + +/*! + \ingroup SHA + \brief Sets SHA384 flags. + + \return 0 on success + \return negative on error + + \param sha384 SHA384 structure + \param flags Flags to set + + _Example_ + \code + wc_Sha384 sha; + int ret = wc_Sha384SetFlags(&sha, WC_HASH_FLAG_WILLCOPY); + \endcode + + \sa wc_InitSha384 +*/ +int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags); + +/*! + \ingroup SHA + \brief Gets SHA384 flags. + + \return 0 on success + \return negative on error + + \param sha384 SHA384 structure + \param flags Pointer to store flags + + _Example_ + \code + wc_Sha384 sha; + word32 flags; + int ret = wc_Sha384GetFlags(&sha, &flags); + \endcode + + \sa wc_Sha384SetFlags +*/ +int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags); + +/*! + \ingroup SHA + \brief Transforms SHA384 block. + + \return 0 on success + \return negative on error + + \param sha SHA384 structure + \param data Block data + + _Example_ + \code + wc_Sha384 sha; + unsigned char block[WC_SHA384_BLOCK_SIZE]; + int ret = wc_Sha384Transform(&sha, block); + \endcode + + \sa wc_Sha384Update +*/ +int wc_Sha384Transform(wc_Sha384* sha, const unsigned char* data); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/signature.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/signature.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/signature.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/signature.h 2026-05-24 09:58:33.000000000 +0000 @@ -80,7 +80,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, const byte* sig, word32 sig_len, - const void* key, word32 key_len); + void* key, word32 key_len); /*! \ingroup Signature @@ -143,5 +143,208 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, + void* key, word32 key_len, WC_RNG* rng); + +/*! + \ingroup Signature + \brief This function verifies a signature using a pre-computed hash. + Unlike wc_SignatureVerify which hashes the data first, this function + takes the hash directly and verifies the signature against it. + If sig_type is WC_SIGNATURE_TYPE_RSA_W_ENC, hash data must be encoded + with wc_EncodeSignature prior to calling. + + \return 0 Success + \return SIG_TYPE_E Signature type not enabled/available + \return BAD_FUNC_ARG Bad function argument provided + \return BUFFER_E Output buffer too small or input too large + + \param hash_type A hash type from enum wc_HashType + \param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or + WC_SIGNATURE_TYPE_RSA + \param hash_data Pointer to buffer containing the hash to verify + \param hash_len Length of the hash buffer + \param sig Pointer to buffer containing the signature + \param sig_len Length of the signature buffer + \param key Pointer to a key structure such as ecc_key or RsaKey + \param key_len Size of the key structure + + _Example_ + \code + ecc_key eccKey; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + wc_ecc_init(&eccKey); + // import public key, signature, and pre-computed hash ... + int ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, + WC_SIGNATURE_TYPE_ECC, hash, + sizeof(hash), sig, sigLen, + &eccKey, sizeof(eccKey)); + if (ret == 0) { + // signature verified + } + \endcode + + \sa wc_SignatureVerify + \sa wc_SignatureGenerateHash +*/ +int wc_SignatureVerifyHash(enum wc_HashType hash_type, + enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + const byte* sig, word32 sig_len, + void* key, word32 key_len); + +/*! + \ingroup Signature + \brief This function generates a signature from a pre-computed hash. + Unlike wc_SignatureGenerate which hashes the data first, this + function takes the hash directly and signs it. + If sig_type is WC_SIGNATURE_TYPE_RSA_W_ENC, hash data must be encoded + with wc_EncodeSignature prior to calling. + + \return 0 Success + \return SIG_TYPE_E Signature type not enabled/available + \return BAD_FUNC_ARG Bad function argument provided + \return BUFFER_E Output buffer too small or input too large + + \param hash_type A hash type from enum wc_HashType + \param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or + WC_SIGNATURE_TYPE_RSA + \param hash_data Pointer to buffer containing the hash to sign + \param hash_len Length of the hash buffer + \param sig Pointer to buffer to output signature + \param sig_len Pointer to length of signature output buffer + \param key Pointer to a key structure such as ecc_key or RsaKey + \param key_len Size of the key structure + \param rng Pointer to an initialized RNG structure + + _Example_ + \code + WC_RNG rng; + ecc_key eccKey; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + wc_InitRng(&rng); + wc_ecc_init(&eccKey); + wc_ecc_make_key(&rng, 32, &eccKey); + // generate signature from pre-computed hash + int ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, + WC_SIGNATURE_TYPE_ECC, hash, + sizeof(hash), sig, &sigLen, + &eccKey, sizeof(eccKey), &rng); + \endcode + + \sa wc_SignatureGenerate + \sa wc_SignatureVerifyHash +*/ +int wc_SignatureGenerateHash(enum wc_HashType hash_type, + enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + byte* sig, word32 *sig_len, + void* key, word32 key_len, + WC_RNG* rng); + +/*! + \ingroup Signature + \brief This function generates a signature from a pre-computed hash + with extended options. This is similar to wc_SignatureGenerateHash + but allows optional verification of the signature after generation. + + \return 0 Success + \return SIG_TYPE_E Signature type not enabled/available + \return BAD_FUNC_ARG Bad function argument provided + \return BUFFER_E Output buffer too small or input too large + + \param hash_type A hash type from enum wc_HashType + \param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or + WC_SIGNATURE_TYPE_RSA + \param hash_data Pointer to buffer containing the hash to sign + \param hash_len Length of the hash buffer + \param sig Pointer to buffer to output signature + \param sig_len Pointer to length of signature output buffer + \param key Pointer to a key structure such as ecc_key or RsaKey + \param key_len Size of the key structure + \param rng Pointer to an initialized RNG structure + \param verify If non-zero, verify the signature after generation + + _Example_ + \code + WC_RNG rng; + ecc_key eccKey; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + wc_InitRng(&rng); + wc_ecc_init(&eccKey); + wc_ecc_make_key(&rng, 32, &eccKey); + int ret = wc_SignatureGenerateHash_ex(WC_HASH_TYPE_SHA256, + WC_SIGNATURE_TYPE_ECC, hash, + sizeof(hash), sig, &sigLen, + &eccKey, sizeof(eccKey), + &rng, 1); + \endcode + + \sa wc_SignatureGenerateHash + \sa wc_SignatureGenerate_ex +*/ +int wc_SignatureGenerateHash_ex(enum wc_HashType hash_type, + enum wc_SignatureType sig_type, + const byte* hash_data, word32 hash_len, + byte* sig, word32 *sig_len, + void* key, word32 key_len, + WC_RNG* rng, int verify); + +/*! + \ingroup Signature + \brief This function generates a signature from data with extended + options. This is similar to wc_SignatureGenerate but allows optional + verification of the signature after generation. + + \return 0 Success + \return SIG_TYPE_E Signature type not enabled/available + \return BAD_FUNC_ARG Bad function argument provided + \return BUFFER_E Output buffer too small or input too large + + \param hash_type A hash type from enum wc_HashType + \param sig_type A signature type such as WC_SIGNATURE_TYPE_ECC or + WC_SIGNATURE_TYPE_RSA + \param data Pointer to buffer containing the data to hash and sign + \param data_len Length of the data buffer + \param sig Pointer to buffer to output signature + \param sig_len Pointer to length of signature output buffer + \param key Pointer to a key structure such as ecc_key or RsaKey + \param key_len Size of the key structure + \param rng Pointer to an initialized RNG structure + \param verify If non-zero, verify the signature after generation + + _Example_ + \code + WC_RNG rng; + ecc_key eccKey; + byte data[]; // data to sign + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + wc_InitRng(&rng); + wc_ecc_init(&eccKey); + wc_ecc_make_key(&rng, 32, &eccKey); + int ret = wc_SignatureGenerate_ex(WC_HASH_TYPE_SHA256, + WC_SIGNATURE_TYPE_ECC, data, + sizeof(data), sig, &sigLen, + &eccKey, sizeof(eccKey), &rng, 1); + \endcode + + \sa wc_SignatureGenerate + \sa wc_SignatureGenerateHash_ex +*/ +int wc_SignatureGenerate_ex(enum wc_HashType hash_type, + enum wc_SignatureType sig_type, + const byte* data, word32 data_len, + byte* sig, word32 *sig_len, + void* key, word32 key_len, + WC_RNG* rng, int verify); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/srp.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/srp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/srp.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/srp.h 2026-05-24 09:58:33.000000000 +0000 @@ -34,6 +34,49 @@ /*! \ingroup SRP + \brief Initializes the Srp struct for usage with extended parameters. + This function is similar to wc_SrpInit but allows specification of a + custom heap hint and device ID for hardware acceleration. + + \return 0 on success. + \return BAD_FUNC_ARG Returns when there's an issue with the arguments + such as srp being null or SrpSide not being SRP_CLIENT_SIDE or + SRP_SERVER_SIDE. + \return NOT_COMPILED_IN Returns when a type is passed as an argument + but hasn't been configured in the wolfCrypt build. + \return <0 on error. + + \param srp the Srp structure to be initialized. + \param type the hash type to be used. + \param side the side of the communication. + \param heap pointer to heap hint for memory allocation (can be NULL). + \param devId device ID for hardware acceleration (use INVALID_DEVID + for software only). + + _Example_ + \code + Srp srp; + void* heap = NULL; + int devId = INVALID_DEVID; + + if (wc_SrpInit_ex(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE, heap, + devId) != 0) { + // Initialization error + } + else { + wc_SrpTerm(&srp); + } + \endcode + + \sa wc_SrpInit + \sa wc_SrpTerm + \sa wc_SrpSetUsername +*/ +int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, void* heap, + int devId); + +/*! + \ingroup SRP \brief Releases the Srp struct resources after usage. @@ -340,6 +383,8 @@ This function MUST be called after wc_SrpSetPassword or wc_SrpSetVerifier. The function wc_SrpSetPrivate may be called before wc_SrpGetPublic. + Caller must observe value of size upon return to know the actual size. + \return 0 Success \return BAD_FUNC_ARG Returned if srp, pub, or size is null. \return SRP_CALL_ORDER_E Returned if wc_SrpGetPublic is called out @@ -349,8 +394,8 @@ \param srp the Srp structure. \param pub the buffer to write the public ephemeral value. - \param size the the buffer size in bytes. Will be updated with - the ephemeral value size. + \param size IN: the buffer size in bytes. + OUT: Will be updated with the ephemeral value size. _Example_ \code @@ -369,7 +414,7 @@ wc_SrpSetPassword(&srp, password, passwordSize) byte public[64]; - word32 publicSz = 0; + word32 publicSz = sizeof(public); if( wc_SrpGetPublic(&srp, public, &publicSz) != 0) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/ssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -4,7 +4,7 @@ \return pointer This function returns a pointer to a new WOLFSSL_METHOD structure. - \param none No parameters. + \param heap pointer to a heap hint for memory allocation. _Example_ \code @@ -721,7 +721,7 @@ \sa wolfSSL_CTX_new \sa wolfSSL_CTX_dtls_set_export */ -int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, +int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz); @@ -1078,7 +1078,10 @@ decoding fails on the file. The key file is encrypted but no password is provided. - \param none No parameters. + \param ctx pointer to a WOLFSSL_CTX structure. + \param file path to the private key file. + \param format format of the key file (SSL_FILETYPE_PEM or + SSL_FILETYPE_ASN1). _Example_ \code @@ -1229,7 +1232,7 @@ \sa wolfSSL_use_certificate_chain_file */ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, - const char* path, unsigned int flags); + const char* path, word32 flags); /*! \ingroup CertsKeys @@ -1742,6 +1745,7 @@ \param method pointer to the desired WOLFSSL_METHOD to use for the SSL context. This is created using one of the wolfSSLvXX_XXXX_method() functions to specify SSL/TLS/DTLS protocol level. + This function frees the passed in WOLFSSL_METHOD struct on failure. _Example_ \code @@ -1888,7 +1892,8 @@ \return BAD_FUNC_ARG upon failure. \param ssl pointer to the SSL session, created with wolfSSL_new(). - \param fd file descriptor to use with SSL/TLS connection. + \param cb ClientHelloGoodCb callback function pointer. + \param user_ctx pointer to user context to be passed to callback. _Example_ \code @@ -2019,7 +2024,7 @@ \sa wolfSSL_set_read_fd \sa wolfSSL_set_write_fd */ -int wolfSSL_get_fd(const WOLFSSL*); +int wolfSSL_get_fd(const WOLFSSL* ssl); /*! \ingroup IO @@ -2046,7 +2051,7 @@ \sa wolfSSL_set_read_fd \sa wolfSSL_set_write_fd */ -int wolfSSL_get_wfd(const WOLFSSL*); +int wolfSSL_get_wfd(const WOLFSSL* ssl); /*! \ingroup Setup @@ -2316,7 +2321,7 @@ \sa wolfSSL_get_error \sa wolfSSL_connect */ -int wolfSSL_accept(WOLFSSL*); +int wolfSSL_accept(WOLFSSL* ssl); /*! \ingroup IO @@ -2382,7 +2387,7 @@ \sa wolfSSL_new \sa wolfSSL_free */ -void wolfSSL_CTX_free(WOLFSSL_CTX*); +void wolfSSL_CTX_free(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -2406,7 +2411,7 @@ \sa wolfSSL_new \sa wolfSSL_CTX_free */ -void wolfSSL_free(WOLFSSL*); +void wolfSSL_free(WOLFSSL* ssl); /*! \ingroup TLS @@ -2452,7 +2457,7 @@ \sa wolfSSL_free \sa wolfSSL_CTX_free */ -int wolfSSL_shutdown(WOLFSSL*); +int wolfSSL_shutdown(WOLFSSL* ssl); /*! \ingroup IO @@ -2830,7 +2835,7 @@ \return BAD_MUTEX_E returned if there was an unlock or lock mutex error. \return SSL_FAILURE returned if the function did not execute successfully. - \param idx an int type representing the session index. + \param index an int type representing the session index. \param session a pointer to the WOLFSSL_SESSION structure. _Example_ @@ -2847,7 +2852,7 @@ \sa LockMutex \sa wolfSSL_GetSessionIndex */ -int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session); +int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); /*! \ingroup IO @@ -3054,7 +3059,7 @@ \sa wolfSSL_read \sa wolfSSL_peek */ -int wolfSSL_pending(WOLFSSL*); +int wolfSSL_pending(WOLFSSL* ssl); /*! \ingroup Debug @@ -3786,7 +3791,7 @@ \sa wolfSSL_dtls_set_timeout_max \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout); /*! \brief This function sets the maximum dtls timeout. @@ -3814,7 +3819,7 @@ \sa wolfSSL_dtls_set_timeout_init \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout); /*! \brief When using non-blocking sockets with DTLS, this function should @@ -4208,7 +4213,7 @@ \sa wolfSSL_get_keys \sa wolfSSL_set_shutdown */ -int wolfSSL_is_init_finished(WOLFSSL* ssl); +int wolfSSL_is_init_finished(const WOLFSSL* ssl); /*! \ingroup IO @@ -4498,9 +4503,9 @@ \return SSL_SUCCESS(1) upon success. - \param bio WOLFSSL_BIO structure to set fd. + \param b WOLFSSL_BIO structure to set fd. \param fd file descriptor to use. - \param closeF flag for behavior when closing fd. + \param flag flag for behavior when closing fd. _Example_ \code @@ -4523,7 +4528,7 @@ \return SSL_SUCCESS(1) upon success. - \param bio WOLFSSL_BIO structure. + \param b WOLFSSL_BIO structure. \param flag flag for behavior when closing i/o stream. _Example_ @@ -4570,7 +4575,7 @@ \return SSL_SUCCESS On successfully setting the write buffer. \return SSL_FAILURE If an error case was encountered. - \param bio WOLFSSL_BIO structure to set fd. + \param b WOLFSSL_BIO structure to set write buffer size. \param size size of buffer to allocate. _Example_ @@ -4630,7 +4635,7 @@ \return SSL_SUCCESS On successfully setting value. \return SSL_FAILURE If an error case was encountered. - \param bio WOLFSSL_BIO structure to set read request flag. + \param b WOLFSSL_BIO structure to set read request flag. _Example_ \code @@ -4644,7 +4649,7 @@ \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem \sa wolfSSL_BIO_new, wolfSSL_BIO_free */ -int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *bio); +int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); /*! \ingroup IO @@ -4671,7 +4676,6 @@ \endcode \sa wolfSSL_BIO_new - \sa wolfSSL_BIO_nwrite0 */ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); @@ -4864,7 +4868,7 @@ value of 0). \param bio pointer to the WOLFSSL_BIO structure for getting memory pointer. - \param ptr structure that is currently a char*. Is set to point to + \param m pointer to WOLFSSL_BUF_MEM structure. Is set to point to bio’s memory. _Example_ @@ -4985,7 +4989,7 @@ structure is returned. \return 0 returned if there is not a valid x509 structure passed in. - \param cert a pointer to a WOLFSSL_X509 structure. + \param x509 a pointer to a WOLFSSL_X509 structure. _Example_ \code @@ -5004,7 +5008,7 @@ \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA */ -int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert); +int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); /*! \ingroup CertsKeys @@ -5046,7 +5050,7 @@ \return int an integer value is returned which was retrieved from the x509 object. - \param cert a pointer to a WOLFSSL_X509 structure. + \param x509 a pointer to a WOLFSSL_X509 structure. _Example_ \code @@ -5068,7 +5072,7 @@ \sa wolfSSL_X509_notAfter \sa wolfSSL_X509_free */ -int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert); +int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); /*! \brief This function frees a WOLFSSL_X509 structure. @@ -5138,7 +5142,7 @@ \return SSL_SUCCESS If certificate is added successfully. \return SSL_FATAL_ERROR: If certificate is not added successfully. - \param str certificate store to add the certificate to. + \param store certificate store to add the certificate to. \param x509 certificate to add. _Example_ @@ -5712,7 +5716,7 @@ \return val Returns the mask value stored in ssl. - \param ssl WOLFSSL structure to get options mask from. + \param s WOLFSSL structure to get options mask from. _Example_ \code @@ -5726,7 +5730,7 @@ \sa wolfSSL_free \sa wolfSSL_set_options */ -long wolfSSL_get_options(const WOLFSSL *ssl); +long wolfSSL_get_options(const WOLFSSL *s); /*! \ingroup Setup @@ -5736,7 +5740,7 @@ \return SSL_SUCCESS On successful setting argument. \return SSL_FAILURE If an NULL ssl passed in. - \param ssl WOLFSSL structure to set argument in. + \param s WOLFSSL structure to set argument in. \param arg argument to use. _Example_ @@ -5752,7 +5756,7 @@ \sa wolfSSL_new \sa wolfSSL_free */ -long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg); +long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); /*! \ingroup openSSL @@ -5950,7 +5954,7 @@ \sa wolfSSL_set_psk_server_callback */ void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, - wc_psk_client_callback); + wc_psk_client_callback cb); /*! \ingroup CertsKeys @@ -6244,7 +6248,7 @@ \sa none */ -int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); +int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -6368,7 +6372,7 @@ \sa wolfSSL_want_write \sa wolfSSL_get_error */ -int wolfSSL_want_read(WOLFSSL*); +int wolfSSL_want_read(WOLFSSL* ssl); /*! \ingroup Debug @@ -6398,7 +6402,7 @@ \sa wolfSSL_want_read \sa wolfSSL_get_error */ -int wolfSSL_want_write(WOLFSSL*); +int wolfSSL_want_write(WOLFSSL* ssl); /*! \ingroup Setup @@ -6433,6 +6437,37 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); /*! + \ingroup Setup + + \brief Calling this function before wolfSSL_connect() or wolfSSL_accept() + adds an IP-address identity check against the peer certificate SAN + iPAddress entries. + + \return SSL_SUCCESS upon success. + \return SSL_FAILURE if parameters are invalid or memory allocation fails. + + \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ipaddr NULL-terminated ASCII IP address string to verify against the + peer certificate. + + _Example_ + \code + int ret = 0; + WOLFSSL* ssl; + const char* ip = "127.0.0.1"; + ... + + ret = wolfSSL_check_ip_address(ssl, ip); + if (ret != SSL_SUCCESS) { + // failed to enable IP check + } + \endcode + + \sa wolfSSL_check_domain_name +*/ +int wolfSSL_check_ip_address(WOLFSSL* ssl, const char* ipaddr); + +/*! \ingroup TLS \brief Initializes the wolfSSL library for use. Must be called once per @@ -6959,7 +6994,7 @@ \return 0 returned if the x509 structure is NULL. \return version the version stored in the x509 structure will be returned. - \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param x509 a pointer to a WOLFSSL_X509 structure. _Example_ \code @@ -6977,7 +7012,7 @@ \sa wolfSSL_X509_get_isCA \sa wolfSSL_get_peer_certificate */ -int wolfSSL_X509_version(WOLFSSL_X509*); +int wolfSSL_X509_version(WOLFSSL_X509* x509); /*! \ingroup CertsKeys @@ -7615,7 +7650,8 @@ \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if the keySz_bits is greater than 16,000 or not divisible by 8. - \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx a pointer to a WOLFSSL_CTX structure, created using + wolfSSL_CTX_new(). \param keySz_bits a word16 type used to set the minimum DH key size in bits. The WOLFSSL_CTX struct holds this information in the minDhKeySz member. @@ -7632,7 +7668,7 @@ \sa wolfSSL_GetDhKey_Sz \sa wolfSSL_CTX_SetTMpDH_file */ -int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16); +int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits); /*! \ingroup CertsKeys @@ -7673,7 +7709,8 @@ \return BAD_FUNC_ARG returned if the WOLFSSL_CTX struct is NULL or if the keySz_bits is greater than 16,000 or not divisible by 8. - \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx a pointer to a WOLFSSL_CTX structure, created using + wolfSSL_CTX_new(). \param keySz_bits a word16 type used to set the maximum DH key size in bits. The WOLFSSL_CTX struct holds this information in the maxDhKeySz member. @@ -7754,7 +7791,7 @@ \sa wolfSSL_SetTmpDH \sa wolfSSL_CTX_SetTmpDH_file */ -int wolfSSL_GetDhKey_Sz(WOLFSSL*); +int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -7844,7 +7881,7 @@ \sa wolfSSL_SetMinEccKey_Sz */ -int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz); +int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz); /*! \ingroup CertsKeys @@ -7985,7 +8022,7 @@ \sa LockMutex \sa UnlockMutex */ -int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); +int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx); /*! @@ -8049,7 +8086,7 @@ \sa wolfSSL_CTX_trust_peer_buffer \sa wolfSSL_CTX_trust_peer_cert */ -int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); +int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -8581,7 +8618,7 @@ \sa wolfSSL_CTX_UnloadCAs */ -int wolfSSL_UnloadCertsKeys(WOLFSSL*); +int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl); /*! \ingroup Setup @@ -8606,7 +8643,7 @@ \sa wolfSSL_set_group_messages \sa wolfSSL_CTX_new */ -int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); +int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx); /*! \ingroup Setup @@ -8631,7 +8668,7 @@ \sa wolfSSL_CTX_set_group_messages \sa wolfSSL_new */ -int wolfSSL_set_group_messages(WOLFSSL*); +int wolfSSL_set_group_messages(WOLFSSL* ssl); /*! \brief This function sets the fuzzer callback. @@ -8695,8 +8732,8 @@ \sa wc_RNG_GenerateBlock */ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, - const unsigned char* secret, - unsigned int secretSz); + const byte* secret, + word32 secretSz); /*! \brief This function retrieves the random number. @@ -8850,7 +8887,7 @@ \sa wolfSSL_GetOutputSize */ -int wolfSSL_GetMaxOutputSize(WOLFSSL*); +int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl); /*! \ingroup Setup @@ -8900,7 +8937,8 @@ \return none No return. - \param No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for Mac/Encrypt. _Example_ \code @@ -8910,7 +8948,7 @@ \sa wolfSSL_SetMacEncryptCtx \sa wolfSSL_GetMacEncryptCtx */ -void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb); +void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb); /*! \brief Allows caller to set the Atomic User Record Processing Mac/Encrypt @@ -8918,7 +8956,8 @@ \return none No return. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -8939,7 +8978,7 @@ to the context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -8965,7 +9004,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for Decrypt/Verify. _Example_ \code @@ -8984,7 +9024,8 @@ \return none No returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9005,7 +9046,7 @@ context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9127,7 +9168,7 @@ \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetKeySize(WOLFSSL*); +int wolfSSL_GetKeySize(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -9157,7 +9198,7 @@ \sa wolfSSL_GetClientWriteIV \sa wolfSSL_GetServerWriteIV */ -int wolfSSL_GetIVSize(WOLFSSL*); +int wolfSSL_GetIVSize(WOLFSSL* ssl); /*! \brief Allows retrieval of the side of this WOLFSSL connection. @@ -9177,7 +9218,7 @@ \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetSide(WOLFSSL*); +int wolfSSL_GetSide(WOLFSSL* ssl); /*! \brief Allows caller to determine if the negotiated protocol version @@ -9196,7 +9237,7 @@ \sa wolfSSL_GetSide */ -int wolfSSL_IsTLSv1_1(WOLFSSL*); +int wolfSSL_IsTLSv1_1(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated bulk cipher algorithm @@ -9217,7 +9258,7 @@ \sa wolfSSL_GetCipherBlockSize \sa wolfSSL_GetKeySize */ -int wolfSSL_GetBulkCipher(WOLFSSL*); +int wolfSSL_GetBulkCipher(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated cipher block size from @@ -9237,7 +9278,7 @@ \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetCipherBlockSize(WOLFSSL*); +int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated aead mac size from the @@ -9257,7 +9298,7 @@ \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetAeadMacSize(WOLFSSL*); +int wolfSSL_GetAeadMacSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated (h)mac size from the @@ -9277,7 +9318,7 @@ \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetHmacSize(WOLFSSL*); +int wolfSSL_GetHmacSize(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated (h)mac type from the @@ -9298,7 +9339,7 @@ \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacSize */ -int wolfSSL_GetHmacType(WOLFSSL*); +int wolfSSL_GetHmacType(WOLFSSL* ssl); /*! \brief Allows caller to determine the negotiated cipher type @@ -9318,7 +9359,7 @@ \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetCipherType(WOLFSSL*); +int wolfSSL_GetCipherType(WOLFSSL* ssl); /*! \brief Allows caller to set the Hmac Inner vector for message @@ -9358,7 +9399,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for ECC signing. _Example_ \code @@ -9464,7 +9506,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for ECC verification. _Example_ \code @@ -9482,7 +9525,8 @@ \return none No returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9502,7 +9546,7 @@ context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9528,7 +9572,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for RSA signing. _Example_ \code @@ -9546,7 +9591,8 @@ \return none No Returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9566,8 +9612,7 @@ context. \return NULL will be returned for a blank context. - \param none No parameters. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9591,7 +9636,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for RSA verification. \sa wolfSSL_SetRsaVerifyCtx \sa wolfSSL_GetRsaVerifyCtx @@ -9604,7 +9650,8 @@ \return none No returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9624,7 +9671,7 @@ the context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9650,7 +9697,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for RSA public encrypt. _Examples_ \code @@ -9668,7 +9716,8 @@ \return none No returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9688,7 +9737,7 @@ to the context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9713,7 +9762,8 @@ \return none No returns. - \param none No parameters. + \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). + \param cb callback function to register for RSA private decrypt. _Example_ \code @@ -9731,7 +9781,8 @@ \return none No returns. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx pointer to the user context to be stored. _Example_ \code @@ -9751,7 +9802,7 @@ to the context. \return NULL will be returned for a blank context. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). _Example_ \code @@ -9772,7 +9823,7 @@ \return none No return. \param ctx pointer to the SSL context, created with wolfSSL_CTX_new(). - \param callback function to be registered as the CA callback for the + \param cb function to be registered as the CA callback for the wolfSSL context, ctx. The signature of this function must follow that as shown above in the Synopsis section. @@ -9807,7 +9858,7 @@ WOLFSSL_CERT_MANAGER pointer. \return NULL will be returned for an error state. - \param none No parameters. + \param heap pointer to a heap hint for memory allocation. \sa wolfSSL_CertManagerFree */ @@ -9861,7 +9912,7 @@ \sa wolfSSL_CertManagerNew */ -void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); +void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -9941,7 +9992,8 @@ \sa cm_pick_method */ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm, - const unsigned char* in, long sz, int format); + const unsigned char* buff, long sz, + int format); /*! \ingroup CertManager @@ -10198,7 +10250,7 @@ \sa InitDecodedCert */ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager @@ -10273,7 +10325,7 @@ \sa wolfSSL_CertManagerEnableCRL */ -int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -10533,7 +10585,7 @@ \sa CheckCertOCSP */ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager @@ -10578,7 +10630,7 @@ crlEnabled member of the WOLFSSL_CERT_MANAGER structure. \return BAD_FUNC_ARG the WOLFSSL structure was NULL. - \param ssl - a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param cm a pointer to a WOLFSSL_CERT_MANAGER structure. _Example_ \code @@ -10594,7 +10646,7 @@ \sa wolfSSL_DisableCRL */ -int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager @@ -10871,7 +10923,7 @@ \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_DisableOCSP(WOLFSSL*); +int wolfSSL_DisableOCSP(WOLFSSL* ssl); /*! \brief This function sets the ocspOverrideURL member in the @@ -10960,7 +11012,9 @@ WOLFSSL_CERT_MANAGER fails to initialize correctly. \return NOT_COMPILED_IN wolfSSL was not compiled with the HAVE_CRL option. - \param ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param ctx a pointer to a WOLFSSL_CTX structure, created using + wolfSSL_CTX_new(). + \param options option flags for enabling CRL. _Example_ \code @@ -11131,7 +11185,7 @@ \sa wolfSSL_DisableOCSP \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); +int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx); /*! \brief This function manually sets the URL for OCSP to use. By default, @@ -11226,7 +11280,7 @@ \sa wolfSSL_CertManagerEnableOCSPStapling \sa InitOCSP */ -int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx); /*! \ingroup CertsKeys @@ -11252,7 +11306,7 @@ \sa wolfSSL_FreeArrays */ -void wolfSSL_KeepArrays(WOLFSSL*); +void wolfSSL_KeepArrays(WOLFSSL* ssl); /*! \ingroup CertsKeys @@ -11277,7 +11331,7 @@ \sa wolfSSL_KeepArrays */ -void wolfSSL_FreeArrays(WOLFSSL*); +void wolfSSL_FreeArrays(WOLFSSL* ssl); /*! \brief This function enables the use of Server Name Indication in the SSL @@ -12379,7 +12433,7 @@ \sa wolfSSL_CTX_set_TicketEncCtx */ int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, - SessionTicketEncCb); + SessionTicketEncCb cb); /*! \brief This function sets the session ticket hint relayed to the client. @@ -12399,7 +12453,7 @@ \sa wolfSSL_CTX_set_TicketEncCb */ -int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); +int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint); /*! \brief This function sets the session ticket encrypt user context for the @@ -12420,7 +12474,7 @@ \sa wolfSSL_CTX_set_TicketEncCb */ -int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); +int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx); /*! \brief This function gets the session ticket encrypt user context for the @@ -12649,7 +12703,10 @@ \return SSL_FATAL_ERROR will be returned if the underlying SSL_connect() call encountered an error. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param hsCb HandShake Callback function pointer. + \param toCb Timeout Callback function pointer. + \param timeout timeout value to use with the Timeout Callback. _Example_ \code @@ -12681,7 +12738,10 @@ \return SSL_FATAL_ERROR will be returned if the underlying SSL_accept() call encountered an error. - \param none No parameters. + \param ssl pointer to a WOLFSSL structure, created using wolfSSL_new(). + \param hsCb HandShake Callback function pointer. + \param toCb Timeout Callback function pointer. + \param timeout timeout value to use with the Timeout Callback. _Example_ \code @@ -12690,7 +12750,7 @@ \sa wolfSSL_connect_ex */ -int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb, +int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); /*! @@ -12785,9 +12845,9 @@ \return >= 0 If successful the extension index is returned. \return -1 If extension is not found or error is encountered. - \param x509 certificate to get parse through for extension. + \param x certificate to get parse through for extension. \param nid extension OID to be found. - \param lastPos start search from extension after lastPos. + \param lastpos start search from extension after lastpos. Set to -1 initially. _Example_ @@ -12800,8 +12860,7 @@ \endcode */ -int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, - int nid, int lastPos); +int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); /*! \ingroup CertsKeys @@ -12918,8 +12977,8 @@ \sa wolfSSL_new \sa wolfSSL_free */ -int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, - int derSz); +int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, + int derSz); /*! \ingroup CertsKeys @@ -12980,7 +13039,7 @@ \sa wolfSSL_use_PrivateKey */ int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, - unsigned char* der, long derSz); + const unsigned char* der, long derSz); /*! \ingroup CertsKeys @@ -14071,7 +14130,7 @@ \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list); +int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list); /*! \ingroup Setup @@ -14109,7 +14168,7 @@ \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list); +int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list); /*! \ingroup TLS @@ -14284,7 +14343,7 @@ \sa wolfSSL_accept_TLSv13 \sa wolfSSL_accept */ -int wolfSSL_connect_TLSv13(WOLFSSL*); +int wolfSSL_connect_TLSv13(WOLFSSL* ssl); /*! \ingroup IO @@ -14419,8 +14478,7 @@ \ingroup IO \brief This function writes early data to the server on resumption. - Call this function instead of wolfSSL_connect() or wolfSSL_connect_TLSv13() - to connect to the server and send the data in the handshake. + Call this function before wolfSSL_connect() or wolfSSL_connect_TLSv13(). This function is only used with clients. \param [in,out] ssl a pointer to a WOLFSSL structure, created using wolfSSL_new(). @@ -14431,8 +14489,10 @@ \return BAD_FUNC_ARG if a pointer parameter is NULL, sz is less than 0 or not using TLSv1.3. \return SIDE_ERROR if called with a server. + \return BAD_STATE_E if invoked without a valid session or without a valid + PSK cb \return WOLFSSL_FATAL_ERROR if the connection is not made. - \return WOLFSSL_SUCCESS if successful. + \return the amount of early data written in bytes if successful. _Example_ \code @@ -14445,7 +14505,7 @@ ... ret = wolfSSL_write_early_data(ssl, earlyData, sizeof(earlyData), &outSz); - if (ret != WOLFSSL_SUCCESS) { + if (ret < 0) { err = wolfSSL_get_error(ssl, ret); printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); goto err_label; @@ -15023,8 +15083,8 @@ \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and RSA_PKCS1_PADDING are currently supported for signing. */ -int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, +int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, int padding); /*! @@ -15061,13 +15121,26 @@ - wolfSSL_SESSION_get_ex_new_index - wolfSSL_X509_get_ex_new_index - \param [in] All input parameters are ignored. The callback functions are not - supported with wolfSSL. + \param [in] class_index Identifier for the object class the external data + index applies to. Ignored by wolfSSL. + \param [in] argl Optional long argument passed through for compatibility. + Ignored by wolfSSL. + \param [in] argp Optional pointer argument passed through for compatibility. + Ignored by wolfSSL. + \param [in] new_func Pointer to an external data constructor callback. + Ignored by wolfSSL. + \param [in] dup_func Pointer to an external data duplicate callback. + Ignored by wolfSSL. + \param [in] free_func Pointer to an external data destructor callback. + Ignored by wolfSSL. \return The new index value to be used with the external data API for this object class. - */ -int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*); +*/ +int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); /*! \ingroup Setup @@ -15826,11 +15899,12 @@ ciphersuites and signature algorithms. \param [in] ssl The WOLFSSL object to extract the lists from. - \param [out] optional suites Raw and unfiltered list of client ciphersuites - \param [out] optional suiteSz Size of suites in bytes - \param [out] optional hashSigAlgo Raw and unfiltered list of client - signature algorithms - \param [out] optional hashSigAlgoSz Size of hashSigAlgo in bytes + \param [out] suites Raw and unfiltered list of client ciphersuites. + May be NULL if no suites are available. + \param [out] suiteSz Size of suites in bytes. + \param [out] hashSigAlgo Raw and unfiltered list of client signature + algorithms. May be NULL if not provided. + \param [out] hashSigAlgoSz Size of hashSigAlgo in bytes. \return WOLFSSL_SUCCESS when suites available \return WOLFSSL_FAILURE when suites not available @@ -15923,3 +15997,118 @@ */ int wolfSSL_get_sigalg_info(byte first, byte second, int* hashAlgo, int* sigAlgo); + +/*! + \brief This function will set the password callback in the provided CTX. + This callback is used when loading an encrypted cert or key which requires + a password. + + \param ctx a pointer to a WOLFSSL_CTX structure, created with + wolfSSL_CTX_new(). + \param cb a function pointer to (*wc_pem_password_cb) that is set to the + passwd_cb member of the WOLFSSL_CTX. + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + int PasswordCallBack(char* passwd, int sz, int rw, void* userdata) { + + } + … + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + \endcode + + \sa wolfSSL_CTX_set_default_passwd_cb_userdata +*/ +void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx, + wc_pem_password_cb* cb); + +/*! + \brief This function will set the userdata argument to the passwd_userdata + member of the WOLFSSL_CTX structure. + This member is passed into the CTX's password callback when called. + + \param ctx a pointer to a WOLFSSL_CTX structure, created with + wolfSSL_CTX_new(). + \param userdata a pointer to userdata which is passed into the + password callback. + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + int data; + … + wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&data); + \endcode + + \sa wolfSSL_CTX_set_default_passwd_cb +*/ +void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, + void* userdata); + +/*! + \ingroup Setup + + \brief Gets the state of the secure renegotiation (SCR) check requirement. + + This function returns whether the client requires the server to acknowledge + the secure renegotiation extension and enable secure renegotiation when + sending it from the client. When enabled, the client will generate a fatal + handshake_failure alert if the server does not acknowledge the extension + in the ServerHello message, as required by RFC 9325. + + \return 1 if the SCR check is enabled. + \return 0 if the SCR check is disabled. + \return BAD_FUNC_ARG if ssl is NULL. + + \param ssl Pointer to the WOLFSSL structure, created with wolfSSL_new(). + + _Example_ + \code + WOLFSSL* ssl; + int enabled; + + ssl = wolfSSL_new(ctx); + enabled = wolfSSL_get_scr_check_enabled(ssl); + if (enabled) { + // SCR check is enabled + } + \endcode + + \sa wolfSSL_set_scr_check_enabled +*/ +int wolfSSL_get_scr_check_enabled(const WOLFSSL* ssl); + +/*! + \ingroup Setup + + \brief Sets the state of the secure renegotiation (SCR) check requirement. + + This function enables or disables the requirement for the server to + acknowledge the secure renegotiation extension and enable secure + renegotiation when sending it from the client. When enabled, the client + will generate a fatal handshake_failure alert if the server does not + acknowledge the extension in the ServerHello message, as required by + RFC 9325. + + \return WOLFSSL_SUCCESS on success. + \return BAD_FUNC_ARG if ssl is NULL. + + \param ssl Pointer to the WOLFSSL structure, created with wolfSSL_new(). + \param enabled Non-zero to enable the SCR check, zero to disable it. + + _Example_ + \code + WOLFSSL* ssl; + int ret; + + ssl = wolfSSL_new(ctx); + ret = wolfSSL_set_scr_check_enabled(ssl, 1); + if (ret != WOLFSSL_SUCCESS) { + // Error setting SCR check + } + \endcode + + \sa wolfSSL_get_scr_check_enabled +*/ +int wolfSSL_set_scr_check_enabled(WOLFSSL* ssl, byte enabled); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/types.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/types.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/types.h 2026-05-24 09:58:33.000000000 +0000 @@ -170,3 +170,301 @@ \sa CheckRunTimeFastMath */ word32 CheckRunTimeSettings(void); + +/*! + \ingroup String + \brief Thread-safe string tokenization. + + \return Pointer to next token or NULL + + \param str String to tokenize (NULL for continuation) + \param delim Delimiter characters + \param nextp Pointer to save position + + _Example_ + \code + char str[] = "one,two,three"; + char* saveptr; + char* token = wc_strtok(str, ",", &saveptr); + \endcode + + \sa wc_strsep +*/ +char* wc_strtok(char *str, const char *delim, char **nextp); + +/*! + \ingroup String + \brief Separates string by delimiter. + + \return Pointer to token or NULL + + \param stringp Pointer to string pointer + \param delim Delimiter characters + + _Example_ + \code + char str[] = "one,two,three"; + char* ptr = str; + char* token = wc_strsep(&ptr, ","); + \endcode + + \sa wc_strtok +*/ +char* wc_strsep(char **stringp, const char *delim); + +/*! + \ingroup String + \brief Safely copies string with size limit. + + \return Length of source string + + \param dst Destination buffer + \param src Source string + \param dstSize Destination buffer size + + _Example_ + \code + char dst[10]; + size_t len = wc_strlcpy(dst, "hello", sizeof(dst)); + \endcode + + \sa wc_strlcat +*/ +size_t wc_strlcpy(char *dst, const char *src, size_t dstSize); + +/*! + \ingroup String + \brief Safely concatenates strings with size limit. + + \return Total length attempted + + \param dst Destination buffer + \param src Source string + \param dstSize Destination buffer size + + _Example_ + \code + char dst[20] = "hello"; + size_t len = wc_strlcat(dst, " world", sizeof(dst)); + \endcode + + \sa wc_strlcpy +*/ +size_t wc_strlcat(char *dst, const char *src, size_t dstSize); + +/*! + \ingroup String + \brief Case-insensitive string comparison. + + \return 0 if equal, non-zero otherwise + + \param s1 First string + \param s2 Second string + + _Example_ + \code + if (wc_strcasecmp("Hello", "hello") == 0) { + // strings are equal + } + \endcode + + \sa wc_strncasecmp +*/ +int wc_strcasecmp(const char *s1, const char *s2); + +/*! + \ingroup String + \brief Case-insensitive string comparison with length limit. + + \return 0 if equal, non-zero otherwise + + \param s1 First string + \param s2 Second string + \param n Maximum characters to compare + + _Example_ + \code + if (wc_strncasecmp("Hello", "hello", 5) == 0) { + // strings are equal + } + \endcode + + \sa wc_strcasecmp +*/ +int wc_strncasecmp(const char *s1, const char *s2, size_t n); + +/*! + \ingroup Threading + \brief Creates a new thread. + + \return 0 on success + \return negative on error + + \param thread Thread handle pointer + \param cb Thread callback function + \param arg Argument to pass to callback + + _Example_ + \code + THREAD_TYPE thread; + int ret = wolfSSL_NewThread(&thread, myCallback, NULL); + \endcode + + \sa wolfSSL_JoinThread +*/ +int wolfSSL_NewThread(THREAD_TYPE* thread, THREAD_CB cb, void* arg); + +/*! + \ingroup Threading + \brief Creates a detached thread. + + \return 0 on success + \return negative on error + + \param cb Thread callback function + \param arg Argument to pass to callback + + _Example_ + \code + int ret = wolfSSL_NewThreadNoJoin(myCallback, NULL); + \endcode + + \sa wolfSSL_NewThread +*/ +int wolfSSL_NewThreadNoJoin(THREAD_CB_NOJOIN cb, void* arg); + +/*! + \ingroup Threading + \brief Waits for thread to complete. + + \return 0 on success + \return negative on error + + \param thread Thread handle + + _Example_ + \code + THREAD_TYPE thread; + wolfSSL_NewThread(&thread, myCallback, NULL); + int ret = wolfSSL_JoinThread(thread); + \endcode + + \sa wolfSSL_NewThread +*/ +int wolfSSL_JoinThread(THREAD_TYPE thread); + +/*! + \ingroup Threading + \brief Initializes condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + int ret = wolfSSL_CondInit(&cond); + \endcode + + \sa wolfSSL_CondFree +*/ +int wolfSSL_CondInit(COND_TYPE* cond); + +/*! + \ingroup Threading + \brief Frees condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + wolfSSL_CondInit(&cond); + int ret = wolfSSL_CondFree(&cond); + \endcode + + \sa wolfSSL_CondInit +*/ +int wolfSSL_CondFree(COND_TYPE* cond); + +/*! + \ingroup Threading + \brief Signals condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + int ret = wolfSSL_CondSignal(&cond); + \endcode + + \sa wolfSSL_CondWait +*/ +int wolfSSL_CondSignal(COND_TYPE* cond); + +/*! + \ingroup Threading + \brief Waits on condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + int ret = wolfSSL_CondWait(&cond); + \endcode + + \sa wolfSSL_CondSignal +*/ +int wolfSSL_CondWait(COND_TYPE* cond); + +/*! + \ingroup Threading + \brief Starts condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + int ret = wolfSSL_CondStart(&cond); + \endcode + + \sa wolfSSL_CondEnd +*/ +int wolfSSL_CondStart(COND_TYPE* cond); + +/*! + \ingroup Threading + \brief Ends condition variable. + + \return 0 on success + \return negative on error + + \param cond Condition variable pointer + + _Example_ + \code + COND_TYPE cond; + wolfSSL_CondStart(&cond); + int ret = wolfSSL_CondEnd(&cond); + \endcode + + \sa wolfSSL_CondStart +*/ +int wolfSSL_CondEnd(COND_TYPE* cond); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_encrypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_encrypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_encrypt.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_encrypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -210,3 +210,124 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, const byte* key, const byte* iv); + +/*! + \ingroup AES + \brief This function encrypts a plaintext message and stores the + result in the output buffer. It uses AES encryption with cipher + block chaining (CBC) mode. This function does not require an AES + structure to be initialized. Instead, it takes in a key and an iv + and uses these to encrypt the message. + + \return 0 On successfully encrypting the message + \return BAD_ALIGN_E Returned on block align error + \return BAD_FUNC_ARG Returned if key length is invalid + \return MEMORY_E Returned if WOLFSSL_SMALL_STACK is enabled and + XMALLOC fails to instantiate an AES object + + \param out pointer to the output buffer in which to store the + ciphertext of the encrypted message + \param in pointer to the input buffer containing plaintext to + encrypt + \param inSz size of input message + \param key 16, 24, or 32 byte secret key for encryption + \param keySz size of key used for encryption + \param iv pointer to the 16 byte initialization vector to use + + _Example_ + \code + byte key[]; // 16, 24, or 32 byte key + byte iv[]; // 16 byte iv + byte plain[]; // plaintext to encrypt + byte cipher[sizeof(plain)]; + + int ret = wc_AesCbcEncryptWithKey(cipher, plain, sizeof(plain), + key, sizeof(key), iv); + if (ret != 0) { + // encryption error + } + \endcode + + \sa wc_AesCbcDecryptWithKey + \sa wc_AesSetKey + \sa wc_AesCbcEncrypt +*/ +int wc_AesCbcEncryptWithKey(byte* out, const byte* in, word32 inSz, + const byte* key, word32 keySz, + const byte* iv); + +/*! + \ingroup Crypto + \brief This function decrypts an encrypted key buffer using the + provided password. It supports various encryption algorithms + including DES, 3DES, and AES. The encryption information is + provided in the EncryptedInfo structure. + + \return Length of decrypted key on success + \return Negative value on error + + \param info pointer to EncryptedInfo structure containing encryption + algorithm and parameters + \param der pointer to the encrypted key buffer + \param derSz size of the encrypted key buffer + \param password pointer to the password buffer + \param passwordSz size of the password + \param hashType hash algorithm to use for key derivation + + _Example_ + \code + EncryptedInfo info; + byte encryptedKey[]; // encrypted key data + byte password[] = "mypassword"; + + int ret = wc_BufferKeyDecrypt(&info, encryptedKey, + sizeof(encryptedKey), password, + sizeof(password)-1, WC_SHA256); + if (ret < 0) { + // decryption error + } + \endcode + + \sa wc_BufferKeyEncrypt +*/ +int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, + word32 derSz, const byte* password, + int passwordSz, int hashType); + +/*! + \ingroup Crypto + \brief This function encrypts a key buffer using the provided + password. It supports various encryption algorithms including DES, + 3DES, and AES. The encryption information is provided in the + EncryptedInfo structure. + + \return Length of encrypted key on success + \return Negative value on error + + \param info pointer to EncryptedInfo structure containing encryption + algorithm and parameters + \param der pointer to the key buffer to encrypt + \param derSz size of the key buffer + \param password pointer to the password buffer + \param passwordSz size of the password + \param hashType hash algorithm to use for key derivation + + _Example_ + \code + EncryptedInfo info; + byte key[]; // key data to encrypt + byte password[] = "mypassword"; + + info.algo = AES256CBCb; + int ret = wc_BufferKeyEncrypt(&info, key, sizeof(key), password, + sizeof(password)-1, WC_SHA256); + if (ret < 0) { + // encryption error + } + \endcode + + \sa wc_BufferKeyDecrypt +*/ +int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, + word32 derSz, const byte* password, + int passwordSz, int hashType); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_port.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wc_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -41,3 +41,696 @@ \sa wolfCrypt_Init */ int wolfCrypt_Cleanup(void); + +/*! + \ingroup Atomic + \brief Initializes atomic integer. + + \return none No returns + + \param c Atomic integer pointer + \param i Initial value + + _Example_ + \code + wolfSSL_Atomic_Int counter; + wolfSSL_Atomic_Int_Init(&counter, 0); + \endcode + + \sa wolfSSL_Atomic_Int_FetchAdd +*/ +void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); + +/*! + \ingroup Atomic + \brief Initializes atomic unsigned integer. + + \return none No returns + + \param c Atomic unsigned integer pointer + \param i Initial value + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + wolfSSL_Atomic_Uint_Init(&counter, 0); + \endcode + + \sa wolfSSL_Atomic_Uint_FetchAdd +*/ +void wolfSSL_Atomic_Uint_Init(wolfSSL_Atomic_Uint* c, unsigned int i); + +/*! + \ingroup Atomic + \brief Atomically adds to integer and returns old value. + + \return Old value before addition + + \param c Atomic integer pointer + \param i Value to add + + _Example_ + \code + wolfSSL_Atomic_Int counter; + int old = wolfSSL_Atomic_Int_FetchAdd(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Int_AddFetch +*/ +int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); + +/*! + \ingroup Atomic + \brief Atomically subtracts from integer and returns old value. + + \return Old value before subtraction + + \param c Atomic integer pointer + \param i Value to subtract + + _Example_ + \code + wolfSSL_Atomic_Int counter; + int old = wolfSSL_Atomic_Int_FetchSub(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Int_SubFetch +*/ +int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); + +/*! + \ingroup Atomic + \brief Atomically adds to integer and returns new value. + + \return New value after addition + + \param c Atomic integer pointer + \param i Value to add + + _Example_ + \code + wolfSSL_Atomic_Int counter; + int new_val = wolfSSL_Atomic_Int_AddFetch(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Int_FetchAdd +*/ +int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i); + +/*! + \ingroup Atomic + \brief Atomically subtracts from integer and returns new value. + + \return New value after subtraction + + \param c Atomic integer pointer + \param i Value to subtract + + _Example_ + \code + wolfSSL_Atomic_Int counter; + int new_val = wolfSSL_Atomic_Int_SubFetch(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Int_FetchSub +*/ +int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i); + +/*! + \ingroup Atomic + \brief Atomically compares and exchanges integer. + + \return 1 if exchange occurred, 0 otherwise + + \param c Atomic integer pointer + \param expected_i Pointer to expected value + \param new_i New value to set + + _Example_ + \code + wolfSSL_Atomic_Int counter; + int expected = 0; + int ret = wolfSSL_Atomic_Int_CompareExchange(&counter, &expected, 1); + \endcode + + \sa wolfSSL_Atomic_Int_FetchAdd +*/ +int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, + int *expected_i, int new_i); + +/*! + \ingroup Atomic + \brief Atomically adds to unsigned integer and returns old value. + + \return Old value before addition + + \param c Atomic unsigned integer pointer + \param i Value to add + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + unsigned int old = wolfSSL_Atomic_Uint_FetchAdd(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Uint_AddFetch +*/ +unsigned int wolfSSL_Atomic_Uint_FetchAdd(wolfSSL_Atomic_Uint* c, + unsigned int i); + +/*! + \ingroup Atomic + \brief Atomically subtracts from unsigned integer, returns old value. + + \return Old value before subtraction + + \param c Atomic unsigned integer pointer + \param i Value to subtract + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + unsigned int old = wolfSSL_Atomic_Uint_FetchSub(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Uint_SubFetch +*/ +unsigned int wolfSSL_Atomic_Uint_FetchSub(wolfSSL_Atomic_Uint* c, + unsigned int i); + +/*! + \ingroup Atomic + \brief Atomically adds to unsigned integer, returns new value. + + \return New value after addition + + \param c Atomic unsigned integer pointer + \param i Value to add + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + unsigned int new_val = wolfSSL_Atomic_Uint_AddFetch(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Uint_FetchAdd +*/ +unsigned int wolfSSL_Atomic_Uint_AddFetch(wolfSSL_Atomic_Uint* c, + unsigned int i); + +/*! + \ingroup Atomic + \brief Atomically subtracts from unsigned integer, returns new value. + + \return New value after subtraction + + \param c Atomic unsigned integer pointer + \param i Value to subtract + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + unsigned int new_val = wolfSSL_Atomic_Uint_SubFetch(&counter, 1); + \endcode + + \sa wolfSSL_Atomic_Uint_FetchSub +*/ +unsigned int wolfSSL_Atomic_Uint_SubFetch(wolfSSL_Atomic_Uint* c, + unsigned int i); + +/*! + \ingroup Atomic + \brief Atomically compares and exchanges unsigned integer. + + \return 1 if exchange occurred, 0 otherwise + + \param c Atomic unsigned integer pointer + \param expected_i Pointer to expected value + \param new_i New value to set + + _Example_ + \code + wolfSSL_Atomic_Uint counter; + unsigned int expected = 0; + int ret = wolfSSL_Atomic_Uint_CompareExchange(&counter, &expected, 1); + \endcode + + \sa wolfSSL_Atomic_Uint_FetchAdd +*/ +int wolfSSL_Atomic_Uint_CompareExchange(wolfSSL_Atomic_Uint* c, + unsigned int *expected_i, + unsigned int new_i); + +/*! + \ingroup Atomic + \brief Atomically compares and exchanges pointer. + + \return 1 if exchange occurred, 0 otherwise + + \param c Pointer to pointer + \param expected_ptr Pointer to expected pointer value + \param new_ptr New pointer value + + _Example_ + \code + void* ptr = NULL; + void* expected = NULL; + void* new_val = malloc(100); + int ret = wolfSSL_Atomic_Ptr_CompareExchange(&ptr, &expected, new_val); + \endcode + + \sa wolfSSL_Atomic_Int_CompareExchange +*/ +int wolfSSL_Atomic_Ptr_CompareExchange(void** c, void **expected_ptr, + void *new_ptr); + +/*! + \ingroup Mutex + \brief Initializes mutex. + + \return 0 on success + \return negative on error + + \param m Mutex pointer + + _Example_ + \code + wolfSSL_Mutex mutex; + int ret = wc_InitMutex(&mutex); + \endcode + + \sa wc_FreeMutex +*/ +int wc_InitMutex(wolfSSL_Mutex* m); + +/*! + \ingroup Mutex + \brief Frees mutex resources. + + \return 0 on success + \return negative on error + + \param m Mutex pointer + + _Example_ + \code + wolfSSL_Mutex mutex; + wc_InitMutex(&mutex); + int ret = wc_FreeMutex(&mutex); + \endcode + + \sa wc_InitMutex +*/ +int wc_FreeMutex(wolfSSL_Mutex* m); + +/*! + \ingroup Mutex + \brief Locks mutex. + + \return 0 on success + \return negative on error + + \param m Mutex pointer + + _Example_ + \code + wolfSSL_Mutex mutex; + int ret = wc_LockMutex(&mutex); + \endcode + + \sa wc_UnLockMutex +*/ +int wc_LockMutex(wolfSSL_Mutex* m); + +/*! + \ingroup Mutex + \brief Unlocks mutex. + + \return 0 on success + \return negative on error + + \param m Mutex pointer + + _Example_ + \code + wolfSSL_Mutex mutex; + wc_LockMutex(&mutex); + int ret = wc_UnLockMutex(&mutex); + \endcode + + \sa wc_LockMutex +*/ +int wc_UnLockMutex(wolfSSL_Mutex* m); + +/*! + \ingroup Mutex + \brief Initializes and allocates mutex. + + \return Pointer to mutex on success + \return NULL on error + + \param none No parameters + + _Example_ + \code + wolfSSL_Mutex* mutex = wc_InitAndAllocMutex(); + if (mutex != NULL) { + wc_LockMutex(mutex); + } + \endcode + + \sa wc_InitMutex +*/ +wolfSSL_Mutex* wc_InitAndAllocMutex(void); + +/*! + \ingroup RwLock + \brief Initializes read-write lock. + + \return 0 on success + \return negative on error + + \param m Read-write lock pointer + + _Example_ + \code + wolfSSL_RwLock lock; + int ret = wc_InitRwLock(&lock); + \endcode + + \sa wc_FreeRwLock +*/ +int wc_InitRwLock(wolfSSL_RwLock* m); + +/*! + \ingroup RwLock + \brief Frees read-write lock resources. + + \return 0 on success + \return negative on error + + \param m Read-write lock pointer + + _Example_ + \code + wolfSSL_RwLock lock; + wc_InitRwLock(&lock); + int ret = wc_FreeRwLock(&lock); + \endcode + + \sa wc_InitRwLock +*/ +int wc_FreeRwLock(wolfSSL_RwLock* m); + +/*! + \ingroup RwLock + \brief Locks read-write lock for writing. + + \return 0 on success + \return negative on error + + \param m Read-write lock pointer + + _Example_ + \code + wolfSSL_RwLock lock; + int ret = wc_LockRwLock_Wr(&lock); + \endcode + + \sa wc_UnLockRwLock +*/ +int wc_LockRwLock_Wr(wolfSSL_RwLock* m); + +/*! + \ingroup RwLock + \brief Locks read-write lock for reading. + + \return 0 on success + \return negative on error + + \param m Read-write lock pointer + + _Example_ + \code + wolfSSL_RwLock lock; + int ret = wc_LockRwLock_Rd(&lock); + \endcode + + \sa wc_UnLockRwLock +*/ +int wc_LockRwLock_Rd(wolfSSL_RwLock* m); + +/*! + \ingroup RwLock + \brief Unlocks read-write lock. + + \return 0 on success + \return negative on error + + \param m Read-write lock pointer + + _Example_ + \code + wolfSSL_RwLock lock; + wc_LockRwLock_Rd(&lock); + int ret = wc_UnLockRwLock(&lock); + \endcode + + \sa wc_LockRwLock_Rd +*/ +int wc_UnLockRwLock(wolfSSL_RwLock* m); + +/*! + \ingroup Mutex + \brief Locks mutex with debug info. + + \return 0 on success + \return negative on error + + \param flag Lock flag + \param type Lock type + \param file Source file name + \param line Source line number + + _Example_ + \code + int ret = wc_LockMutex_ex(0, 0, __FILE__, __LINE__); + \endcode + + \sa wc_LockMutex +*/ +int wc_LockMutex_ex(int flag, int type, const char* file, int line); + +/*! + \ingroup Mutex + \brief Sets mutex callback. + + \return 0 on success + \return negative on error + + \param cb Mutex callback pointer + + _Example_ + \code + mutex_cb cb; + int ret = wc_SetMutexCb(&cb); + \endcode + + \sa wc_GetMutexCb +*/ +int wc_SetMutexCb(mutex_cb* cb); + +/*! + \ingroup Mutex + \brief Gets mutex callback. + + \return Pointer to mutex callback + + \param none No parameters + + _Example_ + \code + mutex_cb* cb = wc_GetMutexCb(); + \endcode + + \sa wc_SetMutexCb +*/ +mutex_cb* wc_GetMutexCb(void); + +/*! + \ingroup Memory + \brief Checkpoints peak heap allocations. + + \return Peak allocation count + + \param none No parameters + + _Example_ + \code + long peak = wolfCrypt_heap_peakAllocs_checkpoint(); + \endcode + + \sa wolfCrypt_heap_peakBytes_checkpoint +*/ +long wolfCrypt_heap_peakAllocs_checkpoint(void); + +/*! + \ingroup Memory + \brief Checkpoints peak heap bytes. + + \return Peak bytes allocated + + \param none No parameters + + _Example_ + \code + long peak = wolfCrypt_heap_peakBytes_checkpoint(); + \endcode + + \sa wolfCrypt_heap_peakAllocs_checkpoint +*/ +long wolfCrypt_heap_peakBytes_checkpoint(void); + +/*! + \ingroup File + \brief Loads file into buffer. + + \return 0 on success + \return negative on error + + \param fname File name + \param buf Buffer pointer + \param bufLen Buffer length pointer + \param heap Heap hint + + _Example_ + \code + unsigned char* buf = NULL; + size_t len = 0; + int ret = wc_FileLoad("file.txt", &buf, &len, NULL); + \endcode + + \sa wc_FileExists +*/ +int wc_FileLoad(const char* fname, unsigned char** buf, size_t* bufLen, + void* heap); + +/*! + \ingroup File + \brief Reads first entry in directory. + + \return 0 on success + \return negative on error + + \param ctx Directory context + \param path Directory path + \param name Pointer to store entry name + + _Example_ + \code + ReadDirCtx ctx; + char* name; + int ret = wc_ReadDirFirst(&ctx, "/path", &name); + \endcode + + \sa wc_ReadDirNext +*/ +int wc_ReadDirFirst(ReadDirCtx* ctx, const char* path, char** name); + +/*! + \ingroup File + \brief Reads next entry in directory. + + \return 0 on success + \return negative on error + + \param ctx Directory context + \param path Directory path + \param name Pointer to store entry name + + _Example_ + \code + ReadDirCtx ctx; + char* name; + int ret = wc_ReadDirNext(&ctx, "/path", &name); + \endcode + + \sa wc_ReadDirFirst +*/ +int wc_ReadDirNext(ReadDirCtx* ctx, const char* path, char** name); + +/*! + \ingroup File + \brief Closes directory reading. + + \return none No returns + + \param ctx Directory context + + _Example_ + \code + ReadDirCtx ctx; + wc_ReadDirClose(&ctx); + \endcode + + \sa wc_ReadDirFirst +*/ +void wc_ReadDirClose(ReadDirCtx* ctx); + +/*! + \ingroup File + \brief Checks if file exists. + + \return 1 if file exists + \return 0 if file does not exist + + \param fname File name + + _Example_ + \code + if (wc_FileExists("file.txt")) { + // file exists + } + \endcode + + \sa wc_FileLoad +*/ +int wc_FileExists(const char* fname); + +/*! + \ingroup Callback + \brief Checks if handle callback is set. + + \return 1 if set + \return 0 if not set + + \param none No parameters + + _Example_ + \code + if (wolfSSL_GetHandleCbSet()) { + // callback is set + } + \endcode + + \sa wolfSSL_SetHandleCb +*/ +int wolfSSL_GetHandleCbSet(void); + +/*! + \ingroup Callback + \brief Sets handle callback. + + \return 0 on success + \return negative on error + + \param in Handle callback + + _Example_ + \code + int ret = wolfSSL_SetHandleCb(myHandleCallback); + \endcode + + \sa wolfSSL_GetHandleCbSet +*/ +int wolfSSL_SetHandleCb(wolfSSL_DSP_Handle_cb in); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wolfio.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wolfio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wolfio.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files/wolfio.h 2026-05-24 09:58:33.000000000 +0000 @@ -115,7 +115,7 @@ \sa wolfSSL_SSLSetIORecv \sa wolfSSL_dtls_get_current_timeout */ -int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); +int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! \brief This function is the send embedded callback. @@ -189,8 +189,8 @@ \sa wolfSSL_CTX_SetGenCookie */ -int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, - int sz, void*); +int EmbedGenerateCookie(WOLFSSL* ssl, byte* buf, + int sz, void* ctx); /*! \brief This function frees the response buffer. @@ -666,3 +666,801 @@ \sa wolfSSL_SSLSetIOSend */ WOLFSSL_API void wolfSSL_SetSendTo(WOLFSSL* ssl, WolfSSLSento sendTo); + +/*! + \ingroup IO + \brief Waits for socket to be ready for I/O with timeout. + + \return 0 on success + \return negative on error + + \param sockfd Socket file descriptor + \param to_sec Timeout in seconds + + _Example_ + \code + SOCKET_T sockfd; + int ret = wolfIO_Select(sockfd, 5); + \endcode + + \sa wolfIO_TcpConnect +*/ +int wolfIO_Select(SOCKET_T sockfd, int to_sec); + +/*! + \ingroup IO + \brief Connects to TCP server with timeout. + + \return 0 on success + \return negative on error + + \param sockfd Pointer to socket file descriptor + \param ip IP address string + \param port Port number + \param to_sec Timeout in seconds + + _Example_ + \code + SOCKET_T sockfd; + int ret = wolfIO_TcpConnect(&sockfd, "127.0.0.1", 443, 5); + \endcode + + \sa wolfIO_TcpBind +*/ +int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, + unsigned short port, int to_sec); + +/*! + \ingroup IO + \brief Accepts TCP connection. + + \return Socket descriptor on success + \return negative on error + + \param sockfd Socket file descriptor + \param peer_addr Peer address structure + \param peer_len Peer address length + + _Example_ + \code + SOCKET_T sockfd; + SOCKADDR peer; + XSOCKLENT len = sizeof(peer); + int ret = wolfIO_TcpAccept(sockfd, &peer, &len); + \endcode + + \sa wolfIO_TcpBind +*/ +int wolfIO_TcpAccept(SOCKET_T sockfd, SOCKADDR* peer_addr, + XSOCKLENT* peer_len); + +/*! + \ingroup IO + \brief Binds TCP socket to port. + + \return 0 on success + \return negative on error + + \param sockfd Pointer to socket file descriptor + \param port Port number + + _Example_ + \code + SOCKET_T sockfd; + int ret = wolfIO_TcpBind(&sockfd, 443); + \endcode + + \sa wolfIO_TcpAccept +*/ +int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port); + +/*! + \ingroup IO + \brief Sends data on socket. + + \return Number of bytes sent on success + \return negative on error + + \param sd Socket descriptor + \param buf Buffer to send + \param sz Buffer size + \param wrFlags Write flags + + _Example_ + \code + SOCKET_T sd; + char buf[100]; + int ret = wolfIO_Send(sd, buf, sizeof(buf), 0); + \endcode + + \sa wolfIO_Recv +*/ +int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); + +/*! + \ingroup IO + \brief Receives data from socket. + + \return Number of bytes received on success + \return negative on error + + \param sd Socket descriptor + \param buf Buffer to receive into + \param sz Buffer size + \param rdFlags Read flags + + _Example_ + \code + SOCKET_T sd; + char buf[100]; + int ret = wolfIO_Recv(sd, buf, sizeof(buf), 0); + \endcode + + \sa wolfIO_Send +*/ +int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); + +/*! + \ingroup IO + \brief Sends datagram to address. + + \return Number of bytes sent on success + \return negative on error + + \param sd Socket descriptor + \param addr Destination address + \param buf Buffer to send + \param sz Buffer size + \param wrFlags Write flags + + _Example_ + \code + SOCKET_T sd; + WOLFSSL_BIO_ADDR addr; + char buf[100]; + int ret = wolfIO_SendTo(sd, &addr, buf, sizeof(buf), 0); + \endcode + + \sa wolfIO_RecvFrom +*/ +int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, + int wrFlags); + +/*! + \ingroup IO + \brief Receives datagram from address. + + \return Number of bytes received on success + \return negative on error + + \param sd Socket descriptor + \param addr Source address + \param buf Buffer to receive into + \param sz Buffer size + \param rdFlags Read flags + + _Example_ + \code + SOCKET_T sd; + WOLFSSL_BIO_ADDR addr; + char buf[100]; + int ret = wolfIO_RecvFrom(sd, &addr, buf, sizeof(buf), 0); + \endcode + + \sa wolfIO_SendTo +*/ +int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, + int rdFlags); + +/*! + \ingroup IO + \brief BIO send callback. + + \return Number of bytes sent on success + \return negative on error + + \param ssl SSL object + \param buf Buffer to send + \param sz Buffer size + \param ctx Context pointer + + _Example_ + \code + WOLFSSL* ssl; + char buf[100]; + int ret = wolfSSL_BioSend(ssl, buf, sizeof(buf), NULL); + \endcode + + \sa wolfSSL_BioReceive +*/ +int wolfSSL_BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); + +/*! + \ingroup IO + \brief BIO receive callback. + + \return Number of bytes received on success + \return negative on error + + \param ssl SSL object + \param buf Buffer to receive into + \param sz Buffer size + \param ctx Context pointer + + _Example_ + \code + WOLFSSL* ssl; + char buf[100]; + int ret = wolfSSL_BioReceive(ssl, buf, sizeof(buf), NULL); + \endcode + + \sa wolfSSL_BioSend +*/ +int wolfSSL_BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); + +/*! + \ingroup IO + \brief Receives multicast datagram. + + \return Number of bytes received on success + \return negative on error + + \param ssl SSL object + \param buf Buffer to receive into + \param sz Buffer size + \param ctx Context pointer + + _Example_ + \code + WOLFSSL* ssl; + char buf[100]; + int ret = EmbedReceiveFromMcast(ssl, buf, sizeof(buf), NULL); + \endcode + + \sa EmbedReceiveFrom +*/ +int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx); + +/*! + \ingroup IO + \brief Builds HTTP OCSP request. + + \return Request size on success + \return negative on error + + \param domainName Domain name + \param path URL path + \param ocspReqSz OCSP request size + \param buf Output buffer + \param bufSize Buffer size + + _Example_ + \code + char buf[1024]; + int ret = wolfIO_HttpBuildRequestOcsp("example.com", "/ocsp", 100, + (unsigned char*)buf, sizeof(buf)); + \endcode + + \sa wolfIO_HttpProcessResponseOcsp +*/ +int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path, + int ocspReqSz, unsigned char* buf, + int bufSize); + +/*! + \ingroup IO + \brief Processes HTTP OCSP response with generic I/O. + + \return 0 on success + \return negative on error + + \param ioCb I/O callback + \param ioCbCtx I/O callback context + \param respBuf Response buffer pointer + \param httpBuf HTTP buffer + \param httpBufSz HTTP buffer size + \param heap Heap hint + + _Example_ + \code + unsigned char* resp = NULL; + unsigned char httpBuf[1024]; + int ret = wolfIO_HttpProcessResponseOcspGenericIO(myIoCb, ctx, &resp, + httpBuf, + sizeof(httpBuf), NULL); + \endcode + + \sa wolfIO_HttpProcessResponseOcsp +*/ +int wolfIO_HttpProcessResponseOcspGenericIO(WolfSSLGenericIORecvCb ioCb, + void* ioCbCtx, + unsigned char** respBuf, + unsigned char* httpBuf, + int httpBufSz, void* heap); + +/*! + \ingroup IO + \brief Processes HTTP OCSP response. + + \return 0 on success + \return negative on error + + \param sfd Socket file descriptor + \param respBuf Response buffer pointer + \param httpBuf HTTP buffer + \param httpBufSz HTTP buffer size + \param heap Heap hint + + _Example_ + \code + int sfd; + unsigned char* resp = NULL; + unsigned char httpBuf[1024]; + int ret = wolfIO_HttpProcessResponseOcsp(sfd, &resp, httpBuf, + sizeof(httpBuf), NULL); + \endcode + + \sa wolfIO_HttpBuildRequestOcsp +*/ +int wolfIO_HttpProcessResponseOcsp(int sfd, unsigned char** respBuf, + unsigned char* httpBuf, int httpBufSz, + void* heap); + +/*! + \ingroup IO + \brief OCSP lookup callback. + + \return 0 on success + \return negative on error + + \param ctx Context pointer + \param url URL string + \param urlSz URL size + \param ocspReqBuf OCSP request buffer + \param ocspReqSz OCSP request size + \param ocspRespBuf OCSP response buffer pointer + + _Example_ + \code + byte* resp = NULL; + byte req[100]; + int ret = EmbedOcspLookup(NULL, "http://example.com/ocsp", 25, req, + sizeof(req), &resp); + \endcode + + \sa EmbedOcspRespFree +*/ +int EmbedOcspLookup(void* ctx, const char* url, int urlSz, + byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf); + +/*! + \ingroup IO + \brief Builds HTTP CRL request. + + \return Request size on success + \return negative on error + + \param url URL string + \param urlSz URL size + \param domainName Domain name + \param buf Output buffer + \param bufSize Buffer size + + _Example_ + \code + char buf[1024]; + int ret = wolfIO_HttpBuildRequestCrl("http://example.com/crl", 22, + "example.com", + (unsigned char*)buf, sizeof(buf)); + \endcode + + \sa wolfIO_HttpProcessResponseCrl +*/ +int wolfIO_HttpBuildRequestCrl(const char* url, int urlSz, + const char* domainName, unsigned char* buf, + int bufSize); + +/*! + \ingroup IO + \brief Processes HTTP CRL response. + + \return 0 on success + \return negative on error + + \param crl CRL object + \param sfd Socket file descriptor + \param httpBuf HTTP buffer + \param httpBufSz HTTP buffer size + + _Example_ + \code + WOLFSSL_CRL crl; + int sfd; + unsigned char httpBuf[1024]; + int ret = wolfIO_HttpProcessResponseCrl(&crl, sfd, httpBuf, + sizeof(httpBuf)); + \endcode + + \sa wolfIO_HttpBuildRequestCrl +*/ +int wolfIO_HttpProcessResponseCrl(WOLFSSL_CRL* crl, int sfd, + unsigned char* httpBuf, int httpBufSz); + +/*! + \ingroup IO + \brief CRL lookup callback. + + \return 0 on success + \return negative on error + + \param crl CRL object + \param url URL string + \param urlSz URL size + + _Example_ + \code + WOLFSSL_CRL crl; + int ret = EmbedCrlLookup(&crl, "http://example.com/crl", 22); + \endcode + + \sa wolfIO_HttpBuildRequestCrl +*/ +int EmbedCrlLookup(WOLFSSL_CRL* crl, const char* url, int urlSz); + +/*! + \ingroup IO + \brief Decodes URL into components. + + \return 0 on success + \return negative on error + + \param url URL string + \param urlSz URL size + \param outName Output domain name + \param outPath Output path + \param outPort Output port + + _Example_ + \code + char name[256], path[256]; + unsigned short port; + int ret = wolfIO_DecodeUrl("http://example.com:443/path", 28, name, + path, &port); + \endcode + + \sa wolfIO_HttpBuildRequest +*/ +int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, + char* outPath, unsigned short* outPort); + +/*! + \ingroup IO + \brief Builds generic HTTP request. + + \return Request size on success + \return negative on error + + \param reqType Request type (GET, POST, etc.) + \param domainName Domain name + \param path URL path + \param pathLen Path length + \param reqSz Request body size + \param contentType Content type + \param buf Output buffer + \param bufSize Buffer size + + _Example_ + \code + char buf[1024]; + int ret = wolfIO_HttpBuildRequest("POST", "example.com", "/api", 4, + 100, "application/json", + (unsigned char*)buf, sizeof(buf)); + \endcode + + \sa wolfIO_HttpProcessResponse +*/ +int wolfIO_HttpBuildRequest(const char* reqType, const char* domainName, + const char* path, int pathLen, int reqSz, + const char* contentType, unsigned char* buf, + int bufSize); + +/*! + \ingroup IO + \brief Processes HTTP response with generic I/O. + + \return 0 on success + \return negative on error + + \param ioCb I/O callback + \param ioCbCtx I/O callback context + \param appStrList Application string list + \param respBuf Response buffer pointer + \param httpBuf HTTP buffer + \param httpBufSz HTTP buffer size + \param dynType Dynamic type + \param heap Heap hint + + _Example_ + \code + unsigned char* resp = NULL; + unsigned char httpBuf[1024]; + const char* appStrs[] = {"200 OK", NULL}; + int ret = wolfIO_HttpProcessResponseGenericIO(myIoCb, ctx, appStrs, + &resp, httpBuf, + sizeof(httpBuf), 0, NULL); + \endcode + + \sa wolfIO_HttpProcessResponse +*/ +int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb, + void* ioCbCtx, + const char** appStrList, + unsigned char** respBuf, + unsigned char* httpBuf, + int httpBufSz, int dynType, + void* heap); + +/*! + \ingroup IO + \brief Processes HTTP response. + + \return 0 on success + \return negative on error + + \param sfd Socket file descriptor + \param appStrList Application string list + \param respBuf Response buffer pointer + \param httpBuf HTTP buffer + \param httpBufSz HTTP buffer size + \param dynType Dynamic type + \param heap Heap hint + + _Example_ + \code + int sfd; + unsigned char* resp = NULL; + unsigned char httpBuf[1024]; + const char* appStrs[] = {"200 OK", NULL}; + int ret = wolfIO_HttpProcessResponse(sfd, appStrs, &resp, httpBuf, + sizeof(httpBuf), 0, NULL); + \endcode + + \sa wolfIO_HttpBuildRequest +*/ +int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, + unsigned char** respBuf, + unsigned char* httpBuf, int httpBufSz, + int dynType, void* heap); + +/*! + \ingroup IO + \brief Sets I/O send callback for context. + + \return none No returns + + \param ctx SSL context + \param CBIOSend Send callback + + _Example_ + \code + WOLFSSL_CTX* ctx; + wolfSSL_CTX_SetIOSend(ctx, mySendCallback); + \endcode + + \sa wolfSSL_SSLSetIOSend +*/ +void wolfSSL_CTX_SetIOSend(WOLFSSL_CTX *ctx, CallbackIOSend CBIOSend); + +/*! + \ingroup IO + \brief Sets I/O receive callback for SSL object. + + \return none No returns + + \param ssl SSL object + \param CBIORecv Receive callback + + _Example_ + \code + WOLFSSL* ssl; + wolfSSL_SSLSetIORecv(ssl, myRecvCallback); + \endcode + + \sa wolfSSL_CTX_SetIORecv +*/ +void wolfSSL_SSLSetIORecv(WOLFSSL *ssl, CallbackIORecv CBIORecv); + +/*! + \ingroup IO + \brief Sets I/O send callback for SSL object. + + \return none No returns + + \param ssl SSL object + \param CBIOSend Send callback + + _Example_ + \code + WOLFSSL* ssl; + wolfSSL_SSLSetIOSend(ssl, mySendCallback); + \endcode + + \sa wolfSSL_CTX_SetIOSend +*/ +void wolfSSL_SSLSetIOSend(WOLFSSL *ssl, CallbackIOSend CBIOSend); + +/*! + \ingroup IO + \brief Sets I/O for Mynewt platform. + + \return none No returns + + \param ssl SSL object + \param mnSocket Mynewt socket + \param mnSockAddrIn Mynewt socket address + + _Example_ + \code + WOLFSSL* ssl; + struct mn_socket sock; + struct mn_sockaddr_in addr; + wolfSSL_SetIO_Mynewt(ssl, &sock, &addr); + \endcode + + \sa wolfSSL_SetIO_LwIP +*/ +void wolfSSL_SetIO_Mynewt(WOLFSSL* ssl, struct mn_socket* mnSocket, + struct mn_sockaddr_in* mnSockAddrIn); + +/*! + \ingroup IO + \brief Sets I/O for LwIP platform. + + \return 0 on success + \return negative on error + + \param ssl SSL object + \param pcb Protocol control block + \param recv Receive callback + \param sent Sent callback + \param arg Argument pointer + + _Example_ + \code + WOLFSSL* ssl; + struct tcp_pcb* pcb; + int ret = wolfSSL_SetIO_LwIP(ssl, pcb, myRecv, mySent, NULL); + \endcode + + \sa wolfSSL_SetIO_Mynewt +*/ +int wolfSSL_SetIO_LwIP(WOLFSSL* ssl, void *pcb, tcp_recv_fn recv, + tcp_sent_fn sent, void *arg); + +/*! + \ingroup IO + \brief Sets cookie context for DTLS. + + \return none No returns + + \param ssl SSL object + \param ctx Cookie context + + _Example_ + \code + WOLFSSL* ssl; + void* ctx; + wolfSSL_SetCookieCtx(ssl, ctx); + \endcode + + \sa wolfSSL_GetCookieCtx +*/ +void wolfSSL_SetCookieCtx(WOLFSSL* ssl, void *ctx); + +/*! + \ingroup IO + \brief Gets cookie context for DTLS. + + \return Cookie context pointer + + \param ssl SSL object + + _Example_ + \code + WOLFSSL* ssl; + void* ctx = wolfSSL_GetCookieCtx(ssl); + \endcode + + \sa wolfSSL_SetCookieCtx +*/ +void* wolfSSL_GetCookieCtx(WOLFSSL* ssl); + +/*! + \ingroup IO + \brief Sets get peer callback for context. + + \return none No returns + + \param ctx SSL context + \param cb Get peer callback + + _Example_ + \code + WOLFSSL_CTX* ctx; + wolfSSL_CTX_SetIOGetPeer(ctx, myGetPeerCallback); + \endcode + + \sa wolfSSL_CTX_SetIOSetPeer +*/ +void wolfSSL_CTX_SetIOGetPeer(WOLFSSL_CTX* ctx, CallbackGetPeer cb); + +/*! + \ingroup IO + \brief Sets set peer callback for context. + + \return none No returns + + \param ctx SSL context + \param cb Set peer callback + + _Example_ + \code + WOLFSSL_CTX* ctx; + wolfSSL_CTX_SetIOSetPeer(ctx, mySetPeerCallback); + \endcode + + \sa wolfSSL_CTX_SetIOGetPeer +*/ +void wolfSSL_CTX_SetIOSetPeer(WOLFSSL_CTX* ctx, CallbackSetPeer cb); + +/*! + \ingroup IO + \brief Gets peer information. + + \return 0 on success + \return negative on error + + \param ssl SSL object + \param ip IP address buffer + \param ipSz IP address buffer size pointer + \param port Port number pointer + \param fam Address family pointer + + _Example_ + \code + WOLFSSL* ssl; + char ip[46]; + int ipSz = sizeof(ip); + unsigned short port; + int fam; + int ret = EmbedGetPeer(ssl, ip, &ipSz, &port, &fam); + \endcode + + \sa EmbedSetPeer +*/ +int EmbedGetPeer(WOLFSSL* ssl, char* ip, int* ipSz, unsigned short* port, + int* fam); + +/*! + \ingroup IO + \brief Sets peer information. + + \return 0 on success + \return negative on error + + \param ssl SSL object + \param ip IP address string + \param ipSz IP address string size + \param port Port number + \param fam Address family + + _Example_ + \code + WOLFSSL* ssl; + int ret = EmbedSetPeer(ssl, "127.0.0.1", 9, 443, AF_INET); + \endcode + + \sa EmbedGetPeer +*/ +int EmbedSetPeer(WOLFSSL* ssl, char* ip, int ipSz, unsigned short port, + int fam); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/aes.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,23 +1,31 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€éµã‚’設定ã—ã¦åˆæœŸåŒ–ベクトルを設定ã™ã‚‹ã“ã¨ã§Aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 éµã¨åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã—ã¾ã—㟠- \return BAD_FUNC_ARG éµã®é•·ã•ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes 変更ã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ - \param len 渡ã•れãŸéµã®é•·ã• - \param iv éµã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトルã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚­ãƒ¼ã‚’設定ã—ã€åˆæœŸåŒ–ベクトルを設定ã™ã‚‹ã“ã¨ã§AESæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 キーã¨åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG キーã®é•·ã•ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes 変更ã™ã‚‹AES構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param len 渡ã•れãŸã‚­ãƒ¼ã®é•·ã• + \param iv キーã®åˆæœŸåŒ–ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトルã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dir æš—å·ã®æ–¹å‘。暗å·åŒ–ã™ã‚‹å ´åˆã¯AES_ENCRYPTIONを設定ã—ã€å¾©å·ã™ã‚‹å ´åˆã¯AES_DECRYPTIONを設定ã—ã¾ã™ã€‚一部ã®ãƒ¢ãƒ¼ãƒ‰ï¼ˆCFBãŠã‚ˆã³CTRï¼‰ã®æ–¹å‘ã¯å¸¸ã«AES_ENCRYPTIONã§ã™ã€‚ + _Example_ \code Aes enc; int ret = 0; - byte key[] = { some 16, 24 or 32 byte key }; - byte iv[] = { some 16 byte iv }; + byte key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + byte iv[] = { 16ãƒã‚¤ãƒˆã®iv }; + if (ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID) != 0) { + // aes keyã®åˆæœŸåŒ–ã«å¤±æ•— + } if (ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION) != 0) { - // failed to set aes key + // aes keyã®è¨­å®šã«å¤±æ•— } \endcode + \sa wc_AesSetKeyDirect \sa wc_AesSetIV */ @@ -26,19 +34,24 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸAes構造体ã®åˆæœŸåŒ–ベクトルを設定ã—ã¾ã™ã€‚Aes構造体ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹ã“ã¨ãŒå¿…è¦ã§ã™ã€‚ - \return 0 åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes åˆæœŸåŒ–ベクトルを設定ã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®AESオブジェクトã®åˆæœŸåŒ–ベクトルを設定ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å‰ã«AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG AESãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes åˆæœŸåŒ–ベクトルを設定ã™ã‚‹AES構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv AESæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル。値ãŒNULLã®å ´åˆã€ãƒ‡ãƒ•ォルトã®å‹•作ã¯ivã‚’0ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚ + _Example_ \code Aes enc; - // set enc key - byte iv[] = { some 16 byte iv }; + // enc keyを設定 + byte iv[] = { 16ãƒã‚¤ãƒˆã®iv }; if (ret = wc_AesSetIV(&enc, iv) != 0) { - // failed to set aes iv + // aes ivã®è¨­å®šã«å¤±æ•— } \endcode + \sa wc_AesSetKeyDirect \sa wc_AesSetKey */ @@ -46,33 +59,32 @@ /*! \ingroup AES - \brief 入力ãƒãƒƒãƒ•ã‚¡ã®å¹³æ–‡ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€AESã§Cipher Block Chainingを使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°å‘¼ã³å‡ºã—ã«ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–å‰ã«wc_AesSetKeyを呼ã³å‡ºã—ã¦AESオブジェクトãŒåˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒAESブロック長ã§ã‚ã‚‹ã¨ä»®å®šã—ã€å…¥åŠ›ã•れãŸé•·ã•ãŒãƒ–ロック長ã®å€æ•°ã«ãªã‚‹ã“ã¨ã‚’想定ã—ã¦ã„ã‚‹ãŸã‚〠- ビルド構æˆã§WOLFSSL_AES_CBC_LENGTH_CHECKSãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã¯ä»»æ„é¸æŠžã§ãƒã‚§ãƒƒã‚¯ãŠã‚ˆã³é©ç”¨ã•れã¾ã™ã€‚ - ブロック多入力をä¿è¨¼ã™ã‚‹ãŸã‚ã«ã€PKCS#7スタイルã®ãƒ‘ディングを事å‰ã«è¿½åŠ ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“れã¯è‡ªå‹•çš„ã«ãƒ‘ディングを追加ã™ã‚‹OpenSSL AES-CBCメソッドã¨ã¯ç•°ãªã‚Šã¾ã™ã€‚ - WOLFSSLã¨å¯¾å¿œã™ã‚‹OpenSSL関数を相互é‹ç”¨ã™ã‚‹ã«ã¯ã€OpenSSLコマンドライン関数ã§-nopadオプションを指定ã—ã¦ã€ - wolfSSL_AesCbcEncryptメソッドã®ã‚ˆã†ã«å‹•作ã—ã€æš—å·åŒ–中ã«è¿½åŠ ã®ãƒ‘ディングを追加ã—ã¾ã›ã‚“。 - - \return 0 ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_ALIGN_E: ブロックアライメントエラー検出時ã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return BAD_LENGTH_E ライブラリーãŒWOLFSSL_AES_CBC_LENGTH_CHECKSã§æ§‹ç¯‰ã•れã¦ã„ã‚‹å ´åˆã§ã€å…¥åЛ長ãŒAESブロック長ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•れるメッセージをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 入力ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰å¹³æ–‡ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€AESを使用ã—ãŸæš—å·ãƒ–ロック連鎖ã«ã‚ˆã‚Šçµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã™ã‚‹å‰ã«AesSetKeyを呼ã³å‡ºã—ã¦AESオブジェクトãŒåˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒAESãƒ–ãƒ­ãƒƒã‚¯é•·ã«æ•´åˆ—ã—ã¦ã„ã‚‹ã“ã¨ã‚’剿ã¨ã—ã¦ãŠã‚Šã€å…¥åЛ長ãŒãƒ–ロック長ã®å€æ•°ã§ã‚ã‚‹ã“ã¨ã‚’期待ã—ã¾ã™ã€‚ビルド構æˆã§WOLFSSL_AES_CBC_LENGTH_CHECKSãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“れã¯ã‚ªãƒ—ションã§ãƒã‚§ãƒƒã‚¯ãŠã‚ˆã³å¼·åˆ¶ã•れã¾ã™ã€‚ãƒ–ãƒ­ãƒƒã‚¯å€æ•°ã®å…¥åŠ›ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ã€äº‹å‰ã«PKCS#7スタイルã®ãƒ‘ディングを追加ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れã¯ã€è‡ªå‹•çš„ã«ãƒ‘ディングを追加ã™ã‚‹OpenSSLã®AES-CBCメソッドã¨ã¯ç•°ãªã‚Šã¾ã™ã€‚wolfSSLã¨å¯¾å¿œã™ã‚‹OpenSSL関数を相互é‹ç”¨ã•ã›ã‚‹ã«ã¯ã€OpenSSLコマンドライン関数ã§-nopadオプションを指定ã—ã¦ã€wolfSSLã®AesCbcEncryptメソッドã®ã‚ˆã†ã«å‹•作ã—ã€æš—å·åŒ–中ã«ä½™åˆ†ãªãƒ‘ディングを追加ã—ãªã„よã†ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_ALIGN_E ブロック整列エラーã§è¿”ã•れる場åˆãŒã‚りã¾ã™ã€‚ + \return BAD_LENGTH_E ライブラリãŒWOLFSSL_AES_CBC_LENGTH_CHECKSã§ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã€å…¥åЛ長ãŒAESブロック長ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•れるメッセージをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 入力メッセージã®ã‚µã‚¤ã‚º + _Example_ \code Aes enc; int ret = 0; - // initialize enc with AesSetKey, using direction AES_ENCRYPTION - byte msg[AES_BLOCK_SIZE * n]; // multiple of 16 bytes - // fill msg with data - byte cipher[AES_BLOCK_SIZE * n]; // Some multiple of 16 bytes + // wc_AesInitã¨wc_AesSetKeyを使用ã—ã¦encã‚’åˆæœŸåŒ–ã€æ–¹å‘㯠+ // AES_ENCRYPTIONを使用 + byte msg[AES_BLOCK_SIZE * n]; // 16ãƒã‚¤ãƒˆã®å€æ•° + // msgã«ãƒ‡ãƒ¼ã‚¿ã‚’入力 + byte cipher[AES_BLOCK_SIZE * n]; // 16ãƒã‚¤ãƒˆã®å€æ•° if ((ret = wc_AesCbcEncrypt(&enc, cipher, message, sizeof(msg))) != 0 ) { - // block align error + // ブロック整列エラー } \endcode + + \sa wc_AesInit \sa wc_AesSetKey \sa wc_AesSetIV \sa wc_AesCbcDecrypt @@ -82,33 +94,34 @@ /*! \ingroup AES - \brief 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®æš—å·ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã—ã€AESã§Cipher Block Chainingを使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°å‘¼ã³å‡ºã—ã«ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–å‰ã«wc_AesSetKeyを呼ã³å‡ºã—ã¦AESオブジェクトãŒåˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€å…ƒã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒAESãƒ–ãƒ­ãƒƒã‚¯é•·ã§æ•´åˆ—ã—ã¦ã„ãŸã¨ä»®å®šã—ã€å…¥åŠ›ã•れãŸé•·ã•ãŒãƒ–ロック長ã®å€æ•°ã«ãªã‚‹ã¨äºˆæƒ³ã—ã¦ã„ã¾ã™ã€‚ - ã“れã¯OpenSSL AES-CBCメソッドã¨ã¯ç•°ãªã‚Šã¾ã™ã€‚ã“れã¯ã€PKCS#7パディングを自動的ã«è¿½åŠ ã™ã‚‹ãŸã‚ã€ãƒ–ロックマルãƒå…¥åŠ›ã‚’å¿…è¦ã¨ã—ã¾ã›ã‚“。 - wolfSSL機能ã¨åŒç­‰ã®OpenSSL関数を相互é‹ç”¨ã™ã‚‹ã«ã¯ã€OpenSSLコマンドライン関数ã§-nopadオプションを指定ã—〠- wolfSSL_ AesCbcEncryptメソッドã®ã‚ˆã†ã«å‹•作ã—ã€å¾©å·ä¸­ã«ã‚¨ãƒ©ãƒ¼ã‚’発生ã•ã›ã¾ã›ã‚“。 - \return 0 メッセージを正常ã«å¾©å·ã—ã¾ã—㟠- \return BAD_ALIGN_E ブロックアライメントエラー検出時ã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return BAD_LENGTH_E ライブラリーãŒWOLFSSL_AES_CBC_LENGTH_CHECKSã§æ§‹ç¯‰ã•れã¦ã„ã‚‹å ´åˆã§ã€å…¥åЛ長ãŒAESブロック長ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes データを復å·ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ—レーンテキストをä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。必è¦ãªå ´åˆã¯ãƒ‘ディングã¯è¿½åŠ ã•れã¾ã™ã€‚ - \param in 復å·ã™ã‚‹æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。パディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief 入力ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æš—å·ã‚’復å·ã—ã€AESを使用ã—ãŸæš—å·ãƒ–ロック連鎖ã«ã‚ˆã‚Šçµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã™ã‚‹å‰ã«AesSetKeyを呼ã³å‡ºã—ã¦AES構造体ãŒåˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å…ƒã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒAESãƒ–ãƒ­ãƒƒã‚¯é•·ã«æ•´åˆ—ã—ã¦ã„ãŸã“ã¨ã‚’剿ã¨ã—ã¦ãŠã‚Šã€å…¥åЛ長ãŒãƒ–ロック長ã®å€æ•°ã§ã‚ã‚‹ã“ã¨ã‚’期待ã—ã¾ã™ã€‚ビルド構æˆã§WOLFSSL_AES_CBC_LENGTH_CHECKSãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“れã¯ã‚ªãƒ—ションã§ãƒã‚§ãƒƒã‚¯ãŠã‚ˆã³å¼·åˆ¶ã•れã¾ã™ã€‚ã“れã¯ã€PKCS#7パディングを自動的ã«è¿½åŠ ã™ã‚‹OpenSSLã®AES-CBCメソッドã¨ã¯ç•°ãªã‚Šã€ãƒ–ãƒ­ãƒƒã‚¯å€æ•°ã®å…¥åŠ›ã‚’å¿…è¦ã¨ã—ã¾ã›ã‚“。wolfSSL関数ã¨åŒç­‰ã®OpenSSL関数を相互é‹ç”¨ã•ã›ã‚‹ã«ã¯ã€OpenSSLコマンドライン関数ã§-nopadオプションを指定ã—ã¦ã€wolfSSLã®AesCbcEncryptメソッドã®ã‚ˆã†ã«å‹•作ã—ã€å¾©å·ä¸­ã«ã‚¨ãƒ©ãƒ¼ã‚’発生ã•ã›ãªã„よã†ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 メッセージã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_ALIGN_E ブロック整列エラーã§è¿”ã•れる場åˆãŒã‚りã¾ã™ã€‚ + \return BAD_LENGTH_E ライブラリãŒWOLFSSL_AES_CBC_LENGTH_CHECKSã§ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã€å…¥åЛ長ãŒAESブロック長ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを復å·ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param in 復å·ã•ã‚Œã‚‹æš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param sz 入力メッセージã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code Aes dec; int ret = 0; - // initialize dec with AesSetKey, using direction AES_DECRYPTION - byte cipher[AES_BLOCK_SIZE * n]; // some multiple of 16 bytes - // fill cipher with cipher text + // wc_AesInitã¨wc_AesSetKeyを使用ã—ã¦decã‚’åˆæœŸåŒ–ã€æ–¹å‘㯠+ // AES_DECRYPTIONを使用 + byte cipher[AES_BLOCK_SIZE * n]; // 16ãƒã‚¤ãƒˆã®å€æ•° + // cipherã«æš—å·æ–‡ã‚’入力 byte plain [AES_BLOCK_SIZE * n]; if ((ret = wc_AesCbcDecrypt(&dec, plain, cipher, sizeof(cipher))) != 0 ) { - // block align error + // ブロック整列エラー } \endcode + + \sa wc_AesInit \sa wc_AesSetKey \sa wc_AesCbcEncrypt */ @@ -117,36 +130,36 @@ /*! \ingroup AES - \brief 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–/復å·ã—ã€AES CTRモードを使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_Aes_CounterãŒã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã®ã¿æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã‚’呼ã³å‡ºã™å‰ã«ã€Aes構造体をwc_AesSetKeyã§åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯å¾©å·ã¨æš—å·åŒ–ã®ä¸¡æ–¹ã«ä½¿ç”¨ã•れã¾ã™ã€‚_注:æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®åŒã˜APIを使用ã™ã‚‹ã“ã¨ã«ã¤ã„ã¦ã€‚ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯æš—å·åŒ–/復å·ã®ãŸã‚ã®Aes構造体を区別ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return int WolfSSLエラーã¾ãŸã¯æˆåŠŸçŠ¶æ³ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ - \param aes データを復å·ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–テキストをä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。必è¦ãªå ´åˆã¯ãƒ‘ディングã¯è¿½åŠ ã•れã¾ã™ã€‚ - \param in æš—å·åŒ–ã•れるプレーンテキストをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。パディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief AESを使用ã—ãŸCTRモードã§ã€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–/復å·ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«WOLFSSL_AES_COUNTERãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã®ã¿æœ‰åйã§ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å‰ã«ã€AesSetKeyを介ã—ã¦AESæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯å¾©å·ã¨æš—å·åŒ–ã®ä¸¡æ–¹ã«ä½¿ç”¨ã•れるã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。注:暗å·åŒ–ã¨å¾©å·ã«åŒã˜APIを使用ã™ã‚‹ã“ã¨ã«ã¤ã„ã¦ã€‚ãƒ¦ãƒ¼ã‚¶ã¯æš—å·åŒ–/復å·ç”¨ã®Aes構造体を区別ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return int wolfSSLエラーã¾ãŸã¯æˆåŠŸã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ + + \param aes データを復å·ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param in æš—å·åŒ–ã•れる平文をå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param sz 入力平文ã®ã‚µã‚¤ã‚º + _Example_ \code Aes enc; Aes dec; - // initialize enc and dec with AesSetKeyDirect, using direction - AES_ENCRYPTION - // since the underlying API only calls Encrypt and by default calling - encrypt on - // a cipher results in a decryption of the cipher - - byte msg[AES_BLOCK_SIZE * n]; //n being a positive integer making msg - some multiple of 16 bytes - // fill plain with message text + // wc_AesInitã¨wc_AesSetKeyDirectを使用ã—ã¦encã¨decã‚’åˆæœŸåŒ–ã€æ–¹å‘㯠+ // AES_ENCRYPTIONを使用。基盤ã¨ãªã‚‹APIã¯æš—å·åŒ–ã®ã¿ã‚’呼ã³å‡ºã—〠+ // ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æš—å·ã«å¯¾ã—ã¦æš—å·åŒ–を呼ã³å‡ºã™ã¨æš—å·ã®å¾©å·ãŒ + // 行ã‚れるãŸã‚ + + byte msg[AES_BLOCK_SIZE * n]; // nã¯æ­£ã®æ•´æ•°ã§ã€msgã‚’ + 16ãƒã‚¤ãƒˆã®å€æ•°ã«ã™ã‚‹ + // plainã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ†ã‚­ã‚¹ãƒˆã‚’入力 byte cipher[AES_BLOCK_SIZE * n]; byte decrypted[AES_BLOCK_SIZE * n]; - wc_AesCtrEncrypt(&enc, cipher, msg, sizeof(msg)); // encrypt plain + wc_AesCtrEncrypt(&enc, cipher, msg, sizeof(msg)); // plainã‚’æš—å·åŒ– wc_AesCtrEncrypt(&dec, decrypted, cipher, sizeof(cipher)); - // decrypt cipher text + // æš—å·æ–‡ã‚’å¾©å· \endcode + \sa wc_AesSetKey */ int wc_AesCtrEncrypt(Aes* aes, byte* out, @@ -154,24 +167,25 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ–ãƒ­ãƒƒã‚¯inã§ä¸Žãˆã‚‰ã‚ŒãŸå˜ä¸€ã®å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ãƒ–ロックを暗å·åŒ–ã—ã¦å˜ä¸€ã®å‡ºåŠ›ãƒ–ãƒ­ãƒƒã‚¯outã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ãã®éš›ã«ã€Aesæ§‹é€ ä½“ã§æä¾›ã•れãŸã®éµã‚’使用ã—ã¾ã™ã€‚éµã¯ã“ã®æ©Ÿèƒ½ã‚’呼ã³å‡ºã™å‰ã«wc_AesSetKeyã§åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - wc_AesSetKeyã¸ã®å…¥åŠ›ivã«ã¯NULLを指定ã—ã¦å‘¼ã³å‡ºã—ã¦ãã ã•ã„。 - ã“れã¯ã€Configure Option WolfSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã®ã¿æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - __ warning:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ - å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã—ãªã„ã§ãã ã•ã„。 - \return int WolfSSLエラーã¾ãŸã¯æˆåŠŸçŠ¶æ³ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ - \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–テキストをä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ–ãƒ­ãƒƒã‚¯inã®1ブロック暗å·åŒ–を出力ブロックoutã«è¡Œã„ã¾ã™ã€‚æä¾›ã•れãŸAES構造体ã®ã‚­ãƒ¼ã‚’使用ã—ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å‰ã«wc_AesSetKeyã§åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚wc_AesSetKeyã¯ivã‚’NULLã«è¨­å®šã—ã¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れã¯ã€æ§‹æˆã‚ªãƒ—ションWOLFSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã®ã¿æœ‰åйã§ã™ã€‚警告:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ã€ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã™ã‚‹ã“ã¨ã¯é¿ã‘ã¦ãã ã•ã„。 + + \return int wolfSSLエラーã¾ãŸã¯æˆåŠŸã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•れる平文をå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Aes enc; - // initialize enc with AesSetKey, using direction AES_ENCRYPTION - byte msg [AES_BLOCK_SIZE]; // 16 bytes - // initialize msg with plain text to encrypt + // wc_AesInitã¨wc_AesSetKeyを使用ã—ã¦encã‚’åˆæœŸåŒ–ã€æ–¹å‘㯠+ // AES_ENCRYPTIONを使用 + byte msg [AES_BLOCK_SIZE]; // 16ãƒã‚¤ãƒˆ + // msgã‚’æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã§åˆæœŸåŒ– byte cipher[AES_BLOCK_SIZE]; wc_AesEncryptDirect(&enc, cipher, msg); \endcode + \sa wc_AesDecryptDirect \sa wc_AesSetKeyDirect */ @@ -179,22 +193,25 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ–ãƒ­ãƒƒã‚¯inã§ä¸Žãˆã‚‰ã‚ŒãŸå˜ä¸€ã®æš—å·ãƒ‡ãƒ¼ã‚¿ãƒ–ロックを復å·ã—ã¦å˜ä¸€ã®å‡ºåŠ›ãƒ–ãƒ­ãƒƒã‚¯outã«å‡ºåŠ›ã—ã¾ã™ã€‚ - æä¾›ã•れãŸAes構造体ã®éµã‚’使用ã—ã¾ã™ã€‚Aes構造体ã¯ã€ã“ã®æ©Ÿèƒ½ã‚’呼ã³å‡ºã™å‰ã«wc_AesSetKeyã§åˆæœŸåŒ–ã•れる必è¦ãŒã‚りã¾ã™ã€‚wc_AesSetKeyã¯ã€ivãŒNULLã§å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - ã“れã¯ã€Configure Option WOLFSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã®ã¿æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - __ warning:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã—ãªã„ã§ãã ã•ã„。 - \return int WolfSSLエラーã¾ãŸã¯æˆåŠŸçŠ¶æ³ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ - \param aes データã®å¾©å·ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·ã•れãŸå¹³æ–‡ãƒ†ã‚­ã‚¹ãƒˆã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ–ãƒ­ãƒƒã‚¯inã®1ブロック復å·ã‚’出力ブロックoutã«è¡Œã„ã¾ã™ã€‚æä¾›ã•れãŸAES構造体ã®ã‚­ãƒ¼ã‚’使用ã—ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å‰ã«wc_AesSetKeyã§åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚wc_AesSetKeyã¯ivã‚’NULLã«è¨­å®šã—ã¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れã¯ã€æ§‹æˆã‚ªãƒ—ションWOLFSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã®ã¿æœ‰åйã§ã™ã€‚警告:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ã€ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã™ã‚‹ã“ã¨ã¯é¿ã‘ã¦ãã ã•ã„。 + + \return int wolfSSLエラーã¾ãŸã¯æˆåŠŸã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã«å¯¾å¿œã™ã‚‹æ•´æ•°å€¤ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 復å·ã•ã‚ŒãŸæš—å·æ–‡ã®å¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in 復å·ã•ã‚Œã‚‹æš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Aes dec; - // initialize enc with AesSetKey, using direction AES_DECRYPTION - byte cipher [AES_BLOCK_SIZE]; // 16 bytes - // initialize cipher with cipher text to decrypt + // wc_AesInitã¨wc_AesSetKeyを使用ã—ã¦encã‚’åˆæœŸåŒ–ã€æ–¹å‘㯠+ // AES_DECRYPTIONを使用 + byte cipher [AES_BLOCK_SIZE]; // 16ãƒã‚¤ãƒˆ + // cipherを復å·ã™ã‚‹æš—å·æ–‡ã§åˆæœŸåŒ– byte msg[AES_BLOCK_SIZE]; wc_AesDecryptDirect(&dec, msg, cipher); \endcode + \sa wc_AesEncryptDirect \sa wc_AesSetKeyDirect */ @@ -202,33 +219,33 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€CTRモードã®AESéµã‚’AESã§è¨­å®šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 指定ã•れãŸéµã€ivï¼ˆåˆæœŸåŒ–ベクトル)ã€ãŠã‚ˆã³æš—å·åŒ–dir(方å‘)ã§AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - æ§‹æˆã‚ªãƒ—ションWOLFSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã®ã¿æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - wc_AesEncryptDirectã¨wc_AesDecryptDirectを呼ã³å‡ºã™éš›ã®Aes構造体ã®åˆæœŸåŒ–ã«ã¯ã“ã®é–¢æ•°ã‚’使ã†å¿…è¦ãŒã‚りã¾ã™ã€‚ - ç¾åœ¨wc_AesSetKeyDirectã¯å†…部的ã«wc_AesSetKeyを使用ã—ã¾ã™ã€‚ - __ warning:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚ - å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã—ãªã„ã§ãã ã•ã„ - \return 0 éµã®è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒç„¡åйãªé•·ã•ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ - \param len 渡ã•れãŸéµã®é•·ã• - \param iv éµã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル - \param dir æš—å·åŒ–ã®æ–¹å‘を指定ã—ã¾ã™ã€‚wc_AesEncryptDirectã«ä½¿ç”¨ã™ã‚‹éš›ã«ã¯AES_ENCRYPTIONã€wc_AesDecryptDirectã«ã¯AES_DECRYPTIONを指定ã—ã¾ã™ã€‚ - (注æ„: wc_AesSetKeyDirect ã‚’Aesカウンターモードã«ä½¿ç”¨ã™ã‚‹éš›ã«ã¯æš—å·åŒ–/復å·ã«ã‚ˆã‚‰ãšã€AES_ENCRYPTIONを指定ã—ã¦ãã ã•ã„。) + \brief ã“ã®é–¢æ•°ã¯ã€AESを使用ã—ãŸCTRモードã®AESキーを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚指定ã•れãŸã‚­ãƒ¼ã€ivï¼ˆåˆæœŸåŒ–ベクトル)ã€ãŠã‚ˆã³æš—å·åŒ–dir(方å‘)ã§AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚æ§‹æˆã‚ªãƒ—ションWOLFSSL_AES_DIRECTãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã®ã¿æœ‰åйã§ã™ã€‚ç¾åœ¨ã€wc_AesSetKeyDirectã¯å†…部的ã«wc_AesSetKeyを使用ã—ã¦ã„ã¾ã™ã€‚警告:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ã€ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã™ã‚‹ã“ã¨ã¯é¿ã‘ã¦ãã ã•ã„。 + + \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã®é•·ã•ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param len 渡ã•れãŸã‚­ãƒ¼ã®é•·ã• + \param iv キーã®åˆæœŸåŒ–ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル + \param dir æš—å·ã®æ–¹å‘。暗å·åŒ–ã™ã‚‹å ´åˆã¯AES_ENCRYPTIONを設定ã—ã€å¾©å·ã™ã‚‹å ´åˆã¯AES_DECRYPTIONを設定ã—ã¾ã™ã€‚(wolfssl/wolfcrypt/aes.hã®åˆ—挙型をå‚照)(注:Aesカウンタモード(ストリーム暗å·ï¼‰ã§wc_AesSetKeyDirectを使用ã™ã‚‹å ´åˆã€æš—å·åŒ–ã¨å¾©å·ã®ä¸¡æ–¹ã«AES_ENCRYPTIONã®ã¿ã‚’使用) _Example_ \code Aes enc; int ret = 0; - byte key[] = { some 16, 24, or 32 byte key }; - byte iv[] = { some 16 byte iv }; + byte key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + byte iv[] = { 16ãƒã‚¤ãƒˆã®iv }; + + if (ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID) != 0) { + // aes keyã®åˆæœŸåŒ–ã«å¤±æ•— + } if (ret = wc_AesSetKeyDirect(&enc, key, sizeof(key), iv, AES_ENCRYPTION) != 0) { - // failed to set aes key + // aes keyã®è¨­å®šã«å¤±æ•— } \endcode + \sa wc_AesEncryptDirect \sa wc_AesDecryptDirect \sa wc_AesSetKey @@ -238,21 +255,28 @@ /*! \ingroup AES - \brief ã“ã®æ©Ÿèƒ½ã¯ã€AES GCM(Galois/Counter Mode)ã®éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 与ãˆã‚‰ã‚ŒãŸkeyã§Aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚コンパイル時ã«ConfigureオプションHAVE_AESGCMãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã®ã¿æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - \return 0 éµã®è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸkeyãŒç„¡åйãªé•·ã•ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \brief ã“ã®é–¢æ•°ã¯ã€AES GCM(Galois/Counter Mode)ã®ã‚­ãƒ¼ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚指定ã•れãŸã‚­ãƒ¼ã§AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æ§‹æˆã‚ªãƒ—ションHAVE_AESGCMãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã®ã¿æœ‰åйã§ã™ã€‚ + + \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã®é•·ã•ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param len 渡ã•れãŸã‚­ãƒ¼ã®é•·ã• + _Example_ \code Aes enc; int ret = 0; - byte key[] = { some 16, 24,32 byte key }; + byte key[] = { 16ã€24ã€32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + if (ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID) != 0) { + // aes keyã®åˆæœŸåŒ–ã«å¤±æ•— + } if (ret = wc_AesGcmSetKey(&enc, key, sizeof(key)) != 0) { - // failed to set aes key + // aes keyã®è¨­å®šã«å¤±æ•— } \endcode + \sa wc_AesGcmEncrypt \sa wc_AesGcmDecrypt */ @@ -260,34 +284,40 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã«æ ¼ç´ã•れã¦ã„る平文メッセージを暗å·åŒ–ã—çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«å‡ºåŠ›ã—ã¾ã™ã€‚ - æš—å·åŒ–ã™ã‚‹å‘¼ã³å‡ºã—ã”ã¨ã«æ–°ã—ã„iv(åˆæœŸåŒ–ベクトル)ãŒå¿…è¦ã§ã™ã€‚ã¾ãŸã€å…¥åŠ›èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã€authInã€authTagã¸ã®å…¥åŠ›èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’エンコードã—ã¾ã™ã€‚ - \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ã¾ã—㟠- \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ãƒãƒƒãƒ•ァサイズã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡inã®ã‚µã‚¤ã‚º(sz)ã¨åŒã˜ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã—ã¦ã„る入力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。パディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param sz æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param iv åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ivSz åˆæœŸåŒ–ベクトルã®é•·ã• - \param authTag èªè¨¼ã‚¿ã‚°ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param authTagSz 希望ã®èªè¨¼ã‚¿ã‚°ã®é•·ã• - \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã«ä¿æŒã•れã¦ã„る入力メッセージを暗å·åŒ–ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·åŒ–ã®å‘¼ã³å‡ºã—ã”ã¨ã«æ–°ã—ã„ivï¼ˆåˆæœŸåŒ–ベクトル)ãŒå¿…è¦ã§ã™ã€‚ã¾ãŸã€å…¥åŠ›èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«authInã‚’èªè¨¼ã‚¿ã‚°authTagã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯inã®ã‚µã‚¤ã‚ºï¼ˆsz)ã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param sz æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + \param iv åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ivSz åˆæœŸåŒ–ベクトルã®é•·ã• + \param authTag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authTagSz 希望ã™ã‚‹èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authInSz 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®é•·ã• + _Example_ \code Aes enc; - // initialize aes structure by calling wc_AesGcmSetKey - - byte plain[AES_BLOCK_LENGTH * n]; //n being a positive integer - making plain some multiple of 16 bytes - // initialize plain with msg to encrypt + // wc_AesInit()ã¨wc_AesGcmSetKeyを呼ã³å‡ºã—ã¦Aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + + byte plain[AES_BLOCK_LENGTH * n]; // nã¯æ­£ã®æ•´æ•°ã§ + plainã‚’16ãƒã‚¤ãƒˆã®å€æ•°ã«ã™ã‚‹ + // plainã‚’æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– byte cipher[sizeof(plain)]; - byte iv[] = // some 16 byte iv + byte iv[] = // 16ãƒã‚¤ãƒˆã®iv byte authTag[AUTH_TAG_LENGTH]; - byte authIn[] = // Authentication Vector + byte authIn[] = // èªè¨¼ãƒ™ã‚¯ãƒˆãƒ« wc_AesGcmEncrypt(&enc, cipher, plain, sizeof(cipher), iv, sizeof(iv), - authTag, sizeof(authTag), authIn, sizeof(authIn)); + authTag, sizeof(authTag), authIn, sizeof(authIn)); \endcode + \sa wc_AesGcmSetKey \sa wc_AesGcmDecrypt */ @@ -299,35 +329,42 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã§ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’復å·ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ - ã¾ãŸã€æŒ‡å®šã•れãŸèªè¨¼ã‚¿ã‚°ã€authTagã«å¯¾ã—ã¦ã€å…¥åŠ›èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã€authInã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ - \return 0 入力メッセージã®å¾©å·ã«æˆåŠŸã—ã¾ã—㟠- \return AES_GCM_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ«ã¨ä¸€è‡´ã—ãªã„å ´åˆã€authtag。 - \param aes データã®å¾©å·ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out メッセージテキストをä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚サイズã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡inã®ã‚µã‚¤ã‚º(sz)ã¨åŒã˜ã§ãªã‘れã°ãªã‚‰ãªã„。 - \param in æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚サイズã¯AES_BLOCK_SIZEã®å€æ•°ã§ãªã‘れã°ãªã‚‰ãªã„。 - \param sz 復å·ã™ã‚‹æš—å·ãƒ†ã‚­ã‚¹ãƒˆã®é•·ã• - \param iv åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ivSz åˆæœŸåŒ–ベクトルã®é•·ã• - \param authTag èªè¨¼ã‚¿ã‚°ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param authTagSz 希望ã®èªè¨¼ã‚¿ã‚°ã®é•·ã• - \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - _Example_ - \code - Aes enc; //can use the same struct as was passed to wc_AesGcmEncrypt - // initialize aes structure by calling wc_AesGcmSetKey if not already done - - byte cipher[AES_BLOCK_LENGTH * n]; //n being a positive integer - making cipher some multiple of 16 bytes - // initialize cipher with cipher text to decrypt + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã«ä¿æŒã•れã¦ã„ã‚‹å…¥åŠ›æš—å·æ–‡ã‚’復å·ã—ã€çµæžœã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ†ã‚­ã‚¹ãƒˆã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å…¥åŠ›èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«authInã‚’ã€æä¾›ã•れãŸèªè¨¼ã‚¿ã‚°authTagã¨ç…§åˆã—ã¦ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ゼロ以外ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れãŸå ´åˆã€å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã¯æœªå®šç¾©ã§ã™ã€‚ãŸã ã—ã€å‘¼ã³å‡ºã—å…ƒã¯å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æ¼æ´©ã‚’防ããŸã‚ã«ã€ç„¡æ¡ä»¶ã«å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロ化ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 入力メッセージã®å¾©å·ã¨èªè¨¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return AES_GCM_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ«authTagã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out メッセージテキストを格ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯inã®ã‚µã‚¤ã‚ºï¼ˆsz)ã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param in 復å·ã™ã‚‹æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + サイズã¯AES_BLOCK_LENGTHã®å€æ•°ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€å¿…è¦ã«å¿œã˜ã¦ãƒ‘ディングã•れã¾ã™ + \param sz 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + \param iv åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ivSz åˆæœŸåŒ–ベクトルã®é•·ã• + \param authTag èªè¨¼ã‚¿ã‚°ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authTagSz 希望ã™ã‚‹èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authInSz 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®é•·ã• + + _Example_ + \code + Aes enc; // wc_AesGcmEncryptã«æ¸¡ã•れãŸã‚‚ã®ã¨åŒã˜æ§‹é€ ä½“を使用å¯èƒ½ + // ã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã¯ã€wc_AesInitã¨wc_AesGcmSetKeyを呼ã³å‡ºã—㦠+ // aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + + byte cipher[AES_BLOCK_LENGTH * n]; // nã¯æ­£ã®æ•´æ•°ã§ + cipherã‚’16ãƒã‚¤ãƒˆã®å€æ•°ã«ã™ã‚‹ + // cipherを復å·ã™ã‚‹æš—å·æ–‡ã§åˆæœŸåŒ– byte output[sizeof(cipher)]; - byte iv[] = // some 16 byte iv + byte iv[] = // 16ãƒã‚¤ãƒˆã®iv byte authTag[AUTH_TAG_LENGTH]; - byte authIn[] = // Authentication Vector + byte authIn[] = // èªè¨¼ãƒ™ã‚¯ãƒˆãƒ« wc_AesGcmDecrypt(&enc, output, cipher, sizeof(cipher), iv, sizeof(iv), - authTag, sizeof(authTag), authIn, sizeof(authIn)); + authTag, sizeof(authTag), authIn, sizeof(authIn)); \endcode + \sa wc_AesGcmSetKey \sa wc_AesGcmEncrypt */ @@ -339,46 +376,59 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€GAROISメッセージèªè¨¼ã«ä½¿ç”¨ã•れるGmac構造体ã®éµã‚’åˆæœŸåŒ–ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - \return 0 éµã®è¨­å®šã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG 引数keyã®é•·ã•ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \param gmac èªè¨¼ã«ä½¿ç”¨ã•れるGmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key èªè¨¼ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \brief ã“ã®é–¢æ•°ã¯ã€Galoisメッセージèªè¨¼ã«ä½¿ç”¨ã•れるGMACオブジェクトã®ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ãŠã‚ˆã³è¨­å®šã—ã¾ã™ã€‚ + + \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG キーã®é•·ã•ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param gmac èªè¨¼ã«ä½¿ç”¨ã•れるgmacオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key èªè¨¼ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param len キーã®é•·ã• + _Example_ \code Gmac gmac; - key[] = { some 16, 24, or 32 byte length key }; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + wc_AesInit(gmac.aes, HEAP_HINT, INVALID_DEVID); // devIdãŒæ›´æ–°ã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª wc_GmacSetKey(&gmac, key, sizeof(key)); \endcode + \sa wc_GmacUpdate + \sa wc_AesInit */ int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len); /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯authIn Inputã®GMACãƒãƒƒã‚·ãƒ¥ã‚’生æˆã—ã€çµæžœã‚’authTagãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ - wc_GmacUpdateを実行ã—ãŸå¾Œã€ç”Ÿæˆã•れãŸauthTagを既知ã®èªè¨¼ã‚¿ã‚°ã«æ¯”較ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ä¿¡é ¼æ€§ã‚’検証ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 GMACãƒãƒƒã‚·ãƒ¥ã®è¨ˆç®—ã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \param gmac èªè¨¼ã«ä½¿ç”¨ã•れるGmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param iv ãƒãƒƒã‚·ãƒ¥ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル - \param ivSz 使用ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトルã®ã‚µã‚¤ã‚º - \param authIn 確èªã™ã‚‹èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param authInSz èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®ã‚µã‚¤ã‚º - \param authTag GMACãƒãƒƒã‚·ãƒ¥ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€authIn入力ã®Gmacãƒãƒƒã‚·ãƒ¥ã‚’生æˆã—ã€çµæžœã‚’authTagãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚wc_GmacUpdateを実行ã—ãŸå¾Œã€ç”Ÿæˆã•れãŸauthTagを既知ã®èªè¨¼ã‚¿ã‚°ã¨æ¯”較ã—ã¦ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 Gmacãƒãƒƒã‚·ãƒ¥ã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param gmac èªè¨¼ã«ä½¿ç”¨ã•れるgmacオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv ãƒãƒƒã‚·ãƒ¥ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル + \param ivSz 使用ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトルã®ã‚µã‚¤ã‚º + \param authIn 検証ã™ã‚‹èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authInSz èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®ã‚µã‚¤ã‚º + \param authTag Gmacãƒãƒƒã‚·ãƒ¥ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authTagSz Gmacãƒãƒƒã‚·ãƒ¥ã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code Gmac gmac; - key[] = { some 16, 24, or 32 byte length key }; - iv[] = { some 16 byte length iv }; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + iv[] = { 16ãƒã‚¤ãƒˆé•·ã®iv }; + wc_AesInit(gmac.aes, HEAP_HINT, INVALID_DEVID); // devIdãŒæ›´æ–°ã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª wc_GmacSetKey(&gmac, key, sizeof(key)); - authIn[] = { some 16 byte authentication input }; - tag[AES_BLOCK_SIZE]; // will store authentication code + authIn[] = { 16ãƒã‚¤ãƒˆã®èªè¨¼å…¥åŠ› }; + tag[AES_BLOCK_SIZE]; // èªè¨¼ã‚³ãƒ¼ãƒ‰ã‚’æ ¼ç´ wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), tag, sizeof(tag)); \endcode + \sa wc_GmacSetKey + \sa wc_AesInit */ int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz, const byte* authIn, word32 authInSz, @@ -386,17 +436,23 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€CCMを使用ã—ã¦AESオブジェクトã®éµã‚’設定ã—ã¾ã™ï¼ˆCBC-MACã®ã‚«ã‚¦ãƒ³ã‚¿ï¼‰ã€‚Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å–りã€å¼•æ•°ã§ä¸Žãˆã‚‰ã‚ŒãŸkeyã§åˆæœŸåŒ–ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€CCM(Counter with CBC-MAC)を使用ã—ã¦AESオブジェクトã®ã‚­ãƒ¼ã‚’設定ã—ã¾ã™ã€‚AES構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å—ã‘å–ã‚Šã€æä¾›ã•れãŸã‚­ãƒ¼ã§åˆæœŸåŒ–ã—ã¾ã™ã€‚ + \return none - \param aes 引数keyã‚’ä¿ç®¡ã™ã‚‹ãŸã‚ã®Aes構造体 - \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + + \param aes æä¾›ã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹aes構造体 + \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param keySz æä¾›ã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚º + _Example_ \code Aes enc; - key[] = { some 16, 24, or 32 byte length key }; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; - wc_AesCcmSetKey(&aes, key, sizeof(key)); + wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID); // devIdãŒæ›´æ–°ã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª + wc_AesCcmSetKey(&enc, key, sizeof(key)); \endcode + \sa wc_AesCcmEncrypt \sa wc_AesCcmDecrypt */ @@ -404,33 +460,38 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€CCMを使用ã—ã¦ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€INã€OUTã€OUTã€OUTã‚’CCM(CBC-MACã®ã‚«ã‚¦ãƒ³ã‚¿ï¼‰ã‚’æš—å·åŒ–ã—ã¾ã™ã€‚ - ãã®å¾Œã€Authin Inputã‹ã‚‰èªè¨¼ã‚¿ã‚°ã€AuthtAgを計算ã—ã¦æ ¼ç´ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€CCM(Counter with CBC-MAC)を使用ã—ã¦ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inを出力ãƒãƒƒãƒ•ã‚¡outã«æš—å·åŒ–ã—ã¾ã™ã€‚ãã®å¾Œã€authIn入力ã‹ã‚‰èªè¨¼ã‚¿ã‚°authTagを計算ã—ã¦æ ¼ç´ã—ã¾ã™ã€‚ + \return none - \param aes ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã—ã¦ã„る入力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param nonce nonceã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆ1回ã ã‘使用ã•れã¦ã„る数) - \param nonceSz ノンスã®é•·ã• - \param authTag èªè¨¼ã‚¿ã‚°ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param authTagSz 希望ã®èªè¨¼ã‚¿ã‚°ã®é•·ã• - \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + \param nonce ナンス(1回ã®ã¿ä½¿ç”¨ã•れる数値)をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param nonceSz ナンスã®é•·ã• + \param authTag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authTagSz 希望ã™ã‚‹èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authInSz 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®é•·ã• + _Example_ \code Aes enc; - // initialize enc with wc_AesCcmSetKey + // wc_AesInitã¨wc_AesCcmSetKeyã§encã‚’åˆæœŸåŒ– - nonce[] = { initialize nonce }; - plain[] = { some plain text message }; + nonce[] = { ãƒŠãƒ³ã‚¹ã‚’åˆæœŸåŒ– }; + plain[] = { 平文メッセージ }; cipher[sizeof(plain)]; - authIn[] = { some 16 byte authentication input }; - tag[AES_BLOCK_SIZE]; // will store authentication code + authIn[] = { 16ãƒã‚¤ãƒˆã®èªè¨¼å…¥åŠ› }; + tag[AES_BLOCK_SIZE]; // èªè¨¼ã‚³ãƒ¼ãƒ‰ã‚’æ ¼ç´ wc_AesCcmEncrypt(&enc, cipher, plain, sizeof(plain), nonce, sizeof(nonce), - tag, sizeof(tag), authIn, sizeof(authIn)); + tag, sizeof(tag), authIn, sizeof(authIn)); \endcode + \sa wc_AesCcmSetKey \sa wc_AesCcmDecrypt */ @@ -442,36 +503,42 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€CCMを使用ã—ã¦ã€å…¥åŠ›æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ã€CCM(CBC-MACã®ã‚«ã‚¦ãƒ³ã‚¿ï¼‰ã‚’使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ァーã«å¾©å·ã—ã¾ã™ã€‚ãã®å¾Œã€authIn入力ã‹ã‚‰authTagを計算ã—ã¾ã™ã€‚èªè¨¼ã‚¿ã‚°ãŒç„¡åйãªå ´åˆã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロã«è¨­å®šã—ã€AES_CCM_AUTH_Eã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 入力メッセージã®å¾©å·ã«æˆåŠŸã—ã¾ã—㟠- \return AES_CCM_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ«ã¨ä¸€è‡´ã—ãªã„å ´åˆ - \param aes データã®å¾©å·ã«ä½¿ç”¨ã•れるAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·ã—ãŸãƒ†ã‚­ã‚¹ãƒˆã‚’出力ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in 復å·ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã—ã¦ã„る入力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz 入力暗å·ãƒ†ã‚­ã‚¹ãƒˆã®ã‚µã‚¤ã‚º - \param nonce nonceã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆ1回ã ã‘使用ã•れã¦ã„る数) - \param nonceSz ノンスã®é•·ã• - \param authTag èªè¨¼ã‚¿ã‚°ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param authTagSz 希望ã®èªè¨¼ã‚¿ã‚°ã®é•·ã• - \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€CCM(Counter with CBC-MAC)を使用ã—ã¦ã€å…¥åŠ›æš—å·æ–‡inを出力ãƒãƒƒãƒ•ã‚¡outã«å¾©å·ã—ã¾ã™ã€‚ãã®å¾Œã€authIn入力ã‹ã‚‰èªè¨¼ã‚¿ã‚°authTagを計算ã—ã¾ã™ã€‚ゼロ以外ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れãŸå ´åˆã€å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã¯æœªå®šç¾©ã§ã™ã€‚ãŸã ã—ã€å‘¼ã³å‡ºã—å…ƒã¯å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æ¼æ´©ã‚’防ããŸã‚ã«ã€ç„¡æ¡ä»¶ã«å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロ化ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 入力メッセージã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return AES_CCM_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ«authTagã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param aes データを暗å·åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるAESオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 復å·ã™ã‚‹å…¥åŠ›æš—å·æ–‡ã®é•·ã• + \param nonce ナンス(1回ã®ã¿ä½¿ç”¨ã•れる数値)をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param nonceSz ナンスã®é•·ã• + \param authTag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authTagSz 希望ã™ã‚‹èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param authIn 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param authInSz 入力èªè¨¼ãƒ™ã‚¯ãƒˆãƒ«ã®é•·ã• + _Example_ \code Aes dec; - // initialize dec with wc_AesCcmSetKey + // wc_AesInitã¨wc_AesCcmSetKeyã§decã‚’åˆæœŸåŒ– - nonce[] = { initialize nonce }; - cipher[] = { encrypted message }; + nonce[] = { ãƒŠãƒ³ã‚¹ã‚’åˆæœŸåŒ– }; + cipher[] = { æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ }; plain[sizeof(cipher)]; - authIn[] = { some 16 byte authentication input }; - tag[AES_BLOCK_SIZE] = { authentication tag received for verification }; + authIn[] = { 16ãƒã‚¤ãƒˆã®èªè¨¼å…¥åŠ› }; + tag[AES_BLOCK_SIZE] = { 検証ã®ãŸã‚ã«å—ä¿¡ã—ãŸèªè¨¼ã‚¿ã‚° }; int return = wc_AesCcmDecrypt(&dec, plain, cipher, sizeof(cipher), nonce, sizeof(nonce),tag, sizeof(tag), authIn, sizeof(authIn)); if(return != 0) { - // decrypt error, invalid authentication code + // 復å·ã‚¨ãƒ©ãƒ¼ã€ç„¡åйãªèªè¨¼ã‚³ãƒ¼ãƒ‰ } \endcode + \sa wc_AesCcmSetKey \sa wc_AesCcmEncrypt */ @@ -483,23 +550,104 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€AES XTSモードを使用ã™ã‚‹æš—å·åŒ–ã¾ãŸã¯å¾©å·ã§ä½¿ç”¨ã™ã‚‹éµã®è¨­å®šã«ä½¿ç”¨ã—ã¾ã™ã€‚完了ã—ãŸã‚‰ã€AESキーã§wc_AesXtsFreeを呼ã³å‡ºã™ã“ã¨ãŒãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ãªã‚Šã¾ã—ãŸã€‚ - \return 0 æˆåŠŸ - \param aes æš—å·åŒ–ã¾ãŸã¯å¾©å·å‡¦ç†ã«ä½¿ç”¨ã™ã‚‹XtsAes構造体 - \param key 補正値(Tewak)を加味ã—ãŸAESéµã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ - \param len éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚éµã‚µã‚¤ã‚ºã®2å€ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚(ã™ãªã‚ã¡ã€16ãƒã‚¤ãƒˆã®éµã®å ´åˆã¯32) - \param dir å‡¦ç†æ–¹å‘ã€AES_Encryptionã¾ãŸã¯AES_Decryptionã®ã„ãšã‚Œã‹ã‚’指定ã—ã¾ã™ã€‚ - \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLを設定ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ + + \brief ã“れã¯AES-XTSã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã™ã€‚使用ãŒå®Œäº†ã—ãŸã‚‰ã€ãƒ¦ãƒ¼ã‚¶ãŒaesキーã«å¯¾ã—ã¦wc_AesXtsFreeを呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes æš—å·åŒ–/復å·ãƒ—ロセスã®ãŸã‚ã®AESキー + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã§ã‚‚å¯ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®š + _Example_ \code XtsAes aes; - if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) + if(wc_AesXtsInit(&aes, NULL, INVALID_DEVID) != 0) + { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + if(wc_AesXtsSetKeyNoInit(&aes, key, sizeof(key), AES_ENCRYPTION) != 0) + { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsSetKey + \sa wc_AesXtsSetKeyNoInit + \sa wc_AesXtsEncrypt + \sa wc_AesXtsDecrypt + \sa wc_AesXtsFree +*/ +int wc_AesXtsInit(XtsAes* aes, void* heap, int devId); + + +/*! + \ingroup AES + + \brief ã“れã¯ã€æœ€åˆã«wc_AesXtsInit()を呼ã³å‡ºã—ãŸå¾Œã€ã‚­ãƒ¼ã‚’æ­£ã—ã„æš—å·åŒ–ã¾ãŸã¯å¾©å·ã‚¿ã‚¤ãƒ—ã«è¨­å®šã™ã‚‹ã®ã«å½¹ç«‹ã¡ã¾ã™ã€‚使用ãŒå®Œäº†ã—ãŸã‚‰ã€ãƒ¦ãƒ¼ã‚¶ãŒaesキーã«å¯¾ã—ã¦wc_AesXtsFreeを呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes æš—å·åŒ–/復å·ãƒ—ロセスã®ãŸã‚ã®AESキー + \param key aesキー | tweakã‚­ãƒ¼ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param len キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚キーサイズã®2å€ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + ã¤ã¾ã‚Šã€16ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã®å ´åˆã¯32ã§ã™ã€‚ + \param dir æ–¹å‘ã€AES_ENCRYPTIONã¾ãŸã¯AES_DECRYPTION + + _Example_ + \code + XtsAes aes; + + if(wc_AesXtsInit(&aes, NULL, 0) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + if(wc_AesXtsSetKeyNoInit(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) + != 0) + { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + + \sa wc_AesXtsEncrypt + \sa wc_AesXtsDecrypt + \sa wc_AesXtsFree +*/ +int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, + word32 len, int dir); + + +/*! + \ingroup AES + + \brief ã“れã¯ã€ã‚­ãƒ¼ã‚’æ­£ã—ã„æš—å·åŒ–ã¾ãŸã¯å¾©å·ã‚¿ã‚¤ãƒ—ã«è¨­å®šã™ã‚‹ã®ã«å½¹ç«‹ã¡ã¾ã™ã€‚使用ãŒå®Œäº†ã—ãŸã‚‰ã€ãƒ¦ãƒ¼ã‚¶ãŒaesキーã«å¯¾ã—ã¦wc_AesXtsFreeを呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes æš—å·åŒ–/復å·ãƒ—ロセスã®ãŸã‚ã®AESキー + \param key aesキー | tweakã‚­ãƒ¼ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param len キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚キーサイズã®2å€ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + ã¤ã¾ã‚Šã€16ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã®å ´åˆã¯32ã§ã™ã€‚ + \param dir æ–¹å‘ã€AES_ENCRYPTIONã¾ãŸã¯AES_DECRYPTION + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã§ã‚‚å¯ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®š + + _Example_ + \code + XtsAes aes; + + if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, INVALID_DEVID) != 0) + { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesXtsFree(&aes); + \endcode + + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsEncrypt \sa wc_AesXtsDecrypt \sa wc_AesXtsFree @@ -509,12 +657,17 @@ /*! \ingroup AES - \brief wc_AesXtsEncryptã¨åŒã˜å‡¦ç†ã‚’行ã„ã¾ã™ãŒã€ãƒã‚¤ãƒˆé…列ã®ä»£ã‚りã«Tweak値ã¨ã—ã¦word64型を使用ã—ã¾ã™ã€‚本関数ã§word64ã‚’ãƒã‚¤ãƒˆé…列ã«å¤‰æ›ã—ã€wc_AesXtsEncryptを呼ã³å‡ºã—ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹XtsAes構造体 - \param out æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ - \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒãƒƒãƒ•ã‚¡ - \param sz ãƒãƒƒãƒ•ァ(in, out両方)ã®ã‚µã‚¤ã‚º + + \brief wc_AesXtsEncryptã¨åŒã˜ãƒ—ロセスã§ã™ãŒã€ãƒã‚¤ãƒˆé…列ã®ä»£ã‚りã«word64型をtweak値ã¨ã—ã¦ä½¿ç”¨ã—ã¾ã™ã€‚ã“れã¯word64ã‚’ãƒã‚¤ãƒˆé…列ã«å¤‰æ›ã—ã€wc_AesXtsEncryptを呼ã³å‡ºã™ã ã‘ã§ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›å¹³æ–‡ãƒãƒƒãƒ•ã‚¡ + \param sz outã¨inãƒãƒƒãƒ•ã‚¡ã®ä¸¡æ–¹ã®ã‚µã‚¤ã‚º + \param sector tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + _Example_ \code XtsAes aes; @@ -522,16 +675,18 @@ unsigned char cipher[SIZE]; word64 s = VALUE; - //set up keys with AES_ENCRYPTION as dir - + // AES_ENCRYPTIONã‚’dirã¨ã—ã¦ã‚­ãƒ¼ã‚’設定 if(wc_AesXtsEncryptSector(&aes, cipher, plain, SIZE, s) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + \sa wc_AesXtsEncrypt \sa wc_AesXtsDecrypt + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsSetKey \sa wc_AesXtsFree */ @@ -540,12 +695,17 @@ /*! \ingroup AES - \brief wc_AesXtsDecryptã¨åŒã˜å‡¦ç†ã‚’行ã„ã¾ã™ãŒã€ãƒã‚¤ãƒˆé…列ã®ä»£ã‚りã«Tweak値ã¨ã—ã¦word64タイプを使用ã—ã¾ã™ã€‚本関数ã§word64ã‚’ãƒã‚¤ãƒˆé…列ã«å¤‰æ›ã™ã‚‹ã ã‘ã§ã™ã€‚ - \return 0 æˆåŠŸ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹XtsAes構造体 - \param out ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ - \param in 復å·ã™ã‚‹æš—å·ãƒ†ã‚­ã‚¹ãƒˆãƒãƒƒãƒ•ã‚¡ - \param sz ãƒãƒƒãƒ•ァ(in, out両方)ã®ã‚µã‚¤ã‚º + + \brief wc_AesXtsDecryptã¨åŒã˜ãƒ—ロセスã§ã™ãŒã€ãƒã‚¤ãƒˆé…列ã®ä»£ã‚りã«word64型をtweak値ã¨ã—ã¦ä½¿ç”¨ã—ã¾ã™ã€‚ã“れã¯word64ã‚’ãƒã‚¤ãƒˆé…列ã«å¤‰æ›ã™ã‚‹ã ã‘ã§ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out å¹³æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param in 復å·ã™ã‚‹å…¥åŠ›æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ + \param sz outã¨inãƒãƒƒãƒ•ã‚¡ã®ä¸¡æ–¹ã®ã‚µã‚¤ã‚º + \param sector tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + _Example_ \code XtsAes aes; @@ -553,16 +713,19 @@ unsigned char cipher[SIZE]; word64 s = VALUE; - //set up aes key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION + // AES_DECRYPTIONã‚’dirã¨ã—ã¦aesキーを設定ã—ã€tweakã¯AES_ENCRYPTIONã§è¨­å®š if(wc_AesXtsDecryptSector(&aes, plain, cipher, SIZE, s) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + \sa wc_AesXtsEncrypt \sa wc_AesXtsDecrypt + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsSetKey \sa wc_AesXtsFree */ @@ -571,13 +734,18 @@ /*! \ingroup AES - \brief AES XTSãƒ¢ãƒ¼ãƒ‰ã§æš—å·åŒ–ã—ã¾ã™ã€‚(XTS)XEXæš—å·åŒ–ã¨å¹³æ–‡ãŒãƒ–ロック長ã®å€æ•°ã§ãªã„å ´åˆã®å‡¦ç†(Ciphertext Stealing)を行ã„ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹XtsAes構造体 - \param out æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ - \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ - \param sz ãƒãƒƒãƒ•ァ(in, out両方)ã®ã‚µã‚¤ã‚º - \param i Tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + + \brief XTSモードã®AES。(XTS)Tweakã¨Cipher Text Stealingを使用ã—ãŸXEXæš—å·åŒ–。 + + \return 0 æˆåŠŸ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›å¹³æ–‡ãƒãƒƒãƒ•ã‚¡ + \param sz outã¨inãƒãƒƒãƒ•ã‚¡ã®ä¸¡æ–¹ã®ã‚µã‚¤ã‚º + \param i tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + \param iSz iãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€å¸¸ã«AES_BLOCK_SIZEã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€ã“ã®å…¥åŠ›ã‚’æŒã¤ã“ã¨ã§ã€ãƒ¦ãƒ¼ã‚¶ãŒé–¢æ•°ã‚’呼ã³å‡ºã™æ–¹æ³•ã«ã¤ã„ã¦ã®ã‚µãƒ‹ãƒ†ã‚£ãƒã‚§ãƒƒã‚¯ãŒè¿½åŠ ã•れã¾ã™ã€‚ + _Example_ \code XtsAes aes; @@ -585,15 +753,18 @@ unsigned char cipher[SIZE]; unsigned char i[AES_BLOCK_SIZE]; - //set up key with AES_ENCRYPTION as dir + // AES_ENCRYPTIONã‚’dirã¨ã—ã¦ã‚­ãƒ¼ã‚’設定 if(wc_AesXtsEncrypt(&aes, cipher, plain, SIZE, i, sizeof(i)) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + \sa wc_AesXtsDecrypt + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsSetKey \sa wc_AesXtsFree */ @@ -602,13 +773,18 @@ /*! \ingroup AES - \brief æš—å·åŒ–ã¨åŒã˜ãƒ—ロセスã§ã™ãŒã€XtsAes構造体ã¯AES_Decryptionタイプã§ã™ã€‚ - \return 0 æˆåŠŸ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹XtsAes構造体 - \param out ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ - \param in 復å·ã™ã‚‹æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ - \param sz ãƒãƒƒãƒ•ァ(in, out両方)ã®ã‚µã‚¤ã‚º - \param i Tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + + \brief æš—å·åŒ–ã¨åŒã˜ãƒ—ロセスã§ã™ãŒã€Aesキーã¯AES_DECRYPTIONタイプã§ã™ã€‚ + + \return 0 æˆåŠŸ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out å¹³æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param in 復å·ã™ã‚‹å…¥åŠ›æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ + \param sz outã¨inãƒãƒƒãƒ•ã‚¡ã®ä¸¡æ–¹ã®ã‚µã‚¤ã‚º + \param i tweakã«ä½¿ç”¨ã™ã‚‹å€¤ + \param iSz iãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€å¸¸ã«AES_BLOCK_SIZEã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€ã“ã®å…¥åŠ›ã‚’æŒã¤ã“ã¨ã§ã€ãƒ¦ãƒ¼ã‚¶ãŒé–¢æ•°ã‚’呼ã³å‡ºã™æ–¹æ³•ã«ã¤ã„ã¦ã®ã‚µãƒ‹ãƒ†ã‚£ãƒã‚§ãƒƒã‚¯ãŒè¿½åŠ ã•れã¾ã™ã€‚ + _Example_ \code XtsAes aes; @@ -616,15 +792,18 @@ unsigned char cipher[SIZE]; unsigned char i[AES_BLOCK_SIZE]; - //set up key with AES_DECRYPTION as dir and tweak with AES_ENCRYPTION + // AES_DECRYPTIONã‚’dirã¨ã—ã¦ã‚­ãƒ¼ã‚’設定ã—ã€tweakã¯AES_ENCRYPTIONã§è¨­å®š if(wc_AesXtsDecrypt(&aes, plain, cipher, SIZE, i, sizeof(i)) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + \sa wc_AesXtsEncrypt + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsSetKey \sa wc_AesXtsFree */ @@ -633,20 +812,28 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯XtsAes構造体ã§ä½¿ç”¨ã•れるã™ã¹ã¦ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸ + + \brief ã“れã¯ã€XtsAes構造体ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースを解放ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã™ + + \return 0 æˆåŠŸ + + \param aes 解放ã™ã‚‹AESキー + _Example_ \code XtsAes aes; if(wc_AesXtsSetKey(&aes, key, sizeof(key), AES_ENCRYPTION, NULL, 0) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } wc_AesXtsFree(&aes); \endcode + \sa wc_AesXtsEncrypt \sa wc_AesXtsDecrypt + \sa wc_AesXtsInit + \sa wc_AesXtsSetKeyNoInit \sa wc_AesXtsSetKey */ int wc_AesXtsFree(XtsAes* aes); @@ -654,65 +841,80 @@ /*! \ingroup AES - \brief Aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ヒープヒントを設定ã—ã€ASYNCãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã‚’使用ã™ã‚‹å ´åˆã®IDも設定ã—ã¾ã™ã€‚Aes構造体ã®ä½¿ç”¨ãŒçµ‚了ã—ãŸéš›ã«wc_AesFreeを呼ã³å‡ºã™ã®ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ä»»ã•れã¦ã„ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \param aes åˆæœŸåŒ–対象ã®Aes構造体 - \param heap å¿…è¦ã«å¿œã˜ã¦malloc / freeã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント + \brief Aesæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚使用ã™ã‚‹ãƒ’ープヒントã¨éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹IDを設定ã—ã¾ã™ã€‚使用ãŒå®Œäº†ã—ãŸã‚‰ã€ãƒ¦ãƒ¼ã‚¶ãŒAes構造体ã«å¯¾ã—ã¦wc_AesFreeを呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return 0 æˆåŠŸ + + \param aes åˆæœŸåŒ–ã™ã‚‹aes構造体 + \param heap å¿…è¦ã«å¿œã˜ã¦malloc / freeã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®š + _Example_ \code Aes enc; void* hint = NULL; - int devId = INVALID_DEVID; //if not using async INVALID_DEVID is default + int devId = INVALID_DEVID; // éžåŒæœŸã‚’使用ã—ãªã„å ´åˆã¯INVALID_DEVIDãŒãƒ‡ãƒ•ォルト - //heap hint could be set here if used + // 使用ã™ã‚‹å ´åˆã¯ã“ã“ã§ãƒ’ープヒントを設定å¯èƒ½ wc_AesInit(&enc, hint, devId); \endcode + \sa wc_AesSetKey \sa wc_AesSetIV + \sa wc_AesFree */ int wc_AesInit(Aes* aes, void* heap, int devId); /*! \ingroup AES - \brief Aes構造体ã«é–¢é€£ã¤ã‘られãŸãƒªã‚½ãƒ¼ã‚¹ã‚’å¯èƒ½ãªã‚‰è§£æ”¾ã—ã¾ã™ã€‚ - 内部的ã«ã¯ãƒŽãƒ¼ã‚ªãƒšãƒ¬ãƒ¼ã‚·ãƒ§ãƒ³ã¨ãªã‚‹ã“ã¨ã‚‚ã‚りã¾ã™ãŒã€ãƒ™ã‚¹ãƒˆãƒ—ラクティスã¨ã—ã¦ã©ã®ã‚±ãƒ¼ã‚¹ã§ã‚‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™ã“ã¨ã‚’推奨ã—ã¾ã™ã€‚ - \return 戻り値ãªã— - \param aes Freeã™ã¹ãAes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 該当ã™ã‚‹å ´åˆã€Aes構造体ã«é–¢é€£ä»˜ã‘られãŸãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚内部的ã«ã¯æ™‚々no-opã«ãªã‚‹ã“ã¨ã‚‚ã‚りã¾ã™ãŒã€æ–°ã—ã„環境ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã‚¢ãƒ—リケーションコードãŒç§»æ¤ã•れる場åˆï¼ˆå‘¼ã³å‡ºã—ãŒé©ç”¨ã•れる場åˆï¼‰ãªã©ã€ä¸€èˆ¬çš„ãªãƒ™ã‚¹ãƒˆãƒ—ラクティスã¨ã—ã¦ã™ã¹ã¦ã®ã‚±ãƒ¼ã‚¹ã§å‘¼ã³å‡ºã™ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ + \return no return(void関数) + + \param aes 解放ã™ã‚‹aes構造体 + _Example_ \code Aes enc; void* hint = NULL; - int devId = INVALID_DEVID; //if not using async INVALID_DEVID is default - //heap hint could be set here if used + int devId = INVALID_DEVID; // éžåŒæœŸã‚’使用ã—ãªã„å ´åˆã¯INVALID_DEVIDãŒãƒ‡ãƒ•ォルト + + // 使用ã™ã‚‹å ´åˆã¯ã“ã“ã§ãƒ’ープヒントを設定å¯èƒ½ + wc_AesInit(&enc, hint, devId); - // ... do some interesting things ... + // ... 興味深ã„ã“ã¨ã‚’ã„ãã¤ã‹è¡Œã† ... wc_AesFree(&enc); \endcode + \sa wc_AesInit */ -int wc_AesFree(Aes* aes); +void wc_AesFree(Aes* aes); /*! \ingroup AES - \brief AES CFBãƒ¢ãƒ¼ãƒ‰ã§æš—å·åŒ–を行ã„ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”りã¾ã™ã€‚失敗時ã«ã¯è² å€¤ãŒè¿”ã•れã¾ã™ã€‚ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹Aes構造体 - \param out æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¯ã€å°‘ãªãã¨ã‚‚入力プレーンテキストãƒãƒƒãƒ•ã‚¡ã¨åŒã˜ã‚µã‚¤ã‚ºãŒå¿…è¦ã§ã™ã€‚ - \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒãƒƒãƒ•ã‚¡ + + \brief CFBモードã®AES。 + + \return 0 æˆåŠŸã€å¤±æ•—時ã¯è² ã®ã‚¨ãƒ©ãƒ¼å€¤ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ァ(少ãªãã¨ã‚‚入力ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜å¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼‰ + \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›å¹³æ–‡ãƒãƒƒãƒ•ã‚¡ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code Aes aes; unsigned char plain[SIZE]; unsigned char cipher[SIZE]; - //set up key with AES_ENCRYPTION as dir for both encrypt and decrypt + // æš—å·åŒ–ã¨å¾©å·ã®ä¸¡æ–¹ã«AES_ENCRYPTIONã‚’dirã¨ã—ã¦ã‚­ãƒ¼ã‚’設定 if(wc_AesCfbEncrypt(&aes, cipher, plain, SIZE) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_AesCfbDecrypt \sa wc_AesSetKey */ @@ -720,24 +922,30 @@ /*! \ingroup AES - \brief AES CFBモードã§å¾©å·ã‚’行ã„ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”りã¾ã™ã€‚失敗時ã«ã¯è² å€¤ãŒè¿”ã•れã¾ã™ã€‚ - \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹Aes構造体 - \param out 復å·ã•れãŸãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¯ã€å°‘ãªãã¨ã‚‚入力ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜ã‚µã‚¤ã‚ºãŒå¿…è¦ã§ã™ã€‚ - \param in 復å·ã™ã‚‹æš—å·ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã—ãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ + + \brief CFBモードã®AES。 + + \return 0 æˆåŠŸã€å¤±æ•—時ã¯è² ã®ã‚¨ãƒ©ãƒ¼å€¤ + + \param aes ブロック暗å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹AESキー + \param out 復å·ã•れãŸãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ァ(少ãªãã¨ã‚‚入力ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜å¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼‰ + \param in 復å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code Aes aes; unsigned char plain[SIZE]; unsigned char cipher[SIZE]; - //set up key with AES_ENCRYPTION as dir for both encrypt and decrypt + // æš—å·åŒ–ã¨å¾©å·ã®ä¸¡æ–¹ã«AES_ENCRYPTIONã‚’dirã¨ã—ã¦ã‚­ãƒ¼ã‚’設定 if(wc_AesCfbDecrypt(&aes, plain, cipher, SIZE) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_AesCfbEncrypt \sa wc_AesSetKey */ @@ -745,22 +953,27 @@ /*! \ingroup AES - \brief ã“ã®é–¢æ•°ã¯ã€RFC 5297ã«è¨˜è¼‰ã•れã¦ã„るよã†ã«SIVï¼ˆåˆæˆåˆæœŸåŒ–ベクトル)暗å·åŒ–を実行ã—ã¾ã™ã€‚ - \return 0 æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆ - \return BAD_FUNC_ARG éµã€SIVã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã€‚éµã‚µã‚¤ã‚ºãŒ32,48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ - \return Other ãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key 使用ã™ã‚‹éµã‚’å«ã‚€ãƒã‚¤ãƒˆãƒãƒƒãƒ•ァ。 - \param keySz éµãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ - \param assoc 追加ã®èªè¨¼ã•れãŸé–¢é€£ãƒ‡ãƒ¼ã‚¿ï¼ˆAD)。 - \param assocSz ADãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆæ•° - \param nonce ナンス(一度ã ã‘使用ã•れる値)。ADã¨åŒã˜æ–¹æ³•ã§ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ - \param nonceSz ãƒã‚¤ãƒˆå˜ä½ã®ãƒŠãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã®ãƒãƒƒãƒ•ァ。 - \param inSz 平文ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param siv S2Vã«ã‚ˆã‚‹SIV出力(RFC 5297 2.4å‚照)。 + + \brief ã“ã®é–¢æ•°ã¯ã€RFC 5297ã§èª¬æ˜Žã•れã¦ã„ã‚‹SIVï¼ˆåˆæˆåˆæœŸåŒ–ベクトル)暗å·åŒ–を実行ã—ã¾ã™ã€‚ + + \return 0 æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG keyã€SIVã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ + \return Other AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れるãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚ + + \param key 使用ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒã‚¤ãƒˆãƒãƒƒãƒ•ァ。 + \param keySz キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param assoc 追加ã®èªè¨¼ã•れãŸé–¢é€£ãƒ‡ãƒ¼ã‚¿ï¼ˆAD)。 + \param assocSz ADãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param nonce 1回ã®ã¿ä½¿ç”¨ã•れる数値。アルゴリズムã«ã‚ˆã£ã¦ADã¨åŒã˜æ–¹æ³•ã§ä½¿ç”¨ã•れã¾ã™ã€‚ + \param nonceSz nonceãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒãƒƒãƒ•ァ。 + \param inSz 平文ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param siv S2Vã«ã‚ˆã£ã¦å‡ºåŠ›ã•れるSIV(RFC 5297 2.4ã‚’å‚照)。 + \param out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。平文ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code - byte key[] = { some 32, 48, or 64 byte key }; + byte key[] = { 32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; byte assoc[] = {0x01, 0x2, 0x3}; byte nonce[] = {0x04, 0x5, 0x6}; byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; @@ -768,9 +981,10 @@ byte cipherText[sizeof(plainText)]; if (wc_AesSivEncrypt(key, sizeof(key), assoc, sizeof(assoc), nonce, sizeof(nonce), plainText, sizeof(plainText), siv, cipherText) != 0) { - // failed to encrypt + // æš—å·åŒ–ã«å¤±æ•— } \endcode + \sa wc_AesSivDecrypt */ @@ -781,36 +995,767 @@ /*! \ingroup AES - \brief ã“ã®æ©Ÿèƒ½ã¯ã€RFC 5297ã«è¨˜è¼‰ã•れã¦ã„るよã†ã«SIVï¼ˆåˆæˆåˆæœŸåŒ–ベクトル)復å·ã‚’実行ã—ã¾ã™ - \return 0 復å·ã«æˆåŠŸã—ãŸå ´åˆ - \return BAD_FUNC_ARG éµã€SIVã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã€‚キーサイズãŒ32,48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ - \return AES_SIV_AUTH_E S2Vã«ã‚ˆã£ã¦æ´¾ç”Ÿã—ãŸSIVãŒå…¥åŠ›SIVã¨ä¸€è‡´ã—ãªã„å ´åˆï¼ˆRFC 5297 2.7ã‚’å‚照)。 - \return Other ãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key 使用ã™ã‚‹éµã‚’å«ã‚€ãƒã‚¤ãƒˆãƒãƒƒãƒ•ァ。 - \param keySz éµãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ - \param assoc 追加ã®èªè¨¼ã•れãŸé–¢é€£ãƒ‡ãƒ¼ã‚¿ï¼ˆAD)。 - \param assocSz ADãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆæ•° - \param nonce ナンス(一度ã ã‘使用ã•れる値)。ADã¨åŒã˜æ–¹æ³•ã§ã€åŸºç¤Žã¨ãªã‚‹ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ - \param nonceSz ãƒã‚¤ãƒˆå˜ä½ã®ãƒŠãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param in 復å·ã™ã‚‹æš—å·æ–‡ãƒãƒƒãƒ•ァ。 - \param inSz æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param siv æš—å·æ–‡ã«ä»˜éšã™ã‚‹SIV(RFC 5297 2.4ã‚’å‚照)。 + \brief ã“ã®é–¢æ•°ã¯ã€RFC 5297ã§èª¬æ˜Žã•れã¦ã„ã‚‹SIVï¼ˆåˆæˆåˆæœŸåŒ–ベクトル)復å·ã‚’実行ã—ã¾ã™ã€‚ゼロ以外ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れãŸå ´åˆã€å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã¯æœªå®šç¾©ã§ã™ã€‚ãŸã ã—ã€å‘¼ã³å‡ºã—å…ƒã¯å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æ¼æ´©ã‚’防ããŸã‚ã«ã€ç„¡æ¡ä»¶ã«å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロ化ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 復å·ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG keyã€SIVã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ + \return AES_SIV_AUTH_E S2Vã«ã‚ˆã£ã¦å°Žå‡ºã•れãŸSIVãŒå…¥åŠ›SIVã¨ä¸€è‡´ã—ãªã„å ´åˆï¼ˆRFC 5297 2.7ã‚’å‚照)。 + \return Other AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れるãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚ + + \param key 使用ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒã‚¤ãƒˆãƒãƒƒãƒ•ァ。 + \param keySz キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param assoc 追加ã®èªè¨¼ã•れãŸé–¢é€£ãƒ‡ãƒ¼ã‚¿ï¼ˆAD)。 + \param assocSz ADãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param nonce 1回ã®ã¿ä½¿ç”¨ã•れる数値。基盤ã¨ãªã‚‹ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«ã‚ˆã£ã¦ADã¨åŒã˜æ–¹æ³•ã§ä½¿ç”¨ã•れã¾ã™ã€‚ + \param nonceSz nonceãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param in 復å·ã™ã‚‹æš—å·æ–‡ãƒãƒƒãƒ•ァ。 + \param inSz æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param siv æš—å·æ–‡ã«ä»˜éšã™ã‚‹SIV(RFC 5297 2.4ã‚’å‚照)。 + \param out 復å·ã•れãŸå¹³æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã€‚æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code - byte key[] = { some 32, 48, or 64 byte key }; + byte key[] = { 32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; byte assoc[] = {0x01, 0x2, 0x3}; byte nonce[] = {0x04, 0x5, 0x6}; byte cipherText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte siv[AES_BLOCK_SIZE] = { the SIV that came with the ciphertext }; + byte siv[AES_BLOCK_SIZE] = { æš—å·æ–‡ã«ä»˜å±žã—ã¦ã„ãŸSIV }; byte plainText[sizeof(cipherText)]; if (wc_AesSivDecrypt(key, sizeof(key), assoc, sizeof(assoc), nonce, sizeof(nonce), cipherText, sizeof(cipherText), siv, plainText) != 0) { - // failed to decrypt + // 復å·ã«å¤±æ•— } \endcode + \sa wc_AesSivEncrypt */ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); + + + + + + + +/*! + \ingroup AES + + \brief ã“ã®é–¢æ•°ã¯ã€ã€ŒEAX: A Conventional Authenticated-Encryption Modeã€ï¼ˆhttps://eprint.iacr.org/2003/069)ã§èª¬æ˜Žã•れã¦ã„ã‚‹AES EAXæš—å·åŒ–ã¨èªè¨¼ã‚’実行ã—ã¾ã™ã€‚ã“れã¯ã€ã™ã¹ã¦ã®æš—å·åŒ–ã¨èªè¨¼æ“作を1ã¤ã®é–¢æ•°å‘¼ã³å‡ºã—ã§å®Ÿè¡Œã™ã‚‹ã€Œãƒ¯ãƒ³ã‚·ãƒ§ãƒƒãƒˆã€APIã§ã™ã€‚ + + \return 0 æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒæœ‰åйãªAESキーサイズ(16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆï¼‰ã§ãªã„å ´åˆã«ã‚‚è¿”ã•れã¾ã™ + \return other AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れるãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚ + + \param [in] key 使用ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ + \param [in] keySz キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [out] out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。平文ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param [in] in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒãƒƒãƒ•ã‚¡ + \param [in] inSz 平文ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param [in] nonce EAXæ“作ã«ä½¿ç”¨ã™ã‚‹æš—å·ãƒŠãƒ³ã‚¹ + \param [in] nonceSz nonceãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [out] authTag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param [in] authTagSz 希望ã™ã‚‹èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param [in] authIn èªè¨¼ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param [in] authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®é•·ã• + + _Example_ + \code + byte key[] = { 32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + byte nonce[] = {0x04, 0x5, 0x6}; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte authIn[] = {0x01, 0x2, 0x3}; + + byte cipherText[sizeof(plainText)]; // å‡ºåŠ›æš—å·æ–‡ + byte authTag[length, up to AES_BLOCK_SIZE]; // 出力authTag + + if (wc_AesEaxEncrypt(key, sizeof(key), + cipherText, plainText, sizeof(plainText), + nonce, sizeof(nonce), + authTag, sizeof(authTag), + authIn, sizeof(authIn)) != 0) { + // æš—å·åŒ–ã«å¤±æ•— + } + + \endcode + + \sa wc_AesEaxDecryptAuth + +*/ +WOLFSSL_API int wc_AesEaxEncryptAuth(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + /* 計算ã•れãŸèªè¨¼ã‚¿ã‚°ã®å‡ºåŠ› */ + byte* authTag, word32 authTagSz, + /* èªè¨¼ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ */ + const byte* authIn, word32 authInSz); +/*! + \ingroup AES + + \brief ã“ã®é–¢æ•°ã¯ã€ã€ŒEAX: A Conventional Authenticated-Encryption Modeã€ï¼ˆhttps://eprint.iacr.org/2003/069)ã§èª¬æ˜Žã•れã¦ã„ã‚‹AES EAX復å·ã¨èªè¨¼ã‚’実行ã—ã¾ã™ã€‚ã“れã¯ã€ã™ã¹ã¦ã®å¾©å·ã¨èªè¨¼æ“作を1ã¤ã®é–¢æ•°å‘¼ã³å‡ºã—ã§å®Ÿè¡Œã™ã‚‹ã€Œãƒ¯ãƒ³ã‚·ãƒ§ãƒƒãƒˆã€APIã§ã™ã€‚ゼロ以外ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れãŸå ´åˆã€å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã¯æœªå®šç¾©ã§ã™ã€‚ãŸã ã—ã€å‘¼ã³å‡ºã—å…ƒã¯å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æ¼æ´©ã‚’防ããŸã‚ã«ã€ç„¡æ¡ä»¶ã«å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロ化ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 復å·ã«æˆåŠŸã—ãŸå ´åˆ + \return BAD_FUNC_ARG 入力ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒæœ‰åйãªAESキーサイズ(16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆï¼‰ã§ãªã„å ´åˆã«ã‚‚è¿”ã•れã¾ã™ + \return AES_EAX_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ« \c authTag ã¨ä¸€è‡´ã—ãªã„å ´åˆ + \return other AESã¾ãŸã¯CMACæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れるãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã€‚ + + \param [in] key 使用ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒã‚¤ãƒˆãƒãƒƒãƒ•ã‚¡ + \param [in] keySz キーãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [out] out å¹³æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã€‚å…¥åŠ›æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ã¨åŒã˜é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param [in] in 復å·ã™ã‚‹æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ + \param [in] inSz æš—å·æ–‡ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param [in] nonce EAXæ“作ã«ä½¿ç”¨ã™ã‚‹æš—å·ãƒŠãƒ³ã‚¹ + \param [in] nonceSz nonceãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [in] authTag データã®çœŸæ­£æ€§ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã«ç…§åˆã™ã‚‹èªè¨¼ã‚¿ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param [in] authTagSz 入力èªè¨¼ã‚¿ã‚°ã®é•·ã• + \param [in] authIn èªè¨¼ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param [in] authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®é•·ã• + + _Example_ + \code + byte key[] = { 32ã€48ã€ã¾ãŸã¯64ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + byte nonce[] = {0x04, 0x5, 0x6}; + byte cipherText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte authIn[] = {0x01, 0x2, 0x3}; + + byte plainText[sizeof(cipherText)]; // 出力平文 + byte authTag[length, up to AES_BLOCK_SIZE]; // 出力authTag + + if (wc_AesEaxDecrypt(key, sizeof(key), + cipherText, plainText, sizeof(plainText), + nonce, sizeof(nonce), + authTag, sizeof(authTag), + authIn, sizeof(authIn)) != 0) { + // æš—å·åŒ–ã«å¤±æ•— + } + + \endcode + + \sa wc_AesEaxEncryptAuth + +*/ +WOLFSSL_API int wc_AesEaxDecryptAuth(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* nonce, word32 nonceSz, + /* 検証ã™ã‚‹èªè¨¼ã‚¿ã‚° */ + const byte* authTag, word32 authTagSz, + /* èªè¨¼ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ */ + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€èªè¨¼ä»˜ãæš—å·åŒ–ã¾ãŸã¯å¾©å·ã§ä½¿ç”¨ã™ã‚‹AesEaxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€AES EAX増分APIã®ã„ãšã‚Œã‹ã¨ä½¿ç”¨ã™ã‚‹å‰ã«ã€AesEaxオブジェクトã«å¯¾ã—ã¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ワンショットEAX API関数を使用ã™ã‚‹å ´åˆã¯å‘¼ã³å‡ºã™å¿…è¦ã¯ã‚りã¾ã›ã‚“。ã“ã®é–¢æ•°ã§åˆæœŸåŒ–ã•れãŸã™ã¹ã¦ã®AesEaxインスタンスã¯ã€ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã®ä½¿ç”¨ãŒå®Œäº†ã—ãŸã‚‰wc_AesEaxFree()ã®å‘¼ã³å‡ºã—ã§è§£æ”¾ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸã—ãŸå ´åˆ + \return error code 失敗ã—ãŸå ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param key æš—å·åŒ–ã¨å¾©å·ã®ãŸã‚ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param keySz æä¾›ã•れãŸã‚­ãƒ¼ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param nonce EAXæ“作ã«ä½¿ç”¨ã™ã‚‹æš—å·ãƒŠãƒ³ã‚¹ + \param nonceSz nonceãƒãƒƒãƒ•ã‚¡ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param authIn (オプション)èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + 使用ã—ãªã„å ´åˆã€ã“ã®å¼•æ•°ã¯NULLã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + plainText[] = {æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ‡ãƒ¼ã‚¿}; + + cipherText[sizeof(plainText)]; // cipherTextã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + authTag[length, up to AES_BLOCK_SIZE]; // 計算ã•れãŸèªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + + AesEax eax; + + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + authIn, authInSz)) != 0) { + goto cleanup; + } + + // ã•らã«èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã„å ´åˆã¯ã€ã“ã®æ™‚ç‚¹ã§æä¾›ã§ãã¾ã™ + // ãã†ã§ãªã„å ´åˆã¯ã€authInパラメータã«NULLを使用ã—ã€authInサイズã¯0ã§ã™ + if ((ret = wc_AesEaxEncryptUpdate(eax, + cipherText, plainText, sizeof(plainText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxEncryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxDecryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxInit(AesEax* eax, + const byte* key, word32 keySz, + const byte* nonce, word32 nonceSz, + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES EAXを使用ã—ã¦å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’æš—å·åŒ–ã—ã€ã‚ªãƒ—ションã§èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«ã•らã«å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’è¿½åŠ ã—ã¾ã™ã€‚\c eax ã¯ã€\ref wc_AesEaxInit ã®å‘¼ã³å‡ºã—ã§äº‹å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸã—ãŸå ´åˆ + \return error code 失敗ã—ãŸå ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param [in] eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param [out] out æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param [in] in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ + \param [in] inSz 入力データãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [in] authIn (オプション)èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + 使用ã—ãªã„å ´åˆã€ã“ã®å¼•æ•°ã¯NULLã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param [in] authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + plainText[] = {æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ‡ãƒ¼ã‚¿}; + + cipherText[sizeof(plainText)]; // cipherTextã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + authTag[length, up to AES_BLOCK_SIZE]; // 計算ã•れãŸèªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + + AesEax eax; + + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + authIn, authInSz)) != 0) { + goto cleanup; + } + + // ã•らã«èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã„å ´åˆã¯ã€ã“ã®æ™‚ç‚¹ã§æä¾›ã§ãã¾ã™ + // ãã†ã§ãªã„å ´åˆã¯ã€authInパラメータã«NULLを使用ã—ã€authInSzã¯0ã§ã™ + if ((ret = wc_AesEaxEncryptUpdate(eax, + cipherText, plainText, sizeof(plainText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxEncryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxDecryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxEncryptUpdate(AesEax* eax, byte* out, + const byte* in, word32 inSz, + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES EAXを使用ã—ã¦å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’å¾©å·ã—ã€ã‚ªãƒ—ションã§èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«ã•らã«å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’è¿½åŠ ã—ã¾ã™ã€‚\c eax ã¯ã€\ref wc_AesEaxInit ã®å‘¼ã³å‡ºã—ã§äº‹å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸã—ãŸå ´åˆ + \return error code 失敗ã—ãŸå ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param [in] eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param [out] out 復å·ã•れãŸå¹³æ–‡ã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param [in] in æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ + \param [in] inSz 入力データãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param [in] authIn (オプション)èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + 使用ã—ãªã„å ´åˆã€ã“ã®å¼•æ•°ã¯NULLã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param [in] authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + cipherText[] = {æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿}; + + plainText[sizeof(cipherText)]; // 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + // èªè¨¼ã‚¿ã‚°ã¯ã€æš—å·åŒ–AEADæ“作ã«ã‚ˆã£ã¦åˆ¥ã®å ´æ‰€ã§ç”Ÿæˆã•れã¾ã™ + authTag[length, up to AES_BLOCK_SIZE] = { èªè¨¼ã‚¿ã‚° }; + + AesEax eax; + + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + authIn, authInSz)) != 0) { + goto cleanup; + } + + // ã•らã«èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã„å ´åˆã¯ã€ã“ã®æ™‚ç‚¹ã§æä¾›ã§ãã¾ã™ + // ãã†ã§ãªã„å ´åˆã¯ã€authInパラメータã«NULLを使用ã—ã€authInSzã¯0ã§ã™ + if ((ret = wc_AesEaxDecryptUpdate(eax, + plainText, cipherText, sizeof(cipherText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxDecryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxDecryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxDecryptUpdate(AesEax* eax, byte* out, + const byte* in, word32 inSz, + const byte* authIn, word32 authInSz); +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’è¿½åŠ ã—ã¾ã™ã€‚\c eax ã¯ã€\ref wc_AesEaxInit ã®å‘¼ã³å‡ºã—ã§äº‹å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸã—ãŸå ´åˆ + \return error code 失敗ã—ãŸå ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param authIn èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + \param authInSz 入力èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + cipherText[] = {æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿}; + + plainText[sizeof(cipherText)]; // 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + // èªè¨¼ã‚¿ã‚°ã¯ã€æš—å·åŒ–AEADæ“作ã«ã‚ˆã£ã¦åˆ¥ã®å ´æ‰€ã§ç”Ÿæˆã•れã¾ã™ + authTag[length, up to AES_BLOCK_SIZE] = { èªè¨¼ã‚¿ã‚° }; + + AesEax eax; + + // ã“ã“ã§ã¯è¿½åŠ ã™ã‚‹èªè¨¼ãƒ‡ãƒ¼ã‚¿ãªã— + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + NULL, 0)) != 0) { + goto cleanup; + } + + // ã“ã“ã§ã¯è¿½åŠ ã™ã‚‹èªè¨¼ãƒ‡ãƒ¼ã‚¿ãªã—ã€å¾Œã§wc_AesEaxAuthDataUpdateã§è¿½åŠ  + if ((ret = wc_AesEaxDecryptUpdate(eax, + plainText, cipherText, sizeof(cipherText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxAuthDataUpdate(eax, authIn, sizeof(authIn))) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxDecryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxDecryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxAuthDataUpdate(AesEax* eax, + const byte* authIn, word32 authInSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€æš—å·åŒ–AEADæ“作を完了ã—ã€ç¾åœ¨ã®èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«å¯¾ã—ã¦èªè¨¼ã‚¿ã‚°ã‚’生æˆã—ã¾ã™ã€‚\c eax ã¯ã€\ref wc_AesEaxInit ã®å‘¼ã³å‡ºã—ã§äº‹å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚\c AesEax コンテキスト構造体ã®ä½¿ç”¨ãŒå®Œäº†ã—ãŸã‚‰ã€\ref wc_AesEaxFree を使用ã—ã¦å¿…ãšè§£æ”¾ã—ã¦ãã ã•ã„。 + + \return 0 æˆåŠŸã—ãŸå ´åˆ + \return error code 失敗ã—ãŸå ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param authTag[out] 計算ã•れãŸèªè¨¼ã‚¿ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param authTagSz \c authTag ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + plainText[] = {æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ‡ãƒ¼ã‚¿}; + cipherText[sizeof(plainText)]; // cipherTextã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + authTag[length, up to AES_BLOCK_SIZE]; // 計算ã•れãŸèªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + + AesEax eax; + + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + authIn, authInSz)) != 0) { + goto cleanup; + } + + // ã•らã«èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã„å ´åˆã¯ã€ã“ã®æ™‚ç‚¹ã§æä¾›ã§ãã¾ã™ + // ãã†ã§ãªã„å ´åˆã¯ã€authInパラメータã«NULLを使用ã—ã€authInSzã¯0ã§ã™ + if ((ret = wc_AesEaxEncryptUpdate(eax, + cipherText, plainText, sizeof(plainText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxEncryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxDecryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxEncryptFinal(AesEax* eax, + byte* authTag, word32 authTagSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€å¾©å·AEADæ“作を完了ã—ã€èªè¨¼ã‚¿ã‚°ã®è¨ˆç®—を完了ã—ã¦ã€ãƒ¦ãƒ¼ã‚¶ãŒæä¾›ã—ãŸã‚¿ã‚°ã«å¯¾ã—ã¦ãã®æœ‰åŠ¹æ€§ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚\c eax ã¯ã€\ref wc_AesEaxInit ã®å‘¼ã³å‡ºã—ã§äº‹å‰ã«åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚\c AesEax コンテキスト構造体ã®ä½¿ç”¨ãŒå®Œäº†ã—ãŸã‚‰ã€\ref wc_AesEaxFree を使用ã—ã¦å¿…ãšè§£æ”¾ã—ã¦ãã ã•ã„。 + + \return 0 ãƒ‡ãƒ¼ã‚¿ãŒæ­£å¸¸ã«èªè¨¼ã•れãŸå ´åˆ + \return AES_EAX_AUTH_E èªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚³ãƒ¼ãƒ‰ãƒ™ã‚¯ãƒˆãƒ« \c authIn ã¨ä¸€è‡´ã—ãªã„å ´åˆ + \return other error code 失敗ã—ãŸå ´åˆã®ãã®ä»–ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \param eax AEADæ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹AES EAX構造体 + \param authIn 計算ã•れãŸèªè¨¼ã‚¿ã‚°ã¨ç…§åˆã™ã‚‹ãŸã‚ã®å…¥åŠ›èªè¨¼ã‚¿ã‚° + \param authInSz \c authIn ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + AesEax eax; + key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆé•·ã®ã‚­ãƒ¼ }; + nonce[] = { ä»»æ„ã®é•·ã•ã®nonce }; + authIn[] = { èªè¨¼ã‚¹ãƒˆãƒªãƒ¼ãƒ ã«è¿½åŠ ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; + cipherText[] = {æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿}; + + plainText[sizeof(cipherText)]; // 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + // èªè¨¼ã‚¿ã‚°ã¯ã€æš—å·åŒ–AEADæ“作ã«ã‚ˆã£ã¦åˆ¥ã®å ´æ‰€ã§ç”Ÿæˆã•れã¾ã™ + authTag[length, up to AES_BLOCK_SIZE] = { èªè¨¼ã‚¿ã‚° }; + + AesEax eax; + + if ((ret = wc_AesEaxInit(eax, + key, keySz, + nonce, nonceSz, + authIn, authInSz)) != 0) { + goto cleanup; + } + + // ã•らã«èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã„å ´åˆã¯ã€ã“ã®æ™‚ç‚¹ã§æä¾›ã§ãã¾ã™ + // ãã†ã§ãªã„å ´åˆã¯ã€authInパラメータã«NULLを使用ã—ã€authInSzã¯0ã§ã™ + if ((ret = wc_AesEaxDecryptUpdate(eax, + plainText, cipherText, sizeof(cipherText), + NULL, 0)) != 0) { + goto cleanup; + } + + if ((ret = wc_AesEaxDecryptFinal(eax, authTag, sizeof(authTag))) != 0) { + goto cleanup; + } + + cleanup: + wc_AesEaxFree(eax); + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxFree + +*/ +WOLFSSL_API int wc_AesEaxDecryptFinal(AesEax* eax, + const byte* authIn, word32 authInSz); +/*! + \ingroup AES + + \brief ã“ã®é–¢æ•°ã¯ã€AesEaxラッパー構造体内ã®Aesインスタンスã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースã€ç‰¹ã«ã‚­ãƒ¼ã‚’解放ã—ã¾ã™ã€‚wc_AesEaxInitã§åˆæœŸåŒ–ã•れãŸå¾Œã€ã™ã¹ã¦ã®å¿…è¦ãªEAXæ“作ãŒå®Œäº†ã—ãŸæ™‚点ã§AesEax構造体ã«å¯¾ã—ã¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + + \param eax 解放ã™ã‚‹AES EAXインスタンス + + _Example_ + \code + AesEax eax; + + if(wc_AesEaxInit(eax, key, keySz, nonce, nonceSz, authIn, authInSz) != 0) { + // エラーを処ç†ã—ã€ãã®å¾Œè§£æ”¾ + wc_AesEaxFree(&eax); + } + \endcode + + \sa wc_AesEaxInit + \sa wc_AesEaxEncryptUpdate + \sa wc_AesEaxDecryptUpdate + \sa wc_AesEaxAuthDataUpdate + \sa wc_AesEaxEncryptFinal + \sa wc_AesEaxDecryptFinal +*/ +WOLFSSL_API int wc_AesEaxFree(AesEax* eax); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€CTSモードを使用ã—ã¦AESæš—å·åŒ–を実行ã—ã¾ã™ã€‚ã“れã¯ã€ã™ã¹ã¦ã®æ“作を1回ã®å‘¼ã³å‡ºã—ã§å‡¦ç†ã™ã‚‹ãƒ¯ãƒ³ã‚·ãƒ§ãƒƒãƒˆAPIã§ã™ã€‚ + + \return 0 æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \return other negative error codes æš—å·åŒ–失敗ã®ãŸã‚ã®ãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + + \param [in] key æš—å·åŒ–ã«ä½¿ç”¨ã•れるAESキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keySz AESキーã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ï¼ˆ16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆï¼‰ã€‚ + \param [out] out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。少ãªãã¨ã‚‚入力ã¨åŒã˜ã‚µã‚¤ã‚ºã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in] in æš—å·åŒ–ã™ã‚‹å¹³æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inSz 平文入力データã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param [in] iv æš—å·åŒ–ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル(IV)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚16ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + _Example_ + \code + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte plaintext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + byte ciphertext[sizeof(plaintext)]; + + int ret = wc_AesCtsEncrypt(key, sizeof(key), ciphertext, plaintext, + sizeof(plaintext), iv); + if (ret != 0) { + // æš—å·åŒ–ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + \endcode + + \sa wc_AesCtsDecrypt +*/ +int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€CTSモードを使用ã—ã¦AESæš—å·åŒ–を実行ã—ã¾ã™ã€‚ã“れã¯ã€ã™ã¹ã¦ã®æ“作を1回ã®å‘¼ã³å‡ºã—ã§å‡¦ç†ã™ã‚‹ãƒ¯ãƒ³ã‚·ãƒ§ãƒƒãƒˆAPIã§ã™ã€‚ + + \return 0 æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \return other negative error codes æš—å·åŒ–失敗ã®ãŸã‚ã®ãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + + \param [in] key æš—å·åŒ–ã«ä½¿ç”¨ã•れるAESキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keySz AESキーã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ï¼ˆ16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆï¼‰ã€‚ + \param [out] out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。少ãªãã¨ã‚‚入力平文ã¨åŒã˜ã‚µã‚¤ã‚ºã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in] in æš—å·åŒ–ã™ã‚‹å¹³æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inSz 平文入力データã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param [in] iv æš—å·åŒ–ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル(IV)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚16ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ + \code + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte plaintext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + byte ciphertext[sizeof(plaintext)]; + int ret = wc_AesCtsEncrypt(key, sizeof(key), ciphertext, plaintext, + sizeof(plaintext), iv); + if (ret != 0) { + // æš—å·åŒ–ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + \endcode + \sa wc_AesCtsDecrypt +*/ +int wc_AesCtsEncrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€CTSモードを使用ã—ã¦AES復å·ã‚’実行ã—ã¾ã™ã€‚ã“れã¯ã€ã™ã¹ã¦ã®æ“作を1回ã®å‘¼ã³å‡ºã—ã§å‡¦ç†ã™ã‚‹ãƒ¯ãƒ³ã‚·ãƒ§ãƒƒãƒˆAPIã§ã™ã€‚ + \return 0 復å·ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \return other negative error codes 復å·å¤±æ•—ã®ãŸã‚ã®ãã®ä»–ã®è² ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + \param [in] key 復å·ã«ä½¿ç”¨ã•れるAESキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keySz AESキーã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ï¼ˆ16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆï¼‰ã€‚ + \param [out] out 復å·ã•れãŸå¹³æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。少ãªãã¨ã‚‚å…¥åŠ›æš—å·æ–‡ã¨åŒã˜ã‚µã‚¤ã‚ºã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in] in 復å·ã™ã‚‹æš—å·æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inSz æš—å·æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param [in] iv 復å·ã«ä½¿ç”¨ã•ã‚Œã‚‹åˆæœŸåŒ–ベクトル(IV)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚16ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ + \code + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte ciphertext[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + byte plaintext[sizeof(ciphertext)]; + int ret = wc_AesCtsDecrypt(key, sizeof(key), plaintext, ciphertext, + sizeof(ciphertext), iv); + if (ret != 0) { + // 復å·ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + \endcode + \sa wc_AesCtsEncrypt +*/ +int wc_AesCtsDecrypt(const byte* key, word32 keySz, byte* out, + const byte* in, word32 inSz, + const byte* iv); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES CTSæš—å·åŒ–ã®æ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—を実行ã—ã¾ã™ã€‚平文ã®ãƒãƒ£ãƒ³ã‚¯ã‚’処ç†ã—ã€ä¸­é–“データをä¿å­˜ã—ã¾ã™ã€‚ + \return 0 処ç†ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \param [in] aes æ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。ã“ã®æ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—ã‹ã‚‰ã®å‡ºåŠ›ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [out] outSz \c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚入力時ã«ã¯ã€\c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込むã“ã¨ãŒã§ãる最大ãƒã‚¤ãƒˆæ•°ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in] in æš—å·åŒ–ã™ã‚‹å¹³æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inSz 平文入力データã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + _Example_ + \code + Aes aes; + wc_AesInit(&aes, NULL, INVALID_DEVID); + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte plaintext[] = { ... }; + byte ciphertext[sizeof(plaintext)]; + word32 outSz = sizeof(ciphertext); + wc_AesSetKey(&aes, key, sizeof(key), iv, AES_ENCRYPTION); + int ret = wc_AesCtsEncryptUpdate(&aes, ciphertext, &outSz, plaintext, sizeof(plaintext)); + if (ret != 0) { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesFree(&aes); + \endcode + \sa wc_AesCtsDecryptUpdate +*/ +int wc_AesCtsEncryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES CTSæš—å·åŒ–æ“作を完了ã—ã¾ã™ã€‚残りã®å¹³æ–‡ã‚’処ç†ã—ã€æš—å·åŒ–を完了ã—ã¾ã™ã€‚ + \return 0 æš—å·åŒ–ã®å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \param [in] aes æ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out æœ€çµ‚çš„ãªæš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。ã“ã®æœ€çµ‚ステップã‹ã‚‰æ®‹ã‚Šã®æš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [out] outSz \c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚入力時ã«ã¯ã€\c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込むã“ã¨ãŒã§ãる最大ãƒã‚¤ãƒˆæ•°ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ + \code + Aes aes; + wc_AesInit(&aes, NULL, INVALID_DEVID); + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte plaintext[] = { ... }; + byte ciphertext[sizeof(plaintext)]; + word32 outSz = sizeof(ciphertext); + wc_AesSetKey(&aes, key, sizeof(key), iv, AES_ENCRYPTION); + // wc_AesCtsEncryptUpdateを使用ã—ã¦å¿…è¦ãªæ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—を実行 + int ret = wc_AesCtsEncryptFinal(&aes, ciphertext, &outSz); + if (ret != 0) { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesFree(&aes); + \endcode + \sa wc_AesCtsDecryptFinal +*/ +int wc_AesCtsEncryptFinal(Aes* aes, byte* out, word32* outSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES CTS復å·ã®æ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—を実行ã—ã¾ã™ã€‚æš—å·æ–‡ã®ãƒãƒ£ãƒ³ã‚¯ã‚’処ç†ã—ã€ä¸­é–“データをä¿å­˜ã—ã¾ã™ã€‚ + \return 0 処ç†ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \param [in] aes æ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 復å·ã•れãŸå¹³æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。ã“ã®æ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—ã‹ã‚‰ã®å‡ºåŠ›ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [out] outSz \c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚入力時ã«ã¯ã€\c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込むã“ã¨ãŒã§ãる最大ãƒã‚¤ãƒˆæ•°ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in] in 復å·ã™ã‚‹æš—å·æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inSz æš—å·æ–‡å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + _Example_ + \code + Aes aes; + wc_AesInit(&aes, NULL, INVALID_DEVID); + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte ciphertext[] = { ... }; + byte plaintext[sizeof(ciphertext)]; + word32 outSz = sizeof(plaintext); + wc_AesSetKey(&aes, key, sizeof(key), iv, AES_DECRYPTION); + int ret = wc_AesCtsDecryptUpdate(&aes, plaintext, &outSz, ciphertext, sizeof(ciphertext)); + if (ret != 0) { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesFree(&aes); + \endcode + \sa wc_AesCtsEncryptUpdate +*/ +int wc_AesCtsDecryptUpdate(Aes* aes, byte* out, word32* outSz, + const byte* in, word32 inSz); + +/*! + \ingroup AES + \brief ã“ã®é–¢æ•°ã¯ã€AES CTS復巿“作を完了ã—ã¾ã™ã€‚æ®‹ã‚Šã®æš—å·æ–‡ã‚’処ç†ã—ã€å¾©å·ã‚’完了ã—ã¾ã™ã€‚ + \return 0 復å·ã®å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力引数ãŒç„¡åйãªå ´åˆã€‚ + \param [in] aes æ“作ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹Aes構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 最終的ãªå¾©å·ã•れãŸå¹³æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。ã“ã®æœ€çµ‚ステップã‹ã‚‰æ®‹ã‚Šã®å¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [out] outSz \c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚入力時ã«ã¯ã€\c out ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込むã“ã¨ãŒã§ãる最大ãƒã‚¤ãƒˆæ•°ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ + \code + Aes aes; + wc_AesInit(&aes, NULL, INVALID_DEVID); + byte key[16] = { 0 }; + byte iv[16] = { 0 }; + byte ciphertext[] = { ... }; + byte plaintext[sizeof(ciphertext)]; + word32 outSz = sizeof(plaintext); + wc_AesSetKey(&aes, key, sizeof(key), iv, AES_DECRYPTION); + // wc_AesCtsDecryptUpdateを使用ã—ã¦å¿…è¦ãªæ›´æ–°ã‚¹ãƒ†ãƒƒãƒ—を実行 + int ret = wc_AesCtsDecryptFinal(&aes, plaintext, &outSz); + if (ret != 0) { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AesFree(&aes); + \endcode + \sa wc_AesCtsEncryptFinal +*/ +int wc_AesCtsDecryptFinal(Aes* aes, byte* out, word32* outSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/arc4.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/arc4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/arc4.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/arc4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,40 +1,51 @@ /*! \ingroup ARC4 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ァ内ã®å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æš—å·æ–‡ã‚’é…ç½®ã™ã‚‹ã‹ã€ã¾ãŸã¯ãƒãƒƒãƒ•ァーã‹ã‚‰æš—å·æ–‡ã‚’復å·åŒ–ã—ãŸã‚Šã€ARC4æš—å·åŒ–を使用ã—ã¦ã€å‡ºåŠ›ãƒãƒƒãƒ•ァーOUTを出力ã—ãŸã‚Šã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯æš—å·åŒ–ã¨å¾©å·åŒ–ã®ä¸¡æ–¹ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®æ–¹æ³•ãŒå‘¼ã³å‡ºã•れるå¯èƒ½æ€§ãŒã‚ã‚‹å ´åˆã¯ã€ã¾ãšWC_ARC4SETKEYを使用ã—ã¦ARC4æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã™ã‚‹ã‹ã€ã¾ãŸã¯ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æš—å·æ–‡ã‚’復å·ã—ã€å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ARC4æš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯æš—å·åŒ–ã¨å¾©å·ã®ä¸¡æ–¹ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã‚’呼ã³å‡ºã™å‰ã«ã€wc_Arc4SetKeyを使用ã—ã¦ARC4æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return none - \param arc4 メッセージã®å‡¦ç†ã«ä½¿ç”¨ã•れるARC4構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 処ç†ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in プロセスã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \param arc4 メッセージを処ç†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるARC4構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 処ç†ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in 処ç†ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param length 処ç†ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + _Example_ \code Arc4 enc; - byte key[] = { key to use for encryption }; + byte key[] = { æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ }; wc_Arc4SetKey(&enc, key, sizeof(key)); - byte plain[] = { plain text to encode }; + byte plain[] = { エンコードã™ã‚‹å¹³æ–‡ }; byte cipher[sizeof(plain)]; byte decrypted[sizeof(plain)]; - // encrypt the plain into cipher + // plainã‚’cipherã«æš—å·åŒ– wc_Arc4Process(&enc, cipher, plain, sizeof(plain)); - // decrypt the cipher + // cipherã‚’å¾©å· wc_Arc4Process(&enc, decrypted, cipher, sizeof(cipher)); \endcode + \sa wc_Arc4SetKey */ int wc_Arc4Process(Arc4* arc4, byte* out, const byte* in, word32 length); /*! \ingroup ARC4 - \brief ã“ã®é–¢æ•°ã¯ARC4オブジェクトã®ã‚­ãƒ¼ã‚’設定ã—ã€ãれを暗å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚WC_ARC4PROCESSを使用ã—ãŸæš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å‰ã«å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ARC4オブジェクトã®ã‚­ãƒ¼ã‚’設定ã—ã€æš—å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚wc_Arc4Processã§æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return none - \param arc4 æš—å·åŒ–ã«ä½¿ç”¨ã•れるARC4構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key ARC4æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®ã‚­ãƒ¼ + + \param arc4 æš—å·åŒ–ã«ä½¿ç”¨ã•れるarc4構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key arc4æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ + \param length arc4æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã®é•·ã• + _Example_ \code Arc4 enc; - byte key[] = { initialize with key to use for encryption }; + byte key[] = { æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã§åˆæœŸåŒ– }; wc_Arc4SetKey(&enc, key, sizeof(key)); \endcode + \sa wc_Arc4Process */ int wc_Arc4SetKey(Arc4* arc4, const byte* key, word32 length); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ascon.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ascon.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ascon.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ascon.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,452 @@ +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚·ãƒ¥åŒ–ã®ãŸã‚ã«ASCONã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã™ã‚‹ASCONコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_AsconHash256 a; + byte data[] = {0x01, 0x02, 0x03}; + byte hash[ASCON_HASH256_SZ]; + + if (wc_AsconHash256_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + // hashã«æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ãŒå«ã¾ã‚Œã¾ã™ + \endcode + + \sa wc_AsconHash256_Update + \sa wc_AsconHash256_Final + */ +int wc_AsconHash256_Init(wc_AsconHash256* a); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã§ASCONãƒãƒƒã‚·ãƒ¥ã‚’æ›´æ–°ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å…¥åŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + + \param ctx ASCONコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in 入力データã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz 入力データã®ã‚µã‚¤ã‚ºã€‚ + + _Example_ + \code + wc_AsconHash256 a; + byte data[] = {0x01, 0x02, 0x03}; + byte hash[ASCON_HASH256_SZ]; + + if (wc_AsconHash256_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + // hashã«æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ãŒå«ã¾ã‚Œã¾ã™ + \endcode + + \sa wc_AsconHash256_Init + \sa wc_AsconHash256_Final + */ +int wc_AsconHash256_Update(wc_AsconHash256* a, const byte* data, word32 dataSz); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€ASCONãƒãƒƒã‚·ãƒ¥ã‚’完了ã—ã€å‡ºåŠ›ã‚’ç”Ÿæˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å‡ºåŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + + \param ctx ASCONコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param out 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outSz 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€å°‘ãªãã¨ã‚‚ASCON_HASH256_SZã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + _Example_ + \code + wc_AsconHash256 a; + byte data[] = {0x01, 0x02, 0x03}; + byte hash[ASCON_HASH256_SZ]; + + if (wc_AsconHash256_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Update(&ctx, data, sizeof(data)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconHash256_Final(&ctx, hash, sizeof(hash)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + // hashã«æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ãŒå«ã¾ã‚Œã¾ã™ + \endcode + + \sa wc_AsconHash256_Init + \sa wc_AsconHash256_Update + */ +int wc_AsconHash256_Final(wc_AsconHash256* a, byte* hash); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€æ–°ã—ã„Ascon AEADコンテキストを割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return pointer æ–°ã—ã割り当ã¦ã‚‰ã‚ŒãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return NULL 失敗時。 + + _Example_ + \code + wc_AsconAEAD128* a = wc_AsconAEAD128_New(); + if (a == NULL) { + // 割り当ã¦ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + wc_AsconAEAD128_Free(a); + \endcode + + \sa wc_AsconAEAD128_Free +*/ +wc_AsconAEAD128* wc_AsconAEAD128_New(void); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADコンテキストã«é–¢é€£ä»˜ã‘られãŸãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ + + \param a 解放ã™ã‚‹Ascon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_AsconAEAD128* a = wc_AsconAEAD128_New(); + if (a == NULL) { + // 割り当ã¦ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + // コンテキストを使用 + wc_AsconAEAD128_Free(a); + \endcode + + \sa wc_AsconAEAD128_New +*/ +void wc_AsconAEAD128_Free(wc_AsconAEAD128 *a); + + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å‡ºåŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã™ã‚‹Ascon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + AsconAead a; + + if (wc_AsconAEAD128_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAeadEncrypt + \sa wc_AsconAeadDecrypt + */ +int wc_AsconAEAD128_Init(wc_AsconAEAD128* a); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADコンテキストをéžåˆæœŸåŒ–ã—ã¾ã™ã€‚コンテキストã¯è§£æ”¾ã—ã¾ã›ã‚“。 + + \param a éžåˆæœŸåŒ–ã™ã‚‹Ascon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + AsconAead a; + + if (wc_AsconAEAD128_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + wc_AsconAEAD128_Clear(&a); + \endcode + + \sa wc_AsconAeadEncrypt + \sa wc_AsconAeadDecrypt + */ +void wc_AsconAEAD128_Clear(wc_AsconAEAD128 *a); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADコンテキストã®éµã‚’設定ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯éµãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµãŒæ—¢ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key ASCON_AEAD128_KEY_SZã®é•·ã•ã®éµãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + + if (wc_AsconAEAD128_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetNonce + \sa wc_AsconAEAD128_SetAD +*/ +int wc_AsconAEAD128_SetKey(wc_AsconAEAD128* a, const byte* key); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADコンテキストã®nonceを設定ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯nonceãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E nonceãŒæ—¢ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param nonce ASCON_AEAD128_NONCE_SZã®é•·ã•ã®nonceãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_AsconAEAD128 a; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + + if (wc_AsconAEAD128_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetAD +*/ +int wc_AsconAEAD128_SetNonce(wc_AsconAEAD128* a, const byte* nonce); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADコンテキストã®é–¢é€£ãƒ‡ãƒ¼ã‚¿ã‚’設定ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯é–¢é€£ãƒ‡ãƒ¼ã‚¿ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµã¾ãŸã¯nonceãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ad 関連データãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param adSz 関連データãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + byte ad[] = { ... }; + + if (wc_AsconAEAD128_Init(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetNonce +*/ +int wc_AsconAEAD128_SetAD(wc_AsconAEAD128* a, const byte* ad, word32 adSz); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADを使用ã—ã¦å¹³æ–‡ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã¾ã™ã€‚出力ã¯outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚出力ã®é•·ã•ã¯å…¥åŠ›ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å‡ºåŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€ã¾ãŸã¯å…¥åŠ›ã‚µã‚¤ã‚ºãŒ0より大ãã„ã®ã«å…¥åŠ›ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµã€nonceã€ã¾ãŸã¯è¿½åŠ ãƒ‡ãƒ¼ã‚¿ãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã€ã¾ãŸã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒä»¥å‰ã«å¾©å·ã«ä½¿ç”¨ã•れãŸå ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param out æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in 平文メッセージをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + byte plaintext[PLAIN_TEXT_SIZE] = { ... }; + byte ciphertext[CIPHER_TEXT_SIZE]; + byte tag[ASCON_AEAD128_TAG_SZ] = { ... }; + + if (wc_AsconAeadInit(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext, + sizeof(plaintext)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAeadInit + \sa wc_AsconAEAD128_Clear + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetNonce + \sa wc_AsconAEAD128_SetAD + \sa wc_AsconAEAD128_EncryptFinal + \sa wc_AsconAEAD128_DecryptUpdate + \sa wc_AsconAEAD128_DecryptFinal + */ +int wc_AsconAEAD128_EncryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in, + word32 inSz); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADを使用ã—ãŸæš—å·åŒ–プロセスを完了ã—ã€èªè¨¼ã‚¿ã‚°ã‚’生æˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å‡ºåŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€ã¾ãŸã¯å…¥åŠ›ã‚µã‚¤ã‚ºãŒ0より大ãã„ã®ã«å…¥åŠ›ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµã€nonceã€ã¾ãŸã¯è¿½åŠ ãƒ‡ãƒ¼ã‚¿ãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã€ã¾ãŸã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒä»¥å‰ã«å¾©å·ã«ä½¿ç”¨ã•れãŸå ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + byte plaintext[PLAIN_TEXT_SIZE] = { ... }; + byte ciphertext[CIPHER_TEXT_SIZE]; + byte tag[ASCON_AEAD128_TAG_SZ] = { ... }; + + if (wc_AsconAeadInit(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_EncryptUpdate(&a, ciphertext, plaintext, + sizeof(plaintext)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_EncryptFinal(&a, tag) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetNonce + \sa wc_AsconAEAD128_SetAD + \sa wc_AsconAEAD128_EncryptUpdate + \sa wc_AsconAEAD128_DecryptUpdate + \sa wc_AsconAEAD128_DecryptFinal + */ +int wc_AsconAEAD128_EncryptFinal(wc_AsconAEAD128* a, byte* tag); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADを使用ã—ãŸå¾©å·ãƒ—ロセスを更新ã—ã¾ã™ã€‚出力ã¯outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚出力ã®é•·ã•ã¯å…¥åŠ›ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯å‡ºåŠ›ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€ã¾ãŸã¯å…¥åŠ›ã‚µã‚¤ã‚ºãŒ0より大ãã„ã®ã«å…¥åŠ›ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµã€nonceã€ã¾ãŸã¯è¿½åŠ ãƒ‡ãƒ¼ã‚¿ãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã€ã¾ãŸã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒä»¥å‰ã«æš—å·åŒ–ã«ä½¿ç”¨ã•れãŸå ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param out 平文を格ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in æš—å·æ–‡ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + byte ciphertext[CIPHER_TEXT_SIZE] = { ... }; + byte plaintext[PLAIN_TEXT_SIZE]; + byte tag[ASCON_AEAD128_TAG_SZ] = { ... }; + + if (wc_AsconAeadInit(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext, + sizeof(ciphertext)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetNonce + \sa wc_AsconAEAD128_SetAD + \sa wc_AsconAEAD128_EncryptUpdate + \sa wc_AsconAEAD128_EncryptFinal + \sa wc_AsconAEAD128_DecryptFinal + */ +int wc_AsconAEAD128_DecryptUpdate(wc_AsconAEAD128* a, byte* out, const byte* in, + word32 inSz); + +/*! + \ingroup ASCON + \brief ã“ã®é–¢æ•°ã¯ã€Ascon AEADを使用ã—ãŸå¾©å·ãƒ—ロセスを完了ã—ã€èªè¨¼ã‚¿ã‚°ã‚’検証ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG コンテキストã¾ãŸã¯ã‚¿ã‚°ãƒã‚¤ãƒ³ã‚¿ãŒNULLã®å ´åˆã€‚ + \return BAD_STATE_E éµã€nonceã€ã¾ãŸã¯è¿½åŠ ãƒ‡ãƒ¼ã‚¿ãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã€ã¾ãŸã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒä»¥å‰ã«æš—å·åŒ–ã«ä½¿ç”¨ã•れãŸå ´åˆã€‚ + \return ASCON_AUTH_E èªè¨¼ã‚¿ã‚°ãŒä¸€è‡´ã—ãªã„å ´åˆã€‚ + + \param a åˆæœŸåŒ–ã•れãŸAscon AEADコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tag 検証ã™ã‚‹èªè¨¼ã‚¿ã‚°ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_AsconAEAD128 a; + byte key[ASCON_AEAD128_KEY_SZ] = { ... }; + byte nonce[ASCON_AEAD128_NONCE_SZ] = { ... }; + byte ciphertext[CIPHER_TEXT_SIZE] = { ... }; + byte plaintext[PLAIN_TEXT_SIZE]; + byte tag[ASCON_AEAD128_TAG_SZ] = { ... }; + + if (wc_AsconAeadInit(&a) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetKey(&a, key) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetNonce(&a, nonce) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_SetAD(&a, ad, sizeof(ad)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_DecryptUpdate(&a, plaintext, ciphertext, + sizeof(ciphertext)) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + if (wc_AsconAEAD128_DecryptFinal(&a, tag) != 0) + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + \endcode + + \sa wc_AsconAEAD128_Init + \sa wc_AsconAEAD128_SetKey + \sa wc_AsconAEAD128_SetNonce + \sa wc_AsconAEAD128_SetAD + \sa wc_AsconAEAD128_DecryptUpdate + \sa wc_AsconAEAD128_EncryptUpdate + \sa wc_AsconAEAD128_EncryptFinal + */ +int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/asn_public.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/asn_public.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/asn_public.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/asn_public.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,29 +1,35 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯Cert構造体をデフォルトã®å€¤ã§åˆæœŸåŒ–ã—ã¾ã™ã€‚デフォルトã®ã‚ªãƒ—ション:version = 3(0x2)ã€sigtype = sha_with_rsaã€issuer =空白ã€dayValid = 500ã€selfsigned = 1(true)発行者ã¨ã—ã¦ã®ä»¶å=空白 - \return æˆåŠŸã—ãŸå ´åˆ0ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ãƒ•ォルトã®ã‚ªãƒ—ションã§ãƒ‡ãƒ•ォルトã®è¨¼æ˜Žæ›¸ã‚’åˆæœŸåŒ–ã—ã¾ã™ï¼š + version = 3(0x2)ã€serial = 0ã€sigType = SHA_WITH_RSAã€issuer = 空白〠+ daysValid = 500ã€selfSigned = 1(true)発行者ã¨ã—ã¦subjectを使用〠+ subject = 空白 + + \return none 返り値ãªã—。 + + \param cert åˆæœŸåŒ–ã™ã‚‹æœªåˆæœŸåŒ–ã®cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; wc_InitCert(&myCert); \endcode + \sa wc_MakeCert \sa wc_MakeCertReq */ -int wc_InitCert(Cert*); +int wc_InitCert(Cert* cert); /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸æ“作ã®ç‚ºã«æ–°ãŸãªCert構造体を割り当ã¦ã¾ã™ã€‚ - 割り当ã¦ãŸCert構造体ã¯ã“ã®é–¢æ•°å†…ã§åˆæœŸåŒ–ã•れるã®ã§ã€wc_InitCert()を呼ã³å‡ºã™å¿…è¦ã¯ã‚りã¾ã›ã‚“。 - アプリケーションãŒã“ã®Cert構造体ã®ä½¿ç”¨ã‚’終了ã™ã‚‹éš›ã«ã¯wc_CertFree()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸æ“作中ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã®æ–°ã—ã„Cert構造体を割り当ã¦ã¾ã™ã€‚ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒæ§‹é€ ä½“自体を割り当ã¦ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“。Cert構造体もã“ã®é–¢æ•°ã«ã‚ˆã£ã¦åˆæœŸåŒ–ã•れるãŸã‚ã€wc_InitCert()を呼ã³å‡ºã™å¿…è¦ãŒãªããªã‚Šã¾ã™ã€‚アプリケーションãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸCert構造体ã®ä½¿ç”¨ã‚’終了ã—ãŸã‚‰ã€wc_CertFree()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 処ç†ãŒæˆåŠŸã—ãŸéš›ã«ã¯æ–°ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return メモリ確ä¿ã«å¤±æ•—ã—ãŸå ´åˆã«ã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã割り当ã¦ã‚‰ã‚ŒåˆæœŸåŒ–ã•れãŸCertã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL メモリ割り当ã¦å¤±æ•—時。 - \param メモリã®å‹•的確ä¿ã§ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã®æŒ‡å®šã‚‚å¯ã€‚ + \param A 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code @@ -31,7 +37,7 @@ myCert = wc_CertNew(NULL); if (myCert == NULL) { - // Cert creation failure + // Cert作æˆå¤±æ•— } \endcode @@ -42,13 +48,14 @@ */ Cert* wc_CertNew(void* heap); - /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯wc_CertNew()ã§ç¢ºä¿ã•れãŸCert構造体を解放ã—ã¾ã™ã€‚ - \return ç„¡ã— - \param 解放ã™ã¹ãCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€wc_CertNew()ã¸ã®ä»¥å‰ã®å‘¼ã³å‡ºã—ã«ã‚ˆã£ã¦cert構造体ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã‚’解放ã—ã¾ã™ã€‚ + + \return None. + + \param A 解放ã™ã‚‹cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -56,7 +63,7 @@ myCert = wc_CertNew(NULL); - // Perform cert operations. + // 証明書æ“作を実行。 wc_CertFree(myCert); \endcode @@ -70,34 +77,34 @@ /*! \ingroup ASN - \brief CAç½²å付ã証明書を作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - サブジェクト情報を入力ã—ãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸å…¥åŠ›ã‹ã‚‰X.509v3 RSAã¾ãŸã¯ECC証明書を作æˆã—derBufferã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚ - 証明書を生æˆã™ã‚‹ãŸã‚ã®RsaKeyã¾ãŸã¯EccKeyã®ã„ãšã‚Œã‹ã‚’引数ã¨ã—ã¦å–りã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるå‰ã«ã€è¨¼æ˜Žæ›¸ã‚’wc_InitCertã§åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - - \return 指定ã•れãŸå…¥åŠ›è¨¼æ˜Žæ›¸ã‹ã‚‰X509è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«ç”Ÿæˆã•れãŸå ´åˆã€ç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E xmallocã§ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”りã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れãŸderBufferãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return Others 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param cert åˆæœŸåŒ–ã•れãŸCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derBuffer 生æˆã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz 証明書をä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param rsaKey 証明書ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるRSAéµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param eccKey 証明書ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるECCéµã‚’å«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief CAç½²å付ã証明書を作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚subject情報ãŒå…¥åŠ›ã•れãŸå¾Œã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€cert入力ã‹ã‚‰x509証明書v3 RSAã¾ãŸã¯ECCを作æˆã—ã¾ã™ã€‚次ã«ã€ã“ã®è¨¼æ˜Žæ›¸ã‚’derBufferã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚証明書を生æˆã™ã‚‹ãŸã‚ã«ã€rsaKeyã¾ãŸã¯eccKeyã®ã„ãšã‚Œã‹ã‚’å—ã‘å–りã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã‚’呼ã³å‡ºã™å‰ã«ã€è¨¼æ˜Žæ›¸ã‚’wc_InitCertã§åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return Success 指定ã•れãŸå…¥åŠ›certã‹ã‚‰x509証明書を正常ã«ä½œæˆã™ã‚‹ã¨ã€ç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸderBufferãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return Others 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã„å ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param cert åˆæœŸåŒ–ã•れãŸcert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derBuffer 生æˆã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 証明書を格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param rsaKey 証明書ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるrsaキーをå«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param eccKey 証明書ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるeccキーをå«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng 証明書を作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる乱数生æˆå™¨ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; wc_InitCert(&myCert); WC_RNG rng; - //initialize rng; + // rngã‚’åˆæœŸåŒ–; RsaKey key; - //initialize key; + // keyã‚’åˆæœŸåŒ–; byte * derCert = malloc(FOURK_BUF); word32 certSz; certSz = wc_MakeCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); \endcode + \sa wc_InitCert \sa wc_MakeCertReq */ @@ -106,31 +113,32 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ã•れãŸCert構造体を使用ã—ã¦è¨¼æ˜Žæ›¸ç½²åè¦æ±‚を作æˆã—derBufferã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚ - è¨¼æ˜Žæ›¸è¦æ±‚ã®ç”Ÿæˆã«ã¯RsaKeyã¾ãŸã¯EccKeyã®ã„ãšã‚Œã‹ã®éµã‚’å—ã‘å–り使用ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã®å¾Œã«ã€ç½²åã™ã‚‹ãŸã‚ã«wc_SignCert()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã®ä½¿ç”¨ä¾‹ã«ã¤ã„ã¦ã¯ã€wolfCryptテストアプリケーション(./wolfcrypt/test/test.c)ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return 証明書署åè¦æ±‚ãŒæ­£å¸¸ã«ç”Ÿæˆã•れるã¨ã€ç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ç½²åè¦æ±‚ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E xmallocã§ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \return BUFFER_E æä¾›ã•れãŸderBufferãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆ - \return Other 証明書署åè¦æ±‚ã®ç”ŸæˆãŒæˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param cert åˆæœŸåŒ–ã•れãŸCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derBuffer 生æˆã•れãŸè¨¼æ˜Žæ›¸ç½²åè¦æ±‚ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz 証明書署åè¦æ±‚ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param rsaKey 証明書署åè¦æ±‚を生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRSAéµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param eccKey 証明書署åè¦æ±‚を生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRECCéµã‚’å«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›è¨¼æ˜Žæ›¸ã‚’ä½¿ç”¨ã—ã¦è¨¼æ˜Žæ›¸ç½²åè¦æ±‚を作æˆã—ã€å‡ºåŠ›ã‚’derBufferã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚è¨¼æ˜Žæ›¸è¦æ±‚を生æˆã™ã‚‹ãŸã‚ã«ã€rsaKeyã¾ãŸã¯eccKeyã®ã„ãšã‚Œã‹ã‚’å—ã‘å–りã¾ã™ã€‚証明書署åè¦æ±‚ã«ç½²åã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã®å¾Œã«wc_SignCert()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã®ä½¿ç”¨ä¾‹ã«ã¤ã„ã¦ã¯ã€wolfCryptテストアプリケーション(./wolfcrypt/test/test.c)をå‚ç…§ã—ã¦ãã ã•ã„。 + + \return Success 指定ã•れãŸå…¥åŠ›certã‹ã‚‰X.509è¨¼æ˜Žæ›¸è¦æ±‚を正常ã«ä½œæˆã™ã‚‹ã¨ã€ç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸è¦æ±‚ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸderBufferãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return Other è¨¼æ˜Žæ›¸è¦æ±‚ã®ç”ŸæˆãŒæˆåŠŸã—ãªã„å ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param cert åˆæœŸåŒ–ã•れãŸcert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derBuffer 生æˆã•れãŸè¨¼æ˜Žæ›¸è¦æ±‚ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz è¨¼æ˜Žæ›¸è¦æ±‚ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param rsaKey è¨¼æ˜Žæ›¸è¦æ±‚ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるrsaキーをå«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param eccKey è¨¼æ˜Žæ›¸è¦æ±‚ã®ç”Ÿæˆã«ä½¿ç”¨ã•れるeccキーをå«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– EccKey key; - //initialize key; + // keyã‚’åˆæœŸåŒ–; byte* derCert = (byte*)malloc(FOURK_BUF); word32 certSz; certSz = wc_MakeCertReq(&myCert, derCert, FOURK_BUF, NULL, &key); \endcode + \sa wc_InitCert \sa wc_MakeCert */ @@ -139,34 +147,38 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ãƒãƒƒãƒ•ァーã®å†…容ã«ç½²åã—ã€ç½²åã‚’ãƒãƒƒãƒ•ã‚¡ã®æœ€å¾Œã«è¿½åŠ ã—ã¾ã™ã€‚ç½²åã®ç¨®é¡žã‚’å–りã¾ã™ã€‚ - CAç½²å付ã証明書を作æˆã™ã‚‹å ´åˆã¯ã€wc_MakeCert()ã¾ãŸã¯wc_MakeCertReq()ã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 証明書ã¸ã®ç½²åã«æˆåŠŸã—ãŸå ´åˆã¯ã€è¨¼æ˜Žæ›¸ã®æ–°ã—ã„サイズ(ç½²åã‚’å«ã‚€)ã‚’è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E xmallocã§ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return BUFFER_E æä¾›ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ã«ã¯æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return Other 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param requestSz ç½²å対象ã®è¨¼æ˜Žæ›¸æœ¬æ–‡ã®ã‚µã‚¤ã‚º - \param sigType 作æˆã™ã‚‹ç½²åã®ç¨®é¡žã€‚有効ãªã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™:CTC_MD5WRSAã€CTC_SHAWRSAã€CTC_SHAWECDSAã€CTC_SHA256WECDSAã€ANDCTC_SHA256WRSA - \param derBuffer ç½²å対象ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数ã®å‡¦ç†æˆåŠŸæ™‚ã«ã¯ç½²åãŒä»˜åŠ ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param derSz æ–°ãŸã«ç½²åã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ï¼ˆåˆè¨ˆï¼‰ã‚µã‚¤ã‚º - \param rsaKey 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRSAéµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param eccKey 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるECCéµã‚’å«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param rng ç½²åã«ä½¿ç”¨ã™ã‚‹ä¹±æ•°ç”Ÿæˆå™¨(WC_RNG構造体)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯bufferã«ç½²åã—ã€ç½²åã‚’bufferã®æœ«å°¾ã«è¿½åŠ ã—ã¾ã™ã€‚ç½²åタイプをå—ã‘å–りã¾ã™ã€‚CAç½²å付ã証明書を作æˆã™ã‚‹å ´åˆã¯ã€wc_MakeCert()ã¾ãŸã¯wc_MakeCertReq()ã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return Success 証明書ã®ç½²åã«æˆåŠŸã™ã‚‹ã¨ã€è¨¼æ˜Žæ›¸ã®æ–°ã—ã„サイズ(署åã‚’å«ã‚€ï¼‰ã‚’è¿”ã—ã¾ã™ã€‚ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return Other 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã„å ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param requestSz ç½²åã‚’è¦æ±‚ã—ã¦ã„る証明書本文ã®ã‚µã‚¤ã‚º + \param sType 作æˆã™ã‚‹ç½²åã®ã‚¿ã‚¤ãƒ—。有効ãªã‚ªãƒ—ションã¯ï¼šCTC_MD5wRSAã€CTC_SHAwRSAã€CTC_SHAwECDSAã€CTC_SHA256wECDSAã€ãŠã‚ˆã³CTC_SHA256wRSA + \param buffer ç½²åã•れる証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚æˆåŠŸæ™‚ï¼šæ–°ã—ãç½²åã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã—ã¾ã™ + \param buffSz æ–°ã—ãç½²åã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ï¼ˆåˆè¨ˆï¼‰ã‚µã‚¤ã‚º + \param rsaKey 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるrsaキーをå«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param eccKey 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるeccキーをå«ã‚€EccKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる乱数生æˆå™¨ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; byte* derCert = (byte*)malloc(FOURK_BUF); - // initialize myCert, derCert + // myCertã€derCertã‚’åˆæœŸåŒ– RsaKey key; - // initialize key; + // keyã‚’åˆæœŸåŒ–; WC_RNG rng; - // initialize rng + // rngã‚’åˆæœŸåŒ– word32 certSz; - certSz = wc_SignCert(myCert.bodySz, myCert.sigType, derCert, FOURK_BUF, - &key, NULL, &rng); + certSz = wc_SignCert(myCert.bodySz, myCert.sigType,derCert,FOURK_BUF, + &key, NULL, + &rng); \endcode + \sa wc_InitCert \sa wc_MakeCert */ @@ -175,31 +187,34 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ã€ä»¥å‰ã®2ã¤ã®é–¢æ•°ã€wc_MakeCertã€ãŠã‚ˆã³è‡ªå·±ç½²åã®ãŸã‚ã®wc_SignCertã®çµ„ã¿åˆã‚ã›ã§ã™ï¼ˆå‰ã®é–¢æ•°ã¯CAè¦æ±‚ã«ä½¿ç”¨ã•れる場åˆãŒã‚りã¾ã™ï¼‰ã€‚ - 証明書を作æˆã—ã¦ã‹ã‚‰ã€ãれã«ç½²åã—ã€è‡ªå·±ç½²å証明書を生æˆã—ã¾ã™ã€‚ - \return 証明書ã¸ã®ç½²åãŒæˆåŠŸã—ãŸå ´åˆã¯ã€è¨¼æ˜Žæ›¸ã®æ–°ã—ã„サイズを返ã—ã¾ã™ã€‚ - \return MEMORY_E xmallocã§ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return BUFFER_E æä¾›ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ã«ã¯æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return Other 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param cert ç½²åã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derBuffer ç½²å付ãè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz ç½²å付ã証明書をä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param key 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRSAéµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param rng ç½²åã«ä½¿ç”¨ã™ã‚‹ä¹±æ•°ç”Ÿæˆå™¨(WC_RNG構造体)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€è‡ªå·±ç½²å用ã®å‰ã®2ã¤ã®é–¢æ•°ã€wc_MakeCertã¨wc_SignCertã®çµ„ã¿åˆã‚ã›ã§ã™ï¼ˆå‰ã®é–¢æ•°ã¯CAè¦æ±‚ã«ä½¿ç”¨ã§ãã¾ã™ï¼‰ã€‚証明書を作æˆã—ã¦ã‹ã‚‰ç½²åã—ã€è‡ªå·±ç½²å証明書を生æˆã—ã¾ã™ã€‚ + + \return Success 証明書ã®ç½²åã«æˆåŠŸã™ã‚‹ã¨ã€è¨¼æ˜Žæ›¸ã®æ–°ã—ã„サイズを返ã—ã¾ã™ã€‚ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return Other 証明書ã®ç”ŸæˆãŒæˆåŠŸã—ãªã„å ´åˆã€è¿½åŠ ã®ã‚¨ãƒ©ãƒ¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒè¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param cert 作æˆã—ã¦ç½²åã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param buffer ç½²åã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param buffSz ç½²åã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param key 証明書ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるrsaキーをå«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng 証明書ã®ç”Ÿæˆã¨ç½²åã«ä½¿ç”¨ã•れる乱数生æˆå™¨ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; byte* derCert = (byte*)malloc(FOURK_BUF); - // initialize myCert, derCert + // myCertã€derCertã‚’åˆæœŸåŒ– RsaKey key; - // initialize key; + // keyã‚’åˆæœŸåŒ–; WC_RNG rng; - // initialize rng + // rngã‚’åˆæœŸåŒ– word32 certSz; certSz = wc_MakeSelfCert(&myCert, derCert, FOURK_BUF, &key, NULL, &rng); \endcode + \sa wc_InitCert \sa wc_MakeCert \sa wc_SignCert @@ -210,38 +225,35 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®issureFileã§ä¸Žãˆã‚‰ã‚ŒãŸç™ºè¡Œè€…を証明書ã®ç™ºè¡Œè€…ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã¾ãŸã€ãã®éš›ã«ã€è¨¼æ˜Žæ›¸ã®è‡ªå·±ç½²åプロパティをfalseã«å¤‰æ›´ã—ã¾ã™ã€‚ - 発行者ã¯è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…ã¨ã—ã¦è¨­å®šã•れるå‰ã«æ¤œè¨¼ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - - \return 0 証明書ã®ç™ºè¡Œè€…ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ç™ºè¡Œè€…を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…ã‚’ã€æä¾›ã•れãŸpem issuerFileã®ç™ºè¡Œè€…ã«è¨­å®šã—ã¾ã™ã€‚ã¾ãŸã€è¨¼æ˜Žæ›¸ã®è‡ªå·±ç½²å属性をfalseã«å¤‰æ›´ã—ã¾ã™ã€‚issuerFileã§æŒ‡å®šã•れãŸç™ºè¡Œè€…ã¯ã€cert発行者を設定ã™ã‚‹å‰ã«æ¤œè¨¼ã•れã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 証明書ã®ç™ºè¡Œè€…を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param cert 発行者を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param issuerFile PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ•ァイルã¸ã®ãƒ•ァイルパス + \param cert 発行者を設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param issuerFile pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®ãƒ‘ス _Example_ \code Cert myCert; - // initialize myCert - if(wc_SetIssuer(&myCert, â€./path/to/ca-cert.pemâ€) != 0) { - // error setting issuer + // myCertã‚’åˆæœŸåŒ– + if(wc_SetIssuer(&myCert, "./path/to/ca-cert.pem") != 0) { + // 発行者設定エラー } \endcode @@ -254,36 +266,35 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®subjectFileã§ä¸Žãˆã‚‰ã‚ŒãŸä¸»ä½“者を証明書ã®ä¸»ä½“者ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã®subjectã‚’ã€æä¾›ã•れãŸpem subjectFileã®subjectã«è¨­å®šã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 証明書ã®ä¸»ä½“者ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 証明書ã®ç™ºè¡Œè€…を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param 主体者を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param subjectFile PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ•ァイルã¸ã®ãƒ•ァイルパス + \param cert 発行者を設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param subjectFile pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®ãƒ‘ス _Example_ \code Cert myCert; - // initialize myCert - if(wc_SetSubject(&myCert, â€./path/to/ca-cert.pemâ€) != 0) { - // error setting subject + // myCertã‚’åˆæœŸåŒ– + if(wc_SetSubject(&myCert, "./path/to/ca-cert.pem") != 0) { + // subject設定エラー } \endcode @@ -296,41 +307,38 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹Raw-Subject情報を証明書ã®Raw-Subject情報ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - - \return 0 証明書ã®Raw-Subject情報ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert Raw-Subject情報を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®Raw-Subject情報ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®subjectã‹ã‚‰è¨¼æ˜Žæ›¸ã®ç”Ÿã®subjectを設定ã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ç”Ÿã®subjectフィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + \return 0 証明書ã®subjectを正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert 生ã®subjectを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetSubjectRaw(&myCert, der, FOURK_BUF) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -342,22 +350,22 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯Cert構造体ã‹ã‚‰Raw-Subject情報をå–り出ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸æ§‹é€ ä½“ã‹ã‚‰ç”Ÿã®subjectã‚’å–å¾—ã—ã¾ã™ã€‚ - \return 0 証明書ã®Raw-Subject情報ã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return 0 証明書ã‹ã‚‰subjectを正常ã«å–å¾—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param subjectRaw 処ç†ãŒæˆåŠŸã—ãŸéš›ã«è¿”ã•れるRaw-Subject情報を格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ - \param cert Raw-Subjectæƒ…å ±ã‚’ä¿æŒã™ã‚‹Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param subjectRaw 正常ã«è¿”ã•れãŸå ´åˆã®ç”Ÿã®subjectã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ + \param cert 生ã®subjectã‚’å–å¾—ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code Cert myCert; byte *subjRaw; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– if(wc_GetSubjectRaw(&subjRaw, &myCert) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -369,38 +377,35 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯å¼•æ•°ã§ä¸Žãˆã‚‰ã‚ŒãŸPEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã®ä¸»ä½“者ã®åˆ¥åã‚’Cert構造体ã«è¨­å®šã—ã¾ã™ã€‚ - 複数ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã§åŒä¸€ã®è¨¼æ˜Žæ›¸ã‚’使用ã™ã‚‹éš›ã«ã¯ä¸»ä½“者ã®åˆ¥åを付与ã™ã‚‹æ©Ÿèƒ½ã¯æœ‰ç”¨ã§ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - - \return 0 証明書ã®ä¸»ä½“者ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã®ä»£æ›¿åã‚’ã€æä¾›ã•れãŸpemファイル内ã®ä»£æ›¿åã«è¨­å®šã—ã¾ã™ã€‚ã“れã¯ã€åŒã˜è¨¼æ˜Žæ›¸ã§è¤‡æ•°ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’ä¿è­·ã—ãŸã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 証明書ã®ä»£æ›¿åを正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param cert 主体者ã®åˆ¥åを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã®ãƒ•ァイルパス + \param cert 代替åを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param file pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®ãƒ‘ス _Example_ \code Cert myCert; - // initialize myCert - if(wc_SetSubject(&myCert, â€./path/to/ca-cert.pemâ€) != 0) { - // error setting alt names + // myCertã‚’åˆæœŸåŒ– + if(wc_SetSubject(&myCert, "./path/to/ca-cert.pem") != 0) { + // 代替å設定エラー } \endcode @@ -412,42 +417,39 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„る発行者を証明書ã®ç™ºè¡Œè€…ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - 加ãˆã¦ã€è¨¼æ˜Žæ›¸ã®äº‹æ•…ç½²åプロパティをfalseã«è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - - \return 0 証明書ã®ç™ºè¡Œè€…ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert 発行者を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…情報ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®ç™ºè¡Œè€…ã‹ã‚‰è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…を設定ã—ã¾ã™ã€‚ã¾ãŸã€è¨¼æ˜Žæ›¸ã®è‡ªå·±ç½²å属性をfalseã«å¤‰æ›´ã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 証明書ã®ç™ºè¡Œè€…を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert 発行者を設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der 発行者をå–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 発行者をå–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetIssuerBuffer(&myCert, der, FOURK_BUF) != 0) { - // error setting issuer + // issuer設定エラー } \endcode @@ -459,42 +461,39 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹Raw-Issuer情報を証明書ã®Raw-Issuer情報ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®ç™ºè¡Œè€…ã‹ã‚‰è¨¼æ˜Žæ›¸ã®ç”Ÿã®ç™ºè¡Œè€…を設定ã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ç”Ÿã®ç™ºè¡Œè€…フィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 証明書ã®Raw-Issuer情報ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - - \param cert Raw-Issuer情報を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®Raw-Issuer情報ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 証明書ã®ç™ºè¡Œè€…を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert 生ã®ç™ºè¡Œè€…を設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetIssuerRaw(&myCert, der, FOURK_BUF) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -506,41 +505,39 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„る主体者を証明書ã®ä¸»ä½“者ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®subjectã‹ã‚‰è¨¼æ˜Žæ›¸ã®subjectを設定ã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 証明書ã®ä¸»ä½“者ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert 主体者を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®ä¸»ä½“者ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 証明書ã®subjectを正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert subjectを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz subjectã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetSubjectBuffer(&myCert, der, FOURK_BUF) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -552,42 +549,39 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹ã€Œåˆ¥åæƒ…å ±ã€ã‚’証明書ã®ã€Œåˆ¥å情報ã€ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã¯è¤‡æ•°ãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’一ã¤ã®è¨¼æ˜Žæ›¸ã‚’使ã£ã¦ã‚»ã‚­ãƒ¥ã‚¢ã«ã™ã‚‹éš›ã«æœ‰ç”¨ã§ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - - \return 0 証明書ã®åˆ¥å情報ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert åˆ¥åæƒ…報を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®åˆ¥å情報ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®ä»£æ›¿åã‹ã‚‰è¨¼æ˜Žæ›¸ã®ä»£æ›¿åを設定ã—ã¾ã™ã€‚ã“れã¯ã€åŒã˜è¨¼æ˜Žæ›¸ã§è¤‡æ•°ã®ãƒ‰ãƒ¡ã‚¤ãƒ³ã‚’ä¿è­·ã—ãŸã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 証明書ã®ä»£æ›¿åを正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert 代替åを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der 代替åã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 代替åã‚’å–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetAltNamesBuffer(&myCert, der, FOURK_BUF) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -599,41 +593,39 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹ã€Œæœ‰åŠ¹æœŸé–“ã€æƒ…報を証明書ã®ã€Œæœ‰åŠ¹æœŸé–“ã€æƒ…å ±ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã¸ã®ç½²åã«å…ˆç«‹ã¡å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸderãƒãƒƒãƒ•ã‚¡ã®æ—¥ä»˜ç¯„囲ã‹ã‚‰è¨¼æ˜Žæ›¸ã®æ—¥ä»˜ã‚’設定ã—ã¾ã™ã€‚ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ã€ç½²åå‰ã«ãƒ•ィールドを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé–“æƒ…å ±ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 証明書ã®ãƒ˜ãƒƒãƒ€ãƒ¼ãƒ•ァイルã®è§£æžã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E è¨¼æ˜Žæ›¸ã®æš—å·ã‚¿ã‚¤ãƒ—ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ã®æš—å·åŒ–仕様ã«ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E 証明書ã®ä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™æ—¥ã‚ˆã‚Šå¾Œã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BITSTR_E 証明書ã®ãƒ“ットストリングè¦ç´ ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã®ECCéµã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_UNKNOWN_OID_E è¨¼æ˜Žæ›¸ãŒæœªçŸ¥ã®ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_VERSION_E ALLOW_V1_EXTENSIONSマクロãŒå®šç¾©ã•れã¦ã„ãªã„ã®ã«è¨¼æ˜Žæ›¸ãŒV1ã‚ã‚‹ã„ã¯V2å½¢å¼ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¨¼æ˜Žæ›¸ã®æ‹¡å¼µæƒ…å ±ã®è§£æžã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_CRIT_EXT_E 証明書ã®è§£æžä¸­ã«æœªçŸ¥ã®ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–タイプãŒå¼•æ•°ã§æ¸¡ã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E 証明書ã®ç½²åã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAã®åå‰ã«é–¢æ•°åˆ¶é™ã«ã‚ˆã£ã¦è¨±ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E CA証明書ã®ä¸»ä½“者を検証ã™ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert 有効期間情報を設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé–“æƒ…å ±ãŒå–り出ã•れã¦certã«è¨­å®šã•れã¾ã™ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 è¨¼æ˜Žæ›¸ã®æ—¥ä»˜ã‚’正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ヘッダーファイルã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーを解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«è¦‹æ…£ã‚Œãªã„é‡è¦ãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã§è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param cert 日付を設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param der 日付範囲をå–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 日付範囲をå–å¾—ã™ã‚‹derå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code Cert myCert; - // initialize myCert + // myCertã‚’åˆæœŸåŒ– byte* der; der = (byte*)malloc(FOURK_BUF); - // initialize der + // derã‚’åˆæœŸåŒ– if(wc_SetDatesBuffer(&myCert, der, FOURK_BUF) != 0) { - // error setting subject + // subject設定エラー } \endcode @@ -644,16 +636,16 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸRSAã‚ã‚‹ã„ã¯ECC公開éµã®ä¸€æ–¹ã‹ã‚‰å¾—ãŸAKID(èªè¨¼è€…éµID)を証明書ã®AKIDã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + \brief RSAã¾ãŸã¯ECC公開éµã‹ã‚‰AKIDを設定ã—ã¾ã™ã€‚注:rsakeyã¾ãŸã¯eckeyã®ã„ãšã‚Œã‹ä¸€æ–¹ã®ã¿ã‚’設定ã—ã€ä¸¡æ–¹ã¯è¨­å®šã—ãªã„ã§ãã ã•ã„。 - \return 0 証明書ã®AKIDã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(cert)ãŒNULLã‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(rsakey)ã¨ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(eckey)ã®ä¸¡æ–¹ãŒNULLã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return PUBLIC_KEY_E 公開éµã®å–å¾—ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - - \param cert AKIDを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param rsakey RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param eckey ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG certãŒnullã¾ãŸã¯rsakeyã¨eckeyã®ä¸¡æ–¹ãŒnullã®å ´åˆã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + \return PUBLIC_KEY_E キーã¸ã®æ›¸ãè¾¼ã¿ã‚¨ãƒ©ãƒ¼ã€‚ + + \param cert SKIDを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param rsakey 読ã¿å–り元ã®RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param eckey 読ã¿å–り元ã®ecc_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -664,7 +656,7 @@ if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -678,25 +670,25 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れãŸè¨¼æ˜Žæ›¸ã‹ã‚‰å¾—ãŸAKID(èªè¨¼è€…éµID)を証明書ã®AKIDã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + \brief DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã‹ã‚‰AKIDを設定ã—ã¾ã™ã€‚ - \return 0 証明書ã®AKIDã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®ã„ãšã‚Œã‹ãŒNULL,ã‚ã‚‹ã„ã¯derSzãŒï¼ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SKID èªè¨¼è€…éµIDãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param cert AKIDを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param der DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param derSz DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å¼•æ•°ãŒnullã¾ãŸã¯derSzãŒ0未満ã®å ´åˆã®ã‚¨ãƒ©ãƒ¼ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã®ã‚¨ãƒ©ãƒ¼ã€‚ + \return ASN_NO_SKID サブジェクトキーIDãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。 + + \param cert 書ãè¾¼ã¿å…ˆã®Cert構造体。 + \param der DERエンコードã•れãŸè¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァ。 + \param derSz derã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ _Example_ \code Cert some_cert; - byte some_der[] = { // Initialize a DER buffer }; + byte some_der[] = { // DERãƒãƒƒãƒ•ã‚¡ã‚’åˆæœŸåŒ– }; wc_InitCert(&some_cert); if(wc_SetAuthKeyIdFromCert(&some_cert, some_der, sizeof(some_der) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -708,14 +700,14 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‹ã‚‰å¾—ãŸAKID(èªè¨¼è€…éµID)を証明書ã®AKIDã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + \brief PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ•ァイルã‹ã‚‰AKIDを設定ã—ã¾ã™ã€‚ - \return 0 証明書ã®AKIDã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG certã¾ãŸã¯fileãŒnullã®å ´åˆã®ã‚¨ãƒ©ãƒ¼ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã®ã‚¨ãƒ©ãƒ¼ã€‚ - \param cert AKIDを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ•ァイルã¸ã®ãƒ•ァイルパス + \param cert AKIDを設定ã—ãŸã„Cert構造体。 + \param file PEM証明書ファイルをå«ã‚€ãƒãƒƒãƒ•ァ。 _Example_ \code @@ -725,7 +717,7 @@ if(wc_SetAuthKeyId(&some_cert, file_name) != 0) { - // Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -737,14 +729,14 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸRSAã‚ã‚‹ã„ã¯ECC公開éµã®ä¸€æ–¹ã‹ã‚‰å¾—ãŸSKID(主体者éµID)を証明書ã®SKIDã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + \brief RSAã¾ãŸã¯ECC公開éµã‹ã‚‰SKIDを設定ã—ã¾ã™ã€‚ - \return 0 証明書ã®SKIDã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(cert)ãŒNULLã‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(rsakey)ã¨ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿(eckey)ã®ä¸¡æ–¹ãŒNULLã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return PUBLIC_KEY_E 公開éµã®å–å¾—ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG certã¾ãŸã¯rsakeyã¨eckeyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®å–得エラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cert SKIDを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param cert 使用ã™ã‚‹Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param rsakey RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ \param eckey ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ @@ -757,7 +749,7 @@ if(wc_SetSubjectKeyIdFromPublicKey(&some_cert,&some_key, NULL) != 0) { - // Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -769,16 +761,15 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‹ã‚‰å¾—ãŸSKID(主体者éµID)を証明書ã®SKIDã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - 引数ã¯ä¸¡æ–¹ãŒä¸Žãˆã‚‰ã‚Œã‚‹ã“ã¨ãŒå¿…è¦ã§ã™ã€‚ + \brief PEMå½¢å¼ã®å…¬é–‹éµãƒ•ァイルã‹ã‚‰SKIDを設定ã—ã¾ã™ã€‚両方ã®å¼•æ•°ãŒå¿…è¦ã§ã™ã€‚ - \return 0 証明書ã®SKIDã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return PUBLIC_KEY_E 公開éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG certã¾ãŸã¯fileãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E キー用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cert SKIDを設定ã™ã‚‹å¯¾è±¡ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ•ァイルã¸ã®ãƒ•ァイルパス + \param cert SKIDを設定ã™ã‚‹Cert構造体。 + \param file PEMエンコードã•れãŸãƒ•ァイルをå«ã‚€ã€‚ _Example_ \code @@ -788,7 +779,7 @@ if(wc_SetSubjectKeyId(&some_cert, file_name) != 0) { - // Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -799,19 +790,15 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯éµã®ç”¨é€”を設定ã—ã¾ã™ã€‚è¨­å®šå€¤ã®æŒ‡å®šã¯ã‚³ãƒ³ãƒžåŒºåˆ‡ã‚Šãƒˆãƒ¼ã‚¯ãƒ³ã‚’使用ã§ãã¾ã™ã€‚ - å—ã‘付ã‘られるトークンã¯ï¼šdigitalSignature, nonRepudiation, contentCommitment, keyCertSign, cRLSign, dataEncipherment, - keyAgreement, keyEncipherment, encipherOnly, decipherOnly ã§ã™ã€‚ - 指定例:"digitalSignature,nonRepudiation"。 - nonRepudiation 㨠contentCommitment ã¯åŒã˜ç”¨é€”ã‚’æ„味ã—ã¾ã™ã€‚ - - \return 0 証明書ã®ç”¨é€”ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return KEYUSAGE_E 未知ã®ãƒˆãƒ¼ã‚¯ãƒ³ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã¨ã€ã‚«ãƒ³ãƒžåŒºåˆ‡ã‚Šã®ãƒˆãƒ¼ã‚¯ãƒ³æ–‡å­—列を使用ã—ã¦ã‚­ãƒ¼ä½¿ç”¨æ³•を設定ã§ãã¾ã™ã€‚å—ã‘入れられるトークンã¯ï¼šdigitalSignatureã€nonRepudiationã€contentCommitmentã€keyCertSignã€cRLSignã€dataEnciphermentã€keyAgreementã€keyEnciphermentã€encipherOnlyã€decipherOnlyã§ã™ã€‚例:"digitalSignature,nonRepudiation" nonRepudiationã¨contentCommitmentã¯åŒã˜ç”¨é€”ã§ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å¼•æ•°ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return KEYUSAGE_E èªè­˜ã•れãªã„トークンãŒå…¥åŠ›ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cert éµã®ç”¨é€”を設定ã™ã‚‹å¯¾è±¡ã®åˆæœŸåŒ–済ã¿Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param value éµã®ç”¨é€”ã‚’æ„味ã™ã‚‹ã‚³ãƒ³ãƒžåŒºåˆ‡ã‚Šãƒˆãƒ¼ã‚¯ãƒ³æ–‡å­—列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param cert åˆæœŸåŒ–ã•れãŸCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param value 使用法を設定ã™ã‚‹ãƒˆãƒ¼ã‚¯ãƒ³ã®ã‚«ãƒ³ãƒžåŒºåˆ‡ã‚Šæ–‡å­—列。 _Example_ \code @@ -820,7 +807,7 @@ if(wc_SetKeyUsage(&cert, "cRLSign,keyCertSign") != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -832,17 +819,17 @@ /*! \ingroup ASN - \brief PEMå½¢å¼ã®éµãƒ•ァイルをロードã—DERå½¢å¼ã«å¤‰æ›ã—ã¦ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ + \brief ファイルã‹ã‚‰PEMキーを読ã¿è¾¼ã¿ã€DERエンコードã•れãŸãƒãƒƒãƒ•ã‚¡ã«å¤‰æ›ã—ã¾ã™ã€‚ - \return 0 å‡¦ç†æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー発生時ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルã®ã‚ªãƒ¼ãƒ—ンã«å•題ãŒç”Ÿã˜ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 与ãˆã‚‰ã‚ŒãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡derBufãŒçµæžœã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param fileName PEMå½¢å¼ã®ãƒ•ァイルパス - \param derBuf DERå½¢å¼éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ - \param derSz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸ + \return <0 エラー + \return SSL_BAD_FILE ファイルを開ãéš›ã«å•題ãŒã‚りã¾ã™ã€‚ + \return MEMORY_E ファイルãƒãƒƒãƒ•ァ用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚りã¾ã™ã€‚ + \return BUFFER_E derBufãŒå¤‰æ›ã•れãŸã‚­ãƒ¼ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã¯ã‚りã¾ã›ã‚“。 + + \param fileName ロードã™ã‚‹ãƒ•ァイルã®åå‰ã€‚ + \param derBuf DERエンコードã•れãŸã‚­ãƒ¼ç”¨ã®ãƒãƒƒãƒ•ァ。 + \param derSz DERãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -851,7 +838,7 @@ if(wc_PemPubKeyToDer(some_file, der, sizeof(der)) != 0) { - //Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -863,26 +850,26 @@ /*! \ingroup ASN - \brief PEMå½¢å¼ã®éµãƒ‡ãƒ¼ã‚¿ã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¦ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã€å‡ºåŠ›ãƒã‚¤ãƒˆæ•°ã‚ã‚‹ã„ã¯è² ã®ã‚¨ãƒ©ãƒ¼å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \brief PEMエンコードã•れãŸå…¬é–‹éµã‚’DERã«å¤‰æ›ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯è² ã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return >0 å‡¦ç†æˆåŠŸæ™‚ã«ã¯å‡ºåŠ›ã—ãŸãƒã‚¤ãƒˆæ•°ãŒè¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®pem, buff, ã‚ã‚‹ã„㯠buffSz ã®ã„ãšã‚Œã‹ã°NULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラーãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return >0 æˆåŠŸã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return BAD_FUNC_ARG pemã€buffã€ã¾ãŸã¯buffSzãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return <0 関数内ã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param pem PEMå½¢å¼ã®éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pemSz PEMå½¢å¼ã®éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param buff 出力先ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param buffSz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param pem PEMエンコードã•れãŸã‚­ãƒ¼ + \param pemSz pemã®ã‚µã‚¤ã‚º + \param buff 出力用ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buffSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code - byte some_pem[] = { Initialize with PEM key } - unsigned char out_buffer[1024]; // Ensure buffer is large enough to fit DER + byte some_pem[] = { PEMキーã§åˆæœŸåŒ– } + unsigned char out_buffer[1024]; // ãƒãƒƒãƒ•ã‚¡ãŒDERã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ã‚ã‚‹ã“ã¨ã‚’ç¢ºèª if(wc_PubKeyPemToDer(some_pem, sizeof(some_pem), out_buffer, sizeof(out_buffer)) < 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode @@ -894,29 +881,29 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’DERå½¢å¼ã«å¤‰æ›ã—ã€ä¸Žãˆã‚‰ã‚ŒãŸãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€pem証明書をder証明書ã«å¤‰æ›ã—ã€çµæžœã®è¨¼æ˜Žæ›¸ã‚’æä¾›ã•れãŸderBufãƒãƒƒãƒ•ã‚¡ã«é…ç½®ã—ã¾ã™ã€‚ - \return å‡¦ç†æˆåŠŸæ™‚ã«ã¯å‡ºåŠ›ã—ãŸãƒã‚¤ãƒˆæ•°ãŒè¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 与ãˆã‚‰ã‚ŒãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡derBufãŒçµæžœã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return Success æˆåŠŸæ™‚ã«ç”Ÿæˆã•れãŸderBufã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ + \return BUFFER_E derBufã®ã‚µã‚¤ã‚ºãŒç”Ÿæˆã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã®å‘¼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \param fileName PEMå½¢å¼ã®ãƒ•ァイルパス - \param derBuf DERå½¢å¼è¨¼æ˜Žæ›¸ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz DERå½¢å¼è¨¼æ˜Žæ›¸ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param fileName der証明書ã«å¤‰æ›ã™ã‚‹pem証明書をå«ã‚€ãƒ•ァイルã¸ã®ãƒ‘ス + \param derBuf 変æ›ã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹charãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 変æ›ã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹charãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code - char * file = “./certs/client-cert.pemâ€; + char * file = "./certs/client-cert.pem"; int derSz; byte* der = (byte*)XMALLOC((8*1024), NULL, DYNAMIC_TYPE_CERT); derSz = wc_PemCertToDer(file, der, (8*1024)); if (derSz <= 0) { - //PemCertToDer error + // PemCertToDerエラー } \endcode - \sa none + \sa ãªã— */ int wc_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); @@ -924,25 +911,24 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ãƒãƒƒãƒ•ã‚¡ã§ä¸Žãˆã‚‰ã‚ŒãŸDERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’PEMå½¢å¼ã«å¤‰æ›ã—ã€ä¸Žãˆã‚‰ã‚ŒãŸå‡ºåŠ›ç”¨ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¨å‡ºåŠ›ãƒãƒƒãƒ•ァを共用ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。両ãƒãƒƒãƒ•ã‚¡ã¯å¿…ãšåˆ¥ã®ã‚‚ã®ã‚’用æ„ã—ã¦ãã ã•ã„。 + \brief ã“ã®é–¢æ•°ã¯ã€derãƒãƒƒãƒ•ã‚¡ã«å«ã¾ã‚Œã‚‹derå½¢å¼ã®å…¥åŠ›è¨¼æ˜Žæ›¸ã‚’ã€outputãƒãƒƒãƒ•ã‚¡ã«å«ã¾ã‚Œã‚‹pemå½¢å¼ã®å‡ºåŠ›è¨¼æ˜Žæ›¸ã«å¤‰æ›ã—ã¾ã™ã€‚ã“れã¯ã‚¤ãƒ³ãƒ—レース変æ›ã§ã¯ãªãã€pemå½¢å¼ã®å‡ºåŠ›ã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã«åˆ¥ã®ãƒãƒƒãƒ•ァを使用ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 - \return å‡¦ç†æˆåŠŸæ™‚ã«ã¯å¤‰æ›å¾Œã®PEMå½¢å¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã€ã‚ã‚‹ã„ã¯PEMå½¢å¼ã«å¤‰æ›ã®éš›ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E Base64ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 与ãˆã‚‰ã‚ŒãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒçµæžœã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param der DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º - \param output PEMå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz PEMå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param type 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—。次ã®ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šå¯: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE, and CERTREQ_TYPE. + \return Success 入力der証明書ã‹ã‚‰æ­£å¸¸ã«pem証明書を作æˆã™ã‚‹ã¨ã€ç”Ÿæˆã•れãŸpem証明書ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG derファイルを解æžã—ã¦pemファイルã¨ã—ã¦æ ¼ç´ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E base64エンコードエラーã®å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒpemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param der 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚º + \param output pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param type 生æˆã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šCERT_TYPEã€PRIVATEKEY_TYPEã€ECC_PRIVATEKEY_TYPEã€ãŠã‚ˆã³CERTREQ_TYPE。 _Example_ \code byte* der; - // initialize der with certificate + // 証明書ã§derã‚’åˆæœŸåŒ– byte* pemFormatted[FOURK_BUF]; word32 pemSz; @@ -952,57 +938,56 @@ \sa wc_PemCertToDer */ int wc_DerToPem(const byte* der, word32 derSz, byte* output, - word32 outputSz, int type); + word32 outSz, int type); /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼è¨¼æ˜Žæ›¸ã‚’入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰èª­ã¿å‡ºã—ã€PEMå½¢å¼ã«å¤‰æ›ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¨å‡ºåŠ›ãƒãƒƒãƒ•ァを共用ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。両ãƒãƒƒãƒ•ã‚¡ã¯å¿…ãšåˆ¥ã®ã‚‚ã®ã‚’用æ„ã—ã¦ãã ã•ã„。 - è¿½åŠ ã®æš—å·æƒ…報を指定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€derå½¢å¼ã®å…¥åŠ›è¨¼æ˜Žæ›¸ã‚’å¤‰æ›ã—ã¾ã™ã€ + derãƒãƒƒãƒ•ã‚¡ã«å«ã¾ã‚Œã‚‹ã€pemå½¢å¼ã®å‡ºåŠ›è¨¼æ˜Žæ›¸ã«å¤‰æ›ã—ã€outputãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã“れã¯ã‚¤ãƒ³ãƒ—レース変æ›ã§ã¯ãªãã€pemå½¢å¼ã®å‡ºåŠ›ã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã«åˆ¥ã®ãƒãƒƒãƒ•ァを使用ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„ã€‚æš—å·æƒ…å ±ã®è¨­å®šã‚’許å¯ã—ã¾ã™ã€‚ - \return å‡¦ç†æˆåŠŸæ™‚ã«ã¯å¤‰æ›å¾Œã®PEMå½¢å¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG Returned DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã€ã‚ã‚‹ã„ã¯PEMå½¢å¼ã«å¤‰æ›ã®éš›ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E Base64ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¨ãƒ©ãƒ¼ãŒæ¤œå‡ºã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 与ãˆã‚‰ã‚ŒãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒçµæžœã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return Success 入力der証明書ã‹ã‚‰æ­£å¸¸ã«pem証明書を作æˆã™ã‚‹ã¨ã€ç”Ÿæˆã•れãŸpem証明書ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG derファイルを解æžã—ã¦pemファイルã¨ã—ã¦æ ¼ç´ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E base64エンコードエラーã®å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒpemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param der DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derSz DERå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º - \param output PEMå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz PEMå½¢å¼è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param cipher_inf è¿½åŠ ã®æš—å·æƒ…å ± - \param type 生æˆã™ã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªã‚¿ã‚¤ãƒ—: CERT_TYPE, PRIVATEKEY_TYPE, ECC_PRIVATEKEY_TYPE 㨠CERTREQ_TYPE + \param der 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param derSz 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚º + \param output pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz pemå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param cipher_info è¿½åŠ ã®æš—å·æƒ…報。 + \param type 生æˆã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šCERT_TYPEã€PRIVATEKEY_TYPEã€ECC_PRIVATEKEY_TYPEã€ãŠã‚ˆã³CERTREQ_TYPE。 _Example_ \code byte* der; - // initialize der with certificate + // 証明書ã§derã‚’åˆæœŸåŒ– byte* pemFormatted[FOURK_BUF]; word32 pemSz; - byte* cipher_info[] { Additional cipher info. } + byte* cipher_info[] { è¿½åŠ ã®æš—å·æƒ…報。 } pemSz = wc_DerToPemEx(der, derSz, pemFormatted, FOURK_BUF, cipher_info, CERT_TYPE); \endcode \sa wc_PemCertToDer */ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, - word32 outputSz, byte *cipherIno, int type); + word32 outSz, byte *cipher_info, int type); /*! \ingroup CertsKeys - \brief PEMå½¢å¼ã®éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ + \brief PEMå½¢å¼ã®ã‚­ãƒ¼ã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - \return 変æ›ã«æˆåŠŸã—ãŸéš›ã«ã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込んã ãƒ‡ãƒ¼ã‚¿ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return int é–¢æ•°ã¯æ­£å¸¸å®Ÿè¡Œæ™‚ã«ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return int エラーを示ã™è² ã®æ•´æ•°ãŒè¿”ã•れã¾ã™ã€‚ - \param pem PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pemSz PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º - \param buff DerBuffer構造体ã®bufferメンãƒãƒ¼ã®ã‚³ãƒ”ーã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param buffSz DerBuffer構造体ã®bufferメンãƒãƒ¼ã¸ç¢ºä¿ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param pass パスワード + \param pem PEMエンコードã•れãŸè¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pemSz PEMãƒãƒƒãƒ•ァ(pem)ã®ã‚µã‚¤ã‚º + \param buff DerBuffer構造体ã®bufferメンãƒãƒ¼ã®ã‚³ãƒ”ーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buffSz DerBuffer構造体ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒãƒƒãƒ•ァスペースã®ã‚µã‚¤ã‚ºã€‚ + \param pass é–¢æ•°ã«æ¸¡ã•れるパスワード。 _Example_ \code @@ -1017,7 +1002,7 @@ (int)fileSz, password); if(saveBufSz > 0){ - // Bytes were written to the buffer. + // ãƒã‚¤ãƒˆãŒãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚Œã¾ã—ãŸã€‚ } \endcode @@ -1029,15 +1014,15 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚内部ã§ã¯OpenSSL互æ›APIã®PemToDerを呼ã³å‡ºã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚OpenSSL関数PemToDerを呼ã³å‡ºã—ã¾ã™ã€‚ - \return ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ãŸã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return buffer ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \param pem PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pemSz PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param buff DERå½¢å¼ã«å¤‰æ›ã—ãŸè¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã®å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param buffSz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param type 証明書ã®ã‚¿ã‚¤ãƒ—。asn_public.h ã§å®šç¾©ã®enum CertTypeã®å€¤ã€‚ + \param pem PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pemSz 証明書ã®ã‚µã‚¤ã‚ºã€‚ + \param buff DERå½¢å¼ã«ã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ァ。 + \param buffSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param type asn_public.h enum CertTypeã«ã‚る証明書ファイルタイプ。 _Example_ \code @@ -1048,7 +1033,7 @@ int type; ... if(wc_CertPemToDer(pem, pemSz, buff, buffSz, type) <= 0) { - // There were bytes written to buffer + // ãƒãƒƒãƒ•ã‚¡ã«ãƒã‚¤ãƒˆãŒæ›¸ãè¾¼ã¾ã‚Œã¾ã—㟠} \endcode @@ -1060,18 +1045,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯å…¬é–‹éµã‚’DERå½¢å¼ã§DecodedCert構造体ã‹ã‚‰å–り出ã—ã¾ã™ã€‚ - wc_InitDecodedCert()ã¨wc_ParseCert()を事å‰ã«å‘¼ã³å‡ºã—ã¦ãŠãå¿…è¦ãŒã‚りã¾ã™ã€‚ - wc_InitDecodedCert()ã¯DER/ASN.1エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’å—ã‘付ã‘ã¾ã™ã€‚ - PEMå½¢å¼ã®éµã‚’DERå½¢å¼ã§å–å¾—ã™ã‚‹å ´åˆã«ã¯ã€wc_InitDecodedCert()より先ã«wc_CertPemToDer()を呼ã³å‡ºã—ã¦ãã ã•ã„。 - - \return æˆåŠŸæ™‚ã«0ã‚’è¿”ã—ã¾ã™ã€‚エラー発生時ã«ã¯è² ã®æ•´æ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E derKeyãŒNULLã®éš›ã«è¿”ã•れã¾ã™ã€‚ - - \param cert X.509è¨¼æ˜Žæ›¸ã‚’ä¿æŒã—ãŸDecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derKey DERå½¢å¼ã®å…¬é–‹éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param derKeySz [IN/OUT] 入力時ã«ã¯derKeyã§ä¸Žãˆã‚‰ã‚Œã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º,出力時ã«ã¯å…¬é–‹éµã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã—ã¾ã™ã€‚ - ã‚‚ã—ã€derKeyãŒNULLã§æ¸¡ã•れãŸå ´åˆã«ã¯, derKeySzã«ã¯å¿…è¦ãªãƒãƒƒãƒ•ã‚¡ã‚µã‚¤ã‚ºãŒæ ¼ç´ã•れã€LENGTH_ONLY_EãŒæˆ»ã‚Šå€¤ã¨ã—ã¦è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ã•れãŸDecodedCert構造体ã‹ã‚‰DERå½¢å¼ã®å…¬é–‹éµã‚’å–å¾—ã—ã¾ã™ã€‚ã“ã®APIを呼ã³å‡ºã™å‰ã«ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯wc_InitDecodedCert()ã¨wc_ParseCert()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚wc_InitDecodedCert()ã¯DER/ASN.1エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’å—ã‘入れã¾ã™ã€‚PEM証明書をDERã«å¤‰æ›ã™ã‚‹ã«ã¯ã€wc_InitDecodedCert()を呼ã³å‡ºã™å‰ã«ã¾ãšwc_CertPemToDer()を使用ã—ã¦ãã ã•ã„。 + + \return 0 æˆåŠŸæ™‚ã€ã‚¨ãƒ©ãƒ¼æ™‚ã¯è² ã®å€¤ã€‚derKeyãŒNULLã§é•·ã•ã®ã¿ã‚’è¿”ã™å ´åˆã¯LENGTH_ONLY_E。 + + \param cert X.509è¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹å…¥åŠ›ã•れãŸDecodedCert構造体 + \param derKey DERエンコードã•れãŸå…¬é–‹éµã‚’é…ç½®ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ + \param derKeySz [IN/OUT] 入力時ã®derKeyãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€è¿”å´æ™‚ã®å…¬é–‹éµã®ã‚µã‚¤ã‚ºã€‚derKeyãŒNULLã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã€derKeySzã¯å…¬é–‹éµã«å¿…è¦ãªãƒãƒƒãƒ•ァサイズã«è¨­å®šã•れã€é–¢æ•°ã‹ã‚‰LENGTH_ONLY_EãŒè¿”ã•れã¾ã™ã€‚ \sa wc_GetPubKeyDerFromCert */ @@ -1081,41 +1061,41 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ECC秘密éµã‚’入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰èª­ã¿è¾¼ã¿ã€è§£æžã®å¾Œecc_key構造体を作æˆã—ã¦ãã“ã«éµã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡inputã‹ã‚‰ECC秘密éµã‚’読ã¿å–りã€ç§˜å¯†éµã‚’è§£æžã—ã€ãれを使用ã—ã¦ecc_keyオブジェクトを生æˆã—ã€keyã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 秘密éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã¨çµæžœã®ecc_key構造体ã¸ã®æ ¼ç´æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 入力ãƒãƒƒãƒ•ã‚¡ã®è§£æžã‚ã‚‹ã„ã¯çµæžœã®æ ¼ç´æ™‚ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 入力ã•れãŸè¨¼æ˜Žæ›¸ãŒæœ€å¤§è¨¼æ˜Žæ›¸ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_OBJECT_ID_E 証明書ãŒç„¡åйãªã‚ªãƒ–ジェクトIDã‚’å«ã‚“ã§ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 与ãˆã‚‰ã‚ŒãŸç§˜å¯†éµã®ECC曲線ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E ECC秘密éµã®ãƒ•ォーマットã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN 秘密éµãŒåœ§ç¸®ã•れã¦ã„ã¦åœ§ç¸®éµãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_MEM 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_VAL 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_RANGE 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param input 入力ã¨ãªã‚‹ç§˜å¯†éµãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx word32型変数ã§å†…容ã¨ã—ã¦å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®å‡¦ç†é–‹å§‹ä½ç½®ã‚’先頭ã‹ã‚‰ã®ã‚¤ãƒ³ãƒ‡ã‚¯ã‚¹å€¤ã¨ã—ã¦ä¿æŒã—ã¦ã„る。 - \param key デコードã•れãŸç§˜å¯†éµãŒæ ¼ç´ã•ã‚Œã‚‹åˆæœŸåŒ–済ã¿ã®ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 秘密éµã‚’å«ã‚“ã§ã„る入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 秘密éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã«æˆåŠŸã—ã€çµæžœã‚’ecc_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ãŸå ´åˆ + \return ASN_PARSE_E derファイルを解æžã—ã¦pemファイルã¨ã—ã¦æ ¼ç´ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 変æ›ã™ã‚‹è¨¼æ˜Žæ›¸ãŒæŒ‡å®šã•ã‚ŒãŸæœ€å¤§è¨¼æ˜Žæ›¸ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_OBJECT_ID_E 証明書エンコーディングã«ç„¡åйãªã‚ªãƒ–ジェクトIDãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_CURVE_OID_E æä¾›ã•れãŸã‚­ãƒ¼ã®ECC曲線ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E ECCキー形å¼ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return NOT_COMPILED_IN 秘密éµãŒåœ§ç¸®ã•れã¦ãŠã‚Šã€åœ§ç¸®ã‚­ãƒ¼ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_MEM 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_VAL 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_RANGE 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param input 入力秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx ãƒãƒƒãƒ•ァ内ã§é–‹å§‹ã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key デコードã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹åˆæœŸåŒ–ã•れãŸeccオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 秘密éµã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º _Example_ \code int ret, idx=0; - ecc_key key; // to store key in + ecc_key key; // ã‚­ãƒ¼ã‚’æ ¼ç´ - byte* tmp; // tmp buffer to read key from + byte* tmp; // キーを読ã¿å–ã‚‹ãŸã‚ã®ä¸€æ™‚ãƒãƒƒãƒ•ã‚¡ tmp = (byte*) malloc(FOURK_BUF); int inSz; inSz = fread(tmp, 1, FOURK_BUF, privateKeyFile); - // read key into tmp buffer + // tmpãƒãƒƒãƒ•ã‚¡ã«ã‚­ãƒ¼ã‚’読ã¿å–ã‚‹ - wc_ecc_init(&key); // initialize key + wc_ecc_init(&key); // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– ret = wc_EccPrivateKeyDecode(tmp, &idx, &key, (word32)inSz); if(ret < 0) { - // error decoding ecc key + // eccキーã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode @@ -1127,32 +1107,32 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ECC秘密éµã‚’DERå½¢å¼ã§ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ECCキーをderå½¢å¼ã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚ - \return ECC秘密éµã‚’DERå½¢å¼ã§ã®å‡ºåŠ›ã«æˆåŠŸã—ãŸå ´åˆã«ã¯ãƒãƒƒãƒ•ã‚¡ã¸å‡ºåŠ›ã—ãŸã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡outputãŒNULLã‚ã‚‹ã„ã¯inLenãŒã‚¼ãƒ­ã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E メモリã®ç¢ºä¿ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦é‡ã‚ˆã‚Šå°ã•ã„ - \return ASN_UNKNOWN_OID_E ECC秘密éµãŒæœªçŸ¥ã®ã‚¿ã‚¤ãƒ—ã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return MP_MEM 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_VAL 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_RANGE 秘密éµã®è§£æžã§ä½¿ç”¨ã•れる数学ライブラリãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param key 入力ã¨ãªã‚‹ECC秘密éµãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output DERå½¢å¼ã®ECC秘密éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen DERå½¢å¼ã®ECC秘密éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return Success ECCキーã®derå½¢å¼ã¸ã®æ›¸ãè¾¼ã¿ã«æˆåŠŸã™ã‚‹ã¨ã€ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’è¿”ã—ã¾ã™ + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã€ã¾ãŸã¯inLenãŒã‚¼ãƒ­ã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 変æ›ã•れãŸè¨¼æ˜Žæ›¸ãŒå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã™ã‚‹ã«ã¯å¤§ãã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_UNKNOWN_OID_E 使用ã•れã¦ã„ã‚‹ECCキーãŒä¸æ˜Žãªã‚¿ã‚¤ãƒ—ã®å ´åˆã«è¿”ã•れã¾ã™ + \return MP_MEM 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_VAL 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_RANGE 秘密éµã®è§£æžä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key 入力eccキーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output derå½¢å¼ã®ã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen derå½¢å¼ã®ã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• _Example_ \code int derSz; ecc_key key; - // initialize and make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ byte der[FOURK_BUF]; - // store der formatted key here + // ã“ã“ã«derå½¢å¼ã®ã‚­ãƒ¼ã‚’æ ¼ç´ derSz = wc_EccKeyToDer(&key, der, FOURK_BUF); if(derSz < 0) { - // error converting ecc key to der buffer + // eccキーをderãƒãƒƒãƒ•ã‚¡ã«å¤‰æ›ã™ã‚‹éš›ã®ã‚¨ãƒ©ãƒ¼ } \endcode @@ -1163,29 +1143,28 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®ECC公開éµã‚’ASNシーケンスをデコードã—ã¦å–り出ã—ã¾ã™ã€‚ + \brief 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ECC公開éµã‚’デコードã—ã¾ã™ã€‚ECCキーをå–å¾—ã™ã‚‹ãŸã‚ã«ASNシーケンスを解æžã—ã¾ã™ã€‚ - \return 0 å‡¦ç†æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG Returns ã„ãšã‚Œã‹ã®å¼•æ•°ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ASN_PARSE_E è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ASN_ECC_KEY_E éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã—ã¾ã™ã€‚ - 発生ç†ç”±ã«ã¤ã„ã¦ã¯wc_ecc_import_x963()ã‚’å‚ç…§ã®ã“ã¨ã€‚ - - \param input DERå½¢å¼ã®å…¬é–‹éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å‡ºã—ä½ç½®ã‚¤ãƒ³ãƒ‡ã‚¯ã‚¹å€¤ã‚’ä¿æŒã—ã¦ã„る変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿(入力時)。 - 出力時ã«ã¯ã“ã®å¤‰æ•°ã«è§£æžæ¸ˆã¿ã®ãƒãƒƒãƒ•ã‚¡ã®ã‚¤ãƒ³ãƒ‡ã‚¯ã‚¹å€¤ãŒæ ¼ç´ã•れã¾ã™ã€‚ - \param key ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å¼•æ•°ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_ECC_KEY_E キーã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + 考ãˆã‚‰ã‚Œã‚‹ç†ç”±ã«ã¤ã„ã¦ã¯wc_ecc_import_x963ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \param input デコードã™ã‚‹DERエンコードã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param inOutIdx 入力ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り開始ä½ç½®ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚出力時ã€ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®æœ€å¾Œã«è§£æžã•れãŸä½ç½®ã«è¨­å®šã•れã¾ã™ã€‚ + \param key 公開éµã‚’æ ¼ç´ã™ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code int ret; word32 idx = 0; - byte buff[] = { // initialize with key }; + byte buff[] = { // キーã§åˆæœŸåŒ– }; ecc_key pubKey; wc_ecc_init(&pubKey); if ( wc_EccPublicKeyDecode(buff, &idx, &pubKey, sizeof(buff)) != 0) { - // error decoding key + // キーã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode @@ -1197,19 +1176,17 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ECC公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - 処ç†ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚変æ›ã—ã¦å¾—られるDERå½¢å¼ã®ECC公開éµã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚ - AlgCurveãƒ•ãƒ©ã‚°ã®æŒ‡å®šã«ã‚ˆã‚Šã€ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をヘッダーã«å«ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - - \return æˆåŠŸæ™‚ã«ã¯å‡¦ç†ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡outputã‚ã‚‹ã„ã¯ecc_key構造体keyãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E ECC公開éµã®ã‚µã‚¤ã‚ºå–å¾—ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦é‡ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ECC公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚使用ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚DERå½¢å¼ã®ECC公開éµã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚with_AlgCurveフラグã¯ã€ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をæŒã¤ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’å«ã‚ã¾ã™ - \param key ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param with_AlgCurve ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をヘッダーã«å«ã‚ã‚‹éš›ã«ã¯ï¼‘を指定 + \return >0 æˆåŠŸã€ä½¿ç”¨ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return BAD_FUNC_ARG outputã¾ãŸã¯keyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return LENGTH_ONLY_E ECC公開éµã®ã‚µã‚¤ã‚ºå–得エラー。 + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key ECCキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output 書ãè¾¼ã¿å…ˆã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inLen ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param with_AlgCurve ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をæŒã¤ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’å«ã‚るタイミングã®ãƒ•ラグ。 _Example_ \code @@ -1218,12 +1195,12 @@ WC_RNG rng; wc_InitRng(&rng); wc_ecc_make_key(&rng, 32, &key); - int derSz = // Some appropriate size for der; + int derSz = // der用ã®é©åˆ‡ãªã‚µã‚¤ã‚º; byte der[derSz]; if(wc_EccPublicKeyToDer(&key, der, derSz, 1) < 0) { - // Error converting ECC public key to der + // ECC公開éµã®der変æ›ã‚¨ãƒ©ãƒ¼ } \endcode @@ -1236,21 +1213,18 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ECC公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - 処ç†ã—ãŸãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™ã€‚変æ›ã•れãŸDERå½¢å¼ã®ECC公開éµã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚ - AlgCurveãƒ•ãƒ©ã‚°ã®æŒ‡å®šã«ã‚ˆã‚Šã€ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をヘッダーã«å«ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - compパラメータã¯å…¬é–‹éµã‚’圧縮ã—ã¦å‡ºåŠ›ã™ã‚‹ã‹å¦ã‹ã‚’指定ã—ã¾ã™ã€‚ - - \return >0 æˆåŠŸæ™‚ã«ã¯å‡¦ç†ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡outputã‚ã‚‹ã„ã¯ecc_key構造体keyãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E ECC公開éµã®ã‚µã‚¤ã‚ºå–å¾—ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦é‡ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ECC公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚使用ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚DERå½¢å¼ã®ECC公開éµã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¾ã™ã€‚with_AlgCurveフラグã¯ã€ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をæŒã¤ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’å«ã‚ã¾ã™ã€‚compパラメータã¯ã€å…¬é–‹éµã‚’圧縮形å¼ã§ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ã‹ã©ã†ã‹ã‚’決定ã—ã¾ã™ã€‚ - \param key ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param with_AlgCurve ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をヘッダーã«å«ã‚ã‚‹éš›ã«ã¯ï¼‘を指定 - \param comp éžã‚¼ãƒ­å€¤ã®æŒ‡å®šæ™‚ã«ã¯ECC公開éµã¯åœ§ç¸®å½¢å¼ã§å‡ºåŠ›ã•れã¾ã™ã€‚ã‚¼ãƒ­ãŒæŒ‡å®šã•れãŸå ´åˆã«ã¯éžåœ§ç¸®ã§å‡ºåŠ›ã•れã¾ã™ã€‚ + \return >0 æˆåŠŸã€ä½¿ç”¨ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \return BAD_FUNC_ARG outputã¾ãŸã¯keyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return LENGTH_ONLY_E ECC公開éµã®ã‚µã‚¤ã‚ºå–得エラー。 + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key ECCキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output 書ãè¾¼ã¿å…ˆã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inLen ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param with_AlgCurve ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¨æ›²ç·šæƒ…報をæŒã¤ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’å«ã‚るタイミングã®ãƒ•ラグ。 + \param comp 1(ゼロ以外)ã®å ´åˆã€ECC公開éµã¯åœ§ç¸®å½¢å¼ã§æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚0ã®å ´åˆã€éžåœ§ç¸®å½¢å¼ã§æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚ _Example_ \code @@ -1259,13 +1233,13 @@ WC_RNG rng; wc_InitRng(&rng); wc_ecc_make_key(&rng, 32, &key); - int derSz = // Some appropriate size for der; + int derSz = // der用ã®é©åˆ‡ãªã‚µã‚¤ã‚º; byte der[derSz]; - // Write out a compressed ECC key + // 圧縮ã•れãŸECCキーを書ã出㙠if(wc_EccPublicKeyToDer_ex(&key, der, derSz, 1, 1) < 0) { - // Error converting ECC public key to der + // ECC公開éµã®der変æ›ã‚¨ãƒ©ãƒ¼ } \endcode @@ -1275,33 +1249,225 @@ int wc_EccPublicKeyToDer_ex(ecc_key* key, byte* output, word32 inLen, int with_AlgCurve, int comp); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€DERエンコードã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Curve25519秘密éµï¼ˆã®ã¿ï¼‰ã‚’デコードã—ã¾ã™ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG inputã€inOutIdxã¾ãŸã¯keyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E DERエンコードã•れãŸãƒ‡ãƒ¼ã‚¿ã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E キー長ãŒCURVE25519_KEYSIZEã§ãªã„å ´åˆã€ã¾ãŸã¯DERキーãŒé©åˆ‡ã«ãƒ•ォーマットã•れã¦ã„ã‚‹ã«ã‚‚ã‹ã‹ã‚らãšä»–ã®å•題をå«ã‚€å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 入力ãƒãƒƒãƒ•ã‚¡ãŒæœ‰åйãªDERエンコードã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param input DERエンコードã•れãŸç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx 入力ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り開始ä½ç½®ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚出力時ã€ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®æœ€å¾Œã«è§£æžã•れãŸä½ç½®ã«è¨­å®šã•れã¾ã™ã€‚ + \param key デコードã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力DERãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \sa wc_Curve25519KeyDecode + \sa wc_Curve25519PublicKeyDecode + + _Example_ + \code + byte der[] = { // DERエンコードã•れãŸã‚­ãƒ¼ }; + word32 idx = 0; + curve25519_key key; + wc_curve25519_init(&key); + + if (wc_Curve25519PrivateKeyDecode(der, &idx, &key, sizeof(der)) != 0) { + // 秘密éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ + } + \endcode +*/ +int wc_Curve25519PrivateKeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€DERエンコードã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Curve25519公開éµï¼ˆã®ã¿ï¼‰ã‚’デコードã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG inputã€inOutIdxã¾ãŸã¯keyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E DERエンコードã•れãŸãƒ‡ãƒ¼ã‚¿ã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E キー長ãŒCURVE25519_KEYSIZEã§ãªã„å ´åˆã€ã¾ãŸã¯DERキーãŒé©åˆ‡ã«ãƒ•ォーマットã•れã¦ã„ã‚‹ã«ã‚‚ã‹ã‹ã‚らãšä»–ã®å•題をå«ã‚€å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 入力ãƒãƒƒãƒ•ã‚¡ãŒæœ‰åйãªDERエンコードã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param input DERエンコードã•れãŸå…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx 入力ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り開始ä½ç½®ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚出力時ã€ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®æœ€å¾Œã«è§£æžã•れãŸä½ç½®ã«è¨­å®šã•れã¾ã™ã€‚ + \param key デコードã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力DERãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \sa wc_Curve25519KeyDecode + \sa wc_Curve25519PrivateKeyDecode + + _Example_ + \code + byte der[] = { // DERエンコードã•れãŸã‚­ãƒ¼ }; + word32 idx = 0; + curve25519_key key; + wc_curve25519_init(&key); + if (wc_Curve25519PublicKeyDecode(der, &idx, &key, sizeof(der)) != 0) { + // 公開éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ + } + \endcode +*/ +int wc_Curve25519PublicKeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€DERエンコードã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Curve25519キーをデコードã—ã¾ã™ã€‚秘密éµã€å…¬é–‹éµã€ã¾ãŸã¯ä¸¡æ–¹ã‚’デコードã§ãã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG inputã€inOutIdxã¾ãŸã¯keyãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E DERエンコードã•れãŸãƒ‡ãƒ¼ã‚¿ã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E キー長ãŒCURVE25519_KEYSIZEã§ãªã„å ´åˆã€ã¾ãŸã¯DERキーãŒé©åˆ‡ã«ãƒ•ォーマットã•れã¦ã„ã‚‹ã«ã‚‚ã‹ã‹ã‚らãšä»–ã®å•題をå«ã‚€å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 入力ãƒãƒƒãƒ•ã‚¡ãŒæœ‰åйãªDERエンコードã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param input DERエンコードã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx 入力ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り開始ä½ç½®ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚出力時ã€ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®æœ€å¾Œã«è§£æžã•れãŸä½ç½®ã«è¨­å®šã•れã¾ã™ã€‚ + \param key デコードã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力DERãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \sa wc_Curve25519PrivateKeyDecode + \sa wc_Curve25519PublicKeyDecode + + _Example_ + \code + byte der[] = { // DERエンコードã•れãŸã‚­ãƒ¼ }; + word32 idx = 0; + curve25519_key key; + wc_curve25519_init(&key); + if (wc_Curve25519KeyDecode(der, &idx, &key, sizeof(der)) != 0) { + // キーã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ + } + \endcode +*/ +int wc_Curve25519KeyDecode(const byte* input, word32* inOutIdx, + curve25519_key* key, word32 inSz); + /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ãƒ‡ã‚¸ã‚¿ãƒ«ç½²åをエンコードã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã€ç”Ÿæˆã•れãŸç½²åã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€Curve25519秘密éµã‚’DERå½¢å¼ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚入力キー構造体ã«å…¬é–‹éµãŒå«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€ãれã¯ç„¡è¦–ã•れã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯ç½²åを出力ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã—ã€å‡ºåŠ›ã—ãŸã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return >0 æˆåŠŸã€DERエンコーディングã®é•·ã• + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 割り当ã¦å¤±æ•—ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param out エンコードã—ãŸç½²åデータを出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param digest ç½²åデータã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã«ä½¿ç”¨ã™ã‚‹ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param digSz ダイジェストをå«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param hashOID ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—を示ã™ã‚ªãƒ–ジェクトID。有効ãªå€¤ã¯: SHAh, SHA256h, SHA384h, SHA512h, MD2h, MD5h, DESb, DES3b, CTC_MD5wRSA, - CTC_SHAwRSA, CTC_SHA256wRSA, CTC_SHA384wRSA, CTC_SHA512wRSA, CTC_SHAwECDSA, CTC_SHA256wECDSA, CTC_SHA384wECDSA, 㨠CTC_SHA512wECDSA。 + \param key エンコードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output DERã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \sa wc_Curve25519KeyToDer + \sa wc_Curve25519PublicKeyToDer + + _Example_ + \code + curve25519_key key; + wc_curve25519_init(&key); + ... + int derSz = 128; // 出力DER用ã®é©åˆ‡ãªã‚µã‚¤ã‚º + byte der[derSz]; + wc_Curve25519PrivateKeyToDer(&key, der, derSz); + \endcode +*/ +int wc_Curve25519PrivateKeyToDer(curve25519_key* key, byte* output, + word32 inLen); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€Curve25519公開éµã‚’DERå½¢å¼ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚入力キー構造体ã«ç§˜å¯†éµãŒå«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€ãれã¯ç„¡è¦–ã•れã¾ã™ã€‚ + + \return >0 æˆåŠŸã€DERエンコーディングã®é•·ã• + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 割り当ã¦å¤±æ•—ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key エンコードã™ã‚‹å…¬é–‹éµã‚’å«ã‚€curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output DERã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param withAlg DERエンコーディングã«ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ è­˜åˆ¥å­ã‚’å«ã‚ã‚‹ã‹ã©ã†ã‹ + + \sa wc_Curve25519KeyToDer + \sa wc_Curve25519PrivateKeyToDer + + _Example_ + \code + curve25519_key key; + wc_curve25519_init(&key); + ... + int derSz = 128; // 出力DER用ã®é©åˆ‡ãªã‚µã‚¤ã‚º + byte der[derSz]; + wc_Curve25519PublicKeyToDer(&key, der, derSz, 1); + \endcode +*/ +int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€Curve25519キーをDERå½¢å¼ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚秘密éµã€å…¬é–‹éµã€ã¾ãŸã¯ä¸¡æ–¹ã‚’エンコードã§ãã¾ã™ã€‚ + + \return >0 æˆåŠŸã€DERエンコーディングã®é•·ã• + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 割り当ã¦å¤±æ•—ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key エンコードã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output DERã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param withAlg DERエンコーディングã«ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ è­˜åˆ¥å­ã‚’å«ã‚ã‚‹ã‹ã©ã†ã‹ + + \sa wc_Curve25519PrivateKeyToDer + \sa wc_Curve25519PublicKeyToDer + + _Example_ + \code + curve25519_key key; + wc_curve25519_init(&key); + ... + int derSz = 128; // 出力DER用ã®é©åˆ‡ãªã‚µã‚¤ã‚º + byte der[derSz]; + wc_Curve25519KeyToDer(&key, der, derSz, 1); + \endcode +*/ +int wc_Curve25519KeyToDer(curve25519_key* key, byte* output, word32 inLen, + int withAlg); + +/*! + \ingroup ASN + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ã‚¸ã‚¿ãƒ«ç½²åを出力ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã€ä½œæˆã•れãŸã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸç½²åã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return Success エンコードã•れãŸç½²åã‚’outputã«æ­£å¸¸ã«æ›¸ã込むã¨ã€ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’è¿”ã—ã¾ã™ + + \param out エンコードã•れãŸç½²åãŒæ›¸ãè¾¼ã¾ã‚Œã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param digest ç½²åã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã«ä½¿ç”¨ã™ã‚‹ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param digSz ダイジェストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param hashOID ç½²åã®ç”Ÿæˆã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—を識別ã™ã‚‹OID。ビルド構æˆã«å¿œã˜ãŸæœ‰åйãªã‚ªãƒ—ションã¯ï¼šSHAhã€SHA256hã€SHA384hã€SHA512hã€MD2hã€MD5hã€DESbã€DES3bã€CTC_MD5wRSAã€CTC_SHAwRSAã€CTC_SHA256wRSAã€CTC_SHA384wRSAã€CTC_SHA512wRSAã€CTC_SHAwECDSAã€CTC_SHA256wECDSAã€CTC_SHA384wECDSAã€ãŠã‚ˆã³CTC_SHA512wECDSA。 \endcode \code int signSz; byte encodedSig[MAX_ENCODED_SIG_SZ]; Sha256 sha256; - // initialize sha256 for hashing + // ãƒãƒƒã‚·ãƒ¥åŒ–ã®ãŸã‚ã«sha256ã‚’åˆæœŸåŒ– byte* dig = = (byte*)malloc(WC_SHA256_DIGEST_SIZE); - // perform hashing and hash updating so dig stores SHA-256 hash - // (see wc_InitSha256, wc_Sha256Update and wc_Sha256Final) + // ãƒãƒƒã‚·ãƒ¥åŒ–ã¨ãƒãƒƒã‚·ãƒ¥æ›´æ–°ã‚’実行ã—ã¦digã«SHA-256ãƒãƒƒã‚·ãƒ¥ã‚’æ ¼ç´ + // (wc_InitSha256ã€wc_Sha256Updateã€wc_Sha256Finalã‚’å‚照) signSz = wc_EncodeSignature(encodedSig, dig, WC_SHA256_DIGEST_SIZE, SHA256h); \endcode - \sa none + \sa ãªã— */ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID); @@ -1309,13 +1475,12 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã«å¯¾å¿œã—ãŸãƒãƒƒã‚·ãƒ¥OIDã‚’è¿”ã—ã¾ã™ã€‚ - 例ãˆã°ã€ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒ"WC_SHA512"ã®å ´åˆã€ã“ã®é–¢æ•°ã¯"SHA512h"を対応ã™ã‚‹ãƒãƒƒã‚·ãƒ¥OIDã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã«å¯¾å¿œã™ã‚‹ãƒãƒƒã‚·ãƒ¥OIDã‚’è¿”ã—ã¾ã™ã€‚例ãˆã°ã€WC_SHA512タイプãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€ã“ã®é–¢æ•°ã¯SHA512ãƒãƒƒã‚·ãƒ¥ã«å¯¾å¿œã™ã‚‹è­˜åˆ¥å­SHA512hã‚’è¿”ã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯æŒ‡å®šã•れãŸãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¨å¯¾å¿œã™ã‚‹ãƒãƒƒã‚·ãƒ¥OIDã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 èªè­˜ã§ããªã„ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒå¼•æ•°ã¨ã—ã¦æŒ‡å®šã•れãŸå ´åˆã«è¿”ã—ã¾ã™ã€‚ + \return Success æˆåŠŸæ™‚ã«ã€ãã®æš—å·åŒ–タイプã§ä½¿ç”¨ã™ã‚‹é©åˆ‡ãªãƒãƒƒã‚·ãƒ¥ã«å¯¾å¿œã™ã‚‹OIDã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 èªè­˜ã•れãªã„ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒå¼•æ•°ã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param type ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªã‚¿ã‚¤ãƒ—: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512 + \param type OIDを見ã¤ã‘ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。ビルド構æˆã«å¿œã˜ãŸæœ‰åйãªã‚ªãƒ—ションã«ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512 _Example_ \code @@ -1323,28 +1488,27 @@ hashOID = wc_GetCTC_HashOID(WC_SHA512); if (hashOID == 0) { - // WOLFSSL_SHA512 not defined + // WOLFSSL_SHA512ãŒå®šç¾©ã•れã¦ã„ã¾ã›ã‚“ } \endcode - \sa none + \sa ãªã— */ int wc_GetCTC_HashOID(int type); /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã•れã¦ã„ãŸCert構造体ã§ä½¿ç”¨ã•れãŸãƒ¡ãƒ¢ãƒªã¨ãƒªã‚½ãƒ¼ã‚¹ã‚’クリーンアップã—ã¾ã™ã€‚ - WOLFSSL_CERT_GEN_CACHEãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã¯DecodedCert構造体ãŒCert構造体内部ã«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã•れã€å¾Œç¶šã™ã‚‹set系関数ã®å‘¼ã³å‡ºã—ã®éƒ½åº¦DecodedCert構造体ãŒãƒ‘ースã•れるã“ã¨ã‚’防ãŽã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸æ§‹é€ ä½“ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるメモリã¨ãƒªã‚½ãƒ¼ã‚¹ã‚’クリーンアップã—ã¾ã™ã€‚WOLFSSL_CERT_GEN_CACHEãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ãƒ‡ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸æ§‹é€ ä½“ã¯è¨¼æ˜Žæ›¸æ§‹é€ ä½“ã«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã•れã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€è¨¼æ˜Žæ›¸è¨­å®šé–¢æ•°ã¸ã®å¾Œç¶šã®å‘¼ã³å‡ºã—ã§ã€å„呼ã³å‡ºã—ã§ãƒ‡ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’è§£æžã™ã‚‹ã“ã¨ã‚’回é¿ã§ãã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã¨ã—ã¦ç„¡åйãªå€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒã‚¤ãƒ³ã‚¿ãŒå¼•æ•°ã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cert æœªåˆæœŸåŒ–ã®Cert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param cert åˆæœŸåŒ–ã•れã¦ã„ãªã„証明書情報構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - Cert cert; // Initialized certificate structure + Cert cert; // åˆæœŸåŒ–ã•れãŸè¨¼æ˜Žæ›¸æ§‹é€ ä½“ wc_SetCert_Free(&cert); \endcode @@ -1362,23 +1526,23 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯PKCS#8ã®æš—å·åŒ–ã•れã¦ã„ãªã„ãƒãƒƒãƒ•ァ内部ã®å¾“æ¥ã®ç§˜å¯†éµã®é–‹å§‹ä½ç½®ã‚’検出ã—ã¦è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€PKCS#8æš—å·åŒ–ã•れã¦ã„ãªã„ãƒãƒƒãƒ•ァ内ã®å¾“æ¥ã®ç§˜å¯†éµã®å…ˆé ­ã‚’見ã¤ã‘ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯å¾“æ¥ã®ç§˜å¯†éµã®é•·ã•ã‚’è¿”ã—ã¾ã™ã€‚ - \return エラー時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return Length æˆåŠŸæ™‚ã«å¾“æ¥ã®ç§˜å¯†éµã®é•·ã•。 + \return Negative 失敗時ã«è² ã®å€¤ã€‚ - \param input PKCS#8ã®æš—å·åŒ–ã•れã¦ã„ãªã„秘密éµã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx ãƒãƒƒãƒ•ã‚¡ã®ã‚¤ãƒ³ãƒ‡ã‚¯ã‚¹ä½ç½®ã‚’ä¿æŒã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚入力時ã«ã¯ã“ã®å¤‰æ•°ã®å†…容ã¯ãƒãƒƒãƒ•ァ内部ã®PKCS#8ã®é–‹å§‹ä½ç½®ã‚’示ã—ã¾ã™ã€‚出力時ã«ã¯ã€ç§˜å¯†éµã®å…ˆé ­ä½ç½®ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param input æš—å·åŒ–ã•れã¦ã„ãªã„PKCS#8秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param inOutIdx 入力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚入力時ã€PKCS#8ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã¸ã®ãƒã‚¤ãƒˆã‚ªãƒ•セットã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚出力時ã€å…¥åŠ›ãƒãƒƒãƒ•ァ内ã®å¾“æ¥ã®ç§˜å¯†éµã¸ã®ãƒã‚¤ãƒˆã‚ªãƒ•セットã«ãªã‚Šã¾ã™ã€‚ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code - byte* pkcs8Buf; // Buffer containing PKCS#8 key. + byte* pkcs8Buf; // PKCS#8キーをå«ã‚€ãƒãƒƒãƒ•ァ。 word32 idx = 0; - word32 sz; // Size of pkcs8Buf. + word32 sz; // pkcs8Bufã®ã‚µã‚¤ã‚ºã€‚ ... ret = wc_GetPkcs8TraditionalOffset(pkcs8Buf, &idx, sz); - // pkcs8Buf + idx is now the beginning of the traditional private key bytes. + // pkcs8Buf + idxã¯å¾“æ¥ã®ç§˜å¯†éµãƒã‚¤ãƒˆã®å…ˆé ­ã«ãªã‚Šã¾ã™ã€‚ \endcode \sa wc_CreatePKCS8Key @@ -1392,30 +1556,29 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã®ç§˜å¯†éµã‚’入力ã¨ã—ã€RKCS#8å½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - ã¾ãŸã€PKCS#12ã®ã‚·ãƒ¥ãƒ­â€•ディットキーãƒãƒƒã‚°ã®ä½œæˆã«ã‚‚使用ã§ãã¾ã™ã€‚RFC5208ã‚’å‚ç…§ã®ã“ã¨ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€DER秘密éµã‚’å—ã‘å–りã€PKCS#8å½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚PKCS#12縮å°ã‚­ãƒ¼ãƒãƒƒã‚°ã®ä½œæˆã«ã‚‚使用ã•れã¾ã™ã€‚RFC 5208ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return æˆåŠŸæ™‚ã«ã¯å‡ºåŠ›ã•れãŸPKCS#8 éµã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E 出力先ãƒãƒƒãƒ•ã‚¡outãŒNULLã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«ã¯ã“ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒæ ¼ç´ã•れã¾ã™ã€‚ - \return エラー時ã«ã¯è² ã®æ•´æ•°å€¤ãŒè¿”ã•れã¾ã™ã€‚ - - \param out çµæžœã®å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã®å ´åˆã«ã¯å¿…è¦ãªå‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒoutSzã«æ ¼ç´ã•れã¾ã™ã€‚ - \param outSz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param key 従æ¥ã®DERå½¢å¼ã®ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param algoID アルゴリズムID (RSAkç­‰ã®) - \param curveOID ECC曲線OID。RSAéµã‚’使用ã™ã‚‹å ´åˆã«ã¯NULLã«ã™ã‚‹ã“ã¨ã€‚ - \param oidSz ECC曲線OIDã®ã‚µã‚¤ã‚ºã€‚curveOIDãŒNULLã®å ´åˆã«ã¯0ã«ã™ã‚‹ã“ã¨ã€‚ + \return The æˆåŠŸæ™‚ã«outã«é…ç½®ã•れãŸPKCS#8キーã®ã‚µã‚¤ã‚ºã€‚ + \return LENGTH_ONLY_E outãŒNULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ + + \param out çµæžœã‚’é…ç½®ã™ã‚‹ãƒãƒƒãƒ•ァ。NULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \param outSz outãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param key 従æ¥ã®DERキーをæŒã¤ãƒãƒƒãƒ•ァ。 + \param keySz keyãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param algoID アルゴリズムID(例:RSAk)。 + \param curveOID 使用ã•れる場åˆã®ECC曲線OID。RSAキーã®å ´åˆã¯NULLã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param oidSz 曲線OIDã®ã‚µã‚¤ã‚ºã€‚curveOIDãŒNULLã®å ´åˆã¯0ã«è¨­å®šã•れã¾ã™ã€‚ _Example_ \code - ecc_key eccKey; // wolfSSL ECC key object. - byte* der; // DER-encoded ECC key. - word32 derSize; // Size of der. - const byte* curveOid = NULL; // OID of curve used by eccKey. - word32 curveOidSz = 0; // Size of curve OID. - byte* pkcs8; // Output buffer for PKCS#8 key. - word32 pkcs8Sz; // Size of output buffer. + ecc_key eccKey; // wolfSSL ECCキーオブジェクト。 + byte* der; // DERエンコードã•れãŸECCキー。 + word32 derSize; // derã®ã‚µã‚¤ã‚ºã€‚ + const byte* curveOid = NULL; // eccKeyã§ä½¿ç”¨ã•れる曲線ã®OID。 + word32 curveOidSz = 0; // 曲線OIDã®ã‚µã‚¤ã‚ºã€‚ + byte* pkcs8; // PKCS#8キー用ã®å‡ºåŠ›ãƒãƒƒãƒ•ァ。 + word32 pkcs8Sz; // 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ derSize = wc_EccKeyDerSize(&eccKey, 1); ... @@ -1424,7 +1587,7 @@ ret = wc_ecc_get_oid(eccKey.dp->oidSum, &curveOid, &curveOidSz); ... ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, der, - derSize, ECDSAk, curveOid, curveOidSz); // Get size needed in pkcs8Sz. + derSize, ECDSAk, curveOid, curveOidSz); // pkcs8Szã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’å–得。 ... ret = wc_CreatePKCS8Key(pkcs8, &pkcs8Sz, der, derSize, ECDSAk, curveOid, curveOidSz); @@ -1442,42 +1605,40 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯æš—å·åŒ–ã•れã¦ã„ãªã„PKCS#8ã®DERå½¢å¼ã®éµ(例ãˆã°wc_CreatePKCS8Keyã§ç”Ÿæˆã•れãŸéµ)ã‚’å—ã‘å–りã€PKCS#8 æš—å·åŒ–å½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - çµæžœã¨ã—ã¦å¾—ã‚‰ã‚ŒãŸæš—å·åŒ–éµã¯wc_DecryptPKCS8Keyを使ã£ã¦å¾©å·ã§ãã¾ã™ã€‚RFC5208ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + \brief ã“ã®é–¢æ•°ã¯ã€æš—å·åŒ–ã•れã¦ã„ãªã„PKCS#8 DERキー(例:wc_CreatePKCS8Keyã«ã‚ˆã£ã¦ä½œæˆã•れãŸã‚‚ã®ï¼‰ã‚’å—ã‘å–りã€PKCS#8æš—å·åŒ–å½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚çµæžœã®æš—å·åŒ–ã•れãŸã‚­ãƒ¼ã¯ã€wc_DecryptPKCS8Keyを使用ã—ã¦å¾©å·ã§ãã¾ã™ã€‚RFC 5208ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return æˆåŠŸæ™‚ã«ã¯å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ã•ã‚ŒãŸæš—å·åŒ–éµã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E 出力先ãƒãƒƒãƒ•ã‚¡outãŒNULLã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«ã¯ã“ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒæ ¼ç´ã•れã¾ã™ã€‚ - \return エラー時ã«ã¯è² ã®æ•´æ•°å€¤ãŒè¿”ã•れã¾ã™ã€‚ - - \param key 従æ¥ã®DERå½¢å¼ã®éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param out å‡ºåŠ›çµæžœã‚’æ ¼ç´ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã®å ´åˆã«ã¯å¿…è¦ãªå‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒoutSzã«æ ¼ç´ã•れã¾ã™ã€‚ - \param outSz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param password パスワードベース暗å·åŒ–アルゴリズムã«ä½¿ç”¨ã•れるパスワード - \param passwordSz パスワードã®ã‚µã‚¤ã‚º(NULL終端文字ã¯å«ã¾ãªã„) - \param vPKCS 使用ã™ã‚‹PKCSã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç•ªå·ã€‚1 ã¯PKCS12 ã‹PKCS5。 - \param pbeOid パスワードベース暗å·åŒ–スキームã®OID(PBES2 ã‚ã‚‹ã„ã¯RFC2898 A.3ã«ã‚ã‚‹OIDã®ä¸€ã¤) - \param encAlgId æš—å·åŒ–アルゴリズムID(例ãˆã°AES256CBCb)。 - \param salt ソルト。NULLã®å ´åˆã¯ãƒ©ãƒ³ãƒ€ãƒ ã«é¸å®šã—ãŸã‚½ãƒ«ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ - \param saltSz ソルトサイズ。saltã«NULLを渡ã—ãŸå ´åˆã«ã¯0を指定ã§ãã¾ã™ã€‚ - \param itt éµå°Žå‡ºã®ãŸã‚ã®ç¹°ã‚Šè¿”ã—回数 - \param rng åˆæœŸåŒ–済ã¿ã®WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param heap 動的メモリ確ä¿ã®ãŸã‚ã®ãƒ’ープ。NULL指定もå¯ã€‚ + \return The æˆåŠŸæ™‚ã«outã«é…ç½®ã•ã‚ŒãŸæš—å·åŒ–ã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã€‚ + \return LENGTH_ONLY_E outãŒNULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ + + \param key 従æ¥ã®DERキーをæŒã¤ãƒãƒƒãƒ•ァ。 + \param keySz keyãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param out çµæžœã‚’é…ç½®ã™ã‚‹ãƒãƒƒãƒ•ァ。NULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \param outSz outãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param password ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãƒ™ãƒ¼ã‚¹ã®æš—å·åŒ–アルゴリズムã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワード。 + \param passwordSz パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 + \param vPKCS 使用ã™ã‚‹PKCSãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€‚PKCS12ã¾ãŸã¯PKCS5ã®å ´åˆã¯1。 + \param pbeOid 使用ã™ã‚‹PBEスキームã®OID(例:PBES2ã¾ãŸã¯RFC 2898 A.3ã®PBES1ã®OIDã®1ã¤ï¼‰ã€‚ + \param encAlgId 使用ã™ã‚‹æš—å·åŒ–アルゴリズムID(例:AES256CBCb)。 + \param salt 使用ã™ã‚‹ã‚½ãƒ«ãƒˆãƒãƒƒãƒ•ァ。NULLã®å ´åˆã€ãƒ©ãƒ³ãƒ€ãƒ ãªã‚½ãƒ«ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ + \param saltSz ソルトãƒãƒƒãƒ•ã‚¡ã®é•·ã•。saltã«NULLを渡ã™å ´åˆã¯0。 + \param itt KDFã«ä½¿ç”¨ã™ã‚‹å復回数。 + \param rng åˆæœŸåŒ–ã•れãŸWC_RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code - byte* pkcs8; // Unencrypted PKCS#8 key. - word32 pkcs8Sz; // Size of pkcs8. - byte* pkcs8Enc; // Encrypted PKCS#8 key. - word32 pkcs8EncSz; // Size of pkcs8Enc. - const char* password; // Password to use for encryption. - int passwordSz; // Length of password (not including NULL terminator). + byte* pkcs8; // æš—å·åŒ–ã•れã¦ã„ãªã„PKCS#8キー。 + word32 pkcs8Sz; // pkcs8ã®ã‚µã‚¤ã‚ºã€‚ + byte* pkcs8Enc; // æš—å·åŒ–ã•れãŸPKCS#8キー。 + word32 pkcs8EncSz; // pkcs8Encã®ã‚µã‚¤ã‚ºã€‚ + const char* password; // æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワード。 + int passwordSz; // パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 WC_RNG rng; - // The following produces an encrypted version of pkcs8 in pkcs8Enc. The - // encryption uses password-based encryption scheme 2 (PBE2) from PKCS#5 and - // the AES cipher in CBC mode with a 256-bit key. See RFC 8018 for more on - // PKCS#5. + // 以下ã¯ã€pkcs8Encã«pkcs8ã®æš—å·åŒ–ã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’生æˆã—ã¾ã™ã€‚æš—å·åŒ–㯠+ // PKCS#5ã®ãƒ‘スワードベース暗å·åŒ–スキーム2(PBE2)ã¨CBCモードã®256ビット + // キーをæŒã¤AESæš—å·ã‚’使用ã—ã¾ã™ã€‚PKCS#5ã®è©³ç´°ã«ã¤ã„ã¦ã¯RFC 8018ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 ret = wc_EncryptPKCS8Key(pkcs8, pkcs8Sz, pkcs8Enc, &pkcs8EncSz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); @@ -1496,24 +1657,22 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯æš—å·åŒ–ã•れãŸPKCS#8ã®DERå½¢å¼ã®éµã‚’å—ã‘å–りã€å¾©å·ã—ã¦PKCS#8 DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚ - wc_EncryptPKCS8Keyã«ã‚ˆã£ã¦è¡Œã‚ã‚ŒãŸæš—å·åŒ–ã‚’å…ƒã«æˆ»ã—ã¾ã™ã€‚RFC5208ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - 入力データã¯å¾©å·ãƒ‡ãƒ¼ã‚¿ã«ã‚ˆã£ã¦ä¸Šæ›¸ãã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æš—å·åŒ–ã•れãŸPKCS#8 DERキーをå—ã‘å–りã€PKCS#8æš—å·åŒ–ã•れã¦ã„ãªã„DERã«å¾©å·ã—ã¾ã™ã€‚wc_EncryptPKCS8Keyã«ã‚ˆã£ã¦è¡Œã‚ã‚ŒãŸæš—å·åŒ–ã‚’å…ƒã«æˆ»ã—ã¾ã™ã€‚RFC5208ã‚’å‚ç…§ã—ã¦ãã ã•ã„。入力ãƒãƒƒãƒ•ã‚¡ã¯å¾©å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã§ä¸Šæ›¸ãã•れã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯å¾©å·ãƒ‡ãƒ¼ã‚¿ã®é•·ã•ã‚’è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return The æˆåŠŸæ™‚ã«å¾©å·ã•れãŸãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \return Negative 失敗時ã«è² ã®å€¤ã€‚ - \param input 入力時ã«ã¯æš—å·åŒ–ã•れãŸPKCS#8éµãƒ‡ãƒ¼ã‚¿ã‚’å«ã¿ã¾ã™ã€‚出力時ã«ã¯å¾©å·ã•れãŸPKCS#8éµãƒ‡ãƒ¼ã‚¿ã‚’å«ã¿ã¾ã™ã€‚ - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param password éµã‚’æš—å·åŒ–ã™ã‚‹éš›ã®ãƒ‘スワード - \param passwordSz パスワードã®ã‚µã‚¤ã‚º(NULL終端文字ã¯å«ã¾ãªã„) + \param input å…¥åŠ›æ™‚ã€æš—å·åŒ–ã•れãŸPKCS#8キーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã€‚å‡ºåŠ›ãŒæˆåŠŸã™ã‚‹ã¨ã€å¾©å·ã•れãŸã‚­ãƒ¼ã‚’å«ã¿ã¾ã™ã€‚ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param password ã‚­ãƒ¼ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れãŸãƒ‘スワード。 + \param passwordSz パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 _Example_ \code - byte* pkcs8Enc; // Encrypted PKCS#8 key made with wc_EncryptPKCS8Key. - word32 pkcs8EncSz; // Size of pkcs8Enc. - const char* password; // Password to use for decryption. - int passwordSz; // Length of password (not including NULL terminator). + byte* pkcs8Enc; // wc_EncryptPKCS8Keyã§ä½œæˆã•ã‚ŒãŸæš—å·åŒ–ã•れãŸPKCS#8キー。 + word32 pkcs8EncSz; // pkcs8Encã®ã‚µã‚¤ã‚ºã€‚ + const char* password; // 復å·ã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワード。 + int passwordSz; // パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 ret = wc_DecryptPKCS8Key(pkcs8Enc, pkcs8EncSz, password, passwordSz); \endcode @@ -1529,42 +1688,41 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯å¾“æ¥ã®DERå½¢å¼ã®éµã‚’PKCS#8フォーマットã«å¤‰æ›ã—ã€æš—å·åŒ–を行ã„ã¾ã™ã€‚ - ã“ã®å‡¦ç†ã«ã¯wc_CreatePKCS8Keyã¨wc_EncryptPKCS8Keyを使用ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€å¾“æ¥ã®DERキーをå—ã‘å–りã€PKCS#8å½¢å¼ã«å¤‰æ›ã—ã€æš—å·åŒ–ã—ã¾ã™ã€‚ã“れを行ã†ãŸã‚ã«wc_CreatePKCS8Keyã¨wc_EncryptPKCS8Keyを使用ã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯å‡ºåŠ›ã—ãŸæš—å·åŒ–éµã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return LENGTH_ONLY_E ã‚‚ã—出力用ãƒãƒƒãƒ•ã‚¡outã«NULLãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãã®éš›ã«ã¯outSz変数ã«å¿…è¦ãªå‡ºåŠ›ç”¨ãƒãƒƒãƒ•ァサイズを格ç´ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - - \param key 従æ¥ã®DERå½¢å¼ã®éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param out çµæžœã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLãŒæŒ‡å®šã•れãŸå ´åˆã«ã¯ã€å¿…è¦ãªãƒãƒƒãƒ•ァサイズãŒoutSzã«æ ¼ç´ã•れã¾ã™ã€‚ - \param outSz çµæžœã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param password パスワードベース暗å·ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«ä½¿ç”¨ã•れるパスワード - \param passwordSz パスワードã®ã‚µã‚¤ã‚º(NULL終端文字ã¯å«ã¾ãªã„) - \param vPKCS 使用ã™ã‚‹PKCSã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç•ªå·ã€‚1 ã¯PKCS12 ã‹PKCS5。 - \param pbeOid パスワードベース暗å·åŒ–スキームã®OID(PBES2 ã‚ã‚‹ã„ã¯RFC2898 A.3ã«ã‚ã‚‹OIDã®ä¸€ã¤) - \param encAlgId æš—å·åŒ–アルゴリズムID(例ãˆã°AES256CBCb)。 - \param salt ソルト。NULLã®å ´åˆã¯ãƒ©ãƒ³ãƒ€ãƒ ã«é¸å®šã—ãŸã‚½ãƒ«ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ - \param saltSz ソルトサイズ。saltã«NULLを渡ã—ãŸå ´åˆã«ã¯0を指定ã§ãã¾ã™ã€‚ - \param itt éµå°Žå‡ºã®ãŸã‚ã®ç¹°ã‚Šè¿”ã—回数 - \param rng åˆæœŸåŒ–済ã¿ã®WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param heap 動的メモリ確ä¿ã®ãŸã‚ã®ãƒ’ープ。NULL指定もå¯ã€‚ + \return The æˆåŠŸæ™‚ã«outã«é…ç½®ã•ã‚ŒãŸæš—å·åŒ–ã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã€‚ + \return LENGTH_ONLY_E outãŒNULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ + + \param key 従æ¥ã®DERキーをæŒã¤ãƒãƒƒãƒ•ァ。 + \param keySz keyãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param out çµæžœã‚’é…ç½®ã™ã‚‹ãƒãƒƒãƒ•ァ。NULLã®å ´åˆã€outSzã«å¿…è¦ãªå‡ºåŠ›ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + \param outSz outãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param password ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãƒ™ãƒ¼ã‚¹ã®æš—å·åŒ–アルゴリズムã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワード。 + \param passwordSz パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 + \param vPKCS 使用ã™ã‚‹PKCSãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€‚PKCS12ã¾ãŸã¯PKCS5ã®å ´åˆã¯1。 + \param pbeOid 使用ã™ã‚‹PBEスキームã®OID(例:PBES2ã¾ãŸã¯RFC 2898 A.3ã®PBES1ã®OIDã®1ã¤ï¼‰ã€‚ + \param encAlgId 使用ã™ã‚‹æš—å·åŒ–アルゴリズムID(例:AES256CBCb)。 + \param salt 使用ã™ã‚‹ã‚½ãƒ«ãƒˆãƒãƒƒãƒ•ァ。NULLã®å ´åˆã€ãƒ©ãƒ³ãƒ€ãƒ ãªã‚½ãƒ«ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ + \param saltSz ソルトãƒãƒƒãƒ•ã‚¡ã®é•·ã•。saltã«NULLを渡ã™å ´åˆã¯0。 + \param itt KDFã«ä½¿ç”¨ã™ã‚‹å復回数。 + \param rng åˆæœŸåŒ–ã•れãŸWC_RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code - byte* key; // Traditional private key (DER formatted). - word32 keySz; // Size of key. - byte* pkcs8Enc; // Encrypted PKCS#8 key. - word32 pkcs8EncSz; // Size of pkcs8Enc. - const char* password; // Password to use for encryption. - int passwordSz; // Length of password (not including NULL terminator). + byte* key; // 従æ¥ã®ç§˜å¯†éµï¼ˆDERå½¢å¼ï¼‰ã€‚ + word32 keySz; // keyã®ã‚µã‚¤ã‚ºã€‚ + byte* pkcs8Enc; // æš—å·åŒ–ã•れãŸPKCS#8キー。 + word32 pkcs8EncSz; // pkcs8Encã®ã‚µã‚¤ã‚ºã€‚ + const char* password; // æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワード。 + int passwordSz; // パスワードã®é•·ã•(NULLターミãƒãƒ¼ã‚¿ã‚’å«ã¾ãªã„)。 WC_RNG rng; - // The following produces an encrypted, PKCS#8 version of key in pkcs8Enc. - // The encryption uses password-based encryption scheme 2 (PBE2) from PKCS#5 - // and the AES cipher in CBC mode with a 256-bit key. See RFC 8018 for more - // on PKCS#5. + // 以下ã¯ã€pkcs8Encã«keyã®æš—å·åŒ–ã•れãŸPKCS#8ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’生æˆã—ã¾ã™ã€‚ + // æš—å·åŒ–ã¯PKCS#5ã®ãƒ‘スワードベース暗å·åŒ–スキーム2(PBE2)ã¨CBCモード㮠+ // 256ビットキーをæŒã¤AESæš—å·ã‚’使用ã—ã¾ã™ã€‚PKCS#5ã®è©³ç´°ã«ã¤ã„ã¦ã¯ + // RFC 8018ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 ret = wc_CreateEncryptedPKCS8Key(key, keySz, pkcs8Enc, &pkcs8EncSz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL); @@ -1583,20 +1741,18 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯cert引数ã§ä¸Žãˆã‚‰ã‚ŒãŸDecodedCertæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚“ã§ã„ã‚‹sourceå¼•æ•°ã®æŒ‡ã™ãƒã‚¤ãƒ³ã‚¿ã‹ã‚‰è¨¼æ˜Žæ›¸ã‚µã‚¤ã‚ºinSzã®é•·ã•を内部ã«ä¿å­˜ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã®å¾Œã«å‘¼ã³å‡ºã•れるwc_ParseCertã«ã‚ˆã£ã¦è¨¼æ˜Žæ›¸ãŒè§£æžã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€"cert"ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒæŒ‡ã™DecodedCertã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚é•·ã•"inSz"ã®DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã¸ã®"source"ãƒã‚¤ãƒ³ã‚¿ã‚’ä¿å­˜ã—ã¾ã™ã€‚ã“ã®è¨¼æ˜Žæ›¸ã¯ã€wc_ParseCertã¸ã®å¾Œç¶šã®å‘¼ã³å‡ºã—ã«ã‚ˆã£ã¦è§£æžã§ãã¾ã™ã€‚ - \param cert DecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param source DERå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 証明書データã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ - \param heap 動的メモリ確ä¿ã®ãŸã‚ã®ãƒ’ープ。NULL指定もå¯ã€‚ + \param cert 割り当ã¦ã‚‰ã‚ŒãŸDecodedCertオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param source DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code - DecodedCert decodedCert; // Decoded certificate object. - byte* certBuf; // DER-encoded certificate buffer. - word32 certBufSz; // Size of certBuf in bytes. + DecodedCert decodedCert; // デコードã•れãŸè¨¼æ˜Žæ›¸ã‚ªãƒ–ジェクト。 + byte* certBuf; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァ。 + word32 certBufSz; // certBufã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ wc_InitDecodedCert(&decodedCert, certBuf, certBufSz, NULL); \endcode @@ -1610,25 +1766,22 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DecodedCert構造体ã«ä¿å­˜ã•れã¦ã„ã‚‹DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’è§£æžã—ã€ãã®æ§‹é€ ä½“ã«å„種フィールドを設定ã—ã¾ã™ã€‚ - DecodedCert構造体ã¯wc_InitDecodedCertを呼ã³å‡ºã—ã¦åˆæœŸåŒ–ã—ã¦ãŠãå¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã‚ªãƒ—ションã§CertificateManager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å—ã‘å–りã€CAãŒè¨¼æ˜Žæ›¸ãƒžãƒã‚¸ãƒ£ãƒ¼ã§æ¤œç´¢ã§ããŸå ´åˆã«ã¯ã€ - ãã®CAã«é–¢ã™ã‚‹æƒ…報もDecodedCert構造体ã«è¿½åŠ è¨­å®šã—ã¾ã™ã€‚ - - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - - \param cert åˆæœŸåŒ–済ã¿ã®DecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type 証明書タイプ。タイプã®è¨­å®šå€¤ã«ã¤ã„ã¦ã¯asn_public.hã®CertType enum定義をå‚ç…§ã—ã¦ãã ã•ã„。 - \param verify 呼ã³å‡ºã—å´ãŒè¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã‚’求ã‚ã¦ã„ã‚‹ã“ã¨ã‚’指示ã™ãƒ•ラグã§ã™ã€‚ - \param cm CertificateManager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§æŒ‡å®šå¯ã€‚NULLã§ã‚‚å¯ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€DecodedCertオブジェクトã«ä¿å­˜ã•れãŸDERエンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’è§£æžã—ã€ãã®ã‚ªãƒ–ジェクトã®ãƒ•ィールドを設定ã—ã¾ã™ã€‚DecodedCertã¯ã€wc_InitDecodedCertã¸ã®äº‹å‰ã®å‘¼ã³å‡ºã—ã§åˆæœŸåŒ–ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€CertificateManagerオブジェクトã¸ã®ã‚ªãƒ—ションã®ãƒã‚¤ãƒ³ã‚¿ã‚’å–りã€CAãŒCertificateManagerã§è¦‹ã¤ã‹ã£ãŸå ´åˆã€DecodedCertã®è¨¼æ˜Žæ©Ÿé–¢æƒ…報を設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ + + \param cert åˆæœŸåŒ–ã•れãŸDecodedCertオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type 証明書ã®ã‚¿ã‚¤ãƒ—。asn_public.hã®CertType列挙型をå‚ç…§ã—ã¦ãã ã•ã„。 + \param verify 設定ã•れã¦ã„ã‚‹å ´åˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æ€§ã‚’æ¤œè¨¼ã—ãŸã„ã“ã¨ã‚’示ã™ãƒ•ラグ。 + \param cm CertificateManagerã¸ã®ã‚ªãƒ—ションã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code int ret; - DecodedCert decodedCert; // Decoded certificate object. - byte* certBuf; // DER-encoded certificate buffer. - word32 certBufSz; // Size of certBuf in bytes. + DecodedCert decodedCert; // デコードã•れãŸè¨¼æ˜Žæ›¸ã‚ªãƒ–ジェクト。 + byte* certBuf; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァ。 + word32 certBufSz; // certBufã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ wc_InitDecodedCert(&decodedCert, certBuf, certBufSz, NULL); ret = wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL); @@ -1645,16 +1798,16 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯wc_InitDecodedCertã§åˆæœŸåŒ–済ã¿ã®DecodedCert構造体を解放ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wc_InitDecodedCertã§ä»¥å‰ã«åˆæœŸåŒ–ã•れãŸDecodedCertを解放ã—ã¾ã™ã€‚ - \param cert åˆæœŸåŒ–済ã¿ã®DecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cert åˆæœŸåŒ–ã•れãŸDecodedCertオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret; - DecodedCert decodedCert; // Decoded certificate object. - byte* certBuf; // DER-encoded certificate buffer. - word32 certBufSz; // Size of certBuf in bytes. + DecodedCert decodedCert; // デコードã•れãŸè¨¼æ˜Žæ›¸ã‚ªãƒ–ジェクト。 + byte* certBuf; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァ。 + word32 certBufSz; // certBufã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ wc_InitDecodedCert(&decodedCert, certBuf, certBufSz, NULL); ret = wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL); @@ -1672,27 +1825,25 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ã‚¿ã‚¤ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚wolfSSLãŒç¾åœ¨æ™‚刻を必è¦ã¨ã—ãŸã‚¿ã‚¤ãƒŸãƒ³ã‚°ã§ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’呼ã³å‡ºã—ã¾ã™ã€‚ - ã“ã®ã‚¿ã‚¤ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã®ãƒ—ロトタイプ(シグãƒãƒãƒ£ï¼‰ã¯C標準ライブラリã®"time"関数ã¨åŒä¸€ã§ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒç¾åœ¨æ™‚刻をå–å¾—ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã¨ãã«ä½¿ç”¨ã•れる時刻コールãƒãƒƒã‚¯ã‚’登録ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ãƒ—ロトタイプã¯ã€C標準ライブラリã®"time"関数ã¨åŒã˜ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - - \param f タイムコールãƒãƒƒã‚¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ + \param f 時刻コールãƒãƒƒã‚¯ã¨ã—ã¦ç™»éŒ²ã™ã‚‹é–¢æ•°ã€‚ _Example_ \code int ret = 0; - // Time callback prototype + // 時刻コールãƒãƒƒã‚¯ã®ãƒ—ロトタイプ time_t my_time_cb(time_t* t); - // Register it + // 登録ã™ã‚‹ ret = wc_SetTimeCb(my_time_cb); if (ret != 0) { - // failed to set time callback + // 時刻コールãƒãƒƒã‚¯ã®è¨­å®šå¤±æ•— } time_t my_time_cb(time_t* t) { - // custom time function + // カスタム時刻関数 } \endcode @@ -1703,12 +1854,11 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨æ™‚刻をå–å¾—ã—ã¾ã™ã€‚デフォルトã§XTIMEマクロ関数を使ã„ã¾ã™ã€‚ã“ã®ãƒžã‚¯ãƒ­é–¢æ•°ã¯ãƒ—ラットフォームä¾å­˜ã§ã™ã€‚ - ユーザーã¯ã“ã®ãƒžã‚¯ãƒ­ã®ä»£ã‚りã«wc_SetTimeCbã§ã‚¿ã‚¤ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’使ã†ã‚ˆã†ã«è¨­å®šã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ + \brief ã“ã®é–¢æ•°ã¯ã€ç¾åœ¨æ™‚刻をå–å¾—ã—ã¾ã™ã€‚デフォルトã§ã¯ã€ãƒ—ラットフォーム間ã§ç•°ãªã‚‹XTIMEマクロを使用ã—ã¾ã™ã€‚ユーザーã¯ã€wc_SetTimeCb関数を介ã—ã¦ä»»æ„ã®é–¢æ•°ã‚’使用ã§ãã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯ç¾åœ¨æ™‚刻を返ã—ã¾ã™ã€‚ + \return Time æˆåŠŸæ™‚ã«è¿”ã•れるç¾åœ¨æ™‚刻。 - \param t ç¾åœ¨æ™‚刻を返å´ã™ã‚‹ã‚ªãƒ—ションã®time_t型変数。 + \param t ç¾åœ¨æ™‚刻を設定ã™ã‚‹ã‚ªãƒ—ションã®time_tãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1724,19 +1874,19 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯X.509証明書ã«ã‚«ã‚¹ã‚¿ãƒ æ‹¡å¼µã‚’追加ã—ã¾ã™ã€‚ - 注: ã“ã®é–¢æ•°ã«æ¸¡ã™ãƒã‚¤ãƒ³ã‚¿å¼•æ•°ãŒä¿æŒã™ã‚‹å†…容ã¯è¨¼æ˜Žæ›¸ãŒç”Ÿæˆã•れるã¾ã§å¤‰æ›´ã•れã¦ã¯ã„ã‘ã¾ã›ã‚“。 - ã“ã®é–¢æ•°ã§ã¯ãƒã‚¤ãƒ³ã‚¿ãŒæŒ‡ã™å…ˆã®å†…容ã¯åˆ¥ã®ãƒãƒƒãƒ•ã‚¡ã«ã¯è¤‡è£½ã—ã¾ã›ã‚“。 - - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - - \param cert åˆæœŸåŒ–済ã¿ã®DecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param critical 0ãŒæŒ‡å®šã•れãŸå ´åˆã«ã¯è¿½åŠ ã™ã‚‹æ‹¡å¼µã¯ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ã¨ã¯ãƒžãƒ¼ã‚¯ã•れã¾ã›ã‚“。 - 0ä»¥å¤–ãŒæŒ‡å®šã•れãŸå ´åˆã«ã¯ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ã¨ãƒžãƒ¼ã‚¯ã•れã¾ã™ã€‚ - \param oid ドット区切りã®oid文字列。例ãˆã°ã€"1.2.840.10045.3.1.7" - \param der 拡張情報ã®DERエンコードã•れãŸå†…容をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param derSz DERエンコードã•れãŸå†…容をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief ã“ã®é–¢æ•°ã¯ã€X.509証明書ã«ã‚«ã‚¹ã‚¿ãƒ æ‹¡å¼µã‚’挿入ã—ã¾ã™ã€‚ + 注:ãƒã‚¤ãƒ³ã‚¿ã§ã‚るパラメータã®ã„ãšã‚Œã‹ãŒæŒ‡ã™ã‚¢ãƒ‰ãƒ¬ã‚¹ã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã¯ã€ + 証明書ãŒç”Ÿæˆã•れã¦der出力ãŒå¾—られるã¾ã§å¤‰æ›´ã—ã¦ã¯ã„ã‘ã¾ã›ã‚“。 + ã“ã®é–¢æ•°ã¯ã‚³ãƒ³ãƒ†ãƒ³ãƒ„を別ã®ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã›ã‚“。 + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ + + \param cert åˆæœŸåŒ–ã•れãŸDecodedCertオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param critical 0ã®å ´åˆã€æ‹¡å¼µã¯é‡è¦ã¨ã—ã¦ãƒžãƒ¼ã‚¯ã•れã¾ã›ã‚“。ãれ以外ã®å ´åˆã¯é‡è¦ã¨ã—ã¦ãƒžãƒ¼ã‚¯ã•れã¾ã™ã€‚ + \param oid ドット区切りã®oidを文字列ã¨ã—ã¦ã€‚例:"1.2.840.10045.3.1.7" + \param der æ‹¡å¼µã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®derエンコーディング。 + \param derSz derエンコーディングã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ _Example_ @@ -1745,21 +1895,21 @@ Cert newCert; wc_InitCert(&newCert); - // Code to setup subject, public key, issuer, and other things goes here. + // subjectã€å…¬é–‹éµã€ç™ºè¡Œè€…ã€ãã®ä»–ã®ã‚‚ã®ã‚’設定ã™ã‚‹ã‚³ãƒ¼ãƒ‰ãŒã“ã“ã«å…¥ã‚Šã¾ã™ã€‚ ret = wc_SetCustomExtension(&newCert, 1, "1.2.3.4.5", (const byte *)"This is a critical extension", 28); if (ret < 0) { - // Failed to set the extension. + // æ‹¡å¼µã®è¨­å®šå¤±æ•—。 } ret = wc_SetCustomExtension(&newCert, 0, "1.2.3.4.6", (const byte *)"This is NOT a critical extension", 32) if (ret < 0) { - // Failed to set the extension. + // æ‹¡å¼µã®è¨­å®šå¤±æ•—。 } - // Code to sign the certificate and then write it out goes here. + // 証明書ã«ç½²åã—ã¦ã‹ã‚‰æ›¸ã出ã™ã‚³ãƒ¼ãƒ‰ãŒã“ã“ã«å…¥ã‚Šã¾ã™ã€‚ \endcode @@ -1772,44 +1922,44 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯wolfSSLãŒè¨¼æ˜Žæ›¸ã®è§£æžä¸­ã«æœªçŸ¥ã®X.509æ‹¡å¼µã«é­é‡ã—ãŸéš›ã«å‘¼ã³å‡ºã™ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚ - コールãƒãƒƒã‚¯é–¢æ•°ã®ãƒ—ロトタイプã¯ä½¿ç”¨ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒè¨¼æ˜Žæ›¸ã®è§£æžä¸­ã«è¨¼æ˜Žæ›¸å†…ã®ä¸æ˜ŽãªX.509æ‹¡å¼µã«é­é‡ã—ãŸã¨ãã«ä½¿ç”¨ã•れるコールãƒãƒƒã‚¯ã‚’登録ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ãƒ—ãƒ­ãƒˆã‚¿ã‚¤ãƒ—ã¯æ¬¡ã®ã‚ˆã†ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼š - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ - \param cert コールãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã™ã‚‹å¯¾è±¡ã®DecodedCert構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb 登録ã•れるコールãƒãƒƒã‚¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ + \param cert ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã«é–¢é€£ä»˜ã‘られるDecodedCert構造体。 + \param cb 時刻コールãƒãƒƒã‚¯ã¨ã—ã¦ç™»éŒ²ã™ã‚‹é–¢æ•°ã€‚ _Example_ \code int ret = 0; - // Unknown extension callback prototype + // 䏿˜Žãªæ‹¡å¼µã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ãƒ—ロトタイプ int myUnknownExtCallback(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); - // Register it + // 登録ã™ã‚‹ ret = wc_SetUnknownExtCallback(cert, myUnknownExtCallback); if (ret != 0) { - // failed to set the callback + // コールãƒãƒƒã‚¯ã®è¨­å®šå¤±æ•— } - // oid: OIDã‚’æ§‹æˆã™ã‚‹ãƒ‰ãƒƒãƒˆåŒºåˆ‡ã‚Šã®æ•°ã‚’æ ¼ç´ã—ãŸé…列 - // oidSz: oid内ã®å€¤ã®æ•° - // crit: æ‹¡å¼µãŒã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ã¨ãƒžãƒ¼ã‚¯ã•れã¦ã„ã‚‹ã‹ - // der: DERエンコードã•れã¦ã„ã‚‹æ‹¡å¼µã®å†…容 - // derSz: æ‹¡å¼µã®å†…容ã®ã‚µã‚¤ã‚º + // oid: oidã®ãƒ‰ãƒƒãƒˆåŒºåˆ‡ã‚Šå€¤ã§ã‚ã‚‹æ•´æ•°ã®é…列。 + // oidSz: oid内ã®å€¤ã®æ•°ã€‚ + // crit: æ‹¡å¼µãŒé‡è¦ã¨ã—ã¦ãƒžãƒ¼ã‚¯ã•れãŸã‹ã©ã†ã‹ã€‚ + // der: æ‹¡å¼µã®ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®derエンコーディング。 + // derSz: derエンコーディングã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ int myCustomExtCallback(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz) { - // 拡張を解æžã™ã‚‹ãƒ­ã‚¸ãƒƒã‚¯ã¯ã“ã“ã«è¨˜è¿°ã—ã¾ã™ - - // NOTE: コールãƒãƒƒã‚¯é–¢æ•°ã‹ã‚‰0ã‚’è¿”ã™ã¨wolfSSLã«å¯¾ã—ã¦ã“ã®æ‹¡å¼µã‚’å—ã‘入れå¯èƒ½ã¨ - // 表明ã™ã‚‹ã“ã¨ã«ãªã‚Šã¾ã™ã€‚ã“ã®æ‹¡å¼µã‚’処ç†ã§ãã‚‹ã¨åˆ¤æ–­ã§ããªã„å ´åˆã«ã¯ã‚¨ãƒ©ãƒ¼ã‚’ - // è¿”ã—ã¦ãã ã•ã„。クリティカルã¨ãƒžãƒ¼ã‚¯ã•れã¦ã„ã‚‹æœªçŸ¥ã®æ‹¡å¼µã«é­é‡ã—ãŸéš›ã®æ¨™æº–çš„ - // ãªæŒ¯ã‚‹èˆžã„ã¯ASN_CRIT_EXT_Eã‚’è¿”ã™ã“ã¨ã§ã™ã€‚ - // ç°¡æ½”ã«ã™ã‚‹ãŸã‚ã«ã“ã®ä¾‹ã§ã¯ã™ã¹ã¦ã®æ‹¡å¼µæƒ…報をå—ã‘入れå¯ã¨ã—ã¦ã„ã¾ã™ãŒã€å®Ÿéš›ã«ã¯å®Ÿæƒ…ã«æ²¿ã†ã‚ˆã†ã«ãƒ­ã‚¸ãƒƒã‚¯ã‚’追加ã—ã¦ãã ã•ã„。 + // 拡張を解æžã™ã‚‹ãƒ­ã‚¸ãƒƒã‚¯ãŒã“ã“ã«å…¥ã‚Šã¾ã™ã€‚ + // 注:0ã‚’è¿”ã™ã“ã¨ã§ã€ã“ã®æ‹¡å¼µã‚’å—ã‘入れã€wolfSSLã« + // ãれãŒè¨±å®¹å¯èƒ½ã§ã‚ã‚‹ã“ã¨ã‚’通知ã—ã¦ã„ã¾ã™ã€‚許容ã§ããªã„拡張㌠+ // 見ã¤ã‹ã£ãŸå ´åˆã¯ã€ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚é‡è¦ãƒ•ラグ㌠+ // 設定ã•れãŸä¸æ˜Žãªæ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã®æ¨™æº–çš„ãªå‹•作ã¯ã€ + // ASN_CRIT_EXT_Eã‚’è¿”ã™ã“ã¨ã§ã™ã€‚ç°¡æ½”ã«ã™ã‚‹ãŸã‚ã€ã“ã®ä¾‹ã§ã¯ + // 常ã«ã™ã¹ã¦ã®æ‹¡å¼µã‚’å—ã‘入れã¦ã„ã¾ã™ã€‚ç•°ãªã‚‹ãƒ­ã‚¸ãƒƒã‚¯ã‚’ + // 使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ return 0; } \endcode @@ -1822,18 +1972,18 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯DERå½¢å¼ã®X.509 証明書ã®ç½²åを与ãˆã‚‰ã‚ŒãŸå…¬é–‹éµã‚’使ã£ã¦æ¤œè¨¼ã—ã¾ã™ã€‚ - 公開éµã¯DERå½¢å¼ã§å…¨å…¬é–‹éµæƒ…報をå«ã‚“ã ã‚‚ã®ãŒæ±‚ã‚られã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€X.509証明書ã®derå½¢å¼ã®ç½²åを公開éµã«å¯¾ã—ã¦æ¤œè¨¼ã—ã¾ã™ã€‚公開éµã¯ã€derå½¢å¼ã®å®Œå…¨ãªã‚µãƒ–ã‚¸ã‚§ã‚¯ãƒˆå…¬é–‹éµæƒ…å ±ã§ã‚ã‚‹ã“ã¨ãŒæœŸå¾…ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return エラー発生時ã«ã¯è² ã®æ•´æ•°å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return Other 失敗時ã«è² ã®å€¤ã€‚ - \param cert DERå½¢å¼ã®X.509証明書をå«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param certSz 証明書をå«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param heap 動的メモリ確ä¿ã®ãŸã‚ã®ãƒ’ープ。NULL指定もå¯ã€‚ - \param pubKey DERå½¢å¼ã®å…¬é–‹éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pubKeySz 公開éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param pubKeyOID 公開éµã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’特定ã™ã‚‹OID(ã™ãªã‚ã¡: ECDSAk, DSAk ã‚„ RSAk) + \param cert X.509証明書ã®derエンコーディング。 + \param certSz certã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ + \param pubKey 公開éµã®derエンコーディング。 + \param pubKeySz pubKeyã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + \param pubKeyOID 公開éµã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’識別ã™ã‚‹OID。 + (例:ECDSAkã€DSAkã¾ãŸã¯RSAk) */ int wc_CheckCertSigPubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, @@ -1842,21 +1992,20 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯Asn1PrintOptionsæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1ãƒ—ãƒªãƒ³ãƒˆã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã€‚ - \param opts プリントã®ãŸã‚ã®Asn1PrintOptions構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param opts プリント用ã®ASN.1オプション。 _Example_ \code Asn1PrintOptions opt; - // Initialize ASN.1 print options before use. + // 使用å‰ã«ASN.1ãƒ—ãƒªãƒ³ãƒˆã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1PrintOptions_Init(&opt); \endcode - \sa wc_Asn1PrintOptions_Set \sa wc_Asn1_PrintAll */ @@ -1865,23 +2014,23 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯Asn1PrintOptions構造体ã«ãƒ—リント情報を設定ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1プリントオプションオブジェクトã«ãƒ—リントオプションを設定ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG valãŒç¯„囲外ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param opts Asn1PrintOptions構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param opt 設定ã™ã‚‹æƒ…å ±ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param val 設定値 + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã€‚ + \return BAD_FUNC_ARG valãŒoptionã®ç¯„囲外ã®å ´åˆã€‚ + + \param opts プリント用ã®ASN.1オプション。 + \param opt 値を設定ã™ã‚‹ã‚ªãƒ—ション。 + \param val 設定ã™ã‚‹å€¤ã€‚ _Example_ \code Asn1PrintOptions opt; - // Initialize ASN.1 print options before use. + // 使用å‰ã«ASN.1ãƒ—ãƒªãƒ³ãƒˆã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1PrintOptions_Init(&opt); - // Set the number of indents when printing tag name to be 1. + // ã‚¿ã‚°åをプリントã™ã‚‹éš›ã®ã‚¤ãƒ³ãƒ‡ãƒ³ãƒˆæ•°ã‚’1ã«è¨­å®šã—ã¾ã™ã€‚ wc_Asn1PrintOptions_Set(&opt, ASN1_PRINT_OPT_INDENT, 1); \endcode @@ -1894,18 +2043,18 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯Asn1æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1è§£æžã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã€‚ - \param asn1 Asn1構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param asn1 ASN.1è§£æžã‚ªãƒ–ジェクト。 _Example_ \code Asn1 asn1; - // Initialize ASN.1 parse object before use. + // 使用å‰ã«ASN.1è§£æžã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1_Init(&asn1); \endcode @@ -1917,22 +2066,22 @@ /*! \ingroup ASN - \brief ã“ã®é–¢æ•°ã¯å‡ºåŠ›å…ˆã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãƒ•ァイルをAsn1構造体ã«ã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1è§£æžã‚ªãƒ–ジェクトã¸ã®ãƒ—リント時ã«ä½¿ç”¨ã™ã‚‹ãƒ•ァイルを設定ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG fileãŒXBADFILEã®å ´åˆã«è¿”ã•れã¾ã™ã€‚. + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG asn1ãŒNULLã®å ´åˆã€‚ + \return BAD_FUNC_ARG fileãŒXBADFILEã®å ´åˆã€‚ - \param asn1 Asn1構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file プリント先ã®ãƒ•ァイル + \param asn1 ASN.1è§£æžã‚ªãƒ–ジェクト。 + \param file プリント先ã®ãƒ•ァイル。 _Example_ \code Asn1 asn1; - // Initialize ASN.1 parse object before use. + // 使用å‰ã«ASN.1è§£æžã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1_Init(&asn1); - // Set standard out to be the file descriptor to write to. + // 標準出力を書ãè¾¼ã¿å…ˆã®ãƒ•ァイル記述å­ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ wc_Asn1_SetFile(&asn1, stdout); \endcode @@ -1944,35 +2093,35 @@ /*! \ingroup ASN - \brief ASN.1アイテムをプリントã—ã¾ã™ã€‚ + \brief ã™ã¹ã¦ã®ASN.1項目をプリントã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG asn1ã‹optsãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_LEN_E ASN.1アイテムãŒé•·ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_DEPTH_E 終了オフセットãŒç„¡åйã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E å…¨ã®ASN.1アイテムã®è§£æžãŒå®Œäº†ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param asn1 Asn1構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param opts Asn1PrintOptions構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data BER/DERå½¢å¼ã®ãƒ—リント対象データã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len プリント対象データã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG asn1ã¾ãŸã¯optsãŒNULLã®å ´åˆã€‚ + \return ASN_LEN_E ASN.1é …ç›®ã®é•·ã•ãŒé•·ã™ãŽã‚‹å ´åˆã€‚ + \return ASN_DEPTH_E 終了オフセットãŒç„¡åйãªå ´åˆã€‚ + \return ASN_PARSE_E ASN.1é …ç›®ã®ã™ã¹ã¦ãŒè§£æžã•れãªã‹ã£ãŸå ´åˆã€‚ + + \param asn1 ASN.1è§£æžã‚ªãƒ–ジェクト。 + \param opts ASN.1プリントオプション。 + \param data プリントã™ã‚‹BER/DERデータをå«ã‚€ãƒãƒƒãƒ•ァ。 + \param len プリントã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ \code Asn1PrintOptions opts; Asn1 asn1; - unsigned char data[] = { Initialize with DER/BER data }; + unsigned char data[] = { DER/BERデータã§åˆæœŸåŒ– }; word32 len = sizeof(data); - // Initialize ASN.1 print options before use. + // 使用å‰ã«ASN.1ãƒ—ãƒªãƒ³ãƒˆã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1PrintOptions_Init(&opt); - // Set the number of indents when printing tag name to be 1. + // ã‚¿ã‚°åをプリントã™ã‚‹éš›ã®ã‚¤ãƒ³ãƒ‡ãƒ³ãƒˆæ•°ã‚’1ã«è¨­å®šã—ã¾ã™ã€‚ wc_Asn1PrintOptions_Set(&opt, ASN1_PRINT_OPT_INDENT, 1); - // Initialize ASN.1 parse object before use. + // 使用å‰ã«ASN.1è§£æžã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ wc_Asn1_Init(&asn1); - // Set standard out to be the file descriptor to write to. + // 標準出力を書ãè¾¼ã¿å…ˆã®ãƒ•ァイル記述å­ã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ wc_Asn1_SetFile(&asn1, stdout); - // Print all ASN.1 items in buffer with the specified print options. + // 指定ã•れãŸãƒ—リントオプションã§ãƒãƒƒãƒ•ァ内ã®ã™ã¹ã¦ã®ASN.1項目をプリントã—ã¾ã™ã€‚ wc_Asn1_PrintAll(&asn1, &opts, data, len); \endcode @@ -1981,4 +2130,3 @@ */ int wc_Asn1_PrintAll(Asn1* asn1, Asn1PrintOptions* opts, unsigned char* data, word32 len); - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/blake2.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/blake2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/blake2.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/blake2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,39 +1,51 @@ /*! \ingroup BLAKE2 - \brief ã“ã®é–¢æ•°ã¯Blake2 Hash関数ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®Blake2bæ§‹é€ ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 Blake2B構造ã®åˆæœŸåŒ–ã«æˆåŠŸã—ã€ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã‚’設定ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param b2b åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«Blake2b構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Blake2ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®Blake2bæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 Blake2b構造体ã®åˆæœŸåŒ–ã¨ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param b2b åˆæœŸåŒ–ã™ã‚‹Blake2b構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param digestSz 実装ã™ã‚‹blake 2ダイジェストã®é•·ã• + _Example_ \code Blake2b b2b; - // initialize Blake2b structure with 64 byte digest + // 64ãƒã‚¤ãƒˆãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã§Blake2bæ§‹é€ ä½“ã‚’åˆæœŸåŒ– wc_InitBlake2b(&b2b, 64); \endcode + \sa wc_Blake2bUpdate */ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz); /*! \ingroup BLAKE2 - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¨Blake2Bãƒãƒƒã‚·ãƒ¥ã‚’æ›´æ–°ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_initblake2bã®å¾Œã«å‘¼ã³å‡ºã•ã‚Œã€æœ€å¾Œã®ãƒãƒƒã‚·ãƒ¥ï¼šwc_blake2bfinalã®æº–å‚™ãŒã§ãã¦ã„ã‚‹ã¾ã§ç¹°ã‚Šè¿”ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã‚’使用ã—ã¦Blake2Bæ§‹é€ ã‚’æ­£å¸¸ã«æ›´æ–°ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return -1 入力データã®åœ§ç¸®ä¸­ã«éšœå®³ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param b2b æ›´æ–°ã™ã‚‹Blake2b構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data 追加ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã§Blake2bãƒãƒƒã‚·ãƒ¥ã‚’æ›´æ–°ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_InitBlake2bã®å¾Œã«å‘¼ã³å‡ºã•ã‚Œã€æœ€çµ‚ãƒãƒƒã‚·ãƒ¥(wc_Blake2bFinal)ã®æº–å‚™ãŒã§ãã‚‹ã¾ã§ç¹°ã‚Šè¿”ã•れã¾ã™ã€‚ + + \return 0 指定ã•れãŸãƒ‡ãƒ¼ã‚¿ã§Blake2bæ§‹é€ ä½“ã®æ›´æ–°ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return -1 入力データã®åœ§ç¸®ä¸­ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param b2b æ›´æ–°ã™ã‚‹Blake2b構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data 追加ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 追加ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®é•·ã• + _Example_ \code int ret; Blake2b b2b; - // initialize Blake2b structure with 64 byte digest + // 64ãƒã‚¤ãƒˆãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã§Blake2bæ§‹é€ ä½“ã‚’åˆæœŸåŒ– wc_InitBlake2b(&b2b, 64); - byte plain[] = { // initialize input }; + byte plain[] = { // å…¥åŠ›ã‚’åˆæœŸåŒ– }; ret = wc_Blake2bUpdate(&b2b, plain, sizeof(plain)); if( ret != 0) { - // error updating blake2b + // blake2bã®æ›´æ–°ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_InitBlake2b \sa wc_Blake2bFinal */ @@ -41,25 +53,33 @@ /*! \ingroup BLAKE2 - \brief ã“ã®é–¢æ•°ã¯ã€ä»¥å‰ã«ä¾›çµ¦ã•れãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®Blake2bãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¾ã™ã€‚出力ãƒãƒƒã‚·ãƒ¥ã¯é•·ã•REQUESTSZã€ã‚ã‚‹ã„ã¯è¦æ±‚ã•れãŸå ´åˆã¯B2B構造ã®DigestSZを使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_initblake2bã®å¾Œã«å‘¼ã³å‡ºã•れã€wc_blake2bupdateã¯å¿…è¦ãªå„入力データã«å¯¾ã—ã¦å‡¦ç†ã•れã¦ã„ã¾ã™ã€‚ - \return 0 Blake2B Hashã®è¨ˆç®—ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return -1 blake2bãƒãƒƒã‚·ãƒ¥ã‚’è§£æžã—ã¦ã„ã‚‹é–“ã«å¤±æ•—ãŒã‚ã‚‹å ´åˆ - \param b2b æ›´æ–°ã™ã‚‹Blake2b構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param final Blake2Bãƒãƒƒã‚·ãƒ¥ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚é•·ã•requestszã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ä»¥å‰ã«æä¾›ã•れãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®Blake2bãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¾ã™ã€‚出力ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¯requestSzã«ãªã‚Šã¾ã™ã€‚requestSz==0ã®å ´åˆã¯ã€b2b構造体ã®digestSzãŒä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_InitBlake2bã®å¾Œã€ãŠã‚ˆã³å¿…è¦ãªå„入力データã«å¯¾ã—ã¦wc_Blake2bUpdateãŒå‡¦ç†ã•れãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 Blake2bãƒãƒƒã‚·ãƒ¥ã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return -1 Blake2bãƒãƒƒã‚·ãƒ¥ã®è§£æžä¸­ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param b2b æ›´æ–°ã™ã‚‹Blake2b構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param final blake2bãƒãƒƒã‚·ãƒ¥ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + requestSzã®é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param requestSz 計算ã™ã‚‹ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®é•·ã•。ã“れãŒã‚¼ãƒ­ã®å ´åˆã€ + 代ã‚りã«b2b->digestSzãŒä½¿ç”¨ã•れã¾ã™ + _Example_ \code int ret; Blake2b b2b; byte hash[64]; - // initialize Blake2b structure with 64 byte digest + // 64ãƒã‚¤ãƒˆãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã§Blake2bæ§‹é€ ä½“ã‚’åˆæœŸåŒ– wc_InitBlake2b(&b2b, 64); - ... // call wc_Blake2bUpdate to add data to hash + ... // wc_Blake2bUpdateを呼ã³å‡ºã—ã¦ãƒãƒƒã‚·ãƒ¥ã«ãƒ‡ãƒ¼ã‚¿ã‚’追加 ret = wc_Blake2bFinal(&b2b, hash, 64); if( ret != 0) { - // error generating blake2b hash + // blake2bãƒãƒƒã‚·ãƒ¥ã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_InitBlake2b \sa wc_Blake2bUpdate */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/bn.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/bn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/bn.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/bn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,20 +1,26 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€æ¬¡ã®æ•°å­¦ã€ŒR =(A ^ P)%Mã€ã‚’実行ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æ•°å­¦æ“作をã†ã¾ã実行ã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param r çµæžœã‚’ä¿æŒã™ã‚‹ãŸã‚ã®æ§‹é€ ã€‚ - \param a 電力ã§ä¸Šã’られる値。 - \param p ã«ã‚ˆã£ã¦ä¸Šã’る力。 - \param m 使用率 + + \brief ã“ã®é–¢æ•°ã¯æ¬¡ã®æ•°å­¦æ¼”算を実行ã—ã¾ã™ "r = (a^p) % m"。 + + \return SSL_SUCCESS æ•°å­¦æ¼”ç®—ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param r çµæžœã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“。 + \param a 累乗ã•れる値。 + \param p aを累乗ã™ã‚‹æŒ‡æ•°ã€‚ + \param m 使用ã™ã‚‹å‰°ä½™ã€‚ + \param ctx ç¾åœ¨wolfSSLã§ã¯ä½¿ç”¨ã•れã¦ã„ãªã„ãŸã‚ã€NULLã«ã§ãã¾ã™ã€‚ + _Example_ \code WOLFSSL_BIGNUM r,a,p,m; int ret; - // set big number values + // big number値を設定 ret = wolfSSL_BN_mod_exp(r, a, p, m, NULL); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BN_new \sa wolfSSL_BN_free */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/camellia.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/camellia.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/camellia.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/camellia.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,128 +1,164 @@ /*! \ingroup Camellia - \brief ã“ã®é–¢æ•°ã¯ã€Camelliaオブジェクトã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトルを設定ã—ã€ãれを暗å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 キーã¨åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 入力引数ã®1ã¤ãŒã‚¨ãƒ©ãƒ¼å‡¦ç†ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E xmallocã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \param cam キーã¨IVを設定ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key æš—å·åŒ–ã¨å¾©å·åŒ–ã«ä½¿ç”¨ã™ã‚‹16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len 渡ã•れãŸã‚­ãƒ¼ã®é•·ã• + + \brief ã“ã®é–¢æ•°ã¯ã€camelliaオブジェクトã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトルを設定ã—ã€æš—å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 キーã¨åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 入力引数ã®1ã¤ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param cam キーã¨ivを設定ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key æš—å·åŒ–ã¨å¾©å·ã«ä½¿ç”¨ã™ã‚‹16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param len 渡ã•れるキーã®é•·ã• + \param iv ã“ã®camellia構造体ã§ä½¿ç”¨ã™ã‚‹16ãƒã‚¤ãƒˆã®åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Camellia cam; byte key[32]; - // initialize key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– byte iv[16]; - // initialize iv + // ivã‚’åˆæœŸåŒ– if( wc_CamelliaSetKey(&cam, key, sizeof(key), iv) != 0) { - // error initializing camellia structure + // camellia構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_CamelliaEncryptDirect \sa wc_CamelliaDecryptDirect \sa wc_CamelliaCbcEncrypt \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaSetKey(Camellia* cam, - const byte* key, word32 len, const byte* iv); +int wc_CamelliaSetKey(wc_Camellia* cam, const byte* key, word32 len, + const byte* iv); /*! \ingroup Camellia - \brief ã“ã®é–¢æ•°ã¯ã€Camelliaオブジェクトã®åˆæœŸåŒ–ベクトルを設定ã—ã¾ã™ã€‚ - \return 0 キーã¨åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 入力引数ã®1ã¤ãŒã‚¨ãƒ©ãƒ¼å‡¦ç†ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param cam IVを設定ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€camelliaオブジェクトã®åˆæœŸåŒ–ベクトルを設定ã—ã¾ã™ã€‚ + + \return 0 キーã¨åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 入力引数ã®1ã¤ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param cam ivを設定ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv ã“ã®camellia構造体ã§ä½¿ç”¨ã™ã‚‹16ãƒã‚¤ãƒˆã®åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Camellia cam; byte iv[16]; - // initialize iv + // ivã‚’åˆæœŸåŒ– if( wc_CamelliaSetIV(&cam, iv) != 0) { - // error initializing camellia structure + // camellia構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_CamelliaSetKey */ -int wc_CamelliaSetIV(Camellia* cam, const byte* iv); +int wc_CamelliaSetIV(wc_Camellia* cam, const byte* iv); /*! \ingroup Camellia - \brief ã“ã®æ©Ÿèƒ½ã¯ã€æä¾›ã•れãŸCamelliaオブジェクトを使用ã—ã¦1ブロック暗å·åŒ–ã—ã¾ã™ã€‚ãれã¯ãƒãƒƒãƒ•ã‚¡ãƒ¼ã®æœ€åˆã®16ãƒã‚¤ãƒˆãƒ–ロックを解æžã—ã€æš—å·åŒ–çµæžœã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’使用ã™ã‚‹å‰ã«ã€WC_CAMELLIASETKEYを使用ã—ã¦Camelliaã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ–ロックをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸcamelliaオブジェクトを使用ã—ã¦1ãƒ–ãƒ­ãƒƒã‚¯ã®æš—å·åŒ–を行ã„ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æœ€åˆã®16ãƒã‚¤ãƒˆãƒ–ロックを解æžã—ã€æš—å·åŒ–ã•れãŸçµæžœã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹å‰ã«ã€wc_CamelliaSetKeyを使用ã—ã¦camelliaã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ–ロックを格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ–ロックをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Camellia cam; - // initialize cam structure with key and iv - byte plain[] = { // initialize with message to encrypt }; + // キーã¨ivã§camæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + byte plain[] = { // æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte cipher[16]; wc_CamelliaEncryptDirect(&ca, cipher, plain); \endcode + \sa wc_CamelliaDecryptDirect */ -int wc_CamelliaEncryptDirect(Camellia* cam, byte* out, +int wc_CamelliaEncryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! \ingroup Camellia - \brief ã“ã®æ©Ÿèƒ½ã¯ã€æä¾›ã•れãŸCamelliaオブジェクトを使用ã—ã¦1ブロック復å·åŒ–ã—ã¾ã™ã€‚ãれã¯ãƒãƒƒãƒ•ã‚¡å†…ã®æœ€åˆã®16ãƒã‚¤ãƒˆãƒ–ロックを解æžã—ã€ãれを復å·åŒ–ã—ã€çµæžœã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’使用ã™ã‚‹å‰ã«ã€WC_CAMELLIASETKEYを使用ã—ã¦Camelliaã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·åŒ–ã•れãŸå¹³æ–‡ãƒ–ロックをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸcamelliaオブジェクトを使用ã—ã¦1ブロックã®å¾©å·ã‚’行ã„ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æœ€åˆã®16ãƒã‚¤ãƒˆãƒ–ロックを解æžã—ã€å¾©å·ã—ã¦ã€çµæžœã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹å‰ã«ã€wc_CamelliaSetKeyを使用ã—ã¦camelliaã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 復å·ã•れãŸå¹³æ–‡ãƒ–ロックを格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in 復å·ã™ã‚‹æš—å·æ–‡ãƒ–ロックをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Camellia cam; - // initialize cam structure with key and iv - byte cipher[] = { // initialize with encrypted message to decrypt }; + // キーã¨ivã§camæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + byte cipher[] = { // 復å·ã™ã‚‹æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte decrypted[16]; wc_CamelliaDecryptDirect(&cam, decrypted, cipher); \endcode + \sa wc_CamelliaEncryptDirect */ -int wc_CamelliaDecryptDirect(Camellia* cam, byte* out, +int wc_CamelliaDecryptDirect(wc_Camellia* cam, byte* out, const byte* in); /*! \ingroup Camellia - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ァーã®å¹³æ–‡ã‚’æš—å·åŒ–ã—ã€ãã®å‡ºåŠ›ã‚’ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)を使用ã—ã¦Camelliaを使用ã—ã¦ã“ã®æš—å·åŒ–を実行ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰å¹³æ–‡ã‚’æš—å·åŒ–ã—ã€å‡ºåŠ›ã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®Camelliaを使用ã—ã¦ã“ã®æš—å·åŒ–を実行ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + _Example_ \code Camellia cam; - // initialize cam structure with key and iv - byte plain[] = { // initialize with encrypted message to decrypt }; + // キーã¨ivã§camæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + byte plain[] = { // 復å·ã™ã‚‹æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; wc_CamelliaCbcEncrypt(&cam, cipher, plain, sizeof(plain)); \endcode + \sa wc_CamelliaCbcDecrypt */ -int wc_CamelliaCbcEncrypt(Camellia* cam, +int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); /*! \ingroup Camellia - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡å†…ã®æš—å·æ–‡ã‚’復å·åŒ–ã—ã€ãã®å‡ºåŠ›ã‚’ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)をæ­è¼‰ã—ãŸCamelliaを使用ã—ã¦ã“ã®å¾©å·åŒ–を実行ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æ¤¿æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æš—å·æ–‡ã‚’復å·ã—ã€å‡ºåŠ›ã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®Camelliaを使用ã—ã¦ã“ã®å¾©å·ã‚’実行ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cam æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹camellia構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + _Example_ \code Camellia cam; - // initialize cam structure with key and iv - byte cipher[] = { // initialize with encrypted message to decrypt }; + // キーã¨ivã§camæ§‹é€ ä½“ã‚’åˆæœŸåŒ– + byte cipher[] = { // 復å·ã™ã‚‹æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte decrypted[sizeof(cipher)]; wc_CamelliaCbcDecrypt(&cam, decrypted, cipher, sizeof(cipher)); \endcode + \sa wc_CamelliaCbcEncrypt */ -int wc_CamelliaCbcDecrypt(Camellia* cam, +int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,20 +1,26 @@ /*! \ingroup ChaCha - \brief ã“ã®é–¢æ•°ã¯Chachaオブジェクトã®åˆæœŸåŒ–ベクトル(nonce)を設定ã—ã€æš—å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚WC_CHACHA_SETKEYを使用ã—ã¦ã€ã‚­ãƒ¼ãŒè¨­å®šã•れãŸå¾Œã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚æš—å·åŒ–ã®å„ラウンドã«å·®ã—é•ã„を使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG CTX入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param ctx IVを設定ã™ã‚‹Chacha構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inIv Chachaæ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®12ãƒã‚¤ãƒˆã®åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ChaChaオブジェクトã®åˆæœŸåŒ–ベクトル(nonce)を設定ã—ã€æš—å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚wc_Chacha_SetKeyを使用ã—ã¦ã‚­ãƒ¼ãŒè¨­å®šã•れãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚æš—å·åŒ–ã®ãƒ©ã‚¦ãƒ³ãƒ‰ã”ã¨ã«ç•°ãªã‚‹nonceを使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ctx入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param ctx ivを設定ã™ã‚‹ChaCha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inIv ChaChaæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®12ãƒã‚¤ãƒˆã®åˆæœŸåŒ–ベクトルをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param counter ブロックカウンタãŒé–‹å§‹ã™ã¹ã値--通常ã¯ã‚¼ãƒ­ã€‚ + _Example_ \code ChaCha enc; - // initialize enc with wc_Chacha_SetKey + // wc_Chacha_SetKeyã§encã‚’åˆæœŸåŒ– byte iv[12]; - // initialize iv + // ivã‚’åˆæœŸåŒ– if( wc_Chacha_SetIV(&enc, iv, 0) != 0) { - // error initializing ChaCha structure + // ChaCha構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_Chacha_SetKey \sa wc_Chacha_Process */ @@ -22,23 +28,29 @@ /*! \ingroup ChaCha - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ァ入力ã‹ã‚‰ãƒ†ã‚­ã‚¹ãƒˆã‚’処ç†ã—ã€æš—å·åŒ–ã¾ãŸã¯å¾©å·åŒ–ã—ã€çµæžœã‚’ãƒãƒƒãƒ•ã‚¡å‡ºåŠ›ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 å…¥åŠ›ã®æš—å·åŒ–ã¾ãŸã¯å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG CTX入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param ctx IVを設定ã™ã‚‹Chacha構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output å‡ºåŠ›æš—å·æ–‡ã¾ãŸã¯å¾©å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param input æš—å·åŒ–ã™ã‚‹å…¥åŠ›å¹³æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã¾ãŸã¯å¾©å·åŒ–ã™ã‚‹å…¥åŠ›æš—å·æ–‡ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡inputã‹ã‚‰ãƒ†ã‚­ã‚¹ãƒˆã‚’処ç†ã—ã€æš—å·åŒ–ã¾ãŸã¯å¾©å·ã—ã¦ã€çµæžœã‚’ãƒãƒƒãƒ•ã‚¡outputã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 å…¥åŠ›ã®æš—å·åŒ–ã¾ãŸã¯å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ctx入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param ctx ivを設定ã™ã‚‹ChaCha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param output å‡ºåŠ›æš—å·æ–‡ã¾ãŸã¯å¾©å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param input æš—å·åŒ–ã™ã‚‹å…¥åŠ›å¹³æ–‡ã¾ãŸã¯å¾©å·ã™ã‚‹å…¥åŠ›æš—å·æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msglen æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¾ãŸã¯å¾©å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + _Example_ \code ChaCha enc; - // initialize enc with wc_Chacha_SetKey and wc_Chacha_SetIV + // wc_Chacha_SetKeyã¨wc_Chacha_SetIVã§encã‚’åˆæœŸåŒ– - byte plain[] = { // initialize plaintext }; + byte plain[] = { // å¹³æ–‡ã‚’åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; if( wc_Chacha_Process(&enc, cipher, plain, sizeof(plain)) != 0) { - // error processing ChaCha cipher + // ChaChaæš—å·ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Chacha_SetKey \sa wc_Chacha_Process */ @@ -47,20 +59,26 @@ /*! \ingroup ChaCha - \brief ã“ã®é–¢æ•°ã¯Chachaオブジェクトã®ã‚­ãƒ¼ã‚’設定ã—ã€ãれを暗å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚NONCEã‚’WC_CHACHA_SETIVã§è¨­å®šã™ã‚‹å‰ã«ã€WC_CHACHA_PROCESSを使用ã—ãŸæš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG CTX入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒ16ã¾ãŸã¯32ãƒã‚¤ãƒˆã®é•·ã•ãŒã‚ã‚‹å ´åˆ - \param ctx キーを設定ã™ã‚‹Chacha構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key Chachaæ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®16ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ChaChaオブジェクトã®ã‚­ãƒ¼ã‚’設定ã—ã€æš—å·ã¨ã—ã¦ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚wc_Chacha_SetIVã§nonceを設定ã™ã‚‹å‰ã€ãŠã‚ˆã³wc_Chacha_Processã§æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ctx入力引数ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒ16ãƒã‚¤ãƒˆã¾ãŸã¯32ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param ctx キーを設定ã™ã‚‹ChaCha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key ChaChaæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®16ãƒã‚¤ãƒˆã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param keySz 渡ã•れるキーã®é•·ã• + _Example_ \code ChaCha enc; - byte key[] = { // initialize key }; + byte key[] = { // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– }; if( wc_Chacha_SetKey(&enc, key, sizeof(key)) != 0) { - // error initializing ChaCha structure + // ChaCha構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_Chacha_SetIV \sa wc_Chacha_Process */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha20_poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha20_poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha20_poly1305.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/chacha20_poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,23 +1,27 @@ /*! \ingroup ChaCha20Poly1305 - \brief ã“ã®é–¢æ•°ã¯ã€Chacha20 Streamæš—å·ã‚’使用ã—ã¦ã€Output BufferTextã«å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€InPleaintextã‚’æš—å·åŒ–ã—ã¾ã™ã€‚ - ã¾ãŸã€Poly-1305èªè¨¼ï¼ˆæš—å·ãƒ†ã‚­ã‚¹ãƒˆï¼‰ã‚’実行ã—ã€ç”Ÿæˆã—ãŸèªè¨¼ã‚¿ã‚°ã‚’出力ãƒãƒƒãƒ•ã‚¡OutauthTagã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG æš—å·åŒ–プロセス中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \param inKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inIv æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹12ãƒã‚¤ãƒˆã®IVã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inAAD ä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿ï¼ˆAAD)をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inAADLen 入力AADã®é•·ã• - \param inPlaintext æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inPlaintextLen æš—å·åŒ–ã™ã‚‹ãƒ—レーンテキストã®é•·ã• - \param outCiphertext æš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ァーã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inPlaintextã‚’ChaCha20ストリーム暗å·ã‚’使用ã—ã¦æš—å·åŒ–ã—ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡outCiphertextã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€Poly-1305èªè¨¼(æš—å·æ–‡ã«å¯¾ã—ã¦)を実行ã—ã€ç”Ÿæˆã•れãŸèªè¨¼ã‚¿ã‚°ã‚’出力ãƒãƒƒãƒ•ã‚¡outAuthTagã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG æš—å·åŒ–プロセス中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param inKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inIv æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹12ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inAAD ä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿(AAD)ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inAADLen 入力AADã®é•·ã• + \param inPlaintext æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inPlaintextLen æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã®é•·ã• + \param outCiphertext æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outAuthTag èªè¨¼ã‚¿ã‚°ã‚’æ ¼ç´ã™ã‚‹16ãƒã‚¤ãƒˆå¹…ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte key[] = { // initialize 32 byte key }; - byte iv[] = { // initialize 12 byte key }; - byte inAAD[] = { // initialize AAD }; + byte key[] = { // 32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’åˆæœŸåŒ– }; + byte iv[] = { // 12ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’åˆæœŸåŒ– }; + byte inAAD[] = { // AADã‚’åˆæœŸåŒ– }; - byte plain[] = { // initialize message to encrypt }; + byte plain[] = { // æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; byte authTag[16]; @@ -25,9 +29,10 @@ plain, sizeof(plain), cipher, authTag); if(ret != 0) { - // error running encrypt + // æš—å·åŒ–実行エラー } \endcode + \sa wc_ChaCha20Poly1305_Decrypt \sa wc_ChaCha_* \sa wc_Poly1305* @@ -36,34 +41,39 @@ int wc_ChaCha20Poly1305_Encrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inPlaintext, const word32 inPlaintextLen, + const byte* inAAD, word32 inAADLen, + const byte* inPlaintext, word32 inPlaintextLen, byte* outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]); /*! \ingroup ChaCha20Poly1305 - \brief ã“ã®é–¢æ•°ã¯ã€Chacha20 Streamæš—å·ã‚’使用ã—ã¦ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡OutpleAntextã«å¾©å·ã—ãŸãƒ‡ãƒ¼ã‚¿ã‚’出力ã—ã¾ã™ã€‚ - ã¾ãŸã€Poly-1305èªè¨¼ã‚’実行ã—ã€æŒ‡å®šã•れãŸinAuthTagã‚’inAADã§ç”Ÿæˆã•れãŸèªè¨¼ï¼ˆä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿ï¼‰ã¨æ¯”較ã—ã¾ã™ã€‚ - 注:生æˆã•れãŸèªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸèªè¨¼ã‚¿ã‚°ã¨ä¸€è‡´ã—ãªã„å ´åˆã€ãƒ†ã‚­ã‚¹ãƒˆã¯å¾©å·ã•れã¾ã›ã‚“。 - \return 0 メッセージã®å¾©å·ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return BAD_FUNC_ARG 関数引数ã®ã„ãšã‚Œã‹ãŒäºˆæƒ³ã•れるもã®ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MAC_CMP_FAILED_E 生æˆã•れãŸèªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れã¦ã„ã‚‹inAuthTagã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param inKey 復å·ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inIv 復å·ã«ä½¿ç”¨ã™ã‚‹12ãƒã‚¤ãƒˆã®IVã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inAAD ä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿ï¼ˆAAD)をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inAADLen 入力AADã®é•·ã• - \param inCiphertext 復å·ã™ã‚‹æš—å·æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outCiphertextLen 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• - \param inAuthTag èªè¨¼ã®ãŸã‚ã®16ãƒã‚¤ãƒˆã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›æš—å·æ–‡inCiphertextã‚’ChaCha20ストリーム暗å·ã‚’使用ã—ã¦å¾©å·ã—ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡outPlaintextã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€Poly-1305èªè¨¼ã‚’実行ã—ã€æŒ‡å®šã•れãŸinAuthTagã¨inAAD(ä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿)ã§ç”Ÿæˆã•れãŸèªè¨¼ã‚’比較ã—ã¾ã™ã€‚ゼロ以外ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れãŸå ´åˆã€å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿outPlaintextã¯æœªå®šç¾©ã§ã™ã€‚ãŸã ã—ã€å‘¼ã³å‡ºã—å…ƒã¯å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æ¼æ´©ã‚’防ããŸã‚ã«ã€ç„¡æ¡ä»¶ã«å‡ºåŠ›ãƒãƒƒãƒ•ァをゼロ化ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 メッセージã®å¾©å·ã¨èªè¨¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 関数ã®å¼•æ•°ãŒæœŸå¾…ã•れる内容ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MAC_CMP_FAILED_E 生æˆã•れãŸèªè¨¼ã‚¿ã‚°ãŒæä¾›ã•れãŸinAuthTagã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 内部ãƒãƒƒãƒ•ã‚¡ã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return CHACHA_POLY_OVERFLOW 入力ãŒç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param inKey 復å·ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inIv 復å·ã«ä½¿ç”¨ã™ã‚‹12ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inAAD ä»»æ„ã®é•·ã•ã®è¿½åŠ èªè¨¼ãƒ‡ãƒ¼ã‚¿(AAD)ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inAADLen 入力AADã®é•·ã• + \param inCiphertext 復å·ã™ã‚‹æš—å·æ–‡ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outCiphertextLen 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + \param inAuthTag èªè¨¼ç”¨ã®16ãƒã‚¤ãƒˆã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outPlaintext 平文を格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte key[] = { // initialize 32 byte key }; - byte iv[] = { // initialize 12 byte key }; - byte inAAD[] = { // initialize AAD }; + byte key[] = { // 32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’åˆæœŸåŒ– }; + byte iv[] = { // 12ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’åˆæœŸåŒ– }; + byte inAAD[] = { // AADã‚’åˆæœŸåŒ– }; - byte cipher[] = { // initialize with received ciphertext }; - byte authTag[16] = { // initialize with received authentication tag }; + byte cipher[] = { // å—ä¿¡ã—ãŸæš—å·æ–‡ã§åˆæœŸåŒ– }; + byte authTag[16] = { // å—ä¿¡ã—ãŸèªè¨¼ã‚¿ã‚°ã§åˆæœŸåŒ– }; byte plain[sizeof(cipher)]; @@ -71,11 +81,12 @@ cipher, sizeof(cipher), authTag, plain); if(ret == MAC_CMP_FAILED_E) { - // error during authentication + // èªè¨¼ä¸­ã®ã‚¨ãƒ©ãƒ¼ } else if( ret != 0) { - // error with function arguments + // 関数引数ã®ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ChaCha20Poly1305_Encrypt \sa wc_ChaCha_* \sa wc_Poly1305* @@ -84,7 +95,7 @@ int wc_ChaCha20Poly1305_Decrypt( const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], - const byte* inAAD, const word32 inAADLen, - const byte* inCiphertext, const word32 inCiphertextLen, + const byte* inAAD, word32 inAADLen, + const byte* inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte* outPlaintext); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,97 +1,98 @@ /*! - \ingroup CMAC - \brief Cmac構造体をデフォルト値ã§åˆæœŸåŒ–ã—ã¾ã™ - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key éµãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯ 32) - \param type 常ã«WC_CMAC_AES(=1) - \param unused 使用ã•れã¦ã„ã¾ã›ã‚“ã€‚äº’æ›æ€§ã«é–¢ã™ã‚‹å°†æ¥ã®æ½œåœ¨çš„ãªä½¿ç”¨ã®ãŸã‚ã«å­˜åœ¨ã—ã¾ã™ - - _例_ - \code - Cmac cmac[1]; - ret = wc_InitCmac(cmacã€keyã€keySzã€WC_CMAC_AESã€NULL); - if (ret == 0) { - ret = wc_CmacUpdate(cmacã€inã€inSz); - } - if (ret == 0) { - ret = wc_CmacFinal(cmac, out, outSz); - } - \endcode - - \sa wc_InitCmac_ex - \sa wc_CmacUpdate - \sa wc_CmacFinal - \sa wc_CmacFinalNoFree - \sa wc_CmacFree + \ingroup CMAC + \brief Cmac構造体をデフォルト値ã§åˆæœŸåŒ–ã—ã¾ã™ + \return 0 æˆåŠŸæ™‚ + \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key キーãƒã‚¤ãƒ³ã‚¿ + \param keySz キーãƒã‚¤ãƒ³ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯32) + \param type 常ã«WC_CMAC_AES = 1 + \param unused 使用ã•れã¾ã›ã‚“ã€‚äº’æ›æ€§ã«é–¢ã™ã‚‹å°†æ¥ã®ä½¿ç”¨ã®å¯èƒ½æ€§ã®ãŸã‚ã«å­˜åœ¨ã—ã¾ã™ + + _Example_ + \code + Cmac cmac[1]; + ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL); + if (ret == 0) { + ret = wc_CmacUpdate(cmac, in, inSz); + } + if (ret == 0) { + ret = wc_CmacFinal(cmac, out, outSz); + } + \endcode + + \sa wc_InitCmac_ex + \sa wc_CmacUpdate + \sa wc_CmacFinal + \sa wc_CmacFinalNoFree + \sa wc_CmacFree */ int wc_InitCmac(Cmac* cmac, - const byte* keyã€word32 keySz〠- int typeã€void* unused); + const byte* key, word32 keySz, + int type, void* unused); /*! - \ingroup CMAC - \brief Cmac構造体をデフォルト値ã§åˆæœŸåŒ–ã—ã¾ã™ - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key éµãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯ 32) - \param type 常ã«WC_CMAC_AES(=1) - \param unused 使用ã•れã¦ã„ã¾ã›ã‚“ã€‚äº’æ›æ€§ã«é–¢ã™ã‚‹å°†æ¥ã®æ½œåœ¨çš„ãªä½¿ç”¨ã®ãŸã‚ã«å­˜åœ¨ã—ã¾ã™ - \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープヒントã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ 通常ã€ã‚¹ã‚¿ãƒ†ã‚£ãƒƒã‚¯ãƒ¡ãƒ¢ãƒªã‚ªãƒ—ションã§ä½¿ç”¨ã•れã¾ã™ã€‚ NULLã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param devId éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã‚’使用ã—ã¦ã„ãªã„å ´åˆã¯ã€INVALID_DEVIDã«è¨­å®šã—ã¾ã™ã€‚ - - _例_ - \code - Cmac cmac[1]; - ret = wc_InitCmac_ex(cmac, key, keySz, WC_CMAC_AES, NULL, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_CmacUpdate(cmac, in, inSz); - } - if (ret == 0) { - ret = wc_CmacFinal(cmac, out, &outSz); - } - \endcode - - \sa wc_InitCmac_ex - \sa wc_CmacUpdate - \sa wc_CmacFinal - \sa wc_CmacFinalNoFree - \sa wc_CmacFree + \ingroup CMAC + \brief Cmac構造体をデフォルト値ã§åˆæœŸåŒ–ã—ã¾ã™ + \return 0 æˆåŠŸæ™‚ + \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key キーãƒã‚¤ãƒ³ã‚¿ + \param keySz キーãƒã‚¤ãƒ³ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯32) + \param type 常ã«WC_CMAC_AES = 1 + \param unused 使用ã•れã¾ã›ã‚“ã€‚äº’æ›æ€§ã«é–¢ã™ã‚‹å°†æ¥ã®ä½¿ç”¨ã®å¯èƒ½æ€§ã®ãŸã‚ã«å­˜åœ¨ã—ã¾ã™ + \param heap 動的割り当ã¦ã«ä½¿ç”¨ã•れるヒープヒントã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚通常ã€é™çš„メモリオプションã§ä½¿ç”¨ã•れã¾ã™ã€‚NULLã«ã§ãã¾ã™ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ + + _Example_ + \code + Cmac cmac[1]; + ret = wc_InitCmac_ex(cmac, key, keySz, WC_CMAC_AES, NULL, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_CmacUpdate(cmac, in, inSz); + } + if (ret == 0) { + ret = wc_CmacFinal(cmac, out, &outSz); + } + \endcode + + \sa wc_InitCmac_ex + \sa wc_CmacUpdate + \sa wc_CmacFinal + \sa wc_CmacFinalNoFree + \sa wc_CmacFree */ int wc_InitCmac_ex(Cmac* cmac, - const byte* key, word32 keySz, - int type, void* unusedã€void* heap, int devId); + const byte* key, word32 keySz, + int type, void* unused, void* heap, int devId); /*! - \ingroup CMAC - \brief æš—å·ãƒ™ãƒ¼ã‚¹ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’è¿½åŠ  - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力データã®ã‚µã‚¤ã‚º - - _例_ - \code - ret = wc_CmacUpdate(cmacã€inã€inSz); - \endcode - - \sa wc_InitCmac - \sa wc_CmacFinal - \sa wc_CmacFinalNoFree - \sa wc_CmacFree + \ingroup CMAC + \brief æš—å·ãƒ™ãƒ¼ã‚¹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’è¿½åŠ ã—ã¾ã™ + \return 0 æˆåŠŸæ™‚ + \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + \param inSz 入力データã®ã‚µã‚¤ã‚º + + _Example_ + \code + ret = wc_CmacUpdate(cmac, in, inSz); + \endcode + + \sa wc_InitCmac + \sa wc_CmacFinal + \sa wc_CmacFinalNoFree + \sa wc_CmacFree */ int wc_CmacUpdate(Cmac* cmac, - const byte* in, word32 inSz); + const byte* in, word32 inSz); + /*! \ingroup CMAC - \brief æš—å·ãƒ™ãƒ¼ã‚¹ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰ã®æœ€çµ‚çµæžœã‚’生æˆã—ã¾ã™ã€‚ãŸã ã—ã€ä½¿ç”¨ã—ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—ã¯è¡Œã„ã¾ã›ã‚“。 - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ + \brief æš—å·ãƒ™ãƒ¼ã‚¹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦æœ€çµ‚çµæžœã‚’生æˆã—ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—を延期ã—ã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out çµæžœã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz çµæžœå‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param out çµæžœã‚’è¿”ã™ãƒã‚¤ãƒ³ã‚¿ + \param outSz 出力ã®ãƒã‚¤ãƒ³ã‚¿ã‚µã‚¤ã‚º(入出力) _Example_ \code @@ -106,31 +107,32 @@ */ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz); + /*! - \ingroup CMAC - \brief æš—å·ãƒ™ãƒ¼ã‚¹ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦æœ€çµ‚çµæžœã‚’生æˆã—ã¾ã™ã€‚加ãˆã¦ã€å†…部ã§wc_CmacFreeを呼ã³å‡ºã—ã¦ã‚³ãƒ³ãƒ†ã‚­ã‚¹ã¨ã‚’クリーンアップã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out çµæžœã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz çµæžœå‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - - _例_ - \code - ret = wc_CmacFinal(cmac, out, &outSz); - \endcode - - \sa wc_InitCmac - \sa wc_CmacFinal - \sa wc_CmacFinalNoFree - \sa wc_CmacFree + \ingroup CMAC + \brief æš—å·ãƒ™ãƒ¼ã‚¹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸èªè¨¼ã‚³ãƒ¼ãƒ‰ã‚’使用ã—ã¦æœ€çµ‚çµæžœã‚’生æˆã—ã€wc_CmacFree()ã§ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’クリーンアップã—ã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ + \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out çµæžœã‚’è¿”ã™ãƒã‚¤ãƒ³ã‚¿ + \param outSz 出力ã®ãƒã‚¤ãƒ³ã‚¿ã‚µã‚¤ã‚º(入出力) + + _Example_ + \code + ret = wc_CmacFinal(cmac, out, &outSz); + \endcode + + \sa wc_InitCmac + \sa wc_CmacFinalNoFree + \sa wc_CmacFinalNoFree + \sa wc_CmacFree */ int wc_CmacFinal(Cmac* cmac, - byte* out, word32* outSz); + byte* out, word32* outSz); /*! \ingroup CMAC - \brief CMAC処ç†ä¸­ã«Cmac構造体内ã«ç¢ºä¿ã•れãŸã‚ªãƒ–ジェクトを開放ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ + \brief CMACコンテキスト内ã®å‰²ã‚Šå½“ã¦ã‚’クリーンアップã—ã¾ã™ã€‚ + \return 0 æˆåŠŸæ™‚ \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ @@ -147,61 +149,60 @@ int wc_CmacFree(Cmac* cmac); /*! - \ingroup CMAC - \brief CMACを生æˆã™ã‚‹ãŸã‚ã®ã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆé–¢æ•° - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param out çµæžœã®å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz 出力ã®ãƒã‚¤ãƒ³ã‚¿ã‚µã‚¤ã‚º (in/out) - \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力データã®ã‚µã‚¤ã‚º - \param key éµãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º (16ã€24ã€ã¾ãŸã¯ 32) - - _例_ - \code - ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz); - \endcode + \ingroup CMAC + \brief CMACを生æˆã™ã‚‹ãŸã‚ã®ã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆé–¢æ•° + \return 0 æˆåŠŸæ™‚ + \param out çµæžœã‚’è¿”ã™ãƒã‚¤ãƒ³ã‚¿ + \param outSz 出力ã®ãƒã‚¤ãƒ³ã‚¿ã‚µã‚¤ã‚º(入出力) + \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + \param inSz 入力データã®ã‚µã‚¤ã‚º + \param key キーãƒã‚¤ãƒ³ã‚¿ + \param keySz キーãƒã‚¤ãƒ³ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯32) + + _Example_ + \code + ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz); + \endcode - \sa wc_AesCmacVerify + \sa wc_AesCmacVerify */ int wc_AesCmacGenerate(byte* out, word32* outSz, - const byte* inã€word32 inSz〠- const byte* key, word32 keySz); + const byte* in, word32 inSz, + const byte* key, word32 keySz); /*! - \ingroup CMAC - \brief CMACを検証ã™ã‚‹ãŸã‚ã®ã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆé–¢æ•° - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param check 検証対象ã¨ãªã‚‹CMAC処ç†çµæžœãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param checkSz CMAC処ç†çµæžœãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º - \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力データã®ã‚µã‚¤ã‚º - \param key éµãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keySz éµãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º (16ã€24ã€ã¾ãŸã¯ 32) - - _例_ - \code - ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz); - \endcode + \ingroup CMAC + \brief CMACを検証ã™ã‚‹ãŸã‚ã®ã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆé–¢æ•° + \return 0 æˆåŠŸæ™‚ + \param check 検証ã™ã‚‹CMAC値 + \param checkSz checkãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + \param inSz 入力データã®ã‚µã‚¤ã‚º + \param key キーãƒã‚¤ãƒ³ã‚¿ + \param keySz キーãƒã‚¤ãƒ³ã‚¿ã®ã‚µã‚¤ã‚º(16ã€24ã€ã¾ãŸã¯32) - \sa wc_AesCmacGenerate + _Example_ + \code + ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz); + \endcode + + \sa wc_AesCmacGenerate */ int wc_AesCmacVerify(const byte* check, word32 checkSz, - const byte* inã€word32 inSz〠- const byte* key, word32 keySz); + const byte* in, word32 inSz, + const byte* key, word32 keySz); /*! - \ingroup CMAC - \brief WOLFSSL_HASH_KEEPマクロ定義時ã®ã¿ä½¿ç”¨å¯èƒ½ã€‚ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ãŒã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆã‚’å¿…è¦ã¨ã—ã€æ›´æ–°ã‚’メモリã«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«ä½¿ç”¨ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸã‚‰0ã‚’è¿”ã—ã¾ã™ - \param cmac Cmac構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力データã®ã‚µã‚¤ã‚º - - _例_ - \code - ret = wc_CMAC_Grow(cmacã€inã€inSz) - \endcode + \ingroup CMAC + \brief ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ãŒã‚·ãƒ³ã‚°ãƒ«ã‚·ãƒ§ãƒƒãƒˆã‚’å¿…è¦ã¨ã—ã€æ›´æ–°ã‚’メモリã«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«WOLFSSL_HASH_KEEPã§ã®ã¿ä½¿ç”¨ã•れã¾ã™ + \return 0 æˆåŠŸæ™‚ + \param in 処ç†ã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ + \param inSz 入力データã®ã‚µã‚¤ã‚º + + _Example_ + \code + ret = wc_CMAC_Grow(cmac, in, inSz) + \endcode */ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/coding.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/coding.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/coding.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/coding.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,24 +1,30 @@ /*! \ingroup Base_Encoding - \brief ã“ã®æ©Ÿèƒ½ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸBASS64符å·åŒ–入力ã€INã€ãŠã‚ˆã³å‡ºåŠ›ãƒãƒƒãƒ•ァを出力ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å¤‰æ•°outlen内ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚‚設定ã—ã¾ã™ã€‚ - \return 0 Base64エンコード入力ã®å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 復å·åŒ–ã•れãŸå…¥åŠ›ã‚’ä¿å­˜ã™ã‚‹ã«ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E 入力ãƒãƒƒãƒ•ã‚¡å†…ã®æ–‡å­—ãŒBASE64範囲([A-ZA-Z0-9 + / =])ã®å¤–å´ã«ã‚ã‚‹å ´åˆã€ã¾ãŸã¯BASE64エンコード入力ã«ç„¡åйãªè¡ŒãŒçµ‚了ã—ãŸå ´åˆ - \param in デコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen デコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out デコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸBase64エンコードã•れãŸå…¥åŠ›inを復å·ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å¤‰æ•°outLenã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ + + \return 0 Base64エンコードã•れãŸå…¥åŠ›ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå¾©å·ã•れãŸå…¥åŠ›ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E 入力ãƒãƒƒãƒ•ã‚¡å†…ã®æ–‡å­—ãŒBase64ã®ç¯„囲([A-Za-z0-9+/=])外ã«ã‚ã‚‹å ´åˆã€ã¾ãŸã¯Base64エンコードã•れãŸå…¥åŠ›ã«ç„¡åйãªè¡Œæœ«ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param in 復å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen 復å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数呼ã³å‡ºã—ã®æœ€å¾Œã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§æ›´æ–°ã•れã¾ã™ + _Example_ \code - byte encoded[] = { // initialize text to decode }; + byte encoded[] = { // 復å·ã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte decoded[sizeof(encoded)]; - // requires at least (sizeof(encoded) * 3 + 3) / 4 room + // å°‘ãªãã¨ã‚‚(sizeof(encoded) * 3 + 3) / 4ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒå¿…è¦ int outLen = sizeof(decoded); if( Base64_Decode(encoded,sizeof(encoded), decoded, &outLen) != 0 ) { - // error decoding input buffer + // 入力ãƒãƒƒãƒ•ã‚¡ã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa Base64_Encode \sa Base16_Decode */ @@ -27,24 +33,30 @@ /*! \ingroup Base_Encoding - \brief ã“ã®æ©Ÿèƒ½ã¯ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ã‚’ç¬¦å·åŒ–ã—ã€ç¬¦å·åŒ–çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚エスケープ%0A行末ã®ä»£ã‚りã«ã€å¾“æ¥ã® '\ N'行ã®çµ‚ã‚りをæŒã¤ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®æ©Ÿèƒ½ã¯ã¾ãŸã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«çµ±ä¸€ã•れã¾ã™ã€‚ - \return 0 Base64エンコード入力ã®å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ä¸­ã«éƒ¨å±‹ã®å¤–ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸå…¥åŠ›inをエンコードã—ã€Base64エンコードã•れãŸçµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚エスケープã•れãŸ%0A行末ã®ä»£ã‚りã«ã€å¾“æ¥ã®'\n'行末ã§ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯outLenを出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 Base64エンコードã•れãŸå…¥åŠ›ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E エンコード中ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒä¸è¶³ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte plain[] = { // initialize text to encode }; + byte plain[] = { // エンコードã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte encoded[MAX_BUFFER_SIZE]; int outLen = sizeof(encoded); if( Base64_Encode(plain, sizeof(plain), encoded, &outLen) != 0 ) { - // error encoding input buffer + // 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa Base64_EncodeEsc \sa Base64_Decode */ @@ -54,25 +66,31 @@ /*! \ingroup Base_Encoding - \brief ã“ã®æ©Ÿèƒ½ã¯ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ã‚’ç¬¦å·åŒ–ã—ã€ç¬¦å·åŒ–çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚ãれ㯠'\ n "行ã®çµ‚ã‚りã§ã¯ãªãã€ï¼…0aエスケープ行ã®çµ‚ã‚りをæŒã¤ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®æ©Ÿèƒ½ã¯ã¾ãŸã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«çµ±ä¸€ã•れã¾ã™ã€‚ - \return 0 Base64エンコード入力ã®å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ä¸­ã«éƒ¨å±‹ã®å¤–ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E 入力メッセージã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸå…¥åŠ›inをエンコードã—ã€Base64エンコードã•れãŸçµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚'\n'行末ã®ä»£ã‚りã«%0Aエスケープã•れãŸè¡Œæœ«ã§ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯outLenを出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 Base64エンコードã•れãŸå…¥åŠ›ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E エンコード中ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒä¸è¶³ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E 入力メッセージã®å¾©å·å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte plain[] = { // initialize text to encode }; + byte plain[] = { // エンコードã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte encoded[MAX_BUFFER_SIZE]; int outLen = sizeof(encoded); if( Base64_EncodeEsc(plain, sizeof(plain), encoded, &outLen) != 0 ) { - // error encoding input buffer + // 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa Base64_Encode \sa Base64_Decode */ @@ -81,23 +99,29 @@ /*! \ingroup Base_Encoding - \brief ã“ã®æ©Ÿèƒ½ã¯ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ã‚’ç¬¦å·åŒ–ã—ã€ç¬¦å·åŒ–çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã¾ã™ã€‚ãã‚Œã¯æ–°ã—ã„行ãªã—ã§ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯ã¾ãŸã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«çµ±ä¸€ã•れãŸã‚‚ã®ã‚’設定ã—ã¾ã™ - \return 0 Base64エンコード入力ã®å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ä¸­ã«éƒ¨å±‹ã®å¤–ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E 入力メッセージã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸå…¥åŠ›inをエンコードã—ã€Base64エンコードã•れãŸçµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚改行ãªã—ã§ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯outLenを出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 Base64エンコードã•れãŸå…¥åŠ›ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸå…¥åŠ›ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E エンコード中ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚¹ãƒšãƒ¼ã‚¹ãŒä¸è¶³ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E 入力メッセージã®å¾©å·å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen エンコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte plain[] = { // initialize text to encode }; + byte plain[] = { // エンコードã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte encoded[MAX_BUFFER_SIZE]; int outLen = sizeof(encoded); if( Base64_Encode_NoNl(plain, sizeof(plain), encoded, &outLen) != 0 ) { - // error encoding input buffer + // 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa Base64_Encode \sa Base64_Decode */ @@ -107,23 +131,29 @@ /*! \ingroup Base_Encoding - \brief ã“ã®æ©Ÿèƒ½ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸBASE16符å·åŒ–入力ã€INã€ãŠã‚ˆã³å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®çµæžœã‚’記憶ã™ã‚‹ã€‚ã¾ãŸã€å¤‰æ•°outlen内ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚‚設定ã—ã¾ã™ã€‚ - \return 0 Base16エンコード入力ã®å¾©å·ã«ã†ã¾ã復å·åŒ–ã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå¾©å·åŒ–ã•れãŸå…¥åŠ›ã‚’ä¿å­˜ã™ã‚‹ã«ã‚‚å°ã•ã™ãŽã‚‹å ´åˆã€ã¾ãŸã¯å…¥åЛ長ãŒ2ã¤ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E 入力ãƒãƒƒãƒ•ã‚¡å†…ã®æ–‡å­—ãŒBASE16ã®ç¯„囲外ã«ã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ï¼ˆ[0-9a-f]) - \param in デコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen デコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out デコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸBase16エンコードã•れãŸå…¥åŠ›inを復å·ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å¤‰æ•°outLenã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ + + \return 0 Base16エンコードã•れãŸå…¥åŠ›ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 出力ãƒãƒƒãƒ•ã‚¡ãŒå¾©å·ã•れãŸå…¥åŠ›ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã€ã¾ãŸã¯å…¥åЛ長ãŒ2ã®å€æ•°ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_INPUT_E 入力ãƒãƒƒãƒ•ã‚¡å†…ã®æ–‡å­—ãŒBase16ã®ç¯„囲([0-9A-F])外ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param in 復å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen 復å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数呼ã³å‡ºã—ã®æœ€å¾Œã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§æ›´æ–°ã•れã¾ã™ + _Example_ \code - byte encoded[] = { // initialize text to decode }; + byte encoded[] = { // 復å·ã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte decoded[sizeof(encoded)]; int outLen = sizeof(decoded); if( Base16_Decode(encoded,sizeof(encoded), decoded, &outLen) != 0 ) { - // error decoding input buffer + // 入力ãƒãƒƒãƒ•ã‚¡ã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa Base64_Encode \sa Base64_Decode \sa Base16_Encode @@ -133,23 +163,29 @@ /*! \ingroup Base_Encoding - \brief BASE16出力ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰å…¥åŠ›ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG INã€OUTã€ã¾ãŸã¯outlenãŒNULLã®å ´åˆã€ã¾ãŸã¯outlenãŒInlen Plus 1ã‚’è¶…ãˆã¦ã„ã‚‹å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param in エンコードã•れる入力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief 入力をbase16出力ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG inã€outã€ã¾ãŸã¯outLenãŒnullã®å ´åˆã€ã¾ãŸã¯outLenãŒinLenã®2å€ãƒ—ラス1未満ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param in エンコードã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param out 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。エンコードã•れãŸå‡ºåŠ›ã®é•·ã•ã«è¨­å®šã•れã¾ã™ã€‚ + _Example_ \code - byte in[] = { // Contents of something to be encoded }; + byte in[] = { // エンコードã™ã‚‹ä½•ã‹ã®å†…容 }; byte out[NECESSARY_OUTPUT_SIZE]; word32 outSz = sizeof(out); if(Base16_Encode(in, sizeof(in), out, &outSz) != 0) { - // Handle encode error + // ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa Base64_Encode \sa Base64_Decode \sa Base16_Decode diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/compress.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/compress.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/compress.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/compress.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,47 +1,59 @@ /*! \ingroup Compression - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ•マン符å·åŒ–を用ã„ã¦ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’åœ§ç¸®ã—ã€å‡ºåŠ›ã‚’OUTã«æ ¼ç´ã™ã‚‹ã€‚出力ãƒãƒƒãƒ•ã‚¡ã¯ã€åœ§ç¸®ãŒå¯èƒ½ã§ãªã„ã“ã¨ãŒå­˜åœ¨ã™ã‚‹ãŸã‚ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå…¥åŠ›ãƒãƒƒãƒ•ァよりも大ãã„ã¯ãšã§ã™ã€‚ã“れã¯ã¾ã ãƒ«ãƒƒã‚¯ã‚¢ãƒƒãƒ—テーブルを必è¦ã¨ã—ã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã«å¯¾ã—ã¦SRCSZ + 0.1ï¼…+ 12を割り当ã¦ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - \return On 入力データã®åœ§ç¸®ã«æˆåŠŸã—ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return COMPRESS_INIT_E 圧縮ã®ãŸã‚ã«ã‚¹ãƒˆãƒªãƒ¼ãƒ ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return COMPRESS_E 圧縮中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ - \param out 圧縮データを格ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz 出力ãƒãƒƒãƒ•ã‚¡ã§ä¿å­˜ã•れã¦ã„るサイズ - \param in 圧縮ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 圧縮ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ•マン符å·åŒ–を使用ã—ã¦æŒ‡å®šã•れãŸå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’åœ§ç¸®ã—ã€å‡ºåŠ›ã‚’outã«æ ¼ç´ã—ã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã¯å…¥åŠ›ãƒãƒƒãƒ•ァよりも大ããã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。圧縮ãŒä¸å¯èƒ½ãªç‰¹å®šã®å…¥åŠ›ãŒå­˜åœ¨ã™ã‚‹å ´åˆã§ã‚‚ã€ãƒ«ãƒƒã‚¯ã‚¢ãƒƒãƒ—テーブルãŒå¿…è¦ã«ãªã‚‹ãŸã‚ã§ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã«ã¯srcSz + 0.1% + 12を割り当ã¦ã‚‹ã“ã¨ãŒæŽ¨å¥¨ã•れã¾ã™ã€‚ + + \return 入力データã®åœ§ç¸®ã«æˆåŠŸã—ãŸå ´åˆã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ + \return COMPRESS_INIT_E 圧縮用ã®ã‚¹ãƒˆãƒªãƒ¼ãƒ ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return COMPRESS_E 圧縮中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param out 圧縮ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz æ ¼ç´ã«ä½¿ç”¨ã§ãる出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param in 圧縮ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 圧縮ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + \param flags 圧縮ã®å‹•作を制御ã™ã‚‹ãƒ•ラグ。通常ã®è§£å‡ã«ã¯0を使用ã—ã¾ã™ + _Example_ \code - byte message[] = { // initialize text to compress }; + byte message[] = { // 圧縮ã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ– }; byte compressed[(sizeof(message) + sizeof(message) * .001 + 12 )]; - // Recommends at least srcSz + .1% + 12 + // å°‘ãªãã¨ã‚‚srcSz + .1% + 12を推奨 if( wc_Compress(compressed, sizeof(compressed), message, sizeof(message), 0) != 0){ - // error compressing data + // データã®åœ§ç¸®ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DeCompress */ int wc_Compress(byte* out, word32 outSz, const byte* in, word32 inSz, word32 flags); /*! \ingroup Compression - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ•マン符å·åŒ–を用ã„ã¦æ‰€å®šã®åœ§ç¸®ãƒ‡ãƒ¼ã‚¿ã‚’è§£å‡ã—ã€å‡ºåŠ›ã‚’OUTã«æ ¼ç´ã™ã‚‹ã€‚ - \return Success 入力データã®è§£å‡ã«æˆåŠŸã—ãŸå ´åˆã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return COMPRESS_INIT_E: 圧縮ã®ãŸã‚ã«ã‚¹ãƒˆãƒªãƒ¼ãƒ ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return COMPRESS_E: 圧縮中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ - \param out è§£å‡ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz 出力ãƒãƒƒãƒ•ã‚¡ã§ä¿å­˜ã•れã¦ã„るサイズ - \param in è§£å‡ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ•マン符å·åŒ–を使用ã—ã¦æŒ‡å®šã•れãŸåœ§ç¸®ãƒ‡ãƒ¼ã‚¿ã‚’è§£å‡ã—ã€å‡ºåŠ›ã‚’outã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return Success 入力データã®è§£å‡ã«æˆåŠŸã—ãŸå ´åˆã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ + \return COMPRESS_INIT_E: 圧縮用ã®ã‚¹ãƒˆãƒªãƒ¼ãƒ ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return COMPRESS_E: 圧縮中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param out è§£å‡ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz æ ¼ç´ã«ä½¿ç”¨ã§ãる出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param in è§£å‡ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz è§£å‡ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + _Example_ \code - byte compressed[] = { // initialize compressed message }; + byte compressed[] = { // 圧縮ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’åˆæœŸåŒ– }; byte decompressed[MAX_MESSAGE_SIZE]; if( wc_DeCompress(decompressed, sizeof(decompressed), compressed, sizeof(compressed)) != 0 ) { - // error decompressing data + // データã®è§£å‡ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Compress */ int wc_DeCompress(byte* out, word32 outSz, const byte* in, word32 inSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cryptocb.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cryptocb.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cryptocb.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/cryptocb.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,10 +1,20 @@ /*! \ingroup CryptoCb - \brief ã“ã®é–¢æ•°ã¯ã€Crypto Operationsをキーストアã€Secure Elementã€HSMã€PKCS11ã¾ãŸã¯TPMãªã©ã®å¤–部ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã«ã‚ªãƒ•ロードã™ã‚‹ãŸã‚ã®å›ºæœ‰ã®ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ï¼ˆDEVID)ã¨ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚Cryptoコールãƒãƒƒã‚¯ã®STSAFEã®å ´åˆã¯ã€wolfcrypt / src / port / st / stsafe.cã¨wolfssl_stsafe_cryptodevcb関数をå‚ç…§ã—ã¦ãã ã•ã„。TPMベースã®Cryptoコールãƒãƒƒã‚¯ã®ä¾‹ã§ã¯ã€wolftpm src / tpm2_wrap.cã®wolftpm2_cryptodevcb関数をå‚ç…§ã—ã¦ãã ã•ã„。 - \return CRYPTOCB_UNAVAILABLE ソフトウェア暗å·ã‚’使用ã™ã‚‹ãŸã‚ã«ãƒ•ォールãƒãƒƒã‚¯ã™ã‚‹ - \return 0 æˆåŠŸã®ãŸã‚ã« - \return negative 失敗ã®å€¤ - \param devId -2(invalid_devid)ã§ã¯ãªãã€ä¸€æ„ã®å€¤ã§ã¯ã‚りã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€Key Storeã€Secure Elementã€HSMã€PKCS11ã€TPMãªã©ã®å¤–部ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã¸ã®æš—å·æ“作ã®ã‚ªãƒ•ロードã®ãŸã‚ã«ã€ä¸€æ„ã®ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­(devID)ã¨ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚ + + Crypto Callbacksを使用ã—ãŸSTSAFEã®ä¾‹ã«ã¤ã„ã¦ã¯ã€wolfcrypt/src/port/st/stsafe.cã¨wolfSSL_STSAFE_CryptoDevCb関数をå‚ç…§ã—ã¦ãã ã•ã„。 + + TPMãƒ™ãƒ¼ã‚¹ã®æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ä¾‹ã«ã¤ã„ã¦ã¯ã€wolfTPM src/tpm2_wrap.cã®wolfTPM2_CryptoDevCb関数をå‚ç…§ã—ã¦ãã ã•ã„。 + + \return CRYPTOCB_UNAVAILABLE ソフトウェア暗å·ã®ä½¿ç”¨ã«ãƒ•ォールãƒãƒƒã‚¯ã™ã‚‹å ´åˆ + \return 0 æˆåŠŸæ™‚ + \return è² ã®å€¤ 失敗時 + + \param devId -2(INVALID_DEVID)以外ã®ä»»æ„ã®ä¸€æ„ã®å€¤ + \param cb 次ã®ãƒ—ロトタイプをæŒã¤ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°: + typedef int (*CryptoDevCallbackFunc)(int devId, wc_CryptoInfo* info, void* ctx); + _Example_ \code #include @@ -19,7 +29,7 @@ switch (info->pk.rsa.type) { case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_DECRYPT: - // RSA public op + // RSA公開鵿“作 ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, @@ -28,7 +38,7 @@ break; case RSA_PRIVATE_ENCRYPT: case RSA_PRIVATE_DECRYPT: - // RSA private op + // RSAç§˜å¯†éµæ“作 ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, @@ -49,7 +59,7 @@ #endif #ifdef HAVE_ED25519 if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { - // ED25519 sign + // ED25519ç½²å ret = wc_ed25519_sign_msg_ex( info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, @@ -66,6 +76,7 @@ wc_CryptoCb_RegisterDevice(devId, myCryptoCb_Func, &myCtx); wolfSSL_CTX_SetDevId(ctx, devId); \endcode + \sa wc_CryptoCb_UnRegisterDevice \sa wolfSSL_SetDevId \sa wolfSSL_CTX_SetDevId @@ -74,14 +85,20 @@ /*! \ingroup CryptoCb - \brief ã“ã®é–¢æ•°ã¯ã€å›ºæœ‰ã®ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ï¼ˆdevid)コールãƒãƒƒã‚¯é–¢æ•°ã‚’除外ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸€æ„ã®ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­(devID)ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã®ç™»éŒ²ã‚’解除ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param devId -2(INVALID_DEVID)以外ã®ä»»æ„ã®ä¸€æ„ã®å€¤ + _Example_ \code wc_CryptoCb_UnRegisterDevice(devId); devId = INVALID_DEVID; wolfSSL_CTX_SetDevId(ctx, devId); \endcode + \sa wc_CryptoCb_RegisterDevice \sa wolfSSL_SetDevId \sa wolfSSL_CTX_SetDevId diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve25519.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,26 +1,32 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸã‚µã‚¤ã‚ºï¼ˆKeysizeï¼‰ã®æŒ‡å®šã•れãŸä¹±æ•°ç™ºç”Ÿå™¨RNGを使用ã—ã¦Curve25519キーを生æˆã—ã€ãれを指定ã•れãŸCurve25519_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚キー構造ãŒWC_CURVE25519_INIT()を介ã—ã¦åˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ - \return 0 キーã®ç”Ÿæˆã«æˆåŠŸã—ã€ãれを指定ã•れãŸCurve25519_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーサイズãŒCurve25519キー(32ãƒã‚¤ãƒˆï¼‰ã®ã‚­ãƒ¼ã‚·ã‚§ã‚¤ã‚ºã«å¯¾å¿œã—ã¦ã„ãªã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return RNG_FAILURE_E RNGã®å†…部ステータスãŒDRBG_OKã§ãªã„å ´åˆã€ã¾ãŸã¯RNGを使用ã—ã¦æ¬¡ã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] RNG ECCキーã®ç”Ÿæˆã«ä½¿ç”¨ã•れるRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] キーサイズ生æˆã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã€‚Curve25519ã®32ãƒã‚¤ãƒˆã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸä¹±æ•°ç”Ÿæˆå™¨rngを使用ã—ã¦ã€ä¸Žãˆã‚‰ã‚ŒãŸã‚µã‚¤ã‚ºï¼ˆkeysize)ã®Curve25519éµã‚’生æˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸcurve25519_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚wc_curve25519_init()を通ã˜ã¦éµæ§‹é€ ä½“ãŒåˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 éµã®ç”Ÿæˆã«æˆåŠŸã—ã€ä¸Žãˆã‚‰ã‚ŒãŸcurve25519_keyæ§‹é€ ä½“ã«æ ¼ç´ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力keysizeãŒcurve25519éµã®keysizeã«å¯¾å¿œã—ã¦ã„ãªã„å ´åˆï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã«è¿”ã•れã¾ã™ã€‚ + \return RNG_FAILURE_E rng内部ステータスãŒDRBG_OKã§ãªã„å ´åˆã€ã¾ãŸã¯rngã§æ¬¡ã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] rng eccéµã‚’生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keysize 生æˆã™ã‚‹éµã®ã‚µã‚¤ã‚ºã€‚curve25519ã§ã¯32ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in,out] key 生æˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; curve25519_key key; - wc_curve25519_init(&key); // initialize key + wc_curve25519_init(&key); // éµã‚’åˆæœŸåŒ– WC_RNG rng; - wc_InitRng(&rng); // initialize random number generator + wc_InitRng(&rng); // 乱数生æˆå™¨ã‚’åˆæœŸåŒ– ret = wc_curve25519_make_key(&rng, 32, &key); if (ret != 0) { - // error making Curve25519 key + // Curve25519éµä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init */ @@ -28,13 +34,18 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’考ãˆã‚‹ã¨ã€å…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ァアウトã«ä¿å­˜ã—ã€ounlentã®ç§˜å¯†éµã®å¤‰æ•°ã‚’割り当ã¦ã¾ã™ã€‚ビッグエンディアンã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 共有秘密éµã‚’正常ã«è¨ˆç®—ã—ãŸã¨ãã«è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 公開éµã®æœ€åˆã®ãƒ“ットãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã¯ã€å®Ÿè£…ã®æŒ‡ç´‹ã‚’é¿ã‘ã‚‹ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param [in] Private_Key Curve25519_Key構造体ã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れã¾ã—ãŸã€‚ - \param [in] public_keyå—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€Curve25519_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 32ãƒã‚¤ãƒˆè¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’与ãˆã‚‰ã‚ŒãŸå…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ç§˜å¯†éµã®å¤‰æ•°ã‚’outlenã«å‰²ã‚Šå½“ã¦ã¾ã™ã€‚ビッグエンディアンã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 共有秘密éµã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 実装フィンガープリントを回é¿ã™ã‚‹ãŸã‚ã«ã€å…¬é–‹éµã®æœ€åˆã®ãƒ“ットãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] private_key ユーザーã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れãŸcurve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 32ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; @@ -42,13 +53,14 @@ byte sharedKey[32]; word32 keySz; curve25519_key privKey, pubKey; - // initialize both keys + // 両方ã®éµã‚’åˆæœŸåŒ– ret = wc_curve25519_shared_secret(&privKey, &pubKey, sharedKey, &keySz); if (ret != 0) { - // error generating shared key + // 共有éµç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_shared_secret_ex @@ -60,14 +72,19 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’考ãˆã‚‹ã¨ã€å…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ァアウトã«ä¿å­˜ã—ã€ounlentã®ç§˜å¯†éµã®å¤‰æ•°ã‚’割り当ã¦ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 共有秘密éµã‚’正常ã«è¨ˆç®—ã—ãŸã¨ãã«è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 公開éµã®æœ€åˆã®ãƒ“ットãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã¯ã€å®Ÿè£…ã®æŒ‡ç´‹ã‚’é¿ã‘ã‚‹ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param [in] Private_Key Curve25519_Key構造体ã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れã¾ã—ãŸã€‚ - \param [in] public_keyå—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€Curve25519_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 32ãƒã‚¤ãƒˆè¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param pin,out] 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•を記憶ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã®æ¦‚è¦ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’与ãˆã‚‰ã‚ŒãŸå…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ç§˜å¯†éµã®å¤‰æ•°ã‚’outlenã«å‰²ã‚Šå½“ã¦ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 共有秘密éµã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 実装フィンガープリントを回é¿ã™ã‚‹ãŸã‚ã«ã€å…¬é–‹éµã®æœ€åˆã®ãƒ“ットãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] private_key ユーザーã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れãŸcurve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 32ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -76,14 +93,15 @@ word32 keySz; curve25519_key privKey, pubKey; - // initialize both keys + // 両方ã®éµã‚’åˆæœŸåŒ– ret = wc_curve25519_shared_secret_ex(&privKey, &pubKey, sharedKey, &keySz, EC25519_BIG_ENDIAN); if (ret != 0) { - // error generating shared key + // 共有éµç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_shared_secret @@ -95,15 +113,21 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯Curve25519ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚構造ã®ã‚­ãƒ¼ã‚’生æˆã™ã‚‹å‰ã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ - \return 0 Curve25519_Key構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯Curve25519éµã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚構造体ã®éµã‚’生æˆã™ã‚‹å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in,out] key åˆæœŸåŒ–ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code curve25519_key key; - wc_curve25519_init(&key); // initialize key - // make key and proceed to encryption + wc_curve25519_init(&key); // éµã‚’åˆæœŸåŒ– + // éµã‚’作æˆã—ã€æš—å·åŒ–ã«é€²ã‚€ \endcode + \sa wc_curve25519_make_key */ @@ -111,13 +135,18 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯Curve25519オブジェクトを解放ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯Curve25519オブジェクトを解放ã—ã¾ã™ã€‚ + + \param [in,out] key 解放ã™ã‚‹éµã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code curve25519_key privKey; - // initialize key, use it to generate shared secret key + // éµã‚’åˆæœŸåŒ–ã—ã€å…±æœ‰ç§˜å¯†éµã®ç”Ÿæˆã«ä½¿ç”¨ wc_curve25519_free(&privKey); \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key */ @@ -126,25 +155,31 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯Curve25519秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚(ビッグエンディアン)。 - \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯PRIVãŒNULLã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒcurve25519_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 + + \brief ã“ã®é–¢æ•°ã¯curve25519秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚(ビッグエンディアン) + + \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯privãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE25519_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte priv[] = { Contents of private key }; + byte priv[] = { // 秘密éµã®å†…容 }; curve25519_key key; wc_curve25519_init(&key); ret = wc_curve25519_import_private(priv, sizeof(priv), &key); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_import_private_ex \sa wc_curve25519_size */ @@ -154,28 +189,34 @@ /*! \ingroup Curve25519 - \brief CURVE25519秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã®ã¿ã€‚(大ããªã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ï¼‰ã€‚ - \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯PRIVãŒNULLã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒcurve25519_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in,out] インãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief curve25519秘密éµã®ã¿ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã€‚(ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ï¼‰ + + \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯privãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE25519_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; - byte priv[] = { // Contents of private key }; + byte priv[] = { // 秘密éµã®å†…容 }; curve25519_key key; wc_curve25519_init(&key); ret = wc_curve25519_import_private_ex(priv, sizeof(priv), &key, EC25519_BIG_ENDIAN); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_import_private \sa wc_curve25519_size */ @@ -185,32 +226,38 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘ブリック秘密éµãƒšã‚¢ã‚’Curve25519_Key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve25519_Key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒPublicキーサイズã¾ãŸã¯ç§˜å¯†éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in] パブリックキーをインãƒãƒ¼ãƒˆã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®Pubszé•·ã•。 + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµ-秘密éµãƒšã‚¢ã‚’curve25519_key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve25519_key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力éµã®éµã‚µã‚¤ã‚ºãŒå…¬é–‹éµã¾ãŸã¯ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in] pub インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; byte priv[32]; byte pub[32]; - // initialize with public and private keys + // 公開éµã¨ç§˜å¯†éµã§åˆæœŸåŒ– curve25519_key key; wc_curve25519_init(&key); - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve25519_import_private_raw(&priv, sizeof(priv), pub, sizeof(pub), &key); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_import_public @@ -222,32 +269,38 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘ブリック秘密éµãƒšã‚¢ã‚’Curve25519_Key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 Curve25519_Key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 戻ã•れãŸIFã¾ãŸã¯å…¥åŠ›ã‚­ãƒ¼ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒãƒ‘ブリックキーサイズã¾ãŸã¯ç§˜å¯†éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in] パブリックキーをインãƒãƒ¼ãƒˆã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®Pubszé•·ã•。 - \param [in,out] インãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµ-秘密éµãƒšã‚¢ã‚’curve25519_key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力éµã®éµã‚µã‚¤ã‚ºãŒå…¬é–‹éµã¾ãŸã¯ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in] pub インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; byte priv[32]; byte pub[32]; - // initialize with public and private keys + // 公開éµã¨ç§˜å¯†éµã§åˆæœŸåŒ– curve25519_key key; wc_curve25519_init(&key); - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve25519_import_private_raw_ex(&priv, sizeof(priv), pub, sizeof(pub), &key, EC25519_BIG_ENDIAN); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_import_public @@ -259,14 +312,21 @@ const byte* pub, word32 pubSz, curve25519_key* key, int endian); + /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯Curve25519_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ãれを指定ã•れãŸã‚¢ã‚¦ãƒˆãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã«ãªã‚‹ã‚ˆã†ã«æ¦‚è¦ã‚’設定ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve25519_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E WC_CURVE25519_SIZE()ãŒã‚­ãƒ¼ã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] エクスãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€curve25519_key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸoutãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€outLenをエクスãƒãƒ¼ãƒˆã•れãŸéµã®ã‚µã‚¤ã‚ºã«è¨­å®šã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E wc_curve25519_size()ãŒkeyã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out エクスãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -274,13 +334,14 @@ int privSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_private_raw(&key, priv, &privSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_import_private_raw @@ -292,13 +353,19 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯Curve25519_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ãれを指定ã•れãŸã‚¢ã‚¦ãƒˆãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã«ãªã‚‹ã‚ˆã†ã«æ¦‚è¦ã‚’設定ã—ã¾ã™ã€‚ãれãŒãƒ“ッグ・リトルエンディアンã‹ã‚’指定ã§ãã¾ã™ã€‚ - \return 0 Curve25519_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E WC_CURVE25519_SIZE()ãŒã‚­ãƒ¼ã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] エクスãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] INã«ç…§ä¼šã¯ã€ãƒã‚¤ãƒˆæ•°ã®ã‚µã‚¤ã‚ºã§ã™ã€‚ON OUTã§ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€curve25519_key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸoutãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€outLenをエクスãƒãƒ¼ãƒˆã•れãŸéµã®ã‚µã‚¤ã‚ºã«è¨­å®šã—ã¾ã™ã€‚ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã‚’指定ã§ãã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E wc_curve25519_size()ãŒkeyã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out エクスãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -306,13 +373,14 @@ byte priv[32]; int privSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, EC25519_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key \sa wc_curve25519_import_private_raw @@ -325,27 +393,33 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€ãれをCurve25519_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 公開éµã‚’Curve25519_Keyæ§‹é€ ä½“ã«æ­£å¸¸ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E InLenパラメータãŒã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸinãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€curve25519_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã¸ã®å…¬é–‹éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E inLenパラメータãŒéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key éµã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; byte pub[32]; - // initialize pub with public key + // pubを公開éµã§åˆæœŸåŒ– curve25519_key key; - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve25519_import_public(pub,sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_export_public \sa wc_curve25519_import_private_raw @@ -359,28 +433,34 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€ãれをCurve25519_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 公開éµã‚’Curve25519_Keyæ§‹é€ ä½“ã«æ­£å¸¸ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E InLenパラメータãŒã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ - \param [in,out] キーをä¿å­˜ã™ã‚‹ã‚«ãƒ¼ãƒ–25519キー構造ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸinãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€curve25519_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã¸ã®å…¬é–‹éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E inLenパラメータãŒéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key éµã‚’æ ¼ç´ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; byte pub[32]; - // initialize pub with public key + // pubを公開éµã§åˆæœŸåŒ– curve25519_key key; - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve25519_import_public_ex(pub, sizeof(pub), &key, EC25519_BIG_ENDIAN); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_export_public \sa wc_curve25519_import_private_raw @@ -394,23 +474,29 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµãƒãƒƒãƒ•ã‚¡ãŒæŒ‡å®šã•れãŸã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã«å¯¾ã—ã¦æœ‰åйãªCurve2519ã‚­ãƒ¼å€¤ã‚’ä¿æŒã—ã¦ã„ã‚‹ã“ã¨ã‚’確èªã—ã¾ã™ã€‚ - \return 0 公開éµã®å€¤ãŒæœ‰åйãªã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 公開éµã®å€¤ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã®å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®Pubãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã®å…¬é–‹éµã®é•·ã•を掲載ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³é †åºã‚’考慮ã—ã¦ã€å…¬é–‹éµãƒãƒƒãƒ•ã‚¡ãŒæœ‰åйãªCurve25519éµå€¤ã‚’ä¿æŒã—ã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 公開éµã®å€¤ãŒæœ‰åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 公開éµã®å€¤ãŒæœ‰åйã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] pub ãƒã‚§ãƒƒã‚¯ã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz ãƒã‚§ãƒƒã‚¯ã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; - byte pub[] = { Contents of public key }; + byte pub[] = { // 公開éµã®å†…容 }; ret = wc_curve25519_check_public_ex(pub, sizeof(pub), EC25519_BIG_ENDIAN); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_import_public \sa wc_curve25519_import_public_ex @@ -421,12 +507,18 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve25519_Key構造体ã‹ã‚‰å…¬é–‹éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ä¸Šã§è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E outlenãŒcurve25519_pub_key_sizeよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹Curve25519_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E outLenãŒCURVE25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -435,12 +527,13 @@ int pubSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_public(&key, pub, &pubSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_export_private_raw \sa wc_curve25519_import_public @@ -450,13 +543,19 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 Curve25519_Key構造体ã‹ã‚‰å…¬é–‹éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ä¸Šã§è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E outlenãŒcurve25519_pub_key_sizeよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹Curve25519_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] INã«ç…§ä¼šã¯ã€ãƒã‚¤ãƒˆæ•°ã®ã‚µã‚¤ã‚ºã§ã™ã€‚ON OUTã§ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E outLenãŒCURVE25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -465,13 +564,14 @@ int pubSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_public_ex(&key, pub, &pubSz, EC25519_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_init \sa wc_curve25519_export_private_raw \sa wc_curve25519_import_public @@ -482,14 +582,21 @@ /*! \ingroup Curve25519 - \brief Export Curve25519キーペア。ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve25519_Key構造体ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUV25519_SEY_SIZEã¾ãŸã¯PUBSZよりもå°ã•ã„å ´åˆã¯ã€PUBSZãŒCURUG25519_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹CURUN448_KEY構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] PRIVSZ ON INã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [out] パブリックキーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 + + \brief Curve25519éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE25519_KEY_SIZEよりå°ã•ã„ã€ã¾ãŸã¯pubSzãŒCURVE25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz 入力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz 入力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -500,13 +607,14 @@ int privSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_key_raw(&key, priv, &privSz, pub, &pubSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_export_key_raw_ex \sa wc_curve25519_export_private_raw */ @@ -517,15 +625,22 @@ /*! \ingroup Curve25519 - \brief Export Curve25519キーペア。ビッグ・リトルエンディアン。 - \return 0 Curve25519_Key構造体ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUV25519_SEY_SIZEã¾ãŸã¯PUBSZよりもå°ã•ã„å ´åˆã¯ã€PUBSZãŒCURUG25519_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹CURUN448_KEY構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] PRIVSZ ON INã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [out] パブリックキーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in,out] PUBSZ ON INã¯ã€ãƒ‘ブãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã§ã¯ã€PUBãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief curve25519éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã€‚ + + \return 0 curve25519_key構造体ã‹ã‚‰éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE25519_KEY_SIZEよりå°ã•ã„ã€ã¾ãŸã¯pubSzãŒCURVE25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz 入力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz 入力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC25519_BIG_ENDIANã¾ãŸã¯EC25519_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -536,14 +651,15 @@ int privSz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve25519_export_key_raw_ex(&key,priv, &privSz, pub, &pubSz, EC25519_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve25519_export_key_raw \sa wc_curve25519_export_private_raw_ex \sa wc_curve25519_export_public_ex @@ -556,18 +672,24 @@ /*! \ingroup Curve25519 - \brief ã“ã®é–¢æ•°ã¯ä¸Žãˆã‚‰ã‚ŒãŸã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return Success 有効ãªåˆæœŸåŒ–ã•れãŸCurve25519_Key構造体を考慮ã™ã‚‹ã¨ã€ã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 キーãŒNULLã®å ´åˆã¯è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return Success 有効ã§åˆæœŸåŒ–ã•れãŸcurve25519_key構造体ãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€éµã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’決定ã™ã‚‹curve25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int keySz; curve25519_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ keySz = wc_curve25519_size(&key); \endcode + \sa wc_curve25519_init \sa wc_curve25519_make_key */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve448.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve448.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/curve448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,26 +1,32 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸã‚µã‚¤ã‚ºï¼ˆKeysize)ã®ã‚µã‚¤ã‚ºã®æŒ‡å®šã•れãŸä¹±æ•°ç™ºç”Ÿå™¨RNGを使用ã—ã¦Curve448キーを生æˆã—ã€ãれを指定ã•れãŸCurve448_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚キー構造ãŒWC_CURVE448_INIT()を介ã—ã¦åˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ - \return 0 キーã®ç”Ÿæˆã«æˆåŠŸã—ã€ãれを指定ã•れãŸCurve448_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーサイズãŒCurve448キー(56ãƒã‚¤ãƒˆï¼‰ã®ã‚­ãƒ¼ã‚·ã‚§ã‚¤ã‚ºã«å¯¾å¿œã—ã¦ã„ãªã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return RNG_FAILURE_E RNGã®å†…部ステータスãŒDRBG_OKã§ãªã„å ´åˆã€ã¾ãŸã¯RNGを使用ã—ã¦æ¬¡ã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] RNG ECCキーã®ç”Ÿæˆã«ä½¿ç”¨ã•れるRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] キーサイズ生æˆã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã€‚Curve448ã®å ´åˆã¯56ãƒã‚¤ãƒˆã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸä¹±æ•°ç”Ÿæˆå™¨rngを使用ã—ã¦ã€ä¸Žãˆã‚‰ã‚ŒãŸã‚µã‚¤ã‚ºï¼ˆkeysize)ã®Curve448éµã‚’生æˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸcurve448_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚wc_curve448_init()を通ã˜ã¦éµæ§‹é€ ä½“ãŒåˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 éµã®ç”Ÿæˆã«æˆåŠŸã—ã€ä¸Žãˆã‚‰ã‚ŒãŸcurve448_keyæ§‹é€ ä½“ã«æ ¼ç´ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力keysizeãŒcurve448éµã®keysizeã«å¯¾å¿œã—ã¦ã„ãªã„å ´åˆï¼ˆ56ãƒã‚¤ãƒˆï¼‰ã«è¿”ã•れã¾ã™ã€‚ + \return RNG_FAILURE_E rng内部ステータスãŒDRBG_OKã§ãªã„å ´åˆã€ã¾ãŸã¯rngã§æ¬¡ã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] rng eccéµã‚’生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keysize 生æˆã™ã‚‹éµã®ã‚µã‚¤ã‚ºã€‚curve448ã§ã¯56ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in,out] key 生æˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; curve448_key key; - wc_curve448_init(&key); // initialize key + wc_curve448_init(&key); // éµã‚’åˆæœŸåŒ– WC_RNG rng; - wc_InitRng(&rng); // initialize random number generator + wc_InitRng(&rng); // 乱数生æˆå™¨ã‚’åˆæœŸåŒ– ret = wc_curve448_make_key(&rng, 56, &key); if (ret != 0) { - // error making Curve448 key + // Curve448éµä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init */ @@ -28,12 +34,17 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’考ãˆã‚‹ã¨ã€å…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ァアウトã«ä¿å­˜ã—ã€ounlentã®ç§˜å¯†éµã®å¤‰æ•°ã‚’割り当ã¦ã¾ã™ã€‚ビッグエンディアンã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 共有秘密éµã‚’正常ã«è¨ˆç®—ã™ã‚‹ä¸Šã§è¿”å´ã•れã¾ã—㟠- \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãƒ¼ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ - \param [in] Private_Key Curve448_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れã¾ã—ãŸã€‚ - \param [in] public_keyå—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€Curve448_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 56ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’与ãˆã‚‰ã‚ŒãŸå…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ç§˜å¯†éµã®å¤‰æ•°ã‚’outlenã«å‰²ã‚Šå½“ã¦ã¾ã™ã€‚ビッグエンディアンã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 共有秘密éµã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] private_key ユーザーã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れãŸcurve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 56ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; @@ -41,13 +52,14 @@ byte sharedKey[56]; word32 keySz; curve448_key privKey, pubKey; - // initialize both keys + // 両方ã®éµã‚’åˆæœŸåŒ– ret = wc_curve448_shared_secret(&privKey, &pubKey, sharedKey, &keySz); if (ret != 0) { - // error generating shared key + // 共有éµç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_shared_secret_ex @@ -59,13 +71,18 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’考ãˆã‚‹ã¨ã€å…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ァアウトã«ä¿å­˜ã—ã€ounlentã®ç§˜å¯†éµã®å¤‰æ•°ã‚’割り当ã¦ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 共有秘密éµã‚’正常ã«è¨ˆç®—ã—ãŸã¨ãã«è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] Private_Key Curve448_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れã¾ã—ãŸã€‚ - \param [in] public_keyå—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€Curve448_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 56ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•を記憶ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã®æ¦‚è¦ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†ã®ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’与ãˆã‚‰ã‚ŒãŸå…±æœ‰ç§˜å¯†éµã‚’計算ã—ã¾ã™ã€‚生æˆã•れãŸç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ç§˜å¯†éµã®å¤‰æ•°ã‚’outlenã«å‰²ã‚Šå½“ã¦ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 共有秘密éµã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 渡ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] private_key ユーザーã®ç§˜å¯†éµã§åˆæœŸåŒ–ã•れãŸcurve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 56ãƒã‚¤ãƒˆã®è¨ˆç®—ã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -74,14 +91,15 @@ word32 keySz; curve448_key privKey, pubKey; - // initialize both keys + // 両方ã®éµã‚’åˆæœŸåŒ– ret = wc_curve448_shared_secret_ex(&privKey, &pubKey, sharedKey, &keySz, EC448_BIG_ENDIAN); if (ret != 0) { - // error generating shared key + // 共有éµç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_shared_secret @@ -93,15 +111,21 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯Curve448ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚構造ã®ã‚­ãƒ¼ã‚’生æˆã™ã‚‹å‰ã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ - \return 0 Curve448_Key構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯Curve448éµã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚構造体ã®éµã‚’生æˆã™ã‚‹å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 curve448_key構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in,out] key åˆæœŸåŒ–ã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code curve448_key key; - wc_curve448_init(&key); // initialize key - // make key and proceed to encryption + wc_curve448_init(&key); // éµã‚’åˆæœŸåŒ– + // éµã‚’作æˆã—ã€æš—å·åŒ–ã«é€²ã‚€ \endcode + \sa wc_curve448_make_key */ @@ -109,13 +133,18 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯Curve448オブジェクトを解放ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯Curve448オブジェクトを解放ã—ã¾ã™ã€‚ + + \param [in,out] key 解放ã™ã‚‹éµã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code curve448_key privKey; - // initialize key, use it to generate shared secret key + // éµã‚’åˆæœŸåŒ–ã—ã€å…±æœ‰ç§˜å¯†éµã®ç”Ÿæˆã«ä½¿ç”¨ wc_curve448_free(&privKey); \endcode + \sa wc_curve448_init \sa wc_curve448_make_key */ @@ -124,25 +153,31 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯Curve448秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚(ビッグエンディアン)。 - \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯PRIVãŒNULLã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUG448_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 + + \brief ã“ã®é–¢æ•°ã¯curve448秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚(ビッグエンディアン) + + \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯privãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE448_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte priv[] = { Contents of private key }; + byte priv[] = { // 秘密éµã®å†…容 }; curve448_key key; wc_curve448_init(&key); ret = wc_curve448_import_private(priv, sizeof(priv), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_import_private_ex \sa wc_curve448_size */ @@ -152,28 +187,34 @@ /*! \ingroup Curve448 - \brief CURVE448秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã®ã¿ã€‚(ビッグエンディアン)。 - \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯PRIVãŒNULLã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUG448_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in,out] インãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief curve448秘密éµã®ã¿ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã€‚(ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ï¼‰ + + \return 0 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯privãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE448_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; - byte priv[] = { // Contents of private key }; + byte priv[] = { // 秘密éµã®å†…容 }; curve448_key key; wc_curve448_init(&key); ret = wc_curve448_import_private_ex(priv, sizeof(priv), &key, EC448_BIG_ENDIAN); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_import_private \sa wc_curve448_size */ @@ -183,32 +224,38 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€public-秘密éµã®ãƒšã‚¢ã‚’Curve448_Key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve448_Key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒPublicキーサイズã¾ãŸã¯ç§˜å¯†éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in] パブリックキーをインãƒãƒ¼ãƒˆã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®Pubszé•·ã•。 + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµ-秘密éµãƒšã‚¢ã‚’curve448_key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve448_key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力éµã®éµã‚µã‚¤ã‚ºãŒå…¬é–‹éµã¾ãŸã¯ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in] pub インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; byte priv[56]; byte pub[56]; - // initialize with public and private keys + // 公開éµã¨ç§˜å¯†éµã§åˆæœŸåŒ– curve448_key key; wc_curve448_init(&key); - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve448_import_private_raw(&priv, sizeof(priv), pub, sizeof(pub), &key); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_import_public @@ -220,33 +267,39 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€public-秘密éµã®ãƒšã‚¢ã‚’Curve448_Key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 Curve448_Key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒPublicキーサイズã¾ãŸã¯ç§˜å¯†éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ãƒˆã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®Privsz長。 - \param [in] パブリックキーをインãƒãƒ¼ãƒˆã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®Pubszé•·ã•。 - \param [in,out] インãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµ-秘密éµãƒšã‚¢ã‚’curve448_key構造体ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 curve448_key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力éµã®éµã‚µã‚¤ã‚ºãŒå…¬é–‹éµã¾ãŸã¯ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz インãƒãƒ¼ãƒˆã™ã‚‹ç§˜å¯†éµã®é•·ã•。 + \param [in] pub インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; byte priv[56]; byte pub[56]; - // initialize with public and private keys + // 公開éµã¨ç§˜å¯†éµã§åˆæœŸåŒ– curve448_key key; wc_curve448_init(&key); - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve448_import_private_raw_ex(&priv, sizeof(priv), pub, sizeof(pub), &key, EC448_BIG_ENDIAN); if (ret != 0) { - // error importing keys + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_import_public @@ -260,12 +313,18 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯Curve448_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ãれを指定ã•れãŸãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã«ãªã‚‹ã‚ˆã†ã«æ¦‚è¦ã‚’設定ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve448_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ä¸Šã§è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E WC_CURVE448_SIZE()ãŒã‚­ãƒ¼ã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] エクスãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€curve448_key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸoutãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€outLenをエクスãƒãƒ¼ãƒˆã•れãŸéµã®ã‚µã‚¤ã‚ºã«è¨­å®šã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve448_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E wc_curve448_size()ãŒkeyã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out エクスãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -273,13 +332,14 @@ int privSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_private_raw(&key, priv, &privSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_import_private_raw @@ -291,13 +351,19 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯Curve448_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ãれを指定ã•れãŸãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã«ãªã‚‹ã‚ˆã†ã«æ¦‚è¦ã‚’設定ã—ã¾ã™ã€‚ãれãŒå¤§ãã„ã‹ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã‹ã‚’指定ã§ãã¾ã™ã€‚ - \return 0 Curve448_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’正常ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ä¸Šã§è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E WC_CURVE448_SIZE()ãŒã‚­ãƒ¼ã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] エクスãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] INã«ç…§ä¼šã¯ã€ãƒã‚¤ãƒˆæ•°ã®ã‚µã‚¤ã‚ºã§ã™ã€‚ON OUTã§ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€curve448_key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã€ä¸Žãˆã‚‰ã‚ŒãŸoutãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€outLenをエクスãƒãƒ¼ãƒˆã•れãŸéµã®ã‚µã‚¤ã‚ºã«è¨­å®šã—ã¾ã™ã€‚ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã‚’指定ã§ãã¾ã™ã€‚ + + \return 0 curve448_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E wc_curve448_size()ãŒkeyã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out エクスãƒãƒ¼ãƒˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -305,13 +371,14 @@ byte priv[56]; int privSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_private_raw_ex(&key, priv, &privSz, EC448_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_make_key \sa wc_curve448_import_private_raw @@ -324,27 +391,33 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€ãれをCurve448_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 公開éµã‚’Curve448_Keyæ§‹é€ ä½“ã«æ­£å¸¸ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E InLenパラメータãŒã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸinãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€curve448_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 curve448_key構造体ã¸ã®å…¬é–‹éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E inLenパラメータãŒéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key éµã‚’æ ¼ç´ã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; byte pub[56]; - // initialize pub with public key + // pubを公開éµã§åˆæœŸåŒ– curve448_key key; - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve448_import_public(pub,sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_export_public \sa wc_curve448_import_private_raw @@ -358,28 +431,34 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€ãれをCurve448_Keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 公開éµã‚’Curve448_Keyæ§‹é€ ä½“ã«æ­£å¸¸ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E InLenパラメータãŒã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ - \param [in,out] キーをä¿å­˜ã™ã‚‹Curve448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸinãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆã—ã€curve448_keyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 curve448_key構造体ã¸ã®å…¬é–‹éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E inLenパラメータãŒéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen インãƒãƒ¼ãƒˆã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in,out] key éµã‚’æ ¼ç´ã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; byte pub[56]; - // initialize pub with public key + // pubを公開éµã§åˆæœŸåŒ– curve448_key key; - // initialize key + // éµã‚’åˆæœŸåŒ– ret = wc_curve448_import_public_ex(pub, sizeof(pub), &key, EC448_BIG_ENDIAN); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_export_public \sa wc_curve448_import_private_raw @@ -393,23 +472,29 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³é †åºä»˜ã‘を与ãˆã‚‰ã‚ŒãŸæœ‰åйãªCurve448ã‚­ãƒ¼å€¤ã‚’ä¿æŒã™ã‚‹ã“ã¨ã‚’確èªã—ã¾ã™ã€‚ - \return 0 公開éµã®å€¤ãŒæœ‰åйãªã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 公開éµã®å€¤ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã®å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®Pubãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã®å…¬é–‹éµã®é•·ã•を掲載ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³é †åºã‚’考慮ã—ã¦ã€å…¬é–‹éµãƒãƒƒãƒ•ã‚¡ãŒæœ‰åйãªCurve448éµå€¤ã‚’ä¿æŒã—ã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 公開éµã®å€¤ãŒæœ‰åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 公開éµã®å€¤ãŒæœ‰åйã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] pub ãƒã‚§ãƒƒã‚¯ã™ã‚‹å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz ãƒã‚§ãƒƒã‚¯ã™ã‚‹å…¬é–‹éµã®é•·ã•。 + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; - byte pub[] = { Contents of public key }; + byte pub[] = { // 公開éµã®å†…容 }; ret = wc_curve448_check_public_ex(pub, sizeof(pub), EC448_BIG_ENDIAN); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_import_public \sa wc_curve448_import_public_ex @@ -420,12 +505,18 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve448_Key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E outlenãŒcurve448_pub_key_sizeよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹Curve448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve448_key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E outLenãŒCURVE448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -434,13 +525,14 @@ int pubSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_public(&key, pub, &pubSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_export_private_raw \sa wc_curve448_import_public @@ -450,13 +542,19 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグ・リトルエンディアンã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 Curve448_Key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E outlenãŒcurve448_pub_key_sizeよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーをエクスãƒãƒ¼ãƒˆã™ã‚‹Curve448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] INã«ç…§ä¼šã¯ã€ãƒã‚¤ãƒˆæ•°ã®ã‚µã‚¤ã‚ºã§ã™ã€‚ON OUTã§ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã¨ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã®ä¸¡æ–¹ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 curve448_key構造体ã‹ã‚‰å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E outLenãŒCURVE448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen 入力時ã¯ã€outã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -465,13 +563,14 @@ int pubSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_public_ex(&key, pub, &pubSz, EC448_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_init \sa wc_curve448_export_private_raw \sa wc_curve448_import_public @@ -482,14 +581,21 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ - \return 0 Curve448_Key構造体ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUV448_KEY_SIZEã¾ãŸã¯PUBSZよりもå°ã•ã„å ´åˆã¯ã€Curge448_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹CURUN448_KEY構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] PRIVSZ ON INã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [out] パブリックキーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã®ã¿ã€‚ + + \return 0 curve448_key構造体ã‹ã‚‰éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE448_KEY_SIZEよりå°ã•ã„ã€ã¾ãŸã¯pubSzãŒCURVE448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz 入力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz 入力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + _Example_ \code int ret; @@ -500,13 +606,14 @@ int privSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_export_key_raw_ex \sa wc_curve448_export_private_raw */ @@ -517,16 +624,23 @@ /*! \ingroup Curve448 - \brief Curve448キーペアをエクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグã€ã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã€‚ - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸã‚­ãƒ¼æ§‹é€ ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’アウトãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグã€ã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG 入力パラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E PRIVSZãŒCURUV448_KEY_SIZEã¾ãŸã¯PUBSZよりもå°ã•ã„å ´åˆã¯ã€Curge448_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹CURUN448_KEY構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] PRIVSZ ON INã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã¯ã€PRIVãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [out] パブリックキーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 - \param [in,out] PUBSZ ON INã¯ã€ãƒ‘ブãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ï¼‰ã§ã™ã€‚ON OUTã§ã¯ã€PUBãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief curve448éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã‹ã‚‰éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ビッグエンディアンã¾ãŸã¯ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³ã€‚ + + \return 0 æˆåŠŸã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E privSzãŒCURVE448_KEY_SIZEよりå°ã•ã„ã€ã¾ãŸã¯pubSzãŒCURVE448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz 入力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€privãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz 入力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + 出力時ã¯ã€pubãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param [in] endian 使用ã™ã‚‹å½¢å¼ã‚’設定ã™ã‚‹ãŸã‚ã®EC448_BIG_ENDIANã¾ãŸã¯EC448_LITTLE_ENDIAN。 + _Example_ \code int ret; @@ -537,14 +651,15 @@ int privSz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ ret = wc_curve448_export_key_raw_ex(&key,priv, &privSz, pub, &pubSz, EC448_BIG_ENDIAN); if (ret != 0) { - // error exporting key + // éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_curve448_export_key_raw \sa wc_curve448_export_private_raw_ex \sa wc_curve448_export_public_ex @@ -557,18 +672,24 @@ /*! \ingroup Curve448 - \brief ã“ã®é–¢æ•°ã¯ä¸Žãˆã‚‰ã‚ŒãŸã‚­ãƒ¼æ§‹é€ ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return Success 有効ãªåˆæœŸåŒ–ã•れãŸCurve448_Key構造体を考慮ã™ã‚‹ã¨ã€ã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 キーãŒNULLã®å ´åˆã¯è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸéµæ§‹é€ ä½“ã®éµã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return Success 有効ã§åˆæœŸåŒ–ã•れãŸcurve448_key構造体ãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€éµã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’決定ã™ã‚‹curve448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int keySz; curve448_key key; - // initialize and make key + // éµã‚’åˆæœŸåŒ–ã—ã¦ä½œæˆ keySz = wc_curve448_size(&key); \endcode + \sa wc_curve448_init \sa wc_curve448_make_key */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/des3.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/des3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/des3.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/des3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,22 +1,28 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDES構造体ã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトル(IV)を設定ã—ã¾ã™ã€‚ã¾ãŸã€ã“れらãŒã¾ã åˆæœŸåŒ–ã•れã¦ã„ãªã„å ´åˆã¯ã€æš—å·åŒ–ã¨å¾©å·åŒ–ã«å¿…è¦ãªãƒãƒƒãƒ•ァーã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã—ã¦å‰²ã‚Šå½“ã¦ã¾ã™ã€‚注:IVãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆï¼ˆi.e.iv == nullï¼‰åˆæœŸåŒ–ベクトルã¯ã€ãƒ‡ãƒ•ォルトã®IV 0ã«ãªã‚Šã¾ã™ã€‚ - \return 0 DES構造体ã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã™ã‚‹ - \param des åˆæœŸåŒ–ã™ã‚‹DES構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key DESæ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param iv DESæ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆIVã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã€IVã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDes構造体ã®éµã¨åˆæœŸåŒ–ベクトル(iv)を設定ã—ã¾ã™ã€‚ã¾ãŸã€æš—å·åŒ–ã¨å¾©å·ã«å¿…è¦ãªãƒãƒƒãƒ•ã‚¡ãŒã¾ã åˆæœŸåŒ–ã•れã¦ã„ãªã„å ´åˆã€ãã‚Œã‚‰ã‚’åˆæœŸåŒ–ã—ã€ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã¾ã™ã€‚注æ„: ivãŒæä¾›ã•れãªã„å ´åˆ(ã¤ã¾ã‚Šiv == NULL)ã€åˆæœŸåŒ–ベクトルã¯ãƒ‡ãƒ•ォルトã§0ã®ivã«ãªã‚Šã¾ã™ã€‚ + + \return 0 Des構造体ã®éµã¨åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆ + + \param des åˆæœŸåŒ–ã™ã‚‹Des構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key Desæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv Desæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + \param dir æš—å·åŒ–ã®æ–¹å‘。有効ãªã‚ªãƒ—ションã¯: DES_ENCRYPTIONã¨DES_DECRYPTIONã§ã™ + _Example_ \code - Des enc; // Des structure used for encryption + Des enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes構造体 int ret; - byte key[] = { // initialize with 8 byte key }; - byte iv[] = { // initialize with 8 byte iv }; + byte key[] = { // 8ãƒã‚¤ãƒˆã®éµã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; ret = wc_Des_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret != 0) { - // error initializing des structure + // des構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_Des_SetIV \sa wc_Des3_SetKey */ @@ -25,40 +31,52 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDES構造体ã®åˆæœŸåŒ–ベクトル(IV)を設定ã—ã¾ã™ã€‚NULL IVを渡ã—ãŸã‚‰ã€åˆæœŸåŒ–ベクトルを0ã«è¨­å®šã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param des IVを設定ã™ã‚‹ãŸã‚ã®DES構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDes構造体ã®åˆæœŸåŒ–ベクトル(iv)を設定ã—ã¾ã™ã€‚NULLã®ivãŒæ¸¡ã•れãŸå ´åˆã€åˆæœŸåŒ–ベクトルを0ã«è¨­å®šã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param des ivを設定ã™ã‚‹Des構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv Desæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + _Example_ \code - Des enc; // Des structure used for encryption - // initialize enc with wc_Des_SetKey - byte iv[] = { // initialize with 8 byte iv }; + Des enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes構造体 + // wc_Des_SetKeyã§encã‚’åˆæœŸåŒ– + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; wc_Des_SetIV(&enc, iv); } \endcode + \sa wc_Des_SetKey */ void wc_Des_SetIV(Des* des, const byte* iv); /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹Des構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + _Example_ \code - Des enc; // Des structure used for encryption - // initialize enc with wc_Des_SetKey, use mode DES_ENCRYPTION + Des enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes構造体 + // wc_Des_SetKeyã§encã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_ENCRYPTIONを使用 - byte plain[] = { // initialize with message }; + byte plain[] = { // メッセージã§åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; if ( wc_Des_CbcEncrypt(&enc, cipher, plain, sizeof(plain)) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des_SetKey \sa wc_Des_CbcDecrypt */ @@ -67,23 +85,29 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›æš—å·æ–‡ã‚’復å·åŒ–ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸæš—å·æ–‡ã‚’正常ã«å¾©å·åŒ–ã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \param des 復å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›æš—å·æ–‡inを復å·ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ + + \return 0 指定ã•ã‚ŒãŸæš—å·æ–‡ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param des 復å·ã«ä½¿ç”¨ã™ã‚‹Des構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 復å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + _Example_ \code - Des dec; // Des structure used for decryption - // initialize dec with wc_Des_SetKey, use mode DES_DECRYPTION + Des dec; // 復å·ã«ä½¿ç”¨ã•れるDes構造体 + // wc_Des_SetKeyã§decã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_DECRYPTIONを使用 - byte cipher[] = { // initialize with ciphertext }; + byte cipher[] = { // æš—å·æ–‡ã§åˆæœŸåŒ– }; byte decoded[sizeof(cipher)]; if ( wc_Des_CbcDecrypt(&dec, decoded, cipher, sizeof(cipher)) != 0) { - // error decrypting message + // メッセージã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Des_SetKey \sa wc_Des_CbcEncrypt */ @@ -92,23 +116,29 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚é›»å­ã‚³ãƒ¼ãƒ‰ãƒ–ック(ECB)モードã§DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ - \return 0: 与ãˆã‚‰ã‚ŒãŸå¹³æ–‡ã‚’æ­£å¸¸ã«æš—å·åŒ–ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚é›»å­ã‚³ãƒ¼ãƒ‰ãƒ–ック(ECB)モードã®Desæš—å·åŒ–を使用ã—ã¾ã™ã€‚ + + \return 0: 指定ã•れãŸå¹³æ–‡ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹Des構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã®é•·ã• + _Example_ \code - Des enc; // Des structure used for encryption - // initialize enc with wc_Des_SetKey, use mode DES_ENCRYPTION + Des enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes構造体 + // wc_Des_SetKeyã§encã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_ENCRYPTIONを使用 - byte plain[] = { // initialize with message to encrypt }; + byte plain[] = { // æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; if ( wc_Des_EcbEncrypt(&enc,cipher, plain, sizeof(plain)) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des_SetKe */ int wc_Des_EcbEncrypt(Des* des, byte* out, @@ -116,23 +146,29 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚é›»å­ã‚³ãƒ¼ãƒ‰ãƒ–ック(ECB)モードã§DES3æš—å·åŒ–を使用ã—ã¾ã™ã€‚警告:ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã—ãªã„ã§ãã ã•ã„。 - \return 0 与ãˆã‚‰ã‚ŒãŸå¹³æ–‡ã‚’æ­£å¸¸ã«æš—å·åŒ–ã™ã‚‹ã¨è¿”ã•れã¾ã™ - \param des3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES3構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚é›»å­ã‚³ãƒ¼ãƒ‰ãƒ–ック(ECB)モードã®Des3æš—å·åŒ–を使用ã—ã¾ã™ã€‚警告: ã»ã¼ã™ã¹ã¦ã®ãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã§ã€ECBモードã¯å®‰å…¨æ€§ãŒä½Žã„ã¨è€ƒãˆã‚‰ã‚Œã¦ã„ã¾ã™ã€‚å¯èƒ½ãªé™ã‚ŠECB APIを直接使用ã™ã‚‹ã“ã¨ã¯é¿ã‘ã¦ãã ã•ã„。 + + \return 0 指定ã•れãŸå¹³æ–‡ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param des3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹Des3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹å¹³æ–‡ã®é•·ã• + _Example_ \code - Des3 enc; // Des3 structure used for encryption - // initialize enc with wc_Des3_SetKey, use mode DES_ENCRYPTION + Des3 enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes3構造体 + // wc_Des3_SetKeyã§encã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_ENCRYPTIONを使用 - byte plain[] = { // initialize with message to encrypt }; + byte plain[] = { // æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; if ( wc_Des3_EcbEncrypt(&enc,cipher, plain, sizeof(plain)) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des3_SetKey */ int wc_Des3_EcbEncrypt(Des3* des, byte* out, @@ -140,23 +176,29 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDES3構造ã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトル(IV)を設定ã—ã¾ã™ã€‚ã¾ãŸã€ã“れらãŒã¾ã åˆæœŸåŒ–ã•れã¦ã„ãªã„å ´åˆã¯ã€æš—å·åŒ–ã¨å¾©å·åŒ–ã«å¿…è¦ãªãƒãƒƒãƒ•ァーã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã—ã¦å‰²ã‚Šå½“ã¦ã¾ã™ã€‚注:IVãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆï¼ˆi.e.iv == nullï¼‰åˆæœŸåŒ–ベクトルã¯ã€ãƒ‡ãƒ•ォルトã®IV 0ã«ãªã‚Šã¾ã™ã€‚ - \return 0 DES構造体ã®ã‚­ãƒ¼ã¨åˆæœŸåŒ–ベクトルを正常ã«è¨­å®šã™ã‚‹ - \param des3 åˆæœŸåŒ–ã™ã‚‹DES3構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key DES3æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹24ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param iv DES3æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆIVã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã€IVã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDes3構造体ã®éµã¨åˆæœŸåŒ–ベクトル(iv)を設定ã—ã¾ã™ã€‚ã¾ãŸã€æš—å·åŒ–ã¨å¾©å·ã«å¿…è¦ãªãƒãƒƒãƒ•ã‚¡ãŒã¾ã åˆæœŸåŒ–ã•れã¦ã„ãªã„å ´åˆã€ãã‚Œã‚‰ã‚’åˆæœŸåŒ–ã—ã€ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã¾ã™ã€‚注æ„: ivãŒæä¾›ã•れãªã„å ´åˆ(ã¤ã¾ã‚Šiv == NULL)ã€åˆæœŸåŒ–ベクトルã¯ãƒ‡ãƒ•ォルトã§0ã®ivã«ãªã‚Šã¾ã™ã€‚ + + \return 0 Des構造体ã®éµã¨åˆæœŸåŒ–ベクトルã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆ + + \param des3 åˆæœŸåŒ–ã™ã‚‹Des3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key Des3æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®24ãƒã‚¤ãƒˆã®éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv Des3æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + \param dir æš—å·åŒ–ã®æ–¹å‘。有効ãªã‚ªãƒ—ションã¯: DES_ENCRYPTIONã¨DES_DECRYPTIONã§ã™ + _Example_ \code - Des3 enc; // Des3 structure used for encryption + Des3 enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes3構造体 int ret; - byte key[] = { // initialize with 24 byte key }; - byte iv[] = { // initialize with 8 byte iv }; + byte key[] = { // 24ãƒã‚¤ãƒˆã®éµã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret != 0) { - // error initializing des structure + // des構造体ã®åˆæœŸåŒ–エラー } \endcode + \sa wc_Des3_SetIV \sa wc_Des3_CbcEncrypt \sa wc_Des3_CbcDecrypt @@ -166,42 +208,54 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDES3構造ã®åˆæœŸåŒ–ベクトル(IV)を設定ã—ã¾ã™ã€‚NULL IVを渡ã—ãŸã‚‰ã€åˆæœŸåŒ–ベクトルを0ã«è¨­å®šã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param des IVを設定ã™ã‚‹ãŸã‚ã®DES3構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸDes3構造体ã®åˆæœŸåŒ–ベクトル(iv)を設定ã—ã¾ã™ã€‚NULLã®ivãŒæ¸¡ã•れãŸå ´åˆã€åˆæœŸåŒ–ベクトルを0ã«è¨­å®šã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param des ivを設定ã™ã‚‹Des3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv Des3æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã‚ŒãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + _Example_ \code - Des3 enc; // Des3 structure used for encryption - // initialize enc with wc_Des3_SetKey + Des3 enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes3構造体 + // wc_Des3_SetKeyã§encã‚’åˆæœŸåŒ– - byte iv[] = { // initialize with 8 byte iv }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; wc_Des3_SetIV(&enc, iv); } \endcode + \sa wc_Des3_SetKey */ int wc_Des3_SetIV(Des3* des, const byte* iv); /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§ãƒˆãƒªãƒ—ルDES(3DES)暗å·åŒ–を使用ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES3構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸inã‚’æš—å·åŒ–ã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®ãƒˆãƒªãƒ—ルDes(3DES)æš—å·åŒ–を使用ã—ã¾ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param des æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹Des3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + _Example_ \code - Des3 enc; // Des3 structure used for encryption - // initialize enc with wc_Des3_SetKey, use mode DES_ENCRYPTION + Des3 enc; // æš—å·åŒ–ã«ä½¿ç”¨ã•れるDes3構造体 + // wc_Des3_SetKeyã§encã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_ENCRYPTIONを使用 - byte plain[] = { // initialize with message }; + byte plain[] = { // メッセージã§åˆæœŸåŒ– }; byte cipher[sizeof(plain)]; if ( wc_Des3_CbcEncrypt(&enc, cipher, plain, sizeof(plain)) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des3_SetKey \sa wc_Des3_CbcDecrypt */ @@ -210,23 +264,29 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›æš—å·æ–‡ã‚’復å·åŒ–ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§ãƒˆãƒªãƒ—ルDES(3DES)暗å·åŒ–を使用ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸæš—å·æ–‡ã‚’正常ã«å¾©å·åŒ–ã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \param des 復å·åŒ–ã«ä½¿ç”¨ã™ã‚‹DES3構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 復å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›æš—å·æ–‡inを復å·ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®ãƒˆãƒªãƒ—ルDes(3DES)æš—å·åŒ–を使用ã—ã¾ã™ã€‚ + + \return 0 指定ã•ã‚ŒãŸæš—å·æ–‡ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param des 復å·ã«ä½¿ç”¨ã™ã‚‹Des3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 復å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + _Example_ \code - Des3 dec; // Des structure used for decryption - // initialize dec with wc_Des3_SetKey, use mode DES_DECRYPTION + Des3 dec; // 復å·ã«ä½¿ç”¨ã•れるDes構造体 + // wc_Des3_SetKeyã§decã‚’åˆæœŸåŒ–ã€ãƒ¢ãƒ¼ãƒ‰DES_DECRYPTIONを使用 - byte cipher[] = { // initialize with ciphertext }; + byte cipher[] = { // æš—å·æ–‡ã§åˆæœŸåŒ– }; byte decoded[sizeof(cipher)]; if ( wc_Des3_CbcDecrypt(&dec, decoded, cipher, sizeof(cipher)) != 0) { - // error decrypting message + // メッセージã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Des3_SetKey \sa wc_Des3_CbcEncrypt */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dh.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,18 @@ /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellman Exchangeプロトコルを使用ã—ã¦å®‰å…¨ãªç§˜å¯†éµã‚’交渉ã™ã‚‹ã®ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã®Diffie-Hellmanã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellmanéµäº¤æ›ãƒ—ロトコルã§å®‰å…¨ãªç§˜å¯†éµã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹Diffie-Hellmanéµã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param key 安全ãªéµäº¤æ›ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DhKey key; - wc_InitDhKey(&key); // initialize DH key + wc_InitDhKey(&key); // DHéµã‚’åˆæœŸåŒ– \endcode + \sa wc_FreeDhKey \sa wc_DhGenerateKeyPair */ @@ -14,33 +20,44 @@ /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellman Exchangeプロトコルを使用ã—ã¦å®‰å…¨ãªç§˜å¯†éµã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れãŸå¾Œã«Diffie-Hellmanキーを解放ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellmanéµäº¤æ›ãƒ—ロトコルã§å®‰å…¨ãªç§˜å¯†éµã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れãŸå¾Œã€Diffie-Hellmanéµã‚’解放ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param key 解放ã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DhKey key; - // initialize key, perform key exchange + // éµã‚’åˆæœŸåŒ–ã€éµäº¤æ›ã‚’実行 - wc_FreeDhKey(&key); // free DH key to avoid memory leaks + wc_FreeDhKey(&key); // メモリリークをé¿ã‘ã‚‹ãŸã‚ã«DHéµã‚’解放 \endcode + \sa wc_InitDhKey */ -void wc_FreeDhKey(DhKey* key); +int wc_FreeDhKey(DhKey* key); /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯diffie-hellmanパブリックパラメータã«åŸºã¥ã„ã¦ãƒ‘ブリック/秘密éµãƒšã‚¢ã‚’生æˆã—ã€PRIVSã®ç§˜å¯†éµã¨Pubã®å…¬é–‹éµã‚’æ ¼ç´ã—ã¾ã™ã€‚åˆæœŸåŒ–ã•れãŸDiffie-Hellmanキーã¨åˆæœŸåŒ–ã•れãŸRNG構造をå–りã¾ã™ã€‚ - \return BAD_FUNC_ARG ã“ã®é–¢æ•°ã¸ã®å…¥åŠ›ã®1ã¤ã‚’è§£æžã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return RNG_FAILURE_E RNGを使用ã—ã¦ä¹±æ•°ã‚’生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \return MP_INIT_E 公開éµã®ç”Ÿæˆä¸­ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E 公開éµã®ç”Ÿæˆä¸­ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E 公開éµã®ç”Ÿæˆä¸­ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E 公開éµã®ç”Ÿæˆä¸­ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param key キーペアを生æˆã™ã‚‹DHKEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param rng キーを生æˆã™ã‚‹ãŸã‚ã®åˆæœŸåŒ–ã•れãŸä¹±æ•°ç™ºç”Ÿå™¨ï¼ˆRNG)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param priv 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param privSz PRIVã«æ›¸ã‹ã‚ŒãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’ä¿å­˜ã—ã¾ã™ - \param pub 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellman公開パラメータã«åŸºã¥ã„ã¦å…¬é–‹/秘密éµãƒšã‚¢ã‚’生æˆã—ã€ç§˜å¯†éµã‚’privã«ã€å…¬é–‹éµã‚’pubã«æ ¼ç´ã—ã¾ã™ã€‚åˆæœŸåŒ–ã•れãŸDiffie-Hellmanéµã¨åˆæœŸåŒ–ã•れãŸrng構造体をå—ã‘å–りã¾ã™ã€‚ + + \return BAD_FUNC_ARG ã“ã®é–¢æ•°ã¸ã®å…¥åŠ›ã®1ã¤ã‚’è§£æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E rngを使用ã—ã¦ä¹±æ•°ã‚’生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 公開éµã‚’生æˆã™ã‚‹éš›ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 公開éµã‚’生æˆã™ã‚‹éš›ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 公開éµã‚’生æˆã™ã‚‹éš›ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 公開éµã‚’生æˆã™ã‚‹éš›ã«æ•°å­¦ãƒ©ã‚¤ãƒ–ラリã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key éµãƒšã‚¢ã‚’生æˆã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng éµã‚’生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸä¹±æ•°ç”Ÿæˆå™¨(rng)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param privSz privã«æ›¸ãè¾¼ã¾ã‚ŒãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã—ã¾ã™ + \param pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubSz pubã«æ›¸ãè¾¼ã¾ã‚ŒãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã—ã¾ã™ + _Example_ \code DhKey key; @@ -49,12 +66,13 @@ byte pub[256]; word32 privSz, pubSz; - wc_InitDhKey(&key); // initialize key - // Set DH parameters using wc_DhSetKey or wc_DhKeyDecode + wc_InitDhKey(&key); // éµã‚’åˆæœŸåŒ– + // wc_DhSetKeyã¾ãŸã¯wc_DhKeyDecodeを使用ã—ã¦DHパラメータを設定 WC_RNG rng; - wc_InitRng(&rng); // initialize rng + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– ret = wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, pub, &pubSz); \endcode + \sa wc_InitDhKey \sa wc_DhSetKey \sa wc_DhKeyDecode @@ -64,18 +82,23 @@ /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ­ãƒ¼ã‚«ãƒ«ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã«åŸºã¥ã„ã¦åˆæ„ã•れãŸç§˜å¯†éµã‚’生æˆã—ã¾ã™ã€‚交æ›ã®ä¸¡å´ã§å®Œäº†ã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯å¯¾ç§°é€šä¿¡ã®ãŸã‚ã®ç§˜å¯†éµã®åˆæ„を生æˆã—ã¾ã™ã€‚共有秘密éµã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€æ›¸ã‹ã‚ŒãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºã¯ä»²é–“ã«ä¿å­˜ã•れã¾ã™ã€‚ - \return 0 åˆæ„ã•れãŸç§˜å¯†éµã®ç”Ÿæˆã«æˆåŠŸã—ã¾ã—㟠- \return MP_INIT_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param key 共有キーを計算ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹DHKEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param agree 秘密キーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param agreeSz æˆåŠŸã—ãŸå¾Œã«ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã—ã¾ã™ - \param priv ローカル秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param privSz 地元ã®ç§˜å¯†éµã®ã‚µã‚¤ã‚º - \param otherPub å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ­ãƒ¼ã‚«ãƒ«ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã«åŸºã¥ã„ã¦åˆæ„ã•れãŸç§˜å¯†éµã‚’生æˆã—ã¾ã™ã€‚交æ›ã®ä¸¡å´ã§å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯å¯¾ç§°é€šä¿¡ç”¨ã®åˆæ„ã•れãŸç§˜å¯†éµã‚’生æˆã—ã¾ã™ã€‚共有秘密éµã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€æ›¸ãè¾¼ã¾ã‚ŒãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºãŒagreeSzã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 åˆæ„ã•れãŸç§˜å¯†éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 共有秘密éµã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 共有éµã‚’計算ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param agree 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param agreeSz ç”ŸæˆæˆåŠŸå¾Œã«ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã—ã¾ã™ + \param priv ローカル秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param privSz ローカル秘密éµã®ã‚µã‚¤ã‚º + \param otherPub å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubSz å—ä¿¡ã—ãŸå…¬é–‹éµã®ã‚µã‚¤ã‚º + _Example_ \code DhKey key; @@ -84,15 +107,16 @@ byte agree[256]; word32 agreeSz; - // initialize key, set key prime and base - // wc_DhGenerateKeyPair -- store private key in priv - byte pub[] = { // initialized with the received public key }; + // éµã‚’åˆæœŸåŒ–ã€éµç´ æ•°ã¨ãƒ™ãƒ¼ã‚¹ã‚’設定 + // wc_DhGenerateKeyPair -- 秘密éµã‚’privã«æ ¼ç´ + byte pub[] = { // å—ä¿¡ã—ãŸå…¬é–‹éµã§åˆæœŸåŒ– }; ret = wc_DhAgree(&key, agree, &agreeSz, priv, sizeof(priv), pub, sizeof(pub)); if ( ret != 0 ) { - // error generating shared key + // 共有éµç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DhGenerateKeyPair */ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, @@ -101,56 +125,68 @@ /*! \ingroup Diffie-Hellman - \brief ã“ã®æ©Ÿèƒ½ã¯ã€DERフォーマットã®ã‚­ãƒ¼ã‚’å«ã‚€ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Diffie-Hellmanキーをデコードã—ã¾ã™ã€‚çµæžœã‚’DHKEYæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 入力キーã®å¾©å·ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return ASN_PARSE_E 入力ã®ã‚·ãƒ¼ã‚±ãƒ³ã‚¹ã‚’è§£æžã—ãŸã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_DH_KEY_E è§£æžã•れãŸå…¥åŠ›ã‹ã‚‰ç§˜å¯†éµãƒ‘ラメータを読ã¿å–るエラーãŒã‚ã‚‹å ´åˆ - \param input derフォーマットã•れãŸdiffie-hellmanキーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx キーをデコードã—ã¦ã„ã‚‹é–“ã«è§£æžã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’ä¿å­˜ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key 入力キーã§åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®DHKEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€DERフォーマットã®éµã‚’å«ã‚€æŒ‡å®šã•れãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Diffie-Hellmanéµã‚’デコードã—ã¾ã™ã€‚çµæžœã‚’DhKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 入力ã®ã‚·ãƒ¼ã‚±ãƒ³ã‚¹ã‚’è§£æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_DH_KEY_E è§£æžã•れãŸå…¥åŠ›ã‹ã‚‰ç§˜å¯†éµãƒ‘ラメータを読ã¿å–ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param input DERフォーマットã®Diffie-Hellmanéµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx éµã‚’デコードã™ã‚‹éš›ã«è§£æžã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’æ ¼ç´ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key 入力éµã§åˆæœŸåŒ–ã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。読ã¿å–りå¯èƒ½ãªæœ€å¤§é•·ã‚’示ã—ã¾ã™ + _Example_ \code DhKey key; word32 idx = 0; byte keyBuff[1024]; - // initialize with DER formatted key + // DERフォーマットã®éµã§åˆæœŸåŒ– wc_DhKeyInit(&key); ret = wc_DhKeyDecode(keyBuff, &idx, &key, sizeof(keyBuff)); if ( ret != 0 ) { - // error decoding key + // éµã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DhSetKey */ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, - word32); + word32 inSz); /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ç§˜å¯†éµãƒ‘ラメータを使用ã—ã¦DHKEY構造体ã®ã‚­ãƒ¼ã‚’設定ã—ã¾ã™ã€‚WC_DHKEYDECODEã¨ã¯ç•°ãªã‚Šã€ã“ã®é–¢æ•°ã¯å…¥åŠ›ã‚­ãƒ¼ãŒDERフォーマットã§ãƒ•ォーマットã•れã€ä»£ã‚りã«PARSED入力パラメータP(Prime)ã¨G(Base)をå—ã‘入れる必è¦ã¯ã‚りã¾ã›ã‚“。 - \return 0 éµã®è¨­å®šã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E ストレージã®ã‚­ãƒ¼ãƒ‘ラメータã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_DH_KEY_E DHキーパラメータPãŠã‚ˆã³Gã§ã‚¨ãƒ©ãƒ¼ã®èª­ã¿å–りãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ - \param key キーを設定ã™ã‚‹DHKEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param p キーã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ—ライムをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pSz 入力プライムã®é•·ã• - \param g キーã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ™ãƒ¼ã‚¹ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ç§˜å¯†éµãƒ‘ラメータを使用ã—ã¦DhKey構造体ã®éµã‚’設定ã—ã¾ã™ã€‚wc_DhKeyDecodeã¨ã¯ç•°ãªã‚Šã€ã“ã®é–¢æ•°ã¯å…¥åŠ›éµãŒDERフォーマットã§ãƒ•ォーマットã•れã¦ã„ã‚‹å¿…è¦ã¯ãªãã€ä»£ã‚りã«å˜ç´”ã«è§£æžã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿p(ç´ æ•°)ã¨g(ベース)ã‚’å—ã‘入れã¾ã™ã€‚ + + \return 0 éµã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れる場åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E æ ¼ç´ç”¨ã®éµãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_DH_KEY_E DHéµãƒ‘ラメータpã¨gを読ã¿å–ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key éµã‚’設定ã™ã‚‹DhKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param p éµã§ä½¿ç”¨ã™ã‚‹ç´ æ•°ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pSz 入力素数ã®é•·ã• + \param g éµã§ä½¿ç”¨ã™ã‚‹ãƒ™ãƒ¼ã‚¹ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param gSz 入力ベースã®é•·ã• + _Example_ \code DhKey key; - byte p[] = { // initialize with prime }; - byte g[] = { // initialize with base }; + byte p[] = { // ç´ æ•°ã§åˆæœŸåŒ– }; + byte g[] = { // ベースã§åˆæœŸåŒ– }; wc_DhKeyInit(&key); ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g)); if ( ret != 0 ) { - // error setting key + // éµè¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DhKeyDecode */ int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, @@ -158,18 +194,23 @@ /*! \ingroup Diffie-Hellman - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Diffie-HellmanパラメータP(Prime)ã¨G(ベース)をフォーマットã•れã¦ã„ã¾ã™ã€‚ - \return 0 DHãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®æŠ½å‡ºã«æˆåŠŸã—ã¾ã—㟠- \return ASN_PARSE_E DERフォーマットã®DH証明書ã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E è§£æžã•れãŸãƒ‘ラメータを格ç´ã™ã‚‹ãŸã‚ã«Pã¾ãŸã¯Gã«ä¸é©åˆ‡ãªã‚¹ãƒšãƒ¼ã‚¹ãŒã‚ã‚‹å ´åˆ - \param input è§£æžã™ã‚‹DERフォーマットã•れãŸDifie-Hellman証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param p è§£æžã•れãŸãƒ—ライムをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pInOutSz Pãƒãƒƒãƒ•ァ内ã®ä½¿ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€Word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数呼ã³å‡ºã—を完了ã—ãŸå¾Œã«ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§ä¸Šæ›¸ãã•れã¾ã™ã€‚ - \param g è§£æžã•れãŸãƒ™ãƒ¼ã‚¹ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰DERフォーマットã®Diffie-Hellmanパラメータp(ç´ æ•°)ã¨g(ベース)をロードã—ã¾ã™ã€‚ + + \return 0 DHãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã®æŠ½å‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E DERフォーマットã®DH証明書を解æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E pã¾ãŸã¯gã«è§£æžã•れãŸãƒ‘ラメータを格ç´ã™ã‚‹å分ãªã‚¹ãƒšãƒ¼ã‚¹ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param input è§£æžã™ã‚‹DERフォーマットã®Diffie-Hellman証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param p è§£æžã•れãŸç´ æ•°ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pInOutSz pãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数呼ã³å‡ºã—ã®å®Œäº†å¾Œã€ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§ä¸Šæ›¸ãã•れã¾ã™ + \param g è§£æžã•れãŸãƒ™ãƒ¼ã‚¹ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param gInOutSz gãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚関数呼ã³å‡ºã—ã®å®Œäº†å¾Œã€ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§ä¸Šæ›¸ãã•れã¾ã™ + _Example_ \code - byte dhCert[] = { initialize with DER formatted certificate }; + byte dhCert[] = { DERフォーマットã®è¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– }; byte p[MAX_DH_SIZE]; byte g[MAX_DH_SIZE]; word32 pSz = MAX_DH_SIZE; @@ -177,9 +218,10 @@ ret = wc_DhParamsLoad(dhCert, sizeof(dhCert), p, &pSz, g, &gSz); if ( ret != 0 ) { - // error parsing inputs + // 入力ã®è§£æžã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DhSetKey \sa wc_DhKeyDecode */ @@ -188,6 +230,9 @@ /*! \ingroup Diffie-Hellman + + \brief ã“ã®é–¢æ•°ã¯...ã‚’è¿”ã—ã€HAVE_FFDHE_2048ãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \sa wc_Dh_ffdhe3072_Get \sa wc_Dh_ffdhe4096_Get \sa wc_Dh_ffdhe6144_Get @@ -197,6 +242,9 @@ /*! \ingroup Diffie-Hellman + + \brief ã“ã®é–¢æ•°ã¯...ã‚’è¿”ã—ã€HAVE_FFDHE_3072ãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe4096_Get \sa wc_Dh_ffdhe6144_Get @@ -206,6 +254,9 @@ /*! \ingroup Diffie-Hellman + + \brief ã“ã®é–¢æ•°ã¯...ã‚’è¿”ã—ã€HAVE_FFDHE_4096ãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get \sa wc_Dh_ffdhe6144_Get @@ -215,6 +266,9 @@ /*! \ingroup Diffie-Hellman + + \brief ã“ã®é–¢æ•°ã¯...ã‚’è¿”ã—ã€HAVE_FFDHE_6144ãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get \sa wc_Dh_ffdhe4096_Get @@ -224,6 +278,9 @@ /*! \ingroup Diffie-Hellman + + \brief ã“ã®é–¢æ•°ã¯...ã‚’è¿”ã—ã€HAVE_FFDHE_8192ãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \sa wc_Dh_ffdhe2048_Get \sa wc_Dh_ffdhe3072_Get \sa wc_Dh_ffdhe4096_Get @@ -233,49 +290,61 @@ /*! \ingroup Diffie-Hellman + + \brief FFCã®SP 800-56Ar3ã€ã‚»ã‚¯ã‚·ãƒ§ãƒ³5.6.2.1.4ã€ãƒ¡ã‚½ãƒƒãƒ‰(b)ã®ãƒ—ロセスã«å¾“ã£ã¦ã€DHéµã®ãƒšã‚¢ãƒ¯ã‚¤ã‚ºæ•´åˆæ€§ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ */ int wc_DhCheckKeyPair(DhKey* key, const byte* pub, word32 pubSz, const byte* priv, word32 privSz); /*! \ingroup Diffie-Hellman + + \brief ç„¡åŠ¹ãªæ•°å€¤ã«ã¤ã„ã¦DH秘密éµã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ */ int wc_DhCheckPrivKey(DhKey* key, const byte* priv, word32 pubSz); /*! + \ingroup Diffie-Hellman */ int wc_DhCheckPrivKey_ex(DhKey* key, const byte* priv, word32 pubSz, const byte* prime, word32 primeSz); /*! + \ingroup Diffie-Hellman */ int wc_DhCheckPubKey(DhKey* key, const byte* pub, word32 pubSz); /*! + \ingroup Diffie-Hellman */ int wc_DhCheckPubKey_ex(DhKey* key, const byte* pub, word32 pubSz, const byte* prime, word32 primeSz); /*! + \ingroup Diffie-Hellman */ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, byte* q, word32* qSz, byte* g, word32* gSz); /*! + \ingroup Diffie-Hellman */ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh); /*! + \ingroup Diffie-Hellman */ int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng); /*! + \ingroup Diffie-Hellman */ int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); /*! + \ingroup Diffie-Hellman */ int wc_FreeDhKey(DhKey* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_groups.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,244 +1,244 @@ /*! - \defgroup 3DES Algorithms - 3DES - \defgroup AES Algorithms - AES - \defgroup ARC4 Algorithms - ARC4 - \defgroup BLAKE2 Algorithms - BLAKE2 - \defgroup Camellia Algorithms - Camellia - \defgroup ChaCha Algorithms - ChaCha - \defgroup ChaCha20Poly1305 Algorithms - ChaCha20_Poly1305 -  \defgroup CMAC Algorithm - CMAC - \defgroup Crypto Callbacks - CryptoCb - \defgroup Curve25519 Algorithms - Curve25519 - \defgroup Curve448 Algorithms - Curve448 - \defgroup DSA Algorithms - DSA - \defgroup Diffie-Hellman Algorithms - Diffie-Hellman - \defgroup ECC Algorithms - ECC - \defgroup ED25519 Algorithms - ED25519 - \defgroup ED448 Algorithms - ED448 - \defgroup ECCSI_Overview Overview of ECCSI - ECCSI (Elliptic Curve-Based Certificateless Signatures for Identity-Based Encryption) is specified in RFC 6507 (https://tools.ietf.org/html/rfc6507). - - In Identity-Based cryptography, there is a Key Management Service that generates keys based on an identity for a client. - The private key (SSK) and public key (PVT) are delivered to the signer and the public key (PVT) only delivered to the verifier on request.\n\n - wolfCrypt offers the ability to: - -# Create KMS keys, - -# Generate signing key pairs, - -# Validate signing key pairs, - -# Sign messages and - -# Verify messages. + \defgroup 3DES アルゴリズム - 3DES + \defgroup AES アルゴリズム - AES + \defgroup ARC4 アルゴリズム - ARC4 + \defgroup BLAKE2 アルゴリズム - BLAKE2 + \defgroup Camellia アルゴリズム - Camellia + \defgroup ChaCha アルゴリズム - ChaCha + \defgroup ChaCha20Poly1305 アルゴリズム - ChaCha20_Poly1305 + \defgroup CMAC アルゴリズム - CMAC + \defgroup Crypto Callbacksコールãƒãƒƒã‚¯ - CryptoCb + \defgroup Curve25519 アルゴリズム - Curve25519 + \defgroup Curve448 アルゴリズム - Curve448 + \defgroup DSA アルゴリズム - DSA + \defgroup Diffie-Hellman アルゴリズム - Diffie-Hellman + \defgroup ECC アルゴリズム - ECC + \defgroup ED25519 アルゴリズム - ED25519 + \defgroup ED448 アルゴリズム - ED448 + \defgroup ECCSI_Overview ECC​​SIã®æ¦‚è¦ + ECCSI(楕円曲線ベースã®è¨¼æ˜Žæ›¸ãƒ¬ã‚¹ç½²åã«ã‚ˆã‚‹ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ãƒ™ãƒ¼ã‚¹æš—å·åŒ–)ã¯ã€RFC 6507(https://tools.ietf.org/html/rfc6507)ã§è¦å®šã•れã¦ã„ã¾ã™ã€‚ + + アイデンティティベース暗å·åŒ–ã§ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã«åŸºã¥ã„ã¦ã‚­ãƒ¼ã‚’生æˆã™ã‚‹éµç®¡ç†ã‚µãƒ¼ãƒ“スãŒã‚りã¾ã™ã€‚ + 秘密éµ(SSK)ã¨å…¬é–‹éµ(PVT)ã¯ç½²å者ã«é…ä¿¡ã•れã€å…¬é–‹éµ(PVT)ã®ã¿ãŒãƒªã‚¯ã‚¨ã‚¹ãƒˆã«å¿œã˜ã¦æ¤œè¨¼è€…ã«é…ä¿¡ã•れã¾ã™ã€‚\n\n + wolfCryptã¯æ¬¡ã®æ©Ÿèƒ½ã‚’æä¾›ã—ã¾ã™: + -# KMSéµã®ä½œæˆ + -# ç½²åéµãƒšã‚¢ã®ç”Ÿæˆ + -# ç½²åéµãƒšã‚¢ã®æ¤œè¨¼ + -# メッセージã®ç½²å + -# ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ KMS: - -# Initialize ECCSI Key: wc_InitEccsiKey() - -# Make and save or load ECCSI Key: - -# wc_MakeEccsiKey(), wc_ExportEccsiKey(), wc_ExportEccsiPublicKey() or + -# ECCSIéµã®åˆæœŸåŒ–: wc_InitEccsiKey() + -# ECCSIéµã®ä½œæˆã¨ä¿å­˜ã¾ãŸã¯ãƒ­ãƒ¼ãƒ‰: + -# wc_MakeEccsiKey(), wc_ExportEccsiKey(), wc_ExportEccsiPublicKey() ã¾ãŸã¯ -# wc_ImportEccsiKey() - -# Wait for request: - -# Receive signing ID from client. - -# Generate signing key pair from ID: wc_MakeEccsiPair() - -# Encode result: - -# For signer, signing key pair: wc_EncodeEccsiPair() - -# Send KPAK and result - -# Free ECCSI Key: wc_FreeEccsiKey() - - Client, signer: - -# Initialize ECCSI Key: wc_InitEccsiKey() - -# (When signing pair not cached) Request KPAK and signing pair from KMS - -# Send signing ID to KMS. - -# Receive signing key pair from KMS. - -# Load KMS Public Key: wc_ImportEccsiPublicKey() - -# Decode signing key pair: wc_DecodeEccsiPair() - -# Validate the key pair: wc_ValidateEccsiPair() - -# (If not done above) Load KMS Public Key: wc_ImportEccsiPublicKey() - -# (If not cached) Calculate hash of the ID and PVT: wc_HashEccsiId() - -# For each message: - -# Set Hash of Identity: wc_SetEccsiHash() - -# Sign message: wc_SignEccsiHash() - -# Send hash ID, message and signature to peer. - -# Free ECCSI Key: wc_FreeEccsiKey() - - Client, verifier: - -# Receive hash ID, message and signature from signer. - -# Request KPAK (if not cached) and PVT (if not cached) for hash ID from KMS. - -# Receive KPAK (if not cached) and PVT (if not cached) for hash ID from KMS. - -# Initialize ECCSI Key: wc_InitEccsiKey() - -# Load KMS Public Key: wc_ImportEccsiPublicKey() - -# Decode PVT: wc_DecodeEccsiPvtFromSig() - -# Calculate hash of the ID and PVT: wc_HashEccsiId() - -# Set ECCSI key pair: wc_SetEccsiPair() - -# Verify signature of message: wc_VerifyEccsiHash() - -# Free ECCSI Key: wc_FreeEccsiKey() - - \defgroup ECCSI_Setup Setup ECCSI Key - Operations for establinshing an ECCSI key. - - Initialize ECCSI Key before use (wc_InitEccsiKey()).\n - Initialize ECCSI Key before use (wc_InitEccsiKey_ex()) for use with a curve other than P256.\n - Either make a new key (wc_MakeEccsiKey()), import an existing key (wc_ImportEccsiKey()) or import existing private key (wc_ImportEccsiPrivateKey()) and public key (wc_ImportEccsiPublicKey()).\n - Export the key (wc_ExportEccsiKey()) after making a new key for future use.\n - Export the private key (wc_ExportEccsiPrivateKey()) after making a new key for future use.\n - Export the public key (wc_ExportEccsiPublicKey()) from KMS to pass to client.\n - Import the public key (wc_ImportEccsiPublicKey()) into client.\n - Free the ECCSI Key (wc_FreeEccsiKey()) when finished. - - \defgroup ECCSI_Operations Operations for Signing and Verifying with ECCSI Key - These operations are for signing and verifying with ECCSI keys. - - Make an ECCSI key pair (wc_MakeEccsiPair()) with the signer's ID for use when signing.\n - Validate the ECCSI key pair (wc_ValidateEccsiPair()) with the signer's ID.\n - Validate the ECCSI Public Validation Token (PVT) (wc_ValidateEccsiPvt()).\n - Encode the ECCSI key pair (wc_EncodeEccsiPair()) for transfer to client.\n - Encode the ECCSI SSK (wc_EncodeEccsiSsk()) for transfer to client.\n - Encode the ECCSI PVT (wc_EncodeEccsiPvt()) for transfer to verifier.\n - Decode the ECCSI key pair (wc_DecodeEccsiPair()) on client for signing.\n - Decode the ECCSI SSK (wc_DecodeEccsiSsk()) on client for signing.\n - Decode the ECCSI PVT (wc_DecodeEccsiPvt()) on client for signing.\n - Decode the ECCSI PVT from the signature (wc_DecodeEccsiPvtFromSig()) on client for verifying.\n - Calculate hash of the ID (wc_HashEccsiId()) for signing/verifying using ID and Public Validation Token (PVT).\n - Sign (wc_SignEccsiHash()) a message with the hash of the ID and the Secret Signing Key (SSK) and Public Validation Token (PVT).\n - Verify (wc_VerifyEccsiHash()) a message with the hash of the signer's ID. - - \defgroup SAKKE_Overview Overview of SAKKE Key - SAKKE (Sakai-Kasahara Key Encryption) is specified in RFC 6508 (https://tools.ietf.org/html/rfc6508). - - SAKKE is used to transfer a secret to a peer using Identity Based cryptography.\n - The Key Management Service (KMS) is responsible for issuing Receiver Secret %Keys (RSKs). - Data up to (2^hashlen)^hashlen bytes of data can be transferred.\n - The sender must know the identity of the receiver and the KMS Public Key.\n - The receiver must have obtained a Receiver Secret Key (RSK) for the identity from a KMS in order to derive the secret. + -# リクエストを待機: + -# クライアントã‹ã‚‰ç½²åIDã‚’å—ä¿¡ + -# IDã‹ã‚‰ç½²åéµãƒšã‚¢ã‚’生æˆ: wc_MakeEccsiPair() + -# çµæžœã‚’エンコード: + -# ç½²å者用ã«ç½²åéµãƒšã‚¢: wc_EncodeEccsiPair() + -# KPAKã¨çµæžœã‚’é€ä¿¡ + -# ECCSIéµã®è§£æ”¾: wc_FreeEccsiKey() + + クライアントã€ç½²å者: + -# ECCSIéµã®åˆæœŸåŒ–: wc_InitEccsiKey() + -# (ç½²åペアãŒã‚­ãƒ£ãƒƒã‚·ãƒ¥ã•れã¦ã„ãªã„å ´åˆ)KMSã«KPAKã¨ç½²åペアをリクエスト + -# KMSã«ç½²åIDã‚’é€ä¿¡ + -# KMSã‹ã‚‰ç½²åéµãƒšã‚¢ã‚’å—ä¿¡ + -# KMS公開éµã‚’ロード: wc_ImportEccsiPublicKey() + -# ç½²åéµãƒšã‚¢ã‚’デコード: wc_DecodeEccsiPair() + -# éµãƒšã‚¢ã‚’検証: wc_ValidateEccsiPair() + -# (上記ã§å®Ÿè¡Œã—ã¦ã„ãªã„å ´åˆ)KMS公開éµã‚’ロード: wc_ImportEccsiPublicKey() + -# (キャッシュã•れã¦ã„ãªã„å ´åˆ)IDã¨PVTã®ãƒãƒƒã‚·ãƒ¥ã‚’計算: wc_HashEccsiId() + -# å„メッセージã«å¯¾ã—ã¦: + -# アイデンティティã®ãƒãƒƒã‚·ãƒ¥ã‚’設定: wc_SetEccsiHash() + -# メッセージã«ç½²å: wc_SignEccsiHash() + -# ãƒãƒƒã‚·ãƒ¥IDã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€ç½²åをピアã«é€ä¿¡ + -# ECCSIéµã®è§£æ”¾: wc_FreeEccsiKey() + + ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã€æ¤œè¨¼è€…: + -# ç½²å者ã‹ã‚‰ãƒãƒƒã‚·ãƒ¥IDã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€ç½²åã‚’å—ä¿¡ + -# KMSã«KPAK(キャッシュã•れã¦ã„ãªã„å ´åˆ)ã¨ãƒãƒƒã‚·ãƒ¥IDã®PVT(キャッシュã•れã¦ã„ãªã„å ´åˆ)をリクエスト + -# KMSã‹ã‚‰KPAK(キャッシュã•れã¦ã„ãªã„å ´åˆ)ã¨ãƒãƒƒã‚·ãƒ¥IDã®PVT(キャッシュã•れã¦ã„ãªã„å ´åˆ)ã‚’å—ä¿¡ + -# ECCSIéµã®åˆæœŸåŒ–: wc_InitEccsiKey() + -# KMS公開éµã‚’ロード: wc_ImportEccsiPublicKey() + -# PVTをデコード: wc_DecodeEccsiPvtFromSig() + -# IDã¨PVTã®ãƒãƒƒã‚·ãƒ¥ã‚’計算: wc_HashEccsiId() + -# ECCSIéµãƒšã‚¢ã‚’設定: wc_SetEccsiPair() + -# メッセージã®ç½²åを検証: wc_VerifyEccsiHash() + -# ECCSIéµã®è§£æ”¾: wc_FreeEccsiKey() + + \defgroup ECCSI_Setup ECCSIéµã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ— + ECCSIéµã‚’確立ã™ã‚‹ãŸã‚ã®æ“作。 + + 使用å‰ã«ECCSIéµã‚’åˆæœŸåŒ–(wc_InitEccsiKey())。\n + P256ä»¥å¤–ã®æ›²ç·šã‚’使用ã™ã‚‹å ´åˆã¯ã€ä½¿ç”¨å‰ã«ECCSIéµã‚’åˆæœŸåŒ–(wc_InitEccsiKey_ex())。\n + æ–°ã—ã„éµã‚’作æˆ(wc_MakeEccsiKey())ã€æ—¢å­˜ã®éµã‚’インãƒãƒ¼ãƒˆ(wc_ImportEccsiKey())ã€ã¾ãŸã¯æ—¢å­˜ã®ç§˜å¯†éµ(wc_ImportEccsiPrivateKey())ã¨å…¬é–‹éµ(wc_ImportEccsiPublicKey())をインãƒãƒ¼ãƒˆã€‚\n + æ–°ã—ã„éµã‚’作æˆã—ãŸå¾Œã€å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportEccsiKey())。\n + æ–°ã—ã„éµã‚’作æˆã—ãŸå¾Œã€å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportEccsiPrivateKey())。\n + KMSã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«æ¸¡ã™ãŸã‚ã«å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportEccsiPublicKey())。\n + クライアントã«å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆ(wc_ImportEccsiPublicKey())。\n + 終了時ã«ECCSIéµã‚’解放(wc_FreeEccsiKey())。 + + \defgroup ECCSI_Operations ECCSIéµã§ã®ç½²åã¨æ¤œè¨¼ã®ãŸã‚ã®æ“作 + ã“れらã¯ã€ECCSIéµã‚’使用ã—ãŸç½²åã¨æ¤œè¨¼ã®ãŸã‚ã®æ“作ã§ã™ã€‚ + + ç½²åæ™‚ã«ä½¿ç”¨ã™ã‚‹ç½²å者ã®IDã§ECCSIéµãƒšã‚¢ã‚’作æˆ(wc_MakeEccsiPair())。\n + ç½²å者ã®IDã§ECCSIéµãƒšã‚¢ã‚’検証(wc_ValidateEccsiPair())。\n + ECCSI公開検証トークン(PVT)を検証(wc_ValidateEccsiPvt())。\n + クライアントã¸ã®è»¢é€ã®ãŸã‚ã«ECCSIéµãƒšã‚¢ã‚’エンコード(wc_EncodeEccsiPair())。\n + クライアントã¸ã®è»¢é€ã®ãŸã‚ã«ECCSI SSKをエンコード(wc_EncodeEccsiSsk())。\n + 検証者ã¸ã®è»¢é€ã®ãŸã‚ã«ECCSI PVTをエンコード(wc_EncodeEccsiPvt())。\n + ç½²åã®ãŸã‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ECCSIéµãƒšã‚¢ã‚’デコード(wc_DecodeEccsiPair())。\n + ç½²åã®ãŸã‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ECCSI SSKをデコード(wc_DecodeEccsiSsk())。\n + ç½²åã®ãŸã‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ECCSI PVTをデコード(wc_DecodeEccsiPvt())。\n + 検証ã®ãŸã‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ç½²åã‹ã‚‰ECCSI PVTをデコード(wc_DecodeEccsiPvtFromSig())。\n + IDã¨å…¬é–‹æ¤œè¨¼ãƒˆãƒ¼ã‚¯ãƒ³(PVT)を使用ã—ãŸç½²å/検証ã®ãŸã‚ã«IDã®ãƒãƒƒã‚·ãƒ¥ã‚’計算(wc_HashEccsiId())。\n + IDã®ãƒãƒƒã‚·ãƒ¥ã¨ç§˜å¯†ç½²åéµ(SSK)ãŠã‚ˆã³å…¬é–‹æ¤œè¨¼ãƒˆãƒ¼ã‚¯ãƒ³(PVT)ã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²å(wc_SignEccsiHash())。\n + ç½²å者ã®IDã®ãƒãƒƒã‚·ãƒ¥ã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’検証(wc_VerifyEccsiHash())。 + + \defgroup SAKKE_Overview SAKKEéµã®æ¦‚è¦ + SAKKE(酒井-ç¬ åŽŸéµæš—å·åŒ–)ã¯ã€RFC 6508(https://tools.ietf.org/html/rfc6508)ã§è¦å®šã•れã¦ã„ã¾ã™ã€‚ + + SAKKEã¯ã€ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ãƒ™ãƒ¼ã‚¹æš—å·åŒ–を使用ã—ã¦ãƒ”ã‚¢ã«ç§˜å¯†ã‚’転é€ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚\n + éµç®¡ç†ã‚µãƒ¼ãƒ“ス(KMS)ã¯ã€å—信者秘密%éµ(RSK)ã®ç™ºè¡Œã‚’担当ã—ã¾ã™ã€‚ + 最大(2^hashlen)^hashlenãƒã‚¤ãƒˆã®ãƒ‡ãƒ¼ã‚¿ã‚’転é€ã§ãã¾ã™ã€‚\n + é€ä¿¡è€…ã¯å—信者ã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã¨KMS公開éµã‚’知ã£ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚\n + å—信者ã¯ã€ç§˜å¯†ã‚’導出ã™ã‚‹ãŸã‚ã«ã€KMSã‹ã‚‰ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã®å—信者秘密éµ(RSK)ã‚’å–å¾—ã—ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ KMS: - -# Initialize SAKKE Key: wc_InitSakkeKey() - -# Make and save or load SAKKE Key: - -# wc_MakeSakkeKey(), wc_ExportSakkeKey(), wc_ExportSakkePublicKey() or + -# SAKKEéµã®åˆæœŸåŒ–: wc_InitSakkeKey() + -# SAKKEéµã®ä½œæˆã¨ä¿å­˜ã¾ãŸã¯ãƒ­ãƒ¼ãƒ‰: + -# wc_MakeSakkeKey(), wc_ExportSakkeKey(), wc_ExportSakkePublicKey() ã¾ãŸã¯ -# wc_ImportSakkeKey() - -# Wait for request: - -# Make an RSK base on ID for the client: wc_MakeSakkeRsk() - -# Encode RSK for transfer to client: wc_EncodeSakkeRsk() - -# Free SAKKE Key: wc_FreeSakkeKey() - - Key Exchange, Peer A: - -# Initialize SAKKE Key: wc_InitSakkeKey() - -# Load KMS Public Key: wc_ImportSakkePublicKey() - -# Generate a random SSV: wc_GenerateSakkeSSV() - -# Set the identity of Peer B: wc_SetSakkeIdentity() - -# Make an encapsulated SSV and auth data: wc_MakeSakkeEncapsulatedSSV() - -# Send encapsulated data to Peer B - -# Free SAKKE Key: wc_FreeSakkeKey() - - Key Exchange, Peer B: - -# Receive encapsulated data. - -# Initialize SAKKE Key: wc_InitSakkeKey() - -# Load KMS Public Key: wc_ImportSakkePublicKey() - -# Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk() - -# [Optional] Validate RSK before first use: wc_ValidateSakkeRsk() - -# Set the identity: wc_SetSakkeIdentity() - -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk() - -# Derive SSV with auth data: wc_DeriveSakkeSSV() - -# Free SAKKE Key: wc_FreeSakkeKey() - - Transfer secret, Peer A: - -# Initialize SAKKE Key: wc_InitSakkeKey() - -# Load KMS Public Key: wc_ImportSakkePublicKey() - -# Set the identity of Peer B: wc_SetSakkeIdentity() - -# Make an encapsulation of the SSV and auth data: wc_MakeSakkeEncapsulatedSSV() - -# Send encapsulated data to Peer B - -# Free SAKKE Key: wc_FreeSakkeKey() - - Transfer secret, Peer B: - -# Initialize SAKKE Key: wc_InitSakkeKey() - -# Load KMS Public Key: wc_ImportSakkePublicKey() - -# Decode RSK transferred from KMS or stored locally: wc_DecodeSakkeRsk() - -# [Optional] Validate RSK before first use: wc_ValidateSakkeRsk() - -# Receive encapsulated data. - -# Set the identity: wc_SetSakkeIdentity() - -# Set the RSK and, optionally precomputation table: wc_SetSakkeRsk() - -# Derive SSV and auth data: wc_DeriveSakkeSSV() - -# Free SAKKE Key: wc_FreeSakkeKey() - - \defgroup SAKKE_Setup Setup SAKKE Key - Operations for establishing a SAKKE key. - - Initialization SAKKE Key before use (wc_InitSakkeKey() or wc_InitSakkeKey_ex()).\n - Either make a new key (wc_MakeSakkeKey()) or import an existing key (wc_ImportSakkeKey()).\n - Export the key (wc_ExportSakkeKey()) after making a new key for future use.\n - If only the private part of the KMS SAKKE Key is available, make the public key (wc_MakeSakkePublicKey()).\n - Export the private key (wc_ExportSakkePrivateKey()) from KMS from storage.\n - Import the private key (wc_ImportSakkePrivateKey()) into KMS from storage.\n - Export the public key (wc_ExportSakkePublicKey()) from KMS to pass to client.\n - Import the public key (wc_ImportSakkePublicKey()) into client.\n - Set the identity to use (wc_SetSakkeIdentity()) into client.\n - Free the SAKKE Key (wc_FreeSakkeKey()) when finished. - - \defgroup SAKKE_RSK Operations on/with SAKKE RSK - These operations make, validate, encode and decode a Receiver Secret Key (RSK). - - An RSK is required to derive an SSV (see wc_DeriveSakkeSSV()).\n - On the KMS, make an RSK (wc_MakeSakkeRsk()) from the client's ID.\n - On the client, validate the RSK (wc_ValidateSakkeRsk()) with the ID.\n - Encode the RSK (wc_EncodeSakkeRsk()) to pass to client or for storage.\n - Decode the RSK (wc_DecodeSakkeRsk()) on the client when needed.\n - Import the RSK (wc_ImportSakkeRsk()) on the client when needed.\n - Set the RSK and, optionally, a pre-computation table (wc_SetSakkeRsk()) on the client when needed. - - \defgroup SAKKE_Operations Operations using SAKKE Key - These operations transfer a Shared Secret Value (SSV) from one client to another. The SSV may be randomly generated. - - Calculate the size of the authentication data (wc_GetSakkeAuthSize()) to determine where the SSV starts in a buffer.\n - Make the intermediate point I (wc_MakeSakkePointI()) to speed making an encapsulated and deriving SSV.\n - Get intermediate point I (wc_GetSakkePointI()) for storage.\n - Set intermediate point I (wc_SetSakkePointI()) from storage.\n - Generate a pre-computation table for intermediate point I (wc_GenerateSakkePointITable()) to further enhance performance. Store as necessary.\n - Set the pre-computation table for intermediate point I (wc_SetSakkePointITable()) to further enhance performance.\n - Clear the pre-computation table for intermediate point I (wc_ClearSakkePointITable()) to remove reference to external table pointer.\n - Make an encapsulated SSV (wc_MakeSakkeEncapsulatedSSV()) to share with another client. Data in SSV is modified.\n - Generate a random SSV (wc_GenerateSakkeSSV()) for key exchange.\n - Derive the SSV, (wc_DeriveSakkeSSV()) on the recipient from the encapsulated SSV. - - \defgroup HMAC Algorithms - HMAC - \defgroup MD2 Algorithms - MD2 - \defgroup MD4 Algorithms - MD4 - \defgroup MD5 Algorithms - MD5 - \defgroup PKCS7 Algorithms - PKCS7 - \defgroup PKCS11 Algorithms - PKCS11 - \defgroup Password Algorithms - Password Based - \defgroup Poly1305 Algorithms - Poly1305 - \defgroup RIPEMD Algorithms - RIPEMD - \defgroup RSA Algorithms - RSA - \defgroup SHA Algorithms - SHA 128/224/256/384/512 - \defgroup SipHash Algorithm - SipHash - \defgroup SRP Algorithms - SRP + -# リクエストを待機: + -# クライアントã®IDã«åŸºã¥ã„ã¦RSKを作æˆ: wc_MakeSakkeRsk() + -# クライアントã¸ã®è»¢é€ã®ãŸã‚ã«RSKをエンコード: wc_EncodeSakkeRsk() + -# SAKKEéµã®è§£æ”¾: wc_FreeSakkeKey() + + éµäº¤æ›ã€ãƒ”ã‚¢A: + -# SAKKEéµã®åˆæœŸåŒ–: wc_InitSakkeKey() + -# KMS公開éµã‚’ロード: wc_ImportSakkePublicKey() + -# ランダムãªSSVを生æˆ: wc_GenerateSakkeSSV() + -# ピアBã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’設定: wc_SetSakkeIdentity() + -# カプセル化ã•れãŸSSVã¨èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’作æˆ: wc_MakeSakkeEncapsulatedSSV() + -# カプセル化ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’ピアBã«é€ä¿¡ + -# SAKKEéµã®è§£æ”¾: wc_FreeSakkeKey() + + éµäº¤æ›ã€ãƒ”ã‚¢B: + -# カプセル化ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ + -# SAKKEéµã®åˆæœŸåŒ–: wc_InitSakkeKey() + -# KMS公開éµã‚’ロード: wc_ImportSakkePublicKey() + -# KMSã‹ã‚‰è»¢é€ã•れãŸã¾ãŸã¯ãƒ­ãƒ¼ã‚«ãƒ«ã«ä¿å­˜ã•れãŸRSKをデコード: wc_DecodeSakkeRsk() + -# [オプション]最åˆã®ä½¿ç”¨å‰ã«RSKを検証: wc_ValidateSakkeRsk() + -# アイデンティティを設定: wc_SetSakkeIdentity() + -# RSKã¨ã€ã‚ªãƒ—ションã§äº‹å‰è¨ˆç®—テーブルを設定: wc_SetSakkeRsk() + -# èªè¨¼ãƒ‡ãƒ¼ã‚¿ã§SSVを導出: wc_DeriveSakkeSSV() + -# SAKKEéµã®è§£æ”¾: wc_FreeSakkeKey() + + 秘密ã®è»¢é€ã€ãƒ”ã‚¢A: + -# SAKKEéµã®åˆæœŸåŒ–: wc_InitSakkeKey() + -# KMS公開éµã‚’ロード: wc_ImportSakkePublicKey() + -# ピアBã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’設定: wc_SetSakkeIdentity() + -# SSVã¨èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚«ãƒ—セル化を作æˆ: wc_MakeSakkeEncapsulatedSSV() + -# カプセル化ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’ピアBã«é€ä¿¡ + -# SAKKEéµã®è§£æ”¾: wc_FreeSakkeKey() + + 秘密ã®è»¢é€ã€ãƒ”ã‚¢B: + -# SAKKEéµã®åˆæœŸåŒ–: wc_InitSakkeKey() + -# KMS公開éµã‚’ロード: wc_ImportSakkePublicKey() + -# KMSã‹ã‚‰è»¢é€ã•れãŸã¾ãŸã¯ãƒ­ãƒ¼ã‚«ãƒ«ã«ä¿å­˜ã•れãŸRSKをデコード: wc_DecodeSakkeRsk() + -# [オプション]最åˆã®ä½¿ç”¨å‰ã«RSKを検証: wc_ValidateSakkeRsk() + -# カプセル化ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ + -# アイデンティティを設定: wc_SetSakkeIdentity() + -# RSKã¨ã€ã‚ªãƒ—ションã§äº‹å‰è¨ˆç®—テーブルを設定: wc_SetSakkeRsk() + -# SSVã¨èªè¨¼ãƒ‡ãƒ¼ã‚¿ã‚’導出: wc_DeriveSakkeSSV() + -# SAKKEéµã®è§£æ”¾: wc_FreeSakkeKey() + + \defgroup SAKKE_Setup SAKKEéµã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ— + SAKKEéµã‚’確立ã™ã‚‹ãŸã‚ã®æ“作。 + + 使用å‰ã«SAKKEéµã‚’åˆæœŸåŒ–(wc_InitSakkeKey()ã¾ãŸã¯wc_InitSakkeKey_ex())。\n + æ–°ã—ã„éµã‚’作æˆ(wc_MakeSakkeKey())ã¾ãŸã¯æ—¢å­˜ã®éµã‚’インãƒãƒ¼ãƒˆ(wc_ImportSakkeKey())。\n + æ–°ã—ã„éµã‚’作æˆã—ãŸå¾Œã€å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportSakkeKey())。\n + KMS SAKKEéµã®ç§˜å¯†éƒ¨åˆ†ã®ã¿ãŒåˆ©ç”¨å¯èƒ½ãªå ´åˆã€å…¬é–‹éµã‚’作æˆ(wc_MakeSakkePublicKey())。\n + ストレージã‹ã‚‰KMSã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportSakkePrivateKey())。\n + ストレージã‹ã‚‰KMSã«ç§˜å¯†éµã‚’インãƒãƒ¼ãƒˆ(wc_ImportSakkePrivateKey())。\n + KMSã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«æ¸¡ã™ãŸã‚ã«å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆ(wc_ExportSakkePublicKey())。\n + クライアントã«å…¬é–‹éµã‚’インãƒãƒ¼ãƒˆ(wc_ImportSakkePublicKey())。\n + クライアントã«ä½¿ç”¨ã™ã‚‹ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã‚’設定(wc_SetSakkeIdentity())。\n + 終了時ã«SAKKEéµã‚’解放(wc_FreeSakkeKey())。 + + \defgroup SAKKE_RSK SAKKE RSKã«é–¢ã™ã‚‹/を使用ã—ãŸæ“作 + ã“ã‚Œã‚‰ã®æ“作ã¯ã€å—信者秘密éµ(RSK)を作æˆã€æ¤œè¨¼ã€ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã€ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + RSKã¯ã€SSVを導出ã™ã‚‹ãŸã‚ã«å¿…è¦ã§ã™(wc_DeriveSakkeSSV()ã‚’å‚ç…§)。\n + KMSã§ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®IDã‹ã‚‰RSKを作æˆ(wc_MakeSakkeRsk())。\n + クライアントã§ã€IDã§RSKを検証(wc_ValidateSakkeRsk())。\n + クライアントã¸ã®è»¢é€ã¾ãŸã¯ã‚¹ãƒˆãƒ¬ãƒ¼ã‚¸ã®ãŸã‚ã«RSKをエンコード(wc_EncodeSakkeRsk())。\n + å¿…è¦ã«å¿œã˜ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§RSKをデコード(wc_DecodeSakkeRsk())。\n + å¿…è¦ã«å¿œã˜ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§RSKをインãƒãƒ¼ãƒˆ(wc_ImportSakkeRsk())。\n + å¿…è¦ã«å¿œã˜ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§RSKã¨ã€ã‚ªãƒ—ションã§äº‹å‰è¨ˆç®—テーブルを設定(wc_SetSakkeRsk())。 + + \defgroup SAKKE_Operations SAKKEéµã‚’使用ã—ãŸæ“作 + ã“ã‚Œã‚‰ã®æ“作ã¯ã€å…±æœ‰ç§˜å¯†å€¤(SSV)ã‚’1ã¤ã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰åˆ¥ã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è»¢é€ã—ã¾ã™ã€‚SSVã¯ãƒ©ãƒ³ãƒ€ãƒ ã«ç”Ÿæˆã§ãã¾ã™ã€‚ + + èªè¨¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚ºã‚’計算(wc_GetSakkeAuthSize())ã—ã¦ã€ãƒãƒƒãƒ•ァ内ã®SSVã®é–‹å§‹ä½ç½®ã‚’決定。\n + 中間点Iを作æˆ(wc_MakeSakkePointI())ã—ã¦ã€ã‚«ãƒ—セル化ã®ä½œæˆã¨SSVã®å°Žå‡ºã‚’高速化。\n + ストレージã®ãŸã‚ã«ä¸­é–“点Iã‚’å–å¾—(wc_GetSakkePointI())。\n + ストレージã‹ã‚‰ä¸­é–“点Iを設定(wc_SetSakkePointI())。\n + 中間点Iã®äº‹å‰è¨ˆç®—テーブルを生æˆ(wc_GenerateSakkePointITable())ã—ã¦ãƒ‘フォーマンスをã•らã«å‘上。必è¦ã«å¿œã˜ã¦ä¿å­˜ã€‚\n + 中間点Iã®äº‹å‰è¨ˆç®—テーブルを設定(wc_SetSakkePointITable())ã—ã¦ãƒ‘フォーマンスをã•らã«å‘上。\n + 中間点Iã®äº‹å‰è¨ˆç®—テーブルをクリア(wc_ClearSakkePointITable())ã—ã¦å¤–部テーブルãƒã‚¤ãƒ³ã‚¿ã¸ã®å‚照を削除。\n + 別ã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¨å…±æœ‰ã™ã‚‹ãŸã‚ã«ã‚«ãƒ—セル化ã•れãŸSSVを作æˆ(wc_MakeSakkeEncapsulatedSSV())。SSV内ã®ãƒ‡ãƒ¼ã‚¿ãŒå¤‰æ›´ã•れã¾ã™ã€‚\n + éµäº¤æ›ã®ãŸã‚ã«ãƒ©ãƒ³ãƒ€ãƒ ãªSSVを生æˆ(wc_GenerateSakkeSSV())。\n + カプセル化ã•れãŸSSVã‹ã‚‰å—信者ã§SSVを導出(wc_DeriveSakkeSSV())。 + + \defgroup HMAC アルゴリズム - HMAC + \defgroup MD2 アルゴリズム - MD2 + \defgroup MD4 アルゴリズム - MD4 + \defgroup MD5 アルゴリズム - MD5 + \defgroup PKCS7 アルゴリズム - PKCS7 + \defgroup PKCS11 アルゴリズム - PKCS11 + \defgroup Password アルゴリズム - パスワードベース + \defgroup Poly1305 アルゴリズム - Poly1305 + \defgroup RIPEMD アルゴリズム - RIPEMD + \defgroup RSA アルゴリズム - RSA + \defgroup SHA アルゴリズム - SHA 128/224/256/384/512 + \defgroup SipHash アルゴリズム - SipHash + \defgroup SrtpKdf アルゴリズム - SRTP KDF + \defgroup SRP アルゴリズム - SRP \defgroup ASN ASN.1 - \defgroup Base_Encoding Base Encoding - \defgroup CertManager CertManager API - \defgroup Compression Compression - \defgroup Error Error Reporting - \defgroup IoTSafe IoT-Safe Module - IoT-Safe (IoT-SIM Applet For Secure End-2-End Communication) is a technology that leverage the SIM as robust, - scalable and standardized hardware Root of Trust to protect data communication. - - IoT-Safe SSL sessions use the SIM as Hardware Security Module, offloading all the crypto public - key operations and reducing the attack surface by restricting access to certificate and keys - to the SIM. - - IoT-Safe support can be enabled on an existing WOLFSSL_CTX context, using wolfSSL_CTX_iotsafe_enable().\n - Session created within the context can set the parameters for IoT-Safe key and files usage, and enable - the public keys callback, with wolfSSL_iotsafe_on(). - - If compiled in, the module supports IoT-Safe random number generator as source of entropy for wolfCrypt. - - \defgroup PSA Platform Security Architecture (PSA) API - \defgroup Keys Key and Cert Conversion - \defgroup Logging Logging - \defgroup Math Math API - \defgroup Memory Memory Handling - \defgroup Random Random Number Generation - \defgroup Signature Signature API + \defgroup Base_Encoding ベースエンコーディング + \defgroup CertManager 証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼API + \defgroup Compression 圧縮 + \defgroup Error エラー報告 + \defgroup IoTSafe IoT-Safeモジュール + IoT-Safe(IoT-SIM Applet For Secure End-2-End Communication)ã¯ã€SIMを堅牢㧠+ スケーラブルã‹ã¤æ¨™æº–化ã•れãŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢Root of Trustã¨ã—ã¦æ´»ç”¨ã—ã€ãƒ‡ãƒ¼ã‚¿é€šä¿¡ã‚’ä¿è­·ã™ã‚‹æŠ€è¡“ã§ã™ã€‚ + + IoT-Safe SSLセッションã¯ã€SIMã‚’ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã¨ã—ã¦ä½¿ç”¨ã—ã€ã™ã¹ã¦ã®æš—å·å…¬é–‹ + 鵿“作をオフロードã—ã€è¨¼æ˜Žæ›¸ã¨éµã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’SIMã«åˆ¶é™ã™ã‚‹ã“ã¨ã§æ”»æ’ƒå¯¾è±¡é ˜åŸŸã‚’削減ã—ã¾ã™ã€‚ + + IoT-Safeサãƒãƒ¼ãƒˆã¯ã€wolfSSL_CTX_iotsafe_enable()を使用ã—ã¦æ—¢å­˜ã®WOLFSSL_CTXã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§æœ‰åйã«ã§ãã¾ã™ã€‚\n + コンテキスト内ã§ä½œæˆã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã¯ã€IoT-Safeéµã¨ãƒ•ァイル使用ã®ãƒ‘ラメータを設定ã—〠+ wolfSSL_iotsafe_on()ã§å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’有効ã«ã§ãã¾ã™ã€‚ + + コンパイルã•れã¦ã„ã‚‹å ´åˆã€ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã¯wolfCryptã®ã‚¨ãƒ³ãƒˆãƒ­ãƒ”ーソースã¨ã—ã¦IoT-Safe乱数生æˆå™¨ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \defgroup PSA プラットフォームセキュリティアーキテクãƒãƒ£(PSA)API + \defgroup Keys éµã¨è¨¼æ˜Žæ›¸ã®å¤‰æ› + \defgroup Logging ロギング + \defgroup Math 整数演算API + \defgroup Memory ãƒ¡ãƒ¢ãƒªå‡¦ç† + \defgroup Random ä¹±æ•°ç”Ÿæˆ + \defgroup Signature ç½²åAPI \defgroup openSSL OpenSSL API - \defgroup wolfCrypt wolfCrypt Init and Cleanup - \defgroup TLS wolfSSL Initialization/Shutdown - \defgroup CertsKeys wolfSSL Certificates and Keys - \defgroup Setup wolfSSL Context and Session Set Up - \defgroup IO wolfSSL Connection, Session, and I/O - \defgroup Debug wolfSSL Error Handling and Reporting + \defgroup wolfCrypt wolfCryptã®åˆæœŸåŒ–ã¨ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ— + \defgroup TLS wolfSSLã®åˆæœŸåŒ–/シャットダウン + \defgroup CertsKeys wolfSSL証明書ã¨éµ + \defgroup Setup wolfSSLコンテキストã¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ— + \defgroup IO wolfSSL接続ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã€I/O + \defgroup Debug wolfSSLエラー処ç†ã¨å ±å‘Š */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/doxygen_pages.h 2026-05-24 09:58:33.000000000 +0000 @@ -73,4 +73,3 @@ - \ref SAKKE_RSK - \ref SAKKE_Operations */ - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dsa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,66 +1,84 @@ /*! \ingroup DSA - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ã‚¸ã‚¿ãƒ«ç½²åアルゴリズム(DSA)を介ã—ãŸèªè¨¼ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã«DSAKEYã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG NULLã‚­ãƒ¼ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ã‚¸ã‚¿ãƒ«ç½²åアルゴリズム(DSA)ã«ã‚ˆã‚‹èªè¨¼ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã€DsaKeyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG NULLã‚­ãƒ¼ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key åˆæœŸåŒ–ã™ã‚‹DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DsaKey key; int ret; - ret = wc_InitDsaKey(&key); // initialize DSA key + ret = wc_InitDsaKey(&key); // DSAéµã‚’åˆæœŸåŒ– \endcode + \sa wc_FreeDsaKey */ int wc_InitDsaKey(DsaKey* key); /*! \ingroup DSA - \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨ã•れãŸå¾Œã«dsakeyオブジェクトを解放ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«DsaKeyオブジェクトを解放ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param key 解放ã™ã‚‹DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DsaKey key; - // initialize key, use for authentication + // éµã‚’åˆæœŸåŒ–ã€èªè¨¼ã«ä½¿ç”¨ ... - wc_FreeDsaKey(&key); // free DSA key + wc_FreeDsaKey(&key); // DSAéµã‚’解放 \endcode + \sa wc_FreeDsaKey */ void wc_FreeDsaKey(DsaKey* key); /*! \ingroup DSA - \brief ã“ã®æ©Ÿèƒ½ã¯å…¥åŠ›ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 å…¥åŠ›ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«ç½²åã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return MP_INIT_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param digest ç½²åã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out ç½²åã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key ç½²åを生æˆã™ã‚‹ãŸã‚ã®åˆæœŸåŒ–ã•れãŸDsakey構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã€çµæžœã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力ダイジェストã¸ã®ç½²åã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param digest ç½²åã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out ç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸDsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng ç½²å生æˆã§ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸRNGã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DsaKey key; - // initialize DSA key, load private Key + // DSAéµã‚’åˆæœŸåŒ–ã€ç§˜å¯†éµã‚’ロード int ret; WC_RNG rng; wc_InitRng(&rng); - byte hash[] = { // initialize with hash digest }; - byte signature[40]; // signature will be 40 bytes (320 bits) + byte hash[] = { // ãƒãƒƒã‚·ãƒ¥ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã§åˆæœŸåŒ– }; + byte signature[40]; // ç½²åã¯40ãƒã‚¤ãƒˆ(320ビット)ã«ãªã‚Šã¾ã™ ret = wc_DsaSign(hash, signature, &key, &rng); if (ret != 0) { - // error generating DSA signature + // DSAç½²å生æˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_DsaVerify */ int wc_DsaSign(const byte* digest, byte* out, @@ -68,38 +86,44 @@ /*! \ingroup DSA - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‚’考ãˆã‚‹ã¨ã€ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®ç½²åを検証ã—ã¾ã™ã€‚回答パラメータã§ã‚­ãƒ¼ãŒæ­£ã—ãæ¤œè¨¼ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã€æ­£å¸¸ãªæ¤œè¨¼ã«å¯¾å¿œã™ã‚‹1ã€ãŠã‚ˆã³å¤±æ•—ã—ãŸæ¤œè¨¼ã«å¯¾å¿œã™ã‚‹0ãŒæ ¼ç´ã•れã¾ã™ã€‚ - \return 0 æ¤œè¨¼è¦æ±‚ã®å‡¦ç†ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚注:ã“れã¯ã€ç½²åãŒæ¤œè¨¼ã•れã¦ã„ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã‚ã‘ã§ã¯ãªãã€é–¢æ•°ãŒæˆåŠŸã—ãŸã¨ã„ã†ã ã‘ã§ã™ã€‚ - \return MP_INIT_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM DSAç½²åã®å‡¦ç†ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param digest ç½²åã®ä¸»é¡Œã‚’å«ã‚€ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sig 確èªã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key ç½²åを検証ã™ã‚‹ãŸã‚ã®åˆæœŸåŒ–ã•れãŸDsakey構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‚’使用ã—ã¦ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®ç½²åを検証ã—ã¾ã™ã€‚æ¤œè¨¼ãŒæ­£ã—ã行ã‚れãŸã‹ã©ã†ã‹ã‚’answerãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ ¼ç´ã—ã¾ã™ã€‚1ã¯æ¤œè¨¼æˆåŠŸã€0ã¯æ¤œè¨¼å¤±æ•—ã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 検証リクエストã®å‡¦ç†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚注æ„: ã“れã¯ç½²åãŒæ¤œè¨¼ã•れãŸã“ã¨ã‚’æ„味ã™ã‚‹ã®ã§ã¯ãªãã€é–¢æ•°ãŒæˆåŠŸã—ãŸã“ã¨ã®ã¿ã‚’æ„味ã—ã¾ã™ + \return MP_INIT_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM DSAç½²åã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param digest ç½²åã®å¯¾è±¡ã‚’å«ã‚€ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸDsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param answer æ¤œè¨¼ãŒæˆåŠŸã—ãŸã‹ã©ã†ã‹ã‚’æ ¼ç´ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code DsaKey key; - // initialize DSA key, load public Key + // DSAéµã‚’åˆæœŸåŒ–ã€å…¬é–‹éµã‚’ロード int ret; int verified; - byte hash[] = { // initialize with hash digest }; - byte signature[] = { // initialize with signature to verify }; + byte hash[] = { // ãƒãƒƒã‚·ãƒ¥ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã§åˆæœŸåŒ– }; + byte signature[] = { // 検証ã™ã‚‹ç½²åã§åˆæœŸåŒ– }; ret = wc_DsaVerify(hash, signature, &key, &verified); if (ret != 0) { - // error processing verify request + // 検証リクエストã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ } else if (answer == 0) { - // invalid signature + // 無効ãªç½²å } \endcode + \sa wc_DsaSign */ int wc_DsaVerify(const byte* digest, const byte* sig, @@ -107,25 +131,31 @@ /*! \ingroup DSA - \brief ã“ã®æ©Ÿèƒ½ã¯ã€DSA公開éµã‚’å«ã‚€DERフォーマットã®è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァを復å·ã—ã€ä¸Žãˆã‚‰ã‚ŒãŸDSakey構造体ã«ã‚­ãƒ¼ã‚’æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å…¥åŠ›èª­ã¿å–りã®é•·ã•ã«å¿œã˜ã¦INOUTIDXパラメータを設定ã—ã¾ã™ã€‚ - \return 0 dsakeyオブジェクトã®å…¬é–‹éµã‚’正常ã«è¨­å®šã™ã‚‹ - \return ASN_PARSE_E 証明書ãƒãƒƒãƒ•ァを読ã¿ãªãŒã‚‰ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_DH_KEY_E DSAパラメータã®1ã¤ãŒèª¤ã£ã¦ãƒ•ォーマットã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param input DERフォーマットDSA公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx è¨¼æ˜Žæ›¸ã®æœ€å¾Œã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’ä¿å­˜ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key 公開éµã‚’ä¿å­˜ã™ã‚‹Dsakey構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€DSA公開éµã‚’å«ã‚€DERフォーマットã®è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァをデコードã—ã€ä¸Žãˆã‚‰ã‚ŒãŸDsaKey構造体ã«éµã‚’æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€èª­ã¿å–られãŸå…¥åŠ›ã®é•·ã•ã«å¿œã˜ã¦inOutIdxパラメータを設定ã—ã¾ã™ã€‚ + + \return 0 DsaKeyオブジェクトã®å…¬é–‹éµã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り中ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_DH_KEY_E DSAパラメータã®1ã¤ãŒæ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param input DERフォーマットã®DSA公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx 読ã¿å–られãŸè¨¼æ˜Žæ›¸ã®æœ€çµ‚インデックスを格ç´ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key 公開éµã‚’æ ¼ç´ã™ã‚‹DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code int ret, idx=0; DsaKey key; wc_InitDsaKey(&key); - byte derBuff[] = { // DSA public key}; + byte derBuff[] = { // DSA公開éµ}; ret = wc_DsaPublicKeyDecode(derBuff, &idx, &key, inSz); if (ret != 0) { - // error reading public key + // 公開éµã®èª­ã¿å–りエラー } \endcode + \sa wc_InitDsaKey \sa wc_DsaPrivateKeyDecode */ @@ -134,25 +164,31 @@ /*! \ingroup DSA - \brief ã“ã®æ©Ÿèƒ½ã¯ã€DSA秘密éµã‚’å«ã‚€DERフォーマットã®è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァをデコードã—ã€æŒ‡å®šã•れãŸDSakey構造体ã«ã‚­ãƒ¼ã‚’æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€å…¥åŠ›èª­ã¿å–りã®é•·ã•ã«å¿œã˜ã¦INOUTIDXパラメータを設定ã—ã¾ã™ã€‚ - \return 0 dsakeyオブジェクトã®ç§˜å¯†éµã‚’正常ã«è¨­å®šã™ã‚‹ã«è¿”ã•れã¾ã—㟠- \return ASN_PARSE_E 証明書ãƒãƒƒãƒ•ァを読ã¿ãªãŒã‚‰ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_DH_KEY_E DSAパラメータã®1ã¤ãŒèª¤ã£ã¦ãƒ•ォーマットã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param input DERフォーマットDSA秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx è¨¼æ˜Žæ›¸ã®æœ€å¾Œã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’ä¿å­˜ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key 秘密éµã‚’ä¿å­˜ã™ã‚‹DSakey構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€DSA秘密éµã‚’å«ã‚€DERフォーマットã®è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァをデコードã—ã€ä¸Žãˆã‚‰ã‚ŒãŸDsaKey構造体ã«éµã‚’æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€èª­ã¿å–られãŸå…¥åŠ›ã®é•·ã•ã«å¿œã˜ã¦inOutIdxパラメータを設定ã—ã¾ã™ã€‚ + + \return 0 DsaKeyオブジェクトã®ç§˜å¯†éµã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 証明書ãƒãƒƒãƒ•ã‚¡ã®èª­ã¿å–り中ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_DH_KEY_E DSAパラメータã®1ã¤ãŒæ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param input DERフォーマットã®DSA秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx 読ã¿å–られãŸè¨¼æ˜Žæ›¸ã®æœ€çµ‚インデックスを格ç´ã™ã‚‹æ•´æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key 秘密éµã‚’æ ¼ç´ã™ã‚‹DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code int ret, idx=0; DsaKey key; wc_InitDsaKey(&key); - byte derBuff[] = { // DSA private key }; + byte derBuff[] = { // DSAç§˜å¯†éµ }; ret = wc_DsaPrivateKeyDecode(derBuff, &idx, &key, inSz); if (ret != 0) { - // error reading private key + // 秘密éµã®èª­ã¿å–りエラー } \endcode + \sa wc_InitDsaKey \sa wc_DsaPublicKeyDecode */ @@ -161,18 +197,23 @@ /*! \ingroup DSA - \brief DSAKEYキーをDERフォーマットã€å‡ºåŠ›ã¸ã®æ›¸ãè¾¼ã¿ï¼ˆInlenï¼‰ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \return outLen æˆåŠŸã€æ›¸ã‹ã‚ŒãŸãƒã‚¤ãƒˆæ•° - \return BAD_FUNC_ARG キーã¾ãŸã¯å‡ºåŠ›ã¯NULLã¾ãŸã¯ã‚­ãƒ¼ - >タイプãŒDSA_PRIVATEã§ã¯ã‚りã¾ã›ã‚“。 - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param key 変æ›ã™ã‚‹dsakey構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param output 変æ›ã‚­ãƒ¼ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief DsaKeyéµã‚’DERフォーマットã«å¤‰æ›ã—ã€output(inLen)ã«æ›¸ãè¾¼ã¿ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \return outLen æˆåŠŸã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•° + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã¾ãŸã¯key->typeãŒDSA_PRIVATEã§ãªã„å ´åˆã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + + \param key 変æ›ã™ã‚‹DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param output 変æ›ã•れãŸéµç”¨ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inLen éµå…¥åŠ›ã®é•·ã•。 + _Example_ \code DsaKey key; WC_RNG rng; int derSz; - int bufferSize = // Sufficient buffer size; + int bufferSize = // å分ãªãƒãƒƒãƒ•ァサイズ; byte der[bufferSize]; wc_InitDsaKey(&key); @@ -180,6 +221,7 @@ wc_MakeDsaKey(&rng, &key); derSz = wc_DsaKeyToDer(&key, der, bufferSize); \endcode + \sa wc_InitDsaKey \sa wc_FreeDsaKey \sa wc_MakeDsaKey @@ -188,12 +230,17 @@ /*! \ingroup DSA - \brief DSAキーを作æˆã—ã¾ã™ã€‚ - \return MP_OKAY æˆåŠŸ - \return BAD_FUNC_ARG RNGã¾ãŸã¯DSAã®ã©ã¡ã‚‰ã‹ãŒnullã§ã™ã€‚ - \return MEMORY_E ãƒãƒƒãƒ•ã‚¡ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“ã§ã—ãŸã€‚ - \return MP_INIT_E MP_INTã®åˆæœŸåŒ–エラー - \param rng WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief DSAéµã‚’作æˆã—ã¾ã™ã€‚ + + \return MP_OKAY æˆåŠŸ + \return BAD_FUNC_ARG rngã¾ãŸã¯dsaãŒnullã®å ´åˆã€‚ + \return MEMORY_E ãƒãƒƒãƒ•ァ用ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚ + \return MP_INIT_E mp_intã®åˆæœŸåŒ–エラー + + \param rng WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param dsa DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WC_RNG rng; @@ -202,9 +249,10 @@ wc_InitDsa(&dsa); if(wc_MakeDsaKey(&rng, &dsa) != 0) { - // Error creating key + // éµä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_InitDsaKey \sa wc_FreeDsaKey \sa wc_DsaSign @@ -213,12 +261,17 @@ /*! \ingroup DSA - \brief FIPS 186-4ã¯ã€modulus_sizeå€¤ã®æœ‰åйãªå€¤ã‚’定義ã—ã¾ã™ï¼ˆ1024,160)(2048,256)(3072,256) - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG RNGã¾ãŸã¯DSAã¯NULLã¾ãŸã¯MODULUS_SIZEãŒç„¡åйã§ã™ã€‚ - \return MEMORY_E メモリを割り当ã¦ã‚ˆã†ã¨ã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param rng WolfCrypt RNGã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param modulus_size 1024,2048ã€ã¾ãŸã¯3072ã¯æœ‰åйãªå€¤ã§ã™ã€‚ + + \brief FIPS 186-4ã¯ã€modulus_size値ã¨ã—ã¦(1024, 160) (2048, 256) (3072, 256)を有効ã¨å®šç¾©ã—ã¦ã„ã¾ã™ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG rngã¾ãŸã¯dsaãŒnullã¾ãŸã¯modulus_sizeãŒç„¡åйãªå ´åˆã€‚ + \return MEMORY_E メモリ割り当ã¦è©¦è¡Œã‚¨ãƒ©ãƒ¼ã€‚ + + \param rng wolfCrypt rngã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param modulus_size 1024ã€2048ã€ã¾ãŸã¯3072ãŒæœ‰åйãªå€¤ã§ã™ã€‚ + \param dsa DsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code DsaKey key; @@ -227,9 +280,10 @@ wc_InitRng(&rng); if(wc_MakeDsaParameters(&rng, 1024, &genKey) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_MakeDsaKey \sa wc_DsaKeyToDer \sa wc_InitDsaKey diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ecc.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,31 +1,37 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ECC_KEYを生æˆã—ã€ãã‚Œã‚’ã‚­ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E RNGã¾ãŸã¯ã‚­ãƒ¼ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹ã‚­ãƒ¼ã®æ­£ã—ã„範囲ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ECCキーã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param rng キーを生æˆã™ã‚‹ãŸã‚ã®åˆæœŸåŒ–ã•れãŸRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keysize ECC_KEYã®å¸Œæœ›ã®é•·ã• + + \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ecc_keyを生æˆã—ã€keyã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E rngã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹ã‚­ãƒ¼ã®æ­£ã—ã„範囲内ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E eccキーã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param rng キーã®ç”Ÿæˆã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param keysize ecc_keyã®å¸Œæœ›ã™ã‚‹é•·ã• + \param key キーを生æˆã™ã‚‹ecc_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecc_key key; wc_ecc_init(&key); WC_RNG rng; wc_InitRng(&rng); - wc_ecc_make_key(&rng, 32, &key); // initialize 32 byte ecc key + wc_ecc_make_key(&rng, 32, &key); // 32ãƒã‚¤ãƒˆã®eccã‚­ãƒ¼ã‚’åˆæœŸåŒ– \endcode + \sa wc_ecc_init \sa wc_ecc_shared_secret */ @@ -34,25 +40,30 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ECC_KEYを生æˆã—ã€ãã‚Œã‚’ã‚­ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E RNGã¾ãŸã¯ã‚­ãƒ¼ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹ã‚­ãƒ¼ã®æ­£ã—ã„範囲ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ECCキーã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECCキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param key 作æˆã—ãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param keysize CavenIDã«åŸºã¥ã„ã¦è¨­å®šã•れãŸãƒã‚¤ãƒˆå˜ä½ã§ä½œæˆã™ã‚‹ã‚­ãƒ¼ã®ã‚µã‚¤ã‚º - \param rng éµä½œæˆã«ä½¿ç”¨ã•れるRNG + + \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ecc_keyを生æˆã—ã€keyã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E rngã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹ã‚­ãƒ¼ã®æ­£ã—ã„範囲内ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E eccキーã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM eccキーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 作æˆã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keysize 作æˆã•れるキーã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€curveIdã«åŸºã¥ã„ã¦è¨­å®š + \param rng キー作æˆã§ä½¿ç”¨ã•れるRng + \param curve_id キーã«ä½¿ç”¨ã™ã‚‹ã‚«ãƒ¼ãƒ– + _Example_ \code ecc_key key; @@ -64,10 +75,11 @@ int keySize = wc_ecc_get_curve_size_from_id(curveId); ret = wc_ecc_make_key_ex(&rng, keySize, &key, curveId); if (ret != MP_OKAY) { - // error handling + // ã‚¨ãƒ©ãƒ¼å‡¦ç† } \endcode + \sa wc_ecc_make_key \sa wc_ecc_get_curve_size_from_id */ @@ -76,10 +88,83 @@ /*! \ingroup ECC - \brief ECCã‚­ãƒ¼ã®æœ‰åŠ¹æ€§ã‚’æœ‰åŠ¹ã«ã—ã¾ã™ã€‚ - \return MP_OKAY æˆåŠŸã€ã‚­ãƒ¼ã¯å¤§ä¸ˆå¤«ã§ã™ã€‚ - \return BAD_FUNC_ARG キーãŒNULLã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return ECC_INF_E WC_ECC_POINT_IS_AT_INFINITYãŒ1ã‚’è¿”ã™å ´åˆã«è¿”ã—ã¾ã™ã€‚ + + \brief wc_ecc_make_pubã¯ã€æ—¢å­˜ã®ç§˜å¯†æˆåˆ†ã‚’æŒã¤ecc_keyã‹ã‚‰å…¬é–‹æˆåˆ†ã‚’計算ã—ã¾ã™ã€‚pubOutãŒæä¾›ã•れã¦ã„ã‚‹å ´åˆã€è¨ˆç®—ã•れãŸå…¬é–‹éµã¯ãã“ã«æ ¼ç´ã•れã¾ã™ã€‚ãã†ã§ãªã„å ´åˆã¯ã€æä¾›ã•れãŸecc_keyã®å…¬é–‹æˆåˆ†ã‚¹ãƒ­ãƒƒãƒˆã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG æä¾›ã•れãŸã‚­ãƒ¼ãŒæœ‰åйãªecc_keyã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 公開éµã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_OUT_OF_RANGE_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_PRIV_KEY_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_INF_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 有効ãªç§˜å¯†æˆåˆ†ã‚’å«ã‚€ecc_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubOut 計算ã•れãŸå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ecc_point構造体ã¸ã®ã‚ªãƒ—ションã®ãƒã‚¤ãƒ³ã‚¿ + + \sa wc_ecc_make_pub_ex + \sa wc_ecc_make_key +*/ + +int wc_ecc_make_pub(ecc_key* key, ecc_point* pubOut); + +/*! + \ingroup ECC + + \brief wc_ecc_make_pub_exã¯ã€æ—¢å­˜ã®ç§˜å¯†æˆåˆ†ã‚’æŒã¤ecc_keyã‹ã‚‰å…¬é–‹æˆåˆ†ã‚’計算ã—ã¾ã™ã€‚pubOutãŒæä¾›ã•れã¦ã„ã‚‹å ´åˆã€è¨ˆç®—ã•れãŸå…¬é–‹éµã¯ãã“ã«æ ¼ç´ã•れã¾ã™ã€‚ãã†ã§ãªã„å ´åˆã¯ã€æä¾›ã•れãŸecc_keyã®å…¬é–‹æˆåˆ†ã‚¹ãƒ­ãƒƒãƒˆã«æ ¼ç´ã•れã¾ã™ã€‚æä¾›ã•れãŸrngãŒnon-NULLã®å ´åˆã€è¨ˆç®—ã§ä½¿ç”¨ã•れる秘密éµå€¤ã‚’ブラインドã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG æä¾›ã•れãŸã‚­ãƒ¼ãŒæœ‰åйãªecc_keyã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 公開éµã®è¨ˆç®—中ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_OUT_OF_RANGE_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_PRIV_KEY_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ECC_INF_E 公開éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 有効ãªç§˜å¯†æˆåˆ†ã‚’å«ã‚€ecc_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubOut 計算ã•れãŸå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ecc_point構造体ã¸ã®ã‚ªãƒ—ションã®ãƒã‚¤ãƒ³ã‚¿ + \param rng 公開éµã®è¨ˆç®—ã§ä½¿ç”¨ã•れるRng + + \sa wc_ecc_make_pub + \sa wc_ecc_make_key + \sa wc_InitRng +*/ + +int wc_ecc_make_pub_ex(ecc_key* key, ecc_point* pubOut, WC_RNG* rng); + +/*! + \ingroup ECC + + \brief eccã‚­ãƒ¼ã®æœ‰åŠ¹æ€§ã«é–¢ã™ã‚‹å¥å…¨æ€§ãƒã‚§ãƒƒã‚¯ã‚’実行ã—ã¾ã™ã€‚ + + \return MP_OKAY æˆåŠŸã€ã‚­ãƒ¼ã¯æ­£å¸¸ã§ã™ã€‚ + \return BAD_FUNC_ARG keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_INF_E wc_ecc_point_is_at_infinityãŒ1ã‚’è¿”ã™å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code ecc_key key; @@ -92,13 +177,14 @@ if (check_result == MP_OKAY) { - // key check succeeded + // キーãƒã‚§ãƒƒã‚¯æˆåŠŸ } else { - // key check failed + // キーãƒã‚§ãƒƒã‚¯å¤±æ•— } \endcode + \sa wc_ecc_point_is_at_infinity */ @@ -106,13 +192,19 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨ã•れãŸå¾Œã«ECC_KEYキーを解放ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«ecc_keyキーを解放ã—ã¾ã™ã€‚ + + + \param key 解放ã™ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - // initialize key and perform ECC operations + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¦ECCæ“作を実行 ... wc_ecc_key_free(&key); \endcode + \sa wc_ecc_key_new \sa wc_ecc_init_ex */ @@ -121,44 +213,50 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ­ãƒ¼ã‚«ãƒ«ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’使用ã—ã¦æ–°ã—ã„秘密éµã‚’生æˆã—ã¾ã™ã€‚ã“ã®å…±æœ‰ç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã™ã‚‹ãŸã‚ã«outlentenã‚’æ›´æ–°ã—ã¾ã™ã€‚ - \return 0 共有秘密éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 引数ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸç§˜å¯†éµã®ç¨®é¡žãŒecc_privatekeyã§ã¯ãªã„å ´åˆã€ã¾ãŸã¯ãƒ‘ブリックキータイプ(ECC-> DPã«ã‚ˆã£ã¦ä¸Žãˆã‚‰ã‚ŒãŸï¼‰ãŒåŒç­‰ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E æ–°ã—ã„ECCãƒã‚¤ãƒ³ãƒˆã‚’生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \return BUFFER_E 生æˆã•れãŸå…±æœ‰ç§˜å¯†éµãŒæä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãƒ¼ã«æ ¼ç´ã™ã‚‹ã®ã«é•·ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM 共有キーã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param private_key ローカル秘密éµã‚’å«ã‚€ECC_KEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€ECC_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 生æˆã•れãŸå…±æœ‰ç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ­ãƒ¼ã‚«ãƒ«ç§˜å¯†éµã¨å—ä¿¡ã—ãŸå…¬é–‹éµã‚’使用ã—ã¦æ–°ã—ã„共有秘密éµã‚’生æˆã—ã¾ã™ã€‚ã“ã®å…±æœ‰ç§˜å¯†éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€outlenã‚’æ›´æ–°ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ã€‚ + + \return 0 共有秘密éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E 引数ã¨ã—ã¦ä¸Žãˆã‚‰ã‚ŒãŸç§˜å¯†éµprivate_keyã®ã‚¿ã‚¤ãƒ—ãŒECC_PRIVATEKEYã§ãªã„å ´åˆã€ã¾ãŸã¯å…¬é–‹éµã¨ç§˜å¯†éµã®ã‚¿ã‚¤ãƒ—(ecc->dpã§æŒ‡å®šï¼‰ãŒåŒç­‰ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E æ–°ã—ã„eccãƒã‚¤ãƒ³ãƒˆã®ç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 生æˆã•れãŸå…±æœ‰ç§˜å¯†éµãŒæä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã™ã‚‹ã«ã¯é•·ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM 共有éµã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param private_key ローカル秘密éµã‚’å«ã‚€ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param public_key å—ä¿¡ã—ãŸå…¬é–‹éµã‚’å«ã‚€ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 生æˆã•れãŸå…±æœ‰ç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚共有秘密éµã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã§ä¸Šæ›¸ãã•れã¾ã™ + _Example_ \code ecc_key priv, pub; WC_RNG rng; - byte secret[1024]; // can hold 1024 byte shared secret key + byte secret[1024]; // 1024ãƒã‚¤ãƒˆã®å…±æœ‰ç§˜å¯†éµã‚’ä¿æŒå¯èƒ½ word32 secretSz = sizeof(secret); int ret; - wc_InitRng(&rng); // initialize rng - wc_ecc_init(&priv); // initialize key - wc_ecc_make_key(&rng, 32, &priv); // make public/private key pair - // receive public key, and initialise into pub + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ecc_init(&priv); // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– + wc_ecc_make_key(&rng, 32, &priv); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ + // 公開éµã‚’å—ä¿¡ã—ã€pubã«åˆæœŸåŒ– ret = wc_ecc_shared_secret(&priv, &pub, secret, &secretSz); - // generate secret key + // 共有秘密éµã‚’ç”Ÿæˆ if ( ret != 0 ) { - // error generating shared secret key + // 共有秘密éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_init \sa wc_ecc_make_key */ @@ -168,17 +266,22 @@ /*! \ingroup ECC - \brief 秘密éµã¨ãƒ‘ブリックãƒã‚¤ãƒ³ãƒˆã®é–“ã«ECC共有秘密を作æˆã—ã¾ã™ã€‚ - \return MP_OKAY æˆåŠŸã‚’ç¤ºã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ãŒNULLã®ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E private_key-> typeãŒecc_privatekeyã¾ãŸã¯private_key-> idxãŒæ¤œè¨¼ã§ããªã„å ´åˆã«è¿”ã•れã¾ã—ãŸã€‚ - \return BUFFER_E outlenãŒå°ã•ã™ãŽã‚‹ã¨ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã™ã€‚ - \return MEMORY_E æ–°ã—ã„ãƒã‚¤ãƒ³ãƒˆã‚’作æˆã™ã‚‹ãŸã‚ã®ã‚¨ãƒ©ãƒ¼ã€‚ - \return MP_VAL åˆæœŸåŒ–失敗ãŒç™ºç”Ÿã—ãŸã¨ãã«å¯èƒ½ã§ã™ã€‚ - \return MP_MEM åˆæœŸåŒ–失敗ãŒç™ºç”Ÿã—ãŸã¨ãã«å¯èƒ½ã§ã™ã€‚ - \param private_key プライベートECCキー。 - \param point 使用ã™ã‚‹ãƒã‚¤ãƒ³ãƒˆï¼ˆå…¬é–‹éµï¼‰ã€‚ - \param out 共有秘密ã®å‡ºåŠ›å…ˆã€‚ANSI X9.63ã‹ã‚‰EC-DHã«æº–æ‹ ã—ã¦ã„ã¾ã™ã€‚ + + \brief 秘密éµã¨å…¬é–‹ãƒã‚¤ãƒ³ãƒˆé–“ã§ECC共有秘密を作æˆã—ã¾ã™ã€‚ + + \return MP_OKAY æˆåŠŸã‚’ç¤ºã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å¼•æ•°ãŒnullã®å ´åˆã«è¿”ã•れるエラー。 + \return ECC_BAD_ARG_E private_key->typeãŒECC_PRIVATEKEYã§ãªã„å ´åˆã€ã¾ãŸã¯private_key->idxã®æ¤œè¨¼ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れるエラー。 + \return BUFFER_E outlenãŒå°ã•ã™ãŽã‚‹å ´åˆã®ã‚¨ãƒ©ãƒ¼ã€‚ + \return MEMORY_E æ–°ã—ã„ãƒã‚¤ãƒ³ãƒˆã‚’作æˆã™ã‚‹éš›ã®ã‚¨ãƒ©ãƒ¼ã€‚ + \return MP_VAL åˆæœŸåŒ–失敗ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM åˆæœŸåŒ–失敗ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param private_key 秘密ECCキー。 + \param point 使用ã™ã‚‹ãƒã‚¤ãƒ³ãƒˆï¼ˆå…¬é–‹éµï¼‰ã€‚ + \param out 共有秘密ã®å‡ºåŠ›å…ˆã€‚ANSI X9.63ã®EC-DHã«æº–拠。 + \param outlen 最大サイズを入力ã—ã€å…±æœ‰ç§˜å¯†ã®çµæžœã‚µã‚¤ã‚ºã‚’出力。 + _Example_ \code ecc_key key; @@ -194,9 +297,10 @@ if (result != MP_OKAY) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_ecc_verify_hash_ex */ @@ -205,43 +309,49 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ä¿¡é ¼æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ECC_KEYオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã¾ã™ã€‚ - \return 0 メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E 入力キーãŒç§˜å¯†éµã§ã¯ãªã„å ´åˆã€ã¾ãŸã¯ECC OIDãŒç„¡åйãªå ´åˆ - \return RNG_FAILURE_E RNGãŒæº€è¶³ã®ã„ãキーを正常ã«ç”Ÿæˆã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param in サインã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param out 生æˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ - \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ecc_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã—ã¾ã™ã€‚ + + \return 0 メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E 入力キーãŒç§˜å¯†éµã§ãªã„å ´åˆã€ã¾ãŸã¯ECC OIDãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E rngãŒæº€è¶³ã®ã„ãキーを正常ã«ç”Ÿæˆã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã®é•·ã• + \param out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ + \param key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ECCキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecc_key key; WC_RNG rng; int ret, sigSz; - byte sig[512]; // will hold generated signature + byte sig[512]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte digest[] = { // initialize with message hash }; - wc_InitRng(&rng); // initialize rng - wc_ecc_init(&key); // initialize key - wc_ecc_make_key(&rng, 32, &key); // make public/private key pair + byte digest[] = { // メッセージãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ecc_init(&key); // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– + wc_ecc_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ecc_sign_hash(digest, sizeof(digest), sig, &sigSz, &key); if ( ret != 0 ) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_verify_hash */ @@ -250,48 +360,54 @@ /*! \ingroup ECC - \brief メッセージダイジェストã«ç½²åã—ã¾ã™ã€‚ - \return MP_OKAY メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return ECC_BAD_ARG_E 入力キーãŒç§˜å¯†éµã§ã¯ãªã„å ´åˆã€ã¾ãŸã¯ECC IDXãŒç„¡åйãªå ´åˆã€ã¾ãŸã¯ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れã¦ã„ã‚‹å ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆ - \return RNG_FAILURE_E RNGãŒæº€è¶³ã®ã„ãキーを正常ã«ç”Ÿæˆã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param in メッセージãŒã‚µã‚¤ãƒ³ã«ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ - \param inlen ダイジェストã®é•·ã•。 - \param rng WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param key プライベートECCキー。 - \param r ç½²åã®Rコンãƒãƒ¼ãƒãƒ³ãƒˆã®å®›å…ˆã€‚ + + \brief メッセージダイジェストã«ç½²åã—ã¾ã™ã€‚ + + \return MP_OKAY メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E 入力キーãŒç§˜å¯†éµã§ãªã„å ´åˆã€ã¾ãŸã¯ECC IDXãŒç„¡åйãªå ´åˆã€ã¾ãŸã¯ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E rngãŒæº€è¶³ã®ã„ãキーを正常ã«ç”Ÿæˆã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ + \param inlen ダイジェストã®é•·ã•。 + \param rng WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key 秘密ECCキー。 + \param r ç½²åã®ræˆåˆ†ã®å‡ºåŠ›å…ˆã€‚ + \param s ç½²åã®sæˆåˆ†ã®å‡ºåŠ›å…ˆã€‚ + _Example_ \code ecc_key key; WC_RNG rng; int ret, sigSz; - mp_int r; // destination for r component of signature. - mp_int s; // destination for s component of signature. + mp_int r; // ç½²åã®ræˆåˆ†ã®å‡ºåŠ›å…ˆã€‚ + mp_int s; // ç½²åã®sæˆåˆ†ã®å‡ºåŠ›å…ˆã€‚ - byte sig[512]; // will hold generated signature + byte sig[512]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte digest[] = { initialize with message hash }; - wc_InitRng(&rng); // initialize rng - wc_ecc_init(&key); // initialize key - mp_init(&r); // initialize r component - mp_init(&s); // initialize s component - wc_ecc_make_key(&rng, 32, &key); // make public/private key pair + byte digest[] = { メッセージãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ecc_init(&key); // ã‚­ãƒ¼ã‚’åˆæœŸåŒ– + mp_init(&r); // ræˆåˆ†ã‚’åˆæœŸåŒ– + mp_init(&s); // sæˆåˆ†ã‚’åˆæœŸåŒ– + wc_ecc_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ecc_sign_hash_ex(digest, sizeof(digest), &rng, &key, &r, &s); if ( ret != MP_OKAY ) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_verify_hash_ex */ @@ -300,42 +416,48 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’確ä¿ã™ã‚‹ãŸã‚ã«ãƒãƒƒã‚·ãƒ¥ã®ECCã‚·ã‚°ãƒãƒãƒ£ã‚’検証ã—ã¾ã™ã€‚ç­”ãˆã‚’介ã—ã¦ã€æœ‰åйãªç½²åã«å¯¾å¿œã™ã‚‹1ã€ç„¡åйãªç½²åã«å¯¾å¿œã™ã‚‹0ã§ç­”ãˆã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ç½²åæ¤œè¨¼ã«æ­£å¸¸ã«å®Ÿè¡Œã•れãŸã¨ãã«è¿”ã•れã¾ã™ã€‚注:ã“れã¯ç½²åãŒæ¤œè¨¼ã•れã¦ã„ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã‚ã‘ã§ã¯ã‚りã¾ã›ã‚“。信頼性情報ã¯ä»£ã‚りã«STATã§æ ¼ç´ã•れã¾ã™ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param sig 確èªã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param siglen 検証ã™ã‚‹ç½²åã®é•·ã• - \param hash 確èªã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param hashlen èªè¨¼ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param stat 検証ã®çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«èªè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’確ä¿ã™ã‚‹ãŸã‚ã«ãƒãƒƒã‚·ãƒ¥ã®ECCç½²åを検証ã—ã¾ã™ã€‚statを通ã˜ã¦ç­”ãˆã‚’è¿”ã—ã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åæ¤œè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚注:ã“れã¯ç½²åãŒæ¤œè¨¼ã•れãŸã“ã¨ã‚’æ„味ã™ã‚‹ã‚‚ã®ã§ã¯ã‚りã¾ã›ã‚“。真正性情報ã¯ä»£ã‚りã«statã«æ ¼ç´ã•れã¾ã™ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM メッセージ署åã®è¨ˆç®—中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param siglen 検証ã™ã‚‹ç½²åã®é•·ã• + \param hash 検証ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hashlen 検証ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®é•·ã• + \param stat æ¤œè¨¼çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ + \param key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹ECCキーã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecc_key key; int ret, verified = 0; - byte sig[1024] { initialize with received signature }; - byte digest[] = { initialize with message hash }; - // initialize key with received public key + byte sig[1024] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte digest[] = { メッセージãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§ã‚­ãƒ¼ã‚’åˆæœŸåŒ– ret = wc_ecc_verify_hash(sig, sizeof(sig), digest,sizeof(digest), &verified, &key); if ( ret != 0 ) { - // error performing verification + // 検証実行エラー } else if ( verified == 0 ) { - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ecc_sign_hash \sa wc_ecc_verify_hash_ex */ @@ -345,28 +467,34 @@ /*! \ingroup ECC - \brief ECCç½²åを確èªã—ã¦ãã ã•ã„ã€‚çµæžœã¯statã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ãŒæœ‰åйã§ã€0ãŒç„¡åйã§ã™ã€‚注:有効ãªãƒ†ã‚¹ãƒˆã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。statã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。 - \return MP_OKAY æˆåŠŸã—ãŸå ´åˆï¼ˆç½²åãŒç„¡åйã§ã‚ã£ã¦ã‚‚) - \return ECC_BAD_ARG_E 引数ãŒNULLã®å ´åˆã€ã¾ãŸã¯key-idxãŒç„¡åйãªå ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E INTã¾ãŸã¯ãƒã‚¤ãƒ³ãƒˆã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param r 検証ã™ã‚‹ç½²åRコンãƒãƒ¼ãƒãƒ³ãƒˆ - \param s 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£Sコンãƒãƒ¼ãƒãƒ³ãƒˆ - \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥ï¼ˆãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆï¼‰ - \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) - \param stat ç½²åã®çµæžœã€1 ==有効ã€0 ==無効 + + \brief ECCç½²åを検証ã—ã¾ã™ã€‚çµæžœã¯statã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ã¯æœ‰åйã€0ã¯ç„¡åйã§ã™ã€‚注:有効性ã®ãƒ†ã‚¹ãƒˆã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。statã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。 + + \return MP_OKAY æˆåŠŸã—ãŸå ´åˆï¼ˆç½²åãŒæœ‰åйã§ãªã„å ´åˆã§ã‚‚) + \return ECC_BAD_ARG_E 引数ãŒnullã®å ´åˆã€ã¾ãŸã¯key-idxãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E æ•´æ•°ã¾ãŸã¯ãƒã‚¤ãƒ³ãƒˆã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + + \param r 検証ã™ã‚‹ç½²åã®Ræˆåˆ† + \param s 検証ã™ã‚‹ç½²åã®Sæˆåˆ† + \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥ï¼ˆãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆï¼‰ + \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) + \param stat ç½²åã®çµæžœã€1==有効ã€0==無効 + \param key 対応ã™ã‚‹å…¬é–‹ECCキー + _Example_ \code mp_int r; mp_int s; int stat; - byte hash[] = { Some hash } + byte hash[] = { ã„ãã¤ã‹ã®ãƒãƒƒã‚·ãƒ¥ } ecc_key key; if(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &stat, &key) == MP_OKAY) { - // Check stat + // statã‚’ãƒã‚§ãƒƒã‚¯ } \endcode + \sa wc_ecc_verify_hash */ @@ -375,14 +503,20 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã¾ãŸã¯éµäº¤æ¸‰ã§å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ECC_KEYã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 ECC_Keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã¾ãŸã¯éµäº¤æ›ã§å°†æ¥ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ecc_keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 ecc_keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key åˆæœŸåŒ–ã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecc_key key; wc_ecc_init(&key); \endcode + \sa wc_ecc_make_key \sa wc_ecc_free */ @@ -391,16 +525,22 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã¾ãŸã¯éµäº¤æ¸‰ã§å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ECC_KEYã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 ECC_Keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \param key åˆæœŸåŒ–ã™ã‚‹ECC_Keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param devId éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã¾ãŸã¯éµäº¤æ›ã§å°†æ¥ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ecc_keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 ecc_keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param key åˆæœŸåŒ–ã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param heap ヒープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®š + _Example_ \code ecc_key key; wc_ecc_init_ex(&key, heap, devId); \endcode + \sa wc_ecc_make_key \sa wc_ecc_free \sa wc_ecc_init @@ -410,12 +550,18 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ãƒ’ープを使用ã—ã€ã‚­ãƒ¼æ§‹é€ ã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã¾ã™ã€‚ - \return 0 ECC_Keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ã®ãƒ’ープを使用ã—ã€ã‚­ãƒ¼æ§‹é€ ä½“用ã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã¾ã™ã€‚ + + \return 0 ecc_keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + _Example_ \code wc_ecc_key_new(&heap); \endcode + \sa wc_ecc_make_key \sa wc_ecc_key_free \sa wc_ecc_init @@ -425,14 +571,20 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«ECC_KEYオブジェクトを解放ã—ã¾ã™ã€‚ - \return int integerãŒWolfSSLエラーã¾ãŸã¯æˆåŠŸçŠ¶æ³ã‚’示ã™ã“ã¨ã‚’è¿”ã—ã¾ã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«ecc_keyオブジェクトを解放ã—ã¾ã™ã€‚ + + \return int wolfSSLã®ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯æˆåŠŸã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’ç¤ºã™æ•´æ•°ãŒè¿”ã•れã¾ã™ã€‚ + + \param key 解放ã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - // initialize key and perform secure exchanges + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¦å®‰å…¨ãªäº¤æ›ã‚’実行 ... wc_ecc_free(&key); \endcode + \sa wc_ecc_init */ @@ -440,16 +592,22 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯å›ºå®šå°æ•°ç‚¹ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’解放ã—ã¾ã™ã€‚ã“れã¯ECCã§ä½¿ç”¨ã§ãã€è¨ˆç®—時間を高速化ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’使用ã™ã‚‹ã«ã¯ã€FP_ECCï¼ˆå›ºå®šå°æ•°ç‚¹ECC)を定義ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å›ºå®šå°æ•°ç‚¹ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’解放ã—ã¾ã™ã€‚ã“れã¯è¨ˆç®—時間を高速化ã™ã‚‹ãŸã‚ã«eccã§ä½¿ç”¨ã§ãã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’使用ã™ã‚‹ã«ã¯ã€FP_ECCï¼ˆå›ºå®šå°æ•°ç‚¹ecc)を定義ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚スレッド化ã•れãŸã‚¢ãƒ—リケーションã¯ã€ã‚¹ãƒ¬ãƒƒãƒ‰ã‚’終了ã™ã‚‹å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return none 返り値ãªã—。 + + \param none パラメータãªã—。 + _Example_ \code ecc_key key; - // initialize key and perform secure exchanges + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã¦å®‰å…¨ãªäº¤æ›ã‚’実行 ... wc_ecc_fp_free(); \endcode + \sa wc_ecc_free */ @@ -457,9 +615,14 @@ /*! \ingroup ECC - \brief ECC IDXãŒæœ‰åйã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return 1 有効ãªå ´åˆã¯è¿”å“ã—ã¦ãã ã•ã„。 - \return 0 無効ãªå ´åˆã¯è¿”ã—ã¾ã™ã€‚ + + \brief ECC idxãŒæœ‰åйã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 1 有効ãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 有効ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param n ãƒã‚§ãƒƒã‚¯ã™ã‚‹idx番å·ã€‚ + _Example_ \code ecc_key key; @@ -471,33 +634,39 @@ is_valid = wc_ecc_is_valid_idx(key.idx); if (is_valid == 1) { - // idx is valid + // idxã¯æœ‰åй } else if (is_valid == 0) { - // idx is not valid + // idxã¯ç„¡åй } \endcode - \sa none + + \sa ãªã— */ int wc_ecc_is_valid_idx(int n); - /*! \ingroup ECC - \brief æ–°ã—ã„ECCãƒã‚¤ãƒ³ãƒˆã‚’割り当ã¦ã¾ã™ã€‚ - \return p æ–°ã—ã割り当ã¦ã‚‰ã‚ŒãŸãƒã‚¤ãƒ³ãƒˆã€‚ - \return NULL エラー時ã«NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \brief æ–°ã—ã„ECCãƒã‚¤ãƒ³ãƒˆã‚’割り当ã¦ã¾ã™ã€‚ + + \return p æ–°ã—ã割り当ã¦ã‚‰ã‚ŒãŸãƒã‚¤ãƒ³ãƒˆã€‚ + \return NULL エラー時ã«NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code ecc_point* point; point = wc_ecc_new_point(); if (point == NULL) { - // Handle point creation error + // ãƒã‚¤ãƒ³ãƒˆä½œæˆã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } - // Do stuff with point + // ãƒã‚¤ãƒ³ãƒˆã§ä½•ã‹ã‚’行ㆠ\endcode + \sa wc_ecc_del_point \sa wc_ecc_cmp_point \sa wc_ecc_copy_point @@ -507,19 +676,25 @@ /*! \ingroup ECC - \brief メモリã‹ã‚‰ECCãƒã‚¤ãƒ³ãƒˆã‚’解放ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief メモリã‹ã‚‰ECCãƒã‚¤ãƒ³ãƒˆã‚’解放ã—ã¾ã™ã€‚ + + \return none 返り値ãªã—。 + + \param p 解放ã™ã‚‹ãƒã‚¤ãƒ³ãƒˆã€‚ + _Example_ \code ecc_point* point; point = wc_ecc_new_point(); if (point == NULL) { - // Handle point creation error + // ãƒã‚¤ãƒ³ãƒˆä½œæˆã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } - // Do stuff with point + // ãƒã‚¤ãƒ³ãƒˆã§ä½•ã‹ã‚’行ㆠwc_ecc_del_point(point); \endcode + \sa wc_ecc_new_point \sa wc_ecc_cmp_point \sa wc_ecc_copy_point @@ -529,11 +704,16 @@ /*! \ingroup ECC - \brief ã‚ã‚‹ãƒã‚¤ãƒ³ãƒˆã®å€¤ã‚’別ã®ãƒã‚¤ãƒ³ãƒˆã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return ECC_BAD_ARG_E Pã¾ãŸã¯RãŒNULLã®ã¨ãã«ã‚¹ãƒ­ãƒ¼ã•れãŸã‚¨ãƒ©ãƒ¼ã€‚ - \return MP_OKAY ãƒã‚¤ãƒ³ãƒˆãŒæ­£å¸¸ã«ã‚³ãƒ”ーã•れã¾ã—㟠- \return ret 内部関数ã‹ã‚‰ã®ã‚¨ãƒ©ãƒ¼ã€‚ã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™... - \param p コピーã™ã‚‹ãƒã‚¤ãƒ³ãƒˆã€‚ + + \brief ã‚ã‚‹ãƒã‚¤ãƒ³ãƒˆã®å€¤ã‚’別ã®ãƒã‚¤ãƒ³ãƒˆã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return ECC_BAD_ARG_E pã¾ãŸã¯rãŒnullã®å ´åˆã«ã‚¹ãƒ­ãƒ¼ã•れるエラー。 + \return MP_OKAY ãƒã‚¤ãƒ³ãƒˆãŒæ­£å¸¸ã«ã‚³ãƒ”ーã•れã¾ã—㟠+ \return ret 内部関数ã‹ã‚‰ã®ã‚¨ãƒ©ãƒ¼ã€‚次ã®ã‚ˆã†ãªå¯èƒ½æ€§ãŒã‚りã¾ã™... + + \param p コピーã™ã‚‹ãƒã‚¤ãƒ³ãƒˆã€‚ + \param r 作æˆã•れãŸãƒã‚¤ãƒ³ãƒˆã€‚ + _Example_ \code ecc_point* point; @@ -544,23 +724,29 @@ copy_return = wc_ecc_copy_point(point, copied_point); if (copy_return != MP_OKAY) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_ecc_new_point \sa wc_ecc_cmp_point \sa wc_ecc_del_point */ -int wc_ecc_copy_point(ecc_point* p, ecc_point *r); +int wc_ecc_copy_point(const ecc_point* p, ecc_point *r); /*! \ingroup ECC - \brief ãƒã‚¤ãƒ³ãƒˆã®å€¤ã‚’別ã®ã‚‚ã®ã¨æ¯”較ã—ã¦ãã ã•ã„。 - \return BAD_FUNC_ARG 1ã¤ã¾ãŸã¯ä¸¡æ–¹ã®å¼•æ•°ã¯nullã§ã™ã€‚ - \return MP_EQ ãƒã‚¤ãƒ³ãƒˆã¯åŒã˜ã§ã™ã€‚ - \return ret mp_ltã¾ãŸã¯mp_gtã®ã©ã¡ã‚‰ã‹ã§ã€ãƒã‚¤ãƒ³ãƒˆãŒç­‰ã—ããªã„ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \param a 比較ã™ã‚‹æœ€åˆã®ãƒã‚¤ãƒ³ãƒˆã€‚ + + \brief ãƒã‚¤ãƒ³ãƒˆã®å€¤ã‚’別ã®ãƒã‚¤ãƒ³ãƒˆã¨æ¯”較ã—ã¾ã™ã€‚ + + \return BAD_FUNC_ARG 一方ã¾ãŸã¯ä¸¡æ–¹ã®å¼•æ•°ãŒNULL。 + \return MP_EQ ãƒã‚¤ãƒ³ãƒˆãŒç­‰ã—ã„。 + \return ret MP_LTã¾ãŸã¯MP_GTã®ã„ãšã‚Œã‹ã§ã€ãƒã‚¤ãƒ³ãƒˆãŒç­‰ã—ããªã„ã“ã¨ã‚’示ã—ã¾ã™ã€‚ + + \param a 比較ã™ã‚‹æœ€åˆã®ãƒã‚¤ãƒ³ãƒˆã€‚ + \param b 比較ã™ã‚‹2番目ã®ãƒã‚¤ãƒ³ãƒˆã€‚ + _Example_ \code ecc_point* point; @@ -572,17 +758,18 @@ cmp_result = wc_ecc_cmp_point(point, point_to_compare); if (cmp_result == BAD_FUNC_ARG) { - // arguments are invalid + // 引数ãŒç„¡åй } else if (cmp_result == MP_EQ) { - // Points are equal + // ãƒã‚¤ãƒ³ãƒˆãŒç­‰ã—ã„ } else { - // Points are not equal + // ãƒã‚¤ãƒ³ãƒˆãŒç­‰ã—ããªã„ } \endcode + \sa wc_ecc_new_point \sa wc_ecc_del_point \sa wc_ecc_copy_point @@ -592,10 +779,15 @@ /*! \ingroup ECC - \brief ãƒã‚¤ãƒ³ãƒˆãŒç„¡é™å¤§ã«ã‚ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚è¿”å“1ãŒç„¡é™å¤§ã§ã‚ã‚‹å ´åˆã¯0ã€ãã†ã§ãªã„å ´åˆã¯0ã€<0エラー時ã®0 - \return 1 Pã¯ç„¡é™å¤§ã§ã™ã€‚ - \return 0 Pã¯ç„¡é™å¤§ã§ã¯ã‚りã¾ã›ã‚“。 - \return <0 エラー。 + + \brief ãƒã‚¤ãƒ³ãƒˆãŒç„¡é™é ç‚¹ã«ã‚ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ãƒã‚¤ãƒ³ãƒˆãŒç„¡é™é ç‚¹ã«ã‚ã‚‹å ´åˆã¯1ã‚’è¿”ã—ã€ãã†ã§ãªã„å ´åˆã¯0ã‚’è¿”ã—ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã‚’è¿”ã—ã¾ã™ + + \return 1 pãŒç„¡é™é ç‚¹ã«ã‚る。 + \return 0 pãŒç„¡é™é ç‚¹ã«ãªã„。 + \return <0 エラー。 + + \param p ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãƒã‚¤ãƒ³ãƒˆã€‚ + _Example_ \code ecc_point* point; @@ -605,17 +797,18 @@ is_infinity = wc_ecc_point_is_at_infinity(point); if (is_infinity < 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } else if (is_infinity == 0) { - // Point is not at infinity + // ãƒã‚¤ãƒ³ãƒˆã¯ç„¡é™é ç‚¹ã«ãªã„ } else if (is_infinity == 1) { - // Point is at infinity + // ãƒã‚¤ãƒ³ãƒˆã¯ç„¡é™é ç‚¹ã«ã‚ã‚‹ } \endcode + \sa wc_ecc_new_point \sa wc_ecc_del_point \sa wc_ecc_cmp_point @@ -626,52 +819,63 @@ /*! \ingroup ECC - \brief ECC固定点乗算を実行ã—ã¾ã™ã€‚ - \return MP_OKAY æˆåŠŸã—ãŸæ“作ã§è¿”ã—ã¾ã™ã€‚ - \return MP_INIT_E 複数ã®Precision Integer(MP_INT)ライブラリã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®æ•´æ•°ã‚’åˆæœŸåŒ–ã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param k 計é‡ã€‚ - \param G ä¹—ç®—ã™ã‚‹åŸºç‚¹ã€‚ - \param R 商å“ã®ç›®çš„地 - \param modulus 曲線ã®å¼¾æ€§çއ + + \brief ECC固定点乗算を実行ã—ã¾ã™ã€‚ + + \return MP_OKAY æ“ä½œãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E 多精度整数(mp_int)ライブラリã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«æ•´æ•°ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param k 被乗数。 + \param G ä¹—ç®—ã™ã‚‹åŸºç‚¹ã€‚ + \param R ç©ã®å‡ºåŠ›å…ˆã€‚ + \param modulus カーブã®ãƒ¢ã‚¸ãƒ¥ãƒ©ã‚¹ã€‚ + \param map ゼロã§ãªã„å ´åˆã€ãƒã‚¤ãƒ³ãƒˆã‚’ã‚¢ãƒ•ã‚£ãƒ³åº§æ¨™ã«æˆ»ã—ã¦ãƒžãƒƒãƒ—ã—ã¾ã™ã€‚ãã†ã§ãªã„å ´åˆã¯ã€ãƒ¤ã‚³ãƒ“・モンゴメリー形å¼ã®ã¾ã¾ã§ã™ã€‚ + _Example_ \code ecc_point* base; ecc_point* destination; - // Initialize points + // ãƒã‚¤ãƒ³ãƒˆã‚’åˆæœŸåŒ– base = wc_ecc_new_point(); destination = wc_ecc_new_point(); - // Setup other arguments + // ä»–ã®å¼•数を設定 mp_int multiplicand; mp_int modulus; int map; \endcode - \sa none + + \sa ãªã— */ -int wc_ecc_mulmod(mp_int* k, ecc_point *G, ecc_point *R, +int wc_ecc_mulmod(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a, mp_int* modulus, int map); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ECCキーをECC_KEY構造体ã‹ã‚‰ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã€çµæžœã‚’OUTã«æ ¼ç´ã—ã¾ã™ã€‚キーã¯ANSI X9.63フォーマットã«ä¿å­˜ã•れã¾ã™ã€‚outlenã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 ECC_KEYã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æ­£å¸¸ã«è¿”ã•れã¾ã—㟠- \return LENGTH_ONLY_E 出力ãƒãƒƒãƒ•ã‚¡ãŒNULLã«è©•価ã•れã¦ã„ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ãŒã€ä»–ã®2ã¤ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯æœ‰åйã§ã™ã€‚関数ãŒã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ã®ã«å¿…è¦ãªé•·ã•ã‚’è¿”ã™ã ã‘ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ - \return ECC_BAD_ARG_E 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆï¼ˆç„¡åйãªã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒã‚りã¾ã™ï¼‰ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ECCキーをä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã¨ã€å¿…è¦ãªã‚µã‚¤ã‚ºã¯outlenã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E xmallocã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return MP_INIT_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param key エクスãƒãƒ¼ãƒˆã™ã‚‹ECC_KEYオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out ANSI X9.63フォーマット済ã¿ã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ecc_key構造体ã‹ã‚‰ECCキーをエクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outã«æ ¼ç´ã—ã¾ã™ã€‚キーã¯ANSI X9.63å½¢å¼ã§æ ¼ç´ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 ecc_keyã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return LENGTH_ONLY_E 出力ãƒãƒƒãƒ•ã‚¡ãŒNULLã¨è©•価ã•れるãŒã€ä»–ã®2ã¤ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒæœ‰åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚関数ãŒã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã«å¿…è¦ãªé•·ã•ã®ã¿ã‚’è¿”ã—ã¦ã„ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„(無効ãªã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’æŒã¤ï¼‰å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒeccキーを格ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã€å¿…è¦ãªã‚µã‚¤ã‚ºãŒoutLenã§è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out ANSI X9.63å½¢å¼ã®ã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ã‚­ãƒ¼ã®æ ¼ç´ã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ + _Example_ \code int ret; @@ -679,94 +883,110 @@ word32 buffSz = sizeof(buff); ecc_key key; - // initialize key, make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€ã‚­ãƒ¼ã‚’ä½œæˆ ret = wc_ecc_export_x963(&key, buff, &buffSz); if ( ret != 0) { - // error exporting key + // キーã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_export_x963_ex \sa wc_ecc_import_x963 + \sa wc_ecc_make_pub */ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ECCキーをECC_KEY構造体ã‹ã‚‰ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã€çµæžœã‚’OUTã«æ ¼ç´ã—ã¾ã™ã€‚キーã¯ANSI X9.63フォーマットã«ä¿å­˜ã•れã¾ã™ã€‚outlenã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã•れãŸãƒ‘ラメータを介ã—ã¦è¨¼æ˜Žæ›¸ã‚’圧縮ã™ã‚‹è¿½åŠ ã®ã‚ªãƒ—ションを使用ã™ã‚‹ã€‚ã“ã®ãƒ‘ラメータãŒtrueã®å ´åˆã€ã‚­ãƒ¼ã¯ANSI X9.63圧縮形å¼ã§ä¿å­˜ã•れã¾ã™ã€‚ - \return 0 ECC_KEYã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æ­£å¸¸ã«è¿”ã•れã¾ã—㟠- \return NOT_COMPILED_IN hand_comp_keyãŒã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ãªã„å ´åˆã¯è¿”ã•れã¾ã™ãŒã€ã‚­ãƒ¼ã¯åœ§ç¸®å½¢å¼ã§è¦æ±‚ã•れã¾ã—㟠- \return LENGTH_ONLY_E 出力ãƒãƒƒãƒ•ã‚¡ãŒNULLã«è©•価ã•れã¦ã„ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ãŒã€ä»–ã®2ã¤ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯æœ‰åйã§ã™ã€‚関数ãŒã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ã®ã«å¿…è¦ãªé•·ã•ã‚’è¿”ã™ã ã‘ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ - \return ECC_BAD_ARG_E 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆï¼ˆç„¡åйãªã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒã‚りã¾ã™ï¼‰ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ECCキーをä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã¨ã€å¿…è¦ãªã‚µã‚¤ã‚ºã¯outlenã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E xmallocã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return MP_INIT_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param key エクスãƒãƒ¼ãƒˆã™ã‚‹ECC_KEYオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out ANSI X9.63フォーマット済ã¿ã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚キーã®ä¿å­˜ã«æˆåŠŸã—ãŸå ´åˆã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿æŒã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ecc_key構造体ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã€çµæžœã‚’outã«æ ¼ç´ã—ã¾ã™ã€‚キーã¯ANSI X9.63å½¢å¼ã§æ ¼ç´ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€compressedパラメータを通ã˜ã¦è¨¼æ˜Žæ›¸ã‚’圧縮ã™ã‚‹è¿½åŠ ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’æä¾›ã—ã¾ã™ã€‚ã“ã®ãƒ‘ラメータãŒtrueã®å ´åˆã€ã‚­ãƒ¼ã¯ANSI X9.63圧縮形å¼ã§æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 ecc_key公開æˆåˆ†ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_PRIVATEKEY_ONLY ecc_key公開æˆåˆ†ãŒæ¬ è½ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return NOT_COMPILED_IN コンパイル時ã«HAVE_COMP_KEYãŒæœ‰åйã«ãªã£ã¦ã„ãªã„ãŒã€ã‚­ãƒ¼ãŒåœ§ç¸®å½¢å¼ã§è¦æ±‚ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return LENGTH_ONLY_E 出力ãƒãƒƒãƒ•ã‚¡ãŒNULLã¨è©•価ã•れるãŒã€ä»–ã®2ã¤ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒæœ‰åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚関数ãŒå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã«å¿…è¦ãªé•·ã•ã®ã¿ã‚’è¿”ã—ã¦ã„ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„(無効ãªã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’æŒã¤ï¼‰å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã€å¿…è¦ãªã‚µã‚¤ã‚ºãŒoutLenã§è¿”ã•れã¾ã™ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out ANSI X9.63å½¢å¼ã®å…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚公開éµã®æ ¼ç´ã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ + \param compressed キーを圧縮形å¼ã§æ ¼ç´ã™ã‚‹ã‹ã©ã†ã‹ã®æŒ‡æ¨™ã€‚1==圧縮ã€0==éžåœ§ç¸® + _Example_ \code int ret; byte buff[1024]; word32 buffSz = sizeof(buff); ecc_key key; - // initialize key, make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€ã‚­ãƒ¼ã‚’ä½œæˆ ret = wc_ecc_export_x963_ex(&key, buff, &buffSz, 1); if ( ret != 0) { - // error exporting key + // キーã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_export_x963 \sa wc_ecc_import_x963 + \sa wc_ecc_make_pub */ int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ANSI X9.63å½¢å¼ã§ä¿å­˜ã•れã¦ã„るキーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ãƒ‘ブリックECCキーをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ãŒhand_comp_keyオプションを介ã—ã¦ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ã‚‹é™ã‚Šã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ - \return 0 ECC_KEYã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—㟠- \return NOT_COMPILED_IN hand_comp_keyãŒã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ãªã„å ´åˆã¯è¿”ã•れã¾ã™ãŒã€ã‚­ãƒ¼ã¯åœ§ç¸®å½¢å¼ã§ä¿å­˜ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E INã¾ãŸã¯KEYãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯InlenãŒå¶æ•°ã®å ´åˆï¼ˆX9.63è¦æ ¼ã«ã‚ˆã‚Œã°ã€ã‚­ãƒ¼ã¯å¥‡æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“)。 - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return ASN_PARSE_E ECCキーã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ECCã‚­ãƒ¼ãŒæœ‰åйãªANSI X9.63ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã«æ ¼ç´ã•れã¦ã„ãªã„ã“ã¨ã‚’示ã™ã“ã¨ãŒã‚りã¾ã™ã€‚ - \return IS_POINT_E エクスãƒãƒ¼ãƒˆã•れãŸå…¬é–‹éµãŒECC曲線上ã®ç‚¹ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param in ANSI x9.63フォーマットã•れãŸECCキーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + + \brief ã“ã®é–¢æ•°ã¯ã€ANSI X9.63å½¢å¼ã§æ ¼ç´ã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹ECCキーをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«HAVE_COMP_KEYオプションを通ã˜ã¦åœ§ç¸®ã‚­ãƒ¼ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹é™ã‚Šã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ + + \return 0 ecc_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return NOT_COMPILED_IN コンパイル時ã«HAVE_COMP_KEYãŒæœ‰åйã«ãªã£ã¦ã„ãªã„ãŒã€ã‚­ãƒ¼ãŒåœ§ç¸®å½¢å¼ã§æ ¼ç´ã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れる場åˆã€ã¾ãŸã¯inLenãŒå¶æ•°ã®å ´åˆã«è¿”ã•れã¾ã™ï¼ˆx9.63標準ã«ã‚ˆã‚‹ã¨ã€ã‚­ãƒ¼ã¯å¥‡æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“) + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E ECCキーã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ECCã‚­ãƒ¼ãŒæœ‰åйãªANSI X9.63å½¢å¼ã§æ ¼ç´ã•れã¦ã„ãªã„ã“ã¨ã‚’示ã™å¯èƒ½æ€§ãŒã‚りã¾ã™ + \return IS_POINT_E エクスãƒãƒ¼ãƒˆã•れãŸå…¬é–‹éµãŒECC曲線上ã®ãƒã‚¤ãƒ³ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param in ANSI x9.63å½¢å¼ã®ECCキーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param key インãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int ret; - byte buff[] = { initialize with ANSI X9.63 formatted key }; + byte buff[] = { ANSI X9.63å½¢å¼ã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; ecc_key pubKey; wc_ecc_init(&pubKey); ret = wc_ecc_import_x963(buff, sizeof(buff), &pubKey); if ( ret != 0) { - // error importing key + // キーã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_export_x963 \sa wc_ecc_import_private_key */ @@ -775,41 +995,48 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ç”Ÿã®ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¨ã€ANSI X9.63フォーマットã•れãŸå…¬é–‹éµã‚’å«ã‚€2番目ã®ãƒãƒƒãƒ•ァーã‹ã‚‰ãƒ‘ブリック/プライベートECCキーã®ãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ãŒhand_comp_keyオプションを介ã—ã¦ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ã‚‹é™ã‚Šã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ - \return 0 habe_comp_keyãŒã‚³ãƒ³ãƒ‘ã‚¤ãƒ«æ™‚ã«æœ‰åйã«ãªã£ã¦ã„ãªã„å ´åˆã¯ã€ecc_key not_compiled_inを正常ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã—ãŸãŒã€ã‚­ãƒ¼ã¯åœ§ç¸®å½¢å¼ã§ä¿å­˜ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E INã¾ãŸã¯KEYãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯InlenãŒå¶æ•°ã®å ´åˆï¼ˆX9.63è¦æ ¼ã«ã‚ˆã‚Œã°ã€ã‚­ãƒ¼ã¯å¥‡æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“)。 - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return ASN_PARSE_E ECCキーã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ECCã‚­ãƒ¼ãŒæœ‰åйãªANSI X9.63ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã«æ ¼ç´ã•れã¦ã„ãªã„ã“ã¨ã‚’示ã™ã“ã¨ãŒã‚りã¾ã™ã€‚ - \return IS_POINT_E エクスãƒãƒ¼ãƒˆã•れãŸå…¬é–‹éµãŒECC曲線上ã®ç‚¹ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param priv RAW秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param privSz 秘密éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param pub ANSI x9.63フォーマットã•れãŸECC公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pubSz 公開éµå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + + \brief ã“ã®é–¢æ•°ã¯ã€ç”Ÿã®ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¨ANSI X9.63å½¢å¼ã®å…¬é–‹éµã‚’å«ã‚€2番目ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹/秘密ECCキーペアをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«HAVE_COMP_KEYオプションを通ã˜ã¦åœ§ç¸®ã‚­ãƒ¼ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹é™ã‚Šã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ + + \return 0 ecc_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + NOT_COMPILED_IN コンパイル時ã«HAVE_COMP_KEYãŒæœ‰åйã«ãªã£ã¦ã„ãªã„ãŒã€ã‚­ãƒ¼ãŒåœ§ç¸®å½¢å¼ã§æ ¼ç´ã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れる場åˆã€ã¾ãŸã¯inLenãŒå¶æ•°ã®å ´åˆã«è¿”ã•れã¾ã™ï¼ˆx9.63標準ã«ã‚ˆã‚‹ã¨ã€ã‚­ãƒ¼ã¯å¥‡æ•°ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“) + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E ECCキーã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ECCã‚­ãƒ¼ãŒæœ‰åйãªANSI X9.63å½¢å¼ã§æ ¼ç´ã•れã¦ã„ãªã„ã“ã¨ã‚’示ã™å¯èƒ½æ€§ãŒã‚りã¾ã™ + \return IS_POINT_E エクスãƒãƒ¼ãƒˆã•れãŸå…¬é–‹éµãŒECC曲線上ã®ãƒã‚¤ãƒ³ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param priv 生ã®ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param privSz 秘密éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param pub ANSI x9.63å½¢å¼ã®ECC公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubSz 公開éµå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†/公開éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int ret; - byte pub[] = { initialize with ANSI X9.63 formatted key }; - byte priv[] = { initialize with the raw private key }; + byte pub[] = { ANSI X9.63å½¢å¼ã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; + byte priv[] = { 生ã®ç§˜å¯†éµã§åˆæœŸåŒ– }; ecc_key key; wc_ecc_init(&key); ret = wc_ecc_import_private_key(priv, sizeof(priv), pub, sizeof(pub), &key); if ( ret != 0) { - // error importing key + // キーã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_export_x963 \sa wc_ecc_import_private_key */ @@ -819,39 +1046,45 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ECCã‚·ã‚°ãƒãƒãƒ£ã®R部分ã¨S部分をDER符å·åŒ–ECDSAã‚·ã‚°ãƒãƒãƒ£ã«å¤‰æ›ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€outlenã§ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•も記憶ã•れã¦ã„ã¾ã™ã€‚ - \return 0 ç½²åã®å¤‰æ›ã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã—㟠- \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ãŒDERエンコードã•れãŸECDSAã‚·ã‚°ãƒãƒãƒ£ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ECC_KEYã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param r ç½²åã®R部分を文字列ã¨ã—ã¦å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param s ã‚·ã‚°ãƒãƒãƒ£ã®S部分をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿æ–‡å­—列ã¨ã—ã¦ã®ãƒã‚¤ãƒ³ã‚¿ - \param out DERエンコードã•れãŸECDSAã‚·ã‚°ãƒãƒãƒ£ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ECCç½²åã®Rã¨S部分をDERエンコードã•れãŸECDSAç½²åã«å¤‰æ›ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡outã«æ›¸ãè¾¼ã¾ã‚ŒãŸé•·ã•ã‚‚outlenã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 ç½²åã®å¤‰æ›ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã¨è©•価ã•れる場åˆã€ã¾ãŸã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ãŒDERエンコードã•れãŸECDSAç½²åã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ecc_keyã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param r 文字列ã¨ã—ã¦ç½²åã®R部分をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param s 文字列ã¨ã—ã¦ç½²åã®S部分をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out DERエンコードã•れãŸECDSAç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outlen 利用å¯èƒ½ãªå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。署åã‚’ECDSAå½¢å¼ã«æ­£å¸¸ã«å¤‰æ›ã—ãŸå¾Œã€ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ + _Example_ \code int ret; ecc_key key; - // initialize key, generate R and S + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€Rã¨Sã‚’ç”Ÿæˆ - char r[] = { initialize with R }; - char s[] = { initialize with S }; + char r[] = { Rã§åˆæœŸåŒ– }; + char s[] = { Sã§åˆæœŸåŒ– }; byte sig[wc_ecc_sig_size(key)]; - // signature size will be 2 * ECC key size + ~10 bytes for ASN.1 overhead + // ç½²åサイズã¯2 * ECCキーサイズ + ASN.1オーãƒãƒ¼ãƒ˜ãƒƒãƒ‰ç”¨ã®ç´„10ãƒã‚¤ãƒˆã«ãªã‚Šã¾ã™ word32 sigSz = sizeof(sig); ret = wc_ecc_rs_to_sig(r, s, sig, &sigSz); if ( ret != 0) { - // error converting parameters to signature + // パラメータã‹ã‚‰ç½²åã¸ã®å¤‰æ›ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_sign_hash \sa wc_ecc_sig_size */ @@ -860,40 +1093,46 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ECCç½²åã®RAWæˆåˆ†ã‚’æŒã¤ECC_KEY構造体を埋ã‚ã¾ã™ã€‚ - \return 0 ECC_Keyæ§‹é€ ä½“ã«æ­£å¸¸ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れãŸã¨ãã«è¿”ã•れã¾ã™ - \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ECC_Keyã®ãƒ‘ラメータを格ç´ã™ã‚‹ãŸã‚ã®ã‚¨ãƒ©ãƒ¼ã®åˆæœŸåŒ–スペースãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 入力カーベナデãŒECC_SETSã§å®šç¾©ã•れã¦ã„ãªã„å ´åˆ - \return MP_INIT_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param key 塗りã¤ã¶ã™ãŸã‚ã®ECC_KEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param qx ASCII六角文字列ã¨ã—ã¦åŸºç‚¹ã®Xコンãƒãƒ¼ãƒãƒ³ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param qy ASCII六角文字列ã¨ã—ã¦åŸºç‚¹ã®Yæˆåˆ†ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param d ASCII hex文字列ã¨ã—ã¦ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ECCç½²åã®ç”Ÿã®æˆåˆ†ã§ecc_key構造体を埋ã‚ã¾ã™ã€‚ + + \return 0 ecc_key構造体ã¸ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E ecc_keyã®ãƒ‘ラメータを格ç´ã™ã‚‹ãŸã‚ã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 入力curveNameãŒecc_setsã§å®šç¾©ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 埋ã‚ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param qx ASCII 16進文字列ã¨ã—ã¦åŸºç‚¹ã®xæˆåˆ†ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param qy ASCII 16進文字列ã¨ã—ã¦åŸºç‚¹ã®yæˆåˆ†ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param d ASCII 16進文字列ã¨ã—ã¦ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param curveName ecc_setsã«ã‚ã‚‹ECC曲線åã‚’å«ã‚€æ–‡å­—列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int ret; ecc_key key; wc_ecc_init(&key); - char qx[] = { initialize with x component of base point }; - char qy[] = { initialize with y component of base point }; - char d[] = { initialize with private key }; + char qx[] = { 基点ã®xæˆåˆ†ã§åˆæœŸåŒ– }; + char qy[] = { 基点ã®yæˆåˆ†ã§åˆæœŸåŒ– }; + char d[] = { 秘密éµã§åˆæœŸåŒ– }; ret = wc_ecc_import_raw(&key,qx, qy, d, "ECC-256"); if ( ret != 0) { - // error initializing key with given inputs + // 指定ã•れãŸå…¥åŠ›ã§ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã®ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_import_private_key */ @@ -902,37 +1141,43 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ECC_KEY構造体ã‹ã‚‰ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã€outlenã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ECC_Keyã®ãƒ‘ラメータを格ç´ã™ã‚‹ãŸã‚ã®ã‚¨ãƒ©ãƒ¼ã®åˆæœŸåŒ–スペースãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_PARSE_E 入力カーベナデãŒECC_SETSã§å®šç¾©ã•れã¦ã„ãªã„å ´åˆ - \return MP_INIT_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param key 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ECC_Key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ecc_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E ecc_keyã®ãƒ‘ラメータを格ç´ã™ã‚‹ãŸã‚ã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 入力curveNameãŒecc_setsã§å®šç¾©ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM 入力パラメータã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§è¨­å®šã•れã¾ã™ + _Example_ \code int ret; ecc_key key; - // initialize key, make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€ã‚­ãƒ¼ã‚’ä½œæˆ char priv[ECC_KEY_SIZE]; word32 privSz = sizeof(priv); ret = wc_ecc_export_private_only(&key, priv, &privSz); if ( ret != 0) { - // error exporting private key + // 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_import_private_key */ @@ -940,15 +1185,20 @@ /*! \ingroup ECC - \brief DERã¸ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆãƒã‚¤ãƒ³ãƒˆã€‚ - \return 0 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return ECC_BAD_ARG_E curve_idxãŒ0未満ã¾ãŸã¯ç„¡åйã§ã‚ã‚‹å ´åˆã¯è¿”ã—ã¾ã™ã€‚ã„ã¤æ¥ã‚‹ã®ã‹ - \return LENGTH_ONLY_E outlenã¯è¨­å®šã•れã¦ã„ã¾ã™ãŒã€ä»–ã«ã¯ã‚りã¾ã›ã‚“。 - \return BUFFER_E outlennãŒ1 + 2 *曲線サイズよりもå°ã•ã„å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param curve_idx ECC_SETSã‹ã‚‰ä½¿ç”¨ã•れる曲線ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ - \param point Derã¸ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚’指ã™ã€‚ - \param out 出力ã®ç›®çš„地 + + \brief ãƒã‚¤ãƒ³ãƒˆã‚’derå½¢å¼ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E curve_idxãŒ0未満ã¾ãŸã¯ç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€æ¬¡ã®å ´åˆã«ã‚‚è¿”ã•れã¾ã™ + \return LENGTH_ONLY_E outLenãŒè¨­å®šã•れã¦ã„ã‚‹ãŒä»–ã¯ä½•ã‚‚ãªã„。 + \return BUFFER_E outLenãŒ1 + 2 * カーブサイズ未満ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param curve_idx ecc_setsã‹ã‚‰ä½¿ç”¨ã•れるカーブã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + \param point derã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ãƒã‚¤ãƒ³ãƒˆã€‚ + \param out 出力ã®å‡ºåŠ›å…ˆã€‚ + \param outLen 出力ã«è¨±å¯ã•れる最大サイズã€å‡ºåŠ›ã®æœ€çµ‚サイズã®å‡ºåŠ›å…ˆ + _Example_ \code int curve_idx; @@ -957,6 +1207,7 @@ word32 outLen; wc_ecc_export_point_der(curve_idx, point, out, &outLen); \endcode + \sa wc_ecc_import_point_der */ @@ -965,14 +1216,19 @@ /*! \ingroup ECC - \brief Derフォーマットã‹ã‚‰ã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆãƒã‚¤ãƒ³ãƒˆã€‚ - \return ECC_BAD_ARG_E 引数ãŒnullã®å ´åˆã€ã¾ãŸã¯InlenãŒå¶æ•°ã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E ã‚¨ãƒ©ãƒ¼åˆæœŸåŒ–ãŒã‚ã‚‹å ´åˆã«è¿”ã—ã¾ã™ - \return NOT_COMPILED_IN habe_comp_keyãŒçœŸå®Ÿã§ãªã„å ´åˆã¯è¿”ã•れã€inã¯åœ§ç¸®è¨¼æ˜Žæ›¸ã§ã™ - \return MP_OKAY æ“ä½œãŒæˆåŠŸã—ã¾ã—ãŸã€‚ - \param in ã‹ã‚‰ã®ãƒã‚¤ãƒ³ãƒˆã‚’インãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®Der Buffer。 - \param inLen DERãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param curve_idx 曲線ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ + + \brief derå½¢å¼ã‹ã‚‰ãƒã‚¤ãƒ³ãƒˆã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å¼•æ•°ãŒnullã®å ´åˆã€ã¾ãŸã¯inLenãŒå¶æ•°ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return NOT_COMPILED_IN HAVE_COMP_KEYãŒtrueã§ãªãã€inãŒåœ§ç¸®è¨¼æ˜Žæ›¸ã®å ´åˆã«è¿”ã•れã¾ã™ + \return MP_OKAY æ“ä½œãŒæˆåŠŸã—ã¾ã—ãŸã€‚ + + \param in ãƒã‚¤ãƒ³ãƒˆã‚’インãƒãƒ¼ãƒˆã™ã‚‹derãƒãƒƒãƒ•ァ。 + \param inLen derãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param curve_idx カーブã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + \param point ãƒã‚¤ãƒ³ãƒˆã®å‡ºåŠ›å…ˆã€‚ + _Example_ \code byte in[]; @@ -981,27 +1237,34 @@ ecc_point* point; wc_ecc_import_point_der(in, inLen, curve_idx, point); \endcode + \sa wc_ecc_export_point_der */ -int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, +int wc_ecc_import_point_der(const byte* in, word32 inLen, const int curve_idx, ecc_point* point); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ecc_key構造体ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’オクテットã§è¿”ã—ã¾ã™ã€‚ - \return Given 有効ãªã‚­ãƒ¼ã€ã‚ªã‚¯ãƒ†ãƒƒãƒˆã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ - \return 0 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ecc_key構造体ã®ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’オクテットå˜ä½ã§è¿”ã—ã¾ã™ã€‚ + + \return Given a valid key, 有効ãªã‚­ãƒ¼ãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚’オクテットå˜ä½ã§è¿”ã—ã¾ã™ + \return 0 指定ã•れãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \param key キーサイズをå–å¾—ã™ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int keySz; ecc_key key; - // initialize key, make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€ã‚­ãƒ¼ã‚’ä½œæˆ keySz = wc_ecc_size(&key); if ( keySz == 0) { - // error determining key size + // キーサイズã®åˆ¤å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_make_key */ @@ -1009,15 +1272,21 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€æ¬¡ã®ã‚ˆã†ã«ã—ã¦æŒ‡å®šã•れãŸECCã‚·ã‚°ãƒãƒãƒ£ã®æœ€æ‚ªã®å ´åˆã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚(KEYSZ * 2)+ SIG_HEADER_SZ + ECC_MAX_PAD_SZ。実際ã®ã‚·ã‚°ãƒãƒãƒ£ã‚µã‚¤ã‚ºã¯ã€WC_ECC_SIGN_HASHã§è¨ˆç®—ã§ãã¾ã™ã€‚ - \return returns 最大署åサイズ(オクテット) + + \brief ã“ã®é–¢æ•°ã¯ã€ECCç½²åã®æœ€æ‚ªã®å ´åˆã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ï¼ˆkeySz * 2)+ SIG_HEADER_SZ + ECC_MAX_PAD_SZã§ä¸Žãˆã‚‰ã‚Œã¾ã™ã€‚実際ã®ç½²åサイズã¯ã€wc_ecc_sign_hashã§è¨ˆç®—ã§ãã¾ã™ã€‚ + + \return returns 最大署åサイズをオクテットå˜ä½ã§è¿”ã—ã¾ã™ + + \param key size キーサイズ + _Example_ \code int sigSz = wc_ecc_sig_size_calc(32); if ( sigSz == 0) { - // error determining sig size + // ç½²åサイズã®åˆ¤å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_sign_hash \sa wc_ecc_sig_size */ @@ -1027,33 +1296,44 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€æ¬¡ã®ã‚ˆã†ã«ã—ã¦æŒ‡å®šã•れãŸECCã‚·ã‚°ãƒãƒãƒ£ã®æœ€æ‚ªã®å ´åˆã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚(KEYSZ * 2)+ SIG_HEADER_SZ + ECC_MAX_PAD_SZ。実際ã®ã‚·ã‚°ãƒãƒãƒ£ã‚µã‚¤ã‚ºã¯ã€WC_ECC_SIGN_HASHã§è¨ˆç®—ã§ãã¾ã™ã€‚ - \return Success 有効ãªã‚­ãƒ¼ã‚’考ãˆã‚‹ã¨ã€æœ€å¤§ç½²åサイズをオクテットã§è¿”ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ECCç½²åã®æœ€æ‚ªã®å ´åˆã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ï¼ˆkeySz * 2)+ SIG_HEADER_SZ + ECC_MAX_PAD_SZã§ä¸Žãˆã‚‰ã‚Œã¾ã™ã€‚実際ã®ç½²åサイズã¯ã€wc_ecc_sign_hashã§è¨ˆç®—ã§ãã¾ã™ã€‚ + \return Success 有効ãªã‚­ãƒ¼ãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€æœ€å¤§ç½²åサイズをオクテットå˜ä½ã§è¿”ã—ã¾ã™ + \return 0 指定ã•れãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \param key ç½²åサイズをå–å¾—ã™ã‚‹ecc_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int sigSz; ecc_key key; - // initialize key, make key + // ã‚­ãƒ¼ã‚’åˆæœŸåŒ–ã—ã€ã‚­ãƒ¼ã‚’ä½œæˆ sigSz = wc_ecc_sig_size(&key); if ( sigSz == 0) { - // error determining sig size + // ç½²åサイズã®åˆ¤å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_sign_hash \sa wc_ecc_sig_size_calc */ -int wc_ecc_sig_size(ecc_key* key); +int wc_ecc_sig_size(const ecc_key* key); /*! \ingroup ECC - \brief ã“ã®æ©Ÿèƒ½ã¯ã€ECCã¨ã®å®‰å…¨ãªãƒ¡ãƒƒã‚»ãƒ¼ã‚¸äº¤æ›ã‚’å¯èƒ½ã«ã™ã‚‹ãŸã‚ã«ã€æ–°ã—ã„ECCコンテキストオブジェクトã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return Success æ–°ã—ã„ECENCCTXオブジェクトã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã¯ã€ãã®ã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ - \return NULL é–¢æ•°ãŒæ–°ã—ã„ECENCCTXオブジェクトを生æˆã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ - \param flags ã“れãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚ªãƒ—ションãŒã‚ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã¾ã™.req_resp_clientã€ãŠã‚ˆã³req_resp_server + + \brief ã“ã®é–¢æ•°ã¯ã€ECCを使用ã—ãŸå®‰å…¨ãªãƒ¡ãƒƒã‚»ãƒ¼ã‚¸äº¤æ›ã‚’å¯èƒ½ã«ã™ã‚‹ãŸã‚ã«ã€æ–°ã—ã„ECCコンテキストオブジェクト用ã®ã‚¹ãƒšãƒ¼ã‚¹ã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return Success æ–°ã—ã„ecEncCtxオブジェクトã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€ãã®ã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + \return NULL é–¢æ•°ãŒæ–°ã—ã„ecEncCtxオブジェクトã®ç”Ÿæˆã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param flags ã“れãŒã‚µãƒ¼ãƒãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‹ã‚’示ã—ã¾ã™ + オプションã¯ï¼šREQ_RESP_CLIENTãŠã‚ˆã³REQ_RESP_SERVER + \param rng ソルトを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecEncCtx* ctx; @@ -1061,9 +1341,10 @@ wc_InitRng(&rng); ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); if(ctx == NULL) { - // error generating new ecEncCtx object + // æ–°ã—ã„ecEncCtxオブジェクトã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_encrypt \sa wc_ecc_encrypt_ex \sa wc_ecc_decrypt @@ -1073,62 +1354,80 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã¨å¾©å·åŒ–ã«ä½¿ç”¨ã•れるECENCCTXオブジェクトを解放ã—ã¾ã™ã€‚ - \return none 戻り値。 + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã¨å¾©å·ã«ä½¿ç”¨ã•れるecEncCtxオブジェクトを解放ã—ã¾ã™ã€‚ + + \return none 返り値ãªã—。 + + \param ctx 解放ã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecEncCtx* ctx; WC_RNG rng; wc_InitRng(&rng); ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); - // do secure communication + // 安全ãªé€šä¿¡ã‚’行ㆠ... wc_ecc_ctx_free(&ctx); \endcode + \sa wc_ecc_ctx_new */ -void wc_ecc_ctx_free(ecEncCtx*); +void wc_ecc_ctx_free(ecEncCtx* ctx); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ECENCCTX構造をリセットã—ã¦ã€æ–°ã—ã„コンテキストオブジェクトを解放ã—ã€æ–°ã—ã„コンテキストオブジェクトを割り当ã¦ã¾ã™ã€‚ - \return 0 ecencctxæ§‹é€ ãŒæ­£å¸¸ã«ãƒªã‚»ãƒƒãƒˆã•れãŸå ´åˆã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG RNGã¾ãŸã¯CTXãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ - \return RNG_FAILURE_E ECCã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã«æ–°ã—ã„ソルトを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \param ctx リセットã™ã‚‹ECENCCTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æ–°ã—ã„コンテキストオブジェクトを解放ã—ã¦å‰²ã‚Šå½“ã¦ã‚‹å¿…è¦ãŒãªã„よã†ã«ã€ecEncCtx構造体をリセットã—ã¾ã™ã€‚ + + \return 0 ecEncCtxæ§‹é€ ä½“ãŒæ­£å¸¸ã«ãƒªã‚»ãƒƒãƒˆã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG rngã¾ãŸã¯ctxã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E ECCã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆç”¨ã®æ–°ã—ã„ソルトを生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param ctx リセットã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng æ–°ã—ã„ソルトを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecEncCtx* ctx; WC_RNG rng; wc_InitRng(&rng); ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); - // do secure communication + // 安全ãªé€šä¿¡ã‚’行ㆠ... wc_ecc_ctx_reset(&ctx, &rng); - // do more secure communication + // ã•らã«å®‰å…¨ãªé€šä¿¡ã‚’行ㆠ\endcode + \sa wc_ecc_ctx_new */ -int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng); /* reset for use again w/o alloc/free */ +int wc_ecc_ctx_reset(ecEncCtx* ctx, WC_RNG* rng); /* 割り当ã¦/解放ãªã—ã§å†ä½¿ç”¨ã®ãŸã‚ã«ãƒªã‚»ãƒƒãƒˆ */ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€wc_ecc_ctx_newã®å¾Œã«ã‚ªãƒ—ションã§å‘¼ã³å‡ºã•れるã“ã¨ãŒã§ãã¾ã™ã€‚æš—å·åŒ–ã€KDFã€ãŠã‚ˆã³MACアルゴリズムをECENCENCCTXオブジェクトã«è¨­å®šã—ã¾ã™ã€‚ - \return 0 ECENCCTXã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æƒ…報を正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 指定ã•れãŸecencctxオブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx 情報を設定ã™ã‚‹ECENCCTXã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param encAlgo 使用ã™ã‚‹æš—å·åŒ–アルゴリズム - \param kdfAlgo 使用ã™ã‚‹KDFアルゴリズム + + \brief ã“ã®é–¢æ•°ã¯ã€wc_ecc_ctx_newã®å¾Œã«ã‚ªãƒ—ションã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ecEncCtxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã«æš—å·åŒ–ã€KDFã€ãŠã‚ˆã³MACアルゴリズムを設定ã—ã¾ã™ã€‚ + + \return 0 ecEncCtxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æƒ…報を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸecEncCtxオブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx 情報を設定ã™ã‚‹ecEncCtxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param encAlgo 使用ã™ã‚‹æš—å·åŒ–アルゴリズム。 + \param kdfAlgo 使用ã™ã‚‹KDFアルゴリズム。 + \param macAlgo 使用ã™ã‚‹MACアルゴリズム。 + _Example_ \code ecEncCtx* ctx; - // initialize ctx + // ctxã‚’åˆæœŸåŒ– if(wc_ecc_ctx_set_algo(&ctx, ecAES_128_CTR, ecHKDF_SHA256, ecHMAC_SHA256))) { - // error setting info + // 情報設定エラー } \endcode + \sa wc_ecc_ctx_new */ @@ -1137,9 +1436,14 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ECENCENCCTXオブジェクトã®ã‚½ãƒ«ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ECENCCTXã®çŠ¶æ…‹ãŒECSRV_INITã¾ãŸã¯ECCLI_INITã®å ´åˆã«ã®ã¿å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return æˆåŠŸã™ã‚‹ã¨ ã€ecEncCtx ソルトを返ã—ã¾ã™ - \return NULL ecencctxオブジェクトãŒNULLã®å ´åˆã€ã¾ãŸã¯ECENCCTXã®çŠ¶æ…‹ãŒECSRV_INITã¾ãŸã¯ECCLI_INITã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚後者ã®2ã¤ã®ã‚±ãƒ¼ã‚¹ã§ã¯ã€ã“ã®æ©Ÿèƒ½ã¯ãれãžã‚ŒECSRV_BAD_STATEã¾ãŸã¯ECCLI_BAD_STATEã«ECENCCTXã®çŠ¶æ…‹ã‚’è¨­å®šã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ecEncCtxオブジェクトã®ã‚½ãƒ«ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ecEncCtxã®çŠ¶æ…‹ãŒecSRV_INITã¾ãŸã¯ecCLI_INITã®å ´åˆã«ã®ã¿å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return Success æˆåŠŸæ™‚ã«ã€ecEncCtxソルトを返ã—ã¾ã™ + \return NULL ecEncCtxオブジェクトãŒNULLã®å ´åˆã€ã¾ãŸã¯ecEncCtxã®çŠ¶æ…‹ãŒecSRV_INITã¾ãŸã¯ecCLI_INITã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚後者ã®2ã¤ã®ã‚±ãƒ¼ã‚¹ã§ã¯ã€ã“ã®é–¢æ•°ã¯ecEncCtxã®çŠ¶æ…‹ã‚’ãれãžã‚ŒecSRV_BAD_STATEã¾ãŸã¯ecCLI_BAD_STATEã«è¨­å®šã—ã¾ã™ + + \param ctx ソルトをå–å¾—ã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecEncCtx* ctx; @@ -1149,22 +1453,29 @@ ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); salt = wc_ecc_ctx_get_own_salt(&ctx); if(salt == NULL) { - // error getting salt + // ソルトå–得エラー } \endcode + \sa wc_ecc_ctx_new \sa wc_ecc_ctx_set_peer_salt + \sa wc_ecc_ctx_set_kdf_salt */ const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€ECENCENCCTXオブジェクトã®ãƒ”アソルトを設定ã—ã¾ã™ã€‚ - \return 0 ECENCCTXオブジェクトã®ãƒ”アソルトã®è¨­å®šã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 指定ã•れãŸecencctxオブジェクトãŒnullã¾ãŸã¯ç„¡åйãªãƒ—ロトコルãŒã‚ã‚‹å ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚½ãƒ«ãƒˆãŒNULLã®å ´åˆ - \return BAD_ENC_STATE_E ecencctxã®çŠ¶æ…‹ãŒECSRV_SALT_GETã¾ãŸã¯ECCLI_SALT_GETã®å ´åˆã«è¿”ã•れã¾ã™ã€‚後者ã®2ã¤ã®ã‚±ãƒ¼ã‚¹ã§ã¯ã€ã“ã®æ©Ÿèƒ½ã¯ãれãžã‚ŒECSRV_BAD_STATEã¾ãŸã¯ECCLI_BAD_STATEã«ECENCCTXã®çŠ¶æ…‹ã‚’è¨­å®šã—ã¾ã™ã€‚ - \param ctx ソルトを設定ã™ã‚‹ãŸã‚ã®ecencctxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ecEncCtxオブジェクトã®ãƒ”アソルトを設定ã—ã¾ã™ã€‚ + + \return 0 ecEncCtxオブジェクトã®ãƒ”アソルトを正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸecEncCtxオブジェクトãŒNULLã¾ãŸã¯ç„¡åйãªãƒ—ロトコルをæŒã¤å ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚½ãƒ«ãƒˆãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_ENC_STATE_E ecEncCtxã®çŠ¶æ…‹ãŒecSRV_SALT_GETã¾ãŸã¯ecCLI_SALT_GETã®å ´åˆã«è¿”ã•れã¾ã™ã€‚後者ã®2ã¤ã®ã‚±ãƒ¼ã‚¹ã§ã¯ã€ã“ã®é–¢æ•°ã¯ecEncCtxã®çŠ¶æ…‹ã‚’ãれãžã‚ŒecSRV_BAD_STATEã¾ãŸã¯ecCLI_BAD_STATEã«è¨­å®šã—ã¾ã™ + + \param ctx ソルトを設定ã™ã‚‹ecEncCtxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param salt ピアã®ã‚½ãƒ«ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ecEncCtx* cliCtx, srvCtx; @@ -1180,27 +1491,67 @@ srvSalt = wc_ecc_ctx_get_own_salt(&srvCtx); ret = wc_ecc_ctx_set_peer_salt(&cliCtx, srvSalt); \endcode + \sa wc_ecc_ctx_get_own_salt + \sa wc_ecc_ctx_set_kdf_salt */ int wc_ecc_ctx_set_peer_salt(ecEncCtx* ctx, const byte* salt); /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯ã€wc_ecc_ctx_set_peer_saltã®å‰å¾Œã«ã‚ªãƒ—ションã§å‘¼ã³å‡ºã•れるã“ã¨ãŒã§ãã¾ã™ã€‚ECENCCTXオブジェクトã®ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã®æƒ…報を設定ã—ã¾ã™ã€‚ - \return 0 ECENCCTXã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æƒ…報を正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸECENCCTXオブジェクトãŒNULLã®å ´åˆã€å…¥åŠ›æƒ…å ±ã¯NULLã¾ãŸã¯ã‚µã‚¤ã‚ºãŒç„¡åйã§ã™ã€‚ - \param ctx 情報を設定ã™ã‚‹ECENCCTXã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param info 設定ã™ã‚‹æƒ…報をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€KDFã§ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆãƒã‚¤ãƒ³ã‚¿ã¨é•·ã•ã‚’ecEncCtxオブジェクトã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 ecEncCtxオブジェクトã®ã‚½ãƒ«ãƒˆã‚’正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸecEncCtxオブジェクトãŒNULLã®å ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚½ãƒ«ãƒˆãŒNULLã§é•·ã•ãŒNULLã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx ソルトを設定ã™ã‚‹ecEncCtxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param salt ソルトãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz ソルトã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + + _Example_ + \code + ecEncCtx* srvCtx; + WC_RNG rng; + byte cliSalt[] = { 固定ソルトデータ }; + word32 cliSaltLen = (word32)sizeof(cliSalt); + int ret; + + wc_InitRng(&rng); + cliCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); + + ret = wc_ecc_ctx_set_kdf_salt(&cliCtx, cliSalt, cliSaltLen); + \endcode + + \sa wc_ecc_ctx_get_own_salt + \sa wc_ecc_ctx_get_peer_salt +*/ + +int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz); + +/*! + \ingroup ECC + + \brief ã“ã®é–¢æ•°ã¯ã€wc_ecc_ctx_set_peer_saltã®å‰ã¾ãŸã¯å¾Œã«ã‚ªãƒ—ションã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ecEncCtxオブジェクトã®ã‚ªãƒ—ション情報を設定ã—ã¾ã™ã€‚ + + \return 0 ecEncCtxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æƒ…報を正常ã«è¨­å®šã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸecEncCtxオブジェクトãŒNULLã®å ´åˆã€å…¥åŠ›infoãŒNULLã®å ´åˆã€ã¾ãŸã¯ãã®ã‚µã‚¤ã‚ºãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ + + \param ctx 情報を設定ã™ã‚‹ecEncCtxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param info 設定ã™ã‚‹æƒ…報をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz infoãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code ecEncCtx* ctx; - byte info[] = { initialize with information }; - // initialize ctx, get salt, + byte info[] = { 情報ã§åˆæœŸåŒ– }; + // ctxã‚’åˆæœŸåŒ–ã€ã‚½ãƒ«ãƒˆã‚’å–得〠if(wc_ecc_ctx_set_info(&ctx, info, sizeof(info))) { - // error setting info + // 情報設定エラー } \endcode + \sa wc_ecc_ctx_new */ @@ -1208,36 +1559,42 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’MSGã‹ã‚‰OUTã«æš—å·åŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ãƒ‘ラメータã¨ã—ã¦ã‚ªãƒ—ションã®CTXオブジェクトをå–りã¾ã™ã€‚æä¾›ã•れã¦ã„ã‚‹å ´åˆã€ECENCCTXã®Encalgoã€Kdfalgoã€ãŠã‚ˆã³Macalgoã«åŸºã¥ã„ã¦æš—å·åŒ–ãŒé€²ã¿ã¾ã™ã€‚CTXãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€å‡¦ç†ã¯ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€ECAES_128_CBCã€ECHKDF_SHA256ã€ECHMAC_SHA256ã§å®Œäº†ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒCTXã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¾“ã£ã¦åŸ‹ã‚è¾¼ã¾ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG PRIVKEYã€PUBKEYã€MSGã€MSGSZã€OUTã€OUTSZãŒNULLã®å ´åˆã€ã¾ãŸã¯CTXオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¾ã™ã€‚ - \return BAD_ENC_STATE_E 指定ã•れãŸCTXã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒæš—å·åŒ–ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 指定ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E 共有秘密éµã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param privKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ECC_KEYオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pubKey コミュニケーションを希望ã™ã‚‹ãƒ”ã‚¢ã®å…¬é–‹éµã‚’å«ã‚€ECC_Keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msg æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msgSz æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz OUTãƒãƒƒãƒ•ァ内ã®ä½¿ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€Word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€msgã‹ã‚‰outã¸æŒ‡å®šã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚ªãƒ—ションã®ctxオブジェクトをパラメータã¨ã—ã¦å—ã‘å–りã¾ã™ã€‚æä¾›ã•れãŸå ´åˆã€æš—å·åŒ–ã¯ecEncCtxã®encAlgoã€kdfAlgoã€ãŠã‚ˆã³macAlgoã«åŸºã¥ã„ã¦é€²è¡Œã—ã¾ã™ã€‚ctxãŒæä¾›ã•れãªã„å ´åˆã€ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ecAES_128_CBCã€ecHKDF_SHA256ã€ãŠã‚ˆã³ecHMAC_SHA256ã§å‡¦ç†ãŒå®Œäº†ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã§ã¯ã€ctxã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¿œã˜ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒãƒ‘ディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG privKeyã€pubKeyã€msgã€msgSzã€outã€ã¾ãŸã¯outSzãŒNULLã®å ´åˆã€ã¾ãŸã¯ctxオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_ENC_STATE_E 指定ã•れãŸctxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒæš—å·åŒ–ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒæš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 共有秘密éµç”¨ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param privKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubKey 通信ã—ãŸã„ピアã®å…¬é–‹éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msg æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msgSz æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz outãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ + \param ctx オプション:使用ã™ã‚‹ç•°ãªã‚‹æš—å·åŒ–アルゴリズムを指定ã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte msg[] = { initialize with msg to encrypt. Ensure padded to block size }; + byte msg[] = { æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ–。ブロックサイズã«ãƒ‘ディングã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª }; byte out[sizeof(msg)]; word32 outSz = sizeof(out); int ret; ecc_key cli, serv; - // initialize cli with private key - // initialize serv with received public key + // cliを秘密éµã§åˆæœŸåŒ– + // servã‚’å—ä¿¡ã—ãŸå…¬é–‹éµã§åˆæœŸåŒ– ecEncCtx* cliCtx, servCtx; - // initialize cliCtx and servCtx - // exchange salts + // cliCtxã¨servCtxã‚’åˆæœŸåŒ– + // ã‚½ãƒ«ãƒˆã‚’äº¤æ› ret = wc_ecc_encrypt(&cli, &serv, msg, sizeof(msg), out, &outSz, cliCtx); if(ret != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_ecc_encrypt_ex \sa wc_ecc_decrypt */ @@ -1247,38 +1604,44 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’MSGã‹ã‚‰OUTã«æš—å·åŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ãƒ‘ラメータã¨ã—ã¦ã‚ªãƒ—ションã®CTXオブジェクトをå–りã¾ã™ã€‚æä¾›ã•れã¦ã„ã‚‹å ´åˆã€ECENCCTXã®Encalgoã€Kdfalgoã€ãŠã‚ˆã³Macalgoã«åŸºã¥ã„ã¦æš—å·åŒ–ãŒé€²ã¿ã¾ã™ã€‚CTXãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€å‡¦ç†ã¯ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€ECAES_128_CBCã€ECHKDF_SHA256ã€ECHMAC_SHA256ã§å®Œäº†ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒCTXã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¾“ã£ã¦åŸ‹ã‚è¾¼ã¾ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG PRIVKEYã€PUBKEYã€MSGã€MSGSZã€OUTã€OUTSZãŒNULLã®å ´åˆã€ã¾ãŸã¯CTXオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¾ã™ã€‚ - \return BAD_ENC_STATE_E 指定ã•れãŸCTXã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒæš—å·åŒ–ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 指定ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E 共有秘密éµã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param privKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ECC_KEYオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pubKey コミュニケーションを希望ã™ã‚‹ãƒ”ã‚¢ã®å…¬é–‹éµã‚’å«ã‚€ECC_Keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msg æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msgSz æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz OUTãƒãƒƒãƒ•ァ内ã®ä½¿ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€Word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param ctx オプション:使用ã™ã‚‹ã•ã¾ã–ã¾ãªæš—å·åŒ–アルゴリズムを指定ã™ã‚‹ECENCCTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€msgã‹ã‚‰outã¸æŒ‡å®šã•れãŸå…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚ªãƒ—ションã®ctxオブジェクトをパラメータã¨ã—ã¦å—ã‘å–りã¾ã™ã€‚æä¾›ã•れãŸå ´åˆã€æš—å·åŒ–ã¯ecEncCtxã®encAlgoã€kdfAlgoã€ãŠã‚ˆã³macAlgoã«åŸºã¥ã„ã¦é€²è¡Œã—ã¾ã™ã€‚ctxãŒæä¾›ã•れãªã„å ´åˆã€ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ecAES_128_CBCã€ecHKDF_SHA256ã€ãŠã‚ˆã³ecHMAC_SHA256ã§å‡¦ç†ãŒå®Œäº†ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã§ã¯ã€ctxã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¿œã˜ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒãƒ‘ディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG privKeyã€pubKeyã€msgã€msgSzã€outã€ã¾ãŸã¯outSzãŒNULLã®å ´åˆã€ã¾ãŸã¯ctxオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_ENC_STATE_E 指定ã•れãŸctxã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆãŒæš—å·åŒ–ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒæš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 共有秘密éµç”¨ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param privKey æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubKey 通信ã—ãŸã„ピアã®å…¬é–‹éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msg æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msgSz æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param out æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz outãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ + \param ctx オプション:使用ã™ã‚‹ç•°ãªã‚‹æš—å·åŒ–アルゴリズムを指定ã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param compressed 公開éµãƒ•ィールドを圧縮形å¼ã§å‡ºåŠ›ã™ã‚‹ã€‚ + _Example_ \code - byte msg[] = { initialize with msg to encrypt. Ensure padded to block size }; + byte msg[] = { æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ–。ブロックサイズã«ãƒ‘ディングã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª }; byte out[sizeof(msg)]; word32 outSz = sizeof(out); int ret; ecc_key cli, serv; - // initialize cli with private key - // initialize serv with received public key + // cliを秘密éµã§åˆæœŸåŒ– + // servã‚’å—ä¿¡ã—ãŸå…¬é–‹éµã§åˆæœŸåŒ– ecEncCtx* cliCtx, servCtx; - // initialize cliCtx and servCtx - // exchange salts + // cliCtxã¨servCtxã‚’åˆæœŸåŒ– + // ã‚½ãƒ«ãƒˆã‚’äº¤æ› ret = wc_ecc_encrypt_ex(&cli, &serv, msg, sizeof(msg), out, &outSz, cliCtx, 1); if(ret != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_ecc_encrypt \sa wc_ecc_decrypt */ @@ -1288,38 +1651,43 @@ /*! \ingroup ECC - \brief ã“ã®é–¢æ•°ã¯MSGã‹ã‚‰OUTã¸ã®æš—å·æ–‡ã‚’復å·åŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ãƒ‘ラメータã¨ã—ã¦ã‚ªãƒ—ションã®CTXオブジェクトをå–りã¾ã™ã€‚æä¾›ã•れã¦ã„ã‚‹å ´åˆã€ECENCCTXã®Encalgoã€Kdfalgoã€ãŠã‚ˆã³Macalgoã«åŸºã¥ã„ã¦æš—å·åŒ–ãŒé€²ã¿ã¾ã™ã€‚CTXãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€å‡¦ç†ã¯ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€ECAES_128_CBCã€ECHKDF_SHA256ã€ECHMAC_SHA256ã§å®Œäº†ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒCTXã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¾“ã£ã¦åŸ‹ã‚è¾¼ã¾ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 入力メッセージã®å¾©å·åŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG PRIVKEYã€PUBKEYã€MSGã€MSGSZã€OUTã€OUTSZãŒNULLã®å ´åˆã€ã¾ãŸã¯CTXオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¾ã™ã€‚ - \return BAD_ENC_STATE_E 指定ã•れãŸCTXオブジェクトãŒå¾©å·åŒ–ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 供給ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦å¾©å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 共有秘密éµã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param privKey 復å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ECC_Keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pubKey コミュニケーションを希望ã™ã‚‹ãƒ”ã‚¢ã®å…¬é–‹éµã‚’å«ã‚€ECC_Keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msg æš—å·æ–‡ã‚’復å·åŒ–ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msgSz 復å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param out 復å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outSz OUTãƒãƒƒãƒ•ァ内ã®ä½¿ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€Word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚æš—å·æ–‡ã‚’正常ã«å¾©å·åŒ–ã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€msgã‹ã‚‰outã¸æš—å·æ–‡ã‚’復å·ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚ªãƒ—ションã®ctxオブジェクトをパラメータã¨ã—ã¦å—ã‘å–りã¾ã™ã€‚æä¾›ã•れãŸå ´åˆã€æš—å·åŒ–ã¯ecEncCtxã®encAlgoã€kdfAlgoã€ãŠã‚ˆã³macAlgoã«åŸºã¥ã„ã¦é€²è¡Œã—ã¾ã™ã€‚ctxãŒæä¾›ã•れãªã„å ´åˆã€ãƒ‡ãƒ•ォルトã®ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ecAES_128_CBCã€ecHKDF_SHA256ã€ãŠã‚ˆã³ecHMAC_SHA256ã§å‡¦ç†ãŒå®Œäº†ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã§ã¯ã€ctxã§æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–タイプã«å¿œã˜ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒãƒ‘ディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 入力メッセージã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG privKeyã€pubKeyã€msgã€msgSzã€outã€ã¾ãŸã¯outSzãŒNULLã®å ´åˆã€ã¾ãŸã¯ctxオブジェクトãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„æš—å·åŒ–タイプを指定ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_ENC_STATE_E 指定ã•れãŸctxオブジェクトãŒå¾©å·ã«é©ã—ã¦ã„ãªã„状態ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E æä¾›ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå¾©å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E 共有秘密éµç”¨ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param privKey 復å·ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pubKey 通信ã—ãŸã„ピアã®å…¬é–‹éµã‚’å«ã‚€ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msg 復å·ã™ã‚‹æš—å·æ–‡ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param msgSz 復å·ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param out 復å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz outãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’å«ã‚€word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚æš—å·æ–‡ã®å¾©å·ã«æˆåŠŸã™ã‚‹ã¨ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ + \param ctx オプション:使用ã™ã‚‹ç•°ãªã‚‹å¾©å·ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’指定ã™ã‚‹ecEncCtxオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code - byte cipher[] = { initialize with - ciphertext to decrypt. Ensure padded to block size }; + byte cipher[] = { 復å·ã™ã‚‹æš—å·æ–‡ã§åˆæœŸåŒ–。ブロックサイズã«ãƒ‘ディングã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª }; byte plain[sizeof(cipher)]; word32 plainSz = sizeof(plain); int ret; ecc_key cli, serv; - // initialize cli with private key - // initialize serv with received public key + // cliを秘密éµã§åˆæœŸåŒ– + // servã‚’å—ä¿¡ã—ãŸå…¬é–‹éµã§åˆæœŸåŒ– ecEncCtx* cliCtx, servCtx; - // initialize cliCtx and servCtx - // exchange salts + // cliCtxã¨servCtxã‚’åˆæœŸåŒ– + // ã‚½ãƒ«ãƒˆã‚’äº¤æ› ret = wc_ecc_decrypt(&cli, &serv, cipher, sizeof(cipher), plain, &plainSz, cliCtx); if(ret != 0) { - // error decrypting message + // メッセージã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ecc_encrypt \sa wc_ecc_encrypt_ex */ @@ -1330,9 +1698,18 @@ /*! \ingroup ECC - \brief éžãƒ–ロックæ“作ã®ãŸã‚ã®ECCサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¾ã™ã€‚次ã®ãƒ“ルドオプションを使用ã—ãŸå˜ç²¾åº¦ï¼ˆSP)数学ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™.WolfSSL_SP_SP_SMALL WOLFSSL_SP_NO_MALLOC WC_ECC_NONBLOCK - \return 0 コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«æ­£å¸¸ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param key ECC_KEYオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ノンブロッキングæ“作ã®ãŸã‚ã®ECCサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¾ã™ã€‚次ã®ãƒ“ルドオプションã§Single Precision(SP)数学ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ï¼š + WOLFSSL_SP_NONBLOCK + WOLFSSL_SP_SMALL + WOLFSSL_SP_NO_MALLOC + WC_ECC_NONBLOCK + + \return 0 入力メッセージã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param key ecc_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ctx SP用ã®ã‚¹ã‚¿ãƒƒã‚¯ãƒ‡ãƒ¼ã‚¿ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’æŒã¤ecc_nb_ctx_t構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code int ret; @@ -1345,13 +1722,13 @@ if (ret == 0) { do { ret = wc_ecc_verify_hash_ex( - &r, &s, // r/s as mp_int - hash, hashSz, // computed hash digest - &verify_res, // verification result 1=success + &r, &s, // mp_intã¨ã—ã¦ã®r/s + hash, hashSz, // 計算ã•れãŸãƒãƒƒã‚·ãƒ¥ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆ + &verify_res, // æ¤œè¨¼çµæžœ 1=æˆåŠŸ &key ); - // TODO: Real-time work can be called here + // TODO: リアルタイム作業をã“ã“ã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ } while (ret == FP_WOULDBLOCK); } wc_ecc_free(&key); @@ -1359,3 +1736,28 @@ \endcode */ int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx); + +/*! + \ingroup ECC + + \brief 指定ã•れãŸã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã„キーをæŒã¤ã‚«ãƒ¼ãƒ–ã¾ãŸã¯ã‚«ãƒ¼ãƒ–IDã«ä¸€è‡´ã™ã‚‹ã‚«ãƒ¼ãƒ–を比較ã—ã€ã‚ˆã‚Šå°ã•ã„キーサイズをæŒã¤ã‚«ãƒ¼ãƒ–をキーã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 キーã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param keysize キーサイズ(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param curve_id カーブID + + _Example_ + \code int ret; + ecc_key ecc; + + ret = wc_ecc_init(&ecc); + if (ret != 0) + return ret; + ret = wc_ecc_set_curve(&ecc, 32, ECC_SECP256R1)); + if (ret != 0) + return ret; + + \endcode +*/ +int wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/eccsi.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/eccsi.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/eccsi.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/eccsi.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,106 +1,130 @@ /*! + \ingroup ECCSI_Setup */ int wc_InitEccsiKey(EccsiKey* key, void* heap, int devId); /*! + \ingroup ECCSI_Setup */ int wc_InitEccsiKey_ex(EccsiKey* key, int keySz, int curveId, void* heap, int devId); /*! + \ingroup ECCSI_Setup */ void wc_FreeEccsiKey(EccsiKey* key); /*! + \ingroup ECCSI_Setup */ int wc_MakeEccsiKey(EccsiKey* key, WC_RNG* rng); /*! + \ingroup ECCSI_Operations */ int wc_MakeEccsiPair(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, const byte* id, word32 idSz, mp_int* ssk, ecc_point* pvt); /*! + \ingroup ECCSI_Operations */ int wc_ValidateEccsiPair(EccsiKey* key, enum wc_HashType hashType, const byte* id, word32 idSz, const mp_int* ssk, ecc_point* pvt, int* valid); /*! + \ingroup ECCSI_Operations */ int wc_ValidateEccsiPvt(EccsiKey* key, const ecc_point* pvt, int* valid); /*! + \ingroup ECCSI_Operations */ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt, byte* data, word32* sz); /*! + \ingroup ECCSI_Operations */ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz); /*! + \ingroup ECCSI_Operations */ int wc_EncodeEccsiPvt(const EccsiKey* key, ecc_point* pvt, byte* data, word32* sz, int raw); /*! + \ingroup ECCSI_Operations */ int wc_DecodeEccsiPair(const EccsiKey* key, const byte* data, word32 sz, mp_int* ssk, ecc_point* pvt); /*! + \ingroup ECCSI_Operations */ int wc_DecodeEccsiSsk(const EccsiKey* key, const byte* data, word32 sz, mp_int* ssk); /*! + \ingroup ECCSI_Operations */ int wc_DecodeEccsiPvt(const EccsiKey* key, const byte* data, word32 sz, ecc_point* pvt); /*! + \ingroup ECCSI_Operations */ int wc_DecodeEccsiPvtFromSig(const EccsiKey* key, const byte* sig, word32 sz, ecc_point* pvt); /*! + \ingroup ECCSI_Setup */ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz); /*! + \ingroup ECCSI_Setup */ int wc_ImportEccsiKey(EccsiKey* key, const byte* data, word32 sz); /*! + \ingroup ECCSI_Setup */ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz); /*! + \ingroup ECCSI_Setup */ int wc_ImportEccsiPrivateKey(EccsiKey* key, const byte* data, word32 sz); /*! + \ingroup ECCSI_Setup */ int wc_ExportEccsiPublicKey(EccsiKey* key, byte* data, word32* sz, int raw); /*! + \ingroup ECCSI_Setup */ int wc_ImportEccsiPublicKey(EccsiKey* key, const byte* data, word32 sz, int trusted); /*! + \ingroup ECCSI_Operations */ int wc_HashEccsiId(EccsiKey* key, enum wc_HashType hashType, const byte* id, word32 idSz, ecc_point* pvt, byte* hash, byte* hashSz); /*! + \ingroup ECCSI_Setup */ int wc_SetEccsiHash(EccsiKey* key, const byte* hash, byte hashSz); /*! + \ingroup ECCSI_Setup */ int wc_SetEccsiPair(EccsiKey* key, const mp_int* ssk, const ecc_point* pvt); /*! + \ingroup ECCSI_Operations */ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, const byte* msg, word32 msgSz, byte* sig, word32* sigSz); /*! + \ingroup ECCSI_Operations */ int wc_VerifyEccsiHash(EccsiKey* key, enum wc_HashType hashType, const byte* msg, word32 msgSz, const byte* sig, word32 sigSz, int* verified); - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed25519.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,23 +1,23 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯Ed25519秘密éµã‹ã‚‰Ed25519公開éµã‚’生æˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubkeyã«å‡ºåŠ›ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã®å‘¼ã³å‡ºã—ã«å…ˆç«‹ã¡ã€ed25519_key構造体ã«ã¯Ed25519秘密éµãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 公開éµã®ä½œæˆã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数keyã¾ãŸã¯pubKeyãŒNULLã®å ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸéµã‚µã‚¤ã‚ºãŒ32ãƒã‚¤ãƒˆã§ã¯ãªã„å ´åˆï¼ˆED25519ã«32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ãŒã‚りã¾ã™ï¼‰ã€‚ - \return ECC_PRIV_KEY_E ed25519_key構造体ã«Ed25519秘密éµãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã«æ ¼ç´ã•れãŸç§˜å¯†éµã‹ã‚‰Ed25519公開éµã‚’生æˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubKeyã«æ ¼ç´ã—ã¾ã™ã€‚ - \param [in] key Ed25519秘密éµãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] pubKey 公開éµã‚’出力ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] pubKeySz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚常ã«ED25519_PUB_KEY_SIZE(32)ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 + \return 0 公開éµã®ä½œæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯pubKeyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ32ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ï¼ˆEd25519ã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’æŒã¡ã¾ã™ï¼‰ã€‚ + \return ECC_PRIV_KEY_E ed25519_keyオブジェクトã«ç§˜å¯†éµãŒå«ã¾ã‚Œã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key キーを生æˆã™ã‚‹ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] pubKey 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubKeySz 公開éµã®ã‚µã‚¤ã‚ºã€‚ED25519_PUB_KEY_SIZEã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ _Example_ \code int ret; ed25519_key key; - byte priv[] = { initialize with 32 byte private key }; + byte priv[] = { 32ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; byte pub[32]; word32 pubSz = sizeof(pub); @@ -25,9 +25,10 @@ wc_ed25519_import_private_only(priv, sizeof(priv), &key); ret = wc_ed25519_make_public(&key, pub, &pubSz); if (ret != 0) { - // error making public key + // 公開éµã®ä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_init \sa wc_ed25519_import_private_only \sa wc_ed25519_make_key @@ -38,12 +39,16 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ed25519_key構造体を生æˆã—ã€ãれを引数keyã®ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 ed25519_key構造体を正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG RNGã¾ãŸã¯KEYãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸkeysizeãŒ32ãƒã‚¤ãƒˆã§ã¯ãªã„å ´åˆ(Ed25519éµã«ã¯å¸¸ã«32ãƒã‚¤ãƒˆã‚’指定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™)。 - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] rng RNGキーを生æˆã™ã‚‹åˆæœŸåŒ–ã•れãŸRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] keysize keyã®é•·ã•。ED25519ã®å ´åˆã¯å¸¸ã«32ã«ãªã‚Šã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„Ed25519キーを生æˆã—ã€ãれをkeyã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 ed25519_keyã®ä½œæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG rngã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ32ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ï¼ˆEd25519ã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’æŒã¡ã¾ã™ï¼‰ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] rng キーを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–済ã¿RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keysize 生æˆã™ã‚‹ã‚­ãƒ¼ã®é•·ã•。Ed25519ã®å ´åˆã¯å¸¸ã«32ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in,out] key キーを生æˆã™ã‚‹ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -56,9 +61,10 @@ wc_ed25519_init(&key); wc_ed25519_make_key(&rng, 32, &key); if (ret != 0) { - // error making key + // キー作æˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_init */ @@ -66,16 +72,18 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体を使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ - \return 0 メッセージã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed25519_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ + + \return 0 メッセージã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ \param [in] in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’ä¿æŒã—ã¦ã„ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -83,18 +91,19 @@ WC_RNG rng; int ret, sigSz; - byte sig[64]; // will hold generated signature + byte sig[64]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte message[] = { initialize with message }; + byte message[] = { メッセージã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed25519_init(&key); // initialize key - wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed25519_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed25519_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed25519_sign_msg(message, sizeof(message), sig, &sigSz, &key); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519ctx_sign_msg \sa wc_ed25519ph_sign_hash \sa wc_ed25519ph_sign_msg @@ -106,18 +115,20 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体を使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ - コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã§ã™ã€‚ - \return 0 メッセージã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed25519_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã§ã™ã€‚ + + \return 0 メッセージã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param [in] in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’ä¿æŒã—ã¦ã„ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code @@ -125,20 +136,21 @@ WC_RNG rng; int ret, sigSz; - byte sig[64]; // will hold generated signature + byte sig[64]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte message[] = { initialize with message }; - byte context[] = { initialize with context of signing }; + byte message[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed25519_init(&key); // initialize key - wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed25519_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed25519_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed25519ctx_sign_msg(message, sizeof(message), sig, &sigSz, &key, context, sizeof(context)); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_sign_msg \sa wc_ed25519ph_sign_hash \sa wc_ed25519ph_sign_msg @@ -151,22 +163,20 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体を使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã¾ã™ã€‚ - コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - ç½²å計算ã®å‰ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯äº‹å‰ã«ãƒãƒƒã‚·ãƒ¥ã•れã¦ã„ã¾ã™ã€‚ - メッセージダイジェストを作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¯Shake-256ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - - \return 0 メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed25519_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚メッセージã¯ç½²å計算å‰ã«äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¾ã™ã€‚ + + \return 0 メッセージダイジェストã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ \param [in] hash ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] hashLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®ã‚µã‚¤ã‚º - \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [in] key ç½²åを生æˆã™ã‚‹ã®ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†éµã‚’å«ã‚“ã ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] hashLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outLen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code @@ -174,20 +184,21 @@ WC_RNG rng; int ret, sigSz; - byte sig[64]; // will hold generated signature + byte sig[64]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte hash[] = { initialize with SHA-512 hash of message }; - byte context[] = { initialize with context of signing }; + byte hash[] = { メッセージã®SHA-512ãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed25519_init(&key); // initialize key - wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed25519_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed25519_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed25519ph_sign_hash(hash, sizeof(hash), sig, &sigSz, &key, context, sizeof(context)); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_sign_msg \sa wc_ed25519ctx_sign_msg \sa wc_ed25519ph_sign_msg @@ -200,17 +211,20 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体を使用ã—ã¦èªè¨¼ã‚’ä¿è¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れãŸãƒ‡ãƒ¼ã‚¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ç½²å計算ã®å‰ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯äº‹å‰ã«ãƒãƒƒã‚·ãƒ¥ã•れã¦ã„ã¾ã™ã€‚ - \return 0 メッセージã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed25519_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚メッセージã¯ç½²å計算å‰ã«äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¾ã™ã€‚ + + \return 0 メッセージã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param [in] in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ - \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [in] key ç½²åを生æˆã™ã‚‹ãƒ—ライベートed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed25519_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code @@ -218,20 +232,21 @@ WC_RNG rng; int ret, sigSz; - byte sig[64]; // will hold generated signature + byte sig[64]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte message[] = { initialize with message }; - byte context[] = { initialize with context of signing }; + byte message[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed25519_init(&key); // initialize key - wc_ed25519_make_key(&rng, 32, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed25519_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed25519_make_key(&rng, 32, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed25519ph_sign_msg(message, sizeof(message), sig, &sigSz, &key, context, sizeof(context)); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_sign_msg \sa wc_ed25519ctx_sign_msg \sa wc_ed25519ph_sign_hash @@ -244,36 +259,37 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ - retを介ã—ã¦ç­”ãˆã‚’è¿”ã—ã€æœ‰åйãªç½²åã®å ´åˆã¯1ã€ç„¡åйãªç½²åã®å ´åˆã«ã¯0ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - - \param [in] sig 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] siglen 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚º - \param [in] msg メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] ret 検証ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ - \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã®Ed25519公開éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ç­”ãˆã¯retを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] msg 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] ret æ¤œè¨¼çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed25519éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code ed25519_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte msg[] = { initialize with message }; - // initialize key with received public key + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte msg[] = { メッセージã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– ret = wc_ed25519_verify_msg(sig, sizeof(sig), msg, sizeof(msg), &verified, &key); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed25519ctx_verify_msg \sa wc_ed25519ph_verify_hash \sa wc_ed25519ph_verify_msg @@ -285,40 +301,40 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ - コンテキストã¯ç½²åã•れãŸãƒ‡ãƒ¼ã‚¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - ç­”ãˆã¯å¤‰æ•°retを介ã—ã¦è¿”ã•れã€ç½²åãŒæœ‰åйãªã‚‰ã°1ã€ç„¡åйãªã‚‰ã°0ã‚’è¿”ã—ã¾ã™ã€‚ - - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - - \param [in] sig 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] siglen 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚º - \param [in] msg メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] ret 検証ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ - \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã®Ed25519公開éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ç­”ãˆã¯retを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] msg 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] ret æ¤œè¨¼çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed25519éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code ed25519_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte msg[] = { initialize with message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte msg[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– ret = wc_ed25519ctx_verify_msg(sig, sizeof(sig), msg, sizeof(msg), &verified, &key, ); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed25519_verify_msg \sa wc_ed25519ph_verify_hash \sa wc_ed25519ph_verify_msg @@ -331,41 +347,41 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ - 引数hashã¯ã€ç½²å計算å‰ã®ãƒ—リãƒãƒƒã‚·ãƒ¥ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚ - メッセージダイジェストを作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¯SHA-512ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - ç­”ãˆã¯å¤‰æ•°retを介ã—ã¦è¿”ã•れã€ç½²åãŒæœ‰åйãªã‚‰ã°1ã€ç„¡åйãªã‚‰ã°0ã‚’è¿”ã—ã¾ã™ã€‚ - - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - - \param [in] sig 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] siglen 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚º - \param [in] msg メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] ret 検証ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ - \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã®Ed25519公開éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ç½²å計算å‰ã®äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚メッセージダイジェストã®ä½œæˆã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¯SHA-512ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ç­”ãˆã¯retを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] hash 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] hashLen 検証ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param [out] ret æ¤œè¨¼çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed25519éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストã®ã‚µã‚¤ã‚º + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code ed25519_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte hash[] = { initialize with SHA-512 hash of message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key - ret = wc_ed25519ph_verify_hash(sig, sizeof(sig), msg, sizeof(msg), - &verified, &key, ); + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte hash[] = { メッセージã®SHA-512ãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– + ret = wc_ed25519ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + &verified, &key, context, sizeof(context)); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed25519_verify_msg \sa wc_ed25519ctx_verify_msg \sa wc_ed25519ph_verify_msg @@ -378,43 +394,43 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ - 引数contextã¯æ¤œè¨¼ã™ã¹ãデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - 検証å‰ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒãƒ—リãƒãƒƒã‚·ãƒ¥ã•れã¦ã„ã¾ã™ã€‚ - ç­”ãˆã¯å¤‰æ•°resを介ã—ã¦è¿”ã•れã€ç½²åãŒæœ‰åйãªã‚‰ã°1ã€ç„¡åйãªã‚‰ã°0ã‚’è¿”ã—ã¾ã™ã€‚ - - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - \param [in] sig 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] siglen 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚º - \param [in] msg メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º - \param [out] ret 検証ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ - \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã®Ed25519公開éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed25519ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯æ¤œè¨¼å‰ã«äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¾ã™ã€‚ç­”ãˆã¯retを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] msg 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] ret æ¤œè¨¼çµæžœã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚1ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£å¸¸ã«æ¤œè¨¼ã•れãŸã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed25519éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] contextLen コンテキストã®ã‚µã‚¤ã‚º + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code ed25519_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte msg[] = { initialize with message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key - ret = wc_ed25519ctx_verify_msg(sig, sizeof(sig), msg, sizeof(msg), - &verified, &key, ); + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte msg[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– + ret = wc_ed25519ph_verify_msg(sig, sizeof(sig), msg, sizeof(msg), + &verified, &key, context, sizeof(context)); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed25519_verify_msg + \sa wc_ed25519ctx_verify_msg \sa wc_ed25519ph_verify_hash - \sa wc_ed25519ph_verify_msg \sa wc_ed25519_sign_msg */ @@ -424,16 +440,20 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€å¾Œã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã§ä½¿ç”¨ã®ãŸã‚ã«ed25519_keyæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 ed25519_key構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in,out] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã§ã®å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ed25519_keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 ed25519_keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in,out] key åˆæœŸåŒ–ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code ed25519_key key; wc_ed25519_init(&key); \endcode + \sa wc_ed25519_make_key \sa wc_ed25519_free */ @@ -442,16 +462,19 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨æ¸ˆã¿ã®ed25519_key構造体を解放ã—ã¾ã™ã€‚ - \param [in,out] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«Ed25519オブジェクトを解放ã—ã¾ã™ã€‚ + + \param [in,out] key 解放ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ _Example_ \code ed25519_key key; - // initialize key and perform secure exchanges + // keyã‚’åˆæœŸåŒ–ã—ã€å®‰å…¨ãªäº¤æ›ã‚’実行 ... wc_ed25519_free(&key); \endcode + \sa wc_ed25519_init */ @@ -459,25 +482,26 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ed25519公開éµã‚’ed25519_key構造体ã¸ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - 圧縮ã‚ã‚‹ã„ã¯éžåœ§ç¸®ã®ä¸¡æ–¹ã®å½¢å¼ã®éµã‚’扱ã„ã¾ã™ã€‚ - \return 0 ed25519公開éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒnullã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯inlenãŒED25519éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šã‚‚å°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] in 公開éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] inLen 公開éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param [in,out] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹ed25519_keyをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚公開éµã¯ã€ç§˜å¯†éµãŒå­˜åœ¨ã™ã‚‹å ´åˆã«ãれã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 0 ed25519_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯inLenãŒEd25519éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param [in,out] key 公開éµã‚’æ ¼ç´ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret; - byte pub[] = { initialize Ed25519 public key }; + byte pub[] = { Ed25519公開éµã§åˆæœŸåŒ– }; ed_25519 key; wc_ed25519_init_key(&key); ret = wc_ed25519_import_public(pub, sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode @@ -492,28 +516,26 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ed25519公開éµã‚’ed25519_key構造体ã¸ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - 圧縮ã‚ã‚‹ã„ã¯éžåœ§ç¸®ã®ä¸¡æ–¹ã®å½¢å¼ã®éµã‚’扱ã„ã¾ã™ã€‚ - 秘密éµãŒæ—¢ã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹å ´åˆã§ã€trusted引数ãŒ1以外ã®å ´åˆã¯ä¸¡éµãŒå¯¾å¿œã—ã¦ã„ã‚‹ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹ed25519_keyをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ä¿¡é ¼ã•れã¦ã„ãªã„å ´åˆã€ç§˜å¯†éµãŒå­˜åœ¨ã™ã‚‹ã¨ãã«å…¬é–‹éµãŒç§˜å¯†éµã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ - \return 0 ed25519公開éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG Returned 引数inã‚ã‚‹ã„ã¯keyãŒNULLã®å ´åˆ,ã‚ã‚‹ã„ã¯å¼•æ•°inLenãŒEd25519éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return 0 ed25519_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯inLenãŒEd25519éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] in 公開éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] inLen 公開éµã‚’å«ã‚“ã ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param [in,out] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] trusted 公開éµãŒä¿¡é ¼ãŠã‘ã‚‹ã‹å¦ã‹ã‚’示ã™ãƒ•ラグ + \param [in] in 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param [in,out] key 公開éµã‚’æ ¼ç´ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] trusted 公開éµãƒ‡ãƒ¼ã‚¿ãŒä¿¡é ¼ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã€‚ _Example_ \code int ret; - byte pub[] = { initialize Ed25519 public key }; + byte pub[] = { Ed25519公開éµã§åˆæœŸåŒ– }; ed_25519 key; wc_ed25519_init_key(&key); ret = wc_ed25519_import_public_ex(pub, sizeof(pub), &key, 1); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode @@ -526,62 +548,74 @@ int wc_ed25519_import_public_ex(const byte* in, word32 inLen, ed25519_key* key, int trusted); - /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519秘密éµã®ã¿ã‚’ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 Ed25519秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG privã¾ãŸã¯keyãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED25519_KEY_SIZEã¨ç•°ãªã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Ed25519秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 Ed25519éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG privã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED25519_KEY_SIZEã¨ç­‰ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] privSz 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] privSz 秘密éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret; - byte priv[] = { initialize with 32 byte private key }; + byte priv[] = { 32ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; ed25519_key key; wc_ed25519_init_key(&key); - ret = wc_ed25519_import_private_key(priv, sizeof(priv), &key); + ret = wc_ed25519_import_private_only(priv, sizeof(priv), &key); if (ret != 0) { - // error importing private key + // 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_import_public + \sa wc_ed25519_import_public_ex \sa wc_ed25519_import_private_key + \sa wc_ed25519_import_private_key_ex \sa wc_ed25519_export_private_only */ + int wc_ed25519_import_private_only(const byte* priv, word32 privSz, ed25519_key* key); - /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€Ed25519公開éµ/秘密éµã‚’ãれãžã‚Œå«ã‚€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Ed25519éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯åœ§ç¸®ã¨éžåœ§ç¸®ã®ä¸¡æ–¹ã®éµã‚’処ç†ã—ã¾ã™ã€‚ - \return 0 Ed25519_KEYã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG privã¾ãŸã¯keyãŒNULLã«è©•価ã•れãŸå ´åˆã€privSzãŒED25519_KEY_SIZEã¨ç•°ãªã‚‹ã‚ã‚‹ã„ã¯ED25519_PRV_KEY_SIZEã¨ã‚‚ç•°ãªã‚‹å ´åˆã€pubSzãŒED25519_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹/秘密Ed25519éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚公開éµã¯ä¿¡é ¼ã•れã¦ã„ãªã„ã¨æƒ³å®šã•れã€ç§˜å¯†éµã«å¯¾ã—ã¦ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 0 ed25519_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG privã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED25519_KEY_SIZEã«ã‚‚ED25519_PRV_KEY_SIZEã«ã‚‚ç­‰ã—ããªã„ã€ã‚‚ã—ãã¯pubSzãŒED25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] privSz 秘密éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] privSz 秘密éµã®é•·ã•。 \param [in] pub 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] pubSz 公開éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param [in] pubSz 公開éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†/公開éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret; - byte priv[] = { initialize with 32 byte private key }; - byte pub[] = { initialize with the corresponding public key }; + byte priv[] = { 32ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; ed25519_key key; wc_ed25519_init_key(&key); ret = wc_ed25519_import_private_key(priv, sizeof(priv), pub, sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_import_public + \sa wc_ed25519_import_public_ex \sa wc_ed25519_import_private_only + \sa wc_ed25519_import_private_key_ex \sa wc_ed25519_export_private */ @@ -590,29 +624,34 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Ed25519公開éµ/秘密éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚公開éµã¯trusted引数ã«ã‚ˆã‚Šä¿¡é ¼ã•れã¦ã„ãªã„ã¨ã•れãŸå ´åˆã«ã¯ç§˜å¯†éµã«å¯¾ã—ã¦æ¤œè¨¼ã•れã¾ã™ã€‚ - \return 0 ed25519_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG Returned if privã‚ã‚‹ã„ã¯keyãŒNULLã«è©•価ã•れãŸå ´åˆã€privSzãŒED25519_KEY_SIZEã¨ã‚‚ED25519_PRV_KEY_SIZEã¨ã‚‚ç•°ãªã‚‹å ´åˆã€pubSzãŒED25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] priv 秘密éµã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] privSz 秘密éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param [in] pub 公開éµã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in] pubSz 公開éµãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸå…¬é–‹éµ/秘密éµã‚’ä¿æŒã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ - \param [in] trusted 公開éµãŒä¿¡é ¼ã§ãã‚‹ã‹å¦ã‹ã‚’指定ã™ã‚‹ãƒ•ラグ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹/秘密Ed25519éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ä¿¡é ¼ã•れã¦ã„ãªã„å ´åˆã€å…¬é–‹éµãŒç§˜å¯†éµã«å¯¾ã—ã¦ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 0 ed25519_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG privã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED25519_KEY_SIZEã«ã‚‚ED25519_PRV_KEY_SIZEã«ã‚‚ç­‰ã—ããªã„ã€ã‚‚ã—ãã¯pubSzãŒED25519_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz 秘密éµã®é•·ã•。 + \param [in] pub 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz 公開éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†/公開éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ed25519_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] trusted 公開éµãƒ‡ãƒ¼ã‚¿ãŒä¿¡é ¼ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã€‚ _Example_ \code int ret; - byte priv[] = { initialize with 32 byte private key }; - byte pub[] = { initialize with the corresponding public key }; + byte priv[] = { 32ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; + ed25519_key key; wc_ed25519_init_key(&key); - ret = wc_ed25519_import_private_key(priv, sizeof(priv), pub, sizeof(pub), + ret = wc_ed25519_import_private_key_ex(priv, sizeof(priv), pub, sizeof(pub), &key, 1); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_import_public \sa wc_ed25519_import_public_ex \sa wc_ed25519_import_private_only @@ -625,75 +664,87 @@ /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€outLenã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ァーãŒå…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“ã®ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™ã¨ã€outlenã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ - \param [in] key 公開éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] out 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] outLen 公開éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ァサイズを格ç´ã™ã‚‹word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 入力ã®éš›ã¯ãƒãƒƒãƒ•ァサイズを格ç´ã—ã¦æ¸¡ã—ã€å‡ºåŠ›ã®éš›ã¯ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ãŸå…¬é–‹éµã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“ã®ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™éš›ã€é–¢æ•°ã¯outLenã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ + + \param [in] key 公開éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ _Example_ \code int ret; ed25519_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ char pub[32]; word32 pubSz = sizeof(pub); ret = wc_ed25519_export_public(&key, pub, &pubSz); if (ret != 0) { - // error exporting public key + // 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_import_public + \sa wc_ed25519_import_public_ex + \sa wc_ed25519_export_private \sa wc_ed25519_export_private_only */ -int wc_ed25519_export_public(ed25519_key* key, byte* out, word32* outLen); +int wc_ed25519_export_public(const ed25519_key* key, byte* out, word32* outLen); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰ã®ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã€outlenã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ァーãŒç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] key 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] out 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] outLen 秘密éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ァサイズを格ç´ã™ã‚‹word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 入力ã®éš›ã¯ãƒãƒƒãƒ•ァサイズを格ç´ã—ã¦æ¸¡ã—ã€å‡ºåŠ›ã®éš›ã¯ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ãŸç§˜å¯†éµã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ _Example_ \code int ret; ed25519_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ - char priv[32]; // 32 bytes because only private key + char priv[32]; // 秘密éµã®ã¿ãªã®ã§32ãƒã‚¤ãƒˆ word32 privSz = sizeof(priv); ret = wc_ed25519_export_private_only(&key, priv, &privSz); if (ret != 0) { - // error exporting private key + // 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_export_public + \sa wc_ed25519_export_private \sa wc_ed25519_import_private_key + \sa wc_ed25519_import_private_key_ex */ -int wc_ed25519_export_private_only(ed25519_key* key, byte* out, word32* outLen); +int wc_ed25519_export_private_only(const ed25519_key* key, byte* out, word32* outLen); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚éµãƒšã‚¢ã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ounterenã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ァーãŒéµãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] éµãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] outLen éµãƒšã‚¢ã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ァサイズを格ç´ã™ã‚‹word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 入力ã®éš›ã¯ãƒãƒƒãƒ•ァサイズを格ç´ã—ã¦æ¸¡ã—ã€å‡ºåŠ›ã®éš›ã¯ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ãŸéµãƒšã‚¢ã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚éµãƒšã‚¢ã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ _Example_ \code @@ -703,42 +754,43 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key + wc_ed25519_make_key(&rng, 32, &key); // 32ãƒã‚¤ãƒˆã®Ed25519éµã‚’åˆæœŸåŒ– - byte out[64]; // out needs to be a sufficient buffer size + byte out[64]; // outã¯å分ãªãƒãƒƒãƒ•ァサイズã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ word32 outLen = sizeof(out); int key_size = wc_ed25519_export_private(&key, out, &outLen); if (key_size == BUFFER_E) { - // Check size of out compared to outLen to see if function reset outLen + // 関数ãŒoutLenをリセットã—ãŸã‹ã©ã†ã‹ã‚’確èªã™ã‚‹ãŸã‚ã€outã®ã‚µã‚¤ã‚ºã¨outLenを比較 } \endcode + \sa wc_ed25519_import_private_key + \sa wc_ed25519_import_private_key_ex \sa wc_ed25519_export_private_only */ -int wc_ed25519_export_private(ed25519_key* key, byte* out, word32* outLen); +int wc_ed25519_export_private(const ed25519_key* key, byte* out, word32* outLen); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰ç§˜å¯†éµã¨å…¬é–‹éµã‚’別々ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - 秘密éµã‚’ãƒãƒƒãƒ•ã‚¡privã«æ ¼ç´ã—ã€priovSzã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込んã ãƒã‚¤ãƒˆæ•°ã‚’設定ã—ã¾ã™ã€‚ - 公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubã«æ ¼ç´ã—ã€pubSzã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ã込んã ãƒã‚¤ãƒˆæ•°ã‚’設定ã—ã¾ã™ã€‚ - \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ãŒéµãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] priv 秘密éµã‚’出力ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] privSz 秘密éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã™ã‚‹word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå¾Œã«ã¯æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ - \param [out] pub パブリックキーを出力ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param [in,out] pubSz 公開éµã‚’出力ã™ã‚‹å…ˆã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã™ã‚‹word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå¾Œã«ã¯æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã‹ã‚‰ç§˜å¯†éµã¨å…¬é–‹éµã‚’個別ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡privã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’privSzã«è¨­å®šã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’pubSzã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ _Example_ \code int ret; ed25519_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ char pub[32]; word32 pubSz = sizeof(pub); @@ -747,73 +799,86 @@ ret = wc_ed25519_export_key(&key, priv, &pubSz, pub, &pubSz); if (ret != 0) { - // error exporting public key + // 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_export_private \sa wc_ed25519_export_public */ -int wc_ed25519_export_key(ed25519_key* key, +int wc_ed25519_export_key(const ed25519_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体ã®å…¬é–‹éµã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ - \return 0 プライベートキーã¨å…¬é–‹éµãŒä¸€è‡´ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸéµãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return PUBLIC_KEY_E 公開éµãŒå‚ç…§ã§ããªã„ã‹ç„¡åйã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] key 公開éµã¨ç§˜å¯†éµã®ä¸¡æ–¹ã‚’ä¿æŒã—ã¦ã„ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ed25519_key構造体内ã®å…¬é–‹éµãŒç§˜å¯†éµã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 秘密éµã¨å…¬é–‹éµãŒä¸€è‡´ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸkeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµãŒåˆ©ç”¨ã§ããªã„ã€ã¾ãŸã¯ç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key 秘密éµã¨å…¬é–‹éµã‚’ä¿æŒã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret; - byte priv[] = { initialize with 57 byte private key }; - byte pub[] = { initialize with the corresponding public key }; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; ed25519_key key; wc_ed25519_init_key(&key); - wc_ed25519_import_private_key(priv, sizeof(priv), pub, sizeof(pub), &key); + wc_ed25519_import_private_key_ex(priv, sizeof(priv), pub, sizeof(pub), &key, + 1); ret = wc_ed25519_check_key(&key); if (ret != 0) { - // error checking key + // éµã®ãƒã‚§ãƒƒã‚¯ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_import_private_key + \sa wc_ed25519_import_private_key_ex */ int wc_ed25519_check_key(ed25519_key* key); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€Ed25519 - 32ãƒã‚¤ãƒˆã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return ED25519_KEY_SIZE 有効ãªç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸå¼•æ•°keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€Ed25519ã®ã‚µã‚¤ã‚ºï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã‚’è¿”ã—ã¾ã™ã€‚ + + \return ED25519_KEY_SIZE 有効ãªç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG 指定ã•れãŸkeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int keySz; ed25519_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ keySz = wc_ed25519_size(&key); if (keySz == 0) { - // error determining key size + // éµã‚µã‚¤ã‚ºã®æ±ºå®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_make_key */ -int wc_ed25519_size(ed25519_key* key); +int wc_ed25519_size(const ed25519_key* key); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‚µã‚¤ã‚ºï¼ˆsecret + public)をãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ - \return ED25519_PRV_KEY_SIZE 秘密éµã®ã‚µã‚¤ã‚ºï¼ˆ64ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆç§˜å¯† + 公開)をãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ + + \return ED25519_PRV_KEY_SIZE 秘密éµã®ã‚µã‚¤ã‚ºï¼ˆ64ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -823,20 +888,24 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key + wc_ed25519_make_key(&rng, 32, &key); // 32ãƒã‚¤ãƒˆã®Ed25519éµã‚’åˆæœŸåŒ– int key_size = wc_ed25519_priv_size(&key); \endcode + \sa wc_ed25519_pub_size */ -int wc_ed25519_priv_size(ed25519_key* key); +int wc_ed25519_priv_size(const ed25519_key* key); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯åœ§ç¸®éµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ï¼ˆå…¬é–‹éµï¼‰ã€‚ - \return ED25519_PUB_KEY_SIZE 圧縮公開éµã®ã‚µã‚¤ã‚ºï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®éµã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ï¼ˆå…¬é–‹éµï¼‰ã€‚ + + \return ED25519_PUB_KEY_SIZE 圧縮公開éµã®ã‚µã‚¤ã‚ºï¼ˆ32ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -845,33 +914,38 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed25519_make_key(&rng, 32, &key); // initialize 32 byte Ed25519 key + wc_ed25519_make_key(&rng, 32, &key); // 32ãƒã‚¤ãƒˆã®Ed25519éµã‚’åˆæœŸåŒ– int key_size = wc_ed25519_pub_size(&key); \endcode + \sa wc_ed25519_priv_size */ -int wc_ed25519_pub_size(ed25519_key* key); +int wc_ed25519_pub_size(const ed25519_key* key); /*! \ingroup ED25519 - \brief ã“ã®é–¢æ•°ã¯ã€ED25519ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°64)を返ã—ã¾ã™ã€‚ - \return ED25519_SIG_SIZE ED25519ã‚·ã‚°ãƒãƒãƒ£ï¼ˆ64ãƒã‚¤ãƒˆï¼‰ã®ã‚µã‚¤ã‚ºã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \param [in] key ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Ed25519ç½²åã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ã§64)を返ã—ã¾ã™ã€‚ + + \return ED25519_SIG_SIZE Ed25519ç½²åã®ã‚µã‚¤ã‚ºï¼ˆ64ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key ç½²åサイズをå–å¾—ã™ã‚‹ed25519_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int sigSz; ed25519_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ sigSz = wc_ed25519_sig_size(&key); if (sigSz == 0) { - // error determining sig size + // ç½²åã‚µã‚¤ã‚ºã®æ±ºå®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed25519_sign_msg */ -int wc_ed25519_sig_size(ed25519_key* key); +int wc_ed25519_sig_size(const ed25519_key* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed448.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed448.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ed448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,17 +1,22 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‹ã‚‰ED448公開éµã‚’生æˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡Pubkeyã«æ ¼ç´ã—ã€Pubkeyszã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 公開éµã®ä½œæˆã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG IFIキーã¾ãŸã¯PubKeyãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ57ãƒã‚¤ãƒˆã§ã¯ãªã„å ´åˆï¼ˆED448ã«ã¯57ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ãŒã‚りã¾ã™ï¼‰ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーを生æˆã™ã‚‹ED448_Keyã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‹ã‚‰Ed448公開éµã‚’生æˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubKeyã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’pubKeySzã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 公開éµã®ä½œæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯pubKeyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ57ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ï¼ˆEd448ã¯57ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’æŒã¡ã¾ã™ï¼‰ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key キーを生æˆã™ã‚‹ed448_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] pubKey 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubKeySz pubKeyãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code int ret; ed448_key key; - byte priv[] = { initialize with 57 byte private key }; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; byte pub[57]; word32 pubSz = sizeof(pub); @@ -19,9 +24,10 @@ wc_ed448_import_private_only(priv, sizeof(priv), &key); ret = wc_ed448_make_public(&key, pub, &pubSz); if (ret != 0) { - // error making public key + // 公開éµã®ä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_init \sa wc_ed448_import_private_only \sa wc_ed448_make_key @@ -32,12 +38,17 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„ED448キーを生æˆã—ã€ãã‚Œã‚’ã‚­ãƒ¼ã«æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 ED448_Keyを正常ã«ä½œæˆã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG RNGã¾ãŸã¯KeyãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ57ãƒã‚¤ãƒˆã§ã¯ãªã„å ´åˆï¼ˆED448ã«ã¯57ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ãŒã‚りã¾ã™ï¼‰ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] RNGキーを生æˆã™ã‚‹åˆæœŸåŒ–ã•れãŸRNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] keysize keyã®é•·ã•を生æˆã—ã¾ã™ã€‚ED448ã®å ´åˆã¯å¸¸ã«57ã«ãªã‚Šã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„Ed448キーを生æˆã—ã€ãれをkeyã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 ed448_keyã®ä½œæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG rngã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯æŒ‡å®šã•れãŸã‚­ãƒ¼ã‚µã‚¤ã‚ºãŒ57ãƒã‚¤ãƒˆã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ï¼ˆEd448ã¯57ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’æŒã¡ã¾ã™ï¼‰ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] rng キーを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–済ã¿RNGオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] keysize 生æˆã™ã‚‹ã‚­ãƒ¼ã®é•·ã•。Ed448ã®å ´åˆã¯å¸¸ã«57ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param [in,out] key キーを生æˆã™ã‚‹ed448_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; @@ -49,9 +60,10 @@ wc_ed448_init(&key); ret = wc_ed448_make_key(&rng, 57, &key); if (ret != 0) { - // error making key + // キー作æˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_init */ @@ -59,72 +71,87 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Keyオブジェクトを使用ã—ãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«æ­£è§£ã‚’ä¿è¨¼ã—ã¾ã™ã€‚ - \return 0 メッセージã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ - \param [out] 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー。 - \param [in,out] 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã®ç¯„囲内。メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed448_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ + + \return 0 メッセージã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outLen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed448_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れるコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; WC_RNG rng; int ret, sigSz; - byte sig[114]; // will hold generated signature + byte sig[114]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte message[] = { initialize with message }; + byte message[] = { メッセージã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed448_init(&key); // initialize key - wc_ed448_make_key(&rng, 57, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed448_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed448_make_key(&rng, 57, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed448_sign_msg(message, sizeof(message), sig, &sigSz, &key); if (ret != 0 ) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448ph_sign_hash \sa wc_ed448ph_sign_msg \sa wc_ed448_verify_msg */ -int wc_ed448_sign_msg(const byte* in, word32 inlen, byte* out, - word32 *outlen, ed448_key* key); +int wc_ed448_sign_msg(const byte* in, word32 inLen, byte* out, + word32 *outLen, ed448_key* key, + const byte* context, byte contextLen); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€Ed448_Keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã¦ä¿¡é ¼æ€§ã‚’ä¿è¨¼ã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れãŸãƒ‡ãƒ¼ã‚¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ã€ç½²å計算å‰ã®ãƒ—リãƒãƒƒã‚·ãƒ¥ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚メッセージダイジェストを作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¯Shake-256ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return 0 メッセージダイジェストã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] サインã¸ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒãƒƒã‚·ãƒ¥ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] サインã¸ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 - \param [out] 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー。 - \param [in,out] 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã®ç¯„囲内。メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [in] ç½²åを生æˆã™ã‚‹ãŸã‚ã®ãƒ—ライベートED448_Keyã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed448_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ç½²å計算å‰ã®äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚ + + \return 0 メッセージダイジェストã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] hash ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] hashLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outLen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed448_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; WC_RNG rng; int ret, sigSz; - byte sig[114]; // will hold generated signature + byte sig[114]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte hash[] = { initialize with SHAKE-256 hash of message }; - byte context[] = { initialize with context of signing }; + byte hash[] = { メッセージã®ãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed448_init(&key); // initialize key - wc_ed448_make_key(&rng, 57, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed448_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed448_make_key(&rng, 57, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed448ph_sign_hash(hash, sizeof(hash), sig, &sigSz, &key, context, sizeof(context)); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_sign_msg \sa wc_ed448ph_sign_msg \sa wc_ed448ph_verify_hash @@ -136,74 +163,87 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Keyオブジェクトを使用ã—ãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«æ­£è§£ã‚’ä¿è¨¼ã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れãŸãƒ‡ãƒ¼ã‚¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ç½²å計算ã®å‰ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯äº‹å‰ã«ãƒãƒƒã‚·ãƒ¥ã•れã¦ã„ã¾ã™ã€‚ - \return 0 メッセージã®ç½²åを正常ã«ç”Ÿæˆã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG è¿”ã•れãŸå…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã¯NULLã«è©•価ã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦ç”Ÿæˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ã«ã¯å°ã•ã™ãŽã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ - \param [out] 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー。 - \param [in,out] 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã®ç¯„囲内。メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ã€‚ - \param [in] ç½²åを生æˆã™ã‚‹ãŸã‚ã®ãƒ—ライベートED448_Keyã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ed448_keyオブジェクトを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚コンテキストã¯ç½²åã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚メッセージã¯ç½²å計算å‰ã«äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¾ã™ã€‚ + + \return 0 メッセージã®ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒç”Ÿæˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数実行中ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in,out] outLen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒæ ¼ç´ã•れã¾ã™ã€‚ + \param [in] key ç½²åを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ç§˜å¯†ed448_keyã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れã¦ã„るコンテキストをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; WC_RNG rng; int ret, sigSz; - byte sig[114]; // will hold generated signature + byte sig[114]; // 生æˆã•れãŸç½²åã‚’ä¿æŒ sigSz = sizeof(sig); - byte message[] = { initialize with message }; - byte context[] = { initialize with context of signing }; + byte message[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; - wc_InitRng(&rng); // initialize rng - wc_ed448_init(&key); // initialize key - wc_ed448_make_key(&rng, 57, &key); // make public/private key pair + wc_InitRng(&rng); // rngã‚’åˆæœŸåŒ– + wc_ed448_init(&key); // keyã‚’åˆæœŸåŒ– + wc_ed448_make_key(&rng, 57, &key); // 公開/秘密éµãƒšã‚¢ã‚’ä½œæˆ ret = wc_ed448ph_sign_msg(message, sizeof(message), sig, &sigSz, &key, context, sizeof(context)); if (ret != 0) { - // error generating message signature + // メッセージ署åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_sign_msg \sa wc_ed448ph_sign_hash \sa wc_ed448ph_verify_msg */ -int wc_ed448ph_sign_msg(const byte* in, word32 inLen, byte* out, - word32 *outLen, ed448_key* key, const byte* context, - byte contextLen); +int wc_ed448ph_sign_msg(const byte* in, word32 inlen, byte* out, + word32 *outlen, ed448_key* key, + const byte* context, byte contextLen); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ED448ç½²åを確èªã—ã¦ä¿¡é ¼æ€§ã‚’確ä¿ã—ã¾ã™ã€‚文脈ã¯ãƒ‡ãƒ¼ã‚¿æ¤œè¨¼æ¸ˆã¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ç­”ãˆã¯RESを介ã—ã¦è¿”ã•ã‚Œã€æœ‰åйãªç½²åã«å¯¾å¿œã™ã‚‹1ã€ç„¡åйãªç½²åã«å¯¾å¿œã™ã‚‹0ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®SIGãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚·ã‚°ãƒ¬ãƒ³ã®é•·ã•。 - \param [in] メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®MSGãƒã‚¤ãƒ³ã‚¿ã‚’確èªã™ã‚‹ã€‚ - \param [in] 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®MSGlen長。 - \param [in] ç½²åを検証ã™ã‚‹ãŸã‚ã®ãƒ‘ブリックED448キーã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed448ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ç­”ãˆã¯resを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] msg 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] res æ¤œè¨¼å®Œäº†å¾Œã€æœ‰åйãªç½²åã®å ´åˆã¯1ã€ç„¡åйãªç½²åã®å ´åˆã¯0ãŒè¨­å®šã•れるintåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed448éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte msg[] = { initialize with message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte msg[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– ret = wc_ed448_verify_msg(sig, sizeof(sig), msg, sizeof(msg), &verified, &key, context, sizeof(context)); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed448ph_verify_hash \sa wc_ed448ph_verify_msg \sa wc_ed448_sign_msg @@ -215,33 +255,40 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®ED448ã‚·ã‚°ãƒãƒãƒ£ã‚’検証ã—ã¦ã€ä¿¡é ¼æ€§ã‚’確ä¿ã—ã¾ã™ã€‚文脈ã¯ãƒ‡ãƒ¼ã‚¿æ¤œè¨¼æ¸ˆã¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ã€ç½²å計算å‰ã®ãƒ—リãƒãƒƒã‚·ãƒ¥ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚メッセージダイジェストを作æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã¯Shake-256ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。答ãˆã¯RESを介ã—ã¦è¿”ã•ã‚Œã€æœ‰åйãªç½²åã«å¯¾å¿œã™ã‚‹1ã€ç„¡åйãªç½²åã«å¯¾å¿œã™ã‚‹0ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®SIGãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚·ã‚°ãƒ¬ãƒ³ã®é•·ã•。 - \param [in] 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒãƒƒã‚·ãƒ¥ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 検証ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥ãƒ¬ãƒ³é•·ã€‚ - \param [in] ç½²åを検証ã™ã‚‹ãŸã‚ã®ãƒ‘ブリックED448キーã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®Ed448ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ç½²å計算å‰ã®äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã™ã€‚ç­”ãˆã¯resを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] hash 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] hashlen 検証ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param [out] res æ¤œè¨¼å®Œäº†å¾Œã€æœ‰åйãªç½²åã®å ´åˆã¯1ã€ç„¡åйãªç½²åã®å ´åˆã¯0ãŒè¨­å®šã•れるintåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed448éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte hash[] = { initialize with SHAKE-256 hash of message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte hash[] = { メッセージã®ãƒãƒƒã‚·ãƒ¥ã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– ret = wc_ed448ph_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &verified, &key, context, sizeof(context)); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed448_verify_msg \sa wc_ed448ph_verify_msg \sa wc_ed448ph_sign_hash @@ -253,33 +300,40 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ED448ç½²åを確èªã—ã¦ä¿¡é ¼æ€§ã‚’確ä¿ã—ã¾ã™ã€‚文脈ã¯ãƒ‡ãƒ¼ã‚¿æ¤œè¨¼æ¸ˆã¿ã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚検証å‰ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒãƒ—リãƒãƒƒã‚·ãƒ¥ã•れã¦ã„ã¾ã™ã€‚ç­”ãˆã¯RESを介ã—ã¦è¿”ã•ã‚Œã€æœ‰åйãªç½²åã«å¯¾å¿œã™ã‚‹1ã€ç„¡åйãªç½²åã«å¯¾å¿œã™ã‚‹0ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ç½²åæ¤œè¨¼ã¨èªè¨¼ã‚’正常ã«å®Ÿè¡Œã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯SIGLENãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIG_VERIFY_E 検証ãŒå®Œäº†ã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ãŒã€ç”Ÿæˆã•れãŸç½²åã¯æä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ã¾ã›ã‚“。 - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®SIGãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 検証ã™ã‚‹ã‚·ã‚°ãƒãƒãƒ£ã®ã‚·ã‚°ãƒ¬ãƒ³ã®é•·ã•。 - \param [in] メッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®MSGãƒã‚¤ãƒ³ã‚¿ã‚’確èªã™ã‚‹ã€‚ - \param [in] 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®MSGlen長。 - \param [in] ç½²åを検証ã™ã‚‹ãŸã‚ã®ãƒ‘ブリックED448キーã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çœŸæ­£æ€§ã‚’ä¿è¨¼ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®Ed448ç½²åを検証ã—ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯æ¤œè¨¼ã•れるデータã®ä¸€éƒ¨ã¨ã—ã¦å«ã¾ã‚Œã¾ã™ã€‚ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¯æ¤œè¨¼å‰ã«äº‹å‰ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¾ã™ã€‚ç­”ãˆã¯resを通ã˜ã¦è¿”ã•れã€1ã¯æœ‰åйãªç½²åã«å¯¾å¿œã—ã€0ã¯ç„¡åйãªç½²åã«å¯¾å¿œã—ã¾ã™ã€‚ + + \return 0 ç½²åã®æ¤œè¨¼ã¨èªè¨¼ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯siglenãŒç½²åã®å®Ÿéš›ã®é•·ã•ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIG_VERIFY_E 検証ã¯å®Œäº†ã—ãŸãŒã€ç”Ÿæˆã•れãŸç½²åãŒæä¾›ã•れãŸç½²åã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] siglen 検証ã™ã‚‹ç½²åã®é•·ã•。 + \param [in] msg 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] msgLen 検証ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param [out] res æ¤œè¨¼å®Œäº†å¾Œã€æœ‰åйãªç½²åã®å ´åˆã¯1ã€ç„¡åйãªç½²åã®å ´åˆã¯0ãŒè¨­å®šã•れるintåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] key ç½²åを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹Ed448éµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] context メッセージãŒç½²åã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] contextLen コンテキストãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code ed448_key key; int ret, verified = 0; - byte sig[] { initialize with received signature }; - byte msg[] = { initialize with message }; - byte context[] = { initialize with context of signature }; - // initialize key with received public key + byte sig[] { å—ä¿¡ã—ãŸç½²åã§åˆæœŸåŒ– }; + byte msg[] = { メッセージã§åˆæœŸåŒ– }; + byte context[] = { ç½²åã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§åˆæœŸåŒ– }; + // å—ä¿¡ã—ãŸå…¬é–‹éµã§keyã‚’åˆæœŸåŒ– ret = wc_ed448ph_verify_msg(sig, sizeof(sig), msg, sizeof(msg), &verified, &key, context, sizeof(context)); if (ret < 0) { - // error performing verification + // 検証実行エラー } else if (verified == 0) - // the signature is invalid + // ç½²åãŒç„¡åй } \endcode + \sa wc_ed448_verify_msg \sa wc_ed448ph_verify_hash \sa wc_ed448ph_sign_msg @@ -291,14 +345,20 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã§å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ED448_Keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 ED448_Keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG キーãŒNULLã®å ´åˆã¯è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸æ¤œè¨¼ã§ã®å°†æ¥ã®ä½¿ç”¨ã®ãŸã‚ã«ed448_keyã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 ed448_keyオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in,out] key åˆæœŸåŒ–ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code ed448_key key; wc_ed448_init(&key); \endcode + \sa wc_ed448_make_key \sa wc_ed448_free */ @@ -307,14 +367,19 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ãれãŒä½¿ç”¨ã•れãŸå¾Œã«ED448オブジェクトを解放ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨å¾Œã«Ed448オブジェクトを解放ã—ã¾ã™ã€‚ + + \param [in,out] key 解放ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ed448_key key; - // initialize key and perform secure exchanges + // keyã‚’åˆæœŸåŒ–ã—ã€å®‰å…¨ãªäº¤æ›ã‚’実行 ... wc_ed448_free(&key); \endcode + \sa wc_ed448_init */ @@ -322,24 +387,32 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Public ED448_Keyペアをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ - \return 0 ED448_Keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG INã¾ãŸã¯KEYãŒNULLã«è©•価ã•れã¦ã„ã‚‹å ´åˆã€ã¾ãŸã¯INLENãŒED448キーã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚¤ãƒ³ãƒ¬ãƒ«é•·ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹ed448_keyペアをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚公開éµã¯ã€ç§˜å¯†éµãŒå­˜åœ¨ã™ã‚‹å ´åˆã«ãれã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 0 ed448_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯inLenãŒEd448éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param [in,out] key 公開éµã‚’æ ¼ç´ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte pub[] = { initialize Ed448 public key }; + byte pub[] = { Ed448公開éµã§åˆæœŸåŒ– }; ed_448 key; wc_ed448_init_key(&key); ret = wc_ed448_import_public(pub, sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + + \sa wc_ed448_import_public_ex \sa wc_ed448_import_private_key + \sa wc_ed448_import_private_key_ex \sa wc_ed448_export_public */ @@ -347,25 +420,68 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ed448秘密éµã‚’ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®ã¿ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return 0 ED448秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG INã¾ãŸã¯KEYãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯PRIVSZãŒED448_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 秘密éµã®Privszé•·ã•。 + + \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹ed448_keyペアをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ä¿¡é ¼ã•れã¦ã„ãªã„å ´åˆã€ç§˜å¯†éµãŒå­˜åœ¨ã™ã‚‹ã¨ãã«å…¬é–‹éµãŒç§˜å¯†éµã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 ed448_keyã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯inLenãŒEd448éµã®ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] in 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] inLen 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param [in,out] key 公開éµã‚’æ ¼ç´ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] trusted 公開éµãƒ‡ãƒ¼ã‚¿ãŒä¿¡é ¼ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã€‚ + + _Example_ + \code + int ret; + byte pub[] = { Ed448公開éµã§åˆæœŸåŒ– }; + + ed_448 key; + wc_ed448_init_key(&key); + ret = wc_ed448_import_public_ex(pub, sizeof(pub), &key, 1); + if (ret != 0) { + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_ed448_import_public + \sa wc_ed448_import_private_key + \sa wc_ed448_import_private_key_ex + \sa wc_ed448_export_public +*/ + +int wc_ed448_import_public_ex(const byte* in, word32 inLen, ed448_key* key, + int trusted); + +/*! + \ingroup ED448 + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰Ed448秘密éµã®ã¿ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return 0 Ed448秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED448_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz 秘密éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte priv[] = { initialize with 57 byte private key }; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; ed448_key key; wc_ed448_init_key(&key); ret = wc_ed448_import_private_only(priv, sizeof(priv), &key); if (ret != 0) { - // error importing private key + // 秘密éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_import_public + \sa wc_ed448_import_public_ex \sa wc_ed448_import_private_key + \sa wc_ed448_import_private_key_ex \sa wc_ed448_export_private_only */ @@ -374,29 +490,37 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ãƒ‘ブリック/プライベートED448キーペアをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ - \return 0 ED448キーã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG INã¾ãŸã¯KEYãŒNULLã«è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯PROVSZãŒED448_KEY_SIZEã¾ãŸã¯PUBSZã®ã„ãšã‚Œã‹ãŒeD448_PUB_KEY_SIZEよりもå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 秘密éµã®Privszé•·ã•。 - \param [in] 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®Pubãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] 公開éµã®Pubszã®é•·ã•。 + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹/秘密Ed448éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ + + \return 0 Ed448éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED448_KEY_SIZEよりå°ã•ã„ã€ã‚‚ã—ãã¯pubSzãŒED448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz 秘密éµã®é•·ã•。 + \param [in] pub 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz 公開éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†/公開éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte priv[] = { initialize with 57 byte private key }; - byte pub[] = { initialize with the corresponding public key }; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; ed448_key key; wc_ed448_init_key(&key); ret = wc_ed448_import_private_key(priv, sizeof(priv), pub, sizeof(pub), &key); if (ret != 0) { - // error importing key + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_import_public + \sa wc_ed448_import_public_ex \sa wc_ed448_import_private_only + \sa wc_ed448_import_private_key_ex \sa wc_ed448_export_private */ @@ -405,67 +529,127 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã€ounterenã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ァーãŒç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“ã®ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™ã¨ã€outlenã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ - \param [in] 公開éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ED448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 公開éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ä¸€å¯¾ã®ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹/秘密Ed448éµãƒšã‚¢ã‚’インãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®ã‚­ãƒ¼ã¨éžåœ§ç¸®ã‚­ãƒ¼ã®ä¸¡æ–¹ã‚’処ç†ã—ã¾ã™ã€‚ä¿¡é ¼ã•れã¦ã„ãªã„å ´åˆã€å…¬é–‹éµãŒç§˜å¯†éµã«å¯¾ã—ã¦ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 0 Ed448éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG inã¾ãŸã¯keyãŒNULLã¨è©•価ã•れãŸå ´åˆã€ã¾ãŸã¯privSzãŒED448_KEY_SIZEよりå°ã•ã„ã€ã‚‚ã—ãã¯pubSzãŒED448_PUB_KEY_SIZEよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] priv 秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] privSz 秘密éµã®é•·ã•。 + \param [in] pub 公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] pubSz 公開éµã®é•·ã•。 + \param [in,out] key インãƒãƒ¼ãƒˆã•れãŸç§˜å¯†/公開éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ed448_keyオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] trusted 公開éµãƒ‡ãƒ¼ã‚¿ãŒä¿¡é ¼ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã€‚ + _Example_ \code int ret; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; + ed448_key key; - // initialize key, make key + wc_ed448_init_key(&key); + ret = wc_ed448_import_private_key_ex(priv, sizeof(priv), pub, sizeof(pub), + &key, 1); + if (ret != 0) { + // éµã®ã‚¤ãƒ³ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_ed448_import_public + \sa wc_ed448_import_public_ex + \sa wc_ed448_import_private_only + \sa wc_ed448_import_private_key + \sa wc_ed448_export_private +*/ + +int wc_ed448_import_private_key_ex(const byte* priv, word32 privSz, + const byte* pub, word32 pubSz, ed448_key* key, int trusted); + +/*! + \ingroup ED448 + + \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体ã‹ã‚‰ç§˜å¯†éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“ã®ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™éš›ã€é–¢æ•°ã¯outLenã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ + + \param [in] key 公開éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + + _Example_ + \code + int ret; + ed448_key key; + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ char pub[57]; word32 pubSz = sizeof(pub); ret = wc_ed448_export_public(&key, pub, &pubSz); if (ret != 0) { - // error exporting public key + // 公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_import_public + \sa wc_ed448_import_public_ex \sa wc_ed448_export_private_only */ -int wc_ed448_export_public(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_public(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Key構造体ã‹ã‚‰ã®ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡ã‚¢ã‚¦ãƒˆã«æ ¼ç´ã—ã€outlenã«ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ァーãŒç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ED448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体ã‹ã‚‰ç§˜å¯†éµã®ã¿ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key 秘密éµã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + _Example_ \code int ret; ed448_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ - char priv[57]; // 57 bytes because only private key + char priv[57]; // 秘密éµã®ã¿ãªã®ã§57ãƒã‚¤ãƒˆ word32 privSz = sizeof(priv); ret = wc_ed448_export_private_only(&key, priv, &privSz); if (ret != 0) { - // error exporting private key + // 秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_export_public \sa wc_ed448_import_private_key + \sa wc_ed448_import_private_key_ex */ -int wc_ed448_export_private_only(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private_only(const ed448_key* key, byte* out, + word32* outLen); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Key構造体ã‹ã‚‰ã‚­ãƒ¼ãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚キーペアをãƒãƒƒãƒ•ã‚¡OUTã«æ ¼ç´ã—ã€ounterenã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 キーペアã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ァーãŒã‚­ãƒ¼ãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ED448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] キーペアをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体ã‹ã‚‰éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚éµãƒšã‚¢ã‚’ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] out éµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] outLen outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + _Example_ \code ed448_key key; @@ -474,36 +658,42 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed448_make_key(&rng, 57, &key); // initialize 57 byte Ed448 key + wc_ed448_make_key(&rng, 57, &key); // 57ãƒã‚¤ãƒˆã®Ed448éµã‚’åˆæœŸåŒ– - byte out[114]; // out needs to be a sufficient buffer size + byte out[114]; // outã¯å分ãªãƒãƒƒãƒ•ァサイズã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ word32 outLen = sizeof(out); int key_size = wc_ed448_export_private(&key, out, &outLen); if (key_size == BUFFER_E) { - // Check size of out compared to outLen to see if function reset outLen + // 関数ãŒoutLenをリセットã—ãŸã‹ã©ã†ã‹ã‚’確èªã™ã‚‹ãŸã‚ã€outã®ã‚µã‚¤ã‚ºã¨outLenを比較 } \endcode + \sa wc_ed448_import_private \sa wc_ed448_export_private_only */ -int wc_ed448_export_private(ed448_key* key, byte* out, word32* outLen); +int wc_ed448_export_private(const ed448_key* key, byte* out, word32* outLen); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448_Key構造体ã¨ã¯åˆ¥ã«ãƒ—ライベートキーã¨å…¬é–‹éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ァーPrivã«æ ¼ç´ã—ã€PRIVSZã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡PUBã«æ ¼ç´ã—ã€Pubszã§ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’設定ã—ã¾ã™ã€‚ - \return 0 キーペアã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return ECC_BAD_ARG_E ã„ãšã‚Œã‹ã®å…¥åЛ値ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E æä¾›ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ァーãŒã‚­ãƒ¼ãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param [in] キーペアをエクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ED448_Key構造体ã¸ã®ã‚­ãƒ¼ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] 秘密éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®PRIVãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in,out] PRIVSZ PIVINSZãƒã‚¤ãƒ³ã‚¿ã‚µã‚¤ã‚ºãŒè¡¨ç¤ºã•れã¦ã„るサイズをæŒã¤Word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆå¾Œã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’設定ã—ã¾ã™ã€‚ - \param [out] パブリックキーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®Pub。 + + \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体ã‹ã‚‰ç§˜å¯†éµã¨å…¬é–‹éµã‚’個別ã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚秘密éµã‚’ãƒãƒƒãƒ•ã‚¡privã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’privSzã«è¨­å®šã—ã¾ã™ã€‚公開éµã‚’ãƒãƒƒãƒ•ã‚¡pubã«æ ¼ç´ã—ã€ã“ã®ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’pubSzã«è¨­å®šã—ã¾ã™ã€‚ + + \return 0 éµãƒšã‚¢ã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_BAD_ARG_E 入力値ã®ã„ãšã‚Œã‹ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµãƒšã‚¢ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] priv 秘密éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] privSz outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚秘密éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + \param [out] pub 公開éµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in,out] pubSz outã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æŒã¤word32オブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚公開éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã«æˆåŠŸã—ãŸå¾Œã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ãŒè¨­å®šã•れã¾ã™ã€‚ + _Example_ \code int ret; ed448_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ char pub[57]; word32 pubSz = sizeof(pub); @@ -512,37 +702,46 @@ ret = wc_ed448_export_key(&key, priv, &pubSz, pub, &pubSz); if (ret != 0) { - // error exporting private and public key + // 秘密éµã¨å…¬é–‹éµã®ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_export_private \sa wc_ed448_export_public */ -int wc_ed448_export_key(ed448_key* key, +int wc_ed448_export_key(const ed448_key* key, byte* priv, word32 *privSz, byte* pub, word32 *pubSz); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体ã®å…¬é–‹éµã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ - \return 0 プライベートキーã¨å…¬é–‹éµãŒä¸€è‡´ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARGS 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ed448_key構造体内ã®å…¬é–‹éµãŒç§˜å¯†éµã¨ä¸€è‡´ã™ã‚‹ã‹ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 秘密éµã¨å…¬é–‹éµãŒä¸€è‡´ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARGS 指定ã•れãŸkeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key 秘密éµã¨å…¬é–‹éµã‚’ä¿æŒã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; - byte priv[] = { initialize with 57 byte private key }; - byte pub[] = { initialize with the corresponding public key }; + byte priv[] = { 57ãƒã‚¤ãƒˆã®ç§˜å¯†éµã§åˆæœŸåŒ– }; + byte pub[] = { 対応ã™ã‚‹å…¬é–‹éµã§åˆæœŸåŒ– }; ed448_key key; wc_ed448_init_key(&key); - wc_ed448_import_private_key(priv, sizeof(priv), pub, sizeof(pub), &key); + wc_ed448_import_private_key_ex(priv, sizeof(priv), pub, sizeof(pub), &key, + 1); ret = wc_ed448_check_key(&key); if (ret != 0) { - // error checking key + // éµã®ãƒã‚§ãƒƒã‚¯ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_import_private_key + \sa wc_ed448_import_private_key_ex */ int wc_ed448_check_key(ed448_key* key); @@ -550,29 +749,40 @@ /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448秘密éµã®ã‚µã‚¤ã‚º - 57ãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \return ED448_KEY_SIZE 有効ãªç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆ57ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARGS 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Ed448秘密éµã®ã‚µã‚¤ã‚ºï¼ˆ57ãƒã‚¤ãƒˆï¼‰ã‚’è¿”ã—ã¾ã™ã€‚ + + \return ED448_KEY_SIZE 有効ãªç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆ57ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARGS 指定ã•れãŸkeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int keySz; ed448_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ keySz = wc_ed448_size(&key); if (keySz == 0) { - // error determining key size + // éµã‚µã‚¤ã‚ºã®æ±ºå®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_make_key */ -int wc_ed448_size(ed448_key* key); +int wc_ed448_size(const ed448_key* key); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã‚µã‚¤ã‚ºï¼ˆsecret + public)をãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ - \return ED448_PRV_KEY_SIZE 秘密éµã®ã‚µã‚¤ã‚ºï¼ˆ114ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµã®ã‚µã‚¤ã‚ºï¼ˆç§˜å¯† + 公開)をãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ + + \return ED448_PRV_KEY_SIZE 秘密éµã®ã‚µã‚¤ã‚ºï¼ˆ114ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code ed448_key key; @@ -581,19 +791,25 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed448_make_key(&rng, 57, &key); // initialize 57 byte Ed448 key + wc_ed448_make_key(&rng, 57, &key); // 57ãƒã‚¤ãƒˆã®Ed448éµã‚’åˆæœŸåŒ– int key_size = wc_ed448_priv_size(&key); \endcode + \sa wc_ed448_pub_size */ -int wc_ed448_priv_size(ed448_key* key); +int wc_ed448_priv_size(const ed448_key* key); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯åœ§ç¸®éµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ï¼ˆå…¬é–‹éµï¼‰ã€‚ - \return ED448_PUB_KEY_SIZE 圧縮公開éµã®ã‚µã‚¤ã‚ºï¼ˆ57ãƒã‚¤ãƒˆï¼‰ã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€åœ§ç¸®éµã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ï¼ˆå…¬é–‹éµï¼‰ã€‚ + + \return ED448_PUB_KEY_SIZE 圧縮公開éµã®ã‚µã‚¤ã‚ºï¼ˆ57ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key éµã‚µã‚¤ã‚ºã‚’å–å¾—ã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code ed448_key key; @@ -601,31 +817,38 @@ WC_RNG rng; wc_InitRng(&rng); - wc_ed448_make_key(&rng, 57, &key); // initialize 57 byte Ed448 key + wc_ed448_make_key(&rng, 57, &key); // 57ãƒã‚¤ãƒˆã®Ed448éµã‚’åˆæœŸåŒ– int key_size = wc_ed448_pub_size(&key); \endcode + \sa wc_ed448_priv_size */ -int wc_ed448_pub_size(ed448_key* key); +int wc_ed448_pub_size(const ed448_key* key); /*! \ingroup ED448 - \brief ã“ã®é–¢æ•°ã¯ã€ED448ã‚·ã‚°ãƒãƒãƒ£ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°114)を返ã—ã¾ã™ã€‚ - \return ED448_SIG_SIZE ED448ã‚·ã‚°ãƒãƒãƒ£ï¼ˆ114ãƒã‚¤ãƒˆï¼‰ã®ã‚µã‚¤ã‚ºã€‚ - \return BAD_FUNC_ARG key引数ãŒnullã®å ´åˆã¯è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Ed448ç½²åã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ã§114)を返ã—ã¾ã™ã€‚ + + \return ED448_SIG_SIZE Ed448ç½²åã®ã‚µã‚¤ã‚ºï¼ˆ114ãƒã‚¤ãƒˆï¼‰ã€‚ + \return BAD_FUNC_ARG key引数ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param [in] key ç½²åサイズをå–å¾—ã™ã‚‹ed448_key構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int sigSz; ed448_key key; - // initialize key, make key + // keyã‚’åˆæœŸåŒ–ã—ã€keyã‚’ä½œæˆ sigSz = wc_ed448_sig_size(&key); if (sigSz == 0) { - // error determining sig size + // ç½²åã‚µã‚¤ã‚ºã®æ±ºå®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_ed448_sign_msg */ -int wc_ed448_sig_size(ed448_key* key); +int wc_ed448_sig_size(const ed448_key* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/error-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/error-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/error-crypt.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/error-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,34 +1,46 @@ /*! \ingroup Error - \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®ãƒãƒƒãƒ•ァ内ã®ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã®ã‚¨ãƒ©ãƒ¼æ–‡å­—列を格ç´ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param error 文字列をå–å¾—ã™ã‚‹ãŸã‚ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + + \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«å¯¾ã™ã‚‹ã‚¨ãƒ©ãƒ¼æ–‡å­—列を指定ã•れãŸãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param error 文字列をå–å¾—ã™ã‚‹ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + \param buffer エラー文字列を格ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。ãƒãƒƒãƒ•ã‚¡ã¯å°‘ãªãã¨ã‚‚WOLFSSL_MAX_ERROR_SZ(80ãƒã‚¤ãƒˆ)ã®é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + _Example_ \code char errorMsg[WOLFSSL_MAX_ERROR_SZ]; int err = wc_some_function(); - if( err != 0) { // error occurred + if( err != 0) { // エラーãŒç™ºç”Ÿ wc_ErrorString(err, errorMsg); } \endcode + \sa wc_GetErrorString */ void wc_ErrorString(int err, char* buff); /*! \ingroup Error - \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã®ã‚¨ãƒ©ãƒ¼æ–‡å­—列を返ã—ã¾ã™ã€‚ - \return string エラーコードã®ã‚¨ãƒ©ãƒ¼æ–‡å­—列を文字列リテラルã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«å¯¾ã™ã‚‹ã‚¨ãƒ©ãƒ¼æ–‡å­—列を返ã—ã¾ã™ã€‚ + + \return string エラーコードã«å¯¾ã™ã‚‹ã‚¨ãƒ©ãƒ¼æ–‡å­—列を文字列リテラルã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \param error 文字列をå–å¾—ã™ã‚‹ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ + _Example_ \code char * errorMsg; int err = wc_some_function(); - if( err != 0) { // error occurred + if( err != 0) { // エラーãŒç™ºç”Ÿ errorMsg = wc_GetErrorString(err); } \endcode + \sa wc_ErrorString */ const char* wc_GetErrorString(int error); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/evp.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/evp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/evp.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/evp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup openSSL - \brief ãれãžã‚Œã®wolfssl_evp_cipherãƒã‚¤ãƒ³ã‚¿ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚最åˆã«ãƒ—ログラム内ã§wolfssl_evp_init()を1回呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚wolfssl_des_ecbマクロã¯ã€wolfssl_evp_des_ede3_ecb()ã«å¯¾ã—ã¦å®šç¾©ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return pointer DES EDE3æ“作ã®ãŸã‚ã®wolfssl_evp_cipherãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ãれãžã‚Œã®WOLFSSL_EVP_CIPHERãƒã‚¤ãƒ³ã‚¿ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚ã“ã‚Œã‚‰ã®æš—å·æ–‡å­—列を設定ã™ã‚‹ã«ã¯ã€ã¾ãšãƒ—ログラムã§wolfSSL_EVP_init()を一度呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚wolfSSL_EVP_des_ede3_ecb()ã®å ´åˆã€WOLFSSL_DES_ECBマクロãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return pointer DES EDE3æ“作用ã®WOLFSSL_EVP_CIPHERãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code printf("block size des ede3 cbc = %d\n", @@ -9,31 +14,43 @@ printf("block size des ede3 ecb = %d\n", wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_des_ede3_ecb())); \endcode + \sa wolfSSL_EVP_CIPHER_CTX_init */ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void); /*! \ingroup openSSL - \brief ãれãžã‚Œã®wolfssl_evp_cipherãƒã‚¤ãƒ³ã‚¿ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚最åˆã«ãƒ—ログラム内ã§wolfssl_evp_init()を1回呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚wolfssl_des_ecbマクロã¯ã€wolfssl_evp_des_ecb()ã«å¯¾ã—ã¦å®šç¾©ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return pointer DESæ“作ã®ãŸã‚ã®wolfssl_evp_cipherãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ãれãžã‚Œã®WOLFSSL_EVP_CIPHERãƒã‚¤ãƒ³ã‚¿ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚ã“ã‚Œã‚‰ã®æš—å·æ–‡å­—列を設定ã™ã‚‹ã«ã¯ã€ã¾ãšãƒ—ログラムã§wolfSSL_EVP_init()を一度呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚wolfSSL_EVP_des_ecb()ã®å ´åˆã€WOLFSSL_DES_ECBマクロãŒå®šç¾©ã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return pointer DESæ“作用ã®WOLFSSL_EVP_CIPHERãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code WOLFSSL_EVP_CIPHER* cipher; cipher = wolfSSL_EVP_des_cbc(); … \endcode + \sa wolfSSL_EVP_CIPHER_CTX_init */ const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void); /*! \ingroup openSSL - \brief wolfssl_evp_md_ctxã‚’åˆæœŸåŒ–ã™ã‚‹æ©Ÿèƒ½ã€‚ã“ã®é–¢æ•°ã¯wolfssl_engineãŒwolfssl_engineを使用ã—ãªã„ãŸã‚ã€wolfssl_evp_digestinit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆ - \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€  - \param type SHAãªã©ã®ãƒãƒƒã‚·ãƒ¥ã®ç¨®é¡žã€‚ + + \brief WOLFSSL_EVP_MD_CTXã‚’åˆæœŸåŒ–ã™ã‚‹é–¢æ•°ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒWOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€wolfSSL_EVP_DigestInit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€‚ + + \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€ ä½“。 + \param type 実行ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ã‚¿ã‚¤ãƒ—ã€ä¾‹ãˆã°SHA。 + \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfSSLã§ã¯è©²å½“ãªã—ã€NULLã§ã‚‚å¯ã€‚ + _Example_ \code WOLFSSL_EVP_MD_CTX* md = NULL; @@ -45,8 +62,9 @@ } printf("cipher md init ret = %d\n", wolfSSL_EVP_DigestInit_ex(md, wolfSSL_EVP_sha1(), e)); - //free resources + //リソースを解放 \endcode + \sa wolfSSL_EVP_MD_CTX_new \sa wolfCrypt_Init \sa wolfSSL_EVP_MD_CTX_free @@ -57,14 +75,19 @@ /*! \ingroup openSSL - \brief wolfssl_evp_cipher_ctxã‚’åˆæœŸåŒ–ã™ã‚‹æ©Ÿèƒ½ã€‚ã“ã®é–¢æ•°ã¯wolfssl_engineãŒwolfssl_engineを使用ã—ãªã„ãŸã‚ã€wolfssl_ciphinit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆ - \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€  - \param type AESãªã©ã®æš—å·åŒ–/復å·åŒ–ã®ç¨®é¡žã€‚ - \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfsslã®n / aã¯ã€nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param key 設定ã™ã‚‹ã‚­ãƒ¼ - \param iv アルゴリズムã§å¿…è¦ãªå ´åˆã¯IV。 + + \brief WOLFSSL_EVP_CIPHER_CTXã‚’åˆæœŸåŒ–ã™ã‚‹é–¢æ•°ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒWOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€wolfSSL_CipherInit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€‚ + + \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€ ä½“。 + \param type 実行ã™ã‚‹æš—å·åŒ–/復å·ã®ã‚¿ã‚¤ãƒ—ã€ä¾‹ãˆã°AES。 + \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfSSLã§ã¯è©²å½“ãªã—ã€NULLã§ã‚‚å¯ã€‚ + \param key 設定ã™ã‚‹éµã€‚ + \param iv アルゴリズムãŒå¿…è¦ã¨ã™ã‚‹å ´åˆã®iv。 + \param enc æš—å·åŒ–(1)ã¾ãŸã¯å¾©å·(0)フラグ。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx = NULL; @@ -82,8 +105,9 @@ EVP_aes_128_ cbc(), e, key, iv, 1)); printf("cipher init ex success ret = %d\n", wolfSSL_EVP_CipherInit_ex(ctx, EVP_aes_128_c bc(), e, key, iv, 1)); - // free resources + // リソースを解放 \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new \sa wolfCrypt_Init \sa wolfSSL_EVP_CIPHER_CTX_free @@ -97,13 +121,18 @@ /*! \ingroup openSSL - \brief wolfssl_evp_cipher_ctxã‚’åˆæœŸåŒ–ã™ã‚‹æ©Ÿèƒ½ã€‚WolfSSLã¯WOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€ã“ã®é–¢æ•°ã¯wolfssl_evp_ciphinit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚æš—å·åŒ–フラグを暗å·åŒ–ã™ã‚‹ã‚ˆã†ã«è¨­å®šã—ã¾ã™ã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆ - \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€  - \param type AESãªã©ã®æš—å·åŒ–ã®ç¨®é¡žã€‚ - \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfsslã®n / aã¯ã€nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param key 使用ã™ã‚‹éµ + + \brief WOLFSSL_EVP_CIPHER_CTXã‚’åˆæœŸåŒ–ã™ã‚‹é–¢æ•°ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒWOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€wolfSSL_EVP_CipherInit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚æš—å·åŒ–フラグを暗å·åŒ–ã«è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€‚ + + \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€ ä½“。 + \param type 実行ã™ã‚‹æš—å·åŒ–ã®ã‚¿ã‚¤ãƒ—ã€ä¾‹ãˆã°AES。 + \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfSSLã§ã¯è©²å½“ãªã—ã€NULLã§ã‚‚å¯ã€‚ + \param key 使用ã™ã‚‹éµã€‚ + \param iv 使用ã™ã‚‹iv。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx = NULL; @@ -115,8 +144,9 @@ } printf("cipher ctx init ret = %d\n", wolfSSL_EVP_EncryptInit_ex(ctx, wolfSSL_EVP_aes_128_cbc(), e, key, iv)); - //free resources + //リソースを解放 \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new \sa wolfCrypt_Init \sa wolfSSL_EVP_CIPHER_CTX_free @@ -129,14 +159,19 @@ /*! \ingroup openSSL - \brief wolfssl_evp_cipher_ctxã‚’åˆæœŸåŒ–ã™ã‚‹æ©Ÿèƒ½ã€‚WolfSSLã¯WOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€ã“ã®é–¢æ•°ã¯wolfssl_evp_ciphinit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚æš—å·åŒ–フラグを復å·åŒ–ã™ã‚‹ã‚ˆã†ã«è¨­å®šã—ã¾ã™ã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆ - \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€  - \param type AESãªã©ã®æš—å·åŒ–/復å·åŒ–ã®ç¨®é¡žã€‚ - \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfsslã®n / aã¯ã€nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param key 設定ã™ã‚‹ã‚­ãƒ¼ - \param iv アルゴリズムã§å¿…è¦ãªå ´åˆã¯IV。 + + \brief WOLFSSL_EVP_CIPHER_CTXã‚’åˆæœŸåŒ–ã™ã‚‹é–¢æ•°ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒWOLFSSL_ENGINEを使用ã—ãªã„ãŸã‚ã€wolfSSL_EVP_CipherInit()ã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚æš—å·åŒ–フラグを復å·ã«è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€‚ + + \param ctx åˆæœŸåŒ–ã™ã‚‹æ§‹é€ ä½“。 + \param type 実行ã™ã‚‹æš—å·åŒ–/復å·ã®ã‚¿ã‚¤ãƒ—ã€ä¾‹ãˆã°AES。 + \param impl 使用ã™ã‚‹ã‚¨ãƒ³ã‚¸ãƒ³ã€‚wolfSSLã§ã¯è©²å½“ãªã—ã€NULLã§ã‚‚å¯ã€‚ + \param key 設定ã™ã‚‹éµã€‚ + \param iv アルゴリズムãŒå¿…è¦ã¨ã™ã‚‹å ´åˆã®iv。 + \param enc æš—å·åŒ–(1)ã¾ãŸã¯å¾©å·(0)フラグ。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx = NULL; @@ -156,8 +191,9 @@ EVP_aes_128_ cbc(), e, key, iv, 1)); printf("cipher init ex success ret = %d\n", wolfSSL_EVP_DecryptInit_ex(ctx, EVP_aes_128_c bc(), e, key, iv, 1)); - // free resources + // リソースを解放 \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new \sa wolfCrypt_Init \sa wolfSSL_EVP_CIPHER_CTX_free @@ -170,13 +206,18 @@ /*! \ingroup openSSL - \brief データを暗å·åŒ–/復å·åŒ–ã™ã‚‹æ©Ÿèƒ½ã€‚ãƒãƒƒãƒ•ァ内ã§ã¯æš—å·åŒ–ã¾ãŸã¯å¾©å·åŒ–ã•れã€OUTãƒãƒƒãƒ•ã‚¡ãŒçµæžœã‚’ä¿æŒã—ã¾ã™ã€‚OUTORã¯æš—å·åŒ–/復å·åŒ–ã•ã‚ŒãŸæƒ…å ±ã®é•·ã•ã«ãªã‚Šã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆ - \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆ - \param ctx ã‹ã‚‰æš—å·åŒ–ã®ç¨®é¡žã‚’å–å¾—ã™ã‚‹ãŸã‚ã®æ§‹é€ ã€‚ - \param out å‡ºåŠ›ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param outl 出力ã®ã‚µã‚¤ã‚ºã«ãªã‚‹ã‚ˆã†ã«èª¿æ•´ã—ã¾ã—ãŸã€‚ - \param in æ“作を実行ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー。 + + \brief データを暗å·åŒ–/復å·ã™ã‚‹é–¢æ•°ã€‚inãƒãƒƒãƒ•ã‚¡ãŒæš—å·åŒ–ã¾ãŸã¯å¾©å·ã•れる対象ã¨ã—ã¦è¿½åŠ ã•れã€outãƒãƒƒãƒ•ã‚¡ãŒçµæžœã‚’ä¿æŒã—ã¾ã™ã€‚outlã¯æš—å·åŒ–/復å·ã•ã‚ŒãŸæƒ…å ±ã®é•·ã•ã«ãªã‚Šã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE æˆåŠŸã—ãªã‹ã£ãŸå ´åˆã€‚ + + \param ctx æš—å·ã‚¿ã‚¤ãƒ—ã‚’å–å¾—ã™ã‚‹æ§‹é€ ä½“。 + \param out å‡ºåŠ›ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param outl 出力ã®ã‚µã‚¤ã‚ºã«èª¿æ•´ã•れã¾ã™ã€‚ + \param in æ“作を実行ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param inl 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx = NULL; @@ -186,12 +227,13 @@ int inl = 100; ctx = wolfSSL_EVP_CIPHER_CTX_new(); - // set up ctx + // ctxをセットアップ ret = wolfSSL_EVP_CipherUpdate(ctx, out, outl, in, inl); - // check ret value - // buffer out holds outl bytes of data - // free resources + // ret値をãƒã‚§ãƒƒã‚¯ + // ãƒãƒƒãƒ•ã‚¡outã¯outlãƒã‚¤ãƒˆã®ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒ + // リソースを解放 \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new \sa wolfCrypt_Init \sa wolfSSL_EVP_CIPHER_CTX_free @@ -202,19 +244,25 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘ディングを追加ã™ã‚‹æœ€çµ‚æš—å·åŒ–æ“作を実行ã—ã¾ã™ã€‚wolfssl_evp_ciph_no_paddingフラグãŒwolfssl_evp_cipher_ctx構造ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€1ãŒè¿”ã•ã‚Œã€æš—å·åŒ–/復å·åŒ–ã¯è¡Œã‚れã¾ã›ã‚“。PADDING FLAGãŒSETIパディングを追加ã—ã¦æš—å·åŒ–ã™ã‚‹ã¨ã€æš—å·åŒ–ã«CTXãŒè¨­å®šã•れã¦ã„ã‚‹ã¨ã€å¾©å·åŒ–ã•れãŸã¨ãã«ãƒ‘ディング値ãŒãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ - \return 1 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return 0 失敗ã«é­é‡ã—ãŸå ´åˆ - \param ctx 復å·åŒ–/æš—å·åŒ–ã™ã‚‹æ§‹é€ ã€‚ - \param out 最後ã®å¾©å·åŒ–/æš—å·åŒ–ã®ãŸã‚ã®ãƒãƒƒãƒ•ァ。 + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘ディングを追加ã™ã‚‹æœ€çµ‚æš—å·æ“作を実行ã—ã¾ã™ã€‚WOLFSSL_EVP_CIPHER_CTX構造体ã«WOLFSSL_EVP_CIPH_NO_PADDINGフラグãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€1ãŒè¿”ã•ã‚Œã€æš—å·åŒ–/復å·ã¯å®Ÿè¡Œã•れã¾ã›ã‚“。パディングフラグãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ctxãŒæš—å·åŒ–ã«è¨­å®šã•れã¦ã„ã‚‹ã¨ãã«ãƒ‘ディングãŒè¿½åŠ ã•れ暗å·åŒ–ã•れã€å¾©å·ã«è¨­å®šã•れã¦ã„ã‚‹ã¨ãã«ãƒ‘ディング値ãŒãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ + + \return 1 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return 0 失敗ãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param ctx 復å·/æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æ§‹é€ ä½“。 + \param out 最終復å·/æš—å·åŒ–用ã®ãƒãƒƒãƒ•ァ。 + \param out1 関数ã«ã‚ˆã£ã¦ãƒ‡ãƒ¼ã‚¿ãŒè¿½åŠ ã•れãŸã¨ãã®outãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; int out1; unsigned char out[64]; - // create ctx + // ctxã‚’ä½œæˆ wolfSSL_EVP_CipherFinal(ctx, out, &out1); \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new */ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, @@ -222,17 +270,23 @@ /*! \ingroup openSSL - \brief WolfSSL EVP_CIPHER_CTX構造キー長ã®è¨­å®šæ©Ÿèƒ½ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_FAILURE キーã®é•·ã•を設定ã§ããªã‹ã£ãŸå ´åˆã€‚ - \param ctx キーã®é•·ã•を設定ã™ã‚‹æ§‹é€  + + \brief WOLFSSL_EVP_CIPHER_CTX構造体ã®éµé•·ã®ã‚»ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE éµé•·ã®è¨­å®šã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param ctx éµé•·ã‚’設定ã™ã‚‹æ§‹é€ ä½“。 + \param keylen éµã®é•·ã•。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; int keylen; - // create ctx + // ctxã‚’ä½œæˆ wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen); \endcode + \sa wolfSSL_EVP_CIPHER_flags */ int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, @@ -240,43 +294,61 @@ /*! \ingroup openSSL - \brief ã“れã¯CTXブロックサイズã®Getter関数ã§ã™ã€‚ - \return size ctx-> block_sizeã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“れã¯ctxブロックサイズã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ + + \return size ctx->block_sizeã‚’è¿”ã—ã¾ã™ã€‚ + + \param ctx ブロックサイズをå–å¾—ã™ã‚‹æš—å·ctx。 + _Example_ \code const WOLFSSL_CVP_CIPHER_CTX* ctx; - //set up ctx - printf(“block size = %d\nâ€, wolfSSL_EVP_CIPHER_CTX_block_size(ctx)); + //ctxをセットアップ + printf("block size = %d\n", wolfSSL_EVP_CIPHER_CTX_block_size(ctx)); \endcode + \sa wolfSSL_EVP_CIPHER_block_size */ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); /*! \ingroup openSSL - \brief ã“ã‚Œã¯æš—å·ã®ãƒ–ロックサイズã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ - \return size ブロックサイズを返ã—ã¾ã™ã€‚ + + \brief ã“ã‚Œã¯æš—å·ã®ãƒ–ロックサイズã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ + + \return size ブロックサイズを返ã—ã¾ã™ã€‚ + + \param cipher ブロックサイズをå–å¾—ã™ã‚‹æš—å·ã€‚ + _Example_ \code - printf(“block size = %d\nâ€, + printf("block size = %d\n", wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_256_ecb())); \endcode + \sa wolfSSL_EVP_aes_256_ctr */ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); /*! \ingroup openSSL - \brief WolfSSL evp_cipher_ctx構造ã®è¨­å®šæ©Ÿèƒ½ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx フラグを設定ã™ã‚‹æ§‹é€  + + \brief WOLFSSL_EVP_CIPHER_CTX構造体ã®ã‚»ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx フラグを設定ã™ã‚‹æ§‹é€ ä½“。 + \param flag 構造体ã«è¨­å®šã™ã‚‹ãƒ•ラグ。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; int flag; - // create ctx + // ctxã‚’ä½œæˆ wolfSSL_EVP_CIPHER_CTX_set_flags(ctx, flag); \endcode + \sa wolfSSL_EVP_CIPHER_flags \sa wolfSSL_EVP_CIPHER_CTX_flags */ @@ -284,16 +356,22 @@ /*! \ingroup openSSL - \brief WolfSSL evp_cipher_ctx構造ã®ã‚¯ãƒªã‚¢æ©Ÿèƒ½ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx フラグをクリアã™ã‚‹ãŸã‚ã®æ§‹é€  + + \brief WOLFSSL_EVP_CIPHER_CTX構造体ã®ã‚¯ãƒªã‚¢é–¢æ•°ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx フラグをクリアã™ã‚‹æ§‹é€ ä½“。 + \param flag 構造体ã§ã‚¯ãƒªã‚¢ã™ã‚‹ãƒ•ラグ値。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; int flag; - // create ctx + // ctxã‚’ä½œæˆ wolfSSL_EVP_CIPHER_CTX_clear_flags(ctx, flag); \endcode + \sa wolfSSL_EVP_CIPHER_flags \sa wolfSSL_EVP_CIPHER_CTX_flags */ @@ -301,16 +379,22 @@ /*! \ingroup openSSL - \brief wolfssl_evp_cipher_ctx構造ã®ãŸã‚ã®ã‚»ãƒƒã‚¿ãƒ¼æ©Ÿèƒ½ãƒ‘ディングを使用ã™ã‚‹ã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \return BAD_FUNC_ARG NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ctx パディングフラグを設定ã™ã‚‹æ§‹é€  + + \brief パディングを使用ã™ã‚‹ãŸã‚ã®WOLFSSL_EVP_CIPHER_CTX構造体ã®ã‚»ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚ + + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG nullå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param ctx パディングフラグを設定ã™ã‚‹æ§‹é€ ä½“。 + \param padding パディングを設定ã—ãªã„å ´åˆã¯0ã€ãƒ‘ディングを設定ã™ã‚‹å ´åˆã¯1。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; - // create ctx + // ctxã‚’ä½œæˆ wolfSSL_EVP_CIPHER_CTX_set_padding(ctx, 1); \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new */ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); @@ -318,8 +402,13 @@ /*! \ingroup openSSL - \brief wolfssl_evp_cipher_ctx構造ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°å»ƒæ­¢äºˆå®šã®V1.1.0 - \return unsigned フラグ/モードã®é•·ã„。 + + \brief WOLFSSL_EVP_CIPHER_CTX構造体ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã€‚v1.1.0ã§éžæŽ¨å¥¨ + + \return unsigned long フラグ/モードã®unsigned long。 + + \param ctx フラグをå–å¾—ã™ã‚‹æ§‹é€ ä½“。 + _Example_ \code WOLFSSL_EVP_CIPHER_CTX* ctx; @@ -327,6 +416,7 @@ ctx = wolfSSL_EVP_CIPHER_CTX_new() flags = wolfSSL_EVP_CIPHER_CTX_flags(ctx); \endcode + \sa wolfSSL_EVP_CIPHER_CTX_new \sa wolfSSL_EVP_CIPHER_flags */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hash.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,17 +1,23 @@ /*! \ingroup wolfCrypt - \brief ã“ã®é–¢æ•°ã¯æä¾›ã•れãŸwc_hashtypeã®OIDã‚’è¿”ã—ã¾ã™ã€‚ - \return OID 戻り値0ã‚’è¶…ãˆã¦ãã ã•ã„ - \return HASH_TYPE_E ãƒãƒƒã‚·ãƒ¥åž‹ã¯ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã›ã‚“。 - \return BAD_FUNC_ARG æä¾›ã•れãŸå¼•æ•°ã®1ã¤ãŒæ­£ã—ãã‚りã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸwc_HashTypeã®OIDã‚’è¿”ã—ã¾ã™ã€‚ + + \return OID 0より大ãã„値を返ã—ã¾ã™ + \return HASH_TYPE_E ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã›ã‚“。 + \return BAD_FUNC_ARG æä¾›ã•れãŸå¼•æ•°ã®1ã¤ãŒæ­£ã—ãã‚りã¾ã›ã‚“。 + + \param hash_type "WC_HASH_TYPE_SHA256"ãªã©ã®"enum wc_HashType"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + _Example_ \code enum wc_HashType hash_type = WC_HASH_TYPE_SHA256; int oid = wc_HashGetOID(hash_type); if (oid > 0) { - // Success + // æˆåŠŸ } \endcode + \sa wc_HashGetDigestSize \sa wc_Hash */ @@ -19,10 +25,15 @@ /*! \ingroup wolfCrypt - \brief ã“ã®é–¢æ•°ã¯ã€hash_typeã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆï¼ˆå‡ºåŠ›ï¼‰ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚è¿”å“サイズã¯ã€WC_HASHã«æä¾›ã•れる出力ãƒãƒƒãƒ•ã‚¡ãŒå分ã«å¤§ãã„ã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return Success æ­£ã®æˆ»ã‚Šå€¤ã¯ã€ãƒãƒƒã‚·ãƒ¥ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ - \return Error hash_typeãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã¯hash_type_eã‚’è¿”ã—ã¾ã™ã€‚ - \return Failure 無効ãªhash_typeãŒä½¿ç”¨ã•れãŸå ´åˆã€bad_func_argã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€hash_typeã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆ(出力)ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚è¿”ã•れるサイズã¯ã€wc_Hashã«æä¾›ã•れる出力ãƒãƒƒãƒ•ã‚¡ãŒå分ãªå¤§ãã•ã§ã‚ã‚‹ã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return Success æ­£ã®æˆ»ã‚Šå€¤ã¯ã€ãƒãƒƒã‚·ãƒ¥ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ + \return Error hash_typeãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã€HASH_TYPE_Eã‚’è¿”ã—ã¾ã™ã€‚ + \return Failure 無効ãªhash_typeãŒä½¿ç”¨ã•れãŸå ´åˆã€BAD_FUNC_ARGã‚’è¿”ã—ã¾ã™ã€‚ + + \param hash_type "WC_HASH_TYPE_SHA256"ãªã©ã®"enum wc_HashType"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + _Example_ \code int hash_len = wc_HashGetDigestSize(hash_type); @@ -31,18 +42,24 @@ return BAD_FUNC_ARG; } \endcode + \sa wc_Hash */ int wc_HashGetDigestSize(enum wc_HashType hash_type); /*! \ingroup wolfCrypt - \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ァ上ã«ãƒãƒƒã‚·ãƒ¥ã‚’実行ã—ã€æä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ãƒãƒƒãƒ•ã‚¡ã«ãれを返ã—ã¾ã™ã€‚ - \return 0 ãã†ã§ãªã‘れã°ã€ãれ以外ã®èª¤ã‚Šï¼ˆbad_func_argã‚„buffer_eãªã©ï¼‰ã€‚ - \param hash_type "wc_hash_type_sha256"ãªã©ã® "enum wc_hashtype"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥åž‹ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param hash 最後ã®ãƒãƒƒã‚·ãƒ¥ã‚’出力ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã«å¯¾ã—ã¦ãƒãƒƒã‚·ãƒ¥ã‚’実行ã—ã€æä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ãƒãƒƒãƒ•ã‚¡ã«çµæžœã‚’è¿”ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸã€ãれ以外ã¯ã‚¨ãƒ©ãƒ¼(BAD_FUNC_ARGã‚„BUFFER_Eãªã©)。 + + \param hash_type "WC_HASH_TYPE_SHA256"ãªã©ã®"enum wc_HashType"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param hash 最終ãƒãƒƒã‚·ãƒ¥ã‚’出力ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hash_len ãƒãƒƒã‚·ãƒ¥ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code enum wc_HashType hash_type = WC_HASH_TYPE_SHA256; @@ -50,10 +67,11 @@ if (hash_len > 0) { int ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len); if(ret == 0) { - // Success + // æˆåŠŸ } } \endcode + \sa wc_HashGetDigestSize */ int wc_Hash(enum wc_HashType hash_type, @@ -62,11 +80,16 @@ /*! \ingroup MD5 - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 データを正常ã«ãƒãƒƒã‚·ãƒ¥ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code const byte* data; @@ -76,9 +99,10 @@ ... ret = wc_Md5Hash(data, data_len, hash); if (ret != 0) { - // Md5 Hash Failure Case. + // Md5ãƒãƒƒã‚·ãƒ¥å¤±æ•—ã®ã‚±ãƒ¼ã‚¹ã€‚ } \endcode + \sa wc_Md5Hash \sa wc_Md5Final \sa wc_InitMd5 @@ -87,15 +111,21 @@ /*! \ingroup SHA - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 ã†ã¾ãè¿”ã•れã¾ã—ãŸ...。 - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 正常ã«â€¦.ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode + \sa wc_ShaHash \sa wc_ShaFinal \sa wc_InitSha @@ -104,15 +134,44 @@ /*! \ingroup SHA - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 ã†ã¾ãè¿”ã•れã¾ã—ãŸ... - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return <0 エラー + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + none + \endcode + + \sa wc_InitSha224 + \sa wc_Sha224Update + \sa wc_Sha224Final +*/ +int wc_Sha224Hash(const byte* data, word32 len, byte* hash); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 正常ã«â€¦ã®å ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode + \sa wc_Sha256Hash \sa wc_Sha256Final \sa wc_InitSha256 @@ -121,32 +180,44 @@ /*! \ingroup SHA - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return <0 エラー - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode - \sa wc_InitSha224 - \sa wc_Sha224Update - \sa wc_Sha224Final + + \sa wc_Sha384Hash + \sa wc_Sha384Final + \sa wc_InitSha384 */ -int wc_Sha224Hash(const byte* data, word32 len, byte* hash); +int wc_Sha384Hash(const byte* data, word32 len, byte* hash); /*! \ingroup SHA - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 入力ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’正常ã«ãƒãƒƒã‚·ãƒ¥ã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力ã•れãŸãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode + \sa wc_Sha512Hash \sa wc_Sha512Final \sa wc_InitSha512 @@ -155,17 +226,142 @@ /*! \ingroup SHA - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 データを正常ã«ãƒãƒƒã‚·ãƒ¥ã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode - \sa wc_Sha384Hash - \sa wc_Sha384Final - \sa wc_InitSha384 + + \sa wc_InitSha3_224 + \sa wc_Sha3_224_Update + \sa wc_Sha3_224_Final */ -int wc_Sha384Hash(const byte* data, word32 len, byte* hash); +int wc_Sha3_224Hash(const byte* data, word32 len, byte* hash); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + none + \endcode + + \sa wc_InitSha3_256 + \sa wc_Sha3_256_Update + \sa wc_Sha3_256_Final +*/ +int wc_Sha3_256Hash(const byte* data, word32 len, byte* hash); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + none + \endcode + + \sa wc_InitSha3_384 + \sa wc_Sha3_384_Update + \sa wc_Sha3_384_Final +*/ +int wc_Sha3_384Hash(const byte* data, word32 len, byte* hash); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力ã•れãŸãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + none + \endcode + + \sa wc_InitSha3_512 + \sa wc_Sha3_512_Update + \sa wc_Sha3_512_Final +*/ +int wc_Sha3_512Hash(const byte* data, word32 len, byte* hash); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力ã•れãŸãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param hashLen hashã«æ›¸ã込むãƒã‚¤ãƒˆæ•°ã€‚ + + _Example_ + \code + none + \endcode + + \sa wc_InitShake128 + \sa wc_Shake128_Update + \sa wc_Shake128_Final +*/ +int wc_Shake128Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); + +/*! + \ingroup SHA + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥å‡¦ç†ã‚’行ã„ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 入力ã•れãŸãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‰ã‚Œã¾ã›ã‚“。ã“れã¯å°ã•ã„ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿å¯èƒ½ã§ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param hashLen hashã«æ›¸ã込むãƒã‚¤ãƒˆæ•°ã€‚ + + _Example_ + \code + none + \endcode + + \sa wc_InitShake256 + \sa wc_Shake256_Update + \sa wc_Shake256_Final +*/ +int wc_Shake256Hash(const byte* data, word32 len, byte* hash, + word32 hashLen); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hmac.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/hmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,21 +1,27 @@ /*! \ingroup HMAC - \brief ã“ã®é–¢æ•°ã¯HMACã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã€ãã®æš—å·åŒ–タイプã€ã‚­ãƒ¼ã€ãŠã‚ˆã³HMACã®é•·ã•を設定ã—ã¾ã™ã€‚ - \return 0 HMACオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG 入力タイプãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ã€‚有効ãªã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™.MD5ã€SHAã€SHA256ã€SHA384ã€SHA3-224ã€SHA3-256ã€SHA3-384ã€SHA3-512 - \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã«ä½¿ç”¨ã™ã‚‹æ§‹é€ ä½“ã®å‰²ã‚Šå½“ã¦ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã™ã‚‹ã¨ãã«ã€æŒ‡å®šã•れãŸã‚­ãƒ¼ãŒFIPSè¦æ ¼ã®æœ€å°è¨±å®¹(14ãƒã‚¤ãƒˆ)よりも短ㄠ- \param hmac åˆæœŸåŒ–ã™ã‚‹HMACオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param type HMACオブジェクトを使用ã™ã‚‹æš—å·åŒ–æ–¹å¼ã‚’指定ã—ã¾ã™ã€‚有効ãªã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™.MD5ã€SHAã€SHA256ã€SHA384ã€SHA3-224ã€SHA3-256ã€SHA3-384ã€SHA3-512 - \param key HMACã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯Hmacã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã€æš—å·åŒ–タイプã€éµã€ãŠã‚ˆã³HMAC長を設定ã—ã¾ã™ã€‚ + + \return 0 Hmacオブジェクトã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力タイプãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã«ä½¿ç”¨ã™ã‚‹æ§‹é€ ä½“ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準ã®14ãƒã‚¤ãƒˆã‚ˆã‚ŠçŸ­ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param hmac åˆæœŸåŒ–ã™ã‚‹Hmacオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type HmacオブジェクトãŒä½¿ç”¨ã™ã‚‹æš—å·åŒ–æ–¹å¼ã‚’指定ã™ã‚‹ã‚¿ã‚¤ãƒ—。有効ãªã‚ªãƒ—ションã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param key Hmacã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param length éµã®é•·ã•。 + _Example_ \code Hmac hmac; - byte key[] = { // initialize with key to use for encryption }; - if (wc_HmacSetKey(&hmac, MD5, key, sizeof(key)) != 0) { - // error initializing Hmac object + byte key[] = { // æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹éµã§åˆæœŸåŒ– }; + if (wc_HmacSetKey(&hmac, WC_MD5, key, sizeof(key)) != 0) { + // Hmacオブジェクトã®åˆæœŸåŒ–エラー } \endcode + \sa wc_HmacUpdate \sa wc_HmacFinal */ @@ -23,24 +29,30 @@ /*! \ingroup HMAC - \brief ã“ã®é–¢æ•°ã¯ã€HMACを使用ã—ã¦èªè¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã—ã¾ã™ã€‚HMACオブジェクトãŒWC_HMACSETKEYã§åˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã™ã‚‹ãŸã‚ã«è¤‡æ•°å›žå‘¼ã³å‡ºã•れるã“ã¨ãŒã‚りã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦wc_hmacupdateを呼ã³å‡ºã—ãŸå¾Œã€æœ€çµ‚èªè¨¼æ¸ˆã¿ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚¿ã‚°ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«wc_hmacfinalを呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 èªè¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ›´æ–°ã«æˆåŠŸã—ã¾ã—㟠- \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \param hmac メッセージを更新ã™ã‚‹HMACオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msg 追加ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€HMACを使用ã—ã¦èªè¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã—ã¾ã™ã€‚wc_HmacSetKeyã§HmacオブジェクトãŒåˆæœŸåŒ–ã•れãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã™ã‚‹ãŸã‚ã«è¤‡æ•°å›žå‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦wc_HmacUpdateを呼ã³å‡ºã—ãŸå¾Œã€wc_HmacFinalを呼ã³å‡ºã—ã¦æœ€çµ‚çš„ãªèªè¨¼ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚¿ã‚°ã‚’å–å¾—ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 èªè¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ›´æ–°ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param hmac メッセージを更新ã™ã‚‹Hmacオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param msg 追加ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param length 追加ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + _Example_ \code Hmac hmac; - byte msg[] = { // initialize with message to authenticate }; - byte msg2[] = { // initialize with second half of message }; - // initialize hmac + byte msg[] = { // èªè¨¼ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– }; + byte msg2[] = { // メッセージã®å¾ŒåŠã§åˆæœŸåŒ– }; + // hmacã‚’åˆæœŸåŒ– if( wc_HmacUpdate(&hmac, msg, sizeof(msg)) != 0) { - // error updating message + // メッセージ更新エラー } if( wc_HmacUpdate(&hmac, msg2, sizeof(msg)) != 0) { - // error updating with second message + // 2番目ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã®æ›´æ–°ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_HmacSetKey \sa wc_HmacFinal */ @@ -48,21 +60,27 @@ /*! \ingroup HMAC - \brief ã“ã®é–¢æ•°ã¯ã€HMACオブジェクトã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¾ã™ã€‚ - \return 0 最後ã®ãƒãƒƒã‚·ãƒ¥ã®è¨ˆç®—ã«æˆåŠŸã—㟠- \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \param hmac 最終ãƒãƒƒã‚·ãƒ¥ã‚’計算ã™ã‚‹HMACオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Hmacオブジェクトã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¾ã™ã€‚ + + \return 0 最終ãƒãƒƒã‚·ãƒ¥ã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param hmac 最終ãƒãƒƒã‚·ãƒ¥ã‚’計算ã™ã‚‹Hmacオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hash 最終ãƒãƒƒã‚·ãƒ¥ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚é¸æŠžã—ãŸãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã«å¿…è¦ãªã‚¹ãƒšãƒ¼ã‚¹ã‚’確ä¿ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code Hmac hmac; byte hash[MD5_DIGEST_SIZE]; - // initialize hmac with MD5 as type - // wc_HmacUpdate() with messages + // タイプã¨ã—ã¦MD5ã§hmacã‚’åˆæœŸåŒ– + // メッセージã§wc_HmacUpdate() if (wc_HmacFinal(&hmac, hash) != 0) { - // error computing hash + // ãƒãƒƒã‚·ãƒ¥è¨ˆç®—エラー } \endcode + \sa wc_HmacSetKey \sa wc_HmacUpdate */ @@ -70,46 +88,435 @@ /*! \ingroup HMAC - \brief ã“ã®é–¢æ•°ã¯ã€æ§‹æˆã•ã‚ŒãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã«åŸºã¥ã„ã¦ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã®HMACダイジェストサイズを返ã—ã¾ã™ã€‚ - \return Success 設定ã•ã‚ŒãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã«åŸºã¥ã„ã¦ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã®HMACダイジェストサイズを返ã—ã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨­å®šã•ã‚ŒãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã«åŸºã¥ã„ã¦åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã®HMACダイジェストサイズを返ã—ã¾ã™ã€‚ + + \return Success 設定ã•ã‚ŒãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã«åŸºã¥ã„ã¦åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã®HMACダイジェストサイズを返ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code int maxDigestSz = wolfSSL_GetHmacMaxSize(); \endcode + \sa none */ int wolfSSL_GetHmacMaxSize(void); /*! \ingroup HMAC - \brief ã“ã®é–¢æ•°ã¯ã€HMACキー導出機能(HKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ä»»æ„ã®SALTã¨ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã®æƒ…報を派生ã—ãŸã‚­ãƒ¼ã«å¤‰æ›ã—ã¾ã™ã€‚0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れã¦ã„ã‚‹å ´åˆã€ãƒãƒƒã‚·ãƒ¥åž‹ã¯ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸå…¥åŠ›ã§ã‚­ãƒ¼ã®ç”Ÿæˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥åž‹ãŒå¼•æ•°ã¨ã—ã¦æŒ‡å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚有効ãªåž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™.MD5ã€SHAã€SHA256ã€SHA384ã€SHA3-224ã€SHA3-256ã€SHA3-384ã€SHA3-512 - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã™ã‚‹ã¨ãã«è¿”ã•れるã“ã¨ãŒã‚ã‚Šã€æŒ‡å®šã•れãŸã‚­ãƒ¼é•·ã¯æœ€å°è¨±å®¹FIPSè¦æ ¼ã‚ˆã‚Šã‚‚短ã„ã§ã™ã€‚ - \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªåž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™.MD5ã€SHAã€SHA256ã€SHA384ã€SHA3-224ã€SHA3-256ã€SHA3-384ã€SHA3-512 - \param inKey KDFã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inKeySz 入力キーã®é•·ã• - \param salt ä»»æ„ã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ソルトを使用ã—ãªã„å ´åˆã¯ä»£ã‚りã«NULLを使用ã—ã¦ãã ã•ã„ - \param saltSz ソルトã®é•·ã•。ソルトを使用ã—ãªã„å ´åˆã¯0を使用ã—ã¦ãã ã•ã„ - \param info オプションã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚追加情報を追加ã—ã¦ã„ãªã„å ´åˆã¯NULLを使用ã—ã¦ãã ã•ã„ - \param infoSz 追加情報ã®é•·ã•追加情報を使用ã—ãªã„å ´åˆã¯0を使用ã—ã¦ãã ã•ã„ - \param out 派生キーをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€HMACéµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ã‚ªãƒ—ションã®ã‚½ãƒ«ãƒˆã¨ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã®æƒ…報をå«ã‚€inKeyを導出éµã«å¤‰æ›ã—ã€outã«ä¿å­˜ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¯ã€0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れãŸå ´åˆã€ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ + + HMAC設定オプションã¯--enable-hmac(デフォルトã§ã‚ªãƒ³ï¼‰ã€ã¾ãŸã¯ã‚½ãƒ¼ã‚¹ã‚’直接ビルドã™ã‚‹å ´åˆã¯HAVE_HKDFã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param inKey KDFã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inKeySz 入力éµã®é•·ã•。 + \param salt オプションã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ソルトを使用ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param saltSz ソルトã®é•·ã•。ソルトを使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param info オプションã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚追加情報を追加ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param infoSz 追加情報ã®é•·ã•。追加情報を使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param out 導出éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outSz 生æˆã•れãŸéµã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã€‚ + _Example_ \code - byte key[] = { // initialize with key }; - byte salt[] = { // initialize with salt }; + byte key[] = { // éµã§åˆæœŸåŒ– }; + byte salt[] = { // ソルトã§åˆæœŸåŒ– }; byte derivedKey[MAX_DIGEST_SIZE]; - int ret = wc_HKDF(SHA512, key, sizeof(key), salt, sizeof(salt), + int ret = wc_HKDF(WC_SHA512, key, sizeof(key), salt, sizeof(salt), NULL, 0, derivedKey, sizeof(derivedKey)); if ( ret != 0 ) { - // error generating derived key + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_HmacSetKey */ int wc_HKDF(int type, const byte* inKey, word32 inKeySz, const byte* salt, word32 saltSz, const byte* info, word32 infoSz, byte* out, word32 outSz); + + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€HMACéµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ã‚ªãƒ—ションã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€inKeyを導出éµã«å¤‰æ›ã—ã€outã«ä¿å­˜ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¯ã€0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れãŸå ´åˆã€ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ + + HMAC設定オプションã¯--enable-hmac(デフォルトã§ã‚ªãƒ³ï¼‰ã€ã¾ãŸã¯ã‚½ãƒ¼ã‚¹ã‚’直接ビルドã™ã‚‹å ´åˆã¯HAVE_HKDFã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param salt オプションã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ソルトを使用ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param saltSz ソルトã®é•·ã•。ソルトを使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param inKey KDFã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inKeySz 入力éµã®é•·ã•。 + \param out 導出éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + byte key[] = { // éµã§åˆæœŸåŒ– }; + byte salt[] = { // ソルトã§åˆæœŸåŒ– }; + byte derivedKey[MAX_DIGEST_SIZE]; + + int ret = wc_HKDF_Extract(WC_SHA512, salt, sizeof(salt), key, sizeof(key), + derivedKey); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_HKDF_Expand_ex +*/ +int wc_HKDF_Extract( + int type, + const byte* salt, word32 saltSz, + const byte* inKey, word32 inKeySz, + byte* out); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€HMACéµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ã‚ªãƒ—ションã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€inKeyを導出éµã«å¤‰æ›ã—ã€outã«ä¿å­˜ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¯ã€0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れãŸå ´åˆã€ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ã“れã¯ã€ãƒ’ープヒントã¨ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ã‚’追加ã™ã‚‹_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ + + HMAC設定オプションã¯--enable-hmac(デフォルトã§ã‚ªãƒ³ï¼‰ã€ã¾ãŸã¯ã‚½ãƒ¼ã‚¹ã‚’直接ビルドã™ã‚‹å ´åˆã¯HAVE_HKDFã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param salt オプションã®ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ソルトを使用ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param saltSz ソルトã®é•·ã•。ソルトを使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param inKey KDFã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inKeySz 入力éµã®é•·ã•。 + \param out 導出éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ + + _Example_ + \code + byte key[] = { // éµã§åˆæœŸåŒ– }; + byte salt[] = { // ソルトã§åˆæœŸåŒ– }; + byte derivedKey[MAX_DIGEST_SIZE]; + + int ret = wc_HKDF_Extract_ex(WC_SHA512, salt, sizeof(salt), key, sizeof(key), + derivedKey, NULL, INVALID_DEVID); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Expand + \sa wc_HKDF_Expand_ex +*/ +int wc_HKDF_Extract_ex( + int type, + const byte* salt, word32 saltSz, + const byte* inKey, word32 inKeySz, + byte* out, + void* heap, int devId); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€HMACéµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã®æƒ…報をå«ã‚€inKeyを導出éµã«å¤‰æ›ã—ã€outã«ä¿å­˜ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¯ã€0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れãŸå ´åˆã€ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ + + HMAC設定オプションã¯--enable-hmac(デフォルトã§ã‚ªãƒ³ï¼‰ã€ã¾ãŸã¯ã‚½ãƒ¼ã‚¹ã‚’直接ビルドã™ã‚‹å ´åˆã¯HAVE_HKDFã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param inKey KDFã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inKeySz 入力éµã®é•·ã•。 + \param info オプションã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚追加情報を追加ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param infoSz 追加情報ã®é•·ã•。追加情報を使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param out 導出éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outSz 生æˆã•れãŸéµã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã€‚ + + _Example_ + \code + byte key[] = { // éµã§åˆæœŸåŒ– }; + byte salt[] = { // ソルトã§åˆæœŸåŒ– }; + byte derivedKey[MAX_DIGEST_SIZE]; + + int ret = wc_HKDF_Expand(WC_SHA512, key, sizeof(key), NULL, 0, + derivedKey, sizeof(derivedKey)); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand_ex +*/ +int wc_HKDF_Expand( + int type, + const byte* inKey, word32 inKeySz, + const byte* info, word32 infoSz, + byte* out, word32 outSz); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€HMACéµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚HMACを利用ã—ã¦ã€ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã®æƒ…報をå«ã‚€inKeyを導出éµã«å¤‰æ›ã—ã€outã«ä¿å­˜ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ã¯ã€0ã¾ãŸã¯NULLãŒæŒ‡å®šã•れãŸå ´åˆã€ãƒ‡ãƒ•ォルトã§MD5ã«ãªã‚Šã¾ã™ã€‚ã“れã¯ã€ãƒ’ープヒントã¨ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ã‚’追加ã™ã‚‹_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ + + HMAC設定オプションã¯--enable-hmac(デフォルトã§ã‚ªãƒ³ï¼‰ã€ã¾ãŸã¯ã‚½ãƒ¼ã‚¹ã‚’直接ビルドã™ã‚‹å ´åˆã¯HAVE_HKDFã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param type HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512。 + \param inKey KDFã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inKeySz 入力éµã®é•·ã•。 + \param info オプションã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚追加情報を追加ã—ãªã„å ´åˆã¯NULLを使用ã—ã¾ã™ã€‚ + \param infoSz 追加情報ã®é•·ã•。追加情報を使用ã—ãªã„å ´åˆã¯0を使用ã—ã¾ã™ã€‚ + \param out 導出éµã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outSz 生æˆã•れãŸéµã‚’ä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã€‚ + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ + + _Example_ + \code + byte key[] = { // éµã§åˆæœŸåŒ– }; + byte salt[] = { // ソルトã§åˆæœŸåŒ– }; + byte derivedKey[MAX_DIGEST_SIZE]; + + int ret = wc_HKDF_Expand_ex(WC_SHA512, key, sizeof(key), NULL, 0, + derivedKey, sizeof(derivedKey), NULL, INVALID_DEVID); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand +*/ +int wc_HKDF_Expand_ex( + int type, + const byte* inKey, word32 inKeySz, + const byte* info, word32 infoSz, + byte* out, word32 outSz, + void* heap, int devId); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3éµå°Žå‡ºã®ãŸã‚ã®RFC 5869 HMACベース抽出拡張éµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param prk 生æˆã•れãŸç–‘似ランダムéµã€‚ + \param salt ソルト。 + \param saltLen ソルトã®é•·ã•。 + \param ikm éµææ–™ã®å‡ºåŠ›ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ikmLen å…¥åŠ›éµææ–™ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param digest HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_SHA256ã€WC_SHA384ã€ã¾ãŸã¯WC_SHA512。 + + _Example_ + \code + byte secret[] = { // ランダムéµã§åˆæœŸåŒ– }; + byte salt[] = { // オプションã®ã‚½ãƒ«ãƒˆã§åˆæœŸåŒ– }; + byte masterSecret[MAX_DIGEST_SIZE]; + + int ret = wc_Tls13_HKDF_Extract(secret, salt, sizeof(salt), 0, + masterSecret, sizeof(masterSecret), WC_SHA512); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_Tls13_HKDF_Extract_ex +*/ +int wc_Tls13_HKDF_Extract( + byte* prk, + const byte* salt, word32 saltLen, + byte* ikm, word32 ikmLen, int digest); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3éµå°Žå‡ºã®ãŸã‚ã®RFC 5869 HMACベース抽出拡張éµå°Žå‡ºé–¢æ•°ï¼ˆHKDF)ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ã“れã¯ã€ãƒ’ープヒントã¨ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ã‚’追加ã™ã‚‹_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param prk 生æˆã•れãŸç–‘似ランダムéµã€‚ + \param salt ソルト。 + \param saltLen ソルトã®é•·ã•。 + \param ikm éµææ–™ã®å‡ºåŠ›ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ikmLen å…¥åŠ›éµææ–™ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param digest HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_SHA256ã€WC_SHA384ã€ã¾ãŸã¯WC_SHA512。 + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ + + _Example_ + \code + byte secret[] = { // ランダムéµã§åˆæœŸåŒ– }; + byte salt[] = { // オプションã®ã‚½ãƒ«ãƒˆã§åˆæœŸåŒ– }; + byte masterSecret[MAX_DIGEST_SIZE]; + + int ret = wc_Tls13_HKDF_Extract_ex(secret, salt, sizeof(salt), 0, + masterSecret, sizeof(masterSecret), WC_SHA512, NULL, INVALID_DEVID); + if ( ret != 0 ) { + // 導出éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_Tls13_HKDF_Extract +*/ +int wc_Tls13_HKDF_Extract_ex( + byte* prk, + const byte* salt, word32 saltLen, + byte* ikm, word32 ikmLen, int digest, + void* heap, int devId); + +/*! + \ingroup HMAC + + \brief HMACã€ã‚½ãƒ«ãƒˆã€ãƒ©ãƒ™ãƒ«ã€ãŠã‚ˆã³æƒ…報を使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’æ‹¡å¼µã—ã¾ã™ã€‚TLS v1.3ã¯éµå°Žå‡ºã®ãŸã‚ã«ã“ã®é–¢æ•°ã‚’定義ã—ã¦ã„ã¾ã™ã€‚ã“れã¯ã€ãƒ’ープヒントã¨ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ã‚’追加ã™ã‚‹_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param okm 生æˆã•れãŸç–‘ä¼¼ãƒ©ãƒ³ãƒ€ãƒ éµ - å‡ºåŠ›éµææ–™ã€‚ + \param okmLen 生æˆã•れãŸç–‘似ランダムéµã®é•·ã• - å‡ºåŠ›éµææ–™ã€‚ + \param prk ソルト - 疑似ランダムéµã€‚ + \param prkLen ソルトã®é•·ã• - 疑似ランダムéµã€‚ + \param protocol TLSプロトコルラベル。 + \param protocolLen TLSプロトコルラベルã®é•·ã•。 + \param info æ‹¡å¼µã™ã‚‹æƒ…報。 + \param infoLen 情報ã®é•·ã•。 + \param digest HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_SHA256ã€WC_SHA384ã€ã¾ãŸã¯WC_SHA512。 + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_Tls13_HKDF_Expand_Label + \sa wc_Tls13_HKDF_Expand_Label_Alloc +*/ +int wc_Tls13_HKDF_Expand_Label_ex( + byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, + const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, + const byte* info, word32 infoLen, + int digest, + void* heap, int devId); + +/*! + \ingroup HMAC + + \brief HMACã€ã‚½ãƒ«ãƒˆã€ãƒ©ãƒ™ãƒ«ã€ãŠã‚ˆã³æƒ…報を使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’æ‹¡å¼µã—ã¾ã™ã€‚TLS v1.3ã¯éµå°Žå‡ºã®ãŸã‚ã«ã“ã®é–¢æ•°ã‚’定義ã—ã¦ã„ã¾ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param okm 生æˆã•れãŸç–‘ä¼¼ãƒ©ãƒ³ãƒ€ãƒ éµ - å‡ºåŠ›éµææ–™ã€‚ + \param okmLen 生æˆã•れãŸç–‘似ランダムéµã®é•·ã• - å‡ºåŠ›éµææ–™ã€‚ + \param prk ソルト - 疑似ランダムéµã€‚ + \param prkLen ソルトã®é•·ã• - 疑似ランダムéµã€‚ + \param protocol TLSプロトコルラベル。 + \param protocolLen TLSプロトコルラベルã®é•·ã•。 + \param info æ‹¡å¼µã™ã‚‹æƒ…報。 + \param infoLen 情報ã®é•·ã•。 + \param digest HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_SHA256ã€WC_SHA384ã€ã¾ãŸã¯WC_SHA512。 + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_Tls13_HKDF_Expand_Label_ex + \sa wc_Tls13_HKDF_Expand_Label_Alloc +*/ +int wc_Tls13_HKDF_Expand_Label( + byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, + const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, + const byte* info, word32 infoLen, + int digest); + +/*! + \ingroup HMAC + + \brief ã“ã®é–¢æ•°ã¯wc_Tls13_HKDF_Expand_Label()ã¨éžå¸¸ã«ä¼¼ã¦ã„ã¾ã™ãŒã€é€šå¸¸ä½¿ç”¨ã•れるスタックスペースãŒå分ã§ãªã„å ´åˆã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¾ã™ã€‚HMACã€ã‚½ãƒ«ãƒˆã€ãƒ©ãƒ™ãƒ«ã€ãŠã‚ˆã³æƒ…報を使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’æ‹¡å¼µã—ã¾ã™ã€‚TLS v1.3ã¯éµå°Žå‡ºã®ãŸã‚ã«ã“ã®é–¢æ•°ã‚’定義ã—ã¦ã„ã¾ã™ã€‚ã“れã¯ã€ãƒ’ープヒントã¨ãƒ‡ãƒã‚¤ã‚¹è­˜åˆ¥å­ã‚’追加ã™ã‚‹_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ + + \return 0 指定ã•れãŸå…¥åŠ›ã§éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ï¼ˆtypeパラメータをå‚照)。 + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return HMAC_MIN_KEYLEN_E FIPS実装を使用ã—ã¦ã„ã¦ã€æŒ‡å®šã•れãŸéµã®é•·ã•ãŒæœ€å°è¨±å®¹FIPS標準より短ã„å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param okm 生æˆã•れãŸç–‘ä¼¼ãƒ©ãƒ³ãƒ€ãƒ éµ - å‡ºåŠ›éµææ–™ã€‚ + \param okmLen 生æˆã•れãŸç–‘似ランダムéµã®é•·ã• - å‡ºåŠ›éµææ–™ã€‚ + \param prk ソルト - 疑似ランダムéµã€‚ + \param prkLen ソルトã®é•·ã• - 疑似ランダムéµã€‚ + \param protocol TLSプロトコルラベル。 + \param protocolLen TLSプロトコルラベルã®é•·ã•。 + \param info æ‹¡å¼µã™ã‚‹æƒ…報。 + \param infoLen 情報ã®é•·ã•。 + \param digest HKDFã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。有効ãªã‚¿ã‚¤ãƒ—ã¯ï¼šWC_SHA256ã€WC_SHA384ã€ã¾ãŸã¯WC_SHA512。 + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + + \sa wc_HKDF + \sa wc_HKDF_Extract + \sa wc_HKDF_Extract_ex + \sa wc_HKDF_Expand + \sa wc_Tls13_HKDF_Expand_Label + \sa wc_Tls13_HKDF_Expand_Label_ex +*/ +int wc_Tls13_HKDF_Expand_Label_Alloc( + byte* okm, word32 okmLen, + const byte* prk, word32 prkLen, + const byte* protocol, word32 protocolLen, + const byte* label, word32 labelLen, + const byte* info, word32 infoLen, + int digest, void* heap); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/iotsafe.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/iotsafe.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/iotsafe.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/iotsafe.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,8 +1,11 @@ /*! \ingroup IoTSafe - \brief ã“ã®é–¢æ•°ã¯ä¸Žãˆã‚‰ã‚ŒãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ã®IoTセーフサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¾ã™ã€‚ - \param ctx IOTセーフサãƒãƒ¼ãƒˆã‚’有効ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚‹WOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \return 0 æˆåŠŸã—㟠+ \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§IoT-Safeサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¾ã™ã€‚ + + \param ctx IoT-safeサãƒãƒ¼ãƒˆã‚’有効ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚‹WOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return 0 æˆåŠŸæ™‚ + \return WC_HW_E ãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã‚¨ãƒ©ãƒ¼æ™‚ + _Example_ \code WOLFSSL_CTX *ctx; @@ -11,6 +14,7 @@ return NULL; wolfSSL_CTX_iotsafe_enable(ctx); \endcode + \sa wolfSSL_iotsafe_on \sa wolfIoTSafe_SetCSIM_read_cb \sa wolfIoTSafe_SetCSIM_write_cb @@ -20,33 +24,38 @@ /*! \ingroup IoTSafe - \brief ã“ã®é–¢æ•°ã¯ã€IOT-SAFE TLSコールãƒãƒƒã‚¯ã‚’特定ã®SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã«æŽ¥ç¶šã—ã¾ã™ã€‚ - \brief スロットã®IDãŒ1ãƒã‚¤ãƒˆã®é•·ã•ã®å ´åˆã€SSLセッションをIoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æŽ¥ç¶šã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚IOTセーフスロットã®IDãŒ2ãƒã‚¤ãƒˆä»¥ä¸Šã®å ´åˆã€\ REF WOLFSSL_IOTSAFE_ON_EX「WOLFSSL_IOTSAFE_ON_EX()ã€ã‚’使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param ssl コールãƒãƒƒã‚¯ãŒæœ‰åйã«ãªã‚‹WolfSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param privkey_id ホストã®ç§˜å¯†éµã‚’å«ã‚€IOTセーフãªã‚¢ãƒ—レットスロットã®ID - \param ecdh_keypair_slot ECDHéµãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®IoT安全アプレットスロットã®ID - \param peer_pubkey_slot ECDH用ã®ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®IOT-SAFEアプレットスロットã®ID - \param peer_cert_slot 検証ã®ãŸã‚ã®ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®IOTセーフãªã‚¢ãƒ—レットスロットã®ID - \return 0 æˆåŠŸã™ã‚‹ã¨ - \return NOT_COMPILED_IN habe_pk_callbacksãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆ + \brief ã“ã®é–¢æ•°ã¯ã€IoT-Safe TLSコールãƒãƒƒã‚¯ã‚’指定ã•れãŸSSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã«æŽ¥ç¶šã—ã¾ã™ã€‚ + \brief ã“れã¯ã€ã‚¹ãƒ­ãƒƒãƒˆã®IDãŒ1ãƒã‚¤ãƒˆé•·ã®å ´åˆã«SSLセッションをIoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æŽ¥ç¶šã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + IoT-SAFEスロットã®IDãŒ2ãƒã‚¤ãƒˆä»¥ä¸Šã®å ´åˆã¯ã€ä»£ã‚りã«\ref wolfSSL_iotsafe_on_ex "wolfSSL_iotsafe_on_ex()"を使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \param ssl コールãƒãƒƒã‚¯ãŒæœ‰åйã«ãªã‚‹WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param privkey_id ホストã®ç§˜å¯†éµã‚’å«ã‚€iot-safeアプレットスロットã®ID + \param ecdh_keypair_slot ECDHéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®ID + \param peer_pubkey_slot ECDH用ã«ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®ID + \param peer_cert_slot 検証用ã«ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®ID + \return 0 æˆåŠŸæ™‚ + \return NOT_COMPILED_IN HAVE_PK_CALLBACKSãŒç„¡åйãªå ´åˆ + \return BAD_FUNC_ARG sslãƒã‚¤ãƒ³ã‚¿ãŒç„¡åйãªå ´åˆ + _Example_ \code - // Define key ids for IoT-Safe + // IoT-Safe用ã®éµIDを定義 #define PRIVKEY_ID 0x02 #define ECDH_KEYPAIR_ID 0x03 #define PEER_PUBKEY_ID 0x04 #define PEER_CERT_ID 0x05 - // Create new ssl session + // æ–°ã—ã„sslã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä½œæˆ WOLFSSL *ssl; ssl = wolfSSL_new(ctx); if (!ssl) return NULL; - // Enable IoT-Safe and associate key slots + // IoT-Safeを有効ã«ã—ã¦éµã‚¹ãƒ­ãƒƒãƒˆã‚’関連付㑠ret = wolfSSL_CTX_iotsafe_enable(ctx); if (ret == 0) { ret = wolfSSL_iotsafe_on(ssl, PRIVKEY_ID, ECDH_KEYPAIR_ID, PEER_PUBKEY_ID, PEER_CERT_ID); } \endcode + \sa wolfSSL_iotsafe_on_ex \sa wolfSSL_CTX_iotsafe_enable */ @@ -56,18 +65,23 @@ /*! \ingroup IoTSafe - \brief ã“ã®é–¢æ•°ã¯ã€IOT-SAFE TLSコールãƒãƒƒã‚¯ã‚’特定ã®SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã«æŽ¥ç¶šã—ã¾ã™ã€‚ã“れã¯ã€IOTセーフスロットã®IDã‚’å‚ç…§ã§æ¸¡ã™ã“ã¨ãŒã§ãã€IDフィールドã®é•·ã•をパラメータ "id_size"ã§æŒ‡å®šã§ãã¾ã™ã€‚ - \param ssl コールãƒãƒƒã‚¯ãŒæœ‰åйã«ãªã‚‹WolfSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param privkey_id ホストã®ç§˜å¯†éµã‚’å«ã‚€IoTセーフアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ecdh_keypair_slot ECDHéµãƒšã‚¢ã‚’ä¿å­˜ã™ã‚‹IOT-Safeアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param peer_pubkey_slot ECDH用ã®ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹IOTセーフアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param peer_cert_slot 検証ã®ãŸã‚ã«ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®IOT-SAFEアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param id_size å„スロットIDã®ã‚µã‚¤ã‚º - \return 0 æˆåŠŸã™ã‚‹ã¨ - \return NOT_COMPILED_IN habe_pk_callbacksãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆ + \brief ã“ã®é–¢æ•°ã¯ã€IoT-Safe TLSコールãƒãƒƒã‚¯ã‚’指定ã•れãŸSSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã«æŽ¥ç¶šã—ã¾ã™ã€‚ + ã“れã¯\ref wolfSSL_iotsafe_on "wolfSSL_iotsafe_on"ã¨åŒç­‰ã§ã™ãŒã€IoT-SAFEスロットã®IDã‚’å‚照渡ã—ã§ãã€IDフィールドã®é•·ã•をパラメータ"id_size"ã§æŒ‡å®šã§ãる点ãŒç•°ãªã‚Šã¾ã™ã€‚ + + + \param ssl コールãƒãƒƒã‚¯ãŒæœ‰åйã«ãªã‚‹WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param privkey_id ホストã®ç§˜å¯†éµã‚’å«ã‚€iot-safeアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ecdh_keypair_slot ECDHéµãƒšã‚¢ã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param peer_pubkey_slot ECDH用ã«ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param peer_cert_slot 検証用ã«ä»–ã®ã‚¨ãƒ³ãƒ‰ãƒã‚¤ãƒ³ãƒˆã®å…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹iot-safeアプレットスロットã®IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id_size å„スロットIDã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸæ™‚ + \return NOT_COMPILED_IN HAVE_PK_CALLBACKSãŒç„¡åйãªå ´åˆ + \return BAD_FUNC_ARG sslãƒã‚¤ãƒ³ã‚¿ãŒç„¡åйãªå ´åˆ + _Example_ \code - // Define key ids for IoT-Safe (16 bit, little endian) + // IoT-Safe用ã®éµIDを定義(16ビットã€ãƒªãƒˆãƒ«ã‚¨ãƒ³ãƒ‡ã‚£ã‚¢ãƒ³) #define PRIVKEY_ID 0x0201 #define ECDH_KEYPAIR_ID 0x0301 #define PEER_PUBKEY_ID 0x0401 @@ -81,17 +95,18 @@ - // Create new ssl session + // æ–°ã—ã„sslã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä½œæˆ WOLFSSL *ssl; ssl = wolfSSL_new(ctx); if (!ssl) return NULL; - // Enable IoT-Safe and associate key slots + // IoT-Safeを有効ã«ã—ã¦éµã‚¹ãƒ­ãƒƒãƒˆã‚’関連付㑠ret = wolfSSL_CTX_iotsafe_enable(ctx); if (ret == 0) { ret = wolfSSL_CTX_iotsafe_on_ex(ssl, &privkey, &ecdh_keypair, &peer_pubkey, &peer_cert, ID_SIZE); } \endcode + \sa wolfSSL_iotsafe_on \sa wolfSSL_CTX_iotsafe_enable */ @@ -101,29 +116,35 @@ /*! \ingroup IoTSafe - \brief AT + CSIMコマンドã®ãƒªãƒ¼ãƒ‰ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’関連付ã‘ã¾ã™ã€‚ã“ã®å…¥åŠ›é–¢æ•°ã¯é€šå¸¸ã€ãƒ¢ãƒ‡ãƒ ã¨é€šä¿¡ã™ã‚‹UARTãƒãƒ£ãƒãƒ«ã®èª­ã¿å–りイベントã«é–¢é€£ä»˜ã‘られã¦ã„ã¾ã™ã€‚読ã¿å–りコールãƒãƒƒã‚¯ãŒé–¢é€£ä»˜ã‘られã¦ã„ã‚‹ã®ã¯ã€åŒæ™‚ã«IoT-Safeサãƒãƒ¼ãƒˆã‚’使用ã™ã‚‹ã™ã¹ã¦ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ã¨å¤‰æ›´ã§ã™ã€‚ + \brief AT+CSIMコマンド用ã®èª­ã¿å–りコールãƒãƒƒã‚¯ã‚’関連付ã‘ã¾ã™ã€‚ã“ã®å…¥åŠ›é–¢æ•°ã¯é€šå¸¸ã€ãƒ¢ãƒ‡ãƒ ã¨é€šä¿¡ã™ã‚‹UARTãƒãƒ£ãƒãƒ«ã®èª­ã¿å–りイベントã«é–¢é€£ä»˜ã‘られã¾ã™ã€‚関連付ã‘られる読ã¿å–りコールãƒãƒƒã‚¯ã¯ã‚°ãƒ­ãƒ¼ãƒãƒ«ã§ã€åŒæ™‚ã«IoT-safeサãƒãƒ¼ãƒˆã‚’使用ã™ã‚‹ã™ã¹ã¦ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«å¯¾ã—ã¦å¤‰æ›´ã•れã¾ã™ã€‚ + \param rf UART読ã¿å–りイベントã«é–¢é€£ä»˜ã‘られる読ã¿å–りコールãƒãƒƒã‚¯ã€‚コールãƒãƒƒã‚¯é–¢æ•°ã¯2ã¤ã®å¼•æ•°(bufã€len)ã‚’å—ã‘å–りã€lenã¾ã§èª­ã¿å–ã‚‰ã‚ŒãŸæ–‡å­—æ•°ã‚’è¿”ã—ã¾ã™ã€‚改行文字ã«é­é‡ã™ã‚‹ã¨ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã“れã¾ã§ã«å—ä¿¡ã—ãŸæ–‡å­—æ•°(改行文字をå«ã‚€)ã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code - // USART read function, defined elsewhere + // USART読ã¿å–り関数ã€ä»–ã®å ´æ‰€ã§å®šç¾© int usart_read(char *buf, int len); wolfIoTSafe_SetCSIM_read_cb(usart_read); \endcode + \sa wolfIoTSafe_SetCSIM_write_cb */ void wolfIoTSafe_SetCSIM_read_cb(wolfSSL_IOTSafe_CSIM_read_cb rf); /*! \ingroup IoTSafe - \brief AT + CSIMã‚³ãƒžãƒ³ãƒ‰ã®æ›¸ãè¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’関連付ã‘ã¾ã™ã€‚ã“ã®å‡ºåŠ›é–¢æ•°ã¯é€šå¸¸ã€ãƒ¢ãƒ‡ãƒ ã¨é€šä¿¡ã™ã‚‹UARTãƒãƒ£ãƒãƒ«ä¸Šã®ãƒ©ã‚¤ãƒˆã‚¤ãƒ™ãƒ³ãƒˆã«é–¢é€£ä»˜ã‘られã¦ã„ã¾ã™ã€‚Write CallbackãŒé–¢é€£ä»˜ã‘られã¦ã„ã‚‹ã®ã¯ã€åŒæ™‚ã«IoT-Safeサãƒãƒ¼ãƒˆã‚’使用ã™ã‚‹ã™ã¹ã¦ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ã¨å¤‰æ›´ã§ã™ã€‚ + \brief AT+CSIMã‚³ãƒžãƒ³ãƒ‰ç”¨ã®æ›¸ãè¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’関連付ã‘ã¾ã™ã€‚ã“ã®å‡ºåŠ›é–¢æ•°ã¯é€šå¸¸ã€ãƒ¢ãƒ‡ãƒ ã¨é€šä¿¡ã™ã‚‹UARTãƒãƒ£ãƒãƒ«ã®æ›¸ãè¾¼ã¿ã‚¤ãƒ™ãƒ³ãƒˆã«é–¢é€£ä»˜ã‘られã¾ã™ã€‚関連付ã‘られる書ãè¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã‚°ãƒ­ãƒ¼ãƒãƒ«ã§ã€åŒæ™‚ã«IoT-safeサãƒãƒ¼ãƒˆã‚’使用ã™ã‚‹ã™ã¹ã¦ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«å¯¾ã—ã¦å¤‰æ›´ã•れã¾ã™ã€‚ + \param rf UART書ãè¾¼ã¿ã‚¤ãƒ™ãƒ³ãƒˆã«é–¢é€£ä»˜ã‘られる書ãè¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã€‚コールãƒãƒƒã‚¯é–¢æ•°ã¯2ã¤ã®å¼•æ•°(bufã€len)ã‚’å—ã‘å–りã€lenã¾ã§æ›¸ãè¾¼ã¾ã‚ŒãŸæ–‡å­—æ•°ã‚’è¿”ã—ã¾ã™ã€‚ + _Example_ \code - // USART write function, defined elsewhere + // USART書ãè¾¼ã¿é–¢æ•°ã€ä»–ã®å ´æ‰€ã§å®šç¾© int usart_write(const char *buf, int len); wolfIoTSafe_SetCSIM_write_cb(usart_write); \endcode + \sa wolfIoTSafe_SetCSIM_read_cb */ void wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf); @@ -132,25 +153,31 @@ /*! \ingroup IoTSafe - \brief IOTセーフ機能getrandomを使用ã—ã¦ã€æŒ‡å®šã•れãŸã‚µã‚¤ã‚ºã®ãƒ©ãƒ³ãƒ€ãƒ ãªãƒãƒƒãƒ•ァを生æˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WolfCrypt RNGオブジェクトã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \param out ランダムãªãƒã‚¤ãƒˆã‚·ãƒ¼ã‚±ãƒ³ã‚¹ãŒæ ¼ç´ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ァ。 - \param sz 生æˆã™ã‚‹ãƒ©ãƒ³ãƒ€ãƒ ã‚·ãƒ¼ã‚±ãƒ³ã‚¹ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ + \brief IoT-Safe関数GetRandomを使用ã—ã¦ã€æŒ‡å®šã•れãŸã‚µã‚¤ã‚ºã®ãƒ©ãƒ³ãƒ€ãƒ ãƒãƒƒãƒ•ァを生æˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wolfCrypt RNGオブジェクトã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \param out ランダムãªãƒã‚¤ãƒˆã‚·ãƒ¼ã‚±ãƒ³ã‚¹ãŒæ ¼ç´ã•れるãƒãƒƒãƒ•ァ。 + \param sz 生æˆã™ã‚‹ãƒ©ãƒ³ãƒ€ãƒ ã‚·ãƒ¼ã‚±ãƒ³ã‚¹ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + \return 0 æˆåŠŸæ™‚ + */ int wolfIoTSafe_GetRandom(unsigned char* out, word32 sz); /*! \ingroup IoTSafe - \brief IOT-Safeアプレット上ã®ãƒ•ァイルã«ä¿å­˜ã•れã¦ã„る証明書をインãƒãƒ¼ãƒˆã—ã€ãƒ­ãƒ¼ã‚«ãƒ«ã«ãƒ¡ãƒ¢ãƒªã«ä¿å­˜ã—ã¾ã™ã€‚1ãƒã‚¤ãƒˆã®ãƒ•ァイルIDフィールドã§å‹•作ã—ã¾ã™ã€‚ - \param id 証明書ãŒä¿å­˜ã•れã¦ã„ã‚‹IOTセーフ・アプレットã®ãƒ•ァイルID - \param output 証明書ãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れるãƒãƒƒãƒ•ァー - \param sz ãƒãƒƒãƒ•ァ出力ã§ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚º - \return the 輸入ã•れãŸè¨¼æ˜Žæ›¸ã®é•·ã• + \brief IoT-Safeアプレット上ã®ãƒ•ァイルã«ä¿å­˜ã•れã¦ã„る証明書をインãƒãƒ¼ãƒˆã—ã€ãƒ¡ãƒ¢ãƒªå†…ã«ãƒ­ãƒ¼ã‚«ãƒ«ã«ä¿å­˜ã—ã¾ã™ã€‚1ãƒã‚¤ãƒˆã®ãƒ•ァイルIDフィールドã§å‹•作ã—ã¾ã™ã€‚ + + \param id 証明書ãŒä¿å­˜ã•れã¦ã„ã‚‹IoT-Safeアプレット内ã®ãƒ•ァイルID + \param output 証明書ãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れるãƒãƒƒãƒ•ã‚¡ + \param sz ãƒãƒƒãƒ•ã‚¡outputã§åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚º + \return インãƒãƒ¼ãƒˆã•れãŸè¨¼æ˜Žæ›¸ã®é•·ã• + \return < 0 失敗ã®å ´åˆ + _Example_ \code #define CRT_CLIENT_FILE_ID 0x03 unsigned char cert_buffer[2048]; - // Get the certificate into the buffer + // 証明書をãƒãƒƒãƒ•ã‚¡ã«å–å¾— cert_buffer_size = wolfIoTSafe_GetCert(CRT_CLIENT_FILE_ID, cert_buffer, 2048); if (cert_buffer_size < 1) { printf("Bad cli cert\n"); @@ -158,7 +185,7 @@ } printf("Loaded Client certificate from IoT-Safe, size = %lu\n", cert_buffer_size); - // Use the certificate buffer as identity for the TLS client context + // TLSクライアントコンテキストã®ã‚¢ã‚¤ãƒ‡ãƒ³ãƒ†ã‚£ãƒ†ã‚£ã¨ã—ã¦è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァを使用 if (wolfSSL_CTX_use_certificate_buffer(cli_ctx, cert_buffer, cert_buffer_size, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { printf("Cannot load client cert\n"); @@ -166,173 +193,204 @@ } printf("Client certificate successfully imported.\n"); \endcode -*/ -int wolfIoTSafe_GetCert(uint8_t id, unsigned char *output, unsigned long sz); +*/ +int wolfIoTSafe_GetCert(byte id, unsigned char *output, unsigned long sz); /*! \ingroup IoTSafe - \brief IOT-Safeアプレット上ã®ãƒ•ァイルã«ä¿å­˜ã•れã¦ã„る証明書をインãƒãƒ¼ãƒˆã—ã€ãƒ­ãƒ¼ã‚«ãƒ«ã«ãƒ¡ãƒ¢ãƒªã«ä¿å­˜ã—ã¾ã™ã€‚\ ref wolfiotsafe_getcert "wolfiotsafe_getcert"ã¨åŒç­‰ã§ã™ã€‚ãŸã ã—ã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ãƒ•ァイルIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param id 証明書ãŒä¿å­˜ã•れã¦ã„ã‚‹IOT-SAFEアプレットã®ãƒ•ァイルIDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param id_sz ファイルIDã®ã‚µã‚¤ã‚ºï¼šãƒã‚¤ãƒˆæ•° - \param output 証明書ãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れるãƒãƒƒãƒ•ァー - \param sz ãƒãƒƒãƒ•ァ出力ã§ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚º - \return the 輸入ã•れãŸè¨¼æ˜Žæ›¸ã®é•·ã• - _Example_ - \code - #define CRT_CLIENT_FILE_ID 0x0302 - #define ID_SIZE (sizeof(word16)) - unsigned char cert_buffer[2048]; - word16 client_file_id = CRT_CLIENT_FILE_ID; + \brief IoT-Safeアプレット上ã®ãƒ•ァイルã«ä¿å­˜ã•れã¦ã„る証明書をインãƒãƒ¼ãƒˆã—ã€ãƒ¡ãƒ¢ãƒªå†…ã«ãƒ­ãƒ¼ã‚«ãƒ«ã«ä¿å­˜ã—ã¾ã™ã€‚\ref wolfIoTSafe_GetCert "wolfIoTSafe_GetCert"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ãƒ•ァイルIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + \param id 証明書ãŒä¿å­˜ã•れã¦ã„ã‚‹IoT-Safeアプレット内ã®ãƒ•ァイルIDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id_sz ファイルIDã®ã‚µã‚¤ã‚º + \param output 証明書ãŒã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れるãƒãƒƒãƒ•ã‚¡ + \param sz ãƒãƒƒãƒ•ã‚¡outputã§åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚º + \return インãƒãƒ¼ãƒˆã•れãŸè¨¼æ˜Žæ›¸ã®é•·ã• + \return < 0 失敗ã®å ´åˆ + _Example_ + \code - // Get the certificate into the buffer - cert_buffer_size = wolfIoTSafe_GetCert_ex(&client_file_id, ID_SIZE, cert_buffer, 2048); - if (cert_buffer_size < 1) { - printf("Bad cli cert\n"); - return -1; - } - printf("Loaded Client certificate from IoT-Safe, size = %lu\n", cert_buffer_size); - - // Use the certificate buffer as identity for the TLS client context - if (wolfSSL_CTX_use_certificate_buffer(cli_ctx, cert_buffer, - cert_buffer_size, SSL_FILETYPE_ASN1) != SSL_SUCCESS) { - printf("Cannot load client cert\n"); - return -1; - } - printf("Client certificate successfully imported.\n"); \endcode + */ int wolfIoTSafe_GetCert_ex(uint8_t *id, uint16_t id_sz, unsigned char *output, unsigned long sz); /*! \ingroup IoTSafe - \brief IOTã‚»ãƒ¼ãƒ•ã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æ ¼ç´ã•れã¦ã„ã‚‹ECC 256ビットã®å…¬é–‹éµã‚’ECC_Keyオブジェクトã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \param key IOT-SAFEアプレットã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れãŸã‚­ãƒ¼ã‚’å«ã‚€ECC_KEYオブジェクト - \param id 公開éµãŒä¿å­˜ã•れã¦ã„ã‚‹IOTセーフアプレットã®ã‚­ãƒ¼ID - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief IoT-Safeアプレットã«ä¿å­˜ã•れã¦ã„ã‚‹ECC 256ビット公開éµã‚’ecc_keyオブジェクトã«ã‚¤ãƒ³ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \param key IoT-Safeアプレットã‹ã‚‰ã‚¤ãƒ³ãƒãƒ¼ãƒˆã•れãŸéµã‚’å«ã‚€ecc_keyオブジェクト + \param id 公開éµãŒä¿å­˜ã•れã¦ã„ã‚‹IoT-Safeアプレット内ã®éµID + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + + \sa wc_iotsafe_ecc_export_public \sa wc_iotsafe_ecc_export_private + */ int wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id); /*! \ingroup IoTSafe - \brief ECC_KEYオブジェクトã‹ã‚‰IOT-SAFEアプレットã¸ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªãƒ‘ブリックキースロットã«ECC 256ビット公開éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト - \param id 公開éµãŒä¿å­˜ã•れã¦ã„ã‚‹IOTセーフアプレットã®ã‚­ãƒ¼ID - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビット公開éµã‚’ecc_keyオブジェクトã‹ã‚‰IoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆå†…ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªå…¬é–‹éµã‚¹ãƒ­ãƒƒãƒˆã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト + \param id 公開éµãŒä¿å­˜ã•れるIoT-Safeアプレット内ã®éµID + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + + \sa wc_iotsafe_ecc_import_public_ex \sa wc_iotsafe_ecc_export_private + */ int wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id); /*! \ingroup IoTSafe - \brief ECC_KEYオブジェクトã‹ã‚‰IOT-SAFEアプレットã¸ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªãƒ‘ブリックキースロットã«ECC 256ビット公開éµã‚’エクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚\ ref WC_IOTSAFE_ECC_IMPORT_PUBLIC「WC_IOTSAFE_ECC_IMPORT_PUBLICã€ã¨åŒç­‰ã®ã‚‚ã®ã¯ã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ã‚­ãƒ¼IDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãる点を除ãã¾ã™ã€‚ - \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト - \param id 公開éµãŒä¿å­˜ã•れるIOTセーフアプレットã®ã‚­ãƒ¼IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param id_size キーIDサイズ - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビット公開éµã‚’ecc_keyオブジェクトã‹ã‚‰IoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆå†…ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªå…¬é–‹éµã‚¹ãƒ­ãƒƒãƒˆã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + \ref wc_iotsafe_ecc_import_public "wc_iotsafe_ecc_import_public"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®éµIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト + \param id 公開éµãŒä¿å­˜ã•れるIoT-Safeアプレット内ã®éµIDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id_size éµIDã®ã‚µã‚¤ã‚º + + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + + \sa wc_iotsafe_ecc_import_public \sa wc_iotsafe_ecc_export_private + */ int wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size); /*! \ingroup IoTSafe - \brief ECC 256ビットキーをECC_KEYオブジェクトã‹ã‚‰IOTã‚»ãƒ¼ãƒ•ã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æ›¸ãè¾¼ã¿å¯èƒ½ãªãƒ—ライベートキースロットã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト - \param id 秘密éµãŒä¿å­˜ã•れるIOTセーフアプレットã®ã‚­ãƒ¼ID - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビットéµã‚’ecc_keyオブジェクトã‹ã‚‰IoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆå†…ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªç§˜å¯†éµã‚¹ãƒ­ãƒƒãƒˆã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト + \param id 秘密éµãŒä¿å­˜ã•れるIoT-Safeアプレット内ã®éµID + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + + \sa wc_iotsafe_ecc_export_private_ex \sa wc_iotsafe_ecc_import_public \sa wc_iotsafe_ecc_export_public + */ int wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id); /*! \ingroup IoTSafe - \brief ECC 256ビットキーをECC_KEYオブジェクトã‹ã‚‰IOTã‚»ãƒ¼ãƒ•ã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æ›¸ãè¾¼ã¿å¯èƒ½ãªãƒ—ライベートキースロットã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚\ ref WC_IOTSAFE_ECC_EXPORT_PRIVATE「WC_IOTSAFE_ECC_EXPORT_PRIVATEã€ã‚’除ãã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ã‚­ãƒ¼IDを呼ã³å‡ºã™ã“ã¨ãŒã§ãる点を除ã〠- \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト - \param id 秘密éµãŒä¿å­˜ã•れるIOTセーフアプレットã®ã‚­ãƒ¼IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param id_size キーIDサイズ - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビットéµã‚’ecc_keyオブジェクトã‹ã‚‰IoT-Safeã‚¢ãƒ—ãƒ¬ãƒƒãƒˆå†…ã®æ›¸ãè¾¼ã¿å¯èƒ½ãªç§˜å¯†éµã‚¹ãƒ­ãƒƒãƒˆã«ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + \ref wc_iotsafe_ecc_export_private "wc_iotsafe_ecc_export_private"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®éµIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \param key エクスãƒãƒ¼ãƒˆã™ã‚‹éµã‚’å«ã‚€ecc_keyオブジェクト + \param id 秘密éµãŒä¿å­˜ã•れるIoT-Safeアプレット内ã®éµIDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id_size éµIDã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + + \sa wc_iotsafe_ecc_export_private \sa wc_iotsafe_ecc_import_public \sa wc_iotsafe_ecc_export_public + */ int wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size); /*! \ingroup IoTSafe - \brief 事å‰è¨ˆç®—ã•れãŸ256ビットãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¦ã€IOT-SAFEアプレットã«ã€ä»¥å‰ã«ä¿å­˜ã•れãŸãƒ—ライベートキーã€ã¾ãŸã¯ãƒ—リプロビジョニングã•れã¦ã„ã¾ã™ã€‚ - \param in サインã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param out 生æˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ - \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚ãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ - \param id メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒšã‚¤ãƒ­ãƒ¼ãƒ‰ã«ç½²åã™ã‚‹ãŸã‚ã®ç§˜å¯†éµã‚’å«ã‚€ã‚¹ãƒ­ãƒƒãƒˆã®IOTセーフアプレットã®ã‚­ãƒ¼ID - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief IoT-Safeアプレット内ã«äº‹å‰ã«ä¿å­˜ã¾ãŸã¯äº‹å‰ãƒ—ロビジョニングã•れãŸç§˜å¯†éµã‚’使用ã—ã¦ã€äº‹å‰è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¾ã™ã€‚ + + \param in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã®é•·ã• + \param out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ + \param id ペイロードã«ç½²åã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ã‚¹ãƒ­ãƒƒãƒˆã®IoT-Safeアプレット内ã®éµID + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + \sa wc_iotsafe_ecc_sign_hash_ex \sa wc_iotsafe_ecc_verify_hash \sa wc_iotsafe_ecc_gen_k + */ int wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id); /*! \ingroup IoTSafe - \brief 事å‰è¨ˆç®—ã•れãŸ256ビットãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¦ã€IOT-SAFEアプレットã«ã€ä»¥å‰ã«ä¿å­˜ã•れãŸãƒ—ライベートキーã€ã¾ãŸã¯ãƒ—リプロビジョニングã•れã¦ã„ã¾ã™ã€‚\ ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash"ã¨åŒç­‰ã§ã™ã€‚ãŸã ã—ã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ã‚­ãƒ¼IDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param in サインã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param out 生æˆã•れãŸç½²åã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ - \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚ãƒã‚¤ãƒˆã‚’ä¿å­˜ã—ã¾ã™ - \param id 秘密éµã‚’å«ã‚€ã‚¹ãƒ­ãƒƒãƒˆã®IOT-SAFEアプレットã®ã‚­ãƒ¼IDã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ç½²åã®ç”Ÿæˆã«æˆåŠŸã—ãŸã¨ãã«æ›¸ãè¾¼ã¾ã‚Œã‚‹ãƒšã‚¤ãƒ­ãƒ¼ãƒ‰ã«ç½²åã™ã‚‹ - \param id_size キーIDサイズ - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief IoT-Safeアプレット内ã«äº‹å‰ã«ä¿å­˜ã¾ãŸã¯äº‹å‰ãƒ—ロビジョニングã•れãŸç§˜å¯†éµã‚’使用ã—ã¦ã€äº‹å‰è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¾ã™ã€‚\ref wc_iotsafe_ecc_sign_hash "wc_iotsafe_ecc_sign_hash"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®éµIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \param in ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inlen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã®é•·ã• + \param out 生æˆã•れãŸç½²åã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param outlen 出力ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§é•·ã€‚メッセージ署åã®ç”Ÿæˆã«æˆåŠŸã™ã‚‹ã¨ã€outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’æ ¼ç´ã—ã¾ã™ + \param id ペイロードã«ç½²åã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ã‚¹ãƒ­ãƒƒãƒˆã®IoT-Safeアプレット内ã®éµIDã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id_size éµIDã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆ + \sa wc_iotsafe_ecc_sign_hash \sa wc_iotsafe_ecc_verify_hash \sa wc_iotsafe_ecc_gen_k + */ int wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size); /*! \ingroup IoTSafe - \brief 予ã‚計算ã•れãŸ256ビットãƒãƒƒã‚·ãƒ¥ã«å¯¾ã™ã‚‹ECCã‚·ã‚°ãƒãƒãƒ£ã‚’ã€IOT-SAFEアプレット内ã®ãƒ—リプロビジョニングã€ã¾ãŸã¯ãƒ—ロビジョニングã•れãŸãƒ—リプロビジョニングを使用ã—ã¾ã™ã€‚çµæžœã¯RESã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ãŒæœ‰åйã§ã€0ãŒç„¡åйã§ã™ã€‚注:有効ãªãƒ†ã‚¹ãƒˆã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。Resã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。 - \return 0 æˆåŠŸã™ã‚‹ã¨ï¼ˆç½²åãŒç„¡åйã§ã‚ã£ã¦ã‚‚) - \return < æ•…éšœã®å ´åˆã¯0 + \brief IoT-Safeアプレット内ã«äº‹å‰ã«ä¿å­˜ã¾ãŸã¯äº‹å‰ãƒ—ロビジョニングã•れãŸå…¬é–‹éµã‚’使用ã—ã¦ã€äº‹å‰è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã«å¯¾ã™ã‚‹ECCç½²åを検証ã—ã¾ã™ã€‚çµæžœã¯resã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ã¯æœ‰åйã€0ã¯ç„¡åйã§ã™ã€‚ + 注æ„: 有効性をテストã™ã‚‹ãŸã‚ã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。resã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。 + + \return 0 æˆåŠŸæ™‚(ç½²åãŒæœ‰åйã§ãªã„å ´åˆã§ã‚‚) + \return < 0 失敗ã®å ´åˆã€‚ + \param sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ - \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥ï¼ˆãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆï¼‰ - \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) - \param res ç½²åã®çµæžœã€1 ==有効ã€0 ==無効 + \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥(メッセージダイジェスト) + \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) + \param res ç½²åã®çµæžœã€1==有効ã€0==無効 + \param key_id IoT-Safeアプレット内ã«å…¬é–‹ECCéµãŒä¿å­˜ã•れã¦ã„るスロットã®ID + \sa wc_iotsafe_ecc_verify_hash_ex \sa wc_iotsafe_ecc_sign_hash \sa wc_iotsafe_ecc_gen_k + */ int wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id); /*! \ingroup IoTSafe - \brief 予ã‚計算ã•れãŸ256ビットãƒãƒƒã‚·ãƒ¥ã«å¯¾ã™ã‚‹ECCã‚·ã‚°ãƒãƒãƒ£ã‚’ã€IOT-SAFEアプレット内ã®ãƒ—リプロビジョニングã€ã¾ãŸã¯ãƒ—ロビジョニングã•れãŸãƒ—リプロビジョニングを使用ã—ã¾ã™ã€‚çµæžœã¯RESã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ãŒæœ‰åйã§ã€0ãŒç„¡åйã§ã™ã€‚注:有効ãªãƒ†ã‚¹ãƒˆã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。Resã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。\ ref WC_IOTSAFE_ECC_VERIFY_HASH "WC_IOTSAFE_ECC_VERIFY_HASH"を除ãã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ã‚­ãƒ¼IDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãる点を除ãã¾ã™ã€‚ - \return 0 æˆåŠŸã™ã‚‹ã¨ï¼ˆç½²åãŒç„¡åйã§ã‚ã£ã¦ã‚‚) - \return < æ•…éšœã®å ´åˆã¯0 + \brief IoT-Safeアプレット内ã«äº‹å‰ã«ä¿å­˜ã¾ãŸã¯äº‹å‰ãƒ—ロビジョニングã•れãŸå…¬é–‹éµã‚’使用ã—ã¦ã€äº‹å‰è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã«å¯¾ã™ã‚‹ECCç½²åを検証ã—ã¾ã™ã€‚çµæžœã¯resã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚1ã¯æœ‰åйã€0ã¯ç„¡åйã§ã™ã€‚ + 注æ„: 有効性をテストã™ã‚‹ãŸã‚ã«æˆ»ã‚Šå€¤ã‚’使用ã—ãªã„ã§ãã ã•ã„。resã®ã¿ã‚’使用ã—ã¦ãã ã•ã„。 + \ref wc_iotsafe_ecc_verify_hash "wc_iotsafe_ecc_verify_hash"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®éµIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚(ç½²åãŒæœ‰åйã§ãªã„å ´åˆã§ã‚‚) + \return < 0 失敗ã®å ´åˆã€‚ + \param sig 検証ã™ã‚‹ç½²åã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ - \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥ï¼ˆãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆï¼‰ - \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) - \param res ç½²åã®çµæžœã€1 ==有効ã€0 ==無効 - \param key_id パブリックECCキーãŒIOTセーフアプレットã«ä¿å­˜ã•れã¦ã„るスロットã®ID + \param hash ç½²åã•れãŸãƒãƒƒã‚·ãƒ¥(メッセージダイジェスト) + \param hashlen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•(オクテット) + \param res ç½²åã®çµæžœã€1==有効ã€0==無効 + \param key_id IoT-Safeアプレット内ã«å…¬é–‹ECCéµãŒä¿å­˜ã•れã¦ã„るスロットã®ID + \param id_size éµIDã®ã‚µã‚¤ã‚º + \sa wc_iotsafe_ecc_verify_hash \sa wc_iotsafe_ecc_sign_hash \sa wc_iotsafe_ecc_gen_k + */ int wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size); /*! \ingroup IoTSafe - \brief ECC 256ビットã®ã‚­ãƒ¼ãƒšã‚¢ã‚’生æˆã—ã€ãれを(書ãè¾¼ã¿å¯èƒ½ãªï¼‰ã‚¹ãƒ­ãƒƒãƒˆã«IOTセーフãªã‚¢ãƒ—レットã«ä¿å­˜ã—ã¾ã™ã€‚ - \param key_id ECCキーペアãŒIOTã‚»ãƒ¼ãƒ•ã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æ ¼ç´ã•れã¦ã„るスロットã®ID。 - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビットéµãƒšã‚¢ã‚’生æˆã—ã€IoT-Safeアプレット内ã®(書ãè¾¼ã¿å¯èƒ½ãª)スロットã«ä¿å­˜ã—ã¾ã™ã€‚ + \param key_id IoT-Safeアプレット内ã«ECCéµãƒšã‚¢ãŒä¿å­˜ã•れã¦ã„るスロットã®ID。 + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆã€‚ + \sa wc_iotsafe_ecc_gen_k_ex \sa wc_iotsafe_ecc_sign_hash \sa wc_iotsafe_ecc_verify_hash @@ -341,10 +399,13 @@ /*! \ingroup IoTSafe - \brief ECC 256ビットã®ã‚­ãƒ¼ãƒšã‚¢ã‚’生æˆã—ã€ãれを(書ãè¾¼ã¿å¯èƒ½ãªï¼‰ã‚¹ãƒ­ãƒƒãƒˆã«IOTセーフãªã‚¢ãƒ—レットã«ä¿å­˜ã—ã¾ã™ã€‚\ ref wc_iotsafe_ecc_gen_k "wc_iotsafe_ecc_gen_k"ã¨åŒç­‰ã§ã™ã€‚ãŸã ã—ã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®ã‚­ãƒ¼IDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param key_id ECCキーペアãŒIOTã‚»ãƒ¼ãƒ•ã‚¢ãƒ—ãƒ¬ãƒƒãƒˆã«æ ¼ç´ã•れã¦ã„るスロットã®ID。 - \param id_size キーIDサイズ - \return 0 æˆåŠŸã™ã‚‹ã¨ + \brief ECC 256ビットéµãƒšã‚¢ã‚’生æˆã—ã€IoT-Safeアプレット内ã®(書ãè¾¼ã¿å¯èƒ½ãª)スロットã«ä¿å­˜ã—ã¾ã™ã€‚ + \ref wc_iotsafe_ecc_gen_k "wc_iotsafe_ecc_gen_k"ã¨åŒç­‰ã§ã™ãŒã€2ãƒã‚¤ãƒˆä»¥ä¸Šã®éµIDã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + \param key_id IoT-Safeアプレット内ã«ECCéµãƒšã‚¢ãŒä¿å­˜ã•れã¦ã„るスロットã®ID。 + \param id_size éµIDã®ã‚µã‚¤ã‚º + \return 0 æˆåŠŸæ™‚ + \return < 0 失敗ã®å ´åˆã€‚ + \sa wc_iotsafe_ecc_gen_k \sa wc_iotsafe_ecc_sign_hash_ex \sa wc_iotsafe_ecc_verify_hash_ex diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/kdf.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/kdf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/kdf.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/kdf.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,258 @@ +/*! + \ingroup SrtpKdf + + \brief ã“ã®é–¢æ•°ã¯SRTP KDFアルゴリズムを使用ã—ã¦éµã‚’導出ã—ã¾ã™ã€‚ + + \return 0 éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯saltãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG éµã®é•·ã•ãŒ16ã€24ã€ã¾ãŸã¯32ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG saltSzãŒ14より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG kdrIdxãŒ-1未満ã¾ãŸã¯24より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ã®å¤±æ•—時。 + + \param [in] key æš—å·åŒ–ã§ä½¿ç”¨ã™ã‚‹éµã€‚ + \param [in] keySz éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] salt ランダムãªéžç§˜å¯†å€¤ã€‚ + \param [in] saltSz ランダム値ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] kdrIdx éµå°Žå‡ºçŽ‡ã€‚-1ã®å ´åˆkdr = 0ã€ãれ以外ã®å ´åˆkdr = 2^kdrIdx。 + \param [in] idx XORã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹å€¤ã€‚ + \param [out] key1 最åˆã®éµã€‚ラベル値ã¯0x00。 + \param [in] key1Sz 最åˆã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] key2 2番目ã®éµã€‚ラベル値ã¯0x01。 + \param [in] key2Sz 2番目ã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] key3 3番目ã®éµã€‚ラベル値ã¯0x02。 + \param [in] key3Sz 3番目ã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + + + _Example_ + \code + unsigned char key[16] = { ... }; + unsigned char salt[14] = { ... }; + unsigned char idx[6] = { ... }; + unsigned char keyE[16]; + unsigned char keyA[20]; + unsigned char keyS[14]; + int kdrIdx = 0; // インデックスã®ã™ã¹ã¦ã‚’使用 + int ret; + + ret = wc_SRTP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx, + keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS)); + if (ret != 0) { + WOLFSSL_MSG("wc_SRTP_KDF failed"); + } + \endcode + + \sa wc_SRTCP_KDF + \sa wc_SRTP_KDF_label + \sa wc_SRTCP_KDF_label + \sa wc_SRTP_KDF_kdr_to_idx +*/ +int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, + int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, + word32 key2Sz, byte* key3, word32 key3Sz); + +/*! + \ingroup SrtpKdf + + \brief ã“ã®é–¢æ•°ã¯SRTCP KDFアルゴリズムを使用ã—ã¦éµã‚’導出ã—ã¾ã™ã€‚ + + \return 0 éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯saltãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG éµã®é•·ã•ãŒ16ã€24ã€ã¾ãŸã¯32ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG saltSzãŒ14より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG kdrIdxãŒ-1未満ã¾ãŸã¯24より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ã®å¤±æ•—時。 + + \param [in] key æš—å·åŒ–ã§ä½¿ç”¨ã™ã‚‹éµã€‚ + \param [in] keySz éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] salt ランダムãªéžç§˜å¯†å€¤ã€‚ + \param [in] saltSz ランダム値ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] kdrIdx éµå°Žå‡ºçŽ‡ã€‚-1ã®å ´åˆkdr = 0ã€ãれ以外ã®å ´åˆkdr = 2^kdrIdx。 + \param [in] idx XORã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹å€¤ã€‚ + \param [out] key1 最åˆã®éµã€‚ラベル値ã¯0x00。 + \param [in] key1Sz 最åˆã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] key2 2番目ã®éµã€‚ラベル値ã¯0x01。 + \param [in] key2Sz 2番目ã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] key3 3番目ã®éµã€‚ラベル値ã¯0x02。 + \param [in] key3Sz 3番目ã®éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + + + _Example_ + \code + unsigned char key[16] = { ... }; + unsigned char salt[14] = { ... }; + unsigned char idx[4] = { ... }; + unsigned char keyE[16]; + unsigned char keyA[20]; + unsigned char keyS[14]; + int kdrIdx = 0; // インデックスã®ã™ã¹ã¦ã‚’使用 + int ret; + + ret = wc_SRTCP_KDF(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx, + keyE, sizeof(keyE), keyA, sizeof(keyA), keyS, sizeof(keyS)); + if (ret != 0) { + WOLFSSL_MSG("wc_SRTP_KDF failed"); + } + \endcode + + \sa wc_SRTP_KDF + \sa wc_SRTP_KDF_label + \sa wc_SRTCP_KDF_label + \sa wc_SRTP_KDF_kdr_to_idx +*/ +int wc_SRTCP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz, + int kdrIdx, const byte* idx, byte* key1, word32 key1Sz, byte* key2, + word32 key2Sz, byte* key3, word32 key3Sz); +/*! + \ingroup SrtpKdf + + \brief ã“ã®é–¢æ•°ã¯SRTP KDFアルゴリズムを使用ã—ã¦ãƒ©ãƒ™ãƒ«ä»˜ãã®éµã‚’導出ã—ã¾ã™ã€‚ + + \return 0 éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã€saltã€ã¾ãŸã¯outKeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG éµã®é•·ã•ãŒ16ã€24ã€ã¾ãŸã¯32ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG saltSzãŒ14より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG kdrIdxãŒ-1未満ã¾ãŸã¯24より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ã®å¤±æ•—時。 + + \param [in] key æš—å·åŒ–ã§ä½¿ç”¨ã™ã‚‹éµã€‚ + \param [in] keySz éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] salt ランダムãªéžç§˜å¯†å€¤ã€‚ + \param [in] saltSz ランダム値ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] kdrIdx éµå°Žå‡ºçŽ‡ã€‚-1ã®å ´åˆkdr = 0ã€ãれ以外ã®å ´åˆkdr = 2^kdrIdx。 + \param [in] idx XORã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹å€¤ã€‚ + \param [in] label éµã‚’導出ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ãƒ©ãƒ™ãƒ«ã€‚ + \param [out] outKey 導出ã•れãŸéµã€‚ + \param [in] outKeySz 導出ã•れãŸéµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + + + _Example_ + \code + unsigned char key[16] = { ... }; + unsigned char salt[14] = { ... }; + unsigned char idx[6] = { ... }; + unsigned char keyE[16]; + int kdrIdx = 0; // インデックスã®ã™ã¹ã¦ã‚’使用 + int ret; + + ret = wc_SRTP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx, idx, + WC_SRTP_LABEL_ENCRYPTION, keyE, sizeof(keyE)); + if (ret != 0) { + WOLFSSL_MSG("wc_SRTP_KDF failed"); + } + \endcode + + \sa wc_SRTP_KDF + \sa wc_SRTCP_KDF + \sa wc_SRTCP_KDF_label + \sa wc_SRTP_KDF_kdr_to_idx +*/ +int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt, + word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, + word32 outKeySz); +/*! + \ingroup SrtpKdf + + \brief ã“ã®é–¢æ•°ã¯SRTCP KDFアルゴリズムを使用ã—ã¦ãƒ©ãƒ™ãƒ«ä»˜ãã®éµã‚’導出ã—ã¾ã™ã€‚ + + \return 0 éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG keyã€saltã€ã¾ãŸã¯outKeyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG éµã®é•·ã•ãŒ16ã€24ã€ã¾ãŸã¯32ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG saltSzãŒ14より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG kdrIdxãŒ-1未満ã¾ãŸã¯24より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ã®å¤±æ•—時。 + + \param [in] key æš—å·åŒ–ã§ä½¿ç”¨ã™ã‚‹éµã€‚ + \param [in] keySz éµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] salt ランダムãªéžç§˜å¯†å€¤ã€‚ + \param [in] saltSz ランダム値ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [in] kdrIdx éµå°Žå‡ºçŽ‡ã€‚-1ã®å ´åˆkdr = 0ã€ãれ以外ã®å ´åˆkdr = 2^kdrIdx。 + \param [in] idx XORã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹å€¤ã€‚ + \param [in] label éµã‚’導出ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ãƒ©ãƒ™ãƒ«ã€‚ + \param [out] outKey 導出ã•れãŸéµã€‚ + \param [in] outKeySz 導出ã•れãŸéµã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + + + _Example_ + \code + unsigned char key[16] = { ... }; + unsigned char salt[14] = { ... }; + unsigned char idx[4] = { ... }; + unsigned char keyE[16]; + int kdrIdx = 0; // インデックスã®ã™ã¹ã¦ã‚’使用 + int ret; + + ret = wc_SRTCP_KDF_label(key, sizeof(key), salt, sizeof(salt), kdrIdx, + idx, WC_SRTCP_LABEL_ENCRYPTION, keyE, sizeof(keyE)); + if (ret != 0) { + WOLFSSL_MSG("wc_SRTP_KDF failed"); + } + \endcode + + \sa wc_SRTP_KDF + \sa wc_SRTCP_KDF + \sa wc_SRTP_KDF_label + \sa wc_SRTP_KDF_kdr_to_idx +*/ +int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt, + word32 saltSz, int kdrIdx, const byte* idx, byte label, byte* outKey, + word32 outKeySz); +/*! + \ingroup SrtpKdf + + \brief ã“ã®é–¢æ•°ã¯kdr値をSRTP/SRTCP KDF APIã§ä½¿ç”¨ã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«å¤‰æ›ã—ã¾ã™ã€‚ + + \return インデックスã¨ã—ã¦ã®éµå°Žå‡ºçŽ‡ã€‚ + + \param [in] kdr 変æ›ã™ã‚‹éµå°Žå‡ºçŽ‡ã€‚ + + _Example_ + \code + word32 kdr = 0x00000010; + int kdrIdx; + int ret; + + kdrIdx = wc_SRTP_KDF_kdr_to_idx(kdr); + \endcode + + \sa wc_SRTP_KDF + \sa wc_SRTCP_KDF + \sa wc_SRTP_KDF_label + \sa wc_SRTCP_KDF_label +*/ +int wc_SRTP_KDF_kdr_to_idx(word32 kdr); + +/** + * \brief SP800-56Cオプション1ã§è¦å®šã•れã¦ã„ã‚‹å˜ä¸€ã‚¹ãƒ†ãƒƒãƒ—éµå°Žå‡ºé–¢æ•°(KDF)を実行ã—ã¾ã™ã€‚ + * + * \param [in] z å…¥åŠ›éµææ–™ã€‚ + * \param [in] zSz å…¥åŠ›éµææ–™ã®ã‚µã‚¤ã‚ºã€‚ + * \param [in] fixedInfo KDFã«å«ã‚る固定情報。 + * \param [in] fixedInfoSz 固定情報ã®ã‚µã‚¤ã‚ºã€‚ + * \param [in] derivedSecretSz 導出ã•れる秘密ã®å¸Œæœ›ã‚µã‚¤ã‚ºã€‚ + * \param [in] hashType KDFã§ä½¿ç”¨ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + * \param [out] output 導出ã•れãŸç§˜å¯†ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + * \param [in] outputSz 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + * + + * \return 0 KDFæ“ä½œãŒæˆåŠŸã—ãŸå ´åˆã€ + * \return BAD_FUNC_ARG 入力パラメータãŒç„¡åйãªå ´åˆã€‚ + * \return è² ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ KDFæ“作ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + * + * _Example_ + \code + unsigned char z[32] = { ... }; + unsigned char fixedInfo[16] = { ... }; + unsigned char output[32]; + int ret; + + ret = wc_KDA_KDF_onestep(z, sizeof(z), fixedInfo, sizeof(fixedInfo), + sizeof(output), WC_HASH_TYPE_SHA256, output, sizeof(output)); + if (ret != 0) { + WOLFSSL_MSG("wc_KDA_KDF_onestep failed"); + } + \endcode + */ +int wc_KDA_KDF_onestep(const byte* z, word32 zSz, + const byte* fixedInfo, word32 fixedInfoSz, word32 derivedSecretSz, + enum wc_HashType hashType, byte* output, word32 outputSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/logging.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/logging.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/logging.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/logging.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,23 +1,30 @@ /*! \ingroup Logging - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSLログメッセージを処ç†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるロギングコールãƒãƒƒã‚¯ã‚’登録ã—ã¾ã™ã€‚デフォルトã§ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ãŒIT fprintf()をSTDERRã«ã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã¯ã€ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã‚ˆã£ã¦ä½•ã§ã‚‚実行ã§ãã¾ã™ã€‚ - \return Success æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯0ã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLログメッセージを処ç†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるロギングコールãƒãƒƒã‚¯ã‚’登録ã—ã¾ã™ã€‚デフォルトã§ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ãŒã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã€stderrã¸ã®fprintf()ãŒä½¿ç”¨ã•れã¾ã™ãŒã€ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã“ã¨ã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ä»»æ„ã®å‡¦ç†ã‚’行ã†ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \param log_function ロギングコールãƒãƒƒã‚¯ã¨ã—ã¦ç™»éŒ²ã™ã‚‹é–¢æ•°ã€‚ + 関数シグãƒãƒãƒ£ã¯ä¸Šè¨˜ã®ãƒ—ロトタイプã«å¾“ã†å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code int ret = 0; - // Logging callback prototype + // ロギングコールãƒãƒƒã‚¯ã®ãƒ—ロトタイプ void MyLoggingCallback(const int logLevel, const char* const logMessage); - // Register the custom logging callback with wolfSSL + // カスタムロギングコールãƒãƒƒã‚¯ã‚’wolfSSLã«ç™»éŒ² ret = wolfSSL_SetLoggingCb(MyLoggingCallback); if (ret != 0) { - // failed to set logging callback + // ロギングコールãƒãƒƒã‚¯ã®è¨­å®šã«å¤±æ•— } void MyLoggingCallback(const int logLevel, const char* const logMessage) { - // custom logging function + // カスタムロギング関数 } \endcode + \sa wolfSSL_Debugging_ON \sa wolfSSL_Debugging_OFF */ @@ -25,13 +32,19 @@ /*! \ingroup Debug - \brief ビルド時ã«ãƒ­ã‚®ãƒ³ã‚°ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯å®Ÿè¡Œæ™‚ã«ãƒ­ã‚®ãƒ³ã‚°ã‚’オンã«ã—ã¾ã™ã€‚ビルド時ã«ãƒ­ã‚°è¨˜éŒ²ã‚’有効ã«ã™ã‚‹ã«ã¯--enable-debugã¾ãŸã¯debug_wolfsslを定義ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã™ã‚‹ã¨ã€‚ - \return NOT_COMPILED_IN ã“ã®ãƒ“ルドã«å¯¾ã—ã¦ãƒ­ã‚®ãƒ³ã‚°ãŒæœ‰åйã«ãªã£ã¦ã„ãªã„å ´åˆã¯è¿”ã•れるエラーã§ã™ã€‚ + + \brief ビルド時ã«ãƒ­ã‚®ãƒ³ã‚°ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯å®Ÿè¡Œæ™‚ã«ãƒ­ã‚®ãƒ³ã‚°ã‚’有効ã«ã—ã¾ã™ã€‚ビルド時ã«ãƒ­ã‚®ãƒ³ã‚°ã‚’有効ã«ã™ã‚‹ã«ã¯ã€--enable-debugを使用ã™ã‚‹ã‹ã€DEBUG_WOLFSSLを定義ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return NOT_COMPILED_IN ã“ã®ãƒ“ルドã§ãƒ­ã‚®ãƒ³ã‚°ãŒæœ‰åйã«ãªã£ã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code wolfSSL_Debugging_ON(); \endcode + \sa wolfSSL_Debugging_OFF \sa wolfSSL_SetLoggingCb */ @@ -39,12 +52,18 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ãƒ©ãƒ³ã‚¿ã‚¤ãƒ ãƒ­ã‚®ãƒ³ã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’オフã«ã—ã¾ã™ã€‚彼らãŒã™ã§ã«æ¶ˆãˆã¦ã„ã‚‹å ´åˆã¯ã€è¡Œå‹•ã¯ã¨ã‚‰ã‚Œã¾ã›ã‚“。 - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å®Ÿè¡Œæ™‚ã®ãƒ­ã‚®ãƒ³ã‚°ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’無効ã«ã—ã¾ã™ã€‚æ—¢ã«ç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ä½•も行ã‚れã¾ã›ã‚“。 + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 + _Example_ \code wolfSSL_Debugging_OFF(); \endcode + \sa wolfSSL_Debugging_ON \sa wolfSSL_SetLoggingCb */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md2.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md2.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup MD2 - \brief ã“ã®é–¢æ•°ã¯MD2ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_MD2HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯md2ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Md2Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param md2 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md2構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code md2 md2[1]; @@ -13,22 +18,28 @@ wc_Md2Final(md2, hash); } \endcode + \sa wc_Md2Hash \sa wc_Md2Update \sa wc_Md2Final */ -void wc_InitMd2(Md2*); +void wc_InitMd2(wc_Md2* md2); /*! \ingroup MD2 - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param md2 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD2構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md2 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md2構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code md2 md2[1]; - byte data[] = { }; // Data to be hashed + byte data[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ word32 len = sizeof(data); if ((ret = wc_InitMd2(md2)) != 0) { @@ -39,21 +50,27 @@ wc_Md2Final(md2, hash); } \endcode + \sa wc_Md2Hash \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Update(Md2* md2, const byte* data, word32 len); +void wc_Md2Update(wc_Md2* md2, const byte* data, word32 len); /*! \ingroup MD2 - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param md2 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD2構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md2 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md2構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code md2 md2[1]; - byte data[] = { }; // Data to be hashed + byte data[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ word32 len = sizeof(data); if ((ret = wc_InitMd2(md2)) != 0) { @@ -64,23 +81,30 @@ wc_Md2Final(md2, hash); } \endcode + \sa wc_Md2Hash \sa wc_Md2Final \sa wc_InitMd2 */ -void wc_Md2Final(Md2* md2, byte* hash); +void wc_Md2Final(wc_Md2* md2, byte* hash); /*! \ingroup MD2 - \brief 利便性機能ã¯ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã—ã€ãã®çµæžœã‚’ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã¾ã™ã€‚ - \return 0 データを正常ã«ãƒãƒƒã‚·ãƒ¥ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã€å°ã•ãªã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã ã‘ã§ã™ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ - \param len データã®é•·ã• + + \brief 便利ãªé–¢æ•°ã§ã€ã™ã¹ã¦ã®ãƒãƒƒã‚·ãƒ¥åŒ–を処ç†ã—ã€çµæžœã‚’hashã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 データã®ãƒãƒƒã‚·ãƒ¥åŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return Memory_E メモリエラーã€ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れã¯ã‚¹ãƒ¢ãƒ¼ãƒ«ã‚¹ã‚¿ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã«ã®ã¿ç™ºç”Ÿã—ã¾ã™ã€‚ + + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param len データã®é•·ã• + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code none \endcode + \sa wc_Md2Hash \sa wc_Md2Final \sa wc_InitMd2 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md4.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md4.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup MD4 - \brief ã“ã®é–¢æ•°ã¯MD4ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_MD4HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯md4ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Md4Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param md4 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md4構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code md4 md4[1]; @@ -13,22 +18,28 @@ wc_Md4Final(md4, hash); } \endcode + \sa wc_Md4Hash \sa wc_Md4Update \sa wc_Md4Final */ -void wc_InitMd4(Md4*); +void wc_InitMd4(wc_Md4* md4); /*! \ingroup MD4 - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param md4 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD4構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md4 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md4構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code md4 md4[1]; - byte data[] = { }; // Data to be hashed + byte data[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ word32 len = sizeof(data); if ((ret = wc_InitMd4(md4)) != 0) { @@ -39,17 +50,23 @@ wc_Md4Final(md4, hash); } \endcode + \sa wc_Md4Hash \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Update(Md4* md4, const byte* data, word32 len); +void wc_Md4Update(wc_Md4* md4, const byte* data, word32 len); /*! \ingroup MD4 - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param md4 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD4構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md4 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md4構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code md4 md4[1]; @@ -61,8 +78,9 @@ wc_Md4Final(md4, hash); } \endcode + \sa wc_Md4Hash \sa wc_Md4Final \sa wc_InitMd4 */ -void wc_Md4Final(Md4* md4, byte* hash); +void wc_Md4Final(wc_Md4* md4, byte* hash); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md5.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md5.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/md5.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,8 +1,13 @@ /*! \ingroup MD5 - \brief ã“ã®é–¢æ•°ã¯MD5ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_MD5HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG MD5構造ãŒNULL値ã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯md5ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Md5Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 正常ã«åˆæœŸåŒ–ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG Md5構造体ãŒNULL値ã¨ã—ã¦æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md5構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Md5 md5; @@ -13,31 +18,37 @@ else { ret = wc_Md5Update(&md5, data, len); if (ret != 0) { - // Md5 Update Failure Case. + // Md5 Update失敗ã®ã‚±ãƒ¼ã‚¹ã€‚ } ret = wc_Md5Final(&md5, hash); if (ret != 0) { - // Md5 Final Failure Case. + // Md5 Final失敗ã®ã‚±ãƒ¼ã‚¹ã€‚ } } \endcode + \sa wc_Md5Hash \sa wc_Md5Update \sa wc_Md5Final */ -int wc_InitMd5(wc_Md5*); +int wc_InitMd5(wc_Md5* md5); /*! \ingroup MD5 - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG MD5構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯ãƒ‡ãƒ¼ã‚¿ãŒNULLã§ã€LENãŒã‚¼ãƒ­ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚DATAパラメーターãŒNULLã§LENãŒã‚¼ãƒ­ã®å ´åˆã€é–¢æ•°ã¯ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¦ã¯ã„ã‘ã¾ã›ã‚“。 - \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD5構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG Md5構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯dataãŒNULLã§lenãŒã‚¼ãƒ­ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚dataパラメータãŒNULLã§lenãŒã‚¼ãƒ­ã®å ´åˆã€é–¢æ•°ã¯ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã™ã¹ãã§ã¯ã‚りã¾ã›ã‚“。 + + \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md5構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code Md5 md5; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitMd5(&md5)) != 0) { @@ -46,14 +57,15 @@ else { ret = wc_Md5Update(&md5, data, len); if (ret != 0) { - // Md5 Update Error Case. + // Md5 Updateエラーã®ã‚±ãƒ¼ã‚¹ã€‚ } ret = wc_Md5Final(&md5, hash); if (ret != 0) { - // Md5 Final Error Case. + // Md5 Finalエラーã®ã‚±ãƒ¼ã‚¹ã€‚ } } \endcode + \sa wc_Md5Hash \sa wc_Md5Final \sa wc_InitMd5 @@ -62,14 +74,19 @@ /*! \ingroup MD5 - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚MD5構造体ãŒãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚注:ã“ã®é–¢æ•°ã¯ã€habe_intel_qaãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«intelqasymmd5()を呼ã³å‡ºã™çµæžœã‚‚è¿”ã—ã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG MD5構造ã¾ãŸã¯ãƒãƒƒã‚·ãƒ¥ãƒã‚¤ãƒ³ã‚¿ãŒNULLã§æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD5構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚Md5構造体ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚注æ„:ã“ã®é–¢æ•°ã¯ã€HAVE_INTEL_QAãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«IntelQaSymMd5()を呼ã³å‡ºã—ãŸçµæžœã‚‚è¿”ã—ã¾ã™ã€‚ + + \return 0 正常ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG Md5構造体ã¾ãŸã¯hashãƒã‚¤ãƒ³ã‚¿ãŒNULLã§æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md5構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code md5 md5[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitMd5(md5)) != 0) { @@ -78,14 +95,15 @@ else { ret = wc_Md5Update(md5, data, len); if (ret != 0) { - // Md5 Update Failure Case. + // Md5 Update失敗ã®ã‚±ãƒ¼ã‚¹ã€‚ } ret = wc_Md5Final(md5, hash); if (ret != 0) { - // Md5 Final Failure Case. + // Md5 Final失敗ã®ã‚±ãƒ¼ã‚¹ã€‚ } } \endcode + \sa wc_Md5Hash \sa wc_InitMd5 \sa wc_Md5GetHash @@ -94,12 +112,17 @@ /*! \ingroup MD5 - \brief MD5構造をリセットã—ã¾ã™ã€‚注:ã“れã¯ã€wolfssl_ti_hashãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief Md5構造体をリセットã—ã¾ã™ã€‚注æ„:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param md5 リセットã™ã‚‹Md5構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code Md5 md5; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitMd5(&md5)) != 0) { @@ -111,17 +134,23 @@ wc_Md5Free(&md5); } \endcode + \sa wc_InitMd5 \sa wc_Md5Update \sa wc_Md5Final */ -void wc_Md5Free(wc_Md5*); +void wc_Md5Free(wc_Md5* md5); /*! \ingroup MD5 - \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚MD5構造ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã›ã‚“。 - \return none ã„ã„ãˆãƒªã‚¿ãƒ¼ãƒ³ - \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹MD5構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚Md5構造体ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã›ã‚“。 + + \return none 戻り値ãªã— + + \param md5 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹md5構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code md5 md5[1]; @@ -133,6 +162,7 @@ wc_Md5GetHash(md5, hash); } \endcode + \sa wc_Md5Hash \sa wc_Md5Final \sa wc_InitMd5 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/memory.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/memory.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/memory.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/memory.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,14 +1,21 @@ /*! \ingroup Memory - \brief ã“ã®é–¢æ•°ã¯malloc()ã¨ä¼¼ã¦ã„ã¾ã™ãŒã€WolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«æ§‹æˆã•れã¦ã„るメモリ割り当ã¦é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€WolfSSLã¯malloc()を使用ã—ã¾ã™ã€‚ã“れã¯ã€WolfSSLメモリ抽象化レイヤを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfssl_setAllocator()をå‚ç…§ã—ã¦ãã ã•ã„。注WOLFSSL_MALLOCã¯ã€WOLFSSLã«ã‚ˆã£ã¦ç›´æŽ¥å‘¼ã³å‡ºã•れã¾ã›ã‚“ãŒã€ä»£ã‚りã«Macro XMallocã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚デフォルトã®ãƒ“ルドã®å ´åˆã€size引数ã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚wolfssl_static_memoryビルドを使用ã™ã‚‹å ´åˆã¯ã€ãƒ’ープã¨ã‚¿ã‚¤ãƒ—引数ãŒå«ã¾ã‚Œã¾ã™ã€‚ - \return pointer æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return error エラーãŒã‚ã‚‹å ´åˆã¯ã€NULLãŒè¿”ã•れã¾ã™ã€‚ - \param size 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆï¼‰ - \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ントヒント。nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯malloc()ã«ä¼¼ã¦ã„ã¾ã™ãŒã€wolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れãŸãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€wolfSSLã¯malloc()を使用ã—ã¾ã™ã€‚ã“れã¯wolfSSLメモリ抽象化レイヤーを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfSSL_SetAllocators()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。wolfSSL_Mallocã¯ç›´æŽ¥wolfSSLã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã®ã§ã¯ãªãã€ä»£ã‚りã«ãƒžã‚¯ãƒ­XMALLOCã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 + デフォルトã®ãƒ“ルドã§ã¯ã€sizeパラメータã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚WOLFSSL_STATIC_MEMORYビルドを使用ã—ã¦ã„ã‚‹å ´åˆã¯ã€heapã¨typeパラメータãŒå«ã¾ã‚Œã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return error エラーãŒã‚ã‚‹å ´åˆã€NULLãŒè¿”ã•れã¾ã™ã€‚ + + \param size 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚ºã€‚ + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param type 動的タイプ(types.hã®DYNAMIC_TYPE_リストをå‚照)。 + _Example_ \code int* tenInts = (int*)wolfSSL_Malloc(sizeof(int)*10); \endcode + \sa wolfSSL_Free \sa wolfSSL_Realloc \sa wolfSSL_SetAllocators @@ -20,19 +27,26 @@ /*! \ingroup Memory - \brief ã“ã®é–¢æ•°ã¯free()ã¨ä¼¼ã¦ã„ã¾ã™ãŒã€WolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«æ§‹æˆã•れã¦ã„るメモリフリー機能を呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€WolfSSLã¯free()を使用ã—ã¾ã™ã€‚ã“れã¯ã€WolfSSLメモリ抽象化レイヤを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfssl_setAllocator()をå‚ç…§ã—ã¦ãã ã•ã„。注WOLFSSL_FREEã¯WOLFSSLã«ã‚ˆã£ã¦ç›´æŽ¥å‘¼ã³å‡ºã•れã¾ã›ã‚“ãŒã€ä»£ã‚りã«ãƒžã‚¯ãƒ­XFreeã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚デフォルトã®ãƒ“ルドã®å ´åˆã€PTR引数ã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚wolfssl_static_memoryビルドを使用ã™ã‚‹å ´åˆã¯ã€ãƒ’ープã¨ã‚¿ã‚¤ãƒ—引数ãŒå«ã¾ã‚Œã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ptr 解放ã•れるメモリã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ントヒント。nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯free()ã«ä¼¼ã¦ã„ã¾ã™ãŒã€wolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れãŸãƒ¡ãƒ¢ãƒªè§£æ”¾é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€wolfSSLã¯free()を使用ã—ã¾ã™ã€‚ã“れã¯wolfSSLメモリ抽象化レイヤーを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfSSL_SetAllocators()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。wolfSSL_Freeã¯ç›´æŽ¥wolfSSLã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã®ã§ã¯ãªãã€ä»£ã‚りã«ãƒžã‚¯ãƒ­XFREEã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 + デフォルトã®ãƒ“ルドã§ã¯ã€ptrパラメータã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚WOLFSSL_STATIC_MEMORYビルドを使用ã—ã¦ã„ã‚‹å ´åˆã¯ã€heapã¨typeパラメータãŒå«ã¾ã‚Œã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ptr 解放ã™ã‚‹ãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param type 動的タイプ(types.hã®DYNAMIC_TYPE_リストをå‚照)。 + _Example_ \code int* tenInts = (int*)wolfSSL_Malloc(sizeof(int)*10); - // process data as desired + // å¿…è¦ã«å¿œã˜ã¦ãƒ‡ãƒ¼ã‚¿ã‚’å‡¦ç† ... if(tenInts) { - wolfSSL_Free(tenInts); + wolfSSL_Free(tenInts, NULL, DYNAMIC_TYPE_TMP_BUFFER); } \endcode + \sa wolfSSL_Alloc \sa wolfSSL_Realloc \sa wolfSSL_SetAllocators @@ -44,17 +58,24 @@ /*! \ingroup Memory - \brief ã“ã®é–¢æ•°ã¯REALLOC()ã¨ä¼¼ã¦ã„ã¾ã™ãŒã€WolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«æ§‹æˆã•れã¦ã„るメモリå†å‰²ã‚Šå½“ã¦æ©Ÿèƒ½ã‚’呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€WolfSSLã¯RealLoc()を使用ã—ã¾ã™ã€‚ã“れã¯ã€WolfSSLメモリ抽象化レイヤを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfssl_setAllocator()をå‚ç…§ã—ã¦ãã ã•ã„。注WOLFSSL_REALLOCã¯WOLFSSLã«ã‚ˆã£ã¦ç›´æŽ¥å‘¼ã³å‡ºã•れã¾ã›ã‚“ãŒã€ä»£ã‚りã«ãƒžã‚¯ãƒ­Xreallocã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚デフォルトã®ãƒ“ルドã®å ´åˆã€size引数ã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚wolfssl_static_memoryビルドを使用ã™ã‚‹å ´åˆã¯ã€ãƒ’ープã¨ã‚¿ã‚¤ãƒ—引数ãŒå«ã¾ã‚Œã¾ã™ã€‚ - \return pointer æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯ãƒžã‚¤ãƒã‚¤ãƒ³ãƒˆã‚’å†å‰²ã‚Šå½“ã¦ã™ã‚‹ãŸã‚ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯PTRã¨åŒã˜ãƒã‚¤ãƒ³ã‚¿ã€ã¾ãŸã¯æ–°ã—ã„ãƒã‚¤ãƒ³ã‚¿ã®å ´æ‰€ã§ã‚り得る。 - \return Null エラーãŒã‚ã‚‹å ´åˆã¯ã€NULLãŒè¿”ã•れã¾ã™ã€‚ - \param ptr å†å‰²ã‚Šå½“ã¦ã•れã¦ã„るメモリã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param size 割り当ã¦ã‚‹ãƒã‚¤ãƒˆæ•°ã€‚ - \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ントヒント。nullã«ãªã‚‹ã“ã¨ãŒã§ãã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯realloc()ã«ä¼¼ã¦ã„ã¾ã™ãŒã€wolfSSLãŒä½¿ç”¨ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れãŸãƒ¡ãƒ¢ãƒªå†å‰²ã‚Šå½“ã¦é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚デフォルトã§ã¯ã€wolfSSLã¯realloc()を使用ã—ã¾ã™ã€‚ã“れã¯wolfSSLメモリ抽象化レイヤーを使用ã—ã¦å¤‰æ›´ã§ãã¾ã™ - wolfSSL_SetAllocators()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + wolfSSL_Reallocã¯ç›´æŽ¥wolfSSLã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã®ã§ã¯ãªãã€ä»£ã‚りã«ãƒžã‚¯ãƒ­XREALLOCã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れるã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。デフォルトã®ãƒ“ルドã§ã¯ã€sizeパラメータã®ã¿ãŒå­˜åœ¨ã—ã¾ã™ã€‚WOLFSSL_STATIC_MEMORYビルドを使用ã—ã¦ã„ã‚‹å ´åˆã¯ã€heapã¨typeパラメータãŒå«ã¾ã‚Œã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯å†å‰²ã‚Šå½“ã¦ã•れãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ptrã¨åŒã˜ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹å ´åˆã‚‚ã‚れã°ã€æ–°ã—ã„ãƒã‚¤ãƒ³ã‚¿ã®å ´æ‰€ã§ã‚ã‚‹å ´åˆã‚‚ã‚りã¾ã™ã€‚ + \return Null エラーãŒã‚ã‚‹å ´åˆã€NULLãŒè¿”ã•れã¾ã™ã€‚ + + \param ptr å†å‰²ã‚Šå½“ã¦ã™ã‚‹ã€ä»¥å‰ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size 割り当ã¦ã‚‹ãƒã‚¤ãƒˆæ•°ã€‚ + \param heap メモリã«ä½¿ç”¨ã™ã‚‹ãƒ’ープヒント。NULLã«ã§ãã¾ã™ã€‚ + \param type 動的タイプ(types.hã®DYNAMIC_TYPE_リストをå‚照)。 + _Example_ \code int* tenInts = (int*)wolfSSL_Malloc(sizeof(int)*10); int* twentyInts = (int*)wolfSSL_Realloc(tenInts, sizeof(int)*20); \endcode + \sa wolfSSL_Free \sa wolfSSL_Malloc \sa wolfSSL_SetAllocators @@ -66,58 +87,71 @@ /*! \ingroup Memory - \brief ã“ã®æ©Ÿèƒ½ã¯ã€WolfSSLãŒä½¿ç”¨ã™ã‚‹å‰²ã‚Šå½“ã¦é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚デフォルトã§ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ãŒãれをサãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã€Malloc / Freeã¨RealLocãŒä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã‚’使用ã™ã‚‹ã¨ã€å®Ÿè¡Œæ™‚ã«ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ç‹¬è‡ªã®ãƒ¡ãƒ¢ãƒªãƒãƒ³ãƒ‰ãƒ©ã‚’インストールã§ãã¾ã™ã€‚ - \return Success æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯0ã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \param malloc_function 使用ã™ã‚‹WolfSSLã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦æ©Ÿèƒ½é–¢æ•°ç½²åã¯ã€ä¸Šè¨˜ã®wolfssl_malloc_cbプロトタイプã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param free_function 使用ã™ã‚‹WolfSSLã®ãƒ¡ãƒ¢ãƒªãƒ•リー機能関数シグãƒãƒãƒ£ã¯ã€ä¸Šè¨˜ã®wolfssl_free_cbプロトタイプã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒä½¿ç”¨ã™ã‚‹å‰²ã‚Šå½“ã¦é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚デフォルトã§ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ãŒã‚µãƒãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã€malloc/freeã¨reallocãŒä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã¨ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯å®Ÿè¡Œæ™‚ã«ç‹¬è‡ªã®ãƒ¡ãƒ¢ãƒªãƒãƒ³ãƒ‰ãƒ©ã‚’インストールã§ãã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラー。 + + \param malloc_function wolfSSLãŒä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦é–¢æ•°ã€‚関数シグãƒãƒãƒ£ã¯ä¸Šè¨˜ã®wolfSSL_Malloc_cbプロトタイプã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param free_function wolfSSLãŒä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªè§£æ”¾é–¢æ•°ã€‚関数シグãƒãƒãƒ£ã¯ä¸Šè¨˜ã®wolfSSL_Free_cbプロトタイプã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param realloc_function wolfSSLãŒä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªå†å‰²ã‚Šå½“ã¦é–¢æ•°ã€‚関数シグãƒãƒãƒ£ã¯ä¸Šè¨˜ã®wolfSSL_Realloc_cbプロトタイプã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code static void* MyMalloc(size_t size) { - // custom malloc function + // カスタムmalloc関数 } static void MyFree(void* ptr) { - // custom free function + // カスタムfree関数 } static void* MyRealloc(void* ptr, size_t size) { - // custom realloc function + // カスタムrealloc関数 } - // Register custom memory functions with wolfSSL + // カスタムメモリ関数をwolfSSLã«ç™»éŒ² int ret = wolfSSL_SetAllocators(MyMalloc, MyFree, MyRealloc); if (ret != 0) { - // failed to set memory functions + // メモリ関数ã®è¨­å®šã«å¤±æ•— } \endcode + \sa none */ -int wolfSSL_SetAllocators(wolfSSL_Malloc_cb, - wolfSSL_Free_cb, - wolfSSL_Realloc_cb); +int wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, wolfSSL_Free_cb ff, + wolfSSL_Realloc_cb rf); /*! \ingroup Memory - \brief ã“ã®æ©Ÿèƒ½ã¯ã€é™çš„メモリ機能ãŒä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆï¼ˆ--enable-staticMemory)ã®å ´åˆã«ä½¿ç”¨ã§ãã¾ã™ã€‚メモリã®ã€Œãƒã‚±ãƒƒãƒˆã€ã«æœ€é©ãªãƒãƒƒãƒ•ァサイズを示ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ‘ーティション化ã•れãŸå¾Œã«è¿½åŠ ã®æœªä½¿ç”¨ã®ãƒ¡ãƒ¢ãƒªãŒçµ‚了ã—ãªã„よã†ã«ã€ãƒãƒƒãƒ•ァサイズを計算ã™ã‚‹æ–¹æ³•ãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚è¿”ã•れãŸå€¤ã¯ã€æ­£ã®å ´åˆã€ä½¿ç”¨ã™ã‚‹ã‚³ãƒ³ãƒ”ュータã®ãƒãƒƒãƒ•ァサイズã§ã™ã€‚ - \return Success ãƒãƒƒãƒ•ァサイズ計算を正常ã«å®Œäº†ã™ã‚‹ã¨ã€æ­£ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ã“ã®è¿”ã•れãŸå€¤ã¯æœ€é©ãªãƒãƒƒãƒ•ァサイズã§ã™ã€‚ - \return Failure ã™ã¹ã¦ã®è² ã®å€¤ã¯ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¨è¦‹ãªã•れã¾ã™ã€‚ - \param buffer ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param size ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€é™çš„メモリ機能ãŒä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆã«åˆ©ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-staticmemory)。メモリ「ãƒã‚±ãƒƒãƒˆã€ã®æœ€é©ãªãƒãƒƒãƒ•ァサイズをæä¾›ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ‘ーティション化ã•れãŸå¾Œã«ä½™åˆ†ãªæœªä½¿ç”¨ãƒ¡ãƒ¢ãƒªãŒæ®‹ã‚‰ãªã„よã†ã«ãƒãƒƒãƒ•ァサイズを計算ã™ã‚‹æ–¹æ³•ãŒæä¾›ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã®éž_exãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«è¨­å®šã•れãŸãƒ‡ãƒ•ォルトã®ãƒã‚±ãƒƒãƒˆã¨é…布リストãŒä½¿ç”¨ã•れã¾ã™ã€‚ + è¿”ã•ã‚Œã‚‹å€¤ãŒæ­£ã®å ´åˆã€ä½¿ç”¨ã™ã‚‹è¨ˆç®—ã•れãŸãƒãƒƒãƒ•ァサイズã§ã™ã€‚ + + \return Success ãƒãƒƒãƒ•ァサイズã®è¨ˆç®—ãŒæ­£å¸¸ã«å®Œäº†ã™ã‚‹ã¨ã€æ­£ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ã“ã®è¿”ã•ã‚Œã‚‹å€¤ã¯æœ€é©ãªãƒãƒƒãƒ•ァサイズã§ã™ã€‚ + \return Failure ã™ã¹ã¦ã®è² ã®å€¤ã¯ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¨è¦‹ãªã•れã¾ã™ã€‚ + + \param buffer ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param type 希望ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚¿ã‚¤ãƒ—ã€ã¤ã¾ã‚ŠWOLFMEM_GENERALã¾ãŸã¯WOLFMEM_IO_POOL。 + _Example_ \code byte buffer[1000]; word32 size = sizeof(buffer); int optimum; + optimum = wolfSSL_StaticBufferSz(buffer, size, WOLFMEM_GENERAL); - if (optimum < 0) { //handle error case } - printf(“The optimum buffer size to make use of all memory is %d\nâ€, + if (optimum < 0) { //ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } + printf("ã™ã¹ã¦ã®ãƒ¡ãƒ¢ãƒªã‚’利用ã™ã‚‹ãŸã‚ã®æœ€é©ãªãƒãƒƒãƒ•ァサイズ㯠%d ã§ã™\n", optimum); ... \endcode + \sa wolfSSL_Malloc \sa wolfSSL_Free */ @@ -125,21 +159,414 @@ /*! \ingroup Memory - \brief ã“ã®æ©Ÿèƒ½ã¯ã€é™çš„メモリ機能ãŒä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆï¼ˆ--enable-staticMemory)ã®å ´åˆã«ä½¿ç”¨ã§ãã¾ã™ã€‚メモリã®å„パーティションã«å¿…è¦ãªãƒ‘ディングã®ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ã“ã®ãƒ‘ディングサイズã¯ã€ãƒ¡ãƒ¢ãƒªã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã®ãŸã‚ã«è¿½åŠ ã®ãƒ¡ãƒ¢ãƒªç®¡ç†æ§‹é€ ã‚’å«ã‚€å¿…è¦ãŒã‚るサイズã«ãªã‚Šã¾ã™ã€‚ - \return On 正常ãªãƒ¡ãƒ¢ãƒªãƒ‘ãƒ‡ã‚£ãƒ³ã‚°è¨ˆç®—æˆ»ã‚Šå€¤ã¯æ­£ã®å€¤ã«ãªã‚Šã¾ã™ - \return All è² ã®å€¤ã¯ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¨è¦‹ãªã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€é™çš„メモリ機能ãŒä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆã«åˆ©ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-staticmemory)。メモリã®å„パーティションã«å¿…è¦ãªãƒ‘ディングã®ã‚µã‚¤ã‚ºã‚’æä¾›ã—ã¾ã™ã€‚ã“ã®ãƒ‘ディングサイズã¯ã€ãƒ¡ãƒ¢ãƒªç®¡ç†æ§‹é€ ä½“ã‚’å«ã‚€ãŸã‚ã«å¿…è¦ãªã‚µã‚¤ã‚ºã¨ã€ãƒ¡ãƒ¢ãƒªã‚¢ãƒ©ã‚¤ãƒ¡ãƒ³ãƒˆã®ãŸã‚ã®è¿½åŠ åˆ†ã«ãªã‚Šã¾ã™ã€‚ + + \return メモリパディングã®è¨ˆç®—ãŒæˆåŠŸã™ã‚‹ã¨ã€æˆ»ã‚Šå€¤ã¯æ­£ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ + \return ã™ã¹ã¦ã®è² ã®å€¤ã¯ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¨è¦‹ãªã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code int padding; padding = wolfSSL_MemoryPaddingSz(); - if (padding < 0) { //handle error case } - printf(“The padding size needed for each \â€bucket\†of memory is %d\nâ€, + if (padding < 0) { //ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } + printf("メモリã®å„「ãƒã‚±ãƒƒãƒˆã€ã«å¿…è¦ãªãƒ‘ディングサイズ㯠%d ã§ã™\n", padding); - // calculation of buffer for IO POOL size is number of buckets - // times (padding + WOLFMEM_IO_SZ) + // IO POOLサイズã®ãƒãƒƒãƒ•ã‚¡ã®è¨ˆç®—ã¯ã€ãƒã‚±ãƒƒãƒˆæ•° + // × (padding + WOLFMEM_IO_SZ) ... \endcode + \sa wolfSSL_Malloc \sa wolfSSL_Free */ int wolfSSL_MemoryPaddingSz(void); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€CTXã®ãŸã‚ã«é™çš„メモリを確ä¿ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚確ä¿ã•れãŸãƒ¡ãƒ¢ãƒªã¯ã€CTXã®å­˜ç¶šæœŸé–“中ãŠã‚ˆã³CTXã‹ã‚‰ä½œæˆã•れãŸã™ã¹ã¦ã®SSLオブジェクトã«ä½¿ç”¨ã•れã¾ã™ã€‚NULLã®ctxãƒã‚¤ãƒ³ã‚¿ã¨wolfSSL_method_func関数を渡ã™ã“ã¨ã«ã‚ˆã‚Šã€CTX自体ã®ä½œæˆã‚‚é™çš„メモリを使用ã—ã¾ã™ã€‚wolfSSL_method_funcã¯ã€WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);ã®é–¢æ•°ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¡ã¾ã™ã€‚ + maxã«0を渡ã™ã¨ã€è¨­å®šã•れã¦ã„ãªã„ã‹ã®ã‚ˆã†ã«å‹•作ã—ã€æœ€å¤§åŒæ™‚使用制é™ãŒé©ç”¨ã•れã¾ã›ã‚“。 + 渡ã•れるflag値ã¯ã€ãƒ¡ãƒ¢ãƒªã®ä½¿ç”¨æ–¹æ³•ã¨å‹•作中ã®å‹•作を決定ã—ã¾ã™ã€‚ + 利用å¯èƒ½ãªãƒ•ãƒ©ã‚°ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚ + + 0 - デフォルトã®ä¸€èˆ¬ãƒ¡ãƒ¢ãƒª + + WOLFMEM_IO_POOL - メッセージã®é€å—信時ã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«ä½¿ç”¨ã•れã¾ã™ã€‚一般メモリをオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ãŸã‚ã€æ¸¡ã•れãŸãƒãƒƒãƒ•ァ内ã®ã™ã¹ã¦ã®ãƒ¡ãƒ¢ãƒªãŒIOã«ä½¿ç”¨ã•れã¾ã™ã€‚ + WOLFMEM_IO_FIXED - WOLFMEM_IO_POOLã¨åŒã˜ã§ã™ãŒã€å„SSLã¯å­˜ç¶šæœŸé–“中ã«2ã¤ã®ãƒãƒƒãƒ•ã‚¡ã‚’ä¿æŒã—ã¾ã™ã€‚ + WOLFMEM_TRACK_STATS - å„SSLã¯å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªçµ±è¨ˆã‚’追跡ã—ã¾ã™ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€SSL_SUCCESSãŒè¿”ã•れã¾ã™ã€‚ + \return ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã¾ãŸã¯SSL_FAILUREã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚ + + \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã€‚ + \param method プロトコルを作æˆã™ã‚‹é–¢æ•°ã€‚(ctxã‚‚NULLã§ãªã„å ´åˆã¯NULLã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼‰ + \param buf ã™ã¹ã¦ã®æ“作ã«ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã€‚ + \param sz 渡ã•れるメモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param flag メモリã®ã‚¿ã‚¤ãƒ—。 + \param max æœ€å¤§åŒæ™‚æ“作数。 + + _Example_ + \code + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + unsigned char IO[MAX]; + int IOSz = MAX; + int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS; + ... + // é™çš„メモリを使用ã—ã¦ctxも作æˆã€ä½¿ç”¨ã™ã‚‹ä¸€èˆ¬ãƒ¡ãƒ¢ãƒªã‹ã‚‰é–‹å§‹ + ctx = NULL: + ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex, memory, memorySz, 0, + MAX_CONCURRENT_HANDSHAKES); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + // IOã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード + ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag, MAX_CONCURRENT_IO); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + ... + \endcode + + \sa wolfSSL_CTX_new + \sa wolfSSL_CTX_is_static_memory + \sa wolfSSL_is_static_memory +*/ +int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method, + unsigned char* buf, unsigned int sz, int flag, int max); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯æŽ¥ç¶šã®å‹•作を変更ã›ãšã€é™çš„メモリ使用ã«é–¢ã™ã‚‹æƒ…報をåŽé›†ã™ã‚‹ãŸã‚ã«ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return CTXã«é™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã¯1ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ + \return é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã¯0ãŒè¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem_stats é™çš„メモリ使用ã«é–¢ã™ã‚‹æƒ…å ±ã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“。 + + _Example_ + \code + WOLFSSL_CTX* ctx; + int ret; + WOLFSSL_MEM_STATS mem_stats; + ... + //CTXã§ã®é™çš„メモリã«é–¢ã™ã‚‹æƒ…報をå–å¾— + + ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats); + + if (ret == 1) { + // é™çš„メモリを使用ã—ã¦ã„ã‚‹ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + // mem_statsã®è¦ç´ ã‚’出力ã¾ãŸã¯æ¤œæŸ» + } + + if (ret == 0) { + //ctxãŒé™çš„メモリを使用ã—ã¦ã„ãªã„ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + ... + \endcode + + \sa wolfSSL_CTX_new + \sa wolfSSL_CTX_load_static_memory + \sa wolfSSL_is_static_memory +*/ +int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats); + +/*! + \ingroup Memory + + \brief wolfSSL_is_static_memoryã¯ã€SSLã®é™çš„メモリ使用ã«é–¢ã™ã‚‹æƒ…報をåŽé›†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚戻り値ã¯ã€é™çš„メモリãŒä½¿ç”¨ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã€WOLFSSL_MEM_CONN_STATSã¯ã€é™çš„メモリをロードã™ã‚‹éš›ã«è¦ªCTXã«WOLFMEM_TRACK_STATSãƒ•ãƒ©ã‚°ãŒæ¸¡ã•れãŸå ´åˆã«ã®ã¿å…¥åŠ›ã•れã¾ã™ã€‚ + + \return CTXã«é™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã¯1ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ + \return é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã¯0ãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem_stats é™çš„メモリ使用をå«ã‚€æ§‹é€ ä½“。 + + _Example_ + \code + WOLFSSL* ssl; + int ret; + WOLFSSL_MEM_CONN_STATS mem_stats; + + ... + + ret = wolfSSL_is_static_memory(ssl, mem_stats); + + if (ret == 1) { + // é™çš„メモリã®å ´åˆã®ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + // WOLFMEM_TRACK_STATSフラグãŒã‚ã‚‹å ´åˆã¯mem_statsã®è¦ç´ ã‚’調査 + } + ... + \endcode + + \sa wolfSSL_new + \sa wolfSSL_CTX_is_static_memory +*/ +int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€wolfCrypt使用ã®ãŸã‚ã«é™çš„メモリを確ä¿ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚作æˆã•れãŸãƒ’ãƒ¼ãƒ—ãƒ’ãƒ³ãƒˆã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã§ãƒ¡ãƒ¢ãƒªã‚’使用ã§ãã¾ã™ã€‚ã“ã®ä¾‹ã¯ã€wc_InitRng_exを呼ã³å‡ºã™ã¨ãã§ã™ã€‚渡ã•れるflag値ã¯ã€ãƒ¡ãƒ¢ãƒªã®ä½¿ç”¨æ–¹æ³•ã¨å‹•作中ã®å‹•作を決定ã—ã¾ã™ã€‚一般的ã«ã€wolfCryptæ“作ã¯WOLFMEM_GENERALプールã‹ã‚‰ãƒ¡ãƒ¢ãƒªã‚’使用ã—ã¾ã™ã€‚ + 利用å¯èƒ½ãªãƒ•ãƒ©ã‚°ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚ + + WOLFMEM_GENERAL - デフォルトã®ä¸€èˆ¬ãƒ¡ãƒ¢ãƒª + + WOLFMEM_IO_POOL - メッセージã®é€å—信時ã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«ä½¿ç”¨ã•れã¾ã™ã€‚一般メモリをオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ãŸã‚ã€æ¸¡ã•れãŸãƒãƒƒãƒ•ァ内ã®ã™ã¹ã¦ã®ãƒ¡ãƒ¢ãƒªãŒIOã«ä½¿ç”¨ã•れã¾ã™ã€‚ + WOLFMEM_IO_FIXED - WOLFMEM_IO_POOLã¨åŒã˜ã§ã™ãŒã€å„SSLã¯å­˜ç¶šæœŸé–“中ã«2ã¤ã®ãƒãƒƒãƒ•ã‚¡ã‚’ä¿æŒã—ã¾ã™ã€‚ + WOLFMEM_TRACK_STATS - å„SSLã¯å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªçµ±è¨ˆã‚’追跡ã—ã¾ã™ã€‚ + + \return none ã“ã®é–¢æ•°ã¯å€¤ã‚’è¿”ã—ã¾ã›ã‚“。 + + \param phint 使用ã™ã‚‹WOLFSSL_HEAP_HINT構造体。 + \param buf ã™ã¹ã¦ã®æ“作ã«ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã€‚ + \param sz 渡ã•れるメモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param flag メモリã®ã‚¿ã‚¤ãƒ—。 + \param max æœ€å¤§åŒæ™‚æ“作数(ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã€IO)。 + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; + ... + + // 使用ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード + + ret = wc_LoadStaticMemory(&hint, memory, memorySz, flag, 0); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + ... + + ret = wc_InitRng_ex(&rng, hint, 0); + + // ret値をãƒã‚§ãƒƒã‚¯ + \endcode + + \sa none +*/ +int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, unsigned char* buf, + unsigned int sz, int flag, int max); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚«ã‚¹ã‚¿ãƒ ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã¨é…分を使用ã—ã¦wolfCrypt使用ã®ãŸã‚ã«é™çš„メモリを確ä¿ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚作æˆã•れãŸãƒ’ãƒ¼ãƒ—ãƒ’ãƒ³ãƒˆã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã§ãƒ¡ãƒ¢ãƒªã‚’使用ã§ãã¾ã™ã€‚ã“ã®æ‹¡å¼µãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã¯ã€ãƒ‡ãƒ•ォルトã®äº‹å‰å®šç¾©ã•れãŸã‚µã‚¤ã‚ºã‚’使用ã™ã‚‹ä»£ã‚りã«ã€ã‚«ã‚¹ã‚¿ãƒ ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã¨é…分を使用ã§ãã¾ã™ã€‚ + + \return none ã“ã®é–¢æ•°ã¯å€¤ã‚’è¿”ã—ã¾ã›ã‚“。 + + \param pHint åˆæœŸåŒ–ã™ã‚‹WOLFSSL_HEAP_HINTãƒãƒ³ãƒ‰ãƒ«ã€‚ + \param listSz サイズリストã¨åˆ†å¸ƒãƒªã‚¹ãƒˆã®ã‚¨ãƒ³ãƒˆãƒªæ•°ã€‚ + \param sizeList 使用ã™ã‚‹ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã®é…列。 + \param distList sizeListã«å¯¾å¿œã™ã‚‹åˆ†å¸ƒãƒªã‚¹ãƒˆã€‚ + \param buf ã™ã¹ã¦ã®æ“作ã«ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã€‚ + \param sz 渡ã•れるメモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param flag メモリã®ã‚¿ã‚¤ãƒ—。 + \param max æœ€å¤§åŒæ™‚æ“作数(ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã€IO)。 + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + int flag = WOLFMEM_GENERAL | WOLFMEM_TRACK_STATS; + const word32 sizeList[] = {64, 128, 256, 512, 1024}; + const word32 distList[] = {1, 1, 1, 1, 1}; + unsigned int listSz = (unsigned int)(sizeof(sizeList)/ + sizeof(sizeList[0])); + ... + + // カスタムãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード + + ret = wc_LoadStaticMemory_ex(&hint, listSz, sizeList, distList, + memory, memorySz, flag, 0); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + ... + + ret = wc_InitRng_ex(&rng, hint, 0); + + // ret値をãƒã‚§ãƒƒã‚¯ + \endcode + + \sa wc_LoadStaticMemory + \sa wc_UnloadStaticMemory +*/ +int wc_LoadStaticMemory_ex(WOLFSSL_HEAP_HINT** pHint, unsigned int listSz, + const word32 *sizeList, const word32 *distList, + unsigned char* buf, unsigned int sz, int flag, int max); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€NULLヒープヒントãŒãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦é–¢æ•°ã«æ¸¡ã•れãŸã¨ãã«ä½¿ç”¨ã•れるグローãƒãƒ«ãƒ’ープヒントを設定ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ã‚¢ãƒ—リケーション全体ã§ä½¿ç”¨ã•れるデフォルトã®ãƒ’ープヒントを設定ã§ãã¾ã™ã€‚ + + \return 設定ã•れã¦ã„ãŸä»¥å‰ã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ãƒ’ープヒントを返ã—ã¾ã™ã€‚ + + \param hint グローãƒãƒ«ãƒ’ープヒントã¨ã—ã¦ä½¿ç”¨ã™ã‚‹WOLFSSL_HEAP_HINT構造体。 + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + WOLFSSL_HEAP_HINT* prev_hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + ... + + // 使用ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード + ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + + // グローãƒãƒ«ãƒ’ープヒントã¨ã—ã¦è¨­å®š + prev_hint = wolfSSL_SetGlobalHeapHint(&hint); + if (prev_hint != NULL) { + // 以å‰ã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ãƒ’ープヒントãŒã‚りã¾ã—㟠+ } + \endcode + + \sa wolfSSL_GetGlobalHeapHint + \sa wc_LoadStaticMemory +*/ +WOLFSSL_HEAP_HINT* wolfSSL_SetGlobalHeapHint(WOLFSSL_HEAP_HINT* hint); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€NULLヒープヒントãŒãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦é–¢æ•°ã«æ¸¡ã•れãŸã¨ãã«ä½¿ç”¨ã•れるç¾åœ¨ã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ãƒ’ープヒントをå–å¾—ã—ã¾ã™ã€‚ + + \return ç¾åœ¨ã®ã‚°ãƒ­ãƒ¼ãƒãƒ«ãƒ’ープヒントを返ã—ã¾ã™ã€‚設定ã•れã¦ã„ãªã„å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + + _Example_ + \code + WOLFSSL_HEAP_HINT* current_hint; + ... + + current_hint = wolfSSL_GetGlobalHeapHint(); + if (current_hint != NULL) { + // グローãƒãƒ«ãƒ’ープヒントãŒè¨­å®šã•れã¦ã„ã¾ã™ + // current_hintã‚’æ“作ã«ä½¿ç”¨ã§ãã¾ã™ + } + \endcode + + \sa wolfSSL_SetGlobalHeapHint + \sa wc_LoadStaticMemory +*/ +WOLFSSL_HEAP_HINT* wolfSSL_GetGlobalHeapHint(void); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€é™çš„メモリ割り当ã¦è¿½è·¡ç”¨ã®ãƒ‡ãƒãƒƒã‚°ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACKビルドオプションã¨å…±ã«ä½¿ç”¨ã•れã¾ã™ã€‚コールãƒãƒƒã‚¯é–¢æ•°ã¯ã€ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŠã‚ˆã³å‰²ã‚Šå½“ã¦è§£é™¤æ“作中ã«å‘¼ã³å‡ºã•れã€ãƒ‡ãƒãƒƒã‚°æƒ…報をæä¾›ã—ã¾ã™ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€0ãŒè¿”ã•れã¾ã™ã€‚ + \return ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ + + \param cb 設定ã™ã‚‹ãƒ‡ãƒãƒƒã‚°ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã€‚ + + _Example_ + \code + static void debug_memory_cb(const char* func, const char* file, int line, + void* ptr, size_t size, int type) + { + printf("Memory %s: %s:%d ptr=%p size=%zu type=%d\n", + func, file, line, ptr, size, type); + } + ... + + // デãƒãƒƒã‚°ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定 + int ret = wolfSSL_SetDebugMemoryCb(debug_memory_cb); + if (ret != 0) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + \endcode + + \sa none +*/ +void wolfSSL_SetDebugMemoryCb(DebugMemoryCb cb); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€é™çš„メモリヒープã¨é–¢é€£ã™ã‚‹ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ã‚’解放ã—ã¾ã™ã€‚é™çš„メモリ割り当ã¦ã®ä½¿ç”¨ãŒå®Œäº†ã—ãŸã¨ãã«ã€ãƒªã‚½ãƒ¼ã‚¹ã‚’é©åˆ‡ã«ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€0ãŒè¿”ã•れã¾ã™ã€‚ + \return ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ + + \param hint アンロードã™ã‚‹WOLFSSL_HEAP_HINT構造体。 + + _Example_ + \code + WOLFSSL_HEAP_HINT hint; + int ret; + unsigned char memory[MAX]; + int memorySz = MAX; + ... + + // 使用ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード + ret = wc_LoadStaticMemory(&hint, memory, memorySz, WOLFMEM_GENERAL, 0); + if (ret != SSL_SUCCESS) { + // ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + } + + // æ“作ã«ãƒ¡ãƒ¢ãƒªã‚’使用 + ... + + // 完了時ã«ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ— + wc_UnloadStaticMemory(&hint); + \endcode + + \sa wc_LoadStaticMemory + \sa wc_LoadStaticMemory_ex +*/ +void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap); + +/*! + \ingroup Memory + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚«ã‚¹ã‚¿ãƒ ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã¨é…分を使用ã—ãŸé™çš„メモリ割り当ã¦ã«å¿…è¦ãªãƒãƒƒãƒ•ァサイズを計算ã—ã¾ã™ã€‚ã“ã®æ‹¡å¼µãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã¯ã€ãƒ‡ãƒ•ォルトã®äº‹å‰å®šç¾©ã•れãŸã‚µã‚¤ã‚ºã‚’使用ã™ã‚‹ä»£ã‚りã«ã€ã‚«ã‚¹ã‚¿ãƒ ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã‚’使用ã§ãã¾ã™ã€‚ + + \return ãƒãƒƒãƒ•ァサイズã®è¨ˆç®—ãŒæ­£å¸¸ã«å®Œäº†ã™ã‚‹ã¨ã€æ­£ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ + \return ã™ã¹ã¦ã®è² ã®å€¤ã¯ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¨è¦‹ãªã•れã¾ã™ã€‚ + + \param bucket_sizes 使用ã™ã‚‹ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã®é…列。 + \param bucket_count é…列内ã®ãƒã‚±ãƒƒãƒˆã‚µã‚¤ã‚ºã®æ•°ã€‚ + \param flag 希望ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚¿ã‚¤ãƒ—ã€ã¤ã¾ã‚ŠWOLFMEM_GENERALã¾ãŸã¯WOLFMEM_IO_POOL。 + + _Example_ + \code + word32 sizeList[] = {64, 128, 256, 512, 1024}; + word32 distList[] = {1, 2, 1, 1, 1}; + int listSz = 5; + int optimum; + + optimum = wolfSSL_StaticBufferSz_ex(listSz, sizeList, distList, NULL, 0, + WOLFMEM_GENERAL); + if (optimum < 0) { //ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } + printf("カスタムãƒã‚±ãƒƒãƒˆã§ã®æœ€é©ãªãƒãƒƒãƒ•ァサイズ㯠%d ã§ã™\n", optimum); + ... + \endcode + + \sa wolfSSL_StaticBufferSz + \sa wc_LoadStaticMemory_ex +*/ +int wolfSSL_StaticBufferSz_ex(unsigned int listSz, + const word32 *sizeList, const word32 *distList, + byte* buffer, word32 sz, int flag); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ocsp.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ocsp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ocsp.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ocsp.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,48 @@ +/*! + \ingroup OCSP + + \brief OCSPコンテキストを割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€OCSPæ“作ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®WOLFSSL_OCSP構造体を割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \param cm 証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return æˆåŠŸæ™‚ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸWOLFSSL_OCSPã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return 失敗時ã«NULL + + \sa wc_FreeOCSP +*/ +WOLFSSL_OCSP* wc_NewOCSP(WOLFSSL_CERT_MANAGER* cm); + +/*! + \ingroup OCSP + + \brief OCSPコンテキストã«é–¢é€£ä»˜ã‘られãŸãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€WOLFSSL_OCSP構造体ã«é–¢é€£ä»˜ã‘られãŸã™ã¹ã¦ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ + + \param ocsp 解放ã™ã‚‹WOLFSSL_OCSP構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return void + + \sa wc_NewOCSP +*/ +void wc_FreeOCSP(WOLFSSL_OCSP* ocsp); + +/*! + \ingroup OCSP + + \brief 指定ã•れãŸè¨¼æ˜Žæ›¸ã®OCSPレスãƒãƒ³ã‚¹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®è¨¼æ˜Žæ›¸ã®OCSPレスãƒãƒ³ã‚¹ã‚’検証ã—ã¾ã™ã€‚ + + \param ocsp WOLFSSL_OCSP構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cert デコードã•れãŸè¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param response OCSPレスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param responseSz OCSPレスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param heap オプションã®ãƒ’ープãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return 0 æˆåŠŸæ™‚ + \return <0 失敗時 +*/ +int wc_CheckCertOcspResponse(WOLFSSL_OCSP *ocsp, DecodedCert *cert, byte *response, int responseSz, void* heap); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pem.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pem.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,23 +1,29 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®wolfssl_bio構造体ã«ã‚­ãƒ¼ã‚’書ãè¾¼ã¿ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ã€‚ - \return SSL_FAILURE 失敗ã™ã‚‹ã¨ã€‚ - \param bio wolfssl_bio構造体ã‹ã‚‰PEMãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã—ã¾ã™ã€‚ - \param key PEMå½¢å¼ã«å¤‰æ›ã™ã‚‹ãŸã‚ã®ã‚­ãƒ¼ã€‚ - \param cipher EVPæš—å·æ§‹é€  - \param passwd パスワード。 - \param len パスワードã®é•·ã• - \param cb パスワードコールãƒãƒƒã‚¯ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_BIO構造体ã«ã‚­ãƒ¼ã‚’PEMå½¢å¼ã§æ›¸ãè¾¼ã¿ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE 失敗時。 + + \param bio PEMãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL_BIO構造体。 + \param key PEMå½¢å¼ã«å¤‰æ›ã™ã‚‹ã‚­ãƒ¼ã€‚ + \param cipher EVPæš—å·æ§‹é€ ä½“。 + \param passwd パスワード。 + \param len パスワードã®é•·ã•。 + \param cb パスワードコールãƒãƒƒã‚¯ã€‚ + \param arg オプション引数。 + _Example_ \code WOLFSSL_BIO* bio; WOLFSSL_EVP_PKEY* key; int ret; - // create bio and setup key + // bioを作æˆã—ã¦ã‚­ãƒ¼ã‚’セットアップ ret = wolfSSL_PEM_write_bio_PrivateKey(bio, key, NULL, NULL, 0, NULL, NULL); - //check ret value + //retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_PEM_read_bio_X509_AUX */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs11.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs11.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs11.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs11.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,35 +1,43 @@ /*! + \ingroup PKCS11 */ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap); /*! + \ingroup PKCS11 */ void wc_Pkcs11_Finalize(Pkcs11Dev* dev); /*! + \ingroup PKCS11 */ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, const char* tokenName, const unsigned char *userPin, int userPinSz); /*! + \ingroup PKCS11 */ void wc_Pkcs11Token_Final(Pkcs11Token* token); /*! + \ingroup PKCS11 */ int wc_Pkcs11Token_Open(Pkcs11Token* token, int readWrite); /*! + \ingroup PKCS11 */ void wc_Pkcs11Token_Close(Pkcs11Token* token); /*! + \ingroup PKCS11 */ -int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, +int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key); /*! + \ingroup PKCS11 */ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs7.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,171 +1,219 @@ /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯ã€DERフォーマットã®è¨¼æ˜Žæ›¸ã‚’使用ã—ã¦PKCS7æ§‹é€ ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚空ã®PKCS7æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ã«ã¯ã€NULL CERTã¨CERTSZã®å ´åˆã¯0を渡ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 PKCS7構造ã®åˆæœŸåŒ–ã«æˆåŠŸã—ã¾ã—㟠- \return MEMORY_E xmallocã§ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_PARSE_E 証明書ヘッダーã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_EXPECT_0_E CERTãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆ - \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸é–‹å§‹æ—¥ä»¥å‰ã®å ´åˆè¿”å´ - \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸ã®æœ‰åŠ¹æœŸé™ã®å¾Œã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列を解æžã—ãŸã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCキーã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªã‚­ãƒ¼ã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_VERSION_E allow_v1_extensionsオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2ã®è¨¼æ˜Žæ›¸ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 証明書拡張機能ã®å‡¦ç†ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«ãªã˜ã¿ã®ãªã„é‡è¦ãªæ‹¡å¼µæ©Ÿèƒ½ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E èªè¨¼ç½²åãŒå¤±æ•—ã—ãŸã“ã¨ã‚’確èªã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAå制約ã«ã‚ˆã£ã¦è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’確èªã™ã‚‹ãŸã‚ã®CAç½²å者ãŒãªã„å ´åˆã«è¿”ã•れã¾ã—㟠- \param pkcs7 デコードã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param cert PKCS7æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®DERフォーマットã®ASN.1証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief カスタムAESéµãƒ©ãƒƒãƒ—/アンラップæ“作ã«ä½¿ç”¨ã•れるコールãƒãƒƒã‚¯ã€‚ + + \return æˆåŠŸæ™‚ã«ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒ©ãƒƒãƒ—/アンラップã•れãŸéµã®ã‚µã‚¤ã‚ºã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚戻り値0ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ï¼ˆ< 0)ã¯å¤±æ•—を示ã—ã¾ã™ã€‚ + + \param[in] key 使用ã™ã‚‹éµã‚’指定ã—ã¾ã™ã€‚ + \param[in] keySz 使用ã™ã‚‹éµã®ã‚µã‚¤ã‚ºã€‚ + \param[in] in ラップ/アンラップã™ã‚‹å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’æŒ‡å®šã—ã¾ã™ã€‚ + \param[in] inSz 入力データã®ã‚µã‚¤ã‚ºã€‚ + \param[in] wrap è¦æ±‚ã•ã‚ŒãŸæ“作ãŒéµãƒ©ãƒƒãƒ—ã®å ´åˆã¯1ã€ã‚¢ãƒ³ãƒ©ãƒƒãƒ—ã®å ´åˆã¯0。 + \param[out] out 出力ãƒãƒƒãƒ•ァを指定ã—ã¾ã™ã€‚ + \param[out] outSz 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ +*/ +typedef int (*CallbackAESKeyWrapUnwrap)(const byte* key, word32 keySz, + const byte* in, word32 inSz, int wrap, byte* out, word32 outSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€DERå½¢å¼ã®è¨¼æ˜Žæ›¸ã§PKCS7æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚空ã®PKCS7æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ã«ã¯ã€certã«NULLã‚’ã€certSzã«0を渡ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 PKCS7構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E XMALLOCã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 証明書ヘッダーã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_OBJECT_ID_E 証明書ã‹ã‚‰æš—å·åŒ–タイプã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_EXPECT_0_E è¨¼æ˜Žæ›¸ãƒ•ã‚¡ã‚¤ãƒ«ã®æš—å·åŒ–仕様ã«ãƒ•ォーマットエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_BEFORE_DATE_E 日付ãŒè¨¼æ˜Žæ›¸é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_AFTER_DATE_E 日付ãŒè¨¼æ˜Žæ›¸æœ‰åŠ¹æœŸé™ã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_BITSTR_E 証明書ã‹ã‚‰ãƒ“ット文字列ã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ECC_CURVE_OID_E 証明書ã‹ã‚‰ECCéµã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_UNKNOWN_OID_E 証明書ãŒä¸æ˜Žãªéµã‚ªãƒ–ジェクトIDを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_VERSION_E ALLOW_V1_EXTENSIONSオプションãŒå®šç¾©ã•れã¦ãŠã‚‰ãšã€è¨¼æ˜Žæ›¸ãŒV1ã¾ãŸã¯V2証明書ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 証明書拡張ã®å‡¦ç†ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_CRIT_EXT_E 証明書ã®å‡¦ç†ä¸­ã«ä¸æ˜Žãªã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«æ‹¡å¼µã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_SIG_OID_E ç½²åæš—å·åŒ–ã‚¿ã‚¤ãƒ—ãŒæä¾›ã•れãŸãƒ•ァイル内ã®è¨¼æ˜Žæ›¸ã®æš—å·åŒ–タイプã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_SIG_CONFIRM_E 証明書署åã®ç¢ºèªã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_NAME_INVALID_E 証明書ã®åå‰ãŒCAåå‰åˆ¶ç´„ã«ã‚ˆã£ã¦è¨±å¯ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_NO_SIGNER_E 証明書ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹CAç½²å者ãŒã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param pkcs7 デコードã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param der PKCS7æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®DERå½¢å¼ASN.1証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param derSz 証明書ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code - PKCS7 pkcs7; - byte derBuff[] = { }; // initialize with DER-encoded certificate + wc_PKCS7 pkcs7; + byte derBuff[] = { }; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– if ( wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)) != 0 ) { - // error parsing certificate into pkcs7 format + // 証明書ã®pkcs7å½¢å¼ã¸ã®è§£æžã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PKCS7_Free */ -int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); +int wc_PKCS7_InitWithCert(wc_PKCS7* pkcs7, byte* der, word32 derSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯ã€PKCS7ã®åˆæœŸåŒ–装置ã«ã‚ˆã£ã¦å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã‚’解放ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7åˆæœŸåŒ–å­ã«ã‚ˆã£ã¦å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã‚’解放ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param pkcs7 解放ã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code PKCS7 pkcs7; - // initialize and use PKCS7 object + // PKCS7ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¦ä½¿ç”¨ wc_PKCS7_Free(pkcs7); \endcode + \sa wc_PKCS7_InitWithCert */ -void wc_PKCS7_Free(PKCS7* pkcs7); +void wc_PKCS7_Free(wc_PKCS7* pkcs7); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯PKCS7データコンテンツタイプを構築ã—ã€PKCS7構造をパーセルå¯èƒ½ãªPKCS7データパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - \return Success PKCS7データをãƒãƒƒãƒ•ã‚¡ã«æ­£å¸¸ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã™ã‚‹ã¨ã€PKCS7構造内ã®ç´¢å¼•ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã«ã‚‚対応ã—ã¦ã„ã¾ã™ã€‚ - \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param pkcs7 符å·åŒ–ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7データコンテンツタイプをビルドã—ã€PKCS7構造体を解æžå¯èƒ½ãªPKCS7データパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return Success PKCS7データをãƒãƒƒãƒ•ã‚¡ã«æ­£å¸¸ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ãŸå ´åˆã€PKCS7構造体ã§è§£æžã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¾ã§è¿”ã—ã¾ã™ã€‚ã“ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«ã‚‚対応ã—ã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param pkcs7 エンコードã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte derBuff[] = { }; // initialize with DER-encoded certificate + byte derBuff[] = { }; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– byte pkcs7Buff[FOURK_BUF]; wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = data; pkcs7.contentSz = dataSz; - ... etc. + ... ãªã© ret = wc_PKCS7_EncodeData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); if ( ret != 0 ) { - // error encoding into output buffer + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PKCS7_InitWithCert */ -int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, +int wc_PKCS7_EncodeData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯PKCS7ç½²å付ãデータコンテンツタイプを構築ã—ã€PKCS7構造をPARSable PKCS7ç½²å付ãデータパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - \return Success PKCS7データをãƒãƒƒãƒ•ã‚¡ã«æ­£å¸¸ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã™ã‚‹ã¨ã€PKCS7構造内ã®ç´¢å¼•ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã«ã‚‚対応ã—ã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG PKCS7構造ãŒç½²å付ãデータパケットを生æˆã™ã‚‹ãŸã‚ã®1ã¤ä»¥ä¸Šã®è¦æ±‚è¦ç´ ãŒæ¬ è½ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return PUBLIC_KEY_E 公開éµã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーãŒç™ºç”Ÿã—ãŸå ´åˆã¯ã€å°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—éŽãŽã¾ã—㟠- \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param pkcs7 符å·åŒ–ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7ç½²å付ãデータコンテンツタイプをビルドã—ã€PKCS7構造体を解æžå¯èƒ½ãªPKCS7ç½²å付ãデータパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return Success PKCS7データをãƒãƒƒãƒ•ã‚¡ã«æ­£å¸¸ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ãŸå ´åˆã€PKCS7構造体ã§è§£æžã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¾ã§è¿”ã—ã¾ã™ã€‚ã“ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã«ã‚‚対応ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG ç½²å付ãデータパケットを生æˆã™ã‚‹ãŸã‚ã«å¿…è¦ãª1ã¤ä»¥ä¸Šã®è¦ç´ ãŒPKCS7æ§‹é€ ä½“ã«æ¬ ã‘ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 エンコードã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte data[] = {}; // initialize with data to sign - byte derBuff[] = { }; // initialize with DER-encoded certificate + byte data[] = {}; // ç½²åã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã§åˆæœŸåŒ– + byte derBuff[] = { }; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– byte pkcs7Buff[FOURK_BUF]; wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = data; pkcs7.contentSz = dataSz; pkcs7.hashOID = SHAh; pkcs7.rng = &rng; - ... etc. + ... ãªã© ret = wc_PKCS7_EncodeSignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); if ( ret != 0 ) { - // error encoding into output buffer + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } wc_PKCS7_Free(&pkcs7); \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData */ -int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeSignedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯ã€PKCS7ã®ç½²å付ãデータコンテンツタイプを構築ã—ã€PKCS7構造をエンコードã—ã€Parsable PKCS7ç½²å付ãデータパケットをå«ã‚€ãƒ˜ãƒƒãƒ€ãƒ¼ãŠã‚ˆã³ãƒ•ッターãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“れã«ã¯ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã¯å«ã¾ã‚Œã¾ã›ã‚“。ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¦ãƒ‡ãƒ¼ã‚¿ã«æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7ç½²å付ãデータコンテンツタイプをビルドã—ã€PKCS7構造体を解æžå¯èƒ½ãªPKCS7ç½²å付ãデータパケットをå«ã‚€ãƒ˜ãƒƒãƒ€ãƒ¼ã¨ãƒ•ッターãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“れã«ã¯ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã¯å«ã¾ã‚Œã¾ã›ã‚“。 + データã®ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã¦æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return 0=Success - \return BAD_FUNC_ARG PKCS7構造ãŒç½²å付ãデータパケットを生æˆã™ã‚‹ãŸã‚ã®1ã¤ä»¥ä¸Šã®è¦æ±‚è¦ç´ ãŒæ¬ è½ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return PUBLIC_KEY_E 公開éµã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーãŒç™ºç”Ÿã—ãŸå ´åˆã¯ã€å°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—éŽãŽã¾ã—㟠- \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param pkcs7 符å·åŒ–ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param hashBuf コンテンツデータã®è¨ˆç®—ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param hashSz ダイジェストã®ã‚µã‚¤ã‚º - \param outputHead エンコードã•れãŸè¨¼æ˜Žæ›¸ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outputHeadSz 出力ヘッダーãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã€å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \param outputFoot エンコードã•れãŸè¨¼æ˜Žæ›¸ãƒ•ッターをä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return BAD_FUNC_ARG ç½²å付ãデータパケットを生æˆã™ã‚‹ãŸã‚ã«å¿…è¦ãª1ã¤ä»¥ä¸Šã®è¦ç´ ãŒPKCS7æ§‹é€ ä½“ã«æ¬ ã‘ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 エンコードã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hashBuf コンテンツデータã®è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hashSz ダイジェストã®ã‚µã‚¤ã‚ºã€‚ + \param outputHead エンコードã•れãŸè¨¼æ˜Žæ›¸ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputHeadSz 出力ヘッダーãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã€å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \param outputFoot エンコードã•れãŸè¨¼æ˜Žæ›¸ãƒ•ッターを格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputFootSz 出力フッターãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã€å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte derBuff[] = { }; // initialize with DER-encoded certificate - byte data[] = {}; // initialize with data to sign + byte derBuff[] = { }; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– + byte data[] = {}; // ç½²åã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã§åˆæœŸåŒ– byte pkcs7HeadBuff[FOURK_BUF/2]; byte pkcs7FootBuff[FOURK_BUF/2]; word32 pkcs7HeadSz = (word32)sizeof(pkcs7HeadBuff); @@ -175,16 +223,16 @@ word32 hashSz = wc_HashGetDigestSize(hashType); wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = NULL; pkcs7.contentSz = dataSz; pkcs7.hashOID = SHAh; pkcs7.rng = &rng; - ... etc. + ... ãªã© - // calculate hash for content + // コンテンツã®ãƒãƒƒã‚·ãƒ¥ã‚’計算 ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); @@ -197,121 +245,132 @@ ret = wc_PKCS7_EncodeSignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, &pkcs7HeadSz, pkcs7FootBuff, &pkcs7FootSz); if ( ret != 0 ) { - // error encoding into output buffer + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } wc_PKCS7_Free(&pkcs7); \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_VerifySignedData_ex */ -int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_EncodeSignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* outputHead, word32* outputHeadSz, byte* outputFoot, word32* outputFootSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯ã€é€ä¿¡ã•れãŸPKCS7ã®ç½²å付ãデータメッセージをå–りã€è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã‚’æŠ½å‡ºã—ã¦ã‹ã‚‰ç½²åを検証ã—ã¾ã™ã€‚与ãˆã‚‰ã‚ŒãŸPKCS7æ§‹é€ ã«æŠ½å‡ºã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 メッセージã‹ã‚‰æƒ…報を抽出ã™ã‚‹ã“ã¨ã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ - \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸPKIMSGã‹ã‚‰è§£æžä¸­ã®ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸPKIMSGãŒç½²å付ãデータ型ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³1ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return PUBLIC_KEY_E 公開éµã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーãŒç™ºç”Ÿã—ãŸå ´åˆã¯ã€å°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—éŽãŽã¾ã›ã‚“ - \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param pkcs7 è§£æžã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pkiMsg ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’検証ãŠã‚ˆã³å¾©å·åŒ–ã™ã‚‹ + + \brief ã“ã®é–¢æ•°ã¯ã€é€ä¿¡ã•れãŸPKCS7ç½²å付ãデータメッセージをå—ã‘å–りã€è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã‚’æŠ½å‡ºã—ã€ç½²åを検証ã—ã¾ã™ã€‚抽出ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„を与ãˆã‚‰ã‚ŒãŸPKCS7æ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 メッセージã‹ã‚‰æƒ…å ±ã‚’æ­£å¸¸ã«æŠ½å‡ºã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸpkiMsgã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸpkiMsgãŒç½²å付ãデータタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³1ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 è§£æžã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsg 検証ãŠã‚ˆã³ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ç½²å付ãメッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgSz ç½²å付ãメッセージã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte pkcs7Buff[] = {}; // the PKCS7 signature + byte pkcs7Buff[] = {}; // PKCS7ç½²å wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = data; pkcs7.contentSz = dataSz; - ... etc. + ... ãªã© ret = wc_PKCS7_VerifySignedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); if ( ret != 0 ) { - // error encoding into output buffer + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } wc_PKCS7_Free(&pkcs7); \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData */ -int wc_PKCS7_VerifySignedData(PKCS7* pkcs7, +int wc_PKCS7_VerifySignedData(wc_PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz); - /*! \ingroup PKCS7 - \brief ã“ã®æ©Ÿèƒ½ã¯ã€é€ä¿¡ã•れãŸPKCS7ç½²å付ãデータメッセージをHASH /ヘッダー/フッターã¨ã—ã¦å–り出ã—ã¦ã‹ã‚‰ã€è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã‚’æŠ½å‡ºã—ã¦ã‹ã‚‰ã€ç½²åを検証ã—ã¾ã™ã€‚与ãˆã‚‰ã‚ŒãŸPKCS7æ§‹é€ ã«æŠ½å‡ºã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã‚’æ ¼ç´ã—ã¾ã™ã€‚ - \return 0 メッセージã‹ã‚‰æƒ…報を抽出ã™ã‚‹ã“ã¨ã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ - \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸPKIMSGã‹ã‚‰è§£æžä¸­ã®ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸPKIMSGãŒç½²å付ãデータ型ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³1ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return PUBLIC_KEY_E 公開éµã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーãŒç™ºç”Ÿã—ãŸå ´åˆã¯ã€å°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—éŽãŽã¾ã›ã‚“ - \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MP_INIT_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ç½²åを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param pkcs7 è§£æžã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param hashBuf コンテンツデータã®è¨ˆç®—ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param hashSz ダイジェストã®ã‚µã‚¤ã‚º - \param pkiMsgHead ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’検証ãŠã‚ˆã³ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ - \param pkiMsgHeadSz ç½²å付ãメッセージヘッダーã®ã‚µã‚¤ã‚º - \param pkiMsgFoot ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ•ッターをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’検証ã—ã¦ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚·ãƒ¥/ヘッダー/フッターã¨ã—ã¦é€ä¿¡ã•れãŸPKCS7ç½²å付ãデータメッセージをå—ã‘å–りã€è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã‚’æŠ½å‡ºã—ã€ç½²åを検証ã—ã¾ã™ã€‚抽出ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„を与ãˆã‚‰ã‚ŒãŸPKCS7æ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return 0 メッセージã‹ã‚‰æƒ…å ±ã‚’æ­£å¸¸ã«æŠ½å‡ºã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸpkiMsgã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸpkiMsgãŒç½²å付ãデータタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³1ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PUBLIC_KEY_E 公開éµã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸãƒãƒƒãƒ•ã‚¡ãŒã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹ã®ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM ç½²åã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 è§£æžã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hashBuf コンテンツデータã®è¨ˆç®—ã•れãŸãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hashSz ダイジェストã®ã‚µã‚¤ã‚ºã€‚ + \param pkiMsgHead 検証ãŠã‚ˆã³ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ç½²å付ãメッセージヘッダーをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgHeadSz ç½²å付ãメッセージヘッダーã®ã‚µã‚¤ã‚ºã€‚ + \param pkiMsgFoot 検証ãŠã‚ˆã³ãƒ‡ã‚³ãƒ¼ãƒ‰ã™ã‚‹ç½²å付ãメッセージフッターをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgFootSz ç½²å付ãメッセージフッターã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte data[] = {}; // initialize with data to sign - byte pkcs7HeadBuff[] = {}; // initialize with PKCS7 header - byte pkcs7FootBuff[] = {}; // initialize with PKCS7 footer + byte data[] = {}; // ç½²åã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã§åˆæœŸåŒ– + byte pkcs7HeadBuff[] = {}; // PKCS7ヘッダーã§åˆæœŸåŒ– + byte pkcs7FootBuff[] = {}; // PKCS7フッターã§åˆæœŸåŒ– enum wc_HashType hashType = WC_HASH_TYPE_SHA; byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = NULL; pkcs7.contentSz = dataSz; pkcs7.rng = &rng; - ... etc. + ... ãªã© - // calculate hash for content + // コンテンツã®ãƒãƒƒã‚·ãƒ¥ã‚’計算 ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); @@ -324,105 +383,318 @@ ret = wc_PKCS7_VerifySignedData_ex(&pkcs7, hashBuf, hashSz, pkcs7HeadBuff, sizeof(pkcs7HeadBuff), pkcs7FootBuff, sizeof(pkcs7FootBuff)); if ( ret != 0 ) { - // error encoding into output buffer + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } wc_PKCS7_Free(&pkcs7); \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeSignedData_ex */ -int wc_PKCS7_VerifySignedData_ex(PKCS7* pkcs7, const byte* hashBuf, +int wc_PKCS7_VerifySignedData_ex(wc_PKCS7* pkcs7, const byte* hashBuf, word32 hashSz, byte* pkiMsgHead, word32 pkiMsgHeadSz, byte* pkiMsgFoot, word32 pkiMsgFootSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯ã€PKCS7構造を編集ã—ã€PKCS7構造を符å·åŒ–ã—ã€Parsable PKCS7エンベロープデータパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ç·¨é›†ã—ã¾ã™ã€‚ - \return Success エンベロープデータ形å¼ã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’正常ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã™ã‚‹ä¸Šã§è¿”ä¿¡ã•れã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG: 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã€ã¾ãŸã¯PKCS7構造ãŒå¿…è¦ãªè¦ç´ ã‚’欠è½ã—ã¦ã„ã‚‹å ´åˆ - \return ALGO_ID_E pkcs7構造ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„アルゴリズムタイプを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ç¾åœ¨ã€DESBã¨DES3Bã®ã¿ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ - \return BUFFER_E 与ãˆã‚‰ã‚ŒãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¦å‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã‚’ä¿å­˜ã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return RNG_FAILURE_E æš—å·åŒ–ã®ä¹±æ•°ç™ºç”Ÿå™¨ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return DRBG_FAILED æš—å·åŒ–ã«ä½¿ç”¨ã•れる乱数発生器を使用ã—ã¦æ•°å­—を生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param pkcs7 符å·åŒ–ã™ã‚‹PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief カスタムAESéµãƒ©ãƒƒãƒ—/アンラップæ“作を実行ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるコールãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚ + + \retval 0 コールãƒãƒƒã‚¯é–¢æ•°ãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \retval BAD_FUNC_ARG パラメータpkcs7ãŒNULLã§ã™ã€‚ + + \param pkcs7 PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param aesKeyWrapCb カスタムAESéµãƒ©ãƒƒãƒ—/アンラップ関数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ +*/ +int wc_PKCS7_SetAESKeyWrapUnwrapCb(wc_PKCS7* pkcs7, + CallbackAESKeyWrapUnwrap aesKeyWrapCb); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7エンベロープデータコンテンツタイプをビルドã—ã€PKCS7構造体を解æžå¯èƒ½ãªPKCS7エンベロープデータパケットをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return Success エンベロープデータ形å¼ã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’正常ã«ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã—ãŸå ´åˆã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG: 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã€ã¾ãŸã¯PKCS7構造体ã«å¿…è¦ãªè¦ç´ ãŒæ¬ ã‘ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ALGO_ID_E PKCS7構造体ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„アルゴリズムタイプを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ç¾åœ¨ã€Desbã¨DES3bã®ã¿ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ + \return BUFFER_E 指定ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå‡ºåŠ›ãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ã®ã«å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RNG_FAILURE_E æš—å·åŒ–用ã®ä¹±æ•°ç”Ÿæˆå™¨ã®åˆæœŸåŒ–エラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DRBG_FAILED æš—å·åŒ–ã«ä½¿ç”¨ã•れる乱数生æˆå™¨ã§æ•°å€¤ã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN ECCéµã‚’使用ã—ã¦ã„ã¦ã€wolfSSLãŒHAVE_X963_KDFサãƒãƒ¼ãƒˆãªã—ã§ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 エンコードã™ã‚‹PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param output エンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; int ret; - byte derBuff[] = { }; // initialize with DER-encoded certificate + byte derBuff[] = { }; // DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã§åˆæœŸåŒ– byte pkcs7Buff[FOURK_BUF]; wc_PKCS7_InitWithCert(&pkcs7, derBuff, sizeof(derBuff)); - // update message and data to encode + // エンコードã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã¨ãƒ‡ãƒ¼ã‚¿ã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; pkcs7.content = data; pkcs7.contentSz = dataSz; - ... etc. + ... ãªã© ret = wc_PKCS7_EncodeEnvelopedData(&pkcs7, pkcs7Buff, sizeof(pkcs7Buff)); - if ( ret != 0 ) { - // error encoding into output buffer + if ( ret < 0 ) { + // 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_DecodeEnvelopedData */ -int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, +int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); /*! \ingroup PKCS7 - \brief ã“ã®é–¢æ•°ã¯PKCS7エンベロープデータコンテンツタイプをアントラップã—ã¦å¾©å·åŒ–ã—ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’出力ã«ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚渡ã•れãŸPKCS7オブジェクトã®ç§˜å¯†éµã‚’使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·åŒ–ã—ã¾ã™ã€‚ - \return On メッセージã‹ã‚‰æƒ…報を抽出ã™ã‚‹ã«ã¯ã€å‡ºåŠ›ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã¯è¿”ã•れã¾ã™ - \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸPKIMSGã‹ã‚‰è§£æžä¸­ã®ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸPKIMSGãŒã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—データ型ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³0ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ - \return ALGO_ID_E pkcs7構造ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„アルゴリズムタイプを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ç¾åœ¨ã€Signature Generation for Signature Generationã®RSAKを使用ã—ã¦ã€DESBã¨DES3Bã®ã¿ãŒæš—å·åŒ–ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ - \return PKCS7_RECIP_E æä¾›ã•れãŸå—信者ã¨ä¸€è‡´ã™ã‚‹ã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—データã«å—信者ãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆ - \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーãŒåŽŸå› ã§RSAã‚·ã‚°ãƒãƒãƒ£æ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯ã€å°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã™ã‚‹ã¨å…ƒã«æˆ»ã•れã¾ã™ã€‚ - \return MP_INIT_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param pkcs7 エンベロープデータパッケージをデコードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€PKCS7構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pkiMsg エンベロープデータパッケージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pkiMsgSz 包ã¿è¾¼ã¾ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ãƒ‘ッケージã®ã‚µã‚¤ã‚º - \param output デコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7エンベロープデータコンテンツタイプをアンラップã—ã¦å¾©å·ã—ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’outputã«ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚渡ã•れãŸPKCS7オブジェクトã®ç§˜å¯†éµã‚’使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã—ã¾ã™ã€‚ + + 注æ„: EnvelopedDataãŒECCéµã¨KeyAgreementRecipientInfo構造体を使用ã—ã¦æš—å·åŒ–ã•れã¦ã„ã‚‹å ´åˆã€wolfcrypt組ã¿è¾¼ã¿ã®AESéµãƒ©ãƒƒãƒ—/アンラップ機能を有効ã«ã™ã‚‹ãŸã‚ã«HAVE_AES_KEYWRAPビルドオプションを有効ã«ã™ã‚‹ã‹ã€wc_PKCS7_SetAESKeyWrapUnwrapCb()を使用ã—ã¦ã‚«ã‚¹ã‚¿ãƒ AESéµãƒ©ãƒƒãƒ—/アンラップコールãƒãƒƒã‚¯ã‚’設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れらã®ã„ãšã‚Œã‚‚該当ã—ãªã„å ´åˆã€å¾©å·ã¯å¤±æ•—ã—ã¾ã™ã€‚ + + \return メッセージã‹ã‚‰æƒ…å ±ã‚’æ­£å¸¸ã«æŠ½å‡ºã—ãŸå ´åˆã€outputã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸpkiMsgã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸpkiMsgãŒã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—データタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³0ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ALGO_ID_E PKCS7構造体ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„アルゴリズムタイプを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ç¾åœ¨ã€æš—å·åŒ–ã«ã¯Desbã¨DES3bã®ã¿ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ãŠã‚Šã€ç½²å生æˆã«ã¯RSAkãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ + \return PKCS7_RECIP_E ã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—ãƒ‡ãƒ¼ã‚¿å†…ã«æä¾›ã•れãŸå—信者ã¨ä¸€è‡´ã™ã‚‹å—信者ãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E ãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹ã“ã¨ã«ã‚ˆã‚‹RSAç½²åæ¤œè¨¼ä¸­ã®ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_INIT_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_READ_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_CMP_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_INVMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_EXPTMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MUL_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_ADD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MULMOD_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_TO_E ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return MP_MEM ç½²åæ¤œè¨¼ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return NOT_COMPILED_IN EnvelopedDataãŒECCéµã‚’使用ã—ã¦æš—å·åŒ–ã•れã¦ã„ã¦ã€wolfSSLãŒHAVE_X963_KDFサãƒãƒ¼ãƒˆãªã—ã§ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param pkcs7 エンベロープデータパッケージをデコードã™ã‚‹ãŸã‚ã®ç§˜å¯†éµã‚’å«ã‚€PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsg エンベロープデータパッケージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgSz エンベロープデータパッケージã®ã‚µã‚¤ã‚ºã€‚ + \param output デコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + _Example_ \code PKCS7 pkcs7; - byte received[] = { }; // initialize with received enveloped message + byte received[] = { }; // å—ä¿¡ã—ãŸã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—データメッセージã§åˆæœŸåŒ– byte decoded[FOURK_BUF]; int decodedSz; - // initialize pkcs7 with certificate - // update key + // 証明書ã§pkcs7ã‚’åˆæœŸåŒ– + // éµã‚’æ›´æ–° pkcs7.privateKey = key; pkcs7.privateKeySz = keySz; - decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, received, - sizeof(received),decoded, sizeof(decoded)); - if ( decodedSz != 0 ) { - // error decoding message + decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, received, sizeof(received), + decoded, sizeof(decoded)); + if ( decodedSz < 0 ) { + // メッセージã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PKCS7_InitWithCert \sa wc_PKCS7_EncodeEnvelopedData */ -int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, - word32 pkiMsgSz, byte* output, - word32 outputSz); +int wc_PKCS7_DecodeEnvelopedData(wc_PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, word32 outputSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€KeyAgreeRecipientInfo RecipientInfoオブジェクトをå«ã‚€EnvelopedDataパッケージã‹ã‚‰KeyAgreeRecipientIdentifierオブジェクトを抽出ã—ã¾ã™ã€‚最åˆã®RecipientInfoã§è¦‹ã¤ã‹ã£ãŸæœ€åˆã®KeyAgreeRecipientIdentiferã®ã¿ãŒã‚³ãƒ”ーã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€è¤‡æ•°ã®RecipientInfoオブジェクトやKeyAgreeRecipientInfo内ã®è¤‡æ•°ã®RecipientEncryptedKeyオブジェクトをサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“。 + + \return æˆåŠŸæ™‚ã«0ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 入力メッセージã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 入力メッセージãŒã‚¨ãƒ³ãƒ™ãƒ­ãƒ¼ãƒ—データタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ã«å分ãªã‚¹ãƒšãƒ¼ã‚¹ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param[in] in EnvelopedData ContentInfoメッセージをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param[in] inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param[out] out 出力ãƒãƒƒãƒ•ァ。 + \param[in,out] outSz 入力時ã®å‡ºåŠ›ãƒãƒƒãƒ•ァサイズã€å‡ºåŠ›æ™‚ã«æ›¸ãè¾¼ã¾ã‚ŒãŸã‚µã‚¤ã‚ºã€‚ +*/ +int wc_PKCS7_GetEnvelopedDataKariRid(const byte * in, word32 inSz, + byte * out, word32 * outSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7æš—å·åŒ–データコンテンツタイプをアンラップã—ã¦å¾©å·ã—ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’outputã«ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚pkcs7->encryptionKeyã¨pkcs7->encryptionKeySzを介ã—ã¦æ¸¡ã•れãŸPKCS7ã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æš—å·åŒ–éµã‚’使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã—ã¾ã™ã€‚ + + \return メッセージã‹ã‚‰æƒ…å ±ã‚’æ­£å¸¸ã«æŠ½å‡ºã—ãŸå ´åˆã€outputã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸpkiMsgã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸpkiMsgãŒæš—å·åŒ–データタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_VERSION_E PKCS7ç½²å者情報ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³0ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E æš—å·åŒ–ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã®ã‚µã‚¤ã‚ºãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param pkcs7 æš—å·åŒ–データパッケージをデコードã™ã‚‹ãŸã‚ã®æš—å·åŒ–éµã‚’å«ã‚€PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsg æš—å·åŒ–データパッケージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgSz æš—å·åŒ–データパッケージã®ã‚µã‚¤ã‚ºã€‚ + \param output デコードã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + + _Example_ + \code + PKCS7 pkcs7; + byte received[] = { }; // å—ä¿¡ã—ãŸæš—å·åŒ–データメッセージã§åˆæœŸåŒ– + byte decoded[FOURK_BUF]; + int decodedSz; + + // 証明書ã§pkcs7ã‚’åˆæœŸåŒ– + // éµã‚’æ›´æ–° + pkcs7.encryptionKey = key; + pkcs7.encryptionKeySz = keySz; + + decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, received, + sizeof(received), decoded, sizeof(decoded)); + if ( decodedSz < 0 ) { + // メッセージã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_PKCS7_InitWithCert +*/ +int wc_PKCS7_DecodeEncryptedData(wc_PKCS7* pkcs7, byte* pkiMsg, + word32 pkiMsgSz, byte* output, word32 outputSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€PKCS7æš—å·åŒ–éµãƒ‘ッケージコンテンツタイプをアンラップã—ã¦å¾©å·ã—ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’outputã«ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ラップã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„タイプãŒEncryptedDataã®å ´åˆã€pkcs7å…¥åŠ›æ§‹é€ ä½“ã«æš—å·åŒ–éµã‚’設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼ˆpkcs7->encryptionKeyã¨pkcs7->encryptionKeySzを介ã—ã¦ï¼‰ã€‚ラップã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„タイプãŒEnvelopedDataã®å ´åˆã€pkcs7入力構造体ã«ç§˜å¯†éµã‚’設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼ˆpkcs7->privateKeyã¨pkcs7->privateKeySzを介ã—ã¦ï¼‰ã€‚ + AuthEnvelopedDataã®ãƒ©ãƒƒãƒ—ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„タイプã¯ç¾åœ¨ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã›ã‚“。 + + ã“ã®é–¢æ•°ã¯ã€ãƒ©ãƒƒãƒ—ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„タイプã«å¿œã˜ã¦ã€wc_PKCS7_DecodeEnvelopedData()ã¾ãŸã¯wc_PKCS7_DecodeEncryptedData()を自動的ã«å‘¼ã³å‡ºã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã“ã“ã«ãƒªã‚¹ãƒˆã•れã¦ã„るエラーコードã«åŠ ãˆã¦ã€ã“れらã®é–¢æ•°ã®ã„ãšã‚Œã‹ã‹ã‚‰ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã™å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return メッセージã‹ã‚‰æƒ…å ±ã‚’æ­£å¸¸ã«æŠ½å‡ºã—ãŸå ´åˆã€outputã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_PARSE_E 与ãˆã‚‰ã‚ŒãŸpkiMsgã®è§£æžã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã€ã¾ãŸã¯ãƒ©ãƒƒãƒ—ã•れãŸã‚³ãƒ³ãƒ†ãƒ³ãƒ„タイプãŒEncryptedDataã§ã€EncryptedDataã®ã‚µãƒãƒ¼ãƒˆãŒã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆï¼ˆä¾‹: NO_PKCS7_ENCRYPTED_DATAãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆï¼‰ã«è¿”ã•れã¾ã™ã€‚ + \return PKCS7_OID_E 与ãˆã‚‰ã‚ŒãŸpkiMsgãŒæš—å·åŒ–éµãƒ‘ッケージデータタイプã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param pkcs7 æš—å·åŒ–éµãƒ‘ッケージをデコードã™ã‚‹ãŸã‚ã®ç§˜å¯†éµã¾ãŸã¯æš—å·åŒ–éµã‚’å«ã‚€PKCS7構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsg æš—å·åŒ–éµãƒ‘ッケージメッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pkiMsgSz æš—å·åŒ–éµãƒ‘ッケージメッセージã®ã‚µã‚¤ã‚ºã€‚ + \param output デコードã•れãŸå‡ºåŠ›ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outputSz 出力ãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã€‚ + + _Example_ + \code + PKCS7 pkcs7; + byte received[] = { }; // å—ä¿¡ã—ãŸæš—å·åŒ–データメッセージã§åˆæœŸåŒ– + byte decoded[FOURK_BUF]; + int decodedSz; + + // 証明書ã§pkcs7ã‚’åˆæœŸåŒ– + // 予想ã•れるEnvelopedDataã®éµã‚’更新(例) + pkcs7.privateKey = key; + pkcs7.privateKeySz = keySz; + + decodedSz = wc_PKCS7_DecodeEncryptedKeyPackage(&pkcs7, received, + sizeof(received), decoded, sizeof(decoded)); + if ( decodedSz < 0 ) { + // メッセージã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ + } + \endcode + + \sa wc_PKCS7_InitWithCert +*/ +int wc_PKCS7_DecodeEncryptedKeyPackage(wc_PKCS7 * pkcs7, + byte * pkiMsg, word32 pkiMsgSz, byte * output, word32 outputSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€SymmetricKeyPackage属性ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return 0 è¦æ±‚ã•れãŸå±žæ€§ãŒæ­£å¸¸ã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ + attrã¨attrSz出力変数ã«ã¯ã€å±žæ€§ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã¾ã™ã€‚属性ã¯ã€skp入力ãƒã‚¤ãƒ³ã‚¿ã‚’介ã—ã¦æ¸¡ã•れãŸã®ã¨åŒã˜ãƒãƒƒãƒ•ァ内ã«ã‚りã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйã§ã™ã€‚ + \return ASN_PARSE_E 入力オブジェクトã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + \return BAD_INDEX_E è¦æ±‚ã•れãŸå±žæ€§ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒç„¡åйã§ã—ãŸã€‚ + + \param[in] skp SymmetricKeyPackageオブジェクトをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param[in] skpSz SymmetricKeyPackageオブジェクトã®ã‚µã‚¤ã‚ºã€‚ + \param[in] index アクセスã™ã‚‹å±žæ€§ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + \param[out] attr è¦æ±‚ã•れãŸå±žæ€§ã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param[out] attrSz è¦æ±‚ã•れãŸå±žæ€§ã‚ªãƒ–ジェクトã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 +*/ +int wc_PKCS7_DecodeSymmetricKeyPackageAttribute(const byte * skp, + word32 skpSz, size_t index, const byte ** attr, word32 * attrSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€SymmetricKeyPackageéµã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return 0 è¦æ±‚ã•れãŸéµãŒæ­£å¸¸ã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ + keyã¨keySz出力変数ã«ã¯ã€éµã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã¾ã™ã€‚éµã¯ã€skp入力ãƒã‚¤ãƒ³ã‚¿ã‚’介ã—ã¦æ¸¡ã•れãŸã®ã¨åŒã˜ãƒãƒƒãƒ•ァ内ã«ã‚りã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйã§ã™ã€‚ + \return ASN_PARSE_E 入力オブジェクトã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + \return BAD_INDEX_E è¦æ±‚ã•れãŸéµã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒç„¡åйã§ã—ãŸã€‚ + + \param[in] skp SymmetricKeyPackageオブジェクトをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param[in] skpSz SymmetricKeyPackageオブジェクトã®ã‚µã‚¤ã‚ºã€‚ + \param[in] index アクセスã™ã‚‹éµã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + \param[out] key è¦æ±‚ã•れãŸéµã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param[out] keySz è¦æ±‚ã•れãŸéµã‚ªãƒ–ジェクトã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 +*/ +int wc_PKCS7_DecodeSymmetricKeyPackageKey(const byte * skp, + word32 skpSz, size_t index, const byte ** key, word32 * keySz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€OneSymmetricKey属性ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return 0 è¦æ±‚ã•れãŸå±žæ€§ãŒæ­£å¸¸ã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ + attrã¨attrSz出力変数ã«ã¯ã€å±žæ€§ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã¾ã™ã€‚属性ã¯ã€osk入力ãƒã‚¤ãƒ³ã‚¿ã‚’介ã—ã¦æ¸¡ã•れãŸã®ã¨åŒã˜ãƒãƒƒãƒ•ァ内ã«ã‚りã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйã§ã™ã€‚ + \return ASN_PARSE_E 入力オブジェクトã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + \return BAD_INDEX_E è¦æ±‚ã•れãŸå±žæ€§ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒç„¡åйã§ã—ãŸã€‚ + + \param[in] osk OneSymmetricKeyオブジェクトをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param[in] oskSz OneSymmetricKeyオブジェクトã®ã‚µã‚¤ã‚ºã€‚ + \param[in] index アクセスã™ã‚‹å±žæ€§ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + \param[out] attr è¦æ±‚ã•れãŸå±žæ€§ã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param[out] attrSz è¦æ±‚ã•れãŸå±žæ€§ã‚ªãƒ–ジェクトã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 +*/ +int wc_PKCS7_DecodeOneSymmetricKeyAttribute(const byte * osk, + word32 oskSz, size_t index, const byte ** attr, word32 * attrSz); + +/*! + \ingroup PKCS7 + + \brief ã“ã®é–¢æ•°ã¯ã€OneSymmetricKeyéµã¸ã®ã‚¢ã‚¯ã‚»ã‚¹ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return 0 è¦æ±‚ã•れãŸéµãŒæ­£å¸¸ã«è¦‹ã¤ã‹ã‚Šã¾ã—ãŸã€‚ + keyã¨keySz出力変数ã«ã¯ã€éµã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ã‚µã‚¤ã‚ºãŒå…¥åŠ›ã•れã¾ã™ã€‚éµã¯ã€osk入力ãƒã‚¤ãƒ³ã‚¿ã‚’介ã—ã¦æ¸¡ã•れãŸã®ã¨åŒã˜ãƒãƒƒãƒ•ァ内ã«ã‚りã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力パラメータã®1ã¤ãŒç„¡åйã§ã™ã€‚ + \return ASN_PARSE_E 入力オブジェクトã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \param[in] osk OneSymmetricKeyオブジェクトをå«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param[in] oskSz OneSymmetricKeyオブジェクトã®ã‚µã‚¤ã‚ºã€‚ + \param[out] key è¦æ±‚ã•れãŸéµã‚ªãƒ–ジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param[out] keySz è¦æ±‚ã•れãŸéµã‚ªãƒ–ジェクトã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 +*/ +int wc_PKCS7_DecodeOneSymmetricKeyKey(const byte * osk, + word32 oskSz, const byte ** key, word32 * keySz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/poly1305.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,16 +1,22 @@ /*! \ingroup Poly1305 - \brief ã“ã®é–¢æ•°ã¯ã€Poly1305コンテキスト構造ã®ã‚­ãƒ¼ã‚’設定ã—ã€ãƒãƒƒã‚·ãƒ¥ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚注:セキュリティを確ä¿ã™ã‚‹ãŸã‚ã«ã€WC_POLY1305FINALã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’生æˆã—ãŸå¾Œã«æ–°ã—ã„キーを設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 キーを正常ã«è¨­å®šã—ã€Poly1305構造ã®åˆæœŸåŒ– - \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸã‚­ãƒ¼ãŒ32ãƒã‚¤ãƒˆã®é•·ã•ã§ãªã„å ´åˆã€ã¾ãŸã¯Poly1305コンテキストãŒNULLã®å ´åˆ - \param ctx åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã®Poly1305構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key ãƒãƒƒã‚·ãƒ¥ã«ä½¿ç”¨ã™ã‚‹éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Poly1305コンテキスト構造体ã®ã‚­ãƒ¼ã‚’設定ã—ã€ãƒãƒƒã‚·ãƒ¥åŒ–ã®ãŸã‚ã«åˆæœŸåŒ–ã—ã¾ã™ã€‚注æ„: wc_Poly1305Finalã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒãƒƒã‚·ãƒ¥ã‚’生æˆã—ãŸå¾Œã€ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã‚’確ä¿ã™ã‚‹ãŸã‚ã«æ–°ã—ã„キーを設定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 キーã®è¨­å®šã¨Poly1305構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 指定ã•れãŸã‚­ãƒ¼ãŒ32ãƒã‚¤ãƒˆã§ãªã„å ´åˆã€ã¾ãŸã¯Poly1305コンテキストãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \param ctx åˆæœŸåŒ–ã™ã‚‹Poly1305構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key ãƒãƒƒã‚·ãƒ¥åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param keySz ãƒãƒƒãƒ•ァ内ã®ã‚­ãƒ¼ã®ã‚µã‚¤ã‚ºã€‚32ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + _Example_ \code Poly1305 enc; - byte key[] = { initialize with 32 byte key to use for hashing }; + byte key[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; wc_Poly1305SetKey(&enc, key, sizeof(key)); \endcode + \sa wc_Poly1305Update \sa wc_Poly1305Final */ @@ -19,23 +25,29 @@ /*! \ingroup Poly1305 - \brief ã“ã®é–¢æ•°ã¯ã€Poly1305構造をæŒã¤ãƒãƒƒã‚·ãƒ¥ã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã—ã¾ã™ã€‚ - \return 0 ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ›´æ–°ã«æˆåŠŸã—ã¾ã—㟠- \return BAD_FUNC_ARG Poly1305構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ - \param ctx HASHã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã™ã‚‹ãŸã‚ã®Poly1305構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param m ãƒãƒƒã‚·ãƒ¥ã«è¿½åŠ ã™ã‚‹å¿…è¦ãŒã‚るメッセージをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€Poly1305構造体ã§ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã—ã¾ã™ã€‚ + + \return 0 ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ›´æ–°ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG Poly1305構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \param ctx ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æ›´æ–°ã™ã‚‹Poly1305構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param m ãƒãƒƒã‚·ãƒ¥ã«è¿½åŠ ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param bytes ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚º + _Example_ \code Poly1305 enc; - byte key[] = { }; // initialize with 32 byte key to use for encryption + byte key[] = { }; // æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– - byte msg[] = { }; // initialize with message to hash + byte msg[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– wc_Poly1305SetKey(&enc, key, sizeof(key)); if( wc_Poly1305Update(key, msg, sizeof(msg)) != 0 ) { - // error updating message to hash + // ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ›´æ–°ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Poly1305SetKey \sa wc_Poly1305Final */ @@ -43,25 +55,32 @@ /*! \ingroup Poly1305 - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã€çµæžœã‚’MACã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®å¾Œã€ã‚­ãƒ¼ã‚’リセットã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 最後ã®Macã®è¨ˆç®—ã«æˆåŠŸã—㟠- \return BAD_FUNC_ARG Poly1305構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ - \param ctx MACを生æˆã™ã‚‹ãŸã‚ã®Poly1305構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒãƒƒã‚·ãƒ¥ã‚’計算ã—ã€çµæžœã‚’macã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ãŸå¾Œã€ã‚­ãƒ¼ã‚’リセットã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 最終MACã®è¨ˆç®—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG Poly1305構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + + \param ctx MACを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹Poly1305構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param mac MACã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + POLY1305_DIGEST_SIZE(16ãƒã‚¤ãƒˆ)å¹…ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + _Example_ \code Poly1305 enc; - byte mac[POLY1305_DIGEST_SIZE]; // space for a 16 byte mac + byte mac[POLY1305_DIGEST_SIZE]; // 16ãƒã‚¤ãƒˆã®mac用ã®ã‚¹ãƒšãƒ¼ã‚¹ - byte key[] = { }; // initialize with 32 byte key to use for encryption + byte key[] = { }; // æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– - byte msg[] = { }; // initialize with message to hash + byte msg[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§åˆæœŸåŒ– wc_Poly1305SetKey(&enc, key, sizeof(key)); wc_Poly1305Update(key, msg, sizeof(msg)); if ( wc_Poly1305Final(&enc, mac) != 0 ) { - // error computing final MAC + // 最終MACã®è¨ˆç®—エラー } \endcode + \sa wc_Poly1305SetKey \sa wc_Poly1305Update */ @@ -69,33 +88,39 @@ /*! \ingroup Poly1305 - \brief éµãŒãƒ­ãƒ¼ãƒ‰ã•ã‚Œã€æœ€è¿‘ã®TLS AEADパディング方å¼ã‚’使用ã—ã¦MAC(タグ)を作æˆã™ã‚‹åˆæœŸåŒ–ã•れãŸPoly1305構造体をå–りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG CTXã€INPUTã€ã¾ãŸã¯TAGãŒNULLã®å ´åˆã€ã¾ãŸã¯è¿½åŠ ãŒNULLã§ã€ADDSZãŒ0より大ãã„å ´åˆã€ã¾ãŸã¯TAGSZãŒWC_POLY1305_MAC_SZよりå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx åˆæœŸåŒ–ã•れãŸPoly1305構造物 - \param additional 使用ã™ã‚‹è¿½åŠ ãƒ‡ãƒ¼ã‚¿ - \param addSz 追加ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param input ã‹ã‚‰ã‚¿ã‚°ã‚’作æˆã™ã‚‹ãŸã‚ã®å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param tag 作æˆã—ãŸã‚¿ã‚°ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー + + \brief キーãŒãƒ­ãƒ¼ãƒ‰ã•れãŸåˆæœŸåŒ–済ã¿ã®Poly1305構造体をå—ã‘å–ã‚Šã€æœ€æ–°ã®TLS AEADパディングスキームを使用ã—ã¦MAC(ã‚¿ã‚°)を作æˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG ctxã€inputã€ã¾ãŸã¯tagãŒnullã®å ´åˆã€ã¾ãŸã¯additionalãŒnullã§addSzãŒ0より大ãã„å ´åˆã€ã¾ãŸã¯tagSzãŒWC_POLY1305_MAC_SZ未満ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx 使用ã™ã‚‹åˆæœŸåŒ–済ã¿ã®Poly1305構造体 + \param additional 使用ã™ã‚‹è¿½åŠ ãƒ‡ãƒ¼ã‚¿ + \param addSz additionalãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param input タグを作æˆã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param tag 作æˆã•れãŸã‚¿ã‚°ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param tagSz 入力タグãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(å°‘ãªãã¨ã‚‚WC_POLY1305_MAC_SZ(16)ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™) + _Example_ \code Poly1305 ctx; - byte key[] = { }; // initialize with 32 byte key to use for hashing - byte additional[] = { }; // initialize with additional data - byte msg[] = { }; // initialize with message + byte key[] = { }; // ãƒãƒƒã‚·ãƒ¥åŒ–ã«ä½¿ç”¨ã™ã‚‹32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– + byte additional[] = { }; // 追加データã§åˆæœŸåŒ– + byte msg[] = { }; // メッセージã§åˆæœŸåŒ– byte tag[16]; wc_Poly1305SetKey(&ctx, key, sizeof(key)); if(wc_Poly1305_MAC(&ctx, additional, sizeof(additional), (byte*)msg, sizeof(msg), tag, sizeof(tag)) != 0) { - // Handle the error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_Poly1305SetKey \sa wc_Poly1305Update \sa wcPoly1305Final */ -int wc_Poly1305_MAC(Poly1305* ctx, byte* additional, word32 addSz, - byte* input, word32 sz, byte* tag, word32 tagSz); +int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, + const byte* input, word32 sz, byte* tag, word32 tagSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/psa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/psa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/psa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/psa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,8 +1,11 @@ /*! \ingroup PSA - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ã®PSAサãƒãƒ¼ãƒˆã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ - \param ctx PSAサãƒãƒ¼ãƒˆã‚’有効ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚‹WOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \return WOLFSSL_SUCCESS æˆåŠŸã—㟠+ \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§PSAサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¾ã™ã€‚ + + \param ctx PSAサãƒãƒ¼ãƒˆã‚’有効ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚‹WOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ + \return BAD_FUNC_ARG ctx == NULLã®å ´åˆ + _Example_ \code WOLFSSL_CTX *ctx; @@ -14,27 +17,36 @@ printf("can't enable PSA on ctx"); \endcode + \sa wolfSSL_set_psa_ctx */ int wolfSSL_CTX_psa_enable(WOLFSSL_CTX *ctx); /*! \ingroup PSA - \brief 与ãˆã‚‰ã‚ŒãŸSSLセッションã®PSAコンテキストを設定ã™ã‚‹æ©Ÿèƒ½ - \param ssl CTXãŒæœ‰åйã«ãªã‚‹WolfSSLã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ctx Struct PSA_SSL_CTXã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆSSLセッションã«å›ºæœ‰ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼‰ - \return WOLFSSL_SUCCESS æˆåŠŸã—㟠+ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLセッションã®PSAコンテキストをセットアップã—ã¾ã™ + + \param ssl ctxを有効ã«ã™ã‚‹WOLFSSLã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ctx struct psa_ssl_ctxã¸ã®ãƒã‚¤ãƒ³ã‚¿(SSLセッションã”ã¨ã«ä¸€æ„ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™) + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ + \return BAD_FUNC_ARG sslã¾ãŸã¯ctxãŒNULLã®å ´åˆ + + ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLセッションã¸ã®TLSコールãƒãƒƒã‚¯ç”¨ã®PSAコンテキストをセットアップã—ã¾ã™ã€‚セッションã®çµ‚了時ã«ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«ã‚ˆã£ã¦ä½¿ç”¨ã•れãŸãƒªã‚½ãƒ¼ã‚¹ã¯ã€wolfSSL_free_psa_ctx()を使用ã—ã¦è§£æ”¾ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code - // Create new ssl session + // æ–°ã—ã„SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä½œæˆ WOLFSSL *ssl; struct psa_ssl_ctx psa_ctx = { 0 }; ssl = wolfSSL_new(ctx); if (!ssl) return NULL; - // setup PSA context + // PSAコンテキストをセットアップ ret = wolfSSL_set_psa_ctx(ssl, ctx); \endcode + \sa wolfSSL_psa_set_private_key_id \sa wolfSSL_psa_free_psa_ctx */ @@ -42,23 +54,29 @@ /*! \ingroup PSA - \brief ã“ã®é–¢æ•°ã¯PSAコンテキストã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースを解放ã—ã¾ã™ + \brief ã“ã®é–¢æ•°ã¯ã€PSAコンテキストã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースを解放ã—ã¾ã™ + + \param ctx struct psa_ssl_ctxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \sa wolfSSL_set_psa_ctx */ void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx); /*! \ingroup PSA - \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã«ã‚ˆã£ã¦ä½¿ç”¨ã•れる秘密éµã‚’設定ã—ã¾ã™ - \param ctx 構造体PSA_SSL_CTXã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã§ä½¿ç”¨ã•れる秘密éµã‚’設定ã—ã¾ã™ + + \param ctx struct psa_ssl_ctxã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id 秘密éµã¨ã—ã¦ä½¿ç”¨ã•れるキーã®PSA ID + _Example_ \code - // Create new ssl session + // æ–°ã—ã„SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä½œæˆ WOLFSSL *ssl; struct psa_ssl_ctx psa_ctx = { 0 }; psa_key_id_t key_id; - // key provisioning already done + // ã‚­ãƒ¼ãƒ—ãƒ­ãƒ“ã‚¸ãƒ§ãƒ‹ãƒ³ã‚°ã¯æ—¢ã«å®Œäº† get_private_key_id(&key_id); ssl = wolfSSL_new(ctx); @@ -68,6 +86,7 @@ wolfSSL_psa_set_private_key_id(&psa_ctx, key_id); wolfSSL_set_psa_ctx(ssl, ctx); \endcode + \sa wolfSSL_set_psa_ctx */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pwdbased.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pwdbased.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pwdbased.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/pwdbased.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,110 +1,128 @@ /*! \ingroup Password - \brief ã“ã®æ©Ÿèƒ½ã¯ãƒ‘スワードベースã®éµå°Žå‡ºæ©Ÿèƒ½1(PBKDF1)を実装ã—ã€å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’é€£çµã‚½ãƒ«ãƒˆã¨å…±ã«ã‚ˆã‚Šå®‰å…¨ãªéµã«å¤‰æ›ã—ã€å‡ºåŠ›ã«è¨˜æ†¶ã™ã‚‹ã€‚ã“れã«ã‚ˆã‚Šã€HASH関数ã¨ã—ã¦SHAã¨MD5ã‚’é¸æŠžã§ãã¾ã™ã€‚ - \return 0 入力パスワードã‹ã‚‰ã‚­ãƒ¼ã®æ´¾ç”Ÿã«æ­£å¸¸ã«æˆ»ã•れ㟠- \return BAD_FUNC_ARG 与ãˆã‚‰ã‚ŒãŸç„¡åйãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒã‚ã‚‹å ´åˆï¼ˆæœ‰åйãªã‚¿ã‚¤ãƒ—ã¯ï¼šMD5ã¨SHA)ã€å復ã¯1未満ã€ã¾ãŸã¯è¦æ±‚ã•れãŸã‚­ãƒ¼ã®é•·ã•(Klenï¼‰ã¯æä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥é•·ã‚ˆã‚Šã‚‚大ãã„ã§ã™ã€‚ - \return MEMORY_E SHAã¾ãŸã¯MD5オブジェクトã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \param output 生æˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚å°‘ãªãã¨ã‚‚klen longã«ãªã‚‹ã¹ãã§ã™ - \param passwd ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pLen ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• - \param salt éµç”±æ¥ã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ - \param sLen ソルトã®é•·ã• - \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹ãŸã‚ã®å›žæ•° - \param kLen 派生キーã®å¸Œæœ›ã®é•·ã•ã€‚é¸æŠžã—ãŸãƒãƒƒã‚·ãƒ¥ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã‚ˆã‚Šé•·ãã—ã¦ã¯ã„ã‘ã¾ã›ã‚“ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘スワードベースéµå°Žå‡ºé–¢æ•°1(PBKDF1)を実装ã—ã€é€£çµã•れãŸã‚½ãƒ«ãƒˆã‚’æŒã¤å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’ã‚ˆã‚Šå®‰å…¨ãªéµã«å¤‰æ›ã—ã€ãれをoutputã«æ ¼ç´ã—ã¾ã™ã€‚ユーザーã¯ãƒãƒƒã‚·ãƒ¥é–¢æ•°ã¨ã—ã¦SHAã¨MD5ã®ã„ãšã‚Œã‹ã‚’é¸æŠžã§ãã¾ã™ã€‚ + + \return 0 入力パスワードã‹ã‚‰éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆ(有効ãªã‚¿ã‚¤ãƒ—ã¯MD5ã¨SHA)ã€iterationsãŒ1未満ã®å ´åˆã€ã¾ãŸã¯è¦æ±‚ã•れãŸéµã®é•·ã•(kLen)ãŒæä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥é•·ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E SHAã¾ãŸã¯MD5オブジェクトã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param output 生æˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚å°‘ãªãã¨ã‚‚kLenã®é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param passwd éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pLen éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• + \param salt éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sLen ソルトã®é•·ã• + \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹å›žæ•° + \param kLen 導出ã•れるéµã®å¸Œæœ›ã®é•·ã•ã€‚é¸æŠžã•れãŸãƒãƒƒã‚·ãƒ¥ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚µã‚¤ã‚ºã‚ˆã‚Šé•·ãã—ãªã„ã§ãã ã•ã„ + \param hashType 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚有効ãªé¸æŠžè‚¢ã¯WC_MD5ã¨WC_SHAã§ã™ + _Example_ \code int ret; - byte key[MD5_DIGEST_SIZE]; - byte pass[] = { }; // initialize with password - byte salt[] = { }; // initialize with salt + byte key[WC_MD5_DIGEST_SIZE]; + byte pass[] = { }; // パスワードã§åˆæœŸåŒ– + byte salt[] = { }; // ソルトã§åˆæœŸåŒ– ret = wc_PBKDF1(key, pass, sizeof(pass), salt, sizeof(salt), 1000, - sizeof(key), MD5); + sizeof(key), WC_MD5); if ( ret != 0 ) { - // error deriving key from password + // パスワードã‹ã‚‰ã®éµå°Žå‡ºã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PBKDF2 \sa wc_PKCS12_PBKDF */ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, - int typeH); + int hashType); /*! \ingroup Password - \brief ã“ã®æ©Ÿèƒ½ã¯ãƒ‘スワードベースã®ã‚­ãƒ¼å°Žå‡ºæ©Ÿèƒ½2(PBKDF2)を実装ã—ã€å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’é€£çµã•れãŸã‚½ãƒ«ãƒˆã¨ã¨ã‚‚ã«ã‚ˆã‚Šå®‰å…¨ãªã‚­ãƒ¼ã«å¤‰æ›ã—ã€å‡ºåŠ›ã«è¨˜æ†¶ã•れã¦ã„ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€MD5ã€SHAã€SHA256ã€SHA384ã€SHA512ã€ãŠã‚ˆã³BLAKE2Bãªã©ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹HMACãƒãƒƒã‚·ãƒ¥é–¢æ•°ã®ã„ãšã‚Œã‹ã‚’é¸æŠžã§ãã¾ã™ã€‚ - \return 0 入力パスワードã‹ã‚‰ã‚­ãƒ¼ã®æ´¾ç”Ÿã«æ­£å¸¸ã«æˆ»ã•れ㟠- \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒã‚ã‚‹å ´åˆã€ã¾ãŸã¯å復ãŒ1未満ã®å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E HMACオブジェクトã«å‰²ã‚ŠæŒ¯ã‚Šãƒ¡ãƒ¢ãƒªãŒã‚ã‚‹å ´åˆ - \param output 生æˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚klen longã«ã™ã‚‹ã¹ãã§ã™ - \param passwd ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pLen ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• - \param salt éµç”±æ¥ã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ - \param sLen ソルトã®é•·ã• - \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹ãŸã‚ã®å›žæ•° - \param kLen 派生éµã®æœ›ã¾ã—ã„é•·ã• + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‘スワードベースéµå°Žå‡ºé–¢æ•°2(PBKDF2)を実装ã—ã€é€£çµã•れãŸã‚½ãƒ«ãƒˆã‚’æŒã¤å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’ã‚ˆã‚Šå®‰å…¨ãªéµã«å¤‰æ›ã—ã€ãれをoutputã«æ ¼ç´ã—ã¾ã™ã€‚ユーザーã¯ã€WC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512ã‚’å«ã‚€ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹HMACãƒãƒƒã‚·ãƒ¥é–¢æ•°ã®ã„ãšã‚Œã‹ã‚’é¸æŠžã§ãã¾ã™ã€‚ + + \return 0 入力パスワードã‹ã‚‰éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã€ã¾ãŸã¯iterationsãŒ1未満ã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E HMACオブジェクトã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param output 生æˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚kLenã®é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param passwd éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param pLen éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• + \param salt éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sLen ソルトã®é•·ã• + \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹å›žæ•° + \param kLen 導出ã•れるéµã®å¸Œæœ›ã®é•·ã• + \param hashType 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚有効ãªé¸æŠžè‚¢ã¯ã€WC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512ã§ã™ + _Example_ \code int ret; byte key[64]; - byte pass[] = { }; // initialize with password - byte salt[] = { }; // initialize with salt + byte pass[] = { }; // パスワードã§åˆæœŸåŒ– + byte salt[] = { }; // ソルトã§åˆæœŸåŒ– ret = wc_PBKDF2(key, pass, sizeof(pass), salt, sizeof(salt), 2048, sizeof(key), - SHA512); + WC_SHA512); if ( ret != 0 ) { - // error deriving key from password + // パスワードã‹ã‚‰ã®éµå°Žå‡ºã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PBKDF1 \sa wc_PKCS12_PBKDF */ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, - int typeH); + int hashType); /*! \ingroup Password - \brief ã“ã®é–¢æ•°ã¯ã€RFC 7292付録Bã«è¨˜è¼‰ã•れã¦ã„るパスワードベースã®ã‚­ãƒ¼å°Žå‡ºæ©Ÿèƒ½ï¼ˆPBKDF)を実装ã—ã¦ã„ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’é€£çµã‚½ãƒ«ãƒˆã§ã‚ˆã‚Šå®‰å…¨ãªã‚­ãƒ¼ã«å¤‰æ›ã—ã¾ã™ã€‚ãれã¯ã€MD5ã€SHAã€SHA256ã€SHA384ã€SHA512ã€ãŠã‚ˆã³BLAKE2Bã‚’å«ã‚€ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹HMACãƒãƒƒã‚·ãƒ¥é–¢æ•°ã®ã„ãšã‚Œã‹ã‚’é¸æŠžã§ãã¾ã™ã€‚ - \return 0 入力パスワードã‹ã‚‰ã‚­ãƒ¼ã®æ´¾ç”Ÿã«æ­£å¸¸ã«æˆ»ã•れ㟠- \return BAD_FUNC_ARG è¿”ã•れãŸç„¡åйãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒä¸Žãˆã‚‰ã‚ŒãŸå ´åˆã€ç¹°ã‚Šè¿”ã—ã¯1未満ã€ã¾ãŸã¯è¦æ±‚ã•れãŸã‚­ãƒ¼ã®é•·ã•(klenï¼‰ãŒæä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥é•·ã‚ˆã‚Šã‚‚大ãã„ã§ã™ã€‚ - \return MEMORY_E 割り当ã¦ãƒ¡ãƒ¢ãƒªãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ - \return MP_INIT_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_READ_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_CMP_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_INVMOD_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_EXPTMOD_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MOD_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MUL_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_ADD_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MULMOD_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_TO_E キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \return MP_MEM キー生æˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”å´ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ - \param output 生æˆã•れãŸã‚­ãƒ¼ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚klen longã«ã™ã‚‹ã¹ãã§ã™ - \param passwd ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param pLen ã‚­ãƒ¼ã®æ´¾ç”Ÿã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• - \param salt éµç”±æ¥ã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ - \param sLen ソルトã®é•·ã• - \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹ãŸã‚ã®å›žæ•° - \param kLen 派生éµã®æœ›ã¾ã—ã„é•·ã• - \param hashType 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ æœ‰åйãªé¸æŠžè‚¢ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™.MD5ã€SHAã€SHA256ã€SHA384ã€SHA512ã€ãŠã‚ˆã³BLAKE2B + + \brief ã“ã®é–¢æ•°ã¯ã€RFC 7292付録Bã«è¨˜è¿°ã•れã¦ã„るパスワードベースéµå°Žå‡ºé–¢æ•°(PBKDF)を実装ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€é€£çµã•れãŸã‚½ãƒ«ãƒˆã‚’æŒã¤å…¥åŠ›ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã‚’ã‚ˆã‚Šå®‰å…¨ãªéµã«å¤‰æ›ã—ã€ãれをoutputã«æ ¼ç´ã—ã¾ã™ã€‚ユーザーã¯ã€WC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512ã‚’å«ã‚€ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹HMACãƒãƒƒã‚·ãƒ¥é–¢æ•°ã®ã„ãšã‚Œã‹ã‚’é¸æŠžã§ãã¾ã™ã€‚ + + \return 0 入力パスワードã‹ã‚‰éµã®å°Žå‡ºã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG 無効ãªãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—ãŒæŒ‡å®šã•れãŸå ´åˆã€iterationsãŒ1未満ã®å ´åˆã€ã¾ãŸã¯è¦æ±‚ã•れãŸéµã®é•·ã•(kLen)ãŒæä¾›ã•れãŸãƒãƒƒã‚·ãƒ¥ã®ãƒãƒƒã‚·ãƒ¥é•·ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E メモリ割り当ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM éµç”Ÿæˆä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param output 生æˆã•れãŸéµã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚kLenã®é•·ã•ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + \param passwd éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param passLen éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ãƒ‘スワードã®é•·ã• + \param salt éµå°Žå‡ºã«ä½¿ç”¨ã™ã‚‹ã‚½ãƒ«ãƒˆã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param saltLen ソルトã®é•·ã• + \param iterations ãƒãƒƒã‚·ãƒ¥ã‚’処ç†ã™ã‚‹å›žæ•° + \param kLen 導出ã•れるéµã®å¸Œæœ›ã®é•·ã• + \param hashType 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚有効ãªé¸æŠžè‚¢ã¯ã€WC_MD5ã€WC_SHAã€WC_SHA256ã€WC_SHA384ã€WC_SHA512ã€WC_SHA3_224ã€WC_SHA3_256ã€WC_SHA3_384ã€ã¾ãŸã¯WC_SHA3_512ã§ã™ + \param id éµç”Ÿæˆã®ç›®çš„を示ã™ãƒã‚¤ãƒˆè­˜åˆ¥å­ã€‚éµå‡ºåŠ›ã‚’å¤šæ§˜åŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•ã‚Œã€æ¬¡ã®ã‚ˆã†ã«å‰²ã‚Šå½“ã¦ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ID=1: 疑似乱数ビットã¯ã€æš—å·åŒ–ã¾ãŸã¯å¾©å·ã‚’実行ã™ã‚‹ãŸã‚ã®éµææ–™ã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ID=2: 疑似乱数ビットã¯ã€æš—å·åŒ–ã¾ãŸã¯å¾©å·ã®ãŸã‚ã®IV(åˆæœŸå€¤)ã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ID=3: 疑似乱数ビットã¯ã€MAC処ç†ã®ãŸã‚ã®å®Œå…¨æ€§éµã¨ã—ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ + _Example_ \code int ret; byte key[64]; - byte pass[] = { }; // initialize with password - byte salt[] = { }; // initialize with salt + byte pass[] = { }; // パスワードã§åˆæœŸåŒ– + byte salt[] = { }; // ソルトã§åˆæœŸåŒ– ret = wc_PKCS12_PBKDF(key, pass, sizeof(pass), salt, sizeof(salt), 2048, sizeof(key), SHA512, 1); if ( ret != 0 ) { - // error deriving key from password + // パスワードã‹ã‚‰ã®éµå°Žå‡ºã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_PBKDF1 \sa wc_PBKDF2 */ -int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, - const byte* salt, int sLen, int iterations, - int kLen, int typeH, int purpose); +int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int iterations, + int kLen, int hashType, int id); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/quic.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/quic.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/quic.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/quic.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,603 +1,575 @@ /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆãŒç”Ÿæˆã•れãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ - QUIC プロトコル ãƒãƒ³ãƒ‰ãƒ©ã¯ãƒ‘ã‚±ãƒƒãƒˆã®æš—å·åŒ–/復å·åŒ–を実行ã™ã‚‹ãŸã‚〠- レベル Early_data/handshake/application ã®ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆãŒå¿…è¦ã§ã™ã€‚ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆãŒç”Ÿæˆã•れãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ + QUICプロトコルãƒãƒ³ãƒ‰ãƒ©ã¯ãƒ‘ã‚±ãƒƒãƒˆã®æš—å·åŒ–/復å·ã‚’実行ã™ã‚‹ãŸã‚ã€early_data/handshake/applicationレベルã®ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆãŒå¿…è¦ã§ã™ã€‚ - コールãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«æ•°å›žå‘¼ã³å‡ºã•れã¾ã™ã€‚ 両方ã®ã©ã¡ã‚‰ã‹ - ã¾ãŸã¯ã€èª­ã¿å–りシークレットã¾ãŸã¯æ›¸ãè¾¼ã¿ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®ã¿ãŒæä¾›ã•れる場åˆãŒã‚りã¾ã™ã€‚ ã“れã¯ã€ - 指定ã•ã‚ŒãŸæš—å·åŒ–レベルã¯ã™ã§ã«æœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚ + ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«æ•°å›žå‘¼ã³å‡ºã•れã¾ã™ã€‚読ã¿å–りã¾ãŸã¯æ›¸ãè¾¼ã¿ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®ä¸¡æ–¹ã€ã¾ãŸã¯ä¸€æ–¹ã®ã¿ãŒæä¾›ã•れる場åˆãŒã‚りã¾ã™ã€‚ã“れã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸæš—å·åŒ–レベルãŒã™ã§ã«æœ‰åйã«ãªã£ã¦ã„ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã‚‚ã®ã§ã¯ã‚りã¾ã›ã‚“。 - \return æˆåŠŸã™ã‚‹ã¨ 1 ã‚’è¿”ã—ã€å¤±æ•—ã™ã‚‹ã¨ 0 ã‚’è¿”ã—ã¾ã™ã€‚ + \return 1 æˆåŠŸæ™‚ã€0 失敗時。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param level - ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®æš—å·åŒ–レベル - \param read_secret - 特定ã®ãƒ¬ãƒ™ãƒ«ã§å¾©å·åŒ–ã«ä½¿ç”¨ã•れるシークレット。NULL ã®å ´åˆãŒã‚りã¾ã™ã€‚ - \param write_secret - 特定ã®ãƒ¬ãƒ™ãƒ«ã§æš—å·åŒ–ã«ä½¿ç”¨ã•れるシークレット。NULL ã®å ´åˆãŒã‚りã¾ã™ã€‚ - \param secret_len - シークレットã®é•·ã• + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param level - シークレットãŒå¯¾å¿œã™ã‚‹æš—å·åŒ–レベル。 + \param read_secret - 与ãˆã‚‰ã‚ŒãŸãƒ¬ãƒ™ãƒ«ã§ã®å¾©å·ã«ä½¿ç”¨ã•れるシークレットã€NULLã®å ´åˆãŒã‚りã¾ã™ã€‚ + \param write_secret - 与ãˆã‚‰ã‚ŒãŸãƒ¬ãƒ™ãƒ«ã§ã®æš—å·åŒ–ã«ä½¿ç”¨ã•れるシークレットã€NULLã®å ´åˆãŒã‚りã¾ã™ã€‚ + \param secret_len - シークレットã®é•·ã•。 - \sa wolfSSL_set_quic_method + \sa wolfSSL_set_quic_method */ -int (*set_encryption_secrets)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL レベル, - const uint8_t *read_secret, - const uint8_t *write_secret, size_t secret_len); +int (*set_encryption_secrets)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *read_secret, + const uint8_t *write_secret, size_t secret_len); /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ CRYPTO データをピアã«è»¢é€ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ - ã“ã®æ–¹æ³•ã§è»¢é€ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã¯æš—å·åŒ–ã•れã¾ã›ã‚“。 QUICã®ä»•事ã§ã™ - ã“れを行ã†ãŸã‚ã®ãƒ—ロトコル実装。 ã©ã®ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’使用ã™ã‚‹ã‹ - 指定ã•ã‚ŒãŸæš—å·åŒ–レベルã«ã‚ˆã£ã¦æ±ºã¾ã‚Šã¾ã™ã€‚ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯CRYPTOデータをピアã«è»¢é€ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ + ã“ã®æ–¹æ³•ã§è»¢é€ã•ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã¯æš—å·åŒ–ã•れã¦ã„ã¾ã›ã‚“。ã“れを行ã†ã®ã¯QUICプロトコル実装ã®å½¹å‰²ã§ã™ã€‚使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã¯ã€æŒ‡å®šã•ã‚ŒãŸæš—å·åŒ–レベルã«ã‚ˆã£ã¦æ±ºå®šã•れã¾ã™ã€‚ - ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã¾ãŸã¯ãƒã‚¹ãƒˆ ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«æ•°å›žå‘¼ã³å‡ºã•れる場åˆãŒã‚りã¾ã™ã€‚ - 処ç†ã€‚ データã¯å®Œå…¨ãª CRYPTO レコードをカãƒãƒ¼ã™ã‚‹å ´åˆãŒã‚りã¾ã™ãŒã€ - 部分的ã§ã‚ã‚‹ã“ã¨ã€‚ ãŸã ã—ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ä»¥å‰ã«ã™ã¹ã¦ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ データをå—ä¿¡ã—ã¦ã„ã¾ã™ã€‚ - åˆ¥ã®æš—å·åŒ–レベルを使用ã—ã¦ã„ã¾ã™ã€‚ + ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¾ãŸã¯ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å‡¦ç†ä¸­ã«æ•°å›žå‘¼ã³å‡ºã•れる場åˆãŒã‚りã¾ã™ã€‚データã¯å®Œå…¨ãªCRYPTOレコードをカãƒãƒ¼ã™ã‚‹å ´åˆã‚‚ã‚りã¾ã™ãŒã€éƒ¨åˆ†çš„ãªå ´åˆã‚‚ã‚りã¾ã™ã€‚ãŸã ã—ã€åˆ¥ã®æš—å·åŒ–レベルを使用ã™ã‚‹å‰ã«ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã™ã¹ã¦ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ã—ã¾ã™ã€‚ - \return æˆåŠŸã™ã‚‹ã¨ 1 ã‚’è¿”ã—ã€å¤±æ•—ã™ã‚‹ã¨ 0 ã‚’è¿”ã—ã¾ã™ã€‚ + \return 1 æˆåŠŸæ™‚ã€0 失敗時。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param level - ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æš—å·åŒ–レベル - \param data - データ自体 - \param len - データã®é•·ã• + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param level - ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹æš—å·åŒ–レベル。 + \param data - データ自体。 + \param len - データã®é•·ã•。 - \sa wolfSSL_set_quic_method + \sa wolfSSL_set_quic_method */ -int (*add_handshake_data)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL レベル, - const uint8_t *data, size_t len); +int (*add_handshake_data)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *data, size_t len); /*! - \ingroup QUIC + \ingroup QUIC - \brief é€ä¿¡ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚¢ãƒ‰ãƒã‚¤ã‚¶ãƒª フラッシュã®ãŸã‚ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ + \brief é€ä¿¡ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚¢ãƒ‰ãƒã‚¤ã‚¶ãƒªãƒ¼ãƒ•ラッシュã®ãŸã‚ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ - \return æˆåŠŸã™ã‚‹ã¨ 1 ã‚’è¿”ã—ã€å¤±æ•—ã™ã‚‹ã¨ 0 ã‚’è¿”ã—ã¾ã™ã€‚ + \return 1 æˆåŠŸæ™‚ã€0 失敗時。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_set_quic_method + \sa wolfSSL_set_quic_method */ int (*flush_flight)(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief 処ç†ä¸­ã« SSL アラートãŒç™ºç”Ÿã—ãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ + \brief 処ç†ä¸­ã«SSLアラートãŒç™ºç”Ÿã—ãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚ - \return æˆåŠŸã™ã‚‹ã¨ 1 ã‚’è¿”ã—ã€å¤±æ•—ã™ã‚‹ã¨ 0 ã‚’è¿”ã—ã¾ã™ã€‚ + \return 1 æˆåŠŸæ™‚ã€0 失敗時。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param level - アラートãŒç™ºç”Ÿã—ãŸã¨ãã«æœ‰åйã ã£ãŸæš—å·åŒ–レベル - \param alert - エラー + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param level - アラートãŒç™ºç”Ÿã—ãŸã¨ãã«æœ‰åйã ã£ãŸæš—å·åŒ–レベル。 + \param alert - エラー。 - \sa wolfSSL_set_quic_method + \sa wolfSSL_set_quic_method */ -int (*send_alert)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL レベル, uint8_t アラート); +int (*send_alert)(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t alert); /*! - \ingroup QUIC + \ingroup QUIC - \brief WOLFSSL_CTX ãŠã‚ˆã³æ´¾ç”Ÿã—ãŸã™ã¹ã¦ã® WOLFSSL インスタンスã«å¯¾ã—㦠QUIC プロトコルを有効ã«ã—ã¾ã™ - å¿…è¦ãª 4 ã¤ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã—ã¾ã™ã€‚ CTX 㯠TLSv1.3 ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \brief å¿…è¦ãª4ã¤ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šã€WOLFSSL_CTXãŠã‚ˆã³ã™ã¹ã¦ã®æ´¾ç”ŸWOLFSSLインスタンスã«å¯¾ã—ã¦QUICプロトコルを有効化ã—ã¾ã™ã€‚CTXã¯TLSv1.3ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - 渡ã•れ㟠quic_method ã«ã¯ã€SSL インスタンスよりも長ã„寿命ãŒå¿…è¦ã§ã™ã€‚ - コピーã•れã¾ã›ã‚“。 ã™ã¹ã¦ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + 渡ã•れãŸquic_methodã¯ã€SSLインスタンスよりも長ã„寿命をæŒã¤å¿…è¦ãŒã‚りã¾ã™ã€‚コピーã•れã¾ã›ã‚“。ã™ã¹ã¦ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ctx - wolfSSL_CTX_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL_CTX 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ã€‚ - \param quic_method - コールãƒãƒƒã‚¯æ§‹é€  + \param ctx - wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param quic_method - コールãƒãƒƒã‚¯æ§‹é€ ä½“。 - \sa wolfSSL_is_quic - \sa wolfSSL_set_quic_method + \sa wolfSSL_is_quic + \sa wolfSSL_set_quic_method */ int wolfSSL_CTX_set_quic_method(WOLFSSL_CTX *ctx, const WOLFSSL_QUIC_METHOD *quic_method); /*! - \ingroup QUIC + \ingroup QUIC - \brief ã‚’æä¾›ã—ã¦ã€WOLFSSL インスタンス㮠QUIC プロトコルを有効ã«ã—ã¾ã™ã€‚ - 4 ã¤ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãŒå¿…è¦ã§ã™ã€‚ WOLFSSL 㯠TLSv1.3 ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \brief å¿…è¦ãª4ã¤ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šã€WOLFSSLインスタンスã«å¯¾ã—ã¦QUICプロトコルを有効化ã—ã¾ã™ã€‚WOLFSSLã¯TLSv1.3ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - 渡ã•れ㟠quic_method ã«ã¯ã€SSL インスタンスよりも長ã„寿命ãŒå¿…è¦ã§ã™ã€‚ - コピーã•れã¾ã›ã‚“。 ã™ã¹ã¦ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + 渡ã•れãŸquic_methodã¯ã€SSLインスタンスよりも長ã„寿命をæŒã¤å¿…è¦ãŒã‚りã¾ã™ã€‚コピーã•れã¾ã›ã‚“。ã™ã¹ã¦ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param quic_method - コールãƒãƒƒã‚¯æ§‹é€  + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param quic_method - コールãƒãƒƒã‚¯æ§‹é€ ä½“。 - \sa wolfSSL_is_quic - \sa wolfSSL_CTX_set_quic_method + \sa wolfSSL_is_quic + \sa wolfSSL_CTX_set_quic_method */ int wolfSSL_set_quic_method(WOLFSSL *ssl, const WOLFSSL_QUIC_METHOD *quic_method); /*! - \ingroup QUIC + \ingroup QUIC - \brief QUIC ㌠WOLFSSL インスタンスã§ã‚¢ã‚¯ãƒ†ã‚£ãƒ–化ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ + \brief WOLFSSLインスタンスã§QUICãŒæœ‰åŠ¹åŒ–ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return WOLFSSL ㌠QUIC を使用ã—ã¦ã„ã‚‹å ´åˆã¯ 1 ã‚’è¿”ã—ã¾ã™ã€‚ + \return 1 WOLFSSLãŒQUICを使用ã—ã¦ã„ã‚‹å ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_CTX_quic_method - \sa wolfSSL_CTX_set_quic_method + \sa wolfSSL_CTX_quic_method + \sa wolfSSL_CTX_set_quic_method */ int wolfSSL_is_quic(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief ç¾åœ¨ä½¿ç”¨ä¸­ã®èª­ã¿å–ã‚Šã®æš—å·åŒ–レベルを決定ã—ã¾ã™ã€‚ å ´åˆã«ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ - WOLFSSL インスタンス㯠QUIC を使用ã—ã¦ã„ã¾ã™ã€‚ + \brief ç¾åœ¨ä½¿ç”¨ä¸­ã®èª­ã¿å–ã‚Šç”¨ã®æš—å·åŒ–レベルを決定ã—ã¾ã™ã€‚WOLFSSLインスタンスãŒQUICを使用ã—ã¦ã„ã‚‹å ´åˆã«ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ - 有効レベルã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã™ã¨ãã¯å¸¸ã«ãƒ‘ラメーターã§ã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 - 剿–¹ã¸ã€‚ ピアã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã“れを介ã—ã¦å ±å‘Šã•れる以外ã®ãƒ¬ãƒ™ãƒ«ã§åˆ°ç€ã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ - 関数。 + 有効ãªãƒ¬ãƒ™ãƒ«ã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’やりå–りã™ã‚‹éš›ã«å¸¸ã«ãƒ‘ラメータã§ã™ã€‚ピアã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã“ã®é–¢æ•°ã§å ±å‘Šã•れるレベル以外ã®ãƒ¬ãƒ™ãƒ«ã§åˆ°ç€ã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return æš—å·åŒ–レベル。 + \return æš—å·åŒ–レベル。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_quic_write_level + \sa wolfSSL_quic_write_level */ WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_read_level(const WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief ç¾åœ¨ä½¿ç”¨ä¸­ã®æ›¸ãè¾¼ã¿ã®æš—å·åŒ–レベルを決定ã—ã¾ã™ã€‚ å ´åˆã«ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ - WOLFSSL インスタンス㯠QUIC を使用ã—ã¦ã„ã¾ã™ã€‚ + \brief ç¾åœ¨ä½¿ç”¨ä¸­ã®æ›¸ãè¾¼ã¿ç”¨ã®æš—å·åŒ–レベルを決定ã—ã¾ã™ã€‚WOLFSSLインスタンスãŒQUICを使用ã—ã¦ã„ã‚‹å ´åˆã«ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ - 有効レベルã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã™ã¨ãã¯å¸¸ã«ãƒ‘ラメーターã§ã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 - 剿–¹ã¸ã€‚ ピアã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã“れを介ã—ã¦å ±å‘Šã•れる以外ã®ãƒ¬ãƒ™ãƒ«ã§åˆ°ç€ã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ - 関数。 + 有効ãªãƒ¬ãƒ™ãƒ«ã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’やりå–りã™ã‚‹éš›ã«å¸¸ã«ãƒ‘ラメータã§ã™ã€‚ピアã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã“ã®é–¢æ•°ã§å ±å‘Šã•れるレベル以外ã®ãƒ¬ãƒ™ãƒ«ã§åˆ°ç€ã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return æš—å·åŒ–レベル。 + \return æš—å·åŒ–レベル。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_quic_read_level + \sa wolfSSL_quic_read_level */ WOLFSSL_ENCRYPTION_LEVEL wolfSSL_quic_write_level(const WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief ã©ã® QUIC ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã™ã‚‹ã‹ã‚’設定ã—ã¾ã™ã€‚ ã“れを呼ã°ãšã«ã€ - WOLFSSL ã¯ä¸¡æ–¹ (draft-27 㨠v1) をサーãƒãƒ¼ã«æä¾›ã—ã¾ã™ã€‚ å—ã‘入れる - クライアントã‹ã‚‰ã®ä¸¡æ–¹ã¨ã€æœ€æ–°ã®ã‚‚ã®ã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ + \brief 使用ã™ã‚‹QUICãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ã“れを呼ã³å‡ºã•ãªã„å ´åˆã€WOLFSSLã¯ä¸¡æ–¹ï¼ˆdraft-27ã¨v1)をサーãƒãƒ¼ã«æä¾›ã—ã€ã¾ãŸã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰ä¸¡æ–¹ã‚’å—ã‘å…¥ã‚Œã¦æœ€æ–°ã®ã‚‚ã®ã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param use_legacy - ドラフト 27 を使用ã™ã‚‹å ´åˆã¯ trueã€QUICv1 ã®ã¿ã‚’使用ã™ã‚‹å ´åˆã¯ 0。 + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param use_legacy - draft-27を使用ã™ã‚‹å ´åˆã¯trueã€QUICv1ã®ã¿ã‚’使用ã™ã‚‹å ´åˆã¯0。 - \sa wolfSSL_set_quic_transport_version + \sa wolfSSL_set_quic_transport_version */ void wolfSSL_set_quic_use_legacy_codepoint(WOLFSSL *ssl, int use_legacy); /*! - \ingroup QUIC + \ingroup QUIC - \brief ã©ã® QUIC ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã™ã‚‹ã‹ã‚’設定ã—ã¾ã™ã€‚ + \brief 使用ã™ã‚‹QUICãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param version - QUIC ãƒãƒ¼ã‚¸ãƒ§ãƒ³ç”¨ã«å®šç¾©ã•れ㟠TLS 拡張。 + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param version - QUICãƒãƒ¼ã‚¸ãƒ§ãƒ³ã«å®šç¾©ã•れãŸTLS拡張。 - \sa wolfSSL_set_quic_use_legacy_codepoint + \sa wolfSSL_set_quic_use_legacy_codepoint */ -void wolfSSL_set_quic_transport_version(WOLFSSL *ssl, int ãƒãƒ¼ã‚¸ãƒ§ãƒ³); +void wolfSSL_set_quic_transport_version(WOLFSSL *ssl, int version); /*! - \ingroup QUIC + \ingroup QUIC - \brief æ§‹æˆã•れ㟠QUIC ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ + \brief 設定ã•れãŸQUICãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return æ§‹æˆã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã® TLS 拡張。 + \return 設定ã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®TLS拡張。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_set_quic_use_legacy_codepoint - \sa wolfSSL_set_quic_transport_version + \sa wolfSSL_set_quic_use_legacy_codepoint + \sa wolfSSL_set_quic_transport_version */ int wolfSSL_get_quic_transport_version(const WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief 使用ã™ã‚‹ QUIC トランスãƒãƒ¼ãƒˆ パラメータを設定ã—ã¾ã™ã€‚ + \brief 使用ã™ã‚‹QUICトランスãƒãƒ¼ãƒˆãƒ‘ラメータを設定ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param params - 使用ã™ã‚‹ãƒ‘ラメータ ãƒã‚¤ãƒˆ - ·param params_len - パラメータã®é•·ã• + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param params - 使用ã™ã‚‹ãƒ‘ラメータãƒã‚¤ãƒˆã€‚ + \param params_len - パラメータã®é•·ã•。 - \sa wolfSSL_set_quic_use_legacy_codepoint - \sa wolfSSL_set_quic_transport_version + \sa wolfSSL_set_quic_use_legacy_codepoint + \sa wolfSSL_set_quic_transport_version */ int wolfSSL_set_quic_transport_params(WOLFSSL *ssl, const uint8_t *params, size_t params_len); /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れ㟠QUIC トランスãƒãƒ¼ãƒˆ ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ ã“れã¯ä¸Žãˆã‚‹ã ã‘ã§ã™ - ãれãžã‚Œã® TLS æ‹¡å¼µæ©Ÿèƒ½ãŒæœ‰åйã«ãªã£ãŸå¾Œã«å‘¼ã³å‡ºã•れるã¨ã€æ„味ã®ã‚ã‚‹çµæžœãŒå¾—られã¾ã™ã€‚ - ピアã‹ã‚‰è¦‹ã‚‰ã‚Œã¾ã—ãŸã€‚ + \brief ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸQUICトランスãƒãƒ¼ãƒˆãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ã“れã¯ã€ãƒ”ã‚¢ã‹ã‚‰ã®è©²å½“ã™ã‚‹TLSæ‹¡å¼µãŒç¢ºèªã•れãŸå¾Œã«å‘¼ã³å‡ºã•れãŸå ´åˆã«ã®ã¿æ„味ã®ã‚ã‚‹çµæžœã‚’æä¾›ã—ã¾ã™ã€‚ - \return ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¾ãŸã¯ -1 ã‚’è¿”ã—ã¾ã™ã€‚ + \return ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¾ãŸã¯-1。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_set_quic_use_legacy_codepoint - \sa wolfSSL_set_quic_transport_version + \sa wolfSSL_set_quic_use_legacy_codepoint + \sa wolfSSL_set_quic_transport_version */ int wolfSSL_get_peer_quic_transport_version(const WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れ㟠QUIC トランスãƒãƒ¼ãƒˆ パラメータをå–å¾—ã—ã¾ã™ã€‚ ã“れã¯ä¸Žãˆã‚‹ã ã‘ã§ã™ - ãれãžã‚Œã® TLS æ‹¡å¼µæ©Ÿèƒ½ãŒæœ‰åйã«ãªã£ãŸå¾Œã«å‘¼ã³å‡ºã•れるã¨ã€æ„味ã®ã‚ã‚‹çµæžœãŒå¾—られã¾ã™ã€‚ - ピアã‹ã‚‰è¦‹ã‚‰ã‚Œã¾ã—ãŸã€‚ + \brief ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸQUICトランスãƒãƒ¼ãƒˆãƒ‘ラメータをå–å¾—ã—ã¾ã™ã€‚ã“れã¯ã€ãƒ”ã‚¢ã‹ã‚‰ã®è©²å½“ã™ã‚‹TLSæ‹¡å¼µãŒç¢ºèªã•れãŸå¾Œã«å‘¼ã³å‡ºã•れãŸå ´åˆã«ã®ã¿æ„味ã®ã‚ã‚‹çµæžœã‚’æä¾›ã—ã¾ã™ã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param out_params - ピアã«é€ä¿¡ã•れるパラメーター。利用ã§ããªã„å ´åˆã¯ NULL ã«è¨­å®šã•れã¾ã™ã€‚ - \param out_params_len - ピアã«é€ä¿¡ã•れるパラメータã®é•·ã•。利用ã§ããªã„å ´åˆã¯ 0 ã«è¨­å®š + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param out_params - ピアã«ã‚ˆã£ã¦é€ä¿¡ã•れãŸãƒ‘ラメータã€åˆ©ç”¨ã§ããªã„å ´åˆã¯NULLã«è¨­å®šã•れã¾ã™ã€‚ + \param out_params_len - ピアã«ã‚ˆã£ã¦é€ä¿¡ã•れãŸãƒ‘ラメータã®é•·ã•ã€åˆ©ç”¨ã§ããªã„å ´åˆã¯0ã«è¨­å®šã•れã¾ã™ã€‚ - \sa wolfSSL_get_peer_quic_transport_version + \sa wolfSSL_get_peer_quic_transport_version */ void wolfSSL_get_peer_quic_transport_params(const WOLFSSL *ssl, const uint8_t **out_params, size_t *out_params_len); /*! - \ingroup QUIC + \ingroup QUIC - \brief åˆæœŸãƒ‡ãƒ¼ã‚¿ã‚’有効ã«ã™ã‚‹ã‹ã©ã†ã‹ã‚’æ§‹æˆã—ã¾ã™ã€‚ サーãƒãƒ¼ãŒã‚·ã‚°ãƒŠãƒ«ã‚’é€ã‚‹ã“ã¨ã‚’目的ã¨ã—ã¦ã„ã¾ã™ - ã“れをクライアントã«ã€‚ + \brief Early DataãŒæœ‰åйã‹ã©ã†ã‹ã‚’設定ã—ã¾ã™ã€‚サーãƒãƒ¼ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã“れを通知ã™ã‚‹ã“ã¨ã‚’目的ã¨ã—ã¦ã„ã¾ã™ã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param enabled - != åˆæœŸãƒ‡ãƒ¼ã‚¿ãŒæœ‰åйãªå ´åˆã¯ 0 + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param enabled - early dataãŒæœ‰åйãªå ´åˆã¯!= 0。 */ void wolfSSL_set_quic_early_data_enabled(WOLFSSL *ssl, int enabled); /*! - \ingroup QUIC + \ingroup QUIC - \brief 「飛行中ã€ã®ãƒ‡ãƒ¼ã‚¿é‡ã«ã¤ã„ã¦ã‚¢ãƒ‰ãƒã‚¤ã‚¹ã‚’得る。 æœªæ‰¿èª - 指定ã•ã‚ŒãŸæš—å·åŒ–レベルã§ã€‚ ã“れã¯WOLFSSLインスタンスã®ãƒ‡ãƒ¼ã‚¿é‡ã§ã™ - ãƒãƒƒãƒ•ã‚¡ã™ã‚‹æº–å‚™ãŒã§ãã¦ã„ã¾ã™ã€‚ + \brief 与ãˆã‚‰ã‚ŒãŸæš—å·åŒ–レベルã§ã€Œã‚¤ãƒ³ãƒ•ライトã€ã§ã‚ã‚‹ã¹ãã€ã¤ã¾ã‚Šæœªç¢ºèªã§ã‚ã‚‹ã¹ãデータã®é‡ã«ã¤ã„ã¦ã®ã‚¢ãƒ‰ãƒã‚¤ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ã“れã¯ã€WOLFSSLインスタンスãŒãƒãƒƒãƒ•ァリングã™ã‚‹æº–å‚™ãŒã§ãã¦ã„るデータã®é‡ã§ã™ã€‚ - \return é£›è¡Œä¸­ã®æŽ¨å¥¨æœ€å¤§ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã™ + \return 推奨ã•れる最大インフライトデータ。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param level - å•ã„åˆã‚ã›ã‚‹æš—å·åŒ–レベル + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param level - å•ã„åˆã‚ã›ã‚‹æš—å·åŒ–レベル。 */ -size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL レベル); +size_t wolfSSL_quic_max_handshake_flight_len(const WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level); /*! - \ingroup QUIC + \ingroup QUIC - \brief 復å·åŒ–ã•れ㟠CRYPTO データをã€ã•らã«å‡¦ç†ã™ã‚‹ãŸã‚ã« WOLFSSL ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«æ¸¡ã—ã¾ã™ã€‚ - é€šè©±é–“ã®æš—å·åŒ–レベルã¯ã€ã™ã¹ã¦å¢—加ã™ã‚‹ã“ã¨ãŒè¨±å¯ã•れã¦ãŠã‚Šã€ - ã¾ãŸã€æš—å·åŒ–ã®å¤‰æ›´å‰ã«ãƒ‡ãƒ¼ã‚¿ãƒ¬ã‚³ãƒ¼ãƒ‰ãŒå®Œå…¨ã§ã‚ã‚‹ã“ã¨ã‚’確èªã—ã¾ã—㟠- レベルãŒå—ã‘入れられã¾ã™ã€‚ + \brief 復å·ã•れãŸCRYPTOデータをWOLFSSLã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹ã«æ¸¡ã—ã¦ã•らã«å‡¦ç†ã—ã¾ã™ã€‚ + 呼ã³å‡ºã—é–“ã®æš—å·åŒ–レベルã¯å¢—加ã™ã‚‹ã“ã¨ã®ã¿ãŒè¨±å¯ã•ã‚Œã€æš—å·åŒ–レベルã®å¤‰æ›´ãŒå—ã‘入れられるå‰ã«ãƒ‡ãƒ¼ã‚¿ãƒ¬ã‚³ãƒ¼ãƒ‰ãŒå®Œå…¨ã§ã‚ã‚‹ã“ã¨ã‚‚ãƒã‚§ãƒƒã‚¯ã•れã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param level - ãƒ‡ãƒ¼ã‚¿ãŒæš—å·åŒ–ã•れãŸãƒ¬ãƒ™ãƒ« - \param data - データ自体 - \param len - データã®é•·ã• + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param level - ãƒ‡ãƒ¼ã‚¿ãŒæš—å·åŒ–ã•れã¦ã„ãŸãƒ¬ãƒ™ãƒ«ã€‚ + \param data - データ自体。 + \param len - データã®é•·ã•。 - \sa wolfSSL_process_quic_post_handshake + \sa wolfSSL_process_quic_post_handshake + \sa wolfSSL_quic_read_write + \sa wolfSSL_accept + \sa wolfSSL_connect */ -int wolfSSL_provide_quic_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL レベル, const uint8_t *data, size_t len); +int wolfSSL_provide_quic_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *data, size_t len); /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œã«æä¾›ã•れãŸã™ã¹ã¦ã® CRYPTO レコードを処ç†ã—ã¾ã™ - 完了ã—ã¾ã—ãŸã€‚ ãれよりå‰ã«å‘¼ã³å‡ºã™ã¨å¤±æ•—ã—ã¾ã™ã€‚ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«æä¾›ã•れãŸCRYPTOレコードを処ç†ã—ã¾ã™ã€‚ãれ以å‰ã«å‘¼ã³å‡ºã•れãŸå ´åˆã¯å¤±æ•—ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_provide_quic_data - \sa wolfSSL_quic_read_write - \sa wolfSSL_accept - \sa wolfSSL_connect + \sa wolfSSL_provide_quic_data + \sa wolfSSL_quic_read_write + \sa wolfSSL_accept + \sa wolfSSL_connect */ WOLFSSL_API int wolfSSL_process_quic_post_handshake(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã¾ãŸã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œã«æä¾›ã•れãŸã™ã¹ã¦ã® CRYPTO レコードを処ç†ã—ã¾ã™ã€‚ - ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã¯é€²è¡Œã—ã€ãã†ã§ãªã„å ´åˆã¯æ¬¡ã®ã‚ˆã†ã«æ©Ÿèƒ½ã—ã¾ã™ - wolfSSL_process_quic_post_handshake()。 + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã¾ãŸã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œã«æä¾›ã•れãŸCRYPTOレコードを処ç†ã—ã¾ã™ã€‚ + ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’進行ã•ã›ã€ãã†ã§ãªã„å ´åˆã¯wolfSSL_process_quic_post_handshake()ã®ã‚ˆã†ã«å‹•作ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_provide_quic_data - \sa wolfSSL_quic_read_write - \sa wolfSSL_accept - \sa wolfSSL_connect + \sa wolfSSL_provide_quic_data + \sa wolfSSL_quic_read_write + \sa wolfSSL_accept + \sa wolfSSL_connect */ int wolfSSL_quic_read_write(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief TLS ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れ㟠AEAD æš—å·ã‚’å–å¾—ã—ã¾ã™ã€‚ + \brief TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸAEADæš—å·ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•ã‚ŒãŸæš—å·ã€ã¾ãŸã¯æ±ºå®šã•れãªã„å ´åˆã¯ NULL ã‚’è¿”ã—ã¾ã™ã€‚ + \return ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•ã‚ŒãŸæš—å·ã€ã¾ãŸã¯æ±ºå®šã•れã¦ã„ãªã„å ´åˆã¯NULL。 - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_quic_aad_is_gcm - \sa wolfSSL_quic_aad_is_ccm - \sa wolfSSL_quic_aad_is_chacha20 - \sa wolfSSL_quic_get_aad_tag_len - \sa wolfSSL_quic_get_md - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_encrypt - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_aead_is_gcm + \sa wolfSSL_quic_aead_is_ccm + \sa wolfSSL_quic_aead_is_chacha20 + \sa wolfSSL_quic_get_aead_tag_len + \sa wolfSSL_quic_get_md + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_encrypt + \sa wolfSSL_quic_aead_decrypt */ -const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_aad(WOLFSSL *ssl); +const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_aead(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief AEAD æš—å·ãŒ GCM ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ + \brief AEADæš—å·ãŒGCMã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return != 0 (AEAD æš—å·ãŒ GCM ã®å ´åˆ)。 + \return AEADæš—å·ãŒGCMã®å ´åˆã¯!= 0。 - \param cipher - æš—å· + \param cipher - æš—å·ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_aad_is_ccm - \sa wolfSSL_quic_aad_is_chacha20 - \sa wolfSSL_quic_get_aad_tag_len - \sa wolfSSL_quic_get_md - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_encrypt - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_aead_is_ccm + \sa wolfSSL_quic_aead_is_chacha20 + \sa wolfSSL_quic_get_aead_tag_len + \sa wolfSSL_quic_get_md + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_encrypt + \sa wolfSSL_quic_aead_decrypt */ int wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher); /*! - \ingroup QUIC + \ingroup QUIC - \brief AEAD æš—å·ãŒ CCM ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ + \brief AEADæš—å·ãŒCCMã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return != 0 AEAD æš—å·ãŒ CCM ã®å ´åˆã€‚ + \return AEADæš—å·ãŒCCMã®å ´åˆã¯!= 0。 - \param cipher - æš—å· + \param cipher - æš—å·ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_aad_is_gcm - \sa wolfSSL_quic_aad_is_chacha20 - \sa wolfSSL_quic_get_aad_tag_len - \sa wolfSSL_quic_get_md - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_encrypt - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_aead_is_gcm + \sa wolfSSL_quic_aead_is_chacha20 + \sa wolfSSL_quic_get_aead_tag_len + \sa wolfSSL_quic_get_md + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_encrypt + \sa wolfSSL_quic_aead_decrypt */ int wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher); /*! - \ingroup QUIC + \ingroup QUIC - \brief AEAD æš—å·ãŒ CHACHA20 ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ + \brief AEADæš—å·ãŒCHACHA20ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return != 0 ã¯ã€AEAD æš—å·ãŒ CHACHA20 ã®å ´åˆã§ã™ã€‚ + \return AEADæš—å·ãŒCHACHA20ã®å ´åˆã¯!= 0。 - \param cipher - æš—å· + \param cipher - æš—å·ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_aad_is_ccm - \sa wolfSSL_quic_aad_is_gcm - \sa wolfSSL_quic_get_aad_tag_len - \sa wolfSSL_quic_get_md - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_encrypt - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_aead_is_ccm + \sa wolfSSL_quic_aead_is_gcm + \sa wolfSSL_quic_get_aead_tag_len + \sa wolfSSL_quic_get_md + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_encrypt + \sa wolfSSL_quic_aead_decrypt */ int wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher); /*! - \ingroup QUIC + \ingroup QUIC - \brief AEAD æš—å·ã®ã‚¿ã‚°ã®é•·ã•を決定ã—ã¾ã™ã€‚ + \brief AEADæš—å·ã®ã‚¿ã‚°é•·ã‚’決定ã—ã¾ã™ã€‚ - \return AEAD æš—å·ã®ã‚¿ã‚°é•·ã€‚ + \return AEADæš—å·ã®ã‚¿ã‚°é•·ã€‚ - \param cipher - æš—å· + \param cipher - æš—å·ã€‚ - \sa wolfSSL_quic_get_aad + \sa wolfSSL_quic_get_aead */ WOLFSSL_API size_t wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER *aead_cipher); /*! - \ingroup QUIC + \ingroup QUIC - \brief TLS ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ ダイジェストを決定ã—ã¾ã™ã€‚ + \brief TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’決定ã—ã¾ã™ã€‚ - \return TLS ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ ダイジェストを返㙠+ \return TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_get_hp */ WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_quic_get_md(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief TLS ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ˜ãƒƒãƒ€ãƒ¼ä¿è­·æš—å·ã‚’決定ã—ã¾ã™ã€‚ + \brief TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ˜ãƒƒãƒ€ãƒ¼ä¿è­·æš—å·ã‚’決定ã—ã¾ã™ã€‚ - \return TLS ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ˜ãƒƒãƒ€ãƒ¼ä¿è­·æš—å·ã‚’è¿”ã—ã¾ã™ + \return TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ˜ãƒƒãƒ€ãƒ¼ä¿è­·æš—å·ã€‚ - \param ssl - wolfSSL_new() を使用ã—ã¦ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl - wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_get_md + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_get_md */ const WOLFSSL_EVP_CIPHER *wolfSSL_quic_get_hp(WOLFSSL *ssl); /*! - \ingroup QUIC + \ingroup QUIC - \brief æš—å·åŒ–/復å·åŒ–ã®ãŸã‚ã®æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’作æˆã—ã¾ã™ã€‚ + \brief æš—å·åŒ–/復å·ç”¨ã®æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’作æˆã—ã¾ã™ã€‚ - \return エラーã®å ´åˆã¯ã€ä½œæˆã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¾ãŸã¯ NULL ã‚’è¿”ã—ã¾ã™ã€‚ + \return 作æˆã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯NULL。 - \param cipher - コンテキストã§ä½¿ç”¨ã™ã‚‹æš—å·ã€‚ - \param key - コンテキストã§ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ - \param iv - コンテキストã§ä½¿ç”¨ã™ã‚‹ iv。 - \param encrypt - æš—å·åŒ–ã®å ´åˆã¯ != 0ã€ãれ以外ã®å ´åˆã¯å¾©å·åŒ– + \param cipher - コンテキストã§ä½¿ç”¨ã™ã‚‹æš—å·ã€‚ + \param key - コンテキストã§ä½¿ç”¨ã™ã‚‹éµã€‚ + \param iv - コンテキストã§ä½¿ç”¨ã™ã‚‹iv。 + \param encrypt - æš—å·åŒ–ã®å ´åˆã¯!= 0ã€ãã†ã§ãªã„å ´åˆã¯å¾©å·ã€‚ - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_aad_encrypt - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_aead_encrypt + \sa wolfSSL_quic_aead_decrypt */ WOLFSSL_EVP_CIPHER_CTX *wolfSSL_quic_crypt_new(const WOLFSSL_EVP_CIPHER *cipher, - const uint8_t *key, const uint8_t *iv, int encrypt); + const uint8_t *key, const uint8_t *iv, int encrypt); /*! - \ingroup QUIC + \ingroup QUIC - \brief 指定ã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ãƒ—レーン テキストを暗å·åŒ–ã—ã¾ã™ã€‚ + \brief 与ãˆã‚‰ã‚ŒãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§å¹³æ–‡ã‚’æš—å·åŒ–ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param dest - æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ã®æ›¸ãè¾¼ã¿å…ˆ - \param aead_ctx - 使用ã™ã‚‹æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆ - \param plain - æš—å·åŒ–ã™ã‚‹ãƒ—レーン データ - \param plainlen - プレーン データã®é•·ã• - \param iv - 使用ã™ã‚‹ iv - \param aad - 使用ã™ã‚‹è¿½åŠ  - \param aadlen - aad ã®é•·ã• + \param dest - æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’書ã込む宛先。 + \param aead_ctx - 使用ã™ã‚‹æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ + \param plain - æš—å·åŒ–ã™ã‚‹å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã€‚ + \param plainlen - 平文データã®é•·ã•。 + \param iv - 使用ã™ã‚‹iv。 + \param aad - 使用ã™ã‚‹aad。 + \param aadlen - aadã®é•·ã•。 - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_decrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_decrypt */ int wolfSSL_quic_aead_encrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *aead_ctx, - const uint8_t *plain, size_t plainlen, - const uint8_t *iv, const uint8_t *aad, size_t aadlen); + const uint8_t *plain, size_t plainlen, + const uint8_t *iv, const uint8_t *aad, size_t aadlen); /*! - \ingroup QUIC + \ingroup QUIC - \brief 指定ã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§æš—å·æ–‡ã‚’復å·åŒ–ã—ã¾ã™ã€‚ + \brief 与ãˆã‚‰ã‚ŒãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§æš—å·æ–‡ã‚’復å·ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param dest - ãƒ—ãƒ¬ãƒ¼ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®æ›¸ãè¾¼ã¿å…ˆ - \param ctx - 使用ã™ã‚‹æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆ - \param enc - 復å·åŒ–ã™ã‚‹æš—å·åŒ–データ - \param envlen - æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ã®é•·ã• - \param iv - 使用ã™ã‚‹ iv - \param aad - 使用ã™ã‚‹è¿½åŠ  - \param aadlen - aad ã®é•·ã• + \param dest - 平文を書ã込む宛先。 + \param ctx - 使用ã™ã‚‹æš—å·ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ + \param enc - 復å·ã™ã‚‹æš—å·åŒ–データ。 + \param envlen - æš—å·åŒ–データã®é•·ã•。 + \param iv - 使用ã™ã‚‹iv。 + \param aad - 使用ã™ã‚‹aad。 + \param aadlen - aadã®é•·ã•。 - \sa wolfSSL_quic_get_aad - \sa wolfSSL_quic_get_hp - \sa wolfSSL_quic_crypt_new - \sa wolfSSL_quic_aad_encrypt + \sa wolfSSL_quic_get_aead + \sa wolfSSL_quic_get_hp + \sa wolfSSL_quic_crypt_new + \sa wolfSSL_quic_aead_encrypt */ -int wolfSSL_quic_aad_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, - const uint8_t *enc, size_t enclen, - const uint8_t *iv, const uint8_t *aad, size_t aadlen); +int wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, + const uint8_t *enc, size_t enclen, + const uint8_t *iv, const uint8_t *aad, size_t aadlen); /*! - \ingroup QUIC + \ingroup QUIC - \brief 擬似乱数キーを抽出ã—ã¾ã™ã€‚ + \brief 疑似ランダムéµã‚’抽出ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param dest - ã‚­ãƒ¼ã®æ›¸ãè¾¼ã¿å…ˆ - \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ ダイジェスト - \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆ - \param secretlen - シークレットã®é•·ã• - \param salt - 使用ã™ã‚‹ã‚½ãƒ«ãƒˆ - \param saltlen - ソルトã®é•·ã• + \param dest - éµã‚’書ã込む宛先。 + \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ + \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã€‚ + \param secretlen - シークレットã®é•·ã•。 + \param salt - 使用ã™ã‚‹ã‚½ãƒ«ãƒˆã€‚ + \param saltlen - ソルトã®é•·ã•。 - \sa wolfSSL_quic_hkdf_expand - \sa wolfSSL_quic_hkdf + \sa wolfSSL_quic_hkdf_expand + \sa wolfSSL_quic_hkdf */ int wolfSSL_quic_hkdf_extract(uint8_t *dest, const WOLFSSL_EVP_MD *md, - const uint8_t *secret, size_t secretlen, - const uint8_t *salt, size_t saltlen); + const uint8_t *secret, size_t secretlen, + const uint8_t *salt, size_t saltlen); /*! - \ingroup QUIC + \ingroup QUIC - \brief 疑似ランダム キーを新ã—ã„キーã«å±•é–‹ã—ã¾ã™ã€‚ + \brief 疑似ランダムéµã‚’æ–°ã—ã„éµã«æ‹¡å¼µã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param dest - ã‚­ãƒ¼ã®æ›¸ãè¾¼ã¿å…ˆ - \param destlen - 展開ã™ã‚‹ã‚­ãƒ¼ã®é•·ã• - \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ ダイジェスト - \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆ - \param secretlen - シークレットã®é•·ã• - \param info - 使用ã™ã‚‹æƒ…å ± - \param infolen - 情報ã®é•·ã• + \param dest - éµã‚’書ã込む宛先。 + \param destlen - æ‹¡å¼µã™ã‚‹éµã®é•·ã•。 + \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ + \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã€‚ + \param secretlen - シークレットã®é•·ã•。 + \param info - 使用ã™ã‚‹æƒ…報。 + \param infolen - 情報ã®é•·ã•。 - \sa wolfSSL_quic_hkdf_extract - \sa wolfSSL_quic_hkdf + \sa wolfSSL_quic_hkdf_extract + \sa wolfSSL_quic_hkdf */ int wolfSSL_quic_hkdf_expand(uint8_t *dest, size_t destlen, - const WOLFSSL_EVP_MD *md, - const uint8_t *secret, size_t secretlen, - const uint8_t *info, size_t infolen); + const WOLFSSL_EVP_MD *md, + const uint8_t *secret, size_t secretlen, + const uint8_t *info, size_t infolen); /*! - \ingroup QUIC + \ingroup QUIC - \brief 疑似乱数キーを展開ã—ã¦æŠ½å‡ºã—ã¾ã™ã€‚ + \brief 疑似ランダムéµã‚’æ‹¡å¼µãŠã‚ˆã³æŠ½å‡ºã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ - \param dest - ã‚­ãƒ¼ã®æ›¸ãè¾¼ã¿å…ˆ - \param destlen - キーã®é•·ã• - \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ ダイジェスト - \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆ - \param secretlen - シークレットã®é•·ã• - \param salt - 使用ã™ã‚‹ã‚½ãƒ«ãƒˆ - \param saltlen - ソルトã®é•·ã• - \param info - 使用ã™ã‚‹æƒ…å ± - \param infolen - 情報ã®é•·ã• + \param dest - éµã‚’書ã込む宛先。 + \param destlen - éµã®é•·ã•。 + \param md - 使用ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€‚ + \param secret - 使用ã™ã‚‹ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã€‚ + \param secretlen - シークレットã®é•·ã•。 + \param salt - 使用ã™ã‚‹ã‚½ãƒ«ãƒˆã€‚ + \param saltlen - ソルトã®é•·ã•。 + \param info - 使用ã™ã‚‹æƒ…報。 + \param infolen - 情報ã®é•·ã•。 - \sa wolfSSL_quic_hkdf_extract - \sa wolfSSL_quic_hkdf_expand + \sa wolfSSL_quic_hkdf_extract + \sa wolfSSL_quic_hkdf_expand */ int wolfSSL_quic_hkdf(uint8_t *dest, size_t destlen, - const WOLFSSL_EVP_MD *md, - const uint8_t *secret, size_t secretlen, - const uint8_t *salt, size_t saltlen, - const uint8_t *info, size_t infolen); + const WOLFSSL_EVP_MD *md, + const uint8_t *secret, size_t secretlen, + const uint8_t *salt, size_t saltlen, + const uint8_t *info, size_t infolen); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/random.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/random.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/random.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/random.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,52 +1,69 @@ /*! \ingroup Random - \brief Init Global WhiteWood Netrandomã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG configfileãŒnullã¾ãŸã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã®ã©ã¡ã‚‰ã‹ãŒå¦å®šçš„ã§ã™ã€‚ - \return RNG_FAILURE_E RNGã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ - \param configFile 設定ファイルã¸ã®ãƒ‘ス - \param hmac_cb HMACコールãƒãƒƒã‚¯ã‚’作æˆã™ã‚‹ã«ã¯ã‚ªãƒ—ションã§ã™ã€‚ + + \brief グローãƒãƒ«Whitewood netRandomã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’åˆæœŸåŒ–ã—ã¾ã™ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG configFileãŒnullã¾ãŸã¯timeoutãŒè² ã®å€¤ã®å ´åˆã€‚ + \return RNG_FAILURE_E rngã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ + + \param configFile 設定ファイルã¸ã®ãƒ‘ス + \param hmac_cb HMACコールãƒãƒƒã‚¯ã‚’作æˆã™ã‚‹ãŸã‚ã®ã‚ªãƒ—ション。 + \param timeout タイムアウト期間。 + _Example_ \code char* config = "path/to/config/example.conf"; - int time = // Some sufficient timeout value; + int time = // å分ãªã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤; if (wc_InitNetRandom(config, NULL, time) != 0) { - // Some error occurred + // エラーãŒç™ºç”Ÿã—ã¾ã—㟠} \endcode + \sa wc_FreeNetRandom */ int wc_InitNetRandom(const char* configFile, wnr_hmac_key hmac_cb, int timeout); /*! \ingroup Random - \brief ç„¡æ–™ã®Global WhiteWood Netrandomコンテキスト。 - \return 0 æˆåŠŸ - \return BAD_MUTEX_E Wnr_Mutexã§ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ã‚’ロックã™ã‚‹ã‚¨ãƒ©ãƒ¼ + + \brief グローãƒãƒ«Whitewood netRandomコンテキストを解放ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_MUTEX_E wnr_mutexã®ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ãƒ­ãƒƒã‚¯ã‚¨ãƒ©ãƒ¼ + + \param none 戻り値ãªã—。 + _Example_ \code int ret = wc_FreeNetRandom(); if(ret != 0) { - // Handle the error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_InitNetRandom */ int wc_FreeNetRandom(void); /*! \ingroup Random - \brief RNGã®ã‚·ãƒ¼ãƒ‰ï¼ˆOSã‹ã‚‰ï¼‰ã¨ã‚­ãƒ¼æš—å·ã‚’å–å¾—ã—ã¾ã™ã€‚割り当ã¦ã‚‰ã‚ŒãŸRNG-> DRBG(決定論的ランダムビットジェãƒãƒ¬ãƒ¼ã‚¿ï¼‰ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¾ã™ï¼ˆWC_FREERNGã§å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ï¼‰ã€‚ã“れã¯ãƒ–ロッキングæ“作ã§ã™ã€‚ - \return 0 æˆåŠŸã—ã¦ã„ã¾ã™ã€‚ - \return MEMORY_E XMallocã«å¤±æ•—ã—ã¾ã—㟠- \return WINCRYPT_E WC_GENERATSEED:コンテキストã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠- \return CRYPTGEN_E WC_GENERATSEED:ランダムã«ãªã‚Šã¾ã—㟠- \return BAD_FUNC_ARG WC_RNG_GenerateBlock入力ã¯NULLã¾ãŸã¯SZãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ - \return DRBG_CONT_FIPS_E wc_rng_generateblock:hash_genã¯drbg_cont_failureã‚’è¿”ã—ã¾ã—㟠- \return RNG_FAILURE_E wc_rng_generateBlock:デフォルトエラーã§ã™ã€‚RNGã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã¯ã‚‚ã¨ã‚‚ã¨OKã§ã¯ãªãã€drbg_failedã«è¨­å®šã•れã¦ã„ã¾ã™ + + \brief rng用ã®ã‚·ãƒ¼ãƒ‰(OSã‹ã‚‰)ã¨éµæš—å·ã‚’å–å¾—ã—ã¾ã™ã€‚rng->drbg(決定論的乱数ビット生æˆå™¨)ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¾ã™(wc_FreeRngã§å‰²ã‚Šå½“ã¦è§£é™¤ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™)。ã“れã¯ãƒ–ロッキングæ“作ã§ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return MEMORY_E XMALLOCãŒå¤±æ•—ã—ã¾ã—㟠+ \return WINCRYPT_E wc_GenerateSeed: コンテキストã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠+ \return CRYPTGEN_E wc_GenerateSeed: ランダムã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠+ \return BAD_FUNC_ARG wc_RNG_GenerateBlock入力ãŒnullã¾ãŸã¯szãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ + \return DRBG_CONT_FIPS_E wc_RNG_GenerateBlock: Hash_genãŒDRBG_CONT_FAILUREã‚’è¿”ã—ã¾ã—㟠+ \return RNG_FAILURE_E wc_RNG_GenerateBlock: デフォルトエラー。rngã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãŒå…ƒã€…okã§ãªã„ã‹ã€DRBG_FAILEDã«è¨­å®šã•れã¦ã„ã¾ã™ + + \param rng シードã¨éµæš—å·ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«åˆæœŸåŒ–ã•れる乱数生æˆå™¨ + _Example_ \code RNG rng; @@ -55,33 +72,39 @@ #ifdef HAVE_CAVIUM ret = wc_InitRngCavium(&rng, CAVIUM_DEV_ID); if (ret != 0){ - printf(“RNG Nitrox init for device: %d failedâ€, CAVIUM_DEV_ID); + printf("RNG Nitrox init for device: %d failed", CAVIUM_DEV_ID); return -1; } #endif ret = wc_InitRng(&rng); if (ret != 0){ - printf(“RNG init failedâ€); + printf("RNG init failed"); return -1; } \endcode + \sa wc_InitRngCavium \sa wc_RNG_GenerateBlock \sa wc_RNG_GenerateByte \sa wc_FreeRng \sa wc_RNG_HealthTest */ -int wc_InitRng(WC_RNG*); +int wc_InitRng(WC_RNG* rng); /*! \ingroup Random - \brief 疑似ランダムデータã®SZãƒã‚¤ãƒˆã‚’出力ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦RNG(ブロッキング)ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã—㟠- \return BAD_FUNC_ARG 入力ã¯NULLã¾ãŸã¯SZãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ - \return DRBG_CONT_FIPS_E hash_genã¯drbg_cont_failureã‚’è¿”ã—ã¾ã—㟠- \return RNG_FAILURE_E デフォルトã®ã‚¨ãƒ©ãƒ¼RNGã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã¯ã‚‚ã¨ã‚‚ã¨OKã§ã¯ãªãã€drbg_failedã«è¨­å®šã•れã¦ã„ã¾ã™ - \param rng 乱数発生器ã¯WC_INITRNGã§åˆæœŸåŒ–ã•れ㟠- \param output ブロックãŒã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ã‚¡ + + \brief 疑似乱数データã®szãƒã‚¤ãƒˆã‚’outputã«ã‚³ãƒ”ーã—ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦rngã‚’å†ã‚·ãƒ¼ãƒ‰ã—ã¾ã™(ブロッキング)。 + + \return 0 æˆåŠŸæ™‚ + \return BAD_FUNC_ARG 入力ãŒnullã¾ãŸã¯szãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ + \return DRBG_CONT_FIPS_E Hash_genãŒDRBG_CONT_FAILUREã‚’è¿”ã—ã¾ã—㟠+ \return RNG_FAILURE_E デフォルトエラー。rngã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãŒå…ƒã€…okã§ãªã„ã‹ã€DRBG_FAILEDã«è¨­å®šã•れã¦ã„ã¾ã™ + + \param rng wc_InitRngã§åˆæœŸåŒ–ã•れãŸä¹±æ•°ç”Ÿæˆå™¨ + \param output ブロックãŒã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ã‚¡ + \param sz 出力ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + _Example_ \code RNG rng; @@ -90,14 +113,15 @@ int ret = wc_InitRng(&rng); if (ret != 0) { - return -1; //init of rng failed! + return -1; //rngã®åˆæœŸåŒ–失敗! } ret = wc_RNG_GenerateBlock(&rng, block, sz); if (ret != 0) { - return -1; //generating block failed! + return -1; //ブロック生æˆå¤±æ•—! } \endcode + \sa wc_InitRngCavium, wc_InitRng \sa wc_RNG_GenerateByte \sa wc_FreeRng @@ -107,21 +131,29 @@ /*! \ingroup Random - \brief æ–°ã—ã„WC_RNG構造を作æˆã—ã¾ã™ã€‚ - \return WC_RNG æˆåŠŸã®æ§‹é€  - \return NULL 誤り㫠- \param heap ヒープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param nonce nonceã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief æ–°ã—ã„WC_RNG構造体を作æˆã—ã¾ã™ã€‚ + + + \return WC_RNG æˆåŠŸæ™‚ã®æ§‹é€ ä½“ + \return NULL エラー時 + + + \param heap ヒープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param nonce nonceã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param nonceSz nonceã®é•·ã• + _Example_ \code RNG rng; - byte nonce[] = { initialize nonce }; + byte nonce[] = { nonceã‚’åˆæœŸåŒ– }; word32 nonceSz = sizeof(nonce); wc_rng_new(&nonce, nonceSz, &heap); \endcode + \sa wc_InitRng \sa wc_rng_free \sa wc_FreeRng @@ -131,12 +163,17 @@ /*! \ingroup Random - \brief wc_rng_generateBlockを呼ã³å‡ºã—ã¦ã€ç–‘似ランダムデータã®ãƒã‚¤ãƒˆã‚’bã«ã‚³ãƒ”ーã—ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦RNGãŒå†è²©ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸã—㟠- \return BAD_FUNC_ARG 入力ã¯NULLã¾ãŸã¯SZãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ - \return DRBG_CONT_FIPS_E hash_genã¯drbg_cont_failureã‚’è¿”ã—ã¾ã—㟠- \return RNG_FAILURE_E デフォルトã®ã‚¨ãƒ©ãƒ¼RNGã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã¯ã‚‚ã¨ã‚‚ã¨OKã§ã¯ãªãã€drbg_failedã«è¨­å®šã•れã¦ã„ã¾ã™ - \param rng: 乱数発生器ã¯WC_INITRNGã§åˆæœŸåŒ–ã•れ㟠+ + \brief 疑似乱数データã®1ãƒã‚¤ãƒˆã‚’bã«ã‚³ãƒ”ーã™ã‚‹ãŸã‚ã«wc_RNG_GenerateBlockを呼ã³å‡ºã—ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦rngã‚’å†ã‚·ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ + \return BAD_FUNC_ARG 入力ãŒnullã¾ãŸã¯szãŒMAX_REQUEST_LENã‚’è¶…ãˆã¦ã„ã¾ã™ + \return DRBG_CONT_FIPS_E Hash_genãŒDRBG_CONT_FAILUREã‚’è¿”ã—ã¾ã—㟠+ \return RNG_FAILURE_E デフォルトエラー。rngã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãŒå…ƒã€…okã§ãªã„ã‹ã€DRBG_FAILEDã«è¨­å®šã•れã¦ã„ã¾ã™ + + \param rng: wc_InitRngã§åˆæœŸåŒ–ã•れãŸä¹±æ•°ç”Ÿæˆå™¨ + \param b ブロックãŒã‚³ãƒ”ーã•れる1ãƒã‚¤ãƒˆã®ãƒãƒƒãƒ•ã‚¡ + _Example_ \code RNG rng; @@ -145,14 +182,15 @@ int ret = wc_InitRng(&rng); if (ret != 0) { - return -1; //init of rng failed! + return -1; //rngã®åˆæœŸåŒ–失敗! } ret = wc_RNG_GenerateByte(&rng, b); if (ret != 0) { - return -1; //generating block failed! + return -1; //ブロック生æˆå¤±æ•—! } \endcode + \sa wc_InitRngCavium \sa wc_InitRng \sa wc_RNG_GenerateBlock @@ -163,47 +201,59 @@ /*! \ingroup Random - \brief RNGãŒDRGBを安全ã«è§£æ”¾ã™ã‚‹ãŸã‚ã«å¿…è¦ãªã¨ãã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ゼロã¨Xfrees RNG-DRBG。 - \return 0 æˆåŠŸã—㟠- \return BAD_FUNC_ARG RNGã¾ãŸã¯RNG-> DRGB NULL - \return RNG_FAILURE_E DRBGã®å‰²ã‚Šå½“ã¦è§£é™¤ã«å¤±æ•—ã—ã¾ã—㟠+ + \brief drgbを安全ã«è§£æ”¾ã™ã‚‹ãŸã‚ã«ã€RNGãŒä¸è¦ã«ãªã£ãŸã¨ãã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚rng-drbgをゼロ化ã—XFREEã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ + \return BAD_FUNC_ARG rngã¾ãŸã¯rng->drgbãŒnull + \return RNG_FAILURE_E drbgã®å‰²ã‚Šå½“ã¦è§£é™¤ã«å¤±æ•—ã—ã¾ã—㟠+ + \param rng wc_InitRngã§åˆæœŸåŒ–ã•れãŸä¹±æ•°ç”Ÿæˆå™¨ + _Example_ \code RNG rng; int ret = wc_InitRng(&rng); if (ret != 0) { - return -1; //init of rng failed! + return -1; //rngã®åˆæœŸåŒ–失敗! } int ret = wc_FreeRng(&rng); if (ret != 0) { - return -1; //free of rng failed! + return -1; //rngã®è§£æ”¾å¤±æ•—! } \endcode + \sa wc_InitRngCavium \sa wc_InitRng \sa wc_RNG_GenerateBlock \sa wc_RNG_GenerateByte, \sa wc_RNG_HealthTest */ -int wc_FreeRng(WC_RNG*); +int wc_FreeRng(WC_RNG* rng); /*! \ingroup Random - \brief RNGを安全ã«è‡ªç”±ã«è§£æ”¾ã™ã‚‹ãŸã‚ã«RNGãŒä¸è¦ã«ãªã£ãŸã¨ãã«å‘¼ã³å‡ºã•れるã¹ãã§ã™ã€‚ + + \brief rngを安全ã«è§£æ”¾ã™ã‚‹ãŸã‚ã«ã€RNGãŒä¸è¦ã«ãªã£ãŸã¨ãã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + + \param rng wc_InitRngã§åˆæœŸåŒ–ã•れãŸä¹±æ•°ç”Ÿæˆå™¨ + _Example_ \code RNG rng; - byte nonce[] = { initialize nonce }; + byte nonce[] = { nonceã‚’åˆæœŸåŒ– }; word32 nonceSz = sizeof(nonce); rng = wc_rng_new(&nonce, nonceSz, &heap); - // use rng + // rngを使用 wc_rng_free(&rng); \endcode + \sa wc_InitRng \sa wc_rng_new \sa wc_FreeRng @@ -213,46 +263,50 @@ /*! \ingroup Random - \brief DRBGã®æ©Ÿèƒ½ã‚’作æˆã—テストã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã—㟠- \return BAD_FUNC_ARG ELTOPYAã¨å‡ºåŠ›ã¯NULLã«ã—ãªã„ã§ãã ã•ã„。Reseed Set EntropybãŒNULLã§ãªã‘れã°ãªã‚‰ãªã„å ´åˆ - \return -1 テスト失敗 - \param int RESEED:設定ã•れã¦ã„ã‚‹å ´åˆã¯ã€Reseed機能をテストã—ã¾ã™ - \param entropyA: DRGBをインスタンス化ã™ã‚‹ã‚¨ãƒ³ãƒˆãƒ­ãƒ”ー - \param entropyASz: ãƒã‚¤ãƒˆæ•°ã®ã‚¨ãƒ³ãƒˆãƒ­ãƒ”ヤã®ã‚µã‚¤ã‚º - \param entropyB: Reseed Setを設定ã—ãŸå ´åˆã€DRBGã¯Entropybã§ãƒªã‚µã‚¤ãƒ¼ãƒ‰ã•れã¾ã™ - \param entropyBSz: ãƒã‚¤ãƒˆå˜ä½ã®Entropybã®ã‚µã‚¤ã‚º - \param output: SEADRANDOMãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã¯ã€Entropybã«æ’­ç¨®ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãªãƒ‡ãƒ¼ã‚¿ã«åˆæœŸåŒ–ã•れã€ãれ以外ã®å ´åˆã¯Entropya + + \brief drbgã®æ©Ÿèƒ½ã‚’作æˆã—ã¦ãƒ†ã‚¹ãƒˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ + \return BAD_FUNC_ARG seedAã¨outputã¯nullã§ã‚ã£ã¦ã¯ãªã‚Šã¾ã›ã‚“。reseedãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€seedBã¯nullã§ã‚ã£ã¦ã¯ãªã‚Šã¾ã›ã‚“ + \return -1 テスト失敗 + + \param int reseed: 設定ã•れã¦ã„ã‚‹å ´åˆã€å†ã‚·ãƒ¼ãƒ‰æ©Ÿèƒ½ã‚’テストã—ã¾ã™ + \param seedA: drgbをインスタンス化ã™ã‚‹ã‚·ãƒ¼ãƒ‰ + \param seedASz: seedAã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + \param seedB: reseedãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€drbgã¯seedBã§å†ã‚·ãƒ¼ãƒ‰ã•れã¾ã™ + \param seedBSz: seedBã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + \param output: seedrandomãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã¯seedBã§ã‚·ãƒ¼ãƒ‰ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã«åˆæœŸåŒ–ã•れã€ãれ以外ã®å ´åˆã¯seedAã§ã‚·ãƒ¼ãƒ‰ã•れã¾ã™ + \param outputSz: outputã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½) + _Example_ \code byte output[SHA256_DIGEST_SIZE * 4]; - const byte test1EntropyB[] = ....; // test input for reseed false - const byte test1Output[] = ....; // testvector: expected output of - // reseed false + const byte test1EntropyB[] = ....; // reseed falseã®ãƒ†ã‚¹ãƒˆå…¥åŠ› + const byte test1Output[] = ....; // テストベクター: reseed falseã®æœŸå¾…出力 ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, output, sizeof(output)); if (ret != 0) - return -1;//healthtest without reseed failed + return -1;//å†ã‚·ãƒ¼ãƒ‰ãªã—ã®ãƒ˜ãƒ«ã‚¹ãƒ†ã‚¹ãƒˆå¤±æ•— if (XMEMCMP(test1Output, output, sizeof(output)) != 0) - return -1; //compare to testvector failed: unexpected output + return -1; //テストベクターã¨ã®æ¯”較失敗: 予期ã—ãªã„出力 - const byte test2EntropyB[] = ....; // test input for reseed - const byte test2Output[] = ....; // testvector expected output of reseed + const byte test2EntropyB[] = ....; // reseedã®ãƒ†ã‚¹ãƒˆå…¥åŠ› + const byte test2Output[] = ....; // テストベクターreseedã®æœŸå¾…出力 ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), test2EntropyB, sizeof(test2EntropyB), output, sizeof(output)); if (XMEMCMP(test2Output, output, sizeof(output)) != 0) - return -1; //compare to testvector failed + return -1; //テストベクターã¨ã®æ¯”較失敗 \endcode + \sa wc_InitRngCavium \sa wc_InitRng \sa wc_RNG_GenerateBlock \sa wc_RNG_GenerateByte \sa wc_FreeRng */ -int wc_RNG_HealthTest(int reseed, - const byte* entropyA, word32 entropyASz, - const byte* entropyB, word32 entropyBSz, - byte* output, word32 outputSz); +int wc_RNG_HealthTest(int reseed, const byte* seedA, word32 seedASz, + const byte* seedB, word32 seedBSz, + byte* output, word32 outputSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ripemd.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ripemd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ripemd.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ripemd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,32 +1,43 @@ /*! \ingroup RIPEMD - \brief ã“ã®é–¢æ•°ã¯ã€RIPemdã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€ãƒãƒƒãƒ•ã‚¡ã€LOLEN ,HILENã‚’åˆæœŸåŒ–ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦RIPemdæ§‹é€ ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚RIPEMD構造ãŒåˆæœŸåŒ–ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG RIPEMD構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ripemdã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€ãƒãƒƒãƒ•ã‚¡ã€loLenãŠã‚ˆã³hiLenã‚’åˆæœŸåŒ–ã™ã‚‹ã“ã¨ã§ã€ripemdæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚RipeMd構造体ãŒåˆæœŸåŒ–ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG RipeMd構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ripemd åˆæœŸåŒ–ã™ã‚‹ripemd構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code RipeMd md; int ret; ret = wc_InitRipeMd(&md); if (ret != 0) { - // Failure case. + // 失敗ケース } \endcode + \sa wc_RipeMdUpdate \sa wc_RipeMdFinal */ -int wc_InitRipeMd(RipeMd*); +int wc_InitRipeMd(RipeMd* ripemd); /*! \ingroup RIPEMD - \brief ã“ã®é–¢æ•°ã¯ãƒ‡ãƒ¼ã‚¿å…¥åŠ›ã®RIPemdダイジェストを生æˆã—ã€çµæžœã‚’RIPemd-> Digestãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚WC_RIPEMDUPDATEを実行ã—ãŸå¾Œã€ç”Ÿæˆã•れãŸRIPemd-> Digestを既知ã®èªè¨¼ã‚¿ã‚°ã«æ¯”較ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ä¿¡é ¼æ€§ã‚’比較ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG RIPEMD構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯ãƒ‡ãƒ¼ã‚¿ãŒNULLã§ã€LENãŒã‚¼ãƒ­ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚データãŒNULLã§ã‚りã€LENãŒ0ã®å ´åˆã€ã“ã®é–¢æ•°ã¯å®Ÿè¡Œã•れるã¯ãšã§ã™ã€‚ - \param ripemd: WC_INTRIPEMDã§åˆæœŸåŒ–ã•れるRIPEMD構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã®RipeMdダイジェストを生æˆã—ã€çµæžœã‚’ripemd->digestãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚wc_RipeMdUpdateを実行ã—ãŸå¾Œã€ç”Ÿæˆã•れãŸripemd->digestを既知ã®èªè¨¼ã‚¿ã‚°ã¨æ¯”較ã—ã¦ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®çœŸæ­£æ€§ã‚’検証ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG RipeMd構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯dataãŒNULLã§lenãŒã‚¼ãƒ­ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€dataãŒNULLã§lenãŒ0ã®å ´åˆã¯å®Ÿè¡Œã•れるã¹ãã§ã™ã€‚ + + \param ripemd wc_InitRipeMdã§åˆæœŸåŒ–ã•れるripemd構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len データã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + _Example_ \code - const byte* data; // The data to be hashed + const byte* data; // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ .... RipeMd md; int ret; @@ -34,8 +45,9 @@ if (ret == 0) { ret = wc_RipeMdUpdate(&md, plain, sizeof(plain)); if (ret != 0) { - // Failure case … + // 失敗ケース … \endcode + \sa wc_InitRipeMd \sa wc_RipeMdFinal */ @@ -43,28 +55,34 @@ /*! \ingroup RIPEMD - \brief ã“ã®é–¢æ•°ã¯è¨ˆç®—ã•れãŸãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’ãƒãƒƒã‚·ãƒ¥ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ç„¡å‚·ã®ãƒ–ロックãŒã‚ã‚‹å ´åˆã€ã“ã®æ–¹æ³•ã§ã¯ãƒ–ロックを0Sã§ãƒ‘ッケージã—ã€ãƒãƒƒã‚·ãƒ¥ã«ã‚³ãƒ”ーã™ã‚‹å‰ã«ãã®ãƒ–ロックã®ãƒ©ã‚¦ãƒ³ãƒ‰ã‚’ダイジェストã«å«ã‚ã¾ã™ã€‚RIPEMDã®çŠ¶æ…‹ãŒãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ - \return 0 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚RIPEMD構造ã®çŠ¶æ…‹ãŒãƒªã‚»ãƒƒãƒˆã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG RIPEMD構造体ã¾ãŸã¯ãƒãƒƒã‚·ãƒ¥ãƒ‘ラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ripemd WC_INITRIPEMDã§åˆæœŸåŒ–ã™ã‚‹RIPEMD構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€ãŠã‚ˆã³WC_RIPEMDUPDATEã‹ã‚‰ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ã€‚状態ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨ˆç®—ã•れãŸãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’hashã«ã‚³ãƒ”ーã—ã¾ã™ã€‚部分的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã•れã¦ã„ãªã„ブロックãŒã‚ã‚‹å ´åˆã€ã“ã®ãƒ¡ã‚½ãƒƒãƒ‰ã¯ãƒ–ロックを0ã§ãƒ‘ディングã—ã€hashã«ã‚³ãƒ”ーã™ã‚‹å‰ã«ãã®ãƒ–ロックã®ãƒ©ã‚¦ãƒ³ãƒ‰ã‚’ダイジェストã«å«ã‚ã¾ã™ã€‚ripemdã®çŠ¶æ…‹ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ + + \return 0 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚RipeMd構造体ã®çŠ¶æ…‹ãŒãƒªã‚»ãƒƒãƒˆã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG RipeMd構造体ã¾ãŸã¯hashパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ripemd wc_InitRipeMdã§åˆæœŸåŒ–ã•れã€wc_RipeMdUpdateã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚’å«ã‚€ripemd構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚状態ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ + \param hash ダイジェストをコピーã™ã‚‹ãƒãƒƒãƒ•ァ。RIPEMD_DIGEST_SIZEãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ + _Example_ \code RipeMd md; int ret; byte digest[RIPEMD_DIGEST_SIZE]; - const byte* data; // The data to be hashed + const byte* data; // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ ... ret = wc_InitRipeMd(&md); if (ret == 0) { ret = wc_RipeMdUpdate(&md, plain, sizeof(plain)); if (ret != 0) { - // RipeMd Update Failure Case. + // RipeMd更新失敗ケース } ret = wc_RipeMdFinal(&md, digest); if (ret != 0) { - // RipeMd Final Failure Case. + // RipeMd Final失敗ケース }... \endcode + \sa none */ int wc_RipeMdFinal(RipeMd* ripemd, byte* hash); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,18 +1,26 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã¾ãŸã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ãƒ¡ãƒ¢ãƒªã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ’ープ識別å­ã‚‚å–りã¾ã™ï¼ˆXMALLOCã€XFREEã€XREALLOCã‚’å‚照)。wc_rsa_blindingãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return 0 æš—å·åŒ–ã¨å¾©å·åŒ–ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®RSA構造ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARGS RSAキーãƒã‚¤ãƒ³ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ - \param key åˆæœŸåŒ–ã™ã‚‹RSAKEY構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã¾ãŸã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ã®ãƒ¡ãƒ¢ãƒªã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ï¼ˆXMALLOCã€XFREEã€XREALLOCã‚’å‚照)ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã€ãƒ’ープ識別å­ã‚‚å—ã‘å–りã¾ã™ã€‚ + + WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æš—å·åŒ–ã¨å¾©å·ã«ä½¿ç”¨ã™ã‚‹RSA構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARGS RSAキーãƒã‚¤ãƒ³ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param key åˆæœŸåŒ–ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param heap メモリオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ä½¿ç”¨ã™ã‚‹ãƒ’ープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚メモリ割り当ã¦ã®ã‚«ã‚¹ã‚¿ãƒ å‡¦ç†ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒ’ープã¯ã€ã“ã®RSAオブジェクトã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ãƒ‡ãƒ•ォルトã§ä½¿ç”¨ã•れã¾ã™ + _Example_ \code RsaKey enc; int ret; - ret = wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory + ret = wc_InitRsaKey(&enc, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— if ( ret != 0 ) { - // error initializing RSA key + // RSAキーã®åˆæœŸåŒ–エラー } \endcode + \sa wc_FreeRsaKey \sa wc_RsaSetRNG */ @@ -20,31 +28,39 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚IDã¨LENã¯ã€DEVIDãŒãƒ‡ãƒã‚¤ã‚¹ã‚’識別ã—ã¦ã„ã‚‹é–“ã«ãƒ‡ãƒã‚¤ã‚¹ä¸Šã®ã‚­ãƒ¼ã‚’識別ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã¾ãŸã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ãƒ¡ãƒ¢ãƒªã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ’ープ識別å­ã‚‚å–りã¾ã™ï¼ˆXMALLOCã€XFREEã€XREALLOCã‚’å‚照)。wc_rsa_blindingãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return 0 æš—å·åŒ–ã¨å¾©å·åŒ–ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®RSA構造ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARGS RSAキーãƒã‚¤ãƒ³ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ - \return BUFFER_E LENãŒRSA_MAX_ID_LENよりもå°ã•ã„å ´åˆã€ã¾ãŸã¯å¤§ãã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \param key åˆæœŸåŒ–ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param id デãƒã‚¤ã‚¹ä¸Šã®ã‚­ãƒ¼ã®è­˜åˆ¥å­ - \param len ãƒã‚¤ãƒˆæ•°ã®è­˜åˆ¥å­ã®é•·ã• - \param heap メモリオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®ãƒ’ープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚メモリ割り当ã¦ã®ã‚«ã‚¹ã‚¿ãƒ å‡¦ç†ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒ’ープã¯ã€ã“ã®RSAオブジェクトã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã¨ãã«ä½¿ç”¨ã•れるデフォルトã«ãªã‚Šã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚idã¨lenã¯ã€ãƒ‡ãƒã‚¤ã‚¹ä¸Šã®ã‚­ãƒ¼ã‚’識別ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã€devIdã¯ãƒ‡ãƒã‚¤ã‚¹ã‚’識別ã—ã¾ã™ã€‚ã¾ãŸã€ãƒ¦ãƒ¼ã‚¶ãƒ¼å®šç¾©ã®ãƒ¡ãƒ¢ãƒªã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰ï¼ˆXMALLOCã€XFREEã€XREALLOCã‚’å‚照)ã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã€ãƒ’ープ識別å­ã‚‚å—ã‘å–りã¾ã™ã€‚ + + WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æš—å·åŒ–ã¨å¾©å·ã«ä½¿ç”¨ã™ã‚‹RSA構造体ã®åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARGS RSAキーãƒã‚¤ãƒ³ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BUFFER_E lenãŒ0未満ã¾ãŸã¯RSA_MAX_ID_LENより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key åˆæœŸåŒ–ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param id デãƒã‚¤ã‚¹ä¸Šã®ã‚­ãƒ¼ã®è­˜åˆ¥å­ + \param len 識別å­ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½ï¼‰ + \param heap メモリオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ä½¿ç”¨ã™ã‚‹ãƒ’ープ識別å­ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚メモリ割り当ã¦ã®ã‚«ã‚¹ã‚¿ãƒ å‡¦ç†ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ã“ã®ãƒ’ープã¯ã€ã“ã®RSAオブジェクトã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹éš›ã«ãƒ‡ãƒ•ォルトã§ä½¿ç”¨ã•れã¾ã™ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®š + _Example_ \code RsaKey enc; unsigned char* id = (unsigned char*)"RSA2048"; - int len = 6; + int len = 7; int devId = 1; int ret; ret = wc_CryptoDev_RegisterDevice(devId, wc_Pkcs11_CryptoDevCb, &token); if ( ret != 0) { - // error associating callback and token with device id + // コールãƒãƒƒã‚¯ã¨ãƒˆãƒ¼ã‚¯ãƒ³ã‚’デãƒã‚¤ã‚¹IDã«é–¢é€£ä»˜ã‘るエラー } - ret = wc_InitRsaKey_Id(&enc, id, len, NULL, devId); // not using heap hint + ret = wc_InitRsaKey_Id(&enc, id, len, NULL, devId); // ヒープヒントを使用ã—ãªã„ if ( ret != 0 ) { - // error initializing RSA key + // RSAキーã®åˆæœŸåŒ–エラー } \endcode + \sa wc_InitRsaKey \sa wc_FreeRsaKey \sa wc_RsaSetRNG @@ -54,10 +70,15 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯RNGをキーã«é–¢é€£ä»˜ã‘ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã¯å¿…è¦ã§ã™ã€‚ - \return 0 æˆåŠŸã«æˆ»ã£ãŸ - \return BAD_FUNC_ARGS RSAキーã®å ´åˆã€RNGãƒã‚¤ãƒ³ã‚¿ãŒNULLã«è©•価ã•れãŸå ´åˆ - \param key 関連付ã‘られるRsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€RNGをキーã«é–¢é€£ä»˜ã‘ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã«å¿…è¦ã§ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARGS RSAキーã€rngãƒã‚¤ãƒ³ã‚¿ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param key 関連付ã‘ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng 関連付ã‘ã‚‹WC_RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -67,6 +88,7 @@ if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); \endcode + \sa wc_InitRsaKey \sa wc_RsaSetRNG */ @@ -74,62 +96,112 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ã€MP_Clearを使用ã—ã¦æä¾›ã•れãŸRsaKey構造体を解放ã—ã¾ã™ã€‚ - \return 0 キーã®è§£æ”¾ã«æˆåŠŸã—ãŸã‚‰è¿”å“ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€mp_clearを使用ã—ã¦æä¾›ã•れãŸRsaKey構造体を解放ã—ã¾ã™ã€‚ + + \return 0 キーã®è§£æ”¾ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param key 解放ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code RsaKey enc; - wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory - ... set key, do encryption + wc_InitRsaKey(&enc, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— + ... キーを設定ã—ã€æš—å·åŒ–を実行 wc_FreeRsaKey(&enc); \endcode + \sa wc_InitRsaKey */ int wc_FreeRsaKey(RsaKey* key); /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’INã‹ã‚‰æš—å·åŒ–ã—ã€ãã®çµæžœã‚’æ ¼ç´ã—ã¾ã™ã€‚åˆæœŸåŒ–ã•れãŸå…¬é–‹éµã¨ä¹±æ•°ç™ºç”Ÿå™¨ãŒå¿…è¦ã§ã™ã€‚副作用ã¨ã—ã¦ã€ã“ã®é–¢æ•°ã¯ounlenã®ä¸­ã§æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \return Success å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸã‚‰ã€æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã—ã€éšœå®³ã®å ´åˆã¯ã‚¼ãƒ­æœªæº€ã§ã™ã€‚ã¾ãŸã€outlenã®å€¤ã‚’æ ¼ç´ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ã€OUTã«æ›¸ãè¾¼ã¾ã‚ŒãŸæ•°ã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ - \return RSA_BUFFER_E CipherTextã‚’ä¿å­˜ã™ã‚‹ã«ã¯ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return RNG_FAILURE_E æä¾›ã•れãŸRNG構造体を使用ã—ã¦ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return MP_INIT_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_READ_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ZERO_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param out å‡ºåŠ›æš—å·æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹éµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief パディングãªã—ã§RSAæ“作を直接実行ã™ã‚‹é–¢æ•°ã€‚入力サイズã¯ã‚­ãƒ¼ã‚µã‚¤ã‚ºã¨ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚通常ã€ã“れã¯RSAå…¥åŠ›ã«æ—¢ã«ãƒ‘ディングãŒè¡Œã‚れã¦ã„ã‚‹å ´åˆã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return size æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€æš—å·åŒ–ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ + \return RSA_BUFFER_E RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã¾ã™ + + \param in æ“作を行ã†ãƒãƒƒãƒ•ã‚¡ + \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out çµæžœã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ + \param outSz çµæžœãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã«è¨­å®šã•れã¾ã™ã€‚出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã¨ã—ã¦æ¸¡ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ãƒã‚¤ãƒ³ã‚¿ã€Œoutã€ãŒnullã®å ´åˆã€outSzã¯å¿…è¦ãªäºˆæƒ³ãƒãƒƒãƒ•ァサイズã«è¨­å®šã•れã€LENGTH_ONLY_EãŒè¿”ã•れã¾ã™ã€‚ + \param key æš—å·åŒ–/復å·ã«ä½¿ç”¨ã™ã‚‹åˆæœŸåŒ–ã•れãŸRSAキー + \param type 秘密éµã¾ãŸã¯å…¬é–‹éµã‚’使用ã™ã‚‹å ´åˆï¼ˆRSA_PUBLIC_ENCRYPTã€RSA_PUBLIC_DECRYPTã€RSA_PRIVATE_ENCRYPTã€RSA_PRIVATE_DECRYPT) + \param rng åˆæœŸåŒ–ã•れãŸWC_RNG構造体 + + _Example_ + \code + int ret; + WC_RNG rng; + RsaKey key; + byte in[256]; + byte out[256]; + word32 outSz = (word32)sizeof(out); + … + + ret = wc_RsaDirect(in, (word32)sizeof(in), out, &outSz, &key, + RSA_PRIVATE_ENCRYPT, &rng); + if (ret < 0) { + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† + } + \endcode + + \sa wc_RsaPublicEncrypt + \sa wc_RsaPrivateDecrypt +*/ +int wc_RsaDirect(const byte* in, word32 inLen, byte* out, word32* outSz, + RsaKey* key, int type, WC_RNG* rng); + +/*! + \ingroup RSA + + \brief ã“ã®é–¢æ•°ã¯ã€inã‹ã‚‰ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã—ã€çµæžœã‚’outã«æ ¼ç´ã—ã¾ã™ã€‚åˆæœŸåŒ–ã•れãŸå…¬é–‹éµã¨ä¹±æ•°ã‚¸ã‚§ãƒãƒ¬ãƒ¼ã‚¿ãŒå¿…è¦ã§ã™ã€‚副作用ã¨ã—ã¦ã€ã“ã®é–¢æ•°ã¯outã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’outLenã§è¿”ã—ã¾ã™ã€‚ + + \return Success å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€æˆåŠŸæ™‚ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã€å¤±æ•—ã®å ´åˆã¯ã‚¼ãƒ­æœªæº€ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ + \return RSA_BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡ãŒæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ã«ã¯å°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E æä¾›ã•れãŸRNG構造体を使用ã—ã¦ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_READ_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ZERO_E ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–中ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param in æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• + \param out å‡ºåŠ›æš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outLen 出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹å…¬é–‹éµã‚’å«ã‚€RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param rng ランダムブロックパディングを生æˆã™ã‚‹RNG構造体 + _Example_ \code RsaKey pub; int ret = 0; - byte n[] = { // initialize with received n component of public key }; - byte e[] = { // initialize with received e component of public key }; - byte msg[] = { // initialize with plaintext of message to encrypt }; - byte cipher[256]; // 256 bytes is large enough to store 2048 bit RSA - ciphertext + byte n[] = { // å—ä¿¡ã—ãŸå…¬é–‹éµã®næˆåˆ†ã§åˆæœŸåŒ– }; + byte e[] = { // å—ä¿¡ã—ãŸå…¬é–‹éµã®eæˆåˆ†ã§åˆæœŸåŒ– }; + byte msg[] = { // æš—å·åŒ–ã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å¹³æ–‡ã§åˆæœŸåŒ– }; + byte cipher[256]; // 256ãƒã‚¤ãƒˆã¯2048ビットRSAæš—å·æ–‡ã‚’æ ¼ç´ã™ã‚‹ã®ã«å分ãªå¤§ãã• - wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory + wc_InitRsaKey(&pub, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub); - // initialize with received public key parameters + // å—ä¿¡ã—ãŸå…¬é–‹éµãƒ‘ラメータã§åˆæœŸåŒ– ret = wc_RsaPublicEncrypt(msg, sizeof(msg), out, sizeof(out), &pub, &rng); if ( ret != 0 ) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_RsaPrivateDecrypt */ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, @@ -137,16 +209,22 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯å¾©å·åŒ–ã®ãŸã‚ã«WC_RSAPrivateCrypt関数ã«ã‚ˆã£ã¦åˆ©ç”¨ã•れã¾ã™ã€‚ - \return Success 復å·åŒ–データã®é•·ã• - \return RSA_PAD_E RSAUNPADエラーã€ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã®æ‚ªã„フォーマット - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹å¾©å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 + + \brief ã“ã®é–¢æ•°ã¯ã€å¾©å·ã®ãŸã‚ã«wc_RsaPrivateDecrypt関数ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return Success 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã®é•·ã•。 + \return RSA_PAD_E RsaUnPadエラーã€ãƒ•ォーマットãŒä¸æ­£ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param key 復å·ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code - none + ãªã— \endcode + \sa wc_RsaPrivateDecrypt */ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, @@ -154,14 +232,19 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ç§˜å¯†ã®RSA復å·åŒ–ã‚’æä¾›ã—ã¾ã™ã€‚ - \return Success 復å·åŒ–データã®é•·ã• - \return MEMORY_E -125ã€ãƒ¡ãƒ¢ãƒªã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—㟠- \return BAD_FUNC_ARG -173ã€é–¢æ•°ã®ä¸è‰¯å¼•æ•°ãŒæä¾›ã•れã¦ã„ã¾ã™ - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹å¾©å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param outLen ã®é•·ã• + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ—ライベートRSA復å·ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return Success 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã®é•·ã•。 + \return MEMORY_E -125ã€ãƒ¡ãƒ¢ãƒªä¸è¶³ã‚¨ãƒ©ãƒ¼ + \return BAD_FUNC_ARG -173ã€ä¸æ­£ãªé–¢æ•°å¼•æ•°ãŒæä¾›ã•れã¾ã—㟠+ + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param outLen outã®é•·ã•。 + \param key 復å·ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); @@ -173,6 +256,7 @@ return -1; } \endcode + \sa RsaUnPad \sa wc_RsaFunction \sa wc_RsaPrivateDecryptInline @@ -182,13 +266,18 @@ /*! \ingroup RSA - \brief æä¾›ã•れãŸé…列ã«ç§˜å¯†éµã¨ç½²åã—ã¾ã™ã€‚ - \return RSA_BUFFER_E: -131ã€RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã™ã‚‹ - \param in æš—å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹æš—å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param outLen ã®é•·ã• - \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹éµã€‚ + + \brief 秘密éµã§æä¾›ã•れãŸé…列ã«ç½²åã—ã¾ã™ã€‚ + + \return RSA_BUFFER_E: -131ã€RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã¾ã™ + + \param in æš—å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param outLen outã®é•·ã•。 + \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + \param RNG 乱数ã®ç›®çš„ã§ä½¿ç”¨ã™ã‚‹RNG構造体。 + _Example_ \code ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); @@ -200,7 +289,14 @@ if (ret < 0) { return -1; } + if (ret != inLen) { + return -1; + } + if (XMEMCMP(in, plain, ret) != 0) { + return -1; + } \endcode + \sa wc_RsaPad */ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, @@ -208,29 +304,35 @@ /*! \ingroup RSA - \brief メッセージãŒRSAキーã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚出力ã¯å…¥åŠ›ã¨åŒã˜ãƒã‚¤ãƒˆé…列を使用ã—ã¾ã™ã€‚ - \return >0 テキストã®é•·ã• - \return <0 エラーãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ãƒãƒƒãƒ•ァ入力ã®é•·ã•。 - \param out 復å·åŒ–ã•ã‚ŒãŸæƒ…å ±ã®ãƒã‚¤ãƒ³ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief メッセージãŒRSAキーã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚出力ã¯å…¥åŠ›ã¨åŒã˜ãƒã‚¤ãƒˆé…列を使用ã—ã¾ã™ã€‚ + + \return `>0` ダイジェストã®é•·ã•。 + \return `<0` エラーãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param out 復å·ã•ã‚ŒãŸæƒ…å ±ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key 使用ã™ã‚‹RsaKey。 + _Example_ \code RsaKey key; WC_RNG rng; int ret = 0; - long e = 65537; // standard value to use for exponent - wc_InitRsaKey(&key, NULL); // not using heap hint. No custom memory + long e = 65537; // 指数ã«ä½¿ç”¨ã™ã‚‹æ¨™æº–値 + wc_InitRsaKey(&key, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— wc_InitRng(&rng); wc_MakeRsaKey(&key, 2048, e, &rng); - byte in[] = { // Initialize with some RSA encrypted information } + byte in[] = { // RSAæš—å·åŒ–情報ã§åˆæœŸåŒ– } byte* out; if(wc_RsaSSL_VerifyInline(in, sizeof(in), &out, &key) < 0) { - // handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_RsaSSL_Verify \sa wc_RsaSSL_Sign */ @@ -239,13 +341,18 @@ /*! \ingroup RSA - \brief メッセージãŒã‚­ãƒ¼ã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return Success エラーã®ãªã„テキストã®é•·ã•。 - \return MEMORY_E メモリ例外 - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹å¾©å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param outLen ã®é•·ã• + + \brief メッセージãŒã‚­ãƒ¼ã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return Success エラーãŒãªã„å ´åˆã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã®é•·ã•。 + \return MEMORY_E メモリ例外。 + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param outLen outã®é•·ã•。 + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); @@ -257,7 +364,14 @@ if (ret < 0) { return -1; } + if (ret != inLen) { + return -1; + } + if (XMEMCMP(in, plain, ret) != 0) { + return -1; + } \endcode + \sa wc_RsaSSL_Sign */ int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, @@ -265,14 +379,19 @@ /*! \ingroup RSA - \brief æä¾›ã•れãŸé…列ã«ç§˜å¯†éµã¨ç½²åã—ã¾ã™ã€‚ - \return RSA_BUFFER_E: -131ã€RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã™ã‚‹ - \param in æš—å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹æš—å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param outLen ã®é•·ã• - \param hash メッセージã«å…¥ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½è­˜åˆ¥å­ + + \brief 秘密éµã§æä¾›ã•れãŸé…列ã«ç½²åã—ã¾ã™ã€‚ + + \return RSA_BUFFER_E: -131ã€RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã¾ã™ + + \param in æš—å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param outLen outã®é•·ã•。 + \param hash メッセージã«å«ã¾ã‚Œã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— + \param mgf マスク生æˆé–¢æ•°è­˜åˆ¥å­ + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -300,6 +419,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Verify \sa wc_RsaSetRNG */ @@ -309,16 +429,21 @@ /*! \ingroup RSA - \brief 入力署åを復å·ã—ã¦ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒéµã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’確èªã—ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€éµã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return Success エラーã®ãªã„å ´åˆã¯ãƒ†ã‚­ã‚¹ãƒˆã®é•·ã•ã‚’è¿”ã—ã¾ã™ - \return MEMORY_E メモリ例外 - \return MP_EXPTMOD_E - fastmathを使用ã™ã‚‹æ§˜ã«æ§‹æˆã•れã¦ã„ã‚‹å ´åˆã«FP_MAX_BITSãŒéµã‚µã‚¤ã‚ºã®å°‘ãªãã¨ã‚‚2å€ã«è¨­å®šã•れã¦ã„ãªã„(例ãˆã°4096-bité•·ã®éµã‚’使用ã™ã‚‹å ´åˆã«ã¯FP_MAX_BITSã¯8192以上ã«è¨­å®šã™ã‚‹ã“ã¨)。 - \param in 復å·ã•れる署åãƒ‡ãƒ¼ã‚¿ãŒæ ¼ç´ã•れã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ - \param inLen ç½²åデータã®é•·ã• - \param out 復å·ãƒ‡ãƒ¼ã‚¿ã®å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ - \param outLen 出力先ãƒãƒƒãƒ•ァサイズ - \param hash メッセージã«å…¥ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½è­˜åˆ¥å­ + + \brief メッセージãŒã‚­ãƒ¼ã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’検証ã™ã‚‹ãŸã‚ã«å…¥åŠ›ç½²åを復å·ã—ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return Success エラーãŒãªã„å ´åˆã®ãƒ†ã‚­ã‚¹ãƒˆã®é•·ã•。 + \return MEMORY_E メモリ例外。 + \return MP_EXPTMOD_E - fastmathを使用ã—ã¦ã„ã¦ã€FP_MAX_BITSãŒã‚­ãƒ¼ã‚µã‚¤ã‚ºã®å°‘ãªãã¨ã‚‚2å€ã«è¨­å®šã•れã¦ã„ãªã„å ´åˆï¼ˆä¾‹ï¼š4096ビットキーを使用ã™ã‚‹å ´åˆã€FP_MAX_BITSã‚’8192以上ã®å€¤ã«è¨­å®šï¼‰ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param outLen outã®é•·ã•。 + \param hash メッセージã«å«ã¾ã‚Œã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— + \param mgf マスク生æˆé–¢æ•°è­˜åˆ¥å­ + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -345,25 +470,31 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_VerifyInline \sa wc_RsaPSS_CheckPadding \sa wc_RsaSetRNG */ -int wc_RsaPSS_Verify(byte* in, word32 inLen, byte* out, +int wc_RsaPSS_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key); /*! \ingroup RSA - \brief 入力署åを復å·åŒ–ã—ã¦ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒRSAキーã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’確èªã—ã¾ã™ã€‚出力ã¯å…¥åŠ›ã¨åŒã˜ãƒã‚¤ãƒˆé…列を使用ã—ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return >0 テキストã®é•·ã• - \return <0 エラーãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ãƒãƒƒãƒ•ァ入力ã®é•·ã•。 - \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param hash メッセージã«å…¥ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½è­˜åˆ¥å­ + + \brief メッセージãŒRSAキーã«ã‚ˆã£ã¦ç½²åã•れãŸã“ã¨ã‚’検証ã™ã‚‹ãŸã‚ã«å…¥åŠ›ç½²åを復å·ã—ã¾ã™ã€‚出力ã¯å…¥åŠ›ã¨åŒã˜ãƒã‚¤ãƒˆé…列を使用ã—ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return >0 テキストã®é•·ã•。 + \return <0 エラーãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hash メッセージã«å«ã¾ã‚Œã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— + \param mgf マスク生æˆé–¢æ•°è­˜åˆ¥å­ + \param key 使用ã™ã‚‹RsaKey。 + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -389,6 +520,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Verify \sa wc_RsaPSS_Sign \sa wc_RsaPSS_VerifyCheck @@ -406,17 +538,22 @@ RsaKey* key); /*! \ingroup RSA - \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’確èªã—ã¦ãã ã•ã„。ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã«ç­‰ã—ã„。WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return the PSSデータã®é•·ã•ãŒæˆåŠŸã—ã€è² ã«éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚ - \return MEMORY_E メモリ例外 - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param outLen ã®é•·ã• - \param digest 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param hash ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ  - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½ + + \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’検証ã—ã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return the length of the PSS data æˆåŠŸæ™‚ã¯PSSデータã®é•·ã•ã€å¤±æ•—を示ã™è² ã®å€¤ã€‚ + \return MEMORY_E メモリ例外。 + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outLen outã®é•·ã•。 + \param digest 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param hash ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + \param mgf マスク生æˆé–¢æ•°ã€‚ + \param key 公開RSAキー。 + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -451,6 +588,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyCheck_ex @@ -461,25 +599,31 @@ \sa wc_RsaSetRNG */ -int wc_RsaPSS_VerifyCheck(byte* in, word32 inLen, +int wc_RsaPSS_VerifyCheck(const byte* in, word32 inLen, byte* out, word32 outLen, const byte* digest, word32 digestLen, enum wc_HashType hash, int mgf, RsaKey* key); /*! \ingroup RSA - \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’確èªã—ã¦ãã ã•ã„。WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return the PSSデータã®é•·ã•ãŒæˆåŠŸã—ã€è² ã«éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚ - \return MEMORY_E メモリ例外 - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param outLen ã®é•·ã• - \param digest 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param hash ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ  - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½ - \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSSS_SALT_LEN_DEFAULT(-1)ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã¨åŒã˜ã§ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れã¾ã™ã€‚ + + \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’検証ã—ã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return the length of the PSS data æˆåŠŸæ™‚ã¯PSSデータã®é•·ã•ã€å¤±æ•—を示ã™è² ã®å€¤ã€‚ + \return MEMORY_E メモリ例外。 + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out PSSデータをå«ã‚€ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outLen outã®é•·ã•。 + \param digest 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param hash ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + \param mgf マスク生æˆé–¢æ•°ã€‚ + \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSS_SALT_LEN_DEFAULT(-1)ã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨åŒã˜ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れるã“ã¨ã‚’示ã—ã¾ã™ã€‚ + + \param key 公開RSAキー。 + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -514,6 +658,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyCheck @@ -531,15 +676,22 @@ /*! \ingroup RSA - \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’確èªã—ã¦ãã ã•ã„。入力ãƒãƒƒãƒ•ã‚¡ã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å†åˆ©ç”¨ã•れã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã«ç­‰ã—ã„。WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return the PSSデータã®é•·ã•ãŒæˆåŠŸã—ã€è² ã«éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚ - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹å¾©å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param digest 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param hash メッセージã«å…¥ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½è­˜åˆ¥å­ + + \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’検証ã—ã¾ã™ã€‚入力ãƒãƒƒãƒ•ã‚¡ã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¨ã—ã¦å†åˆ©ç”¨ã•れã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚ + + WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return the length of the PSS data æˆåŠŸæ™‚ã¯PSSデータã®é•·ã•ã€å¤±æ•—を示ã™è² ã®å€¤ã€‚ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param digest 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param hash メッセージã«å«ã¾ã‚Œã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— + \param mgf マスク生æˆé–¢æ•°è­˜åˆ¥å­ + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -574,6 +726,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyCheck @@ -589,16 +742,21 @@ RsaKey* key); /*! \ingroup RSA - \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’確èªã—ã¦ãã ã•ã„。入力ãƒãƒƒãƒ•ã‚¡ã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å†åˆ©ç”¨ã•れã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return the PSSデータã®é•·ã•ãŒæˆåŠŸã—ã€è² ã«éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚ - \param in 復å·åŒ–ã•れるãƒã‚¤ãƒˆé…列。 - \param inLen ã®é•·ã• - \param out æ ¼ç´ã™ã‚‹å¾©å·åŒ–データã®ãƒã‚¤ãƒˆé…列。 - \param digest 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param hash メッセージã«å…¥ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ - \param mgf ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½è­˜åˆ¥å­ - \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSSS_SALT_LEN_DEFAULT(-1)ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã¨åŒã˜ã§ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れã¾ã™ã€‚ + + \brief RSA-PSSã§ç½²åã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’検証ã—ã¾ã™ã€‚入力ãƒãƒƒãƒ•ã‚¡ã¯å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¨ã—ã¦å†åˆ©ç”¨ã•れã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return the length of the PSS data æˆåŠŸæ™‚ã¯PSSデータã®é•·ã•ã€å¤±æ•—を示ã™è² ã®å€¤ã€‚ + + \param in 復å·ã•れるãƒã‚¤ãƒˆé…列。 + \param inLen inã®é•·ã•。 + \param out 復å·ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param digest 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param digestLen ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param hash メッセージã«å«ã¾ã‚Œã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ— + \param mgf マスク生æˆé–¢æ•°è­˜åˆ¥å­ + \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSS_SALT_LEN_DEFAULT(-1)ã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨åŒã˜ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れるã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -633,6 +791,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyCheck @@ -649,13 +808,18 @@ /*! \ingroup RSA - \brief PSSデータを確èªã—ã¦ã€ç½²åãŒä¸€è‡´ã™ã‚‹ã‚ˆã†ã«ã—ã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã«ç­‰ã—ã„。WC_RSA_BLINDINGãŒæœ‰åйãªå ´åˆã€ã‚­ãƒ¼ã¯WC_RSASETRNGã«ã‚ˆã£ã¦RNGã«é–¢é€£ä»˜ã‘られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \return BAD_PADDING_E PSSデータãŒç„¡åйãªå ´åˆã€NULLãŒINã¾ãŸã¯SIGã¾ãŸã¯INSZã«æ¸¡ã•れるã¨ã€BAD_FUNC_ARGã¯ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®é•·ã•ã¨åŒã˜ã§ã¯ã‚りã¾ã›ã‚“。 - \return MEMORY_E メモリ例外 - \param in 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param inSz ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param sig PSSãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 - \param sigSz PSSデータã®ã‚µã‚¤ã‚ºã€‚ + + \brief ç½²åãŒä¸€è‡´ã™ã‚‹ã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«PSSデータをãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚WC_RSA_BLINDINGãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã‚­ãƒ¼ã¯wc_RsaSetRNGã«ã‚ˆã£ã¦RNGã¨é–¢é€£ä»˜ã‘ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return BAD_PADDING_E PSSデータãŒç„¡åйãªå ´åˆã€BAD_FUNC_ARG inã¾ãŸã¯sigã«NULLãŒæ¸¡ã•れãŸå ´åˆã€ã¾ãŸã¯inSzãŒãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®é•·ã•ã¨åŒã˜ã§ãªã„å ´åˆã€æˆåŠŸæ™‚ã¯0。 + \return MEMORY_E メモリ例外。 + + \param in 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param inSz ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param sig PSSãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sigSz PSSデータã®ã‚µã‚¤ã‚ºã€‚ + \param hashType ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -687,6 +851,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyInline @@ -697,20 +862,25 @@ \sa wc_RsaPSS_CheckPadding_ex \sa wc_RsaSetRNG */ -int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType); /*! \ingroup RSA - \brief PSSデータを確èªã—ã¦ã€ç½²åãŒä¸€è‡´ã™ã‚‹ã‚ˆã†ã«ã—ã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã«ç­‰ã—ã„。 - \return BAD_PADDING_E PSSデータãŒç„¡åйãªå ´åˆã€NULLãŒINã¾ãŸã¯SIGã¾ãŸã¯INSZã«æ¸¡ã•れるã¨ã€BAD_FUNC_ARGã¯ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®é•·ã•ã¨åŒã˜ã§ã¯ã‚りã¾ã›ã‚“。 - \return MEMORY_E メモリ例外 - \param in 検証中ã®ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã€‚ - \param inSz ãƒãƒƒã‚·ãƒ¥ã®é•·ã• - \param sig PSSãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 - \param sigSz PSSデータã®ã‚µã‚¤ã‚ºã€‚ - \param hashType ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ  - \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSSS_SALT_LEN_DEFAULT(-1)ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥é•·ã¨åŒã˜ã§ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れã¾ã™ã€‚ + + \brief ç½²åãŒä¸€è‡´ã™ã‚‹ã“ã¨ã‚’確èªã™ã‚‹ãŸã‚ã«PSSデータをãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ソルトã®é•·ã•ã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨ç­‰ã—ããªã‚Šã¾ã™ã€‚ + + \return BAD_PADDING_E PSSデータãŒç„¡åйãªå ´åˆã€BAD_FUNC_ARG inã¾ãŸã¯sigã«NULLãŒæ¸¡ã•れãŸå ´åˆã€ã¾ãŸã¯inSzãŒãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®é•·ã•ã¨åŒã˜ã§ãªã„å ´åˆã€æˆåŠŸæ™‚ã¯0。 + \return MEMORY_E メモリ例外。 + + \param in 検証ã•れるデータã®ãƒãƒƒã‚·ãƒ¥ã€‚ + \param inSz ãƒãƒƒã‚·ãƒ¥ã®é•·ã•。 + \param sig PSSãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sigSz PSSデータã®ã‚µã‚¤ã‚ºã€‚ + \param hashType ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + \param saltLen 使用ã•れるソルトã®é•·ã•。RSA_PSS_SALT_LEN_DEFAULT(-1)ã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã¨åŒã˜ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚RSA_PSS_SALT_LEN_DISCOVERã¯ã€ã‚½ãƒ«ãƒˆã®é•·ã•ãŒãƒ‡ãƒ¼ã‚¿ã‹ã‚‰æ±ºå®šã•れるã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param bits FIPSã®å ´åˆã€ã‚½ãƒ«ãƒˆã‚µã‚¤ã‚ºã®è¨ˆç®—ã«ä½¿ç”¨ã§ãã¾ã™ + _Example_ \code ret = wc_InitRsaKey(&key, NULL); @@ -742,6 +912,7 @@ wc_FreeRsaKey(&key); wc_FreeRng(&rng); \endcode + \sa wc_RsaPSS_Sign \sa wc_RsaPSS_Verify \sa wc_RsaPSS_VerifyInline @@ -751,44 +922,56 @@ \sa wc_RsaPSS_VerifyCheckInline_ex \sa wc_RsaPSS_CheckPadding */ -int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, byte* sig, +int wc_RsaPSS_CheckPadding_ex(const byte* in, word32 inLen, const byte* sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits); /*! \ingroup RSA - \brief æä¾›ã•れãŸã‚­ãƒ¼æ§‹é€ ã®æš—å·åŒ–サイズを返ã—ã¾ã™ã€‚ - \return Success æä¾›ã•れãŸã‚­ãƒ¼æ§‹é€ ã®æš—å·åŒ–サイズ。 + + \brief æä¾›ã•れãŸã‚­ãƒ¼æ§‹é€ ä½“ã®æš—å·åŒ–サイズを返ã—ã¾ã™ã€‚ + + \return Success æä¾›ã•れãŸã‚­ãƒ¼æ§‹é€ ä½“ã®æš—å·åŒ–サイズ。 + + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + _Example_ \code int sz = wc_RsaEncryptSize(&key); \endcode + \sa wc_InitRsaKey \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaEncryptSize(RsaKey* key); +int wc_RsaEncryptSize(const RsaKey* key); /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯Derフォーマットã•れãŸRSA秘密éµã‚’è§£æžã—ã€ç§˜å¯†éµã‚’抽出ã—ã€ãれを与ãˆã‚‰ã‚ŒãŸResakeyæ§‹é€ ã«æ ¼ç´ã—ã¾ã™ã€‚IDXã«è§£æžã•れãŸè·é›¢ã‚‚設定ã—ã¾ã™ã€‚ - \return 0 DERエンコード入力ã‹ã‚‰ç§˜å¯†éµã®è§£æžã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return ASN_PARSE_E 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ç§˜å¯†éµã‚’è§£æžã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€å…¥åŠ›ç§˜å¯†éµãŒASN.1è¦æ ¼ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return ASN_RSA_KEY_E RSAキー入力ã®ç§˜å¯†éµè¦ç´ ã‚’読ã¿å–るエラーãŒã‚ã‚‹å ´åˆ - \param input デコードã™ã‚‹DERフォーマット秘密éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx キーãŒå§‹ã¾ã‚‹ãƒãƒƒãƒ•ァ内ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆé€šå¸¸ã¯0)。ã“ã®é–¢æ•°ã®å‰¯ä½œç”¨ã¨ã—ã¦ã€InoutIDXã¯å…¥åŠ›ãƒãƒƒãƒ•ァを介ã—ã¦è§£æžã•れãŸè·é›¢ã‚’記憶ã—ã¾ã™ - \param key デコードã•れãŸç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹RSAKEY構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€DERå½¢å¼ã®RSA秘密éµã‚’è§£æžã—ã€ç§˜å¯†éµã‚’抽出ã—ã¦ã€æŒ‡å®šã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€idxã«è§£æžã•れãŸè·é›¢ã‚’設定ã—ã¾ã™ã€‚ + + \return 0 DERエンコードã•れãŸå…¥åŠ›ã‹ã‚‰ç§˜å¯†éµã‚’正常ã«è§£æžã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ç§˜å¯†éµã‚’è§£æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€å…¥åŠ›ç§˜å¯†éµãŒASN.1標準ã«å¾“ã£ã¦é©åˆ‡ã«ãƒ•ォーマットã•れã¦ã„ãªã„å ´åˆã«ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ASN_RSA_KEY_E RSAキー入力ã®ç§˜å¯†éµè¦ç´ ã‚’読ã¿å–ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param input デコードã™ã‚‹DERå½¢å¼ã®ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx キーãŒå§‹ã¾ã‚‹ãƒãƒƒãƒ•ァ内ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆé€šå¸¸ã¯0)。ã“ã®é–¢æ•°ã®å‰¯ä½œç”¨ã¨ã—ã¦ã€inOutIdxã¯å…¥åŠ›ãƒãƒƒãƒ•ァを通ã˜ã¦è§£æžã•れãŸè·é›¢ã‚’æ ¼ç´ã—ã¾ã™ + \param key デコードã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code RsaKey enc; word32 idx = 0; int ret = 0; - byte der[] = { // initialize with DER-encoded RSA private key }; + byte der[] = { // DERエンコードã•れãŸRSA秘密éµã§åˆæœŸåŒ– }; - wc_InitRsaKey(&enc, NULL); // not using heap hint. No custom memory + wc_InitRsaKey(&enc, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— ret = wc_RsaPrivateKeyDecode(der, &idx, &enc, sizeof(der)); if( ret != 0 ) { - // error parsing private key + // 秘密éµã®è§£æžã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_RsaPublicKeyDecode \sa wc_MakeRsaKey */ @@ -797,29 +980,35 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯Derフォーマットã®RSA公開éµã‚’è§£æžã—ã€å…¬é–‹éµã‚’抽出ã—ã€ãれを指定ã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚IDXã«è§£æžã•れãŸè·é›¢ã‚‚設定ã—ã¾ã™ã€‚ - \return 0 DERエンコード入力ã‹ã‚‰å…¬é–‹éµã®è§£æžã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れ㟠- \return ASN_PARSE_E 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’è§£æžã—ãŸã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€å…¥åЛ公開éµãŒASN.1è¦æ ¼ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return ASN_OBJECT_ID_E ASN.1オブジェクトIDãŒRSA公開éµã®ãれã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_EXPECT_0_E 入力キーãŒASN.1è¦æ ¼ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆ - \return ASN_BITSTR_E 入力キーãŒASN.1è¦æ ¼ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆ - \return ASN_RSA_KEY_E RSAキー入力ã®å…¬é–‹éµè¦ç´ ã‚’読ã¿å–るエラーãŒã‚ã‚‹å ´åˆ - \param input 復å·ã™ã‚‹å…¥åŠ›DERエンコードRSA公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inOutIdx キーãŒå§‹ã¾ã‚‹ãƒãƒƒãƒ•ァ内ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆé€šå¸¸ã¯0)。ã“ã®é–¢æ•°ã®å‰¯ä½œç”¨ã¨ã—ã¦ã€InoutIDXã¯å…¥åŠ›ãƒãƒƒãƒ•ァを介ã—ã¦è§£æžã•れãŸè·é›¢ã‚’記憶ã—ã¾ã™ - \param key デコードã•れãŸå…¬é–‹éµã‚’ä¿å­˜ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€DERå½¢å¼ã®RSA公開éµã‚’è§£æžã—ã€å…¬é–‹éµã‚’抽出ã—ã¦ã€æŒ‡å®šã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã¾ã™ã€‚ã¾ãŸã€idxã«è§£æžã•れãŸè·é›¢ã‚’設定ã—ã¾ã™ã€‚ + + \return 0 DERエンコードã•れãŸå…¥åŠ›ã‹ã‚‰å…¬é–‹éµã‚’正常ã«è§£æžã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return ASN_PARSE_E 入力ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å…¬é–‹éµã‚’è§£æžã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€å…¥åЛ公開éµãŒASN.1標準ã«å¾“ã£ã¦é©åˆ‡ã«ãƒ•ォーマットã•れã¦ã„ãªã„å ´åˆã«ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ + \return ASN_OBJECT_ID_E ASN.1オブジェクトIDãŒRSA公開éµã®ã‚‚ã®ã¨ä¸€è‡´ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_EXPECT_0_E 入力キーãŒASN.1標準ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_BITSTR_E 入力キーãŒASN.1標準ã«å¾“ã£ã¦æ­£ã—ãフォーマットã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_RSA_KEY_E RSAキー入力ã®å…¬é–‹éµè¦ç´ ã‚’読ã¿å–ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param input デコードã™ã‚‹å…¥åŠ›DERエンコードã•れãŸRSA公開éµã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inOutIdx キーãŒå§‹ã¾ã‚‹ãƒãƒƒãƒ•ァ内ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆé€šå¸¸ã¯0)。ã“ã®é–¢æ•°ã®å‰¯ä½œç”¨ã¨ã—ã¦ã€inOutIdxã¯å…¥åŠ›ãƒãƒƒãƒ•ァを通ã˜ã¦è§£æžã•れãŸè·é›¢ã‚’æ ¼ç´ã—ã¾ã™ + \param key デコードã•れãŸå…¬é–‹éµã‚’æ ¼ç´ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + _Example_ \code RsaKey pub; word32 idx = 0; int ret = 0; - byte der[] = { // initialize with DER-encoded RSA public key }; + byte der[] = { // DERエンコードã•れãŸRSA公開éµã§åˆæœŸåŒ– }; - wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory + wc_InitRsaKey(&pub, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— ret = wc_RsaPublicKeyDecode(der, &idx, &pub, sizeof(der)); if( ret != 0 ) { - // error parsing public key + // 公開éµã®è§£æžã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_RsaPublicKeyDecodeRaw */ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, @@ -827,28 +1016,34 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ã€å…¬é–‹å¼¾æ€§çŽ‡ï¼ˆnï¼‰ã¨æŒ‡æ•°ï¼ˆe)を撮影ã—ã¦ã€RSA公開éµã®ç”Ÿã®è¦ç´ ã‚’復å·ã—ã¾ã™ã€‚ã“れらã®ç”Ÿã®è¦ç´ ã‚’æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã€æš—å·åŒ–/復å·åŒ–プロセスã§ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 公開éµã®ç”Ÿã®è¦ç´ ã‚’RsaKey構造体ã«å¾©å·ã—ãŸã¨ãã«è¿”ã•れ㟠- \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›å¼•æ•°ãŒNULLã«è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_INIT_E 複数ã®ç²¾å¯†æ•´æ•°ï¼ˆMP_INT)ライブラリã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã®æ•´æ•°ã®åˆæœŸåŒ–中ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return ASN_GETINT_E æä¾›ã•れãŸRSAキーè¦ç´ ã€nã¾ãŸã¯eã®ã„ãšã‚Œã‹ã‚’読むエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ - \param n Public RSAキーã®RAWモジュラスパラメータをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param nSz Nã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param e Public RSAキーã®RAW指数パラメータをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param eSz Eã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€RSA公開éµã®ç”Ÿã®è¦ç´ ã‚’デコードã—ã€å…¬é–‹ãƒ¢ã‚¸ãƒ¥ãƒ©ã‚¹ï¼ˆnï¼‰ã¨æŒ‡æ•°ï¼ˆe)をå—ã‘å–りã¾ã™ã€‚ã“れらã®ç”Ÿã®è¦ç´ ã‚’æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã€æš—å·åŒ–/復å·ãƒ—ロセスã§ãれらを使用ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return 0 公開éµã®ç”Ÿã®è¦ç´ ã‚’RsaKeyæ§‹é€ ä½“ã«æ­£å¸¸ã«ãƒ‡ã‚³ãƒ¼ãƒ‰ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›å¼•æ•°ãŒNULLã¨è©•価ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MP_INIT_E 多精度整数(mp_int)ライブラリã§ä½¿ç”¨ã™ã‚‹ãŸã‚ã«æ•´æ•°ã‚’åˆæœŸåŒ–ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return ASN_GETINT_E æä¾›ã•れãŸRSAキーè¦ç´ ï¼ˆnã¾ãŸã¯e)ã®ã„ãšã‚Œã‹ã‚’読ã¿å–ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + + \param n 公開RSAキーã®ç”Ÿã®ãƒ¢ã‚¸ãƒ¥ãƒ©ã‚¹ãƒ‘ラメータをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param nSz nã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param e 公開RSAキーã®ç”Ÿã®æŒ‡æ•°ãƒ‘ラメータをå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param eSz eã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param key æä¾›ã•れãŸå…¬é–‹éµè¦ç´ ã§åˆæœŸåŒ–ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code RsaKey pub; int ret = 0; - byte n[] = { // initialize with received n component of public key }; - byte e[] = { // initialize with received e component of public key }; + byte n[] = { // å—ä¿¡ã—ãŸå…¬é–‹éµã®næˆåˆ†ã§åˆæœŸåŒ– }; + byte e[] = { // å—ä¿¡ã—ãŸå…¬é–‹éµã®eæˆåˆ†ã§åˆæœŸåŒ– }; - wc_InitRsaKey(&pub, NULL); // not using heap hint. No custom memory + wc_InitRsaKey(&pub, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), &pub); if( ret != 0 ) { - // error parsing public key elements + // 公開éµè¦ç´ ã®è§£æžã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_RsaPublicKeyDecode */ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, @@ -856,29 +1051,34 @@ /*! \ingroup RSA - \brief ã“ã®æ©Ÿèƒ½ã¯RSAKEYキーをDERフォーマットã«å¤‰æ›ã—ã¾ã™ã€‚çµæžœã¯å‡ºåŠ›ã«æ›¸ãè¾¼ã¾ã‚Œã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return >0 æˆåŠŸã€æ›¸ã‹ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯å‡ºåŠ›ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼ - >タイプãŒRSA_PRIVATEã§ãªã„å ´åˆã€ã¾ãŸã¯INLENãŒå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å分ãªå¤§ãã•ã§ãªã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key åˆæœŸåŒ–ã•れãŸRsaKey構造体 - \param output 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€RsaKeyキーをDERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚çµæžœã¯outputã«æ›¸ãè¾¼ã¾ã‚Œã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \return >0 æˆåŠŸã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã€ã¾ãŸã¯key->typeãŒRSA_PRIVATEã§ãªã„å ´åˆã€ã¾ãŸã¯inLenãŒå‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å¯¾ã—ã¦å分ãªå¤§ãã•ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key åˆæœŸåŒ–ã•れãŸRsaKey構造体。 + \param output 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inLen 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code byte* der; - // Allocate memory for der - int derSz = // Amount of memory allocated for der; + // derã«ãƒ¡ãƒ¢ãƒªã‚’割り当㦠+ int derSz = // derã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã®é‡; RsaKey key; WC_RNG rng; - long e = 65537; // standard value to use for exponent - ret = wc_MakeRsaKey(&key, 2048, e, &rng); // generate 2048 bit long - private key + long e = 65537; // 指数ã«ä½¿ç”¨ã™ã‚‹æ¨™æº–値 + ret = wc_MakeRsaKey(&key, 2048, e, &rng); // 2048ビット長ã®ç§˜å¯†éµã‚’ç”Ÿæˆ wc_InitRsaKey(&key, NULL); wc_InitRng(&rng); if(wc_RsaKeyToDer(&key, der, derSz) != 0) { - // Handle the error thrown + // スローã•れãŸã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_RsaKeyToPublicDer \sa wc_InitRsaKey \sa wc_MakeRsaKey @@ -888,24 +1088,28 @@ /*! \ingroup RSA - \brief ã“ã®æ©Ÿèƒ½ã¯ã€ã©ã®ãƒ‘ディングを使用ã™ã‚‹ã‹ã‚’é¸æŠžã—ãªãŒã‚‰RSAæš—å·åŒ–を実行ã—ã¾ã™ã€‚ - \return size æ­£å¸¸ã«æš—å·åŒ–ã•れã¦ã„ã‚‹ã¨ã€æš—å·åŒ–ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ - \return RSA_BUFFER_E RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã™ã‚‹ - \param in æš—å·åŒ–ã®ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out æš—å·åŒ–ã•れãŸMSGãŒä½œæˆã•れã¾ã—㟠- \param outLen æš—å·åŒ–ã•れãŸMSGã‚’ä¿æŒã™ã‚‹ãŸã‚ã«åˆ©ç”¨å¯èƒ½ãªãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param key åˆæœŸåŒ–ãšã¿RsaKey構造体 - \param rng åˆæœŸåŒ–ã•れãŸWC_RNG構造体 - \param type 使用ã™ã‚‹ãƒ‘ディングã®ç¨®é¡žï¼ˆWC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) - \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ç¨®é¡žï¼ˆé¸æŠžã¯hash.hã«ã‚りã¾ã™ï¼‰ - \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½ã®ç¨®é¡ž - \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + + \brief ã“ã®é–¢æ•°ã¯ã€ä½¿ç”¨ã™ã‚‹ãƒ‘ãƒ‡ã‚£ãƒ³ã‚°ã‚’é¸æŠžã§ãるよã†ã«ã—ãªãŒã‚‰ã€RSAæš—å·åŒ–を実行ã—ã¾ã™ã€‚ + \return size æš—å·åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€æš—å·åŒ–ã•れãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ + \return RSA_BUFFER_E RSAãƒãƒƒãƒ•ァエラーã€å‡ºåŠ›ãŒå°ã•ã™ãŽã‚‹ã‹å…¥åŠ›ãŒå¤§ãã™ãŽã¾ã™ + + \param in æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen æš—å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out 作æˆã•ã‚ŒãŸæš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ + \param outLen æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹ãŸã‚ã«åˆ©ç”¨å¯èƒ½ãªãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param key åˆæœŸåŒ–ã•れãŸRSAキー構造体 + \param rng åˆæœŸåŒ–ã•れãŸWC_RNG構造体 + \param type 使用ã™ã‚‹ãƒ‘ディングã®ã‚¿ã‚¤ãƒ—(WC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) + \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ã‚¿ã‚¤ãƒ—ï¼ˆé¸æŠžè‚¢ã¯hash.hã«ã‚りã¾ã™ï¼‰ + \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆé–¢æ•°ã®ã‚¿ã‚¤ãƒ— + \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + \param labelSz 使用ã•れるオプションã®ãƒ©ãƒ™ãƒ«ã®ã‚µã‚¤ã‚º + _Example_ \code WC_RNG rng; RsaKey key; - byte in[] = “I use Turing Machines to ask questions†+ byte in[] = "I use Turing Machines to ask questions" byte out[256]; int ret; … @@ -913,9 +1117,10 @@ ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - //handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_RsaPublicEncrypt \sa wc_RsaPrivateDecrypt_ex */ @@ -925,24 +1130,29 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯RSAを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·åŒ–ã—ã€ã©ã®ãƒ‘ディングタイプã®ã‚ªãƒ—ションを指定ã—ã¾ã™ã€‚ - \return size 復å·åŒ–ãŒæˆåŠŸã™ã‚‹ã¨ã€å¾©å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ - \return MEMORY_E å¿…è¦ãªé…列をMallocã«Mallocã«ã™ã‚‹ã®ã«å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG é–¢æ•°ã«æ¸¡ã•れãŸå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param in 復å·åŒ–ã®ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen 復å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out 復å·åŒ–ã•れãŸMSGãŒä½œæˆã•れã¾ã—㟠- \param outLen 復å·åŒ–ã•れãŸMSGã‚’ä¿æŒã™ã‚‹ãŸã‚ã«åˆ©ç”¨å¯èƒ½ãªãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param key åˆæœŸåŒ–ãšã¿RsaKey構造体 - \param type 使用ã™ã‚‹ãƒ‘ディングã®ç¨®é¡žï¼ˆWC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) - \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ç¨®é¡žï¼ˆé¸æŠžã¯hash.hã«ã‚りã¾ã™ï¼‰ - \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½ã®ç¨®é¡ž - \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + + \brief ã“ã®é–¢æ•°ã¯ã€RSAを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã—ã€ã©ã®ãƒ‘ディングタイプを使用ã™ã‚‹ã‹ã®ã‚ªãƒ—ションをæä¾›ã—ã¾ã™ã€‚ + + \return size 復å·ã«æˆåŠŸã—ãŸå ´åˆã€å¾©å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ + \return MEMORY_E å¿…è¦ãªé…列をmallocã™ã‚‹ã®ã«å分ãªãƒ¡ãƒ¢ãƒªãŒã‚·ã‚¹ãƒ†ãƒ ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ã«ä¸æ­£ãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param in 復å·ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen 復å·ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out 作æˆã•れãŸå¾©å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ + \param outLen 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’ä¿æŒã™ã‚‹ãŸã‚ã«åˆ©ç”¨å¯èƒ½ãªãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param key åˆæœŸåŒ–ã•れãŸRSAキー構造体 + \param type 使用ã™ã‚‹ãƒ‘ディングã®ã‚¿ã‚¤ãƒ—(WC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) + \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ã‚¿ã‚¤ãƒ—ï¼ˆé¸æŠžè‚¢ã¯hash.hã«ã‚りã¾ã™ï¼‰ + \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆé–¢æ•°ã®ã‚¿ã‚¤ãƒ— + \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + \param labelSz 使用ã•れるオプションã®ãƒ©ãƒ™ãƒ«ã®ã‚µã‚¤ã‚º + _Example_ \code WC_RNG rng; RsaKey key; - byte in[] = “I use Turing Machines to ask questions†+ byte in[] = "I use Turing Machines to ask questions" byte out[256]; byte plain[256]; int ret; @@ -950,17 +1160,18 @@ ret = wc_RsaPublicEncrypt_ex(in, sizeof(in), out, sizeof(out), &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - //handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } … ret = wc_RsaPrivateDecrypt_ex(out, ret, plain, sizeof(plain), &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - //handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode - \sa none + + \sa ãªã— */ int wc_RsaPrivateDecrypt_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int type, @@ -968,25 +1179,30 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯RSAを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’インラインã§å¾©å·åŒ–ã—ã€ã©ã®ãƒ‘ディングタイプã®ã‚ªãƒ—ションを示ã—ã¾ã™ã€‚INãƒãƒƒãƒ•ã‚¡ã«ã¯ã€å‘¼ã³å‡ºã•れãŸå¾Œã«å¾©å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒå«ã¾ã‚Œã€ã‚¢ã‚¦ãƒˆãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã¯ãƒ—レーンテキストãŒã‚る「INã€ãƒãƒƒãƒ•ァ内ã®å ´æ‰€ã‚’指ã—ã¾ã™ã€‚ - \return size 復å·åŒ–ãŒæˆåŠŸã™ã‚‹ã¨ã€å¾©å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ - \return MEMORY_E: å¿…è¦ãªé…列をMallocã«Mallocã«ã™ã‚‹ã®ã«å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return RSA_PAD_E: パディングã®ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_PADDING_E: éŽåŽ»ã®ãƒ‘ディングã®è§£æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG: é–¢æ•°ã«æ¸¡ã•れãŸå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param in 復å·åŒ–ã®ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inLen 復å·åŒ–ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• - \param out "in"ãƒãƒƒãƒ•ã‚¡ã®å¾©å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ä½ç½®ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key åˆæœŸåŒ–ãšã¿RsaKey構造体 - \param type 使用ã™ã‚‹ãƒ‘ディングã®ç¨®é¡žï¼ˆWC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) - \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ç¨®é¡žï¼ˆé¸æŠžã¯hash.hã«ã‚りã¾ã™ï¼‰ - \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆæ©Ÿèƒ½ã®ç¨®é¡ž - \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + + \brief ã“ã®é–¢æ•°ã¯ã€RSAを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’インラインã§å¾©å·ã—ã€ã©ã®ãƒ‘ディングタイプを使用ã™ã‚‹ã‹ã®ã‚ªãƒ—ションをæä¾›ã—ã¾ã™ã€‚inãƒãƒƒãƒ•ã‚¡ã¯å‘¼ã³å‡ºã—後ã«å¾©å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’å«ã¿ã€outãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã¯å¹³æ–‡ãŒã‚る「inã€ãƒãƒƒãƒ•ァ内ã®å ´æ‰€ã‚’指ã—ã¾ã™ã€‚ + + \return size 復å·ã«æˆåŠŸã—ãŸå ´åˆã€å¾©å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ + \return MEMORY_E: å¿…è¦ãªé…列をmallocã™ã‚‹ã®ã«å分ãªãƒ¡ãƒ¢ãƒªãŒã‚·ã‚¹ãƒ†ãƒ ã«ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_PAD_E: パディングã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_PADDING_E: パディングを解æžä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG: 関数ã«ä¸æ­£ãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param in 復å·ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inLen 復å·ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã®é•·ã• + \param out 「inã€ãƒãƒƒãƒ•ァ内ã®å¾©å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å ´æ‰€ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key åˆæœŸåŒ–ã•れãŸRSAキー構造体 + \param type 使用ã™ã‚‹ãƒ‘ディングã®ã‚¿ã‚¤ãƒ—(WC_RSA_OAEP_PADã¾ãŸã¯WC_RSA_PKCSV15_PAD) + \param hash 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã®ã‚¿ã‚¤ãƒ—ï¼ˆé¸æŠžè‚¢ã¯hash.hã«ã‚りã¾ã™ï¼‰ + \param mgf 使用ã™ã‚‹ãƒžã‚¹ã‚¯ç”Ÿæˆé–¢æ•°ã®ã‚¿ã‚¤ãƒ— + \param label æš—å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«é–¢é€£ä»˜ã‘るオプションã®ãƒ©ãƒ™ãƒ« + \param labelSz 使用ã•れるオプションã®ãƒ©ãƒ™ãƒ«ã®ã‚µã‚¤ã‚º + _Example_ \code WC_RNG rng; RsaKey key; - byte in[] = “I use Turing Machines to ask questions†+ byte in[] = "I use Turing Machines to ask questions" byte out[256]; byte* plain; int ret; @@ -995,17 +1211,18 @@ &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - //handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } … ret = wc_RsaPrivateDecryptInline_ex(out, ret, &plain, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); if (ret < 0) { - //handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode - \sa none + + \sa ãªã— */ int wc_RsaPrivateDecryptInline_ex(byte* in, word32 inLen, byte** out, RsaKey* key, int type, enum wc_HashType hash, @@ -1013,20 +1230,25 @@ /*! \ingroup RSA - \brief RSAアルゴリズムã«ä½¿ç”¨ã•れるRsaKey構造体ã®å€‹ã€…ã®è¦ç´ ï¼ˆEã€N)をãƒãƒƒãƒ•ã‚¡ã«å–り出ã—ã¾ã™ã€‚ - \return 0 é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã¯ã€ã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG: ã„ãšã‚Œã‹ã®ãƒ‘ラメータãŒNULLå€¤ã§æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return RSA_BUFFER_E: 渡ã•れãŸeã¾ãŸã¯nãƒãƒƒãƒ•ã‚¡ãŒæ­£ã—ã„サイズã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_MEM: 内部関数ã«ãƒ¡ãƒ¢ãƒªã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MP_VAL: 内部関数引数ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key 検証ã«ä½¿ç”¨ã™ã‚‹éµã€‚ - \param e eã®å€¤ã®ãƒãƒƒãƒ•ァー。eã¯RSAモジュラ演算ã§ã®å¤§ããªæ­£ã®æ•´æ•°ã§ã™ã€‚ - \param eSz eãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ - \param n nã®å€¤ã®ãƒãƒƒãƒ•ァー。Nã¯RSAモジュラー演算ã§ã¯å¤§ããªæ­£ã®æ•´æ•°ã§ã™ã€‚ + + \brief RsaKey構造体をRSAアルゴリズムã«ä½¿ç”¨ã•れる個々ã®è¦ç´ ï¼ˆeã€n)ã«å±•é–‹ã—ã¾ã™ã€‚ + + \return 0 関数ãŒã‚¨ãƒ©ãƒ¼ãªã正常ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG: ã„ãšã‚Œã‹ã®ãƒ‘ラメータãŒnullå€¤ã§æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return RSA_BUFFER_E: 渡ã•れãŸeã¾ãŸã¯nãƒãƒƒãƒ•ã‚¡ãŒæ­£ã—ã„サイズã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_MEM: 内部関数ã«ãƒ¡ãƒ¢ãƒªã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MP_VAL: 内部関数ã®å¼•æ•°ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key 検証ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã€‚ + \param e eã®å€¤ã®ãƒãƒƒãƒ•ァ。eã¯RSAモジュラー演算ã«ãŠã‘る大ããªæ­£ã®æ•´æ•°ã§ã™ã€‚ + \param eSz eãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param n nã®å€¤ã®ãƒãƒƒãƒ•ァ。nã¯RSAモジュラー演算ã«ãŠã‘る大ããªæ­£ã®æ•´æ•°ã§ã™ã€‚ + \param nSz nãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code - Rsa key; // A valid RSA key. - byte e[ buffer sz E.g. 256 ]; + Rsa key; // 有効ãªRSAキー。 + byte e[ ãƒãƒƒãƒ•ァサイズ 例:256 ]; byte n[256]; int ret; word32 eSz = sizeof(e); @@ -1034,38 +1256,45 @@ ... ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz); if (ret != 0) { - // Failure case. + // 失敗ケース。 } \endcode + \sa wc_InitRsaKey \sa wc_InitRsaKey_ex \sa wc_MakeRsaKey */ -int wc_RsaFlattenPublicKey(RsaKey* key, byte* e, word32* eSz, byte* n, +int wc_RsaFlattenPublicKey(const RsaKey* key, byte* e, word32* eSz, byte* n, word32* nSz); /*! \ingroup RSA - \brief RSA公開éµã‚’DERフォーマットã«å¤‰æ›ã—ã¾ã™ã€‚å‡ºåŠ›ã«æ›¸ãè¾¼ã¿ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return >0 æˆåŠŸã€æ›¸ã‹ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯å‡ºåŠ›ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E エラー割り当ã¦ãƒ¡ãƒ¢ãƒªãŒç™ºç”Ÿã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param key 変æ›ã™ã‚‹RsaKey構造体。 - \param output ä¿ç•™ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ァー。(NULLãŒé•·ã•ã®ã¿ã‚’è¿”ã™å ´åˆï¼‰ + + \brief RSA公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚outputã«æ›¸ãè¾¼ã¿ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \return >0 æˆåŠŸã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param key 変æ›ã™ã‚‹RSAキー構造体。 + \param output DERã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ァ。(NULLã®å ´åˆã¯é•·ã•ã®ã¿ã‚’è¿”ã—ã¾ã™ï¼‰ + \param inLen ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code RsaKey key; wc_InitRsaKey(&key, NULL); - // Use key + // キーを使用 - const int BUFFER_SIZE = 1024; // Some adequate size for the buffer + const int BUFFER_SIZE = 1024; // ãƒãƒƒãƒ•ã‚¡ã«é©åˆ‡ãªã‚µã‚¤ã‚º byte output[BUFFER_SIZE]; if (wc_RsaKeyToPublicDer(&key, output, sizeof(output)) != 0) { - // Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_RsaPublicKeyDerSize \sa wc_RsaKeyToPublicDer_ex \sa wc_InitRsaKey @@ -1074,26 +1303,32 @@ /*! \ingroup RSA - \brief RSA公開éµã‚’DERフォーマットã«å¤‰æ›ã—ã¾ã™ã€‚å‡ºåŠ›ã«æ›¸ãè¾¼ã¿ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚with_headerãŒ0ã®å ´åˆï¼ˆseq + n + e)ã ã‘ãŒASN.1 Derフォーマットã§è¿”ã•れã€ãƒ˜ãƒƒãƒ€ãƒ¼ã‚’除外ã—ã¾ã™ã€‚ - \return >0 æˆåŠŸã€æ›¸ã‹ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ - \return BAD_FUNC_ARG キーã¾ãŸã¯å‡ºåŠ›ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E エラー割り当ã¦ãƒ¡ãƒ¢ãƒªãŒç™ºç”Ÿã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param key 変æ›ã™ã‚‹RsaKey構造体。 - \param output ä¿ç•™ã•れãŸå‡ºåŠ›ãƒãƒƒãƒ•ァー。(NULLãŒé•·ã•ã®ã¿ã‚’è¿”ã™å ´åˆï¼‰ + + \brief RSA公開éµã‚’DERå½¢å¼ã«å¤‰æ›ã—ã¾ã™ã€‚outputã«æ›¸ãè¾¼ã¿ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚with_headerãŒ0ã®å ´åˆã€ï¼ˆseq + n + e)ã®ã¿ãŒASN.1 DERå½¢å¼ã§è¿”ã•れã€ãƒ˜ãƒƒãƒ€ãƒ¼ã¯é™¤å¤–ã•れã¾ã™ã€‚ + + \return >0 æˆåŠŸã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return BAD_FUNC_ARG keyã¾ãŸã¯outputãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param key 変æ›ã™ã‚‹RSAキー構造体。 + \param output DERã‚’ä¿æŒã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ァ。(NULLã®å ´åˆã¯é•·ã•ã®ã¿ã‚’è¿”ã—ã¾ã™ï¼‰ + \param inLen ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + _Example_ \code RsaKey key; wc_InitRsaKey(&key, NULL); - // Use key + // キーを使用 - const int BUFFER_SIZE = 1024; // Some adequate size for the buffer + const int BUFFER_SIZE = 1024; // ãƒãƒƒãƒ•ã‚¡ã«é©åˆ‡ãªã‚µã‚¤ã‚º byte output[BUFFER_SIZE]; if (wc_RsaKeyToPublicDer_ex(&key, output, sizeof(output), 0) != 0) { - // Handle Error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_RsaPublicKeyDerSize \sa wc_RsaKeyToPublicDer \sa wc_InitRsaKey @@ -1103,50 +1338,61 @@ /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ã€é•·ã•サイズ(ビットå˜ä½ï¼‰ã®RSA秘密éµã‚’生æˆã—ã€æŒ‡æ•°ï¼ˆe)を指定ã—ã¾ã™ã€‚次ã«ã€ã“ã®ã‚­ãƒ¼ã‚’æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã™ã‚‹ãŸã‚ã€æš—å·åŒ–/復å·åŒ–ã«ä½¿ç”¨ã§ãã¾ã™ã€‚Eã«ä½¿ç”¨ã™ã‚‹ã‚»ã‚­ãƒ¥ã‚¢ç•ªå·ã¯65537ã§ã™ã€‚サイズã¯ã€RSA_MIN_SIZEよりも大ããã€RSA_MAX_SIZEよりも大ãããªã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ãŒåˆ©ç”¨å¯èƒ½ã§ã‚ã‚‹ãŸã‚ã€ã‚³ãƒ³ãƒ‘イル時ã«ã‚ªãƒ—ションwolfssl_key_genを有効ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れã¯ã€ - を使用ã—ã¦ãã ã•ã„./configureを使用ã™ã‚‹å ´åˆã¯ã€-enable-keygenã§å®Ÿç¾ã§ãã¾ã™ã€‚ - \return 0 RSA秘密éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã—㟠- \return BAD_FUNC_ARG 入力引数ã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã€ã‚µã‚¤ã‚ºãƒ‘ラメータã¯å¿…è¦ãªç¯„囲外ã«ã‚ã‚‹ã‹ã€eãŒèª¤ã£ã¦é¸æŠžã•れã¦ã„ã‚‹å ´åˆ - \return RNG_FAILURE_E æä¾›ã•れãŸRNG構造体を使用ã—ã¦ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ + + \brief ã“ã®é–¢æ•°ã¯ã€é•·ã•size(ビットå˜ä½ï¼‰ã¨æŒ‡å®šã•ã‚ŒãŸæŒ‡æ•°ï¼ˆe)ã®RSA秘密éµã‚’生æˆã—ã¾ã™ã€‚ãã®å¾Œã€ã“ã®ã‚­ãƒ¼ã‚’æä¾›ã•れãŸRsaKeyæ§‹é€ ä½“ã«æ ¼ç´ã—ã€æš—å·åŒ–/復å·ã«ä½¿ç”¨ã§ãるよã†ã«ã—ã¾ã™ã€‚eã«ä½¿ç”¨ã™ã‚‹å®‰å…¨ãªæ•°å€¤ã¯65537ã§ã™ã€‚sizeã¯RSA_MIN_SIZE以上ã‹ã¤RSA_MAX_SIZE以下ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã«ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«ã‚ªãƒ—ションWOLFSSL_KEY_GENを有効ã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚./configureを使用ã™ã‚‹å ´åˆã¯ã€--enable-keygenã§å®Ÿç¾ã§ãã¾ã™ã€‚ + + \return 0 RSA秘密éµã®ç”Ÿæˆã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å…¥åŠ›å¼•æ•°ãŒNULLã®å ´åˆã€sizeパラメータãŒå¿…è¦ãªå¢ƒç•Œå¤–ã«ã‚ã‚‹å ´åˆã€ã¾ãŸã¯eãŒèª¤ã£ã¦é¸æŠžã•れãŸå ´åˆã«è¿”ã•れã¾ã™ + \return RNG_FAILURE_E æä¾›ã•れãŸRNG構造体を使用ã—ã¦ãƒ©ãƒ³ãƒ€ãƒ ãƒ–ロックを生æˆã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ \return MP_INIT_E - \return MP_READ_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•ã‚ŒãŸæ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れãŸRSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•ã‚ŒãŸæ•°å­¦ãƒ©ã‚¤ãƒ–ラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_CMP_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_INVMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_EXPTMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MUL_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ADD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MULMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_TO_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_MEM RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return MP_ZERO_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れã¦ã„る数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param key 生æˆã•れãŸç§˜å¯†éµã‚’ä¿å­˜ã™ã‚‹RSAKEY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param size ビットå˜ä½ã®å¸Œæœ›ã®ã‚­ãƒ¼é•·ã€‚rsa_min_sizeより大ããã€rsa_max_sizeよりも大ãããªã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param e キーを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹æŒ‡æ•°ãƒ‘ラメータ。安全ãªé¸æŠžã¯65537ã§ã™ + \return MP_READ_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_CMP_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_INVMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_EXPTMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MUL_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ADD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MULMOD_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_TO_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_MEM RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + \return MP_ZERO_E RSAキーã®ç”Ÿæˆä¸­ã«ä½¿ç”¨ã•れる数学ライブラリã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ + + \param key 生æˆã•れãŸç§˜å¯†éµã‚’æ ¼ç´ã™ã‚‹RsaKey構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param size 希望ã™ã‚‹ã‚­ãƒ¼ã®é•·ã•(ビットå˜ä½ï¼‰ã€‚RSA_MIN_SIZEより大ããRSA_MAX_SIZEよりå°ã•ã„å¿…è¦ãŒã‚りã¾ã™ + \param e キーを生æˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹æŒ‡æ•°ãƒ‘ラメータ。安全ãªé¸æŠžè‚¢ã¯65537ã§ã™ + \param rng キーを作æˆã™ã‚‹éš›ã®ä¹±æ•°ç”Ÿæˆã«ä½¿ç”¨ã™ã‚‹RNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code RsaKey priv; WC_RNG rng; int ret = 0; - long e = 65537; // standard value to use for exponent + long e = 65537; // 指数ã«ä½¿ç”¨ã™ã‚‹æ¨™æº–値 - wc_InitRsaKey(&priv, NULL); // not using heap hint. No custom memory + wc_InitRsaKey(&priv, NULL); // ヒープヒントを使用ã—ãªã„。カスタムメモリãªã— wc_InitRng(&rng); - // generate 2048 bit long private key + // 2048ビット長ã®ç§˜å¯†éµã‚’ç”Ÿæˆ ret = wc_MakeRsaKey(&priv, 2048, e, &rng); if( ret != 0 ) { - // error generating private key + // 秘密éµã®ç”Ÿæˆã‚¨ãƒ©ãƒ¼ } \endcode - \sa none + + \sa ãªã— */ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ–ロックã•れã¦ã„ãªã„RSAコンテキストを設定ã—ã¾ã™ã€‚RSANBコンテキストãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€RSA関数を多ãã®å°ã•ãªæ“作ã«åˆ†å‰²ã™ã‚‹é«˜é€Ÿæ•°å­¦ãƒ™ãƒ¼ã‚¹ã®éžãƒ–ロッキングEXPTMODãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚wc_rsa_nonblockãŒå®šç¾©ã•れã¦ã„ã‚‹ã¨ãã«æœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG キーã¾ãŸã¯NBãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key RSAキー構造 + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒŽãƒ³ãƒ–ロッキングRSAコンテキストを設定ã—ã¾ã™ã€‚RsaNbコンテキストãŒè¨­å®šã•れるã¨ã€RSA関数を多ãã®å°ã•ãªæ“作ã«åˆ†å‰²ã™ã‚‹ã€é«˜é€Ÿæ•°å­¦ãƒ™ãƒ¼ã‚¹ã®ãƒŽãƒ³ãƒ–ロッキングexptmodãŒæœ‰åйã«ãªã‚Šã¾ã™ã€‚WC_RSA_NONBLOCKãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«æœ‰åйã«ãªã‚Šã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG keyã¾ãŸã¯nbãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key RSAキー構造体 + \param nb ã“ã®RSAキーãŒä½¿ç”¨ã™ã‚‹RSAノンブロッキング構造体。 + _Example_ \code int ret, count = 0; @@ -1155,35 +1401,41 @@ wc_InitRsaKey(&key, NULL); - // Enable non-blocking RSA mode - provide context + // ノンブロッキングRSAモードを有効化 - コンテキストをæä¾› ret = wc_RsaSetNonBlock(key, &nb); if (ret != 0) return ret; do { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng); - count++; // track number of would blocks + count++; // ブロック回数を追跡 if (ret == FP_WOULDBLOCK) { - // do "other" work here + // ã“ã“ã§ã€Œãã®ä»–ã®ã€ä½œæ¥­ã‚’実行 } } while (ret == FP_WOULDBLOCK); if (ret < 0) { return ret; } - printf("RSA non-block sign: size %d, %d times\n", ret, count); + printf("RSAノンブロック署å: サイズ %dã€%d回\n", ret, count); \endcode + \sa wc_RsaSetNonBlockTime */ int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb); /*! \ingroup RSA - \brief ã“ã®é–¢æ•°ã¯æœ€å¤§ãƒ–ãƒ­ãƒƒã‚¯æ™‚é–“ã®æœ€å¤§ãƒ–ロック時間をマイクロ秒å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ãれã¯ã€ãƒ¡ã‚¬ãƒ˜ãƒ«ãƒ„ã®CPU速度ã¨å…±ã«äº‹å‰è¨ˆç®—ã•れãŸãƒ†ãƒ¼ãƒ–ル(TFM.cexptModnbinstã‚’å‚照)を使用ã—ã¦ã€æä¾›ã•ã‚ŒãŸæœ€å¤§ãƒ–ãƒ­ãƒƒã‚¯æ™‚é–“å†…ã«æ¬¡ã®å‹•作を完了ã§ãã‚‹ã‹ã©ã†ã‹ã‚’判断ã—ã¾ã™ã€‚wc_rsa_nonblock_timeãŒå®šç¾©ã•れã¦ã„ã‚‹ã¨ãã«æœ‰åйã«ãªã‚Šã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG キーãŒNULLã®å ´åˆã€ã¾ãŸã¯WC_RSASETNONBLOCKãŒä»¥å‰ã«å‘¼ã³å‡ºã•れã€ã‚­ãƒ¼ - > NBã¯NULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key RsaKey構造体 - \param maxBlockUs マイクロ秒をブロックã™ã‚‹æœ€å¤§æ™‚間。 + + \brief ã“ã®é–¢æ•°ã¯ã€æœ€å¤§ãƒ–ロッキング時間をマイクロ秒å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚CPU速度(メガヘルツå˜ä½ï¼‰ã¨ã¨ã‚‚ã«äº‹å‰è¨ˆç®—ã•れãŸãƒ†ãƒ¼ãƒ–ル(tfm.c exptModNbInstã‚’å‚照)を使用ã—ã¦ã€æ¬¡ã®æ“ä½œãŒæä¾›ã•ã‚ŒãŸæœ€å¤§ãƒ–ロッキング時間内ã«å®Œäº†ã§ãã‚‹ã‹ã©ã†ã‹ã‚’判断ã—ã¾ã™ã€‚WC_RSA_NONBLOCK_TIMEãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«æœ‰åйã«ãªã‚Šã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG keyãŒnullã®å ´åˆã€ã¾ãŸã¯wc_RsaSetNonBlockãŒäº‹å‰ã«å‘¼ã³å‡ºã•れã¦ãŠã‚‰ãškey->nbãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key RSAキー構造体。 + \param maxBlockUs 最大ブロック時間(マイクロ秒)。 + \param cpuMHz CPU速度(メガヘルツå˜ä½ï¼‰ã€‚ + _Example_ \code RsaKey key; @@ -1191,9 +1443,10 @@ wc_InitRsaKey(&key, NULL); wc_RsaSetNonBlock(key, &nb); - wc_RsaSetNonBlockTime(&key, 4000, 160); // Block Max = 4 ms, CPU = 160MHz + wc_RsaSetNonBlockTime(&key, 4000, 160); // Block Max = 4 msã€CPU = 160MHz \endcode + \sa wc_RsaSetNonBlock */ int wc_RsaSetNonBlockTime(RsaKey* key, word32 maxBlockUs, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sakke.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sakke.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sakke.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sakke.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,114 +1,142 @@ /*! + \ingroup SAKKE_Setup */ int wc_InitSakkeKey(SakkeKey* key, void* heap, int devId); /*! + \ingroup SAKKE_Setup */ int wc_InitSakkeKey_ex(SakkeKey* key, int keySize, int curveId, void* heap, int devId); /*! + \ingroup SAKKE_Setup */ void wc_FreeSakkeKey(SakkeKey* key); /*! + \ingroup SAKKE_Setup */ int wc_MakeSakkeKey(SakkeKey* key, WC_RNG* rng); /*! + \ingroup SAKKE_Setup */ int wc_MakeSakkePublicKey(SakkeKey* key, ecc_point* pub); /*! + \ingroup SAKKE_RSK */ int wc_MakeSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, ecc_point* rsk); /*! + \ingroup SAKKE_RSK */ int wc_ValidateSakkeRsk(SakkeKey* key, const byte* id, word16 idSz, ecc_point* rsk, int* valid); /*! + \ingroup SAKKE_RSK */ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk, byte* table, word32* len); /*! + \ingroup SAKKE_Setup */ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz); /*! + \ingroup SAKKE_Setup */ int wc_ImportSakkeKey(SakkeKey* key, const byte* data, word32 sz); /*! + \ingroup SAKKE_Setup */ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz); /*! + \ingroup SAKKE_Setup */ int wc_ImportSakkePrivateKey(SakkeKey* key, const byte* data, word32 sz); /*! + \ingroup SAKKE_RSK */ int wc_EncodeSakkeRsk(const SakkeKey* key, ecc_point* rsk, byte* out, word32* sz, int raw); /*! + \ingroup SAKKE_RSK */ int wc_DecodeSakkeRsk(const SakkeKey* key, const byte* data, word32 sz, ecc_point* rsk); /*! + \ingroup SAKKE_RSK */ int wc_ImportSakkeRsk(SakkeKey* key, const byte* data, word32 sz); /*! + \ingroup SAKKE_Setup */ int wc_ExportSakkePublicKey(SakkeKey* key, byte* data, word32* sz, int raw); /*! + \ingroup SAKKE_Setup */ int wc_ImportSakkePublicKey(SakkeKey* key, const byte* data, word32 sz, int trusted); /*! + \ingroup SAKKE_Operations */ int wc_GetSakkeAuthSize(SakkeKey* key, word16* authSz); /*! + \ingroup SAKKE_Setup */ int wc_SetSakkeIdentity(SakkeKey* key, const byte* id, word16 idSz); /*! + \ingroup SAKKE_Operations */ int wc_MakeSakkePointI(SakkeKey* key, const byte* id, word16 idSz); /*! + \ingroup SAKKE_Operations */ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz); /*! + \ingroup SAKKE_Operations */ int wc_SetSakkePointI(SakkeKey* key, const byte* id, word16 idSz, const byte* data, word32 sz); /*! + \ingroup SAKKE_Operations */ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len); /*! + \ingroup SAKKE_Operations */ int wc_SetSakkePointITable(SakkeKey* key, byte* table, word32 len); /*! + \ingroup SAKKE_Operations */ int wc_ClearSakkePointITable(SakkeKey* key); /*! + \ingroup SAKKE_Operations */ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType, byte* ssv, word16 ssvSz, byte* auth, word16* authSz); /*! + \ingroup SAKKE_Operations */ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz); /*! + \ingroup SAKKE_RSK */ int wc_SetSakkeRsk(SakkeKey* key, const ecc_point* rsk, byte* table, word32 len); /*! + \ingroup SAKKE_Operations */ int wc_DeriveSakkeSSV(SakkeKey* key, enum wc_HashType hashType, byte* ssv, word16 ssvSz, const byte* auth, word16 authSz); - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup SHA - \brief ã“ã®é–¢æ•°ã¯SHAã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯è‡ªå‹•çš„ã«WC_Shahashã«ã‚ˆã£ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯SHAã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_ShaHashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Sha sha[1]; @@ -13,22 +18,28 @@ wc_ShaFinal(sha, hash); } \endcode + \sa wc_ShaHash \sa wc_ShaUpdate \sa wc_ShaFinal */ -int wc_InitSha(wc_Sha*); +int wc_InitSha(wc_Sha* sha); /*! \ingroup SHA - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code Sha sha[1]; - byte data[] = { // Data to be hashed }; + byte data[] = { // ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha(sha)) != 0) { @@ -39,6 +50,7 @@ wc_ShaFinal(sha, hash); } \endcode + \sa wc_ShaHash \sa wc_ShaFinal \sa wc_InitSha @@ -47,13 +59,19 @@ /*! \ingroup SHA - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚SHA構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚ + sha構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha sha[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha(sha)) != 0) { @@ -64,6 +82,7 @@ wc_ShaFinal(sha, hash); } \endcode + \sa wc_ShaHash \sa wc_InitSha \sa wc_ShaGetHash @@ -72,26 +91,37 @@ /*! \ingroup SHA - \brief åˆæœŸåŒ–ã•れãŸSHA構造体ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるメモリをクリーンアップã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚注:ã“れã¯ã€wolfssl_ti_hashãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ - \return No 戻り値。 + + \brief åˆæœŸåŒ–ã•れãŸSha構造体ã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるメモリをクリーンアップã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 戻り値ãªã—。 + + \param sha 解放ã™ã‚‹Sha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code Sha sha; wc_InitSha(&sha); - // Use sha + // shaを使用 wc_ShaFree(&sha); \endcode + \sa wc_InitSha \sa wc_ShaUpdate \sa wc_ShaFinal */ -void wc_ShaFree(wc_Sha*); +void wc_ShaFree(wc_Sha* sha); /*! \ingroup SHA - \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚SHA構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha構造体ã®çŠ¶æ…‹ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã›ã‚“。 + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha sha[1]; @@ -103,6 +133,7 @@ wc_ShaGetHash(sha, hash); } \endcode + \sa wc_ShaHash \sa wc_ShaFinal \sa wc_InitSha diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha256.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha256.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha256.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha256.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup SHA - \brief ã“ã®é–¢æ•°ã¯SHA256ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_SHA256HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯SHA256ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha256Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha256構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Sha256 sha256[1]; @@ -13,22 +18,28 @@ wc_Sha256Final(sha256, hash); } \endcode + \sa wc_Sha256Hash \sa wc_Sha256Update \sa wc_Sha256Final */ -int wc_InitSha256(wc_Sha256*); +int wc_InitSha256(wc_Sha256* sha); /*! \ingroup SHA - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA256構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha256構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code Sha256 sha256[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha256(sha256)) != 0) { @@ -39,6 +50,7 @@ wc_Sha256Final(sha256, hash); } \endcode + \sa wc_Sha256Hash \sa wc_Sha256Final \sa wc_InitSha256 @@ -47,13 +59,18 @@ /*! \ingroup SHA - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚SHA256構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA256構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha256構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha256構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha256 sha256[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha256(sha256)) != 0) { @@ -64,6 +81,7 @@ wc_Sha256Final(sha256, hash); } \endcode + \sa wc_Sha256Hash \sa wc_Sha256GetHash \sa wc_InitSha256 @@ -72,12 +90,17 @@ /*! \ingroup SHA - \brief SHA256構造をリセットã—ã¾ã™ã€‚注:ã“れã¯ã€wolfssl_ti_hashãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief Sha256構造体をリセットã—ã¾ã™ã€‚注æ„: ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param sha256 解放ã™ã‚‹sha256構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code Sha256 sha256; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha256(&sha256)) != 0) { @@ -89,17 +112,23 @@ wc_Sha256Free(&sha256); } \endcode + \sa wc_InitSha256 \sa wc_Sha256Update \sa wc_Sha256Final */ -void wc_Sha256Free(wc_Sha256*); +void wc_Sha256Free(wc_Sha256* sha256); /*! \ingroup SHA - \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚SHA256構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA256構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha256構造体ã®çŠ¶æ…‹ã¯ãƒªã‚»ãƒƒãƒˆã•れã¾ã›ã‚“。 + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha256 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha256構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha256 sha256[1]; @@ -111,6 +140,7 @@ wc_Sha256GetHash(sha256, hash); } \endcode + \sa wc_Sha256Hash \sa wc_Sha256Final \sa wc_InitSha256 @@ -119,35 +149,46 @@ /*! \ingroup SHA - \brief SHA224æ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return 1 SHA224ãŒNULLãªã®ã§ã€ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã—ãŸã€‚ + + \brief Sha224æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return 1 sha224ãŒnullã®ãŸã‚ã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ + + \param sha224 åˆæœŸåŒ–ã™ã‚‹Sha224構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code Sha224 sha224; if(wc_InitSha224(&sha224) != 0) { - // Handle error + // ã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } \endcode + \sa wc_Sha224Hash \sa wc_Sha224Update \sa wc_Sha224Final */ -int wc_InitSha224(wc_Sha224*); +int wc_InitSha224(wc_Sha224* sha224); /*! \ingroup SHA - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return 1 関数ãŒå¤±æ•—ã—ãŸå ´åˆã¯ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG SHA224ã¾ãŸã¯ãƒ‡ãƒ¼ã‚¿ãŒNULLã®å ´åˆã€ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param sha224 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA224構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã€‚ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return 1 関数ãŒå¤±æ•—ã—ãŸå ´åˆã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG sha224ã¾ãŸã¯dataãŒnullã®å ´åˆã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ + + \param sha224 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹Sha224構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ。 + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã•。 + _Example_ \code Sha224 sha224; - byte data[] = { /* Data to be hashed }; + byte data[] = { /* ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha224(&sha224)) != 0) { @@ -158,6 +199,7 @@ wc_Sha224Final(&sha224, hash); } \endcode + \sa wc_InitSha224 \sa wc_Sha224Final \sa wc_Sha224Hash @@ -166,14 +208,19 @@ /*! \ingroup SHA - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚SHA224構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return <0 エラー - \param sha224 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA224構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha224構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return <0 エラー + + \param sha224 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha224構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha224 sha224; - byte data[] = { /* Data to be hashed }; + byte data[] = { /* ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha224(&sha224)) != 0) { @@ -184,6 +231,7 @@ wc_Sha224Final(&sha224, hash); } \endcode + \sa wc_InitSha224 \sa wc_Sha224Hash \sa wc_Sha224Update diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha3.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1213 @@ +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHA3-224ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha3_224Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(sha3, data, len); + wc_Sha3_224_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_224Hash + \sa wc_Sha3_224_Update + \sa wc_Sha3_224_Final +*/ +int wc_InitSha3_224(wc_Sha3* sha3, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(sha3, data, len); + wc_Sha3_224_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_224Hash + \sa wc_Sha3_224_Final + \sa wc_InitSha3_224 +*/ +int wc_Sha3_224_Update(wc_Sha3* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(sha3, data, len); + wc_Sha3_224_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_224Hash + \sa wc_Sha3_224_GetHash + \sa wc_InitSha3_224 +*/ +int wc_Sha3_224_Final(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief wc_Sha3構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param sha3 解放ã•れるsha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Sha3 sha3; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_224(&sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(&sha3, data, len); + wc_Sha3_224_Final(&sha3, hash); + wc_Sha3_224_Free(&sha3); + } + \endcode + + \sa wc_InitSha3_224 + \sa wc_Sha3_224_Update + \sa wc_Sha3_224_Final +*/ +void wc_Sha3_224_Free(wc_Sha3* sha3); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(sha3, data, len); + wc_Sha3_224_GetHash(sha3, hash); + } + \endcode + + \sa wc_Sha3_224Hash + \sa wc_Sha3_224_Final + \sa wc_InitSha3_224 + \sa wc_Sha3_224_Copy +*/ +int wc_Sha3_224_GetHash(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 コピーã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + wc_Sha3 sha3_dup[1]; + if ((ret = wc_InitSha3_224(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_224 failed"); + } + else { + wc_Sha3_224_Update(sha3, data, len); + wc_Sha3_224_Copy(sha3, sha3_dup); + } + \endcode + + \sa wc_Sha3_224Hash + \sa wc_Sha3_224_Final + \sa wc_InitSha3_224 + \sa wc_Sha3_224_GetHash +*/ +int wc_Sha3_224_Copy(wc_Sha3* sha3, wc_Sha3* dst); + +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHA3-256ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha3_256Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(sha3, data, len); + wc_Sha3_256_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_256Hash + \sa wc_Sha3_256_Update + \sa wc_Sha3_256_Final +*/ +int wc_InitSha3_256(wc_Sha3* sha3, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(sha3, data, len); + wc_Sha3_256_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_256Hash + \sa wc_Sha3_256_Final + \sa wc_InitSha3_256 +*/ +int wc_Sha3_256_Update(wc_Sha3* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(sha3, data, len); + wc_Sha3_256_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_256Hash + \sa wc_Sha3_256_GetHash + \sa wc_InitSha3_256 +*/ +int wc_Sha3_256_Final(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief wc_Sha3構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param sha3 解放ã•れるsha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Sha3 sha3; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_256(&sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(&sha3, data, len); + wc_Sha3_256_Final(&sha3, hash); + wc_Sha3_256_Free(&sha3); + } + \endcode + + \sa wc_InitSha3_256 + \sa wc_Sha3_256_Update + \sa wc_Sha3_256_Final +*/ +void wc_Sha3_256_Free(wc_Sha3* sha3); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(sha3, data, len); + wc_Sha3_256_GetHash(sha3, hash); + } + \endcode + + \sa wc_Sha3_256Hash + \sa wc_Sha3_256_Final + \sa wc_InitSha3_256 + \sa wc_Sha3_256_Copy +*/ +int wc_Sha3_256_GetHash(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 コピーã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + wc_Sha3 sha3_dup[1]; + if ((ret = wc_InitSha3_256(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_256 failed"); + } + else { + wc_Sha3_256_Update(sha3, data, len); + wc_Sha3_256_Copy(sha3, sha3_dup); + } + \endcode + + \sa wc_Sha3_256Hash + \sa wc_Sha3_256_Final + \sa wc_InitSha3_256 + \sa wc_Sha3_256_GetHash +*/ +int wc_Sha3_256_Copy(wc_Sha3* sha3, wc_Sha3* dst); + +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHA3-384ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha3_384Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_384 failed"); + } + else { + wc_Sha3_384_Update(sha3, data, len); + wc_Sha3_384_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_384Hash + \sa wc_Sha3_384_Update + \sa wc_Sha3_384_Final +*/ +int wc_InitSha3_384(wc_Sha3* sha3, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_384 failed"); + } + else { + wc_Sha3_384_Update(sha3, data, len); + wc_Sha3_384_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_384Hash + \sa wc_Sha3_384_Final + \sa wc_InitSha3_384 +*/ +int wc_Sha3_384_Update(wc_Sha3* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_384 failed"); + } + else { + wc_Sha3_384_Update(sha3, data, len); + wc_Sha3_384_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_384Hash + \sa wc_Sha3_384_GetHash + \sa wc_InitSha3_384 +*/ +int wc_Sha3_384_Final(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief wc_Sha3構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param sha3 解放ã•れるsha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Sha3 sha3; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_384 failed"); + } + else { + wc_Sha3_384_Update(&sha3, data, len); + wc_Sha3_384_Final(&sha3, hash); + wc_Sha3_384_Free(&sha3); + } + \endcode + + \sa wc_InitSha3_384 + \sa wc_Sha3_384_Update + \sa wc_Sha3_384_Final +*/ +void wc_Sha3_384_Free(wc_Sha3* sha3); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_38384ailed"); + } + else { + wc_Sha3_384_Update(sha3, data, len); + wc_Sha3_384_GetHash(sha3, hash); + } + \endcode + + \sa wc_Sha3_384Hash + \sa wc_Sha3_384_Final + \sa wc_InitSha3_384 + \sa wc_Sha3_384_Copy +*/ +int wc_Sha3_384_GetHash(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 コピーã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + wc_Sha3 sha3_dup[1]; + if ((ret = wc_InitSha3_384(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_384 failed"); + } + else { + wc_Sha3_384_Update(sha3, data, len); + wc_Sha3_384_Copy(sha3, sha3_dup); + } + \endcode + + \sa wc_Sha3_384Hash + \sa wc_Sha3_384_Final + \sa wc_InitSha3_384 + \sa wc_Sha3_384_GetHash +*/ +int wc_Sha3_384_Copy(wc_Sha3* sha3, wc_Sha3* dst); + +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHA3-512ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha3_512Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(sha3, data, len); + wc_Sha3_512_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_512Hash + \sa wc_Sha3_512_Update + \sa wc_Sha3_512_Final +*/ +int wc_InitSha3_512(wc_Sha3* sha3, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(sha3, data, len); + wc_Sha3_512_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_512Hash + \sa wc_Sha3_512_Final + \sa wc_InitSha3_512 +*/ +int wc_Sha3_512_Update(wc_Sha3* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(sha3, data, len); + wc_Sha3_512_Final(sha3, hash); + } + \endcode + + \sa wc_Sha3_512Hash + \sa wc_Sha3_512_GetHash + \sa wc_InitSha3_512 +*/ +int wc_Sha3_512_Final(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief wc_Sha3構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param sha3 解放ã•れるsha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Sha3 sha3; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitSha3_512(&sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(&sha3, data, len); + wc_Sha3_512_Final(&sha3, hash); + wc_Sha3_512_Free(&sha3); + } + \endcode + + \sa wc_InitSha3_512 + \sa wc_Sha3_512_Update + \sa wc_Sha3_512_Final +*/ +void wc_Sha3_512_Free(wc_Sha3* sha3); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚sha3構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Sha3 sha3[1]; + if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(sha3, data, len); + wc_Sha3_512_GetHash(sha3, hash); + } + \endcode + + \sa wc_Sha3_512Hash + \sa wc_Sha3_512_Final + \sa wc_InitSha3_512 + \sa wc_Sha3_512_Copy +*/ +int wc_Sha3_512_GetHash(wc_Sha3* sha3, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha3 コピーã™ã‚‹sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®sha3構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Sha3 sha3[1]; + wc_Sha3 sha3_dup[1]; + if ((ret = wc_InitSha3_512(sha3, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitSha3_512 failed"); + } + else { + wc_Sha3_512_Update(sha3, data, len); + wc_Sha3_512_Copy(sha3, sha3_dup); + } + \endcode + + \sa wc_Sha3_512Hash + \sa wc_Sha3_512_Final + \sa wc_InitSha3_512 + \sa wc_Sha3_512_GetHash +*/ +int wc_Sha3_512_Copy(wc_Sha3* sha3, wc_Sha3* dst); + +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHAKE-128ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Shake128Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Shake shake[1]; + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(shake, data, len); + wc_Shake128_Final(shake, hash); + } + \endcode + + \sa wc_Shake128Hash + \sa wc_Shake128_Update + \sa wc_Shake128_Final +*/ +int wc_InitShake128(wc_Shake* shake, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(shake, data, len); + wc_Shake128_Final(shake, hash); + } + \endcode + + \sa wc_Shake128Hash + \sa wc_Shake128_Final + \sa wc_InitShake128 +*/ +int wc_Shake128_Update(wc_Shake* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚shake構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param hashLen hashã«æ›¸ã込むãƒã‚¤ãƒˆæ•°ã€‚ + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(shake, data, len); + wc_Shake128_Final(shake, hash); + } + \endcode + + \sa wc_Shake128Hash + \sa wc_Shake128_GetHash + \sa wc_InitShake128 +*/ +int wc_Shake128_Final(wc_Shake* shake, byte* hash, word32 hashLen); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列をå¸åŽã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚段階的ã«å‘¼ã³å‡ºã™ã“ã¨ã¯ã§ãã¾ã›ã‚“。 + + \return 0 データã®å¸åŽã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data å¸åŽã•れるデータ + \param len å¸åŽã•れるデータã®é•·ã• + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + byte out[2 * WC_SHA3_128_BLOCK_SIZE]; + int blocks = 2; + + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Absorb(shake, data, len); + wc_Shake128_SqueezeBlocks(shake, out, blocks); + } + \endcode + + \sa wc_Shake128_SqueezeBlocks + \sa wc_InitShake128 +*/ +int wc_Shake128_Absorb(wc_Shake* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief ã•らã«å¤šãã®ãƒ‡ãƒ¼ã‚¿ãƒ–ロックを絞り出ã—ã¾ã™ã€‚çµæžœã¯outã«æ ¼ç´ã•れã¾ã™ã€‚段階的ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 絞り出ã—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash å‡ºåŠ›ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param blocks 絞り出ã™ãƒ–ãƒ­ãƒƒã‚¯ã®æ•°ã€‚å„ブロックã¯WC_SHA3_128_BLOCK_SIZEãƒã‚¤ãƒˆã®é•·ã•ã§ã™ã€‚ + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + byte out[2 * WC_SHA3_128_BLOCK_SIZE]; + int blocks = 2; + + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Absorb(shake, data, len); + wc_Shake128_SqueezeBlocks(shake, out, blocks); + } + \endcode + + \sa wc_Shake128_Absorb + \sa wc_InitShake128 +*/ +int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt); + +/*! + \ingroup SHA + + \brief wc_Shake構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param shake 解放ã•れるshake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Shake shake; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake128(&shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(&shake, data, len); + wc_Shake128_Final(&shake, hash); + wc_Shake128_Free(&shake); + } + \endcode + + \sa wc_InitShake128 + \sa wc_Shake128_Update + \sa wc_Shake128_Final +*/ +void wc_Shake128_Free(wc_Shake* shake); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚shake構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Shake shake[1]; + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(shake, data, len); + wc_Shake128_GetHash(shake, hash); + } + \endcode + + \sa wc_Shake128Hash + \sa wc_Shake128_Final + \sa wc_InitShake128 + \sa wc_Shake128_Copy +*/ +int wc_Shake128_GetHash(wc_Shake* shake, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param src コピーã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Shake shake[1]; + wc_Shake shake_dup[1]; + if ((ret = wc_InitShake128(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake128 failed"); + } + else { + wc_Shake128_Update(shake, data, len); + wc_Shake128_Copy(shake, shake_dup); + } + \endcode + + \sa wc_Shake128Hash + \sa wc_Shake128_Final + \sa wc_InitShake128 + \sa wc_Shake128_GetHash +*/ +int wc_Shake128_Copy(wc_Shake* src, wc_Sha3* dst); + +/*! + \ingroup SHA + + \brief ã“ã®é–¢æ•°ã¯SHAKE-256ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Shake256Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Shake shake[1]; + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(shake, data, len); + wc_Shake256_Final(shake, hash, sizeof(hash)); + } + \endcode + + \sa wc_Shake256Hash + \sa wc_Shake256_Update + \sa wc_Shake256_Final +*/ +int wc_InitShake256(wc_Shake* shake, void* heap, int devId); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®ãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿ã®è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(shake, data, len); + wc_Shake256_Final(shake, hash, sizeof(hash)); + } + \endcode + + \sa wc_Shake256Hash + \sa wc_Shake256_Final + \sa wc_InitShake256 +*/ +int wc_Shake256_Update(wc_Shake* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚shake構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param hashLen ãƒãƒƒã‚·ãƒ¥ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆå˜ä½ï¼‰ã€‚ + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(shake, data, len); + wc_Shake256_Final(shake, hash, sizeof(hash)); + } + \endcode + + \sa wc_Shake256Hash + \sa wc_Shake256_GetHash + \sa wc_InitShake256 +*/ +int wc_Shake256_Final(wc_Shake* shake, byte* hash, word32 hashLen); + +/*! + \ingroup SHA + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列をå¸åŽã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚段階的ã«å‘¼ã³å‡ºã™ã“ã¨ã¯ã§ãã¾ã›ã‚“。 + + \return 0 データã®å¸åŽã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data å¸åŽã•れるデータ + \param len å¸åŽã•れるデータã®é•·ã• + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + byte out[2 * WC_SHA3_256_BLOCK_SIZE]; + int blocks = 2; + + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Absorb(shake, data, len); + wc_Shake256_SqueezeBlocks(shake, out, blocks); + } + \endcode + + \sa wc_Shake256_SqueezeBlocks + \sa wc_InitShake256 +*/ +int wc_Shake256_Absorb(wc_Shake* sha, const byte* data, word32 len); + +/*! + \ingroup SHA + + \brief ã•らã«å¤šãã®ãƒ‡ãƒ¼ã‚¿ãƒ–ロックを絞り出ã—ã¾ã™ã€‚çµæžœã¯outã«æ ¼ç´ã•れã¾ã™ã€‚段階的ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 絞り出ã—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash å‡ºåŠ›ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + \param blocks 絞り出ã™ãƒ–ãƒ­ãƒƒã‚¯ã®æ•°ã€‚å„ブロックã¯WC_SHA3_256_BLOCK_SIZEãƒã‚¤ãƒˆã®é•·ã•ã§ã™ã€‚ + + _Example_ + \code + wc_Shake shake[1]; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + byte out[2 * WC_SHA3_256_BLOCK_SIZE]; + int blocks = 2; + + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Absorb(shake, data, len); + wc_Shake256_SqueezeBlocks(shake, out, blocks); + } + \endcode + + \sa wc_Shake256_Absorb + \sa wc_InitShake256 +*/ +int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt); + +/*! + \ingroup SHA + + \brief wc_Shake構造体をリセットã—ã¾ã™ã€‚注:ã“れã¯WOLFSSL_TI_HASHãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã®ã¿ã‚µãƒãƒ¼ãƒˆã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param shake 解放ã•れるshake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + wc_Shake shake; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; + word32 len = sizeof(data); + + if ((ret = wc_InitShake256(&shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(&shake, data, len); + wc_Shake256_Final(&shake, hash, sizeof(hash)); + wc_Shake256_Free(&shake); + } + \endcode + + \sa wc_InitShake256 + \sa wc_Shake256_Update + \sa wc_Shake256_Final +*/ +void wc_Shake256_Free(wc_Shake* shake); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚shake構造体ã®çŠ¶æ…‹ã‚’ãƒªã‚»ãƒƒãƒˆã—ã¾ã›ã‚“。 + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param shake æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + + _Example_ + \code + wc_Shake shake[1]; + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(shake, data, len); + wc_Shake256_GetHash(shake, hash); + } + \endcode + + \sa wc_Shake256Hash + \sa wc_Shake256_Final + \sa wc_InitShake256 + \sa wc_Shake256_Copy +*/ +int wc_Shake256_GetHash(wc_Shake* shake, byte* hash); + +/*! + \ingroup SHA + + \brief ãƒãƒƒã‚·ãƒ¥ã®çŠ¶æ…‹ã‚’ã‚³ãƒ”ãƒ¼ã—ã¾ã™ã€‚ + + \return 0 ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param src コピーã™ã‚‹shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param dst コピー先ã®shake構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + _Example_ + \code + wc_Shake shake[1]; + wc_Shake shake_dup[1]; + if ((ret = wc_InitShake256(shake, NULL, INVALID_DEVID)) != 0) { + WOLFSSL_MSG("wc_InitShake256 failed"); + } + else { + wc_Shake256_Update(shake, data, len); + wc_Shake256_Copy(shake, shake_dup); + } + \endcode + + \sa wc_Shake256Hash + \sa wc_Shake256_Final + \sa wc_InitShake256 + \sa wc_Shake256_GetHash +*/ +int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha512.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha512.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha512.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/sha512.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,12 @@ /*! \ingroup SHA - \brief ã“ã®é–¢æ•°ã¯SHA512ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_SHA512HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯SHA512ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha512Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha512 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha512構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Sha512 sha512[1]; @@ -13,22 +18,28 @@ wc_Sha512Final(sha512, hash); } \endcode + \sa wc_Sha512Hash \sa wc_Sha512Update \sa wc_Sha512Final */ -int wc_InitSha512(wc_Sha512*); +int wc_InitSha512(wc_Sha512* sha); /*! \ingroup SHA - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param sha512 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA512構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha512 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha512構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code Sha512 sha512[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha512(sha512)) != 0) { @@ -39,6 +50,7 @@ wc_Sha512Final(sha512, hash); } \endcode + \sa wc_Sha512Hash \sa wc_Sha512Final \sa wc_InitSha512 @@ -47,13 +59,18 @@ /*! \ingroup SHA - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚ - \return 0 ãƒãƒƒã‚·ãƒ¥ã‚’確定ã™ã‚‹ã¨ã†ã¾ãè¿”ã•れã¾ã—ãŸã€‚ - \param sha512 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA512構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 ãƒãƒƒã‚·ãƒ¥ã®å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha512 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha512構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha512 sha512[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha512(sha512)) != 0) { @@ -64,6 +81,7 @@ wc_Sha512Final(sha512, hash); } \endcode + \sa wc_Sha512Hash \sa wc_Sha512Final \sa wc_InitSha512 @@ -72,8 +90,13 @@ /*! \ingroup SHA - \brief ã“ã®é–¢æ•°ã¯SHA384ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯WC_SHA384HASHã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯SHA384ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“れã¯wc_Sha384Hashã«ã‚ˆã£ã¦è‡ªå‹•çš„ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param sha384 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha384構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + _Example_ \code Sha384 sha384[1]; @@ -85,22 +108,28 @@ wc_Sha384Final(sha384, hash); } \endcode + \sa wc_Sha384Hash \sa wc_Sha384Update \sa wc_Sha384Final */ -int wc_InitSha384(wc_Sha384*); +int wc_InitSha384(wc_Sha384* sha); /*! \ingroup SHA - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã‚’ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«æ­£å¸¸ã«è¿½åŠ ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param sha384 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA384構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 ダイジェストã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha384 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha384構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ + \param len ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータã®é•·ã• + _Example_ \code Sha384 sha384[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha384(sha384)) != 0) { @@ -111,6 +140,7 @@ wc_Sha384Final(sha384, hash); } \endcode + \sa wc_Sha384Hash \sa wc_Sha384Final \sa wc_InitSha384 @@ -119,13 +149,18 @@ /*! \ingroup SHA - \brief データã®ãƒãƒƒã‚·ãƒ¥ã‚’確定ã—ã¾ã™ã€‚çµæžœã¯ãƒãƒƒã‚·ãƒ¥ã«å…¥ã‚Œã‚‰ã‚Œã¾ã™ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param sha384 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹SHA384構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief データã®ãƒãƒƒã‚·ãƒ¥åŒ–を完了ã—ã¾ã™ã€‚çµæžœã¯hashã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param sha384 æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹sha384構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param hash ãƒãƒƒã‚·ãƒ¥å€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列。 + _Example_ \code Sha384 sha384[1]; - byte data[] = { Data to be hashed }; + byte data[] = { ãƒãƒƒã‚·ãƒ¥åŒ–ã•れるデータ }; word32 len = sizeof(data); if ((ret = wc_InitSha384(sha384)) != 0) { @@ -136,6 +171,7 @@ wc_Sha384Final(sha384, hash); } \endcode + \sa wc_Sha384Hash \sa wc_Sha384Final \sa wc_InitSha384 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/signature.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/signature.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/signature.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/signature.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,21 +1,27 @@ /*! \ingroup Signature - \brief ã“ã®é–¢æ•°ã¯ã€çµæžœã®ã‚·ã‚°ãƒãƒãƒ£ã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return Returns sig_type_e sig_typeãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆsig_typeãŒç„¡åйãªå ´åˆã¯bad_func_argã‚’è¿”ã—ã¾ã™ã€‚æ­£ã®æˆ»ã‚Šå€¤ã¯ã€ç½²åã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ - \param sig_type wc_signature_type_eccã¾ãŸã¯wc_signature_type_rsaãªã©ã®ç½²å型列挙型値。 - \param key ECC_KEYã‚„RSAKEYãªã©ã®ã‚­ãƒ¼æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€çµæžœã®ç½²åã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return sig_typeãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã€SIG_TYPE_Eã‚’è¿”ã—ã¾ã™ã€‚sig_typeãŒç„¡åйãªå ´åˆã€BAD_FUNC_ARGã‚’è¿”ã—ã¾ã™ã€‚æ­£ã®æˆ»ã‚Šå€¤ã¯ã€ç½²åã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ + + \param sig_type WC_SIGNATURE_TYPE_ECCã‚„WC_SIGNATURE_TYPE_RSAãªã©ã®ç½²åタイプã®åˆ—挙値。 + \param key ecc_keyã‚„RsaKeyãªã©ã®ã‚­ãƒ¼æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key_len キー構造体ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code - // Get signature length + // ç½²åã®é•·ã•ã‚’å–å¾— enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_ECC; ecc_key eccKey; word32 sigLen; wc_ecc_init(&eccKey); sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey)); if (sigLen > 0) { - // Success + // æˆåŠŸ } \endcode + \sa wc_HashGetDigestSize \sa wc_SignatureGenerate \sa wc_SignatureVerify @@ -25,36 +31,42 @@ /*! \ingroup Signature - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’ãƒãƒƒã‚·ãƒ¥ã—ã€çµæžœã®ãƒãƒƒã‚·ãƒ¥ã¨ã‚­ãƒ¼ã‚’使用ã—ã¦ç½²åを使用ã—ã¦ç½²åを使用ã—ã¦ç½²åを検証ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return SIG_TYPE_E -231ã€ç½²åã‚¿ã‚¤ãƒ—ãŒæœ‰åй/利用å¯èƒ½ã§ã™ - \return BAD_FUNC_ARG -173ã€é–¢æ•°ã®ä¸è‰¯å¼•æ•°ãŒæä¾›ã•れã¦ã„ã¾ã™ - \return BUFFER_E -132ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—ã¾ã™ã€‚ - \param hash_type "wc_hash_type_sha256"ãªã©ã® "enum wc_hashtype"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥åž‹ã€‚ - \param sig_type wc_signature_type_eccã¾ãŸã¯wc_signature_type_rsaãªã©ã®ç½²å型列挙型値。 - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param sig ç½²åを出力ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sig_len ã‚·ã‚°ãƒãƒãƒ£å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param key ECC_KEYã‚„RSAKEYãªã©ã®ã‚­ãƒ¼æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’ãƒãƒƒã‚·ãƒ¥åŒ–ã—ã€çµæžœã®ãƒãƒƒã‚·ãƒ¥ã¨ã‚­ãƒ¼ã‚’使用ã—ã¦ç½²åを検証ã™ã‚‹ã“ã¨ã§ã€ç½²åを検証ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return SIG_TYPE_E -231ã€ç½²åã‚¿ã‚¤ãƒ—ãŒæœ‰åŠ¹åŒ–ã•れã¦ã„ãªã„/利用ã§ããªã„ + \return BAD_FUNC_ARG -173ã€ä¸æ­£ãªé–¢æ•°å¼•æ•°ãŒæä¾›ã•れ㟠+ \return BUFFER_E -132ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã‹ã€å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹ã€‚ + + \param hash_type "WC_HASH_TYPE_SHA256"ãªã©ã®"enum wc_HashType"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + \param sig_type WC_SIGNATURE_TYPE_ECCã‚„WC_SIGNATURE_TYPE_RSAãªã©ã®ç½²åタイプã®åˆ—挙値。 + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param sig ç½²åを出力ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sig_len ç½²å出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param key ecc_keyã‚„RsaKeyãªã©ã®ã‚­ãƒ¼æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key_len キー構造体ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code int ret; ecc_key eccKey; - // Import the public key + // 公開éµã‚’インãƒãƒ¼ãƒˆ wc_ecc_init(&eccKey); ret = wc_ecc_import_x963(eccPubKeyBuf, eccPubKeyLen, &eccKey); - // Perform signature verification using public key + // 公開éµã‚’使用ã—ã¦ç½²å検証を実行 ret = wc_SignatureVerify( WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, fileBuf, fileLen, sigBuf, sigLen, &eccKey, sizeof(eccKey)); - printf("Signature Verification: %s - (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); + printf("ç½²åæ¤œè¨¼: %s + (%d)\n", (ret == 0) ? "åˆæ ¼" : "ä¸åˆæ ¼", ret); wc_ecc_free(&eccKey); \endcode + \sa wc_SignatureGetSize \sa wc_SignatureGenerate */ @@ -66,19 +78,24 @@ /*! \ingroup Signature - \brief ã“ã®é–¢æ•°ã¯ã€ã‚­ãƒ¼ã‚’使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ç½²åを生æˆã—ã¾ã™ã€‚ã¾ãšãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã‚’作æˆã—ã€ã‚­ãƒ¼ã‚’使用ã—ã¦ãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return SIG_TYPE_E -231ã€ç½²åã‚¿ã‚¤ãƒ—ãŒæœ‰åй/利用å¯èƒ½ã§ã™ - \return BAD_FUNC_ARG -173ã€é–¢æ•°ã®ä¸è‰¯å¼•æ•°ãŒæä¾›ã•れã¦ã„ã¾ã™ - \return BUFFER_E -132ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽãŸã‚Šå…¥åŠ›ãŒå¤§ãã™ãŽãŸã‚Šã—ã¾ã™ã€‚ - \param hash_type "wc_hash_type_sha256"ãªã©ã® "enum wc_hashtype"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥åž‹ã€‚ - \param sig_type wc_signature_type_eccã¾ãŸã¯wc_signature_type_rsaãªã©ã®ç½²å型列挙型値。 - \param data ãƒãƒƒã‚·ãƒ¥ã¸ã®ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param sig ç½²åを出力ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sig_len ã‚·ã‚°ãƒãƒãƒ£å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 - \param key ECC_KEYã‚„RSAKEYãªã©ã®ã‚­ãƒ¼æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param key_len キー構造ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚­ãƒ¼ã‚’使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ç½²åを生æˆã—ã¾ã™ã€‚最åˆã«ãƒ‡ãƒ¼ã‚¿ã®ãƒãƒƒã‚·ãƒ¥ã‚’作æˆã—ã€æ¬¡ã«ã‚­ãƒ¼ã‚’使用ã—ã¦ãƒãƒƒã‚·ãƒ¥ã«ç½²åã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return SIG_TYPE_E -231ã€ç½²åã‚¿ã‚¤ãƒ—ãŒæœ‰åŠ¹åŒ–ã•れã¦ã„ãªã„/利用ã§ããªã„ + \return BAD_FUNC_ARG -173ã€ä¸æ­£ãªé–¢æ•°å¼•æ•°ãŒæä¾›ã•れ㟠+ \return BUFFER_E -132ã€å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã‹ã€å…¥åŠ›ãŒå¤§ãã™ãŽã‚‹ã€‚ + + \param hash_type "WC_HASH_TYPE_SHA256"ãªã©ã®"enum wc_HashType"ã‹ã‚‰ã®ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + \param sig_type WC_SIGNATURE_TYPE_ECCã‚„WC_SIGNATURE_TYPE_RSAãªã©ã®ç½²åタイプã®åˆ—挙値。 + \param data ãƒãƒƒã‚·ãƒ¥åŒ–ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data_len データãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param sig ç½²åを出力ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sig_len ç½²å出力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param key ecc_keyã‚„RsaKeyãªã©ã®ã‚­ãƒ¼æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key_len キー構造体ã®ã‚µã‚¤ã‚ºã€‚ + \param rng åˆæœŸåŒ–ã•れãŸRNG構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int ret; @@ -88,27 +105,28 @@ wc_InitRng(&rng); wc_ecc_init(&eccKey); - // Generate key + // ã‚­ãƒ¼ã‚’ç”Ÿæˆ ret = wc_ecc_make_key(&rng, 32, &eccKey); - // Get signature length and allocate buffer + // ç½²åã®é•·ã•ã‚’å–å¾—ã—ã¦ãƒãƒƒãƒ•ァを割り当㦠sigLen = wc_SignatureGetSize(sig_type, &eccKey, sizeof(eccKey)); sigBuf = malloc(sigLen); - // Perform signature verification using public key + // 公開éµã‚’使用ã—ã¦ç½²å検証を実行 ret = wc_SignatureGenerate( WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, fileBuf, fileLen, sigBuf, &sigLen, &eccKey, sizeof(eccKey), &rng); - printf("Signature Generation: %s - (%d)\n", (ret == 0) ? "Pass" : "Fail", ret); + printf("ç½²å生æˆ: %s + (%d)\n", (ret == 0) ? "åˆæ ¼" : "ä¸åˆæ ¼", ret); free(sigBuf); wc_ecc_free(&eccKey); wc_FreeRng(&rng); \endcode + \sa wc_SignatureGetSize \sa wc_SignatureVerify */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/siphash.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/siphash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/siphash.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/siphash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,17 +1,21 @@ - /*! \ingroup SipHash - \brief ã“ã®é–¢æ•°ã¯ã€Macサイズã®ã‚­ãƒ¼ã§Siphashã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG Siphashã¾ãŸã¯ã‚­ãƒ¼ãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG OUTSZãŒ8ã§ã‚‚16ã§ã‚‚ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param siphash Macingã«ä½¿ç”¨ã™ã‚‹ã‚µã‚¤ãƒ—ãƒãƒƒã‚·ãƒ¥æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key 16ãƒã‚¤ãƒˆé…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€MACサイズã«å¯¾ã™ã‚‹ã‚­ãƒ¼ã‚’使用ã—ã¦SipHashã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 åˆæœŸåŒ–ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG sipHashã¾ãŸã¯keyãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG outSzãŒ8ã§ã‚‚16ã§ã‚‚ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param siphash MACã«ä½¿ç”¨ã™ã‚‹SipHash構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key 16ãƒã‚¤ãƒˆé…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param outSz MACã¨ã—ã¦å‡ºåŠ›ã™ã‚‹ãƒã‚¤ãƒˆæ•° + _Example_ \code SipHash siphash[1]; unsigned char key[16] = { ... }; - byte macSz = 8; // 8 or 16 + byte macSz = 8; // 8ã¾ãŸã¯16 if ((ret = wc_InitSipHash(siphash, key, macSz)) != 0) { WOLFSSL_MSG("wc_InitSipHash failed"); @@ -23,6 +27,7 @@ WOLFSSL_MSG("wc_SipHashFinal failed"); } \endcode + \sa wc_SipHash \sa wc_SipHashUpdate \sa wc_SipHashFinal @@ -32,16 +37,21 @@ /*! \ingroup SipHash - \brief é•·ã•LENã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を絶ãˆãšãƒãƒƒã‚·ãƒ¥ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return 0 Macã«ãƒ‡ãƒ¼ã‚¿ã‚’追加ã—ãŸã‚‰ã€è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG SiphashãŒnullã®ã¨ãè¿”ã•れã¾ã—㟠- \return BAD_FUNC_ARG inneãŒnullã®ã¨ãè¿”ã•れã€Inszã¯ã‚¼ãƒ­ã§ã¯ã‚りã¾ã›ã‚“ - \param siphash Macingã«ä½¿ç”¨ã™ã‚‹ã‚µã‚¤ãƒ—ãƒãƒƒã‚·ãƒ¥æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in マイートã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + + \brief é•·ã•lenã®æä¾›ã•れãŸãƒã‚¤ãƒˆé…列を継続的ã«ãƒãƒƒã‚·ãƒ¥ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 MACã¸ã®ãƒ‡ãƒ¼ã‚¿è¿½åŠ ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG siphashãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG inãŒNULLã§inSzãŒã‚¼ãƒ­ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param siphash MACã«ä½¿ç”¨ã™ã‚‹SipHash構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param inSz MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º + _Example_ \code SipHash siphash[1]; - byte data[] = { Data to be MACed }; + byte data[] = { MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; word32 len = sizeof(data); if ((ret = wc_InitSipHash(siphash, key, macSz)) != 0) { @@ -54,6 +64,7 @@ WOLFSSL_MSG("wc_SipHashFinal failed"); } \endcode + \sa wc_SipHash \sa wc_InitSipHash \sa wc_SipHashFinal @@ -63,16 +74,21 @@ /*! \ingroup SipHash - \brief データã®Macingを確定ã—ã¾ã™ã€‚çµæžœãŒå‡ºå…¥ã‚Šã™ã‚‹ã€‚ - \return 0 ãƒ•ã‚¡ã‚¤ãƒŠãƒ©ã‚¤ã‚ºã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG Siphashã®OUTãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG OUTSZãŒåˆæœŸåŒ–ã•れãŸå€¤ã¨åŒã˜ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param siphash Macingã«ä½¿ç”¨ã™ã‚‹ã‚µã‚¤ãƒ—ãƒãƒƒã‚·ãƒ¥æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param out MACå€¤ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒã‚¤ãƒˆé…列 + + \brief データã®MAC処ç†ã‚’完了ã—ã¾ã™ã€‚çµæžœã¯outã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return 0 å®Œäº†ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG siphashã¾ãŸã¯outãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG outSzãŒåˆæœŸåŒ–ã•れãŸå€¤ã¨åŒã˜ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param siphash MACã«ä½¿ç”¨ã™ã‚‹SipHash構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param out MACå€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列 + \param outSz MACã¨ã—ã¦å‡ºåŠ›ã™ã‚‹ãƒã‚¤ãƒˆæ•° + _Example_ \code SipHash siphash[1]; - byte mac[8] = { ... }; // 8 or 16 bytes + byte mac[8] = { ... }; // 8ã¾ãŸã¯16ãƒã‚¤ãƒˆ byte macSz = sizeof(mac); if ((ret = wc_InitSipHash(siphash, key, macSz)) != 0) { @@ -85,6 +101,7 @@ WOLFSSL_MSG("wc_SipHashFinal failed"); } \endcode + \sa wc_SipHash \sa wc_InitSipHash \sa wc_SipHashUpdate @@ -94,31 +111,36 @@ /*! \ingroup SipHash - \brief ã“ã®æ©Ÿèƒ½ã¯Siphashを使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’1ショットã—ã¦ã€ã‚­ãƒ¼ã«åŸºã¥ã„ã¦MACを計算ã—ã¾ã™ã€‚ - \return 0 Macingã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return BAD_FUNC_ARG キーã¾ãŸã¯OUTãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ - \return BAD_FUNC_ARG inneãŒnullã®ã¨ãè¿”ã•れã€Inszã¯ã‚¼ãƒ­ã§ã¯ã‚りã¾ã›ã‚“ - \return BAD_FUNC_ARG OUTSZãŒ8ã§ã‚‚16ã§ã‚‚ãªã„å ´åˆã«è¿”ã•れã¾ã™ - \param key 16ãƒã‚¤ãƒˆé…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in マイートã™ã‚‹ãƒ‡ãƒ¼ã‚¿ - \param inSz マイクã•れるデータã®ã‚µã‚¤ã‚º - \param out MACå€¤ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒã‚¤ãƒˆé…列 + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚­ãƒ¼ã«åŸºã¥ã„ã¦MACを計算ã™ã‚‹ãŸã‚ã«ã€SipHashを使用ã—ã¦ãƒ‡ãƒ¼ã‚¿ã‚’ワンショットã§å‡¦ç†ã—ã¾ã™ã€‚ + + \return 0 MACã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG keyã¾ãŸã¯outãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG inãŒNULLã§inSzãŒã‚¼ãƒ­ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG outSzãŒ8ã§ã‚‚16ã§ã‚‚ãªã„å ´åˆã«è¿”ã•れã¾ã™ + + \param key 16ãƒã‚¤ãƒˆé…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ + \param inSz MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º + \param out MACå€¤ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆé…列 + \param outSz MACã¨ã—ã¦å‡ºåŠ›ã™ã‚‹ãƒã‚¤ãƒˆæ•° + _Example_ \code unsigned char key[16] = { ... }; - byte data[] = { Data to be MACed }; + byte data[] = { MACã™ã‚‹ãƒ‡ãƒ¼ã‚¿ }; word32 len = sizeof(data); - byte mac[8] = { ... }; // 8 or 16 bytes + byte mac[8] = { ... }; // 8ã¾ãŸã¯16ãƒã‚¤ãƒˆ byte macSz = sizeof(mac); if ((ret = wc_SipHash(key, data, len, mac, macSz)) != 0) { WOLFSSL_MSG("wc_SipHash failed"); } \endcode + \sa wc_InitSipHash \sa wc_SipHashUpdate \sa wc_SipHashFinal */ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz, unsigned char* out, unsigned char outSz); - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/srp.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/srp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/srp.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/srp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,24 +1,30 @@ /*! \ingroup SRP - \brief 使用方法ã®ãŸã‚ã«SRPæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã—ã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG SRPãªã©ã®å¼•æ•°ãŒNULLã¾ãŸã¯SRPSIDEã®å•題ãŒã‚ã‚‹å ´åˆã¯ã€SRP_CLIENT_SIESã¾ãŸã¯SRP_SERVER_SIEDã§ã¯å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return NOT_COMPILED_IN タイプãŒå¼•æ•°ã¨ã—ã¦æ¸¡ã•れãŸãŒã€WolfCryptビルドã«è¨­å®šã•れã¦ã„ãªã„å ´åˆã€‚ - \return <0 エラー時ã«ã€‚ - \param srp åˆæœŸåŒ–ã•れるSRP構造。 - \param type 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥åž‹ã€‚ + + \brief 使用ã®ãŸã‚ã«Srpæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG srpãŒnullã®å ´åˆã‚„SrpSideãŒSRP_CLIENT_SIDEã¾ãŸã¯SRP_SERVER_SIDEã§ãªã„å ´åˆãªã©ã€å¼•æ•°ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN 引数ã¨ã—ã¦æ¸¡ã•れãŸåž‹ãŒwolfCryptビルドã§è¨­å®šã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー時。 + + \param srp åˆæœŸåŒ–ã™ã‚‹Srp構造体。 + \param type 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—。 + \param side 通信ã®å´ã€‚ + _Example_ \code Srp srp; if (wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE) != 0) { - // Initialization error + // åˆæœŸåŒ–エラー } else { wc_SrpTerm(&srp); } \endcode + \sa wc_SrpTerm \sa wc_SrpSetUsername */ @@ -26,28 +32,39 @@ /*! \ingroup SRP - \brief 使用後ã«SRP構造リソースを解放ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + + \brief 使用後ã«Srp構造体ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param srp 終了ã™ã‚‹Srp構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code Srp srp; wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE); - // Use srp + // srpを使用 wc_SrpTerm(&srp) \endcode + \sa wc_SrpInit */ void wc_SrpTerm(Srp* srp); /*! \ingroup SRP - \brief ユーザーåを設定ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_srpinitã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 ユーザーåã¯æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG: srpã¾ãŸã¯usernameãŒnullã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E: SRP->ユーザーã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹å•題ãŒã‚ã‚‹å ´åˆ - \return < 0:エラー。 - \param srp SRP構造 - \param username ユーザーåã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + + \brief ユーザーåを設定ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpInitã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 ユーザーåãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG: srpã¾ãŸã¯usernameãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E: srp->userã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ + \return < 0: エラー。 + + \param srp Srp構造体。 + \param username ユーザーåã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param size ユーザーåã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½) + _Example_ \code Srp srp; @@ -57,10 +74,11 @@ wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE); if(wc_SrpSetUsername(&srp, username, usernameSize) != 0) { - // Error occurred setting username. + // ユーザーåã®è¨­å®šã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ } wc_SrpTerm(&srp); \endcode + \sa wc_SrpInit \sa wc_SrpSetParams \sa wc_SrpTerm @@ -69,26 +87,31 @@ /*! \ingroup SRP - \brief ユーザーåã«åŸºã¥ã„ã¦SRPパラメータを設定ã—ã¾ã™.. wc_srpsetuserNameã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã€Nã€Gã€ã¾ãŸã¯SALTãŒNULLã®å ´åˆã€ã¾ãŸã¯NSZ sideãŒsrp_client_sideã«è¨­å®šã•れã¦ã„ãªã„å ´åˆã€‚ - \return SRP_CALL_ORDER_E WC_SRPSETPASSWORDãŒé †ä¸åŒã§å‘¼ã³å‡ºã•れãŸã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param password パスワードをå«ã‚€ãƒãƒƒãƒ•ァ。 + + \brief パスワードを設定ã—ã¾ã™ã€‚パスワードã®è¨­å®šã¯ã€srp構造体ã«ã‚¯ãƒªã‚¢ãƒ‘スワードデータを永続化ã—ã¾ã›ã‚“。クライアントã¯x = H(salt + H(user:pswd))を計算ã—ã€authãƒ•ã‚£ãƒ¼ãƒ«ãƒ‰ã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpSetParamsã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®ã¿ã§ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã¾ãŸã¯passwordãŒnullã®å ´åˆã€ã¾ãŸã¯srp->sideãŒSRP_CLIENT_SIDEã«è¨­å®šã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SRP_CALL_ORDER_E wc_SrpSetPasswordãŒé †åºå¤–ã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param password パスワードをå«ã‚€ãƒãƒƒãƒ•ァ。 + \param size パスワードã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code Srp srp; @@ -125,9 +154,9 @@ byte password[] = "password"; word32 passwordSize = 8; - byte N[] = { }; // Contents of byte array N - byte g[] = { }; // Contents of byte array g - byte salt[] = { }; // Contents of byte array salt + byte N[] = { }; // ãƒã‚¤ãƒˆé…列Nã®å†…容 + byte g[] = { }; // ãƒã‚¤ãƒˆé…列gã®å†…容 + byte salt[] = { }; // ãƒã‚¤ãƒˆé…列saltã®å†…容 wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE); wc_SrpSetUsername(&srp, username, usernameSize); @@ -135,11 +164,12 @@ if(wc_SrpSetPassword(&srp, password, passwordSize) != 0) { - // Error setting password + // パスワード設定エラー } wc_SrpTerm(&srp); \endcode + \sa wc_SrpInit \sa wc_SrpSetUsername \sa wc_SrpSetParams @@ -148,33 +178,39 @@ /*! \ingroup SRP - \brief 検証者を設定ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_srpsetparamsã®å¾Œã«å‘¼ã³å‡ºã•れã€ã‚µãƒ¼ãƒãƒ¼å´ã®ã¿ã§ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã¾ãŸã¯VerifierãŒNULLã¾ãŸã¯SRP-> ISã®å ´åˆã€SRP_SERVER_SIEDã§ã¯ãªãè¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param verifier 検証者をå«ã‚€æ§‹é€ ä½“。 + + \brief 検証å­ã‚’設定ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpSetParamsã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã€ã‚µãƒ¼ãƒãƒ¼å´ã®ã¿ã§ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã¾ãŸã¯verifierãŒnullã®å ´åˆã€ã¾ãŸã¯srp->sideãŒSRP_SERVER_SIDEã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param verifier 検証å­ã‚’å«ã‚€æ§‹é€ ä½“。 + \param size 検証å­ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code Srp srp; byte username[] = "user"; word32 usernameSize = 4; - byte N[] = { }; // Contents of byte array N - byte g[] = { }; // Contents of byte array g - byte salt[] = { }; // Contents of byte array salt + byte N[] = { }; // ãƒã‚¤ãƒˆé…列Nã®å†…容 + byte g[] = { }; // ãƒã‚¤ãƒˆé…列gã®å†…容 + byte salt[] = { }; // ãƒã‚¤ãƒˆé…列saltã®å†…容 wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE); wc_SrpSetUsername(&srp, username, usernameSize); wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt)) - byte verifier[] = { }; // Contents of some verifier + byte verifier[] = { }; // 何らã‹ã®æ¤œè¨¼å­ã®å†…容 if(wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)) != 0) { - // Error setting verifier + // 検証å­è¨­å®šã‚¨ãƒ©ãƒ¼ } wc_SrpTerm(&srp); \endcode + \sa wc_SrpInit \sa wc_SrpSetParams \sa wc_SrpGetVerifier @@ -183,13 +219,19 @@ /*! \ingroup SRP - \brief 検証者をå–å¾—ã—ã¾ã™ã€‚クライアントã¯V = g ^ xï¼…Nã§æ¤œè¨¼è€…を計算ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_srpsetpasswordã®å¾Œã«å‘¼ã³å‡ºã•れã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®ã¿ã§ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã€Verifierã€ã¾ãŸã¯SizeãŒNULLã®å ´åˆã€ã¾ãŸã¯SRP-> SIDEãŒSRP_CLIENT_SIEDã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SRP_CALL_ORDER_E WC_SRPGetverifierãŒé †ä¸åŒã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param verifier 検証者を書ã込むãŸã‚ã®ãƒãƒƒãƒ•ァー。 + + \brief 検証å­ã‚’å–å¾—ã—ã¾ã™ã€‚クライアントã¯v = g ^ x % Nã§æ¤œè¨¼å­ã‚’計算ã—ã¾ã™ã€‚ + ã“ã®é–¢æ•°ã¯wc_SrpSetPasswordã®å¾Œã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®ã¿ã§ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã€verifierã€ã¾ãŸã¯sizeãŒnullã®å ´åˆã€ã¾ãŸã¯srp->sideãŒSRP_CLIENT_SIDEã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SRP_CALL_ORDER_E wc_SrpGetVerifierãŒé †åºå¤–ã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param verifier 検証å­ã‚’書ã込むãƒãƒƒãƒ•ァ。 + \param size ãƒãƒƒãƒ•ァサイズ(ãƒã‚¤ãƒˆå˜ä½)。検証å­ã®ã‚µã‚¤ã‚ºã§æ›´æ–°ã•れã¾ã™ã€‚ + _Example_ \code Srp srp; @@ -198,9 +240,9 @@ byte password[] = "password"; word32 passwordSize = 8; - byte N[] = { }; // Contents of byte array N - byte g[] = { }; // Contents of byte array g - byte salt[] = { }; // Contents of byte array salt + byte N[] = { }; // ãƒã‚¤ãƒˆé…列Nã®å†…容 + byte g[] = { }; // ãƒã‚¤ãƒˆé…列gã®å†…容 + byte salt[] = { }; // ãƒã‚¤ãƒˆé…列saltã®å†…容 byte v[64]; word32 vSz = 0; vSz = sizeof(v); @@ -212,10 +254,11 @@ if( wc_SrpGetVerifier(&srp, v, &vSz ) != 0) { - // Error getting verifier + // 検証å­å–得エラー } wc_SrpTerm(&srp); \endcode + \sa wc_SrpSetVerifier \sa wc_SrpSetPassword */ @@ -223,50 +266,68 @@ /*! \ingroup SRP - \brief プライベートã®ã‚¨ãƒ•ェラル値を設定ã—ã¾ã™ã€‚プライベートã®ä¸€æ™‚çš„ãªå€¤ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®Aã¨ã—ã¦çŸ¥ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚サーãƒãƒ¼å´ã®and random()b。b = random()ã“ã®é–¢æ•°ã¯ã€ãƒ¦ãƒ‹ãƒƒãƒˆãƒ†ã‚¹ãƒˆã‚±ãƒ¼ã‚¹ã€ã¾ãŸã¯é–‹ç™ºè€…ãŒå¤–部ランダムソースを使用ã—ã¦ã‚¨ãƒ•ェメラル値を設定ã—ãŸã„å ´åˆã¯ä¾¿åˆ©ã§ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WC_SRPGetPublicã®å‰ã«å‘¼ã³å‡ºã•れるã“ã¨ãŒã‚りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã€Privateã€ã¾ãŸã¯SizeãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SRP_CALL_ORDER_E WC_SRPSetPrivateãŒé †ä¸åŒã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param priv 一時的ãªå€¤ã€‚ + + \brief 秘密エフェメラル値を設定ã—ã¾ã™ã€‚ç§˜å¯†ã‚¨ãƒ•ã‚§ãƒ¡ãƒ©ãƒ«å€¤ã¯æ¬¡ã®ã‚ˆã†ã«çŸ¥ã‚‰ã‚Œã¦ã„ã¾ã™: + クライアントå´ã§ã¯a。a = random() + サーãƒãƒ¼å´ã§ã¯b。b = random() + ã“ã®é–¢æ•°ã¯å˜ä½“テストケースやã€é–‹ç™ºè€…ãŒå¤–部ã®ä¹±æ•°ã‚½ãƒ¼ã‚¹ã‚’使用ã—ã¦ã‚¨ãƒ•ェメラル値を設定ã—ãŸã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpGetPublicã®å‰ã«å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã€privateã€ã¾ãŸã¯sizeãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SRP_CALL_ORDER_E wc_SrpSetPrivateãŒé †åºå¤–ã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param priv エフェメラル値。 + \param size privateã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code Srp srp; byte username[] = "user"; word32 usernameSize = 4; - byte N[] = { }; // Contents of byte array N - byte g[] = { }; // Contents of byte array g - byte salt[] = { }; // Contents of byte array salt - byte verifier = { }; // Contents of some verifier + byte N[] = { }; // ãƒã‚¤ãƒˆé…列Nã®å†…容 + byte g[] = { }; // ãƒã‚¤ãƒˆé…列gã®å†…容 + byte salt[] = { }; // ãƒã‚¤ãƒˆé…列saltã®å†…容 + byte verifier = { }; // 何らã‹ã®æ¤œè¨¼å­ã®å†…容 wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE); wc_SrpSetUsername(&srp, username, usernameSize); wc_SrpSetParams(&srp, N, sizeof(N), g, sizeof(g), salt, sizeof(salt)) wc_SrpSetVerifier(&srp, verifier, sizeof(verifier)) - byte b[] = { }; // Some ephemeral value + byte b[] = { }; // 何らã‹ã®ã‚¨ãƒ•ェメラル値 if( wc_SrpSetPrivate(&srp, b, sizeof(b)) != 0) { - // Error setting private ephemeral + // 秘密エフェメラル設定エラー } wc_SrpTerm(&srp); \endcode + \sa wc_SrpGetPublic */ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size); /*! \ingroup SRP - \brief 公共ã®ä¸€æ™‚çš„ãªå€¤ã‚’å–å¾—ã—ã¾ã™ã€‚公共ã®ä¸€æ™‚çš„ãªå€¤ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã®Aã¨ã—ã¦çŸ¥ã‚‰ã‚Œã¦ã„ã¾ã™ã€‚サーãƒå´ã®A = g ^ Aï¼…n b。B =(k * v +(g bï¼…n))%n wc_srpsetpasswordã¾ãŸã¯wc_srpsetverifierã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚関数WC_SRPSetPrivateã¯ã€WC_SRPGetPublicã®å‰ã«å‘¼ã³å‡ºã•れるã“ã¨ãŒã‚りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG srpã€pubã€ã¾ãŸã¯sizeãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SRP_CALL_ORDER_E WC_SRPGetPublicãŒé †ä¸åŒã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E サイズキーã§ã‚­ãƒ¼ã‚’アクセスã§ãã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã€ClientPubKeyã€ã¾ãŸã¯ServerPubKeyã®å ´åˆã€ã¾ãŸã¯ClientPubkeyszã¾ãŸã¯ServerPubKeyszãŒ0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SRP_CALL_ORDER_E WC_SRPComputeKeyãŒé †ä¸åŒã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param clientPubKey クライアントã®å…¬å…±ã®ä¸€æ™‚çš„ãªä¾¡å€¤ã€‚ - \param clientPubKeySz クライアントã®å…¬å…±ã®ä¸€æ™‚çš„ãªå€¤ã®ã‚µã‚¤ã‚ºã€‚ - \param serverPubKey サーãƒãƒ¼ã®ä¸€èˆ¬ã®ä¸€æ™‚çš„ãªå€¤ã€‚ + + \brief セッションéµã‚’計算ã—ã¾ã™ã€‚éµã¯æˆåŠŸå¾Œã«srp->keyã§ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã€clientPubKeyã€ã¾ãŸã¯serverPubKeyãŒnullã®å ´åˆã€ã¾ãŸã¯clientPubKeySzã¾ãŸã¯serverPubKeySzãŒ0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SRP_CALL_ORDER_E wc_SrpComputeKeyãŒé †åºå¤–ã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param clientPubKey クライアントã®å…¬é–‹ã‚¨ãƒ•ェメラル値。 + \param clientPubKeySz クライアントã®å…¬é–‹ã‚¨ãƒ•ェメラル値ã®ã‚µã‚¤ã‚ºã€‚ + \param serverPubKey サーãƒãƒ¼ã®å…¬é–‹ã‚¨ãƒ•ェメラル値。 + \param serverPubKeySz サーãƒãƒ¼ã®å…¬é–‹ã‚¨ãƒ•ェメラル値ã®ã‚µã‚¤ã‚ºã€‚ + _Example_ \code Srp server; @@ -318,11 +385,11 @@ word32 usernameSize = 4; byte password[] = "password"; word32 passwordSize = 8; - byte N[] = { }; // Contents of byte array N - byte g[] = { }; // Contents of byte array g - byte salt[] = { }; // Contents of byte array salt - byte verifier[] = { }; // Contents of some verifier - byte serverPubKey[] = { }; // Contents of server pub key + byte N[] = { }; // ãƒã‚¤ãƒˆé…列Nã®å†…容 + byte g[] = { }; // ãƒã‚¤ãƒˆé…列gã®å†…容 + byte salt[] = { }; // ãƒã‚¤ãƒˆé…列saltã®å†…容 + byte verifier[] = { }; // 何らã‹ã®æ¤œè¨¼å­ã®å†…容 + byte serverPubKey[] = { }; // サーãƒãƒ¼å…¬é–‹éµã®å†…容 word32 serverPubKeySize = sizeof(serverPubKey); byte clientPubKey[64]; word32 clientPubKeySize = 64; @@ -337,6 +404,7 @@ serverPubKey, serverPubKeySize) wc_SrpTerm(&server); \endcode + \sa wc_SrpGetPublic */ int wc_SrpComputeKey(Srp* srp, @@ -345,37 +413,48 @@ /*! \ingroup SRP - \brief 証明をå–å¾—ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_srpcomputekeyã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return BAD_FUNC_ARG SRPã€PROVã€ã¾ãŸã¯SIZEãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return BUFFER_E サイズãŒSRP-> Typeã®ãƒãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \return <0 エラー - \param srp SRP構造 - \param proof ピアプルーフ。 + + \brief 証明をå–å¾—ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpComputeKeyã®å¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return BAD_FUNC_ARG srpã€proofã€ã¾ãŸã¯sizeãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E sizeãŒsrp->typeã®ãƒãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚ºã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 エラー + + \param srp Srp構造体。 + \param proof ピアã®è¨¼æ˜Žã€‚ + \param size 証明ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code Srp cli; byte clientProof[SRP_MAX_DIGEST_SIZE]; word32 clientProofSz = SRP_MAX_DIGEST_SIZE; - // Initialize Srp following steps from previous examples + // å‰ã®ä¾‹ã®ã‚¹ãƒ†ãƒƒãƒ—ã«å¾“ã£ã¦Srpã‚’åˆæœŸåŒ– if (wc_SrpGetProof(&cli, clientProof, &clientProofSz) != 0) { - // Error getting proof + // 証明å–得エラー } \endcode + \sa wc_SrpComputeKey */ int wc_SrpGetProof(Srp* srp, byte* proof, word32* size); /*! \ingroup SRP - \brief ピアプルーフを確èªã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WC_SRPGetSessionKeyã®å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return 0 æˆåŠŸ - \return <0 エラー - \param srp SRP構造 - \param proof ピアプルーフ。 + + \brief ピアã®è¨¼æ˜Žã‚’検証ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_SrpGetSessionKeyã®å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return 0 æˆåŠŸ + \return <0 エラー + + \param srp Srp構造体。 + \param proof ピアã®è¨¼æ˜Žã€‚ + \param size 証明ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + _Example_ \code Srp cli; @@ -383,15 +462,16 @@ byte clientProof[SRP_MAX_DIGEST_SIZE]; word32 clientProofSz = SRP_MAX_DIGEST_SIZE; - // Initialize Srp following steps from previous examples - // First get the proof + // å‰ã®ä¾‹ã®ã‚¹ãƒ†ãƒƒãƒ—ã«å¾“ã£ã¦Srpã‚’åˆæœŸåŒ– + // 最åˆã«è¨¼æ˜Žã‚’å–å¾— wc_SrpGetProof(&cli, clientProof, &clientProofSz) if (wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz) != 0) { - // Error verifying proof + // 証明検証エラー } \endcode + \sa wc_SrpGetSessionKey \sa wc_SrpGetProof \sa wc_SrpTerm diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ssl.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/ssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,9 @@ /*! - \brief ã“ã®é–¢æ•°ã¯DTLS v1.2 ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãƒ¡ã‚½ãƒƒãƒ‰ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return 作æˆã«æˆåŠŸã—ãŸå ´åˆã¯ã€WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ãƒ¡ã‚½ãƒƒãƒ‰ã®ä½œæˆã®å¤±æ•—ã®å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯DTLS v1.2ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãƒ¡ã‚½ãƒƒãƒ‰ã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return pointer ã“ã®é–¢æ•°ã¯æ–°ã—ã„WOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -11,6 +13,7 @@ WOLFSSL* ssl = wolfSSL_new(ctx); … \endcode + \sa wolfSSL_Init \sa wolfSSL_CTX_new */ @@ -18,16 +21,21 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLv23_client_methodã¨åŒæ§˜ã«WOLFSSL_METHODã‚’è¿”ã—ã¾ã™ï¼ˆã‚µãƒ¼ãƒãƒ¼/クライアント)。 - \return 作æˆã«æˆåŠŸã—ãŸå ´åˆã¯ã€WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ãƒ¡ã‚½ãƒƒãƒ‰ã®ä½œæˆã®å¤±æ•—ã®å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯wolfSSLv23_client_methodã«ä¼¼ãŸWOLFSSL_METHODã‚’è¿”ã—ã¾ã™ãŒã€ã©ã¡ã‚‰å´(サーãƒ/クライアント)ã§ã‚ã‚‹ã‹ãŒã¾ã æ±ºå®šã•れã¦ã„ãªã„点ãŒç•°ãªã‚Šã¾ã™ã€‚ + + \return WOLFSSL_METHOD* 正常ã«ä½œæˆã•れãŸå ´åˆã€WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + \return NULL メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ãƒ¡ã‚½ãƒƒãƒ‰ä½œæˆå¤±æ•—ã®å ´åˆã¯Nullã‚’è¿”ã—ã¾ã™ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code WOLFSSL* ctx; ctx = wolfSSL_CTX_new(wolfSSLv23_method()); - // check ret value + // ret値をãƒã‚§ãƒƒã‚¯ \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -35,10 +43,13 @@ /*! \ingroup Setup - \brief wolfSSLv3_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€SSL3.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfSSLv3_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã§ã‚りã€SSL 3.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -49,12 +60,13 @@ method = wolfSSLv3_server_method(); if (method == NULL) { - unable to get method + メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method \sa wolfTLSv1_2_server_method @@ -62,15 +74,19 @@ \sa wolfDTLSv1_server_method \sa wolfSSLv23_server_method \sa wolfSSL_CTX_new + */ WOLFSSL_METHOD *wolfSSLv3_server_method(void); /*! \ingroup Setup - \brief wolfSSLv3_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€SSL 3.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfSSLv3_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€SSL 3.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -81,12 +97,13 @@ method = wolfSSLv3_client_method(); if (method == NULL) { - unable to get method + メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method \sa wolfTLSv1_2_client_method @@ -99,10 +116,13 @@ /*! \ingroup Setup - \brief wolfTLSv1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã§ã‚りã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -113,12 +133,13 @@ method = wolfTLSv1_server_method(); if (method == NULL) { - unable to get method + メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_1_server_method \sa wolfTLSv1_2_server_method @@ -131,10 +152,13 @@ /*! \ingroup Setup - \brief wolftlsv1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -145,12 +169,13 @@ method = wolfTLSv1_client_method(); if (method == NULL) { - unable to get method + メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_1_client_method \sa wolfTLSv1_2_client_method @@ -163,10 +188,13 @@ /*! \ingroup Setup - \brief wolfTLSv1_1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.1プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã§ã‚りã€TLS 1.1プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -177,12 +205,13 @@ method = wolfTLSv1_1_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_2_server_method @@ -195,10 +224,13 @@ /*! \ingroup Setup - \brief wolfTLSv1_1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -209,12 +241,13 @@ method = wolfTLSv1_1_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_2_client_method @@ -227,10 +260,13 @@ /*! \ingroup Setup - \brief wolfTLSv1_2_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.2プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_2_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã§ã‚りã€TLS 1.2プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -241,12 +277,13 @@ method = wolfTLSv1_2_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method @@ -259,10 +296,13 @@ /*! \ingroup Setup - \brief wolfTLSv1_2_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.2プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfTLSv1_2_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.2プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -273,12 +313,13 @@ method = wolfTLSv1_2_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method @@ -291,11 +332,11 @@ /*! \ingroup Setup - \brief wolfdtlsv1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€DTLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtlsã€ã¾ãŸã¯WOLFSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + \brief wolfDTLSv1_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€DTLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆ(--enable-dtlsã€ã¾ãŸã¯wolfSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦)ã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã™ã€‚ + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -304,12 +345,13 @@ method = wolfDTLSv1_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method @@ -322,11 +364,13 @@ /*! \ingroup Setup - \brief wolfDTLSv1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€DTLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtlsã€ã¾ãŸã¯WOLFSSL_DTLSマクロを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfDTLSv1_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚りã€DTLS 1.0プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-dtlsã€ã¾ãŸã¯wolfSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -335,12 +379,13 @@ method = wolfDTLSv1_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method @@ -350,31 +395,15 @@ \sa wolfSSL_CTX_new */ WOLFSSL_METHOD *wolfDTLSv1_server_method(void); - /*! - \brief wolfDTLSv1_2_server_method()関数ã¯ã‚µãƒ¼ãƒå´ç”¨ã«WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \ingroup Setup - _Example_ - \code - WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); - WOLFSSL* ssl = WOLFSSL_new(ctx); - … - \endcode - \sa wolfSSL_CTX_new -*/ -WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); + \brief wolfDTLSv1_3_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚りã€DTLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSv1.3サãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-dtls13ã€ã¾ãŸã¯wolfSSL_DTLS13を定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ã€‚ -/*! - \ingroup Setup + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \brief wolfDTLSv1_3_server_method()関数ã¯ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€DTLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtls13ã€ã¾ãŸã¯WOLFSSL_DTLS13を定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ - - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \param ãªã— + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -383,7 +412,7 @@ method = wolfDTLSv1_3_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); @@ -395,18 +424,15 @@ */ WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void); - /*! \ingroup Setup - \brief wolfDTLSv1_3_client_method()関数ã¯ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€DTLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtls13ã€ã¾ãŸã¯WOLFSSL_DTLS13を定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ - - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \param ãªã— + \brief wolfDTLSv1_3_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€DTLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSv1.3サãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-dtls13ã€ã¾ãŸã¯wolfSSL_DTLS13を定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ã€‚ + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -415,7 +441,7 @@ method = wolfDTLSv1_3_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); @@ -426,21 +452,15 @@ \sa wolfDTLSv1_3_server_method */ WOLFSSL_METHOD* wolfDTLSv1_3_client_method(void); - /*! \ingroup Setup - \brief wolfDTLS_server_method()関数ã¯ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れ〠- å¯èƒ½ãªé™ã‚Šé«˜ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®DTLSプロトコルをサãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯WOLFSSL_MIN_DTLS_DOWNGRADEマクロã§ã®æŒ‡å®šã‚’ã‚‚ã¨ã«ã—ã¦ã„ã¦ã€ - 実行時ã«wolfSSL_SetMinVersion()ã§å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtlsã€ã¾ãŸã¯WOLFSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ + \brief wolfDTLS_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚りã€åˆ©ç”¨å¯èƒ½ãªæœ€æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®DTLSãŠã‚ˆã³è¨±å¯ã•れる最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¾ã§ã®ã™ã¹ã¦ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚デフォルトã®è¨±å¯ã•れる最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã€WOLFSSL_MIN_DTLS_DOWNGRADEã®å®šç¾©ã«åŸºã¥ã„ã¦ãŠã‚Šã€wolfSSL_SetMinVersion()を使用ã—ã¦å®Ÿè¡Œæ™‚ã«å¤‰æ›´ã§ãã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-dtlsã€ã¾ãŸã¯wolfSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ã€‚ + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \param ãªã— + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -449,7 +469,7 @@ method = wolfDTLS_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); @@ -461,22 +481,15 @@ \sa wolfSSL_SetMinVersion */ WOLFSSL_METHOD *wolfDTLS_server_method(void); - /*! \ingroup Setup - \brief wolfDTLS_client_method()関数㯠アプリケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れ〠- å¯èƒ½ãªé™ã‚Šé«˜ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®DTLSプロトコルをサãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯WOLFSSL_MIN_DTLS_DOWNGRADEマクロã§ã®æŒ‡å®šã‚’ã‚‚ã¨ã«ã—ã¦ã„ã¦ã€ - 実行時ã«wolfSSL_SetMinVersion()ã§å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSL_ctx_new()を使用ã—ã¦SSL/TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSサãƒãƒ¼ãƒˆï¼ˆ--enable-dtlsã€ã¾ãŸã¯WOLFSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨ã§ãã¾ã™ã€‚ - + \brief wolfDTLS_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€åˆ©ç”¨å¯èƒ½ãªæœ€æ–°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®DTLSãŠã‚ˆã³è¨±å¯ã•れる最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¾ã§ã®ã™ã¹ã¦ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚デフォルトã®è¨±å¯ã•れる最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ã€WOLFSSL_MIN_DTLS_DOWNGRADEã®å®šç¾©ã«åŸºã¥ã„ã¦ãŠã‚Šã€wolfSSL_SetMinVersion()を使用ã—ã¦å®Ÿè¡Œæ™‚ã«å¤‰æ›´ã§ãã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿ä½¿ç”¨å¯èƒ½ã§ã™ï¼ˆ--enable-dtlsã€ã¾ãŸã¯wolfSSL_DTLSを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ï¼‰ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return XMALLOCを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ - \param ãªã— + \return * æˆåŠŸã—ãŸå ´åˆã€ã“ã®å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -485,7 +498,7 @@ method = wolfDTLS_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); @@ -497,13 +510,12 @@ \sa wolfSSL_SetMinVersion */ WOLFSSL_METHOD *wolfDTLS_client_method(void); - /*! - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ç”¨ã«WOLFSSL_METHOD構造体を生æˆã—ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãƒ¼å´ç”¨ã®WOLFSSL_METHODを作æˆã—ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return ã“ã®é–¢æ•°ã¯WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \param ãªã— + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code @@ -516,14 +528,15 @@ */ WOLFSSL_METHOD *wolfDTLSv1_2_server_method(void); - /*! \ingroup Setup - \brief Chacha-Poly Aead Constructionã®æœ€åˆã®ãƒªãƒªãƒ¼ã‚¹ã¨æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®é–“ã«ã„ãã¤ã‹ã®é•ã„ãŒã‚ã‚‹ãŸã‚〠- å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã¦ã‚µãƒ¼ãƒãƒ¼/クライアントã¨é€šä¿¡ã™ã‚‹ã‚ªãƒ—ションを追加ã—ã¾ã—ãŸã€‚ - デフォルトã§ã¯ã€wolfSSLã¯æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã—ãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief chacha-poly AEADæ§‹ç¯‰ã®æœ€åˆã®ãƒªãƒªãƒ¼ã‚¹ã¨æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®é–“ã«ã¯ã„ãã¤ã‹ã®é•ã„ãŒã‚ã‚‹ãŸã‚ã€å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã™ã‚‹ã‚µãƒ¼ãƒãƒ¼/クライアントã¨é€šä¿¡ã™ã‚‹ãŸã‚ã®ã‚ªãƒ—ションを追加ã—ã¾ã—ãŸã€‚デフォルトã§ã¯ã€wolfSSLã¯æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param value poly1305ã®æƒ…報を設定ã™ã‚‹éš›ã«å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã™ã‚‹ã‹ã©ã†ã‹ã€‚フラグ値1を渡ã™ã¨å¤ã„poly AEADを使用ã™ã‚‹ã“ã¨ã‚’示ã—ã€æ–°ã—ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ä½¿ç”¨ã«æˆ»ã™ã«ã¯ãƒ•ラグ値0を渡ã—ã¾ã™ã€‚ _Example_ \code @@ -533,23 +546,24 @@ ret = wolfSSL_use_old_poly(ssl, 1); if (ret != 0) { - // failed to set poly1305 AEAD version + // poly1305 AEADãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa none */ int wolfSSL_use_old_poly(WOLFSSL* ssl, int value); /*! - \brief wolfSSL_dtls_import()関数ã¯ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³çŠ¶æ…‹ã‚’è§£æžã™ã‚‹ãŸã‚ã«ä½¿ã‚れã¾ã™ã€‚ - ã“れã«ã‚ˆã‚Šã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«æŽ¥ç¶šã‚’ピックアップã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€èª­ã¿å–ã£ãŸãƒãƒƒãƒ•ã‚¡ã®é‡ãŒè¿”ã•れã¾ã™ã€‚ - \return ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ - \return VERSION_ERROR ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ä¸ä¸€è‡´ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€(ã™ãªã‚ã¡ã€DTLS v1ã¨CTXãŒDTLS v1.2ã«è¨­å®šã•れãŸå ´åˆ)ã€Version_ErrorãŒè¿”ã•れã¾ã™ã€‚ - - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf インãƒãƒ¼ãƒˆã™ã‚‹ã‚·ãƒªã‚¢ãƒ«åŒ–ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³æƒ…報を格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief wolfSSL_dtls_import()関数ã¯ã€ã‚·ãƒªã‚¢ãƒ«åŒ–ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³çŠ¶æ…‹ã‚’è§£æžã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«æŽ¥ç¶šã‚’å†é–‹ã§ãã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€èª­ã¿å–られãŸãƒãƒƒãƒ•ã‚¡ã®é‡ãŒè¿”ã•れã¾ã™ã€‚ + \return Failure ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ + \return VERSION_ERROR ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ä¸ä¸€è‡´ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€ã¤ã¾ã‚ŠDTLS v1ã§ctxãŒDTLS v1.2用ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€VERSION_ERRORãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf インãƒãƒ¼ãƒˆã™ã‚‹ã‚·ãƒªã‚¢ãƒ«åŒ–ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã€‚ + \param sz シリアル化ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -558,33 +572,34 @@ unsigned char buf[MAX]; bufSz = MAX; ... - //get information sent from wc_dtls_export function and place it in buf + // wc_dtls_export関数ã‹ã‚‰é€ä¿¡ã•ã‚ŒãŸæƒ…報をå–å¾—ã—ã€bufã«é…ç½®ã—ã¾ã™ fread(buf, 1, bufSz, input); ret = wolfSSL_dtls_import(ssl, buf, bufSz); if (ret < 0) { - // handle error case + // エラーケースを処ç†ã—ã¾ã™ } - // no wolfSSL_accept needed since handshake was already done + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒæ—¢ã«å®Œäº†ã—ã¦ã„ã‚‹ãŸã‚ã€wolfSSL_acceptã¯ä¸è¦ã§ã™ ... - ret = wolfSSL_write(ssl) and wolfSSL_read(ssl); + ret = wolfSSL_write(ssl) ãŠã‚ˆã³ wolfSSL_read(ssl); ... \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_new \sa wolfSSL_CTX_dtls_set_export */ -int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, +int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz); /*! - \brief シリアライズã•れãŸTLSセッションをインãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - 警告:bufã«ã¯ã€çŠ¶æ…‹ã«é–¢ã™ã‚‹æ©Ÿå¯†æƒ…å ±ãŒå«ã¾ã‚Œã¦ãŠã‚Šã€ä¿å­˜ã•れã¦ã„ã‚‹å ´åˆã¯ä¿å­˜ã™ã‚‹å‰ã«æš—å·åŒ–ã•れるã®ãŒæœ€å–„ã§ã™ã€‚ - 追加ã®ãƒ‡ãƒãƒƒã‚°æƒ…報をマクロWOLFSSL_SESSION_EXPORT_DEBUGを定義ã—ã¦è¡¨ç¤ºã§ãã¾ã™ã€‚ - \return ãƒãƒƒãƒ•ã‚¡'buf'ã‹ã‚‰èª­ã¿è¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \param ssl セッションをインãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param buf シリアル化ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief シリアル化ã•れãŸTLSセッションをインãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€æŽ¥ç¶šã®çŠ¶æ…‹ã‚’ã‚¤ãƒ³ãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã™ã€‚警告:bufã«ã¯çŠ¶æ…‹ã«é–¢ã™ã‚‹æ©Ÿå¯†æƒ…å ±ãŒå«ã¾ã‚Œã¦ãŠã‚Šã€ä¿å­˜ã™ã‚‹å ´åˆã¯æš—å·åŒ–ã—ã¦ã‹ã‚‰ä¿å­˜ã™ã‚‹ã®ãŒæœ€å–„ã§ã™ã€‚マクロWOLFSSL_SESSION_EXPORT_DEBUGを定義ã™ã‚‹ã“ã¨ã§ã€è¿½åŠ ã®ãƒ‡ãƒãƒƒã‚°æƒ…報を表示ã§ãã¾ã™ã€‚ + + \return ãƒãƒƒãƒ•ã‚¡'buf'ã‹ã‚‰èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•° + + \param ssl セッションをインãƒãƒ¼ãƒˆã™ã‚‹WOLFSSL構造体 + \param buf シリアル化ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ + \param sz ãƒãƒƒãƒ•ã‚¡'buf'ã®ã‚µã‚¤ã‚º \sa wolfSSL_dtls_import \sa wolfSSL_tls_export @@ -593,62 +608,63 @@ unsigned int sz); /*! - \brief wolfSSL_CTX_dtls_set_export()関数ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚ - 以å‰ã«æ ¼ç´ã•れã¦ã„るエクスãƒãƒ¼ãƒˆæ©Ÿèƒ½ã‚’クリアã™ã‚‹ãŸã‚ã«ãƒ‘ラメータfuncã«NULLを渡ã™ã“ã¨ãŒè¨±ã•れã¾ã™ã€‚ - サーãƒãƒ¼å´ã§ä½¿ç”¨ã•れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸç›´å¾Œã«è¨­å®šã—ãŸã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG NULLã¾ãŸã¯äºˆæƒ³ã•れãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param func セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹éš›ã«å‘¼ã³å‡ºã™é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ + \brief wolfSSL_CTX_dtls_set_export()関数ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚以å‰ã«ä¿å­˜ã•れãŸã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆé–¢æ•°ã‚’クリアã™ã‚‹ãŸã‚ã«ã€ãƒ‘ラメータfuncã¨ã—ã¦NULLを渡ã™ã“ã¨ãŒã§ãã¾ã™ã€‚サーãƒãƒ¼å´ã§ä½¿ç”¨ã•れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸç›´å¾Œã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG nullã¾ãŸã¯æœŸå¾…ã•れãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param func セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹wc_dtls_export関数。 _Example_ \code int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx); - // body of send session (wc_dtls_export) that passes - // buf (serialized session) to destination + // buf(シリアル化ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ï¼‰ã‚’å®›å…ˆã«æ¸¡ã™send session(wc_dtls_exportï¼‰ã®æœ¬ä½“ WOLFSSL_CTX* ctx; int ret; ... ret = wolfSSL_CTX_dtls_set_export(ctx, send_session); if (ret != SSL_SUCCESS) { - // handle error case + // エラーケースを処ç†ã—ã¾ã™ } ... ret = wolfSSL_accept(ssl); ... \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_new \sa wolfSSL_dtls_set_export \sa Static buffer use */ -int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func); +int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, + wc_dtls_export func); /*! - \brief wolfSSL_dtls_set_export()関数ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹éš›ã«å‘¼ã³å‡ºã™ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’登録ã—ã¾ã™ã€‚ - 以å‰ã«ç™»éŒ²ã•れã¦ã„るエクスãƒãƒ¼ãƒˆé–¢æ•°ã‚’クリアã™ã‚‹ãŸã‚ã«ä½¿ã†ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ - サーãƒãƒ¼å´ã§ä½¿ç”¨ã•れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸç›´å¾Œã«è¨­å®šã—ãŸã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG NULLã¾ãŸã¯äºˆæƒ³ã•れãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param func セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹éš›ã«å‘¼ã³å‡ºã™é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ + \brief wolfSSL_dtls_set_export()関数ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’エクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚以å‰ã«ä¿å­˜ã•れãŸã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆé–¢æ•°ã‚’クリアã™ã‚‹ãŸã‚ã«ã€ãƒ‘ラメータfuncã¨ã—ã¦NULLを渡ã™ã“ã¨ãŒã§ãã¾ã™ã€‚サーãƒãƒ¼å´ã§ä½¿ç”¨ã•れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸç›´å¾Œã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG nullã¾ãŸã¯æœŸå¾…ã•れãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param func セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹wc_dtls_export関数。 _Example_ - \code - int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx); - // body of send session (wc_dtls_export) that passes - // buf (serialized session) to destination + \code int send_session(WOLFSSL* ssl, byte* buf, word32 sz, void* userCtx); + // send sessionã®æœ¬ä½“(wc_dtls_export) + // buf(シリアライズã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³)ã‚’å®›å…ˆã«æ¸¡ã™ WOLFSSL* ssl; int ret; ... ret = wolfSSL_dtls_set_export(ssl, send_session); if (ret != SSL_SUCCESS) { - // handle error case + // エラーケースã®å‡¦ç† } ... ret = wolfSSL_accept(ssl); ... \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_new \sa wolfSSL_CTX_dtls_set_export @@ -656,14 +672,14 @@ int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func); /*! - \brief wolfSSL_dtls_export()é–¢æ•°ã¯æä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ã¸ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’シリアル化ã—ã¾ã™ã€‚ - セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®é–¢æ•°ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’使用ã™ã‚‹ã‚ˆã‚Šã‚‚メモリオーãƒãƒ¼ãƒ˜ãƒƒãƒ‰ã‚’減らã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - é–¢æ•°ã«æ¸¡ã•れãŸå¼•æ•°bufãŒNULLã®å ´åˆã€szã«ã¯WolfSSLセッションã®ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã«å¿…è¦ãªãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¨­å®šã•れã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€ä½¿ç”¨ã•れるãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ - \return ã™ã¹ã¦ã®å¤±æ•—ã—ãŸæˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf シリアライズã—ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief wolfSSL_dtls_export()関数ã¯ã€WOLFSSLセッションをæä¾›ã•れãŸãƒãƒƒãƒ•ã‚¡ã«ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚セッションをé€ä¿¡ã™ã‚‹ãŸã‚ã®é–¢æ•°ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’使用ã™ã‚‹ã‚ˆã‚Šã‚‚メモリオーãƒãƒ¼ãƒ˜ãƒƒãƒ‰ãŒå°‘ãªãã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’シリアライズã™ã‚‹ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã‚’é¸æŠžã§ãã¾ã™ã€‚é–¢æ•°ã«æ¸¡ã•れãŸã¨ãã«bufferãŒNULLã®å ´åˆã€szã¯WOLFSSLセッションをシリアライズã™ã‚‹ãŸã‚ã«å¿…è¦ãªãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã«è¨­å®šã•れã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€ä½¿ç”¨ã•れãŸãƒãƒƒãƒ•ã‚¡ã®é‡ãŒè¿”ã•れã¾ã™ã€‚ + \return Failure ã™ã¹ã¦ã®å¤±æ•—æ™‚ã®æˆ»ã‚Šå€¤ã¯0未満ã«ãªã‚Šã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf シリアライズã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -674,10 +690,11 @@ ... ret = wolfSSL_dtls_export(ssl, buf, bufSz); if (ret < 0) { - // handle error case + // エラーケースã®å‡¦ç† } ... \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_new \sa wolfSSL_CTX_dtls_set_export @@ -687,14 +704,16 @@ unsigned int* sz); /*! - \brief シリアライズã•れãŸTLSセッションをエクスãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - ã»ã¨ã‚“ã©ã®å ´åˆã€wolfSSL_tls_exportã®ä»£ã‚りã«wolfssl_get1_sessionを使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - 追加ã®ãƒ‡ãƒãƒƒã‚°æƒ…報をマクロWOLFSSL_SESSION_EXPORT_DEBUGを定義ã—ã¦è¡¨ç¤ºã§ãã¾ã™ã€‚ - 警告:bufã«ã¯ã€çŠ¶æ…‹ã«é–¢ã™ã‚‹æ©Ÿå¯†æƒ…å ±ãŒå«ã¾ã‚Œã¦ãŠã‚Šã€ä¿å­˜ã™ã‚‹å ´åˆã¯ä¿å­˜ã™ã‚‹å‰ã«æš—å·åŒ–ã•れるã®ãŒæœ€å–„ã§ã™ã€‚ + \brief シリアライズã•れãŸTLSセッションをエクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯æŽ¥ç¶šã®ã‚·ãƒªã‚¢ãƒ©ã‚¤ã‚ºã•れãŸçŠ¶æ…‹ã‚’ã‚¨ã‚¯ã‚¹ãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã™ã€‚ + ã»ã¨ã‚“ã©ã®å ´åˆã€wolfSSL_tls_exportã®ä»£ã‚りã«wolfSSL_get1_sessionを使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + 追加ã®ãƒ‡ãƒãƒƒã‚°æƒ…å ±ã¯ã€ãƒžã‚¯ãƒ­WOLFSSL_SESSION_EXPORT_DEBUGãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«è¡¨ç¤ºã§ãã¾ã™ã€‚ + 警告: bufã«ã¯çŠ¶æ…‹ã«é–¢ã™ã‚‹æ©Ÿå¯†æƒ…å ±ãŒå«ã¾ã‚Œã¦ã„ã‚‹ãŸã‚ã€ä¿å­˜ã™ã‚‹å ´åˆã¯æš—å·åŒ–ã—ã¦ã‹ã‚‰ä¿å­˜ã™ã‚‹ã“ã¨ãŒæœ€å–„ã§ã™ã€‚ + \return ãƒãƒƒãƒ•ã‚¡'buf'ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•° - \param ssl セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param buf シリアライズã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å‡ºåŠ›å…ˆãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz 出力先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \param ssl セッションをエクスãƒãƒ¼ãƒˆã™ã‚‹WOLFSSL構造体 + \param buf シリアライズã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å‡ºåŠ› + \param sz 'buf'ã«è¨­å®šã•れãŸãƒã‚¤ãƒˆå˜ä½ã®ã‚µã‚¤ã‚º \sa wolfSSL_dtls_import \sa wolfSSL_tls_import @@ -703,27 +722,17 @@ unsigned int* sz); /*! - \brief ã“ã®é–¢æ•°ã¯CTX用ã«é™çš„メモリ領域を設定ã™ã‚‹ç›®çš„ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 設定ã•れãŸé™çš„メモリ領域ã¯CTXã®æœ‰åŠ¹æœŸé–“ãŠã‚ˆã³CTXã‹ã‚‰ä½œæˆã•れãŸå…¨ã¦ã®SSLオブジェクトã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 引数ctxã«NULLを渡ã—ã€wolfSSL_method_func関数を渡ã™ã“ã¨ã«ã‚ˆã£ã¦ã€CTX自体ã®ä½œæˆã‚‚é™çš„メモリを使用ã—ã¾ã™ã€‚ - wolfssl_method_funcã¯æ¬¡ã®ã‚·ã‚°ãƒãƒãƒ£ã¨ãªã£ã¦ã„ã¾ã™:wolfssl_method *(* wolfssl_method_func)(void *heap)。 - 引数maxã«0を渡ã™ã¨ã€è¨­å®šã•れã¦ã„ãªã„ã‚‚ã®ã¨ã—ã¦å‹•作ã—ã€æœ€å¤§ã®åŒæ™‚使用制é™ãŒé©ç”¨ã•れã¾ã›ã‚“。 - 引数flagã«æ¸¡ã—ãŸå€¤ã«ã‚ˆã£ã¦ã€ãƒ¡ãƒ¢ãƒªã®ä½¿ç”¨æ–¹æ³•ã¨å‹•ä½œãŒæ±ºã¾ã‚Šã¾ã™ã€‚ - 利用å¯èƒ½ãªãƒ•ãƒ©ã‚°å€¤ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ï¼š - 0 - デフォルトã®ä¸€èˆ¬ãƒ¡ãƒ¢ãƒªã€ - WOLFMEM_IO_POOL - メッセージã®å—é€ä¿¡ã®éš›ã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¨ã—ã¦ä½¿ç”¨ã•れ渡ã•れãŸãƒãƒƒãƒ•ァ内ã®ã™ã¹ã¦ã®ãƒ¡ãƒ¢ãƒªãŒIOã«ä½¿ç”¨ã•れã¾ã™ã€ - WOLFMEM_IO_FIXED - WOLFMEM_IO_POOLã¨åŒã˜ã§ã™ãŒã€å„SSLã¯2ã¤ã®ãƒãƒƒãƒ•ァを自分ã®ãƒ©ã‚¤ãƒ•タイムã®é–“ä¿æŒã—ã¦ä½¿ç”¨ã—ã¾ã™ã€‚ - WOLFMEM_TRACK_STATS - å„SSLã¯å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªä½¿ç”¨çµ±è¨ˆã‚’追跡ã—ã¾ã™ã€‚ - - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ - \param method メソッド関数(例ãˆã°ã€wolfSSLv23_server_method_ex)ã§ctxãŒNULLã§ãªã„å ´åˆã¯NULLã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param buf ã™ã¹ã¦ã®æ“作ã«ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz 渡ã•れã¦ã„るメモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ - \param flag メモリã®ä½¿ç”¨ã‚¿ã‚¤ãƒ— - \param max åŒæ™‚ä½¿ç”¨ã®æœ€å¤§å€¤ + \brief ã“ã®é–¢æ•°ã¯ã€CTX用ã®é™çš„メモリを確ä¿ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚確ä¿ã•れãŸãƒ¡ãƒ¢ãƒªã¯ã€CTXã®ãƒ©ã‚¤ãƒ•タイム中ãŠã‚ˆã³CTXã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«ä½¿ç”¨ã•れã¾ã™ã€‚NULLã®ctxãƒã‚¤ãƒ³ã‚¿ã¨wolfSSL_method_func関数を渡ã™ã“ã¨ã§ã€CTX自体ã®ä½œæˆã‚‚é™çš„メモリを使用ã—ã¾ã™ã€‚wolfSSL_method_funcã¯ã€WOLFSSL_METHOD* (*wolfSSL_method_func)(void* heap);ã¨ã„ã†é–¢æ•°ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¡ã¾ã™ã€‚maxã«0を渡ã™ã¨ã€è¨­å®šã•れã¦ã„ãªã„ã‹ã®ã‚ˆã†ã«å‹•作ã—ã€æœ€å¤§åŒæ™‚使用制é™ã¯é©ç”¨ã•れã¾ã›ã‚“。渡ã•れãŸflag値ã¯ã€ãƒ¡ãƒ¢ãƒªã®ä½¿ç”¨æ–¹æ³•ã¨å‹•ä½œä¸­ã®æŒ™å‹•を決定ã—ã¾ã™ã€‚利用å¯èƒ½ãªãƒ•ãƒ©ã‚°ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™: 0 - デフォルトã®ä¸€èˆ¬ãƒ¡ãƒ¢ãƒªã€WOLFMEM_IO_POOL - メッセージã®é€å—信時ã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«ä½¿ç”¨ã•れã€ä¸€èˆ¬ãƒ¡ãƒ¢ãƒªã‚’オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã™ã‚‹ãŸã‚ã€æ¸¡ã•れãŸãƒãƒƒãƒ•ァ内ã®ã™ã¹ã¦ã®ãƒ¡ãƒ¢ãƒªãŒIOã«ä½¿ç”¨ã•れã¾ã™ã€WOLFMEM_IO_FIXED - WOLFMEM_IO_POOLã¨åŒã˜ã§ã™ãŒã€å„SSLãŒãƒ©ã‚¤ãƒ•タイム中ã«2ã¤ã®ãƒãƒƒãƒ•ã‚¡ã‚’ä¿æŒã—ã¾ã™ã€WOLFMEM_TRACK_STATS - å„SSLãŒå®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªçµ±è¨ˆã‚’追跡ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE 失敗時。 + + \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã€‚ + \param method プロトコルを作æˆã™ã‚‹é–¢æ•°ã€‚(ctxã‚‚NULLã§ãªã„å ´åˆã¯NULLã§ã‚ã‚‹ã¹ãã§ã™) + \param buf ã™ã¹ã¦ã®æ“作ã«ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã€‚ + \param sz 渡ã•れるメモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param flag メモリã®ã‚¿ã‚¤ãƒ—。 + \param max æœ€å¤§åŒæ™‚æ“作数。 _Example_ \code @@ -736,21 +745,22 @@ int IOSz = MAX; int flag = WOLFMEM_IO_FIXED | WOLFMEM_TRACK_STATS; ... - // create ctx also using static memory, start with general memory to use + // é™çš„メモリを使用ã—ã¦ctxも作æˆã€ä½¿ç”¨ã™ã‚‹ä¸€èˆ¬ãƒ¡ãƒ¢ãƒªã‹ã‚‰é–‹å§‹ ctx = NULL: ret = wolfSSL_CTX_load_static_memory(&ctx, wolfSSLv23_server_method_ex, memory, memorySz, 0, MAX_CONCURRENT_HANDSHAKES); if (ret != SSL_SUCCESS) { - // handle error case + // エラーケースã®å‡¦ç† } - // load in memory for use with IO + // IOã§ä½¿ç”¨ã™ã‚‹ãƒ¡ãƒ¢ãƒªã‚’ロード ret = wolfSSL_CTX_load_static_memory(&ctx, NULL, IO, IOSz, flag, MAX_CONCURRENT_IO); if (ret != SSL_SUCCESS) { - // handle error case + // エラーケースã®å‡¦ç† } ... \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_is_static_memory \sa wolfSSL_is_static_memory @@ -761,14 +771,13 @@ int flag, int max); /*! - \brief ã“ã®é–¢æ•°ã¯ç¾æ™‚ç‚¹ã®æŽ¥ç¶šã«é–¢ã™ã‚‹æŒ¯ã‚‹èˆžã„ã®å¤‰æ›´ã¯è¡Œã„ã¾ã›ã‚“。 - é™çš„メモリ使用é‡ã«é–¢ã™ã‚‹æƒ…報をåŽé›†ã™ã‚‹ãŸã‚ã«ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 1 CTXã®é™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return 0 é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯æŽ¥ç¶šã®å‹•作を変更ã›ãšã€é™çš„メモリã®ä½¿ç”¨çжæ³ã«é–¢ã™ã‚‹æƒ…報をåŽé›†ã™ã‚‹ãŸã‚ã«ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mem_stats é™çš„メモリã®ä½¿ç”¨é‡ã«é–¢ã™ã‚‹æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_MEM_STATS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return 1 CTXãŒé™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã«trueã¨ã—ã¦è¿”ã•れã¾ã™ã€‚ + \return 0 é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem_stats é™çš„メモリã®ä½¿ç”¨çжæ³ã«é–¢ã™ã‚‹æƒ…å ±ã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“。 _Example_ \code @@ -776,17 +785,18 @@ int ret; WOLFSSL_MEM_STATS mem_stats; ... - //get information about static memory with CTX + //CTXã«ã‚ˆã‚‹é™çš„メモリã«é–¢ã™ã‚‹æƒ…報をå–å¾— ret = wolfSSL_CTX_is_static_memory(ctx, &mem_stats); if (ret == 1) { - // handle case of is using static memory - // print out or inspect elements of mem_stats + // é™çš„メモリを使用ã—ã¦ã„るケースã®å‡¦ç† + // mem_statsã®è¦ç´ ã‚’出力ã¾ãŸã¯æ¤œæŸ» } if (ret == 0) { - //handle case of ctx not using static memory + //ctxãŒé™çš„メモリを使用ã—ã¦ã„ãªã„ケースã®å‡¦ç† } … \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_load_static_memory \sa wolfSSL_is_static_memory @@ -795,15 +805,13 @@ WOLFSSL_MEM_STATS* mem_stats); /*! - \brief wolfSSL_is_static_memory関数ã¯SSLã®é™çš„メモリ使用é‡ã«é–¢ã™ã‚‹æƒ…報を集ã‚ã¾ã™ã€‚ - 戻り値ã¯ã€é™çš„メモリãŒä½¿ç”¨ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã¾ã™ã€‚ - 引数sslã®ä¸Šä½ã®WOLFSSL_CTXã«é™çš„メモリを使用ã™ã‚‹ã‚ˆã†ã«æŒ‡å®šã—ã¦ã‚りã€WOLFMEM_TRACK_STATSãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã« - 引数mem_statsã«æƒ…å ±ãŒã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ - \return 1 é™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return 0 é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief wolfSSL_is_static_memoryã¯ã€SSLã®é™çš„メモリ使用状æ³ã«é–¢ã™ã‚‹æƒ…報をåŽé›†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚戻り値ã¯é™çš„メモリãŒä½¿ç”¨ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã€WOLFSSL_MEM_CONN_STATSã¯ã€é™çš„メモリをロードã™ã‚‹éš›ã«è¦ªCTXã«WOLFMEM_TRACK_STATSãƒ•ãƒ©ã‚°ãŒæ¸¡ã•れãŸå ´åˆã«ã®ã¿å…¥åŠ›ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mem_stats é™çš„メモリã®ä½¿ç”¨é‡ã«é–¢ã™ã‚‹æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_MEM_STATS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return 1 CTXãŒé™çš„メモリを使用ã—ã¦ã„ã‚‹å ´åˆã«trueã¨ã—ã¦è¿”ã•れã¾ã™ã€‚ + \return 0 é™çš„メモリを使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem_stats é™çš„メモリã®ä½¿ç”¨çжæ³ã‚’å«ã‚€æ§‹é€ ä½“。 _Example_ \code @@ -813,11 +821,12 @@ ... ret = wolfSSL_is_static_memory(ssl, mem_stats); if (ret == 1) { - // handle case when is static memory - // investigate elements in mem_stats if WOLFMEM_TRACK_STATS flag + // é™çš„メモリã®å ´åˆã®ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† + // WOLFMEM_TRACK_STATSフラグãŒã‚ã‚‹å ´åˆã€mem_stats内ã®è¦ç´ ã‚’調査 } ... \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_is_static_memory */ @@ -826,33 +835,29 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒ•ァイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ファイルã¯å¼•æ•°fileã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ - 引数formatã¯ã€ãƒ•ァイルã®ãƒ•ォーマットタイプ(SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM)を指定ã—ã¾ã™ã€‚ - é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚失敗ã—ãŸå ´åˆã®å¯èƒ½ãªåŽŸå› ã¨ã—ã¦ã¯ã€ - ファイルãŒèª¤ã£ãŸå½¢å¼ã®å ´åˆã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæŒ‡å®šã•れã¦ã„る〠- ã‚ã‚‹ã„ã¯ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€ã‚ã‚‹ã„ã¯èª­ã¿å–ã‚‹ã“ã¨ãŒã§ããªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„る〠- メモリä¸è¶³ãŒç™ºç”Ÿã€Base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã«å¤±æ•—ã—ã¦ã„ã‚‹ãªã©ã®åŽŸå› ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒ•ァイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ファイルã¯file引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚format引数ã¯ãƒ•ァイルã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã®ã„ãšã‚Œã‹ã§ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€exampleã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã€è€ƒãˆã‚‰ã‚Œã‚‹åŽŸå› ã«ã¯ã€ãƒ•ァイルãŒé–“é•ã£ãŸãƒ•ォーマットã§ã‚ã‚‹ã€ã¾ãŸã¯"format"引数を使用ã—ã¦é–“é•ã£ãŸãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæŒ‡å®šã•れã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ã¦ã„ã‚‹ã€ãƒ•ァイルã®Base16デコードãŒå¤±æ•—ã—ãŸã“ã¨ãªã©ãŒå«ã¾ã‚Œã¾ã™ã€‚ \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルパス文字列。 - \param format ロードã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒ•ォーマット:SSL_FILETYPE_ASN1 ã‚ã‚‹ã„㯠SSL_FILETYPE_PEM + \param file wolfSSL SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã•れる証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param format - fileãŒæŒ‡ã™è¨¼æ˜Žæ›¸ã®ãƒ•ォーマット。å¯èƒ½ãªã‚ªãƒ—ションã¯SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_use_certificate_file(ctx, “./client-cert.pemâ€, + ret = wolfSSL_CTX_use_certificate_file(ctx, "./client-cert.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading cert file + // 証明書ファイルã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_use_certificate_file \sa wolfSSL_use_certificate_buffer @@ -863,36 +868,28 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒ•ァイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ファイルã¯å¼•æ•°fileã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ - 引数formatã¯ã€æ¬¡ã®ãƒ•ァイルã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ï¼šSSL_FILETYPE_ASN1 ã‚ã‚‹ã„㯠SSL_FILETYPE_PEM。 - é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - 外部キーストアを使用ã—ã€ç§˜å¯†éµã‚’æŒã£ã¦ã„ãªã„å ´åˆã¯ã€ - 代ã‚りã«å…¬é–‹éµã‚’入力ã—ã¦cryptoコールãƒãƒƒã‚¯ã‚’登録ã—ã¦ç½²åを処ç†ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã“ã®ãŸã‚ã«ã¯ã€cryptoコールãƒãƒƒã‚¯ã¾ãŸã¯PKコールãƒãƒƒã‚¯ã‚’使用ã—ãŸã‚³ãƒ³ãƒ•ィギュレーションã§ãƒ“ルドã—ã¾ã™ã€‚ - cryptoコールãƒãƒƒã‚¯ã‚’有効ã«ã™ã‚‹ã«ã¯ã€--enable-cryptocbã¾ãŸã¯WOLF_CRYPTO_CBマクロを使用ã—〠- wc_CryptoCb_RegisterDeviceを使用ã—ã¦æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—〠- wolfSSL_CTX_SetDevIdを使用ã—ã¦é–¢é€£ã™ã‚‹devidを設定ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒ•ァイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ファイルã¯file引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚format引数ã¯ãƒ•ァイルã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ - SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€exampleã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + 外部キーストアを使用ã—ã¦ã„ã¦ç§˜å¯†éµã‚’æŒã£ã¦ã„ãªã„å ´åˆã€ä»£ã‚りã«å…¬é–‹éµã‚’æä¾›ã—ã€ç½²åを処ç†ã™ã‚‹ãŸã‚ã®æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã§ãã¾ã™ã€‚ã“れã«ã¯ã€æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯PKコールãƒãƒƒã‚¯ã®ã„ãšã‚Œã‹ã§ãƒ“ルドã§ãã¾ã™ã€‚æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’有効ã«ã™ã‚‹ã«ã¯ã€--enable-cryptocbã¾ãŸã¯WOLF_CRYPTO_CBã§ãƒ“ルドã—ã€wc_CryptoCb_RegisterDeviceを使用ã—ã¦æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—ã€wolfSSL_CTX_SetDevIdを使用ã—ã¦é–¢é€£ã™ã‚‹devIdを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE ファイルãŒé–“é•ã£ãŸãƒ•ォーマットã§ã‚ã‚‹ã€ã¾ãŸã¯"format"引数を使用ã—ã¦é–“é•ã£ãŸãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæŒ‡å®šã•れã¦ã„る。ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„る。メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ã¦ã„る。ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸã€‚ã‚­ãƒ¼ãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒã€ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„。 - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã®å¯èƒ½ãªåŽŸå› ã¨ã—ã¦ã¯ã€ - ファイルãŒèª¤ã£ãŸå½¢å¼ã®å ´åˆã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæŒ‡å®šã•れã¦ã„る〠- ã‚ã‚‹ã„ã¯ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€ã‚ã‚‹ã„ã¯èª­ã¿å–ã‚‹ã“ã¨ãŒã§ããªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„る〠- メモリä¸è¶³ãŒç™ºç”Ÿã€Base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ã«å¤±æ•—ã—ã¦ã„ã‚‹ãªã©ã®åŽŸå› ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ - \param ãªã— + \param none パラメータãªã—。 _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_use_PrivateKey_file(ctx, “./server-key.pemâ€, + ret = wolfSSL_CTX_use_PrivateKey_file(ctx, "./server-key.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading key file + // éµãƒ•ァイルã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_PrivateKey_buffer \sa wolfSSL_use_PrivateKey_file \sa wolfSSL_use_PrivateKey_buffer @@ -903,43 +900,37 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®CA証明書ファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ã“れらã®è¨¼æ˜Žæ›¸ã¯ã€ä¿¡é ¼ã§ãるルート証明書ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 引数fileã«ã‚ˆã£ã¦æä¾›ã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã®å ´åˆãŒã‚りã¾ã™ã€‚ - 複数ã®CA証明書ãŒåŒã˜ãƒ•ァイルã«å«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ァイルã«è¡¨ç¤ºã•れã¦ã„ã‚‹ã®ã¨åŒã˜é †åºã§ãれらをロードã—ã¾ã™ã€‚ - 引数pathã¯ã€ä¿¡é ¼ã§ãるルートCAã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ - 引数fileãŒNULLã§ã¯ãªã„å ´åˆã€ãƒ‘スãŒå¿…è¦ã§ãªã„å ´åˆã¯NULLã¨ã—ã¦æŒ‡å®šã§ãã¾ã™ã€‚ - 引数pathãŒæŒ‡å®šã•れã¦ã„ã¦ã‹ã¤NO_WOLFSSL_DIRãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã«ã¯ã€ - wolfSSLãƒ©ã‚¤ãƒ–ãƒ©ãƒªã¯æŒ‡å®šã•れãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«å­˜åœ¨ã™ã‚‹ã™ã¹ã¦ã®CA証明書をロードã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªå†…ã®ã™ã¹ã¦ã®ãƒ•ァイルをロードã—よã†ã¨ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€ãƒ˜ãƒƒãƒ€ãƒ¼ã« "-----BEGIN CERTIFICATE-----"ã‚’æŒã¤PEMフォーマットã•れãŸCERT_TYPEファイルを期待ã—ã¦ã„ã¾ã™ã€‚ - - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯ãƒ•ァイルã¨ãƒ‘スã®ä¸¡æ–¹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã€èª­ã¿è¾¼ã‚ãªã„å ´åˆã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒä½¿ç”¨æœŸé™å¾Œã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_PATH_ERROR opendir()ãŒãƒ‘スを開ã“ã†ã¨ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®CA証明書ファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“れらã®è¨¼æ˜Žæ›¸ã¯ä¿¡é ¼ã•れãŸãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚file引数ã«ã‚ˆã£ã¦æä¾›ã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã‚ã‚‹å ´åˆãŒã‚りã¾ã™ã€‚ + åŒã˜ãƒ•ァイルã«è¤‡æ•°ã®CA証明書ãŒå«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ã‚¡ã‚¤ãƒ«å†…ã«æç¤ºã•れãŸé †åºã§ãれらをロードã—ã¾ã™ã€‚path引数ã¯ã€ä¿¡é ¼ã•れãŸãƒ«ãƒ¼ãƒˆCAã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚fileã®å€¤ãŒNULLã§ãªã„å ´åˆã€å¿…è¦ã§ãªã‘れã°pathã‚’NULLã¨ã—ã¦æŒ‡å®šã§ãã¾ã™ã€‚pathãŒæŒ‡å®šã•れã€ãƒ©ã‚¤ãƒ–ラリã®ãƒ“ルド時ã«NO_WOLFSSL_DIRãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã€wolfSSLã¯æŒ‡å®šã•れãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚ã‚‹ã™ã¹ã¦ã®CA証明書をロードã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªå†…ã®ã™ã¹ã¦ã®ãƒ•ァイルをロードã—よã†ã¨ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒ˜ãƒƒãƒ€ãƒ¼"-----BEGIN CERTIFICATE-----"ã‚’æŒã¤PEMå½¢å¼ã®CERT_TYPEファイルを想定ã—ã¦ã„ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE ctxãŒNULLã®å ´åˆã€ã¾ãŸã¯fileã¨pathã®ä¸¡æ–¹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸãƒ•ォーマットã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒbefore dateよりå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒafter dateより後ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_PATH_ERROR pathã‚’é–‹ã“ã†ã¨ã—ãŸã¨ãã«opendir()ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param file PEMå½¢å¼ã®CA証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param path CA証明書をå«ã‚“ã§ã„るディレクトリã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’ロードã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_load_verify_locations(ctx, “./ca-cert.pemâ€, NULL); + ret = wolfSSL_CTX_load_verify_locations(ctx, "./ca-cert.pem", NULL); if (ret != WOLFSSL_SUCCESS) { - // error loading CA certs + // CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_locations_ex \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_file @@ -953,46 +944,37 @@ const char* path); /*! - \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®CA証明書ファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ã“れらã®è¨¼æ˜Žæ›¸ã¯ã€ä¿¡é ¼ã§ãるルート証明書ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 引数fileã«ã‚ˆã£ã¦æä¾›ã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã®å ´åˆãŒã‚りã¾ã™ã€‚ - 複数ã®CA証明書ãŒåŒã˜ãƒ•ァイルã«å«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ァイルã«è¡¨ç¤ºã•れã¦ã„ã‚‹ã®ã¨åŒã˜é †åºã§ãれらをロードã—ã¾ã™ã€‚ - 引数pathã¯ã€ä¿¡é ¼ã§ãるルートCAã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ - 引数fileãŒNULLã§ã¯ãªã„å ´åˆã€ãƒ‘スãŒå¿…è¦ã§ãªã„å ´åˆã¯NULLã¨ã—ã¦æŒ‡å®šã§ãã¾ã™ã€‚ - 引数pathãŒæŒ‡å®šã•れã¦ã„ã¦ã‹ã¤NO_WOLFSSL_DIRãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã«ã¯ã€ - wolfSSLãƒ©ã‚¤ãƒ–ãƒ©ãƒªã¯æŒ‡å®šã•れãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«å­˜åœ¨ã™ã‚‹ã™ã¹ã¦ã®CA証明書をロードã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯å¼•æ•°flagsã«åŸºã¥ã„ã¦ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªå†…ã®ã™ã¹ã¦ã®ãƒ•ァイルをロードã—よã†ã¨ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€ãƒ˜ãƒƒãƒ€ãƒ¼ã« "-----BEGIN CERTIFICATE-----"ã‚’æŒã¤PEMフォーマットã•れãŸCERT_TYPEファイルを期待ã—ã¦ã„ã¾ã™ã€‚ - - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯ãƒ•ァイルã¨ãƒ‘スã®ä¸¡æ–¹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã€èª­ã¿è¾¼ã‚ãªã„å ´åˆã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒä½¿ç”¨é–‹å§‹æ—¥ã‚ˆã‚Šå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒä½¿ç”¨æœŸé™å¾Œã‚ˆã‚Šå¾Œã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_PATH_ERROR opendir()ãŒãƒ‘スを開ã“ã†ã¨ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \ingroup CertsKeys - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file PEMå½¢å¼ã®CA証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param path CA証明書をå«ã‚“ã§ã„るディレクトリã®ãƒ•ォルダーパス - \param flags 指定å¯èƒ½ãªãƒžã‚¹ã‚¯å€¤: WOLFSSL_LOAD_FLAG_IGNORE_ERR, - WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY + \brief ã“ã®é–¢æ•°ã¯ã€PEMå½¢å¼ã®CA証明書ファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“れらã®è¨¼æ˜Žæ›¸ã¯ä¿¡é ¼ã•れãŸãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚file引数ã«ã‚ˆã£ã¦æä¾›ã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã‚ã‚‹å ´åˆãŒã‚りã¾ã™ã€‚ + åŒã˜ãƒ•ァイルã«è¤‡æ•°ã®CA証明書ãŒå«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ã‚¡ã‚¤ãƒ«å†…ã«æç¤ºã•れãŸé †åºã§ãれらをロードã—ã¾ã™ã€‚path引数ã¯ã€ä¿¡é ¼ã•れãŸãƒ«ãƒ¼ãƒˆCAã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚fileã®å€¤ãŒNULLã§ãªã„å ´åˆã€å¿…è¦ã§ãªã‘れã°pathã‚’NULLã¨ã—ã¦æŒ‡å®šã§ãã¾ã™ã€‚pathãŒæŒ‡å®šã•れã€ãƒ©ã‚¤ãƒ–ラリã®ãƒ“ルド時ã«NO_WOLFSSL_DIRãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã€wolfSSLã¯æŒ‡å®šã•れãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã‚ã‚‹ã™ã¹ã¦ã®CA証明書をロードã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒ•ラグã«åŸºã¥ã„ã¦ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªå†…ã®ã™ã¹ã¦ã®ãƒ•ァイルをロードã—よã†ã¨ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒ˜ãƒƒãƒ€ãƒ¼"-----BEGIN CERTIFICATE-----"ã‚’æŒã¤PEMå½¢å¼ã®CERT_TYPEファイルを想定ã—ã¦ã„ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE ctxãŒNULLã®å ´åˆã€ã¾ãŸã¯fileã¨pathã®ä¸¡æ–¹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚å°‘ãªãã¨ã‚‚1ã¤ã®è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«ãƒ­ãƒ¼ãƒ‰ã•れãŸãŒã€1ã¤ä»¥ä¸ŠãŒå¤±æ•—ã—ãŸå ´åˆã‚‚ã“れãŒè¿”ã•れã¾ã™ã€‚ç†ç”±ã«ã¤ã„ã¦ã¯ã‚¨ãƒ©ãƒ¼ã‚¹ã‚¿ãƒƒã‚¯ã‚’確èªã—ã¦ãã ã•ã„。 + \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸãƒ•ォーマットã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_PATH_ERROR pathã‚’é–‹ã“ã†ã¨ã—ãŸã¨ãã«opendir()ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file PEMå½¢å¼ã®CA証明書をå«ã‚€ãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’読ã¿è¾¼ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param flags 指定å¯èƒ½ãªãƒžã‚¹ã‚¯å€¤: WOLFSSL_LOAD_FLAG_IGNORE_ERR〠+ WOLFSSL_LOAD_FLAG_DATE_ERR_OKAYã€WOLFSSL_LOAD_FLAG_PEM_CA_ONLY _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, “./certs/external", + ret = wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, "./certs/external", WOLFSSL_LOAD_FLAG_PEM_CA_ONLY); if (ret != WOLFSSL_SUCCESS) { - // error loading CA certs + // CA証明書ã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_locations \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_file @@ -1003,18 +985,17 @@ \sa wolfSSL_use_certificate_chain_file */ int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, - const char* path, unsigned int flags); + const char* path, word32 flags); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_load_system_CA_certs ãŒå‘¼ã³å‡ºã•れãŸã¨ãã«ã€ - wolfSSLãŒã‚·ã‚¹ãƒ†ãƒ CA証明書を検索ã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’è¡¨ã™æ–‡å­—列ã®é…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_load_system_CA_certsãŒå‘¼ã³å‡ºã•れãŸã¨ãã«wolfSSLãŒã‚·ã‚¹ãƒ†ãƒ CA証明書を検索ã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’è¡¨ã™æ–‡å­—列ã®é…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚証明書をアクセスå¯èƒ½ãªã‚·ã‚¹ãƒ†ãƒ ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ä¿å­˜ã—ãªã„システム(Appleプラットフォームãªã©)ã§ã¯ã€ã“ã®é–¢æ•°ã¯å¸¸ã«NULLã‚’è¿”ã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯æ–‡å­—列é…列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 失敗時ã«è¿”ã—ã¾ã™ã€‚ + \return æˆåŠŸæ™‚ã¯æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã€‚ + \return 失敗時ã¯NULLãƒã‚¤ãƒ³ã‚¿ã€‚ - \param num word32型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚文字列é…列ã®é•·ã•ã‚’æ ¼ç´ã—ã¾ã™ã€‚ + \param num 文字列é…列ã®é•·ã•ãŒæ ¼ç´ã•れるword32ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1038,16 +1019,18 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€CA証明書をOSä¾å­˜ã®CA証明書ストアã‹ã‚‰WOLFSSL_CTXã«ãƒ­ãƒ¼ãƒ‰ã—よã†ã¨ã—ã¾ã™ã€‚ - ロードã•れãŸè¨¼æ˜Žæ›¸ã¯ä¿¡é ¼ã•れã¾ã™ã€‚ - サãƒãƒ¼ãƒˆãŠã‚ˆã³ãƒ†ã‚¹ãƒˆã•れã¦ã„るプラットフォームã¯ã€Linux(Debianã€Ubuntuã€Gentooã€Fedoraã€RHEL)〠- Windows 10/11ã€Androidã€Apple OS Xã€iOSã§ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_BAD_PATH システムCA証明書ãŒãƒ­ãƒ¼ãƒ‰ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_FAILURE ãã®ã»ã‹ã®ã‚¨ãƒ©ãƒ¼ç™ºç”Ÿæ™‚(Windowsè¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ãŒæ­£å¸¸ã«ã‚¯ãƒ­ãƒ¼ã‚ºã•れãªã„等) + \brief ã»ã¨ã‚“ã©ã®ãƒ—ラットフォーム(LinuxãŠã‚ˆã³Windowsã‚’å«ã‚€)ã«ãŠã„ã¦ã€ã“ã®é–¢æ•°ã¯OSä¾å­˜ã®CA証明書ストアã‹ã‚‰WOLFSSL_CTXã¸CA証明書を読ã¿è¾¼ã‚‚ã†ã¨è©¦ã¿ã¾ã™ã€‚読ã¿è¾¼ã¾ã‚ŒãŸè¨¼æ˜Žæ›¸ã¯ä¿¡é ¼ã•れã¾ã™ã€‚ + + Appleプラットフォーム(macOSを除ã)ã§ã¯ã€è¨¼æ˜Žæ›¸ã‚’システムã‹ã‚‰å–å¾—ã§ããªã„ãŸã‚ã€wolfSSL証明書マãƒãƒ¼ã‚¸ãƒ£ã«èª­ã¿è¾¼ã‚€ã“ã¨ãŒã§ãã¾ã›ã‚“。ã“れらã®ãƒ—ラットフォームã§ã¯ã€ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTXã«ãƒã‚¤ãƒ³ãƒ‰ã•れãŸTLS接続ã«ãŠã„ã¦ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã‚ˆã£ã¦èª­ã¿è¾¼ã¾ã‚ŒãŸè¨¼æ˜Žæ›¸ã«å¯¾ã—ã¦ãƒ”ア証明書ã®ä¿¡é ¼æ€§ã‚’最åˆã«èªè¨¼ã§ããªã„å ´åˆã«ã€ãƒã‚¤ãƒ†ã‚£ãƒ–システムã®ä¿¡é ¼APIを使用ã—ã¦ãƒ”ア証明書ãƒã‚§ãƒ¼ãƒ³ã®ä¿¡é ¼æ€§ã‚’検証ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + サãƒãƒ¼ãƒˆãŠã‚ˆã³ãƒ†ã‚¹ãƒˆã•れã¦ã„るプラットフォームã¯ã€Linux(Debianã€Ubuntu〠+ Gentooã€Fedoraã€RHEL)ã€Windows 10/11ã€Androidã€macOSã€ãŠã‚ˆã³iOSã§ã™ã€‚ + + \return æˆåŠŸæ™‚ã¯WOLFSSL_SUCCESS。 + \return システムCA証明書ãŒèª­ã¿è¾¼ã¾ã‚Œãªã‹ã£ãŸå ´åˆã¯WOLFSSL_BAD_PATH。 + \return ãã®ä»–ã®å¤±æ•—タイプã®å ´åˆã¯WOLFSSL_FAILURE(例: Windows証明書ストアãŒé©åˆ‡ã«é–‰ã˜ã‚‰ã‚Œãªã‹ã£ãŸå ´åˆ)。 - \param ctx wolfSSL_CTX_new()ã§ç”Ÿæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1056,7 +1039,7 @@ ... ret = wolfSSL_CTX_load_system_CA_certs(ctx,); if (ret != WOLFSSL_SUCCESS) { - // error loading system CA certs + // システムCA証明書ã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode @@ -1067,23 +1050,22 @@ */ int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx); - /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS/SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã™ã‚‹ã¨ãã«ãƒ”アを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’ロードã—ã¾ã™ã€‚ - ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«é€ä¿¡ã•れãŸãƒ”ア証明書ã¯ã€ã“ã®é–¢æ•°ã§æŒ‡å®šã•れãŸè¨¼æ˜Žæ›¸ã®SKIDã¨ç½²åを比較ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦æ¤œè¨¼ã•れã¾ã™ã€‚ - ã“れら2ã¤ã®ã“ã¨ãŒä¸€è‡´ã—ãªã„å ´åˆã¯ã€ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã«ã¯ãƒ­ãƒ¼ãƒ‰ã•れãŸCA証明書ãŒä½¿ç”¨ã•れã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã¯WOLFSSL_TRUST_PEER_CERTマクロを定義ã™ã‚‹ã“ã¨ã§æ©Ÿèƒ½ã‚’有効ã«ã§ãã¾ã™ã€‚ - é©åˆ‡ãªä½¿ç”¨æ³•ã¯ä¾‹ã‚’ã”覧ãã ã•ã„。 - - \return SSL_SUCCES æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯ä¸¡æ–¹ã®ãƒ•ァイルã¨ç¨®é¡žãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ç”Ÿæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file 証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€TLS/SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã™ã‚‹éš›ã«ãƒ”アを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’読ã¿è¾¼ã¿ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«é€ä¿¡ã•れるピア証明書ã¯ã€åˆ©ç”¨å¯èƒ½ãªå ´åˆã¯SKIDを使用ã—ã€ç½²åを使用ã—ã¦æ¯”較ã•れã¾ã™ã€‚ã“れら2ã¤ãŒä¸€è‡´ã—ãªã„å ´åˆã¯ã€èª­ã¿è¾¼ã¾ã‚ŒãŸCAãŒä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ãƒžã‚¯ãƒ­WOLFSSL_TRUST_PEER_CERTを定義ã™ã‚‹ã“ã¨ã§æœ‰åйã«ãªã‚Šã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ã€examplesã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return æˆåŠŸæ™‚ã¯SSL_SUCCES。 + \return ctxãŒNULLã®å ´åˆã€ã¾ãŸã¯fileã¨typeã®ä¸¡æ–¹ãŒç„¡åйãªå ´åˆã¯SSL_FAILUREãŒè¿”ã•れã¾ã™ã€‚ + \return ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã¯SSL_BAD_FILETYPEãŒè¿”ã•れã¾ã™ã€‚ + \return ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã¯SSL_BAD_FILEãŒè¿”ã•れã¾ã™ã€‚ + \return メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã¯MEMORY_EãŒè¿”ã•れã¾ã™ã€‚ + \return ファイルã«å¯¾ã™ã‚‹Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã¯ASN_INPUT_EãŒè¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file 証明書をå«ã‚€ãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type 読ã¿è¾¼ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã€ã™ãªã‚ã¡SSL_FILETYPE_ASN1 + ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code @@ -1091,13 +1073,14 @@ WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); ... - ret = wolfSSL_CTX_trust_peer_cert(ctx, “./peer-cert.pemâ€, + ret = wolfSSL_CTX_trust_peer_cert(ctx, "./peer-cert.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading trusted peer cert + // ä¿¡é ¼ã•れãŸãƒ”ア証明書ã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_file \sa wolfSSL_CTX_use_PrivateKey_file @@ -1112,28 +1095,27 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’SSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - 証明書ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã¯å¼•æ•°fileã«ã‚ˆã£ã¦æä¾›ã•れã€PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€æœ€å¤§MAX_CHAIN_DEPTH(既定ã§9ã€internal.hã§å®šç¾©ã•れã¦ã„る)数ã®è¨¼æ˜Žæ›¸ã‚’処ç†ã—ã¾ã™ã€‚ - ã“ã®æ•°ã«ã¯ã‚µãƒ–ジェクト証明書をå«ã¿ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã€å¯èƒ½ãªåŽŸå› ã¨ã—ã¦ã¯ï¼šèª¤ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã€ - ã¾ãŸã¯ã€Œformatã€å¼•数を使用ã—ã¦èª¤ã£ãŸãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæŒ‡å®šã•れã¦ã„ã‚‹å ´åˆã€ - ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªæž¯æ¸‡ãªã©ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ç”Ÿæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’SSLコンテキスト(WOLFSSL_CTX)ã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚証明書ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã¯file引数ã«ã‚ˆã£ã¦æä¾›ã•れã€PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€MAX_CHAIN_DEPTH(デフォルト = 9ã€internal.hã§å®šç¾©)個ã¾ã§ã®è¨¼æ˜Žæ›¸ã¨ã€ã‚µãƒ–ジェクト証明書を処ç†ã—ã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã¯SSL_SUCCESS。 + \return 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã¯SSL_FAILURE。考ãˆã‚‰ã‚Œã‚‹åŽŸå› ã«ã¯ã€ãƒ•ァイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯ã€Œformatã€å¼•数を使用ã—ã¦é–“é•ã£ãŸå½¢å¼ãŒæŒ‡å®šã•れã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãªã©ãŒã‚りã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file wolfSSL SSLコンテキストã«èª­ã¿è¾¼ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚証明書ã¯PEMå½¢å¼ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_use_certificate_chain_file(ctx, “./cert-chain.pemâ€); + ret = wolfSSL_CTX_use_certificate_chain_file(ctx, "./cert-chain.pem"); if (ret != SSL_SUCCESS) { - // error loading cert file + // 証明書ファイルã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_certificate_file \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_use_certificate_file @@ -1144,32 +1126,29 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã§ä½¿ç”¨ã•れã¦ã„ã‚‹RSA秘密éµã‚’SSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOpenSSL互æ›APIãŒæœ‰åŠ¹ï¼ˆ--enable-openSSLExtraã€#define OPENSSL_EXTRA)ã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã€ - より一般的ã«ä½¿ç”¨ã•れã¦ã„ã‚‹wolfSSL_CTX_use_PrivateKey_file()関数ã¨åŒã˜ã§ã™ã€‚ - ファイル引数ã«ã¯ã€RSA秘密éµãƒ•ァイルã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒã€å¼•æ•°formatã§æŒ‡å®šã•れãŸå½¢å¼ã§å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - 失敗ã®åŽŸå› ã«ã¯æ¬¡ãŒè€ƒãˆã‚‰ã‚Œã¾ã™ï¼šå…¥åŠ›éµãƒ•ァイルãŒèª¤ã£ãŸå½¢å¼ã§ã‚る〠- ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸå½¢å¼ãŒä¸Žãˆã‚‰ã‚Œã¦ã„ã‚‹å ´åˆã€ - ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿è¾¼ã‚ãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã§æŒ‡å®šã•れãŸå½¢å¼ã§ã€WolfSSL SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã•れるRSA秘密éµã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param format RSA秘密éµã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰å½¢å¼ã‚’指定ã—ã¾ã™ã€‚指定å¯èƒ½ãªãƒ•ォーマット値ã¯ï¼šSSL_FILETYPE_PEM 㨠SSL_FILETYPE_ASN1 + \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã§ä½¿ç”¨ã•れるプライベートRSAéµã‚’SSLコンテキスト(WOLFSSL_CTX)ã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOpenSSL互æ›ãƒ¬ã‚¤ãƒ¤ãƒ¼ã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れãŸå ´åˆ(--enable-opensslExtraã€#define OPENSSL_EXTRA)ã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã‚りã€ã‚ˆã‚Šä¸€èˆ¬çš„ã«ä½¿ç”¨ã•れるwolfSSL_CTX_use_PrivateKey_file()関数ã¨åŒä¸€ã§ã™ã€‚file引数ã«ã¯ã€formatå¼•æ•°ã§æŒ‡å®šã•れãŸå½¢å¼ã®RSAプライベートéµãƒ•ァイルã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒå«ã¾ã‚Œã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã¯SSL_SUCCESS。 + \return 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã¯SSL_FAILURE。考ãˆã‚‰ã‚Œã‚‹åŽŸå› ã«ã¯ã€å…¥åŠ›éµãƒ•ァイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯ã€Œformatã€å¼•数を使用ã—ã¦é–“é•ã£ãŸå½¢å¼ãŒæŒ‡å®šã•れã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãªã©ãŒã‚りã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file wolfSSL SSLコンテキストã«èª­ã¿è¾¼ã¾ã‚Œã‚‹RSAプライベートéµã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚å½¢å¼ã¯formatå¼•æ•°ã§æŒ‡å®šã•れã¾ã™ã€‚ + \param format fileå¼•æ•°ã§æŒ‡å®šã•れãŸRSAプライベートéµã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªå€¤ã«ã¯ã€SSL_FILETYPE_PEMãŠã‚ˆã³SSL_FILETYPE_ASN1ãŒå«ã¾ã‚Œã¾ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_use_RSAPrivateKey_file(ctx, “./server-key.pemâ€, + ret = wolfSSL_CTX_use_RSAPrivateKey_file(ctx, "./server-key.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading private key file + // プライベートéµãƒ•ァイルã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_PrivateKey_buffer \sa wolfSSL_CTX_use_PrivateKey_file \sa wolfSSL_use_RSAPrivateKey_file @@ -1180,9 +1159,13 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€æœ‰åйãªã‚»ãƒƒã‚·ãƒ§ãƒ³ï¼ˆNULL以外ã®å¼•æ•°sslï¼‰ãŒæŒ‡å®šã•れãŸå ´åˆã«ã€ãƒ‡ãƒ•ォルトã§9ã®æœ€å¤§ãƒã‚§ãƒ¼ãƒ³æ·±åº¦ã‚’è¿”ã—ã¾ã™ã€‚ - \return MAX_CHAIN_DEPTH WOLFSSL構造体ãŒNULLã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚デフォルトã§ã¯å€¤ã¯9ã§ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æœ‰åйãªã‚»ãƒƒã‚·ãƒ§ãƒ³(ã¤ã¾ã‚Šã€éžNULLã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクト(ssl)ãŒå­˜åœ¨ã™ã‚‹å ´åˆ)ã«å¯¾ã—ã¦è¨±å¯ã•れる最大ãƒã‚§ãƒ¼ãƒ³æ·±åº¦ã‚’è¿”ã—ã¾ã™ã€‚デフォルトã¯9ã§ã™ã€‚ + + \return WOLFSSL構造体ãŒNULLã§ãªã„å ´åˆã¯MAX_CHAIN_DEPTHãŒè¿”ã•れã¾ã™ã€‚デフォルトã§ã¯å€¤ã¯9ã§ã™ã€‚ + \return WOLFSSL構造体ãŒNULLã®å ´åˆã¯BAD_FUNC_ARGãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1192,34 +1175,40 @@ long sslDep = wolfSSL_get_verify_depth(ssl); if(sslDep > EXPECTED){ - // The verified depth is greater than what was expected + // 検証ã•ã‚ŒãŸæ·±åº¦ã¯æœŸå¾…値よりも大ãã„ } else { - // The verified depth is smaller or equal to the expected value + // 検証ã•ã‚ŒãŸæ·±åº¦ã¯æœŸå¾…値以下 } \endcode + \sa wolfSSL_CTX_get_verify_depth */ long wolfSSL_get_verify_depth(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体構造を使用ã—ã¦è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³æ·±åº¦ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return MAX_CHAIN_DEPTH WOLFSSL_CTX構造体ãŒNULLã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚最大証明書ãƒã‚§ãƒ¼ãƒ³ãƒ”ア深度ã®å®šæ•°è¡¨ç¾ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€CTX構造体を使用ã—ã¦è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã®æ·±åº¦ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return CTX構造体ãŒNULLã§ãªã„å ´åˆã¯MAX_CHAIN_DEPTHãŒè¿”ã•れã¾ã™ã€‚最大証明書ãƒã‚§ãƒ¼ãƒ³ãƒ”ア深度ã®å®šæ•°è¡¨ç¾ã§ã™ã€‚ + \return CTX構造体ãŒNULLã®å ´åˆã¯BAD_FUNC_ARGãŒè¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - WOLFSSL_METHOD method; // protocol method + WOLFSSL_METHOD method; // プロトコルメソッド WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method); … long ret = wolfSSL_CTX_get_verify_depth(ctx); if(ret == EXPECTED){ - // You have the expected value + // 期待値をå–å¾—ã—ã¾ã—㟠} else { - // Handle an unexpected depth + // 予期ã—ãªã„æ·±åº¦ã‚’å‡¦ç† } \endcode + \sa wolfSSL_CTX_use_certificate_chain_file \sa wolfSSL_get_verify_depth */ @@ -1227,30 +1216,29 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒ•ァイルをSSLセッション(WOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - 証明書ファイルã¯ãƒ•ァイル引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ - 引数formatã¯ã€ãƒ•ァイルã®ãƒ•ォーマットタイプ(SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM)を指定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - å¯èƒ½ãªåŽŸå› ã«ã¯æ¬¡ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚りã¾ã™ã€‚ - ファイルãŒèª¤ã£ãŸå½¢å¼ã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸå½¢å¼ãŒä¸Žãˆã‚‰ã‚ŒãŸã€ - メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã§Base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ãŒå¤±æ•—ã—㟠- \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file WOLFSSL構造体ã«ãƒ­ãƒ¼ãƒ‰ã•れる証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param format 証明書ファイルã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰å½¢å¼ã‚’指定ã—ã¾ã™ã€‚指定å¯èƒ½ãªãƒ•ォーマット値ã¯ï¼šSSL_FILETYPE_PEM 㨠SSL_FILETYPE_ASN1 + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒ•ァイルをSSLセッション(WOLFSSL構造体)ã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚証明書ファイルã¯file引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚format引数ã¯ã€ãƒ•ァイルã®å½¢å¼ã‚¿ã‚¤ãƒ—(SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM)を指定ã—ã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã¯SSL_SUCCESS。 + \return 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã¯SSL_FAILURE。考ãˆã‚‰ã‚Œã‚‹åŽŸå› ã«ã¯ã€ãƒ•ァイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯ã€Œformatã€å¼•数を使用ã—ã¦é–“é•ã£ãŸå½¢å¼ãŒæŒ‡å®šã•れã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã«å¯¾ã™ã‚‹Base16デコードãŒå¤±æ•—ã—ãŸã€ãªã©ãŒã‚りã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file wolfSSL SSLセッションã«èª­ã¿è¾¼ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚å½¢å¼ã¯formatå¼•æ•°ã§æŒ‡å®šã•れã¾ã™ã€‚ + \param format fileå¼•æ•°ã§æŒ‡å®šã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªå€¤ã«ã¯ã€SSL_FILETYPE_PEMãŠã‚ˆã³SSL_FILETYPE_ASN1ãŒå«ã¾ã‚Œã¾ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL* ssl; ... - ret = wolfSSL_use_certificate_file(ssl, “./client-cert.pemâ€, + ret = wolfSSL_use_certificate_file(ssl, "./client-cert.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading cert file + // 証明書ファイルã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_certificate_file \sa wolfSSL_use_certificate_buffer @@ -1259,36 +1247,31 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒ•ァイルをSSLセッション(WOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - éµãƒ•ァイルã¯å¼•æ•°fileã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ - 引数formatã¯ã€ãƒ•ァイルã®ã‚¿ã‚¤ãƒ—(SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMãŒæŒ‡å®šå¯ï¼‰ã‚’指定ã—ã¾ã™ã€‚ - 外部キーストアを使用ã—ã€ç§˜å¯†éµã‚’æŒã£ã¦ã„ãªã„å ´åˆã¯ã€ä»£ã‚りã«å…¬é–‹éµã‚’入力ã—ã¦CryProコールãƒãƒƒã‚¯ã‚’登録ã—ã¦ç½²åを処ç†ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã“ã®ãŸã‚ã«ã¯ã€Cryptoコールãƒãƒƒã‚¯ã¾ãŸã¯PKコールãƒãƒƒã‚¯ã‚’使用ã—ãŸã‚³ãƒ³ãƒ•ィグレーションã§ãƒ“ルドã—ã¾ã™ã€‚ - Cryptoコールãƒãƒƒã‚¯ã‚’有効ã«ã™ã‚‹ã«ã¯ã€--enable-cryptocbã¾ãŸã¯WOLF_CRYPTO_CBマクロを使用ã—ã¦ãƒ“ルドã—〠- wc_CryptoCb_RegisterDeviceを使用ã—ã¦æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—〠- wolfSSL_SetDevIdを使用ã—ã¦é–¢é€£ã™ã‚‹devIdを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - å¯èƒ½ãªåŽŸå› ã«ã¯æ¬¡ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚りã¾ã™ã€‚ - ファイルãŒèª¤ã£ãŸå½¢å¼ã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸå½¢å¼ãŒä¸Žãˆã‚‰ã‚ŒãŸã€ - メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã§Base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ãŒå¤±æ•—ã—㟠- \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file WOLFSSL構造体ã«ãƒ­ãƒ¼ãƒ‰ã•れる証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param format 秘密éµãƒ•ァイルã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰å½¢å¼ã‚’指定ã—ã¾ã™ã€‚指定å¯èƒ½ãªãƒ•ォーマット値ã¯ï¼šSSL_FILETYPE_PEM 㨠SSL_FILETYPE_ASN1 + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ—ライベートéµãƒ•ァイルをSSLセッション(WOLFSSL構造体)ã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚éµãƒ•ァイルã¯file引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚format引数ã¯ã€ãƒ•ァイルã®å½¢å¼ã‚¿ã‚¤ãƒ—(SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM)を指定ã—ã¾ã™ã€‚ + + 外部éµã‚¹ãƒˆã‚¢ã‚’使用ã—ã¦ã„ã¦ãƒ—ライベートéµã‚’æŒã£ã¦ã„ãªã„å ´åˆã¯ã€ä»£ã‚りã«å…¬é–‹éµã‚’æä¾›ã—ã€ç½²åを処ç†ã™ã‚‹ãŸã‚ã®æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ã“れã«ã¯ã€æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯PKコールãƒãƒƒã‚¯ã®ã„ãšã‚Œã‹ã‚’有効ã«ã—ã¦ãƒ“ルドã—ã¾ã™ã€‚æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’有効ã«ã™ã‚‹ã«ã¯ã€--enable-cryptocbã¾ãŸã¯WOLF_CRYPTO_CBを使用ã—ã€wc_CryptoCb_RegisterDeviceを使用ã—ã¦æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—ã€wolfSSL_SetDevIdを使用ã—ã¦é–¢é€£ã™ã‚‹devIdを設定ã—ã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã¯SSL_SUCCESS。 + \return 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã¯SSL_FAILURE。考ãˆã‚‰ã‚Œã‚‹åŽŸå› ã«ã¯ã€ãƒ•ァイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯ã€Œformatã€å¼•数を使用ã—ã¦é–“é•ã£ãŸå½¢å¼ãŒæŒ‡å®šã•れã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã«å¯¾ã™ã‚‹Base16デコードãŒå¤±æ•—ã—ãŸã€éµãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„ã€ãªã©ãŒã‚りã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file wolfSSL SSLセッションã«èª­ã¿è¾¼ã¾ã‚Œã‚‹éµãƒ•ァイルをå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚å½¢å¼ã¯formatå¼•æ•°ã§æŒ‡å®šã•れã¾ã™ã€‚ + \param format fileå¼•æ•°ã§æŒ‡å®šã•れãŸéµã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªå€¤ã«ã¯ã€SSL_FILETYPE_PEMãŠã‚ˆã³SSL_FILETYPE_ASN1ãŒå«ã¾ã‚Œã¾ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL* ssl; ... - ret = wolfSSL_use_PrivateKey_file(ssl, “./server-key.pemâ€, + ret = wolfSSL_use_PrivateKey_file(ssl, "./server-key.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading key file + // éµãƒ•ァイルã®èª­ã¿è¾¼ã¿ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_PrivateKey_buffer \sa wolfSSL_CTX_use_PrivateKey_file \sa wolfSSL_use_PrivateKey_buffer @@ -1299,29 +1282,26 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’SSLセッションWOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - 証明書ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã¯å¼•æ•°fileã«ã‚ˆã£ã¦æä¾›ã•れã€PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€MAX_CHAIN_DEPTH(既定ã§9ã€internal.hã§å®šç¾©ã•れã¦ã„る)証明書ã«åŠ ãˆã¦ã€ã‚µãƒ–ジェクト証明書を処ç†ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - å¯èƒ½ãªåŽŸå› ã«ã¯æ¬¡ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚りã¾ã™ï¼š - ファイルãŒèª¤ã£ãŸå½¢å¼ã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸå½¢å¼ãŒä¸Žãˆã‚‰ã‚ŒãŸã€ - メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã§base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ãŒå¤±æ•—ã—㟠- \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file WOLFSSL構造体ã«ãƒ­ãƒ¼ãƒ‰ã•れる証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 証明書ã¯PEMå½¢å¼ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã®ãƒã‚§ãƒ¼ãƒ³ã‚’SSLセッション(WOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚証明書ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã¯fileå¼•æ•°ã§æŒ‡å®šã•れã€PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚“ã§ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€MAX_CHAIN_DEPTH(デフォルト = 9ã€internal.hã§å®šç¾©)個ã¾ã§ã®è¨¼æ˜Žæ›¸ã¨ã€ã‚µãƒ–ジェクト証明書を処ç†ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã€è€ƒãˆã‚‰ã‚Œã‚‹åŽŸå› ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™:ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯"format"引数ã§ä¸Žãˆã‚‰ã‚ŒãŸå½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—㟠+ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param file wolfSSL SSLセッションã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚証明書ã¯PEMå½¢å¼ã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 _Example_ \code int ret = 0; WOLFSSL* ctx; ... - ret = wolfSSL_use_certificate_chain_file(ssl, “./cert-chain.pemâ€); + ret = wolfSSL_use_certificate_chain_file(ssl, "./cert-chain.pem"); if (ret != SSL_SUCCESS) { - // error loading cert file + // 証明書ファイルã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_certificate_chain_file \sa wolfSSL_CTX_use_certificate_chain_buffer \sa wolfSSL_use_certificate_chain_buffer @@ -1330,29 +1310,29 @@ /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã§ä½¿ç”¨ã•れã¦ã„ã‚‹RSA秘密éµã‚’SSLセッション(WOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOpenSSL互æ›APIを有効(--enable-openSSlExtraã€#define OPENSSL_EXTRA)ã§ãƒ“ルドã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã€ - より一般的ã«ä½¿ç”¨ã•れるwolfSSL_use_PrivateKey_file()関数ã¨åŒã˜ã§ã™ã€‚ - 引数fileã«ã¯ã€RSA秘密éµãƒ•ァイルã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒã€ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã§æŒ‡å®šã•れãŸå½¢å¼ã§å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - å¯èƒ½ãªåŽŸå› ã«ã¯æ¬¡ã®ã‚ˆã†ãªã‚‚ã®ãŒã‚りã¾ã™ï¼š - ファイルãŒèª¤ã£ãŸå½¢å¼ã€ã¾ãŸã¯å¼•æ•°formatを使用ã—ã¦èª¤ã£ãŸå½¢å¼ãŒä¸Žãˆã‚‰ã‚ŒãŸã€ - メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸã€ãƒ•ァイルã§Base16ã®ãƒ‡ã‚³ãƒ¼ãƒ‰ãŒå¤±æ•—ã—㟠- \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã§ä½¿ç”¨ã•れるプライベートRSAéµã‚’SSLセッション(WOLFSSL構造体)ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOpenSSL互æ›ãƒ¬ã‚¤ãƒ¤ãƒ¼ã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆ(--enable-opensslExtraã€#define OPENSSL_EXTRA)ã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã‚りã€ã‚ˆã‚Šä¸€èˆ¬çš„ã«ä½¿ç”¨ã•れるwolfSSL_use_PrivateKey_file()関数ã¨åŒä¸€ã§ã™ã€‚file引数ã¯ã€formatã§æŒ‡å®šã•れãŸå½¢å¼ã®RSAプライベートéµãƒ•ァイルã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å«ã¿ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ + \return SSL_FAILURE 関数呼ã³å‡ºã—ãŒå¤±æ•—ã—ãŸå ´åˆã€è€ƒãˆã‚‰ã‚Œã‚‹åŽŸå› ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™:入力éµãƒ•ァイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ã¾ãŸã¯"format"引数ã§ä¸Žãˆã‚‰ã‚ŒãŸå½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹ã€ãƒ•ァイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹ã€ãƒ¡ãƒ¢ãƒªä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—㟠+ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param file wolfSSL SSLセッションã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹RSAプライベートéµã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€å½¢å¼ã¯formatã§æŒ‡å®šã•れã¾ã™ã€‚ + \param format fileã§æŒ‡å®šã•れãŸRSAプライベートéµã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_PEMã¨SSL_FILETYPE_ASN1ã§ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL* ssl; ... - ret = wolfSSL_use_RSAPrivateKey_file(ssl, “./server-key.pemâ€, + ret = wolfSSL_use_RSAPrivateKey_file(ssl, "./server-key.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading private key file + // プライベートéµãƒ•ァイルã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_use_RSAPrivateKey_file \sa wolfSSL_CTX_use_PrivateKey_buffer \sa wolfSSL_CTX_use_PrivateKey_file @@ -1363,32 +1343,29 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯wolfSSL_CTX_load_verify_locationsã¨ä¼¼ã¦ã„ã¾ã™ãŒã€ - DERフォーマットã•れãŸCAファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™ã€‚ - ãれã¯ã¾ã PEMå½¢å¼ã®CAファイルをロードã™ã‚‹ãŸã‚ã«ã‚‚使用ã•れるã‹ã‚‚ã—れã¾ã›ã‚“。 - ã“れらã®è¨¼æ˜Žæ›¸ã¯ã€ä¿¡é ¼ã§ãるルート証明書ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - ファイル引数ã«ã‚ˆã£ã¦æä¾›ã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã‚‚å¯èƒ½ã€‚ - 複数ã®CA証明書ãŒåŒã˜ãƒ•ァイルã«å«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ァイルã«è¡¨ç¤ºã•れã¦ã„ã‚‹ã®ã¨åŒã˜é †åºã§ãれらをロードã—ã¾ã™ã€‚ - 引数formatã¯ã€è¨¼æ˜Žæ›¸ãŒSSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1(DER)ã®ã„ãšã‚Œã‹ã«ã‚ã‚‹å½¢å¼ã‚’指定ã—ã¾ã™ã€‚ - wolfSSL_CTX_load_verify_locationsã¨ã¯ç•°ãªã‚Šã€ã“ã®é–¢æ•°ã¯ç‰¹å®šã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒ‘スã‹ã‚‰ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚’許å¯ã—ã¾ã›ã‚“。 - ã“ã®é–¢æ•°ã¯ã€wolfSSLライブラリãŒWOLFSSL_DER_LOADマクロãŒå®šç¾©ã•れãŸçŠ¶æ…‹ã§ãƒ“ルドã•れãŸã¨ãã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param file wolfssl SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã•れるCA証明書をå«ã‚€ãƒ•ァイルã®åå‰ã‚’ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆã§æŒ‡å®šã•れãŸå½¢å¼ã§æŒ‡å®šã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯wolfSSL_CTX_load_verify_locationsã«ä¼¼ã¦ã„ã¾ã™ãŒã€DERå½¢å¼ã®CAファイルをSSLコンテキスト(WOLFSSL_CTX)ã«ãƒ­ãƒ¼ãƒ‰ã§ãã¾ã™ã€‚PEMå½¢å¼ã®CAファイルをロードã™ã‚‹ãŸã‚ã«ã‚‚使用ã§ãã¾ã™ã€‚ã“れらã®è¨¼æ˜Žæ›¸ã¯ä¿¡é ¼ã•れãŸãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã¨ã—ã¦æ‰±ã‚れã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚fileå¼•æ•°ã§æŒ‡å®šã•れるルート証明書ファイルã¯ã€å˜ä¸€ã®è¨¼æ˜Žæ›¸ã¾ãŸã¯è¤‡æ•°ã®è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã§ã‚ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚複数ã®CA証明書ãŒåŒã˜ãƒ•ァイルã«å«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ãƒ•ã‚¡ã‚¤ãƒ«å†…ã§æç¤ºã•れãŸé †åºã§ãれらをロードã—ã¾ã™ã€‚format引数ã¯ã€è¨¼æ˜Žæ›¸ã®å½¢å¼ãŒSSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1(DER)ã®ã„ãšã‚Œã‹ã§ã‚ã‚‹ã“ã¨ã‚’指定ã—ã¾ã™ã€‚wolfSSL_CTX_load_verify_locationsã¨ã¯ç•°ãªã‚Šã€ã“ã®é–¢æ•°ã¯æŒ‡å®šã•れãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒ‘スã‹ã‚‰ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚’許å¯ã—ã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ã€wolfSSLライブラリãŒWOLFSSL_DER_LOADを定義ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ã®ã¿åˆ©ç”¨å¯èƒ½ã§ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE 失敗時。 + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param file wolfSSL SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹CA証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€å½¢å¼ã¯formatã§æŒ‡å®šã•れã¾ã™ã€‚ + \param format fileã§æŒ‡å®šã•れãŸè¨¼æ˜Žæ›¸ã®ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‡ã‚£ãƒ³ã‚°ã‚¿ã‚¤ãƒ—。指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_PEMã¨SSL_FILETYPE_ASN1ã§ã™ã€‚ _Example_ \code int ret = 0; WOLFSSL_CTX* ctx; ... - ret = wolfSSL_CTX_der_load_verify_locations(ctx, “./ca-cert.derâ€, + ret = wolfSSL_CTX_der_load_verify_locations(ctx, "./ca-cert.der", SSL_FILETYPE_ASN1); if (ret != SSL_SUCCESS) { - // error loading CA certs + // CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_locations \sa wolfSSL_CTX_load_verify_buffer */ @@ -1397,9 +1374,13 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€æ‰€æœ›ã®SSL/TLSプロトコル用メソッド構造体を引数ã«å–ã£ã¦ã€æ–°ã—ã„SSLコンテキストを作æˆã—ã¾ã™ã€‚ - \return pointer æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 失敗時ã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›ã¨ã—ã¦å¸Œæœ›ã™ã‚‹SSL/TLSプロトコルメソッドをå–ã‚Šã€æ–°ã—ã„SSLコンテキストを作æˆã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_CTXã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 失敗時。 + + \param method SSLコンテキストã«ä½¿ç”¨ã™ã‚‹å¸Œæœ›ã®WOLFSSL_METHODã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“れã¯ã€SSL/TLS/DTLSプロトコルレベルを指定ã™ã‚‹ãŸã‚ã®wolfSSLvXX_XXXX_method()関数ã®ã„ãšã‚Œã‹ã‚’使用ã—ã¦ä½œæˆã•れã¾ã™ã€‚ _Example_ \code @@ -1408,23 +1389,28 @@ method = wolfSSLv3_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_new */ WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD*); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã™ã§ã«ä½œæˆã•れãŸSSLコンテキスト(WOLFSSL_CTX)を入力ã¨ã—ã¦ã€æ–°ã—ã„SSLセッション(WOLFSSL)を作æˆã—ã¾ã™ã€‚ - \return æˆåŠŸã—ãŸå ´åˆã€æ–°ã—ã作æˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 失敗時ã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æ—¢ã«ä½œæˆã•れãŸSSLコンテキストを入力ã¨ã—ã¦å–ã‚Šã€æ–°ã—ã„SSLセッションを作æˆã—ã¾ã™ã€‚ + + \return * æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸwolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 失敗時。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1435,25 +1421,29 @@ ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•—ã—ã¾ã—㟠} ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // SSL object creation failed + // SSLオブジェクトã®ä½œæˆã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_new */ WOLFSSL* wolfSSL_new(WOLFSSL_CTX*); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã®å…¥å‡ºåŠ›æ©Ÿèƒ½ã¨ã—ã¦ãƒ•ァイル記述å­(fd)を割り当ã¦ã¾ã™ã€‚通常ã“れã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイル記述å­ã«ãªã‚Šã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param fd SSL/TLS接続ã«ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ•ァイルディスクリプタ(fd)ã‚’SSL接続ã®å…¥å‡ºåŠ›æ©Ÿèƒ½ã¨ã—ã¦å‰²ã‚Šå½“ã¦ã¾ã™ã€‚通常ã€ã“れã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイルディスクリプタã«ãªã‚Šã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 失敗時。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fd SSL/TLS接続ã§ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ。 _Example_ \code @@ -1463,27 +1453,27 @@ ret = wolfSSL_set_fd(ssl, sockfd); if (ret != SSL_SUCCESS) { - // failed to set SSL file descriptor + // SSLファイルディスクリプタã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_SetIOReadCtx \sa wolfSSL_SetIOWriteCtx */ -int wolfSSL_set_fd (WOLFSSL* ssl, int fd); +int wolfSSL_set_fd(WOLFSSL* ssl, int fd); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ãƒ•ァイルディスクリプタ(fd)ã‚’SSLコãƒã‚¯ã‚·ãƒ§ãƒ³ã®å…¥å‡ºåŠ›æ‰‹æ®µã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ - 通常ã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ã‚¡ã‚¤ãƒ«ãƒ‡ã‚£ã‚¹ã‚¯ãƒªãƒ—ã‚¿ãŒæŒ‡å®šã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯DTLS専用ã®APIã§ã‚りã€ã‚½ã‚±ãƒƒãƒˆã¯æŽ¥ç¶šæ¸ˆã¿ã¨ãƒžãƒ¼ã‚¯ã•れã¾ã™ã€‚ - ã—ãŸãŒã£ã¦ã€ä¸Žãˆã‚‰ã‚ŒãŸfdã«å¯¾ã™ã‚‹recvfromã¨sendto呼ã³å‡ºã—ã§ã®addrã¨addr_lenã¯NULLã«è¨­å®šã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ•ァイルディスクリプタ(fd)ã‚’SSL接続ã®å…¥å‡ºåŠ›æ©Ÿèƒ½ã¨ã—ã¦å‰²ã‚Šå½“ã¦ã¾ã™ã€‚通常ã€ã“れã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイルディスクリプタã«ãªã‚Šã¾ã™ã€‚ã“れã¯ã€ã‚½ã‚±ãƒƒãƒˆãŒæŽ¥ç¶šã•れã¦ã„ã‚‹ã“ã¨ã‚’マークã™ã‚‹ãŸã‚ã€DTLS固有ã®APIã§ã™ã€‚ã“ã®fdã«å¯¾ã™ã‚‹recvfromãŠã‚ˆã³sendto呼ã³å‡ºã—ã¯ã€addrãŠã‚ˆã³addr_lenパラメータãŒNULLã«è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 失敗時。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param fd SSL/TLSコãƒã‚¯ã‚·ãƒ§ãƒ³ã«ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ。 + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fd SSL/TLS接続ã§ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ。 _Example_ \code @@ -1491,14 +1481,15 @@ WOLFSSL* ssl = 0; ... if (connect(sockfd, peer_addr, peer_addr_len) != 0) { - // handle connect error + // æŽ¥ç¶šã‚¨ãƒ©ãƒ¼ã‚’å‡¦ç† } ... ret = wolfSSL_set_dtls_fd_connected(ssl, sockfd); if (ret != SSL_SUCCESS) { - // failed to set SSL file descriptor + // SSLファイルディスクリプタã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_SetIOReadCtx @@ -1510,37 +1501,30 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯DTLS ClientHelloãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒæ­£ã—ã処ç†ã§ããŸéš›ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚ - クッキー交æ›ãƒ¡ã‚«ãƒ‹ã‚ºãƒ ã‚’使用ã™ã‚‹å ´åˆ(DTLS1.2ã®HelloVerifyRequest ã‹ - DTLS1.3ã®ã‚¯ãƒƒã‚­ãƒ¼æ‹¡å¼µã‚’ä¼´ã£ãŸHelloRetryRequestã®ã„ãšã‚Œã‹ã‚’使用ã™ã‚‹å ´åˆ)ã«ã¯ã€ - クッキー交æ›ãŒæˆåŠŸã—ãŸæ™‚点ã§ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã¯ã²ã¨ã¤ã®WOLFSSLオブジェクトを新ãŸãªæŽ¥ç¶šã‚’å¾…ã¡å—ã‘るリスナーã¨ã—ã¦ä½¿ã„, - ClientHelloãŒæ¤œè¨¼ã•れãŸWOLFSSLオブジェクトã‹ã‚‰çµ¶ç¸ã•ã›ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã“ã®å ´åˆã®æ¤œè¨¼ã¯ã‚¯ãƒƒã‚­ãƒ¼äº¤æ›ã‹ClientHelloãŒæ­£ã—ã„フォーマットã«ãªã£ã¦ã„ã‚‹ã‹ã®ãƒã‚§ãƒƒã‚¯ã«ã‚ˆã£ã¦ãªã•れã¾ã™ã€‚ - + \brief æ­£ã—ã処ç†ãŠã‚ˆã³æ¤œè¨¼ã•れãŸDTLSクライアントhelloã«å¯¾ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãã¾ã™ã€‚クッキー交æ›ãƒ¡ã‚«ãƒ‹ã‚ºãƒ (DTLS 1.2ã®HelloVerifyRequestã¾ãŸã¯ã‚¯ãƒƒã‚­ãƒ¼æ‹¡å¼µã‚’ä¼´ã†DTLS 1.3ã®HelloRetryRequest)を使用ã™ã‚‹å ´åˆã€ã“ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã‚¯ãƒƒã‚­ãƒ¼äº¤æ›ãŒæˆåŠŸã—ãŸå¾Œã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€1ã¤ã®WOLFSSLオブジェクトを新ã—ã„æŽ¥ç¶šã®ãƒªã‚¹ãƒŠãƒ¼ã¨ã—ã¦ä½¿ç”¨ã—ã€ClientHelloãŒæ¤œè¨¼ã•れãŸå¾Œ(クッキー交æ›ã‚’通ã˜ã¦ã€ã¾ãŸã¯ClientHelloãŒæ­£ã—ã„å½¢å¼ã§ã‚ã‚‹ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã ã‘ã§)ã«WOLFSSLオブジェクトを分離ã§ãるよã†ã«ã™ã‚‹ã®ã«å½¹ç«‹ã¡ã¾ã™ã€‚ DTLS 1.2: https://datatracker.ietf.org/doc/html/rfc6347#section-4.2.1 DTLS 1.3: https://www.rfc-editor.org/rfc/rfc8446#section-4.2.2 - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 失敗時。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param fd SSL/TLSコãƒã‚¯ã‚·ãƒ§ãƒ³ã«ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ。 + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fd SSL/TLS接続ã§ä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタ。 _Example_ \code - // Called when we have verified a connection + // 接続を検証ã—ãŸã¨ãã«å‘¼ã³å‡ºã•れã¾ã™ static int chGoodCb(WOLFSSL* ssl, void* arg) { - // setup peer and file descriptors + // ピアã¨ãƒ•ァイルディスクリプタを設定 } if (wolfDTLS_SetChGoodCb(ssl, chGoodCb, NULL) != WOLFSSL_SUCCESS) { - // error setting callback + // コールãƒãƒƒã‚¯è¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode @@ -1551,12 +1535,12 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯å¼•æ•°ã§æ¸¡ã•れãŸå„ªå…ˆé †ä½ã®æš—å·å(Cipher)文字列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \brief 渡ã•れãŸå„ªå…ˆåº¦ãƒ¬ãƒ™ãƒ«ã§ã®æš—å·ã®åå‰ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯æš—å·å(Cipher)文字列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 å¼•æ•°ã§æ¸¡ã•れãŸå„ªå…ˆé †ä½ãŒç¯„囲外ã‹ã‚ã‚‹ã„ã¯ç„¡åйãªå€¤ã§ã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return string æˆåŠŸ + \return 0 優先度ãŒç¯„囲外ã¾ãŸã¯ç„¡åйã§ã™ã€‚ - \param priority æ•´æ•°å€¤ã§æŒ‡å®šã™ã‚‹å„ªå…ˆé †ä½ + \param priority æš—å·ã®å„ªå…ˆåº¦ãƒ¬ãƒ™ãƒ«ã‚’è¡¨ã™æ•´æ•°ã€‚ _Example_ \code @@ -1570,24 +1554,28 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯wolfSSã§æœ‰åŠ¹åŒ–ã•れã¦ã„ã‚‹æš—å·å(Cipher)ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数bufãŒNULLã®å ´åˆã€ã¾ãŸã¯å¼•æ•°lenãŒã‚¼ãƒ­ä»¥ä¸‹ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ãŒå分ã«å¤§ãããªãã€ã‚ªãƒ¼ãƒãƒ¼ãƒ•ローã™ã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param buf 文字列を格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param len ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLã§æœ‰åйã«ãªã£ã¦ã„ã‚‹æš—å·ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG bufパラメータãŒNULLã¾ãŸã¯len引数ãŒã‚¼ãƒ­ä»¥ä¸‹ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ãŒå分ã«å¤§ãããªãオーãƒãƒ¼ãƒ•ローã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param buf ãƒãƒƒãƒ•ァを表ã™charãƒã‚¤ãƒ³ã‚¿ã€‚ + \param len ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code static void ShowCiphers(void){ - char* ciphers; - int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); + char* ciphers; + int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); - if(ret == SSL_SUCCES){ - printf(“%s\nâ€, ciphers); + if(ret == SSL_SUCCESS){ + printf("%s\n", ciphers); } } \endcode + \sa GetCipherNames \sa wolfSSL_get_cipher_list \sa ShowCiphers @@ -1596,25 +1584,29 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã‚’wolfSSL_get_cipher_name_internalã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ã€DHE-RSAã®å½¢å¼ã®æš—å·åã‚’å–å¾—ã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯ä¸€è‡´ã—ãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL エラーã¾ãŸã¯æš—å·ãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°ã‚’wolfSSL_get_cipher_name_internalã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ã€DHE-RSAå½¢å¼ã§æš—å·åã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return string ã“ã®é–¢æ•°ã¯ã€ãƒžãƒƒãƒã—ãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL エラーã¾ãŸã¯æš—å·ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); WOLFSSL* ssl = wolfSSL_new(ctx); … - char* cipherS = wolfSSL_get_cipher_name(ssl); + char* cipher = wolfSSL_get_cipher_name(ssl); if(cipher == NULL){ - // There was not a cipher suite matched + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãŒãƒžãƒƒãƒã—ã¾ã›ã‚“ã§ã—㟠} else { - // There was a cipher suite matched - printf(“%s\nâ€, cipherS); + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãŒãƒžãƒƒãƒã—ã¾ã—㟠+ printf("%s\n", cipherS); } \endcode + \sa wolfSSL_CIPHER_get_name \sa wolfSSL_get_current_cipher \sa wolfSSL_get_cipher_name_internal @@ -1623,8 +1615,11 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã®å…¥å‡ºåŠ›æ©Ÿèƒ½ã¨ã—ã¦ä½¿ç”¨ã•れるファイル記述å­(fd)ã‚’è¿”ã—ã¾ã™ã€‚通常ã“れã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイル記述å­ã«ãªã‚Šã¾ã™ã€‚ - \return fd æˆåŠŸæ™‚ã«ã¯SSLセッションã«é–¢é€£ã¤ã‘られã¦ã„るファイル記述å­ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã®å…¥åŠ›æ©Ÿèƒ½ã¨ã—ã¦ä½¿ç”¨ã•れる読ã¿å–りファイル記述å­(fd)ã‚’è¿”ã—ã¾ã™ã€‚通常ã€ã“れã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイル記述å­ã«ãªã‚Šã¾ã™ã€‚ + \return fd æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯SSLセッションファイルディスクリプタを返ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1634,22 +1629,46 @@ sockfd = wolfSSL_get_fd(ssl); ... \endcode + + \sa wolfSSL_set_fd + \sa wolfSSL_set_read_fd + \sa wolfSSL_set_write_fd +*/ +int wolfSSL_get_fd(const WOLFSSL* ssl); + +/*! + \ingroup IO + + \brief ã“ã®é–¢æ•°ã¯ã€SSL接続ã®å‡ºåŠ›æ©Ÿèƒ½ã¨ã—ã¦ä½¿ç”¨ã•れる書ãè¾¼ã¿ãƒ•ァイルディスクリプタ(fd)ã‚’è¿”ã—ã¾ã™ã€‚通常ã¯ã‚½ã‚±ãƒƒãƒˆãƒ•ァイルディスクリプタã«ãªã‚Šã¾ã™ã€‚ + + \return fd æˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯SSLセッションファイルディスクリプタを返ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + int sockfd; + WOLFSSL* ssl = 0; + ... + sockfd = wolfSSL_get_wfd(ssl); + ... + \endcode + \sa wolfSSL_set_fd + \sa wolfSSL_set_read_fd + \sa wolfSSL_set_write_fd */ -int wolfSSL_get_fd(const WOLFSSL*); +int wolfSSL_get_wfd(const WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSLオブジェクトã«åŸºç¤Žã¨ãªã‚‹I/OãŒãƒŽãƒ³ãƒ–ロックã§ã‚ã‚‹ã“ã¨ã‚’通知ã—ã¾ã™ã€‚ - アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãƒ–ロッキング以外ã®ã‚½ã‚±ãƒƒãƒˆã§ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€ - wolfssl_set_using_nonblock()を呼ã³å‡ºã—ã¾ã™ã€‚ - ã“れã«ã‚ˆã‚Šã€wolfsslオブジェクトã¯ã€EWOULDBLOCKã‚’å—ä¿¡ã™ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return ãªã— - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param nonblock WOLFSSLオブジェクトã«ãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã™ã‚‹ã“ã¨ã‚’通知ã™ã‚‹ãƒ•ラグ。 - 1を指定ã™ã‚‹ã“ã¨ã§ãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã™ã‚‹ã“ã¨ã‚’指定ã™ã‚‹ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSLオブジェクトã«å¯¾ã—ã¦ã€ä¸‹å±¤ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹ã“ã¨ã‚’通知ã—ã¾ã™ã€‚アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãれをノンブロッキングソケットã¨å…±ã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€wolfSSL_set_using_nonblock()を呼ã³å‡ºã—ã¦ãã ã•ã„。ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€EWOULDBLOCKã‚’å—ã‘å–ã‚‹ã“ã¨ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã§ã¯ãªãã€recvfrom呼ã³å‡ºã—ãŒãƒ–ロックã™ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã¨èªè­˜ã§ãã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param nonblock WOLFSSLオブジェクトã®ãƒŽãƒ³ãƒ–ロッキングフラグを設定ã™ã‚‹ãŸã‚ã®å€¤ã€‚ノンブロッキングを指定ã™ã‚‹å ´åˆã¯1ã‚’ã€ãã†ã§ãªã„å ´åˆã¯0を使用ã—ã¦ãã ã•ã„。 _Example_ \code @@ -1657,6 +1676,7 @@ ... wolfSSL_set_using_nonblock(ssl, 1); \endcode + \sa wolfSSL_get_using_nonblock \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_get_current_timeout @@ -1665,13 +1685,13 @@ /*! \ingroup IO - \brief ã“ã®æ©Ÿèƒ½ã«ã‚ˆã‚Šã€wolfSSLãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’アプリケーションãŒåˆ¤æ–­ã§ãã¾ã™ã€‚ - wolfSSLãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ã€‚ - アプリケーションãŒWOLFSSLオブジェクトを生æˆã—ãŸå¾Œã«wolfSSL_set_using_nonblock()を呼ã³å‡ºã—ã¦ãƒŽãƒ³ãƒ–ロッキングソケットを使ã†ã¨ã“ã®é–¢æ•°ã¯ï¼‘ã‚’è¿”ã—ã¾ã™ã€‚ - ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€recevfromãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã›ãšä»£ã‚りã«EWOULDBLOCKã‚’å—ä¿¡ã™ã‚‹ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚ - \return 0 基礎ã¨ãªã‚‹I/OãŒãƒ–ロックã•れã¦ã„ã¾ã™ã€‚ - \return 1 基礎ã¨ãªã‚‹I/Oã¯éžãƒ–ロッキングã§ã™ã€‚ + \brief ã“ã®é–¢æ•°ã«ã‚ˆã‚Šã€ã‚¢ãƒ—リケーションã¯wolfSSLãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’判定ã§ãã¾ã™ã€‚wolfSSLãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã€ãれ以外ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãれをノンブロッキングソケットã¨å…±ã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€wolfSSL_set_using_nonblock()を呼ã³å‡ºã—ã¦ãã ã•ã„。ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€EWOULDBLOCKã‚’å—ã‘å–ã‚‹ã“ã¨ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã§ã¯ãªãã€recvfrom呼ã³å‡ºã—ãŒãƒ–ロックã™ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã¨èªè­˜ã§ãã¾ã™ã€‚ + + \return 0 下層ã®I/OãŒãƒ–ロッキングã§ã™ã€‚ + \return 1 下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã§ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1680,35 +1700,32 @@ ... ret = wolfSSL_get_using_nonblock(ssl); if (ret == 1) { - // underlying I/O is non-blocking + // 下層ã®I/Oã¯ãƒŽãƒ³ãƒ–ロッキング } ... \endcode + \sa wolfSSL_set_session */ int wolfSSL_get_using_nonblock(WOLFSSL*); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡ã‚ã‚‹ã„ã¯ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ã€SSL接続ã«å¯¾ã—ã¦ã€szãƒã‚¤ãƒˆã‚’書ãè¾¼ã¿ã¾ã™ã€‚ - å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_write()ã®å‘¼ã³å‡ºã—時点ã§ã¯ã¾ã wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ãŒã¾ã å‘¼ã³å‡ºã•れã¦ã„ãªã„å ´åˆã€SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ - wolfSSL_write()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒŽãƒ³ãƒ–ロッキングã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€wolfSSL_write()ãŒè¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã‚‰wolfSSL_write()ã¯é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰ã™ãã«æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ - ãã®çµæžœã€åŸºç¤Žã¨ãªã‚‹I/OãŒæº–å‚™ãŒã§ããŸã‚‰ã€å‘¼ã³å‡ºã—å´ãƒ—ロセスã¯wolfssl_write()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€WolfSSL_WRITE()ã¯ã€ã‚µã‚¤ã‚ºSZã®ãƒãƒƒãƒ•ァデータãŒå®Œå…¨ã«æ›¸ã‹ã‚ŒãŸã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰ã€æˆ»ã‚‹ã ã‘ã§ã™ã€‚ - - \return æˆåŠŸæ™‚ã«ã¯æ›¸ã込んã ãƒã‚¤ãƒˆæ•°ï¼ˆ1以上)を返ã—ã¾ã™ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸã¨ãã€ã¾ãŸã¯éžãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã¯ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒå—ä¿¡ã•れã€å†åº¦WOLFSSL_WRITE()を呼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ピアã«é€ä¿¡ã•れるデータをå«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz é€ä¿¡ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡dataã‹ã‚‰szãƒã‚¤ãƒˆã‚’SSL接続sslã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfSSL_write()ã¯SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚(D)TLSv1.3を使用ã—ã¦ã„ã¦early data機能ãŒã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯ãƒ‡ãƒ¼ã‚¿é€ä¿¡ãŒå¯èƒ½ã«ãªã‚‹ã¾ã§ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’進ã‚ã¾ã™ã€‚次ã®wolfSSL_Connect()ã€wolfSSL_Accept()ã€wolfSSL_read()ã®å‘¼ã³å‡ºã—ã§ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã¾ã™ã€‚wolfSSL_write()ã¯ã€ãƒ–ロッキングã¨ãƒŽãƒ³ãƒ–ロッキングã®ä¸¡æ–¹ã®I/Oã§å‹•作ã—ã¾ã™ã€‚下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€wolfSSL_write()ã¯ã€ä¸‹å±¤ã®I/OãŒwolfSSL_write()を継続ã™ã‚‹ãŸã‚ã«å¿…è¦ãªè¦æ±‚を満ãŸã›ãªããªã£ãŸæ™‚点ã§è¿”ã•れã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€ä¸‹å±¤ã®I/Oã®æº–å‚™ãŒã§ããŸã‚‰ã€wolfSSL_write()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚下層ã®I/OãŒãƒ–ロッキングã®å ´åˆã€wolfSSL_write()ã¯ã€ã‚µã‚¤ã‚ºszã®ãƒãƒƒãƒ•ァデータãŒå®Œå…¨ã«æ›¸ãè¾¼ã¾ã‚Œã‚‹ã‹ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§è¿”ã•れã¾ã›ã‚“。 + + \return >0 æˆåŠŸæ™‚ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return 0 失敗時ã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹å ´åˆã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーをå—ã‘å–りã€ã‚¢ãƒ—リケーションãŒwolfSSL_write()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data ピアã«é€ä¿¡ã•れるデータãƒãƒƒãƒ•ァ。 + \param sz ピアã«é€ä¿¡ã™ã‚‹ãƒ‡ãƒ¼ã‚¿(data)ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 _Example_ \code WOLFSSL* ssl = 0; - char msg[64] = “hello wolfssl!â€; + char msg[64] = "hello wolfssl!"; int msgSz = (int)strlen(msg); int flags; int ret; @@ -1716,9 +1733,10 @@ ret = wolfSSL_write(ssl, msg, msgSz); if (ret <= 0) { - // wolfSSL_write() failed, call wolfSSL_get_error() + // wolfSSL_write()ãŒå¤±æ•—ã€wolfSSL_get_error()を呼ã³å‡ºã™ } \endcode + \sa wolfSSL_send \sa wolfSSL_read \sa wolfSSL_recv @@ -1727,23 +1745,16 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€SSLセッション(ssl)ã®å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰szãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ァデータã«èª­ã¿å‡ºã—ã¾ã™ã€‚ - 読ã¿å–られãŸãƒã‚¤ãƒˆã¯å†…部å—ä¿¡ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å‰Šé™¤ã•れã¾ã™ã€‚ - å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_read()ã®å‘¼ã³å‡ºã—時点ã§ã¯ã¾ã wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ãŒã¾ã å‘¼ã³å‡ºã•れã¦ã„ãªã„å ´åˆã€SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ - SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚ºã®SSLレコードを使用ã—ã¾ã™ï¼ˆæœ€å¤§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚µã‚¤ã‚ºã¯ /wolfssl/internal.h)。 - ãã®ãŸã‚ã€wolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·ã™ã‚‹ã“ã¨ãŒã§ãã‚‹å‰ã«ã€SSLレコード全体を内部的ã«èª­ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®ãŸã‚ã€wolfSSL_read()ã¸ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - 検索ã•ã‚Œã€æ¬¡å›žã®wolfSSL_read()ã¸ã®å‘¼ã³å‡ºã—ã§å¾©å·ã•れる内部wolfSSLå—ä¿¡ãƒãƒƒãƒ•ã‚¡ã§å¾…機ã—ã¦ã„ãªã„追加ã®å¾©å·ãƒ‡ãƒ¼ã‚¿ãŒã‚ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“。 - szãŒå†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šå¤§ãã„å ´åˆã€wolfSSL_read()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã§ä½¿ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - BYTESãŒå†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ãƒãƒƒãƒ•ã‚¡ã•れã¦ã„ãªã„å ´åˆã¯ã€wolfSSL_read()ã¸ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガーã—ã¾ã™ã€‚ - - \return æˆåŠŸæ™‚ã«ã¯èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ï¼ˆ1以上)を返ã—ã¾ã™ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ï¼ˆé€šçŸ¥ã‚¢ãƒ©ãƒ¼ãƒˆã‚’é–‰ã˜ã‚‹ï¼‰ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³ã¾ãŸã¯ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸã ã‘ã§ã‚ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - 特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸã¨ãã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒå—ä¿¡ã•れã€å†åº¦wolfSSL_read()を呼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data wolfSSL_read()ãŒèª­ã¿å–るデータを格ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã«èª­ã¿å–るデータã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッション(ssl)ã®å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰szãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ã‚¡dataã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚読ã¿å–られãŸãƒã‚¤ãƒˆã¯å†…部å—ä¿¡ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å‰Šé™¤ã•れã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfSSL_read()ã¯SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚ºãŒ16kBã®SSLレコードを使用ã—ã¾ã™(最大レコードサイズã¯ã€/wolfssl/internal.h内ã®MAX_RECORD_SIZE定義ã§åˆ¶å¾¡ã§ãã¾ã™)。ãã®ãŸã‚ã€wolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·ã§ãるよã†ã«ãªã‚‹å‰ã«ã€SSLレコード全体を内部的ã«èª­ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®ãŸã‚ã€wolfSSL_read()ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズã®ã¿ã‚’è¿”ã™ã“ã¨ãŒã§ãã¾ã™ã€‚内部wolfSSLå—ä¿¡ãƒãƒƒãƒ•ã‚¡ã«ã¯ã€ã¾ã å¾©å·ã•れã¦ã„ãªã„追加データãŒå¾…機ã—ã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚りã€ã“ã‚Œã¯æ¬¡ã®wolfSSL_read()呼ã³å‡ºã—ã§å–å¾—ãŠã‚ˆã³å¾©å·ã•れã¾ã™ã€‚szãŒå†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šã‚‚大ãã„å ´åˆã€SSL_read()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã§åˆ©ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚内部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ã¾ã ãƒã‚¤ãƒˆãŒãƒãƒƒãƒ•ァリングã•れã¦ã„ãªã„å ´åˆã€wolfSSL_read()ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガã—ã¾ã™ã€‚ + + \return >0 æˆåŠŸæ™‚ã«èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return 0 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³(close notifyアラート)ã¾ãŸã¯ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸã“ã¨ãŒåŽŸå› ã§ã‚ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹å ´åˆã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーをå—ã‘å–りã€ã‚¢ãƒ—リケーションãŒwolfSSL_read()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data wolfSSL_read()ãŒèª­ã¿å–ã£ãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sz dataã«èª­ã¿è¾¼ã‚€ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code @@ -1753,12 +1764,12 @@ input = wolfSSL_read(ssl, reply, sizeof(reply)); if (input > 0) { - // “input†number of bytes returned into buffer “reply†+ // ãƒãƒƒãƒ•ã‚¡"reply"ã«"input"ãƒã‚¤ãƒˆãŒè¿”ã•れ㟠} - See wolfSSL examples (client, server, echoclient, echoserver) for more - complete examples of wolfSSL_read(). + wolfSSL_read()ã®ã‚ˆã‚Šå®Œå…¨ãªä¾‹ã«ã¤ã„ã¦ã¯ã€wolfSSLã®ä¾‹(clientã€serverã€echoclientã€echoserver)ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 \endcode + \sa wolfSSL_recv \sa wolfSSL_write \sa wolfSSL_peek @@ -1768,13 +1779,16 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯SSLセッション(SSL)内部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰SZãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ァデータã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å†…部SSLセッションå—ä¿¡ãƒãƒƒãƒ•ァ内ã®ãƒ‡ãƒ¼ã‚¿ãŒå‰Šé™¤ã•れã¦ã„ãªã„ã‹å¤‰æ›´ã•れã¦ã„ãªã„ã“ã¨ã‚’除ã„ã¦ã€wolfssl_read()ã¨åŒã˜ã§ã™ã€‚å¿…è¦ã«å¿œã˜ã¦ã€wolfssl_read()ã®ã‚ˆã†ã«ã€wolfssl_peek()ã¯ã¾ã wolfssl_connect()ã¾ãŸã¯wolfssl_accept()ã«ã‚ˆã£ã¦ã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfssl_peek()ã¯SSL / TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚ºã®SSLレコードを使用ã—ã¾ã™ï¼ˆæœ€å¤§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚µã‚¤ã‚ºã¯ /wolfssl/internal.h)。ãã®ãŸã‚ã€WolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·åŒ–ã™ã‚‹ã“ã¨ãŒã§ãã‚‹å‰ã«ã€SSLレコード全体を内部的ã«èª­ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®ãŸã‚ã€wolfssl_peek()ã¸ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·åŒ–ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ wolfssl_peek()/ wolfssl_read()ã¸ã®æ¬¡ã®å‘¼ã³å‡ºã—ã§æ¤œç´¢ãŠã‚ˆã³å¾©å·åŒ–ã•れる内部WolfSSLå—ä¿¡ãƒãƒƒãƒ•ァ内ã§å¾…機ã—ã¦ã„ãªã„追加ã®å¾©å·åŒ–データãŒã‚ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“。 SZãŒå†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šã‚‚大ãã„å ´åˆã€SSL_PEEK()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã§ä½¿ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ãƒã‚¤ãƒˆãŒå†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ãƒãƒƒãƒ•ã‚¡ã•れã¦ã„ãªã„å ´åˆã€Wolfssl_peek()ã¸ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガーã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ï¼ˆ1以上)を返ã—ã¾ã™ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ï¼ˆé€šçŸ¥ã‚¢ãƒ©ãƒ¼ãƒˆã‚’é–‰ã˜ã‚‹ï¼‰ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³ã¾ãŸã¯ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸã ã‘ã§ã‚ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸã¨ãã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒå—ä¿¡ã•れã€å†åº¦wolfSSL_peek()を呼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data wolfSSL_peek()ãŒãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–ã‚‹ãƒãƒƒãƒ•ァー。 - \param sz ãƒãƒƒãƒ•ã‚¡ã«èª­ã¿å–るデータã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッション(ssl)ã®å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰szãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ã‚¡dataã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€å†…部SSLセッションå—ä¿¡ãƒãƒƒãƒ•ァ内ã®ãƒ‡ãƒ¼ã‚¿ãŒå‰Šé™¤ã¾ãŸã¯å¤‰æ›´ã•れãªã„点を除ã„ã¦ã€wolfSSL_read()ã¨åŒã˜ã§ã™ã€‚wolfSSL_read()ã¨åŒæ§˜ã«ã€å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfSSL_peek()ã¯SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚ºãŒ16kBã®SSLレコードを使用ã—ã¾ã™(最大レコードサイズã¯ã€/wolfssl/internal.h内ã®MAX_RECORD_SIZE定義ã§åˆ¶å¾¡ã§ãã¾ã™)。ãã®ãŸã‚ã€wolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·ã§ãるよã†ã«ãªã‚‹å‰ã«ã€SSLレコード全体を内部的ã«èª­ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®ãŸã‚ã€wolfSSL_peek()ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズã®ã¿ã‚’è¿”ã™ã“ã¨ãŒã§ãã¾ã™ã€‚内部wolfSSLå—ä¿¡ãƒãƒƒãƒ•ã‚¡ã«ã¯ã€ã¾ã å¾©å·ã•れã¦ã„ãªã„追加データãŒå¾…機ã—ã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚りã€ã“ã‚Œã¯æ¬¡ã®wolfSSL_peek()ã¾ãŸã¯wolfSSL_read()呼ã³å‡ºã—ã§å–å¾—ãŠã‚ˆã³å¾©å·ã•れã¾ã™ã€‚szãŒå†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šã‚‚大ãã„å ´åˆã€SSL_peek()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã§åˆ©ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚内部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ã¾ã ãƒã‚¤ãƒˆãŒãƒãƒƒãƒ•ァリングã•れã¦ã„ãªã„å ´åˆã€wolfSSL_peek()ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガã—ã¾ã™ã€‚ + + \return >0 æˆåŠŸæ™‚ã«èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return 0 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³(close notifyアラート)ã¾ãŸã¯ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸã“ã¨ãŒåŽŸå› ã§ã‚ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹å ´åˆã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーをå—ã‘å–りã€ã‚¢ãƒ—リケーションãŒwolfSSL_peek()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data wolfSSL_peek()ãŒèª­ã¿å–ã£ãŸãƒ‡ãƒ¼ã‚¿ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sz dataã«èª­ã¿è¾¼ã‚€ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code @@ -1784,26 +1798,23 @@ input = wolfSSL_peek(ssl, reply, sizeof(reply)); if (input > 0) { - // “input†number of bytes returned into buffer “reply†+ // ãƒãƒƒãƒ•ã‚¡"reply"ã«"input"ãƒã‚¤ãƒˆãŒè¿”ã•れ㟠} \endcode + \sa wolfSSL_read */ int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã€SSLクライアントãŒSSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã™ã‚‹ã®ã‚’å¾…ã¡ã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚ - wolfSSL_accept()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹å ´åˆã€wolfSSL_accept()ã¯ã€åŸºç¤Žã¨ãªã‚‹I/OãŒwolfSSL_acceptã®è¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã¸ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚ - 呼ã³å‡ºã—プロセスã¯ã€èª­ã¿å–りå¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ãŒä½¿ç”¨å¯èƒ½ã§ã‚りã€wolfSSLãŒåœæ­¢ã—ãŸå ´æ‰€ã‚’拾ã†ã¨ãã«ã€wolfSSL_acceptã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã¯ã€ä½•も実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚ - 基礎ã¨ãªã‚‹I/OãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€wolfSSL_accept()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒçµ‚了ã—ãŸã‚‰ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰æˆ»ã‚Šã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒå´ã§å‘¼ã³å‡ºã•れã€SSLクライアントãŒSSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã™ã‚‹ã®ã‚’待機ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ãã€ä¸‹å±¤ã®é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚wolfSSL_accept()ã¯ã€ãƒ–ロッキングã¨ãƒŽãƒ³ãƒ–ロッキングã®ä¸¡æ–¹ã®I/Oã§å‹•作ã—ã¾ã™ã€‚下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€wolfSSL_accept()ã¯ã€ä¸‹å±¤ã®I/OãŒwolfSSL_acceptãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’継続ã™ã‚‹ãŸã‚ã«å¿…è¦ãªè¦æ±‚を満ãŸã›ãªããªã£ãŸæ™‚点ã§è¿”ã•れã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€ãƒ‡ãƒ¼ã‚¿ã®èª­ã¿å–りãŒå¯èƒ½ã«ãªã£ãŸã‚‰wolfSSL_accept()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã€wolfSSLã¯ä¸­æ–­ã—ãŸç®‡æ‰€ã‹ã‚‰å†é–‹ã—ã¾ã™ã€‚ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã€ä½•ã‚‚ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚下層ã®I/OãŒãƒ–ロッキングã®å ´åˆã€wolfSSL_accept()ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹ã‹ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§è¿”ã•れã¾ã›ã‚“。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1816,20 +1827,58 @@ ret = wolfSSL_accept(ssl); if (ret != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_get_error \sa wolfSSL_connect */ -int wolfSSL_accept(WOLFSSL*); +int wolfSSL_accept(WOLFSSL* ssl); + +/*! + \ingroup IO + + \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒå´ã§å‘¼ã³å‡ºã•れã€SSLクライアントãŒDTLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã™ã‚‹ã®ã‚’ステートレスã«å¾…機ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS 有効ãªã‚¯ãƒƒã‚­ãƒ¼ã‚’å«ã‚€ClientHelloãŒå—ä¿¡ã•れã¾ã—ãŸã€‚wolfSSL_accept()ã§æŽ¥ç¶šã‚’ç¶šè¡Œã§ãã¾ã™ã€‚ + \return WOLFSSL_FAILURE I/O層ãŒWANT_READã‚’è¿”ã—ã¾ã—ãŸã€‚ã“れã¯ã€èª­ã¿å–るデータãŒãªãノンブロッキングソケットを使用ã—ã¦ã„ã‚‹ã‹ã€ã‚¯ãƒƒã‚­ãƒ¼ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’é€ä¿¡ã—ã¦å¿œç­”ã‚’å¾…ã£ã¦ã„ã‚‹ãŸã‚ã§ã™ã€‚ユーザã¯ã€I/O層ã§ãƒ‡ãƒ¼ã‚¿ãŒåˆ©ç”¨å¯èƒ½ã«ãªã£ãŸå¾Œã€wolfDTLS_accept_statelessã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return WOLFSSL_FATAL_ERROR 致命的ãªã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚sslオブジェクトを解放ã—ã¦å†å‰²ã‚Šå½“ã¦ã—ã¦ã‹ã‚‰ç¶šè¡Œã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + int ret = 0; + int err = 0; + WOLFSSL* ssl; + ... + do { + ret = wolfDTLS_accept_stateless(ssl); + if (ret == WOLFSSL_FATAL_ERROR) + // wolfSSL_free()ã¨wolfSSL_new()ã§sslオブジェクトをå†å‰²ã‚Šå½“㦠+ } while (ret != WOLFSSL_SUCCESS); + ret = wolfSSL_accept(ssl); + if (ret != SSL_SUCCESS) { + err = wolfSSL_get_error(ssl, ret); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + } + \endcode + + \sa wolfSSL_accept + \sa wolfSSL_get_error + \sa wolfSSL_connect +*/ +int wolfDTLS_accept_stateless(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸWOLFSSL_CTXオブジェクトを解放ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯CTXå‚照数を減らã—ã€å‚照カウントãŒ0ã«é”ã—ãŸã¨ãã«ã®ã¿ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’解放ã—ã¾ã™ã€‚ - \return ãªã— - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸWOLFSSL_CTXオブジェクトを解放ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯CTXå‚照カウントをデクリメントã—ã€å‚照カウントãŒ0ã«ãªã£ãŸå ´åˆã«ã®ã¿ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’解放ã—ã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1837,17 +1886,21 @@ ... wolfSSL_CTX_free(ctx); \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_new \sa wolfSSL_free */ -void wolfSSL_CTX_free(WOLFSSL_CTX*); +void wolfSSL_CTX_free(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸWOLFSSLオブジェクトを解放ã—ã¾ã™ã€‚ - \return ãªã— - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸwolfSSLオブジェクトを解放ã—ã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1857,27 +1910,23 @@ ... wolfSSL_free(ssl); \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_new \sa wolfSSL_CTX_free */ -void wolfSSL_free(WOLFSSL*); +void wolfSSL_free(WOLFSSL* ssl); /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€å¼•æ•°sslã®SSLセッションã«å¯¾ã—ã¦ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãªSSL/TLS接続をシャットダウンã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€ãƒ”ã‚¢ã«"Close Notify"アラートをé€ä¿¡ã—よã†ã¨ã—ã¾ã™ã€‚ - 呼ã³å‡ºã—å´ã‚¢ãƒ—リケーションã¯ã€PeerãŒãã®"Close Notify"アラートを応答ã¨ã—ã¦é€ä¿¡ã—ã¦ãã‚‹ã®ã‚’å¾…ã¤ã‹ã€ - ã¾ãŸã¯wolfSSL_shutdownã‹ã‚‰å‘¼ã³å‡ºã—ãŒæˆ»ã£ãŸæ™‚点ã§ï¼ˆãƒªã‚½ãƒ¼ã‚¹ã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã«ï¼‰ä¸‹å±¤ã®æŽ¥ç¶šã‚’切断ã™ã‚‹ã®ã‚’å¾…ã¤ã“ã¨ãŒã§ãã¾ã™ã€‚ - ã©ã¡ã‚‰ã®ã‚ªãƒ—ションもTLS仕様ã§è¨±ã•れã¦ã„ã¾ã™ã€‚シャットダウンã—ãŸå¾Œã«ä¸‹å±¤ã®æŽ¥ç¶šã‚’å†ã³åˆ¥ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã§ä½¿ç”¨ã™ã‚‹äºˆå®šãªã‚‰ã°ã€ãƒ”ア間ã§åŒæœŸã‚’ä¿ã¤ãŸã‚ã«å®Œå…¨ãª2æ–¹å‘ã®ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³æ‰‹é †ã‚’実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - wolfSSL_shutdown()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€wolfSSL_shutdown()ãŒè¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã€wolfSSL_shutdown()ã¯ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã¸ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚ - ãã®çµæžœã€ä¸‹å±¤ã®I/OãŒæº–å‚™ãŒã§ããŸã‚‰ã€å‘¼ã³å‡ºã—å´ãƒ—ロセスã¯wolfSSL_shutdown()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_SHUTDOWN_NOT_DONE シャットダウンãŒçµ‚了ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã€é–¢æ•°ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return SSL_FATAL_ERROR 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚より具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã¯wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションsslを使用ã—ã¦ã‚¢ã‚¯ãƒ†ã‚£ãƒ–ãªSSL/TLS接続をシャットダウンã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒ”ã‚¢ã«ã€Œclose notifyã€ã‚¢ãƒ©ãƒ¼ãƒˆã‚’é€ä¿¡ã—よã†ã¨è©¦ã¿ã¾ã™ã€‚呼ã³å‡ºã—å´ã®ã‚¢ãƒ—リケーションã¯ã€ãƒ”ã‚¢ã‹ã‚‰ã®å¿œç­”ã¨ã—ã¦ã€Œclose notifyã€ã‚¢ãƒ©ãƒ¼ãƒˆãŒé€ä¿¡ã•れるã®ã‚’å¾…ã¤ã‹ã€wolfSSL_shutdown()を直接呼ã³å‡ºã—ãŸå¾Œã«åŸºç›¤ã¨ãªã‚‹æŽ¥ç¶šã‚’シャットダウンã™ã‚‹ã‹(リソースを節約ã™ã‚‹ãŸã‚)ã‚’é¸æŠžã§ãã¾ã™ã€‚TLS仕様ã§ã¯ã€ã©ã¡ã‚‰ã®ã‚ªãƒ—ションも許å¯ã•れã¦ã„ã¾ã™ã€‚基盤ã¨ãªã‚‹æŽ¥ç¶šã‚’å°†æ¥å†ã³ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€ãƒ”ア間ã®åŒæœŸã‚’ç¶­æŒã™ã‚‹ãŸã‚ã«ã€å®Œå…¨ãªåŒæ–¹å‘シャットダウン手順を実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚wolfSSL_shutdown()ã¯ã€ãƒ–ロッキングI/Oã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基盤ã¨ãªã‚‹I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€åŸºç›¤ã¨ãªã‚‹I/OãŒwolfSSL_shutdown()ã®ç¶™ç¶šã«å¿…è¦ãªè¦æ±‚を満ãŸã›ãªã‹ã£ãŸå ´åˆã€wolfSSL_shutdown()ã¯ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€åŸºç›¤ã¨ãªã‚‹I/Oã®æº–å‚™ãŒã§ããŸã¨ãã«ã€wolfSSL_shutdown()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESSãŒæˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_SHUTDOWN_NOT_DONEã¯ã€ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³ãŒå®Œäº†ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã€é–¢æ•°ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + \return SSL_FATAL_ERRORã¯ã€å¤±æ•—時ã«è¿”ã•れã¾ã™ã€‚より具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -1888,46 +1937,43 @@ ... ret = wolfSSL_shutdown(ssl); if (ret != 0) { - // failed to shut down SSL connection + // SSL接続ã®ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_free \sa wolfSSL_CTX_free */ -int wolfSSL_shutdown(WOLFSSL*); +int wolfSSL_shutdown(WOLFSSL* ssl); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€æ›¸ãè¾¼ã¿æ“作ã®ãŸã‚ã«æŒ‡å®šã•れãŸãƒ•ラグを使用ã—ã¦ãƒãƒƒãƒ•ã‚¡ã‚ã‚‹ã„ã¯ãƒ‡ãƒ¼ã‚¿ã‹ã‚‰ã€SSL接続ã«å¯¾ã—ã¦ã€szãƒã‚¤ãƒˆã‚’書ãè¾¼ã¿ã¾ã™ã€‚ - å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_send()ã®å‘¼ã³å‡ºã—時点ã§ã¯ã¾ã wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ãŒã¾ã å‘¼ã³å‡ºã•れã¦ã„ãªã„å ´åˆã€SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ - wolfSSL_send()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒŽãƒ³ãƒ–ロッキングã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€wolfSSL_send()ãŒè¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã‚‰wolfSSL_send()ã¯é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰ã™ãã«æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ - ãã®çµæžœã€åŸºç¤Žã¨ãªã‚‹I/OãŒæº–å‚™ãŒã§ããŸã‚‰ã€å‘¼ã³å‡ºã—å´ãƒ—ロセスã¯wolfSSL_send()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€wolfSSL_send()ã¯ã€ã‚µã‚¤ã‚ºSZã®ãƒãƒƒãƒ•ァデータãŒå®Œå…¨ã«æ›¸ã‹ã‚ŒãŸã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰ã€æˆ»ã‚‹ã ã‘ã§ã™ã€‚ - - \return æˆåŠŸæ™‚ã«ã¯æ›¸ã込んã ãƒã‚¤ãƒˆæ•°ï¼ˆ1以上)を返ã—ã¾ã™ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸã¨ãã€ã¾ãŸã¯éžãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã¯ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒå—ä¿¡ã•れã€å†åº¦WOLFSSL_WRITE()を呼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data ピアã«é€ä¿¡ã•れるデータをå«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz é€ä¿¡ãƒ‡ãƒ¼ã‚¿ã‚’å«ã‚“ã§ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param flags 下層ã®I/Oã®sendã«å¯¾ã—ã¦æŒ‡å®šã™ã‚‹ãƒ•ラグ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒ•ラグを使用ã—ã¦ã€ãƒãƒƒãƒ•ã‚¡dataã‹ã‚‰szãƒã‚¤ãƒˆã‚’SSL接続sslã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfSSL_send()ã¯SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚wolfSSL_send()ã¯ã€ãƒ–ロッキングI/Oã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基盤ã¨ãªã‚‹I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€åŸºç›¤ã¨ãªã‚‹I/OãŒwolfSSL_sendã®ç¶™ç¶šã«å¿…è¦ãªè¦æ±‚を満ãŸã›ãªã‹ã£ãŸå ´åˆã€wolfSSL_send()ã¯æˆ»ã‚Šã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€åŸºç›¤ã¨ãªã‚‹I/Oã®æº–å‚™ãŒã§ããŸã¨ãã«ã€wolfSSL_send()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚基盤ã¨ãªã‚‹I/OãŒãƒ–ロッキングã®å ´åˆã€wolfSSL_send()ã¯ã€ã‚µã‚¤ã‚ºszã®ãƒãƒƒãƒ•ã‚¡dataãŒå®Œå…¨ã«æ›¸ãè¾¼ã¾ã‚Œã‚‹ã‹ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§æˆ»ã‚Šã¾ã›ã‚“。 + + \return >0ã¯ã€æˆåŠŸæ™‚ã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§ã™ã€‚ + \return 0ã¯ã€å¤±æ•—時ã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \return SSL_FATAL_ERRORã¯ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹å ´åˆã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒç™ºç”Ÿã—ã€ã‚¢ãƒ—リケーションãŒwolfSSL_send()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data ピアã«é€ä¿¡ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ァ。 + \param sz ピアã«é€ä¿¡ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param flags 基盤ã¨ãªã‚‹é€ä¿¡æ“作ã«ä½¿ç”¨ã™ã‚‹é€ä¿¡ãƒ•ラグ。 _Example_ \code WOLFSSL* ssl = 0; - char msg[64] = “hello wolfssl!â€; + char msg[64] = "hello wolfssl!"; int msgSz = (int)strlen(msg); int flags = ... ; ... input = wolfSSL_send(ssl, msg, msgSz, flags); if (input != msgSz) { - // wolfSSL_send() failed + // wolfSSL_send()ãŒå¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_write \sa wolfSSL_read \sa wolfSSL_recv @@ -1936,23 +1982,17 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€åŸºç¤Žã¨ãªã‚‹RECV動作ã®ãŸã‚ã«æŒ‡å®šã•れãŸãƒ•ラグを使用ã—ã¦ã€SSLセッション(ssl)内部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰szãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ァデータã«èª­ã¿å‡ºã—ã¾ã™ã€‚ - 読ã¿å–られãŸãƒã‚¤ãƒˆã¯å†…部å—ä¿¡ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å‰Šé™¤ã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯wolfssl_read()ã¨åŒã˜ã§ã™ã€‚ - ãŸã ã—ã€ã‚¢ãƒ—リケーションãŒåŸºç¤Žã¨ãªã‚‹èª­ã¿å–りæ“作ã®RECVフラグを設定ã§ãã‚‹ã“ã¨ã‚’許å¯ã—ã¾ã™ã€‚ - å¿…è¦ã«å¿œã˜ã¦wolfssl_recv()ãŒwolfssl_connect()ã¾ãŸã¯wolfssl_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã¯ã€SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚ - SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚ºã®SSLレコードを使用ã—ã¾ã™ï¼ˆæœ€å¤§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚µã‚¤ã‚ºã¯ /wolfssl/internal.h)。 - ãã®ãŸã‚ã€wolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·ã™ã‚‹ã“ã¨ãŒã§ãã‚‹å‰ã«ã€SSLレコード全体を内部的ã«èª­ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®ãŸã‚ã€wolfSSL_recv()ã¸ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã™ã“ã¨ãŒã§ãã‚‹ã ã‘ã§ã™ã€‚ - wolfSSL_recv()ã¸ã®æ¬¡ã®å‘¼ã³å‡ºã—ã§æ¤œç´¢ãŠã‚ˆã³å¾©å·ã•れる内部wolfSSLå—ä¿¡ãƒãƒƒãƒ•ã‚¡ã§å¾…機ã—ã¦ã„ãªã„追加ã®å¾©å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ãŒã‚ã‚‹ã‹ã‚‚ã—れã¾ã›ã‚“。 - 引数szãŒå†…部読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šã‚‚大ãã„å ´åˆã€wolfSSL_recv()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã§ä½¿ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - ãƒã‚¤ãƒˆãŒå†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ãƒãƒƒãƒ•ã‚¡ã•れã¦ã„ãªã„å ´åˆã¯ã€wolfSSL_recv()ã¸ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガーã—ã¾ã™ã€‚ - \return æˆåŠŸæ™‚ã«ã¯èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°(1以上)ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ï¼ˆé€šçŸ¥ã‚¢ãƒ©ãƒ¼ãƒˆã‚’é–‰ã˜ã‚‹ï¼‰ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³ã¾ãŸã¯ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸã ã‘ã§ã‚ã‚‹ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯éžãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã¯ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒç™ºç”Ÿã—ã€ã‚¢ãƒ—リケーションãŒå†ã³WOLFSSL_RECV()を呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param data wolfSSL_recv()ãŒãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–ã‚‹ãƒãƒƒãƒ•ァー。 - \param sz データを読ã¿è¾¼ã‚€ãŸã‚ã®ãƒã‚¤ãƒˆæ•°ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸãƒ•ラグを使用ã—ã¦ã€SSLセッション(ssl)ã®å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã‹ã‚‰szãƒã‚¤ãƒˆã‚’ãƒãƒƒãƒ•ã‚¡dataã«èª­ã¿è¾¼ã¿ã¾ã™ã€‚読ã¿å–られãŸãƒã‚¤ãƒˆã¯ã€å†…部å—ä¿¡ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰å‰Šé™¤ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€åŸºç›¤ã¨ãªã‚‹èª­ã¿å–りæ“作ã®recvフラグをアプリケーションãŒè¨­å®šã§ãる点を除ã„ã¦ã€wolfSSL_read()ã¨åŒã˜ã§ã™ã€‚å¿…è¦ã«å¿œã˜ã¦ã€wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã«ã‚ˆã£ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Ÿè¡Œã•れã¦ã„ãªã„å ´åˆã€wolfSSL_recv()ã¯SSL/TLSセッションをãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¾ã™ã€‚SSL/TLSプロトコルã¯ã€æœ€å¤§ã‚µã‚¤ã‚º16kBã®SSLレコードを使用ã—ã¾ã™(最大レコードサイズã¯ã€/wolfssl/internal.hã®MAX_RECORD_SIZE定義ã§åˆ¶å¾¡ã§ãã¾ã™)。ãã®ãŸã‚ã€wolfSSLã¯ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’処ç†ãŠã‚ˆã³å¾©å·ã™ã‚‹å‰ã«ã€å†…部ã§SSLレコード全体を読ã¿å–ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®ãŸã‚ã€wolfSSL_recv()ã®å‘¼ã³å‡ºã—ã¯ã€å‘¼ã³å‡ºã—時ã«å¾©å·ã•ã‚ŒãŸæœ€å¤§ãƒãƒƒãƒ•ァサイズã®ã¿ã‚’è¿”ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ã¾ã å¾©å·ã•れã¦ã„ãªã„追加データãŒå†…部wolfSSLå—ä¿¡ãƒãƒƒãƒ•ã‚¡ã§å¾…機ã—ã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚ã‚Šã€æ¬¡å›žã®wolfSSL_recv()呼ã³å‡ºã—ã§å–å¾—ãŠã‚ˆã³å¾©å·ã•れã¾ã™ã€‚szãŒå†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã®ãƒã‚¤ãƒˆæ•°ã‚ˆã‚Šå¤§ãã„å ´åˆã€SSL_recv()ã¯å†…部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚内部読ã¿å–りãƒãƒƒãƒ•ã‚¡ã«ã¾ã ãƒãƒƒãƒ•ァリングã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆãŒãªã„å ´åˆã€wolfSSL_recv()ã®å‘¼ã³å‡ºã—ã¯æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®å‡¦ç†ã‚’トリガーã—ã¾ã™ã€‚ + + \return >0ã¯ã€æˆåŠŸæ™‚ã«èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ã§ã™ã€‚ + \return 0ã¯ã€å¤±æ•—時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒªãƒ¼ãƒ³ãª(close notifyアラート)シャットダウンã«ã‚ˆã£ã¦å¼•ãèµ·ã“ã•れる場åˆã‚‚ã‚れã°ã€å˜ã«ãƒ”ã‚¢ãŒæŽ¥ç¶šã‚’é–‰ã˜ãŸå ´åˆã‚‚ã‚りã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \return SSL_FATAL_ERRORã¯ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹å ´åˆã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒç™ºç”Ÿã—ã€ã‚¢ãƒ—リケーションãŒwolfSSL_recv()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚具体的ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param data wolfSSL_recv()ãŒèª­ã¿å–ã£ãŸãƒ‡ãƒ¼ã‚¿ã‚’é…ç½®ã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sz dataã«èª­ã¿è¾¼ã‚€ãƒã‚¤ãƒˆæ•°ã€‚ + \param flags 基盤ã¨ãªã‚‹å—ä¿¡æ“作ã«ä½¿ç”¨ã™ã‚‹å—信フラグ。 _Example_ \code @@ -1963,9 +2003,10 @@ input = wolfSSL_recv(ssl, reply, sizeof(reply), flags); if (input > 0) { - // “input†number of bytes returned into buffer “reply†+ // ãƒãƒƒãƒ•ã‚¡"reply"ã«"input"ãƒã‚¤ãƒˆãŒè¿”ã•れã¾ã—㟠} \endcode + \sa wolfSSL_read \sa wolfSSL_write \sa wolfSSL_peek @@ -1975,18 +2016,14 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€ç›´å‰ã®API関数呼ã³å‡ºã—(wolfssl_connectã€wolfssl_acceptã€wolfssl_readã€wolfssl_writeãªã©ï¼‰ãŒã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ï¼ˆSSL_FAILURE)を呼ã³å‡ºã—ãŸç†ç”±ã‚’表ã™ä¸€æ„ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ã¾ã™ã€‚ - ç›´å‰ã®é–¢æ•°ã®æˆ»ã‚Šå€¤ã¯ã€retを介ã—ã¦wolfSSL_get_errorã«æ¸¡ã•れã¾ã™ã€‚wolfSSL_get_errorã¯ä¸€æ„ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ã¾ã™ã€‚ - wolfSSL_err_error_string()を呼ã³å‡ºã—ã¦äººé–“ãŒèª­ã‚るエラー文字列をå–å¾—ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - 詳細ã«ã¤ã„ã¦ã¯ã€wolfSSL_err_error_string()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - - \return 呼ã³å‡ºã—æˆåŠŸæ™‚ã€ã“ã®é–¢æ•°ã¯ã€ç›´å‰ã®é–¢æ•°ãŒå¤±æ•—ã—ãŸç†ç”±ã‚’説明ã™ã‚‹å›ºæœ‰ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ã¾ã™ã€‚ - \return SSL_ERROR_NONE 引数retãŒ0より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚retãŒ0以下ã®å ´åˆã€ç›´å‰ã®APIãŒã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã™ãŒå®Ÿéš›ã«ç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã«ã“ã®å€¤ã‚’è¿”ã™å ´åˆãŒã‚りã¾ã™ã€‚ - 例ã¨ã—ã¦ã¯ã€å¼•æ•°szã«0を渡ã—ã¦wolfSSL_read()を呼ã³å‡ºã™å ´åˆã«ç™ºç”Ÿã—ã¾ã™ã€‚ - wolfssl_read()ãŒ0を戻ã—ãŸå ´åˆã¯é€šå¸¸ã‚¨ãƒ©ãƒ¼ã‚’示ã—ã¾ã™ãŒã€ã“ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã¯ç™ºç”Ÿã—ã¦ã„ã¾ã›ã‚“。 - 従ã£ã¦ã€wolfSSL_get_error()ãŒãã®å¾Œå‘¼ã³å‡ºã•れãŸå ´åˆã€ssl_error_noneãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€å‰å›žã®API関数呼ã³å‡ºã—(wolfSSL_connectã€wolfSSL_acceptã€wolfSSL_readã€wolfSSL_writeç­‰)ãŒã‚¨ãƒ©ãƒ¼ãƒªã‚¿ãƒ¼ãƒ³ã‚³ãƒ¼ãƒ‰(SSL_FAILURE)ã«ãªã£ãŸç†ç”±ã‚’説明ã™ã‚‹ä¸€æ„ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ã¾ã™ã€‚å‰å›žã®é–¢æ•°ã®æˆ»ã‚Šå€¤ã¯ã€retを通ã˜ã¦wolfSSL_get_errorã«æ¸¡ã•れã¾ã™ã€‚wolfSSL_get_errorãŒå‘¼ã³å‡ºã•れã¦ä¸€æ„ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ãŸå¾Œã€wolfSSL_ERR_error_string()を呼ã³å‡ºã—ã¦ã€äººé–“ãŒèª­ã‚るエラー文字列をå–å¾—ã§ãã¾ã™ã€‚詳細ã«ã¤ã„ã¦ã¯ã€wolfSSL_ERR_error_string()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return 正常ã«å®Œäº†ã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯å‰å›žã®API関数ãŒå¤±æ•—ã—ãŸç†ç”±ã‚’説明ã™ã‚‹ä¸€æ„ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ã¾ã™ã€‚ + \return SSL_ERROR_NONEã¯ã€ret > 0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ret <= 0ã®å ´åˆã€å‰å›žã®APIãŒã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’è¿”ã—ãŸã‚ˆã†ã«è¦‹ãˆã¦ã‚‚実際ã«ã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¦ã„ãªã‹ã£ãŸå ´åˆã«ã€ã“ã®å€¤ãŒè¿”ã•れるã“ã¨ãŒã‚りã¾ã™ã€‚例ãˆã°ã€szパラメータãŒã‚¼ãƒ­ã®wolfSSL_read()を呼ã³å‡ºã—ãŸå ´åˆã§ã™ã€‚wolfSSL_read()ã‹ã‚‰ã®0ã®æˆ»ã‚Šå€¤ã¯é€šå¸¸ã‚¨ãƒ©ãƒ¼ã‚’示ã—ã¾ã™ãŒã€ã“ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã¯ç™ºç”Ÿã—ã¦ã„ã¾ã›ã‚“。ãã®å¾ŒwolfSSL_get_error()を呼ã³å‡ºã™ã¨ã€SSL_ERROR_NONEãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ret エラーリターンコードã«ãªã£ãŸå‰å›žã®é–¢æ•°ã®æˆ»ã‚Šå€¤ã€‚ _Example_ \code @@ -1996,8 +2033,9 @@ ... err = wolfSSL_get_error(ssl, 0); wolfSSL_ERR_error_string(err, buffer); - printf(“err = %d, %s\nâ€, err, buffer); + printf("err = %d, %s\n", err, buffer); \endcode + \sa wolfSSL_ERR_error_string \sa wolfSSL_ERR_error_string_n \sa wolfSSL_ERR_print_errors_fp @@ -2007,10 +2045,13 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚¢ãƒ©ãƒ¼ãƒˆå±¥æ­´ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚警告履歴ãŒã‚ã£ãŸã‹ã€ã¾ãŸã¯ã„ãšã‚Œã«ã‚‚ã€æˆ»ã‚Šå€¤ã¯SSL_SUCCESSã§ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param h WOLFSSL構造体ã®"alert_history member" ã®å€¤ãŒæ ¼ç´ã•れるã€WOLFSSL_ALERT_HISTORY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¢ãƒ©ãƒ¼ãƒˆå±¥æ­´ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return SSL_SUCCESSã¯ã€é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚アラート履歴ãŒã‚ã£ã¦ã‚‚ãªãã¦ã‚‚ã€ã„ãšã‚Œã®å ´åˆã‚‚戻り値ã¯SSL_SUCCESSã§ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param h WOLFSSL構造体ã®alert_historyメンãƒãƒ¼ã®å€¤ã‚’ä¿æŒã™ã‚‹WOLFSSL_ALERT_HISTORY構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2019,26 +2060,25 @@ WOLFSSL_ALERT_HISTORY* h; ... wolfSSL_get_alert_history(ssl, h); - // h now has a copy of the ssl->alert_history contents + // hã«ssl->alert_historyã®å†…容ã®ã‚³ãƒ”ãƒ¼ãŒæ ¼ç´ã•れã¾ã—㟠\endcode + \sa wolfSSL_get_error */ int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€SSLオブジェクトSSLãŒSSL/TLS接続を確立ã™ã‚‹ç›®çš„ã§ä½¿ç”¨ã™ã‚‹ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ - セッションå†é–‹ã‚’行ã†å ´åˆã€wolfSSL_shutdown()を呼ã³å‡ºã™å‰ã«wolfSSL_get1_session()を呼ã³å‡ºã—ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトをå–å¾—ã—ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³IDã‚’ä¿å­˜ã—ã¦ãŠãå¿…è¦ãŒã‚りã¾ã™ã€‚ - 後ã§ã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¯æ–°ã—ã„WOLFSSLオブジェクトを作æˆã—ã€ä¿å­˜ã—ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’wolfSSL_set_session()ã«æ¸¡ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ãã®å¾Œã‚¢ãƒ—リケーションã¯wolfSSL_connect()を呼ã³å‡ºã—ã€wolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã‚’試ã¿ã¾ã™ã€‚ - wolfSSLサーãƒãƒ¼ã‚³ãƒ¼ãƒ‰ã§ã¯ã€ãƒ‡ãƒ•ォルトã§ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã‚’許å¯ã—ã¾ã™ã€‚ - wolfSSL_get1_session()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚ªãƒ–ジェクトã¯ã€ã‚¢ãƒ—リケーションãŒä½¿ç”¨å¾Œã«è§£æ”¾ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - - \return SSL_SUCCESS セッションを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ãŒç„¡åйã«ãªã£ã¦ã„ã‚‹ã€ã¾ãŸã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸå ´åˆã«ã‚ˆã£ã¦ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return OPENSSL_EXTRAã¨WOLFSSL_ERROR_CODE_OPENSSLãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã«ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ã¦ã„ã¦ã‚‚SSL_SUCCESSãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param session WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€SSLオブジェクトsslãŒSSL/TLS接続を確立ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるã¨ãã«ä½¿ç”¨ã•れるセッションを設定ã—ã¾ã™ã€‚セッションå†é–‹ã®å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトã§wolfSSL_shutdown()を呼ã³å‡ºã™å‰ã«ã€ã‚¢ãƒ—リケーションã¯wolfSSL_get1_session()を呼ã³å‡ºã—ã¦ã‚ªãƒ–ジェクトã‹ã‚‰ã‚»ãƒƒã‚·ãƒ§ãƒ³IDã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“れã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚後ã§ã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¯æ–°ã—ã„WOLFSSLオブジェクトを作æˆã—ã€wolfSSL_set_session()を使用ã—ã¦ä¿å­˜ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’割り当ã¦ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®æ™‚点ã§ã€ã‚¢ãƒ—リケーションã¯wolfSSL_connect()を呼ã³å‡ºã™ã“ã¨ãŒã§ãã€wolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å†é–‹ã‚’試ã¿ã¾ã™ã€‚wolfSSLサーãƒãƒ¼ã‚³ãƒ¼ãƒ‰ã¯ã€ãƒ‡ãƒ•ォルトã§ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã‚’許å¯ã—ã¾ã™ã€‚wolfSSL_get1_session()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚ªãƒ–ジェクトã¯ã€ã‚¢ãƒ—リケーションãŒä½¿ç”¨ã‚’終ãˆãŸå¾Œã€wolfSSL_SESSION_free()を呼ã³å‡ºã—ã¦è§£æ”¾ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESSã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILUREã¯ã€å¤±æ•—時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€ã¾ãŸã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸå ´åˆã«ç™ºç”Ÿã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return OPENSSL_EXTRAã¨WOLFSSL_ERROR_CODE_OPENSSLãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ã¦ã‚‚SSL_SUCCESSãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param session sslã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるWOLFSSL_SESSIONã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2048,33 +2088,30 @@ ... session = wolfSSL_get1_session(ssl); if (session == NULL) { - // failed to get session object from ssl object + // sslオブジェクトã‹ã‚‰ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠} ... ret = wolfSSL_set_session(ssl, session); if (ret != SSL_SUCCESS) { - // failed to set the SSL session + // SSLセッションã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} wolfSSL_SESSION_free(session); ... \endcode + \sa wolfSSL_get1_session */ int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session); /*! \ingroup IO - \brief NO_SESSION_CACHE_REFãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯SSLã§ä½¿ç”¨ã•れã¦ã„ã‚‹ç¾åœ¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ï¼ˆWOLFSSL_SESSION)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€WOLFSSL_SESSIONオブジェクトã¸ã®æ°¸ç¶šçš„ãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - è¿”ã•れるãƒã‚¤ãƒ³ã‚¿ã¯ã€wolfSSL_freeãŒå‘¼ã³å‡ºã•れãŸã¨ãã«è§£æ”¾ã•れã¾ã™ã€‚ - ã“ã®å‘¼ã³å‡ºã—ã¯ã€ç¾åœ¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’検査ã¾ãŸã¯å¤‰æ›´ã™ã‚‹ãŸã‚ã«ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ - セッションå†é–‹ã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€wolfSSL_get1_session()を使用ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - NO_SESSION_CACHE_REFãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã®å¾Œæ–¹äº’æ›æ€§ã®ãŸã‚ã«ã€ã“ã®é–¢æ•°ã¯ãƒ­ãƒ¼ã‚«ãƒ«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã«æ ¼ç´ã•れã¦ã„る永続セッションオブジェクトãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚ºã¯æœ‰é™ã§ã‚りã€ã‚¢ãƒ—リケーションãŒwolfSSL_set_session()を呼ã³å‡ºã™æ™‚ã¾ã§ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトãŒåˆ¥ã®SSL接続ã«ã‚ˆã£ã¦ä¸Šæ›¸ãã•れるå±é™ºæ€§ãŒã‚りã¾ã™ã€‚ - アプリケーションã«NO_SESSION_CACHE_REFを定義ã—ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã«wolfSSL_get1_session()を使用ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - \return ç¾åœ¨ã®SSLセッションオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL sslãŒNULLã®å ´åˆã€SSLセッションキャッシュãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€wolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³IDを使用ã§ããªã„ã€ã¾ãŸã¯ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹é–¢æ•°ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief NO_SESSION_CACHE_REFãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯sslã§ä½¿ç”¨ã•れã¦ã„ã‚‹ç¾åœ¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³(WOLFSSL_SESSION)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WOLFSSL_SESSIONオブジェクトã¸ã®éžæ°¸ç¶šçš„ãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚è¿”ã•れãŸãƒã‚¤ãƒ³ã‚¿ã¯ã€wolfSSL_freeãŒå‘¼ã³å‡ºã•れãŸã¨ãã«è§£æ”¾ã•れã¾ã™ã€‚ã“ã®å‘¼ã³å‡ºã—ã¯ã€ç¾åœ¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’検査ã¾ãŸã¯å¤‰æ›´ã™ã‚‹ãŸã‚ã«ã®ã¿ä½¿ç”¨ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚セッションå†é–‹ã«ã¯ã€wolfSSL_get1_session()を使用ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚å¾Œæ–¹äº’æ›æ€§ã®ãŸã‚ã€NO_SESSION_CACHE_REFãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã€ã“ã®é–¢æ•°ã¯ãƒ­ãƒ¼ã‚«ãƒ«ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã«æ ¼ç´ã•れã¦ã„る永続的ãªã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚µã‚¤ã‚ºã¯æœ‰é™ã§ã‚りã€ã‚¢ãƒ—リケーションãŒwolfSSL_set_session()を呼ã³å‡ºã™ã¾ã§ã«ã€åˆ¥ã®ssl接続ã«ã‚ˆã£ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトãŒä¸Šæ›¸ãã•れるリスクãŒã‚りã¾ã™ã€‚アプリケーションã§NO_SESSION_CACHE_REFを定義ã—ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã«wolfSSL_get1_session()を使用ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ + + \return pointer 呼ã³å‡ºã—ãŒæˆåŠŸã—ãŸå ´åˆã€ç¾åœ¨ã®SSLセッションオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULLã¯ã€sslãŒNULLã®å ´åˆã€SSLセッションキャッシュãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€wolfSSLãŒã‚»ãƒƒã‚·ãƒ§ãƒ³IDを利用ã§ããªã„å ´åˆã€ã¾ãŸã¯ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹é–¢æ•°ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2083,10 +2120,11 @@ ... session = wolfSSL_get_session(ssl); if (session == NULL) { - // failed to get session pointer + // セッションãƒã‚¤ãƒ³ã‚¿ã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠} ... \endcode + \sa wolfSSL_get1_session \sa wolfSSL_set_session */ @@ -2094,15 +2132,13 @@ /*! \ingroup IO - \brief ã“ã®æ©Ÿèƒ½ã¯ã€æœŸé™åˆ‡ã‚Œã«ãªã£ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‹ã‚‰ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’フラッシュã—ã¾ã™ã€‚ - 時間比較ã«ã¯å¼•æ•°tmãŒä½¿ç”¨ã•れã¾ã™ã€‚ - wolfSSLã¯ç¾åœ¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ã«é™çš„テーブルを使用ã—ã¦ã„ã‚‹ãŸã‚ã€ãƒ•ラッシングã¯ä¸è¦ã§ã™ã€‚ - ãã®ãŸã‚ã€ã“ã®æ©Ÿèƒ½ã¯ç¾åœ¨ã‚¹ã‚¿ãƒ–ã¨ã—ã¦å­˜åœ¨ã—ã¦ã„ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€wolfsslãŒOpenSSL互æ›å±¤ã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹ã¨ãã®OpenSSLäº’æ›æ€§ï¼ˆssl_flush_sessions)をæä¾›ã—ã¾ã™ã€‚ - - \return ãªã— - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param tm ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®æœ‰åŠ¹æœŸé™ã®æ¯”較ã§ä½¿ç”¨ã•れる時間 + + \brief ã“ã®é–¢æ•°ã¯ã€æœŸé™åˆ‡ã‚Œã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’セッションキャッシュã‹ã‚‰ãƒ•ラッシュã—ã¾ã™ã€‚時刻tmã¯ã€æ™‚刻比較ã«ä½¿ç”¨ã•れã¾ã™ã€‚wolfSSLã¯ç¾åœ¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ã«é™çš„テーブルを使用ã—ã¦ã„ã‚‹ãŸã‚ã€ãƒ•ラッシュã¯ä¸è¦ã§ã™ã€‚ãã®ãŸã‚ã€ã“ã®é–¢æ•°ã¯ç¾åœ¨ã‚¹ã‚¿ãƒ–ã«ã™ãŽã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOpenSSL互æ›ãƒ¬ã‚¤ãƒ¤ãƒ¼ã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã€OpenSSLäº’æ›æ€§(SSL_flush_sessions)ã‚’æä¾›ã—ã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tm ã‚»ãƒƒã‚·ãƒ§ãƒ³æœ‰åŠ¹æœŸé™æ¯”較ã«ä½¿ç”¨ã•れる時刻。 _Example_ \code @@ -2110,6 +2146,7 @@ ... wolfSSL_flush_sessions(ctx, time(0)); \endcode + \sa wolfSSL_get1_session \sa wolfSSL_set_session */ @@ -2117,29 +2154,32 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’サーãƒãƒ¼IDã¨é–¢é€£ä»˜ã‘ã¾ã™ã€‚引数newSessionãŒã‚ªãƒ³ã®å ´åˆã€æ—¢å­˜ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¯å†åˆ©ç”¨ã•れã¾ã›ã‚“。 - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数sslã¾ãŸã¯å¼•æ•°idãŒNULLã®å ´åˆã€ã¾ãŸã¯å¼•æ•°lenãŒã‚¼ãƒ­ä»¥ä¸‹ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param id WOLFSSL_SESSION構造体ã®ServerIDメンãƒãƒ¼ã«ã‚³ãƒ”ーã•れるサーãƒãƒ¼IDデータã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param len サーãƒãƒ¼IDデータã®ã‚µã‚¤ã‚º - \param newSession セッションをå†åˆ©ç”¨ã™ã‚‹ã‹å¦ã‹ã‚’指定ã™ã‚‹ãƒ•ラグ。オンã®å ´åˆã€æ—¢å­˜ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¯å†åˆ©ç”¨ã•れã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’サーãƒãƒ¼IDã«é–¢é€£ä»˜ã‘ã¾ã™ã€‚newSessionフラグãŒã‚ªãƒ³ã®å ´åˆã€æ—¢å­˜ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¯å†åˆ©ç”¨ã•れã¾ã›ã‚“。 + + \return SSL_SUCCESSã¯ã€é–¢æ•°ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARGã¯ã€WOLFSSL構造体ã¾ãŸã¯idパラメータãŒNULLã®å ´åˆã€ã¾ãŸã¯lenãŒ0より大ãããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param id WOLFSSL_SESSION構造体ã®serverIDメンãƒãƒ¼ã«ã‚³ãƒ”ーã•れる定数ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \param len セッションidパラメータã®é•·ã•を表ã™int型。 + \param newSession セッションをå†åˆ©ç”¨ã™ã‚‹ã‹ã©ã†ã‹ã‚’示ã™ãƒ•ラグを表ã™int型。 _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol ); WOLFSSL* ssl = WOLFSSL_new(ctx); - const byte id[MAX_SIZE]; // or dynamically create space - int len = 0; // initialize length - int newSession = 0; // flag to allow + const byte id[MAX_SIZE]; // ã¾ãŸã¯å‹•çš„ã«ã‚¹ãƒšãƒ¼ã‚¹ã‚’ä½œæˆ + int len = 0; // é•·ã•ã‚’åˆæœŸåŒ– + int newSession = 0; // 許å¯ã™ã‚‹ãƒ•ラグ … int ret = wolfSSL_SetServerID(ssl, id, len, newSession); if (ret == WOLFSSL_SUCCESS) { - // The Id was successfully set + // IDãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—㟠} \endcode + \sa wolfSSL_set_session */ int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, @@ -2147,9 +2187,11 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSLæ§‹é€ ä½“ã®æŒ‡å®šã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹å€¤ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体内ã®SessionIndexを表ã™intåž‹ã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return int ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体内ã®sessionIndexを表ã™int型を返ã—ã¾ã™ã€‚ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2159,42 +2201,50 @@ int sesIdx = wolfSSL_GetSessionIndex(ssl); if(sesIdx < 0 || sesIdx > sizeof(ssl->sessionIndex)/sizeof(int)){ - // You have an out of bounds index number and something is not right. + // インデックス番å·ãŒç¯„囲外ã§ã‚りã€ä½•ã‹ãŒæ­£ã—ãã‚りã¾ã›ã‚“。 } \endcode + \sa wolfSSL_GetSessionAtIndex */ int wolfSSL_GetSessionIndex(WOLFSSL* ssl); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã®æŒ‡å®šã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’å–å¾—ã—ã€ãれをメモリã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - WOLFSSL_SESSION構造体ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³æƒ…å ±ã‚’ä¿æŒã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れã€ã‚¨ãƒ©ãƒ¼ãŒã‚¹ãƒ­ãƒ¼ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E アンロックã¾ãŸã¯ãƒ­ãƒƒã‚¯ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param idx セッションインデックス値 - \param session WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã®æŒ‡å®šã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«ã‚るセッションをå–å¾—ã—ã€ãƒ¡ãƒ¢ãƒªã«ã‚³ãƒ”ーã—ã¾ã™ã€‚WOLFSSL_SESSION構造体ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³æƒ…å ±ã‚’ä¿æŒã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexã®ã‚¢ãƒ³ãƒ­ãƒƒã‚¯ã¾ãŸã¯ãƒ­ãƒƒã‚¯ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param index セッションインデックスを表ã™int型。 + \param session WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - int idx; // The index to locate the session. - WOLFSSL_SESSION* session; // Buffer to copy to. + int idx; // セッションを特定ã™ã‚‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + WOLFSSL_SESSION* session; // コピー先ã®ãƒãƒƒãƒ•ァ。 ... if(wolfSSL_GetSessionAtIndex(idx, session) != SSL_SUCCESS){ - // Failure case. + // 失敗ケース。 } \endcode + \sa UnLockMutex \sa LockMutex \sa wolfSSL_GetSessionIndex */ -int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session); +int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); /*! \ingroup IO - \brief WOLFSSL_SESSION構造体ã‹ã‚‰ãƒ”ア証明書ãƒã‚§ãƒ¼ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ - \param session WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief WOLFSSL_SESSION構造体ã‹ã‚‰ãƒ”ア証明書ãƒã‚§ãƒ¼ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer ピア証明書ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€WOLFSSL_X509_CHAIN構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \param session WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2203,9 +2253,10 @@ ... chain = wolfSSL_SESSION_get_peer_chain(session); if(!chain){ - // There was no chain. Failure case. + // ãƒã‚§ãƒ¼ãƒ³ãŒã‚りã¾ã›ã‚“ã§ã—ãŸã€‚失敗ケース。 } \endcode + \sa wolfSSL_GetSessionAtIndex \sa wolfSSL_GetSessionIndex \sa AddSession @@ -2215,29 +2266,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ãƒªãƒ¢ãƒ¼ãƒˆãƒ”ã‚¢ã®æ¤œè¨¼æ–¹æ³•を設定ã—ã€ã¾ãŸè¨¼æ˜Žæ›¸æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’SSLコンテキストã«ç™»éŒ²ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ - 検証コールãƒãƒƒã‚¯ã¯ã€æ¤œè¨¼éšœå®³ãŒç™ºç”Ÿã—ãŸå ´åˆã«ã®ã¿å‘¼ã³å‡ºã•れã¾ã™ã€‚ - 検証コールãƒãƒƒã‚¯ãŒå¿…è¦ãªå ´åˆã¯ã€NULLãƒã‚¤ãƒ³ã‚¿ã‚’verify_callbackã«ä½¿ç”¨ã§ãã¾ã™ã€‚ - ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã¯ã€è«–ç†çš„ã¾ãŸã¯ãƒ•ラグã®ãƒªã‚¹ãƒˆã§ã™ã€‚ - å¯èƒ½ãªãƒ•ãƒ©ã‚°å€¤ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™:
    - SSL_VERIFY_NONE
    - -クライアントモード:クライアントã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã›ãšã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯é€šå¸¸ã©ãŠã‚Šç¶šãã¾ã™ã€‚
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã¾ã›ã‚“。ãã®ãŸã‚ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ¤œè¨¼ã¯æœ‰åйã«ãªã‚Šã¾ã›ã‚“。
    - SSL_VERIFY_PEER
    - -クライアントモード:クライアントã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚ã“れã¯wolfSSLã§ã¯ãƒ‡ãƒ•ォルトã§ã‚ªãƒ³ã«ã•れã¾ã™ã€‚ã—ãŸãŒã£ã¦ã€ã“ã®ã‚ªãƒ—ションを使用ã™ã‚‹ã¨åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯è¨¼æ˜Žæ›¸è¦æ±‚をクライアントã«é€ä¿¡ã—ã€å—ä¿¡ã—ãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’確èªã—ã¾ã™ã€‚
    - SSL_VERIFY_FAIL_IF_NO_PEER_CERT
    - -クライアントモード:クライアントå´ã§ä½¿ç”¨ã•れã¦ã„ãªã„å ´åˆã¯åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šè¦æ±‚ã•れãŸã¨ãã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒè¨¼æ˜Žæ›¸ã®é€ä¿¡ã«å¤±æ•—ã—ãŸå ´åˆã¯ã€ã‚µãƒ¼ãƒãƒ¼å´ã§æ¤œè¨¼ãŒå¤±æ•—ã—ã¾ã™ï¼ˆSSLサーãƒãƒ¼ã®SSL_VERIFY_PEERを使用ã™ã‚‹å ´åˆï¼‰ã€‚
    - SSL_VERIFY_FAIL_EXCEPT_PSK
    - -クライアントモード:クライアントå´ã§ä½¿ç”¨ã•れã¦ã„ãªã„å ´åˆã¯åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šPSK接続ã®å ´åˆã‚’除ãã€æ¤œè¨¼ã¯SSL_VERIFY_FAIL_IF_NO_PEER_CERTã¨åŒã˜ã§ã™ã€‚ PSK接続ãŒè¡Œã‚れã¦ã„ã‚‹å ´åˆã€æŽ¥ç¶šã¯ãƒ”ア証明書ãªã—ã§é€šéŽã—ã¾ã™ã€‚
    - - \return ãªã— - - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mode ピアã®è¨¼æ˜Žæ›¸ã‚’ã©ã®ã‚ˆã†ã«æ¤œè¨¼ã™ã‚‹ã‹ã‚’示ã™ãƒ•ラグ値 - \param verify_callback 証明書検証ãŒå¤±æ•—ã—ãŸéš›ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯é–¢æ•°ã€‚å¿…è¦ãŒãªã„ãªã‚‰NULLを指定ã™ã‚‹ã“ã¨ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ãƒªãƒ¢ãƒ¼ãƒˆãƒ”ã‚¢ã®æ¤œè¨¼æ–¹æ³•を設定ã—ã€ã¾ãŸæ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’SSLコンテキストã«ç™»éŒ²ã§ãるよã†ã«ã—ã¾ã™ã€‚検証コールãƒãƒƒã‚¯ã¯æ¤œè¨¼å¤±æ•—ãŒç™ºç”Ÿã—ãŸå ´åˆã«ã®ã¿å‘¼ã³å‡ºã•れã¾ã™ã€‚検証コールãƒãƒƒã‚¯ãŒä¸è¦ãªå ´åˆã¯ã€verify_callbackã«NULLãƒã‚¤ãƒ³ã‚¿ã‚’使用ã§ãã¾ã™ã€‚ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã¯è«–ç†OR演算ã•れãŸãƒ•ラグã®ãƒªã‚¹ãƒˆã§ã™ã€‚å¯èƒ½ãªãƒ•ラグ値ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚SSL_VERIFY_NONE クライアントモード:クライアントã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã›ãšã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯é€šå¸¸é€šã‚Šç¶šè¡Œã•れã¾ã™ã€‚サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã¾ã›ã‚“。ã—ãŸãŒã£ã¦ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ¤œè¨¼ã¯æœ‰åйã«ãªã‚Šã¾ã›ã‚“。SSL_VERIFY_PEER クライアントモード:クライアントã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚ã“れã¯wolfSSLã§ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ã„ã‚‹ãŸã‚ã€ã“ã®ã‚ªãƒ—ションを使用ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã€å—ä¿¡ã—ãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚SSL_VERIFY_FAIL_IF_NO_PEER_CERT クライアントモード:クライアントå´ã§ä½¿ç”¨ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒè¦æ±‚ã•れãŸã¨ãã«è¨¼æ˜Žæ›¸ã®é€ä¿¡ã«å¤±æ•—ã—ãŸå ´åˆï¼ˆSSLサーãƒãƒ¼ã§SSL_VERIFY_PEERを使用ã—ã¦ã„ã‚‹å ´åˆï¼‰ã€ã‚µãƒ¼ãƒãƒ¼å´ã§æ¤œè¨¼ãŒå¤±æ•—ã—ã¾ã™ã€‚SSL_VERIFY_FAIL_EXCEPT_PSK クライアントモード:クライアントå´ã§ä½¿ç”¨ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šæ¤œè¨¼ã¯SSL_VERIFY_FAIL_IF_NO_PEER_CERTã¨åŒã˜ã§ã™ãŒã€PSK接続ã®å ´åˆã‚’除ãã¾ã™ã€‚PSK接続ãŒè¡Œã‚れã¦ã„ã‚‹å ´åˆã€æŽ¥ç¶šã¯ãƒ”ア証明書ãªã—ã§ç¶šè¡Œã•れã¾ã™ã€‚ + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mode ピアã®è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã‚’示ã™ãƒ•ラグ。 + \param verify_callback 検証ãŒå¤±æ•—ã—ãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚コールãƒãƒƒã‚¯ãŒä¸è¦ãªå ´åˆã¯ã€verify_callbackã«NULLãƒã‚¤ãƒ³ã‚¿ã‚’使用ã§ãã¾ã™ã€‚ _Example_ \code @@ -2246,6 +2282,7 @@ wolfSSL_CTX_set_verify(ctx, (WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), NULL); \endcode + \sa wolfSSL_set_verify */ void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, @@ -2253,29 +2290,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ãƒªãƒ¢ãƒ¼ãƒˆãƒ”ã‚¢ã®æ¤œè¨¼æ–¹æ³•を設定ã—ã€ã¾ãŸè¨¼æ˜Žæ›¸æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’WOLFSSLオブジェクトã«ç™»éŒ²ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ - 検証コールãƒãƒƒã‚¯ã¯ã€æ¤œè¨¼éšœå®³ãŒç™ºç”Ÿã—ãŸå ´åˆã«ã®ã¿å‘¼ã³å‡ºã•れã¾ã™ã€‚ - 検証コールãƒãƒƒã‚¯ãŒå¿…è¦ãªå ´åˆã¯ã€NULLãƒã‚¤ãƒ³ã‚¿ã‚’verify_callbackã«ä½¿ç”¨ã§ãã¾ã™ã€‚ - ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã¯ã€è«–ç†çš„ã¾ãŸã¯ãƒ•ラグã®ãƒªã‚¹ãƒˆã§ã™ã€‚ - å¯èƒ½ãªãƒ•ãƒ©ã‚°å€¤ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™:
    - SSL_VERIFY_NONE
    - -クライアントモード:クライアントã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã›ãšã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯é€šå¸¸ã©ãŠã‚Šç¶šãã¾ã™ã€‚
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã¾ã›ã‚“。ãã®ãŸã‚ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ¤œè¨¼ã¯æœ‰åйã«ãªã‚Šã¾ã›ã‚“。
    - SSL_VERIFY_PEER
    - -クライアントモード:クライアントã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚ã“れã¯wolfSSLã§ã¯ãƒ‡ãƒ•ォルトã§ã‚ªãƒ³ã«ã•れã¾ã™ã€‚ã—ãŸãŒã£ã¦ã€ã“ã®ã‚ªãƒ—ションを使用ã™ã‚‹ã¨åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯è¨¼æ˜Žæ›¸è¦æ±‚をクライアントã«é€ä¿¡ã—ã€å—ä¿¡ã—ãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’確èªã—ã¾ã™ã€‚
    - SSL_VERIFY_FAIL_IF_NO_PEER_CERT
    - -クライアントモード:クライアントå´ã§ä½¿ç”¨ã•れã¦ã„ãªã„å ´åˆã¯åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šè¦æ±‚ã•れãŸã¨ãã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒè¨¼æ˜Žæ›¸ã®é€ä¿¡ã«å¤±æ•—ã—ãŸå ´åˆã¯ã€ã‚µãƒ¼ãƒãƒ¼å´ã§æ¤œè¨¼ãŒå¤±æ•—ã—ã¾ã™ï¼ˆSSLサーãƒãƒ¼ã®SSL_VERIFY_PEERを使用ã™ã‚‹å ´åˆï¼‰ã€‚
    - SSL_VERIFY_FAIL_EXCEPT_PSK
    - -クライアントモード:クライアントå´ã§ä½¿ç”¨ã•れã¦ã„ãªã„å ´åˆã¯åŠ¹æžœãŒã‚りã¾ã›ã‚“。
    - -サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šPSK接続ã®å ´åˆã‚’除ãã€æ¤œè¨¼ã¯SSL_VERIFY_FAIL_IF_NO_PEER_CERTã¨åŒã˜ã§ã™ã€‚ PSK接続ãŒè¡Œã‚れã¦ã„ã‚‹å ´åˆã€æŽ¥ç¶šã¯ãƒ”ア証明書ãªã—ã§é€šéŽã—ã¾ã™ã€‚
    - - \return ãªã— - - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param mode ピアã®è¨¼æ˜Žæ›¸ã‚’ã©ã®ã‚ˆã†ã«æ¤œè¨¼ã™ã‚‹ã‹ã‚’示ã™ãƒ•ラグ値 - \param verify_callback 証明書検証ãŒå¤±æ•—ã—ãŸéš›ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯é–¢æ•°ã€‚å¿…è¦ãŒãªã„ãªã‚‰NULLを指定ã™ã‚‹ã“ã¨ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ãƒªãƒ¢ãƒ¼ãƒˆãƒ”ã‚¢ã®æ¤œè¨¼æ–¹æ³•を設定ã—ã€ã¾ãŸæ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’SSLセッションã«ç™»éŒ²ã§ãるよã†ã«ã—ã¾ã™ã€‚検証コールãƒãƒƒã‚¯ã¯æ¤œè¨¼å¤±æ•—ãŒç™ºç”Ÿã—ãŸå ´åˆã«ã®ã¿å‘¼ã³å‡ºã•れã¾ã™ã€‚検証コールãƒãƒƒã‚¯ãŒä¸è¦ãªå ´åˆã¯ã€verify_callbackã«NULLãƒã‚¤ãƒ³ã‚¿ã‚’使用ã§ãã¾ã™ã€‚ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã¯è«–ç†OR演算ã•れãŸãƒ•ラグã®ãƒªã‚¹ãƒˆã§ã™ã€‚å¯èƒ½ãªãƒ•ラグ値ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚SSL_VERIFY_NONE クライアントモード:クライアントã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã›ãšã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯é€šå¸¸é€šã‚Šç¶šè¡Œã•れã¾ã™ã€‚サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã¾ã›ã‚“。ã—ãŸãŒã£ã¦ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ¤œè¨¼ã¯æœ‰åйã«ãªã‚Šã¾ã›ã‚“。SSL_VERIFY_PEER クライアントモード:クライアントã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰å—ä¿¡ã—ãŸè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚ã“れã¯wolfSSLã§ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ã„ã‚‹ãŸã‚ã€ã“ã®ã‚ªãƒ—ションを使用ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚µãƒ¼ãƒãƒ¼ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«è¨¼æ˜Žæ›¸è¦æ±‚ã‚’é€ä¿¡ã—ã€å—ä¿¡ã—ãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’検証ã—ã¾ã™ã€‚SSL_VERIFY_FAIL_IF_NO_PEER_CERT クライアントモード:クライアントå´ã§ä½¿ç”¨ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒè¦æ±‚ã•れãŸã¨ãã«è¨¼æ˜Žæ›¸ã®é€ä¿¡ã«å¤±æ•—ã—ãŸå ´åˆï¼ˆSSLサーãƒãƒ¼ã§SSL_VERIFY_PEERを使用ã—ã¦ã„ã‚‹å ´åˆï¼‰ã€ã‚µãƒ¼ãƒãƒ¼å´ã§æ¤œè¨¼ãŒå¤±æ•—ã—ã¾ã™ã€‚SSL_VERIFY_FAIL_EXCEPT_PSK クライアントモード:クライアントå´ã§ä½¿ç”¨ã—ã¦ã‚‚効果ã¯ã‚りã¾ã›ã‚“。サーãƒãƒ¼ãƒ¢ãƒ¼ãƒ‰ï¼šæ¤œè¨¼ã¯SSL_VERIFY_FAIL_IF_NO_PEER_CERTã¨åŒã˜ã§ã™ãŒã€PSK接続ã®å ´åˆã‚’除ãã¾ã™ã€‚PSK接続ãŒè¡Œã‚れã¦ã„ã‚‹å ´åˆã€æŽ¥ç¶šã¯ãƒ”ア証明書ãªã—ã§ç¶šè¡Œã•れã¾ã™ã€‚ + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mode ピアã®è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ãƒ¢ãƒ¼ãƒ‰ã‚’示ã™ãƒ•ラグ。 + \param verify_callback 検証ãŒå¤±æ•—ã—ãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã€‚コールãƒãƒƒã‚¯ãŒä¸è¦ãªå ´åˆã¯ã€verify_callbackã«NULLãƒã‚¤ãƒ³ã‚¿ã‚’使用ã§ãã¾ã™ã€‚ _Example_ \code @@ -2283,17 +2305,20 @@ ... wolfSSL_set_verify(ssl, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); \endcode + \sa wolfSSL_CTX_set_verify */ void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼CTXオブジェクト情報を格ç´ã—ã¾ã™ã€‚ - \return ãªã— - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ctx ボイドãƒã‚¤ãƒ³ã‚¿ã€‚WOLFSSL構造体ã®verifyCbCtx メンãƒãƒ¼ã«ã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ç”¨ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼CTXオブジェクト情報を格ç´ã—ã¾ã™ã€‚ + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ctx WOLFSSL構造体ã®verifyCbCtxメンãƒã®å€¤ã«è¨­å®šã•れるvoidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2302,11 +2327,12 @@ (void*)ctx; ... if(ssl != NULL){ - wolfSSL_SetCertCbCtx(ssl, ctx); + wolfSSL_SetCertCbCtx(ssl, ctx); } else { - // Error case, the SSL is not initialized properly. + // エラーケースã€SSLãŒé©åˆ‡ã«åˆæœŸåŒ–ã•れã¦ã„ã¾ã›ã‚“。 } \endcode + \sa wolfSSL_CTX_save_cert_cache \sa wolfSSL_CTX_restore_cert_cache \sa wolfSSL_CTX_set_verify @@ -2315,22 +2341,26 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼CTXオブジェクト情報を格ç´ã—ã¾ã™ã€‚ - \return ãªã— - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ctx ボイドãƒã‚¤ãƒ³ã‚¿ã€‚WOLFSSL_CTX構造体ã®verifyCbCtx メンãƒãƒ¼ã«ã‚»ãƒƒãƒˆã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ç”¨ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼CTXオブジェクト情報を格ç´ã—ã¾ã™ã€‚ + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param userCtx WOLFSSL_CTX構造体ã®verifyCbCtxメンãƒã®å€¤ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるvoidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); - void* userCtx = NULL; // Assign some user defined context + void* userCtx = NULL; // ユーザー定義ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’割り当㦠... if(ctx != NULL){ wolfSSL_SetCertCbCtx(ctx, userCtx); } else { - // Error case, the SSL is not initialized properly. + // エラーケースã€SSLãŒé©åˆ‡ã«åˆæœŸåŒ–ã•れã¦ã„ã¾ã›ã‚“。 } \endcode + \sa wolfSSL_CTX_save_cert_cache \sa wolfSSL_CTX_restore_cert_cache \sa wolfSSL_CTX_set_verify @@ -2339,9 +2369,12 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_read()ã«ã‚ˆã£ã¦èª­ã¿å–られるWOLFSSLオブジェクトã§ãƒãƒƒãƒ•ã‚¡ã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return ã“ã®é–¢æ•°ã¯ã€ä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯SSLオブジェクト内ã§ãƒãƒƒãƒ•ァリングã•れã€wolfSSL_read()ã«ã‚ˆã£ã¦èª­ã¿å–りå¯èƒ½ãªåˆ©ç”¨å¯èƒ½ãªãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \return int ã“ã®é–¢æ•°ã¯ä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2350,24 +2383,29 @@ ... pending = wolfSSL_pending(ssl); - printf(“There are %d bytes buffered and available for readingâ€, pending); + printf("ãƒãƒƒãƒ•ァリングã•れ読ã¿å–りå¯èƒ½ãª%dãƒã‚¤ãƒˆãŒã‚りã¾ã™", pending); \endcode + \sa wolfSSL_recv \sa wolfSSL_read \sa wolfSSL_peek */ -int wolfSSL_pending(WOLFSSL*); +int wolfSSL_pending(WOLFSSL* ssl); /*! \ingroup Debug - \brief ã“ã®æ©Ÿèƒ½ã¯OpenSSL API(SSL_load_error_string)ã¨ã®äº’æ›æ€§ã®ç›®çš„ã¿ã§æä¾›ã—ã¦ã‚り処ç†ã¯è¡Œã„ã¾ã›ã‚“。 - \return ãªã— - \param ãªã— + + \brief ã“ã®é–¢æ•°ã¯OpenSSLäº’æ›æ€§ï¼ˆSSL_load_error_string)ã®ãŸã‚ã®ã‚‚ã®ã§ã‚りã€ä½•も動作を行ã„ã¾ã›ã‚“。 + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code wolfSSL_load_error_strings(); \endcode + \sa wolfSSL_get_error \sa wolfSSL_ERR_error_string \sa wolfSSL_ERR_error_string_n @@ -2378,33 +2416,37 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯wolfSSL_CTX_new()内ã§å†…部的ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯wolfSSL_Init()ã®ãƒ©ãƒƒãƒ‘ーã§ã€wolfSSLãŒOpenSSL互æ›å±¤ã§ã‚³ãƒ³ãƒ‘イルã•れãŸã¨ãã®OpenSSL API(ssl_library_init)ã¨ã®äº’æ›æ€§ã®ç‚ºã«å­˜åœ¨ã—ã¾ã™ã€‚ - wolfSSL_init()ã¯ã€ã‚ˆã‚Šä¸€èˆ¬çš„ã«ä½¿ç”¨ã•れã¦ã„ã‚‹wolfSSLåˆæœŸåŒ–機能ã§ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯wolfSSL_CTX_new()内ã§å†…部的ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wolfSSL_Init()ã®ãƒ©ãƒƒãƒ‘ーã§ã‚りã€wolfSSLãŒOpenSSLäº’æ›æ€§ãƒ¬ã‚¤ãƒ¤ãƒ¼ã§ã‚³ãƒ³ãƒ‘イルã•れãŸå ´åˆã®OpenSSLäº’æ›æ€§ï¼ˆSSL_library_init)ã®ãŸã‚ã«å­˜åœ¨ã—ã¾ã™ã€‚wolfSSL_Init()ã¯ã€ã‚ˆã‚Šä¸€èˆ¬çš„ã«ä½¿ç”¨ã•れるwolfSSLåˆæœŸåŒ–関数ã§ã™ã€‚ + + \return SSL_SUCCESS 呼ã³å‡ºã—ãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR 失敗時ã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code int ret = 0; ret = wolfSSL_library_init(); if (ret != SSL_SUCCESS) { - failed to initialize wolfSSL + // wolfSSLã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—㟠} ... \endcode + \sa wolfSSL_Init \sa wolfSSL_Cleanup */ int wolfSSL_library_init(void); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSLオブジェクトレベルã§Device Idをセットã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param devId ãƒãƒ¼ãƒ‰ã‚¦ã‚¨ã‚¢ã¨å…±ã«ä½¿ç”¨ã™ã‚‹éš›ã«æŒ‡å®šã™ã‚‹ID + \brief ã“ã®é–¢æ•°ã¯WOLFSSLセッションレベルã§Device Idを設定ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ _Example_ \code @@ -2414,19 +2456,20 @@ wolfSSL_SetDevId(ssl, devId); \endcode + \sa wolfSSL_CTX_SetDevId \sa wolfSSL_CTX_GetDevId */ int wolfSSL_SetDevId(WOLFSSL* ssl, int devId); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSL_CTXレベルã§Device Idをセットã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯WOLFSSL_CTXコンテキストレベルã§Device Idを設定ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param devId ãƒãƒ¼ãƒ‰ã‚¦ã‚¨ã‚¢ã¨å…±ã«ä½¿ç”¨ã™ã‚‹éš›ã«æŒ‡å®šã™ã‚‹ID + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param devId æš—å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¾ãŸã¯éžåŒæœŸãƒãƒ¼ãƒ‰ã‚¦ã‚§ã‚¢ã§ä½¿ç”¨ã™ã‚‹ID。使用ã—ãªã„å ´åˆã¯INVALID_DEVID(-2)ã«è¨­å®šã—ã¾ã™ã€‚ _Example_ \code @@ -2436,17 +2479,20 @@ wolfSSL_CTX_SetDevId(ctx, devId); \endcode + \sa wolfSSL_SetDevId \sa wolfSSL_CTX_GetDevId */ int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSL_CTXレベルã§Device Idã‚’å–å¾—ã—ã¾ã™ã€‚ - \return devId æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return INVALID_DEVID SSLã¨CTXã®ä¸¡æ–¹ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯Device Idã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return devId æˆåŠŸæ™‚ã€‚ + \return INVALID_DEVID sslã¨ctxã®ä¸¡æ–¹ãŒNULLã®å ´åˆã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2455,22 +2501,22 @@ wolfSSL_CTX_GetDevId(ctx, ssl); \endcode + \sa wolfSSL_SetDevId \sa wolfSSL_CTX_SetDevId + */ int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯SSLセッションキャッシュ機能を有効ã¾ãŸã¯ç„¡åйã«ã—ã¾ã™ã€‚ - 動作ã¯ãƒ¢ãƒ¼ãƒ‰ã«ä½¿ç”¨ã•れる値ã«ã‚ˆã£ã¦ç•°ãªã‚Šã¾ã™ã€‚ - モードã®å€¤ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ï¼š - SSL_SESS_CACHE_OFF - セッションキャッシングを無効ã«ã—ã¾ã™ã€‚デフォルトã§ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ³ã‚°ãŒã‚ªãƒ³ã«ãªã£ã¦ã„ã¾ã™ã€‚ - SSL_SESS_CACHE_NO_AUTO_CLEAR - セッションキャッシュã®ã‚ªãƒ¼ãƒˆãƒ•ラッシュを無効ã«ã—ã¾ã™ã€‚デフォルトã§è‡ªå‹•フラッシングã¯ã‚ªãƒ³ã«ãªã£ã¦ã„ã¾ã™ã€‚ - - \return SSL_SUCCESS æˆåŠŸã«æˆ»ã‚Šã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mode ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã®æŒ¯ã‚‹èˆžã„を変更ã™ã‚‹ç‚ºã«ä½¿ç”¨ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯SSLセッションキャッシングを有効ã¾ãŸã¯ç„¡åйã«ã—ã¾ã™ã€‚動作ã¯modeã«ä½¿ç”¨ã•れる値ã«ä¾å­˜ã—ã¾ã™ã€‚modeã«ä½¿ç”¨ã§ãる値ã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™ã€‚SSL_SESS_CACHE_OFF - セッションキャッシングを無効ã«ã—ã¾ã™ã€‚セッションキャッシングã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚SSL_SESS_CACHE_NO_AUTO_CLEAR - セッションキャッシュã®è‡ªå‹•フラッシュを無効ã«ã—ã¾ã™ã€‚自動フラッシュã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mode セッションキャッシュã®å‹•作を変更ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる修飾å­ã€‚ _Example_ \code @@ -2478,9 +2524,10 @@ ... ret = wolfSSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); if (ret != SSL_SUCCESS) { - // failed to turn SSL session caching off + // SSLセッションキャッシングをオフã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_flush_sessions \sa wolfSSL_get1_session \sa wolfSSL_set_session @@ -2490,48 +2537,53 @@ long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode); /*! - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’セットã—ã¾ã™ã€‚ - SessionSecretCbã‚¿ã‚¤ãƒ—ã¯æ¬¡ã®ã‚·ã‚°ãƒãƒãƒ£ã¨ãªã£ã¦ã„ã¾ã™ï¼šint(* sessioneCretcb)(wolfssl * sslã€void * secretã€int * secretszã€void * ctx)。 - WOLFSSL構造体ã®sessionSecretCbメンãƒãƒ¼ã¯å¼•æ•°cbã«è¨­å®šã•れã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒã‚¨ãƒ©ãƒ¼ã‚’è¿”ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR WOLFSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param cb セッションシークレットコールãƒãƒƒã‚¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ctx セッションシークレットコールãƒãƒƒã‚¯é–¢æ•°ã«æ¸¡ã•れるユーザーコンテキスト。 + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚SessionSecretCbåž‹ã¯æ¬¡ã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¡ã¾ã™:int (*SessionSecretCb)(WOLFSSL* ssl, void* secret, int* secretSz, void* ctx)。WOLFSSL構造体ã®sessionSecretCbメンãƒãŒã€ãƒ‘ラメータcbã«è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒã‚¨ãƒ©ãƒ¼ã‚’è¿”ã•ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb 上記ã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¤é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹SessionSecretCb型。 + \param ctx ä¿å­˜ã•れるユーザコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); WOLFSSL* ssl = wolfSSL_new(ctx); - // Signature of SessionSecretCb + // SessionSecretCbã®ã‚·ã‚°ãƒãƒãƒ£ int SessionSecretCB (WOLFSSL* ssl, void* secret, int* secretSz, void* ctx) = SessionSecretCb; … int wolfSSL_set_session_secret_cb(ssl, SessionSecretCB, (void*)ssl->ctx){ - // Function body. + // 関数本体。 } \endcode + \sa SessionSecretCb */ int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ•ã‚¡ã‚¤ãƒ«ã«æŒç¶šã—ã¾ã™ã€‚追加ã®ãƒ¡ãƒ¢ãƒªä½¿ç”¨ã®ãŸã‚ã€memsaveã¯ä½¿ç”¨ã•れã¾ã›ã‚“。 - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚セッションキャッシュã¯ãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¾ã‚Œã¾ã—ãŸã€‚ - \return SSL_BAD_FILE FNAMEã‚’é–‹ãã“ã¨ãŒã§ããªã„ã‹ã€ãれ以外ã®å ´åˆã¯ç ´æã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return FWRITE_ERROR XfWriteãŒãƒ•ァイルã¸ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ミューテックスロック障害ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param fname 書ãè¾¼ã¿å¯¾è±¡ãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ•ã‚¡ã‚¤ãƒ«ã«æ°¸ç¶šåŒ–ã—ã¾ã™ã€‚追加ã®ãƒ¡ãƒ¢ãƒªä½¿ç”¨é‡ã®ãŸã‚ã€memsaveã¯ä½¿ç”¨ã—ã¾ã›ã‚“。 + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚セッションキャッシュãŒãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¾ã‚Œã¾ã—ãŸã€‚ + \return SSL_BAD_FILE fnameã‚’é–‹ãã“ã¨ãŒã§ããªã„ã‹ã€ã¾ãŸã¯ãれ以外ã®ç†ç”±ã§ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return FWRITE_ERROR XFWRITEãŒãƒ•ァイルã¸ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexロックã®å¤±æ•—ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param fname 書ãè¾¼ã¿ç”¨ãƒ•ァイルを指ã™å®šæ•°charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code const char* fname; ... if(wolfSSL_save_session_cache(fname) != SSL_SUCCESS){ - // Fail to write to file. + // ファイルã¸ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa XFWRITE \sa wolfSSL_restore_session_cache \sa wolfSSL_memrestore_session_cache @@ -2540,23 +2592,26 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ãƒ•ァイルã‹ã‚‰æ°¸ç¶šã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’復元ã—ã¾ã™ã€‚追加ã®ãƒ¡ãƒ¢ãƒªä½¿ç”¨ã®ãŸã‚ã€memstoreã¯ä½¿ç”¨ã—ã¾ã›ã‚“。 - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE é–¢æ•°ã«æ¸¡ã•れãŸãƒ•ァイルãŒç ´æã—ã¦ã„ã¦XFOPENã«ã‚ˆã£ã¦é–‹ãã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return FREAD_ERROR ファイルã«XFREADã‹ã‚‰èª­ã¿å–りエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return CACHE_MATCH_ERROR セッションキャッシュヘッダã®ä¸€è‡´ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ミューテックスロック障害ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param fname キャシュを読ã¿å–ã‚‹ãŸã‚ã®ãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æ°¸ç¶šçš„ãªã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ファイルã‹ã‚‰å¾©å…ƒã—ã¾ã™ã€‚追加ã®ãƒ¡ãƒ¢ãƒªä½¿ç”¨é‡ã®ãŸã‚ã€memstoreã¯ä½¿ç”¨ã—ã¾ã›ã‚“。 + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE é–¢æ•°ã«æ¸¡ã•れãŸãƒ•ァイルãŒç ´æã—ã¦ãŠã‚Šã€XFOPENã§é–‹ãã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return FREAD_ERROR ファイルãŒXFREADã‹ã‚‰ã®èª­ã¿å–りエラーをæŒã£ã¦ã„ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return CACHE_MATCH_ERROR セッションキャッシュヘッダã®ãƒžãƒƒãƒãƒ³ã‚°ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexロックã®å¤±æ•—ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param fname 読ã¿å–られる定数charåž‹ãƒã‚¤ãƒ³ã‚¿ãƒ•ァイル入力。 _Example_ \code const char *fname; ... if(wolfSSL_restore_session_cache(fname) != SSL_SUCCESS){ - // Failure case. The function did not return SSL_SUCCESS. + // 失敗ケースã§ã™ã€‚関数ã¯SSL_SUCCESSã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa XFREAD \sa XFOPEN */ @@ -2564,22 +2619,26 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’メモリã«ä¿æŒã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚セッションキャッシュã¯ãƒ¡ãƒ¢ãƒªã«æ­£å¸¸ã«æ°¸ç¶šåŒ–ã•れã¾ã—ãŸã€‚ - \return BAD_MUTEX_E ミューテックスロックエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒãƒƒãƒ•ァサイズãŒå°ã•ã™ãŽã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \param mem セッションキャッシュã®ã‚³ãƒ”ー先ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz コピー先ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ¡ãƒ¢ãƒªã«æ°¸ç¶šåŒ–ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚セッションキャッシュãŒãƒ¡ãƒ¢ãƒªã«æ­£å¸¸ã«æ°¸ç¶šåŒ–ã•れã¾ã—ãŸã€‚ + \return BAD_MUTEX_E mutexロックエラーãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒãƒƒãƒ•ァサイズãŒå°ã•ã™ãŽãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param mem メモリコピーXMEMCPY()ã®å®›å…ˆã‚’表ã™voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz memã®ã‚µã‚¤ã‚ºã‚’表ã™int型。 _Example_ \code void* mem; - int sz; // Max size of the memory buffer. + int sz; // メモリãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§ã‚µã‚¤ã‚ºã€‚ … if(wolfSSL_memsave_session_cache(mem, sz) != SSL_SUCCESS){ - // Failure case, you did not persist the session cache to memory + // 失敗ケースã§ã™ã€‚ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ¡ãƒ¢ãƒªã«æ°¸ç¶šåŒ–ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa XMEMCPY \sa wolfSSL_get_session_cache_memsize */ @@ -2587,13 +2646,16 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ãƒ¡ãƒ¢ãƒªã‹ã‚‰æ°¸ç¶šã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’復元ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E メモリãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E セッションキャッシュミューテックスロックãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return CACHE_MATCH_ERROR セッションキャッシュヘッダã®ä¸€è‡´ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param mem ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€æ°¸ç¶šçš„ãªã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’メモリã‹ã‚‰å¾©å…ƒã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E メモリãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E セッションキャッシュã®mutexロックã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return CACHE_MATCH_ERROR セッションキャッシュヘッダã®ãƒžãƒƒãƒãƒ³ã‚°ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param mem 復元ã®ã‚½ãƒ¼ã‚¹ã‚’å«ã‚€å®šæ•°voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz メモリãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°ã€‚ _Example_ \code @@ -2601,41 +2663,50 @@ int szMf; ... if(wolfSSL_memrestore_session_cache(memoryFile, szMf) != SSL_SUCCESS){ - // Failure case. SSL_SUCCESS was not returned. + // 失敗ケースã§ã™ã€‚SSL_SUCCESSãŒè¿”ã•れã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_save_session_cache */ int wolfSSL_memrestore_session_cache(const void* mem, int sz); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ä¿å­˜ãƒãƒƒãƒ•ã‚¡ã‚’ã©ã®ã‚ˆã†ã«å¤§ããã™ã‚‹ã‹ã‚’è¿”ã—ã¾ã™ã€‚ - \return ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ä¿å­˜ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã®ä¿å­˜ãƒãƒƒãƒ•ã‚¡ãŒã©ã®ãらã„大ããã‚ã‚‹ã¹ãã‹ã‚’è¿”ã—ã¾ã™ã€‚ + + \return int ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã®ä¿å­˜ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code - int sz = // Minimum size for error checking; + int sz = // エラーãƒã‚§ãƒƒã‚¯ã®ãŸã‚ã®æœ€å°ã‚µã‚¤ã‚º; ... if(sz < wolfSSL_get_session_cache_memsize()){ - // Memory buffer is too small + // メモリãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã¾ã™ã€‚ } \endcode + \sa wolfSSL_memrestore_session_cache */ int wolfSSL_get_session_cache_memsize(void); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯Certキャッシュをメモリã‹ã‚‰ãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚ - \return SSL_SUCCESS CM_SaveCertCacheãŒæ­£å¸¸ã«çµ‚了ã—ãŸå ´åˆã€‚ - \return BAD_FUNC_ARG 引数ã®ã„ãšã‚Œã‹ã®å¼•æ•°ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE 証明書キャッシュä¿å­˜ãƒ•ァイルを開ãã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã€‚ - \return BAD_MUTEX_E ロックミューテックスãŒå¤±æ•—ã—ãŸå ´åˆ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ - \return FWRITE_ERROR è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ãƒ•ã‚¡ã‚¤ãƒ«ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€è¨¼æ˜Žæ›¸æƒ…å ±ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param fname 出力先ファイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’メモリã‹ã‚‰ãƒ•ã‚¡ã‚¤ãƒ«ã«æ›¸ãè¾¼ã¿ã¾ã™ã€‚ + + \return SSL_SUCCESS CM_SaveCertCacheãŒæ­£å¸¸ã«çµ‚了ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®å¼•æ•°ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE 証明書キャッシュä¿å­˜ãƒ•ァイルを開ãã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E ロックmutexãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return FWRITE_ERROR è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ãƒ•ã‚¡ã‚¤ãƒ«ã®æ›¸ãè¾¼ã¿ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ + + \param ctx è¨¼æ˜Žæ›¸æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fname 書ãè¾¼ã¿ç”¨ãƒ•ァイルを指ã™å®šæ•°charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2643,9 +2714,10 @@ const char* fname; ... if(wolfSSL_CTX_save_cert_cache(ctx, fname)){ - // file was written. + // ãƒ•ã‚¡ã‚¤ãƒ«ãŒæ›¸ãè¾¼ã¾ã‚Œã¾ã—ãŸã€‚ } \endcode + \sa CM_SaveCertCache \sa DoMemSaveCertCache */ @@ -2653,24 +2725,28 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ãƒ•ァイルã‹ã‚‰è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’担当ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 正常ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE XFOPENãŒXBADFILEã‚’è¿”ã™ã¨è¿”ã•れã¾ã™ã€‚ファイルãŒç ´æã—ã¦ã„ã¾ã™ã€‚ - \return MEMORY_E TEMPãƒãƒƒãƒ•ã‚¡ã®å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数fnameã¾ãŸã¯å¼•æ•°ctxãŒNULLã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€è¨¼æ˜Žæ›¸æƒ…å ±ã‚’ä¿æŒã—ã¾ã™ã€‚ - \param fname 証明書キャッシュを読ã¿å–るファイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ファイルã‹ã‚‰æ°¸ç¶šåŒ–ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数CM_RestoreCertCacheãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE XFOPENãŒXBADFILEã‚’è¿”ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ファイルãŒç ´æã—ã¦ã„ã¾ã™ã€‚ + \return MEMORY_E 一時ãƒãƒƒãƒ•ã‚¡ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG fnameã¾ãŸã¯ctxãŒNULL値をæŒã¤å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx è¨¼æ˜Žæ›¸æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fname 読ã¿å–り用ファイルを指ã™å®šæ•°charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); WOLFSSL* ssl = wolfSSL_new(ctx); - const char* fname = "path to file"; + const char* fname = "ファイルã¸ã®ãƒ‘ス"; ... if(wolfSSL_CTX_restore_cert_cache(ctx, fname)){ - // check to see if the execution was successful + // å®Ÿè¡ŒãŒæˆåŠŸã—ãŸã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ } \endcode + \sa CM_RestoreCertCache \sa XFOPEN */ @@ -2678,15 +2754,18 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ¡ãƒ¢ãƒªã«æŒç¶šã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ã‚¨ãƒ©ãƒ¼ãŒæŠ•ã’られã¦ã„ã¾ã›ã‚“。 - \return BAD_MUTEX_E WOLFSSL_CERT_MANAGER構造体ã®caLockメンãƒãƒ¼0(ゼロ)ã§ã¯ãªã‹ã£ãŸã€‚ - \return BAD_FUNC_ARG 引数ctxã€memãŒNULLã®å ´åˆã€ã¾ãŸã¯szãŒ0以下ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡MEMãŒå°ã•ã™ãŽã¾ã—ãŸã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mem 宛先ã¸ã®voidãƒã‚¤ãƒ³ã‚¿ï¼ˆå‡ºåŠ›ãƒãƒƒãƒ•ァ)。 - \param sz 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ - \param used 証明書キャッシュヘッダーã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹å¤‰æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’ãƒ¡ãƒ¢ãƒªã«æ°¸ç¶šåŒ–ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E WOLFSSL_CERT_MANAGERメンãƒcaLockãŒ0(ゼロ)ã§ãªã‹ã£ãŸmutexエラー。 + \return BAD_FUNC_ARG ctxã€memã€ã¾ãŸã¯usedãŒNULLã®å ´åˆã€ã¾ãŸã¯szãŒ0(ゼロ)以下ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 出力ãƒãƒƒãƒ•ã‚¡memãŒå°ã•ã™ãŽã¾ã—ãŸã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem 宛先(出力ãƒãƒƒãƒ•ã‚¡)ã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param used 証明書キャッシュヘッダã®ã‚µã‚¤ã‚ºã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2696,9 +2775,10 @@ int* used; ... if(wolfSSL_CTX_memsave_cert_cache(ctx, mem, sz, used) != SSL_SUCCESS){ - // The function returned with an error + // 関数ãŒã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã—ãŸã€‚ } \endcode + \sa DoMemSaveCertCache \sa GetCertCacheMemSize \sa CM_MemRestoreCertCache @@ -2708,15 +2788,18 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’メモリã‹ã‚‰å¾©å…ƒã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXã¾ãŸã¯MEMパラメータãŒNULLã¾ãŸã¯SZパラメータãŒã‚¼ãƒ­ä»¥ä¸‹ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E CERTキャッシュメモリãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹ã¨æˆ»ã‚Šã¾ã™ã€‚ - \return CACHE_MATCH_ERROR CERTキャッシュヘッダーã®ä¸ä¸€è‡´ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ロックミューテックスãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param mem 証明書キャッシュã«å¾©å…ƒã•ã‚Œã‚‹å€¤ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã‚­ãƒ£ãƒƒã‚·ãƒ¥ã‚’メモリã‹ã‚‰å¾©å…ƒã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯memパラメータãŒNULLã®å ´åˆã€ã¾ãŸã¯szパラメータãŒ0以下ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E 証明書キャッシュã®ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ãŒå°ã•ã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return CACHE_MATCH_ERROR 証明書キャッシュヘッダã®ä¸ä¸€è‡´ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E ロックmutexãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mem 証明書キャッシュã«å¾©å…ƒã•れる値をæŒã¤voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz memパラメータã®ã‚µã‚¤ã‚ºã‚’表ã™int型。 _Example_ \code @@ -2726,21 +2809,24 @@ int sz = (*int) sizeof(mem); … if(wolfSSL_CTX_memrestore_cert_cache(ssl->ctx, mem, sz)){ - // The success case + // æˆåŠŸã‚±ãƒ¼ã‚¹ } \endcode + \sa CM_MemRestoreCertCache */ int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz); /*! \ingroup CertsKeys - \brief Certificate Cache Saveãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦ãªã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return メモリサイズを返ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ミューテックスロックエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief 証明書キャッシュã®ä¿å­˜ãƒãƒƒãƒ•ã‚¡ã«å¿…è¦ãªã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return int æˆåŠŸæ™‚ã«ãƒ¡ãƒ¢ãƒªã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°å€¤ãŒè¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexロックエラーãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸwolfSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2749,40 +2835,36 @@ int certCacheSize = wolfSSL_CTX_get_cert_cache_memsize(ctx); if(certCacheSize != BAD_FUNC_ARG || certCacheSize != BAD_MUTEX_E){ - // Successfully retrieved the memory size. + // メモリサイズã®å–å¾—ã«æˆåŠŸã—ã¾ã—ãŸã€‚ } \endcode + \sa CM_GetCertCacheMemSize */ int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ä¸Žãˆã‚‰ã‚ŒãŸWOLFSSL_CTXã«æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ - ã“ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã¯ã€ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’使用ã—ã¦ä½œæˆã•ã‚ŒãŸæ–°ã—ã„SSLセッション(WolfSSL)ã®ãƒ‡ãƒ•ォルトリストã«ãªã‚Šã¾ã™ã€‚ - ãƒªã‚¹ãƒˆå†…ã®æš—å·ã¯ã€å„ªå…ˆåº¦ã®é«˜ã„ã‚‚ã®ã®é †ã«é †ã«ã‚½ãƒ¼ãƒˆã•れるã¹ãã§ã™ã€‚ - wolfSSL_CTX_set_cipher_list()ãŒå‘¼ã³å‡ºã•れる都度ã€ç‰¹å®šã®SSLã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’æä¾›ã•れãŸãƒªã‚¹ãƒˆã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã¯ãƒŒãƒ«çµ‚端ã•れãŸã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã™ã€‚ - ãŸã¨ãˆã°ã€ãƒªã‚¹ãƒˆã®å€¤ãŒã€ŒDHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256ã€æœ‰åŠ¹ãªæš—å·å€¤ã¯ã€src/internal.cã®cipher_names []é…列ã®ãƒ•ルãƒãƒ¼ãƒ å€¤ã§ã™ã€‚ - ï¼ˆæœ‰åŠ¹ãªæš—å·åŒ–å€¤ã®æ˜Žç¢ºãªãƒªã‚¹ãƒˆã®å ´åˆã¯src/internal.cã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦ãã ã•ã„) - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸWOLFSSL_CTXã«å¯¾ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ã“ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã¯ã€ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’使用ã—ã¦ä½œæˆã•ã‚ŒãŸæ–°ã—ã„SSLセッション(WOLFSSL)ã®ãƒ‡ãƒ•ォルトリストã«ãªã‚Šã¾ã™ã€‚ãƒªã‚¹ãƒˆå†…ã®æš—å·ã¯ã€å„ªå…ˆåº¦ã®é«˜ã„é †ã‹ã‚‰ä½Žã„é †ã«ä¸¦ã¹ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚wolfSSL_CTX_set_cipher_list()を呼ã³å‡ºã™ãŸã³ã«ã€é–¢æ•°ãŒå‘¼ã³å‡ºã•れるãŸã³ã«ã€ç‰¹å®šã®SSLã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆãŒæä¾›ã•れãŸãƒªã‚¹ãƒˆã«ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã§ã‚ã‚‹listã¯ã€nullã§çµ‚端ã•れãŸãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã§ã‚りã€ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®ãƒªã‚¹ãƒˆã§ã™ã€‚例ãˆã°ã€listã®1ã¤ã®å€¤ã¯ã€ŒDHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256ã€ã¨ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚æœ‰åŠ¹ãªæš—å·å€¤ã¯ã€src/internal.cã®cipher_names[]é…列ã‹ã‚‰ã®å®Œå…¨ãªåå‰å€¤ã§ã™(æœ‰åŠ¹ãªæš—å·å€¤ã®æ˜Žç¢ºãªãƒªã‚¹ãƒˆã«ã¤ã„ã¦ã¯ã€src/internal.cを確èªã—ã¦ãã ã•ã„)。 - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param list ヌル終端ã•れãŸã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆæ–‡å­—列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param list 指定ã•れãŸSSLコンテキストã§ä½¿ç”¨ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®nullã§çµ‚端ã•れãŸãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ãŠã‚ˆã³ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã€‚ _Example_ \code WOLFSSL_CTX* ctx = 0; ... ret = wolfSSL_CTX_set_cipher_list(ctx, - “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256â€); + "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"); if (ret != SSL_SUCCESS) { - // failed to set cipher suite list + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_set_cipher_list \sa wolfSSL_CTX_new */ @@ -2790,19 +2872,13 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ç‰¹å®šã®WolfSSLオブジェクト(SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ï¼‰ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ - ã“ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã¯ã€ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’使用ã—ã¦ä½œæˆã•ã‚ŒãŸæ–°ã—ã„SSLセッション(WolfSSL)ã®ãƒ‡ãƒ•ォルトリストã«ãªã‚Šã¾ã™ã€‚ - ãƒªã‚¹ãƒˆå†…ã®æš—å·ã¯ã€å„ªå…ˆåº¦ã®é«˜ã„ã‚‚ã®ã®é †ã«é †ã«ã‚½ãƒ¼ãƒˆã•れるã¹ãã§ã™ã€‚ - wolfSSL_CTX_set_cipher_list()ãŒå‘¼ã³å‡ºã•れる都度ã€ç‰¹å®šã®SSLã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’æä¾›ã•れãŸãƒªã‚¹ãƒˆã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã¯ãƒŒãƒ«çµ‚端ã•れãŸã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã™ã€‚ - ãŸã¨ãˆã°ã€ãƒªã‚¹ãƒˆã®å€¤ãŒã€ŒDHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256ã€æœ‰åŠ¹ãªæš—å·å€¤ã¯ã€src/internal.cã®cipher_names []é…列ã®ãƒ•ルãƒãƒ¼ãƒ å€¤ã§ã™ã€‚ - ï¼ˆæœ‰åŠ¹ãªæš—å·åŒ–å€¤ã®æ˜Žç¢ºãªãƒªã‚¹ãƒˆã®å ´åˆã¯src/internal.cã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦ãã ã•ã„) - \return SSL_SUCCESS æ©Ÿèƒ½å®Œäº†ã«æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸWOLFSSLオブジェクト(SSLセッション)ã«å¯¾ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ãƒªã‚¹ãƒˆå†…ã®æš—å·ã¯ã€å„ªå…ˆåº¦ã®é«˜ã„é †ã‹ã‚‰ä½Žã„é †ã«ä¸¦ã¹ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚wolfSSL_set_cipher_list()を呼ã³å‡ºã™ãŸã³ã«ã€é–¢æ•°ãŒå‘¼ã³å‡ºã•れるãŸã³ã«ã€ç‰¹å®šã®SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆãŒæä¾›ã•れãŸãƒªã‚¹ãƒˆã«ãƒªã‚»ãƒƒãƒˆã•れã¾ã™ã€‚æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã§ã‚ã‚‹listã¯ã€nullã§çµ‚端ã•れãŸãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã§ã‚りã€ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®ãƒªã‚¹ãƒˆã§ã™ã€‚例ãˆã°ã€listã®1ã¤ã®å€¤ã¯ã€ŒDHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256ã€ã¨ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚æœ‰åŠ¹ãªæš—å·å€¤ã¯ã€src/internal.cã®cipher_names[]é…列ã‹ã‚‰ã®å®Œå…¨ãªåå‰å€¤ã§ã™(æœ‰åŠ¹ãªæš—å·å€¤ã®æ˜Žç¢ºãªãƒªã‚¹ãƒˆã«ã¤ã„ã¦ã¯ã€src/internal.cを確èªã—ã¦ãã ã•ã„)。 + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param list ヌル終端ã•れãŸã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆæ–‡å­—列ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param list null終端テキスト文字列ã§ã‚ã‚Šã€æŒ‡å®šã•れãŸSSLセッションã§ä½¿ç”¨ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã€‚ _Example_ \code @@ -2810,24 +2886,24 @@ WOLFSSL* ssl = 0; ... ret = wolfSSL_set_cipher_list(ssl, - “DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256â€); + "DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:AES256-SHA256"); if (ret != SSL_SUCCESS) { - // failed to set cipher suite list + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_set_cipher_list \sa wolfSSL_new */ int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSL DTLSオブジェクトã«ä¸‹å±¤ã®UDP I/Oã¯ãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹ã“ã¨ã‚’通知ã—ã¾ã™ã€‚ - アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãƒŽãƒ³ãƒ–ロッキングUDPソケットを使用ã™ã‚‹å ´åˆã¯ã€wolfSSL_dtls_set_using_nonblock()を呼ã³å‡ºã—ã¾ã™ã€‚ - ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€recvfrom呼ã³å‡ºã—ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã›ãšã«EWOULDBLOCKã‚’å—ä¿¡ã™ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return ãªã— - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param nonblock WOLFSSL構造体ã«ãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹ã“ã¨ã‚’指定ã™ã‚‹ãƒ•ラグ。ノンブロッキングを使用ã—ã¦ã„ã‚‹å ´åˆã«ã¯ï¼‘を指定ã€ãれ以外ã¯0を指定ã—ã¦ãã ã•ã„。 + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL DTLSオブジェクトã«å¯¾ã—ã¦ã€ä¸‹å±¤ã®UDP I/OãŒãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹ã“ã¨ã‚’通知ã—ã¾ã™ã€‚アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãれをノンブロッキングUDPソケットã¨å…±ã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€wolfSSL_dtls_set_using_nonblock()を呼ã³å‡ºã—ã¦ãã ã•ã„。ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€EWOULDBLOCKã‚’å—ã‘å–ã‚‹ã“ã¨ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã§ã¯ãªãã€recvfrom呼ã³å‡ºã—ãŒãƒ–ロックã™ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã¨èªè­˜ã§ãã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸDTLSセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param nonblock WOLFSSLオブジェクトã®ãƒŽãƒ³ãƒ–ロッキングフラグを設定ã™ã‚‹ãŸã‚ã®å€¤ã€‚ノンブロッキングを指定ã™ã‚‹å ´åˆã¯1ã‚’ã€ãã†ã§ãªã„å ´åˆã¯0を使用ã—ã¦ãã ã•ã„。 _Example_ \code @@ -2835,19 +2911,19 @@ ... wolfSSL_dtls_set_using_nonblock(ssl, 1); \endcode + \sa wolfSSL_dtls_get_using_nonblock \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_get_current_timeout */ void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSL DTLSオブジェクトãŒä¸‹å±¤ã«UDPノンブロッキングI/Oを使用ã—ã¦ã„ã‚‹ã‹å¦ã‹ã‚’å–å¾—ã—ã¾ã™ã€‚ - WOLFSSLオブジェクトãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ã€‚ - ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€EWOULDBLOCKã‚’å—ä¿¡ã™ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã¯DTLSセッションã«ã¨ã£ã¦ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ - \return 0 基礎ã¨ãªã‚‹I/OãŒãƒ–ロックã•れã¦ã„ã¾ã™ã€‚ - \return 1 基礎ã¨ãªã‚‹I/Oã¯ãƒŽãƒ³ãƒ–ロッキングã§ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã«ã‚ˆã‚Šã€ã‚¢ãƒ—リケーションã¯wolfSSLãŒUDPã§ãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’判定ã§ãã¾ã™ã€‚wolfSSLãŒãƒŽãƒ³ãƒ–ロッキングI/Oを使用ã—ã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã€ãれ以外ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚アプリケーションãŒWOLFSSLオブジェクトを作æˆã—ãŸå¾Œã€ãれをノンブロッキングUDPソケットã¨å…±ã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€wolfSSL_dtls_set_using_nonblock()を呼ã³å‡ºã—ã¦ãã ã•ã„。ã“れã«ã‚ˆã‚Šã€WOLFSSLオブジェクトã¯ã€EWOULDBLOCKã‚’å—ã‘å–ã‚‹ã“ã¨ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã§ã¯ãªãã€recvfrom呼ã³å‡ºã—ãŒãƒ–ロックã™ã‚‹ã“ã¨ã‚’æ„味ã™ã‚‹ã¨èªè­˜ã§ãã¾ã™ã€‚ã“ã®é–¢æ•°ã¯DTLSセッションã«ã®ã¿æ„味ãŒã‚りã¾ã™ã€‚ + + \return 0 下層ã®I/OãŒãƒ–ロッキングã§ã™ã€‚ + \return 1 下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã§ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸDTLSセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2856,22 +2932,23 @@ ... ret = wolfSSL_dtls_get_using_nonblock(ssl); if (ret == 1) { - // underlying I/O is non-blocking + // 下層ã®I/Oã¯ãƒŽãƒ³ãƒ–ロッキング } ... \endcode + \sa wolfSSL_dtls_set_using_nonblock \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_set_using_nonblock */ int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl); /*! - \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã‚’ç§’å˜ä½ã§è¿”ã—ã¾ã™ã€‚ - ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚³ãƒ¼ãƒ‰ã§ã¯ã€åˆ©ç”¨å¯èƒ½ãªrecvVデータã®åˆ°ç€ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã‚¿ã‚¤ãƒŸãƒ³ã‚°ã‚„å¾…ã¤ã¹ã時間を知る必è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ã«ã‚ˆã£ã¦è¿”ã•れる値ã¯ã€ã‚¢ãƒ—リケーションãŒã©ã®ãらã„待機ã™ã‚‹ã‹ã‚’示ã—ã¾ã™ã€‚ - \return seconds ç¾åœ¨ã®DTLSタイムアウト値(秒) - \return NOT_COMPILED_IN wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã§æ§‹ç¯‰ã•れã¦ã„ãªã„å ´åˆã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSLオブジェクトã®ç¾åœ¨ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã‚’ç§’å˜ä½ã§è¿”ã—ã¾ã™ã€‚ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã€ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ¼ãƒ‰å†…ã®ä½•ã‹ãŒã€åˆ©ç”¨å¯èƒ½ãªå—信データをã„ã¤ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã‹ã€ãŠã‚ˆã³ã©ã®ãらã„待機ã—ã¦ã„ã‚‹ã‹ã‚’決定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ãŒè¿”ã™å€¤ã¯ã€ã‚¢ãƒ—リケーションãŒã©ã®ãらã„待機ã™ã¹ãã‹ã‚’示ã—ã¾ã™ã€‚ + + \return seconds ç¾åœ¨ã®DTLSタイムアウト値(ç§’å˜ä½)。 + \return NOT_COMPILED_IN wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ãƒ“ルドã•れã¦ã„ãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -2879,26 +2956,21 @@ WOLFSSL* ssl; ... timeout = wolfSSL_get_dtls_current_timeout(ssl); - printf(“DTLS timeout (sec) = %d\nâ€, timeout); + printf("DTLS timeout (sec) = %d\n", timeout); \endcode + \sa wolfSSL_dtls \sa wolfSSL_dtls_get_peer \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_set_peer */ int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl); - /*! - \brief ã“ã®é–¢æ•°ã¯ã‚¢ãƒ—リケーションãŒã‚ˆã‚Šæ—©ã„タイムアウト時間を設定ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«trueã‚’è¿”ã—ã¾ã™ã€‚ - ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã§ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚³ãƒ¼ãƒ‰ã§å—信データãŒåˆ°ç€ã—ã¦ã„ã‚‹ã‹ä½•時ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã‹ã€ - ã‚ã‚‹ã„ã¯ã©ã®ãらã„ã®æ™‚é–“å¾…ã¦ã°ã‚ˆã„ã®ã‹ã‚’決ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒ true ã‚’è¿”ã—ãŸå ´åˆã€ãƒ©ã‚¤ãƒ–ラリã¯ã™ã§ã«é€šä¿¡ã®ä¸­æ–­ã‚’検出ã—ã¾ã—ãŸãŒã€ - ä»–ã®ãƒ”ã‚¢ã‹ã‚‰ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã¾ã é€ä¿¡ä¸­ã®å ´åˆã«å‚™ãˆã¦ã€ã‚‚ã†å°‘ã—待機ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - ã“ã®ã‚¿ã‚¤ãƒžãƒ¼ã®å€¤ã‚’微調整ã™ã‚‹ã®ã¯ã‚¢ãƒ—リケーション次第ã§ã™ãŒã€dtls_get_current_timeout()/4ãŒæœ€é©ã§ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚ˆã‚ŠçŸ­ã„タイムアウトを設定ã™ã¹ãå ´åˆã«trueã‚’è¿”ã—ã¾ã™ã€‚ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã€ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ¼ãƒ‰å†…ã®ä½•ã‹ãŒã€åˆ©ç”¨å¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ã‚’ã„ã¤ãƒã‚§ãƒƒã‚¯ã™ã‚‹ã‹ã€ãŠã‚ˆã³ã©ã®ãらã„待機ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã‹ã‚’決定ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ãŒtrueã‚’è¿”ã™å ´åˆã€ãƒ©ã‚¤ãƒ–ラリã¯ã™ã§ã«é€šä¿¡ã®ä¸­æ–­ã‚’検出ã—ã¦ã„ã¾ã™ãŒã€ä»–ã®ãƒ”ã‚¢ã‹ã‚‰ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã¾ã è»¢é€ä¸­ã§ã‚ã‚‹å¯èƒ½æ€§ã«å‚™ãˆã¦ã€ã‚‚ã†å°‘ã—待機ã—ãŸã„ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ã“ã®ã‚¿ã‚¤ãƒžãƒ¼ã®å€¤ã‚’微調整ã™ã‚‹ã®ã¯ã‚¢ãƒ—リケーション次第ã§ã‚りã€é©åˆ‡ãªå€¤ã¯dtls_get_current_timeout() / 4ã‹ã‚‚ã—れã¾ã›ã‚“。 - \return true アプリケーションãŒã‚ˆã‚Šæ—©ã„タイムアウトを設定ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return true アプリケーションコードãŒã‚ˆã‚ŠçŸ­ã„タイムアウトを設定ã™ã¹ãå ´åˆã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_dtls \sa wolfSSL_dtls_get_peer @@ -2910,14 +2982,10 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ©ã‚¤ãƒ–ラリãŒä¸­æ–­ã‚’検出ã—ãŸã¨ãã«ã™ãã«ä»–ã®ãƒ”ã‚¢ã«ACKã‚’é€ä¿¡ã™ã‚‹ã‹ã©ã†ã‹ã‚’設定ã—ã¾ã™ã€‚ - ACKã‚’ã™ãã«é€ä¿¡ã™ã‚‹ã¨ã€é…å»¶ã¯æœ€å°é™ã«æŠ‘ãˆã‚‰ã‚Œã¾ã™ãŒã€å¿…è¦ä»¥ä¸Šã«å¤šãã®å¸¯åŸŸå¹…ãŒæ¶ˆè²»ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - アプリケーションãŒç‹¬è‡ªã«ã‚¿ã‚¤ãƒžãƒ¼ã‚’管ç†ã—ã¦ãŠã‚Šã€ã“ã®ã‚ªãƒ—ションãŒ0ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ - アプリケーションコードã¯wolfSSL_dtls13_use_quick_timeout()を使用ã—ã¦ã€ - é…å»¶ã—ãŸACKã‚’é€ä¿¡ã™ã‚‹ãŸã‚ã«ã‚ˆã‚Šé€Ÿã„タイムアウトを設定ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ã‹ã©ã†ã‹ã‚’判断ã§ãã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ä¸­æ–­ã‚’検出ã—ãŸã¨ãã«ãƒ©ã‚¤ãƒ–ラリãŒACKã‚’ä»–ã®ãƒ”ã‚¢ã«å³åº§ã«é€ä¿¡ã™ã¹ãã‹ã©ã†ã‹ã‚’設定ã—ã¾ã™ã€‚ACKã‚’å³åº§ã«é€ä¿¡ã™ã‚‹ã¨æœ€å°ã®ãƒ¬ã‚¤ãƒ†ãƒ³ã‚·ãŒä¿è¨¼ã•れã¾ã™ãŒã€å¿…è¦ä»¥ä¸Šã«å¸¯åŸŸå¹…を消費ã™ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚アプリケーションãŒè‡ªåˆ†ã§ã‚¿ã‚¤ãƒžãƒ¼ã‚’管ç†ã—ã€ã“ã®ã‚ªãƒ—ションãŒ0ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚¢ãƒ—リケーションコードã¯wolfSSL_dtls13_use_quick_timeout()を使用ã—ã¦ã€ã“れらã®é…å»¶ACKã‚’é€ä¿¡ã™ã‚‹ãŸã‚ã«ã‚ˆã‚ŠçŸ­ã„タイムアウトを設定ã™ã¹ãã‹ã©ã†ã‹ã‚’判定ã§ãã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param value 設定を行ã†å ´åˆã«ã¯ï¼‘を行ã‚ãªã„å ´åˆã«ã¯0を設定ã—ã¾ã™ã€‚ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param value オプションを設定ã™ã‚‹å ´åˆã¯1ã€ã‚ªãƒ—ションを無効ã«ã™ã‚‹å ´åˆã¯0。 \sa wolfSSL_dtls \sa wolfSSL_dtls_get_peer @@ -2929,11 +2997,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯DTLSタイムアウトを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚SSLã®DTLS_TIMEOUT_INITã¨DTLS_TIMEOUTメンãƒãƒ¼ãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数sslãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆãŒ0以下ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚タイムアウト引数ãŒè¨±å¯ã•れã¦ã„る最大値を超ãˆã¦ã„ã‚‹å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param value タイムアウトオプションを有効ã«ã™ã‚‹å ´åˆã«ã¯1を指定ã—ã€ç„¡åйã«ã™ã‚‹å ´åˆã«ã¯0を指定ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯dtlsタイムアウトを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚SSLã®dtls_timeout_initãŠã‚ˆã³dtls_timeoutメンãƒãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã§ã‚ã‚‹ã‹ã€ã¾ãŸã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆãŒ0より大ãããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€timeout引数ãŒè¨±å®¹ã•れる最大値を超ãˆã‚‹å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param timeout WOLFSSL構造体ã®dtls_timeout_initメンãƒã«è¨­å®šã•れるintåž‹ã®å€¤ã€‚ _Example_ \code @@ -2942,22 +3013,25 @@ int timeout = TIMEOUT; ... if(wolfSSL_dtls_set_timeout_init(ssl, timeout)){ - // the dtls timeout was set + // dtlsタイムアウトãŒè¨­å®šã•れ㟠} else { - // Failed to set DTLS timeout. + // DTLSタイムアウトã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_dtls_set_timeout_max \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout); /*! - \brief - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯TIMEOUT引数ãŒã‚¼ãƒ­ä»¥ä¸‹ã§ã‚ã‚‹å ´åˆã€ã¾ãŸã¯WolfSSL構造体ã®DTLS_TIMEOUT_INITメンãƒãƒ¼ã‚ˆã‚Šã‚‚å°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param timeout 最大タイムアウト時間 + \brief ã“ã®é–¢æ•°ã¯æœ€å¤§dtlsタイムアウトを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã§ã‚ã‚‹ã‹ã€timeout引数ãŒ0より大ãããªã„ã‹ã€ã¾ãŸã¯WOLFSSL構造体ã®dtls_timeout_initメンãƒã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param timeout dtls最大タイムアウトを表ã™intåž‹ã®å€¤ã€‚ _Example_ \code @@ -2967,28 +3041,31 @@ ... int ret = wolfSSL_dtls_set_timeout_max(ssl); if(!ret){ - // Failed to set the max timeout + // 最大タイムアウトã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_dtls_set_timeout_init \sa wolfSSL_dtls_got_timeout */ -int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int); +int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout); /*! - \brief DTLSã§ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯é€ä¿¡ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸã¨è€ƒãˆã‚‰ã‚Œã‚‹å ´åˆã«å‘¼ã³å‡ºã•れる必è¦ãŒã‚りã¾ã™ã€‚ - タイムアウト値ã®èª¿æ•´ãªã©ã€æœ€å¾Œã®é€ä¿¡ã‚’å†è©¦è¡Œã™ã‚‹ãŸã‚ã«å¿…è¦ãªã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã‚’実行ã—ã¾ã™ã€‚ 時間ãŒã‹ã‹ã‚Šã™ãŽã‚‹ã¨ã€å¤±æ•—ãŒè¿”ã•れã¾ã™ã€‚ + \brief DTLSã§ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€åˆ¶å¾¡ã‚³ãƒ¼ãƒ‰ãŒé€ä¿¡ãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸã¨åˆ¤æ–­ã—ãŸã¨ãã«ã€ã“ã®é–¢æ•°ã‚’WOLFSSLオブジェクトã«å¯¾ã—ã¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã®èª¿æ•´ã‚’å«ã‚ã€æœ€å¾Œã®é€ä¿¡ã‚’å†è©¦è¡Œã™ã‚‹ãŸã‚ã«å¿…è¦ãªã‚¢ã‚¯ã‚·ãƒ§ãƒ³ã‚’実行ã—ã¾ã™ã€‚時間ãŒçµŒéŽã—ã™ãŽãŸå ´åˆã€å¤±æ•—ãŒè¿”ã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«æˆ»ã‚Šã¾ã™ - \return SSL_FATAL_ERROR ピアã‹ã‚‰ã®å¿œç­”ã‚’å¾—ã‚‹ã“ã¨ãªãã€å†é€ä¿¡/タイムアウトãŒå¤šã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR ピアã‹ã‚‰ã®å¿œç­”ãªã—ã§å†é€ä¿¡ã¾ãŸã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆãŒå¤šã™ãŽãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - See the following files for usage examples: + 使用例ã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã®ãƒ•ァイルをå‚ç…§ã—ã¦ãã ã•ã„: /examples/client/client.c /examples/server/server.c \endcode + \sa wolfSSL_dtls_get_current_timeout \sa wolfSSL_dtls_get_peer \sa wolfSSL_dtls_set_peer @@ -2997,12 +3074,12 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl); /*! - \brief DTLSã§ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯äºˆæƒ³ã•れるタイムアウト値ã¨å†é€ä¿¡å›žæ•°ã‚’無視ã—ã¦æœ€å¾Œã®ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ•ライトをå†é€ä¿¡ã—ã¾ã™ã€‚ - ã“れã¯ã€DTLSを使用ã—ã¦ãŠã‚Šã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚„å†è©¦è¡Œå›žæ•°ã‚‚管ç†ã™ã‚‹å¿…è¦ãŒã‚るアプリケーションã«å½¹ç«‹ã¡ã¾ã™ã€‚ + \brief DTLSã§ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯äºˆæƒ³ã•れるタイムアウト値ã¨å†é€ä¿¡ã‚«ã‚¦ãƒ³ãƒˆã‚’無視ã—ã¦ã€æœ€å¾Œã®ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ•ライトをå†é€ä¿¡ã—ã¾ã™ã€‚ã“れã¯ã€DTLSを使用ã—ã¦ã„ã¦ã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã¨å†è©¦è¡Œå›žæ•°ã•ãˆã‚‚管ç†ã™ã‚‹å¿…è¦ãŒã‚るアプリケーションã«å½¹ç«‹ã¡ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«æˆ»ã‚Šã¾ã™ - \return SSL_FATAL_ERROR ピアã‹ã‚‰ã®å¿œç­”ãŒå¾—られãªã„ã¾ã¾å†é€ä¿¡/タイムアウトãŒå¤šã™ãŽã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR ピアã‹ã‚‰ã®å¿œç­”ãªã—ã§å†é€ä¿¡ã¾ãŸã¯ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆãŒå¤šã™ãŽãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3019,9 +3096,12 @@ int wolfSSL_dtls_retransmit(WOLFSSL* ssl); /*! - \brief DTLSを使用ã™ã‚‹ã‚ˆã†ã«æ§‹æˆã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return 1 SSLセッション(SSL)ãŒDTLSを使用ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 ãã†ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションãŒDTLSを使用ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’判定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 1 SSLセッション(ssl)ãŒDTLSを使用ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 ãれ以外ã®å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3030,9 +3110,10 @@ ... ret = wolfSSL_dtls(ssl); if (ret) { - // SSL session has been configured to use DTLS + // SSLセッションã¯DTLSを使用ã™ã‚‹ã‚ˆã†ã«è¨­å®šã•れã¦ã„ã‚‹ } \endcode + \sa wolfSSL_dtls_get_current_timeout \sa wolfSSL_dtls_get_peer \sa wolfSSL_dtls_got_timeout @@ -3041,13 +3122,15 @@ int wolfSSL_dtls(WOLFSSL* ssl); /*! - \brief ã“ã®é–¢æ•°ã¯å¼•æ•°peerã§ä¸Žãˆã‚‰ã‚Œã‚‹ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’DTLSã®ãƒ”ã‚¢ã¨ã—ã¦ã‚»ãƒƒãƒˆã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSをサãƒãƒ¼ãƒˆã™ã‚‹ã‚ˆã†ã«ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param peer ピアã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’å«ã‚€sockaddr_in構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param peerSz sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã€‚0ãŒæŒ‡å®šã•れãŸå ´åˆã«ã¯sslã«è¨­å®šã•れã¦ã„ã‚‹ãƒ”ã‚¢ã®æƒ…報をクリアã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€DTLSピアpeer(sockaddr_in)をサイズpeerSzã§è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peer ピアã®sockaddr_in構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã®å ´åˆã€ssl内ã®ãƒ”ア情報ãŒã‚¯ãƒªã‚¢ã•れã¾ã™ã€‚ + \param peerSz peerãŒæŒ‡ã™sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã€‚0ã®å ´åˆã€ssl内ã®ãƒ”ア情報ãŒã‚¯ãƒªã‚¢ã•れã¾ã™ã€‚ _Example_ \code @@ -3057,10 +3140,12 @@ ... ret = wolfSSL_dtls_set_peer(ssl, &addr, sizeof(addr)); if (ret != SSL_SUCCESS) { - // failed to set DTLS peer + // DTLSピアã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_dtls_get_current_timeout + \sa wolfSSL_dtls_set_pending_peer \sa wolfSSL_dtls_get_peer \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls @@ -3068,15 +3153,15 @@ int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); /*! - \brief ã“ã®é–¢æ•°ã¯ã€ç¾åœ¨ã®DTLSピアã®sockaddr_in(サイズpeerSz)ã‚’å–å¾—ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã¯ã€peerSzã‚’SSLセッションã«ä¿å­˜ã•れã¦ã„る実際ã®DTLSãƒ”ã‚¢ã‚µã‚¤ã‚ºã¨æ¯”較ã—ã¾ã™ã€‚ - ピアアドレスãŒpeerã«åŽã¾ã‚‹å ´åˆã¯ã€peerSzãŒãƒ”ã‚¢ã®ã‚µã‚¤ã‚ºã«è¨­å®šã•れã¦ã€ãƒ”ã‚¢ã®sockaddr_inãŒpeerã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSをサãƒãƒ¼ãƒˆã™ã‚‹ã‚ˆã†ã«ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param peer ピアã®sockaddr_in構造体をä¿å­˜ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param peerSz サイズを格ç´ã™ã‚‹å¤‰æ•°ã€‚入力時ã«ã¯å¼•æ•°peerã§ç¤ºã•れるãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã—ã¦ãã ã•ã„。出力時ã«ã¯å®Ÿéš›ã®sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ä¿ç•™ä¸­ã®DTLSピアpeer(sockaddr_in)をサイズpeerSzã§è¨­å®šã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€æ¬¡ã®ãƒ¬ã‚³ãƒ¼ãƒ‰ã®ä¿è­·ã‚’正常ã«è§£é™¤ã—ãŸã¨ãã«é€šå¸¸ã®ãƒ”ã‚¢ã«ã‚¢ãƒƒãƒ—グレードã•れるä¿ç•™ä¸­ã®ãƒ”ã‚¢ãŒè¨­å®šã•れã¾ã™ã€‚ã“れã¯ã€ãƒ”ã‚¢ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ãŒå¤‰æ›´ã•れるå¯èƒ½æ€§ãŒã‚るシナリオã§ã€ã‚ªãƒ•パス攻撃者ãŒãƒ”アアドレスを変更ã™ã‚‹ã®ã‚’防ãã®ã«å½¹ç«‹ã¡ã¾ã™ã€‚ã“れã¯ã€æ–°ã—ã„ピアアドレスã¸ã®ã‚·ãƒ¼ãƒ ãƒ¬ã‚¹ã§å®‰å…¨ãªç§»è¡Œã‚’å¯èƒ½ã«ã™ã‚‹ãŸã‚ã«ã€Connection IDã¨å…±ã«ä½¿ç”¨ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peer ピアã®sockaddr_in構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã®å ´åˆã€ssl内ã®ãƒ”ア情報ãŒã‚¯ãƒªã‚¢ã•れã¾ã™ã€‚ + \param peerSz peerãŒæŒ‡ã™sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã€‚0ã®å ´åˆã€ssl内ã®ãƒ”ア情報ãŒã‚¯ãƒªã‚¢ã•れã¾ã™ã€‚ _Example_ \code @@ -3084,11 +3169,43 @@ WOLFSSL* ssl; sockaddr_in addr; ... - ret = wolfSSL_dtls_get_peer(ssl, &addr, sizeof(addr)); + ret = wolfSSL_dtls_set_pending_peer(ssl, &addr, sizeof(addr)); if (ret != SSL_SUCCESS) { - // failed to get DTLS peer + // DTLSピアã®è¨­å®šã«å¤±æ•— } \endcode + + \sa wolfSSL_dtls_get_current_timeout + \sa wolfSSL_dtls_set_peer + \sa wolfSSL_dtls_get_peer + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls +*/ +int wolfSSL_dtls_set_pending_peer(WOLFSSL* ssl, void* peer, + unsigned int peerSz); + +/*! + \brief ã“ã®é–¢æ•°ã¯ã€ç¾åœ¨ã®DTLSピアã®sockaddr_in(サイズpeerSz)ã‚’å–å¾—ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯peerSzã‚’ã€SSLã‚»ãƒƒã‚·ãƒ§ãƒ³ã«æ ¼ç´ã•れã¦ã„る実際ã®DTLSãƒ”ã‚¢ã‚µã‚¤ã‚ºã¨æ¯”較ã—ã¾ã™ã€‚ピアãŒpeerã«åŽã¾ã‚‹å ´åˆã€ãƒ”ã‚¢ã®sockaddr_inãŒpeerã«ã‚³ãƒ”ーã•れã€peerSzãŒpeerã®ã‚µã‚¤ã‚ºã«è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peer ピアã®sockaddr_in構造体を格ç´ã™ã‚‹ãƒ¡ãƒ¢ãƒªä½ç½®ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peerSz 入出力サイズ。入力ã¨ã—ã¦ã€peerãŒæŒ‡ã™å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚ºã€‚出力ã¨ã—ã¦ã€peerãŒæŒ‡ã™å®Ÿéš›ã®sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã€‚ + + _Example_ + \code + int ret = 0; + WOLFSSL* ssl; + sockaddr_in addr; + ... ret = wolfSSL_dtls_get_peer(ssl, &addr, sizeof(addr)); + if (ret != SSL_SUCCESS) { + // DTLSピアã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠+ } + \endcode + \sa wolfSSL_dtls_get_current_timeout \sa wolfSSL_dtls_got_timeout \sa wolfSSL_dtls_set_peer @@ -3097,15 +3214,47 @@ int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); /*! + \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®DTLSピアã®sockaddr_in(サイズpeerSz)をå–å¾—ã—ã¾ã™ã€‚ã“れã¯wolfSSL_dtls_get_peer()ã®ã‚¼ãƒ­ã‚³ãƒ”ー代替ã§ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_NOT_IMPLEMENTED wolfSSLãŒDTLSサãƒãƒ¼ãƒˆã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peer ãƒ”ã‚¢ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ä¿æŒã™ã‚‹å†…部ãƒãƒƒãƒ•ã‚¡ã‚’è¿”ã™ãŸã‚ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peerSz peerãŒæŒ‡ã™å®Ÿéš›ã®sockaddr_in構造体ã®ã‚µã‚¤ã‚ºã‚’出力ã—ã¾ã™ã€‚ + + _Example_ + \code + int ret = 0; + WOLFSSL* ssl; + sockaddr_in* addr; + unsigned int addrSz; + ... + ret = wolfSSL_dtls_get_peer(ssl, &addr, &addrSz); + if (ret != SSL_SUCCESS) { + // DTLSピアã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠+ } + \endcode + + \sa wolfSSL_dtls_get_current_timeout + \sa wolfSSL_dtls_got_timeout + \sa wolfSSL_dtls_set_peer + \sa wolfSSL_dtls +*/ +int wolfSSL_dtls_get0_peer(WOLFSSL* ssl, const void** peer, + unsigned int* peerSz); + +/*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’より人間ãŒèª­ã‚るエラー文字列ã«å¤‰æ›ã—ã¾ã™ã€‚ - 引数errNumberã¯ã€wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れã€å¼•æ•°dataã¯ã‚¨ãƒ©ãƒ¼æ–‡å­—列ãŒé…ç½®ã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ - MAX_ERROR_SZã§å®šç¾©ã•れã¦ã„るよã†ã«ã€ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§é•·ã¯ãƒ‡ãƒ•ォルトã§80文字ã§ã™ã€‚ - ã“れã¯wolfssl/wolfcrypt/error.hã§å®šç¾©ã•れã¦ã„ã¾ã™ã€‚ - \return success 正常ã«å®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯dataã«è¿”ã•れるã®ã¨åŒã˜æ–‡å­—列を返ã—ã¾ã™ã€‚ - \return failure 失敗ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯é©åˆ‡ãªéšœå®³ç†ç”±ã€MSGã‚’æŒã¤æ–‡å­—列を返ã—ã¾ã™ã€‚ - \param errNumber wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ - \param data 人間ãŒèª­ã‚るエラー文字列を格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’ã€ã‚ˆã‚Šäººé–“ãŒèª­ã¿ã‚„ã™ã„エラー文字列ã«å¤‰æ›ã—ã¾ã™ã€‚errNumberã¯wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã§ã‚りã€dataã¯ã‚¨ãƒ©ãƒ¼æ–‡å­—列ãŒé…ç½®ã•れる格ç´ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚dataã®æœ€å¤§é•·ã¯ãƒ‡ãƒ•ォルトã§80文字ã§ã‚りã€wolfssl/wolfcrypt/error.hã®MAX_ERROR_SZã§å®šç¾©ã•れã¦ã„ã¾ã™ã€‚ + + \return success 正常ã«å®Œäº†ã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯dataã§è¿”ã•れるã®ã¨åŒã˜æ–‡å­—列を返ã—ã¾ã™ã€‚ + \return failure 失敗時ã«ã¯ã€ã“ã®é–¢æ•°ã¯é©åˆ‡ãªå¤±æ•—ç†ç”±msgã‚’å«ã‚€æ–‡å­—列を返ã—ã¾ã™ã€‚ + + \param errNumber wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + \param data errNumberã«ä¸€è‡´ã™ã‚‹äººé–“ãŒèª­ã¿ã‚„ã™ã„エラー文字列をå«ã‚€å‡ºåŠ›ãƒãƒƒãƒ•ァ。 _Example_ \code @@ -3115,8 +3264,9 @@ ... err = wolfSSL_get_error(ssl, 0); wolfSSL_ERR_error_string(err, buffer); - printf(“err = %d, %s\nâ€, err, buffer); + printf("err = %d, %s\n", err, buffer); \endcode + \sa wolfSSL_get_error \sa wolfSSL_ERR_error_string_n \sa wolfSSL_ERR_print_errors_fp @@ -3126,15 +3276,14 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_err_error_string()ã®ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã™ã‚‹ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã™ã€‚ - ã“ã“ã§ã€å¼•æ•°lenã¯å¼•æ•°bufã«æ›¸ãè¾¼ã¾ã‚Œå¾—る最大文字数を指定ã—ã¾ã™ã€‚ - wolfSSL_err_error_string()ã¨åŒæ§˜ã«ã€ã“ã®é–¢æ•°ã¯wolfSSL_get_error()ã‹ã‚‰è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’より人間ãŒèª­ã‚るエラー文字列ã«å¤‰æ›ã—ã¾ã™ã€‚ - 人間ãŒèª­ã‚る文字列ã¯bufã«ç½®ã‹ã‚Œã¾ã™ã€‚ - \return ãªã— - \param e wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ - \param buff eã¨ä¸€è‡´ã™ã‚‹äººé–“ãŒèª­ã‚るエラー文字列をå«ã‚€å‡ºåŠ›ãƒãƒƒãƒ•ァ。 - \param len 出力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \brief ã“ã®é–¢æ•°ã¯wolfSSL_ERR_error_string()ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã‚りã€lenã¯bufã«æ›¸ãè¾¼ã¾ã‚Œã‚‹æœ€å¤§æ–‡å­—数を指定ã—ã¾ã™ã€‚wolfSSL_ERR_error_string()ã¨åŒæ§˜ã«ã€ã“ã®é–¢æ•°ã¯wolfSSL_get_error()ã‹ã‚‰è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’より人間ãŒèª­ã¿ã‚„ã™ã„エラー文字列ã«å¤‰æ›ã—ã¾ã™ã€‚人間ãŒèª­ã¿ã‚„ã™ã„文字列ã¯bufã«é…ç½®ã•れã¾ã™ã€‚ + + \return none 返り値ã¯ã‚りã¾ã›ã‚“。 + + \param e wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + \param buff eã«ä¸€è‡´ã™ã‚‹äººé–“ãŒèª­ã¿ã‚„ã™ã„エラー文字列をå«ã‚€å‡ºåŠ›ãƒãƒƒãƒ•ァ。 + \param len bufã«æ›¸ãè¾¼ã¾ã‚Œã‚‹æœ€å¤§æ–‡å­—数。 _Example_ \code @@ -3144,60 +3293,68 @@ ... err = wolfSSL_get_error(ssl, 0); wolfSSL_ERR_error_string_n(err, buffer, 80); - printf(“err = %d, %s\nâ€, err, buffer); + printf("err = %d, %s\n", err, buffer); \endcode + \sa wolfSSL_get_error \sa wolfSSL_ERR_error_string \sa wolfSSL_ERR_print_errors_fp \sa wolfSSL_load_error_strings */ void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, - unsigned long sz); + unsigned long len); /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€Options構造体ã®closeNotifyã¾ãŸã¯connResetã¾ãŸã¯sentNotifyメンãƒãƒ¼ã®ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³æ¡ä»¶ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ - Options構造体ã¯WOLFSSL構造体内ã«ã‚りã¾ã™ã€‚ - \return 1 SSL_SENT_SHUTDOWNãŒè¿”ã•れã¾ã™ã€‚ - \return 2 SSL_RECEIVED_SHUTDOWNãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯Options構造体ã®closeNotifyã€connResetã€ã¾ãŸã¯sentNotifyメンãƒã®ã‚·ãƒ£ãƒƒãƒˆãƒ€ã‚¦ãƒ³æ¡ä»¶ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚Options構造体ã¯WOLFSSL構造体内ã«ã‚りã¾ã™ã€‚ + + \return 1 SSL_SENT_SHUTDOWNãŒè¿”ã•れã¾ã™ã€‚ + \return 2 SSL_RECEIVED_SHUTDOWNãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®å®šæ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code #include - WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method ); WOLFSSL* ssl = WOLFSSL_new(ctx); … int ret; ret = wolfSSL_get_shutdown(ssl); if(ret == 1){ - SSL_SENT_SHUTDOWN + // SSL_SENT_SHUTDOWN } else if(ret == 2){ - SSL_RECEIVED_SHUTDOWN + // SSL_RECEIVED_SHUTDOWN } else { - Fatal error. + // 致命的エラー。 } \endcode + \sa wolfSSL_SESSION_free */ int wolfSSL_get_shutdown(const WOLFSSL* ssl); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ã‚ªãƒ—ション構造体ã®å†é–‹ãƒ¡ãƒ³ãƒã‚’è¿”ã—ã¾ã™ã€‚フラグã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’å†åˆ©ç”¨ã™ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã¾ã™ã€‚ãã†ã§ãªã‘れã°ã€æ–°ã—ã„セッションを確立ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return This 関数セッションã®å†åˆ©ç”¨ã®ãƒ•ラグを表ã™ã‚ªãƒ—ション構造ã«ä¿æŒã•れã¦ã„ã‚‹int型を返ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯options構造体ã®resumingメンãƒã‚’è¿”ã—ã¾ã™ã€‚ã“ã®ãƒ•ラグã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’å†åˆ©ç”¨ã™ã‚‹ã‹ã©ã†ã‹ã‚’示ã—ã¾ã™ã€‚å†åˆ©ç”¨ã—ãªã„å ´åˆã€æ–°ã—ã„セッションを確立ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³å†åˆ©ç”¨ã®ãƒ•ラグを表ã™Options構造体ã«ä¿æŒã•れãŸint型を返ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); … if(!wolfSSL_session_reused(sslResume)){ - // No session reuse allowed. + // セッションå†åˆ©ç”¨ã¯è¨±å¯ã•れã¦ã„ã¾ã›ã‚“。 } \endcode + \sa wolfSSL_SESSION_free \sa wolfSSL_GetSessionIndex \sa wolfSSL_memsave_session_cache @@ -3206,12 +3363,15 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€æŽ¥ç¶šãŒç¢ºç«‹ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚ - \return 0 接続ãŒç¢ºç«‹ã•れã¦ã„ãªã„å ´åˆã€ã™ãªã‚ã¡WolfSSL構造体ãŒNULLã¾ãŸã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒè¡Œã‚れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return 1 接続ãŒç¢ºç«‹ã•れã¦ã„ãªã„å ´åˆã¯è¿”ã•れã¾ã™.WolfSSL構造体ã¯NULLã¾ãŸã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒè¡Œã‚れã¦ã„ã¾ã›ã‚“。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - _Example_ + \brief ã“ã®é–¢æ•°ã¯æŽ¥ç¶šãŒç¢ºç«‹ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 0 接続ãŒç¢ºç«‹ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€ã¤ã¾ã‚ŠWOLFSSL構造体ãŒNULLã¾ãŸã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã¦ã„ãªã„å ´åˆã€‚ + \return 1 接続ãŒç¢ºç«‹ã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€ã¤ã¾ã‚ŠWOLFSSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã¦ã„ã‚‹å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _EXAMPLE_ \code #include @@ -3219,63 +3379,72 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_is_init_finished(ssl)){ - Handshake is done and connection is established + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã€æŽ¥ç¶šãŒç¢ºç«‹ã•れã¦ã„ã¾ã™ } \endcode + \sa wolfSSL_set_accept_state \sa wolfSSL_get_keys \sa wolfSSL_set_shutdown */ -int wolfSSL_is_init_finished(WOLFSSL* ssl); +int wolfSSL_is_init_finished(const WOLFSSL* ssl); /*! \ingroup IO - \brief 文字列ã¨ã—ã¦ä½¿ç”¨ã•れã¦ã„ã‚‹SSLãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ - \return "SSLv3" SSLv3を使ㆠ- \return "TLSv1" TLSV1を使用ã™ã‚‹ - \return "TLSv1.1" TLSV1.1を使用ã™ã‚‹ - \return "TLSv1.2" TLSV1.2を使用ã™ã‚‹ - \return "TLSv1.3" TLSV1.3を使用ã™ã‚‹ - \return "DTLS": DTLSを使ㆠ- \return "DTLSv1.2" DTLSV1.2を使用ã™ã‚‹ - \return "unknown" ã©ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®TLSãŒä½¿ç”¨ã•れã¦ã„ã‚‹ã‹ã‚’判断ã™ã‚‹ã¨ã„ã†å•題ãŒã‚りã¾ã—ãŸã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief 使用ã•れã¦ã„ã‚‹SSLãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’文字列ã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \return "SSLv3" SSLv3を使用ã—ã¦ã„ã¾ã™ + \return "TLSv1" TLSv1を使用ã—ã¦ã„ã¾ã™ + \return "TLSv1.1" TLSv1.1を使用ã—ã¦ã„ã¾ã™ + \return "TLSv1.2" TLSv1.2を使用ã—ã¦ã„ã¾ã™ + \return "TLSv1.3" TLSv1.3を使用ã—ã¦ã„ã¾ã™ + \return "DTLS" DTLSを使用ã—ã¦ã„ã¾ã™ + \return "DTLSv1.2" DTLSv1.2を使用ã—ã¦ã„ã¾ã™ + \return "unknown" 使用ã•れã¦ã„ã‚‹TLSã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’判定ã™ã‚‹éš›ã«å•題ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; WOLFSSL* ssl; - WOLFSSL_METHOD method = // Some wolfSSL method + WOLFSSL_METHOD method = // 何らã‹ã®wolfSSLメソッド ctx = wolfSSL_CTX_new(method); ssl = wolfSSL_new(ctx); printf(wolfSSL_get_version("Using version: %s", ssl)); \endcode + \sa wolfSSL_lib_version */ const char* wolfSSL_get_version(WOLFSSL* ssl); /*! \ingroup IO - \brief SSLセッションã§ç¾åœ¨ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \return ssl->options.cipherSuite ç¾åœ¨ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’è¡¨ã™æ•´æ•°ã€‚ - \return 0 æä¾›ã•れã¦ã„ã‚‹SSLセッションã¯NULLã§ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief sslセッションãŒä½¿ç”¨ã—ã¦ã„ã‚‹ç¾åœ¨ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ + + \return ssl->options.cipherSuite ç¾åœ¨ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’è¡¨ã™æ•´æ•°ã€‚ + \return 0 æä¾›ã•れãŸsslセッションãŒnullã§ã™ã€‚ + + \param ssl ãƒã‚§ãƒƒã‚¯ã™ã‚‹SSLセッション。 _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; WOLFSSL* ssl; - WOLFSSL_METHOD method = // Some wolfSSL method + WOLFSSL_METHOD method = // 何らã‹ã®wolfSSLメソッド ctx = wolfSSL_CTX_new(method); ssl = wolfSSL_new(ctx); if(wolfSSL_get_current_cipher_suite(ssl) == 0) { - // Error getting cipher suite + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®å–得エラー } \endcode + \sa wolfSSL_CIPHER_get_name \sa wolfSSL_get_current_cipher \sa wolfSSL_get_cipher_list @@ -3284,10 +3453,13 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã®ç¾åœ¨ã®æš—å·ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return The 関数WolfSSLæ§‹é€ ä½“ã®æš—å·ãƒ¡ãƒ³ãƒãƒ¼ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯wolfssl_icipher構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ - \return NULL WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯sslセッション内ã®ç¾åœ¨ã®æš—å·ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \return ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®cipherメンãƒã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯WOLFSSL_CIPHER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ + \return NULL WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3297,11 +3469,12 @@ WOLFSSL_CIPHER* cipherCurr = wolfSSL_get_current_cipher; if(!cipherCurr){ - // Failure case. + // 失敗ケース。 } else { - // The cipher was returned to cipherCurr + // æš—å·ãŒcipherCurrã«è¿”ã•れã¾ã—㟠} \endcode + \sa wolfSSL_get_cipher \sa wolfSSL_get_cipher_name_internal \sa wolfSSL_get_cipher_name @@ -3310,14 +3483,17 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€SSLオブジェクト内ã®Cipher Suiteã¨ä½¿ç”¨å¯èƒ½ãªã‚¹ã‚¤ãƒ¼ãƒˆã¨ä¸€è‡´ã—ã€æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ - \return string ã“ã®é–¢æ•°ã¯ã€ä¸€è‡´ã—ãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ - \return none スイートãŒä¸€è‡´ã—ã¦ã„ãªã„å ´åˆã¯ã€Œãªã—ã€ã‚’è¿”ã—ã¾ã™ã€‚ - \param cipher WOLFSSL_CIPHER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯SSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆå†…ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’利用å¯èƒ½ãªã‚¹ã‚¤ãƒ¼ãƒˆã¨ç…§åˆã—ã€æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ + + \return string ã“ã®é–¢æ•°ã¯ä¸€è‡´ã—ãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®æ–‡å­—列表ç¾ã‚’è¿”ã—ã¾ã™ã€‚ + \return none 一致ã™ã‚‹ã‚¹ã‚¤ãƒ¼ãƒˆãŒãªã„å ´åˆã¯"None"ã‚’è¿”ã—ã¾ã™ã€‚ + + \param cipher WOLFSSL_CIPHER構造体ã¸ã®å®šæ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - // gets cipher name in the format DHE_RSA ... + // DHE_RSA ...ã®å½¢å¼ã§æš—å·åã‚’å–å¾—ã—ã¾ã™ const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl){ WOLFSSL_CIPHER* cipher; const char* fullName; @@ -3326,9 +3502,10 @@ fullName = wolfSSL_CIPHER_get_name(cipher); if(fullName){ - // sanity check on returned cipher + // è¿”ã•ã‚ŒãŸæš—å·ã®å¥å…¨æ€§ãƒã‚§ãƒƒã‚¯ } \endcode + \sa wolfSSL_get_cipher \sa wolfSSL_get_current_cipher \sa wolfSSL_get_cipher_name_internal @@ -3338,55 +3515,54 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€SSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆå†…ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¨ä½¿ç”¨å¯èƒ½ãªã‚¹ã‚¤ãƒ¼ãƒˆã¨ä¸€è‡´ã—ã¾ã™ã€‚ - \return This 関数SuiteãŒä¸€è‡´ã•ã›ãŸString値を返ã—ã¾ã™ã€‚スイートãŒä¸€è‡´ã—ã¦ã„ãªã„å ´åˆã¯ã€Œãªã—ã€ã‚’è¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯SSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆå†…ã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’利用å¯èƒ½ãªã‚¹ã‚¤ãƒ¼ãƒˆã¨ç…§åˆã—ã¾ã™ã€‚ + + \return ã“ã®é–¢æ•°ã¯ä¸€è‡´ã—ãŸã‚¹ã‚¤ãƒ¼ãƒˆã®æ–‡å­—列値を返ã—ã¾ã™ã€‚一致ã™ã‚‹ã‚¹ã‚¤ãƒ¼ãƒˆãŒãªã„å ´åˆã¯"None"ã‚’è¿”ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code #ifdef WOLFSSL_DTLS … - // make sure a valid suite is used + // 有効ãªã‚¹ã‚¤ãƒ¼ãƒˆãŒä½¿ç”¨ã•れã¦ã„ã‚‹ã“ã¨ã‚’ç¢ºèª if(wolfSSL_get_cipher(ssl) == NULL){ - WOLFSSL_MSG(“Can not match cipher suite importedâ€); + WOLFSSL_MSG("インãƒãƒ¼ãƒˆã•ã‚ŒãŸæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¨ä¸€è‡´ã—ã¾ã›ã‚“"); return MATCH_SUITE_ERROR; } … #endif // WOLFSSL_DTLS \endcode + \sa wolfSSL_CIPHER_get_name \sa wolfSSL_get_current_cipher */ -const char* wolfSSL_get_cipher(WOLFSSL* ssl); +const char* wolfSSL_get_cipher(WOLFSSL*); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体ã‹ã‚‰WOLFSSL_SESSIONã‚’å‚ç…§åž‹ã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ - ã“れã«ã¯ã€wolfSSL_SESSION_freeを呼ã³å‡ºã—ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³å‚照を解除ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - WOLFSSL_SESSIONã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å†é–‹ã‚’実行ã™ã‚‹ãŸã‚ã«å¿…è¦ãªã™ã¹ã¦ã®å¿…è¦ãªæƒ…報をå«ã¿ã€æ–°ã—ã„ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãªã—ã§æŽ¥ç¶šã‚’å†ç¢ºç«‹ã—ã¾ã™ã€‚ - セッションã®å†é–‹ã®å ´åˆã€wolfSSL_shutdown()をセッションオブジェクトã«å‘¼ã³å‡ºã™å‰ã«ã€ã‚¢ãƒ—リケーションã¯ã‚ªãƒ–ジェクトã‹ã‚‰wolfssl_get1_session()を呼ã³å‡ºã—ã¦ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“れã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - ãã®å¾Œã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¯æ–°ã—ã„WOLFSSLオブジェクトを作æˆã—ã€ä¿å­˜ã—ãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’wolfssl_set_session()ã«å‰²ã‚Šå½“ã¦ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“ã®æ™‚点ã§ã€ã‚¢ãƒ—リケーションã¯wolfssl_connect()を呼ã³å‡ºã—ã€WolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’å†é–‹ã—よã†ã¨ã—ã¾ã™ã€‚ - WolfSSLサーãƒãƒ¼ã‚³ãƒ¼ãƒ‰ã§ã¯ã€ãƒ‡ãƒ•ォルトã§ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å†é–‹ã‚’許å¯ã—ã¾ã™ã€‚ - wolfssl_get1_session()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚ªãƒ–ジェクトã¯ã€ã‚¢ãƒ—リケーションãŒä½¿ç”¨å¾Œã¯è§£æ”¾ã•れる必è¦ãŒã‚りã¾ã™ã€‚ - \return WOLFSSL_SESSION æˆåŠŸã®å ´åˆã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL sslãŒNULLã®å ´åˆã€SSLセッションキャッシュãŒç„¡åйã«ãªã£ã¦ã„ã‚‹å ´åˆã€WolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³IDを使用ã§ããªã„ã€ã¾ãŸã¯ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹é–¢æ•°ãŒå¤±æ•—ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã‹ã‚‰WOLFSSL_SESSIONã‚’å‚ç…§åž‹ã¨ã—ã¦è¿”ã—ã¾ã™ã€‚ã“れã«ã¯wolfSSL_SESSION_freeを呼ã³å‡ºã—ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³å‚照を解放ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚指ã•れるWOLFSSL_SESSIONã«ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã‚’実行ã—ã€æ–°ã—ã„ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãªã—ã§æŽ¥ç¶šã‚’å†ç¢ºç«‹ã™ã‚‹ãŸã‚ã«å¿…è¦ãªã™ã¹ã¦ã®æƒ…å ±ãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚セッションå†é–‹ã®ãŸã‚ã«ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトã§wolfSSL_shutdown()を呼ã³å‡ºã™å‰ã«ã€ã‚¢ãƒ—リケーションã¯wolfSSL_get1_session()ã®å‘¼ã³å‡ºã—ã§ã‚ªãƒ–ジェクトã‹ã‚‰ã‚»ãƒƒã‚·ãƒ§ãƒ³IDã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€ã“れã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚後ã§ã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ã¯æ–°ã—ã„WOLFSSLオブジェクトを作æˆã—ã€wolfSSL_set_session()ã§ä¿å­˜ã•れãŸã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’割り当ã¦ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®æ™‚点ã§ã€ã‚¢ãƒ—リケーションã¯wolfSSL_connect()を呼ã³å‡ºã™ã“ã¨ãŒã§ãã€wolfSSLã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®å†é–‹ã‚’試ã¿ã¾ã™ã€‚wolfSSLサーãƒãƒ¼ã‚³ãƒ¼ãƒ‰ã¯ãƒ‡ãƒ•ォルトã§ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã‚’許å¯ã—ã¾ã™ã€‚wolfSSL_get1_session()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚ªãƒ–ジェクトã¯ã€ã‚¢ãƒ—リケーションãŒä½¿ç”¨ã‚’終ãˆãŸå¾Œã€wolfSSL_SESSION_free()を呼ã³å‡ºã™ã“ã¨ã«ã‚ˆã£ã¦è§£æ”¾ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SESSION æˆåŠŸæ™‚ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL sslãŒNULLã€SSLセッションキャッシュãŒç„¡åйã€wolfSSLãŒã‚»ãƒƒã‚·ãƒ§ãƒ³IDを利用ã§ããªã„ã€ã¾ãŸã¯mutex関数ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl セッションをå–å¾—ã™ã‚‹WOLFSSL構造体。 _Example_ \code WOLFSSL* ssl; - WOLFSSL_SESSION* ses; - // attempt/complete handshake + WOLFSSL_SESSION* ses; // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’試行/完了 wolfSSL_connect(ssl); ses = wolfSSL_get1_session(ssl); - // check ses information - // disconnect / setup new SSL instance + // sesæƒ…å ±ã‚’ç¢ºèª + // 切断/æ–°ã—ã„SSLインスタンスをセットアップ wolfSSL_set_session(ssl, ses); - // attempt/resume handshake + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’試行/å†é–‹ wolfSSL_SESSION_free(ses); \endcode + \sa wolfSSL_new \sa wolfSSL_free \sa wolfSSL_SESSION_free @@ -3395,9 +3571,13 @@ /*! \ingroup Setup - \brief wolfsslv23_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€SSL 3.0~TLS 1.3ã®é–“ã§ã‚µãƒ¼ãƒãƒ¼ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„る最高ã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚WolfSSLクライアントã¨ã‚µãƒ¼ãƒãƒ¼ã®ä¸¡æ–¹ãŒå …牢ãªãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰æ©Ÿèƒ½ã‚’æŒã£ã¦ã„ã¾ã™ã€‚特定ã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒ¡ã‚½ãƒƒãƒ‰ãŒã©ã¡ã‚‰ã®å´ã§ä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆã¯ã€ãã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã¿ãŒãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸã‚Šã€ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ãŸã¨ãˆã°ã€TLSV1を使用ã—ã€SSLv3ã®ã¿ã«æŽ¥ç¶šã—よã†ã¨ã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯ã€TLSV1.1ã«æŽ¥ç¶šã—ã¦ã‚‚失敗ã—ã¾ã™ã€‚ã“ã®å•題を解決ã™ã‚‹ãŸã‚ã«ã€wolfsslv23_client_method()関数を使用ã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯ã€ã‚µãƒ¼ãƒãƒ¼ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„る最高ã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã€å¿…è¦ã«å¿œã˜ã¦SSLv3ã«ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“ã®å ´åˆã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯SSLv3 - TLSv1.3を実行ã—ã¦ã„るサーãƒãƒ¼ã«æŽ¥ç¶šã§ãるよã†ã«ãªã‚Šã¾ã™ã€‚ - \return pointer æˆåŠŸã™ã‚‹ã¨ã€wolfssl_methodã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \return Failure xmallocを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒENOMEMã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfSSLv23_client_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€SSL 3.0ã‹ã‚‰TLS 1.3ã¾ã§ã®é–“ã§ã‚µãƒ¼ãƒãŒã‚µãƒãƒ¼ãƒˆã™ã‚‹æœ€ã‚‚高ã„プロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚wolfSSLã®ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¨ã‚µãƒ¼ãƒã®ä¸¡æ–¹ã¯ã€å …牢ãªãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰æ©Ÿèƒ½ã‚’æŒã£ã¦ã„ã¾ã™ã€‚ã©ã¡ã‚‰ã‹ä¸€æ–¹ã§ç‰¹å®šã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒ¡ã‚½ãƒƒãƒ‰ãŒä½¿ç”¨ã•れãŸå ´åˆã€ãã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã¿ãŒãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れるã‹ã€ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚例ãˆã°ã€TLSv1を使用ã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒSSLv3ã®ã¿ã®ã‚µãƒ¼ãƒã«æŽ¥ç¶šã—よã†ã¨ã™ã‚‹ã¨å¤±æ•—ã—ã€åŒæ§˜ã«TLSv1.1ã¸ã®æŽ¥ç¶šã‚‚失敗ã—ã¾ã™ã€‚ã“ã®å•題を解決ã™ã‚‹ãŸã‚ã«ã€wolfSSLv23_client_method()関数を使用ã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯ã€ã‚µãƒ¼ãƒãŒã‚µãƒãƒ¼ãƒˆã™ã‚‹æœ€ã‚‚高ã„プロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã€å¿…è¦ã«å¿œã˜ã¦SSLv3ã¾ã§ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ã“ã®å ´åˆã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯SSLv3ã‹ã‚‰TLSv1.3ã¾ã§ã‚’実行ã—ã¦ã„るサーãƒã«æŽ¥ç¶šã§ãã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€WOLFSSL_METHODã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return Failure XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータãªã—。 _Example_ \code @@ -3405,12 +3585,13 @@ WOLFSSL_CTX* ctx; method = wolfSSLv23_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ã§ã—㟠} ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method @@ -3423,11 +3604,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€å†…部メモリãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã¸ã®ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return size æˆåŠŸã™ã‚‹ã¨ã€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ - \return SSL_FATAL_ERROR エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio ã®ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体。 - \param p メモリãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“れã¯ã€å†…部メモリãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return size æˆåŠŸæ™‚ã€ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio メモリãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL_BIO構造体。 + \param p メモリãƒãƒƒãƒ•ã‚¡ã«è¨­å®šã™ã‚‹ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3436,8 +3620,9 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); ret = wolfSSL_BIO_get_mem_data(bio, &p); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_set_fp @@ -3447,19 +3632,23 @@ /*! \ingroup IO - \brief 使用ã™ã‚‹BIOã®ãƒ•ァイル記述å­ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS(1) æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param bio FDを設定ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造。 - \param fd 使用ã™ã‚‹ãƒ•ァイル記述å­ã€‚ - \param closeF fdをクローズã™ã‚‹éš›ã®ãµã‚‹ã¾ã„を指定ã™ã‚‹ãƒ•ラグ + + \brief bioãŒä½¿ç”¨ã™ã‚‹ãƒ•ァイルディスクリプタを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS(1) æˆåŠŸæ™‚ã€‚ + + \param bio fdを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param fd 使用ã™ã‚‹ãƒ•ァイルディスクリプタ。 + \param closeF fdをクローズã™ã‚‹éš›ã®å‹•作フラグ。 _Example_ \code WOLFSSL_BIO* bio; int fd; - // setup bio + // bioをセットアップ wolfSSL_BIO_set_fd(bio, fd, BIO_NOCLOSE); \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_free */ @@ -3467,17 +3656,21 @@ /*! \ingroup IO - \brief BIOãŒè§£æ”¾ã•れãŸã¨ãã«I/Oストリームを閉ã˜ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れるクローズフラグを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS(1) æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param bio WOLFSSL_BIO構造体。 - \param flag I/Oストリームを閉ã˜ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れるクローズフラグ + + \brief クローズフラグを設定ã—ã¾ã™ã€‚ã“れã¯ã€BIOãŒè§£æ”¾ã•れる際ã«I/Oストリームをクローズã™ã¹ãã‹ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS(1) æˆåŠŸæ™‚ã€‚ + + \param bio WOLFSSL_BIO構造体。 + \param flag I/Oストリームをクローズã™ã‚‹éš›ã®å‹•作フラグ。 _Example_ \code WOLFSSL_BIO* bio; - // setup bio + // bioをセットアップ wolfSSL_BIO_set_close(bio, BIO_NOCLOSE); \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_free */ @@ -3485,14 +3678,19 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯BIO_SOCKETタイプã®WOLFSSL_BIO_METHODã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return WOLFSSL_BIO_METHOD ソケットタイプã§ã‚ã‚‹WOLFSSL_BIO_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“れã¯ã€BIO_SOCKETタイプã®WOLFSSL_BIO_METHODã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return WOLFSSL_BIO_METHOD ソケットタイプã§ã‚ã‚‹WOLFSSL_BIO_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \param none パラメータãªã—。 _Example_ \code WOLFSSL_BIO* bio; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket); \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem */ @@ -3500,13 +3698,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_BIOã®ãƒ©ã‚¤ãƒˆãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 書ãè¾¼ã¿ãƒãƒƒãƒ•ã‚¡ãŒä»¥å‰ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯ã‚µã‚¤ã‚ºã‚’リセットã™ã‚‹ã¨ãã«è§£æ”¾ã•れã¾ã™ã€‚ - èª­ã¿æ›¸ãインデックスを0ã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ã¨ã„ã†ç‚¹ã§ã€wolfSSL_BIO_resetã«ä¼¼ã¦ã„ã¾ã™ã€‚ - \return SSL_SUCCESS 書ãè¾¼ã¿ãƒãƒƒãƒ•ã‚¡ã®è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio FDを設定ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造。 - \param size ãƒãƒƒãƒ•ァサイズ + + \brief ã“れã¯ã€WOLFSSL_BIOã®æ›¸ãè¾¼ã¿ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚書ãè¾¼ã¿ãƒãƒƒãƒ•ã‚¡ãŒä»¥å‰ã«è¨­å®šã•れã¦ã„ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯ã‚µã‚¤ã‚ºã‚’リセットã™ã‚‹éš›ã«ãれを解放ã—ã¾ã™ã€‚ã“れã¯ã€èª­ã¿å–ã‚Šã¨æ›¸ãè¾¼ã¿ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’0ã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ç‚¹ã§wolfSSL_BIO_resetã«ä¼¼ã¦ã„ã¾ã™ã€‚ + + \return SSL_SUCCESS 書ãè¾¼ã¿ãƒãƒƒãƒ•ã‚¡ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio fdを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param size 割り当ã¦ã‚‹ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -3514,8 +3713,9 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); ret = wolfSSL_BIO_set_write_buf_size(bio, 15000); - // check return value + // æˆ»ã‚Šå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_free @@ -3524,11 +3724,14 @@ /*! \ingroup IO - \brief ã“れã¯2ã¤ã®BIOSを一緒ã«ãƒšã‚¢ãƒªãƒ³ã‚°ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚一対ã®BIOSã¯ã€2ã¤ã®æ–¹æ³•パイプã¨åŒæ§˜ã«ã€ä»–æ–¹ã§èª­ã¿å–られるã“ã¨ãŒã§ãã€ãã®é€†ã‚‚åŒæ§˜ã§ã‚る。BIOSã®ä¸¡æ–¹ãŒåŒã˜ã‚¹ãƒ¬ãƒƒãƒ‰å†…ã«ã‚ã‚‹ã“ã¨ãŒäºˆæƒ³ã•れã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã‚¹ãƒ¬ãƒƒãƒ‰ã‚»ãƒ¼ãƒ•ã§ã¯ã‚りã¾ã›ã‚“。2ã¤ã®BIOSã®ã†ã¡ã®1ã¤ã‚’解放ã™ã‚‹ã¨ã€ä¸¡æ–¹ã¨ã‚‚ペアã«ãªã£ã¦ã„ã¾ã™ã€‚書ãè¾¼ã¿ãƒãƒƒãƒ•ァサイズãŒä»¥å‰ã«è¨­å®šã•れã¦ã„ãªã„å ´åˆã€ãれã¯ãƒšã‚¢ã«ãªã‚‹å‰ã«17000(wolfssl_bio_size)ã®ãƒ‡ãƒ•ォルトサイズã«è¨­å®šã•れã¾ã™ã€‚ - \return SSL_SUCCESS 2ã¤ã®BIOSã‚’ã†ã¾ãペアリングã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param b1 ペアを設定ã™ã‚‹ãŸã‚ã®ç¬¬ä¸€ã®WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param b2 第二ã®ã®WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“れã¯ã€2ã¤ã®bioをペアã«ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ペアã«ãªã£ãŸbioã¯åŒæ–¹å‘パイプã®ã‚ˆã†ã«å‹•作ã—ã€ä¸€æ–¹ã¸ã®æ›¸ãè¾¼ã¿ã¯ã‚‚ã†ä¸€æ–¹ã‹ã‚‰èª­ã¿å–ã‚‹ã“ã¨ãŒã§ãã€ãã®é€†ã‚‚åŒæ§˜ã§ã™ã€‚両方ã®bioãŒåŒã˜ã‚¹ãƒ¬ãƒƒãƒ‰ã«ã‚ã‚‹ã“ã¨ãŒæœŸå¾…ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã‚¹ãƒ¬ãƒƒãƒ‰ã‚»ãƒ¼ãƒ•ã§ã¯ã‚りã¾ã›ã‚“。2ã¤ã®bioã®ã†ã¡ã®1ã¤ã‚’解放ã™ã‚‹ã¨ã€ä¸¡æ–¹ã®ãƒšã‚¢ãŒè§£é™¤ã•れã¾ã™ã€‚ã„ãšã‚Œã‹ã®bioã«æ›¸ãè¾¼ã¿ãƒãƒƒãƒ•ァサイズãŒä»¥å‰ã«è¨­å®šã•れã¦ã„ãªã‹ã£ãŸå ´åˆã€ãƒšã‚¢ã«ãªã‚‹å‰ã«ãƒ‡ãƒ•ォルトサイズã®17000(WOLFSSL_BIO_SIZE)ã«è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 2ã¤ã®bioã®ãƒšã‚¢åŒ–ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param b1 ペアを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param b2 ペアを完æˆã•ã›ã‚‹2番目ã®WOLFSSL_BIO構造体。 _Example_ \code @@ -3538,8 +3741,9 @@ bio = wolfSSL_BIO_new(wolfSSL_BIO_s_bio()); bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio()); ret = wolfSSL_BIO_make_bio_pair(bio, bio2); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_free @@ -3548,10 +3752,13 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€èª­ã¿å–ã‚Šè¦æ±‚フラグを0ã«æˆ»ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS 値を正常ã«è¨­å®šã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“れã¯ã€èª­ã¿å–ã‚Šè¦æ±‚フラグを0ã«æˆ»ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 値ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param b 読ã¿å–ã‚Šè¦æ±‚フラグを設定ã™ã‚‹WOLFSSL_BIO構造体。 _Example_ \code @@ -3559,48 +3766,50 @@ int ret; ... ret = wolfSSL_BIO_ctrl_reset_read_request(bio); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new, wolfSSL_BIO_s_mem \sa wolfSSL_BIO_new, wolfSSL_BIO_free */ -int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO * bio); +int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); /*! \ingroup IO - \bri f ã“ã®é–¢æ•°ã¯ã€èª­ã¿å–り用ã®ãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - wolfSSL_BIO_nreadã¨ã¯ç•°ãªã‚Šã€å†…部読ã¿å–りインデックスã¯é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰è¿”ã•れãŸã‚µã‚¤ã‚ºåˆ†é€²ã¿ã¾ã›ã‚“。 - è¿”ã•れる値を超ãˆã¦èª­ã¿å–ã‚‹ã¨ã€ã‚¢ãƒ¬ã‚¤ã®å¢ƒç•Œã‹ã‚‰èª­ã¿å‡ºã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return >=0 æˆåŠŸã™ã‚‹ã¨ã€èª­ã¿å–ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ - \param bio WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf 読ã¿å–り用ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“れã¯ã€èª­ã¿å–り用ã®ãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚wolfSSL_BIO_nreadã¨ã¯ç•°ãªã‚Šã€å†…部読ã¿å–りインデックスã¯é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰è¿”ã•れる数ã ã‘進ã‚られã¾ã›ã‚“。返ã•れる値を超ãˆã¦èª­ã¿å–ã‚‹ã¨ã€é…列ã®å¢ƒç•Œå¤–を読ã¿å–ã‚‹çµæžœã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return >=0 æˆåŠŸæ™‚ã€èª­ã¿å–ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + + \param bio 読ã¿å–ã‚‹WOLFSSL_BIO構造体。 + \param buf 読ã¿å–りé…列ã®å…ˆé ­ã«è¨­å®šã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_BIO* bio; char* bufPt; int ret; - // set up bio - ret = wolfSSL_BIO_nread0(bio, &bufPt); // read as many bytes as possible - // handle negative ret check - // read ret bytes from bufPt + // bioをセットアップ + ret = wolfSSL_BIO_nread0(bio, &bufPt); // å¯èƒ½ãªé™ã‚Šå¤šãã®ãƒã‚¤ãƒˆã‚’読ã¿å–り + // è² ã®retå€¤ã‚’ç¢ºèª + // bufPtã‹ã‚‰retãƒã‚¤ãƒˆã‚’読ã¿å–り \endcode + \sa wolfSSL_BIO_new - \sa wolfSSL_BIO_nwrite0 */ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); /*! \ingroup IO - \biieれã¯ã€ã“ã®é–¢æ•°ã¯ã€èª­ã¿å–り用ã®ãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - 内部読ã¿å–りインデックスã¯ã€èª­ã¿å–り元ã®ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«æŒ‡ã•れã¦ã„ã‚‹BUFを使用ã—ã¦ã€é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰è¿”ã•れるサイズ分進ã¿ã¾ã™ã€‚ - æ•°numã§è¦æ±‚ã•れãŸå€¤ã‚ˆã‚Šã‚‚ãƒã‚¤ãƒˆãŒå°‘ãªã„å ´åˆã€ã‚ˆã‚Šå°‘ãªã„値ãŒè¿”ã•れã¾ã™ã€‚ - è¿”ã•れる値を超ãˆã¦èª­ã¿å–ã‚‹ã¨ã€ã‚¢ãƒ¬ã‚¤ã®å¢ƒç•Œã‹ã‚‰èª­ã¿å‡ºã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return >=0 æˆåŠŸã™ã‚‹ã¨ã€èª­ã¿å–ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ - \return WOLFSSL_BIO_ERROR(-1) Return -1を読むもã®ã§ã¯ãªã„エラーケースã«ã¤ã„㦠- \param bio WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf 読ã¿å–りé…列ã®å…ˆé ­ã«è¨­å®šã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param num 読ã¿å–りサイズ + + \brief ã“れã¯ã€èª­ã¿å–り用ã®ãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚内部読ã¿å–りインデックスã¯ã€é–¢æ•°å‘¼ã³å‡ºã—ã‹ã‚‰è¿”ã•れる数ã ã‘進ã‚られã€bufã¯èª­ã¿å–ã‚‹ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã‚’指ã—ã¾ã™ã€‚読ã¿å–りãƒãƒƒãƒ•ァ内ã®ãƒã‚¤ãƒˆæ•°ãŒnumã§è¦æ±‚ã•れãŸå€¤ã‚ˆã‚Šå°‘ãªã„å ´åˆã€ã‚ˆã‚Šå°ã•ã„値ãŒè¿”ã•れã¾ã™ã€‚è¿”ã•れる値を超ãˆã¦èª­ã¿å–ã‚‹ã¨ã€é…列ã®å¢ƒç•Œå¤–を読ã¿å–ã‚‹çµæžœã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return >=0 æˆåŠŸæ™‚ã€èª­ã¿å–ã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_BIO_ERROR(-1) 読ã¿å–ã‚‹ã‚‚ã®ãŒãªã„å ´åˆã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã§-1ã‚’è¿”ã—ã¾ã™ã€‚ + + \param bio 読ã¿å–ã‚‹WOLFSSL_BIO構造体。 + \param buf 読ã¿å–りé…列ã®å…ˆé ­ã«è¨­å®šã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param num 読ã¿å–りを試ã¿ã‚‹ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code @@ -3608,11 +3817,12 @@ char* bufPt; int ret; - // set up bio - ret = wolfSSL_BIO_nread(bio, &bufPt, 10); // try to read 10 bytes - // handle negative ret check - // read ret bytes from bufPt + // bioをセットアップ + ret = wolfSSL_BIO_nread(bio, &bufPt, 10); // 10ãƒã‚¤ãƒˆã®èª­ã¿å–りを試行 + // è² ã®retå€¤ã‚’ç¢ºèª + // bufPtã‹ã‚‰retãƒã‚¤ãƒˆã‚’読ã¿å–り \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_nwrite */ @@ -3620,25 +3830,28 @@ /*! \ingroup IO - \brief 関数ã«ã‚ˆã£ã¦è¿”ã•れる数ã®ãƒã‚¤ãƒˆã‚’書ã込むãŸã‚ã«ãƒãƒƒãƒ•ァーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚ - è¿”ã•れるãƒã‚¤ãƒ³ã‚¿ã«è¿½åŠ ã®ãƒã‚¤ãƒˆã‚’書ã込んã å ´åˆã€è¿”ã•れãŸå€¤ã¯ç¯„å›²å¤–ã®æ›¸ãè¾¼ã¿ã«ã¤ãªãŒã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return int è¿”ã•れãŸãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã«æ›¸ã込むã“ã¨ãŒã§ãã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_BIO_UNSET(-2) ãƒã‚¤ã‚ªãƒšã‚¢ã®ä¸€éƒ¨ã§ã¯ãªã„å ´åˆ - \return WOLFSSL_BIO_ERROR(-1) ã«æ›¸ãã¹ã部屋ãŒã“れ以上ãªã„å ´åˆ - \param bio WOLFSSL_BIOæ§‹é€ ã«æ›¸ã込む構造。 - \param buf 書ã込むãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param num 書ãè¾¼ã¿ãŸã„サイズ + + \brief 関数ãŒè¿”ã™æ•°ã ã‘ã®ãƒã‚¤ãƒˆã‚’書ã込むãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã—ã¾ã™ã€‚è¿”ã•れる値よりも多ãã®ãƒã‚¤ãƒˆã‚’è¿”ã•れãŸãƒã‚¤ãƒ³ã‚¿ã«æ›¸ã込むã¨ã€å¢ƒç•Œå¤–ã¸ã®æ›¸ãè¾¼ã¿ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return int ãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã«æ›¸ã込むã“ã¨ãŒã§ãã‚‹ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_BIO_UNSET(-2) bioペアã®ä¸€éƒ¨ã§ã¯ãªã„å ´åˆã€‚ + \return WOLFSSL_BIO_ERROR(-1) 書ã込むスペースãŒã“れ以上ãªã„å ´åˆã€‚ + + \param bio 書ã込むWOLFSSL_BIO構造体。 + \param buf 書ã込むãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param num 書ãè¾¼ã¿ãŸã„ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code WOLFSSL_BIO* bio; char* bufPt; int ret; - // set up bio - ret = wolfSSL_BIO_nwrite(bio, &bufPt, 10); // try to write 10 bytes - // handle negative ret check - // write ret bytes to bufPt + // bioをセットアップ + ret = wolfSSL_BIO_nwrite(bio, &bufPt, 10); // 10ãƒã‚¤ãƒˆã®æ›¸ãè¾¼ã¿ã‚’試行 + // è² ã®retå€¤ã‚’ç¢ºèª + // bufPtã«retãƒã‚¤ãƒˆã‚’書ã込㿠\endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_free \sa wolfSSL_BIO_nread @@ -3647,18 +3860,22 @@ /*! \ingroup IO - \brief ãƒã‚¤ã‚ªã‚’åˆæœŸçŠ¶æ…‹ã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚タイプBIO_BIOã®ä¾‹ã¨ã—ã¦ã€ã“れã¯èª­ã¿æ›¸ãインデックスをリセットã—ã¾ã™ã€‚ - \return 0 ãƒã‚¤ã‚ªã®ãƒªã‚»ãƒƒãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return WOLFSSL_BIO_ERROR(-1) ä¸è‰¯å…¥åŠ›ã¾ãŸã¯å¤±æ•—ã—ãŸãƒªã‚»ãƒƒãƒˆã§è¿”ã•れã¾ã™ã€‚ - \param bio WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief bioã‚’åˆæœŸçŠ¶æ…‹ã«ãƒªã‚»ãƒƒãƒˆã—ã¾ã™ã€‚例ãˆã°ã€BIO_BIOタイプã®å ´åˆã€ã“れã¯èª­ã¿å–ã‚Šã¨æ›¸ãè¾¼ã¿ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’リセットã—ã¾ã™ã€‚ + + \return 0 bioã®ãƒªã‚»ãƒƒãƒˆã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return WOLFSSL_BIO_ERROR(-1) 䏿­£ãªå…¥åŠ›ã¾ãŸã¯ãƒªã‚»ãƒƒãƒˆã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param bio リセットã™ã‚‹WOLFSSL_BIO構造体。 _Example_ \code WOLFSSL_BIO* bio; - // setup bio + // bioをセットアップ wolfSSL_BIO_reset(bio); - //use pt + //ptを使用 \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_free */ @@ -3666,11 +3883,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸã‚ªãƒ•セットã¸ãƒ•ァイルãƒã‚¤ãƒ³ã‚¿ã‚’調整ã—ã¾ã™ã€‚ã“れã¯ãƒ•ァイルã®å…ˆé ­ã‹ã‚‰ã®ã‚ªãƒ•セットã§ã™ã€‚ - \return 0 æ­£å¸¸ã«æŽ¢ã—ã¦ã„ã¾ã™ã€‚ - \return -1 エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio 設定ã™ã‚‹WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ofs ファイルã®å…ˆé ­ã‹ã‚‰ã®ã‚ªãƒ•セット + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ•ァイルãƒã‚¤ãƒ³ã‚¿ã‚’指定ã•れãŸã‚ªãƒ•セットã«èª¿æ•´ã—ã¾ã™ã€‚ã“れã¯ãƒ•ァイルã®å…ˆé ­ã‹ã‚‰ã®ã‚ªãƒ•セットã§ã™ã€‚ + + \return 0 ã‚·ãƒ¼ã‚¯ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return -1 エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio 設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param ofs ファイルã¸ã®ã‚ªãƒ•セット。 _Example_ \code @@ -3679,33 +3899,36 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); ret = wolfSSL_BIO_set_fp(bio, &fp); - // check ret value + // retå€¤ã‚’ç¢ºèª ret = wolfSSL_BIO_seek(bio, 3); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_set_fp \sa wolfSSL_BIO_free */ -int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); - -/*! +int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs);/*! \ingroup IO - \brief ã“れã¯ãƒ•ァイルã«è¨­å®šãŠã‚ˆã³æ›¸ã込むãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ç¾åœ¨ãƒ•ァイル内ã®ãƒ‡ãƒ¼ã‚¿ã‚’上書ãã—ã€BIOãŒè§£æ”¾ã•れãŸã¨ãã«ãƒ•ァイルを閉ã˜ã‚‹ã‚ˆã†ã«è¨­å®šã•れã¾ã™ã€‚ - \return SSL_SUCCESS ファイルã®é–‹ãã¨è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio ファイルを設定ã™ã‚‹WOLFSSL_BIO構造体体。 - \param name 書ãè¾¼ã¿å…ˆãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ファイルを設定ã—ã€æ›¸ã込むãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ãƒ•ã‚¡ã‚¤ãƒ«å†…ã®æ—¢å­˜ãƒ‡ãƒ¼ã‚¿ã‚’上書ãã—ã€bioãŒè§£æ”¾ã•れる際ã«ãƒ•ァイルを閉ã˜ã‚‹ã‚ˆã†è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS ファイルã®ã‚ªãƒ¼ãƒ—ンã¨è¨­å®šãŒæˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio ファイルを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param name 書ãè¾¼ã¿å…ˆã®ãƒ•ァイルå。 _Example_ \code WOLFSSL_BIO* bio; int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); - ret = wolfSSL_BIO_write_filename(bio, “test.txtâ€); - // check ret value + ret = wolfSSL_BIO_write_filename(bio, "test.txt"); + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_file \sa wolfSSL_BIO_set_fp @@ -3715,10 +3938,13 @@ /*! \ingroup IO - \brief ã“れã¯ãƒ•ァイル値ã®çµ‚ã‚りを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚一般的ãªå€¤ã¯äºˆæƒ³ã•れる正ã®å€¤ã¨æ··åŒã•れãªã„よã†ã«-1ã§ã™ã€‚ - \return 0 å®Œäº†ã«æˆ»ã‚Šã¾ã—㟠- \param bio ファイル値ã®çµ‚ã‚りを設定ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体体。 - \param v bioã«ã‚»ãƒƒãƒˆã™ã‚‹å€¤ã€‚ + + \brief ファイル終端値を設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚一般的ãªå€¤ã¯-1ã§ã€æœŸå¾…ã•れる正ã®å€¤ã¨æ··åŒã—ãªã„よã†ã«ã—ã¾ã™ã€‚ + + \return 0 完了時ã«è¿”ã•れã¾ã™ã€‚ + + \param bio ファイル終端値を設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param v bioã«è¨­å®šã™ã‚‹å€¤ã€‚ _Example_ \code @@ -3726,8 +3952,9 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); ret = wolfSSL_BIO_set_mem_eof_return(bio, -1); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_set_fp @@ -3737,20 +3964,24 @@ /*! \ingroup IO - \brief ã“れã¯WolfSSL_BIOメモリãƒã‚¤ãƒ³ã‚¿ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ - \return SSL_SUCCESS ãƒã‚¤ãƒ³ã‚¿SSL_SUCCESSã‚’è¿”ã™æ­£å¸¸ã«ï¼ˆç¾åœ¨1ã®å€¤ï¼‰ã€‚ - \return SSL_FAILURE nullå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆï¼ˆç¾åœ¨0ã®å€¤ï¼‰ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param bio メモリãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ptr WOLFSSL_BUF_MEM構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆç¾åœ¨ã¯char*ã¨ãªã£ã¦ã„る) + + \brief WOLFSSL_BIOメモリãƒã‚¤ãƒ³ã‚¿ã®getter関数ã§ã™ã€‚ + + \return SSL_SUCCESS ãƒã‚¤ãƒ³ã‚¿ã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€SSL_SUCCESSãŒè¿”ã•れã¾ã™(ç¾åœ¨ã®å€¤ã¯1)。 + \return SSL_FAILURE NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™(ç¾åœ¨ã®å€¤ã¯0)。 + + \param bio メモリãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ptr ç¾åœ¨char*ã§ã‚る構造体。bioã®ãƒ¡ãƒ¢ãƒªã‚’指ã™ã‚ˆã†ã«è¨­å®šã•れã¾ã™ã€‚ _Example_ \code WOLFSSL_BIO* bio; WOLFSSL_BUF_MEM* pt; - // setup bio + // bioをセットアップ wolfSSL_BIO_get_mem_ptr(bio, &pt); - //use pt + // ptを使用 \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem */ @@ -3758,11 +3989,14 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯X509ã®åå‰ã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return A WOLFSSL_X509_NAME構造åメンãƒãƒ¼ã®ãƒ‡ãƒ¼ã‚¿ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã€nameメンãƒãƒ¼ã®ãƒ‡ãƒ¼ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \param name wolfssl_x509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in WOLFSSL_X509_NAME構造体ã‹ã‚‰ã‚³ãƒ”ーã•れãŸåå‰ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param sz ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯x509ã®åå‰ã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã€WOLFSSL_X509_NAME構造体ã®nameメンãƒãƒ¼ã®ãƒ‡ãƒ¼ã‚¿ã‚’æŒã¤ãƒãƒƒãƒ•ã‚¡ã¸ã®charãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + + \param name WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in WOLFSSL_X509_NAME構造体ã‹ã‚‰ã‚³ãƒ”ーã•れãŸåå‰ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ã‚¡ã®æœ€å¤§ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -3772,9 +4006,10 @@ name = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0); if(name <= 0){ - // There’s nothing in the buffer. + // ãƒãƒƒãƒ•ã‚¡ã«ä½•ã‚‚ã‚りã¾ã›ã‚“ } \endcode + \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA @@ -3785,10 +4020,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ç™ºè¡Œè€…ã®åå‰ã‚’è¿”ã—ã¾ã™ã€‚ - \return point WOLFSSL_X509構造体ã®ç™ºè¡Œè€…メンãƒãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \return NULL 渡ã•れãŸè¨¼æ˜Žæ›¸ãŒNULLã®å ´åˆ - \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…åã‚’è¿”ã—ã¾ã™ã€‚ + + \return point 渡ã•れãŸcertãŒNULLã§ãªã„å ´åˆã€WOLFSSL_X509構造体ã®issuerメンãƒãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL 渡ã•れãŸcertãŒNULLã®å ´åˆã€‚ + + \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3798,11 +4036,12 @@ issuer = wolfSSL_X509_NAME_oneline(wolfSSL_X509_get_issuer_name(x509), 0, 0); if(!issuer){ - // NULL was returned + // NULLãŒè¿”ã•れã¾ã—㟠} else { - // issuer hods the name of the certificate issuer. + // issuerã¯è¨¼æ˜Žæ›¸ã®ç™ºè¡Œè€…åã‚’ä¿æŒã—ã¦ã„ã¾ã™ } \endcode + \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_isCA \sa wolfSSL_get_peer_certificate @@ -3812,9 +4051,12 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_x509構造ã®ä»¶åメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer wolfssl_x509_name構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚WOLFSSL_X509構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯æ§‹é€ ä½“ã®ä»¶åメンãƒãƒ¼ãŒNULLã®å ´åˆã€ãƒã‚¤ãƒ³ã‚¿ã¯NULLã«ãªã‚‹ã“ã¨ãŒã‚りã¾ã™ã€‚ - \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL_X509構造体ã®subjectメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer WOLFSSL_X509_NAME構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚WOLFSSL_X509構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯æ§‹é€ ä½“ã®subjectメンãƒãƒ¼ãŒNULLã®å ´åˆã€ãƒã‚¤ãƒ³ã‚¿ã¯NULLã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3823,9 +4065,10 @@ … name = wolfSSL_X509_get_subject_name(cert); if(name == NULL){ - // Deal with the NULL cacse + // NULLã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } \endcode + \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA \sa wolfSSL_get_peer_certificate @@ -3834,10 +4077,13 @@ /*! \ingroup CertsKeys - \brief WOLFSSL_X509構造体ã®isCaメンãƒãƒ¼ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¦å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return isCA WOLFSSL_X509構造体ã®isCaメンãƒãƒ¼ã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 有効ãªWOLFSSL_X509æ§‹é€ ä½“ãŒæ¸¡ã•れãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief WOLFSSL_X509構造体ã®isCaメンãƒãƒ¼ã‚’ãƒã‚§ãƒƒã‚¯ã—ã€ãã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + + \return isCA WOLFSSL_X509構造体ã®isCaメンãƒãƒ¼ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ + \return 0 有効ãªx509æ§‹é€ ä½“ãŒæ¸¡ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3847,24 +4093,28 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_X509_get_isCA(ssl)){ - // This is the CA + // ã“れã¯CAã§ã™ }else { - // Failure case + // 失敗ケース } \endcode + \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA */ -int wolfSSL_X509_get_isCA(WOLFSSL_X509* cert); +int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€æ¸¡ã•れãŸNID値ã«é–¢é€£ã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚ - \return int テキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \param name wolfssl_x509_nameテキストを検索ã™ã‚‹ã€‚ - \param nid 検索ã™ã‚‹NID。 - \param buf 見ã¤ã‹ã£ãŸã¨ãã«ãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァー。 - \param len ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯æ¸¡ã•れãŸNID値ã«é–¢é€£ã™ã‚‹ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return int テキストãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \param name テキストを検索ã™ã‚‹WOLFSSL_X509_NAME。 + \param nid 検索ã™ã‚‹NID。 + \param buf 見ã¤ã‹ã£ãŸãƒ†ã‚­ã‚¹ãƒˆã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param len ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code @@ -3872,12 +4122,13 @@ char buffer[100]; int bufferSz; int ret; - // get WOLFSSL_X509_NAME + // WOLFSSL_X509_NAMEã‚’å–å¾— ret = wolfSSL_X509_NAME_get_text_by_NID(name, NID_commonName, buffer, bufferSz); - //check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa none */ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, int nid, @@ -3885,10 +4136,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_X509構造体ã®sigOIDメンãƒãƒ¼ã«æ ¼ç´ã•れã¦ã„る値を返ã—ã¾ã™ã€‚ - \return 0 WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return int x509オブジェクトã‹ã‚‰å–å¾—ã•ã‚ŒãŸæ•´æ•°å€¤ãŒè¿”ã•れã¾ã™ã€‚ - \param cert WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL_X509構造体ã®sigOIDメンãƒãƒ¼ã«æ ¼ç´ã•れã¦ã„る値を返ã—ã¾ã™ã€‚ + + \return 0 WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return int x509オブジェクトã‹ã‚‰å–å¾—ã•ã‚ŒãŸæ•´æ•°å€¤ãŒè¿”ã•れã¾ã™ã€‚ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3898,9 +4152,10 @@ int x509SigType = wolfSSL_X509_get_signature_type(x509); if(x509SigType != EXPECTED){ - // Deal with an unexpected value + // 予期ã—ãªã„å€¤ã‚’å‡¦ç† } \endcode + \sa wolfSSL_X509_get_signature \sa wolfSSL_X509_version \sa wolfSSL_X509_get_der @@ -3909,12 +4164,12 @@ \sa wolfSSL_X509_notAfter \sa wolfSSL_X509_free */ -int wolfSSL_X509_get_signature_type(WOLFSSL_X509* cert); +int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509); /*! \brief ã“ã®é–¢æ•°ã¯WOLFSSL_X509構造体を解放ã—ã¾ã™ã€‚ - \return ãªã— - \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -3924,37 +4179,43 @@ wolfSSL_X509_free(x509); \endcode + \sa wolfSSL_X509_get_signature \sa wolfSSL_X509_version \sa wolfSSL_X509_get_der \sa wolfSSL_X509_get_serial_number \sa wolfSSL_X509_notBefore \sa wolfSSL_X509_notAfter + */ void wolfSSL_X509_free(WOLFSSL_X509* x509); /*! \ingroup CertsKeys - \brief x509ç½²åã‚’å–å¾—ã—ã€ãれをãƒãƒƒãƒ•ã‚¡ã«ä¿å­˜ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ç½²åãŒãƒãƒƒãƒ•ã‚¡ã«ãƒ­ãƒ¼ãƒ‰ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERRROR X509構造体ã¾ãŸã¯BUFSZメンãƒãƒ¼ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚SIG構造ã®é•·ã•メンãƒã®ãƒã‚§ãƒƒã‚¯ã‚‚ã‚る(SIGã¯X509ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã‚る)。 - \param x509 wolfssl_x509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã¸ã®æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param bufSz ãƒãƒƒãƒ•ァサイズを格ç´ã™ã‚‹int型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief X509ç½²åã‚’å–å¾—ã—ã€ãƒãƒƒãƒ•ã‚¡ã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ç½²åã¯ãƒãƒƒãƒ•ã‚¡ã«èª­ã¿è¾¼ã¾ã‚Œã¾ã™ã€‚ + \return SSL_FATAL_ERRROR x509構造体ã¾ãŸã¯bufSzメンãƒãƒ¼ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚sig構造体ã®lengthメンãƒãƒ¼(sigã¯x509ã®ãƒ¡ãƒ³ãƒãƒ¼)ã®ãƒã‚§ãƒƒã‚¯ã‚‚ã‚りã¾ã™ã€‚ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ã‚¡ã¸ã®charãƒã‚¤ãƒ³ã‚¿ã€‚ + \param bufSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã¸ã®æ•´æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_X509* x509 = (WOLFSSL_X509)XMALOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); - unsigned char* buf; // Initialize + unsigned char* buf; // åˆæœŸåŒ– int* bufSz = sizeof(buf)/sizeof(unsigned char); ... if(wolfSSL_X509_get_signature(x509, buf, bufSz) != SSL_SUCCESS){ - // The function did not execute successfully. + // é–¢æ•°ã¯æ­£å¸¸ã«å®Ÿè¡Œã•れã¾ã›ã‚“ã§ã—㟠} else{ - // The buffer was written to correctly. + // ãƒãƒƒãƒ•ã‚¡ã¯æ­£ã—ãæ›¸ãè¾¼ã¾ã‚Œã¾ã—㟠} \endcode + \sa wolfSSL_X509_get_serial_number \sa wolfSSL_X509_get_signature_type \sa wolfSSL_X509_get_device_type @@ -3963,11 +4224,14 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_X509_STRE構造体ã«è¨¼æ˜Žæ›¸ã‚’追加ã—ã¾ã™ã€‚ - \return SSL_SUCCESS è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«è¿½åŠ ã•れãŸå ´åˆã€‚ - \return SSL_FATAL_ERROR: è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«è¿½åŠ ã•れãªã„å ´åˆ - \param str 証明書を追加ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ã€‚ - \param x509 追加ã™ã‚‹WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL_X509_STORE構造体ã«è¨¼æ˜Žæ›¸ã‚’追加ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«è¿½åŠ ã•れãŸå ´åˆã€‚ + \return SSL_FATAL_ERROR è¨¼æ˜Žæ›¸ãŒæ­£å¸¸ã«è¿½åŠ ã•れãªã‹ã£ãŸå ´åˆã€‚ + + \param str 証明書を追加ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ã€‚ + \param x509 追加ã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ _Example_ \code @@ -3975,26 +4239,31 @@ WOLFSSL_X509* x509; int ret; ret = wolfSSL_X509_STORE_add_cert(str, x509); - //check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_X509_free */ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_X509_STORE_CTX構造体ã®ãƒã‚§ãƒ¼ãƒ³å¤‰æ•°ã®getter関数ã§ã™ã€‚ç¾åœ¨ãƒã‚§ãƒ¼ãƒ³ã¯å–り込ã¾ã‚Œã¦ã„ã¾ã›ã‚“。 - \return pointer æˆåŠŸã—ãŸå ´åˆWOLFSSL_STACK(STACK_OF(WOLFSSL_X509))ãƒã‚¤ãƒ³ã‚¿ã¨åŒã˜ - \return Null 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx WOLFSSL_X509_STORE_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL_X509_STORE_CTX構造体ã®chain変数ã®getter関数ã§ã™ã€‚ç¾åœ¨ã€chainã¯å…¥åŠ›ã•れã¦ã„ã¾ã›ã‚“。 + + \return pointer æˆåŠŸã—ãŸå ´åˆã€WOLFSSL_STACK(STACK_OF(WOLFSSL_X509)ã¨åŒã˜)ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return Null 失敗時。 + + \param ctx è§£æžãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ _Example_ \code WOLFSSL_STACK* sk; WOLFSSL_X509_STORE_CTX* ctx; sk = wolfSSL_X509_STORE_CTX_get_chain(ctx); - //check sk for NULL and then use it. sk needs freed after done. + // skãŒNULLã§ãªã„ã‹ç¢ºèªã—ã¦ã‹ã‚‰ä½¿ç”¨ã€‚使用後ã¯skを解放ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ \endcode + \sa wolfSSL_sk_X509_free */ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( @@ -4002,22 +4271,26 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€æ¸¡ã•れãŸWOLFSSL_X509_STORE構造体ã®å‹•作を変更ã™ã‚‹ãŸã‚ã®ãƒ•ラグをå–りã¾ã™ã€‚使用ã•れるフラグã®ä¾‹ã¯WOLFSSL_CRL_CHECKã§ã™ã€‚ - \return SSL_SUCCESS フラグを設定ã™ã‚‹ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã€‚ - \return <0 障害ã®éš›ã«è² ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ - \param str フラグを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ã€‚ - \param flag フラグ + + \brief ã“ã®é–¢æ•°ã¯æ¸¡ã•れãŸWOLFSSL_X509_STORE構造体ã®å‹•作を変更ã™ã‚‹ãŸã‚ã®ãƒ•ラグをå—ã‘å–りã¾ã™ã€‚使用ã•れるフラグã®ä¾‹ã¨ã—ã¦WOLFSSL_CRL_CHECKãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESS フラグã®è¨­å®šæ™‚ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã€‚ + \return <0 失敗時ã«è² ã®å€¤ãŒè¿”ã•れã¾ã™ã€‚ + + \param str フラグを設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¹ãƒˆã‚¢ã€‚ + \param flag 動作ã®ãŸã‚ã®ãƒ•ラグ。 _Example_ \code WOLFSSL_X509_STORE* str; int ret; - // create and set up str + // strを作æˆã—ã¦è¨­å®š ret = wolfSSL_X509_STORE_set_flags(str, WOLFSSL_CRL_CHECKALL); - If (ret != SSL_SUCCESS) { - //check ret value and handle error case + if (ret != SSL_SUCCESS) { + //ret値を確èªã—ã¦ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã‚’処ç†ã™ã‚‹ } \endcode + \sa wolfSSL_X509_STORE_new \sa wolfSSL_X509_STORE_free */ @@ -4026,9 +4299,12 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯BYTEアレイã¨ã—ã¦ç¬¦å·åŒ–ã•れãŸ"not before"è¦ç´ ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return byte NetBeforEdataã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒã‚¤ãƒˆé…列ã¨ã—ã¦ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã®ã€Œnot beforeã€æœ‰åŠ¹æœŸé™ã‚’è¿”ã—ã¾ã™ã€‚ + + \return NULL WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return byte notBeforeDataã‚’å«ã‚€ãƒã‚¤ãƒˆãŒè¿”ã•れã¾ã™ã€‚ + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ @@ -4040,6 +4316,7 @@ \endcode + \sa wolfSSL_X509_get_signature \sa wolfSSL_X509_version \sa wolfSSL_X509_get_der @@ -4051,9 +4328,12 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€BYTEé…列ã¨ã—ã¦ç¬¦å·åŒ–ã•れãŸ"not after"è¦ç´ ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return byte notAfterDataã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒã‚¤ãƒˆé…列ã¨ã—ã¦ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸè¨¼æ˜Žæ›¸ã®ã€Œnot afterã€æœ‰åŠ¹æœŸé™ã‚’è¿”ã—ã¾ã™ã€‚ + + \return NULL WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return byte notAfterDataã‚’å«ã‚€ãƒã‚¤ãƒˆãŒè¿”ã•れã¾ã™ã€‚ + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ @@ -4065,6 +4345,7 @@ \endcode + \sa wolfSSL_X509_get_signature \sa wolfSSL_X509_version \sa wolfSSL_X509_get_der @@ -4076,25 +4357,27 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_ASN1_INTEGER値をWOLFSSL_BIGNUM構造体ã«ã‚³ãƒ”ーã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return pointer WOLFSSL_ASN1_INTEGER値を正常ã«ã‚³ãƒ”ーã™ã‚‹ã¨ã€WOLFSSL_BIGNUMãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \return Null 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \param ai WOLFSSL_ASN1_INTEGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param bn ã‚‚ã—ã€æ—¢å­˜ã®WOLFSSL_BIGNUM構造体ã«ã‚³ãƒ”ーã—ãŸã„å ´åˆãã®ãƒã‚¤ãƒ³ã‚¿ã‚’ã“ã®å¼•æ•°ã§æŒ‡å®šã—ã¾ã™ã€‚ - NULLを指定ã™ã‚‹ã¨æ–°ãŸã«WOLFSSL_BIGNUM構造体ãŒç”Ÿæˆã•れã¦ä½¿ç”¨ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_ASN1_INTEGER値をWOLFSSL_BIGNUM構造体ã«ã‚³ãƒ”ーã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return pointer WOLFSSL_ASN1_INTEGER値ã®ã‚³ãƒ”ãƒ¼ã«æˆåŠŸã™ã‚‹ã¨ã€WOLFSSL_BIGNUMãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return Null 失敗時ã«ã¯NullãŒè¿”ã•れã¾ã™ã€‚ + + \param ai コピー元ã®WOLFSSL_ASN1_INTEGER構造体。 + \param bn 既存ã®WOLFSSL_BIGNUM構造体ã«ã‚³ãƒ”ーã—ãŸã„å ´åˆã¯ã€ãã®ãƒã‚¤ãƒ³ã‚¿ã‚’渡ã—ã¾ã™ã€‚オプションã¨ã—ã¦ã€ã“れをNULLã«ã™ã‚‹ã“ã¨ã§æ–°ã—ã„WOLFSSL_BIGNUM構造体ãŒä½œæˆã•れã¾ã™ã€‚ _Example_ \code WOLFSSL_ASN1_INTEGER* ai; WOLFSSL_BIGNUM* bn; - // create ai + // aiã‚’ä½œæˆ bn = wolfSSL_ASN1_INTEGER_to_BN(ai, NULL); - // or if having already created bn and wanting to reuse structure + // ã¾ãŸã¯æ—¢ã«bnã‚’ä½œæˆæ¸ˆã¿ã§æ§‹é€ ä½“ã‚’å†åˆ©ç”¨ã—ãŸã„å ´åˆ // wolfSSL_ASN1_INTEGER_to_BN(ai, bn); - // check bn is or return value is not NULL + // bnã¾ãŸã¯æˆ»ã‚Šå€¤ãŒNULLã§ãªã„ã“ã¨ã‚’ç¢ºèª \endcode + \sa none */ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, @@ -4102,21 +4385,25 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTXæ§‹é€ ã§æ§‹ç¯‰ã•れã¦ã„る内部ãƒã‚§ãƒ¼ãƒ³ã«è¨¼æ˜Žæ›¸ã‚’追加ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 証明書ã®è¿½åŠ ã«æˆåŠŸã—ãŸã‚‰ã€‚ - \return SSL_FAILURE ãƒã‚§ãƒ¼ãƒ³ã«è¨¼æ˜Žæ›¸ã‚’追加ã™ã‚‹ã“ã¨ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ - \param ctx 証明書を追加ã™ã‚‹ãŸã‚ã®WOLFSSL_CTX構造。 - \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTXæ§‹é€ ä½“å†…ã§æ§‹ç¯‰ä¸­ã®å†…部ãƒã‚§ãƒ¼ãƒ³ã«è¨¼æ˜Žæ›¸ã‚’追加ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 証明書ã®è¿½åŠ ã«æˆåŠŸã—ãŸå¾Œã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 証明書ã®ãƒã‚§ãƒ¼ãƒ³ã¸ã®è¿½åŠ ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx 証明書を追加ã™ã‚‹WOLFSSL_CTX構造体。 + \param x509 ãƒã‚§ãƒ¼ãƒ³ã«è¿½åŠ ã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ _Example_ \code WOLFSSL_CTX* ctx; WOLFSSL_X509* x509; int ret; - // create ctx + // ctxã‚’ä½œæˆ ret = wolfSSL_CTX_add_extra_chain_cert(ctx, x509); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ @@ -4124,19 +4411,23 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造ã‹ã‚‰Get Read Hapeフラグを返ã—ã¾ã™ã€‚ - \return flag æˆåŠŸã™ã‚‹ã¨ã€èª­ã¿å–り先ã®ãƒ•ラグを返ã—ã¾ã™ã€‚ - \return SSL_FAILURE ctxãŒnullã®å ´åˆã€ssl_failureãŒè¿”ã•れã¾ã™ã€‚ - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã‹ã‚‰ãƒªãƒ¼ãƒ‰ã‚¢ãƒ˜ãƒƒãƒ‰ãƒ•ラグをå–å¾—ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \return flag æˆåŠŸæ™‚ã«ã¯ãƒªãƒ¼ãƒ‰ã‚¢ãƒ˜ãƒƒãƒ‰ãƒ•ラグãŒè¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE ctxãŒNULLã®å ´åˆã€SSL_FAILUREãŒè¿”ã•れã¾ã™ã€‚ + + \param ctx リードアヘッドフラグをå–å¾—ã™ã‚‹WOLFSSL_CTX構造体。 _Example_ \code WOLFSSL_CTX* ctx; int flag; - // setup ctx + // ctxをセットアップ flag = wolfSSL_CTX_get_read_ahead(ctx); - //check flag + //flagã‚’ç¢ºèª \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free \sa wolfSSL_CTX_set_read_ahead @@ -4145,21 +4436,25 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造内ã®èª­ã¿å‡ºã—å…ˆã®ãƒ•ラグを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS ctxãŒå…ˆèª­ã¿ãƒ•ラグを設定ã—ãŸå ´åˆã€‚ - \return SSL_FAILURE ctxãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param v 先読ã¿ãƒ•ラグ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体内ã®ãƒªãƒ¼ãƒ‰ã‚¢ãƒ˜ãƒƒãƒ‰ãƒ•ラグを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS ctxã®ãƒªãƒ¼ãƒ‰ã‚¢ãƒ˜ãƒƒãƒ‰ãƒ•ラグãŒè¨­å®šã•れãŸå ´åˆã€‚ + \return SSL_FAILURE ctxãŒNULLã®å ´åˆã€SSL_FAILUREãŒè¿”ã•れã¾ã™ã€‚ + + \param ctx リードアヘッドフラグを設定ã™ã‚‹WOLFSSL_CTX構造体。 + \param v リードアヘッドフラグ。 _Example_ \code WOLFSSL_CTX* ctx; int flag; int ret; - // setup ctx + // ctxをセットアップ ret = wolfSSL_CTX_set_read_ahead(ctx, flag); - // check return value + // æˆ»ã‚Šå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free \sa wolfSSL_CTX_get_read_ahead @@ -4168,44 +4463,270 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯OCSPã§ä½¿ç”¨ã™ã‚‹ã‚ªãƒ—ション引数を設定ã—ã¾ã™ã€‚ - \return SSL_FAILURE CTXã¾ãŸã¯ITã®CERT ManagerãŒNULLã®å ´åˆã€‚ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \param ctx WOLFSSL_CTX構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param arg ユーザー引数 + + \brief ã“ã®é–¢æ•°ã¯ã€OCSPã§ä½¿ç”¨ã™ã‚‹ã‚ªãƒ—ション引数を設定ã—ã¾ã™ã€‚ + + \return SSL_FAILURE ctxã¾ãŸã¯ãã®è¨¼æ˜Žæ›¸ãƒžãƒãƒ¼ã‚¸ãƒ£ãŒNULLã®å ´åˆã€‚ + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + + \param ctx ユーザー引数を設定ã™ã‚‹WOLFSSL_CTX構造体。 + \param arg ユーザー引数。 _Example_ \code WOLFSSL_CTX* ctx; void* data; int ret; - // setup ctx + // ctxをセットアップ ret = wolfSSL_CTX_set_tlsext_status_arg(ctx, data); - //check ret value + //retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg); /*! + \ingroup CertsKeys + + \brief クライアント証明書ã¨ç§˜å¯†éµã‚’é¸æŠžã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ãŒè¦æ±‚ã•れãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã‚’アプリケーションãŒç™»éŒ²ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€ä½¿ç”¨ã™ã‚‹è¨¼æ˜Žæ›¸ã¨éµã‚’é¸æŠžã—ã¦æä¾›ã§ãã¾ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param cb クライアント証明書ã¨éµã‚’é¸æŠžã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã€‚ + + \return void + + _Example_ + \code + int my_client_cert_cb(WOLFSSL *ssl, WOLFSSL_X509 **x509, WOLFSSL_EVP_PKEY **pkey) { ... } + wolfSSL_CTX_set_client_cert_cb(ctx, my_client_cert_cb); + \endcode + + \sa wolfSSL_CTX_set_cert_cb +*/ +void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb); + +/*! + \ingroup CertsKeys + + \brief 汎用証明書セットアップコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—中ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã‚’アプリケーションãŒç™»éŒ²ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€ã‚«ã‚¹ã‚¿ãƒ è¨¼æ˜Žæ›¸é¸æŠžã¾ãŸã¯ãƒ­ãƒ¼ãƒ‰ãƒ­ã‚¸ãƒƒã‚¯ã‚’実行ã§ãã¾ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param cb 証明書セットアップ用ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã€‚ + \param arg コールãƒãƒƒã‚¯ã«æ¸¡ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼å¼•数。 + + \return void + + _Example_ + \code + int my_cert_setup_cb(WOLFSSL* ssl, void* arg) { ... } + wolfSSL_CTX_set_cert_cb(ctx, my_cert_setup_cb, NULL); + \endcode + + \sa wolfSSL_CTX_set_client_cert_cb +*/ +void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, CertSetupCallback cb, void *arg); + +/*! + \ingroup OCSP + + \brief OCSPã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹è¦æ±‚(OCSPステープリング)を処ç†ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«OCSPã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹è¦æ±‚ã‚’å—ä¿¡ã—ãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã‚’アプリケーションãŒç™»éŒ²ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ã‚¹ãƒ†ãƒ¼ãƒ—ルã•れるOCSPレスãƒãƒ³ã‚¹ã‚’æä¾›ã§ãã¾ã™ã€‚ã“ã®APIã¯ã‚µãƒ¼ãƒãƒ¼å´ã§ã®ã¿æœ‰ç”¨ã§ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param cb OCSPã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹è¦æ±‚を処ç†ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯SSL_FAILURE。 + + _Example_ + \code + int my_ocsp_status_cb(WOLFSSL* ssl, void* arg) { ... } + wolfSSL_CTX_set_tlsext_status_cb(ctx, my_ocsp_status_cb); + \endcode + + \sa wolfSSL_CTX_get_tlsext_status_cb + \sa wolfSSL_CTX_set_tlsext_status_arg +*/ +int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb); + +/*! + \ingroup OCSP + + \brief コンテキストã«ç¾åœ¨è¨­å®šã•れã¦ã„ã‚‹OCSPステータスコールãƒãƒƒã‚¯ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param cb コールãƒãƒƒã‚¯é–¢æ•°ã‚’å—ã‘å–ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯SSL_FAILURE。 + + \sa wolfSSL_CTX_set_tlsext_status_cb +*/ +int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb); + +/*! + \ingroup OCSP + + \brief OCSPステータスコールãƒãƒƒã‚¯ã«æ¸¡ã•れる引数を設定ã—ã¾ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param arg コールãƒãƒƒã‚¯ã«æ¸¡ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼å¼•数。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯SSL_FAILURE。 + + \sa wolfSSL_CTX_set_tlsext_status_cb +*/ +long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg); + +/*! + \ingroup OCSP + + \brief ピアã«é€ä¿¡(ステープル)ã•れるOCSPレスãƒãƒ³ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \param ssl WOLFSSLセッション。 + \param resp レスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã‚’å—ã‘å–ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return Length レスãƒãƒ³ã‚¹ã®é•·ã•ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼æ™‚ã¯è² ã®å€¤ã€‚ + + \sa wolfSSL_set_tlsext_status_ocsp_resp +*/ +long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char **resp); + +/*! + \ingroup OCSP + + \brief ピアã«é€ä¿¡(ステープル)ã•れるOCSPレスãƒãƒ³ã‚¹ã‚’設定ã—ã¾ã™ã€‚ + + respã®ãƒãƒƒãƒ•ã‚¡ã¯wolfSSLã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã€wolfSSLã«ã‚ˆã£ã¦è§£æ”¾ã•れã¾ã™ã€‚アプリケーションã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ãŸå¾Œã€ãƒãƒƒãƒ•ァを解放ã—ã¦ã¯ã„ã‘ã¾ã›ã‚“。 + + \param ssl WOLFSSLセッション。 + \param resp レスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param len レスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯SSL_FAILURE。 + + \sa wolfSSL_get_tlsext_status_ocsp_resp +*/ +long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char *resp, int len); + +/*! + \ingroup OCSP + + \brief TLSマルãƒè¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ç”¨ã®è¤‡æ•°ã®OCSPレスãƒãƒ³ã‚¹ã‚’設定ã—ã¾ã™ã€‚ + + respã®ãƒãƒƒãƒ•ã‚¡ã¯wolfSSLã«ã‚ˆã£ã¦æ‰€æœ‰ã•れã€wolfSSLã«ã‚ˆã£ã¦è§£æ”¾ã•れã¾ã™ã€‚アプリケーションã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ãŸå¾Œã€ãƒãƒƒãƒ•ァを解放ã—ã¦ã¯ã„ã‘ã¾ã›ã‚“。 + + \param ssl WOLFSSLセッション。 + \param resp レスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param len レスãƒãƒ³ã‚¹ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param idx 証明書ãƒã‚§ãƒ¼ãƒ³ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯SSL_FAILURE。 +*/ +int wolfSSL_set_tlsext_status_ocsp_resp_multi(WOLFSSL* ssl, unsigned char *resp, int len, word32 idx); + +/*! + \ingroup OCSP + + \brief OCSPステータスレスãƒãƒ³ã‚¹ã‚’検証ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + OCSP検証中ã«ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã«ã‚¢ã‚¯ã‚»ã‚¹ã§ãるよã†ã«ã™ã‚‹ãŸã‚ã€SESSION_CERTSを有効ã«ã™ã‚‹ã“ã¨ã‚’推奨ã—ã¾ã™ã€‚ + + \param ctx WOLFSSL_CTXオブジェクト。 + \param cb コールãƒãƒƒã‚¯é–¢æ•°ã€‚ + \param cbArg コールãƒãƒƒã‚¯ã«æ¸¡ã™ãƒ¦ãƒ¼ã‚¶ãƒ¼å¼•数。 + + \return void + + _Example_ + \code + void my_ocsp_verify_cb(WOLFSSL* ssl, int err, byte* resp, word32 respSz, word32 idx, void* arg) + { + (void)arg; + if (err == 0 && staple && stapleSz > 0) { + printf("Client: OCSP staple received, size=%u\n", stapleSz); + return 0; + } + // err != 0ã®å ´åˆã€æ‰‹å‹•OCSPステープル検証 + if (err != 0 && staple && stapleSz > 0) { + WOLFSSL_CERT_MANAGER* cm = NULL; + DecodedCert cert; + byte certInit = 0; + WOLFSSL_OCSP* ocsp = NULL; + WOLFSSL_X509_CHAIN* peerCerts; + int i; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) + goto cleanup; + if (wolfSSL_CertManagerLoadCA(cm, CA_CERT, NULL) != WOLFSSL_SUCCESS) + goto cleanup; + + peerCerts = wolfSSL_get_peer_chain(ssl); + if (peerCerts == NULL || wolfSSL_get_chain_count(peerCerts) <= (int)idx) + goto cleanup; + + for (i = idx + 1; i < wolfSSL_get_chain_count(peerCerts); i++) { + if (wolfSSL_CertManagerLoadCABuffer(cm, wolfSSL_get_chain_cert(peerCerts, i), + wolfSSL_get_chain_length(peerCerts, i), WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + goto cleanup; + } + + wc_InitDecodedCert(&cert, wolfSSL_get_chain_cert(peerCerts, idx), wolfSSL_get_chain_length(peerCerts, idx), NULL); + certInit = 1; + if (wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm) != 0) + goto cleanup; + if ((ocsp = wc_NewOCSP(cm)) == NULL) + goto cleanup; + if (wc_CheckCertOcspResponse(ocsp, &cert, staple, stapleSz, NULL) != 0) + goto cleanup; + + printf("Client: Manual OCSP staple verification succeeded for idx=%u\n", idx); + err = 0; + cleanup: + wc_FreeOCSP(ocsp); + if (certInit) + wc_FreeDecodedCert(&cert); + wolfSSL_CertManagerFree(cm); + if (err == 0) + return 0; + printf("Client: Manual OCSP staple verification failed for idx=%u\n", idx); + } + printf("Client: OCSP staple verify error=%d\n", err); + return err; + } + wolfSSL_CTX_set_ocsp_status_verify_cb(ctx, my_ocsp_verify_cb, NULL); + \endcode +*/ +void wolfSSL_CTX_set_ocsp_status_verify_cb(WOLFSSL_CTX* ctx, ocspVerifyStatusCb cb, void* cbArg); + +/*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€PRFコールãƒãƒƒã‚¯ã«æ¸¡ã™ã‚ªãƒ—ションã®å¼•数を設定ã—ã¾ã™ã€‚ - \return SSL_FAILURE CTXãŒNULLã®å ´åˆ - \return SSL_SUCCESS 正常ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€‚ - \param ctx WOLFSSL_CTX構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param arg ユーザー引数 + + \brief ã“ã®é–¢æ•°ã¯ã€PRFコールãƒãƒƒã‚¯ã«æ¸¡ã•れるオプション引数を設定ã—ã¾ã™ã€‚ + + \return SSL_FAILURE ctxãŒNULLã®å ´åˆã€‚ + \return SSL_SUCCESS 正常ã«è¨­å®šã•れãŸå ´åˆã€‚ + + \param ctx ユーザ引数を設定ã™ã‚‹WOLFSSL_CTX構造体。 + \param arg ユーザ引数。 _Example_ \code WOLFSSL_CTX* ctx; void* data; int ret; - // setup ctx + // ctxをセットアップ ret = wolfSSL_CTX_set_tlsext_opaques_prf_input_callback_arg(ctx, data); - //check ret value + //retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ @@ -4214,19 +4735,21 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€SSLã®ã‚ªãƒ—ションマスクを設定ã—ã¾ã™ã€‚ - ã„ãã¤ã‹ã®æœ‰åйãªã‚ªãƒ—ションã¯ã€ssl_op_allã€ssl_op_cookie_exchangeã€ssl_op_no_sslv2ã€ssl_op_no_sslv3ã€ssl_op_no_tlsv1_1ã€ssl_op_no_tlsv1_2ã€ssl_op_no_compressionã§ã™ã€‚ - \return val SSLã«æ ¼ç´ã•れã¦ã„ã‚‹æ›´æ–°ã•れãŸã‚ªãƒ—ションマスク値を返ã—ã¾ã™ã€‚ - \param s オプションマスクを設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param op オプションマスク。以下ã®å€¤ãŒæŒ‡å®šå¯èƒ½ã§ã™ï¼š
    - SSL_OP_ALL
    - SSL_OP_COOKIE_EXCHANGE
    - SSL_OP_NO_SSLv2
    - SSL_OP_NO_SSLv3
    - SSL_OP_NO_TLSv1
    - SSL_OP_NO_TLSv1_1
    - SSL_OP_NO_TLSv1_2
    - SSL_OP_NO_COMPRESSION
    + + \brief ã“ã®é–¢æ•°ã¯ã€ssl内ã®ã‚ªãƒ—ションマスクを設定ã—ã¾ã™ã€‚有効ãªã‚ªãƒ—ションã«ã¯ã€SSL_OP_ALLã€SSL_OP_COOKIE_EXCHANGEã€SSL_OP_NO_SSLv2ã€SSL_OP_NO_SSLv3ã€SSL_OP_NO_TLSv1ã€SSL_OP_NO_TLSv1_1ã€SSL_OP_NO_TLSv1_2ã€SSL_OP_NO_COMPRESSIONãŒã‚りã¾ã™ã€‚ + + \return val sslã«æ ¼ç´ã•れã¦ã„ã‚‹æ›´æ–°ã•れãŸã‚ªãƒ—ションマスク値を返ã—ã¾ã™ã€‚ + + \param s オプションマスクを設定ã™ã‚‹WOLFSSL構造体。 + \param op ã“ã®é–¢æ•°ã¯ã€ssl内ã®ã‚ªãƒ—ションマスクを設定ã—ã¾ã™ã€‚有効ãªã‚ªãƒ—ションã«ã¯ä»¥ä¸‹ãŒå«ã¾ã‚Œã¾ã™: + SSL_OP_ALL + SSL_OP_COOKIE_EXCHANGE + SSL_OP_NO_SSLv2 + SSL_OP_NO_SSLv3 + SSL_OP_NO_TLSv1 + SSL_OP_NO_TLSv1_1 + SSL_OP_NO_TLSv1_2 + SSL_OP_NO_COMPRESSION _Example_ \code @@ -4234,8 +4757,9 @@ unsigned long mask; mask = SSL_OP_NO_TLSv1 mask = wolfSSL_set_options(ssl, mask); - // check mask + // maskã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free \sa wolfSSL_get_options @@ -4244,52 +4768,63 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®ã‚ªãƒ—ションマスクを返ã—ã¾ã™ã€‚ - \return val SSLã«æ ¼ç´ã•れã¦ã„るマスク値を返ã—ã¾ã™ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€ç¾åœ¨ã®ã‚ªãƒ—ションマスクを返ã—ã¾ã™ã€‚ + + \return val sslã«æ ¼ç´ã•れã¦ã„るマスク値を返ã—ã¾ã™ã€‚ + + \param s オプションマスクをå–å¾—ã™ã‚‹WOLFSSL構造体。 _Example_ \code WOLFSSL* ssl; unsigned long mask; mask = wolfSSL_get_options(ssl); - // check mask + // maskã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free \sa wolfSSL_set_options */ -long wolfSSL_get_options(const WOLFSSL *ssl); +long wolfSSL_get_options(const WOLFSSL *s); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€æ¸¡ã•れãŸãƒ‡ãƒãƒƒã‚°å¼•数を設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ssl 引数を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param arg デãƒãƒƒã‚°å¼•æ•° + + \brief ã“れã¯ã€æ¸¡ã•れるデãƒãƒƒã‚°å¼•数を設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 引数ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param s 引数を設定ã™ã‚‹WOLFSSL構造体。 + \param arg 使用ã™ã‚‹å¼•数。 _Example_ \code WOLFSSL* ssl; void* args; int ret; - // create ssl object + // sslã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’ä½œæˆ ret = wolfSSL_set_tlsext_debug_arg(ssl, args); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ -long wolfSSL_set_tlsext_debug_arg(WOLFSSL *ssl, void *arg); +long wolfSSL_set_tlsext_debug_arg(WOLFSSL *s, void *arg); /*! \ingroup openSSL - \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãŒOCSPステータス応答(OCSPステイプルã¨ã‚‚呼ã°ã‚Œã‚‹ï¼‰ã‚’é€å—ä¿¡ã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚¢ãƒ—リケーションãŒè¦æ±‚ã•れãŸã¨ãã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return 1 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return 0 エラー時ã«è¿”ã•れã¾ã™ã€‚ - \param s ssl_new()関数ã«ã‚ˆã£ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param type ssl拡張タイプ。TLSEXT_STATUSTYPE_ocspã®ã¿æŒ‡å®šå¯ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã«OCSPステータスレスãƒãƒ³ã‚¹(OCSPステープリングã¨ã‚‚呼ã°ã‚Œã¾ã™)ã‚’è¿”é€ã™ã‚‹ã‚ˆã†è¦æ±‚ã™ã‚‹éš›ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ç¾åœ¨ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„る唯一ã®ã‚¿ã‚¤ãƒ—ã¯TLSEXT_STATUSTYPE_ocspã§ã™ã€‚ + + \return 1 æˆåŠŸæ™‚ã€‚ + \return 0 エラー時。 + + \param s SSL_new()関数ã«ã‚ˆã£ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type TLSEXT_STATUSTYPE_ocspã®ã¿ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹SSL拡張タイプ。 _Example_ \code @@ -4302,6 +4837,7 @@ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_new \sa wolfSSL_free @@ -4311,19 +4847,23 @@ /*! \ingroup Setup - \bri f ã“ã®é–¢æ•°ã¯ã€ã‚Œã¯ã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’確èªã—よã†ã¨ã—ãŸå¾Œã«çµæžœã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return X509_V_OK æˆåŠŸã—ãŸæ¤œè¨¼ã«ã¤ã„㦠- \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ssl WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“れã¯ã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã‚’試ã¿ãŸå¾Œã®çµæžœã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return X509_V_OK æ¤œè¨¼ãŒæˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param ssl æ¤œè¨¼çµæžœã‚’å–å¾—ã™ã‚‹WOLFSSL構造体。 _Example_ \code WOLFSSL* ssl; long ret; - // attempt/complete handshake + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’試行/完了 ret = wolfSSL_get_verify_result(ssl); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -4331,10 +4871,13 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’より多ãã®äººé–“ãŒèª­ã‚るエラー文字列ã«å¤‰æ›ã—ã€ãã®æ–‡å­—列を出力ファイルã«å°åˆ·ã—ã¾ã™ã€‚ERRã¯ã€WOLFSSL_GET_ERROR()ã«ã‚ˆã£ã¦è¿”ã•れã€FPãŒã‚¨ãƒ©ãƒ¼æ–‡å­—列ãŒé…ç½®ã•れるファイルã§ã‚るエラーコードã§ã™ã€‚ - \return ãªã— - \param fp ã«æ›¸ãè¾¼ã¾ã‚Œã‚‹äººé–“ãŒèª­ã‚るエラー文字列ã®å‡ºåŠ›ãƒ•ã‚¡ã‚¤ãƒ«ã€‚ - \param err wolfSSL_get_error()ã§è¿”ã•れるエラーコード。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’ã€ã‚ˆã‚Šäººé–“ãŒèª­ã¿ã‚„ã™ã„エラー文字列ã«å¤‰æ›ã—ã€ãã®æ–‡å­—列を出力ファイルfpã«å‡ºåŠ›ã—ã¾ã™ã€‚errã¯wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã§ã‚りã€fpã¯ã‚¨ãƒ©ãƒ¼æ–‡å­—列ãŒé…ç½®ã•れるファイルã§ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param fp 人間ãŒèª­ã¿ã‚„ã™ã„ã‚¨ãƒ©ãƒ¼æ–‡å­—åˆ—ãŒæ›¸ãè¾¼ã¾ã‚Œã‚‹å‡ºåŠ›ãƒ•ã‚¡ã‚¤ãƒ«ã€‚ + \param err wolfSSL_get_error()ã«ã‚ˆã£ã¦è¿”ã•れãŸã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ _Example_ \code @@ -4345,6 +4888,7 @@ err = wolfSSL_get_error(ssl, 0); wolfSSL_ERR_print_errors_fp(fp, err); \endcode + \sa wolfSSL_get_error \sa wolfSSL_ERR_error_string \sa wolfSSL_ERR_error_string_n @@ -4354,10 +4898,13 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯æä¾›ã•れãŸã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’使用ã—ã¦ã‚¨ãƒ©ãƒ¼å ±å‘Šã‚’処ç†ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯é–¢æ•°ã¯ã‚¨ãƒ©ãƒ¼å›žç·šã”ã¨ã«å®Ÿè¡Œã•れã¾ã™ã€‚文字列ã€é•·ã•ã€ãŠã‚ˆã³userdataã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れã¾ã™ã€‚ - \return ãªã— - \param cb コールãƒãƒƒã‚¯é–¢æ•° - \param u コールãƒãƒƒã‚¯é–¢æ•°ã«æ¸¡ã•れるuserdata + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’使用ã—ã¦ã‚¨ãƒ©ãƒ¼ãƒ¬ãƒãƒ¼ãƒˆã‚’処ç†ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯é–¢æ•°ã¯ã€å„エラー行ã«å¯¾ã—ã¦å®Ÿè¡Œã•れã¾ã™ã€‚文字列ã€é•·ã•ã€ãŠã‚ˆã³ãƒ¦ãƒ¼ã‚¶ãƒ‡ãƒ¼ã‚¿ãŒã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cb コールãƒãƒƒã‚¯é–¢æ•°ã€‚ + \param u コールãƒãƒƒã‚¯é–¢æ•°ã«æ¸¡ã™ãƒ¦ãƒ¼ã‚¶ãƒ‡ãƒ¼ã‚¿ã€‚ _Example_ \code @@ -4367,6 +4914,7 @@ FILE* fp = ... wolfSSL_ERR_print_errors_cb(error_cb, fp); \endcode + \sa wolfSSL_get_error \sa wolfSSL_ERR_error_string \sa wolfSSL_ERR_error_string_n @@ -4376,30 +4924,32 @@ int (*cb)(const char *str, size_t len, void *u), void *u); /*! - \brief ã“ã®é–¢æ•°ã¯WOLFSSL_CTX構造ã®client_psk_cbメンãƒãƒ¼ã‚’セットã—ã¾ã™ã€‚ - \return ãªã— - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb wc_psk_client_callback ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§WOLFSSL_CTXæ§‹é€ ä½“ã«æ ¼ç´ã•れã¾ã™ã€‚ - æˆ»ã‚Šå€¤ã¯æˆåŠŸæ™‚ã«ã¯éµé•·ã‚’è¿”ã—ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«ã¯ï¼ã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®client_psk_cbメンãƒã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb WOLFSSL_CTXæ§‹é€ ä½“ã«æ ¼ç´ã•れる関数ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹wc_psk_client_callback。戻り値ã¯ã€æˆåŠŸæ™‚ã«ã¯éµã®é•·ã•ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«ã¯ã‚¼ãƒ­ã§ã™ã€‚ unsigned int (*wc_psk_client_callback) - PSK クライアントコールãƒãƒƒã‚¯é–¢æ•°ã®å¼•数:
    - WOLFSSL* ssl - WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿
    - const char* hint - ユーザーã«å¯¾ã—ã¦è¡¨ç¤ºã•れるヒント文字列
    - char* identity - ID
    - unsigned int id_max_len - IDãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º
    - unsigned char* key - æ ¼ç´ã•れるéµ
    - unsigned int key_max_len - éµã®æœ€å¤§ã‚µã‚¤ã‚º
    + PSKクライアントコールãƒãƒƒã‚¯ã®ãƒ‘ラメータ: + WOLFSSL* ssl - wolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + const char* hint - ユーザã¸ã®ãƒ’ントを表示ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã§ãã‚‹æ ¼ç´ã•ã‚ŒãŸæ–‡å­—列。 + char* identity - IDãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ã€‚ + unsigned int id_max_len - IDãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + unsigned char* key - éµãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ã€‚ + unsigned int key_max_len - éµã®æœ€å¤§ã‚µã‚¤ã‚ºã€‚ _Example_ \code WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol def ); … static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, - Unsigned int key_max_len){ - … - wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); + char* identity, unsigned int id_max_len, unsigned char* key, + Unsigned int key_max_len){ + … + wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); \endcode + \sa wolfSSL_set_psk_client_callback \sa wolfSSL_set_psk_server_callback \sa wolfSSL_CTX_set_psk_server_callback @@ -4409,35 +4959,51 @@ wc_psk_client_callback cb); /*! - \brief - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief PSKクライアントå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb wc_psk_client_callbackåž‹ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚戻り値ã¯ã€æˆåŠŸæ™‚ã«ã¯éµã®é•·ã•ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«ã¯ã‚¼ãƒ­ã§ã™ã€‚ + unsigned int (*wc_psk_client_callback) + PSKクライアントコールãƒãƒƒã‚¯ã®ãƒ‘ラメータ: + WOLFSSL* ssl - wolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + const char* hint - ユーザã¸ã®ãƒ’ントを表示ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã§ãã‚‹æ ¼ç´ã•ã‚ŒãŸæ–‡å­—列。 + char* identity - IDãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ã€‚ + unsigned int id_max_len - IDãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + unsigned char* key - éµãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ã€‚ + unsigned int key_max_len - éµã®æœ€å¤§ã‚µã‚¤ã‚ºã€‚ _Example_ \code WOLFSSL* ssl; static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, - char* identity, unsigned int id_max_len, unsigned char* key, - Unsigned int key_max_len){ - … - if(ssl){ - wolfSSL_set_psk_client_callback(ssl, my_psk_client_cb); - } else { - // could not set callback - } + char* identity, unsigned int id_max_len, unsigned char* key, + Unsigned int key_max_len){ + … + if(ssl){ + wolfSSL_set_psk_client_callback(ssl, my_psk_client_cb); + } else { + // コールãƒãƒƒã‚¯ã‚’設定ã§ãã¾ã›ã‚“ã§ã—ãŸã€‚ + } \endcode + \sa wolfSSL_CTX_set_psk_client_callback \sa wolfSSL_CTX_set_psk_server_callback \sa wolfSSL_set_psk_server_callback */ void wolfSSL_set_psk_client_callback(WOLFSSL* ssl, - wc_psk_client_callback); + wc_psk_client_callback cb); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯PSKアイデンティティヒントを返ã—ã¾ã™ã€‚ - \return pointer WolfSSL構造ã®é…列メンãƒãƒ¼ã«æ ¼ç´ã•れã¦ã„る値ã¸ã®const charãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \return NULL WOLFSSLã¾ãŸã¯é…列構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€PSKアイデンティティヒントを返ã—ã¾ã™ã€‚ + + \return pointer WOLFSSL構造体ã®arraysメンãƒã«æ ¼ç´ã•れã¦ã„ãŸå€¤ã¸ã®const charåž‹ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL WOLFSSLã¾ãŸã¯Arrays構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4446,34 +5012,39 @@ ... idHint = wolfSSL_get_psk_identity_hint(ssl); if(idHint){ - // The hint was retrieved + // ヒントãŒå–å¾—ã•れã¾ã—ãŸã€‚ return idHint; } else { - // Hint wasn’t successfully retrieved + // ヒントã®å–å¾—ã«æˆåŠŸã—ã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_get_psk_identity */ const char* wolfSSL_get_psk_identity_hint(const WOLFSSL*); /*! \ingroup CertsKeys - \brief 関数ã¯ã€é…列構造ã®Client_Identityメンãƒãƒ¼ã¸ã®å®šæ•°ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return string é…列構造ã®client_identityメンãƒã®æ–‡å­—列値。 - \return NULL WOLFSSL構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯WOLFSSL構造ã®é…列メンãƒãƒ¼ãŒNULLã®å ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Arrays構造体ã®client_identityメンãƒã¸ã®å®šæ•°ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \return string Arrays構造体ã®client_identityメンãƒã®æ–‡å­—列値。 + \return NULL WOLFSSL構造体ãŒNULLã€ã¾ãŸã¯WOLFSSL構造体ã®ArraysメンãƒãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); - WOLFSSL* ssl = wolfSSL_new(ctx); - const char* pskID; + WOLFSSL* ssl = wolfSSL_new(ctx); const char* pskID; ... pskID = wolfSSL_get_psk_identity(ssl); if(pskID == NULL){ - // There is not a value in pskID + // pskIDã«å€¤ãŒã‚りã¾ã›ã‚“ } \endcode + \sa wolfSSL_get_psk_identity_hint \sa wolfSSL_use_psk_identity_hint */ @@ -4481,9 +5052,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®server_hintメンãƒãƒ¼ã«HINT引数を格ç´ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€hint引数をWOLFSSL_CTX構造体ã®server_hintメンãƒã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hint WOLFSSL_CTX構造体ã«ã‚³ãƒ”ーã•れる定数charãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4493,22 +5068,27 @@ … ret = wolfSSL_CTX_use_psk_identity_hint(ctx, hint); if(ret == SSL_SUCCESS){ - // Function was successful. + // é–¢æ•°ã¯æˆåŠŸã—ã¾ã—㟠return ret; } else { - // Failure case. + // 失敗ケース } \endcode + \sa wolfSSL_use_psk_identity_hint */ int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl構造内ã®é…列構造ã®server_hintメンãƒãƒ¼ã«HINT引数を格ç´ã—ã¾ã™ã€‚ - \return SSL_SUCCESS ヒントãŒWolfSSLæ§‹é€ ã«æ­£å¸¸ã«ä¿å­˜ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE WOLFSSLã¾ãŸã¯é…列構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€hint引数をWOLFSSL構造体内ã®Arrays構造体ã®server_hintメンãƒã«æ ¼ç´ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS hintãŒWOLFSSLæ§‹é€ ä½“ã«æ­£å¸¸ã«æ ¼ç´ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE WOLFSSLã¾ãŸã¯Arrays構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hint メモリã«ä¿å­˜ã•ã‚Œã‚‹ãƒ’ãƒ³ãƒˆã‚’ä¿æŒã™ã‚‹å®šæ•°æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4516,17 +5096,27 @@ const char* hint; ... if(wolfSSL_use_psk_identity_hint(ssl, hint) != SSL_SUCCESS){ - // Handle failure case. + // å¤±æ•—ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } \endcode + \sa wolfSSL_CTX_use_psk_identity_hint */ int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint); /*! - \brief WOLFSSL_CTX構造体 - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã«ã‚µãƒ¼ãƒå´ã®pskコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb コールãƒãƒƒã‚¯ç”¨ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€WOLFSSL_CTXæ§‹é€ ä½“ã«æ ¼ç´ã•れã¾ã™ã€‚æˆ»ã‚Šå€¤ã¯æˆåŠŸæ™‚ã¯éµã®é•·ã•ã€ã‚¨ãƒ©ãƒ¼æ™‚ã¯0ã§ã™ã€‚ + unsigned int (*wc_psk_server_callback) + PSKサーãƒã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ãƒ‘ラメータ + WOLFSSL* ssl - wolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + char* identity - IDãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ + unsigned char* key - éµãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ + unsigned int key_max_len - éµã®æœ€å¤§ã‚µã‚¤ã‚º _Example_ \code @@ -4536,15 +5126,16 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, unsigned char* key, unsigned int key_max_len) { - // Function body. + // 関数本体 } … if(ctx != NULL){ wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); } else { - // The CTX object was not properly initialized. + // CTXオブジェクトãŒé©åˆ‡ã«åˆæœŸåŒ–ã•れã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wc_psk_server_callback \sa wolfSSL_set_psk_client_callback \sa wolfSSL_set_psk_server_callback @@ -4554,9 +5145,19 @@ wc_psk_server_callback cb); /*! - \brief WolfSSL構造オプションメンãƒãƒ¼ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief WOLFSSL構造体ã®optionsメンãƒã‚’設定ã™ã‚‹ã“ã¨ã«ã‚ˆã‚Šã€ã‚µãƒ¼ãƒå´ã®pskコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb コールãƒãƒƒã‚¯ç”¨ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€WOLFSSLæ§‹é€ ä½“ã«æ ¼ç´ã•れã¾ã™ã€‚æˆ»ã‚Šå€¤ã¯æˆåŠŸæ™‚ã¯éµã®é•·ã•ã€ã‚¨ãƒ©ãƒ¼æ™‚ã¯0ã§ã™ã€‚ + unsigned int (*wc_psk_server_callback) + PSKサーãƒã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ãƒ‘ラメータ + WOLFSSL* ssl - wolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + char* identity - IDãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ + unsigned char* key - éµãŒã“ã“ã«æ ¼ç´ã•れã¾ã™ + unsigned int key_max_len - éµã®æœ€å¤§ã‚µã‚¤ã‚º + _Example_ \code @@ -4566,13 +5167,14 @@ static unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identity, unsigned char* key, unsigned int key_max_len) { - // Function body. + // 関数本体 } … if(ssl != NULL && cb != NULL){ wolfSSL_set_psk_server_callback(ssl, my_psk_server_cb); } \endcode + \sa wolfSSL_set_psk_client_callback \sa wolfSSL_CTX_set_psk_server_callback \sa wolfSSL_CTX_set_psk_client_callback @@ -4585,9 +5187,12 @@ /*! - \brief - \return WOLFSSL_SUCCESS ã¾ãŸã¯wolfssl_failure. - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief WOLFSSL構造体ã®optionsメンãƒã«PSKユーザコンテキストを設定ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESSã¾ãŸã¯WOLFSSL_FAILURE + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param psk_ctx ユーザPSKコンテキストã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_get_psk_callback_ctx \sa wolfSSL_CTX_set_psk_callback_ctx @@ -4596,9 +5201,13 @@ int wolfSSL_set_psk_callback_ctx(WOLFSSL* ssl, void* psk_ctx); /*! - \brief - \return WOLFSSL_SUCCESS ã¾ãŸã¯wolfssl_failure. - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief WOLFSSL_CTX構造体ã«PSKユーザコンテキストを設定ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESSã¾ãŸã¯WOLFSSL_FAILURE + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param psk_ctx ユーザPSKコンテキストã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ + \sa wolfSSL_set_psk_callback_ctx \sa wolfSSL_get_psk_callback_ctx \sa wolfSSL_CTX_get_psk_callback_ctx @@ -4606,8 +5215,12 @@ int wolfSSL_CTX_set_psk_callback_ctx(WOLFSSL_CTX* ctx, void* psk_ctx); /*! - \brief - \return void ユーザーPSKコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief WOLFSSL構造体ã®optionsメンãƒã‹ã‚‰PSKユーザコンテキストをå–å¾—ã—ã¾ã™ã€‚ + + \return ユーザPSKコンテキストã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \sa wolfSSL_set_psk_callback_ctx \sa wolfSSL_CTX_set_psk_callback_ctx \sa wolfSSL_CTX_get_psk_callback_ctx @@ -4615,8 +5228,12 @@ void* wolfSSL_get_psk_callback_ctx(WOLFSSL* ssl); /*! - \brief - \return void ユーザーPSKコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief WOLFSSL_CTX構造体ã‹ã‚‰PSKユーザコンテキストをå–å¾—ã—ã¾ã™ã€‚ + + \return ユーザPSKコンテキストã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \sa wolfSSL_CTX_set_psk_callback_ctx \sa wolfSSL_set_psk_callback_ctx \sa wolfSSL_get_psk_callback_ctx @@ -4625,9 +5242,13 @@ /*! \ingroup Setup - \brief ã“ã®æ©Ÿèƒ½ã«ã‚ˆã‚Šã€CTX構造ã®HAVAnonメンãƒãƒ¼ãŒã‚³ãƒ³ãƒ‘イル中ã«å®šç¾©ã•れã¦ã„ã‚‹å ´åˆã¯ã€CTX構造ã®HABANONメンãƒãƒ¼ã‚’有効ã«ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æ©Ÿèƒ½ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れã€CTXã®Haveannonメンãƒãƒ¼ãŒ1ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE CTX構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã«HAVE_ANONãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€CTX構造体ã®havAnonメンãƒã‚’有効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れã€CTXã®haveAnnonメンãƒãŒ1ã«è¨­å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE CTX構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4637,21 +5258,26 @@ #ifdef HAVE_ANON if(cipherList == NULL){ wolfSSL_CTX_allow_anon_cipher(ctx); - if(wolfSSL_CTX_set_cipher_list(ctx, “ADH_AES128_SHAâ€) != SSL_SUCCESS){ - // failure case + if(wolfSSL_CTX_set_cipher_list(ctx, "ADH_AES128_SHA") != SSL_SUCCESS){ + // 失敗ケース } } #endif \endcode + \sa none */ -int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX*); +int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief wolfsslv23_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€SSL 3.0 - TLS 1.3ã‹ã‚‰ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨æŽ¥ç¶šã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸwolfssl_method構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return Failure xmallocを呼ã³å‡ºã™ã¨ãã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹Malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™ï¼ˆé€šå¸¸ã¯errnoãŒenomeemã«è¨­å®šã•れã¾ã™ï¼‰ã€‚ + + \brief wolfSSLv23_server_method()関数ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒã§ã‚りã€SSL 3.0ã‹ã‚‰TLS 1.3ã¾ã§ã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§æŽ¥ç¶šã™ã‚‹ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„WOLFSSL_METHOD構造体ã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return Failure XMALLOCを呼ã³å‡ºã™éš›ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 + + \param none パラメータãªã—。 _Example_ \code @@ -4660,12 +5286,13 @@ method = wolfSSLv23_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ã§ã—㟠} ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method @@ -4678,18 +5305,23 @@ /*! \ingroup Setup - \bri f ã“ã®é–¢æ•°ã¯ã€ã‚Œã¯ã€WolfSSL構造体ã®å†…部エラー状態をå–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return wolfssl_error SSLエラー状態ã€é€šå¸¸ã¯ãƒžã‚¤ãƒŠã‚¹ã‚’è¿”ã—ã¾ã™ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆ + + \brief ã“れã¯ã€WOLFSSL構造体ã®å†…部エラー状態をå–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return wolfssl_error sslエラー状態を返ã—ã¾ã™ã€‚通常ã¯è² ã®å€¤ã§ã™ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + + \return ssl 状態をå–å¾—ã™ã‚‹WOLFSSL構造体。 _Example_ \code WOLFSSL* ssl; int ret; - // create ssl object + // sslã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’ä½œæˆ ret = wolfSSL_state(ssl); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -4697,9 +5329,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return pointer WOLFSSL_X509構造ã®PECRERTメンãƒãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒå­˜åœ¨ã™ã‚‹å ´åˆã¯ã€‚ - \return 0 ピア証明書発行者サイズãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return pointer 存在ã™ã‚‹å ´åˆã€WOLFSSL_X509構造体ã®peerCertメンãƒã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return 0 ピア証明書発行者ã®ã‚µã‚¤ã‚ºãŒå®šç¾©ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4709,9 +5345,10 @@ WOLFSSL_X509* peerCert = wolfSSL_get_peer_certificate(ssl); if(peerCert){ - // You have a pointer peerCert to the peer certification + // ピア証明書ã¸ã®ãƒã‚¤ãƒ³ã‚¿peerCertãŒã‚りã¾ã™ } \endcode + \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_isCA @@ -4720,9 +5357,13 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ssl_error_want_readã‚’å–å¾—ã™ã‚‹ã®ã¨ä¼¼ã¦ã„ã¾ã™ã€‚基礎ã¨ãªã‚‹ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒSSL_ERROR_WANT_READã®å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ãŒã€ãれ以外ã®å ´åˆã¯0ã§ã™ã€‚ - \return 1 WOLFSSL_GET_ERROR()ã¯SSL_ERROR_WANT_READã‚’è¿”ã—ã€åŸºç¤Žã¨ãªã‚‹I / Oã«ã¯èª­ã¿å–りå¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ãŒã‚りã¾ã™ã€‚ - \return 0 SSL_ERROR_WANT_READエラー状態ã¯ã‚りã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦SSL_ERROR_WANT_READãŒè¿”ã•れる場åˆã¨åŒæ§˜ã§ã™ã€‚基礎ã¨ãªã‚‹ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒSSL_ERROR_WANT_READã®å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã€ãれ以外ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + + \return 1 wolfSSL_get_error()ãŒSSL_ERROR_WANT_READã‚’è¿”ã™å ´åˆã€‚基礎ã¨ãªã‚‹I/Oã«èª­ã¿å–りå¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ãŒã‚りã¾ã™ã€‚ + \return 0 SSL_ERROR_WANT_READエラー状態ãŒãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4732,19 +5373,24 @@ ret = wolfSSL_want_read(ssl); if (ret == 1) { - // underlying I/O has data available for reading (SSL_ERROR_WANT_READ) + // 基礎ã¨ãªã‚‹I/Oã«èª­ã¿å–りå¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ãŒã‚りã¾ã™(SSL_ERROR_WANT_READ) } \endcode + \sa wolfSSL_want_write \sa wolfSSL_get_error */ -int wolfSSL_want_read(WOLFSSL*); +int wolfSSL_want_read(WOLFSSL* ssl); /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã€RETURSã®SSL_ERROR_WANT_WRITEã‚’å–å¾—ã™ã‚‹ã®ã¨åŒã˜ã§ã™ã€‚基礎ã¨ãªã‚‹ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒSSL_ERROR_WANT_WRITEã®å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã¾ã™ãŒã€ãれ以外ã®å ´åˆã¯0ã§ã™ã€‚ - \return 1 WOLFSSL_GET_ERROR()ã¯SSL_ERROR_WANT_WRITEã‚’è¿”ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I / Oã¯ã€åŸºç¤Žã¨ãªã‚‹SSL接続ã§é€²è¡Œçжæ³ã‚’行ã†ãŸã‚ã«æ›¸ãè¾¼ã¾ã‚Œã‚‹ãƒ‡ãƒ¼ã‚¿ã‚’å¿…è¦ã¨ã—ã¾ã™ã€‚ - \return 0 ssl_error_want_writeエラー状態ã¯ã‚りã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦SSL_ERROR_WANT_WRITEãŒè¿”ã•れる場åˆã¨åŒæ§˜ã§ã™ã€‚基礎ã¨ãªã‚‹ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒSSL_ERROR_WANT_WRITEã®å ´åˆã€ã“ã®é–¢æ•°ã¯1ã‚’è¿”ã—ã€ãれ以外ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + + \return 1 wolfSSL_get_error()ãŒSSL_ERROR_WANT_WRITEã‚’è¿”ã™å ´åˆã€‚基礎ã¨ãªã‚‹SSL接続ã§é€²è¡Œã™ã‚‹ãŸã‚ã«ã€åŸºç¤Žã¨ãªã‚‹I/Oã«ãƒ‡ãƒ¼ã‚¿ã‚’書ã込む必è¦ãŒã‚りã¾ã™ã€‚ + \return 0 SSL_ERROR_WANT_WRITEエラー状態ãŒãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4753,73 +5399,106 @@ ... ret = wolfSSL_want_write(ssl); if (ret == 1) { - // underlying I/O needs data to be written (SSL_ERROR_WANT_WRITE) + // 基礎ã¨ãªã‚‹I/Oã«ãƒ‡ãƒ¼ã‚¿ã‚’書ã込む必è¦ãŒã‚りã¾ã™(SSL_ERROR_WANT_WRITE) } \endcode + \sa wolfSSL_want_read \sa wolfSSL_get_error -*/ -int wolfSSL_want_write(WOLFSSL*); +*/int wolfSSL_want_write(WOLFSSL* ssl); /*! \ingroup Setup - \brief wolfsslデフォルトã§ã¯ã€æœ‰åŠ¹ãªæ—¥ä»˜ç¯„å›²ã¨æ¤œè¨¼æ¸ˆã¿ã®ç½²åã®ãŸã‚ã«ãƒ”ア証明書をãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚wolfssl_connect()ã¾ãŸã¯wolfssl_accept()ã®å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™ã¨ã€å®Ÿè¡Œã™ã‚‹ãƒã‚§ãƒƒã‚¯ã®ãƒªã‚¹ãƒˆã«ãƒ‰ãƒ¡ã‚¤ãƒ³åãƒã‚§ãƒƒã‚¯ãŒè¿½åŠ ã•れã¾ã™ã€‚DNå—信時ã«ãƒ”ア証明書を確èªã™ã‚‹ãŸã‚ã®ãƒ‰ãƒ¡ã‚¤ãƒ³åã‚’ä¿æŒã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief wolfSSLã¯ãƒ‡ãƒ•ォルトã§ãƒ”ã‚¢è¨¼æ˜Žæ›¸ã®æœ‰åŠ¹ãªæ—¥ä»˜ç¯„å›²ã¨æ¤œè¨¼æ¸ˆã¿ç½²åã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚wolfSSL_connect()ã¾ãŸã¯wolfSSL_accept()ã®å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™ã¨ã€å®Ÿè¡Œã™ã‚‹ãƒã‚§ãƒƒã‚¯ã®ãƒªã‚¹ãƒˆã«ãƒ‰ãƒ¡ã‚¤ãƒ³åãƒã‚§ãƒƒã‚¯ãŒè¿½åŠ ã•れã¾ã™ã€‚dnã¯ã€å—ä¿¡ã—ãŸãƒ”ア証明書ã«å¯¾ã—ã¦ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³åã‚’ä¿æŒã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param dn å—ä¿¡ã—ãŸãƒ”ア証明書ã«å¯¾ã—ã¦ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãƒ‰ãƒ¡ã‚¤ãƒ³å。 _Example_ \code int ret = 0; WOLFSSL* ssl; - char* domain = (char*) “www.yassl.comâ€; + char* domain = (char*) "www.yassl.com"; ... ret = wolfSSL_check_domain_name(ssl, domain); if (ret != SSL_SUCCESS) { - // failed to enable domain name check + // ドメインåãƒã‚§ãƒƒã‚¯ã®æœ‰åŠ¹åŒ–ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa none */ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); /*! + \ingroup Setup + + \brief wolfSSL_connect() ã¾ãŸã¯ wolfSSL_accept() ã®å‰ã«ã“ã®é–¢æ•°ã‚’呼ã¶ã¨ã€ + ピア証明書㮠SAN iPAddress エントリã«å¯¾ã™ã‚‹ IP アドレス検証を追加ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã€‚ + \return SSL_FAILURE ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ä¸æ­£ã¾ãŸã¯ãƒ¡ãƒ¢ãƒªç¢ºä¿å¤±æ•—。 + + \param ssl wolfSSL_new() ã§ä½œæˆã•れ㟠WOLFSSL 構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ipaddr 検証ã™ã‚‹ NULL 終端 ASCII IP アドレス文字列。 + + \sa wolfSSL_check_domain_name +*/ +int wolfSSL_check_ip_address(WOLFSSL* ssl, const char* ipaddr); + +/*! \ingroup TLS - \brief 使用ã™ã‚‹ãŸã‚ã«WolfSSLãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚アプリケーションã”ã¨ã«1回ã€ãã®ä»–ã®ãƒ©ã‚¤ãƒ–ラリã¸ã®å‘¼ã³å‡ºã—ã®å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã€é€šè©±ãŒæˆ»ã‚Šã¾ã™ã€‚ - \return BAD_MUTEX_E è¿”ã•れるå¯èƒ½æ€§ãŒã‚るエラーã§ã™ã€‚ + + \brief 使用ã™ã‚‹ãŸã‚ã«wolfSSLãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚アプリケーションã”ã¨ã«1回ã€ãƒ©ã‚¤ãƒ–ラリã¸ã®ä»–ã®å‘¼ã³å‡ºã—ã®å‰ã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E è¿”ã•れるå¯èƒ½æ€§ã®ã‚るエラーã§ã™ã€‚ + \return WC_INIT_E wolfCryptåˆæœŸåŒ–エラーãŒè¿”ã•れã¾ã™ã€‚ _Example_ \code int ret = 0; ret = wolfSSL_Init(); if (ret != SSL_SUCCESS) { - failed to initialize wolfSSL library + wolfSSLライブラリã®åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_Cleanup */ int wolfSSL_Init(void); /*! \ingroup TLS - \brief ã•らãªã‚‹ä½¿ç”¨ã‹ã‚‰WOLFSSLãƒ©ã‚¤ãƒ–ãƒ©ãƒªã‚’åˆæœŸåŒ–ã—ã¾ã™ã€‚ライブラリã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースを解放ã—ã¾ã™ãŒã€å‘¼ã³å‡ºã•れる必è¦ã¯ã‚りã¾ã›ã‚“。 - \return SSL_SUCCESS エラーを返ã—ã¾ã›ã‚“。 + + \brief wolfSSLライブラリをã“れ以上使用ã—ãªã„よã†ã«åˆæœŸåŒ–を解除ã—ã¾ã™ã€‚呼ã³å‡ºã™å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€ãƒ©ã‚¤ãƒ–ラリãŒä½¿ç”¨ã—ãŸãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS エラーãªã—ã§è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexエラーãŒè¿”ã•れã¾ã™ã€‚ _Example_ \code wolfSSL_Cleanup(); \endcode + \sa wolfSSL_Init */ int wolfSSL_Cleanup(void); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®ãƒ©ã‚¤ãƒ–ラリーãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ - \return LIBWOLFSSL_VERSION_STRING ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’定義ã™ã‚‹const charãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®ãƒ©ã‚¤ãƒ–ラリãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ + + \return LIBWOLFSSL_VERSION_STRING ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’定義ã™ã‚‹const charãƒã‚¤ãƒ³ã‚¿ã€‚ + + \param none パラメータãªã—。 _Example_ \code @@ -4827,17 +5506,22 @@ version = wolfSSL_KeepArrays(); … if(version != ExpectedVersion){ - // Handle the mismatch case + // ä¸ä¸€è‡´ã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } \endcode + \sa word32_wolfSSL_lib_version_hex */ const char* wolfSSL_lib_version(void); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ç¾åœ¨ã®ãƒ©ã‚¤ãƒ–ラリーã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’16進表記ã§è¿”ã—ã¾ã™ã€‚ - \return LILBWOLFSSL_VERSION_HEX wolfssl / version.hã§å®šç¾©ã•れã¦ã„ã‚‹16進数ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ç¾åœ¨ã®ãƒ©ã‚¤ãƒ–ラリãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’16進表記ã§è¿”ã—ã¾ã™ã€‚ + + \return LILBWOLFSSL_VERSION_HEX wolfssl/version.hã§å®šç¾©ã•れãŸ16進ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code @@ -4845,20 +5529,25 @@ libV = wolfSSL_lib_version_hex(); if(libV != EXPECTED_HEX){ - // How to handle an unexpected value + // 予期ã—ãªã„値ã®å‡¦ç†æ–¹æ³• } else { - // The expected result for libV + // libVã®æœŸå¾…ã•ã‚Œã‚‹çµæžœ } \endcode + \sa wolfSSL_lib_version */ word32 wolfSSL_lib_version_hex(void); /*! \ingroup IO - \brief SSLメソッドã®å´é¢ã«åŸºã¥ã„ã¦ã€å®Ÿéš›ã®æŽ¥ç¶šã¾ãŸã¯æ‰¿èªã‚’実行ã—ã¾ã™ã€‚クライアントå´ã‹ã‚‰å‘¼ã³å‡ºã•れãŸå ´åˆã€ã‚µãƒ¼ãƒå´ã‹ã‚‰å‘¼ã³å‡ºã•れãŸå ´åˆã«wolfssl_accept()ãŒå®Ÿè¡Œã•れã¦ã„ã‚‹é–“ã«wolfssl_connect()ãŒè¡Œã‚れる。 - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã«è¿”å´ã•れã¾ã™ã€‚(注æ„ã€å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯0ã‚’è¿”ã—ã¾ã™ï¼‰ - \return SSL_FATAL_ERROR 基礎ã¨ãªã‚‹å‘¼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã«ãªã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \brief SSLメソッドã®å´é¢ã«åŸºã¥ã„ã¦å®Ÿéš›ã®æŽ¥ç¶šã¾ãŸã¯å—ã‘入れを実行ã—ã¾ã™ã€‚クライアントå´ã‹ã‚‰å‘¼ã³å‡ºã•れãŸå ´åˆã¯wolfSSL_connect()ãŒå®Ÿè¡Œã•れã€ã‚µãƒ¼ãƒãƒ¼å´ã‹ã‚‰å‘¼ã³å‡ºã•れãŸå ´åˆã¯wolfSSL_accept()ãŒå®Ÿè¡Œã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™(注:å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§ã¯0ãŒè¿”ã•れã¾ã™)。 + \return SSL_FATAL_ERROR 基礎ã¨ãªã‚‹å‘¼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã«ãªã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4867,12 +5556,13 @@ ... ret = wolfSSL_negotiate(ssl); if (ret == SSL_FATAL_ERROR) { - // SSL establishment failed - int error_code = wolfSSL_get_error(ssl); - ... + // SSL確立ã«å¤±æ•—ã—ã¾ã—㟠+ int error_code = wolfSSL_get_error(ssl); + ... } ... \endcode + \sa SSL_connect \sa SSL_accept */ @@ -4880,9 +5570,13 @@ /*! \ingroup Setup - \brief SSL接続ã«åœ§ç¸®ã‚’使用ã™ã‚‹æ©Ÿèƒ½ã‚’オンã«ã—ã¾ã™ã€‚両å´ã«ã¯åœ§ç¸®ãŒã‚ªãƒ³ã«ãªã£ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ãã†ã§ãªã‘れã°åœ§ç¸®ã¯ä½¿ç”¨ã•れã¾ã›ã‚“。ZLIBライブラリã¯å®Ÿéš›ã®ãƒ‡ãƒ¼ã‚¿åœ§ç¸®ã‚’実行ã—ã¾ã™ã€‚ライブラリã«ã‚³ãƒ³ãƒ‘イルã™ã‚‹ã«ã¯ã€ã‚·ã‚¹ãƒ†ãƒ ã®è¨­å®šã‚·ã‚¹ãƒ†ãƒ ã«--with-libzを使用ã—ã€ãã†ã§ãªã„å ´åˆã¯hand_libzを定義ã—ã¾ã™ã€‚é€å—ä¿¡ã•れるメッセージã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’減らã™å‰ã«ãƒ‡ãƒ¼ã‚¿ã‚’圧縮ã—ã¦ã„ã‚‹é–“ã«ã€åœ§ç¸®ã«ã‚ˆã£ã¦ä¿å­˜ã•れãŸãƒ‡ãƒ¼ã‚¿ã®é‡ã¯é€šå¸¸ã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã®é…ã„ã™ã¹ã¦ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’除ã„ãŸã‚‚ã®ã‚ˆã‚Šã‚‚分æžã«æ™‚é–“ãŒã‹ã‹ã‚Šã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN 圧縮サãƒãƒ¼ãƒˆãŒãƒ©ã‚¤ãƒ–ラリã«çµ„ã¿è¾¼ã¾ã‚Œã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief SSL接続ã§åœ§ç¸®ã‚’使用ã™ã‚‹æ©Ÿèƒ½ã‚’オンã«ã—ã¾ã™ã€‚両å´ã§åœ§ç¸®ã‚’オンã«ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ãã†ã§ãªã„å ´åˆã€åœ§ç¸®ã¯ä½¿ç”¨ã•れã¾ã›ã‚“。zlibライブラリãŒå®Ÿéš›ã®ãƒ‡ãƒ¼ã‚¿åœ§ç¸®ã‚’実行ã—ã¾ã™ã€‚ライブラリã«ã‚³ãƒ³ãƒ‘イルã™ã‚‹ã«ã¯ã€configureシステムã§--with-libzを使用ã—ã€HAVE_LIBZを定義ã—ã¦ãã ã•ã„。é€ä¿¡å‰ã«ãƒ‡ãƒ¼ã‚¿ã‚’圧縮ã™ã‚‹ã¨é€å—ä¿¡ã•れるメッセージã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã¯æ¸›å°‘ã—ã¾ã™ãŒã€åœ§ç¸®ã«ã‚ˆã£ã¦ç¯€ç´„ã•れるデータã®é‡ã¯ã€æœ€ã‚‚é…ã„ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’除ã„ã¦ã€ç”Ÿãƒ‡ãƒ¼ã‚¿ã§é€ä¿¡ã™ã‚‹ã‚ˆã‚Šã‚‚è§£æžã«æ™‚é–“ãŒã‹ã‹ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return NOT_COMPILED_IN 圧縮サãƒãƒ¼ãƒˆãŒãƒ©ã‚¤ãƒ–ラリã«ãƒ“ルドã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -4891,19 +5585,24 @@ ... ret = wolfSSL_set_compression(ssl); if (ret == SSL_SUCCESS) { - // successfully enabled compression for SSL session + // SSLセッションã®åœ§ç¸®ã‚’æ­£å¸¸ã«æœ‰åŠ¹åŒ–ã—ã¾ã—㟠} \endcode + \sa none */ int wolfSSL_set_compression(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯SSLセッションタイムアウト値を秒å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ - \return SSL_SUCCESS セッションを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯SSLセッションã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã‚’ç§’å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS セッションã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param to SSLセッションタイムアウトã®è¨­å®šã«ä½¿ç”¨ã•れる秒å˜ä½ã®å€¤ã€‚ _Example_ \code @@ -4913,10 +5612,11 @@ ret = wolfSSL_set_timeout(ssl, 500); if (ret != SSL_SUCCESS) { - // failed to set session timeout value + // セッションタイムアウト値ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} ... \endcode + \sa wolfSSL_get1_session \sa wolfSSL_set_session */ @@ -4924,11 +5624,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLコンテキストã«å¯¾ã—ã¦ã€SSLセッションã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã‚’ç§’å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ - \return the wolfssl_error_code_opensslã®å ´åˆã€ä»¥å‰ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ - \return defined æˆåŠŸã—ã¦ã„ã¾ã™ã€‚定義ã•れã¦ã„ãªã„å ´åˆã€SSL_SUCCESSã¯è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力コンテキスト(CTX)ãŒNULLã®ã¨ãã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLコンテキストã®SSLセッションã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã‚’ç§’å˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ + + \return WOLFSSL_ERROR_CODE_OPENSSLãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€æˆåŠŸæ™‚ã«ä»¥å‰ã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ãŒè¿”ã•れã¾ã™ã€‚定義ã•れã¦ã„ãªã„å ´åˆã€SSL_SUCCESSãŒè¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力コンテキスト(ctx)ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param to セッションタイムアウト値(ç§’å˜ä½)。 _Example_ \code @@ -4936,9 +5639,10 @@ ... ret = wolfSSL_CTX_set_timeout(ctx, 500); if (ret != SSL_SUCCESS) { - // failed to set session timeout value + // セッションタイムアウト値ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_flush_sessions \sa wolfSSL_get1_session \sa wolfSSL_set_session @@ -4949,14 +5653,19 @@ /*! \ingroup openSSL - \brief ピアã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return chain 正常ã«ã‚³ãƒ¼ãƒ«ãŒãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 無効ãªWolfSSLãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れるã¨è¿”ã•れã¾ã™ã€‚ + + \brief ピアã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return chain æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 無効ãªWOLFSSLãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl 有効ãªWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_get_chain_count \sa wolfSSL_get_chain_length \sa wolfSSL_get_chain_cert @@ -4966,14 +5675,19 @@ /*! \ingroup openSSL - \brief ピアã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³æ•°ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return Success 正常ã«ã‚³ãƒ¼ãƒ«ãŒãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³æ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 無効ãªãƒã‚§ãƒ¼ãƒ³ãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れるã¨è¿”ã•れã¾ã™ã€‚ + + \brief ピアã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³æ•°ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³æ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 無効ãªchainãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param chain 有効ãªWOLFSSL_X509_CHAIN構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_get_peer_chain \sa wolfSSL_get_chain_length \sa wolfSSL_get_chain_cert @@ -4983,15 +5697,20 @@ /*! \ingroup openSSL - \brief Index(IDX)ã®ãƒ”ã‚¢ã®ASN1.DER証明書長をãƒã‚¤ãƒˆå˜ä½ã§å–å¾—ã—ã¾ã™ã€‚ - \return Success 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹åˆ¥ã«ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸é•·ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ - \return 0 無効ãªãƒã‚§ãƒ¼ãƒ³ãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れるã¨è¿”ã•れã¾ã™ã€‚ - \param chain 有効ãªwolfssl_x509_chain構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief インデックス(idx)ã«ãŠã‘るピアã®ASN1.DER証明書ã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§å–å¾—ã—ã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«ã‚ˆã‚‹ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ + \return 0 無効ãªchainãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param chain 有効ãªWOLFSSL_X509_CHAIN構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param idx ãƒã‚§ãƒ¼ãƒ³ã®é–‹å§‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ _Example_ \code none \endcode + \sa wolfSSL_get_peer_chain \sa wolfSSL_get_chain_count \sa wolfSSL_get_chain_cert @@ -5001,15 +5720,20 @@ /*! \ingroup openSSL - \brief インデックス(IDX)ã§ãƒ”ã‚¢ã®ASN1.DER証明書をå–å¾—ã—ã¾ã™ã€‚ - \return Success 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã§ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 無効ãªãƒã‚§ãƒ¼ãƒ³ãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れるã¨è¿”ã•れã¾ã™ã€‚ - \param chain 有効ãªwolfssl_x509_chain構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief インデックス(idx)ã«ãŠã‘るピアã®ASN1.DER証明書をå–å¾—ã—ã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«ã‚ˆã‚‹ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 無効ãªchainãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param chain 有効ãªWOLFSSL_X509_CHAIN構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param idx ãƒã‚§ãƒ¼ãƒ³ã®é–‹å§‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ _Example_ \code none \endcode + \sa wolfSSL_get_peer_chain \sa wolfSSL_get_chain_count \sa wolfSSL_get_chain_length @@ -5019,27 +5743,32 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ã®ãƒã‚§ãƒ¼ãƒ³ã‹ã‚‰ã®ãƒ”ã‚¢ã®WOLFSSL_X509構造体をインデックス(IDX)ã§å–å¾—ã—ã¾ã™ã€‚ - \return pointer WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \param chain 動的メモリsession_cacheã®å ´åˆã«ä½¿ç”¨ã•れるWOLFSSL_X509_CHAINã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - 注æ„:本関数ã‹ã‚‰è¿”ã•ã‚ŒãŸæ§‹é€ ä½“ã‚’wolfSSL_FreeX509()を呼ã³å‡ºã—ã¦è§£æ”¾ã™ã‚‹ã®ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®è²¬ä»»ã§ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‹ã‚‰ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹(idx)ã«ã‚るピアã®wolfSSL_X509_certificateã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return pointer WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \param chain 動的メモリを使用ã—ãªã„SESSION_CACHEã«ä½¿ç”¨ã•れるWOLFSSL_X509_CHAINã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param idx WOLFSSL_X509証明書ã®ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ + + è¿”ã•れãŸãƒ¡ãƒ¢ãƒªã‚’wolfSSL_FreeX509()を呼ã³å‡ºã—ã¦è§£æ”¾ã™ã‚‹ã“ã¨ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®è²¬ä»»ã§ã™ã€‚ _Example_ \code WOLFSSL_X509_CHAIN* chain = &session->chain; - int idx = 999; // set idx + int idx = 999; // idxを設定 ... - WOLFSSL_X509* ptr; + WOLFSSL_X509_CHAIN ptr; prt = wolfSSL_get_chain_X509(chain, idx); if(ptr != NULL){ - //ptr contains the cert at the index specified + // ptrã¯æŒ‡å®šã•れãŸã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã®è¨¼æ˜Žæ›¸ã‚’å«ã¿ã¾ã™ wolfSSL_FreeX509(ptr); } else { - // ptr is NULL + // ptrã¯NULLã§ã™ } \endcode + \sa InitDecodedCert \sa ParseCertRelative \sa CopyDecodedToX509 @@ -5048,15 +5777,19 @@ /*! \ingroup openSSL - \brief インデックス(IDX)ã§ãƒ”ã‚¢ã®PEM証明書をå–å¾—ã—ã¾ã™ã€‚ - \return Success 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã§ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 無効ãªãƒã‚§ãƒ¼ãƒ³ãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れるã¨è¿”ã•れã¾ã™ã€‚ - \param chain 有効ãªwolfssl_x509_chain構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief インデックス(idx)ã«ãŠã‘るピアã®PEM証明書をå–å¾—ã—ã¾ã™ã€‚ + + \return Success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã«ã‚ˆã‚‹ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 無効ãªchainãƒã‚¤ãƒ³ã‚¿ãŒé–¢æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param chain 有効ãªWOLFSSL_X509_CHAIN構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \param idx ãƒã‚§ãƒ¼ãƒ³ã®é–‹å§‹ã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã€‚ _Example_ \code none \endcode + \sa wolfSSL_get_peer_chain \sa wolfSSL_get_chain_count \sa wolfSSL_get_chain_length @@ -5067,28 +5800,38 @@ /*! \ingroup openSSL - \brief セッションã®IDã‚’å–å¾—ã—ã¾ã™ã€‚セッションIDã¯å¸¸ã«32ãƒã‚¤ãƒˆã®é•·ã•ã§ã™ã€‚ - \return id セッションID。 + + \brief セッションIDã‚’å–å¾—ã—ã¾ã™ã€‚セッションIDã¯å¸¸ã«32ãƒã‚¤ãƒˆé•·ã§ã™ã€‚ + + \return id セッションID。 + + \param session 有効ãªwolfsslセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa SSL_get_session */ const unsigned char* wolfSSL_get_sessionID(const WOLFSSL_SESSION* s); /*! \ingroup openSSL - \brief ピアã®è¨¼æ˜Žæ›¸ã®ã‚·ãƒªã‚¢ãƒ«ç•ªå·ã‚’å–å¾—ã—ã¾ã™ã€‚シリアル番å·ãƒãƒƒãƒ•ァ(IN)ã¯å°‘ãªãã¨ã‚‚32ãƒã‚¤ãƒˆä»¥ä¸Šã§ã‚りã€å…¥åŠ›ã¨ã—ã¦* INOUTSZ引数ã¨ã—ã¦æä¾›ã•れã¾ã™ã€‚関数を呼ã³å‡ºã—ãŸå¾Œ* INOUTSZã¯INãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå®Ÿéš›ã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§ä¿æŒã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 関数ã®ä¸è‰¯å¼•æ•°ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param in シリアル番å·ãƒãƒƒãƒ•ã‚¡ã¯å°‘ãªãã¨ã‚‚32ãƒã‚¤ãƒˆã®é•·ã•ã§ã‚ã‚‹ã¹ãã§ã™ + + \brief ピアã®è¨¼æ˜Žæ›¸ã‚·ãƒªã‚¢ãƒ«ç•ªå·ã‚’å–å¾—ã—ã¾ã™ã€‚シリアル番å·ãƒãƒƒãƒ•ã‚¡(in)ã¯å°‘ãªãã¨ã‚‚32ãƒã‚¤ãƒˆé•·ã§ã‚りã€å…¥åŠ›ã¨ã—ã¦*inOutSz引数ã¨ã—ã¦æä¾›ã•れる必è¦ãŒã‚りã¾ã™ã€‚関数を呼ã³å‡ºã—ãŸå¾Œã€*inOutSzã«ã¯inãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå®Ÿéš›ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½)ãŒä¿æŒã•れã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 䏿­£ãªé–¢æ•°å¼•æ•°ãŒæ¤œå‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param in シリアル番å·ãƒãƒƒãƒ•ã‚¡ã§ã€å°‘ãªãã¨ã‚‚32ãƒã‚¤ãƒˆé•·ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param inOutSz inãƒãƒƒãƒ•ã‚¡ã«æ›¸ãè¾¼ã¾ã‚ŒãŸå®Ÿéš›ã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½)ã‚’ä¿æŒã—ã¾ã™ã€‚ _Example_ \code none \endcode + \sa SSL_get_peer_certificate */ int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, unsigned char* in, @@ -5096,9 +5839,13 @@ /*! \ingroup CertsKeys - \brief 証明書ã‹ã‚‰ä»¶åã®å…±é€šåã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL X509構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ - \return string サブジェクトã®å…±é€šåã®æ–‡å­—列表ç¾ã¯æˆåŠŸã«è¿”ã•れã¾ã™ + + \brief 証明書ã‹ã‚‰ã‚µãƒ–ジェクトã®ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ ã‚’è¿”ã—ã¾ã™ã€‚ + + \return NULL x509構造体ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return string æˆåŠŸæ™‚ã«ã¯ã‚µãƒ–ジェクトã®ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ ã®æ–‡å­—列表ç¾ãŒè¿”ã•れã¾ã™ã€‚ + + \param x509 証明書情報をå«ã‚€WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5107,36 +5854,43 @@ ... int x509Cn = wolfSSL_X509_get_subjectCN(x509); if(x509Cn == NULL){ - // Deal with NULL case + // NULLã‚±ãƒ¼ã‚¹ã‚’å‡¦ç† } else { - // x509Cn contains the common name + // x509Cnã«ã¯ã‚³ãƒ¢ãƒ³ãƒãƒ¼ãƒ ãŒå«ã¾ã‚Œã‚‹ } \endcode + \sa wolfSSL_X509_Name_get_entry \sa wolfSSL_X509_get_next_altname \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_subject_name + */ char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509*); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_x509構造体ã®DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return buffer ã“ã®é–¢æ•°ã¯Derbuffer構造体ã®ãƒãƒƒãƒ•ァメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ãƒã‚¤ãƒˆåž‹ã§ã™ã€‚ - \return NULL x509ã¾ãŸã¯outszパラメーターãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param x509 証明書情報をå«ã‚€WolfSSL_X509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_X509構造体内ã®DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return buffer ã“ã®é–¢æ•°ã¯ã€DerBuffer構造体ã®bufferメンãƒã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯byteåž‹ã§ã™ã€‚ + \return NULL x509ã¾ãŸã¯outSzパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param x509 証明書情報をå«ã‚€WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param outSz WOLFSSL_X509構造体ã®derBufferメンãƒã®é•·ã•。 _Example_ \code WOLFSSL_X509 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); - int* outSz; // initialize + int* outSz; // åˆæœŸåŒ– ... byte* x509Der = wolfSSL_X509_get_der(x509, outSz); if(x509Der == NULL){ - // Failure case one of the parameters was NULL + // 失敗ケースã€ãƒ‘ラメータã®1ã¤ãŒNULLã ã£ãŸ } \endcode + \sa wolfSSL_X509_version \sa wolfSSL_X509_Name_get_entry \sa wolfSSL_X509_get_next_altname @@ -5147,9 +5901,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€x509ãŒnullã®ã‹ã©ã†ã‹ã‚’確èªã—ã€ãã†ã§ãªã„å ´åˆã¯ã€x509構造体ã®ãƒŽãƒƒã‚«ã‚¹ãƒ¡ãƒ³ãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer ASN1_TIMEを使用ã—ã¦X509構造体ã®ãƒŽã‚«ãƒ•ターメンãƒãƒ¼ã«æ§‹é€ ä½“を表明ã—ã¾ã™ã€‚ - \return NULL X509オブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€x509ãŒNULLã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã€ãã†ã§ãªã„å ´åˆã¯x509構造体ã®notAfterメンãƒã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer x509構造体ã®notAfterメンãƒã¸ã®ASN1_TIMEã‚’æŒã¤æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return NULL x509オブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5158,18 +5916,23 @@ ... const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notAfter(x509); if(notAfter == NULL){ - // Failure case, the x509 object is null. + // 失敗ケースã€x509オブジェクトãŒnull } \endcode + \sa wolfSSL_X509_get_notBefore */ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(WOLFSSL_X509*); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯X509証明書ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return 0 X509構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return version X509構造ã«ä¿å­˜ã•れã¦ã„ã‚‹ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€X509証明書ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return 0 x509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return version x509æ§‹é€ ä½“ã«æ ¼ç´ã•れã¦ã„ã‚‹ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5178,35 +5941,41 @@ ... version = wolfSSL_X509_version(x509); if(!version){ - // The function returned 0, failure case. + // 関数ã¯0ã‚’è¿”ã—ãŸã€å¤±æ•—ケース } \endcode + \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA \sa wolfSSL_get_peer_certificate */ -int wolfSSL_X509_version(WOLFSSL_X509*); +int wolfSSL_X509_version(WOLFSSL_X509* x509); /*! \ingroup CertsKeys - \brief no_stdio_filesystemãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯ãƒ’ープメモリを割り当ã¦ã€wolfssl_x509æ§‹é€ ã‚’åˆæœŸåŒ–ã—ã¦ãれã«ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return *WOLFSSL_X509 é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã€WolfSSL_X509構造ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ - \return NULL Xftellマクロã®å‘¼ã³å‡ºã—ãŒè² ã®å€¤ã‚’è¿”ã™å ´åˆã€‚ - \param x509 wolfssl_x509ãƒã‚¤ãƒ³ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief NO_STDIO_FILESYSTEMãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯ãƒ’ープメモリを割り当ã¦ã€WOLFSSL_X509æ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã—ã€ãã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \return *WOLFSSL_X509 é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã€WOLFSSL_X509構造体ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL XFTELLマクロã®å‘¼ã³å‡ºã—ãŒè² ã®å€¤ã‚’è¿”ã—ãŸå ´åˆã€‚ + + \param x509 WOLFSSL_X509ãƒã‚¤ãƒ³ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file FILEã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã‚る定義ã•れãŸåž‹ã€‚ _Example_ \code WOLFSSL_X509* x509a = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); WOLFSSL_X509** x509 = x509a; - XFILE file; (mapped to struct fs_file*) + XFILE file; // (struct fs_file*ã«ãƒžãƒƒãƒ—ã•れる) ... WOLFSSL_X509* newX509 = wolfSSL_X509_d2i_fp(x509, file); if(newX509 == NULL){ - // The function returned NULL + // 関数ã¯NULLã‚’è¿”ã—㟠} \endcode + \sa wolfSSL_X509_d2i \sa XFTELL \sa XREWIND @@ -5217,20 +5986,25 @@ /*! \ingroup CertsKeys - \brief 関数ã¯X509証明書をメモリã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ - \return pointer 実行ã•れãŸå®Ÿè¡Œã¯ã€wolfssl_x509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL è¨¼æ˜Žæ›¸ãŒæ›¸ãè¾¼ã¾ã‚Œãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param fname ロードã™ã‚‹è¨¼æ˜Žæ›¸ãƒ•ァイル。 + + \brief ã“ã®é–¢æ•°ã¯ã€x509証明書をメモリã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return pointer 正常ã«å®Ÿè¡Œã•れるã¨ã€WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL 証明書を書ã込むã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param fname ロードã™ã‚‹è¨¼æ˜Žæ›¸ãƒ•ァイル。 + \param format 証明書ã®ãƒ•ォーマット。 _Example_ \code - #define cliCert “certs/client-cert.pem†+ #define cliCert "certs/client-cert.pem" … X509* x509; … x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); AssertNotNull(x509); \endcode + \sa InitDecodedCert \sa PemToDer \sa wolfSSL_get_certificate @@ -5241,11 +6015,15 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€ãƒ‡ãƒã‚¤ã‚¹ã®ç¨®é¡žã‚’X509構造ã‹ã‚‰ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return pointer X509構造ã‹ã‚‰ãƒ‡ãƒã‚¤ã‚¹ã®ç¨®é¡žã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL ãƒãƒƒãƒ•ァサイズãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param x509 wolfssl_x509_new()ã§ä½œæˆã•れãŸwolfssl_x509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in デãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—(ãƒãƒƒãƒ•ã‚¡ï¼‰ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€x509構造体ã‹ã‚‰ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return pointer x509構造体ã‹ã‚‰ãƒ‡ãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL ãƒãƒƒãƒ•ァサイズãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param x509 WOLFSSL_X509_new()ã§ä½œæˆã•れãŸWOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in デãƒã‚¤ã‚¹ã‚¿ã‚¤ãƒ—(ãƒãƒƒãƒ•ã‚¡)ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inOutSz パラメータinOutSzã¾ãŸã¯x509構造体ã®deviceTypeSzメンãƒã®ã„ãšã‚Œã‹å°ã•ã„æ–¹ã€‚ _Example_ \code @@ -5257,9 +6035,10 @@ byte* deviceType = wolfSSL_X509_get_device_type(x509, in, inOutSz); if(!deviceType){ - // Failure case, NULL was returned. + // 失敗ケースã€NULLãŒè¿”ã•れ㟠} \endcode + \sa wolfSSL_X509_get_hw_type \sa wolfSSL_X509_get_hw_serial_number \sa wolfSSL_X509_d2i @@ -5270,24 +6049,29 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_x509構造ã®HWTypeメンãƒãƒ¼ã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return byte ã“ã®é–¢æ•°ã¯ã€wolfssl_x509構造ã®HWTypeメンãƒãƒ¼ã«ä»¥å‰ã«ä¿æŒã•れã¦ã„るデータã®ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL inoutszãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param x509 証明書情報をå«ã‚€WolfSSL_X509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ãƒãƒƒãƒ•ァを表ã™ãƒã‚¤ãƒˆã‚’入力ã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_X509構造体ã®hwTypeメンãƒã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return byte 関数ã¯ã€ä»¥å‰ã«WOLFSSL_X509構造体ã®hwTypeメンãƒã«ä¿æŒã•れã¦ã„ãŸãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆåž‹ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL inOutSzãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param x509 証明書情報をå«ã‚€WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ãƒãƒƒãƒ•ァを表ã™byteåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inOutSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™intåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - WOLFSSL_X509* x509; // X509 certificate - byte* in; // initialize the buffer - int* inOutSz; // holds the size of the buffer + WOLFSSL_X509* x509; // X509証明書 + byte* in; // ãƒãƒƒãƒ•ã‚¡ã‚’åˆæœŸåŒ– + int* inOutSz; // ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’ä¿æŒ ... byte* hwType = wolfSSL_X509_get_hw_type(x509, in, inOutSz); if(hwType == NULL){ - // Failure case function returned NULL. + // 失敗ケースã€é–¢æ•°ã¯NULLã‚’è¿”ã—㟠} \endcode + \sa wolfSSL_X509_get_hw_serial_number \sa wolfSSL_X509_get_device_type */ @@ -5297,10 +6081,14 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯X509オブジェクトã®hwserialNumメンãƒã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer ã“ã®é–¢æ•°ã¯ã€X509オブジェクトã‹ã‚‰ãƒ­ãƒ¼ãƒ‰ã•れãŸã‚·ãƒªã‚¢ãƒ«ç•ªå·ã‚’å«ã‚€INãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \param x509 証明書情報をå«ã‚€WOLFSSL_X509構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in コピーã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€x509オブジェクトã®hwSerialNumメンãƒã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer 関数ã¯ã€x509オブジェクトã‹ã‚‰ãƒ­ãƒ¼ãƒ‰ã•れãŸã‚·ãƒªã‚¢ãƒ«ç•ªå·ã‚’å«ã‚€inãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \param x509 証明書情報をå«ã‚€WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in コピー先ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inOutSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5312,9 +6100,10 @@ serial = wolfSSL_X509_get_hw_serial_number(x509, in, inOutSz); if(serial == NULL || serial <= 0){ - // Failure case + // 失敗ケース } \endcode + \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_isCA @@ -5327,10 +6116,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã™ã‚‹ã®ã«å分ãªé•·ã•ã ã‘サーãƒãƒ¼ã‚’æŒã¤SSL / TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚ wolfssl_connect_cert()ã¯ã€ãƒ–ロックã¨éžãƒ–ロックI / Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I / OãŒãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹å ´åˆã€wolfsl_connect_cert()ã¯ã€wolfssl_connect_cert_cert()ã®ãƒ‹ãƒ¼ã‚ºã‚’満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’ç¶šã‘ã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()ã¸ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚通話プロセスã¯ã€åŸºç¤Žã¨ãªã‚‹I / OãŒæº–å‚™ãŒã§ãã¦ã€wolfsslãŒã‚ªãƒ•ã«ãªã£ã¦ã„ã‚‹ã¨ã“ã‚を拾ã†ã¨ãã«ã€wolfssl_connect_cert()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã¯ã€ä½•も実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€wolfssl_connect_cert()ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãŒå—ä¿¡ã•れãŸã‚‰ã®ã¿è¿”ã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE SSLセッションパラメータãŒNULLã®å ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã™ã‚‹ã®ã«å分ãªé•·ã•ã ã‘サーãƒãƒ¼ã¨ã®SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ãã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚wolfSSL_connect_cert()ã¯ã€ãƒ–ロッキングI/Oã¨éžãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒéžãƒ–ロッキングã®å ´åˆã€wolfSSL_connect_cert()ã¯ã€åŸºç¤Žã¨ãªã‚‹I/OãŒwolfSSL_connect_cert()ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’続行ã™ã‚‹ãŸã‚ã«å¿…è¦ãªå‡¦ç†ã‚’満ãŸã›ãªã„ã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚呼ã³å‡ºã—プロセスã¯ã€åŸºç¤Žã¨ãªã‚‹I/OãŒæº–å‚™ã§ããŸã¨ãã«wolfSSL_connect_cert()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã€wolfSSLã¯ä¸­æ–­ã—ãŸå ´æ‰€ã‹ã‚‰å†é–‹ã—ã¾ã™ã€‚éžãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ä½•ã‚‚ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’ãƒã‚§ãƒƒã‚¯ã§ãã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒãƒ–ロッキングI/Oã®å ´åˆã€wolfSSL_connect_cert()ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãŒå—ä¿¡ã•れãŸã¨ãã«ã®ã¿æˆ»ã‚Šã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE SSLセッションパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5342,21 +6135,25 @@ ret = wolfSSL_connect_cert(ssl); if (ret != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_get_error \sa wolfSSL_connect \sa wolfSSL_accept -*/ -int wolfSSL_connect_cert(WOLFSSL* ssl); +*/int wolfSSL_connect_cert(WOLFSSL* ssl); /*! \ingroup openSSL - \brief WOLFSSL_D2I_PKCS12_BIO(D2I_PKCS12_BIO)ã¯ã€WOLFSSL_BIOã‹ã‚‰æ§‹é€ WC_PKCS12ã¸ã®PKCS12情報ã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ã“ã®æƒ…å ±ã¯ã€ã‚ªãƒ—ションã®MACæƒ…å ±ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®æ§‹é€ ã¨ã¨ã‚‚ã«ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã«é–¢ã™ã‚‹æƒ…å ±ã®ãƒªã‚¹ãƒˆã¨ã—ã¦æ§‹é€ å†…ã«åˆ†å‰²ã•れã¦ã„ã¾ã™ã€‚構造体WC_PKCS12ã§æƒ…å ±ãŒãƒãƒ£ãƒ³ã‚¯ï¼ˆãŸã ã—復å·åŒ–ã•れã¦ã„ãªã„)ã«åˆ†å‰²ã•れãŸå¾Œã€ãれã¯ãã®å¾Œã€å‘¼ã³å‡ºã—ã«ã‚ˆã£ã¦è§£æžãŠã‚ˆã³å¾©å·åŒ–ã•れ得る。 - \return WC_PKCS12 WC_PKCS12構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return Failure 関数ã«å¤±æ•—ã—ãŸå ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ - \param bio PKCS12ãƒãƒƒãƒ•ァを読ã¿å–ã‚‹ãŸã‚ã®WOLFSSL_BIO構造。 + + \brief wolfSSL_d2i_PKCS12_bio(d2i_PKCS12_bio)ã¯ã€WOLFSSL_BIOã‹ã‚‰WC_PKCS12構造体ã¸PKCS12情報をコピーã—ã¾ã™ã€‚情報ã¯ã€æ§‹é€ ä½“内ã§ã‚³ãƒ³ãƒ†ãƒ³ãƒ„情報ã®ãƒªã‚¹ãƒˆã¨ã—ã¦åˆ†å‰²ã•れã€ã‚ªãƒ—ションã®MACæƒ…å ±ã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“ã‚‚å«ã¾ã‚Œã¾ã™ã€‚情報ãŒWC_PKCS12構造体内ã§ãƒãƒ£ãƒ³ã‚¯(ãŸã ã—復å·ã•れã¦ã„ãªã„)ã«åˆ†å‰²ã•れãŸå¾Œã€å‘¼ã³å‡ºã™ã“ã¨ã«ã‚ˆã£ã¦è§£æžãŠã‚ˆã³å¾©å·ã§ãã¾ã™ã€‚ + + \return WC_PKCS12 WC_PKCS12構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return Failure 関数ãŒå¤±æ•—ã—ãŸå ´åˆã€NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param bio PKCS12ãƒãƒƒãƒ•ァを読ã¿å–ã‚‹WOLFSSL_BIO構造体。 + \param pkcs12 作æˆã•ã‚ŒãŸæ–°ã—ã„PKCS12構造体用ã®WC_PKCS12構造体ãƒã‚¤ãƒ³ã‚¿ã€‚NULLã§ã‚‚å¯ã€‚ _Example_ \code @@ -5365,12 +6162,13 @@ WOLFSSL_X509* cert; WOLFSSL_EVP_PKEY* pkey; STACK_OF(X509) certs; - //bio loads in PKCS12 file + //bioã¯PKCS12ファイルを読ã¿è¾¼ã¿ã¾ã™ã€‚ wolfSSL_d2i_PKCS12_bio(bio, &pkcs); - wolfSSL_PKCS12_parse(pkcs, “a passwordâ€, &pkey, &cert, &certs) + wolfSSL_PKCS12_parse(pkcs, "a password", &pkey, &cert, &certs) wc_PKCS12_free(pkcs) - //use cert, pkey, and optionally certs stack + //certã€pkeyã€ãŠã‚ˆã³ã‚ªãƒ—ションã§certsスタックを使用ã—ã¾ã™ã€‚ \endcode + \sa wolfSSL_PKCS12_parse \sa wc_PKCS12_free */ @@ -5379,10 +6177,14 @@ /*! \ingroup openSSL - \brief WOLFSSL_I2D_PKCS12_BIO(I2D_PKCS12_BIO)ã¯ã€æ§‹é€ WC_PKCS12ã‹ã‚‰WOLFSSL_BIOã¸ã®è¨¼æ˜Žæ›¸æƒ…å ±ã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ - \return 1 æˆåŠŸã®ãŸã‚ã«ã€‚ - \return Failure 0。 - \param bio PKCS12ãƒãƒƒãƒ•ァを書ã込むãŸã‚ã®WOLFSSL_BIO構造。 + + \brief wolfSSL_i2d_PKCS12_bio(i2d_PKCS12_bio)ã¯ã€WC_PKCS12構造体ã‹ã‚‰WOLFSSL_BIOã¸è¨¼æ˜Žæ›¸æƒ…報をコピーã—ã¾ã™ã€‚ + + \return 1 æˆåŠŸæ™‚ã€‚ + \return Failure 0。 + + \param bio PKCS12ãƒãƒƒãƒ•ァを書ã込むWOLFSSL_BIO構造体。 + \param pkcs12 入力ã¨ã—ã¦ã®PKCS12構造体用ã®WC_PKCS12構造体。 _Example_ \code @@ -5396,14 +6198,15 @@ f = fopen(file, "rb"); bytes = (int)fread(buffer, 1, sizeof(buffer), f); fclose(f); - //convert the DER file into an internal structure + //DERファイルを内部構造ã«å¤‰æ›ã—ã¾ã™ã€‚ wc_d2i_PKCS12(buffer, bytes, pkcs12); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); - //convert PKCS12 structure into bio + //PKCS12構造体をbioã«å¤‰æ›ã—ã¾ã™ã€‚ wolfSSL_i2d_PKCS12_bio(bio, pkcs12); wc_PKCS12_free(pkcs) - //use bio + //bioを使用ã—ã¾ã™ã€‚ \endcode + \sa wolfSSL_PKCS12_parse \sa wc_PKCS12_free */ @@ -5412,13 +6215,17 @@ /*! \ingroup openSSL - \brief pkcs12ã¯ã€configureコマンドã¸ã®-enable-openSSLAXTRAを追加ã™ã‚‹ã“ã¨ã§æœ‰åйã«ã§ãã¾ã™ã€‚ãれã¯å¾©å·åŒ–ã®ãŸã‚ã«ãƒˆãƒªãƒ—ルDESã¨RC4を使ã†ã“ã¨ãŒã§ãã‚‹ã®ã§ã€OpenSSlextra(--enable-des3 -enable-arc4)を有効ã«ã™ã‚‹ã¨ãã«ã‚‚ã“ã‚Œã‚‰ã®æ©Ÿèƒ½ã‚’有効ã«ã™ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ wolfsslã¯ç¾åœ¨RC2をサãƒãƒ¼ãƒˆã—ã¦ã„ã¾ã›ã‚“ã®ã§ã€RC2ã§ã®å¾©å·åŒ–ã¯ç¾åœ¨åˆ©ç”¨ã§ãã¾ã›ã‚“。ã“れã¯ã€.p12ファイルを作æˆã™ã‚‹ãŸã‚ã«OpenSSLコマンドラインã§ä½¿ç”¨ã•ã‚Œã‚‹ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®æš—å·åŒ–æ–¹å¼ã§ã¯æ³¨ç›®ã™ã‹ã‚‚ã—れã¾ã›ã‚“。 WOLFSSL_PKCS12_PARSE(PKCS12_PARSE)。ã“ã®é–¢æ•°ãŒæœ€åˆã«è¡Œã£ã¦ã„ã‚‹ã®ã¯ã€å­˜åœ¨ã™ã‚‹å ´åˆã¯MacãŒæ­£ã—ã„ãƒã‚§ãƒƒã‚¯ã§ã™ã€‚ MACãŒå¤±æ•—ã—ãŸå ´åˆã€é–¢æ•°ã¯è¿”ã•れã€ä¿å­˜ã•れã¦ã„るコンテンツ情報ã®ã„ãšã‚Œã‹ã‚’復å·åŒ–ã—よã†ã¨ã—ã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒã‚°ã‚¿ã‚¤ãƒ—を探ã—ã¦ã„ã‚‹å„コンテンツ情報を介ã—ã¦è§£æžã—ã¾ã™ã€‚ãƒãƒƒã‚°ã‚¿ã‚¤ãƒ—ãŒã‚ã‹ã£ã¦ã„ã‚‹å ´åˆã¯ã€å¿…è¦ã«å¿œã˜ã¦å¾©å·åŒ–ã•ã‚Œã€æ§‹ç¯‰ã•れã¦ã„る証明書ã®ãƒªã‚¹ãƒˆã«æ ¼ç´ã•れã¦ã„ã‚‹ã‹ã€è¦‹ã¤ã‹ã£ãŸã‚­ãƒ¼ã¨ã—ã¦ä¿å­˜ã•れã¾ã™ã€‚ã™ã¹ã¦ã®ãƒãƒƒã‚°ã‚’介ã—ã¦è§£æžã—ãŸå¾Œã€è¦‹ã¤ã‹ã£ãŸã‚­ãƒ¼ã¯ã€ä¸€è‡´ã™ã‚‹ãƒšã‚¢ãŒè¦‹ã¤ã‹ã‚‹ã¾ã§è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨æ¯”較ã•れã¾ã™ã€‚ã“ã®ä¸€è‡´ã™ã‚‹ãƒšã‚¢ã¯ã‚­ãƒ¼ã¨è¨¼æ˜Žæ›¸ã¨ã—ã¦è¿”ã•れã€ã‚ªãƒ—ションã§è¦‹ã¤ã‹ã£ãŸè¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¯stack_of証明書ã¨ã—ã¦è¿”ã•れã¾ã™ã€‚瞬間ã€CRLã€ç§˜å¯†ã¾ãŸã¯å®‰å…¨ãªãƒãƒƒã‚°ãŒã‚¹ã‚­ãƒƒãƒ—ã•れã€è§£æžã•れã¾ã›ã‚“。デãƒãƒƒã‚°ãƒ—リントアウトを見るã“ã¨ã§ã€ã“れらã¾ãŸã¯ä»–ã®ã€Œä¸æ˜Žã€ãƒãƒƒã‚°ãŒã‚¹ã‚­ãƒƒãƒ—ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ãŒã‚ã‹ã‚Šã¾ã™ã€‚フレンドリーåãªã©ã®è¿½åŠ ã®å±žæ€§ã¯ã€PKCS12ファイルを解æžã™ã‚‹ã¨ãã«ã‚¹ã‚­ãƒƒãƒ—ã•れã¾ã™ã€‚ - \return SSL_SUCCESS PKCS12ã®è§£æžã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param pkcs12 wc_pkcs12è§£æžã™ã‚‹æ§‹é€  - \param paswd PKCS12を復å·åŒ–ã™ã‚‹ãŸã‚ã®ãƒ‘スワード。 - \param pkey PKCS12ã‹ã‚‰ãƒ‡ã‚³ãƒ¼ãƒ‰ã•れãŸç§˜å¯†éµã‚’ä¿æŒã™ã‚‹ãŸã‚ã®æ§‹é€ ã€‚ - \param cert PKCS12ã‹ã‚‰å¾©å·ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹æ§‹é€  + + \brief PKCS12ã¯ã€configureコマンドã«--enable-opensslextraを追加ã™ã‚‹ã“ã¨ã§æœ‰åйã«ã§ãã¾ã™ã€‚復å·ã«ãƒˆãƒªãƒ—ルDESã¨RC4を使用ã§ãã‚‹ãŸã‚ã€opensslextraを有効ã«ã™ã‚‹éš›ã«ã“ã‚Œã‚‰ã®æ©Ÿèƒ½ã‚‚有効ã«ã™ã‚‹ã“ã¨ã‚’推奨ã—ã¾ã™(--enable-des3 --enable-arc4)。wolfSSLã¯ç¾åœ¨RC2をサãƒãƒ¼ãƒˆã—ã¦ã„ãªã„ãŸã‚ã€RC2ã§ã®å¾©å·ã¯ç¾åœ¨åˆ©ç”¨ã§ãã¾ã›ã‚“。ã“れã¯ã€OpenSSLコマンドラインã§.p12ファイルを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•ã‚Œã‚‹ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã®æš—å·åŒ–スキームã§é¡•è‘—ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚wolfSSL_PKCS12_parse(PKCS12_parse)。ã“ã®é–¢æ•°ãŒæœ€åˆã«è¡Œã†ã“ã¨ã¯ã€å­˜åœ¨ã™ã‚‹å ´åˆã«MACãŒæ­£ã—ã„ã‹ã©ã†ã‹ã‚’確èªã™ã‚‹ã“ã¨ã§ã™ã€‚MACãŒå¤±æ•—ã—ãŸå ´åˆã€é–¢æ•°ã¯è¿”ã•れã€ä¿å­˜ã•れã¦ã„るコンテンツ情報ã®å¾©å·ã‚’試ã¿ã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ã€å„コンテンツ情報を解æžã—ã¦ãƒãƒƒã‚°ã‚¿ã‚¤ãƒ—を探ã—ã€ãƒãƒƒã‚°ã‚¿ã‚¤ãƒ—ãŒæ—¢çŸ¥ã®å ´åˆã€å¿…è¦ã«å¿œã˜ã¦å¾©å·ã•ã‚Œã€æ§‹ç¯‰ä¸­ã®è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¾ãŸã¯è¦‹ã¤ã‹ã£ãŸéµã¨ã—ã¦ä¿å­˜ã•れã¾ã™ã€‚ã™ã¹ã¦ã®ãƒãƒƒã‚°ã‚’è§£æžã—ãŸå¾Œã€è¦‹ã¤ã‹ã£ãŸéµã¯è¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¨æ¯”較ã•れã€ä¸€è‡´ã™ã‚‹ãƒšã‚¢ãŒè¦‹ã¤ã‹ã‚Šã¾ã™ã€‚ã“ã®ä¸€è‡´ã™ã‚‹ãƒšã‚¢ã¯ã€éµã¨è¨¼æ˜Žæ›¸ã¨ã—ã¦è¿”ã•れã¾ã™ã€‚オプションã§ã€è¦‹ã¤ã‹ã£ãŸè¨¼æ˜Žæ›¸ãƒªã‚¹ãƒˆã¯STACK_OFã®è¨¼æ˜Žæ›¸ã¨ã—ã¦è¿”ã•れã¾ã™ã€‚ç¾æ™‚点ã§ã¯ã€CRLã€Secretã€ã¾ãŸã¯SafeContentsãƒãƒƒã‚°ã¯ã‚¹ã‚­ãƒƒãƒ—ã•れã€è§£æžã•れã¾ã›ã‚“。ã“れらã¾ãŸã¯ä»–ã®ã€Œä¸æ˜Žãªã€ãƒãƒƒã‚°ãŒã‚¹ã‚­ãƒƒãƒ—ã•れã¦ã„ã‚‹ã‹ã©ã†ã‹ã¯ã€ãƒ‡ãƒãƒƒã‚°å‡ºåŠ›ã‚’è¡¨ç¤ºã™ã‚‹ã“ã¨ã§ç¢ºèªã§ãã¾ã™ã€‚フレンドリåãªã©ã®è¿½åŠ å±žæ€§ã¯ã€PKCS12ファイルを解æžã™ã‚‹éš›ã«ã‚¹ã‚­ãƒƒãƒ—ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS PKCS12ã®è§£æžãŒæˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆã€‚ + + \param pkcs12 è§£æžã™ã‚‹WC_PKCS12構造体。 + \param paswd PKCS12を復å·ã™ã‚‹ãŸã‚ã®ãƒ‘スワード。 + \param pkey PKCS12ã‹ã‚‰å¾©å·ã•れãŸç§˜å¯†éµã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“。 + \param cert PKCS12ã‹ã‚‰å¾©å·ã•れãŸè¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹æ§‹é€ ä½“。 + \param stack 追加ã®è¨¼æ˜Žæ›¸ã®ã‚ªãƒ—ションスタック。 _Example_ \code @@ -5427,12 +6234,13 @@ WOLFSSL_X509* cert; WOLFSSL_EVP_PKEY* pkey; STACK_OF(X509) certs; - //bio loads in PKCS12 file + //bioã¯PKCS12ファイルを読ã¿è¾¼ã¿ã¾ã™ã€‚ wolfSSL_d2i_PKCS12_bio(bio, &pkcs); - wolfSSL_PKCS12_parse(pkcs, “a passwordâ€, &pkey, &cert, &certs) + wolfSSL_PKCS12_parse(pkcs, "a password", &pkey, &cert, &certs) wc_PKCS12_free(pkcs) - //use cert, pkey, and optionally certs stack + //certã€pkeyã€ãŠã‚ˆã³ã‚ªãƒ—ションã§certsスタックを使用ã—ã¾ã™ã€‚ \endcode + \sa wolfSSL_d2i_PKCS12_bio \sa wc_PKCS12_free */ @@ -5441,14 +6249,18 @@ /*! \ingroup CertsKeys - \brief サーãƒãƒ¼DIFFIE-HELLMANエフェメラルパラメータ設定。ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãƒ¼ãŒDHEを使用ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã—ã¦ã„ã‚‹å ´åˆã«ä½¿ç”¨ã™ã‚‹ã‚°ãƒ«ãƒ¼ãƒ—パラメータを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_ERROR メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR ã“ã®é–¢æ•°ãŒSSLサーãƒã§ã¯ãªãSSLクライアントã§å‘¼ã³å‡ºã•れるã¨è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param p Diffie-Hellman素数パラメータ。 - \param pSz pã®ã‚µã‚¤ã‚ºã€‚ - \param g Diffie-Hellman "Generator"パラメータ。 + + \brief サーãƒDiffie-Hellmanエフェメラルパラメータã®è¨­å®šã€‚ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãŒDHEを使用ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã‚’ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã™ã‚‹å ´åˆã«ä½¿ç”¨ã•れるグループパラメータを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return MEMORY_ERROR メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIDE_ERROR ã“ã®é–¢æ•°ãŒSSLサーãƒã§ã¯ãªãSSLクライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param p Diffie-Hellman素数パラメータ。 + \param pSz pã®ã‚µã‚¤ã‚ºã€‚ + \param g Diffie-Hellman「生æˆå…ƒã€ãƒ‘ラメータ。 + \param gSz gã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -5458,6 +6270,7 @@ ... wolfSSL_SetTmpDH(ssl, p, sizeof(p), g, sizeof(g)); \endcode + \sa SSL_accept */ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, @@ -5465,19 +6278,23 @@ /*! \ingroup CertsKeys - \brief 関数ã¯wolfssl_settmph_buffer_wrapperを呼ã³å‡ºã—ã¾ã™ã€‚ã“れã¯Diffie-Hellmanパラメータã®ãƒ©ãƒƒãƒ‘ーã§ã™ã€‚ - \return SSL_SUCCESS å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã€‚ - \return SSL_BAD_FILETYPE ファイルã®ç¨®é¡žãŒpemã§ã¯ãªãã€asn.1ã§ã¯ãªã„å ´åˆWC_DHParamSLOADãŒæ­£å¸¸ã«æˆ»ã£ã¦ã„ãªã„å ´åˆã¯ã€ã‚‚è¿”ã•れã¾ã™ã€‚ - \return SSL_NO_PEM_HEADER PEMヘッダーãŒãªã„å ´åˆã¯PemToderã‹ã‚‰è¿”ã—ã¾ã™ã€‚ - \return SSL_BAD_FILE PemToderã«ãƒ•ァイルエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR コピーエラーãŒç™ºç”Ÿã—ãŸå ´åˆã¯PemToderã‹ã‚‰è¿”ã•れã¾ã—ãŸã€‚ - \return MEMORY_E - メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \return BAD_FUNC_ARG wolfssl構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯ãã†ã§ãªã„å ´åˆã¯ã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E wolfssl_settmph()ã¾ãŸã¯WOLFSSL_CTX_settmph()ã®éµã‚µã‚¤ã‚ºã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR wolfssl_settmphã®ã‚µãƒ¼ãƒãƒ¼å´ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf wolfssl_settmph_file_wrapperã‹ã‚‰æ¸¡ã•れãŸå‰²ã‚Šå½“ã¦ãƒãƒƒãƒ•ァー。 - \param sz ファイルã®ã‚µã‚¤ã‚ºï¼ˆwolfssl_settmph_file_wrapper内ã®fnameï¼‰ã‚’ä¿æŒã™ã‚‹ãƒ­ãƒ³ã‚°int。 + + \brief ã“ã®é–¢æ•°ã¯ã€Diffie-Hellmanパラメータã®ãƒ©ãƒƒãƒ‘ーã§ã‚ã‚‹wolfSSL_SetTMpDH_buffer_wrapperを呼ã³å‡ºã—ã¾ã™ã€‚ + + \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_BAD_FILETYPE ファイルタイプãŒPEMã§ãªãã€ASN.1ã§ã‚‚ãªã„å ´åˆã€‚ã¾ãŸã€wc_DhParamsLoadãŒæ­£å¸¸ã«è¿”ã•れãªã‹ã£ãŸå ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ + \return SSL_NO_PEM_HEADER PEMヘッダãŒå­˜åœ¨ã—ãªã„å ´åˆã€PemToDerã‹ã‚‰è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE PemToDerã§ãƒ•ァイルエラーãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR コピーエラーãŒã‚ã£ãŸå ´åˆã€PemToDerã‹ã‚‰è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E wolfSSL_SetTmpDH()ã¾ãŸã¯wolfSSL_CTX_SetTmpDH()ã§ã‚­ãƒ¼ã‚µã‚¤ã‚ºã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIDE_ERROR wolfSSL_SetTmpDHã§ã‚µãƒ¼ãƒå´ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf wolfSSL_SetTMpDH_file_wrapperã‹ã‚‰æ¸¡ã•れる割り当ã¦ã‚‰ã‚ŒãŸãƒãƒƒãƒ•ァ。 + \param sz ファイル(wolfSSL_SetTmpDH_file_wrapper内ã®fname)ã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã™ã‚‹long int型。 + \param format wolfSSL_SetTmpDH_file_wrapper()ã‹ã‚‰æ¸¡ã•れる証明書形å¼ã®è¡¨ç¾ã§ã‚る整数型。 _Example_ \code @@ -5487,8 +6304,9 @@ byte* myBuffer = staticBuffer[FILE_BUFFER_SIZE]; … if(ssl) - ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); + ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); \endcode + \sa wolfSSL_SetTmpDH_buffer_wrapper \sa wc_DhParamsLoad \sa wolfSSL_SetTmpDH @@ -5501,16 +6319,20 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_settmph_file_wrapperを呼ã³å‡ºã—ã¦ã‚µãƒ¼ãƒdiffie-hellmanパラメータを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS ã“ã®æ©Ÿèƒ½ã®æ­£å¸¸ãªå®Œäº†ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ã®å®Œäº†ã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return MEMORY_E ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR WolfSSL構造体ã«ã‚るオプション構造ã®ã‚µã‚¤ãƒ‰ãƒ¡ãƒ³ãƒãƒ¼ãŒã‚µãƒ¼ãƒãƒ¼å´ã§ã¯ãªã„å ´åˆã€‚ - \return SSL_BAD_FILETYPE 証明書ãŒä¸€é€£ã®ãƒã‚§ãƒƒã‚¯ã«å¤±æ•—ã—ãŸå ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメーターã®éµã‚µã‚¤ã‚ºãŒWolfSSL構造体ã®MinkKeyszメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒwolfssl構造体ã®MAXDHKEYSZメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šã‚‚大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造ãªã©ã€å¼•数値ãŒnullã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param fname è¨¼æ˜Žæ›¸ã‚’ä¿æŒã—ã¦ã„ã‚‹å®šæ•°ã®æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_SetTmpDH_file_wrapperを呼ã³å‡ºã—ã¦ã‚µãƒ¼ãƒDiffie-Hellmanパラメータを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS ã“ã®é–¢æ•°ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIDE_ERROR WOLFSSL構造体内ã®Options構造体ã®sideメンãƒãŒã‚µãƒ¼ãƒå´ã§ãªã„å ´åˆã€‚ + \return SSL_BAD_FILETYPE 証明書ãŒä¸€é€£ã®ãƒã‚§ãƒƒã‚¯ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL構造体ã®minDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL構造体ã®maxDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãªã©ã€è¨±å¯ã•れã¦ã„ãªã„引数値ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fname è¨¼æ˜Žæ›¸ã‚’ä¿æŒã™ã‚‹å®šæ•°charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param format 証明書ã®å½¢å¼ã‚’ä¿æŒã™ã‚‹æ•´æ•°åž‹ã€‚ _Example_ \code @@ -5518,8 +6340,9 @@ const char* dhParam; … AssertIntNE(SSL_SUCCESS, - wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM)); + wolfSSL_SetTmpDH_file(ssl, dhParam, SSL_FILETYPE_PEM)); \endcode + \sa wolfSSL_CTX_SetTmpDH_file \sa wolfSSL_SetTmpDH_file_wrapper \sa wolfSSL_SetTmpDH_buffer @@ -5532,20 +6355,24 @@ /*! \ingroup CertsKeys - \brief サーãƒãƒ¼CTX Diffie-Hellmanã®ãƒ‘ラメータを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã¨ã™ã¹ã¦ã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXã€Pã€ã¾ãŸã¯GパラメーターãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®MindHKEYSZメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®MaxDhkeySZメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šã‚‚大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param p ServerDH_P構造体ã®ãƒãƒƒãƒ•ァメンãƒãƒ¼ã«ãƒ­ãƒ¼ãƒ‰ã•れãŸå®šæ•°ã®ç¬¦å·ãªã—文字ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param pSz pã®ã‚µã‚¤ã‚ºã‚’表ã™intåž‹ã¯ã€max_dh_sizeã«åˆæœŸåŒ–ã•れã¾ã™ã€‚ - \param g ServerDh_g構造体ã®ãƒãƒƒãƒ•ァメンãƒãƒ¼ã«ãƒ­ãƒ¼ãƒ‰ã•れãŸå®šæ•°ã®ç¬¦å·ãªã—文字ãƒã‚¤ãƒ³ã‚¿ã€‚ - _Example_ + \brief サーãƒCTX Diffie-Hellmanã®ãƒ‘ラメータを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã™ã¹ã¦ã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªãè¿”ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG CTXã€pã¾ãŸã¯gパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®minDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®maxDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param p serverDH_P構造体ã®bufferメンãƒã«èª­ã¿è¾¼ã¾ã‚Œã‚‹å®šæ•°unsigned charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param pSz pã®ã‚µã‚¤ã‚ºã‚’表ã™intåž‹ã§ã€MAX_DH_SIZEã«åˆæœŸåŒ–ã•れã¾ã™ã€‚ + \param g serverDH_G構造体ã®bufferメンãƒã«èª­ã¿è¾¼ã¾ã‚Œã‚‹å®šæ•°unsigned charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param gSz gã®ã‚µã‚¤ã‚ºã‚’表ã™intåž‹ã§ã€MAX_DH_SIZEã«åˆæœŸåŒ–ã•れã¾ã™ã€‚ + + _Exmaple_ \code - WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol ); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol ); byte* p; byte* g; word32 pSz = (word32)sizeof(p)/sizeof(byte); @@ -5554,9 +6381,10 @@ int ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz); if(ret != SSL_SUCCESS){ - // Failure case + // 失敗ケース } \endcode + \sa wolfSSL_SetTmpDH \sa wc_DhParamsLoad */ @@ -5565,21 +6393,25 @@ /*! \ingroup CertsKeys - \brief wolfssl_settmph_buffer_wrapperを呼ã³å‡ºã™ãƒ©ãƒƒãƒ‘ー関数 - \return 0 å®Ÿè¡ŒãŒæˆåŠŸã™ã‚‹ãŸã‚ã«è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG CTXパラメータã¾ãŸã¯BUFパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆ - \return SSL_BAD_FILETYPE ãƒ•ã‚©ãƒ¼ãƒžãƒƒãƒˆãŒæ­£ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã¨ã—ã¦å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã€wolfssl_settmpdh_buffer_wrapperã«æ¸¡ã•れãŸå®šæ•°ã®ç¬¦å·ãªã—文字型ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz wolfssl_settmph_file_wrapper()ã®FNAMEパラメータã‹ã‚‰æ´¾ç”Ÿã—ãŸé•·ã„整数型。 + + \brief wolfSSL_SetTmpDH_buffer_wrapperを呼ã³å‡ºã™ãƒ©ãƒƒãƒ‘ー関数ã§ã™ã€‚ + + \return 0 å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯bufパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã€‚ + \return SSL_BAD_FILETYPE formatãŒæ­£ã—ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ã‚¡ã¨ã—ã¦å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã€wolfSSL_SetTmpDH_buffer_wrapperã«æ¸¡ã•れる定数unsigned charåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz wolfSSL_SetTmpDH_file_wrapper()ã®fnameパラメータã‹ã‚‰å°Žå‡ºã•れるlong整数型。 + \param format wolfSSL_SetTmpDH_file_wrapper()ã‹ã‚‰æ¸¡ã•れる整数型。 _Example_ \code static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - Const char* fname, int format); + Const char* fname, int format); #ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; // force heap usage + byte staticBuffer[1]; // ヒープ使用を強制 #else byte* staticBuffer; long sz = 0; @@ -5587,9 +6419,10 @@ if(ssl){ ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format); } else { - ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format); + ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format); } \endcode + \sa wolfSSL_SetTmpDH_buffer_wrapper \sa wolfSSL_SetTMpDH_buffer \sa wolfSSL_SetTmpDH_file_wrapper @@ -5600,37 +6433,41 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_settmph_file_wrapperを呼ã³å‡ºã—ã¦ã‚µãƒ¼ãƒãƒ¼Diffie-Hellmanパラメータを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS wolfssl_settmph_file_wrapperã¾ãŸã¯ãã®ã‚µãƒ–ルーãƒãƒ³ã®ã„ãšã‚Œã‹ãŒæ­£å¸¸ã«æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 動的メモリã®å‰²ã‚Šå½“ã¦ãŒã‚µãƒ–ルーãƒãƒ³ã§å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXã¾ãŸã¯FNAMEパラメータãŒNULLã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒNULLå¼•æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE 証明書ファイルãŒé–‹ãã“ã¨ãŒã§ããªã„å ´åˆã€ã¾ãŸã¯ãƒ•ァイルã®ä¸€é€£ã®ãƒã‚§ãƒƒã‚¯ãŒwolfssl_settmpdh_file_wrapperã‹ã‚‰å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE フォーマットãŒwolfssl_settmph_buffer_wrapper()ã‹ã‚‰PEMã¾ãŸã¯ASN.1ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®MindHKEYSZメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®MaxDhkeySZメンãƒãƒ¼ã®å€¤ã‚ˆã‚Šã‚‚大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR wolfssl_settmph()ã§è¿”ã•れãŸã‚µã‚¤ãƒ‰ãŒã‚µãƒ¼ãƒãƒ¼çµ‚了ã§ã¯ãªã„å ´åˆã€‚ - \return SSL_NO_PEM_HEADER PEMヘッダーãŒãªã„å ´åˆã¯PemToderã‹ã‚‰è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR メモリコピーã®å¤±æ•—ãŒã‚ã‚‹å ´åˆã¯PemToderã‹ã‚‰è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param fname 証明書ファイルã¸ã®å®šæ•°æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_SetTmpDH_file_wrapperを呼ã³å‡ºã—ã¦ã‚µãƒ¼ãƒDiffie-Hellmanパラメータを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS wolfSSL_SetTmpDH_file_wrapperã¾ãŸã¯ãã®ã‚µãƒ–ルーãƒãƒ³ã®ã„ãšã‚Œã‹ãŒæ­£å¸¸ã«è¿”ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E サブルーãƒãƒ³ã§å‹•的メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯fnameパラメータãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE 証明書ファイルを開ã‘ãªã„å ´åˆã€ã¾ãŸã¯wolfSSL_SetTmpDH_file_wrapperã‹ã‚‰ã®ãƒ•ァイルã«å¯¾ã™ã‚‹ä¸€é€£ã®ãƒã‚§ãƒƒã‚¯ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE wolfSSL_SetTmpDH_buffer_wrapper()ã‹ã‚‰ã€å½¢å¼ãŒPEMã§ã‚‚ASN.1ã§ã‚‚ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®minDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå°ã•ã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return DH_KEY_SIZE_E DHパラメータã®éµã‚µã‚¤ã‚ºãŒWOLFSSL_CTX構造体ã®maxDhKeySzメンãƒã®å€¤ã‚ˆã‚Šå¤§ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIDE_ERROR サーãƒå´ã§ãªã„å ´åˆã€wolfSSL_SetTmpDH()ã§è¿”ã•れã¾ã™ã€‚ + \return SSL_NO_PEM_HEADER PEMヘッダãŒãªã„å ´åˆã€PemToDerã‹ã‚‰è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR メモリコピーã®å¤±æ•—ãŒã‚ã‚‹å ´åˆã€PemToDerã‹ã‚‰è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fname 証明書ファイルã¸ã®å®šæ•°æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param format 証明書形å¼ã®è¡¨ç¾ã§ã‚ã‚‹ã€wolfSSL_SetTmpDH_file_wrapper()ã‹ã‚‰æ¸¡ã•れる整数型。 _Example_ \code - #define dhParam “certs/dh2048.pem†+ #define dhParam "certs/dh2048.pem" #DEFINE aSSERTiNTne(x, y) AssertInt(x, y, !=, ==) WOLFSSL_CTX* ctx; … AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) … AssertIntNE(SSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParam, - SSL_FILETYPE_PEM)); + SSL_FILETYPE_PEM)); \endcode + \sa wolfSSL_SetTmpDH_buffer_wrapper \sa wolfSSL_SetTmpDH \sa wolfSSL_CTX_SetTmpDH \sa wolfSSL_SetTmpDH_buffer - \sa wolfSSL_CTX_SetTmpDH_buffer - \sa wolfSSL_SetTmpDH_file_wrapper + \sa wolfSSL_CTX_SetTmpDH_buffer \sa wolfSSL_SetTmpDH_file_wrapper \sa AllocDer \sa PemToDer */ @@ -5639,31 +6476,40 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®minkkeyszメンãƒãƒ¼ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã€Diffie Hellmanéµã‚µã‚¤ã‚ºã®æœ€å°ã‚µã‚¤ã‚ºï¼ˆãƒ“ットå˜ä½ï¼‰ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼z_BITSãŒ16,000ã‚’è¶…ãˆã‚‹ã‹ã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®minDhKeySzメンãƒã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã€Diffie-Hellmanéµã‚µã‚¤ã‚ºã®æœ€å°ã‚µã‚¤ã‚º(ビットå˜ä½)を設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySz_bitsãŒ16,000より大ãã„ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz_bits 最å°DHéµã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるword16型。WOLFSSL_CTX構造体ã¯ã“ã®æƒ…報をminDhKeySzメンãƒã«ä¿æŒã—ã¾ã™ã€‚ _Example_ \code public static int CTX_SetMinDhKey_Sz(IntPtr ctx, short minDhKey){ - … - return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits); + … + return wolfSSL_CTX_SetMinDhKey_Sz(local_ctx, minDhKeyBits); \endcode + \sa wolfSSL_SetMinDhKey_Sz \sa wolfSSL_CTX_SetMaxDhKey_Sz \sa wolfSSL_SetMaxDhKey_Sz \sa wolfSSL_GetDhKey_Sz \sa wolfSSL_CTX_SetTMpDH_file */ -int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16); +int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz_bits); /*! \ingroup CertsKeys - \brief WolfSSL構造ã®Diffie-Hellmanéµã®æœ€å°ã‚µã‚¤ã‚ºï¼ˆãƒ“ットå˜ä½ï¼‰ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 最å°ã‚µã‚¤ã‚ºã¯æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG wolfssl構造ã¯NULLã€ã¾ãŸã¯Keysz_BITSãŒ16,000ã‚’è¶…ãˆã‚‹ã‹ã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief WOLFSSL構造体内ã®Diffie-Hellmanéµã®æœ€å°ã‚µã‚¤ã‚º(ビットå˜ä½)を設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 最å°ã‚µã‚¤ã‚ºãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySz_bitsãŒ16,000より大ãã„ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz_bits 最å°DHéµã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるword16型。WOLFSSL_CTX構造体ã¯ã“ã®æƒ…報をminDhKeySzメンãƒã«ä¿æŒã—ã¾ã™ã€‚ _Example_ \code @@ -5671,9 +6517,10 @@ word16 keySz_bits; ... if(wolfSSL_SetMinDhKey_Sz(ssl, keySz_bits) != SSL_SUCCESS){ - // Failed to set. + // 設定ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_SetMinDhKey_Sz \sa wolfSSL_GetDhKey_Sz */ @@ -5681,17 +6528,22 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®maxdhkeyszメンãƒãƒ¼ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã€Diffie Hellmanéµã‚µã‚¤ã‚ºã®æœ€å¤§ã‚µã‚¤ã‚ºï¼ˆãƒ“ットå˜ä½ï¼‰ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯ã‚­ãƒ¼z_BITSãŒ16,000ã‚’è¶…ãˆã‚‹ã‹ã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®maxDhKeySzメンãƒã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ã€Diffie-Hellmanéµã‚µã‚¤ã‚ºã®æœ€å¤§ã‚µã‚¤ã‚º(ビットå˜ä½)を設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySz_bitsãŒ16,000より大ãã„ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz_bits 最大DHéµã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるword16型。WOLFSSL_CTX構造体ã¯ã“ã®æƒ…報をmaxDhKeySzメンãƒã«ä¿æŒã—ã¾ã™ã€‚ _Example_ \code public static int CTX_SetMaxDhKey_Sz(IntPtr ctx, short maxDhKey){ - … - return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits); + … + return wolfSSL_CTX_SetMaxDhKey_Sz(local_ctx, keySz_bits); \endcode + \sa wolfSSL_SetMinDhKey_Sz \sa wolfSSL_CTX_SetMinDhKey_Sz \sa wolfSSL_SetMaxDhKey_Sz @@ -5702,10 +6554,14 @@ /*! \ingroup CertsKeys - \brief WolfSSL構造ã®Diffie-Hellmanéµã®æœ€å¤§ã‚µã‚¤ã‚ºï¼ˆãƒ“ットå˜ä½ï¼‰ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æœ€å¤§ã‚µã‚¤ã‚ºã¯æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WOLFSSL構造ã¯NULLã¾ãŸã¯KEYSZパラメータã¯è¨±å®¹ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã‹ã£ãŸã‹ã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief WOLFSSL構造体内ã®Diffie-Hellmanéµã®æœ€å¤§ã‚µã‚¤ã‚º(ビットå˜ä½)を設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æœ€å¤§ã‚µã‚¤ã‚ºãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySzパラメータãŒè¨±å®¹ã‚µã‚¤ã‚ºã‚ˆã‚Šå¤§ãã„ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz 最大DHéµã®ãƒ“ットサイズを表ã™word16型。 _Example_ \code @@ -5713,9 +6569,10 @@ word16 keySz; ... if(wolfSSL_SetMaxDhKey(ssl, keySz) != SSL_SUCCESS){ - // Failed to set. + // 設定ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_SetMaxDhKey_Sz \sa wolfSSL_GetDhKey_Sz */ @@ -5723,9 +6580,13 @@ /*! \ingroup CertsKeys - \brief オプション構造ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã‚ã‚‹DHKEYSZ(ビット内)ã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®å€¤ã¯ã€Diffie-Hellmanéµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚ - \return dhKeySz ã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°å€¤ã§ã‚ã‚‹ssl-> options.dhkeyszã§ä¿æŒã•れã¦ã„る値を返ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造体ãŒNULLã®å ´åˆã«è¿”ã—ã¾ã™ã€‚ + + \brief options構造体ã®ãƒ¡ãƒ³ãƒã§ã‚ã‚‹dhKeySzã®å€¤(ビットå˜ä½)ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®å€¤ã¯ã€Diffie-Hellmanéµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚ + + \return dhKeySz ssl->options.dhKeySzã«ä¿æŒã•れã¦ã„る値を返ã—ã¾ã™ã€‚ã“れã¯ãƒ“ットå˜ä½ã®ã‚µã‚¤ã‚ºã‚’è¡¨ã™æ•´æ•°å€¤ã§ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5736,25 +6597,30 @@ dhKeySz = wolfSSL_GetDhKey_Sz(ssl); if(dhKeySz == BAD_FUNC_ARG || dhKeySz <= 0){ - // Failure case + // 失敗ケース } else { - // dhKeySz holds the size of the key. + // dhKeySzã¯éµã®ã‚µã‚¤ã‚ºã‚’ä¿æŒã—ã¦ã„ã¾ã™ } \endcode + \sa wolfSSL_SetMinDhKey_sz \sa wolfSSL_CTX_SetMinDhKey_Sz \sa wolfSSL_CTX_SetTmpDH \sa wolfSSL_SetTmpDH \sa wolfSSL_CTX_SetTmpDH_file */ -int wolfSSL_GetDhKey_Sz(WOLFSSL*); +int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl); /*! \ingroup CertsKeys - \brief WOLFSSL_CTX構造体ã¨wolfssl_cert_manager構造ã®ä¸¡æ–¹ã§æœ€å°RSAéµã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG CTX構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯KEYSZãŒã‚¼ãƒ­ã‚ˆã‚Šå°ã•ã„ã‹ã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief WOLFSSL_CTX構造体ã¨WOLFSSL_CERT_MANAGER構造体ã®ä¸¡æ–¹ã§æœ€å°RSAéµã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ctx構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySzãŒã‚¼ãƒ­æœªæº€ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz ctx構造体ã¨cm構造体ã®minRsaKeySzã«æ ¼ç´ã•れã€ãƒã‚¤ãƒˆã«å¤‰æ›ã•れるshort整数型。 _Example_ \code @@ -5765,18 +6631,23 @@ minDhKeyBits = atoi(myoptarg); … if(wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != SSL_SUCCESS){ - … + … \endcode + \sa wolfSSL_SetMinRsaKey_Sz */ int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz); /*! \ingroup CertsKeys - \brief WolfSSL構造ã«ã‚ã‚‹RSAã®ãŸã‚ã®ãƒ“ãƒƒãƒˆã§æœ€å°è¨±å®¹éµã‚µã‚¤ã‚ºã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 最å°å€¤ãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG SSL構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯KSYSZãŒã‚¼ãƒ­ã‚ˆã‚Šå°ã•ã„å ´åˆã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief WOLFSSL構造体ã«ã‚ã‚‹RSAã®æœ€å°è¨±å®¹éµã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 最å°å€¤ãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG ssl構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ksySzãŒã‚¼ãƒ­æœªæº€ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz 最å°éµã‚’ビットå˜ä½ã§è¡¨ã™short整数値。 _Example_ \code @@ -5786,49 +6657,60 @@ int isSet = wolfSSL_SetMinRsaKey_Sz(ssl, keySz); if(isSet != SSL_SUCCESS){ - Failed to set. + 設定ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_SetMinRsaKey_Sz */ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz); /*! \ingroup CertsKeys - \brief wolf_ctx構造体ã¨wolfssl_cert_manager構造体ã®ECCéµã®æœ€å°ã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ - \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã—ãŸãŸã‚ã«è¿”ã•れã€MineCkeyszメンãƒãƒ¼ãŒè¨­å®šã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯éµãŒè² ã®å ´åˆã€ã¾ãŸã¯8ã«ã‚ˆã£ã¦å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief WOLF_CTX構造体ã¨WOLFSSL_CERT_MANAGER構造体ã§ECCéµã®æœ€å°ã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã—ã€minEccKeySzメンãƒãŒè¨­å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯keySzãŒè² ã®å€¤ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz 最å°ECCéµã‚µã‚¤ã‚ºã‚’ビットå˜ä½ã§è¡¨ã™short整数型。 _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); - short keySz; // minimum key size + short keySz; // 最å°éµã‚µã‚¤ã‚º … if(wolfSSL_CTX_SetMinEccKey(ctx, keySz) != SSL_SUCCESS){ - // Failed to set min key size + // 最å°éµã‚µã‚¤ã‚ºã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_SetMinEccKey_Sz */ -int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ssl, short keySz); +int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz); /*! \ingroup CertsKeys - \brief オプション構造ã®MineCckeyszメンãƒãƒ¼ã®å€¤ã‚’設定ã—ã¾ã™ã€‚オプション構造体ã¯ã€WolfSSL構造ã®ãƒ¡ãƒ³ãƒãƒ¼ã§ã‚りã€SSLパラメータを介ã—ã¦ã‚¢ã‚¯ã‚»ã‚¹ã•れã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚ªãƒ—ション構造ã®MineCckeyszメンãƒãƒ¼ã‚’正常ã«è¨­å®šã—ãŸå ´åˆã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯éµã‚µã‚¤ã‚ºï¼ˆkeysz)ãŒ0(ゼロ)未満ã®å ´åˆã€ã¾ãŸã¯8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief options構造体ã®minEccKeySzメンãƒã®å€¤ã‚’設定ã—ã¾ã™ã€‚options構造体ã¯WOLFSSL構造体ã®ãƒ¡ãƒ³ãƒã§ã‚りã€sslパラメータを通ã˜ã¦ã‚¢ã‚¯ã‚»ã‚¹ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒoptions構造体ã®minEccKeySzメンãƒã‚’正常ã«è¨­å®šã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯éµã‚µã‚¤ã‚º(keySz)ãŒ0未満ã‹8ã§å‰²ã‚Šåˆ‡ã‚Œãªã„å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz 最å°ECCéµã‚µã‚¤ã‚ºã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる値。options構造体ã«å€¤ã‚’設定ã—ã¾ã™ã€‚ _Example_ \code - WOLFSSL* ssl = wolfSSL_new(ctx); // New session - short keySz = 999; // should be set to min key size allowable + WOLFSSL* ssl = wolfSSL_new(ctx); // æ–°ã—ã„セッション + short keySz = 999; // 許容ã•れる最å°éµã‚µã‚¤ã‚ºã«è¨­å®šã™ã¹ãã§ã™ ... if(wolfSSL_SetMinEccKey_Sz(ssl, keySz) != SSL_SUCCESS){ - // Failure case. + // 失敗ケース } \endcode + \sa wolfSSL_CTX_SetMinEccKey_Sz \sa wolfSSL_CTX_SetMinRsaKey_Sz \sa wolfSSL_SetMinRsaKey_Sz @@ -5837,22 +6719,27 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€eap_tlsã¨eap-ttlsã«ã‚ˆã£ã¦ã€ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‹ã‚‰ã‚­ãƒ¼ã‚¤ãƒ³ã‚°ãƒžãƒ†ãƒªã‚¢ãƒ«ã‚’導出ã—ã¾ã™ã€‚ - \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºãŒè¨±å®¹æœ€å¤§ã‚µã‚¤ã‚ºã‚’è¶…ãˆã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリ割り当ã¦ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param msk p_hash関数ã®çµæžœã‚’ä¿æŒã™ã‚‹voidãƒã‚¤ãƒ³ã‚¿å¤‰æ•°ã€‚ - \param len MSK変数ã®é•·ã•を表ã™ç¬¦å·ãªã—整数。 + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‹ã‚‰éµææ–™ã‚’導出ã™ã‚‹ãŸã‚ã«EAP_TLSã¨EAP-TTLSã«ã‚ˆã£ã¦ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºãŒè¨±å®¹ã•れる最大サイズを超ãˆãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param key p_hash関数ã®çµæžœã‚’ä¿æŒã™ã‚‹voidãƒã‚¤ãƒ³ã‚¿å¤‰æ•°ã€‚ + \param len key変数ã®é•·ã•を表ã™unsigned整数。 + \param label wc_PRF()ã§ã‚³ãƒ”ーã•れる定数charãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx);; - void* msk; + void* key; unsigned int len; const char* label; … - return wolfSSL_make_eap_keys(ssl, msk, len, label); + return wolfSSL_make_eap_keys(ssl, key, len, label); \endcode + \sa wc_PRF \sa wc_HmacFinal \sa wc_HmacUpdate @@ -5862,19 +6749,23 @@ /*! \ingroup IO - \brief Writev Semanticsをシミュレートã—ã¾ã™ãŒã€SSL_Write()ã®å‹•作ã®ãŸã‚ã«å®Ÿéš›ã«ã¯ãƒ–ロックã—ãªã„ãŸã‚ã€ãƒ•ロント追加ãŒå°ã•ããªã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ãŸã‚Writevを使ã„ã‚„ã™ã„ソフトウェアã«ç§»æ¤ã™ã‚‹ã€‚ - \return >0 æˆåŠŸæ™‚ã«æ›¸ã‹ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ - \return 0 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \return MEMORY_ERROR メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸã¨ãã€ã¾ãŸã¯éžãƒ–ロッキングソケットを使用ã™ã‚‹ã¨ãã«ã¯ã€SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーãŒå—ä¿¡ã•れã€å†åº¦WOLFSSL_WRITE()を呼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã¯ã€éšœå®³ãŒç™ºç”Ÿã—ã¾ã™ã€‚特定ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を使用ã—ã¦ãã ã•ã„。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param iov 書ãè¾¼ã¿ã¸ã®I / Oベクトルã®é…列 + + \brief writevã®ã‚»ãƒžãƒ³ãƒ†ã‚£ã‚¯ã‚¹ã‚’シミュレートã—ã¾ã™ãŒã€SSL_write()ã®å‹•作ã¨ãƒ•ロント追加ãŒå°ã•ã„å ´åˆãŒã‚ã‚‹ãŸã‚ã€å®Ÿéš›ã«ã¯ä¸€åº¦ã«ãƒ–ロックå˜ä½ã§ã¯è¡Œã„ã¾ã›ã‚“。writevを使用ã™ã‚‹ã‚½ãƒ•トウェアã¸ã®ç§»æ¤ã‚’容易ã«ã—ã¾ã™ã€‚ + + \return >0 æˆåŠŸæ™‚ã€æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã€‚ + \return 0 失敗時ã«è¿”ã•れã¾ã™ã€‚wolfSSL_get_error()を呼ã³å‡ºã—ã¦ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã—ã¦ãã ã•ã„。 + \return MEMORY_ERROR メモリエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯ãƒŽãƒ³ãƒ–ロッキングソケットを使用ã—ã¦ã„ã‚‹ã¨ãã«SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEエラーをå—ä¿¡ã—ã€ã‚¢ãƒ—リケーションãŒwolfSSL_write()ã‚’å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚wolfSSL_get_error()を使用ã—ã¦ç‰¹å®šã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param iov 書ã込むI/Oベクトルã®é…列。 + \param iovcnt iové…列内ã®ãƒ™ã‚¯ãƒˆãƒ«æ•°ã€‚ _Example_ \code WOLFSSL* ssl = 0; - char *bufA = “hello\nâ€; - char *bufB = “hello world\nâ€; + char *bufA = "hello\n"; + char *bufB = "hello world\n"; int iovcnt; struct iovec iov[2]; @@ -5885,8 +6776,9 @@ iovcnt = 2; ... ret = wolfSSL_writev(ssl, iov, iovcnt); - // wrote “ret†bytes, or error if <= 0. + // "ret"ãƒã‚¤ãƒˆã‚’書ãè¾¼ã¿ã¾ã—ãŸã€‚ã¾ãŸã¯<=0ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ \endcode + \sa wolfSSL_write */ int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, @@ -5894,34 +6786,69 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯CAç½²å者リストをアンロードã—ã€ç½²å者全体ã®ãƒ†ãƒ¼ãƒ–ルを解放ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯ä»–ã®æ–¹æ³•ã§ã¯æœªè§£æ±ºã®å¼•数値ãŒã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ミューテックスエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚lockmutex()ã¯0ã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€CAç½²å者リストをアンロードã—ã€ç½²å者テーブル全体を解放ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§è¨±å¯ã•れãªã„å¼•æ•°å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚LockMutex()ãŒ0ã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_METHOD method = wolfTLSv1_2_client_method(); - WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method); … - if(!wolfSSL_CTX_UnloadCAs(ctx)){ - // The function did not unload CAs + if(wolfSSL_CTX_UnloadCAs(ctx) != SSL_SUCCESS){ + // 関数ã¯CAをアンロードã—ã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wolfSSL_CertManagerUnloadCAs \sa LockMutex - \sa FreeSignerTable \sa UnlockMutex */ -int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX*); +int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx); + /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ä»¥å‰ã«ãƒ­ãƒ¼ãƒ‰ã•れãŸã™ã¹ã¦ã®ä¿¡é ¼ã§ãるピア証明書をアンロードã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚マクロwolfssl_trust_peer_certを定義ã™ã‚‹ã“ã¨ã§æ©Ÿèƒ½ãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€CAç½²å者リストã«è¿½åŠ ã•れãŸä¸­é–“証明書をアンロードã—ã€è§£æ”¾ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§è¨±å¯ã•れãªã„å¼•æ•°å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_STATE_E WOLFSSL_CTXã®å‚照カウントãŒ1より大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ \return BAD_MUTEX_E mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚LockMutex()ãŒ0ã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + WOLFSSL_METHOD method = wolfTLSv1_2_client_method(); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(method); + … + if(wolfSSL_CTX_UnloadIntermediateCerts(ctx) != NULL){ + // 関数ã¯CAをアンロードã—ã¾ã›ã‚“ã§ã—㟠+ } + \endcode + + \sa wolfSSL_CTX_UnloadCAs + \sa wolfSSL_CertManagerUnloadIntermediateCerts +*/ +int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx); + +/*! + \ingroup Setup + + \brief ã“ã®é–¢æ•°ã¯ä»¥å‰ã«ãƒ­ãƒ¼ãƒ‰ã•れãŸã™ã¹ã¦ã®ä¿¡é ¼ã•れãŸãƒ”ア証明書をアンロードã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒžã‚¯ãƒ­WOLFSSL_TRUST_PEER_CERTを定義ã™ã‚‹ã“ã¨ã§æœ‰åйã«ãªã‚Šã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG ctxãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -5930,27 +6857,32 @@ ... ret = wolfSSL_CTX_Unload_trust_peers(ctx); if (ret != SSL_SUCCESS) { - // error unloading trusted peer certs + // ä¿¡é ¼ã•れãŸãƒ”ア証明書ã®ã‚¢ãƒ³ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_trust_peer_buffer \sa wolfSSL_CTX_trust_peer_cert */ -int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX*); +int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS / SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã™ã‚‹ã¨ãã«ãƒ”アを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’ロードã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«é€ä¿¡ã•れãŸãƒ”ア証明書ã¯ã€ä½¿ç”¨å¯èƒ½ãªã¨ãã«ã‚¹ã‚­ãƒƒãƒ‰ã‚’使用ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦æ¯”較ã•れã¾ã™ã€‚ã“れら2ã¤ã®ã“ã¨ãŒä¸€è‡´ã—ãªã„å ´åˆã¯ã€ãƒ­ãƒ¼ãƒ‰ã•れãŸCASãŒä½¿ç”¨ã•れã¾ã™ã€‚ファイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァーã®å ´åˆã¯ã€wolfssl_ctx_trust_peer_certã¨åŒã˜æ©Ÿèƒ½ã§ã™ã€‚特徴ã¯ãƒžã‚¯ãƒ­wolfssl_trust_peer_certを定義ã™ã‚‹ã“ã¨ã«ã‚ˆã£ã¦æœ‰åйã«ãªã£ã¦ã„ã¾ã™é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_FAILURE CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯ä¸¡æ–¹ã®ãƒ•ァイルã¨ç¨®é¡žãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buffer 証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ァ入力ã®é•·ã•。 + + \brief ã“ã®é–¢æ•°ã¯ã€TLS/SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã™ã‚‹éš›ã«ãƒ”アを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’ロードã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«é€ä¿¡ã•れるピア証明書ã¯ã€åˆ©ç”¨å¯èƒ½ãªå ´åˆã¯SKIDã¨ç½²åを使用ã—ã¦æ¯”較ã•れã¾ã™ã€‚ã“れら2ã¤ãŒä¸€è‡´ã—ãªã„å ´åˆã¯ã€ãƒ­ãƒ¼ãƒ‰ã•れãŸCAãŒä½¿ç”¨ã•れã¾ã™ã€‚ファイルã§ã¯ãªããƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®å…¥åŠ›ã§ã‚る点を除ã„ã¦ã€wolfSSL_CTX_trust_peer_certã¨åŒã˜æ©Ÿèƒ½ã§ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒžã‚¯ãƒ­WOLFSSL_TRUST_PEER_CERTを定義ã™ã‚‹ã“ã¨ã§æœ‰åйã«ãªã‚Šã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE ctxãŒNULLã€ã¾ãŸã¯fileã¨typeã®ä¸¡æ–¹ãŒç„¡åйãªå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buffer 証明書をå«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param type ロードã•れる証明書ã®ã‚¿ã‚¤ãƒ—ã€ã™ãªã‚ã¡SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code @@ -5961,10 +6893,11 @@ ret = wolfSSL_CTX_trust_peer_buffer(ctx, bufferPtr, bufferSz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading trusted peer cert + // ä¿¡é ¼ã•れãŸãƒ”ア証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_file \sa wolfSSL_CTX_use_PrivateKey_file @@ -5980,32 +6913,36 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯CA証明書ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。フォーマットãŒPEM内ã«ã‚ã‚‹é™ã‚Šã€ãƒãƒƒãƒ•ã‚¡ã‚ãŸã‚Šè¤‡æ•°ã®CA証明書をロードã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€IN。 + \brief ã“ã®é–¢æ•°ã¯CA証明書ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®å½¢å¼ã‚¿ã‚¤ãƒ—を指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚å½¢å¼ãŒPEMã§ã‚れã°ã€1ã¤ã®ãƒãƒƒãƒ•ã‚¡ã«è¤‡æ•°ã®CA証明書をロードã§ãã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡(in)ã®ã‚µã‚¤ã‚ºã€‚ + \param format ãƒãƒƒãƒ•ァ証明書ã®å½¢å¼ã€SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte certBuff[...]; + long sz = sizeof(certBuff); ... ret = wolfSSL_CTX_load_verify_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading CA certs from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_locations \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer @@ -6020,35 +6957,40 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯CA証明書ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。フォーマットãŒPEM内ã«ã‚ã‚‹é™ã‚Šã€ãƒãƒƒãƒ•ã‚¡ã‚ãŸã‚Šè¤‡æ•°ã®CA証明書をロードã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚_EXãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯PR 2413ã«è¿½åŠ ã•れã€UserChainã¨Flagsã®è¿½åŠ ã®å¼•数をサãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€IN。 - \param format ãƒãƒƒãƒ•ァ証明書ã®å½¢å¼ã€SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 - \param userChain フォーマットwolfssl_filetype_asn1を使用ã™ã‚‹å ´åˆã€ã“ã®ã‚»ãƒƒãƒˆã¯ã‚¼ãƒ­ä»¥å¤–ã®ã‚»ãƒƒãƒˆã‚’示ã—ã¦ã„ã¾ã™.Derã®ãƒã‚§ãƒ¼ãƒ³ãŒè¡¨ç¤ºã•れã¦ã„ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯CA証明書ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®å½¢å¼ã‚¿ã‚¤ãƒ—を指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚å½¢å¼ãŒPEMã§ã‚れã°ã€1ã¤ã®ãƒãƒƒãƒ•ã‚¡ã«è¤‡æ•°ã®CA証明書をロードã§ãã¾ã™ã€‚_ex版ã¯PR 2413ã§è¿½åŠ ã•れã€userChainã¨flagsã®è¿½åŠ å¼•æ•°ã‚’ã‚µãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡(in)ã®ã‚µã‚¤ã‚ºã€‚ + \param format ãƒãƒƒãƒ•ァ証明書ã®å½¢å¼ã€SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 + \param userChain å½¢å¼WOLFSSL_FILETYPE_ASN1を使用ã—ã¦ã„ã‚‹å ´åˆã€ã“れをéžã‚¼ãƒ­ã«è¨­å®šã™ã‚‹ã¨ã€DERã®ãƒã‚§ãƒ¼ãƒ³ãŒæç¤ºã•れã¦ã„ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param flags ssl.hã®WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS付近をå‚ç…§ã—ã¦ãã ã•ã„。 _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte certBuff[...]; + long sz = sizeof(certBuff); ... - // Example for force loading an expired certificate + // 期é™åˆ‡ã‚Œè¨¼æ˜Žæ›¸ã‚’強制的ã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹ä¾‹ ret = wolfSSL_CTX_load_verify_buffer_ex(ctx, certBuff, sz, SSL_FILETYPE_PEM, 0, (WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)); if (ret != SSL_SUCCESS) { - // error loading CA certs from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_load_verify_locations \sa wolfSSL_CTX_use_certificate_buffer @@ -6064,32 +7006,37 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€CA証明書ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。フォーマットãŒPEM内ã«ã‚ã‚‹é™ã‚Šã€ãƒãƒƒãƒ•ã‚¡ã‚ãŸã‚Šè¤‡æ•°ã®CA証明書をロードã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€IN。 + + \brief ã“ã®é–¢æ•°ã¯CA証明書ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®å½¢å¼ã‚¿ã‚¤ãƒ—を指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚å½¢å¼ãŒPEMã§ã‚れã°ã€1ã¤ã®ãƒãƒƒãƒ•ã‚¡ã«è¤‡æ•°ã®CA証明書をロードã§ãã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in CA証明書ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 入力CA証明書ãƒãƒƒãƒ•ã‚¡(in)ã®ã‚µã‚¤ã‚ºã€‚ + \param format ãƒãƒƒãƒ•ァ証明書ã®å½¢å¼ã€SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte certBuff[...]; + long sz = sizeof(certBuff); ... ret = wolfSSL_CTX_load_verify_chain_buffer_format(ctx, certBuff, sz, WOLFSSL_FILETYPE_ASN1); if (ret != SSL_SUCCESS) { - // error loading CA certs from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_locations \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer @@ -6104,29 +7051,34 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + + \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®å½¢å¼ã‚¿ã‚¤ãƒ—を指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param format 入力ãƒãƒƒãƒ•ã‚¡(in)ã«æ ¼ç´ã•れã¦ã„る証明書ã®å½¢å¼ã€‚指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚ _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte certBuff[...]; + long sz = sizeof(certBuff); ... ret = wolfSSL_CTX_use_certificate_buffer(ctx, certBuff, sz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading certificate from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®è¨¼æ˜Žæ›¸ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer \sa wolfSSL_CTX_use_certificate_chain_buffer @@ -6140,30 +7092,35 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒãƒƒãƒ•ã‚¡ã‚’SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1OR SSL_FILETYPE_PEM。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NO_PASSWORD éµãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ロードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + + \brief ã“ã®é–¢æ•°ã¯ç§˜å¯†éµãƒãƒƒãƒ•ã‚¡ã‚’SSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®å½¢å¼ã‚¿ã‚¤ãƒ—を指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NO_PASSWORD éµãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param format 入力ãƒãƒƒãƒ•ã‚¡(in)ã«æ ¼ç´ã•れã¦ã„る秘密éµã®å½¢å¼ã€‚指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚ _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte keyBuff[...]; + long sz = sizeof(certBuff); ... ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, keyBuff, sz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // error loading private key from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ã®ç§˜å¯†éµã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_certificate_chain_buffer @@ -6177,29 +7134,34 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯PEMå½¢å¼ã§ã€ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã§çµ‚ã‚る対象ã®è¨¼æ˜Žæ›¸ã‹ã‚‰å§‹ã‚ã¦ãã ã•ã„。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸã™ã‚‹ã¨ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ロードã•れるPEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + + \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLコンテキストã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡éžå¯¾å¿œç‰ˆã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã›ã‚‹ç‚¹ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯PEMå½¢å¼ã§ã€ã‚µãƒ–ジェクトã®è¨¼æ˜Žæ›¸ã‹ã‚‰å§‹ã¾ã‚Šã€ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã§çµ‚ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹PEMå½¢å¼ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code int ret = 0; - int sz = 0; WOLFSSL_CTX* ctx; byte certChainBuff[...]; + long sz = sizeof(certBuff); ... ret = wolfSSL_CTX_use_certificate_chain_buffer(ctx, certChainBuff, sz); if (ret != SSL_SUCCESS) { - // error loading certificate chain from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã®èª­ã¿è¾¼ã¿ã«å¤±æ•— } ... \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer @@ -6212,29 +7174,34 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 - \param sz ãƒãƒƒãƒ•ã‚¡ã«ã‚る証明書ã®ã‚µã‚¤ã‚ºã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ãªã—ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãる点ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®ãƒ•ォーマットãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ァ内ã®è¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚ºã€‚ + \param format ロードã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒ•ォーマット。指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚ _Example_ \code - int buffSz; int ret; byte certBuff[...]; WOLFSSL* ssl = 0; + long buffSz = sizeof(certBuff); ... ret = wolfSSL_use_certificate_buffer(ssl, certBuff, buffSz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // failed to load certificate from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰è¨¼æ˜Žæ›¸ã®èª­ã¿è¾¼ã¿ã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer @@ -6247,29 +7214,34 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚å½¢å¼ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NO_PASSWORD éµãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in ロードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 - \param sz ãƒãƒƒãƒ•ã‚¡ã«ã‚る秘密éµã®ã‚µã‚¤ã‚ºã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ãªã—ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãる点ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚formatã¯ãƒãƒƒãƒ•ã‚¡ã®ãƒ•ォーマットタイプを指定ã—ã¾ã™ã€‚SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®ãƒ•ォーマットãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NO_PASSWORD éµãƒ•ã‚¡ã‚¤ãƒ«ãŒæš—å·åŒ–ã•れã¦ã„ã‚‹ãŒãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹ç§˜å¯†éµã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ァ内ã®ç§˜å¯†éµã®ã‚µã‚¤ã‚ºã€‚ + \param format ロードã™ã‚‹ç§˜å¯†éµã®ãƒ•ォーマット。指定å¯èƒ½ãªå€¤ã¯SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEMã§ã™ã€‚ _Example_ \code - int buffSz; int ret; byte keyBuff[...]; WOLFSSL* ssl = 0; + long buffSz = sizeof(certBuff); ... ret = wolfSSL_use_PrivateKey_buffer(ssl, keyBuff, buffSz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - // failed to load private key from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰ç§˜å¯†éµã®èª­ã¿è¾¼ã¿ã«å¤±æ•— } \endcode + \sa wolfSSL_use_PrivateKey \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_buffer @@ -6283,28 +7255,33 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WolfSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ァ以外ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ã‚ˆã†ã«å‹•作ã—ã€ãƒ•ァイルã®ä»£ã‚りã«å…¥åŠ›ã¨ã—ã¦ãƒãƒƒãƒ•ã‚¡ã¨å‘¼ã°ã‚Œã‚‹æ©Ÿèƒ½ãŒç•°ãªã‚‹ã ã‘ã§ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºSZã®å¼•æ•°ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯PEMå½¢å¼ã§ã€ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã§çµ‚ã‚る対象ã®è¨¼æ˜Žæ›¸ã‹ã‚‰å§‹ã‚ã¦ãã ã•ã„。é©åˆ‡ãªä½¿ç”¨æ³•ã®ä¾‹ã‚’ã”覧ãã ã•ã„。 - \return SSL_SUCCES æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァよりも大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ã‚’WOLFSSLオブジェクトã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ãªã—ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨åŒæ§˜ã«å‹•作ã—ã¾ã™ãŒã€ãƒ•ァイルã®ä»£ã‚りã«ãƒãƒƒãƒ•ァを入力ã¨ã—ã¦å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãる点ãŒç•°ãªã‚Šã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯ã‚µã‚¤ã‚ºszã®in引数ã«ã‚ˆã£ã¦æä¾›ã•れã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯PEMフォーマットã§ã‚ã‚‹å¿…è¦ãŒã‚りã€ã‚µãƒ–ジェクトã®è¨¼æ˜Žæ›¸ã‹ã‚‰å§‹ã¾ã‚Šã€ãƒ«ãƒ¼ãƒˆè¨¼æ˜Žæ›¸ã§çµ‚ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚é©åˆ‡ãªä½¿ç”¨æ–¹æ³•ã«ã¤ã„ã¦ã¯ä¾‹ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return SSL_SUCCES æˆåŠŸæ™‚ã€‚ + \return SSL_BAD_FILETYPE ファイルã®ãƒ•ォーマットãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E ãƒã‚§ãƒ¼ãƒ³ãƒãƒƒãƒ•ã‚¡ãŒå—ä¿¡ãƒãƒƒãƒ•ァより大ãã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in ロードã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ァ内ã®è¨¼æ˜Žæ›¸ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code - int buffSz; int ret; byte certChainBuff[...]; WOLFSSL* ssl = 0; + long buffSz = sizeof(certBuff); ... ret = wolfSSL_use_certificate_chain_buffer(ssl, certChainBuff, buffSz); if (ret != SSL_SUCCESS) { - // failed to load certificate chain from buffer + // ãƒãƒƒãƒ•ã‚¡ã‹ã‚‰è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã®èª­ã¿è¾¼ã¿ã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa wolfSSL_CTX_use_certificate_buffer \sa wolfSSL_CTX_use_PrivateKey_buffer @@ -6317,9 +7294,13 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€SSLãŒæ‰€æœ‰ã™ã‚‹è¨¼æ˜Žæ›¸ã¾ãŸã¯éµã‚’アンロードã—ã¾ã™ã€‚ - \return SSL_SUCCESS - é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG - wolfsslオブジェクトãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€SSLãŒæ‰€æœ‰ã™ã‚‹è¨¼æ˜Žæ›¸ã¾ãŸã¯éµã‚’アンロードã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSLオブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -6327,18 +7308,23 @@ ... int unloadKeys = wolfSSL_UnloadCertsKeys(ssl); if(unloadKeys != SSL_SUCCESS){ - // Failure case. + // 失敗ケース } \endcode + \sa wolfSSL_CTX_UnloadCAs */ -int wolfSSL_UnloadCertsKeys(WOLFSSL*); +int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®æ©Ÿèƒ½ã¯ã€å¯èƒ½ãªé™ã‚Šãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力コンテキストãŒNULLã®å ´åˆã€è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å¯èƒ½ãªå ´åˆã«ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力コンテキストãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -6346,20 +7332,24 @@ ... ret = wolfSSL_CTX_set_group_messages(ctx); if (ret != SSL_SUCCESS) { - // failed to set handshake message grouping + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化ã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_set_group_messages \sa wolfSSL_CTX_new */ -int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX*); +int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ã“ã®æ©Ÿèƒ½ã¯ã€å¯èƒ½ãªé™ã‚Šãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力コンテキストãŒNULLã®å ´åˆã€è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å¯èƒ½ãªå ´åˆã«ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 入力コンテキストãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -6367,20 +7357,23 @@ ... ret = wolfSSL_set_group_messages(ssl); if (ret != SSL_SUCCESS) { - // failed to set handshake message grouping + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚°ãƒ«ãƒ¼ãƒ—化ã®è¨­å®šã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_set_group_messages \sa wolfSSL_new */ -int wolfSSL_set_group_messages(WOLFSSL*); +int wolfSSL_set_group_messages(WOLFSSL* ssl); /*! - \brief - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cbf フォームã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CallBackFozzerタイプ:int(* callbackfuzzer)(wolfssl * sslã€consigned char * bufã€int szã€intåž‹ã€void * fuzzctx); - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ãƒ•ァザーコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cbf 次ã®å½¢å¼ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CallbackFuzzeråž‹: int (*CallbackFuzzer)(WOLFSSL* ssl, const unsigned char* buf, int sz, int type, void* fuzzCtx); + \param fCtx WOLFSSL構造体ã®fuzzerCtxメンãƒã«è¨­å®šã•れるvoidãƒã‚¤ãƒ³ã‚¿åž‹ã€‚ _Example_ \code @@ -6390,48 +7383,57 @@ int callbackFuzzerCB(WOLFSSL* ssl, const unsigned char* buf, int sz, int type, void* fuzzCtx){ - // function definition + // 関数定義 } … wolfSSL_SetFuzzerCb(ssl, callbackFuzzerCB, fCtx); \endcode + \sa CallbackFuzzer */ void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx); /*! - \brief - \return 0 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 許容ã§ããªã„値ã§é–¢æ•°ã«æ¸¡ã•れãŸå¼•æ•°ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return COOKIE_SECRET_SZ 秘密サイズãŒ0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_ERROR æ–°ã—ã„Cookie Secretã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹å•題ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã—ãŸã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param secret 秘密ãƒãƒƒãƒ•ァを表ã™å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯æ–°ã—ã„dtls cookieシークレットを設定ã—ã¾ã™ã€‚ + + \return 0 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ã«è¨±å®¹ã§ããªã„値をæŒã¤å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return COOKIE_SECRET_SZ シークレットサイズãŒ0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_ERROR æ–°ã—ã„cookieシークレット用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param secret シークレットãƒãƒƒãƒ•ァを表ã™å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \param secretSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); WOLFSSL* ssl = wolfSSL_new(ctx); const* byte secret; - word32 secretSz; // size of secret + word32 secretSz; // secretã®ã‚µã‚¤ã‚º … if(!wolfSSL_DTLS_SetCookieSecret(ssl, secret, secretSz)){ - // Code block for failure to set DTLS cookie secret + // DTLSクッキーシークレットã®è¨­å®šå¤±æ•—ã®ã‚³ãƒ¼ãƒ‰ãƒ–ロック } else { - // Success! Cookie secret is set. + // æˆåŠŸï¼ã‚¯ãƒƒã‚­ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆãŒè¨­å®šã•れã¾ã—㟠} \endcode + \sa ForceZero \sa wc_RNG_GenerateBlock */ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, - const unsigned char* secret, - unsigned int secretSz); + const byte* secret, + word32 secretSz); /*! - \brief - \return rng æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return NULL sslãŒNULLã®å ´åˆ + \brief ã“ã®é–¢æ•°ã¯ä¹±æ•°ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return rng æˆåŠŸæ™‚ã€‚ + \return NULL sslãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL* ssl; @@ -6439,99 +7441,127 @@ wolfSSL_GetRNG(ssl); \endcode + \sa wolfSSL_CTX_new_rng + */ WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€è¨±å¯ã•れã¦ã„る最å°ã®ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚接続ãŒï¼ˆwolfsslv23_client_methodã¾ãŸã¯wolfsslv23_server_method)を使用ã—ã¦ã€æŽ¥ç¶šãŒãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ã§ãã‚‹å ´åˆã«ã®ã¿é©ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS エラーãªã—ã§è¿”ã•れãŸé–¢æ•°ã¨æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造ãŒNULLã®å ´åˆã€ã¾ãŸã¯æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨±å¯ã•れる最å°ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ダウングレードを許å¯ã™ã‚‹æŽ¥ç¶š(wolfSSLv23_client_methodã¾ãŸã¯wolfSSLv23_server_method)を使用ã™ã‚‹å ´åˆã«ã®ã¿é©ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªãæˆ»ã‚Šã€æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒè¨­å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯æœ€å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param version 最å°å€¤ã¨ã—ã¦è¨­å®šã•れるãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®æ•´æ•°è¡¨ç¾: WOLFSSL_SSLV3 = 0ã€WOLFSSL_TLSV1 = 1ã€WOLFSSL_TLSV1_1 = 2ã€ã¾ãŸã¯WOLFSSL_TLSV1_2 = 3。 _Example_ \code - WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method ); WOLFSSL* ssl = WOLFSSL_new(ctx); - int version; // macrop representation + int version; // ãƒžã‚¯ãƒ­è¡¨ç¾ â€¦ if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){ - // Failed to set min version + // 最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®è¨­å®šã«å¤±æ•— } \endcode + \sa SetMinVersionHelper */ int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version); /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€è¨±å¯ã•れã¦ã„る最å°ã®ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚接続ãŒï¼ˆwolfsslv23_client_methodã¾ãŸã¯wolfsslv23_server_method)を使用ã—ã¦ã€æŽ¥ç¶šãŒãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ã§ãã‚‹å ´åˆã«ã®ã¿é©ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS ã“ã®é–¢æ•°ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG SSLオブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚サブルーãƒãƒ³ã§ã¯ã€è‰¯ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒä¸€è‡´ã—ãªã„å ´åˆã€ã“ã®ã‚¨ãƒ©ãƒ¼ã¯ã‚¹ãƒ­ãƒ¼ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€è¨±å¯ã•れる最å°ãƒ€ã‚¦ãƒ³ã‚°ãƒ¬ãƒ¼ãƒ‰ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ダウングレードを許å¯ã™ã‚‹æŽ¥ç¶š(wolfSSLv23_client_methodã¾ãŸã¯wolfSSLv23_server_method)を使用ã™ã‚‹å ´åˆã«ã®ã¿é©ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS ã“ã®é–¢æ•°ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG SSLオブジェクトãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚サブルーãƒãƒ³ã§ã¯ã€ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãƒžãƒƒãƒãŒè‰¯å¥½ã§ãªã„å ´åˆã«ã“ã®ã‚¨ãƒ©ãƒ¼ãŒã‚¹ãƒ­ãƒ¼ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param version 最å°å€¤ã¨ã—ã¦è¨­å®šã•れるãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®æ•´æ•°è¡¨ç¾: WOLFSSL_SSLV3 = 0ã€WOLFSSL_TLSV1 = 1ã€WOLFSSL_TLSV1_1 = 2ã€ã¾ãŸã¯WOLFSSL_TLSV1_2 = 3。 _Example_ \code - WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(protocol method); WOLFSSL* ssl = WOLFSSL_new(ctx); - int version; macro representation + int version; // ãƒžã‚¯ãƒ­è¡¨ç¾ â€¦ if(wolfSSL_CTX_SetMinVersion(ssl->ctx, version) != SSL_SUCCESS){ - Failed to set min version + // 最å°ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®è¨­å®šã«å¤±æ•— } \endcode + \sa SetMinVersionHelper */ int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version); /*! - \brief ビルドオプションã¨è¨­å®šã«ä¾å­˜ã—ã¾ã™ã€‚WolfSSLを構築ã™ã‚‹ã¨ãã«show_sizesãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯WolfSSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆï¼ˆã‚¹ã‚¤ãƒ¼ãƒˆã€æš—å·ãªã©ï¼‰å†…ã®å€‹ã€…ã®ã‚ªãƒ–ジェクトã®ã‚µã‚¤ã‚ºã‚‚stdoutã«å°åˆ·ã•れã¾ã™ã€‚ - \return size ã“ã®é–¢æ•°ã¯ã€WolfSSLオブジェクトã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯WOLFSSLオブジェクトã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã€ãƒ“ルドオプションã¨è¨­å®šã«ä¾å­˜ã—ã¾ã™ã€‚wolfSSLをビルドã™ã‚‹éš›ã«SHOW_SIZESãŒå®šç¾©ã•れã¦ã„ã‚‹å ´åˆã€ã“ã®é–¢æ•°ã¯WOLFSSLオブジェクト内ã®å€‹ã€…ã®ã‚ªãƒ–ジェクト(Suitesã€Ciphersãªã©)ã®ã‚µã‚¤ã‚ºã‚‚stdoutã«å‡ºåŠ›ã—ã¾ã™ã€‚ + + \return size ã“ã®é–¢æ•°ã¯WOLFSSLオブジェクトã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code int size = 0; size = wolfSSL_GetObjectSize(); - printf(“sizeof(WOLFSSL) = %d\nâ€, size); + printf("sizeof(WOLFSSL) = %d\n", size); \endcode + \sa wolfSSL_new */ -int wolfSSL_GetObjectSize(void); /* object size based on build */ +int wolfSSL_GetObjectSize(void); /* ビルドã«åŸºã¥ãオブジェクトサイズ */ /*! - \brief アプリケーションãŒãƒˆãƒ©ãƒ³ã‚¹ãƒãƒ¼ãƒˆãƒ¬ã‚¤ãƒ¤é–“ã§ä½•ãƒã‚¤ãƒˆã‚’é€ä¿¡ã—ãŸã„å ´åˆã¯ã€æŒ‡å®šã•れãŸå¹³æ–‡ã®å…¥åŠ›ã‚µã‚¤ã‚ºã‚’æŒ‡å®šã—ã¦ãã ã•ã„。SSL / TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return size æˆåŠŸã™ã‚‹ã¨ã€è¦æ±‚ã•れãŸã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ - \return INPUT_SIZE_E å…¥åŠ›ã‚µã‚¤ã‚ºãŒæœ€å¤§TLSフラグメントサイズより大ãã„å ´åˆã¯è¿”ã•れã¾ã™ï¼ˆWOLFSSL_GETMAXOUTPUTSIZE())。 - \return BAD_FUNC_ARG 無効ãªé–¢æ•°å¼•æ•°ã«æˆ»ã‚Šã€ã¾ãŸã¯SSL / TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 平文入力ã®ãƒ¬ã‚³ãƒ¼ãƒ‰å±¤ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ã€ã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãŒæŒ‡å®šã•れãŸå¹³æ–‡å…¥åŠ›ã‚µã‚¤ã‚ºã«å¯¾ã—ã¦ã€ãƒˆãƒ©ãƒ³ã‚¹ãƒãƒ¼ãƒˆå±¤ã‚’介ã—ã¦é€ä¿¡ã•れるãƒã‚¤ãƒˆæ•°ã‚’知りãŸã„å ´åˆã«å½¹ç«‹ã¡ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return size æˆåŠŸæ™‚ã«ã¯ã€è¦æ±‚ã•れãŸã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ + \return INPUT_SIZE_E å…¥åŠ›ã‚µã‚¤ã‚ºãŒæœ€å¤§TLSフラグメントサイズより大ãã„å ´åˆã«è¿”ã•れã¾ã™(wolfSSL_GetMaxOutputSize()ã‚’å‚ç…§)。 + \return BAD_FUNC_ARG 無効ãªé–¢æ•°å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€ã¾ãŸã¯SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inSz 平文データã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetMaxOutputSize */ int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz); /*! - \brief ãƒ—ãƒ­ãƒˆã‚³ãƒ«è¦æ ¼ã§æŒ‡å®šã•れã¦ã„る最大SSL / TLSレコードサイズã®ã„ãšã‚Œã‹ã«å¯¾å¿œã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒwolfssl_getOutputSize()ã¨å‘¼ã°ã‚Œã€input_size_eエラーをå—ä¿¡ã—ãŸã¨ãã«å½¹ç«‹ã¡ã¾ã™ã€‚SSL / TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return size æˆåŠŸã™ã‚‹ã¨ã€æœ€å¤§å‡ºåŠ›ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ - \return BAD_FUNC_ARG 無効ãªé–¢æ•°å¼•æ•°ã®ã¨ãã«è¿”ã•れるã‹ã€SSL / TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã€‚ + \brief å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§ãƒ¬ã‚³ãƒ¼ãƒ‰å±¤ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ã“れã¯ã€ãƒ—ãƒ­ãƒˆã‚³ãƒ«æ¨™æº–ã§æŒ‡å®šã•れã¦ã„る最大SSL/TLSレコードサイズã€ã¾ãŸã¯TLS最大フラグメント長拡張ã«ã‚ˆã£ã¦è¨­å®šã•ã‚ŒãŸæœ€å¤§TLSフラグメントサイズã®ã„ãšã‚Œã‹ã«å¯¾å¿œã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒwolfSSL_GetOutputSize()を呼ã³å‡ºã—ã¦INPUT_SIZE_Eエラーをå—ã‘å–ã£ãŸå ´åˆã«å½¹ç«‹ã¡ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return size æˆåŠŸæ™‚ã«ã¯ã€æœ€å¤§å‡ºåŠ›ã‚µã‚¤ã‚ºãŒè¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 無効ãªé–¢æ•°å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€ã¾ãŸã¯SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒã¾ã å®Œäº†ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetOutputSize */ -int wolfSSL_GetMaxOutputSize(WOLFSSL*); +int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§æŒ‡å®šã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã¦ã€æŒ‡å®šã•れãŸSSLセッション(WolfSSLオブジェクト)ã®SSL/TLSプロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€SSLセッション(SSL)ã®ãƒ—ãƒ­ãƒˆã‚³ãƒ«è¨­å®šãŒæœ€åˆã«å®šç¾©ã•れã€SSLコンテキスト(wolfSSL_CTX_new())メソッドã®ç¨®é¡žã«ã‚ˆã£ã¦ä¸Šæ›¸ãã•れã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 入力SSLオブジェクトãŒNULLã¾ãŸã¯èª¤ã£ãŸãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒãƒãƒ¼ã‚¸ãƒ§ãƒ³ã§æŒ‡å®šã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€versionã§æŒ‡å®šã•れãŸãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’使用ã—ã¦ã€æŒ‡å®šã•れãŸSSLセッション(WOLFSSLオブジェクト)ã®SSL/TLSプロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‚’設定ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€SSLセッション(ssl)ã®ãƒ—ロトコル設定ãŒä¸Šæ›¸ãã•れã¾ã™ã€‚ã“れã¯å…ƒã€…SSLコンテキスト(wolfSSL_CTX_new())ã®ãƒ¡ã‚½ãƒƒãƒ‰ã‚¿ã‚¤ãƒ—ã«ã‚ˆã£ã¦å®šç¾©ãŠã‚ˆã³è¨­å®šã•れãŸã‚‚ã®ã§ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 入力ã•れãŸSSLオブジェクトãŒNULLã®å ´åˆã€ã¾ãŸã¯versionã«ä¸æ­£ãªãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒæŒ‡å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param version SSL/TLSプロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã€‚指定å¯èƒ½ãªå€¤ã«ã¯ã€WOLFSSL_SSLV3ã€WOLFSSL_TLSV1ã€WOLFSSL_TLSV1_1ã€WOLFSSL_TLSV1_2ãŒã‚りã¾ã™ã€‚ _Example_ \code @@ -6541,63 +7571,78 @@ ret = wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1); if (ret != SSL_SUCCESS) { - // failed to set SSL session protocol version + // SSLセッションã®ãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_new */ int wolfSSL_SetVersion(WOLFSSL* ssl, int version); /*! - \brief MAC /æš—å·åŒ–コールãƒãƒƒã‚¯ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚MacOutã¯ã€MACã®çµæžœã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚る出力ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚Macinã¯Mac入力ãƒãƒƒãƒ•ァーã¨Macinszã®ã‚µã‚¤ã‚ºã‚’注æ„ã—ã¦ã„ã¾ã™ã€‚MacContentã¨Macverifyã¯ã€Wolfssl_SettlShmacinner()ã«å¿…è¦ã§ã‚りã€ãã®ã¾ã¾é€šéŽã—ã¾ã™ã€‚Encoutã¯ã€æš—å·åŒ–ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚る出力ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚ENCINã¯ENCSZãŒå…¥åŠ›ã®ã‚µã‚¤ã‚ºã§ã‚ã‚‹é–“ã¯æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h mymacencryptcb()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none è¿”å“ä¸å¯ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†Mac/æš—å·åŒ–コールãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€æˆåŠŸæ™‚ã«ã¯0ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«ã¯<0ã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ã€ãƒ¦ãƒ¼ã‚¶ã®åˆ©ä¾¿æ€§ã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚macOutã¯ã€macã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚macInã¯mac入力ãƒãƒƒãƒ•ã‚¡ã§ã‚りã€macInSzã¯ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚macContentã¨macVerifyã¯ã€wolfSSL_SetTlsHmacInner()ã«å¿…è¦ã§ã‚りã€ãã®ã¾ã¾æ¸¡ã™å¿…è¦ãŒã‚りã¾ã™ã€‚encOutã¯ã€æš—å·åŒ–ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚encInã¯æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã‚りã€encSzã¯å…¥åŠ›ã®ã‚µã‚¤ã‚ºã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl/test.hã®myMacEncryptCb()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetMacEncryptCtx \sa wolfSSL_GetMacEncryptCtx */ -void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypti cb); +void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb); /*! - \brief CTXã¸ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none è¿”å“ä¸å¯ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†Mac/æš—å·åŒ–コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetMacEncryptCb \sa wolfSSL_GetMacEncryptCtx */ void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx); /*! - \brief Mac / Encryptコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€wolfssl_setmacencryptx()ã§ä¿å­˜ã•れã¦ã„ã¾ã—ãŸã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒã€wolfSSL_SetMacEncryptCtx()ã§ä»¥å‰ã«ä¿å­˜ã•れãŸã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†Mac/æš—å·åŒ–コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetMacEncryptCb \sa wolfSSL_SetMacEncryptCtx */ void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl); /*! - \brief コールãƒãƒƒã‚¯ã‚’復å·åŒ–/確èªã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚DECOUTã¯ã€å¾©å·åŒ–ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚DECINã¯æš—å·åŒ–ã•れãŸå…¥åŠ›ãƒãƒƒãƒ•ァーã¨Decinszã®ã‚µã‚¤ã‚ºã‚’注æ„ã—ã¦ã„ã¾ã™ã€‚ã‚³ãƒ³ãƒ†ãƒ³ãƒ„ã¨æ¤œè¨¼ã¯ã€WolfSSL_SettlShmacinner()ã«å¿…è¦ã§ã‚りã€ãã®ã¾ã¾é€šéŽã—ã¾ã™ã€‚PADSZã¯ã€ãƒ‘ディングã®åˆè¨ˆå€¤ã§è¨­å®šã™ã‚‹å‡ºåŠ›å¤‰æ•°ã§ã™ã€‚ã¤ã¾ã‚Šã€MACサイズã¨ãƒ‘ディングãƒã‚¤ãƒˆã¨ãƒ‘ッドãƒã‚¤ãƒˆã‚’加ãˆã¦ã„ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h mydecryptverifycb()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†å¾©å·/検証コールãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€æˆåŠŸæ™‚ã«ã¯0ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«ã¯<0ã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ã€ãƒ¦ãƒ¼ã‚¶ã®åˆ©ä¾¿æ€§ã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚decOutã¯ã€å¾©å·ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚decInã¯æš—å·åŒ–ã•れãŸå…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã‚りã€decInSzã¯ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚contentã¨verifyã¯ã€wolfSSL_SetTlsHmacInner()ã«å¿…è¦ã§ã‚りã€ãã®ã¾ã¾æ¸¡ã™å¿…è¦ãŒã‚りã¾ã™ã€‚padSzã¯ã€ãƒ‘ディングã®åˆè¨ˆå€¤ã‚’設定ã™ã‚‹å¿…è¦ãŒã‚る出力変数ã§ã™ã€‚ã¤ã¾ã‚Šã€macサイズã«åŠ ãˆã¦ã€ãƒ‘ディングã¨ãƒ‘ディングãƒã‚¤ãƒˆã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl/test.hã®myDecryptVerifyCb()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetMacEncryptCtx \sa wolfSSL_GetMacEncryptCtx */ @@ -6605,97 +7650,119 @@ CallbackDecryptVerify cb); /*! - \brief コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’CTXã«å¾©å·åŒ–/検証ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†å¾©å·/検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetDecryptVerifyCb \sa wolfSSL_GetDecryptVerifyCtx */ void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx); /*! - \brief wolfssl_setdecryptverifyctx()ã§ä»¥å‰ã«ä¿å­˜ã•れã¦ã„るコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’復å·åŒ–/検証ã—ã¾ã™ã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒã€wolfSSL_SetDecryptVerifyCtx()ã§ä»¥å‰ã«ä¿å­˜ã•れãŸã‚¢ãƒˆãƒŸãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¬ã‚³ãƒ¼ãƒ‰å‡¦ç†å¾©å·/検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetDecryptVerifyCb \sa wolfSSL_SetDecryptVerifyCtx */ void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl); /*! - \brief VERIFYパラメーターã¯ã€ã“れãŒãƒ”ã‚¢ãƒ»ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ã®ãŸã‚ã®ã‚‚ã®ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’指定ã—ã¾ã™ã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒç§˜å¯†ã«æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚秘密ã®ã‚µã‚¤ã‚ºã¯ã€Wolfssl_gethmacsize()ã‹ã‚‰å…¥æ‰‹ã§ãã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰Hmac/Macシークレットã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚verifyパラメータã¯ã€ã“れãŒãƒ”ã‚¢ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ç”¨ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’指定ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚シークレットã®ã‚µã‚¤ã‚ºã¯ã€wolfSSL_GetHmacSize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param verify ã“れãŒãƒ”ã‚¢ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ç”¨ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’指定ã—ã¾ã™ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetHmacSize */ const unsigned char* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify); /*! - \brief - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚­ãƒ¼ã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚éµã®ã‚µã‚¤ã‚ºã¯ã€wolfssl_getkeysize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ›¸ãè¾¼ã¿éµã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯éµã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚éµã®ã‚µã‚¤ã‚ºã¯ã€wolfSSL_GetKeySize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetKeySize \sa wolfSSL_GetClientWriteIV */ const unsigned char* wolfSSL_GetClientWriteKey(WOLFSSL*); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒIVã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚IVã®ã‚µã‚¤ã‚ºã¯ã€wolfssl_getCipherBlockSize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ›¸ãè¾¼ã¿IV(åˆæœŸåŒ–ベクトル)ã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯IVã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚IVã®ã‚µã‚¤ã‚ºã¯ã€wolfSSL_GetCipherBlockSize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetCipherBlockSize() \sa wolfSSL_GetClientWriteKey() */ const unsigned char* wolfSSL_GetClientWriteIV(WOLFSSL*); /*! - \brief - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒéµã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚éµã®ã‚µã‚¤ã‚ºã¯ã€wolfssl_getkeysize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã‚µãƒ¼ãƒæ›¸ãè¾¼ã¿éµã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯éµã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚éµã®ã‚µã‚¤ã‚ºã¯ã€wolfSSL_GetKeySize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetKeySize \sa wolfSSL_GetServerWriteIV */ const unsigned char* wolfSSL_GetServerWriteKey(WOLFSSL*); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒIVã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚IVã®ã‚µã‚¤ã‚ºã¯ã€wolfssl_getCipherBlockSize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰ã‚µãƒ¼ãƒæ›¸ãè¾¼ã¿IV(åˆæœŸåŒ–ベクトル)ã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯IVã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚IVã®ã‚µã‚¤ã‚ºã¯ã€wolfSSL_GetCipherBlockSize()ã‹ã‚‰å–å¾—ã§ãã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_GetCipherBlockSize \sa wolfSSL_GetClientWriteKey @@ -6703,26 +7770,32 @@ const unsigned char* wolfSSL_GetServerWriteIV(WOLFSSL*); /*! - \brief - \return size 正常ã«ã‚³ãƒ¼ãƒ«ãŒéµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ—ロセスã‹ã‚‰éµã‚µã‚¤ã‚ºã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return size æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯éµã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetKeySize(WOLFSSL*); +int wolfSSL_GetKeySize(WOLFSSL* ssl); /*! \ingroup CertsKeys - \brief WolfSSL構造体ã«ä¿æŒã•れã¦ã„ã‚‹Specs構造体ã®IV_SIZEメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return iv_size ssl-> specs.iv_sizeã§ä¿æŒã•れã¦ã„る値を返ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief WOLFSSL構造体ã«ä¿æŒã•れã¦ã„ã‚‹specs構造体ã®iv_sizeメンãƒã‚’è¿”ã—ã¾ã™ã€‚ + + \return iv_size ssl->specs.iv_sizeã«ä¿æŒã•れã¦ã„る値を返ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -6733,145 +7806,177 @@ ivSize = wolfSSL_GetIVSize(ssl); if(ivSize > 0){ - // ivSize holds the specs.iv_size value. + // ivSizeã¯specs.iv_sizeå€¤ã‚’ä¿æŒã—ã¦ã„ã¾ã™ã€‚ } \endcode + \sa wolfSSL_GetKeySize \sa wolfSSL_GetClientWriteIV \sa wolfSSL_GetServerWriteIV */ -int wolfSSL_GetIVSize(WOLFSSL*); +int wolfSSL_GetIVSize(WOLFSSL* ssl); /*! - \brief - \return success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ãŒWolfSSLオブジェクトã®å´é¢ã«å¿œã˜ã¦wolfssl_server_endã¾ãŸã¯wolfssl_client_endã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®WOLFSSL接続ã®ã‚µã‚¤ãƒ‰(å´)ã®å–å¾—ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + + \return success æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯WOLFSSLオブジェクトã®ã‚µã‚¤ãƒ‰ã«å¿œã˜ã¦ã€WOLFSSL_SERVER_ENDã¾ãŸã¯WOLFSSL_CLIENT_ENDã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetClientWriteKey \sa wolfSSL_GetServerWriteKey */ -int wolfSSL_GetSide(WOLFSSL*); +int wolfSSL_GetSide(WOLFSSL* ssl); /*! - \brief å°‘ãªãã¨ã‚‚TLSãƒãƒ¼ã‚¸ãƒ§ãƒ³1.1以上ã§ã™ã€‚ - \return true/false æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ãŒTRUEã¾ãŸã¯0ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒã€ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒ—ロトコルãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå°‘ãªãã¨ã‚‚TLSãƒãƒ¼ã‚¸ãƒ§ãƒ³1.1以上ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’判断ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return true/false æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯çœŸã®å ´åˆã¯1ã€å½ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetSide */ -int wolfSSL_IsTLSv1_1(WOLFSSL*); +int wolfSSL_IsTLSv1_1(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ã€‚ - \return If ã‚³ãƒ¼ãƒ«ãŒæˆåŠŸã™ã‚‹ã¨ã€wolfssl_cipher_nullã€wolfssl_desã€wolfssl_triple_desã€wolfssl_aesã€wolfssl_aes_gcmã€wolfssl_aes_ccmã€wolfssl_camellia。 - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸãƒãƒ«ã‚¯æš—å·ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã‚’判定ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ + wolfssl_cipher_nullã€wolfssl_desã€wolfssl_triple_desã€wolfssl_aes〠+ wolfssl_aes_gcmã€wolfssl_aes_ccmã€wolfssl_camellia。 + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetCipherBlockSize \sa wolfSSL_GetKeySize */ -int wolfSSL_GetBulkCipher(WOLFSSL*); +int wolfSSL_GetBulkCipher(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã€‚ - \return size 正常ã«ã‚³ãƒ¼ãƒ«ãŒæš—å·ãƒ–ロックサイズã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§æˆ»ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•ã‚ŒãŸæš—å·ãƒ–ロックサイズを判定ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return size æˆåŠŸæ™‚ã€æš—å·ãƒ–ロックサイズã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetCipherBlockSize(WOLFSSL*); +int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã€‚æš—å·ã‚¿ã‚¤ãƒ—ã®wolfssl_aead_typeã®å ´åˆã€‚ - \return size 正常ã«ã‚³ãƒ¼ãƒ«ãŒEAD MACサイズã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§æˆ»ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸaead macサイズを判定ã§ãるよã†ã«ã—ã¾ã™ã€‚æš—å·ã‚¿ã‚¤ãƒ—WOLFSSL_AEAD_TYPE用。 + + \return size æˆåŠŸæ™‚ã€aead macサイズã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetKeySize */ -int wolfSSL_GetAeadMacSize(WOLFSSL*); +int wolfSSL_GetAeadMacSize(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã€‚wolfssl_aead_typeä»¥å¤–ã®æš—å·ã‚¿ã‚¤ãƒ—ã®å ´åˆã€‚ - \return size 正常ã«ã‚³ãƒ¼ãƒ«ãŒï¼ˆH)MACサイズã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§æˆ»ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸ(h)macサイズを判定ã§ãるよã†ã«ã—ã¾ã™ã€‚WOLFSSL_AEAD_TYPEä»¥å¤–ã®æš—å·ã‚¿ã‚¤ãƒ—用。 + + \return size æˆåŠŸæ™‚ã€(h)macサイズã®ãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetHmacSize(WOLFSSL*); +int wolfSSL_GetHmacSize(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã€‚wolfssl_aead_typeä»¥å¤–ã®æš—å·ã‚¿ã‚¤ãƒ—ã®å ´åˆã€‚ - \return If ã‚³ãƒ¼ãƒ«ãŒæˆåŠŸã™ã‚‹ã¨ã€æ¬¡ã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™.MD5ã€SHAã€SHA256ã€SHA384。 - \return BAD_FUNC_ARG エラー状態ã«å¯¾ã—ã¦è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラー状態ã«ã‚‚è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸ(h)macタイプを判定ã§ãるよã†ã«ã—ã¾ã™ã€‚WOLFSSL_AEAD_TYPEä»¥å¤–ã®æš—å·ã‚¿ã‚¤ãƒ—用。 + + \return æˆåŠŸæ™‚ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ + MD5ã€SHAã€SHA256ã€SHA384。 + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + \return SSL_FATAL_ERROR エラー状態ã®å ´åˆã«è¿”ã•れるå¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacSize */ -int wolfSSL_GetHmacType(WOLFSSL*); +int wolfSSL_GetHmacType(WOLFSSL* ssl); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ã€‚ - \return If 正常ã«ã‚³ãƒ¼ãƒ«ã¯æ¬¡ã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™.WolfSSL_BLOCK_TYPEã€WOLFSSL_STREAM_TYPEã€WOLFSSL_AEAD_TYPE。 - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‹ã‚‰ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•ã‚ŒãŸæš—å·ã‚¿ã‚¤ãƒ—を判定ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return æˆåŠŸæ™‚ã€ä»¥ä¸‹ã®ã„ãšã‚Œã‹ã‚’è¿”ã—ã¾ã™ã€‚ + WOLFSSL_BLOCK_TYPEã€WOLFSSL_STREAM_TYPEã€WOLFSSL_AEAD_TYPE。 + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ -int wolfSSL_GetCipherType(WOLFSSL*); +int wolfSSL_GetCipherType(WOLFSSL* ssl); /*! - \brief é€å—ä¿¡çµæžœã¯ã€å°‘ãªãã¨ã‚‚wolfssl_gethmacsize()ãƒã‚¤ãƒˆã§ã‚ã‚‹ã¹ãã§ã‚ã‚‹å†…éƒ¨ã«æ›¸ãè¾¼ã¾ã‚Œã¾ã™ã€‚メッセージã®ã‚µã‚¤ã‚ºã¯SZã§æŒ‡å®šã•れã€å†…容ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ç¨®é¡žã§ã‚ã‚Šã€æ¤œè¨¼ã¯ã“れãŒãƒ”ã‚¢ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ã§ã‚ã‚‹ã‹ã©ã†ã‹ã‚’指定ã—ã¾ã™ã€‚wolfssl_aead_typeã‚’é™¤ãæš—å·ã‚¿ã‚¤ãƒ—ã«æœ‰åйã§ã™ã€‚ - \return 1 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é€å—ä¿¡ã®ãŸã‚ã«Hmac Innerベクトルを設定ã§ãるよã†ã«ã—ã¾ã™ã€‚çµæžœã¯innerã«æ›¸ãè¾¼ã¾ã‚Œã€å°‘ãªãã¨ã‚‚wolfSSL_GetHmacSize()ãƒã‚¤ãƒˆã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚メッセージã®ã‚µã‚¤ã‚ºã¯szã§æŒ‡å®šã•れã€contentã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ã‚¿ã‚¤ãƒ—ã€verifyã¯ã“れãŒãƒ”ã‚¢ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æ¤œè¨¼ã§ã‚ã‚‹ã‹ã‚’指定ã—ã¾ã™ã€‚WOLFSSL_AEAD_TYPEã‚’é™¤ãæš—å·ã‚¿ã‚¤ãƒ—ã§æœ‰åйã§ã™ã€‚ + + \return 1 æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_GetBulkCipher \sa wolfSSL_GetHmacType */ @@ -6879,318 +7984,398 @@ word32 sz, int content, int verify); /*! - \brief コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚INSã¯å…¥åŠ›ãƒãƒƒãƒ•ァーãŒå…¥åŠ›ã®é•·ã•を表ã—ã¾ã™ã€‚OUTã¯ã€ç½²åã®çµæžœã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚る出力ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚OUTSZã¯ã€å‘¼ã³å‡ºã—時ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã™ã‚‹å…¥åŠ›/出力変数ã§ã‚りã€ç½²åã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’戻ã™å‰ã«æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyderã¯ASN1フォーマットã®ECC秘密éµã§ã‚りã€Keyszã¯éµã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myeccsign()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒECCç½²å用ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸæ™‚ã«0ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ã®ä¾¿å®œã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚inã¯ç½²åã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã€inSzã¯å…¥åŠ›ã®é•·ã•を示ã—ã¾ã™ã€‚outã¯ç½²åã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚outSzã¯å…¥å‡ºåŠ›å¤‰æ•°ã§ã€å‘¼ã³å‡ºã—時ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã—ã€è¿”ã™å‰ã«ç½²åã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’ãã“ã«æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyDerã¯ASN1å½¢å¼ã®ECC秘密éµã§ã€keySzã¯éµã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.h myEccSign()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetEccSignCtx \sa wolfSSL_GetEccSignCtx */ void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb); /*! - \brief CTXã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµECCç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ctx æ ¼ç´ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccSignCb \sa wolfSSL_GetEccSignCtx */ void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx); /*! - \brief 以å‰ã«wolfssl_seteccsignctx()ã§ä¿å­˜ã•れã¦ã„ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒä»¥å‰ã«wolfSSL_SetEccSignCtx()ã§æ ¼ç´ã•れãŸå…¬é–‹éµECCç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccSignCb \sa wolfSSL_SetEccSignCtx */ void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl); /*! - \brief CTXã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµECCç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ctx æ ¼ç´ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccSignCb \sa wolfSSL_CTX_GetEccSignCtx */ void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx); /*! - \brief 以å‰ã«wolfssl_seteccsignctx()ã§ä¿å­˜ã•れã¦ã„ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒä»¥å‰ã«wolfSSL_SetEccSignCtx()ã§æ ¼ç´ã•れãŸå…¬é–‹éµECCç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccSignCb \sa wolfSSL_CTX_SetEccSignCtx */ void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx); /*! - \brief コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚SIGã¯æ¤œè¨¼ã®ç½²åã§ã‚りã€SIGSZã¯ç½²åã®é•·ã•を表ã—ã¾ã™ã€‚ãƒãƒƒã‚·ãƒ¥ã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã‚りã€HASHSZã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã‚’æ„味ã—ã¾ã™ã€‚çµæžœã¯ã€æ¤œè¨¼ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›å¤‰æ•°ã€æˆåŠŸã®ãŸã‚ã«1ã€å¤±æ•—ã®ãŸã‚ã«0を記憶ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyderã¯ASN1フォーマットã®ECC秘密éµã§ã‚りã€Keyszã¯ã‚­ãƒ¼ã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myeccverify()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒECC検証用ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸæ™‚ã«0ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ã®ä¾¿å®œã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚sigã¯æ¤œè¨¼ã™ã‚‹ç½²åã§ã€sigSzã¯ç½²åã®é•·ã•を示ã—ã¾ã™ã€‚hashã¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã€hashSzã¯ãƒãƒƒã‚·ãƒ¥ã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§ç¤ºã—ã¾ã™ã€‚resultã¯æ¤œè¨¼ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›å¤‰æ•°ã§ã€æˆåŠŸæ™‚ã¯1ã€å¤±æ•—時ã¯0ã§ã™ã€‚keyDerã¯ASN1å½¢å¼ã®ECC秘密éµã§ã€keySzã¯éµã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.h myEccVerify()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetEccVerifyCtx \sa wolfSSL_GetEccVerifyCtx */ void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb); /*! - \brief CTXã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµECC検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccVerifyCb \sa wolfSSL_GetEccVerifyCtx */ void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx); /*! - \brief 以å‰ã«wolfssl_setecverifyctx()ã§ä¿å­˜ã•れã¦ã„ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒä»¥å‰ã«wolfSSL_SetEccVerifyCtx()ã§æ ¼ç´ã•れãŸå…¬é–‹éµECC検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetEccVerifyCb \sa wolfSSL_SetEccVerifyCtx */ void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl); /*! - \brief コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚INSã¯å…¥åŠ›ãƒãƒƒãƒ•ァーãŒå…¥åŠ›ã®é•·ã•を表ã—ã¾ã™ã€‚OUTã¯ã€ç½²åã®çµæžœã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚る出力ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚OUTSZã¯ã€å‘¼ã³å‡ºã—時ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã™ã‚‹å…¥åŠ›/出力変数ã§ã‚りã€ç½²åã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’戻ã™å‰ã«æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyderã¯ASN1フォーマットã®RSA秘密éµã§ã‚りã€Keyszã¯ãƒã‚¤ãƒˆæ•°ã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myrsasign()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒRSAç½²å用ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸæ™‚ã«0ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ã®ä¾¿å®œã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚inã¯ç½²åã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã€inSzã¯å…¥åŠ›ã®é•·ã•を示ã—ã¾ã™ã€‚outã¯ç½²åã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚outSzã¯å…¥å‡ºåŠ›å¤‰æ•°ã§ã€å‘¼ã³å‡ºã—時ã®å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã—ã€è¿”ã™å‰ã«ç½²åã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’ãã“ã«æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyDerã¯ASN1å½¢å¼ã®RSA秘密éµã§ã€keySzã¯éµã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.h myRsaSign()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetRsaSignCtx \sa wolfSSL_GetRsaSignCtx */ void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb); /*! - \brief ctxã«ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµRSAç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaSignCb \sa wolfSSL_GetRsaSignCtx */ void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx); /*! - \brief 以å‰ã«wolfssl_setrsAsignctx()ã§ä¿å­˜ã•れã¦ã„ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒä»¥å‰ã«wolfSSL_SetRsaSignCtx()ã§æ ¼ç´ã•れãŸå…¬é–‹éµRSAç½²åコールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaSignCb \sa wolfSSL_SetRsaSignCtx */ void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl); /*! - \brief コールãƒãƒƒã‚¯ã¯ã€æˆåŠŸã®ãŸã‚ã®å¹³æ–‡ãƒã‚¤ãƒˆæ•°ã¾ãŸã¯<0エラーã®å ´åˆã¯<0ã‚’è¿”ã™ã¹ãã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚SIGã¯æ¤œè¨¼ã®ç½²åã§ã‚りã€SIGSZã¯ç½²åã®é•·ã•を表ã—ã¾ã™ã€‚復å·åŒ–プロセスã¨ãƒ‘ディングã®å¾Œã«æ¤œè¨¼ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyderã¯ASN1å½¢å¼ã®RSA公開éµã§ã‚りã€Keyszã¯ã‚­ãƒ¼ã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myrsaverify()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒRSA検証用ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸæ™‚ã«å¹³æ–‡ã®ãƒã‚¤ãƒˆæ•°ã€ã‚¨ãƒ©ãƒ¼æ™‚ã«0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ã®ä¾¿å®œã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚sigã¯æ¤œè¨¼ã™ã‚‹ç½²åã§ã€sigSzã¯ç½²åã®é•·ã•を示ã—ã¾ã™ã€‚outã¯å¾©å·ãƒ—ロセスã¨ãƒ‘ディングã®å¾Œã€æ¤œè¨¼ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyDerã¯ASN1å½¢å¼ã®RSA公開éµã§ã€keySzã¯éµã®é•·ã•ã‚’ãƒã‚¤ãƒˆå˜ä½ã§è¡¨ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.h myRsaVerify()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 + \sa wolfSSL_SetRsaVerifyCtx \sa wolfSSL_GetRsaVerifyCtx */ -void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb); +void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb);/*! + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµRSA検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ -/*! - \brief CTXã¸ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaVerifyCb \sa wolfSSL_GetRsaVerifyCtx */ void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx); /*! - \brief 以å‰ã«wolfssl_setrsaverifyctx()ã§ä¿å­˜ã•れã¦ã„ãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒwolfSSL_SetRsaVerifyCtx()ã§ä»¥å‰ã«ä¿å­˜ã•れãŸå…¬é–‹éµRSA検証コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«å¯¾ã—ã¦è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaVerifyCb \sa wolfSSL_SetRsaVerifyCtx */ void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl); /*! - \brief æš—å·åŒ–ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’è¿”ã™ã‹ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯<0ã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚INã¯å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ãŒã€INSZã¯å…¥åŠ›ã®é•·ã•を表ã—ã¾ã™ã€‚æš—å·åŒ–ã®çµæžœã‚’ä¿å­˜ã™ã‚‹å¿…è¦ãŒã‚る出力ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚OUTSZã¯ã€å‘¼ã³å‡ºã—時ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã™ã‚‹å…¥åŠ›/出力変数ã§ã‚ã‚Šã€æš—å·åŒ–ã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã¯æˆ»ã£ã¦å‰ã«æ ¼ç´ã•れるã¹ãã§ã™ã€‚keyderã¯ASN1å½¢å¼ã®RSA公開éµã§ã‚りã€Keyszã¯ã‚­ãƒ¼ã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚例コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myrsaenc()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒRSA公開暗å·åŒ–ã®ãŸã‚ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯0ã‚’ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚inã¯æš—å·åŒ–ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã€inSzã¯å…¥åŠ›ã®é•·ã•を示ã—ã¾ã™ã€‚outã¯æš—å·åŒ–ã®çµæžœã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚outSzã¯å…¥å‡ºåŠ›å¤‰æ•°ã§ã€å‘¼ã³å‡ºã—時ã«å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’指定ã—ã€æˆ»ã‚‹å‰ã«æš—å·åŒ–ã®å®Ÿéš›ã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyDerã¯ASN1å½¢å¼ã®RSA公開éµã§ã€keySzã¯ãƒã‚¤ãƒˆå˜ä½ã®éµã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.hã®myRsaEnc()ã«ã‚りã¾ã™ã€‚ - _Example_ + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 + + _Examples_ \code none \endcode + \sa wolfSSL_SetRsaEncCtx \sa wolfSSL_GetRsaEncCtx */ void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb); /*! - \brief CTXã¸ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµRSA公開暗å·åŒ–コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaEncCb \sa wolfSSL_GetRsaEncCtx */ void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx); /*! - \brief コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€wolfssl_setrsaencctx()ã§ä»¥å‰ã«ä¿å­˜ã•れã¦ã„ã¾ã—ãŸã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒwolfSSL_SetRsaEncCtx()ã§ä»¥å‰ã«ä¿å­˜ã•れãŸå…¬é–‹éµRSA公開暗å·åŒ–コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«å¯¾ã—ã¦è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaEncCb \sa wolfSSL_SetRsaEncCtx */ void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl); /*! - \brief 復å·åŒ–ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ã€æˆåŠŸã®ãŸã‚ã®å¹³æ–‡ãƒã‚¤ãƒˆæ•°ã¾ãŸã¯<0エラーã®å ´åˆã¯<0ã‚’è¿”ã™ã¹ãã§ã™ã€‚SSLã¨CTXãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã«åˆ©ç”¨ã§ãã¾ã™ã€‚INã¯ã€å¾©å·åŒ–ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ãŒå…¥åŠ›ã®é•·ã•を表ã—ã¾ã™ã€‚復å·åŒ–プロセスãŠã‚ˆã³ä»»æ„ã®ãƒ‘ディングã®å¾Œã€å¾©å·åŒ–ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyderã¯ASN1フォーマットã®RSA秘密éµã§ã‚りã€Keyszã¯ãƒã‚¤ãƒˆæ•°ã®ã‚­ãƒ¼ã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯ã€wolfssl / test.h myrsadec()を見ã¤ã‘ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ + \brief 呼ã³å‡ºã—å…ƒãŒRSA秘密復å·ã®ãŸã‚ã®å…¬é–‹éµã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã§ãるよã†ã«ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯æˆåŠŸã®å ´åˆã¯å¹³æ–‡ã®ãƒã‚¤ãƒˆæ•°ã‚’ã€ã‚¨ãƒ©ãƒ¼ã®å ´åˆã¯0未満を返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚sslã¨ctxãƒã‚¤ãƒ³ã‚¿ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®åˆ©ä¾¿æ€§ã®ãŸã‚ã«åˆ©ç”¨å¯èƒ½ã§ã™ã€‚inã¯å¾©å·ã™ã‚‹å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã§ã€inSzã¯å…¥åŠ›ã®é•·ã•を示ã—ã¾ã™ã€‚outã¯å¾©å·å‡¦ç†ã¨ãƒ‘ディングã®å¾Œã€å¾©å·ãƒãƒƒãƒ•ã‚¡ã®å…ˆé ­ã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚keyDerã¯ASN1å½¢å¼ã®RSA秘密éµã§ã€keySzã¯ãƒã‚¤ãƒˆå˜ä½ã®éµã®é•·ã•ã§ã™ã€‚コールãƒãƒƒã‚¯ã®ä¾‹ã¯wolfssl/test.hã®myRsaDec()ã«ã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_SetRsaDecCtx \sa wolfSSL_GetRsaDecCtx */ void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb); /*! - \brief CTXã¸ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒå…¬é–‹éµRSA秘密復å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’ctxã«è¨­å®šã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaDecCb \sa wolfSSL_GetRsaDecCtx */ void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx); /*! - \brief コールãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€wolfssl_setrsadecctx()ã§ä»¥å‰ã«ä¿å­˜ã•れã¦ã„ã¾ã—ãŸã€‚ - \return pointer 正常ã«ã‚³ãƒ¼ãƒ«ãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 空白ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief 呼ã³å‡ºã—å…ƒãŒwolfSSL_SetRsaDecCtx()ã§ä»¥å‰ã«ä¿å­˜ã•れãŸå…¬é–‹éµRSA秘密復å·ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’å–å¾—ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®æœ‰åйãªãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL 空ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«å¯¾ã—ã¦è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_CTX_SetRsaDecCb \sa wolfSSL_SetRsaDecCtx */ void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); /*! - \brief æ–°ã—ã„CA証明書ãŒWolfSSLã«ãƒ­ãƒ¼ãƒ‰ã•れãŸã¨ãã«å‘¼ã³å‡ºã•れる(WolfSSL_CTX)。コールãƒãƒƒã‚¯ã«ã¯ã€ç¬¦å·åŒ–ã•れãŸè¨¼æ˜Žæ›¸ã‚’æŒã¤ãƒãƒƒãƒ•ã‚¡ãŒä¸Žãˆã‚‰ã‚Œã¾ã™ã€‚ - \return none è¿”å“ä¸å¯ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æ–°ã—ã„CA証明書ãŒwolfSSLã«ãƒ­ãƒ¼ãƒ‰ã•れãŸã¨ãã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã‚’SSLコンテキスト(WOLFSSL_CTX)ã«ç™»éŒ²ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã«ã¯DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ãŒæ¸¡ã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param callback wolfSSLコンテキストctxã®CAコールãƒãƒƒã‚¯ã¨ã—ã¦ç™»éŒ²ã•れる関数。ã“ã®é–¢æ•°ã®ã‚·ã‚°ãƒãƒãƒ£ã¯ã€ä¸Šè¨˜ã®æ¦‚è¦ã‚»ã‚¯ã‚·ãƒ§ãƒ³ã«ç¤ºã•れã¦ã„ã‚‹ã‚‚ã®ã«å¾“ã†å¿…è¦ãŒã‚りã¾ã™ã€‚ _Example_ \code WOLFSSL_CTX* ctx = 0; - // CA callback prototype + // CAコールãƒãƒƒã‚¯ã®ãƒ—ロトタイプ int MyCACallback(unsigned char *der, int sz, int type); - // Register the custom CA callback with the SSL context + // SSLコンテキストã«ã‚«ã‚¹ã‚¿ãƒ CAコールãƒãƒƒã‚¯ã‚’登録 wolfSSL_CTX_SetCACb(ctx, MyCACallback); int MyCACallback(unsigned char* der, int sz, int type) { - // custom CA callback function, DER-encoded cert - // located in “der†of size “sz†with type “type†+ // カスタムCAコールãƒãƒƒã‚¯é–¢æ•°ã€DERエンコードã•れãŸè¨¼æ˜Žæ›¸ã¯ + // サイズszã®"der"ã«æ ¼ç´ã•れã€ã‚¿ã‚¤ãƒ—ã¯"type" } \endcode + \sa wolfSSL_CTX_load_verify_locations */ void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb); /*! \ingroup CertManager - \brief æ–°ã—ã„証明書マãƒãƒ¼ã‚¸ãƒ£ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€SSLã®ãƒ‹ãƒ¼ã‚ºã¨ã¯ç„¡é–¢ä¿‚ã«ä½¿ç”¨ã§ãã¾ã™ã€‚証明書をロードã—ãŸã‚Šã€è¨¼æ˜Žæ›¸ã‚’確èªã—ãŸã‚Šã€å¤±åŠ¹çŠ¶æ³ã‚’確èªã—ãŸã‚Šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return WOLFSSL_CERT_MANAGER 正常ã«ã‚³ãƒ¼ãƒ«ãŒæœ‰åйãªwolfssl_cert_managerãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ + \brief æ–°ã—ã„証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯SSLã®å¿…è¦æ€§ã¨ã¯ç‹¬ç«‹ã—ã¦ä½¿ç”¨ã§ãã¾ã™ã€‚証明書ã®ãƒ­ãƒ¼ãƒ‰ã€è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã€å¤±åŠ¹ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã®ãƒã‚§ãƒƒã‚¯ã«ä½¿ç”¨ã§ãã¾ã™ã€‚ + + \return WOLFSSL_CERT_MANAGER æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æœ‰åйãªWOLFSSL_CERT_MANAGERãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 + \sa wolfSSL_CertManagerFree */ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap); /*! \ingroup CertManager - \brief æ–°ã—ã„証明書マãƒãƒ¼ã‚¸ãƒ£ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€SSLã®ãƒ‹ãƒ¼ã‚ºã¨ã¯ç„¡é–¢ä¿‚ã«ä½¿ç”¨ã§ãã¾ã™ã€‚証明書をロードã—ãŸã‚Šã€è¨¼æ˜Žæ›¸ã‚’確èªã—ãŸã‚Šã€å¤±åŠ¹çŠ¶æ³ã‚’確èªã—ãŸã‚Šã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return WOLFSSL_CERT_MANAGER 正常ã«ã‚³ãƒ¼ãƒ«ãŒæœ‰åйãªwolfssl_cert_managerãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã«æˆ»ã‚Šã¾ã™ã€‚ + \brief æ–°ã—ã„証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ã“ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯SSLã®å¿…è¦æ€§ã¨ã¯ç‹¬ç«‹ã—ã¦ä½¿ç”¨ã§ãã¾ã™ã€‚証明書ã®ãƒ­ãƒ¼ãƒ‰ã€è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã€å¤±åŠ¹ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã®ãƒã‚§ãƒƒã‚¯ã«ä½¿ç”¨ã§ãã¾ã™ã€‚ + + \return WOLFSSL_CERT_MANAGER æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æœ‰åйãªWOLFSSL_CERT_MANAGERãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL エラー状態ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code @@ -7199,17 +8384,21 @@ WOLFSSL_CERT_MANAGER* cm; cm = wolfSSL_CertManagerNew(); if (cm == NULL) { - // error creating new cert manager + // æ–°ã—ã„証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã®ä½œæˆã‚¨ãƒ©ãƒ¼ } \endcode + \sa wolfSSL_CertManagerFree */ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); /*! \ingroup CertManager - \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«é–¢é€£ä»˜ã‘られã¦ã„ã‚‹ã™ã¹ã¦ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚証明書マãƒãƒ¼ã‚¸ãƒ£ã‚’使用ã™ã‚‹å¿…è¦ãŒãªããªã‚‹ã¨ãã«ã“れを呼ã³å‡ºã—ã¾ã™ã€‚ - \return none + \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã«é–¢é€£ã™ã‚‹ã™ã¹ã¦ã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ã¾ã™ã€‚証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã‚’使用ã™ã‚‹å¿…è¦ãŒãªããªã£ãŸã¨ãã«ã“れを呼ã³å‡ºã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7219,22 +8408,26 @@ ... wolfSSL_CertManagerFree(cm); \endcode + \sa wolfSSL_CertManagerNew */ -void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); +void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager - \brief Managerコンテキストã¸ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã®å ´æ‰€ã‚’指定ã—ã¾ã™ã€‚PEM証明書カフェイルã«ã¯ã€è¤‡æ•°ã®ä¿¡é ¼ã§ãã‚‹CA証明書ãŒå«ã¾ã‚Œã¦ã„ã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚capathãŒnullã§ãªã„å ´åˆã€PEMå½¢å¼ã®CA証明書をå«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã€é€šè©±ãŒæˆ»ã‚Šã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return SSL_FATAL_ERROR - 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param file ロードã™ã‚‹CA証明書をå«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®CA証明書ロードã®å ´æ‰€ã‚’指定ã—ã¾ã™ã€‚PEM証明書CAfileã«ã¯è¤‡æ•°ã®ä¿¡é ¼ã•れãŸCA証明書をå«ã‚ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚CApathãŒNULLã§ãªã„å ´åˆã€PEMå½¢å¼ã®CA証明書をå«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’指定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE ファイルã®å½¢å¼ãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³ã®çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + \return SSL_FATAL_ERROR 失敗時ã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param file ロードã™ã‚‹CA証明書をå«ã‚€ãƒ•ァイルåã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path ロードã™ã‚‹CA証明書をå«ã‚€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒ‘スã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚証明書ディレクトリãŒä¸è¦ãªå ´åˆã¯NULLãƒã‚¤ãƒ³ã‚¿ã‚’使用ã§ãã¾ã™ã€‚ _Example_ \code @@ -7243,11 +8436,12 @@ int ret = 0; WOLFSSL_CERT_MANAGER* cm; ... - ret = wolfSSL_CertManagerLoadCA(cm, “path/to/cert-file.pemâ€, 0); + ret = wolfSSL_CertManagerLoadCA(cm, "path/to/cert-file.pem", 0); if (ret != SSL_SUCCESS) { - // error loading CA certs into cert manager + // 証明書マãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã¸ã®CA証明書ã®ãƒ­ãƒ¼ãƒ‰ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wolfSSL_CertManagerVerify */ int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* f, @@ -7255,12 +8449,15 @@ /*! \ingroup CertManager - \brief wolfssl_ctx_load_verify_bufferを呼ã³å‡ºã—ã¦ã€é–¢æ•°ã«æ¸¡ã•れãŸCMå†…ã®æƒ…報を失ã†ã“ã¨ãªã一時的ãªCMを使用ã—ã¦ãã®çµæžœã‚’è¿”ã™ã“ã¨ã«ã‚ˆã£ã¦CAãƒãƒƒãƒ•ァをロードã—ã¾ã™ã€‚ - \return SSL_FATAL_ERROR wolfssl_cert_manager構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯wolfSSL_CTX_new()ãŒNULLã‚’è¿”ã™å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã™ã‚‹ãŸã‚ã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param in CERT情報用ã®ãƒãƒƒãƒ•ァー。 - \param sz ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \brief wolfSSL_CTX_load_verify_bufferを呼ã³å‡ºã—ã€é–¢æ•°ã«æ¸¡ã•れãŸcmã®æƒ…報を失ã‚ãªã„よã†ã«ä¸€æ™‚çš„ãªcmを使用ã—ã¦ãã®çµæžœã‚’è¿”ã™ã“ã¨ã§ã€CAãƒãƒƒãƒ•ァをロードã—ã¾ã™ã€‚ + + \return SSL_FATAL_ERROR WOLFSSL_CERT_MANAGER構造体ãŒNULLã€ã¾ãŸã¯wolfSSL_CTX_new()ãŒNULLã‚’è¿”ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_SUCCESS 正常ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param in 証明書情報ã®ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 + \param format 証明書ã®å½¢å¼ã€PEMã¾ãŸã¯DER。 _Example_ \code @@ -7271,79 +8468,115 @@ int format; … if(wolfSSL_CertManagerLoadCABuffer(vp, sz, format) != SSL_SUCCESS){ - Error returned. Failure case code block. + // エラーãŒè¿”ã•れã¾ã—ãŸã€‚失敗ケースã®ã‚³ãƒ¼ãƒ‰ãƒ–ロック。 } \endcode + \sa wolfSSL_CTX_load_verify_buffer \sa ProcessChainBuffer \sa ProcessBuffer \sa cm_pick_method */ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm, - const unsigned char* in, long sz, int format); + const unsigned char* buff, long sz, + int format); /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯CAç½²å者リストをアンロードã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_managerãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E ミューテックスエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯CAç½²å者リストをアンロードã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ã®æ­£å¸¸ãªå®Ÿè¡Œæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code #include WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method); - WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew(); + WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx); ... - if(wolfSSL_CertManagerUnloadCAs(ctx->cm) != SSL_SUCCESS){ - Failure case. + if(wolfSSL_CertManagerUnloadCAs(cm) != SSL_SUCCESS){ + // 失敗ケース。 } \endcode - \sa FreeSignerTable + \sa UnlockMutex */ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager - \brief 関数ã¯ä¿¡é ¼ã§ãるピアリンクリストを解放ã—ã€ä¿¡é ¼ã§ãるピアリストã®ãƒ­ãƒƒã‚¯ã‚’解除ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆ - \return BAD_FUNC_ARG wolfssl_cert_managerãŒnullã®å ´åˆ - \return BAD_MUTEX_E ミューテックスエラーTPLOCKã§ã¯ã€WOLFSSL_CERT_MANAGER構造体ã®ãƒ¡ãƒ³ãƒãƒ¼ã¯0(ニル)ã§ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯CAç½²å者リストã«è¿½åŠ ã•れãŸä¸­é–“証明書をアンロードã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ã®æ­£å¸¸ãªå®Ÿè¡Œæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code #include - WOLFSSL_CTX* ctx = wolfSSL_CTX_new(Protocol define); + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method); + WOLFSSL_CERT_MANAGER* cm = wolfSSL_CTX_GetCertManager(ctx); + ... + if(wolfSSL_CertManagerUnloadIntermediateCerts(cm) != SSL_SUCCESS){ + // 失敗ケース。 + } + \endcode + + \sa UnlockMutex +*/ +int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm);/*! + \ingroup CertManager + \brief ã“ã®é–¢æ•°ã¯ã€Trusted Peerリンクリストを解放ã—ã€ãƒˆãƒ©ã‚¹ãƒ†ãƒƒãƒ‰ãƒ”アリストã®ãƒ­ãƒƒã‚¯ã‚’解除ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Œäº†ã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã€‚ + \return BAD_MUTEX_E WOLFSSL_CERT_MANAGER構造体ã®ãƒ¡ãƒ³ãƒã§ã‚ã‚‹tpLockãŒ0(null)ã®å ´åˆã€mutexエラー。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + #include + + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define); WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew(); ... if(wolfSSL_CertManagerUnload_trust_peers(cm) != SSL_SUCCESS){ - The function did not execute successfully. + // é–¢æ•°ã¯æ­£å¸¸ã«å®Ÿè¡Œã•れã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa UnLockMutex */ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager - \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§ç¢ºèªã™ã‚‹è¨¼æ˜Žæ›¸ã‚’指定ã—ã¾ã™ã€‚フォーマットã¯SSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1ã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E ç½²åãŒæ¤œè¨¼ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åã®ç¨®é¡žãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return CRL_CERT_REVOKED ã“ã®è¨¼æ˜Žæ›¸ãŒå–り消ã•れãŸå ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return CRL_MISSING ç¾åœ¨ã®ç™ºè¡Œè€…CRLãŒåˆ©ç”¨ã§ããªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒå‰æ—¥ã®å‰ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒå¾Œã®æ—¥ä»˜ã®å¾Œã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param fname 検証ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief Certificate Managerã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§æ¤œè¨¼ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’指定ã—ã¾ã™ã€‚フォーマットã¯SSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1を指定ã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return ASN_SIG_CONFIRM_E ç½²åを検証ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_SIG_OID_E ç½²åタイプãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return CRL_CERT_REVOKED ã“ã®è¨¼æ˜Žæ›¸ãŒå¤±åйã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + \return CRL_MISSING ç¾åœ¨ã®ç™ºè¡Œè€…CRLãŒåˆ©ç”¨ã§ããªã„å ´åˆã«è¿”ã•れるエラー。 + \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒbefore dateよりå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒafter dateより後ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE ファイルã®ãƒ•ォーマットãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラー。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param fname 検証ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒ•ァイルã®åå‰ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param format 検証ã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒ•ォーマット - SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code @@ -7351,12 +8584,13 @@ WOLFSSL_CERT_MANAGER* cm; ... - ret = wolfSSL_CertManagerVerify(cm, “path/to/cert-file.pemâ€, + ret = wolfSSL_CertManagerVerify(cm, "path/to/cert-file.pem", SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - error verifying certificate + // è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wolfSSL_CertManagerLoadCA \sa wolfSSL_CertManagerVerifyBuffer */ @@ -7365,22 +8599,25 @@ /*! \ingroup CertManager - \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’使用ã—ã¦ç¢ºèªã™ã‚‹è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァを指定ã—ã¾ã™ã€‚フォーマットã¯SSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1ã«ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_CONFIRM_E ç½²åãŒæ¤œè¨¼ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_SIG_OID_E ç½²åã®ç¨®é¡žãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return CRL_CERT_REVOKED ã“ã®è¨¼æ˜Žæ›¸ãŒå–り消ã•れãŸå ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return CRL_MISSING ç¾åœ¨ã®ç™ºè¡Œè€…CRLãŒåˆ©ç”¨ã§ããªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒå‰æ—¥ã®å‰ã«ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒå¾Œã®æ—¥ä»˜ã®å¾Œã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILETYPE ファイルãŒé–“é•ã£ãŸå½¢å¼ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚読ã¿è¾¼ã‚ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã¾ã›ã‚“。 - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return ASN_INPUT_E base16デコードãŒãƒ•ァイルã«å¯¾ã—ã¦å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buff 検証ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€BUF。 + \brief Certificate Managerã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã§æ¤œè¨¼ã™ã‚‹è¨¼æ˜Žæ›¸ãƒãƒƒãƒ•ァを指定ã—ã¾ã™ã€‚フォーマットã¯SSL_FILETYPE_PEMã¾ãŸã¯SSL_FILETYPE_ASN1を指定ã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return ASN_SIG_CONFIRM_E ç½²åを検証ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_SIG_OID_E ç½²åタイプãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return CRL_CERT_REVOKED ã“ã®è¨¼æ˜Žæ›¸ãŒå¤±åйã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + \return CRL_MISSING ç¾åœ¨ã®ç™ºè¡Œè€…CRLãŒåˆ©ç”¨ã§ããªã„å ´åˆã«è¿”ã•れるエラー。 + \return ASN_BEFORE_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒbefore dateよりå‰ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_AFTER_DATE_E ç¾åœ¨ã®æ—¥ä»˜ãŒafter dateより後ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILETYPE ファイルã®ãƒ•ォーマットãŒé–“é•ã£ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_BAD_FILE ファイルãŒå­˜åœ¨ã—ãªã„ã€èª­ã¿å–れãªã„ã€ã¾ãŸã¯ç ´æã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return ASN_INPUT_E ファイルã®Base16デコードã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラー。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buff 検証ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’å«ã‚€ãƒãƒƒãƒ•ァ。 + \param sz ãƒãƒƒãƒ•ã‚¡bufã®ã‚µã‚¤ã‚ºã€‚ + \param format buf内ã«ã‚る検証ã™ã‚‹è¨¼æ˜Žæ›¸ã®ãƒ•ォーマット - SSL_FILETYPE_ASN1ã¾ãŸã¯SSL_FILETYPE_PEM。 _Example_ \code @@ -7394,10 +8631,11 @@ ret = wolfSSL_CertManagerVerifyBuffer(cm, certBuff, sz, SSL_FILETYPE_PEM); if (ret != SSL_SUCCESS) { - error verifying certificate + // è¨¼æ˜Žæ›¸ã®æ¤œè¨¼ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wolfSSL_CertManagerLoadCA \sa wolfSSL_CertManagerVerify */ @@ -7406,63 +8644,74 @@ /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒžãƒãƒ¼ã‚¸ãƒ£ãƒ¼ã®verifyCallback関数を設定ã—ã¾ã™ã€‚存在ã™ã‚‹å ´åˆã€ãれã¯ãƒ­ãƒ¼ãƒ‰ã•れãŸå„CERTã«å¯¾ã—ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚検証エラーãŒã‚ã‚‹å ´åˆã¯ã€æ¤œè¨¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’使用ã—ã¦ã‚¨ãƒ©ãƒ¼ã‚’éŽåº¦ã«ä¹—り越ãˆã¾ã™ã€‚ - \return none è¿”å“ä¸å¯ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€Certificate Manager内ã«verifyCallback関数を設定ã—ã¾ã™ã€‚存在ã™ã‚‹å ´åˆã€ãƒ­ãƒ¼ãƒ‰ã•れãŸå„証明書ã«å¯¾ã—ã¦å‘¼ã³å‡ºã•れã¾ã™ã€‚検証エラーãŒã‚ã‚‹å ´åˆã€verify callbackを使用ã—ã¦ã‚¨ãƒ©ãƒ¼ã‚’オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã§ãã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param verify_callback コールãƒãƒƒã‚¯ãƒ«ãƒ¼ãƒãƒ³ã¸ã®VerifyCallback関数ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code #include int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) - { // do custom verification of certificate } + { // 証明書ã®ã‚«ã‚¹ã‚¿ãƒ æ¤œè¨¼ã‚’実行 } - WOLFSSL_CTX* ctx = wolfSSL_CTX_new(Protocol define); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new(Protocol define); WOLFSSL_CERT_MANAGER* cm = wolfSSL_CertManagerNew(); ... wolfSSL_CertManagerSetVerify(cm, myVerify); \endcode + \sa wolfSSL_CertManagerVerify */ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, - VerifyCallback vc); + VerifyCallback verify_callback); /*! - \brief CRLリスト。 - \return SSL_SUCCESS 関数ãŒäºˆæƒ³ã©ãŠã‚Šã«è¿”ã•れãŸå ´åˆã¯è¿”ã—ã¾ã™ã€‚wolfssl_cert_manager構造体ã®CRLENABLEDメンãƒãƒ¼ãŒã‚ªãƒ³ã«ãªã£ã¦ã„ã‚‹å ´åˆã€‚ - \return MEMORY_E 割り当ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªãŒå¤±æ•—ã—ãŸå ´åˆã¯è¿”ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_managerãŒnullã®å ´åˆ - \param cm wolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param der DERフォーマット証明書ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйãªå ´åˆã€CRLã‚’ãƒã‚§ãƒƒã‚¯ã—ã€è¨¼æ˜Žæ›¸ã‚’CRLãƒªã‚¹ãƒˆã¨æ¯”較ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæœŸå¾…ã©ãŠã‚Šã«æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGER構造体ã®crlEnabledメンãƒãŒã‚ªãƒ³ã«ãªã£ã¦ã„ã‚‹å ´åˆã€‚ + \return MEMORY_E 割り当ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã€‚ + + \param cm WOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param der DERフォーマットã®è¨¼æ˜Žæ›¸ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz 証明書ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code WOLFSSL_CERT_MANAGER* cm; byte* der; - int sz; // size of der + int sz; // derã®ã‚µã‚¤ã‚º ... if(wolfSSL_CertManagerCheckCRL(cm, der, sz) != SSL_SUCCESS){ - // Error returned. Deal with failure case. + // エラーãŒè¿”ã•れã¾ã—ãŸã€‚失敗ケースを処ç†ã€‚ } \endcode + \sa CheckCertCRL \sa ParseCertRelative \sa wolfSSL_CertManagerSetCRL_CB \sa InitDecodedCert */ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager - \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ã‚’使用ã—ã¦è¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ã¨ãã«è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã®ç¢ºèªã‚’オンã«ã—ã¾ã™ã€‚デフォルトã§ã¯ã€CRLãƒã‚§ãƒƒã‚¯ã¯ã‚ªãƒ•ã§ã™ã€‚オプションã«ã¯ã€wolfssl_crl_checkallãŒå«ã¾ã‚Œã¾ã™ã€‚ã“れã¯ã€ãƒã‚§ãƒ¼ãƒ³å†…ã®å„証明書ã«å¯¾ã—ã¦CRL検査を実行ã—ã¾ã™ã€‚ã“れã¯ãƒ‡ãƒ•ォルトã§ã‚るリーフ証明書ã®ã¿ã§ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã€é€šè©±ãŒæˆ»ã‚Šã¾ã™ã€‚ - \return NOT_COMPILED_IN WolfSSLãŒCRLを有効ã«ã—ã¦æ§‹ç¯‰ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \return SSL_FAILURE CRLコンテキストを正ã—ãåˆæœŸåŒ–ã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief Certificate Managerã§è¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹éš›ã«ã€Certificate Revocation Listãƒã‚§ãƒƒã‚¯ã‚’オンã«ã—ã¾ã™ã€‚デフォルトã§ã¯ã€CRLãƒã‚§ãƒƒã‚¯ã¯ã‚ªãƒ•ã§ã™ã€‚optionsã«ã¯ã€ãƒªãƒ¼ãƒ•証明書ã®ã¿(デフォルト)ã§ã¯ãªããƒã‚§ãƒ¼ãƒ³å†…ã®å„証明書ã«å¯¾ã—ã¦CRLãƒã‚§ãƒƒã‚¯ã‚’実行ã™ã‚‹WOLFSSL_CRL_CHECKALLãŒå«ã¾ã‚Œã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æˆ»ã‚Šã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒCRLを有効ã«ã—ã¦ãƒ“ルドã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリä¸è¶³çŠ¶æ…‹ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラー。 + \return SSL_FAILURE CRLコンテキストをé©åˆ‡ã«åˆæœŸåŒ–ã§ããªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param options Certification Manager(cm)を有効ã«ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ã‚ªãƒ—ション。 _Example_ \code @@ -7474,11 +8723,12 @@ ret = wolfSSL_CertManagerEnableCRL(cm, 0); if (ret != SSL_SUCCESS) { - error enabling cert manager + // cert managerã®æœ‰åŠ¹åŒ–ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CertManagerDisableCRL */ int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, @@ -7486,9 +8736,12 @@ /*! \ingroup CertManager - \brief 証明書マãƒãƒ¼ã‚¸ãƒ£ã‚’使用ã—ã¦è¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹ã¨ãã«è¨¼æ˜Žæ›¸å¤±åŠ¹ãƒªã‚¹ãƒˆã®ç¢ºèªã‚’オフã«ã—ã¾ã™ã€‚デフォルトã§ã¯ã€CRLãƒã‚§ãƒƒã‚¯ã¯ã‚ªãƒ•ã§ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã—ã¦ã€ã“ã®Certificate Managerコンテキストを使用ã—ã¦CRL検査を一時的ã¾ãŸã¯æ’ä¹…çš„ã«ç„¡åйã«ã—ã¦ã€ä»¥å‰ã¯CRLæ¤œæŸ»ãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã—ãŸã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã€é€šè©±ãŒæˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + \brief Certificate Managerã§è¨¼æ˜Žæ›¸ã‚’検証ã™ã‚‹éš›ã«ã€Certificate Revocation Listãƒã‚§ãƒƒã‚¯ã‚’オフã«ã—ã¾ã™ã€‚デフォルトã§ã¯ã€CRLãƒã‚§ãƒƒã‚¯ã¯ã‚ªãƒ•ã§ã™ã€‚ã“ã®é–¢æ•°ã‚’使用ã—ã¦ã€ä»¥å‰ã«CRLãƒã‚§ãƒƒã‚¯ã‚’有効ã«ã—ã¦ã„ãŸã“ã®Certificate Managerコンテキストã«å¯¾ã—ã¦ã€CRLãƒã‚§ãƒƒã‚¯ã‚’一時的ã¾ãŸã¯æ°¸ç¶šçš„ã«ç„¡åйã«ã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æˆ»ã‚Šã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ãƒã‚¤ãƒ³ã‚¿ãŒæä¾›ã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れるエラー。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7499,26 +8752,29 @@ ... ret = wolfSSL_CertManagerDisableCRL(cm); if (ret != SSL_SUCCESS) { - error disabling cert manager + // cert managerã®ç„¡åŠ¹åŒ–ã‚¨ãƒ©ãƒ¼ } ... \endcode + \sa wolfSSL_CertManagerEnableCRL */ -int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager - \brief 証明書ã®å¤±åŠ¹ç¢ºèªã®ãŸã‚ã«è¨¼æ˜Žæ›¸ã‚’CRLã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹éš›ã«ã‚¨ãƒ©ãƒ¼ãƒã‚§ãƒƒã‚¯ã‚’行ã„ã€ãã®å¾Œè¨¼æ˜Žæ›¸ã‚’LoadCRL()ã¸æ¸¡ã—ã¾ã™ã€‚ + \brief エラーãƒã‚§ãƒƒã‚¯ã‚’行ã„ã€LoadCRL()ã«æ¸¡ã—ã¦å¤±åйãƒã‚§ãƒƒã‚¯ã®ãŸã‚ã«CRLã«è¨¼æ˜Žæ›¸ã‚’ロードã—ã¾ã™ã€‚æ›´æ–°ã•れãŸCRLをロードã™ã‚‹ã«ã¯ã€ã¾ãšwolfSSL_CertManagerFreeCRLを呼ã³å‡ºã—ã¦ã‹ã‚‰ã€æ–°ã—ã„CRLをロードã—ã¾ã™ã€‚ - \return SSL_SUCCESS wolfSSL_CertManagerLoadCRLã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã›ãšã€loadCRLãŒæˆåŠŸã§æˆ»ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆ - \return SSL_FATAL_ERROR wolfSSL_CertManagerEnableCRLãŒSSL_SUCCESS以外ã®ã‚’è¿”ã™å ´åˆã€‚ - \return BAD_PATH_ERROR pathãŒNULLã®å ´åˆ - \return MEMORY_E LOADCRLãŒãƒ’ープメモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã€‚ - \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param path CRLã¸ã®ãƒ‘ã‚¹ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ァーã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ロードã™ã‚‹è¨¼æ˜Žæ›¸ã®ç¨®é¡žã€‚ + \return SSL_SUCCESS wolfSSL_CertManagerLoadCRLã«ã‚¨ãƒ©ãƒ¼ãŒãªãã€LoadCRLãŒæ­£å¸¸ã«æˆ»ã£ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã€‚ + \return SSL_FATAL_ERROR wolfSSL_CertManagerEnableCRLãŒSSL_SUCCESS以外を返ã—ãŸå ´åˆã€‚ + \return BAD_PATH_ERROR pathãŒNULLã®å ´åˆã€‚ + \return MEMORY_E LoadCRLãŒãƒ’ープメモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path CRLãƒ‘ã‚¹ã‚’ä¿æŒã™ã‚‹å®šæ•°charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type ロードã™ã‚‹è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—。 + \param monitor LoadCRL()ã§ã®ç›£è¦–ã‚’è¦æ±‚ã—ã¾ã™ã€‚ _Example_ \code @@ -7529,21 +8785,26 @@ … wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); \endcode + \sa wolfSSL_CertManagerEnableCRL \sa wolfSSL_LoadCRL + \sa wolfSSL_CertManagerFreeCRL */ int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path, int type, int monitor); /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯ã€BufferLoadCRLを呼ã³å‡ºã™ã“ã¨ã«ã‚ˆã£ã¦CRLファイルをロードã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Œäº†ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_managerãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR wolfssl_cert_managerã«é–¢é€£ä»˜ã‘られã¦ã„るエラーãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buff 定数ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—ã¨ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™é•·ã„int。 + \brief ã“ã®é–¢æ•°ã¯ã€BufferLoadCRLを呼ã³å‡ºã—ã¦CRLファイルをロードã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã完了ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR WOLFSSL_CERT_MANAGERã«é–¢é€£ã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm WOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buff 定数byteåž‹ã§ãƒãƒƒãƒ•ã‚¡ã§ã™ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™long int型。 + \param type è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’ä¿æŒã™ã‚‹long integer型。 _Example_ \code @@ -7551,16 +8812,17 @@ WOLFSSL_CERT_MANAGER* cm; const unsigned char* buff; - long sz; size of buffer - int type; cert type + long sz; ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + int type; 証明書タイプ ... int ret = wolfSSL_CertManagerLoadCRLBuffer(cm, buff, sz, type); if(ret == SSL_SUCCESS){ - return ret; + return ret; } else { - Failure case. + // 失敗ケース。 } \endcode + \sa BufferLoadCRL \sa wolfSSL_CertManagerEnableCRL */ @@ -7570,10 +8832,13 @@ /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯CRL証明書マãƒãƒ¼ã‚¸ãƒ£ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚LABE_CRLãŒå®šç¾©ã•れã¦ã„ã¦ä¸€è‡´ã™ã‚‹CRLレコードãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã€CBMissingCRLã¯å‘¼ã³å‡ºã•れã¾ã™ï¼ˆWolfSSL_CertManagerSetCRL_CBを介ã—ã¦è¨­å®šï¼‰ã€‚ã“れã«ã‚ˆã‚Šã€CRLã‚’å¤–éƒ¨ã«æ¤œç´¢ã—ã¦ãƒ­ãƒ¼ãƒ‰ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸã‚‰è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_manager構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm è¨¼æ˜Žæ›¸ã®æƒ…å ±ã‚’ä¿æŒã—ã¦ã„ã‚‹WOLFSSL_CERT_MANAGER構造。 + \brief ã“ã®é–¢æ•°ã¯ã€CRL Certificate Managerコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚HAVE_CRLãŒå®šç¾©ã•れã¦ãŠã‚Šã€ä¸€è‡´ã™ã‚‹CRLレコードãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã€cbMissingCRLãŒå‘¼ã³å‡ºã•れã¾ã™(wolfSSL_CertManagerSetCRL_Cbã§è¨­å®š)。ã“れã«ã‚ˆã‚Šã€å¤–部ã‹ã‚‰CRLã‚’å–å¾—ã—ã¦ãƒ­ãƒ¼ãƒ‰ã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm è¨¼æ˜Žæ›¸ã®æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_CERT_MANAGER構造体。 + \param cb WOLFSSL_CERT_MANAGERã®cbMissingCRLメンãƒã«è¨­å®šã•れる(*CbMissingCRL)ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7583,7 +8848,7 @@ WOLFSSL* ssl = wolfSSL_new(ctx); … void cb(const char* url){ - Function body. + // 関数本体。 } … CbMissingCRL cb = CbMissingCRL; @@ -7592,20 +8857,90 @@ return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); } \endcode + \sa CbMissingCRL \sa wolfSSL_SetCRL_Cb */ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb); + /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸ãƒžãƒã‚¸ãƒ£ãƒ¼ã«ä¿æŒã•れã¦ã„ã‚‹CRLを解放ã—ã¾ã™ã€‚ - アプリケーションã¯CRLã‚’wolfSSL_CertManagerFreeCRLを呼ã³å‡ºã—ã¦è§£æ”¾ã—ãŸå¾Œã«ã€æ–°ã—ã„CRLをロードã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€CRL更新コールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚HAVE_CRLã¨HAVE_CRL_UPDATE_CBãŒå®šç¾©ã•れã¦ãŠã‚Šã€CRLãŒè¿½åŠ ã•れるã¨ãã«åŒã˜ç™ºè¡Œè€…ã§ã‚ˆã‚Šä½Žã„CRL番å·ã‚’æŒã¤ã‚¨ãƒ³ãƒˆãƒªãŒå­˜åœ¨ã™ã‚‹å ´åˆã€æ—¢å­˜ã®ã‚¨ãƒ³ãƒˆãƒªã¨ã€ãã‚Œã‚’ç½®ãæ›ãˆã‚‹æ–°ã—ã„エントリã®è©³ç´°ã¨å…±ã«CbUpdateCRLãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ãŒNULLã§æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfSSL_CertManagerNew()ã§ç”Ÿæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãƒ¼ã€‚ + \param cm è¨¼æ˜Žæ›¸ã®æƒ…å ±ã‚’ä¿æŒã™ã‚‹WOLFSSL_CERT_MANAGER構造体。 + \param cb WOLFSSL_CERT_MANAGERã®cbUpdateCRLメンãƒã«è¨­å®šã•れる(*CbUpdateCRL)ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + ã‚·ã‚°ãƒãƒãƒ£è¦ä»¶: + void (*CbUpdateCRL)(CrlInfo *old, CrlInfo *new); + + _Example_ + \code + #include + + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(protocol method); + WOLFSSL* ssl = wolfSSL_new(ctx); + … + void cb(CrlInfo *old, CrlInfo *new){ + // 関数本体。 + } + … + CbUpdateCRL cb = CbUpdateCRL; + … + if(ctx){ + return wolfSSL_CertManagerSetCRLUpdate_Cb(SSL_CM(ssl), cb); + } + \endcode + + \sa CbUpdateCRL +*/ +int wolfSSL_CertManagerSetCRLUpdate_Cb(WOLFSSL_CERT_MANAGER* cm, + CbUpdateCRL cb); + +/*! + \ingroup CertManager + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¨ãƒ³ã‚³ãƒ¼ãƒ‰ã•れãŸCRLãƒãƒƒãƒ•ã‚¡ã‹ã‚‰è§£æžã•れãŸCRL情報をå«ã‚€æ§‹é€ ä½“を生æˆã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm WOLFSSL_CERT_MANAGER構造体。 + \param info CRL情報をå—ã‘å–る呼ã³å‡ºã—元管ç†ã®CrlInfo構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buff エンコードã•れãŸCRLã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ァ。 + \param sz buff内ã®å…¥åŠ›CRLデータã®é•·ã•(ãƒã‚¤ãƒˆå˜ä½)。 + \param type WOLFSSL_FILETYPE_PEMã¾ãŸã¯WOLFSSL_FILETYPE_DER + + _Example_ + \code + #include + + CrlInfo info; + WOLFSSL_CERT_MANAGER* cm = NULL; + + cm = wolfSSL_CertManagerNew(); + + // ファイルã‹ã‚‰ãƒãƒƒãƒ•ã‚¡ã¸crlデータを読ã¿è¾¼ã‚€ + + wolfSSL_CertManagerGetCRLInfo(cm, &info, crlData, crlDataLen, + WOLFSSL_FILETYPE_PEM); + \endcode + + \sa CbUpdateCRL + \sa wolfSSL_SetCRL_Cb +*/ +int wolfSSL_CertManagerGetCRLInfo(WOLFSSL_CERT_MANAGER* cm, CrlInfo* info, + const byte* buff, long sz, int type) + +/*! + \ingroup CertManager + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãƒžãƒãƒ¼ã‚¸ãƒ£ã«ä¿å­˜ã•れã¦ã„ã‚‹CRLを解放ã—ã¾ã™ã€‚アプリケーションã¯ã€wolfSSL_CertManagerFreeCRLを呼ã³å‡ºã—ã¦ã‹ã‚‰æ–°ã—ã„CRLを読ã¿è¾¼ã‚€ã“ã¨ã§ã€CRLã‚’æ›´æ–°ã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7626,12 +8961,15 @@ /*! \ingroup CertManager - \brief ã“ã®æ©Ÿèƒ½ã«ã‚ˆã‚Šã€OCSPENABLED OCSPENABLEDãŒOCSPãƒã‚§ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚wolfssl_cert_managerã®OCSPENABLEDメンãƒãƒ¼ãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_manager構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯è¨±å¯ã•れã¦ã„ãªã„引数値ãŒã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E ã“ã®é–¢æ•°å†…ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param der 証明書ã¸ã®ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CERT_MANAGERã®ãƒ¡ãƒ³ãƒã§ã‚ã‚‹ocspEnabledを有効ã«ã—ã¦ã€OCSPãƒã‚§ãƒƒã‚¯ã‚ªãƒ—ã‚·ãƒ§ãƒ³ãŒæœ‰åйã«ãªã£ã¦ã„ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGERã®ocspEnabledメンãƒãŒæœ‰åйã«ãªã‚Šã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«è¨±å¯ã•れã¦ã„ãªã„å¼•æ•°å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³å†…ã§ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param der 証明書ã¸ã®byteãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz DER証明書ã®ã‚µã‚¤ã‚ºã‚’表ã™int型。 _Example_ \code @@ -7639,27 +8977,31 @@ WOLFSSL* ssl = wolfSSL_new(ctx); byte* der; - int sz; size of der + int sz; // derã®ã‚µã‚¤ã‚º ... if(wolfSSL_CertManagerCheckOCSP(cm, der, sz) != SSL_SUCCESS){ - Failure case. + // 失敗ケース。 } \endcode + \sa ParseCertRelative \sa CheckCertOCSP */ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, - unsigned char* der, int sz); + const unsigned char* der, int sz); /*! \ingroup CertManager - \brief OCSPãŒã‚ªãƒ•ã«ãªã£ã¦ã„ã‚‹å ´åˆã¯OCSPをオンã«ã—ã€[設定]オプションを使用å¯èƒ½ã«ãªã£ã¦ã„ã‚‹å ´åˆã€‚ - \return SSL_SUCCESS 関数呼ã³å‡ºã—ãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG cm構造体ãŒnullã®å ´åˆ - \return MEMORY_E wolfssl_ocsp struct値ãŒnullã®å ´åˆ - \return SSL_FAILURE WOLFSSL_OCSP構造体ã®åˆæœŸåŒ–ã¯åˆæœŸåŒ–ã«å¤±æ•—ã—ã¾ã™ã€‚ - \return NOT_COMPILED_IN æ­£ã—ã„æ©Ÿèƒ½ã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„ビルド。 - \param cm wolfssl_certmanagernew()を使用ã—ã¦ä½œæˆã•れãŸwolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief OCSPãŒã‚ªãƒ•ã«ãªã£ã¦ã„ã‚‹å ´åˆã«ã‚ªãƒ³ã«ã—ã€è¨­å®šã‚ªãƒ—ションã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«æœ‰åйã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数呼ã³å‡ºã—ãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG cm構造体ãŒNULLã®å ´åˆã€‚ + \return MEMORY_E WOLFSSL_OCSP構造体ã®å€¤ãŒNULLã®å ´åˆã€‚ + \return SSL_FAILURE WOLFSSL_OCSP構造体ã®åˆæœŸåŒ–ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + \return NOT_COMPILED_IN æ­£ã—ã„æ©Ÿèƒ½ã‚’有効ã«ã—ã¦ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„ビルド。 + + \param cm wolfSSL_CertManagerNew()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param options WOLFSSL_CERT_MANAGER構造体ã®å€¤ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ _Example_ \code @@ -7671,9 +9013,10 @@ int options; … if(wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options) != SSL_SUCCESS){ - Failure case. + // 失敗ケース。 } \endcode + \sa wolfSSL_CertManagerNew */ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, @@ -7681,9 +9024,12 @@ /*! \ingroup CertManager - \brief OCSP証明書ã®å¤±åŠ¹ã‚’ç„¡åŠ¹ã«ã—ã¾ã™ã€‚ - \return SSL_SUCCESS WolfSSL_CertMangerDisableCRLã¯ã€WolfSSL_CERT_MANAGER構造体ã®CRLEnabledメンãƒã‚’無効ã«ã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WOLFSSL構造ã¯ãƒŒãƒ«ã§ã—ãŸã€‚ + \brief OCSP証明書失効を無効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS wolfSSL_CertMangerDisableCRLãŒWOLFSSL_CERT_MANAGER構造体ã®crlEnabledメンãƒã‚’正常ã«ç„¡åйã«ã—ã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã§ã—ãŸã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7693,19 +9039,23 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_CertManagerDisableOCSP(ssl) != SSL_SUCCESS){ - Fail case. + // 失敗ケース。 } \endcode + \sa wolfSSL_DisableCRL */ -int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER*); +int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm); /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯ã€URLã‚’wolfssl_cert_manager構造体ã®OCSpoverrideURLメンãƒãƒ¼ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return SSL_SUCCESS ã“ã®æ©Ÿèƒ½ã¯æœŸå¾…ã©ãŠã‚Šã«å®Ÿè¡Œã§ãã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG wolfssl_cert_manager構造体ã¯nullã§ã™ã€‚ - \return MEMEORY_E 証明書マãƒãƒ¼ã‚¸ãƒ£ã®OCSPoverRideURLメンãƒãƒ¼ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ãã¾ã›ã‚“ã§ã—ãŸã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€URLã‚’WOLFSSL_CERT_MANAGER構造体ã®ocspOverrideURLメンãƒã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæœŸå¾…通りã«å®Ÿè¡Œã§ããŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã€‚ + \return MEMEORY_E 証明書マãƒãƒ¼ã‚¸ãƒ£ã®ocspOverrideURLメンãƒã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7716,9 +9066,10 @@ int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) … if(wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url) != SSL_SUCCESS){ - Failure case. + // 失敗ケース。 } \endcode + \sa ocspOverrideURL \sa wolfSSL_SetOCSP_OverrideURL */ @@ -7727,12 +9078,15 @@ /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_cert_managerã®OCSPコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚引数ã¯wolfssl_cert_manager構造体ã«ä¿å­˜ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_managerãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param cm wolfssl_cert_manager構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ioCb CBocSpioåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param respFreeCb - CBOCSPRESPFREASåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CERT_MANAGER内ã®OCSPコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚引数ã¯WOLFSSL_CERT_MANAGER構造体ã«ä¿å­˜ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm WOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ioCb CbOCSPIOåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param respFreeCb CbOCSPRespFreeåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ioCbCtx I/Oコールãƒãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ç™»éŒ²ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¸ã®voidãƒã‚¤ãƒ³ã‚¿å¤‰æ•°ã€‚ _Example_ \code @@ -7740,13 +9094,14 @@ wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx){ - … - return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, ioCbCtx); + … + return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), ioCb, respFreeCb, ioCbCtx); \endcode + \sa wolfSSL_CertManagerSetOCSPOverrideURL \sa wolfSSL_CertManagerCheckOCSP \sa wolfSSL_CertManagerEnableOCSPStapling - \sa wolfSSL_ENableOCSP + \sa wolfSSL_EnableOCSP \sa wolfSSL_DisableOCSP \sa wolfSSL_SetOCSP_Cb */ @@ -7756,51 +9111,61 @@ /*! \ingroup CertManager - \brief ã“ã®é–¢æ•°ã¯ã€ã‚ªãƒ—ションをオンã«ã—ãªã„ã¨OCSPステープルをオンã«ã—ã¾ã™ã€‚オプションを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS エラーãŒãªãã€é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_manager構造体ãŒNULLã¾ãŸã¯ãã†ã§ãªã„å ´åˆã¯ã€ã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•ã‚ŒãŸæœªè§£æ±ºã®å¼•数値ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリ割り当ã¦ãŒã‚ã‚‹å•題ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE OCSP構造体ã®åˆæœŸåŒ–ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN wolfsslãŒhaber_certificate_status_requestオプションã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€OCSPステープリングãŒã‚ªãƒ³ã«ãªã£ã¦ã„ãªã„å ´åˆã«ã‚ªãƒ³ã«ã—ã€ã‚ªãƒ—ションを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS エラーãŒãªãã€é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«è¨±å¯ã•れã¦ã„ãªã„å¼•æ•°å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE OCSP構造体ã®åˆæœŸåŒ–ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒHAVE_CERTIFICATE_STATUS_REQUESTオプションã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cm WOLFSSL_CTX構造体ã®ãƒ¡ãƒ³ãƒã§ã‚ã‚‹WOLFSSL_CERT_MANAGER構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx){ - … - return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); + … + return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); \endcode + \sa wolfSSL_CTX_EnableOCSPStapling */ int wolfSSL_CertManagerEnableOCSPStapling( WOLFSSL_CERT_MANAGER* cm); /*! - \brief - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ã¯ã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE initcrlé–¢æ•°ãŒæ­£å¸¸ã«æˆ»ã•れãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN have_crlã¯ã‚³ãƒ³ãƒ‘ã‚¤ãƒ«ä¸­ã«æœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief CRL証明書失効を有効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªãè¿”ã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE InitCRLé–¢æ•°ãŒæ­£å¸¸ã«è¿”ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN コンパイル時ã«HAVE_CRLãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param options WOLFSSL_CERT_MANAGER構造体ã®crlCheckAllメンãƒã®è¨­å®šã‚’決定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる整数。 _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); … if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != SSL_SUCCESS){ - // Failure case. SSL_SUCCESS was not returned by this function or - a subroutine + // 失敗ケース。ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒSSL_SUCCESSã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_CertManagerEnableCRL \sa InitCRL */ int wolfSSL_EnableCRL(WOLFSSL* ssl, int options); /*! - \brief - \return SSL_SUCCESS WolfSSL_CertMangerDisableCRLã¯ã€WolfSSL_CERT_MANAGER構造体ã®CRLEnabledメンãƒã‚’無効ã«ã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WOLFSSL構造ã¯ãƒŒãƒ«ã§ã—ãŸã€‚ + \brief CRL証明書失効を無効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS wolfSSL_CertMangerDisableCRLãŒWOLFSSL_CERT_MANAGER構造体ã®crlEnabledメンãƒã‚’正常ã«ç„¡åйã«ã—ã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã§ã—ãŸã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7808,22 +9173,26 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_DisableCRL(ssl) != SSL_SUCCESS){ - // Failure case + // 失敗ケース } \endcode + \sa wolfSSL_CertManagerDisableCRL \sa wolfSSL_CertManagerDisableOCSP */ int wolfSSL_DisableCRL(WOLFSSL* ssl); /*! - \brief 失効検査ã®è¨¼æ˜Žæ›¸ - \return WOLFSSL_SUCCESS 関数ã¨ã™ã¹ã¦ã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR サブルーãƒãƒ³ã®1ã¤ãŒæ­£å¸¸ã«æˆ»ã•れãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl_cert_managerã¾ãŸã¯wolfssl構造ãŒnullã®å ´åˆ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param path CRLファイルã¸ã®ãƒ‘ã‚¹ã‚’ä¿æŒã™ã‚‹å®šæ•°æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type 証明書ã®ç¨®é¡žã‚’è¡¨ã™æ•´æ•°ã€‚ + \brief 失効ãƒã‚§ãƒƒã‚¯ã®ãŸã‚ã®è¨¼æ˜Žæ›¸ã‚’読ã¿è¾¼ã‚€ãŸã‚ã«LoadCRLを最終的ã«å‘¼ã³å‡ºã™ãƒ©ãƒƒãƒ‘ー関数ã§ã™ã€‚ + + \return WOLFSSL_SUCCESS 関数ã¨ã™ã¹ã¦ã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR サブルーãƒãƒ³ã®1ã¤ãŒæ­£å¸¸ã«è¿”ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CERT_MANAGERã¾ãŸã¯WOLFSSL構造体ãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path crlファイルã¸ã®ãƒ‘ã‚¹ã‚’ä¿æŒã™ã‚‹å®šæ•°æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type 証明書ã®ã‚¿ã‚¤ãƒ—ã‚’è¡¨ã™æ•´æ•°ã€‚ + \param monitor è¦æ±‚ã•れãŸå ´åˆã«ãƒ¢ãƒ‹ã‚¿ãƒ‘スを検証ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる整数変数。 _Example_ \code @@ -7831,9 +9200,10 @@ const char* crlPemDir; … if(wolfSSL_LoadCRL(ssl, crlPemDir, SSL_FILETYPE_PEM, 0) != SSL_SUCCESS){ - // Failure case. Did not return SSL_SUCCESS. + // 失敗ケース。SSL_SUCCESSã‚’è¿”ã—ã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_CertManagerLoadCRL \sa wolfSSL_CertManagerEnableCRL \sa LoadCRL @@ -7841,77 +9211,95 @@ int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor); /*! - \brief - \return SSL_SUCCESS 関数ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚wolfssl_cert_managerã®CBMissingCRLメンãƒãƒ¼ãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSLã¾ãŸã¯WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief WOLFSSL_CERT_MANAGER構造体内ã®CRLコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGERã®cbMissingCRLメンãƒãŒè¨­å®šã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSLã¾ãŸã¯WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb CbMissingCRLã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); WOLFSSL* ssl = wolfSSL_new(ctx); … - void cb(const char* url) // required signature + void cb(const char* url) // å¿…è¦ãªã‚·ã‚°ãƒãƒãƒ£ { - // Function body + // 関数本体 } … int crlCb = wolfSSL_SetCRL_Cb(ssl, cb); if(crlCb != SSL_SUCCESS){ - // The callback was not set properly + // コールãƒãƒƒã‚¯ãŒæ­£ã—ã設定ã•れã¾ã›ã‚“ã§ã—㟠} \endcode + \sa CbMissingCRL \sa wolfSSL_CertManagerSetCRL_Cb */ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb); /*! - \brief - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã®å¼•æ•°ãŒç„¡åйãªå¼•数値をå—ä¿¡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 構造体やãã®ä»–ã®å¤‰æ•°ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN wolfsslãŒhane_ocspオプションã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€OCSP証明書検証を有効ã«ã—ã¾ã™ã€‚optionsã®å€¤ã¯ã€ä»¥ä¸‹ã®ã‚ªãƒ—ションã®1ã¤ä»¥ä¸Šã‚’OR演算ã™ã‚‹ã“ã¨ã§å½¢æˆã•れã¾ã™ã€‚ + WOLFSSL_OCSP_URL_OVERRIDE - 証明書内ã®URLã®ä»£ã‚りã«ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLを使用ã—ã¾ã™ã€‚オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLã¯wolfSSL_CTX_SetOCSP_OverrideURL()関数を使用ã—ã¦æŒ‡å®šã•れã¾ã™ã€‚ + WOLFSSL_OCSP_CHECKALL - ã™ã¹ã¦ã®OCSPãƒã‚§ãƒƒã‚¯ã‚’オンã«è¨­å®šã—ã¾ã™ã€‚ + WOLFSSL_OCSP_NO_NONCE - OCSPè¦æ±‚ä½œæˆæ™‚ã®nonceオプションを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã®å¼•æ•°ãŒç„¡åйãªå¼•数値をå—ã‘å–ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 構造体ã¾ãŸã¯ä»–ã®å¤‰æ•°ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒHAVE_OCSPオプション付ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param options 設定ãƒã‚§ãƒƒã‚¯ã«ä½¿ç”¨ã•れるwolfSSL_CertMangerENableOCSP()ã«æ¸¡ã•れる整数型。 _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); WOLFSSL* ssl = wolfSSL_new(ctx); - int options; // initialize to option constant + int options; // オプション定数ã§åˆæœŸåŒ– … int ret = wolfSSL_EnableOCSP(ssl, options); if(ret != SSL_SUCCESS){ - // OCSP is not enabled + // OCSPãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ } \endcode + \sa wolfSSL_CertManagerEnableOCSP */ int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options); /*! - \brief - \return SSL_SUCCESS 関数ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚wolfssl_cert_manager構造体ã®OCSPENABLEDメンãƒãƒ¼ã¯æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief OCSP証明書失効オプションを無効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGER構造体ã®ocspEnabledメンãƒãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); … if(wolfSSL_DisableOCSP(ssl) != SSL_SUCCESS){ - // Returned with an error. Failure case in this block. + // エラーã§è¿”ã•れã¾ã—ãŸã€‚ã“ã®ãƒ–ロック内ãŒå¤±æ•—ケースã§ã™ } \endcode + \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_DisableOCSP(WOLFSSL*); +int wolfSSL_DisableOCSP(WOLFSSL* ssl); /*! - \brief wolfssl_cert_manager構造体。 - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造体ãŒnullã®å ´åˆã€ã¾ãŸã¯æœªè§£æ±ºã®å¼•æ•°ãŒã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E サブルーãƒãƒ³ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CERT_MANAGER構造体ã®ocspOverrideURLメンãƒã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«è¨±å¯ã•れã¦ã„ãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E サブルーãƒãƒ³ã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param url WOLFSSL_CERT_MANAGER構造体ã®ocspOverrideURLメンãƒã«æ ¼ç´ã•れるURLã¸ã®å®šæ•°charãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7920,32 +9308,36 @@ char url[URLSZ]; ... if(wolfSSL_SetOCSP_OverrideURL(ssl, url)){ - // The override url is set to the new value + // オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLãŒæ–°ã—ã„値ã«è¨­å®šã•れã¾ã—㟠} \endcode + \sa wolfSSL_CertManagerSetOCSPOverrideURL */ int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url); /*! - \brief wolfssl_cert_manager構造体。 - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CMã®OCSPIOCBã€OCSPRESPFREECBã€ãŠã‚ˆã³OCSPIOCTXメンãƒãƒ¼ãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSLã¾ãŸã¯WOLFSSL_CERT_MANAGER構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ioCb CBocSpioを入力ã™ã‚‹ãŸã‚ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param respFreeCb 応答メモリを解放ã™ã‚‹ãŸã‚ã®å‘¼ã³å‡ºã—ã§ã‚ã‚‹CBocSpreSpFreeを入力ã™ã‚‹ãŸã‚ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CERT_MANAGER構造体ã«OCSPコールãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CMã®ocspIOCbã€ocspRespFreeCbã€ocspIOCtxメンãƒãŒè¨­å®šã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSLã¾ãŸã¯WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ioCb CbOCSPIOåž‹ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param respFreeCb CbOCSPRespFreeåž‹ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€ãƒ¬ã‚¹ãƒãƒ³ã‚¹ãƒ¡ãƒ¢ãƒªã‚’解放ã™ã‚‹å‘¼ã³å‡ºã—ã§ã™ã€‚ + \param ioCbCtx CMã®ocspIOCtxメンãƒã«ä¿æŒã•れるvoidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); … int OCSPIO_CB(void* , const char*, int , unsigned char* , int, - unsigned char**){ // must have this signature - // Function Body + unsigned char**){ // ã“ã®ã‚·ã‚°ãƒãƒãƒ£ãŒå¿…è¦ã§ã™ + // 関数本体 } … - void OCSPRespFree_CB(void* , unsigned char* ){ // must have this signature - // function body + void OCSPRespFree_CB(void* , unsigned char* ){ // ã“ã®ã‚·ã‚°ãƒãƒãƒ£ãŒå¿…è¦ã§ã™ + // 関数本体 } … void* ioCbCtx; @@ -7953,9 +9345,10 @@ if(wolfSSL_SetOCSP_Cb(ssl, OCSPIO_CB( pass args ), CB_OCSPRespFree, ioCbCtx) != SSL_SUCCESS){ - // Callback not set + // コールãƒãƒƒã‚¯ãŒè¨­å®šã•れã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wolfSSL_CertManagerSetOCSP_Cb \sa CbOCSPIO \sa CbOCSPRespFree @@ -7964,12 +9357,15 @@ void* ioCbCtx); /*! - \brief - \return SSL_SUCCESS ã“ã®é–¢æ•°ã¨ãれãŒã‚µãƒ–ルーãƒãƒ³ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ãã®ä»–ã®ç‚¹ã§ã¯ã‚µãƒ–ルーãƒãƒ³ã«ç„¡åйãªå¼•æ•°ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE wolfssl_cert_managerã®CRLメンãƒãƒ¼ãŒæ­£ã—ãåˆæœŸåŒ–ã•れãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN wolfsslã¯hane_crlオプションã§ã‚³ãƒ³ãƒ‘イルã•れã¾ã›ã‚“ã§ã—ãŸã€‚ + \brief CTXを通ã˜ã¦CRL証明書検証を有効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS ã“ã®é–¢æ•°ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§ç„¡åйãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数ã®å®Ÿè¡Œä¸­ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE WOLFSSL_CERT_MANAGERã®crlメンãƒãŒæ­£ã—ãåˆæœŸåŒ–ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒHAVE_CRLオプション付ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã¾ã›ã‚“。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7977,9 +9373,10 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_CTX_EnableCRL(ssl->ctx, options) != SSL_SUCCESS){ - // The function failed + // 関数ãŒå¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CertManagerEnableCRL \sa InitCRL \sa wolfSSL_CTX_DisableCRL @@ -7987,9 +9384,12 @@ int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options); /*! - \brief - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚wolfssl_cert_manager構造体ã®CRLEnabledメンãƒãƒ¼ã¯0ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG CTX構造体ã¾ãŸã¯CM構造体ã«NULL値ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€CTX構造体ã§CRL検証を無効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGER構造体ã®crlEnabledメンãƒãŒ0ã«è¨­å®šã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG CTX構造体ã¾ãŸã¯CM構造体ã®ã„ãšã‚Œã‹ãŒNULL値ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -7997,22 +9397,26 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_CTX_DisableCRL(ssl->ctx) != SSL_SUCCESS){ - // Failure case. + // 失敗ケース } \endcode + \sa wolfSSL_CertManagerDisableCRL */ int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx); /*! - \brief wolfssl_certmanagerLoadcr()。 - \return SSL_SUCCESS - 関数ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG - ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒNULLæ§‹é€ ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_PATH_ERROR - パス変数ãŒnullã¨ã—ã¦é–‹ãã¨æˆ»ã‚Šã¾ã™ã€‚ - \return MEMORY_E - メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param path 証明書ã¸ã®ãƒ‘ス。 - \param type 証明書ã®ç¨®é¡žã‚’ä¿æŒã™ã‚‹æ•´æ•°å¤‰æ•°ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_CertManagerLoadCRL()を通ã˜ã¦CRLã‚’WOLFSSL_CTX構造体ã«ãƒ­ãƒ¼ãƒ‰ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS - 関数ã¨ãã®ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG - ã“ã®é–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«NULLæ§‹é€ ä½“ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_PATH_ERROR - path変数ãŒNULLã¨ã—ã¦é–‹ã‹ã‚ŒãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E - メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param path 証明書ã¸ã®ãƒ‘ス。 + \param type 証明書ã®ã‚¿ã‚¤ãƒ—ã‚’ä¿æŒã™ã‚‹æ•´æ•°å¤‰æ•°ã€‚ + \param monitor モニタパスãŒè¦æ±‚ã•れã¦ã„ã‚‹ã‹ã‚’判定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる整数変数。 _Example_ \code @@ -8021,56 +9425,80 @@ … return wolfSSL_CTX_LoadCRL(ctx, path, SSL_FILETYPE_PEM, 0); \endcode + \sa wolfSSL_CertManagerLoadCRL \sa LoadCRL */ int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor); /*! - \brief wolfssl_certmanagersetCRL_CBを呼ã³å‡ºã—ã¦ã€WolfSSL_CERT_MANAGER構造ã®ãƒ¡ãƒ³ãƒãƒ¼ã€‚ - \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã™ã‚‹ãŸã‚ã«è¿”ã•れã¾ã—ãŸã€‚WOLFSSL_CERT_MANAGER構造体ã®CBMSSINGCRLã¯CBã«æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG wolfssl_ctxã¾ãŸã¯wolfssl_cert_managerãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_CertManagerSetCRL_Cbを呼ã³å‡ºã™ã“ã¨ã«ã‚ˆã‚Šã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯å¼•æ•°ã‚’WOLFSSL_CERT_MANAGER構造体ã®cbMissingCRLメンãƒã«è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL_CERT_MANAGER構造体ã®ãƒ¡ãƒ³ãƒcbMssingCRLãŒcbã«æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTXã¾ãŸã¯WOLFSSL_CERT_MANAGERãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb CbMissingCRLåž‹ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + ã‚·ã‚°ãƒãƒãƒ£è¦ä»¶: + void (*CbMissingCRL)(const char* url); _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); … - void cb(const char* url) // Required signature + void cb(const char* url) // å¿…è¦ãªã‚·ã‚°ãƒãƒãƒ£ { - // Function body + // 関数本体 } … if (wolfSSL_CTX_SetCRL_Cb(ctx, cb) != SSL_SUCCESS){ - // Failure case, cb was not set correctly. + // 失敗ケースã€cbãŒæ­£ã—ã設定ã•れã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wolfSSL_CertManagerSetCRL_Cb \sa CbMissingCRL */ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); /*! - \brief wolfsslã®æ©Ÿèƒ½ã‚ªãƒ—ションã®å€¤ãŒ1ã¤ä»¥ä¸Šã®ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã§æ§‹æˆã•れã¦ã„ã‚‹å ´åˆã¯ã€æ¬¡ã®ã‚ªãƒ—ションを1ã¤ä»¥ä¸Šã«ã—ã¾ã™.wolfssl_ocsp_enable - OCSPルックアップを有効ã«ã™ã‚‹wolfssl_ocsp_url_override - 証明書ã®URLã®ä»£ã‚りã«URLをオーãƒãƒ¼ãƒ©ã‚¤ãƒ‰ã—ã¾ã™ã€‚オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLã¯ã€wolfssl_ctx_setocsp_overrideURL()関数を使用ã—ã¦æŒ‡å®šã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfsslãŒOCSPサãƒãƒ¼ãƒˆï¼ˆ--enable-ocspã€#define hane_ocsp)ã§ã‚³ãƒ³ãƒ‘イルã•れãŸã¨ãã«ã®ã¿OCSPオプションを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れãŸã¨ãã«è¿”ã•れã¾ã™ãŒã€wolfsslãŒã‚³ãƒ³ãƒ‘イルã•れãŸã¨ãã«OCSPサãƒãƒ¼ãƒˆã¯æœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLã®OCSP機能ã®å‹•作を設定ã™ã‚‹ã‚ªãƒ—ションを設定ã—ã¾ã™ã€‚optionsã®å€¤ã¯ã€ä»¥ä¸‹ã®ã‚ªãƒ—ションã®1ã¤ä»¥ä¸Šã‚’OR演算ã™ã‚‹ã“ã¨ã§å½¢æˆã•れã¾ã™ã€‚ + WOLFSSL_OCSP_URL_OVERRIDE - 証明書内ã®URLã®ä»£ã‚りã«ã‚ªãƒ¼ãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLを使用ã—ã¾ã™ã€‚オーãƒãƒ¼ãƒ©ã‚¤ãƒ‰URLã¯wolfSSL_CTX_SetOCSP_OverrideURL()関数を使用ã—ã¦æŒ‡å®šã•れã¾ã™ã€‚ + WOLFSSL_OCSP_CHECKALL - ã™ã¹ã¦ã®OCSPãƒã‚§ãƒƒã‚¯ã‚’オンã«è¨­å®šã—ã¾ã™ã€‚ + WOLFSSL_OCSP_NO_NONCE - OCSPè¦æ±‚ä½œæˆæ™‚ã®nonceオプションを設定ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒOCSPサãƒãƒ¼ãƒˆä»˜ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆ(--enable-ocspã€#define HAVE_OCSP)ã«ã®ã¿OCSPオプションを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れãŸãŒã€wolfSSLã®ã‚³ãƒ³ãƒ‘イル時ã«OCSPサãƒãƒ¼ãƒˆãŒæœ‰åйã«ãªã£ã¦ã„ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param options OCSPオプションを設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる値。 _Example_ \code - WOLFSSL_CTX* ctx = 0; - ... - wolfSSL_CTX_OCSP_set_options(ctx, WOLFSSL_OCSP_ENABLE); + WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); + int options; // オプション定数ã§åˆæœŸåŒ– + … + int ret = wolfSSL_CTX_EnableOCSP(ctx, options); + if(ret != SSL_SUCCESS){ + // OCSPãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ + } \endcode - \sa wolfSSL_CTX_OCSP_set_override_url + + \sa wolfSSL_CertManagerEnableOCSP + \sa wolfSSL_EnableOCSP */ int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options); /*! - \brief wolfssl_cert_manager構造体ã®OCSPENABLEDメンãƒãƒ¼ã«å½±éŸ¿ã‚’与ãˆã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CMã®OCSPENABLEDメンãƒãƒ¼ã¯ç„¡åйã«ãªã£ã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CERT_MANAGER構造体ã®ocspEnabledメンãƒã«å½±éŸ¿ã‚’与ãˆã‚‹ã“ã¨ã«ã‚ˆã‚Šã€OCSP証明書失効ãƒã‚§ãƒƒã‚¯ã‚’無効ã«ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CMã®ocspEnabledメンãƒãŒç„¡åйã«ã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8078,38 +9506,46 @@ WOLFSSL* ssl = wolfSSL_new(ctx); ... if(!wolfSSL_CTX_DisableOCSP(ssl->ctx)){ - // OCSP is not disabled + // OCSPãŒç„¡åйã«ãªã£ã¦ã„ã¾ã›ã‚“ } \endcode + \sa wolfSSL_DisableOCSP \sa wolfSSL_CertManagerDisableOCSP */ -int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX*); +int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx); /*! - \brief wolfssl_csp_url_overrideオプションãŒwolfssl_ctx_enableocspを使用ã—ã¦è¨­å®šã•れã¦ã„ãªã„é™ã‚Šã€OCSPã¯å€‹ã€…ã®è¨¼æ˜Žæ›¸ã«ã‚ã‚‹URLを使用ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE 失敗ã—ãŸã¨ãã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れãŸã¨ãã«è¿”ã•れã¾ã™ãŒã€wolfsslãŒã‚³ãƒ³ãƒ‘イルã•れãŸã¨ãã«OCSPサãƒãƒ¼ãƒˆã¯æœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ã§ã—ãŸã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€OCSPãŒä½¿ç”¨ã™ã‚‹URLを手動ã§è¨­å®šã—ã¾ã™ã€‚デフォルトã§ã¯ã€wolfSSL_CTX_EnableOCSPを使用ã—ã¦WOLFSSL_OCSP_URL_OVERRIDEオプションãŒè¨­å®šã•れã¦ã„ãªã„é™ã‚Šã€OCSPã¯å€‹ã€…ã®è¨¼æ˜Žæ›¸ã§è¦‹ã¤ã‹ã£ãŸURLを使用ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れãŸãŒã€wolfSSLã®ã‚³ãƒ³ãƒ‘イル時ã«OCSPサãƒãƒ¼ãƒˆãŒæœ‰åйã«ãªã£ã¦ã„ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param url wolfSSLãŒä½¿ç”¨ã™ã‚‹OCSP URLã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = 0; ... - wolfSSL_CTX_OCSP_set_override_url(ctx, “custom-url-hereâ€); + wolfSSL_CTX_OCSP_set_override_url(ctx, "custom-url-here"); \endcode + \sa wolfSSL_CTX_OCSP_set_options */ int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url); /*! - \brief - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CM内ã®OCSPIOCBã€OCSPRESPFREECBã€ãŠã‚ˆã³OCSPIOCTXメンãƒãƒ¼ã¯æ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTXã¾ãŸã¯wolfssl_cert_manager構造体ãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param ioCb 関数ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CBocSpio型。 - \param respFreeCb 関数ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CBocSprepSprepFree型。 + \brief WOLFSSL_CTX構造体ã«OCSPã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚CM内ã®ocspIOCbã€ocspRespFreeCbã€ocspIOCtxメンãƒãŒæ­£å¸¸ã«è¨­å®šã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTXã¾ãŸã¯WOLFSSL_CERT_MANAGER構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ioCb 関数ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CbOCSPIO型。 + \param respFreeCb 関数ãƒã‚¤ãƒ³ã‚¿ã§ã‚ã‚‹CbOCSPRespFree型。 + \param ioCbCtx WOLFSSL_CERT_MANAGERã«ä¿æŒã•れるvoidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8124,9 +9560,10 @@ ocspRespFreeCb, ioCbCtx); if(isSetOCSP != SSL_SUCCESS){ - // The function did not return successfully. + // é–¢æ•°ãŒæ­£å¸¸ã«è¿”ã•れã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wolfSSL_CertManagerSetOCSP_Cb \sa CbOCSPIO \sa CbOCSPRespFree @@ -8136,31 +9573,38 @@ void* ioCbCtx); /*! - \brief wolfssl_certmanagerEnableOcspStapling()。 - \return SSL_SUCCESS エラーãŒãªãã€é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã¾ãŸã¯ãã†ã§ãªã„å ´åˆã¯ã€ã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•ã‚ŒãŸæœªè§£æ±ºã®å¼•数値ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリ割り当ã¦ãŒã‚ã‚‹å•題ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE OCSP構造体ã®åˆæœŸåŒ–ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_COMPILED_IN wolfsslãŒhaber_certificate_status_requestオプションã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSL_CertManagerEnableOCSPStapling()を呼ã³å‡ºã—ã¦OCSPステープリングを有効ã«ã—ã¾ã™ã€‚ + \return SSL_SUCCESS エラーãŒãªãã€é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«è¨±å¯ã•れã¦ã„ãªã„å¼•æ•°å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å•題ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE OCSP構造体ã®åˆæœŸåŒ–ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_COMPILED_IN wolfSSLãŒHAVE_CERTIFICATE_STATUS_REQUESTオプション付ãã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - WOLFSSL* ssl = wolfSSL_new(); - ssl->method.version; // set to desired protocol + WOLFSSL* ssl = WOLFSSL_new(); + ssl->method.version; // 希望ã™ã‚‹ãƒ—ロトコルã«è¨­å®š ... if(!wolfSSL_CTX_EnableOCSPStapling(ssl->ctx)){ - // OCSP stapling is not enabled + // OCSPã‚¹ãƒ†ãƒ¼ãƒ—ãƒªãƒ³ã‚°ãŒæœ‰åйã«ãªã£ã¦ã„ã¾ã›ã‚“ } \endcode + \sa wolfSSL_CertManagerEnableOCSPStapling \sa InitOCSP */ -int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX*); +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx); /*! \ingroup CertsKeys - \brief 通常ã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®æœ€å¾Œã«ã€WolfSSLã¯ä¸€æ™‚çš„ãªã‚¢ãƒ¬ã‚¤ã‚’解放ã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå§‹ã¾ã‚‹å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™ã¨ã€WolfSSLã¯ä¸€æ™‚çš„ãªé…列を解放ã™ã‚‹ã®ã‚’防ãŽã¾ã™ã€‚Wolfssl_get_keys()ã¾ãŸã¯PSKã®ãƒ’ントãªã©ã®ã‚‚ã®ã«ã¯ã€ä¸€æ™‚çš„ãªé…列ãŒå¿…è¦ã«ãªã‚‹å ´åˆãŒã‚りã¾ã™ã€‚ユーザãŒä¸€æ™‚çš„ãªé…列ã§è¡Œã‚れるã¨ã€wolfssl_freearray()ã®ã„ãšã‚Œã‹ãŒå³åº§ã«ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã™ã‚‹ã“ã¨ãŒã§ãã€ã‚ã‚‹ã„ã¯ã€é–¢é€£ã™ã‚‹SSLオブジェクトãŒè§£æ”¾ã•れãŸã¨ãã«ãƒªã‚½ãƒ¼ã‚¹ãŒè§£æ”¾ã•れるよã†ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚る。 - \return none è¿”å“ä¸å¯ã€‚ + + \brief 通常ã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®çµ‚了時ã«ã€wolfSSLã¯ä¸€æ™‚é…列を解放ã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå§‹ã¾ã‚‹å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã™ã¨ã€wolfSSLã¯ä¸€æ™‚é…列を解放ã—ãªããªã‚Šã¾ã™ã€‚一時é…列ã¯wolfSSL_get_keys()ã‚„PSKヒントãªã©ã«å¿…è¦ã«ãªã‚‹å ´åˆãŒã‚りã¾ã™ã€‚ユーザーãŒä¸€æ™‚é…列を使ã„終ã‚ã£ãŸã‚‰ã€wolfSSL_FreeArrays()を呼ã³å‡ºã—ã¦ãƒªã‚½ãƒ¼ã‚¹ã‚’å³åº§ã«è§£æ”¾ã™ã‚‹ã‹ã€ã‚ã‚‹ã„ã¯é–¢é€£ã™ã‚‹SSLオブジェクトãŒè§£æ”¾ã•れるã¨ãã«ãƒªã‚½ãƒ¼ã‚¹ãŒè§£æ”¾ã•れã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8168,14 +9612,19 @@ ... wolfSSL_KeepArrays(ssl); \endcode + \sa wolfSSL_FreeArrays */ -void wolfSSL_KeepArrays(WOLFSSL*); +void wolfSSL_KeepArrays(WOLFSSL* ssl); /*! \ingroup CertsKeys - \brief 通常ã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®æœ€å¾Œã«ã€WolfSSLã¯ä¸€æ™‚çš„ãªã‚¢ãƒ¬ã‚¤ã‚’解放ã—ã¾ã™ã€‚wolfssl_keeparrays()ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®å‰ã«å‘¼ã³å‡ºã•れãŸå ´åˆã€WolfSSLã¯ä¸€æ™‚çš„ãªé…列を解放ã—ã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ä¸€æ™‚çš„ãªé…列を明示的ã«è§£æ”¾ã—ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒä¸€æ™‚çš„ãªé…列ã§è¡Œã‚れãŸã¨ãã«å‘¼ã³å‡ºã•れるã¹ãã§ã‚りã€SSLオブジェクトãŒã“れらã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã™ã‚‹ã®ã‚’å¾…ã£ãŸããªã„。 - \return none è¿”å“ä¸å¯ã€‚ + + \brief 通常ã€SSLãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®çµ‚了時ã«ã€wolfSSLã¯ä¸€æ™‚é…列を解放ã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®å‰ã«wolfSSL_KeepArrays()ãŒå‘¼ã³å‡ºã•れã¦ã„ãŸå ´åˆã€wolfSSLã¯ä¸€æ™‚é…列を解放ã—ã¾ã›ã‚“。ã“ã®é–¢æ•°ã¯ä¸€æ™‚é…列を明示的ã«è§£æ”¾ã—ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒä¸€æ™‚é…列を使ã„終ã‚りã€SSLオブジェクトãŒè§£æ”¾ã•れるã®ã‚’å¾…ãŸãšã«ã“れらã®ãƒªã‚½ãƒ¼ã‚¹ã‚’解放ã—ãŸã„å ´åˆã«å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8183,18 +9632,22 @@ ... wolfSSL_FreeArrays(ssl); \endcode + \sa wolfSSL_KeepArrays */ -void wolfSSL_FreeArrays(WOLFSSL*); +void wolfSSL_FreeArrays(WOLFSSL* ssl); /*! - \brief 'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸã‚ªãƒ–ジェクト。ã“れã¯ã€WolfSSLクライアントã«ã‚ˆã£ã¦SNI拡張機能ãŒClientHelloã§é€ä¿¡ã•れã€WolfSSL Serverã¯ServerHello + SNIã¾ãŸã¯SNIミスマッãƒã®å ´åˆã¯è‡´å‘½çš„ãªAlert Hello + SNIを応答ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã§è¿”ã•れるエラーã§ã™.SSLã¯NULLã€ãƒ‡ãƒ¼ã‚¿ã¯NULLã€ã‚¿ã‚¤ãƒ—ã¯ä¸æ˜Žãªå€¤ã§ã™ã€‚(下記å‚照) - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒ‡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; - \param data サーãƒãƒ¼åデータã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLオブジェクトã§Server Name Indicationã®ä½¿ç”¨ã‚’有効ã«ã—ã¾ã™ã€‚ã¤ã¾ã‚Šã€wolfSSLクライアントã¯ClientHelloã§SNI拡張をé€ä¿¡ã—ã€wolfSSLサーãƒãƒ¼ã¯SNIä¸ä¸€è‡´ã®å ´åˆã€ClientHello + SNIã«å¯¾ã—ã¦ServerHello + 空ã®SNIã¾ãŸã¯fatalアラートã§å¿œç­”ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚sslãŒNULLã€dataãŒNULLã€typeãŒæœªçŸ¥ã®å€¤(以下をå‚ç…§)。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type dataã§æ¸¡ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param data サーãƒãƒ¼åデータã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size サーãƒãƒ¼åデータã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -8203,18 +9656,19 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキスト作æˆå¤±æ•— } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // ssl作æˆå¤±æ•— } ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.yassl.com", strlen("www.yassl.com")); if (ret != WOLFSSL_SUCCESS) { - // sni usage failed + // sni使用失敗 } \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_UseSNI */ @@ -8222,13 +9676,16 @@ const void* data, unsigned short size); /*! - \brief SSLコンテキストã‹ã‚‰ä½œæˆã•れãŸã‚ªãƒ–ジェクト㯠'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れã¾ã—ãŸã€‚ã“れã¯ã€WolfSSLクライアントã«ã‚ˆã£ã¦SNI拡張機能ãŒClientHelloã§é€ä¿¡ã•れã€WolfSSLサーãƒãƒ¼ã¯ServerHello + SNIã¾ãŸã¯SNIã®ä¸ä¸€è‡´ã®å ´åˆã«ã¯è‡´å‘½çš„ãªALERT Hello + SNIを応答ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã§è¿”ã•れるエラーã§ã™.CTXã¯NULLã€ãƒ‡ãƒ¼ã‚¿ã¯NULLã€ã‚¿ã‚¤ãƒ—ã¯ä¸æ˜Žãªå€¤ã§ã™ã€‚(下記å‚照) - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒ‡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; - \param data サーãƒãƒ¼åデータã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«å¯¾ã—ã¦Server Name Indicationã®ä½¿ç”¨ã‚’有効ã«ã—ã¾ã™ã€‚ã¤ã¾ã‚Šã€wolfSSLクライアントã¯ClientHelloã§SNI拡張をé€ä¿¡ã—ã€wolfSSLサーãƒãƒ¼ã¯SNIä¸ä¸€è‡´ã®å ´åˆã€ClientHello + SNIã«å¯¾ã—ã¦ServerHello + 空ã®SNIã¾ãŸã¯fatalアラートã§å¿œç­”ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ctxãŒNULLã€dataãŒNULLã€typeãŒæœªçŸ¥ã®å€¤(以下をå‚ç…§)。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type dataã§æ¸¡ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param data サーãƒãƒ¼åデータã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size サーãƒãƒ¼åデータã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -8236,14 +9693,15 @@ WOLFSSL_CTX* ctx = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキスト作æˆå¤±æ•— } ret = wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.yassl.com", strlen("www.yassl.com")); if (ret != WOLFSSL_SUCCESS) { - // sni usage failed + // sni使用失敗 } \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_UseSNI */ @@ -8251,12 +9709,15 @@ const void* data, unsigned short size); /*! - \brief 'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLオブジェクト内ã®ã‚µãƒ¼ãƒãƒ¼å表示を使用ã—ãŸSSLセッションã®å‹•作。オプションを以下ã«èª¬æ˜Žã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒ‡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; - \param options é¸æŠžã•れãŸã‚ªãƒ—ションをæŒã¤ãƒ“ットå˜ä½ã®ã‚»ãƒžãƒ•ォ。利用å¯èƒ½ãªã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_continue_on_mismatch = 0x01ã€wolfssl_sni_answer_on_mismatch = 0x02};通常ã€ã‚µãƒ¼ãƒãƒ¼ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦æä¾›ã•れãŸãƒ›ã‚¹ãƒˆåãŒã‚µãƒ¼ãƒãƒ¼ã¨è¡¨ç¤ºã•れã¦ã„るホストåãŒã‚µãƒ¼ãƒãƒ¼ã§æä¾›ã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯handshakeを中止ã—ã¾ã™ã€‚ - \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH ã“ã®ã‚ªãƒ—ションを設定ã™ã‚‹ã¨ã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«SNI応答をé€ä¿¡ã—ã¾ã›ã‚“。 + \brief ã“ã®é–¢æ•°ã¯ã€'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLオブジェクトã§Server Name Indicationを使用ã™ã‚‹SSLセッションã®å‹•作を設定ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚オプションã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã§èª¬æ˜Žã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type dataã§æ¸¡ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param options é¸æŠžã•れãŸã‚ªãƒ—ションをå«ã‚€ãƒ“ットå˜ä½ã®ã‚»ãƒžãƒ•ォ。利用å¯èƒ½ãªã‚ªãƒ—ションã¯ã€enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }ã§ã™ã€‚通常ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰æä¾›ã•れãŸãƒ›ã‚¹ãƒˆåãŒã‚µãƒ¼ãƒãƒ¼ã¨ä¸€è‡´ã—ãªã„å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯fatalレベルã®unrecognized_name(112)アラートをé€ä¿¡ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’中止ã—ã¾ã™ã€‚ + \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH ã“ã®ã‚ªãƒ—ションãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«SNI応答をé€ä¿¡ã—ã¾ã›ã‚“。 + \param WOLFSSL_SNI_ANSWER_ON_MISMATCH ã“ã®ã‚ªãƒ—ションãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«ã€ãƒ›ã‚¹ãƒˆåãŒä¸€è‡´ã—ã¦ã„ã‚‹ã‹ã®ã‚ˆã†ã«SNI応答をé€ä¿¡ã—ã¾ã™ã€‚ _Example_ \code @@ -8265,19 +9726,20 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキスト作æˆå¤±æ•— } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // ssl作æˆå¤±æ•— } ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com")); if (ret != WOLFSSL_SUCCESS) { - // sni usage failed + // sni使用失敗 } wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_CONTINUE_ON_MISMATCH); \endcode + \sa wolfSSL_new \sa wolfSSL_UseSNI \sa wolfSSL_CTX_SNI_SetOptions @@ -8286,12 +9748,15 @@ unsigned char options); /*! - \brief SSLセッションを使用ã—ãŸSSLオブジェクトã®ã‚µãƒ¼ãƒå指示を使用ã—ã¦ã€SSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã‹ã‚‰ä½œæˆã•れã¾ã™ã€‚オプションを以下ã«èª¬æ˜Žã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒ‡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; - \param options é¸æŠžã•れãŸã‚ªãƒ—ションをæŒã¤ãƒ“ットå˜ä½ã®ã‚»ãƒžãƒ•ォ。利用å¯èƒ½ãªã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_continue_on_mismatch = 0x01ã€wolfssl_sni_answer_on_mismatch = 0x02};通常ã€ã‚µãƒ¼ãƒãƒ¼ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦æä¾›ã•れãŸãƒ›ã‚¹ãƒˆåãŒã‚µãƒ¼ãƒãƒ¼ã¨è¡¨ç¤ºã•れã¦ã„るホストåãŒã‚µãƒ¼ãƒãƒ¼ã§æä¾›ã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯handshakeを中止ã—ã¾ã™ã€‚ - \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH ã“ã®ã‚ªãƒ—ションを設定ã™ã‚‹ã¨ã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«SNI応答をé€ä¿¡ã—ã¾ã›ã‚“。 + \brief ã“ã®é–¢æ•°ã¯ã€'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«å¯¾ã—ã¦Server Name Indicationを使用ã™ã‚‹SSLセッションã®å‹•作を設定ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚オプションã«ã¤ã„ã¦ã¯ä»¥ä¸‹ã§èª¬æ˜Žã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type dataã§æ¸¡ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param options é¸æŠžã•れãŸã‚ªãƒ—ションをå«ã‚€ãƒ“ットå˜ä½ã®ã‚»ãƒžãƒ•ォ。利用å¯èƒ½ãªã‚ªãƒ—ションã¯ã€enum { WOLFSSL_SNI_CONTINUE_ON_MISMATCH = 0x01, WOLFSSL_SNI_ANSWER_ON_MISMATCH = 0x02 }ã§ã™ã€‚通常ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰æä¾›ã•れãŸãƒ›ã‚¹ãƒˆåãŒã‚µãƒ¼ãƒãƒ¼ã¨ä¸€è‡´ã—ãªã„å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯fatalレベルã®unrecognized_name(112)アラートをé€ä¿¡ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’中止ã—ã¾ã™ã€‚ + \param WOLFSSL_SNI_CONTINUE_ON_MISMATCH ã“ã®ã‚ªãƒ—ションãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«SNI応答をé€ä¿¡ã—ã¾ã›ã‚“。 + \param WOLFSSL_SNI_ANSWER_ON_MISMATCH ã“ã®ã‚ªãƒ—ションãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’中止ã™ã‚‹ä»£ã‚りã«ã€ãƒ›ã‚¹ãƒˆåãŒä¸€è‡´ã—ã¦ã„ã‚‹ã‹ã®ã‚ˆã†ã«SNI応答をé€ä¿¡ã—ã¾ã™ã€‚ _Example_ \code @@ -8299,15 +9764,16 @@ WOLFSSL_CTX* ctx = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキスト作æˆå¤±æ•— } ret = wolfSSL_CTX_UseSNI(ctx, 0, "www.yassl.com", strlen("www.yassl.com")); if (ret != WOLFSSL_SUCCESS) { - // sni usage failed + // sni使用失敗 } wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_CONTINUE_ON_MISMATCH); \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_UseSNI \sa wolfSSL_SNI_SetOptions @@ -8316,27 +9782,31 @@ unsigned char type, unsigned char options); /*! - \brief クライアントã«ã‚ˆã£ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰æä¾›ã•れãŸåå‰è¡¨ç¤ºã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦é€ä¿¡ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’é–‹å§‹ã™ã‚‹ã€‚SNIã‚’å–å¾—ã™ã‚‹ãŸã‚ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¾ãŸã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³è¨­å®šãŒå¿…è¦ã‚りã¾ã›ã‚“。 - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ã“ã®ã‚±ãƒ¼ã‚¹ã§è¿”ã•れるエラーã¯ã€æ¬¡ã®ã„ãšã‚Œã‹ã®å ´åˆã§è¿”ã•れã¾ã™ã€‚ãƒãƒƒãƒ•ã‚¡ã¯NULLã€BUFFERSZ <= 0ã€SNIã¯NULLã€INOUTSZã¯NULLã¾ãŸã¯<= 0ã§ã™ã€‚ - \return BUFFER_ERROR 䏿­£ãªã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆhelloメッセージãŒã‚ã‚‹ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \return INCOMPLETE_DATA 抽出を完了ã™ã‚‹ã®ã«å分ãªãƒ‡ãƒ¼ã‚¿ãŒãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ - \param buffer クライアントã‹ã‚‰æä¾›ã•れãŸãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆhello)。 - \param bufferSz クライアントhelloメッセージã®ã‚µã‚¤ã‚ºã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒãƒƒãƒ•ァーã‹ã‚‰å–å¾—ã•れã¦ã„ã‚‹ã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; - \param sni 出力ãŒä¿å­˜ã•れる場所ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’é–‹å§‹ã™ã‚‹ãŸã‚ã«é€ä¿¡ã—ãŸClient Helloメッセージã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦æä¾›ã•れãŸServer Name Indicationã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚SNIã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚„セッションã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—ã¯å¿…è¦ã‚りã¾ã›ã‚“。 + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚bufferãŒNULLã€bufferSz <= 0ã€sniãŒNULLã€inOutSzãŒNULLã¾ãŸã¯<= 0。 + \return BUFFER_ERROR 䏿­£ãªå½¢å¼ã®Client HelloメッセージãŒã‚ã‚‹å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + \return INCOMPLETE_DATA 抽出を完了ã™ã‚‹ã®ã«å分ãªãƒ‡ãƒ¼ã‚¿ãŒãªã„å ´åˆã«è¿”ã•れるエラーã§ã™ã€‚ + + \param buffer クライアントã‹ã‚‰æä¾›ã•れãŸãƒ‡ãƒ¼ã‚¿(Client Hello)ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param bufferSz Client Helloメッセージã®ã‚µã‚¤ã‚ºã€‚ + \param type bufferã‹ã‚‰å–å¾—ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param sni å‡ºåŠ›ãŒæ ¼ç´ã•れる場所ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param inOutSz 出力サイズã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ã“ã®å€¤ã¯MIN("SNIã®é•·ã•", inOutSz)ã«æ›´æ–°ã•れã¾ã™ã€‚ _Example_ \code unsigned char buffer[1024] = {0}; unsigned char result[32] = {0}; int length = 32; - // read Client Hello to buffer... - ret = wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, result, &length)); + // Client Helloã‚’bufferã«èª­ã¿è¾¼ã¿... + ret = wolfSSL_SNI_GetFromBuffer(buffer, sizeof(buffer), 0, result, &length); if (ret != WOLFSSL_SUCCESS) { - // sni retrieve failed + // sniå–得失敗 } \endcode + \sa wolfSSL_UseSNI \sa wolfSSL_CTX_UseSNI \sa wolfSSL_SNI_GetRequest @@ -8347,10 +9817,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯SNIオブジェクトã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return value SNIãŒNULLã§ãªã„å ´åˆã€ã“ã®é–¢æ•°ã¯SNI構造体ã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãƒ¡ãƒ³ãƒãƒ¼ã®ãƒã‚¤ãƒˆå€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 SNIオブジェクトãŒNULLã®å ´åˆ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯SNIオブジェクトã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return value SNIãŒNULLã§ãªã„å ´åˆã€ã“ã®é–¢æ•°ã¯SNI構造体ã®statusメンãƒãƒ¼ã®ãƒã‚¤ãƒˆå€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 SNIオブジェクトãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type SNIタイプ。 _Example_ \code @@ -8364,6 +9838,7 @@ AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type)); … \endcode + \sa TLSX_SNI_Status \sa TLSX_SNI_find \sa TLSX_Find @@ -8371,10 +9846,13 @@ unsigned char wolfSSL_SNI_Status(WOLFSSL* ssl, unsigned char type); /*! - \brief SSLセッションã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦æä¾›ã•れるサーãƒãƒ¼åã®è¡¨ç¤ºã€‚ - \return size æä¾›ã•れãŸSNIデータã®ã‚µã‚¤ã‚ºã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param type ã©ã®ç¨®é¡žã®ã‚µãƒ¼ãƒãƒ¼åãŒãƒ‡ãƒ¼ã‚¿å†…ã§å–å¾—ã•れã¦ã„ã‚‹ã‹ã‚’示ã—ã¾ã™ã€‚既知ã®åž‹ã¯æ¬¡ã®ã¨ãŠã‚Šã§ã™ã€‚enum {wolfssl_sni_host_name = 0}; + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦æä¾›ã•れãŸServer Name Indicationã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \return size æä¾›ã•れãŸSNIデータã®ã‚µã‚¤ã‚ºã€‚ + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param type dataã§å–å¾—ã•れるサーãƒãƒ¼åã®ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚既知ã®ã‚¿ã‚¤ãƒ—ã¯ã€enum { WOLFSSL_SNI_HOST_NAME = 0 }ã§ã™ã€‚ + \param data クライアントã‹ã‚‰æä¾›ã•れãŸãƒ‡ãƒ¼ã‚¿ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8383,21 +9861,22 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキスト作æˆå¤±æ•— } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // ssl作æˆå¤±æ•— } ret = wolfSSL_UseSNI(ssl, 0, "www.yassl.com", strlen("www.yassl.com")); if (ret != WOLFSSL_SUCCESS) { - // sni usage failed + // sni使用失敗 } if (wolfSSL_accept(ssl) == SSL_SUCCESS) { void *data = NULL; unsigned short size = wolfSSL_SNI_GetRequest(ssl, 0, &data); } \endcode + \sa wolfSSL_UseSNI \sa wolfSSL_CTX_UseSNI */ @@ -8406,32 +9885,35 @@ /*! \ingroup Setup - \brief wolfsslセッションã«ALPNを設定ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS: æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG SSLã¾ãŸã¯PROTOCOL_NAME_LISTãŒNULLã¾ãŸã¯PROTOCOL_NAME_LISTSZãŒå¤§ãã™ãŽãŸã‚Šã€ã‚ªãƒ—ションãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„ã‚‚ã®ã‚’å«ã¿ã¾ã™ã€‚ - \return MEMORY_ERROR プロトコルリストã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ - \return SSL_FAILURE 失敗時ã«è¿”ã•れã¾ã™ã€‚ - \param ssl 使用ã™ã‚‹WolfSSLセッション。 - \param protocol_name_list 使用ã™ã‚‹ãƒ—ロトコルåã®ãƒªã‚¹ãƒˆã€‚カンマ区切り文字列ãŒå¿…è¦ã§ã™ã€‚ - \param protocol_name_listSz プロトコルåã®ãƒªã‚¹ãƒˆã®ã‚µã‚¤ã‚ºã€‚ + + \brief wolfSSLセッションã§ALPNã®ä½¿ç”¨ã‚’セットアップã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG sslã¾ãŸã¯protocol_name_listãŒnullã€ã¾ãŸã¯protocol_name_listSzãŒå¤§ãã™ãŽã‚‹ã€ã¾ãŸã¯optionsãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„何ã‹ã‚’å«ã‚€å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_ERROR プロトコルリストã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + \return SSL_FAILURE 失敗時。 + + \param ssl 使用ã™ã‚‹wolfSSLセッション。 + \param protocol_name_list 使用ã™ã‚‹ãƒ—ロトコルåã®ãƒªã‚¹ãƒˆã€‚ã‚«ãƒ³ãƒžåŒºåˆ‡ã‚Šã®æ–‡å­—列ãŒå¿…è¦ã§ã™ã€‚ + \param protocol_name_listSz プロトコルåリストã®ã‚µã‚¤ã‚ºã€‚ + \param options WOLFSSL_ALPN_CONTINUE_ON_MISMATCHã¾ãŸã¯WOLFSSL_ALPN_FAILED_ON_MISMATCH。 _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; WOLFSSL* ssl; - WOLFSSL_METHOD method = // Some wolfSSL method + WOLFSSL_METHOD method = // ä»»æ„ã®wolfSSLメソッド ctx = wolfSSL_CTX_new(method); ssl = wolfSSL_new(ctx); - char alpn_list[] = {}; - - if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), + char alpn_list[] = {}; if (wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), WOLFSSL_APN_FAILED_ON_MISMATCH) != WOLFSSL_SUCCESS) { - // Error setting session ticket + // セッションãƒã‚±ãƒƒãƒˆè¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa TLSX_UseALPN */ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, @@ -8440,17 +9922,21 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãƒ¼ã«ã‚ˆã£ã¦è¨­å®šã•れãŸãƒ—ロトコルåã‚’å–å¾—ã—ã¾ã™ã€‚ - \return SSL_SUCCESS ã‚¨ãƒ©ãƒ¼ãŒæŠ•ã’られã¦ã„ãªã„正常ãªå®Ÿè¡Œã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return SSL_FATAL_ERROR æ‹¡å¼µå­ãŒè¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸå ´åˆã€ã¾ãŸã¯ãƒ”ã‚¢ã¨ãƒ—ロトコルãŒä¸€è‡´ã—ãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚2ã¤ä»¥ä¸Šã®ãƒ—ロトコルåãŒå—ã‘入れられã¦ã„ã‚‹å ´åˆã¯ã€ã‚¹ãƒ­ãƒ¼ã•れãŸã‚¨ãƒ©ãƒ¼ã‚‚ã‚りã¾ã™ã€‚ - \return SSL_ALPN_NOT_FOUND ピアã¨ãƒ—ロトコルã®ä¸€è‡´ãŒè¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸã“ã¨ã‚’示ã™è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG é–¢æ•°ã«æ¸¡ã•れãŸnull引数ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param protocol_name プロトコルåを表ã™CHARã¸ã®ãƒã‚¤ãƒ³ã‚¿ã¯ã€ALPN構造ã«ä¿æŒã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒãƒ¼ã«ã‚ˆã£ã¦è¨­å®šã•れãŸãƒ—ロトコルåã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS エラーãŒã‚¹ãƒ­ãƒ¼ã•れãšã«æ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR æ‹¡å¼µãŒè¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸå ´åˆã€ã¾ãŸã¯ãƒ”ã‚¢ã¨ã®ãƒ—ロトコルマッãƒãŒãªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã¾ãŸã€å—ã‘入れられãŸãƒ—ロトコルåãŒè¤‡æ•°ã‚ã‚‹å ´åˆã«ã‚‚エラーãŒã‚¹ãƒ­ãƒ¼ã•れã¾ã™ã€‚ + \return SSL_ALPN_NOT_FOUND ピアã¨ã®ãƒ—ロトコルマッãƒãŒè¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸã“ã¨ã‚’示ã—ã¦è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ã«NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param protocol_name プロトコルåを表ã—ã€ALPN構造体ã«ä¿æŒã•れるcharã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size protocol_nameã®ã‚µã‚¤ã‚ºã‚’表ã™word16型。 _Example_ \code - WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); + WOLFSSL_CTX* ctx = WOLFSSL_CTX_new( protocol method ); WOLFSSL* ssl = WOLFSSL_new(ctx); ... int err; @@ -8459,9 +9945,10 @@ err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz); if(err == SSL_SUCCESS){ - // Sent ALPN protocol + // ALPNプロトコルをé€ä¿¡ } \endcode + \sa TLSX_ALPN_GetRequest \sa TLSX_Find */ @@ -8470,13 +9957,17 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€alpn_client_listデータをSSLオブジェクトã‹ã‚‰ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚SSLオブジェクトã®ALPN_CLIENT_LISTメンãƒãƒ¼ãŒLISTパラメータã«ã‚³ãƒ”ーã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG listã¾ãŸã¯listszパラメーターãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BUFFER_ERROR リストãƒãƒƒãƒ•ã‚¡ã«å•題ãŒã‚ã‚‹å ´åˆã¯ï¼ˆNULLã¾ãŸã¯ã‚µã‚¤ã‚ºãŒ0ã®å ´åˆï¼‰ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_ERROR メモリを動的ã«å‰²ã‚Šå½“ã¦ã‚‹å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param list ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚SSLオブジェクトã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ãŒã‚³ãƒ”ーã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€SSLオブジェクトã‹ã‚‰alpn_client_listデータをãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚SSLオブジェクトã®alpn_client_listメンãƒãŒlistパラメータã«ã‚³ãƒ”ーã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG listã¾ãŸã¯listSzパラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_ERROR listãƒãƒƒãƒ•ã‚¡ã«å•題ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™(NULLã§ã‚ã‚‹ã‹ã€ã‚µã‚¤ã‚ºãŒ0ã®å ´åˆ)。 + \return MEMORY_ERROR メモリã®å‹•的割り当ã¦ã«å•題ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param list ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚SSLオブジェクトã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ãŒã“ã“ã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ + \param listSz ãƒãƒƒãƒ•ァサイズ。 _Example_ \code @@ -8492,20 +9983,24 @@ err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz); if(err == SSL_SUCCESS){ - List of protocols names sent by client + // クライアントãŒé€ä¿¡ã—ãŸãƒ—ロトコルåã®ãƒªã‚¹ãƒˆ } \endcode + \sa wolfSSL_UseALPN */ int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, unsigned short *listSz); /*! - \brief 'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆå†…ã®æœ€å¤§ãƒ•ラグメント長。ã“れã¯ã€æœ€å¤§ãƒ•ラグメント長拡張機能ãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.SSLã¯NULLã€MFLã¯ç¯„囲外ã§ã™ã€‚ - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLオブジェクトã§Maximum Fragment Lengthã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€wolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§Maximum Fragment Lengthæ‹¡å¼µãŒé€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: sslãŒNULLã€mflãŒç¯„囲外。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mfl セッションã«è¦æ±‚ã•れるMaximum Fragment Lengthを示ã—ã¾ã™ã€‚利用å¯èƒ½ãªã‚ªãƒ—ションã¯: enum { WOLFSSL_MFL_2_9 = 1, 512ãƒã‚¤ãƒˆ WOLFSSL_MFL_2_10 = 2, 1024ãƒã‚¤ãƒˆ WOLFSSL_MFL_2_11 = 3, 2048ãƒã‚¤ãƒˆ WOLFSSL_MFL_2_12 = 4, 4096ãƒã‚¤ãƒˆ WOLFSSL_MFL_2_13 = 5, 8192ãƒã‚¤ãƒˆ wolfSSL専用!!! }; _Example_ \code @@ -8514,28 +10009,32 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•— } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // sslã®ä½œæˆã«å¤±æ•— } ret = wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_2_11); if (ret != 0) { - // max fragment usage failed + // max fragmentã®ä½¿ç”¨ã«å¤±æ•— } \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_UseMaxFragment */ int wolfSSL_UseMaxFragment(WOLFSSL* ssl, unsigned char mfl); /*! - \brief SSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æœ€å¤§ãƒ•ラグメント長㕠'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れã¾ã—ãŸã€‚ã“れã¯ã€æœ€å¤§ãƒ•ラグメント長拡張機能ãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.CTXã¯NULLã€MFLã¯ç¯„囲外ã§ã™ã€‚ - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«å¯¾ã—ã¦Maximum Fragment Lengthã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€wolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§Maximum Fragment Lengthæ‹¡å¼µãŒé€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: ctxãŒNULLã€mflãŒç¯„囲外。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param mfl セッションã«è¦æ±‚ã•れるMaximum Fragment Lengthを示ã—ã¾ã™ã€‚利用å¯èƒ½ãªã‚ªãƒ—ションã¯: enum { WOLFSSL_MFL_2_9 = 1 512ãƒã‚¤ãƒˆã€WOLFSSL_MFL_2_10 = 2 1024ãƒã‚¤ãƒˆã€WOLFSSL_MFL_2_11 = 3 2048ãƒã‚¤ãƒˆ WOLFSSL_MFL_2_12 = 4 4096ãƒã‚¤ãƒˆã€WOLFSSL_MFL_2_13 = 5 8192ãƒã‚¤ãƒˆ wolfSSL専用!!!ã€WOLFSSL_MFL_2_13 = 6 256ãƒã‚¤ãƒˆ wolfSSL専用!!! }; _Example_ \code @@ -8543,23 +10042,27 @@ WOLFSSL_CTX* ctx = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•— } ret = wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11); if (ret != 0) { - // max fragment usage failed + // max fragmentã®ä½¿ç”¨ã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_UseMaxFragment */ int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, unsigned char mfl); /*! - \brief 'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLオブジェクト内ã®truncated HMAC。ã“れã¯ã€åˆ‡ã‚Šæ¨ã¦ã‚‰ã‚ŒãŸHMAC拡張機能ãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.SSLã¯NULLã§ã™ - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLオブジェクトã§Truncated HMACã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€wolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§Truncated HMACæ‹¡å¼µãŒé€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: sslãŒNULL。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8568,27 +10071,31 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•— } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // sslã®ä½œæˆã«å¤±æ•— } ret = wolfSSL_UseTruncatedHMAC(ssl); if (ret != 0) { - // truncated HMAC usage failed + // truncated HMACã®ä½¿ç”¨ã«å¤±æ•— } \endcode + \sa wolfSSL_new \sa wolfSSL_CTX_UseMaxFragment */ int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl); /*! - \brief 'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã®ãŸã‚ã®Truncated HMAC。ã“れã¯ã€åˆ‡ã‚Šæ¨ã¦ã‚‰ã‚ŒãŸHMAC拡張機能ãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.CTXã¯NULL - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«å¯¾ã—ã¦Truncated HMACã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€wolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§Truncated HMACæ‹¡å¼µãŒé€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: ctxãŒNULL。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8596,35 +10103,40 @@ WOLFSSL_CTX* ctx = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•— } ret = wolfSSL_CTX_UseTruncatedHMAC(ctx); if (ret != 0) { - // truncated HMAC usage failed + // truncated HMACã®ä½¿ç”¨ã«å¤±æ•— } \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_UseMaxFragment */ int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx); /*! - \brief OCSPã§æç¤ºã•れãŸè¨¼æ˜Žæ›¸å¤±åйãƒã‚§ãƒƒã‚¯ã®ã‚³ã‚¹ãƒˆã‚’下ã’ã¾ã™ã€‚ - \return SSL_SUCCESS tlsx_usecertificateStatusRequestãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG NULLã¾ãŸã¯ãã®ä»–ã®ç‚¹ã§ã¯ã€é–¢æ•°ã«æ¸¡ã•れãŸå€¤ãŒæ¸¡ã•れる引数ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param status_type tlsx_usecertificateSrequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—。 + \brief ステープリングã¯CAã«é€£çµ¡ã™ã‚‹å¿…è¦æ€§ã‚’排除ã—ã¾ã™ã€‚ステープリングã¯ã€OCSPã§æç¤ºã•れる証明書失効ãƒã‚§ãƒƒã‚¯ã®ã‚³ã‚¹ãƒˆã‚’削減ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS TLSX_UseCertificateStatusRequestãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG é–¢æ•°ã«æ¸¡ã•れãŸå¼•æ•°ãŒNULLã¾ãŸã¯è¨±å®¹ã§ããªã„値ã§ã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param status_type TLSX_UseCertificateStatusRequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れるãƒã‚¤ãƒˆåž‹ã€‚ + \param options TLSX_UseCertificateStatusRequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れるãƒã‚¤ãƒˆåž‹ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); … if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, - WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS){ - // Failed case. + WOLFSSL_CSR2_OCSP_USE_NONCE) != SSL_SUCCESS){ + // 失敗ケース } \endcode + \sa TLSX_UseCertificateStatusRequest \sa wolfSSL_CTX_UseOCSPStapling */ @@ -8632,28 +10144,32 @@ unsigned char status_type, unsigned char options); /*! - \brief - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 未解決ã®å€¤ãŒã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã€WOLFSSL_CTX構造体ãŒNULLã¾ãŸã¯ãã†ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 関数ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒãƒ¡ãƒ¢ãƒªã‚’æ­£ã—ã割り振るã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param status_type tlsx_usecertificateSrequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れã¦ã„ã‚‹ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—。 + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«è¨¼æ˜Žæ›¸ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚’è¦æ±‚ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«è¨±å¯ã•れã¦ã„ãªã„å€¤ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 関数ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ãŒãƒ¡ãƒ¢ãƒªã®é©åˆ‡ãªå‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param status_type TLSX_UseCertificateStatusRequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れるãƒã‚¤ãƒˆåž‹ã€‚ + \param options TLSX_UseCertificateStatusRequest()ã«æ¸¡ã•れã€CertificateStatusRequestæ§‹é€ ä½“ã«æ ¼ç´ã•れるãƒã‚¤ãƒˆåž‹ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); WOLFSSL* ssl = wolfSSL_new(ctx); - byte statusRequest = 0; // Initialize status request + byte statusRequest = 0; // ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ãƒªã‚¯ã‚¨ã‚¹ãƒˆã‚’åˆæœŸåŒ– … switch(statusRequest){ case WOLFSSL_CSR_OCSP: if(wolfSSL_CTX_UseOCSPStapling(ssl->ctx, WOLFSSL_CSR_OCSP, - WOLF_CSR_OCSP_USE_NONCE) != SSL_SUCCESS){ - // UseCertificateStatusRequest failed + WOLF_CSR_OCSP_USE_NONCE) != SSL_SUCCESS){ + // UseCertificateStatusRequestãŒå¤±æ•— } - // Continue switch cases + // switchケースを続ã‘ã‚‹ \endcode - \sa wolfSSL_UseOCSPStaplingV2 + + \sa wolfSSL_UseOCSPStapingV2 \sa wolfSSL_UseOCSPStapling \sa TLSX_UseCertificateStatusRequest */ @@ -8661,21 +10177,25 @@ unsigned char status_type, unsigned char options); /*! - \brief - \return SSL_SUCCESS - 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E - メモリエラーã®å‰²ã‚Šå½“ã¦ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG - NULLã¾ãŸã¯ãれ以外ã®å ´åˆã¯è§£èª­ã•れã¦ã„ãªã„引数ãŒé–¢æ•°ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param status_type OCSPステータスタイプをロードã™ã‚‹ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—。 + \brief ã“ã®é–¢æ•°ã¯ã€OCSPã®ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹ã‚¿ã‚¤ãƒ—ã¨ã‚ªãƒ—ションを設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 関数ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã«NULLã¾ãŸã¯è¨±å®¹ã•れãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param status_type OCSPステータスタイプをロードã™ã‚‹ãƒã‚¤ãƒˆåž‹ã€‚ + \param options wolfSSL_SNI_SetOptions()ã¨wolfSSL_CTX_SNI_SetOptions()ã§è¨­å®šã•れるOCSPã‚ªãƒ—ã‚·ãƒ§ãƒ³ã‚’ä¿æŒã™ã‚‹ãƒã‚¤ãƒˆåž‹ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); ... if (wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP_MULTI, 0) != SSL_SUCCESS){ - // Did not execute properly. Failure case code block. + // æ­£ã—ã実行ã•れã¾ã›ã‚“ã§ã—ãŸã€‚失敗ケースã®ã‚³ãƒ¼ãƒ‰ãƒ–ロック } \endcode + \sa TLSX_UseCertificatStatusRequestV2 \sa wolfSSL_SNI_SetOptions \sa wolfSSL_CTX_SNI_SetOptions @@ -8684,12 +10204,15 @@ unsigned char status_type, unsigned char options); /*! - \brief OCSPステイプルã®ãŸã‚ã«ã€‚ - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã€‚ - \return BAD_FUNC_ARG WOLFSSL_CTX構造ãŒnullã®å ´åˆã€ã¾ãŸã¯å´æ•°å¤‰æ•°ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§ã¯ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param status_type CertificatStatusRequest構造体ã«ã‚ã‚‹ãƒã‚¤ãƒˆã‚¿ã‚¤ãƒ—ã§ã€wolfssl_csr2_ocspã¾ãŸã¯wolfssl_csr2_ocsp_multiã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 + \brief OCSPステープリング用ã®è¨¼æ˜Žæ›¸ã‚¹ãƒ†ãƒ¼ã‚¿ã‚¹è¦æ±‚を作æˆã—ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG WOLFSSL_CTX構造体ãŒNULLã€ã¾ãŸã¯side変数ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param status_type CertificatStatusRequest構造体ã«ã‚ã‚‹ãƒã‚¤ãƒˆåž‹ã§ã€WOLFSSL_CSR2_OCSPã¾ãŸã¯WOLFSSL_CSR2_OCSP_MULTIã®ã„ãšã‚Œã‹ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param options CertificateStatusRequestItemV2構造体ã«ä¿æŒã•れるãƒã‚¤ãƒˆåž‹ã€‚ _Example_ \code @@ -8698,9 +10221,10 @@ byte options; ... if(wolfSSL_CTX_UseOCSPStaplingV2(ctx, status_type, options); != SSL_SUCCESS){ - // Failure case. + // 失敗ケース } \endcode + \sa TLSX_UseCertificateStatusRequestV2 \sa wc_RNG_GenerateBlock \sa TLSX_Push @@ -8709,11 +10233,15 @@ unsigned char status_type, unsigned char options); /*! - \brief サãƒãƒ¼ãƒˆã•れã¦ã„る楕円曲線拡張å­ã¯ã€ 'SSL'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLオブジェクトã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ã“れã¯ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„るカーブãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯è¤‡æ•°ã®æ›²ç·šã‚’有効ã«ã™ã‚‹ãŸã‚ã«è¤‡æ•°ã®æ™‚é–“ã¨å‘¼ã¶ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.SSLã¯NULLã§ã™ã€‚åå‰ã¯æœªçŸ¥ã®å€¤ã§ã™ã€‚(下記å‚照) - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€'ssl'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLオブジェクトã§Supported Elliptic Curvesæ‹¡å¼µã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€wolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§æœ‰åŠ¹åŒ–ã•れãŸã‚µãƒãƒ¼ãƒˆã•れる曲線ãŒé€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€è¤‡æ•°ã®æ›²ç·šã‚’有効ã«ã™ã‚‹ãŸã‚ã«è¤‡æ•°å›žå‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: sslãŒNULLã€nameãŒä¸æ˜Žãªå€¤(下記å‚ç…§)。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param name セッションã§ã‚µãƒãƒ¼ãƒˆã•れる曲線を示ã—ã¾ã™ã€‚利用å¯èƒ½ãªã‚ªãƒ—ションã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™: enum { WOLFSSL_ECC_SECP160R1 = 0x10, + WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15, + WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18, + WOLFSSL_ECC_SECP521R1 = 0x19 }; _Example_ \code @@ -8722,28 +10250,35 @@ WOLFSSL* ssl = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } ssl = wolfSSL_new(ctx); if (ssl == NULL) { - // ssl creation failed + // sslã®ä½œæˆã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } ret = wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1); if (ret != 0) { - // Elliptic Curve Extension usage failed + // 楕円曲線拡張ã®ä½¿ç”¨ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_UseSupportedCurve */ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name); /*! - \brief サãƒãƒ¼ãƒˆã•れã¦ã„る楕円曲線ã¯ã€ 'ctx'ãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã«æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã®æ‹¡å¼µå­ã§ã™ã€‚ã“れã¯ã€ã‚µãƒãƒ¼ãƒˆã•れã¦ã„るカーブãŒWolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯è¤‡æ•°ã®æ›²ç·šã‚’有効ã«ã™ã‚‹ãŸã‚ã«è¤‡æ•°ã®æ™‚é–“ã¨å‘¼ã¶ã“ã¨ãŒã§ãã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラーã§ã™.CTXã¯NULLã€åå‰ã¯æœªçŸ¥ã®å€¤ã§ã™ã€‚(下記å‚照) - \return MEMORY_E å分ãªãƒ¡ãƒ¢ãƒªãŒãªã„ã¨ãã«ã‚¨ãƒ©ãƒ¼ãŒè¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ctxãƒ‘ãƒ©ãƒ¡ãƒ¼ã‚¿ã§æ¸¡ã•れãŸSSLコンテキストã‹ã‚‰ä½œæˆã•れãŸSSLオブジェクトã«å¯¾ã—ã¦ã€ã‚µãƒãƒ¼ãƒˆã•れる楕円曲線拡張ã®ä½¿ç”¨ã‚’有効ã«ã™ã‚‹ãŸã‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€æœ‰åйã«ã•れãŸã‚µãƒãƒ¼ãƒˆã•れる曲線ãŒwolfSSLクライアントã«ã‚ˆã£ã¦ClientHelloã§é€ä¿¡ã•れるã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€è¤‡æ•°ã®æ›²ç·šã‚’有効ã«ã™ã‚‹ãŸã‚ã«è¤‡æ•°å›žå‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG 次ã®ã„ãšã‚Œã‹ã®å ´åˆã«è¿”ã•れるエラー: ctxãŒNULLã€nameãŒä¸æ˜Žãªå€¤(下記å‚ç…§)。 + \return MEMORY_E メモリãŒä¸è¶³ã—ã¦ã„ã‚‹å ´åˆã«è¿”ã•れるエラー。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param name セッションã§ã‚µãƒãƒ¼ãƒˆã•れる曲線を示ã—ã¾ã™ã€‚利用å¯èƒ½ãªã‚ªãƒ—ションã¯ä»¥ä¸‹ã®é€šã‚Šã§ã™: enum { WOLFSSL_ECC_SECP160R1 = 0x10, + WOLFSSL_ECC_SECP192R1 = 0x13, WOLFSSL_ECC_SECP224R1 = 0x15, + WOLFSSL_ECC_SECP256R1 = 0x17, WOLFSSL_ECC_SECP384R1 = 0x18, + WOLFSSL_ECC_SECP521R1 = 0x19 }; _Example_ \code @@ -8751,13 +10286,14 @@ WOLFSSL_CTX* ctx = 0; ctx = wolfSSL_CTX_new(method); if (ctx == NULL) { - // context creation failed + // コンテキストã®ä½œæˆã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } ret = wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1); if (ret != 0) { - // Elliptic Curve Extension usage failed + // 楕円曲線拡張ã®ä½¿ç”¨ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_UseSupportedCurve */ @@ -8766,25 +10302,30 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ä¾›çµ¦ã•れãŸWOLFSSL構造ã®å®‰å…¨ãªå†äº¤æ¸‰ã‚’強制ã—ã¾ã™ã€‚ã“れã¯ãŠå‹§ã‚ã§ãã¾ã›ã‚“。 - \return SSL_SUCCESS 安全ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚’正常ã«è¨­å®šã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return MEMORY_E 安全ãªå†äº¤æ¸‰ã®ãŸã‚ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã“ã¨ãŒã§ããªã„å ´åˆã€ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æä¾›ã•れãŸWOLFSSL構造体ã«å¯¾ã—ã¦å®‰å…¨ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚’強制ã—ã¾ã™ã€‚ã“ã‚Œã¯æŽ¨å¥¨ã•れã¾ã›ã‚“。 + + \return SSL_SUCCESS 安全ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + \return MEMORY_E 安全ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ç”¨ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã§ããªã„å ´åˆã«ã‚¨ãƒ©ãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; WOLFSSL* ssl; - WOLFSSL_METHOD method = // Some wolfSSL method + WOLFSSL_METHOD method = // 何らã‹ã®wolfSSLメソッド ctx = wolfSSL_CTX_new(method); ssl = wolfSSL_new(ctx); if(wolfSSL_UseSecureRenegotiation(ssl) != SSL_SUCCESS) { - // Error setting secure renegotiation + // 安全ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®è¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa TLSX_Find \sa TLSX_UseSecureRenegotiation */ @@ -8792,20 +10333,25 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯å®‰å…¨ãªå†äº¤æ¸‰ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã—ã¾ã™ã€‚ã“れã¯ã€WolfSSLãŒã“ã®æ©Ÿèƒ½ã‚’妨ã’るよã†ã«å¼·åˆ¶ã•れã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造ãŒnullã¾ãŸã¯ãã†ã§ãªã‘れã°ã€è¨±å®¹ã§ããªã„引数ãŒã‚µãƒ–ルーãƒãƒ³ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SECURE_RENEGOTIATION_E ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’å†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã™ã‚‹ã“ã¨ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR サーãƒãƒ¼ã¾ãŸã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆæ§‹æˆã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯ã€å†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãŒå®Œäº†ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚wolfssl_negotiate()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \brief ã“ã®é–¢æ•°ã¯å®‰å…¨ãªå†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã—ã¾ã™ã€‚wolfSSLã¯ã“ã®æ©Ÿèƒ½ã‚’推奨ã—ã¦ã„ãªã„ãŸã‚ã€ã“れã¯ãƒ¦ãƒ¼ã‚¶ãŒå¼·åˆ¶ã™ã‚‹ã‚‚ã®ã§ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã€ã¾ãŸã¯ã‚µãƒ–ルーãƒãƒ³ã§å—ã‘入れられãªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SECURE_RENEGOTIATION_E ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®å†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã§ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR サーãƒã¾ãŸã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨­å®šã«ã‚¨ãƒ©ãƒ¼ãŒã‚りã€å†ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚’完了ã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚wolfSSL_negotiate()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); ... if(wolfSSL_Rehandshake(ssl) != SSL_SUCCESS){ - // There was an error and the rehandshake is not successful. + // エラーãŒç™ºç”Ÿã—ã€å†ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯æˆåŠŸã—ã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_negotiate \sa wc_InitSha512 \sa wc_InitSha384 @@ -8817,73 +10363,89 @@ /*! \ingroup IO - \brief セッションãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ã‚ˆã†ã«WolfSSL構造を強制ã—ã¾ã™ã€‚定数hous_session_ticketを定義ã—ã€å®šæ•°NO_WOLFSSL_CLIENTã‚’ã“ã®é–¢æ•°ã‚’使用ã™ã‚‹ã‚ˆã†ã«å®šç¾©ã—ãªã„ã§ãã ã•ã„。 - \return SSL_SUCCESS セッションãƒã‚±ãƒƒãƒˆã‚’使用ã—ãŸã‚»ãƒƒãƒˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E セッションãƒã‚±ãƒƒãƒˆã‚’設定ã™ã‚‹ãŸã‚ã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \brief æä¾›ã•れãŸWOLFSSL構造体ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ã‚ˆã†å¼·åˆ¶ã—ã¾ã™ã€‚定数HAVE_SESSION_TICKETãŒå®šç¾©ã•れã¦ãŠã‚Šã€å®šæ•°NO_WOLFSSL_CLIENTãŒå®šç¾©ã•れã¦ã„ãªã„å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return SSL_SUCCESS セッションãƒã‚±ãƒƒãƒˆã®ä½¿ç”¨è¨­å®šã«æˆåŠŸã—ã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E セッションãƒã‚±ãƒƒãƒˆè¨­å®šã®ãŸã‚ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; WOLFSSL* ssl; - WOLFSSL_METHOD method = // Some wolfSSL method + WOLFSSL_METHOD method = // 何らã‹ã®wolfSSLメソッド ctx = wolfSSL_CTX_new(method); ssl = wolfSSL_new(ctx); if(wolfSSL_UseSessionTicket(ssl) != SSL_SUCCESS) { - // Error setting session ticket + // セッションãƒã‚±ãƒƒãƒˆã®è¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa TLSX_UseSessionTicket */ int wolfSSL_UseSessionTicket(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ã‚ˆã†ã«WolfSSLコンテキストを設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ã¯æ­£å¸¸ã«å®Ÿè¡Œã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 内部関数内ã®ãƒ¡ãƒ¢ãƒªã®å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLコンテキストã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ã‚ˆã†è¨­å®šã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG ctxãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E 内部関数ã§ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¨ãƒ©ãƒ¼ã€‚ + + \param ctx 使用ã™ã‚‹WOLFSSL_CTX構造体。 _Example_ \code wolfSSL_Init(); WOLFSSL_CTX* ctx; - WOLFSSL_METHOD method = // Some wolfSSL method ; + WOLFSSL_METHOD method = // 何らã‹ã®wolfSSLメソッド ; ctx = wolfSSL_CTX_new(method); if(wolfSSL_CTX_UseSessionTicket(ctx) != SSL_SUCCESS) { - // Error setting session ticket + // セッションãƒã‚±ãƒƒãƒˆã®è¨­å®šã‚¨ãƒ©ãƒ¼ } \endcode + \sa TLSX_UseSessionTicket */ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx); /*! \ingroup IO - \brief ã“ã®æ©Ÿèƒ½ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³æ§‹é€ ã®ãƒã‚±ãƒƒãƒˆãƒ¡ãƒ³ãƒãƒ¼ã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 引数ã®1ã¤ãŒNULLã®å ´åˆã€ã¾ãŸã¯bufsz引数ãŒ0ã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf メモリãƒãƒƒãƒ•ァを表ã™ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€Session構造体ã®ticketメンãƒã‚’ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚bufãŒNULLã§bufSzãŒéžNULLã®å ´åˆã€bufSzã¯ãƒã‚±ãƒƒãƒˆé•·ã«è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG sslã¾ãŸã¯bufSzãŒNULLã®å ´åˆã€ã¾ãŸã¯bufSzãŒéžNULLã§bufãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf メモリãƒãƒƒãƒ•ァを表ã™byteãƒã‚¤ãƒ³ã‚¿ã€‚ + \param bufSz ãƒãƒƒãƒ•ァサイズを表ã™word32ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); WOLFSSL* ssl = wolfSSL_new(ctx); byte* buf; - word32 bufSz; // Initialize with buf size + word32 bufSz; // bufサイズã§åˆæœŸåŒ– … if(wolfSSL_get_SessionTicket(ssl, buf, bufSz) <= 0){ - // Nothing was written to the buffer + // ãƒãƒƒãƒ•ã‚¡ã«ä½•も書ãè¾¼ã¾ã‚Œã¾ã›ã‚“ã§ã—ãŸã€‚ } else { - // the buffer holds the content from ssl->session->ticket + // ãƒãƒƒãƒ•ã‚¡ã¯ssl->session->ticketã®å†…å®¹ã‚’ä¿æŒã—ã¦ã„ã¾ã™ã€‚ } \endcode + \sa wolfSSL_UseSessionTicket \sa wolfSSL_set_SessionTicket */ @@ -8891,34 +10453,43 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSL構造体内ã®wolfssl_session構造体ã®ãƒã‚±ãƒƒãƒˆãƒ¡ãƒ³ãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚é–¢æ•°ã«æ¸¡ã•れãŸãƒãƒƒãƒ•ã‚¡ã¯ãƒ¡ãƒ¢ãƒªã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ - \return SSL_SUCCESS 機能ã®å®Ÿè¡Œã«æˆåŠŸã—ãŸã“ã¨ã«æˆ»ã‚Šã¾ã™ã€‚関数ã¯ã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚BUF引数ãŒNULLã®å ´åˆã¯ã€ã“れã¯ã‚¹ãƒ­ãƒ¼ã•れã¾ã™ãŒã€bufsz引数ã¯ã‚¼ãƒ­ã§ã¯ã‚りã¾ã›ã‚“。 - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf セッション構造ã®ãƒã‚±ãƒƒãƒˆãƒ¡ãƒ³ãƒãƒ¼ã«ãƒ­ãƒ¼ãƒ‰ã•れるãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体内ã®WOLFSSL_SESSION構造体ã®ticketメンãƒã‚’設定ã—ã¾ã™ã€‚é–¢æ•°ã«æ¸¡ã•れãŸãƒãƒƒãƒ•ã‚¡ã¯ãƒ¡ãƒ¢ãƒªã«ã‚³ãƒ”ーã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã®å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚関数ã¯ã‚¨ãƒ©ãƒ¼ãªãè¿”ã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚bufSz引数ãŒã‚¼ãƒ­ã§ãªã„ã®ã«buf引数ãŒNULLã®å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf セッション構造体ã®ticketメンãƒã«èª­ã¿è¾¼ã¾ã‚Œã‚‹byteãƒã‚¤ãƒ³ã‚¿ã€‚ + \param bufSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™word32型。 _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); WOLFSSL* ssl = wolfSSL_new(ctx); - byte* buffer; // File to load + byte* buffer; // 読ã¿è¾¼ã‚€ãƒ•ァイル word32 bufSz; ... if(wolfSSL_KeepArrays(ssl, buffer, bufSz) != SSL_SUCCESS){ - // There was an error loading the buffer to memory. + // ãƒãƒƒãƒ•ァをメモリã«èª­ã¿è¾¼ã‚€éš›ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_set_SessionTicket_cb */ int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const unsigned char* buf, word32 bufSz); /*! - \brief CallbackSessionTicketã¯ã€int(* callbacksessionTicket)(wolfssl *ã€const unsigned char *ã€intã€void *)ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WolfSSL構造ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb Type CallbackSessionTicketã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚CallbackSessionTicketåž‹ã¯ã€æ¬¡ã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¤é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã™: + int (*CallbackSessionTicket)(WOLFSSL*, const unsigned char*, int, void*) + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã実行ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb CallbackSessionTicketåž‹ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ctx WOLFSSL構造体ã®session_ticket_ctxメンãƒã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8927,9 +10498,10 @@ … int sessionTicketCB(WOLFSSL* ssl, const unsigned char* ticket, int ticketSz, void* ctx){ … } - wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)â€initial sessionâ€); + wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); \endcode - \sa wolfSSL_set_SessionTicket + + \sa wolfSSL_get_SessionTicket \sa CallbackSessionTicket \sa sessionTicketCB */ @@ -8937,15 +10509,15 @@ CallbackSessionTicket cb, void* ctx); /*! - \brief ã“ã®é–¢æ•°ã¯TLS1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ãŒç¢ºç«‹ã—ãŸã‚ã¨ã§ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’é€ä¿¡ã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒç¢ºç«‹ã•れãŸå¾Œã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’é€ä¿¡ã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS セッションãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULL,ã‚ã‚‹ã„ã¯TLS v1.3を使用ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR returned サーãƒãƒ¼å´ã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ãŒå®Œäº†ã—ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_FATAL_ERROR メッセージã®ç”Ÿæˆã‹é€ä¿¡ã«å¤±æ•—ã—ãŸéš›ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS æ–°ã—ã„セッションãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIDE_ERROR サーãƒã§ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_FATAL_ERROR メッセージã®ä½œæˆã¾ãŸã¯é€ä¿¡ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使ã£ã¦ç”Ÿæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -8955,7 +10527,7 @@ … ret = wolfSSL_send_SessionTicket(ssl); if (ret != WOLFSSL_SUCCESS) { - // New session ticket not sent. + // æ–°ã—ã„セッションãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•れã¾ã›ã‚“ã§ã—ãŸã€‚ } \endcode @@ -8966,78 +10538,96 @@ int wolfSSL_send_SessionTicket(WOLFSSL* ssl); /*! - \brief RFC 5077ã§æŒ‡å®šã•れã¦ã„るセッションãƒã‚±ãƒƒãƒˆã‚’サãƒãƒ¼ãƒˆã™ã‚‹ãŸã‚ã®ã‚µãƒ¼ãƒãƒ¼ãŒã€‚ - \return SSL_SUCCESS セッションを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ç„¡åйãªå¼•æ•°ã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã—ã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb セッションãƒã‚±ãƒƒãƒˆã‚’æš—å·åŒ–/復å·åŒ–ã™ã‚‹ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•° - \param ssl(Callback) wolfSSL_new()ã§ä½œæˆã•れãŸWolfSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param key_name(Callback) ã“ã®ãƒã‚±ãƒƒãƒˆã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã®ä¸€æ„ã®ã‚­ãƒ¼åã¯ãƒ©ãƒ³ãƒ€ãƒ ã«ç”Ÿæˆã•れるã¹ãã§ã™ - \param iv(Callback) ユニークãªIVã“ã®ãƒã‚±ãƒƒãƒˆã®å ´åˆã€æœ€å¤§128ビットã€ãƒ©ãƒ³ãƒ€ãƒ ã«ç”Ÿæˆã•れるã¹ãã§ã™ - \param mac(Callback) ã“ã®ãƒã‚±ãƒƒãƒˆã®æœ€å¤§256ビットMAC - \param enc(Callback) ã“ã®æš—å·åŒ–パラメータãŒtrueã®å ´åˆã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯ã‚­ãƒ¼ã‚³ãƒ¼ãƒ‰ã€IVã€Macを記入ã—ã€ãƒã‚±ãƒƒãƒˆã‚’é•·ã•ã®ã‚¤ãƒ³ãƒ¬ãƒ«ã®ç¯„å›²å†…ã«æš—å·åŒ–ã—ã€çµæžœã¨ã—ã¦ç”Ÿã˜ã‚‹å‡ºåŠ›é•·ã‚’* outreenã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ wolfssl_ticket_ret_okã‚’è¿”ã™æš—å·åŒ–ãŒæˆåŠŸã—ãŸã“ã¨ã‚’WolfSSLã«æŒ‡ç¤ºã—ã¾ã™ã€‚ã“ã®æš—å·åŒ–パラメータãŒfalseã®å ´åˆã€key_nameã€ivã€ãŠã‚ˆã³macを使用ã—ã¦ã€ãƒªãƒ³ã‚°ã‚¤ãƒ³ãƒ¬ãƒ¼ãƒ³ã®ç¯„囲内ã®ãƒã‚±ãƒƒãƒˆã®å¾©å·åŒ–を実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚çµæžœã®å¾©å·é•·ã¯* outreenã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ wolfssl_ticket_ret_okã‚’è¿”ã™ã¨ã€å¾©å·åŒ–ã•れãŸãƒã‚±ãƒƒãƒˆã®ä½¿ç”¨ã‚’続行ã™ã‚‹ã‚ˆã†ã«WolfSSLã«æŒ‡ç¤ºã—ã¾ã™ã€‚ wolfssl_ticket_ret_createã‚’è¿”ã™ã¨ã€å¾©å·åŒ–ã•れãŸãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ã ã‘ã§ãªãã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«é€ä¿¡ã™ã‚‹ãŸã‚ã®æ–°ã—ã„ã‚‚ã®ã‚’生æˆã™ã‚‹ã‚ˆã†ã«æŒ‡ç¤ºã—ã€æœ€è¿‘ロールã•れã¦ã„ã‚‹å ´åˆã«å½¹ç«‹ã¤ã€ãƒ•ルãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’強制ã—ãŸããªã„。 wolfssl_ticket_ret_rejectã‚’è¿”ã™ã¨ã€WolfSSLã«ã“ã®ãƒã‚±ãƒƒãƒˆã‚’æ‹’å¦ã—ã€ãƒ•ルãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã—ã€é€šå¸¸ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã®ãŸã‚ã®æ–°ã—ã„æ¨™æº–セッションIDを作æˆã—ã¾ã™ã€‚ wolfssl_ticket_ret_fatalã‚’è¿”ã™ã¨ã€è‡´å‘½çš„ãªã‚¨ãƒ©ãƒ¼ã§æŽ¥ç¶šã®è©¦ã¿ã‚’終了ã™ã‚‹ã‚ˆã†ã«WolfSSLã«æŒ‡ç¤ºã—ã¾ã™ã€‚ - \param ticket(Callback) æš—å·åŒ–ãƒã‚±ãƒƒãƒˆã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ァ。ENCパラメータをå‚ç…§ã—ã¦ãã ã•ã„ - \param inLen(Callback) ãƒã‚±ãƒƒãƒˆãƒ‘ラメータã®å…¥åЛ長 - \param outLen(Callback) ãƒã‚±ãƒƒãƒˆãƒ‘ラメータã®çµæžœã®å‡ºåŠ›é•·ã€‚ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯outlenを入力ã™ã‚‹ã¨ã€ãƒã‚±ãƒƒãƒˆãƒãƒƒãƒ•ã‚¡ã§ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚ºãŒè¡¨ç¤ºã•れã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€RFC 5077ã§è¦å®šã•れã¦ã„るセッションãƒã‚±ãƒƒãƒˆã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã‚µãƒ¼ãƒã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆéµæš—å·åŒ–コールãƒãƒƒã‚¯é–¢æ•°ã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS セッションã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€é–¢æ•°ã«ç„¡åйãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«ç™ºç”Ÿã—ã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb セッションãƒã‚±ãƒƒãƒˆã‚’æš—å·åŒ–/復å·ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•° + \param ssl(Callback) wolfSSL_new()ã§ä½œæˆã•れãŸWOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param key_name(Callback) ã“ã®ãƒã‚±ãƒƒãƒˆã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆç”¨ã®ä¸€æ„ã®éµåã€ãƒ©ãƒ³ãƒ€ãƒ ã«ç”Ÿæˆã•れるã¹ãã§ã™ + \param iv(Callback) ã“ã®ãƒã‚±ãƒƒãƒˆç”¨ã®ä¸€æ„ã®IVã€æœ€å¤§128ビットã€ãƒ©ãƒ³ãƒ€ãƒ ã«ç”Ÿæˆã•れるã¹ãã§ã™ + \param mac(Callback) ã“ã®ãƒã‚±ãƒƒãƒˆç”¨ã®æœ€å¤§256ビットã®mac + \param enc(Callback) ã“ã®æš—å·åŒ–パラメータãŒtrueã®å ´åˆã€ãƒ¦ãƒ¼ã‚¶ã¯key_nameã€ivã€macを入力ã—ã€é•·ã•inLenã®ãƒã‚±ãƒƒãƒˆã‚’ã‚¤ãƒ³ãƒ—ãƒ¬ãƒ¼ã‚¹ã§æš—å·åŒ–ã—ã€çµæžœã®å‡ºåŠ›é•·ã‚’*outLenã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚WOLFSSL_TICKET_RET_OKã‚’è¿”ã™ã“ã¨ã§ã€wolfSSLã«æš—å·åŒ–ãŒæˆåŠŸã—ãŸã“ã¨ã‚’ä¼ãˆã¾ã™ã€‚ã“ã®æš—å·åŒ–パラメータãŒfalseã®å ´åˆã€ãƒ¦ãƒ¼ã‚¶ã¯key_nameã€ivã€macを使用ã—ã¦é•·ã•inLenã®ãƒã‚±ãƒƒãƒˆã®ã‚¤ãƒ³ãƒ—レース復å·ã‚’実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚çµæžœã®å¾©å·é•·ã¯*outLenã«è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚WOLFSSL_TICKET_RET_OKã‚’è¿”ã™ã“ã¨ã§ã€wolfSSLã«å¾©å·ã•れãŸãƒã‚±ãƒƒãƒˆã‚’使用ã—ã¦ç¶šè¡Œã™ã‚‹ã‚ˆã†ä¼ãˆã¾ã™ã€‚WOLFSSL_TICKET_RET_CREATEã‚’è¿”ã™ã“ã¨ã§ã€wolfSSLã«å¾©å·ã•れãŸãƒã‚±ãƒƒãƒˆã‚’使用ã™ã‚‹ãŒã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«é€ä¿¡ã™ã‚‹æ–°ã—ã„ãƒã‚±ãƒƒãƒˆã‚‚生æˆã™ã‚‹ã‚ˆã†ä¼ãˆã¾ã™ã€‚ã“ã‚Œã¯æœ€è¿‘éµã‚’ロールã—ãŸå ´åˆã«å®Œå…¨ãªãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’強制ã—ãŸããªã„å ´åˆã«å½¹ç«‹ã¡ã¾ã™ã€‚WOLFSSL_TICKET_RET_REJECTã‚’è¿”ã™ã“ã¨ã§ã€wolfSSLã«ã“ã®ãƒã‚±ãƒƒãƒˆã‚’æ‹’å¦ã—ã€å®Œå…¨ãªãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’実行ã—ã€é€šå¸¸ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ç”¨ã®æ–°ã—ã„æ¨™æº–セッションIDを作æˆã™ã‚‹ã‚ˆã†ä¼ãˆã¾ã™ã€‚WOLFSSL_TICKET_RET_FATALã‚’è¿”ã™ã“ã¨ã§ã€wolfSSLã«è‡´å‘½çš„ã‚¨ãƒ©ãƒ¼ã§æŽ¥ç¶šè©¦è¡Œã‚’çµ‚äº†ã™ã‚‹ã‚ˆã†ä¼ãˆã¾ã™ã€‚ + \param ticket(Callback) æš—å·åŒ–ã•れãŸãƒã‚±ãƒƒãƒˆã®å…¥å‡ºåŠ›ãƒãƒƒãƒ•ァ。encパラメータをå‚ç…§ã—ã¦ãã ã•ã„。 + \param inLen(Callback) ticketパラメータã®å…¥åŠ›é•·ã€‚ + \param outLen(Callback) ticketパラメータã®çµæžœå‡ºåŠ›é•·ã€‚ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã«å…¥ã‚‹ã¨ãã€outLenã¯ticketãƒãƒƒãƒ•ã‚¡ã§åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚ºã‚’示ã—ã¾ã™ã€‚ + \param userCtx(Callback) wolfSSL_CTX_set_TicketEncCtx()ã§è¨­å®šã•れãŸãƒ¦ãƒ¼ã‚¶ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆ _Example_ \code - See wolfssl/test.h myTicketEncCb() used by the example - server and example echoserver. + wolfssl/test.hã®myTicketEncCb()ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + サンプルサーãƒã¨ã‚µãƒ³ãƒ—ルechoserverã§ä½¿ç”¨ã•れã¦ã„ã¾ã™ã€‚ \endcode + \sa wolfSSL_CTX_set_TicketHint \sa wolfSSL_CTX_set_TicketEncCtx */ int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, - SessionTicketEncCb); + SessionTicketEncCb cb); /*! - \brief サーãƒãƒ¼ã‚µã‚¤ãƒ‰ã®ä½¿ç”¨ã®ãŸã‚ã«ã€‚ - \return SSL_SUCCESS セッションを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ç„¡åйãªå¼•æ•°ã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã—ã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ä¸­ç¶™ã•れるセッションãƒã‚±ãƒƒãƒˆãƒ’ントを設定ã—ã¾ã™ã€‚サーãƒå´ã§ã®ä½¿ç”¨ã€‚ + + \return SSL_SUCCESS セッションã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€é–¢æ•°ã«ç„¡åйãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«ç™ºç”Ÿã—ã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param hint ãƒã‚±ãƒƒãƒˆãŒæœ‰åйã§ã‚ã‚‹å¯èƒ½æ€§ãŒã‚る秒数。クライアントã¸ã®ãƒ’ント。 _Example_ \code none \endcode - \sa wolfSSL_CTX_set_TicketEncCb -*/ -int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int); + + \sa wolfSSL_CTX_set_TicketEncCb*/ +int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint); /*! - \brief 折り返ã—電話。サーãƒãƒ¼ã‚µã‚¤ãƒ‰ã®ä½¿ç”¨ã®ãŸã‚ã«ã€‚ - \return SSL_SUCCESS セッションを正常ã«è¨­å®šã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ç„¡åйãªå¼•æ•°ã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ç™ºç”Ÿã—ã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ç”¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆæš—å·åŒ–ユーザコンテキストを設定ã—ã¾ã™ã€‚サーãƒå´ã§ä½¿ç”¨ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS セッションã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯é–¢æ•°ã«ç„¡åйãªå¼•æ•°ãŒæ¸¡ã•れãŸã“ã¨ãŒåŽŸå› ã§ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param userCtx コールãƒãƒƒã‚¯ç”¨ã®ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_set_TicketEncCb */ -int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void*); +int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx); /*! - \brief 折り返ã—電話。サーãƒãƒ¼ã‚µã‚¤ãƒ‰ã®ä½¿ç”¨ã®ãŸã‚ã«ã€‚ - \return userCtx セッションを正常ã«å–å¾—ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return NULL 失敗ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã“れã¯ã€ç„¡åйãªå¼•æ•°ã‚’é–¢æ•°ã«æ¸¡ã™ã“ã¨ã«ã‚ˆã£ã¦ã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒè¨­å®šã•れã¦ã„ãªã„ã¨ãã«ç™ºç”Ÿã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ç”¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆæš—å·åŒ–ユーザコンテキストをå–å¾—ã—ã¾ã™ã€‚サーãƒå´ã§ä½¿ç”¨ã—ã¾ã™ã€‚ + + \return userCtx セッションã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return NULL 失敗時ã«è¿”ã•れã¾ã™ã€‚ã“れã¯é–¢æ•°ã«ç„¡åйãªå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã«ç™ºç”Ÿã—ã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTXオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code none \endcode + \sa wolfSSL_CTX_set_TicketEncCtx */ void* wolfSSL_CTX_get_TicketEncCtx(WOLFSSL_CTX* ctx); /*! - \brief ã“ã®æ©Ÿèƒ½ã«ã¯ã€WolfSSL構造ã®HSDonectxメンãƒãƒ¼ãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WolfSSL構造体ã®HSDONECBã¨HSDonectxメンãƒãƒ¼ãŒè¨­å®šã•れã¦ã„ã¾ã™ã€‚ - \return BAD_FUNC_ARG wolfssl構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb int(* HandshakedOneCB)(wolfssl *ã€void *)ã®ç½²åã‚’æŒã¤ã‚¿ã‚¤ãƒ—HandshakedOneCBã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚WOLFSSL構造体ã®hsDoneCbã¨hsDoneCtxメンãƒãŒã“ã®é–¢æ•°ã§è¨­å®šã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚WOLFSSL構造体ã®hsDoneCbã¨hsDoneCtxメンãƒãŒè¨­å®šã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb HandShakeDoneCbåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€æ¬¡ã®å½¢å¼ã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¡ã¾ã™: int (*HandShakeDoneCb)(WOLFSSL*, void*); + \param user_ctx ユーザ登録コンテキストã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9045,53 +10635,64 @@ WOLFSSL* ssl = wolfSSL_new(ctx); … int myHsDoneCb(WOLFSSL* ssl, void* user_ctx){ - // callback function + // コールãƒãƒƒã‚¯é–¢æ•° } … wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); \endcode + \sa HandShakeDoneCb */ int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‹ã‚‰çµ±è¨ˆã‚’å°åˆ·ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã‚»ãƒƒã‚·ãƒ§ãƒ³çµ±è¨ˆã¯æ­£å¸¸ã«å–å¾—ã•れå°åˆ·ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG サブルーãƒãƒ³wolfssl_get_session_stats()ãŒè¨±å®¹ã§ããªã„å¼•æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E サブルーãƒãƒ³ã«ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®çµ±è¨ˆæƒ…報を出力ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã‚»ãƒƒã‚·ãƒ§ãƒ³çµ±è¨ˆãŒæ­£å¸¸ã«å–å¾—ã•れã€å‡ºåŠ›ã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG サブルーãƒãƒ³wolfSSL_get_session_stats()ã«è¨±å®¹ã§ããªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E サブルーãƒãƒ³ã§mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code - // You will need to have a session object to retrieve stats from. - if(wolfSSL_PrintSessionStats(void) != SSL_SUCCESS ){ - // Did not print session stats + // 統計をå–å¾—ã™ã‚‹ãŸã‚ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚ªãƒ–ジェクトãŒå¿…è¦ã§ã™ + if(wolfSSL_PrintSessionStats(void) != SSL_SUCCESS){ + // セッション統計を出力ã—ã¾ã›ã‚“ã§ã—㟠} \endcode + \sa wolfSSL_get_session_stats */ int wolfSSL_PrintSessionStats(void); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®çµ±è¨ˆã‚’å–å¾—ã—ã¾ã™ã€‚ - \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§æˆ»ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã‚»ãƒƒã‚·ãƒ§ãƒ³çµ±è¨ˆã¯æ­£å¸¸ã«å–å¾—ã•れå°åˆ·ã•れã¾ã—ãŸã€‚ - \return BAD_FUNC_ARG サブルーãƒãƒ³wolfssl_get_session_stats()ãŒè¨±å®¹ã§ããªã„å¼•æ•°ã«æ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_MUTEX_E サブルーãƒãƒ³ã«ãƒŸãƒ¥ãƒ¼ãƒ†ãƒƒã‚¯ã‚¹ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param active ç¾åœ¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®åˆè¨ˆã‚’表ã™Word32ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param total ç·ã‚»ãƒƒã‚·ãƒ§ãƒ³ã‚’表ã™Word32ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param peak ピークセッションを表ã™Word32ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®çµ±è¨ˆæƒ…報をå–å¾—ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS 関数ã¨ã‚µãƒ–ルーãƒãƒ³ãŒã‚¨ãƒ©ãƒ¼ãªã—ã§è¿”ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ã‚»ãƒƒã‚·ãƒ§ãƒ³çµ±è¨ˆãŒæ­£å¸¸ã«å–å¾—ã•れã€å‡ºåŠ›ã•れã¾ã—ãŸã€‚ + \return BAD_FUNC_ARG サブルーãƒãƒ³wolfSSL_get_session_stats()ã«è¨±å®¹ã§ããªã„å¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_MUTEX_E サブルーãƒãƒ³ã§mutexエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param active ç·ç¾åœ¨ã‚»ãƒƒã‚·ãƒ§ãƒ³æ•°ã‚’表ã™word32ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param total ç·ã‚»ãƒƒã‚·ãƒ§ãƒ³æ•°ã‚’表ã™word32ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param peak ピークセッション数を表ã™word32ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param maxSessions 最大セッション数を表ã™word32ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code int wolfSSL_PrintSessionStats(void){ … ret = wolfSSL_get_session_stats(&totalSessionsNow, - &totalSessionsSeen, &peak, &maxSessions); + &totalSessionsSeen, &peak, &maxSessions); … return ret; \endcode + \sa wolfSSL_PrintSessionStats */ int wolfSSL_get_session_stats(unsigned int* active, @@ -9101,36 +10702,39 @@ /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯CRã¨SRã®å€¤ã‚’コピーã—ã¦ã‹ã‚‰WC_PRFï¼ˆç–‘ä¼¼ãƒ©ãƒ³ãƒ€ãƒ é–¢æ•°ï¼‰ã«æ¸¡ã—ã€ãã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã—㟠- \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E サブルーãƒãƒ³ãŒå‹•的メモリを割り当ã¦ã‚‹ã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ms マスターシークレットã¯ã‚¢ãƒ¬ã‚¤æ§‹é€ ã«ä¿æŒã•れã¦ã„ã¾ã™ã€‚ - \param msLen マスターシークレットã®é•·ã•。 - \param pms マスターå‰ã®ç§˜å¯†ã¯ã‚¢ãƒ¬ã‚¤æ§‹é€ ã«ä¿æŒã•れã¦ã„ã¾ã™ã€‚ - \param pmsLen マスタープレマスターシークレットã®é•·ã•。 - \param cr クライアントã®ãƒ©ãƒ³ãƒ€ãƒ  - \param sr サーãƒãƒ¼ã®ãƒ©ãƒ³ãƒ€ãƒ ã§ã™ã€‚ - \param tls1_2 ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå°‘ãªãã¨ã‚‚TLSãƒãƒ¼ã‚¸ãƒ§ãƒ³1.2ã§ã‚ã‚‹ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€crã¨srã®å€¤ã‚’コピーã—ã€wc_PRF(疑似乱数関数)ã«æ¸¡ã—ã€ãã®å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return BUFFER_E ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã§ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E サブルーãƒãƒ³ãŒå‹•的メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ms Arrays構造体ã«ä¿æŒã•れã¦ã„るマスターシークレット。 + \param msLen マスターシークレットã®é•·ã•。 + \param pms Arrays構造体ã«ä¿æŒã•れã¦ã„るプリマスターシークレット。 + \param pmsLen プリマスターシークレットã®é•·ã•。 + \param cr クライアントランダム。 + \param sr サーãƒãƒ©ãƒ³ãƒ€ãƒ ã€‚ + \param tls1_2 ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå°‘ãªãã¨ã‚‚TLSãƒãƒ¼ã‚¸ãƒ§ãƒ³1.2ã§ã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param hash_type ãƒãƒƒã‚·ãƒ¥ã‚¿ã‚¤ãƒ—を示ã—ã¾ã™ã€‚ _Example_ \code WOLFSSL* ssl; - called in MakeTlsMasterSecret and retrieves the necessary - information as follows: + MakeTlsMasterSecretã§å‘¼ã³å‡ºã•れã€ä»¥ä¸‹ã®ã‚ˆã†ã«å¿…è¦ãªæƒ…報をå–å¾—ã—ã¾ã™: int MakeTlsMasterSecret(WOLFSSL* ssl){ - int ret; - ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, - ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, - ssl->arrays->clientRandom, ssl->arrays->serverRandom, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); - … - return ret; - + int ret; + ret = wolfSSL_makeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, + ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, + ssl->arrays->clientRandom, ssl->arrays->serverRandom, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + … + return ret; } \endcode + \sa wc_PRF \sa MakeTlsMasterSecret */ @@ -9142,29 +10746,34 @@ /*! \ingroup CertsKeys - \brief TLSキーを導ã出ã™ãŸã‚ã®å¤–部ã®ãƒ©ãƒƒãƒ‘ー。 - \return 0 æˆåŠŸã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \return BUFFER_E LABLENã¨SEADLENã®åˆè¨ˆï¼ˆåˆè¨ˆã‚µã‚¤ã‚ºã‚’è¨ˆç®—ï¼‰ãŒæœ€å¤§ã‚µã‚¤ã‚ºã‚’è¶…ãˆã‚‹ã¨è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param key_data DeriveTlSkeysã«å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã€æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã™ã‚‹ãŸã‚ã«WC_PRFã«æ¸¡ã•れãŸãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ - \param keyLen WOLFSSL構造体ã®ã‚¹ãƒšãƒƒã‚¯ãƒ¡ãƒ³ãƒãƒ¼ã‹ã‚‰ã®Derivetlskeysã§æ´¾ç”Ÿã—ãŸWord32タイプ。 - \param ms WolfSSL構造内ã§ã‚¢ãƒ¬ã‚¤æ§‹é€ ã«ä¿æŒã•れã¦ã„ã‚‹ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’ä¿æŒã™ã‚‹å®šæ•°ãƒã‚¤ãƒ³ã‚¿åž‹ã€‚ - \param msLen 列挙ã•れãŸå®šç¾©ã§ã€ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®é•·ã•ã‚’ä¿æŒã™ã‚‹Word32タイプ。 - \param sr WOLFSSL構造内ã®é…列構造ã®ServerRandomメンãƒãƒ¼ã¸ã®å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cr WolfSSL構造内ã®é…列構造ã®ClientRandomメンãƒãƒ¼ã¸ã®å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ - \param tls1_2 ISATLEASTLSV1_2()ã‹ã‚‰è¿”ã•ã‚ŒãŸæ•´æ•°åž‹ã€‚ + + \brief TLSéµã‚’導出ã™ã‚‹ãŸã‚ã®å¤–部å‘ã‘ラッパー。 + + \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ + \return BUFFER_E labLenã¨seedLenã®åˆè¨ˆ(åˆè¨ˆã‚µã‚¤ã‚ºã‚’計算)ãŒæœ€å¤§ã‚µã‚¤ã‚ºã‚’è¶…ãˆãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param key_data DeriveTlsKeysã§å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã€æœ€çµ‚ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã™ã‚‹ãŸã‚ã«wc_PRFã«æ¸¡ã•れるãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keyLen DeriveTlsKeysã§WOLFSSL構造体ã®specsメンãƒã‹ã‚‰å°Žå‡ºã•れるword32型。 + \param ms WOLFSSL構造体内ã®arrays構造体ã«ä¿æŒã•れã¦ã„ã‚‹ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã‚’ä¿æŒã™ã‚‹å®šæ•°ãƒã‚¤ãƒ³ã‚¿åž‹ã€‚ + \param msLen 列挙定義SECRET_LENã§ãƒžã‚¹ã‚¿ãƒ¼ã‚·ãƒ¼ã‚¯ãƒ¬ãƒƒãƒˆã®é•·ã•ã‚’ä¿æŒã™ã‚‹word32型。 + \param sr WOLFSSL構造体内ã®arrays構造体ã®serverRandomメンãƒã¸ã®å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cr WOLFSSL構造体内ã®arrays構造体ã®clientRandomメンãƒã¸ã®å®šæ•°ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tls1_2 IsAtLeastTLSv1_2()ã‹ã‚‰è¿”ã•れる整数型。 + \param hash_type WOLFSSL構造体ã«ä¿æŒã•れã¦ã„る整数型。 _Example_ \code int DeriveTlsKeys(WOLFSSL* ssl){ - int ret; - … - ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret, - SECRET_LEN, ssl->arrays->clientRandom, - IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); - … + int ret; + … + ret = wolfSSL_DeriveTlsKeys(key_data, length, ssl->arrays->masterSecret, + SECRET_LEN, ssl->arrays->clientRandom, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + … } \endcode + \sa wc_PRF \sa DeriveTlsKeys \sa IsAtLeastTLSv1_2 @@ -9176,46 +10785,58 @@ int tls1_2, int hash_type); /*! - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãŒè¨­å®šã•れã¾ã™ã€‚ã“れã¯ã€ãƒ‡ãƒãƒƒã‚¬ãŒåˆ©ç”¨ã§ããšã€ã‚¹ãƒ‹ãƒƒãƒ•ィングãŒå®Ÿç”¨çš„ã§ã¯ãªã„å ´åˆã«ã€ã‚µãƒãƒ¼ãƒˆã‚’デãƒãƒƒã‚°ã™ã‚‹ãŸã‚ã®çµ„ã¿è¾¼ã¿ã‚·ã‚¹ãƒ†ãƒ ã§å½¹ç«‹ã¡ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‹å¦ã‹ãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚SSLãƒ‘ã‚±ãƒƒãƒˆã®æœ€å¤§æ•°ãŒæ—¢çŸ¥ã§ã‚ã‚‹ãŸã‚ã€å‹•的メモリã¯ä½¿ç”¨ã•れã¾ã›ã‚“。パケットåã‚’PacketNames []ã§ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚接続拡張機能ã¯ã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã¨ã¨ã‚‚ã«ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ã“れã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒTCPスタックをタイムアウトã™ã‚‹ã®ã‚’å¾…ã£ãŸããªã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®æ‹¡å¼µå­ã¯ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ã©ã¡ã‚‰ã‹ã€ã¾ãŸã¯ã©ã¡ã‚‰ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚‚呼ã³å‡ºã•れã¾ã›ã‚“。 - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return GETTIME_ERROR gettimeofday()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SETITIMER_ERROR setItimer()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SIGACT_ERROR sigAction()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR 基ã«ãªã‚‹ssl_connect()呼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief wolfSSL_connect_ex()ã¯ã€HandShakeコールãƒãƒƒã‚¯ã‚’設定ã§ãã‚‹æ‹¡å¼µã§ã™ã€‚ã“れã¯ã€ãƒ‡ãƒãƒƒã‚¬ãŒåˆ©ç”¨ã§ããšã€ã‚¹ãƒ‹ãƒƒãƒ•ィングãŒå®Ÿç”¨çš„ã§ãªã„å ´åˆã«ã€çµ„ã¿è¾¼ã¿ã‚·ã‚¹ãƒ†ãƒ ã®ãƒ‡ãƒãƒƒã‚°ã‚µãƒãƒ¼ãƒˆã«å½¹ç«‹ã¡ã¾ã™ã€‚HandShakeコールãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‹ã©ã†ã‹ã«é–¢ã‚らãšå‘¼ã³å‡ºã•れã¾ã™ã€‚SSLãƒ‘ã‚±ãƒƒãƒˆã®æœ€å¤§æ•°ãŒæ—¢çŸ¥ã§ã‚ã‚‹ãŸã‚ã€å‹•的メモリã¯ä½¿ç”¨ã•れã¾ã›ã‚“。パケットåã¯packetNames[]を通ã˜ã¦ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚接続拡張ã¯ã¾ãŸã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã¨å…±ã«Timeoutコールãƒãƒƒã‚¯ã‚’設定ã§ãã¾ã™ã€‚ã“れã¯ã€ãƒ¦ãƒ¼ã‚¶ãŒTCPスタックã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚’å¾…ã¡ãŸããªã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®æ‹¡å¼µã¯ã€ã„ãšã‚Œã‹ã€ä¸¡æ–¹ã€ã¾ãŸã¯ã©ã¡ã‚‰ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚‚ãªã—ã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return GETTIME_ERROR gettimeofday()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SETITIMER_ERROR setitimer()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIGACT_ERROR sigaction()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR 基礎ã¨ãªã‚‹SSL_connect()呼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_accept_ex */ int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); /*! - \brief 設定ã™ã‚‹ã€‚ã“れã¯ã€ãƒ‡ãƒãƒƒã‚¬ãŒåˆ©ç”¨ã§ããšã€ã‚¹ãƒ‹ãƒƒãƒ•ィングãŒå®Ÿç”¨çš„ã§ã¯ãªã„å ´åˆã«ã€ã‚µãƒãƒ¼ãƒˆã‚’デãƒãƒƒã‚°ã™ã‚‹ãŸã‚ã®çµ„ã¿è¾¼ã¿ã‚·ã‚¹ãƒ†ãƒ ã§å½¹ç«‹ã¡ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‹å¦ã‹ãŒå‘¼ã³å‡ºã•れã¾ã™ã€‚SSLãƒ‘ã‚±ãƒƒãƒˆã®æœ€å¤§æ•°ãŒæ—¢çŸ¥ã§ã‚ã‚‹ãŸã‚ã€å‹•的メモリã¯ä½¿ç”¨ã•れã¾ã›ã‚“。パケットåã‚’PacketNames []ã§ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚接続拡張機能ã¯ã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã¨ã¨ã‚‚ã«ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ã“れã¯ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒTCPスタックをタイムアウトã™ã‚‹ã®ã‚’å¾…ã£ãŸããªã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®æ‹¡å¼µå­ã¯ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ã©ã¡ã‚‰ã‹ã€ã¾ãŸã¯ã©ã¡ã‚‰ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚‚呼ã³å‡ºã•れã¾ã›ã‚“。 - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return GETTIME_ERROR gettimeofday()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SETITIMER_ERROR setItimer()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SIGACT_ERROR sigAction()ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã€è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR 基礎ã¨ãªã‚‹ssl_accept()呼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã‚’検出ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \brief wolfSSL_accept_ex()ã¯ã€HandShakeコールãƒãƒƒã‚¯ã‚’設定ã§ãã‚‹æ‹¡å¼µã§ã™ã€‚ã“れã¯ã€ãƒ‡ãƒãƒƒã‚¬ãŒåˆ©ç”¨ã§ããšã€ã‚¹ãƒ‹ãƒƒãƒ•ィングãŒå®Ÿç”¨çš„ã§ãªã„å ´åˆã«ã€çµ„ã¿è¾¼ã¿ã‚·ã‚¹ãƒ†ãƒ ã®ãƒ‡ãƒãƒƒã‚°ã‚µãƒãƒ¼ãƒˆã«å½¹ç«‹ã¡ã¾ã™ã€‚HandShakeコールãƒãƒƒã‚¯ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‹ã©ã†ã‹ã«é–¢ã‚らãšå‘¼ã³å‡ºã•れã¾ã™ã€‚SSLãƒ‘ã‚±ãƒƒãƒˆã®æœ€å¤§æ•°ãŒæ—¢çŸ¥ã§ã‚ã‚‹ãŸã‚ã€å‹•的メモリã¯ä½¿ç”¨ã•れã¾ã›ã‚“。パケットåã¯packetNames[]を通ã˜ã¦ã‚¢ã‚¯ã‚»ã‚¹ã§ãã¾ã™ã€‚接続拡張ã¯ã¾ãŸã€ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆå€¤ã¨å…±ã«Timeoutコールãƒãƒƒã‚¯ã‚’設定ã§ãã¾ã™ã€‚ã“れã¯ã€ãƒ¦ãƒ¼ã‚¶ãŒTCPスタックã®ã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã‚’å¾…ã¡ãŸããªã„å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚ã“ã®æ‹¡å¼µã¯ã€ã„ãšã‚Œã‹ã€ä¸¡æ–¹ã€ã¾ãŸã¯ã©ã¡ã‚‰ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚‚ãªã—ã§å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return GETTIME_ERROR gettimeofday()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SETITIMER_ERROR setitimer()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SIGACT_ERROR sigaction()ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR 基礎ã¨ãªã‚‹SSL_accept()呼ã³å‡ºã—ãŒã‚¨ãƒ©ãƒ¼ã«é­é‡ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param none パラメータãªã—。 _Example_ \code none \endcode + \sa wolfSSL_connect_ex */ -int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBacki hsCb, +int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout); /*! \ingroup IO - \brief ã“れã¯BIOã®å†…部ファイルãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS ファイルãƒã‚¤ãƒ³ã‚¿ã‚’正常ã«è¨­å®šã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio ペアを設定ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体。 - \param fp ãƒã‚¤ã‚ªã§è¨­å®šã™ã‚‹ãƒ•ァイルãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“れã¯ã€BIOã®å†…部ファイルãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS ファイルãƒã‚¤ãƒ³ã‚¿ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio ペアを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param fp bioã«è¨­å®šã™ã‚‹ãƒ•ァイルãƒã‚¤ãƒ³ã‚¿ã€‚ + \param c ファイルクローズ動作フラグ。 _Example_ \code @@ -9224,8 +10845,9 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); ret = wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_get_fp @@ -9235,10 +10857,14 @@ /*! \ingroup IO -\brief ã“ã®é–¢æ•°ã¯ã€ \brief ã“れã¯ã€BIOã®å†…部ファイルãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS ファイルãƒã‚¤ãƒ³ã‚¿ã‚’正常ã«å–å¾—ã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \param bio ペアを設定ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体。 + + \brief ã“れã¯ã€BIOã®å†…部ファイルãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS ファイルãƒã‚¤ãƒ³ã‚¿ã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param bio ペアを設定ã™ã‚‹WOLFSSL_BIO構造体。 + \param fp bioã«è¨­å®šã™ã‚‹ãƒ•ァイルãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9247,8 +10873,9 @@ int ret; bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); ret = wolfSSL_BIO_get_fp(bio, &fp); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_BIO_new \sa wolfSSL_BIO_s_mem \sa wolfSSL_BIO_set_fp @@ -9258,19 +10885,24 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãŒä½¿ç”¨ã•れã¦ã„る証明書ã¨ã®ä¸€è‡´ã§ã‚ã‚‹ã“ã¨ã‚’確èªã—ã¾ã™ã€‚ - \return SSL_SUCCESS ã†ã¾ã一致ã—ã¾ã™ã€‚ - \return SSL_FAILURE エラーケースã«é­é‡ã—ãŸå ´åˆ - \return <0 ssl_failure以外ã®ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã§ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ç§˜å¯†éµãŒä½¿ç”¨ã•れã¦ã„る証明書ã¨ä¸€è‡´ã—ã¦ã„ã‚‹ã“ã¨ã‚’確èªã—ã¾ã™ã€‚ + + \return SSL_SUCCESS ä¸€è‡´ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE エラーケースãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + \return <0 SSL_FAILURE以外ã®ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã§ã™ã€‚ + + \param ssl 確èªã™ã‚‹WOLFSSL構造体。 _Example_ \code WOLFSSL* ssl; int ret; - // create and set up ssl + // sslを作æˆã—ã¦ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ— ret = wolfSSL_check_private_key(ssl); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9278,11 +10910,16 @@ /*! \ingroup CertsKeys - \brief ã“ã®æ©Ÿèƒ½ã¯ã€æ¸¡ã•れãŸNID値ã«ä¸€è‡´ã™ã‚‹æ‹¡å¼µç´¢å¼•を探ã—ã¦è¿”ã—ã¾ã™ã€‚ - \return >= 0æ‹¡å¼µã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return -1 æ‹¡å¼µãŒè¦‹ã¤ã‹ã‚‰ãªã„ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param x509 æ‹¡å¼µã®ãŸã‚ã«è§£æžã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ - \param nid 見ã¤ã‹ã‚‹æ‹¡å¼µOID。 + + \brief ã“ã®é–¢æ•°ã¯ã€æ¸¡ã•れãŸNID値ã«ä¸€è‡´ã™ã‚‹æ‹¡å¼µã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ã‚’検索ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \return >= 0 æˆåŠŸæ™‚ã€æ‹¡å¼µã‚¤ãƒ³ãƒ‡ãƒƒã‚¯ã‚¹ãŒè¿”ã•れã¾ã™ã€‚ + \return -1 æ‹¡å¼µãŒè¦‹ã¤ã‹ã‚‰ãªã„å ´åˆã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param x509 拡張を検索ã™ã‚‹ãŸã‚ã«è§£æžã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ + \param nid 見ã¤ã‘ã‚‹æ‹¡å¼µOID。 + \param lastpos lastPos以é™ã®æ‹¡å¼µã‹ã‚‰æ¤œç´¢ã‚’é–‹å§‹ã—ã¾ã™ã€‚ + 最åˆã¯-1ã«è¨­å®šã—ã¾ã™ã€‚ _Example_ \code @@ -9291,19 +10928,21 @@ int idx; idx = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, lastPos); - \endcode -*/ -int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, - int nid, int lastPos); + \endcode*/ +int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509 *x, int nid, int lastpos); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€æ¸¡ã•れãŸNID値ã«åˆã£ãŸæ‹¡å¼µå­ã‚’探ã—ã¦è¿”ã—ã¾ã™ã€‚ - \return pointer STACK_OF(wolfssl_asn1_object)ãƒã‚¤ãƒ³ã‚¿ãŒæˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return NULL æ‹¡å¼µãŒè¦‹ã¤ã‹ã‚‰ãªã„ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆ - \param x509 æ‹¡å¼µã®ãŸã‚ã«è§£æžã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ - \param nid 見ã¤ã‹ã‚‹æ‹¡å¼µOID。 - \param c not nullãŒè¤‡æ•°ã®æ‹¡å¼µå­ã«-2ã«è¨­å®šã•れã¦ã„ãªã„å ´åˆã¯-1ãŒè¦‹ã¤ã‹ã‚Šã¾ã›ã‚“ã§ã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯æ¸¡ã•れãŸNID値ã«ä¸€è‡´ã™ã‚‹æ‹¡å¼µã‚’検索ã—ã¦è¿”ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸã—ãŸå ´åˆã€STACK_OF(WOLFSSL_ASN1_OBJECT)ãƒã‚¤ãƒ³ã‚¿ãŒè¿”ã•れã¾ã™ã€‚ + \return NULL æ‹¡å¼µãŒè¦‹ã¤ã‹ã‚‰ãªã„ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã€‚ + + \param x509 拡張を解æžã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ + \param nid 検索ã™ã‚‹æ‹¡å¼µOID。 + \param c NULLã§ãªã„å ´åˆã€è¤‡æ•°ã®æ‹¡å¼µãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã¯-2ã€è¦‹ã¤ã‹ã‚‰ãªã‹ã£ãŸå ´åˆã¯-1ã€è¦‹ã¤ã‹ã£ã¦ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ã§ãªã„å ´åˆã¯0ã€è¦‹ã¤ã‹ã£ã¦ã‚¯ãƒªãƒ†ã‚£ã‚«ãƒ«ãªå ´åˆã¯1ã«è¨­å®šã•れã¾ã™ã€‚ + \param idx NULLã®å ´åˆã¯æœ€åˆã«ä¸€è‡´ã—ãŸæ‹¡å¼µã‚’è¿”ã—ã¾ã™ã€‚ãれ以外ã®å ´åˆã€x509ã«æ ¼ç´ã•れã¦ã„ãªã‘れã°idxã‹ã‚‰é–‹å§‹ã—ã¾ã™ã€‚ _Example_ \code @@ -9313,8 +10952,9 @@ STACK_OF(WOLFSSL_ASN1_OBJECT)* sk; sk = wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, &c, &idx); - //check sk for NULL and then use it. sk needs freed after done. + // skãŒNULLã§ãªã„ã‹ç¢ºèªã—ã¦ã‹ã‚‰ä½¿ç”¨ã€‚使用後ã¯skを解放ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ \endcode + \sa wolfSSL_sk_ASN1_OBJECT_free */ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, @@ -9322,12 +10962,16 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯DER証明書ã®ãƒãƒƒã‚·ãƒ¥ã‚’è¿”ã—ã¾ã™ã€‚ - \return SSL_SUCCESS ãƒãƒƒã‚·ãƒ¥ã®ä½œæˆã«æˆåŠŸã—ã¾ã—ãŸã€‚ - \return SSL_FAILURE ä¸è‰¯å…¥åŠ›ã¾ãŸã¯å¤±æ•—ã—ãŸãƒãƒƒã‚·ãƒ¥ã«æˆ»ã‚Šã¾ã—ãŸã€‚ - \param x509 ãƒãƒƒã‚·ãƒ¥ã‚’å¾—ã‚‹ãŸã‚ã®è¨¼æ˜Žæ›¸ã€‚ - \param digest 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ  - \param buf ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 + + \brief ã“ã®é–¢æ•°ã¯DER証明書ã®ãƒãƒƒã‚·ãƒ¥ã‚’è¿”ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS ãƒãƒƒã‚·ãƒ¥ã®ä½œæˆã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE 䏿­£ãªå…¥åŠ›ã¾ãŸã¯ãƒãƒƒã‚·ãƒ¥å¤±æ•—時ã«è¿”ã•れã¾ã™ã€‚ + + \param x509 ãƒãƒƒã‚·ãƒ¥ã‚’å–å¾—ã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ + \param digest 使用ã™ã‚‹ãƒãƒƒã‚·ãƒ¥ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã€‚ + \param buf ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param len ãƒãƒƒãƒ•ã‚¡ã®é•·ã•。 _Example_ \code @@ -9337,8 +10981,9 @@ int ret; ret = wolfSSL_X509_digest(x509, wolfSSL_EVP_sha256(), buffer, &bufferSz); - //check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa none */ int wolfSSL_X509_digest(const WOLFSSL_X509* x509, @@ -9346,19 +10991,24 @@ /*! \ingroup Setup - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã€WolfSSL構造ã®è¨¼æ˜Žæ›¸ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS è¨­å®šã®æˆåŠŸã—ãŸå¼•æ•°ã«ã¤ã„ã¦ã€‚ - \return SSL_FAILURE NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ssl 証明書を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 + + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ä½¿ç”¨ã™ã‚‹WOLFSSL構造体ã®è¨¼æ˜Žæ›¸ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 引数ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param ssl 証明書を設定ã™ã‚‹WOLFSSL構造体。 + \param x509 使用ã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ _Example_ \code WOLFSSL* ssl; WOLFSSL_X509* x509 int ret; - // create ssl object and x509 + // sslオブジェクトã¨x509ã‚’ä½œæˆ ret = wolfSSL_use_certificate(ssl, x509); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9366,11 +11016,15 @@ /*! \ingroup Setup - \biiã“fã¯ã€ã“ã®é–¢æ•°ã¯ã€handshakeã®é–“ã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã«WolfSSL構造ã®è¨¼æ˜Žæ›¸ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERフォーマットãƒãƒƒãƒ•ã‚¡ãŒäºˆæƒ³ã•れã¾ã™ã€‚ - \return SSL_SUCCESS è¨­å®šã®æˆåŠŸã—ãŸå¼•æ•°ã«ã¤ã„ã¦ã€‚ - \return SSL_FAILURE NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ssl 証明書を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param der 使用ã™ã‚‹è¨¼æ˜Žæ›¸ã€‚ + + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ä½¿ç”¨ã™ã‚‹WOLFSSL構造体ã®è¨¼æ˜Žæ›¸ã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERå½¢å¼ã®ãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦ã§ã™ã€‚ + + \return SSL_SUCCESS 引数ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param ssl 証明書を設定ã™ã‚‹WOLFSSL構造体。 + \param der 使用ã™ã‚‹DER証明書。 + \param derSz 渡ã•れãŸDERãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -9378,32 +11032,38 @@ unsigned char* der; int derSz; int ret; - // create ssl object and set DER variables + // sslオブジェクトを作æˆã—ã¦DER変数を設定 ret = wolfSSL_use_certificate_ASN1(ssl, der, derSz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ -int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, - int derSz); +int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der, + int derSz); /*! \ingroup CertsKeys - \brief ã“れã¯WolfSSL構造ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return SSL_SUCCESS è¨­å®šã®æˆåŠŸã—ãŸå¼•æ•°ã«ã¤ã„ã¦ã€‚ - \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ - \param ssl 引数を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 + + \brief WOLFSSL構造体ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return SSL_SUCCESS 引数ã®è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ + + \param ssl 引数を設定ã™ã‚‹WOLFSSL構造体。 + \param pkey 使用ã™ã‚‹ç§˜å¯†éµã€‚ _Example_ \code WOLFSSL* ssl; WOLFSSL_EVP_PKEY* pkey; int ret; - // create ssl object and set up private key + // sslオブジェクトを作æˆã—ã¦ç§˜å¯†éµã‚’セットアップ ret = wolfSSL_use_PrivateKey(ssl, pkey); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9411,12 +11071,16 @@ /*! \ingroup CertsKeys - \brief ã“れã¯WolfSSL構造ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERフォーマットã®ã‚­ãƒ¼ãƒãƒƒãƒ•ã‚¡ãŒäºˆæƒ³ã•れã¾ã™ã€‚ - \return SSL_SUCCESS 秘密éµã®æ§‹æ–‡è§£æžã¨è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ - \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ - \param pri 秘密éµã®ç¨®é¡žã€‚ - \param ssl 引数を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param der ãƒãƒƒãƒ•ã‚¡ãƒ¼ä¿æŒDERキー。 + + \brief WOLFSSL構造体ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERå½¢å¼ã®éµãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦ã§ã™ã€‚ + + \return SSL_SUCCESS 秘密éµã®è§£æžã¨è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ + + \param pri 秘密éµã®ã‚¿ã‚¤ãƒ—。 + \param ssl 引数を設定ã™ã‚‹WOLFSSL構造体。 + \param der DERéµã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param derSz derãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -9424,24 +11088,29 @@ unsigned char* pkey; long pkeySz; int ret; - // create ssl object and set up private key + // sslオブジェクトを作æˆã—ã¦ç§˜å¯†éµã‚’セットアップ ret = wolfSSL_use_PrivateKey_ASN1(1, ssl, pkey, pkeySz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free \sa wolfSSL_use_PrivateKey */ int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, - unsigned char* der, long derSz); + const unsigned char* der, long derSz); /*! \ingroup CertsKeys - \brief ã“れã¯WolfSSL構造ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERフォーマットã®RSAキーãƒãƒƒãƒ•ã‚¡ãŒäºˆæƒ³ã•れã¾ã™ã€‚ - \return SSL_SUCCESS 秘密éµã®æ§‹æ–‡è§£æžã¨è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ - \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ - \param ssl 引数を設定ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param der ãƒãƒƒãƒ•ã‚¡ãƒ¼ä¿æŒDERキー。 + + \brief WOLFSSL構造体ã®ç§˜å¯†éµã‚’設定ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚DERå½¢å¼ã®RSAéµãƒãƒƒãƒ•ã‚¡ãŒå¿…è¦ã§ã™ã€‚ + + \return SSL_SUCCESS 秘密éµã®è§£æžã¨è¨­å®šã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ã™ã¹ã¦ã®ã‚¨ãƒ©ãƒ¼ã‚±ãƒ¼ã‚¹ã¯è² ã®å€¤ã«ãªã‚Šã¾ã™ã€‚ + + \param ssl 引数を設定ã™ã‚‹WOLFSSL構造体。 + \param der DERéµã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param derSz derãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ _Example_ \code @@ -9449,10 +11118,11 @@ unsigned char* pkey; long pkeySz; int ret; - // create ssl object and set up RSA private key + // sslオブジェクトを作æˆã—ã¦RSA秘密éµã‚’セットアップ ret = wolfSSL_use_RSAPrivateKey_ASN1(ssl, pkey, pkeySz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free \sa wolfSSL_use_PrivateKey @@ -9462,31 +11132,40 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€DSAã®ãƒ‘ラメータを新ã—ã作æˆã•れãŸWOLFSSL_DH構造体ã«é‡è¤‡ã—ã¦ã„ã¾ã™ã€‚ - \return WOLFSSL_DH é‡è¤‡ã—ãŸå ´åˆã¯WolfSSL_DH構造体を返ã™å ´åˆ - \return NULL 失敗ã™ã‚‹ã¨ + + \brief ã“ã®é–¢æ•°ã¯dsaã®ãƒ‘ラメータを新ã—ã作æˆã•れãŸWOLFSSL_DH構造体ã«è¤‡è£½ã—ã¾ã™ã€‚ + + \return WOLFSSL_DH è¤‡è£½ã«æˆåŠŸã—ãŸå ´åˆã€WOLFSSL_DH構造体を返ã—ã¾ã™ã€‚ + \return NULL 失敗時。 + + \param dsa 複製ã™ã‚‹WOLFSSL_DSA構造体。 _Example_ \code WOLFSSL_DH* dh; WOLFSSL_DSA* dsa; - // set up dsa + // dsaをセットアップ dh = wolfSSL_DSA_dup_DH(dsa); - // check dh is not null + // dhãŒnullã§ãªã„ã‹ç¢ºèª \endcode + \sa none */ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r); /*! \ingroup Setup - \brief ã“れã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’完了ã—ãŸå¾Œã«ãƒžã‚¹ã‚¿ãƒ¼ã‚­ãƒ¼ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ - \return 0 ランダムãªãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒè¿”ã•れãªã„å ´åˆã¯0 - \return max 渡ã•れãŸOUTSZãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ - \param ses マスターシークレットãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WolfSSL_SESSION構造。 - \param out ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 + + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†å¾Œã«ãƒžã‚¹ã‚¿ãƒ¼ã‚­ãƒ¼ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ + \return 0 ランダムデータãƒãƒƒãƒ•ã‚¡ãŒãªã„ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã®å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ + \return max 渡ã•れãŸoutSzãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ + + \param ses マスターシークレットãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL_SESSION構造体。 + \param out ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param outSz 渡ã•れãŸoutãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(0ã®å ´åˆã€é–¢æ•°ã¯å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™)。 _Example_ \code @@ -9494,12 +11173,13 @@ unsigned char* buffer; size_t bufferSz; size_t ret; - // complete handshake and get session structure + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’完了ã—ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³æ§‹é€ ä½“ã‚’å–å¾— bufferSz = wolfSSL_SESSION_get_master_secret(ses, NULL, 0); buffer = malloc(bufferSz); ret = wolfSSL_SESSION_get_master_secret(ses, buffer, bufferSz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9508,8 +11188,12 @@ /*! \ingroup Setup - \brief ã“れã¯ãƒžã‚¹ã‚¿ãƒ¼ç§˜å¯†éµã®é•·ã•ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return size マスターシークレットキーサイズを返ã—ã¾ã™ã€‚ + + \brief マスターシークレットキーã®é•·ã•ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return size マスターシークレットキーã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \param ses マスターシークレットãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL_SESSION構造体。 _Example_ \code @@ -9517,11 +11201,12 @@ unsigned char* buffer; size_t bufferSz; size_t ret; - // complete handshake and get session structure + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’完了ã—ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³æ§‹é€ ä½“ã‚’å–å¾— bufferSz = wolfSSL_SESSION_get_master_secret_length(ses); buffer = malloc(bufferSz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9529,18 +11214,23 @@ /*! \ingroup Setup - \bri f ã“ã®é–¢æ•°ã¯ã€ã‚Œã¯ã€CTXã®WOLFSSL_X509_STORE構造ã®è¨­å®šæ©Ÿèƒ½ã§ã™ã€‚ - \return none è¿”å“ä¸å¯ã€‚ - \param ctx Cert Storeãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹ãŸã‚ã®WolfSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ctxã®WOLFSSL_X509_STORE構造体ã®setter関数ã§ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx 証明書ストアãƒã‚¤ãƒ³ã‚¿ã‚’設定ã™ã‚‹WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param str ctxã«è¨­å®šã™ã‚‹WOLFSSL_X509_STOREã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX ctx; WOLFSSL_X509_STORE* st; - // setup ctx and st + // ctxã¨stをセットアップ st = wolfSSL_CTX_set_cert_store(ctx, st); - //use st + // stを使用 \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ @@ -9549,39 +11239,49 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯BIOã‹ã‚‰DERãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã—ã€ãれをWolfSSL_X509構造ã«å¤‰æ›ã—ã¾ã™ã€‚ - \return pointer æˆåŠŸã—ãŸwolfssl_x509構造ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return Null 失敗時ã«NULLã‚’è¿”ã—ã¾ã™ - \param bio DER証明書ãƒãƒƒãƒ•ã‚¡ã‚’æŒã¤WOLFSSL_BIO構造体体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯bioã‹ã‚‰DERãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã—ã€ãれをWOLFSSL_X509構造体ã«å¤‰æ›ã—ã¾ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã«WOLFSSL_X509構造体ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return Null 失敗時ã«NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param bio DER証明書ãƒãƒƒãƒ•ã‚¡ã‚’æŒã¤WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param x509 作æˆã•ã‚ŒãŸæ–°ã—ã„WOLFSSL_X509構造体ã«è¨­å®šã•れるãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_BIO* bio; WOLFSSL_X509* x509; - // load DER into bio + // DERã‚’bioã«ãƒ­ãƒ¼ãƒ‰ x509 = wolfSSL_d2i_X509_bio(bio, NULL); - Or + // ã¾ãŸã¯ wolfSSL_d2i_X509_bio(bio, &x509); - // use x509 returned (check for NULL) + // è¿”ã•れãŸx509を使用(NULLã‚’ãƒã‚§ãƒƒã‚¯) \endcode + \sa none */ WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509); /*! \ingroup Setup - \bri f ã“ã®é–¢æ•°ã¯ã€ã‚Œã¯ã€CTXã®WOLFSSL_X509_STORE構造ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ - \return WOLFSSL_X509_STORE* ãƒã‚¤ãƒ³ã‚¿ã‚’正常ã«å…¥æ‰‹ã—ã¾ã™ã€‚ - \return NULL NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ctxã®WOLFSSL_X509_STORE構造体ã®getter関数ã§ã™ã€‚ + + \return WOLFSSL_X509_STORE* ãƒã‚¤ãƒ³ã‚¿ã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€‚ + \return NULL NULLå¼•æ•°ãŒæ¸¡ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx 証明書ストアãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX ctx; WOLFSSL_X509_STORE* st; - // setup ctx + // ctxをセットアップ st = wolfSSL_CTX_get_cert_store(ctx); - //use st + // stを使用 \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free \sa wolfSSL_CTX_set_cert_store @@ -9590,17 +11290,21 @@ /*! \ingroup IO - \brief ä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã‚’読ã¿å–ã‚‹æ•°ã‚’å–å¾—ã—ã¾ã™ã€‚BIOタイプãŒBIO_BIOã®å ´åˆã€ãƒšã‚¢ã‹ã‚‰èª­ã¿å–る番å·ã§ã™ã€‚BIOã«SSLオブジェクトãŒå«ã¾ã‚Œã¦ã„ã‚‹å ´åˆã¯ã€SSLオブジェクトã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã‚’ä¿ç•™ä¸­ã§ã™ï¼ˆWolfSSL_Pending(SSL))。bio_memoryタイプãŒã‚ã‚‹å ´åˆã¯ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ - \return >=0 ä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã€‚ + + \brief 読ã¿å–りä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã‚’å–å¾—ã—ã¾ã™ã€‚BIOタイプãŒBIO_BIOã®å ´åˆã€ãƒšã‚¢ã‹ã‚‰èª­ã¿å–ã‚‹ãƒã‚¤ãƒˆæ•°ã§ã™ã€‚BIOãŒSSLオブジェクトをå«ã‚€å ´åˆã€SSLオブジェクトã‹ã‚‰ã®ä¿ç•™ä¸­ã®ãƒ‡ãƒ¼ã‚¿ã§ã™(wolfSSL_pending(ssl))。BIO_MEMORYタイプã®å ´åˆã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’è¿”ã—ã¾ã™ã€‚ + + \return >=0 ä¿ç•™ä¸­ã®ãƒã‚¤ãƒˆæ•°ã€‚ + + \param bio ã™ã§ã«ä½œæˆã•れã¦ã„ã‚‹WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code - WOLFSSL_BIO* bio; - int pending; + WOLFSSL_BIO* bio; int pending; bio = wolfSSL_BIO_new(); … pending = wolfSSL_BIO_ctrl_pending(bio); \endcode + \sa wolfSSL_BIO_make_bio_pair \sa wolfSSL_BIO_new */ @@ -9608,12 +11312,16 @@ /*! \ingroup Setup - \biiefã¯ã€ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã«ã‚ˆã£ã¦é€ä¿¡ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãªãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ - \return 0 ランダムãªãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒè¿”ã•れãªã„å ´åˆã¯0 - \return max 渡ã•れãŸOUTSZãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ - \param ssl クライアントã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param out ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 + + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰é€ä¿¡ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ + \return 0 ランダムデータãƒãƒƒãƒ•ã‚¡ãŒãªã„å ´åˆã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã®å ´åˆã€0ã‚’è¿”ã—ã¾ã™ã€‚ + \return max 渡ã•れãŸoutSzãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™ã€‚ + + \param ssl クライアントã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL構造体。 + \param out ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param outSz 渡ã•れãŸoutãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(0ã®å ´åˆã€é–¢æ•°ã¯å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™)。 _Example_ \code @@ -9624,8 +11332,9 @@ bufferSz = wolfSSL_get_server_random(ssl, NULL, 0); buffer = malloc(bufferSz); ret = wolfSSL_get_server_random(ssl, buffer, bufferSz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9634,12 +11343,16 @@ /*! \ingroup Setup - \biiefã¯ã€ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦é€ä¿¡ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãªãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ - \return 0 ランダムãªãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ãŒè¿”ã•れãªã„å ´åˆã¯0 - \return max 渡ã•れãŸOUTSZãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズãŒè¿”ã•れã¾ã™ã€‚ - \param ssl クライアントã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WolfSSL構造。 - \param out ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 + + \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ä¸­ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰é€ä¿¡ã•れãŸãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return >0 データã®å–å¾—ã«æˆåŠŸã—ãŸå ´åˆã€0より大ãã„値を返ã—ã¾ã™ã€‚ + \return 0 ランダムデータãƒãƒƒãƒ•ã‚¡ãŒãªã„å ´åˆã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼çŠ¶æ…‹ã®å ´åˆã€0ã‚’è¿”ã—ã¾ã™ã€‚ + \return max 渡ã•れãŸoutSzãŒ0ã®å ´åˆã€å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™ã€‚ + + \param ssl クライアントã®ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL構造体。 + \param out ãƒ©ãƒ³ãƒ€ãƒ ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param outSz 渡ã•れãŸoutãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(0ã®å ´åˆã€é–¢æ•°ã¯å¿…è¦ãªæœ€å¤§ãƒãƒƒãƒ•ァサイズを返ã—ã¾ã™)。 _Example_ \code @@ -9650,8 +11363,9 @@ bufferSz = wolfSSL_get_client_random(ssl, NULL, 0); buffer = malloc(bufferSz); ret = wolfSSL_get_client_random(ssl, buffer, bufferSz); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -9660,18 +11374,23 @@ /*! \ingroup Setup - \brief ã“れã¯CTXã§è¨­å®šã•れãŸãƒ‘スワードコールãƒãƒƒã‚¯ã®ã‚²ãƒƒã‚¿ãƒ¼é–¢æ•°ã§ã™ã€‚ - \return func æˆåŠŸã™ã‚‹ã¨ã€ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL CTXãŒNULLã®å ´åˆã€NULLãŒè¿”ã•れã¾ã™ã€‚ + + \brief ctx内ã«è¨­å®šã•れãŸãƒ‘スワードコールãƒãƒƒã‚¯ã®getter関数ã§ã™ã€‚ + + \return func æˆåŠŸæ™‚ã«ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL ctxãŒNULLã®å ´åˆã€NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param ctx コールãƒãƒƒã‚¯ã‚’å–å¾—ã™ã‚‹WOLFSSL_CTX構造体。 _Example_ \code WOLFSSL_CTX* ctx; wc_pem_password_cb cb; - // setup ctx + // ctxをセットアップ cb = wolfSSL_CTX_get_default_passwd_cb(ctx); - //use cb + //cbを使用 \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ @@ -9680,18 +11399,23 @@ /*! \ingroup Setup - \bri f ã“ã®é–¢æ•°ã¯ã€ã‚Œã¯ã€CTXã§è¨­å®šã•れã¦ã„るパスワードコールãƒãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ‡ãƒ¼ã‚¿ã®å–得機能ã§ã™ã€‚ - \return pointer æˆåŠŸã™ã‚‹ã¨ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ‡ãƒ¼ã‚¿ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL CTXãŒNULLã®å ´åˆã€NULLãŒè¿”ã•れã¾ã™ã€‚ + + \brief ctx内ã«è¨­å®šã•れãŸãƒ‘スワードコールãƒãƒƒã‚¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ‡ãƒ¼ã‚¿ã®getter関数ã§ã™ã€‚ + + \return pointer æˆåŠŸæ™‚ã«ã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ‡ãƒ¼ã‚¿ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL ctxãŒNULLã®å ´åˆã€NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param ctx ユーザーデータをå–å¾—ã™ã‚‹WOLFSSL_CTX構造体。 _Example_ \code WOLFSSL_CTX* ctx; void* data; - // setup ctx + // ctxをセットアップ data = wolfSSL_CTX_get_default_passwd_cb(ctx); - //use data + //dataを使用 \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_CTX_free */ @@ -9699,21 +11423,26 @@ /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯wolfssl_pem_read_bio_x509ã¨åŒã˜ã‚ˆã†ã«å‹•作ã—ã¾ã™ã€‚AUXã¯ã€ä¿¡é ¼ã§ãã‚‹/æ‹’å¦ã•れãŸãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã‚„人間ã®èª­ã¿ã‚„ã™ã•ã®ãŸã‚ã®ãƒ•レンドリーãªåå‰ãªã©ã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ - \return WOLFSSL_X509 PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«æˆåŠŸã—ãŸå ´åˆã€wolfssl_x509構造ãŒè¿”ã•れã¾ã™ã€‚ - \return Null PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«å¤±æ•—ã—ãŸå ´åˆã€‚ - \param bp WOLFSSL_BIO構造体体ã‹ã‚‰PEMãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã—ã¾ã™ã€‚ - \param x wolfssl_x509を機能副作用ã§è¨­å®šã™ã‚‹å ´åˆ - \param cb パスワードコールãƒãƒƒã‚¯ + + \brief ã“ã®é–¢æ•°ã¯wolfSSL_PEM_read_bio_X509ã¨åŒã˜ã‚ˆã†ã«å‹•作ã—ã¾ã™ã€‚AUXã¯ã€ä¿¡é ¼ã•れãŸ/æ‹’å¦ã•れãŸãƒ¦ãƒ¼ã‚¹ã‚±ãƒ¼ã‚¹ã‚„人間ãŒèª­ã¿ã‚„ã™ã„フレンドリåãªã©ã®è¿½åŠ æƒ…å ±ã‚’å«ã‚€ã“ã¨ã‚’æ„味ã—ã¾ã™ã€‚ + + \return WOLFSSL_X509 PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«æˆåŠŸã—ãŸå ´åˆã€WOLFSSL_X509構造体ãŒè¿”ã•れã¾ã™ã€‚ + \return Null PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param bp PEMãƒãƒƒãƒ•ã‚¡ã‚’å–å¾—ã™ã‚‹WOLFSSL_BIO構造体。 + \param x 関数ã®å‰¯ä½œç”¨ã«ã‚ˆã£ã¦WOLFSSL_X509を設定ã™ã‚‹å ´åˆã€‚ + \param cb パスワードコールãƒãƒƒã‚¯ã€‚ + \param u NULL終端ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ãƒ‘スワード。 _Example_ \code WOLFSSL_BIO* bio; WOLFSSL_X509* x509; - // setup bio + // bioをセットアップ X509 = wolfSSL_PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); - //check x509 is not null and then use it + //x509ãŒnullã§ãªã„ã“ã¨ã‚’確èªã—ã¦ã‹ã‚‰ä½¿ç”¨ \endcode + \sa wolfSSL_PEM_read_bio_X509 */ WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX @@ -9721,12 +11450,16 @@ /*! \ingroup CertsKeys - \brief WOLFSSL_CTX構造体ã®DHメンãƒãƒ¼ã‚’diffie-hellmanパラメータã§åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG CTXã¾ãŸã¯DH構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR 構造値を設定ã™ã‚‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E メモリを割り当ã¦ã‚‹ã“ã¨ãŒã§ããªã‹ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief WOLFSSL_CTX構造体ã®dhメンãƒã‚’Diffie-Hellmanパラメータã§åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS é–¢æ•°ãŒæ­£å¸¸ã«å®Ÿè¡Œã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯dh構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FATAL_ERROR 構造体ã®å€¤ã®è¨­å®šã«ã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ctx wolfSSL_CTX_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param dh WOLFSSL_DH構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9735,28 +11468,34 @@ … return wolfSSL_CTX_set_tmp_dh(ctx, dh); \endcode + \sa wolfSSL_BN_bn2bin */ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€BIOã®PEMãƒãƒƒãƒ•ã‚¡ã‹ã‚‰DSAパラメータをå–å¾—ã—ã¾ã™ã€‚ - \return WOLFSSL_DSA PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«æˆåŠŸã—ãŸå ´åˆã€WolfSSL_DSA構造ãŒä½œæˆã•れã€è¿”ã•れã¾ã™ã€‚ - \return Null PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«å¤±æ•—ã—ãŸå ´åˆã€‚ - \param bio PEMメモリãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param x æ–°ã—ã„WolfSSL_DSA構造ã«è¨­å®šã™ã‚‹ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cb パスワードコールãƒãƒƒã‚¯é–¢æ•° + + \brief ã“ã®é–¢æ•°ã¯ã€bio内ã®PEMãƒãƒƒãƒ•ã‚¡ã‹ã‚‰DSAパラメータをå–å¾—ã—ã¾ã™ã€‚ + + \return WOLFSSL_DSA PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«æˆåŠŸã—ãŸå ´åˆã€WOLFSSL_DSA構造体ãŒä½œæˆã•れã¦è¿”ã•れã¾ã™ã€‚ + \return Null PEMãƒãƒƒãƒ•ã‚¡ã®è§£æžã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param bio PEMメモリãƒã‚¤ãƒ³ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®WOLFSSL_BIO構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param x æ–°ã—ã„WOLFSSL_DSA構造体ã«è¨­å®šã•れるãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb パスワードコールãƒãƒƒã‚¯é–¢æ•°ã€‚ + \param u null終端ã®ãƒ‘スワード文字列。 _Example_ \code WOLFSSL_BIO* bio; WOLFSSL_DSA* dsa; - // setup bio + // bioをセットアップ dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); - // check dsa is not NULL and then use dsa + // dsaãŒNULLã§ãªã„ã“ã¨ã‚’確èªã—ã¦ã‹ã‚‰dsaを使用 \endcode + \sa none */ WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, @@ -9764,25 +11503,34 @@ /*! \ingroup Debug - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl_Errorã«é­é‡ã—ãŸæœ€å¾Œã®ã‚¨ãƒ©ãƒ¼ã®çµ¶å¯¾å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return error 最後ã®ã‚¨ãƒ©ãƒ¼ã®çµ¶å¯¾å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_ERRORã‹ã‚‰ç™ºç”Ÿã—ãŸæœ€å¾Œã®ã‚¨ãƒ©ãƒ¼ã®çµ¶å¯¾å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + + \return error 最後ã®ã‚¨ãƒ©ãƒ¼ã®çµ¶å¯¾å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータã¯ã‚りã¾ã›ã‚“。 _Example_ \code unsigned long err; ... err = wolfSSL_ERR_peek_last_error(); - // inspect err value + // err値を検査 \endcode + \sa wolfSSL_ERR_print_errors_fp */ unsigned long wolfSSL_ERR_peek_last_error(void); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ - \return pointer ピアã®è¨¼æ˜Žæ›¸ã‚¹ã‚¿ãƒƒã‚¯ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL ピア証明書ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ”ã‚¢ã®è¨¼æ˜Žæ›¸ãƒã‚§ãƒ¼ãƒ³ã‚’å–å¾—ã—ã¾ã™ã€‚ + + \return pointer ピアã®Certificateスタックã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL ピア証明書ãŒãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9791,10 +11539,11 @@ ... wolfSSL_connect(ssl); STACK_OF(WOLFSSL_X509)* chain = wolfSSL_get_peer_cert_chain(ssl); - ifchain){ - // You have a pointer to the peer certificate chain + if(chain){ + // ピア証明書ãƒã‚§ãƒ¼ãƒ³ã¸ã®ãƒã‚¤ãƒ³ã‚¿ãŒã‚りã¾ã™ } \endcode + \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_subject_name \sa wolfSSL_X509_get_isCA @@ -9803,8 +11552,12 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTXオブジェクトã®ã‚ªãƒ—ションビットをリセットã—ã¾ã™ã€‚ - \return option æ–°ã—ã„オプションビット + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTXオブジェクトã®ã‚ªãƒ—ションビットをリセットã—ã¾ã™ã€‚ + + \return option æ–°ã—ã„オプションビット。 + + \param ctx SSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9812,6 +11565,7 @@ ... wolfSSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1); \endcode + \sa wolfSSL_CTX_new \sa wolfSSL_new \sa wolfSSL_free @@ -9820,31 +11574,39 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSL構造ã®jobjectrefメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \return SSL_SUCCESS jobjectrefãŒobjptrã«æ­£ã—ã設定ã•れã¦ã„ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FAILURE é–¢æ•°ãŒæ­£ã—ã実行ã•れãšã€jobjectrefãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体ã®jObjectRefメンãƒã‚’設定ã—ã¾ã™ã€‚ + + \return SSL_SUCCESS jObjectRefãŒobjPtrã«é©åˆ‡ã«è¨­å®šã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return SSL_FAILURE 関数ãŒé©åˆ‡ã«å®Ÿè¡Œã•れãšã€jObjectRefãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param objPtr jObjectRefã«è¨­å®šã•れるvoidãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); - WOLFSSL* ssl = wolfSSL_new(); + WOLFSSL* ssl = WOLFSSL_new(); void* objPtr = &obj; ... if(wolfSSL_set_jobject(ssl, objPtr)){ - // The success case + // æˆåŠŸã‚±ãƒ¼ã‚¹ } \endcode + \sa wolfSSL_get_jobject */ int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl構造ã®jobjectrefメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return value wolfssl構造体ãŒnullã§ãªã„å ´åˆã€é–¢æ•°ã¯jobjectref値を返ã—ã¾ã™ã€‚ - \return NULL wolfssl構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体ã®jObjectRefメンãƒã‚’è¿”ã—ã¾ã™ã€‚ + + \return value WOLFSSL構造体ãŒNULLã§ãªã„å ´åˆã€é–¢æ•°ã¯jObjectRef値を返ã—ã¾ã™ã€‚ + \return NULL WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9854,19 +11616,23 @@ void* jobject = wolfSSL_get_jobject(ssl); if(jobject != NULL){ - // Success case + // æˆåŠŸã‚±ãƒ¼ã‚¹ } \endcode + \sa wolfSSL_set_jobject */ void* wolfSSL_get_jobject(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯SSL内ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’観察ã™ã‚‹ã“ã¨ã§ã™ã€‚CBã®NULL値ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’リセットã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸã—ã¦ã„ã¾ã™ã€‚ - \return SSL_FAILURE NULL SSLãŒæ¸¡ã•れãŸå ´åˆã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ssl内ã«ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’監視ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã™ã€‚cbã®NULL値ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’リセットã—ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FAILURE NULLã®sslãŒæ¸¡ã•れãŸå ´åˆã€‚ + + \param ssl コールãƒãƒƒã‚¯å¼•数を設定ã™ã‚‹WOLFSSL構造体。 _Example_ \code @@ -9875,17 +11641,21 @@ … WOLFSSL* ssl; ret = wolfSSL_set_msg_callback(ssl, cb); - // check ret + // retã‚’ç¢ºèª \endcode + \sa wolfSSL_set_msg_callback_arg */ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€SSL内ã®é–¢é€£ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆå€¤ã‚’設定ã—ã¾ã™ã€‚値ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯å¼•æ•°ã«æ¸¡ã•れã¾ã™ã€‚ - \return none è¿”å“ä¸å¯ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ssl内ã«é–¢é€£ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆå€¤ã‚’設定ã—ã¾ã™ã€‚値ã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯å¼•æ•°ã«æ¸¡ã•れã¾ã™ã€‚ + + \return none 戻り値ã¯ã‚りã¾ã›ã‚“。 + + \param ssl コールãƒãƒƒã‚¯å¼•数を設定ã™ã‚‹WOLFSSL構造体。 _Example_ \code @@ -9894,18 +11664,23 @@ … WOLFSSL* ssl; ret = wolfSSL_set_msg_callback(ssl, cb); - // check ret + // retã‚’ç¢ºèª wolfSSL_set_msg_callback(ssl, arg); \endcode + \sa wolfSSL_set_msg_callback */ int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg); /*! \ingroup CertsKeys - \brief ã“ã®é–¢æ•°ã¯ã€å­˜åœ¨ã™ã‚‹å ´åˆã¯ã€ãƒ”ア証明書ã‹ã‚‰altnameã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL 次ã®AltNameãŒãªã„å ´åˆã€‚ - \return cert->altNamesNext->name wolfssl_x509ã‹ã‚‰ã€AltNameリストã‹ã‚‰ã®æ–‡å­—列値ã§ã‚る構造ãŒå­˜åœ¨ã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ”ア証明書ã‹ã‚‰æ¬¡ã®ä»£æ›¿å(ã‚‚ã—ã‚れã°)ã‚’è¿”ã—ã¾ã™ã€‚ + + \return NULL 次ã®ä»£æ›¿åãŒãªã„å ´åˆã€‚ + \return cert->altNamesNext->name WOLFSSL_X509構造体ã‹ã‚‰è¿”ã•れã¾ã™ã€‚ altNameリストã‹ã‚‰ã®æ–‡å­—列値ãŒå­˜åœ¨ã™ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param cert wolfSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9914,20 +11689,24 @@ … int x509NextAltName = wolfSSL_X509_get_next_altname(x509); if(x509NextAltName == NULL){ - //There isn’t another alt name + //別ã®alt nameã¯ã‚りã¾ã›ã‚“。 } \endcode + \sa wolfSSL_X509_get_issuer_name \sa wolfSSL_X509_get_subject_name */ -char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* x509); +char* wolfSSL_X509_get_next_altname(WOLFSSL_X509*); /*! \ingroup CertsKeys - \brief 関数ã¯ã€x509ãŒnullã®ã‹ã©ã†ã‹ã‚’確èªã—ã€ãã†ã§ãªã„å ´åˆã¯ã€WOLFSSL_X509構造体ã®NotBeforeメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer WOLFSSL_ASN1_TIMEã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼ˆWOLFSSL_X509構造体ã®NotBeforeメンãƒãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ï¼‰ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL WOLFSSL_X509構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€x509ãŒNULLã‹ã©ã†ã‹ã‚’確èªã—ã€NULLã§ãªã„å ´åˆã¯x509構造体ã®notBeforeメンãƒã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer x509構造体ã®notBeforeメンãƒã¸ã®ASN1_TIMEã‚’æŒã¤æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return NULL x509構造体ãŒNULLã®å ´åˆã€é–¢æ•°ã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param x509 WOLFSSL_X509構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9936,31 +11715,23 @@ … const WOLFSSL_ASN1_TIME* notAfter = wolfSSL_X509_get_notBefore(x509); if(notAfter == NULL){ - //The x509 object was NULL + //x509オブジェクトãŒNULLã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_X509_get_notAfter */ -WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509* x509); +WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(WOLFSSL_X509*); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ã‚µãƒ¼ãƒãƒ¼ã¨ã®SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¾ã§ã«ä¸‹å±¤ã®é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - wolfSSL_connect()ã¯ã€ãƒ–ロッキングã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 下層ã®I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€wolfSSL_connect()ã¯ã€ä¸‹å±¤ã®I/OãŒwolfSSL_connectã®è¦æ±‚(é€ä¿¡ãƒ‡ãƒ¼ã‚¿ã€å—信データ)を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã¨ãã«ã¯å³æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã®å‘¼ã³å‡ºã—ã§SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚ - 呼ã³å‡ºã—ãŸãƒ—ロセスã¯ã€ä¸‹å±¤ã®I/OãŒãŒREADYã«ãªã£ãŸæ™‚点ã§ã€WOLFSSLãŒåœæ­¢ã—ãŸã¨ãã‹ã‚‰å†é–‹ã§ãるよã†ã«wolfSSL_connect()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ã“れã«ã¯select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ãŒæ•´ã£ãŸã‹ã©ã†ã‹ã‚’確èªã§ãã¾ã™ã€‚ - ブロッキングI/Oを使用ã™ã‚‹å ´åˆã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ãŒçµ‚了ã™ã‚‹ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§æˆ»ã£ã¦ãã¾ã›ã‚“。 - wolfSSLã¯OpenSSLã¨æ¯”ã¹ã¦è¨¼æ˜Žæ›¸æ¤œè¨¼ã«ç•°ãªã‚‹ã‚¢ãƒ—ローãƒã‚’å–りã¾ã™ã€‚クライアントã®ãƒ‡ãƒ•ォルトãƒãƒªã‚·ãƒ¼ã¯ã‚µãƒ¼ãƒãƒ¼ã‚’èªè¨¼ã™ã‚‹ã“ã¨ã§ã™ã€‚ - ã“れã¯ã€CA証明書を読ã¿è¾¼ã¾ãªã„å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã‚’確èªã™ã‚‹ã“ã¨ãŒã§ããšâ€-155â€ã®ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ - OpenSSLã¨åŒã˜æŒ¯ã‚‹èˆžã„(ã¤ã¾ã‚Šã€CA証明書ã®ãƒ­ãƒ¼ãƒ‰ãªã—ã§ã‚µãƒ¼ãƒãƒ¼èªè¨¼ã‚’æˆåŠŸã•ã›ã‚‹ï¼‰ã‚’å–らã›ãŸã„å ´åˆã«ã¯ã€ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£é¢ã§ãŠå‹§ã‚ã¯ã—ã¾ã›ã‚“ãŒã€ - SSL_CTX_SET_VERIFY(ctxã€SSL_VERIFY_NONEã€0)を呼ã³å‡ºã™ã“ã¨ã§å¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚ - - \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ - \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ã‚µãƒ¼ãƒã¨ã®SSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ãã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚wolfSSL_connect()ã¯ã€ãƒ–ロッキングI/Oã¨éžãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒéžãƒ–ロッキングã®å ´åˆã€wolfSSL_connect()ã¯ã€åŸºç¤Žã¨ãªã‚‹I/OãŒwolfSSL_connect()ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’続行ã™ã‚‹ãŸã‚ã«å¿…è¦ã¨ã™ã‚‹ã‚‚ã®ã‚’満ãŸã™ã“ã¨ãŒã§ããªã„ã¨ãã«è¿”ã•れã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã‚’è¿”ã—ã¾ã™ã€‚呼ã³å‡ºã—プロセスã¯ã€åŸºç¤Žã¨ãªã‚‹I/Oã®æº–å‚™ãŒã§ããŸã¨ãã«wolfSSL_connect()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã€wolfSSLã¯ä¸­æ–­ã—ãŸã¨ã“ã‚ã‹ã‚‰å†é–‹ã—ã¾ã™ã€‚éžãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ä½•ã‚‚ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒãƒ–ロッキングã®å ´åˆã€wolfSSL_connect()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§è¿”ã•れã¾ã›ã‚“。wolfSSLã¯ã€OpenSSLã¨ã¯ç•°ãªã‚‹ã‚¢ãƒ—ローãƒã§è¨¼æ˜Žæ›¸æ¤œè¨¼ã‚’行ã„ã¾ã™ã€‚クライアントã®ãƒ‡ãƒ•ォルトãƒãƒªã‚·ãƒ¼ã¯ã‚µãƒ¼ãƒã‚’検証ã™ã‚‹ã“ã¨ã§ã™ã€‚ã¤ã¾ã‚Šã€ã‚µãƒ¼ãƒã‚’検証ã™ã‚‹ãŸã‚ã®CAを読ã¿è¾¼ã¾ãªã„å ´åˆã€æŽ¥ç¶šã‚¨ãƒ©ãƒ¼ã€æ¤œè¨¼ä¸å¯(-155)ãŒç™ºç”Ÿã—ã¾ã™ã€‚サーãƒã®æ¤œè¨¼ãŒå¤±æ•—ã—ã¦ã‚‚SSL_connectãŒæˆåŠŸã—ã€ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã‚’低下ã•ã›ã‚‹OpenSSLã®å‹•作を模倣ã—ãŸã„å ´åˆã¯ã€SSL_new()を呼ã³å‡ºã™å‰ã«SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);を呼ã³å‡ºã™ã“ã¨ã§ã“れを実ç¾ã§ãã¾ã™ã€‚ãŸã ã—ã€æŽ¨å¥¨ã•れã¾ã›ã‚“。 + + \return SSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ \code @@ -9971,10 +11742,11 @@ ... ret = wolfSSL_connect(ssl); if (ret != SSL_SUCCESS) { - err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + err = wolfSSL_get_error(ssl, ret); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_get_error \sa wolfSSL_accept */ @@ -9982,14 +11754,18 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã¦ã€HellORetryRequestメッセージã«Cookieã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚Cookieã¯ç¾åœ¨ã®ãƒˆãƒ©ãƒ³ã‚¹ã‚¯ãƒªãƒ—トã®ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã—ã¦ã„ã‚‹ã®ã§ã€åˆ¥ã®ã‚µãƒ¼ãƒãƒ¼ãƒ—ロセスã¯å¿œç­”ã§ClientHelloを処ç†ã§ãã¾ã™ã€‚秘密ã¯Cookieãƒ‡ãƒ¼ã‚¿ã®æ•´åˆæ€§ãƒã‚§ãƒƒã‚¯ã‚’Genertingã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \param [in,out] ssl l wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] ç§˜å¯†ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’秘密ã«ã—ã¾ã™ã€‚渡ã™NULLã¯ã€æ–°ã—ã„ランダムシークレットを生æˆã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ - \param [in] シークスã®ã‚µã‚¤ã‚ºã‚’ãƒã‚¤ãƒˆå˜ä½ã§ã‚µã‚¤ã‚ºã€‚0を渡ã™ã¨ã€ãƒ‡ãƒ•ォルトã®ã‚µã‚¤ã‚ºã‚’使用ã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™.WC_SHA256_DIGEST_SIZE(ã¾ãŸã¯SHA-256ãŒä½¿ç”¨ã§ããªã„å ´åˆã¯WC_SHA_DIGEST_SIZE)。 - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_ERROR 秘密をä¿å­˜ã™ã‚‹ãŸã‚ã«å‹•的メモリを割り当ã¦ã‚‹å ´åˆã«å¤±æ•—ã—ã¾ã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€HelloRetryRequestメッセージã«Cookieã‚’å«ã‚ã‚‹å¿…è¦ãŒã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ã€ã‚µãƒ¼ãƒå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã¾ãŸã€ãƒ—ロトコルDTLS v1.3を使用ã™ã‚‹å ´åˆã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ã¯å¸¸ã«Cookie交æ›ãŒå«ã¾ã‚Œã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚プロトコルDTLS v1.3を使用ã™ã‚‹å ´åˆã€Cookie交æ›ã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ã„ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。Cookieã¯ç¾åœ¨ã®ãƒˆãƒ©ãƒ³ã‚¹ã‚¯ãƒªãƒ—トã®ãƒãƒƒã‚·ãƒ¥ã‚’ä¿æŒã—ã¦ãŠã‚Šã€åˆ¥ã®ã‚µãƒ¼ãƒãƒ—ロセスãŒå¿œç­”ã®ClientHelloを処ç†ã§ãるよã†ã«ã—ã¾ã™ã€‚secretã¯ã€Cookieデータã®å®Œå…¨æ€§ãƒã‚§ãƒƒã‚¯ã‚’生æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] secret secretã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚NULLを渡ã™ã¨ã€æ–°ã—ã„ランダムãªsecretを生æˆã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ + \param [in] secretSz secretã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。0を渡ã™ã¨ã€ãƒ‡ãƒ•ォルトサイズを使用ã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™:WC_SHA256_DIGEST_SIZE(SHA-256ãŒåˆ©ç”¨ã§ããªã„å ´åˆã¯WC_SHA_DIGEST_SIZE)。 + + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return MEMORY_ERROR secretã‚’ä¿å­˜ã™ã‚‹ãŸã‚ã®å‹•的メモリã®å‰²ã‚Šå½“ã¦ã«å¤±æ•—ã—ãŸå ´åˆã€‚ + \return Another 内部エラーã®å ´åˆã¯ä»–ã®è² ã®å€¤ã€‚ _Example_ \code @@ -9999,10 +11775,12 @@ ... ret = wolfSSL__send_hrr_cookie(ssl, secret, sizeof(secret)); if (ret != WOLFSSL_SUCCESS) { - // failed to set use of Cookie and secret + // Cookieã¨secretã®ä½¿ç”¨è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_new + \sa wolfSSL_disable_hrr_cookie */ int wolfSSL_send_hrr_cookie(WOLFSSL* ssl, const unsigned char* secret, unsigned int secretSz); @@ -10011,27 +11789,28 @@ \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã€HelloRetryRequestメッセージãŒã‚¯ãƒƒã‚­ãƒ¼ã‚’å«ã‚“ã§ã¯ãªã‚‰ãªã„ã“ã¨ã€ - DTLSv1.3ãŒä½¿ç”¨ã•れã¦ã„ã‚‹å ´åˆã«ã¯ã‚¯ãƒƒã‚­ãƒ¼ã®äº¤æ›ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã«å«ã¾ã‚Œãªã„ã“ã¨ã‚’表明ã—ã¾ã™ã€‚ - DTLSv1.3ã§ã¯ã‚¯ãƒƒã‚­ãƒ¼äº¤æ›ã‚’行ã‚ãªã„ã¨ã‚µãƒ¼ãƒãƒ¼ãŒDoS/Amplification攻撃をå—ã‘ã‚„ã™ããªã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã“ã¨ã«ç•™æ„ã—ã¦ãã ã•ã„。 + \brief ã“ã®é–¢æ•°ã¯ã€HelloRetryRequestメッセージã«Cookieã‚’å«ã‚ã¦ã¯ãªã‚‰ãªã„ã“ã¨ã€ãŠã‚ˆã³ãƒ—ロトコルDTLS v1.3を使用ã—ã¦ã„ã‚‹å ´åˆã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«Cookie交æ›ã‚’å«ã‚ãªã„ã“ã¨ã‚’示ã™ãŸã‚ã«ã€ã‚µãƒ¼ãƒå´ã§å‘¼ã³å‡ºã•れã¾ã™ã€‚プロトコルDTLS v1.3を使用ã™ã‚‹éš›ã«Cookie交æ›ã‚’行ã‚ãªã„ã¨ã€ã‚µãƒ¼ãƒãŒDoS/増幅攻撃ã«å¯¾ã—ã¦è„†å¼±ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã‚ã‚‹ã„ã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR クライアントå´ã§ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ \sa wolfSSL_send_hrr_cookie */ int wolfSSL_disable_hrr_cookie(WOLFSSL* ssl); - /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼ä¸Šã§å‘¼ã³å‡ºã•れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†æ™‚ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹ã®ãŸã‚ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã®é€ä¿¡ã‚’行ã‚ãªã„よã†ã«ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã€å†é–‹ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã®é€ä¿¡ã‚’åœæ­¢ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG ctxãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10040,19 +11819,24 @@ ... ret = wolfSSL_CTX_no_ticket_TLSv13(ctx); if (ret != 0) { - // failed to set no ticket + // no ticketã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_no_ticket_TLSv13 */ int wolfSSL_CTX_no_ticket_TLSv13(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹ã¨ã€ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼ä¸Šã§å†é–‹ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã®é€ä¿¡ã‚’åœæ­¢ã™ã‚‹ã‚ˆã†ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã€å†é–‹ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã®é€ä¿¡ã‚’åœæ­¢ã™ã‚‹ãŸã‚ã«ã€ã‚µãƒ¼ãƒã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10061,18 +11845,23 @@ ... ret = wolfSSL_no_ticket_TLSv13(ssl); if (ret != 0) { - // failed to set no ticket + // no ticketã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_no_ticket_TLSv13 */ int wolfSSL_no_ticket_TLSv13(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€Authenticationã«ãƒ—リシェアキーを使用ã—ã¦ã„ã‚‹å ´åˆã€DIFFIE-HELLMAN(DH)スタイルã®ã‚­ãƒ¼äº¤æ›ã‚’許å¯ã™ã‚‹TLS V1.3 WolfSSLコンテキストã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€äº‹å‰å…±æœ‰éµã‚’èªè¨¼ã«ä½¿ç”¨ã™ã‚‹ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®éš›ã«ã€Diffie-Hellman(DH)スタイルã®éµäº¤æ›ã‚’ç¦æ­¢ã™ã‚‹ãŸã‚ã«ã€TLS v1.3 wolfSSLコンテキストã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG ctxãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10081,18 +11870,23 @@ ... ret = wolfSSL_CTX_no_dhe_psk(ctx); if (ret != 0) { - // failed to set no DHE for PSK handshakes + // PSKãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®DHE無効化ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_no_dhe_psk */ int wolfSSL_CTX_no_dhe_psk(WOLFSSL_CTX* ctx); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€äº‹å‰å…±æœ‰éµã‚’使用ã—ã¦ã„ã‚‹TLS V1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒãƒ¼ã§ã€ã«Diffie-Hellman(DH)スタイルã®éµäº¤æ›ã‚’許å¯ã—ãªã„よã†ã«è¨­å®šã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€äº‹å‰å…±æœ‰éµã‚’èªè¨¼ã«ä½¿ç”¨ã™ã‚‹ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®éš›ã«ã€Diffie-Hellman(DH)スタイルã®éµäº¤æ›ã‚’ç¦æ­¢ã™ã‚‹ãŸã‚ã«ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒwolfSSLã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10101,19 +11895,24 @@ ... ret = wolfSSL_no_dhe_psk(ssl); if (ret != 0) { - // failed to set no DHE for PSK handshakes + // PSKãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã®DHE無効化ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_no_dhe_psk */ int wolfSSL_no_dhe_psk(WOLFSSL* ssl); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒãƒ¼ã®wolfsslã§å‘¼ã³å‡ºã•れã¦ã€ã‚­ãƒ¼ã®ãƒ­ãƒ¼ãƒ«ã‚ªãƒ¼ãƒãƒ¼ã‚’強制ã—ã¾ã™ã€‚KeyUpdateメッセージãŒãƒ”ã‚¢ã«é€ä¿¡ã•ã‚Œã€æ–°ã—ã„ã‚­ãƒ¼ãŒæš—å·åŒ–ã®ãŸã‚ã«è¨ˆç®—ã•れã¾ã™ã€‚ピアã¯KeyUpdateメッセージをé€ã‚Šã€æ–°ã—ã„復å·åŒ–キーWILを計算ã—ã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«ã®ã¿å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return WANT_WRITE 書ãè¾¼ã¿ãŒæº–å‚™ãŒã§ãã¦ã„ãªã„å ´åˆ + + \brief ã“ã®é–¢æ•°ã¯ã€éµã®ãƒ­ãƒ¼ãƒ«ã‚ªãƒ¼ãƒãƒ¼ã‚’強制ã™ã‚‹ãŸã‚ã«ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒwolfSSLã§å‘¼ã³å‡ºã•れã¾ã™ã€‚KeyUpdateメッセージãŒãƒ”ã‚¢ã«é€ä¿¡ã•ã‚Œã€æš—å·åŒ–ç”¨ã®æ–°ã—ã„éµãŒè¨ˆç®—ã•れã¾ã™ã€‚ピアã¯KeyUpdateメッセージをé€ã‚Šè¿”ã—ã€ãã®å¾Œæ–°ã—ã„復å·éµãŒè¨ˆç®—ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«ã®ã¿å‘¼ã³å‡ºã™ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WANT_WRITE 書ãè¾¼ã¿ã®æº–å‚™ãŒã§ãã¦ã„ãªã„å ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10122,22 +11921,27 @@ ... ret = wolfSSL_update_keys(ssl); if (ret == WANT_WRITE) { - // need to call again when I/O ready + // I/Oã®æº–å‚™ãŒã§ããŸã‚‰å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚ } else if (ret != WOLFSSL_SUCCESS) { - // failed to send key update + // 鵿›´æ–°ã®é€ä¿¡ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_write */ int wolfSSL_update_keys(WOLFSSL* ssl); /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒãƒ¼ã®wolfsslã§å‘¼ã³å‡ºã•れã€ã‚­ãƒ¼ã®ãƒ­ãƒ¼ãƒ«ã‚ªãƒ¼ãƒãƒ¼ãŒé€²è¡Œä¸­ã‹ã©ã†ã‹ã‚’判断ã—ã¾ã™ã€‚wolfssl_update_keys()ãŒå‘¼ã³å‡ºã•れるã¨ã€KeyUpdateメッセージãŒé€ä¿¡ã•ã‚Œã€æš—å·åŒ–ã‚­ãƒ¼ãŒæ›´æ–°ã•れã¾ã™ã€‚復å·åŒ–キーã¯ã€å¿œç­”ãŒå—ä¿¡ã•れãŸã¨ãã«æ›´æ–°ã•れã¾ã™ã€‚ - \param [in] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] キー更新応答ãŒå¿…è¦ãªã„å ´åˆã¯å¿…é ˆ0。1キー更新応答ãŒå¿…è¦ãªã„å ´åˆã€‚ - \return 0 æˆåŠŸã—ãŸã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€éµã®ãƒ­ãƒ¼ãƒ«ã‚ªãƒ¼ãƒãƒ¼ãŒé€²è¡Œä¸­ã‹ã©ã†ã‹ã‚’判断ã™ã‚‹ãŸã‚ã«ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒwolfSSLã§å‘¼ã³å‡ºã•れã¾ã™ã€‚wolfSSL_update_keys()ãŒå‘¼ã³å‡ºã•れるã¨ã€KeyUpdateメッセージãŒé€ä¿¡ã•ã‚Œã€æš—å·åŒ–éµãŒæ›´æ–°ã•れã¾ã™ã€‚復å·éµã¯ã€å¿œç­”ã‚’å—ä¿¡ã—ãŸã¨ãã«æ›´æ–°ã•れã¾ã™ã€‚ + + \param [in] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] required 鵿›´æ–°å¿œç­”ãŒä¸è¦ãªå ´åˆã¯0ã€‚éµæ›´æ–°å¿œç­”ãŒå¿…è¦ãªå ´åˆã¯1。 + + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ _Example_ \code @@ -10147,22 +11951,27 @@ ... ret = wolfSSL_key_update_response(ssl, &required); if (ret != 0) { - // bad parameters + // 䏿­£ãªãƒ‘ラメータ } if (required) { - // encrypt Key updated, awaiting response to change decrypt key + // æš—å·åŒ–éµãŒæ›´æ–°ã•れã€å¾©å·éµã‚’変更ã™ã‚‹ãŸã‚ã®å¿œç­”ã‚’å¾…ã£ã¦ã„ã¾ã™ã€‚ } \endcode + \sa wolfSSL_update_keys */ int wolfSSL_key_update_response(WOLFSSL* ssl, int* required); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã®WolfSSLコンテキストã§å‘¼ã³å‡ºã•れã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰ã®è¦æ±‚ã«å¿œã˜ã¦Post Handshakeã‚’é€ä¿¡ã§ãるよã†ã«ã—ã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ãªã©ã‚’å¿…è¦ã¨ã—ãªã„ページをæŒã¤Webサーãƒãƒ¼ã«æŽ¥ç¶šã™ã‚‹ã¨ãã«å½¹ç«‹ã¡ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒã‹ã‚‰ã®è¦æ±‚ã«å¿œã˜ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œã«é€ä¿¡ã§ãるよã†ã«ã™ã‚‹ãŸã‚ã«ã€TLS v1.3クライアントwolfSSLコンテキストã§å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ãŒå¿…è¦ãªãƒšãƒ¼ã‚¸ã¨ãã†ã§ãªã„ページをæŒã¤Webサーãƒã«æŽ¥ç¶šã™ã‚‹éš›ã«ä¾¿åˆ©ã§ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG ctxãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR サーãƒã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10171,9 +11980,10 @@ ... ret = wolfSSL_allow_post_handshake_auth(ctx); if (ret != 0) { - // failed to allow post handshake authentication + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œèªè¨¼ã®è¨±å¯ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_allow_post_handshake_auth \sa wolfSSL_request_certificate */ @@ -10181,10 +11991,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS V1.3クライアントWolfSSLã§å‘¼ã³å‡ºã•れã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¯ã‚µãƒ¼ãƒãƒ¼ã‹ã‚‰ã®è¦æ±‚ã«å¿œã˜ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é€ã‚Šã¾ã™ã€‚handshakeクライアントèªè¨¼æ‹¡å¼µæ©Ÿèƒ½ã¯ClientHelloã§é€ä¿¡ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ãªã©ã‚’å¿…è¦ã¨ã—ãªã„ページをæŒã¤Webサーãƒãƒ¼ã«æŽ¥ç¶šã™ã‚‹ã¨ãã«å½¹ç«‹ã¡ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚µãƒ¼ãƒã‹ã‚‰ã®è¦æ±‚ã«å¿œã˜ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œã«é€ä¿¡ã§ãるよã†ã«ã™ã‚‹ãŸã‚ã«ã€TLS v1.3クライアントwolfSSLã§å‘¼ã³å‡ºã•れã¾ã™ã€‚Post-Handshake Client Authenticationæ‹¡å¼µãŒClientHelloã§é€ä¿¡ã•れã¾ã™ã€‚ã“れã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ãŒå¿…è¦ãªãƒšãƒ¼ã‚¸ã¨ãã†ã§ãªã„ページをæŒã¤Webサーãƒã«æŽ¥ç¶šã™ã‚‹éš›ã«ä¾¿åˆ©ã§ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR サーãƒã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return 0 æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10193,24 +12007,28 @@ ... ret = wolfSSL_allow_post_handshake_auth(ssl); if (ret != 0) { - // failed to allow post handshake authentication + // ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å¾Œèªè¨¼ã®è¨±å¯ã«å¤±æ•—ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_CTX_allow_post_handshake_auth \sa wolfSSL_request_certificate */ int wolfSSL_allow_post_handshake_auth(WOLFSSL* ssl); -/*! - \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’è¦æ±‚ã—ã¾ã™ã€‚ã“れã¯ã€Webサーãƒãƒ¼ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ã‚„ãã®ä»–ã®ã‚‚ã®ã‚’å¿…è¦ã¨ã™ã‚‹ãƒšãƒ¼ã‚¸ã«ã‚µãƒ¼ãƒ“スをæä¾›ã—ã¦ã„ã‚‹å ´åˆã«å½¹ç«‹ã¡ã¾ã™ã€‚æŽ¥ç¶šã§æœ€å¤§256ã®è¦æ±‚ã‚’é€ä¿¡ã§ãã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return WANT_WRITE 書ãè¾¼ã¿ãŒæº–å‚™ãŒã§ãã¦ã„ãªã„å ´åˆ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒçµ‚了ã—ã¦ã„ãªã„ã¨ãã«å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - \return POST_HAND_AUTH_ERROR é€ä»˜å¾Œèªè¨¼ãŒè¨±å¯ã•れã¦ã„ãªã„å ´åˆã€‚ - \return MEMORY_E 動的メモリ割り当ã¦ãŒå¤±æ•—ã—ãŸå ´åˆ +/*! \ingroup IO + + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã‹ã‚‰ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚’è¦æ±‚ã—ã¾ã™ã€‚ã“れã¯ã€WebサーãƒãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆèªè¨¼ã‚’å¿…è¦ã¨ã™ã‚‹ãƒšãƒ¼ã‚¸ã¨å¿…è¦ã¨ã—ãªã„ページã®ä¸¡æ–¹ã‚’æä¾›ã—ã¦ã„ã‚‹å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚æŽ¥ç¶šä¸Šã§æœ€å¤§256回ã®è¦æ±‚ã‚’é€ä¿¡ã§ãã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WANT_WRITE 書ãè¾¼ã¿ã®æº–å‚™ãŒã§ãã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã—ã¦ã„ãªã„ã¨ãã«å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return POST_HAND_AUTH_ERROR ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯èªè¨¼ãŒè¨±å¯ã•れã¦ã„ãªã„å ´åˆã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10219,12 +12037,13 @@ ... ret = wolfSSL_request_certificate(ssl); if (ret == WANT_WRITE) { - // need to call again when I/O ready + // I/Oã®æº–å‚™ãŒã§ããŸã‚‰å†åº¦å‘¼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ } else if (ret != WOLFSSL_SUCCESS) { - // failed to request a client certificate + // クライアント証明書ã®è¦æ±‚ã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_allow_post_handshake_auth \sa wolfSSL_write */ @@ -10232,10 +12051,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¦ã€WolfSSLコンテキストを希望ã®é †ã«è¨­å®šã—ã¾ã™ã€‚リストã¯ãƒŒãƒ«çµ‚了ã—ãŸãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã€ãŠã‚ˆã³ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] list 楕円曲線グループã®ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã‚る文字列をリストã—ã¾ã™ã€‚ - \return WOLFSSL_FAILURE ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€wolfssl_max_group_countグループãŒå¤šã„å ´åˆã¯ã€ã‚°ãƒ«ãƒ¼ãƒ—åãŒèªè­˜ã•れãªã„ã‹ã€TLS v1.3を使用ã—ã¦ã„ã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLコンテキストã§å„ªå…ˆé †ä½ã«å¾“ã£ã¦è¨±å¯ã™ã‚‹æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚リストã¯null終端ã®ãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã§ã€ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®ãƒªã‚¹ãƒˆã§ã™ã€‚TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] list 楕円曲線グループã®ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã‚る文字列。 + + \return WOLFSSL_FAILURE ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—ãŒWOLFSSL_MAX_GROUP_COUNTã‚’è¶…ãˆã‚‹å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—åãŒèªè­˜ã•れãªã„å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10245,23 +12068,28 @@ ... ret = wolfSSL_CTX_set1_groups_list(ctx, list); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_set1_groups_list \sa wolfSSL_CTX_set_groups \sa wolfSSL_set_groups \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list); +int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, const char *list); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¦ã€WolfSSLを希望ã®é †ã«è¨­å®šã—ã¾ã™ã€‚リストã¯ãƒŒãƒ«çµ‚了ã—ãŸãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã€ãŠã‚ˆã³ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] list éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã‚る文字列をリストã—ã¾ã™ã€‚ - \return WOLFSSL_FAILURE ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€wolfssl_max_group_countグループãŒå¤šã„å ´åˆã¯ã€ã‚°ãƒ«ãƒ¼ãƒ—åãŒèªè­˜ã•れãªã„ã‹ã€TLS v1.3を使用ã—ã¦ã„ã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLã§å„ªå…ˆé †ä½ã«å¾“ã£ã¦è¨±å¯ã™ã‚‹æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚リストã¯null終端ã®ãƒ†ã‚­ã‚¹ãƒˆæ–‡å­—列ã§ã€ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šã®ãƒªã‚¹ãƒˆã§ã™ã€‚TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] list éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ã‚³ãƒ­ãƒ³åŒºåˆ‡ã‚Šãƒªã‚¹ãƒˆã§ã‚る文字列。 + + \return WOLFSSL_FAILURE ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—ãŒWOLFSSL_MAX_GROUP_COUNTã‚’è¶…ãˆã‚‹å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—åãŒèªè­˜ã•れãªã„å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10271,24 +12099,29 @@ ... ret = wolfSSL_CTX_set1_groups_list(ssl, list); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_set1_groups_list \sa wolfSSL_CTX_set_groups \sa wolfSSL_set_groups \sa wolfSSL_UseKeyShare \sa wolfSSL_preferred_group */ -int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list); +int wolfSSL_set1_groups_list(WOLFSSL *ssl, const char *list); /*! \ingroup TLS - \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒTLS v1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ä½¿ç”¨ã™ã‚‹ã“ã¨ã‚’好むéµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®æƒ…報を完了ã—ãŸå¾Œã«ã“ã®æ©Ÿèƒ½ã‚’呼ã³å‡ºã—ã¦ã€ã‚µãƒ¼ãƒãƒ¼ãŒã©ã®ã‚°ãƒ«ãƒ¼ãƒ—ãŒäºˆæƒ³ã•れるよã†ã«ã“ã®æƒ…å ±ãŒå°†æ¥ã®æŽ¥ç¶šã§ä½¿ç”¨ã§ãるよã†ã«ãªã‚‹ã‹ã‚’決定ã™ã‚‹ãŸã‚ã«ã€ã“ã®æƒ…å ±ãŒå°†æ¥ã®æŽ¥ç¶šã§éµäº¤æ›ã®ãŸã‚ã®éµãƒšã‚¢ã‚’事å‰ç”Ÿæˆã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹å‰ã«å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒå„ªå…ˆçš„ã«ä½¿ç”¨ã—ãŸã„éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã‚’è¿”ã—ã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†å¾Œã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€ã‚µãƒ¼ãƒãŒå„ªå…ˆã™ã‚‹ã‚°ãƒ«ãƒ¼ãƒ—を判定ã—ã€ã“ã®æƒ…報を将æ¥ã®æŽ¥ç¶šã§ä½¿ç”¨ã—ã¦éµäº¤æ›ç”¨ã®éµãƒšã‚¢ã‚’事å‰ç”Ÿæˆã§ãã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR サーãƒã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return NOT_READY_ERROR ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†å‰ã«å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return Group identifier æˆåŠŸæ™‚ã€ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã€‚ _Example_ \code @@ -10298,10 +12131,11 @@ ... ret = wolfSSL_CTX_set1_groups_list(ssl) if (ret < 0) { - // failed to get group + // グループã®å–å¾—ã«å¤±æ•—ã—ã¾ã—㟠} group = ret; \endcode + \sa wolfSSL_UseKeyShare \sa wolfSSL_CTX_set_groups \sa wolfSSL_set_groups @@ -10312,11 +12146,15 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¦ã€WolfSSLコンテキストを希望ã®é †ã«è¨­å®šã—ã¾ã™ã€‚リストã¯ã€Countã§æŒ‡å®šã•れãŸè­˜åˆ¥å­ã®æ•°ã‚’æŒã¤ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã®é…列ã§ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] groups 識別å­ã«ã‚ˆã£ã¦éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒªã‚¹ãƒˆã‚’グループ化ã—ã¾ã™ã€‚ - \param [in] count グループ内ã®éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®æ•°ã‚’æ•°ãˆã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—æ•°ã¯wolfssl_max_group_countã‚’è¶…ãˆã¦ã„ã‚‹ã‹ã€TLS v1.3を使用ã—ã¦ã„ã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLコンテキストã§å„ªå…ˆé †ä½ã«å¾“ã£ã¦è¨±å¯ã™ã‚‹æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚リストã¯ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã®é…列ã§ã€è­˜åˆ¥å­ã®æ•°ã¯countã§æŒ‡å®šã•れã¾ã™ã€‚TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] groups 識別å­ã«ã‚ˆã‚‹éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒªã‚¹ãƒˆã€‚ + \param [in] count groups内ã®éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®æ•°ã€‚ + + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒnullã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—æ•°ãŒWOLFSSL_MAX_GROUP_COUNTã‚’è¶…ãˆã‚‹å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10327,9 +12165,10 @@ ... ret = wolfSSL_CTX_set1_groups_list(ctx, groups, count); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_set_groups \sa wolfSSL_UseKeyShare \sa wolfSSL_CTX_set_groups @@ -10343,11 +12182,15 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€wolfsslを許ã™ãŸã‚ã«æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚リストã¯ã€Countã§æŒ‡å®šã•れãŸè­˜åˆ¥å­ã®æ•°ã‚’æŒã¤ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã®é…列ã§ã™ã€‚ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] groups 識別å­ã«ã‚ˆã£ã¦éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒªã‚¹ãƒˆã‚’グループ化ã—ã¾ã™ã€‚ - \param [in] count グループ内ã®éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®æ•°ã‚’æ•°ãˆã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—æ•°ãŒWolfSSL_MAX_GROUP_COUNTã‚’è¶…ãˆã¦ã„ã‚‹å ´åˆã€ä»»æ„ã®è­˜åˆ¥å­ã¯èªè­˜ã•れãªã„ã‹ã€TLS v1.3を使用ã—ã¦ã„ã¾ã›ã‚“。 + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLã§è¨±å¯ã™ã‚‹æ¥•円曲線グループã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚リストã¯ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã®é…列ã§ã€è­˜åˆ¥å­ã®æ•°ã¯countã§æŒ‡å®šã•れã¾ã™ã€‚TLS v1.3接続ã§ä½¿ç”¨ã™ã‚‹éµäº¤æ›æ¥•円曲線パラメータを設定ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。 + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] groups 識別å­ã«ã‚ˆã‚‹éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®ãƒªã‚¹ãƒˆã€‚ + \param [in] count groups内ã®éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ã®æ•°ã€‚ + + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒnullã®å ´åˆã€ã‚°ãƒ«ãƒ¼ãƒ—æ•°ãŒWOLFSSL_MAX_GROUP_COUNTã‚’è¶…ãˆã‚‹å ´åˆã€è­˜åˆ¥å­ã®ã„ãšã‚Œã‹ãŒèªè­˜ã•れãªã„å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10358,9 +12201,10 @@ ... ret = wolfSSL_set_groups(ssl, groups, count); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_set_groups \sa wolfSSL_UseKeyShare \sa wolfSSL_CTX_set_groups @@ -10373,22 +12217,12 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ã‚µãƒ¼ãƒãƒ¼ã¨ã®TLS v1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€ä¸‹å±¤ã®é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚ - wolfSSL_connect()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロックI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 下層I/OãŒãƒŽãƒ³ãƒ–ロッキングã®å ´åˆã€wolfSSL_connect()ã¯ã€ä¸‹å±¤I/OãŒwolfssl_connectã®è¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã¸ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚ - 通話プロセスã¯ã€ä¸‹å±¤I/OãŒREADYãŠã‚ˆã³WOLFSSLãŒåœæ­¢ã—ãŸã¨ãã«wolfssl_connect()ã¸ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã¯ã€ä½•も実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚ - 基礎ã¨ãªã‚‹å…¥å‡ºåŠ›ãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€wolfssl_connect()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒçµ‚了ã—ãŸã‚‰ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰ã®ã¿æˆ»ã‚Šã¾ã™ã€‚ - WolfSSLã¯OpenSSLよりも証明書検証ã«ç•°ãªã‚‹ã‚¢ãƒ—ローãƒã‚’å–りã¾ã™ã€‚ - クライアントã®ãƒ‡ãƒ•ォルトãƒãƒªã‚·ãƒ¼ã¯ã‚µãƒ¼ãƒãƒ¼ã‚’確èªã™ã‚‹ã“ã¨ã§ã™ã€‚ - ã“れã¯ã€CASを読ã¿è¾¼ã¾ãªã„å ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã‚’確èªã™ã‚‹ã“ã¨ãŒã§ãã€ç¢ºèªã§ãã¾ã›ã‚“(-155)。 - SSL_CONNECTã‚’æŒã¤ã“ã¨ã®OpenSSLã®å‹•ä½œãŒæˆåŠŸã—ãŸå ´åˆã¯ã€ã‚µãƒ¼ãƒãƒ¼ã‚’検証ã—ã¦ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã‚’抑ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - SSL_CTX_SET_VERIFY(CTXã€SSL_VERIFY_NONEã€0)。 - ssl_new()を呼ã³å‡ºã™å‰ã«ã€‚ãŠå‹§ã‚ã§ãã¾ã›ã‚“ãŒã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れã€ã‚µãƒ¼ãƒã¨ã®TLS v1.3ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ãã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚wolfSSL_connect()ã¯ãƒ–ロッキングI/Oã¨éžãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒéžãƒ–ロッキングã®å ´åˆã€åŸºç¤Žã¨ãªã‚‹I/OãŒwolfSSL_connect()ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’続行ã™ã‚‹ãŸã‚ã«å¿…è¦ãªã‚‚ã®ã‚’満ãŸã›ãªã„å ´åˆã€wolfSSL_connect()ã¯è¿”ã•れã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€åŸºç¤Žã¨ãªã‚‹I/Oã®æº–å‚™ãŒã§ããŸã¨ãã«wolfSSL_connect()ã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã€wolfSSLã¯ä¸­æ–­ã—ãŸã¨ã“ã‚ã‹ã‚‰å†é–‹ã—ã¾ã™ã€‚éžãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ä½•ã‚‚ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒãƒ–ロッキングI/Oã®å ´åˆã€wolfSSL_connect()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§è¿”ã•れã¾ã›ã‚“。wolfSSLã¯è¨¼æ˜Žæ›¸æ¤œè¨¼ã«OpenSSLã¨ã¯ç•°ãªã‚‹ã‚¢ãƒ—ローãƒã‚’å–りã¾ã™ã€‚クライアントã®ãƒ‡ãƒ•ォルトãƒãƒªã‚·ãƒ¼ã¯ã‚µãƒ¼ãƒã‚’検証ã™ã‚‹ã“ã¨ã§ã™ã€‚ã¤ã¾ã‚Šã€ã‚µãƒ¼ãƒã‚’検証ã™ã‚‹ãŸã‚ã®CAをロードã—ãªã„å ´åˆã€æŽ¥ç¶šã‚¨ãƒ©ãƒ¼ã€Œæ¤œè¨¼ã§ãã¾ã›ã‚“(-155)ã€ãŒç™ºç”Ÿã—ã¾ã™ã€‚サーãƒã®æ¤œè¨¼ãŒå¤±æ•—ã—ã¦ã‚‚SSL_connectãŒæˆåŠŸã™ã‚‹ã¨ã„ã†OpenSSLã®å‹•作を模倣ã—ã€ã‚»ã‚­ãƒ¥ãƒªãƒ†ã‚£ã‚’低下ã•ã›ãŸã„å ´åˆã¯ã€SSL_new()を呼ã³å‡ºã™å‰ã«SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0)を呼ã³å‡ºã™ã“ã¨ã§ã“れを行ã†ã“ã¨ãŒã§ãã¾ã™ã€‚ãŸã ã—ã€ã“ã‚Œã¯æŽ¨å¥¨ã•れã¾ã›ã‚“。 + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ @@ -10402,9 +12236,10 @@ ret = wolfSSL_connect_TLSv13(ssl); if (ret != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_get_error \sa wolfSSL_connect \sa wolfSSL_accept_TLSv13 @@ -10414,18 +12249,12 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れã€SSL/TLSクライアントãŒSSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã™ã‚‹ã®ã‚’å¾…ã¡ã†ã‘ã¾ã™ã€‚ - ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€ä¸‹å±¤ã®é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚ - wolfSSL_accept()ã¯ã€ãƒ–ロックã¨ãƒŽãƒ³ãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚ - 下層ã®å…¥å‡ºåŠ›ãŒãƒŽãƒ³ãƒ–ロッキングã§ã‚ã‚‹å ´åˆã€wolfSSL_accept()ã¯ã€ä¸‹å±¤ã®I/OãŒwolfSSL_acceptã®è¦æ±‚を満ãŸã™ã“ã¨ãŒã§ããªã‹ã£ãŸã¨ãã«æˆ»ã‚Šã¾ã™ã€‚ - ã“ã®å ´åˆã€wolfSSL_get_error()ã¸ã®å‘¼ã³å‡ºã—ã¯SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ã‚’生æˆã—ã¾ã™ã€‚ - 通話プロセスã¯ã€èª­ã¿å–りå¯èƒ½ãªãƒ‡ãƒ¼ã‚¿ãŒä½¿ç”¨å¯èƒ½ã§ã‚りã€wolfsslãŒåœæ­¢ã—ãŸå ´æ‰€ã‚’拾ã†ã¨ãã«ã€wolfssl_acceptã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - ノンブロッキングソケットを使用ã™ã‚‹å ´åˆã¯ã€ä½•も実行ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚ - 下層ã®I/OãŒãƒ–ロックã•れã¦ã„ã‚‹å ´åˆã€wolfssl_accept()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒçµ‚了ã—ãŸã‚‰ã€ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸã‚‰æˆ»ã‚Šã¾ã™ã€‚ - å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ClientHelloメッセージãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ãŒã€TLS v1.3接続を期待ã™ã‚‹ã¨ãã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚ - \return SSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¾ã™ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒå´ã§å‘¼ã³å‡ºã•れã€SSL/TLSクライアントãŒSSL/TLSãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’é–‹å§‹ã™ã‚‹ã®ã‚’å¾…ã¡ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ãã€åŸºç¤Žã¨ãªã‚‹é€šä¿¡ãƒãƒ£ãƒãƒ«ã¯ã™ã§ã«è¨­å®šã•れã¦ã„ã¾ã™ã€‚wolfSSL_accept()ã¯ãƒ–ロッキングI/Oã¨éžãƒ–ロッキングI/Oã®ä¸¡æ–¹ã§å‹•作ã—ã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒéžãƒ–ロッキングã®å ´åˆã€åŸºç¤Žã¨ãªã‚‹I/OãŒwolfSSL_accept()ãŒãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’続行ã™ã‚‹ãŸã‚ã«å¿…è¦ãªã‚‚ã®ã‚’満ãŸã›ãªã„å ´åˆã€wolfSSL_accept()ã¯è¿”ã•れã¾ã™ã€‚ã“ã®å ´åˆã€wolfSSL_get_error()を呼ã³å‡ºã™ã¨SSL_ERROR_WANT_READã¾ãŸã¯SSL_ERROR_WANT_WRITEã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™ã€‚呼ã³å‡ºã—å´ãƒ—ロセスã¯ã€ãƒ‡ãƒ¼ã‚¿ãŒèª­ã¿å–りå¯èƒ½ã«ãªã£ãŸã¨ãã«wolfSSL_acceptã®å‘¼ã³å‡ºã—を繰り返ã™å¿…è¦ãŒã‚りã€wolfSSLã¯ä¸­æ–­ã—ãŸã¨ã“ã‚ã‹ã‚‰å†é–‹ã—ã¾ã™ã€‚éžãƒ–ロッキングソケットを使用ã™ã‚‹å ´åˆã€ä½•ã‚‚ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“ãŒã€select()を使用ã—ã¦å¿…è¦ãªæ¡ä»¶ã‚’確èªã§ãã¾ã™ã€‚基礎ã¨ãªã‚‹I/OãŒãƒ–ロッキングI/Oã®å ´åˆã€wolfSSL_accept()ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãŒå®Œäº†ã™ã‚‹ã‹ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã™ã‚‹ã¾ã§è¿”ã•れã¾ã›ã‚“。TLS v1.3接続を期待ã™ã‚‹å ´åˆã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。ãŸã ã—ã€å¤ã„ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã®ClientHelloメッセージもサãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ + + \return SSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return SSL_FATAL_ERROR エラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚より詳細ãªã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã‚’å–å¾—ã™ã‚‹ã«ã¯ã€wolfSSL_get_error()を呼ã³å‡ºã—ã¦ãã ã•ã„。 + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ _Example_ @@ -10439,9 +12268,10 @@ ret = wolfSSL_accept_TLSv13(ssl); if (ret != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_get_error \sa wolfSSL_connect_TLSv13 \sa wolfSSL_connect @@ -10452,16 +12282,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSLコンテキストを使用ã—ã¦TLS V1.3サーãƒãƒ¼ã«ã‚ˆã£ã¦å—ã‘å…¥ã‚Œã‚‰ã‚Œã‚‹ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§é‡ã‚’設定ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€å†ç”Ÿæ”»æ’ƒã‚’軽減ã™ã‚‹ãŸã‚ã®ãƒ—ロセスã¸ã®ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®é‡ã‚’制é™ã—ã¾ã™ã€‚ - åˆæœŸã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•れãŸã“ã¨ã€ã—ãŸãŒã£ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒå†é–‹ã•れるãŸã³ã«åŒã˜æŽ¥ç¶šã®éµã‹ã‚‰æ´¾ç”Ÿã—ãŸéµã«ã‚ˆã£ã¦ä¿è­·ã•れã¾ã™ã€‚ - 値ã¯å†é–‹ã®ãŸã‚ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã«å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - ゼロã®å€¤ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã—ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ - アーリーデータãƒã‚¤ãƒˆæ•°ã‚’アプリケーションã§å®Ÿéš›ã«ã¯å¯èƒ½ãªé™ã‚Šä½Žãä¿ã¤ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] sz ãƒã‚¤ãƒˆå˜ä½ã§å—ã‘入れるアーリーデータã®ã‚µã‚¤ã‚ºã€‚ - \return BAD_FUNC_ARG CTXãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒãŒwolfSSLコンテキストを使用ã—ã¦äº¤æ›ã™ã‚‹æ„æ€ã®ã‚ã‚‹æ—©æœŸãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§é‡ã‚’設定ã—ã¾ã™ã€‚リプレイ攻撃を軽減ã™ã‚‹ãŸã‚ã«å‡¦ç†ã™ã‚‹æ—©æœŸãƒ‡ãƒ¼ã‚¿ã®é‡ã‚’制é™ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。早期データã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•ã‚ŒãŸæŽ¥ç¶šã®éµã‹ã‚‰æ´¾ç”Ÿã—ãŸéµã«ã‚ˆã£ã¦ä¿è­·ã•れるãŸã‚ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒå†é–‹ã«ä½¿ç”¨ã•れるãŸã³ã«åŒã˜ã«ãªã‚Šã¾ã™ã€‚ã“ã®å€¤ã¯å†é–‹ç”¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã«å«ã¾ã‚Œã¾ã™ã€‚サーãƒã®å€¤ãŒã‚¼ãƒ­ã®å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã—ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ãªã„ã“ã¨ã‚’示ã—ã¾ã™ã€‚クライアントã®å€¤ãŒã‚¼ãƒ­ã®å ´åˆã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ãªã„ã“ã¨ã‚’示ã—ã¾ã™ã€‚早期データã®ãƒã‚¤ãƒˆæ•°ã¯ã€ã‚¢ãƒ—リケーションã§å®Ÿç”¨çš„ã«å¯èƒ½ãªé™ã‚Šä½Žãä¿ã¤ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] sz å—ã‘入れる早期データã®é‡(ãƒã‚¤ãƒˆå˜ä½)。 + + \return BAD_FUNC_ARG ctxãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return 0 æˆåŠŸæ™‚ã€‚ _Example_ \code @@ -10470,9 +12298,10 @@ ... ret = wolfSSL_CTX_set_max_early_data(ctx, 128); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_set_max_early_data \sa wolfSSL_write_early_data \sa wolfSSL_read_early_data @@ -10482,27 +12311,24 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSLコンテキストを使用ã—ã¦TLS V1.3サーãƒãƒ¼ã«ã‚ˆã£ã¦å—ã‘å…¥ã‚Œã‚‰ã‚Œã‚‹ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§é‡ã‚’設定ã—ã¾ã™ã€‚ - ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€å†ç”Ÿæ”»æ’ƒã‚’軽減ã™ã‚‹ãŸã‚プロセスã¸ã®ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®é‡ã‚’制é™ã—ã¾ã™ã€‚ - åˆæœŸã®ãƒ‡ãƒ¼ã‚¿ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•れãŸã“ã¨ã€ã—ãŸãŒã£ã¦ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒå†é–‹ã•れるãŸã³ã«åŒã˜æŽ¥ç¶šã®éµã‹ã‚‰æ´¾ç”Ÿã—ãŸéµã«ã‚ˆã£ã¦ä¿è­·ã•れã¾ã™ã€‚ - 値ã¯å†é–‹ã®ãŸã‚ã«ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã«å«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ - ゼロã®å€¤ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã—ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«ã‚ˆã£ã¦ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã™ã‚‹ã“ã¨ã‚’示ã—ã¾ã™ã€‚ - アーリーデータãƒã‚¤ãƒˆæ•°ã‚’アプリケーションã§å®Ÿéš›ã«ã¯å¯èƒ½ãªé™ã‚Šä½Žãä¿ã¤ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] SZクライアントã‹ã‚‰ãƒã‚¤ãƒˆå˜ä½ã§å—ã‘入れるアーリーデータã®ã‚µã‚¤ã‚ºã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - _Example_ + \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3クライアントã¾ãŸã¯ã‚µãƒ¼ãƒãŒäº¤æ›ã™ã‚‹æ„æ€ã®ã‚ã‚‹æ—©æœŸãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§é‡ã‚’設定ã—ã¾ã™ã€‚リプレイ攻撃を軽減ã™ã‚‹ãŸã‚ã«å‡¦ç†ã™ã‚‹æ—©æœŸãƒ‡ãƒ¼ã‚¿ã®é‡ã‚’制é™ã™ã‚‹ã«ã¯ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。早期データã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒé€ä¿¡ã•ã‚ŒãŸæŽ¥ç¶šã®éµã‹ã‚‰æ´¾ç”Ÿã—ãŸéµã«ã‚ˆã£ã¦ä¿è­·ã•れるãŸã‚ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆãŒå†é–‹ã«ä½¿ç”¨ã•れるãŸã³ã«åŒã˜ã«ãªã‚Šã¾ã™ã€‚ã“ã®å€¤ã¯å†é–‹ç”¨ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã«å«ã¾ã‚Œã¾ã™ã€‚サーãƒã®å€¤ãŒã‚¼ãƒ­ã®å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒã‚±ãƒƒãƒˆã‚’使用ã—ã¦ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ãªã„ã“ã¨ã‚’示ã—ã¾ã™ã€‚クライアントã®å€¤ãŒã‚¼ãƒ­ã®å ´åˆã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ãªã„ã“ã¨ã‚’示ã—ã¾ã™ã€‚早期データã®ãƒã‚¤ãƒˆæ•°ã¯ã€ã‚¢ãƒ—リケーションã§å®Ÿç”¨çš„ã«å¯èƒ½ãªé™ã‚Šä½Žãä¿ã¤ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] sz クライアントã‹ã‚‰å—ã‘入れる早期データã®é‡(ãƒã‚¤ãƒˆå˜ä½)。 + + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€ã¾ãŸã¯TLS v1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return 0 æˆåŠŸæ™‚ã€‚ _Example_ \code int ret; WOLFSSL* ssl; ... ret = wolfSSL_set_max_early_data(ssl, 128); if (ret != WOLFSSL_SUCCESS) { - // failed to set group list + // グループリストã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_CTX_set_max_early_data \sa wolfSSL_write_early_data \sa wolfSSL_read_early_data @@ -10511,17 +12337,18 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å†é–‹æ™‚ã«ã‚µãƒ¼ãƒãƒ¼ã«ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚ - wolfSSL_connect()ã¾ãŸã¯wolfSSL_connect_tlsv13()ã®ä»£ã‚りã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€ã‚µãƒ¼ãƒãƒ¼ã«æŽ¥ç¶šã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ãƒ‡ãƒ¼ã‚¿ã‚’é€ã‚Šã¾ã™ã€‚ - ã“ã®æ©Ÿèƒ½ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚szã¯0未満ã¾ãŸã¯TLSV1.3を使用ã—ãªã„å ´åˆã«ã‚‚è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_FATAL_ERROR 接続ãŒè¡Œã‚れã¦ã„ãªã„å ´åˆã«è¿”ã•れã¾ã™ã€‚ - - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] data ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã—ã¦ã„ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] sz 書ã込むアーリーデータã®ã‚µã‚¤ã‚º - \param [out] outSz 書ã込んã ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯å†é–‹æ™‚ã«ã‚µãƒ¼ãƒãƒ¼ã«ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’書ãè¾¼ã¿ã¾ã™ã€‚wolfSSL_connect()ã¾ãŸã¯wolfSSL_connect_TLSv13()ã®å‰ã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ãã ã•ã„。ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] data サーãƒãƒ¼ã«æ›¸ãè¾¼ã‚€ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in] sz 書ã込むアーリーデータã®é‡(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] outSz 書ãè¾¼ã¾ã‚ŒãŸã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®é‡(ãƒã‚¤ãƒˆå˜ä½)。 + + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã€szãŒ0未満ã€ã¾ãŸã¯TLSv1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return WOLFSSL_FATAL_ERROR 接続ãŒç¢ºç«‹ã•れãªã‹ã£ãŸå ´åˆã€‚ + \return æˆåŠŸã—ãŸå ´åˆã€æ›¸ãè¾¼ã¾ã‚ŒãŸã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°ã€‚ _Example_ \code @@ -10534,20 +12361,21 @@ ... ret = wolfSSL_write_early_data(ssl, earlyData, sizeof(earlyData), &outSz); - if (ret != WOLFSSL_SUCCESS) { + if (ret < 0) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); goto err_label; } if (outSz < sizeof(earlyData)) { - // not all early data was sent + // ã™ã¹ã¦ã®ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ãŒé€ä¿¡ã•れã¾ã›ã‚“ã§ã—㟠} ret = wolfSSL_connect_TLSv13(ssl); if (ret != SSL_SUCCESS) { err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); } \endcode + \sa wolfSSL_read_early_data \sa wolfSSL_connect \sa wolfSSL_connect_TLSv13 @@ -10557,14 +12385,18 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€å†é–‹æ™‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰ã®æ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–りã¾ã™ã€‚wolfssl_accept()ã¾ãŸã¯wolfssl_accept_tlsv13()ã®ä»£ã‚りã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¦ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‚’å—ã‘入れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å†…ã®æ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–りã¾ã™ã€‚ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚ˆã‚Šã‚‚早期データãŒãªã„å ´åˆã¯ã€é€šå¸¸ã¨ã—ã¦å‡¦ç†ã•れã¾ã™ã€‚ã“ã®æ©Ÿèƒ½ã¯ã‚µãƒ¼ãƒãƒ¼ã§ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [out] データã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰èª­ã¿è¾¼ã¾ã‚ŒãŸæ—©æœŸãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ァ。 - \param [in] ãƒãƒƒãƒ•ã‚¡ã®SZサイズãƒã‚¤ãƒˆæ•°ã€‚ - \param [out] OUTSZåˆæœŸãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°ã€‚ - \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã®å ´åˆã€SZã¯0未満ã¾ãŸã¯TLSV1.3を使用ã—ãªã„。 - \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ - \return WOLFSSL_FATAL_ERROR 接続をå—ã‘入れるã¨å¤±æ•—ã—ãŸå ´åˆ + + \brief ã“ã®é–¢æ•°ã¯å†é–‹æ™‚ã«ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰ã®ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–りã¾ã™ã€‚クライアントをå—ã‘入れã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’読ã¿å–ã‚‹ã«ã¯ã€wolfSSL_accept()ã¾ãŸã¯wolfSSL_accept_TLSv13()ã®ä»£ã‚りã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚wolfSSL_is_init_finished()ãŒtrueã‚’è¿”ã™ã¾ã§é–¢æ•°ã‚’呼ã³å‡ºã™å¿…è¦ãŒã‚りã¾ã™ã€‚アーリーデータã¯è¤‡æ•°ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰é€ä¿¡ã•れる場åˆãŒã‚りã¾ã™ã€‚アーリーデータãŒãªã„å ´åˆã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã¯é€šå¸¸é€šã‚Šå‡¦ç†ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼ã§ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [out] data クライアントã‹ã‚‰èª­ã¿å–ã£ãŸã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param [in] sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] outSz 読ã¿å–ã£ãŸã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°ã€‚ + + \return BAD_FUNC_ARG ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã€szãŒ0未満ã€ã¾ãŸã¯TLSv1.3を使用ã—ã¦ã„ãªã„å ´åˆã€‚ + \return SIDE_ERROR クライアントã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return WOLFSSL_FATAL_ERROR 接続ã®å—ã‘入れãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + \return 読ã¿å–ã£ãŸã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°(ゼロã®å ´åˆã‚‚ã‚りã¾ã™)。 _Example_ \code @@ -10576,20 +12408,18 @@ char buffer[80]; ... - ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz); - if (ret != SSL_SUCCESS) { - err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); - } - if (outSz > 0) { - // early data available - } - ret = wolfSSL_accept_TLSv13(ssl); - if (ret != SSL_SUCCESS) { - err = wolfSSL_get_error(ssl, ret); - printf(“error = %d, %s\nâ€, err, wolfSSL_ERR_error_string(err, buffer)); - } + do { + ret = wolfSSL_read_early_data(ssl, earlyData, sizeof(earlyData), &outSz); + if (ret < 0) { + err = wolfSSL_get_error(ssl, ret); + printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buffer)); + } + if (outSz > 0) { + // アーリーデータãŒåˆ©ç”¨å¯èƒ½ + } + } while (!wolfSSL_is_init_finished(ssl)); \endcode + \sa wolfSSL_write_early_data \sa wolfSSL_accept \sa wolfSSL_accept_TLSv13 @@ -10598,9 +12428,41 @@ int* outSz); /*! + \ingroup IO + + \brief ã“ã®é–¢æ•°ã¯WOLFSSLオブジェクトã«ãƒ‡ãƒ¼ã‚¿ã‚’注入ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã¯ã€ãƒ‡ãƒ¼ã‚¿ã‚’å˜ä¸€ã®å ´æ‰€ã‹ã‚‰èª­ã¿å–りã€è¤‡æ•°ã®æŽ¥ç¶šã«åˆ†å‰²ã™ã‚‹å¿…è¦ãŒã‚ã‚‹å ´åˆã«ä¾¿åˆ©ã§ã™ã€‚呼ã³å‡ºã—å…ƒã¯wolfSSL_read()を呼ã³å‡ºã—ã¦WOLFSSLオブジェクトã‹ã‚‰å¹³æ–‡ãƒ‡ãƒ¼ã‚¿ã‚’抽出ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \param [in] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] data sslã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã«æ³¨å…¥ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã€‚ + \param [in] sz 注入ã™ã‚‹ãƒ‡ãƒ¼ã‚¿ã®ãƒã‚¤ãƒˆæ•°ã€‚ + + \return BAD_FUNC_ARG ã„ãšã‚Œã‹ã®ãƒã‚¤ãƒ³ã‚¿ãƒ‘ラメータãŒNULLã¾ãŸã¯sz <= 0ã®å ´åˆã€‚ + \return APP_DATA_READY 読ã¿å–ã‚‹ã¹ãã‚¢ãƒ—ãƒªã‚±ãƒ¼ã‚·ãƒ§ãƒ³ãƒ‡ãƒ¼ã‚¿ãŒæ®‹ã£ã¦ã„ã‚‹å ´åˆã€‚ + \return MEMORY_E 割り当ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + + _Example_ + \code + byte buf[2000] + sz = recv(fd, buf, sizeof(buf), 0); + if (sz <= 0) + // エラー + if (wolfSSL_inject(ssl, buf, sz) != WOLFSSL_SUCCESS) + // エラー + sz = wolfSSL_read(ssl, buf, sizeof(buf); + \endcode + + \sa wolfSSL_read +*/ +int wolfSSL_inject(WOLFSSL* ssl, const void* data, int sz); + +/*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3接続ã®ãƒ—レシェアéµï¼ˆPSK)クライアントå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを見ã¤ã‘ã€ãã®ã‚­ãƒ¼ã¨ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®client_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯TLS v1.3接続ã®ãŸã‚ã®äº‹å‰å…±æœ‰éµ(PSK)クライアントå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを検索ã—ã€ãã®éµã¨ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯WOLFSSL_CTX構造体ã®client_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] cb TLS 1.3クライアント用ã®äº‹å‰å…±æœ‰éµ(PSK)コールãƒãƒƒã‚¯ã€‚ _Example_ \code @@ -10608,6 +12470,7 @@ ... wolfSSL_CTX_set_psk_client_tls13_callback(ctx, my_psk_client_tls13_cb); \endcode + \sa wolfSSL_set_psk_client_tls13_callback \sa wolfSSL_CTX_set_psk_server_tls13_callback \sa wolfSSL_set_psk_server_tls13_callback @@ -10617,8 +12480,11 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3接続ã®ãƒ—レシェアキー(PSK)クライアントå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを見ã¤ã‘ã€ãã®ã‚­ãƒ¼ã¨ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfssl構造体ã®Optionsフィールドã®client_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯TLS v1.3接続ã®ãŸã‚ã®äº‹å‰å…±æœ‰éµ(PSK)クライアントå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを検索ã—ã€ãã®éµã¨ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®optionsフィールドã®client_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] cb TLS 1.3クライアント用ã®äº‹å‰å…±æœ‰éµ(PSK)コールãƒãƒƒã‚¯ã€‚ _Example_ \code @@ -10626,6 +12492,7 @@ ... wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb); \endcode + \sa wolfSSL_CTX_set_psk_client_tls13_callback \sa wolfSSL_CTX_set_psk_server_tls13_callback \sa wolfSSL_set_psk_server_tls13_callback @@ -10635,8 +12502,11 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3接続用ã®äº‹å‰å…±æœ‰éµï¼ˆPSK)サーãƒå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを見ã¤ã‘ã€ãã®ã‚­ãƒ¼ã¨ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfssl_ctx構造体ã®server_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯TLS v1.3接続ã®ãŸã‚ã®äº‹å‰å…±æœ‰éµ(PSK)サーãƒãƒ¼å´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを検索ã—ã€ãã®éµã¨ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯WOLFSSL_CTX構造体ã®server_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ + + \param [in,out] ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸWOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] cb TLS 1.3サーãƒãƒ¼ç”¨ã®äº‹å‰å…±æœ‰éµ(PSK)コールãƒãƒƒã‚¯ã€‚ _Example_ \code @@ -10644,6 +12514,7 @@ ... wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_client_tls13_cb); \endcode + \sa wolfSSL_CTX_set_psk_client_tls13_callback \sa wolfSSL_set_psk_client_tls13_callback \sa wolfSSL_set_psk_server_tls13_callback @@ -10653,8 +12524,11 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€TLS v1.3接続用ã®äº‹å‰å…±æœ‰éµï¼ˆPSK)サーãƒå´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを見ã¤ã‘ã€ãã®ã‚­ãƒ¼ã¨ã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfssl構造体ã®ã‚ªãƒ—ションフィールドã®server_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯TLS v1.3接続ã®ãŸã‚ã®äº‹å‰å…±æœ‰éµ(PSK)サーãƒãƒ¼å´ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚コールãƒãƒƒã‚¯ã¯PSKアイデンティティを検索ã—ã€ãã®éµã¨ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§ä½¿ç”¨ã™ã‚‹æš—å·ã®åå‰ã‚’è¿”ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®optionsフィールドã®server_psk_tls13_cbメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ + + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] cb TLS 1.3サーãƒãƒ¼ç”¨ã®äº‹å‰å…±æœ‰éµ(PSK)コールãƒãƒƒã‚¯ã€‚ _Example_ \code @@ -10662,6 +12536,7 @@ ... wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb); \endcode + \sa wolfSSL_CTX_set_psk_client_tls13_callback \sa wolfSSL_set_psk_client_tls13_callback \sa wolfSSL_CTX_set_psk_server_tls13_callback @@ -10671,11 +12546,15 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚­ãƒ¼ãƒšã‚¢ã®ç”Ÿæˆã‚’å«ã‚€ã‚°ãƒ«ãƒ¼ãƒ—ã‹ã‚‰ã‚­ãƒ¼ã‚·ã‚§ã‚¢ã‚¨ãƒ³ãƒˆãƒªã‚’作æˆã—ã¾ã™ã€‚Keyshareエクステンションã«ã¯ã€éµäº¤æ›ã®ãŸã‚ã®ç”Ÿæˆã•れãŸã™ã¹ã¦ã®å…¬é–‹éµãŒå«ã¾ã‚Œã¦ã„ã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€æŒ‡å®šã•れãŸã‚°ãƒ«ãƒ¼ãƒ—ã®ã¿ãŒå«ã¾ã‚Œã¾ã™ã€‚優先グループãŒã‚µãƒ¼ãƒãƒ¼ã«å¯¾ã—ã¦ä»¥å‰ã«ç¢ºç«‹ã•れã¦ã„ã‚‹ã¨ãã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯éµãƒšã‚¢ã®ç”Ÿæˆã‚’å«ã‚€ã€ã‚°ãƒ«ãƒ¼ãƒ—ã‹ã‚‰éµå…±æœ‰ã‚¨ãƒ³ãƒˆãƒªã‚’作æˆã—ã¾ã™ã€‚KeyShareæ‹¡å¼µã«ã¯éµäº¤æ›ç”¨ã«ç”Ÿæˆã•れãŸã™ã¹ã¦ã®å…¬é–‹éµãŒå«ã¾ã‚Œã¾ã™ã€‚ã“ã®é–¢æ•°ãŒå‘¼ã³å‡ºã•れるã¨ã€æŒ‡å®šã•れãŸã‚°ãƒ«ãƒ¼ãƒ—ã®ã¿ãŒå«ã¾ã‚Œã¾ã™ã€‚サーãƒãƒ¼ã«å¯¾ã—ã¦å„ªå…ˆã‚°ãƒ«ãƒ¼ãƒ—ãŒä»¥å‰ã«ç¢ºç«‹ã•れã¦ã„ã‚‹å ´åˆã«ã€ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚ + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param [in] キー交æ›ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã‚’グループ化ã—ã¾ã™ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E 動的メモリ割り当ã¦ã«å¤±æ•—ã™ã‚‹ã¨è¿”ã•れã¾ã™ã€‚ + \param [in] group éµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—識別å­ã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + \return MEMORY_E 動的メモリ割り当ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10684,9 +12563,10 @@ ... ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519); if (ret != WOLFSSL_SUCCESS) { - // failed to set key share + // éµå…±æœ‰ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_preferred_group \sa wolfSSL_CTX_set1_groups_list \sa wolfSSL_set1_groups_list @@ -10698,10 +12578,14 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ClientHelloã§éµå…±æœ‰ãŒé€ä¿¡ã•れãªã„よã†ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã«éµäº¤æ›ãŒå¿…è¦ãªå ´åˆã¯ã€ã‚µãƒ¼ãƒãƒ¼ãŒHelloretryRequestã§å¿œç­”ã™ã‚‹ã‚ˆã†ã«å¼·åˆ¶ã—ã¾ã™ã€‚予想ã•れるéµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ãŒçŸ¥ã‚‰ã‚Œã¦ãŠã‚‰ãšã€ã‚­ãƒ¼ã®ç”Ÿæˆã‚’ä¸å¿…è¦ã«å›žé¿ã™ã‚‹ã¨ãã«ã“ã®æ©Ÿèƒ½ã‚’呼ã³å‡ºã—ã¾ã™ã€‚éµäº¤æ›ãŒå¿…è¦ãªã¨ãã«ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’完了ã™ã‚‹ãŸã‚ã«è¿½åŠ ã®å¾€å¾©ãŒå¿…è¦ã«ãªã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 + + \brief ã“ã®é–¢æ•°ã¯ClientHelloã§éµå…±æœ‰ãŒé€ä¿¡ã•れãªã„よã†ã«ã™ã‚‹ãŸã‚ã«å‘¼ã³å‡ºã•れã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã§éµäº¤æ›ãŒå¿…è¦ãªå ´åˆã€ã‚µãƒ¼ãƒãƒ¼ã¯HelloRetryRequestã§å¿œç­”ã™ã‚‹ã“ã¨ã«ãªã‚Šã¾ã™ã€‚期待ã•れるéµäº¤æ›ã‚°ãƒ«ãƒ¼ãƒ—ãŒä¸æ˜Žã§ã€ä¸è¦ãªéµã®ç”Ÿæˆã‚’é¿ã‘ãŸã„å ´åˆã«ã“ã®é–¢æ•°ã‚’呼ã³å‡ºã—ã¾ã™ã€‚éµäº¤æ›ãŒå¿…è¦ãªå ´åˆã€ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ã‚’完了ã™ã‚‹ãŸã‚ã«è¿½åŠ ã®ãƒ©ã‚¦ãƒ³ãƒ‰ãƒˆãƒªãƒƒãƒ—ãŒå¿…è¦ã«ãªã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。 + \param [in,out] ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ - \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + \return SIDE_ERROR サーãƒãƒ¼ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸã—ãŸå ´åˆã€‚ _Example_ \code @@ -10710,18 +12594,23 @@ ... ret = wolfSSL_NoKeyShares(ssl); if (ret != WOLFSSL_SUCCESS) { - // failed to set no key shares + // éµå…±æœ‰ãªã—ã®è¨­å®šã«å¤±æ•—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_UseKeyShare */ int wolfSSL_NoKeyShares(WOLFSSL* ssl); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \param [in] ヒープé™çš„メモリ割り当ã¦ä¸­ã«é™çš„メモリ割り当ã¦å™¨ãŒä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’使用ã—ã¾ã™ã€‚ - \return æ–°ã—ã作æˆã•れãŸwWOLFSSL_METHOS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚りã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \param [in] heap é™çš„メモリアロケータãŒå‹•çš„ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦æ™‚ã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCã®å‘¼ã³å‡ºã—時ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 _Example_ \code @@ -10732,12 +12621,13 @@ method = wolfTLSv1_3_server_method_ex(NULL); if (method == NULL) { - // unable to get method + // メソッドã®å–å¾—ãŒã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method @@ -10751,25 +12641,28 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \param [in] ヒープé™çš„メモリ割り当ã¦ä¸­ã«é™çš„メモリ割り当ã¦å™¨ãŒä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’使用ã—ã¾ã™ã€‚ - \return æ–°ã—ã作æˆã•れãŸwWOLFSSL_METHOS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \param [in] heap é™çš„メモリアロケータãŒå‹•çš„ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦æ™‚ã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOCã®å‘¼ã³å‡ºã—時ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã¯NULLã§ã€errnoãŒENOMEMã«è¨­å®šã•れã¾ã™)。 _Example_ \code #include WOLFSSL_METHOD* method; - WOLFSSL_CTX* ctx; - - method = wolfTLSv1_3_client_method_ex(NULL); + WOLFSSL_CTX* ctx; method = wolfTLSv1_3_client_method_ex(NULL); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method @@ -10783,8 +12676,11 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æ–°ã—ã作æˆã•れãŸwWOLFSSL_METHOS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚µãƒ¼ãƒãƒ¼ã§ã‚りã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体用ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOC呼ã³å‡ºã—時ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã€errnoãŒENOMEMã«è¨­å®šã•れãŸNULL)。 _Example_ \code @@ -10795,12 +12691,13 @@ method = wolfTLSv1_3_server_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_server_method \sa wolfTLSv1_server_method \sa wolfTLSv1_1_server_method @@ -10814,8 +12711,11 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()を使用ã—ã¦SSL / TLSコンテキストを作æˆã™ã‚‹ã¨ãã«ä½¿ç”¨ã•れる新ã—ã„Wolfssl_method構造体ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã¦åˆæœŸåŒ–ã—ã¾ã™ã€‚ - \return æ–°ã—ã作æˆã•れãŸwWOLFSSL_METHOS構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¢ãƒ—リケーションãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã§ã‚りã€TLS 1.3プロトコルã®ã¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹ã“ã¨ã‚’示ã™ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wolfSSL_CTX_new()ã§SSL/TLSコンテキストを作æˆã™ã‚‹éš›ã«ä½¿ç”¨ã•れる新ã—ã„wolfSSL_METHOD構造体用ã®ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã€åˆæœŸåŒ–ã—ã¾ã™ã€‚ + + \return æˆåŠŸã—ãŸå ´åˆã€å‘¼ã³å‡ºã—ã¯æ–°ã—ã作æˆã•れãŸWOLFSSL_METHOD構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return FAIL XMALLOC呼ã³å‡ºã—時ã«ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ãŒå¤±æ•—ã—ãŸå ´åˆã€åŸºç¤Žã¨ãªã‚‹malloc()実装ã®å¤±æ•—値ãŒè¿”ã•れã¾ã™(通常ã€errnoãŒENOMEMã«è¨­å®šã•れãŸNULL)。 _Example_ \code @@ -10826,12 +12726,13 @@ method = wolfTLSv1_3_client_method(); if (method == NULL) { - // unable to get method + // メソッドをå–å¾—ã§ãã¾ã›ã‚“ } ctx = wolfSSL_CTX_new(method); ... \endcode + \sa wolfSSLv3_client_method \sa wolfTLSv1_client_method \sa wolfTLSv1_1_client_method @@ -10845,16 +12746,21 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã¾ã ã©ã¡ã‚‰ã®å´ï¼ˆã‚µãƒ¼ãƒ/クライアント)を決定ã—ã¦ã„ãªã„ã“ã¨ã‚’除ã„ã¦ã€Wolftlsv1_3_client_methodã¨åŒæ§˜ã®wolfssl_methodã‚’è¿”ã—ã¾ã™ã€‚ - \param [in] ヒープé™çš„メモリ割り当ã¦ä¸­ã«é™çš„メモリ割り当ã¦å™¨ãŒä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’使用ã—ã¾ã™ã€‚ - \return WOLFSSL_METHOD æˆåŠŸã—ãŸä½œæˆã§ã¯ã€wolfssl_methodãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ã©ã¡ã‚‰å´(サーãƒãƒ¼/クライアント)ã§ã‚ã‚‹ã‹ãŒã¾ã æ±ºå®šã•れã¦ã„ãªã„ã“ã¨ã‚’除ã„ã¦ã€wolfTLSv1_3_client_methodã¨åŒæ§˜ã®WOLFSSL_METHODã‚’è¿”ã—ã¾ã™ã€‚ + + \param [in] heap é™çš„メモリアロケータãŒå‹•的メモリ割り当ã¦ä¸­ã«ä½¿ç”¨ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \return WOLFSSL_METHOD 正常ã«ä½œæˆã•れãŸå ´åˆã€WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ãƒ¡ã‚½ãƒƒãƒ‰ã®ä½œæˆã«å¤±æ•—ã—ãŸå ´åˆã¯Null。 _Example_ \code WOLFSSL* ctx; ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL)); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ @@ -10862,44 +12768,157 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€ã¾ã ã©ã¡ã‚‰ã®å´ï¼ˆã‚µãƒ¼ãƒ/クライアント)を決定ã—ã¦ã„ãªã„ã“ã¨ã‚’除ã„ã¦ã€Wolftlsv1_3_client_methodã¨åŒæ§˜ã®wolfssl_methodã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_METHOD æˆåŠŸã—ãŸä½œæˆã§ã¯ã€wolfssl_methodãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + + \brief ã“ã®é–¢æ•°ã¯ã€ã©ã¡ã‚‰å´(サーãƒãƒ¼/クライアント)ã§ã‚ã‚‹ã‹ãŒã¾ã æ±ºå®šã•れã¦ã„ãªã„ã“ã¨ã‚’除ã„ã¦ã€wolfTLSv1_3_client_methodã¨åŒæ§˜ã®WOLFSSL_METHODã‚’è¿”ã—ã¾ã™ã€‚ + + \return WOLFSSL_METHOD 正常ã«ä½œæˆã•れãŸå ´åˆã€WOLFSSL_METHODãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL メモリ割り当ã¦ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯ãƒ¡ã‚½ãƒƒãƒ‰ã®ä½œæˆã«å¤±æ•—ã—ãŸå ´åˆã¯Null。 _Example_ \code WOLFSSL* ctx; ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()); - // check ret value + // retå€¤ã‚’ç¢ºèª \endcode + \sa wolfSSL_new \sa wolfSSL_free */ WOLFSSL_METHOD *wolfTLSv1_3_method(void); /*! + \ingroup SSL + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ†ã‚¹ãƒˆå°‚用ã®å›ºå®š/é™çš„エフェメラルéµã‚’設定ã—ã¾ã™ã€‚ + \return 0 éµãŒæ­£å¸¸ã«ãƒ­ãƒ¼ãƒ‰ã•れã¾ã—ãŸã€‚ + \param ctx WOLFSSL_CTXコンテキストãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keyAlgo WC_PK_TYPE_DHã‚„WC_PK_TYPE_ECDHãªã©ã®enum wc_PkType。 + \param key éµãƒ•ァイルパス(keySz == 0ã®å ´åˆ)ã¾ãŸã¯å®Ÿéš›ã®éµãƒãƒƒãƒ•ã‚¡(PEMã¾ãŸã¯ASN.1)。 + \param keySz éµã‚µã‚¤ã‚º("key"引数ãŒãƒ•ァイルパスã®å ´åˆã¯0ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™)。 + \param format WOLFSSL_FILETYPE_ASN1ã¾ãŸã¯WOLFSSL_FILETYPE_PEM。 + \sa wolfSSL_CTX_get_ephemeral_key + */ +int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const char* key, unsigned int keySz, int format); + +/*! + \ingroup SSL + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ†ã‚¹ãƒˆå°‚用ã®å›ºå®š/é™çš„エフェメラルéµã‚’設定ã—ã¾ã™ã€‚ + \return 0 éµãŒæ­£å¸¸ã«ãƒ­ãƒ¼ãƒ‰ã•れã¾ã—ãŸã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keyAlgo WC_PK_TYPE_DHã‚„WC_PK_TYPE_ECDHãªã©ã®enum wc_PkType。 + \param key éµãƒ•ァイルパス(keySz == 0ã®å ´åˆ)ã¾ãŸã¯å®Ÿéš›ã®éµãƒãƒƒãƒ•ã‚¡(PEMã¾ãŸã¯ASN.1)。 + \param keySz éµã‚µã‚¤ã‚º("key"引数ãŒãƒ•ァイルパスã®å ´åˆã¯0ã§ã‚ã‚‹å¿…è¦ãŒã‚りã¾ã™)。 + \param format WOLFSSL_FILETYPE_ASN1ã¾ãŸã¯WOLFSSL_FILETYPE_PEM。 + \sa wolfSSL_get_ephemeral_key + */ +int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); + +/*! + \ingroup SSL + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1/DERã¨ã—ã¦ãƒ­ãƒ¼ãƒ‰ã•れãŸéµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 éµãŒæ­£å¸¸ã«è¿”ã•れã¾ã—ãŸã€‚ + \param ctx WOLFSSL_CTXコンテキストãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keyAlgo WC_PK_TYPE_DHã‚„WC_PK_TYPE_ECDHãªã©ã®enum wc_PkType。 + \param key éµãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz éµã‚µã‚¤ã‚ºãƒã‚¤ãƒ³ã‚¿ã€‚ + \sa wolfSSL_CTX_set_ephemeral_key + */ +int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, + const unsigned char** key, unsigned int* keySz); + +/*! + \ingroup SSL + \brief ã“ã®é–¢æ•°ã¯ã€ASN.1/DERã¨ã—ã¦ãƒ­ãƒ¼ãƒ‰ã•れãŸéµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return 0 éµãŒæ­£å¸¸ã«è¿”ã•れã¾ã—ãŸã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keyAlgo WC_PK_TYPE_DHã‚„WC_PK_TYPE_ECDHãªã©ã®enum wc_PkType。 + \param key éµãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param keySz éµã‚µã‚¤ã‚ºãƒã‚¤ãƒ³ã‚¿ã€‚ + \sa wolfSSL_set_ephemeral_key + */ +int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, + const unsigned char** key, unsigned int* keySz); + +/*! + \ingroup SSL + \brief é¸æŠžã—ãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€ãƒ‘ディングã€ãŠã‚ˆã³RSAéµã§ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€ã‚¨ãƒ©ãƒ¼æ™‚ã¯c。 + \param hashAlg ãƒãƒƒã‚·ãƒ¥NID。 + \param hash ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€‚ãŠãらãã“れã¯ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã«ãªã‚Šã¾ã™ã€‚ + \param hLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã•。 + \param sigRet 出力ãƒãƒƒãƒ•ァ。 + \param sigLen 入力時: sigRetãƒãƒƒãƒ•ã‚¡ã®é•·ã•ã€å‡ºåŠ›æ™‚: sigRetã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã®é•·ã•。 + \param rsa 入力ã®ç½²åã«ä½¿ç”¨ã•れるRSAéµã€‚ + \param flag 1: ç½²åを出力ã€0: パディングã•れã¦ã„ãªã„ç½²åã¨æ¯”較ã™ã¹ã値を出力。注æ„: RSA_PKCS1_PSS_PADDINGã®å ´åˆã€*Verify*関数ã®å‡ºåŠ›ã‚’ãƒã‚§ãƒƒã‚¯ã™ã‚‹ãŸã‚ã«wc_RsaPSS_CheckPadding_ex関数を使用ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param padding 使用ã™ã‚‹ãƒ‘ディング。ç¾åœ¨ã€ç½²åã«ã¯RSA_PKCS1_PSS_PADDINGã¨RSA_PKCS1_PADDINGã®ã¿ãŒã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚ + */ +int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, + int flag, int padding); +/*! + +\brief DTLSv1.3スタックãŒé€ä¿¡ã—ãŸãŒã€ã¾ã ä»–ã®ãƒ”ã‚¢ã‹ã‚‰ç¢ºèªå¿œç­”ã•れã¦ã„ãªã„メッセージãŒã‚ã‚‹ã‹ã©ã†ã‹ã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + + \return 1 ä¿ç•™ä¸­ã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚‹å ´åˆã€ãれ以外ã¯0。 + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ +*/ +int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); + +/*! + \ingroup SSL + \brief セッションã‹ã‚‰Early Dataã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚ + + \param [in] s WOLFSSL_SESSIONインスタンス。 + + \return ã‚»ãƒƒã‚·ãƒ§ãƒ³ãŒæ´¾ç”Ÿã—ãŸWOLFSSL*ã§è¨­å®šã•れãŸmax_early_dataã®å€¤ã€‚ + + \sa wolfSSL_set_max_early_data + \sa wolfSSL_write_early_data + \sa wolfSSL_read_early_data + */ +unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s); + +/*! + \ingroup SSL + \brief å¤–éƒ¨ãƒ‡ãƒ¼ã‚¿ç”¨ã®æ–°ã—ã„インデックスをå–å¾—ã—ã¾ã™ã€‚ã“ã®ã‚¨ãƒ³ãƒˆãƒªã¯ä»¥ä¸‹ã®APIã«ã‚‚é©ç”¨ã•れã¾ã™: + - wolfSSL_CTX_get_ex_new_index + - wolfSSL_get_ex_new_index + - wolfSSL_SESSION_get_ex_new_index + - wolfSSL_X509_get_ex_new_index + + \param [in] class_index 外部データインデックスãŒé©ç”¨ã•れるオブジェクトクラスã®è­˜åˆ¥å­ã€‚wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + \param [in] argl äº’æ›æ€§ã®ãŸã‚ã«æ¸¡ã•れるオプションã®long型引数。wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + \param [in] argp äº’æ›æ€§ã®ãŸã‚ã«æ¸¡ã•れるオプションã®ãƒã‚¤ãƒ³ã‚¿åž‹å¼•数。wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + \param [in] new_func 外部データコンストラクタコールãƒãƒƒã‚¯ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + \param [in] dup_func 外部データ複製コールãƒãƒƒã‚¯ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + \param [in] free_func 外部データデストラクタコールãƒãƒƒã‚¯ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚wolfSSLã§ã¯ç„¡è¦–ã•れã¾ã™ã€‚ + + \return ã“ã®ã‚ªãƒ–ジェクトクラスã®å¤–部データAPIã§ä½¿ç”¨ã•れる新ã—ã„インデックス値。 + */ +int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, + WOLFSSL_CRYPTO_EX_new* new_func, + WOLFSSL_CRYPTO_EX_dup* dup_func, + WOLFSSL_CRYPTO_EX_free* free_func); + +/*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€ã‚µãƒ¼ãƒãƒ¼å´ã«Certificateメッセージã§é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚ - サーãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€å—入れå¯èƒ½ãªã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚ - Raw Public Key 証明書をé€å—ä¿¡ã—ãŸã„å ´åˆã«ã¯ã“ã®é–¢æ•°ã‚’使ã£ã¦è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - 設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯å„ªå…ˆåº¦é †ã«æ ¼ç´ã—ãŸãƒã‚¤ãƒˆé…列ã¨ã—ã¦æ¸¡ã—ã¾ã™ã€‚ - 設定ã™ã‚‹ãƒãƒƒãƒ•ァアドレスã«NULLを渡ã™ã‹ã€ã‚ã‚‹ã„ã¯ãƒãƒƒãƒ•ァサイズã«0を渡ã™ã¨è¦å®šå€¤ã«ã‚‚ã©ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - è¦å®šå€¤ã¯X509証明書(WOLFSSL_CERT_TYPE_X509)ã®ã¿ã‚’扱ã†è¨­å®šã¨ãªã£ã¦ã„ã¾ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸ - \return BAD_FUNC_ARG ctxã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯ä¸æ­£ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を指定ã—ãŸã€ - ã‚ã‚‹ã„ã¯MAX_CLIENT_CERT_TYPE_CNT以上ã®ãƒãƒƒãƒ•ァサイズを指定ã—ãŸã€ã‚ã‚‹ã„ã¯æŒ‡å®šã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã«é‡è¤‡ãŒã‚ã‚‹ - \param ctx wolfssl_ctxコンテキストãƒã‚¤ãƒ³ã‚¿ - \param ctype 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ + \brief ã“ã®é–¢æ•°ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã«é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚サーãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã‹ã‚‰å—ã‘入れå¯èƒ½ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚優先順ä½ã®é«˜ã„é †ã«ãƒãƒƒãƒ•ã‚¡ã«è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’æ ¼ç´ã—ã¾ã™ã€‚設定をデフォルトã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ã«ã¯ã€bufã«NULLを渡ã™ã‹ã€lenã«0を渡ã—ã¾ã™ã€‚デフォルトã§ã¯ã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯X509ã®ã¿ã§ã™ã€‚両å´ãŒ"Raw public key"証明書をé€ä¿¡ã¾ãŸã¯å—ã‘入れるã“ã¨ã‚’æ„図ã—ã¦ã„ã‚‹å ´åˆã€WOLFSSL_CERT_TYPE_RPKã‚’ãƒãƒƒãƒ•ã‚¡ã«å«ã‚ã¦è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ­£å¸¸ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã«NULLãŒæ¸¡ã•れãŸå ´åˆã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦ä¸æ­£ãªå€¤ãŒæŒ‡å®šã•れãŸå ´åˆã€bufサイズãŒMAX_CLIENT_CERT_TYPE_CNTã‚’è¶…ãˆãŸå ´åˆã€ã¾ãŸã¯buf内ã«é‡è¤‡ã™ã‚‹å€¤ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€‚ + + \param ctx WOLFSSL_CTXオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ ¼ç´ã•れるãƒãƒƒãƒ•ァ。 + \param len bufサイズ(ãƒã‚¤ãƒˆå˜ä½)(å«ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®æ•°ã¨åŒã˜)。 _Example_ \code int ret; WOLFSSL_CTX* ctx; - char ctype[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; - int len = sizeof(ctype)/sizeof(byte); - ... + char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; + int len = sizeof(buf)/sizeof(char); + ... - ret = wolfSSL_CTX_set_client_cert_type(ctx, ctype, len); + ret = wolfSSL_CTX_set_client_cert_type(ctx, buf, len); \endcode \sa wolfSSL_set_client_cert_type \sa wolfSSL_CTX_set_server_cert_type @@ -10911,29 +12930,23 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã«Certificateメッセージã§é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚ - クライアントå´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€å—入れå¯èƒ½ãªã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚ - Raw Public Key 証明書をé€å—ä¿¡ã—ãŸã„å ´åˆã«ã¯ã“ã®é–¢æ•°ã‚’使ã£ã¦è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - 設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯å„ªå…ˆåº¦é †ã«æ ¼ç´ã—ãŸãƒã‚¤ãƒˆé…列ã¨ã—ã¦æ¸¡ã—ã¾ã™ã€‚ - 設定ã™ã‚‹ãƒãƒƒãƒ•ァアドレスã«NULLを渡ã™ã‹ã€ã‚ã‚‹ã„ã¯ãƒãƒƒãƒ•ァサイズã«0を渡ã™ã¨è¦å®šå€¤ã«ã‚‚ã©ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - è¦å®šå€¤ã¯X509証明書(WOLFSSL_CERT_TYPE_X509)ã®ã¿ã‚’扱ã†è¨­å®šã¨ãªã£ã¦ã„ã¾ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸ - \return BAD_FUNC_ARG ctxã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯ä¸æ­£ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を指定ã—ãŸã€ - ã‚ã‚‹ã„ã¯MAX_SERVER_CERT_TYPE_CNT以上ã®ãƒãƒƒãƒ•ァサイズを指定ã—ãŸã€ã‚ã‚‹ã„ã¯æŒ‡å®šã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã«é‡è¤‡ãŒã‚ã‚‹ - - \param ctx wolfssl_ctxコンテキストãƒã‚¤ãƒ³ã‚¿ - \param ctype 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ + \brief ã“ã®é–¢æ•°ãŒã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã«é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚クライアントå´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã‹ã‚‰å—ã‘入れå¯èƒ½ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚優先順ä½ã®é«˜ã„é †ã«ãƒãƒƒãƒ•ã‚¡ã«è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’æ ¼ç´ã—ã¾ã™ã€‚設定をデフォルトã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ã«ã¯ã€bufã«NULLを渡ã™ã‹ã€lenã«0を渡ã—ã¾ã™ã€‚デフォルトã§ã¯ã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯X509ã®ã¿ã§ã™ã€‚両å´ãŒ"Raw public key"証明書をé€ä¿¡ã¾ãŸã¯å—ã‘入れるã“ã¨ã‚’æ„図ã—ã¦ã„ã‚‹å ´åˆã€WOLFSSL_CERT_TYPE_RPKã‚’ãƒãƒƒãƒ•ã‚¡ã«å«ã‚ã¦è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ­£å¸¸ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã«NULLãŒæ¸¡ã•れãŸå ´åˆã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦ä¸æ­£ãªå€¤ãŒæŒ‡å®šã•れãŸå ´åˆã€bufサイズãŒMAX_SERVER_CERT_TYPE_CNTã‚’è¶…ãˆãŸå ´åˆã€ã¾ãŸã¯buf内ã«é‡è¤‡ã™ã‚‹å€¤ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€‚ + + \param ctx WOLFSSL_CTXオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ ¼ç´ã•れるãƒãƒƒãƒ•ァ。 + \param len bufサイズ(ãƒã‚¤ãƒˆå˜ä½)(å«ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®æ•°ã¨åŒã˜)。 _Example_ \code int ret; WOLFSSL_CTX* ctx; - char ctype[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; - int len = sizeof(ctype)/sizeof(byte); - ... + char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; + int len = sizeof(buf)/sizeof(char); + ... - ret = wolfSSL_CTX_set_server_cert_type(ctx, ctype, len); + ret = wolfSSL_CTX_set_server_cert_type(ctx, buf, len); \endcode \sa wolfSSL_set_client_cert_type \sa wolfSSL_CTX_set_client_cert_type @@ -10945,29 +12958,23 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€ã‚µãƒ¼ãƒãƒ¼å´ã«Certificateメッセージã§é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚ - サーãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€å—入れå¯èƒ½ãªã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚ - Raw Public Key 証明書をé€å—ä¿¡ã—ãŸã„å ´åˆã«ã¯ã“ã®é–¢æ•°ã‚’使ã£ã¦è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - 設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯å„ªå…ˆåº¦é †ã«æ ¼ç´ã—ãŸãƒã‚¤ãƒˆé…列ã¨ã—ã¦æ¸¡ã—ã¾ã™ã€‚ - 設定ã™ã‚‹ãƒãƒƒãƒ•ァアドレスã«NULLを渡ã™ã‹ã€ã‚ã‚‹ã„ã¯ãƒãƒƒãƒ•ァサイズã«0を渡ã™ã¨è¦å®šå€¤ã«ã‚‚ã©ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - è¦å®šå€¤ã¯X509証明書(WOLFSSL_CERT_TYPE_X509)ã®ã¿ã‚’扱ã†è¨­å®šã¨ãªã£ã¦ã„ã¾ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸ - \return BAD_FUNC_ARG sslã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯ä¸æ­£ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を指定ã—ãŸã€ - ã‚ã‚‹ã„ã¯MAX_CLIENT_CERT_TYPE_CNT以上ã®ãƒãƒƒãƒ•ァサイズを指定ã—ãŸã€ã‚ã‚‹ã„ã¯æŒ‡å®šã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã«é‡è¤‡ãŒã‚ã‚‹ - - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ctype 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ + \brief ã“ã®é–¢æ•°ãŒã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã«é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚サーãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã‹ã‚‰å—ã‘入れå¯èƒ½ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚優先順ä½ã®é«˜ã„é †ã«ãƒãƒƒãƒ•ã‚¡ã«è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’æ ¼ç´ã—ã¾ã™ã€‚設定をデフォルトã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ã«ã¯ã€bufã«NULLを渡ã™ã‹ã€lenã«0を渡ã—ã¾ã™ã€‚デフォルトã§ã¯ã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯X509ã®ã¿ã§ã™ã€‚両å´ãŒ"Raw public key"証明書をé€ä¿¡ã¾ãŸã¯å—ã‘入れるã“ã¨ã‚’æ„図ã—ã¦ã„ã‚‹å ´åˆã€WOLFSSL_CERT_TYPE_RPKã‚’ãƒãƒƒãƒ•ã‚¡ã«å«ã‚ã¦è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ­£å¸¸ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã«NULLãŒæ¸¡ã•れãŸå ´åˆã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦ä¸æ­£ãªå€¤ãŒæŒ‡å®šã•れãŸå ´åˆã€bufサイズãŒMAX_CLIENT_CERT_TYPE_CNTã‚’è¶…ãˆãŸå ´åˆã€ã¾ãŸã¯buf内ã«é‡è¤‡ã™ã‚‹å€¤ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€‚ + + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ ¼ç´ã•れるãƒãƒƒãƒ•ァ。 + \param len bufサイズ(ãƒã‚¤ãƒˆå˜ä½)(å«ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®æ•°ã¨åŒã˜)。 _Example_ \code int ret; WOLFSSL* ssl; - char ctype[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; - int len = sizeof(ctype)/sizeof(byte); - ... + char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; + int len = sizeof(buf)/sizeof(char); + ... - ret = wolfSSL_set_client_cert_type(ssl, ctype, len); + ret = wolfSSL_set_client_cert_type(ssl, buf, len); \endcode \sa wolfSSL_CTX_set_client_cert_type \sa wolfSSL_CTX_set_server_cert_type @@ -10979,29 +12986,22 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆå´ã«Certificateメッセージã§é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚ - クライアントå´ã§å‘¼ã³å‡ºã•れる場åˆã«ã¯ã€å—入れå¯èƒ½ãªã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚ - Raw Public Key 証明書をé€å—ä¿¡ã—ãŸã„å ´åˆã«ã¯ã“ã®é–¢æ•°ã‚’使ã£ã¦è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - 設定ã™ã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯å„ªå…ˆåº¦é †ã«æ ¼ç´ã—ãŸãƒã‚¤ãƒˆé…列ã¨ã—ã¦æ¸¡ã—ã¾ã™ã€‚ - 設定ã™ã‚‹ãƒãƒƒãƒ•ァアドレスã«NULLを渡ã™ã‹ã€ã‚ã‚‹ã„ã¯ãƒãƒƒãƒ•ァサイズã«0を渡ã™ã¨è¦å®šå€¤ã«ã‚‚ã©ã™ã“ã¨ãŒã§ãã¾ã™ã€‚ - è¦å®šå€¤ã¯X509証明書(WOLFSSL_CERT_TYPE_X509)ã®ã¿ã‚’扱ã†è¨­å®šã¨ãªã£ã¦ã„ã¾ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸ - \return BAD_FUNC_ARG ctxã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯ä¸æ­£ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を指定ã—ãŸã€ - ã‚ã‚‹ã„ã¯MAX_SERVER_CERT_TYPE_CNT以上ã®ãƒãƒƒãƒ•ァサイズを指定ã—ãŸã€ã‚ã‚‹ã„ã¯æŒ‡å®šã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã«é‡è¤‡ãŒã‚ã‚‹ - - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param ctype 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param len 証明書タイプを格ç´ã—ãŸãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºï¼ˆãƒã‚¤ãƒˆæ•°ï¼‰ + \brief ã“ã®é–¢æ•°ãŒã‚µãƒ¼ãƒãƒ¼å´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã«é€ä¿¡ã§ãる証明書タイプを設定ã—ã¾ã™ã€‚クライアントå´ã§å‘¼ã³å‡ºã•れãŸå ´åˆã€ãƒ”ã‚¢ã‹ã‚‰å—ã‘入れå¯èƒ½ãªè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—を設定ã—ã¾ã™ã€‚優先順ä½ã®é«˜ã„é †ã«ãƒãƒƒãƒ•ã‚¡ã«è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’æ ¼ç´ã—ã¾ã™ã€‚設定をデフォルトã«ãƒªã‚»ãƒƒãƒˆã™ã‚‹ã«ã¯ã€bufã«NULLを渡ã™ã‹ã€lenã«0を渡ã—ã¾ã™ã€‚デフォルトã§ã¯ã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯X509ã®ã¿ã§ã™ã€‚両å´ãŒ"Raw public key"証明書をé€ä¿¡ã¾ãŸã¯å—ã‘入れるã“ã¨ã‚’æ„図ã—ã¦ã„ã‚‹å ´åˆã€WOLFSSL_CERT_TYPE_RPKã‚’ãƒãƒƒãƒ•ã‚¡ã«å«ã‚ã¦è¨­å®šã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ­£å¸¸ã«è¨­å®šã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã«NULLãŒæ¸¡ã•れãŸå ´åˆã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦ä¸æ­£ãªå€¤ãŒæŒ‡å®šã•れãŸå ´åˆã€bufサイズãŒMAX_SERVER_CERT_TYPE_CNTã‚’è¶…ãˆãŸå ´åˆã€ã¾ãŸã¯buf内ã«é‡è¤‡ã™ã‚‹å€¤ãŒè¦‹ã¤ã‹ã£ãŸå ´åˆã€‚ + + \param ctx WOLFSSL_CTXオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãŒæ ¼ç´ã•れるãƒãƒƒãƒ•ァ。 + \param len bufサイズ(ãƒã‚¤ãƒˆå˜ä½)(å«ã¾ã‚Œã‚‹è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®æ•°ã¨åŒã˜)。 _Example_ \code - int ret; - WOLFSSL* ssl; - char ctype[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; - int len = sizeof(ctype)/sizeof(byte); - ... + int ret; WOLFSSL* ssl; + char buf[] = {WOLFSSL_CERT_TYPE_RPK, WOLFSSL_CERT_TYPE_X509}; + int len = sizeof(buf)/sizeof(char); + ... - ret = wolfSSL_set_server_cert_type(ssl, ctype, len); + ret = wolfSSL_set_server_cert_type(ssl, buf, len); \endcode \sa wolfSSL_set_client_cert_type \sa wolfSSL_CTX_set_server_cert_type @@ -11012,22 +13012,116 @@ int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len); /*! + \ingroup Setup + + \brief 指定ã•れãŸWOLFSSL_CTXコンテキストã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化を有効ã«ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‹ã‚‰ä½œæˆã•れãŸã™ã¹ã¦ã®SSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG ctxãŒNULLã®å ´åˆã€‚ + + \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + wolfSSL_CTX_set_group_messages(ctx); + \endcode + + \sa wolfSSL_CTX_clear_group_messages + \sa wolfSSL_set_group_messages + \sa wolfSSL_clear_group_messages +*/ +int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx); + +/*! + \ingroup Setup + + \brief 指定ã•れãŸWOLFSSL_CTXコンテキストã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化を無効ã«ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‹ã‚‰ä½œæˆã•れãŸã™ã¹ã¦ã®SSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化をオフã«ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG ctxãŒNULLã®å ´åˆã€‚ + + \param ctx WOLFSSL_CTX構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + wolfSSL_CTX_clear_group_messages(ctx); + \endcode + + \sa wolfSSL_CTX_set_group_messages + \sa wolfSSL_set_group_messages + \sa wolfSSL_clear_group_messages +*/ +int wolfSSL_CTX_clear_group_messages(WOLFSSL_CTX* ctx); + +/*! + \ingroup Setup + + \brief 指定ã•れãŸWOLFSSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化を有効ã«ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化をオンã«ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + + \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + WOLFSSL* ssl = wolfSSL_new(ctx); + wolfSSL_set_group_messages(ssl); + \endcode + + \sa wolfSSL_clear_group_messages + \sa wolfSSL_CTX_set_group_messages + \sa wolfSSL_CTX_clear_group_messages +*/ +int wolfSSL_set_group_messages(WOLFSSL* ssl); + +/*! + \ingroup Setup + + \brief 指定ã•れãŸWOLFSSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化を無効ã«ã—ã¾ã™ã€‚ + + ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLオブジェクトã«å¯¾ã—ã¦ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚°ãƒ«ãƒ¼ãƒ—化をオフã«ã—ã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€‚ + \return BAD_FUNC_ARG sslãŒNULLã®å ´åˆã€‚ + + \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + _Example_ + \code + WOLFSSL* ssl = wolfSSL_new(ctx); + wolfSSL_clear_group_messages(ssl); + \endcode + + \sa wolfSSL_set_group_messages + \sa wolfSSL_CTX_set_group_messages + \sa wolfSSL_CTX_clear_group_messages +*/ +int wolfSSL_clear_group_messages(WOLFSSL* ssl); + +/*! \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯çµ‚了後ã«å‘¼ã³å‡ºã—ã€ç›¸æ‰‹ã¨ã®ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®çµæžœå¾—られãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã‚’è¿”ã—ã¾ã™ã€‚ - ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãŒç™ºç”Ÿã—ãªã„å ´åˆã«ã¯æˆ»ã‚Šå€¤ã¨ã—ã¦WOLFSSL_SUCCESSãŒè¿”ã•れã¾ã™ãŒã€ - 証明書タイプã¨ã—ã¦ã¯WOLFSSL_CERT_TYPE_UNKNOWNãŒè¿”ã•れã¾ã™ã€‚ - - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«ã‹ãˆã‚Šã¾ã™ã€‚tpã«è¿”ã•れãŸè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯WOLFSSL_CERT_TYPE_X509, - WOLFSSL_CERT_TYPE_RPK ã‚ã‚‹ã„ã¯WOLFSSL_CERT_TYPE_UNKNOWNã®ã„ãšã‚Œã‹ã¨ãªã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG sslã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯tpã¨ã—ã¦NULLを渡ã—㟠- \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param tp 証明書タイプãŒè¿”ã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€ClientHelloã¨ServerHelloã§è¡Œã‚れãŸã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®çµæžœã‚’è¿”ã—ã¾ã™ã€‚ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã€æˆ»ã‚Šå€¤ã¨ã—ã¦WOLFSSL_SUCCESSãŒè¿”ã•れã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦WOLFSSL_CERT_TYPE_UNKNOWNãŒè¿”ã•れã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’å–å¾—ã§ããŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯tpã«NULLãŒæ¸¡ã•れãŸå ´åˆã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tp 証明書タイプãŒè¿”ã•れるãƒãƒƒãƒ•ァ。次ã®3ã¤ã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™:WOLFSSL_CERT_TYPE_RPKã€WOLFSSL_CERT_TYPE_X509ã€ã¾ãŸã¯WOLFSSL_CERT_TYPE_UNKNOWN。 + _Example_ \code int ret; WOLFSSL* ssl; int tp; - ... + ... ret = wolfSSL_get_negotiated_client_cert_type(ssl, &tp); \endcode @@ -11041,13 +13135,12 @@ /*! \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯çµ‚了後ã«å‘¼ã³å‡ºã—ã€ç›¸æ‰‹ã¨ã®ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®çµæžœå¾—られãŸã‚µãƒ¼ãƒãƒ¼è¨¼æ˜Žæ›¸ã®ã‚¿ã‚¤ãƒ—ã‚’è¿”ã—ã¾ã™ã€‚ - ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãŒç™ºç”Ÿã—ãªã„å ´åˆã«ã¯æˆ»ã‚Šå€¤ã¨ã—ã¦WOLFSSL_SUCCESSãŒè¿”ã•れã¾ã™ãŒã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦ã¯WOLFSSL_CERT_TYPE_UNKNOWNãŒè¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«ã‹ãˆã‚Šã¾ã™ã€‚tpã«è¿”ã•れãŸè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¯WOLFSSL_CERT_TYPE_X509, - WOLFSSL_CERT_TYPE_RPK ã‚ã‚‹ã„ã¯WOLFSSL_CERT_TYPE_UNKNOWNã®ã„ãšã‚Œã‹ã¨ãªã‚Šã¾ã™ã€‚ - \return BAD_FUNC_ARG sslã¨ã—ã¦NULLを渡ã—ãŸã€ã‚ã‚‹ã„ã¯tpã¨ã—ã¦NULLを渡ã—㟠- \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param tp 証明書タイプãŒè¿”ã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \brief ã“ã®é–¢æ•°ã¯ã€ClientHelloã¨ServerHelloã§è¡Œã‚れãŸã‚µãƒ¼ãƒè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã®çµæžœã‚’è¿”ã—ã¾ã™ã€‚ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ãŒç™ºç”Ÿã—ãªã‹ã£ãŸå ´åˆã€æˆ»ã‚Šå€¤ã¨ã—ã¦WOLFSSL_SUCCESSãŒè¿”ã•れã€è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã¨ã—ã¦WOLFSSL_CERT_TYPE_UNKNOWNãŒè¿”ã•れã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸè¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã‚’å–å¾—ã§ããŸå ´åˆã€‚ + \return BAD_FUNC_ARG ctxã¾ãŸã¯tpã«NULLãŒæ¸¡ã•れãŸå ´åˆã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param tp 証明書タイプãŒè¿”ã•れるãƒãƒƒãƒ•ァ。次ã®3ã¤ã®è¨¼æ˜Žæ›¸ã‚¿ã‚¤ãƒ—ã®ã„ãšã‚Œã‹ãŒè¿”ã•れã¾ã™:WOLFSSL_CERT_TYPE_RPKã€WOLFSSL_CERT_TYPE_X509ã€ã¾ãŸã¯WOLFSSL_CERT_TYPE_UNKNOWN。 _Example_ \code int ret; @@ -11066,121 +13159,12 @@ int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp); /*! - \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ãƒ†ã‚¹ãƒˆã®ãŸã‚ã®å›ºå®š/é™çš„ãªã‚¨ãƒ•ェラルキーを設定ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param ctx WOLFSSL_CTXコンテキストãƒã‚¤ãƒ³ã‚¿ - \param keyAlgo WC_PK_TYPE_DHãŠã‚ˆã³WC_PK_TYPE_ECDHã®ã‚ˆã†ãªenum wc_pktype - \param key キーファイルパス(Keysz == 0)ã¾ãŸã¯å®Ÿéš›ã®ã‚­ãƒ¼ãƒãƒƒãƒ•ァ(PEMã¾ãŸã¯ASN.1) - \param keySz キーサイズ(「キーã€argã¯ãƒ•ァイルパスã®å ´åˆã¯0ã«ãªã‚Šã¾ã™ï¼‰ - \sa wolfSSL_CTX_get_ephemeral_key - */ -int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, const char* key, unsigned int keySz, int format); -/*! - \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ãƒ†ã‚¹ãƒˆã®ãŸã‚ã®å›ºå®š/é™çš„ãªã‚¨ãƒ•ェラルキーを設定ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keyAlgo WC_PK_TYPE_DHãŠã‚ˆã³WC_PK_TYPE_ECDHã®ã‚ˆã†ãªenum wc_pktype - \param key キーファイルパス(Keysz == 0)ã¾ãŸã¯å®Ÿéš›ã®ã‚­ãƒ¼ãƒãƒƒãƒ•ァ(PEMã¾ãŸã¯ASN.1) - \param keySz キーサイズ(「キーã€argã¯ãƒ•ァイルパスã®å ´åˆã¯0ã«ãªã‚Šã¾ã™ï¼‰ - \sa wolfSSL_get_ephemeral_key - */ -int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); +\brief SSLオブジェクトã«å¯¾ã—ã¦ConnectionIDæ‹¡å¼µã®ä½¿ç”¨ã‚’有効ã«ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 -/*! - \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ ASN.1/DERã¨ã—ã¦ãƒ­ãƒ¼ãƒ‰ã•れãŸã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ - \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param ctx wolfssl_ctxコンテキストãƒã‚¤ãƒ³ã‚¿ - \param keyAlgo WC_PK_TYPE_DHãŠã‚ˆã³WC_PK_TYPE_ECDHã®ã‚ˆã†ãªenum wc_pktype - \param key キーãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ - \sa wolfSSL_CTX_set_ephemeral_key - */ -int wolfSSL_CTX_get_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, - const unsigned char** key, unsigned int* keySz); + \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ -/*! - \ingroup SSL - \brief ã“ã®é–¢æ•°ã¯ ASN.1/DERã¨ã—ã¦ãƒ­ãƒ¼ãƒ‰ã•れãŸéµã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ - \return 0 æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param keyAlgo WC_PK_TYPE_DHãŠã‚ˆã³WC_PK_TYPE_ECDHã®ã‚ˆã†ãªenum wc_pktype - \param key キーãƒãƒƒãƒ•ã‚¡ãƒã‚¤ãƒ³ã‚¿ - \sa wolfSSL_set_ephemeral_key - */ -int wolfSSL_get_ephemeral_key(WOLFSSL* ssl, int keyAlgo, - const unsigned char** key, unsigned int* keySz); - -/*! - \ingroup SSL - \brief é¸æŠžã—ãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆã€ãƒ‘ディングã€ãŠã‚ˆã³RSAキーを使用ã—ã¦ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã«ç½²åã—ã¾ã™ã€‚ - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_FAILURE エラー発生時ã«è¿”ã•れã¾ã™ã€‚ - - \param type ãƒãƒƒã‚·ãƒ¥NID - \param m ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã€‚ã“れã¯ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ€ã‚¤ã‚¸ã‚§ã‚¹ãƒˆ - \param mLen ç½²åã™ã‚‹ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®é•·ã• - \param sigRet 出力ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sigLen 入力時ã«ã¯sigRetã®é•·ã•を指定ã—ã¾ã™ã€‚出力時ã«ã¯sigRetã«æ›¸ãè¾¼ã¾ã‚ŒãŸãƒ‡ãƒ¼ã‚¿ã®é•·ã•ã‚’æ ¼ç´ã—ã¾ã™ã€‚ - \param rsa 入力ã«ç½²åã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れるRSAéµ - \param flag 1:シグニãƒãƒ£0:未パワード署åを比較ã™ã‚‹å€¤ã‚’出力ã—ã¾ã™ã€‚注:RSA_PKCS1_PSS_PADDINGã®å ´åˆã¯ã€wc_rsapss_checkpadding_ex関数を使用ã—ã¦* VERIFY *関数ã®å‡ºåŠ›ã‚’ç¢ºèªã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \param padding パディング - */ -int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa, - int flag, int padding); - -/*! - \ingroup SSL - \brief DTLSv1.3 é€ä¿¡æ¸ˆã¿ã ãŒã¾ã ç›¸æ‰‹ã‹ã‚‰ã‚¢ã‚¯ãƒŽãƒªãƒƒã‚¸ã‚’å—ã‘ã¨ã£ã¦ã„ãªã„メッセージãŒã‚ã‚‹ã‹èª¿ã¹ã¾ã™ã€‚ - - \return 1 ペンディングã®ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ãŒã‚ã‚‹å ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯0ãŒè¿”ã•れã¾ã™ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ -*/ -int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); - -/*! - \ingroup SSL - \brief ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚ - - \param [in] s WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - - \return ã‚¢ãƒ¼ãƒªãƒ¼ãƒ‡ãƒ¼ã‚¿ã®æœ€å¤§ã‚µã‚¤ã‚ºï¼ˆmax_early_data) - \param s WOLFSSL_SESSION構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - - \sa wolfSSL_set_max_early_data - \sa wolfSSL_write_early_data - \sa wolfSSL_read_early_data - */ -unsigned int wolfSSL_SESSION_get_max_early_data(const WOLFSSL_SESSION *s); - -/*! - \ingroup SSL - \brief Get a new index for external data. This entry applies also for the - following API: - - wolfSSL_CTX_get_ex_new_index - - wolfSSL_get_ex_new_index - - wolfSSL_SESSION_get_ex_new_index - - wolfSSL_X509_get_ex_new_index - - \param [in] All input parameters are ignored. The callback functions are not - supported with wolfSSL. - - \return The new index value to be used with the external data API for this - object class. - */ -int wolfSSL_CRYPTO_get_ex_new_index(int, void*, void*, void*, void*); - -/*! - - \brief コãƒã‚¯ã‚·ãƒ§ãƒ³ID拡張を有効ã«ã—ã¾ã™ã€‚RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - - \return WOLFSSL_SUCCESS æˆåŠŸæ™‚ã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ - - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_dtls_cid_is_enabled \sa wolfSSL_dtls_cid_set @@ -11193,12 +13177,11 @@ /*! - \brief ã“ã®é–¢æ•°ã¯ãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ãŒå®Œäº†ã—ãŸå¾Œã«å‘¼ã³å‡ºã•れるã¨ã€ã‚³ãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸã‹ã©ã†ã‹ç¢ºèªã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ - RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 +\brief ãƒãƒ³ãƒ‰ã‚·ã‚§ã‚¤ã‚¯å®Œäº†å¾Œã«å‘¼ã³å‡ºã•れãŸå ´åˆã€SSLオブジェクトã«å¯¾ã—ã¦ConnectionIDãŒæ­£å¸¸ã«ãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸã‹ã©ã†ã‹ã‚’確èªã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return 1 コãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒãƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯0ãŒè¿”ã•れã¾ã™ã€‚ + \return 1 ConnectionIDãŒæ­£ã—ããƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸå ´åˆã€ãれ以外ã¯0。 - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_set @@ -11211,16 +13194,13 @@ /*! - \brief ã“ã®ã‚³ãƒã‚¯ã‚·ãƒ§ãƒ³ã§ä»–ã®ãƒ”ã‚¢ã«å¯¾ã—ã¦ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹ãŸã‚ã®ã‚³ãƒã‚¯ã‚·ãƒ§ãƒ³IDをセットã—ã¾ã™ã€‚ - RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。コãƒã‚¯ã‚·ãƒ§ãƒ³IDã¯æœ€å¤§å€¤ãŒDTLS_CID_MAX_SIZEã§ãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - DTLS_CID_MAX_SIZEã¯ãƒ“ルド時ã«å€¤ã‚’指定ãŒå¯èƒ½ã§ã™ãŒ255ãƒã‚¤ãƒˆã‚’ã“ãˆã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。 +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ç›¸æ‰‹ãƒ”ã‚¢ãŒä½¿ç”¨ã™ã‚‹ConnectionIDを設定ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。ConnectionIDã¯æœ€å¤§DTLS_CID_MAX_SIZE(調整å¯èƒ½ãªã‚³ãƒ³ãƒ‘イル時定義)ã§ã‚ã‚‹å¿…è¦ãŒã‚りã€255ãƒã‚¤ãƒˆã‚’è¶…ãˆã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。 + \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£ã—ã設定ã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ - \return WOLFSSL_SUCCESS コãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒã‚»ãƒƒãƒˆã§ããŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ - - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param cid コãƒã‚¯ã‚·ãƒ§ãƒ³ID - \param size コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚º + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cid 使用ã™ã‚‹ConnectionID。 + \param size æä¾›ã•れãŸConnectionIDã®ã‚µã‚¤ã‚ºã€‚ \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_is_enabled @@ -11234,12 +13214,12 @@ /*! - \brief コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ç›¸æ‰‹ãƒ”ã‚¢ãŒä½¿ç”¨ã™ã‚‹ConnectionIDã®ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。サイズã¯ãƒ‘ラメータsizeã«æ ¼ç´ã•れã¾ã™ã€‚ - \return WOLFSSL_SUCCESS コãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒå–å¾—ã§ããŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£ã—ããƒã‚´ã‚·ã‚¨ãƒ¼ãƒˆã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param size コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹int型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size ã‚µã‚¤ã‚ºãŒæ ¼ç´ã•れる符å·ãªã—intåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_is_enabled @@ -11253,16 +13233,15 @@ /*! - \brief コãƒã‚¯ã‚·ãƒ§ãƒ³IDを引数bufferã§æŒ‡å®šã•れãŸãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚ - RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã¯å¼•æ•°bufferSzã§æŒ‡å®šã—ã¦ãã ã•ã„。 - - \return WOLFSSL_SUCCESS コãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒå–å¾—ã§ããŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ - - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buffer コãƒã‚¯ã‚·ãƒ§ãƒ³IDãŒã‚³ãƒ”ーã•れる先ã®ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param bufferSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ç›¸æ‰‹ãƒ”ã‚¢ãŒä½¿ç”¨ã™ã‚‹ConnectionIDã‚’ã€ãƒ‘ラメータbufferãŒæŒ‡ã™ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。bufferSzã§ãƒãƒƒãƒ•ァ内ã®åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£ã—ãコピーã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buffer ConnectionIDãŒã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ァ。 + \param bufferSz buffer内ã®åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã€‚ + + \sa wolfSSL_dtls_cid_get0_rx \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_is_enabled \sa wolfSSL_dtls_cid_set @@ -11275,13 +13254,31 @@ /*! - \brief コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚c - サイズã¯å¼•æ•°sizeå¤‰æ•°ã«æ ¼ç´ã•れã¾ã™ã€‚ +\brief 相手ピアãŒä½¿ç”¨ã™ã‚‹ConnectionIDã‚’å–å¾—ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - \return WOLFSSL_SUCCESS コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚ºãŒå–å¾—ã§ããŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS ConnectionIDãŒcidã«æ­£ã—ã設定ã•れãŸå ´åˆã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param size コãƒã‚¯ã‚·ãƒ§ãƒ³IDã®ã‚µã‚¤ã‚ºã‚’æ ¼ç´ã™ã‚‹int型変数ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cid CIDã‚’ä¿æŒã™ã‚‹å†…部メモリã«è¨­å®šã•れるãƒã‚¤ãƒ³ã‚¿ã€‚ + + \sa wolfSSL_dtls_cid_get_rx + \sa wolfSSL_dtls_cid_use + \sa wolfSSL_dtls_cid_is_enabled + \sa wolfSSL_dtls_cid_set + \sa wolfSSL_dtls_cid_get_rx_size + \sa wolfSSL_dtls_cid_get_tx_size + \sa wolfSSL_dtls_cid_get_tx +*/ +int wolfSSL_dtls_cid_get0_rx(WOLFSSL* ssl, unsigned char** cid); + +/*! + +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ConnectionIDã®ã‚µã‚¤ã‚ºã‚’å–å¾—ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。サイズã¯ãƒ‘ラメータsizeã«æ ¼ç´ã•れã¾ã™ã€‚ + + \return WOLFSSL_SUCCESS ConnectionIDã‚µã‚¤ã‚ºãŒæ­£ã—ãæ ¼ç´ã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param size ã‚µã‚¤ã‚ºãŒæ ¼ç´ã•れる符å·ãªã—intåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_is_enabled @@ -11294,15 +13291,15 @@ /*! - \brief コãƒã‚¯ã‚·ãƒ§ãƒ³IDã‚’å¼•ãæ•°bufferã§æŒ‡å®šã•れるãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚RFC9146ã¨RFC9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 - ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã¯å¼•ãæ•°bufferSzã§æŒ‡å®šã—ã¾ã™ã€‚ +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ConnectionIDã‚’ã€ãƒ‘ラメータbufferãŒæŒ‡ã™ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。bufferSzã§åˆ©ç”¨å¯èƒ½ãªã‚µã‚¤ã‚ºã‚’æä¾›ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£å¸¸ã«ã‚³ãƒ”ーã•れãŸéš›ã«è¿”ã•れã¾ã™ã€‚ãれ以外ã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ãŒè¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£ã—ãコピーã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ - \param ssl WOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buffer ConnectionIDãŒã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param bufferSz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buffer ConnectionIDãŒã‚³ãƒ”ーã•れるãƒãƒƒãƒ•ァ。 + \param bufferSz buffer内ã®åˆ©ç”¨å¯èƒ½ãªã‚¹ãƒšãƒ¼ã‚¹ã€‚ + \sa wolfSSL_dtls_cid_get0_tx \sa wolfSSL_dtls_cid_use \sa wolfSSL_dtls_cid_is_enabled \sa wolfSSL_dtls_cid_set @@ -11312,3 +13309,342 @@ */ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); + +/*! + +\brief ã“ã®æŽ¥ç¶šã§ãƒ¬ã‚³ãƒ¼ãƒ‰ã‚’é€ä¿¡ã™ã‚‹éš›ã«ä½¿ç”¨ã™ã‚‹ConnectionIDã‚’å–å¾—ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \return WOLFSSL_SUCCESS ConnectionIDãŒæ­£ã—ãå–å¾—ã•れãŸå ´åˆã€ãれ以外ã®å ´åˆã¯ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã€‚ + + \param ssl WOLFSSLオブジェクトãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cid CIDã‚’ä¿æŒã™ã‚‹å†…部メモリã«è¨­å®šã•れるãƒã‚¤ãƒ³ã‚¿ã€‚ + + \sa wolfSSL_dtls_cid_get_tx + \sa wolfSSL_dtls_cid_use + \sa wolfSSL_dtls_cid_is_enabled + \sa wolfSSL_dtls_cid_set + \sa wolfSSL_dtls_cid_get_rx_size + \sa wolfSSL_dtls_cid_get_rx + \sa wolfSSL_dtls_cid_get_tx_size +*/ +int wolfSSL_dtls_cid_get0_tx(WOLFSSL* ssl, unsigned char** cid); + +/*! + +\brief レコードデータグラム/メッセージã‹ã‚‰ConnectionIDを抽出ã—ã¾ã™ã€‚RFC 9146ãŠã‚ˆã³RFC 9147ã‚’å‚ç…§ã—ã¦ãã ã•ã„。 + + \param msg ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‹ã‚‰èª­ã¿å–られãŸãƒ‡ãƒ¼ã‚¿ã‚°ãƒ©ãƒ ã‚’ä¿æŒã™ã‚‹ãƒãƒƒãƒ•ァ。 + \param msgSz msgã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param cid msgãƒãƒƒãƒ•ァ内ã®CIDã®é–‹å§‹ä½ç½®ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cidSz 期待ã•れるCIDã®ã‚µã‚¤ã‚ºã€‚レコード層ã«ã¯CIDサイズフィールドãŒãªã„ãŸã‚ã€CIDã®ã‚µã‚¤ã‚ºã‚’事å‰ã«çŸ¥ã£ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã™ã¹ã¦ã®æŽ¥ç¶šã«å®šæ•°CIDを使用ã™ã‚‹ã“ã¨ã‚’推奨ã—ã¾ã™ã€‚ + + \sa wolfSSL_dtls_cid_get_tx + \sa wolfSSL_dtls_cid_use + \sa wolfSSL_dtls_cid_is_enabled + \sa wolfSSL_dtls_cid_set + \sa wolfSSL_dtls_cid_get_rx_size + \sa wolfSSL_dtls_cid_get_rx + \sa wolfSSL_dtls_cid_get_tx_size +*/ +const unsigned char* wolfSSL_dtls_cid_parse(const unsigned char* msg, + unsigned int msgSz, unsigned int cidSz); + +/*! + \ingroup TLS + \brief サーãƒå´ã§ã¯ã€ã“ã®é–¢æ•°ã¯è¨¼æ˜Žæ›¸è¦æ±‚ã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«é€ä¿¡ã•れるCAåã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ã“れã¯ã€ã‚µãƒ¼ãƒãŒã‚µãƒãƒ¼ãƒˆã™ã‚‹CAã®ãƒ’ントã¨ã—ã¦æ©Ÿèƒ½ã—ã¾ã™ã€‚ + + クライアントå´ã§ã¯ã€ã“ã®é–¢æ•°ã¯åŠ¹æžœãŒã‚りã¾ã›ã‚“。 + + \param [in] ctx wolfSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] names 設定ã•れるåå‰ã®ãƒªã‚¹ãƒˆã€‚ + + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names); + +/*! + \ingroup TLS + \brief ã“れã¯ã€wolfSSL_CTX_set_client_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚リストãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param [in] ctx wolfSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return CAåã‚’å«ã‚€WOLFSSL_X509_NAMEã®ã‚¹ã‚¿ãƒƒã‚¯ã€‚ + + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +WOLFSSL_STACK *wolfSSL_CTX_get_client_CA_list( + const WOLFSSL_CTX *ctx); + +/*! + \ingroup TLS + \brief wolfSSL_CTX_set_client_CA_listã¨åŒã˜ã§ã™ãŒã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å›ºæœ‰ã§ã™ã€‚CAリストãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ä¸¡æ–¹ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ä¸Šã®ãƒªã‚¹ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ + + \param [in] ssl WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] names 設定ã™ã‚‹åå‰ã®ãƒªã‚¹ãƒˆã€‚ + + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +void wolfSSL_set_client_CA_list(WOLFSSL* ssl, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names); + +/*! + \ingroup TLS + \brief サーãƒå´ã§ã¯ã€wolfSSL_set_client_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚何も設定ã•れã¦ã„ãªã„å ´åˆã¯ã€wolfSSL_CTX_set_client_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’è¿”ã—ã¾ã™ã€‚リストãŒå…¨ã設定ã•れã¦ã„ãªã„å ´åˆã¯ã€NULLã‚’è¿”ã—ã¾ã™ã€‚ + + クライアントå´ã§ã¯ã€ã‚µãƒ¼ãƒã‹ã‚‰å—ä¿¡ã—ãŸãƒªã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚何もå—ä¿¡ã—ã¦ã„ãªã„å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚wolfSSL_CTX_set_cert_cbを使用ã—ã¦ã€ã‚µãƒ¼ãƒã‹ã‚‰è¨¼æ˜Žæ›¸è¦æ±‚ã‚’å—ä¿¡ã—ãŸã¨ãã«è¨¼æ˜Žæ›¸ã‚’å‹•çš„ã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã§ãã¾ã™ã€‚ + + \param [in] ssl WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return CAåã‚’å«ã‚€WOLFSSL_X509_NAMEã®ã‚¹ã‚¿ãƒƒã‚¯ã€‚ + + \sa wolfSSL_CTX_set_cert_cb + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +WOLFSSL_STACK* wolfSSL_get_client_CA_list( + const WOLFSSL* ssl); + +/*! + \ingroup TLS + \brief ã“ã®é–¢æ•°ã¯ã€ãƒ”ã‚¢ã®èªè¨¼ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã‚‹CAã®ãƒ’ントã¨ã—ã¦ãƒ”ã‚¢ã«é€ä¿¡ã•れるCAåã®ãƒªã‚¹ãƒˆã‚’設定ã—ã¾ã™ã€‚ + + TLS >= 1.3ã§ã¯ã€ã“れã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã¨ã‚µãƒ¼ãƒé–“ã®ä¸¡æ–¹å‘ã§ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ã¾ã™ã€‚サーãƒå´ã§ã¯ã€CAåã¯CertificateRequestã®ä¸€éƒ¨ã¨ã—ã¦é€ä¿¡ã•れるãŸã‚ã€ã“ã®é–¢æ•°ã¯*_set_client_CA_listã¨åŒç­‰ã§ã™ã€‚クライアントå´ã§ã¯ã€ã“れらã¯ClientHelloã®ä¸€éƒ¨ã¨ã—ã¦é€ä¿¡ã•れã¾ã™ã€‚ + + TLS < 1.3ã§ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã‹ã‚‰ã‚µãƒ¼ãƒã¸ã®CAåã®é€ä¿¡ã¯ã‚µãƒãƒ¼ãƒˆã•れã¦ã„ãªã„ãŸã‚ã€ã“ã®é–¢æ•°ã¯wolfSSL_CTX_set_client_CA_listã¨åŒç­‰ã§ã™ã€‚ + + *_set_client_CA_listã¨*_set0_CA_listを介ã—ã¦è¨­å®šã•れãŸãƒªã‚¹ãƒˆã¯å†…部的ã«åˆ¥ã€…ã§ã‚ã‚‹ã“ã¨ã«æ³¨æ„ã—ã¦ãã ã•ã„。ã¤ã¾ã‚Šã€*_get_client_CA_listを呼ã³å‡ºã—ã¦ã‚‚*_set0_CA_listを介ã—ã¦è¨­å®šã•れãŸãƒªã‚¹ãƒˆã¯å–å¾—ã•れãšã€ãã®é€†ã‚‚åŒæ§˜ã§ã™ã€‚両方ãŒè¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚µãƒ¼ãƒã¯ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆã«CAåã‚’é€ä¿¡ã™ã‚‹éš›ã«*_set0_CA_listを無視ã—ã¾ã™ã€‚ + + \param [in] ctx wolfSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] names 設定ã™ã‚‹åå‰ã®ãƒªã‚¹ãƒˆã€‚ + + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names); + +/*! + \ingroup TLS + \brief ã“れã¯ã€wolfSSL_CTX_set0_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚リストãŒè¨­å®šã•れã¦ã„ãªã„å ´åˆã¯NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param [in] ctx wolfSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return CAåã‚’å«ã‚€WOLFSSL_X509_NAMEã®ã‚¹ã‚¿ãƒƒã‚¯ã€‚ + + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +WOLFSSL_STACK *wolfSSL_CTX_get0_CA_list( + const WOLFSSL_CTX *ctx); + +/*! + \ingroup TLS + \brief wolfSSL_CTX_set0_CA_listã¨åŒã˜ã§ã™ãŒã€ã‚»ãƒƒã‚·ãƒ§ãƒ³å›ºæœ‰ã§ã™ã€‚CAリストãŒã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¨ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ä¸¡æ–¹ã«è¨­å®šã•れã¦ã„ã‚‹å ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ä¸Šã®ãƒªã‚¹ãƒˆãŒä½¿ç”¨ã•れã¾ã™ã€‚ + + \param [in] ssl WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] names 設定ã™ã‚‹åå‰ã®ãƒªã‚¹ãƒˆã€‚ + + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +void wolfSSL_set0_CA_list(WOLFSSL *ssl, + WOLF_STACK_OF(WOLFSSL_X509_NAME) *names); + +/*! + \ingroup TLS + \brief ã“れã¯ã€wolfSSL_set0_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’å–å¾—ã—ã¾ã™ã€‚何も設定ã•れã¦ã„ãªã„å ´åˆã¯ã€wolfSSL_CTX_set0_CA_listを介ã—ã¦ä»¥å‰ã«è¨­å®šã•れãŸãƒªã‚¹ãƒˆã‚’è¿”ã—ã¾ã™ã€‚リストãŒå…¨ã設定ã•れã¦ã„ãªã„å ´åˆã¯ã€NULLã‚’è¿”ã—ã¾ã™ã€‚ + + \param [in] ssl WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return CAåã‚’å«ã‚€WOLFSSL_X509_NAMEã®ã‚¹ã‚¿ãƒƒã‚¯ã€‚ + + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_peer_CA_list +*/ +WOLFSSL_STACK *wolfSSL_get0_CA_list( + const WOLFSSL *ssl); + +/*! + \ingroup TLS + \brief ã“れã¯ã€ãƒ”ã‚¢ã‹ã‚‰å—ä¿¡ã—ãŸCAリストを返ã—ã¾ã™ã€‚ + + クライアントå´ã§ã¯ã€ã“れã¯ã‚µãƒ¼ãƒãŒCertificateRequestã§é€ä¿¡ã—ãŸãƒªã‚¹ãƒˆã§ã‚りã€ã“ã®é–¢æ•°ã¯wolfSSL_get_client_CA_listã¨åŒç­‰ã§ã™ã€‚ + + サーãƒå´ã§ã¯ã€ã“れã¯TLS >= 1.3ã§ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒClientHelloメッセージã§é€ä¿¡ã—ãŸãƒªã‚¹ãƒˆã§ã™ã€‚TLS < 1.3ã§ã¯ã€ã“ã®é–¢æ•°ã¯ã‚µãƒ¼ãƒå´ã§å¸¸ã«NULLã‚’è¿”ã—ã¾ã™ã€‚ + + wolfSSL_CTX_set_cert_cbを使用ã—ã¦ã€ãƒ”ã‚¢ã‹ã‚‰CAリストをå—ä¿¡ã—ãŸã¨ãã«è¨¼æ˜Žæ›¸ã‚’å‹•çš„ã«ãƒ­ãƒ¼ãƒ‰ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã§ãã¾ã™ã€‚ + + \param [in] ssl WOLFSSLオブジェクトã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \return CAåã‚’å«ã‚€WOLFSSL_X509_NAMEã®ã‚¹ã‚¿ãƒƒã‚¯ã€‚ + + \sa wolfSSL_CTX_set_cert_cb + \sa wolfSSL_CTX_set_client_CA_list + \sa wolfSSL_set_client_CA_list + \sa wolfSSL_CTX_get_client_CA_list + \sa wolfSSL_get_client_CA_list + \sa wolfSSL_CTX_set0_CA_list + \sa wolfSSL_set0_CA_list + \sa wolfSSL_CTX_get0_CA_list + \sa wolfSSL_get0_CA_list +*/ +WOLFSSL_STACK *wolfSSL_get0_peer_CA_list(const WOLFSSL *ssl); + +/*! + \ingroup TLS + \brief ã“ã®é–¢æ•°ã¯ã€è¨¼æ˜Žæ›¸ãŒä½¿ç”¨ã•れる直å‰ã«å‘¼ã³å‡ºã•れるコールãƒãƒƒã‚¯ã‚’設定ã—ã€ã‚¢ãƒ—リケーションãŒè¨¼æ˜Žæ›¸ã‚’検査ã€è¨­å®šã€ã¾ãŸã¯ã‚¯ãƒªã‚¢ã§ãるよã†ã«ã—ã¾ã™ã€‚例ãˆã°ã€ãƒ”ã‚¢ã‹ã‚‰é€ä¿¡ã•れãŸCAリストã«å応ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ + + \param [in] ctx wolfSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] cb コールãƒãƒƒã‚¯ã¸ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param [in] arg コールãƒãƒƒã‚¯ã«æ¸¡ã•れるãƒã‚¤ãƒ³ã‚¿ã€‚ + + \sa wolfSSL_get0_peer_CA_list + \sa wolfSSL_get_client_CA_list +*/ +void wolfSSL_CTX_set_cert_cb(WOLFSSL_CTX* ctx, + int (*cb)(WOLFSSL *, void *), void *arg); + +/*! + \ingroup TLS + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚¯ãƒ©ã‚¤ã‚¢ãƒ³ãƒˆãŒæä¾›ã™ã‚‹æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¨ç½²åアルゴリズムã®ç”Ÿã®ãƒªã‚¹ãƒˆã‚’è¿”ã—ã¾ã™ã€‚リストã¯ã€wolfSSL_CTX_set_cert_cb()ã§è¨­å®šã•れãŸã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯å†…ã§ã®ã¿ä¿å­˜ã•れã€è¿”ã•れã¾ã™ã€‚ã“れã¯ã€åˆ©ç”¨å¯èƒ½ãªæš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¨ç½²åアルゴリズムã«åŸºã¥ã„ã¦è¨¼æ˜Žæ›¸ã¨éµã‚’å‹•çš„ã«ãƒ­ãƒ¼ãƒ‰ã§ãるよã†ã«ã™ã‚‹ã®ã«ä¾¿åˆ©ã§ã™ã€‚ + + \param [in] ssl リストを抽出ã™ã‚‹WOLFSSLオブジェクト。 + \param [out] suites クライアント暗å·ã‚¹ã‚¤ãƒ¼ãƒˆã®ç”Ÿã®ãƒ•ィルタリングã•れã¦ã„ãªã„リスト。利用å¯èƒ½ãªã‚¹ã‚¤ãƒ¼ãƒˆãŒãªã„å ´åˆã¯NULLã«ãªã‚‹ã“ã¨ãŒã‚りã¾ã™ã€‚ + \param [out] suiteSz suitesã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \param [out] hashSigAlgo クライアント署åアルゴリズムã®ç”Ÿã®ãƒ•ィルタリングã•れã¦ã„ãªã„リスト。æä¾›ã•れãªã„å ´åˆã¯NULLã«ãªã‚‹ã“ã¨ãŒã‚りã¾ã™ã€‚ + \param [out] hashSigAlgoSz hashSigAlgoã®ã‚µã‚¤ã‚º(ãƒã‚¤ãƒˆå˜ä½)。 + \return WOLFSSL_SUCCESS スイートãŒåˆ©ç”¨å¯èƒ½ãªå ´åˆã€‚ + \return WOLFSSL_FAILURE スイートãŒåˆ©ç”¨ã§ããªã„å ´åˆã€‚ + + _Example_ + \code + int certCB(WOLFSSL* ssl, void* arg) + { + const byte* suites = NULL; + word16 suiteSz = 0; + const byte* hashSigAlgo = NULL; + word16 hashSigAlgoSz = 0; + + wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo, + &hashSigAlgoSz); + + // æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã¨sigalgsã«åŸºã¥ã„ã¦ãƒ­ãƒ¼ãƒ‰ã™ã‚‹è¨¼æ˜Žæ›¸ã‚’é¸æŠž + } + + WOLFSSL* ctx; + ctx = wolfSSL_CTX_new(wolfTLSv1_3_method_ex(NULL)); + wolfSSL_CTX_set_cert_cb(ctx, certCB, NULL); + \endcode + + \sa wolfSSL_get_ciphersuite_info + \sa wolfSSL_get_sigalg_info +*/ +int wolfSSL_get_client_suites_sigalgs(const WOLFSSL* ssl, + const byte** suites, word16* suiteSz, + const byte** hashSigAlgo, word16* hashSigAlgoSz); + +/*! + \ingroup TLS + + \brief ã“れã¯ã€ç”Ÿã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒã‚¤ãƒˆã‹ã‚‰ç›´æŽ¥æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã«é–¢ã™ã‚‹æƒ…報を返ã—ã¾ã™ã€‚ + + \param [in] first æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®æœ€åˆã®ãƒã‚¤ãƒˆã€‚ + \param [in] second æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã®2番目ã®ãƒã‚¤ãƒˆã€‚ + + \return WOLFSSL_CIPHERSUITE_INFO æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆã§ä½¿ç”¨ã•れるèªè¨¼ã®ã‚¿ã‚¤ãƒ—ã«é–¢ã™ã‚‹æƒ…報をå«ã‚€æ§‹é€ ä½“。 + + _Example_ + \code + WOLFSSL_CIPHERSUITE_INFO info = + wolfSSL_get_ciphersuite_info(suites[0], suites[1]); + if (info.rsaAuth) + haveRSA = 1; + else if (info.eccAuth) + haveECC = 1; + \endcode + + \sa wolfSSL_get_client_suites_sigalgs + \sa wolfSSL_get_sigalg_info +*/ +WOLFSSL_CIPHERSUITE_INFO wolfSSL_get_ciphersuite_info(byte first, + byte second); + +/*! + \ingroup TLS + + \brief ã“れã¯ã€ç”Ÿã®æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒã‚¤ãƒˆã‹ã‚‰ç›´æŽ¥ãƒãƒƒã‚·ãƒ¥ãŠã‚ˆã³ç½²åアルゴリズムã«é–¢ã™ã‚‹æƒ…報を返ã—ã¾ã™ã€‚ + + \param [in] first ãƒãƒƒã‚·ãƒ¥ãŠã‚ˆã³ç½²åã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®æœ€åˆã®ãƒã‚¤ãƒˆã€‚ + \param [in] second ãƒãƒƒã‚·ãƒ¥ãŠã‚ˆã³ç½²åアルゴリズムã®2番目ã®ãƒã‚¤ãƒˆã€‚ + \param [out] hashAlgo MACアルゴリズムã®enum wc_HashType。 + \param [out] sigAlgo èªè¨¼ã‚¢ãƒ«ã‚´ãƒªã‚ºãƒ ã®enum Key_Sum。 + + \return 0 æƒ…å ±ãŒæ­£ã—ã設定ã•れãŸå ´åˆã€‚ + \return BAD_FUNC_ARG 入力パラメータã®ã„ãšã‚Œã‹ãŒNULLã®å ´åˆã€ã¾ãŸã¯ãƒã‚¤ãƒˆãŒèªè­˜ã•れるsigalgスイートã§ãªã„å ´åˆã€‚ + + _Example_ + \code + enum wc_HashType hashAlgo; + enum Key_Sum sigAlgo; + + wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1], + &hashAlgo, &sigAlgo); + + if (sigAlgo == RSAk || sigAlgo == RSAPSSk) + haveRSA = 1; + else if (sigAlgo == ECDSAk) + haveECC = 1; + \endcode + + \sa wolfSSL_get_client_suites_sigalgs + \sa wolfSSL_get_ciphersuite_info +*/ +int wolfSSL_get_sigalg_info(byte first, byte second, + int* hashAlgo, int* sigAlgo); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/tfm.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/tfm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/tfm.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/tfm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,17 +1,22 @@ /*! \ingroup Math - \brief ã“ã®é–¢æ•°ã¯ã€æ•´æ•°ã®æœ€å¤§ã‚µã‚¤ã‚ºã®ãƒ©ãƒ³ã‚¿ã‚¤ãƒ FastMath設定をãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚FP_SIZEãŒæ­£ã—ãæ©Ÿèƒ½ã™ã‚‹ãŸã‚ã«ã€FP_SIZEãŒå„ライブラリーã«ä¸€è‡´ã—ãªã‘れã°ãªã‚‰ãªã„ãŸã‚ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒWolfCryptライブラリを独立ã—ã¦ä½¿ç”¨ã—ã¦ã„ã‚‹å ´åˆã«é‡è¦ã§ã™ã€‚ã“ã®ãƒã‚§ãƒƒã‚¯ã¯CheckFastMathSettings()ã¨ã—ã¦å®šç¾©ã•れã¦ã„ã¾ã™ã€‚ã“れã¯ã€CheckRuntimeFastMathã¨FP_SIZEを比較ã™ã‚‹ã ã‘ã§ã€ãƒŸã‚¹ãƒžãƒƒãƒãŒã‚ã‚‹å ´åˆã¯0ã‚’è¿”ã—ã¾ã™ã€‚ - \return FP_SIZE 数学ライブラリã§åˆ©ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚ºã«å¯¾å¿œã™ã‚‹FP_SIZEã‚’è¿”ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€æ•´æ•°ã®æœ€å¤§ã‚µã‚¤ã‚ºã«é–¢ã™ã‚‹ãƒ©ãƒ³ã‚¿ã‚¤ãƒ fastmath設定をãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ユーザーãŒwolfCryptライブラリを独立ã—ã¦ä½¿ç”¨ã—ã¦ã„ã‚‹å ´åˆã«é‡è¦ã§ã™ã€‚æ•°å­¦ãŒæ­£ã—ã動作ã™ã‚‹ãŸã‚ã«ã¯ã€å„ライブラリã®FP_SIZEãŒä¸€è‡´ã—ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ã“ã®ãƒã‚§ãƒƒã‚¯ã¯CheckFastMathSettings()ã¨ã—ã¦å®šç¾©ã•れã¦ãŠã‚Šã€CheckRunTimeFastMathã¨FP_SIZEã‚’å˜ç´”ã«æ¯”較ã—ã€ä¸ä¸€è‡´ã®å ´åˆã¯0ã‚’ã€ä¸€è‡´ã™ã‚‹å ´åˆã¯1ã‚’è¿”ã—ã¾ã™ã€‚ + + \return FP_SIZE 数学ライブラリã§ä½¿ç”¨å¯èƒ½ãªæœ€å¤§ã‚µã‚¤ã‚ºã«å¯¾å¿œã™ã‚‹FP_SIZEã‚’è¿”ã—ã¾ã™ã€‚ + + \param none パラメータãªã—。 + _Example_ \code if (CheckFastMathSettings() != 1) { - return err_sys("Build vs. runtime fastmath FP_MAX_BITS mismatch\n"); + return err_sys("Build vs. runtime fastmath FP_MAX_BITS mismatch\n"); } - // This is converted by the preprocessor to: + // ã“れã¯ãƒ—リプロセッサã«ã‚ˆã£ã¦æ¬¡ã®ã‚ˆã†ã«å¤‰æ›ã•れã¾ã™: // if ( (CheckRunTimeFastMath() == FP_SIZE) != 1) { - // and confirms that the fast math settings match - // the compile time settings + // ãã—ã¦fastmath設定ãŒã‚³ãƒ³ãƒ‘イル時ã®è¨­å®šã¨ä¸€è‡´ã™ã‚‹ã“ã¨ã‚’確èªã—ã¾ã™ \endcode + \sa CheckRunTimeSettings */ word32 CheckRunTimeFastMath(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/types.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/types.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/types.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,18 +1,40 @@ /*! \ingroup Memory - \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ã‚€ã—ã‚プリプロセッサマクロã§ã‚りã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯è‡ªåˆ†ã®Mallocã€Reallocã€ãŠã‚ˆã³æ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«è‡ªç”±ãªé–¢æ•°ã«ç½®ãæ›ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚外部メモリ機能を使用ã™ã‚‹ã«ã¯ã€xmalloc_userを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’フォームã®å¤–部関数ã«ç½®ãæ›ãˆã¾ã™.extern void * xmalloc(size_t nã€void * heapã€int型); extern void * XrealLoc(void * pã€size_t nã€void *ヒープã€int型)。 extern void xfree(void * pã€void * heapã€int型); wolfssl_mallocã€wolfssl_reallocã€wolfssl_freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ機能を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ãŒæ¬¡ã®ã‚‚ã®ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™ã€‚#define Xmalloc(sã€hã€t)((void)hã€ï¼ˆvoid)tã€malloc((s)))#define xfree(pã€hã€t){void * xp =(p); if((xp))free((xp)); #define xrealloc(pã€nã€hã€t)Realloc((p)ã€ï¼ˆn))ã“れらã®ã‚ªãƒ—ションã®ã©ã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§ä½¿ç”¨ã•れã¾ã™ã€‚ WolfSSLメモリ機能ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを介ã—ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’設定ã§ãã¾ã™ï¼ˆWolfssl_Mallocã€WolfSSL_Reallocã€wolfssl_freeã‚’å‚照)。ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚‚ã®ã«ç½®ãæ›ãˆã¾ã™ã€‚#define xmalloc(sã€hã€t)((void)Hã€ï¼ˆVoid)Tã€wolfssl_malloc((s)))#define xfree(pã€hã€t){void * XP =(P); if((xp))wolfssl_free((xp)); #define xrealloc(pã€nã€hã€t)wolfssl_realloc((p)ã€ï¼ˆn)) - \return pointer æˆåŠŸã—ãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ - \return NULL 失敗ã—㟠- \param s 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚º - \param h (カスタムXMalloc関数ã§ä½¿ç”¨ã•れã¦ã„ã¾ã™ï¼‰ä½¿ç”¨ã™ã‚‹ãƒ’ープã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ãƒ—リプロセッサマクロã§ã™ã€‚ + ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«ç‹¬è‡ªã®mallocã€reallocã€freeé–¢æ•°ã‚’ç½®ãæ›ãˆã‚‹ã“ã¨ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + 外部メモリ関数を使用ã™ã‚‹ã«ã¯ã€XMALLOC_USERを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®å½¢å¼ã®å¤–部関数ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ関数を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ + ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®ã‚ˆã†ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + ã“れらã®ã‚ªãƒ—ションã®ã„ãšã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§wolfSSLメモリ関数を使用ã—ã¾ã™ã€‚ + ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを通ã˜ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’設定ã§ãã¾ã™(wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã‚’å‚ç…§)。 + ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚ˆã†ã«ç½®ãæ›ãˆã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + + \return pointer æˆåŠŸæ™‚ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + \return NULL 失敗時 + + \param s 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚º + \param h (カスタムXMALLOC関数ã§ä½¿ç”¨)使用ã™ã‚‹ãƒ’ープã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param t ユーザーヒント用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¿ã‚¤ãƒ—。types.hã®åˆ—挙型をå‚ç…§ + _Example_ \code int* tenInts = XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tenInts == NULL) { - // error allocating space + // スペース割り当ã¦ã‚¨ãƒ©ãƒ¼ return MEMORY_E; } \endcode + \sa wolfSSL_Malloc \sa wolfSSL_Realloc \sa wolfSSL_Free @@ -22,18 +44,40 @@ /*! \ingroup Memory - \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ã‚€ã—ã‚プリプロセッサマクロã§ã‚りã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯è‡ªåˆ†ã®Mallocã€Reallocã€ãŠã‚ˆã³æ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«è‡ªç”±ãªé–¢æ•°ã«ç½®ãæ›ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚外部メモリ機能を使用ã™ã‚‹ã«ã¯ã€xmalloc_userを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’フォームã®å¤–部関数ã«ç½®ãæ›ãˆã¾ã™.extern void * xmalloc(size_t nã€void * heapã€int型); extern void * XrealLoc(void * pã€size_t nã€void *ヒープã€int型)。 extern void xfree(void * pã€void * heapã€int型); wolfssl_mallocã€wolfssl_reallocã€wolfssl_freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ機能を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ãŒæ¬¡ã®ã‚‚ã®ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™ã€‚#define Xmalloc(sã€hã€t)((void)hã€ï¼ˆvoid)tã€malloc((s)))#define xfree(pã€hã€t){void * xp =(p); if((xp))free((xp)); #define xrealloc(pã€nã€hã€t)Realloc((p)ã€ï¼ˆn))ã“れらã®ã‚ªãƒ—ションã®ã©ã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§ä½¿ç”¨ã•れã¾ã™ã€‚ WolfSSLメモリ機能ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを介ã—ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’設定ã§ãã¾ã™ï¼ˆWolfssl_Mallocã€WolfSSL_Reallocã€wolfssl_freeã‚’å‚照)。ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚‚ã®ã«ç½®ãæ›ãˆã¾ã™ã€‚#define xmalloc(sã€hã€t)((void)Hã€ï¼ˆVoid)Tã€wolfssl_malloc((s)))#define xfree(pã€hã€t){void * XP =(P); if((xp))wolfssl_free((xp)); #define xrealloc(pã€nã€hã€t)wolfssl_realloc((p)ã€ï¼ˆn)) - \return Return æˆåŠŸã—ãŸãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ãƒã‚¤ãƒ³ã‚¿ - \return NULL 失敗ã—㟠- \param p Reallocateã¸ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param n 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚º - \param h (カスタムXrealloc関数ã§ä½¿ç”¨ã•れã¦ã„ã¾ã™ï¼‰ä½¿ç”¨ã™ã‚‹ãƒ’ープã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ãƒ—リプロセッサマクロã§ã™ã€‚ + ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«ç‹¬è‡ªã®mallocã€reallocã€freeé–¢æ•°ã‚’ç½®ãæ›ãˆã‚‹ã“ã¨ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + 外部メモリ関数を使用ã™ã‚‹ã«ã¯ã€XMALLOC_USERを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®å½¢å¼ã®å¤–部関数ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ関数を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ + ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®ã‚ˆã†ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + ã“れらã®ã‚ªãƒ—ションã®ã„ãšã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§wolfSSLメモリ関数を使用ã—ã¾ã™ã€‚ + ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを通ã˜ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’設定ã§ãã¾ã™(wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã‚’å‚ç…§)。 + ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚ˆã†ã«ç½®ãæ›ãˆã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + + \return æˆåŠŸæ™‚ã«å‰²ã‚Šå½“ã¦ã‚‰ã‚ŒãŸãƒ¡ãƒ¢ãƒªã¸ã®ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ + \return NULL 失敗時 + + \param p å†å‰²ã‚Šå½“ã¦ã™ã‚‹ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param n 割り当ã¦ã‚‹ãƒ¡ãƒ¢ãƒªã®ã‚µã‚¤ã‚º + \param h (カスタムXREALLOC関数ã§ä½¿ç”¨)使用ã™ã‚‹ãƒ’ープã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param t ユーザーヒント用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¿ã‚¤ãƒ—。types.hã®åˆ—挙型をå‚ç…§ + _Example_ \code int* tenInts = (int*)XMALLOC(sizeof(int)*10, NULL, DYNAMIC_TYPE_TMP_BUFFER); int* twentyInts = (int*)XREALLOC(tenInts, sizeof(int)*20, NULL, DYNAMIC_TYPE_TMP_BUFFER); \endcode + \sa wolfSSL_Malloc \sa wolfSSL_Realloc \sa wolfSSL_Free @@ -43,18 +87,41 @@ /*! \ingroup Memory - \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ã‚€ã—ã‚プリプロセッサマクロã§ã‚りã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¯è‡ªåˆ†ã®Mallocã€Reallocã€ãŠã‚ˆã³æ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«è‡ªç”±ãªé–¢æ•°ã«ç½®ãæ›ãˆã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚外部メモリ機能を使用ã™ã‚‹ã«ã¯ã€xmalloc_userを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’フォームã®å¤–部関数ã«ç½®ãæ›ãˆã¾ã™.extern void * xmalloc(size_t nã€void * heapã€int型); extern void * XrealLoc(void * pã€size_t nã€void *ヒープã€int型)。 extern void xfree(void * pã€void * heapã€int型); wolfssl_mallocã€wolfssl_reallocã€wolfssl_freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ機能を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ãŒæ¬¡ã®ã‚‚ã®ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™ã€‚#define Xmalloc(sã€hã€t)((void)hã€ï¼ˆvoid)tã€malloc((s)))#define xfree(pã€hã€t){void * xp =(p); if((xp))free((xp)); #define xrealloc(pã€nã€hã€t)Realloc((p)ã€ï¼ˆn))ã“れらã®ã‚ªãƒ—ションã®ã©ã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§ä½¿ç”¨ã•れã¾ã™ã€‚ WolfSSLメモリ機能ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを介ã—ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªæ©Ÿèƒ½ã‚’設定ã§ãã¾ã™ï¼ˆWolfssl_Mallocã€WolfSSL_Reallocã€wolfssl_freeã‚’å‚照)。ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚‚ã®ã«ç½®ãæ›ãˆã¾ã™ã€‚#define xmalloc(sã€hã€t)((void)Hã€ï¼ˆVoid)Tã€wolfssl_malloc((s)))#define xfree(pã€hã€t){void * XP =(P); if((xp))wolfssl_free((xp)); #define xrealloc(pã€nã€hã€t)wolfssl_realloc((p)ã€ï¼ˆn)) - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param p ç„¡æ–™ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param h 使用ã™ã‚‹ãƒ’ープã¸ã®ï¼ˆã‚«ã‚¹ã‚¿ãƒ XFree関数ã§ä½¿ç”¨ã•れã¦ã„ã¾ã™ï¼‰ã€‚ + + \brief ã“れã¯å®Ÿéš›ã«ã¯é–¢æ•°ã§ã¯ãªãã€ãƒ—リプロセッサマクロã§ã™ã€‚ + ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæ¨™æº–ã®Cメモリ関数ã®ä»£ã‚りã«ç‹¬è‡ªã®mallocã€reallocã€freeé–¢æ•°ã‚’ç½®ãæ›ãˆã‚‹ã“ã¨ã‚’å¯èƒ½ã«ã—ã¾ã™ã€‚ + 外部メモリ関数を使用ã™ã‚‹ã«ã¯ã€XMALLOC_USERを定義ã—ã¾ã™ã€‚ + ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®å½¢å¼ã®å¤–部関数ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + extern void *XMALLOC(size_t n, void* heap, int type); + extern void *XREALLOC(void *p, size_t n, void* heap, int type); + extern void XFREE(void *p, void* heap, int type); + wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã®ä»£ã‚りã«åŸºæœ¬çš„ãªCメモリ関数を使用ã™ã‚‹ã«ã¯ã€NO_WOLFSSL_MEMORYを定義ã—ã¾ã™ã€‚ + ã“れã«ã‚ˆã‚Šã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã¯æ¬¡ã®ã‚ˆã†ã«ç½®ãæ›ãˆã‚‰ã‚Œã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) free((xp));} + #define XREALLOC(p, n, h, t) realloc((p), (n)) + ã“れらã®ã‚ªãƒ—ションã®ã„ãšã‚Œã‚‚é¸æŠžã•れã¦ã„ãªã„å ´åˆã€ã‚·ã‚¹ãƒ†ãƒ ã¯ãƒ‡ãƒ•ォルトã§wolfSSLメモリ関数を使用ã—ã¾ã™ã€‚ + ユーザーã¯ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ãƒ•ックを通ã˜ã¦ã‚«ã‚¹ã‚¿ãƒ ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’設定ã§ãã¾ã™(wolfSSL_Mallocã€wolfSSL_Reallocã€wolfSSL_Freeã‚’å‚ç…§)。 + ã“ã®ã‚ªãƒ—ションã¯ã€ãƒ¡ãƒ¢ãƒªé–¢æ•°ã‚’次ã®ã‚ˆã†ã«ç½®ãæ›ãˆã¾ã™: + #define XMALLOC(s, h, t) ((void)h, (void)t, wolfSSL_Malloc((s))) + #define XFREE(p, h, t) {void* xp = (p); if((xp)) wolfSSL_Free((xp));} + #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n)) + + \return none 戻り値ãªã—。 + + \param p 解放ã™ã‚‹ã‚¢ãƒ‰ãƒ¬ã‚¹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param h (カスタムXFREE関数ã§ä½¿ç”¨)使用ã™ã‚‹ãƒ’ープã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param t ユーザーヒント用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ã‚¿ã‚¤ãƒ—。types.hã®åˆ—挙型をå‚ç…§ + _Example_ \code int* tenInts = XMALLOC(sizeof(int) * 10, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tenInts == NULL) { - // error allocating space + // スペース割り当ã¦ã‚¨ãƒ©ãƒ¼ return MEMORY_E; } \endcode + \sa wolfSSL_Malloc \sa wolfSSL_Realloc \sa wolfSSL_Free @@ -64,18 +131,26 @@ /*! \ingroup Math - \brief ã“ã®é–¢æ•°ã¯ã‚³ãƒ³ãƒ‘イル時クラスã®è¨­å®šã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚è¨­å®šãŒæ­£ã—ãæ©Ÿèƒ½ã™ã‚‹ãŸã‚ã®ãƒ©ã‚¤ãƒ–ラリ間ã®ãƒ©ã‚¤ãƒ–ラリ間ã§ä¸€è‡´ã™ã‚‹å¿…è¦ãŒã‚ã‚‹ãŸã‚ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒWolfCryptライブラリを独立ã—ã¦ä½¿ç”¨ã—ã¦ã„ã‚‹å ´åˆã¯é‡è¦ã§ã™ã€‚ã“ã®ãƒã‚§ãƒƒã‚¯ã¯CheckCtcSettings()ã¨ã—ã¦å®šç¾©ã•れã¦ã„ã¾ã™ã€‚ã“れã¯ã€CheckRuntimeSettingsã¨CTC_Settingsを比較ã™ã‚‹ã ã‘ã§ã€ãƒŸã‚¹ãƒžãƒƒãƒãŒã‚ã‚‹å ´åˆã¯0ã€ã¾ãŸã¯1ãŒä¸€è‡´ã—ãŸå ´åˆã¯1ã‚’è¿”ã—ã¾ã™ã€‚ - \return settings 実行時CTC_SETTINGS(コンパイル時設定)を返ã—ã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€ã‚³ãƒ³ãƒ‘イル時ã®ã‚¯ãƒ©ã‚¹è¨­å®šã‚’ãƒã‚§ãƒƒã‚¯ã—ã¾ã™ã€‚ + ユーザーãŒwolfCryptライブラリを独立ã—ã¦ä½¿ç”¨ã—ã¦ã„ã‚‹å ´åˆã«é‡è¦ã§ã™ã€‚ + æ•°å­¦ãŒæ­£ã—ã動作ã™ã‚‹ãŸã‚ã«ã¯ã€ãƒ©ã‚¤ãƒ–ラリ間ã§è¨­å®šãŒä¸€è‡´ã—ã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + ã“ã®ãƒã‚§ãƒƒã‚¯ã¯CheckCtcSettings()ã¨ã—ã¦å®šç¾©ã•れã¦ãŠã‚Šã€CheckRunTimeSettingsã¨CTC_SETTINGSã‚’å˜ç´”ã«æ¯”較ã—ã€ä¸ä¸€è‡´ã®å ´åˆã¯0ã‚’ã€ä¸€è‡´ã™ã‚‹å ´åˆã¯1ã‚’è¿”ã—ã¾ã™ã€‚ + + \return settings ランタイムCTC_SETTINGS(コンパイル時設定)ã‚’è¿”ã—ã¾ã™ + + \param none パラメータãªã—。 + _Example_ \code if (CheckCtcSettings() != 1) { return err_sys("Build vs. runtime math mismatch\n"); } - // This is converted by the preprocessor to: + // ã“れã¯ãƒ—リプロセッサã«ã‚ˆã£ã¦æ¬¡ã®ã‚ˆã†ã«å¤‰æ›ã•れã¾ã™: // if ( (CheckCtcSettings() == CTC_SETTINGS) != 1) { - // and will compare whether the compile time class settings - // match the current settings + // ãã—ã¦ã‚³ãƒ³ãƒ‘イル時ã®ã‚¯ãƒ©ã‚¹è¨­å®šãŒç¾åœ¨ã®è¨­å®šã¨ä¸€è‡´ã™ã‚‹ã‹ã©ã†ã‹ã‚’比較ã—ã¾ã™ \endcode + \sa CheckRunTimeFastMath */ word32 CheckRunTimeSettings(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_encrypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_encrypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_encrypt.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_encrypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,28 +1,32 @@ /*! \ingroup AES - \brief 入力ãƒãƒƒãƒ•ァーã‹ã‚‰æš—å·ã‚’復å·åŒ–ã—ã€AESã§Cipher Block Chainingを使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã«å‡ºåŠ›ãƒãƒƒãƒ•ァーã«å…¥ã‚Œã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€AESæ§‹é€ ã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“。代ã‚りã«ã€ã‚­ãƒ¼ã¨IVï¼ˆåˆæœŸåŒ–ベクトル)をå–りã€ã“れらを使用ã—ã¦AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã¦ã‹ã‚‰æš—å·ãƒ†ã‚­ã‚¹ãƒˆã‚’復å·åŒ–ã—ã¾ã™ã€‚ - \return 0 メッセージã®å¾©å·åŒ–ã«æˆåŠŸã—ã¾ã—㟠- \return BAD_ALIGN_E ãƒ–ãƒ­ãƒƒã‚¯æ•´åˆ—ã‚¨ãƒ©ãƒ¼ã«æˆ»ã‚Šã¾ã—㟠- \return BAD_FUNC_ARG aesetivã®é–“ã«ã‚­ãƒ¼ã®é•·ã•ãŒç„¡åйãªå ´åˆã€ã¾ãŸã¯AESオブジェクトãŒNULLã®å ´åˆ - \return MEMORY_E wolfssl_small_stackãŒæœ‰åйã«ãªã£ã¦ã„ã¦ã€xmallocãŒAESオブジェクトã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹åŒ–ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param out 復å·åŒ–ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®ãƒ—レーンテキストをä¿å­˜ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in 復å·åŒ–ã•れる暗å·ãƒ†ã‚­ã‚¹ãƒˆã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param inSz 入力メッセージã®ã‚µã‚¤ã‚º - \param key 復å·åŒ–ã®ãŸã‚ã®16,24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \brief 入力ãƒãƒƒãƒ•ã‚¡inã‹ã‚‰æš—å·ã‚’復å·ã—ã€çµæžœã®å¹³æ–‡ã‚’AESを使用ã—ãŸæš—å·ãƒ–ロック連鎖を使用ã—ã¦å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€AESæ§‹é€ ä½“ã‚’åˆæœŸåŒ–ã™ã‚‹å¿…è¦ã¯ã‚りã¾ã›ã‚“。代ã‚りã«ã€ã‚­ãƒ¼ã¨iv(åˆæœŸåŒ–ベクトル)ã‚’å—ã‘å–りã€ã“れらを使用ã—ã¦AESã‚ªãƒ–ã‚¸ã‚§ã‚¯ãƒˆã‚’åˆæœŸåŒ–ã—ã€æš—å·æ–‡ã‚’復å·ã—ã¾ã™ã€‚ + + \return 0 メッセージã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆ + \return BAD_ALIGN_E ブロックアライメントエラーãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return BAD_FUNC_ARG AesSetIV中ã«ã‚­ãƒ¼é•·ãŒç„¡åйã¾ãŸã¯AESオブジェクトãŒnullã®å ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E WOLFSSL_SMALL_STACKãŒæœ‰åйã§ã€XMALLOCãŒAESオブジェクトã®ã‚¤ãƒ³ã‚¹ã‚¿ãƒ³ã‚¹åŒ–ã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param out 復å·ã•れãŸãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®å¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹å‡ºåŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in 復å·ã™ã‚‹æš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param inSz 入力メッセージã®ã‚µã‚¤ã‚º + \param key 復å·ç”¨ã®16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ç§˜å¯†éµ + \param keySz 復å·ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã®ã‚µã‚¤ã‚º + _Example_ \code int ret = 0; - byte key[] = { some 16, 24, or 32 byte key }; - byte iv[] = { some 16 byte iv }; - byte cipher[AES_BLOCK_SIZE * n]; //n being a positive integer making - cipher some multiple of 16 bytes - // fill cipher with cipher text + byte key[] = { 16ã€24ã€ã¾ãŸã¯32ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ }; + byte iv[] = { 16ãƒã‚¤ãƒˆã®iv }; + byte cipher[AES_BLOCK_SIZE * n]; //nã¯æ­£ã®æ•´æ•°ã§ã€cipherã‚’16ãƒã‚¤ãƒˆã®å€æ•°ã«ã™ã‚‹ + // cipherã‚’æš—å·æ–‡ã§åŸ‹ã‚ã‚‹ byte plain [AES_BLOCK_SIZE * n]; if ((ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv)) != 0 ) { - // Decrypt Error + // 復å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_AesSetKey \sa wc_AesSetIV \sa wc_AesCbcEncrypt @@ -34,27 +38,33 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›æš—å·æ–‡ã‚’復å·åŒ–ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_des_cbcdecryptã®ä»£ã‚りã«ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDES構造体を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·åŒ–ã§ãるよã†ã«ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸæš—å·æ–‡ã‚’正常ã«å¾©å·åŒ–ã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return MEMORY_E DES構造体ã®å‰²ã‚Šå½“ã¦ã‚¹ãƒšãƒ¼ã‚¹ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ã‚‹å ´åˆã«è¿”ã•れ㟠- \param out 復å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz 復å·åŒ–ã™ã‚‹æš—å·æ–‡ã®é•·ã• - \param key 復å·åŒ–ã«ä½¿ç”¨ã™ã‚‹8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›æš—å·æ–‡inを復å·ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_Des_CbcDecryptã®ä»£æ›¿ã§ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDes構造体を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return 0 指定ã•ã‚ŒãŸæš—å·æ–‡ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E Des構造体用ã®ã‚¹ãƒšãƒ¼ã‚¹å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param out 復å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + \param key 復å·ã«ä½¿ç”¨ã™ã‚‹8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv 復å·ã«ä½¿ç”¨ã™ã‚‹8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ivãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + _Example_ \code int ret; - byte key[] = { // initialize with 8 byte key }; - byte iv[] = { // initialize with 8 byte iv }; + byte key[] = { // 8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; - byte cipher[] = { // initialize with ciphertext }; + byte cipher[] = { // æš—å·æ–‡ã§åˆæœŸåŒ– }; byte decoded[sizeof(cipher)]; if ( wc_Des_CbcDecryptWithKey(decoded, cipher, sizeof(cipher), key, iv) != 0) { - // error decrypting message + // メッセージã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Des_CbcDecrypt */ int wc_Des_CbcDecryptWithKey(byte* out, @@ -63,25 +73,31 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›å¹³æ–‡ã‚’æš—å·åŒ–ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WC_DES_CBCENCRYPTã®ä»£ã‚りã«ãªã‚Šã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDES構造を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå¾Œã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E DES構造体ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return <0 æš—å·åŒ–中ã«ä»»æ„ã®ã‚¨ãƒ©ãƒ¼ã«æˆ»ã‚Šã¾ã™ã€‚ - \param out 最終暗å·åŒ–データ - \param in æš—å·åŒ–ã•れるデータã¯ã€DESブロックサイズã«åŸ‹ã‚られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›å¹³æ–‡inã‚’æš—å·åŒ–ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®DESæš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_Des_CbcEncryptã®ä»£æ›¿ã§ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDes構造体を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return 0 ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå¾Œã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E Des構造体用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 æš—å·åŒ–中ã®ä»»æ„ã®ã‚¨ãƒ©ãƒ¼ã§è¿”ã•れã¾ã™ã€‚ + + \param out æœ€çµ‚çš„ã«æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ + \param in æš—å·åŒ–ã•れるデータ。Desブロックサイズã«ãƒ‘ディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param iv åˆæœŸåŒ–ベクトル + _Example_ \code - byte key[] = { // initialize with 8 byte key }; - byte iv[] = { // initialize with 8 byte iv }; - byte in[] = { // Initialize with plaintext }; + byte key[] = { // 8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; + byte in[] = { // 平文ã§åˆæœŸåŒ– }; byte out[sizeof(in)]; if ( wc_Des_CbcEncryptWithKey(&out, in, sizeof(in), key, iv) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des_CbcDecryptWithKey \sa wc_Des_CbcEncrypt */ @@ -91,27 +107,33 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›å¹³æ–‡ã‚’æš—å·åŒ–ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§ãƒˆãƒªãƒ—ルDES(3DES)暗å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€WC_DES3_CBCENCRYPTã®ä»£ã‚りã«ãªã‚Šã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDES3構造を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã§ãã¾ã™ã€‚ - \return 0 ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå¾Œã«è¿”ã•れã¾ã™ã€‚ - \return MEMORY_E DES構造体ã«ãƒ¡ãƒ¢ãƒªã‚’割り当ã¦ã‚‹ã‚¨ãƒ©ãƒ¼ãŒã‚ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return <0 æš—å·åŒ–中ã«ä»»æ„ã®ã‚¨ãƒ©ãƒ¼ã«æˆ»ã‚Šã¾ã™ã€‚ - \param out 最終暗å·åŒ–データ - \param in æš—å·åŒ–ã•れるデータã¯ã€DESブロックサイズã«åŸ‹ã‚られãªã‘れã°ãªã‚Šã¾ã›ã‚“。 - \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚º - \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›å¹³æ–‡inã‚’æš—å·åŒ–ã—ã€çµæžœã®æš—å·æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®ãƒˆãƒªãƒ—ルDES(3DES)æš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_Des3_CbcEncryptã®ä»£æ›¿ã§ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDes3構造体を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’æš—å·åŒ–ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return 0 ãƒ‡ãƒ¼ã‚¿ã®æš—å·åŒ–ã«æˆåŠŸã—ãŸå¾Œã«è¿”ã•れã¾ã™ã€‚ + \return MEMORY_E Des構造体用ã®ãƒ¡ãƒ¢ãƒªå‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return <0 æš—å·åŒ–中ã®ä»»æ„ã®ã‚¨ãƒ©ãƒ¼ã§è¿”ã•れã¾ã™ã€‚ + + \param out æœ€çµ‚çš„ã«æš—å·åŒ–ã•れãŸãƒ‡ãƒ¼ã‚¿ + \param in æš—å·åŒ–ã•れるデータ。Desブロックサイズã«ãƒ‘ディングã•れã¦ã„ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + \param sz 入力ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param key æš—å·åŒ–ã«ä½¿ç”¨ã™ã‚‹ã‚­ãƒ¼ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param iv åˆæœŸåŒ–ベクトル + _Example_ \code - byte key[] = { // initialize with 8 byte key }; - byte iv[] = { // initialize with 8 byte iv }; + byte key[] = { // 8ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; - byte in[] = { // Initialize with plaintext }; + byte in[] = { // 平文ã§åˆæœŸåŒ– }; byte out[sizeof(in)]; if ( wc_Des3_CbcEncryptWithKey(&out, in, sizeof(in), key, iv) != 0) { - // error encrypting message + // ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã®æš—å·åŒ–エラー } \endcode + \sa wc_Des3_CbcDecryptWithKey \sa wc_Des_CbcEncryptWithKey \sa wc_Des_CbcDecryptWithKey @@ -122,27 +144,33 @@ /*! \ingroup 3DES - \brief ã“ã®é–¢æ•°ã¯å…¥åŠ›æš—å·æ–‡ã‚’復å·åŒ–ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ァーã«å‡ºåŠ›ã—ã¾ã™ã€‚æš—å·ãƒ–ロックãƒã‚§ãƒ¼ãƒ³ï¼ˆCBC)モードã§ãƒˆãƒªãƒ—ルDES(3DES)暗å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯ã€wc_des3_cbcdecryptã®ä»£ã‚りã«ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDES3構造を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·åŒ–ã§ãるよã†ã«ã—ã¾ã™ã€‚ - \return 0 与ãˆã‚‰ã‚ŒãŸæš—å·æ–‡ã‚’正常ã«å¾©å·åŒ–ã—ãŸã¨ãã«è¿”ã•れã¾ã—㟠- \return MEMORY_E DES構造体ã®å‰²ã‚Šå½“ã¦ã‚¹ãƒšãƒ¼ã‚¹ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ã‚‹å ´åˆã«è¿”ã•れ㟠- \param out 復å·åŒ–ã•れãŸå¹³æ–‡ã‚’ä¿å­˜ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ - \param sz 復å·åŒ–ã™ã‚‹æš—å·æ–‡ã®é•·ã• - \param key 復å·åŒ–ã«ä½¿ç”¨ã™ã‚‹24ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + + \brief ã“ã®é–¢æ•°ã¯ã€å…¥åŠ›æš—å·æ–‡inを復å·ã—ã€çµæžœã®å¹³æ–‡ã‚’出力ãƒãƒƒãƒ•ã‚¡outã«æ ¼ç´ã—ã¾ã™ã€‚æš—å·ãƒ–ロック連鎖(CBC)モードã®ãƒˆãƒªãƒ—ルDes(3DES)æš—å·åŒ–を使用ã—ã¾ã™ã€‚ã“ã®é–¢æ•°ã¯wc_Des3_CbcDecryptã®ä»£æ›¿ã§ã€ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒDes3構造体を直接インスタンス化ã›ãšã«ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’復å·ã§ãるよã†ã«ã—ã¾ã™ã€‚ + + \return 0 指定ã•ã‚ŒãŸæš—å·æ–‡ã®å¾©å·ã«æˆåŠŸã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + \return MEMORY_E Des構造体用ã®ã‚¹ãƒšãƒ¼ã‚¹å‰²ã‚Šå½“ã¦ä¸­ã«ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã«è¿”ã•れã¾ã™ + + \param out 復å·ã•れãŸå¹³æ–‡ã‚’æ ¼ç´ã™ã‚‹ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param in æš—å·åŒ–ã•ã‚ŒãŸæš—å·æ–‡ã‚’å«ã‚€å…¥åŠ›ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param sz 復å·ã™ã‚‹æš—å·æ–‡ã®é•·ã• + \param key 復å·ã«ä½¿ç”¨ã™ã‚‹24ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ + \param iv 復å·ã«ä½¿ç”¨ã™ã‚‹8ãƒã‚¤ãƒˆã®ivã‚’å«ã‚€ãƒãƒƒãƒ•ã‚¡ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ivãŒæä¾›ã•れãªã„å ´åˆã€ivã¯ãƒ‡ãƒ•ォルトã§0ã«ãªã‚Šã¾ã™ + _Example_ \code int ret; - byte key[] = { // initialize with 24 byte key }; - byte iv[] = { // initialize with 8 byte iv }; + byte key[] = { // 24ãƒã‚¤ãƒˆã®ã‚­ãƒ¼ã§åˆæœŸåŒ– }; + byte iv[] = { // 8ãƒã‚¤ãƒˆã®ivã§åˆæœŸåŒ– }; - byte cipher[] = { // initialize with ciphertext }; + byte cipher[] = { // æš—å·æ–‡ã§åˆæœŸåŒ– }; byte decoded[sizeof(cipher)]; if ( wc_Des3_CbcDecryptWithKey(decoded, cipher, sizeof(cipher), key, iv) != 0) { - // error decrypting message + // メッセージã®å¾©å·ã‚¨ãƒ©ãƒ¼ } \endcode + \sa wc_Des3_CbcDecrypt */ int wc_Des3_CbcDecryptWithKey(byte* out, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_port.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wc_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,8 +1,13 @@ /*! \ingroup wolfCrypt - \brief WolfCryptã«ã‚ˆã£ã¦ä½¿ç”¨ã•ã‚Œã‚‹ãƒªã‚½ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸã™ã‚‹ã¨ã€‚ - \return <0 initリソースãŒå¤±æ•—ã™ã‚‹ã¨ã€‚ + + \brief wolfCryptã§ä½¿ç”¨ã•ã‚Œã‚‹ãƒªã‚½ãƒ¼ã‚¹ã‚’åˆæœŸåŒ–ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return <0 リソースã®åˆæœŸåŒ–ã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param none パラメータãªã—。 + _Example_ \code ... @@ -10,15 +15,21 @@ WOLFSSL_MSG("Error with wolfCrypt_Init call"); } \endcode + \sa wolfCrypt_Cleanup */ int wolfCrypt_Init(void); /*! \ingroup wolfCrypt - \brief WolfCryptã«ã‚ˆã£ã¦ä½¿ç”¨ã•れるリソースをクリーンアップã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ - \return 0 æˆåŠŸã™ã‚‹ã¨ã€‚ - \return <0 リソースã®ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—ãŒå¤±æ•—ã—ãŸã¨ã。 + + \brief wolfCryptã§ä½¿ç”¨ã•れるリソースをクリーンアップã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€‚ + \return <0 リソースã®ã‚¯ãƒªãƒ¼ãƒ³ã‚¢ãƒƒãƒ—ã«å¤±æ•—ã—ãŸå ´åˆã€‚ + + \param none パラメータãªã—。 + _Example_ \code ... @@ -26,6 +37,7 @@ WOLFSSL_MSG("Error with wolfCrypt_Cleanup call"); } \endcode + \sa wolfCrypt_Init */ int wolfCrypt_Cleanup(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wolfio.h mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wolfio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wolfio.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/doc/dox_comments/header_files-ja/wolfio.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,16 +1,20 @@ /*! - \brief - \return Success ã“ã®é–¢æ•°ã¯ã€èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_WANT_READ 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_ewouldbolcokã¾ãŸã¯socket_eagainã§ã‚れã°ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_TIMEOUT "Socket Timeout"メッセージを返ã—ã¾ã—ãŸã€‚ - \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_econnresetã®å ´åˆã€ "Connection Reset"メッセージã§è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_eintrã®å ´åˆã€ "Socket Interrupted"メッセージãŒè¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_WANT_READ 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_econneRefusedã®å ´åˆã€ã€ŒæŽ¥ç¶šæ‹’å¦ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã‚’è¿”ã—ã¾ã—ãŸã€‚ - \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNABORTEDã®å ´åˆã€ã€ŒæŽ¥ç¶šä¸­æ­¢ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã¯ã€ã€Œä¸€èˆ¬çš„ãªã‚¨ãƒ©ãƒ¼ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã®ãƒãƒ£ãƒ¼ãƒã‚¤ãƒ³ã‚¿è¡¨ç¾ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \brief ã“ã®é–¢æ•°ã¯å—信埋ã‚è¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ã™ã€‚ + + \return Success ã“ã®é–¢æ•°ã¯èª­ã¿å–られãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_WANT_READ 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EWOULDBLCOKã¾ãŸã¯SOCKET_EAGAINã®å ´åˆã€"Would block"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_TIMEOUT "Socket timeout"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNRESETã®å ´åˆã€"Connection reset"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EINTRã®å ´åˆã€"Socket interrupted"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_WANT_READ 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNREFUSEDã®å ´åˆã€"Connection refused"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNABORTEDã®å ´åˆã€"Connection aborted"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€"General error"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ã‚¡ã®charåž‹ãƒã‚¤ãƒ³ã‚¿è¡¨ç¾ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param ctx ユーザー登録コンテキストã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚デフォルトã®å ´åˆã€ctxã¯ã‚½ã‚±ãƒƒãƒˆè¨˜è¿°å­ãƒã‚¤ãƒ³ã‚¿ã§ã™ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); @@ -20,9 +24,10 @@ void* ctx; int bytesRead = EmbedReceive(ssl, buf, sz, ctx); if(bytesRead <= 0){ - // There were no bytes read. Failure case. + // ãƒã‚¤ãƒˆãŒèª­ã¿å–られã¾ã›ã‚“ã§ã—ãŸã€‚失敗ケース。 } \endcode + \sa EmbedSend \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_SSLSetIORecv @@ -30,16 +35,20 @@ int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! - \brief - \return Success ã“ã®é–¢æ•°ã¯é€ä¿¡ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_WANT_WRITE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_ewouldblockã¾ãŸã¯socket_eagainã§ã‚れã°ã€ "Block"メッセージを返ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_econnresetã®å ´åˆã€ "Connection Reset"メッセージã§è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_eintrã®å ´åˆã€ "Socket Interrupted"メッセージãŒè¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_epipeã®å ´åˆã€ "Socket Epipe"メッセージを返ã—ã¾ã—ãŸã€‚ - \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã¯ã€ã€Œä¸€èˆ¬çš„ãªã‚¨ãƒ©ãƒ¼ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã‚’è¡¨ã™æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \brief ã“ã®é–¢æ•°ã¯é€ä¿¡åŸ‹ã‚è¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ã™ã€‚ + + \return Success ã“ã®é–¢æ•°ã¯é€ä¿¡ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_WANT_WRITE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EWOULDBLOCKã¾ãŸã¯SOCKET_EAGAINã®å ´åˆã€"Would block"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNRESETã®å ´åˆã€"Connection reset"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EINTRã®å ´åˆã€"Socket interrupted"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EPIPEã®å ´åˆã€"Socket EPIPE"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€"General error"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ァを表ã™charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param ctx ユーザー登録コンテキストã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); @@ -48,9 +57,10 @@ void* ctx; int dSent = EmbedSend(ssl, buf, sz, ctx); if(dSent <= 0){ - // No byes sent. Failure case. + // ãƒã‚¤ãƒˆãŒé€ä¿¡ã•れã¾ã›ã‚“ã§ã—ãŸã€‚失敗ケース。 } \endcode + \sa EmbedReceive \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SSLSetIOSend @@ -58,16 +68,20 @@ int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! - \brief - \return Success ã“ã®é–¢æ•°ã¯ã€å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã«èª­ã¿è¾¼ã¾ã‚ŒãŸNBãƒã‚¤ãƒˆã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_WANT_READ æŽ¥ç¶šãŒæ‹’å¦ã•れãŸå ´åˆã€ã¾ãŸã¯ã€Œãƒ–ロックã€ã‚¨ãƒ©ãƒ¼ãŒç™ºç”Ÿã—ãŸå ´åˆã¯æ©Ÿèƒ½ã«ã‚¹ãƒ­ãƒ¼ã•れã¾ã—ãŸã€‚ - \return WOLFSSL_CBIO_ERR_TIMEOUT ソケットãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸå ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_CONN_RST 接続ãŒãƒªã‚»ãƒƒãƒˆã•れã¦ã„ã‚‹å ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_ISR ソケットãŒä¸­æ–­ã•れãŸå ´åˆã¯è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_GENERAL 一般的ãªã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã¸ã®å®šæ•°ã®æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™int型。 + \brief ã“ã®é–¢æ•°ã¯å—信埋ã‚è¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ã™ã€‚ + + \return Success å®Ÿè¡ŒãŒæˆåŠŸã—ãŸå ´åˆã€ã“ã®é–¢æ•°ã¯èª­ã¿å–られãŸnbãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_WANT_READ æŽ¥ç¶šãŒæ‹’å¦ã•れãŸå ´åˆã€ã¾ãŸã¯é–¢æ•°ã§'would block'エラーãŒã‚¹ãƒ­ãƒ¼ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_TIMEOUT ソケットãŒã‚¿ã‚¤ãƒ ã‚¢ã‚¦ãƒˆã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_RST 接続ãŒãƒªã‚»ãƒƒãƒˆã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_ISR ソケットãŒä¸­æ–­ã•れãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_GENERAL 一般的ãªã‚¨ãƒ©ãƒ¼ãŒã‚ã£ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ã‚¡ã¸ã®const charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã‚’表ã™int型。 + \param ctx WOLFSSL_CTXコンテキストã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( protocol method ); @@ -78,27 +92,32 @@ … int nb = EmbedReceiveFrom(ssl, buf, sz, ctx); if(nb > 0){ - // nb is the number of bytes written and is positive + // nbã¯æ›¸ãè¾¼ã¾ã‚ŒãŸãƒã‚¤ãƒˆæ•°ã§æ­£ã®å€¤ã§ã™ } \endcode + \sa EmbedSendTo \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_SSLSetIORecv \sa wolfSSL_dtls_get_current_timeout */ -int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void*); +int EmbedReceiveFrom(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! - \brief - \return Success ã“ã®é–¢æ•°ã¯é€ä¿¡ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_WANT_WRITE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_ewouldblockã¾ãŸã¯socket_eagainエラーã®å ´åˆã€ "Block"メッセージを返ã—ã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_econnresetã®å ´åˆã€ "Connection Reset"メッセージã§è¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒsocket_eintrã®å ´åˆã€ "Socket Interrupted"メッセージãŒè¿”ã•れã¾ã™ã€‚ - \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒwolfssl_cbio_err_conn_croseã®å ´åˆã€ "Socket Epipe"メッセージを返ã—ã¾ã—ãŸã€‚ - \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã¯ã€ã€Œä¸€èˆ¬çš„ãªã‚¨ãƒ©ãƒ¼ã€ãƒ¡ãƒƒã‚»ãƒ¼ã‚¸ã§è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ã‚¡ã‚’è¡¨ã™æ–‡å­—ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \brief ã“ã®é–¢æ•°ã¯é€ä¿¡åŸ‹ã‚è¾¼ã¿ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ã™ã€‚ + + \return Success ã“ã®é–¢æ•°ã¯é€ä¿¡ã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_WANT_WRITE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EWOULDBLOCKã¾ãŸã¯SOCKET_EAGAINエラーã®å ´åˆã€"Would Block"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_RST 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_ECONNRESETã®å ´åˆã€"Connection reset"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_ISR 最後ã®ã‚¨ãƒ©ãƒ¼ãŒSOCKET_EINTRã®å ´åˆã€"Socket interrupted"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_CONN_CLOSE 最後ã®ã‚¨ãƒ©ãƒ¼ãŒWOLFSSL_CBIO_ERR_CONN_CLOSEã®å ´åˆã€"Socket EPIPE"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + \return WOLFSSL_CBIO_ERR_GENERAL 最後ã®ã‚¨ãƒ©ãƒ¼ãŒæŒ‡å®šã•れã¦ã„ãªã„å ´åˆã€"General error"メッセージã¨ã¨ã‚‚ã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ァを表ã™charåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param ctx ユーザー登録コンテキストã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚デフォルトã®å ´åˆã¯WOLFSSL_DTLS_CTX構造体ã§ã™ã€‚ + _Example_ \code WOLFSSL* ssl; @@ -109,9 +128,10 @@ int sEmbed = EmbedSendto(ssl, buf, sz, ctx); if(sEmbed <= 0){ - // No bytes sent. Failure case. + // ãƒã‚¤ãƒˆãŒé€ä¿¡ã•れã¾ã›ã‚“ã§ã—ãŸã€‚失敗ケース。 } \endcode + \sa EmbedReceiveFrom \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SSLSetIOSend @@ -119,12 +139,16 @@ int EmbedSendTo(WOLFSSL* ssl, char* buf, int sz, void* ctx); /*! - \brief - \return Success ã“ã®é–¢æ•°ã¯ã€ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ - \return GEN_COOKIE_E getPeernameãŒEmbedGenerateCookieã«å¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param buf ãƒãƒƒãƒ•ァを表ã™ãƒã‚¤ãƒˆãƒã‚¤ãƒ³ã‚¿ã€‚xmemcpy()ã‹ã‚‰ã®å®›å…ˆã§ã™ã€‚ - \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \brief ã“ã®é–¢æ•°ã¯DTLS Generate Cookieコールãƒãƒƒã‚¯ã§ã™ã€‚ + + \return Success ã“ã®é–¢æ•°ã¯ãƒãƒƒãƒ•ã‚¡ã«ã‚³ãƒ”ーã•れãŸãƒã‚¤ãƒˆæ•°ã‚’è¿”ã—ã¾ã™ã€‚ + \return GEN_COOKIE_E EmbedGenerateCookieã§getpeernameãŒå¤±æ•—ã—ãŸå ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param buf ãƒãƒƒãƒ•ァを表ã™byteåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚XMEMCPY()ã®å®›å…ˆã§ã™ã€‚ + \param sz ãƒãƒƒãƒ•ã‚¡ã®ã‚µã‚¤ã‚ºã€‚ + \param ctx ユーザー登録コンテキストã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); @@ -136,25 +160,31 @@ int ret = EmbedGenerateCookie(ssl, buffer, sz, ctx); if(ret > 0){ - // EmbedGenerateCookie code block for success + // EmbedGenerateCookieã®æˆåŠŸã‚³ãƒ¼ãƒ‰ãƒ–ãƒ­ãƒƒã‚¯ } \endcode + \sa wolfSSL_CTX_SetGenCookie */ -int EmbedGenerateCookie(WOLFSSL* ssl, unsigned char* buf, - int sz, void*); +int EmbedGenerateCookie(WOLFSSL* ssl, byte* buf, + int sz, void* ctx); /*! - \brief - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx ヒープヒントã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯å¿œç­”ãƒãƒƒãƒ•ァを解放ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx ヒープヒントã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param resp 応答を表ã™byteåž‹ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code void* ctx; - byte* resp; // Response buffer. + byte* resp; // 応答ãƒãƒƒãƒ•ã‚¡ … EmbedOcspRespFree(ctx, resp); \endcode + \sa wolfSSL_CertManagerSetOCSP_Cb \sa wolfSSL_CertManagerEnableOCSPStapling \sa wolfSSL_CertManagerEnableOCSP @@ -162,21 +192,30 @@ void EmbedOcspRespFree(void* ctx, byte* resp); /*! - \brief データ。デフォルトã§ã¯ã€WolfSSLã¯ã‚·ã‚¹ãƒ†ãƒ ã®TCP RECV()関数を使用ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¨ã—ã¦EmbedReceive()を使用ã—ã¾ã™ã€‚ユーザã¯ã€ãƒ¡ãƒ¢ãƒªã€ä»–ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã€ã¾ãŸã¯ã©ã“ã‹ã‚‰ã§ã‚‚入力ã™ã‚‹ã‚ˆã†ã«æ©Ÿèƒ½ã‚’登録ã§ãã¾ã™ã€‚é–¢æ•°ã®æ©Ÿèƒ½ã¨ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã®ãŸã‚ã®ã‚¬ã‚¤ãƒ‰ã¨ã—ã¦ã€src / io.cã®åŸ‹ã‚è¾¼ã¿Receive()関数をå‚ç…§ã—ã¦ãã ã•ã„。特ã«ã€ãƒ‡ãƒ¼ã‚¿ãŒæº–å‚™ãŒã§ãã¦ã„ãªã„ã¨ãã«ã€IO_ERR_WANT_READã‚’éžãƒ–ロックå—信用ã«è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ctx wolfssl_ctx_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒå…¥åŠ›ãƒ‡ãƒ¼ã‚¿ã‚’å–å¾—ã™ã‚‹ãŸã‚ã®å—信コールãƒãƒƒã‚¯ã‚’登録ã—ã¾ã™ã€‚ + デフォルトã§ã¯ã€wolfSSLã¯ã‚·ã‚¹ãƒ†ãƒ ã®TCP recv()関数を使用ã™ã‚‹ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¨ã—ã¦EmbedReceive()を使用ã—ã¾ã™ã€‚ + ユーザーã¯ã€ãƒ¡ãƒ¢ãƒªã€ä»–ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã€ã¾ãŸã¯ä»»æ„ã®å ´æ‰€ã‹ã‚‰å…¥åŠ›ã‚’å–å¾—ã™ã‚‹é–¢æ•°ã‚’登録ã§ãã¾ã™ã€‚ + 関数ã®å‹•作方法ã¨ã‚¨ãƒ©ãƒ¼ã‚³ãƒ¼ãƒ‰ã«ã¤ã„ã¦ã¯ã€src/io.cã®EmbedReceive()関数をガイドã¨ã—ã¦å‚ç…§ã—ã¦ãã ã•ã„。 + 特ã«ã€ãƒ‡ãƒ¼ã‚¿ã®æº–å‚™ãŒã§ãã¦ã„ãªã„ノンブロッキングå—ä¿¡ã®å ´åˆã¯IO_ERR_WANT_READã‚’è¿”ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ctx wolfSSL_CTX_new()ã§ä½œæˆã•れãŸSSLコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param callback wolfSSLコンテキストctxã®å—信コールãƒãƒƒã‚¯ã¨ã—ã¦ç™»éŒ²ã•れる関数。ã“ã®é–¢æ•°ã®ã‚·ã‚°ãƒãƒãƒ£ã¯ã€ä¸Šè¨˜ã®Synopsisセクションã«ç¤ºã•れã¦ã„ã‚‹ã‚‚ã®ã«å¾“ã†å¿…è¦ãŒã‚りã¾ã™ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = 0; - // Receive callback prototype + // å—信コールãƒãƒƒã‚¯ã®ãƒ—ロトタイプ int MyEmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); - // Register the custom receive callback with wolfSSL + // カスタムå—信コールãƒãƒƒã‚¯ã‚’wolfSSLã«ç™»éŒ² wolfSSL_CTX_SetIORecv(ctx, MyEmbedReceive); int MyEmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) { - // custom EmbedReceive function + // カスタムEmbedReceive関数 } \endcode + \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SetIOReadCtx \sa wolfSSL_SetIOWriteCtx @@ -184,18 +223,26 @@ void wolfSSL_CTX_SetIORecv(WOLFSSL_CTX* ctx, CallbackIORecv CBIORecv); /*! - \brief コールãƒãƒƒã‚¯é–¢æ•°ãƒ‡ãƒ•ォルトã§ã¯ã€WolfSSLã¯ã€WolfSSLãŒã‚·ã‚¹ãƒ†ãƒ ã®TCPライブラリを使用ã—ã¦ã„ã‚‹å ´åˆã€wolfssl_set_fdï¼ˆï¼‰ã«æ¸¡ã•れãŸãƒ•ァイル記述å­ã‚’コンテキストã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚自分ã®å—信コールãƒãƒƒã‚¯ã‚’登録ã—ãŸå ´åˆã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ç‰¹å®šã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’設定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ãŸã¨ãˆã°ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァを使用ã—ã¦ã„ã‚‹å ´åˆã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァーã®ã©ã“ã«ã‚りã‹ã‚’説明ã™ã‚‹æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã‚り得る。 - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã®å—信コールãƒãƒƒã‚¯é–¢æ•°ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’登録ã—ã¾ã™ã€‚ + デフォルトã§ã¯ã€wolfSSLãŒã‚·ã‚¹ãƒ†ãƒ ã®TCPライブラリを使用ã—ã¦ã„ã‚‹å ´åˆã€wolfSSLã¯wolfSSL_set_fd()ã«æ¸¡ã•れãŸãƒ•ァイル記述å­ã‚’コンテキストã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + 独自ã®å—信コールãƒãƒƒã‚¯ã‚’登録ã—ãŸå ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ç‰¹å®šã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’設定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ + ãŸã¨ãˆã°ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァを使用ã—ã¦ã„ã‚‹å ´åˆã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹æ–¹æ³•ã¨å ´æ‰€ã‚’記述ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param rctx SSLセッション(ssl)ã®å—信コールãƒãƒƒã‚¯é–¢æ•°ã«ç™»éŒ²ã•れるコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int sockfd; WOLFSSL* ssl = 0; ... - // Manually setting the socket fd as the receive CTX, for example + // 例ã¨ã—ã¦ã€å—ä¿¡CTXã¨ã—ã¦ã‚½ã‚±ãƒƒãƒˆfdを手動ã§è¨­å®š wolfSSL_SetIOReadCtx(ssl, &sockfd); ... \endcode + \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SetIOWriteCtx @@ -203,18 +250,26 @@ void wolfSSL_SetIOReadCtx( WOLFSSL* ssl, void *ctx); /*! - \brief コールãƒãƒƒã‚¯é–¢æ•°ãƒ‡ãƒ•ォルトã§ã¯ã€WolfSSLã¯ã€WolfSSLãŒã‚·ã‚¹ãƒ†ãƒ ã®TCPライブラリを使用ã—ã¦ã„ã‚‹å ´åˆã€wolfssl_set_fdï¼ˆï¼‰ã«æ¸¡ã•れãŸãƒ•ァイル記述å­ã‚’コンテキストã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚独自ã®é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—ãŸå ´åˆã¯ã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ç‰¹å®šã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’設定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ãŸã¨ãˆã°ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァを使用ã—ã¦ã„ã‚‹å ´åˆã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァーã®ã©ã“ã«ã‚りã‹ã‚’説明ã™ã‚‹æ§‹é€ ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã§ã‚り得る。 - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€SSLセッションã®é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’登録ã—ã¾ã™ã€‚ + デフォルトã§ã¯ã€wolfSSLãŒã‚·ã‚¹ãƒ†ãƒ ã®TCPライブラリを使用ã—ã¦ã„ã‚‹å ´åˆã€wolfSSLã¯wolfSSL_set_fd()ã«æ¸¡ã•れãŸãƒ•ァイル記述å­ã‚’コンテキストã¨ã—ã¦è¨­å®šã—ã¾ã™ã€‚ + 独自ã®é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’登録ã—ãŸå ´åˆã€ã‚»ãƒƒã‚·ãƒ§ãƒ³ã®ç‰¹å®šã®ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã‚’設定ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ + ãŸã¨ãˆã°ã€ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ァを使用ã—ã¦ã„ã‚‹å ´åˆã€ã‚³ãƒ³ãƒ†ã‚­ã‚¹ãƒˆã¯ãƒ¡ãƒ¢ãƒªãƒãƒƒãƒ•ã‚¡ã¸ã®ã‚¢ã‚¯ã‚»ã‚¹æ–¹æ³•ã¨å ´æ‰€ã‚’記述ã™ã‚‹æ§‹é€ ä½“ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã«ãªã‚‹å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param wctx SSLセッション(ssl)ã®é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯é–¢æ•°ã«ç™»éŒ²ã•れるコンテキストã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code int sockfd; WOLFSSL* ssl = 0; ... - // Manually setting the socket fd as the send CTX, for example + // 例ã¨ã—ã¦ã€é€ä¿¡CTXã¨ã—ã¦ã‚½ã‚±ãƒƒãƒˆfdを手動ã§è¨­å®š wolfSSL_SetIOWriteCtx(ssl, &sockfd); ... \endcode + \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SetIOReadCtx @@ -223,9 +278,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSL構造体ã®IOCB_READCTXメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer ã“ã®é–¢æ•°ã¯ã€wolfssl構造体ã®iocb_readctxメンãƒãƒ¼ã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL wolfssl構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®IOCB_ReadCtxメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®IOCB_ReadCtxメンãƒãƒ¼ã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); @@ -233,9 +293,10 @@ ... ioRead = wolfSSL_GetIOReadCtx(ssl); if(ioRead == NULL){ - // Failure case. The ssl object was NULL. + // 失敗ケース。sslオブジェクトãŒNULLã§ã—ãŸã€‚ } \endcode + \sa wolfSSL_GetIOWriteCtx \sa wolfSSL_SetIOReadFlags \sa wolfSSL_SetIOWriteCtx @@ -246,9 +307,14 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSL構造ã®IOCB_WRITECTXメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer ã“ã®é–¢æ•°ã¯ã€WolfSSL構造ã®IOCB_WRITECTXメンãƒãƒ¼ã¸ã®voidãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL wolfssl構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®IOCB_WriteCtxメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®IOCB_WriteCtxメンãƒãƒ¼ã¸ã®voidåž‹ãƒã‚¤ãƒ³ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL WOLFSSL構造体ãŒNULLã®å ´åˆã«è¿”ã•れã¾ã™ã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL* ssl; @@ -256,9 +322,10 @@ ... ioWrite = wolfSSL_GetIOWriteCtx(ssl); if(ioWrite == NULL){ - // The function returned NULL. + // 関数ãŒNULLã‚’è¿”ã—ã¾ã—ãŸã€‚ } \endcode + \sa wolfSSL_GetIOReadCtx \sa wolfSSL_SetIOWriteCtx \sa wolfSSL_SetIOReadCtx @@ -267,17 +334,34 @@ void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl); /*! - \brief 与ãˆã‚‰ã‚ŒãŸSSLセッションå—信コールãƒãƒƒã‚¯ã¯ã€ãƒ‡ãƒ•ォルトã®wolfssl埋ã‚è¾¼ã¿å—信コールãƒãƒƒã‚¯ã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ã«ã‚ˆã£ã¦æŒ‡å®šã•れãŸã‚«ã‚¹ã‚¿ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ã‚り得る(wolfssl_ctx_setiorecvã‚’å‚照)。デフォルトã®ãƒ•ラグ値ã¯ã€WolfSSLã«ã‚ˆã£ã¦wolfsslã«ã‚ˆã£ã¦0ã®å€¤ã«è¨­å®šã•れã¾ã™ã€‚デフォルトã®WolfSSLå—信コールãƒãƒƒã‚¯ã¯RECV()関数を使用ã—ã¦ã‚½ã‚±ãƒƒãƒˆã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ã—ã¾ã™ã€‚ 「Recv()ã€ãƒšãƒ¼ã‚¸ã‹ã‚‰ï¼šã€ŒRecv()関数ã¸ã®flags引数ã¯ã€1ã¤ä»¥ä¸Šã®å€¤ã‚’OR処ç†ã™ã‚‹ã‹ã€MSG_OOBプロセス帯域外データã€MSG_PEEK PEEKã€MSG_PEEK PEEKã€MSG_WAITALLãŒãƒ•ルを待ã£ã¦ã„ã¾ã™è¦æ±‚ã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ã€‚ MSG_OOBフラグã¯ã€é€šå¸¸ã®ãƒ‡ãƒ¼ã‚¿ã‚¹ãƒˆãƒªãƒ¼ãƒ ã§å—ä¿¡ã•れãªã„ã§ã‚ã‚ã†å¸¯åŸŸå¤–データã®å—ä¿¡ã‚’è¦æ±‚ã—ã¾ã™ã€‚一部ã®ãƒ—ロトコルã¯é€šå¸¸ã®ãƒ‡ãƒ¼ã‚¿ã‚­ãƒ¥ãƒ¼ã®å…ˆé ­ã«è¿…速ãªãƒ‡ãƒ¼ã‚¿ã‚’é…ç½®ã—ã€ã“ã®ãƒ•ラグをãã®ã‚ˆã†ãªãƒ—ロトコルã§ä½¿ç”¨ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“。 MSG_PEEKフラグã¯ã€å—ä¿¡æ“作ã«ã‚ˆã£ã¦å—信キューã®å…ˆé ­ã‹ã‚‰ã®ãƒ‡ãƒ¼ã‚¿ã‚’キューã‹ã‚‰å‰Šé™¤ã™ã‚‹ã“ã¨ãªãデータを返ã—ã¾ã™ã€‚ã—ãŸãŒã£ã¦ã€ä»¥é™ã®å—信呼ã³å‡ºã—ã¯åŒã˜ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ MSG_WAITALLフラグã¯ã€å®Œå…¨ãªè¦æ±‚ãŒæº€ãŸã•れるã¾ã§æ“ä½œãƒ–ãƒ­ãƒƒã‚¯ã‚’è¦æ±‚ã—ã¾ã™ã€‚ãŸã ã—ã€ä¿¡å·ãŒã‚­ãƒ£ãƒƒãƒã•れã¦ã„ã‚‹å ´åˆã¯ã€å‘¼ã³å‡ºã—å´ã‚ˆã‚Šã‚‚å°‘ãªã„データãŒå°‘ãªãã€ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯åˆ‡æ–­ãŒç™ºç”Ÿã™ã‚‹ã‹ã€ã¾ãŸã¯å—ä¿¡ã•れるデータãŒè¿”ã•れるもã®ã¨ã¯ç•°ãªã‚‹ã‚¿ã‚¤ãƒ—ã®ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLセッションã®å—信コールãƒãƒƒã‚¯ã§ä½¿ç”¨ã™ã‚‹ãƒ•ラグを設定ã—ã¾ã™ã€‚ + å—信コールãƒãƒƒã‚¯ã¯ã€ãƒ‡ãƒ•ォルトã®wolfSSL EmbedReceiveコールãƒãƒƒã‚¯ã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæŒ‡å®šã—ãŸã‚«ã‚¹ã‚¿ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ã„ãšã‚Œã‹ã§ã™ï¼ˆwolfSSL_CTX_SetIORecvã‚’å‚照)。 + デフォルトã®ãƒ•ラグ値ã¯ã€wolfSSL内部ã§0ã®å€¤ã«è¨­å®šã•れã¾ã™ã€‚ + デフォルトã®wolfSSLå—信コールãƒãƒƒã‚¯ã¯ã€recv()関数を使用ã—ã¦ã‚½ã‚±ãƒƒãƒˆã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ã—ã¾ã™ã€‚ + recv()ã®manページより: + 「recv()関数ã®flagsパラメータã¯ã€æ¬¡ã®å€¤ã®1ã¤ä»¥ä¸Šã‚’ORã—ã¦å½¢æˆã•れã¾ã™ï¼š + MSG_OOB 帯域外データを処ç†ã€MSG_PEEK å—信メッセージを覗ã見ã€MSG_WAITALL 完全ãªãƒªã‚¯ã‚¨ã‚¹ãƒˆã¾ãŸã¯ã‚¨ãƒ©ãƒ¼ã‚’待機。 + MSG_OOBフラグã¯ã€é€šå¸¸ã®ãƒ‡ãƒ¼ã‚¿ã‚¹ãƒˆãƒªãƒ¼ãƒ ã§ã¯å—ä¿¡ã•れãªã„帯域外データã®å—ä¿¡ã‚’è¦æ±‚ã—ã¾ã™ã€‚ + 一部ã®ãƒ—ロトコルã¯ã€é€šå¸¸ã®ãƒ‡ãƒ¼ã‚¿ã‚­ãƒ¥ãƒ¼ã®å…ˆé ­ã«ç·Šæ€¥ãƒ‡ãƒ¼ã‚¿ã‚’é…ç½®ã™ã‚‹ãŸã‚ã€ã“ã®ãƒ•ラグã¯ãã®ã‚ˆã†ãªãƒ—ロトコルã§ã¯ä½¿ç”¨ã§ãã¾ã›ã‚“。 + MSG_PEEKフラグã¯ã€å—ä¿¡æ“作ãŒå—信キューã®å…ˆé ­ã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã™ã‚ˆã†ã«ã—ã¾ã™ãŒã€ãã®ãƒ‡ãƒ¼ã‚¿ã‚’キューã‹ã‚‰å‰Šé™¤ã—ã¾ã›ã‚“。 + ã—ãŸãŒã£ã¦ã€å¾Œç¶šã®å—信呼ã³å‡ºã—ã¯åŒã˜ãƒ‡ãƒ¼ã‚¿ã‚’è¿”ã—ã¾ã™ã€‚ + MSG_WAITALLフラグã¯ã€å®Œå…¨ãªãƒªã‚¯ã‚¨ã‚¹ãƒˆãŒæº€ãŸã•れるã¾ã§æ“作をブロックã™ã‚‹ã‚ˆã†è¦æ±‚ã—ã¾ã™ã€‚ + ãŸã ã—ã€ã‚·ã‚°ãƒŠãƒ«ãŒã‚­ãƒ£ãƒƒãƒã•れãŸå ´åˆã€ã‚¨ãƒ©ãƒ¼ã¾ãŸã¯åˆ‡æ–­ãŒç™ºç”Ÿã—ãŸå ´åˆã€ã¾ãŸã¯æ¬¡ã«å—ä¿¡ã•れるデータãŒè¿”ã•れãŸãƒ‡ãƒ¼ã‚¿ã¨ã¯ç•°ãªã‚‹ã‚¿ã‚¤ãƒ—ã®å ´åˆã€å‘¼ã³å‡ºã—ã¯è¦æ±‚ã•れãŸãƒ‡ãƒ¼ã‚¿ã‚ˆã‚Šã‚‚å°‘ãªã„データを返ã™å¯èƒ½æ€§ãŒã‚りã¾ã™ã€‚〠+ + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param flags 指定ã•れãŸSSLセッション(ssl)ã®I/O読ã¿å–りフラグã®å€¤ã€‚ + _Example_ \code WOLFSSL* ssl = 0; ... - // Manually setting recv flags to 0 + // recvフラグを手動ã§0ã«è¨­å®š wolfSSL_SetIOReadFlags(ssl, 0); ... \endcode + \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SetIOReadCtx @@ -285,17 +369,32 @@ void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags); /*! - \brief SSLセッションを考ãˆã‚‹ã¨é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã€ãƒ‡ãƒ•ォルトã®WolfSSL EmbedEndコールãƒãƒƒã‚¯ã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ã«ã‚ˆã£ã¦æŒ‡å®šã•れãŸã‚«ã‚¹ã‚¿ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ã„ãšã‚Œã‹ã§ã™ï¼ˆWolfSSL_CTX_SetiosEndã‚’å‚照)。デフォルトã®ãƒ•ラグ値ã¯ã€wolfsslã«ã‚ˆã£ã¦0ã®å€¤ã«è¨­å®šã•れã¾ã™ã€‚デフォルトã®WolfSSL Send Callbackã¯send()関数を使用ã—ã¦ã‚½ã‚±ãƒƒãƒˆã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ã¾ã™ã€‚send()manページã‹ã‚‰ï¼š "flagsパラメータã«ã¯ã€æ¬¡ã®ã†ã¡1ã¤ä»¥ä¸ŠãŒå«ã¾ã‚Œã¦ã„ã¦ã‚‚よã„。フラグMSG_OOBã¯ã€ã“ã®æ¦‚念(例ãˆã°SOCK_STREAM)をサãƒãƒ¼ãƒˆã™ã‚‹ã‚½ã‚±ãƒƒãƒˆã«ã€Œå¸¯åŸŸå¤–ã€ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れる。基礎ã¨ãªã‚‹ãƒ—ロトコルã¯ã€ã€Œå¸¯åŸŸå¤–ã€ã®ãƒ‡ãƒ¼ã‚¿ã‚‚サãƒãƒ¼ãƒˆã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚MSG_DONTROUTEã¯é€šå¸¸ã€è¨ºæ–­ãƒ—ログラムã¾ãŸã¯ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ãƒ—ログラムã«ã‚ˆã£ã¦ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚〠- \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€æŒ‡å®šã•れãŸSSLセッションã®é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã§ä½¿ç”¨ã™ã‚‹ãƒ•ラグを設定ã—ã¾ã™ã€‚ + é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã€ãƒ‡ãƒ•ォルトã®wolfSSL EmbedSendコールãƒãƒƒã‚¯ã€ã¾ãŸã¯ãƒ¦ãƒ¼ã‚¶ãƒ¼ãŒæŒ‡å®šã—ãŸã‚«ã‚¹ã‚¿ãƒ ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã®ã„ãšã‚Œã‹ã§ã™ï¼ˆwolfSSL_CTX_SetIOSendã‚’å‚照)。 + デフォルトã®ãƒ•ラグ値ã¯ã€wolfSSL内部ã§0ã®å€¤ã«è¨­å®šã•れã¾ã™ã€‚ + デフォルトã®wolfSSLé€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã¯ã€send()関数を使用ã—ã¦ã‚½ã‚±ãƒƒãƒˆã‹ã‚‰ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã—ã¾ã™ã€‚ + send()ã®manページより: + 「flagsパラメータã«ã¯ã€æ¬¡ã®1ã¤ä»¥ä¸ŠãŒå«ã¾ã‚Œã‚‹å ´åˆãŒã‚りã¾ã™ï¼š + #define MSG_OOB 0x1 // 帯域外データを処ç†ã€ + #define MSG_DONTROUTE 0x4 // ルーティングをãƒã‚¤ãƒ‘スã€ç›´æŽ¥ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ェースを使用。 + フラグMSG_OOBã¯ã€ã“ã®æ¦‚念をサãƒãƒ¼ãƒˆã™ã‚‹ã‚½ã‚±ãƒƒãƒˆï¼ˆä¾‹ï¼šSOCK_STREAM)ã§ã€Œå¸¯åŸŸå¤–ã€ãƒ‡ãƒ¼ã‚¿ã‚’é€ä¿¡ã™ã‚‹ãŸã‚ã«ä½¿ç”¨ã•れã¾ã™ã€‚ + 基礎ã¨ãªã‚‹ãƒ—ロトコルも「帯域外ã€ãƒ‡ãƒ¼ã‚¿ã‚’サãƒãƒ¼ãƒˆã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + MSG_DONTROUTEã¯é€šå¸¸ã€è¨ºæ–­ã¾ãŸã¯ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ãƒ—ログラムã«ã‚ˆã£ã¦ã®ã¿ä½¿ç”¨ã•れã¾ã™ã€‚〠+ + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()ã§ä½œæˆã•れãŸSSLセッションã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param flags 指定ã•れãŸSSLセッション(ssl)ã®I/Oé€ä¿¡ãƒ•ラグã®å€¤ã€‚ + _Example_ \code WOLFSSL* ssl = 0; ... - // Manually setting send flags to 0 + // é€ä¿¡ãƒ•ラグを手動ã§0ã«è¨­å®š wolfSSL_SetIOWriteFlags(ssl, 0); ... \endcode + \sa wolfSSL_CTX_SetIORecv \sa wolfSSL_CTX_SetIOSend \sa wolfSSL_SetIOReadCtx @@ -304,10 +403,15 @@ /*! \ingroup IO - \brief ã“ã®é–¢æ•°ã¯ã€wolfssl構造内ã®nxctx構造体ã®NxSocketメンãƒãƒ¼ã¨NXWAITメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ - \param nxSocket NXCTX構造ã®NXSOCTOCKメンãƒãƒ¼ã«è¨­å®šã•れã¦ã„ã‚‹NX_TCP_SOCKETを入力ã™ã‚‹ãŸã‚ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL構造体内ã®nxCtx構造体ã®nxSocketãŠã‚ˆã³nxWaitメンãƒãƒ¼ã‚’設定ã—ã¾ã™ã€‚ + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param nxSocket nxCTX構造体ã®nxSocketメンãƒãƒ¼ã«è¨­å®šã•れるNX_TCP_SOCKETåž‹ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param waitOption nxCtx構造体ã®nxWaitメンãƒãƒ¼ã«è¨­å®šã•れるULONG型。 + _Example_ \code WOLFSSL* ssl = wolfSSL_new(ctx); @@ -317,9 +421,10 @@ if(ssl != NULL || nxSocket != NULL || waitOption <= 0){ wolfSSL_SetIO_NetX(ssl, nxSocket, waitOption); } else { - // You need to pass in good parameters. + // é©åˆ‡ãªãƒ‘ラメータを渡ã™å¿…è¦ãŒã‚りã¾ã™ã€‚ } \endcode + \sa set_fd \sa NetX_Send \sa NetX_Receive @@ -328,29 +433,41 @@ ULONG waitoption); /*! - \brief wolfssl_ctx構造CallBackGencookie Typeã¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€ç½²å:int(* callbackgencookie)(wolfssl * sslã€unsigned char * bufã€int szã€void * ctx)をæŒã£ã¦ã„ã¾ã™ã€‚ - \return none ã„ã„ãˆè¿”ã—ã¾ã™ã€‚ - \param ssl wolfssl_new()を使用ã—ã¦ä½œæˆã•れãŸWolfSSL構造ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \brief ã“ã®é–¢æ•°ã¯ã€WOLFSSL_CTX構造体ã®CBIOCookieメンãƒãƒ¼ã®ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã‚’設定ã—ã¾ã™ã€‚ + CallbackGenCookieåž‹ã¯é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã§ã€æ¬¡ã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¡ã¾ã™ï¼š + int (*CallbackGenCookie)(WOLFSSL* ssl, unsigned char* buf, int sz, void* ctx); + + \return none 戻り値ãªã—。 + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + \param cb CallbackGenCookieã®ã‚·ã‚°ãƒãƒãƒ£ã‚’æŒã¤CallbackGenCookieåž‹ã®é–¢æ•°ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); WOLFSSL* ssl = wolfSSL_new(ctx); … int SetGenCookieCB(WOLFSSL* ssl, unsigned char* buf, int sz, void* ctx){ - // Callback function body. + // コールãƒãƒƒã‚¯é–¢æ•°æœ¬ä½“ } … wolfSSL_CTX_SetGenCookie(ssl->ctx, SetGenCookieCB); \endcode + \sa CallbackGenCookie */ void wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX* ctx, CallbackGenCookie cb); /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSL構造ã®IOCB_COOKIECTXメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ - \return pointer ã“ã®é–¢æ•°ã¯ã€iocb_cookiectxã«æ ¼ç´ã•れã¦ã„ã‚‹voidãƒã‚¤ãƒ³ã‚¿å€¤ã‚’è¿”ã—ã¾ã™ã€‚ - \return NULL WolfSSL構造体ãŒNULLã®å ´åˆ + + \brief ã“ã®é–¢æ•°ã¯WOLFSSL構造体ã®IOCB_CookieCtxメンãƒãƒ¼ã‚’è¿”ã—ã¾ã™ã€‚ + + \return pointer 関数ã¯IOCB_CookieCtxã«ä¿å­˜ã•れã¦ã„ã‚‹voidåž‹ãƒã‚¤ãƒ³ã‚¿å€¤ã‚’è¿”ã—ã¾ã™ã€‚ + \return NULL WOLFSSL構造体ãŒNULLã®å ´åˆã€‚ + + \param ssl wolfSSL_new()を使用ã—ã¦ä½œæˆã•れãŸWOLFSSL構造体ã¸ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code WOLFSSL_CTX* ctx = wolfSSL_CTX_new( method ); @@ -359,9 +476,10 @@ ... cookie = wolfSSL_GetCookieCtx(ssl); if(cookie != NULL){ - // You have the cookie + // cookieã‚’å–å¾—ã—ã¾ã—㟠} \endcode + \sa wolfSSL_SetCookieCtx \sa wolfSSL_CTX_SetGenCookie */ @@ -370,16 +488,21 @@ /*! \ingroup Setup - \brief ã“ã®é–¢æ•°ã¯ã€WolfSSLãŒWolfSSL_ISOTPã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ä½¿ç”¨ã™ã‚‹å ´åˆã¯ã€WolfSSLã®å ´åˆã¯ISO-TPコンテキストを設定ã—ã¾ã™ã€‚ - \return 0 æˆåŠŸã™ã‚‹ã¨ã€æ•…éšœã®wolfssl_cbio_err_general - \param ssl wolfsslコンテキスト - \param ctx ユーザーã¯ã“ã®é–¢æ•°ãŒåˆæœŸåŒ–ã•れるISOTPコンテキストを作æˆã—ã¾ã—㟠- \param recv_fn ユーザーã¯ãƒã‚¹ã‚’å—ä¿¡ã§ãã¾ã™ - \param send_fn ユーザーã¯ãƒã‚¹ã‚’é€ã‚‹ã“ã¨ãŒã§ãã¾ã™ - \param delay_fn ユーザーマイクロ秒ã®ç²’度é…延関数 - \param receive_delay å„CANãƒã‚¹ãƒ‘ケットをé…らã›ã‚‹ãŸã‚ã®ãƒžã‚¤ã‚¯ãƒ­ç§’ã®ã‚»ãƒƒãƒˆæ•° - \param receive_buffer ユーザーãŒãƒ‡ãƒ¼ã‚¿ã‚’å—ä¿¡ã™ã‚‹ãŸã‚ã®ãƒãƒƒãƒ•ã‚¡ãƒ¼ãŒæä¾›ã•れã€ISOTP_DEFAULT_BUFFER_SIZEãƒã‚¤ãƒˆã«å‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ã‚‹ã“ã¨ã‚’ãŠå‹§ã‚ã—ã¾ã™ã€‚ - \param receive_buffer_size - receive_bufferã®ã‚µã‚¤ã‚º + + \brief ã“ã®é–¢æ•°ã¯ã€wolfSSLãŒWOLFSSL_ISOTPã§ã‚³ãƒ³ãƒ‘イルã•れã¦ã„ã‚‹å ´åˆã«ä½¿ç”¨ã™ã‚‹ãŸã‚ã«ã€wolfSSLã®ISO-TPコンテキストを設定ã—ã¾ã™ã€‚ + + \return 0 æˆåŠŸæ™‚ã€WOLFSSL_CBIO_ERR_GENERAL 失敗時。 + + \param ssl wolfSSLコンテキスト。 + \param ctx ã“ã®é–¢æ•°ãŒåˆæœŸåŒ–ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼ä½œæˆã®ISOTPコンテキスト。 + \param recv_fn ユーザーã®CANãƒã‚¹å—信コールãƒãƒƒã‚¯ã€‚ + \param send_fn ユーザーã®CANãƒã‚¹é€ä¿¡ã‚³ãƒ¼ãƒ«ãƒãƒƒã‚¯ã€‚ + \param delay_fn ユーザーã®ãƒžã‚¤ã‚¯ãƒ­ç§’粒度é…延関数。 + \param receive_delay å„CANãƒã‚¹ãƒ‘ケットをé…å»¶ã•ã›ã‚‹è¨­å®šãƒžã‚¤ã‚¯ãƒ­ç§’数。 + \param receive_buffer データをå—ä¿¡ã™ã‚‹ãŸã‚ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼æä¾›ãƒãƒƒãƒ•ã‚¡ã€ISOTP_DEFAULT_BUFFER_SIZEãƒã‚¤ãƒˆã«å‰²ã‚Šå½“ã¦ã‚‹ã“ã¨ã‚’推奨。 + \param receive_buffer_size - receive_bufferã®ã‚µã‚¤ã‚ºã€‚ + \param arg recv_fnã¨send_fnã«é€ä¿¡ã•れる任æ„ã®ãƒã‚¤ãƒ³ã‚¿ã€‚ + _Example_ \code struct can_info can_con_info; @@ -396,3 +519,46 @@ can_recv_fn recv_fn, can_send_fn send_fn, can_delay_fn delay_fn, word32 receive_delay, char *receive_buffer, int receive_buffer_size, void *arg); + +/*! + \ingroup Setup + + \brief ã“ã®é–¢æ•°ã¯IOレイヤーã‹ã‚‰ã®èª­ã¿å–りを無効ã«ã—ã¾ã™ã€‚ + + \param ssl wolfSSLコンテキスト。 + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method); + WOLFSSL* ssl = wolfSSL_new(ctx); + wolfSSL_SSLDisableRead(ssl); + \endcode + + \sa wolfSSL_CTX_SetIORecv + \sa wolfSSL_SSLSetIORecv + \sa wolfSSL_SSLEnableRead + */ +void wolfSSL_SSLDisableRead(WOLFSSL *ssl); + +/*! + \ingroup Setup + + \brief ã“ã®é–¢æ•°ã¯IOレイヤーã‹ã‚‰ã®èª­ã¿å–りを有効ã«ã—ã¾ã™ã€‚ + 読ã¿å–りã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§æœ‰åйã«ãªã£ã¦ãŠã‚Šã€wolfSSL_SSLDisableRead()ã‚’å…ƒã«æˆ»ã™ãŸã‚ã«ä½¿ç”¨ã™ã‚‹å¿…è¦ãŒã‚りã¾ã™ã€‚ + + \param ssl wolfSSLコンテキスト。 + + _Example_ + \code + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(method); + WOLFSSL* ssl = wolfSSL_new(ctx); + wolfSSL_SSLDisableRead(ssl); + ... + wolfSSL_SSLEnableRead(ssl); + \endcode + + \sa wolfSSL_CTX_SetIORecv + \sa wolfSSL_SSLSetIORecv + \sa wolfSSL_SSLEnableRead + */ +void wolfSSL_SSLEnableRead(WOLFSSL *ssl); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/asn1/asn1.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/asn1.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/asn1/asn1.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/asn1.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn1.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/asn1/gen_oid_names.rb mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/gen_oid_names.rb --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/asn1/gen_oid_names.rb 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/asn1/gen_oid_names.rb 2026-05-24 09:58:33.000000000 +0000 @@ -80,7 +80,7 @@ puts < @@ -30,209 +30,557 @@ #include #include #include +#include /* socket */ +#ifndef NET_USER_HEADER +#include +#include #include -#include -#include +#include +#include #include +#endif /* wolfSSL */ -#ifndef WOLFSSL_USER_SETTINGS +#ifdef WOLFSSL_USER_SETTINGS + #include "user_settings.h" +#else #include #endif +#include #include #include #include -#include "examples/async/async_tls.h" - -/* Test certificates and keys for RSA and ECC */ -#ifndef NO_RSA - #define CERT_FILE "./certs/client-cert.pem" - #define KEY_FILE "./certs/client-key.pem" - #define CA_FILE "./certs/ca-cert.pem" -#elif defined(HAVE_ECC) - #define CERT_FILE "./certs/client-ecc-cert.pem" - #define KEY_FILE "./certs/ecc-client-key.pem" - #define CA_FILE "./certs/ca-ecc-cert.pem" -#else - #error No authentication algorithm (ECC/RSA) +#ifdef WOLF_CRYPTO_CB +#include #endif +#include +#include "examples/async/async_tls.h" -int client_async_test(int argc, char** argv) +/* ------------------------------------------------------------------ */ +/* POSIX transport helpers (replace with your BSP/port layer). */ +/* ------------------------------------------------------------------ */ +#ifndef NET_USER_HEADER +static int posix_set_nonblocking(int fd) { - int ret = 0; - int sockfd = SOCKET_INVALID; - struct sockaddr_in servAddr; - char buff[TEST_BUF_SZ]; - size_t len; - int devId = 1; /* anything besides -2 (INVALID_DEVID) */ -#ifdef WOLF_CRYPTO_CB - AsyncTlsCryptoCbCtx myCtx; -#endif - int err; - char errBuff[WOLFSSL_MAX_ERROR_SZ]; + int flags = fcntl(fd, F_GETFL, 0); + if (flags < 0) { + return -1; + } + return fcntl(fd, F_SETFL, flags | O_NONBLOCK); +} - /* declare wolfSSL objects */ - WOLFSSL_CTX* ctx = NULL; - WOLFSSL* ssl = NULL; +static int posix_connect_nonblock(int fd, const struct sockaddr* sa, + socklen_t sa_len, int timeout_ms) +{ + int ret = connect(fd, sa, sa_len); + if (ret == 0) { + return 0; + } + if (ret < 0 && errno != EINPROGRESS) { + return -1; + } - /* Check for proper calling convention */ - if (argc != 2) { - printf("usage: %s \n", argv[0]); + /* Wait for connect to finish. */ + fd_set wfds; + struct timeval tv; + FD_ZERO(&wfds); + FD_SET(fd, &wfds); + tv.tv_sec = timeout_ms / 1000; + tv.tv_usec = (timeout_ms % 1000) * 1000; + + ret = select(fd + 1, NULL, &wfds, NULL, &tv); + if (ret <= 0) { + return -1; + } + if (FD_ISSET(fd, &wfds)) { + int so_err = 0; + socklen_t len = sizeof(so_err); + if (getsockopt(fd, SOL_SOCKET, SO_ERROR, &so_err, &len) < 0) { + return -1; + } + if (so_err != 0) { + errno = so_err; + return -1; + } return 0; } + return -1; +} - /* Create a socket that uses an internet IPv4 address, - * Sets the socket to be stream based (TCP), - * 0 means choose the default protocol. */ - if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { - fprintf(stderr, "ERROR: failed to create the socket\n"); - ret = -1; goto exit; +static int posix_net_connect(const char* host, int port) +{ + char port_str[8]; + struct addrinfo hints; + struct addrinfo* res = NULL; + struct addrinfo* it = NULL; + int fd = -1; + int ret; + + snprintf(port_str, sizeof(port_str), "%d", port); + memset(&hints, 0, sizeof(hints)); + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + + if (getaddrinfo(host, port_str, &hints, &res) != 0) { + return -1; + } + + for (it = res; it != NULL; it = it->ai_next) { + fd = socket(it->ai_family, it->ai_socktype, it->ai_protocol); + if (fd < 0) { + continue; + } + if (posix_set_nonblocking(fd) != 0) { + close(fd); + fd = -1; + continue; + } + ret = posix_connect_nonblock(fd, it->ai_addr, + (socklen_t)it->ai_addrlen, 5000); + if (ret == 0) { + break; + } + close(fd); + fd = -1; } - /* Initialize the server address struct with zeros */ - memset(&servAddr, 0, sizeof(servAddr)); + if (res != NULL) { + freeaddrinfo(res); + } + return fd; +} +#endif - /* Fill in the server address */ - servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ +/* ------------------------------------------------------------------ */ +/* WOLFSSL_USER_IO callbacks. */ +/* ------------------------------------------------------------------ */ +static void usage(const char* prog) +{ + printf("usage: %s [--ecc|--x25519] [--mutual] [--tls12] [host] [port]\n", + prog); +} - /* Get the server IPv4 address from the command line call */ - if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr) != 1) { - fprintf(stderr, "ERROR: invalid address\n"); - ret = -1; goto exit; +static const char* group_name(word16 group) +{ + switch (group) { + case WOLFSSL_ECC_SECP256R1: + return "secp256r1"; + case WOLFSSL_ECC_X25519: + return "x25519"; + default: + return "unknown"; } +} - /* Connect to the server */ - if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) - == -1) { - fprintf(stderr, "ERROR: failed to connect\n"); - goto exit; +static int parse_client_args(int argc, char** argv, + const char** host, int* port, word16* group, int* mutual, int* tls12) +{ + int i; + int host_set = 0; + int port_set = 0; + + *host = DEFAULT_TLS_HOST; + *port = DEFAULT_TLS_PORT; + *group = WOLFSSL_ECC_SECP256R1; + *mutual = 0; + *tls12 = 0; + + for (i = 1; i < argc; i++) { + if (XSTRCMP(argv[i], "--ecc") == 0) { + *group = WOLFSSL_ECC_SECP256R1; + } + else if (XSTRCMP(argv[i], "--x25519") == 0) { + *group = WOLFSSL_ECC_X25519; + } + else if (XSTRCMP(argv[i], "--mutual") == 0) { + *mutual = 1; + } + else if (XSTRCMP(argv[i], "--tls12") == 0) { + *tls12 = 1; + } + else if (XSTRCMP(argv[i], "--help") == 0) { + return -1; + } + else if (!host_set) { + *host = argv[i]; + host_set = 1; + } + else if (!port_set) { + *port = atoi(argv[i]); + port_set = 1; + } + else { + return -1; + } } - /*---------------------------------*/ - /* Start of wolfSSL initialization and configuration */ - /*---------------------------------*/ -#ifdef DEBUG_WOLFSSL - wolfSSL_Debugging_ON(); -#endif + return 0; +} - /* Initialize wolfSSL */ - if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: Failed to initialize the library\n"); - goto exit; +int client_async_test(int argc, char** argv) +{ + int ret = -1; + int net = -1; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + char rx[128]; + char tx[256]; + int tx_len = 0; + int err = 0; +#ifdef WOLFSSL_ASYNC_CRYPT + int devId = INVALID_DEVID; +#endif +#ifdef WOLFSSL_DEBUG_NONBLOCK + int wouldblock_count = 0; + int pending_count = 0; +#endif +#ifdef WOLF_CRYPTO_CB + AsyncTlsCryptoCbCtx cryptoCbCtx; +#endif +#ifdef WOLFSSL_STATIC_MEMORY + static byte memory[300000]; + static byte memoryIO[34500]; + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) + WOLFSSL_MEM_CONN_STATS ssl_stats; + #endif +#endif + const char* host = NULL; + int port = 0; + word16 group = WOLFSSL_ECC_SECP256R1; + const char* mode = NULL; + int mutual = 0; + int tls12 = 0; + + if (parse_client_args(argc, argv, &host, &port, &group, &mutual, + &tls12) != 0) { + usage(argv[0]); + return 0; } - - /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); - ret = -1; goto exit; + mode = group_name(group); + printf("Async client mode: %s, TLS %s%s\n", mode, + tls12 ? "1.2" : "1.3", mutual ? ", mutual auth" : ""); + + { + const char* ready = getenv(WOLFSSL_ASYNC_READYFILE_ENV); + if (ready != NULL) { + (void)async_readyfile_wait(ready, + WOLFSSL_ASYNC_READYFILE_TIMEOUT_MS); + } + } + net = NET_CONNECT(host, port); + if (net < 0) { + return -1; } + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + return -1; + } +#ifdef DEBUG_WOLFSSL + wolfSSL_Debugging_ON(); +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfAsync_DevOpenThread(&devId, NULL) != 0) { + goto out; + } +#endif #ifdef WOLF_CRYPTO_CB - XMEMSET(&myCtx, 0, sizeof(myCtx)); - /* register a devID for crypto callbacks */ - ret = wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &myCtx); - if (ret != 0) { - fprintf(stderr, "wc_CryptoCb_RegisterDevice: error %d", ret); - goto exit; + /* Crypto callbacks require a valid devId. When no hardware async driver + * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */ + if (devId == INVALID_DEVID) + devId = 1; + XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx)); + if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) { + fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n"); + goto out; } #endif - /* register a devID for crypto callbacks */ - wolfSSL_CTX_SetDevId(ctx, devId); - /* Load client certificate into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, WOLFSSL_FILETYPE_PEM)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CERT_FILE); - goto exit; - } - - /* Load client key into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, WOLFSSL_FILETYPE_PEM)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - KEY_FILE); - goto exit; - } - - /* Load CA certificate into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CA_FILE); - goto exit; - } - - /* Create a WOLFSSL object */ - if ((ssl = wolfSSL_new(ctx)) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); - ret = -1; goto exit; - } - - /* Attach wolfSSL to the socket */ - if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: Failed to set the file descriptor\n"); - goto exit; - } - - /* Connect to wolfSSL on the server side */ - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), - ret != WOLFSSL_SUCCESS); - if (ret != WOLFSSL_SUCCESS) { - fprintf(stderr, "wolfSSL_connect error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); - goto exit; - } - - /* Get a message for the server from stdin */ - printf("Message for server: "); - memset(buff, 0, sizeof(buff)); - if (fgets(buff, sizeof(buff), stdin) == NULL) { - fprintf(stderr, "ERROR: failed to get message for server\n"); - ret = -1; goto exit; - } - len = strnlen(buff, sizeof(buff)); - - /* Send the message to the server */ - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, buff, (int)len), - ret <= 0); - if (ret != (int)len) { - fprintf(stderr, "wolfSSL_write error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); - goto exit; - } - - /* Read the server data into our buff array */ - memset(buff, 0, sizeof(buff)); - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, buff, sizeof(buff)-1), - ret <= 0); - if (ret < 0) { - fprintf(stderr, "wolfSSL_read error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); - goto exit; +#ifdef WOLFSSL_STATIC_MEMORY + { + wolfSSL_method_func method; + #ifndef WOLFSSL_NO_TLS12 + if (tls12) + method = wolfTLSv1_2_client_method_ex; + else + #endif + method = wolfSSLv23_client_method_ex; + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, + sizeof(memory), 0, 1) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: unable to load static memory\n"); + goto out; + } + if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, + sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: unable to load static IO memory\n"); + goto out; + } } +#else + #ifndef WOLFSSL_NO_TLS12 + if (tls12) + ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + else + #endif + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); +#endif /* WOLFSSL_STATIC_MEMORY */ + if (ctx == NULL) { + goto out; + } +#ifdef WOLFSSL_ASYNC_CRYPT + wolfSSL_CTX_SetDevId(ctx, devId); +#endif - /* Print to stdout any data the server sends */ - printf("Server: %s\n", buff); + if (mutual) { + if (group == WOLFSSL_ECC_X25519) { + #ifdef HAVE_ED25519 + ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ed25519_cert, + sizeof_ca_ed25519_cert, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ED25519 CA cert.\n"); + goto out; + } + ret = wolfSSL_CTX_use_certificate_buffer(ctx, client_ed25519_cert, + sizeof_client_ed25519_cert, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ED25519 client cert.\n"); + goto out; + } + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_ed25519_key, + sizeof_client_ed25519_key, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ED25519 client key.\n"); + goto out; + } + #else + fprintf(stderr, + "ERROR: --x25519 --mutual requires HAVE_ED25519\n"); + goto out; + #endif + } + else { + ret = wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ECC CA cert.\n"); + goto out; + } + ret = wolfSSL_CTX_use_certificate_buffer(ctx, cliecc_cert_der_256, + sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ECC client cert.\n"); + goto out; + } + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_clikey_der_256, + sizeof_ecc_clikey_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ECC client key.\n"); + goto out; + } + } + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + } + else { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + + wolfSSL_SetIORecv(ctx, NET_IO_RECV_CB); + wolfSSL_SetIOSend(ctx, NET_IO_SEND_CB); + + wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, host, + (word16)XSTRLEN(host)); + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + goto out; + } + + wolfSSL_SetIOReadCtx(ssl, (void*)(intptr_t)net); + wolfSSL_SetIOWriteCtx(ssl, (void*)(intptr_t)net); + (void)wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, host, + (word16)XSTRLEN(host)); + + /* UseKeyShare is TLS 1.3 only */ + if (!tls12) { + for (;;) { + ret = wolfSSL_UseKeyShare(ssl, group); + if (ret == WOLFSSL_SUCCESS) { + break; + } + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto out; + } +#endif + continue; + } + goto out; + } + } + + /* Non-blocking style loop. */ + for (;;) { + ret = wolfSSL_connect(ssl); + if (ret == WOLFSSL_SUCCESS) { + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto out; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } + fprintf(stderr, "ERROR: wolfSSL_connect failed: %d (%s)\n", + err, wolfSSL_ERR_reason_error_string(err)); + goto out; + } + + { + const char* cipher = wolfSSL_get_cipher_name(ssl); + const char* curve = wolfSSL_get_curve_name(ssl); + printf("Negotiated cipher: %s\n", cipher != NULL ? cipher : "unknown"); + printf("Negotiated group: %s\n", curve != NULL ? curve : "unknown"); + } + + tx_len = XSNPRINTF(tx, sizeof(tx), + "GET / HTTP/1.1\r\n" + "Host: %s\r\n" + "User-Agent: wolfSSL-async\r\n" + "Connection: close\r\n" + "\r\n", + host); + if (tx_len <= 0 || tx_len >= (int)sizeof(tx)) { + goto out; + } + + for (;;) { + ret = wolfSSL_write(ssl, tx, tx_len); + if (ret > 0) { + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto out; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } + fprintf(stderr, "ERROR: wolfSSL_write failed: %d (%s)\n", + err, wolfSSL_ERR_reason_error_string(err)); + goto out; + } + + XMEMSET(rx, 0, sizeof(rx)); + for (;;) { + ret = wolfSSL_read(ssl, rx, (int)sizeof(rx) - 1); + if (ret > 0) { + rx[ret] = '\0'; + printf("RX: %s\n", rx); + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto out; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } + fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n", + err, wolfSSL_ERR_reason_error_string(err)); + goto out; + } - /* Return reporting a success */ +#ifdef WOLFSSL_DEBUG_NONBLOCK + printf("WANT_READ/WRITE count: %d\n", wouldblock_count); + printf("WC_PENDING_E count: %d\n", pending_count); +#endif ret = 0; -exit: - /* Cleanup and return */ - if (sockfd != SOCKET_INVALID) - close(sockfd); /* Close the connection to the server */ - if (ssl) - wolfSSL_free(ssl); /* Free the wolfSSL object */ - if (ctx) - wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ - wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ - - (void)argc; - (void)argv; +out: +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + if (ssl != NULL && + wolfSSL_is_static_memory(ssl, &ssl_stats) == 1) { + fprintf(stderr, "peak connection memory = %d\n", + ssl_stats.peakMem); + fprintf(stderr, "current memory in use = %d\n", + ssl_stats.curMem); + fprintf(stderr, "peak connection allocs = %d\n", + ssl_stats.peakAlloc); + fprintf(stderr, "total connection allocs = %d\n", + ssl_stats.totalAlloc); + fprintf(stderr, "total connection frees = %d\n", + ssl_stats.totalFr); + } +#endif + if (ssl != NULL) { + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + } + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + } +#ifdef WOLF_CRYPTO_CB + wc_CryptoCb_UnRegisterDevice(devId); +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (devId != INVALID_DEVID) { + wolfAsync_DevClose(&devId); + } +#endif + wolfSSL_Cleanup(); + if (net >= 0) { + NET_CLOSE(net); + } return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_server.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* async_server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,8 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* TLS server demonstrating asynchronous cryptography features and optionally - * using the crypto or PK callbacks */ +/* TLS server demonstrating asynchronous cryptography features and non-blocking + * operation using WOLFSSL_USER_IO callbacks. */ #ifdef HAVE_CONFIG_H #include @@ -30,12 +30,17 @@ #include #include #include +#include /* socket */ +#ifndef NET_USER_HEADER +#include #include #include #include +#include #include +#endif #define HAVE_SIGNAL #ifdef HAVE_SIGNAL @@ -43,25 +48,29 @@ #endif /* wolfSSL */ -#ifndef WOLFSSL_USER_SETTINGS +#ifdef WOLFSSL_USER_SETTINGS + #include "user_settings.h" +#else #include #endif +#include #include #include #include +#ifdef WOLF_CRYPTO_CB +#include +#endif +#include #include "examples/async/async_tls.h" -/* Test certificates and keys for RSA and ECC */ -#ifndef NO_RSA - #define CERT_FILE "./certs/server-cert.pem" - #define KEY_FILE "./certs/server-key.pem" - #define CA_FILE "./certs/client-cert.pem" -#elif defined(HAVE_ECC) - #define CERT_FILE "./certs/server-ecc.pem" - #define KEY_FILE "./certs/ecc-key.pem" - #define CA_FILE "./certs/client-ecc-cert.pem" +#if ASYNC_ECC_ONLY + #ifndef HAVE_ECC + #error ASYNC_ECC_ONLY requires HAVE_ECC + #endif #else - #error No authentication algorithm (ECC/RSA) + #ifndef NO_RSA + #error RSA not supported in this example configuration + #endif #endif static int mSockfd = SOCKET_INVALID; @@ -79,19 +88,92 @@ mShutdown = 1; if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ + NET_CLOSE(mConnd); mConnd = SOCKET_INVALID; } if (mSockfd != SOCKET_INVALID) { - close(mSockfd); /* Close the socket listening for clients */ + NET_CLOSE(mSockfd); mSockfd = SOCKET_INVALID; } } #endif +/* ------------------------------------------------------------------ */ +/* POSIX transport helpers (replace with your BSP/port layer). */ +/* ------------------------------------------------------------------ */ +#ifndef NET_USER_HEADER +static int posix_set_nonblocking(int fd) +{ + int flags = fcntl(fd, F_GETFL, 0); + if (flags < 0) { + return -1; + } + return fcntl(fd, F_SETFL, flags | O_NONBLOCK); +} +#endif + +/* ------------------------------------------------------------------ */ +/* WOLFSSL_USER_IO callbacks. */ +/* ------------------------------------------------------------------ */ +static void usage(const char* prog) +{ + printf("usage: %s [--ecc|--x25519] [--mutual] [--tls12] [port]\n", prog); +} + +static const char* group_name(word16 group) +{ + switch (group) { + case WOLFSSL_ECC_SECP256R1: + return "secp256r1"; + case WOLFSSL_ECC_X25519: + return "x25519"; + default: + return "unknown"; + } +} + +static int parse_server_args(int argc, char** argv, int* port, word16* group, + int* mutual, int* tls12) +{ + int i; + int port_set = 0; + + *port = DEFAULT_PORT; + *group = WOLFSSL_ECC_SECP256R1; + *mutual = 0; + *tls12 = 0; + + for (i = 1; i < argc; i++) { + if (XSTRCMP(argv[i], "--ecc") == 0) { + *group = WOLFSSL_ECC_SECP256R1; + } + else if (XSTRCMP(argv[i], "--x25519") == 0) { + *group = WOLFSSL_ECC_X25519; + } + else if (XSTRCMP(argv[i], "--mutual") == 0) { + *mutual = 1; + } + else if (XSTRCMP(argv[i], "--tls12") == 0) { + *tls12 = 1; + } + else if (XSTRCMP(argv[i], "--help") == 0) { + return -1; + } + else if (!port_set) { + *port = atoi(argv[i]); + port_set = 1; + } + else { + return -1; + } + } + + return 0; +} + int server_async_test(int argc, char** argv) { - int ret = 0; + int ret = -1; struct sockaddr_in servAddr; struct sockaddr_in clientAddr; socklen_t size = sizeof(clientAddr); @@ -99,12 +181,29 @@ size_t len; const char* reply = "I hear ya fa shizzle!\n"; int on; - int devId = 1; /* anything besides -2 (INVALID_DEVID) */ + int port = DEFAULT_PORT; + word16 group = WOLFSSL_ECC_SECP256R1; + int err = 0; + const char* mode = NULL; + int mutual = 0; + int tls12 = 0; +#ifdef WOLFSSL_ASYNC_CRYPT + int devId = INVALID_DEVID; +#endif +#ifdef WOLFSSL_DEBUG_NONBLOCK + int wouldblock_count = 0; + int pending_count = 0; +#endif #ifdef WOLF_CRYPTO_CB - AsyncTlsCryptoCbCtx myCtx; + AsyncTlsCryptoCbCtx cryptoCbCtx; +#endif +#ifdef WOLFSSL_STATIC_MEMORY + static byte memory[300000]; + static byte memoryIO[34500]; + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) + WOLFSSL_MEM_CONN_STATS ssl_stats; + #endif #endif - int err; - char errBuff[WOLFSSL_MAX_ERROR_SZ]; /* declare wolfSSL objects */ WOLFSSL_CTX* ctx = NULL; @@ -117,14 +216,21 @@ } #endif + if (parse_server_args(argc, argv, &port, &group, &mutual, &tls12) != 0) { + usage(argv[0]); + return 0; + } + mode = group_name(group); + printf("Async server mode: %s, TLS %s%s\n", mode, + tls12 ? "1.2" : "1.3", mutual ? ", mutual auth" : ""); + /* Initialize the server address struct with zeros */ memset(&servAddr, 0, sizeof(servAddr)); /* Fill in the server address */ - servAddr.sin_family = AF_INET; /* using IPv4 */ - servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ - servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ - + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(port); + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ /* Create a socket that uses an internet IPv4 address, * Sets the socket to be stream based (TCP), @@ -160,6 +266,12 @@ fprintf(stderr, "ERROR: failed to listen\n"); goto exit; } + { + const char* ready = getenv(WOLFSSL_ASYNC_READYFILE_ENV); + if (ready != NULL) { + (void)async_readyfile_touch(ready); + } + } /*---------------------------------*/ /* Start of wolfSSL initialization and configuration */ @@ -169,57 +281,136 @@ #endif /* Initialize wolfSSL */ - if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { fprintf(stderr, "ERROR: Failed to initialize the library\n"); goto exit; } - - /* Create and initialize WOLFSSL_CTX */ - if ((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())) == NULL) { - fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); - ret = -1; +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfAsync_DevOpenThread(&devId, NULL) != 0) { goto exit; } - +#endif #ifdef WOLF_CRYPTO_CB - XMEMSET(&myCtx, 0, sizeof(myCtx)); - /* register a devID for crypto callbacks */ - ret = wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &myCtx); - if (ret != 0) { - fprintf(stderr, "wc_CryptoCb_RegisterDevice: error %d", ret); + /* Crypto callbacks require a valid devId. When no hardware async driver + * sets one (e.g. Cavium/Intel QA/SW), assign one explicitly. */ + if (devId == INVALID_DEVID) + devId = 1; + XMEMSET(&cryptoCbCtx, 0, sizeof(cryptoCbCtx)); + if (wc_CryptoCb_RegisterDevice(devId, AsyncTlsCryptoCb, &cryptoCbCtx) != 0) { + fprintf(stderr, "ERROR: wc_CryptoCb_RegisterDevice failed\n"); goto exit; } #endif - /* register a devID for crypto callbacks */ + /* Create and initialize WOLFSSL_CTX */ +#ifdef WOLFSSL_STATIC_MEMORY + { + wolfSSL_method_func method; + #ifndef WOLFSSL_NO_TLS12 + if (tls12) + method = wolfTLSv1_2_server_method_ex; + else + #endif + method = wolfSSLv23_server_method_ex; + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, + sizeof(memory), 0, 1) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: unable to load static memory\n"); + goto exit; + } + if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, + sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: unable to load static IO memory\n"); + goto exit; + } + } +#else + #ifndef WOLFSSL_NO_TLS12 + if (tls12) + ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); + else + #endif + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); +#endif /* WOLFSSL_STATIC_MEMORY */ + if (ctx == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; + goto exit; + } +#ifdef WOLFSSL_ASYNC_CRYPT wolfSSL_CTX_SetDevId(ctx, devId); +#endif + + wolfSSL_SetIORecv(ctx, NET_IO_RECV_CB); + wolfSSL_SetIOSend(ctx, NET_IO_SEND_CB); - /* Require mutual authentication */ - wolfSSL_CTX_set_verify(ctx, - WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + if (group == WOLFSSL_ECC_X25519) { + #ifdef HAVE_ED25519 + ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_ed25519_cert, + sizeof_server_ed25519_cert, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, + "ERROR: failed to load ED25519 server cert buffer.\n"); + goto exit; + } - /* Load server certificates into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CERT_FILE); + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_ed25519_key, + sizeof_server_ed25519_key, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, + "ERROR: failed to load ED25519 server key buffer.\n"); + goto exit; + } + + if (mutual) { + /* client-ed25519 is self-signed, so load it as its own CA */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, client_ed25519_cert, + sizeof_client_ed25519_cert, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, + "ERROR: failed to load ED25519 client CA cert.\n"); + goto exit; + } + } + #else + fprintf(stderr, "ERROR: --x25519 requires HAVE_ED25519 for certs\n"); goto exit; + #endif } + else { + ret = wolfSSL_CTX_use_certificate_buffer(ctx, serv_ecc_der_256, + sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ECC server cert buffer.\n"); + goto exit; + } - /* Load server key into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, - WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - KEY_FILE); - goto exit; + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, ecc_key_der_256, + sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load ECC server key buffer.\n"); + goto exit; + } + + if (mutual) { + /* client-ecc-cert is self-signed, so load it as its own CA */ + ret = wolfSSL_CTX_load_verify_buffer(ctx, cliecc_cert_der_256, + sizeof_cliecc_cert_der_256, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, + "ERROR: failed to load ECC client CA cert.\n"); + goto exit; + } + } } - /* Load client certificate as "trusted" into WOLFSSL_CTX */ - if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CA_FILE, NULL)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", - CA_FILE); - goto exit; + if (mutual) { + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + } + else { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); } /* Continue to accept clients until mShutdown is issued */ @@ -227,11 +418,16 @@ printf("Waiting for a connection...\n"); /* Accept client connections */ - if ((mConnd = accept(mSockfd, (struct sockaddr*)&clientAddr, &size)) + if ((mConnd = NET_ACCEPT(mSockfd, + (struct sockaddr*)&clientAddr, &size)) == -1) { fprintf(stderr, "ERROR: failed to accept the connection\n\n"); ret = -1; goto exit; } + if (NET_SET_NONBLOCKING(mConnd) != 0) { + fprintf(stderr, "ERROR: failed to set non-blocking socket\n"); + ret = -1; goto exit; + } /* Create a WOLFSSL object */ if ((ssl = wolfSSL_new(ctx)) == NULL) { @@ -239,28 +435,103 @@ ret = -1; goto exit; } - /* Attach wolfSSL to the socket */ - wolfSSL_set_fd(ssl, mConnd); + wolfSSL_SetIOReadCtx(ssl, (void*)(intptr_t)mConnd); + wolfSSL_SetIOWriteCtx(ssl, (void*)(intptr_t)mConnd); + + /* UseKeyShare is TLS 1.3 only */ + if (!tls12) { + for (;;) { + ret = wolfSSL_UseKeyShare(ssl, group); + if (ret == WOLFSSL_SUCCESS) { + break; + } + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto exit; + } +#endif + continue; + } + goto exit; + } + } /* Establish TLS connection */ - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl), - ret != WOLFSSL_SUCCESS); - if (ret != WOLFSSL_SUCCESS) { - fprintf(stderr, "wolfSSL_accept error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); + for (;;) { + ret = wolfSSL_accept(ssl); + if (ret == WOLFSSL_SUCCESS) { + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto exit; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } + fprintf(stderr, "ERROR: wolfSSL_accept failed: %d (%s)\n", + err, wolfSSL_ERR_reason_error_string(err)); goto exit; } - + { + const char* cipher = wolfSSL_get_cipher_name(ssl); + const char* curve = wolfSSL_get_curve_name(ssl); + printf("Negotiated cipher: %s\n", + cipher != NULL ? cipher : "unknown"); + printf("Negotiated group: %s\n", + curve != NULL ? curve : "unknown"); + } printf("Client connected successfully\n"); /* Read the client data into our buff array */ memset(buff, 0, sizeof(buff)); - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, buff, sizeof(buff)-1), - ret <= 0); - if (ret < 0) { - fprintf(stderr, "wolfSSL_read error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); + for (;;) { + ret = wolfSSL_read(ssl, buff, sizeof(buff) - 1); + if (ret > 0) { + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto exit; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } + fprintf(stderr, "ERROR: wolfSSL_read failed: %d (%s)\n", + err, wolfSSL_ERR_reason_error_string(err)); goto exit; } @@ -279,46 +550,103 @@ len = strnlen(buff, sizeof(buff)); /* Reply back to the client */ - WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, buff, (int)len), - ret <= 0); - if (ret != (int)len) { - fprintf(stderr, "wolfSSL_write error %d: %s\n", - err, wolfSSL_ERR_error_string(err, errBuff)); + for (;;) { + ret = wolfSSL_write(ssl, buff, (int)len); + if (ret > 0) { + break; + } + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { +#ifdef WOLFSSL_DEBUG_NONBLOCK + pending_count++; +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW) < 0) { + goto exit; + } +#endif + } + else { +#ifdef WOLFSSL_DEBUG_NONBLOCK + wouldblock_count++; +#endif + } + continue; + } goto exit; } +#ifdef WOLFSSL_DEBUG_NONBLOCK + printf("WANT_READ/WRITE count: %d\n", wouldblock_count); + printf("WC_PENDING_E count: %d\n", pending_count); +#endif + /* Cleanup after this connection */ +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + if (ssl != NULL && + wolfSSL_is_static_memory(ssl, &ssl_stats) == 1) { + fprintf(stderr, "peak connection memory = %d\n", + ssl_stats.peakMem); + fprintf(stderr, "current memory in use = %d\n", + ssl_stats.curMem); + fprintf(stderr, "peak connection allocs = %d\n", + ssl_stats.peakAlloc); + fprintf(stderr, "total connection allocs = %d\n", + ssl_stats.totalAlloc); + fprintf(stderr, "total connection frees = %d\n", + ssl_stats.totalFr); + } +#endif wolfSSL_shutdown(ssl); if (ssl) { - wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_free(ssl); ssl = NULL; } if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ + NET_CLOSE(mConnd); mConnd = SOCKET_INVALID; } } printf("Shutdown complete\n"); +#ifdef WOLFSSL_DEBUG_NONBLOCK + printf("WANT_READ/WRITE count: %d\n", wouldblock_count); + printf("WC_PENDING_E count: %d\n", pending_count); +#endif + ret = 0; exit: /* Cleanup and return */ if (ssl) - wolfSSL_free(ssl); /* Free the wolfSSL object */ + wolfSSL_free(ssl); if (mConnd != SOCKET_INVALID) { - close(mConnd); /* Close the connection to the client */ + NET_CLOSE(mConnd); mConnd = SOCKET_INVALID; } if (mSockfd != SOCKET_INVALID) { - close(mSockfd); /* Close the socket listening for clients */ + NET_CLOSE(mSockfd); mSockfd = SOCKET_INVALID; } if (ctx) - wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ - wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ - - (void)argc; - (void)argv; + wolfSSL_CTX_free(ctx); +#ifdef WOLF_CRYPTO_CB + wc_CryptoCb_UnRegisterDevice(devId); +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + if (devId != INVALID_DEVID) { + wolfAsync_DevClose(&devId); + } +#endif + { + const char* ready = getenv(WOLFSSL_ASYNC_READYFILE_ENV); + if (ready != NULL) { + async_readyfile_clear(ready); + } + } + wolfSSL_Cleanup(); return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* async-tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,13 +23,134 @@ #include #endif -#ifndef WOLFSSL_USER_SETTINGS -#include +#ifdef WOLFSSL_USER_SETTINGS + #include "user_settings.h" +#else + #include #endif +#include "examples/async/async_tls.h" #include #include #include -#include "examples/async/async_tls.h" +#ifndef NET_CUSTOM +#include +#include +#include +#endif + +/* ---------------------------------------------------------------------------*/ +/* --- Ready file helpers (CI/automation sync) --- */ +/* ---------------------------------------------------------------------------*/ +#include +#include +#include + +static int async_readyfile_exists(const char* path) +{ + struct stat st; + if (path == NULL || path[0] == '\0') { + return 0; + } + return (stat(path, &st) == 0); +} + +int async_readyfile_touch(const char* path) +{ + FILE* f; + if (path == NULL || path[0] == '\0') { + return -1; + } + f = fopen(path, "w"); + if (f == NULL) { + return -1; + } + fclose(f); + return 0; +} + +void async_readyfile_clear(const char* path) +{ + if (path == NULL || path[0] == '\0') { + return; + } + (void)remove(path); +} + +int async_readyfile_wait(const char* path, int timeout_ms) +{ + int waited_ms = 0; + const int step_ms = 50; + struct timeval tv; + + while (waited_ms < timeout_ms) { + if (async_readyfile_exists(path)) { + return 0; + } + tv.tv_sec = 0; + tv.tv_usec = step_ms * 1000; + (void)select(0, NULL, NULL, NULL, &tv); + waited_ms += step_ms; + } + + return -1; +} + +/* ---------------------------------------------------------------------------*/ +/* --- Default POSIX transport callbacks --- */ +/* ---------------------------------------------------------------------------*/ +#ifndef NET_CUSTOM +int async_posix_send_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + int fd = (int)(intptr_t)ctx; + int ret = (int)NET_SEND(fd, buf, sz); + if (ret >= 0) { + return ret; + } + if (errno == EAGAIN || errno == EWOULDBLOCK) { + return WOLFSSL_CBIO_ERR_WANT_WRITE; + } + return WOLFSSL_CBIO_ERR_GENERAL; +} + +int async_posix_recv_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + int fd = (int)(intptr_t)ctx; + int ret = (int)NET_RECV(fd, buf, sz); + if (ret >= 0) { + return ret; + } + if (errno == EAGAIN || errno == EWOULDBLOCK) { + return WOLFSSL_CBIO_ERR_WANT_READ; + } + return WOLFSSL_CBIO_ERR_GENERAL; +} + +int async_posix_getdevrandom(unsigned char *out, unsigned int sz) +{ + ssize_t ret; + int fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + return -1; + } + ret = read(fd, out, sz); + close(fd); + if (ret != (ssize_t)sz) { + return -1; + } + return 0; +} +#endif /* !NET_CUSTOM */ + +int posix_getdevrandom(unsigned char *out, unsigned int sz) +{ +#ifdef NET_CUSTOM + return NET_GETDEVRANDOM(out, sz); +#else + return async_posix_getdevrandom(out, sz); +#endif +} /* ---------------------------------------------------------------------------*/ /* --- Example Crypto Callback --- */ @@ -57,12 +178,17 @@ if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef WOLFSSL_ASYNC_CRYPT - /* Test pending response */ + /* Simulate async pending for RSA and ECC signing operations. + * This matches a typical hardware crypto scenario (e.g., TPM) where + * only signing is offloaded to hardware. Keygen, verify, and ECDH + * are performed synchronously in software. + * Note: WOLFSSL_ASYNC_CRYPT + WOLF_CRYPTO_CB pending simulation + * requires operations whose TLS state machines properly handle retry + * via wolfSSL_AsyncPop. ECC keygen in TLSX_KeyShare_GenEccKey does + * not support this because the keygen call is inside the key + * allocation guard (kse->key == NULL) which is skipped on retry. */ if (info->pk.type == WC_PK_TYPE_RSA || - info->pk.type == WC_PK_TYPE_EC_KEYGEN || - info->pk.type == WC_PK_TYPE_ECDSA_SIGN || - info->pk.type == WC_PK_TYPE_ECDSA_VERIFY || - info->pk.type == WC_PK_TYPE_ECDH) + info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { if (myCtx->pendingCount++ < TEST_PEND_COUNT) return WC_PENDING_E; myCtx->pendingCount = 0; @@ -159,4 +285,3 @@ #ifdef HAVE_PK_CALLBACKS #endif - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_tls.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/async_tls.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/async_tls.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* async-tls.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,8 +23,26 @@ #ifndef WOLFSSL_ASYNC_TLS_EXAMPLES_H #define WOLFSSL_ASYNC_TLS_EXAMPLES_H +typedef struct WOLFSSL WOLFSSL; +#ifdef WOLF_CRYPTO_CB +typedef struct wc_CryptoInfo wc_CryptoInfo; +#endif + #define DEFAULT_PORT 11111 +#define DEFAULT_TLS_PORT 11111 +#define DEFAULT_TLS_HOST "127.0.0.1" #define TEST_BUF_SZ 256 +#define WOLFSSL_ASYNC_READYFILE_ENV "WOLFSSL_ASYNC_READYFILE" +#define WOLFSSL_ASYNC_READYFILE_TIMEOUT_MS 5000 + +/* Force ECC-only certs/keys for these async TLS examples. */ +#ifndef ASYNC_ECC_ONLY +#if defined(WC_ECC_NONBLOCK) +#define ASYNC_ECC_ONLY 1 +#else +#define ASYNC_ECC_ONLY 0 +#endif +#endif #ifdef WOLF_CRYPTO_CB /* Example custom context for crypto callback */ @@ -34,6 +52,66 @@ int AsyncTlsCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx); #endif /* WOLF_CRYPTO_CB */ +/* Override transport by defining NET_USER_HEADER and/or NET_*. + * Example: -DNET_USER_HEADER='"my_net_port.h"' */ +#ifdef NET_USER_HEADER + #include NET_USER_HEADER +#define NET_CUSTOM 1 +#endif + +int async_readyfile_touch(const char* path); +int async_readyfile_wait(const char* path, int timeout_ms); +void async_readyfile_clear(const char* path); + +/* Default POSIX transport hooks (override with NET_* macros). */ +#ifndef NET_CUSTOM +#ifndef NET_CONNECT +#define NET_CONNECT(host, port) posix_net_connect((host), (port)) +#define NET_SET_NONBLOCKING(fd) posix_set_nonblocking((fd)) +#define NET_ACCEPT(fd, addr, len) accept((fd), (addr), (len)) +#define NET_SEND(fd, buf, sz) send((fd), (buf), (size_t)(sz), 0) +#define NET_RECV(fd, buf, sz) recv((fd), (buf), (size_t)(sz), 0) +#define NET_CLOSE(fd) close((fd)) +#endif +#endif + +int async_posix_send_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx); +int async_posix_recv_cb(WOLFSSL* ssl, char* buf, int sz, void* ctx); +int async_posix_getdevrandom(unsigned char *out, unsigned int sz); + +#ifndef NET_CUSTOM +#define NET_IO_SEND_CB async_posix_send_cb +#define NET_IO_RECV_CB async_posix_recv_cb +#else +#ifndef NET_IO_SEND_CB +#error NET_IO_SEND_CB must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_IO_RECV_CB +#error NET_IO_RECV_CB must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_CONNECT +#error NET_CONNECT must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_SET_NONBLOCKING +#error NET_SET_NONBLOCKING must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_ACCEPT +#error NET_ACCEPT must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_SEND +#error NET_SEND must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_RECV +#error NET_RECV must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_CLOSE +#error NET_CLOSE must be defined when NET_USER_HEADER is used +#endif +#ifndef NET_GETDEVRANDOM +#error NET_GETDEVRANDOM must be defined when NET_USER_HEADER is used +#endif +#endif + int client_async_test(int argc, char** argv); int server_async_test(int argc, char** argv); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -1,29 +1,10 @@ # vim:ft=automake # All paths should be given relative to the root -if BUILD_ASYNCCRYPT - -noinst_HEADERS += examples/async/async_tls.h - -if BUILD_EXAMPLE_CLIENTS -noinst_PROGRAMS += examples/async/async_client -examples_async_async_client_SOURCES = examples/async/async_client.c examples/async/async_tls.c -examples_async_async_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) -examples_async_async_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la -examples_async_async_client_CFLAGS = $(AM_CFLAGS) -endif - -if BUILD_EXAMPLE_SERVERS -noinst_PROGRAMS += examples/async/async_server -examples_async_async_server_SOURCES = examples/async/async_server.c examples/async/async_tls.c -examples_async_async_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) -examples_async_async_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la -examples_async_async_server_CFLAGS = $(AM_CFLAGS) -endif -endif - -dist_example_DATA+= examples/async/async_server.c -dist_example_DATA+= examples/async/async_client.c -DISTCLEANFILES+= examples/async/.libs/async_server -DISTCLEANFILES+= examples/async/.libs/async_client -EXTRA_DIST += examples/async/README.md +EXTRA_DIST += examples/async/README.md \ + examples/async/async_client.c \ + examples/async/async_server.c \ + examples/async/async_tls.c \ + examples/async/async_tls.h \ + examples/async/Makefile \ + examples/async/user_settings.h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/async/user_settings.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/async/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,98 @@ +/* user_settings.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Bare-metal user settings for TLS 1.3 client with WOLFSSL_USER_IO. */ +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#define WOLFSSL_USER_IO +#define SINGLE_THREADED +#define NO_FILESYSTEM +#define WOLFSSL_IGNORE_FILE_WARN + +#define HAVE_ECC +#define WC_ECC_NONBLOCK +#define WC_ECC_NONBLOCK_ONLY +#define ECC_USER_CURVES /* P256 only */ +#define WOLFSSL_HAVE_SP_ECC +#define WOLFSSL_SP_SMALL +#define WOLFSSL_SP_NONBLOCK +#define WOLFSSL_SP_NO_MALLOC +#define ECC_TIMING_RESISTANT + +#define HAVE_ED25519 +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define ED25519_SMALL +#define WC_X25519_NONBLOCK + +#define WOLFSSL_ASYNC_CRYPT +#define WC_NO_ASYNC_THREADING +#define HAVE_WOLF_BIGINT + +/* Async mode is controlled via Makefile ASYNC_MODE variable: + * - ASYNC_MODE=sw (default): WOLFSSL_ASYNC_CRYPT_SW for non-blocking ECC + * - ASYNC_MODE=cryptocb: WOLF_CRYPTO_CB for crypto callback simulation + * These are mutually exclusive in async.c polling code (#elif). + * See README.md for build instructions. + */ + +#define HAVE_AESGCM + +#define WOLFSSL_SHA512 +#define WOLFSSL_HASH_FLAGS + +#define WOLFSSL_TLS13 +#define HAVE_HKDF +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_SERVER_RENEGOTIATION_INFO +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_SNI + +#define HAVE_SESSION_TICKET + +extern int posix_getdevrandom(unsigned char *out, unsigned int sz); +#ifndef HAVE_HASHDRBG + #define CUSTOM_RAND_GENERATE_BLOCK posix_getdevrandom +#else + #define CUSTOM_RAND_GENERATE_SEED posix_getdevrandom +#endif + +/* Minimal feature set - explicitly disable unwanted algorithms */ +#define NO_RSA +#define NO_DH +#define NO_DSA +#define WOLFSSL_NO_SHAKE256 +#define WOLFSSL_NO_SHAKE128 +#define NO_MD4 +#define NO_MD5 +#define NO_DES3 +#define NO_SHA +#define NO_OLD_TLS + +/* Debugging */ +#if 0 + #define DEBUG_WOLFSSL +#endif +#define WOLFSSL_DEBUG_NONBLOCK + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_bench.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -286,6 +286,9 @@ { WOLFSSL_ECC_BRAINPOOLP512R1, "ECC_BRAINPOOLP512R1" }, { WOLFSSL_ECC_X25519, "ECC_X25519" }, { WOLFSSL_ECC_X448, "ECC_X448" }, + { WOLFSSL_ECC_BRAINPOOLP256R1TLS13, "ECC_BRAINPOOLP256R1TLS13" }, + { WOLFSSL_ECC_BRAINPOOLP384R1TLS13, "ECC_BRAINPOOLP384R1TLS13" }, + { WOLFSSL_ECC_BRAINPOOLP512R1TLS13, "ECC_BRAINPOOLP512R1TLS13" }, { WOLFSSL_FFDHE_2048, "FFDHE_2048" }, { WOLFSSL_FFDHE_3072, "FFDHE_3072" }, { WOLFSSL_FFDHE_4096, "FFDHE_4096" }, @@ -293,17 +296,23 @@ { WOLFSSL_FFDHE_8192, "FFDHE_8192" }, #ifdef HAVE_PQC #ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE { WOLFSSL_ML_KEM_512, "ML_KEM_512" }, { WOLFSSL_ML_KEM_768, "ML_KEM_768" }, { WOLFSSL_ML_KEM_1024, "ML_KEM_1024" }, + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS + { WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" }, + { WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" }, + { WOLFSSL_X25519MLKEM768, "X25519MLKEM768" }, + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS { WOLFSSL_SECP256R1MLKEM512, "SecP256r1MLKEM512" }, { WOLFSSL_SECP384R1MLKEM768, "SecP384r1MLKEM768" }, - { WOLFSSL_SECP256R1MLKEM768, "SecP256r1MLKEM768" }, { WOLFSSL_SECP521R1MLKEM1024, "SecP521r1MLKEM1024" }, - { WOLFSSL_SECP384R1MLKEM1024, "SecP384r1MLKEM1024" }, { WOLFSSL_X25519MLKEM512, "X25519MLKEM512" }, { WOLFSSL_X448MLKEM768, "X448MLKEM768" }, - { WOLFSSL_X25519MLKEM768, "X25519MLKEM768" }, + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif #ifdef WOLFSSL_MLKEM_KYBER { WOLFSSL_KYBER_LEVEL1, "KYBER_LEVEL1" }, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/benchmark/tls_bench.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_bench.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/client/client.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/client/client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,9 +32,6 @@ #endif #include -#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#undef OPENSSL_COEXIST /* can't use this option with this example */ - #include #ifdef WOLFSSL_WOLFSENTRY_HOOKS @@ -52,10 +49,14 @@ #endif #include - -#include #include +#ifdef USE_FLAT_TEST_H + #include "client.h" +#else + #include "examples/client/client.h" +#endif + #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -308,7 +309,8 @@ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) #define MAX_GROUP_NUMBER 4 static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, - int useX448, int usePqc, char* pqcAlg, int setGroups) + int useX448, int useBp, int usePqc, char* pqcAlg, + int setGroups) { int ret; int groups[MAX_GROUP_NUMBER] = {0}; @@ -316,6 +318,7 @@ (void)useX25519; (void)useX448; + (void)useBp; (void)usePqc; (void)pqcAlg; @@ -351,6 +354,23 @@ } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif } + else if (useBp) { + #if defined(HAVE_ECC) && defined(HAVE_ECC_BRAINPOOL) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_BRAINPOOLP256R1TLS13); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_BRAINPOOLP256R1TLS13; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve brainpoolp256r1"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + #endif + } else { #ifdef HAVE_ECC #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) @@ -403,61 +423,78 @@ int group = 0; #ifndef WOLFSSL_NO_ML_KEM - #ifndef WOLFSSL_NO_ML_KEM_512 + #if !defined(WOLFSSL_NO_ML_KEM_512) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { group = WOLFSSL_ML_KEM_512; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_768 + #if !defined(WOLFSSL_NO_ML_KEM_768) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { group = WOLFSSL_ML_KEM_768; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_1024 + #if !defined(WOLFSSL_NO_ML_KEM_1024) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { group = WOLFSSL_ML_KEM_1024; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_512 + #if !defined(WOLFSSL_NO_ML_KEM_512) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { group = WOLFSSL_SECP256R1MLKEM512; } else #endif #ifndef WOLFSSL_NO_ML_KEM_768 + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { group = WOLFSSL_SECP384R1MLKEM768; } - else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + else + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #ifdef WOLFSSL_PQC_HYBRIDS + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { group = WOLFSSL_SECP256R1MLKEM768; } else + #endif /* WOLFSSL_PQC_HYBRIDS */ #endif #ifndef WOLFSSL_NO_ML_KEM_1024 + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { group = WOLFSSL_SECP521R1MLKEM1024; } - else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + else + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #ifdef WOLFSSL_PQC_HYBRIDS + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { group = WOLFSSL_SECP384R1MLKEM1024; } else + #endif /* WOLFSSL_PQC_HYBRIDS */ #endif - #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { group = WOLFSSL_X25519MLKEM512; } else #endif - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ + defined(WOLFSSL_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { group = WOLFSSL_X25519MLKEM768; } else #endif - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { group = WOLFSSL_X448MLKEM768; } @@ -528,12 +565,29 @@ } printf("Using Post-Quantum KEM: %s\n", pqcAlg); - if (wolfSSL_UseKeyShare(ssl, group) == WOLFSSL_SUCCESS) { - groups[count++] = group; - } - else { - err_sys("unable to use post-quantum KEM"); + do { + ret = wolfSSL_UseKeyShare(ssl, group); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = group; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use post-quantum KEM"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + + #ifdef WOLFSSL_DTLS13 + if (wolfSSL_dtls(ssl)) { + /* When the KeyShare is too large for an unfragmented + * ClientHello, DTLS sends an empty KeyShare extension to + * use the Hello Retry Request to enable fragmentation. + * In order to enforce our desired PQC algorithm in the + * second ClientHello, we need to set it as the only one + * allowed in the SupportedGroups extension. */ + setGroups = 1; } + #endif /* WOLFSSL_DTLS13 */ } } #endif @@ -587,7 +641,7 @@ static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519, int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare, - int version, int earlyData) + int version, int earlyData, int useBp) { /* time passed in number of connects give average */ int times = benchmark, skip = (int)((double)times * 0.1); @@ -610,6 +664,7 @@ (void)onlyKeyShare; (void)version; (void)earlyData; + (void)useBp; while (loops--) { #ifndef NO_SESSION_CACHE @@ -636,7 +691,7 @@ else if (version >= 4) { if (!helloRetry) SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, - usePqc, pqcAlg, 1); + useBp, usePqc, pqcAlg, 1); else wolfSSL_NoKeyShares(ssl); } @@ -717,7 +772,7 @@ static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519, int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version, - int onlyKeyShare) + int onlyKeyShare, int useBp) { double start, conn_time = 0, tx_time = 0, rx_time = 0; SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; @@ -738,11 +793,12 @@ (void)useX448; (void)usePqc; (void)pqcAlg; + (void)useBp; (void)version; (void)onlyKeyShare; #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) if (version >= 4) { - SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc, + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, useBp, usePqc, pqcAlg, 1); } #endif @@ -985,7 +1041,7 @@ printf("%s\n", tmpBuf); ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -1150,7 +1206,7 @@ /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* client_usage_msg[][78] = { +static const char* client_usage_msg[][80] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1188,8 +1244,10 @@ #endif "-l Cipher suite list (: delimited)\n", /* 8 */ #ifndef NO_CERTS +#ifndef WOLFSSL_NO_CLIENT_AUTH "-c Certificate file, default", /* 9 */ "-k Key file, default", /* 10 */ +#endif "-A Certificate Authority file, default", /* 11 */ #endif #ifndef NO_DH @@ -1240,7 +1298,7 @@ " The string parameter is optional.\n", /* 29 */ #endif "-f Fewer packets/group messages\n", /* 30 */ -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) "-x Disable client cert/key loading\n", /* 31 */ #endif "-X Driven by eXternal test case\n", /* 32 */ @@ -1308,7 +1366,8 @@ #ifdef HAVE_CURVE25519 "-t Use X25519 for key exchange\n", /* 56 */ #endif -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) "-Q Support requesting certificate post-handshake\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA @@ -1399,9 +1458,17 @@ #ifdef WOLFSSL_SYS_CRYPTO_POLICY "--crypto-policy \n", /* 76 */ #endif +#ifdef HAVE_ECC_BRAINPOOL + "--bpKs Use Brainpool ECC group for key share\n", /* 77 */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + "--ech Use Encrypted Client Hello with base64 encoded " + "ECH configs\n", + /* 78 */ +#endif "\n" "For simpler wolfSSL TLS client examples, visit\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 79 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1443,8 +1510,10 @@ #endif "-l æš—å·ã‚¹ã‚¤ãƒ¼ãƒˆãƒªã‚¹ãƒˆ (区切り文字 :)\n", /* 8 */ #ifndef NO_CERTS +#ifndef WOLFSSL_NO_CLIENT_AUTH "-c 証明書ファイル, 既定値", /* 9 */ "-k éµãƒ•ァイル, 既定値", /* 10 */ +#endif "-A èªè¨¼å±€ãƒ•ァイル, 既定値", /* 11 */ #endif #ifndef NO_DH @@ -1494,7 +1563,7 @@ "-i クライアント主導ã®ãƒã‚´ã‚·ã‚¨ãƒ¼ã‚·ãƒ§ãƒ³ã‚’強制ã™ã‚‹\n", /* 29 */ #endif "-f より少ãªã„パケット/グループメッセージを使用ã™ã‚‹\n",/* 30 */ -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) "-x クライアントã®è¨¼æ˜Žæ›¸/éµã®ãƒ­ãƒ¼ãƒ‰ã‚’無効ã™ã‚‹\n", /* 31 */ #endif "-X 外部テスト・ケースã«ã‚ˆã‚Šå‹•作ã™ã‚‹\n", /* 32 */ @@ -1565,7 +1634,8 @@ #ifdef HAVE_CURVE25519 "-t X25519ã‚’éµäº¤æ›ã«ä½¿ç”¨ã™ã‚‹\n", /* 56 */ #endif -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) "-Q ãƒã‚¹ãƒˆãƒãƒ³ãƒ‰ã‚·ã‚§ãƒ¼ã‚¯ã®è¨¼æ˜Žè¦æ±‚をサãƒãƒ¼ãƒˆã™ã‚‹\n", /* 57 */ #endif #ifdef WOLFSSL_EARLY_DATA @@ -1654,10 +1724,13 @@ #ifdef WOLFSSL_SYS_CRYPTO_POLICY "--crypto-policy \n", /* 76 */ #endif +#ifdef HAVE_ECC_BRAINPOOL + "--bpKs Use Brainpool ECC group for key share\n", /* 77 */ +#endif "\n" "より簡å˜ãªwolfSSL TLS クライアントã®ä¾‹ã«ã¤ã„ã¦ã¯" "下記ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ãã ã•ã„\n" - "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 78 */ NULL, }, #endif @@ -1667,7 +1740,7 @@ static void showPeerPEM(WOLFSSL* ssl) { #if defined(OPENSSL_EXTRA) && defined(KEEP_PEER_CERT) && !defined(NO_BIO) && \ - defined(WOLFSSL_CERT_GEN) + defined(WOLFSSL_CERT_GEN) && !defined(OPENSSL_COEXIST) WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); if (peer) { WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); @@ -1675,7 +1748,7 @@ LOG_ERROR("failed to get bio on stdout\n"); } else { - if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE) + if (wolfSSL_BIO_set_fp(bioOut, stdout, WOLFSSL_BIO_NOCLOSE) != WOLFSSL_SUCCESS) { LOG_ERROR("failed to set stdout to bio output\n"); wolfSSL_BIO_free(bioOut); @@ -1685,7 +1758,7 @@ if (bioOut) { wolfSSL_BIO_write(bioOut, "---\nServer certificate\n", - XSTRLEN("---\nServer certificate\n")); + (int)XSTRLEN("---\nServer certificate\n")); wolfSSL_PEM_write_bio_X509(bioOut, peer); } wolfSSL_BIO_free(bioOut); @@ -1739,8 +1812,10 @@ #endif printf("%s", msg[++msgid]); /* -l */ #ifndef NO_CERTS +#ifndef WOLFSSL_NO_CLIENT_AUTH printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */ printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */ +#endif printf("%s %s\n", msg[++msgid], caCertFile); /* -A */ #endif #ifndef NO_DH @@ -1778,7 +1853,7 @@ printf("%s", msg[++msgid]); /* -i */ #endif printf("%s", msg[++msgid]); /* -f */ -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) printf("%s", msg[++msgid]); /* -x */ #endif printf("%s", msg[++msgid]); /* -X */ @@ -1841,7 +1916,8 @@ #ifdef HAVE_CURVE25519 printf("%s", msg[++msgid]); /* -t */ #endif -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) printf("%s", msg[++msgid]); /* -Q */ #endif #ifdef WOLFSSL_EARLY_DATA @@ -1893,6 +1969,12 @@ #ifdef HAVE_RPK printf("%s", msg[++msgid]); /* --rpk */ #endif +#ifdef HAVE_ECC_BRAINPOOL + printf("%s", msg[++msgid]); /* --bpKs */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + printf("%s", msg[++msgid]); /* --ech */ +#endif printf("%s", msg[++msgid]); /* --files-are-der */ printf("%s", msg[++msgid]); /* Documentation Hint */ } @@ -2078,6 +2160,12 @@ #if defined(WOLFSSL_SYS_CRYPTO_POLICY) { "crypto-policy", 1, 269 }, #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ +#ifdef HAVE_ECC_BRAINPOOL + { "bpKs", 0, 270 }, +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + { "ech", 1, 271 }, +#endif { 0, 0, 0 } }; #endif @@ -2145,6 +2233,9 @@ #ifdef HAVE_SNI char* sniHostName = NULL; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + char* echConfigs64 = NULL; +#endif #ifdef HAVE_TRUSTED_CA int trustedCaKeyId = 0; #endif @@ -2187,6 +2278,7 @@ #endif int useX25519 = 0; int useX448 = 0; + int useBrainpool = 0; int usePqc = 0; char* pqcAlg = NULL; int exitWithRet = 0; @@ -2238,8 +2330,8 @@ #ifdef WOLFSSL_STATIC_MEMORY - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ - || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) /* big enough to handle most cases including session certs */ byte memory[320000]; #else @@ -2311,6 +2403,7 @@ (void)earlyData; (void)useX25519; (void)useX448; + (void)useBrainpool; (void)helloRetry; (void)onlyKeyShare; (void)useSupCurve; @@ -2788,7 +2881,8 @@ case 'Q' : #if defined(WOLFSSL_TLS13) && \ - defined(WOLFSSL_POST_HANDSHAKE_AUTH) + defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH) postHandAuth = 1; #endif break; @@ -2959,6 +3053,20 @@ policy = myoptarg; #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ break; +#ifdef HAVE_ECC_BRAINPOOL + case 270: + useBrainpool = 1; + #if defined(HAVE_ECC) && defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + break; +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + case 271: + echConfigs64 = myoptarg; + break; +#endif default: Usage(); @@ -3512,7 +3620,7 @@ ) { #ifdef NO_FILESYSTEM if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, - sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys("can't load client private key buffer"); #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, fileFormat) @@ -3552,7 +3660,7 @@ #endif #ifdef NO_FILESYSTEM if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, - sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't load ca buffer, Please run from wolfSSL home dir"); } @@ -3576,7 +3684,7 @@ #ifdef NO_FILESYSTEM if (doPeerCheck != 0 && wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256, - sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't load ecc ca buffer"); } @@ -3680,6 +3788,37 @@ } #endif /* HAVE_CURVE448 */ #ifdef HAVE_ECC + #ifdef HAVE_ECC_BRAINPOOL + if (useBrainpool) { + if (version == 4) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, + WOLFSSL_ECC_BRAINPOOLP256R1TLS13) + != WOLFSSL_SUCCESS) { + err_sys("unable to support brainpoolp256r1tls13"); + } + } + else if (version == CLIENT_DOWNGRADE_VERSION) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, + WOLFSSL_ECC_BRAINPOOLP256R1TLS13) + != WOLFSSL_SUCCESS) { + err_sys("unable to support brainpoolp256r1tls13"); + } + if (minVersion <= 3) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, + WOLFSSL_ECC_BRAINPOOLP256R1) + != WOLFSSL_SUCCESS) { + err_sys("unable to support brainpoolp256r1"); + } + } + } + else { + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_BRAINPOOLP256R1) + != WOLFSSL_SUCCESS) { + err_sys("unable to support brainpoolp256r1"); + } + } + } + #endif /* HAVE_ECC_BRAINPOOL */ if (useSupCurve) { #if !defined(NO_ECC_SECP) && \ (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) @@ -3728,7 +3867,8 @@ ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP, benchmark, resumeSession, useX25519, useX448, usePqc, pqcAlg, helloRetry, - onlyKeyShare, version, earlyData); + onlyKeyShare, version, earlyData, + useBrainpool); wolfSSL_CTX_free(ctx); ctx = NULL; XEXIT_T(EXIT_SUCCESS); } @@ -3738,7 +3878,7 @@ ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP, block, throughput, useX25519, useX448, usePqc, pqcAlg, exitWithRet, version, - onlyKeyShare); + onlyKeyShare, useBrainpool); wolfSSL_CTX_free(ctx); ctx = NULL; if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet) XEXIT_T(EXIT_SUCCESS); @@ -3792,6 +3932,16 @@ err_sys("unable to get SSL object"); } +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + if (echConfigs64 != NULL) { + if (wolfSSL_SetEchConfigsBase64(ssl, echConfigs64, + (word32)XSTRLEN(echConfigs64)) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("SetEchConfigsBase64 failed"); + } + } +#endif + #ifdef WOLFSSL_DUAL_ALG_CERTS if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) { wolfSSL_CTX_free(ctx); ctx = NULL; @@ -3812,7 +3962,7 @@ if (useClientCert && loadCertKeyIntoSSLObj){ #ifdef NO_FILESYSTEM if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, - sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); ctx = NULL; err_sys("can't load client cert buffer"); } @@ -3835,7 +3985,7 @@ ) { #ifdef NO_FILESYSTEM if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, - sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + sizeof_client_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys("can't load client private key buffer"); #elif !defined(TEST_LOAD_BUFFER) if (wolfSSL_use_PrivateKey_file(ssl, ourKey, fileFormat) @@ -3872,8 +4022,8 @@ #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) if (!helloRetry && (version >= 4 || version <= -4)) { - SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc, - pqcAlg, 0); + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, + useBrainpool, usePqc, pqcAlg, 0); } else { wolfSSL_NoKeyShares(ssl); @@ -4228,7 +4378,7 @@ #ifndef NO_BIO /* print out session to stdout */ { - WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE); + WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, WOLFSSL_BIO_NOCLOSE); if (bio != NULL) { if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) != WOLFSSL_SUCCESS) { @@ -4534,7 +4684,7 @@ #endif ret = wolfSSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -4542,7 +4692,7 @@ printf("Bidirectional shutdown complete\n"); break; } - else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { LOG_ERROR("Bidirectional shutdown failed\n"); break; } @@ -4779,7 +4929,7 @@ sendGET, " resume", 0); ret = wolfSSL_shutdown(sslResume); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) wolfSSL_shutdown(sslResume); /* bidirectional shutdown */ /* display collected statistics */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/client/client.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/client/client.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/client/client.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* client.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/README.md 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -4,17 +4,28 @@ ## Files -* `user_settings_template.h`: Template that allows modular algorithm and feature selection using `#if 0` logic. +* `user_settings_template.h`: Template that allows modular algorithm and feature selection using `#if 0`/`#if 1` gates. * `user_settings_all.h`: This is wolfSSL with all features enabled. Equivalent to `./configure --enable-all`. * `user_settings_arduino.h`: An example Arduino file. See also [wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL). -*.`user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports. +* `user_settings_EBSnet.h`: Example configuration file for use with EBSnet ports. +* `user_settings_eccnonblock.h`: Example for non-blocking ECC crypto only. See comment at top for test results. +* `user_settings_espressif.h`: Example configuration for Espressif ESP32. See also [wolfSSL/IDE/Espressif](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif). * `user_settings_fipsv2.h`: The FIPS v2 (3389) 140-2 certificate build options. * `user_settings_fipsv5.h`: The FIPS v5 (ready) 140-3 build options. Equivalent to `./configure --enable-fips=v5-dev`. -* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`. -* `user_settings_platformio.h`: An example for PlatformIO library. See also [platformio/wolfssl](https://registry.platformio.org/libraries/wolfssl/wolfssl) +* `user_settings_curve25519nonblock.h`: Example Curve25519 (X25519) non-blocking configuration. +* `user_settings_min_ecc.h`: Minimal ECC and SHA-256 only (no TLS). For ECC verify only add `NO_ECC_SIGN`. +* `user_settings_platformio.h`: An example for PlatformIO library. See also [platformio/wolfssl](https://registry.platformio.org/libraries/wolfssl/wolfssl). * `user_settings_stm32.h`: Example configuration file generated from the wolfSSL STM32 Cube pack. -* `user_settings_tls12`: Example for TLS v1.2 client only, ECC only, AES GCM only, SHA2-256 only. -* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20. +* `user_settings_tls12.h`: Example for TLS v1.2 client only, ECC only, AES-GCM only, SHA2-256 only. +* `user_settings_tls13.h`: TLS 1.3 only configuration (no TLS 1.2). Modern cipher suites with X25519/X448 key exchange. +* `user_settings_dtls13.h`: DTLS 1.3 for IoT and embedded. Includes connection ID support and smaller MTU options. +* `user_settings_pq.h`: Post-quantum TLS with ML-KEM (Kyber) key exchange and ML-DSA (Dilithium) certificates. +* `user_settings_openssl_compat.h`: OpenSSL compatibility layer for drop-in replacement. Enables OPENSSL_ALL and related APIs. +* `user_settings_baremetal.h`: Bare metal configuration. No filesystem, static memory only, minimal footprint. +* `user_settings_rsa_only.h`: RSA-only configuration (no ECC). For legacy systems requiring RSA cipher suites. +* `user_settings_pkcs7.h`: PKCS#7/CMS configuration for signing and encryption. S/MIME, firmware signing. For RSA-PSS SignedData (CMS RSASSA-PSS), define `WC_RSA_PSS`; see doxygen \ref PKCS7_RSA_PSS. +* `user_settings_ca.h`: Certificate Authority / PKI operations. Certificate generation, signing, CRL, OCSP. +* `user_settings_wolfboot_keytools.h`: wolfBoot key generation and signing tool. Supports ECC, RSA, ED25519, ED448, and post-quantum (ML-DSA/Dilithium, LMS, XMSS). * `user_settings_wolfssh.h`: Minimum options for building wolfSSH. See comment at top for ./configure used to generate. * `user_settings_wolftpm.h`: Minimum options for building wolfTPM. See comment at top for ./configure used to generate. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -4,16 +4,25 @@ EXTRA_DIST += examples/configs/README.md EXTRA_DIST += examples/configs/user_settings_all.h EXTRA_DIST += examples/configs/user_settings_arduino.h +EXTRA_DIST += examples/configs/user_settings_baremetal.h +EXTRA_DIST += examples/configs/user_settings_ca.h +EXTRA_DIST += examples/configs/user_settings_curve25519nonblock.h +EXTRA_DIST += examples/configs/user_settings_dtls13.h EXTRA_DIST += examples/configs/user_settings_EBSnet.h EXTRA_DIST += examples/configs/user_settings_eccnonblock.h EXTRA_DIST += examples/configs/user_settings_espressif.h EXTRA_DIST += examples/configs/user_settings_fipsv2.h EXTRA_DIST += examples/configs/user_settings_fipsv5.h EXTRA_DIST += examples/configs/user_settings_min_ecc.h +EXTRA_DIST += examples/configs/user_settings_openssl_compat.h +EXTRA_DIST += examples/configs/user_settings_pkcs7.h EXTRA_DIST += examples/configs/user_settings_platformio.h +EXTRA_DIST += examples/configs/user_settings_pq.h +EXTRA_DIST += examples/configs/user_settings_rsa_only.h EXTRA_DIST += examples/configs/user_settings_stm32.h EXTRA_DIST += examples/configs/user_settings_template.h EXTRA_DIST += examples/configs/user_settings_tls12.h +EXTRA_DIST += examples/configs/user_settings_tls13.h EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h EXTRA_DIST += examples/configs/user_settings_wolfssh.h EXTRA_DIST += examples/configs/user_settings_wolftpm.h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_EBSnet.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_EBSnet.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_EBSnet.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_EBSnet.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_EBSnet.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,6 +47,8 @@ #define NO_MD4 #define NO_MD5 #define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_OLD_TLS #ifdef __cplusplus } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_all.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_all.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_all.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_all.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_all.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -210,14 +210,14 @@ #define WOLFSSL_SHAKE256 #define WOLFSSL_SHA3 #define WOLFSSL_HASH_FLAGS /* enable hash flag API's */ -#define WOLFSSL_SHAKE256 /* Additional Algorithms */ #define HAVE_HASHDRBG #define HAVE_CURVE25519 #define HAVE_ED25519 +#define ED25519_SMALL #define WOLFSSL_ED25519_STREAMING_VERIFY -#define CURVED25519_SMALL +#define CURVE25519_SMALL #define HAVE_ED448 #define WOLFSSL_ED448_STREAMING_VERIFY #define HAVE_CURVE448 @@ -228,7 +228,6 @@ #define HAVE_X963_KDF #define WOLFSSL_CMAC #define WOLFSSL_DES_ECB -#define HAVE_BLAKE2 #define HAVE_BLAKE2B #define HAVE_BLAKE2S #define WOLFSSL_SIPHASH diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_arduino.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* examples/configs/user_settings_arduino.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_baremetal.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_baremetal.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_baremetal.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_baremetal.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,231 @@ +/* user_settings_baremetal.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Bare metal configuration for systems without an OS. + * No filesystem, no malloc, static memory, minimal footprint. + * Suitable for deeply embedded systems and bootloaders. + * + * Build and test: + * cp ./examples/configs/user_settings_baremetal.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform - Bare Metal */ +/* ------------------------------------------------- */ +#define SINGLE_THREADED +#define NO_FILESYSTEM +#define NO_WRITEV +#define WOLFSSL_NO_SOCK +#define WOLFSSL_IGNORE_FILE_WARN +#define WOLFSSL_GENERAL_ALIGNMENT 4 +#define SIZEOF_LONG_LONG 8 + +/* TLS transport requires setting IO callbacks */ +#define WOLFSSL_USER_IO + +/* ------------------------------------------------- */ +/* Memory */ +/* ------------------------------------------------- */ +#if 1 /* stack memory */ + +#elif 1 /* small stack */ + /* Small stack - allocate large variables from static pool */ + #define WOLFSSL_SMALL_STACK +#else /* static memory */ + #define WOLFSSL_STATIC_MEMORY + #define WOLFSSL_NO_MALLOC + #define WOLFSSL_SP_NO_MALLOC + #define WOLFSSL_MALLOC_CHECK + #define NO_WOLFSSL_MEMORY +#endif + +/* ------------------------------------------------- */ +/* Math - Single Precision (smallest) */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH +#define WOLFSSL_SP_SMALL +#define TFM_TIMING_RESISTANT + +/* ------------------------------------------------- */ +/* TLS (optional - disable for crypto-only) */ +/* ------------------------------------------------- */ +#if 0 /* TLS support */ + #define WOLFSSL_TLS13 + #define WOLFSSL_NO_TLS12 + #define NO_OLD_TLS + #define HAVE_TLS_EXTENSIONS + #define HAVE_SUPPORTED_CURVES + #define HAVE_HKDF +#else + #define WOLFCRYPT_ONLY +#endif + +/* ------------------------------------------------- */ +/* ECC (smallest asymmetric option) */ +/* ------------------------------------------------- */ +#if 1 /* ECC support */ + #define HAVE_ECC + #define WOLFSSL_HAVE_SP_ECC + + #define ECC_USER_CURVES /* P-256 only */ + #undef NO_ECC256 + #define ECC_TIMING_RESISTANT + /* Disable for smaller size */ + #if 0 /* ECC Shamir (faster, more code) */ + #define ECC_SHAMIR + #endif +#endif + +/* ECC Feature Reduction */ +#if 0 /* Verify only (no signing/keygen) */ + #define NO_ECC_SIGN + #define NO_ECC_DHE + #define NO_ECC_KEY_EXPORT +#endif + +/* ------------------------------------------------- */ +/* RSA (disable for smallest size) */ +/* ------------------------------------------------- */ +#if 0 /* RSA support */ + #undef NO_RSA + #define WOLFSSL_HAVE_SP_RSA + #define WC_RSA_BLINDING + #define RSA_LOW_MEM + #if 0 /* Verify only */ + #define WOLFSSL_RSA_PUBLIC_ONLY + #define WOLFSSL_RSA_VERIFY_INLINE + #define NO_CHECK_PRIVATE_KEY + #endif +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +#if 1 /* AES */ + #define HAVE_AESGCM + #define GCM_SMALL + #define WOLFSSL_AES_SMALL_TABLES + #define WOLFSSL_AES_NO_UNROLL + #define NO_AES_192 + #define NO_AES_256 + #if 0 /* AES-CBC */ + #undef NO_AES_CBC + #else + #define NO_AES_CBC + #endif +#else + #define NO_AES +#endif + +#if 0 /* ChaCha20-Poly1305 */ + #define HAVE_CHACHA + #define HAVE_POLY1305 +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 only (required) */ +#define USE_SLOW_SHA256 + +#if 0 /* SHA-1 (legacy) */ + #undef NO_SHA +#else + #define NO_SHA +#endif + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#if 1 /* Hash-based DRBG */ + #define HAVE_HASHDRBG +#else + /* Use hardware RNG directly */ + #define WC_NO_HASHDRBG + extern int my_rng_gen_block(unsigned char* output, unsigned int sz); + #define CUSTOM_RAND_GENERATE_BLOCK my_rng_gen_block +#endif + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +#if 0 /* Disable certificates for smallest size */ + #define NO_ASN + #define NO_CERTS + #define NO_CODING +#endif + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DH +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_PSK +#define NO_PWDBASED +#define NO_PKCS8 +#define NO_PKCS12 + +/* ------------------------------------------------- */ +/* Disabled Features */ +/* ------------------------------------------------- */ +#define NO_SIG_WRAPPER +#define NO_SESSION_CACHE +#define NO_ERROR_STRINGS +#define NO_OLD_RNGNAME +#define NO_WOLFSSL_DIR +#define BENCH_EMBEDDED + +/* ------------------------------------------------- */ +/* Custom Time (bare metal has no RTC typically) */ +/* ------------------------------------------------- */ +#if 1 /* Custom time function */ + #define NO_ASN_TIME + /* Or provide custom time: + * #define USER_TIME + * extern unsigned long my_time(unsigned long* timer); + * #define XTIME my_time + */ +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_ca.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_ca.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_ca.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_ca.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,210 @@ +/* user_settings_ca.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Certificate Authority (CA) / PKI configuration. + * For certificate generation, signing, CRL, OCSP, and CertificateManager. + * No TLS - certificate operations only. + * + * Build and test: + * cp ./examples/configs/user_settings_ca.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#define NO_TLS /* Enables CertificateManager without TLS */ +#if 0 /* Single threaded */ + #define SINGLE_THREADED +#endif +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL +#define SP_INT_BITS 4096 + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* Certificate Generation */ +/* ------------------------------------------------- */ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT +#define WOLFSSL_MULTI_ATTRIB +#define WOLFSSL_ALT_NAMES +#define WOLFSSL_CUSTOM_OID +#define HAVE_OID_ENCODING + +/* Additional certificate features */ +#define WOLFSSL_CERT_NAME_ALL +#define WOLFSSL_HAVE_ISSUER_NAMES +#define WOLFSSL_AKID_NAME +#define WOLFSSL_SUBJ_DIR_ATTR +#define WOLFSSL_SUBJ_INFO_ACC + +/* ------------------------------------------------- */ +/* ASN.1 */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_PEM_TO_DER +#define WOLFSSL_DER_TO_PEM +#define WOLFSSL_DER_LOAD +#define ASN_BER_TO_DER + +/* ------------------------------------------------- */ +/* CRL (Certificate Revocation List) */ +/* ------------------------------------------------- */ +#define HAVE_CRL +#if 0 /* CRL file monitoring */ + #define HAVE_CRL_MONITOR +#endif +#define HAVE_CRL_IO +#define HAVE_IO_TIMEOUT + +/* ------------------------------------------------- */ +/* OCSP (Online Certificate Status Protocol) */ +/* ------------------------------------------------- */ +#define HAVE_OCSP +#define HAVE_CERTIFICATE_STATUS_REQUEST +#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#define HAVE_TLS_EXTENSIONS + +/* ------------------------------------------------- */ +/* ECC */ +/* ------------------------------------------------- */ +#if 1 /* ECC support */ + #define HAVE_ECC + #define ECC_USER_CURVES + #undef NO_ECC256 + #define HAVE_ECC384 + #define HAVE_ECC521 + #define ECC_SHAMIR + #define HAVE_COMP_KEY + #define WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT +#endif + +/* ------------------------------------------------- */ +/* Ed25519 / Ed448 */ +/* ------------------------------------------------- */ +#if 1 /* Ed25519 certificates */ + #define HAVE_ED25519 + #define HAVE_CURVE25519 +#endif +#if 1 /* Ed448 certificates */ + #define HAVE_ED448 + #define HAVE_CURVE448 + #define WOLFSSL_SHAKE256 +#endif + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#if 1 /* RSA support */ + #undef NO_RSA + #define WOLFSSL_KEY_GEN + #define WC_RSA_PSS + #define WC_RSA_NO_PADDING +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* Post-Quantum Certificates */ +/* ------------------------------------------------- */ +#if 0 /* ML-DSA / Dilithium certificates */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define HAVE_DILITHIUM + #define WOLFSSL_WC_DILITHIUM + #define WOLFSSL_SHAKE128 + #define WOLFSSL_SHAKE256 +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 required */ +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA3 + +#if 1 /* SHA-1 (for legacy certificate compatibility) */ + #undef NO_SHA +#else + #define NO_SHA +#endif + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* Encoding */ +/* ------------------------------------------------- */ +#define WOLFSSL_BASE64_ENCODE +#define WOLFSSL_BASE16 + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DH +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_DES3 +#define NO_PSK +#define NO_PWDBASED +#define NO_OLD_TLS + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 0 /* Disable error strings */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_curve25519nonblock.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_curve25519nonblock.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_curve25519nonblock.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_curve25519nonblock.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,88 @@ +/* user_settings_curve25519nonblock.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Example wolfSSL user_settings.h file for Curve25519 (X25519) non-blocking. + * See doc/dox_comments/header_files/curve25519.h wc_curve25519_set_nonblock. + */ + +/* Settings based on this configure: +./configure --enable-curve25519=nonblock --enable-ecc=nonblock \ + --enable-sp=yes,nonblock \ + CFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK" +*/ + +/* Tested using: +cp ./examples/configs/user_settings_curve25519nonblock.h user_settings.h +./configure --enable-usersettings --enable-debug --disable-examples +make +./wolfcrypt/test/testwolfcrypt +*/ + +/* Example test results: +CURVE25519 non-block key gen: 1273 times +CURVE25519 non-block shared secret: 1275 times +CURVE25519 test passed! +*/ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* Features */ +#define WOLFCRYPT_ONLY +#define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_PUBLIC_MP /* expose mp_ math API's */ +#define HAVE_HASHDRBG + +/* Curve25519 (X25519) */ +#define HAVE_CURVE25519 +#define CURVE25519_SMALL +#define WC_X25519_NONBLOCK + +/* Debugging */ +#if 1 + #undef DEBUG_WOLFSSL + #define DEBUG_WOLFSSL + #define WOLFSSL_DEBUG_NONBLOCK +#endif + +/* Disabled algorithms */ +#define NO_OLD_TLS +#define NO_RSA +#define NO_DH +#define NO_PSK +#define NO_MD4 +#define NO_MD5 +#define NO_SHA +#define NO_DSA +#define NO_DES3 +#define NO_RC4 +#define WOLFSSL_NO_SHAKE128 +#define WOLFSSL_NO_SHAKE256 + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_dtls13.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_dtls13.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_dtls13.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_dtls13.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,211 @@ +/* user_settings_dtls13.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* DTLS 1.3 for IoT and UDP applications. + * Suitable for constrained devices with unreliable networks. + * + * Build and test: + * cp ./examples/configs/user_settings_dtls13.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#if 1 /* Single threaded (typical for IoT) */ + #define SINGLE_THREADED +#endif +#if 0 /* Disable filesystem */ + #define NO_FILESYSTEM +#endif +#define WOLFSSL_USER_IO +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL +#if 1 /* Small code size for IoT */ + #define WOLFSSL_SP_SMALL +#endif + +/* ------------------------------------------------- */ +/* DTLS 1.3 */ +/* ------------------------------------------------- */ +#define WOLFSSL_DTLS +#define WOLFSSL_DTLS13 +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_HKDF +#define WC_RSA_PSS + +/* Disable older versions */ +#define WOLFSSL_NO_TLS12 +#define NO_OLD_TLS + +/* DTLS-specific features */ +#if 1 /* HelloRetryRequest cookie (DoS protection) */ + #define WOLFSSL_SEND_HRR_COOKIE +#endif +#if 0 /* Connection ID (NAT traversal) - requires TLS 1.2 code paths */ + #define WOLFSSL_DTLS_CID +#endif +#if 0 /* Fragmented ClientHello */ + #define WOLFSSL_DTLS_CH_FRAG +#endif + +/* Client/Server */ +#if 0 /* Client only */ + #define NO_WOLFSSL_SERVER +#endif +#if 0 /* Server only */ + #define NO_WOLFSSL_CLIENT +#endif + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* ECC (preferred for IoT) */ +/* ------------------------------------------------- */ +#define HAVE_ECC +#define ECC_USER_CURVES +#undef NO_ECC256 +#if 0 /* P-384 */ + #define HAVE_ECC384 +#endif +#define ECC_SHAMIR + +/* ------------------------------------------------- */ +/* Curve25519 / Ed25519 */ +/* ------------------------------------------------- */ +#if 1 /* X25519 key exchange (efficient for IoT) */ + #define HAVE_CURVE25519 + #define CURVE25519_SMALL +#endif + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#if 0 /* RSA support (larger, disable for constrained devices) */ + #undef NO_RSA +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* DH */ +/* ------------------------------------------------- */ +#define NO_DH + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +/* AES-GCM */ +#define HAVE_AESGCM +#if 1 /* Small GCM tables for IoT */ + #define GCM_SMALL +#else + #define GCM_TABLE_4BIT +#endif + +#if 1 /* ChaCha20-Poly1305 (efficient in software) */ + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define HAVE_ONE_TIME_AUTH +#endif + +#if 1 /* AES-CCM (common in IoT) */ + #define HAVE_AESCCM +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 required */ +#if 1 /* Smaller/slower SHA */ + #define USE_SLOW_SHA256 +#endif + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_SHA +#define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_PSK +#define NO_PWDBASED + +/* ------------------------------------------------- */ +/* Memory Optimization */ +/* ------------------------------------------------- */ +#if 1 /* Small stack for embedded */ + #define WOLFSSL_SMALL_STACK +#endif +#if 0 /* Static memory (no malloc) */ + #define WOLFSSL_STATIC_MEMORY + #define WOLFSSL_NO_MALLOC +#endif +#define NO_SESSION_CACHE + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 1 /* Disable error strings to save flash */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_eccnonblock.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_eccnonblock.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_eccnonblock.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_eccnonblock.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_eccnonblock.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,8 +104,8 @@ #define WOLFSSL_SP_MATH /* forces only single precision */ /* Hashing */ -#define WOLFSL_SHA512 -#define WOLFSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA384 #undef NO_SHA256 /* Debugging */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_espressif.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_espressif.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_espressif.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_espressif.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl-component include/user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv2.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv2.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_fipsv2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -112,4 +112,4 @@ } #endif -#endif /* WOLFSSL_OPTIONS_H */ +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv5.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv5.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_fipsv5.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_fipsv5.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -130,7 +130,6 @@ #define WOLFSSL_AES_COUNTER #define HAVE_AESCCM #define HAVE_AES_ECB -#define WOLFSSL_AES_COUNTER #define WOLFSSL_AES_DIRECT #define WOLFSSL_AES_OFB #define HAVE_AESGCM @@ -147,7 +146,6 @@ #define WOLFSSL_SHA224 #define WOLFSSL_SHA512 #define WOLFSSL_SHA384 -#define WOLFSSL_NO_SHAKE256 #define WOLFSSL_NOSHA512_224 #define WOLFSSL_NOSHA512_256 #define WOLFSSL_SHA3 @@ -162,6 +160,7 @@ #define NO_MD4 #define NO_MD5 #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_DSA #define NO_RABBIT #define NO_HC128 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_min_ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_min_ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_min_ecc.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_min_ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_min_ecc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,63 +19,94 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* should be renamed to user_settings.h for customer use - * generated from configure options: - * ./configure \ - --enable-cryptonly --enable-ecc --enable-sp \ - --disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5 \ - --disable-sha --disable-pkcs12 --disable-memory \ - --disable-chacha --disable-poly1305 --disable-sha512 --disable-sha384 \ - --disable-aesgcm --disable-aescbc --disable-aes --disable-rng \ - CFLAGS="-DNO_SIG_WRAPPER -DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES \ - -DNO_ECC_SIGN -DNO_ECC_DHE -DNO_ECC_KEY_EXPORT" +/* Minimal ECC and SHA-256 only (no TLS, no RSA, no AES) * - * Cleaned up by David Garske + * Derived from: + * ./configure \ + * --enable-cryptonly --enable-ecc --enable-sp \ + * --disable-rsa --disable-dh --disable-sha3 \ + * --disable-sha224 --disable-md5 \ + * --disable-sha --disable-pkcs12 --disable-memory \ + * --disable-chacha --disable-poly1305 \ + * --disable-sha512 --disable-sha384 \ + * --disable-aesgcm --disable-aescbc \ + * --disable-aes --disable-rng \ + * CFLAGS="-DNO_SIG_WRAPPER -DWOLFSSL_PUBLIC_MP \ + * -DECC_USER_CURVES" + * + * Build and test: + * cp ./examples/configs/user_settings_min_ecc.h \ + * user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt */ #ifndef WOLFSSL_USER_SETTINGS_H #define WOLFSSL_USER_SETTINGS_H - #ifdef __cplusplus extern "C" { #endif -/* WolfCrypt Only (no TLS) */ -#define WOLFCRYPT_ONLY +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#define WOLFCRYPT_ONLY /* No TLS, wolfCrypt only */ /* Endianness - defaults to little endian */ #ifdef __BIG_ENDIAN__ #define BIG_ENDIAN_ORDER #endif -/* Expose the math mp_ API's */ -#define WOLFSSL_PUBLIC_MP +#define WOLFSSL_PUBLIC_MP /* Expose mp_ math API's */ -/* Use single precision math only */ +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ #define WOLFSSL_SP #define WOLFSSL_SP_SMALL #define WOLFSSL_SP_MATH #define WOLFSSL_HAVE_SP_ECC -/* Enable Timing Resistance */ +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ #define TFM_TIMING_RESISTANT #define ECC_TIMING_RESISTANT -/* Enable ECC */ +/* ------------------------------------------------- */ +/* ECC */ +/* ------------------------------------------------- */ #define HAVE_ECC -#define ECC_USER_CURVES /* Only 256-Bit Curves */ -//#define ECC_SHAMIR +#define ECC_USER_CURVES /* Only P-256 by default */ +#if 0 /* ECC Shamir - faster but more code/memory */ + #define ECC_SHAMIR +#endif -/* Optional Feature Disables */ -#define NO_SIG_WRAPPER -//#define NO_ECC_KEY_EXPORT -//#define NO_ECC_DHE -//#define NO_ECC_SIGN -//#define NO_ECC_VERIFY +/* ECC Feature Options */ +#if 0 /* Disable ECC key export */ + #define NO_ECC_KEY_EXPORT +#endif +#if 0 /* Disable ECDHE key agreement */ + #define NO_ECC_DHE +#endif +#if 0 /* Disable ECC sign */ + #define NO_ECC_SIGN +#endif +#if 0 /* Disable ECC verify */ + #define NO_ECC_VERIFY +#endif -/* Disable Algorithms */ +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 enabled by default */ + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ #define NO_AES #define NO_AES_CBC #define NO_DES3 @@ -89,17 +120,30 @@ #define NO_PWDBASED #define NO_PKCS12 #define NO_PKCS8 -//#define WC_NO_RNG +#define NO_SIG_WRAPPER -/* Disable Features */ -//#define NO_ASN -//#define NO_CERTS +/* ------------------------------------------------- */ +/* Disabled Features */ +/* ------------------------------------------------- */ #define NO_WOLFSSL_MEMORY #define WOLFSSL_NO_PEM -//#define NO_CODING #define NO_PSK -#ifndef DEBUG_WOLFSSL +#if 0 /* Disable ASN.1 / certificates */ + #define NO_ASN + #define NO_CERTS + #define NO_CODING +#endif +#if 0 /* Disable RNG (ECC verify only) */ + #define WC_NO_RNG +#endif + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ #define DEBUG_WOLFSSL +#endif +#if 1 /* Disable error strings to save flash */ #define NO_ERROR_STRINGS #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_openssl_compat.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_openssl_compat.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_openssl_compat.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_openssl_compat.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,273 @@ +/* user_settings_openssl_compat.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* OpenSSL compatibility layer for drop-in replacement. + * Provides OpenSSL API compatibility for applications migrating from OpenSSL. + * + * Build and test: + * cp ./examples/configs/user_settings_openssl_compat.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* OpenSSL Compatibility */ +/* ------------------------------------------------- */ +#define OPENSSL_EXTRA +#if 1 /* Full OpenSSL API compatibility */ + #define OPENSSL_ALL +#endif + +/* OpenSSL-compatible names and behavior */ +#define WOLFSSL_VERBOSE_ERRORS +#define ERROR_QUEUE_PER_THREAD +#define WOLFSSL_ERROR_CODE_OPENSSL +#define HAVE_WOLFSSL_SSL_H +#define OPENSSL_COMPATIBLE_DEFAULTS + +/* Avoid old name conflicts */ +#define NO_OLD_RNGNAME +#define NO_OLD_WC_NAMES +#define NO_OLD_SSL_NAMES +#define NO_OLD_SHA_NAMES +#define NO_OLD_MD5_NAME + +/* Extra data support (SSL_CTX_set_ex_data, etc.) */ +#define HAVE_EX_DATA + +/* ------------------------------------------------- */ +/* Application Compatibility */ +/* ------------------------------------------------- */ +#if 0 /* nginx */ + #define WOLFSSL_NGINX +#endif +#if 0 /* HAProxy */ + #define WOLFSSL_HAPROXY +#endif +#if 0 /* Apache httpd */ + #define HAVE_LIGHTY +#endif +#if 0 /* stunnel */ + #define HAVE_STUNNEL +#endif +#if 0 /* OpenVPN */ + #define WOLFSSL_OPENVPN +#endif +#if 0 /* Qt */ + #define WOLFSSL_QT +#endif +#if 0 /* cURL */ + #define WOLFSSL_LIBCURL +#endif +#if 0 /* OpenSSH */ + #define WOLFSSL_OPENSSH +#endif + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL + +/* ------------------------------------------------- */ +/* TLS Versions */ +/* ------------------------------------------------- */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_EXTENDED_MASTER +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_HKDF +#define WC_RSA_PSS + +#if 1 /* TLS 1.2 (for compatibility) */ + #undef WOLFSSL_NO_TLS12 +#endif +#if 0 /* Allow older TLS (not recommended) */ + #undef NO_OLD_TLS +#else + #define NO_OLD_TLS +#endif + +/* TLS Extensions */ +#define HAVE_SESSION_TICKET +#define HAVE_SNI +#define HAVE_ALPN +#define HAVE_MAX_FRAGMENT +#define HAVE_TRUNCATED_HMAC +#define HAVE_SECURE_RENEGOTIATION +#define HAVE_SERVER_RENEGOTIATION_INFO + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* ECC */ +/* ------------------------------------------------- */ +#define HAVE_ECC +#define TFM_ECC256 +#define ECC_SHAMIR +#define HAVE_ECC_CDH +#define HAVE_COMP_KEY + +/* ------------------------------------------------- */ +/* Curve25519 / Ed25519 */ +/* ------------------------------------------------- */ +#define HAVE_CURVE25519 +#define HAVE_ED25519 + +/* ------------------------------------------------- */ +/* Curve448 / Ed448 */ +/* ------------------------------------------------- */ +#if 1 /* Ed448/X448 */ + #define HAVE_CURVE448 + #define HAVE_ED448 +#endif + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#undef NO_RSA +#define WC_RSA_NO_PADDING +#define WOLFSSL_KEY_GEN + +/* ------------------------------------------------- */ +/* DH */ +/* ------------------------------------------------- */ +#undef NO_DH +#define HAVE_FFDHE_2048 +#define HAVE_FFDHE_3072 +#define HAVE_FFDHE_4096 +#define HAVE_DH_DEFAULT_PARAMS +#define WOLFSSL_DH_EXTRA + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +#define HAVE_AESGCM +#define GCM_TABLE_4BIT +#define WOLFSSL_AESGCM_STREAM +#define HAVE_AESCCM +#define WOLFSSL_AES_COUNTER +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_OFB +#define WOLFSSL_AES_CFB +#define HAVE_AES_ECB +#define HAVE_AES_KEYWRAP +#define HAVE_AES_DECRYPT + +#define HAVE_CHACHA +#define HAVE_POLY1305 +#define HAVE_ONE_TIME_AUTH +#define HAVE_XCHACHA + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA3 +#define WOLFSSL_SHAKE256 + +#define HAVE_BLAKE2B +#define HAVE_BLAKE2S + +/* ------------------------------------------------- */ +/* Additional Features */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG +#define WOLFSSL_CMAC +#define WOLFSSL_DES_ECB +#define HAVE_CTS +#define HAVE_HKDF +#define HAVE_X963_KDF +#define HAVE_KEYING_MATERIAL +#define WOLFSSL_HAVE_PRF + +/* ------------------------------------------------- */ +/* Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT +#define WOLFSSL_MULTI_ATTRIB +#define WOLFSSL_DER_LOAD +#define WOLFSSL_PEM_TO_DER +#define WOLFSSL_DER_TO_PEM +#define WOLFSSL_ALT_NAMES + +#define HAVE_CRL +#define HAVE_OCSP +#define HAVE_CERTIFICATE_STATUS_REQUEST +#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +/* ------------------------------------------------- */ +/* Encoding */ +/* ------------------------------------------------- */ +#define WOLFSSL_BASE16 +#define WOLFSSL_BASE64_ENCODE + +/* ------------------------------------------------- */ +/* Session Cache */ +/* ------------------------------------------------- */ +#define HAVE_EXT_CACHE +#define SESSION_CERTS +#define PERSIST_SESSION_CACHE +#define PERSIST_CERT_CACHE + +/* ------------------------------------------------- */ +/* PKCS */ +/* ------------------------------------------------- */ +#define HAVE_PKCS8 + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_PSK + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_pkcs7.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,216 @@ +/* user_settings_pkcs7.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* PKCS#7 / CMS configuration for signing and encryption. + * Suitable for S/MIME, firmware signing, secure messaging. + * No TLS - cryptographic operations only. + * + * Build and test: + * cp ./examples/configs/user_settings_pkcs7.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#define WOLFCRYPT_ONLY +#if 0 /* Single threaded */ + #define SINGLE_THREADED +#endif +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL +#if 0 /* Small code size */ + #define WOLFSSL_SP_SMALL +#endif + +/* ------------------------------------------------- */ +/* PKCS#7 / CMS */ +/* ------------------------------------------------- */ +#define HAVE_PKCS7 + +/* PKCS#7 Content Types */ +#if 1 /* Signed Data */ + /* Default enabled with HAVE_PKCS7 */ +#endif +#if 1 /* Enveloped Data (encryption) */ + /* Default enabled with HAVE_PKCS7 */ +#endif +#if 0 /* Compressed Data (requires libz) */ + #define HAVE_LIBZ +#endif +#if 1 /* Authenticated Enveloped Data (AES-GCM) */ + /* Requires HAVE_AESGCM */ +#endif + +/* PKCS#7 Features */ +#define HAVE_X963_KDF +#define HAVE_HKDF + +/* ------------------------------------------------- */ +/* S/MIME */ +/* ------------------------------------------------- */ +#if 1 /* S/MIME support */ + #define HAVE_SMIME +#endif + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* ECC */ +/* ------------------------------------------------- */ +#if 1 /* ECC support */ + #define HAVE_ECC + #define ECC_USER_CURVES + #undef NO_ECC256 + #if 1 /* P-384 */ + #define HAVE_ECC384 + #endif + #if 0 /* P-521 */ + #define HAVE_ECC521 + #endif + #define ECC_SHAMIR + #define HAVE_ECC_ENCRYPT /* ECIES for PKCS#7 */ +#endif + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#if 1 /* RSA support */ + #undef NO_RSA + #define WOLFSSL_KEY_GEN + #define WC_RSA_NO_PADDING + #define WC_RSA_PSS /* RSA-PSS SignedData (id-RSASSA-PSS); see PKCS7_RSA_PSS */ +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +/* AES (required for PKCS#7) */ +#define HAVE_AES_CBC +#define HAVE_AES_DECRYPT +#define HAVE_AES_KEYWRAP +#define WOLFSSL_AES_DIRECT + +#if 1 /* AES-GCM (AuthEnvelopedData) */ + #define HAVE_AESGCM + #define GCM_TABLE_4BIT +#endif + +#if 1 /* AES-CCM */ + #define HAVE_AESCCM +#endif + +#if 0 /* 3DES (legacy, not recommended) */ + #undef NO_DES3 +#else + #define NO_DES3 +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 required */ + +#if 1 /* SHA-1 (for legacy compatibility) */ + #undef NO_SHA +#else + #define NO_SHA +#endif + +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +#if 1 /* SHA-3 */ + #define WOLFSSL_SHA3 +#endif + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +/* Certificate generation for signing */ +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT +#define WOLFSSL_MULTI_ATTRIB + +/* Certificate parsing */ +#define WOLFSSL_PEM_TO_DER +#define WOLFSSL_DER_TO_PEM +#define WOLFSSL_DER_LOAD + +/* ------------------------------------------------- */ +/* Encoding */ +/* ------------------------------------------------- */ +#define WOLFSSL_BASE64_ENCODE + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DH +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_PSK +#define NO_PWDBASED + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 0 /* Disable error strings */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_platformio.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_platformio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_platformio.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_platformio.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* examples/configs/user_settings_platformio.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -103,7 +103,6 @@ #define TEST_ESPIDF_ALL_WOLFSSL #ifdef TEST_ESPIDF_ALL_WOLFSSL #define WOLFSSL_MD2 - #define HAVE_BLAKE2 #define HAVE_BLAKE2B #define HAVE_BLAKE2S diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_pq.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pq.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_pq.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_pq.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,232 @@ +/* user_settings_pq.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Post-Quantum TLS 1.3 with ML-KEM (Kyber) and ML-DSA (Dilithium). + * Provides quantum-resistant key exchange and signatures. + * Based on NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) standards. + * + * Build and test: + * cp ./examples/configs/user_settings_pq.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL + +/* ------------------------------------------------- */ +/* TLS 1.3 (required for PQ) */ +/* ------------------------------------------------- */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_HKDF +#define WC_RSA_PSS + +/* Disable older TLS versions */ +#define WOLFSSL_NO_TLS12 +#define NO_OLD_TLS + +#if 1 /* Session tickets */ + #define HAVE_SESSION_TICKET +#endif +#if 1 /* Server Name Indication */ + #define HAVE_SNI +#endif + +/* ------------------------------------------------- */ +/* Experimental Settings (required for PQ) */ +/* ------------------------------------------------- */ +#define WOLFSSL_EXPERIMENTAL_SETTINGS + +/* ------------------------------------------------- */ +/* ML-KEM / Kyber (Key Encapsulation) */ +/* ------------------------------------------------- */ +#if 1 /* ML-KEM (FIPS 203) */ + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_KYBER512 /* Level 1: 128-bit security */ + #define WOLFSSL_KYBER768 /* Level 3: 192-bit security */ + #define WOLFSSL_KYBER1024 /* Level 5: 256-bit security */ +#endif + +/* ------------------------------------------------- */ +/* ML-DSA / Dilithium (Signatures) */ +/* ------------------------------------------------- */ +#if 1 /* ML-DSA (FIPS 204) */ + #define HAVE_DILITHIUM + #define WOLFSSL_WC_DILITHIUM + #define DILITHIUM_LEVEL2 /* Level 2: ~128-bit security */ + #define DILITHIUM_LEVEL3 /* Level 3: ~192-bit security */ + #define DILITHIUM_LEVEL5 /* Level 5: ~256-bit security */ + /* Uses FIPS 204 final standard by default */ + #if 0 /* FIPS 204 Draft version */ + #define WOLFSSL_DILITHIUM_FIPS204_DRAFT + #endif + #define WOLFSSL_SHAKE128 + #define WOLFSSL_SHAKE256 +#endif + +/* ------------------------------------------------- */ +/* LMS (Stateful Hash-Based Signatures) */ +/* ------------------------------------------------- */ +#if 0 /* LMS signatures */ + #define WOLFSSL_HAVE_LMS + #define WOLFSSL_WC_LMS + #ifndef LMS_LEVELS + #define LMS_LEVELS 2 + #endif + #ifndef LMS_HEIGHT + #define LMS_HEIGHT 10 + #endif + #ifndef LMS_WINTERNITZ + #define LMS_WINTERNITZ 8 + #endif +#endif + +/* ------------------------------------------------- */ +/* XMSS (Stateful Hash-Based Signatures) */ +/* ------------------------------------------------- */ +#if 0 /* XMSS signatures */ + #define WOLFSSL_HAVE_XMSS + #define WOLFSSL_WC_XMSS + #ifndef WOLFSSL_XMSS_MAX_HEIGHT + #define WOLFSSL_XMSS_MAX_HEIGHT 20 + #endif +#endif + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* Classical ECC (hybrid with PQ) */ +/* ------------------------------------------------- */ +#if 1 /* ECC for hybrid key exchange */ + #define HAVE_ECC + #define ECC_USER_CURVES + #undef NO_ECC256 + #define HAVE_ECC384 + #define ECC_SHAMIR +#endif + +/* ------------------------------------------------- */ +/* Curve25519 (hybrid with PQ) */ +/* ------------------------------------------------- */ +#if 1 /* X25519 for hybrid key exchange */ + #define HAVE_CURVE25519 +#endif + +/* ------------------------------------------------- */ +/* RSA (for legacy compatibility) */ +/* ------------------------------------------------- */ +#if 1 /* RSA support */ + #undef NO_RSA + #define WOLFSSL_KEY_GEN +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* DH */ +/* ------------------------------------------------- */ +#define NO_DH + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +#define HAVE_AESGCM +#define GCM_TABLE_4BIT + +#if 1 /* ChaCha20-Poly1305 */ + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define HAVE_ONE_TIME_AUTH +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA3 + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +#if 1 /* Certificate generation with PQ algorithms */ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_EXT +#endif + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_PSK +#define NO_PWDBASED + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 0 /* Disable error strings */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_rsa_only.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_rsa_only.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_rsa_only.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_rsa_only.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,238 @@ +/* user_settings_rsa_only.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* RSA-only configuration (no ECC). + * For legacy systems that require RSA-only cipher suites. + * Supports TLS 1.2 and 1.3 with RSA certificates. + * + * Build and test: + * cp ./examples/configs/user_settings_rsa_only.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#if 0 /* Single threaded */ + #define SINGLE_THREADED +#endif +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL +#define WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_SP_4096 + +#if 0 /* Small code size */ + #define WOLFSSL_SP_SMALL +#endif + +/* ------------------------------------------------- */ +/* TLS */ +/* ------------------------------------------------- */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_EXTENDED_MASTER +#define HAVE_ENCRYPT_THEN_MAC +#define HAVE_HKDF +#define WC_RSA_PSS + +/* TLS 1.2 for legacy compatibility */ +#if 1 /* Enable TLS 1.2 */ + #undef WOLFSSL_NO_TLS12 +#else + #define WOLFSSL_NO_TLS12 +#endif +#define NO_OLD_TLS + +/* TLS Extensions */ +#if 1 /* Session tickets */ + #define HAVE_SESSION_TICKET +#endif +#if 1 /* Server Name Indication */ + #define HAVE_SNI +#endif +#if 1 /* Secure renegotiation */ + #define HAVE_SECURE_RENEGOTIATION + #define HAVE_SERVER_RENEGOTIATION_INFO +#endif + +/* Client/Server */ +#if 0 /* Client only */ + #define NO_WOLFSSL_SERVER +#endif +#if 0 /* Server only */ + #define NO_WOLFSSL_CLIENT +#endif + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#undef NO_RSA + +/* RSA key sizes */ +#if 1 /* 2048-bit (minimum recommended) */ + /* Always enabled */ +#endif +#if 1 /* 3072-bit */ + /* Enabled via WOLFSSL_SP_MATH_ALL */ +#endif +#if 1 /* 4096-bit */ + #define WOLFSSL_SP_4096 +#endif + +/* RSA features */ +#define WOLFSSL_KEY_GEN +#define WC_RSA_NO_PADDING + +#if 0 /* RSA-PSS only (no PKCS#1 v1.5) */ + #define WC_RSA_PSS_ONLY +#endif + +#if 0 /* Low memory RSA */ + #define RSA_LOW_MEM +#endif + +/* ------------------------------------------------- */ +/* DH (for TLS 1.2 key exchange) */ +/* ------------------------------------------------- */ +#if 1 /* DH key exchange */ + #undef NO_DH + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_3072 + #define HAVE_FFDHE_4096 + #define HAVE_DH_DEFAULT_PARAMS + #define WOLFSSL_HAVE_SP_DH +#else + #define NO_DH +#endif + +/* ------------------------------------------------- */ +/* ECC - Disabled */ +/* ------------------------------------------------- */ +#define NO_ECC +/* Note: TLS 1.3 typically requires ECDHE, but can work with + * FFDHE (DH) key exchange with RSA certificates */ + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +/* AES-GCM (required for TLS 1.3) */ +#define HAVE_AESGCM +#define GCM_TABLE_4BIT + +/* AES-CBC (for TLS 1.2) */ +#define HAVE_AES_CBC +#define HAVE_AES_DECRYPT + +#if 1 /* ChaCha20-Poly1305 */ + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define HAVE_ONE_TIME_AUTH +#endif + +#if 0 /* AES-CCM */ + #define HAVE_AESCCM +#endif + +#if 0 /* Additional AES modes */ + #define WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_DIRECT +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 required */ +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +#if 1 /* SHA-1 (for TLS 1.2 compatibility) */ + #undef NO_SHA +#else + #define NO_SHA +#endif + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +#if 1 /* Certificate generation */ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_EXT +#endif + +#if 1 /* CRL/OCSP */ + #define HAVE_CRL + #define HAVE_OCSP +#endif + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_PSK +#define NO_PWDBASED + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 0 /* Disable error strings to save flash */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_stm32.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_stm32.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_stm32.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_stm32.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* wolfSSL_conf.h (example of generated wolfSSL.I-CUBE-wolfSSL_conf.h using * default_conf.ftl and STM32CubeIDE or STM32CubeMX tool) * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_template.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_template.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_template.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_template.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_template.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,8 +41,8 @@ /* ------------------------------------------------------------------------- */ #define WOLFSSL_GENERAL_ALIGNMENT 4 #define SIZEOF_LONG_LONG 8 -#if 0 - #define NO_64BIT /* disable use of 64-bit variables */ +#if 0 /* Disable 64-bit types */ + #define NO_64BIT #endif #ifdef TARGET_EMBEDDED @@ -62,7 +62,7 @@ /* Math Configuration */ /* ------------------------------------------------------------------------- */ /* Wolf Single Precision Math */ -#if 1 +#if 1 /* SP Math (recommended) */ #define WOLFSSL_HAVE_SP_RSA #define WOLFSSL_HAVE_SP_DH #define WOLFSSL_HAVE_SP_ECC @@ -78,10 +78,9 @@ #ifdef TARGET_EMBEDDED /* use smaller version of code */ #define WOLFSSL_SP_SMALL - #else - /* SP Assembly Speedups - specific to chip type */ - #define WOLFSSL_SP_ASM #endif + /* SP Assembly Speedups - specific to chip type */ + //#define WOLFSSL_SP_ASM //#define WOLFSSL_SP_X86_64 //#define WOLFSSL_SP_X86 //#define WOLFSSL_SP_ARM32_ASM @@ -103,7 +102,7 @@ /* ------------------------------------------------------------------------- */ /* RSA */ #undef NO_RSA -#if 1 +#if 1 /* RSA */ #ifdef USE_FAST_MATH /* Maximum math bits (Max RSA key bits * 2) */ #define FP_MAX_BITS 4096 @@ -123,9 +122,9 @@ /* DH */ #undef NO_DH -#if 1 - /* Use table for DH instead of -lm (math) lib dependency */ - #if 1 +#if 1 /* DH */ + /* Use table for DH instead of -lm (math) lib */ + #if 1 /* FFDHE parameters */ #define WOLFSSL_DH_CONST #define HAVE_FFDHE_2048 //#define HAVE_FFDHE_4096 @@ -138,7 +137,7 @@ /* ECC */ #undef HAVE_ECC -#if 1 +#if 1 /* ECC */ #define HAVE_ECC /* Manually define enabled curves */ @@ -195,7 +194,7 @@ /* AES */ #undef NO_AES -#if 1 +#if 1 /* AES */ #define HAVE_AES_CBC /* GCM Method: GCM_TABLE_4BIT, GCM_SMALL, GCM_WORD32 or GCM_TABLE */ @@ -217,7 +216,7 @@ /* DES3 */ #undef NO_DES3 -#if 0 +#if 0 /* DES3 (legacy, not recommended) */ #else #define NO_DES3 #endif @@ -225,7 +224,7 @@ /* ChaCha20 / Poly1305 */ #undef HAVE_CHACHA #undef HAVE_POLY1305 -#if 1 +#if 1 /* ChaCha20 / Poly1305 */ #define HAVE_CHACHA #define HAVE_POLY1305 @@ -236,12 +235,12 @@ /* Ed25519 / Curve25519 */ #undef HAVE_CURVE25519 #undef HAVE_ED25519 -#if 0 +#if 0 /* Ed25519 / Curve25519 */ #define HAVE_CURVE25519 #define HAVE_ED25519 /* ED25519 Requires SHA512 */ - /* Optionally use small math (less flash usage, but much slower) */ - #if 1 + /* Optionally use small math (less flash, slower) */ + #if 1 /* Small Curve25519 */ #define CURVED25519_SMALL #endif #endif @@ -252,7 +251,7 @@ /* ------------------------------------------------------------------------- */ /* Sha */ #undef NO_SHA -#if 1 +#if 1 /* SHA-1 */ /* 1k smaller, but 25% slower */ //#define USE_SLOW_SHA #else @@ -261,12 +260,12 @@ /* Sha256 */ #undef NO_SHA256 -#if 1 +#if 1 /* SHA-256 */ /* not unrolled - ~2k smaller and ~25% slower */ //#define USE_SLOW_SHA256 - /* Sha224 */ - #if 0 + /* SHA-224 (requires SHA-256) */ + #if 0 /* SHA-224 */ #define WOLFSSL_SHA224 #endif #else @@ -275,12 +274,12 @@ /* Sha512 */ #undef WOLFSSL_SHA512 -#if 0 +#if 0 /* SHA-512 */ #define WOLFSSL_SHA512 - /* Sha384 */ + /* SHA-384 (requires SHA-512) */ #undef WOLFSSL_SHA384 - #if 0 + #if 0 /* SHA-384 */ #define WOLFSSL_SHA384 #endif @@ -290,27 +289,27 @@ /* Sha3 */ #undef WOLFSSL_SHA3 -#if 0 +#if 0 /* SHA-3 */ #define WOLFSSL_SHA3 #endif /* MD5 */ #undef NO_MD5 -#if 0 - +#if 0 /* MD5 (legacy, not recommended) */ + /* MD5 enabled */ #else #define NO_MD5 #endif /* HKDF */ #undef HAVE_HKDF -#if 1 +#if 1 /* HKDF (TLS 1.3 requires this) */ #define HAVE_HKDF #endif /* CMAC */ #undef WOLFSSL_CMAC -#if 0 +#if 0 /* CMAC */ #define WOLFSSL_CMAC #endif @@ -335,10 +334,10 @@ #undef DEBUG_WOLFSSL #undef NO_ERROR_STRINGS -#if 0 +#if 0 /* Enable debug logging */ #define DEBUG_WOLFSSL #else - #if 0 + #if 0 /* Disable error strings to save flash */ #define NO_ERROR_STRINGS #endif #endif @@ -349,7 +348,7 @@ /* ------------------------------------------------------------------------- */ /* Override Memory API's */ -#if 0 +#if 0 /* Custom malloc/free/realloc */ #define XMALLOC_OVERRIDE /* prototypes for user heap override functions */ @@ -365,24 +364,23 @@ #define XREALLOC(p, n, h, t) myRealloc(p, n, h, t) #endif -#if 0 - /* Static memory requires fast math */ +#if 0 /* Static memory (no heap) */ #define WOLFSSL_STATIC_MEMORY /* Disable fallback malloc/free */ #define WOLFSSL_NO_MALLOC - #if 1 + #if 1 /* Trap malloc failure */ #define WOLFSSL_MALLOC_CHECK /* trap malloc failure */ #endif #endif /* Memory callbacks */ -#if 0 +#if 0 /* wolfSSL memory callbacks */ #undef USE_WOLFSSL_MEMORY #define USE_WOLFSSL_MEMORY /* Use this to measure / print heap usage */ - #if 0 + #if 0 /* Memory tracking / debug */ #define WOLFSSL_TRACK_MEMORY #define WOLFSSL_DEBUG_MEMORY #endif @@ -399,7 +397,7 @@ /* ------------------------------------------------------------------------- */ /* Override Current Time */ -#if 0 +#if 0 /* Custom time function */ /* Allows custom "custom_time()" function to be used for benchmark */ #define WOLFSSL_USER_CURRTIME #define WOLFSSL_GMTIME @@ -414,9 +412,9 @@ /* ------------------------------------------------------------------------- */ /* Choose RNG method */ -#if 1 +#if 1 /* P-RNG with hash DRBG */ /* Custom Seed Source */ - #if 0 + #if 0 /* Custom HW RNG seed */ /* Size of returned HW RNG value */ #define CUSTOM_RAND_TYPE unsigned int extern unsigned int my_rng_seed_gen(void); @@ -444,7 +442,7 @@ /* ------------------------------------------------------------------------- */ /* Allows override of all standard library functions */ #undef STRING_USER -#if 0 +#if 0 /* Custom standard library overrides */ #define STRING_USER #include @@ -490,7 +488,7 @@ //#define HAVE_COMP_KEY /* TLS Session Cache */ -#if 0 +#if 0 /* Small session cache */ #define SMALL_SESSION_CACHE #else #define NO_SESSION_CACHE diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls12.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_tls12.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -132,6 +132,7 @@ #define NO_MD4 #define NO_MD5 #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_PWDBASED #define WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE256 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_tls13.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls13.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_tls13.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_tls13.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,214 @@ +/* user_settings_tls13.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* TLS 1.3 only (no TLS 1.2 or older) with modern algorithms. + * Supports both client and server. + * + * Build and test: + * cp ./examples/configs/user_settings_tls13.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ +#if 0 /* Single threaded */ + #define SINGLE_THREADED +#endif +#if 0 /* Disable filesystem */ + #define NO_FILESYSTEM +#endif +#define WOLFSSL_IGNORE_FILE_WARN + +/* ------------------------------------------------- */ +/* Math */ +/* ------------------------------------------------- */ +#define WOLFSSL_SP_MATH_ALL +#if 0 /* Small code size */ + #define WOLFSSL_SP_SMALL +#endif + +/* ------------------------------------------------- */ +/* TLS 1.3 */ +/* ------------------------------------------------- */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_HKDF +#define WC_RSA_PSS + +/* Disable older TLS versions */ +#define WOLFSSL_NO_TLS12 +#define NO_OLD_TLS + +/* TLS 1.3 Extensions */ +#if 1 /* Session tickets */ + #define HAVE_SESSION_TICKET +#endif +#if 0 /* Early data (0-RTT) */ + #define WOLFSSL_EARLY_DATA +#endif +#if 0 /* Post-handshake authentication */ + #define WOLFSSL_POST_HANDSHAKE_AUTH +#endif +#if 1 /* Server Name Indication */ + #define HAVE_SNI +#endif + +/* Client/Server */ +#if 0 /* Client only */ + #define NO_WOLFSSL_SERVER +#endif +#if 0 /* Server only */ + #define NO_WOLFSSL_CLIENT +#endif + +/* ------------------------------------------------- */ +/* Timing Resistance */ +/* ------------------------------------------------- */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* ------------------------------------------------- */ +/* ECC */ +/* ------------------------------------------------- */ +#if 1 /* ECC support */ + #define HAVE_ECC + #define ECC_USER_CURVES + #undef NO_ECC256 + #if 1 /* P-384 */ + #define HAVE_ECC384 + #endif + #if 0 /* P-521 */ + #define HAVE_ECC521 + #endif + #define ECC_SHAMIR +#endif + +/* ------------------------------------------------- */ +/* Curve25519 / Ed25519 */ +/* ------------------------------------------------- */ +#if 1 /* X25519 key exchange */ + #define HAVE_CURVE25519 +#endif +#if 0 /* Ed25519 signatures */ + #define HAVE_ED25519 +#endif + +/* ------------------------------------------------- */ +/* RSA */ +/* ------------------------------------------------- */ +#if 1 /* RSA support */ + #undef NO_RSA + #define WOLFSSL_KEY_GEN +#else + #define NO_RSA +#endif + +/* ------------------------------------------------- */ +/* DH */ +/* ------------------------------------------------- */ +#if 0 /* DH key exchange (FFDHE) */ + #undef NO_DH + #define HAVE_FFDHE_2048 + #define HAVE_FFDHE_3072 + #define HAVE_DH_DEFAULT_PARAMS +#else + #define NO_DH +#endif + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +/* AES-GCM (required for TLS 1.3) */ +#define HAVE_AESGCM +#define GCM_TABLE_4BIT + +#if 1 /* ChaCha20-Poly1305 */ + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define HAVE_ONE_TIME_AUTH +#endif + +#if 0 /* AES-CCM */ + #define HAVE_AESCCM +#endif + +/* ------------------------------------------------- */ +/* Hashing */ +/* ------------------------------------------------- */ +/* SHA-256 required */ +#define WOLFSSL_SHA384 +#define WOLFSSL_SHA512 + +/* ------------------------------------------------- */ +/* RNG */ +/* ------------------------------------------------- */ +#define HAVE_HASHDRBG + +/* ------------------------------------------------- */ +/* ASN / Certificates */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +#if 0 /* Certificate generation */ + #define WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_REQ + #define WOLFSSL_CERT_EXT +#endif + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ +#define NO_DSA +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_DES3 +#define NO_DES3_TLS_SUITES +#define NO_PSK +#define NO_PWDBASED + +/* ------------------------------------------------- */ +/* Debugging */ +/* ------------------------------------------------- */ +#if 0 /* Enable debug logging */ + #define DEBUG_WOLFSSL +#endif +#if 0 /* Disable error strings to save flash */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfboot_keytools.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfboot_keytools.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfboot_keytools.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfboot_keytools.h 2026-05-24 09:58:33.000000000 +0000 @@ -3,8 +3,7 @@ * wolfCrypt build settings for wolfBoot keygen and signing tool * Enabled via WOLFSSL_USER_SETTINGS. * - * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,58 +22,154 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef H_USER_SETTINGS_ -#define H_USER_SETTINGS_ +/* wolfBoot key generation and signing tool. + * Derived from wolfBoot tools/keytools/user_settings.h + * + * Build and test: + * cp ./examples/configs/user_settings_wolfboot_keytools.h user_settings.h + * ./configure --enable-usersettings --disable-examples + * make + * ./wolfcrypt/test/testwolfcrypt + */ -/* #include */ /* DG: Removed, not needed for testing */ +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H -/* System */ -#define WOLFSSL_GENERAL_ALIGNMENT 4 +#ifdef __cplusplus +extern "C" { +#endif + +/* ------------------------------------------------- */ +/* Platform */ +/* ------------------------------------------------- */ #define SINGLE_THREADED #define WOLFCRYPT_ONLY -#define SIZEOF_LONG_LONG 8 +/* ------------------------------------------------- */ /* Math */ -#define USE_FAST_MATH -#define FP_MAX_BITS (4096 * 2) +/* ------------------------------------------------- */ +#if 0 /* Fast Math */ + #define USE_FAST_MATH + #define FP_MAX_BITS (4096 * 2) +#else /* SP Math (recommended) */ + #define WOLFSSL_SP_MATH + #define WOLFSSL_HAVE_SP_ECC + #define WOLFSSL_SP_384 + #define WOLFSSL_SP_521 + #define WOLFSSL_HAVE_SP_RSA + #define WOLFSSL_SP_4096 +#endif #define TFM_TIMING_RESISTANT +/* ------------------------------------------------- */ /* ECC */ -#define HAVE_ECC -#define WOLFSSL_HAVE_SP_ECC -#define ECC_TIMING_RESISTANT -#define HAVE_ECC256 -#define HAVE_ECC384 -#define HAVE_ECC521 - -/* ED25519 */ -#define HAVE_ED25519 -/* DG: Added, since --enable-usersettings expects small version to be used */ -#define ED25519_SMALL - -/* ED448 */ -#define HAVE_ED448 -#define WOLFSSL_SHAKE256 +/* ------------------------------------------------- */ +#if 1 /* ECC support */ + #define HAVE_ECC + #define ECC_TIMING_RESISTANT + #define ECC_USER_CURVES + #undef NO_ECC256 + #if 1 /* ECC P-384 */ + #define HAVE_ECC384 + #endif + #if 1 /* ECC P-521 */ + #define HAVE_ECC521 + #endif +#endif + +/* ------------------------------------------------- */ +/* ED25519 / Curve25519 */ +/* ------------------------------------------------- */ +#if 1 /* ED25519 signing support */ + #define HAVE_ED25519 +#endif + +/* ------------------------------------------------- */ +/* ED448 / Curve448 */ +/* ------------------------------------------------- */ +#if 1 /* ED448 signing support */ + #define HAVE_ED448 + #define WOLFSSL_SHAKE256 +#endif +/* ------------------------------------------------- */ /* RSA */ -#define WOLFSSL_HAVE_SP_RSA -#define WC_RSA_BLINDING -#define WOLFSSL_KEY_GEN +/* ------------------------------------------------- */ +#if 1 /* RSA signing support */ + #define HAVE_RSA + #define WC_RSA_BLINDING + #define WOLFSSL_KEY_GEN +#else + #define NO_RSA +#endif +/* ------------------------------------------------- */ /* Hashing */ -#define WOLFSSL_SHA512 /* Required for ED25519 */ +/* ------------------------------------------------- */ +#define WOLFSSL_SHA512 /* Required for ED25519/ED448 */ #define WOLFSSL_SHA384 #define WOLFSSL_SHA3 -#undef NO_SHA256 - -/* Chacha stream cipher */ -#define HAVE_CHACHA - -/* AES */ -#define WOLFSSL_AES_COUNTER -#define WOLFSSL_AES_DIRECT -/* Disables */ +/* ------------------------------------------------- */ +/* Post-Quantum Algorithms */ +/* ------------------------------------------------- */ +#define WOLFSSL_EXPERIMENTAL_SETTINGS + +#if 1 /* ML-DSA / Dilithium */ + #define HAVE_DILITHIUM + #define WOLFSSL_WC_DILITHIUM + /* Builds to FIPS 204 final standard by default. + * Set to 1 for draft version. */ + #if 0 /* FIPS 204 Draft */ + #define WOLFSSL_DILITHIUM_FIPS204_DRAFT + #endif + #ifndef ML_DSA_LEVEL + #define ML_DSA_LEVEL 2 + #endif + #define WOLFSSL_SHAKE128 /* Required for Dilithium */ +#endif + +#if 1 /* LMS */ + #define WOLFSSL_HAVE_LMS + #define WOLFSSL_WC_LMS + #ifndef LMS_LEVELS + #define LMS_LEVELS 1 + #endif + #ifndef LMS_HEIGHT + #define LMS_HEIGHT 10 + #endif + #ifndef LMS_WINTERNITZ + #define LMS_WINTERNITZ 8 + #endif +#endif + +#if 1 /* XMSS */ + #define WOLFSSL_HAVE_XMSS + #define WOLFSSL_WC_XMSS + #ifndef WOLFSSL_XMSS_MAX_HEIGHT + #define WOLFSSL_XMSS_MAX_HEIGHT 32 + #endif +#endif + +/* ------------------------------------------------- */ +/* Symmetric Ciphers */ +/* ------------------------------------------------- */ +#if 1 /* ChaCha20 stream cipher */ + #define HAVE_CHACHA +#endif +#if 1 /* AES-CTR / AES direct */ + #define WOLFSSL_AES_COUNTER + #define WOLFSSL_AES_DIRECT +#endif + +/* ------------------------------------------------- */ +/* ASN */ +/* ------------------------------------------------- */ +#define WOLFSSL_ASN_TEMPLATE + +/* ------------------------------------------------- */ +/* Disabled Algorithms */ +/* ------------------------------------------------- */ #define NO_CMAC #define NO_HMAC #define NO_RC4 @@ -82,26 +177,31 @@ #define NO_DH #define NO_DSA #define NO_MD4 -#define NO_RABBIT #define NO_MD5 +#define NO_DES3 +#define NO_PWDBASED +#define NO_OLD_RNGNAME +#define NO_RABBIT +#define NO_HC128 + +/* ------------------------------------------------- */ +/* Disabled Features */ +/* ------------------------------------------------- */ #define NO_SIG_WRAPPER #define NO_CERTS #define NO_SESSION_CACHE -#define NO_HC128 -#define NO_DES3 -#define NO_PWDBASED #define NO_WRITEV -#define NO_OLD_RNGNAME #define NO_WOLFSSL_DIR #define WOLFSSL_NO_SOCK #define WOLFSSL_IGNORE_FILE_WARN -#define NO_ERROR_STRINGS - #define BENCH_EMBEDDED -/* DG: Removed since we need it here for testing */ -/* #define NO_MAIN_DRIVER */ -/* #define NO_CRYPT_TEST */ -/* #define NO_CRYPT_BENCHMARK */ +#if 1 /* Disable error strings to save flash */ + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif -#endif /* !H_USER_SETTINGS_ */ +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfssh.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfssh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfssh.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolfssh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_wolfssh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,8 +46,8 @@ make */ -#ifndef WOLFSSL_USER_SETTINGS_SSH_H -#define WOLFSSL_USER_SETTINGS_SSH_H +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H #ifdef __cplusplus extern "C" { @@ -211,4 +211,4 @@ #endif -#endif /* WOLFSSL_USER_SETTINGS_SSH_H */ +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolftpm.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolftpm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/configs/user_settings_wolftpm.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/configs/user_settings_wolftpm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings_wolftpm.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,15 +59,15 @@ */ -#ifndef WOLF_USER_SETTINGS_TPM_H -#define WOLF_USER_SETTINGS_TPM_H +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H #ifdef __cplusplus extern "C" { #endif -/* enable for low resource options */ -#if 0 +/* Enable for low resource options (smaller, no TLS) */ +#if 0 /* Low resource mode */ #define USE_LOW_RESOURCE #endif @@ -121,7 +121,7 @@ #endif /* Asymmetric */ -#if 1 /* RSA - needed to encrypt salt */ +#if 1 /* RSA - needed for TPM salt encryption */ #undef NO_RSA #ifdef USE_LOW_RESOURCE #define WOLFSSL_RSA_PUBLIC_ONLY @@ -131,7 +131,7 @@ #else #define NO_RSA #endif -#if 1 /* ECC - needed for encrypt ECC salt */ +#if 1 /* ECC - needed for TPM ECC operations */ #define HAVE_ECC #define ECC_USER_CURVES /* default to only SECP256R1 */ #endif @@ -187,6 +187,7 @@ #define NO_PWDBASED #define NO_DSA #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_RC4 #define NO_PSK #define NO_MD4 @@ -222,4 +223,4 @@ } #endif -#endif /* WOLF_USER_SETTINGS_TPM_H */ +#endif /* WOLFSSL_USER_SETTINGS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoclient/echoclient.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoclient/echoclient.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* echoclient.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoclient/echoclient.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoclient/echoclient.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoclient/echoclient.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* echoclient.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoserver/echoserver.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoserver/echoserver.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* echoserver.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoserver/echoserver.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/echoserver/echoserver.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/echoserver/echoserver.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* echoserver.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/examples/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -11,4 +11,5 @@ include examples/configs/include.am include examples/asn1/include.am include examples/pem/include.am +include examples/ocsp_responder/include.am EXTRA_DIST += examples/README.md diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/include.am 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,14 @@ +# vim:ft=automake +# All paths should be given relative to the root + +if BUILD_OCSP_RESPONDER +noinst_PROGRAMS += examples/ocsp_responder/ocsp_responder +noinst_HEADERS += examples/ocsp_responder/ocsp_responder.h +examples_ocsp_responder_ocsp_responder_SOURCES = examples/ocsp_responder/ocsp_responder.c +examples_ocsp_responder_ocsp_responder_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) +examples_ocsp_responder_ocsp_responder_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la +examples_ocsp_responder_ocsp_responder_CFLAGS = $(AM_CFLAGS) +endif + +dist_example_DATA+= examples/ocsp_responder/ocsp_responder.c +DISTCLEANFILES+= examples/ocsp_responder/.libs/ocsp_responder diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1196 @@ +/* ocsp_responder.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Example OCSP responder used for interoperability and stapling testing. + * This code is for demonstration/testing only and is not hardened for + * secure or production use. Do not use this as a reference implementation + * for deploying an OCSP responder in production. + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + +#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ +#undef OPENSSL_COEXIST /* can't use this option with this example */ + +#include +#include +#include +#include +#include + +#include + +/* Check if we have the required features */ +#if defined(HAVE_OCSP) && defined(HAVE_OCSP_RESPONDER) && \ + !defined(NO_FILESYSTEM) + +#include +#include +#include + +/* Define mygetopt variables (used by mygetopt_long in test.h) */ +#ifndef NO_MAIN_DRIVER +int myoptind = 0; +char* myoptarg = NULL; +#endif + +#ifdef _WIN32 + #include + #include + #define SOCKET_T SOCKET + #define close(s) closesocket(s) +#else + #include + #include + #include + #include + #include + #include + #include + #define SOCKET_T int +#ifndef INVALID_SOCKET + #define INVALID_SOCKET (-1) +#endif + #define SOCKET_ERROR (-1) +#endif + +/* Default values */ +#define DEFAULT_PORT 8888 +#define MAX_REQUEST_SIZE 65536 +#define MAX_RESPONSE_SIZE 65536 +#define MAX_HTTP_HEADER 4096 +#define MAX_PATH_LEN 256 +#define MAX_CERTS 16 + + +#define LOG_MSG(...) \ + do { \ + printf(__VA_ARGS__); \ + fflush(stdout); \ + } while(0) + +#ifndef _WIN32 +/* Signal handler flag */ +static volatile int got_signal = 0; + +static void sig_handler(int sig) +{ + (void)sig; + got_signal = 1; +} + +/* Simple logging macro */ +#define LOG_ERROR(...) \ + do { \ + if (got_signal) \ + fprintf(stderr, "Shutdown requested, exiting loop\n"); \ + else \ + fprintf(stderr, __VA_ARGS__); \ + } while (0) +#else +/* Simple logging macro */ +#define LOG_ERROR(...) \ + do { \ + fprintf(stderr, __VA_ARGS__); \ + } while (0) +#endif + +/* Index file entry structure */ +typedef struct IndexEntry { + char status; /* V=valid, R=revoked, E=expired */ + time_t expirationTime; + time_t revocationTime; + char serial[64]; + char filename[256]; + char subject[512]; + struct IndexEntry* next; +} IndexEntry; + +/* Program options */ +typedef struct { + word16 port; + const char* certFile; + const char* responderCertFile; + const char* keyFile; + const char* indexFile; + const char* readyFile; + int nrequests; + int verbose; + int sendCerts; +} OcspResponderOptions; + +/* Usage help */ +static void Usage(void) +{ + LOG_MSG("OCSP Responder Example\n\n"); + LOG_MSG("Usage: ocsp_responder [options]\n\n"); + LOG_MSG("Options:\n"); + LOG_MSG(" -? Help\n"); + LOG_MSG(" -p Port (default %d)\n", DEFAULT_PORT); + LOG_MSG(" -c CA certificate (issuer)\n"); + LOG_MSG(" -r Responder certificate" + " (for authorized responder)\n"); + LOG_MSG(" -k Signing private key\n"); + LOG_MSG(" -i Index file for cert status\n"); + LOG_MSG(" -R Ready file for external monitor\n"); + LOG_MSG(" -n Exit after n requests\n"); + LOG_MSG(" -v Verbose\n"); + LOG_MSG(" -x Exclude certs from response\n"); +} + +/* Load file into buffer, auto-detect PEM vs DER */ +static int LoadFile(const char* filename, byte** buf, word32* bufSz, int* isPem) +{ + int ret; + size_t sz = 0; + + ret = load_file(filename, buf, &sz); + if (ret != 0) { + LOG_ERROR("Error opening file: %s\n", filename); + return ret; + } + + /* Check if PEM format by looking for -----BEGIN */ + if (isPem) { + /* Reallocate with space for null terminator for XSTRSTR */ + byte* tmp = (byte*)XREALLOC(*buf, (word32)sz + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + XFREE(*buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *buf = NULL; + return MEMORY_E; + } + *buf = tmp; + (*buf)[sz] = '\0'; + *isPem = (XSTRSTR((char*)*buf, "-----BEGIN") != NULL) ? 1 : 0; + } + + *bufSz = (word32)sz; + return 0; +} + +/* Convert PEM to DER */ +static int ConvertPemToDer(const byte* pem, word32 pemSz, + byte** der, word32* derSz, int type) +{ + int ret; + + /* Allocate buffer large enough for DER (always smaller than PEM) */ + *der = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*der == NULL) { + return MEMORY_E; + } + + if (type == PRIVATEKEY_TYPE) { + ret = wc_KeyPemToDer(pem, (int)pemSz, *der, (int)pemSz, NULL); + } + else { + ret = wc_CertPemToDer(pem, (int)pemSz, *der, (int)pemSz, type); + } + + if (ret <= 0) { + XFREE(*der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *der = NULL; + if (ret == 0) + ret = BAD_FUNC_ARG; + return ret; + } + + *derSz = (word32)ret; + return 0; +} + +/* Load certificate in DER format */ +static int LoadCertDer(const char* filename, byte** der, word32* derSz) +{ + byte* buf = NULL; + word32 bufSz = 0; + int isPem = 0; + int ret; + + ret = LoadFile(filename, &buf, &bufSz, &isPem); + if (ret != 0) { + return ret; + } + + if (isPem) { + ret = ConvertPemToDer(buf, bufSz, der, derSz, CERT_TYPE); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + else { + *der = buf; + *derSz = bufSz; + return 0; + } +} + +/* Load private key in DER format */ +static int LoadKeyDer(const char* filename, byte** der, word32* derSz) +{ + byte* buf = NULL; + word32 bufSz = 0; + int isPem = 0; + int ret; + + ret = LoadFile(filename, &buf, &bufSz, &isPem); + if (ret != 0) { + return ret; + } + + if (isPem) { + ret = ConvertPemToDer(buf, bufSz, der, derSz, PRIVATEKEY_TYPE); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + else { + *der = buf; + *derSz = bufSz; + return 0; + } +} + +/* Free index entries */ +static void FreeIndexEntries(IndexEntry* head) +{ + while (head) { + IndexEntry* next = head->next; + XFREE(head, NULL, DYNAMIC_TYPE_TMP_BUFFER); + head = next; + } +} + +/* Parse OpenSSL index.txt file + * Format: status\texpiration\trevocation\tserial\tfilename\tsubject + * V = valid, R = revoked, E = expired + */ +static IndexEntry* ParseIndexFile(const char* filename) +{ + XFILE f = XBADFILE; + char line[1024]; + IndexEntry* head = NULL; + IndexEntry* tail = NULL; + IndexEntry* entry = NULL; + IndexEntry* ret = NULL; + + if (filename == NULL) { + LOG_ERROR("Invalid filename parameter\n"); + goto cleanup; + } + + f = XFOPEN(filename, "r"); + if (f == XBADFILE) { + LOG_ERROR("Error opening index file: %s\n", filename); + goto cleanup; + } + + while (XFGETS(line, sizeof(line), f) != NULL) { + char* p = line; + char* field; + int fieldNum = 0; + + /* Skip empty lines */ + if (line[0] == '\n' || line[0] == '\r' || line[0] == '\0') + continue; + + entry = (IndexEntry*)XMALLOC(sizeof(IndexEntry), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (entry == NULL) { + LOG_ERROR("Memory allocation failed for index entry\n"); + goto cleanup; + } + XMEMSET(entry, 0, sizeof(IndexEntry)); + + /* Parse tab-separated fields */ + while ((field = XSTRSEP(&p, "\t")) != NULL && fieldNum < 6) { + switch (fieldNum) { + case 0: /* Status */ + entry->status = field[0]; + break; + case 1: /* Expiration time (YYMMDDHHMMSSZ format) */ + /* Parse if needed */ + break; + case 2: /* Revocation time */ + /* Parse if needed, empty for valid certs */ + if (field[0] != '\0') { + struct tm tm; + XMEMSET(&tm, 0, sizeof(tm)); + if (wc_GetDateAsCalendarTime((const byte*)field, + (int)XSTRLEN(field), ASN_UTC_TIME, &tm) != 0) { + LOG_ERROR("Invalid revocation time" + " format: %s\n", field); + entry->revocationTime = (time_t)-1; + break; + } + entry->revocationTime = XMKTIME(&tm); + } + break; + case 3: /* Serial (hex) */ + XSTRNCPY(entry->serial, field, sizeof(entry->serial) - 1); + break; + case 4: /* Filename */ + XSTRNCPY(entry->filename, field, + sizeof(entry->filename) - 1); + break; + case 5: /* Subject */ + /* Remove trailing newline */ + { + size_t len = XSTRLEN(field); + if (len > 0 && (field[len-1] == '\n' || + field[len-1] == '\r')) + field[len-1] = '\0'; + if (len > 1 && (field[len-2] == '\n' || + field[len-2] == '\r')) + field[len-2] = '\0'; + } + XSTRNCPY(entry->subject, field, sizeof(entry->subject) - 1); + break; + } + fieldNum++; + } + + /* Validate that we got at least status and serial */ + if (fieldNum < 4 || entry->serial[0] == '\0' || + entry->revocationTime == (time_t)-1) { + LOG_ERROR("Invalid index entry - missing required fields\n"); + XFREE(entry, NULL, DYNAMIC_TYPE_TMP_BUFFER); + entry = NULL; + goto cleanup; + } + + /* Add to list */ + entry->next = NULL; + if (tail) { + tail->next = entry; + tail = entry; + } + else { + head = tail = entry; + } + entry = NULL; + } + + /* Success */ + ret = head; + head = NULL; + +cleanup: + if (f != XBADFILE) + XFCLOSE(f); + if (entry != NULL) + XFREE(entry, NULL, DYNAMIC_TYPE_TMP_BUFFER); + FreeIndexEntries(head); + return ret; +} + +/* Lookup certificate status by serial number */ +static int PopulateResponderFromIndex(OcspResponder* responder, + IndexEntry* index, + DecodedCert* caCert) +{ + IndexEntry* entry; + char caSubjectBuf[WC_ASN_NAME_MAX]; + word32 caSubjSz = sizeof(caSubjectBuf); + int count = 0; + int ret; + + if (responder == NULL || index == NULL || caCert == NULL) { + return BAD_FUNC_ARG; + } + + ret = wc_GetDecodedCertSubject(caCert, caSubjectBuf, &caSubjSz); + if (ret != 0 || caSubjSz == 0) { + LOG_ERROR("Could not get CA subject\n"); + return BAD_FUNC_ARG; + } + + for (entry = index; entry != NULL; entry = entry->next) { + byte serial[64]; + word32 serialLen = 0; + enum Ocsp_Cert_Status status; + time_t revTime = 0; + enum WC_CRL_Reason revReason = WC_CRL_REASON_UNSPECIFIED; + word32 validity = 86400; + char* p = entry->serial; + word32 i; + + /* Convert hex string to bytes */ + { + word32 hexLen = (word32)XSTRLEN(entry->serial); + word32 j; + + /* Reject odd-length hex strings */ + if (hexLen % 2 != 0) { + LOG_ERROR("Invalid hex serial length (odd): %u\n", hexLen); + return BAD_FUNC_ARG; + } + + serialLen = hexLen / 2; + if (serialLen == 0 || serialLen > sizeof(serial)) { + return BAD_FUNC_ARG; + } + + /* Validate all characters are hex digits */ + for (j = 0; j < hexLen; j++) { + char c = p[j]; + if (!((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || + (c >= 'A' && c <= 'F'))) { + LOG_ERROR("Invalid hex character in serial: '%c'\n", c); + return BAD_FUNC_ARG; + } + } + } + + for (i = 0; i < serialLen; i++) { + int high = ('0' <= p[i*2] && p[i*2] <= '9') ? + (p[i*2] - '0') : + ('A' <= p[i*2] && p[i*2] <= 'F') ? + (p[i*2] - 'A' + 10) : + (p[i*2] - 'a' + 10); + int low = ('0' <= p[i*2+1] && p[i*2+1] <= '9') ? + (p[i*2+1] - '0') : + ('A' <= p[i*2+1] && p[i*2+1] <= 'F') ? + (p[i*2+1] - 'A' + 10) : + (p[i*2+1] - 'a' + 10); + serial[i] = (byte)((high << 4) | low); + } + + /* Determine status */ + if (entry->status == 'V') { + status = CERT_GOOD; + } + else if (entry->status == 'R') { + status = CERT_REVOKED; + revTime = entry->revocationTime; + revReason = WC_CRL_REASON_UNSPECIFIED; + validity = 0; + } + else { + status = CERT_UNKNOWN; + validity = 0; + } + + ret = wc_OcspResponder_SetCertStatus(responder, + caSubjectBuf, caSubjSz, + serial, serialLen, + status, revTime, + revReason, validity); + if (ret == 0) { + count++; + } + } + + return count; +} + +/* Receive a complete HTTP request, looping until the full body arrives */ +static int RecvHttpRequest(SOCKET_T fd, byte* buf, int bufSz) +{ + int totalLen = 0; + int contentLen = 0; + int headerSz = 0; + + while (totalLen < bufSz - 1) { + int n = (int)recv(fd, (char*)buf + totalLen, + (size_t)(bufSz - 1 - totalLen), 0); + if (n <= 0) + break; + totalLen += n; + buf[totalLen] = '\0'; + + /* Once we find end-of-headers, parse Content-Length */ + if (headerSz == 0) { + const char* hdrEnd = XSTRSTR((char*)buf, "\r\n\r\n"); + if (hdrEnd != NULL) { + const char* cl; + headerSz = (int)(hdrEnd + 4 - (char*)buf); + cl = XSTRSTR((char*)buf, "Content-Length:"); + if (cl == NULL) + cl = XSTRSTR((char*)buf, "content-length:"); + if (cl != NULL) + contentLen = atoi(cl + 15); + } + } + /* Check if we have the full body */ + if (headerSz > 0 && totalLen >= headerSz + contentLen) + break; + } + return totalLen; +} + +/* Parse HTTP request and extract OCSP request body */ +static int ParseHttpRequest(const byte* httpReq, int httpReqSz, + const byte** body, int* bodySz, + char* path, int pathSz) +{ + /* Initialize outputs */ + *body = NULL; + *bodySz = 0; + if (path && pathSz > 0) + path[0] = '\0'; + + /* Check for POST method */ + if (XSTRNCMP((char*)httpReq, "POST ", 5) == 0) { + const char* contentLen; + /* Extract path */ + const char* pathStart = (const char*)httpReq + 5; + const char* pathEnd = XSTRSTR(pathStart, " "); + if (pathEnd && path && pathSz > 0) { + int len = (int)(pathEnd - pathStart); + if (len >= pathSz) len = pathSz - 1; + XMEMCPY(path, pathStart, (size_t)len); + path[len] = '\0'; + } + + /* Find Content-Length */ + contentLen = XSTRSTR((char*)httpReq, "Content-Length:"); + if (contentLen == NULL) { + contentLen = XSTRSTR((char*)httpReq, "content-length:"); + } + if (contentLen) { + *bodySz = atoi(contentLen + 15); + /* Reject obviously invalid or unreasonably large Content-Length */ + if (*bodySz < 0 || *bodySz > MAX_REQUEST_SIZE) { + LOG_ERROR("Invalid or too large Content-Length: %d\n", *bodySz); + *body = NULL; + *bodySz = 0; + return -1; + } + } + + /* Find body (after \r\n\r\n) */ + *body = (const byte*)XSTRSTR((char*)httpReq, "\r\n\r\n"); + if (*body) { + int offset; + + *body += 4; + offset = (int)(*body - httpReq); + + /* Validate that the body pointer is within the received buffer */ + if (offset < 0 || offset > httpReqSz) { + LOG_ERROR("Invalid HTTP body offset\n"); + *body = NULL; + *bodySz = 0; + return -1; + } + + /* Use Content-Length if available, otherwise use remaining data */ + if (*bodySz == 0) { + /* TODO We should only enter here when "Connection-close" + * is present. There should be some checks to confirm that. */ + *bodySz = httpReqSz - offset; + } + + /* Ensure that the claimed body length fits in the received data */ + if (offset + *bodySz > httpReqSz) { + LOG_ERROR("Incomplete HTTP body: expected %d bytes, have %d\n", + *bodySz, httpReqSz - offset); + *body = NULL; + *bodySz = 0; + return -1; + } + return 0; + } + } + /* Check for GET method with URL-encoded request */ + else if (XSTRNCMP((char*)httpReq, "GET ", 4) == 0) { + /* GET requests have base64-encoded OCSP request in URL */ + /* For simplicity, we'll require POST for now */ + LOG_ERROR("GET method not fully supported, use POST\n"); + return -1; + } + + return -1; +} + +/* Send HTTP response with OCSP response body */ +static int SendHttpResponse(SOCKET_T clientfd, const byte* ocspResp, + int ocspRespSz) +{ + char header[MAX_HTTP_HEADER]; + int headerLen; + int sent; + + headerLen = XSNPRINTF(header, sizeof(header), + "HTTP/1.0 200 OK\r\n" + "Content-Type: application/ocsp-response\r\n" + "Content-Length: %d\r\n" + "Connection: close\r\n" + "\r\n", ocspRespSz); + + if (headerLen < 0 || headerLen >= (int)sizeof(header)) { + LOG_ERROR("HTTP header truncated\n"); + return -1; + } + + /* Send header */ + { + int totalSent = 0; + while (totalSent < headerLen) { + sent = (int)send(clientfd, header + totalSent, + (size_t)(headerLen - totalSent), 0); + if (sent <= 0) { + LOG_ERROR("Failed to send HTTP header\n"); + return -1; + } + totalSent += sent; + } + } + + /* Send body */ + { + int totalSent = 0; + while (totalSent < ocspRespSz) { + sent = (int)send(clientfd, (const char*)ocspResp + totalSent, + (size_t)(ocspRespSz - totalSent), 0); + if (sent <= 0) { + LOG_ERROR("Failed to send OCSP response\n"); + return -1; + } + totalSent += sent; + } + } + + return 0; +} + +/* Send HTTP error response */ +static int SendHttpError(SOCKET_T clientfd, int statusCode, + const char* statusMsg) +{ + char response[512]; + int len; + int sent; + + len = XSNPRINTF(response, sizeof(response), + "HTTP/1.0 %d %s\r\n" + "Content-Type: text/plain\r\n" + "Content-Length: %d\r\n" + "Connection: close\r\n" + "\r\n" + "%s", statusCode, statusMsg, (int)XSTRLEN(statusMsg), statusMsg); + + /* Handle XSNPRINTF error or truncation to avoid sending + * out-of-bounds data. */ + if (len < 0 || len >= (int)sizeof(response)) { + LOG_ERROR("HTTP error response truncated\n"); + return -1; + } + + sent = (int)send(clientfd, response, (size_t)len, 0); + return (sent == len) ? 0 : -1; +} + +/* Map error codes to OCSP response status */ +static enum Ocsp_Response_Status MapErrorToOcspStatus(int err) +{ + switch (err) { + case ASN_PARSE_E: + return OCSP_MALFORMED_REQUEST; + case ASN_SIG_HASH_E: + /* Unsupported hash algorithm */ + return OCSP_INTERNAL_ERROR; + case ASN_NO_SIGNER_E: + return OCSP_UNAUTHORIZED; + default: + return OCSP_INTERNAL_ERROR; + } +} + +/* Main OCSP responder function */ +THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args) +{ + func_args* myargs = (func_args*)args; + int argc = myargs->argc; + char** argv = myargs->argv; + int ret; + int ch; + + OcspResponderOptions opts; + OcspResponder* responder = NULL; + IndexEntry* indexEntries = NULL; + DecodedCert caCert; + SOCKET_T sockfd = INVALID_SOCKET; + SOCKET_T clientfd = INVALID_SOCKET; + + byte* caCertDer = NULL; + word32 caCertDerSz = 0; + byte* responderCertDer = NULL; + word32 responderCertDerSz = 0; + byte* caKeyDer = NULL; + word32 caKeyDerSz = 0; + + byte httpBuf[MAX_REQUEST_SIZE]; + byte respBuf[MAX_RESPONSE_SIZE]; + word32 respSz; + + int requestsProcessed = 0; + word32 caSubjectSz = 0; + + static const struct mygetopt_long_config long_options[] = { + { "help", 0, '?' }, + { NULL, 0, 0 } + }; + + /* Initialize options */ + XMEMSET(&opts, 0, sizeof(opts)); + opts.port = DEFAULT_PORT; + opts.nrequests = 0; + opts.verbose = 0; + opts.sendCerts = 1; + opts.readyFile = NULL; + + /* Initialize caCert */ + XMEMSET(&caCert, 0, sizeof(caCert)); + + /* Parse command line arguments */ + while ((ch = mygetopt_long(argc, argv, "?p:c:r:k:i:R:n:vx", + long_options, 0)) != -1) { + switch (ch) { + case '?': + Usage(); + ret = 0; + goto cleanup; + case 'p': + opts.port = (word16)atoi(myoptarg); + break; + case 'c': + opts.certFile = myoptarg; + break; + case 'r': + opts.responderCertFile = myoptarg; + break; + case 'k': + opts.keyFile = myoptarg; + break; + case 'i': + opts.indexFile = myoptarg; + break; + case 'R': + opts.readyFile = myoptarg; + break; + case 'n': + opts.nrequests = atoi(myoptarg); + break; + case 'v': + opts.verbose = 1; + break; + case 'x': + opts.sendCerts = 0; + break; + default: + Usage(); + ret = MY_EX_USAGE; + goto cleanup; + } + } + + myoptind = 0; /* reset for test cases */ + + /* Validate required options */ + if (opts.certFile == NULL) { + LOG_ERROR("Error: CA certificate required (-c)\n"); + Usage(); + ret = MY_EX_USAGE; + goto cleanup; + } + if (opts.keyFile == NULL) { + LOG_ERROR("Error: CA key required (-k)\n"); + Usage(); + ret = MY_EX_USAGE; + goto cleanup; + } + + /* Load CA certificate */ + ret = LoadCertDer(opts.certFile, &caCertDer, &caCertDerSz); + if (ret != 0) { + LOG_ERROR("Error loading CA certificate: %s\n", opts.certFile); + ret = -1; + goto cleanup; + } + if (opts.verbose) { + LOG_MSG("Loaded CA certificate: %s (%d bytes)\n", + opts.certFile, caCertDerSz); + } + + /* Load responder certificate if provided */ + if (opts.responderCertFile != NULL) { + ret = LoadCertDer(opts.responderCertFile, &responderCertDer, + &responderCertDerSz); + if (ret != 0) { + LOG_ERROR("Error loading responder certificate: %s\n", + opts.responderCertFile); + ret = -1; + goto cleanup; + } + if (opts.verbose) { + LOG_MSG("Loaded responder certificate: %s (%d bytes)\n", + opts.responderCertFile, responderCertDerSz); + } + } + + /* Load CA key */ + ret = LoadKeyDer(opts.keyFile, &caKeyDer, &caKeyDerSz); + if (ret != 0) { + LOG_ERROR("Error loading signing key: %s\n", opts.keyFile); + ret = -1; + goto cleanup; + } + if (opts.verbose) { + LOG_MSG("Loaded signing key: %s (%d bytes)\n", + opts.keyFile, caKeyDerSz); + } + + /* Parse CA certificate to get subject */ + wc_InitDecodedCert(&caCert, caCertDer, caCertDerSz, NULL); + ret = wc_ParseCert(&caCert, CERT_TYPE, 0, NULL); + if (ret != 0) { + LOG_ERROR("Error parsing CA certificate: %d\n", ret); + ret = -1; + goto cleanup; + } + (void)wc_GetDecodedCertSubject(&caCert, NULL, &caSubjectSz); + (void)caSubjectSz; /* Not used in current implementation */ + + /* Load index file if provided */ + if (opts.indexFile) { + indexEntries = ParseIndexFile(opts.indexFile); + if (indexEntries == NULL) { + LOG_ERROR("Warning: Could not parse index file: %s\n", + opts.indexFile); + } + else if (opts.verbose) { + LOG_MSG("Loaded index file: %s\n", opts.indexFile); + } + } + + /* Create OCSP responder */ + responder = wc_OcspResponder_new(NULL, opts.sendCerts); + if (responder == NULL) { + LOG_ERROR("Error creating OCSP responder\n"); + ret = -1; + goto cleanup; + } + + /* Add signer to responder */ + if (opts.responderCertFile != NULL) { + /* Authorized responder: use responder cert as signer, + * CA cert as issuer */ + ret = wc_OcspResponder_AddSigner(responder, + responderCertDer, + responderCertDerSz, + caKeyDer, caKeyDerSz, + caCertDer, caCertDerSz); + if (ret != 0) { + LOG_ERROR("Error adding authorized responder to" + " responder: %d\n", ret); + goto cleanup; + } + if (opts.verbose) { + LOG_MSG("Added authorized responder with CA issuer\n"); + } + } + else { + /* CA as signer (self-signed) */ + ret = wc_OcspResponder_AddSigner(responder, caCertDer, caCertDerSz, + caKeyDer, caKeyDerSz, NULL, 0); + if (ret != 0) { + LOG_ERROR("Error adding CA to responder: %d\n", ret); + goto cleanup; + } + if (opts.verbose) { + LOG_MSG("Added CA to responder\n"); + } + } + + /* Populate responder with certificate statuses from index */ + if (indexEntries != NULL) { + int statusCount = PopulateResponderFromIndex(responder, + indexEntries, + &caCert); + if (statusCount < 0) { + LOG_ERROR("Error populating responder from index:" + " %d\n", statusCount); + } + else if (opts.verbose) { + LOG_MSG("Populated responder with %d certificate" + " statuses\n", statusCount); + } + } + +#ifdef USE_WINDOWS_API + if (opts.port == 0) { + /* Generate random port for testing */ + opts.port = GetRandomPort(); + } +#endif /* USE_WINDOWS_API */ + + /* Create and listen on server socket */ + tcp_listen(&sockfd, &opts.port, 1, 0, 0); + +#ifndef SINGLE_THREADED + /* Signal readiness via tcp_ready if provided (for in-process testing) */ + if (myargs->signal != NULL) { + tcp_ready* ready = myargs->signal; + #ifdef WOLFSSL_COND + THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond)); + #endif + ready->ready = 1; + ready->port = opts.port; + #ifdef WOLFSSL_COND + THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond)); + THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond)); + #endif + } +#endif /* !SINGLE_THREADED */ + + /* Write ready file if requested */ + if (opts.readyFile != NULL) { + XFILE rf = XFOPEN(opts.readyFile, "w"); + if (rf != XBADFILE) { + fprintf(rf, "%d\n", (int)opts.port); + XFCLOSE(rf); + if (opts.verbose) { + LOG_MSG("Ready file created: %s\n", opts.readyFile); + } + } + else { + LOG_ERROR("Warning: Failed to create ready file:" + " %s\n", opts.readyFile); + } + } + +#ifndef _WIN32 + /* Install signal handlers for clean shutdown */ + { + struct sigaction sa; + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = sig_handler; + /* Do NOT set SA_RESTART so accept() is interrupted */ + sigaction(SIGTERM, &sa, NULL); + sigaction(SIGINT, &sa, NULL); + } + if (opts.verbose) { + LOG_MSG("Signal handlers installed\n"); + } +#endif + + /* Main loop */ + while ((opts.nrequests == 0 || requestsProcessed < opts.nrequests) +#ifndef _WIN32 + && !got_signal +#endif + ) { + struct sockaddr_in clientAddr; + socklen_t clientAddrLen = sizeof(clientAddr); + int recvLen; + const byte* ocspReq; + int ocspReqSz; + char path[MAX_PATH_LEN]; + + /* Accept connection */ + clientfd = accept(sockfd, (struct sockaddr*)&clientAddr, + &clientAddrLen); + if (clientfd == INVALID_SOCKET) { + LOG_ERROR("accept() failed\n"); + continue; + } + + if (opts.verbose) { + LOG_MSG("Connection from %s:%d\n", + inet_ntoa(clientAddr.sin_addr), ntohs(clientAddr.sin_port)); + } + + /* Receive HTTP request */ + recvLen = RecvHttpRequest(clientfd, httpBuf, (int)sizeof(httpBuf)); + if (recvLen <= 0) { + LOG_ERROR("recv() failed\n"); + close(clientfd); + continue; + } + httpBuf[recvLen] = '\0'; + + if (opts.verbose) { + LOG_MSG("Received %d bytes\n", recvLen); + } + + /* Parse HTTP request */ + ret = ParseHttpRequest(httpBuf, recvLen, &ocspReq, &ocspReqSz, + path, sizeof(path)); + if (ret != 0 || ocspReq == NULL || ocspReqSz <= 0) { + LOG_ERROR("Invalid HTTP request\n"); + SendHttpError(clientfd, 400, "Bad Request"); + close(clientfd); + continue; + } + + if (opts.verbose) { + LOG_MSG("OCSP request: %d bytes, path: %s\n", ocspReqSz, path); + } + + /* Process OCSP request and generate response */ + respSz = sizeof(respBuf); + ret = wc_OcspResponder_WriteResponse(responder, ocspReq, + (word32)ocspReqSz, + respBuf, &respSz); + + if (ret != 0) { + enum Ocsp_Response_Status errStatus; + LOG_ERROR("Error generating OCSP response: %d\n", ret); + + /* Generate appropriate OCSP error response */ + errStatus = MapErrorToOcspStatus(ret); + respSz = sizeof(respBuf); + ret = wc_OcspResponder_WriteErrorResponse(errStatus, + respBuf, &respSz); + + if (ret != 0) { + /* If we can't even encode an error response, send HTTP error */ + LOG_ERROR("Error encoding OCSP error response: %d\n", ret); + SendHttpError(clientfd, 500, "Internal Server Error"); + close(clientfd); + continue; + } + + if (opts.verbose) { + LOG_MSG("Generated OCSP error response (status=%d): %d bytes\n", + errStatus, respSz); + } + } + + if (opts.verbose) { + LOG_MSG("Generated OCSP response: %d bytes\n", respSz); + } + + /* Send HTTP response */ + ret = SendHttpResponse(clientfd, respBuf, (int)respSz); + if (ret != 0) { + LOG_ERROR("Error sending response\n"); + } + + close(clientfd); + clientfd = INVALID_SOCKET; + requestsProcessed++; + + if (opts.verbose) { + LOG_MSG("Processed request %d\n", requestsProcessed); + } + } + + ret = 0; + +cleanup: + if (clientfd != INVALID_SOCKET) + close(clientfd); + if (sockfd != INVALID_SOCKET) + close(sockfd); + + wc_FreeDecodedCert(&caCert); + + if (responder) + wc_OcspResponder_free(responder); + if (indexEntries) + FreeIndexEntries(indexEntries); + if (caCertDer) + XFREE(caCertDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (responderCertDer) + XFREE(responderCertDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (caKeyDer) + XFREE(caKeyDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + myargs->return_code = ret; +#ifndef WOLFSSL_THREAD_VOID_RETURN + return (THREAD_RETURN)0; +#else + return; +#endif +} + +#ifndef NO_MAIN_DRIVER +int main(int argc, char** argv) +{ + func_args args; + int ret; + + printf("The ocsp_responder.c example is only meant for testing. " + "Do not use this in a production environment.\n"); + + StartTCP(); + +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) { + err_sys("Whitewood netRandom global config failed"); + } +#endif + + ret = wolfSSL_Init(); + if (ret != WOLFSSL_SUCCESS) { + err_sys("wolfSSL_Init failed"); + } + + XMEMSET(&args, 0, sizeof(args)); + args.argc = argc; + args.argv = argv; + args.return_code = 0; + + ocsp_responder_test(&args); + + wolfSSL_Cleanup(); + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif + + return args.return_code; +} +#endif /* !NO_MAIN_DRIVER */ + +#else /* HAVE_OCSP && HAVE_OCSP_RESPONDER && !NO_FILESYSTEM */ + +#ifndef NO_MAIN_DRIVER +int main(int argc, char** argv) +{ + (void)argc; + (void)argv; + printf("OCSP Responder requires HAVE_OCSP, HAVE_OCSP_RESPONDER," + " and filesystem support\n"); + return 0; +} +#endif + +THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args) +{ + func_args* myargs = (func_args*)args; + printf("OCSP Responder requires HAVE_OCSP, HAVE_OCSP_RESPONDER," + " and filesystem support\n"); + myargs->return_code = 0; + WOLFSSL_RETURN_FROM_THREAD(0); +} + +#endif /* HAVE_OCSP && HAVE_OCSP_RESPONDER && !NO_FILESYSTEM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/ocsp_responder/ocsp_responder.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,39 @@ +/* ocsp_responder.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_OCSP_RESPONDER_EXAMPLE_H +#define WOLFSSL_OCSP_RESPONDER_EXAMPLE_H + +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +THREAD_RETURN WOLFSSL_THREAD ocsp_responder_test(void* args); + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_OCSP_RESPONDER_EXAMPLE_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/pem/pem.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/pem/pem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/pem/pem.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/pem/pem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-client-dtls.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client-dtls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-client-dtls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client-dtls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sctp-client-dtls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-client.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-client.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-client.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sctp-client.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-server-dtls.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server-dtls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-server-dtls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server-dtls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sctp-server-dtls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-server.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/sctp/sctp-server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/sctp/sctp-server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sctp-server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/server/server.c mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/server/server.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,22 +32,16 @@ #endif #include -#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#undef OPENSSL_COEXIST /* can't use this option with this example */ - -/* Force enable the compatibility macros for this example */ -#ifndef OPENSSL_EXTRA_X509_SMALL -#define OPENSSL_EXTRA_X509_SMALL -#endif -#include - -#undef OPENSSL_EXTRA_X509_SMALL #include /* name change portability layer */ #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + #include +#endif + #ifdef WOLFSSL_WOLFSENTRY_HOOKS #include #if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) @@ -73,7 +67,11 @@ #include #include -#include "examples/server/server.h" +#ifdef USE_FLAT_TEST_H + #include "server.h" +#else + #include "examples/server/server.h" +#endif #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) @@ -104,6 +102,9 @@ { WOLFSSL_ECC_BRAINPOOLP256R1, "BRAINPOOLP256R1" }, { WOLFSSL_ECC_BRAINPOOLP384R1, "BRAINPOOLP384R1" }, { WOLFSSL_ECC_BRAINPOOLP512R1, "BRAINPOOLP512R1" }, + { WOLFSSL_ECC_BRAINPOOLP256R1TLS13, "BRAINPOOLP256R1TLS13" }, + { WOLFSSL_ECC_BRAINPOOLP384R1TLS13, "BRAINPOOLP384R1TLS13" }, + { WOLFSSL_ECC_BRAINPOOLP512R1TLS13, "BRAINPOOLP512R1TLS13" }, { 0, NULL } }; #endif /* CAN_FORCE_CURVE && HAVE_ECC */ @@ -331,15 +332,15 @@ } #endif /* WOLFSSL_DTLS && USE_WOLFSSL_IO */ -static int NonBlockingSSL_Accept(SSL* ssl) +static int NonBlockingSSL_Accept(WOLFSSL* ssl) { #ifndef WOLFSSL_CALLBACKS - int ret = SSL_accept(ssl); + int ret = wolfSSL_accept(ssl); #else int ret = wolfSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo); #endif - int error = SSL_get_error(ssl, 0); - SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl); + int error = wolfSSL_get_error(ssl, ret); + SOCKET_T sockfd = (SOCKET_T)wolfSSL_get_fd(ssl); int select_ret = 0; while (ret != WOLFSSL_SUCCESS && @@ -385,12 +386,12 @@ #endif ) { #ifndef WOLFSSL_CALLBACKS - ret = SSL_accept(ssl); + ret = wolfSSL_accept(ssl); #else ret = wolfSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo); #endif - error = SSL_get_error(ssl, 0); + error = wolfSSL_get_error(ssl, ret); } else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) { error = WOLFSSL_ERROR_WANT_READ; @@ -414,7 +415,7 @@ } /* Echo number of bytes specified by -B arg */ -int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, +int ServerEchoData(WOLFSSL* ssl, int clientfd, int echoData, int block, size_t throughput) { int ret = 0, err; @@ -446,9 +447,9 @@ /* Read data */ while (rx_pos < len) { - ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos); + ret = wolfSSL_read(ssl, &buffer[rx_pos], len - rx_pos); if (ret <= 0) { - err = SSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, ret); #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); @@ -483,7 +484,7 @@ /* Write data */ WOLFSSL_ASYNC_WHILE_PENDING( - ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)), + ret = wolfSSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)), ret <= 0); if (ret != (int)min((word32)len, (word32)rx_pos)) { LOG_ERROR("SSL_write echo error %d\n", err); @@ -534,16 +535,16 @@ /* Read data */ do { err = 0; /* reset error */ - ret = SSL_read(ssl, input, inputLen); + ret = wolfSSL_read(ssl, input, inputLen); if (ret < 0) { - err = SSL_get_error(ssl, ret); + err = wolfSSL_get_error(ssl, ret); #ifdef HAVE_SECURE_RENEGOTIATION if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) { /* If we receive a message during renegotiation * then just print it. We return the message sent * after the renegotiation. */ - ret = SSL_read(ssl, input, inputLen); + ret = wolfSSL_read(ssl, input, inputLen); if (ret >= 0) { /* null terminate message */ input[ret] = '\0'; @@ -552,7 +553,7 @@ err = WOLFSSL_ERROR_WANT_READ; } else { - err = SSL_get_error(ssl, ret); + err = wolfSSL_get_error(ssl, ret); } } #endif @@ -577,12 +578,12 @@ #endif ) { LOG_ERROR("SSL_read input error %d, %s\n", err, - ERR_error_string((unsigned long)err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); err_sys_ex(runWithErrors, "SSL_read failed"); } } - else if (SSL_get_error(ssl, 0) == 0 && - tcp_select(SSL_get_fd(ssl), 0) == TEST_RECV_READY) { + else if (wolfSSL_get_error(ssl, 0) == 0 && + tcp_select(wolfSSL_get_fd(ssl), 0) == TEST_RECV_READY) { /* do a peek and check for "pending" */ #ifdef WOLFSSL_ASYNC_CRYPT err = 0; @@ -595,7 +596,7 @@ } #endif ret = wolfSSL_peek(ssl, buffer, 0); - err = SSL_get_error(ssl, ret); + err = wolfSSL_get_error(ssl, ret); } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE); @@ -630,9 +631,9 @@ do { err = 0; /* reset error */ - ret = SSL_write(ssl, output, len); + ret = wolfSSL_write(ssl, output, len); if (ret <= 0) { - err = SSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, ret); #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { @@ -651,7 +652,7 @@ if (ret != outputLen) { char buffer[WOLFSSL_MAX_ERROR_SZ]; LOG_ERROR("SSL_write msg error %d, %s\n", err, - ERR_error_string((unsigned long)err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); err_sys_ex(runWithErrors, "SSL_write failed"); } } @@ -706,61 +707,78 @@ #ifdef HAVE_PQC groups[count] = 0; #ifndef WOLFSSL_NO_ML_KEM - #ifndef WOLFSSL_NO_ML_KEM_512 + #if !defined(WOLFSSL_NO_ML_KEM_512) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { groups[count] = WOLFSSL_ML_KEM_512; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_768 + #if !defined(WOLFSSL_NO_ML_KEM_768) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { groups[count] = WOLFSSL_ML_KEM_768; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_1024 + #if !defined(WOLFSSL_NO_ML_KEM_1024) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { groups[count] = WOLFSSL_ML_KEM_1024; } else #endif - #ifndef WOLFSSL_NO_ML_KEM_512 + #if !defined(WOLFSSL_NO_ML_KEM_512) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { groups[count] = WOLFSSL_SECP256R1MLKEM512; } else #endif #ifndef WOLFSSL_NO_ML_KEM_768 + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { groups[count] = WOLFSSL_SECP384R1MLKEM768; } - else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + else + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #ifdef WOLFSSL_PQC_HYBRIDS + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { groups[count] = WOLFSSL_SECP256R1MLKEM768; } else + #endif /* WOLFSSL_PQC_HYBRIDS */ #endif #ifndef WOLFSSL_NO_ML_KEM_1024 + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { groups[count] = WOLFSSL_SECP521R1MLKEM1024; } - else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + else + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #ifdef WOLFSSL_PQC_HYBRIDS + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { groups[count] = WOLFSSL_SECP384R1MLKEM1024; } else + #endif /* WOLFSSL_PQC_HYBRIDS */ #endif - #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { groups[count] = WOLFSSL_X25519MLKEM512; } else #endif - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ + defined(WOLFSSL_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { groups[count] = WOLFSSL_X25519MLKEM768; } else #endif - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { groups[count] = WOLFSSL_X448MLKEM768; } @@ -834,14 +852,21 @@ err_sys("invalid post-quantum KEM specified"); } else { - if (wolfSSL_UseKeyShare(ssl, groups[count]) == WOLFSSL_SUCCESS) { - printf("Using Post-Quantum KEM: %s\n", pqcAlg); - count++; - } - else { - groups[count] = 0; - err_sys("unable to use post-quantum algorithm"); - } + do { + ret = wolfSSL_UseKeyShare(ssl, groups[count]); + if (ret == WOLFSSL_SUCCESS) { + printf("Using Post-Quantum KEM: %s\n", pqcAlg); + count++; + } + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else { + groups[count] = 0; + err_sys("unable to use post-quantum algorithm"); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); } #endif } @@ -908,7 +933,7 @@ /* 4. add the same message into Japanese section */ /* (will be translated later) */ /* 5. add printf() into suitable position of Usage() */ -static const char* server_usage_msg[][66] = { +static const char* server_usage_msg[][70] = { /* English */ { " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ @@ -1105,10 +1130,18 @@ #ifdef WOLFSSL_SYS_CRYPTO_POLICY "--crypto-policy \n", /* 66 */ #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + "--ech Generate Encrypted Client Hello config with " + "public name \n", + /* 67 */ + "--ech-suite HPKE suite to use for ech config.\n" + " Supplied as 3 integers (ex: 32,1,3)\n", + /* 68 */ +#endif "\n" "For simpler wolfSSL TLS server examples, visit\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", - /* 67 */ + /* 69 */ NULL, }, #ifndef NO_MULTIBYTE_PRINT @@ -1320,11 +1353,19 @@ #ifdef WOLFSSL_SYS_CRYPTO_POLICY "--crypto-policy \n", /* 66 */ #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + "--ech Generate Encrypted Client Hello config with " + "public name \n", + /* 67 */ + "--ech-suite HPKE suite to use for ech config.\n" + " Supplied as 3 integers (ex: 32,1,3)\n", + /* 68 */ +#endif "\n" "より簡å˜ãªwolfSSL TSL クライアントã®ä¾‹ã«ã¤ã„ã¦ã¯" "下記ã«ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦ãã ã•ã„\n" "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", - /* 67 */ + /* 69 */ NULL, }, #endif @@ -1484,6 +1525,10 @@ #ifdef WOLFSSL_DUAL_ALG_CERTS printf("%s", msg[++msgId]); /* --altPrivKey */ #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + printf("%s", msg[++msgId]); /* --ech */ + printf("%s", msg[++msgId]); /* --ech-suite */ +#endif printf("%s", msg[++msgId]); /* Examples repo link */ } @@ -1559,8 +1604,8 @@ socklen_t client_len; wolfSSL_method_func method = NULL; - SSL_CTX* ctx = 0; - SSL* ssl = 0; + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; #ifdef WOLFSSL_WOLFSENTRY_HOOKS wolfsentry_errcode_t wolfsentry_ret; #endif @@ -1606,6 +1651,10 @@ #if defined(WOLFSSL_SYS_CRYPTO_POLICY) { "crypto-policy", 1, 268 }, #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + { "ech", 1, 269 }, + { "ech-suite", 1, 270 }, +#endif { 0, 0, 0 } }; #endif @@ -1682,6 +1731,13 @@ #ifdef HAVE_SNI char* sniHostName = NULL; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + char* echPublicName = NULL; + char* echSuite = NULL; + word16 kemId = 0; + word16 kdfId = 0; + word16 aeadId = 0; +#endif #ifdef HAVE_TRUSTED_CA int trustedCaKeyId = 0; @@ -1738,8 +1794,8 @@ /* Note: Actual memory used is much less, this is the entire buffer buckets, * which is partitioned into pools of common sizes. To adjust the buckets * sizes see WOLFMEM_BUCKETS in memory.h */ - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ - || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) /* big enough to handle most cases including session certs */ #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ @@ -2510,6 +2566,37 @@ policy = myoptarg; #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ break; +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + case 269: + echPublicName = myoptarg; + break; + case 270: + echSuite = myoptarg; + + /* parse alg id's + * commas can be entered with no number to accept the default */ + if (echSuite != NULL) { + kemId = (word16)atoi(echSuite); + for (; *echSuite != '\0' && *echSuite != ','; echSuite++); + if (*echSuite != ',') { + LOG_ERROR("Expected two commas in '%s'\n", myoptarg); + XEXIT_T(EXIT_FAILURE); + } + echSuite++; + + kdfId = (word16)atoi(echSuite); + for (; *echSuite != '\0' && *echSuite != ','; echSuite++); + if (*echSuite != ',') { + LOG_ERROR("Expected two commas in '%s'\n", myoptarg); + XEXIT_T(EXIT_FAILURE); + } + echSuite++; + + aeadId = (word16)atoi(echSuite); + } + + break; +#endif case -1: default: @@ -2696,7 +2783,7 @@ err_sys_ex(catastrophic, "unable to load static memory and create ctx"); #else if (method != NULL) { - ctx = SSL_CTX_new(method(NULL)); + ctx = wolfSSL_CTX_new(method(NULL)); } #ifdef WOLFSSL_CALLBACKS wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb); @@ -2808,7 +2895,7 @@ #endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */ if (cipherList && !useDefCipherList) { - if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) + if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "server can't set custom cipher list"); } @@ -2839,7 +2926,7 @@ #endif #ifdef WOLFSSL_ENCRYPTED_KEYS - SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if !defined(NO_CERTS) @@ -2851,7 +2938,7 @@ err_sys_ex(catastrophic, "can't load server cert buffer"); #elif !defined(TEST_LOAD_BUFFER) #if defined(WOLFSSL_PEM_TO_DER) - if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) + if (wolfSSL_CTX_use_certificate_chain_file(ctx, ourCert) != WOLFSSL_SUCCESS) #else if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, @@ -2895,14 +2982,14 @@ ) { #ifdef NO_FILESYSTEM if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, - sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key buffer"); #elif !defined(TEST_LOAD_BUFFER) #if defined(WOLFSSL_PEM_TO_DER) - if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) #else - if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) #endif err_sys_ex(catastrophic, "can't load server private key file, " @@ -2926,12 +3013,12 @@ #ifndef NO_PSK const char *defaultCipherList = cipherList; - SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + wolfSSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); #ifdef WOLFSSL_TLS13 wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb); #endif if (sendPskIdentityHint == 1) - SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + wolfSSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); if (defaultCipherList == NULL && !usePskPlus) { #if defined(HAVE_AESGCM) && !defined(NO_DH) @@ -2958,7 +3045,7 @@ #else defaultCipherList = "PSK-AES128-GCM-SHA256"; #endif - if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) + if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "server can't set cipher list 2"); } @@ -2988,7 +3075,7 @@ const char* defaultCipherList; defaultCipherList = "ADH-AES256-GCM-SHA384:" "ADH-AES128-SHA"; - if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) + if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList) != WOLFSSL_SUCCESS) err_sys_ex(runWithErrors, "server can't set cipher list 4"); } @@ -3000,7 +3087,7 @@ if using PSK Plus then verify peer certs except PSK suites */ if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) { unsigned int verify_flags = 0; - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | (usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR || @@ -3057,7 +3144,7 @@ if (cipherList == NULL && version < 4) { /* static RSA or static ECC cipher suites */ const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA"; - if (SSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) { + if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) { err_sys_ex(runWithErrors, "server can't set cipher list 3"); } } @@ -3070,6 +3157,37 @@ err_sys_ex(runWithErrors, "UseSNI failed"); #endif +#ifdef HAVE_ECH + if (echPublicName != NULL) { + byte echConfig[512]; + word32 echConfigLen = sizeof(echConfig); + char echConfigBase64[512]; + char* echConfigBase64Ptr; + word32 echConfigBase64Len = sizeof(echConfigBase64); + + if (wolfSSL_CTX_GenerateEchConfig(ctx, echPublicName, kemId, kdfId, + aeadId) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "GenerateEchConfig failed"); + } + if (wolfSSL_CTX_GetEchConfigs(ctx, echConfig, &echConfigLen) + != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "GetEchConfigs failed"); + } + if (Base64_Encode_NoNl(echConfig, echConfigLen, (byte*)echConfigBase64, + &echConfigBase64Len) != 0) { + err_sys_ex(runWithErrors, "Base64_Encode_NoNl failed"); + } + else { + echConfigBase64Ptr = echConfigBase64; + printf("ECH config (base64): "); + while (echConfigBase64Len-- > 0) { + printf("%c", *echConfigBase64Ptr++); + } + printf("\n"); + } + } +#endif + #ifdef USE_WINDOWS_API if (port == 0) { /* Generate random port for testing */ @@ -3176,7 +3294,7 @@ SetupPkCallbacks(ctx); #endif - ssl = SSL_new(ctx); + ssl = wolfSSL_new(ctx); if (ssl == NULL) err_sys_ex(catastrophic, "unable to create an SSL object"); @@ -3193,7 +3311,7 @@ WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert buffer"); #elif !defined(TEST_LOAD_BUFFER) - if (SSL_use_certificate_chain_file(ssl, ourCert) + if (wolfSSL_use_certificate_chain_file(ssl, ourCert) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server cert file, check file " "and run from wolfSSL home dir"); @@ -3211,10 +3329,10 @@ ) { #if defined(NO_FILESYSTEM) if (wolfSSL_use_PrivateKey_buffer(ssl, server_key_der_2048, - sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key buffer"); #elif !defined(TEST_LOAD_BUFFER) - if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) + if (wolfSSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) err_sys_ex(catastrophic, "can't load server private key file, check" "file and run from wolfSSL home dir"); @@ -3330,17 +3448,17 @@ err_sys_ex(catastrophic, "can't enable OCSP Stapling " "Certificate Manager"); } - if (SSL_CTX_load_verify_locations(ctx, ca1, 0) != WOLFSSL_SUCCESS) { + if (wolfSSL_CTX_load_verify_locations(ctx, ca1, 0) != WOLFSSL_SUCCESS) { fails++; err_sys_ex(runWithErrors, "can't load ca file, Please run from " "wolfSSL home dir"); } - if (SSL_CTX_load_verify_locations(ctx, ca2, 0) != WOLFSSL_SUCCESS) { + if (wolfSSL_CTX_load_verify_locations(ctx, ca2, 0) != WOLFSSL_SUCCESS) { fails++; err_sys_ex(runWithErrors, "can't load ca file, Please run from " "wolfSSL home dir"); } - if (SSL_CTX_load_verify_locations(ctx, ca3, 0) != WOLFSSL_SUCCESS) { + if (wolfSSL_CTX_load_verify_locations(ctx, ca3, 0) != WOLFSSL_SUCCESS) { fails++; err_sys_ex(runWithErrors, "can't load ca file, Please run from " "wolfSSL home dir"); @@ -3414,7 +3532,7 @@ port = readySignal->port; } - if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { + if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { err_sys_ex(catastrophic, "error in setting fd"); } @@ -3579,7 +3697,7 @@ ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1, &len); if (ret <= 0) { - err = SSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, 0); #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { /* returns the number of polled items or <0 for @@ -3597,7 +3715,7 @@ } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0); } #endif - WOLFSSL_ASYNC_WHILE_PENDING(ret = SSL_accept(ssl), + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl), ret != WOLFSSL_SUCCESS); } #else @@ -3615,24 +3733,26 @@ EarlyDataStatus(ssl); #endif if (ret != WOLFSSL_SUCCESS) { - err = SSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, ret); LOG_ERROR("SSL_accept error %d, %s\n", err, - ERR_error_string((unsigned long)err, buffer)); + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + if (exitWithRet || !runWithErrors) { + /* cleanup before exit */ + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; + CloseSocket(clientfd); + CloseSocket(sockfd); + } if (!exitWithRet) { err_sys_ex(runWithErrors, "SSL_accept failed"); } else { - /* cleanup */ - SSL_free(ssl); ssl = NULL; - SSL_CTX_free(ctx); ctx = NULL; - CloseSocket(clientfd); - CloseSocket(sockfd); ((func_args*)args)->return_code = err; goto exit; } } showPeerEx(ssl, lng_index); - if (SSL_state(ssl) != 0) { + if (wolfSSL_state(ssl) != 0) { err_sys_ex(runWithErrors, "SSL in error state"); } @@ -3784,7 +3904,7 @@ if (echoData == 0 && throughput == 0) { ServerRead(ssl, input, sizeof(input)-1); - err = SSL_get_error(ssl, 0); + err = wolfSSL_get_error(ssl, 0); } #if defined(HAVE_SECURE_RENEGOTIATION) && \ @@ -3872,7 +3992,7 @@ #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) if (postHandAuth) { - SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | + wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); @@ -3924,8 +4044,8 @@ err = 0; } if (err != 0) { - SSL_free(ssl); ssl = NULL; - SSL_CTX_free(ctx); ctx = NULL; + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; CloseSocket(clientfd); CloseSocket(sockfd); ((func_args*)args)->return_code = err; @@ -3956,8 +4076,8 @@ } #endif /* WOLFSSL_DTLS13 */ - ret = SSL_shutdown(ssl); - if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret = wolfSSL_shutdown(ssl); + if (wc_shutdown && ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == TEST_RECV_READY) { ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ @@ -3965,7 +4085,7 @@ printf("Bidirectional shutdown complete\n"); break; } - else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + else if (ret != WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { LOG_ERROR("Bidirectional shutdown failed\n"); break; } @@ -3985,7 +4105,7 @@ wolfSSL_PrintStatsConn(&ssl_stats); #endif - SSL_free(ssl); ssl = NULL; + wolfSSL_free(ssl); ssl = NULL; CloseSocket(clientfd); @@ -4014,7 +4134,7 @@ #endif CloseSocket(sockfd); - SSL_CTX_free(ctx); ctx = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; ((func_args*)args)->return_code = 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/examples/server/server.h mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/examples/server/server.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/examples/server/server.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* server.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/fips-check.sh mariadb-11.8.8/extra/wolfssl/wolfssl/fips-check.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/fips-check.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/fips-check.sh 2026-05-24 09:58:33.000000000 +0000 @@ -31,17 +31,19 @@ cat <wolfcrypt/src/fips_test.c + sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak > \ + wolfcrypt/src/fips_test.c make clean fi fi diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/fips-hash.sh mariadb-11.8.8/extra/wolfssl/wolfssl/fips-hash.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/fips-hash.sh 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/fips-hash.sh 2026-05-24 09:58:33.000000000 +0000 @@ -12,7 +12,8 @@ exit 1 fi -NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') +OUT=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') +NEWHASH=$(echo "$OUT" | cut -c1-64) if test -n "$NEWHASH" then cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/gencertbuf.pl mariadb-11.8.8/extra/wolfssl/wolfssl/gencertbuf.pl --- mariadb-11.8.6/extra/wolfssl/wolfssl/gencertbuf.pl 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/gencertbuf.pl 2026-05-24 09:58:33.000000000 +0000 @@ -40,10 +40,10 @@ # Used with HAVE_ED25519 define. my @fileList_ed = ( [ "./certs/ed25519/server-ed25519.der", "server_ed25519_cert" ], - [ "./certs/ed25519/server-ed25519-key.der", "server_ed25519_key" ], + [ "./certs/ed25519/server-ed25519-priv.der", "server_ed25519_key" ], [ "./certs/ed25519/ca-ed25519.der", "ca_ed25519_cert" ], [ "./certs/ed25519/client-ed25519.der", "client_ed25519_cert" ], - [ "./certs/ed25519/client-ed25519-key.der", "client_ed25519_key" ] + [ "./certs/ed25519/client-ed25519-priv.der", "client_ed25519_key" ] ); # x25519 keys and certs diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/Kbuild mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Kbuild --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/Kbuild 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Kbuild 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # Linux kernel-native Makefile ("Kbuild") for libwolfssl.ko # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -39,17 +39,24 @@ WOLFSSL_CFLAGS += -ffreestanding -Wframe-larger-than=$(MAX_STACK_FRAME_SIZE) -isystem $(shell $(CC) -print-file-name=include) +# -moutline-atomics added in gcc 10.1 for ARMv8.0. +AARCH64_NO_OUTLINE_ATOMICS := $(shell { echo -e 'int f(void) {\n return 0;\n}\n' | $(CC) -mno-outline-atomics -x c -c - -o /dev/null 2>/dev/null; } && echo -mno-outline-atomics) + ifeq "$(KERNEL_ARCH)" "aarch64" - WOLFSSL_CFLAGS += -mno-outline-atomics + WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS) else ifeq "$(KERNEL_ARCH)" "arm64" - WOLFSSL_CFLAGS += -mno-outline-atomics + WOLFSSL_CFLAGS += $(AARCH64_NO_OUTLINE_ATOMICS) else ifeq "$(KERNEL_ARCH)" "arm" # avoids R_ARM_THM_JUMP11 relocations, including a stubborn tail recursion # optimization from wc_sp_cmp to wc_sp_cmp_mag: WOLFSSL_CFLAGS += -fno-optimize-sibling-calls -Os endif -obj-m := libwolfssl.o +ifndef LIBWOLFSSL_NAME + LIBWOLFSSL_NAME := libwolfssl +endif + +obj-m := $(LIBWOLFSSL_NAME).o WOLFSSL_OBJ_TARGETS := $(patsubst %, $(obj)/%, $(WOLFSSL_OBJ_FILES)) @@ -88,10 +95,10 @@ endif MAX_STACK_FRAME_SIZE=$(shell echo $$(( $(KERNEL_THREAD_STACK_SIZE) / 4))) -libwolfssl-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o +$(LIBWOLFSSL_NAME)-y := $(WOLFSSL_OBJ_FILES) linuxkm/module_hooks.o linuxkm/module_exports.o ifeq "$(FIPS_OPTEST)" "1" -libwolfssl-y += linuxkm/optest-140-3/linuxkm_optest_wrapper.o + $(LIBWOLFSSL_NAME)-y += linuxkm/optest-140-3/linuxkm_optest_wrapper.o endif WOLFSSL_CFLAGS_NO_VECTOR_INSNS := $(CFLAGS_SIMD_DISABLE) $(CFLAGS_FPU_DISABLE) @@ -106,7 +113,27 @@ ifeq "$(ENABLED_LINUXKM_PIE)" "yes" # note, we need -fno-stack-protector to avoid references to # "__stack_chk_fail" from the wolfCrypt container. - PIE_FLAGS := -fPIE -fno-stack-protector -fno-toplevel-reorder + PIE_FLAGS := -DWC_CONTAINERIZE_THIS -fno-stack-protector -fno-toplevel-reorder + + ifndef NO_PIE_FLAG + ifeq ($(KERNEL_ARCH),arm) + ifeq ($(intcmp $(VERSION),5,1,0,0),1) + NO_PIE_FLAG := + $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.) + else + ifeq ($(intcmp $(VERSION),5,0,1,0)-$(intcmp $(PATCHLEVEL),11,1,0,0),1-1) + NO_PIE_FLAG := + $(info Note: disabling -fPIE to avoid R_ARM_REL32 on pre-5.11 target kernel.) + endif + endif + endif + endif + + ifdef NO_PIE_FLAG + PIE_FLAGS += -DWC_NO_PIE_FLAG + else + PIE_FLAGS += -fPIE + endif # the kernel sanitizers generate external references to # __ubsan_handle_out_of_bounds(), __ubsan_handle_shift_out_of_bounds(), etc. KASAN_SANITIZE := n @@ -139,17 +166,24 @@ endif ccflags-y += $(PIE_SUPPORT_FLAGS) $(WOLFCRYPT_PIE_FILES): ccflags-y += $(PIE_FLAGS) - $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg - ifdef FORCE_GLOBAL_OBJTOOL_OFF - undefine CONFIG_OBJTOOL - endif + $(WOLFCRYPT_PIE_FILES): ccflags-remove-y += -pg \ + $(call cc-option,-ftrivial-auto-var-init=zero) +endif + +# On some kernels/configs, objtool runs and warns on the linked libwolfssl.o, +# ignoring the below "OBJECT_FILES_NON_STANDARD := y" annotations. This +# mechanism, activated with "make KBUILD_EXTRA_FLAGS=FORCE_GLOBAL_OBJTOOL_OFF=1", +# inhibits objtool completely. This may be necessary on modules compiled with +# assembly accelerations and/or ENABLED_LINUXKM_PIE. +ifdef FORCE_GLOBAL_OBJTOOL_OFF + undefine CONFIG_OBJTOOL endif ifdef KERNEL_EXTRA_CFLAGS_REMOVE ccflags-remove-y += $(KERNEL_EXTRA_CFLAGS_REMOVE) endif -$(obj)/libwolfssl.mod.o: ccflags-y := $(PIE_SUPPORT_FLAGS) +$(obj)/$(LIBWOLFSSL_NAME).mod.o: ccflags-y := $(PIE_SUPPORT_FLAGS) $(obj)/wolfcrypt/test/test.o: ccflags-y += -DNO_MAIN_DRIVER -DWOLFSSL_NO_OPTIONS_H $(obj)/wolfcrypt/src/aes.o: ccflags-y := $(WOLFSSL_CFLAGS) $(WOLFSSL_CFLAGS_YES_VECTOR_INSNS) $(PIE_FLAGS) $(PIE_SUPPORT_FLAGS) $(obj)/wolfcrypt/benchmark/benchmark.o: ccflags-y := $(WOLFSSL_CFLAGS) $(CFLAGS_FPU_ENABLE) $(CFLAGS_SIMD_ENABLE) $(PIE_SUPPORT_FLAGS) -DNO_MAIN_FUNCTION -DWOLFSSL_NO_OPTIONS_H @@ -318,15 +352,19 @@ # auto-generate the exported symbol list, leveraging the WOLFSSL_API visibility tags. # exclude symbols that don't match wc_* or wolf*. EXPORT_SYMBOL := EXPORT_SYMBOL_NS_GPL +ifndef WOLFSSL_NS + WOLFSSL_NS := WOLFSSL +endif $(obj)/linuxkm/module_exports.c: $(src)/module_exports.c.template $(WOLFSSL_OBJ_TARGETS) $(obj)/linuxkm/module_hooks.o @$(RENAME_PIE_TEXT_AND_DATA_SECTIONS) @cp $< $@ || exit $$? if [[ "$${VERSION}" -gt 6 || ("$${VERSION}" -eq 6 && "$${PATCHLEVEL}" -ge 13) ]]; then # use ASCII octal escape to avoid syntax disruption in the awk script. - ns='\042WOLFSSL\042' + ns='\042$(WOLFSSL_NS)\042' else - ns='WOLFSSL' + ns='$(WOLFSSL_NS)' fi +ifndef NO_EXPORTS $(READELF) --symbols --wide $(filter %.o,$^) | $(AWK) '/^ *[0-9]+: / { if ($$8 !~ /^(wc_|wolf|WOLF|TLSX_)/){next;} @@ -335,5 +373,6 @@ } }' >> $@ || exit $$? echo -e "#ifndef NO_CRYPT_TEST\n$(EXPORT_SYMBOL)(wolfcrypt_test, $${ns});\n#endif" >> $@ +endif clean-files := linuxkm src wolfcrypt diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/Makefile 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile) # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # @@ -21,7 +21,21 @@ .ONESHELL: SHELL=bash -all: libwolfssl.ko libwolfssl.ko.signed +ifeq "$(quiet)" "silent_" + QFLAG := --quiet +else ifeq "$(V)" "1" + VFLAG := --verbose +else + QFLAG := --quiet +endif + +ifndef LIBWOLFSSL_NAME + LIBWOLFSSL_NAME := libwolfssl +endif + +module: $(LIBWOLFSSL_NAME).ko + +all: $(LIBWOLFSSL_NAME).ko $(LIBWOLFSSL_NAME).ko.signed ifndef MODULE_TOP MODULE_TOP=$(CURDIR) @@ -104,21 +118,41 @@ endif GENERATE_SECTION_MAP := $(AWK) 'BEGIN { printf("") >ENVIRON["SECTION_MAP"]; } \ + /^Section Headers:/ { \ + in_sections = 1; \ + in_symbols = 0; \ + next; \ + } \ + /^Symbol table / { \ + if (! in_sections) { \ + print "symbol table appeared before section headers." >"/dev/stderr"; \ + exit(1); \ + } \ + in_sections = 0; \ + in_symbols = 1; \ + next; \ + } \ { \ - if ($$7 !~ "^[0-9]+$$") \ - next; \ - if ($$4 == "SECTION") { \ - sections[$$7] = $$8; \ - next; \ + if (in_sections) { \ + if (match($$0, \ + "^[[:space:]]*\\[[[:space:]]*([0-9]+)[[:space:]]*\\][[:space:]]+([^[:space:]]+)[[:space:]]",\ + section_line_a)) { \ + sections[section_line_a[1]] = section_line_a[2]; \ + next; \ + } \ } \ - if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) { \ - if (($$8 == "$$d") || ($$8 == "$$t")) \ + if (in_symbols) { \ + if ($$7 !~ "^[0-9]+$$") \ next; \ - if ($$7 in sections) { \ - if (sections[$$7] ~ "_wolfcrypt$$") \ - print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"]; \ - } else \ - print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\ + if (($$4 == "NOTYPE") || ($$4 == "OBJECT") || ($$4 == "FUNC")) { \ + if (($$8 == "$$d") || ($$8 == "$$t")) \ + next; \ + if ($$7 in sections) { \ + if (sections[$$7] ~ "_wolfcrypt$$") \ + print $$8 "\t" sections[$$7] >>ENVIRON["SECTION_MAP"]; \ + } else \ + print $$8 " is in section " $$7 " with no name mapping." >"/dev/stderr";\ + } \ } \ }' @@ -127,8 +161,9 @@ n=0; \ bad_relocs=0; \ print "\#include "; \ + print "\#include "; \ printf("%s\n ", \ - "WOLFSSL_LOCAL const unsigned int wc_linuxkm_pie_reloc_tab[] = { "); \ + "WOLFSSL_LOCAL const struct wc_reloc_table_ent wc_linuxkm_pie_reloc_tab[] = { "); \ if ("SECTION_MAP" in ENVIRON) { \ while (getline 0) \ section_map[$$1] = $$2; \ @@ -157,36 +192,38 @@ if (section) { \ switch (section) { \ case ".text_wolfcrypt": \ - section_tag = 0; \ + section_tag = "WC_R_SEG_TEXT"; \ break; \ case ".rodata_wolfcrypt": \ - section_tag = 1; \ + section_tag = "WC_R_SEG_RODATA"; \ break; \ case ".data_wolfcrypt": \ - section_tag = 2; \ + section_tag = "WC_R_SEG_RWDATA"; \ break; \ case ".bss_wolfcrypt": \ - section_tag = 3; \ + section_tag = "WC_R_SEG_BSS"; \ break; \ default: \ print "Unexpected section:\n" $$0 >"/dev/stderr"; \ ++bad_relocs; \ - section_tag = 4; \ + section_tag = "WC_R_SEG_OTHER"; \ } \ } else { \ print "Unresolvable symbol reference for relocation:\n" $$0 >"/dev/stderr";\ ++bad_relocs; \ - section_tag = 4; \ + section_tag = "WC_R_SEG_OTHER"; \ } \ + reloc_type = $$3; \ if (strtonum("0x" gensub("^0*","",1,$$1)) >= lshift(1, 29)) { \ print "Relocation offset overflow:" >"/dev/stderr"; \ print >"/dev/stderr"; \ exit(1); \ } \ - printf("0x%xU%s", \ - or(strtonum("0x" gensub("^0*","",1,$$1)), \ - lshift(section_tag, 29)), \ - ((++n%8) ? ", " : ",\n ")); \ + printf(" { .offset = 0x%xU, .dest_offset = 0x%xU, .dest_addend = %+d, .dest_segment = %s, .reloc_type = WC_%s },\n", \ + strtonum("0x" $$1), \ + strtonum("0x" $$4), \ + $$6 strtonum("0x" $$7), \ + section_tag, reloc_type); \ } \ } \ END { \ @@ -194,7 +231,8 @@ print "Found " bad_relocs " unresolvable relocations." >"/dev/stderr"; \ exit(1); \ } \ - print "~0U };\nWOLFSSL_LOCAL const unsigned long wc_linuxkm_pie_reloc_tab_length = sizeof wc_linuxkm_pie_reloc_tab / sizeof wc_linuxkm_pie_reloc_tab[0];";\ + print " { .offset = ~0U, .dest_offset = ~0U, .dest_addend = 0, .dest_segment = WC_R_SEG_NONE, .reloc_type = WC_R_NONE } };"; \ + print "WOLFSSL_LOCAL const unsigned int wc_linuxkm_pie_reloc_tab_length = (unsigned int)(sizeof wc_linuxkm_pie_reloc_tab / sizeof wc_linuxkm_pie_reloc_tab[0]);"; \ }' ifeq "$(V)" "1" @@ -204,8 +242,8 @@ # This rule is .PHONY because it doesn't actually build the module -- Kbuild # does, and we always need to call Kbuild to enforce rebuild for dependencies # and config changes. -.PHONY: libwolfssl.ko -libwolfssl.ko: +.PHONY: $(LIBWOLFSSL_NAME).ko +$(LIBWOLFSSL_NAME).ko: @set -e @[[ '$(V)' == 1 ]] && { echo 'MODULE_TOP = "$(MODULE_TOP)"'; echo 'SRC_TOP = "$(SRC_TOP)"'; @@ -213,6 +251,7 @@ echo 'CPPFLAGS = "$(CPPFLAGS)"'; echo 'AM_CFLAGS = "$(AM_CFLAGS)"'; echo 'CFLAGS = "$(CFLAGS)"'; + echo 'HOSTCFLAGS = "$(HOSTCFLAGS)"'; echo 'KERNEL_EXTRA_CFLAGS = "$(KERNEL_EXTRA_CFLAGS)"'; echo 'FIPS_OPTEST = "$(FIPS_OPTEST)"'; echo 'AM_CCASFLAGS = "$(AM_CCASFLAGS)"'; @@ -225,6 +264,7 @@ echo 'host_triplet = "$(host_triplet)"'; echo 'build_triplet = "$(build_triplet)"'; echo 'CC = "$(CC)"'; + echo 'HOSTCC = "$(HOSTCC)"'; echo 'AS = "$(AS)"'; echo 'LD = "$(LD)"'; echo 'READELF = "$(READELF)"'; @@ -266,23 +306,27 @@ @RELOC_TMP=$$(mktemp "$(MAKE_TMPDIR)/wc_linuxkm_pie_reloc_tab.c.XXXXXX") @trap 'rm "$$RELOC_TMP"' EXIT @if [[ -f "$@" ]]; then touch -r "$@" "$$RELOC_TMP"; fi - +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= + # --no-silent works around make bug that otherwise leads to "No rule to make target 's'. Stop." (due to a bug around $(MAKEFLAGS)) in --quiet builds. + +$(MAKE) $(QFLAG) --no-print-directory --no-silent ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= # if the above make didn't build a fresh libwolfssl.ko, then the module is already up to date and we leave it untouched, assuring stability for purposes of module-update-fips-hash. @if [[ ! "$@" -nt "$$RELOC_TMP" ]]; then echo ' Module already up-to-date.'; exit 0; fi @SECTION_MAP=$$(mktemp) - @trap 'rm "$$SECTION_MAP"' EXIT + @trap 'rm "$$RELOC_TMP" "$$SECTION_MAP"' EXIT @export SECTION_MAP - @$(READELF) --wide --symbols "$@" | $(GENERATE_SECTION_MAP) + @$(READELF) --wide --sections --symbols "$@" | $(GENERATE_SECTION_MAP) @$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| '$(MODULE_TOP)/linuxkm/wc_linuxkm_pie_reloc_tab.c' - +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= + +$(MAKE) $(QFLAG) --no-print-directory --no-silent ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE= @$(READELF) --wide --relocs "$@" | $(GENERATE_RELOC_TAB) >| "$$RELOC_TMP" @if diff '$(MODULE_TOP)/linuxkm/wc_linuxkm_pie_reloc_tab.c' "$$RELOC_TMP"; then echo " Relocation table is stable."; else echo "PIE failed: relocation table is unstable." 1>&2; exit 1; fi else - +$(MAKE) ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) + # --no-silent works around make bug that otherwise leads to "No rule to make target 's'. Stop." (due to a bug around $(MAKEFLAGS)) in --quiet builds. + +$(MAKE) $(QFLAG) --no-print-directory --no-silent ARCH='$(KERNEL_ARCH)' $(OVERRIDE_PATHS) $(CROSS_COMPILE) -C '$(KERNEL_ROOT)' M='$(MODULE_TOP)' $(KBUILD_EXTRA_FLAGS) endif +$(MODULE_TOP)/$(LIBWOLFSSL_NAME).ko: $(LIBWOLFSSL_NAME).ko + .PHONY: module-update-fips-hash -module-update-fips-hash: libwolfssl.ko +module-update-fips-hash: $(LIBWOLFSSL_NAME).ko @set -e @if test -z '$(FIPS_HASH)'; then echo ' $$FIPS_HASH is unset' >&2; exit 1; fi @if [[ ! '$(FIPS_HASH)' =~ [0-9a-fA-F]{64} ]]; then echo ' $$FIPS_HASH is malformed' >&2; exit 1; fi @@ -299,9 +343,81 @@ if [[ '$(FIPS_HASH)' == "$$current_verifyCore" ]]; then echo ' Supplied FIPS_HASH matches existing verifyCore -- no update needed.'; exit 0; fi; \ echo -n '$(FIPS_HASH)' | dd bs=1 conv=notrunc of="$<" seek=$$verifyCore_offset count=64 status=none && \ echo " FIPS verifyCore updated successfully." && \ - if [[ -f libwolfssl.ko.signed ]]; then $(MAKE) -C . libwolfssl.ko.signed; fi + if [[ -f '$(LIBWOLFSSL_NAME).ko.signed' ]]; then $(MAKE) $(QFLAG) --no-print-directory --no-silent -C . '$(LIBWOLFSSL_NAME).ko.signed'; fi + + +# linuxkm-fips-hash implements offline (no-load) FIPS hash calculation and graft-in. +# +# libwolfssl.so is built from the same sources as the kernel module, with the +# same FIPS setting, then used with linuxkm-fips-hash to calculate and overwrite +# the hash in libwolfssl.ko. Finally, the module is [re]signed. +# +# Note that libwolfssl.so has to be built from a hierarchy of symlinks, to avoid +# depending on changes/config in the source directory. Also, aside from +# FIPS_FLAVOR, inherited configuration settings in the environment are cleansed. + +FRESH_MAKEFLAGS := $(patsubst -j%,-j %,$(filter -%,$(filter-out -- --jobserver-auth=%,$(MAKEFLAGS)))) +FRESH_ENV := env -i HOME="$$HOME" PATH="/usr/local/bin:/usr/bin:/bin:$$PATH" LANG="$${LANG-C.UTF-8}" LC_ALL="$${LC_ALL-C.UTF-8}" TERM="$${TERM-dumb}" + +.PHONY: $(MODULE_TOP)/libwolfssl-user-build/src/.libs/libwolfssl.so +$(MODULE_TOP)/libwolfssl-user-build/src/.libs/libwolfssl.so: $(LIBWOLFSSL_NAME).ko + @set -o errexit -o pipefail + @if [[ '$(SRC_TOP)/configure' -nt '$@' ]]; then + @ echo 'Purging stale libwolfssl-user-build tree.' + @ $(RM) -rf '$(MODULE_TOP)/libwolfssl-user-build' + @fi + @mkdir -p '$(MODULE_TOP)/libwolfssl-user-build' + @cd '$(MODULE_TOP)/libwolfssl-user-build' + @if [[ ! -e '$(MODULE_TOP)/libwolfssl-user-build/configure' ]]; then + @ pushd '$(SRC_TOP)' >/dev/null + @ echo -n 'Populating tree of symlinks for user libwolfssl.so build...' + @ readarray -t srcfiles < <(find examples src support tests testsuite wolfcrypt wolfssl configure *.in build-aux debian rpm scripts certs doc mcapi cmake linuxkm/*.[ch] \( -name options.h -o -name user_settings\* \) -prune -o \( ! -type d \) \( -name '*.[chsSi]' -o -name configure -o -name '*.in' -o -name \*.sh -o -path support/\* -o -path build-aux/\* -o -path debian/\* -o -path rpm/\* -o -path scripts/\* -o -path certs/\* -o -path doc/\* -o -path mcapi/\* -o -path cmake/\* \) -print) + @ popd >/dev/null + @ for file in "$${srcfiles[@]}"; do if [[ ! -e "$$file" ]]; then mkdir -p "$$(dirname "$$file")" && cp --no-dereference --symbolic-link --no-clobber '$(SRC_TOP)'/"$$file" "$$file"; fi; done + @ echo ' done.' + @fi + @if [[ ! -f user_settings.h ]]; then + @ echo '__attribute__ ((visibility("default"))) extern const char coreKey[];' > user_settings.h + @ echo > user_settings_asm.h + @fi + @if [[ -f Makefile ]]; then + @ echo 'Using existing Makefile for libwolfssl.so.' + @else + @ echo -n 'Configuring user libwolfssl.so...' + @ $(FRESH_ENV) ./configure $(QFLAG) $(VFLAG) --disable-jobserver --enable-cryptonly --enable-fips="$$FIPS_FLAVOR" CFLAGS='-DWC_SYM_RELOC_TABLES_SUPPORT -DWOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE -DWOLFSSL_USER_SETTINGS -DWOLFSSL_USER_SETTINGS_ASM' $(if $(HOSTCC),CC='$(HOSTCC)') + @ echo ' done.' + @fi + @echo -n 'Building user libwolfssl.so...' + @$(FRESH_ENV) $(MAKE) $(QFLAG) $(FRESH_MAKEFLAGS) >/dev/null + @echo ' done.' + @echo -n 'Fixing FIPS hash in user libwolfssl.so...' + @if ! userhash=$$(wolfcrypt/test/testwolfcrypt 2>&1 | sed -n -E 's/^hash = (.+)$$/\1/p'); then + @ if [[ -z "$$userhash" ]]; then echo ' FIPS hash not found!' >&2; exit 1; fi + @ find wolfcrypt/src -name '*fips_test*o' -delete + @ $(FRESH_ENV) $(MAKE) $(QFLAG) $(FRESH_MAKEFLAGS) EXTRA_CFLAGS=-DWOLFCRYPT_FIPS_CORE_HASH_VALUE="$$userhash" >/dev/null + @ echo ' done.' + @else + @ @echo ' already matches (no update needed).' + @fi + +linuxkm-fips-hash: $(MODULE_TOP)/libwolfssl-user-build/src/.libs/libwolfssl.so linuxkm-fips-hash.c + @set -e + @echo -n 'Compiling linuxkm-fips-hash...' + @$(or $(HOSTCC),cc) $(or $(HOSTCFLAGS),-Wall -Wextra -O2) -I'$(MODULE_TOP)/libwolfssl-user-build' -o linuxkm-fips-hash linuxkm/linuxkm-fips-hash.c -L '$(MODULE_TOP)/libwolfssl-user-build/src/.libs' -Wl,-rpath-link='$(MODULE_TOP)/libwolfssl-user-build/src/.libs' -Wl,-rpath='$(MODULE_TOP)/libwolfssl-user-build/src/.libs' -lwolfssl + @echo ' done.' + +.PHONY: module-with-matching-fips-hash +module-with-matching-fips-hash: $(LIBWOLFSSL_NAME).ko linuxkm-fips-hash + @set -e + @./linuxkm-fips-hash-wrapper.sh "$<" $(QFLAG) $(VFLAG) + +$(MAKE) $(QFLAG) --no-print-directory --no-silent -C . '$(LIBWOLFSSL_NAME).ko.signed' + +.PHONY: module-with-matching-fips-hash-no-sign +module-with-matching-fips-hash-no-sign: $(LIBWOLFSSL_NAME).ko linuxkm-fips-hash + @set -e + @./linuxkm-fips-hash-wrapper.sh "$<" -libwolfssl.ko.signed: libwolfssl.ko +$(LIBWOLFSSL_NAME).ko.signed: $(LIBWOLFSSL_NAME).ko ifdef FORCE_NO_MODULE_SIG @echo 'Skipping module signature operation because FORCE_NO_MODULE_SIG.' else @@ -314,7 +430,9 @@ ;; esac done < .config - if [[ "$${CONFIG_MODULE_SIG}" = "y" && -n "$${CONFIG_MODULE_SIG_KEY}" && \ + if [[ "$${CONFIG_MODULE_SIG}" != "y" ]]; then + echo ' [skipping $@ -- CONFIG_MODULE_SIG is unset in target kernel]' + elif [[ -n "$${CONFIG_MODULE_SIG_KEY}" && \ -n "$${CONFIG_MODULE_SIG_HASH}" && ( ! -f '$(MODULE_TOP)/$@' || \ '$(MODULE_TOP)/$<' -nt '$(MODULE_TOP)/$@' ) ]]; then CONFIG_MODULE_SIG_KEY="$${CONFIG_MODULE_SIG_KEY#\"}" @@ -334,22 +452,27 @@ if [[ "$(quiet)" != "silent_" ]]; then echo " Module $@ signed by $${CONFIG_MODULE_SIG_KEY}." fi + elif [[ ! -f '$(MODULE_TOP)/$@' || '$(MODULE_TOP)/$<' -nt '$(MODULE_TOP)/$@' ]]; then + echo 'Unable to generate $@ from $<: CONFIG_MODULE_SIG_KEY and/or CONFIG_MODULE_SIG_HASH is missing.' >&2 + exit 1 fi endif .PHONY: install modules_install install modules_install: - +$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) INSTALL_MOD_DIR=wolfssl modules_install + +$(MAKE) $(QFLAG) --no-silent -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(SRC_TOP) INSTALL_MOD_DIR=wolfssl modules_install .PHONY: clean # note, must supply $(MODULE_TOP) as the src value for clean so that Kbuild is included, else # the top Makefile (which is not for the kernel build) would be included here. clean: - +$(MAKE) -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(MODULE_TOP) clean + +$(MAKE) $(QFLAG) --no-silent -C $(KERNEL_ROOT) M=$(MODULE_TOP) src=$(MODULE_TOP) clean $(RM) -rf '$(MODULE_TOP)/linuxkm' $(RM) -rf '$(MODULE_TOP)/wolfcrypt' $(RM) -rf '$(MODULE_TOP)/src' + $(RM) -rf '$(MODULE_TOP)/libwolfssl-user-build' + $(RM) -f '$(MODULE_TOP)/linuxkm-fips-hash' .PHONY: check check: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/README.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,146 @@ +# wolfSSL linuxkm (linux kernel module) + +libwolfssl supports building as a linux kernel module (`libwolfssl.ko`). +When loaded, wolfCrypt and wolfSSL API are made available to the rest of +the kernel, supporting cryptography and TLS in kernel space. + +Performing cryptographic operations in kernel space has significant advantages +over user space for high throughput network (VPN, IPsec, MACsec, TLS, etc) and +filesystem (dm-crypt/LUKS, fscrypt disk encryption) IO processing, with the +added benefit that keys can be kept isolated to kernel space. Additionally, +when wolfCrypt-FIPS is used, this provides a simple recipe for FIPS-compliant +kernels. + +Supported features: + +- crypto acceleration: AES-NI, AVX, etc. +- kernel crypto API registration (wolfCrypt algs appear as drivers in `/proc/crypto`.). +- `CONFIG_CRYPTO_FIPS`, and crypto-manager self-tests. +- FIPS-compliant patches to `drivers/char/random.c`, covering kernels 5.10 to + 6.15. +- Supports FIPS-compliant WireGuard (https://github.com/wolfssl/wolfguard). +- TLS 1.3 and DTLS 1.3 kernel offload. + +## Building and Installing + +Build `libwolfssl.ko` with: + +```sh +$ ./configure --enable-linuxkm --with-linux-source=/usr/src/linux +$ make -j module +``` + +Note: Replace `/usr/src/linux` with a path to your fully configured and built +target kernel source tree. + +If building from a FIPS kernel module bundle, build `libwolfssl.ko` with: +```sh +$ ./configure --enable-fips=fips_flavor --enable-linuxkm --with-linux-source=/usr/src/linux +$ make -j module-with-matching-fips-hash +``` + +Note: Replace `fips_flavor` with the correct value. + +Assuming you are targeting your native system, install with: + +```sh +$ sudo make install +$ sudo modprobe libwolfssl +``` + +### Key additional Linux kernel module configuration options + +| option | description | +| :------------------------------- | :----------------------------------------- | +| `--enable-linuxkm-lkcapi-register` | Register wolfcrypt algs with linux kernel crypto API.
    Optional value is 'all', 'all-kconfig', 'none', or a comma separated list of algs. | +| `--enable-all-crypto` | Enable extra crypto algorithms | +| `--enable-intelasm` | x86/amd64 crypto acceleration | +| `--enable-cryptonly` | Omit TLS/DTLS implementation (normally recommended) | + +### Additional configuration options for verification, performance evaluation, and troubleshooting + +| option | description | +| :------------------------------- | :----------------------------------------- | +| `--enable-crypttests` | Run `wolfcrypt_test()` at module load (not recommended for production) | +| `--enable-kernel-benchmarks` | Run crypto benchmark at module load (_not appropriate for production_) | +| `--enable-kernel-verbose-debug` | Extra runtime diagnostic and informational messages | +| `--enable-kernel-stack-debug` | Report stack usage during module startup | +| `--enable-debug-trace-errcodes` | Profuse debug logging (_not appropriate for production_) | +| `--enable-debug-trace-errcodes=backtrace` | Even more profuse debug logging (_not appropriate for production_) | + + +## Kernel Patches + +The `linuxkm/patches` directory in the source distribution contains a patch to the linux kernel CRNG. The +CRNG provides the implementation for `/dev/random`, `/dev/urandom`, and +`getrandom()`, and for internal RNG APIs such as `get_random_bytes()`, +`get_random_u32()`, etc. + +The patch applies to these two sources: + +- `drivers/char/random.c` +- `include/linux/random.h` + +It adds a callback facility to the core kernel code that allows `libwolfssl.ko` +to register FIPS-compliant algorithms in place of the native implementation +(which is based on non-FIPS ChaCha20 and blake2s algorithms). When `libwolfssl.ko` is configured with +`--enable-linuxkm-lkcapi-register` and loaded into a patched kernel, it +automatically registers the FIPS callbacks. At startup, the module will report + +``` +libwolfssl: kernel global random_bytes handlers installed. +``` + +Additionally, `/proc/crypto` will advertise that the FIPS DRBG is installed at +highest priority, with "-wolfentropy" and/or "-rdseed", and "-with-global-replace": +```ini +name : stdrng +driver : sha2-256-drbg-nopr-wolfentropy-wolfcrypt-fips-140-3-with-global-replace +module : libwolfssl +priority : 100000 +refcnt : 2 +selftest : passed +internal : no +fips : yes +type : rng +seedsize : 0 +``` + + +Patches are provided for several kernel versions, ranging from `5.10.x` to +`6.15`, with the most recent patchset tested nightly with the latest Linux +release and RC kernels, and with the latest linux-next snapshot. Use the +patchset with the most recent target kernel version not greater than that of the +kernel you're targeting. + +### Patch procedure + +1. Verify that the patcheset applies cleanly, using a dry run: + +```console +$ cd ~/kernelsrc/ +$ patch -p1 --dry-run < ~/wolfssl-5.8.2/linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch +checking file drivers/char/random.c +checking file include/linux/random.h +``` + +2. Optionally, clean the kernel src tree before patching: + +```console +$ make mrproper +``` + +3. Patch the kernel: + +```console +$ patch -p1 < ~/wolfssl-5.8.2/linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch +patching file drivers/char/random.c +patching file include/linux/random.h +``` + +4. Build and optionally install the patched kernel: +```console +$ make -j +# make modules_install +# make install +``` diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/get_thread_size.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/get_thread_size.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/get_thread_size.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/get_thread_size.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* get_thread_size.c -- trivial program to determine stack frame size * for a Linux kernel thread, given a configured source tree. * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -5,11 +5,15 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \ linuxkm/Kbuild \ linuxkm/Makefile \ + linuxkm/README.md \ linuxkm/get_thread_size.c \ + linuxkm/linuxkm-fips-hash.c \ + linuxkm/linuxkm-fips-hash-wrapper.sh \ linuxkm/module_hooks.c \ linuxkm/module_exports.c.template \ linuxkm/pie_redirect_table.c \ linuxkm/linuxkm_memory.c \ + linuxkm/linuxkm_memory.h \ linuxkm/linuxkm_wc_port.h \ linuxkm/x86_vector_register_glue.c \ linuxkm/lkcapi_glue.c \ @@ -22,8 +26,11 @@ linuxkm/wolfcrypt.lds \ linuxkm/patches/5.10.17/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v17.patch \ linuxkm/patches/5.10.236/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v10v236.patch \ + linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch \ linuxkm/patches/5.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v15.patch \ linuxkm/patches/5.17/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17.patch \ + linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch \ linuxkm/patches/6.1.73/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v1v73.patch \ linuxkm/patches/6.12/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v12.patch \ - linuxkm/patches/6.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch + linuxkm/patches/6.15/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-6v15.patch \ + linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash-wrapper.sh mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash-wrapper.sh --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash-wrapper.sh 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash-wrapper.sh 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,109 @@ +#!/bin/bash + +# linuxkm-fips-hash-wrapper.sh -- Wrapper for linuxkm-fips-hash -- looks up the +# fencepost values using readelf, and assembles the argument list from them. +# +# Copyright (C) 2006-2026 wolfSSL Inc. +# +# This file is part of wolfSSL. +# +# wolfSSL is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# wolfSSL is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + +set -o noclobber -o nounset -o pipefail -o errexit + +mod_path=$1 +shift + +# require Gnu Awk, for strtonum(). + +if [[ -v AWK ]] && ! "$AWK" --version 2>&1 | grep -F -q 'GNU Awk'; then + unset AWK +fi + +if [[ ! -v AWK ]]; then + if command -v gawk >/dev/null; then + AWK='gawk' + else + AWK='awk' + fi +fi + +if ! "$AWK" --version 2>&1 | grep -F -q 'GNU Awk'; then + echo "Couldn't find required GNU Awk executable." >&2 + exit 1 +fi + +# shellcheck disable=SC2016 # using $AWK instead of awk confuses shellcheck. +readarray -t fenceposts < <(readelf --wide --sections --symbols "$mod_path" | "$AWK" ' +BEGIN { + fips_fenceposts["wc_linuxkm_pie_reloc_tab"] = "reloc_tab_start"; + fips_fenceposts["wc_linuxkm_pie_reloc_tab_length"] = "reloc_tab_len_start"; + fips_fenceposts["verifyCore"] = "verifyCore_start"; + fips_fenceposts["wolfCrypt_FIPS_first"] = "fips_text_start"; + fips_fenceposts["wolfCrypt_FIPS_last"] = "fips_text_end"; + fips_fenceposts["wolfCrypt_FIPS_ro_start"] = "fips_rodata_start"; + fips_fenceposts["wolfCrypt_FIPS_ro_end"] = "fips_rodata_end"; + singleton_ends["wc_linuxkm_pie_reloc_tab"] = "reloc_tab_end"; + singleton_ends["wc_linuxkm_pie_reloc_tab_length"] = "reloc_tab_len_end"; + singleton_ends["verifyCore"] = "verifyCore_end"; +} + +/^Section Headers:/ { + in_sections = 1; + in_symbols = 0; + next; +} + +/^Symbol table / { + if (! in_sections) { + print "symbol table appeared before section headers." >"/dev/stderr"; + exit(1); + } + in_sections = 0; + in_symbols = 1; + next; +} +{ + if (in_sections) { + if (match($0, + "^[[:space:]]*\\[([^]]+)\\][[:space:]]+\\.([^[:space:].]+)_wolfcrypt[[:space:]]+[^[:space:]]+[[:space:]]+[^[:space:]]+[[:space:]]+([0-9a-f]+)[[:space:]]+([0-9a-f]+)[[:space:]]", + section_line_a)) { + segnum = strtonum(section_line_a[1]); + segname = section_line_a[2]; + segstart = section_line_a[3]; + segsize = section_line_a[4]; + seg_starts_by_id[segnum] = strtonum("0x" segstart); + printf("--%s_start\n0x%x\n--%s_end\n0x%x\n", segname, strtonum("0x" segstart), segname, strtonum("0x" segstart) + strtonum("0x" segsize)); + next; + } + } + if (in_symbols) { + if ($7 !~ "^[0-9]+$") + next; + if (($4 != "NOTYPE") && ($4 != "OBJECT") && ($4 != "FUNC")) + next; + if (! ($8 in fips_fenceposts)) + next; + if (! ($7 in seg_starts_by_id)) { + print "segment offset missing for segment " $7 " for symbol " $8 "." >"/dev/stderr"; + exit(1); + } + printf("--%s\n0x%x\n", fips_fenceposts[$8], seg_starts_by_id[$7] + strtonum("0x" $2)); + if ($8 in singleton_ends) + printf("--%s\n0x%x\n", singleton_ends[$8], seg_starts_by_id[$7] + strtonum("0x" $2) + strtonum($3)); + } +}') + +./linuxkm-fips-hash "${fenceposts[@]}" --mod-path "$mod_path" --in-place "$@" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm-fips-hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,419 @@ +/* linuxkm-fips-hash.c + * + * A utility to compute the correct FIPS integrity hash for a fully linked + * libwolfssl.ko kernel module, and to optionally update the module in place. + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* See linuxkm-fips-hash-wrapper.sh for argument setup example. */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* failsafe definitions for FIPS <5.3 */ +#ifndef FIPS_IN_CORE_DIGEST_SIZE + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #else + #error Unsupported FIPS hash alg. + #endif +#endif + +#ifndef FIPS_IN_CORE_KEY_SZ + #define FIPS_IN_CORE_KEY_SZ FIPS_IN_CORE_DIGEST_SIZE +#endif +#ifndef FIPS_IN_CORE_VERIFY_SZ + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_DIGEST_SIZE +#endif + +#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE +extern const char coreKey[FIPS_IN_CORE_KEY_SZ*2 + 1]; +#endif + +static int hmac_setkey_cb(Hmac *hmac, const byte *key, word32 key_len) { + return wc_HmacSetKey(hmac, FIPS_IN_CORE_HASH_TYPE, key, key_len); +} + +static int hmac_update_cb(Hmac *hmac, const byte *in, word32 in_len) { + return wc_HmacUpdate_fips(hmac, in, in_len); +} + +static int hmac_final_cb(Hmac *hmac, byte *out, word32 out_sz) { + int actual_size = wc_HmacSizeByType(hmac->macType); + if (actual_size < 0) + return actual_size; + if ((int)out_sz != actual_size) + return BUFFER_E; + return wc_HmacFinal(hmac, out); +} + +int main(int argc, char **argv) +{ + Hmac hmac; + int ret; + struct wc_reloc_table_segments seg_map = WC_RELOC_TABLE_SEGMENTS_INITIALIZER; + word32 new_verifyCore_size = FIPS_IN_CORE_DIGEST_SIZE*2 + 1; + char new_verifyCore[FIPS_IN_CORE_DIGEST_SIZE*2 + 1]; + const char *progname = strchr(argv[0], '/') ? strrchr(argv[0], '/') + 1 : argv[0]; + const char *mod_path = NULL; + const char *user_coreKey = NULL; + int mod_fd; + struct stat st; + byte *mod_map = MAP_FAILED; + struct wc_reloc_counts reloc_counts; + int inplace = 0; + int quiet = 0; + int verbose = 0; + + static const struct option long_options[] = { +#define FENCEPOST_OPT_FLAG (1U << 30) +#define FENCEPOST_OPT(x) { .name = #x, \ + .has_arg = required_argument, \ + .flag = NULL, \ + .val = FENCEPOST_OPT_FLAG | offsetof(typeof(seg_map), x) } + FENCEPOST_OPT(text_start), + FENCEPOST_OPT(text_end), + FENCEPOST_OPT(reloc_tab_start), + FENCEPOST_OPT(reloc_tab_end), + FENCEPOST_OPT(reloc_tab_len_start), + FENCEPOST_OPT(reloc_tab_len_end), + FENCEPOST_OPT(fips_text_start), + FENCEPOST_OPT(fips_text_end), + FENCEPOST_OPT(rodata_start), + FENCEPOST_OPT(rodata_end), + FENCEPOST_OPT(fips_rodata_start), + FENCEPOST_OPT(fips_rodata_end), + FENCEPOST_OPT(verifyCore_start), + FENCEPOST_OPT(verifyCore_end), + FENCEPOST_OPT(data_start), + FENCEPOST_OPT(data_end), + FENCEPOST_OPT(bss_start), + FENCEPOST_OPT(bss_end), + { "core-key", required_argument, NULL, 'k' }, + { "mod-path", required_argument, NULL, 'f' }, + { "in-place", no_argument, NULL, 'i' }, + { "quiet", no_argument, NULL, 'q' }, + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { } + }; + + for (;;) { + int option_index = 0; + int c = getopt_long(argc, argv, "f:ik:qvh", long_options, &option_index); + if (c == -1) + break; + + if (c & FENCEPOST_OPT_FLAG) { + char *eptr; + c &= ~FENCEPOST_OPT_FLAG; + *((unsigned long *)((byte *)&seg_map + c)) = strtoul(optarg, &eptr, 0); + if (*eptr != '\0') { + fprintf(stderr, "%s: %s: supplied arg \"%s\" isn't a valid number.\n", + progname, long_options[option_index].name, optarg); + exit(1); + } + continue; + } + + switch (c) { + case 'f': + mod_path = optarg; + break; + case 'i': + inplace = 1; + break; + case 'k': + user_coreKey = optarg; + break; + case 'q': + quiet = 1; + break; + case 'v': + verbose = 1; + break; + case 'h': + printf("usage: %s \\\n", progname); + for (int i=0; i < (int)(sizeof long_options / sizeof long_options[0]); ++i) { + const struct option *opt = &long_options[i]; + if (opt->name == NULL) { + printf("\n"); + continue; + } + if (i > 0) + printf(" \\\n"); + if (opt->has_arg == no_argument) + printf(" --%s", opt->name); + else if (opt->val & FENCEPOST_OPT_FLAG) + printf(" --%s ", opt->name); + else + printf(" --%s ", opt->name); + } + exit(0); + case ':': + fprintf(stderr, "%s: Missing argument. Try --help.\n", progname); + exit(1); + __builtin_unreachable(); + case '?': + fprintf(stderr, "%s: Unrecognized option. Try --help.\n", progname); + exit(1); + __builtin_unreachable(); + default: + fprintf(stderr, "%s: Unexpected error. Try --help.\n", progname); + exit(1); + __builtin_unreachable(); + } + } + + if (optind < argc) { + fprintf(stderr, "%s: unexpected trailing argument(s).\n", progname); + exit(1); + } + + if (user_coreKey == NULL) { +#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE + user_coreKey = coreKey; +#else + fprintf(stderr, "%s: must supply --core-key.\n", progname); + exit(1); +#endif + } + +#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS + if ((seg_map.fips_text_start != ~0UL) || + (seg_map.fips_text_end != ~0UL) || + (seg_map.fips_rodata_start != ~0UL) || + (seg_map.fips_rodata_end != ~0UL)) + { + fprintf(stderr, "%s: note, ignoring explicit FIPS fenceposts " + "because WC_USE_PIE_FENCEPOSTS_FOR_FIPS.\n", progname); + } + + seg_map.fips_text_start = seg_map.text_start; + seg_map.fips_text_end = seg_map.text_end; + seg_map.fips_rodata_start = seg_map.rodata_start; + seg_map.fips_rodata_end = seg_map.rodata_end; +#endif + + if ((seg_map.text_start == ~0UL) || + (seg_map.text_end == ~0UL) || + (seg_map.reloc_tab_start == ~0UL) || + (seg_map.reloc_tab_end == ~0UL) || + (seg_map.reloc_tab_len_start == ~0UL) || + (seg_map.reloc_tab_len_end == ~0UL) || + (seg_map.fips_text_start == ~0UL) || + (seg_map.fips_text_end == ~0UL) || + (seg_map.rodata_start == ~0UL) || + (seg_map.rodata_end == ~0UL) || + (seg_map.fips_rodata_start == ~0UL) || + (seg_map.fips_rodata_end == ~0UL) || + (seg_map.verifyCore_start == ~0UL) || + (seg_map.verifyCore_end == ~0UL) || + (seg_map.data_start == ~0UL) || + (seg_map.data_end == ~0UL) || + (seg_map.bss_start == ~0UL) || + (seg_map.bss_end == ~0UL)) + { + fprintf(stderr, "%s: segment fencepost(s) missing. Try --help.\n", + progname); + exit(1); + } + + if (mod_path == NULL) { + fprintf(stderr, "%s: module path missing. Try --help.\n", progname); + exit(1); + } + + mod_fd = open(mod_path, inplace ? O_RDWR : O_RDONLY); + if (mod_fd < 0) { + fprintf(stderr, "%s: open %s: %m.\n", progname, mod_path); + exit(1); + } + + ret = fstat(mod_fd, &st); + if (ret < 0) { + fprintf(stderr, "%s: fstat %s: %m.\n", progname, mod_path); + exit(1); + } + + if ((seg_map.reloc_tab_start >= seg_map.reloc_tab_end) || + (seg_map.reloc_tab_end >= (unsigned long)st.st_size) || + (seg_map.reloc_tab_len_start >= seg_map.reloc_tab_len_end) || + (seg_map.reloc_tab_len_end >= (unsigned long)st.st_size)) + { + fprintf(stderr, "%s: supplied reloc_tab fencepost(s) are out of bounds " + "for supplied module %s with length %lu.\n", + progname, mod_path, (unsigned long)st.st_size); + exit(1); + } + + mod_map = (byte *)mmap(NULL, st.st_size, + inplace ? PROT_READ | PROT_WRITE : PROT_READ, + (inplace ? MAP_SHARED : MAP_PRIVATE) | MAP_POPULATE, + mod_fd, 0); + if (mod_map == MAP_FAILED) { + fprintf(stderr, "%s: mmap() of %s, length %zu: %m.\n", + progname, mod_path, st.st_size); + exit(1); + } + + seg_map.start = (unsigned long)mod_map; + seg_map.end = (unsigned long)mod_map + st.st_size; + + seg_map.reloc_tab_start += (unsigned long)mod_map; + seg_map.reloc_tab_end += (unsigned long)mod_map; + seg_map.reloc_tab_len_start += (unsigned long)mod_map; + seg_map.reloc_tab_len_end += (unsigned long)mod_map; + + seg_map.verifyCore_start += (unsigned long)mod_map; + seg_map.verifyCore_end += (unsigned long)mod_map; + seg_map.fips_text_start += (unsigned long)mod_map; + seg_map.fips_text_end += (unsigned long)mod_map; + seg_map.fips_rodata_start += (unsigned long)mod_map; + seg_map.fips_rodata_end += (unsigned long)mod_map; + + seg_map.text_start += (unsigned long)mod_map; + seg_map.text_end += (unsigned long)mod_map; + seg_map.rodata_start += (unsigned long)mod_map; + seg_map.rodata_end += (unsigned long)mod_map; + seg_map.data_start += (unsigned long)mod_map; + seg_map.data_end += (unsigned long)mod_map; + seg_map.bss_start += (unsigned long)mod_map; + seg_map.bss_end += (unsigned long)mod_map; + + ret = wolfCrypt_Init(); + if (ret < 0) { + fprintf(stderr, "%s: wolfCrypt_Init() failed: %s.\n", + progname, wc_GetErrorString(ret)); + exit(1); + } + + ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); + if (ret != 0) { + fprintf(stderr, "%s: wc_HmacInit() failed: %s.\n", + progname, wc_GetErrorString(ret)); + exit(1); + } + + if (seg_map.verifyCore_end - seg_map.verifyCore_start != new_verifyCore_size) { + fprintf(stderr, "%s: unexpected verifyCore length %zu.\n", + progname, (size_t)(seg_map.verifyCore_end - seg_map.verifyCore_start)); + ret = -1; + goto out; + } + + XMEMSET(&reloc_counts, 0, sizeof(reloc_counts)); + + ret = wc_fips_generate_hash( + &seg_map, + FIPS_IN_CORE_DIGEST_SIZE, + user_coreKey, + &hmac, + (wc_fips_verifyCore_hmac_setkey_fn)hmac_setkey_cb, + (wc_fips_verifyCore_hmac_update_fn)hmac_update_cb, + (wc_fips_verifyCore_hmac_final_fn)hmac_final_cb, + new_verifyCore, + &new_verifyCore_size, + &reloc_counts); + + if (ret < 0) { + fprintf(stderr, "%s: wc_fips_generate_hash() failed: %s.\n", + progname, wc_GetErrorString(ret)); + goto out; + } + + if (verbose) + fprintf(inplace ? stdout : stderr, + "FIPS-bounded relocation normalizations: text=%d, rodata=%d, " + "rwdata=%d, bss=%d, other=%d\n", + reloc_counts.text, reloc_counts.rodata, reloc_counts.rwdata, + reloc_counts.bss, reloc_counts.other); + + if (new_verifyCore_size < sizeof new_verifyCore) { + fprintf(stderr, "%s: wc_fips_generate_hash() returned unexpected " + "verifyCore length %u.\n", + progname, new_verifyCore_size); + ret = -1; + goto out; + } + + if ((! quiet) && (verbose || !inplace)) + printf("%s\n", new_verifyCore); + + if (strcmp((char *)seg_map.verifyCore_start, new_verifyCore) == 0) { + fprintf(stderr, "%s: note, verifyCore already matches.\n", progname); + } + else if (inplace) { + XMEMCPY((void *)seg_map.verifyCore_start, new_verifyCore, + new_verifyCore_size); + ret = munmap(mod_map, st.st_size); + if (ret < 0) { + fprintf(stderr, "%s: munmap: %m\n", progname); + exit(1); + } + mod_map = MAP_FAILED; + ret = close(mod_fd); + if (ret < 0) { + fprintf(stderr, "%s: close: %m\n", progname); + exit(1); + } + mod_fd = -1; + printf("FIPS integrity hash updated successfully.\n"); + } + + out: + + wc_HmacFree(&hmac); + wolfCrypt_Cleanup(); + + if (mod_map != MAP_FAILED) { + if (munmap(mod_map, st.st_size) < 0) { + fprintf(stderr, "%s: munmap: %m\n", progname); + if (ret == 0) + ret = -1; + } + } + if (mod_fd >= 0) { + if (close(mod_fd) < 0) { + fprintf(stderr, "%s: close: %m\n", progname); + if (ret == 0) + ret = -1; + } + } + + if (ret) + exit(1); + else + exit(0); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* linuxkm_memory.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,10 +21,803 @@ /* included by wolfcrypt/src/memory.c */ -#if defined(__PIE__) && defined(CONFIG_FORTIFY_SOURCE) +#if defined(WOLFSSL_LINUXKM) && defined(WC_SYM_RELOC_TABLES) && defined(CONFIG_FORTIFY_SOURCE) /* needed because FORTIFY_SOURCE inline implementations call fortify_panic(). */ void __my_fortify_panic(const char *name) { pr_emerg("__my_fortify_panic in %s\n", name); BUG(); } #endif + +#ifdef DEBUG_LINUXKM_PIE_SUPPORT + #define RELOC_DEBUG_PRINTF(fmt, ...) WOLFSSL_DEBUG_PRINTF("%s L %d: " fmt, __FILE__, __LINE__, ## __VA_ARGS__) +#else + #define RELOC_DEBUG_PRINTF(...) WC_DO_NOTHING +#endif + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + +static const struct reloc_layout_ent { + const char *name; + word64 mask; + word64 width; + word64 is_signed:1; + word64 is_relative:1; + word64 is_pages:1; + word64 is_pair_lo:1; + word64 is_pair_hi:1; +} reloc_layouts[] = { + [WC_R_X86_64_32] = { "R_X86_64_32", ~0UL, 32, .is_signed = 0, .is_relative = 0 }, + [WC_R_X86_64_32S] = { "R_X86_64_32S", ~0UL, 32, .is_signed = 1, .is_relative = 0 }, + [WC_R_X86_64_64] = { "R_X86_64_64", ~0UL, 64, .is_signed = 0, .is_relative = 0 }, + [WC_R_X86_64_PC32] = { "R_X86_64_PC32", ~0UL, 32, .is_signed = 1, .is_relative = 1 }, + [WC_R_X86_64_PLT32] = { "R_X86_64_PLT32", ~0UL, 32, .is_signed = 1, .is_relative = 1 }, + [WC_R_AARCH64_ABS32] = { "R_AARCH64_ABS32", ~0UL, 32, .is_signed = 1, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_AARCH64_ABS64] = { "R_AARCH64_ABS64", ~0UL, 64, .is_signed = 1, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_AARCH64_ADD_ABS_LO12_NC] = { "R_AARCH64_ADD_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 }, + [WC_R_AARCH64_ADR_PREL_PG_HI21] = { "R_AARCH64_ADR_PREL_PG_HI21", 0b01100000111111111111111111100000, 32, .is_signed = 1, .is_relative = 1, .is_pages = 1, .is_pair_lo = 0, .is_pair_hi = 1 }, + [WC_R_AARCH64_CALL26] = { "R_AARCH64_CALL26", 0b00000011111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_AARCH64_JUMP26] = { "R_AARCH64_JUMP26", 0b00000011111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_AARCH64_LDST8_ABS_LO12_NC] = { "R_AARCH64_LDST8_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 }, + [WC_R_AARCH64_LDST16_ABS_LO12_NC] = { "R_AARCH64_LDST16_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 }, + [WC_R_AARCH64_LDST32_ABS_LO12_NC] = { "R_AARCH64_LDST32_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 }, + [WC_R_AARCH64_LDST64_ABS_LO12_NC] = { "R_AARCH64_LDST64_ABS_LO12_NC", 0b00000000001111111111110000000000, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 }, + [WC_R_AARCH64_PREL32] = { "R_AARCH64_PREL32", ~0UL, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_ABS32] = { "R_ARM_ABS32", ~0UL, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_PREL31] = { "R_ARM_PREL31", 0b01111111111111111111111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_REL32] = { "R_ARM_REL32", ~0UL, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_THM_CALL] = { "R_ARM_THM_CALL", 0b00000111111111110010111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_THM_JUMP24] = { "R_ARM_THM_JUMP24", 0b00000111111111110010111111111111, 32, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_THM_JUMP11] = { "R_ARM_THM_JUMP11", 0b00000000000000000000011111111111, 16, .is_signed = 1, .is_relative = 1, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 0 }, + [WC_R_ARM_THM_MOVT_ABS] = { "R_ARM_THM_MOVT_ABS", 0b00000100000011110111000011111111, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 0, .is_pair_hi = 1 }, + [WC_R_ARM_THM_MOVW_ABS_NC] = { "R_ARM_THM_MOVW_ABS_NC", 0b00000100000011110111000011111111, 32, .is_signed = 0, .is_relative = 0, .is_pages = 0, .is_pair_lo = 1, .is_pair_hi = 0 } + }; + +static inline long find_reloc_tab_offset( + const struct wc_reloc_table_segments *seg_map, + const struct wc_reloc_table_ent reloc_tab[], + word32 reloc_tab_len, + size_t text_in_offset) +{ + long ret; + unsigned long hop; + if (reloc_tab_len <= 1) { + RELOC_DEBUG_PRINTF("ERROR: %s failed.\n", __FUNCTION__); + return -1; + } + if (text_in_offset >= (size_t)(seg_map->text_end - seg_map->text_start)) { + RELOC_DEBUG_PRINTF("ERROR: %s failed.\n", __FUNCTION__); + return -1; + } + if (text_in_offset >= (size_t)reloc_tab[reloc_tab_len - 1].offset) { + RELOC_DEBUG_PRINTF("ERROR: %s failed.\n", __FUNCTION__); + return -1; + } + for (ret = 0, + hop = reloc_tab_len >> 1; + hop; + hop >>= 1) + { + if (text_in_offset == (size_t)reloc_tab[ret].offset) + break; + else if (text_in_offset > (size_t)reloc_tab[ret].offset) + ret += hop; + else if (ret) + ret -= hop; + } + + while ((ret < (long)reloc_tab_len - 1) && + ((size_t)reloc_tab[ret].offset < text_in_offset)) + ++ret; + + while ((ret > 0) && + ((size_t)reloc_tab[ret - 1].offset >= text_in_offset)) + --ret; + +#ifdef DEBUG_LINUXKM_PIE_SUPPORT + if (ret < 0) + RELOC_DEBUG_PRINTF("ERROR: %s returning %ld.\n", __FUNCTION__, ret); +#endif + return ret; +} + +/* Note we are not currently accommodating endianness conflicts between the + * build and target host, but if we were, these macros would byte swap. + * Currently, we detect and fail early on endianness conflicts. + */ +#define wc_get_unaligned(v) ({ typeof(*(v)) _v_aligned; XMEMCPY((void *)&_v_aligned, (void *)(v), sizeof _v_aligned); _v_aligned; }) +#define wc_put_unaligned(v, v_out) do { typeof(v) _v = (v); XMEMCPY((void *)(v_out), (void *)&_v, sizeof(typeof(*(v_out)))); } while (0) + +ssize_t wc_reloc_normalize_text( + const byte *text_in, + size_t text_in_len, + byte *text_out, + ssize_t *cur_index_p, + const struct wc_reloc_table_segments *seg_map, + struct wc_reloc_counts *reloc_counts) +{ + ssize_t i; + size_t text_in_offset; + const struct wc_reloc_table_ent *last_reloc; /* for error-checking order in reloc_tab[] */ + int n_text_r = 0, n_rodata_r = 0, n_rwdata_r = 0, n_bss_r = 0, n_other_r = 0, n_oob_r = 0; + const struct wc_reloc_table_ent *reloc_tab = (const struct wc_reloc_table_ent *)seg_map->reloc_tab_start; + const word32 reloc_tab_len = *(const word32 *)seg_map->reloc_tab_len_start; + + if ((text_in_len == 0) || + ((uintptr_t)text_in < seg_map->text_start) || + ((uintptr_t)(text_in + text_in_len) > seg_map->text_end)) + { + RELOC_DEBUG_PRINTF("ERROR: %s returning -1 with span %llx-%llx versus segment %llx-%llx.\n", + __FUNCTION__, + (unsigned long long)(uintptr_t)text_in, + (unsigned long long)(uintptr_t)(text_in + text_in_len), + (unsigned long long)seg_map->text_start, + (unsigned long long)seg_map->text_end); + return -1; + } + + text_in_offset = (uintptr_t)text_in - seg_map->text_start; + + if (cur_index_p) + i = *cur_index_p; + else + i = -1; + + if (i == -1) + i = find_reloc_tab_offset(seg_map, reloc_tab, reloc_tab_len, text_in_offset); + + if (i < 0) + return i; + + WC_SANITIZE_DISABLE(); + memcpy(text_out, text_in, text_in_len); + WC_SANITIZE_ENABLE(); + + for (last_reloc = &reloc_tab[i > 0 ? i-1 : 0]; + (size_t)i < reloc_tab_len - 1; + ++i) + { + const struct wc_reloc_table_ent *next_reloc = &reloc_tab[i]; + enum wc_reloc_dest_segment dest_seg; + uintptr_t seg_beg; +#ifdef DEBUG_LINUXKM_PIE_SUPPORT + uintptr_t seg_end; + const char *seg_name; +#endif + word64 reloc_buf = 0; + const struct reloc_layout_ent *layout; + unsigned int next_reloc_rel; + + if (next_reloc->dest_segment == WC_R_SEG_NONE) { + RELOC_DEBUG_PRINTF("BUG: missing dest segment for relocation at reloc_tab[%zd]\n", i); + continue; + } + + if (last_reloc->offset > next_reloc->offset) { + RELOC_DEBUG_PRINTF("BUG: out-of-order offset found at reloc_tab[%zd]: %u > %u\n", + i, last_reloc->offset, next_reloc->offset); + return -1; + } + + last_reloc = next_reloc; + + if (next_reloc->reloc_type >= (sizeof reloc_layouts / sizeof reloc_layouts[0])) { + RELOC_DEBUG_PRINTF("BUG: unknown relocation type %u found at reloc_tab[%zd]\n", + next_reloc->reloc_type, i); + return -1; + } + + layout = &reloc_layouts[next_reloc->reloc_type]; + + switch (layout->width) { + case 32: + case 64: + case 16: + break; + default: + RELOC_DEBUG_PRINTF("BUG: unexpected relocation width %llu found at reloc_tab[%lld], reloc type %u\n", + (unsigned long long)layout->width, (long long)i, next_reloc->reloc_type); + return -1; + } + + /* provisionally assign the destination segment from the reloc record -- + * it may wind up getting overridden later if things don't go as + * expected. + */ + dest_seg = next_reloc->dest_segment; + + /* next_reloc_rel is the offset of the relocation relative to the start + * of the current text chunk (text_in). i.e., text_in + next_reloc_rel + * is the start of the relocation. + */ + next_reloc_rel = next_reloc->offset - text_in_offset; + + if (next_reloc_rel >= text_in_len) { + /* no more relocations in this buffer. */ + break; + } + + if ((text_in_len < WC_BITS_TO_BYTES(layout->width)) || + (next_reloc_rel > text_in_len - WC_BITS_TO_BYTES(layout->width))) + { + /* relocation straddles buffer at end -- caller will try again with + * that relocation at the start. + */ + text_in_len = next_reloc_rel; + break; + } + + /* set reloc_buf to the address bits from the live text segment. on + * ARM, this will often also pull in some opcode bits, which we mask out. + */ + if (layout->is_signed) { + /* Note, the intermediate cast to sword64 is necessary to + * sign-extend the value to 64 bits before unsigned + * reinterpretation. Normalization later relies on this. + */ + switch (layout->width) { + case 32: + reloc_buf = (word64)(sword64)(wc_get_unaligned((sword32 *)&text_out[next_reloc_rel]) & (sword32)layout->mask); + break; + case 64: + reloc_buf = (word64)(sword64)(wc_get_unaligned((sword64 *)&text_out[next_reloc_rel]) & (sword64)layout->mask); + break; + case 16: + reloc_buf = (word64)(sword64)(wc_get_unaligned((sword16 *)&text_out[next_reloc_rel]) & (sword16)layout->mask); + break; + } + } + else { + switch (layout->width) { + case 32: + reloc_buf = (word64)(wc_get_unaligned((word32 *)&text_out[next_reloc_rel]) & (word32)layout->mask); + break; + case 64: + reloc_buf = (word64)(wc_get_unaligned((word64 *)&text_out[next_reloc_rel]) & layout->mask); + break; + case 16: + reloc_buf = (word64)(wc_get_unaligned((word16 *)&text_out[next_reloc_rel]) & (word16)layout->mask); + break; + } + } + + switch (dest_seg) { + case WC_R_SEG_TEXT: + seg_beg = seg_map->text_start; + ++n_text_r; + #ifdef DEBUG_LINUXKM_PIE_SUPPORT + seg_end = seg_map->text_end; + seg_name = "text"; + #endif + break; + case WC_R_SEG_RODATA: + seg_beg = seg_map->rodata_start; + ++n_rodata_r; + #ifdef DEBUG_LINUXKM_PIE_SUPPORT + seg_end = seg_map->rodata_end; + seg_name = "rodata"; + #endif + break; + case WC_R_SEG_RWDATA: + seg_beg = seg_map->data_start; + ++n_rwdata_r; + #ifdef DEBUG_LINUXKM_PIE_SUPPORT + seg_end = seg_map->data_end; + seg_name = "data"; + #endif + break; + case WC_R_SEG_BSS: + seg_beg = seg_map->bss_start; + ++n_bss_r; + #ifdef DEBUG_LINUXKM_PIE_SUPPORT + seg_end = seg_map->bss_end; + seg_name = "bss"; + #endif + break; + default: + case WC_R_SEG_NONE: + dest_seg = WC_R_SEG_OTHER; + FALL_THROUGH; + case WC_R_SEG_OTHER: + seg_beg = 0; + #ifdef DEBUG_LINUXKM_PIE_SUPPORT + seg_end = 0; + seg_name = "other"; + #endif + break; + } + + switch (next_reloc->reloc_type) { + case WC_R_X86_64_PC32: + case WC_R_X86_64_PLT32: + case WC_R_X86_64_32: + case WC_R_X86_64_32S: + case WC_R_X86_64_64: + + if (dest_seg != WC_R_SEG_OTHER) { +#ifdef DEBUG_LINUXKM_PIE_SUPPORT + word64 raw_dest_addr = reloc_buf; +#endif + if (seg_map->text_is_live) { + /* note these normalize to the base address of the + * destination symbol, S, and removes the addend A, which is + * baked into the reloc_tab for each relocation. + */ + if (layout->is_relative) + reloc_buf = reloc_buf + (uintptr_t)next_reloc->offset - (uintptr_t)next_reloc->dest_addend - (seg_beg - seg_map->text_start); + else + reloc_buf = reloc_buf - seg_beg - (uintptr_t)next_reloc->dest_addend; + } + else { + reloc_buf = (word64)next_reloc->dest_offset; + } +#ifdef DEBUG_LINUXKM_PIE_SUPPORT + if (reloc_buf >= seg_end - seg_beg) { + ++n_oob_r; + RELOC_DEBUG_PRINTF("WARNING: normalized value is out of bounds (%s0x%llx) at index %lld, text offset 0x%x, reloc type %s, " + "dest seg .%s_wolfcrypt, offset from text to dest segment %s0x%llx, raw dest addr %s0x%llx, " + "seg span 0x%llx - 0x%llx, seg size 0x%llx, text base 0x%llx\n", + (long long)reloc_buf < 0 ? "-" : "", + (long long)reloc_buf < 0 ? -(long long)reloc_buf : (long long)reloc_buf, + (long long)i, + next_reloc->offset, + layout->name, + seg_name, + seg_beg < seg_map->text_start ? "-" : "+", + seg_beg < seg_map->text_start ? (unsigned long long)seg_map->text_start - seg_beg : seg_beg - (unsigned long long)seg_map->text_start, + (layout->is_signed && ((long long)raw_dest_addr < 0)) ? "-" : "", + (layout->is_signed && ((long long)raw_dest_addr < 0)) ? (unsigned long long)-(long long)raw_dest_addr : raw_dest_addr, + (unsigned long long)seg_beg, + (unsigned long long)seg_end, + (unsigned long long)(seg_end - seg_beg), + (unsigned long long)seg_map->text_start); + } +#endif + } + + break; + + case WC_R_ARM_ABS32: + case WC_R_ARM_PREL31: + case WC_R_ARM_REL32: + case WC_R_ARM_THM_CALL: + case WC_R_ARM_THM_JUMP11: + case WC_R_ARM_THM_JUMP24: + case WC_R_ARM_THM_MOVT_ABS: + case WC_R_ARM_THM_MOVW_ABS_NC: + /* Don't attempt to reconstruct ARM destination addresses -- just + * normalize to zero. They can be reconstructed using the + * parameters in reloc_layouts[] and reloc_tab[] but it's very + * fidgety. + */ + reloc_buf = 0; + break; + + case WC_R_AARCH64_ABS32: + case WC_R_AARCH64_ABS64: + case WC_R_AARCH64_ADD_ABS_LO12_NC: + case WC_R_AARCH64_ADR_PREL_PG_HI21: + case WC_R_AARCH64_CALL26: + case WC_R_AARCH64_JUMP26: + case WC_R_AARCH64_LDST16_ABS_LO12_NC: + case WC_R_AARCH64_LDST32_ABS_LO12_NC: + case WC_R_AARCH64_LDST64_ABS_LO12_NC: + case WC_R_AARCH64_LDST8_ABS_LO12_NC: + case WC_R_AARCH64_PREL32: + + /* Don't attempt to reconstruct ARM destination addresses -- just + * normalize to zero. They can be reconstructed using the + * parameters in reloc_layouts[] and reloc_tab[] but it's very + * fidgety. + */ + reloc_buf = 0; + break; + + default: + RELOC_DEBUG_PRINTF("BUG: unrecognized relocation type %u in reloc record %zu, text offset 0x%x\n", + (unsigned)next_reloc->reloc_type, i, reloc_tab[i].offset); + ++n_oob_r; + dest_seg = WC_R_SEG_OTHER; + } + + if (dest_seg == WC_R_SEG_OTHER) { + /* relocation referring to non-wolfcrypt segment -- these can only + * be stabilized by zeroing them. + */ + reloc_buf = 0; + + ++n_other_r; + RELOC_DEBUG_PRINTF("found non-wolfcrypt relocation at index %lld, text offset 0x%x.\n", + (long long)i, reloc_tab[i].offset); + } + + /* xor in a label identifying the dest segment and reloc type. */ + reloc_buf ^= dest_seg << (layout->width - WC_RELOC_DEST_SEGMENT_BITS); + reloc_buf ^= next_reloc->reloc_type << (layout->width - (WC_RELOC_DEST_SEGMENT_BITS + WC_RELOC_TYPE_BITS)); + + /* write the modified reloc_buf to the destination buffer. */ + switch (layout->width) { + case 32: + wc_put_unaligned((word32)reloc_buf, (word32 *)&text_out[next_reloc_rel]); + break; + case 64: + wc_put_unaligned(reloc_buf, (word64 *)&text_out[next_reloc_rel]); + break; + case 16: + wc_put_unaligned((word16)reloc_buf, (word16 *)&text_out[next_reloc_rel]); + break; + } + } + + if (reloc_counts) { + reloc_counts->text += n_text_r; + reloc_counts->rodata += n_rodata_r; + reloc_counts->rwdata += n_rwdata_r; + reloc_counts->bss += n_bss_r; + reloc_counts->other += n_other_r; + } + + if ((n_other_r > 0) || (n_oob_r > 0)) + RELOC_DEBUG_PRINTF("text_in=%llx relocs=%d/%d/%d/%d/%d/%d ret = %llu\n", + (unsigned long long)(uintptr_t)text_in, n_text_r, n_rodata_r, + n_rwdata_r, n_bss_r, n_other_r, n_oob_r, + (unsigned long long)text_in_len); + + if (cur_index_p) + *cur_index_p = i; + + return (ssize_t)text_in_len; +} + +#endif /* WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT */ + +#ifdef HAVE_FIPS + +#ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE + +#include +#ifndef MAX_FIPS_DATA_SZ + #define MAX_FIPS_DATA_SZ 10000000 +#endif +#ifndef MAX_FIPS_CODE_SZ + #define MAX_FIPS_CODE_SZ 10000000 +#endif + +#include + +#ifndef NO_SHA256 + #include +#endif +#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) + #include +#endif + +/* failsafe definitions for FIPS <5.3 */ +#ifndef FIPS_IN_CORE_DIGEST_SIZE + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #elif defined(WOLFSSL_SHA512) + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA512_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA512 + #else + #error Unsupported FIPS hash alg. + #endif +#endif + +#ifndef FIPS_IN_CORE_KEY_SZ + #define FIPS_IN_CORE_KEY_SZ FIPS_IN_CORE_DIGEST_SIZE +#endif +#ifndef FIPS_IN_CORE_VERIFY_SZ + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_DIGEST_SIZE +#endif + +/* wc_fips_generate_hash() is the high level entry point to the supplementary + * FIPS integrity hash calculation facility, used for offline hash calculation + * (particularly for kernel module builds), and for the + * WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE mechanism in the kernel module. + * + * The seg_map describes the layout of the module, including its precomputed + * relocation table and its FIPS fenceposts. For + * WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE, seg_map is a static const in + * module_hooks.c, but for offline calculation, readelf is used in + * linuxkm-fips-hash-wrapper.sh to extract the values to pass to + * linuxkm-fips-hash. + * + * The HMAC callback pointers are generic, but have wolfCrypt-like argument + * structure -- for live WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE calls, they + * point to wrappers around native Linux kernel implementations, but for + * linuxkm-fips-hash, they point to wrappers around native wolfCrypt + * implementations. + */ + +int wc_fips_generate_hash( + const struct wc_reloc_table_segments *seg_map, + word32 digest_size, + const char *hmac_key_base16, + void *hmac_ctx, + wc_fips_verifyCore_hmac_setkey_fn hmac_setkey, + wc_fips_verifyCore_hmac_update_fn hmac_update, + wc_fips_verifyCore_hmac_final_fn hmac_final, + char *out, + word32 *out_size, + struct wc_reloc_counts *reloc_counts) +{ + word32 binCoreSz = FIPS_IN_CORE_KEY_SZ; + int ret; + byte *hash = NULL; + byte *binCoreKey = NULL; + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + if (seg_map->text_is_live) { + if ((seg_map->reloc_tab_start == 0) || + (seg_map->reloc_tab_len_start == 0)) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + } + else { + if ((seg_map->reloc_tab_end == 0) || + (seg_map->reloc_tab_len_end == 0)) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + } +#endif + + if (((seg_map->end > 0) && (seg_map->start >= seg_map->end)) || + (seg_map->fips_text_start >= seg_map->fips_text_end) || + (seg_map->fips_rodata_start >= seg_map->fips_rodata_end) +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + || + ((seg_map->reloc_tab_end != 0) && (seg_map->reloc_tab_start >= seg_map->reloc_tab_end)) || + ((seg_map->reloc_tab_len_end != 0) && (seg_map->reloc_tab_len_start >= seg_map->reloc_tab_len_end)) || + (seg_map->text_start >= seg_map->text_end) || + (seg_map->rodata_start >= seg_map->rodata_end) || + (seg_map->data_start >= seg_map->data_end) || + (seg_map->bss_start >= seg_map->bss_end) +#endif + ) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + + if (seg_map->start > 0) { + if ((seg_map->fips_text_start < seg_map->start) || + (seg_map->fips_rodata_start < seg_map->start) || + (seg_map->verifyCore_start < seg_map->start) +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + || + (seg_map->reloc_tab_start < seg_map->start) || + (seg_map->reloc_tab_len_start < seg_map->start) || + (seg_map->text_start < seg_map->start) || + (seg_map->rodata_start < seg_map->start) || + (seg_map->data_start < seg_map->start) || + (seg_map->bss_start < seg_map->start) +#endif + ) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BUFFER_E; + } + } + + if (seg_map->end > 0) { + if ((seg_map->fips_text_end > seg_map->end) || + (seg_map->fips_rodata_end > seg_map->end) || + (seg_map->verifyCore_end > seg_map->end) +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + || + ((seg_map->reloc_tab_end != 0) && + (seg_map->reloc_tab_end > seg_map->end)) || + ((seg_map->reloc_tab_len_end != 0) && + (seg_map->reloc_tab_len_end > seg_map->end)) || + (seg_map->text_end > seg_map->end) || + (seg_map->rodata_end > seg_map->end) || + (seg_map->data_end > seg_map->end) || + (seg_map->bss_end > seg_map->end) +#endif + ) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BUFFER_E; + } + } + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + if ((seg_map->reloc_tab_len_end != 0) && + (seg_map->reloc_tab_len_end - seg_map->reloc_tab_len_start != sizeof(word32))) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + else if (seg_map->reloc_tab_len_start & (sizeof(word32) - 1)) { + /* fprintf(stderr, "%s: seg_map->reloc_tab_len_start isn't properly aligned: 0x%llx.\n", progname, ( + unsigned long long)seg_map->reloc_tab_len_start); */ + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_ALIGN_E; + } + else { + /* Note we don't currently handle modules that are endian-conflicted + * with the build host -- that'll be caught here, when reloc_tab_len is + * a nonsense byte-swapped value, or the final reloc_tab ent has + * nonsense flags. + */ + word32 reloc_tab_len = *(const word32 *)seg_map->reloc_tab_len_start; + const struct wc_reloc_table_ent *reloc_tab = (const struct wc_reloc_table_ent *)seg_map->reloc_tab_start; + if (reloc_tab_len == 0) { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + else if ((seg_map->end != 0) && + ((unsigned long)(reloc_tab + reloc_tab_len) > seg_map->end)) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + else if ((reloc_tab[reloc_tab_len - 1].dest_segment != WC_R_SEG_NONE) || + (reloc_tab[reloc_tab_len - 1].reloc_type != WC_R_NONE)) + { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + else if ((seg_map->reloc_tab_end != 0) && + (seg_map->reloc_tab_end - seg_map->reloc_tab_start != sizeof(struct wc_reloc_table_ent) * *(const word32 *)seg_map->reloc_tab_len_start)) + { + /* + fprintf(stderr, "%s: wc_linuxkm_pie_reloc_tab_length from module (%u) is inconsistent with actual reloc_tab size %llu.\n", + progname, + *(const word32 *)seg_map->reloc_tab_len_start, + (unsigned long long)(seg_map->reloc_tab_end - seg_map->reloc_tab_start)); + */ + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + } +#endif + + if (out_size == NULL) { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BAD_FUNC_ARG; + } + + if (*out_size < (digest_size * 2) + 1) { + RELOC_DEBUG_PRINTF("assert failed.\n"); + return BUFFER_E; + } + + hash = XMALLOC(digest_size, 0, DYNAMIC_TYPE_TMP_BUFFER); + if (hash == NULL) { + ret = MEMORY_E; + RELOC_DEBUG_PRINTF("XMALLOC() failed.\n"); + goto out; + } + + binCoreKey = XMALLOC(binCoreSz, 0, DYNAMIC_TYPE_TMP_BUFFER); + if (binCoreKey == NULL) { + ret = MEMORY_E; + RELOC_DEBUG_PRINTF("XMALLOC() failed.\n"); + goto out; + } + + { + word32 base16_out_len = binCoreSz; + ret = Base16_Decode((const byte *)hmac_key_base16, strlen(hmac_key_base16), binCoreKey, &base16_out_len); + if (ret != 0) { + RELOC_DEBUG_PRINTF("Base16_Decode() failed.\n"); + goto out; + } + if (base16_out_len != binCoreSz) { + ret = BAD_FUNC_ARG; + RELOC_DEBUG_PRINTF("assert failed.\n"); + goto out; + } + } + + ret = hmac_setkey(hmac_ctx, binCoreKey, binCoreSz); + if (ret) { + RELOC_DEBUG_PRINTF("hmac_setkey() failed.\n"); + goto out; + } + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + { + ssize_t cur_reloc_index = -1; + const byte *text_p = (const byte *)seg_map->fips_text_start; + byte *buf = XMALLOC(WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (! buf) { + ret = MEMORY_E; + RELOC_DEBUG_PRINTF("XMALLOC() failed.\n"); + goto out; + } + + while (text_p < (const byte *)seg_map->fips_text_end) { + /* wc_reloc_normalize_text() does its own WC_SANITIZE_DISABLE()s, so + * we defer it here. + */ + ssize_t progress = wc_reloc_normalize_text( + text_p, + min(WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ, (word32)((const byte *)seg_map->fips_text_end - text_p)), + buf, + &cur_reloc_index, + seg_map, + reloc_counts); + if (progress <= 0) { + ret = IN_CORE_FIPS_E; + RELOC_DEBUG_PRINTF("wc_reloc_normalize_text() failed.\n"); + break; + } + ret = hmac_update(hmac_ctx, buf, (word32)progress); + if (ret) { + RELOC_DEBUG_PRINTF("hmac_update() failed.\n"); + break; + } + text_p += progress; + } + + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + WC_SANITIZE_DISABLE(); +#else + (void)reloc_counts; + WC_SANITIZE_DISABLE(); + ret = hmac_update(hmac_ctx, (byte *)(wc_ptr_t)seg_map->fips_text_start, (word32)(seg_map->fips_text_end - seg_map->fips_text_start)); +#endif /* !WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ + + if (ret) { + RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret); + ret = BAD_STATE_E; + WC_SANITIZE_ENABLE(); + goto out; + } + + /* don't hash verifyCore or changing verifyCore will change hash */ + if (seg_map->verifyCore_start >= seg_map->fips_rodata_start && seg_map->verifyCore_start < seg_map->fips_rodata_end) { + ret = hmac_update(hmac_ctx, (byte*)seg_map->fips_rodata_start, (word32)(seg_map->verifyCore_start - (unsigned long)seg_map->fips_rodata_start)); + if (ret) { + RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret); + ret = BAD_STATE_E; + goto out; + } + ret = hmac_update(hmac_ctx, (const byte *)seg_map->verifyCore_end, (word32)(seg_map->fips_rodata_end - (unsigned long)seg_map->verifyCore_end)); + } + else { + ret = hmac_update(hmac_ctx, (byte*)seg_map->fips_rodata_start, (word32)(seg_map->fips_rodata_end - (unsigned long)seg_map->fips_rodata_start)); + } + + WC_SANITIZE_ENABLE(); + + if (ret) { + RELOC_DEBUG_PRINTF("ERROR: hmac_update failed: err %d\n", ret); + ret = BAD_STATE_E; + goto out; + } + + ret = hmac_final(hmac_ctx, hash, digest_size); + if (ret) { + RELOC_DEBUG_PRINTF("ERROR: hmac_final failed: err %d\n", ret); + ret = BAD_STATE_E; + goto out; + } + + ret = Base16_Encode(hash, digest_size, (byte *)out, out_size); + + out: + + XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE */ + +#endif /* HAVE_FIPS */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.h mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_memory.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,239 @@ +/* linuxkm_memory.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* included by wolfssl/wolfcrypt/memory.h */ + +#ifndef LINUXKM_MEMORY_H +#define LINUXKM_MEMORY_H + +enum wc_reloc_dest_segment { + WC_R_SEG_NONE = 1, + WC_R_SEG_TEXT, + WC_R_SEG_RODATA, + WC_R_SEG_RWDATA, + WC_R_SEG_BSS, + WC_R_SEG_OTHER +}; + +enum wc_reloc_type { + WC_R_NONE = 1, + WC_R_X86_64_32, + WC_R_X86_64_32S, + WC_R_X86_64_64, + WC_R_X86_64_PC32, + WC_R_X86_64_PLT32, + WC_R_AARCH64_ABS32, + WC_R_AARCH64_ABS64, + WC_R_AARCH64_ADD_ABS_LO12_NC, + WC_R_AARCH64_ADR_PREL_PG_HI21, + WC_R_AARCH64_CALL26, + WC_R_AARCH64_JUMP26, + WC_R_AARCH64_LDST8_ABS_LO12_NC, + WC_R_AARCH64_LDST16_ABS_LO12_NC, + WC_R_AARCH64_LDST32_ABS_LO12_NC, + WC_R_AARCH64_LDST64_ABS_LO12_NC, + WC_R_AARCH64_PREL32, + WC_R_ARM_ABS32, + WC_R_ARM_PREL31, + WC_R_ARM_REL32, + WC_R_ARM_THM_CALL, + WC_R_ARM_THM_JUMP11, + WC_R_ARM_THM_JUMP24, + WC_R_ARM_THM_MOVT_ABS, + WC_R_ARM_THM_MOVW_ABS_NC +}; + +/* This structure is accessed natively by kernel module glue logic, and also + * from outside by linux-fips-hash.c -- pack it, with explicit pad bits, to + * remove all doubt about layout. + */ +struct __attribute__((packed)) wc_reloc_table_ent { + unsigned int offset; + unsigned int dest_offset; + signed int dest_addend; +#define WC_RELOC_DEST_SEGMENT_BITS 3 + unsigned int dest_segment:WC_RELOC_DEST_SEGMENT_BITS; +#define WC_RELOC_TYPE_BITS 5 + unsigned int reloc_type:WC_RELOC_TYPE_BITS; + unsigned int _pad_bits:(32 - (WC_RELOC_DEST_SEGMENT_BITS + WC_RELOC_TYPE_BITS)); +}; + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + +/* full ELF fencepost representation, to allow wc_reloc_normalize_text() */ + +struct wc_reloc_table_segments { + unsigned long start; + unsigned long end; + unsigned long reloc_tab_start; + unsigned long reloc_tab_end; + unsigned long reloc_tab_len_start; + unsigned long reloc_tab_len_end; + unsigned long text_start; + unsigned long text_end; +#ifdef HAVE_FIPS + unsigned long fips_text_start; + unsigned long fips_text_end; +#endif /* HAVE_FIPS */ + unsigned long rodata_start; + unsigned long rodata_end; +#ifdef HAVE_FIPS + unsigned long fips_rodata_start; + unsigned long fips_rodata_end; + unsigned long verifyCore_start; + unsigned long verifyCore_end; +#endif /* HAVE_FIPS */ + unsigned long data_start; + unsigned long data_end; + unsigned long bss_start; + unsigned long bss_end; + int text_is_live; +}; + +#ifdef HAVE_FIPS + +#define WC_RELOC_TABLE_SEGMENTS_INITIALIZER { \ + .start = ~0UL, \ + .end = ~0UL, \ + .reloc_tab_start = ~0UL, \ + .reloc_tab_end = ~0UL, \ + .reloc_tab_len_start = ~0UL, \ + .reloc_tab_len_end = ~0UL, \ + .text_start = ~0UL, \ + .text_end = ~0UL, \ + .fips_text_start = ~0UL, \ + .fips_text_end = ~0UL, \ + .rodata_start = ~0UL, \ + .rodata_end = ~0UL, \ + .fips_rodata_start = ~0UL, \ + .fips_rodata_end = ~0UL, \ + .verifyCore_start = ~0UL, \ + .verifyCore_end = ~0UL, \ + .data_start = ~0UL, \ + .data_end = ~0UL, \ + .bss_start = ~0UL, \ + .bss_end = ~0UL, \ + .text_is_live = 0 \ +} + +#else /* !HAVE_FIPS */ + +#define WC_RELOC_TABLE_SEGMENTS_INITIALIZER { \ + .start = ~0UL, \ + .end = ~0UL, \ + .reloc_tab_start = ~0UL, \ + .reloc_tab_end = ~0UL, \ + .reloc_tab_len_start = ~0UL, \ + .reloc_tab_len_end = ~0UL, \ + .text_start = ~0UL, \ + .text_end = ~0UL, \ + .rodata_start = ~0UL, \ + .rodata_end = ~0UL, \ + .data_start = ~0UL, \ + .data_end = ~0UL, \ + .bss_start = ~0UL, \ + .bss_end = ~0UL, \ + .text_is_live = 0 \ +} + +#endif /* !HAVE_FIPS */ + +struct wc_reloc_counts { + int text; + int rodata; + int rwdata; + int bss; + int other; +}; + +#elif defined(HAVE_FIPS) + +/* barebones FIPS fencepost representation -- no provision for + * wc_reloc_normalize_text() + */ + +struct wc_reloc_table_segments { + unsigned long start; + unsigned long end; + unsigned long fips_text_start; + unsigned long fips_text_end; + unsigned long fips_rodata_start; + unsigned long fips_rodata_end; + unsigned long verifyCore_start; + unsigned long verifyCore_end; +}; + +#define WC_RELOC_TABLE_SEGMENTS_INITIALIZER { \ + .start = ~0UL, \ + .end = ~0UL, \ + .fips_text_start = ~0UL, \ + .fips_text_end = ~0UL, \ + .fips_rodata_start = ~0UL, \ + .fips_rodata_end = ~0UL, \ + .verifyCore_start = ~0UL, \ + .verifyCore_end = ~0UL \ +} + +struct wc_reloc_counts { + int dummy; +}; + +#endif /* !WC_SYM_RELOC_TABLES && HAVE_FIPS */ + +#if defined(WC_SYM_RELOC_TABLES) || defined(WC_SYM_RELOC_TABLES_SUPPORT) + +#ifndef WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ + #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ 8192 +#endif + +WOLFSSL_API ssize_t wc_reloc_normalize_text( + const byte *text_in, + size_t text_in_len, + byte *text_out, + ssize_t *cur_index_p, + const struct wc_reloc_table_segments *seg_map, + struct wc_reloc_counts *reloc_counts); + +#endif /* WC_SYM_RELOC_TABLES || WC_SYM_RELOC_TABLES_SUPPORT */ + +#ifdef HAVE_FIPS + +#if defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE_SUPPORT) + typedef int (*wc_fips_verifyCore_hmac_setkey_fn)(void *ctx, const byte *key, word32 key_len); + typedef int (*wc_fips_verifyCore_hmac_update_fn)(void *ctx, const byte *in, word32 in_len); + typedef int (*wc_fips_verifyCore_hmac_final_fn)(void *ctx, byte *out, word32 out_sz); + + WOLFSSL_API int wc_fips_generate_hash( + const struct wc_reloc_table_segments *seg_map, + word32 digest_size, + const char *hmac_key_base16, + void *hmac_ctx, + wc_fips_verifyCore_hmac_setkey_fn hmac_setkey, + wc_fips_verifyCore_hmac_update_fn hmac_update, + wc_fips_verifyCore_hmac_final_fn hmac_final, + char *out, + word32 *out_size, + struct wc_reloc_counts *reloc_counts); +#endif + +#endif /* HAVE_FIPS */ + +#endif /* LINUXKM_MEMORY_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/linuxkm_wc_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* linuxkm_wc_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,7 +24,12 @@ #ifndef LINUXKM_WC_PORT_H #define LINUXKM_WC_PORT_H + #if defined(WOLFSSL_KERNEL_VERBOSE_DEBUG) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) + #define WOLFSSL_LINUXKM_VERBOSE_DEBUG + #endif + #include + #include #if LINUX_VERSION_CODE < KERNEL_VERSION(3, 16, 0) #error Unsupported kernel. @@ -35,6 +40,25 @@ #error CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is incompatible with FIPS wolfCrypt AES-XTS -- please reconfigure the target kernel to disable CONFIG_CRYPTO_MANAGER_EXTRA_TESTS. #endif + /* The first vector set in /usr/src/linux/crypto/testmgr.h + * ecdsa_nist_p192_tv_template[], ecdsa_nist_p256_tv_template[], and + * ecdsa_nist_p384_tv_template[] use SHA-1 (even if CONFIG_CRYPTO_SHA1 is + * disabled), and kernel module signatures frequently use SHA-1 until quite + * recently (dependent on CONFIG_CRYPTO_SHA1). If either is enabled, force + * downgrade to 186-4. + */ + #if defined(WC_FIPS_186_5_PLUS) && \ + (defined(CONFIG_CRYPTO_SHA1) || (defined(CONFIG_CRYPTO_MANAGER) && !defined(CONFIG_CRYPTO_MANAGER_DISABLE_TESTS))) && \ + (defined(LINUXKM_LKCAPI_REGISTER_ALL) || defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) || defined(CONFIG_CRYPTO_ECDSA)) + #undef WC_FIPS_186_5_PLUS + #ifdef WC_FIPS_186_5 + #undef WC_FIPS_186_5 + #else + #error Unknown and incompatible FIPS 186 is enabled. + #endif + #define WC_FIPS_186_4 + #endif + #ifdef HAVE_CONFIG_H #ifndef PACKAGE_NAME #error wc_port.h included before config.h @@ -116,11 +140,25 @@ #endif #endif + #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 1, 0) + /* added by 6bab69c650 */ + #define static_assert(expr, ...) __static_assert(expr, ##__VA_ARGS__, #expr) + #define __static_assert(expr, msg, ...) _Static_assert(expr, msg) + #endif + /* kernel printf doesn't implement fp. */ #ifndef WOLFSSL_NO_FLOAT_FMT #define WOLFSSL_NO_FLOAT_FMT #endif + #if (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 15, 0)) || \ + (defined(RHEL_MAJOR) && \ + ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5)))) + #define WOLFSSL_DEBUG_PRINTF_FN _printk + #else + #define WOLFSSL_DEBUG_PRINTF_FN printk + #endif + #ifndef WOLFSSL_LINUXKM_USE_MUTEXES struct wolfSSL_Mutex; extern int wc_lkm_LockMutex(struct wolfSSL_Mutex* m); @@ -178,17 +216,39 @@ #endif #endif - #if defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6, 0, 0) && \ + #if defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && \ + defined(HAVE_ENTROPY_MEMUSE) && \ + !defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER) + #define WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER + #elif defined(HAVE_HASHDRBG) && defined(HAVE_FIPS) && \ (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \ + !defined(HAVE_ENTROPY_MEMUSE) && \ !defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER) #define WC_LINUXKM_RDSEED_IN_GLUE_LAYER #endif - #ifdef WC_LINUXKM_RDSEED_IN_GLUE_LAYER + #if defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER) + struct OS_Seed; + extern int wc_linuxkm_GenerateSeed_wolfEntropy(struct OS_Seed* os, unsigned char* output, unsigned int sz); + #define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_wolfEntropy + #elif defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER) struct OS_Seed; extern int wc_linuxkm_GenerateSeed_IntelRD(struct OS_Seed* os, unsigned char* output, unsigned int sz); #define WC_GENERATE_SEED_DEFAULT wc_linuxkm_GenerateSeed_IntelRD #endif + /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here + * to assure that calls to get_random_bytes() in random.c are gated out + * (they would recurse, potentially infinitely). + */ + #if defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT) && \ + !defined(NO_LINUXKM_DRBG_GET_RANDOM_BYTES) && \ + !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ + defined(HAVE_HASHDRBG) + #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT + #endif + #ifdef BUILDING_WOLFSSL #if ((LINUX_VERSION_CODE >= KERNEL_VERSION(5, 16, 0)) || \ @@ -208,7 +268,7 @@ #endif #endif - #if defined(CONFIG_MIPS) && defined(WC_PIE_RELOC_TABLES) + #if defined(CONFIG_MIPS) && defined(WC_SYM_RELOC_TABLES) /* __ZBOOT__ disables some unhelpful macros around the mem*() funcs in * legacy arch/mips/include/asm/string.h */ @@ -236,13 +296,14 @@ _Pragma("GCC diagnostic ignored \"-Wsign-compare\""); _Pragma("GCC diagnostic ignored \"-Wpointer-sign\""); _Pragma("GCC diagnostic ignored \"-Wbad-function-cast\""); +#ifndef __clang__ _Pragma("GCC diagnostic ignored \"-Wdiscarded-qualifiers\""); +#endif _Pragma("GCC diagnostic ignored \"-Wtype-limits\""); _Pragma("GCC diagnostic ignored \"-Wswitch-enum\""); _Pragma("GCC diagnostic ignored \"-Wcast-function-type\""); /* needed for kernel 4.14.336 */ _Pragma("GCC diagnostic ignored \"-Wformat-nonliteral\""); /* needed for kernel 4.9.282 */ - - #include + _Pragma("GCC diagnostic ignored \"-Wattributes\""); #ifdef CONFIG_KASAN #ifndef WC_SANITIZE_DISABLE @@ -255,7 +316,7 @@ #if defined(CONFIG_FORTIFY_SOURCE) && \ !defined(WC_FORCE_LINUXKM_FORTIFY_SOURCE) && \ - (defined(WC_PIE_RELOC_TABLES) || \ + (defined(WC_SYM_RELOC_TABLES) || \ (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0))) /* fortify-source causes all sorts of awkward problems for the PIE * build, up to and including stubborn external references and multiple @@ -272,16 +333,38 @@ #error WC_FORCE_LINUXKM_FORTIFY_SOURCE without CONFIG_FORTIFY_SOURCE. #endif - #if defined(__PIE__) && defined(CONFIG_ARM64) - #define alt_cb_patch_nops my__alt_cb_patch_nops + #if defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_ARM64) + /* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early + * to allow shimming in system headers. + */ + /* alt_cb_patch_nops added by d926079f17, release 6.1 */ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) + #define alt_cb_patch_nops my__alt_cb_patch_nops + #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ #define queued_spin_lock_slowpath my__queued_spin_lock_slowpath #endif + /* + * Disable ARM64 LSE atomics for out-of-tree modules. + * + * When CONFIG_ARM64_LSE_ATOMICS is enabled, the kernel uses static keys + * (jump labels) in system_uses_lse_atomics() to choose between LSE and + * LL/SC atomic implementations at runtime. These static keys generate + * asm goto statements that reference .jump_table section symbols which + * cannot be resolved in out-of-tree modules, causing: + * "error: impossible constraint in 'asm'" + * + * By undefining CONFIG_ARM64_LSE_ATOMICS here (before any kernel headers + * that use atomics are included), we force use of the LL/SC fallback path + * which works correctly in out-of-tree modules. + */ + #undef CONFIG_ARM64_LSE_ATOMICS + #include #include #if defined(CONFIG_FORTIFY_SOURCE) || defined(DEBUG_LINUXKM_FORTIFY_OVERLAY) - #ifdef __PIE__ + #ifdef WC_CONTAINERIZE_THIS /* the inline definitions in fortify-string.h use non-inline * fortify_panic(). */ @@ -412,9 +495,10 @@ #endif /* !CONFIG_FORTIFY_SOURCE */ - #ifndef __PIE__ + #ifndef WC_CONTAINERIZE_THIS #include #include + #include #include #endif @@ -426,7 +510,7 @@ * mm.h. however, mm.h brings in static, but not inline, pmd_to_page(), * with direct references to global vmem variables. */ - #ifdef __PIE__ + #ifdef WC_CONTAINERIZE_THIS #include #if USE_SPLIT_PMD_PTLOCKS static __always_inline struct page *pmd_to_page(pmd_t *pmd); @@ -435,13 +519,50 @@ #include #endif -#ifndef __PIE__ +#ifndef WC_CONTAINERIZE_THIS #include #include -#endif + #ifndef WOLFCRYPT_ONLY + #include + static inline int wc_linuxkm_inet_pton(int af, const char *src, void *dst) + { + int ret; + + if (!src || !dst) + return -EFAULT; + switch (af) { + case AF_INET: + ret = in4_pton(src, -1, (u8 *)dst, '\0', NULL); + return ret == 1 ? 1 : 0; + + case AF_INET6: + ret = in6_pton(src, -1, (u8 *)dst, '\0', NULL); + return ret == 1 ? 1 : 0; + + default: + return -EAFNOSUPPORT; + } + } + #define XINET_PTON(af, src, dst) wc_linuxkm_inet_pton(af, src, dst) + #endif /* !WOLFCRYPT_ONLY */ +#endif /* !WC_CONTAINERIZE_THIS */ + + #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) && \ + !defined(WC_LINUXKM_SUPPORT_DUMP_TO_FILE) + #define WC_LINUXKM_SUPPORT_DUMP_TO_FILE + #endif + + #ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE + #include + #include + #endif #include #include + #if __has_include() + /* for task_stack_page() */ + #include + #endif #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) /* for signal_pending() */ #include @@ -450,7 +571,7 @@ #endif #include - #if !defined(__PIE__) && defined(CONFIG_HAVE_KPROBES) + #if !defined(WC_CONTAINERIZE_THIS) && defined(CONFIG_HAVE_KPROBES) #include #endif @@ -472,18 +593,7 @@ #define WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS #endif - /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT needs to be here - * to assure that calls to get_random_bytes() in random.c are gated out - * (they would recurse, potentially infinitely). - */ - #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && \ - !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) && \ - !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG_DEFAULT)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) - #define LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT - #endif - - #ifndef __PIE__ + #ifndef WC_CONTAINERIZE_THIS #include #include #include @@ -513,7 +623,8 @@ } #endif #define WC_LKM_REFCOUNT_TO_INT(refcount) wc_lkm_refcount_to_int(&(refcount)) - #endif /* !__PIE__ */ + #endif /* !WC_CONTAINERIZE_THIS */ + #endif /* LINUXKM_LKCAPI_REGISTER */ /* benchmarks.c uses floating point math, so needs a working @@ -535,9 +646,16 @@ #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #include + #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 13, 0) + /* added by a62b01cd6c */ + #include + #endif #else #include - #include + #if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 10, 0) + /* added by 266d051601 */ + #include + #endif #endif #ifndef CAN_SAVE_VECTOR_REGISTERS #ifdef DEBUG_VECTOR_REGISTER_ACCESS_FUZZING @@ -712,6 +830,9 @@ struct Signer* GetCAByKeyHash(void* vp, const unsigned char* keyHash); #endif /* HAVE_OCSP */ #ifdef WOLFSSL_AKID_NAME + #ifdef WOLFSSL_API_PREFIX_MAP + #define GetCAByAKID wolfSSL_GetCAByAKID + #endif struct Signer* GetCAByAKID(void* vp, const unsigned char* issuer, unsigned int issuerSz, const unsigned char* serial, @@ -730,17 +851,11 @@ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ - #if defined(__PIE__) && !defined(WC_PIE_RELOC_TABLES) - #error "compiling -fPIE requires PIE relocation tables." + #if defined(WC_CONTAINERIZE_THIS) && !defined(WC_SYM_RELOC_TABLES) + #error "compiling -DWC_CONTAINERIZE_THIS requires relocation tables." #endif - #ifdef WC_PIE_RELOC_TABLES - - #ifndef WOLFSSL_TEXT_SEGMENT_CANONICALIZER - #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER(text_in, text_in_len, text_out, cur_index_p) \ - wc_linuxkm_normalize_relocations(text_in, text_in_len, text_out, cur_index_p) - #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ 8192 - #endif + #ifdef WC_SYM_RELOC_TABLES extern __attribute__((error("uncallable fencepost"))) int __wc_text_start(void); extern __attribute__((error("uncallable fencepost"))) int __wc_text_end(void); @@ -759,14 +874,19 @@ __wc_rwdata_end[], __wc_bss_start[], __wc_bss_end[]; - extern const unsigned int wc_linuxkm_pie_reloc_tab[]; - extern const unsigned long wc_linuxkm_pie_reloc_tab_length; + extern ssize_t wc_linuxkm_normalize_relocations( const u8 *text_in, size_t text_in_len, u8 *text_out, ssize_t *cur_index_p); + #ifndef WOLFSSL_TEXT_SEGMENT_CANONICALIZER + #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER(text_in, text_in_len, text_out, cur_index_p) \ + wc_linuxkm_normalize_relocations(text_in, text_in_len, text_out, cur_index_p) + #define WOLFSSL_TEXT_SEGMENT_CANONICALIZER_BUFSIZ 8192 + #endif + #ifdef CONFIG_MIPS #undef __ARCH_MEMCMP_NO_REDIRECT #undef memcmp @@ -774,7 +894,9 @@ #endif struct wolfssl_linuxkm_pie_redirect_table { + #ifdef HAVE_FIPS typeof(wc_linuxkm_normalize_relocations) *wc_linuxkm_normalize_relocations; + #endif #ifndef __ARCH_MEMCMP_NO_REDIRECT typeof(memcmp) *memcmp; @@ -881,7 +1003,9 @@ typeof(kfree) *kfree; typeof(ksize) *ksize; +#ifndef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT typeof(get_random_bytes) *get_random_bytes; +#endif #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) typeof(getnstimeofday) *getnstimeofday; #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) @@ -906,7 +1030,15 @@ #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */ - typeof(__mutex_init) *__mutex_init; + #ifndef CONFIG_PREEMPT_RT + typeof(__mutex_init) *__mutex_init; + #else + typeof(__rt_mutex_init) *__rt_mutex_init; + typeof(rt_mutex_base_init) *rt_mutex_base_init; + typeof(rt_spin_lock) *rt_spin_lock; + typeof(rt_spin_unlock) *rt_spin_unlock; + #endif + #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) typeof(mutex_lock_nested) *mutex_lock_nested; #else @@ -1008,25 +1140,29 @@ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ - #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES typeof(dump_stack) *dump_stack; - #endif #ifdef CONFIG_ARM64 - #ifdef __PIE__ + #ifndef CONFIG_ARCH_TEGRA + #ifdef WC_CONTAINERIZE_THIS /* alt_cb_patch_nops and queued_spin_lock_slowpath are defined early * to allow shimming in system headers, but now we need the native * ones. */ + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) #undef alt_cb_patch_nops typeof(my__alt_cb_patch_nops) *alt_cb_patch_nops; + #endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ #undef queued_spin_lock_slowpath typeof(my__queued_spin_lock_slowpath) *queued_spin_lock_slowpath; #else + #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) typeof(alt_cb_patch_nops) *alt_cb_patch_nops; + #endif typeof(queued_spin_lock_slowpath) *queued_spin_lock_slowpath; #endif #endif + #endif typeof(preempt_count) *preempt_count; #ifndef _raw_spin_lock_irqsave @@ -1048,6 +1184,11 @@ typeof(wc_linuxkm_check_for_intr_signals) *wc_linuxkm_check_for_intr_signals; typeof(wc_linuxkm_relax_long_loop) *wc_linuxkm_relax_long_loop; + #ifdef CONFIG_KASAN + typeof(kasan_disable_current) *kasan_disable_current; + typeof(kasan_enable_current) *kasan_enable_current; + #endif + const void *_last_slot; }; @@ -1088,10 +1229,12 @@ #error no WC_PIE_INDIRECT_SYM method defined. #endif - #ifdef __PIE__ + #ifdef WC_CONTAINERIZE_THIS - #define wc_linuxkm_normalize_relocations \ - WC_PIE_INDIRECT_SYM(wc_linuxkm_normalize_relocations) + #ifdef HAVE_FIPS + #define wc_linuxkm_normalize_relocations \ + WC_PIE_INDIRECT_SYM(wc_linuxkm_normalize_relocations) + #endif #ifndef __ARCH_MEMCMP_NO_REDIRECT #define memcmp WC_PIE_INDIRECT_SYM(memcmp) @@ -1203,7 +1346,9 @@ #endif #define ksize WC_PIE_INDIRECT_SYM(ksize) +#ifndef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT #define get_random_bytes WC_PIE_INDIRECT_SYM(get_random_bytes) +#endif #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #define getnstimeofday WC_PIE_INDIRECT_SYM(getnstimeofday) #elif LINUX_VERSION_CODE < KERNEL_VERSION(5, 0, 0) @@ -1225,7 +1370,17 @@ #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unimplemented architecture. #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */ - #define __mutex_init WC_PIE_INDIRECT_SYM(__mutex_init) + #ifndef CONFIG_PREEMPT_RT + #define __mutex_init WC_PIE_INDIRECT_SYM(__mutex_init) + #else + /* On RT kernels, __mutex_init is a macro pointing to __rt_mutex_init */ + #undef __mutex_init + #define __rt_mutex_init WC_PIE_INDIRECT_SYM(__rt_mutex_init) + #define __mutex_init(mutex, name, key) __rt_mutex_init(mutex, name, key) + #define rt_mutex_base_init WC_PIE_INDIRECT_SYM(rt_mutex_base_init) + #define rt_spin_lock WC_PIE_INDIRECT_SYM(rt_spin_lock) + #define rt_spin_unlock WC_PIE_INDIRECT_SYM(rt_spin_unlock) + #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) #define mutex_lock_nested WC_PIE_INDIRECT_SYM(mutex_lock_nested) #else @@ -1237,8 +1392,8 @@ #endif /* per linux/ctype.h, tolower() and toupper() are macros bound to static inlines - * that use macros that bring in the _ctype global. for __PIE__, this needs to - * be masked out. + * that use macros that bring in the _ctype global. for WC_CONTAINERIZE_THIS, + * this needs to be masked out. */ #undef tolower #undef toupper @@ -1254,7 +1409,11 @@ #endif /* HAVE_OCSP */ #endif /* NO_SKID */ #ifdef WOLFSSL_AKID_NAME - #define GetCAByAKID WC_PIE_INDIRECT_SYM(GetCAByAKID) + #ifdef WOLFSSL_API_PREFIX_MAP + #define wolfSSL_GetCAByAKID WC_PIE_INDIRECT_SYM(wolfSSL_GetCAByAKID) + #else + #define GetCAByAKID WC_PIE_INDIRECT_SYM(GetCAByAKID) + #endif #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -1265,9 +1424,7 @@ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ - #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES #define dump_stack WC_PIE_INDIRECT_SYM(dump_stack) - #endif #undef preempt_count /* just in case -- not a macro on x86. */ #define preempt_count WC_PIE_INDIRECT_SYM(preempt_count) @@ -1288,17 +1445,173 @@ /* this is defined in linux/spinlock.h as an inline that calls the unshimmed * raw_spin_unlock_irqrestore(). use a macro here to supersede it. + * Note: On PREEMPT_RT kernels, spinlock_t doesn't have rlock member, + * so we skip this redefinition and use the kernel's native implementation. */ - #define spin_unlock_irqrestore(lock, flags) raw_spin_unlock_irqrestore(&((lock)->rlock), flags) + #ifndef CONFIG_PREEMPT_RT + #define spin_unlock_irqrestore(lock, flags) raw_spin_unlock_irqrestore(&((lock)->rlock), flags) + #else + /* Undo internal wolfSSL PIE macro rewriting */ + #ifdef rt_spin_unlock + #undef rt_spin_unlock + #endif + #ifdef rt_spin_lock + #undef rt_spin_lock + #endif + static inline int wolfssl_spin_unlock_irqrestore_rt(spinlock_t *lock, + unsigned long flags) + { + (void)flags; /* rt_spin_unlock ignores flags */ + WC_PIE_INDIRECT_SYM(rt_spin_unlock)(lock); + return 0; + } + + #undef spin_unlock_irqrestore + #define spin_unlock_irqrestore(lock, flags) \ + wolfssl_spin_unlock_irqrestore_rt((lock), (flags)) + #endif #define wc_linuxkm_sig_ignore_begin WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_begin); #define wc_linuxkm_sig_ignore_end WC_PIE_INDIRECT_SYM(wc_linuxkm_sig_ignore_end); #define wc_linuxkm_check_for_intr_signals WC_PIE_INDIRECT_SYM(wc_linuxkm_check_for_intr_signals) #define wc_linuxkm_relax_long_loop WC_PIE_INDIRECT_SYM(wc_linuxkm_relax_long_loop) - #endif /* __PIE__ */ + #ifdef CONFIG_KASAN + #define kasan_disable_current WC_PIE_INDIRECT_SYM(kasan_disable_current) + #define kasan_enable_current WC_PIE_INDIRECT_SYM(kasan_enable_current) + #endif + + #endif /* WC_CONTAINERIZE_THIS */ + + #endif /* WC_SYM_RELOC_TABLES */ + +#if defined(WOLFSSL_KERNEL_STACK_DEBUG) || defined(WC_LINUXKM_STACK_DEBUG) + + #ifndef CONFIG_THREAD_INFO_IN_TASK + #error WC_LINUXKM_STACK_DEBUG requires CONFIG_THREAD_INFO_IN_TASK + #endif + #ifdef CONFIG_STACK_GROWSUP + #error WC_LINUXKM_STACK_DEBUG requires !CONFIG_STACK_GROWSUP + #endif - #endif /* WC_PIE_RELOC_TABLES */ + static __always_inline unsigned long wc_linuxkm_stack_bottom(void) { + void *ret = task_stack_page(get_current()); + return (unsigned long)(uintptr_t)ret; + } + + static __always_inline unsigned long wc_linuxkm_stack_top(void) { + return wc_linuxkm_stack_bottom() + THREAD_SIZE; + } + + #if defined(CONFIG_X86) + + static __always_inline unsigned long wc_linuxkm_stack_current(void) { + unsigned long rsp; + + asm volatile("mov %%rsp, %0" : "=r" (rsp)); + return wc_linuxkm_stack_top() - rsp; + } + + static __always_inline unsigned long wc_linuxkm_stack_left(void) { + unsigned long rsp; + asm volatile("mov %%rsp, %0" : "=r" (rsp)); + return rsp - wc_linuxkm_stack_bottom(); + } + + #define WC_LINUXKM_HAVE_STACK_DEBUG + + #elif defined(CONFIG_ARM64) + + static __always_inline unsigned long wc_linuxkm_stack_current(void) { + unsigned long sp; + asm volatile("mov %0, sp" : "=r" (sp)); + return wc_linuxkm_stack_top() - sp; + } + + static __always_inline unsigned long wc_linuxkm_stack_left(void) { + unsigned long sp; + asm volatile("mov %0, sp" : "=r" (sp)); + return sp - wc_linuxkm_stack_bottom(); + } + + #define WC_LINUXKM_HAVE_STACK_DEBUG + + #elif defined(CONFIG_ARM) + + static __always_inline unsigned long wc_linuxkm_stack_current(void) { + unsigned long sp; + asm volatile("mov %0, sp" : "=r" (sp)); + return wc_linuxkm_stack_top() - sp; + } + + static __always_inline unsigned long wc_linuxkm_stack_left(void) { + unsigned long sp; + asm volatile("mov %0, sp" : "=r" (sp)); + return sp - wc_linuxkm_stack_bottom(); + } + + #define WC_LINUXKM_HAVE_STACK_DEBUG + + #endif /* CONFIG_ARM */ + + #ifndef WC_LINUXKM_HAVE_STACK_DEBUG + #error WC_LINUXKM_STACK_DEBUG implementation missing for target. + #endif + + /* An unsigned long STACK_END_MAGIC is stored at the bottom of the stack. + * Additionally, though the kernel stack doesn't have a red zone, it + * nonetheless uses some bytes below the current stack pointer and mayhem + * ensues immediately if it's overwritten. + */ + #ifndef WC_KERNEL_STACK_MARGIN_BOTTOM + #define WC_KERNEL_STACK_MARGIN_BOTTOM sizeof(unsigned long) + #endif + #ifndef WC_KERNEL_STACK_MARGIN_TOP + #define WC_KERNEL_STACK_MARGIN_TOP 8 + #endif + + static __always_inline void wc_linuxkm_stack_hwm_prepare(unsigned char sentinel) { + unsigned long s = wc_linuxkm_stack_bottom(); + unsigned long z; + unsigned long flags; + + if (*(unsigned long *)s != STACK_END_MAGIC) + pr_err("ERROR: bottom of stack is not STACK_END_MAGIC.\n"); + + local_irq_save(flags); + kasan_disable_current(); + z = wc_linuxkm_stack_left(); + if (z > WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) + memset((void *)(s + WC_KERNEL_STACK_MARGIN_BOTTOM), sentinel, + z - (WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP)); + kasan_enable_current(); + local_irq_restore(flags); + if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) + pr_err("ERROR: wc_linuxkm_stack_hwm_prepare() called with only %lu bytes of stack left, " + "versus margin %zu.\n", z, WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP); + } + static __always_inline unsigned long wc_linuxkm_stack_hwm_measure_rel(unsigned char sentinel) { + unsigned long s = wc_linuxkm_stack_bottom(); + unsigned long z = wc_linuxkm_stack_left(); + unsigned char *i; + if (z <= WC_KERNEL_STACK_MARGIN_BOTTOM + WC_KERNEL_STACK_MARGIN_TOP) + return (unsigned long)-1; + kasan_disable_current(); + for (i = (unsigned char *)s + WC_KERNEL_STACK_MARGIN_BOTTOM; + i < ((unsigned char *)s + z) && (*i == sentinel); + ++i); + kasan_enable_current(); + return z - ((unsigned long)i - s); + } + static __always_inline unsigned long wc_linuxkm_stack_hwm_measure_total(unsigned char sentinel) { + unsigned long rel = wc_linuxkm_stack_hwm_measure_rel(sentinel); + if (rel == (unsigned long)-1) + return rel; + else + return rel + wc_linuxkm_stack_current(); + } + +#endif /* WC_LINUXKM_STACK_DEBUG */ /* remove this multifariously conflicting macro, picked up from * Linux arch//include/asm/current.h. @@ -1444,7 +1757,12 @@ static __always_inline int wc_InitMutex(wolfSSL_Mutex* m) { + /* Tegra vendor kernels do not support assignment of __SPIN_LOCK_UNLOCKED() */ + # ifndef CONFIG_ARCH_TEGRA m->lock = __SPIN_LOCK_UNLOCKED(m); + # else + spin_lock_init(&m->lock); + #endif m->irq_flags = 0; return 0; @@ -1456,8 +1774,8 @@ return 0; } - #ifdef __PIE__ - /* wc_lkm_LockMutex() can't be used inline in __PIE__ objects, due to + #ifdef WC_CONTAINERIZE_THIS + /* wc_lkm_LockMutex() can't be used inline in WC_CONTAINERIZE_THIS objects, due to * direct access to pv_ops. */ static __must_check __always_inline int wc_LockMutex(wolfSSL_Mutex *m) @@ -1465,14 +1783,14 @@ return WC_PIE_INDIRECT_SYM(wc_lkm_LockMutex)(m); } - #else /* !__PIE__ */ + #else /* !WC_CONTAINERIZE_THIS */ static __must_check __always_inline int wc_LockMutex(wolfSSL_Mutex *m) { return wc_lkm_LockMutex(m); } - #endif /* !__PIE__ */ + #endif /* !WC_CONTAINERIZE_THIS */ static __always_inline int wc_UnLockMutex(wolfSSL_Mutex* m) { @@ -1482,6 +1800,11 @@ #endif + #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT + struct crypto_rng; + WOLFSSL_API int wc_linux_kernel_rng_is_wolfcrypt(struct crypto_rng *rng); + #endif + /* Undo copied defines from wc_port.h, to avoid redefinition warnings. */ #ifdef HAVE_FIPS #undef wc_InitMutex @@ -1567,8 +1890,10 @@ * them to be evaluable by the preprocessor, for use in sp_int.h. */ #if BITS_PER_LONG == 64 + /* NOLINTBEGIN(bugprone-sizeof-expression) */ static_assert(sizeof(ULONG_MAX) == 8, "BITS_PER_LONG is 64, but ULONG_MAX is not."); + /* NOLINTEND(bugprone-sizeof-expression) */ #undef UCHAR_MAX #define UCHAR_MAX 255 @@ -1621,4 +1946,13 @@ #error unexpected BITS_PER_LONG value. #endif +/* WC_DUMP_BACKTRACE_NONDEBUG is intended to dump a backtrace only if it hasn't + * already been dumped by the called function. + */ +#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && defined(WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES) + #define WC_DUMP_BACKTRACE_NONDEBUG WC_DO_NOTHING +#else + #define WC_DUMP_BACKTRACE_NONDEBUG dump_stack() +#endif + #endif /* LINUXKM_WC_PORT_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_aes_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_aes_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_aes_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_aes_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lkcapi_aes_glue.c -- glue logic for AES modes * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -121,7 +121,8 @@ #define LINUXKM_LKCAPI_REGISTER_AESCBC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CBC) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCBC) #error Config conflict: target kernel has CONFIG_CRYPTO_CBC, but module is missing HAVE_AES_CBC. #endif #undef LINUXKM_LKCAPI_REGISTER_AESCBC @@ -151,7 +152,8 @@ #define LINUXKM_LKCAPI_REGISTER_AESGCM_RFC4106 #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_GCM) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESGCM) #error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing HAVE_AESGCM. #endif #undef LINUXKM_LKCAPI_REGISTER_AESGCM @@ -166,8 +168,9 @@ #define LINUXKM_LKCAPI_REGISTER_AESXTS #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS) - #error Config conflict: target kernel has CONFIG_CRYPTO_GCM, but module is missing WOLFSSL_AES_XTS. + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_XTS) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESXTS) + #error Config conflict: target kernel has CONFIG_CRYPTO_XTS, but module is missing WOLFSSL_AES_XTS. #endif #undef LINUXKM_LKCAPI_REGISTER_AESXTS #endif @@ -180,7 +183,8 @@ #define LINUXKM_LKCAPI_REGISTER_AESCTR #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_CTR) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESCTR) #error Config conflict: target kernel has CONFIG_CRYPTO_CTR, but module is missing WOLFSSL_AES_COUNTER. #endif #undef LINUXKM_LKCAPI_REGISTER_AESCTR @@ -204,7 +208,8 @@ #define LINUXKM_LKCAPI_REGISTER_AESECB #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECB) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_AESECB) #error Config conflict: target kernel has CONFIG_CRYPTO_ECB, but module is missing HAVE_AES_ECB. #endif #undef LINUXKM_LKCAPI_REGISTER_AESECB @@ -291,7 +296,7 @@ if (! ctx->aes_encrypt) { pr_err("%s: allocation of %zu bytes for encryption key failed.\n", name, sizeof(*ctx->aes_encrypt)); - err = -MEMORY_E; + err = -ENOMEM; goto out; } @@ -314,7 +319,7 @@ if (! ctx->aes_decrypt) { pr_err("%s: allocation of %zu bytes for decryption key failed.\n", name, sizeof(*ctx->aes_decrypt)); - err = -MEMORY_E; + err = -ENOMEM; goto out; } @@ -336,7 +341,7 @@ if (! ctx->aes_encrypt_C) { pr_err("%s: allocation of %zu bytes for encryption key failed.\n", name, sizeof(*ctx->aes_encrypt_C)); - err = -MEMORY_E; + err = -ENOMEM; goto out; } @@ -485,8 +490,8 @@ err = wc_AesSetKey(ctx->aes_encrypt, in_key, key_len, NULL, AES_ENCRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) + pr_err("%s: wc_AesSetKey for encryption key (len %u) failed: %d\n", name, key_len, err); return -EINVAL; } @@ -495,9 +500,9 @@ AES_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", - name, err); + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) + pr_err("%s: wc_AesSetKey for decryption key (len %u) failed: %d\n", + name, key_len, err); return -EINVAL; } } @@ -510,7 +515,7 @@ err = wc_AesSetKey(ctx->aes_encrypt_C, in_key, key_len, NULL, AES_ENCRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesSetKey for encryption key failed: %d\n", name, err); return -EINVAL; } @@ -527,7 +532,7 @@ AES_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesSetKey for decryption key failed: %d\n", name, err); return -EINVAL; @@ -661,7 +666,7 @@ if (unlikely(err)) { if (! disable_setkey_warnings) - pr_err("%s: wc_AesSetKey failed: %d\n", + pr_err("%s: wc_AesSetIV failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); err = -EINVAL; goto out; @@ -924,7 +929,7 @@ err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -937,7 +942,7 @@ err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -972,7 +977,7 @@ err = wc_AesGcmSetKey(ctx->aes_encrypt, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -985,7 +990,7 @@ err = wc_AesGcmSetKey(ctx->aes_encrypt_C, in_key, key_len); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesGcmSetKey failed: %d\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), err); return -EINVAL; @@ -1143,12 +1148,11 @@ assoc = scatterwalk_map(&assocSgWalk); #endif if (unlikely(IS_ERR(assoc))) { + err = (int)PTR_ERR(assoc); pr_err("%s: scatterwalk_map failed: %ld\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), PTR_ERR(assoc)); -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 15, 0) - scatterwalk_unmap(&assocSgWalk); -#endif + assoc = NULL; goto out; } } @@ -1350,12 +1354,11 @@ in_map = scatterwalk_map(&in_walk); #endif if (unlikely(IS_ERR(in_map))) { + err = (int)PTR_ERR(in_map); pr_err("%s: scatterwalk_map failed: %ld\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), - PTR_ERR(assoc)); -#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 15, 0) + PTR_ERR(in_map)); in_map = NULL; -#endif goto out; } assoc = in_map; @@ -1369,12 +1372,11 @@ out_map = scatterwalk_map(&out_walk); #endif if (unlikely(IS_ERR(out_map))) { + err = (int)PTR_ERR(out_map); pr_err("%s: scatterwalk_map failed: %ld\n", crypto_tfm_alg_driver_name(crypto_aead_tfm(tfm)), - PTR_ERR(assoc)); -#if LINUX_VERSION_CODE < KERNEL_VERSION(6, 15, 0) + PTR_ERR(out_map)); out_map = NULL; -#endif goto out; } out_text = out_map + req->assoclen; @@ -1572,7 +1574,7 @@ ctx->aesXts = (XtsAes *)malloc(sizeof(*ctx->aesXts)); if (! ctx->aesXts) - return -MEMORY_E; + return -ENOMEM; err = wc_AesXtsInit(ctx->aesXts, NULL, INVALID_DEVID); @@ -1610,7 +1612,7 @@ AES_ENCRYPTION_AND_DECRYPTION); if (unlikely(err)) { - if (! disable_setkey_warnings) + if ((! disable_setkey_warnings) && ((key_len == 16) || (key_len == 24) || (key_len == 32))) pr_err("%s: wc_AesXtsSetKeyNoInit failed: %d\n", crypto_tfm_alg_driver_name(crypto_skcipher_tfm(tfm)), err); return -EINVAL; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_dh_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_dh_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_dh_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_dh_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* lkcapi_dh_glue.c -- glue logic to register dh and ffdhe wolfCrypt * implementations with the Linux Kernel Cryptosystem * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,7 +58,10 @@ #undef LINUXKM_LKCAPI_REGISTER_DH #endif -#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0) +#if (LINUX_VERSION_CODE < KERNEL_VERSION(5, 18, 0)) && \ + !(defined(RHEL_MAJOR) && \ + ((RHEL_MAJOR > 9) || ((RHEL_MAJOR == 9) && (RHEL_MINOR >= 5)))) + /* Support for FFDHE was added in kernel 5.18, and generic DH support * pre-5.18 used a different binary format for the secret (an additional * slot for q). @@ -73,7 +76,8 @@ #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ (defined(CONFIG_CRYPTO_DH) || defined(CONFIG_CRYPTO_DH_RFC7919_GROUPS)) && \ - !defined(LINUXKM_LKCAPI_REGISTER_DH) + !defined(LINUXKM_LKCAPI_REGISTER_DH) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_DH) #error Config conflict: target kernel has CONFIG_CRYPTO_DH and/or \ _DH_RFC7919_GROUPS, but module is missing LINUXKM_LKCAPI_REGISTER_DH. #endif @@ -745,7 +749,7 @@ ctx->name = name; ctx->nbits = nbits; - err = wc_InitRng(&ctx->rng); + err = LKCAPI_INITRNG(&ctx->rng); if (err) { #ifdef WOLFKM_DEBUG_DH pr_err("%s: init rng returned: %d\n", WOLFKM_DH_DRIVER, err); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdh_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdh_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdh_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdh_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* lkcapi_ecdh_glue.c -- glue logic to register ecdh wolfCrypt * implementations with the Linux Kernel Cryptosystem * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,7 +43,8 @@ /* currently incompatible with kernel 5.12 or earlier. */ #undef LINUXKM_LKCAPI_REGISTER_ECDH - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDH) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH) #error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDH. #endif #endif @@ -51,6 +52,7 @@ #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ defined(CONFIG_CRYPTO_ECDH) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDH) && \ !defined(LINUXKM_LKCAPI_REGISTER_ECDH) #error Config conflict: target kernel has CONFIG_CRYPTO_ECDH, but module is missing LINUXKM_LKCAPI_REGISTER_ECDH. #endif @@ -385,7 +387,7 @@ ctx->curve_len = (word32) ret; } - ret = wc_InitRng(&ctx->rng); + ret = LKCAPI_INITRNG(&ctx->rng); if (ret) { #ifdef WOLFKM_DEBUG_ECDH pr_err("%s: init rng returned: %d\n", WOLFKM_ECDH_DRIVER, ret); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdsa_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdsa_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdsa_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_ecdsa_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* lkcapi_ecdsa_glue.c -- glue logic to register ECDSA wolfCrypt * implementations with the Linux Kernel Cryptosystem * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,13 +64,15 @@ #undef LINUXKM_LKCAPI_REGISTER_ECDSA #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */ - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_ECDSA) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA) #error Config conflict: missing implementation forces off LINUXKM_LKCAPI_REGISTER_ECDSA. #endif #endif #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ defined(CONFIG_CRYPTO_ECDSA) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_ECDSA) && \ !defined(LINUXKM_LKCAPI_REGISTER_ECDSA) #error Config conflict: target kernel has CONFIG_CRYPTO_ECDSA, but module is missing LINUXKM_LKCAPI_REGISTER_ECDSA. #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* lkcapi_glue.c -- glue logic to register wolfCrypt implementations with * the Linux Kernel Cryptosystem * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -212,8 +212,13 @@ #endif } +static wolfSSL_Atomic_Int linuxkm_lkcapi_registering_now = WOLFSSL_ATOMIC_INITIALIZER(0); + #include "lkcapi_aes_glue.c" -#include "lkcapi_sha_glue.c" +#include "lkcapi_sha_glue.c" /* must be included before the PK glue, to make the + * crypto_default_rng usable therein when + * LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT. + */ #include "lkcapi_ecdsa_glue.c" #include "lkcapi_ecdh_glue.c" #include "lkcapi_rsa_glue.c" @@ -311,7 +316,6 @@ return 0; } -static wolfSSL_Atomic_Int linuxkm_lkcapi_registering_now = WOLFSSL_ATOMIC_INITIALIZER(0); static int linuxkm_lkcapi_registered = 0; static int linuxkm_lkcapi_n_registered = 0; @@ -375,7 +379,7 @@ "with return code %d.\n", \ (alg).base.cra_driver_name, ret); \ (crypto_unregister_ ## alg_class)(&(alg)); \ - if (! (alg.base.cra_flags & CRYPTO_ALG_DEAD)) { \ + if (! ((alg).base.cra_flags & CRYPTO_ALG_DEAD)) { \ pr_err("ERROR: alg %s not _DEAD " \ "after crypto_unregister_%s -- " \ "marking as loaded despite test failure.", \ @@ -475,6 +479,9 @@ REGISTER_ALG(ecbAesAlg, skcipher, linuxkm_test_aesecb); #endif +/* SHA algs must be registered before PK algs, to make the crypto_default_rng + * available beforehand when LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT. + */ #ifdef LINUXKM_LKCAPI_REGISTER_SHA1_HMAC REGISTER_ALG(sha1_hmac_alg, shash, linuxkm_test_sha1_hmac); #endif @@ -780,18 +787,18 @@ #define UNREGISTER_ALG(alg, alg_class) \ do { \ if (alg ## _loaded) { \ - if (alg.base.cra_flags & CRYPTO_ALG_DEAD) { \ + if ((alg).base.cra_flags & CRYPTO_ALG_DEAD) { \ pr_err("alg %s already CRYPTO_ALG_DEAD.", \ - alg.base.cra_driver_name); \ + (alg).base.cra_driver_name); \ alg ## _loaded = 0; \ ++n_deregistered; \ } \ else { \ int cur_refcnt = \ - WC_LKM_REFCOUNT_TO_INT(alg.base.cra_refcnt); \ + WC_LKM_REFCOUNT_TO_INT((alg).base.cra_refcnt); \ if (cur_refcnt == 1) { \ (crypto_unregister_ ## alg_class)(&(alg)); \ - if (! (alg.base.cra_flags & CRYPTO_ALG_DEAD)) { \ + if (! ((alg).base.cra_flags & CRYPTO_ALG_DEAD)) { \ pr_err("ERROR: alg %s not _DEAD after " \ "crypto_unregister_%s -- " \ "leaving marked as loaded.", \ @@ -805,7 +812,7 @@ } \ else { \ pr_err("alg %s cannot be uninstalled (refcnt = %d)", \ - alg.base.cra_driver_name, cur_refcnt); \ + (alg).base.cra_driver_name, cur_refcnt); \ if (cur_refcnt > 0) { seen_err = -EBUSY; } \ } \ } \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_rsa_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_rsa_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_rsa_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_rsa_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* lkcapi_rsa_glue.c -- glue logic to register RSA wolfCrypt implementations * with the Linux Kernel Cryptosystem * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,10 @@ #error lkcapi_rsa_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif +#ifndef RHEL_RELEASE_VERSION + #define RHEL_RELEASE_VERSION(a, b) (((a) << 8) + (b)) +#endif + #if !defined(NO_RSA) #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \ (defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_RSA))) && \ @@ -63,7 +67,8 @@ #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && \ defined(CONFIG_CRYPTO_RSA) && \ - !defined(LINUXKM_LKCAPI_REGISTER_RSA) + !defined(LINUXKM_LKCAPI_REGISTER_RSA) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA) #error Config conflict: target kernel has CONFIG_CRYPTO_RSA, but module is missing LINUXKM_LKCAPI_REGISTER_RSA. #endif @@ -71,7 +76,7 @@ #if defined(WOLFSSL_RSA_VERIFY_ONLY) || \ defined(WOLFSSL_RSA_PUBLIC_ONLY) - #error LINUXKM_LKCAPI_REGISTER_RSA and RSA_VERIFY_ONLY not supported + #error LINUXKM_LKCAPI_REGISTER_RSA with RSA_VERIFY_ONLY/WOLFSSL_RSA_PUBLIC_ONLY not supported #endif /* WOLFSSL_RSA_VERIFY_ONLY || WOLFSSL_RSA_PUBLIC_ONLY */ #ifdef WC_RSA_NO_PADDING @@ -556,16 +561,6 @@ goto out; } - ret = wc_InitRng(&ctx->rng); - if (ret) { - pr_err("%s: init rng returned: %d\n", WOLFKM_RSA_DRIVER, ret); - if (ret == WC_NO_ERR_TRACE(MEMORY_E)) - ret = -ENOMEM; - else - ret = -EINVAL; - goto out; - } - ret = wc_InitRsaKey(ctx->key, NULL); if (ret) { pr_err("%s: init rsa key returned: %d\n", WOLFKM_RSA_DRIVER, ret); @@ -573,13 +568,12 @@ goto out; } - #ifdef WC_RSA_BLINDING + /* Note the initialization of ctx->rng is deferred unless/until needed. */ ret = wc_RsaSetRNG(ctx->key, &ctx->rng); if (ret) { ret = -EINVAL; goto out; } - #endif /* WC_RSA_BLINDING */ ctx->hash_oid = hash_oid; @@ -637,6 +631,30 @@ return ret; } +static inline int km_rsa_ctx_init_rng(struct km_rsa_ctx * ctx) { + switch (ctx->rng.status) { + case WC_DRBG_OK: +#ifdef WC_RNG_BANK_SUPPORT + case WC_DRBG_BANKREF: +#endif + return 0; + case WC_DRBG_NOT_INIT: + { + int err = LKCAPI_INITRNG(&ctx->rng); + if (err) { + pr_err("%s: init rng returned: %d\n", WOLFKM_RSA_DRIVER, err); + if (err == WC_NO_ERR_TRACE(MEMORY_E)) + return -ENOMEM; + else + return -EINVAL; + } + return 0; + } + default: + return -EINVAL; + } +} + #if defined(LINUXKM_DIRECT_RSA) /* * RSA encrypt with public key. @@ -703,8 +721,15 @@ scatterwalk_map_and_copy(dec, req->src, 0, req->src_len, 0); /* note: matching behavior of kernel rsa-generic. */ + + /* note, currently WOLF_CRYPTO_CB is not supported for linuxkm, and the rng + * are to wc_RsaFunction() is not actually used for low level (no-pad) + * public key ops in the native implementation (it is a pure function of its + * input args). + */ + err = wc_RsaFunction(dec, req->src_len, enc, &out_len, - RSA_PUBLIC_ENCRYPT, ctx->key, &ctx->rng); + RSA_PUBLIC_ENCRYPT, ctx->key, NULL /* rng */); if (unlikely(err || (out_len != ctx->key_len))) { #ifdef WOLFKM_DEBUG_RSA @@ -788,6 +813,10 @@ memset(dec, 0, req->dst_len); scatterwalk_map_and_copy(enc, req->src, 0, req->src_len, 0); + err = km_rsa_ctx_init_rng(ctx); + if (err) + goto rsa_dec_out; + err = wc_RsaDirect(enc, ctx->key_len, dec, &out_len, ctx->key, RSA_PRIVATE_DECRYPT, &ctx->rng); @@ -847,12 +876,11 @@ return -ENOMEM; } - #ifdef WC_RSA_BLINDING + /* Note the initialization of ctx->rng is deferred unless/until needed. */ err = wc_RsaSetRNG(ctx->key, &ctx->rng); if (unlikely(err)) { return -ENOMEM; } - #endif /* WC_RSA_BLINDING */ } err = wc_RsaPrivateKeyDecode(key, &idx, ctx->key, keylen); @@ -906,6 +934,12 @@ if (unlikely(err)) { return -ENOMEM; } + + /* Note the initialization of ctx->rng is deferred unless/until needed. */ + err = wc_RsaSetRNG(ctx->key, &ctx->rng); + if (unlikely(err)) { + return -ENOMEM; + } } err = wc_RsaPublicKeyDecode(key, &idx, ctx->key, keylen); @@ -1113,6 +1147,10 @@ goto pkcs1pad_sign_out; } + err = km_rsa_ctx_init_rng(ctx); + if (err) + goto pkcs1pad_sign_out; + /* sign encoded message. */ sig_len = wc_RsaSSL_Sign(msg, enc_len, sig, ctx->key_len, ctx->key, &ctx->rng); @@ -1354,6 +1392,10 @@ goto pkcs1_sign_out; } + err = km_rsa_ctx_init_rng(ctx); + if (err) + goto pkcs1_sign_out; + /* sign encoded message. */ sig_len = wc_RsaSSL_Sign(msg, enc_msg_len, sig, ctx->key_len, ctx->key, &ctx->rng); @@ -1521,12 +1563,11 @@ return -ENOMEM; } - #ifdef WC_RSA_BLINDING + /* Note the initialization of ctx->rng is deferred unless/until needed. */ err = wc_RsaSetRNG(ctx->key, &ctx->rng); if (unlikely(err)) { return -ENOMEM; } - #endif /* WC_RSA_BLINDING */ } err = wc_RsaPrivateKeyDecode(key, &idx, ctx->key, keylen); @@ -1666,6 +1707,10 @@ memset(enc, 0, req->dst_len); scatterwalk_map_and_copy(dec, req->src, 0, req->src_len, 0); + err = km_rsa_ctx_init_rng(ctx); + if (err) + goto pkcs1_enc_out; + err = wc_RsaPublicEncrypt(dec, req->src_len, enc, ctx->key_len, ctx->key, &ctx->rng); @@ -1740,6 +1785,12 @@ memset(dec, 0, req->dst_len); scatterwalk_map_and_copy(enc, req->src, 0, req->src_len, 0); +#ifdef WC_RSA_BLINDING + err = km_rsa_ctx_init_rng(ctx); + if (err) + goto pkcs1_dec_out; +#endif + dec_len = wc_RsaPrivateDecrypt(enc, ctx->key_len, dec, req->dst_len, ctx->key); @@ -2053,7 +2104,8 @@ memset(&rng, 0, sizeof(rng)); memset(key, 0, sizeof(RsaKey)); - ret = wc_InitRng(&rng); + ret = LKCAPI_INITRNG(&rng); + if (ret) { pr_err("error: init rng returned: %d\n", ret); goto test_rsa_end; @@ -2067,13 +2119,11 @@ } init_key = 1; - #ifdef WC_RSA_BLINDING ret = wc_RsaSetRNG(key, &rng); if (ret) { pr_err("error: rsa set rng returned: %d\n", ret); goto test_rsa_end; } - #endif /* WC_RSA_BLINDING */ #ifdef HAVE_FIPS for (;;) { @@ -2300,6 +2350,14 @@ memset(dec, 0, key_len); ret = crypto_akcipher_decrypt(req); + #if defined(RHEL_RELEASE_CODE) && \ + (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6)) + if (ret == -ENOSYS) { + pr_info("info: ignoring failure from crypto_akcipher_decrypt (disabled by RHEL policy)\n"); + test_rc = 0; + goto test_rsa_end; + } + #endif if (ret) { pr_err("error: crypto_akcipher_decrypt returned: %d\n", ret); goto test_rsa_end; @@ -2424,7 +2482,7 @@ memset(&rng, 0, sizeof(rng)); memset(key, 0, sizeof(RsaKey)); - ret = wc_InitRng(&rng); + ret = LKCAPI_INITRNG(&rng); if (ret) { pr_err("error: init rng returned: %d\n", ret); goto test_pkcs1_end; @@ -2439,14 +2497,12 @@ } init_key = 1; - #ifdef WC_RSA_BLINDING ret = wc_RsaSetRNG(key, &rng); if (ret) { pr_err("error: rsa set rng returned: %d\n", ret); test_rc = ret; goto test_pkcs1_end; } - #endif /* WC_RSA_BLINDING */ #ifdef HAVE_FIPS for (;;) { @@ -2676,6 +2732,14 @@ akcipher_request_set_crypt(req, &src, &dst, hash_len, key_len); ret = crypto_akcipher_sign(req); + #if defined(RHEL_RELEASE_CODE) && \ + (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6)) + if (ret == -ENOSYS) { + pr_info("info: ignoring failure from crypto_akcipher_sign (disabled by RHEL policy)\n"); + test_rc = 0; + goto test_pkcs1_end; + } + #endif if (ret) { pr_err("error: crypto_akcipher_sign returned: %d\n", ret); test_rc = BAD_FUNC_ARG; @@ -2802,6 +2866,14 @@ } ret = crypto_akcipher_decrypt(req); + #if defined(RHEL_RELEASE_CODE) && \ + (RHEL_RELEASE_CODE >= RHEL_RELEASE_VERSION(9, 6)) + if (ret == -ENOSYS) { + pr_info("info: ignoring failure from crypto_akcipher_decrypt (disabled by RHEL policy)\n"); + test_rc = 0; + goto test_pkcs1_end; + } + #endif if (ret) { pr_err("error: crypto_akcipher_decrypt returned: %d\n", ret); test_rc = BAD_FUNC_ARG; @@ -2863,7 +2935,9 @@ pr_info("info: %s, %d, %d: self test returned: %d\n", driver, nbits, key_len, ret); } - #endif /* WOLFKM_DEBUG_RSA */ + #else /* !WOLFKM_DEBUG_RSA */ + (void)skipped; + #endif /* !WOLFKM_DEBUG_RSA */ return test_rc; } @@ -2934,7 +3008,7 @@ memset(&rng, 0, sizeof(rng)); memset(key, 0, sizeof(RsaKey)); - ret = wc_InitRng(&rng); + ret = LKCAPI_INITRNG(&rng); if (ret) { pr_err("error: init rng returned: %d\n", ret); goto test_pkcs1_end; @@ -2949,14 +3023,12 @@ } init_key = 1; - #ifdef WC_RSA_BLINDING ret = wc_RsaSetRNG(key, &rng); if (ret) { pr_err("error: rsa set rng returned: %d\n", ret); test_rc = ret; goto test_pkcs1_end; } - #endif /* WC_RSA_BLINDING */ #ifdef HAVE_FIPS for (;;) { @@ -3222,7 +3294,9 @@ pr_info("info: %s, %d, %d: self test returned: %d\n", driver, nbits, key_len, ret); } - #endif /* WOLFKM_DEBUG_RSA */ + #else /* !WOLFKM_DEBUG_RSA */ + (void)skipped; + #endif /* !WOLFKM_DEBUG_RSA */ return test_rc; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_sha_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_sha_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/lkcapi_sha_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/lkcapi_sha_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lkcapi_sha_glue.c -- glue logic for SHA* * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,22 @@ #error SHA* WC_LINUXKM_C_FALLBACK_IN_SHIMS is not currently supported. #endif +#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES + #undef LINUXKM_DRBG_GET_RANDOM_BYTES +/* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */ +#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ + (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || \ + defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES)) + #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES + #define LINUXKM_DRBG_GET_RANDOM_BYTES + #endif +#else + #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES + #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured. + #undef LINUXKM_DRBG_GET_RANDOM_BYTES + #endif +#endif + #include #include @@ -94,7 +110,31 @@ * exhaustion. A caller that really needs PR can pass in seed data in its call * to our rng_alg.generate() implementation. */ -#define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" WOLFKM_SHA_DRIVER_SUFFIX) + +#ifdef HAVE_ENTROPY_MEMUSE + #define WOLFKM_STDRNG_WOLFENTROPY "-wolfentropy" +#else + #define WOLFKM_STDRNG_WOLFENTROPY "" +#endif + +#if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED) + #define WOLFKM_STDRNG_RDSEED "-rdseed" +#else + #define WOLFKM_STDRNG_RDSEED "" +#endif + +#ifdef LINUXKM_DRBG_GET_RANDOM_BYTES + #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \ + WOLFKM_STDRNG_WOLFENTROPY \ + WOLFKM_STDRNG_RDSEED \ + WOLFKM_DRIVER_SUFFIX_BASE \ + "-with-global-replace") +#else + #define WOLFKM_STDRNG_DRIVER ("sha2-256-drbg-nopr" \ + WOLFKM_STDRNG_WOLFENTROPY \ + WOLFKM_STDRNG_RDSEED \ + WOLFKM_DRIVER_SUFFIX_BASE) +#endif #ifdef LINUXKM_LKCAPI_REGISTER_SHA_ALL #define LINUXKM_LKCAPI_REGISTER_SHA1 @@ -176,7 +216,8 @@ #define LINUXKM_LKCAPI_DONT_REGISTER_SHA3_512_HMAC #endif -#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC) +#if defined(NO_HMAC) && defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_HMAC) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HMAC_ALL) #error Config conflict: target kernel has CONFIG_CRYPTO_HMAC, but module has NO_HMAC #endif @@ -196,7 +237,8 @@ #define LINUXKM_LKCAPI_REGISTER_SHA1_HMAC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA1) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA1) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA1, but module has NO_SHA #endif @@ -220,7 +262,8 @@ #define LINUXKM_LKCAPI_REGISTER_SHA2_224_HMAC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_224) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module is missing WOLFSSL_SHA224 #endif @@ -244,7 +287,8 @@ #define LINUXKM_LKCAPI_REGISTER_SHA2_256_HMAC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA256) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_256) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA256, but module has NO_SHA256 #endif @@ -268,7 +312,8 @@ #define LINUXKM_LKCAPI_REGISTER_SHA2_384_HMAC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_384) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA384 #endif @@ -292,7 +337,8 @@ #define LINUXKM_LKCAPI_REGISTER_SHA2_512_HMAC #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA512) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA2_512) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA512, but module is missing WOLFSSL_SHA512 #endif @@ -345,7 +391,8 @@ #endif #endif #else - #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3) + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_SHA3) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_SHA3) #error Config conflict: target kernel has CONFIG_CRYPTO_SHA3, but module is missing WOLFSSL_SHA3 #endif @@ -379,6 +426,10 @@ #endif /* setup for LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT is in linuxkm_wc_port.h */ #else + #if defined(LINUXKM_LKCAPI_REGISTER_ALL_KCONFIG) && defined(CONFIG_CRYPTO_DRBG) && \ + !defined(LINUXKM_LKCAPI_DONT_REGISTER_HASH_DRBG) + #error Config conflict: target kernel has CONFIG_CRYPTO_DRBG, but module is missing HAVE_HASHDRBG + #endif #undef LINUXKM_LKCAPI_REGISTER_HASH_DRBG #endif @@ -514,8 +565,8 @@ .digest = km_ ## name ## _digest, \ .descsize = sizeof(struct km_sha_state), \ .base = { \ - .cra_name = this_cra_name, \ - .cra_driver_name = this_cra_driver_name, \ + .cra_name = (this_cra_name), \ + .cra_driver_name = (this_cra_driver_name), \ .cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, \ .cra_blocksize = (block_size), \ .cra_module = THIS_MODULE \ @@ -620,8 +671,8 @@ .digest = km_ ## name ## _digest, \ .descsize = sizeof(struct km_sha_state), \ .base = { \ - .cra_name = this_cra_name, \ - .cra_driver_name = this_cra_driver_name, \ + .cra_name = (this_cra_name), \ + .cra_driver_name = (this_cra_driver_name), \ .cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, \ .cra_blocksize = (block_size), \ .cra_module = THIS_MODULE \ @@ -757,6 +808,7 @@ } WC_MAYBE_UNUSED static int km_hmac_init(struct shash_desc *desc) { + int ret; struct km_sha_hmac_state *t_ctx = (struct km_sha_hmac_state *)shash_desc_ctx(desc); struct km_sha_hmac_pstate *p_ctx = (struct km_sha_hmac_pstate *)crypto_shash_ctx(desc->tfm); @@ -764,34 +816,12 @@ if (! t_ctx->wc_hmac) return -ENOMEM; - XMEMCPY(t_ctx->wc_hmac, &p_ctx->wc_hmac, sizeof *t_ctx->wc_hmac); - -#ifdef WOLFSSL_SMALL_STACK_CACHE - /* The cached W buffer from the persistent ctx can't be used because it - * would be double-freed, first by km_hmac_free_tstate(), then by - * km_hmac_exit_tfm(). - */ - switch (t_ctx->wc_hmac->macType) { - - #ifndef NO_SHA256 - case WC_SHA256: - #ifdef WOLFSSL_SHA224 - case WC_SHA224: - #endif - t_ctx->wc_hmac->hash.sha256.W = NULL; - break; - #endif /* WOLFSSL_SHA256 */ - - #ifdef WOLFSSL_SHA512 - case WC_SHA512: - #ifdef WOLFSSL_SHA384 - case WC_SHA384: - #endif - t_ctx->wc_hmac->hash.sha512.W = NULL; - break; - #endif /* WOLFSSL_SHA512 */ + ret = wc_HmacCopy(&p_ctx->wc_hmac, t_ctx->wc_hmac); + if (ret != 0) { + free(t_ctx->wc_hmac); + t_ctx->wc_hmac = NULL; + return -EINVAL; } -#endif /* WOLFSSL_SMALL_STACK_CACHE */ return 0; } @@ -879,8 +909,8 @@ .exit_tfm = km_hmac_exit_tfm, \ .descsize = sizeof(struct km_sha_hmac_state), \ .base = { \ - .cra_name = this_cra_name, \ - .cra_driver_name = this_cra_driver_name, \ + .cra_name = (this_cra_name), \ + .cra_driver_name = (this_cra_driver_name), \ .cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, \ .cra_blocksize = (block_size), \ .cra_ctxsize = sizeof(struct km_sha_hmac_pstate), \ @@ -961,202 +991,209 @@ #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG +#ifdef HAVE_ENTROPY_MEMUSE + #include +#endif #include +#include -struct wc_linuxkm_drbg_ctx { - size_t n_rngs; - struct wc_rng_inst { - wolfSSL_Atomic_Int lock; - WC_RNG rng; - } *rngs; /* one per CPU ID */ -}; +#ifndef WC_RNG_BANK_DEFAULT_SUPPORT + #error LINUXKM_LKCAPI_REGISTER_HASH_DRBG requires WC_RNG_BANK_DEFAULT_SUPPORT. +#endif -static inline void wc_linuxkm_drbg_ctx_clear(struct wc_linuxkm_drbg_ctx * ctx) -{ - unsigned int i; +static volatile int wc_linuxkm_rng_initing_default_bank_flag = 0; - if (ctx->rngs) { - for (i = 0; i < ctx->n_rngs; ++i) { - if (ctx->rngs[i].lock != 0) { - /* better to leak than to crash. */ - pr_err("BUG: wc_linuxkm_drbg_ctx_clear called with DRBG #%d still locked.", i); - ctx->rngs = NULL; - ctx->n_rngs = 0; - return; - } - else - wc_FreeRng(&ctx->rngs[i].rng); - } - free(ctx->rngs); - ctx->rngs = NULL; - ctx->n_rngs = 0; - } +#ifndef WC_LINUXKM_INITRNG_TIMEOUT_SEC + #define WC_LINUXKM_INITRNG_TIMEOUT_SEC 30 +#endif - return; +static int linuxkm_affinity_lock(void *arg) { + (void)arg; + if (preempt_count() != 0) + return ALREADY_E; +#if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) + migrate_disable(); /* this actually makes irq_count() nonzero, so that + * DISABLE_VECTOR_REGISTERS() is superfluous, but + * don't depend on that. + */ +#endif + local_bh_disable(); + return 0; } -static volatile int wc_linuxkm_drbg_init_tfm_disable_vector_registers = 0; +static int linuxkm_affinity_get_id(void *arg, int *id) { + (void)arg; + *id = raw_smp_processor_id(); + return 0; +} -static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm) +static int linuxkm_affinity_unlock(void *arg) { + (void)arg; + local_bh_enable(); +#if defined(CONFIG_SMP) && (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) + migrate_enable(); +#endif + return 0; +} + +static int wc_linuxkm_rng_bank_init(struct wc_rng_bank *ctx) { - struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_tfm_ctx(tfm); - unsigned int i; int ret; - int need_reenable_vec = 0; - int can_sleep = (preempt_count() == 0); + word32 flags = WC_RNG_BANK_FLAG_CAN_WAIT; - ctx->n_rngs = max(4, nr_cpu_ids); - ctx->rngs = (struct wc_rng_inst *)malloc(sizeof(*ctx->rngs) * ctx->n_rngs); - if (! ctx->rngs) { - ctx->n_rngs = 0; - return -ENOMEM; - } - XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * ctx->n_rngs); + if (wc_linuxkm_rng_initing_default_bank_flag) + flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS; - for (i = 0; i < ctx->n_rngs; ++i) { - ctx->rngs[i].lock = 0; - if (wc_linuxkm_drbg_init_tfm_disable_vector_registers) - need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0); - ret = wc_InitRng(&ctx->rngs[i].rng); - if (need_reenable_vec) - REENABLE_VECTOR_REGISTERS(); - if (ret != 0) { - pr_warn_once("WARNING: wc_InitRng returned %d\n",ret); - ret = -EINVAL; - break; + ret = wc_rng_bank_init( + ctx, nr_cpu_ids + 4, flags, WC_LINUXKM_INITRNG_TIMEOUT_SEC, + NULL /* heap */, INVALID_DEVID); + + if (ret == 0) { + ret = wc_rng_bank_set_affinity_handlers( + ctx, + linuxkm_affinity_lock, + linuxkm_affinity_get_id, + linuxkm_affinity_unlock, + NULL); + if (ret == 0) { + if (wc_linuxkm_rng_initing_default_bank_flag) { + ret = wc_rng_bank_default_set(ctx); + if (ret != 0) { + (void)wc_rng_bank_fini(ctx); + pr_err("ERROR: wc_rng_bank_default_set() in wc_linuxkm_rng_bank_init() returned err %d\n", ret); + WC_DUMP_BACKTRACE_NONDEBUG; + } + } + } + else { + (void)wc_rng_bank_fini(ctx); + pr_err("ERROR: wc_rng_bank_set_affinity_handlers() in wc_linuxkm_rng_bank_init() returned err %d\n", ret); + WC_DUMP_BACKTRACE_NONDEBUG; } - if (can_sleep) - cond_resched(); } - - if (ret != 0) { - wc_linuxkm_drbg_ctx_clear(ctx); + else { + pr_err("ERROR: wc_rng_bank_init() in wc_linuxkm_rng_bank_init() returned err %d\n", ret); + if (ret == WC_NO_ERR_TRACE(MEMORY_E)) + ret = -ENOMEM; + else if (ret == WC_NO_ERR_TRACE(WC_TIMEOUT_E)) + ret = -ETIMEDOUT; + else if (ret == WC_NO_ERR_TRACE(INTERRUPTED_E)) + ret = -EINTR; + else + ret = -EINVAL; } return ret; } +static int wc_linuxkm_drbg_init_tfm(struct crypto_tfm *tfm) +{ + return wc_linuxkm_rng_bank_init((struct wc_rng_bank *)crypto_tfm_ctx(tfm)); +} + static void wc_linuxkm_drbg_exit_tfm(struct crypto_tfm *tfm) { - struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_tfm_ctx(tfm); + struct wc_rng_bank *ctx = (struct wc_rng_bank *)crypto_tfm_ctx(tfm); + int ret; + + ret = wc_rng_bank_default_clear(ctx); + if (ret && (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))) + pr_err("ERROR: wc_rng_bank_default_clear() in wc_linuxkm_drbg_exit_tfm() returned unexpected code %d\n", ret); - wc_linuxkm_drbg_ctx_clear(ctx); + ret = wc_rng_bank_fini(ctx); + + if (ret != 0) + pr_err("ERROR: wc_rng_bank_fini() in wc_linuxkm_drbg_exit_tfm() returned err %d\n", ret); return; } static int wc_linuxkm_drbg_default_instance_registered = 0; -/* get_drbg() uses atomic operations to get exclusive ownership of a DRBG - * without delay. It expects to be called in uninterruptible context, though - * works fine in any context. It starts by trying the DRBG matching the current - * CPU ID, and if that doesn't immediately succeed, it iterates upward until one - * succeeds. The first attempt will always succeed, even under intense load, - * unless there is or has recently been a reseed or mix-in operation competing - * with generators. - * - * Note that wc_linuxkm_drbg_init_tfm() allocates at least 4 DRBGs, regardless - * of nominal core count, to avoid stalling generators on unicore targets. - */ +static struct wc_rng_bank_inst *linuxkm_get_drbg(struct wc_rng_bank *ctx) { + int err; + struct wc_rng_bank_inst *ret; + word32 flags = + WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | + WC_RNG_BANK_FLAG_CAN_WAIT | + WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST; -static inline struct wc_rng_inst *get_drbg(struct crypto_rng *tfm) { - struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm); - int n, new_lock_value; - - /* check for mismatched handler or missing instance array. */ - if ((tfm->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) || - (ctx->rngs == NULL)) - { + if (preempt_count() == 0) + flags |= WC_RNG_BANK_FLAG_AFFINITY_LOCK; + else + flags |= WC_RNG_BANK_FLAG_NO_VECTOR_OPS; + + err = wc_rng_bank_checkout(ctx, &ret, 0, WC_LINUXKM_INITRNG_TIMEOUT_SEC, flags); + + if (err != 0) { + pr_err("ERROR: wc_rng_bank_checkout() in linuxkm_get_drbg() returned err %d.\n", err); + WC_DUMP_BACKTRACE_NONDEBUG; return NULL; } - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - if (tfm == crypto_default_rng) { - migrate_disable(); /* this actually makes irq_count() nonzero, so that - * DISABLE_VECTOR_REGISTERS() is superfluous, but - * don't depend on that. - */ - new_lock_value = 2; - } - else - #endif - { - new_lock_value = 1; + return ret; +} + +static void linuxkm_put_drbg(struct wc_rng_bank *ctx, struct wc_rng_bank_inst **drbg) { + int ret = wc_rng_bank_checkin(ctx, drbg); + if (ret != 0) { + pr_err("ERROR: wc_rng_bank_checkin() in linuxkm_put_drbg() returned err %d.\n", ret); + WC_DUMP_BACKTRACE_NONDEBUG; } +} - n = raw_smp_processor_id(); +#if defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && defined(HAVE_HASHDRBG) - for (;;) { - int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, new_lock_value, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; - ++n; - if (n >= (int)ctx->n_rngs) - n = 0; - cpu_relax(); +int wc_linux_kernel_rng_is_wolfcrypt(struct crypto_rng *rng) { + if (rng && + wc_linuxkm_drbg_default_instance_registered && + (rng->base.__crt_alg->cra_init == wc_linuxkm_drbg_init_tfm)) + { + return 1; + } + else { + return 0; } - - __builtin_unreachable(); } -/* get_drbg_n() is used by bulk seed, mix-in, and reseed operations. It expects - * the caller to be able to wait until the requested DRBG is available. - */ -static inline struct wc_rng_inst *get_drbg_n(struct wc_linuxkm_drbg_ctx *ctx, int n) { - int can_sleep = (preempt_count() == 0); +#ifndef WC_DRBG_BANKREF + #error LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT requires WC_DRBG_BANKREF support. +#endif - for (;;) { - int expected = 0; - if (likely(__atomic_compare_exchange_n(&ctx->rngs[n].lock, &expected, 1, 0, __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE))) - return &ctx->rngs[n]; - if (can_sleep) { - if (signal_pending(current)) - return NULL; - cond_resched(); - } - else - cpu_relax(); +WC_MAYBE_UNUSED static int linuxkm_InitRng_DefaultRef(WC_RNG* rng) { + struct wc_rng_bank *ctx; + int ret = wc_rng_bank_default_checkout(&ctx); + + if (ret == 0) { + ret = wc_InitRng_BankRef(ctx, rng); + (void)wc_rng_bank_default_checkin(&ctx); + return ret; + } + else { + pr_warn_once("WARNING: linuxkm_InitRng_DefaultRef() called with null default_wc_rng_bank; falling through to wc_InitRng().\n"); + return wc_InitRng(rng); } __builtin_unreachable(); } +#define LKCAPI_INITRNG(rng) linuxkm_InitRng_DefaultRef(rng) -static inline void put_drbg(struct wc_rng_inst *drbg) { - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - int migration_disabled = (drbg->lock == 2); - #endif - __atomic_store_n(&(drbg->lock),0,__ATOMIC_RELEASE); - #if defined(CONFIG_SMP) && !defined(CONFIG_PREEMPT_COUNT) && \ - (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 7, 0)) - if (migration_disabled) - migrate_enable(); - #endif -} +#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT && HAVE_HASHDRBG */ -static int wc_linuxkm_drbg_generate(struct crypto_rng *tfm, - const u8 *src, unsigned int slen, - u8 *dst, unsigned int dlen) +static int wc_linuxkm_drbg_generate(struct wc_rng_bank *ctx, + const u8 *src, unsigned int slen, + u8 *dst, unsigned int dlen) { int ret, retried = 0; - int need_fpu_restore; - struct wc_rng_inst *drbg = get_drbg(tfm); + struct wc_rng_bank_inst *drbg = linuxkm_get_drbg(ctx); if (! drbg) { - pr_err_once("BUG: get_drbg() failed."); + pr_err_once("BUG: linuxkm_get_drbg() failed."); return -EFAULT; } - /* for the default RNG, make sure we don't cache an underlying SHA256 - * method that uses vector insns (forbidden from irq handlers). - */ - need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0; - -retry: - if (slen > 0) { - ret = wc_RNG_DRBG_Reseed(&drbg->rng, src, slen); + ret = wc_RNG_DRBG_Reseed(WC_RNG_BANK_INST_TO_RNG(drbg), src, slen); if (ret != 0) { pr_warn_once("WARNING: wc_RNG_DRBG_Reseed returned %d\n",ret); ret = -EINVAL; @@ -1164,110 +1201,116 @@ } } - ret = wc_RNG_GenerateBlock(&drbg->rng, dst, dlen); + for (;;) { + #define RNG_MAX_BLOCK_LEN_ROUNDED (RNG_MAX_BLOCK_LEN & ~0xfU) + if (dlen > RNG_MAX_BLOCK_LEN_ROUNDED) { + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(drbg), dst, RNG_MAX_BLOCK_LEN_ROUNDED); + if (ret == 0) { + dlen -= RNG_MAX_BLOCK_LEN_ROUNDED; + dst += RNG_MAX_BLOCK_LEN_ROUNDED; + } + } + #undef RNG_MAX_BLOCK_LEN_ROUNDED + else { + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(drbg), dst, dlen); + if (ret == 0) + dlen = 0; + } - if (unlikely(ret == WC_NO_ERR_TRACE(RNG_FAILURE_E)) && (! retried)) { - retried = 1; - wc_FreeRng(&drbg->rng); - ret = wc_InitRng(&drbg->rng); - if (ret == 0) { - pr_warn("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E.", raw_smp_processor_id()); - goto retry; + if (dlen == 0) + break; + + if (ret == 0) + continue; + + if (unlikely(ret == WC_NO_ERR_TRACE(RNG_FAILURE_E)) && (! retried)) { + if (slen > 0) + break; + + retried = 1; + + ret = wc_rng_bank_inst_reinit(ctx, + drbg, + WC_LINUXKM_INITRNG_TIMEOUT_SEC, + WC_RNG_BANK_FLAG_CAN_WAIT); + + if (ret == 0) { + pr_warn("WARNING: reinitialized DRBG #%d after RNG_FAILURE_E from wc_RNG_GenerateBlock().", raw_smp_processor_id()); + continue; + } + else { + pr_warn_once("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.", raw_smp_processor_id(), ret); + ret = -EINVAL; + break; + } } else { - pr_warn_once("ERROR: reinitialization of DRBG #%d after RNG_FAILURE_E failed with ret %d.", raw_smp_processor_id(), ret); + pr_warn_once("ERROR: wc_linuxkm_drbg_generate() wc_RNG_GenerateBlock returned %d.\n",ret); ret = -EINVAL; + break; } } - else if (ret != 0) { - pr_warn_once("WARNING: wc_RNG_GenerateBlock returned %d\n",ret); - ret = -EINVAL; - } out: - if (need_fpu_restore) - REENABLE_VECTOR_REGISTERS(); - put_drbg(drbg); + linuxkm_put_drbg(ctx, &drbg); return ret; } -static int wc_linuxkm_drbg_seed(struct crypto_rng *tfm, - const u8 *seed, unsigned int slen) +static int wc_linuxkm_drbg_generate_tfm(struct crypto_rng *tfm, + const u8 *src, unsigned int slen, + u8 *dst, unsigned int dlen) { - struct wc_linuxkm_drbg_ctx *ctx = (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(tfm); - u8 *seed_copy = NULL; - int ret = 0; - int n; - - if ((tfm->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) || - (ctx->rngs == NULL)) + if (tfm->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) { pr_err_once("BUG: mismatched tfm."); return -EFAULT; } - if (slen == 0) - return 0; - - seed_copy = (u8 *)malloc(slen + 2); - if (! seed_copy) - return -ENOMEM; - XMEMCPY(seed_copy + 2, seed, slen); - - /* this iteration counts down, whereas the iteration in get_drbg() counts - * up, to assure they can't possibly phase-lock to each other. - */ - for (n = ctx->n_rngs - 1; n >= 0; --n) { - struct wc_rng_inst *drbg = get_drbg_n(ctx, n); - - if (! drbg) { - ret = -EINTR; - break; - } + return wc_linuxkm_drbg_generate((struct wc_rng_bank *)crypto_rng_ctx(tfm), + src, slen, dst, dlen); +} - /* perturb the seed with the CPU ID, so that no DRBG has the exact same - * seed. - */ - seed_copy[0] = (u8)(n >> 8); - seed_copy[1] = (u8)n; +static int wc_linuxkm_drbg_seed(struct wc_rng_bank *ctx, + const u8 *seed, unsigned int slen) +{ + int ret; - { - /* for the default RNG, make sure we don't cache an underlying SHA256 - * method that uses vector insns (forbidden from irq handlers). - */ - int need_fpu_restore = (tfm == crypto_default_rng) ? (DISABLE_VECTOR_REGISTERS() == 0) : 0; - ret = wc_RNG_DRBG_Reseed(&drbg->rng, seed_copy, slen + 2); - if (need_fpu_restore) - REENABLE_VECTOR_REGISTERS(); - } + if (slen == 0) + return 0; - if (ret != 0) { - pr_warn_once("WARNING: wc_RNG_DRBG_Reseed returned %d\n",ret); - ret = -EINVAL; - } + ret = wc_rng_bank_seed(ctx, seed, slen, WC_LINUXKM_INITRNG_TIMEOUT_SEC, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) { + pr_err("wc_rng_bank_seed() in wc_linuxkm_drbg_seed() returned err %d.\n", ret); + ret = -EINVAL; + } - put_drbg(drbg); + return ret; +} - if (ret != 0) - break; +static int wc_linuxkm_drbg_seed_tfm(struct crypto_rng *tfm, + const u8 *seed, unsigned int slen) +{ + if (tfm->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) + { + pr_err_once("BUG: mismatched tfm."); + return -EFAULT; } - free(seed_copy); - - return ret; + return wc_linuxkm_drbg_seed((struct wc_rng_bank *)crypto_rng_ctx(tfm), + seed, slen); } static struct rng_alg wc_linuxkm_drbg = { - .generate = wc_linuxkm_drbg_generate, - .seed = wc_linuxkm_drbg_seed, + .generate = wc_linuxkm_drbg_generate_tfm, + .seed = wc_linuxkm_drbg_seed_tfm, .seedsize = 0, .base = { .cra_name = WOLFKM_STDRNG_NAME, .cra_driver_name = WOLFKM_STDRNG_DRIVER, .cra_priority = WOLFSSL_LINUXKM_LKCAPI_PRIORITY, - .cra_ctxsize = sizeof(struct wc_linuxkm_drbg_ctx), + .cra_ctxsize = sizeof(struct wc_rng_bank), .cra_init = wc_linuxkm_drbg_init_tfm, .cra_exit = wc_linuxkm_drbg_exit_tfm, .cra_module = THIS_MODULE @@ -1275,22 +1318,16 @@ }; static int wc_linuxkm_drbg_loaded = 0; -#ifdef NO_LINUXKM_DRBG_GET_RANDOM_BYTES - #undef LINUXKM_DRBG_GET_RANDOM_BYTES -#elif defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ - (defined(WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS) || defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES)) - #ifndef LINUXKM_DRBG_GET_RANDOM_BYTES - #define LINUXKM_DRBG_GET_RANDOM_BYTES - #endif -#else - #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES - #error LINUXKM_DRBG_GET_RANDOM_BYTES configured with no callback model configured. - #undef LINUXKM_DRBG_GET_RANDOM_BYTES - #endif -#endif - #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES +#ifndef WOLFSSL_SMALL_STACK_CACHE + /* WOLFSSL_SMALL_STACK_CACHE eliminates post-init heap allocations in SHA-2 + * and the Hash DRBG, fixing circular call dependencies between + * get_random_u32() from kernel heap and wolfCrypt DRBG. + */ + #error LINUXKM_DRBG_GET_RANDOM_BYTES requires WOLFSSL_SMALL_STACK_CACHE. +#endif + #if !(defined(HAVE_ENTROPY_MEMUSE) || defined(HAVE_INTEL_RDSEED) || \ defined(HAVE_AMD_RDSEED) || defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER)) #error LINUXKM_DRBG_GET_RANDOM_BYTES requires a native or intrinsic entropy source. @@ -1302,49 +1339,22 @@ #ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS -static inline struct crypto_rng *get_crypto_default_rng(void) { - struct crypto_rng *current_crypto_default_rng = crypto_default_rng; - - if (unlikely(! wc_linuxkm_drbg_default_instance_registered)) { - pr_warn("BUG: get_default_drbg_ctx() called without wc_linuxkm_drbg_default_instance_registered."); - return NULL; - } - - /* note we can't call crypto_get_default_rng(), because it uses a mutex - * (not allowed in interrupt handlers). we do however sanity-check the - * cra_init function pointer, and these handlers are protected by - * random_bytes_cb_refcnt in the patched drivers/char/random.c. - */ - - if (current_crypto_default_rng->base.__crt_alg->cra_init != wc_linuxkm_drbg_init_tfm) { - pr_err("BUG: get_default_drbg_ctx() found wrong crypto_default_rng \"%s\"\n", crypto_tfm_alg_driver_name(¤t_crypto_default_rng->base)); - crypto_put_default_rng(); - return NULL; - } - - return current_crypto_default_rng; -} - -static inline struct wc_linuxkm_drbg_ctx *get_default_drbg_ctx(void) { - struct crypto_rng *current_crypto_default_rng = get_crypto_default_rng(); - struct wc_linuxkm_drbg_ctx *ctx = (current_crypto_default_rng ? (struct wc_linuxkm_drbg_ctx *)crypto_rng_ctx(current_crypto_default_rng) : NULL); - if (ctx && (! ctx->rngs)) { - pr_err_once("BUG: get_default_drbg_ctx() found null ctx->rngs."); - return NULL; - } - else - return ctx; -} - static int wc__get_random_bytes(void *buf, size_t len) { - struct crypto_rng *current_crypto_default_rng = get_crypto_default_rng(); - if (! current_crypto_default_rng) + struct wc_rng_bank *current_default_wc_rng_bank; + int ret = wc_rng_bank_default_checkout(¤t_default_wc_rng_bank); + if (ret) { +#ifdef WC_VERBOSE_RNG + pr_err_ratelimited("ERROR: wc_rng_bank_default_checkout() in wc__get_random_bytes() returned %d.\n", ret); +#endif return -EFAULT; + } else { - int ret = crypto_rng_get_bytes(current_crypto_default_rng, buf, len); + ret = wc_linuxkm_drbg_generate(current_default_wc_rng_bank, + NULL, 0, buf, len); + (void)wc_rng_bank_default_checkin(¤t_default_wc_rng_bank); if (ret) { - pr_warn("BUG: wc_get_random_bytes falling through to native get_random_bytes with wc_linuxkm_drbg_default_instance_registered, ret=%d.", ret); + pr_warn("BUG: wc__get_random_bytes falling through to native get_random_bytes with wc_linuxkm_drbg_default_instance_registered, ret=%d.", ret); } return ret; } @@ -1353,21 +1363,27 @@ /* used by kernel >=5.14.0 */ static ssize_t wc_get_random_bytes_user(struct iov_iter *iter) { - struct crypto_rng *current_crypto_default_rng; + struct wc_rng_bank *current_default_wc_rng_bank; + int ret; if (unlikely(!iov_iter_count(iter))) return 0; - current_crypto_default_rng = get_crypto_default_rng(); - if (! current_crypto_default_rng) + + ret = wc_rng_bank_default_checkout(¤t_default_wc_rng_bank); + if (ret) { +#ifdef WC_VERBOSE_RNG + pr_err_ratelimited("ERROR: wc_rng_bank_default_checkout() in wc_get_random_bytes_user() returned %d.\n", ret); +#endif return -ECANCELED; + } else { - ssize_t ret; size_t this_copied, total_copied = 0; byte block[WC_SHA256_BLOCK_SIZE]; for (;;) { - ret = (ssize_t)crypto_rng_get_bytes(current_crypto_default_rng, block, sizeof block); + ret = wc_linuxkm_drbg_generate(current_default_wc_rng_bank, + NULL, 0, block, sizeof block); if (unlikely(ret != 0)) { - pr_err("ERROR: wc_get_random_bytes_user() crypto_rng_get_bytes() returned %ld.", ret); + pr_err("ERROR: wc_get_random_bytes_user() wc_linuxkm_drbg_generate() returned %d.", ret); break; } @@ -1388,6 +1404,8 @@ } } + (void)wc_rng_bank_default_checkin(¤t_default_wc_rng_bank); + ForceZero(block, sizeof(block)); if (total_copied == 0) { @@ -1407,21 +1425,27 @@ /* used by kernel 4.9.0-5.13.x */ static ssize_t wc_extract_crng_user(void __user *buf, size_t nbytes) { - struct crypto_rng *current_crypto_default_rng; + int ret; + struct wc_rng_bank *current_default_wc_rng_bank; if (unlikely(!nbytes)) return 0; - current_crypto_default_rng = get_crypto_default_rng(); - if (! current_crypto_default_rng) + + ret = wc_rng_bank_default_checkout(¤t_default_wc_rng_bank); + if (ret) { +#ifdef WC_VERBOSE_RNG + pr_err_ratelimited("ERROR: wc_rng_bank_default_checkout() in wc_extract_crng_user() returned %d.\n", ret); +#endif return -ECANCELED; + } else { - ssize_t ret; size_t this_copied, total_copied = 0; byte block[WC_SHA256_BLOCK_SIZE]; for (;;) { - ret = (ssize_t)crypto_rng_get_bytes(current_crypto_default_rng, block, sizeof block); + ret = wc_linuxkm_drbg_generate(current_default_wc_rng_bank, + NULL, 0, block, sizeof block); if (unlikely(ret != 0)) { - pr_err("ERROR: wc_extract_crng_user() crypto_rng_get_bytes() returned %ld.", ret); + pr_err("ERROR: wc_extract_crng_user() wc_linuxkm_drbg_generate() returned %d.", ret); break; } @@ -1442,6 +1466,8 @@ } } + (void)wc_rng_bank_default_checkin(¤t_default_wc_rng_bank); + ForceZero(block, sizeof(block)); if ((total_copied == 0) && (ret == 0)) { @@ -1457,7 +1483,8 @@ } static int wc_mix_pool_bytes(const void *buf, size_t len) { - struct wc_linuxkm_drbg_ctx *ctx; + int ret; + struct wc_rng_bank *ctx; size_t i; int n; int can_sleep = (preempt_count() == 0); @@ -1465,68 +1492,73 @@ if (len == 0) return 0; - if (! (ctx = get_default_drbg_ctx())) + ret = wc_rng_bank_default_checkout(&ctx); + if (ret) { +#ifdef WC_VERBOSE_RNG + pr_err_ratelimited("ERROR: wc_rng_bank_default_checkout() in wc_mix_pool_bytes() returned %d.\n", ret); +#endif return -EFAULT; + } + + ret = 0; for (n = ctx->n_rngs - 1; n >= 0; --n) { - struct wc_rng_inst *drbg = get_drbg_n(ctx, n); + struct wc_rng_bank_inst *drbg; + int V_offset; - if (! drbg) - return -EINTR; + if (wc_rng_bank_checkout(ctx, &drbg, n, 0, WC_RNG_BANK_FLAG_NONE) != 0) + continue; for (i = 0, V_offset = 0; i < len; ++i) { - ((struct DRBG_internal *)drbg->rng.drbg)->V[V_offset++] += ((byte *)buf)[i]; - if (V_offset == (int)sizeof ((struct DRBG_internal *)drbg->rng.drbg)->V) + ((struct DRBG_internal *)WC_RNG_BANK_INST_TO_RNG(drbg)->drbg)->V[V_offset++] += ((byte *)buf)[i]; + if (V_offset == (int)sizeof ((struct DRBG_internal *)WC_RNG_BANK_INST_TO_RNG(drbg)->drbg)->V) V_offset = 0; } - put_drbg(drbg); + wc_rng_bank_checkin(ctx, &drbg); if (can_sleep) { - if (signal_pending(current)) - return -EINTR; + if (signal_pending(current)) { + ret = -EINTR; + break; + } cond_resched(); } } - return 0; + (void)wc_rng_bank_default_checkin(&ctx); + + return ret; } static int wc_crng_reseed(void) { - struct wc_linuxkm_drbg_ctx *ctx = get_default_drbg_ctx(); - int n; + struct wc_rng_bank *ctx; int can_sleep = (preempt_count() == 0); + int ret = wc_rng_bank_default_checkout(&ctx); - if (! ctx) + if (ret) { +#ifdef WC_VERBOSE_RNG + pr_err_ratelimited("ERROR: wc_rng_bank_default_checkout() in wc_crng_reseed() returned %d.\n", ret); +#endif return -EFAULT; + } - for (n = ctx->n_rngs - 1; n >= 0; --n) { - struct wc_rng_inst *drbg = get_drbg_n(ctx, n); - - if (! drbg) - return -EINTR; + ret = wc_rng_bank_reseed(ctx, WC_LINUXKM_INITRNG_TIMEOUT_SEC, + can_sleep + ? + WC_RNG_BANK_FLAG_CAN_WAIT + : + WC_RNG_BANK_FLAG_NONE); - ((struct DRBG_internal *)drbg->rng.drbg)->reseedCtr = WC_RESEED_INTERVAL; + (void)wc_rng_bank_default_checkin(&ctx); - if (can_sleep) { - byte scratch[4]; - int need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0); - int ret = wc_RNG_GenerateBlock(&drbg->rng, scratch, (word32)sizeof(scratch)); - if (need_reenable_vec) - REENABLE_VECTOR_REGISTERS(); - if (ret != 0) - pr_err("ERROR: wc_crng_reseed() wc_RNG_GenerateBlock() for DRBG #%d returned %d.", n, ret); - put_drbg(drbg); - if (signal_pending(current)) - return -EINTR; - cond_resched(); - } - else { - put_drbg(drbg); - } + if (ret != 0) { + pr_err("ERROR: wc_rng_bank_reseed() returned err %d.\n", ret); + return -EINVAL; + } + else { + return 0; } - - return 0; } struct wolfssl_linuxkm_random_bytes_handlers random_bytes_handlers = { @@ -1722,12 +1754,15 @@ #endif /* LINUXKM_DRBG_GET_RANDOM_BYTES */ +#if defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(7, 1, 0)) +static struct wc_rng_bank default_bank; +static int default_bank_inited; +#endif + static int wc_linuxkm_drbg_startup(void) { int ret; -#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT - int cur_refcnt; -#endif if (wc_linuxkm_drbg_loaded) { pr_err("ERROR: wc_linuxkm_drbg_set_default called with wc_linuxkm_drbg_loaded."); @@ -1836,27 +1871,33 @@ /* for the default RNG, make sure we don't cache an underlying SHA256 * method that uses vector insns (forbidden from irq handlers). */ - wc_linuxkm_drbg_init_tfm_disable_vector_registers = 1; + wc_linuxkm_rng_initing_default_bank_flag = 1; + +#if LINUX_VERSION_CODE < KERNEL_VERSION(7, 1, 0) + ret = crypto_del_default_rng(); if (ret) { - wc_linuxkm_drbg_init_tfm_disable_vector_registers = 0; + wc_linuxkm_rng_initing_default_bank_flag = 0; pr_err("ERROR: crypto_del_default_rng returned %d", ret); return ret; } + ret = crypto_get_default_rng(); - wc_linuxkm_drbg_init_tfm_disable_vector_registers = 0; + wc_linuxkm_rng_initing_default_bank_flag = 0; if (ret) { pr_err("ERROR: crypto_get_default_rng returned %d", ret); return ret; } - cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); - if (cur_refcnt < 2) { - pr_err("ERROR: wc_linuxkm_drbg refcnt = %d after crypto_get_default_rng()", cur_refcnt); - crypto_put_default_rng(); - return -EINVAL; + { + int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); + if (cur_refcnt < 2) { + pr_err("ERROR: wc_linuxkm_drbg refcnt = %d after crypto_get_default_rng()", cur_refcnt); + crypto_put_default_rng(); + return -EINVAL; + } } if (! crypto_default_rng) { @@ -1872,6 +1913,66 @@ } crypto_put_default_rng(); + +#else /* >= 7.1.0 */ + +#ifdef CONFIG_CRYPTO_FIPS + if (fips_enabled) { + char buf[16]; + + ret = crypto_del_default_rng(); + if (ret) { + wc_linuxkm_rng_initing_default_bank_flag = 0; + pr_err("ERROR: crypto_del_default_rng returned %d", ret); + return ret; + } + + ret = __crypto_stdrng_get_bytes(buf, (unsigned int)sizeof buf); + + wc_linuxkm_rng_initing_default_bank_flag = 0; + + if (ret) { + pr_err("ERROR: __crypto_stdrng_get_bytes returned %d", ret); + return ret; + } + } + else +#endif /* CONFIG_CRYPTO_FIPS */ + { + ret = wc_linuxkm_rng_bank_init(&default_bank); + wc_linuxkm_rng_initing_default_bank_flag = 0; + if (ret) { + pr_err("ERROR: wc_linuxkm_rng_bank_init returned %d", ret); + return ret; + } + default_bank_inited = 1; + } + +#endif /* >= 7.1.0 */ + + { + struct wc_rng_bank *current_default_wc_rng_bank; + ret = wc_rng_bank_default_checkout(¤t_default_wc_rng_bank); + if (ret) + pr_err("ERROR: wc_rng_bank_default_checkout() after default stdrng registration returned %d", ret); + else { + ret = wc_rng_bank_default_checkin(¤t_default_wc_rng_bank); + if (ret) + pr_err("ERROR: wc_rng_bank_default_checkin() after wc_rng_bank_default_checkout() returned %d", ret); + } + if (ret != 0) { +#if defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) && \ + (LINUX_VERSION_CODE >= KERNEL_VERSION(7, 1, 0)) + if (default_bank_inited) { + (void)wc_rng_bank_default_clear(&default_bank); + (void)wc_rng_bank_fini(&default_bank); + default_bank_inited = 0; + } +#endif + return -ECANCELED; + } + } + wc_linuxkm_drbg_default_instance_registered = 1; pr_info("%s registered as systemwide default stdrng.", wc_linuxkm_drbg.base.cra_driver_name); pr_info("libwolfssl: to unload module, first echo 1 > /sys/module/libwolfssl/deinstall_algs"); @@ -1955,25 +2056,18 @@ } static int wc_linuxkm_drbg_cleanup(void) { - int cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); + int cur_refcnt; if (! wc_linuxkm_drbg_loaded) { pr_err("ERROR: wc_linuxkm_drbg_cleanup called with ! wc_linuxkm_drbg_loaded"); return -EINVAL; } - if (cur_refcnt - wc_linuxkm_drbg_default_instance_registered != 1) { - pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d, with wc_linuxkm_drbg %sset as default rng", - cur_refcnt, wc_linuxkm_drbg_default_instance_registered ? "" : "not "); - return -EBUSY; - } - - /* The below is racey, but the kernel doesn't provide any other way. It's - * written to be retryable. - */ - #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT if (wc_linuxkm_drbg_default_instance_registered) { + /* These deinstallations are racey, but the kernel doesn't provide any other + * way. It's written to be retryable. + */ int ret; #ifdef LINUXKM_DRBG_GET_RANDOM_BYTES @@ -1998,16 +2092,16 @@ #elif defined(WOLFSSL_LINUXKM_USE_GET_RANDOM_KPROBES) if (wc_get_random_bytes_kprobe_installed) { - wc_get_random_bytes_kprobe_installed = 0; - barrier(); unregister_kprobe(&wc_get_random_bytes_kprobe); + barrier(); + wc_get_random_bytes_kprobe_installed = 0; pr_info("libwolfssl: wc_get_random_bytes_kprobe uninstalled\n"); } #ifdef WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE if (wc_get_random_bytes_user_kretprobe_installed) { - wc_get_random_bytes_user_kretprobe_installed = 0; - barrier(); unregister_kretprobe(&wc_get_random_bytes_user_kretprobe); + barrier(); + wc_get_random_bytes_user_kretprobe_installed = 0; pr_info("libwolfssl: wc_get_random_bytes_user_kretprobe uninstalled\n"); } #endif /* WOLFSSL_LINUXKM_USE_GET_RANDOM_USER_KRETPROBE */ @@ -2018,19 +2112,48 @@ #endif /* LINUXKM_DRBG_GET_RANDOM_BYTES */ +#if LINUX_VERSION_CODE < KERNEL_VERSION(7, 1, 0) ret = crypto_del_default_rng(); if (ret) { pr_err("ERROR: crypto_del_default_rng failed: %d", ret); return ret; } - cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); - if (cur_refcnt != 1) { - pr_warn("WARNING: wc_linuxkm_drbg refcnt = %d after crypto_del_default_rng()", cur_refcnt); - return -EINVAL; +#else /* >= 7.1.0 */ + +#ifdef CONFIG_CRYPTO_FIPS + if (fips_enabled) { + ret = crypto_del_default_rng(); + if (ret) { + pr_err("ERROR: crypto_del_default_rng failed: %d", ret); + return ret; + } } + else +#endif /* CONFIG_CRYPTO_FIPS */ + if (default_bank_inited) { + ret = wc_rng_bank_default_clear(&default_bank); + if (ret) + pr_err("ERROR: wc_rng_bank_default_clear in wc_linuxkm_drbg_cleanup failed: %d", ret); + else { + ret = wc_rng_bank_fini(&default_bank); + if (ret) + pr_err("ERROR: wc_rng_bank_fini in wc_linuxkm_drbg_cleanup failed: %d", ret); + } + default_bank_inited = 0; + } +#endif /* >= 7.1.0 */ + + wc_linuxkm_drbg_default_instance_registered = 0; } #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */ + cur_refcnt = WC_LKM_REFCOUNT_TO_INT(wc_linuxkm_drbg.base.cra_refcnt); + + if (cur_refcnt != 1) { + pr_err("ERROR: wc_linuxkm_drbg_cleanup called with refcnt = %d", cur_refcnt); + return -EBUSY; + } + crypto_unregister_rng(&wc_linuxkm_drbg); if (! (wc_linuxkm_drbg.base.cra_flags & CRYPTO_ALG_DEAD)) { @@ -2038,10 +2161,6 @@ return -EBUSY; } -#ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT - wc_linuxkm_drbg_default_instance_registered = 0; -#endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT */ - wc_linuxkm_drbg_loaded = 0; return 0; @@ -2049,4 +2168,8 @@ #endif /* LINUXKM_LKCAPI_REGISTER_HASH_DRBG */ +#ifndef LKCAPI_INITRNG + #define LKCAPI_INITRNG(rng) wc_InitRng(rng) +#endif + #endif /* !WC_SKIP_INCLUDED_C_FILES */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/module_exports.c.template mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_exports.c.template --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/module_exports.c.template 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_exports.c.template 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* module_exports.c.template -- static preamble for dynamically generated * module_exports.c (see Kbuild) * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,7 +62,13 @@ #if defined(WC_NO_RNG) #include #else + #ifdef HAVE_ENTROPY_MEMUSE + #include + #endif #include + #ifdef WC_RNG_BANK_SUPPORT + #include + #endif #endif #include #include @@ -100,7 +106,7 @@ #ifdef HAVE_ED448 #include #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) #include #endif #ifdef WOLFSSL_SHA3 @@ -170,6 +176,9 @@ #ifdef HAVE_DILITHIUM #include #endif +#ifdef WOLFSSL_HAVE_SLHDSA + #include +#endif #ifdef OPENSSL_EXTRA #ifndef WOLFCRYPT_ONLY diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/module_hooks.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_hooks.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/module_hooks.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/module_hooks.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* module_hooks.c -- module load/unload hooks for libwolfssl.ko * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,11 +36,17 @@ #ifdef USE_CONTESTMUTEX #error USE_CONTESTMUTEX is incompatible with WOLFSSL_LINUXKM #endif + #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE + #include + #endif #include #endif #if !defined(NO_CRYPT_TEST) || defined(LINUXKM_LKCAPI_REGISTER) #include #endif +#ifdef HAVE_ENTROPY_MEMUSE + #include +#endif #include #include #ifdef NO_INLINE @@ -85,11 +91,33 @@ return ret; } -#if defined(HAVE_FIPS) && (FIPS_VERSION3_GE(6,0,0) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE)) -extern char verifyCore[WC_SHA256_DIGEST_SIZE*2 + 1]; +#ifdef HAVE_FIPS + /* failsafe definitions for FIPS <5.3 */ + #ifndef FIPS_IN_CORE_DIGEST_SIZE + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE WC_SHA384_DIGEST_SIZE + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #else + #error Unsupported FIPS hash alg. + #endif + #endif + + #ifndef FIPS_IN_CORE_KEY_SZ + #define FIPS_IN_CORE_KEY_SZ FIPS_IN_CORE_DIGEST_SIZE + #endif + #ifndef FIPS_IN_CORE_VERIFY_SZ + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_DIGEST_SIZE + #endif + + #if FIPS_VERSION3_GE(6,0,0) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) + extern char verifyCore[FIPS_IN_CORE_DIGEST_SIZE*2 + 1]; + #endif #endif -#ifdef WC_PIE_RELOC_TABLES +#ifdef WC_SYM_RELOC_TABLES #ifdef DEBUG_LINUXKM_PIE_SUPPORT @@ -108,22 +136,18 @@ return sum; } -static int total_text_r = 0, total_rodata_r = 0, total_rwdata_r = 0, - total_bss_r = 0, total_other_r = 0; +struct wc_reloc_counts reloc_counts = {}; #endif /* DEBUG_LINUXKM_PIE_SUPPORT */ -#ifdef WC_PIE_RELOC_TABLES -extern struct wolfssl_linuxkm_pie_redirect_table wolfssl_linuxkm_pie_redirect_table; static int set_up_wolfssl_linuxkm_pie_redirect_table(void); -#endif /* WC_PIE_RELOC_TABLES */ #ifdef HAVE_FIPS extern const unsigned int wolfCrypt_FIPS_ro_start[]; extern const unsigned int wolfCrypt_FIPS_ro_end[]; #endif -#endif /* WC_PIE_RELOC_TABLES */ +#endif /* WC_SYM_RELOC_TABLES */ #ifdef HAVE_FIPS static void lkmFipsCb(int ok, int err, const char* hash) @@ -210,6 +234,77 @@ return 0; } +#ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE +static ssize_t dump_to_file(const char *path, const u8 *buf, size_t buf_len) +{ + loff_t pos = 0; + struct file *fp; + ssize_t ret; + char tmp; + + if (buf_len == 0) { + pr_info("libwolfssl: dump_to_file() called with buf_len == 0. Not dumping.\n"); + return 0; + } + + WC_SANITIZE_DISABLE(); +#if LINUX_VERSION_CODE < KERNEL_VERSION(5,8,0) + ret = probe_kernel_read(&tmp, buf, 1); + if (ret == 0) + ret = probe_kernel_read(&tmp, buf + buf_len - 1, 1); +#else + ret = copy_from_kernel_nofault(&tmp, buf, 1); + if (ret == 0) + ret = copy_from_kernel_nofault(&tmp, buf + buf_len - 1, 1); +#endif + WC_SANITIZE_ENABLE(); + if (ret != 0) { + pr_err("libwolfssl: cannot safely read from buffer %px: %d\n", buf, (int)ret); + return ret; + } + + fp = filp_open(path, O_WRONLY | O_CREAT, 0644); + if (IS_ERR(fp)) { + pr_err("libwolfssl: cannot open %s: %ld\n", path, PTR_ERR(fp)); + return PTR_ERR(fp); + } + + WC_SANITIZE_DISABLE(); +#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 14, 0) + /* kernel_write() fixed by e13ec939e9 */ + ret = kernel_write(fp, buf, buf_len, &pos); +#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 9, 0) + /* kernel_write() exported by 7bb307e894d51 */ + ret = kernel_write(fp, (char *)buf, buf_len, pos); +#else + ret = vfs_write(fp, buf, buf_len, &pos); +#endif + WC_SANITIZE_ENABLE(); + + filp_close(fp, NULL); + + if (ret < 0) + pr_err("libwolfssl: write to %s failed: %zd\n", path, ret); + else if ((size_t)ret != buf_len) + pr_warn("libwolfssl: short write to %s: %zd of %zu bytes\n", path, ret, buf_len); + + return ret; +} + +static char *text_dump_path; +static char *rodata_dump_path; + + /* indent these so they don't look like flush-left function calls. */ + module_param(text_dump_path, charp, 0444); + module_param(rodata_dump_path, charp, 0444); + +MODULE_PARM_DESC(text_dump_path, + "Path to dump live .wolfcrypt_text section to (e.g. /tmp/wc_text.bin)"); +MODULE_PARM_DESC(rodata_dump_path, + "Path to dump live .wolfcrypt_rodata section to (e.g. /tmp/wc_rodata.bin)"); + +#endif /* WC_LINUXKM_SUPPORT_DUMP_TO_FILE */ + #ifdef HAVE_FIPS static ssize_t FIPS_rerun_self_test_handler(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count); @@ -294,12 +389,23 @@ */ } #endif + return; } #endif + cpu_relax(); } -/* backported wc_GenerateSeed_IntelRD() for FIPS v5. */ -#ifdef WC_LINUXKM_RDSEED_IN_GLUE_LAYER +#if defined(WC_LINUXKM_WOLFENTROPY_IN_GLUE_LAYER) + +int wc_linuxkm_GenerateSeed_wolfEntropy(OS_Seed* os, byte* output, word32 sz) +{ + (void)os; + return wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); +} + +#elif defined(WC_LINUXKM_RDSEED_IN_GLUE_LAYER) + +/* backported wc_GenerateSeed_IntelRD() for FIPS v5, before breakout of wolfentropy.c. */ #include #include @@ -431,6 +537,9 @@ extern int linuxkm_op_test_1(int argc, const char* argv[]); extern int linuxkm_op_test_wrapper(void); static wolfSSL_Atomic_Int *conTestFailure_ptr = NULL; + #ifdef HAVE_WC_FIPS_OPTEST_CONTESTFAILURE_EXPORT + WOLFSSL_API extern wolfSSL_Atomic_Int wc_fips_optest_conTestFailure; + #endif static ssize_t FIPS_optest_trig_handler(struct kobject *kobj, struct kobj_attribute *attr, const char *buf, size_t count); static struct kobj_attribute FIPS_optest_trig_attr = __ATTR(FIPS_optest_run_code, 0220, NULL, FIPS_optest_trig_handler); @@ -445,6 +554,70 @@ { int ret; + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at entry to wolfssl_init(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + } + #endif + +#ifdef WC_SYM_RELOC_TABLES + ret = set_up_wolfssl_linuxkm_pie_redirect_table(); + if (ret < 0) + return ret; +#endif + +#ifdef WC_LINUXKM_SUPPORT_DUMP_TO_FILE + +#ifdef WC_SYM_RELOC_TABLES + if (text_dump_path) { + if (dump_to_file(text_dump_path, + (u8 *)__wc_text_start, + (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) + > 0) + { + pr_info("libwolfssl: dumped .wolfcrypt_text (%zu bytes) to %s.\n", + (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), + text_dump_path); + } + } + if (rodata_dump_path) { + if (dump_to_file(rodata_dump_path, + (u8 *)__wc_rodata_start, + (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start)) + > 0) + { + pr_info("libwolfssl: dumped .wolfcrypt_rodata (%zu bytes) to %s.\n", + (size_t)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), + rodata_dump_path); + } + } +#else + if ((text_dump_path != NULL) || + (rodata_dump_path != NULL)) + { + pr_info("libwolfssl: ignoring module dump path argument(s) -- module lacks WC_SYM_RELOC_TABLES.\n"); + } +#endif + +#endif /* WC_LINUXKM_SUPPORT_DUMP_TO_FILE */ + +#ifdef WC_LINUXKM_TEST_INET_PTON + { + const char *src; + byte dst[16] = { }; + int pton_ret; + src = "1.2.3.4"; + pton_ret = wc_linuxkm_inet_pton(AF_INET, src, dst); + printf("pton_ret=%d src=%s dst=%d.%d.%d.%d\n", pton_ret, src, (int)dst[0], (int)dst[1], (int)dst[2], (int)dst[3]); + src = "89ab::cdef"; + pton_ret = wc_linuxkm_inet_pton(AF_INET6, src, dst); + printf("pton_ret=%d src=%s dst=%02x%02x::%02x%02x\n", pton_ret, src, (int)dst[0], (int)dst[1], (int)dst[14], (int)dst[15]); + } +#endif /* WC_LINUXKM_TEST_INET_PTON */ + #ifdef HAVE_FIPS /* The compiled-in verifycore must be the right length, else the module * geometry will change when the correct value is passed in, destabilizing @@ -469,15 +642,26 @@ #if defined(CONFIG_HAVE_KPROBES) && (defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)) pr_err("INFO: couldn't get verifyCore_ptr -- skipping verifyCore length check.\n"); #endif - verifyCore_len = WC_SHA256_DIGEST_SIZE*2; + verifyCore_len = FIPS_IN_CORE_DIGEST_SIZE*2; } #endif - if (verifyCore_len != WC_SHA256_DIGEST_SIZE*2) { - pr_err("ERROR: compile-time FIPS hash is the wrong length (expected %d hex digits, got %zu).\n", WC_SHA256_DIGEST_SIZE*2, verifyCore_len); + if (verifyCore_len != FIPS_IN_CORE_DIGEST_SIZE*2) { + pr_err("ERROR: compile-time FIPS hash is the wrong length (expected %d hex digits, got %zu).\n", FIPS_IN_CORE_DIGEST_SIZE*2, verifyCore_len); return -ECANCELED; } } +#ifdef WC_SYM_RELOC_TABLES + if (((uintptr_t)__wc_text_start > (uintptr_t)wolfCrypt_FIPS_first) || + ((uintptr_t)__wc_text_end < (uintptr_t)wolfCrypt_FIPS_last) || + ((uintptr_t)__wc_rodata_start > (uintptr_t)wolfCrypt_FIPS_ro_start) || + ((uintptr_t)__wc_rodata_end < (uintptr_t)wolfCrypt_FIPS_ro_end)) + { + pr_err("ERROR: ELF segment fenceposts and FIPS fenceposts conflict.\n"); + return -ECANCELED; + } +#endif + #ifdef WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE #ifdef CONFIG_MODULE_SIG if (THIS_MODULE->sig_ok == false) { @@ -485,33 +669,26 @@ return -ECANCELED; } #endif + #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) + reloc_counts.text = reloc_counts.rodata = reloc_counts.rwdata = reloc_counts.bss = + reloc_counts.other = 0; + #endif ret = updateFipsHash(); if (ret < 0) { pr_err("ERROR: wolfSSL module load aborted -- updateFipsHash: %s\n",wc_GetErrorString(ret)); return -ECANCELED; } -#endif /* WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE */ -#endif /* HAVE_FIPS */ + #if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) + pr_info("FIPS-bounded relocation normalizations from updateFipsHash(): text=%d, rodata=%d, rwdata=%d, bss=%d, other=%d\n", + reloc_counts.text, reloc_counts.rodata, reloc_counts.rwdata, reloc_counts.bss, reloc_counts.other); + #endif -#ifdef WC_PIE_RELOC_TABLES - ret = set_up_wolfssl_linuxkm_pie_redirect_table(); - if (ret < 0) - return ret; -#endif +#endif /* WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE */ -#if defined(HAVE_FIPS) && defined(WC_PIE_RELOC_TABLES) - if (((uintptr_t)__wc_text_start > (uintptr_t)wolfCrypt_FIPS_first) || - ((uintptr_t)__wc_text_end < (uintptr_t)wolfCrypt_FIPS_last) || - ((uintptr_t)__wc_rodata_start > (uintptr_t)wolfCrypt_FIPS_ro_start) || - ((uintptr_t)__wc_rodata_end < (uintptr_t)wolfCrypt_FIPS_ro_end)) - { - pr_err("ERROR: ELF segment fenceposts and FIPS fenceposts conflict.\n"); - return -ECANCELED; - } -#endif +#endif /* HAVE_FIPS */ -#if defined(WC_PIE_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) +#if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 4, 0) /* see linux commit ac3b432839 */ @@ -544,8 +721,8 @@ return -ECANCELED; } - total_text_r = total_rodata_r = total_rwdata_r = total_bss_r = - total_other_r = 0; + reloc_counts.text = reloc_counts.rodata = reloc_counts.rwdata = reloc_counts.bss = + reloc_counts.other = 0; while (text_p < (const u8 *)__wc_text_end) { ssize_t progress = @@ -556,7 +733,7 @@ canon_buf, &cur_reloc_index); if (progress <= 0) { pr_err("ERROR: progress=%ld from WOLFSSL_TEXT_SEGMENT_CANONICALIZER() at offset %x (text=%x-%x).\n", - progress, + (long)progress, (unsigned)(uintptr_t)text_p, (unsigned)(uintptr_t)__wc_text_start, (unsigned)(uintptr_t)__wc_text_end); @@ -574,29 +751,39 @@ * the true module start address, which is potentially useful to an * attacker. */ - pr_info("wolfCrypt segment hashes (spans): text 0x%x (%lu), rodata 0x%x (%lu), offset %c0x%lx, canon text 0x%x\n", - text_hash, (uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start, - rodata_hash, __wc_rodata_end - __wc_rodata_start, + pr_info("wolfCrypt segment hashes (spans): text 0x%x (%llu), rodata 0x%x (%llu), offset %c0x%llx, canon text 0x%x\n", + text_hash, (unsigned long long)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start), + rodata_hash, (unsigned long long)((uintptr_t)__wc_rodata_end - (uintptr_t)__wc_rodata_start), (uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? '+' : '-', - (uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? (uintptr_t)&__wc_rodata_start[0] - (uintptr_t)__wc_text_start : (uintptr_t)__wc_text_start - (uintptr_t)&__wc_rodata_start[0], + (uintptr_t)__wc_text_start < (uintptr_t)&__wc_rodata_start[0] ? (unsigned long long)((uintptr_t)&__wc_rodata_start[0] - (uintptr_t)__wc_text_start) : (unsigned long long)((uintptr_t)__wc_text_start - (uintptr_t)&__wc_rodata_start[0]), stabilized_text_hash); - pr_info("wolfCrypt segments: text=%x-%x, rodata=%x-%x, " - "rwdata=%x-%x, bss=%x-%x\n", - (unsigned)(uintptr_t)__wc_text_start, - (unsigned)(uintptr_t)__wc_text_end, - (unsigned)(uintptr_t)__wc_rodata_start, - (unsigned)(uintptr_t)__wc_rodata_end, - (unsigned)(uintptr_t)__wc_rwdata_start, - (unsigned)(uintptr_t)__wc_rwdata_end, - (unsigned)(uintptr_t)__wc_bss_start, - (unsigned)(uintptr_t)__wc_bss_end); + pr_info("wolfCrypt segments: text=%llx-%llx, rodata=%llx-%llx, " + "rwdata=%llx-%llx, bss=%llx-%llx\n", + (unsigned long long)(uintptr_t)__wc_text_start, + (unsigned long long)(uintptr_t)__wc_text_end, + (unsigned long long)(uintptr_t)__wc_rodata_start, + (unsigned long long)(uintptr_t)__wc_rodata_end, + (unsigned long long)(uintptr_t)__wc_rwdata_start, + (unsigned long long)(uintptr_t)__wc_rwdata_end, + (unsigned long long)(uintptr_t)__wc_bss_start, + (unsigned long long)(uintptr_t)__wc_bss_end); pr_info("whole-segment relocation normalizations: text=%d, rodata=%d, rwdata=%d, bss=%d, other=%d\n", - total_text_r, total_rodata_r, total_rwdata_r, total_bss_r, total_other_r); + reloc_counts.text, reloc_counts.rodata, reloc_counts.rwdata, reloc_counts.bss, reloc_counts.other); } -#endif /* WC_PIE_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT */ +#endif /* WC_SYM_RELOC_TABLES && DEBUG_LINUXKM_PIE_SUPPORT */ + +#ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by wolfssl_init() initial setup: %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } +#endif #ifdef HAVE_FIPS ret = wolfCrypt_SetCb_fips(lkmFipsCb); @@ -605,9 +792,9 @@ return -ECANCELED; } -#if defined(WC_PIE_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) - total_text_r = total_rodata_r = total_rwdata_r = total_bss_r = - total_other_r = 0; +#if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) + reloc_counts.text = reloc_counts.rodata = reloc_counts.rwdata = reloc_counts.bss = + reloc_counts.other = 0; #endif if (WC_SIG_IGNORE_BEGIN() >= 0) { @@ -617,9 +804,9 @@ else pr_err("ERROR: WC_SIG_IGNORE_BEGIN() failed.\n"); -#if defined(WC_PIE_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) +#if defined(WC_SYM_RELOC_TABLES) && defined(DEBUG_LINUXKM_PIE_SUPPORT) pr_info("FIPS-bounded relocation normalizations: text=%d, rodata=%d, rwdata=%d, bss=%d, other=%d\n", - total_text_r, total_rodata_r, total_rwdata_r, total_bss_r, total_other_r); + reloc_counts.text, reloc_counts.rodata, reloc_counts.rwdata, reloc_counts.bss, reloc_counts.other); #endif ret = wolfCrypt_GetStatus_fips(); @@ -701,11 +888,15 @@ #endif /* HAVE_FIPS && FIPS_VERSION3_GT(5,2,0) */ #ifdef FIPS_OPTEST + #ifdef HAVE_WC_FIPS_OPTEST_CONTESTFAILURE_EXPORT + conTestFailure_ptr = &wc_fips_optest_conTestFailure; + #else conTestFailure_ptr = (wolfSSL_Atomic_Int *)my_kallsyms_lookup_name("conTestFailure"); if (conTestFailure_ptr == NULL) { pr_err("ERROR: couldn't obtain conTestFailure_ptr.\n"); return -ECANCELED; } + #endif ret = linuxkm_lkcapi_sysfs_install_node(&FIPS_optest_trig_attr, &installed_sysfs_FIPS_optest_trig_files); if (ret != 0) { @@ -714,7 +905,25 @@ } #ifdef FIPS_OPTEST_FULL_RUN_AT_MODULE_INIT + + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at call to linuxkm_op_test_wrapper(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + #endif + (void)linuxkm_op_test_wrapper(); + + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by linuxkm_op_test_wrapper(): %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } + #endif + WOLFSSL_ATOMIC_STORE(*conTestFailure_ptr, 0); for (i = 0; i < FIPS_CAST_COUNT; ++i) fipsCastStatus_put(i, FIPS_CAST_STATE_INIT); @@ -737,7 +946,21 @@ #endif /* FIPS_OPTEST */ #ifndef NO_CRYPT_TEST - ret = wolfcrypt_test(NULL); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at call to wolfcrypt_test(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + #endif + ret = wolfcrypt_test(NULL); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by wolfcrypt_test(): %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } + #endif if (ret < 0) { pr_err("ERROR: wolfcrypt self-test failed with return code %d.\n", ret); (void)libwolfssl_cleanup(); @@ -763,7 +986,21 @@ return -ECANCELED; } #else /* !LINUXKM_LKCAPI_REGISTER_ONLY_ON_COMMAND */ - ret = linuxkm_lkcapi_register(); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at call to linuxkm_lkcapi_register(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + #endif + ret = linuxkm_lkcapi_register(); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by linuxkm_lkcapi_register(): %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } + #endif if (ret) { pr_err("ERROR: linuxkm_lkcapi_register() failed with return code %d.\n", ret); @@ -780,7 +1017,21 @@ #endif #ifdef WOLFSSL_LINUXKM_BENCHMARKS - wolfcrypt_benchmark_main(0, (char**)NULL); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at call to wolfcrypt_benchmark_main(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + #endif + wolfcrypt_benchmark_main(0, (char**)NULL); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by wolfcrypt_benchmark_main(): %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } + #endif #endif #ifdef WOLFCRYPT_ONLY @@ -862,71 +1113,49 @@ MODULE_DESCRIPTION("libwolfssl cryptographic and protocol facilities"); MODULE_VERSION(LIBWOLFSSL_VERSION_STRING); -#ifdef WC_PIE_RELOC_TABLES +#ifdef WC_SYM_RELOC_TABLES -#define WC_TEXT_TAG (0x0 << 29) -#define WC_RODATA_TAG (0x1U << 29) -#define WC_RWDATA_TAG (0x2U << 29) -#define WC_BSS_TAG (0x3U << 29) -#define WC_OTHER_TAG (0x4U << 29) - -#define WC_RELOC_TAG_MASK (0x7U << 29) -#define WC_RELOC_OFFSET_MASK (~WC_RELOC_TAG_MASK) - -static inline long find_reloc_tab_offset(size_t text_in_offset) { - long ret; - unsigned long hop; - if (wc_linuxkm_pie_reloc_tab_length <= 1) { -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - pr_err("ERROR: %s failed at L %d.\n", __FUNCTION__, __LINE__); -#endif - return -1; - } - if (text_in_offset >= (size_t)((uintptr_t)__wc_text_end - (uintptr_t)__wc_text_start)) { -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - pr_err("ERROR: %s failed at L %d.\n", __FUNCTION__, __LINE__); -#endif - return -1; - } - if (text_in_offset >= (size_t)(wc_linuxkm_pie_reloc_tab[wc_linuxkm_pie_reloc_tab_length - 1] & WC_RELOC_OFFSET_MASK)) { -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - pr_err("ERROR: %s failed at L %d.\n", __FUNCTION__, __LINE__); -#endif - return -1; - } - for (ret = 0, - hop = wc_linuxkm_pie_reloc_tab_length >> 1; - hop; - hop >>= 1) - { - if (text_in_offset == (size_t)(wc_linuxkm_pie_reloc_tab[ret] & WC_RELOC_OFFSET_MASK)) - break; - else if (text_in_offset > (size_t)(wc_linuxkm_pie_reloc_tab[ret] & WC_RELOC_OFFSET_MASK)) - ret += hop; - else if (ret) - ret -= hop; - } - - while ((ret < (long)wc_linuxkm_pie_reloc_tab_length - 1) && - ((size_t)(wc_linuxkm_pie_reloc_tab[ret] & WC_RELOC_OFFSET_MASK) < text_in_offset)) - ++ret; - - while ((ret > 0) && - ((size_t)(wc_linuxkm_pie_reloc_tab[ret - 1] & WC_RELOC_OFFSET_MASK) >= text_in_offset)) - --ret; +extern const struct wc_reloc_table_ent wc_linuxkm_pie_reloc_tab[]; +extern const unsigned int wc_linuxkm_pie_reloc_tab_length; -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - if (ret < 0) - pr_err("ERROR: %s returning %ld at L %d.\n", __FUNCTION__, ret, __LINE__); +static const struct wc_reloc_table_segments seg_map = { + .start = 0, .end = 0, + .text_start = (size_t)(uintptr_t)__wc_text_start, + .text_end = (size_t)(uintptr_t)__wc_text_end, + .reloc_tab_start = (size_t)(uintptr_t)wc_linuxkm_pie_reloc_tab, + .reloc_tab_end = 0, + .reloc_tab_len_start = (size_t)(uintptr_t)&wc_linuxkm_pie_reloc_tab_length, + .reloc_tab_len_end = 0, +#ifdef HAVE_FIPS +#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS + .fips_text_start = (size_t)(uintptr_t)__wc_text_start, + .fips_text_end = (size_t)(uintptr_t)__wc_text_end, +#else + .fips_text_start = (size_t)(uintptr_t)wolfCrypt_FIPS_first, + .fips_text_end = (size_t)(uintptr_t)wolfCrypt_FIPS_last, #endif - return ret; -} - -#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 12, 0) -#include +#endif /* HAVE_FIPS */ + .rodata_start = (size_t)(uintptr_t)__wc_rodata_start, + .rodata_end = (size_t)(uintptr_t)__wc_rodata_end, +#ifdef HAVE_FIPS +#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS + .fips_rodata_start = (size_t)(uintptr_t)__wc_rodata_start, + .fips_rodata_end = (size_t)(uintptr_t)__wc_rodata_end, #else -#include + .fips_rodata_start = (size_t)(uintptr_t)wolfCrypt_FIPS_ro_start, + .fips_rodata_end = (size_t)(uintptr_t)wolfCrypt_FIPS_ro_end, #endif + #if FIPS_VERSION3_GE(6,0,0) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) + .verifyCore_start = (uintptr_t)verifyCore, + .verifyCore_end = (uintptr_t)verifyCore + FIPS_IN_CORE_DIGEST_SIZE*2 + 1, + #endif +#endif /* HAVE_FIPS */ + .data_start = (size_t)(uintptr_t)__wc_rwdata_start, + .data_end = (size_t)(uintptr_t)__wc_rwdata_end, + .bss_start = (size_t)(uintptr_t)__wc_bss_start, + .bss_end = (size_t)(uintptr_t)__wc_bss_end, + .text_is_live = 1 +}; ssize_t wc_linuxkm_normalize_relocations( const u8 *text_in, @@ -934,210 +1163,42 @@ u8 *text_out, ssize_t *cur_index_p) { - ssize_t i; - size_t text_in_offset; - size_t last_reloc; /* for error-checking order in wc_linuxkm_pie_reloc_tab[] */ -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - int n_text_r = 0, n_rodata_r = 0, n_rwdata_r = 0, n_bss_r = 0, n_other_r = 0; -#endif - - if ((text_in_len == 0) || - ((uintptr_t)text_in < (uintptr_t)__wc_text_start) || - ((uintptr_t)(text_in + text_in_len) > (uintptr_t)__wc_text_end)) - { -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - pr_err("ERROR: %s returning -1 at L %d with span %x-%x versus segment %x-%x.\n", - __FUNCTION__, __LINE__, - (unsigned)(uintptr_t)text_in, - (unsigned)(uintptr_t)(text_in + text_in_len), - (unsigned)(uintptr_t)__wc_text_start, - (unsigned)(uintptr_t)__wc_text_end); -#endif - return -1; - } - - text_in_offset = (uintptr_t)text_in - (uintptr_t)__wc_text_start; - - if (cur_index_p) - i = *cur_index_p; - else - i = -1; - - if (i == -1) - i = find_reloc_tab_offset(text_in_offset); - - if (i < 0) { - return i; - } - - WC_SANITIZE_DISABLE(); - memcpy(text_out, text_in, text_in_len); - WC_SANITIZE_ENABLE(); - - for (last_reloc = wc_linuxkm_pie_reloc_tab[i > 0 ? i-1 : 0]; - (size_t)i < wc_linuxkm_pie_reloc_tab_length - 1; - ++i) - { - size_t next_reloc = wc_linuxkm_pie_reloc_tab[i]; - unsigned int reloc_tag; - int reloc_buf; + return wc_reloc_normalize_text(text_in, text_in_len, text_out, cur_index_p, &seg_map, #ifdef DEBUG_LINUXKM_PIE_SUPPORT - uintptr_t abs_ptr; + &reloc_counts +#else + NULL #endif + ); +} - if ((last_reloc & WC_RELOC_OFFSET_MASK) > (next_reloc & WC_RELOC_OFFSET_MASK)) { - pr_err("BUG: out-of-order offset found at wc_linuxkm_pie_reloc_tab[%zd]: %zu > %zu\n", - i, last_reloc & WC_RELOC_OFFSET_MASK, next_reloc & WC_RELOC_OFFSET_MASK); - return -1; - } - last_reloc = next_reloc; - - reloc_tag = next_reloc & WC_RELOC_TAG_MASK; - next_reloc &= WC_RELOC_OFFSET_MASK; - next_reloc -= text_in_offset; - - if (next_reloc >= text_in_len) { - /* no more relocations in this buffer. */ - break; - } - if (next_reloc > text_in_len - sizeof reloc_buf) { - /* relocation straddles buffer at end -- caller will try again with - * that relocation at the start. - */ - text_in_len = next_reloc; - break; - } - - /* set reloc_buf to the relative address from the live text segment. */ - reloc_buf = (int)get_unaligned((int32_t *)&text_out[next_reloc]); - -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - /* when debugging runtime segment consistency, for the various data - * segments, recognize dest addrs a few bytes outside the segment -- the - * compiler occasionally generates these, e.g. __wc_rwdata_start - 1 in - * DoInCoreCheck() in kernel 6.1 build of FIPS v5, __wc_bss_start - 4 in - * kernel 4.4, and __wc_rodata_end + 26 in kernel 6.18. - * - * abs_ptr is the absolute address referred to by the relocation. we - * need this in order to identify the target segment of the relocation, - * thereby allowing us to use the correct normalization tag and - * corrective offset for the relocation. - * - * start with the absolute address of the start of the current text - * segment span, add to that the offset of the relocation at issue, - * yielding the absolute address of the relocation, then add the - * contents of the relocation that we loaded above. - * - * the +4 accounts for the disp32 field size, as RIP points to the next - * instruction byte per the x86_64 ABI. - */ - #ifndef LINUXKM_PIE_DATA_SLOP_MARGIN - #define LINUXKM_PIE_DATA_SLOP_MARGIN 0x20 - #endif - - abs_ptr = (uintptr_t)text_in + next_reloc + 4 + reloc_buf; -#endif /* DEBUG_LINUXKM_PIE_SUPPORT */ +#elif defined(HAVE_FIPS) - switch (reloc_tag) { - case WC_TEXT_TAG: -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - if ((abs_ptr >= (uintptr_t)__wc_text_start) && - (abs_ptr <= (uintptr_t)__wc_text_end)) - ++n_text_r; - else { - reloc_tag = WC_OTHER_TAG; - break; - } -#endif - /* internal references in the .wolfcrypt.text segment don't need - * normalization. - */ - continue; - case WC_RODATA_TAG: -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - if ((abs_ptr >= (uintptr_t)__wc_rodata_start - LINUXKM_PIE_DATA_SLOP_MARGIN) && - (abs_ptr <= (uintptr_t)__wc_rodata_end + LINUXKM_PIE_DATA_SLOP_MARGIN)) - ++n_rodata_r; - else - reloc_tag = WC_OTHER_TAG; -#endif - reloc_buf -= (int)((uintptr_t)__wc_rodata_start - 1 - - (uintptr_t)__wc_text_start); - reloc_buf ^= WC_RODATA_TAG; - break; - case WC_RWDATA_TAG: -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - if ((abs_ptr >= (uintptr_t)__wc_rwdata_start - LINUXKM_PIE_DATA_SLOP_MARGIN) && - (abs_ptr <= (uintptr_t)__wc_rwdata_end + LINUXKM_PIE_DATA_SLOP_MARGIN)) - ++n_rwdata_r; - else - reloc_tag = WC_OTHER_TAG; -#endif - reloc_buf -= (int)((uintptr_t)__wc_rwdata_start - 1 - - (uintptr_t)__wc_text_start); - reloc_buf ^= WC_RWDATA_TAG; - break; - case WC_BSS_TAG: -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - if ((abs_ptr >= (uintptr_t)__wc_bss_start - LINUXKM_PIE_DATA_SLOP_MARGIN) && - (abs_ptr <= (uintptr_t)__wc_bss_end + LINUXKM_PIE_DATA_SLOP_MARGIN)) - ++n_bss_r; - else - reloc_tag = WC_OTHER_TAG; -#endif - reloc_buf -= (int)((uintptr_t)__wc_bss_start - 1 - - (uintptr_t)__wc_text_start); - reloc_buf ^= WC_BSS_TAG; - break; - } - if (reloc_tag == WC_OTHER_TAG) { - /* relocation referring to non-wolfcrypt segment -- these can only - * be stabilized by zeroing them. - */ - reloc_buf = WC_OTHER_TAG; -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - ++n_other_r; - /* we're currently only handling 32 bit relocations (R_X86_64_PLT32 - * and R_X86_64_PC32) so the top half of the word64 is padding we - * can lop off for rendering. - */ - pr_notice("found non-wolfcrypt relocation at text offset 0x%x to " - "addr 0x%x, text=%x-%x, rodata=%x-%x, " - "rwdata=%x-%x, bss=%x-%x\n", - wc_linuxkm_pie_reloc_tab[i] & WC_RELOC_OFFSET_MASK, - (unsigned)(uintptr_t)abs_ptr, - (unsigned)(uintptr_t)__wc_text_start, - (unsigned)(uintptr_t)__wc_text_end, - (unsigned)(uintptr_t)__wc_rodata_start, - (unsigned)(uintptr_t)__wc_rodata_end, - (unsigned)(uintptr_t)__wc_rwdata_start, - (unsigned)(uintptr_t)__wc_rwdata_end, - (unsigned)(uintptr_t)__wc_bss_start, - (unsigned)(uintptr_t)__wc_bss_end); +static const struct wc_reloc_table_segments seg_map = { + .start = 0, .end = 0, +#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS + .fips_text_start = (size_t)(uintptr_t)__wc_text_start, + .fips_text_end = (size_t)(uintptr_t)__wc_text_end, +#else + .fips_text_start = (size_t)(uintptr_t)wolfCrypt_FIPS_first, + .fips_text_end = (size_t)(uintptr_t)wolfCrypt_FIPS_last, #endif - } - put_unaligned((u32)reloc_buf, (int32_t *)&text_out[next_reloc]); - } - -#ifdef DEBUG_LINUXKM_PIE_SUPPORT - total_text_r += n_text_r; - total_rodata_r += n_rodata_r; - total_rwdata_r += n_rwdata_r; - total_bss_r += n_bss_r; - total_other_r += n_other_r; - - if (n_other_r > 0) - pr_notice("text_in=%x relocs=%d/%d/%d/%d/%d ret = %zu\n", - (unsigned)(uintptr_t)text_in, n_text_r, n_rodata_r, - n_rwdata_r, n_bss_r, n_other_r, - text_in_len); +#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS + .fips_rodata_start = (size_t)(uintptr_t)__wc_rodata_start, + .fips_rodata_end = (size_t)(uintptr_t)__wc_rodata_end, +#else + .fips_rodata_start = (size_t)(uintptr_t)wolfCrypt_FIPS_ro_start, + .fips_rodata_end = (size_t)(uintptr_t)wolfCrypt_FIPS_ro_end, #endif + #if FIPS_VERSION3_GE(6,0,0) || defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) + .verifyCore_start = (uintptr_t)verifyCore, + .verifyCore_end = (uintptr_t)verifyCore + FIPS_IN_CORE_DIGEST_SIZE*2 + 1 + #endif +}; - if (cur_index_p) - *cur_index_p = i; +#endif /* !WC_SYM_RELOC_TABLES && HAVE_FIPS */ - return (ssize_t)text_in_len; -} +#ifdef WC_SYM_RELOC_TABLES /* get_current() is an inline or macro, depending on the target -- sidestep the * whole issue with a wrapper func. @@ -1160,8 +1221,10 @@ 0, sizeof wolfssl_linuxkm_pie_redirect_table); +#ifdef HAVE_FIPS wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_normalize_relocations = wc_linuxkm_normalize_relocations; +#endif #ifndef __ARCH_MEMCMP_NO_REDIRECT wolfssl_linuxkm_pie_redirect_table.memcmp = memcmp; @@ -1274,7 +1337,9 @@ wolfssl_linuxkm_pie_redirect_table.kvfree = kvfree; #endif +#ifndef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT wolfssl_linuxkm_pie_redirect_table.get_random_bytes = get_random_bytes; +#endif #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) wolfssl_linuxkm_pie_redirect_table.getnstimeofday = getnstimeofday; @@ -1298,7 +1363,14 @@ #error WOLFSSL_USE_SAVE_VECTOR_REGISTERS is set for an unsupported architecture. #endif /* WOLFSSL_USE_SAVE_VECTOR_REGISTERS */ - wolfssl_linuxkm_pie_redirect_table.__mutex_init = __mutex_init; + #ifndef CONFIG_PREEMPT_RT + wolfssl_linuxkm_pie_redirect_table.__mutex_init = __mutex_init; + #else + wolfssl_linuxkm_pie_redirect_table.__rt_mutex_init = __rt_mutex_init; + wolfssl_linuxkm_pie_redirect_table.rt_mutex_base_init = rt_mutex_base_init; + wolfssl_linuxkm_pie_redirect_table.rt_spin_lock = rt_spin_lock; + wolfssl_linuxkm_pie_redirect_table.rt_spin_unlock = rt_spin_unlock; + #endif #if LINUX_VERSION_CODE < KERNEL_VERSION(4, 0, 0) wolfssl_linuxkm_pie_redirect_table.mutex_lock_nested = mutex_lock_nested; #else @@ -1456,9 +1528,7 @@ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ -#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES wolfssl_linuxkm_pie_redirect_table.dump_stack = dump_stack; -#endif wolfssl_linuxkm_pie_redirect_table.preempt_count = my_preempt_count; #ifndef _raw_spin_lock_irqsave @@ -1477,15 +1547,24 @@ #endif #ifdef CONFIG_ARM64 +#ifndef CONFIG_ARCH_TEGRA +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) wolfssl_linuxkm_pie_redirect_table.alt_cb_patch_nops = alt_cb_patch_nops; +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ wolfssl_linuxkm_pie_redirect_table.queued_spin_lock_slowpath = queued_spin_lock_slowpath; #endif +#endif wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_begin = wc_linuxkm_sig_ignore_begin; wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_sig_ignore_end = wc_linuxkm_sig_ignore_end; wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_check_for_intr_signals = wc_linuxkm_check_for_intr_signals; wolfssl_linuxkm_pie_redirect_table.wc_linuxkm_relax_long_loop = wc_linuxkm_relax_long_loop; +#ifdef CONFIG_KASAN + wolfssl_linuxkm_pie_redirect_table.kasan_disable_current = kasan_disable_current; + wolfssl_linuxkm_pie_redirect_table.kasan_enable_current = kasan_enable_current; +#endif + /* runtime assert that the table has no null slots after initialization. */ { unsigned long *i; @@ -1505,7 +1584,7 @@ return 0; } -#endif /* WC_PIE_RELOC_TABLES */ +#endif /* WC_SYM_RELOC_TABLES */ #if defined(HAVE_FIPS) && defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) @@ -1518,93 +1597,110 @@ #include PRAGMA_GCC_DIAG_POP -extern const char coreKey[WC_SHA256_DIGEST_SIZE*2 + 1]; +/* failsafe definitions for FIPS <5.3 */ +#ifndef FIPS_IN_CORE_DIGEST_SIZE + #ifndef NO_SHA256 + #define FIPS_IN_CORE_DIGEST_SIZE 32 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA256 + #define FIPS_IN_CORE_KEY_SZ 32 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #elif defined(WOLFSSL_SHA384) + #define FIPS_IN_CORE_DIGEST_SIZE 48 + #define FIPS_IN_CORE_HASH_TYPE WC_SHA384 + #define FIPS_IN_CORE_KEY_SZ 48 + #define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ + #else + #error Unsupported FIPS hash alg. + #endif +#endif + +extern const char coreKey[FIPS_IN_CORE_KEY_SZ*2 + 1]; extern const unsigned int wolfCrypt_FIPS_ro_start[]; extern const unsigned int wolfCrypt_FIPS_ro_end[]; -#define FIPS_IN_CORE_KEY_SZ 32 -#define FIPS_IN_CORE_VERIFY_SZ FIPS_IN_CORE_KEY_SZ -typedef int (*fips_address_function)(void); -#define MAX_FIPS_DATA_SZ 10000000 -#define MAX_FIPS_CODE_SZ 10000000 -extern int GenBase16_Hash(const byte* in, int length, char* out, int outSz); +static int linux_fips_hmac_setkey(struct shash_desc *desc, const byte *key, word32 key_len) { + int ret = crypto_shash_setkey(desc->tfm, key, key_len); + if (ret) { + pr_err("ERROR: crypto_shash_setkey failed: err %d\n", ret); + return BAD_STATE_E; + } + + ret = crypto_shash_init(desc); + if (ret) { + pr_err("ERROR: crypto_shash_init failed: err %d\n", ret); + return BAD_STATE_E; + } + return 0; +} +static int linux_fips_hmac_update(struct shash_desc *desc, const byte *in, word32 in_len) { + int ret = crypto_shash_update(desc, in, in_len); + if (ret) { + pr_err("ERROR: crypto_shash_update failed: err %d\n", ret); + return BAD_STATE_E; + } + else + return 0; +} +static int linux_fips_hmac_final(struct shash_desc *desc, byte *out, word32 out_sz) { + int ret; + + (void)out_sz; + + ret = crypto_shash_final(desc, out); + if (ret) { + pr_err("ERROR: crypto_shash_final failed: err %d\n", ret); + return BAD_STATE_E; + } + else + return 0; +} static int updateFipsHash(void) { struct crypto_shash *tfm = NULL; struct shash_desc *desc = NULL; - word32 verifySz = FIPS_IN_CORE_VERIFY_SZ; - word32 binCoreSz = FIPS_IN_CORE_KEY_SZ; int ret; - byte *hash = NULL; - char *base16_hash = NULL; - byte *binCoreKey = NULL; - byte *binVerify = NULL; - -#ifdef WC_USE_PIE_FENCEPOSTS_FOR_FIPS - fips_address_function first = __wc_text_start; - fips_address_function last = __wc_text_end; - char* start = (char*)__wc_rodata_start; - char* end = (char*)__wc_rodata_end; -#else - fips_address_function first = wolfCrypt_FIPS_first; - fips_address_function last = wolfCrypt_FIPS_last; - char* start = (char*)wolfCrypt_FIPS_ro_start; - char* end = (char*)wolfCrypt_FIPS_ro_end; -#endif - - unsigned long code_sz = (unsigned long)last - (unsigned long)first; - unsigned long data_sz = (unsigned long)end - (unsigned long)start; - - if (data_sz == 0 || data_sz > MAX_FIPS_DATA_SZ) - return BAD_FUNC_ARG; /* bad fips data size */ + word32 verifyCore_size = XSTRLEN(verifyCore) + 1; + char *old_verifyCore = XMALLOC(verifyCore_size, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (code_sz == 0 || code_sz > MAX_FIPS_CODE_SZ) - return BAD_FUNC_ARG; /* bad fips code size */ - - hash = XMALLOC(WC_SHA256_DIGEST_SIZE, 0, DYNAMIC_TYPE_TMP_BUFFER); - if (hash == NULL) { - ret = MEMORY_E; - goto out; - } - base16_hash = XMALLOC(WC_SHA256_DIGEST_SIZE*2 + 1, 0, DYNAMIC_TYPE_TMP_BUFFER); - if (base16_hash == NULL) { - ret = MEMORY_E; - goto out; - } - binCoreKey = XMALLOC(binCoreSz, 0, DYNAMIC_TYPE_TMP_BUFFER); - if (binCoreKey == NULL) { - ret = MEMORY_E; - goto out; - } - binVerify = XMALLOC(verifySz, 0, DYNAMIC_TYPE_TMP_BUFFER); - if (binVerify == NULL) { - ret = MEMORY_E; - goto out; - } - - { - word32 base16_out_len = binCoreSz; - ret = Base16_Decode((const byte *)coreKey, sizeof coreKey - 1, binCoreKey, &base16_out_len); - if (ret != 0) { - pr_err("ERROR: Base16_Decode for coreKey: %s\n", wc_GetErrorString(ret)); - goto out; - } - if (base16_out_len != binCoreSz) { - pr_err("ERROR: unexpected output length %u for coreKey from Base16_Decode.\n",base16_out_len); - ret = BAD_STATE_E; - goto out; - } + if (old_verifyCore == NULL) + return MEMORY_E; + XMEMCPY(old_verifyCore, verifyCore, verifyCore_size); + + wc_static_assert(((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA256) || + ((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA384) || + ((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA512) || + ((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA3_256) || + ((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA3_384) || + ((unsigned)FIPS_IN_CORE_HASH_TYPE == (unsigned)WC_SHA3_512)); + + switch ((unsigned)FIPS_IN_CORE_HASH_TYPE) { + case (unsigned)WC_SHA256: + tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); + break; + case (unsigned)WC_SHA384: + tfm = crypto_alloc_shash("hmac(sha384)", 0, 0); + break; + case (unsigned)WC_SHA512: + tfm = crypto_alloc_shash("hmac(sha512)", 0, 0); + break; + case (unsigned)WC_SHA3_256: + tfm = crypto_alloc_shash("hmac(sha3-256)", 0, 0); + break; + case (unsigned)WC_SHA3_384: + tfm = crypto_alloc_shash("hmac(sha3-384)", 0, 0); + break; + case (unsigned)WC_SHA3_512: + tfm = crypto_alloc_shash("hmac(sha3-512)", 0, 0); + break; } - tfm = crypto_alloc_shash("hmac(sha256)", 0, 0); if (IS_ERR(tfm)) { if (PTR_ERR(tfm) == -ENOMEM) { pr_err("ERROR: crypto_alloc_shash failed: out of memory\n"); ret = MEMORY_E; } else if (PTR_ERR(tfm) == -ENOENT) { - pr_err("ERROR: crypto_alloc_shash failed: kernel is missing hmac(sha256) implementation\n"); - pr_err("ERROR: check for CONFIG_CRYPTO_SHA256 and CONFIG_CRYPTO_HMAC.\n"); + pr_err("ERROR: crypto_alloc_shash failed: target kernel is missing algorithm implementation for hash type %u\n", FIPS_IN_CORE_HASH_TYPE); ret = NOT_COMPILED_IN; } else { pr_err("ERROR: crypto_alloc_shash failed with ret %ld\n",PTR_ERR(tfm)); @@ -1625,124 +1721,38 @@ XMEMSET(desc, 0, desc_size); } - ret = crypto_shash_setkey(tfm, binCoreKey, binCoreSz); - if (ret) { - pr_err("ERROR: crypto_ahash_setkey failed: err %d\n", ret); - ret = BAD_STATE_E; - goto out; - } - desc->tfm = tfm; - ret = crypto_shash_init(desc); - if (ret) { - pr_err("ERROR: crypto_shash_init failed: err %d\n", ret); - ret = BAD_STATE_E; - goto out; - } - -#if defined(WOLFSSL_LINUXKM) && defined(WC_PIE_RELOC_TABLES) - { - ssize_t cur_reloc_index = -1; - const byte *text_p = (const byte *)first; - byte *buf = XMALLOC(8192, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (! buf) { - pr_err("ERROR: malloc failed in updateFipsHash()\n"); - ret = MEMORY_E; - goto out; - } - - while (text_p < (const byte *)last) { - ssize_t progress = wc_linuxkm_normalize_relocations( - text_p, - min(8192, (word32)((const byte *)last - text_p)), - buf, - &cur_reloc_index); - if (progress < 0) { - ret = IN_CORE_FIPS_E; - break; - } - ret = crypto_shash_update(desc, buf, (word32)progress); - if (ret) - break; - text_p += progress; - } - - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - - WC_SANITIZE_DISABLE(); + ret = wc_fips_generate_hash( + &seg_map, + FIPS_IN_CORE_DIGEST_SIZE, + coreKey, + desc, + (wc_fips_verifyCore_hmac_setkey_fn)linux_fips_hmac_setkey, + (wc_fips_verifyCore_hmac_update_fn)linux_fips_hmac_update, + (wc_fips_verifyCore_hmac_final_fn)linux_fips_hmac_final, + verifyCore, + &verifyCore_size, +#if defined(DEBUG_LINUXKM_PIE_SUPPORT) && defined(WC_SYM_RELOC_TABLES) + &reloc_counts #else - WC_SANITIZE_DISABLE(); - ret = crypto_shash_update(desc, (byte *)(wc_ptr_t)first, (word32)code_sz); -#endif /* !WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE */ - - if (ret) { - pr_err("ERROR: crypto_shash_update failed: err %d\n", ret); - ret = BAD_STATE_E; - WC_SANITIZE_ENABLE(); - goto out; - } - - /* don't hash verifyCore or changing verifyCore will change hash */ - if (verifyCore >= start && verifyCore < end) { - data_sz = (unsigned long)verifyCore - (unsigned long)start; - ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz); - if (ret) { - pr_err("ERROR: crypto_shash_update failed: err %d\n", ret); - ret = BAD_STATE_E; - goto out; - } - start = (char*)verifyCore + sizeof(verifyCore); - data_sz = (unsigned long)end - (unsigned long)start; - } - ret = crypto_shash_update(desc, (byte*)start, (word32)data_sz); - if (ret) { - pr_err("ERROR: crypto_shash_update failed: err %d\n", ret); - ret = BAD_STATE_E; - WC_SANITIZE_ENABLE(); - goto out; - } - - WC_SANITIZE_ENABLE(); - - ret = crypto_shash_final(desc, hash); - if (ret) { - pr_err("ERROR: crypto_shash_final failed: err %d\n", ret); - ret = BAD_STATE_E; - goto out; - } + NULL +#endif + ); - ret = GenBase16_Hash(hash, WC_SHA256_DIGEST_SIZE, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1); - if (ret != 0) { - pr_err("ERROR: GenBase16_Hash failed: %s\n", wc_GetErrorString(ret)); + if (ret < 0) goto out; - } - { - word32 base16_out_len = verifySz; - ret = Base16_Decode((const byte *)verifyCore, sizeof verifyCore - 1, binVerify, &base16_out_len); - if (ret != 0) { - pr_err("ERROR: Base16_Decode for verifyCore: %s\n", wc_GetErrorString(ret)); - goto out; - } - if (base16_out_len != binCoreSz) { - pr_err("ERROR: unexpected output length %u for verifyCore from Base16_Decode.\n",base16_out_len); - ret = BAD_STATE_E; - goto out; - } - } - - if (XMEMCMP(hash, binVerify, WC_SHA256_DIGEST_SIZE) == 0) { + if (strcmp(old_verifyCore, verifyCore) == 0) { #if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) pr_info("updateFipsHash: verifyCore already matches [%s]\n", verifyCore); #else pr_info("updateFipsHash: verifyCore already matches.\n"); #endif - } else { - XMEMCPY(verifyCore, base16_hash, WC_SHA256_DIGEST_SIZE*2 + 1); + } + else { #if defined(DEBUG_LINUXKM_PIE_SUPPORT) || defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) - pr_info("updateFipsHash: verifyCore updated [%s].\n", base16_hash); + pr_info("updateFipsHash: verifyCore updated [%s].\n", verifyCore); #else pr_info("updateFipsHash: verifyCore updated.\n"); #endif @@ -1755,10 +1765,7 @@ if (tfm != NULL) crypto_free_shash(tfm); XFREE(desc, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(base16_hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(binCoreKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(binVerify, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(old_verifyCore, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -1891,8 +1898,24 @@ printf("OK, testing code %s\n", code_buf); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + { + unsigned long stack_usage; + stack_usage = wc_linuxkm_stack_current(); + pr_info("STACK INFO: usage at call to linuxkm_op_test_1(): %lu of %lu total\n", stack_usage, THREAD_SIZE); + wc_linuxkm_stack_hwm_prepare(0xee); + #endif + ret = linuxkm_op_test_1(argc, &argv[0]); + #ifdef WC_LINUXKM_HAVE_STACK_DEBUG + stack_usage = wc_linuxkm_stack_hwm_measure_rel(0xee); + pr_info("STACK INFO: rel usage by linuxkm_op_test_1(): %lu\n", stack_usage); + /* shush up false stack HWM reading by kernel: */ + wc_linuxkm_stack_hwm_prepare(0); + } + #endif + printf("ret of op_test = %d\n", ret); /* reload the library in memory and re-init state */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.14.0-570.58.1.el9_6/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v14-570v58v1-el9_6.patch 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,462 @@ +--- 5.14.0-570.58.1.el9_6/drivers/char/random.c.dist 2026-01-12 10:50:48.537243229 -0600 ++++ 5.14.0-570.58.1.el9_6/drivers/char/random.c 2026-01-12 11:17:45.002091787 -0600 +@@ -63,6 +63,260 @@ + #include + #include + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ ++#include ++ ++static atomic_long_t random_bytes_cb_owner = ++ ATOMIC_INIT((long)NULL); ++static atomic_t random_bytes_cb_refcnt = ++ ATOMIC_INIT(0); /* 0 if unregistered, 1 if no calls in flight. */ ++static _get_random_bytes_cb_t _get_random_bytes_cb = NULL; ++static get_random_bytes_user_cb_t get_random_bytes_user_cb = NULL; ++static crng_ready_cb_t crng_ready_cb = NULL; ++static mix_pool_bytes_cb_t mix_pool_bytes_cb = NULL; ++static credit_init_bits_cb_t credit_init_bits_cb = NULL; ++static crng_reseed_cb_t crng_reseed_cb = NULL; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers) ++{ ++ if ((! new_random_bytes_cb_owner) || ++ (! handlers) || ++ (! handlers->_get_random_bytes) || ++ (! handlers->get_random_bytes_user)) ++ { ++ return -EINVAL; ++ } ++ ++ /* random_bytes_cb_owner is used to enforce serialization of ++ * wolfssl_register_random_bytes_handlers() and ++ * wolfssl_unregister_random_bytes_handlers(). ++ */ ++ if (atomic_long_cmpxchg(&random_bytes_cb_owner, ++ (long)NULL, ++ (long)new_random_bytes_cb_owner) ++ != (long)NULL) ++ { ++ return -EBUSY; ++ } ++ ++ { ++ int current_random_bytes_cb_refcnt = atomic_read(&random_bytes_cb_refcnt); ++ if (current_random_bytes_cb_refcnt) { ++ pr_err("BUG: random_bytes_cb_refcnt == %d with null random_bytes_cb_owner", current_random_bytes_cb_refcnt); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -EFAULT; ++ } ++ } ++ ++ if (! try_module_get(new_random_bytes_cb_owner)) { ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -ENODEV; ++ } ++ ++ _get_random_bytes_cb = handlers->_get_random_bytes; ++ get_random_bytes_user_cb = handlers->get_random_bytes_user; ++ crng_ready_cb = handlers->crng_ready; ++ mix_pool_bytes_cb = handlers->mix_pool_bytes; ++ credit_init_bits_cb = handlers->credit_init_bits; ++ crng_reseed_cb = handlers->crng_reseed; ++ ++ barrier(); ++ atomic_set_release(&random_bytes_cb_refcnt, 1); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_register_random_bytes_handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void) ++{ ++ int current_random_bytes_cb_refcnt; ++ int n_tries; ++ if (! atomic_long_read(&random_bytes_cb_owner)) ++ return -ENODEV; ++ ++ /* we're racing the kernel at large to try to catch random_bytes_cb_refcnt ++ * with no callers in flight -- retry and relax up to 100 times. ++ */ ++ for (n_tries = 0; n_tries < 100; ++n_tries) { ++ current_random_bytes_cb_refcnt = atomic_cmpxchg(&random_bytes_cb_refcnt, 1, 0); ++ if (current_random_bytes_cb_refcnt == 1) ++ break; ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in wolfssl_linuxkm_unregister_random_bytes_handlers.", current_random_bytes_cb_refcnt); ++ break; ++ } ++ if (msleep_interruptible(10) != 0) ++ return -EINTR; ++ } ++ if (current_random_bytes_cb_refcnt != 1) { ++ pr_warn("WARNING: wolfssl_unregister_random_bytes_handlers called with random_bytes_cb_refcnt == %d", current_random_bytes_cb_refcnt); ++ return -EBUSY; ++ } ++ ++ _get_random_bytes_cb = NULL; ++ get_random_bytes_user_cb = NULL; ++ crng_ready_cb = NULL; ++ mix_pool_bytes_cb = NULL; ++ credit_init_bits_cb = NULL; ++ crng_reseed_cb = NULL; ++ ++ module_put((struct module *)atomic_long_read(&random_bytes_cb_owner)); ++ barrier(); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_unregister_random_bytes_handlers); ++ ++static __always_inline int reserve_random_bytes_cb(void) { ++ int current_random_bytes_cb_refcnt = ++ atomic_read_acquire(&random_bytes_cb_refcnt); ++ ++ if (! current_random_bytes_cb_refcnt) ++ return -ENODEV; ++ ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in reserve_random_bytes_cb.", current_random_bytes_cb_refcnt); ++ return -EFAULT; ++ } ++ ++ for (;;) { ++ int orig_random_bytes_cb_refcnt = ++ atomic_cmpxchg( ++ &random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt + 1); ++ if (orig_random_bytes_cb_refcnt == current_random_bytes_cb_refcnt) ++ return 0; ++ else if (! orig_random_bytes_cb_refcnt) ++ return -ENODEV; ++ else ++ current_random_bytes_cb_refcnt = orig_random_bytes_cb_refcnt; ++ } ++ ++ __builtin_unreachable(); ++} ++ ++static __always_inline void release_random_bytes_cb(void) { ++ atomic_dec(&random_bytes_cb_refcnt); ++} ++ ++static inline int call__get_random_bytes_cb(void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! _get_random_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = _get_random_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline ssize_t call_get_random_bytes_user_cb(struct iov_iter *iter) ++{ ++ ssize_t ret; ++ ++ if (! get_random_bytes_user_cb) ++ return -ECANCELED; ++ ++ ret = (ssize_t)reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = get_random_bytes_user_cb(iter); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline bool call_crng_ready_cb(void) ++{ ++ bool ret; ++ ++ /* Null crng_ready_cb signifies that the DRBG is always ready, i.e. that if ++ * called, it will always have or obtain sufficient entropy to fulfill the ++ * call. ++ */ ++ if (! crng_ready_cb) ++ return 1; ++ ++ if (reserve_random_bytes_cb() != 0) ++ return 0; ++ ++ ret = crng_ready_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_mix_pool_bytes_cb(const void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! mix_pool_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = mix_pool_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_credit_init_bits_cb(size_t bits) ++{ ++ int ret; ++ ++ if (! credit_init_bits_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = credit_init_bits_cb(bits); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_crng_reseed_cb(void) ++{ ++ int ret; ++ ++ if (! crng_reseed_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = crng_reseed_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++#endif /* WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS */ ++ + /********************************************************************* + * + * Initialization and readiness waiting. +@@ -83,7 +337,15 @@ static enum { + CRNG_READY = 2 /* Fully initialized with POOL_READY_BITS collected */ + } crng_init __read_mostly = CRNG_EMPTY; + static DEFINE_STATIC_KEY_FALSE(crng_is_ready); ++ + #define crng_ready() (static_branch_likely(&crng_is_ready) || crng_init >= CRNG_READY) ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define crng_ready_by_cb() (atomic_read(&random_bytes_cb_refcnt) && call_crng_ready_cb()) ++ #define crng_ready_maybe_cb() (atomic_read(&random_bytes_cb_refcnt) ? (call_crng_ready_cb() || crng_ready()) : crng_ready()) ++#else ++ #define crng_ready_maybe_cb() crng_ready() ++#endif ++ + /* Various types of waiters for crng_init->CRNG_READY transition. */ + static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); + static struct fasync_struct *fasync; +@@ -108,7 +370,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Dis + */ + bool rng_is_initialized(void) + { +- return crng_ready(); ++ return crng_ready_maybe_cb(); + } + EXPORT_SYMBOL(rng_is_initialized); + +@@ -132,11 +394,11 @@ static void try_to_generate_entropy(void + */ + int wait_for_random_bytes(void) + { +- while (!crng_ready()) { ++ while (!crng_ready_maybe_cb()) { + int ret; + + try_to_generate_entropy(); +- ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready(), HZ); ++ ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready_maybe_cb(), HZ); + if (ret) + return ret > 0 ? 0 : ret; + } +@@ -165,7 +427,7 @@ int __cold execute_with_initialized_rng( + } + + #define warn_unseeded_randomness() \ +- if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ ++ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready_maybe_cb()) \ + printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ + __func__, (void *)_RET_IP_, crng_init) + +@@ -388,6 +650,14 @@ static void _get_random_bytes(void *buf, + if (!len) + return; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* If call__get_random_bytes_cb() doesn't succeed, flow falls through to ++ * the native implementation. _get_random_bytes() must succeed. ++ */ ++ if (call__get_random_bytes_cb(buf, len) == 0) ++ return; ++#endif ++ + first_block_len = min_t(size_t, 32, len); + crng_make_state(chacha_state, buf, first_block_len); + len -= first_block_len; +@@ -434,6 +704,18 @@ static ssize_t get_random_bytes_user(str + if (unlikely(!iov_iter_count(iter))) + return 0; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ { ++ ssize_t cb_ret = call_get_random_bytes_user_cb(iter); ++ /* If the callback returns -ECANCELED, that signals that iter is ++ * still intact, and flow can safely fall through to the native ++ * implementation. ++ */ ++ if (cb_ret != -ECANCELED) ++ return cb_ret; ++ } ++#endif ++ + /* + * Immediately overwrite the ChaCha key at index 4 with random + * bytes, in case userspace causes copy_to_iter() below to sleep +@@ -510,7 +792,7 @@ type get_random_ ##type(void) \ + \ + warn_unseeded_randomness(); \ + \ +- if (!crng_ready()) { \ ++ if (!crng_ready_maybe_cb()) { \ + _get_random_bytes(&ret, sizeof(ret)); \ + return ret; \ + } \ +@@ -649,6 +931,11 @@ static void mix_pool_bytes(const void *b + { + unsigned long flags; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ (void)call_mix_pool_bytes_cb(buf, len); ++ /* fall through to mix into native pool too. */ ++#endif ++ + spin_lock_irqsave(&input_pool.lock, flags); + _mix_pool_bytes(buf, len); + spin_unlock_irqrestore(&input_pool.lock, flags); +@@ -708,7 +995,11 @@ static void extract_entropy(void *buf, s + memzero_explicit(&block, sizeof(block)); + } + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++#define credit_init_bits(bits) do { (void)call_credit_init_bits_cb(bits); if (!crng_ready()) _credit_init_bits(bits); } while (0) ++#else + #define credit_init_bits(bits) if (!crng_ready()) _credit_init_bits(bits) ++#endif + + static void __cold _credit_init_bits(size_t bits) + { +@@ -1419,7 +1710,7 @@ SYSCALL_DEFINE3(getrandom, char __user * + return ret; + } + +- if (!crng_ready() && !(flags & GRND_INSECURE)) { ++ if (!crng_ready_maybe_cb() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; + ret = wait_for_random_bytes(); +@@ -1435,6 +1726,10 @@ SYSCALL_DEFINE3(getrandom, char __user * + + static __poll_t random_poll(struct file *file, poll_table *wait) + { ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ if (crng_ready_by_cb()) ++ return EPOLLIN | EPOLLRDNORM; ++#endif + poll_wait(file, &crng_init_wait, wait); + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; + } +@@ -1490,7 +1785,7 @@ static ssize_t urandom_read_iter(struct + if (!crng_ready()) + try_to_generate_entropy(); + +- if (!crng_ready()) { ++ if (!crng_ready_maybe_cb()) { + if (!ratelimit_disable && maxwarn <= 0) + ++urandom_warning.missed; + else if (ratelimit_disable || __ratelimit(&urandom_warning)) { +@@ -1573,6 +1868,14 @@ static long random_ioctl(struct file *f, + case RNDRESEEDCRNG: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* fall through to reseed native crng too. */ ++ if (call_crng_reseed_cb() == 0) { ++ if (crng_ready()) ++ crng_reseed(NULL); ++ return 0; ++ } ++#endif + if (!crng_ready()) + return -ENODATA; + crng_reseed(NULL); +--- 5.14.0-570.58.1.el9_6/include/linux/random.h.dist 2026-01-12 10:50:57.004413581 -0600 ++++ 5.14.0-570.58.1.el9_6/include/linux/random.h 2026-01-12 10:56:29.124034816 -0600 +@@ -175,4 +175,37 @@ int random_online_cpu(unsigned int cpu); + extern const struct file_operations random_fops, urandom_fops; + #endif + ++#ifndef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS 1 ++#endif ++ ++typedef int (*_get_random_bytes_cb_t)(void *buf, size_t len); ++struct iov_iter; ++/* kernels >= 5.17.0 use get_random_bytes_user() */ ++typedef ssize_t (*get_random_bytes_user_cb_t)(struct iov_iter *iter); ++/* kernels < 5.17.0 use extract_crng_user(), though some LTS kernels, ++ * e.g. 5.10.236, have the 5.17+ architecture backported. ++ */ ++typedef ssize_t (*extract_crng_user_cb_t)(void __user *buf, size_t nbytes); ++typedef bool (*crng_ready_cb_t)(void); ++typedef int (*mix_pool_bytes_cb_t)(const void *buf, size_t len); ++typedef int (*credit_init_bits_cb_t)(size_t bits); ++typedef int (*crng_reseed_cb_t)(void); ++ ++struct wolfssl_linuxkm_random_bytes_handlers { ++ _get_random_bytes_cb_t _get_random_bytes; ++ get_random_bytes_user_cb_t get_random_bytes_user; ++ extract_crng_user_cb_t extract_crng_user; ++ crng_ready_cb_t crng_ready; ++ mix_pool_bytes_cb_t mix_pool_bytes; ++ credit_init_bits_cb_t credit_init_bits; ++ crng_reseed_cb_t crng_reseed; ++}; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void); ++ + #endif /* _LINUX_RANDOM_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/5.17-ubuntu-jammy-tegra/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-5v17-ubuntu-jammy-tegra.patch 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,462 @@ +--- 5.17-ubuntu-jammy-tegra/drivers/char/random.c.dist 2025-12-10 09:55:51.740854778 -0600 ++++ 5.17-ubuntu-jammy-tegra/drivers/char/random.c 2025-12-10 10:19:00.414922381 -0600 +@@ -60,6 +60,260 @@ + #include + #include + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ ++#include ++ ++static atomic_long_t random_bytes_cb_owner = ++ ATOMIC_INIT((long)NULL); ++static atomic_t random_bytes_cb_refcnt = ++ ATOMIC_INIT(0); /* 0 if unregistered, 1 if no calls in flight. */ ++static _get_random_bytes_cb_t _get_random_bytes_cb = NULL; ++static get_random_bytes_user_cb_t get_random_bytes_user_cb = NULL; ++static crng_ready_cb_t crng_ready_cb = NULL; ++static mix_pool_bytes_cb_t mix_pool_bytes_cb = NULL; ++static credit_init_bits_cb_t credit_init_bits_cb = NULL; ++static crng_reseed_cb_t crng_reseed_cb = NULL; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers) ++{ ++ if ((! new_random_bytes_cb_owner) || ++ (! handlers) || ++ (! handlers->_get_random_bytes) || ++ (! handlers->get_random_bytes_user)) ++ { ++ return -EINVAL; ++ } ++ ++ /* random_bytes_cb_owner is used to enforce serialization of ++ * wolfssl_register_random_bytes_handlers() and ++ * wolfssl_unregister_random_bytes_handlers(). ++ */ ++ if (atomic_long_cmpxchg(&random_bytes_cb_owner, ++ (long)NULL, ++ (long)new_random_bytes_cb_owner) ++ != (long)NULL) ++ { ++ return -EBUSY; ++ } ++ ++ { ++ int current_random_bytes_cb_refcnt = atomic_read(&random_bytes_cb_refcnt); ++ if (current_random_bytes_cb_refcnt) { ++ pr_err("BUG: random_bytes_cb_refcnt == %d with null random_bytes_cb_owner", current_random_bytes_cb_refcnt); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -EFAULT; ++ } ++ } ++ ++ if (! try_module_get(new_random_bytes_cb_owner)) { ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -ENODEV; ++ } ++ ++ _get_random_bytes_cb = handlers->_get_random_bytes; ++ get_random_bytes_user_cb = handlers->get_random_bytes_user; ++ crng_ready_cb = handlers->crng_ready; ++ mix_pool_bytes_cb = handlers->mix_pool_bytes; ++ credit_init_bits_cb = handlers->credit_init_bits; ++ crng_reseed_cb = handlers->crng_reseed; ++ ++ barrier(); ++ atomic_set_release(&random_bytes_cb_refcnt, 1); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_register_random_bytes_handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void) ++{ ++ int current_random_bytes_cb_refcnt; ++ int n_tries; ++ if (! atomic_long_read(&random_bytes_cb_owner)) ++ return -ENODEV; ++ ++ /* we're racing the kernel at large to try to catch random_bytes_cb_refcnt ++ * with no callers in flight -- retry and relax up to 100 times. ++ */ ++ for (n_tries = 0; n_tries < 100; ++n_tries) { ++ current_random_bytes_cb_refcnt = atomic_cmpxchg(&random_bytes_cb_refcnt, 1, 0); ++ if (current_random_bytes_cb_refcnt == 1) ++ break; ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in wolfssl_linuxkm_unregister_random_bytes_handlers.", current_random_bytes_cb_refcnt); ++ break; ++ } ++ if (msleep_interruptible(10) != 0) ++ return -EINTR; ++ } ++ if (current_random_bytes_cb_refcnt != 1) { ++ pr_warn("WARNING: wolfssl_unregister_random_bytes_handlers called with random_bytes_cb_refcnt == %d", current_random_bytes_cb_refcnt); ++ return -EBUSY; ++ } ++ ++ _get_random_bytes_cb = NULL; ++ get_random_bytes_user_cb = NULL; ++ crng_ready_cb = NULL; ++ mix_pool_bytes_cb = NULL; ++ credit_init_bits_cb = NULL; ++ crng_reseed_cb = NULL; ++ ++ module_put((struct module *)atomic_long_read(&random_bytes_cb_owner)); ++ barrier(); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_unregister_random_bytes_handlers); ++ ++static __always_inline int reserve_random_bytes_cb(void) { ++ int current_random_bytes_cb_refcnt = ++ atomic_read_acquire(&random_bytes_cb_refcnt); ++ ++ if (! current_random_bytes_cb_refcnt) ++ return -ENODEV; ++ ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in reserve_random_bytes_cb.", current_random_bytes_cb_refcnt); ++ return -EFAULT; ++ } ++ ++ for (;;) { ++ int orig_random_bytes_cb_refcnt = ++ atomic_cmpxchg( ++ &random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt + 1); ++ if (orig_random_bytes_cb_refcnt == current_random_bytes_cb_refcnt) ++ return 0; ++ else if (! orig_random_bytes_cb_refcnt) ++ return -ENODEV; ++ else ++ current_random_bytes_cb_refcnt = orig_random_bytes_cb_refcnt; ++ } ++ ++ __builtin_unreachable(); ++} ++ ++static __always_inline void release_random_bytes_cb(void) { ++ atomic_dec(&random_bytes_cb_refcnt); ++} ++ ++static inline int call__get_random_bytes_cb(void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! _get_random_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = _get_random_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline ssize_t call_get_random_bytes_user_cb(struct iov_iter *iter) ++{ ++ ssize_t ret; ++ ++ if (! get_random_bytes_user_cb) ++ return -ECANCELED; ++ ++ ret = (ssize_t)reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = get_random_bytes_user_cb(iter); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline bool call_crng_ready_cb(void) ++{ ++ bool ret; ++ ++ /* Null crng_ready_cb signifies that the DRBG is always ready, i.e. that if ++ * called, it will always have or obtain sufficient entropy to fulfill the ++ * call. ++ */ ++ if (! crng_ready_cb) ++ return 1; ++ ++ if (reserve_random_bytes_cb() != 0) ++ return 0; ++ ++ ret = crng_ready_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_mix_pool_bytes_cb(const void *buf, size_t len) ++{ ++ int ret; ++ ++ if (! mix_pool_bytes_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = mix_pool_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_credit_init_bits_cb(size_t bits) ++{ ++ int ret; ++ ++ if (! credit_init_bits_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = credit_init_bits_cb(bits); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_crng_reseed_cb(void) ++{ ++ int ret; ++ ++ if (! crng_reseed_cb) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = crng_reseed_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++#endif /* WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS */ ++ + /********************************************************************* + * + * Initialization and readiness waiting. +@@ -79,7 +333,15 @@ static enum { + CRNG_EARLY = 1, /* At least POOL_EARLY_BITS collected */ + CRNG_READY = 2 /* Fully initialized with POOL_READY_BITS collected */ + } crng_init __read_mostly = CRNG_EMPTY; ++ + #define crng_ready() (likely(crng_init >= CRNG_READY)) ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define crng_ready_by_cb() (atomic_read(&random_bytes_cb_refcnt) && call_crng_ready_cb()) ++ #define crng_ready_maybe_cb() (atomic_read(&random_bytes_cb_refcnt) ? (call_crng_ready_cb() || crng_ready()) : crng_ready()) ++#else ++ #define crng_ready_maybe_cb() crng_ready() ++#endif ++ + /* Various types of waiters for crng_init->CRNG_READY transition. */ + static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); + static struct fasync_struct *fasync; +@@ -105,7 +367,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Dis + */ + bool rng_is_initialized(void) + { +- return crng_ready(); ++ return crng_ready_maybe_cb(); + } + EXPORT_SYMBOL(rng_is_initialized); + +@@ -124,11 +386,11 @@ static void try_to_generate_entropy(void + */ + int wait_for_random_bytes(void) + { +- while (!crng_ready()) { ++ while (!crng_ready_maybe_cb()) { + int ret; + + try_to_generate_entropy(); +- ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready(), HZ); ++ ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready_maybe_cb(), HZ); + if (ret) + return ret > 0 ? 0 : ret; + } +@@ -182,7 +444,7 @@ static void __cold process_random_ready_ + } + + #define warn_unseeded_randomness() \ +- if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready()) \ ++ if (IS_ENABLED(CONFIG_WARN_ALL_UNSEEDED_RANDOM) && !crng_ready_maybe_cb()) \ + printk_deferred(KERN_NOTICE "random: %s called from %pS with crng_init=%d\n", \ + __func__, (void *)_RET_IP_, crng_init) + +@@ -401,6 +663,14 @@ static void _get_random_bytes(void *buf, + if (!len) + return; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* If call__get_random_bytes_cb() doesn't succeed, flow falls through to ++ * the native implementation. _get_random_bytes() must succeed. ++ */ ++ if (call__get_random_bytes_cb(buf, len) == 0) ++ return; ++#endif ++ + first_block_len = min_t(size_t, 32, len); + crng_make_state(chacha_state, buf, first_block_len); + len -= first_block_len; +@@ -450,6 +720,18 @@ static ssize_t get_random_bytes_user(str + if (unlikely(!iov_iter_count(iter))) + return 0; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ { ++ ssize_t cb_ret = call_get_random_bytes_user_cb(iter); ++ /* If the callback returns -ECANCELED, that signals that iter is ++ * still intact, and flow can safely fall through to the native ++ * implementation. ++ */ ++ if (cb_ret != -ECANCELED) ++ return cb_ret; ++ } ++#endif ++ + /* + * Immediately overwrite the ChaCha key at index 4 with random + * bytes, in case userspace causes copy_to_iter() below to sleep +@@ -526,7 +808,7 @@ type get_random_ ##type(void) \ + \ + warn_unseeded_randomness(); \ + \ +- if (!crng_ready()) { \ ++ if (!crng_ready_maybe_cb()) { \ + _get_random_bytes(&ret, sizeof(ret)); \ + return ret; \ + } \ +@@ -650,6 +932,11 @@ static void mix_pool_bytes(const void *b + { + unsigned long flags; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ (void)call_mix_pool_bytes_cb(buf, len); ++ /* fall through to mix into native pool too. */ ++#endif ++ + spin_lock_irqsave(&input_pool.lock, flags); + _mix_pool_bytes(buf, len); + spin_unlock_irqrestore(&input_pool.lock, flags); +@@ -701,7 +988,11 @@ static void extract_entropy(void *buf, s + memzero_explicit(&block, sizeof(block)); + } + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++#define credit_init_bits(bits) do { (void)call_credit_init_bits_cb(bits); if (!crng_ready()) _credit_init_bits(bits); } while (0) ++#else + #define credit_init_bits(bits) if (!crng_ready()) _credit_init_bits(bits) ++#endif + + static void __cold _credit_init_bits(size_t bits) + { +@@ -1228,7 +1519,7 @@ SYSCALL_DEFINE3(getrandom, char __user * + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + +- if (!crng_ready() && !(flags & GRND_INSECURE)) { ++ if (!crng_ready_maybe_cb() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; + ret = wait_for_random_bytes(); +@@ -1244,6 +1535,10 @@ SYSCALL_DEFINE3(getrandom, char __user * + + static __poll_t random_poll(struct file *file, poll_table *wait) + { ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ if (crng_ready_by_cb()) ++ return EPOLLIN | EPOLLRDNORM; ++#endif + poll_wait(file, &crng_init_wait, wait); + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; + } +@@ -1285,7 +1580,7 @@ static ssize_t urandom_read_iter(struct + { + static int maxwarn = 10; + +- if (!crng_ready()) { ++ if (!crng_ready_maybe_cb()) { + if (!ratelimit_disable && maxwarn <= 0) + ++urandom_warning.missed; + else if (ratelimit_disable || __ratelimit(&urandom_warning)) { +@@ -1368,6 +1663,14 @@ static long random_ioctl(struct file *f, + case RNDRESEEDCRNG: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* fall through to reseed native crng too. */ ++ if (call_crng_reseed_cb() == 0) { ++ if (crng_ready()) ++ crng_reseed(); ++ return 0; ++ } ++#endif + if (!crng_ready()) + return -ENODATA; + crng_reseed(); +--- 5.17-ubuntu-jammy-tegra/include/linux/random.h.dist 2025-12-10 10:11:26.642681781 -0600 ++++ 5.17-ubuntu-jammy-tegra/include/linux/random.h 2025-12-10 10:14:44.417609545 -0600 +@@ -138,4 +138,37 @@ int random_online_cpu(unsigned int cpu); + extern const struct file_operations random_fops, urandom_fops; + #endif + ++#ifndef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS 1 ++#endif ++ ++typedef int (*_get_random_bytes_cb_t)(void *buf, size_t len); ++struct iov_iter; ++/* kernels >= 5.17.0 use get_random_bytes_user() */ ++typedef ssize_t (*get_random_bytes_user_cb_t)(struct iov_iter *iter); ++/* kernels < 5.17.0 use extract_crng_user(), though some LTS kernels, ++ * e.g. 5.10.236, have the 5.17+ architecture backported. ++ */ ++typedef ssize_t (*extract_crng_user_cb_t)(void __user *buf, size_t nbytes); ++typedef bool (*crng_ready_cb_t)(void); ++typedef int (*mix_pool_bytes_cb_t)(const void *buf, size_t len); ++typedef int (*credit_init_bits_cb_t)(size_t bits); ++typedef int (*crng_reseed_cb_t)(void); ++ ++struct wolfssl_linuxkm_random_bytes_handlers { ++ _get_random_bytes_cb_t _get_random_bytes; ++ get_random_bytes_user_cb_t get_random_bytes_user; ++ extract_crng_user_cb_t extract_crng_user; ++ crng_ready_cb_t crng_ready; ++ mix_pool_bytes_cb_t mix_pool_bytes; ++ credit_init_bits_cb_t credit_init_bits; ++ crng_reseed_cb_t crng_reseed; ++}; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void); ++ + #endif /* _LINUX_RANDOM_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/patches/7.0/WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS-7v0.patch 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,484 @@ +--- linux-next-9999/drivers/char/random.c.dist 2026-02-27 20:38:28.210284927 +0000 ++++ linux-next-9999/drivers/char/random.c 2026-02-27 20:39:23.770059819 +0000 +@@ -67,6 +67,265 @@ + #include + #include + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ ++#include ++ ++static atomic_long_t random_bytes_cb_owner = ++ ATOMIC_INIT((long)NULL); ++static atomic_t random_bytes_cb_refcnt = ++ ATOMIC_INIT(0); /* 0 if unregistered, 1 if no calls in flight. */ ++static _get_random_bytes_cb_t _get_random_bytes_cb; ++static get_random_bytes_user_cb_t get_random_bytes_user_cb; ++static crng_ready_cb_t crng_ready_cb; ++static mix_pool_bytes_cb_t mix_pool_bytes_cb; ++static credit_init_bits_cb_t credit_init_bits_cb; ++static crng_reseed_cb_t crng_reseed_cb; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers) ++{ ++ if ((new_random_bytes_cb_owner == NULL) || ++ (handlers == NULL) || ++ (handlers->_get_random_bytes == NULL) || ++ (handlers->get_random_bytes_user == NULL)) { ++ return -EINVAL; ++ } ++ ++ /* random_bytes_cb_owner is used to enforce serialization of ++ * wolfssl_register_random_bytes_handlers() and ++ * wolfssl_unregister_random_bytes_handlers(). ++ */ ++ if (atomic_long_cmpxchg(&random_bytes_cb_owner, ++ (long)NULL, ++ (long)new_random_bytes_cb_owner) ++ != (long)NULL) { ++ return -EBUSY; ++ } ++ ++ { ++ int current_random_bytes_cb_refcnt = atomic_read(&random_bytes_cb_refcnt); ++ ++ if (current_random_bytes_cb_refcnt) { ++ pr_err("BUG: random_bytes_cb_refcnt == %d with null random_bytes_cb_owner", ++ current_random_bytes_cb_refcnt); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -EFAULT; ++ } ++ } ++ ++ if (!try_module_get(new_random_bytes_cb_owner)) { ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ return -ENODEV; ++ } ++ ++ _get_random_bytes_cb = handlers->_get_random_bytes; ++ get_random_bytes_user_cb = handlers->get_random_bytes_user; ++ crng_ready_cb = handlers->crng_ready; ++ mix_pool_bytes_cb = handlers->mix_pool_bytes; ++ credit_init_bits_cb = handlers->credit_init_bits; ++ crng_reseed_cb = handlers->crng_reseed; ++ ++ barrier(); ++ atomic_set_release(&random_bytes_cb_refcnt, 1); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_register_random_bytes_handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void) ++{ ++ int current_random_bytes_cb_refcnt; ++ int n_tries; ++ ++ if (atomic_long_read(&random_bytes_cb_owner) == 0) ++ return -ENODEV; ++ ++ /* we're racing the kernel at large to try to catch random_bytes_cb_refcnt ++ * with no callers in flight -- retry and relax up to 100 times. ++ */ ++ for (n_tries = 0; n_tries < 100; ++n_tries) { ++ current_random_bytes_cb_refcnt = atomic_cmpxchg(&random_bytes_cb_refcnt, 1, 0); ++ if (current_random_bytes_cb_refcnt == 1) ++ break; ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in %s.", ++ current_random_bytes_cb_refcnt, __func__); ++ break; ++ } ++ if (msleep_interruptible(10) != 0) ++ return -EINTR; ++ } ++ if (current_random_bytes_cb_refcnt != 1) { ++ pr_warn("WARNING: %s called with random_bytes_cb_refcnt == %d", __func__, ++ current_random_bytes_cb_refcnt); ++ return -EBUSY; ++ } ++ ++ _get_random_bytes_cb = NULL; ++ get_random_bytes_user_cb = NULL; ++ crng_ready_cb = NULL; ++ mix_pool_bytes_cb = NULL; ++ credit_init_bits_cb = NULL; ++ crng_reseed_cb = NULL; ++ ++ module_put((struct module *)atomic_long_read(&random_bytes_cb_owner)); ++ barrier(); ++ atomic_long_set(&random_bytes_cb_owner, (long)NULL); ++ ++ return 0; ++} ++EXPORT_SYMBOL_GPL(wolfssl_linuxkm_unregister_random_bytes_handlers); ++ ++static __always_inline int reserve_random_bytes_cb(void) ++{ ++ int current_random_bytes_cb_refcnt = ++ atomic_read_acquire(&random_bytes_cb_refcnt); ++ ++ if (current_random_bytes_cb_refcnt == 0) ++ return -ENODEV; ++ ++ if (current_random_bytes_cb_refcnt < 0) { ++ pr_err("BUG: random_bytes_cb_refcnt is %d in %s.", ++ current_random_bytes_cb_refcnt, __func__); ++ return -EFAULT; ++ } ++ ++ for (;;) { ++ int orig_random_bytes_cb_refcnt = ++ atomic_cmpxchg( ++ &random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt, ++ current_random_bytes_cb_refcnt + 1); ++ if (orig_random_bytes_cb_refcnt == current_random_bytes_cb_refcnt) ++ return 0; ++ else if (orig_random_bytes_cb_refcnt == 0) ++ return -ENODEV; ++ current_random_bytes_cb_refcnt = orig_random_bytes_cb_refcnt; ++ } ++ ++ __builtin_unreachable(); ++} ++ ++static __always_inline void release_random_bytes_cb(void) ++{ ++ atomic_dec(&random_bytes_cb_refcnt); ++} ++ ++static inline int call__get_random_bytes_cb(void *buf, size_t len) ++{ ++ int ret; ++ ++ if (_get_random_bytes_cb == NULL) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = _get_random_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline ssize_t call_get_random_bytes_user_cb(struct iov_iter *iter) ++{ ++ ssize_t ret; ++ ++ if (get_random_bytes_user_cb == NULL) ++ return -ECANCELED; ++ ++ ret = (ssize_t)reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = get_random_bytes_user_cb(iter); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline bool call_crng_ready_cb(void) ++{ ++ bool ret; ++ ++ /* Null crng_ready_cb signifies that the DRBG is always ready, i.e. that if ++ * called, it will always have or obtain sufficient entropy to fulfill the ++ * call. ++ */ ++ if (crng_ready_cb == NULL) ++ return 1; ++ ++ if (reserve_random_bytes_cb() != 0) ++ return 0; ++ ++ ret = crng_ready_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_mix_pool_bytes_cb(const void *buf, size_t len) ++{ ++ int ret; ++ ++ if (mix_pool_bytes_cb == NULL) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = mix_pool_bytes_cb(buf, len); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_credit_init_bits_cb(size_t bits) ++{ ++ int ret; ++ ++ if (credit_init_bits_cb == NULL) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = credit_init_bits_cb(bits); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++static inline int call_crng_reseed_cb(void) ++{ ++ int ret; ++ ++ if (crng_reseed_cb == NULL) ++ return -ENODEV; ++ ++ ret = reserve_random_bytes_cb(); ++ if (ret) ++ return ret; ++ ++ ret = crng_reseed_cb(); ++ ++ release_random_bytes_cb(); ++ ++ return ret; ++} ++ ++#endif /* WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS */ ++ + /********************************************************************* + * + * Initialization and readiness waiting. +@@ -87,7 +346,16 @@ static enum { + CRNG_READY = 2 /* Fully initialized with POOL_READY_BITS collected */ + } crng_init __read_mostly = CRNG_EMPTY; + static DEFINE_STATIC_KEY_FALSE(crng_is_ready); ++ + #define crng_ready() (static_branch_likely(&crng_is_ready) || crng_init >= CRNG_READY) ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define crng_ready_by_cb() (atomic_read(&random_bytes_cb_refcnt) && call_crng_ready_cb()) ++ #define crng_ready_maybe_cb() (atomic_read(&random_bytes_cb_refcnt) ? \ ++ (call_crng_ready_cb() || crng_ready()) : crng_ready()) ++#else ++ #define crng_ready_maybe_cb() crng_ready() ++#endif ++ + /* Various types of waiters for crng_init->CRNG_READY transition. */ + static DECLARE_WAIT_QUEUE_HEAD(crng_init_wait); + static struct fasync_struct *fasync; +@@ -111,7 +379,7 @@ MODULE_PARM_DESC(ratelimit_disable, "Dis + */ + bool rng_is_initialized(void) + { +- return crng_ready(); ++ return crng_ready_maybe_cb(); + } + EXPORT_SYMBOL(rng_is_initialized); + +@@ -135,11 +403,11 @@ static void try_to_generate_entropy(void + */ + int wait_for_random_bytes(void) + { +- while (!crng_ready()) { ++ while (!crng_ready_maybe_cb()) { + int ret; + + try_to_generate_entropy(); +- ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready(), HZ); ++ ret = wait_event_interruptible_timeout(crng_init_wait, crng_ready_maybe_cb(), HZ); + if (ret) + return ret > 0 ? 0 : ret; + } +@@ -159,7 +427,7 @@ int __cold execute_with_initialized_rng( + int ret = 0; + + spin_lock_irqsave(&random_ready_notifier.lock, flags); +- if (crng_ready()) ++ if (crng_ready_maybe_cb()) + nb->notifier_call(nb, 0, NULL); + else + ret = raw_notifier_chain_register((struct raw_notifier_head *)&random_ready_notifier.head, nb); +@@ -395,6 +663,14 @@ static void _get_random_bytes(void *buf, + if (!len) + return; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* If call__get_random_bytes_cb() doesn't succeed, flow continues to ++ * the native implementation. _get_random_bytes() must succeed. ++ */ ++ if (call__get_random_bytes_cb(buf, len) == 0) ++ return; ++#endif ++ + first_block_len = min_t(size_t, 32, len); + crng_make_state(&chacha_state, buf, first_block_len); + len -= first_block_len; +@@ -440,6 +716,18 @@ static ssize_t get_random_bytes_user(str + if (unlikely(!iov_iter_count(iter))) + return 0; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ { ++ ssize_t cb_ret = call_get_random_bytes_user_cb(iter); ++ /* If the callback returns -ECANCELED, that signals that iter is ++ * still intact, and flow can safely continue to the native ++ * implementation. ++ */ ++ if (cb_ret != -ECANCELED) ++ return cb_ret; ++ } ++#endif ++ + /* + * Immediately overwrite the ChaCha key at index 4 with random + * bytes, in case userspace causes copy_to_iter() below to sleep +@@ -515,7 +803,7 @@ type get_random_ ##type(void) \ + struct batch_ ##type *batch; \ + unsigned long next_gen; \ + \ +- if (!crng_ready()) { \ ++ if (!crng_ready_maybe_cb()) { \ + _get_random_bytes(&ret, sizeof(ret)); \ + return ret; \ + } \ +@@ -651,6 +939,11 @@ static void mix_pool_bytes(const void *b + { + unsigned long flags; + ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ (void)call_mix_pool_bytes_cb(buf, len); ++ /* continue to mix into native pool too. */ ++#endif ++ + spin_lock_irqsave(&input_pool.lock, flags); + _mix_pool_bytes(buf, len); + spin_unlock_irqrestore(&input_pool.lock, flags); +@@ -710,7 +1003,13 @@ static void extract_entropy(void *buf, s + memzero_explicit(&block, sizeof(block)); + } + +-#define credit_init_bits(bits) if (!crng_ready()) _credit_init_bits(bits) ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define credit_init_bits(bits) do { (void)call_credit_init_bits_cb(bits); \ ++ if (!crng_ready()) \ ++ _credit_init_bits(bits); } while (0) ++#else ++ #define credit_init_bits(bits) do { if (!crng_ready()) _credit_init_bits(bits); } while (0) ++#endif + + static void __cold _credit_init_bits(size_t bits) + { +@@ -1396,7 +1695,7 @@ SYSCALL_DEFINE3(getrandom, char __user * + if ((flags & (GRND_INSECURE | GRND_RANDOM)) == (GRND_INSECURE | GRND_RANDOM)) + return -EINVAL; + +- if (!crng_ready() && !(flags & GRND_INSECURE)) { ++ if (!crng_ready_maybe_cb() && !(flags & GRND_INSECURE)) { + if (flags & GRND_NONBLOCK) + return -EAGAIN; + ret = wait_for_random_bytes(); +@@ -1412,6 +1711,10 @@ SYSCALL_DEFINE3(getrandom, char __user * + + static __poll_t random_poll(struct file *file, poll_table *wait) + { ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ if (crng_ready_by_cb()) ++ return EPOLLIN | EPOLLRDNORM; ++#endif + poll_wait(file, &crng_init_wait, wait); + return crng_ready() ? EPOLLIN | EPOLLRDNORM : EPOLLOUT | EPOLLWRNORM; + } +@@ -1457,10 +1760,10 @@ static ssize_t urandom_read_iter(struct + * Opportunistically attempt to initialize the RNG on platforms that + * have fast cycle counters, but don't (for now) require it to succeed. + */ +- if (!crng_ready()) ++ if (!crng_ready_maybe_cb()) + try_to_generate_entropy(); + +- if (!crng_ready()) { ++ if (!crng_ready_maybe_cb()) { + if (!ratelimit_disable && maxwarn <= 0) + ratelimit_state_inc_miss(&urandom_warning); + else if (ratelimit_disable || __ratelimit(&urandom_warning)) { +@@ -1477,7 +1780,7 @@ static ssize_t random_read_iter(struct k + { + int ret; + +- if (!crng_ready() && ++ if (!crng_ready_by_cb() && + ((kiocb->ki_flags & (IOCB_NOWAIT | IOCB_NOIO)) || + (kiocb->ki_filp->f_flags & O_NONBLOCK))) + return -EAGAIN; +@@ -1542,6 +1845,14 @@ static long random_ioctl(struct file *f, + case RNDRESEEDCRNG: + if (!capable(CAP_SYS_ADMIN)) + return -EPERM; ++#ifdef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ /* continue to reseed native crng too. */ ++ if (call_crng_reseed_cb() == 0) { ++ if (crng_ready()) ++ crng_reseed(NULL); ++ return 0; ++ } ++#endif + if (!crng_ready()) + return -ENODATA; + crng_reseed(NULL); +--- linux-next-9999/include/linux/random.h.dist 2026-02-27 20:38:33.018159190 +0000 ++++ linux-next-9999/include/linux/random.h 2026-02-27 20:39:23.770406607 +0000 +@@ -139,4 +139,37 @@ int random_online_cpu(unsigned int cpu); + extern const struct file_operations random_fops, urandom_fops; + #endif + ++#ifndef WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS ++ #define WOLFSSL_LINUXKM_HAVE_GET_RANDOM_CALLBACKS 1 ++#endif ++ ++typedef int (*_get_random_bytes_cb_t)(void *buf, size_t len); ++struct iov_iter; ++/* kernels >= 5.17.0 use get_random_bytes_user() */ ++typedef ssize_t (*get_random_bytes_user_cb_t)(struct iov_iter *iter); ++/* kernels < 5.17.0 use extract_crng_user(), though some LTS kernels, ++ * e.g. 5.10.236, have the 5.17+ architecture backported. ++ */ ++typedef ssize_t (*extract_crng_user_cb_t)(void __user *buf, size_t nbytes); ++typedef bool (*crng_ready_cb_t)(void); ++typedef int (*mix_pool_bytes_cb_t)(const void *buf, size_t len); ++typedef int (*credit_init_bits_cb_t)(size_t bits); ++typedef int (*crng_reseed_cb_t)(void); ++ ++struct wolfssl_linuxkm_random_bytes_handlers { ++ _get_random_bytes_cb_t _get_random_bytes; ++ get_random_bytes_user_cb_t get_random_bytes_user; ++ extract_crng_user_cb_t extract_crng_user; ++ crng_ready_cb_t crng_ready; ++ mix_pool_bytes_cb_t mix_pool_bytes; ++ credit_init_bits_cb_t credit_init_bits; ++ crng_reseed_cb_t crng_reseed; ++}; ++ ++int wolfssl_linuxkm_register_random_bytes_handlers( ++ struct module *new_random_bytes_cb_owner, ++ const struct wolfssl_linuxkm_random_bytes_handlers *handlers); ++ ++int wolfssl_linuxkm_unregister_random_bytes_handlers(void); ++ + #endif /* _LINUX_RANDOM_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/pie_redirect_table.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/pie_redirect_table.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/pie_redirect_table.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/pie_redirect_table.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pie_redirect_table.c -- module load/unload hooks for libwolfssl.ko * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,8 +19,12 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef __PIE__ - #error pie_redirect_table.c must be compiled -fPIE. +#if !defined(WC_CONTAINERIZE_THIS) + #error pie_redirect_table.c must be compiled -DWC_CONTAINERIZE_THIS. +#endif + +#if !defined(__PIE__) && !defined(WC_NO_PIE_FLAG) + #error pie_redirect_table.c must be compiled -fPIE or -DWC_NO_PIE_FLAG. #endif #include diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/x86_vector_register_glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/x86_vector_register_glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/linuxkm/x86_vector_register_glue.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/linuxkm/x86_vector_register_glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* x86_vector_register_glue.c -- glue logic to save and restore vector registers * on x86 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -332,7 +332,8 @@ * a second look at preempt_count(). */ if (((preempt_count() & (NMI_MASK | HARDIRQ_MASK)) != 0) || (task_pid_nr(current) == 0)) { - VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86 called with preempt_count 0x%x and pid %d on CPU %d.\n", preempt_count(), task_pid_nr(current), raw_smp_processor_id()); + if (! (flags & WC_SVR_FLAG_INHIBIT)) + VRG_PR_WARN_X("WARNING: wc_save_vector_registers_x86(0x%x) called with preempt_count 0x%x and pid %d on CPU %d.\n", (unsigned)flags, preempt_count(), task_pid_nr(current), raw_smp_processor_id()); return WC_ACCEL_INHIBIT_E; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/m4/ax_bsdkm.m4 mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_bsdkm.m4 --- mariadb-11.8.6/extra/wolfssl/wolfssl/m4/ax_bsdkm.m4 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_bsdkm.m4 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # ax_bsdkm.m4 -- macros for getting attributes of default configured kernel # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/m4/ax_linuxkm.m4 mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_linuxkm.m4 --- mariadb-11.8.6/extra/wolfssl/wolfssl/m4/ax_linuxkm.m4 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/m4/ax_linuxkm.m4 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # ax_linuxkm.m4 -- macros for getting attributes of default configured kernel # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/crypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/crypto.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crypto.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/crypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/crypto.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/crypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/mcapi_test.c mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/mcapi_test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/mcapi/mcapi_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mcapi/mcapi_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mcapi_test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mplabx/benchmark_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/benchmark_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/mplabx/benchmark_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/benchmark_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark_main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mplabx/test_main.c mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/test_main.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/mplabx/test_main.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mplabx/test_main.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* main.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/mqx/util_lib/Sources/util.c mariadb-11.8.8/extra/wolfssl/wolfssl/mqx/util_lib/Sources/util.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/mqx/util_lib/Sources/util.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/mqx/util_lib/Sources/util.c 2026-05-24 09:58:33.000000000 +0000 @@ -88,9 +88,7 @@ /* Open partition manager */ *partman_handle = fopen(partman_name, NULL); if (*partman_handle == NULL) { - error_code = ferror(*partman_handle); - printf("Error opening partition manager: %s\n", MFS_Error_text( - (uint32_t) error_code)); + printf("Error opening partition manager\n"); return -64; } @@ -119,15 +117,19 @@ /* Open file system */ *filesystem_handle = fopen(filesystem_name, NULL); + if (*filesystem_handle == NULL) { + printf("Error opening filesystem.\n"); + return -67; + } error_code = ferror(*filesystem_handle); if ((error_code != MFS_NO_ERROR) && (error_code != MFS_NOT_A_DOS_DISK)) { printf("Error opening filesystem: %s\n", MFS_Error_text( (uint32_t) error_code)); - return -67; + return -68; } if (error_code == MFS_NOT_A_DOS_DISK) { printf("NOT A DOS DISK! You must format to continue.\n"); - return -68; + return -69; } return 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/asn1_oid_sum.pl mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/asn1_oid_sum.pl --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/asn1_oid_sum.pl 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/asn1_oid_sum.pl 2026-05-24 09:58:33.000000000 +0000 @@ -175,7 +175,7 @@ print "/* oid_sum.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/benchmark.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/benchmark.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/benchmark.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/benchmark.test 2026-05-24 09:58:33.000000000 +0000 @@ -2,6 +2,19 @@ #benchmark.test +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping benchmark.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping benchmark.test because server not compiled in.' 1>&2 + exit 77 +fi + if [ "$#" -lt 2 ]; then echo "Usage: $0 [mode] [num] [clientargs] [serverargs]" >&2 echo " [mode]: 1=Connection Rate (TPS), 2=Throughput Bytes" >&2 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/crl-gen-openssl.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-gen-openssl.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/crl-gen-openssl.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-gen-openssl.test 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,165 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# Verifies CRLs generated by the C API unit tests (tests/api.c). +# Uses OpenSSL to validate CRL structure, signature, and revocation behavior. +# RSA: ca-cert.pem + server-cert.pem (revoked) + client-ca-cert.pem (good). +# ECC: ca-ecc-cert.pem + server-ecc.pem (revoked) + client-ecc-ca-cert.pem +# (good). + +OPENSSL=${OPENSSL:-openssl} +UNIT_TEST=${UNIT_TEST:-./scripts/unit.test} +CRL_GEN_SUBTEST=${CRL_GEN_SUBTEST:-test_sk_X509_CRL_encode} + +if ! command -v "$OPENSSL" >/dev/null 2>&1; then + echo "skipping crl-gen-openssl.test: openssl not found" + exit 77 +fi + +if [ ! -x "$UNIT_TEST" ]; then + # Fallback for out-of-tree/in-tree differences. + if [ -x "./tests/unit.test" ]; then + UNIT_TEST="./tests/unit.test" + elif [ -x "./scripts/unit.test" ]; then + UNIT_TEST="./scripts/unit.test" + fi +fi + +if [ ! -x "$UNIT_TEST" ]; then + echo "skipping crl-gen-openssl.test: unit.test not found" + exit 77 +fi + +# Run the CRL unit test to generate the CRL files and avoid race conditions +# with the full unit test run. +echo "Generating CRLs with: $UNIT_TEST --api -$CRL_GEN_SUBTEST" +"$UNIT_TEST" --api "-$CRL_GEN_SUBTEST" + +normalize_dn() { + sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' \ + -e 's/^issuer=//' -e 's/^subject=//' \ + -e 's/[[:space:]]*=[[:space:]]*/=/g' \ + -e 's/[[:space:]]*,[[:space:]]*/,/g' +} + +check_crl() { + local crl="$1" + local ca_cert="$2" + local revoked_cert="$3" + local good_cert="$4" + local label="$5" + + echo "Checking $label CRL: $crl" + + local issuer subject + issuer=$("$OPENSSL" crl -in "$crl" -noout -issuer | normalize_dn) + subject=$("$OPENSSL" x509 -in "$ca_cert" -noout -subject | normalize_dn) + if [ "$issuer" != "$subject" ]; then + echo "issuer mismatch for $label CRL" + echo "issuer : $issuer" + echo "subject: $subject" + return 1 + fi + + local last_update next_update + last_update=$("$OPENSSL" crl -in "$crl" -noout -lastupdate) + next_update=$("$OPENSSL" crl -in "$crl" -noout -nextupdate) + if [ -z "$last_update" ] || [ -z "$next_update" ]; then + echo "missing lastUpdate/nextUpdate for $label CRL" + return 1 + fi + + if ! "$OPENSSL" crl -in "$crl" -noout -verify -CAfile "$ca_cert" \ + >/dev/null 2>&1; then + echo "CRL signature verification failed for $label" + return 1 + fi + + local revoked_count + revoked_count=$("$OPENSSL" crl -in "$crl" -text -noout | \ + grep -c "Serial Number" || true) + if [ "$revoked_count" -ne 4 ]; then + echo "unexpected revoked count for $label CRL: $revoked_count " \ + "(expected 4)" + return 1 + fi + + local serial found + serial=$("$OPENSSL" x509 -in "$revoked_cert" -noout -serial | cut -d= -f2 \ + | tr 'A-F' 'a-f' | tr -d ':' | sed 's/^0*//') + if [ -z "$serial" ]; then + serial=0 + fi + + found=0 + while IFS= read -r s; do + s=$(printf '%s' "$s" | tr 'A-F' 'a-f' | tr -d '[:space:]:' \ + | sed 's/^0*//') + if [ -z "$s" ]; then + s=0 + fi + if [ "$s" = "$serial" ]; then + found=1 + break + fi + done < <("$OPENSSL" crl -in "$crl" -text -noout | \ + awk -F: '/Serial Number/ {print $2}') + + if [ "$found" -ne 1 ]; then + echo "revoked serial not found in $label CRL: $serial" + return 1 + fi + + local verify_out verify_rc verify_out_norm + # Capture both stdout and stderr so we can reliably detect and print the + # revocation text. + verify_out=$("$OPENSSL" verify -CAfile "$ca_cert" -crl_check \ + -CRLfile "$crl" \ + "$revoked_cert" 2>&1) || verify_rc=$? + verify_rc=${verify_rc:-0} + # Avoid pipefail/SIGPIPE false negatives with `grep -q` in a pipeline. + if ! grep -qi "revoked" <<< "$verify_out"; then + echo "expected revoked verification failure for $label CRL" + echo "$verify_out" + return 1 + fi + if [ "$verify_rc" -eq 0 ]; then + # Some OpenSSL builds return success even when reporting revocation. + # Treat revoked output as authoritative. + : + fi + + if [ -n "$good_cert" ]; then + if ! "$OPENSSL" verify -CAfile "$ca_cert" -crl_check -CRLfile "$crl" \ + "$good_cert" >/dev/null; then + echo "expected successful verification for $label CRL with " \ + "$good_cert" + return 1 + fi + fi +} + +crl_rsa="certs/crl/crlRsaOut.pem" +crl_ecc="certs/crl/crlEccOut.pem" + +if [ ! -f "$crl_rsa" ] && [ ! -f "$crl_ecc" ]; then + echo "skipping crl-gen-openssl.test: CRL outputs not found" + exit 77 +fi + +if [ -f "$crl_rsa" ]; then + ca_rsa="certs/ca-cert.pem" + revoked_rsa="certs/server-cert.pem" + good_rsa="certs/client-ca-cert.pem" + check_crl "$crl_rsa" "$ca_rsa" "$revoked_rsa" "$good_rsa" "RSA" +fi + +if [ -f "$crl_ecc" ]; then + ca_ecc="certs/ca-ecc-cert.pem" + revoked_ecc="certs/server-ecc.pem" + good_ecc="certs/client-ecc-ca-cert.pem" + check_crl "$crl_ecc" "$ca_ecc" "$revoked_ecc" "${good_ecc:-}" "ECC" +fi + +echo "crl-gen-openssl.test: OK" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/crl-revoked.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-revoked.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/crl-revoked.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/crl-revoked.test 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,18 @@ #!/usr/bin/env bash +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping crl-revoked.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping crl-revoked.test because server not compiled in.' 1>&2 + exit 77 +fi + #crl.test # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/dtls.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtls.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/dtls.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtls.test 2026-05-24 09:58:33.000000000 +0000 @@ -16,6 +16,19 @@ #set -x # enable debug output +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping dtls.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping dtls.test because server not compiled in.' 1>&2 + exit 77 +fi + # bwrap execution environment to avoid port conflicts if [ "${AM_BWRAPPED-}" != "yes" ]; then bwrap_path="$(command -v bwrap)" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/dtlscid.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtlscid.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/dtlscid.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/dtlscid.test 2026-05-24 09:58:33.000000000 +0000 @@ -3,6 +3,22 @@ # dtlscid.test # Copyright wolfSSL 2022-2024 +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 0 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 0 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping dtlscid.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping dtlscid.test because server not compiled in.' 1>&2 + exit 77 +fi + # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -18,7 +18,9 @@ if BUILD_CRL # make revoked test rely on completion of resume test dist_noinst_SCRIPTS+= scripts/crl-revoked.test +dist_noinst_SCRIPTS+= scripts/crl-gen-openssl.test scripts/crl-revoked.log: scripts/resume.log +scripts/crl-gen-openssl.log: scripts/crl-revoked.log endif # arrange to serialize ocsp.test, ocsp-stapling.test, ocsp-stapling-with-ca-as-responder.test, ocsp-stapling2.test, and testsuite, @@ -56,6 +58,20 @@ endif +if BUILD_OCSP_RESPONDER +if BUILD_OCSP_STAPLING +dist_noinst_SCRIPTS+= scripts/ocsp-stapling-with-wolfssl-responder.test +scripts/ocsp-stapling-with-wolfssl-responder.log: scripts/ocsp-stapling-with-ca-as-responder.log +dist_noinst_SCRIPTS+= scripts/ocsp-responder-openssl-interop.test +scripts/ocsp-responder-openssl-interop.log: scripts/ocsp-stapling-with-wolfssl-responder.log +testsuite/testsuite.log: scripts/ocsp-responder-openssl-interop.log +else +dist_noinst_SCRIPTS+= scripts/ocsp-responder-openssl-interop.test +scripts/ocsp-responder-openssl-interop.log: scripts/ocsp.log +testsuite/testsuite.log: scripts/ocsp-responder-openssl-interop.log +endif +endif + endif if BUILD_PSK @@ -116,6 +132,7 @@ # leave openssl.test as extra until non bash works EXTRA_DIST += scripts/openssl.test +EXTRA_DIST += scripts/rsapss.test EXTRA_DIST += scripts/dertoc.pl diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-responder-openssl-interop.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-responder-openssl-interop.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-responder-openssl-interop.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-responder-openssl-interop.test 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,567 @@ +#!/usr/bin/env bash + +# ocsp-responder-openssl-interop.test +# +# Interop test: wolfSSL ocsp_responder serving OCSP responses to openssl ocsp +# client queries. Tests every certificate entry in each index file. +# +# Requires: WOLFSSL_OPENSSL_TEST, HAVE_OCSP, HAVE_OCSP_RESPONDER +# Uses: examples/ocsp_responder/ocsp_responder as the OCSP responder +# openssl ocsp as the client + +if ! test -n "$WOLFSSL_OPENSSL_TEST"; then + echo "WOLFSSL_OPENSSL_TEST NOT set, won't run" + exit 77 +fi + +# if we can, isolate the network namespace to eliminate port collisions. +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then + export NETWORK_UNSHARE_HELPER_CALLED=yes + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? + fi +elif [ "${AM_BWRAPPED-}" != "yes" ]; then + bwrap_path="$(command -v bwrap)" + if [ -n "$bwrap_path" ]; then + export AM_BWRAPPED=yes + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" + fi + unset AM_BWRAPPED +fi + +if [[ -z "${RETRIES_REMAINING-}" ]]; then + export RETRIES_REMAINING=2 +fi + +SCRIPT_DIR="$(dirname "$0")" +WOLFSSL_DIR="$(cd "$SCRIPT_DIR/.." && pwd)" +cd "$WOLFSSL_DIR" || exit 1 + +OCSP_RESPONDER="./examples/ocsp_responder/ocsp_responder" +OCSP_DIR="certs/ocsp" + +if [ "$OPENSSL" = "" ]; then + OPENSSL=openssl +fi + +# Check prerequisites +[ ! -x "$OCSP_RESPONDER" ] && \ + echo 'skipping: ocsp_responder not built.' 1>&2 && exit 77 + +if $OCSP_RESPONDER -? 2>&1 | grep -q "OCSP Responder requires"; then + echo 'skipping: ocsp_responder not compiled with required features.' 1>&2 + exit 77 +fi + +command -v $OPENSSL >/dev/null 2>&1 || \ + { echo "Requires openssl command, skipping." 1>&2; exit 77; } + +echo "wolfSSL OCSP Responder / OpenSSL OCSP client interop test" +echo "OpenSSL: $($OPENSSL version)" +echo + +# IPv6 detection +if nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 77 + fi + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='-6 ::1' +else + LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' +fi + +######################################################################## +# Helpers +######################################################################## + +resp_pids="" +resp_logs="" +ready_files="" + +cleanup() { + exit_status=$? + for p in $resp_pids; do + kill $p 2>/dev/null + wait $p 2>/dev/null + done + # Clean up log files + for log in $resp_logs; do + rm -f "$log" 2>/dev/null + done + # Clean up ready files + for rf in $ready_files; do + rm -f "$rf" 2>/dev/null + done + if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then + echo "retrying..." + RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) + exec $0 "$@" + fi +} +trap cleanup EXIT INT TERM + +tests_run=0 +tests_passed=0 +tests_failed=0 + +print_responder_logs() { + echo "--- Responder Logs ---" + for log in $resp_logs; do + if [ -f "$log" ]; then + echo "=== $(basename $log) ===" + cat "$log" + echo + fi + done + echo "----------------------" +} + +# choose consecutive ports based on the PID, skipping any that are +# already bound, to avoid the birthday problem in case other +# instances are sharing this host. + +get_first_free_port() { + local ret="$1" + while :; do + if [[ "$ret" -ge 65536 ]]; then + ret=1024 + fi + if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + break + fi + ret=$((ret+1)) + done + echo "$ret" + return 0 +} + +# wait_for_ready_file READY_FILE PID PORT +wait_for_ready_file() { + local ready_file="$1" + local pid="$2" + local port="$3" + local counter=0 + + while [ ! -s "$ready_file" ] && [ "$counter" -lt 20 ]; do + if ! kill -0 "$pid" 2>/dev/null; then + echo "ERROR: Responder pid $pid for port $port exited before creating ready file" 1>&2 + print_responder_logs + exit 1 + fi + sleep 0.1 + counter=$((counter + 1)) + done + + if [ ! -s "$ready_file" ]; then + echo "ERROR: Ready file $ready_file not created after 2 seconds" 1>&2 + print_responder_logs + exit 1 + fi +} + +# query_ocsp ISSUER_CERT CERT_TO_CHECK PORT EXPECTED_STATUS DESCRIPTION +query_ocsp() { + local issuer="$1" + local cert="$2" + local _port="$3" + local expected="$4" + local desc="$5" + + tests_run=$((tests_run+1)) + printf " TEST %2d: %-55s " "$tests_run" "$desc" + + local output + output=$($OPENSSL ocsp \ + -issuer "$issuer" \ + -cert "$cert" \ + -url "http://127.0.0.1:$_port/" \ + -resp_text 2>&1) + local rc=$? + + # Extract the cert status line + local status + status=$(echo "$output" | grep "Cert Status:" | head -1 | \ + sed 's/.*Cert Status: *//') + + if [ "$status" = "$expected" ]; then + printf "PASSED (status: %s)\n" "$status" + tests_passed=$((tests_passed+1)) + else + printf "FAILED (expected: %s, got: %s, rc: %d)\n" \ + "$expected" "$status" "$rc" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs + fi +} + +######################################################################## +# Start responders - one per CA/index-file pair +######################################################################## + + +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port $base_port) # OCSP responder: intermediate1-ca +port2=$(get_first_free_port $((port1 + 1))) # OCSP responder: intermediate2-ca +port3=$(get_first_free_port $((port2 + 1))) # OCSP responder: intermediate3-ca +port4=$(get_first_free_port $((port3 + 1))) # OCSP responder: root-ca +port5=$(get_first_free_port $((port4 + 1))) # TLS server + +# Responder 1: intermediate1-ca (server1=valid, server2=revoked) +log1=$(mktemp /tmp/ocsp_resp1.XXXXXX) +resp_logs="$resp_logs $log1" +ready1=$(mktemp /tmp/ocsp_ready1.XXXXXX) +ready_files="$ready_files $ready1" +$OCSP_RESPONDER -p $port1 -v -R "$ready1" \ + -c $OCSP_DIR/intermediate1-ca-cert.pem \ + -k $OCSP_DIR/intermediate1-ca-key.pem \ + -i $OCSP_DIR/index-intermediate1-ca-issued-certs.txt \ + > "$log1" 2>&1 & +pid1=$! +resp_pids="$resp_pids $pid1" + +# Responder 2: intermediate2-ca (server3=valid, server4=revoked) +log2=$(mktemp /tmp/ocsp_resp2.XXXXXX) +resp_logs="$resp_logs $log2" +ready2=$(mktemp /tmp/ocsp_ready2.XXXXXX) +ready_files="$ready_files $ready2" +$OCSP_RESPONDER -p $port2 -v -R "$ready2" \ + -c $OCSP_DIR/intermediate2-ca-cert.pem \ + -k $OCSP_DIR/intermediate2-ca-key.pem \ + -i $OCSP_DIR/index-intermediate2-ca-issued-certs.txt \ + > "$log2" 2>&1 & +pid2=$! +resp_pids="$resp_pids $pid2" + +# Responder 3: intermediate3-ca (server5=valid) +log3=$(mktemp /tmp/ocsp_resp3.XXXXXX) +resp_logs="$resp_logs $log3" +ready3=$(mktemp /tmp/ocsp_ready3.XXXXXX) +ready_files="$ready_files $ready3" +$OCSP_RESPONDER -p $port3 -v -R "$ready3" \ + -c $OCSP_DIR/intermediate3-ca-cert.pem \ + -k $OCSP_DIR/intermediate3-ca-key.pem \ + -i $OCSP_DIR/index-intermediate3-ca-issued-certs.txt \ + > "$log3" 2>&1 & +pid3=$! +resp_pids="$resp_pids $pid3" + +# Responder 4: root-ca (intermediate CAs: 1=valid, 2=valid, 3=revoked) +log4=$(mktemp /tmp/ocsp_resp4.XXXXXX) +resp_logs="$resp_logs $log4" +ready4=$(mktemp /tmp/ocsp_ready4.XXXXXX) +ready_files="$ready_files $ready4" +$OCSP_RESPONDER -p $port4 -v -R "$ready4" \ + -c $OCSP_DIR/root-ca-cert.pem \ + -k $OCSP_DIR/root-ca-key.pem \ + -i $OCSP_DIR/index-ca-and-intermediate-cas.txt \ + > "$log4" 2>&1 & +pid4=$! +resp_pids="$resp_pids $pid4" + +# Responder 5: authorized responder (delegated OCSP signer with id-kp-OCSPSigning) +log5=$(mktemp /tmp/ocsp_resp5.XXXXXX) +resp_logs="$resp_logs $log5" +ready5=$(mktemp /tmp/ocsp_ready5.XXXXXX) +ready_files="$ready_files $ready5" +$OCSP_RESPONDER -p $port5 -v -R "$ready5" \ + -c $OCSP_DIR/root-ca-cert.pem \ + -r $OCSP_DIR/ocsp-responder-cert.pem \ + -k $OCSP_DIR/ocsp-responder-key.pem \ + -i $OCSP_DIR/index-ca-and-intermediate-cas.txt \ + > "$log5" 2>&1 & +pid5=$! +resp_pids="$resp_pids $pid5" + +echo "Starting wolfSSL OCSP responders..." +echo " Responder 1 (intermediate1-ca): port $port1, pid $pid1" +echo " Responder 2 (intermediate2-ca): port $port2, pid $pid2" +echo " Responder 3 (intermediate3-ca): port $port3, pid $pid3" +echo " Responder 4 (root-ca): port $port4, pid $pid4" +echo " Responder 5 (authorized resp): port $port5, pid $pid5" + +# Wait for all responders to be ready +wait_for_ready_file "$ready1" "$pid1" "$port1" +wait_for_ready_file "$ready2" "$pid2" "$port2" +wait_for_ready_file "$ready3" "$pid3" "$port3" +wait_for_ready_file "$ready4" "$pid4" "$port4" +wait_for_ready_file "$ready5" "$pid5" "$port5" + +echo "All responders ready" + +echo "All responders running." +echo + +######################################################################## +# Test index-intermediate1-ca-issued-certs.txt +# serial 05 = server1 (V = valid) +# serial 06 = server2 (R = revoked) +######################################################################## + +echo "=== index-intermediate1-ca-issued-certs.txt (intermediate1-ca) ===" + +query_ocsp "$OCSP_DIR/intermediate1-ca-cert.pem" \ + "$OCSP_DIR/server1-cert.pem" \ + $port1 "good" \ + "server1 (serial 05) -> good" + +query_ocsp "$OCSP_DIR/intermediate1-ca-cert.pem" \ + "$OCSP_DIR/server2-cert.pem" \ + $port1 "revoked" \ + "server2 (serial 06) -> revoked" + +echo + +######################################################################## +# Test index-intermediate2-ca-issued-certs.txt +# serial 07 = server3 (V = valid) +# serial 08 = server4 (R = revoked) +######################################################################## + +echo "=== index-intermediate2-ca-issued-certs.txt (intermediate2-ca) ===" + +query_ocsp "$OCSP_DIR/intermediate2-ca-cert.pem" \ + "$OCSP_DIR/server3-cert.pem" \ + $port2 "good" \ + "server3 (serial 07) -> good" + +query_ocsp "$OCSP_DIR/intermediate2-ca-cert.pem" \ + "$OCSP_DIR/server4-cert.pem" \ + $port2 "revoked" \ + "server4 (serial 08) -> revoked" + +echo + +######################################################################## +# Test index-intermediate3-ca-issued-certs.txt +# serial 09 = server5 (V = valid) +######################################################################## + +echo "=== index-intermediate3-ca-issued-certs.txt (intermediate3-ca) ===" + +query_ocsp "$OCSP_DIR/intermediate3-ca-cert.pem" \ + "$OCSP_DIR/server5-cert.pem" \ + $port3 "good" \ + "server5 (serial 09) -> good" + +echo + +######################################################################## +# Test index-ca-and-intermediate-cas.txt +# serial 01 = intermediate1-ca (V = valid) +# serial 02 = intermediate2-ca (V = valid) +# serial 03 = intermediate3-ca (R = revoked) +# serial 63 = root-ca (V = valid, self-signed) +######################################################################## + +echo "=== index-ca-and-intermediate-cas.txt (root-ca) ===" + +query_ocsp "$OCSP_DIR/root-ca-cert.pem" \ + "$OCSP_DIR/intermediate1-ca-cert.pem" \ + $port4 "good" \ + "intermediate1-ca (serial 01) -> good" + +query_ocsp "$OCSP_DIR/root-ca-cert.pem" \ + "$OCSP_DIR/intermediate2-ca-cert.pem" \ + $port4 "good" \ + "intermediate2-ca (serial 02) -> good" + +query_ocsp "$OCSP_DIR/root-ca-cert.pem" \ + "$OCSP_DIR/intermediate3-ca-cert.pem" \ + $port4 "revoked" \ + "intermediate3-ca (serial 03) -> revoked" + +query_ocsp "$OCSP_DIR/root-ca-cert.pem" \ + "$OCSP_DIR/root-ca-cert.pem" \ + $port4 "good" \ + "root-ca (serial 63) -> good" + +echo + +echo "=== Negative tests: unsupported features ===" + +# Test non-SHA-1 hash algorithms +tests_run=$((tests_run+1)) +printf " TEST %2d: %-55s " "$tests_run" "SHA-384 hash -> good" + +output=$($OPENSSL ocsp \ + -sha384 \ + -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ + -cert "$OCSP_DIR/server1-cert.pem" \ + -url "http://127.0.0.1:$port1/" \ + -resp_text 2>&1) +rc=$? + +# Extract the cert status line +status=$(echo "$output" | grep "Cert Status:" | head -1 | \ + sed 's/.*Cert Status: *//') + +# Expect "good" status (feature should be supported) +if [ "$status" = "good" ]; then + printf "PASSED (status: %s)\n" "$status" + tests_passed=$((tests_passed+1)) +else + printf "FAILED (expected: good, got: %s, rc: %d)\n" "$status" "$rc" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs +fi + +######################################################################## +# Test: Authorized Responder (RFC 6960 Section 4.2.2.2) +######################################################################## + +# Test: Authorized Responder (RFC 6960 Section 4.2.2.2) +# An OCSP response can be signed by a delegated signer with id-kp-OCSPSigning +# extended key usage instead of the CA itself. +# Uses Responder 5 which has ocsp-responder-cert.pem with id-kp-OCSPSigning EKU. +tests_run=$((tests_run+1)) +printf " TEST %2d: %-55s " "$tests_run" "Authorized responder" + +# Query using OpenSSL - asks about intermediate1-ca which was issued by root-ca +# Response will be signed by ocsp-responder-cert (authorized responder) +output=$($OPENSSL ocsp \ + -issuer "$OCSP_DIR/root-ca-cert.pem" \ + -cert "$OCSP_DIR/intermediate1-ca-cert.pem" \ + -url "http://127.0.0.1:$port5/" \ + -resp_text 2>&1) +rc=$? + +# Extract the cert status line +status=$(echo "$output" | grep "Cert Status:" | head -1 | \ + sed 's/.*Cert Status: *//') + +# Expect "good" status +if [ "$status" = "good" ]; then + printf "PASSED (authorized responder works)\n" + tests_passed=$((tests_passed+1)) +else + printf "FAILED (expected good status, got: %s)\n" "$status" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs +fi + +######################################################################## +# Test: Unknown certificates (not in responder's database) +######################################################################## + +echo "=== Unknown certificate tests ===" + +# Test 1: Query Responder 1 (intermediate1-ca) about server3 (issued by intermediate2-ca) +# Note: This tests wrong issuer - should get OCSP error (unauthorized) +tests_run=$((tests_run+1)) +printf " TEST %2d: %-55s " "$tests_run" "Wrong issuer: server3 to responder 1 (wrong issuer)" + +output=$($OPENSSL ocsp \ + -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ + -cert "$OCSP_DIR/server3-cert.pem" \ + -url "http://127.0.0.1:$port1/" \ + -noverify \ + -resp_text 2>&1) +rc=$? + +# server3 is actually issued by intermediate2-ca, not intermediate1-ca +# Expect OCSP error response: unauthorized (6) +if echo "$output" | grep -q "Responder Error: unauthorized"; then + printf "PASSED (OCSP unauthorized - wrong issuer)\n" + tests_passed=$((tests_passed+1)) +else + printf "FAILED (expected OCSP unauthorized, got rc: %d)\n" "$rc" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs +fi + +# Test 2: Query Responder 2 (intermediate2-ca) about server1 (issued by intermediate1-ca) +# Note: This tests wrong issuer - should get OCSP error (unauthorized) +tests_run=$((tests_run+1)) +printf " TEST %2d: %-55s " "$tests_run" "Wrong issuer: server1 to responder 2 (wrong issuer)" + +output=$($OPENSSL ocsp \ + -issuer "$OCSP_DIR/intermediate2-ca-cert.pem" \ + -cert "$OCSP_DIR/server1-cert.pem" \ + -url "http://127.0.0.1:$port2/" \ + -noverify \ + -resp_text 2>&1) +rc=$? + +# server1 is actually issued by intermediate1-ca, not intermediate2-ca +# Expect OCSP error response: unauthorized (6) +if echo "$output" | grep -q "Responder Error: unauthorized"; then + printf "PASSED (OCSP unauthorized - wrong issuer)\n" + tests_passed=$((tests_passed+1)) +else + printf "FAILED (expected OCSP unauthorized, got rc: %d)\n" "$rc" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs +fi + +echo + +######################################################################## +# Negative tests: unsupported functionality +######################################################################## + +# Test: Multiple requests in one OCSP request (should fail with OCSP error) +tests_run=$((tests_run+1)) +printf " TEST %2d: %-55s " "$tests_run" "Multiple requests (should return OCSP error)" + +# Using multiple -cert options creates one OCSP request with multiple certificate IDs +output=$($OPENSSL ocsp \ + -issuer "$OCSP_DIR/intermediate1-ca-cert.pem" \ + -cert "$OCSP_DIR/server1-cert.pem" \ + -cert "$OCSP_DIR/server2-cert.pem" \ + -url "http://127.0.0.1:$port1/" \ + -resp_text 2>&1) +rc=$? + +# Expect OCSP error response: malformedrequest (1) +# OpenSSL shows "Responder Error: malformedrequest (1)" +if echo "$output" | grep -q "Responder Error: malformedrequest"; then + printf "PASSED (OCSP malformedrequest)\n" + tests_passed=$((tests_passed+1)) +else + printf "FAILED (expected OCSP malformedrequest, got rc: %d)\n" "$rc" + tests_failed=$((tests_failed+1)) + echo "--- openssl output ---" + echo "$output" + echo "----------------------" + print_responder_logs +fi + +echo + +######################################################################## +# Results +######################################################################## + +echo "============================================================" +echo "Results: $tests_passed/$tests_run passed, $tests_failed failed" +echo "============================================================" + +if [ $tests_failed -ne 0 ]; then + exit 1 +fi + +exit 0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-ca-as-responder.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-ca-as-responder.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-ca-as-responder.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-ca-as-responder.test 2026-05-24 09:58:33.000000000 +0000 @@ -23,6 +23,22 @@ export RETRIES_REMAINING=2 fi +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping ocsp-stapling-with-ca-as-responder.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping ocsp-stapling-with-ca-as-responder.test because server not compiled in.' 1>&2 + exit 77 +fi + if ! ./examples/client/client -V | grep -q 3; then echo 'skipping ocsp-stapling-with-ca-as-responder.test because TLS1.2 is not available.' 1>&2 exit 77 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-wolfssl-responder.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-wolfssl-responder.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-wolfssl-responder.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling-with-wolfssl-responder.test 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,764 @@ +#!/usr/bin/env bash + +# ocsp-stapling-with-wolfssl-responder.test +# Tests OCSP stapling using wolfSSL's own ocsp_responder example +# instead of the OpenSSL ocsp utility. +# +# Covers scenarios from: +# ocsp-stapling.test (v1 stapling with single responder) +# ocsp-stapling2.test (v2 stapling with multiple responders) +# ocsp-stapling-with-ca-as-responder.test (CA signs OCSP responses directly) +# ocsp-stapling_tls13multi.test (TLS 1.3 multi-stapling) +# +# Requires: HAVE_OCSP, HAVE_OCSP_RESPONDER, HAVE_CERTIFICATE_STATUS_REQUEST + +SCRIPT_DIR="$(dirname "$0")" + +# if we can, isolate the network namespace to eliminate port collisions. +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then + export NETWORK_UNSHARE_HELPER_CALLED=yes + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? + fi +elif [ "${AM_BWRAPPED-}" != "yes" ]; then + bwrap_path="$(command -v bwrap)" + if [ -n "$bwrap_path" ]; then + export AM_BWRAPPED=yes + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" + fi + unset AM_BWRAPPED +fi + +if [[ -z "${RETRIES_REMAINING-}" ]]; then + export RETRIES_REMAINING=2 +fi + +# Check prerequisites +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 1 + +[ ! -x ./examples/ocsp_responder/ocsp_responder ] && \ + printf '\n\n%s\n' "OCSP Responder doesn't exist" && exit 1 + +./examples/client/client '-?' 2>&1 | grep -q 'Client not compiled in!' +if [ $? -eq 0 ]; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because client not compiled in.' 1>&2 + exit 77 +fi + +./examples/server/server '-?' 2>&1 | grep -q 'Server not compiled in!' +if [ $? -eq 0 ]; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because server not compiled in.' 1>&2 + exit 77 +fi + +# Check that OCSP responder is compiled with required features +if ./examples/ocsp_responder/ocsp_responder -? 2>&1 | grep -q "OCSP Responder requires"; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because ocsp_responder not compiled with required features.' 1>&2 + exit 77 +fi + +if ! ./examples/client/client -V | grep -q 3; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because TLS1.2 is not available.' 1>&2 + exit 77 +fi + +if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because WOLFSSL_SNIFFER defined.' + exit 77 +fi + +# Detect TLS/DTLS version support +tls13=no +if ./examples/client/client -V | grep -q 4; then + tls13=yes +fi +dtls13=no +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then + dtls13=yes +fi +dtls12=no +if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then + dtls12=yes +fi + +# Detect OCSP stapling version support (check independently) +stapling_v1=no +stapling_v2=no +if ./examples/client/client '-#' | grep -q 'HAVE_CERTIFICATE_STATUS_REQUEST[^_]'; then + stapling_v1=yes +fi +if ./examples/client/client '-#' | grep -q 'HAVE_CERTIFICATE_STATUS_REQUEST_V2'; then + stapling_v2=yes +fi + +# Skip entire test if no stapling support at all +if [ "$stapling_v1" == "no" ] && [ "$stapling_v2" == "no" ]; then + echo 'skipping ocsp-stapling-with-wolfssl-responder.test because OCSP stapling not compiled in.' 1>&2 + exit 77 +fi + +printf '%s\n' "OCSP Stapling v1 support: $stapling_v1" +printf '%s\n' "OCSP Stapling v2 support: $stapling_v2" + +# IPv6 detection +if nc -h 2>&1 | fgrep -q -i ipv6; then + IPV6_SUPPORTED=yes +else + IPV6_SUPPORTED=no +fi + +if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then + if [[ "$IPV6_SUPPORTED" == "no" ]]; then + echo 'Skipping IPV6 test in environment lacking IPV6 support.' + exit 77 + fi + LOCALHOST='[::1]' + LOCALHOST_FOR_NC='-6 ::1' +else + LOCALHOST='127.0.0.1' + LOCALHOST_FOR_NC='127.0.0.1' +fi + +PARENTDIR="$PWD" +OCSP_RESPONDER="./examples/ocsp_responder/ocsp_responder" + +# Create a unique workspace +WORKSPACE="${PARENTDIR}/workspace.pid$$" + +mkdir "${WORKSPACE}" || exit $? +cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cd "$WORKSPACE" || exit $? +ln -s ../examples + +CERT_DIR="certs/ocsp" + +ready_file1="$WORKSPACE"/wolf_ocsp_wr_readyF1$$ +ready_file2="$WORKSPACE"/wolf_ocsp_wr_readyF2$$ +ready_file3="$WORKSPACE"/wolf_ocsp_wr_readyF3$$ +ready_file4="$WORKSPACE"/wolf_ocsp_wr_readyF4$$ +ready_file5="$WORKSPACE"/wolf_ocsp_wr_readyF5$$ +ready_file_resp1="$WORKSPACE"/wolf_ocsp_resp_readyF1$$ +ready_file_resp2="$WORKSPACE"/wolf_ocsp_resp_readyF2$$ +ready_file_resp3="$WORKSPACE"/wolf_ocsp_resp_readyF3$$ +ready_file_resp4="$WORKSPACE"/wolf_ocsp_resp_readyF4$$ +printf '%s\n' "ready file 1: $ready_file1" +printf '%s\n' "ready file 2: $ready_file2" +printf '%s\n' "ready file 3: $ready_file3" +printf '%s\n' "ready file 4: $ready_file4" +printf '%s\n' "ready file 5: $ready_file5" +printf '%s\n' "ready file resp 1: $ready_file_resp1" +printf '%s\n' "ready file resp 2: $ready_file_resp2" +printf '%s\n' "ready file resp 3: $ready_file_resp3" +printf '%s\n' "ready file resp 4: $ready_file_resp4" + +# Create temporary log files for responder output +responder_log1=$(mktemp) +responder_log2=$(mktemp) +responder_log3=$(mktemp) +responder_log4=$(mktemp) +printf '%s\n' "responder log 1: $responder_log1" +printf '%s\n' "responder log 2: $responder_log2" +printf '%s\n' "responder log 3: $responder_log3" +printf '%s\n' "responder log 4: $responder_log4" + +test_cnf="ocsp_wolf_resp.cnf" + +wait_for_readyFile(){ + + counter=0 + + while [ ! -s "$1" ] && [ "$counter" -lt 20 ]; do + if [[ -n "${2-}" ]]; then + if ! kill -0 "$2" 2>&-; then + echo "pid $2 for port ${3-} exited before creating ready file. bailing..." + exit 1 + fi + fi + echo -e "waiting for ready file..." + sleep 0.1 + counter=$((counter+ 1)) + done + + if test -e "$1"; then + echo -e "found ready file, starting client..." + else + echo -e "NO ready file at $1 -- ending test..." + exit 1 + fi + +} + +remove_single_rF(){ + if test -e $1; then + printf '%s\n' "removing ready file: $1" + rm $1 + fi +} + +#create a configure file for cert generation with the port 0 solution +create_new_cnf() { + printf '%s\n' "Random Ports Selected: $1 $2 $3 $4" + + cat <<- EOF > $test_cnf + # + # openssl configuration file for OCSP certificates + # + + # Extensions to add to a certificate request (intermediate1-ca) + [ v3_req1 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1 + + # Extensions to add to a certificate request (intermediate2-ca) + [ v3_req2 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2 + + # Extensions to add to a certificate request (intermediate3-ca) + [ v3_req3 ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = nonRepudiation, digitalSignature, keyEncipherment + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3 + + # Extensions for a typical CA + [ v3_ca ] + basicConstraints = CA:true + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + keyUsage = keyCertSign, cRLSign + authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4 + + # OCSP extensions. + [ v3_ocsp ] + basicConstraints = CA:false + subjectKeyIdentifier = hash + authorityKeyIdentifier = keyid:always,issuer:always + extendedKeyUsage = OCSPSigning +EOF + + mv $test_cnf $CERT_DIR/$test_cnf + cd $CERT_DIR + CURR_LOC="$PWD" + printf '%s\n' "echo now in $CURR_LOC" + ./renewcerts-for-test.sh $test_cnf + cd $WORKSPACE +} + +remove_ready_file(){ + if test -e $ready_file1; then + printf '%s\n' "removing ready file: $ready_file1" + rm $ready_file1 + fi + if test -e $ready_file2; then + printf '%s\n' "removing ready file: $ready_file2" + rm $ready_file2 + fi + if test -e $ready_file3; then + printf '%s\n' "removing ready file: $ready_file3" + rm $ready_file3 + fi + if test -e $ready_file4; then + printf '%s\n' "removing ready file: $ready_file4" + rm $ready_file4 + fi + if test -e $ready_file5; then + printf '%s\n' "removing ready file: $ready_file5" + rm $ready_file5 + fi +} + +cleanup() +{ + exit_status=$? + for i in $(jobs -pr) + do + kill -s KILL "$i" + done + remove_ready_file + rm -f $CERT_DIR/$test_cnf + + # Print responder logs on failure + if [ "$exit_status" -ne 0 ]; then + printf '\n\n%s\n' "Test failed, printing responder logs..." + if [ -f "$responder_log1" ]; then + echo "=============== Responder 1 log ===============" + cat "$responder_log1" + fi + if [ -f "$responder_log2" ]; then + echo "=============== Responder 2 log ===============" + cat "$responder_log2" + fi + if [ -f "$responder_log3" ]; then + echo "=============== Responder 3 log ===============" + cat "$responder_log3" + fi + if [ -f "$responder_log4" ]; then + echo "=============== Responder 4 log ===============" + cat "$responder_log4" + fi + fi + + rm -f "$responder_log1" "$responder_log2" "$responder_log3" "$responder_log4" + cd "$PARENTDIR" || return 1 + rm -r "$WORKSPACE" || return 1 + + if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then + echo "retrying..." + RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) + exec $0 "$@" + fi +} +trap cleanup EXIT INT TERM HUP + +[ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 + +# check if supported key size is large enough to handle 4096 bit RSA +size="$(./examples/client/client '-?' | grep "Max RSA key")" +size="${size//[^0-9]/}" +if [ ! -z "$size" ]; then + printf 'check on max key size of %d ...' $size + if [ $size -lt 4096 ]; then + printf '%s\n' "4096 bit RSA keys not supported" + exit 0 + fi + printf 'OK\n' +fi + +# choose consecutive ports based on the PID, skipping any that are +# already bound, to avoid the birthday problem in case other +# instances are sharing this host. + +get_first_free_port() { + local ret="$1" + while :; do + if [[ "$ret" -ge 65536 ]]; then + ret=1024 + fi + if ! nc -z ${LOCALHOST_FOR_NC} "$ret"; then + break + fi + ret=$((ret+1)) + done + echo "$ret" + return 0 +} + +base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port $base_port) # OCSP responder: intermediate1-ca +port2=$(get_first_free_port $((port1 + 1))) # OCSP responder: intermediate2-ca +port3=$(get_first_free_port $((port2 + 1))) # OCSP responder: intermediate3-ca +port4=$(get_first_free_port $((port3 + 1))) # OCSP responder: root-ca +port5=$(get_first_free_port $((port4 + 1))) # TLS server + +# Verify ports by starting and stopping dummy servers +# 1: +./examples/server/server -R $ready_file1 -p $port1 & +server_pid1=$! +wait_for_readyFile $ready_file1 $server_pid1 $port1 +if [ ! -f $ready_file1 ]; then + printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" + exit 1 +fi +# 2: +./examples/server/server -R $ready_file2 -p $port2 & +server_pid2=$! +wait_for_readyFile $ready_file2 $server_pid2 $port2 +if [ ! -f $ready_file2 ]; then + printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" + exit 1 +fi +# 3: +./examples/server/server -R $ready_file3 -p $port3 & +server_pid3=$! +wait_for_readyFile $ready_file3 $server_pid3 $port3 +if [ ! -f $ready_file3 ]; then + printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" + exit 1 +fi +# 4: +./examples/server/server -R $ready_file4 -p $port4 & +server_pid4=$! +wait_for_readyFile $ready_file4 $server_pid4 $port4 +if [ ! -f $ready_file4 ]; then + printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" + exit 1 +fi + +printf '%s\n' "------------- PORTS ---------------" +printf '%s\n' "OCSP responder ports: $port1 $port2 $port3 $port4" +printf '%s\n' "TLS server port: $port5" +printf '%s\n' "-----------------------------------" +# Use client connections to cleanly shutdown the servers +./examples/client/client -p $port1 +./examples/client/client -p $port2 +./examples/client/client -p $port3 +./examples/client/client -p $port4 +create_new_cnf $port1 $port2 $port3 $port4 + +# Start wolfSSL OCSP responders (CA signs responses directly) +printf '%s\n' "Starting wolfSSL OCSP responders..." + +# Responder 1: intermediate1-ca (for server1, server2) +$OCSP_RESPONDER -v -p $port1 -R "$ready_file_resp1" \ + -i certs/ocsp/index-intermediate1-ca-issued-certs.txt \ + -c certs/ocsp/intermediate1-ca-cert.pem \ + -k certs/ocsp/intermediate1-ca-key.pem > "$responder_log1" 2>&1 & +resp_pid1=$! + +# Responder 2: intermediate2-ca (for server3, server4) +$OCSP_RESPONDER -v -p $port2 -R "$ready_file_resp2" \ + -i certs/ocsp/index-intermediate2-ca-issued-certs.txt \ + -c certs/ocsp/intermediate2-ca-cert.pem \ + -k certs/ocsp/intermediate2-ca-key.pem > "$responder_log2" 2>&1 & +resp_pid2=$! + +# Responder 3: intermediate3-ca (for server5) +$OCSP_RESPONDER -v -p $port3 -R "$ready_file_resp3" \ + -i certs/ocsp/index-intermediate3-ca-issued-certs.txt \ + -c certs/ocsp/intermediate3-ca-cert.pem \ + -k certs/ocsp/intermediate3-ca-key.pem > "$responder_log3" 2>&1 & +resp_pid3=$! + +# Responder 4: root-ca (for intermediate CA certs) +$OCSP_RESPONDER -v -p $port4 -R "$ready_file_resp4" \ + -i certs/ocsp/index-ca-and-intermediate-cas.txt \ + -c certs/ocsp/root-ca-cert.pem \ + -k certs/ocsp/root-ca-key.pem > "$responder_log4" 2>&1 & +resp_pid4=$! + +# Wait for all responders to be ready +wait_for_readyFile "$ready_file_resp1" "$resp_pid1" "$port1" +wait_for_readyFile "$ready_file_resp2" "$resp_pid2" "$port2" +wait_for_readyFile "$ready_file_resp3" "$resp_pid3" "$port3" +wait_for_readyFile "$ready_file_resp4" "$resp_pid4" "$port4" + +printf '\n\n%s\n\n' "All wolfSSL OCSP responders started successfully!" + +######################################################################## +# v1 STAPLING TESTS (server1/server2 issued by intermediate1-ca) +######################################################################## + +if [ "$stapling_v1" == "yes" ]; then + printf '%s\n\n' "============ v1 STAPLING TESTS ================================" + + printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS -------------------------" + # client test against our own server - GOOD CERT + ./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE -----------------------" + # client test against our own server - REVOKED CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server2-cert.pem \ + -k certs/ocsp/server2-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 2 succeeded $RESULT" \ + && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + + wait $server_pid5 2>/dev/null + + if [ "$tls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE 3 TLS13 SHOULD PASS -----------------" + # client test against our own server - GOOD CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -v 4 \ + -R $ready_file5 -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE 4 TLS13 MUST-STAPLE SHOULD PASS -----" + # client test against our own server, must staple - GOOD CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem \ + -k certs/ocsp/server1-key.pem -v 4 \ + -R $ready_file5 -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 4 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE 5 TLS13 SHOULD REVOKE ---------------" + # client test against our own server - REVOKED CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server2-cert.pem \ + -k certs/ocsp/server2-key.pem -v 4 \ + -R $ready_file5 -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && \ + printf '\n\n%s\n' "Client connection 5 succeeded $RESULT" \ + && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + fi + + # DTLS 1.2 v1 test + if [[ "$dtls12" == "yes" ]]; then + printf '%s\n\n' "------------- TEST CASE DTLS12-1 SHOULD PASS ----------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ + -k certs/ocsp/server1-key.pem -u -v 3 \ + -p $port5 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ + -W 1 -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS12 connection failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + fi + + # DTLS 1.3 v1 test + if [ "$dtls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE DTLS13-1 SHOULD PASS ----------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server1-cert.pem -R $ready_file5 \ + -k certs/ocsp/server1-key.pem -u -v 4 \ + -p $port5 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ + -W 1 -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS13 connection failed" && exit 1 + printf '%s\n\n' "Test PASSED!" +fi +else + printf '%s\n\n' "============ v1 STAPLING TESTS ================================" + printf '%s\n\n' "Skipping v1 stapling tests - HAVE_CERTIFICATE_STATUS_REQUEST not compiled in" +fi + +######################################################################## +# v2 STAPLING TESTS (server3/server4/server5 with multiple CAs) +######################################################################## + +if [ "$stapling_v2" == "yes" ]; then + printf '%s\n\n' "============ v2 STAPLING TESTS ================================" + + printf '%s\n\n' "------------- TEST CASE V2-1 SHOULD PASS ----------------------" + # client test against our own server - GOOD CERTS + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE V2-2 SHOULD PASS ----------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-2 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE V2-3 SHOULD REVOKE --------------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-3 succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + + printf '%s\n\n' "------------- TEST CASE V2-4 SHOULD REVOKE --------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 & + sleep 0.1 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-4 succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + + printf '%s\n\n' "------------- TEST CASE V2-5 SHOULD PASS ----------------------" + # client test against our own server - REVOKED INTERMEDIATE CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection V2-5 failed $RESULT" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE V2-6 SHOULD REVOKE --------------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection V2-6 succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + + # DTLS 1.2 v2 test + if [[ "$dtls12" == "yes" ]]; then + printf '%s\n\n' "------------- TEST CASE DTLS12-V2 SHOULD PASS ----------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -u -v 3 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS12 v2 connection failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + fi +else + printf '%s\n\n' "============ v2 STAPLING TESTS ================================" + printf '%s\n\n' "Skipping v2 stapling tests - HAVE_CERTIFICATE_STATUS_REQUEST_V2 not compiled in" +fi + +######################################################################## +# TLS 1.3 MULTI-STAPLING TESTS +######################################################################## + +if [ "$tls13" == "yes" ] && [ "$stapling_v1" == "yes" ]; then + printf '%s\n\n' "============ TLS 1.3 MULTI-STAPLING TESTS ====================" + + printf '%s\n\n' "------------- TEST CASE T13-1 SHOULD PASS --------------------" + # client test against our own server - GOOD CERTS + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection T13-1 failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE T13-2 SHOULD REVOKE ------------------" + # client test against our own server - REVOKED SERVER CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection T13-2 succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + + printf '%s\n\n' "------------- TEST CASE T13-3 SHOULD REVOKE ------------------" + # client test against our own server - REVOKED INTERMEDIATE CERT + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server5-cert.pem \ + -k certs/ocsp/server5-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + wait_for_readyFile $ready_file5 $server_pid5 $port5 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection T13-3 succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + wait $server_pid5 2>/dev/null + + # DTLS 1.3 multi-stapling tests + if [ "$dtls13" == "yes" ]; then + printf '%s\n\n' "------------- TEST CASE DTLS13-V2 SHOULD PASS ----------------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server3-cert.pem \ + -k certs/ocsp/server3-key.pem -R $ready_file5 \ + -p $port5 -u -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client DTLS13 connection failed" && exit 1 + printf '%s\n\n' "Test PASSED!" + + printf '%s\n\n' "------------- TEST CASE DTLS13-V2-REVOKE SHOULD REVOKE -------" + remove_single_rF $ready_file5 + ./examples/server/server -c certs/ocsp/server4-cert.pem \ + -k certs/ocsp/server4-key.pem -R $ready_file5 \ + -p $port5 -v 4 & + server_pid5=$! + sleep 0.2 + ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ + -p $port5 + RESULT=$? + [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client DTLS13 connection succeeded $RESULT" && exit 1 + printf '%s\n\n' "Test successfully REVOKED!" + fi +elif [ "$tls13" == "yes" ] || [ "$dtls13" == "yes" ]; then + printf '%s\n\n' "============ TLS 1.3 MULTI-STAPLING TESTS ====================" + printf '%s\n\n' "Skipping TLS 1.3 multi-stapling tests - HAVE_CERTIFICATE_STATUS_REQUEST not compiled in" +fi + +printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------" + +exit 0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling.test 2026-05-24 09:58:33.000000000 +0000 @@ -17,12 +17,28 @@ exit 77 fi +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping ocsp-stapling.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping ocsp-stapling.test because server not compiled in.' 1>&2 + exit 77 +fi + if ! ./examples/client/client -V | grep -q 3; then echo 'skipping ocsp-stapling.test because TLS1.2 is not available.' 1>&2 exit 77 fi -if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then +if ./examples/client/client '-#' | grep -F -q -e ' -DWOLFSSL_SNIFFER '; then echo 'skipping oscp-stapling.test because WOLFSSL_SNIFFER defined.' exit 77 fi @@ -33,21 +49,20 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.3'; then dtls13=yes fi -./examples/client/client '-?' 2>&1 | grep -- 'Perform multi OCSP stapling for TLS13' -if [ $? -eq 0 ]; then +if ./examples/client/client '-?' 2>&1 | grep -q -- 'Perform multi OCSP stapling for TLS13'; then tls13multi=yes else tls13multi=no fi -if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then +if openssl s_server -help 2>&1 | grep -F -q -i ipv6 && nc -h 2>&1 | grep -F -q -i ipv6; then IPV6_SUPPORTED=yes else IPV6_SUPPORTED=no fi -if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then +if ./examples/client/client '-#' | grep -F -q -e ' -DTEST_IPV6 '; then if [[ "$IPV6_SUPPORTED" == "no" ]]; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' exit 77 @@ -76,9 +91,9 @@ WORKSPACE="${PARENTDIR}/workspace.pid$$" mkdir "${WORKSPACE}" || exit $? -cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cp -pR "${SCRIPT_DIR}"/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? -ln -s ../examples +ln -s ../examples . CERT_DIR="./certs/ocsp" ready_file="$WORKSPACE"/wolf_ocsp_s1_readyF$$ @@ -91,9 +106,9 @@ counter=0 - while [ ! -s "$1" -a "$counter" -lt 20 ]; do + while [ ! -s "$1" ] && [ "$counter" -lt 20 ]; do if [[ -n "${2-}" ]]; then - if ! kill -0 $2 2>&-; then + if ! kill -0 "$2" 2>&-; then echo "pid $2 for port ${3-} exited before creating ready file. bailing..." exit 1 fi @@ -119,59 +134,84 @@ fi } +retry_with_backoff() { + local max_attempts=$1 + shift + local attempt=1 + local delay=1 + local status=0 + + while :; do + "$@" + status=$? + if [ $status -eq 0 ]; then + return 0 + fi + if [ "$attempt" -ge "$max_attempts" ]; then + return $status + fi + printf '%s\n' "Retry $attempt/$max_attempts failed, backing off ${delay}s..." + sleep $delay + attempt=$((attempt + 1)) + delay=$((delay * 2)) + done +} + #create a configure file for cert generation with the port 0 solution create_new_cnf() { printf '%s\n' "Random Port Selected: $1" - printf '%s\n' "#" > $test_cnf - printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf - printf '%s\n' "#" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" >> $test_cnf - printf '%s\n' "[ v3_req1 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" >> $test_cnf - printf '%s\n' "[ v3_req2 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" >> $test_cnf - printf '%s\n' "[ v3_req3 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions for a typical CA" >> $test_cnf - printf '%s\n' "[ v3_ca ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:true" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = keyCertSign, cRLSign" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# OCSP extensions." >> $test_cnf - printf '%s\n' "[ v3_ocsp ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "extendedKeyUsage = OCSPSigning" >> $test_cnf + { + printf '%s\n' "#" + printf '%s\n' "# openssl configuration file for OCSP certificates" + printf '%s\n' "#" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" + printf '%s\n' "[ v3_req1 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" + printf '%s\n' "[ v3_req2 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22222" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" + printf '%s\n' "[ v3_req3 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22223" + printf '%s\n' "" + printf '%s\n' "# Extensions for a typical CA" + printf '%s\n' "[ v3_ca ]" + printf '%s\n' "basicConstraints = CA:true" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = keyCertSign, cRLSign" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:22220" + printf '%s\n' "" + printf '%s\n' "# OCSP extensions." + printf '%s\n' "[ v3_ocsp ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "extendedKeyUsage = OCSPSigning" + } > "$test_cnf" - mv $test_cnf $CERT_DIR/$test_cnf - cd $CERT_DIR + mv "$test_cnf" "$CERT_DIR/$test_cnf" + cd "$CERT_DIR" || exit CURR_LOC="$PWD" printf '%s\n' "echo now in $CURR_LOC" - ./renewcerts-for-test.sh $test_cnf - cd "$WORKSPACE" + ./renewcerts-for-test.sh "$test_cnf" + cd "$WORKSPACE" || exit } remove_ready_file() { @@ -193,7 +233,7 @@ kill -s KILL "$i" done remove_ready_file - rm $CERT_DIR/$test_cnf + rm "$CERT_DIR/$test_cnf" cd "$PARENTDIR" || return 1 rm -r "$WORKSPACE" || return 1 @@ -206,17 +246,16 @@ trap cleanup EXIT INT TERM HUP [ ! -x ./examples/client/client ] && echo -e "\n\nClient doesn't exist" && exit 1 -./examples/client/client '-?' 2>&1 | grep -- 'Client not compiled in!' -if [ $? -eq 0 ]; then +if ./examples/client/client '-?' 2>&1 | grep -q -- 'Client not compiled in!'; then exit 0 fi # check if supported key size is large enough to handle 4096 bit RSA size="$(./examples/client/client '-?' | grep "Max RSA key")" size="${size//[^0-9]/}" -if [ ! -z "$size" ]; then - printf 'check on max key size of %d ...' $size - if [ $size -lt 4096 ]; then +if [ -n "$size" ]; then + printf 'check on max key size of %d ...' "$size" + if [ "$size" -lt 4096 ]; then printf '%s\n' "4096 bit RSA keys not supported" exit 0 fi @@ -242,7 +281,7 @@ return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +base_port=$((((($$ + RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) port1=$(get_first_free_port $base_port) port2=$(get_first_free_port $((port1 + 1))) port3=$(get_first_free_port $((port2 + 1))) @@ -251,9 +290,9 @@ # test interop fail case ready_file=$PWD/wolf_ocsp_readyF$$ printf '%s\n' "ready file: \"$ready_file\"" -./examples/server/server -b -p $port1 -o -R "$ready_file" & +./examples/server/server -b -p "$port1" -o -R "$ready_file" & wolf_pid=$! -wait_for_readyFile "$ready_file" $wolf_pid $port1 +wait_for_readyFile "$ready_file" "$wolf_pid" "$port1" if [ ! -f "$ready_file" ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 @@ -262,18 +301,17 @@ OPENSSL_OUTPUT=$(echo "hi" | openssl s_client -status $V4V6_FLAG -legacy_renegotiation -connect "${LOCALHOST}:$port1" -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem 2>&1) OPENSSL_RESULT=$? echo "$OPENSSL_OUTPUT" - fgrep -q 'self signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT" + grep -F -q 'self signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT" FGREP1_RESULT=$? - fgrep -q 'self-signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT" + grep -F -q 'self-signed certificate in certificate chain' <<< "$OPENSSL_OUTPUT" FGREP2_RESULT=$? - if [ $OPENSSL_RESULT -eq 0 -a $FGREP1_RESULT -ne 0 -a $FGREP2_RESULT -ne 0 ]; then + if [ "$OPENSSL_RESULT" -eq 0 ] && [ "$FGREP1_RESULT" -ne 0 ] && [ "$FGREP2_RESULT" -ne 0 ]; then printf '%s\n' "Expected verification error from s_client is missing." remove_single_rF "$ready_file" exit 1 fi remove_single_rF "$ready_file" - wait $wolf_pid - if [ $? -ne 0 ]; then + if ! wait "$wolf_pid"; then printf '%s\n' "wolfSSL server unexpected fail" exit 1 fi @@ -281,17 +319,17 @@ # create a port to use with openssl ocsp responder -./examples/server/server -b -p $port2 -R "$ready_file" & +./examples/server/server -b -p "$port2" -R "$ready_file" & wolf_pid2=$! -wait_for_readyFile "$ready_file" $wolf_pid2 $port2 +wait_for_readyFile "$ready_file" "$wolf_pid2" "$port2" if [ ! -f "$ready_file" ]; then printf '%s\n' "Failed to create ready file: \"$ready_file\"" exit 1 else printf '%s\n' "Random port selected: $port2" # Use client connection to shutdown the server cleanly - ./examples/client/client -p $port2 - create_new_cnf $port2 + ./examples/client/client -p "$port2" + create_new_cnf "$port2" fi sleep 0.1 @@ -304,7 +342,7 @@ ca=./certs/external/ca_collection.pem if [[ "$V4V6" == "4" ]]; then - ./examples/client/client -C -h $server -p 443 -A $ca -g -W 1 + retry_with_backoff 3 ./examples/client/client -C -h "$server" -p 443 -A "$ca" -g -W 1 RESULT=$? [ $RESULT -ne 0 ] && echo -e "\n\nClient connection failed" && exit 1 else @@ -313,8 +351,7 @@ # Test with example server -./examples/server/server '-?' 2>&1 | grep -- 'Server not compiled in!' -if [ $? -eq 0 ]; then +if ./examples/server/server '-?' 2>&1 | grep -q -- 'Server not compiled in!'; then exit 0 fi @@ -322,7 +359,7 @@ # OLD: ./certs/ocsp/ocspd-intermediate1-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port2 -nmin 1 \ +openssl ocsp -port "$port2" -nmin 1 \ -index certs/ocsp/index-intermediate1-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -331,16 +368,16 @@ sleep 0.1 # "jobs" is not portable for posix. Must use bash interpreter! -[ $(jobs -r | wc -l) -ne 1 ] && \ +[ "$(jobs -r | wc -l)" -ne 1 ] && \ printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ - -k certs/ocsp/server1-key.pem -p $port3 & + -k certs/ocsp/server1-key.pem -p "$port3" & wolf_pid3=$! -wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 +wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -349,11 +386,11 @@ # client test against our own server - REVOKED CERT remove_single_rF "$ready_file2" ./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \ - -k certs/ocsp/server2-key.pem -p $port3 & + -k certs/ocsp/server2-key.pem -p "$port3" & wolf_pid3=$! -wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 +wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" sleep 0.1 -./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p $port3 +./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 2 succeeded $RESULT" \ && exit 1 @@ -366,11 +403,11 @@ remove_single_rF "$ready_file2" ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -v 4 \ - -p $port3 & + -p "$port3" & wolf_pid3=$! - wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ - -p $port3 + -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -380,11 +417,11 @@ remove_single_rF "$ready_file2" ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -v 4 \ - -p $port3 & + -p "$port3" & wolf_pid3=$! - wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1m -v 4 -F 1 \ - -p $port3 + -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 4 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -394,11 +431,11 @@ remove_single_rF "$ready_file2" ./examples/server/server -c certs/ocsp/server2-cert.pem -R "$ready_file2" \ -k certs/ocsp/server2-key.pem -v 4 \ - -p $port3 & + -p "$port3" & wolf_pid3=$! - wait_for_readyFile "$ready_file2" $wolf_pid3 $port3 + wait_for_readyFile "$ready_file2" "$wolf_pid3" "$port3" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 -F 1 \ - -p $port3 + -p "$port3" RESULT=$? [ $RESULT -ne 1 ] && \ printf '\n\n%s\n' "Client connection 5 succeeded $RESULT" \ @@ -412,15 +449,15 @@ if ./examples/client/client -? 2>&1 | grep -q 'DTLSv1.2'; then printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------" # client test against our own server, must staple - GOOD CERT - echo $ready_file2 + echo "$ready_file2" ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -u -v 3 \ - -p $port3 & + -p "$port3" & wolf_pid3=$! sleep 0.2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 3 \ - -W 1 -p $port3 + -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -431,11 +468,11 @@ # client test against our own server, must staple - GOOD CERT ./examples/server/server -c certs/ocsp/server1-cert.pem -R "$ready_file2" \ -k certs/ocsp/server1-key.pem -u -v 4 \ - -p $port3 & + -p "$port3" & wolf_pid3=$! sleep 0.2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -u -v 4 \ - -W 1 -p $port3 + -W 1 -p "$port3" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 5 failed" && exit 1 printf '%s\n\n' "Test PASSED!" @@ -443,28 +480,63 @@ fi # need a unique port since may run the same time as testsuite +# Track ports already assigned in this script run to prevent intra-run collisions +used_ports=() + generate_port() { #-------------------------------------------------------------------------# - # Generate a random port number + # Generate a random port number, guaranteed unique within this script run. + # Checks both the intra-run used_ports list and system-level bound ports. #-------------------------------------------------------------------------# + local attempts=0 collision p - if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys" - || "$OSTYPE" == "cygwin"* ]]; then - port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) - elif [[ "$OSTYPE" == "darwin"* ]]; then - port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) - else - echo "Unknown OS TYPE" - exit 1 - fi + while true; do + if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys" + || "$OSTYPE" == "cygwin"* ]]; then + p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi + + # Check against ports already assigned in this run + collision=0 + for up in "${used_ports[@]}"; do + if [ "$up" = "$p" ]; then + collision=1 + break + fi + done + + # Also check if the port is already bound on this system + if [ $collision -eq 0 ]; then + if command -v ss &>/dev/null; then + ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + elif command -v netstat &>/dev/null; then + netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + fi + fi + + [ "$collision" -eq 0 ] && break + + ((attempts++)) + if [ "$attempts" -ge 100 ]; then + echo "ERROR: generate_port could not find a free port after 100 attempts" + exit 1 + fi + done + + port=$p + used_ports+=("$p") } # Start OpenSSL server that has no OCSP responses to return generate_port -openssl s_server $V4V6_FLAG -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & -openssl_pid=$! +openssl s_server $V4V6_FLAG -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port "$port" & MAX_TIMEOUT=10 -until nc -z localhost $port # Wait for openssl to be ready +until nc -z localhost "$port" # Wait for openssl to be ready do sleep 0.05 if [ "$MAX_TIMEOUT" == "0" ]; then @@ -475,7 +547,7 @@ printf '%s\n\n' "------------- TEST CASE 6 SHOULD PASS ----------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p $port -g -v 3 -W 1 +./examples/client/client -p "$port" -g -v 3 -W 1 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 6 failed" && exit 1 @@ -483,7 +555,7 @@ printf '%s\n\n' "------------- TEST CASE 7 SHOULD UNKNOWN -------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p $port -g -v 3 -W 1m +./examples/client/client -p "$port" -g -v 3 -W 1m RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection 7 succeeded $RESULT" \ @@ -494,10 +566,10 @@ openssl_tls13=$? ./examples/client/client -V | grep -q 4 wolfssl_tls13=$? -if [ "$openssl_tls13" = "0" -a "$wolfssl_tls13" = "0" ]; then +if [ "$openssl_tls13" = "0" ] && [ "$wolfssl_tls13" = "0" ]; then printf '%s\n\n' "------------- TEST CASE 8 SHOULD PASS --------------------" # client asks for OCSP staple but doesn't fail when none returned - ./examples/client/client -p $port -g -v 4 -W 1 + ./examples/client/client -p "$port" -g -v 4 -W 1 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 8 failed" && exit 1 @@ -505,7 +577,7 @@ printf '%s\n\n' "------------- TEST CASE 9 SHOULD UNKNOWN -----------------" # client asks for OCSP staple but doesn't fail when none returned - ./examples/client/client -p $port -g -v 4 -W 1m + ./examples/client/client -p "$port" -g -v 4 -W 1m RESULT=$? [ $RESULT -ne 1 ] \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling2.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling2.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling2.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling2.test 2026-05-24 09:58:33.000000000 +0000 @@ -24,23 +24,39 @@ export RETRIES_REMAINING=2 fi +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping ocsp-stapling2.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping ocsp-stapling2.test because server not compiled in.' 1>&2 + exit 77 +fi + if ! ./examples/client/client -V | grep -q 3; then echo 'skipping ocsp-stapling2.test because TLS1.2 is not available.' 1>&2 exit 77 fi -if ./examples/client/client '-#' | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then +if ./examples/client/client '-#' | grep -F -q -e ' -DWOLFSSL_SNIFFER '; then echo 'skipping oscp-stapling2.test because WOLFSSL_SNIFFER defined.' exit 77 fi -if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then +if openssl s_server -help 2>&1 | grep -F -q -i ipv6 && nc -h 2>&1 | grep -F -q -i ipv6; then IPV6_SUPPORTED=yes else IPV6_SUPPORTED=no fi -if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then +if ./examples/client/client '-#' | grep -F -q -e ' -DTEST_IPV6 '; then if [[ "$IPV6_SUPPORTED" == "no" ]]; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' exit 77 @@ -61,9 +77,9 @@ WORKSPACE="${PARENTDIR}/workspace.pid$$" mkdir "${WORKSPACE}" || exit $? -cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cp -pR "${SCRIPT_DIR}"/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? -ln -s ../examples +ln -s ../examples . CERT_DIR="certs/ocsp" @@ -85,9 +101,9 @@ counter=0 - while [ ! -s $1 -a "$counter" -lt 20 ]; do + while [ ! -s "$1" ] && [ "$counter" -lt 20 ]; do if [[ -n "${2-}" ]]; then - if ! kill -0 $2 2>&-; then + if ! kill -0 "$2" 2>&-; then echo "pid $2 for port ${3-} exited before creating ready file. bailing..." exit 1 fi @@ -97,7 +113,7 @@ counter=$((counter+ 1)) done - if test -e $1; then + if test -e "$1"; then echo -e "found ready file, starting client..." else echo -e "NO ready file at $1 -- ending test..." @@ -107,9 +123,9 @@ } remove_single_rF(){ - if test -e $1; then + if test -e "$1"; then printf '%s\n' "removing ready file: $1" - rm $1 + rm "$1" fi } @@ -117,77 +133,79 @@ create_new_cnf() { printf '%s\n' "Random Ports Selected: $1 $2 $3 $4" - printf '%s\n' "#" > $test_cnf - printf '%s\n' "# openssl configuration file for OCSP certificates" >> $test_cnf - printf '%s\n' "#" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" >> $test_cnf - printf '%s\n' "[ v3_req1 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" >> $test_cnf - printf '%s\n' "[ v3_req2 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" >> $test_cnf - printf '%s\n' "[ v3_req3 ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# Extensions for a typical CA" >> $test_cnf - printf '%s\n' "[ v3_ca ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:true" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "keyUsage = keyCertSign, cRLSign" >> $test_cnf - printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4" >> $test_cnf - printf '%s\n' "" >> $test_cnf - printf '%s\n' "# OCSP extensions." >> $test_cnf - printf '%s\n' "[ v3_ocsp ]" >> $test_cnf - printf '%s\n' "basicConstraints = CA:false" >> $test_cnf - printf '%s\n' "subjectKeyIdentifier = hash" >> $test_cnf - printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" >> $test_cnf - printf '%s\n' "extendedKeyUsage = OCSPSigning" >> $test_cnf + { + printf '%s\n' "#" + printf '%s\n' "# openssl configuration file for OCSP certificates" + printf '%s\n' "#" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate1-ca)" + printf '%s\n' "[ v3_req1 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$1" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate2-ca)" + printf '%s\n' "[ v3_req2 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$2" + printf '%s\n' "" + printf '%s\n' "# Extensions to add to a certificate request (intermediate3-ca)" + printf '%s\n' "[ v3_req3 ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = nonRepudiation, digitalSignature, keyEncipherment" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$3" + printf '%s\n' "" + printf '%s\n' "# Extensions for a typical CA" + printf '%s\n' "[ v3_ca ]" + printf '%s\n' "basicConstraints = CA:true" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "keyUsage = keyCertSign, cRLSign" + printf '%s\n' "authorityInfoAccess = OCSP;URI:http://127.0.0.1:$4" + printf '%s\n' "" + printf '%s\n' "# OCSP extensions." + printf '%s\n' "[ v3_ocsp ]" + printf '%s\n' "basicConstraints = CA:false" + printf '%s\n' "subjectKeyIdentifier = hash" + printf '%s\n' "authorityKeyIdentifier = keyid:always,issuer:always" + printf '%s\n' "extendedKeyUsage = OCSPSigning" + } > "$test_cnf" - mv $test_cnf $CERT_DIR/$test_cnf - cd $CERT_DIR + mv "$test_cnf" "$CERT_DIR/$test_cnf" + cd "$CERT_DIR" || exit CURR_LOC="$PWD" printf '%s\n' "echo now in $CURR_LOC" - ./renewcerts-for-test.sh $test_cnf - cd $WORKSPACE + ./renewcerts-for-test.sh "$test_cnf" + cd "$WORKSPACE" || exit } remove_ready_file(){ - if test -e $ready_file1; then + if test -e "$ready_file1"; then printf '%s\n' "removing ready file: $ready_file1" - rm $ready_file1 + rm "$ready_file1" fi - if test -e $ready_file2; then + if test -e "$ready_file2"; then printf '%s\n' "removing ready file: $ready_file2" - rm $ready_file2 + rm "$ready_file2" fi - if test -e $ready_file3; then + if test -e "$ready_file3"; then printf '%s\n' "removing ready file: $ready_file3" - rm $ready_file3 + rm "$ready_file3" fi - if test -e $ready_file4; then + if test -e "$ready_file4"; then printf '%s\n' "removing ready file: $ready_file4" - rm $ready_file4 + rm "$ready_file4" fi - if test -e $ready_file5; then + if test -e "$ready_file5"; then printf '%s\n' "removing ready file: $ready_file5" - rm $ready_file5 + rm "$ready_file5" fi } @@ -199,14 +217,14 @@ kill -s KILL "$i" done remove_ready_file - rm $CERT_DIR/$test_cnf + rm "$CERT_DIR/$test_cnf" cd "$PARENTDIR" || return 1 rm -r "$WORKSPACE" || return 1 if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then echo "retrying..." RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) - exec $0 "$@" + exec "$0" "$@" fi } trap cleanup EXIT INT TERM HUP @@ -216,9 +234,9 @@ # check if supported key size is large enough to handle 4096 bit RSA size="$(./examples/client/client '-?' | grep "Max RSA key")" size="${size//[^0-9]/}" -if [ ! -z "$size" ]; then - printf 'check on max key size of %d ...' $size - if [ $size -lt 4096 ]; then +if [ -n "$size" ]; then + printf 'check on max key size of %d ...' "$size" + if [ "$size" -lt 4096 ]; then printf '%s\n' "4096 bit RSA keys not supported" exit 0 fi @@ -246,42 +264,42 @@ return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) -port1=$(get_first_free_port $base_port) +base_port=$((((($$ + RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port "$base_port") port2=$(get_first_free_port $((port1 + 1))) port3=$(get_first_free_port $((port2 + 1))) port4=$(get_first_free_port $((port3 + 1))) port5=$(get_first_free_port $((port4 + 1))) # 1: -./examples/server/server -R $ready_file1 -p $port1 & +./examples/server/server -R "$ready_file1" -p "$port1" & server_pid1=$! -wait_for_readyFile $ready_file1 $server_pid1 $port1 -if [ ! -f $ready_file1 ]; then +wait_for_readyFile "$ready_file1" "$server_pid1" "$port1" +if [ ! -f "$ready_file1" ]; then printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" exit 1 fi # 2: -./examples/server/server -R $ready_file2 -p $port2 & +./examples/server/server -R "$ready_file2" -p "$port2" & server_pid2=$! -wait_for_readyFile $ready_file2 $server_pid2 $port2 -if [ ! -f $ready_file2 ]; then +wait_for_readyFile "$ready_file2" "$server_pid2" "$port2" +if [ ! -f "$ready_file2" ]; then printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" exit 1 fi # 3: -./examples/server/server -R $ready_file3 -p $port3 & +./examples/server/server -R "$ready_file3" -p "$port3" & server_pid3=$! -wait_for_readyFile $ready_file3 $server_pid3 $port3 -if [ ! -f $ready_file3 ]; then +wait_for_readyFile "$ready_file3" "$server_pid3" "$port3" +if [ ! -f "$ready_file3" ]; then printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" exit 1 fi # 4: -./examples/server/server -R $ready_file4 -p $port4 & +./examples/server/server -R "$ready_file4" -p "$port4" & server_pid4=$! -wait_for_readyFile $ready_file4 $server_pid4 $port4 -if [ ! -f $ready_file4 ]; then +wait_for_readyFile "$ready_file4" "$server_pid4" "$port4" +if [ ! -f "$ready_file4" ]; then printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" exit 1 fi @@ -291,12 +309,12 @@ printf '%s\n' " $port3 $port4" printf '%s\n' "-----------------------------------" # Use client connections to cleanly shutdown the servers -./examples/client/client -p $port1 -./examples/client/client -p $port2 -./examples/client/client -p $port3 -./examples/client/client -p $port4 -create_new_cnf $port1 $port2 $port3 \ - $port4 +./examples/client/client -p "$port1" +./examples/client/client -p "$port2" +./examples/client/client -p "$port3" +./examples/client/client -p "$port4" +create_new_cnf "$port1" "$port2" "$port3" \ + "$port4" sleep 0.1 @@ -304,7 +322,7 @@ # OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port1 -nmin 1 \ +openssl ocsp -port "$port1" -nmin 1 \ -index certs/ocsp/index-ca-and-intermediate-cas.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -315,7 +333,7 @@ # OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port2 -nmin 1 \ +openssl ocsp -port "$port2" -nmin 1 \ -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -326,7 +344,7 @@ # OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port3 -nmin 1 \ +openssl ocsp -port "$port3" -nmin 1 \ -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -336,7 +354,7 @@ # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port4 -nmin 1 \ +openssl ocsp -port "$port4" -nmin 1 \ -index certs/ocsp/index-ca-and-intermediate-cas.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -346,144 +364,179 @@ sleep 0.1 # "jobs" is not portable for posix. Must use bash interpreter! -[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 +[ "$(jobs -r | wc -l)" -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 printf '\n\n%s\n\n' "All OCSP responders started successfully!" printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERTS ./examples/server/server -c certs/ocsp/server3-cert.pem \ - -k certs/ocsp/server3-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server3-key.pem -R "$ready_file5" \ + -p "$port5" & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD PASS ------------------------" -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server3-cert.pem \ - -k certs/ocsp/server3-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server3-key.pem -R "$ready_file5" \ + -p "$port5" & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 2 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED SERVER CERT -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ----------------------" -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" & sleep 0.1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 5 SHOULD PASS ------------------------" # client test against our own server - REVOKED INTERMEDIATE CERT -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server5-cert.pem \ - -k certs/ocsp/server5-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server5-key.pem -R "$ready_file5" \ + -p "$port5" & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 3 failed $RESULT" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 6 SHOULD REVOKE ----------------------" -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server5-cert.pem \ - -k certs/ocsp/server5-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server5-key.pem -R "$ready_file5" \ + -p "$port5" & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 7 LOAD CERT IN SSL -------------------" -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server1-cert.pem \ - -k certs/ocsp/server1-key.pem -R $ready_file5 \ - -p $port5 -H loadSSL & + -k certs/ocsp/server1-key.pem -R "$ready_file5" \ + -p "$port5" -H loadSSL & server_pid5=$! -wait_for_readyFile $ready_file5 $server_pid5 $port5 -echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem +wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" +echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:"$port5" -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 -wait $server_pid5 -if [ $? -ne 0 ]; then +if ! wait "$server_pid5"; then printf '%s\n' "Unexpected server result" exit 1 fi printf '%s\n\n' "Test successful" printf '%s\n\n' "------------- TEST CASE 8 SHOULD REVOKE ----------------------" -remove_single_rF $ready_file5 +remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 -H loadSSL & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" -H loadSSL & server_pid5=$! sleep 0.1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 3 -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 -wait $server_pid5 -if [ $? -ne 1 ]; then +if ! wait "$server_pid5"; then + : +else printf '%s\n' "Unexpected server result" exit 1 fi printf '%s\n\n' "Test successfully REVOKED!" # need a unique port since may run the same time as testsuite +# Track ports already assigned in this script run to prevent intra-run collisions +used_ports=() + generate_port() { #-------------------------------------------------------------------------# - # Generate a random port number + # Generate a random port number, guaranteed unique within this script run. + # Checks both the intra-run used_ports list and system-level bound ports. #-------------------------------------------------------------------------# + local attempts=0 collision p - if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys" - || "$OSTYPE" == "cygwin" ]]; then - port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) - elif [[ "$OSTYPE" == "darwin"* ]]; then - port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) - else - echo "Unknown OS TYPE" - exit 1 - fi + while true; do + if [[ "$OSTYPE" == "linux"* || "$OSTYPE" == "msys" + || "$OSTYPE" == "cygwin" ]]; then + p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi + + # Check against ports already assigned in this run + collision=0 + for up in "${used_ports[@]}"; do + if [ "$up" = "$p" ]; then + collision=1 + break + fi + done + + # Also check if the port is already bound on this system + if [ $collision -eq 0 ]; then + if command -v ss &>/dev/null; then + ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + elif command -v netstat &>/dev/null; then + netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + fi + fi + + [ "$collision" -eq 0 ] && break + + ((attempts++)) + if [ "$attempts" -ge 100 ]; then + echo "ERROR: generate_port could not find a free port after 100 attempts" + exit 1 + fi + done + + port=$p + used_ports+=("$p") } # Start OpenSSL server that has no OCSP responses to return generate_port -openssl s_server -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port $port & -openssl_pid=$! +openssl s_server -cert ./certs/server-cert.pem -key certs/server-key.pem -www -port "$port" & MAX_TIMEOUT=10 -until nc -z localhost $port # Wait for openssl to be ready +until nc -z localhost "$port" # Wait for openssl to be ready do sleep 0.05 if [ "$MAX_TIMEOUT" == "0" ]; then @@ -494,7 +547,7 @@ printf '%s\n\n' "------------- TEST CASE 9 SHOULD PASS ----------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p $port -g -v 3 -W 2 +./examples/client/client -p "$port" -g -v 3 -W 2 RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 9 failed" && exit 1 @@ -502,7 +555,7 @@ printf '%s\n\n' "------------- TEST CASE 10 SHOULD UNKNOWN -------------------" # client asks for OCSP staple but doesn't fail when none returned -./examples/client/client -p $port -g -v 3 -W 2m +./examples/client/client -p "$port" -g -v 3 -W 2m RESULT=$? [ $RESULT -ne 1 ] \ @@ -515,12 +568,12 @@ printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS -------------------" # client test against our own server - GOOD CERTS ./examples/server/server -c certs/ocsp/server3-cert.pem \ - -k certs/ocsp/server3-key.pem -R $ready_file5 \ - -p $port5 -u -v 3 & + -k certs/ocsp/server3-key.pem -R "$ready_file5" \ + -p "$port5" -u -v 3 & server_pid5=$! sleep 0.2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 2 -u -v 3 \ - -p $port5 + -p "$port5" RESULT=$? [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling_tls13multi.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling_tls13multi.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/ocsp-stapling_tls13multi.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/ocsp-stapling_tls13multi.test 2026-05-24 09:58:33.000000000 +0000 @@ -24,6 +24,22 @@ export RETRIES_REMAINING=2 fi +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +[ ! -x ./examples/server/server ] && printf '\n\n%s\n' "Server doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping ocsp-stapling_tls13multi.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping ocsp-stapling_tls13multi.test because server not compiled in.' 1>&2 + exit 77 +fi + if ! ./examples/client/client -V | grep -q 4; then tls13=no @@ -50,13 +66,13 @@ tls13=yes fi -if openssl s_server -help 2>&1 | fgrep -q -i ipv6 && nc -h 2>&1 | fgrep -q -i ipv6; then +if openssl s_server -help 2>&1 | grep -F -q -i ipv6 && nc -h 2>&1 | grep -F -q -i ipv6; then IPV6_SUPPORTED=yes else IPV6_SUPPORTED=no fi -if ./examples/client/client '-#' | fgrep -q -e ' -DTEST_IPV6 '; then +if ./examples/client/client '-#' | grep -F -q -e ' -DTEST_IPV6 '; then if [[ "$IPV6_SUPPORTED" == "no" ]]; then echo 'Skipping IPV6 test in environment lacking IPV6 support.' exit 77 @@ -78,20 +94,20 @@ #mkdir "${WORKSPACE}" || exit $? # Use portable mktemp syntax that works on both Linux and macOS -WORKSPACE="$(mktemp -d ${PARENTDIR}/wolfssl-ocsp-test.XXXXXX)" +WORKSPACE="$(mktemp -d "${PARENTDIR}"/wolfssl-ocsp-test.XXXXXX)" -cp -pR ${SCRIPT_DIR}/../certs "${WORKSPACE}"/ || exit $? +cp -pR "${SCRIPT_DIR}"/../certs "${WORKSPACE}"/ || exit $? cd "$WORKSPACE" || exit $? -ln -s ../examples +ln -s ../examples . CERT_DIR="certs/ocsp" -ready_file1="$WORKSPACE"/wolf_ocsp_s2_readyF1$$ -ready_file2="$WORKSPACE"/wolf_ocsp_s2_readyF2$$ -ready_file3="$WORKSPACE"/wolf_ocsp_s2_readyF3$$ -ready_file4="$WORKSPACE"/wolf_ocsp_s2_readyF4$$ -ready_file5="$WORKSPACE"/wolf_ocsp_s2_readyF5$$ +ready_file1="$WORKSPACE"/wolf_ocsp_tls13_readyF1$$ +ready_file2="$WORKSPACE"/wolf_ocsp_tls13_readyF2$$ +ready_file3="$WORKSPACE"/wolf_ocsp_tls13_readyF3$$ +ready_file4="$WORKSPACE"/wolf_ocsp_tls13_readyF4$$ +ready_file5="$WORKSPACE"/wolf_ocsp_tls13_readyF5$$ printf '%s\n' "ready file 1: $ready_file1" printf '%s\n' "ready file 2: $ready_file2" printf '%s\n' "ready file 3: $ready_file3" @@ -104,9 +120,9 @@ counter=0 - while [ ! -s $1 -a "$counter" -lt 20 ]; do + while [ ! -s "$1" ] && [ "$counter" -lt 20 ]; do if [[ -n "${2-}" ]]; then - if ! kill -0 $2 2>&-; then + if ! kill -0 "$2" 2>&-; then echo "pid $2 for port ${3-} exited before creating ready file. bailing..." exit 1 fi @@ -116,7 +132,7 @@ counter=$((counter+ 1)) done - if test -e $1; then + if test -e "$1"; then echo -e "found ready file, starting client..." else echo -e "NO ready file at $1 -- ending test..." @@ -126,16 +142,16 @@ } remove_single_rF(){ - if test -e $1; then + if test -e "$1"; then printf '%s\n' "removing ready file: $1" - rm $1 + rm "$1" fi } #create a configure file for cert generation with the port 0 solution create_new_cnf() { echo "Random Ports Selected: $1 $2 $3 $4" - cat <<- EOF > $test_cnf + cat <<- EOF > "$test_cnf" # # openssl configuration file for OCSP certificates # @@ -180,34 +196,34 @@ extendedKeyUsage = OCSPSigning EOF - mv $test_cnf $CERT_DIR/$test_cnf - cd $CERT_DIR + mv "$test_cnf" "$CERT_DIR/$test_cnf" + cd "$CERT_DIR" || exit CURR_LOC="$PWD" printf '%s\n' "echo now in $CURR_LOC" - ./renewcerts-for-test.sh $test_cnf - cd $WORKSPACE + ./renewcerts-for-test.sh "$test_cnf" + cd "$WORKSPACE" || exit } remove_ready_file(){ - if test -e $ready_file1; then + if test -e "$ready_file1"; then printf '%s\n' "removing ready file: $ready_file1" - rm $ready_file1 + rm "$ready_file1" fi - if test -e $ready_file2; then + if test -e "$ready_file2"; then printf '%s\n' "removing ready file: $ready_file2" - rm $ready_file2 + rm "$ready_file2" fi - if test -e $ready_file3; then + if test -e "$ready_file3"; then printf '%s\n' "removing ready file: $ready_file3" - rm $ready_file3 + rm "$ready_file3" fi - if test -e $ready_file4; then + if test -e "$ready_file4"; then printf '%s\n' "removing ready file: $ready_file4" - rm $ready_file4 + rm "$ready_file4" fi - if test -e $ready_file5; then + if test -e "$ready_file5"; then printf '%s\n' "removing ready file: $ready_file5" - rm $ready_file5 + rm "$ready_file5" fi } @@ -219,14 +235,14 @@ kill -s KILL "$i" done remove_ready_file - rm $CERT_DIR/$test_cnf + rm "$CERT_DIR/$test_cnf" cd "$PARENTDIR" || return 1 rm -r "$WORKSPACE" || return 1 if [[ ("$exit_status" == 1) && ($RETRIES_REMAINING -gt 0) ]]; then echo "retrying..." RETRIES_REMAINING=$((RETRIES_REMAINING - 1)) - exec $0 "$@" + exec "$0" "$@" fi } trap cleanup EXIT INT TERM HUP @@ -236,9 +252,9 @@ # check if supported key size is large enough to handle 4096 bit RSA size="$(./examples/client/client '-?' | grep "Max RSA key")" size="${size//[^0-9]/}" -if [ ! -z "$size" ]; then - printf 'check on max key size of %d ...' $size - if [ $size -lt 4096 ]; then +if [ -n "$size" ]; then + printf 'check on max key size of %d ...' "$size" + if [ "$size" -lt 4096 ]; then printf '%s\n' "4096 bit RSA keys not supported" exit 0 fi @@ -266,57 +282,57 @@ return 0 } -base_port=$((((($$ + $RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) -port1=$(get_first_free_port $base_port) +base_port=$((((($$ + RETRIES_REMAINING) * 5) % (65536 - 2048)) + 1024)) +port1=$(get_first_free_port "$base_port") port2=$(get_first_free_port $((port1 + 1))) port3=$(get_first_free_port $((port2 + 1))) port4=$(get_first_free_port $((port3 + 1))) port5=$(get_first_free_port $((port4 + 1))) # 1: -./examples/server/server -R $ready_file1 -p $port1 & +./examples/server/server -R "$ready_file1" -p "$port1" & server_pid1=$! -wait_for_readyFile $ready_file1 $server_pid1 $port1 -if [ ! -f $ready_file1 ]; then +wait_for_readyFile "$ready_file1" "$server_pid1" "$port1" +if [ ! -f "$ready_file1" ]; then printf '%s\n' "Failed to create ready file1: \"$ready_file1\"" exit 1 fi # 2: -./examples/server/server -R $ready_file2 -p $port2 & +./examples/server/server -R "$ready_file2" -p "$port2" & server_pid2=$! -wait_for_readyFile $ready_file2 $server_pid2 $port2 -if [ ! -f $ready_file2 ]; then +wait_for_readyFile "$ready_file2" "$server_pid2" "$port2" +if [ ! -f "$ready_file2" ]; then printf '%s\n' "Failed to create ready file2: \"$ready_file2\"" exit 1 fi # 3: -./examples/server/server -R $ready_file3 -p $port3 & +./examples/server/server -R "$ready_file3" -p "$port3" & server_pid3=$! -wait_for_readyFile $ready_file3 $server_pid3 $port3 -if [ ! -f $ready_file3 ]; then +wait_for_readyFile "$ready_file3" "$server_pid3" "$port3" +if [ ! -f "$ready_file3" ]; then printf '%s\n' "Failed to create ready file3: \"$ready_file3\"" exit 1 fi # 4: -./examples/server/server -R $ready_file4 -p $port4 & +./examples/server/server -R "$ready_file4" -p "$port4" & server_pid4=$! -wait_for_readyFile $ready_file4 $server_pid4 $port4 -if [ ! -f $ready_file4 ]; then +wait_for_readyFile "$ready_file4" "$server_pid4" "$port4" +if [ ! -f "$ready_file4" ]; then printf '%s\n' "Failed to create ready file4: \"$ready_file4\"" exit 1 fi printf '%s\n' "------------- PORTS ---------------" printf '%s' "Random ports selected: $port1 $port2" -printf '%s\n' " $port3 $port4" +printf '%s\n' " $port3 $port4 $port5" printf '%s\n' "-----------------------------------" # Use client connections to cleanly shutdown the servers -./examples/client/client -p $port1 -./examples/client/client -p $port2 -./examples/client/client -p $port3 -./examples/client/client -p $port4 -create_new_cnf $port1 $port2 $port3 \ - $port4 +./examples/client/client -p "$port1" +./examples/client/client -p "$port2" +./examples/client/client -p "$port3" +./examples/client/client -p "$port4" +create_new_cnf "$port1" "$port2" "$port3" \ + "$port4" sleep 0.1 @@ -324,7 +340,7 @@ # OLD: ./certs/ocsp/ocspd-root-ca-and-intermediate-cas.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port1 -nmin 1 \ +openssl ocsp -port "$port1" -nmin 1 \ -index certs/ocsp/index-ca-and-intermediate-cas.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -335,7 +351,7 @@ # OLD: ./certs/ocsp/ocspd-intermediate2-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port2 -nmin 1 \ +openssl ocsp -port "$port2" -nmin 1 \ -index certs/ocsp/index-intermediate2-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -346,7 +362,7 @@ # OLD: ./certs/ocsp/ocspd-intermediate3-ca-issued-certs.sh & # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port3 -nmin 1 \ +openssl ocsp -port "$port3" -nmin 1 \ -index certs/ocsp/index-intermediate3-ca-issued-certs.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -356,7 +372,7 @@ # NEW: openssl isn't being cleaned up, invoke directly in script for cleanup # purposes! -openssl ocsp -port $port4 -nmin 1 \ +openssl ocsp -port "$port4" -nmin 1 \ -index certs/ocsp/index-ca-and-intermediate-cas.txt \ -rsigner certs/ocsp/ocsp-responder-cert.pem \ -rkey certs/ocsp/ocsp-responder-key.pem \ @@ -366,7 +382,7 @@ sleep 0.1 # "jobs" is not portable for posix. Must use bash interpreter! -[ $(jobs -r | wc -l) -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 +[ "$(jobs -r | wc -l)" -ne 4 ] && printf '\n\n%s\n' "Setup ocsp responder failed, skipping" && exit 0 printf '\n\n%s\n\n' "All OCSP responders started successfully!" @@ -374,97 +390,96 @@ printf '%s\n\n' "------------- TEST CASE 1 SHOULD PASS ------------------------" # client test against our own server - GOOD CERTS ./examples/server/server -c certs/ocsp/server3-cert.pem \ - -k certs/ocsp/server3-key.pem -R $ready_file5 \ - -p $port5 -v 4 & + -k certs/ocsp/server3-key.pem -R "$ready_file5" \ + -p "$port5" -v 4 & server_pid5=$! - wait_for_readyFile $ready_file5 $server_pid5 $port5 + wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + [ "$RESULT" -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE 2 SHOULD REVOKE ----------------------" # client test against our own server - REVOKED SERVER CERT - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 -v 4 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" -v 4 & server_pid5=$! - wait_for_readyFile $ready_file5 $server_pid5 $port5 + wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 3 SHOULD REVOKE ----------------------" - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" & sleep 0.1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 4 SHOULD REVOKE ------------------------" # client test against our own server - REVOKED INTERMEDIATE CERT - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server5-cert.pem \ - -k certs/ocsp/server5-key.pem -R $ready_file5 \ - -p $port5 -v 4 & + -k certs/ocsp/server5-key.pem -R "$ready_file5" \ + -p "$port5" -v 4 & server_pid5=$! - wait_for_readyFile $ready_file5 $server_pid5 $port5 + wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 5 SHOULD REVOKE ----------------------" - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server5-cert.pem \ - -k certs/ocsp/server5-key.pem -R $ready_file5 \ - -p $port5 -v 4 & + -k certs/ocsp/server5-key.pem -R "$ready_file5" \ + -p "$port5" -v 4 & server_pid5=$! - wait_for_readyFile $ready_file5 $server_pid5 $port5 + wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" printf '%s\n\n' "------------- TEST CASE 6 LOAD CERT IN SSL -------------------" - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server1-cert.pem \ - -k certs/ocsp/server1-key.pem -R $ready_file5 -v 4 \ - -p $port5 -H loadSSL & + -k certs/ocsp/server1-key.pem -R "$ready_file5" -v 4 \ + -p "$port5" -H loadSSL & server_pid5=$! - wait_for_readyFile $ready_file5 $server_pid5 $port5 - echo "test connection" | openssl s_client -status -legacy_renegotiation -connect ${LOCALHOST}:$port5 -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem + wait_for_readyFile "$ready_file5" "$server_pid5" "$port5" + echo "test connection" | openssl s_client -status -legacy_renegotiation -connect "${LOCALHOST}:$port5" -cert ./certs/client-cert.pem -key ./certs/client-key.pem -CAfile ./certs/ocsp/root-ca-cert.pem RESULT=$? - [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 - wait $server_pid5 - if [ $? -ne 0 ]; then + [ "$RESULT" -ne 0 ] && printf '\n\n%s\n' "Client connection failed $RESULT" && exit 1 + if ! wait "$server_pid5"; then printf '%s\n' "Unexpected server result" exit 1 fi printf '%s\n\n' "Test successful" printf '%s\n\n' "------------- TEST CASE 7 SHOULD REVOKE ----------------------" - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 -H loadSSL -v 4 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" -H loadSSL -v 4 & server_pid5=$! sleep 0.1 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 - wait $server_pid5 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + wait "$server_pid5" if [ $? -ne 1 ]; then printf '%s\n' "Unexpected server result" exit 1 @@ -476,48 +491,32 @@ printf '%s\n\n' "------------- TEST CASE DTLS-1 SHOULD PASS ---------------" # client test against our own server - GOOD CERTS ./examples/server/server -c certs/ocsp/server3-cert.pem \ - -k certs/ocsp/server3-key.pem -R $ \ - -p $port5 -u -v 4 & + -k certs/ocsp/server3-key.pem -R "$ready_file5" \ + -p "$port5" -u -v 4 & server_pid5=$! sleep 0.2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -u -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 + [ "$RESULT" -ne 0 ] && printf '\n\n%s\n' "Client connection 1 failed" && exit 1 printf '%s\n\n' "Test PASSED!" printf '%s\n\n' "------------- TEST CASE DTLS-2 SHOULD REVOKE --------------" # client test against our own server - REVOKED SERVER CERT - remove_single_rF $ready_file5 + remove_single_rF "$ready_file5" ./examples/server/server -c certs/ocsp/server4-cert.pem \ - -k certs/ocsp/server4-key.pem -R $ready_file5 \ - -p $port5 -v 4 & + -k certs/ocsp/server4-key.pem -R "$ready_file5" \ + -p "$port5" -v 4 & server_pid5=$! sleep 0.2 ./examples/client/client -C -A certs/ocsp/root-ca-cert.pem -W 1 -v 4 \ - -p $port5 + -p "$port5" RESULT=$? - [ $RESULT -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 + [ "$RESULT" -ne 1 ] && printf '\n\n%s\n' "Client connection succeeded $RESULT" && exit 1 printf '%s\n\n' "Test successfully REVOKED!" fi -# need a unique port since may run the same time as testsuite -generate_port() { - #-------------------------------------------------------------------------# - # Generate a random port number - #-------------------------------------------------------------------------# - - if [[ "$OSTYPE" == "linux"* ]]; then - port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) - elif [[ "$OSTYPE" == "darwin"* ]]; then - port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) - else - echo "Unknown OS TYPE" - exit 1 - fi -} - printf '%s\n\n' "------------------- TESTS COMPLETE ---------------------------" exit 0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/openssl.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/openssl.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl.test 2026-05-24 09:58:33.000000000 +0000 @@ -31,19 +31,55 @@ echo "WOLFSSL_OPENSSL_TEST set, running test..." # need a unique port since may run the same time as testsuite +# Track ports already assigned in this script run to prevent intra-run collisions +used_ports=() + generate_port() { #-------------------------------------------------------------------------# - # Generate a random port number + # Generate a random port number, guaranteed unique within this script run. + # Checks both the intra-run used_ports list and system-level bound ports. #-------------------------------------------------------------------------# + local attempts=0 collision p - if [[ "$OSTYPE" == "linux"* ]]; then - port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) - elif [[ "$OSTYPE" == "darwin"* ]]; then - port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) - else - echo "Unknown OS TYPE" - exit 1 - fi + while true; do + if [[ "$OSTYPE" == "linux"* ]]; then + p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi + + # Check against ports already assigned in this run + collision=0 + for up in "${used_ports[@]}"; do + if [ "$up" = "$p" ]; then + collision=1 + break + fi + done + + # Also check if the port is already bound on this system + if [ "$collision" -eq 0 ]; then + if command -v ss &>/dev/null; then + ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + elif command -v netstat &>/dev/null; then + netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + fi + fi + + [ "$collision" -eq 0 ] && break + + ((attempts++)) + if [ "$attempts" -ge 100 ]; then + echo "ERROR: generate_port could not find a free port after 100 attempts" + exit 1 + fi + done + + port=$p + used_ports+=("$p") } no_pid=-1 @@ -112,7 +148,7 @@ pid=${f2##*:} port=${s##*:} echo "killing server: $sname ($port)" - kill -9 $pid + kill -9 "$pid" done } @@ -124,18 +160,6 @@ trap do_trap INT TERM - -check_process_running() { - if [ "$ps_grep" = "" ] - then - ps -p $server_pid > /dev/null - PS_EXIT=$? - else - ps | grep "^ *$server_pid " > /dev/null - PS_EXIT=$? - fi -} - # # Start an OpenSSL server # @@ -153,20 +177,13 @@ # If OPENSSL_ENGINE_ID has been set then check that the desired engine can # be loaded successfully and error out if not. Otherwise the OpenSSL app # will fall back to default engine. - if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then - OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID` - if [ $? != 0 ]; then - printf "not able to load engine\n" - printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n" + if [ -n "${OPENSSL_ENGINE_ID}" ]; then + OUTPUT=$($OPENSSL engine -tt "$OPENSSL_ENGINE_ID") + if ! echo "$OUTPUT" | grep -q "available"; then + printf "not able to load engine or engine not available\n" + printf '%s\n' "$OPENSSL engine -tt $OPENSSL_ENGINE_ID" do_cleanup exit 1 - else - echo $OUTPUT | grep "available" - if [ $? != 0 ]; then - printf "engine not available\n" - do_cleanup - exit 1 - fi fi OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}" fi @@ -177,18 +194,19 @@ if [ "$cert_file" != "" ] then - echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe - $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & + echo "# $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert \"$cert_file\" -key \"$key_file\" -quiet -CAfile \"$ca_file\" -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher \"ALL:eNULL\" $openssl_nodhe" + # shellcheck disable=SC2086 + $OPENSSL s_server -accept "$server_port" $OPENSSL_ENGINE_ID -cert "$cert_file" -key "$key_file" -quiet -CAfile "$ca_file" -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk "$psk_hex" -cipher "ALL:eNULL" $openssl_nodhe & else - echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe - $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe & + echo "# $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam \"${CERT_DIR}/dh2048.pem\" -verify 10 -verify_return_error -psk $psk_hex -cipher \"ALL:eNULL\" $openssl_nodhe" + # shellcheck disable=SC2086 + $OPENSSL s_server -accept "$server_port" $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam "${CERT_DIR}/dh2048.pem" -verify 10 -verify_return_error -psk "$psk_hex" -cipher "ALL:eNULL" $openssl_nodhe & fi server_pid=$! # wait to see if s_server successfully starts before continuing sleep 0.1 - check_process_running - if [ "$PS_EXIT" = "0" ] + if kill -0 "$server_pid" 2>/dev/null then echo "s_server started successfully on port $server_port" found_free_port=1 @@ -201,7 +219,7 @@ fi done - if [ $found_free_port = 0 ] + if [ "$found_free_port" = 0 ] then echo -e "Couldn't find free port for server" do_cleanup @@ -246,13 +264,13 @@ echo "#" echo "# $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\"" - $WOLFSSL_SERVER -p $server_port -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" & + # shellcheck disable=SC2086 + $WOLFSSL_SERVER -p "$server_port" -g -v d -x -i $psk $crl -l ALL "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" & server_pid=$! # wait to see if server successfully starts before continuing sleep 0.1 - check_process_running - if [ "$PS_EXIT" = "0" ] + if kill -0 "$server_pid" 2>/dev/null then echo "wolfSSL server started successfully on port $server_port" found_free_port=1 @@ -265,7 +283,7 @@ fi done - if [ $found_free_port = 0 ] + if [ "$found_free_port" = 0 ] then echo -e "Couldn't find free port for server" do_cleanup @@ -280,9 +298,9 @@ server_ready=0 while [ "$counter" -lt 20 ]; do echo -e "waiting for $server_name ready..." - echo -e Checking | nc -4 -w 1 -z localhost $server_port + echo -e Checking | nc -4 -w 1 -z localhost "$server_port" nc_result=$? - if [ $nc_result = 0 ] + if [ "$nc_result" = 0 ] then echo -e "$server_name ready!" server_ready=1 @@ -325,7 +343,7 @@ wolfssl_caCert="-A$caCert" fi wolfssl_resume="-r" - if [ "$openssl_psk_resume_bug" != "" -a "$tls13_suite" != "" ] + if [ "$openssl_psk_resume_bug" != "" ] && [ "$tls13_suite" != "" ] then wolfssl_resume= fi @@ -333,21 +351,23 @@ then wolfssl_resume= fi - if [ "$version" != "5" -a "$version" != "" ] + if [ "$version" != "5" ] && [ "$version" != "" ] then echo "#" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl" - $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite -v $version $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl + # shellcheck disable=SC2086 + $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" -v "$version" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl else echo "#" echo "# $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh \"$wolfssl_cert\" \"$wolfssl_key\" \"$wolfssl_caCert\" $crl" # do all versions - $WOLFSSL_CLIENT -p $port -g $wolfssl_resume -l $wolfSuite $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl + # shellcheck disable=SC2086 + $WOLFSSL_CLIENT -p "$port" -g $wolfssl_resume -l "$wolfSuite" $psk $adh "$wolfssl_cert" "$wolfssl_key" "$wolfssl_caCert" $crl fi client_result=$? - if [ $client_result != 0 ] + if [ "$client_result" != 0 ] then echo -e "client failed! Suite = $wolfSuite version = $version" do_cleanup @@ -365,9 +385,9 @@ return fi - if [ "$version" = "" -o "$version" = "5" ] + if [ "$version" = "" ] || [ "$version" = "5" ] then - if [ "$tls13_cipher" = "" -a "$openssl_tls13" != "" ] + if [ "$tls13_cipher" = "" ] && [ "$openssl_tls13" != "" ] then openssl_version="-no_tls1_3" fi @@ -387,6 +407,13 @@ openssl_caCert1="-CAfile" openssl_caCert2="$caCert" fi + # Integrity-only cipher suites require SECLEVEL=0 to allow NULL encryption + openssl_seclevel="" + if [ "$tls13_integrity_only" = "yes" ] + then + openssl_seclevel="-cipher ALL:@SECLEVEL=0" + fi + if [ "$tls13_cipher" = "" ] then echo "#" @@ -394,13 +421,13 @@ echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -cipher $cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" else echo "#" - echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" - echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "# $OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_seclevel $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" + echo "Hello" | eval "$OPENSSL s_client -connect localhost:$port -reconnect -legacy_renegotiation -ciphersuites=$cmpSuite $openssl_seclevel $openssl_version $openssl_psk $openssl_cert1 \"$openssl_cert2\" $openssl_key1 \"$openssl_key2\" $openssl_caCert1 \"$openssl_caCert2\"" fi client_result=$? - if [ $client_result != 0 ] + if [ "$client_result" != 0 ] then echo -e "client failed! Suite = $wolfSuite version = $version" do_cleanup @@ -422,27 +449,20 @@ $OPENSSL version -a echo -ps -p $PPID >/dev/null 2>&1 -if [ "$?" = "1" ] -then - ps_grep="yes" - echo "ps -p not working, using ps and grep" -fi - echo -e "\nTesting existence of openssl command...\n" -command -v $OPENSSL >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; } +command -v "$OPENSSL" >/dev/null 2>&1 || { echo >&2 "Requires openssl command, but it's not installed. Ending."; do_cleanup; exit 0; } echo -e "\nTesting for _build directory as part of distcheck, different paths" -currentDir=`pwd` +currentDir=$(pwd) case "$currentDir" in *_build) echo -e "_build directory detected, moving a directory back" - cd .. + cd .. || exit ;; esac echo -e "\nChecking for wolfSSL client - needed for cipher list" -wolfssl_client_avail=`$WOLFSSL_CLIENT -?` +wolfssl_client_avail=$($WOLFSSL_CLIENT -?) case $wolfssl_client_avail in *"Client not compiled in!"*) wolfssl_client_avail= @@ -453,7 +473,7 @@ esac echo -e "\nTesting for buggy version of OpenSSL - TLS 1.3, PSK and session ticket" -openssl_version=`$OPENSSL version` +openssl_version=$($OPENSSL version) case $openssl_version in "OpenSSL 1.1.1 "*) openssl_psk_resume_bug=yes @@ -464,16 +484,16 @@ esac # check for wolfssl server -wolfssl_server_avail=`$WOLFSSL_SERVER -?` +wolfssl_server_avail=$($WOLFSSL_SERVER -?) case $wolfssl_server_avail in *"Server not compiled in!"*) wolfssl_server_avail= ;; esac # get wolfssl ciphers -wolf_ciphers=`$WOLFSSL_CLIENT -e` +wolf_ciphers=$($WOLFSSL_CLIENT -e) # get wolfssl supported versions -wolf_versions=`$WOLFSSL_CLIENT -V` +wolf_versions=$($WOLFSSL_CLIENT -V) wolf_versions="${wolf_versions}:5" #5 will test without -v flag OIFS="$IFS" # store old separator to reset @@ -496,7 +516,7 @@ # # Check for certificate support in wolfSSL -wolf_certs=`$WOLFSSL_CLIENT -? 2>&1` +wolf_certs=$($WOLFSSL_CLIENT -? 2>&1) case $wolf_certs in *"cert"*) ;; @@ -509,7 +529,7 @@ then echo # Check if RSA certificates supported in wolfSSL - wolf_rsa=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1` + wolf_rsa=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ca-cert.pem" 2>&1) case $wolf_rsa in *"ca file"*) echo "wolfSSL does not support RSA" @@ -522,7 +542,7 @@ echo "wolfSSL supports RSA" fi # Check if RSA-PSS certificates supported in wolfSSL - wolf_rsapss=`$WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1` + wolf_rsapss=$($WOLFSSL_CLIENT -A "${CERT_DIR}/rsapss/ca-rsapss.pem" 2>&1) case $wolf_rsapss in *"ca file"*) echo "wolfSSL does not support RSA-PSS" @@ -535,7 +555,7 @@ echo "wolfSSL supports RSA-PSS" fi # Check if ECC certificates supported in wolfSSL - wolf_ecc=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1` + wolf_ecc=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ca-ecc-cert.pem" 2>&1) case $wolf_ecc in *"ca file"*) echo "wolfSSL does not support ECDSA" @@ -548,7 +568,7 @@ echo "wolfSSL supports ECDSA" fi # Check if Ed25519 certificates supported in wolfSSL - wolf_ed25519=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1` + wolf_ed25519=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ed25519/root-ed25519.pem" 2>&1) case $wolf_ed25519 in *"ca file"*) echo "wolfSSL does not support Ed25519" @@ -561,7 +581,7 @@ echo "wolfSSL supports Ed25519" fi # Check if Ed25519 certificates supported in OpenSSL - openssl_ed25519=`$OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1` + openssl_ed25519=$($OPENSSL s_client -cert "${CERT_DIR}/ed25519/client-ed25519.pem" -key "${CERT_DIR}/ed25519/client-ed25519-priv.pem" 2>&1) case $openssl_ed25519 in *"unable to load"*) echo "OpenSSL does not support Ed25519" @@ -574,7 +594,7 @@ echo "OpenSSL supports Ed25519" fi # Check if Ed448 certificates supported in wolfSSL - wolf_ed448=`$WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1` + wolf_ed448=$($WOLFSSL_CLIENT -A "${CERT_DIR}/ed448/root-ed448.pem" 2>&1) case $wolf_ed448 in *"ca file"*) echo "wolfSSL does not support Ed448" @@ -587,7 +607,7 @@ echo "wolfSSL supports Ed448" fi # Check if Ed448 certificates supported in OpenSSL - openssl_ed448=`$OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1` + openssl_ed448=$($OPENSSL s_client -cert "${CERT_DIR}/ed448/client-ed448.pem" -key "${CERT_DIR}/ed448/client-ed448-priv.pem" 2>&1) case $openssl_ed448 in *"unable to load"*) echo "OpenSSL does not support Ed448" @@ -602,7 +622,7 @@ echo fi -openssl_tls13=`$OPENSSL s_client -help 2>&1` +openssl_tls13=$($OPENSSL s_client -help 2>&1) case $openssl_tls13 in *no_tls1_3*) ;; @@ -612,7 +632,7 @@ esac # Not all openssl versions support -allow_no_dhe_kex -openssl_nodhe=`$OPENSSL s_client -help 2>&1` +openssl_nodhe=$($OPENSSL s_client -help 2>&1) case $openssl_nodhe in *allow_no_dhe_kex*) openssl_nodhe=-allow_no_dhe_kex @@ -662,7 +682,7 @@ done IFS="$OIFS" #restore separator -openssl_ciphers=`$OPENSSL ciphers ALL 2>&1` +openssl_ciphers=$($OPENSSL ciphers ALL 2>&1) case $openssl_ciphers in *ADH*) openssl_anon=yes @@ -673,7 +693,7 @@ psk_hex="1a2b3c4d" # If RSA cipher suites supported in wolfSSL then start servers -if [ "$wolf_rsa" != "" -o "$wolf_tls_psk" != "" ] +if [ "$wolf_rsa" != "" ] || [ "$wolf_tls_psk" != "" ] then if [ "$wolf_rsa" != "" ] then @@ -700,6 +720,7 @@ start_wolfssl_server psk= wolfssl_port=$server_port + # shellcheck disable=SC2034 wolfssl_pid=$server_pid fi @@ -713,15 +734,17 @@ openssl_suite="ECDH-RSA" start_openssl_server ecdh_openssl_port=$server_port + # shellcheck disable=SC2034 ecdh_openssl_pid=$server_pid wolfssl_suite="ECDH-RSA" start_wolfssl_server ecdh_wolfssl_port=$server_port + # shellcheck disable=SC2034 ecdh_wolfssl_pid=$server_pid fi -if [ "$wolf_ecdsa" != "" -a "$wolf_ecc" != "" ] +if [ "$wolf_ecdsa" != "" ] && [ "$wolf_ecc" != "" ] then cert_file="${CERT_DIR}/server-ecc.pem" key_file="${CERT_DIR}/ecc-key.pem" @@ -735,6 +758,7 @@ wolfssl_suite="ECDH[E]-ECDSA" start_wolfssl_server ecdsa_wolfssl_port=$server_port + # shellcheck disable=SC2034 ecdsa_wolfssl_pid=$server_pid fi @@ -754,6 +778,7 @@ wolfssl_suite="Ed25519" start_wolfssl_server ed25519_wolfssl_port=$server_port + # shellcheck disable=SC2034 ed25519_wolfssl_pid=$server_pid crl= fi @@ -774,11 +799,12 @@ wolfssl_suite="Ed448" start_wolfssl_server ed448_wolfssl_port=$server_port + # shellcheck disable=SC2034 ed448_wolfssl_pid=$server_pid crl= fi -if [ "$wolf_tls13" != "" -a "$wolf_psk" != "" ] +if [ "$wolf_tls13" != "" ] && [ "$wolf_psk" != "" ] then cert_file= @@ -786,15 +812,17 @@ openssl_suite="TLSv1.3_PSK" start_openssl_server tls13_psk_openssl_port=$server_port + # shellcheck disable=SC2034 tls13_psk_openssl_pid=$server_pid psk="-s --openssl-psk" wolfssl_suite="TLSv1.3_PSK" start_wolfssl_server tls13_psk_wolfssl_port=$server_port + # shellcheck disable=SC2034 tls13_psk_wolfssl_pid=$server_pid fi -if [ "$wolf_anon" != "" -a "$openssl_anon" ] +if [ "$wolf_anon" != "" ] && [ "$openssl_anon" ] then cert_file="" key_file="" @@ -804,6 +832,7 @@ psk="-a" # anonymous not psk start_wolfssl_server anon_wolfssl_port=$server_port + # shellcheck disable=SC2034 anon_wolfssl_pid=$server_pid fi @@ -830,13 +859,13 @@ # -s flag for only supported ciphers case $version in "0") - openssl_ciphers=`$OPENSSL ciphers "SSLv3" 2>&1` + openssl_ciphers=$($OPENSSL ciphers "SSLv3" 2>&1) # double check that can actually do a sslv3 connection using # client-cert.pem to send but any file with EOF works - $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port $openssl_port < "${CERT_DIR}/client-cert.pem" + $OPENSSL s_client -ssl3 -no_ign_eof -host localhost -port "$openssl_port" < "${CERT_DIR}/client-cert.pem" sslv3_sup=$? - if [ $sslv3_sup != 0 ] + if [ "$sslv3_sup" != 0 ] then echo -e "Not testing SSLv3. No OpenSSL support for 'SSLv3' modifier" testing_summary="${testing_summary}SSLv3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -845,17 +874,17 @@ openssl_version="-ssl3" ;; "1") - proto_check=`echo "hell" | $OPENSSL s_client -connect localhost:$openssl_port -tls1 2>&1` + proto_check=$(echo "hell" | $OPENSSL s_client -connect localhost:"$openssl_port" -tls1 2>&1) tlsv1_sup=$? - if [ $tlsv1_sup != 0 ] + if [ "$tlsv1_sup" != 0 ] then echo -e "Not testing TLSv1. No OpenSSL support for '-tls1'" testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL Support)\n" continue fi - openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1` + openssl_ciphers=$($OPENSSL ciphers -s "TLSv1" 2>&1) tlsv1_sup=$? - if [ $tlsv1_sup != 0 ] + if [ "$tlsv1_sup" != 0 ] then echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier" testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -865,17 +894,18 @@ ;; "2") # Same ciphers for TLSv1.1 as TLSv1 - proto_check=`echo "hello" | $OPENSSL s_client -connect localhost:$openssl_port -tls1_1 2>&1` + # shellcheck disable=SC2034 + proto_check=$(echo "hello" | $OPENSSL s_client -connect localhost:"$openssl_port" -tls1_1 2>&1) tlsv1_1_sup=$? - if [ $tlsv1_1_sup != 0 ] + if [ "$tlsv1_1_sup" != 0 ] then echo -e "Not testing TLSv1.1. No OpenSSL support for 'TLSv1.1' modifier" testing_summary="${testing_summary}TLSv1.1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" continue fi - openssl_ciphers=`$OPENSSL ciphers -s "TLSv1" 2>&1` + openssl_ciphers=$($OPENSSL ciphers -s "TLSv1" 2>&1) tlsv1_sup=$? - if [ $tlsv1_sup != 0 ] + if [ "$tlsv1_sup" != 0 ] then echo -e "Not testing TLSv1. No OpenSSL support for 'TLSv1' modifier" testing_summary="${testing_summary}TLSv1\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -884,9 +914,9 @@ openssl_version="-tls1_1" ;; "3") - openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2" 2>&1` + openssl_ciphers=$($OPENSSL ciphers -s "TLSv1.2" 2>&1) tlsv1_2_sup=$? - if [ $tlsv1_2_sup != 0 ] + if [ "$tlsv1_2_sup" != 0 ] then echo -e "Not testing TLSv1.2. No OpenSSL support for 'TLSv1.2' modifier" testing_summary="${testing_summary}TLSv1.2\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -895,15 +925,16 @@ openssl_version="-tls1_2" ;; "4") - openssl_ciphers=`$OPENSSL ciphers -tls1_3 2>&1` + openssl_ciphers=$($OPENSSL ciphers -tls1_3 2>&1) tlsv1_3_sup=$? - if [ $tlsv1_3_sup != 0 ] + if [ "$tlsv1_3_sup" != 0 ] then echo -e "Not testing TLSv1.3. No OpenSSL support for 'TLSv1.3' modifier" testing_summary="${testing_summary}TLSv1.3\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" continue fi - ecc_support=`$WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups'` + # shellcheck disable=SC2034 + ecc_support=$($WOLFSSL_CLIENT -? 2>&1 | grep 'ECC named groups') openssl_version="-tls1_3" ;; "d(downgrade)") @@ -914,9 +945,9 @@ continue ;; "5") #test all suites - openssl_ciphers=`$OPENSSL ciphers -s "ALL" 2>&1` + openssl_ciphers=$($OPENSSL ciphers -s "ALL" 2>&1) all_sup=$? - if [ $all_sup != 0 ] + if [ "$all_sup" != 0 ] then echo -e "Not testing ALL. No OpenSSL support for ALL modifier" testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -925,9 +956,9 @@ openssl_version="" ;; "") - openssl_ciphers=`$OPENSSL ciphers 2>&1` + openssl_ciphers=$($OPENSSL ciphers 2>&1) all_sup=$? - if [ $all_sup != 0 ] + if [ "$all_sup" != 0 ] then echo -e "Not testing ALL. No OpenSSL support for ALL modifier" testing_summary="${testing_summary}ALL\tNo\tN/A\tN/A\tN/A\tN/A\t (No OpenSSL cipherstring)\n" @@ -941,8 +972,9 @@ echo -e "trying wolfSSL cipher suite $wolfSuite" wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) open_temp_cases_total=$((open_temp_cases_total + 1)) - matchSuite=0; + matchSuite=0 tls13_suite= + tls13_integrity_only= case $wolfSuite in "TLS13-AES128-GCM-SHA256") @@ -966,10 +998,22 @@ tls13_suite="yes" ;; "TLS13-SHA256-SHA256") - continue + cmpSuite="TLS_SHA256_SHA256" + tls13_suite="yes" + tls13_integrity_only="yes" + # OpenSSL does not enable TLS_SHA256_SHA256 in openssl ciphers + # output by default, but it can be specified with -ciphersuite as + # done in do_openssl_client() + matchSuite=1 ;; "TLS13-SHA384-SHA384") - continue + cmpSuite="TLS_SHA384_SHA384" + tls13_suite="yes" + tls13_integrity_only="yes" + # OpenSSL does not enable TLS_SHA256_SHA256 in openssl ciphers + # output by default, but it can be specified with -ciphersuite as + # done in do_openssl_client() + matchSuite=1 ;; "TLS13-"*) echo -e "Suite = $wolfSuite not recognized!" @@ -982,35 +1026,38 @@ ;; esac - case ":$openssl_ciphers:" in *":$cmpSuite:"*) # add extra : for edge cases - case "$cmpSuite" in - "TLS_"*) - if [ "$version" != "4" -a "$version" != "d" ] - then - echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol" - matchSuite=0 - else - echo -e "Matched to OpenSSL suite support" - matchSuite=1 - fi - ;; - *) - if [ "$version" = "d" -a "$wolfdowngrade" = "4" ] - then - echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade" - matchSuite=0 - elif [ "$version" != "4" ] - then - echo -e "Matched to OpenSSL suite support" - matchSuite=1 - else - echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol" - matchSuite=0 - fi + if [ $matchSuite = 0 ] + then + case ":$openssl_ciphers:" in *":$cmpSuite:"*) # add extra : for edge cases + case "$cmpSuite" in + "TLS_"*) + if [ "$version" != "4" ] && [ "$version" != "d" ] + then + echo -e "TLS 1.3 cipher suite but not TLS 1.3 protocol" + matchSuite=0 + else + echo -e "Matched to OpenSSL suite support" + matchSuite=1 + fi + ;; + *) + if [ "$version" = "d" ] && [ "$wolfdowngrade" = "4" ] + then + echo -e "Not TLS 1.3 cipher suite but TLS 1.3 downgrade" + matchSuite=0 + elif [ "$version" != "4" ] + then + echo -e "Matched to OpenSSL suite support" + matchSuite=1 + else + echo -e "Not TLS 1.3 cipher suite but TLS 1.3 protocol" + matchSuite=0 + fi + ;; + esac ;; esac - ;; - esac + fi if [ $matchSuite = 0 ] then @@ -1049,7 +1096,7 @@ else wolf_temp_cases_total=$((wolf_temp_cases_total - 1)) fi - if [ $ed25519_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] + if [ "$ed25519_openssl_pid" != "$no_pid" ] && [ "$version" != "0" ] && [ "$version" != "1" ] && [ "$version" != "2" ] then cert="${CERT_DIR}/ed25519/client-ed25519.pem" key="${CERT_DIR}/ed25519/client-ed25519-priv.pem" @@ -1063,7 +1110,7 @@ port=$ed25519_wolfssl_port do_openssl_client fi - if [ $ed448_openssl_pid != $no_pid -a "$version" != "0" -a "$version" != "1" -a "$version" != "2" ] + if [ "$ed448_openssl_pid" != "$no_pid" ] && [ "$version" != "0" ] && [ "$version" != "1" ] && [ "$version" != "2" ] then cert="${CERT_DIR}/ed448/client-ed448.pem" key="${CERT_DIR}/ed448/client-ed448-priv.pem" @@ -1113,7 +1160,7 @@ key="${CERT_DIR}/client-key.pem" caCert="${CERT_DIR}/ca-cert.pem" - if [ "$version" != "0" -a "$version" != "1" -a "$version" != "2" -a "$openssl_adh_reneg_bug" != "" ] + if [ "$version" != "0" ] && [ "$version" != "1" ] && [ "$version" != "2" ] && [ "$openssl_adh_reneg_bug" != "" ] then continue fi @@ -1125,13 +1172,85 @@ do_openssl_client ;; TLS13*) - if [ $version != "4" -a $version != "d" -a $version != " " -a $version != "5" ] + if [ "$version" != "4" ] && [ "$version" != "d" ] && [ "$version" != " " ] && [ "$version" != "5" ] then continue fi tls13_cipher=yes + # Integrity-only cipher suites (NULL encryption) + if [ "$tls13_integrity_only" = "yes" ] + then + # Only run integrity-only tests with TLS 1.3 (version 4) + if [ "$version" != "4" ] + then + tls13_cipher= + tls13_integrity_only= + continue + fi + + # Integrity-only cipher suites require OpenSSL 3.4 or later + if $OPENSSL version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -1 | \ + awk -F. '{if ($1 > 3 || ($1 == 3 && $2 >= 4)) exit 1; else exit 0;}'; then + echo -e "OpenSSL version too old for integrity-only ciphers, skipping" + tls13_cipher= + tls13_integrity_only= + continue + fi + + # Test with RSA certs if available + if [ "$openssl_pid" != "$no_pid" ] && [ "$wolf_rsa" != "" ] + then + cert="${CERT_DIR}/client-cert.pem" + key="${CERT_DIR}/client-key.pem" + caCert="${CERT_DIR}/ca-cert.pem" + + # Start a dedicated OpenSSL server for integrity-only tests + generate_port + integrity_openssl_port=$port + $OPENSSL s_server -accept "$integrity_openssl_port" -cert "${CERT_DIR}/server-cert.pem" -key "${CERT_DIR}/server-key.pem" -quiet -CAfile "${CERT_DIR}/client-cert.pem" -www -cipher "ALL:eNULL:@SECLEVEL=0" -ciphersuites "$cmpSuite" -verify 10 -verify_return_error & + integrity_openssl_pid=$! + sleep 0.1 + + port=$integrity_openssl_port + do_wolfssl_client + + # Kill the dedicated server + kill "$integrity_openssl_pid" 2>/dev/null + + port=$wolfssl_port + do_openssl_client + fi + # Test with ECC certs if available + if [ "$ecdsa_openssl_pid" != "$no_pid" ] && [ "$wolf_ecc" != "" ] + then + cert="${CERT_DIR}/client-ecc-cert.pem" + key="${CERT_DIR}/ecc-client-key.pem" + caCert="${CERT_DIR}/ca-ecc-cert.pem" + + # Start a dedicated OpenSSL server for integrity-only tests (ECC) + generate_port + integrity_openssl_port=$port + $OPENSSL s_server -accept "$integrity_openssl_port" -cert "${CERT_DIR}/server-ecc.pem" -key "${CERT_DIR}/ecc-key.pem" -quiet -CAfile "${CERT_DIR}/client-ecc-cert.pem" -www -cipher "ALL:eNULL:@SECLEVEL=0" -ciphersuites "$cmpSuite" -verify 10 -verify_return_error & + integrity_openssl_pid=$! + sleep 0.1 + + wolf_temp_cases_total=$((wolf_temp_cases_total + 1)) + port=$integrity_openssl_port + do_wolfssl_client + + # Kill the dedicated server + kill "$integrity_openssl_pid" 2>/dev/null + + open_temp_cases_total=$((open_temp_cases_total + 1)) + port=$ecdsa_wolfssl_port + do_openssl_client + fi + tls13_cipher= + tls13_integrity_only= + continue + fi # RSA - if [ $openssl_pid != $no_pid -a "$ecdhe_avail" = "yes" ] + if [ "$openssl_pid" != "$no_pid" ] && [ "$ecdhe_avail" = "yes" ] then cert="${CERT_DIR}/client-cert.pem" key="${CERT_DIR}/client-key.pem" @@ -1143,7 +1262,7 @@ do_openssl_client fi # PSK - if [ "$wolf_psk" != "" -a $wolfSuite = "TLS13-AES128-GCM-SHA256" -a "$wolf_ecc" != "" -a $openssl_nodhe != "" ] + if [ "$wolf_psk" != "" ] && [ "$wolfSuite" = "TLS13-AES128-GCM-SHA256" ] && [ "$wolf_ecc" != "" ] && [ "$openssl_nodhe" != "" ] then cert="" key="" @@ -1171,7 +1290,7 @@ openssl_psk="" fi # ECDSA - if [ $ecdsa_openssl_pid != $no_pid -a "$wolf_ecc" != "" ] + if [ "$ecdsa_openssl_pid" != "$no_pid" ] && [ "$wolf_ecc" != "" ] then cert="${CERT_DIR}/client-ecc-cert.pem" key="${CERT_DIR}/ecc-client-key.pem" @@ -1247,7 +1366,7 @@ IFS="$OIFS" #restore separator # Skip RSA-PSS interop test when RSA-PSS is not supported -if [ "$wolf_rsapss" != "" -a "$ecdhe_avail" = "yes" -a "$wolf_rsa" = "yes" ] +if [ "$wolf_rsapss" != "" ] && [ "$ecdhe_avail" = "yes" ] && [ "$wolf_rsa" = "yes" ] then # Test for RSA-PSS certs interop # Was running into alert sent by openssl server with version 1.1.1 released diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/openssl_srtp.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl_srtp.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/openssl_srtp.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/openssl_srtp.test 2026-05-24 09:58:33.000000000 +0000 @@ -14,19 +14,55 @@ WOLFSSL_CLIENT=${WOLFSSL_CLIENT:="./examples/client/client"} # need a unique port since may run the same time as testsuite +# Track ports already assigned in this script run to prevent intra-run collisions +used_ports=() + generate_port() { #-------------------------------------------------------------------------# - # Generate a random port number + # Generate a random port number, guaranteed unique within this script run. + # Checks both the intra-run used_ports list and system-level bound ports. #-------------------------------------------------------------------------# + local attempts=0 collision p - if [[ "$OSTYPE" == "linux"* ]]; then - port=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) - elif [[ "$OSTYPE" == "darwin"* ]]; then - port=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) - else - echo "Unknown OS TYPE" - exit 1 - fi + while true; do + if [[ "$OSTYPE" == "linux"* ]]; then + p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "Unknown OS TYPE" + exit 1 + fi + + # Check against ports already assigned in this run + collision=0 + for up in "${used_ports[@]}"; do + if [ "$up" = "$p" ]; then + collision=1 + break + fi + done + + # Also check if the port is already bound on this system + if [ "$collision" -eq 0 ]; then + if command -v ss &>/dev/null; then + ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + elif command -v netstat &>/dev/null; then + netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + fi + fi + + [ "$collision" -eq 0 ] && break + + attempts=$((attempts + 1)) + if [ "$attempts" -ge 100 ]; then + echo "ERROR: generate_port could not find a free port after 100 attempts" + exit 1 + fi + done + + port=$p + used_ports+=("$p") } # get size of key material based on the profile @@ -75,13 +111,13 @@ (sleep 1;echo -n "I hear you fa shizzle...") | \ ${OPENSSL} s_server \ -${dtls_version} \ - -port ${server_port} \ + -port "${server_port}" \ -debug \ - -use_srtp ${srtp_profile} \ + -use_srtp "${srtp_profile}" \ -keymatexport EXTRACTOR-dtls_srtp \ - -keymatexportlen $ekm_size \ + -keymatexportlen "$ekm_size" \ -cert ./certs/server-cert.pem \ - -key ./certs/server-key.pem >$server_output_file & + -key ./certs/server-key.pem >"$server_output_file" & # make sure the server is up sleep 0.1 @@ -103,16 +139,16 @@ ${WOLFSSL_CLIENT} -u\ -x \ -v${dtls_version} \ - --srtp ${srtp_profile} \ - -p${server_port} >$client_output_file + --srtp "${srtp_profile}" \ + -p${server_port} >"$client_output_file" } # $1 openssl file # $2 wolfssl file check_ekm() { - openssl_ekm=$(cat "$1" | grep "Keying material: " | cut -d ':' -f 2) + openssl_ekm=$(grep "Keying material: " < "$1" | cut -d ':' -f 2) echo "OPENSSL EKM: $openssl_ekm" - wolfssl_ekm=$(cat "$2" | grep "DTLS SRTP: Exported key material: " | cut -d ':' -f 3) + wolfssl_ekm=$(grep "DTLS SRTP: Exported key material: " < "$2" | cut -d ':' -f 3) echo "WOLFSSL EKM: $wolfssl_ekm" if [ "$openssl_ekm" = "$wolfssl_ekm" ];then @@ -125,11 +161,11 @@ # $1 dtsl version # $2 srtp profile check_dtls_srtp() { - start_openssl_server $1 $2 - start_wolfssl_client $1 $2 - check_ekm $server_output_file $client_output_file + start_openssl_server "$1" "$2" + start_wolfssl_client "$1" "$2" + check_ekm "$server_output_file" "$client_output_file" echo -n "check dtls $1 $2... " - if [ $check_ret -ne 0 ];then + if [ "$check_ret" -ne 0 ];then echo "failed" exit 1 else @@ -145,6 +181,6 @@ for DTLS in 1.0 1.2;do for SRTP_PROF in $PROFILES;do - check_dtls_srtp $DTLS $SRTP_PROF + check_dtls_srtp "$DTLS" "$SRTP_PROF" done done diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/pkcallbacks.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/pkcallbacks.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/pkcallbacks.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/pkcallbacks.test 2026-05-24 09:58:33.000000000 +0000 @@ -2,6 +2,19 @@ #pkcallbacks.test +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping pkcallbacks.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping pkcallbacks.test because server not compiled in.' 1>&2 + exit 77 +fi + # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/psk.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/psk.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/psk.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/psk.test 2026-05-24 09:58:33.000000000 +0000 @@ -88,6 +88,10 @@ if [ $? -eq 0 ]; then exit 0 fi +./examples/client/client '-?' 2>&1 | grep -- 'Disable client cert/key loading' +if [ $? -eq 0 ]; then + CLIENT_AUTH_ENABLED=1 +fi # Usual psk server / psk client. This use case is tested in # tests/unit.test and is used here for just checking if PSK is enabled @@ -144,19 +148,21 @@ fi echo "" - # check fail if no auth, psk server with non psk client - echo "Checking fail when not sending peer cert" - port=0 - ./examples/server/server -j -R "$ready_file" -p $port & - server_pid=$! - create_port - ./examples/client/client -x -p $port - RESULT=$? - remove_ready_file - if [ $RESULT -eq 0 ]; then - echo -e "\n\nClient connected when supposed to fail" - do_cleanup - exit 1 + if [ "$CLIENT_AUTH_ENABLED" != "" ]; then + # check fail if no auth, psk server with non psk client + echo "Checking fail when not sending peer cert" + port=0 + ./examples/server/server -j -R "$ready_file" -p $port & + server_pid=$! + create_port + ./examples/client/client -x -p $port + RESULT=$? + remove_ready_file + if [ $RESULT -eq 0 ]; then + echo -e "\n\nClient connected when supposed to fail" + do_cleanup + exit 1 + fi fi fi diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/rsapss.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/rsapss.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/rsapss.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/rsapss.test 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,141 @@ +#!/usr/bin/env bash + +# rsapss.test + +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping rsapss.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping rsapss.test because server not compiled in.' 1>&2 + exit 77 +fi + +if ! ./examples/client/client -V | grep -q 4; then + echo "skipping because TLS 1.3 not enabled in this build" + exit 0 +fi +if ! grep -q -- -DWC_RSA_PSS config.log 2>/dev/null; then + echo "skipping because WC_RSA_PSS not enabled in this build" + exit 0 +fi +if ! grep -q -- '-DHAVE_ECC\>' config.log 2>/dev/null; then + echo "skipping because HAVE_ECC not enabled in this build" + exit 0 +fi +if grep -q -- '-DNO_CODING' config.log 2>/dev/null; then + echo "skipping because NO_CODING is defined in this build" + exit 0 +fi + +CERT_DIR="$PWD/$(dirname "$0")/../certs" +if [ "$OPENSSL" = "" ]; then + OPENSSL=openssl +fi + +# if we can, isolate the network namespace to eliminate port collisions. +if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then + if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then + export NETWORK_UNSHARE_HELPER_CALLED=yes + exec "$NETWORK_UNSHARE_HELPER" "$0" "$@" || exit $? + fi +elif [ "${AM_BWRAPPED-}" != "yes" ]; then + bwrap_path="$(command -v bwrap)" + if [ -n "$bwrap_path" ]; then + export AM_BWRAPPED=yes + exec "$bwrap_path" --unshare-net --dev-bind / / "$0" "$@" + fi + unset AM_BWRAPPED +fi + +# need a unique port since may run the same time as testsuite +# Track ports already assigned in this script run to prevent intra-run collisions +used_ports=() + +generate_port() { + #-------------------------------------------------------------------------# + # Generate a random port number, guaranteed unique within this script run. + # Checks both the intra-run used_ports list and system-level bound ports. + #-------------------------------------------------------------------------# + local attempts=0 collision p + + while true; do + if [[ "$OSTYPE" == "linux"* ]]; then + p=$(($(od -An -N2 /dev/urandom) % (65535-49512) + 49512)) + elif [[ "$OSTYPE" == "darwin"* ]]; then + p=$(($(od -An -N2 /dev/random) % (65535-49512) + 49512)) + else + echo "skipping due to unsupported OS" + exit 0 + fi + + # Check against ports already assigned in this run + collision=0 + for up in "${used_ports[@]}"; do + if [ "$up" = "$p" ]; then + collision=1 + break + fi + done + + # Also check if the port is already bound on this system + if [ "$collision" -eq 0 ]; then + if command -v ss &>/dev/null; then + ss -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + elif command -v netstat &>/dev/null; then + netstat -lnt 2>/dev/null | grep -q ":${p}[[:space:]]" && collision=1 + fi + fi + + [ "$collision" -eq 0 ] && break + + ((attempts++)) + if [ "$attempts" -ge 100 ]; then + echo "ERROR: generate_port could not find a free port after 100 attempts" + exit 1 + fi + done + + port=$p + used_ports+=("$p") +} + +WOLFSSL_SERVER=./examples/server/server + +start_wolfssl_server() { + generate_port + server_port=$port + $WOLFSSL_SERVER -p "$server_port" -v 4 -c "$CERT_DIR"/rsapss/server-rsapss.pem -k "$CERT_DIR"/rsapss/server-rsapss-priv.pem -A "$CERT_DIR"/rsapss/root-rsapss.pem -d & +} + +# +# Run OpenSSL client against wolfSSL server +# +do_openssl_client() { + echo "test connection" | $OPENSSL s_client -connect 127.0.0.1:"$server_port" -cert "$CERT_DIR"/rsapss/client-rsapss.pem -key "$CERT_DIR"/rsapss/client-rsapss-priv.pem -CAfile "$CERT_DIR"/rsapss/root-rsapss.pem > rsapss.test.log + result=$? + cat rsapss.test.log + if [ "$result" != 0 ] + then + echo "$OPENSSL s_client command failed" + exit 1 + fi + grep -q "Peer signature type:.*rsa_pss_rsae_sha256" rsapss.test.log + result=$? + rm -f rsapss.test.log + if [ "$result" == 0 ] + then + echo "Test failed: Peer signature type identified as rsa_pss_rsae_sha256" + exit 1 + fi +} + +start_wolfssl_server +sleep 1 +do_openssl_client +echo -e "\nSuccess!\n\n" +exit 0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/trusted_peer.test mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/trusted_peer.test --- mariadb-11.8.6/extra/wolfssl/wolfssl/scripts/trusted_peer.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/scripts/trusted_peer.test 2026-05-24 09:58:33.000000000 +0000 @@ -3,6 +3,19 @@ # trusted_peer.test # copyright wolfSSL 2016 +[ ! -x ./examples/client/client ] && printf '\n\n%s\n' "Client doesn't exist" \ + && exit 1 + +if ./examples/client/client -? 2>&1 | grep "Client not compiled in!" ; then + echo 'skipping trusted_peer.test because client not compiled in.' 1>&2 + exit 77 +fi + +if ./examples/server/server -? 2>&1 | grep "Server not compiled in!" ; then + echo 'skipping trusted_peer.test because server not compiled in.' 1>&2 + exit 77 +fi + # if we can, isolate the network namespace to eliminate port collisions. if [[ -n "$NETWORK_UNSHARE_HELPER" ]]; then if [[ -z "$NETWORK_UNSHARE_HELPER_CALLED" ]]; then diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/bio.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/bio.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/bio.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/bio.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1303,6 +1303,13 @@ return 0; } + if (bio->method != NULL && bio->method->ctrlCb != NULL) { + long ret; + WOLFSSL_MSG("Calling custom BIO ctrl pending callback"); + ret = bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_PENDING, 0, NULL); + return (ret < 0) ? 0 : (size_t)ret; + } + if (bio->type == WOLFSSL_BIO_MD || bio->type == WOLFSSL_BIO_BASE64) { /* these are wrappers only, get next bio */ @@ -1713,6 +1720,11 @@ return WOLFSSL_BIO_ERROR; } + if (bio->method != NULL && bio->method->ctrlCb != NULL) { + WOLFSSL_MSG("Calling custom BIO reset callback"); + return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_RESET, 0, NULL); + } + switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: @@ -1938,6 +1950,8 @@ len = BAD_FUNC_ARG; if (len == 0) { len = wolfssl_file_len(file, &memSz); + if (len == WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)) + len = 0; } if (len == 0) { len = (int)memSz; @@ -2014,6 +2028,13 @@ return NULL; } +void wolfSSL_BIO_set_init(WOLFSSL_BIO* bio, int init) +{ + WOLFSSL_ENTER("wolfSSL_BIO_set_init"); + if (bio != NULL) + bio->init = (byte)(init != 0); +} + /* If flag is 0 then blocking is set, if 1 then non blocking. * Always returns WOLFSSL_SUCCESS. */ @@ -2182,7 +2203,10 @@ if (bio == NULL) return WOLFSSL_FATAL_ERROR; - + if (bio->method != NULL && bio->method->ctrlCb != NULL) { + WOLFSSL_MSG("Calling custom BIO get mem data callback"); + return (int)bio->method->ctrlCb(bio, WOLFSSL_BIO_CTRL_INFO, 0, p); + } mem_bio = bio; /* Return pointer from last memory BIO in chain */ while (bio->next) { @@ -2644,7 +2668,7 @@ if (b->ptr.ssl != NULL) { int rc = wolfSSL_shutdown(b->ptr.ssl); - if (rc == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (rc == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ wolfSSL_shutdown(b->ptr.ssl); @@ -3618,15 +3642,6 @@ #ifdef OPENSSL_ALL -#ifndef NO_WOLFSSL_STUB -void wolfSSL_BIO_set_init(WOLFSSL_BIO* bio, int init) -{ - WOLFSSL_STUB("wolfSSL_BIO_set_init"); - (void)bio; - (void)init; -} -#endif /* NO_WOLFSSL_STUB */ - void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO* bio, int shut) { WOLFSSL_ENTER("wolfSSL_BIO_set_shutdown"); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/conf.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/conf.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/conf.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/conf.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* conf.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,7 +98,7 @@ if (*idx == '#') continue; *lineEnd = '\0'; - strBuf = (char*)XMALLOC(fieldsSz + lineEnd - idx + 1, NULL, + strBuf = (char*)XMALLOC(fieldsSz + (lineEnd - idx) + 1, NULL, DYNAMIC_TYPE_OPENSSL); if (!strBuf) { WOLFSSL_MSG("malloc error"); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/crl.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/crl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/crl.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/crl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,6 +40,11 @@ #include #include #include +#include +#include +#if defined(OPENSSL_EXTRA) +#include +#endif #ifndef NO_STRING_H #include @@ -91,11 +96,43 @@ (void)ret; } #endif +#if defined(OPENSSL_EXTRA) + crl->revokedStack = NULL; +#endif return 0; } +#ifdef CRL_STATIC_REVOKED_LIST +/* Compare two RevokedCert entries by (serialSz, serialNumber) for sorting. + * Returns < 0, 0, or > 0 like memcmp. */ +static int CompareRevokedCert(const RevokedCert* a, const RevokedCert* b) +{ + if (a->serialSz != b->serialSz) + return a->serialSz - b->serialSz; + return XMEMCMP(a->serialNumber, b->serialNumber, (size_t)a->serialSz); +} + +/* Sort revoked cert array in-place using insertion sort. The array is bounded + * by CRL_MAX_REVOKED_CERTS so O(n^2) is fine. */ +static void SortCRL_CertList(RevokedCert* certs, int totalCerts) +{ + int i, j; + RevokedCert tmp; + + for (i = 1; i < totalCerts; i++) { + XMEMCPY(&tmp, &certs[i], sizeof(RevokedCert)); + j = i - 1; + while (j >= 0 && CompareRevokedCert(&certs[j], &tmp) > 0) { + XMEMCPY(&certs[j + 1], &certs[j], sizeof(RevokedCert)); + j--; + } + XMEMCPY(&certs[j + 1], &tmp, sizeof(RevokedCert)); + } +} +#endif /* CRL_STATIC_REVOKED_LIST */ + /* Initialize CRL Entry */ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, int verified, void* heap) @@ -130,15 +167,18 @@ #endif #ifdef CRL_STATIC_REVOKED_LIST /* ParseCRL_CertList() has already cached the Revoked certs into - the crle->certs array */ + the crle->certs array. Sort it so binary search in + FindRevokedSerial works correctly. */ + crle->totalCerts = dcrl->totalCerts; + SortCRL_CertList(crle->certs, crle->totalCerts); #else crle->certs = dcrl->certs; /* take ownership */ + crle->totalCerts = dcrl->totalCerts; #endif dcrl->certs = NULL; - crle->totalCerts = dcrl->totalCerts; crle->crlNumberSet = dcrl->crlNumberSet; if (crle->crlNumberSet) { - XMEMCPY(crle->crlNumber, dcrl->crlNumber, CRL_MAX_NUM_SZ); + XMEMCPY(crle->crlNumber, dcrl->crlNumber, sizeof(crle->crlNumber)); } crle->verified = verified; if (!verified) { @@ -216,6 +256,14 @@ return; } #ifdef CRL_STATIC_REVOKED_LIST +#if defined(OPENSSL_EXTRA) + { + int i; + for (i = 0; i < CRL_MAX_REVOKED_CERTS; i++) { + XFREE(crle->certs[i].extensions, heap, DYNAMIC_TYPE_REVOKED); + } + } +#endif XMEMSET(crle->certs, 0, CRL_MAX_REVOKED_CERTS*sizeof(RevokedCert)); #else { @@ -224,6 +272,9 @@ for (tmp = crle->certs; tmp != NULL; tmp = next) { next = tmp->next; +#if defined(OPENSSL_EXTRA) + XFREE(tmp->extensions, heap, DYNAMIC_TYPE_REVOKED); +#endif XFREE(tmp, heap, DYNAMIC_TYPE_REVOKED); } @@ -278,6 +329,12 @@ XFREE(crl->monitors[1].path, crl->heap, DYNAMIC_TYPE_CRL_MONITOR); #endif +#if defined(OPENSSL_EXTRA) + if (crl->revokedStack != NULL) { + wolfSSL_sk_pop_free(crl->revokedStack, NULL); + crl->revokedStack = NULL; + } +#endif XFREE(crl->currentEntry, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); crl->currentEntry = NULL; while(tmp) { @@ -311,25 +368,52 @@ int ret = 0; byte hash[SIGNER_DIGEST_SIZE]; #ifdef CRL_STATIC_REVOKED_LIST - /* do binary search */ - int low, high, mid; - - low = 0; - high = totalCerts - 1; - - while (low <= high) { - mid = (low + high) / 2; + if (serialHash == NULL) { + /* Binary search by (serialSz, serialNumber). The array was sorted in + * InitCRL_Entry by the same comparison key. */ + int low = 0; + int high = totalCerts - 1; + + while (low <= high) { + int mid = (low + high) / 2; + int cmp; + + /* Compare by serial size first, then by serial content. Shorter + * serials sort before longer ones. */ + if (rc[mid].serialSz != serialSz) { + cmp = rc[mid].serialSz - serialSz; + } + else { + cmp = XMEMCMP(rc[mid].serialNumber, serial, + (size_t)rc[mid].serialSz); + } - if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) < 0) { - low = mid + 1; - } - else if (XMEMCMP(rc[mid].serialNumber, serial, rc->serialSz) > 0) { - high = mid - 1; + if (cmp < 0) { + low = mid + 1; + } + else if (cmp > 0) { + high = mid - 1; + } + else { + WOLFSSL_MSG("Cert revoked"); + ret = CRL_CERT_REVOKED; + break; + } } - else { - WOLFSSL_MSG("Cert revoked"); - ret = CRL_CERT_REVOKED; - break; + } + else { + /* Hash-based lookup -- linear scan required since the array is sorted + * by serial number, not by hash. */ + int i; + for (i = 0; i < totalCerts; i++) { + ret = CalcHashId(rc[i].serialNumber, (word32)rc[i].serialSz, hash); + if (ret != 0) + break; + if (XMEMCMP(hash, serialHash, SIGNER_DIGEST_SIZE) == 0) { + WOLFSSL_MSG("Cert revoked"); + ret = CRL_CERT_REVOKED; + break; + } } } #else @@ -446,7 +530,8 @@ #endif { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) - if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) { + if (!XVALIDATE_DATE(crle->nextDate, crle->nextDateFormat, + ASN_AFTER, MAX_DATE_SIZE)) { WOLFSSL_MSG("CRL next date is no longer valid"); nextDateValid = 0; } @@ -506,7 +591,7 @@ if (cbRet == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { ret = OCSP_WANT_READ; } - else if (ret >= 0) { + else if (cbRet >= 0) { /* try again */ ret = CheckCertCRLList(crl, issuerHash, serial, serialSz, serialHash, &foundEntry); @@ -518,7 +603,8 @@ #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ - !defined(NO_STDIO_FILESYSTEM) + !defined(NO_STDIO_FILESYSTEM) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) /* if not find entry in the CRL list, it looks at the folder that sets */ /* by LOOKUP_ctrl because user would want to use hash_dir. */ /* Loading .rN form CRL file if find at the folder, */ @@ -596,7 +682,7 @@ info->nextDateFormat = entry->nextDateFormat; info->crlNumberSet = entry->crlNumberSet; if (info->crlNumberSet) - XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ); + XMEMCPY(info->crlNumber, entry->crlNumber, sizeof(entry->crlNumber)); } static void SetCrlInfoFromDecoded(DecodedCRL* entry, CrlInfo *info) @@ -611,7 +697,7 @@ info->nextDateFormat = entry->nextDateFormat; info->crlNumberSet = entry->crlNumberSet; if (info->crlNumberSet) - XMEMCPY(info->crlNumber, entry->crlNumber, CRL_MAX_NUM_SZ); + XMEMCPY(info->crlNumber, entry->crlNumber, sizeof(entry->crlNumber)); } #endif @@ -621,14 +707,14 @@ static int CompareCRLnumber(CRL_Entry* prev, CRL_Entry* curr) { int ret = 0; - DECL_MP_INT_SIZE_DYN(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT, - CRL_MAX_NUM_SZ * CHAR_BIT); - DECL_MP_INT_SIZE_DYN(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT, - CRL_MAX_NUM_SZ * CHAR_BIT); + DECL_MP_INT_SIZE_DYN(prev_num, CRL_MAX_NUM_SZ_BITS, + CRL_MAX_NUM_SZ_BITS); + DECL_MP_INT_SIZE_DYN(curr_num, CRL_MAX_NUM_SZ_BITS, + CRL_MAX_NUM_SZ_BITS); - NEW_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + NEW_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ_BITS, NULL, DYNAMIC_TYPE_TMP_BUFFER); - NEW_MP_INT_SIZE(curr_num, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + NEW_MP_INT_SIZE(curr_num, CRL_MAX_NUM_SZ_BITS, NULL, DYNAMIC_TYPE_TMP_BUFFER); #ifdef MP_INT_SIZE_CHECK_NULL if ((prev_num == NULL) || (curr_num == NULL)) { @@ -636,9 +722,9 @@ } #endif - if (ret == 0 && ((INIT_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ * CHAR_BIT) + if (ret == 0 && ((INIT_MP_INT_SIZE(prev_num, CRL_MAX_NUM_SZ_BITS) != MP_OKAY) || (INIT_MP_INT_SIZE(curr_num, - CRL_MAX_NUM_SZ * CHAR_BIT)) != MP_OKAY)) { + CRL_MAX_NUM_SZ_BITS)) != MP_OKAY)) { ret = MP_INIT_E; } @@ -658,11 +744,10 @@ return ret; } -/* Add Decoded CRL, 0 on success */ -static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, - int verified) +/* Add or replace a decoded CRL, 0 on success */ +static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, CRL_Entry* crle, + const byte* buff, int verified) { - CRL_Entry* crle = NULL; CRL_Entry* curr = NULL; CRL_Entry* prev = NULL; #ifdef HAVE_CRL_UPDATE_CB @@ -676,25 +761,13 @@ if (crl == NULL) return WOLFSSL_FATAL_ERROR; - crle = crl->currentEntry; - - if (crle == NULL) { - crle = CRL_Entry_new(crl->heap); - if (crle == NULL) { - WOLFSSL_MSG("alloc CRL Entry failed"); - return MEMORY_E; - } - } - if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) { WOLFSSL_MSG("Init CRL Entry failed"); - CRL_Entry_free(crle, crl->heap); return WOLFSSL_FATAL_ERROR; } if (wc_LockRwLock_Wr(&crl->crlLock) != 0) { WOLFSSL_MSG("wc_LockRwLock_Wr failed"); - CRL_Entry_free(crle, crl->heap); return BAD_MUTEX_E; } @@ -705,15 +778,16 @@ * authoritative than the existing entry */ if (ret == MP_LT || ret == MP_EQ) { WOLFSSL_MSG("Same or newer CRL entry already exists"); - CRL_Entry_free(crle, crl->heap); wc_UnLockRwLock(&crl->crlLock); - return BAD_FUNC_ARG; + return DUPE_ENTRY_E; } else if (ret < 0) { WOLFSSL_MSG("Error comparing CRL Numbers"); + wc_UnLockRwLock(&crl->crlLock); return ret; } + /* Insert the new entry after the current entry. */ crle->next = curr->next; if (prev != NULL) { prev->next = crle; @@ -730,22 +804,21 @@ } #endif + /* Remove the current entry which was replaced */ + CRL_Entry_free(curr, crl->heap); + break; } prev = curr; } - if (curr != NULL) { - CRL_Entry_free(curr, crl->heap); - } - else { + if (curr == NULL) { + /* No replacement occurred, prepend the new entry. */ crle->next = crl->crlList; crl->crlList = crle; } - wc_UnLockRwLock(&crl->crlLock); - /* Avoid heap-use-after-free after crl->crlList is released */ - crl->currentEntry = NULL; + wc_UnLockRwLock(&crl->crlLock); return 0; } @@ -809,12 +882,14 @@ crl->currentEntry = NULL; } else { - ret = AddCRL(crl, dcrl, myBuffer, + ret = AddCRL(crl, dcrl, crl->currentEntry, myBuffer, ret != WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); if (ret != 0) { WOLFSSL_MSG_CERT_LOG("AddCRL error"); - crl->currentEntry = NULL; + CRL_Entry_free(crl->currentEntry, crl->heap); } + /* Entry now is in the list, or has been freed due to error */ + crl->currentEntry = NULL; } FreeDecodedCRL(dcrl); @@ -826,6 +901,252 @@ return ret ? ret : WOLFSSL_SUCCESS; /* convert 0 to WOLFSSL_SUCCESS */ } +/* Store CRL into a buffer in DER or PEM format. + * If buff is NULL, updates inOutSz with required size and returns success. + * Returns WOLFSSL_SUCCESS on success, negative on failure. + */ +int BufferStoreCRL(WOLFSSL_CRL* crl, byte* buff, long* inOutSz, int type) +{ + int ret = 0; + CRL_Entry* ent = NULL; + const byte* tbs = NULL; + word32 tbsSz = 0; + const byte* sig = NULL; + word32 sigSz = 0; + word32 sigOID = 0; +#ifdef WC_RSA_PSS + const byte* sigParams = NULL; + word32 sigParamsSz = 0; +#endif + word32 algoLen = 0; + word32 bitHdrLen = 0; + word32 totalContentLen = 0; + word32 outerHdrLen = 0; + word32 derNeeded = 0; + long outSz = 0; + + WOLFSSL_ENTER("BufferStoreCRL"); + + if (crl == NULL || inOutSz == NULL) { + return BAD_FUNC_ARG; + } + + outSz = *inOutSz; + + /* Access the first CRL entry. Lock is held until encoding is complete + * to prevent the entry from being freed by another thread. */ + if (wc_LockRwLock_Rd(&crl->crlLock) != 0) { + WOLFSSL_MSG("wc_LockRwLock_Rd failed"); + return BAD_MUTEX_E; + } + ent = crl->crlList; + if (ent != NULL) { + tbs = ent->toBeSigned; + tbsSz = ent->tbsSz; + sig = ent->signature; + sigSz = ent->signatureSz; + sigOID = ent->signatureOID; +#ifdef WC_RSA_PSS + sigParams = ent->sigParams; + sigParamsSz = ent->sigParamsSz; +#endif + } + + if (ent == NULL || tbs == NULL || tbsSz == 0 || sig == NULL || sigSz == 0) { + WOLFSSL_MSG("CRL entry missing toBeSigned/signature data"); + ret = BAD_FUNC_ARG; + } + + /* Calculate encoded lengths for AlgorithmIdentifier. */ + if (ret == 0) { +#ifdef WC_RSA_PSS + if (sigParams != NULL && sigParamsSz > 0) { + /* OID + explicit parameters inside SEQUENCE */ + word32 oidSz = 0; + word32 idLen; + const byte* oid = OidFromId(sigOID, oidSigType, &oidSz); + if (oid == NULL) { + WOLFSSL_MSG("Unknown signature OID for CRL"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* OBJECT IDENTIFIER header */ + idLen = (word32)SetObjectId((int)oidSz, NULL); + algoLen = SetSequence(idLen + oidSz + sigParamsSz, NULL) + + idLen + oidSz + sigParamsSz; + } + } + else +#endif + { + algoLen = SetAlgoID((int)sigOID, NULL, oidSigType, 0); + if (algoLen == 0) { + WOLFSSL_MSG("SetAlgoID failed"); + ret = WOLFSSL_FATAL_ERROR; + } + } + } + + if (ret == 0) { + /* BIT STRING header for signature */ + bitHdrLen = SetBitString(sigSz, 0, NULL); + + /* Compute total DER size. */ + totalContentLen = tbsSz + algoLen + bitHdrLen + sigSz; + outerHdrLen = SetSequence(totalContentLen, NULL); + derNeeded = outerHdrLen + totalContentLen; + } + + if (ret == 0 && type == WOLFSSL_FILETYPE_ASN1) { + if (buff == NULL) { + *inOutSz = (long)derNeeded; + ret = WOLFSSL_SUCCESS; + } + else if ((long)derNeeded > outSz) { + WOLFSSL_MSG("Output buffer too small for DER CRL"); + ret = BUFFER_E; + } + else { + /* Encode DER CRL directly into caller buffer. */ + word32 pos = 0; +#ifdef WC_RSA_PSS + word32 oidSz = 0; + const byte* oid = NULL; +#endif + /* Outer SEQUENCE header */ + pos += SetSequence(totalContentLen, buff + pos); + /* tbsCertList */ + XMEMCPY(buff + pos, tbs, tbsSz); + pos += tbsSz; + + /* signatureAlgorithm AlgorithmIdentifier */ +#ifdef WC_RSA_PSS + if (sigParams != NULL && sigParamsSz > 0) { + /* Lookup OID bytes for signature algorithm. */ + oid = OidFromId(sigOID, oidSigType, &oidSz); + if (oid == NULL) { + WOLFSSL_MSG("Unknown signature OID for CRL"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* SEQUENCE header for AlgorithmIdentifier */ + pos += SetSequence((word32)SetObjectId((int)oidSz, NULL) + + oidSz + sigParamsSz, buff + pos); + /* OBJECT IDENTIFIER header and content */ + pos += (word32)SetObjectId((int)oidSz, buff + pos); + XMEMCPY(buff + pos, oid, oidSz); + pos += oidSz; + /* Parameters as captured (already DER encoded) */ + XMEMCPY(buff + pos, sigParams, sigParamsSz); + pos += sigParamsSz; + } + } + else +#endif + { + pos += SetAlgoID((int)sigOID, buff + pos, oidSigType, 0); + } + +#ifdef WC_RSA_PSS + if (ret == 0) +#endif + { + /* signature BIT STRING and bytes */ + pos += SetBitString(sigSz, 0, buff + pos); + XMEMCPY(buff + pos, sig, sigSz); + + *inOutSz = (long)derNeeded; + ret = WOLFSSL_SUCCESS; + } + (void)pos; /* pos not used after this point */ + } + } +#ifdef WOLFSSL_DER_TO_PEM + else if (ret == 0 && type == WOLFSSL_FILETYPE_PEM) { + byte* derTmp = NULL; + int pemSz; + /* Build DER first in a temporary buffer. */ + derTmp = (byte*)XMALLOC(derNeeded, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derTmp == NULL) { + ret = MEMORY_E; + } + + if (ret == 0) { + /* Encode DER CRL into temporary buffer. */ + word32 pos = 0; +#ifdef WC_RSA_PSS + word32 oidSz = 0; + const byte* oid = NULL; +#endif + pos += SetSequence(totalContentLen, derTmp + pos); + XMEMCPY(derTmp + pos, tbs, tbsSz); + pos += tbsSz; +#ifdef WC_RSA_PSS + if (sigParams != NULL && sigParamsSz > 0) { + oid = OidFromId(sigOID, oidSigType, &oidSz); + if (oid == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + pos += SetSequence((word32)SetObjectId((int)oidSz, NULL) + + oidSz + sigParamsSz, derTmp + pos); + pos += (word32)SetObjectId((int)oidSz, derTmp + pos); + XMEMCPY(derTmp + pos, oid, oidSz); + pos += oidSz; + XMEMCPY(derTmp + pos, sigParams, sigParamsSz); + pos += sigParamsSz; + } + } + else +#endif + { + pos += SetAlgoID((int)sigOID, derTmp + pos, oidSigType, 0); + } +#ifdef WC_RSA_PSS + if (ret == 0) +#endif + { + pos += SetBitString(sigSz, 0, derTmp + pos); + XMEMCPY(derTmp + pos, sig, sigSz); + } + (void)pos; /* pos not used after this point */ + } + + /* Determine required PEM size. */ + if (ret == 0) { + pemSz = wc_DerToPemEx(derTmp, derNeeded, NULL, 0, NULL, CRL_TYPE); + if (pemSz < 0) { + ret = WOLFSSL_FATAL_ERROR; + } + else if (buff == NULL) { + *inOutSz = pemSz; + ret = WOLFSSL_SUCCESS; + } + else if (outSz < pemSz) { + WOLFSSL_MSG("Output buffer too small for PEM CRL"); + ret = BUFFER_E; + } + else if (wc_DerToPemEx(derTmp, derNeeded, buff, (word32)pemSz, + NULL, CRL_TYPE) < 0) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + *inOutSz = pemSz; + ret = WOLFSSL_SUCCESS; + } + } + + XFREE(derTmp, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif /* WOLFSSL_DER_TO_PEM */ + else if (ret == 0) { + ret = BAD_FUNC_ARG; + } + + wc_UnLockRwLock(&crl->crlLock); + return ret; +} + #ifdef HAVE_CRL_UPDATE_CB /* Fill out CRL info structure, WOLFSSL_SUCCESS on ok */ int GetCRLInfo(WOLFSSL_CRL* crl, CrlInfo* info, const byte* buff, @@ -939,6 +1260,20 @@ XMEMCPY(tmp->revDate, current->revDate, MAX_DATE_SIZE); tmp->revDateFormat = current->revDateFormat; + tmp->reasonCode = current->reasonCode; +#if defined(OPENSSL_EXTRA) + tmp->extensions = NULL; + tmp->extensionsSz = 0; + if (current->extensions != NULL && current->extensionsSz > 0) { + tmp->extensions = (byte*)XMALLOC(current->extensionsSz, heap, + DYNAMIC_TYPE_REVOKED); + if (tmp->extensions != NULL) { + XMEMCPY(tmp->extensions, current->extensions, + current->extensionsSz); + tmp->extensionsSz = current->extensionsSz; + } + } +#endif tmp->next = NULL; if (prev != NULL) prev->next = tmp; @@ -952,6 +1287,9 @@ while (head != NULL) { current = head; head = head->next; +#if defined(OPENSSL_EXTRA) + XFREE(current->extensions, heap, DYNAMIC_TYPE_REVOKED); +#endif XFREE(current, heap, DYNAMIC_TYPE_REVOKED); } return NULL; @@ -1136,6 +1474,28 @@ return ret; } +#ifdef OPENSSL_ALL +int wolfSSL_X509_CRL_up_ref(WOLFSSL_X509_CRL* crl) +{ + int ret; + + if (crl == NULL) + return WOLFSSL_FAILURE; + + wolfSSL_RefInc(&crl->ref, &ret); +#ifdef WOLFSSL_REFCNT_ERROR_RETURN + if (ret != 0) { + WOLFSSL_MSG("Failed to lock x509 mutex"); + return WOLFSSL_FAILURE; + } +#else + (void)ret; +#endif + + return WOLFSSL_SUCCESS; +} +#endif + /* returns WOLFSSL_SUCCESS on success. Does not take ownership of newcrl */ int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *store, WOLFSSL_X509_CRL *newcrl) { @@ -1902,5 +2262,754 @@ } #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */ +#ifndef NO_FILESYSTEM +/* Store CRL to a file in DER or PEM format. + * Returns WOLFSSL_SUCCESS on success, negative on failure. + * @param [in] crl CRL object. + * @param [in] path Path to the file to store the CRL. + * @param [in] type Format of encoding. Valid values: + * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM. + * @return WOLFSSL_SUCCESS on success, or negative on failure. + */ +int StoreCRL(WOLFSSL_CRL* crl, const char* path, int type) +{ + XFILE fp = XBADFILE; + int ret = WOLFSSL_SUCCESS; + long sz = 0; + byte* mem = NULL; + + WOLFSSL_ENTER("StoreCRL"); + + if (crl == NULL || path == NULL) + return BAD_FUNC_ARG; + + /* Determine required size. */ + ret = BufferStoreCRL(crl, NULL, &sz, type); + if (ret != WOLFSSL_SUCCESS) { + return ret; + } + + /* Allocate temporary buffer. */ + mem = (byte*)XMALLOC((size_t)sz, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + return MEMORY_E; + } + + /* Encode CRL into buffer. */ + ret = BufferStoreCRL(crl, mem, &sz, type); + if (ret == WOLFSSL_SUCCESS) { + /* Open destination file for writing. */ + fp = XFOPEN(path, "wb"); + if (fp == XBADFILE) { + ret = WOLFSSL_BAD_FILE; + } + else { + size_t wrote = XFWRITE(mem, 1, (size_t)sz, fp); + if (wrote != (size_t)sz) { + WOLFSSL_MSG("CRL file write failed"); + ret = FWRITE_ERROR; + } + XFCLOSE(fp); + } + } + + XFREE(mem, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#else +int StoreCRL(WOLFSSL_CRL* crl, const char* file, int type) +{ + (void)crl; + (void)file; + (void)type; + return NOT_COMPILED_IN; +} +#endif /* NO_FILESYSTEM */ + +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) +/* Create a new empty CRL object for generation. + * Version is set to 2 by default. Use wolfSSL_X509_CRL_set_version() to + * change it. + * lastUpdate set to current time, nextUpdate set to 500 days from now. + * Returns a new CRL or NULL on failure. + */ +WOLFSSL_X509_CRL* wolfSSL_X509_CRL_new(void) +{ + WOLFSSL_X509_CRL* crl; + CRL_Entry* entry; + WOLFSSL_ASN1_TIME asnTime; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_new"); + + crl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, + DYNAMIC_TYPE_CRL); + if (crl == NULL) { + WOLFSSL_MSG("Memory allocation failed for CRL"); + return NULL; + } + + if (InitCRL(crl, NULL) < 0) { + WOLFSSL_MSG("Init CRL failed"); + XFREE(crl, NULL, DYNAMIC_TYPE_CRL); + return NULL; + } + + /* Allocate empty CRL entry for setting fields */ + entry = (CRL_Entry*)XMALLOC(sizeof(CRL_Entry), NULL, + DYNAMIC_TYPE_CRL_ENTRY); + if (entry == NULL) { + WOLFSSL_MSG("Memory allocation failed for CRL entry"); + FreeCRL(crl, 1); + return NULL; + } + XMEMSET(entry, 0, sizeof(CRL_Entry)); + + if (wc_InitMutex(&entry->verifyMutex) != 0) { + XFREE(entry, NULL, DYNAMIC_TYPE_CRL_ENTRY); + FreeCRL(crl, 1); + return NULL; + } + + crl->crlList = entry; + + /* Set thisUpdate to current time */ + if (wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 0, 0) == NULL) { + WOLFSSL_MSG("Failed to get current time"); + FreeCRL(crl, 1); + return NULL; + } + if (wolfSSL_X509_CRL_set_lastUpdate(crl, &asnTime) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set last update"); + FreeCRL(crl, 1); + return NULL; + } + + /* Set next update date to 500 days from now, + * following convention from wc_InitCert() */ + if (wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 500, 0) == NULL) { + WOLFSSL_MSG("Failed to get next update time"); + FreeCRL(crl, 1); + return NULL; + } + if (wolfSSL_X509_CRL_set_nextUpdate(crl, &asnTime) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set next update"); + FreeCRL(crl, 1); + return NULL; + } + + /* Set default version to v2 (required for extensions) */ + entry->version = 2; + + return crl; +} + +#ifdef WOLFSSL_CERT_GEN +/* Add a revoked certificate entry to CRL. + * crl: target CRL + * rev: revoked certificate entry (serial, date, reason, etc.) + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_CRL_add_revoked(WOLFSSL_X509_CRL* crl, + WOLFSSL_X509_REVOKED* rev) +{ + CRL_Entry* entry; + RevokedCert* rc; + RevokedCert* curr; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_add_revoked"); + + if (crl == NULL || rev == NULL || rev->serialNumber == NULL) { + return BAD_FUNC_ARG; + } + + if (rev->revocationDate != NULL && (rev->revocationDate->length <= 0 || + (unsigned)rev->revocationDate->length > sizeof(rc->revDate))) { + return BAD_FUNC_ARG; + } + + entry = crl->crlList; + if (entry == NULL) { + return BAD_FUNC_ARG; + } + + { + const byte* serial = rev->serialNumber->data; + int serialSz = rev->serialNumber->length; + int i; + int allZero = 1; + + if (serial == NULL || serialSz <= 0) { + return BAD_FUNC_ARG; + } + + if (serialSz > EXTERNAL_SERIAL_SIZE) { + return BAD_FUNC_ARG; + } + + /* All zero serial numbers are invalid per rfc5280 and not supported */ + for (i = 0; i < serialSz; i++) { + if (serial[i] != 0) { + allZero = 0; + break; + } + } + if (allZero) { + return BAD_FUNC_ARG; + } + + rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), crl->heap, + DYNAMIC_TYPE_REVOKED); + if (rc == NULL) { + return MEMORY_E; + } + XMEMSET(rc, 0, sizeof(RevokedCert)); + + XMEMCPY(rc->serialNumber, serial, (size_t)serialSz); + rc->serialSz = serialSz; + } + + /* Use caller-provided revocation date, or fall back to current time */ + if (rev->revocationDate != NULL && rev->revocationDate->length > 0) { + XMEMCPY(rc->revDate, rev->revocationDate->data, + (size_t)rev->revocationDate->length); + rc->revDateFormat = (byte)rev->revocationDate->type; + } + else { + WOLFSSL_ASN1_TIME revDate; + XMEMSET(&revDate, 0, sizeof(revDate)); + if (wolfSSL_ASN1_TIME_adj(&revDate, XTIME(NULL), 0, 0) == NULL) { + WOLFSSL_MSG("Failed to get current time"); + XFREE(rc, crl->heap, DYNAMIC_TYPE_REVOKED); + return BAD_STATE_E; + } + XMEMCPY(rc->revDate, revDate.data, revDate.length); + rc->revDateFormat = (byte)revDate.type; + } + + rc->reasonCode = rev->reason; + rc->next = NULL; + + /* Add to end of list */ + if (entry->certs == NULL) { + entry->certs = rc; + } + else { + for (curr = entry->certs; curr->next != NULL; curr = curr->next) + ; + curr->next = rc; + } + entry->totalCerts++; + + /* Invalidate cached STACK_OF(X509_REVOKED) since list changed */ + if (crl->revokedStack != NULL) { + wolfSSL_sk_pop_free(crl->revokedStack, NULL); + crl->revokedStack = NULL; + } + + WOLFSSL_LEAVE("wolfSSL_X509_CRL_add_revoked", WOLFSSL_SUCCESS); + return WOLFSSL_SUCCESS; +} + +/* Add a revoked certificate entry to CRL by parsing a certificate buffer. + * crl: target CRL + * certBuf: DER-encoded certificate buffer + * certSz: size of certificate buffer + * revDate: revocation date (ASN.1 format), or NULL for + * current time + * revDateFmt: date format (ASN_UTC_TIME or ASN_GENERALIZED_TIME), ignored if + * revDate is NULL + * Returns WOLFSSL_SUCCESS on success. + * Note: this function is only available when WOLFSSL_CERT_GEN is defined. + */ +int wolfSSL_X509_CRL_add_revoked_cert(WOLFSSL_X509_CRL* crl, + const unsigned char* certBuf, int certSz) +{ + int ret; + DecodedCert* cert = NULL; + WOLFSSL_X509_REVOKED revoked; + WOLFSSL_ASN1_INTEGER* serialInt = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_add_revoked_cert"); + + if (crl == NULL || certBuf == NULL || certSz <= 0) { + return BAD_FUNC_ARG; + } + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + return MEMORY_E; + } + + /* Initialize and parse the certificate */ + InitDecodedCert(cert, certBuf, (word32)certSz, NULL); + ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, NULL, NULL); + if (ret != 0) { + WOLFSSL_MSG("Failed to parse certificate"); + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + return ret; + } + + serialInt = wolfSSL_ASN1_INTEGER_new(); + if (serialInt == NULL) { + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + return MEMORY_E; + } + + if (cert->serialSz > WOLFSSL_ASN1_INTEGER_MAX) { + serialInt->data = (unsigned char*)XMALLOC(cert->serialSz, NULL, + DYNAMIC_TYPE_OPENSSL); + if (serialInt->data == NULL) { + wolfSSL_ASN1_INTEGER_free(serialInt); + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + return MEMORY_E; + } + serialInt->dataMax = (unsigned int)cert->serialSz; + serialInt->isDynamic = 1; + } + else { + serialInt->data = serialInt->intData; + serialInt->dataMax = WOLFSSL_ASN1_INTEGER_MAX; + } + + XMEMCPY(serialInt->data, cert->serial, cert->serialSz); + serialInt->length = cert->serialSz; + + XMEMSET(&revoked, 0, sizeof(revoked)); + revoked.serialNumber = serialInt; + revoked.reason = CRL_REASON_NONE; + + /* Add the revoked certificate entry */ + ret = wolfSSL_X509_CRL_add_revoked(crl, &revoked); + + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + wolfSSL_ASN1_INTEGER_free(serialInt); + + return ret; +} + +static int GetCrlSignBufSz(int tbsSz, int sigType, RsaKey* rsaKey, + ecc_key* eccKey) +{ + int sigSz = 0; + int ret; + byte sigDummy = 0; + + if (tbsSz <= 0) + return BAD_FUNC_ARG; + + (void)rsaKey; + (void)eccKey; +#ifndef NO_RSA + if (rsaKey != NULL) { + sigSz = wc_RsaEncryptSize(rsaKey); + } +#endif +#ifdef HAVE_ECC + if (sigSz <= 0 && eccKey != NULL) { + sigSz = wc_ecc_sig_size(eccKey); + } +#endif + if (sigSz <= 0) { + /* Fallback for unexpected key sizes */ + sigSz = 1024; + } + + /* Estimate total CRL size by asking AddSignature for the DER wrapper + * size (sequence + algo OID + BIT STRING headers). If it fails (e.g., + * unknown sigType), fall back to a conservative headroom of 64 bytes for + * those headers. This is defensive (size-estimate only); the real sign + * path will still report any unsupported sigType. */ + ret = AddSignature(NULL, tbsSz, &sigDummy, sigSz, sigType); + if (ret < 0) { + ret = tbsSz + sigSz + 64; + } + return ret; +} + +/* Sign a CRL with a private key, rebuilding TBS from fields. + * crl: CRL with fields set via setter functions + * pkey: private key for signing + * md: digest algorithm (e.g., EVP_sha256()) + * Note: only one entry is supported in the CRL list. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_CRL_sign(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_MD* md) +{ + int ret = WOLFSSL_SUCCESS; + CRL_Entry* entry; + byte* issuerDer = NULL; + int issuerSz = 0; + int sigType = 0; + int tbsSz = 0; + int totalSz = 0; + byte* buf = NULL; + int bufSz = 0; + RsaKey* rsaKey = NULL; + ecc_key* eccKey = NULL; + WC_RNG rng; + int rngInit = 0; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_sign"); + + if (crl == NULL || pkey == NULL || md == NULL) { + return BAD_FUNC_ARG; + } + + /* Fetch only the first entry in the CRL list */ + entry = crl->crlList; + if (entry == NULL) { + WOLFSSL_MSG("CRL has no entry"); + return BAD_FUNC_ARG; + } + + /* Determine signature type from digest and key type */ + if (ret == WOLFSSL_SUCCESS) { +#ifndef NO_RSA + if (pkey->type == WC_EVP_PKEY_RSA) { + if (md == wolfSSL_EVP_sha256()) { + sigType = CTC_SHA256wRSA; + } + #ifdef WOLFSSL_SHA384 + else if (md == wolfSSL_EVP_sha384()) { + sigType = CTC_SHA384wRSA; + } + #endif + #ifdef WOLFSSL_SHA512 + else if (md == wolfSSL_EVP_sha512()) { + sigType = CTC_SHA512wRSA; + } + #endif + else if (md == wolfSSL_EVP_sha1()) { + sigType = CTC_SHAwRSA; + } + else { + WOLFSSL_MSG("Unsupported digest for RSA"); + return BAD_FUNC_ARG; + } + rsaKey = (RsaKey*)pkey->rsa->internal; + } + else +#endif +#ifdef HAVE_ECC + if (pkey->type == WC_EVP_PKEY_EC) { + if (md == wolfSSL_EVP_sha256()) { + sigType = CTC_SHA256wECDSA; + } + #ifdef WOLFSSL_SHA384 + else if (md == wolfSSL_EVP_sha384()) { + sigType = CTC_SHA384wECDSA; + } + #endif + #ifdef WOLFSSL_SHA512 + else if (md == wolfSSL_EVP_sha512()) { + sigType = CTC_SHA512wECDSA; + } + #endif + else if (md == wolfSSL_EVP_sha1()) { + sigType = CTC_SHAwECDSA; + } + else { + WOLFSSL_MSG("Unsupported digest for ECDSA"); + return BAD_FUNC_ARG; + } + eccKey = (ecc_key*)pkey->ecc->internal; + } + else +#endif + { + WOLFSSL_MSG("Unsupported key type"); + return BAD_FUNC_ARG; + } + } + + /* Get issuer name DER */ + if (ret == WOLFSSL_SUCCESS) { + if (entry->issuer != NULL) { + /* Retrieve the issuer in two passes so we can avoid making + * assumptions about the heap that is used, as we must free + * this buffer later. */ + issuerSz = wolfSSL_i2d_X509_NAME(entry->issuer, NULL); + if (issuerSz <= 0) { + WOLFSSL_MSG("Failed to encode issuer name"); + ret = WOLFSSL_FAILURE; + } + else { + issuerDer = (byte*)XMALLOC((size_t)issuerSz, crl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (issuerDer == NULL) { + WOLFSSL_MSG("Memory allocation failed for issuer DER"); + ret = MEMORY_E; + } + else { + /* i2d moves the pointer, so use a temp */ + byte* tempPtr = issuerDer; + if (wolfSSL_i2d_X509_NAME(entry->issuer, &tempPtr) <= 0) { + WOLFSSL_MSG("Failed to encode issuer name"); + ret = WOLFSSL_FAILURE; + } + } + } + } + else { + WOLFSSL_MSG("CRL has no issuer set"); + ret = BAD_FUNC_ARG; + } + } + + /* Copy dates from ASN1 time structures to raw fields if needed */ + if (ret == WOLFSSL_SUCCESS) { + if (entry->lastDateAsn1.length > 0 && entry->lastDateFormat == 0) { + XMEMCPY(entry->lastDate, entry->lastDateAsn1.data, + (size_t)entry->lastDateAsn1.length); + entry->lastDateFormat = (byte)entry->lastDateAsn1.type; + } + if (entry->nextDateAsn1.length > 0 && entry->nextDateFormat == 0) { + XMEMCPY(entry->nextDate, entry->nextDateAsn1.data, + (size_t)entry->nextDateAsn1.length); + entry->nextDateFormat = (byte)entry->nextDateAsn1.type; + } + } + + /* Verify we have valid dates */ + if (ret == WOLFSSL_SUCCESS) { + if (entry->lastDateFormat == 0) { + WOLFSSL_MSG("CRL has no lastUpdate date set"); + ret = BAD_FUNC_ARG; + } + } + + /* Initialize RNG */ + if (ret == WOLFSSL_SUCCESS) { + if (wc_InitRng(&rng) != 0) { + WOLFSSL_MSG("RNG init failed"); + ret = WOLFSSL_FAILURE; + } + else { + rngInit = 1; + } + } + + if (ret == WOLFSSL_SUCCESS) { + const byte* crlNumber = NULL; + word32 crlNumberSz = 0; + + if (entry->crlNumberSet) { + crlNumber = (const byte*)entry->crlNumber; + crlNumberSz = CRL_MAX_NUM_SZ; + } + + /* Determine TBS size, but this does not include the outer signature + * wrapper (AlgorithmIdentifier, BIT STRING and outer SEQUENCE) */ + bufSz = wc_MakeCRL_ex(issuerDer, (word32)issuerSz, + entry->lastDate, entry->lastDateFormat, + entry->nextDate, entry->nextDateFormat, + entry->certs, crlNumber, crlNumberSz, + sigType, entry->version, NULL, 0); + if (bufSz < 0) { + WOLFSSL_MSG("wc_MakeCRL_ex size check failed"); + ret = bufSz; + } + } + + if (ret == WOLFSSL_SUCCESS) { + bufSz = GetCrlSignBufSz(bufSz, sigType, rsaKey, eccKey); + if (bufSz <= 0) { + WOLFSSL_MSG("CRL buffer size calc failed"); + ret = bufSz; + } + } + + /* Allocate working buffer for TBS + signature */ + if (ret == WOLFSSL_SUCCESS) { + buf = (byte*)XMALLOC(bufSz, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + ret = MEMORY_E; + } + } + + /* Build to-be-signed (TBS) portion of the CRL buffer. + * Note that we pass the fields rather than the CRL_entry struct so + * wolfcrypt need not know about the openSSL-compatible CRL_entry struct. + */ + if (ret == WOLFSSL_SUCCESS) { + const byte* crlNumber = NULL; + word32 crlNumberSz = 0; + + if (entry->crlNumberSet) { + crlNumber = (const byte*)entry->crlNumber; + crlNumberSz = CRL_MAX_NUM_SZ; + } + + tbsSz = wc_MakeCRL_ex(issuerDer, (word32)issuerSz, + entry->lastDate, entry->lastDateFormat, + entry->nextDate, entry->nextDateFormat, + entry->certs, crlNumber, crlNumberSz, + sigType, + entry->version, buf, bufSz); + if (tbsSz < 0) { + WOLFSSL_MSG("wc_MakeCRL_ex failed"); + ret = tbsSz; + } + } + + /* Sign and complete CRL. Note that the output buffer is the same as the + * input buffer. The signature is added to the end of the buffer. + */ + if (ret == WOLFSSL_SUCCESS) { + totalSz = wc_SignCRL_ex(buf, tbsSz, sigType, buf, bufSz, + rsaKey, eccKey, &rng); + if (totalSz < 0) { + WOLFSSL_MSG("wc_SignCRL_ex failed"); + ret = totalSz; + } + } + + /* Update CRL entry with new toBeSigned and signature. Build the new + * buffers first and only commit to entry on full success. */ + if (ret == WOLFSSL_SUCCESS) { + byte* newToBeSigned = NULL; + byte* newSignature = NULL; + word32 newTbsSz = 0; + word32 newSignatureSz = 0; + word32 newSignatureOid = 0; + + /* Extract TBS and signature from the complete CRL buffer. + * After AddSignature, the buffer layout is: + * [outer SEQUENCE header][TBS][AlgorithmIdentifier][BIT STRING sig] + */ + { + word32 idx = 0; + int len = 0; + word32 tbsStart = 0; + word32 tbsLen = 0; + int sigLen = 0; + + /* Parse outer SEQUENCE */ + if (GetSequence(buf, &idx, &len, (word32)totalSz) < 0) { + ret = ASN_PARSE_E; + } + + /* TBS starts here */ + if (ret == WOLFSSL_SUCCESS) { + tbsStart = idx; + } + + /* Parse TBS SEQUENCE to get its length */ + if (ret == WOLFSSL_SUCCESS) { + if (GetSequence(buf, &idx, &len, (word32)totalSz) < 0) { + ret = ASN_PARSE_E; + } + } + if (ret == WOLFSSL_SUCCESS) { + tbsLen = idx + (word32)len - tbsStart; + idx = tbsStart + tbsLen; /* Move past TBS */ + } + + /* Allocate and copy TBS */ + if (ret == WOLFSSL_SUCCESS) { + newToBeSigned = (byte*)XMALLOC(tbsLen, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + if (newToBeSigned == NULL) { + ret = MEMORY_E; + } + } + if (ret == WOLFSSL_SUCCESS) { + XMEMCPY(newToBeSigned, buf + tbsStart, tbsLen); + newTbsSz = tbsLen; + } + + /* Skip AlgorithmIdentifier */ + if (ret == WOLFSSL_SUCCESS) { + if (GetAlgoId(buf, &idx, (word32*)&len, oidSigType, + (word32)totalSz) < 0) { + ret = ASN_PARSE_E; + } + } + + /* Get BIT STRING */ + if (ret == WOLFSSL_SUCCESS) { + if (GetASNHeader(buf, ASN_BIT_STRING, &idx, &sigLen, + (word32)totalSz) < 0) { + ret = ASN_PARSE_E; + } + } + + /* Skip unused bits byte */ + if (ret == WOLFSSL_SUCCESS) { + if (idx >= (word32)totalSz || sigLen <= 0 || buf[idx] != 0) { + ret = ASN_PARSE_E; + } + } + if (ret == WOLFSSL_SUCCESS) { + idx++; + sigLen--; + } + + if (ret == WOLFSSL_SUCCESS) { + newSignature = (byte*)XMALLOC((word32)sigLen, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + if (newSignature == NULL) { + ret = MEMORY_E; + } + } + if (ret == WOLFSSL_SUCCESS) { + XMEMCPY(newSignature, buf + idx, (size_t)sigLen); + newSignatureSz = (word32)sigLen; + newSignatureOid = (word32)sigType; + } + } + + if (ret == WOLFSSL_SUCCESS) { + if (entry->toBeSigned != NULL) { + XFREE(entry->toBeSigned, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + entry->toBeSigned = NULL; + } + if (entry->signature != NULL) { + XFREE(entry->signature, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + entry->signature = NULL; + } + + entry->toBeSigned = newToBeSigned; + entry->tbsSz = newTbsSz; + entry->signature = newSignature; + entry->signatureSz = newSignatureSz; + entry->signatureOID = newSignatureOid; + } + else { + if (newToBeSigned != NULL) { + XFREE(newToBeSigned, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + } + if (newSignature != NULL) { + XFREE(newSignature, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + } + } + } + + /* Mark the CRL as verified/signed for future reference. */ + if (ret == WOLFSSL_SUCCESS) { + entry->verified = 1; + } + + if (issuerDer) { + XFREE(issuerDer, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + if (buf) { + XFREE(buf, crl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + if (rngInit) { + wc_FreeRng(&rng); + } + + return ret; +} +#endif /* WOLFSSL_CERT_GEN */ + +#endif /* OPENSSL_EXTRA */ + #endif /* HAVE_CRL */ #endif /* !WOLFCRYPT_ONLY */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/dtls.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/dtls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dtls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -403,8 +403,9 @@ if (!IsAtLeastTLSv1_3(it->pv)) *resume = TRUE; } - if (it != NULL) - ForceZero(it, sizeof(InternalTicket)); + /* `it` points into tempTicket on successful decryption so clearing it will + * also satisfy the WOLFSSL_CHECK_MEM_ZERO check. */ + ForceZero(tempTicket, SESSION_TICKET_LEN); return 0; } #endif /* HAVE_SESSION_TICKET */ @@ -856,9 +857,9 @@ nonConstSSL->options.tls1_1 = 1; nonConstSSL->options.tls1_3 = 1; - XMEMCPY(nonConstSSL->session->sessionID, ch->sessionId.elements, - ch->sessionId.size); - nonConstSSL->session->sessionIDSz = (byte)ch->sessionId.size; + /* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty + * legacy_session_id_echo. Don't copy the client's session ID. */ + nonConstSSL->session->sessionIDSz = 0; nonConstSSL->options.cipherSuite0 = cs.cipherSuite0; nonConstSSL->options.cipherSuite = cs.cipherSuite; nonConstSSL->extensions = parsedExts; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/dtls13.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls13.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/dtls13.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/dtls13.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dtls13.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -93,7 +93,7 @@ #define DTLS13_SEQ_8_LEN 1 /* fixed bits mask to detect unified header */ -#define DTLS13_FIXED_BITS_MASK (0x111 << 5) +#define DTLS13_FIXED_BITS_MASK (0x7 << 5) /* fixed bits value to detect unified header */ #define DTLS13_FIXED_BITS (0x1 << 5) /* ConnectionID present bit in the unified header flags */ @@ -110,7 +110,9 @@ supported. */ #define DTLS13_UNIFIED_HEADER_SIZE 5 #define DTLS13_MIN_CIPHERTEXT 16 -#define DTLS13_MIN_RTX_INTERVAL 1 +#ifndef DTLS13_MIN_RTX_INTERVAL +#define DTLS13_MIN_RTX_INTERVAL (DTLS_TIMEOUT_INIT * 1000) +#endif #ifndef NO_WOLFSSL_CLIENT WOLFSSL_METHOD* wolfDTLSv1_3_client_method_ex(void* heap) @@ -471,7 +473,7 @@ if (handshakeType == client_hello || handshakeType == hello_retry_request || handshakeType == finished || handshakeType == session_ticket || - handshakeType == session_ticket || handshakeType == key_update || + handshakeType == key_update || (handshakeType == certificate_request && ssl->options.handShakeState == HANDSHAKE_DONE)) return 1; @@ -718,9 +720,14 @@ return rn; } +#ifndef DTLS13_MAX_ACK_RECORDS +#define DTLS13_MAX_ACK_RECORDS 512 +#endif + int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) { Dtls13RecordNumber* rn; + int count; WOLFSSL_ENTER("Dtls13RtxAddAck"); @@ -732,9 +739,21 @@ Dtls13RecordNumber** prevNext = &ssl->dtls13Rtx.seenRecords; Dtls13RecordNumber* cur = ssl->dtls13Rtx.seenRecords; + if (ssl->dtls13Rtx.seenRecordsCount >= DTLS13_ACK_MAX_RECORDS) { + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + return 0; /* list full, silently drop */ + } + + count = 0; for (; cur != NULL; prevNext = &cur->next, cur = cur->next) { + count++; if (w64Equal(cur->epoch, epoch) && w64Equal(cur->seq, seq)) { /* already in list. no duplicates. */ + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif return 0; } else if (w64LT(epoch, cur->epoch) @@ -744,12 +763,27 @@ } } + /* Cap the ACK list to prevent word16 overflow in + * Dtls13GetAckListLength and bound memory consumption */ + if (count >= DTLS13_MAX_ACK_RECORDS) { + WOLFSSL_MSG("DTLS 1.3 ACK list full, dropping record"); + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + return 0; + } + rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); - if (rn == NULL) + if (rn == NULL) { + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif return MEMORY_E; + } *prevNext = rn; rn->next = cur; + ssl->dtls13Rtx.seenRecordsCount++; #ifdef WOLFSSL_RW_THREADED wc_UnLockMutex(&ssl->dtls13Rtx.mutex); #endif @@ -779,6 +813,7 @@ } ssl->dtls13Rtx.seenRecords = NULL; + ssl->dtls13Rtx.seenRecordsCount = 0; #ifdef WOLFSSL_RW_THREADED wc_UnLockMutex(&ssl->dtls13Rtx.mutex); #endif @@ -828,6 +863,11 @@ { Dtls13RecordNumber *rn, **prevNext; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) != 0) + return; +#endif + prevNext = &ssl->dtls13Rtx.seenRecords; rn = ssl->dtls13Rtx.seenRecords; @@ -836,12 +876,21 @@ w64Equal(rn->seq, ssl->keys.curSeq)) { *prevNext = rn->next; XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + if (ssl->dtls13Rtx.seenRecordsCount > 0) + ssl->dtls13Rtx.seenRecordsCount--; +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif return; } prevNext = &rn->next; rn = rn->next; } + +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif } static void Dtls13MaybeSaveClientHello(WOLFSSL* ssl) @@ -978,8 +1027,9 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) { int fragLength, rlHeaderLength; - int remainingSize, maxFragment; - int recordLength; + word32 remainingSize; + int maxFragment; + int recordLength, outputSz; byte isEncrypted; byte* output; int ret; @@ -987,23 +1037,34 @@ isEncrypted = Dtls13TypeIsEncrypted( (enum HandShakeType)ssl->dtls13FragHandshakeType); rlHeaderLength = Dtls13GetRlHeaderLength(ssl, isEncrypted); - maxFragment = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); - + maxFragment = wolfssl_local_GetMaxPlaintextSize(ssl); + if (maxFragment <= DTLS_HANDSHAKE_HEADER_SZ || + maxFragment > MAX_RECORD_SIZE || + ssl->dtls13FragOffset > ssl->dtls13MessageLength) { + Dtls13FreeFragmentsBuffer(ssl); + return BUFFER_E; + } remainingSize = ssl->dtls13MessageLength - ssl->dtls13FragOffset; while (remainingSize > 0) { - fragLength = maxFragment - rlHeaderLength - DTLS_HANDSHAKE_HEADER_SZ; - - recordLength = maxFragment; - - if (fragLength > remainingSize) { - fragLength = remainingSize; - recordLength = - fragLength + rlHeaderLength + DTLS_HANDSHAKE_HEADER_SZ; + fragLength = maxFragment - DTLS_HANDSHAKE_HEADER_SZ; + if (fragLength > (int)remainingSize) + fragLength = (int)remainingSize; + + recordLength = fragLength + rlHeaderLength + DTLS_HANDSHAKE_HEADER_SZ; + outputSz = wolfssl_local_GetRecordSize(ssl, + fragLength + DTLS_HANDSHAKE_HEADER_SZ, isEncrypted); + if (outputSz < 0) { + Dtls13FreeFragmentsBuffer(ssl); + return outputSz; + } + if ((word32)outputSz > WOLFSSL_MAX_16BIT) { + Dtls13FreeFragmentsBuffer(ssl); + return BUFFER_E; } - ret = CheckAvailableSize(ssl, recordLength + MAX_MSG_EXTRA); + ret = CheckAvailableSize(ssl, outputSz); if (ret != 0) { Dtls13FreeFragmentsBuffer(ssl); return ret; @@ -1025,7 +1086,7 @@ ret = Dtls13SendOneFragmentRtx(ssl, (enum HandShakeType)ssl->dtls13FragHandshakeType, - (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0); + (word16)outputSz, output, (word32)recordLength, 0); if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) { ssl->dtls13FragOffset += fragLength; return ret; @@ -1037,7 +1098,7 @@ } ssl->dtls13FragOffset += fragLength; - remainingSize -= fragLength; + remainingSize -= (word32)fragLength; } /* we sent all fragments */ @@ -1062,7 +1123,7 @@ isEncrypted = Dtls13TypeIsEncrypted(handshake_type); rlHeaderLength = Dtls13GetRlHeaderLength(ssl, isEncrypted); - if (length < rlHeaderLength) + if (length < rlHeaderLength + DTLS_HANDSHAKE_HEADER_SZ) return INCOMPLETE_DATA; /* DTLSv1.3 do not consider fragmentation for hash transcript. Build the @@ -1562,21 +1623,24 @@ int isLast; int sendSz; #ifndef NO_ASN_TIME +#ifdef WOLFSSL_32BIT_MILLI_TIME word32 now; +#else + sword64 now; +#endif #endif int ret; WOLFSSL_ENTER("Dtls13RtxSendBuffered"); #ifndef NO_ASN_TIME - now = LowResTimer(); + now = TimeNowInMilliseconds(); if (now - ssl->dtls13Rtx.lastRtx < DTLS13_MIN_RTX_INTERVAL) { #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG("Avoid too fast retransmission"); #endif /* WOLFSSL_DEBUG_TLS */ return 0; } - ssl->dtls13Rtx.lastRtx = now; #endif @@ -1593,6 +1657,10 @@ if (!w64IsZero(r->epoch)) sendSz += MAX_MSG_EXTRA; + if ((word32)sendSz > WOLFSSL_MAX_16BIT) { + return BUFFER_E; + } + ret = CheckAvailableSize(ssl, sendSz); if (ret != 0) return ret; @@ -1836,7 +1904,7 @@ isComplete = isFirst && fragLength == messageLength; if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) { -#ifdef WOLFSSL_DTLS_CH_FRAG +#if defined(WOLFSSL_DTLS_CH_FRAG) && !defined(NO_WOLFSSL_SERVER) byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ if (ssl->options.dtls13ChFrag && !ssl->options.dtlsStateful && @@ -2018,11 +2086,24 @@ return ret; } - maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + maxFrag = wolfssl_local_GetMaxPlaintextSize(ssl); maxLen = length; - if (handshakeType == key_update) + if (handshakeType == key_update) { ssl->dtls13WaitKeyUpdateAck = 1; +#ifdef HAVE_WRITE_DUP + /* Notify the read side so it can watch for the ACK on our behalf. */ + if (ssl->dupWrite != NULL && ssl->dupSide == WRITE_DUP_SIDE) { + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + ssl->dupWrite->keyUpdateEpoch = ssl->dtls13Epoch; + ssl->dupWrite->keyUpdateSeq = + ssl->dtls13EncryptEpoch->nextSeqNumber; + ssl->dupWrite->keyUpdateWaiting = 1; + wc_UnLockMutex(&ssl->dupWrite->dupMutex); + } +#endif /* HAVE_WRITE_DUP */ + } if (maxLen < maxFrag) { ret = Dtls13SendOneFragmentRtx(ssl, handshakeType, outputSize, message, @@ -2156,7 +2237,7 @@ byte clientWrite, serverWrite; byte enc, dec; - WOLFSSL_ENTER("Dtls13SetEpochKeys"); + WOLFSSL_ENTER("Dtls13EpochCopyKeys"); clientWrite = serverWrite = 0; enc = dec = 0; @@ -2518,39 +2599,26 @@ return NOT_COMPILED_IN; } -/* 64 bits epoch + 64 bits sequence */ -#define DTLS13_RN_SIZE 16 - -static int Dtls13GetAckListLength(Dtls13RecordNumber* list, word16* length) -{ - int numberElements; - - numberElements = 0; - - /* TODO: check that we don't exceed the maximum length */ - - while (list != NULL) { - list = list->next; - numberElements++; - } - - *length = (word16)(DTLS13_RN_SIZE * numberElements); - return 0; -} int Dtls13WriteAckMessage(WOLFSSL* ssl, - Dtls13RecordNumber* recordNumberList, word32* length) + Dtls13RecordNumber* recordNumberList, word16 recordsCount, word32* length) { word16 msgSz, headerLength; byte *output, *ackMessage; word32 sendSz; + word32 written; int ret; sendSz = 0; + written = 0; if (ssl->dtls13EncryptEpoch == NULL) return BAD_STATE_E; + if (recordsCount > DTLS13_ACK_MAX_RECORDS) + return BUFFER_E; + msgSz = (word16)(DTLS13_RN_SIZE * recordsCount); + if (w64IsZero(ssl->dtls13EncryptEpoch->epochNumber)) { /* unprotected ACK */ headerLength = DTLS_RECORD_HEADER_SZ; @@ -2560,10 +2628,6 @@ sendSz += MAX_MSG_EXTRA; } - ret = Dtls13GetAckListLength(recordNumberList, &msgSz); - if (ret != 0) - return ret; - sendSz += headerLength; /* ACK list 2 bytes length field */ @@ -2586,6 +2650,8 @@ WOLFSSL_MSG("write ack records"); while (recordNumberList != NULL) { + if (written + DTLS13_RN_SIZE > msgSz) + return BUFFER_E; WOLFSSL_MSG_EX("epoch %d seq %d", recordNumberList->epoch, recordNumberList->seq); c64toa(&recordNumberList->epoch, ackMessage); @@ -2593,8 +2659,12 @@ c64toa(&recordNumberList->seq, ackMessage); ackMessage += OPAQUE64_LEN; recordNumberList = recordNumberList->next; + written += DTLS13_RN_SIZE; } + if (written != msgSz) + return BUFFER_E; + *length = msgSz + OPAQUE16_LEN; return 0; @@ -2643,7 +2713,7 @@ } #endif /* WOLFSSL_DEBUG_TLS */ -static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, +void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) { Dtls13RtxRecord *r, **prevNext; @@ -2693,9 +2763,29 @@ ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex); #endif if (sendAcks) { - ret = SendDtls13Ack(ssl); - if (ret != 0) - return ret; +#ifdef HAVE_WRITE_DUP + /* The read side cannot encrypt. Transfer the seenRecords list to the + * shared WriteDup struct so the write side sends the ACK instead. */ + if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) { + struct Dtls13RecordNumber** tail = NULL; + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + tail = (struct Dtls13RecordNumber**)&ssl->dupWrite->sendAckList; + while (*tail != NULL) + tail = &(*tail)->next; + *tail = ssl->dtls13Rtx.seenRecords; + ssl->dtls13Rtx.seenRecords = NULL; + ssl->dtls13Rtx.seenRecordsCount = 0; + ssl->dupWrite->sendAcks = 1; + wc_UnLockMutex(&ssl->dupWrite->dupMutex); + } + else +#endif /* HAVE_WRITE_DUP */ + { + ret = SendDtls13Ack(ssl); + if (ret != 0) + return ret; + } } if (ssl->dtls13Rtx.retransmit) { @@ -2811,6 +2901,22 @@ ato64(ackMessage + i + OPAQUE64_LEN, &seq); WOLFSSL_MSG_EX("epoch %d seq %d", epoch, seq); Dtls13RtxRemoveRecord(ssl, epoch, seq); +#ifdef HAVE_WRITE_DUP + /* Read side: check if this ACK covers the write side's pending KeyUpdate. + * Match on both epoch AND seq to avoid false positives from data records + * in the same epoch (sent while dtls13WaitKeyUpdateAck == 1). */ + if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) { + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + if (ssl->dupWrite->keyUpdateWaiting && + w64Equal(epoch, ssl->dupWrite->keyUpdateEpoch) && + w64Equal(seq, ssl->dupWrite->keyUpdateSeq)) { + ssl->dupWrite->keyUpdateAcked = 1; + ssl->dupWrite->keyUpdateWaiting = 0; + } + wc_UnLockMutex(&ssl->dupWrite->dupMutex); + } +#endif /* HAVE_WRITE_DUP */ } /* last client flight was completely acknowledged by the server. Handshake @@ -2883,12 +2989,13 @@ if (ret < 0) return ret; #endif - ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); + ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, + ssl->dtls13Rtx.seenRecordsCount, &length); #ifdef WOLFSSL_RW_THREADED wc_UnLockMutex(&ssl->dtls13Rtx.mutex); #endif - if (ret != 0) - return ret; + if (ret != 0) + return ret; output = GetOutputBuffer(ssl); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/src/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/include.am 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -17,10 +17,16 @@ EXTRA_DIST += src/bio.c EXTRA_DIST += src/conf.c EXTRA_DIST += src/pk.c +EXTRA_DIST += src/pk_rsa.c +EXTRA_DIST += src/pk_ec.c +EXTRA_DIST += src/ssl_api_cert.c +EXTRA_DIST += src/ssl_api_crl_ocsp.c +EXTRA_DIST += src/ssl_api_pk.c EXTRA_DIST += src/ssl_asn1.c EXTRA_DIST += src/ssl_bn.c EXTRA_DIST += src/ssl_certman.c EXTRA_DIST += src/ssl_crypto.c +EXTRA_DIST += src/ssl_ech.c EXTRA_DIST += src/ssl_load.c EXTRA_DIST += src/ssl_misc.c EXTRA_DIST += src/ssl_p7p12.c @@ -181,6 +187,14 @@ wolfcrypt/src/hmac.c \ wolfcrypt/src/random.c +if BUILD_MEMUSE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfentropy.c +endif + +if BUILD_RNG_BANK +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rng_bank.c +endif + src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c if BUILD_RSA @@ -300,7 +314,11 @@ if BUILD_PPC32_ASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c else +if BUILD_PPC32_ASM_INLINE_REG +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c +else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S +endif !BUILD_PPC32_ASM_INLINE_REG endif !BUILD_PPC32_ASM_INLINE endif BUILD_PPC32_ASM @@ -422,6 +440,24 @@ wolfcrypt/src/hmac.c \ wolfcrypt/src/random.c +if BUILD_FIPS_V6 +if BUILD_MEMUSE +if BUILD_KERNEL_MODE_DEFAULTS +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfentropy.c +endif +endif +endif + +if !BUILD_FIPS_V6 +if BUILD_MEMUSE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfentropy.c +endif +endif + +if BUILD_RNG_BANK +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rng_bank.c +endif + src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/kdf.c if BUILD_RSA @@ -531,7 +567,11 @@ if BUILD_PPC32_ASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c else +if BUILD_PPC32_ASM_INLINE_REG +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c +else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S +endif !BUILD_PPC32_ASM_INLINE_REG endif !BUILD_PPC32_ASM_INLINE endif BUILD_PPC32_ASM @@ -770,6 +810,12 @@ if !BUILD_FIPS_V2_PLUS if BUILD_RNG src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/random.c +if BUILD_MEMUSE +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wolfentropy.c +endif +if BUILD_RNG_BANK +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/rng_bank.c +endif endif endif !BUILD_FIPS_V2_PLUS @@ -819,7 +865,11 @@ if BUILD_PPC32_ASM_INLINE src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c else +if BUILD_PPC32_ASM_INLINE_REG +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c +else src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S +endif !BUILD_PPC32_ASM_INLINE_REG endif !BUILD_PPC32_ASM_INLINE endif BUILD_PPC32_ASM @@ -1254,7 +1304,7 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ripemd.c endif -if BUILD_BLAKE2 +if BUILD_BLAKE2B src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/blake2b.c endif if BUILD_BLAKE2S @@ -1378,6 +1428,10 @@ src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_xmss_impl.c endif +if BUILD_WC_SLHDSA +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/wc_slhdsa.c +endif + if !BUILD_FIPS_V6_PLUS if BUILD_CURVE25519 src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/curve25519.c @@ -1390,6 +1444,7 @@ if BUILD_FEMATH src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_low_mem.c +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c if BUILD_CURVE25519_INTELASM if !BUILD_X86_ASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S @@ -1449,8 +1504,8 @@ if BUILD_GEMATH src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_low_mem.c -src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c if !BUILD_FEMATH +src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/ge_operations.c if BUILD_CURVE25519_INTELASM if !BUILD_X86_ASM src_libwolfssl@LIBSUFFIX@_la_SOURCES += wolfcrypt/src/fe_x25519_asm.S diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/internal.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/internal.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/internal.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/internal.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,72 +22,133 @@ #include /* - * WOLFSSL_SMALL_CERT_VERIFY: - * Verify the certificate signature without using DecodedCert. Doubles up - * on some code but allows smaller peak heap memory usage. - * Cannot be used with WOLFSSL_NONBLOCK_OCSP. - * WOLFSSL_ALT_CERT_CHAINS: - * Allows CA's to be presented by peer, but not part of a valid chain. - * Default wolfSSL behavior is to require validation of all presented peer - * certificates. This also allows loading intermediate CA's as trusted - * and ignoring no signer failures for CA's up the chain to root. - * WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT: - * Enable resending the previous DTLS handshake flight only on a network - * read timeout. By default we resend in two more cases, when we receive: - * - an out of order last msg of the peer's flight - * - a duplicate of the first msg from the peer's flight + * internal.c Build Options: + * + * See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3, + * ssl.c for SSL API layer, wc_port.c for platform/memory. + * + * Connection & Buffers: + * LARGE_STATIC_BUFFERS: Use large static I/O buffers default: on + * WOLFSSL_DISABLE_EARLY_SANITY_CHECKS: + * Disable early sanity checks on TLS messages default: off + * WOLFSSL_NO_DTLS_SIZE_CHECK: Disable DTLS record size validation default: off + * + * Cipher Suite Selection: + * NO_CHAPOL_AEAD: Disable ChaCha20-Poly1305 AEAD suites default: off + * WOLFSSL_OLDTLS_AEAD_CIPHERSUITES: + * Enable AEAD cipher suites for pre-TLS 1.2 default: off + * WOLFSSL_OLDTLS_SHA2_CIPHERSUITES: + * Enable SHA-2 cipher suites for pre-TLS 1.2 default: off + * WOLFSSL_NO_STRICT_CIPHER_SUITE: + * Relax strict cipher suite validation default: off + * NO_RESUME_SUITE_CHECK: Skip cipher suite check on resume default: off + * NO_FORCE_SCR_SAME_SUITE: Allow different suite in renegotiation default: off + * CIPHER_NONCE: Per-record cipher nonce for AEAD default: off + * + * Certificate Validation: + * WOLFSSL_SMALL_CERT_VERIFY: Verify cert sig without DecodedCert default: off + * WOLFSSL_ALT_CERT_CHAINS: Allow non-validated intermediate CAs default: off + * NO_CHECK_PRIVATE_KEY: Skip key/cert matching validation default: off + * WOLFSSL_VERIFY_CB_ALL_CERTS: + * Call verify callback for all chain certs default: off + * WOLFSSL_ALWAYS_VERIFY_CB: Always invoke verify callback default: off + * WOLFSSL_ALLOW_NO_CN_IN_SAN: Allow certs with SAN but no CN default: off + * WOLFSSL_TRUST_PEER_CERT: Direct trust of specific peer certs default: off + * WOLFSSL_LOCAL_X509_STORE: Per-context X509 store default: off + * WOLFSSL_APPLE_NATIVE_CERT_VALIDATION: + * Use Apple native cert validation on macOS/iOS default: off + * WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION: + * Testing mode for Apple cert validation default: off + * HAVE_DANE: DNS-based cert validation (DNSSEC) default: off + * HAVE_FALLBACK_SCSV: TLS Fallback SCSV anti-downgrade default: off + * WOLFSSL_ACERT: Attribute certificate support default: off + * WOLFSSL_DEBUG_CERTS: Debug logging for cert processing default: off + * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY: + * Verify hostname using SAN only (not CN) default: off + * + * Handshake Behavior: + * OLD_HELLO_ALLOWED: Allow SSLv2-format ClientHello default: off + * WOLFSSL_ALTERNATIVE_DOWNGRADE: + * Alternative protocol downgrade detection default: off + * WOLFSSL_OLD_TIMINGPADVERIFY: + * Old timing-based CBC padding verification default: off + * WOLFSSL_ECDSA_MATCH_HASH: Match ECDSA hash to curve preference default: off + * WOLFSSL_STRONGEST_HASH_SIG: Prefer strongest hash in signatures default: off + * USE_ECDSA_KEYSZ_HASH_ALGO: Select ECDSA hash by key size default: off + * WOLFSSL_ALLOW_TLS_SHA1: Allow SHA-1 cipher suites/signatures default: off + * WOLFSSL_EXTRA_ALERTS: Send additional TLS alert messages default: off + * WOLFSSL_NO_ETM_ALERT: No alert on Encrypt-Then-MAC failure default: off + * + * Secure Renegotiation & PSK: + * WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT: + * Enable secure renegotiation by default default: off + * WOLFSSL_PSK_IDENTITY_ALERT: Alert on PSK identity lookup failure default: off + * + * Session Tickets: * WOLFSSL_NO_DEF_TICKET_ENC_CB: - * No default ticket encryption callback. - * Server only. - * Application must set its own callback to use session tickets. - * WOLFSSL_TICKET_ENC_CHACHA20_POLY1305 - * Use ChaCha20-Poly1305 to encrypt/decrypt session tickets in default - * callback. Default algorithm if none defined and algorithms compiled in. - * Server only. - * WOLFSSL_TICKET_ENC_AES128_GCM - * Use AES128-GCM to encrypt/decrypt session tickets in default callback. - * Server only. Default algorithm if ChaCha20/Poly1305 not compiled in. - * WOLFSSL_TICKET_ENC_AES256_GCM - * Use AES256-GCM to encrypt/decrypt session tickets in default callback. - * Server only. - * WOLFSSL_TICKET_DECRYPT_NO_CREATE - * Default callback will not request creation of new ticket on successful - * decryption. - * Server only. - * WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE - * Once a normal TLS 1.3 handshake is complete, a session ticket message - * may be received by a client. To support detecting this, peek will - * return WOLFSSL_ERROR_WANT_READ. - * This define turns off this behaviour. - * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY - * Verify hostname/ip address using alternate name (SAN) only and do not - * use the common name. Forces use of the alternate name, so certificates - * missing SAN will be rejected during the handshake - * WOLFSSL_CHECK_SIG_FAULTS - * Verifies the ECC signature after signing in case of faults in the - * calculation of the signature. Useful when signature fault injection is a - * possible attack. - * WOLFSSL_TLS13_IGNORE_AEAD_LIMITS - * Ignore the AEAD limits for messages specified in the RFC. After - * reaching the limit, we initiate a key update. We enforce the AEAD limits - * by default. - * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 - * https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits - * WOLFSSL_HARDEN_TLS - * Implement the recommendations specified in RFC9325. This macro needs to - * be defined to the desired number of bits of security. The currently - * implemented values are 112 and 128 bits. The following macros disable - * certain checks. - * - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC - * - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS - * - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK - * - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK - * - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES - * WOLFSSL_NO_INIT_CTX_KEY - * Allows SSL objects to be created from a CTX without a loaded key/cert - * pair + * No default ticket encryption callback default: off + * WOLFSSL_TICKET_ENC_CHACHA20_POLY1305: + * ChaCha20-Poly1305 for ticket encryption default: auto + * WOLFSSL_TICKET_ENC_AES128_GCM: + * AES128-GCM for ticket encryption default: auto + * WOLFSSL_TICKET_ENC_AES256_GCM: + * AES256-GCM for ticket encryption default: off + * WOLFSSL_TICKET_DECRYPT_NO_CREATE: + * No new ticket on successful decryption default: off + * WOLFSSL_TICKET_ENC_CBC_HMAC: + * CBC+HMAC for ticket encryption (non-AEAD) default: off + * WOLFSSL_NO_TICKET_EXPIRE: Disable ticket expiration checking default: off + * + * TLS 1.3 Internals: + * WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC: + * Ignore plaintext alerts when encrypted expected default: off + * WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE: + * Disable peek returning WANT_READ for tickets default: off + * WOLFSSL_TLS13_IGNORE_AEAD_LIMITS: + * Ignore AEAD message limits from RFC 8446 default: off + * WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT: + * Send more ACKs by default in DTLS 1.3 default: off + * + * DTLS: + * WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT: + * Resend previous flight only on timeout default: off + * WOLFSSL_DTLS_DISALLOW_FUTURE: + * Reject DTLS records with future epoch default: off * WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS: - * When defined, allows DTLS records to span across multiple datagrams. + * Allow DTLS records to span datagrams default: off + * WOLFSSL_DEBUG_DTLS: Debug logging for DTLS operations default: off + * + * Session Export: + * WOLFSSL_SESSION_EXPORT: Enable session export/import default: off + * WOLFSSL_SESSION_EXPORT_DEBUG: + * Debug logging for session export/import default: off + * WOLFSSL_SESSION_EXPORT_NOPEER: + * Export sessions without peer cert info default: off + * + * Compatibility Layers: + * WOLFSSL_MYSQL_COMPATIBLE: MySQL protocol compatibility default: off + * WOLFSSL_OPENVPN: OpenVPN compatibility behaviors default: off + * + * Async & Non-blocking: + * WOLFSSL_ASYNC_CRYPT_SW: Software async crypto simulation default: off + * WC_X25519_NONBLOCK: Non-blocking X25519 operations default: off + * HAVE_WOLF_EVENT: Event-driven async processing default: off + * + * Hardware/Platform TLS: + * WOLFSSL_MAXQ10XX_TLS: Maxim MAXQ10xx secure element default: off + * WOLFSSL_IOTSAFE: IoTSAFE (GSMA) applet support default: off + * WOLFSSL_QNX_CAAM: QNX CAAM crypto module support default: off + * HAVE_DH_DEFAULT_PARAMS: Include default DH parameters default: off + * HAVE_EXT_CACHE: External session cache callbacks default: off + * + * Hardening: + * WOLFSSL_HARDEN_TLS: Implement RFC 9325 recommendations default: off + * WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC: Allow truncated HMAC + * WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS: Allow old TLS versions + * WOLFSSL_HARDEN_TLS_NO_SCR_CHECK: No SCR check + * WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK: No public key check + * WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES: Allow all suites + * WOLFSSL_NO_INIT_CTX_KEY: Allow SSL objects without loaded keys default: off */ #ifndef WOLFCRYPT_ONLY @@ -96,6 +157,7 @@ #include #include #include +#include #ifdef NO_INLINE #include #else @@ -140,6 +202,8 @@ #define ERROR_OUT(err, eLabel) { ret = (int)(err); goto eLabel; } +#define CHECK_RET(ret, exp, eLabel) do { if (((ret) = (exp)) != 0) goto eLabel;\ + } while(0) #ifdef _MSC_VER /* disable for while(0) cases at the .c level for now */ @@ -209,7 +273,8 @@ static int _DtlsCheckWindow(WOLFSSL* ssl); #endif -#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) +#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) #include #include #include @@ -935,7 +1000,7 @@ XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ); idx += AEAD_MAX_EXP_SZ; - sz = (small)? 0: AEAD_MAX_IMP_SZ; + sz = (small)? 0: ssl->specs.iv_size; if (idx + (sz * 2) + OPAQUE8_LEN > len) { WOLFSSL_MSG("Buffer not large enough for imp IVs"); return BUFFER_E; @@ -1116,14 +1181,18 @@ word16 i, wordCount, wordAdj = 0; /* do window */ + if (idx + OPAQUE16_LEN > len) + return BUFFER_E; ato16(exp + idx, &wordCount); idx += OPAQUE16_LEN; if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) { + wordAdj = (wordCount - WOLFSSL_DTLS_WINDOW_WORDS) * sizeof(word32); wordCount = WOLFSSL_DTLS_WINDOW_WORDS; - wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32); } + if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len) + return BUFFER_E; XMEMSET(keys->peerSeq[0].window, 0xFF, DTLS_SEQ_SZ); for (i = 0; i < wordCount; i++) { ato32(exp + idx, &keys->peerSeq[0].window[i]); @@ -1132,14 +1201,19 @@ idx += wordAdj; /* do prevWindow */ + wordAdj = 0; + if (idx + OPAQUE16_LEN > len) + return BUFFER_E; ato16(exp + idx, &wordCount); idx += OPAQUE16_LEN; if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) { + wordAdj = (wordCount - WOLFSSL_DTLS_WINDOW_WORDS) * sizeof(word32); wordCount = WOLFSSL_DTLS_WINDOW_WORDS; - wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32); } + if (idx + (wordCount * OPAQUE32_LEN) + wordAdj > len) + return BUFFER_E; XMEMSET(keys->peerSeq[0].prevWindow, 0xFF, DTLS_SEQ_SZ); for (i = 0; i < wordCount; i++) { ato32(exp + idx, &keys->peerSeq[0].prevWindow[i]); @@ -1166,7 +1240,7 @@ XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz; } #else - if (sz + idx > len) { + if ((sz * 2) + idx > len) { return BUFFER_E; } idx += sz; idx += sz; @@ -1553,10 +1627,12 @@ idx++; #endif } - +#ifdef WOLFSSL_DTLS /* If we had a connection established, let's assume that we can act * statefully */ options->dtlsStateful = 1; +#endif + if (ver > WOLFSSL_EXPORT_VERSION_4) { #ifdef WOLFSSL_DTLS options->dtlsStateful = exp[idx++]; @@ -2083,7 +2159,8 @@ #endif } - /* check is at least the minimum size needed, TLS cipher states add more */ + /* check if sz is sufficient for the worst-case scenario computed above, + * TLS cipher states add more */ if (ret == 0 && (totalLen > *sz || buf == NULL)) { WOLFSSL_MSG("export buffer was too small or null"); *sz = totalLen; @@ -2245,9 +2322,39 @@ WOLFSSL_MSG("DTLS Cookie Secret error"); return ret; } + #if defined(WOLFSSL_DTLS13) + if (IsAtLeastTLSv1_3(ssl->version)) { + #if defined(WOLFSSL_SEND_HRR_COOKIE) + ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 Cookie secret error"); + return ret; + } + #endif /* WOLFSSL_SEND_HRR_COOKIE */ + #if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) + /* Allow fragmentation of the second ClientHello due to the + * large PQC key share. */ + ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 CH frag error"); + return ret; + } + #endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */ + } + #endif /* WOLFSSL_DTLS13 */ } #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ + /* Forcefully reinitialize suites here as the side may have changed, + * unless the user has explicitly set cipher suites. + * Two separate checks to ensure suites are always allocated, to avoid + * failing suites == NULL check in InitSSL_Suites. */ + if (ssl->suites && !ssl->suites->setSuites) { + FreeSuites(ssl); + } + if (!ssl->suites) { + AllocateSuites(ssl); + } return InitSSL_Suites(ssl); } #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE || @@ -3035,7 +3142,7 @@ !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_TLS) TicketEncCbCtx_Free(&ctx->ticketKeyCtx); #endif - wolfSSL_RefFree(&ctx->ref); + wolfSSL_RefWithMutexFree(&ctx->ref); XFREE(ctx, heap, DYNAMIC_TYPE_CTX); } else { @@ -3085,7 +3192,7 @@ XMEMSET(&ssl->dtlsRecordNumberEncrypt, 0, sizeof(ssl->dtlsRecordNumberEncrypt)); XMEMSET(&ssl->dtlsRecordNumberDecrypt, 0, - sizeof(ssl->dtlsRecordNumberEncrypt)); + sizeof(ssl->dtlsRecordNumberDecrypt)); #endif /* WOLFSSL_DTLS13 */ } @@ -3143,6 +3250,9 @@ XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER); cipher->hmac = NULL; #endif + + (void)cipher; + (void)heap; } /* Free ciphers */ @@ -3308,6 +3418,23 @@ } else #endif +#ifdef HAVE_ECC_BRAINPOOL + if (sigAlgo == ecc_brainpool_sa_algo) { + if (macAlgo == sha512_mac) { + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR, + ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR); + } + else if (macAlgo == sha384_mac) { + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR, + ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR); + } + else if (macAlgo == sha256_mac) { + ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, NEW_SA_MAJOR, + ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR); + } + } + else +#endif { ADD_HASH_SIG_ALGO(hashSigAlgo, inOutIdx, macAlgo, sigAlgo); } @@ -3315,11 +3442,12 @@ } void InitSuitesHashSigAlgo(byte* hashSigAlgo, int haveSig, int tls1_2, - int keySz, word16* len) + int tls1_3, int keySz, word16* len) { word16 idx = 0; (void)tls1_2; + (void)tls1_3; (void)keySz; #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) @@ -3328,14 +3456,32 @@ #ifdef WOLFSSL_SHA512 AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_dsa_sa_algo, keySz, &idx); + #ifdef HAVE_ECC_BRAINPOOL + if (tls1_3) { + AddSuiteHashSigAlgo(hashSigAlgo, sha512_mac, ecc_brainpool_sa_algo, + keySz, &idx); + } + #endif #endif #ifdef WOLFSSL_SHA384 AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_dsa_sa_algo, keySz, &idx); + #ifdef HAVE_ECC_BRAINPOOL + if (tls1_3) { + AddSuiteHashSigAlgo(hashSigAlgo, sha384_mac, ecc_brainpool_sa_algo, + keySz, &idx); + } + #endif #endif #ifndef NO_SHA256 AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_dsa_sa_algo, keySz, &idx); + #ifdef HAVE_ECC_BRAINPOOL + if (tls1_3) { + AddSuiteHashSigAlgo(hashSigAlgo, sha256_mac, ecc_brainpool_sa_algo, + keySz, &idx); + } + #endif #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) @@ -3460,9 +3606,7 @@ word16 idx = 0; int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR; int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR; -#ifdef WOLFSSL_TLS13 int tls1_3 = IsAtLeastTLSv1_3(pv); -#endif int dtls = 0; int haveRSAsig = 1; @@ -3479,6 +3623,7 @@ (void)tls; /* shut up compiler */ (void)tls1_2; + (void)tls1_3; (void)dtls; (void)haveDH; (void)havePSK; @@ -4199,7 +4344,7 @@ #ifndef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES if (tls1_2 && havePSK && haveAES128) #else - if (tls1 && havePSK && haveAES128) + if (tls && havePSK && haveAES128) #endif { suites->suites[idx++] = CIPHER_BYTE; @@ -4506,8 +4651,8 @@ suites->suiteSz = idx; if (suites->hashSigAlgoSz == 0) { - InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, keySz, - &suites->hashSigAlgoSz); + InitSuitesHashSigAlgo(suites->hashSigAlgo, SIG_ALL, tls1_2, tls1_3, + keySz, &suites->hashSigAlgoSz); } /* Moved to the end as we set some of the vars but never use them */ @@ -4567,6 +4712,22 @@ } else #endif + #ifdef HAVE_ECC_BRAINPOOL + /* RFC 8734 TLS 1.3 Brainpool curves */ + if (input[1] == ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR) { + *hsType = ecc_brainpool_sa_algo; + *hashAlgo = sha256_mac; + } + else if (input[1] == ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR) { + *hsType = ecc_brainpool_sa_algo; + *hashAlgo = sha384_mac; + } + else if (input[1] == ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR) { + *hsType = ecc_brainpool_sa_algo; + *hashAlgo = sha512_mac; + } + else + #endif { *hsType = input[0]; *hashAlgo = input[1]; @@ -4828,6 +4989,16 @@ FreeAltNames(x509->altNames, x509->heap); x509->altNames = NULL; } + #ifndef IGNORE_NAME_CONSTRAINTS + if (x509->permittedNames) { + FreeNameSubtrees(x509->permittedNames, x509->heap); + x509->permittedNames = NULL; + } + if (x509->excludedNames) { + FreeNameSubtrees(x509->excludedNames, x509->heap); + x509->excludedNames = NULL; + } + #endif #ifdef WOLFSSL_DUAL_ALG_CERTS XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT); @@ -4846,7 +5017,8 @@ } -#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) +#if !defined(NO_WOLFSSL_SERVER) || (!defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) #if !defined(WOLFSSL_NO_TLS12) /* Encode the signature algorithm into buffer. * @@ -5549,6 +5721,12 @@ } #endif + /* Check hash length */ + if ((outSz > WC_MAX_DIGEST_SIZE) || + (outSz < WC_MIN_DIGEST_SIZE)) { + return BAD_LENGTH_E; + } + (void)ssl; (void)keyBufInfo; @@ -6039,7 +6217,7 @@ #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ - ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_NONE); if (ret != 0) return ret; #endif @@ -7003,6 +7181,9 @@ #endif #ifndef NO_RSA ssl->options.minRsaKeySz = ctx->minRsaKeySz; + #ifdef WC_RSA_PSS + ssl->useRsaPss = ctx->useRsaPss; + #endif #endif #ifdef HAVE_ECC ssl->options.minEccKeySz = ctx->minEccKeySz; @@ -7116,6 +7297,7 @@ if (ret != 0) { return ret; } + ret = WOLFSSL_SUCCESS; } #endif ssl->buffers.keyType = ctx->privateKeyType; @@ -7128,7 +7310,7 @@ ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altKey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); if (ret != 0) { @@ -7296,78 +7478,89 @@ return ret; } -void FreeHandshakeHashes(WOLFSSL* ssl) +void Free_HS_Hashes(HS_Hashes* hsHashes, void* heap) { - if (ssl->hsHashes) { + if (hsHashes) { #if !defined(NO_MD5) && !defined(NO_OLD_TLS) - wc_Md5Free(&ssl->hsHashes->hashMd5); + wc_Md5Free(&hsHashes->hashMd5); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) - wc_ShaFree(&ssl->hsHashes->hashSha); + wc_ShaFree(&hsHashes->hashSha); #endif #ifndef NO_SHA256 - wc_Sha256Free(&ssl->hsHashes->hashSha256); + wc_Sha256Free(&hsHashes->hashSha256); #endif #ifdef WOLFSSL_SHA384 - wc_Sha384Free(&ssl->hsHashes->hashSha384); + wc_Sha384Free(&hsHashes->hashSha384); #endif #ifdef WOLFSSL_SHA512 - wc_Sha512Free(&ssl->hsHashes->hashSha512); + wc_Sha512Free(&hsHashes->hashSha512); #endif #ifdef WOLFSSL_SM3 - wc_Sm3Free(&ssl->hsHashes->hashSm3); + wc_Sm3Free(&hsHashes->hashSm3); #endif #if (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ (defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3))) && \ !defined(WOLFSSL_NO_CLIENT_AUTH) - if (ssl->hsHashes->messages != NULL) { - ForceZero(ssl->hsHashes->messages, (word32)ssl->hsHashes->length); - XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); - ssl->hsHashes->messages = NULL; + if (hsHashes->messages != NULL) { + ForceZero(hsHashes->messages, (word32)hsHashes->length); + XFREE(hsHashes->messages, heap, DYNAMIC_TYPE_HASHES); + hsHashes->messages = NULL; } #endif - XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); - ssl->hsHashes = NULL; + XFREE(hsHashes, heap, DYNAMIC_TYPE_HASHES); + hsHashes = NULL; } } +void FreeHandshakeHashes(WOLFSSL* ssl) +{ + Free_HS_Hashes(ssl->hsHashes, ssl->heap); + ssl->hsHashes = NULL; +} + /* copy the hashes from source to a newly made destination return status */ int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, HS_Hashes** destination) { int ret; - HS_Hashes* tmpHashes; - if (source == NULL) + if ((ssl == NULL) || (source == NULL) || (destination == NULL)) return BAD_FUNC_ARG; - /* save the original so we can put it back afterward */ - tmpHashes = ssl->hsHashes; - ssl->hsHashes = *destination; + /* If *destination is already allocated, its constituent hashes need to be + * freed, else they would leak. */ + Free_HS_Hashes(*destination, ssl->heap); - ret = InitHandshakeHashes(ssl); - if (ret != 0) { - WOLFSSL_MSG_EX("InitHandshakeHashes failed. err = %d", ret); - ssl->hsHashes = tmpHashes; /* restore hsHashes pointer to original - * before returning */ - return ret; + /* allocate handshake hashes */ + *destination = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap, + DYNAMIC_TYPE_HASHES); + if (*destination == NULL) { + WOLFSSL_MSG("HS_Hashes Memory error"); + return MEMORY_E; } - *destination = ssl->hsHashes; - ssl->hsHashes = tmpHashes; + /* Note we can't call InitHandshakeHashes() here, because the copy methods + * overwrite the entire dest low level hash struct. With some hashes and + * settings (e.g. SHA-2 hashes with WOLFSSL_SMALL_STACK_CACHE), internal + * scratch buffers are preallocated at init and will leak if overwritten. + */ + XMEMSET(*destination, 0, sizeof(HS_Hashes)); /* now copy the source contents to the destination */ + ret = 0; #ifndef NO_OLD_TLS #ifndef NO_SHA - ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha); + if (ret == 0) + ret = wc_ShaCopy(&source->hashSha, &(*destination)->hashSha); #endif #ifndef NO_MD5 if (ret == 0) ret = wc_Md5Copy(&source->hashMd5, &(*destination)->hashMd5); #endif - #endif /* !NO_OLD_TLS */ +#endif /* !NO_OLD_TLS */ #ifndef NO_SHA256 if (ret == 0) ret = wc_Sha256Copy(&source->hashSha256, @@ -7830,6 +8023,10 @@ ssl->disabledCurves = ctx->disabledCurves; #endif +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) + ssl->scr_check_enabled = 1; +#endif InitCiphers(ssl); InitCipherSpecs(&ssl->specs); @@ -7855,7 +8052,7 @@ (unsigned long)wolfSSL_X509_VERIFY_PARAM_get_flags( wolfSSL_CTX_get0_param(ctx))) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ssl->param set flags error"); - return WOLFSSL_FAILURE; + return BAD_STATE_E; } #endif @@ -7883,6 +8080,24 @@ } ssl->options.dtls = ssl->version.major == DTLS_MAJOR; + +#ifdef WOLFSSL_DTLS13 + /* setup 0 (un-protected) epoch */ + ssl->dtls13Epochs[0].isValid = 1; + ssl->dtls13Epochs[0].side = ENCRYPT_AND_DECRYPT_SIDE; + ssl->dtls13EncryptEpoch = &ssl->dtls13Epochs[0]; + ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0]; + ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT; + ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords; + +#ifdef WOLFSSL_RW_THREADED + ret = wc_InitMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } +#endif +#endif /* WOLFSSL_DTLS13 */ + #ifdef HAVE_WRITE_DUP if (writeDup) { /* all done */ @@ -7905,15 +8120,26 @@ WOLFSSL_MSG("DTLS Cookie Secret error"); return ret; } -#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) + #if defined(WOLFSSL_DTLS13) if (IsAtLeastTLSv1_3(ssl->version)) { + #if defined(WOLFSSL_SEND_HRR_COOKIE) ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("DTLS1.3 Cookie secret error"); return ret; } + #endif /* WOLFSSL_SEND_HRR_COOKIE */ + #if defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) + /* Allow fragmentation of the second ClientHello due to the + * large PQC key share. */ + ret = wolfSSL_dtls13_allow_ch_frag(ssl, 1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("DTLS1.3 CH frag error"); + return ret; + } + #endif /* WOLFSSL_DTLS_CH_FRAG && WOLFSSL_HAVE_MLKEM */ } -#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE */ + #endif /* WOLFSSL_DTLS13 */ } #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ @@ -7983,29 +8209,11 @@ } #endif /* HAVE_SECURE_RENEGOTIATION */ - -#ifdef WOLFSSL_DTLS13 - /* setup 0 (un-protected) epoch */ - ssl->dtls13Epochs[0].isValid = 1; - ssl->dtls13Epochs[0].side = ENCRYPT_AND_DECRYPT_SIDE; - ssl->dtls13EncryptEpoch = &ssl->dtls13Epochs[0]; - ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0]; - ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT; - ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords; - -#ifdef WOLFSSL_RW_THREADED - ret = wc_InitMutex(&ssl->dtls13Rtx.mutex); - if (ret < 0) { - return ret; - } -#endif -#endif /* WOLFSSL_DTLS13 */ - #ifdef WOLFSSL_QUIC if (ctx->quic.method) { ret = wolfSSL_set_quic_method(ssl, ctx->quic.method); if (ret != WOLFSSL_SUCCESS) - return ret; + return WOLFSSL_FATAL_ERROR; } #endif @@ -8091,6 +8299,13 @@ #endif /* HAVE_ED25519 */ #ifdef HAVE_CURVE25519 case DYNAMIC_TYPE_CURVE25519: + #if defined(WC_X25519_NONBLOCK) && \ + defined(WOLFSSL_ASYNC_CRYPT_SW) + if (((curve25519_key*)*pKey)->nb_ctx != NULL) { + XFREE(((curve25519_key*)*pKey)->nb_ctx, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_curve25519_free((curve25519_key*)*pKey); break; #endif /* HAVE_CURVE25519 */ @@ -8138,8 +8353,14 @@ #endif /* HAVE_ECC */ #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ defined(WC_ASYNC_ENABLE_ECC) - ecc_nb_ctx_t* nbCtx; -#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC*/ + ecc_nb_ctx_t* eccNbCtx; +#endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ +#ifdef HAVE_CURVE25519 + curve25519_key* x25519Key; +#endif /* HAVE_CURVE25519 */ +#if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) + x25519_nb_ctx_t* x25519NbCtx; +#endif /* WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW */ if (ssl == NULL || pKey == NULL) { return BAD_FUNC_ARG; @@ -8225,23 +8446,26 @@ case DYNAMIC_TYPE_ECC: eccKey = (ecc_key*)*pKey; ret = wc_ecc_init_ex(eccKey, ssl->heap, ssl->devId); - if (ret == 0) { - #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ - defined(WC_ASYNC_ENABLE_ECC) - nbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t), - eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (nbCtx == NULL) { + #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + /* Only set non-blocking context when async device is active. With + * INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so + * let the WC_ECC_NONBLOCK_ONLY blocking fallback handle it instead. */ + if (ret == 0 && ssl->devId != INVALID_DEVID) { + eccNbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t), + eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (eccNbCtx == NULL) { ret = MEMORY_E; } else { - ret = wc_ecc_set_nonblock(eccKey, nbCtx); + ret = wc_ecc_set_nonblock(eccKey, eccNbCtx); if (ret != 0) { - XFREE(nbCtx, eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccNbCtx, eccKey->heap, DYNAMIC_TYPE_TMP_BUFFER); } } - #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && - WC_ASYNC_ENABLE_ECC */ } + #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && + WC_ASYNC_ENABLE_ECC */ break; #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 @@ -8252,8 +8476,28 @@ #endif /* HAVE_CURVE25519 */ #ifdef HAVE_CURVE25519 case DYNAMIC_TYPE_CURVE25519: - wc_curve25519_init_ex((curve25519_key*)*pKey, ssl->heap, ssl->devId); - ret = 0; + x25519Key = (curve25519_key*)*pKey; + ret = wc_curve25519_init_ex(x25519Key, ssl->heap, ssl->devId); + #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_X25519) + /* Only set non-blocking context when async device is active. With + * INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so + * skip non-blocking setup and use blocking mode instead. */ + if (ret == 0 && ssl->devId != INVALID_DEVID) { + x25519NbCtx = (x25519_nb_ctx_t*)XMALLOC(sizeof(x25519_nb_ctx_t), + ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (x25519NbCtx == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_set_nonblock(x25519Key, x25519NbCtx); + if (ret != 0) { + XFREE(x25519NbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + } + } + #endif /* WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && + WC_ASYNC_ENABLE_X25519 */ break; #endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED448 @@ -8485,14 +8729,13 @@ } FreeSuites(ssl); FreeHandshakeHashes(ssl); -#ifdef HAVE_ECH +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) /* try to free the ech hashes in case we errored out */ ssl->hsHashes = ssl->hsHashesEch; FreeHandshakeHashes(ssl); - ssl->hsHashes = ssl->hsHashesEchInner; - FreeHandshakeHashes(ssl); #endif XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); + XFREE(ssl->buffers.ipasc.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); /* clear keys struct after session */ ForceZero(&ssl->keys, sizeof(Keys)); @@ -8502,10 +8745,9 @@ ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret)); #if defined(HAVE_ECH) - if (ssl->options.useEch == 1) { + if (ssl->echConfigs != NULL) { FreeEchConfigs(ssl->echConfigs, ssl->heap); ssl->echConfigs = NULL; - ssl->options.useEch = 0; } #endif /* HAVE_ECH */ #endif /* WOLFSSL_TLS13 */ @@ -8691,6 +8933,10 @@ } #endif #endif +#if defined(HAVE_DILITHIUM) + FreeKey(ssl, DYNAMIC_TYPE_DILITHIUM, (void**)&ssl->peerDilithiumKey); + ssl->peerDilithiumKeyPresent = 0; +#endif #if defined(HAVE_FALCON) FreeKey(ssl, DYNAMIC_TYPE_FALCON, (void**)&ssl->peerFalconKey); ssl->peerFalconKeyPresent = 0; @@ -9462,8 +9708,9 @@ } else { /* data -> cur. memcpy as much possible as its faster. */ - XMEMMOVE(newBucket->buf + dataSz, cur->buf, - cur->m.m.sz - (offsetEnd - cur->m.m.offset)); + word32 skipInCur = offsetEnd - cur->m.m.offset; + XMEMMOVE(newBucket->buf + dataSz, cur->buf + skipInCur, + cur->m.m.sz - skipInCur); XMEMCPY(newBucket->buf, data, dataSz); } } @@ -9624,22 +9871,25 @@ msg->fragBucketListCount++; } } - else if (prev == NULL && fragOffsetEnd < cur->m.m.offset) { - /* This is the new first fragment we have received */ + else if (fragOffsetEnd < cur->m.m.offset) { + /* Fragment is entirely before cur with a gap */ + DtlsFragBucket** prev_next; if (msg->fragBucketListCount >= DTLS_FRAG_POOL_SZ) { WOLFSSL_ERROR_VERBOSE(DTLS_TOO_MANY_FRAGMENTS_E); return DTLS_TOO_MANY_FRAGMENTS_E; } - msg->fragBucketList = DtlsMsgCreateFragBucket(fragOffset, data, + prev_next = prev != NULL + ? &prev->m.m.next : &msg->fragBucketList; + *prev_next = DtlsMsgCreateFragBucket(fragOffset, data, fragSz, heap); - if (msg->fragBucketList != NULL) { - msg->fragBucketList->m.m.next = cur; + if (*prev_next != NULL) { + (*prev_next)->m.m.next = cur; msg->bytesReceived += fragSz; msg->fragBucketListCount++; } else { /* reset on error */ - msg->fragBucketList = cur; + *prev_next = cur; } } else { @@ -10618,7 +10868,9 @@ #if !defined(WOLFSSL_NO_TLS12) || (defined(HAVE_SESSION_TICKET) && \ - !defined(NO_WOLFSSL_SERVER)) + !defined(NO_WOLFSSL_SERVER)) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) || !defined(NO_CERTS) /* add handshake header for message */ static void AddHandShakeHeader(byte* output, word32 length, word32 fragOffset, word32 fragLength, @@ -10653,7 +10905,7 @@ } /* add both headers for handshake message */ -static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) +WC_MAYBE_UNUSED static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) { word32 lengthAdj = HANDSHAKE_HEADER_SZ; word32 outputAdj = RECORD_HEADER_SZ; @@ -10668,15 +10920,14 @@ AddRecordHeader(output, length + lengthAdj, handshake, ssl, CUR_ORDER); AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); } -#endif /* !WOLFSSL_NO_TLS12 || (HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER) */ +#endif /* !WOLFSSL_NO_TLS12 || (HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER) || + * HAVE_CERTIFICATE_STATUS_REQUEST || + * HAVE_CERTIFICATE_STATUS_REQUEST_V2 || !NO_CERTS */ -#ifndef WOLFSSL_NO_TLS12 -#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_SERVER) || \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ - defined(WOLFSSL_DTLS) -static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, - word32 length, byte type, WOLFSSL* ssl) +#if !defined(WOLFSSL_NO_TLS12) || (defined(WOLFSSL_DTLS) && defined(WOLFSSL_TLS13)) +WC_MAYBE_UNUSED static void AddFragHeaders(byte* output, word32 fragSz, + word32 fragOffset, word32 length, byte type, WOLFSSL* ssl) { word32 lengthAdj = HANDSHAKE_HEADER_SZ; word32 outputAdj = RECORD_HEADER_SZ; @@ -10692,11 +10943,8 @@ AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl, CUR_ORDER); AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl); } -#endif /* NO_CERTS */ +#endif /* !WOLFSSL_NO_TLS12 || (WOLFSSL_DTLS && WOLFSSL_TLS13) */ -#if !defined(NO_WOLFSSL_SERVER) || \ - (!defined(NO_WOLFSSL_CLIENT) && !defined(NO_CERTS) && \ - !defined(WOLFSSL_NO_CLIENT_AUTH)) /** * Send the handshake message. This function handles fragmenting the message * so that it will fit into the desired MTU or the max fragment size. @@ -10710,8 +10958,8 @@ * @param type Type of message being sent * @return 0 on success and negative otherwise */ -static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, - enum HandShakeType type, const char* packetName) +WC_MAYBE_UNUSED static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, + word32 inputSz, enum HandShakeType type, const char* packetName) { int maxFrag; int ret = 0; @@ -10739,7 +10987,15 @@ inputSz += HANDSHAKE_HEADER_SZ; rHdrSz = RECORD_HEADER_SZ; } - maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz); + maxFrag = wolfssl_local_GetMaxPlaintextSize(ssl); +#ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + /* In DTLS the handshake header is per fragment */ + maxFrag -= DTLS_HANDSHAKE_HEADER_SZ; + } +#endif + if (maxFrag <= 0 || maxFrag > MAX_RECORD_SIZE) + return BUFFER_E; /* Make sure input is not the ssl output buffer as this * function doesn't handle that */ @@ -10775,6 +11031,8 @@ fragSz = inputSz - ssl->fragOffset; /* check for available size */ + if (fragSz > (word32)MAX_RECORD_SIZE) + return BUFFER_E; outputSz = headerSz + (int)fragSz; if (IsEncryptionOn(ssl, 1)) outputSz += cipherExtraData(ssl); @@ -10790,6 +11048,8 @@ int dataSz = (int)fragSz; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { + if (fragSz + DTLS_HANDSHAKE_HEADER_SZ > (word32)MAX_RECORD_SIZE) + return BUFFER_E; data -= DTLS_HANDSHAKE_HEADER_SZ; dataSz += DTLS_HANDSHAKE_HEADER_SZ; AddHandShakeHeader(data, inputSz, ssl->fragOffset, fragSz, @@ -10860,10 +11120,6 @@ ssl->options.buildingMsg = 0; return ret; } -#endif /* !NO_WOLFSSL_SERVER || (!NO_WOLFSSL_CLIENT && !NO_CERTS && - * !WOLFSSL_NO_CLIENT_AUTH) */ - -#endif /* !WOLFSSL_NO_TLS12 */ /* return bytes received, WOLFSSL_FATAL_ERROR on error, @@ -11142,6 +11398,7 @@ #else const byte align = WOLFSSL_GENERAL_ALIGNMENT; #endif + word32 newSz = 0; #if WOLFSSL_GENERAL_ALIGNMENT > 0 /* the encrypted data will be offset from the front of the buffer by @@ -11152,22 +11409,26 @@ align *= 2; #endif - tmp = (byte*)XMALLOC(size + outputBuffer->length + align, - ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + if (!WC_SAFE_SUM_WORD32(outputBuffer->length, (word32)size, newSz)) + return BUFFER_E; +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (!WC_SAFE_SUM_WORD32(newSz, align, newSz)) + return BUFFER_E; +#endif + tmp = (byte*)XMALLOC(newSz, ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); WOLFSSL_MSG("growing output buffer"); if (tmp == NULL) return MEMORY_E; #if WOLFSSL_GENERAL_ALIGNMENT > 0 - if (align) - tmp += align - hdrSz; + tmp += align - hdrSz; #endif #ifdef WOLFSSL_STATIC_MEMORY /* can be from IO memory pool which does not need copy if same buffer */ if (outputBuffer->length && tmp == outputBuffer->buffer) { - outputBuffer->bufferSize = size + outputBuffer->length; + outputBuffer->bufferSize = newSz - align; return 0; } #endif @@ -11181,15 +11442,14 @@ } #if WOLFSSL_GENERAL_ALIGNMENT > 0 - if (align) - outputBuffer->offset = align - hdrSz; - else + outputBuffer->offset = align - hdrSz; +#else + outputBuffer->offset = 0; #endif - outputBuffer->offset = 0; outputBuffer->buffer = tmp; outputBuffer->dynamicFlag = 1; - outputBuffer->bufferSize = size + outputBuffer->length; + outputBuffer->bufferSize = newSz - align; return 0; } #endif @@ -11241,8 +11501,7 @@ return MEMORY_E; #if WOLFSSL_GENERAL_ALIGNMENT > 0 - if (align) - tmp += align - hdrSz; + tmp += align - hdrSz; #endif #ifdef WOLFSSL_STATIC_MEMORY @@ -11267,11 +11526,10 @@ ssl->buffers.outputBuffer.dynamicFlag = 1; #if WOLFSSL_GENERAL_ALIGNMENT > 0 - if (align) - ssl->buffers.outputBuffer.offset = align - hdrSz; - else + ssl->buffers.outputBuffer.offset = align - hdrSz; +#else + ssl->buffers.outputBuffer.offset = 0; #endif - ssl->buffers.outputBuffer.offset = 0; ssl->buffers.outputBuffer.buffer = tmp; ssl->buffers.outputBuffer.bufferSize = newSz; @@ -12078,12 +12336,16 @@ /* record layer length check */ #ifdef HAVE_MAX_FRAGMENT - if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { + if (*size > (ssl->max_fragment + MAX_MSG_EXTRA + + (ssl->options.usingCompression ? MAX_COMP_EXTRA : 0))) { + WOLFSSL_MSG_EX("Record length %d exceeds max fragment size", *size); WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } #else - if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) { + if (*size > (MAX_RECORD_SIZE + MAX_MSG_EXTRA + + (ssl->options.usingCompression ? MAX_COMP_EXTRA : 0))) { + WOLFSSL_MSG_EX("Record length %d exceeds max record size", *size); WOLFSSL_ERROR_VERBOSE(LENGTH_ERROR); return LENGTH_ERROR; } @@ -12218,6 +12480,7 @@ #else wc_Md5 md5[1]; #endif + XMEMSET(md5, 0, sizeof(wc_Md5)); /* make md5 inner */ ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); @@ -12263,6 +12526,7 @@ #else wc_Sha sha[1]; #endif + XMEMSET(sha, 0, sizeof(wc_Sha)); /* make sha inner */ ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */ if (ret == 0) @@ -13047,6 +13311,11 @@ /* Only single wildcard allowed with strict left only */ if (leftWildcardOnly) { + /* For the left wildcard only case, disallow wildcards with + * the pattern *domain.com and only allow *.domain.com. */ + if (patternLen > 0 && *pattern != '.') + return 0; + wildcardEligible = 0; } @@ -13098,6 +13367,9 @@ wildcardEligible = 0; } + if (strLen == 0) + return 0; + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; @@ -13135,7 +13407,7 @@ { int match = 0; DNS_entry* altName = NULL; - char *buf; + const char *buf; word32 len; WOLFSSL_MSG("Checking AltNames"); @@ -13202,6 +13474,10 @@ int checkCN; int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH); + if (dCert == NULL) { + return BAD_FUNC_ARG; + } + if (CheckForAltNames(dCert, domainName, (word32)domainNameLen, &checkCN, flags, isIP) != 1) { ret = DOMAIN_NAME_MISMATCH; @@ -13235,8 +13511,7 @@ } -#ifdef SESSION_CERTS -static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, +WC_MAYBE_UNUSED static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, byte* certBuf, word32 certSz) { if (chain->count < MAX_CHAIN_DEPTH && @@ -13249,7 +13524,6 @@ WOLFSSL_MSG("Couldn't store chain cert for session"); } } -#endif #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ @@ -13289,6 +13563,88 @@ * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || * WOLFSSL_ACERT */ +#if (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(IGNORE_NAME_CONSTRAINTS) +/* Duplicate a Base_entry */ +static Base_entry* BaseEntryDup(Base_entry* from, void* heap) +{ + Base_entry* entry; + + if (from == NULL) { + return NULL; + } + + entry = (Base_entry*)XMALLOC(sizeof(Base_entry), heap, + DYNAMIC_TYPE_ALTNAME); + if (entry == NULL) { + return NULL; + } + XMEMSET(entry, 0, sizeof(Base_entry)); + + entry->name = (char*)XMALLOC((word32)from->nameSz + 1, heap, + DYNAMIC_TYPE_ALTNAME); + if (entry->name == NULL) { + XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME); + return NULL; + } + XMEMCPY(entry->name, from->name, (word32)from->nameSz); + entry->name[from->nameSz] = '\0'; + entry->nameSz = from->nameSz; + entry->type = from->type; + + return entry; +} + +/* Copy a Base_entry list */ +static int CopyBaseEntry(Base_entry** to, Base_entry* from, void* heap) +{ + Base_entry** next = to; + + if (to == NULL) { + return BAD_FUNC_ARG; + } + + for (; from != NULL; from = from->next) { + Base_entry* entry = BaseEntryDup(from, heap); + if (entry == NULL) { + WOLFSSL_MSG("BaseEntryDup failed"); + return MEMORY_E; + } + *next = entry; + next = &entry->next; + } + + return 0; +} +#endif /* (KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || + * OPENSSL_EXTRA_X509_SMALL) && !IGNORE_NAME_CONSTRAINTS */ + +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_ACERT) +/* Copy an ASN-encoded date (type + length + data) into a WOLFSSL_ASN1_TIME. + * srcDate: ASN date buffer where [0]=type, [1]=length, [2..]=date bytes. + * srcDateLen: total length of srcDate (0 means no date present). */ +static void CopyDateToASN1_TIME(const byte* srcDate, int srcDateLen, + WOLFSSL_ASN1_TIME* dst) +{ + if (srcDateLen >= 2) { + /* Clamp the date length to the maximum allowed size. + * This needs to match the size of WOLFSSL_ASN1_TIME minus the + * the type and length fields. */ + const int maxSz = CTC_DATE_SIZE - 2; + const int copySz = (int)min(srcDate[1], maxSz); + dst->type = srcDate[0]; + dst->length = copySz; + XMEMCPY(dst->data, &srcDate[2], copySz); + } + else { + dst->length = 0; + } +} +#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || + * OPENSSL_EXTRA_X509_SMALL || WOLFSSL_ACERT */ #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -13440,7 +13796,9 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; +#ifdef WOLFSSL_SEP int minSz; +#endif if (x509 == NULL || dCert == NULL || dCert->subjectCNLen < 0) @@ -13513,22 +13871,10 @@ x509->hwSerialNumSz = 0; #endif /* WOLFSSL_SEP */ - if (dCert->beforeDateLen > 0) { - minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dCert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); - } - else - x509->notBefore.length = 0; - if (dCert->afterDateLen > 0) { - minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); - } - else - x509->notAfter.length = 0; + CopyDateToASN1_TIME(dCert->beforeDate, dCert->beforeDateLen, + &x509->notBefore); + CopyDateToASN1_TIME(dCert->afterDate, dCert->afterDateLen, + &x509->notAfter); if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( @@ -13625,6 +13971,23 @@ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ x509->altNamesNext = x509->altNames; /* index hint */ +#ifndef IGNORE_NAME_CONSTRAINTS + /* copy name constraints from dCert to X509 */ + if (dCert->permittedNames != NULL) { + if (CopyBaseEntry(&x509->permittedNames, dCert->permittedNames, + x509->heap) != 0) { + return MEMORY_E; + } + } + if (dCert->excludedNames != NULL) { + if (CopyBaseEntry(&x509->excludedNames, dCert->excludedNames, + x509->heap) != 0) { + return MEMORY_E; + } + } + x509->nameConstraintCrit = dCert->extNameConstraintCrit; +#endif /* !IGNORE_NAME_CONSTRAINTS */ + x509->isCa = dCert->isCA; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) x509->basicConstCrit = dCert->extBasicConstCrit; @@ -13658,6 +14021,34 @@ } x509->authInfoSet = dCert->extAuthInfoSet; x509->authInfoCrit = dCert->extAuthInfoCrit; + x509->authInfoListSz = dCert->extAuthInfoListSz; + x509->authInfoListOverflow = dCert->extAuthInfoListOverflow; + if (x509->authInfoListSz > WOLFSSL_MAX_AIA_ENTRIES) { + x509->authInfoListSz = WOLFSSL_MAX_AIA_ENTRIES; + x509->authInfoListOverflow = 1; + } + if (x509->authInfoListSz > 0) { + int i; + for (i = 0; i < x509->authInfoListSz; i++) { + x509->authInfoList[i].method = dCert->extAuthInfoList[i].method; + x509->authInfoList[i].uriSz = dCert->extAuthInfoList[i].uriSz; + x509->authInfoList[i].uri = NULL; + + if (dCert->extAuthInfoList[i].uri != NULL && + dCert->source != NULL && dCert->maxIdx > 0 && + x509->derCert != NULL && x509->derCert->buffer != NULL) { + word32 offset = (word32) + (dCert->extAuthInfoList[i].uri - dCert->source); + if (offset < (word32)dCert->maxIdx) { + x509->authInfoList[i].uri = + x509->derCert->buffer + offset; + } + else { + x509->authInfoList[i].uriSz = 0; + } + } + } + } if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) { x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap, DYNAMIC_TYPE_X509_EXT); @@ -13865,29 +14256,10 @@ } /* Copy before and after dates. */ - { - int minSz = 0; - - if (dAcert->beforeDateLen > 0) { - minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dAcert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz); - } - else { - x509->notBefore.length = 0; - } - - if (dAcert->afterDateLen > 0) { - minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dAcert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz); - } - else { - x509->notAfter.length = 0; - } - } + CopyDateToASN1_TIME(dAcert->beforeDate, dAcert->beforeDateLen, + &x509->notBefore); + CopyDateToASN1_TIME(dAcert->afterDate, dAcert->afterDateLen, + &x509->notAfter); /* Copy the signature. */ if (dAcert->signature != NULL && dAcert->sigLength != 0 && @@ -13949,9 +14321,10 @@ } #endif /* WOLFSSL_ACERT */ - #if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && !defined(WOLFSSL_NO_TLS12) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) +#ifndef NO_WOLFSSL_SERVER static int CsrDoStatusVerifyCb(WOLFSSL* ssl, byte* input, word32 inputSz, word32 idx, int ret) { @@ -13974,6 +14347,7 @@ } return ret; } +#endif static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 status_length, int idx) @@ -14078,7 +14452,9 @@ else if (response->single->status->status != CERT_GOOD) ret = BAD_CERTIFICATE_STATUS_ERROR; +#ifndef NO_WOLFSSL_SERVER ret = CsrDoStatusVerifyCb(ssl, input + *inOutIdx, status_length, idx, ret); +#endif } *inOutIdx += status_length; @@ -14101,6 +14477,7 @@ return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0); } #endif +#endif @@ -14697,6 +15074,7 @@ #elif !defined(NO_SHA) retHash = wc_ShaHash((const byte*)pbuf, (word32)len, dgt); #endif + wolfSSL_OPENSSL_free(pbuf); if (retHash == 0) { /* 4 bytes in little endian as unsigned long */ hash = (((unsigned long)dgt[3] << 24) | @@ -14707,7 +15085,6 @@ WOLFSSL_MSG("failed hash operation"); return WOLFSSL_FAILURE; } - wolfSSL_OPENSSL_free(pbuf); } /* try to load each hashed name file in path */ @@ -14965,7 +15342,7 @@ return ret; #endif } -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_TLS) if (verify != NO_VERIFY && TLSX_CSR2_IsMulti(ssl->extensions)) { extraSigners = TLSX_CSR2_GetPendingSigners(ssl->extensions); } @@ -15572,14 +15949,14 @@ /* Empty certificate message. */ if ((ssl->options.side == WOLFSSL_SERVER_END) && (ssl->options.mutualAuth || (ssl->options.failNoCert && - IsAtLeastTLSv1_3(ssl->version)))) { + IsAtLeastTLSv1_2(ssl)))) { WOLFSSL_MSG("No peer cert from Client"); ret = NO_PEER_CERT; WOLFSSL_ERROR_VERBOSE(ret); DoCertFatalAlert(ssl, ret); } else if ((ssl->options.side == WOLFSSL_CLIENT_END) && - IsAtLeastTLSv1_3(ssl->version)) { + IsAtLeastTLSv1_2(ssl)) { WOLFSSL_MSG("No peer cert from Server"); ret = NO_PEER_CERT; WOLFSSL_ERROR_VERBOSE(ret); @@ -15694,7 +16071,7 @@ if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) goto exit_ppc; #endif - if (ret == 0) { + if (ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) { ret = ProcessPeerCertCheckKey(ssl, args); } else if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || @@ -15742,6 +16119,7 @@ /* If we are processing OCSP staples then always * initialize the corresponding request. */ int ocspRet = 0; + #ifndef NO_TLS #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 addToPendingCAs = 0; if (ssl->options.side == WOLFSSL_CLIENT_END && @@ -15766,6 +16144,7 @@ } else #endif + #endif /* NO_TLS */ if (ret == 0 && SSL_CM(ssl)->ocspEnabled && SSL_CM(ssl)->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); @@ -15790,7 +16169,7 @@ } #endif /* HAVE_OCSP */ - if (ret == 0) { + if (ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) { #ifdef HAVE_CRL if (SSL_CM(ssl)->crlEnabled && SSL_CM(ssl)->crlCheckAll) { @@ -16183,23 +16562,31 @@ } #endif + #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) + /* If we can't validate the peer cert chain against the CAs + * loaded into wolfSSL, try to validate against the system + * certificates using Apple's native trust APIs BEFORE + * calling the verify callback so the callback sees the + * correct validation result */ + if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) && + (ssl->ctx->doAppleNativeCertValidationFlag)) { + if (DoAppleNativeCertValidation(ssl, args->certs, + args->totalCerts)) { + WOLFSSL_MSG("Apple native cert chain validation " + "SUCCESS"); + ret = 0; + } + else { + WOLFSSL_MSG("Apple native cert chain validation " + "FAIL"); + } + } + #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ + /* Do verify callback. */ args->leafVerifyErr = ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args); - #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) - /* Disregard failure to verify peer cert, as we will verify - * the whole chain with the native API later */ - if (ssl->ctx->doAppleNativeCertValidationFlag) { - WOLFSSL_MSG("\tApple native CA validation override" - " available, will continue"); - /* check if fatal error */ - args->fatal = (args->verifyErr) ? 1 : 0; - if (args->fatal) - DoCertFatalAlert(ssl, ret); - } - else - #endif/*defined(__APPLE__)&& defined(WOLFSSL_SYS_CA_CERTS)*/ if (ret != 0) { WOLFSSL_MSG("\tfatal cert error"); args->fatal = 1; @@ -16259,6 +16646,7 @@ WOLFSSL_MSG("Checking if ocsp needed"); if (ssl->options.side == WOLFSSL_CLIENT_END) { + #ifndef NO_TLS #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { args->fatal = (TLSX_CSR_InitRequest_ex( @@ -16291,6 +16679,7 @@ WOLFSSL_MSG("\tHave status request v2"); } #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + #endif /* !NO_TLS */ } #ifdef HAVE_OCSP @@ -16321,7 +16710,8 @@ #endif /* HAVE_OCSP */ #ifdef HAVE_CRL - if (ret == 0 && doLookup && SSL_CM(ssl)->crlEnabled) { + if ((ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) + && doLookup && SSL_CM(ssl)->crlEnabled) { WOLFSSL_MSG("Doing Leaf CRL check"); ret = CheckCertCRL(SSL_CM(ssl)->crl, args->dCert); #ifdef WOLFSSL_NONBLOCK_OCSP @@ -16349,7 +16739,8 @@ #endif } } - if (ret == 0 && doLookup && SSL_CM(ssl)->crlEnabled && + if ((ret == 0 || ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN)) + && doLookup && SSL_CM(ssl)->crlEnabled && SSL_CM(ssl)->crlCheckAll && args->totalCerts == 1) { /* Check the entire cert chain */ if (args->dCert->ca != NULL) { @@ -16518,7 +16909,7 @@ (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN(ssl->buffers.domainName.buffer)), - NULL, 0) != 1) { + NULL, 0, 0) != 1) { WOLFSSL_MSG("DomainName match failed"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; @@ -16528,6 +16919,17 @@ #endif /* WOLFSSL_ALL_NO_CN_IN_SAN */ } +#ifndef OPENSSL_EXTRA + if (!ssl->options.verifyNone && ssl->buffers.ipasc.buffer) { + if (CheckIPAddr(args->dCert, + (const char*)ssl->buffers.ipasc.buffer) != 0) { + WOLFSSL_MSG("IPAddr match on alt names failed"); + ret = IPADDR_MISMATCH; + WOLFSSL_ERROR_VERBOSE(ret); + } + } +#endif + /* decode peer key */ switch (args->dCert->keyOID) { #ifndef NO_RSA @@ -16968,23 +17370,6 @@ } #endif - #if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) - /* If we can't validate the peer cert chain against the CAs loaded - * into wolfSSL, try to validate against the system certificates - * using Apple's native trust APIs */ - if ((ret == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)) && - (ssl->ctx->doAppleNativeCertValidationFlag)) { - if (DoAppleNativeCertValidation(ssl, args->certs, - args->totalCerts)) { - WOLFSSL_MSG("Apple native cert chain validation SUCCESS"); - ret = 0; - } - else { - WOLFSSL_MSG("Apple native cert chain validation FAIL"); - } - } - #endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ - /* Do leaf verify callback when it wasn't called yet */ if (ret == 0 || ret != args->leafVerifyErr) ret = DoVerifyCallback(SSL_CM(ssl), ssl, ret, args); @@ -17128,8 +17513,8 @@ return BUFFER_ERROR; switch (status_type) { - - #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + #ifndef NO_TLS + #if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_TLS)) \ || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ @@ -17222,14 +17607,20 @@ /* only frees 'single' if single->isDynamic is set */ FreeOcspResponse(response); - ret = CsrDoStatusVerifyCb(ssl, input + *inOutIdx, status_length, - idx, ret); + #ifndef NO_WOLFSSL_SERVER + ret = CsrDoStatusVerifyCb(ssl, input + *inOutIdx, + status_length, idx, ret); + #endif if (ret == 0 && idx == 0) /* server cert must be OK */ endCertificateOK = 1; *inOutIdx += status_length; list_length -= status_length; } + if (idx >= MAX_CHAIN_DEPTH) { + ret = BUFFER_ERROR; + break; + } idx++; } @@ -17243,6 +17634,7 @@ break; #endif + #endif /* !NO_TLS */ default: ret = BUFFER_ERROR; @@ -17353,7 +17745,8 @@ #endif if (sniff == NO_SNIFF) { - if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){ + if (ConstantCompare(input + *inOutIdx, + (const byte*)&ssl->hsHashes->verifyHashes, (int)size) != 0) { WOLFSSL_MSG("Verify finished error on hashes"); WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR); return VERIFY_FINISHED_ERROR; @@ -17577,7 +17970,9 @@ if (ssl->msgsReceived.got_certificate_status || ssl->msgsReceived.got_server_key_exchange || ssl->msgsReceived.got_certificate_request || - ssl->msgsReceived.got_server_hello_done) { + ssl->msgsReceived.got_server_hello_done || + ssl->msgsReceived.got_change_cipher || + ssl->msgsReceived.got_finished) { WOLFSSL_MSG("Cert received in wrong order"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; @@ -17618,19 +18013,21 @@ return DUPLICATE_MSG_E; } - if (ssl->msgsReceived.got_certificate == 0) { + if (!ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("No Certificate before CertificateStatus"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } - if (ssl->msgsReceived.got_server_key_exchange != 0) { + if (ssl->msgsReceived.got_server_key_exchange) { WOLFSSL_MSG("CertificateStatus after ServerKeyExchange"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } if (ssl->msgsReceived.got_server_key_exchange || ssl->msgsReceived.got_certificate_request || - ssl->msgsReceived.got_server_hello_done) { + ssl->msgsReceived.got_server_hello_done || + ssl->msgsReceived.got_change_cipher || + ssl->msgsReceived.got_finished) { WOLFSSL_MSG("CertificateStatus received in wrong order"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; @@ -17654,13 +18051,25 @@ WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } - if (ssl->msgsReceived.got_server_hello == 0) { + if (!ssl->msgsReceived.got_server_hello) { WOLFSSL_MSG("No ServerHello before ServerKeyExchange"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } + if (!ssl->msgsReceived.got_certificate) { + if (ssl->specs.kea != psk_kea && + ssl->specs.kea != dhe_psk_kea && + ssl->specs.kea != ecdhe_psk_kea && + !ssl->options.usingAnon_cipher) { + WOLFSSL_MSG("No Certificate before ServerKeyExchange"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } + } if (ssl->msgsReceived.got_certificate_request || - ssl->msgsReceived.got_server_hello_done) { + ssl->msgsReceived.got_server_hello_done || + ssl->msgsReceived.got_change_cipher || + ssl->msgsReceived.got_finished) { WOLFSSL_MSG("ServerKeyExchange received in wrong order"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; @@ -17684,11 +18093,16 @@ WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } - if (ssl->msgsReceived.got_server_hello == 0) { + if (!ssl->msgsReceived.got_server_hello) { WOLFSSL_MSG("No ServerHello before CertificateRequest"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } + if (!ssl->msgsReceived.got_certificate) { + WOLFSSL_MSG("No Certificate before CertificateRequest"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } if (!ssl->options.resuming && ssl->specs.kea != rsa_kea && (ssl->specs.kea != ecc_diffie_hellman_kea || !ssl->specs.static_ecdh) && @@ -17698,12 +18112,9 @@ WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } - if (!ssl->msgsReceived.got_certificate) { - WOLFSSL_MSG("No Certificate before CertificateRequest"); - WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); - return OUT_OF_ORDER_E; - } - if (ssl->msgsReceived.got_server_hello_done) { + if (ssl->msgsReceived.got_server_hello_done || + ssl->msgsReceived.got_change_cipher || + ssl->msgsReceived.got_finished) { WOLFSSL_MSG("CertificateRequest received in wrong order"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; @@ -17729,7 +18140,7 @@ } ssl->msgsReceived.got_server_hello_done = 1; - if (ssl->msgsReceived.got_certificate == 0) { + if (!ssl->msgsReceived.got_certificate) { if (ssl->specs.kea == psk_kea || ssl->specs.kea == dhe_psk_kea || ssl->specs.kea == ecdhe_psk_kea || @@ -17742,7 +18153,7 @@ return OUT_OF_ORDER_E; } } - if (ssl->msgsReceived.got_server_key_exchange == 0) { + if (!ssl->msgsReceived.got_server_key_exchange) { int pskNoServerHint = 0; /* not required in this case */ #ifndef NO_PSK @@ -17764,7 +18175,7 @@ } #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - if (ssl->msgsReceived.got_certificate_status == 0) { + if (!ssl->msgsReceived.got_certificate_status) { int csrRet = 0; #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (csrRet == 0 && ssl->status_request) { @@ -17810,6 +18221,12 @@ } } #endif + if (ssl->msgsReceived.got_change_cipher || + ssl->msgsReceived.got_finished) { + WOLFSSL_MSG("ServerHelloDone received in wrong order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } break; #endif @@ -17827,7 +18244,12 @@ WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } - if ( ssl->msgsReceived.got_certificate == 0) { + if (!ssl->msgsReceived.got_client_key_exchange) { + WOLFSSL_MSG("No ClientKeyExchange before CertVerify"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } + if (!ssl->msgsReceived.got_certificate) { WOLFSSL_MSG("No Cert before CertVerify"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; @@ -17856,11 +18278,19 @@ WOLFSSL_ERROR_VERBOSE(DUPLICATE_MSG_E); return DUPLICATE_MSG_E; } - if (ssl->msgsReceived.got_client_hello == 0) { + if (!ssl->msgsReceived.got_client_hello) { WOLFSSL_MSG("No ClientHello before ClientKeyExchange"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } +#ifndef WOLFSSL_NO_CLIENT_AUTH + if (!ssl->options.resuming && ssl->options.verifyPeer && + !ssl->options.usingPSK_cipher && + !ssl->options.usingAnon_cipher && + !ssl->msgsReceived.got_certificate) { + return OUT_OF_ORDER_E; + } +#endif if (ssl->msgsReceived.got_certificate_verify|| ssl->msgsReceived.got_change_cipher || ssl->msgsReceived.got_finished) { @@ -17887,7 +18317,7 @@ } } #endif - if (ssl->msgsReceived.got_change_cipher == 0) { + if (!ssl->msgsReceived.got_change_cipher) { WOLFSSL_MSG("Finished received before ChangeCipher"); WOLFSSL_ERROR_VERBOSE(NO_CHANGE_CIPHER_E); return NO_CHANGE_CIPHER_E; @@ -17908,62 +18338,63 @@ #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_CLIENT_END) { + if (!ssl->msgsReceived.got_server_hello) { + WOLFSSL_MSG("ChangeCipherSpec received in wrong order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } if (!ssl->options.resuming) { - if (ssl->msgsReceived.got_server_hello_done == 0) { + if (!ssl->msgsReceived.got_server_hello_done) { WOLFSSL_MSG("No ServerHelloDone before ChangeCipher"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } } - else { - if (ssl->msgsReceived.got_server_hello == 0) { - WOLFSSL_MSG("No ServerHello before ChangeCipher on " - "Resume"); - WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); - return OUT_OF_ORDER_E; - } + #ifdef HAVE_SESSION_TICKET + if (ssl->expect_session_ticket) { + WOLFSSL_MSG("Expected session ticket missing"); + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } + #endif + WOLFSSL_ERROR_VERBOSE(SESSION_TICKET_EXPECT_E); + return SESSION_TICKET_EXPECT_E; } - #ifdef HAVE_SESSION_TICKET - if (ssl->expect_session_ticket) { - WOLFSSL_MSG("Expected session ticket missing"); - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); - return OUT_OF_ORDER_E; - } - #endif - WOLFSSL_ERROR_VERBOSE(SESSION_TICKET_EXPECT_E); - return SESSION_TICKET_EXPECT_E; - } - #endif + #endif } #endif #ifndef NO_WOLFSSL_SERVER if (ssl->options.side == WOLFSSL_SERVER_END) { + if (!ssl->msgsReceived.got_client_hello) { + WOLFSSL_MSG("ChangeCipherSpec received in wrong order"); + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } if (!ssl->options.resuming && - ssl->msgsReceived.got_client_key_exchange == 0) { + !ssl->msgsReceived.got_client_key_exchange) { WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher"); WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); return OUT_OF_ORDER_E; } - #ifndef NO_CERTS - if (ssl->options.verifyPeer && + #ifndef NO_CERTS + if (ssl->options.verifyPeer && ssl->options.havePeerCert) { - - if (!ssl->options.havePeerVerify || - !ssl->msgsReceived.got_certificate_verify) { - WOLFSSL_MSG("client didn't send cert verify"); - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); - return OUT_OF_ORDER_E; - } - #endif - WOLFSSL_ERROR_VERBOSE(NO_PEER_VERIFY); - return NO_PEER_VERIFY; - } + if (!ssl->options.havePeerVerify || + !ssl->msgsReceived.got_certificate_verify) { + WOLFSSL_MSG("client didn't send cert verify"); + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + WOLFSSL_ERROR_VERBOSE(OUT_OF_ORDER_E); + return OUT_OF_ORDER_E; + } + #endif + WOLFSSL_ERROR_VERBOSE(NO_PEER_VERIFY); + return NO_PEER_VERIFY; } - #endif + } + #endif } #endif /* !NO_WOLFSSL_SERVER */ if (ssl->options.dtls) @@ -18047,6 +18478,16 @@ } #endif +#if !defined(HAVE_SECURE_RENEGOTIATION) + if (ssl->options.handShakeState == HANDSHAKE_DONE && type == client_hello && + ssl->options.side == WOLFSSL_SERVER_END) { + WOLFSSL_MSG("Renegotiation request rejected"); + SendAlert(ssl, alert_fatal, no_renegotiation); + WOLFSSL_ERROR_VERBOSE(SECURE_RENEGOTIATION_E); + return SECURE_RENEGOTIATION_E; + } +#endif + if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){ WOLFSSL_MSG("HandShake message after handshake complete"); SendAlert(ssl, alert_fatal, unexpected_message); @@ -19293,7 +19734,9 @@ #if (!defined(NO_PUBLIC_GCM_SET_IV) && \ ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)))) || \ - (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) + (defined(HAVE_POLY1305) && defined(HAVE_CHACHA)) || \ + defined(HAVE_ARIA) || \ + defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) { int i; @@ -19576,10 +20019,15 @@ byte tag[POLY1305_AUTH_SZ]; byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ int ret = 0; - int msgLen = (sz - ssl->specs.aead_mac_size); + int msgLen = 0; Keys* keys = &ssl->keys; byte* seq = NULL; + if (sz < ssl->specs.aead_mac_size) { + return BAD_FUNC_ARG; + } + msgLen = (sz - ssl->specs.aead_mac_size); + #ifdef CHACHA_AEAD_TEST int i; printf("input before decrypt :\n"); @@ -20021,8 +20469,10 @@ out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); - if (ret != 0) + if (ret != 0) { + XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); break; + } XMEMCPY(out, ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ); XMEMCPY(out + AESGCM_EXP_IV_SZ,outBuf,sz - AESGCM_EXP_IV_SZ); @@ -20278,10 +20728,9 @@ sizeof(ssl->encrypt.sanityCheck)); #endif - #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) + #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm || - ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm || - ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) + ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) { /* finalize authentication cipher */ #if !defined(NO_PUBLIC_GCM_SET_IV) && \ @@ -20292,7 +20741,17 @@ if (ssl->encrypt.nonce) ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ); } - #endif /* BUILD_AESGCM || HAVE_AESCCM || HAVE_ARIA */ + #endif /* BUILD_AESGCM || HAVE_AESCCM */ + #ifdef HAVE_ARIA + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aria_gcm) + { + /* finalize authentication cipher -- wc_AriaEncrypt is + * stateless, so the explicit IV must always advance */ + AeadIncrementExpIV(ssl); + if (ssl->encrypt.nonce) + ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ); + } + #endif /* HAVE_ARIA */ #if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) if (ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_ccm || ssl->specs.bulk_cipher_algorithm == wolfssl_sm4_gcm) @@ -20494,8 +20953,10 @@ (byte *)input + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); - if (ret != 0) + if (ret != 0) { + XFREE(outBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); break; + } XMEMCPY(plain + AESGCM_EXP_IV_SZ, outBuf, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size); @@ -20521,7 +20982,7 @@ case wolfssl_sm4_cbc: #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ - ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev, + ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.sm4->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); if (ret != 0) break; @@ -20529,7 +20990,7 @@ ret = wc_Sm4CbcDecrypt(ssl->decrypt.sm4, plain, input, sz); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { - ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); + ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.sm4->asyncDev); } #endif break; @@ -20819,7 +21280,8 @@ if (ssl->specs.cipher_type == block) { #ifdef HAVE_ENCRYPT_THEN_MAC if (ssl->options.startedETMRead) { - if ((encryptSz - MacSize(ssl)) % ssl->specs.block_size) { + if (encryptSz < minLength || + (encryptSz - MacSize(ssl)) % ssl->specs.block_size) { WOLFSSL_MSG("Block ciphertext not block size"); WOLFSSL_ERROR_VERBOSE(SANITY_CIPHER_E); return SANITY_CIPHER_E; @@ -21182,13 +21644,11 @@ int i, j; int r = 0; unsigned char mac[WC_MAX_DIGEST_SIZE]; - volatile int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; + int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; volatile int macEnd = sz - 1 - data[sz - 1]; - volatile int macStart = macEnd - macSz; + int macStart = macEnd - macSz; volatile int maskScanStart; volatile int maskMacStart; - volatile unsigned char started; - volatile unsigned char notEnded; unsigned char good = 0; maskScanStart = ctMaskIntGTE(scanStart, 0); @@ -21198,22 +21658,31 @@ /* Div on Intel has different speeds depending on value. * Use a bitwise AND or mod a specific value (converted to mul). */ - if ((macSz & (macSz - 1)) == 0) - r = (macSz - (scanStart - macStart)) & (macSz - 1); + if ((macSz & (macSz - 1)) == 0) { + r = macSz - scanStart; + r += macStart; + r &= (macSz - 1); + } #ifndef NO_SHA - else if (macSz == WC_SHA_DIGEST_SIZE) - r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; + else if (macSz == WC_SHA_DIGEST_SIZE) { + r = macSz - scanStart; + r += macStart; + r %= WC_SHA_DIGEST_SIZE; + } #endif #ifdef WOLFSSL_SHA384 - else if (macSz == WC_SHA384_DIGEST_SIZE) - r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; + else if (macSz == WC_SHA384_DIGEST_SIZE) { + r = macSz - scanStart; + r += macStart; + r %= WC_SHA384_DIGEST_SIZE; + } #endif XMEMSET(mac, 0, (size_t)(macSz)); for (i = scanStart; i < sz; i += macSz) { for (j = 0; j < macSz && j + i < sz; j++) { - started = ctMaskGTE(i + j, macStart); - notEnded = ctMaskLT(i + j, macEnd); + unsigned char started = ctMaskGTE(i + j, macStart); + unsigned char notEnded = ctMaskLT(i + j, macEnd); mac[j] |= started & notEnded & data[i + j]; } } @@ -21679,20 +22148,20 @@ byte code; word32 dataSz = (word32)ssl->curSize; - #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) - if (ssl->hsInfoOn) - AddPacketName(ssl, "Alert"); - if (ssl->toInfoOn) { - /* add record header back on to info + alert bytes level/code */ - int ret = AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx, - ALERT_SIZE, READ_PROTO, RECORD_HEADER_SZ, ssl->heap); - if (ret != 0) - return ret; - #ifdef WOLFSSL_CALLBACKS - AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); - #endif - } - #endif +#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) + if (ssl->hsInfoOn) + AddPacketName(ssl, "Alert"); + if (ssl->toInfoOn) { + /* add record header back on to info + alert bytes level/code */ + int ret = AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx, + ALERT_SIZE, READ_PROTO, RECORD_HEADER_SZ, ssl->heap); + if (ret != 0) + return ret; + #ifdef WOLFSSL_CALLBACKS + AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); + #endif + } +#endif if (IsEncryptionOn(ssl, 0)) dataSz -= ssl->keys.padSz; @@ -21707,11 +22176,24 @@ level = input[(*inOutIdx)++]; code = input[(*inOutIdx)++]; - ssl->alert_history.last_rx.code = code; - ssl->alert_history.last_rx.level = level; *type = code; - if (level == alert_fatal) { - ssl->options.isClosed = 1; /* Don't send close_notify */ +#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC + /* Don't process alert when TLS 1.3 and encrypting but plaintext alert. */ + if (!IsAtLeastTLSv1_3(ssl->version) || !IsEncryptionOn(ssl, 0) || + ssl->keys.decryptedCur) +#endif + { + ssl->alert_history.last_rx.code = code; + ssl->alert_history.last_rx.level = level; + if (level == alert_fatal) { + ssl->options.isClosed = 1; /* Don't send close_notify */ + } + /* RFC 8446 Section 6.2: In TLS 1.3, all error alerts are implicitly + * fatal regardless of the AlertLevel byte. */ + if (IsAtLeastTLSv1_3(ssl->version) && + code != close_notify && code != user_canceled) { + ssl->options.isClosed = 1; + } } if (++ssl->options.alertCount >= WOLFSSL_ALERT_COUNT_MAX) { @@ -21725,20 +22207,35 @@ } LogAlert(*type); - if (*type == close_notify) { - ssl->options.closeNotify = 1; + if (IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) && + !ssl->keys.decryptedCur) + { +#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC + /* Ignore alert if TLS 1.3 and encrypting but was plaintext alert. */ + *type = invalid_alert; + level = alert_none; + +#else + /* Unexpected message when encryption is on and alert not encrypted. */ + SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); + return PARSE_ERROR; +#endif } else { - /* - * A close_notify alert doesn't mean there's been an error, so we only - * add other types of alerts to the error queue - */ - WOLFSSL_ERROR(*type); + if (*type == close_notify) { + ssl->options.closeNotify = 1; + } + else { + /* + * A close_notify alert doesn't mean there's been an error, so we + * only add other types of alerts to the error queue + */ + WOLFSSL_ERROR(*type); + } } - - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - } return level; } @@ -22056,6 +22553,11 @@ /* Get the real content type from the end of the data. */ ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; + if (ssl->curRL.type == 0) { + SendAlert(ssl, alert_fatal, unexpected_message); + WOLFSSL_ERROR(PARSE_ERROR); + return PARSE_ERROR; + } /* consider both contentType byte and MAC as padding */ ssl->keys.padSz = ssl->buffers.inputBuffer.idx + ssl->curSize - i; @@ -22274,17 +22776,6 @@ return ssl->error; } - /* If checking alert on error (allowSocketErr == 1) do not try and - * process alerts for async or ocsp non blocking */ -#if defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \ - (defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP)) - if (allowSocketErr == 1 && \ - (ssl->error == WC_NO_ERR_TRACE(WC_PENDING_E) || - ssl->error == WC_NO_ERR_TRACE(OCSP_WANT_READ))) { - return ssl->error; - } -#endif - #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_ASYNC_CRYPT) /* process any pending DTLS messages - this flow can happen with async */ if (ssl->dtls_rx_msg_list != NULL) { @@ -22489,7 +22980,8 @@ #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version) && IsEncryptionOn(ssl, 0) && ssl->curRL.type != application_data && - ssl->curRL.type != change_cipher_spec) { + ssl->curRL.type != change_cipher_spec && + ssl->curRL.type != alert) { SendAlert(ssl, alert_fatal, unexpected_message); WOLFSSL_ERROR_VERBOSE(PARSE_ERROR); return PARSE_ERROR; @@ -22530,28 +23022,26 @@ } if (IsEncryptionOn(ssl, 0)) { -#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS) int tooLong = 0; -#endif #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { tooLong = ssl->curSize > MAX_TLS13_ENC_SZ; - tooLong |= ssl->curSize - ssl->specs.aead_mac_size > + if (ssl->specs.aead_mac_size < ssl->curSize) { + tooLong |= ssl->curSize - ssl->specs.aead_mac_size > MAX_TLS13_PLAIN_SZ; + } } + else #endif -#ifdef WOLFSSL_EXTRA_ALERTS - if (!IsAtLeastTLSv1_3(ssl->version)) + { tooLong = ssl->curSize > MAX_TLS_CIPHER_SZ; -#endif -#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_EXTRA_ALERTS) + } if (tooLong) { WOLFSSL_MSG("Encrypted data too long"); SendAlert(ssl, alert_fatal, record_overflow); return BUFFER_ERROR; } -#endif } ssl->keys.padSz = 0; @@ -22597,9 +23087,9 @@ case decryptMessage: if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && - (!IsAtLeastTLSv1_3(ssl->version) || - ssl->curRL.type != change_cipher_spec)) - { + (!IsAtLeastTLSv1_3(ssl->version) || + (ssl->curRL.type != change_cipher_spec && + ssl->curRL.type != alert))) { ret = DoDecrypt(ssl); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) @@ -22676,9 +23166,9 @@ case verifyMessage: if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && - (!IsAtLeastTLSv1_3(ssl->version) || - ssl->curRL.type != change_cipher_spec)) - { + (!IsAtLeastTLSv1_3(ssl->version) || + (ssl->curRL.type != change_cipher_spec && + ssl->curRL.type != alert))) { if (!atomicUser #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) && !ssl->options.startedETMRead @@ -23181,6 +23671,15 @@ if (type == decrypt_error) return FATAL_ERROR; + /* RFC 8446 Section 6.2: In TLS 1.3, all error alerts MUST + * be treated as fatal regardless of the AlertLevel byte. + * Only close_notify (handled above) and user_canceled + * are exempt. */ + if (IsAtLeastTLSv1_3(ssl->version) && + type != user_canceled && type != invalid_alert) { + return FATAL_ERROR; + } + /* Reset error if we got an alert level in ret */ if (ret > 0) ret = 0; @@ -23523,7 +24022,7 @@ wc_Md5Free(&md5); } - else { + else if (ssl->specs.mac_algorithm == sha_mac) { ret = wc_InitSha_ex(&sha, ssl->heap, ssl->devId); if (ret != 0) return ret; @@ -23573,6 +24072,10 @@ wc_ShaFree(&sha); } + else { + WOLFSSL_ERROR_VERBOSE(VERIFY_MAC_ERROR); + return VERIFY_MAC_ERROR; + } return 0; } #endif /* !NO_OLD_TLS && !WOLFSSL_AEAD_ONLY */ @@ -23588,6 +24091,7 @@ #else wc_Md5 md5[1]; #endif + XMEMSET(md5, 0, sizeof(wc_Md5)); /* make md5 inner */ ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */ @@ -23631,6 +24135,7 @@ #else wc_Sha sha[1]; #endif + XMEMSET(sha, 0, sizeof(wc_Sha)); /* make sha inner */ ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */ @@ -24783,9 +25288,12 @@ if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); - maxFragment = MAX_RECORD_SIZE; - maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, (int)maxFragment); + maxFragment = (word32)wolfssl_local_GetMaxPlaintextSize(ssl); + if (ssl->options.dtls) + maxFragment -= DTLS_HANDSHAKE_HEADER_SZ; + else + maxFragment -= HANDSHAKE_HEADER_SZ; while (length > 0 && ret == 0) { byte* output = NULL; @@ -25312,6 +25820,7 @@ status_type = status_type ? status_type : ssl->status_request_v2; #endif +#ifndef NO_WOLFSSL_SERVER #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) if (SSL_CM(ssl)->ocsp_stapling != NULL && @@ -25319,6 +25828,7 @@ return BuildCertificateStatusWithStatusCB(ssl, status_type); } #endif +#endif switch (status_type) { @@ -25562,27 +26072,6 @@ } -#ifdef WOLFSSL_DTLS -static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) -{ - int recordExtra = outputSz - buffSz; - - (void)ssl; - - if (recordExtra > 0 && outputSz > mtuSz) { - buffSz = mtuSz - recordExtra; -#ifndef WOLFSSL_AEAD_ONLY - /* Subtract a block size to be certain that returned fragment - * size won't get more padding. */ - if (ssl->specs.cipher_type == block) - buffSz -= ssl->specs.block_size; -#endif - } - - return buffSz; -} -#endif /* WOLFSSL_DTLS */ - #if !defined(NO_TLS) && defined(WOLFSSL_TLS13) && \ !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) /* @@ -25641,6 +26130,10 @@ } #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { + if (ssl->dtls13EncryptEpoch == NULL) { + WOLFSSL_MSG("DTLS 1.3 encrypt epoch not set"); + return BAD_STATE_E; + } seq = ssl->dtls13EncryptEpoch->nextSeqNumber; } else @@ -25871,6 +26364,8 @@ else { /* advance sent to previous sent + plain size just sent */ sent = ssl->buffers.prevSent + ssl->buffers.plainSz; + ssl->buffers.prevSent = 0; + ssl->buffers.plainSz = 0; WOLFSSL_MSG("sent write buffered data"); if (sent > (word32)sz) { @@ -25960,31 +26455,45 @@ } #endif /* WOLFSSL_DTLS13 */ - buffSz = wolfSSL_GetMaxFragSize(ssl, (word32)sz - sent); - if (sent == (word32)sz) break; -#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) - if (ssl->options.dtls && ((size_t)buffSz < (word32)sz - sent)) { - error = DTLS_SIZE_ERROR; - ssl->error = error; - WOLFSSL_ERROR(error); - return error; + buffSz = (int)((word32)sz - sent); + if (buffSz <= 0) { + WOLFSSL_MSG("error: sent size exceeds input size"); + ssl->error = BAD_FUNC_ARG; + return WOLFSSL_FATAL_ERROR; } -#endif - outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; - if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3) - outputSz += cipherExtraData(ssl); - -#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#if defined(WOLFSSL_DTLS) if (ssl->options.dtls) { - byte cidSz = 0; - if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) - outputSz += cidSz + 1; /* +1 for inner content type */ - } +#if defined(WOLFSSL_DTLS_MTU) + int mtu = ssl->dtlsMtuSz; +#else + int mtu = MAX_MTU; #endif + outputSz = wolfssl_local_GetRecordSize(ssl, (word32)buffSz, 1); + if (outputSz > mtu) { +#if defined(WOLFSSL_NO_DTLS_SIZE_CHECK) + /* split instead of error out */ + buffSz = min(buffSz, wolfssl_local_GetMaxPlaintextSize(ssl)); + outputSz = wolfssl_local_GetRecordSize(ssl, (word32)buffSz, 1); +#else + error = DTLS_SIZE_ERROR; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; +#endif /* WOLFSSL_NO_DTLS_SIZE_CHECK */ + } + } + else +#endif /* WOLFSSL_DTLS */ + { + int maxFrag = wolfSSL_GetMaxFragSize(ssl); + if (maxFrag > 0) + buffSz = min((word32)buffSz, (word32)maxFrag); + outputSz = wolfssl_local_GetRecordSize(ssl, (word32)buffSz, 1); + } - /* check for available size */ + /* check for available size, it does also DTLS MTU checks */ if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) return (ssl->error = ret); @@ -26563,6 +27072,72 @@ #include #endif +#if !defined(NO_ERROR_STRINGS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED)) +static const char* wolfSSL_ERR_reason_error_string_OpenSSL(unsigned long e) +{ + switch (e) { + /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with + * -WOLFSSL_ERROR_WANT_CONNECT. + */ + case WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED: + return "CRL has expired"; + + case WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL: + return "unable to get CRL"; + + case WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID: + return "certificate not yet valid"; + + case WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED: + return "certificate has expired"; + + case WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: + return "certificate signature failure"; + + case WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: + return "format error in certificate's notAfter field"; + + case WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + return "self-signed certificate in certificate chain"; + + case WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + return "unable to get local issuer certificate"; + + case WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: + return "unable to verify the first certificate"; + + case WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG: + return "certificate chain too long"; + + case WOLFSSL_X509_V_ERR_CERT_REVOKED: + return "certificate revoked"; + + case WOLFSSL_X509_V_ERR_INVALID_CA: + return "invalid CA certificate"; + + case WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED: + return "path length constraint exceeded"; + + case WOLFSSL_X509_V_ERR_CERT_REJECTED: + return "certificate rejected"; + + case WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH: + return "subject issuer mismatch"; + + case WOLFSSL_X509_V_ERR_HOSTNAME_MISMATCH: + return "hostname mismatch"; + + case WOLFSSL_X509_V_ERR_IP_ADDRESS_MISMATCH: + return "IP address mismatch"; + + default: + return NULL; + } +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ + const char* wolfSSL_ERR_reason_error_string(unsigned long e) { #ifdef NO_ERROR_STRINGS @@ -26574,11 +27149,18 @@ int error = (int)e; - /* OpenSSL uses positive error codes */ if (error > 0) { +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + /* Check the OpenSSL error strings first. */ + const char* ossl_err = wolfSSL_ERR_reason_error_string_OpenSSL(e); + if (ossl_err != NULL) { + return ossl_err; + } + /* try to find error strings from wolfSSL */ +#endif error = -error; } - /* pass to wolfCrypt */ if ((error <= WC_SPAN1_FIRST_E && error >= WC_SPAN1_MIN_CODE_E) || (error <= WC_SPAN2_FIRST_E && error >= WC_SPAN2_MIN_CODE_E)) @@ -26722,6 +27304,9 @@ case PSK_KEY_ERROR: return "psk key callback error"; + case DUPE_ENTRY_E: + return "duplicate entry error"; + case GETTIME_ERROR: return "gettimeofday() error"; @@ -26953,7 +27538,7 @@ return "Certificate context does not match request or not empty"; case BAD_KEY_SHARE_DATA: - return "The Key Share data contains group that wasn't in Client Hello"; + return "The Key Share data contains a group which is invalid"; case MISSING_HANDSHAKE_DATA: return "The handshake message is missing required data"; @@ -27135,56 +27720,10 @@ case WOLFSSL_EVP_R_PRIVATE_KEY_DECODE_ERROR: return "Private key decode error (EVP)"; - } - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) - switch (error) { - /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with - * -WOLFSSL_ERROR_WANT_CONNECT. - */ - - case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID: - return "certificate not yet valid"; - - case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED: - return "certificate has expired"; - - case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - return "certificate signature failure"; - - case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - return "format error in certificate's notAfter field"; - - case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - return "self-signed certificate in certificate chain"; - - case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - return "unable to get local issuer certificate"; - - case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - return "unable to verify the first certificate"; - - case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG: - return "certificate chain too long"; - - case -WOLFSSL_X509_V_ERR_CERT_REVOKED: - return "certificate revoked"; - - case -WOLFSSL_X509_V_ERR_INVALID_CA: - return "invalid CA certificate"; - - case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED: - return "path length constraint exceeded"; - - case -WOLFSSL_X509_V_ERR_CERT_REJECTED: - return "certificate rejected"; - - case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH: - return "subject issuer mismatch"; + case SESSION_TICKET_NONCE_OVERFLOW: + return "Session ticket nonce overflow"; } -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ return "unknown error number"; @@ -28228,6 +28767,7 @@ word16 haveSHA1 = 1; /* allowed by default if compiled in */ word16 haveRC4 = 1; /* allowed by default if compiled in */ #endif + int tls1_3 = 0; const int suiteSz = GetCipherNamesSize(); const char* next = list; @@ -28553,6 +29093,7 @@ (cipher_names[i].cipherSuite0 == ECC_BYTE && (cipher_names[i].cipherSuite == TLS_SHA256_SHA256 || cipher_names[i].cipherSuite == TLS_SHA384_SHA384))) { + tls1_3 = 1; #ifndef NO_RSA haveSig |= SIG_RSA; #endif @@ -28656,8 +29197,8 @@ #endif { suites->suiteSz = (word16)idx; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, - &suites->hashSigAlgoSz); + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3, + keySz, &suites->hashSigAlgoSz); } #ifdef HAVE_RENEGOTIATION_INDICATION @@ -28730,6 +29271,7 @@ int haveFalconSig = 0; int haveDilithiumSig = 0; int haveAnon = 0; + int tls1_3 = 0; if (suites == NULL || list == NULL) { WOLFSSL_MSG("SetCipherListFromBytes parameter error"); @@ -28789,6 +29331,7 @@ secondByte == TLS_SHA384_SHA384)) || (firstByte == CIPHER_BYTE && (secondByte == TLS_SM4_GCM_SM3 || secondByte == TLS_SM4_CCM_SM3))) { + tls1_3 = 1; #ifndef NO_RSA haveRSAsig = 1; #endif @@ -28840,8 +29383,8 @@ haveSig |= haveFalconSig ? SIG_FALCON : 0; haveSig |= haveDilithiumSig ? SIG_DILITHIUM : 0; haveSig |= haveAnon ? SIG_ANON : 0; - InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, keySz, - &suites->hashSigAlgoSz); + InitSuitesHashSigAlgo(suites->hashSigAlgo, haveSig, 1, tls1_3, + keySz, &suites->hashSigAlgoSz); #ifdef HAVE_RENEGOTIATION_INDICATION if (ctx->method->side == WOLFSSL_CLIENT_END) { if (suites->suiteSz > WOLFSSL_MAX_SUITE_SZ - 2) { @@ -28922,6 +29465,9 @@ #endif #ifdef HAVE_ECC { ecc_dsa_sa_algo, "ECDSA" }, +#ifdef HAVE_ECC_BRAINPOOL + { ecc_brainpool_sa_algo, "ECDSA-BRAINPOOL" }, +#endif #endif #ifdef HAVE_ED25519 { ed25519_sa_algo, "ED25519" }, @@ -29022,7 +29568,7 @@ #endif /* OPENSSL_EXTRA */ -#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) +#if !defined(NO_TLS) && (!defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)) static int MatchSigAlgo(WOLFSSL* ssl, int sigAlgo) { #ifdef HAVE_ED25519 @@ -29090,6 +29636,41 @@ return 1; } #endif +#ifdef HAVE_ECC_BRAINPOOL + if ((ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID) || + (ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID) || + (ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID)) { + if (IsAtLeastTLSv1_3(ssl->version)) { + /* Certificate has an ECC Brainpool key, only match with the + * specified ECDSA brainpool signature algorithms for TLS 1.3 */ + return sigAlgo == ecc_brainpool_sa_algo; + } + else { + /* Certificate has an ECC Brainpool key, match with ECDSA in TLS 1.2 + * case, but only when the related Brainpool curve is present in + * the supported_groups extension. */ + if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID && + TLSX_SupportedCurve_IsSupported(ssl, + WOLFSSL_ECC_BRAINPOOLP256R1)) { + return sigAlgo == ecc_dsa_sa_algo; + } + else if (ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID && + TLSX_SupportedCurve_IsSupported(ssl, + WOLFSSL_ECC_BRAINPOOLP384R1)) { + return sigAlgo == ecc_dsa_sa_algo; + } + else if (ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID && + TLSX_SupportedCurve_IsSupported(ssl, + WOLFSSL_ECC_BRAINPOOLP512R1)) { + return sigAlgo == ecc_dsa_sa_algo; + } + else { + /* Curve not supported in supported_groups extension. */ + return 0; + } + } + } +#endif /* Signature algorithm matches certificate. */ return sigAlgo == ssl->options.sigAlgo; } @@ -29254,6 +29835,15 @@ break; } #endif /* HAVE_DILITHIUM */ + #if defined(HAVE_ECC_BRAINPOOL) + if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID || + ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID || + ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID) { + /* Matched ECC Brainpool. Set sigAlgo to "normal" ECDSA here + * for compatibility with TLS 1.2. */ + sigAlgo = ecc_dsa_sa_algo; + } + #endif #if defined(WOLFSSL_ECDSA_MATCH_HASH) && defined(USE_ECDSA_KEYSZ_HASH_ALGO) #error "WOLFSSL_ECDSA_MATCH_HASH and USE_ECDSA_KEYSZ_HASH_ALGO cannot " @@ -29394,7 +29984,7 @@ return ret; } -#endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */ +#endif /* !NO_TLS && (!defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)) */ #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) @@ -29716,24 +30306,32 @@ } #endif /* WOLF_PRIVATE_KEY_ID && !NO_CHECK_PRIVATE_KEY */ -/* Decode the private key - RSA/ECC/Ed25519/Ed448/Falcon/Dilithium - and - * creates a key object. +/* Decode a private key - RSA/ECC/Ed25519/Ed448/Falcon/Dilithium - and + * create a key object. The signature type is set as well. * - * The signature type is set as well. - * The maximum length of a signature is returned. + * ssl The SSL/TLS object. + * keyType The type of the key to decode. + * key The key to decode. + * hsType The handshake related type of the decoded key. + * hsKey The decoded key. + * keyDevId The devId of the key. + * keyIdSet The key data contains a key id. + * keyLabelSet The key data contains a key label. + * keySz The size of the key. + * sigLen The length of a signature. * - * ssl The SSL/TLS object. - * length The length of a signature. * returns 0 on success, otherwise failure. */ -int DecodePrivateKey(WOLFSSL *ssl, word32* length) +static int DecodePrivateKey_ex(WOLFSSL *ssl, byte keyType, const DerBuffer* key, + word32* hsType, void** hsKey, int keyDevId, byte keyIdSet, + byte keyLabelSet, int keySz, word32* sigLen) { int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - int keySz; + int keySzDecoded; word32 idx; /* make sure private key exists */ - if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { + if (key == NULL || key->buffer == NULL) { /* allow no private key if using external */ #ifdef WOLF_PRIVATE_KEY_ID if (ssl->devId != INVALID_DEVID @@ -29741,7 +30339,7 @@ || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) #endif ) { - *length = (word32)GetPrivateKeySigSize(ssl); + *sigLen = (word32)GetPrivateKeySigSize(ssl); return 0; } else @@ -29752,148 +30350,102 @@ } } -#ifdef WOLF_PRIVATE_KEY_ID - if (ssl->buffers.keyDevId != INVALID_DEVID && (ssl->buffers.keyId || - ssl->buffers.keyLabel)) { - if (ssl->buffers.keyType == rsa_sa_algo) - ssl->hsType = DYNAMIC_TYPE_RSA; - else if (ssl->buffers.keyType == ecc_dsa_sa_algo) - ssl->hsType = DYNAMIC_TYPE_ECC; - else if ((ssl->buffers.keyType == falcon_level1_sa_algo) || - (ssl->buffers.keyType == falcon_level5_sa_algo)) - ssl->hsType = DYNAMIC_TYPE_FALCON; - else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) || - (ssl->buffers.keyType == dilithium_level3_sa_algo) || - (ssl->buffers.keyType == dilithium_level5_sa_algo)) - ssl->hsType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); +#if defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_CHECK_PRIVATE_KEY) + if (keyDevId != INVALID_DEVID && (keyIdSet || keyLabelSet)) { + /* Set hsType */ + if (keyType == rsa_sa_algo) + *hsType = DYNAMIC_TYPE_RSA; + else if (keyType == ecc_dsa_sa_algo) + *hsType = DYNAMIC_TYPE_ECC; + else if ((keyType == falcon_level1_sa_algo) || + (keyType == falcon_level5_sa_algo)) + *hsType = DYNAMIC_TYPE_FALCON; + else if ((keyType == dilithium_level2_sa_algo) || + (keyType == dilithium_level3_sa_algo) || + (keyType == dilithium_level5_sa_algo)) + *hsType = DYNAMIC_TYPE_DILITHIUM; + + /* Create the private key */ + ret = CreateDevPrivateKey(hsKey, key->buffer, + key->length, *hsType, + keyLabelSet, keyIdSet, ssl->heap, + keyDevId); if (ret != 0) { goto exit_dpk; } - if (ssl->buffers.keyType == rsa_sa_algo) { + /* Check key size */ + if (*hsType == DYNAMIC_TYPE_RSA) { #ifndef NO_RSA - if (ssl->buffers.keyLabel) { - ret = wc_InitRsaKey_Label((RsaKey*)ssl->hsKey, - (char*)ssl->buffers.key->buffer, - ssl->heap, ssl->buffers.keyDevId); - } - else if (ssl->buffers.keyId) { - ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsKey, - (ssl->buffers.key->buffer), - (int)(ssl->buffers.key->length), - ssl->heap, - ssl->buffers.keyDevId); + if (keySz < ssl->options.minRsaKeySz) { + WOLFSSL_MSG("RSA key size too small"); + ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); } - if (ret == 0) { - if (ssl->buffers.keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); - } - /* Return the maximum signature length. */ - *length = (word32)ssl->buffers.keySz; - } + /* Return the maximum signature length. */ + *sigLen = (word32)keySz; #else ret = NOT_COMPILED_IN; #endif } - else if (ssl->buffers.keyType == ecc_dsa_sa_algo) { + else if (*hsType == DYNAMIC_TYPE_ECC) { #ifdef HAVE_ECC - if (ssl->buffers.keyLabel) { - ret = wc_ecc_init_label((ecc_key*)ssl->hsKey, - (char*)ssl->buffers.key->buffer, - ssl->heap, ssl->buffers.keyDevId); - } - else if (ssl->buffers.keyId) { - ret = wc_ecc_init_id((ecc_key*)ssl->hsKey, - (ssl->buffers.key->buffer), - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); + if (keySz < ssl->options.minEccKeySz) { + WOLFSSL_MSG("ECC key size too small"); + ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); } - if (ret == 0) { - if (ssl->buffers.keySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); - } - /* Return the maximum signature length. */ - *length = (word32)wc_ecc_sig_size_calc(ssl->buffers.keySz); - } + /* Return the maximum signature length. */ + *sigLen = (word32)wc_ecc_sig_size_calc(keySz); #else ret = NOT_COMPILED_IN; #endif } - else if ((ssl->buffers.keyType == falcon_level1_sa_algo) || - (ssl->buffers.keyType == falcon_level5_sa_algo)) { + else if (*hsType == DYNAMIC_TYPE_FALCON) { #if defined(HAVE_FALCON) - if (ssl->buffers.keyLabel) { - ret = wc_falcon_init_label((falcon_key*)ssl->hsKey, - (char*)ssl->buffers.key->buffer, - ssl->heap, ssl->buffers.keyDevId); - } - else if (ssl->buffers.keyId) { - ret = wc_falcon_init_id((falcon_key*)ssl->hsKey, - ssl->buffers.key->buffer, - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); + if (keyType == falcon_level1_sa_algo) { + ret = wc_falcon_set_level((falcon_key*)*hsKey, 1); } - if (ret == 0) { - if (ssl->buffers.keyType == falcon_level1_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 1); - } - else if (ssl->buffers.keyType == falcon_level5_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 5); - } + else if (keyType == falcon_level5_sa_algo) { + ret = wc_falcon_set_level((falcon_key*)*hsKey, 5); } + if (ret == 0) { - if (ssl->buffers.keySz < ssl->options.minFalconKeySz) { + if (keySz < ssl->options.minFalconKeySz) { WOLFSSL_MSG("Falcon key size too small"); ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey); + *sigLen = wc_falcon_sig_size((falcon_key*)*hsKey); } #else ret = NOT_COMPILED_IN; #endif } - else if ((ssl->buffers.keyType == dilithium_level2_sa_algo) || - (ssl->buffers.keyType == dilithium_level3_sa_algo) || - (ssl->buffers.keyType == dilithium_level5_sa_algo)) { + else if (*hsType == DYNAMIC_TYPE_DILITHIUM) { #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) - if (ssl->buffers.keyLabel) { - ret = wc_dilithium_init_label((dilithium_key*)ssl->hsKey, - (char*)ssl->buffers.key->buffer, - ssl->heap, ssl->buffers.keyDevId); - } - else if (ssl->buffers.keyId) { - ret = wc_dilithium_init_id((dilithium_key*)ssl->hsKey, - ssl->buffers.key->buffer, - ssl->buffers.key->length, ssl->heap, - ssl->buffers.keyDevId); - } - if (ret == 0) { - if (ssl->buffers.keyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44); - } - else if (ssl->buffers.keyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65); - } - else if (ssl->buffers.keyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87); - } + if (keyType == dilithium_level2_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, + WC_ML_DSA_44); + } + else if (keyType == dilithium_level3_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, + WC_ML_DSA_65); + } + else if (keyType == dilithium_level5_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, + WC_ML_DSA_87); } + if (ret == 0) { - if (ssl->buffers.keySz < ssl->options.minDilithiumKeySz) { + if (keySz < ssl->options.minDilithiumKeySz) { WOLFSSL_MSG("Dilithium key size too small"); ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = wc_dilithium_sig_size( - (dilithium_key*)ssl->hsKey); + *sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey); } #else ret = NOT_COMPILED_IN; @@ -29904,9 +30456,9 @@ #endif /* WOLF_PRIVATE_KEY_ID */ #ifndef NO_RSA - if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) { - ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey); + if (keyType == rsa_sa_algo || keyType == 0) { + *hsType = DYNAMIC_TYPE_RSA; + ret = AllocKey(ssl, (int)*hsType, hsKey); if (ret != 0) { goto exit_dpk; } @@ -29916,8 +30468,8 @@ /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is an RSA private key. */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (RsaKey*)ssl->hsKey, ssl->buffers.key->length); + ret = wc_RsaPrivateKeyDecode(key->buffer, &idx, + (RsaKey*)*hsKey, key->length); #ifdef WOLF_PRIVATE_KEY_ID /* if using external key then allow using a public key */ if (ret != 0 && (ssl->devId != INVALID_DEVID @@ -29927,26 +30479,26 @@ )) { WOLFSSL_MSG("Trying RSA public key with crypto callbacks"); idx = 0; - ret = wc_RsaPublicKeyDecode(ssl->buffers.key->buffer, &idx, - (RsaKey*)ssl->hsKey, ssl->buffers.key->length); + ret = wc_RsaPublicKeyDecode(key->buffer, &idx, + (RsaKey*)*hsKey, key->length); } #endif if (ret == 0) { WOLFSSL_MSG("Using RSA private key"); /* It worked so check it meets minimum key size requirements. */ - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); - if (keySz < 0) { /* check if keySz has error case */ - ERROR_OUT(keySz, exit_dpk); + keySzDecoded = wc_RsaEncryptSize((RsaKey*)*hsKey); + if (keySzDecoded < 0) { /* check if keySzDecoded has error case */ + ERROR_OUT(keySzDecoded, exit_dpk); } - if (keySz < ssl->options.minRsaKeySz) { + if (keySzDecoded < ssl->options.minRsaKeySz) { WOLFSSL_MSG("RSA key size too small"); ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = (word32)keySz; + *sigLen = (word32)keySzDecoded; goto exit_dpk; } @@ -29955,32 +30507,28 @@ #ifdef HAVE_ECC #ifndef NO_RSA - FreeKey(ssl, (int)ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, (int)*hsType, hsKey); #endif /* !NO_RSA */ - if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0 + if (keyType == ecc_dsa_sa_algo || keyType == 0 #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - || ssl->buffers.keyType == sm2_sa_algo + || keyType == sm2_sa_algo #endif ) { - ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey); + *hsType = DYNAMIC_TYPE_ECC; + ret = AllocKey(ssl, (int)*hsType, hsKey); if (ret != 0) { goto exit_dpk; } - #ifndef NO_RSA - WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); - #else WOLFSSL_MSG("Trying ECC private key"); - #endif /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is an ECC private key. */ - ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_EccPrivateKeyDecode(key->buffer, &idx, + (ecc_key*)*hsKey, + key->length); #ifdef WOLF_PRIVATE_KEY_ID /* if using external key then allow using a public key */ if (ret != 0 && (ssl->devId != INVALID_DEVID @@ -29990,14 +30538,14 @@ )) { WOLFSSL_MSG("Trying ECC public key with crypto callbacks"); idx = 0; - ret = wc_EccPublicKeyDecode(ssl->buffers.key->buffer, &idx, - (ecc_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_EccPublicKeyDecode(key->buffer, &idx, + (ecc_key*)*hsKey, + key->length); } #endif #ifdef WOLFSSL_SM2 - if ((ret == 0) && (ssl->buffers.keyType == sm2_sa_algo)) { - ret = wc_ecc_set_curve((ecc_key*)ssl->hsKey, + if ((ret == 0) && (keyType == sm2_sa_algo)) { + ret = wc_ecc_set_curve((ecc_key*)*hsKey, WOLFSSL_SM2_KEY_BITS / 8, ECC_SM2P256V1); } #endif @@ -30005,14 +30553,14 @@ WOLFSSL_MSG("Using ECC private key"); /* Check it meets the minimum ECC key size requirements. */ - keySz = wc_ecc_size((ecc_key*)ssl->hsKey); - if (keySz < ssl->options.minEccKeySz) { + keySzDecoded = wc_ecc_size((ecc_key*)*hsKey); + if (keySzDecoded < ssl->options.minEccKeySz) { WOLFSSL_MSG("ECC key size too small"); ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = (word32)wc_ecc_sig_size((ecc_key*)ssl->hsKey); + *sigLen = (word32)wc_ecc_sig_size((ecc_key*)*hsKey); goto exit_dpk; } @@ -30020,30 +30568,24 @@ #endif #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, *hsType, hsKey); #endif - if (ssl->buffers.keyType == ed25519_sa_algo || ssl->buffers.keyType == 0) { - ssl->hsType = DYNAMIC_TYPE_ED25519; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (keyType == ed25519_sa_algo || keyType == 0) { + *hsType = DYNAMIC_TYPE_ED25519; + ret = AllocKey(ssl, *hsType, hsKey); if (ret != 0) { goto exit_dpk; } - #ifdef HAVE_ECC - WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ED25519 private key"); - #endif + WOLFSSL_MSG("Trying ED25519 private key"); /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is an ED25519 private key. */ - ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_Ed25519PrivateKeyDecode(key->buffer, &idx, + (ed25519_key*)*hsKey, + key->length); #ifdef WOLF_PRIVATE_KEY_ID /* if using external key then allow using a public key */ if (ret != 0 && (ssl->devId != INVALID_DEVID @@ -30053,9 +30595,9 @@ )) { WOLFSSL_MSG("Trying ED25519 public key with crypto callbacks"); idx = 0; - ret = wc_Ed25519PublicKeyDecode(ssl->buffers.key->buffer, &idx, - (ed25519_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_Ed25519PublicKeyDecode(key->buffer, &idx, + (ed25519_key*)*hsKey, + key->length); } #endif if (ret == 0) { @@ -30068,7 +30610,7 @@ } /* Return the maximum signature length. */ - *length = ED25519_SIG_SIZE; + *sigLen = ED25519_SIG_SIZE; goto exit_dpk; } @@ -30076,32 +30618,24 @@ #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, *hsType, hsKey); #endif - if (ssl->buffers.keyType == ed448_sa_algo || ssl->buffers.keyType == 0) { - ssl->hsType = DYNAMIC_TYPE_ED448; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + if (keyType == ed448_sa_algo || keyType == 0) { + *hsType = DYNAMIC_TYPE_ED448; + ret = AllocKey(ssl, *hsType, hsKey); if (ret != 0) { goto exit_dpk; } - #ifdef HAVE_ED25519 - WOLFSSL_MSG("Trying ED448 private key, ED25519 didn't work"); - #elif defined(HAVE_ECC) - WOLFSSL_MSG("Trying ED448 private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying ED448 private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ED448 private key"); - #endif + WOLFSSL_MSG("Trying ED448 private key"); /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is an ED448 private key. */ - ret = wc_Ed448PrivateKeyDecode(ssl->buffers.key->buffer, &idx, - (ed448_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_Ed448PrivateKeyDecode(key->buffer, &idx, + (ed448_key*)*hsKey, + key->length); #ifdef WOLF_PRIVATE_KEY_ID /* if using external key then allow using a public key */ if (ret != 0 && (ssl->devId != INVALID_DEVID @@ -30111,9 +30645,9 @@ )) { WOLFSSL_MSG("Trying ED25519 public key with crypto callbacks"); idx = 0; - ret = wc_Ed448PublicKeyDecode(ssl->buffers.key->buffer, &idx, - (ed448_key*)ssl->hsKey, - ssl->buffers.key->length); + ret = wc_Ed448PublicKeyDecode(key->buffer, &idx, + (ed448_key*)*hsKey, + key->length); } #endif if (ret == 0) { @@ -30126,7 +30660,7 @@ } /* Return the maximum signature length. */ - *length = ED448_SIG_SIZE; + *sigLen = ED448_SIG_SIZE; goto exit_dpk; } @@ -30134,27 +30668,27 @@ #endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ #if defined(HAVE_FALCON) #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, *hsType, hsKey); #endif - if (ssl->buffers.keyType == falcon_level1_sa_algo || - ssl->buffers.keyType == falcon_level5_sa_algo || - ssl->buffers.keyType == 0) { + if (keyType == falcon_level1_sa_algo || + keyType == falcon_level5_sa_algo || + keyType == 0) { - ssl->hsType = DYNAMIC_TYPE_FALCON; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + *hsType = DYNAMIC_TYPE_FALCON; + ret = AllocKey(ssl, *hsType, hsKey); if (ret != 0) { goto exit_dpk; } - if (ssl->buffers.keyType == falcon_level1_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 1); + if (keyType == falcon_level1_sa_algo) { + ret = wc_falcon_set_level((falcon_key*)*hsKey, 1); } - else if (ssl->buffers.keyType == falcon_level5_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsKey, 5); + else if (keyType == falcon_level5_sa_algo) { + ret = wc_falcon_set_level((falcon_key*)*hsKey, 5); } else { - /* What if ssl->buffers.keyType is 0? We might want to do something + /* What if keyType is 0? We might want to do something * more graceful here. */ ret = ALGO_ID_E; } @@ -30163,36 +30697,26 @@ goto exit_dpk; } - #if defined(HAVE_ED448) - WOLFSSL_MSG("Trying Falcon private key, ED448 didn't work"); - #elif defined(HAVE_ED25519) - WOLFSSL_MSG("Trying Falcon private key, ED25519 didn't work"); - #elif defined(HAVE_ECC) - WOLFSSL_MSG("Trying Falcon private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying Falcon private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying Falcon private key"); - #endif + WOLFSSL_MSG("Trying Falcon private key"); /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Falcon private key. */ - ret = wc_falcon_import_private_only(ssl->buffers.key->buffer, - ssl->buffers.key->length, - (falcon_key*)ssl->hsKey); + ret = wc_falcon_import_private_only(key->buffer, + key->length, + (falcon_key*)*hsKey); if (ret == 0) { WOLFSSL_MSG("Using Falcon private key"); /* Check it meets the minimum Falcon key size requirements. */ - keySz = wc_falcon_size((falcon_key*)ssl->hsKey); - if (keySz < ssl->options.minFalconKeySz) { + keySzDecoded = wc_falcon_size((falcon_key*)*hsKey); + if (keySzDecoded < ssl->options.minFalconKeySz) { WOLFSSL_MSG("Falcon key size too small"); ERROR_OUT(FALCON_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = wc_falcon_sig_size((falcon_key*)ssl->hsKey); + *sigLen = wc_falcon_sig_size((falcon_key*)*hsKey); goto exit_dpk; } @@ -30201,31 +30725,31 @@ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_NO_ASN1) #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, *hsType, hsKey); #endif - if (ssl->buffers.keyType == dilithium_level2_sa_algo || - ssl->buffers.keyType == dilithium_level3_sa_algo || - ssl->buffers.keyType == dilithium_level5_sa_algo || - ssl->buffers.keyType == 0) { + if (keyType == dilithium_level2_sa_algo || + keyType == dilithium_level3_sa_algo || + keyType == dilithium_level5_sa_algo || + keyType == 0) { - ssl->hsType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + *hsType = DYNAMIC_TYPE_DILITHIUM; + ret = AllocKey(ssl, *hsType, hsKey); if (ret != 0) { goto exit_dpk; } - if (ssl->buffers.keyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_44); + if (keyType == dilithium_level2_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_44); } - else if (ssl->buffers.keyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_65); + else if (keyType == dilithium_level3_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_65); } - else if (ssl->buffers.keyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsKey, WC_ML_DSA_87); + else if (keyType == dilithium_level5_sa_algo) { + ret = wc_dilithium_set_level((dilithium_key*)*hsKey, WC_ML_DSA_87); } else { - /* What if ssl->buffers.keyType is 0? We might want to do something + /* What if keyType is 0? We might want to do something * more graceful here. */ ret = ALGO_ID_E; } @@ -30234,39 +30758,27 @@ goto exit_dpk; } - #if defined(HAVE_ED448) - WOLFSSL_MSG("Trying Dilithium private key, ED448 didn't work"); - #elif defined(HAVE_ED25519) - WOLFSSL_MSG("Trying Dilithium private key, ED25519 didn't work"); - #elif defined(HAVE_ECC) - WOLFSSL_MSG("Trying Dilithium private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying Dilithium private key, RSA didn't work"); - #elif defined(HAVE_FALCON) - WOLFSSL_MSG("Trying Dilithium private key, Falcon didn't work"); - #else - WOLFSSL_MSG("Trying Dilithium private key"); - #endif + WOLFSSL_MSG("Trying Dilithium private key"); /* Set start of data to beginning of buffer. */ idx = 0; /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.key->buffer, + ret = wc_Dilithium_PrivateKeyDecode(key->buffer, &idx, - (dilithium_key*)ssl->hsKey, - ssl->buffers.key->length); + (dilithium_key*)*hsKey, + key->length); if (ret == 0) { WOLFSSL_MSG("Using Dilithium private key"); /* Check it meets the minimum Dilithium key size requirements. */ - keySz = wc_dilithium_size((dilithium_key*)ssl->hsKey); - if (keySz < ssl->options.minDilithiumKeySz) { + keySzDecoded = wc_dilithium_size((dilithium_key*)*hsKey); + if (keySzDecoded < ssl->options.minDilithiumKeySz) { WOLFSSL_MSG("Dilithium key size too small"); ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dpk); } /* Return the maximum signature length. */ - *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsKey); + *sigLen = wc_dilithium_sig_size((dilithium_key*)*hsKey); goto exit_dpk; } @@ -30274,8 +30786,16 @@ #endif /* HAVE_DILITHIUM */ (void)idx; + (void)keySzDecoded; + (void)keyType; + (void)key; + (void)hsType; + (void)hsKey; + (void)keyDevId; + (void)keyIdSet; + (void)keyLabelSet; (void)keySz; - (void)length; + (void)sigLen; exit_dpk: if (ret != 0) { @@ -30285,440 +30805,40 @@ return ret; } -#if defined(WOLFSSL_DUAL_ALG_CERTS) -/* This is just like the above, but only consider RSA, ECC, Falcon and - * Dilthium; Furthermore, use the alternative key, not the native key. +/* Decode the private key - RSA/ECC/Ed25519/Ed448/Falcon/Dilithium - and + * creates a key object. + * + * The signature type is set as well. + * The maximum length of a signature is returned. + * + * ssl The SSL/TLS object. + * sigLen The length of a signature. + * returns 0 on success, otherwise failure. */ -int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length) +int DecodePrivateKey(WOLFSSL *ssl, word32* sigLen) { - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - int keySz; - word32 idx; - - /* make sure alt private key exists */ - if (ssl->buffers.altKey == NULL || ssl->buffers.altKey->buffer == NULL) { - WOLFSSL_MSG("Alternative Private key missing!"); - ERROR_OUT(NO_PRIVATE_KEY, exit_dapk); - } - -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_blind_toggle(ssl->buffers.altKey, ssl->buffers.altKeyMask); -#endif - -#ifdef WOLF_PRIVATE_KEY_ID - if (ssl->buffers.altKeyDevId != INVALID_DEVID && - (ssl->buffers.altKeyId || ssl->buffers.altKeyLabel)) { - if (ssl->buffers.altKeyType == rsa_sa_algo) - ssl->hsAltType = DYNAMIC_TYPE_RSA; - else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo) - ssl->hsAltType = DYNAMIC_TYPE_ECC; - else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) || - (ssl->buffers.altKeyType == falcon_level5_sa_algo)) - ssl->hsAltType = DYNAMIC_TYPE_FALCON; - else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) || - (ssl->buffers.altKeyType == dilithium_level3_sa_algo) || - (ssl->buffers.altKeyType == dilithium_level5_sa_algo)) - ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey); - if (ret != 0) { - goto exit_dapk; - } - - if (ssl->buffers.altKeyType == rsa_sa_algo) { - #ifndef NO_RSA - if (ssl->buffers.altKeyLabel) { - ret = wc_InitRsaKey_Label((RsaKey*)ssl->hsAltKey, - (char*)ssl->buffers.altKey->buffer, - ssl->heap, ssl->buffers.altKeyDevId); - } - else if (ssl->buffers.altKeyId) { - ret = wc_InitRsaKey_Id((RsaKey*)ssl->hsAltKey, - ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, ssl->heap, - ssl->buffers.altKeyDevId); - } - if (ret == 0) { - if (ssl->buffers.altKeySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = ssl->buffers.altKeySz; - } - #else - ret = NOT_COMPILED_IN; - #endif - } - else if (ssl->buffers.altKeyType == ecc_dsa_sa_algo) { - #ifdef HAVE_ECC - if (ssl->buffers.altKeyLabel) { - ret = wc_ecc_init_label((ecc_key*)ssl->hsAltKey, - (char*)ssl->buffers.altKey->buffer, - ssl->heap, ssl->buffers.altKeyDevId); - } - else if (ssl->buffers.altKeyId) { - ret = wc_ecc_init_id((ecc_key*)ssl->hsAltKey, - ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, ssl->heap, - ssl->buffers.altKeyDevId); - } - if (ret == 0) { - if (ssl->buffers.altKeySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_ecc_sig_size_calc(ssl->buffers.altKeySz); - } - #else - ret = NOT_COMPILED_IN; - #endif - } - else if ((ssl->buffers.altKeyType == falcon_level1_sa_algo) || - (ssl->buffers.altKeyType == falcon_level5_sa_algo)) { - #if defined(HAVE_FALCON) - if (ssl->buffers.altKeyLabel) { - ret = wc_falcon_init_label((falcon_key*)ssl->hsAltKey, - (char*)ssl->buffers.altKey->buffer, - ssl->heap, ssl->buffers.altKeyDevId); - } - else if (ssl->buffers.altKeyId) { - ret = wc_falcon_init_id((falcon_key*)ssl->hsAltKey, - ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, ssl->heap, - ssl->buffers.altKeyDevId); - } - if (ret == 0) { - if (ssl->buffers.altKeyType == falcon_level1_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1); - } - else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5); - } - } - if (ret == 0) { - if (ssl->buffers.altKeySz < ssl->options.minFalconKeySz) { - WOLFSSL_MSG("Falcon key size too small"); - ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey); - } - #else - ret = NOT_COMPILED_IN; - #endif - } - else if ((ssl->buffers.altKeyType == dilithium_level2_sa_algo) || - (ssl->buffers.altKeyType == dilithium_level3_sa_algo) || - (ssl->buffers.altKeyType == dilithium_level5_sa_algo)) { - #if defined(HAVE_DILITHIUM) - if (ssl->buffers.altKeyLabel) { - ret = wc_dilithium_init_label((dilithium_key*)ssl->hsAltKey, - (char*)ssl->buffers.altKey->buffer, - ssl->heap, ssl->buffers.altKeyDevId); - } - else if (ssl->buffers.altKeyId) { - ret = wc_dilithium_init_id((dilithium_key*)ssl->hsAltKey, - ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, ssl->heap, - ssl->buffers.altKeyDevId); - } - if (ret == 0) { - if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44); - } - else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65); - } - else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level( - (dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87); - } - } - if (ret == 0) { - if (ssl->buffers.altKeySz < ssl->options.minDilithiumKeySz) { - WOLFSSL_MSG("Dilithium key size too small"); - ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_dilithium_sig_size( - (dilithium_key*)ssl->hsAltKey); - } - #else - ret = NOT_COMPILED_IN; - #endif - } - goto exit_dapk; - } -#endif /* WOLF_PRIVATE_KEY_ID */ - -#ifndef NO_RSA - if (ssl->buffers.altKeyType == rsa_sa_algo || - ssl->buffers.altKeyType == 0) { - ssl->hsAltType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey); - if (ret != 0) { - goto exit_dapk; - } - - WOLFSSL_MSG("Trying RSA private key"); - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an RSA private key. */ - ret = wc_RsaPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx, - (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length); - #ifdef WOLF_PRIVATE_KEY_ID - /* if using external key then allow using a public key */ - if (ret != 0 && (ssl->devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) - #endif - )) { - WOLFSSL_MSG("Trying RSA public key with crypto callbacks"); - idx = 0; - ret = wc_RsaPublicKeyDecode(ssl->buffers.altKey->buffer, &idx, - (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey->length); - } - #endif - if (ret == 0) { - WOLFSSL_MSG("Using RSA private key"); - - /* It worked so check it meets minimum key size requirements. */ - keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsAltKey); - if (keySz < 0) { /* check if keySz has error case */ - ERROR_OUT(keySz, exit_dapk); - } - - if (keySz < ssl->options.minRsaKeySz) { - WOLFSSL_MSG("RSA key size too small"); - ERROR_OUT(RSA_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = keySz; - - goto exit_dapk; - } - } -#endif /* !NO_RSA */ - -#ifdef HAVE_ECC -#ifndef NO_RSA - FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey); -#endif /* !NO_RSA */ - - if (ssl->buffers.altKeyType == ecc_dsa_sa_algo || - ssl->buffers.altKeyType == 0 - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - || ssl->buffers.altKeyType == sm2_sa_algo - #endif - ) { - ssl->hsAltType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey); - if (ret != 0) { - goto exit_dapk; - } - - #ifndef NO_RSA - WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying ECC private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is an ECC private key. */ - ret = wc_EccPrivateKeyDecode(ssl->buffers.altKey->buffer, &idx, - (ecc_key*)ssl->hsAltKey, - ssl->buffers.altKey->length); - #ifdef WOLF_PRIVATE_KEY_ID - /* if using external key then allow using a public key */ - if (ret != 0 && (ssl->devId != INVALID_DEVID - #ifdef HAVE_PK_CALLBACKS - || wolfSSL_CTX_IsPrivatePkSet(ssl->ctx) - #endif - )) { - WOLFSSL_MSG("Trying ECC public key with crypto callbacks"); - idx = 0; - ret = wc_EccPublicKeyDecode(ssl->buffers.altKey->buffer, &idx, - (ecc_key*)ssl->hsAltKey, - ssl->buffers.altKey->length); - } - #endif - if (ret == 0) { - WOLFSSL_MSG("Using ECC private key"); - - /* Check it meets the minimum ECC key size requirements. */ - keySz = wc_ecc_size((ecc_key*)ssl->hsAltKey); - if (keySz < ssl->options.minEccKeySz) { - WOLFSSL_MSG("ECC key size too small"); - ERROR_OUT(ECC_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_ecc_sig_size((ecc_key*)ssl->hsAltKey); - - goto exit_dapk; - } - } -#endif -#if defined(HAVE_FALCON) - #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey); - #endif - - if (ssl->buffers.altKeyType == falcon_level1_sa_algo || - ssl->buffers.altKeyType == falcon_level5_sa_algo || - ssl->buffers.altKeyType == 0) { - - ssl->hsAltType = DYNAMIC_TYPE_FALCON; - ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey); - if (ret != 0) { - goto exit_dapk; - } - - if (ssl->buffers.altKeyType == falcon_level1_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 1); - } - else if (ssl->buffers.altKeyType == falcon_level5_sa_algo) { - ret = wc_falcon_set_level((falcon_key*)ssl->hsAltKey, 5); - } - else { - /* What if ssl->buffers.keyType is 0? We might want to do something - * more graceful here. */ - ret = ALGO_ID_E; - } - - if (ret != 0) { - goto exit_dapk; - } - - #if defined(HAVE_ECC) - WOLFSSL_MSG("Trying Falcon private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying Falcon private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying Falcon private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is a Falcon private key. */ - ret = wc_falcon_import_private_only(ssl->buffers.altKey->buffer, - ssl->buffers.altKey->length, - (falcon_key*)ssl->hsAltKey); - if (ret == 0) { - WOLFSSL_MSG("Using Falcon private key"); - - /* Check it meets the minimum Falcon key size requirements. */ - keySz = wc_falcon_size((falcon_key*)ssl->hsAltKey); - if (keySz < ssl->options.minFalconKeySz) { - WOLFSSL_MSG("Falcon key size too small"); - ERROR_OUT(FALCON_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_falcon_sig_size((falcon_key*)ssl->hsAltKey); - - goto exit_dapk; - } - } -#endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) - #if !defined(NO_RSA) || defined(HAVE_ECC) - FreeKey(ssl, ssl->hsAltType, (void**)&ssl->hsAltKey); - #endif - - if (ssl->buffers.altKeyType == dilithium_level2_sa_algo || - ssl->buffers.altKeyType == dilithium_level3_sa_algo || - ssl->buffers.altKeyType == dilithium_level5_sa_algo || - ssl->buffers.altKeyType == 0) { - - ssl->hsAltType = DYNAMIC_TYPE_DILITHIUM; - ret = AllocKey(ssl, ssl->hsAltType, &ssl->hsAltKey); - if (ret != 0) { - goto exit_dapk; - } - - if (ssl->buffers.altKeyType == dilithium_level2_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_44); - } - else if (ssl->buffers.altKeyType == dilithium_level3_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_65); - } - else if (ssl->buffers.altKeyType == dilithium_level5_sa_algo) { - ret = wc_dilithium_set_level((dilithium_key*)ssl->hsAltKey, WC_ML_DSA_87); - } - else { - /* What if ssl->buffers.keyType is 0? We might want to do something - * more graceful here. */ - ret = ALGO_ID_E; - } - - if (ret != 0) { - goto exit_dapk; - } - - #if defined(HAVE_FALCON) - WOLFSSL_MSG("Trying Dilithium private key, Falcon didn't work"); - #elif defined(HAVE_ECC) - WOLFSSL_MSG("Trying Dilithium private key, ECC didn't work"); - #elif !defined(NO_RSA) - WOLFSSL_MSG("Trying Dilithium private key, RSA didn't work"); - #else - WOLFSSL_MSG("Trying Dilithium private key"); - #endif - - /* Set start of data to beginning of buffer. */ - idx = 0; - /* Decode the key assuming it is a Dilithium private key. */ - ret = wc_Dilithium_PrivateKeyDecode(ssl->buffers.altKey->buffer, - &idx, - (dilithium_key*)ssl->hsAltKey, - ssl->buffers.altKey->length); - if (ret == 0) { - WOLFSSL_MSG("Using Dilithium private key"); - - /* Check it meets the minimum Dilithium key size requirements. */ - keySz = wc_dilithium_size((dilithium_key*)ssl->hsAltKey); - if (keySz < ssl->options.minDilithiumKeySz) { - WOLFSSL_MSG("Dilithium key size too small"); - ERROR_OUT(DILITHIUM_KEY_SIZE_E, exit_dapk); - } - - /* Return the maximum signature length. */ - *length = wc_dilithium_sig_size((dilithium_key*)ssl->hsAltKey); + int ret = 0; - goto exit_dapk; - } - } -#endif /* HAVE_DILITHIUM */ + ret = DecodePrivateKey_ex(ssl, ssl->buffers.keyType, ssl->buffers.key, + &ssl->hsType, &ssl->hsKey, ssl->buffers.keyDevId, + ssl->buffers.keyId, ssl->buffers.keyLabel, ssl->buffers.keySz, + sigLen); - (void)idx; - (void)keySz; - (void)length; + return ret; +} -exit_dapk: -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - if (ret == 0) { - ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, - &ssl->buffers.altKeyMask); - } - else { - wolfssl_priv_der_blind_toggle(ssl->buffers.key, ssl->buffers.keyMask); - } -#endif +#if defined(WOLFSSL_DUAL_ALG_CERTS) +/* This is just like the above, but uses the alternative key of the ssl object, + * not the primary key. + */ +int DecodeAltPrivateKey(WOLFSSL *ssl, word32* sigLen) +{ + int ret = 0; - if (ret != 0) { - WOLFSSL_ERROR_VERBOSE(ret); - } + ret = DecodePrivateKey_ex(ssl, ssl->buffers.altKeyType, ssl->buffers.altKey, + &ssl->hsAltType, &ssl->hsAltKey, ssl->buffers.altKeyDevId, + ssl->buffers.altKeyId, ssl->buffers.altKeyLabel, + ssl->buffers.altKeySz, sigLen); return ret; } @@ -30863,6 +30983,76 @@ #endif /* !NO_WOLFSSL_CLIENT [...etc] || !NO_WOLFSSL_SERVER [...etc] */ #endif /* !NO_TLS && !WOLFSSL_NO_TLS12 */ +/* used in server and client */ +#if !defined(WOLFSSL_NO_TLS12) && \ + (!defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + (!defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA) \ + || defined(HAVE_ANON) && !defined(WOLFSSL_NO_TLS12))) \ + || !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) && !defined(NO_DH)) +static int DhSetKey(WOLFSSL* ssl) +{ + int ret; + + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (ssl->options.dhDoKeyTest && + !ssl->options.dhKeyTested) + { + ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length, + NULL, 0, 0, ssl->rng); + if (ret != 0) + return ret; + ssl->options.dhKeyTested = 1; + } + else + #endif + { + ret = wc_DhSetKey(ssl->buffers.serverDH_Key, + ssl->buffers.serverDH_P.buffer, + ssl->buffers.serverDH_P.length, + ssl->buffers.serverDH_G.buffer, + ssl->buffers.serverDH_G.length); + if (ret != 0) + return ret; + } + return 0; +} +#endif /* !NO_DH */ + +#if !defined(NO_TLS) && !defined(WOLFSSL_NO_TLS12) && !defined(NO_PSK) +static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key) +{ + byte* pms = arrays->preMasterSecret; + word16 sz = 0; + + /* sz + (use_psk_key ? sz 0s : sz unaltered) + length of psk + psk */ + if (!use_psk_key) { + sz = (word16)arrays->preMasterSz; + c16toa(sz, pms); + pms += OPAQUE16_LEN + sz; + } + if ((int)arrays->psk_keySz > 0) { + if (use_psk_key) { + sz = (word16)arrays->psk_keySz; + c16toa(sz, pms); + pms += OPAQUE16_LEN; + XMEMSET(pms, 0, sz); + pms += sz; + } + c16toa((word16)arrays->psk_keySz, pms); + pms += OPAQUE16_LEN; + XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz); + arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2; + ForceZero(arrays->psk_key, arrays->psk_keySz); + } + arrays->psk_keySz = 0; /* no further need */ +} +#endif + /* client only parts */ #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) @@ -31590,8 +31780,8 @@ #endif /* HAVE_TLS_EXTENSIONS */ #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) - if (ssl->secure_renegotiation == NULL || - !ssl->secure_renegotiation->enabled) { + if (ssl->scr_check_enabled && (ssl->secure_renegotiation == NULL || + !ssl->secure_renegotiation->enabled)) { /* If the server does not acknowledge the extension, the client * MUST generate a fatal handshake_failure alert prior to * terminating the connection. @@ -32456,8 +32646,15 @@ } curveId = wc_ecc_get_oid((word32) curveOid, NULL, NULL); +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + if (wc_ecc_import_x963_ex2(input + args->idx, length, + ssl->peerEccKey, curveId, 1) != 0) +#else + /* FIPS has validation define on. */ if (wc_ecc_import_x963_ex(input + args->idx, length, - ssl->peerEccKey, curveId) != 0) { + ssl->peerEccKey, curveId) != 0) +#endif + { #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, illegal_parameter); #endif @@ -33288,60 +33485,7 @@ } #endif /*HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448*/ -#ifndef NO_PSK -static int AddPSKtoPreMasterSecret(WOLFSSL* ssl) -{ - int ret = 0; - /* Use the PSK hint to look up the PSK and add it to the - * preMasterSecret here. */ - ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, - ssl->arrays->client_identity, ssl->arrays->psk_key, - MAX_PSK_KEY_LEN); - - if (ssl->arrays->psk_keySz == 0 || - (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && - (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { - #if defined(WOLFSSL_EXTRA_ALERTS) || defined(WOLFSSL_PSK_IDENTITY_ALERT) - SendAlert(ssl, alert_fatal, unknown_psk_identity); - #endif - ret = 1; - } - if (ret == 0) - /* Pre-shared Key for peer authentication. */ - ssl->options.peerAuthGood = 1; - return ret; -} - -static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key) -{ - byte* pms = arrays->preMasterSecret; - word16 sz; - - /* sz + (use_psk_key ? sz 0s : sz unaltered) + length of psk + psk */ - if (!use_psk_key) { - sz = (word16)arrays->preMasterSz; - c16toa(sz, pms); - pms += OPAQUE16_LEN + sz; - } - if ((int)arrays->psk_keySz > 0) { - if (use_psk_key) { - sz = (word16)arrays->psk_keySz; - c16toa(sz, pms); - pms += OPAQUE16_LEN; - XMEMSET(pms, 0, sz); - pms += sz; - } - c16toa(arrays->psk_keySz, pms); - pms += OPAQUE16_LEN; - XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz); - arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2; - ForceZero(arrays->psk_key, arrays->psk_keySz); - } - arrays->psk_keySz = 0; /* no further need */ -} -#endif /*!NO_PSK*/ - -#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) static int EcMakeKey(WOLFSSL* ssl) { int ret = 0; @@ -33372,7 +33516,7 @@ ssl->peerX25519Key); return ret; } -#endif +#endif /* HAVE_CURVE25519 */ #ifdef HAVE_CURVE448 if (ssl->peerX448KeyPresent) { /* Check client ECC public key */ @@ -33395,7 +33539,7 @@ ssl->peerX448Key); return ret; } -#endif +#endif /* HAVE_CURVE448 */ #ifdef HAVE_ECC if (kea == ecc_diffie_hellman_kea && ssl->specs.static_ecdh) { /* Note: EccDsa is really fixed Ecc key here */ @@ -33419,7 +33563,7 @@ if (ssl->ctx->EccSharedSecretCb != NULL) { return 0; } -#endif /* HAVE_PK_CALLBACKS*/ +#endif /* create ephemeral private key */ ssl->hsType = DYNAMIC_TYPE_ECC; ret = AllocKey(ssl, (int)(ssl->hsType), &ssl->hsKey); @@ -33427,10 +33571,10 @@ return ret; } ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey); -#endif /*HAVE_ECC*/ +#endif /* HAVE_ECC */ return ret; } -#endif /*defined(HAVE_ECC)||defined(HAVE_CURVE25519)||defined(HAVE_CURVE448)*/ +#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 */ /* handle generation client_key_exchange (16) */ int SendClientKeyExchange(WOLFSSL* ssl) @@ -33638,12 +33782,9 @@ ERROR_OUT(MEMORY_E, exit_scke); } - ret = AllocKey(ssl, DYNAMIC_TYPE_DH, - (void**)&ssl->buffers.serverDH_Key); - if (ret != 0) { - goto exit_scke; - } - + CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH, + (void**)&ssl->buffers.serverDH_Key), + exit_scke); #if defined(HAVE_FFDHE) && !defined(HAVE_PUBLIC_FFDHE) if (ssl->namedGroup) { ret = wc_DhSetNamedKey(ssl->buffers.serverDH_Key, @@ -33656,35 +33797,7 @@ } else #endif - #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) - if (ssl->options.dhDoKeyTest && - !ssl->options.dhKeyTested) - { - ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length, - NULL, 0, 0, ssl->rng); - if (ret != 0) { - goto exit_scke; - } - ssl->options.dhKeyTested = 1; - } - else - #endif - { - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret != 0) { - goto exit_scke; - } - } - + CHECK_RET(ret, DhSetKey(ssl), exit_scke); /* for DH, encSecret is Yc, agree is pre-master */ ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, ssl->buffers.sig.buffer, (word32*)&ssl->buffers.sig.length, @@ -33758,41 +33871,10 @@ args->length = args->encSz - esSz - OPAQUE16_LEN; args->encSz = esSz + OPAQUE16_LEN; - ret = AllocKey(ssl, DYNAMIC_TYPE_DH, - (void**)&ssl->buffers.serverDH_Key); - if (ret != 0) { - goto exit_scke; - } - - #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - !defined(WOLFSSL_OLD_PRIME_CHECK) - if (ssl->options.dhDoKeyTest && - !ssl->options.dhKeyTested) - { - ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length, - NULL, 0, 0, ssl->rng); - if (ret != 0) { - goto exit_scke; - } - ssl->options.dhKeyTested = 1; - } - else - #endif - { - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret != 0) { - goto exit_scke; - } - } - + CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH, + (void**)&ssl->buffers.serverDH_Key), + exit_scke); + CHECK_RET(ret, DhSetKey(ssl), exit_scke); /* for DH, encSecret is Yc, agree is pre-master */ ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, ssl->buffers.sig.buffer, @@ -34201,7 +34283,15 @@ #endif if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; + #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_MTU) + /* Use exact cipher overhead for the MTU pre-flight check. + * MAX_MSG_EXTRA is an upper bound that can exceed a small MTU, + * while the actual message fits within it. */ + if (ssl->options.dtls) + args->sendSz += cipherExtraData(ssl); + else + #endif + args->sendSz += MAX_MSG_EXTRA; } /* check for available size */ @@ -34939,6 +35029,8 @@ #ifdef HAVE_SESSION_TICKET int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length) { + word32 sessIdLen = ID_LEN; + if (!HaveUniqueSessionObj(ssl)) return MEMORY_ERROR; @@ -34960,10 +35052,13 @@ ssl->session->ticketLen = (word16)length; if (length > 0) { + if (length < ID_LEN) + sessIdLen = length; XMEMCPY(ssl->session->ticket, ticket, length); if (ssl->session_ticket_cb != NULL) { ssl->session_ticket_cb(ssl, - ssl->session->ticket, ssl->session->ticketLen, + ssl->session->ticket, + ssl->session->ticketLen, ssl->session_ticket_ctx); } /* Create a fake sessionID based on the ticket, this will @@ -34971,15 +35066,19 @@ ssl->options.haveSessionId = 1; #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { + XMEMSET(ssl->session->sessionID, 0, ID_LEN); XMEMCPY(ssl->session->sessionID, - ssl->session->ticket + length - ID_LEN, ID_LEN); + ssl->session->ticket + length - sessIdLen, + sessIdLen); ssl->session->sessionIDSz = ID_LEN; } else #endif { + XMEMSET(ssl->arrays->sessionID, 0, ID_LEN); XMEMCPY(ssl->arrays->sessionID, - ssl->session->ticket + length - ID_LEN, ID_LEN); + ssl->session->ticket + length - sessIdLen, + sessIdLen); ssl->arrays->sessionIDSz = ID_LEN; } } @@ -35202,21 +35301,28 @@ /* Returns 1 when the given group is a PQC hybrid group, 0 otherwise. */ int NamedGroupIsPqcHybrid(int group) { + #if defined(WOLFSSL_PQC_HYBRIDS) || defined(WOLFSSL_EXTRA_PQC_HYBRIDS) || \ + defined(WOLFSSL_MLKEM_KYBER) + switch (group) { #ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM768: case WOLFSSL_X25519MLKEM768: case WOLFSSL_SECP384R1MLKEM1024: + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM512: case WOLFSSL_SECP384R1MLKEM768: case WOLFSSL_SECP521R1MLKEM1024: case WOLFSSL_X25519MLKEM512: case WOLFSSL_X448MLKEM768: -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P256_ML_KEM_512_OLD: case WOLFSSL_P384_ML_KEM_768_OLD: case WOLFSSL_P521_ML_KEM_1024_OLD: -#endif + #endif + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif #ifdef WOLFSSL_MLKEM_KYBER case WOLFSSL_P256_KYBER_LEVEL3: @@ -35231,6 +35337,10 @@ default: return 0; } + #else + (void)group; + return 0; + #endif } #endif /* WOLFSSL_HAVE_MLKEM */ @@ -35247,6 +35357,7 @@ case WC_NO_ERR_TRACE(INVALID_PARAMETER): case WC_NO_ERR_TRACE(HRR_COOKIE_ERROR): case WC_NO_ERR_TRACE(BAD_BINDER): + case WC_NO_ERR_TRACE(DUPLICATE_TLS_EXT_E): return illegal_parameter; case WC_NO_ERR_TRACE(INCOMPLETE_DATA): return missing_extension; @@ -35257,6 +35368,8 @@ return wolfssl_alert_protocol_version; case WC_NO_ERR_TRACE(BAD_CERTIFICATE_STATUS_ERROR): return bad_certificate_status_response; + case WC_NO_ERR_TRACE(OUT_OF_ORDER_E): + return unexpected_message; default: return invalid_alert; } @@ -35281,10 +35394,36 @@ return MATCH_SUITE_ERROR; } + #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_PSK +static int AddPSKtoPreMasterSecret(WOLFSSL* ssl) +{ + int ret = 0; + /* Use the PSK hint to look up the PSK and add it to the + * preMasterSecret here. */ + ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl, + ssl->arrays->client_identity, ssl->arrays->psk_key, + MAX_PSK_KEY_LEN); + + if (ssl->arrays->psk_keySz == 0 || + (ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN && + (int)ssl->arrays->psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK))) { + #if defined(WOLFSSL_EXTRA_ALERTS) || defined(WOLFSSL_PSK_IDENTITY_ALERT) + SendAlert(ssl, alert_fatal, unknown_psk_identity); + #endif + ret = 1; + } + if (ret == 0) + /* Pre-shared Key for peer authentication. */ + ssl->options.peerAuthGood = 1; + return ret; +} +#endif /* NO_PSK */ + static int getSessionID(WOLFSSL* ssl) { int sessIdSz = 0; @@ -35544,6 +35683,303 @@ } } +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ + || !defined(NO_PSK) \ + || (!defined(NO_DH) && (!defined(NO_RSA) || \ + (defined(HAVE_ANON) && !defined(WOLFSSL_NO_TLS12)))) + static void SetSendSzWithDtlsExtra(WOLFSSL* ssl, SskeArgs* args) + { + args->sendSz = args->length + HANDSHAKE_HEADER_SZ + + RECORD_HEADER_SZ; + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) { + args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; + } + #endif + if (IsEncryptionOn(ssl, 1)) { + args->sendSz += MAX_MSG_EXTRA; + } + } + static int AllocArgsInput(WOLFSSL* ssl, SskeArgs* args) + { /* Use tmp buffer */ + args->input = (byte*)XMALLOC(args->sendSz, ssl->heap, + DYNAMIC_TYPE_IN_BUFFER); + if (args->input == NULL) + return MEMORY_E; + args->output = args->input; + return 0; + } +#endif /* HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448 || !NO_PSK */ + +#ifndef NO_PSK + static int LengthPlusServerHint(WOLFSSL* ssl, SskeArgs* args, + word32* hintLen) + { /* include size part */ + *hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); + if (*hintLen > MAX_PSK_ID_LEN) + return SERVER_HINT_ERROR; + args->length += HINT_LEN_SZ + *hintLen; + return 0; + } + static void AddServerHint(WOLFSSL* ssl, SskeArgs* args, word32 hintLen) + { /* key data */ + c16toa((word16)hintLen, args->output + args->idx); + args->idx += HINT_LEN_SZ; + XMEMCPY(args->output + args->idx, ssl->arrays->server_hint, hintLen); + args->idx += hintLen; + } +#endif /* !NO_PSK */ + +#if ((defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && !defined(NO_PSK))\ + || \ + (defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA)))) + static int ExportEccTempKey(WOLFSSL* ssl, SskeArgs* args) + { + int ret = 0; + /* curve type, named curve, length(1) */ + args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN; + + /* Export temp ECC key and add to length */ + args->exportSz = MAX_EXPORT_ECC_SZ; + args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, + ssl->heap, DYNAMIC_TYPE_DER); + if (args->exportBuf == NULL) + return MEMORY_E; + #ifdef HAVE_CURVE25519 + if (ssl->ecdhCurveOID == ECC_X25519_OID) { + if (wc_curve25519_export_public_ex( + (curve25519_key*)ssl->eccTempKey, + args->exportBuf, &args->exportSz, + EC25519_LITTLE_ENDIAN) != 0) { + ret = ECC_EXPORT_ERROR; + } + } + else + #endif + #ifdef HAVE_CURVE448 + if (ssl->ecdhCurveOID == ECC_X448_OID) { + if (wc_curve448_export_public_ex( + (curve448_key*)ssl->eccTempKey, + args->exportBuf, &args->exportSz, + EC448_LITTLE_ENDIAN) != 0) { + ret = ECC_EXPORT_ERROR; + } + } + else + #endif + { + #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) + PRIVATE_KEY_UNLOCK(); + ret = wc_ecc_export_x963(ssl->eccTempKey, + args->exportBuf, &args->exportSz); + PRIVATE_KEY_LOCK(); + if (ret != 0) { + ret = ECC_EXPORT_ERROR; + } + #endif + } + args->length += args->exportSz; + return ret; + } + + static int AddCurveId(WOLFSSL* ssl, SskeArgs* args) + { /* record and message headers will be added later, when we're sure + of the sig length */ + /* ECC key exchange data */ + args->output[args->idx++] = named_curve; + args->output[args->idx++] = 0x00; /* leading zero */ + #ifdef HAVE_CURVE25519 + if (ssl->ecdhCurveOID == ECC_X25519_OID) + args->output[args->idx++] = WOLFSSL_ECC_X25519; + else + #endif + #ifdef HAVE_CURVE448 + if (ssl->ecdhCurveOID == ECC_X448_OID) + args->output[args->idx++] = WOLFSSL_ECC_X448; + else + #endif + { + #ifdef HAVE_ECC + args->output[args->idx++] = SetCurveId(ssl->eccTempKey); + #endif + } + args->output[args->idx++] = (byte)args->exportSz; + XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz); + return 0; + } + #endif /*HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) + && (!NO_PSK || HAVE_ED25519 || HAVE_ED448 || !NO_RSA)*/ + + #if ( !defined(NO_RSA) \ + && (defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA)))) ) \ + || ( !defined(NO_RSA) \ + && (!defined(NO_DH) && (!defined(NO_RSA) || \ + (defined(HAVE_ANON) && !defined(WOLFSSL_NO_TLS12)))) ) + static int ReEncodeSig(WOLFSSL* ssl) + { /* For TLS 1.2 re-encode signature */ + if (IsAtLeastTLSv1_2(ssl)) { + byte* encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, ssl->heap, + DYNAMIC_TYPE_DIGEST); + if (encodedSig == NULL) + return MEMORY_E; + ssl->buffers.digest.length = + wc_EncodeSignature(encodedSig, ssl->buffers.digest.buffer, + ssl->buffers.digest.length, + TypeHash(ssl->options.hashAlgo)); + /* Replace sig buffer with new one */ + if (!ssl->options.dontFreeDigest) + XFREE(ssl->buffers.digest.buffer, + ssl->heap, DYNAMIC_TYPE_DIGEST); + ssl->options.dontFreeDigest = 0; + ssl->buffers.digest.buffer = encodedSig; + } + return 0; + } + #endif + + #if defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || !defined(NO_RSA))) + static int SetKeyTypeAndDecodePrivateKey(WOLFSSL* ssl, SskeArgs* args) + { + int ret; + word32 keySz = 0; + + switch(ssl->options.sigAlgo) { + #ifndef NO_RSA + #ifdef WC_RSA_PSS + case rsa_pss_sa_algo: + #endif + case rsa_sa_algo: + { + ssl->buffers.keyType = rsa_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); + args->tmpSigSz = (word32)keySz; + break; + } + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case sm2_sa_algo: + #endif + case ecc_dsa_sa_algo: + { + ssl->buffers.keyType = ssl->options.sigAlgo; + ret = DecodePrivateKey(ssl, &keySz); + /* worst case estimate */ + args->tmpSigSz = keySz; + break; + } + #endif + #ifdef HAVE_ED25519 + case ed25519_sa_algo: + { + ssl->buffers.keyType = ed25519_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); + /* worst case estimate */ + args->tmpSigSz = ED25519_SIG_SIZE; + break; + } + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + case ed448_sa_algo: + { + ssl->buffers.keyType = ed448_sa_algo; + ret = DecodePrivateKey(ssl, &keySz); + /* worst case estimate */ + args->tmpSigSz = ED448_SIG_SIZE; + break; + } + #endif /* HAVE_ED448 */ + default: + ret = ALGO_ID_E; /* unsupported type */ + } /* switch(ssl->specs.sig_algo) */ + return ret; + } + #endif /* HAVE_ECC || (HAVE_CURVE25519 || HAVE_CURVE448) && + (HAVE_ED25519 || HAVE_ED448 || !NO_RSA) */ + + #if !defined(NO_DH)\ + && (!defined(NO_PSK) || !defined(NO_RSA) || \ + (defined(HAVE_ANON) && !defined(WOLFSSL_NO_TLS12))) + static int SKE_DhPubLength(WOLFSSL* ssl) + { + return LENGTH_SZ * 3 + /* p, g, pub */ + ssl->buffers.serverDH_P.length + + ssl->buffers.serverDH_G.length + + ssl->buffers.serverDH_Pub.length; + } + + static int SKE_AddDhPub(Buffers* buffers, byte* output, int idx) + { /* add p, g, pub */ + c16toa((word16)buffers->serverDH_P.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, buffers->serverDH_P.buffer, + buffers->serverDH_P.length); + idx += buffers->serverDH_P.length; + /* g */ + c16toa((word16)buffers->serverDH_G.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, buffers->serverDH_G.buffer, + buffers->serverDH_G.length); + idx += buffers->serverDH_G.length; + /* pub */ + c16toa((word16)buffers->serverDH_Pub.length, output + idx); + idx += LENGTH_SZ; + XMEMCPY(output + idx, buffers->serverDH_Pub.buffer, + buffers->serverDH_Pub.length); + idx += buffers->serverDH_Pub.length; + return idx; + } + #endif + + /* + * this #if mess is a case for relaxing the requirement that + * static functions that are defined must always be used. + * + * as it is, we have to be careful to only define the function + * when it is used, which is the || of all the cases below + * + */ +#if (!defined(NO_DH) && (!defined(NO_RSA) || \ + (defined(HAVE_ANON) && !defined(WOLFSSL_NO_TLS12)))) || \ + defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || !defined(NO_RSA))) + static int EncodeSigAlgAndGetHashType(WOLFSSL* ssl, SskeArgs* args, + enum wc_HashType* hashType) + { /* Determine hash type */ + if (IsAtLeastTLSv1_2(ssl)) { + EncodeSigAlg(ssl->options.hashAlgo, + ssl->options.sigAlgo, + &args->output[args->idx]); + args->idx += 2; + *hashType = HashAlgoToType(ssl->options.hashAlgo); + if (*hashType == WC_HASH_TYPE_NONE) + return ALGO_ID_E; + } else { + /* only using sha and md5 for rsa */ + #ifndef NO_OLD_TLS + *hashType = WC_HASH_TYPE_SHA; + if (ssl->options.sigAlgo == rsa_sa_algo) + *hashType = WC_HASH_TYPE_MD5_SHA; + #else + return ALGO_ID_E; + #endif + } + return 0; + } +#endif + /* handle generation of server_key_exchange (12) */ int SendServerKeyExchange(WOLFSSL* ssl) { @@ -35771,44 +36207,10 @@ ssl->options.dhKeySz = (word16)ssl->buffers.serverDH_P.length; - - ret = AllocKey(ssl, DYNAMIC_TYPE_DH, - (void**)&ssl->buffers.serverDH_Key); - if (ret != 0) { - goto exit_sske; - } - - #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ - !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) - if (ssl->options.dhDoKeyTest && - !ssl->options.dhKeyTested) - { - ret = wc_DhSetCheckKey( - ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length, - NULL, 0, 0, ssl->rng); - if (ret != 0) { - goto exit_sske; - } - ssl->options.dhKeyTested = 1; - } - else - #endif - { - ret = wc_DhSetKey(ssl->buffers.serverDH_Key, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - if (ret != 0) { - goto exit_sske; - } - } - + CHECK_RET(ret, AllocKey(ssl, DYNAMIC_TYPE_DH, + (void**)&ssl->buffers.serverDH_Key), + exit_sske); + CHECK_RET(ret, DhSetKey(ssl), exit_sske); #ifdef HAVE_SECURE_RENEGOTIATION /* Check that the DH public key buffer is large * enough to hold the key. This may occur on a @@ -35953,51 +36355,20 @@ #ifndef NO_PSK case psk_kea: { - args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 hintLen; + args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; if (ssl->arrays->server_hint[0] == 0) { ERROR_OUT(0, exit_sske); /* don't send */ } - - /* include size part */ - args->length = (word32)XSTRLEN(ssl->arrays->server_hint); - if (args->length > MAX_PSK_ID_LEN) { - ERROR_OUT(SERVER_HINT_ERROR, exit_sske); - } - - args->length += HINT_LEN_SZ; - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + - RECORD_HEADER_SZ; - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; - } - - /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, - ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (args->input == NULL) - ERROR_OUT(MEMORY_E, exit_sske); - args->output = args->input; - + CHECK_RET(ret, + LengthPlusServerHint(ssl, args, &hintLen), + exit_sske); + SetSendSzWithDtlsExtra(ssl, args); + CHECK_RET(ret, AllocArgsInput(ssl, args), exit_sske); AddHeaders(args->output, args->length, server_key_exchange, ssl); - - /* key data */ - c16toa((word16)(args->length - HINT_LEN_SZ), - args->output + args->idx); - - args->idx += HINT_LEN_SZ; - XMEMCPY(args->output + args->idx, - ssl->arrays->server_hint, - args->length - HINT_LEN_SZ); + AddServerHint(ssl, args, hintLen); break; } #endif /* !NO_PSK */ @@ -36007,75 +36378,17 @@ word32 hintLen; args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - args->length = LENGTH_SZ * 3 + /* p, g, pub */ - ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) { - ERROR_OUT(SERVER_HINT_ERROR, exit_sske); - } - args->length += hintLen + HINT_LEN_SZ; - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + - RECORD_HEADER_SZ; - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; - } - - /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, - ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (args->input == NULL) - ERROR_OUT(MEMORY_E, exit_sske); - args->output = args->input; - + args->length = SKE_DhPubLength(ssl); + CHECK_RET(ret, + LengthPlusServerHint(ssl, args, &hintLen), + exit_sske); + SetSendSzWithDtlsExtra(ssl, args); + CHECK_RET(ret, AllocArgsInput(ssl, args), exit_sske); AddHeaders(args->output, args->length, server_key_exchange, ssl); - - /* key data */ - c16toa((word16)hintLen, args->output + args->idx); - args->idx += HINT_LEN_SZ; - XMEMCPY(args->output + args->idx, - ssl->arrays->server_hint, hintLen); - args->idx += hintLen; - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - args->idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - args->idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - /* No need to update idx, since sizes are already set */ - /* args->idx += ssl->buffers.serverDH_Pub.length; */ + AddServerHint(ssl, args, hintLen); + args->idx = SKE_AddDhPub(&ssl->buffers, args->output, + args->idx); break; } #endif /* !defined(NO_DH) && !defined(NO_PSK) */ @@ -36083,106 +36396,16 @@ defined(HAVE_CURVE448)) && !defined(NO_PSK) case ecdhe_psk_kea: { - word32 hintLen; + word32 hintLen = 0; - /* curve type, named curve, length(1) */ - args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN; - - args->exportSz = MAX_EXPORT_ECC_SZ; - args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, - ssl->heap, DYNAMIC_TYPE_DER); - if (args->exportBuf == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) { - if (wc_curve25519_export_public_ex( - (curve25519_key*)ssl->eccTempKey, - args->exportBuf, &args->exportSz, - EC25519_LITTLE_ENDIAN) != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - } - else - #endif - #ifdef HAVE_CURVE448 - if (ssl->ecdhCurveOID == ECC_X448_OID) { - if (wc_curve448_export_public_ex( - (curve448_key*)ssl->eccTempKey, - args->exportBuf, &args->exportSz, - EC448_LITTLE_ENDIAN) != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - } - else - #endif - { - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963(ssl->eccTempKey, - args->exportBuf, &args->exportSz); - PRIVATE_KEY_LOCK(); - if (ret != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - } - args->length += args->exportSz; - - /* include size part */ - hintLen = (word32)XSTRLEN(ssl->arrays->server_hint); - if (hintLen > MAX_PSK_ID_LEN) { - ERROR_OUT(SERVER_HINT_ERROR, exit_sske); - } - args->length += hintLen + HINT_LEN_SZ; - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - } - #endif - - if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; - } - - /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, - ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (args->input == NULL) - ERROR_OUT(MEMORY_E, exit_sske); - args->output = args->input; - - /* key data */ - c16toa((word16)hintLen, args->output + args->idx); - args->idx += HINT_LEN_SZ; - XMEMCPY(args->output + args->idx, - ssl->arrays->server_hint, hintLen); - args->idx += hintLen; - - /* ECC key exchange data */ - args->output[args->idx++] = named_curve; - args->output[args->idx++] = 0x00; /* leading zero */ - #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) - args->output[args->idx++] = WOLFSSL_ECC_X25519; - else - #endif - #ifdef HAVE_CURVE448 - if (ssl->ecdhCurveOID == ECC_X448_OID) - args->output[args->idx++] = WOLFSSL_ECC_X448; - else - #endif - { - #ifdef HAVE_ECC - args->output[args->idx++] = - SetCurveId(ssl->eccTempKey); - #endif - } - args->output[args->idx++] = (byte)args->exportSz; - XMEMCPY(args->output + args->idx, args->exportBuf, - args->exportSz); + CHECK_RET(ret, ExportEccTempKey(ssl, args), exit_sske); + CHECK_RET(ret, + LengthPlusServerHint(ssl, args, &hintLen), + exit_sske); + SetSendSzWithDtlsExtra(ssl, args); + CHECK_RET(ret, AllocArgsInput(ssl, args), exit_sske); + AddServerHint(ssl, args, hintLen); + CHECK_RET(ret, AddCurveId(ssl, args), exit_sske); break; } #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ @@ -36195,54 +36418,8 @@ enum wc_HashType hashType; word32 preSigSz, preSigIdx; - /* curve type, named curve, length(1) */ - args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN; - - /* Export temp ECC key and add to length */ - args->exportSz = MAX_EXPORT_ECC_SZ; - args->exportBuf = (byte*)XMALLOC(MAX_EXPORT_ECC_SZ, - ssl->heap, DYNAMIC_TYPE_DER); - if (args->exportBuf == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) { - if (wc_curve25519_export_public_ex( - (curve25519_key*)ssl->eccTempKey, - args->exportBuf, &args->exportSz, - EC25519_LITTLE_ENDIAN) != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - } - else - #endif - #ifdef HAVE_CURVE448 - if (ssl->ecdhCurveOID == ECC_X448_OID) { - if (wc_curve448_export_public_ex( - (curve448_key*)ssl->eccTempKey, - args->exportBuf, &args->exportSz, - EC448_LITTLE_ENDIAN) != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - } - else - #endif - { - #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963(ssl->eccTempKey, - args->exportBuf, &args->exportSz); - PRIVATE_KEY_LOCK(); - if (ret != 0) { - ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); - } - #endif - } - args->length += args->exportSz; - + CHECK_RET(ret, ExportEccTempKey(ssl, args), exit_sske); preSigSz = args->length; - preSigIdx = args->idx; if (ssl->buffers.key == NULL) { #ifdef HAVE_PK_CALLBACKS @@ -36257,78 +36434,9 @@ ERROR_OUT(NO_PRIVATE_KEY, exit_sske); } else { - switch(ssl->options.sigAlgo) { - #ifndef NO_RSA - #ifdef WC_RSA_PSS - case rsa_pss_sa_algo: - #endif - case rsa_sa_algo: - { - word32 keySz; - - ssl->buffers.keyType = rsa_sa_algo; - ret = DecodePrivateKey(ssl, &keySz); - if (ret != 0) { - goto exit_sske; - } - - args->tmpSigSz = (word32)keySz; - break; - } - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - case sm2_sa_algo: - #endif - case ecc_dsa_sa_algo: - { - word32 keySz; - - ssl->buffers.keyType = ssl->options.sigAlgo; - ret = DecodePrivateKey(ssl, &keySz); - if (ret != 0) { - goto exit_sske; - } - /* worst case estimate */ - args->tmpSigSz = keySz; - break; - } - #endif - #ifdef HAVE_ED25519 - case ed25519_sa_algo: - { - word32 keySz; - - ssl->buffers.keyType = ed25519_sa_algo; - ret = DecodePrivateKey(ssl, &keySz); - if (ret != 0) { - goto exit_sske; - } - - /* worst case estimate */ - args->tmpSigSz = ED25519_SIG_SIZE; - break; - } - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED448 - case ed448_sa_algo: - { - word32 keySz; - - ssl->buffers.keyType = ed448_sa_algo; - ret = DecodePrivateKey(ssl, &keySz); - if (ret != 0) { - goto exit_sske; - } - - /* worst case estimate */ - args->tmpSigSz = ED448_SIG_SIZE; - break; - } - #endif /* HAVE_ED448 */ - default: - ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ - } /* switch(ssl->specs.sig_algo) */ + CHECK_RET(ret, + SetKeyTypeAndDecodePrivateKey(ssl, args), + exit_sske); } /* sig length */ @@ -36339,78 +36447,18 @@ args->length += HASH_SIG_SIZE; } - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - preSigIdx = args->idx; - } - #endif - if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; - } - - /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, - ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (args->input == NULL) - ERROR_OUT(MEMORY_E, exit_sske); - args->output = args->input; - - /* record and message headers will be added below, when we're sure - of the sig length */ - - /* key exchange data */ - args->output[args->idx++] = named_curve; - args->output[args->idx++] = 0x00; /* leading zero */ - #ifdef HAVE_CURVE25519 - if (ssl->ecdhCurveOID == ECC_X25519_OID) - args->output[args->idx++] = WOLFSSL_ECC_X25519; - else - #endif - #ifdef HAVE_CURVE448 - if (ssl->ecdhCurveOID == ECC_X448_OID) - args->output[args->idx++] = WOLFSSL_ECC_X448; - else - #endif - { - #ifdef HAVE_ECC - args->output[args->idx++] = - SetCurveId(ssl->eccTempKey); - #endif - } - args->output[args->idx++] = (byte)args->exportSz; - XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz); + SetSendSzWithDtlsExtra(ssl, args); + preSigIdx = args->idx; + CHECK_RET(ret, AllocArgsInput(ssl, args), exit_sske); + CHECK_RET(ret, AddCurveId(ssl, args), exit_sske); args->idx += args->exportSz; - /* Determine hash type */ - if (IsAtLeastTLSv1_2(ssl)) { - EncodeSigAlg(ssl->options.hashAlgo, - ssl->options.sigAlgo, - &args->output[args->idx]); - args->idx += 2; - - hashType = HashAlgoToType(ssl->options.hashAlgo); - if (hashType == WC_HASH_TYPE_NONE) { - ERROR_OUT(ALGO_ID_E, exit_sske); - } - - } else { - /* only using sha and md5 for rsa */ - #ifndef NO_OLD_TLS - hashType = WC_HASH_TYPE_SHA; - if (ssl->options.sigAlgo == rsa_sa_algo) { - hashType = WC_HASH_TYPE_MD5_SHA; - } - #else - ERROR_OUT(ALGO_ID_E, exit_sske); - #endif - } - - /* Signature length will be written later, when we're sure what it is */ - + CHECK_RET(ret, + EncodeSigAlgAndGetHashType(ssl, args, + &hashType), + exit_sske); + /* Signature length will be written later, + * when we're sure what it is */ #ifdef HAVE_FUZZER if (ssl->fuzzerCb) { ssl->fuzzerCb(ssl, args->output + preSigIdx, @@ -36418,13 +36466,10 @@ } #endif - ret = HashSkeData(ssl, hashType, - args->output + preSigIdx, preSigSz, - ssl->options.sigAlgo); - if (ret != 0) { - goto exit_sske; - } - + CHECK_RET(ret, HashSkeData(ssl, hashType, + args->output + preSigIdx, + preSigSz, ssl->options.sigAlgo), + exit_sske); args->sigSz = args->tmpSigSz; /* Sign hash to create signature */ @@ -36433,30 +36478,7 @@ #ifndef NO_RSA case rsa_sa_algo: { - /* For TLS 1.2 re-encode signature */ - if (IsAtLeastTLSv1_2(ssl)) { - byte* encodedSig = (byte*)XMALLOC( - MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_DIGEST); - if (encodedSig == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - - ssl->buffers.digest.length = - wc_EncodeSignature(encodedSig, - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - TypeHash(ssl->options.hashAlgo)); - - /* Replace sig buffer with new one */ - if (!ssl->options.dontFreeDigest) { - XFREE(ssl->buffers.digest.buffer, - ssl->heap, DYNAMIC_TYPE_DIGEST); - } - ssl->options.dontFreeDigest = 0; - ssl->buffers.digest.buffer = encodedSig; - } - + CHECK_RET(ret, ReEncodeSig(ssl), exit_sske); /* write sig size here */ c16toa((word16)args->sigSz, args->output + args->idx); @@ -36507,12 +36529,7 @@ word32 preSigSz, preSigIdx; args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - args->length = LENGTH_SZ * 3; /* p, g, pub */ - args->length += ssl->buffers.serverDH_P.length + - ssl->buffers.serverDH_G.length + - ssl->buffers.serverDH_Pub.length; - - preSigIdx = args->idx; + args->length = SKE_DhPubLength(ssl); preSigSz = args->length; if (!ssl->options.usingAnon_cipher) { @@ -36552,57 +36569,13 @@ } } - args->sendSz = args->length + HANDSHAKE_HEADER_SZ + - RECORD_HEADER_SZ; - - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; - preSigIdx = args->idx; - } - #endif - - if (IsEncryptionOn(ssl, 1)) { - args->sendSz += MAX_MSG_EXTRA; - } - - /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, - ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (args->input == NULL) - ERROR_OUT(MEMORY_E, exit_sske); - args->output = args->input; - + SetSendSzWithDtlsExtra(ssl, args); + preSigIdx = args->idx; + CHECK_RET(ret, AllocArgsInput(ssl, args), exit_sske); AddHeaders(args->output, args->length, server_key_exchange, ssl); - - /* add p, g, pub */ - c16toa((word16)ssl->buffers.serverDH_P.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_P.buffer, - ssl->buffers.serverDH_P.length); - args->idx += ssl->buffers.serverDH_P.length; - - /* g */ - c16toa((word16)ssl->buffers.serverDH_G.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_G.buffer, - ssl->buffers.serverDH_G.length); - args->idx += ssl->buffers.serverDH_G.length; - - /* pub */ - c16toa((word16)ssl->buffers.serverDH_Pub.length, - args->output + args->idx); - args->idx += LENGTH_SZ; - XMEMCPY(args->output + args->idx, - ssl->buffers.serverDH_Pub.buffer, - ssl->buffers.serverDH_Pub.length); - args->idx += ssl->buffers.serverDH_Pub.length; + args->idx = SKE_AddDhPub(&ssl->buffers, args->output, + args->idx); #ifdef HAVE_FUZZER if (ssl->fuzzerCb) { @@ -36615,77 +36588,25 @@ break; } - /* Determine hash type */ - if (IsAtLeastTLSv1_2(ssl)) { - EncodeSigAlg(ssl->options.hashAlgo, - ssl->options.sigAlgo, - &args->output[args->idx]); - args->idx += 2; - - hashType = HashAlgoToType(ssl->options.hashAlgo); - if (hashType == WC_HASH_TYPE_NONE) { - ERROR_OUT(ALGO_ID_E, exit_sske); - } - } else { - /* only using sha and md5 for rsa */ - #ifndef NO_OLD_TLS - hashType = WC_HASH_TYPE_SHA; - if (ssl->options.sigAlgo == rsa_sa_algo) { - hashType = WC_HASH_TYPE_MD5_SHA; - } - #else - ERROR_OUT(ALGO_ID_E, exit_sske); - #endif - } - + CHECK_RET(ret, + EncodeSigAlgAndGetHashType(ssl, args, + &hashType), + exit_sske); /* signature size */ - c16toa((word16)args->tmpSigSz, args->output + args->idx); + c16toa((word16)args->tmpSigSz, + args->output + args->idx); args->idx += LENGTH_SZ; - - ret = HashSkeData(ssl, hashType, - args->output + preSigIdx, preSigSz, - ssl->options.sigAlgo); - if (ret != 0) { - goto exit_sske; - } - + CHECK_RET(ret, HashSkeData(ssl, hashType, + args->output + preSigIdx, + preSigSz, ssl->options.sigAlgo), + exit_sske); args->sigSz = args->tmpSigSz; - /* Sign hash to create signature */ - switch (ssl->options.sigAlgo) - { #ifndef NO_RSA - case rsa_sa_algo: - { - /* For TLS 1.2 re-encode signature */ - if (IsAtLeastTLSv1_2(ssl)) { - byte* encodedSig = (byte*)XMALLOC( - MAX_ENCODED_SIG_SZ, ssl->heap, - DYNAMIC_TYPE_DIGEST); - if (encodedSig == NULL) { - ERROR_OUT(MEMORY_E, exit_sske); - } - - ssl->buffers.digest.length = - wc_EncodeSignature(encodedSig, - ssl->buffers.digest.buffer, - ssl->buffers.digest.length, - TypeHash(ssl->options.hashAlgo)); - - /* Replace sig buffer with new one */ - if (!ssl->options.dontFreeDigest) { - XFREE(ssl->buffers.digest.buffer, - ssl->heap, DYNAMIC_TYPE_DIGEST); - } - ssl->options.dontFreeDigest = 0; - ssl->buffers.digest.buffer = encodedSig; - } - break; - } + /* Sign hash to create signature */ + if (ssl->options.sigAlgo == rsa_sa_algo) + ret = ReEncodeSig(ssl); #endif /* NO_RSA */ - default: - break; - } /* switch (ssl->options.sigAlgo) */ break; } #endif /* !defined(NO_DH) && !defined(NO_RSA) */ @@ -38339,6 +38260,15 @@ } } + if (!matchNo) { + WOLFSSL_MSG("Compression list missing null"); +#ifdef WOLFSSL_EXTRA_ALERTS + SendAlert(ssl, alert_fatal, illegal_parameter); +#endif + ret = COMPRESSION_ERROR; + goto out; + } + if (ssl->options.usingCompression == 0 && matchNo) { WOLFSSL_MSG("Matched No Compression"); } else if (ssl->options.usingCompression && matchZlib) { @@ -39196,9 +39126,15 @@ int error; word32 itHash = 0; byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */ + int internalTicketSz; + byte* mac; +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + word16 peerCertSz = 0; +#endif + WOLFSSL_ASSERT_GE(sizeof(ssl->session->staticTicket), WOLFSSL_TICKET_ENC_SZ); WOLFSSL_ASSERT_SIZEOF_GE(ssl->session->staticTicket, *et); - WOLFSSL_ASSERT_SIZEOF_GE(et->enc_ticket, *it); if (ssl->session->ticket != ssl->session->staticTicket) { /* Always use the static ticket buffer */ @@ -39214,7 +39150,7 @@ if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { - XMEMSET(et, 0, sizeof(*et)); + XMEMSET(ssl->session->ticket, 0, SESSION_TICKET_LEN); } /* build internal */ @@ -39278,6 +39214,55 @@ XMEMCPY(it->sessionCtx, ssl->sessionCtx, ID_LEN); #endif +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + /* Store peer certificate in ticket for session resumption. + * Try ssl->peerCert first, then ssl->session->chain as fallback. + * Skip for DTLS to keep ticket size small for MTU constraints. */ + if (ssl->options.dtls) { + c16toa(0, it->peerCertLen); + peerCertSz = 0; + } + else { + const byte* certDer = NULL; + word32 certDerSz = 0; + + if (ssl->peerCert.derCert != NULL && + ssl->peerCert.derCert->length > 0) { + /* Use current peer certificate */ + certDer = ssl->peerCert.derCert->buffer; + certDerSz = ssl->peerCert.derCert->length; + } +#ifdef SESSION_CERTS + else if (ssl->session->chain.count > 0) { + /* Use peer certificate from session chain */ + certDer = ssl->session->chain.certs[0].buffer; + certDerSz = ssl->session->chain.certs[0].length; + } +#endif + + if (certDer != NULL && certDerSz > 0 && + certDerSz <= MAX_TICKET_PEER_CERT_SZ +#ifdef HAVE_MAX_FRAGMENT + /* We don't support fragmentation in + * SendTls13NewSessionTicket yet. */ + && (!IsAtLeastTLSv1_3(ssl->version) || + ssl->max_fragment == MAX_RECORD_SIZE) +#endif + ) { + c16toa((word16)certDerSz, it->peerCertLen); + XMEMCPY(it->peerCert, certDer, certDerSz); + peerCertSz = (word16)certDerSz; + } + else { + if (certDerSz > MAX_TICKET_PEER_CERT_SZ) + WOLFSSL_MSG("Peer cert too large for ticket, skipping"); + c16toa(0, it->peerCertLen); + peerCertSz = 0; + } + } +#endif + #ifdef WOLFSSL_TICKET_HAVE_ID { const byte* id = NULL; @@ -39290,6 +39275,17 @@ } #endif + internalTicketSz = (int)WOLFSSL_INTERNAL_TICKET_BASE_SZ; +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + internalTicketSz += peerCertSz; +#endif +#ifdef WOLFSSL_TICKET_ENC_CBC_HMAC + internalTicketSz = (internalTicketSz + 15) & (~0xf); +#endif + /* MAC is placed after the encrypted data */ + mac = et->enc_ticket + WOLFSSL_TICKET_ENC_SZ; + /* encrypt */ encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */ if (ssl->ctx->ticketEncCb == NULL @@ -39306,10 +39302,10 @@ ret = BAD_TICKET_ENCRYPT; } else { - itHash = HashObject((byte*)it, sizeof(*it), &error); + itHash = HashObject((byte*)it, (word32)internalTicketSz, &error); if (error == 0) { - ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, - 1, et->enc_ticket, WOLFSSL_INTERNAL_TICKET_LEN, &encLen, + ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, mac, + 1, et->enc_ticket, internalTicketSz, &encLen, SSL_TICKET_CTX(ssl)); } else { @@ -39324,7 +39320,7 @@ #endif goto error; } - if (encLen < (int)WOLFSSL_INTERNAL_TICKET_LEN || + if (encLen < internalTicketSz || encLen > (int)WOLFSSL_TICKET_ENC_SZ) { WOLFSSL_MSG("Bad user ticket encrypt size"); ret = BAD_TICKET_KEY_CB_SZ; @@ -39333,7 +39329,8 @@ /* sanity checks on encrypt callback */ /* internal ticket can't be the same if encrypted */ - if (itHash == HashObject((byte*)it, sizeof(*it), &error) || error != 0) + if (itHash == HashObject((byte*)it, (word32)internalTicketSz, &error) || + error != 0) { WOLFSSL_MSG("User ticket encrypt didn't encrypt or hash failed"); ret = BAD_TICKET_ENCRYPT; @@ -39357,7 +39354,7 @@ } /* mac */ - if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) { + if (XMEMCMP(mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) { WOLFSSL_MSG("User ticket encrypt didn't set mac"); ret = BAD_TICKET_ENCRYPT; goto error; @@ -39367,7 +39364,7 @@ c16toa((word16)encLen, et->enc_len); if (encLen < (int)WOLFSSL_TICKET_ENC_SZ) { /* move mac up since whole enc buffer not used */ - XMEMMOVE(et->enc_ticket + encLen, et->mac, + XMEMMOVE(et->enc_ticket + encLen, mac, WOLFSSL_TICKET_MAC_SZ); } ssl->session->ticketLen = @@ -39377,11 +39374,12 @@ error: #ifdef WOLFSSL_CHECK_MEM_ZERO /* Ticket has sensitive data in it now. */ - wc_MemZero_Add("Create Ticket internal", it, sizeof(InternalTicket)); + wc_MemZero_Add("Create Ticket internal", it, + WOLFSSL_INTERNAL_TICKET_MAX_SZ); #endif - ForceZero(it, sizeof(*it)); + ForceZero(it, WOLFSSL_INTERNAL_TICKET_MAX_SZ); #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(it, sizeof(InternalTicket)); + wc_MemZero_Check(it, WOLFSSL_INTERNAL_TICKET_MAX_SZ); #endif WOLFSSL_ERROR_VERBOSE(ret); return ret; @@ -39414,6 +39412,10 @@ WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); return WOLFSSL_TICKET_RET_REJECT; } + if ((word32)inLen + WOLFSSL_TICKET_FIXED_SZ > len) { + WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); + return WOLFSSL_TICKET_RET_REJECT; + } outLen = (int)inLen; /* may be reduced by user padding */ if (ssl->ctx->ticketEncCb == NULL @@ -39432,7 +39434,7 @@ } else { /* Callback uses ssl without const but for DTLS, it really shouldn't - * modify its state. */ + * modify its state. MAC is located after encrypted data. */ ret = ssl->ctx->ticketEncCb((WOLFSSL*)ssl, et->key_name, et->iv, et->enc_ticket + inLen, 0, et->enc_ticket, inLen, &outLen, @@ -39570,6 +39572,48 @@ } #endif /* WOLFSSL_SLT13 */ +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + static void RestorePeerCertFromTicket(WOLFSSL* ssl, InternalTicket* it) + { + word16 peerCertLen = 0; + ato16(it->peerCertLen, &peerCertLen); + + if (peerCertLen > 0 && peerCertLen <= MAX_TICKET_PEER_CERT_SZ) { +#ifdef SESSION_CERTS + /* Clear existing chain and add the peer certificate */ + ssl->session->chain.count = 0; + AddSessionCertToChain(&ssl->session->chain, + it->peerCert, peerCertLen); +#endif + /* Also decode into ssl->peerCert for direct access */ + { + int ret; + DecodedCert* dCert; + + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, + DYNAMIC_TYPE_DCERT); + if (dCert != NULL) { + InitDecodedCert(dCert, it->peerCert, peerCertLen, ssl->heap); + ret = ParseCertRelative(dCert, CERT_TYPE, 0, NULL, NULL); + if (ret == 0) { + FreeX509(&ssl->peerCert); + InitX509(&ssl->peerCert, 0, ssl->heap); + ret = CopyDecodedToX509(&ssl->peerCert, dCert); + if (ret != 0) { + /* Failed to copy - clear peerCert */ + FreeX509(&ssl->peerCert); + InitX509(&ssl->peerCert, 0, ssl->heap); + } + } + FreeDecodedCert(dCert); + XFREE(dCert, ssl->heap, DYNAMIC_TYPE_DCERT); + } + } + } + } +#endif /* OPENSSL_ALL && KEEP_PEER_CERT && !NO_CERT_IN_TICKET */ + void DoClientTicketFinalize(WOLFSSL* ssl, InternalTicket* it, const WOLFSSL_SESSION* sess) { @@ -39657,6 +39701,12 @@ ato16(it->namedGroup, &ssl->session->namedGroup); #endif } + +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + RestorePeerCertFromTicket(ssl, it); +#endif + ssl->version.minor = it->pv.minor; } @@ -39702,6 +39752,23 @@ it->sessionCtxSz = sess->sessionCtxSz; XMEMCPY(it->sessionCtx, sess->sessionCtx, sess->sessionCtxSz); #endif +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + defined(SESSION_CERTS) && !defined(NO_CERT_IN_TICKET) + /* Store peer certificate from session chain */ + if (sess->chain.count > 0) { + word32 certLen = sess->chain.certs[0].length; + if (certLen <= MAX_TICKET_PEER_CERT_SZ) { + c16toa((word16)certLen, it->peerCertLen); + XMEMCPY(it->peerCert, sess->chain.certs[0].buffer, certLen); + } + else { + c16toa(0, it->peerCertLen); + } + } + else { + c16toa(0, it->peerCertLen); + } +#endif } @@ -39771,9 +39838,10 @@ byte* tmp; WOLFSSL_MSG("Found session matching the session id" " found in the ticket"); - /* Allocate and populate an InternalTicket */ + /* Allocate and populate an InternalTicket. Need max size + * because PopulateInternalTicketFromSession may write peer cert */ #ifdef WOLFSSL_NO_REALLOC - tmp = (byte*)XMALLOC(sizeof(InternalTicket), ssl->heap, + tmp = (byte*)XMALLOC(WOLFSSL_INTERNAL_TICKET_MAX_SZ, ssl->heap, DYNAMIC_TYPE_TLSX); if (tmp != NULL && psk->identity != NULL) { @@ -39782,13 +39850,13 @@ psk->identity = NULL; } #else - tmp = (byte*)XREALLOC(psk->identity, sizeof(InternalTicket), + tmp = (byte*)XREALLOC(psk->identity, WOLFSSL_INTERNAL_TICKET_MAX_SZ, ssl->heap, DYNAMIC_TYPE_TLSX); #endif if (tmp != NULL) { - XMEMSET(tmp, 0, sizeof(InternalTicket)); + XMEMSET(tmp, 0, WOLFSSL_INTERNAL_TICKET_MAX_SZ); psk->identity = tmp; - psk->identityLen = sizeof(InternalTicket); + psk->identityLen = WOLFSSL_INTERNAL_TICKET_MAX_SZ; psk->it = (InternalTicket*)tmp; PopulateInternalTicketFromSession(sess, psk->it); decryptRet = WOLFSSL_TICKET_RET_OK; @@ -39823,8 +39891,8 @@ } #ifdef WOLFSSL_CHECK_MEM_ZERO /* Internal ticket successfully decrypted. */ - wc_MemZero_Add("Do Client Ticket internal", psk->it, - sizeof(InternalTicket)); + wc_MemZero_Add("Do Client Ticket internal", psk->identity, + psk->identityLen); #endif ret = DoClientTicketCheckVersion(ssl, psk->it); @@ -39832,7 +39900,7 @@ psk->decryptRet = PSK_DECRYPT_FAIL; ForceZero(psk->identity, psk->identityLen); #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(psk->it, sizeof(InternalTicket)); + wc_MemZero_Check(psk->it, psk->identityLen); #endif WOLFSSL_LEAVE("DoClientTicket_ex", ret); return ret; @@ -39849,7 +39917,13 @@ int ret; InternalTicket* it = NULL; #ifdef WOLFSSL_TLS13 - InternalTicket staticIt; + /* Static buffer for stateful tickets - need max size for peer cert */ + #ifdef WOLFSSL_SMALL_STACK + byte* staticItBuf = NULL; + #else + byte staticItBuf[WOLFSSL_INTERNAL_TICKET_MAX_SZ]; + #endif + InternalTicket* staticIt = NULL; const WOLFSSL_SESSION* sess = NULL; psk_sess_free_cb_ctx freeCtx; @@ -39881,18 +39955,27 @@ * stateless tickets are much longer. */ sess = GetSesionFromCacheOrExt(ssl, input, &freeCtx); if (sess != NULL) { - it = &staticIt; - XMEMSET(it, 0, sizeof(InternalTicket)); + #ifdef WOLFSSL_SMALL_STACK + staticItBuf = (byte*)XMALLOC(WOLFSSL_INTERNAL_TICKET_MAX_SZ, + ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (staticItBuf == NULL) { + decryptRet = WOLFSSL_TICKET_RET_FATAL; + goto cleanup; + } + #endif + staticIt = (InternalTicket*)staticItBuf; + it = staticIt; + XMEMSET(it, 0, WOLFSSL_INTERNAL_TICKET_MAX_SZ); PopulateInternalTicketFromSession(sess, it); decryptRet = WOLFSSL_TICKET_RET_OK; } } else #endif - if (len >= sizeof(*it)) + if (len >= WOLFSSL_INTERNAL_TICKET_LEN + WOLFSSL_TICKET_FIXED_SZ) decryptRet = DoDecryptTicket(ssl, input, len, &it); else - WOLFSSL_MSG("Ticket is smaller than InternalTicket. Rejecting."); + WOLFSSL_MSG("Ticket is smaller than minimum size. Rejecting."); if (decryptRet != WOLFSSL_TICKET_RET_OK && @@ -39901,8 +39984,10 @@ goto cleanup; } #ifdef WOLFSSL_CHECK_MEM_ZERO - /* Internal ticket successfully decrypted. */ - wc_MemZero_Add("Do Client Ticket internal", it, sizeof(InternalTicket)); + /* Internal ticket successfully decrypted. Zero at least the minimum + * internal ticket size (contains master secret). */ + wc_MemZero_Add("Do Client Ticket internal", it, + WOLFSSL_INTERNAL_TICKET_LEN); #endif ret = DoClientTicketCheckVersion(ssl, it); @@ -39915,12 +40000,19 @@ cleanup: if (it != NULL) { - ForceZero(it, sizeof(*it)); + /* Zero the minimum internal ticket size. The it pointer points into + * the input buffer which may be smaller than MAX_SZ. We use the + * minimum length (WOLFSSL_INTERNAL_TICKET_LEN) which is guaranteed + * to fit and contains the sensitive master secret. */ + ForceZero(it, WOLFSSL_INTERNAL_TICKET_LEN); #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(it, sizeof(InternalTicket)); + wc_MemZero_Check(it, WOLFSSL_INTERNAL_TICKET_LEN); #endif } #ifdef WOLFSSL_TLS13 + #ifdef WOLFSSL_SMALL_STACK + XFREE(staticItBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif if (sess != NULL) FreeSessionFromCacheOrExt(ssl, sess, &freeCtx); #endif @@ -39936,10 +40028,7 @@ psk->decryptRet = PSK_DECRYPT_NONE; ForceZero(psk->identity, psk->identityLen); #ifdef WOLFSSL_CHECK_MEM_ZERO - /* We want to check the InternalTicket area since that is what - * we registered in DoClientTicket_ex */ - wc_MemZero_Check((((ExternalTicket*)psk->identity)->enc_ticket), - sizeof(InternalTicket)); + wc_MemZero_Check(psk->identity, psk->identityLen); #endif } } @@ -39955,11 +40044,15 @@ int sendSz; word32 length = SESSION_HINT_SZ + LENGTH_SZ; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; + word32 headerSz = 0; WOLFSSL_START(WC_FUNC_TICKET_SEND); WOLFSSL_ENTER("SendTicket"); - if (ssl->options.createTicket) { + if (ssl->options.createTicket && + /* This will be set when SendHandshakeMsg returns WANT_WRITE. Create + * a new ticket only once. */ + !ssl->options.buildingMsg) { ret = SetupTicket(ssl); if (ret != 0) return ret; @@ -39981,20 +40074,13 @@ idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; #endif } + headerSz = idx; - if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) - sendSz += cipherExtraData(ssl); - - /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state - * is not advanced yet */ - ssl->options.buildingMsg = 1; - - /* check for available size */ - if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) - return ret; + output = (byte*)XMALLOC(sendSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (output == NULL) + return MEMORY_E; /* get output buffer */ - output = GetOutputBuffer(ssl); AddHeaders(output, length, session_ticket, ssl); /* hint */ @@ -40009,45 +40095,9 @@ XMEMCPY(output + idx, ssl->session->ticket, ssl->session->ticketLen); idx += ssl->session->ticketLen; - if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) { - byte* input; - int inputSz = (int)idx; /* build msg adds rec hdr */ - int recordHeaderSz = RECORD_HEADER_SZ; - - if (ssl->options.dtls) - recordHeaderSz += DTLS_RECORD_EXTRA; - inputSz -= recordHeaderSz; - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - if (input == NULL) - return MEMORY_E; - - XMEMCPY(input, output + recordHeaderSz, inputSz); - sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, - handshake, 1, 0, 0, CUR_ORDER); - XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - - if (sendSz < 0) - return sendSz; - } - else { - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, session_ticket)) != 0) - return ret; - - DtlsSEQIncrement(ssl, CUR_ORDER); - } - #endif - ret = HashOutput(ssl, output, sendSz, 0); - if (ret != 0) - return ret; - } - - ssl->buffers.outputBuffer.length += sendSz; - ssl->options.buildingMsg = 0; - - if (!ssl->options.groupMessages) - ret = SendBuffered(ssl); + ret = SendHandshakeMsg(ssl, output, idx - headerSz, session_ticket, + "Session Ticket"); + XFREE(output, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("SendTicket", ret); WOLFSSL_END(WC_FUNC_TICKET_SEND); @@ -40419,7 +40469,7 @@ } if (ret == 0) { ret = wc_Sm4GcmDecrypt(sm4, in, out, inLen, iv, GCM_NONCE_MID_SZ, - tag, SM$_BLOCK_SIZE, aad, aadSz); + tag, SM4_BLOCK_SIZE, aad, aadSz); } wc_Sm4Free(sm4); } @@ -40545,7 +40595,8 @@ WOLFSSL_ENTER("DefTicketEncCb"); - if ((!enc) && (inLen != WOLFSSL_INTERNAL_TICKET_LEN)) { + /* For decryption, check minimum internal ticket size */ + if ((!enc) && (inLen < (int)WOLFSSL_INTERNAL_TICKET_LEN)) { return BUFFER_E; } @@ -40852,6 +40903,28 @@ (void)args; } + #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && !defined(NO_PSK) \ + || !defined(NO_DH) && !defined(NO_PSK) + static int ReadPSKHint(WOLFSSL* ssl, DckeArgs* args, + byte* input, word32 size) + { + word16 clientSz; + /* Read in the PSK hint */ + if ((args->idx - args->begin) + OPAQUE16_LEN > size) + return BUFFER_ERROR; + ato16(input + args->idx, &clientSz); + args->idx += OPAQUE16_LEN; + if (clientSz > MAX_PSK_ID_LEN) + return CLIENT_ID_ERROR; + if ((args->idx - args->begin) + clientSz > size) + return BUFFER_ERROR; + XMEMCPY(ssl->arrays->client_identity, input + args->idx, clientSz); + args->idx += clientSz; + ssl->arrays->client_identity[clientSz] = '\0'; /* null term */ + return 0; + } + #endif #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) static int ImportPeerECCKey(WOLFSSL* ssl, byte* input, DckeArgs* args, @@ -41022,9 +41095,17 @@ if (ret != 0) return ret; } +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + if (wc_ecc_import_x963_ex2(input + args->idx, args->length, + ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id + : private_key->dp->id, 1)) +#else + /* FIPS has validation define on. */ if (wc_ecc_import_x963_ex(input + args->idx, args->length, - ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id - : private_key->dp->id)) { + ssl->peerEccKey, kea == ecdhe_psk_kea ? ssl->eccTempKey->dp->id + : private_key->dp->id)) +#endif + { #ifdef WOLFSSL_EXTRA_ALERTS SendAlert(ssl, alert_fatal, illegal_parameter); #endif @@ -41382,25 +41463,8 @@ { word16 clientSz; - /* Read in the PSK hint */ - if ((args->idx - args->begin) + OPAQUE16_LEN > size) { - ERROR_OUT(BUFFER_ERROR, exit_dcke); - } - - ato16(input + args->idx, &clientSz); - args->idx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) { - ERROR_OUT(CLIENT_ID_ERROR, exit_dcke); - } - - if ((args->idx - args->begin) + clientSz > size) { - ERROR_OUT(BUFFER_ERROR, exit_dcke); - } - - XMEMCPY(ssl->arrays->client_identity, input + args->idx, - clientSz); - args->idx += clientSz; - ssl->arrays->client_identity[clientSz] = '\0'; /* null term */ + CHECK_RET(ret, ReadPSKHint(ssl, args, input, size), + exit_dcke); /* Read in the DHE business */ if ((args->idx - args->begin) + OPAQUE16_LEN > size) { @@ -41435,28 +41499,10 @@ defined(HAVE_CURVE448)) && !defined(NO_PSK) case ecdhe_psk_kea: { - word16 clientSz; byte haveCb; - /* Read in the PSK hint */ - if ((args->idx - args->begin) + OPAQUE16_LEN > size) { - ERROR_OUT(BUFFER_ERROR, exit_dcke); - } - - ato16(input + args->idx, &clientSz); - args->idx += OPAQUE16_LEN; - if (clientSz > MAX_PSK_ID_LEN) { - ERROR_OUT(CLIENT_ID_ERROR, exit_dcke); - } - if ((args->idx - args->begin) + clientSz > size) { - ERROR_OUT(BUFFER_ERROR, exit_dcke); - } - - XMEMCPY(ssl->arrays->client_identity, - input + args->idx, clientSz); - args->idx += clientSz; - ssl->arrays->client_identity[clientSz] = '\0'; /* null term */ - + CHECK_RET(ret, ReadPSKHint(ssl, args, input, size), + exit_dcke); if ((ret = ImportPeerECCKey(ssl, input, args, size, NULL, &haveCb))) ERROR_OUT(ret, exit_dcke); @@ -41493,6 +41539,7 @@ { RsaKey* key = (RsaKey*)ssl->hsKey; volatile int lenErrMask; + int mask; ret = RsaDec(ssl, input + args->idx, @@ -41519,8 +41566,11 @@ goto exit_dcke; lenErrMask = 0 - (SECRET_LEN != args->sigSz); - args->lastErr = (ret & (~lenErrMask)) | - (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask); + /* Snapshot volatile to avoid multiple volatile + * accesses per expression. */ + mask = lenErrMask; + args->lastErr = (ret & (~mask)) | + (WC_NO_ERR_TRACE(RSA_PAD_E) & mask); ret = 0; break; } /* rsa_kea */ @@ -41991,7 +42041,10 @@ * the completion is not detected in the poll like Intel QAT or * Nitrox */ ret = wolfEventQueue_Remove(&ssl->ctx->event_queue, event); - + /* Clear async device so stale pending state from + * wolfSSL_AsyncInit does not confuse subsequent operations */ + XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT)); + ssl->asyncDev = NULL; } #endif } @@ -42054,53 +42107,125 @@ #endif /* WOLFSSL_ASYNC_CRYPT */ +#if !defined(NO_TLS) +/** Return the record size for sending payloadSz of data + * @param ssl WOLFSSL object + * @param payloadSz Size of data to be sent in record + * @param isEncrypted 1 if encryption is on, 0 if not + * @return Record size for sending payloadSz of data + */ +int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz, int isEncrypted) +{ + int recordSz; + + if (ssl == NULL) + return BAD_FUNC_ARG; + + if (isEncrypted) { + recordSz = BuildMessage(ssl, NULL, 0, NULL, payloadSz, application_data, + 0, 1, 0, CUR_ORDER); + /* use a safe upper bound in case of error */ + if (recordSz < 0) { + recordSz = payloadSz + RECORD_HEADER_SZ + + cipherExtraData(ssl) + COMP_EXTRA; + if (ssl->options.dtls) { + recordSz += DTLS_RECORD_EXTRA; + } + } + } + else { + recordSz = payloadSz + RECORD_HEADER_SZ; + if (ssl->options.dtls) { + recordSz += DTLS_RECORD_EXTRA; + } + } + return recordSz; +} +#endif + +/** Return the maximum plaintext size for the current Max Fragment and MTU. + * @param ssl WOLFSSL object containing ciphersuite information. + * @return Max plaintext size for current MTU + */ +int wolfssl_local_GetMaxPlaintextSize(WOLFSSL *ssl) +{ + int maxFrag; + + if (ssl == NULL) + return BAD_FUNC_ARG; + + maxFrag = wolfSSL_GetMaxFragSize(ssl); + +#if defined(WOLFSSL_DTLS) + if (IsDtlsNotSctpMode(ssl)) { + int recordSz; + int mtu; + +#if defined(WOLFSSL_DTLS_MTU) + mtu = ssl->dtlsMtuSz; +#else + mtu = MAX_MTU; +#endif + recordSz = wolfssl_local_GetRecordSize(ssl, maxFrag, + IsEncryptionOn(ssl, 1)); + /* record size of maxFrag fits in MTU */ + if (recordSz <= mtu) { + return maxFrag; + } + + /* adjust plaintext size to fit in MTU */ + maxFrag -= (recordSz - mtu); + if (maxFrag <= 0) { + WOLFSSL_MSG("MTU too small for any plaintext"); + return DTLS_SIZE_ERROR; + } + +#ifndef WOLFSSL_AEAD_ONLY + /* For block ciphers, reducing maxFrag may change padding alignment, + * causing the record to still exceed MTU. Iterate to find exact fit. + * Converges in at most 2 iterations due to bounded padding variance. */ + if (ssl->specs.cipher_type == block) { + int iter; + for (iter = 0; iter < 2; iter++) { + recordSz = wolfssl_local_GetRecordSize(ssl, maxFrag, + IsEncryptionOn(ssl, 1)); + if (recordSz <= mtu) + break; + maxFrag -= (recordSz - mtu); + } + if (recordSz > mtu) { + /* this should never happen */ + WOLFSSL_MSG("Failed to fit record in MTU after padding adjust"); + return DTLS_SIZE_ERROR; + } + } +#endif + } +#endif /* WOLFSSL_DTLS */ + + return maxFrag; +} /** * Return the max fragment size. This is essentially the maximum * fragment_length available. * @param ssl WOLFSSL object containing ciphersuite information. - * @param maxFragment The amount of space we want to check is available. This - * is only the fragment length WITHOUT the (D)TLS headers. * @return Max fragment size */ -int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment) +int wolfSSL_GetMaxFragSize(WOLFSSL* ssl) { - (void) ssl; /* Avoid compiler warnings */ + int maxFragment; - if (maxFragment > MAX_RECORD_SIZE) { - maxFragment = MAX_RECORD_SIZE; - } + if (ssl == NULL) + return BAD_FUNC_ARG; + + maxFragment = MAX_RECORD_SIZE; #ifdef HAVE_MAX_FRAGMENT if ((ssl->max_fragment != 0) && ((word16)maxFragment > ssl->max_fragment)) { maxFragment = ssl->max_fragment; } #endif /* HAVE_MAX_FRAGMENT */ -#ifdef WOLFSSL_DTLS - if (IsDtlsNotSctpMode(ssl)) { - int outputSz, mtuSz; - - /* Given a input buffer size of maxFragment, how big will the - * encrypted output be? */ - if (IsEncryptionOn(ssl, 1)) { - outputSz = BuildMessage(ssl, NULL, 0, NULL, - maxFragment + DTLS_HANDSHAKE_HEADER_SZ, - application_data, 0, 1, 0, CUR_ORDER); - } - else { - outputSz = maxFragment + DTLS_RECORD_HEADER_SZ + - DTLS_HANDSHAKE_HEADER_SZ; - } - - /* Readjust maxFragment for MTU size. */ - #if defined(WOLFSSL_DTLS_MTU) - mtuSz = ssl->dtlsMtuSz; - #else - mtuSz = MAX_MTU; - #endif - maxFragment = ModifyForMTU(ssl, maxFragment, outputSz, mtuSz); - } -#endif return maxFragment; } @@ -42411,7 +42536,8 @@ #endif /* OPENSSL_ALL && !NO_FILESYSTEM && !NO_FILESYSTEM */ -#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) +#if defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) /* * Converts a DER formatted certificate to a SecCertificateRef @@ -42464,11 +42590,11 @@ /* Description */ desc = CFErrorCopyDescription(error); if (desc) { - char buffer[256]; - if (CFStringGetCString(desc, buffer, sizeof(buffer), + char buf[256]; + if (CFStringGetCString(desc, buf, sizeof(buf), kCFStringEncodingUTF8)) { WOLFSSL_MSG_EX("SecTrustEvaluateWithError Error description: %s\n", - buffer); + buf); } CFRelease(desc); } @@ -42631,12 +42757,17 @@ kCFAllocatorDefault, (const char*)ssl->buffers.domainName.buffer, kCFStringEncodingUTF8); } - if (hostname != NULL) { - policy = SecPolicyCreateSSL(true, hostname); - } - else { - policy = SecPolicyCreateSSL(true, NULL); + + /* If we're the client, we're validating the server's cert - use server + * policy (true). If we're the server, we're validating the client's cert - + * use client policy (false). Hostname validation only applies to server + * certs. */ + { + int isServerCert = (ssl->options.side == WOLFSSL_CLIENT_END); + policy = SecPolicyCreateSSL(isServerCert, + isServerCert ? hostname : NULL); } + status = SecTrustCreateWithCertificates(certArray, policy, &trust); if (status != errSecSuccess) { WOLFSSL_MSG_EX("Error creating trust object, " @@ -42752,7 +42883,39 @@ } #endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ -#endif /* defined(__APPLE__) && defined(WOLFSSL_SYS_CA_CERTS) */ +#endif /* __APPLE__ && WOLFSSL_SYS_CA_CERTS && (!NO_WOLFSSL_CLIENT) || + * !WOLFSSL_NO_CLIENT_AUTH) */ + +/* Do not try to process error for async, non blocking io, and app_read */ +void wolfssl_local_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err) +{ +#if defined(WOLFSSL_CHECK_ALERT_ON_ERR) +#if defined(WOLFSSL_ASYNC_CRYPT) + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + return; + } +#endif +#if defined(WOLFSSL_NONBLOCK_OCSP) + if (err == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { + return; + } +#endif +#if defined(WOLFSSL_EARLY_DATA) + if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) { + return; + } +#endif + if (err == WC_NO_ERR_TRACE(WANT_WRITE) || + err == WC_NO_ERR_TRACE(WANT_READ)) { + return; + } + /* check if an alert was sent */ + ProcessReplyEx(ssl, 1); +#else + (void)ssl; + (void)err; +#endif /* WOLFSSL_CHECK_ALERT_ON_ERR */ +} #undef ERROR_OUT diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/keys.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/keys.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/keys.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/keys.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,6 +33,12 @@ #include #endif #endif +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) #include @@ -44,6 +50,20 @@ ssl->options.cipherSuite, &ssl->specs, &ssl->options); if (ret == 0) { + #ifdef WOLFSSL_ALLOW_SSLV3 + /* SSLv3 (RFC 6101) defines MAC algorithms as MD5 and SHA-1. SHA-256 + * was introduced in TLS 1.2 (RFC 5246). SSL_hmac for old SSLv3 + * connections can not handle newer cipher suites that use digest sizes + * larger than SHA-1 */ + if (ssl->version.major == SSLv3_MAJOR && + ssl->version.minor == SSLv3_MINOR && + ssl->specs.hash_size > WC_SHA_DIGEST_SIZE) { + WOLFSSL_MSG("SSLv3 does not support SHA-256 or higher MAC"); + WOLFSSL_ERROR_VERBOSE(UNSUPPORTED_SUITE); + return UNSUPPORTED_SUITE; + } + #endif /* WOLFSSL_ALLOW_SSLV3 */ + /* set TLS if it hasn't been turned off */ if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >= TLSv1_MINOR) { @@ -1225,7 +1245,7 @@ specs->static_ecdh = 0; specs->key_size = WC_SHA256_DIGEST_SIZE; specs->block_size = 0; - specs->iv_size = HMAC_NONCE_SZ; + specs->iv_size = WC_SHA256_DIGEST_SIZE; specs->aead_mac_size = WC_SHA256_DIGEST_SIZE; break; @@ -1243,7 +1263,7 @@ specs->static_ecdh = 0; specs->key_size = WC_SHA384_DIGEST_SIZE; specs->block_size = 0; - specs->iv_size = HMAC_NONCE_SZ; + specs->iv_size = WC_SHA384_DIGEST_SIZE; specs->aead_mac_size = WC_SHA384_DIGEST_SIZE; break; @@ -2813,7 +2833,7 @@ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) if (!tls13) { CcmRet = wc_AesCcmSetNonce(enc->aes, keys->client_write_IV, - AEAD_MAX_IMP_SZ); + AEAD_NONCE_SZ); if (CcmRet != 0) return CcmRet; } #endif @@ -2842,7 +2862,7 @@ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) if (!tls13) { CcmRet = wc_AesCcmSetNonce(enc->aes, keys->server_write_IV, - AEAD_MAX_IMP_SZ); + AEAD_NONCE_SZ); if (CcmRet != 0) return CcmRet; } #endif @@ -3343,14 +3363,14 @@ if (side == WOLFSSL_CLIENT_END) { if (enc) { XMEMCPY(keys->aead_enc_imp_IV, keys->client_write_IV, - HMAC_NONCE_SZ); + specs->iv_size); hmacRet = wc_HmacSetKey(enc->hmac, hashType, keys->client_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; } if (dec) { XMEMCPY(keys->aead_dec_imp_IV, keys->server_write_IV, - HMAC_NONCE_SZ); + specs->iv_size); hmacRet = wc_HmacSetKey(dec->hmac, hashType, keys->server_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; @@ -3359,14 +3379,14 @@ else { if (enc) { XMEMCPY(keys->aead_enc_imp_IV, keys->server_write_IV, - HMAC_NONCE_SZ); + specs->iv_size); hmacRet = wc_HmacSetKey(enc->hmac, hashType, keys->server_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; } if (dec) { XMEMCPY(keys->aead_dec_imp_IV, keys->client_write_IV, - HMAC_NONCE_SZ); + specs->iv_size); hmacRet = wc_HmacSetKey(dec->hmac, hashType, keys->client_write_key, specs->key_size); if (hmacRet != 0) return hmacRet; @@ -3551,7 +3571,7 @@ #endif #if !defined(NO_CERTS) && defined(HAVE_PK_CALLBACKS) - ret = PROTOCOLCB_UNAVAILABLE; + ret = WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE); if (ssl->ctx->EncryptKeysCb) { void* ctx = wolfSSL_GetEncryptKeysCtx(ssl); #if defined(WOLFSSL_RENESAS_FSPSM_TLS) @@ -3888,6 +3908,7 @@ return MEMORY_E; } #endif + XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE); ret = wc_InitMd5(md5); if (ret == 0) { @@ -3934,6 +3955,26 @@ ret = StoreKeys(ssl, keyData, PROVISION_CLIENT_SERVER); } +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("DeriveKeys shaOutput", shaOutput, WC_SHA_DIGEST_SIZE); + wc_MemZero_Add("DeriveKeys md5Input", md5Input, + SECRET_LEN + WC_SHA_DIGEST_SIZE); + wc_MemZero_Add("DeriveKeys shaInput", shaInput, + KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN); + wc_MemZero_Add("DeriveKeys keyData", keyData, + KEY_PREFIX * WC_MD5_DIGEST_SIZE); +#endif + ForceZero(shaOutput, WC_SHA_DIGEST_SIZE); + ForceZero(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE); + ForceZero(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN); + ForceZero(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(shaOutput, WC_SHA_DIGEST_SIZE); + wc_MemZero_Check(md5Input, SECRET_LEN + WC_SHA_DIGEST_SIZE); + wc_MemZero_Check(shaInput, KEY_PREFIX + SECRET_LEN + 2 * RAN_LEN); + wc_MemZero_Check(keyData, KEY_PREFIX * WC_MD5_DIGEST_SIZE); +#endif + WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -3945,26 +3986,24 @@ } -static int CleanPreMaster(WOLFSSL* ssl) +static void CleanPreMaster(WOLFSSL* ssl) { - int i, ret, sz = (int)(ssl->arrays->preMasterSz); + int sz = (int)(ssl->arrays->preMasterSz); - for (i = 0; i < sz; i++) - ssl->arrays->preMasterSecret[i] = 0; +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("CleanPreMaster preMasterSecret", + ssl->arrays->preMasterSecret, sz); +#endif - ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, - (word32)(sz)); - if (ret != 0) - return ret; + ForceZero(ssl->arrays->preMasterSecret, sz); - for (i = 0; i < sz; i++) - ssl->arrays->preMasterSecret[i] = 0; +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(ssl->arrays->preMasterSecret, sz); +#endif XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_SECRET); ssl->arrays->preMasterSecret = NULL; ssl->arrays->preMasterSz = 0; - - return 0; } @@ -4024,6 +4063,13 @@ return MEMORY_E; } #endif +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("MakeSslMasterSecret md5Input", md5Input, + ENCRYPT_LEN + WC_SHA_DIGEST_SIZE); + wc_MemZero_Add("MakeSslMasterSecret shaInput", shaInput, + PREFIX + ENCRYPT_LEN + 2 * RAN_LEN); +#endif + XMEMSET(shaOutput, 0, WC_SHA_DIGEST_SIZE); ret = wc_InitMd5(md5); @@ -4082,16 +4128,20 @@ ret = DeriveKeys(ssl); } + ForceZero(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE); + ForceZero(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(md5Input, ENCRYPT_LEN + WC_SHA_DIGEST_SIZE); + wc_MemZero_Check(shaInput, PREFIX + ENCRYPT_LEN + 2 * RAN_LEN); +#endif + WC_FREE_VAR_EX(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ret == 0) - ret = CleanPreMaster(ssl); - else - CleanPreMaster(ssl); + CleanPreMaster(ssl); return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ocsp.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ocsp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ocsp.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ocsp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,13 @@ * OCSP response signer and direct issuer. */ +/* + * OCSP responder missing features: + * - Support for multiple requests and responses in a single OCSP exchange + * - Support name-based responder ID + * - Support for singleExtensions + */ + #ifndef WOLFCRYPT_ONLY #ifdef HAVE_OCSP @@ -82,7 +89,7 @@ ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ocspRequest == NULL) { - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("wc_CheckCertOcspResponse", MEMORY_ERROR); return MEMORY_E; } #endif @@ -98,7 +105,7 @@ XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - WOLFSSL_LEAVE("CheckCertOCSP", ret); + WOLFSSL_LEAVE("wc_CheckCertOcspResponse", ret); return ret; } @@ -164,19 +171,20 @@ void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic) { OcspEntry *entry, *next; + void* heap = (ocsp->cm != NULL) ? ocsp->cm->heap : NULL; WOLFSSL_ENTER("FreeOCSP"); for (entry = ocsp->ocspList; entry; entry = next) { next = entry->next; - FreeOcspEntry(entry, ocsp->cm->heap); - XFREE(entry, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY); + FreeOcspEntry(entry, heap); + XFREE(entry, heap, DYNAMIC_TYPE_OCSP_ENTRY); } wc_FreeMutex(&ocsp->ocspLock); if (dynamic) - XFREE(ocsp, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); + XFREE(ocsp, heap, DYNAMIC_TYPE_OCSP); } @@ -237,7 +245,7 @@ *entry = NULL; if (wc_LockMutex(&ocsp->ocspLock) != 0) { - WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); + WOLFSSL_LEAVE("GetOcspEntry", BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -280,7 +288,7 @@ *status = NULL; if (wc_LockMutex(&ocsp->ocspLock) != 0) { - WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); + WOLFSSL_LEAVE("GetOcspStatus", BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -296,10 +304,10 @@ else if (*status) { #ifndef NO_ASN_TIME if (XVALIDATE_DATE((*status)->thisDate, - (*status)->thisDateFormat, ASN_BEFORE) + (*status)->thisDateFormat, ASN_BEFORE, MAX_DATE_SIZE) && ((*status)->nextDate[0] != 0) && XVALIDATE_DATE((*status)->nextDate, - (*status)->nextDateFormat, ASN_AFTER)) + (*status)->nextDateFormat, ASN_AFTER, MAX_DATE_SIZE)) #endif { ret = xstat2err((*status)->status); @@ -367,13 +375,13 @@ XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("CheckOcspResponse", MEMORY_ERROR); return MEMORY_E; } #endif InitOcspResponse(ocspResponse, newSingle, newStatus, response, (word32)responseSz, ocsp->cm->heap); -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(NO_TLS) if (ocspRequest != NULL && ocspRequest->ssl != NULL && TLSX_CSR2_IsMulti(((WOLFSSL*)ocspRequest->ssl)->extensions)) { ocspResponse->pendingCAs = TLSX_CSR2_GetPendingSigners(((WOLFSSL*)ocspRequest->ssl)->extensions); @@ -543,7 +551,7 @@ request = (byte*)XMALLOC((size_t)requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); if (request == NULL) { - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("CheckOcspRequest", MEMORY_ERROR); return MEMORY_ERROR; } @@ -576,7 +584,7 @@ } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK -static int CheckOcspResponderChain(OcspEntry* single, DecodedCert *cert, +static int CheckOcspResponderChain(OcspEntry* single, byte* issuerHash, void* vp, Signer* pendingCAs) { /* Attempt to build a chain up to cert's issuer */ WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; @@ -606,8 +614,7 @@ #endif for (; ca != NULL && ca != prev; prev = ca) { - if (XMEMCMP(cert->issuerHash, ca->issuerNameHash, - OCSP_DIGEST_SIZE) == 0) { + if (XMEMCMP(issuerHash, ca->issuerNameHash, OCSP_DIGEST_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by authorized " "responder delegated by issuer " "(found in chain)"); @@ -627,11 +634,15 @@ /** * Enforce https://www.rfc-editor.org/rfc/rfc6960#section-4.2.2.2 - * @param bs The basic response to verify - * @param cert The decoded bs->cert - * @return + * @param bs The basic OCSP response to verify + * @param subjectHash The subject key hash of the OCSP responder certificate + * @param extExtKeyUsage The extended key usage bits of the responder certificate + * @param issuerHash The issuer name hash of the OCSP responder certificate + * @param vp Unused (reserved for future use) + * @return 1 if the responder is authorized to sign the response, 0 otherwise */ -int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) +int CheckOcspResponder(OcspResponse *bs, byte* subjectHash, + byte extExtKeyUsage, byte* issuerHash, void* vp) { int ret = 0; OcspEntry* single; @@ -646,7 +657,7 @@ /* In the future if this API is used more then it could be beneficial to * implement calling InitDecodedCert and ParseCertRelative here * automatically when cert == NULL. */ - if (bs == NULL || cert == NULL) + if (bs == NULL || subjectHash == NULL || issuerHash == NULL) return BAD_FUNC_ARG; /* Traverse the list and check that the cert has the authority to provide @@ -654,21 +665,21 @@ for (single = bs->single; single != NULL; single = single->next) { int passed = 0; - if (XMEMCMP(cert->subjectHash, single->issuerHash, OCSP_DIGEST_SIZE) - == 0) { + if (XMEMCMP(subjectHash, single->issuerHash, OCSP_DIGEST_SIZE) == 0) { WOLFSSL_MSG("\tOCSP Response signed by issuer"); passed = 1; } - else if ((cert->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) != 0) { - if (XMEMCMP(cert->issuerHash, single->issuerHash, - OCSP_DIGEST_SIZE) == 0) { + else if ((extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) != 0) { + if (XMEMCMP(issuerHash, single->issuerHash, OCSP_DIGEST_SIZE) + == 0) { WOLFSSL_MSG("\tOCSP Response signed by authorized responder " "delegated by issuer"); passed = 1; } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHAIN_CHECK else if (vp != NULL) { - passed = CheckOcspResponderChain(single, cert, vp, bs->pendingCAs); + passed = CheckOcspResponderChain(single, issuerHash, vp, + bs->pendingCAs); } #endif } @@ -683,6 +694,47 @@ } +OcspRequest* wc_OcspRequest_new(void* heap) +{ + OcspRequest* request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), heap, + DYNAMIC_TYPE_OCSP_REQUEST); + if (request != NULL) { + XMEMSET(request, 0, sizeof(OcspRequest)); + request->heap = heap; + } + + return request; +} + +void wc_OcspRequest_free(OcspRequest* request) +{ + if (request != NULL) { + FreeOcspRequest(request); + XFREE(request, request->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } +} + +OcspResponse* wc_OcspResponse_new(void* heap) +{ + OcspResponse* response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), + heap, + DYNAMIC_TYPE_OCSP_RESPONSE); + if (response != NULL) { + XMEMSET(response, 0, sizeof(OcspResponse)); + response->heap = heap; + } + + return response; +} + +void wc_OcspResponse_free(OcspResponse* response) +{ + if (response != NULL) { + FreeOcspResponse(response); + XFREE(response, response->heap, DYNAMIC_TYPE_OCSP_RESPONSE); + } +} + /* compatibility layer OCSP functions */ #ifdef OPENSSL_EXTRA int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, @@ -950,7 +1002,8 @@ SIGNER_DIGEST_SIZE) == 0; } else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) { - return XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0; + return XMEMCMP(keyHash, resp->responderId.keyHash, + OCSP_RESPONDER_ID_KEY_SZ) == 0; } return 0; @@ -1028,7 +1081,8 @@ } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if ((flags & WOLFSSL_OCSP_NOCHECKS) == 0) { - ret = CheckOcspResponder(resp, c, st->cm); + ret = CheckOcspResponder(resp, c->subjectHash, c->extExtKeyUsage, + c->issuerHash, st->cm); } else { ret = 0; @@ -1232,7 +1286,7 @@ } if (GetSequence(*data, &idx, &length, (word32)len) >= 0) - (*data) += (unsigned char) ((int)idx + length); + (*data) += idx + length; if (response != NULL && *response == NULL) *response = resp; @@ -1243,6 +1297,9 @@ int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, unsigned char** data) { + if (response == NULL) + return BAD_FUNC_ARG; + if (data == NULL) return (int)response->maxIdx; @@ -1313,7 +1370,11 @@ if (size <= 0 || data == NULL) return size; - return EncodeOcspRequest(request, *data, (word32) size); + size = EncodeOcspRequest(request, *data, (word32) size); + if (size > 0) + *data += size; + + return size; } WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, @@ -1327,8 +1388,9 @@ /* Keep to free */ req->cid = (void*)cid; - XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE); - XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE); + XMEMCPY(req->issuerHash, cid->issuerHash, WC_MAX_DIGEST_SIZE); + XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, WC_MAX_DIGEST_SIZE); + req->hashAlg = (int)cid->hashAlgoOID; if (cid->status->serialSz > req->serialSz) { XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz, @@ -1351,9 +1413,35 @@ certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, DYNAMIC_TYPE_OPENSSL); - if (certId) { - XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID)); + if (certId == NULL) + return NULL; + + XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID)); + certId->next = NULL; + certId->rawCertId = NULL; + certId->rawCertIdSize = 0; + + /* Deep-copy the status to avoid double-free */ + if (id->status != NULL) { + certId->status = (CertStatus*)XMALLOC(sizeof(CertStatus), + NULL, DYNAMIC_TYPE_OCSP_STATUS); + if (certId->status == NULL) { + XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + XMEMCPY(certId->status, id->status, sizeof(CertStatus)); + certId->status->next = NULL; + /* Don't share dynamically allocated fields */ + certId->status->rawOcspResponse = NULL; + certId->status->rawOcspResponseSz = 0; + certId->status->serialInt = NULL; +#ifdef WOLFSSL_OCSP_PARSE_STATUS + certId->status->thisDateAsn = NULL; + certId->status->nextDateAsn = NULL; +#endif } + certId->ownStatus = 1; + return certId; } @@ -1375,7 +1463,9 @@ } if (data != NULL) { + unsigned char* dataOrig = data; size = wolfSSL_i2d_OCSP_REQUEST(req, &data); + data = dataOrig; } if (size <= 0) { @@ -2077,8 +2167,8 @@ */ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs) { - byte* reqNonce = NULL; - byte* rspNonce = NULL; + const byte* reqNonce = NULL; + const byte* rspNonce = NULL; int reqNonceSz = 0; int rspNonceSz = 0; @@ -2119,6 +2209,686 @@ #endif /* OPENSSL_ALL */ +#ifdef HAVE_OCSP_RESPONDER + +/* Free a CA entry and all its resources */ +static void FreeOcspResponderCa(OcspResponderCa* ca, void* heap) +{ + OcspResponderCertStatus* status; + OcspResponderCertStatus* nextStatus; + + if (ca == NULL) + return; + + /* Free private key */ +#ifndef NO_RSA + if (ca->keyType == RSAk) { + wc_FreeRsaKey(&ca->key.rsa); + } +#endif +#ifdef HAVE_ECC + if (ca->keyType == ECDSAk) { + wc_ecc_free(&ca->key.ecc); + } +#endif + + /* Free certificate DER if allocated */ + if (ca->certDer != NULL) { + XFREE(ca->certDer, heap, DYNAMIC_TYPE_OCSP); + } + + /* Free certificate status list */ + status = ca->statuses; + while (status != NULL) { + nextStatus = status->next; + XFREE(status, heap, DYNAMIC_TYPE_OCSP); + status = nextStatus; + } + + XFREE(ca, heap, DYNAMIC_TYPE_OCSP); +} + +/* Allocate and initialize an OCSP Responder */ +OcspResponder* wc_OcspResponder_new(void* heap, int sendCerts) +{ + OcspResponder* responder; + + WOLFSSL_ENTER("wc_OcspResponder_new"); + + responder = (OcspResponder*)XMALLOC(sizeof(OcspResponder), heap, + DYNAMIC_TYPE_OCSP); + if (responder != NULL) { + XMEMSET(responder, 0, sizeof(OcspResponder)); + responder->heap = heap; + responder->sendCerts = sendCerts ? 1 : 0; + if (wc_InitRng(&responder->rng) != 0) { + XFREE(responder, heap, DYNAMIC_TYPE_OCSP); + responder = NULL; + } + } + return responder; +} + +/* Free an OCSP Responder */ +void wc_OcspResponder_free(OcspResponder* responder) +{ + WOLFSSL_ENTER("wc_OcspResponder_free"); + if (responder != NULL) { + OcspResponderCa* ca; + OcspResponderCa* nextCa; + /* Free all CAs */ + ca = responder->caList; + while (ca != NULL) { + nextCa = ca->next; + FreeOcspResponderCa(ca, responder->heap); + ca = nextCa; + } + wc_FreeRng(&responder->rng); + XFREE(responder, responder->heap, DYNAMIC_TYPE_OCSP); + } +} + +int wc_OcspResponder_AddSigner(OcspResponder* responder, + const byte* signerDer, word32 signerDerSz, + const byte* keyDer, word32 keyDerSz, + /* Necessary when adding an authorized responder */ + const byte* issuerCertDer, word32 issuerCertDerSz) +{ + int ret = -1; + OcspResponderCa* ca = NULL; + DecodedCert* decoded = NULL; + word32 keyOID = 0; + + WOLFSSL_ENTER("wc_OcspResponder_AddSigner"); + + if (responder == NULL || signerDer == NULL || signerDerSz == 0 || + keyDer == NULL || keyDerSz == 0 || + (issuerCertDerSz != 0 && issuerCertDer == NULL)) + return BAD_FUNC_ARG; + + /* Allocate CA structure */ + ca = (OcspResponderCa*)XMALLOC(sizeof(OcspResponderCa), responder->heap, + DYNAMIC_TYPE_OCSP); + if (ca == NULL) { + ret = MEMORY_E; + goto out; + } + XMEMSET(ca, 0, sizeof(OcspResponderCa)); + + /* Parse certificate */ + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), responder->heap, + DYNAMIC_TYPE_OCSP); + if (decoded == NULL) { + ret = MEMORY_E; + goto out; + } + + wc_InitDecodedCert(decoded, signerDer, signerDerSz, responder->heap); + ret = wc_ParseCert(decoded, CERT_TYPE, 0, NULL); + if (ret != 0) + goto out; + + ret = wc_CheckPrivateKeyCert(keyDer, keyDerSz, decoded, 1, responder->heap); + if (ret != 1) { + ret = (ret == 0) ? BAD_FUNC_ARG : ret; + goto out; + } + keyOID = decoded->keyOID; + + ret = wc_ShaHash(decoded->publicKeyForHash, decoded->pubKeyForHashSize, + ca->responderKeyHash); + if (ret != 0) + goto out; + + /* Now place the real issuer into decoded and perform cert can actually + * sign for issuer. */ + if (issuerCertDer != NULL && issuerCertDerSz > 0) { + char issuer[WC_ASN_NAME_MAX]; + + if (signerDerSz == issuerCertDerSz && + XMEMCMP(signerDer, issuerCertDer, signerDerSz) == 0) { + /* API misuse */ + ret = BAD_FUNC_ARG; + goto out; + } + if ((decoded->extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { + /* Cert is not authorized for OCSP signing */ + ret = BAD_FUNC_ARG; + goto out; + } + XMEMCPY(issuer, decoded->issuer, WC_ASN_NAME_MAX); + + /* Use allocated DecodedCert */ + wc_FreeDecodedCert(decoded); + wc_InitDecodedCert(decoded, issuerCertDer, issuerCertDerSz, + responder->heap); + ret = wc_ParseCert(decoded, CERT_TYPE, 0, NULL); + if (ret != 0) + goto out; + + if (XSTRNCMP(issuer, decoded->subject, WC_ASN_NAME_MAX) != 0) { + /* Issuer name in responder cert does not match subject of issuer cert */ + ret = BAD_FUNC_ARG; + goto out; + } + + ca->authResp = 1; + } + + /* Use responder cert's subject and public key for hashes */ + if (decoded->subjectRawForHash == NULL || + decoded->subjectRawForHashLen <= 0) { + ret = BAD_FUNC_ARG; + goto out; + } + ret = AsnHashesHash(&ca->issuerHashes, decoded->subjectRawForHash, + (word32)decoded->subjectRawForHashLen); + if (ret != 0) + goto out; + if (decoded->publicKeyForHash == NULL || decoded->pubKeyForHashSize == 0) { + ret = BAD_FUNC_ARG; + goto out; + } + ret = AsnHashesHash(&ca->issuerKeyHashes, decoded->publicKeyForHash, + decoded->pubKeyForHashSize); + if (ret != 0) + goto out; + + /* Extract necessary info from decoded cert */ + XMEMCPY(ca->subject, decoded->subject, WC_ASN_NAME_MAX); + + /* Store raw certificate DER if sendCerts is enabled */ + if (responder->sendCerts) { + ca->certDer = (byte*)XMALLOC(signerDerSz, responder->heap, DYNAMIC_TYPE_OCSP); + if (ca->certDer == NULL) { + ret = MEMORY_E; + goto out; + } + XMEMCPY(ca->certDer, signerDer, signerDerSz); + ca->certDerSz = signerDerSz; + } + + /* Load the private key */ +#ifndef NO_RSA + if (keyOID == RSAk) { + ret = wc_InitRsaKey(&ca->key.rsa, responder->heap); + if (ret == 0) { + word32 idx = 0; + ca->keyType = RSAk; + ret = wc_RsaPrivateKeyDecode(keyDer, &idx, &ca->key.rsa, keyDerSz); + } + if (ret != 0) + goto out; + } + else +#endif +#ifdef HAVE_ECC + if (keyOID == ECDSAk) { + ret = wc_ecc_init_ex(&ca->key.ecc, responder->heap, INVALID_DEVID); + if (ret == 0) { + word32 idx = 0; + ca->keyType = ECDSAk; + ret = wc_EccPrivateKeyDecode(keyDer, &idx, &ca->key.ecc, keyDerSz); + } + if (ret != 0) + goto out; + } + else +#endif + { + ret = NOT_COMPILED_IN; + goto out; + } + + /* Check for duplicates before adding */ + { + OcspResponderCa* existing = responder->caList; + while (existing != NULL) { + if (XMEMCMP(&existing->issuerHashes, &ca->issuerHashes, + sizeof(AsnHashes)) == 0 && + XMEMCMP(&existing->issuerKeyHashes, &ca->issuerKeyHashes, + sizeof(AsnHashes)) == 0) { + ret = DUPE_ENTRY_E; + goto out; + } + existing = existing->next; + } + } + + /* Add CA to list */ + ca->next = responder->caList; + responder->caList = ca; + ca = NULL; /* Ownership transferred */ + ret = 0; + +out: + if (decoded != NULL) { + wc_FreeDecodedCert(decoded); + XFREE(decoded, responder->heap, DYNAMIC_TYPE_OCSP); + } + if (ca != NULL) + FreeOcspResponderCa(ca, responder->heap); + return ret; +} + +/* Find Auth CA by issuer hashes from request */ +static OcspResponderCa* FindCaByHashes(OcspResponder* responder, + const byte* issuerHash, const byte* issuerKeyHash, int hashAlg) +{ + OcspResponderCa* ca = responder->caList; + + while (ca != NULL) { + int hashSz = 0; + const byte* caIssuerHash = AsnHashesGetHash(&ca->issuerHashes, + hashAlg, &hashSz); + const byte* caKeyHash = AsnHashesGetHash(&ca->issuerKeyHashes, + hashAlg, &hashSz); + + if (caIssuerHash != NULL && caKeyHash != NULL && hashSz > 0 && + XMEMCMP(caIssuerHash, issuerHash, (size_t)hashSz) == 0 && + XMEMCMP(caKeyHash, issuerKeyHash, (size_t)hashSz) == 0) { + return ca; + } + ca = ca->next; + } + + return NULL; +} + +/* Find certificate status in a CA */ +static OcspResponderCertStatus* FindCertStatus(OcspResponderCa* ca, + const byte* serial, word32 serialSz) +{ + OcspResponderCertStatus* status = ca->statuses; + + while (status != NULL) { + if (status->serialSz == (int)serialSz && + XMEMCMP(status->serial, serial, serialSz) == 0) { + return status; + } + status = status->next; + } + + return NULL; +} + +/* Find Auth CA by subject string */ +static OcspResponderCa* FindCaBySubject(OcspResponder* responder, + const char* caSubject, word32 caSubjectSz) +{ + OcspResponderCa* ca = responder->caList; + + while (ca != NULL) { + word32 subjectLen = (word32)XSTRLEN(ca->subject); + if (subjectLen == caSubjectSz && + XMEMCMP(ca->subject, caSubject, caSubjectSz) == 0) { + return ca; + } + ca = ca->next; + } + + return NULL; +} + +/* Add a certificate status for a specific CA */ +int wc_OcspResponder_SetCertStatus(OcspResponder* responder, + const char* caSubject, word32 caSubjectSz, + const byte* serial, word32 serialSz, enum Ocsp_Cert_Status status, + time_t revocationTime, enum WC_CRL_Reason revocationReason, + word32 validityPeriod) +{ + OcspResponderCa* ca = NULL; + OcspResponderCertStatus* certStatus = NULL; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + int isNew = 0; + + WOLFSSL_ENTER("wc_OcspResponder_SetCertStatus"); + + if (responder == NULL || caSubject == NULL || caSubjectSz == 0 || + serial == NULL || serialSz == 0 || serialSz > EXTERNAL_SERIAL_SIZE) + goto out; + + if (status != CERT_GOOD && status != CERT_REVOKED && + status != CERT_UNKNOWN) + goto out; + + /* Validate revocation parameters when status is REVOKED */ + if (status == CERT_REVOKED) { + if (revocationTime <= 0) + goto out; + if (revocationReason < WC_CRL_REASON_UNSPECIFIED || + revocationReason > WC_CRL_REASON_AA_COMPROMISE) + goto out; + /* Skip value 7 which is not used */ + if (revocationReason == 7) + goto out; + } + + if (status == CERT_GOOD && validityPeriod == 0) + goto out; + if (status != CERT_GOOD && validityPeriod != 0) + goto out; + + /* Find the CA */ + ca = FindCaBySubject(responder, caSubject, caSubjectSz); + if (ca == NULL) { + ret = ASN_NO_SIGNER_E; + goto out; + } + + /* Check if status already exists for this serial */ + certStatus = FindCertStatus(ca, serial, serialSz); + if (certStatus == NULL) { + /* Allocate new status entry */ + certStatus = (OcspResponderCertStatus*)XMALLOC( + sizeof(OcspResponderCertStatus), responder->heap, DYNAMIC_TYPE_OCSP); + if (certStatus == NULL) { + ret = MEMORY_E; + goto out; + } + XMEMSET(certStatus, 0, sizeof(OcspResponderCertStatus)); + XMEMCPY(certStatus->serial, serial, serialSz); + certStatus->serialSz = serialSz; + isNew = 1; + } + + certStatus->status = status; + certStatus->validityPeriod = 0; + if (status == CERT_REVOKED) { + ret = GetFormattedTime_ex(&revocationTime, certStatus->revocationDate, + sizeof(certStatus->revocationDate), ASN_GENERALIZED_TIME); + if (ret <= 0) { + WOLFSSL_MSG("Failed to format revocation time"); + goto out; + } + certStatus->revocationDateSz = (word32)ret; + certStatus->revocationReason = revocationReason; + } + else if (status == CERT_GOOD) { + certStatus->validityPeriod = validityPeriod; + } + + if (isNew) { + /* Add to CA's status list */ + certStatus->next = ca->statuses; + ca->statuses = certStatus; + certStatus = NULL; /* Ownership transferred */ + } + ret = 0; + +out: + if (isNew && certStatus != NULL) + XFREE(certStatus, responder->heap, DYNAMIC_TYPE_OCSP); + + return ret; +} + +static int OcspResponse_WriteResponse(OcspResponder* responder, byte* response, + word32* responseSz, OcspResponderCa* ca, + OcspResponderCertStatus* certStatus, OcspRequest* req) +{ + OcspResponse resp; + CertStatus status; + OcspEntry entry; + int ret = 0; + time_t now; + RsaKey* rsaKey = NULL; + ecc_key* eccKey = NULL; + int respInited = 0; + int hashSz = 0; + const byte* caIssuerHash = NULL; + const byte* caKeyHash = NULL; + int hashAlg = -1; + + WOLFSSL_ASSERT_SIZEOF_EQ(resp.responderId.keyHash, ca->responderKeyHash); + + WOLFSSL_ENTER("OcspResponse_WriteResponse"); + + if (responseSz == NULL || ca == NULL || certStatus == NULL || + certStatus->serialSz > EXTERNAL_SERIAL_SIZE) { + ret = BAD_FUNC_ARG; + goto out; + } + + InitOcspResponse(&resp, &entry, &status, NULL, 0, responder->heap); + respInited = 1; + + resp.responseStatus = OCSP_SUCCESSFUL; + + status.status = certStatus->status; + + XMEMCPY(status.serial, certStatus->serial, certStatus->serialSz); + status.serialSz = (byte)certStatus->serialSz; + + /* Copy revocation information if status is REVOKED */ + if (certStatus->status == CERT_REVOKED) { + XMEMCPY(status.revocationDate, certStatus->revocationDate, + certStatus->revocationDateSz); + status.revocationDateSz = certStatus->revocationDateSz; + status.revocationReason = (byte)certStatus->revocationReason; + } + + now = wc_Time(NULL); + ret = GetFormattedTime_ex(&now, status.thisDate, sizeof(status.thisDate), + ASN_GENERALIZED_TIME); + if (ret <= 0) { + WOLFSSL_MSG("Failed to format thisUpdate time"); + goto out; + } + XMEMCPY(resp.producedDate, status.thisDate, ret); + resp.producedDateSz = status.thisDateSz = (byte)(ret); + resp.producedDateFormat = status.thisDateFormat = ASN_GENERALIZED_TIME; + + /* Set nextUpdate if validity period is specified (for CERT_GOOD) */ + if (certStatus->status == CERT_GOOD && certStatus->validityPeriod > 0) { + time_t nextTime = now + (time_t)certStatus->validityPeriod; + ret = GetFormattedTime_ex(&nextTime, status.nextDate, + sizeof(status.nextDate), ASN_GENERALIZED_TIME); + if (ret <= 0) { + WOLFSSL_MSG("Failed to format nextUpdate time"); + goto out; + } + status.nextDateSz = (byte)ret; + status.nextDateFormat = ASN_GENERALIZED_TIME; + } + + /* Set certificate if sendCerts is enabled */ + if (responder->sendCerts && ca->certDer != NULL) { + resp.cert = ca->certDer; + resp.certSz = ca->certDerSz; + } + + /* Copy nonce from request to response if present */ + if (req != NULL && req->nonceSz > 0) { + resp.nonce = req->nonce; + resp.nonceSz = req->nonceSz; + } + + /* Echo the hash algorithm from the request */ + if (req == NULL) { + hashAlg = SHAh; /* Fall back to SHA-1 as its required for OCSP */ + } + else { + hashAlg = req->hashAlg; + } + caIssuerHash = AsnHashesGetHash(&ca->issuerHashes, hashAlg, &hashSz); + caKeyHash = AsnHashesGetHash(&ca->issuerKeyHashes, hashAlg, &hashSz); + if (caIssuerHash == NULL || caKeyHash == NULL || hashSz <= 0) { + ret = ASN_SIG_HASH_E; + goto out; + } + entry.hashAlgoOID = (word32)hashAlg; + XMEMCPY(entry.issuerHash, caIssuerHash, (size_t)hashSz); + XMEMCPY(entry.issuerKeyHash, caKeyHash, (size_t)hashSz); + + resp.responderIdType = OCSP_RESPONDER_ID_KEY; + XMEMCPY(resp.responderId.keyHash, ca->responderKeyHash, WC_SHA_DIGEST_SIZE); + + /* TODO allow user to set algo */ + if (ca->keyType == RSAk) { + rsaKey = &ca->key.rsa; + resp.sigOID = CTC_SHA256wRSA; + } + else if (ca->keyType == ECDSAk) { + eccKey = &ca->key.ecc; + resp.sigOID = CTC_SHA256wECDSA; + } + else { + ret = NOT_COMPILED_IN; + goto out; + } + + ret = OcspResponseEncode(&resp, response, responseSz, rsaKey, eccKey, + &responder->rng); + if (ret != 0) { + WOLFSSL_MSG("Failed to encode OCSP response"); + goto out; + } + + ret = 0; +out: + if (respInited) + FreeOcspResponse(&resp); + return ret; +} + +/* Generate OCSP response for a request */ +int wc_OcspResponder_WriteResponse(OcspResponder* responder, + const byte* request, word32 requestSz, + byte* response, word32* responseSz) +{ + int ret = 0; + OcspRequest req; + OcspResponderCa* ca = NULL; + OcspResponderCertStatus* certStatus = NULL; + int reqInited = 0; + + WOLFSSL_ENTER("wc_OcspResponder_WriteResponse"); + + if (responder == NULL || request == NULL || requestSz == 0) { + ret = BAD_FUNC_ARG; + goto out; + } + + XMEMSET(&req, 0, sizeof(OcspRequest)); + + /* Decode the OCSP request */ + ret = DecodeOcspRequest(&req, request, requestSz); + if (ret != 0) { + WOLFSSL_MSG("Failed to decode OCSP request"); + goto out; + } + reqInited = 1; + + /* Find the CA by issuer hashes */ + ca = FindCaByHashes(responder, req.issuerHash, req.issuerKeyHash, + req.hashAlg); + if (ca == NULL) { + WOLFSSL_MSG("No matching CA found for request"); + ret = ASN_NO_SIGNER_E; + goto out; + } + + /* Find the certificate status */ + certStatus = FindCertStatus(ca, req.serial, req.serialSz); + if (certStatus == NULL) { + /* RFC 6960: 'unknown' is a per-certificate status inside a successful + * OCSPResponse, not an error response. Generate a successful response + * with CERT_UNKNOWN so clients can distinguish it from UNAUTHORIZED. */ + OcspResponderCertStatus unknownStatus; + WOLFSSL_MSG("No status for requested certificate, responding unknown"); + if (req.serialSz > EXTERNAL_SERIAL_SIZE) { + ret = BUFFER_E; + goto out; + } + XMEMSET(&unknownStatus, 0, sizeof(unknownStatus)); + XMEMCPY(unknownStatus.serial, req.serial, req.serialSz); + unknownStatus.serialSz = req.serialSz; + unknownStatus.status = CERT_UNKNOWN; + ret = OcspResponse_WriteResponse(responder, response, responseSz, ca, + &unknownStatus, &req); + } + else { + WOLFSSL_MSG("Found CA and certificate status"); + ret = OcspResponse_WriteResponse(responder, response, responseSz, ca, + certStatus, &req); + } + +out: + if (reqInited) + FreeOcspRequest(&req); + WOLFSSL_LEAVE("wc_OcspResponder_WriteResponse", ret); + return ret; +} + +int wc_OcspResponder_WriteErrorResponse(enum Ocsp_Response_Status status, + byte* response, word32* responseSz) +{ + int ret = 0; + OcspResponse resp; + int respInited = 0; + + WOLFSSL_ENTER("wc_OcspResponder_WriteErrorResponse"); + + if (responseSz == NULL) { + ret = BAD_FUNC_ARG; + goto out; + } + + /* Validate status - OCSP_SUCCESSFUL is not allowed for error responses */ + if (status == OCSP_SUCCESSFUL) { + WOLFSSL_MSG("OCSP_SUCCESSFUL is not a valid error status"); + ret = BAD_FUNC_ARG; + goto out; + } + + /* Validate that status is a known enumeration value */ + if (status != OCSP_MALFORMED_REQUEST && + status != OCSP_INTERNAL_ERROR && + status != OCSP_TRY_LATER && + status != OCSP_SIG_REQUIRED && + status != OCSP_UNAUTHORIZED) { + WOLFSSL_MSG("Invalid OCSP response status"); + ret = BAD_FUNC_ARG; + goto out; + } + + /* Initialize a minimal OCSP response structure */ + InitOcspResponse(&resp, NULL, NULL, NULL, 0, NULL); + respInited = 1; + + /* Set the error status */ + resp.responseStatus = (byte)status; + + /* Encode the error response (no responseBytes, just status) */ + ret = OcspResponseEncode(&resp, response, responseSz, NULL, NULL, NULL); + if (ret != 0) { + WOLFSSL_MSG("Failed to encode OCSP error response"); + goto out; + } + + ret = 0; +out: + if (respInited) + FreeOcspResponse(&resp); + return ret; +} + +#endif /* HAVE_OCSP_RESPONDER */ + +/* Helper functions for testing */ +int wc_InitOcspRequest(OcspRequest* req, DecodedCert* cert, + byte useNonce, void* heap) +{ + return InitOcspRequest(req, cert, useNonce, heap); +} + +int wc_EncodeOcspRequest(OcspRequest* req, byte* output, + word32 size) +{ + return EncodeOcspRequest(req, output, size); +} + #else /* HAVE_OCSP */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pk.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,21 +26,6 @@ #include #endif -#ifdef HAVE_ECC - #include - #ifdef HAVE_SELFTEST - /* point compression types. */ - #define ECC_POINT_COMP_EVEN 0x02 - #define ECC_POINT_COMP_ODD 0x03 - #define ECC_POINT_UNCOMP 0x04 - #endif -#endif -#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV - /* FIPS build has replaced ecc.h. */ - #define wc_ecc_key_get_priv(key) (&((key)->k)) - #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV -#endif - #if !defined(WOLFSSL_PK_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN #warning pk.c does not need to be compiled separately from ssl.c @@ -63,7 +48,7 @@ #define ASN_LEN_SIZE(l) \ (((l) < 128) ? 1 : (((l) < 256) ? 2 : 3)) -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifndef NO_ASN @@ -127,7 +112,7 @@ } #endif -#if !defined(NO_RSA) || !defined(WOLFCRYPT_ONLY) +#if defined(OPENSSL_EXTRA) && (!defined(NO_RSA) || !defined(WOLFCRYPT_ONLY)) #ifndef NO_BIO /* Read PEM data from a BIO and decode to DER in a new buffer. * @@ -306,9 +291,10 @@ #endif #endif -#if (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \ +#if defined(OPENSSL_EXTRA) && \ + ((!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || \ (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \ - (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN)) + (defined(HAVE_ECC) && defined(WOLFSSL_KEY_GEN))) #if !defined(NO_FILESYSTEM) /* Write the DER data as PEM into file pointer. * @@ -342,7 +328,8 @@ #endif #endif -#if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + defined(WOLFSSL_PEM_TO_DER) /* Encrypt private key into PEM format. * * DER is encrypted in place. @@ -464,10 +451,10 @@ WC_FREE_VAR_EX(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); return ret == 0; } -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ +#endif /* OPENSSL_EXTRA && WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */ -#if defined(WOLFSSL_KEY_GEN) && \ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) /* Encrypt the DER in PEM format. @@ -696,7 +683,8 @@ #endif /* !NO_CERTS && XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM && * (!NO_DSA || !NO_RSA || HAVE_ECC) */ -#if defined(XSNPRINTF) && !defined(NO_BIO) && !defined(NO_RSA) +#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) && !defined(NO_BIO) && \ + !defined(NO_RSA) /* snprintf() must be available */ /* Maximum number of extra indent spaces on each line. */ @@ -905,7 +893,7 @@ return ret; } -#endif /* XSNPRINTF && !NO_BIO && !NO_RSA */ +#endif /* OPENSSL_EXTRA && XSNPRINTF && !NO_BIO && !NO_RSA */ #endif /* OPENSSL_EXTRA */ @@ -941,3909 +929,9 @@ #endif -/******************************************************************************* - * START OF RSA API - ******************************************************************************/ - -#ifndef NO_RSA - -/* - * RSA METHOD - * Could be used to hold function pointers to implementations of RSA operations. - */ - -#if defined(OPENSSL_EXTRA) -/* Return a blank RSA method and set the name and flags. - * - * Only one implementation of RSA operations. - * name is duplicated. - * - * @param [in] name Name to use in method. - * @param [in] flags Flags to set into method. - * @return Newly allocated RSA method on success. - * @return NULL on failure. - */ -WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags) -{ - WOLFSSL_RSA_METHOD* meth = NULL; - int name_len = 0; - int err; - - /* Validate name is not NULL. */ - if (name == NULL) - return NULL; - /* Allocate an RSA METHOD to return. */ - meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL, - DYNAMIC_TYPE_OPENSSL); - if (meth == NULL) - return NULL; - - XMEMSET(meth, 0, sizeof(*meth)); - meth->flags = flags; - meth->dynamic = 1; - - name_len = (int)XSTRLEN(name); - meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL, - DYNAMIC_TYPE_OPENSSL); - err = (meth->name == NULL); - - if (!err) { - XMEMCPY(meth->name, name, (size_t)(name_len + 1)); - } - - if (err) { - /* meth->name won't be allocated on error. */ - XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL); - meth = NULL; - } - return meth; -} - -/* Default RSA method is one with wolfSSL name and no flags. - * - * @return Newly allocated wolfSSL RSA method on success. - * @return NULL on failure. - */ -const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void) -{ - static const WOLFSSL_RSA_METHOD wolfssl_rsa_meth = { - 0, /* No flags. */ - (char*)"wolfSSL RSA", - 0 /* Static definition. */ - }; - return &wolfssl_rsa_meth; -} - -/* Dispose of RSA method and allocated data. - * - * @param [in] meth RSA method to free. - */ -void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth) -{ - /* Free method if available and dynamically allocated. */ - if ((meth != NULL) && meth->dynamic) { - /* Name was duplicated and must be freed. */ - XFREE(meth->name, NULL, DYNAMIC_TYPE_OPENSSL); - /* Dispose of RSA method. */ - XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL); - } -} - -#ifndef NO_WOLFSSL_STUB -/* Stub function for any RSA method setting function. - * - * Nothing is stored - not even flags or name. - * - * @param [in] meth RSA method. - * @param [in] p A pointer. - * @return 1 to indicate success. - */ -int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *meth, void* p) -{ - WOLFSSL_STUB("RSA_METHOD is not implemented."); - - (void)meth; - (void)p; - - return 1; -} -#endif /* !NO_WOLFSSL_STUB */ -#endif /* OPENSSL_EXTRA */ - -/* - * RSA constructor/deconstructor APIs - */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Dispose of RSA key and allocated data. - * - * Cannot use rsa after this call. - * - * @param [in] rsa RSA key to free. - */ -void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) -{ - int doFree = 1; - - WOLFSSL_ENTER("wolfSSL_RSA_free"); - - /* Validate parameter. */ - if (rsa == NULL) { - doFree = 0; - } - if (doFree) { - int err; - - /* Decrement reference count. */ - wolfSSL_RefDec(&rsa->ref, &doFree, &err); - #ifndef WOLFSSL_REFCNT_ERROR_RETURN - (void)err; - #endif - } - if (doFree) { - void* heap = rsa->heap; - - /* Dispose of allocated reference counting data. */ - wolfSSL_RefFree(&rsa->ref); - - #ifdef HAVE_EX_DATA_CLEANUP_HOOKS - wolfSSL_CRYPTO_cleanup_ex_data(&rsa->ex_data); - #endif - - if (rsa->internal != NULL) { - #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) - /* Check if RNG is owned before freeing it. */ - if (rsa->ownRng) { - WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng; - if ((rng != NULL) && (rng != wolfssl_get_global_rng())) { - wc_FreeRng(rng); - XFREE(rng, heap, DYNAMIC_TYPE_RNG); - } - /* RNG isn't freed by wolfCrypt RSA free. */ - } - #endif - /* Dispose of allocated data in wolfCrypt RSA key. */ - wc_FreeRsaKey((RsaKey*)rsa->internal); - /* Dispose of memory for wolfCrypt RSA key. */ - XFREE(rsa->internal, heap, DYNAMIC_TYPE_RSA); - } - - /* Dispose of external representation of RSA values. */ - wolfSSL_BN_clear_free(rsa->iqmp); - wolfSSL_BN_clear_free(rsa->dmq1); - wolfSSL_BN_clear_free(rsa->dmp1); - wolfSSL_BN_clear_free(rsa->q); - wolfSSL_BN_clear_free(rsa->p); - wolfSSL_BN_clear_free(rsa->d); - wolfSSL_BN_free(rsa->e); - wolfSSL_BN_free(rsa->n); - - #if defined(OPENSSL_EXTRA) - if (rsa->meth) { - wolfSSL_RSA_meth_free((WOLFSSL_RSA_METHOD*)rsa->meth); - } - #endif - - /* Set back to NULLs for safety. */ - ForceZero(rsa, sizeof(*rsa)); - - XFREE(rsa, heap, DYNAMIC_TYPE_RSA); - (void)heap; - } -} - -/* Allocate and initialize a new RSA key. - * - * Not OpenSSL API. - * - * @param [in] heap Heap hint for dynamic memory allocation. - * @param [in] devId Device identifier value. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId) -{ - WOLFSSL_RSA* rsa = NULL; - RsaKey* key = NULL; - int err = 0; - int rsaKeyInited = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_new"); - - /* Allocate memory for new wolfCrypt RSA key. */ - key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key == NULL) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc RsaKey failure"); - err = 1; - } - if (!err) { - /* Allocate memory for new RSA key. */ - rsa = (WOLFSSL_RSA*)XMALLOC(sizeof(WOLFSSL_RSA), heap, - DYNAMIC_TYPE_RSA); - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure"); - err = 1; - } - } - if (!err) { - /* Clear all fields of RSA key. */ - XMEMSET(rsa, 0, sizeof(WOLFSSL_RSA)); - /* Cache heap to use for all allocations. */ - rsa->heap = heap; - #ifdef OPENSSL_EXTRA - /* Always have a method set. */ - rsa->meth = wolfSSL_RSA_get_default_method(); - #endif - - /* Initialize reference counting. */ - wolfSSL_RefInit(&rsa->ref, &err); -#ifdef WOLFSSL_REFCNT_ERROR_RETURN - } - if (!err) { -#endif - /* Initialize wolfCrypt RSA key. */ - if (wc_InitRsaKey_ex(key, heap, devId) != 0) { - WOLFSSL_ERROR_MSG("InitRsaKey WOLFSSL_RSA failure"); - err = 1; - } - else { - rsaKeyInited = 1; - } - } - #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) - if (!err) { - WC_RNG* rng; - - /* Create a local RNG. */ - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG); - if ((rng != NULL) && (wc_InitRng_ex(rng, heap, devId) != 0)) { - WOLFSSL_MSG("InitRng failure, attempting to use global RNG"); - XFREE(rng, heap, DYNAMIC_TYPE_RNG); - rng = NULL; - } - - rsa->ownRng = 1; - if (rng == NULL) { - /* Get the wolfSSL global RNG - not thread safe. */ - rng = wolfssl_get_global_rng(); - rsa->ownRng = 0; - } - if (rng == NULL) { - /* Couldn't create global either. */ - WOLFSSL_ERROR_MSG("wolfSSL_RSA_new no WC_RNG for blinding"); - err = 1; - } - else { - /* Set the local or global RNG into the wolfCrypt RSA key. */ - (void)wc_RsaSetRNG(key, rng); - /* Won't fail as key and rng are not NULL. */ - } - } - #endif /* !HAVE_FIPS && WC_RSA_BLINDING */ - if (!err) { - /* Set wolfCrypt RSA key into RSA key. */ - rsa->internal = key; - /* Data from external RSA key has not been set into internal one. */ - rsa->inSet = 0; - } - - if (err) { - /* Dispose of any allocated data on error. */ - /* No failure after RNG allocation - no need to free RNG. */ - if (rsaKeyInited) { - wc_FreeRsaKey(key); - } - XFREE(key, heap, DYNAMIC_TYPE_RSA); - XFREE(rsa, heap, DYNAMIC_TYPE_RSA); - /* Return NULL. */ - rsa = NULL; - } - return rsa; -} - -/* Allocate and initialize a new RSA key. - * - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_RSA_new(void) -{ - /* Call wolfSSL API to do work. */ - return wolfSSL_RSA_new_ex(NULL, INVALID_DEVID); -} - -/* Increments ref count of RSA key. - * - * @param [in, out] rsa RSA key. - * @return 1 on success - * @return 0 on error - */ -int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa) -{ - int err = 0; - if (rsa != NULL) { - wolfSSL_RefInc(&rsa->ref, &err); - } - return !err; -} - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#ifdef OPENSSL_EXTRA - -#if defined(WOLFSSL_KEY_GEN) - -/* Allocate a new RSA key and make it a copy. - * - * Encodes to and from DER to copy. - * - * @param [in] rsa RSA key to duplicate. - * @return RSA key on success. - * @return NULL on error. - */ -WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) -{ - WOLFSSL_RSA* ret = NULL; - int derSz = 0; - byte* derBuf = NULL; - int err; - - WOLFSSL_ENTER("wolfSSL_RSAPublicKey_dup"); - - err = (rsa == NULL); - if (!err) { - /* Create a new RSA key to return. */ - ret = wolfSSL_RSA_new(); - if (ret == NULL) { - WOLFSSL_ERROR_MSG("Error creating a new WOLFSSL_RSA structure"); - err = 1; - } - } - if (!err) { - /* Encode RSA public key to copy to DER - allocates DER buffer. */ - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - err = 1; - } - } - if (!err) { - /* Decode DER of the RSA public key into new key. */ - if (wolfSSL_RSA_LoadDer_ex(ret, derBuf, derSz, - WOLFSSL_RSA_LOAD_PUBLIC) != 1) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_LoadDer_ex failed"); - err = 1; - } - } - - /* Dispose of any allocated DER buffer. */ - XFREE(derBuf, rsa ? rsa->heap : NULL, DYNAMIC_TYPE_ASN1); - if (err) { - /* Disposes of any created RSA key - on error. */ - wolfSSL_RSA_free(ret); - ret = NULL; - } - return ret; -} - -/* wolfSSL_RSAPrivateKey_dup not supported */ - -#endif /* WOLFSSL_KEY_GEN */ - -static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, - void* heap); - -/* - * RSA to/from bin APIs - */ - -/* Convert RSA public key data to internal. - * - * Creates new RSA key from the DER encoded RSA public key. - * - * @param [out] out Pointer to RSA key to return through. May be NULL. - * @param [in, out] derBuf Pointer to start of DER encoded data. - * @param [in] derSz Length of the data in the DER buffer. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **out, - const unsigned char **derBuf, long derSz) -{ - WOLFSSL_RSA *rsa = NULL; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey"); - - /* Validate parameters. */ - if (derBuf == NULL) { - WOLFSSL_ERROR_MSG("Bad argument"); - err = 1; - } - /* Create a new RSA key to return. */ - if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { - WOLFSSL_ERROR_MSG("RSA_new failed"); - err = 1; - } - /* Decode RSA key from DER. */ - if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, - WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { - WOLFSSL_ERROR_MSG("RSA_LoadDer failed"); - err = 1; - } - if ((!err) && (out != NULL)) { - /* Return through parameter too. */ - *out = rsa; - /* Move buffer on by the used amount. */ - *derBuf += wolfssl_der_length(*derBuf, (int)derSz); - } - - if (err) { - /* Dispose of any created RSA key. */ - wolfSSL_RSA_free(rsa); - rsa = NULL; - } - return rsa; -} - -/* Convert RSA private key data to internal. - * - * Create a new RSA key from the DER encoded RSA private key. - * - * @param [out] out Pointer to RSA key to return through. May be NULL. - * @param [in, out] derBuf Pointer to start of DER encoded data. - * @param [in] derSz Length of the data in the DER buffer. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out, - const unsigned char **derBuf, long derSz) -{ - WOLFSSL_RSA *rsa = NULL; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey"); - - /* Validate parameters. */ - if (derBuf == NULL) { - WOLFSSL_ERROR_MSG("Bad argument"); - err = 1; - } - /* Create a new RSA key to return. */ - if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { - WOLFSSL_ERROR_MSG("RSA_new failed"); - err = 1; - } - /* Decode RSA key from DER. */ - if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, - WOLFSSL_RSA_LOAD_PRIVATE) != 1)) { - WOLFSSL_ERROR_MSG("RSA_LoadDer failed"); - err = 1; - } - if ((!err) && (out != NULL)) { - /* Return through parameter too. */ - *out = rsa; - /* Move buffer on by the used amount. */ - *derBuf += wolfssl_der_length(*derBuf, (int)derSz); - } - - if (err) { - /* Dispose of any created RSA key. */ - wolfSSL_RSA_free(rsa); - rsa = NULL; - } - return rsa; -} -/* Converts an internal RSA structure to DER format for the private key. - * - * If "pp" is null then buffer size only is returned. - * If "*pp" is null then a created buffer is set in *pp and the caller is - * responsible for free'ing it. - * - * @param [in] rsa RSA key. - * @param [in, out] pp On in, pointer to allocated buffer or NULL. - * May be NULL. - * On out, newly allocated buffer or pointer to byte after - * encoding in passed in buffer. - * - * @return Size of DER encoding on success - * @return BAD_FUNC_ARG when rsa is NULL. - * @return 0 on failure. - */ -int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey"); - - /* Validate parameters. */ - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Bad Function Arguments"); - ret = BAD_FUNC_ARG; - } - /* Encode the RSA key as a DER. Call allocates buffer into pp. - * No heap hint as this gets returned to the user */ - else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 0, NULL)) < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - ret = 0; - } - - /* Size of DER encoding. */ - return ret; -} - -/* Converts an internal RSA structure to DER format for the public key. - * - * If "pp" is null then buffer size only is returned. - * If "*pp" is null then a created buffer is set in *pp and the caller is - * responsible for free'ing it. - * - * @param [in] rsa RSA key. - * @param [in, out] pp On in, pointer to allocated buffer or NULL. - * May be NULL. - * On out, newly allocated buffer or pointer to byte after - * encoding in passed in buffer. - * @return Size of DER encoding on success - * @return BAD_FUNC_ARG when rsa is NULL. - * @return 0 on failure. - */ -int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_i2d_RSAPublicKey"); - - /* check for bad functions arguments */ - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Bad Function Arguments"); - ret = BAD_FUNC_ARG; - } - /* Encode the RSA key as a DER. Call allocates buffer into pp. - * No heap hint as this gets returned to the user */ - else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 1, NULL)) < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - ret = 0; - } - - return ret; -} - -#endif /* OPENSSL_EXTRA */ - -/* - * RSA to/from BIO APIs - */ - -/* wolfSSL_d2i_RSAPublicKey_bio not supported */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) - -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO) - -/* Read DER data from a BIO. - * - * DER structures start with a constructed sequence. Use this to calculate the - * total length of the DER data. - * - * @param [in] bio BIO object to read from. - * @param [out] out Buffer holding DER encoding. - * @return Number of bytes to DER encoding on success. - * @return 0 on failure. - */ -static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out) -{ - int err = 0; - unsigned char seq[MAX_SEQ_SZ]; - unsigned char* der = NULL; - int derLen = 0; - - /* Read in a minimal amount to get a SEQUENCE header of any size. */ - if (wolfSSL_BIO_read(bio, seq, sizeof(seq)) != sizeof(seq)) { - WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() of sequence failure"); - err = 1; - } - /* Calculate complete DER encoding length. */ - if ((!err) && ((derLen = wolfssl_der_length(seq, sizeof(seq))) <= 0)) { - WOLFSSL_ERROR_MSG("DER SEQUENCE decode failed"); - err = 1; - } - /* Allocate a buffer to read DER data into. */ - if ((!err) && ((der = (unsigned char*)XMALLOC((size_t)derLen, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) { - WOLFSSL_ERROR_MSG("Malloc failure"); - err = 1; - } - if ((!err) && (derLen <= (int)sizeof(seq))) { - /* Copy the previously read data into the buffer. */ - XMEMCPY(der, seq, derLen); - } - else if (!err) { - /* Calculate the unread amount. */ - int len = derLen - (int)sizeof(seq); - /* Copy the previously read data into the buffer. */ - XMEMCPY(der, seq, sizeof(seq)); - /* Read rest of DER data from BIO. */ - if (wolfSSL_BIO_read(bio, der + sizeof(seq), len) != len) { - WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() failure"); - err = 1; - } - } - if (!err) { - /* Return buffer through parameter. */ - *out = der; - } - - if (err) { - /* Dispose of any allocated buffer on error. */ - XFREE(der, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - derLen = 0; - } - return derLen; -} - -/* Reads the RSA private key data from a BIO to the internal form. - * - * Creates new RSA key from the DER encoded RSA private key read from the BIO. - * - * @param [in] bio BIO object to read from. - * @param [out] out Pointer to RSA key to return through. May be NULL. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) -{ - WOLFSSL_RSA* key = NULL; - unsigned char* der = NULL; - int derLen = 0; - int err; - - WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio"); - - /* Validate parameters. */ - err = (bio == NULL); - /* Read just DER encoding from BIO - buffer allocated in call. */ - if ((!err) && ((derLen = wolfssl_read_der_bio(bio, &der)) == 0)) { - err = 1; - } - if (!err) { - /* Keep der for call to deallocate. */ - const unsigned char* cder = der; - /* Create an RSA key from the data from the BIO. */ - key = wolfSSL_d2i_RSAPrivateKey(NULL, &cder, derLen); - err = (key == NULL); - } - if ((!err) && (out != NULL)) { - /* Return the created RSA key through the parameter. */ - *out = key; - } - - if (err) { - /* Dispose of created key on error. */ - wolfSSL_RSA_free(key); - key = NULL; - } - /* Dispose of allocated data. */ - XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER); - return key; -} -#endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */ - -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ - -/* - * RSA DER APIs - */ - -#ifdef OPENSSL_EXTRA - -/* Create a DER encoding of key. - * - * Not OpenSSL API. - * - * @param [in] rsa RSA key. - * @param [out] outBuf Allocated buffer containing DER encoding. - * May be NULL. - * @param [in] publicKey Whether to encode as public key. - * @param [in] heap Heap hint. - * @return Encoding size on success. - * @return Negative on failure. - */ -int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, - void* heap) -{ - byte* p = NULL; - int ret; - - if (outBuf != NULL) { - p = *outBuf; - } - ret = wolfSSL_RSA_To_Der_ex(rsa, outBuf, publicKey, heap); - if ((ret > 0) && (p != NULL)) { - *outBuf = p; - } - return ret; -} - -/* Create a DER encoding of key. - * - * Buffer allocated with heap and DYNAMIC_TYPE_TMP_BUFFER. - * - * @param [in] rsa RSA key. - * @param [in, out] outBuf On in, pointer to allocated buffer or NULL. - * May be NULL. - * On out, newly allocated buffer or pointer to byte - * after encoding in passed in buffer. - * @param [in] publicKey Whether to encode as public key. - * @param [in] heap Heap hint. - * @return Encoding size on success. - * @return Negative on failure. - */ -static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, - void* heap) -{ - int ret = 1; - int derSz = 0; - byte* derBuf = NULL; - - WOLFSSL_ENTER("wolfSSL_RSA_To_Der"); - - /* Unused if memory is disabled. */ - (void)heap; - - /* Validate parameters. */ - if ((rsa == NULL) || ((publicKey != 0) && (publicKey != 1))) { - WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", BAD_FUNC_ARG); - ret = BAD_FUNC_ARG; - } - /* Push external RSA data into internal RSA key if not set. */ - if ((ret == 1) && (!rsa->inSet)) { - ret = SetRsaInternal(rsa); - } - /* wc_RsaKeyToPublicDer encode regardless of values. */ - if ((ret == 1) && publicKey && (mp_iszero(&((RsaKey*)rsa->internal)->n) || - mp_iszero(&((RsaKey*)rsa->internal)->e))) { - ret = BAD_FUNC_ARG; - } - - if (ret == 1) { - if (publicKey) { - /* Calculate length of DER encoded RSA public key. */ - derSz = wc_RsaPublicKeyDerSize((RsaKey*)rsa->internal, 1); - if (derSz < 0) { - WOLFSSL_ERROR_MSG("wc_RsaPublicKeyDerSize failed"); - ret = derSz; - } - } - else { - /* Calculate length of DER encoded RSA private key. */ - derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, NULL, 0); - if (derSz < 0) { - WOLFSSL_ERROR_MSG("wc_RsaKeyToDer failed"); - ret = derSz; - } - } - } - - if ((ret == 1) && (outBuf != NULL)) { - derBuf = *outBuf; - if (derBuf == NULL) { - /* Allocate buffer to hold DER encoded RSA key. */ - derBuf = (byte*)XMALLOC((size_t)derSz, heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_ERROR_MSG("Memory allocation failed"); - ret = MEMORY_ERROR; - } - } - } - if ((ret == 1) && (outBuf != NULL)) { - if (publicKey > 0) { - /* RSA public key to DER. */ - derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, - (word32)derSz); - } - else { - /* RSA private key to DER. */ - derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, - (word32)derSz); - } - if (derSz < 0) { - WOLFSSL_ERROR_MSG("RSA key encoding failed"); - ret = derSz; - } - else if ((*outBuf) != NULL) { - derBuf = NULL; - *outBuf += derSz; - } - else { - /* Return allocated buffer. */ - *outBuf = derBuf; - } - } - if (ret == 1) { - /* Success - return DER encoding size. */ - ret = derSz; - } - - if ((outBuf != NULL) && (*outBuf != derBuf)) { - /* Not returning buffer, needs to be disposed of. */ - XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); - } - WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret); - return ret; -} - -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Load the DER encoded private RSA key. - * - * Not OpenSSL API. - * - * @param [in] rsa RSA key. - * @param [in] derBuf Buffer holding DER encoding. - * @param [in] derSz Length of DER encoding. - * @return 1 on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, - int derSz) -{ - /* Call implementation that handles both private and public keys. */ - return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); -} - -/* Load the DER encoded public or private RSA key. - * - * Not OpenSSL API. - * - * @param [in] rsa RSA key. - * @param [in] derBuf Buffer holding DER encoding. - * @param [in] derSz Length of DER encoding. - * @param [in] opt Indicates public or private key. - * (WOLFSSL_RSA_LOAD_PUBLIC or WOLFSSL_RSA_LOAD_PRIVATE) - * @return 1 on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, - int derSz, int opt) -{ - int ret = 1; - int res; - word32 idx = 0; - word32 algId; - - WOLFSSL_ENTER("wolfSSL_RSA_LoadDer"); - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) || - (derSz <= 0)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - rsa->pkcs8HeaderSz = 0; - /* Check if input buffer has PKCS8 header. In the case that it does not - * have a PKCS8 header then do not error out. */ - res = ToTraditionalInline_ex((const byte*)derBuf, &idx, (word32)derSz, - &algId); - if (res > 0) { - /* Store size of PKCS#8 header for encoding. */ - WOLFSSL_MSG("Found PKCS8 header"); - rsa->pkcs8HeaderSz = (word16)idx; - } - /* When decoding and not PKCS#8, return will be ASN_PARSE_E. */ - else if (res != WC_NO_ERR_TRACE(ASN_PARSE_E)) { - /* Something went wrong while decoding. */ - WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 " - "header"); - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 1) { - /* Decode private or public key data. */ - if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { - res = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, - (word32)derSz); - } - else { - res = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, - (word32)derSz); - } - /* Check for error. */ - if (res < 0) { - if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { - WOLFSSL_ERROR_MSG("RsaPrivateKeyDecode failed"); - } - else { - WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed"); - } - WOLFSSL_ERROR_VERBOSE(res); - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 1) { - /* Set external RSA key data from wolfCrypt key. */ - if (SetRsaExternal(rsa) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - else { - rsa->inSet = 1; - } - } - - return ret; -} - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - -#if !defined(NO_BIO) || !defined(NO_FILESYSTEM) -/* Load DER encoded data into WOLFSSL_RSA object. - * - * Creates a new WOLFSSL_RSA object if one is not passed in. - * - * @param [in, out] rsa WOLFSSL_RSA object to load into. - * When rsa or *rsa is NULL a new object is created. - * When not NULL and *rsa is NULL then new object - * returned through pointer. - * @param [in] in DER encoded RSA key data. - * @param [in] inSz Size of DER encoded data in bytes. - * @param [in] opt Public or private key encoded in data. Valid values: - * WOLFSSL_RSA_LOAD_PRIVATE, WOLFSSL_RSA_LOAD_PUBLIC. - * @return NULL on failure. - * @return WOLFSSL_RSA object on success. - */ -static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in, - long inSz, int opt) -{ - WOLFSSL_RSA* ret = NULL; - - if ((rsa != NULL) && (*rsa != NULL)) { - ret = *rsa; - } - else { - ret = wolfSSL_RSA_new(); - } - if ((ret != NULL) && (wolfSSL_RSA_LoadDer_ex(ret, in, (int)inSz, opt) - != 1)) { - if ((rsa == NULL) || (ret != *rsa)) { - wolfSSL_RSA_free(ret); - } - ret = NULL; - } - - if ((rsa != NULL) && (*rsa == NULL)) { - *rsa = ret; - } - return ret; -} -#endif - -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -/* - * RSA PEM APIs - */ - -#ifdef OPENSSL_EXTRA - -#ifndef NO_BIO -#if defined(WOLFSSL_KEY_GEN) -/* Writes PEM encoding of an RSA public key to a BIO. - * - * @param [in] bio BIO object to write to. - * @param [in] rsa RSA key to write. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) -{ - int ret = 1; - int derSz = 0; - byte* derBuf = NULL; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY"); - - /* Validate parameters. */ - if ((bio == NULL) || (rsa == NULL)) { - WOLFSSL_ERROR_MSG("Bad Function Arguments"); - return 0; - } - - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, bio->heap)) < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - ret = 0; - } - if (derBuf == NULL) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer"); - ret = 0; - } - if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, - PUBLICKEY_TYPE) != 1)) { - ret = 0; - } - - /* Dispose of DER buffer. */ - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} - -#endif /* WOLFSSL_KEY_GEN */ -#endif /* !NO_BIO */ - -#if defined(WOLFSSL_KEY_GEN) -#ifndef NO_FILESYSTEM - -/* Writes PEM encoding of an RSA public key to a file pointer. - * - * @param [in] fp File pointer to write to. - * @param [in] rsa RSA key to write. - * @param [in] type PEM type to write out. - * @return 1 on success. - * @return 0 on failure. - */ -static int wolfssl_pem_write_rsa_public_key(XFILE fp, WOLFSSL_RSA* rsa, - int type) -{ - int ret = 1; - int derSz; - byte* derBuf = NULL; - - /* Validate parameters. */ - if ((fp == XBADFILE) || (rsa == NULL)) { - WOLFSSL_ERROR_MSG("Bad Function Arguments"); - return 0; - } - - if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - ret = 0; - } - if (derBuf == NULL) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer"); - ret = 0; - } - if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, type, - rsa->heap) != 1)) { - ret = 0; - } - - /* Dispose of DER buffer. */ - XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -/* Writes PEM encoding of an RSA public key to a file pointer. - * - * Header/footer will contain: PUBLIC KEY - * - * @param [in] fp File pointer to write to. - * @param [in] rsa RSA key to write. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA* rsa) -{ - return wolfssl_pem_write_rsa_public_key(fp, rsa, PUBLICKEY_TYPE); -} - -/* Writes PEM encoding of an RSA public key to a file pointer. - * - * Header/footer will contain: RSA PUBLIC KEY - * - * @param [in] fp File pointer to write to. - * @param [in] rsa RSA key to write. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa) -{ - return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE); -} -#endif /* !NO_FILESYSTEM */ -#endif /* WOLFSSL_KEY_GEN */ - -#ifndef NO_BIO -/* Create an RSA public key by reading the PEM encoded data from the BIO. - * - * @param [in] bio BIO object to read from. - * @param [out] out RSA key created. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, - WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass) -{ - WOLFSSL_RSA* rsa = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSA_PUBKEY"); - - if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, - &keyFormat, &der) >= 0)) { - rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, - WOLFSSL_RSA_LOAD_PUBLIC); - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); - } - } - - FreeDer(&der); - if ((out != NULL) && (rsa != NULL)) { - *out = rsa; - } - return rsa; -} - -WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) -{ - char* data = NULL; - int dataSz = 0; - int memAlloced = 0; - WOLFSSL_RSA* rsa = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio"); - - if (bio == NULL) - return NULL; - - if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { - if (memAlloced) - XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - - rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz, - WOLFSSL_RSA_LOAD_PUBLIC); - if (memAlloced) - XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return rsa; -} -#endif /* !NO_BIO */ - -#ifndef NO_FILESYSTEM -/* Create an RSA public key by reading the PEM encoded data from the BIO. - * - * Header/footer should contain: PUBLIC KEY - * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'. - * - * @param [in] fp File pointer to read from. - * @param [out] out RSA key created. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA *wolfSSL_PEM_read_RSA_PUBKEY(XFILE fp, - WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass) -{ - WOLFSSL_RSA* rsa = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_RSA_PUBKEY"); - - if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE, - &keyFormat, &der) >= 0)) { - rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, - WOLFSSL_RSA_LOAD_PUBLIC); - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); - } - } - - FreeDer(&der); - if ((out != NULL) && (rsa != NULL)) { - *out = rsa; - } - return rsa; -} - -/* Create an RSA public key by reading the PEM encoded data from the BIO. - * - * Header/footer should contain: RSA PUBLIC KEY - * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'. - * - * @param [in] fp File pointer to read from. - * @param [out] rsa RSA key created. - * @param [in] cb Password callback when PEM encrypted. May be NULL. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * May be NULL. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa, - wc_pem_password_cb* cb, void* pass) -{ - return wolfSSL_PEM_read_RSA_PUBKEY(fp, rsa, cb, pass); -} - -#endif /* NO_FILESYSTEM */ - -#if defined(WOLFSSL_KEY_GEN) && \ - (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) - -/* Writes PEM encoding of an RSA private key to newly allocated buffer. - * - * Buffer returned was allocated with: DYNAMIC_TYPE_KEY. - * - * @param [in] rsa RSA key to write. - * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. - * @param [in] passwd Password string when PEM encrypted. May be NULL. - * @param [in] passwdSz Length of password string when PEM encrypted. - * @param [out] pem Allocated buffer with PEM encoding. - * @param [out] pLen Length of PEM encoding. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, - const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - unsigned char **pem, int *pLen) -{ - int ret = 1; - byte* derBuf = NULL; - int derSz = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey"); - - /* Validate parameters. */ - if ((pem == NULL) || (pLen == NULL) || (rsa == NULL) || - (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = 0; - } - - /* Set the RSA key data into the wolfCrypt RSA key if not done so. */ - if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = 0; - } - - /* Encode wolfCrypt RSA key to DER - derBuf allocated in call. */ - if ((ret == 1) && ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0, - rsa->heap)) < 0)) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); - ret = 0; - } - - if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd, - passwdSz, PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) { - WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed"); - ret = 0; - } - - return ret; -} - -#ifndef NO_BIO -/* Writes PEM encoding of an RSA private key to a BIO. - * - * @param [in] bio BIO object to write to. - * @param [in] rsa RSA key to write. - * @param [in] cipher Cipher to use when PEM encrypted. - * @param [in] passwd Password string when PEM encrypted. - * @param [in] len Length of password string when PEM encrypted. - * @param [in] cb Password callback to use when PEM encrypted. - * @param [in] arg NUL terminated string for passphrase when PEM encrypted. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, - const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, - wc_pem_password_cb* cb, void* arg) -{ - int ret = 1; - byte* pem = NULL; - int pLen = 0; - - (void)cb; - (void)arg; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey"); - - /* Validate parameters. */ - if ((bio == NULL) || (rsa == NULL) || (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = 0; - } - - if (ret == 1) { - /* Write PEM to buffer that is allocated in the call. */ - ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, len, - &pem, &pLen); - if (ret != 1) { - WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed"); - } - } - /* Write PEM to BIO. */ - if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) <= 0)) { - WOLFSSL_ERROR_MSG("RSA private key BIO write failed"); - ret = 0; - } - - /* Dispose of any allocated PEM buffer. */ - XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - return ret; -} -#endif /* !NO_BIO */ - -#ifndef NO_FILESYSTEM -/* Writes PEM encoding of an RSA private key to a file pointer. - * - * TODO: Support use of the password callback and callback context. - * - * @param [in] fp File pointer to write to. - * @param [in] rsa RSA key to write. - * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. - * @param [in] passwd Password string when PEM encrypted. May be NULL. - * @param [in] passwdSz Length of password string when PEM encrypted. - * @param [in] cb Password callback to use when PEM encrypted. Unused. - * @param [in] arg NUL terminated string for passphrase when PEM - * encrypted. Unused. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, - const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, - wc_pem_password_cb *cb, void *arg) -{ - int ret = 1; - byte* pem = NULL; - int pLen = 0; - - (void)cb; - (void)arg; - - WOLFSSL_ENTER("wolfSSL_PEM_write_RSAPrivateKey"); - - /* Validate parameters. */ - if ((fp == XBADFILE) || (rsa == NULL) || (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = 0; - } - - if (ret == 1) { - /* Write PEM to buffer that is allocated in the call. */ - ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, passwdSz, - &pem, &pLen); - if (ret != 1) { - WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed"); - } - } - /* Write PEM to file pointer. */ - if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) { - WOLFSSL_ERROR_MSG("RSA private key file write failed"); - ret = 0; - } - - /* Dispose of any allocated PEM buffer. */ - XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - return ret; -} -#endif /* NO_FILESYSTEM */ -#endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */ - -#ifndef NO_BIO -/* Create an RSA private key by reading the PEM encoded data from the BIO. - * - * @param [in] bio BIO object to read from. - * @param [out] out RSA key created. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * @return RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_RSA** out, wc_pem_password_cb* cb, void* pass) -{ - WOLFSSL_RSA* rsa = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSAPrivateKey"); - - if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, - &keyFormat, &der) >= 0)) { - rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, - WOLFSSL_RSA_LOAD_PRIVATE); - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); - } - } - - FreeDer(&der); - if ((out != NULL) && (rsa != NULL)) { - *out = rsa; - } - return rsa; -} -#endif /* !NO_BIO */ - -/* Create an RSA private key by reading the PEM encoded data from the file - * pointer. - * - * @param [in] fp File pointer to read from. - * @param [out] out RSA key created. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * @return RSA key on success. - * @return NULL on failure. - */ -#ifndef NO_FILESYSTEM -WOLFSSL_RSA* wolfSSL_PEM_read_RSAPrivateKey(XFILE fp, WOLFSSL_RSA** out, - wc_pem_password_cb* cb, void* pass) -{ - WOLFSSL_RSA* rsa = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_RSAPrivateKey"); - - if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, - &keyFormat, &der) >= 0)) { - rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, - WOLFSSL_RSA_LOAD_PRIVATE); - if (rsa == NULL) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); - } - } - - FreeDer(&der); - if ((out != NULL) && (rsa != NULL)) { - *out = rsa; - } - return rsa; -} -#endif /* !NO_FILESYSTEM */ - -/* - * RSA print APIs - */ - -#if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) -/* Print an RSA key to a file pointer. - * - * @param [in] fp File pointer to write to. - * @param [in] rsa RSA key to write. - * @param [in] indent Number of spaces to prepend to each line. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_RSA_print_fp"); - - /* Validate parameters. */ - if ((fp == XBADFILE) || (rsa == NULL)) { - ret = 0; - } - - /* Set the external data from the wolfCrypt RSA key if not done. */ - if ((ret == 1) && (!rsa->exSet)) { - ret = SetRsaExternal(rsa); - } - - /* Get the key size from modulus if available. */ - if ((ret == 1) && (rsa->n != NULL)) { - int keySize = wolfSSL_BN_num_bits(rsa->n); - if (keySize == 0) { - ret = 0; - } - else { - if (XFPRINTF(fp, "%*s", indent, "") < 0) - ret = 0; - else if (XFPRINTF(fp, "RSA Private-Key: (%d bit, 2 primes)\n", - keySize) < 0) - ret = 0; - } - } - /* Print out any components available. */ - if ((ret == 1) && (rsa->n != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "modulus", rsa->n); - } - if ((ret == 1) && (rsa->d != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "privateExponent", rsa->d); - } - if ((ret == 1) && (rsa->p != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "prime1", rsa->p); - } - if ((ret == 1) && (rsa->q != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "prime2", rsa->q); - } - if ((ret == 1) && (rsa->dmp1 != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "exponent1", rsa->dmp1); - } - if ((ret == 1) && (rsa->dmq1 != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "exponent2", rsa->dmq1); - } - if ((ret == 1) && (rsa->iqmp != NULL)) { - ret = pk_bn_field_print_fp(fp, indent, "coefficient", rsa->iqmp); - } - - WOLFSSL_LEAVE("wolfSSL_RSA_print_fp", ret); - - return ret; -} -#endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ - -#if defined(XSNPRINTF) && !defined(NO_BIO) -/* snprintf() must be available */ - -/* Maximum size of a header line. */ -#define RSA_PRINT_MAX_HEADER_LINE PRINT_NUM_MAX_INDENT - -/* Writes the human readable form of RSA to a BIO. - * - * @param [in] bio BIO object to write to. - * @param [in] rsa RSA key to write. - * @param [in] indent Number of spaces before each line. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) -{ - int ret = 1; - int sz = 0; - RsaKey* key = NULL; - char line[RSA_PRINT_MAX_HEADER_LINE]; - int i = 0; - mp_int *num = NULL; - /* Header strings. */ - const char *name[] = { - "Modulus:", "Exponent:", "PrivateExponent:", "Prime1:", "Prime2:", - "Exponent1:", "Exponent2:", "Coefficient:" - }; - - WOLFSSL_ENTER("wolfSSL_RSA_print"); - - /* Validate parameters. */ - if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) { - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - key = (RsaKey*)rsa->internal; - - /* Get size in bits of key for printing out. */ - sz = wolfSSL_RSA_bits(rsa); - if (sz <= 0) { - WOLFSSL_ERROR_MSG("Error getting RSA key size"); - ret = 0; - } - } - if (ret == 1) { - /* Print any indent spaces. */ - ret = wolfssl_print_indent(bio, line, sizeof(line), indent); - } - if (ret == 1) { - /* Print header line. */ - int len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n", - (!mp_iszero(&key->d)) ? "Private-Key" : "Public-Key", sz); - if (len >= (int)sizeof(line)) { - WOLFSSL_ERROR_MSG("Buffer overflow while formatting key preamble"); - ret = 0; - } - else { - if (wolfSSL_BIO_write(bio, line, len) <= 0) { - ret = 0; - } - } - } - - for (i = 0; (ret == 1) && (i < RSA_INTS); i++) { - /* Get mp_int for index. */ - switch (i) { - case 0: - /* Print out modulus */ - num = &key->n; - break; - case 1: - num = &key->e; - break; - case 2: - num = &key->d; - break; - case 3: - num = &key->p; - break; - case 4: - num = &key->q; - break; - case 5: - num = &key->dP; - break; - case 6: - num = &key->dQ; - break; - case 7: - num = &key->u; - break; - default: - WOLFSSL_ERROR_MSG("Bad index value"); - } - - if (i == 1) { - /* Print exponent as a 32-bit value. */ - ret = wolfssl_print_value(bio, num, name[i], indent); - } - else if (!mp_iszero(num)) { - /* Print name and MP integer. */ - ret = wolfssl_print_number(bio, num, name[i], indent); - } - } - - return ret; -} -#endif /* XSNPRINTF && !NO_BIO */ - -#endif /* OPENSSL_EXTRA */ - -/* - * RSA get/set/test APIs - */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Set RSA key data (external) from wolfCrypt RSA key (internal). - * - * @param [in, out] rsa RSA key. - * @return 1 on success. - * @return 0 on failure. - */ -int SetRsaExternal(WOLFSSL_RSA* rsa) -{ - int ret = 1; - - WOLFSSL_ENTER("SetRsaExternal"); - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - RsaKey* key = (RsaKey*)rsa->internal; - - /* Copy modulus. */ - ret = wolfssl_bn_set_value(&rsa->n, &key->n); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa n error"); - } - if (ret == 1) { - /* Copy public exponent. */ - ret = wolfssl_bn_set_value(&rsa->e, &key->e); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa e error"); - } - } - - if (key->type == RSA_PRIVATE) { - #ifndef WOLFSSL_RSA_PUBLIC_ONLY - if (ret == 1) { - /* Copy private exponent. */ - ret = wolfssl_bn_set_value(&rsa->d, &key->d); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa d error"); - } - } - if (ret == 1) { - /* Copy first prime. */ - ret = wolfssl_bn_set_value(&rsa->p, &key->p); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa p error"); - } - } - if (ret == 1) { - /* Copy second prime. */ - ret = wolfssl_bn_set_value(&rsa->q, &key->q); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa q error"); - } - } - #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ - !defined(RSA_LOW_MEM) - if (ret == 1) { - /* Copy d mod p-1. */ - ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa dP error"); - } - } - if (ret == 1) { - /* Copy d mod q-1. */ - ret = wolfssl_bn_set_value(&rsa->dmq1, &key->dQ); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa dq error"); - } - } - if (ret == 1) { - /* Copy 1/q mod p. */ - ret = wolfssl_bn_set_value(&rsa->iqmp, &key->u); - if (ret != 1) { - WOLFSSL_ERROR_MSG("rsa u error"); - } - } - #endif - #else - WOLFSSL_ERROR_MSG("rsa private key not compiled in "); - ret = 0; - #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ - } - } - if (ret == 1) { - /* External values set. */ - rsa->exSet = 1; - } - else { - /* Return 0 on failure. */ - ret = 0; - } - - return ret; -} -#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ - -#ifdef OPENSSL_EXTRA - -/* Set wolfCrypt RSA key data (internal) from RSA key (external). - * - * @param [in, out] rsa RSA key. - * @return 1 on success. - * @return 0 on failure. - */ -int SetRsaInternal(WOLFSSL_RSA* rsa) -{ - int ret = 1; - - WOLFSSL_ENTER("SetRsaInternal"); - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - RsaKey* key = (RsaKey*)rsa->internal; - - /* Copy down modulus if available. */ - if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) { - WOLFSSL_ERROR_MSG("rsa n key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Copy down public exponent if available. */ - if ((ret == 1) && (rsa->e != NULL) && - (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) { - WOLFSSL_ERROR_MSG("rsa e key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Enough numbers for public key */ - key->type = RSA_PUBLIC; - -#ifndef WOLFSSL_RSA_PUBLIC_ONLY - /* Copy down private exponent if available. */ - if ((ret == 1) && (rsa->d != NULL)) { - if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { - WOLFSSL_ERROR_MSG("rsa d key error"); - ret = WOLFSSL_FATAL_ERROR; - } - else { - /* Enough numbers for private key */ - key->type = RSA_PRIVATE; - } - } - - /* Copy down first prime if available. */ - if ((ret == 1) && (rsa->p != NULL) && - (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) { - WOLFSSL_ERROR_MSG("rsa p key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Copy down second prime if available. */ - if ((ret == 1) && (rsa->q != NULL) && - (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) { - WOLFSSL_ERROR_MSG("rsa q key error"); - ret = WOLFSSL_FATAL_ERROR; - } - -#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) - /* Copy down d mod p-1 if available. */ - if ((ret == 1) && (rsa->dmp1 != NULL) && - (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { - WOLFSSL_ERROR_MSG("rsa dP key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Copy down d mod q-1 if available. */ - if ((ret == 1) && (rsa->dmq1 != NULL) && - (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) { - WOLFSSL_ERROR_MSG("rsa dQ key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Copy down 1/q mod p if available. */ - if ((ret == 1) && (rsa->iqmp != NULL) && - (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) { - WOLFSSL_ERROR_MSG("rsa u key error"); - ret = WOLFSSL_FATAL_ERROR; - } -#endif -#endif - - if (ret == 1) { - /* All available numbers have been set down. */ - rsa->inSet = 1; - } - } - - return ret; -} - -/* Set the RSA method into object. - * - * @param [in, out] rsa RSA key. - * @param [in] meth RSA method. - * @return 1 always. - */ -int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth) -{ - if (rsa != NULL) { - /* Store the method into object. */ - rsa->meth = meth; - /* Copy over flags. */ - rsa->flags = meth->flags; - } - /* OpenSSL always assumes it will work. */ - return 1; -} - -/* Get the RSA method from the RSA object. - * - * @param [in] rsa RSA key. - * @return RSA method on success. - * @return NULL when RSA is NULL or no method set. - */ -const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa) -{ - return (rsa != NULL) ? rsa->meth : NULL; -} - -/* Get the size in bytes of the RSA key. - * - * Return compliant with OpenSSL - * - * @param [in] rsa RSA key. - * @return RSA modulus size in bytes. - * @return 0 on error. - */ -int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) -{ - int ret = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_size"); - - if (rsa != NULL) { - /* Make sure we have set the RSA values into wolfCrypt RSA key. */ - if (rsa->inSet || (SetRsaInternal((WOLFSSL_RSA*)rsa) == 1)) { - /* Get key size in bytes using wolfCrypt RSA key. */ - ret = wc_RsaEncryptSize((RsaKey*)rsa->internal); - } - } - - return ret; -} - -/* Get the size in bits of the RSA key. - * - * Uses external modulus field. - * - * @param [in] rsa RSA key. - * @return RSA modulus size in bits. - * @return 0 on error. - */ -int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa) -{ - int ret = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_bits"); - - if (rsa != NULL) { - /* Get number of bits in external modulus. */ - ret = wolfSSL_BN_num_bits(rsa->n); - } - - return ret; -} - -/* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters. - * - * Only for those that are not NULL parameters. - * - * @param [in] rsa RSA key. - * @param [out] dmp1 BN that is d mod (p - 1). May be NULL. - * @param [out] dmq1 BN that is d mod (q - 1). May be NULL. - * @param [out] iqmp BN that is 1/q mod p. May be NULL. - */ -void wolfSSL_RSA_get0_crt_params(const WOLFSSL_RSA *rsa, - const WOLFSSL_BIGNUM **dmp1, const WOLFSSL_BIGNUM **dmq1, - const WOLFSSL_BIGNUM **iqmp) -{ - WOLFSSL_ENTER("wolfSSL_RSA_get0_crt_params"); - - /* For any parameters not NULL, return the BN from the key or NULL. */ - if (dmp1 != NULL) { - *dmp1 = (rsa != NULL) ? rsa->dmp1 : NULL; - } - if (dmq1 != NULL) { - *dmq1 = (rsa != NULL) ? rsa->dmq1 : NULL; - } - if (iqmp != NULL) { - *iqmp = (rsa != NULL) ? rsa->iqmp : NULL; - } -} - -/* Set the BN objects that are the Chinese-Remainder Theorem (CRT) parameters - * into RSA key. - * - * If CRT parameter is NULL then there must be one in the RSA key already. - * - * @param [in, out] rsa RSA key. - * @param [in] dmp1 BN that is d mod (p - 1). May be NULL. - * @param [in] dmq1 BN that is d mod (q - 1). May be NULL. - * @param [in] iqmp BN that is 1/q mod p. May be NULL. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *dmp1, - WOLFSSL_BIGNUM *dmq1, WOLFSSL_BIGNUM *iqmp) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_RSA_set0_crt_params"); - - /* If a param is NULL in rsa then it must be non-NULL in the - * corresponding user input. */ - if ((rsa == NULL) || ((rsa->dmp1 == NULL) && (dmp1 == NULL)) || - ((rsa->dmq1 == NULL) && (dmq1 == NULL)) || - ((rsa->iqmp == NULL) && (iqmp == NULL))) { - WOLFSSL_ERROR_MSG("Bad parameters"); - ret = 0; - } - if (ret == 1) { - /* Replace the BNs. */ - if (dmp1 != NULL) { - wolfSSL_BN_clear_free(rsa->dmp1); - rsa->dmp1 = dmp1; - } - if (dmq1 != NULL) { - wolfSSL_BN_clear_free(rsa->dmq1); - rsa->dmq1 = dmq1; - } - if (iqmp != NULL) { - wolfSSL_BN_clear_free(rsa->iqmp); - rsa->iqmp = iqmp; - } - - /* Set the values into the wolfCrypt RSA key. */ - if (SetRsaInternal(rsa) != 1) { - if (dmp1 != NULL) { - rsa->dmp1 = NULL; - } - if (dmq1 != NULL) { - rsa->dmq1 = NULL; - } - if (iqmp != NULL) { - rsa->iqmp = NULL; - } - ret = 0; - } - } - - return ret; -} - -/* Get the BN objects that are the factors of the RSA key (two primes p and q). - * - * @param [in] rsa RSA key. - * @param [out] p BN that is first prime. May be NULL. - * @param [out] q BN that is second prime. May be NULL. - */ -void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **p, - const WOLFSSL_BIGNUM **q) -{ - WOLFSSL_ENTER("wolfSSL_RSA_get0_factors"); - - /* For any primes not NULL, return the BN from the key or NULL. */ - if (p != NULL) { - *p = (rsa != NULL) ? rsa->p : NULL; - } - if (q != NULL) { - *q = (rsa != NULL) ? rsa->q : NULL; - } -} - -/* Set the BN objects that are the factors of the RSA key (two primes p and q). - * - * If factor parameter is NULL then there must be one in the RSA key already. - * - * @param [in, out] rsa RSA key. - * @param [in] p BN that is first prime. May be NULL. - * @param [in] q BN that is second prime. May be NULL. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *p, - WOLFSSL_BIGNUM *q) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_RSA_set0_factors"); - - /* If a param is null in r then it must be non-null in the - * corresponding user input. */ - if (rsa == NULL || ((rsa->p == NULL) && (p == NULL)) || - ((rsa->q == NULL) && (q == NULL))) { - WOLFSSL_ERROR_MSG("Bad parameters"); - ret = 0; - } - if (ret == 1) { - /* Replace the BNs. */ - if (p != NULL) { - wolfSSL_BN_clear_free(rsa->p); - rsa->p = p; - } - if (q != NULL) { - wolfSSL_BN_clear_free(rsa->q); - rsa->q = q; - } - - /* Set the values into the wolfCrypt RSA key. */ - if (SetRsaInternal(rsa) != 1) { - if (p != NULL) { - rsa->p = NULL; - } - if (q != NULL) { - rsa->q = NULL; - } - ret = 0; - } - } - - return ret; -} - -/* Get the BN objects for the basic key numbers of the RSA key (modulus, public - * exponent, private exponent). - * - * @param [in] rsa RSA key. - * @param [out] n BN that is the modulus. May be NULL. - * @param [out] e BN that is the public exponent. May be NULL. - * @param [out] d BN that is the private exponent. May be NULL. - */ -void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **n, - const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d) -{ - WOLFSSL_ENTER("wolfSSL_RSA_get0_key"); - - /* For any parameters not NULL, return the BN from the key or NULL. */ - if (n != NULL) { - *n = (rsa != NULL) ? rsa->n : NULL; - } - if (e != NULL) { - *e = (rsa != NULL) ? rsa->e : NULL; - } - if (d != NULL) { - *d = (rsa != NULL) ? rsa->d : NULL; - } -} - -/* Set the BN objects for the basic key numbers into the RSA key (modulus, - * public exponent, private exponent). - * - * If BN parameter is NULL then there must be one in the RSA key already. - * - * @param [in,out] rsa RSA key. - * @param [in] n BN that is the modulus. May be NULL. - * @param [in] e BN that is the public exponent. May be NULL. - * @param [in] d BN that is the private exponent. May be NULL. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, - WOLFSSL_BIGNUM *d) -{ - int ret = 1; - - /* If the fields n and e in r are NULL, the corresponding input - * parameters MUST be non-NULL for n and e. d may be - * left NULL (in case only the public key is used). - */ - if ((rsa == NULL) || ((rsa->n == NULL) && (n == NULL)) || - ((rsa->e == NULL) && (e == NULL))) { - ret = 0; - } - if (ret == 1) { - /* Replace the BNs. */ - if (n != NULL) { - wolfSSL_BN_free(rsa->n); - rsa->n = n; - } - if (e != NULL) { - wolfSSL_BN_free(rsa->e); - rsa->e = e; - } - if (d != NULL) { - /* Private key is sensitive data. */ - wolfSSL_BN_clear_free(rsa->d); - rsa->d = d; - } - - /* Set the values into the wolfCrypt RSA key. */ - if (SetRsaInternal(rsa) != 1) { - if (n != NULL) { - rsa->n = NULL; - } - if (e != NULL) { - rsa->e = NULL; - } - if (d != NULL) { - rsa->d = NULL; - } - ret = 0; - } - } - - return ret; -} - -/* Get the flags of the RSA key. - * - * @param [in] rsa RSA key. - * @return Flags set in RSA key on success. - * @return 0 when RSA key is NULL. - */ -int wolfSSL_RSA_flags(const WOLFSSL_RSA *rsa) -{ - int ret = 0; - - /* Get flags from the RSA key if available. */ - if (rsa != NULL) { - ret = rsa->flags; - } - - return ret; -} - -/* Set the flags into the RSA key. - * - * @param [in, out] rsa RSA key. - * @param [in] flags Flags to set. - */ -void wolfSSL_RSA_set_flags(WOLFSSL_RSA *rsa, int flags) -{ - /* Add the flags into RSA key if available. */ - if (rsa != NULL) { - rsa->flags |= flags; - } -} - -/* Clear the flags in the RSA key. - * - * @param [in, out] rsa RSA key. - * @param [in] flags Flags to clear. - */ -void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *rsa, int flags) -{ - /* Clear the flags passed in that are on the RSA key if available. */ - if (rsa != NULL) { - rsa->flags &= ~flags; - } -} - -/* Test the flags in the RSA key. - * - * @param [in] rsa RSA key. - * @return Matching flags of RSA key on success. - * @return 0 when RSA key is NULL. - */ -int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *rsa, int flags) -{ - /* Return the flags passed in that are set on the RSA key if available. */ - return (rsa != NULL) ? (rsa->flags & flags) : 0; -} - -/* Get the extra data, by index, associated with the RSA key. - * - * @param [in] rsa RSA key. - * @param [in] idx Index of extra data. - * @return Extra data (anonymous type) on success. - * @return NULL on failure. - */ -void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx) -{ - WOLFSSL_ENTER("wolfSSL_RSA_get_ex_data"); - -#ifdef HAVE_EX_DATA - return (rsa == NULL) ? NULL : - wolfSSL_CRYPTO_get_ex_data(&rsa->ex_data, idx); -#else - (void)rsa; - (void)idx; - - return NULL; -#endif -} - -/* Set extra data against the RSA key at an index. - * - * @param [in, out] rsa RSA key. - * @param [in] idx Index set set extra data at. - * @param [in] data Extra data of anonymous type. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data) -{ - WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data"); - -#ifdef HAVE_EX_DATA - return (rsa == NULL) ? 0 : - wolfSSL_CRYPTO_set_ex_data(&rsa->ex_data, idx, data); -#else - (void)rsa; - (void)idx; - (void)data; - - return 0; -#endif -} - -#ifdef HAVE_EX_DATA_CLEANUP_HOOKS -/* Set the extra data and cleanup callback against the RSA key at an index. - * - * Not OpenSSL API. - * - * @param [in, out] rsa RSA key. - * @param [in] idx Index set set extra data at. - * @param [in] data Extra data of anonymous type. - * @param [in] freeCb Callback function to free extra data. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_set_ex_data_with_cleanup(WOLFSSL_RSA *rsa, int idx, void *data, - wolfSSL_ex_data_cleanup_routine_t freeCb) -{ - WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data_with_cleanup"); - - return (rsa == NULL) ? 0 : - wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, data, - freeCb); -} -#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ - -/* - * RSA check key APIs - */ - -#ifdef WOLFSSL_RSA_KEY_CHECK -/* Check that the RSA key is valid using wolfCrypt. - * - * @param [in] rsa RSA key. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_RSA_check_key"); - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->internal == NULL)) { - ret = 0; - } - - /* Constant RSA - assume internal data has been set. */ - - /* Check wolfCrypt RSA key. */ - if ((ret == 1) && (wc_CheckRsaKey((RsaKey*)rsa->internal) != 0)) { - ret = 0; - } - - WOLFSSL_LEAVE("wolfSSL_RSA_check_key", ret); - - return ret; -} -#endif /* WOLFSSL_RSA_KEY_CHECK */ - -/* - * RSA generate APIs - */ - -/* Get a random number generator associated with the RSA key. - * - * If not able, then get the global if possible. - * *tmpRng must not be an initialized RNG. - * *tmpRng is allocated when WOLFSSL_SMALL_STACK is defined and an RNG isn't - * associated with the wolfCrypt RSA key. - * - * @param [in] rsa RSA key. - * @param [out] tmpRng Temporary random number generator. - * @param [out] initTmpRng Temporary random number generator was initialized. - * - * @return A wolfCrypt RNG to use on success. - * @return NULL on error. - */ -WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng) -{ - WC_RNG* rng = NULL; - int err = 0; - - /* Check validity of parameters. */ - if ((rsa == NULL) || (initTmpRng == NULL)) { - err = 1; - } - if (!err) { - /* Haven't initialized any RNG passed through tmpRng. */ - *initTmpRng = 0; - - #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) - /* Use wolfCrypt RSA key's RNG if available/set. */ - rng = ((RsaKey*)rsa->internal)->rng; - #endif - } - if ((!err) && (rng == NULL) && (tmpRng != NULL)) { - /* Make an RNG with tmpRng or get global. */ - rng = wolfssl_make_rng(*tmpRng, initTmpRng); - if ((rng != NULL) && *initTmpRng) { - *tmpRng = rng; - } - } - - return rng; -} - -/* Use the wolfCrypt RSA APIs to generate a new RSA key. - * - * @param [in, out] rsa RSA key. - * @param [in] bits Number of bits that the modulus must have. - * @param [in] e A BN object holding the public exponent to use. - * @param [in] cb Status callback. Unused. - * @return 0 on success. - * @return wolfSSL native error code on error. - */ -static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, - WOLFSSL_BIGNUM* e, void* cb) -{ -#ifdef WOLFSSL_KEY_GEN - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRng = NULL; -#else - WC_RNG _tmpRng[1]; - WC_RNG* tmpRng = _tmpRng; -#endif - int initTmpRng = 0; - WC_RNG* rng = NULL; - long en = 0; -#endif - - (void)cb; - - WOLFSSL_ENTER("wolfssl_rsa_generate_key_native"); - -#ifdef WOLFSSL_KEY_GEN - /* Get RNG in wolfCrypt RSA key or initialize a new one (or global). */ - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); - if (rng == NULL) { - /* Something went wrong so return memory error. */ - ret = MEMORY_E; - } - if ((ret == 0) && ((en = (long)wolfSSL_BN_get_word(e)) <= 0)) { - ret = BAD_FUNC_ARG; - } - if (ret == 0) { - /* Generate an RSA key. */ - ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, en, rng); - if (ret != MP_OKAY) { - WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed"); - } - } - if (ret == 0) { - /* Get the values from wolfCrypt RSA key into external RSA key. */ - ret = SetRsaExternal(rsa); - if (ret == 1) { - /* Internal matches external. */ - rsa->inSet = 1; - /* Return success. */ - ret = 0; - } - else { - /* Something went wrong so return memory error. */ - ret = MEMORY_E; - } - } - - /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ - if (initTmpRng) { - wc_FreeRng(tmpRng); - } - WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); - - return ret; -#else - WOLFSSL_ERROR_MSG("No Key Gen built in"); - - (void)rsa; - (void)e; - (void)bits; - - return NOT_COMPILED_IN; -#endif -} - -/* Generate an RSA key that has the specified modulus size and public exponent. - * - * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded - * down to nearest multiple of 8. For example generating a key of size - * 2999 bits will make a key of size 374 bytes instead of 375 bytes. - * - * @param [in] bits Number of bits that the modulus must have i.e. 2048. - * @param [in] e Public exponent to use i.e. 65537. - * @param [in] cb Status callback. Unused. - * @param [in] data Data to pass to status callback. Unused. - * @return A new RSA key on success. - * @return NULL on failure. - */ -WOLFSSL_RSA* wolfSSL_RSA_generate_key(int bits, unsigned long e, - void(*cb)(int, int, void*), void* data) -{ - WOLFSSL_RSA* rsa = NULL; - WOLFSSL_BIGNUM* bn = NULL; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_generate_key"); - - (void)cb; - (void)data; - - /* Validate bits. */ - if (bits < 0) { - WOLFSSL_ERROR_MSG("Bad argument: bits was less than 0"); - err = 1; - } - /* Create a new BN to hold public exponent - for when wolfCrypt supports - * longer values. */ - if ((!err) && ((bn = wolfSSL_BN_new()) == NULL)) { - WOLFSSL_ERROR_MSG("Error creating big number"); - err = 1; - } - /* Set public exponent. */ - if ((!err) && (wolfSSL_BN_set_word(bn, e) != 1)) { - WOLFSSL_ERROR_MSG("Error using e value"); - err = 1; - } - - /* Create an RSA key object to hold generated key. */ - if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { - WOLFSSL_ERROR_MSG("memory error"); - err = 1; - } - while (!err) { - int ret; - - /* Use wolfCrypt to generate RSA key. */ - ret = wolfssl_rsa_generate_key_native(rsa, bits, bn, NULL); - #ifdef HAVE_FIPS - /* Keep trying if failed to find a prime. */ - if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { - continue; - } - #endif - if (ret != WOLFSSL_ERROR_NONE) { - /* Unrecoverable error in generation. */ - err = 1; - } - /* Done generating - unrecoverable error or success. */ - break; - } - if (err) { - /* Dispose of RSA key object if generation didn't work. */ - wolfSSL_RSA_free(rsa); - /* Returning NULL on error. */ - rsa = NULL; - } - /* Dispose of the temporary BN used for the public exponent. */ - wolfSSL_BN_free(bn); - - return rsa; -} - -/* Generate an RSA key that has the specified modulus size and public exponent. - * - * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded - * down to nearest multiple of 8. For example generating a key of size - * 2999 bits will make a key of size 374 bytes instead of 375 bytes. - * - * @param [in] bits Number of bits that the modulus must have i.e. 2048. - * @param [in] e Public exponent to use, i.e. 65537, as a BN. - * @param [in] cb Status callback. Unused. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, - void* cb) -{ - int ret = 1; - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->internal == NULL)) { - WOLFSSL_ERROR_MSG("bad arguments"); - ret = 0; - } - else { - for (;;) { - /* Use wolfCrypt to generate RSA key. */ - int gen_ret = wolfssl_rsa_generate_key_native(rsa, bits, e, cb); - #ifdef HAVE_FIPS - /* Keep trying again if public key value didn't work. */ - if (gen_ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { - continue; - } - #endif - if (gen_ret != WOLFSSL_ERROR_NONE) { - /* Unrecoverable error in generation. */ - ret = 0; - } - /* Done generating - unrecoverable error or success. */ - break; - } - } - - return ret; -} - -#endif /* OPENSSL_EXTRA */ - -/* - * RSA padding APIs - */ - -#ifdef WC_RSA_PSS - -#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) -static int rsa_pss_calc_salt(int saltLen, int hashLen, int emLen) -{ - /* Calculate the salt length to use for special cases. */ - switch (saltLen) { - /* Negative saltLen values are treated differently. */ - case WC_RSA_PSS_SALTLEN_DIGEST: - saltLen = hashLen; - break; - case WC_RSA_PSS_SALTLEN_MAX_SIGN: - case WC_RSA_PSS_SALTLEN_MAX: - #ifdef WOLFSSL_PSS_LONG_SALT - saltLen = emLen - hashLen - 2; - #else - saltLen = hashLen; - (void)emLen; - #endif - break; - default: - break; - } - if (saltLen < 0) { - /* log invalid salt, let wolfCrypt handle error */ - WOLFSSL_ERROR_MSG("invalid saltLen"); - saltLen = -3; /* for wolfCrypt to produce error must be < -2 */ - } - return saltLen; -} -#endif /* OPENSSL_EXTRA && !HAVE_SELFTEST */ - -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - -/* Add PKCS#1 PSS padding to hash. - * - * - * +-----------+ - * | M | - * +-----------+ - * | - * V - * Hash - * | - * V - * +--------+----------+----------+ - * M' = |Padding1| mHash | salt | - * +--------+----------+----------+ - * | - * +--------+----------+ V - * DB = |Padding2|maskedseed| Hash - * +--------+----------+ | - * | | - * V | +--+ - * xor <--- MGF <---| |bc| - * | | +--+ - * | | | - * V V V - * +-------------------+----------+--+ - * EM = | maskedDB |maskedseed|bc| - * +-------------------+----------+--+ - * Diagram taken from https://tools.ietf.org/html/rfc3447#section-9.1 - * - * @param [in] rsa RSA key. - * @param [out] em Encoded message. - * @param [in[ mHash Message hash. - * @param [in] hashAlg Hash algorithm. - * @param [in] mgf1Hash MGF algorithm. - * @param [in] saltLen Length of salt to generate. - * @return 1 on success. - * @return 0 on failure. - */ - -int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, - const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) -{ - int ret = 1; - enum wc_HashType hashType = WC_HASH_TYPE_NONE; - int hashLen = 0; - int emLen = 0; - int mgf = 0; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRng = NULL; -#else - WC_RNG _tmpRng[1]; - WC_RNG* tmpRng = _tmpRng; -#endif - - WOLFSSL_ENTER("wolfSSL_RSA_padding_add_PKCS1_PSS"); - - /* Validate parameters. */ - if ((rsa == NULL) || (em == NULL) || (mHash == NULL) || (hashAlg == NULL)) { - ret = 0; - } - - if (mgf1Hash == NULL) - mgf1Hash = hashAlg; - - if (ret == 1) { - /* Get/create an RNG. */ - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); - if (rng == NULL) { - WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error"); - ret = 0; - } - } - - /* TODO: use wolfCrypt RSA key to get emLen and bits? */ - /* Set the external data from the wolfCrypt RSA key if not done. */ - if ((ret == 1) && (!rsa->exSet)) { - ret = SetRsaExternal(rsa); - } - - if (ret == 1) { - /* Get the wolfCrypt hash algorithm type. */ - hashType = EvpMd2MacType(hashAlg); - if (hashType > WC_HASH_TYPE_MAX) { - WOLFSSL_ERROR_MSG("EvpMd2MacType error"); - ret = 0; - } - } - if (ret == 1) { - /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); - if (mgf == WC_MGF1NONE) { - WOLFSSL_ERROR_MSG("wc_hash2mgf error"); - ret = 0; - } - } - if (ret == 1) { - /* Get the length of the hash output. */ - hashLen = wolfSSL_EVP_MD_size(hashAlg); - if (hashLen < 0) { - WOLFSSL_ERROR_MSG("wolfSSL_EVP_MD_size error"); - ret = 0; - } - } - - if (ret == 1) { - /* Get length of RSA key - encrypted message length. */ - emLen = wolfSSL_RSA_size(rsa); - if (emLen <= 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error"); - ret = 0; - } - } - - if (ret == 1) { - saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); - } - - if (ret == 1) { - /* Generate RSA PKCS#1 PSS padding for hash using wolfCrypt. */ - if (wc_RsaPad_ex(mHash, (word32)hashLen, em, (word32)emLen, - RSA_BLOCK_TYPE_1, rng, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0, - saltLen, wolfSSL_BN_num_bits(rsa->n), NULL) != MP_OKAY) { - WOLFSSL_ERROR_MSG("wc_RsaPad_ex error"); - ret = 0; - } - } - - /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ - if (initTmpRng) { - wc_FreeRng(tmpRng); - } - WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); - - return ret; -} - -int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) -{ - return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, - saltLen); -} - -/* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. - * - * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. - * - * @param [in] rsa RSA key. - * @param [in[ mHash Message hash. - * @param [in] hashAlg Hash algorithm. - * @param [in] mgf1Hash MGF algorithm. - * @param [in] em Encoded message. - * @param [in] saltLen Length of salt to generate. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, - const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) -{ - int ret = 1; - int hashLen = 0; - int mgf = 0; - int emLen = 0; - int mPrimeLen = 0; - enum wc_HashType hashType = WC_HASH_TYPE_NONE; - byte *mPrime = NULL; - byte *buf = NULL; - - WOLFSSL_ENTER("wolfSSL_RSA_verify_PKCS1_PSS"); - - /* Validate parameters. */ - if ((rsa == NULL) || (mHash == NULL) || (hashAlg == NULL) || (em == NULL)) { - ret = 0; - } - - if (mgf1Hash == NULL) - mgf1Hash = hashAlg; - - /* TODO: use wolfCrypt RSA key to get emLen and bits? */ - /* Set the external data from the wolfCrypt RSA key if not done. */ - if ((ret == 1) && (!rsa->exSet)) { - ret = SetRsaExternal(rsa); - } - - if (ret == 1) { - /* Get hash length for hash algorithm. */ - hashLen = wolfSSL_EVP_MD_size(hashAlg); - if (hashLen < 0) { - ret = 0; - } - } - - if (ret == 1) { - /* Get length of RSA key - encrypted message length. */ - emLen = wolfSSL_RSA_size(rsa); - if (emLen <= 0) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error"); - ret = 0; - } - } - - if (ret == 1) { - saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); - } - - if (ret == 1) { - /* Get the wolfCrypt hash algorithm type. */ - hashType = EvpMd2MacType(hashAlg); - if (hashType > WC_HASH_TYPE_MAX) { - WOLFSSL_ERROR_MSG("EvpMd2MacType error"); - ret = 0; - } - } - - if (ret == 1) { - /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { - WOLFSSL_ERROR_MSG("wc_hash2mgf error"); - ret = 0; - } - } - - if (ret == 1) { - /* Allocate buffer to unpad inline with. */ - buf = (byte*)XMALLOC((size_t)emLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - WOLFSSL_ERROR_MSG("malloc error"); - ret = 0; - } - } - - if (ret == 1) { - /* Copy encrypted message to temp for inline unpadding. */ - XMEMCPY(buf, em, (size_t)emLen); - - /* Remove and verify the PSS padding. */ - mPrimeLen = wc_RsaUnPad_ex(buf, (word32)emLen, &mPrime, - RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0, saltLen, - wolfSSL_BN_num_bits(rsa->n), NULL); - if (mPrimeLen < 0) { - WOLFSSL_ERROR_MSG("wc_RsaPad_ex error"); - ret = 0; - } - } - - if (ret == 1) { - /* Verify the hash is correct. */ - if (wc_RsaPSS_CheckPadding_ex(mHash, (word32)hashLen, mPrime, - (word32)mPrimeLen, hashType, saltLen, - wolfSSL_BN_num_bits(rsa->n)) != MP_OKAY) { - WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); - ret = 0; - } - } - - /* Dispose of any allocated buffer. */ - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} - -int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, - const WOLFSSL_EVP_MD *hashAlg, - const unsigned char *em, int saltLen) -{ - return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, - saltLen); -} -#endif /* (!HAVE_FIPS || FIPS_VERSION_GT(2,0)) && \ - (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_NGINX) */ -#endif /* WC_RSA_PSS */ - -/* - * RSA sign/verify APIs - */ - -#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) - #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER - #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DEFAULT - #else - #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DISCOVER - #endif -#else - #define DEF_PSS_SALT_LEN 0 /* not used */ -#endif - -#if defined(OPENSSL_EXTRA) - -/* Encode the message hash. - * - * Used by signing and verification. - * - * @param [in] hashAlg Hash algorithm OID. - * @param [in] hash Hash of message to encode for signing. - * @param [in] hLen Length of hash of message. - * @param [out] enc Encoded message hash. - * @param [out] encLen Length of encoded message hash. - * @param [in] padding Which padding scheme is being used. - * @return 1 on success. - * @return 0 on failure. - */ -static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash, - unsigned int hLen, unsigned char* enc, unsigned int* encLen, int padding) -{ - int ret = 1; - int hType = WC_HASH_TYPE_NONE; - - /* Validate parameters. */ - if ((hash == NULL) || (enc == NULL) || (encLen == NULL)) { - ret = 0; - } - - if ((ret == 1) && (hashAlg != WC_NID_undef) && - (padding == WC_RSA_PKCS1_PADDING)) { - /* Convert hash algorithm to hash type for PKCS#1.5 padding. */ - hType = (int)nid2oid(hashAlg, oidHashType); - if (hType == -1) { - ret = 0; - } - } - if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) { - /* PKCS#1.5 encoding. */ - word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType); - if (encSz == 0) { - WOLFSSL_ERROR_MSG("Bad Encode Signature"); - ret = 0; - } - else { - *encLen = (unsigned int)encSz; - } - } - /* Other padding schemes require the hash as is. */ - if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) { - XMEMCPY(enc, hash, hLen); - *encLen = hLen; - } - - return ret; -} - -/* Sign the message hash using hash algorithm and RSA key. - * - * @param [in] hashAlg Hash algorithm OID. - * @param [in] hash Hash of message to encode for signing. - * @param [in] hLen Length of hash of message. - * @param [out] enc Encoded message hash. - * @param [out] encLen Length of encoded message hash. - * @param [in] rsa RSA key. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen, - unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) -{ - if (sigLen != NULL) { - /* No size checking in this API */ - *sigLen = RSA_MAX_SIZE / CHAR_BIT; - } - /* flag is 1: output complete signature. */ - return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, - sigLen, rsa, 1, WC_RSA_PKCS1_PADDING); -} - -/* Sign the message hash using hash algorithm and RSA key. - * - * Not OpenSSL API. - * - * @param [in] hashAlg Hash algorithm NID. - * @param [in] hash Hash of message to encode for signing. - * @param [in] hLen Length of hash of message. - * @param [out] enc Encoded message hash. - * @param [out] encLen Length of encoded message hash. - * @param [in] rsa RSA key. - * @param [in] flag When 1: Output encrypted signature. - * When 0: Output encoded hash. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, - unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, - WOLFSSL_RSA* rsa, int flag) -{ - int ret = 0; - - if ((flag == 0) || (flag == 1)) { - if (sigLen != NULL) { - /* No size checking in this API */ - *sigLen = RSA_MAX_SIZE / CHAR_BIT; - } - ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, - sigLen, rsa, flag, WC_RSA_PKCS1_PADDING); - } - - return ret; -} - -int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, - unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, - WOLFSSL_RSA* rsa, int flag, int padding) -{ - return wolfSSL_RSA_sign_mgf(hashAlg, hash, hLen, sigRet, sigLen, rsa, flag, - padding, hashAlg, DEF_PSS_SALT_LEN); -} - -/** - * Sign a message hash with the chosen message digest, padding, and RSA key. - * - * Not OpenSSL API. - * - * @param [in] hashAlg Hash NID - * @param [in] hash Message hash to sign. - * @param [in] mLen Length of message hash to sign. - * @param [out] sigRet Output buffer. - * @param [in, out] sigLen On Input: length of sigRet buffer. - * On Output: length of data written to sigRet. - * @param [in] rsa RSA key used to sign the input. - * @param [in] flag 1: Output the signature. - * 0: Output the value that the unpadded signature - * should be compared to. - * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and - * WC_RSA_PKCS1_PADDING are currently supported for - * signing. - * @param [in] mgf1Hash MGF1 Hash NID - * @param [in] saltLen Length of RSA PSS salt - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_sign_mgf(int hashAlg, const unsigned char* hash, - unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, - WOLFSSL_RSA* rsa, int flag, int padding, int mgf1Hash, int saltLen) -{ - int ret = 1; - word32 outLen = 0; - int signSz = 0; - WC_RNG* rng = NULL; - int initTmpRng = 0; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRng = NULL; - byte* encodedSig = NULL; -#else - WC_RNG _tmpRng[1]; - WC_RNG* tmpRng = _tmpRng; - byte encodedSig[MAX_ENCODED_SIG_SZ]; -#endif - unsigned int encSz = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_sign_mgf"); - - if (flag == 0) { - /* Only encode message. */ - return wolfssl_rsa_sig_encode(hashAlg, hash, hLen, sigRet, sigLen, - padding); - } - - /* Validate parameters. */ - if ((hash == NULL) || (sigRet == NULL) || sigLen == NULL || rsa == NULL) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = 0; - } - - /* Set wolfCrypt RSA key data from external if not already done. */ - if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = 0; - } - - if (ret == 1) { - /* Get the maximum signature length. */ - outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); - /* Check not an error return. */ - if (outLen == 0) { - WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = 0; - } - /* Check signature buffer is big enough. */ - else if (outLen > *sigLen) { - WOLFSSL_ERROR_MSG("Output buffer too small"); - ret = 0; - } - } - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 1) { - /* Allocate encoded signature buffer if doing PKCS#1 padding. */ - encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_SIGNATURE); - if (encodedSig == NULL) { - ret = 0; - } - } -#endif - - if (ret == 1) { - /* Get/create an RNG. */ - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); - if (rng == NULL) { - WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error"); - ret = 0; - } - } - - /* Either encodes with PKCS#1.5 or copies hash into encodedSig. */ - if ((ret == 1) && (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, - &encSz, padding) == 0)) { - WOLFSSL_ERROR_MSG("Bad Encode Signature"); - ret = 0; - } - - if (ret == 1) { - switch (padding) { - #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) - case WC_RSA_NO_PAD: - if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen, - (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad RSA Sign no pad"); - ret = 0; - } - break; - #endif - #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) - case WC_RSA_PKCS1_PSS_PADDING: - { - RsaKey* key = (RsaKey*)rsa->internal; - enum wc_HashType mgf1, hType; - hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); - if (mgf1Hash == WC_NID_undef) - mgf1Hash = hashAlg; - mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); - /* handle compat layer salt special cases */ - saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), - wolfSSL_RSA_size(rsa)); - - /* Create RSA PSS signature. */ - if ((signSz = wc_RsaPSS_Sign_ex(encodedSig, encSz, sigRet, outLen, - hType, wc_hash2mgf(mgf1), saltLen, key, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad RSA PSS Sign"); - ret = 0; - } - break; - } - #endif - #ifndef WC_NO_RSA_OAEP - case WC_RSA_PKCS1_OAEP_PADDING: - /* Not a signature padding scheme. */ - WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for " - "signing"); - ret = 0; - break; - #endif - case WC_RSA_PKCS1_PADDING: - { - /* Sign (private encrypt) PKCS#1 encoded signature. */ - if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen, - (RsaKey*)rsa->internal, rng)) <= 0) { - WOLFSSL_ERROR_MSG("Bad PKCS1 RSA Sign"); - ret = 0; - } - break; - } - default: - WOLFSSL_ERROR_MSG("Unsupported padding"); - (void)mgf1Hash; - (void)saltLen; - ret = 0; - break; - } - } - - if (ret == 1) { - /* Return the size of signature generated. */ - *sigLen = (unsigned int)signSz; - } - - /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ - if (initTmpRng) { - wc_FreeRng(tmpRng); - } - WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); - WC_FREE_VAR_EX(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); - - WOLFSSL_LEAVE("wolfSSL_RSA_sign_mgf", ret); - return ret; -} - -/** - * Verify a message hash with the chosen message digest, padding, and RSA key. - * - * @param [in] hashAlg Hash NID - * @param [in] hash Message hash. - * @param [in] mLen Length of message hash. - * @param [in] sigRet Signature data. - * @param [in] sigLen Length of signature data. - * @param [in] rsa RSA key used to sign the input - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, - unsigned int hLen, const unsigned char* sig, unsigned int sigLen, - WOLFSSL_RSA* rsa) -{ - return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa, - WC_RSA_PKCS1_PADDING); -} - -int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, - unsigned int hLen, const unsigned char* sig, unsigned int sigLen, - WOLFSSL_RSA* rsa, int padding) -{ - return wolfSSL_RSA_verify_mgf(hashAlg, hash, hLen, sig, sigLen, rsa, - padding, hashAlg, DEF_PSS_SALT_LEN); -} - -/** - * Verify a message hash with the chosen message digest, padding, and RSA key. - * - * Not OpenSSL API. - * - * @param [in] hashAlg Hash NID - * @param [in] hash Message hash. - * @param [in] mLen Length of message hash. - * @param [in] sigRet Signature data. - * @param [in] sigLen Length of signature data. - * @param [in] rsa RSA key used to sign the input - * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and - * WC_RSA_PKCS1_PADDING are currently supported for - * signing. - * @param [in] mgf1Hash MGF1 Hash NID - * @param [in] saltLen Length of RSA PSS salt - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_RSA_verify_mgf(int hashAlg, const unsigned char* hash, - unsigned int hLen, const unsigned char* sig, unsigned int sigLen, - WOLFSSL_RSA* rsa, int padding, int mgf1Hash, int saltLen) -{ - int ret = 1; -#ifdef WOLFSSL_SMALL_STACK - unsigned char* encodedSig = NULL; -#else - unsigned char encodedSig[MAX_ENCODED_SIG_SZ]; -#endif - unsigned char* sigDec = NULL; - unsigned int len = MAX_ENCODED_SIG_SZ; - int verLen = 0; -#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && !defined(HAVE_SELFTEST) - enum wc_HashType hType = WC_HASH_TYPE_NONE; -#endif - - WOLFSSL_ENTER("wolfSSL_RSA_verify_mgf"); - - /* Validate parameters. */ - if ((hash == NULL) || (sig == NULL) || (rsa == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = 0; - } - - if (ret == 1) { - /* Allocate memory for decrypted signature. */ - sigDec = (unsigned char *)XMALLOC(sigLen, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (sigDec == NULL) { - WOLFSSL_ERROR_MSG("Memory allocation failure"); - ret = 0; - } - } - if (ret == 1 && padding == WC_RSA_PKCS1_PSS_PADDING) { - #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) - RsaKey* key = (RsaKey*)rsa->internal; - enum wc_HashType mgf1; - hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); - if (mgf1Hash == WC_NID_undef) - mgf1Hash = hashAlg; - mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); - - /* handle compat layer salt special cases */ - saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), - wolfSSL_RSA_size(rsa)); - - verLen = wc_RsaPSS_Verify_ex((byte*)sig, sigLen, sigDec, sigLen, - hType, wc_hash2mgf(mgf1), saltLen, key); - if (verLen > 0) { - /* Check PSS padding is valid. */ - if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen, - hType, saltLen, mp_count_bits(&key->n)) != 0) { - WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); - ret = WOLFSSL_FAILURE; - } - else { - /* Success! Free resources and return early */ - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_SUCCESS; - } - } - else { - WOLFSSL_ERROR_MSG("wc_RsaPSS_Verify_ex failed!"); - ret = WOLFSSL_FAILURE; - } - #else - (void)mgf1Hash; - (void)saltLen; - WOLFSSL_ERROR_MSG("RSA PSS not compiled in!"); - ret = WOLFSSL_FAILURE; - #endif - } - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 1) { - /* Allocate memory for encoded signature. */ - encodedSig = (unsigned char *)XMALLOC(len, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) { - WOLFSSL_ERROR_MSG("Memory allocation failure"); - ret = 0; - } - } -#endif - if (ret == 1) { - /* Make encoded signature to compare with decrypted signature. */ - if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len, - padding) <= 0) { - WOLFSSL_ERROR_MSG("Message Digest Error"); - ret = 0; - } - } - if (ret == 1) { - /* Decrypt signature */ - #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && \ - !defined(HAVE_SELFTEST) - hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); - if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, - sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { - WOLFSSL_ERROR_MSG("RSA Decrypt error"); - ret = 0; - } - #else - verLen = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, - (RsaKey*)rsa->internal); - if (verLen < 0) { - ret = 0; - } - #endif - } - if (ret == 1) { - /* Compare decrypted signature to encoded signature. */ - if (((int)len != verLen) || - (XMEMCMP(encodedSig, sigDec, (size_t)verLen) != 0)) { - WOLFSSL_ERROR_MSG("wolfSSL_RSA_verify_ex failed"); - ret = 0; - } - } - - /* Dispose of any allocated data. */ - WC_FREE_VAR_EX(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - WOLFSSL_LEAVE("wolfSSL_RSA_verify_mgf", ret); - return ret; -} - -/* - * RSA public/private encrypt/decrypt APIs - */ - -/* Encrypt with the RSA public key. - * - * Return compliant with OpenSSL. - * - * @param [in] len Length of data to encrypt. - * @param [in] from Data to encrypt. - * @param [out] to Encrypted data. - * @param [in] rsa RSA key. - * @param [in] padding Type of padding to place around plaintext. - * @return Size of encrypted data on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, - unsigned char* to, WOLFSSL_RSA* rsa, int padding) -{ - int ret = 0; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRng = NULL; -#else - WC_RNG _tmpRng[1]; - WC_RNG* tmpRng = _tmpRng; -#endif -#if !defined(HAVE_FIPS) - int mgf = WC_MGF1NONE; - enum wc_HashType hash = WC_HASH_TYPE_NONE; - int pad_type = WC_RSA_NO_PAD; -#endif - int outLen = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_public_encrypt"); - - /* Validate parameters. */ - if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || - (from == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - #if !defined(HAVE_FIPS) - /* Convert to wolfCrypt padding, hash and MGF. */ - switch (padding) { - case WC_RSA_PKCS1_PADDING: - pad_type = WC_RSA_PKCSV15_PAD; - break; - case WC_RSA_PKCS1_OAEP_PADDING: - pad_type = WC_RSA_OAEP_PAD; - hash = WC_HASH_TYPE_SHA; - mgf = WC_MGF1SHA1; - break; - case WC_RSA_NO_PAD: - pad_type = WC_RSA_NO_PAD; - break; - default: - WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding " - "scheme"); - ret = WOLFSSL_FATAL_ERROR; - } - #else - /* Check for supported padding schemes in FIPS. */ - /* TODO: Do we support more schemes in later versions of FIPS? */ - if (padding != WC_RSA_PKCS1_PADDING) { - WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " - "FIPS"); - ret = WOLFSSL_FATAL_ERROR; - } - #endif - } - - /* Set wolfCrypt RSA key data from external if not already done. */ - if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - /* Calculate maximum length of encrypted data. */ - outLen = wolfSSL_RSA_size(rsa); - if (outLen == 0) { - WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - /* Get an RNG. */ - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); - if (rng == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - /* Use wolfCrypt to public-encrypt with RSA key. */ - #if !defined(HAVE_FIPS) - ret = wc_RsaPublicEncrypt_ex(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal, rng, pad_type, hash, mgf, NULL, 0); - #else - ret = wc_RsaPublicEncrypt(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal, rng); - #endif - } - - /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ - if (initTmpRng) { - wc_FreeRng(tmpRng); - } - WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); - - /* wolfCrypt error means return -1. */ - if (ret <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret); - return ret; -} - -/* Decrypt with the RSA public key. - * - * Return compliant with OpenSSL. - * - * @param [in] len Length of encrypted data. - * @param [in] from Encrypted data. - * @param [out] to Decrypted data. - * @param [in] rsa RSA key. - * @param [in] padding Type of padding to around plaintext to remove. - * @return Size of decrypted data on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, - unsigned char* to, WOLFSSL_RSA* rsa, int padding) -{ - int ret = 0; -#if !defined(HAVE_FIPS) - int mgf = WC_MGF1NONE; - enum wc_HashType hash = WC_HASH_TYPE_NONE; - int pad_type = WC_RSA_NO_PAD; -#endif - int outLen = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_private_decrypt"); - - /* Validate parameters. */ - if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || - (from == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - #if !defined(HAVE_FIPS) - switch (padding) { - case WC_RSA_PKCS1_PADDING: - pad_type = WC_RSA_PKCSV15_PAD; - break; - case WC_RSA_PKCS1_OAEP_PADDING: - pad_type = WC_RSA_OAEP_PAD; - hash = WC_HASH_TYPE_SHA; - mgf = WC_MGF1SHA1; - break; - case WC_RSA_NO_PAD: - pad_type = WC_RSA_NO_PAD; - break; - default: - WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding"); - ret = WOLFSSL_FATAL_ERROR; - } - #else - /* Check for supported padding schemes in FIPS. */ - /* TODO: Do we support more schemes in later versions of FIPS? */ - if (padding != WC_RSA_PKCS1_PADDING) { - WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " - "FIPS"); - ret = WOLFSSL_FATAL_ERROR; - } - #endif - } - - /* Set wolfCrypt RSA key data from external if not already done. */ - if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - /* Calculate maximum length of decrypted data. */ - outLen = wolfSSL_RSA_size(rsa); - if (outLen == 0) { - WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - /* Use wolfCrypt to private-decrypt with RSA key. - * Size of 'to' buffer must be size of RSA key */ - #if !defined(HAVE_FIPS) - ret = wc_RsaPrivateDecrypt_ex(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal, pad_type, hash, mgf, NULL, 0); - #else - ret = wc_RsaPrivateDecrypt(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal); - #endif - } - - /* wolfCrypt error means return -1. */ - if (ret <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret); - return ret; -} - -/* Decrypt with the RSA public key. - * - * @param [in] len Length of encrypted data. - * @param [in] from Encrypted data. - * @param [out] to Decrypted data. - * @param [in] rsa RSA key. - * @param [in] padding Type of padding to around plaintext to remove. - * @return Size of decrypted data on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, - unsigned char* to, WOLFSSL_RSA* rsa, int padding) -{ - int ret = 0; -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - int pad_type = WC_RSA_NO_PAD; -#endif - int outLen = 0; - - WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt"); - - /* Validate parameters. */ - if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || - (from == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - switch (padding) { - case WC_RSA_PKCS1_PADDING: - pad_type = WC_RSA_PKCSV15_PAD; - break; - case WC_RSA_NO_PAD: - pad_type = WC_RSA_NO_PAD; - break; - /* TODO: RSA_X931_PADDING not supported */ - default: - WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding"); - ret = WOLFSSL_FATAL_ERROR; - } - #else - if (padding != WC_RSA_PKCS1_PADDING) { - WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in " - "FIPS"); - ret = WOLFSSL_FATAL_ERROR; - } - #endif - } - - /* Set wolfCrypt RSA key data from external if not already done. */ - if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - /* Calculate maximum length of encrypted data. */ - outLen = wolfSSL_RSA_size(rsa); - if (outLen == 0) { - WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - /* Use wolfCrypt to public-decrypt with RSA key. */ - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - /* Size of 'to' buffer must be size of RSA key. */ - ret = wc_RsaSSL_Verify_ex(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal, pad_type); - #else - /* For FIPS v1/v2 only PKCSV15 padding is supported */ - ret = wc_RsaSSL_Verify(from, (word32)len, to, (word32)outLen, - (RsaKey*)rsa->internal); - #endif - } - - /* wolfCrypt error means return -1. */ - if (ret <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret); - return ret; -} - -/* Encrypt with the RSA private key. - * - * Calls wc_RsaSSL_Sign. - * - * @param [in] len Length of data to encrypt. - * @param [in] from Data to encrypt. - * @param [out] to Encrypted data. - * @param [in] rsa RSA key. - * @param [in] padding Type of padding to place around plaintext. - * @return Size of encrypted data on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, - unsigned char* to, WOLFSSL_RSA* rsa, int padding) -{ - int ret = 0; - int initTmpRng = 0; - WC_RNG *rng = NULL; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRng = NULL; -#else - WC_RNG _tmpRng[1]; - WC_RNG* tmpRng = _tmpRng; -#endif - - WOLFSSL_ENTER("wolfSSL_RSA_private_encrypt"); - - /* Validate parameters. */ - if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || - (from == NULL)) { - WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - switch (padding) { - case WC_RSA_PKCS1_PADDING: - #ifdef WC_RSA_NO_PADDING - case WC_RSA_NO_PAD: - #endif - break; - /* TODO: RSA_X931_PADDING not supported */ - default: - WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - /* Set wolfCrypt RSA key data from external if not already done. */ - if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - /* Get an RNG. */ - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); - if (rng == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - /* Use wolfCrypt to private-encrypt with RSA key. - * Size of output buffer must be size of RSA key. */ - if (padding == WC_RSA_PKCS1_PADDING) { - ret = wc_RsaSSL_Sign(from, (word32)len, to, - (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng); - } - #ifdef WC_RSA_NO_PADDING - else if (padding == WC_RSA_NO_PAD) { - word32 outLen = (word32)wolfSSL_RSA_size(rsa); - ret = wc_RsaFunction(from, (word32)len, to, &outLen, - RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng); - if (ret == 0) - ret = (int)outLen; - } - #endif - } - - /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ - if (initTmpRng) { - wc_FreeRng(tmpRng); - } - WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); - - /* wolfCrypt error means return -1. */ - if (ret <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret); - return ret; -} - -/* - * RSA misc operation APIs - */ - -/* Calculate d mod p-1 and q-1 into BNs. - * - * Not OpenSSL API. - * - * @param [in, out] rsa RSA key. - * @return 1 on success. - * @return -1 on failure. - */ -int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) -{ - int ret = 1; - int err; - mp_int* t = NULL; - WC_DECLARE_VAR(tmp, mp_int, 1, 0); - - WOLFSSL_ENTER("wolfSSL_RsaGenAdd"); - - /* Validate parameters. */ - if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) || - (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) { - WOLFSSL_ERROR_MSG("rsa no init error"); - ret = WOLFSSL_FATAL_ERROR; - } - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 1) { - tmp = (mp_int *)XMALLOC(sizeof(*tmp), rsa->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - WOLFSSL_ERROR_MSG("Memory allocation failure"); - ret = WOLFSSL_FATAL_ERROR; - } - } -#endif - - if (ret == 1) { - /* Initialize temp MP integer. */ - if (mp_init(tmp) != MP_OKAY) { - WOLFSSL_ERROR_MSG("mp_init error"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 1) { - t = tmp; - - /* Sub 1 from p into temp. */ - err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp); - if (err != MP_OKAY) { - WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 1) { - /* Calculate d mod (p - 1) into dmp1 MP integer of BN. */ - err = mp_mod((mp_int*)rsa->d->internal, tmp, - (mp_int*)rsa->dmp1->internal); - if (err != MP_OKAY) { - WOLFSSL_ERROR_MSG("mp_mod error"); - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 1) { - /* Sub 1 from q into temp. */ - err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp); - if (err != MP_OKAY) { - WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 1) { - /* Calculate d mod (q - 1) into dmq1 MP integer of BN. */ - err = mp_mod((mp_int*)rsa->d->internal, tmp, - (mp_int*)rsa->dmq1->internal); - if (err != MP_OKAY) { - WOLFSSL_ERROR_MSG("mp_mod error"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - mp_clear(t); - -#ifdef WOLFSSL_SMALL_STACK - if (rsa != NULL) { - XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); - } -#endif - - return ret; -} - - -#ifndef NO_WOLFSSL_STUB -/* Enable blinding for RSA key operations. - * - * Blinding is a compile time option in wolfCrypt. - * - * @param [in] rsa RSA key. Unused. - * @param [in] bnCtx BN context to use for blinding. Unused. - * @return 1 always. - */ -int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bnCtx) -{ - WOLFSSL_STUB("RSA_blinding_on"); - WOLFSSL_ENTER("wolfSSL_RSA_blinding_on"); - - (void)rsa; - (void)bnCtx; - - return 1; /* on by default */ -} -#endif - -#endif /* OPENSSL_EXTRA */ - -#endif /* !NO_RSA */ - -/******************************************************************************* - * END OF RSA API - ******************************************************************************/ +#define WOLFSSL_PK_RSA_INCLUDED +#include "src/pk_rsa.c" /******************************************************************************* @@ -5393,7 +1481,7 @@ } /** - * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well. + * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums. * @return New WOLFSSL_DSA_SIG with r and s created as well */ static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void) @@ -6226,7 +2314,8 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* return 1 if success, -1 if error */ -int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz) +int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, + int derSz) { word32 idx = 0; int ret; @@ -6330,7 +2419,7 @@ * cb is for a call back when encountering encrypted PEM files * if cb == NULL and u != NULL then u = null terminated password string */ - WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM"); + WOLFSSL_MSG("Not supporting callback or password for encrypted PEM"); } if (PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL, @@ -8950,5511 +5039,9 @@ ******************************************************************************/ -/******************************************************************************* - * START OF EC API - ******************************************************************************/ - -#ifdef HAVE_ECC - -#if defined(OPENSSL_EXTRA) - -/* Start EC_curve */ - -/* Get the NIST name for the numeric ID. - * - * @param [in] nid Numeric ID of an EC curve. - * @return String representing NIST name of EC curve on success. - * @return NULL on error. - */ -const char* wolfSSL_EC_curve_nid2nist(int nid) -{ - const char* name = NULL; - const WOLF_EC_NIST_NAME* nist_name; - - /* Attempt to find the curve info matching the NID passed in. */ - for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { - if (nist_name->nid == nid) { - /* NID found - return name. */ - name = nist_name->name; - break; - } - } - - return name; -} - -/* Get the numeric ID for the NIST name. - * - * @param [in] name NIST name of EC curve. - * @return NID matching NIST name on success. - * @return 0 on error. - */ -int wolfSSL_EC_curve_nist2nid(const char* name) -{ - int nid = 0; - const WOLF_EC_NIST_NAME* nist_name; - - /* Attempt to find the curve info matching the NIST name passed in. */ - for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { - if (XSTRCMP(nist_name->name, name) == 0) { - /* Name found - return NID. */ - nid = nist_name->nid; - break; - } - } - - return nid; -} - -#endif /* OPENSSL_EXTRA */ - -/* End EC_curve */ - -/* Start EC_METHOD */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Get the EC method of the EC group object. - * - * wolfSSL doesn't use method tables. Implementation used is dependent upon - * the NID. - * - * @param [in] group EC group object. - * @return EC method. - */ -const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of( - const WOLFSSL_EC_GROUP *group) -{ - /* No method table used so just return the same object. */ - return group; -} - -/* Get field type for method. - * - * Only prime fields are supported. - * - * @param [in] meth EC method. - * @return X9.63 prime field NID on success. - * @return 0 on error. - */ -int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth) -{ - int nid = 0; - - if (meth != NULL) { - /* Only field type supported by code base. */ - nid = WC_NID_X9_62_prime_field; - } - - return nid; -} -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -/* End EC_METHOD */ - -/* Start EC_GROUP */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Converts ECC curve enum values in ecc_curve_id to the associated OpenSSL NID - * value. - * - * @param [in] n ECC curve id. - * @return ECC curve NID (OpenSSL compatible value). - */ -int EccEnumToNID(int n) -{ - WOLFSSL_ENTER("EccEnumToNID"); - - switch(n) { - case ECC_SECP192R1: - return WC_NID_X9_62_prime192v1; - case ECC_PRIME192V2: - return WC_NID_X9_62_prime192v2; - case ECC_PRIME192V3: - return WC_NID_X9_62_prime192v3; - case ECC_PRIME239V1: - return WC_NID_X9_62_prime239v1; - case ECC_PRIME239V2: - return WC_NID_X9_62_prime239v2; - case ECC_PRIME239V3: - return WC_NID_X9_62_prime239v3; - case ECC_SECP256R1: - return WC_NID_X9_62_prime256v1; - case ECC_SECP112R1: - return WC_NID_secp112r1; - case ECC_SECP112R2: - return WC_NID_secp112r2; - case ECC_SECP128R1: - return WC_NID_secp128r1; - case ECC_SECP128R2: - return WC_NID_secp128r2; - case ECC_SECP160R1: - return WC_NID_secp160r1; - case ECC_SECP160R2: - return WC_NID_secp160r2; - case ECC_SECP224R1: - return WC_NID_secp224r1; - case ECC_SECP384R1: - return WC_NID_secp384r1; - case ECC_SECP521R1: - return WC_NID_secp521r1; - case ECC_SECP160K1: - return WC_NID_secp160k1; - case ECC_SECP192K1: - return WC_NID_secp192k1; - case ECC_SECP224K1: - return WC_NID_secp224k1; - case ECC_SECP256K1: - return WC_NID_secp256k1; - case ECC_BRAINPOOLP160R1: - return WC_NID_brainpoolP160r1; - case ECC_BRAINPOOLP192R1: - return WC_NID_brainpoolP192r1; - case ECC_BRAINPOOLP224R1: - return WC_NID_brainpoolP224r1; - case ECC_BRAINPOOLP256R1: - return WC_NID_brainpoolP256r1; - case ECC_BRAINPOOLP320R1: - return WC_NID_brainpoolP320r1; - case ECC_BRAINPOOLP384R1: - return WC_NID_brainpoolP384r1; - case ECC_BRAINPOOLP512R1: - return WC_NID_brainpoolP512r1; - #ifdef WOLFSSL_SM2 - case ECC_SM2P256V1: - return WC_NID_sm2; - #endif - default: - WOLFSSL_MSG("NID not found"); - return WOLFSSL_FATAL_ERROR; - } -} -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* Converts OpenSSL NID of EC curve to the enum value in ecc_curve_id - * - * Used by ecc_sets[]. - * - * @param [in] n OpenSSL NID of EC curve. - * @return wolfCrypt EC curve id. - * @return -1 on error. - */ -int NIDToEccEnum(int nid) -{ - int id; - - WOLFSSL_ENTER("NIDToEccEnum"); - - switch (nid) { - case WC_NID_X9_62_prime192v1: - id = ECC_SECP192R1; - break; - case WC_NID_X9_62_prime192v2: - id = ECC_PRIME192V2; - break; - case WC_NID_X9_62_prime192v3: - id = ECC_PRIME192V3; - break; - case WC_NID_X9_62_prime239v1: - id = ECC_PRIME239V1; - break; - case WC_NID_X9_62_prime239v2: - id = ECC_PRIME239V2; - break; - case WC_NID_X9_62_prime239v3: - id = ECC_PRIME239V3; - break; - case WC_NID_X9_62_prime256v1: - id = ECC_SECP256R1; - break; - case WC_NID_secp112r1: - id = ECC_SECP112R1; - break; - case WC_NID_secp112r2: - id = ECC_SECP112R2; - break; - case WC_NID_secp128r1: - id = ECC_SECP128R1; - break; - case WC_NID_secp128r2: - id = ECC_SECP128R2; - break; - case WC_NID_secp160r1: - id = ECC_SECP160R1; - break; - case WC_NID_secp160r2: - id = ECC_SECP160R2; - break; - case WC_NID_secp224r1: - id = ECC_SECP224R1; - break; - case WC_NID_secp384r1: - id = ECC_SECP384R1; - break; - case WC_NID_secp521r1: - id = ECC_SECP521R1; - break; - case WC_NID_secp160k1: - id = ECC_SECP160K1; - break; - case WC_NID_secp192k1: - id = ECC_SECP192K1; - break; - case WC_NID_secp224k1: - id = ECC_SECP224K1; - break; - case WC_NID_secp256k1: - id = ECC_SECP256K1; - break; - case WC_NID_brainpoolP160r1: - id = ECC_BRAINPOOLP160R1; - break; - case WC_NID_brainpoolP192r1: - id = ECC_BRAINPOOLP192R1; - break; - case WC_NID_brainpoolP224r1: - id = ECC_BRAINPOOLP224R1; - break; - case WC_NID_brainpoolP256r1: - id = ECC_BRAINPOOLP256R1; - break; - case WC_NID_brainpoolP320r1: - id = ECC_BRAINPOOLP320R1; - break; - case WC_NID_brainpoolP384r1: - id = ECC_BRAINPOOLP384R1; - break; - case WC_NID_brainpoolP512r1: - id = ECC_BRAINPOOLP512R1; - break; - default: - WOLFSSL_MSG("NID not found"); - /* -1 on error. */ - id = WOLFSSL_FATAL_ERROR; - } - - return id; -} - -/* Set the fields of the EC group based on numeric ID. - * - * @param [in, out] group EC group. - * @param [in] nid Numeric ID of an EC curve. - */ -static void ec_group_set_nid(WOLFSSL_EC_GROUP* group, int nid) -{ - int eccEnum; - int realNid; - - /* Convert ecc_curve_id enum to NID. */ - if ((realNid = EccEnumToNID(nid)) != -1) { - /* ecc_curve_id enum passed in - have real NID value set. */ - eccEnum = nid; - } - else { - /* NID passed in is OpenSSL type. */ - realNid = nid; - /* Convert NID to ecc_curve_id enum. */ - eccEnum = NIDToEccEnum(nid); - } - - /* Set the numeric ID of the curve */ - group->curve_nid = realNid; - /* Initialize index to -1 (i.e. wolfCrypt doesn't support curve). */ - group->curve_idx = -1; - - /* Find index and OID sum for curve if wolfCrypt supports it. */ - if (eccEnum != -1) { - int i; - - /* Find id and set the internal curve idx and OID sum. */ - for (i = 0; ecc_sets[i].size != 0; i++) { - if (ecc_sets[i].id == eccEnum) { - /* Found id in wolfCrypt supported EC curves. */ - group->curve_idx = i; - group->curve_oid = (int)ecc_sets[i].oidSum; - break; - } - } - } -} - -/* Create a new EC group with the numeric ID for an EC curve. - * - * @param [in] nid Numeric ID of an EC curve. - * @return New, allocated EC group on success. - * @return NULL on error. - */ -WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_new_by_curve_name(int nid) -{ - int err = 0; - WOLFSSL_EC_GROUP* group; - - WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); - - /* Allocate EC group. */ - group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, - DYNAMIC_TYPE_ECC); - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); - err = 1; - } - - if (!err) { - /* Reset all fields. */ - XMEMSET(group, 0, sizeof(WOLFSSL_EC_GROUP)); - - /* Set the fields of group based on the numeric ID. */ - ec_group_set_nid(group, nid); - } - - return group; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Dispose of the EC group. - * - * Cannot use group after this call. - * - * @param [in] group EC group to free. - */ -void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) -{ - WOLFSSL_ENTER("wolfSSL_EC_GROUP_free"); - - /* Dispose of EC group. */ - XFREE(group, NULL, DYNAMIC_TYPE_ECC); -} -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#ifdef OPENSSL_EXTRA -#ifndef NO_BIO - -/* Creates an EC group from the DER encoding. - * - * Only named curves supported. - * - * @param [out] group Reference to EC group object. - * @param [in] in Buffer holding DER encoding of curve. - * @param [in] inSz Length of data in buffer. - * @return EC group on success. - * @return NULL on error. - */ -static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group, - const unsigned char** in_pp, long inSz) -{ - int err = 0; - WOLFSSL_EC_GROUP* ret = NULL; - word32 idx = 0; - word32 oid = 0; - int id = 0; - const unsigned char* in; - - if (in_pp == NULL || *in_pp == NULL) - return NULL; - - in = *in_pp; - - /* Use the group passed in. */ - if ((group != NULL) && (*group != NULL)) { - ret = *group; - } - - /* Only support named curves. */ - if (in[0] != ASN_OBJECT_ID) { - WOLFSSL_ERROR_MSG("Invalid or unsupported encoding"); - err = 1; - } - /* Decode the OBJECT ID - expecting an EC curve OID. */ - if ((!err) && (GetObjectId(in, &idx, &oid, oidCurveType, (word32)inSz) != - 0)) { - err = 1; - } - if (!err) { - /* Get the internal ID for OID. */ - id = wc_ecc_get_oid(oid, NULL, NULL); - if (id < 0) { - err = 1; - } - } - if (!err) { - /* Get the NID for the internal ID. */ - int nid = EccEnumToNID(id); - if (ret == NULL) { - /* Create a new EC group with the numeric ID. */ - ret = wolfSSL_EC_GROUP_new_by_curve_name(nid); - if (ret == NULL) { - err = 1; - } - } - else { - ec_group_set_nid(ret, nid); - } - } - if ((!err) && (group != NULL)) { - /* Return the EC group through reference. */ - *group = ret; - } - - if (err) { - if ((ret != NULL) && (ret != *group)) { - wolfSSL_EC_GROUP_free(ret); - } - ret = NULL; - } - else { - *in_pp += idx; - } - return ret; -} - -/* Creates a new EC group from the PEM encoding in the BIO. - * - * @param [in] bio BIO to read PEM encoding from. - * @param [out] group Reference to EC group object. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM encrypted. - * @return EC group on success. - * @return NULL on error. - */ -WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, - WOLFSSL_EC_GROUP** group, wc_pem_password_cb* cb, void* pass) -{ - int err = 0; - WOLFSSL_EC_GROUP* ret = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - if (bio == NULL) { - err = 1; - } - - /* Read parameters from BIO and convert PEM to DER. */ - if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PARAM_TYPE, - &keyFormat, &der) < 0)) { - err = 1; - } - if (!err) { - /* Create EC group from DER encoding. */ - const byte** p = (const byte**)&der->buffer; - ret = wolfssl_ec_group_d2i(group, p, der->length); - if (ret == NULL) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP"); - } - } - - /* Dispose of any allocated data. */ - FreeDer(&der); - return ret; -} - -WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, - const unsigned char **in, long len) -{ - return wolfssl_ec_group_d2i(out, in, len); -} - -int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) -{ - unsigned char* out = NULL; - int len = 0; - int idx; - const byte* oid = NULL; - word32 oidSz = 0; - - if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || - grp->curve_idx < 0) - return WOLFSSL_FATAL_ERROR; - - /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid - * is just the numerical representation. */ - if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0) - return WOLFSSL_FATAL_ERROR; - - len = SetObjectId((int)oidSz, NULL) + (int)oidSz; - - if (pp == NULL) - return len; - - if (*pp == NULL) { - out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); - if (out == NULL) - return WOLFSSL_FATAL_ERROR; - } - else { - out = *pp; - } - - idx = SetObjectId((int)oidSz, out); - XMEMCPY(out + idx, oid, oidSz); - if (*pp == NULL) - *pp = out; - else - *pp += len; - - return len; -} -#endif /* !NO_BIO */ - -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) -/* Copy an EC group. - * - * Only used by wolfSSL_EC_KEY_dup at this time. - * - * @param [in, out] dst Destination EC group. - * @param [in] src Source EC group. - * @return 0 on success. - */ -static int wolfssl_ec_group_copy(WOLFSSL_EC_GROUP* dst, - const WOLFSSL_EC_GROUP* src) -{ - /* Copy the fields. */ - dst->curve_idx = src->curve_idx; - dst->curve_nid = src->curve_nid; - dst->curve_oid = src->curve_oid; - - return 0; -} -#endif /* OPENSSL_ALL && !NO_CERTS */ - -/* Copies ecc_key into new WOLFSSL_EC_GROUP object - * - * @param [in] src EC group to duplicate. - * - * @return EC group on success. - * @return NULL on error. - */ -WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src) -{ - WOLFSSL_EC_GROUP* newGroup = NULL; - - if (src != NULL) { - /* Create new group base on NID in original EC group. */ - newGroup = wolfSSL_EC_GROUP_new_by_curve_name(src->curve_nid); - } - - return newGroup; -} - -/* Compare two EC groups. - * - * Return code compliant with OpenSSL. - * - * @param [in] a First EC group. - * @param [in] b Second EC group. - * @param [in] ctx Big number context to use when comparing fields. Unused. - * - * @return 0 if equal. - * @return 1 if not equal. - * @return -1 on error. - */ -int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, - WOLFSSL_BN_CTX *ctx) -{ - int ret; - - /* No BN operations performed. */ - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp"); - - /* Validate parameters. */ - if ((a == NULL) || (b == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); - /* Return error value. */ - ret = WOLFSSL_FATAL_ERROR; - } - /* Compare NID and wolfSSL curve index. */ - else { - /* 0 when same, 1 when not. */ - ret = ((a->curve_nid == b->curve_nid) && - (a->curve_idx == b->curve_idx)) ? 0 : 1; - } - - return ret; -} - -#ifndef NO_WOLFSSL_STUB -/* Set the ASN.1 flag that indicate encoding of curve. - * - * Stub function - flag not used elsewhere. - * Always encoded as named curve. - * - * @param [in] group EC group to modify. - * @param [in] flag ASN.1 flag to set. Valid values: - * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE - */ -void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) -{ - (void)group; - (void)flag; - - WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag"); - WOLFSSL_STUB("EC_GROUP_set_asn1_flag"); -} -#endif - -/* Get the curve NID of the group. - * - * Return code compliant with OpenSSL. - * - * @param [in] group EC group. - * @return Curve NID on success. - * @return 0 on error. - */ -int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) -{ - int nid = 0; - WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name"); - - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments"); - } - else { - nid = group->curve_nid; - } - - return nid; -} - -/* Get the degree (curve size in bits) of the EC group. - * - * Return code compliant with OpenSSL. - * - * @return Degree of the curve on success. - * @return 0 on error. - */ -int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) -{ - int degree = 0; - - WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree"); - - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments"); - } - else { - switch (group->curve_nid) { - case WC_NID_secp112r1: - case WC_NID_secp112r2: - degree = 112; - break; - case WC_NID_secp128r1: - case WC_NID_secp128r2: - degree = 128; - break; - case WC_NID_secp160k1: - case WC_NID_secp160r1: - case WC_NID_secp160r2: - case WC_NID_brainpoolP160r1: - degree = 160; - break; - case WC_NID_secp192k1: - case WC_NID_brainpoolP192r1: - case WC_NID_X9_62_prime192v1: - case WC_NID_X9_62_prime192v2: - case WC_NID_X9_62_prime192v3: - degree = 192; - break; - case WC_NID_secp224k1: - case WC_NID_secp224r1: - case WC_NID_brainpoolP224r1: - degree = 224; - break; - case WC_NID_X9_62_prime239v1: - case WC_NID_X9_62_prime239v2: - case WC_NID_X9_62_prime239v3: - degree = 239; - break; - case WC_NID_secp256k1: - case WC_NID_brainpoolP256r1: - case WC_NID_X9_62_prime256v1: - degree = 256; - break; - case WC_NID_brainpoolP320r1: - degree = 320; - break; - case WC_NID_secp384r1: - case WC_NID_brainpoolP384r1: - degree = 384; - break; - case WC_NID_brainpoolP512r1: - degree = 512; - break; - case WC_NID_secp521r1: - degree = 521; - break; - } - } - - return degree; -} -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* Get the length of the order in bits of the EC group. - * - * TODO: consider switch statement or calculating directly from hex string - * array instead of using mp_int. - * - * @param [in] group EC group. - * @return Length of order in bits on success. - * @return 0 on error. - */ -int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) -{ - int ret = 0; - WC_DECLARE_VAR(order, mp_int, 1, 0); - - /* Validate parameter. */ - if ((group == NULL) || (group->curve_idx < 0)) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - /* Allocate memory for mp_int that will hold order value. */ - order = (mp_int *)XMALLOC(sizeof(*order), NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (order == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } -#endif - - if (ret == 0) { - /* Initialize mp_int. */ - ret = mp_init(order); - } - - if (ret == 0) { - /* Read hex string of order from wolfCrypt array of curves. */ - ret = mp_read_radix(order, ecc_sets[group->curve_idx].order, - MP_RADIX_HEX); - if (ret == 0) { - /* Get bits of order. */ - ret = mp_count_bits(order); - } - /* Clear and free mp_int. */ - mp_clear(order); - } - - WC_FREE_VAR_EX(order, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - /* Convert error code to length of 0. */ - if (ret < 0) { - ret = 0; - } - - return ret; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#if defined(OPENSSL_EXTRA) -/* Get the order of the group as a BN. - * - * Return code compliant with OpenSSL. - * - * @param [in] group EC group. - * @param [in, out] order BN to hold order value. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, - WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx) -{ - int ret = 1; - mp_int* mp = NULL; - - /* No BN operations performed - done with mp_int in BN. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (order == NULL) || (order->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error"); - ret = 0; - } - - if (ret == 1 && - (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); - ret = 0; - } - - if (ret == 1) { - mp = (mp_int*)order->internal; - } - /* Initialize */ - if ((ret == 1) && (mp_init(mp) != MP_OKAY)) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); - ret = 0; - } - /* Read hex string of order from wolfCrypt array of curves. */ - if ((ret == 1) && (mp_read_radix(mp, ecc_sets[group->curve_idx].order, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); - /* Zero out any partial value but don't free. */ - mp_zero(mp); - ret = 0; - } - - return ret; -} - -#endif /* OPENSSL_EXTRA */ - -/* End EC_GROUP */ - -/* Start EC_POINT */ - -#if defined(OPENSSL_EXTRA) - -/* Set data of EC point into internal, wolfCrypt EC point object. - * - * EC_POINT Openssl -> WolfSSL - * - * @param [in, out] p EC point to update. - * @return 1 on success. - * @return -1 on failure. - */ -static int ec_point_internal_set(WOLFSSL_EC_POINT *p) -{ - int ret = 1; - - WOLFSSL_ENTER("ec_point_internal_set"); - - /* Validate parameter. */ - if ((p == NULL) || (p->internal == NULL)) { - WOLFSSL_MSG("ECPoint NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - else { - /* Get internal point as a wolfCrypt EC point. */ - ecc_point* point = (ecc_point*)p->internal; - - /* Set X ordinate if available. */ - if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) { - WOLFSSL_MSG("ecc point X error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Set Y ordinate if available. */ - if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y, - point->y) != 1)) { - WOLFSSL_MSG("ecc point Y error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Set Z ordinate if available. */ - if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z, - point->z) != 1)) { - WOLFSSL_MSG("ecc point Z error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Internal values set when operations succeeded. */ - p->inSet = (ret == 1); - } - - return ret; -} - -/* Set data of internal, wolfCrypt EC point object into EC point. - * - * EC_POINT WolfSSL -> OpenSSL - * - * @param [in, out] p EC point to update. - * @return 1 on success. - * @return -1 on failure. - */ -static int ec_point_external_set(WOLFSSL_EC_POINT *p) -{ - int ret = 1; - - WOLFSSL_ENTER("ec_point_external_set"); - - /* Validate parameter. */ - if ((p == NULL) || (p->internal == NULL)) { - WOLFSSL_MSG("ECPoint NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - else { - /* Get internal point as a wolfCrypt EC point. */ - ecc_point* point = (ecc_point*)p->internal; - - /* Set X ordinate. */ - if (wolfssl_bn_set_value(&p->X, point->x) != 1) { - WOLFSSL_MSG("ecc point X error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Set Y ordinate. */ - if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) { - WOLFSSL_MSG("ecc point Y error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Set Z ordinate. */ - if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) { - WOLFSSL_MSG("ecc point Z error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* External values set when operations succeeded. */ - p->exSet = (ret == 1); - } - - return ret; -} - -/* Setup internals of EC point. - * - * Assumes point is not NULL. - * - * @param [in, out] point EC point to update. - * @return 1 on success. - * @return 0 on failure. - */ -static int ec_point_setup(const WOLFSSL_EC_POINT *point) { - int ret = 1; - - /* Check if internal values need setting. */ - if (!point->inSet) { - WOLFSSL_MSG("No ECPoint internal set, do it"); - - /* Forcing to non-constant type to update internals. */ - if (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1) { - WOLFSSL_MSG("ec_point_internal_set failed"); - ret = 0; - } - } - - return ret; -} - -/* Create a new EC point from the group. - * - * @param [in] group EC group. - * @return EC point on success. - * @return NULL on error. - */ -WOLFSSL_EC_POINT* wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP* group) -{ - int err = 0; - WOLFSSL_EC_POINT* point = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_new"); - - /* Validate parameter. */ - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error"); - err = 1; - } - - if (!err) { - /* Allocate memory for new EC point. */ - point = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, - DYNAMIC_TYPE_ECC); - if (point == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure"); - err = 1; - } - } - if (!err) { - /* Clear fields of EC point. */ - XMEMSET(point, 0, sizeof(WOLFSSL_EC_POINT)); - - /* Allocate internal EC point. */ - point->internal = wc_ecc_new_point(); - if (point->internal == NULL) { - WOLFSSL_MSG("ecc_new_point failure"); - err = 1; - } - } - - if (err) { - XFREE(point, NULL, DYNAMIC_TYPE_ECC); - point = NULL; - } - return point; -} - -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Dispose of the EC point. - * - * Cannot use point after this call. - * - * @param [in, out] point EC point to free. - */ -void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point) -{ - WOLFSSL_ENTER("wolfSSL_EC_POINT_free"); - - if (point != NULL) { - if (point->internal != NULL) { - wc_ecc_del_point((ecc_point*)point->internal); - point->internal = NULL; - } - - /* Free ordinates. */ - wolfSSL_BN_free(point->X); - wolfSSL_BN_free(point->Y); - wolfSSL_BN_free(point->Z); - /* Clear fields. */ - point->X = NULL; - point->Y = NULL; - point->Z = NULL; - point->inSet = 0; - point->exSet = 0; - - /* Dispose of EC point. */ - XFREE(point, NULL, DYNAMIC_TYPE_ECC); - } -} -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#ifdef OPENSSL_EXTRA - -/* Clear and dispose of the EC point. - * - * Cannot use point after this call. - * - * @param [in, out] point EC point to free. - */ -void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point) -{ - WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free"); - - if (point != NULL) { - if (point->internal != NULL) { - /* Force internal point to be zeros. */ - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - wc_ecc_forcezero_point((ecc_point*)point->internal); - #else - ecc_point* p = (ecc_point*)point->internal; - mp_forcezero(p->x); - mp_forcezero(p->y); - mp_forcezero(p->z); - #endif - wc_ecc_del_point((ecc_point*)point->internal); - point->internal = NULL; - } - - /* Clear the ordinates before freeing. */ - wolfSSL_BN_clear_free(point->X); - wolfSSL_BN_clear_free(point->Y); - wolfSSL_BN_clear_free(point->Z); - /* Clear fields. */ - point->X = NULL; - point->Y = NULL; - point->Z = NULL; - point->inSet = 0; - point->exSet = 0; - - /* Dispose of EC point. */ - XFREE(point, NULL, DYNAMIC_TYPE_ECC); - } -} - -/* Print out the internals of EC point in debug and when logging callback set. - * - * Not an OpenSSL API. - * - * TODO: Use WOLFSSL_MSG_EX()? - * - * @param [in] msg Message to prepend. - * @param [in] point EC point to print. - */ -void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point) -{ -#if defined(DEBUG_WOLFSSL) - char *num; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_dump"); - - /* Only print when debugging on. */ - if (WOLFSSL_IS_DEBUG_ON()) { - if (point == NULL) { - /* No point passed in so just put out "NULL". */ - WOLFSSL_MSG_EX("%s = NULL\n", msg); - } - else { - /* Put out message and status of internal/external data set. */ - WOLFSSL_MSG_EX("%s:\n\tinSet=%d, exSet=%d\n", msg, point->inSet, - point->exSet); - /* Get x-ordinate as a hex string and print. */ - num = wolfSSL_BN_bn2hex(point->X); - WOLFSSL_MSG_EX("\tX = %s\n", num); - XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); - /* Get x-ordinate as a hex string and print. */ - num = wolfSSL_BN_bn2hex(point->Y); - WOLFSSL_MSG_EX("\tY = %s\n", num); - XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); - /* Get z-ordinate as a hex string and print. */ - num = wolfSSL_BN_bn2hex(point->Z); - WOLFSSL_MSG_EX("\tZ = %s\n", num); - XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); - } - } -#else - (void)msg; - (void)point; -#endif -} - -/* Convert EC point to hex string that as either uncompressed or compressed. - * - * ECC point compression types were not included in selftest ecc.h - * - * @param [in] group EC group for point. - * @param [in] point EC point to encode. - * @param [in] form Format of encoding. Valid values: - * POINT_CONVERSION_UNCOMPRESSED, POINT_CONVERSION_COMPRESSED - * @param [in] ctx Context to use for BN operations. Unused. - * @return Allocated hex string on success. - * @return NULL on error. - */ -char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, - const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BN_CTX* ctx) -{ - static const char* hexDigit = "0123456789ABCDEF"; - char* hex = NULL; - int i; - int sz = 0; - int len = 0; - int err = 0; - - /* No BN operations performed. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL)) { - err = 1; - } - /* Get curve id expects a positive index. */ - if ((!err) && (group->curve_idx < 0)) { - err = 1; - } - - if (!err) { - /* Get curve id to look up ordinate size. */ - int id = wc_ecc_get_curve_id(group->curve_idx); - /* Get size of ordinate. */ - if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) { - err = 1; - } - } - if (!err) { - /* [] */ - len = sz + 1; - if (form == WC_POINT_CONVERSION_UNCOMPRESSED) { - /* Include y ordinate when uncompressed. */ - len += sz; - } - - /* Hex string: allocate 2 bytes to represent each byte plus 1 for '\0'. - */ - hex = (char*)XMALLOC((size_t)(2 * len + 1), NULL, DYNAMIC_TYPE_ECC); - if (hex == NULL) { - err = 1; - } - } - if (!err) { - /* Make bytes all zeros to allow for ordinate values less than max size. - */ - XMEMSET(hex, 0, (size_t)(2 * len + 1)); - - /* Calculate offset as leading zeros not encoded. */ - i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1; - /* Put in x-ordinate after format byte. */ - if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) < - 0) { - err = 1; - } - } - if (!err) { - if (form == WC_POINT_CONVERSION_COMPRESSED) { - /* Compressed format byte value dependent on whether y-ordinate is - * odd. - */ - hex[0] = mp_isodd((mp_int*)point->Y->internal) ? - ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN; - /* No y-ordinate. */ - } - else { - /* Put in uncompressed format byte. */ - hex[0] = ECC_POINT_UNCOMP; - /* Calculate offset as leading zeros not encoded. */ - i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal); - /* Put in y-ordinate after x-ordinate. */ - if (mp_to_unsigned_bin((mp_int*)point->Y->internal, - (byte*)(hex + i)) < 0) { - err = 1; - } - } - } - if (!err) { - /* Convert binary encoding to hex string. */ - /* Start at end so as not to overwrite. */ - for (i = len-1; i >= 0; i--) { - /* Get byte value and store has hex string. */ - byte b = (byte)hex[i]; - hex[i * 2 + 1] = hexDigit[b & 0xf]; - hex[i * 2 ] = hexDigit[b >> 4]; - } - /* Memset put trailing zero or '\0' on end of string. */ - } - - if (err && (hex != NULL)) { - /* Dispose of allocated data not being returned. */ - XFREE(hex, NULL, DYNAMIC_TYPE_ECC); - hex = NULL; - } - /* Return hex string encoding. */ - return hex; -} - -static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz) -{ - word32 i; - for (i = 0; i < sz; i++) { - signed char ch1, ch2; - ch1 = HexCharToByte(hex[i * 2]); - ch2 = HexCharToByte(hex[i * 2 + 1]); - if ((ch1 < 0) || (ch2 < 0)) { - WOLFSSL_MSG("hex_to_bytes: syntax error"); - return 0; - } - output[i] = (unsigned char)((ch1 << 4) + ch2); - } - return sz; -} - -WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, - const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx) -{ - /* for uncompressed mode */ - size_t str_sz; - WOLFSSL_BIGNUM *Gx = NULL; - WOLFSSL_BIGNUM *Gy = NULL; - char strGx[MAX_ECC_BYTES * 2 + 1]; - - /* for compressed mode */ - int key_sz; - byte *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */ - - int p_alloc = 0; - int ret; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_hex2point"); - - if (group == NULL || hex == NULL || ctx == NULL) - return NULL; - - if (p == NULL) { - if ((p = wolfSSL_EC_POINT_new(group)) == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new"); - goto err; - } - p_alloc = 1; - } - - key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8; - if (hex[0] == '0' && hex[1] == '4') { /* uncompressed mode */ - str_sz = (size_t)key_sz * 2; - - XMEMSET(strGx, 0x0, str_sz + 1); - XMEMCPY(strGx, hex + 2, str_sz); - - if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0) - goto err; - - if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0) - goto err; - - ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp - (group, p, Gx, Gy, ctx); - - if (ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp"); - goto err; - } - } - else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) { - size_t sz = XSTRLEN(hex + 2) / 2; - /* compressed mode */ - octGx[0] = ECC_POINT_COMP_ODD; - if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) { - goto err; - } - if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p) - != WOLFSSL_SUCCESS) { - goto err; - } - } - else - goto err; - - wolfSSL_BN_free(Gx); - wolfSSL_BN_free(Gy); - return p; - -err: - wolfSSL_BN_free(Gx); - wolfSSL_BN_free(Gy); - if (p_alloc) { - wolfSSL_EC_POINT_free(p); - } - return NULL; - -} - -/* Encode the EC point as an uncompressed point in DER. - * - * Return code compliant with OpenSSL. - * Not OpenSSL API. - * - * @param [in] group EC group point belongs to. - * @param [in] point EC point to encode. - * @param [out] out Buffer to encode into. May be NULL. - * @param [in, out] len On in, length of buffer in bytes. - * On out, length of encoding in bytes. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, - const WOLFSSL_EC_POINT *point, unsigned char *out, unsigned int *len) -{ - int res = 1; - - WOLFSSL_ENTER("wolfSSL_ECPoint_i2d"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL) || (len == NULL)) { - WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error"); - res = 0; - } - - /* Ensure points internals are set up. */ - if ((res == 1) && (ec_point_setup(point) != 1)) { - res = 0; - } - - /* Dump the point if encoding. */ - if ((res == 1) && (out != NULL)) { - wolfSSL_EC_POINT_dump("i2d p", point); - } - - if (res == 1) { - /* DER encode point in uncompressed format. */ - int ret = wc_ecc_export_point_der(group->curve_idx, - (ecc_point*)point->internal, out, len); - /* Check return. When out is NULL, return will be length only error. */ - if ((ret != MP_OKAY) && ((out != NULL) || - (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)))) { - WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); - res = 0; - } - } - - return res; -} - -/* Decode the uncompressed point in DER into EC point. - * - * Return code compliant with OpenSSL. - * Not OpenSSL API. - * - * @param [in] in Buffer containing DER encoded point. - * @param [in] len Length of data in bytes. - * @param [in] group EC group associated with point. - * @param [in, out] point EC point to set data into. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_ECPoint_d2i(const unsigned char *in, unsigned int len, - const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *point) -{ - int ret = 1; - WOLFSSL_BIGNUM* x = NULL; - WOLFSSL_BIGNUM* y = NULL; - - WOLFSSL_ENTER("wolfSSL_ECPoint_d2i"); - - /* Validate parameters. */ - if ((in == NULL) || (group == NULL) || (point == NULL) || - (point->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error"); - ret = 0; - } +#define WOLFSSL_PK_EC_INCLUDED +#include "src/pk_ec.c" - if (ret == 1) { - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - /* Import point into internal EC point. */ - if (wc_ecc_import_point_der_ex(in, len, group->curve_idx, - (ecc_point*)point->internal, 0) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_import_point_der_ex failed"); - ret = 0; - } - #else - /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */ - if (in[0] == 0x04) { - /* Import point into internal EC point. */ - if (wc_ecc_import_point_der((unsigned char *)in, len, - group->curve_idx, (ecc_point*)point->internal) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_import_point_der failed"); - ret = 0; - } - } - else { - WOLFSSL_MSG("Only uncompressed points supported with " - "HAVE_SELFTEST"); - ret = 0; - } - #endif - } - - if (ret == 1) - point->inSet = 1; - - /* Set new external point. */ - if (ret == 1 && ec_point_external_set(point) != 1) { - WOLFSSL_MSG("ec_point_external_set failed"); - ret = 0; - } - - if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) { -#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) - x = wolfSSL_BN_new(); - y = wolfSSL_BN_new(); - if (x == NULL || y == NULL) - ret = 0; - - if (ret == 1 && wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, - point, x, y, NULL) != 1) { - WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp failed"); - ret = 0; - } - - /* wolfSSL_EC_POINT_set_affine_coordinates_GFp check that the point is - * on the curve. */ - if (ret == 1 && wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, - point, x, y, NULL) != 1) { - WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp failed"); - ret = 0; - } -#else - WOLFSSL_MSG("Importing non-affine point. This may cause issues in math " - "operations later on."); -#endif - } - - if (ret == 1) { - /* Dump new point. */ - wolfSSL_EC_POINT_dump("d2i p", point); - } - - wolfSSL_BN_free(x); - wolfSSL_BN_free(y); - - return ret; -} - -/* Encode point as octet string. - * - * HYBRID not supported. - * - * @param [in] group EC group that point belongs to. - * @param [in] point EC point to encode. - * @param [in] form Format of encoding. Valid values: - * POINT_CONVERSION_UNCOMPRESSED,POINT_CONVERSION_COMPRESSED - * @param [out] buf Buffer to write encoding into. - * @param [in] len Length of buffer. - * @param [in] ctx Context to use for BN operations. Unused. - * @return Length of encoded data on success. - * @return 0 on error. - */ -size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, - const WOLFSSL_EC_POINT *point, int form, byte *buf, size_t len, - WOLFSSL_BN_CTX *ctx) -{ - int err = 0; - word32 enc_len = (word32)len; -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0); -#endif /* !HAVE_SELFTEST */ - - WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct"); - - /* No BN operations performed. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL)) { - err = 1; - } - - /* Ensure points internals are set up. */ - if ((!err) && (ec_point_setup(point) != 1)) { - err = 1; - } - - /* Special case when point is infinity. */ - if ((!err) && wolfSSL_EC_POINT_is_at_infinity(group, point)) { - /* Encoding is a single octet: 0x00. */ - enc_len = 1; - if (buf != NULL) { - /* Check whether buffer has space. */ - if (len < 1) { - wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E); - err = 1; - } - else { - /* Put in encoding of infinity. */ - buf[0] = 0x00; - } - } - } - /* Not infinity. */ - else if (!err) { - /* Validate format. */ - if (form != WC_POINT_CONVERSION_UNCOMPRESSED - #ifndef HAVE_SELFTEST - && form != WC_POINT_CONVERSION_COMPRESSED - #endif /* !HAVE_SELFTEST */ - ) { - WOLFSSL_MSG("Unsupported point form"); - err = 1; - } - - if (!err) { - int ret; - - #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - /* Encode as compressed or uncompressed. */ - ret = wc_ecc_export_point_der_ex(group->curve_idx, - (ecc_point*)point->internal, buf, &enc_len, compressed); - #else - /* Encode uncompressed point in DER format. */ - ret = wc_ecc_export_point_der(group->curve_idx, - (ecc_point*)point->internal, buf, &enc_len); - #endif /* !HAVE_SELFTEST */ - /* Check return. When buf is NULL, return will be length only - * error. - */ - if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { - err = 1; - } - } - } - -#if defined(DEBUG_WOLFSSL) - if (!err) { - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_point2oct point", point); - WOLFSSL_MSG("\twolfSSL_EC_POINT_point2oct output:"); - WOLFSSL_BUFFER(buf, enc_len); - } -#endif - - /* On error, return encoding length of 0. */ - if (err) { - enc_len = 0; - } - return (size_t)enc_len; -} - - -/* Convert octet string to EC point. - * - * @param [in] group EC group. - * @param [in, out] point EC point to set data into. - * @param [in] buf Buffer holding octet string. - * @param [in] len Length of data in buffer in bytes. - * @param [in] ctx Context to use for BN operations. Unused. - */ -int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, - WOLFSSL_EC_POINT *point, const unsigned char *buf, size_t len, - WOLFSSL_BN_CTX *ctx) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point"); - - /* No BN operations performed. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL)) { - ret = 0; - } - else { - /* Decode DER encoding into EC point. */ - ret = wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group, - point); - } - - return ret; -} - -/* Convert an EC point to a single BN. - * - * @param [in] group EC group. - * @param [in] point EC point. - * @param [in] form Format of encoding. Valid values: - * WC_POINT_CONVERSION_UNCOMPRESSED, - * WC_POINT_CONVERSION_COMPRESSED. - * @param [in, out] bn BN to hold point value. - * When NULL a new BN is allocated otherwise this is - * returned on success. - * @param [in] ctx Context to use for BN operations. Unused. - * @return BN object with point as a value on success. - * @return NULL on error. - */ -WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP* group, - const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BIGNUM* bn, - WOLFSSL_BN_CTX* ctx) -{ - int err = 0; - size_t len = 0; - byte *buf = NULL; - WOLFSSL_BIGNUM *ret = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL)) { - err = 1; - } - - /* Calculate length of octet encoding. */ - if ((!err) && ((len = wolfSSL_EC_POINT_point2oct(group, point, form, NULL, - 0, ctx)) == 0)) { - err = 1; - } - /* Allocate buffer to hold octet encoding. */ - if ((!err) && ((buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)) == - NULL)) { - WOLFSSL_MSG("malloc failed"); - err = 1; - } - /* Encode EC point as an octet string. */ - if ((!err) && (wolfSSL_EC_POINT_point2oct(group, point, form, buf, len, - ctx) != len)) { - err = 1; - } - /* Load BN with octet string data. */ - if (!err) { - ret = wolfSSL_BN_bin2bn(buf, (int)len, bn); - } - - /* Dispose of any allocated data. */ - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) -/* Check if EC point is on the the curve defined by the EC group. - * - * @param [in] group EC group defining curve. - * @param [in] point EC point to check. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 when point is on curve. - * @return 0 when point is not on curve or error. - */ -int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group, - const WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx) -{ - int err = 0; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_is_on_curve"); - - /* No BN operations performed. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL)) { - WOLFSSL_MSG("Invalid arguments"); - err = 1; - } - - /* Ensure internal EC point set. */ - if ((!err) && (!point->inSet) && ec_point_internal_set( - (WOLFSSL_EC_POINT*)point) != 1) { - WOLFSSL_MSG("ec_point_internal_set error"); - err = 1; - } - - /* Check point is on curve from group. */ - if ((!err) && (wc_ecc_point_is_on_curve((ecc_point*)point->internal, - group->curve_idx) != MP_OKAY)) { - err = 1; - } - - /* Return boolean of on curve. No error means on curve. */ - return !err; -} -#endif /* USE_ECC_B_PARAM && !HAVE_SELFTEST && !(FIPS_VERSION <= 2) */ - -#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) -/* Convert Jacobian ordinates to affine. - * - * @param [in] group EC group. - * @param [in] point EC point to get coordinates from. - * @return 1 on success. - * @return 0 on error. - */ -int ec_point_convert_to_affine(const WOLFSSL_EC_GROUP *group, - WOLFSSL_EC_POINT *point) -{ - int err = 0; - mp_digit mp = 0; - WC_DECLARE_VAR(modulus, mp_int, 1, 0); - - /* Allocate memory for curve's prime modulus. */ - WC_ALLOC_VAR_EX(modulus, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, err=1); - /* Initialize the MP integer. */ - if ((!err) && (mp_init(modulus) != MP_OKAY)) { - WOLFSSL_MSG("mp_init failed"); - err = 1; - } - - if (!err) { - /* Get the modulus from the hex string in the EC curve set. */ - if (mp_read_radix(modulus, ecc_sets[group->curve_idx].prime, - MP_RADIX_HEX) != MP_OKAY) { - WOLFSSL_MSG("mp_read_radix failed"); - err = 1; - } - /* Get Montgomery multiplier for the modulus as ordinates in - * Montgomery form. - */ - if ((!err) && (mp_montgomery_setup(modulus, &mp) != MP_OKAY)) { - WOLFSSL_MSG("mp_montgomery_setup failed"); - err = 1; - } - /* Map internal EC point from Jacobian to affine. */ - if ((!err) && (ecc_map((ecc_point*)point->internal, modulus, mp) != - MP_OKAY)) { - WOLFSSL_MSG("ecc_map failed"); - err = 1; - } - /* Set new ordinates into external EC point. */ - if ((!err) && (ec_point_external_set((WOLFSSL_EC_POINT *)point) != 1)) { - WOLFSSL_MSG("ec_point_external_set failed"); - err = 1; - } - - point->exSet = !err; - mp_clear(modulus); - } - - WC_FREE_VAR_EX(modulus, NULL, DYNAMIC_TYPE_BIGINT); - - return err; -} - -/* Get the affine coordinates of the EC point on a Prime curve. - * - * When z-ordinate is not one then coordinates are Jacobian and need to be - * converted to affine before storing in BNs. - * - * Return code compliant with OpenSSL. - * - * TODO: OpenSSL doesn't change point when Jacobian. Do the same? - * - * @param [in] group EC group. - * @param [in] point EC point to get coordinates from. - * @param [in, out] x BN to hold x-ordinate. - * @param [in, out] y BN to hold y-ordinate. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group, - const WOLFSSL_EC_POINT* point, WOLFSSL_BIGNUM* x, WOLFSSL_BIGNUM* y, - WOLFSSL_BN_CTX* ctx) -{ - int ret = 1; - - /* BN operations don't need context. */ - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL) || (point->internal == NULL) || - (x == NULL) || (y == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error"); - ret = 0; - } - /* Don't return point at infinity. */ - if ((ret == 1) && wolfSSL_EC_POINT_is_at_infinity(group, point)) { - ret = 0; - } - - /* Ensure internal EC point has values of external EC point. */ - if ((ret == 1) && (ec_point_setup(point) != 1)) { - ret = 0; - } - - /* Check whether ordinates are in Jacobian form. */ - if ((ret == 1) && (!wolfSSL_BN_is_one(point->Z))) { - /* Convert from Jacobian to affine. */ - if (ec_point_convert_to_affine(group, (WOLFSSL_EC_POINT*)point) == 1) { - ret = 0; - } - } - - /* Copy the externally set x and y ordinates. */ - if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) { - ret = 0; - } - if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) { - ret = 0; - } - - return ret; -} -#endif /* !WOLFSSL_SP_MATH && !WOLF_CRYPTO_CB_ONLY_ECC */ - -/* Sets the affine coordinates that belong on a prime curve. - * - * @param [in] group EC group. - * @param [in, out] point EC point to set coordinates into. - * @param [in] x BN holding x-ordinate. - * @param [in] y BN holding y-ordinate. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group, - WOLFSSL_EC_POINT* point, const WOLFSSL_BIGNUM* x, const WOLFSSL_BIGNUM* y, - WOLFSSL_BN_CTX* ctx) -{ - int ret = 1; - - /* BN operations don't need context. */ - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_set_affine_coordinates_GFp"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL) || (point->internal == NULL) || - (x == NULL) || (y == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp NULL error"); - ret = 0; - } - - /* Ensure we have a object for x-ordinate. */ - if ((ret == 1) && (point->X == NULL) && - ((point->X = wolfSSL_BN_new()) == NULL)) { - WOLFSSL_MSG("wolfSSL_BN_new failed"); - ret = 0; - } - /* Ensure we have a object for y-ordinate. */ - if ((ret == 1) && (point->Y == NULL) && - ((point->Y = wolfSSL_BN_new()) == NULL)) { - WOLFSSL_MSG("wolfSSL_BN_new failed"); - ret = 0; - } - /* Ensure we have a object for z-ordinate. */ - if ((ret == 1) && (point->Z == NULL) && - ((point->Z = wolfSSL_BN_new()) == NULL)) { - WOLFSSL_MSG("wolfSSL_BN_new failed"); - ret = 0; - } - - /* Copy the x-ordinate. */ - if ((ret == 1) && ((wolfSSL_BN_copy(point->X, x)) == NULL)) { - WOLFSSL_MSG("wolfSSL_BN_copy failed"); - ret = 0; - } - /* Copy the y-ordinate. */ - if ((ret == 1) && ((wolfSSL_BN_copy(point->Y, y)) == NULL)) { - WOLFSSL_MSG("wolfSSL_BN_copy failed"); - ret = 0; - } - /* z-ordinate is one for affine coordinates. */ - if ((ret == 1) && ((wolfSSL_BN_one(point->Z)) == 0)) { - WOLFSSL_MSG("wolfSSL_BN_one failed"); - ret = 0; - } - - /* Copy the new point data to internal object. */ - if ((ret == 1) && (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1)) { - WOLFSSL_MSG("ec_point_internal_set failed"); - ret = 0; - } - -#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - /* Check that the point is valid. */ - if ((ret == 1) && (wolfSSL_EC_POINT_is_on_curve(group, - (WOLFSSL_EC_POINT *)point, ctx) != 1)) { - WOLFSSL_MSG("EC_POINT_is_on_curve failed"); - ret = 0; - } -#endif - - return ret; -} - -#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) -/* Add two points on the same together. - * - * @param [in] curveIdx Index of curve in ecc_set. - * @param [out] r Result point. - * @param [in] p1 First point to add. - * @param [in] p2 Second point to add. - * @return 1 on success. - * @return 0 on error. - */ -static int wolfssl_ec_point_add(int curveIdx, ecc_point* r, ecc_point* p1, - ecc_point* p2) -{ - int ret = 1; -#ifdef WOLFSSL_SMALL_STACK - mp_int* a = NULL; - mp_int* prime = NULL; - mp_int* mu = NULL; -#else - mp_int a[1]; - mp_int prime[1]; - mp_int mu[1]; -#endif - mp_digit mp = 0; - ecc_point* montP1 = NULL; - ecc_point* montP2 = NULL; - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 1) { - /* Allocate memory for curve parameter: a. */ - a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); - if (a == NULL) { - WOLFSSL_MSG("Failed to allocate memory for mp_int a"); - ret = 0; - } - } - if (ret == 1) { - /* Allocate memory for curve parameter: prime. */ - prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); - if (prime == NULL) { - WOLFSSL_MSG("Failed to allocate memory for mp_int prime"); - ret = 0; - } - } - if (ret == 1) { - /* Allocate memory for mu (Montgomery normalizer). */ - mu = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); - if (mu == NULL) { - WOLFSSL_MSG("Failed to allocate memory for mp_int mu"); - ret = 0; - } - } - if (ret == 1) { - /* Zero out all MP int data in case initialization fails. */ - XMEMSET(a, 0, sizeof(mp_int)); - XMEMSET(prime, 0, sizeof(mp_int)); - XMEMSET(mu, 0, sizeof(mp_int)); - } -#endif - - /* Initialize the MP ints. */ - if ((ret == 1) && (mp_init_multi(prime, a, mu, NULL, NULL, NULL) != - MP_OKAY)) { - WOLFSSL_MSG("mp_init_multi error"); - ret = 0; - } - - /* Read the curve parameter: a. */ - if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, MP_RADIX_HEX) != - MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix a error"); - ret = 0; - } - - /* Read the curve parameter: prime. */ - if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix prime error"); - ret = 0; - } - - /* Calculate the Montgomery product. */ - if ((ret == 1) && (mp_montgomery_setup(prime, &mp) != MP_OKAY)) { - WOLFSSL_MSG("mp_montgomery_setup nqm error"); - ret = 0; - } - - /* TODO: use the heap filed of one of the points? */ - /* Allocate new points to hold the Montgomery form values. */ - if ((ret == 1) && (((montP1 = wc_ecc_new_point_h(NULL)) == NULL) || - ((montP2 = wc_ecc_new_point_h(NULL)) == NULL))) { - WOLFSSL_MSG("wc_ecc_new_point_h nqm error"); - ret = 0; - } - - /* Calculate the Montgomery normalizer. */ - if ((ret == 1) && (mp_montgomery_calc_normalization(mu, prime) != - MP_OKAY)) { - WOLFSSL_MSG("mp_montgomery_calc_normalization error"); - ret = 0; - } - - /* Convert to Montgomery form. */ - if ((ret == 1) && (mp_cmp_d(mu, 1) == MP_EQ)) { - /* Copy the points if the normalizer is 1. */ - if ((wc_ecc_copy_point(p1, montP1) != MP_OKAY) || - (wc_ecc_copy_point(p2, montP2) != MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_copy_point error"); - ret = 0; - } - } - else if (ret == 1) { - /* Multiply each ordinate by the Montgomery normalizer. */ - if ((mp_mulmod(p1->x, mu, prime, montP1->x) != MP_OKAY) || - (mp_mulmod(p1->y, mu, prime, montP1->y) != MP_OKAY) || - (mp_mulmod(p1->z, mu, prime, montP1->z) != MP_OKAY)) { - WOLFSSL_MSG("mp_mulmod error"); - ret = 0; - } - /* Multiply each ordinate by the Montgomery normalizer. */ - if ((mp_mulmod(p2->x, mu, prime, montP2->x) != MP_OKAY) || - (mp_mulmod(p2->y, mu, prime, montP2->y) != MP_OKAY) || - (mp_mulmod(p2->z, mu, prime, montP2->z) != MP_OKAY)) { - WOLFSSL_MSG("mp_mulmod error"); - ret = 0; - } - } - - /* Perform point addition with internal EC point objects - Jacobian form - * result. - */ - if ((ret == 1) && (ecc_projective_add_point(montP1, montP2, r, a, prime, - mp) != MP_OKAY)) { - WOLFSSL_MSG("ecc_projective_add_point error"); - ret = 0; - } - - /* Map point back to affine coordinates. Converts from Montogomery form. */ - if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) { - WOLFSSL_MSG("ecc_map error"); - ret = 0; - } - - /* Dispose of allocated memory. */ - mp_clear(a); - mp_clear(prime); - mp_clear(mu); - wc_ecc_del_point_h(montP1, NULL); - wc_ecc_del_point_h(montP2, NULL); - WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT); - WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); - WC_FREE_VAR_EX(mu, NULL, DYNAMIC_TYPE_BIGINT); - return ret; -} - -/* Add two points on the same curve together. - * - * @param [in] group EC group. - * @param [out] r EC point that is result of point addition. - * @param [in] p1 First EC point to add. - * @param [in] p2 Second EC point to add. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP* group, WOLFSSL_EC_POINT* r, - const WOLFSSL_EC_POINT* p1, const WOLFSSL_EC_POINT* p2, WOLFSSL_BN_CTX* ctx) -{ - int ret = 1; - - /* No BN operations performed. */ - (void)ctx; - - /* Validate parameters. */ - if ((group == NULL) || (r == NULL) || (p1 == NULL) || (p2 == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_add error"); - ret = 0; - } - - /* Ensure the internal objects of the EC points are setup. */ - if ((ret == 1) && ((ec_point_setup(r) != 1) || (ec_point_setup(p1) != 1) || - (ec_point_setup(p2) != 1))) { - WOLFSSL_MSG("ec_point_setup error"); - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - int nid = wolfSSL_EC_GROUP_get_curve_name(group); - const char* curve = wolfSSL_OBJ_nid2ln(nid); - const char* nistName = wolfSSL_EC_curve_nid2nist(nid); - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p1", p1); - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p2", p2); - if (curve != NULL) - WOLFSSL_MSG_EX("curve name: %s", curve); - if (nistName != NULL) - WOLFSSL_MSG_EX("nist curve name: %s", nistName); - } -#endif - - if (ret == 1) { - /* Add points using wolfCrypt objects. */ - ret = wolfssl_ec_point_add(group->curve_idx, (ecc_point*)r->internal, - (ecc_point*)p1->internal, (ecc_point*)p2->internal); - } - - /* Copy internal EC point values out to external EC point. */ - if ((ret == 1) && (ec_point_external_set(r) != 1)) { - WOLFSSL_MSG("ec_point_external_set error"); - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add result", r); - } -#endif - - return ret; -} - -/* Sum the scalar multiplications of the base point and n, and q and m. - * - * r = base point * n + q * m - * - * @param [out] r EC point that is result of operation. - * @param [in] b Base point of curve. - * @param [in] n Scalar to multiply by base point. - * @param [in] q EC point to be scalar multiplied. - * @param [in] m Scalar to multiply q by. - * @param [in] a Parameter A of curve. - * @param [in] prime Prime (modulus) of curve. - * @return 1 on success. - * @return 0 on error. - */ -static int ec_mul2add(ecc_point* r, ecc_point* b, mp_int* n, ecc_point* q, - mp_int* m, mp_int* a, mp_int* prime) -{ - int ret = 1; -#if defined(ECC_SHAMIR) && !defined(WOLFSSL_KCAPI_ECC) - if (ecc_mul2add(b, n, q, m, r, a, prime, NULL) != MP_OKAY) { - WOLFSSL_MSG("ecc_mul2add error"); - ret = 0; - } -#else - ecc_point* tmp = NULL; - mp_digit mp = 0; - - /* Calculate Montgomery product. */ - if (mp_montgomery_setup(prime, &mp) != MP_OKAY) { - WOLFSSL_MSG("mp_montgomery_setup nqm error"); - ret = 0; - } - /* Create temporary point to hold: q * m */ - if ((ret == 1) && ((tmp = wc_ecc_new_point()) == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new nqm error"); - ret = 0; - } - /* r = base point * n */ - if ((ret == 1) && (wc_ecc_mulmod(n, b, r, a, prime, 0) != - MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_mulmod nqm error"); - ret = 0; - } - /* tmp = q * m */ - if ((ret == 1) && (wc_ecc_mulmod(m, q, tmp, a, prime, 0) != MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_mulmod nqm error"); - ret = 0; - } - /* r = r + tmp */ - if ((ret == 1) && (ecc_projective_add_point(tmp, r, r, a, prime, mp) != - MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_mulmod nqm error"); - ret = 0; - } - /* Map point back to affine coordinates. Converts from Montogomery - * form. */ - if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) { - WOLFSSL_MSG("ecc_map nqm error"); - ret = 0; - } - - /* Dispose of allocated temporary point. */ - wc_ecc_del_point(tmp); -#endif - - return ret; -} - -/* Sum the scalar multiplications of the base point and n, and q and m. - * - * r = base point * n + q * m - * - * @param [in] curveIdx Index of curve in ecc_set. - * @param [out] r EC point that is result of operation. - * @param [in] n Scalar to multiply by base point. May be NULL. - * @param [in] q EC point to be scalar multiplied. May be NULL. - * @param [in] m Scalar to multiply q by. May be NULL. - * @return 1 on success. - * @return 0 on error. - */ -static int wolfssl_ec_point_mul(int curveIdx, ecc_point* r, mp_int* n, - ecc_point* q, mp_int* m) -{ - int ret = 1; -#ifdef WOLFSSL_SMALL_STACK - mp_int* a = NULL; - mp_int* prime = NULL; -#else - mp_int a[1], prime[1]; -#endif - -#ifdef WOLFSSL_SMALL_STACK - /* Allocate MP integer for curve parameter: a. */ - a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); - if (a == NULL) { - ret = 0; - } - if (ret == 1) { - /* Allocate MP integer for curve parameter: prime. */ - prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); - if (prime == NULL) { - ret = 0; - } - } -#endif - - /* Initialize the MP ints. */ - if ((ret == 1) && (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) != - MP_OKAY)) { - WOLFSSL_MSG("mp_init_multi error"); - ret = 0; - } - - /* Read the curve parameter: prime. */ - if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix prime error"); - ret = 0; - } - - /* Read the curve parameter: a. */ - if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix a error"); - ret = 0; - } - - if ((ret == 1) && (n != NULL)) { - /* Get generator - base point. */ - #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) - if ((ret == 1) && (wc_ecc_get_generator(r, curveIdx) != MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_get_generator error"); - ret = 0; - } - #else - /* wc_ecc_get_generator is not defined in the FIPS v2 module. */ - /* Read generator (base point) x-ordinate. */ - if ((ret == 1) && (mp_read_radix(r->x, ecc_sets[curveIdx].Gx, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix Gx error"); - ret = 0; - } - /* Read generator (base point) y-ordinate. */ - if ((ret == 1) && (mp_read_radix(r->y, ecc_sets[curveIdx].Gy, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix Gy error"); - ret = 0; - } - /* z-ordinate is one as point is affine. */ - if ((ret == 1) && (mp_set(r->z, 1) != MP_OKAY)) { - WOLFSSL_MSG("mp_set Gz error"); - ret = 0; - } - #endif /* NOPT_FIPS_VERSION == 2 */ - } - - if ((ret == 1) && (n != NULL) && (q != NULL) && (m != NULL)) { - /* r = base point * n + q * m */ - ret = ec_mul2add(r, r, n, q, m, a, prime); - } - /* Not all values present, see if we are only doing base point * n. */ - else if ((ret == 1) && (n != NULL)) { - /* r = base point * n */ - if (wc_ecc_mulmod(n, r, r, a, prime, 1) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_mulmod gn error"); - ret = 0; - } - } - /* Not all values present, see if we are only doing q * m. */ - else if ((ret == 1) && (q != NULL) && (m != NULL)) { - /* r = q * m */ - if (wc_ecc_mulmod(m, q, r, a, prime, 1) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_mulmod qm error"); - ret = 0; - } - } - /* No values to use. */ - else if (ret == 1) { - /* Set result to infinity as no values passed in. */ - mp_zero(r->x); - mp_zero(r->y); - mp_zero(r->z); - } - - mp_clear(a); - mp_clear(prime); - WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT); - WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); - return ret; -} - -/* Sum the scalar multiplications of the base point and n, and q and m. - * - * r = base point * n + q * m - * - * Return code compliant with OpenSSL. - * - * @param [in] group EC group. - * @param [out] r EC point that is result of operation. - * @param [in] n Scalar to multiply by base point. May be NULL. - * @param [in] q EC point to be scalar multiplied. May be NULL. - * @param [in] m Scalar to multiply q by. May be NULL. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, - const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, - WOLFSSL_BN_CTX *ctx) -{ - int ret = 1; - - /* No BN operations performed. */ - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_mul"); - - /* Validate parameters. */ - if ((group == NULL) || (r == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error"); - ret = 0; - } - - /* Ensure the internal representation of the EC point q is setup. */ - if ((ret == 1) && (q != NULL) && (ec_point_setup(q) != 1)) { - WOLFSSL_MSG("ec_point_setup error"); - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - int nid = wolfSSL_EC_GROUP_get_curve_name(group); - const char* curve = wolfSSL_OBJ_nid2ln(nid); - const char* nistName = wolfSSL_EC_curve_nid2nist(nid); - char* num; - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul input q", q); - num = wolfSSL_BN_bn2hex(n); - WOLFSSL_MSG_EX("\tn = %s", num); - XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); - num = wolfSSL_BN_bn2hex(m); - WOLFSSL_MSG_EX("\tm = %s", num); - XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); - if (curve != NULL) - WOLFSSL_MSG_EX("curve name: %s", curve); - if (nistName != NULL) - WOLFSSL_MSG_EX("nist curve name: %s", nistName); - } -#endif - - if (ret == 1) { - mp_int* ni = (n != NULL) ? (mp_int*)n->internal : NULL; - ecc_point* qi = (q != NULL) ? (ecc_point*)q->internal : NULL; - mp_int* mi = (m != NULL) ? (mp_int*)m->internal : NULL; - - /* Perform multiplication with wolfCrypt objects. */ - ret = wolfssl_ec_point_mul(group->curve_idx, (ecc_point*)r->internal, - ni, qi, mi); - } - - /* Only on success is the internal point guaranteed to be set. */ - if (r != NULL) { - r->inSet = (ret == 1); - } - /* Copy internal EC point values out to external EC point. */ - if ((ret == 1) && (ec_point_external_set(r) != 1)) { - WOLFSSL_MSG("ec_point_external_set error"); - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul result", r); - } -#endif - - return ret; -} -#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST && - * !WOLFSSL_SP_MATH */ - -/* Invert the point on the curve. - * (x, y) -> (x, -y) = (x, (prime - y) % prime) - * - * @param [in] curveIdx Index of curve in ecc_set. - * @param [in, out] point EC point to invert. - * @return 1 on success. - * @return 0 on error. - */ -static int wolfssl_ec_point_invert(int curveIdx, ecc_point* point) -{ - int ret = 1; - WC_DECLARE_VAR(prime, mp_int, 1, 0); - - /* Allocate memory for an MP int to hold the prime of the curve. */ - WC_ALLOC_VAR_EX(prime, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, ret=0); - - /* Initialize MP int. */ - if ((ret == 1) && (mp_init(prime) != MP_OKAY)) { - WOLFSSL_MSG("mp_init_multi error"); - ret = 0; - } - - /* Read the curve parameter: prime. */ - if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, - MP_RADIX_HEX) != MP_OKAY)) { - WOLFSSL_MSG("mp_read_radix prime error"); - ret = 0; - } - - /* y = (prime - y) mod prime. */ - if ((ret == 1) && (!mp_iszero(point->y)) && (mp_sub(prime, point->y, - point->y) != MP_OKAY)) { - WOLFSSL_MSG("mp_sub error"); - ret = 0; - } - - /* Dispose of memory associated with MP. */ - mp_free(prime); - WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); - return ret; -} - -/* Invert the point on the curve. - * (x, y) -> (x, -y) = (x, (prime - y) % prime) - * - * @param [in] group EC group. - * @param [in, out] point EC point to invert. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, - WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx) -{ - int ret = 1; - - /* No BN operations performed. */ - (void)ctx; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_invert"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL) || (point->internal == NULL)) { - ret = 0; - } - - /* Ensure internal representation of point is setup. */ - if ((ret == 1) && (ec_point_setup(point) != 1)) { - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - int nid = wolfSSL_EC_GROUP_get_curve_name(group); - const char* curve = wolfSSL_OBJ_nid2ln(nid); - const char* nistName = wolfSSL_EC_curve_nid2nist(nid); - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert input", point); - if (curve != NULL) - WOLFSSL_MSG_EX("curve name: %s", curve); - if (nistName != NULL) - WOLFSSL_MSG_EX("nist curve name: %s", nistName); - - } -#endif - - if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) { -#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) - if (ec_point_convert_to_affine(group, point) != 0) - ret = 0; -#else - WOLFSSL_MSG("wolfSSL_EC_POINT_invert called on non-affine point"); - ret = 0; -#endif - } - - if (ret == 1) { - /* Perform inversion using wolfCrypt objects. */ - ret = wolfssl_ec_point_invert(group->curve_idx, - (ecc_point*)point->internal); - } - - /* Set the external EC point representation based on internal. */ - if ((ret == 1) && (ec_point_external_set(point) != 1)) { - WOLFSSL_MSG("ec_point_external_set error"); - ret = 0; - } - -#ifdef DEBUG_WOLFSSL - if (ret == 1) { - wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert result", point); - } -#endif - - return ret; -} - -#ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN -/* Compare two points on a the same curve. - * - * (Ax, Ay, Az) => (Ax / (Az ^ 2), Ay / (Az ^ 3)) - * (Bx, By, Bz) => (Bx / (Bz ^ 2), By / (Bz ^ 3)) - * When equal: - * (Ax / (Az ^ 2), Ay / (Az ^ 3)) = (Bx / (Bz ^ 2), By / (Bz ^ 3)) - * => (Ax * (Bz ^ 2), Ay * (Bz ^ 3)) = (Bx * (Az ^ 2), By * (Az ^ 3)) - * - * @param [in] group EC group. - * @param [in] a EC point to compare. - * @param [in] b EC point to compare. - * @return 0 when equal. - * @return 1 when different. - * @return -1 on error. - */ -static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, - const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) -{ - int ret = 0; - BIGNUM* at = BN_new(); - BIGNUM* bt = BN_new(); - BIGNUM* az = BN_new(); - BIGNUM* bz = BN_new(); - BIGNUM* mod = BN_new(); - - /* Check that the big numbers were allocated. */ - if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) || - (mod == NULL)) { - ret = WOLFSSL_FATAL_ERROR; - } - /* Get the modulus for the curve. */ - if ((ret == 0) && - (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - if (ret == 0) { - /* bt = Bx * (Az ^ 2). When Az is one then just copy. */ - if (BN_is_one(a->Z)) { - if (BN_copy(bt, b->X) == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* az = Az ^ 2 */ - else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - /* bt = Bx * az = Bx * (Az ^ 2) */ - else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 0) { - /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */ - if (BN_is_one(b->Z)) { - if (BN_copy(at, a->X) == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* bz = Bz ^ 2 */ - else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - /* at = Ax * bz = Ax * (Bz ^ 2) */ - else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* Compare x-ordinates. */ - if ((ret == 0) && (BN_cmp(at, bt) != 0)) { - ret = 1; - } - if (ret == 0) { - /* bt = By * (Az ^ 3). When Az is one then just copy. */ - if (BN_is_one(a->Z)) { - if (BN_copy(bt, b->Y) == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* az = az * Az = Az ^ 3 */ - else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) { - ret = WOLFSSL_FATAL_ERROR; - } - /* bt = By * az = By * (Az ^ 3) */ - else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - } - if (ret == 0) { - /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */ - if (BN_is_one(b->Z)) { - if (BN_copy(at, a->Y) == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* bz = bz * Bz = Bz ^ 3 */ - else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - /* at = Ay * bz = Ay * (Bz ^ 3) */ - else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) { - ret = WOLFSSL_FATAL_ERROR; - } - } - /* Compare y-ordinates. */ - if ((ret == 0) && (BN_cmp(at, bt) != 0)) { - ret = 1; - } - - BN_free(mod); - BN_free(bz); - BN_free(az); - BN_free(bt); - BN_free(at); - return ret; -} -#endif - -/* Compare two points on a the same curve. - * - * Return code compliant with OpenSSL. - * - * @param [in] group EC group. - * @param [in] a EC point to compare. - * @param [in] b EC point to compare. - * @param [in] ctx Context to use for BN operations. Unused. - * @return 0 when equal. - * @return 1 when different. - * @return -1 on error. - */ -int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, - const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) -{ - int ret = 0; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); - - /* Validate parameters. */ - if ((group == NULL) || (a == NULL) || (a->internal == NULL) || - (b == NULL) || (b->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - if (ret != -1) { - #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN - /* If same Z ordinate then no need to convert to affine. */ - if (BN_cmp(a->Z, b->Z) == 0) { - /* Compare */ - ret = ((BN_cmp(a->X, b->X) != 0) || (BN_cmp(a->Y, b->Y) != 0)); - } - else { - ret = ec_point_cmp_jacobian(group, a, b, ctx); - } - #else - /* No BN operations performed. */ - (void)ctx; - - ret = (wc_ecc_cmp_point((ecc_point*)a->internal, - (ecc_point*)b->internal) != MP_EQ); - #endif - } - - return ret; -} - -/* Copy EC point. - * - * @param [out] dest EC point to copy into. - * @param [in] src EC point to copy. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_copy"); - - /* Validate parameters. */ - if ((dest == NULL) || (src == NULL)) { - ret = 0; - } - - /* Ensure internal EC point of src is setup. */ - if ((ret == 1) && (ec_point_setup(src) != 1)) { - ret = 0; - } - - /* Copy internal EC points. */ - if ((ret == 1) && (wc_ecc_copy_point((ecc_point*)src->internal, - (ecc_point*)dest->internal) != MP_OKAY)) { - ret = 0; - } - - if (ret == 1) { - /* Destinatation internal point is set. */ - dest->inSet = 1; - - /* Set the external EC point of dest based on internal. */ - if (ec_point_external_set(dest) != 1) { - ret = 0; - } - } - - return ret; -} - -/* Checks whether point is at infinity. - * - * Return code compliant with OpenSSL. - * - * @param [in] group EC group. - * @param [in] point EC point to check. - * @return 1 when at infinity. - * @return 0 when not at infinity. - */ -int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, - const WOLFSSL_EC_POINT *point) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity"); - - /* Validate parameters. */ - if ((group == NULL) || (point == NULL) || (point->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error"); - ret = 0; - } - - /* Ensure internal EC point is setup. */ - if ((ret == 1) && (ec_point_setup(point) != 1)) { - ret = 0; - } - if (ret == 1) { - #ifndef WOLF_CRYPTO_CB_ONLY_ECC - /* Check for infinity. */ - ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal); - if (ret < 0) { - WOLFSSL_MSG("ecc_point_is_at_infinity failure"); - /* Error return is 0 by OpenSSL. */ - ret = 0; - } - #else - WOLFSSL_MSG("ecc_point_is_at_infinitiy compiled out"); - ret = 0; - #endif - } - - return ret; -} - -#endif /* OPENSSL_EXTRA */ - -/* End EC_POINT */ - -/* Start EC_KEY */ - -#ifdef OPENSSL_EXTRA - -/* - * EC key constructor/deconstructor APIs - */ - -/* Allocate a new EC key. - * - * Not OpenSSL API. - * - * @param [in] heap Heap hint for dynamic memory allocation. - * @param [in] devId Device identifier value. - * @return New, allocated EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId) -{ - WOLFSSL_EC_KEY *key = NULL; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_new"); - - /* Allocate memory for EC key. */ - key = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), heap, - DYNAMIC_TYPE_ECC); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure"); - err = 1; - } - if (!err) { - /* Reset all fields to 0. */ - XMEMSET(key, 0, sizeof(WOLFSSL_EC_KEY)); - /* Cache heap hint. */ - key->heap = heap; - /* Initialize fields to defaults. */ - key->form = WC_POINT_CONVERSION_UNCOMPRESSED; - - /* Initialize reference count. */ - wolfSSL_RefInit(&key->ref, &err); -#ifdef WOLFSSL_REFCNT_ERROR_RETURN - } - if (!err) { -#endif - /* Allocate memory for internal EC key representation. */ - key->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, - DYNAMIC_TYPE_ECC); - if (key->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure"); - err = 1; - } - } - if (!err) { - /* Initialize wolfCrypt EC key. */ - if (wc_ecc_init_ex((ecc_key*)key->internal, heap, devId) != 0) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure"); - err = 1; - } - } - - if (!err) { - /* Group unknown at creation */ - key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef); - if (key->group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); - err = 1; - } - } - - if (!err) { - /* Allocate a point as public key. */ - key->pub_key = wolfSSL_EC_POINT_new(key->group); - if (key->pub_key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new failure"); - err = 1; - } - } - - if (!err) { - /* Allocate a BN as private key. */ - key->priv_key = wolfSSL_BN_new(); - if (key->priv_key == NULL) { - WOLFSSL_MSG("wolfSSL_BN_new failure"); - err = 1; - } - } - - if (err) { - /* Dispose of EC key on error. */ - wolfSSL_EC_KEY_free(key); - key = NULL; - } - /* Return new EC key object. */ - return key; -} - -/* Allocate a new EC key. - * - * @return New, allocated EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) -{ - return wolfSSL_EC_KEY_new_ex(NULL, INVALID_DEVID); -} - -/* Create new EC key with the group having the specified numeric ID. - * - * @param [in] nid Numeric ID. - * @return New, allocated EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) -{ - WOLFSSL_EC_KEY *key; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name"); - - /* Allocate empty, EC key. */ - key = wolfSSL_EC_KEY_new(); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); - err = 1; - } - - if (!err) { - /* Set group to be nid. */ - ec_group_set_nid(key->group, nid); - if (key->group->curve_idx == -1) { - wolfSSL_EC_KEY_free(key); - key = NULL; - } - } - - /* Return the new EC key object. */ - return key; -} - -/* Dispose of the EC key and allocated data. - * - * Cannot use key after this call. - * - * @param [in] key EC key to free. - */ -void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key) -{ - int doFree = 0; - int err; - - (void)err; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_free"); - - if (key != NULL) { - void* heap = key->heap; - - /* Decrement reference count. */ - wolfSSL_RefDec(&key->ref, &doFree, &err); - if (doFree) { - /* Dispose of allocated reference counting data. */ - wolfSSL_RefFree(&key->ref); - - /* Dispose of private key. */ - wolfSSL_BN_free(key->priv_key); - wolfSSL_EC_POINT_free(key->pub_key); - wolfSSL_EC_GROUP_free(key->group); - if (key->internal != NULL) { - /* Dispose of wolfCrypt representation of EC key. */ - wc_ecc_free((ecc_key*)key->internal); - XFREE(key->internal, heap, DYNAMIC_TYPE_ECC); - } - - /* Set back to NULLs for safety. */ - ForceZero(key, sizeof(*key)); - - /* Dispose of the memory associated with the EC key. */ - XFREE(key, heap, DYNAMIC_TYPE_ECC); - (void)heap; - } - } -} - -/* Increments ref count of EC key. - * - * @param [in, out] key EC key. - * @return 1 on success - * @return 0 on error - */ -int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key) -{ - int err = 1; - - if (key != NULL) { - wolfSSL_RefInc(&key->ref, &err); - } - - return !err; -} - -#ifndef NO_CERTS - -#if defined(OPENSSL_ALL) -/* Copy the internal, wolfCrypt EC key. - * - * @param [in, out] dst Destination wolfCrypt EC key. - * @param [in] src Source wolfCrypt EC key. - * @return 0 on success. - * @return Negative on error. - */ -static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src) -{ - int ret; - - /* Copy public key. */ -#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) - ret = wc_ecc_copy_point(&src->pubkey, &dst->pubkey); -#else - ret = wc_ecc_copy_point((ecc_point*)&src->pubkey, &dst->pubkey); -#endif - if (ret != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_copy_point error"); - } - - if (ret == 0) { - /* Copy private key. */ - ret = mp_copy(wc_ecc_key_get_priv((ecc_key*)src), - wc_ecc_key_get_priv(dst)); - if (ret != MP_OKAY) { - WOLFSSL_MSG("mp_copy error"); - } - } - - if (ret == 0) { - /* Copy domain parameters. */ - if (src->dp) { - ret = wc_ecc_set_curve(dst, 0, src->dp->id); - if (ret != 0) { - WOLFSSL_MSG("wc_ecc_set_curve error"); - } - } - } - - if (ret == 0) { - /* Copy the other components. */ - dst->type = src->type; - dst->idx = src->idx; - dst->state = src->state; - dst->flags = src->flags; - } - - return ret; -} - -/* Copies ecc_key into new WOLFSSL_EC_KEY object - * - * Copies the internal representation as well. - * - * @param [in] src EC key to duplicate. - * - * @return EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src) -{ - int err = 0; - WOLFSSL_EC_KEY* newKey = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_dup"); - - /* Validate EC key. */ - if ((src == NULL) || (src->internal == NULL) || (src->group == NULL) || - (src->pub_key == NULL) || (src->priv_key == NULL)) { - WOLFSSL_MSG("src NULL error"); - err = 1; - } - - if (!err) { - /* Create a new, empty key. */ - newKey = wolfSSL_EC_KEY_new(); - if (newKey == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); - err = 1; - } - } - - if (!err) { - /* Copy internal EC key. */ - if (wolfssl_ec_key_int_copy((ecc_key*)newKey->internal, - (ecc_key*)src->internal) != 0) { - WOLFSSL_MSG("Copying internal EC key error"); - err = 1; - } - } - if (!err) { - /* Internal key set. */ - newKey->inSet = 1; - - /* Copy group */ - err = wolfssl_ec_group_copy(newKey->group, src->group); - } - /* Copy public key. */ - if ((!err) && (wolfSSL_EC_POINT_copy(newKey->pub_key, src->pub_key) != 1)) { - WOLFSSL_MSG("Copying EC public key error"); - err = 1; - } - - if (!err) { - /* Set header size of private key in PKCS#8 format.*/ - newKey->pkcs8HeaderSz = src->pkcs8HeaderSz; - - /* Copy private key. */ - if (wolfSSL_BN_copy(newKey->priv_key, src->priv_key) == NULL) { - WOLFSSL_MSG("Copying EC private key error"); - err = 1; - } - } - - if (err) { - /* Dispose of EC key on error. */ - wolfSSL_EC_KEY_free(newKey); - newKey = NULL; - } - /* Return the new EC key. */ - return newKey; -} - -#endif /* OPENSSL_ALL */ - -#endif /* !NO_CERTS */ - -/* - * EC key to/from bin/octet APIs - */ - -/* Create an EC key from the octet encoded public key. - * - * Behaviour checked against OpenSSL. - * - * @param [out] key Reference to EC key. Must pass in a valid object with - * group set. - * @param [in, out] in On in, reference to buffer that contains data. - * On out, reference to buffer after public key data. - * @param [in] len Length of data in the buffer. Must be length of the - * encoded public key. - * @return Allocated EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **key, - const unsigned char **in, long len) -{ - int err = 0; - WOLFSSL_EC_KEY* ret = NULL; - - WOLFSSL_ENTER("wolfSSL_o2i_ECPublicKey"); - - /* Validate parameters: EC group needed to perform import. */ - if ((key == NULL) || (*key == NULL) || ((*key)->group == NULL) || - (in == NULL) || (*in == NULL) || (len <= 0)) { - WOLFSSL_MSG("wolfSSL_o2i_ECPublicKey Bad arguments"); - err = 1; - } - - if (!err) { - /* Return the EC key object passed in. */ - ret = *key; - - /* Import point into public key field. */ - if (wolfSSL_EC_POINT_oct2point(ret->group, ret->pub_key, *in, - (size_t)len, NULL) != 1) { - WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point error"); - ret = NULL; - err = 1; - } - } - if (!err) { - /* Assumed length passed in is all the data. */ - *in += len; - } - - return ret; -} - -/* Puts the encoded public key into out. - * - * Passing in NULL for out returns length only. - * Passing in NULL for *out has buffer allocated, encoded into and passed back. - * Passing non-NULL for *out has it encoded into and pointer moved past. - * - * @param [in] key EC key to encode. - * @param [in, out] out Reference to buffer to encode into. May be NULL or - * point to NULL. - * @return Length of encoding in bytes on success. - * @return 0 on error. - */ -int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out) -{ - int ret = 1; - size_t len = 0; - int form = WC_POINT_CONVERSION_UNCOMPRESSED; - - WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey"); - - /* Validate parameters. */ - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_i2o_ECPublicKey Bad arguments"); - ret = 0; - } - - /* Ensure the external key data is set from the internal EC key. */ - if ((ret == 1) && (!key->exSet) && (SetECKeyExternal((WOLFSSL_EC_KEY*) - key) != 1)) { - WOLFSSL_MSG("SetECKeyExternal failure"); - ret = 0; - } - - if (ret == 1) { - #ifdef HAVE_COMP_KEY - /* Default to compressed form if not set */ - form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ? - WC_POINT_CONVERSION_UNCOMPRESSED : - WC_POINT_CONVERSION_COMPRESSED; - #endif - - /* Calculate length of point encoding. */ - len = wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, form, NULL, - 0, NULL); - } - /* Encode if length calculated and pointer supplied to update. */ - if ((ret == 1) && (len != 0) && (out != NULL)) { - unsigned char *tmp = NULL; - - /* Allocate buffer for encoding if no buffer supplied. */ - if (*out == NULL) { - tmp = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); - if (tmp == NULL) { - WOLFSSL_MSG("malloc failed"); - ret = 0; - } - } - else { - /* Get buffer to encode into. */ - tmp = *out; - } - - /* Encode public key into buffer. */ - if ((ret == 1) && (wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, - form, tmp, len, NULL) == 0)) { - ret = 0; - } - - if (ret == 1) { - /* Return buffer if allocated. */ - if (*out == NULL) { - *out = tmp; - } - else { - /* Step over encoded data if not allocated. */ - *out += len; - } - } - else if (*out == NULL) { - /* Dispose of allocated buffer. */ - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - } - } - - if (ret == 1) { - /* Return length on success. */ - ret = (int)len; - } - return ret; -} - -#ifdef HAVE_ECC_KEY_IMPORT -/* Create a EC key from the DER encoded private key. - * - * @param [out] key Reference to EC key. - * @param [in, out] in On in, reference to buffer that contains DER data. - * On out, reference to buffer after private key data. - * @param [in] long Length of data in the buffer. May be larger than the - * length of the encoded private key. - * @return Allocated EC key on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key, - const unsigned char** in, long len) -{ - int err = 0; - word32 idx = 0; - WOLFSSL_EC_KEY* ret = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_ECPrivateKey"); - - /* Validate parameters. */ - if ((in == NULL) || (*in == NULL) || (len <= 0)) { - WOLFSSL_MSG("wolfSSL_d2i_ECPrivateKey Bad arguments"); - err = 1; - } - - /* Create a new, empty EC key. */ - if ((!err) && ((ret = wolfSSL_EC_KEY_new()) == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); - err = 1; - } - - /* Decode the private key DER data into internal EC key. */ - if ((!err) && (wc_EccPrivateKeyDecode(*in, &idx, (ecc_key*)ret->internal, - (word32)len) != 0)) { - WOLFSSL_MSG("wc_EccPrivateKeyDecode error"); - err = 1; - } - - if (!err) { - /* Internal EC key setup. */ - ret->inSet = 1; - - /* Set the EC key from the internal values. */ - if (SetECKeyExternal(ret) != 1) { - WOLFSSL_MSG("SetECKeyExternal error"); - err = 1; - } - } - - if (!err) { - /* Move buffer on to next byte after data used. */ - *in += idx; - if (key) { - /* Return new EC key through reference. */ - *key = ret; - } - } - - if (err && (ret != NULL)) { - /* Dispose of allocated EC key. */ - wolfSSL_EC_KEY_free(ret); - ret = NULL; - } - return ret; -} -#endif /* HAVE_ECC_KEY_IMPORT */ - -/* Enecode the private key of the EC key into the buffer as DER. - * - * @param [in] key EC key to encode. - * @param [in, out] out On in, reference to buffer to place DER encoding into. - * On out, reference to buffer after the encoding. - * May be NULL. - * @return Length of DER encoding on success. - * @return 0 on error. - */ -int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out) -{ - int err = 0; - word32 len = 0; - - WOLFSSL_ENTER("wolfSSL_i2d_ECPrivateKey"); - - /* Validate parameters. */ - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_i2d_ECPrivateKey Bad arguments"); - err = 1; - } - - /* Update the internal EC key if not set. */ - if ((!err) && (!key->inSet) && (SetECKeyInternal((WOLFSSL_EC_KEY*)key) != - 1)) { - WOLFSSL_MSG("SetECKeyInternal error"); - err = 1; - } - - /* Calculate the length of the private key DER encoding using internal EC - * key. */ - if ((!err) && ((int)(len = (word32)wc_EccKeyDerSize((ecc_key*)key->internal, - 0)) <= 0)) { - WOLFSSL_MSG("wc_EccKeyDerSize error"); - err = 1; - } - - /* Only return length when out is NULL. */ - if ((!err) && (out != NULL)) { - unsigned char* buf = NULL; - - /* Must have a buffer to encode into. */ - if (*out == NULL) { - /* Allocate a new buffer of appropriate length. */ - buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - /* Error and return 0. */ - err = 1; - len = 0; - } - else { - /* Return the allocated buffer. */ - *out = buf; - } - } - /* Encode the internal EC key as a private key in DER format. */ - if ((!err) && wc_EccPrivateKeyToDer((ecc_key*)key->internal, *out, - len) < 0) { - WOLFSSL_MSG("wc_EccPrivateKeyToDer error"); - err = 1; - } - else if (buf != *out) { - /* Move the reference to byte past encoded private key. */ - *out += len; - } - - /* Dispose of any allocated buffer on error. */ - if (err && (*out == buf)) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - *out = NULL; - } - } - - return (int)len; -} - -/* Load private key into EC key from DER encoding. - * - * Not an OpenSSL compatibility API. - * - * @param [in, out] key EC key to put private key values into. - * @param [in] derBuf Buffer holding DER encoding. - * @param [in] derSz Size of DER encoding in bytes. - * @return 1 on success. - * @return -1 on error. - */ -int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, - int derSz) -{ - return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz, - WOLFSSL_EC_KEY_LOAD_PRIVATE); -} - -/* Load private/public key into EC key from DER encoding. - * - * Not an OpenSSL compatibility API. - * - * @param [in, out] key EC key to put private/public key values into. - * @param [in] derBuf Buffer holding DER encoding. - * @param [in] derSz Size of DER encoding in bytes. - * @param [in] opt Key type option. Valid values: - * WOLFSSL_EC_KEY_LOAD_PRIVATE, - * WOLFSSL_EC_KEY_LOAD_PUBLIC. - * @return 1 on success. - * @return -1 on error. - */ -int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, - int derSz, int opt) -{ - int res = 1; - int ret; - word32 idx = 0; - word32 algId; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer"); - - /* Validate parameters. */ - if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) || - (derSz <= 0)) { - WOLFSSL_MSG("Bad function arguments"); - res = WOLFSSL_FATAL_ERROR; - } - if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) && - (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) { - res = WOLFSSL_FATAL_ERROR; - } - - if (res == 1) { - /* Assume no PKCS#8 header. */ - key->pkcs8HeaderSz = 0; - - /* Check if input buffer has PKCS8 header. In the case that it does not - * have a PKCS8 header then do not error out. - */ - if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx, - (word32)derSz, &algId)) > 0) { - WOLFSSL_MSG("Found PKCS8 header"); - key->pkcs8HeaderSz = (word16)idx; - res = 1; - } - /* Error out on parsing error. */ - else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { - WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); - res = WOLFSSL_FATAL_ERROR; - } - } - - if (res == 1) { - /* Load into internal EC key based on key type option. */ - if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { - ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, - (word32)derSz); - } - else { - ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal, - (word32)derSz); - if (ret < 0) { - ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key), - ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC); - if (tmp == NULL) { - ret = WOLFSSL_FATAL_ERROR; - } - else { - /* We now try again as x.963 [point type][x][opt y]. */ - ret = wc_ecc_init_ex(tmp, ((ecc_key*)key->internal)->heap, - INVALID_DEVID); - if (ret == 0) { - ret = wc_ecc_import_x963(derBuf, (word32)derSz, tmp); - if (ret == 0) { - /* Take ownership of new key - set tmp to the old - * key which will then be freed below. */ - ecc_key *old = (ecc_key *)key->internal; - key->internal = tmp; - tmp = old; - - idx = (word32)derSz; - } - wc_ecc_free(tmp); - } - XFREE(tmp, ((ecc_key*)key->internal)->heap, - DYNAMIC_TYPE_ECC); - } - } - } - if (ret < 0) { - /* Error returned from wolfSSL. */ - if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { - WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); - } - else { - WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); - } - res = WOLFSSL_FATAL_ERROR; - } - - /* Internal key updated - update whether it is a valid key. */ - key->inSet = (res == 1); - } - - /* Set the external EC key based on value in internal. */ - if ((res == 1) && (SetECKeyExternal(key) != 1)) { - WOLFSSL_MSG("SetECKeyExternal failed"); - res = WOLFSSL_FATAL_ERROR; - } - - return res; -} - - -#ifndef NO_BIO - -WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, - WOLFSSL_EC_KEY **out) -{ - char* data = NULL; - int dataSz = 0; - int memAlloced = 0; - WOLFSSL_EC_KEY* ec = NULL; - int err = 0; - - WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio"); - - if (bio == NULL) - return NULL; - - if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { - WOLFSSL_ERROR_MSG("wolfssl_read_bio failed"); - err = 1; - } - - if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) { - WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed"); - err = 1; - } - - /* Load the EC key with the public key from the DER encoding. */ - if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data, - dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { - WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed"); - err = 1; - } - - if (memAlloced) - XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (err) { /* on error */ - wolfSSL_EC_KEY_free(ec); - ec = NULL; - } - else { /* on success */ - if (out != NULL) - *out = ec; - } - - return ec; -} - -#endif /* !NO_BIO */ - -/* - * EC key PEM APIs - */ - -#ifdef HAVE_ECC_KEY_EXPORT -#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_FILESYSTEM) || !defined(NO_BIO)) -/* Encode the EC public key as DER. - * - * @param [in] key EC key to encode. - * @param [out] der Pointer through which buffer is returned. - * @param [in] heap Heap hint. - * @return Size of encoding on success. - * @return 0 on error. - */ -static int wolfssl_ec_key_to_pubkey_der(WOLFSSL_EC_KEY* key, - unsigned char** der, void* heap) -{ - int sz; - unsigned char* buf = NULL; - - (void)heap; - - /* Calculate encoded size to allocate. */ - sz = wc_EccPublicKeyDerSize((ecc_key*)key->internal, 1); - if (sz <= 0) { - WOLFSSL_MSG("wc_EccPublicKeyDerSize failed"); - sz = 0; - } - if (sz > 0) { - /* Allocate memory to hold encoding. */ - buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) { - WOLFSSL_MSG("malloc failed"); - sz = 0; - } - } - if (sz > 0) { - /* Encode public key to DER using wolfSSL. */ - sz = wc_EccPublicKeyToDer((ecc_key*)key->internal, buf, (word32)sz, 1); - if (sz < 0) { - WOLFSSL_MSG("wc_EccPublicKeyToDer failed"); - sz = 0; - } - } - - /* Return buffer on success. */ - if (sz > 0) { - *der = buf; - } - else { - /* Dispose of any dynamically allocated data not returned. */ - XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); - } - - return sz; -} -#endif - -#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_KEY_GEN) -/* - * Return code compliant with OpenSSL. - * - * @param [in] fp File pointer to write PEM encoding to. - * @param [in] key EC key to encode and write. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key) -{ - int ret = 1; - unsigned char* derBuf = NULL; - int derSz = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_write_EC_PUBKEY"); - - /* Validate parameters. */ - if ((fp == XBADFILE) || (key == NULL)) { - WOLFSSL_MSG("Bad argument."); - return 0; - } - - /* Encode public key in EC key as DER. */ - derSz = wolfssl_ec_key_to_pubkey_der(key, &derBuf, key->heap); - if (derSz == 0) { - ret = 0; - } - - /* Write out to file the PEM encoding of the DER. */ - if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, - ECC_PUBLICKEY_TYPE, key->heap) != 1)) { - ret = 0; - } - - /* Dispose of any dynamically allocated data. */ - XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - - WOLFSSL_LEAVE("wolfSSL_PEM_write_EC_PUBKEY", ret); - - return ret; -} -#endif -#endif - -#ifndef NO_BIO -/* Read a PEM encoded EC public key from a BIO. - * - * @param [in] bio BIO to read EC public key from. - * @param [out] out Pointer to return EC key object through. May be NULL. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM - * encrypted. - * @return New EC key object on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, - WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass) -{ - int err = 0; - WOLFSSL_EC_KEY* ec = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY"); - - /* Validate parameters. */ - if (bio == NULL) { - err = 1; - } - - if (!err) { - /* Create an empty EC key. */ - ec = wolfSSL_EC_KEY_new(); - if (ec == NULL) { - err = 1; - } - } - /* Read a PEM key in to a new DER buffer. */ - if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PUBLICKEY_TYPE, - &keyFormat, &der) <= 0)) { - err = 1; - } - /* Load the EC key with the public key from the DER encoding. */ - if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length, - WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1)) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY"); - err = 1; - } - - /* Dispose of dynamically allocated data not needed anymore. */ - FreeDer(&der); - if (err) { - wolfSSL_EC_KEY_free(ec); - ec = NULL; - } - - /* Return EC key through out if required. */ - if ((out != NULL) && (ec != NULL)) { - *out = ec; - } - return ec; -} - -/* Read a PEM encoded EC private key from a BIO. - * - * @param [in] bio BIO to read EC private key from. - * @param [out] out Pointer to return EC key object through. May be NULL. - * @param [in] cb Password callback when PEM encrypted. - * @param [in] pass NUL terminated string for passphrase when PEM - * encrypted. - * @return New EC key object on success. - * @return NULL on error. - */ -WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, - WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass) -{ - int err = 0; - WOLFSSL_EC_KEY* ec = NULL; - DerBuffer* der = NULL; - int keyFormat = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey"); - - /* Validate parameters. */ - if (bio == NULL) { - err = 1; - } - - if (!err) { - /* Create an empty EC key. */ - ec = wolfSSL_EC_KEY_new(); - if (ec == NULL) { - err = 1; - } - } - /* Read a PEM key in to a new DER buffer. - * To check ENC EC PRIVATE KEY, it uses PRIVATEKEY_TYPE to call - * pem_read_bio_key(), and then check key format if it is EC. - */ - if ((!err) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, - &keyFormat, &der) <= 0)) { - err = 1; - } - if (keyFormat != ECDSAk) { - WOLFSSL_ERROR_MSG("Error not EC key format"); - err = 1; - } - /* Load the EC key with the private key from the DER encoding. */ - if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length, - WOLFSSL_EC_KEY_LOAD_PRIVATE) != 1)) { - WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY"); - err = 1; - } - - /* Dispose of dynamically allocated data not needed anymore. */ - FreeDer(&der); - if (err) { - wolfSSL_EC_KEY_free(ec); - ec = NULL; - } - - /* Return EC key through out if required. */ - if ((out != NULL) && (ec != NULL)) { - *out = ec; - } - return ec; -} -#endif /* !NO_BIO */ - -#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC_KEY_EXPORT) -#ifndef NO_BIO -/* Write out the EC public key as PEM to the BIO. - * - * @param [in] bio BIO to write PEM encoding to. - * @param [in] ec EC public key to encode. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) -{ - int ret = 1; - unsigned char* derBuf = NULL; - int derSz = 0; - - WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY"); - - /* Validate parameters. */ - if ((bio == NULL) || (ec == NULL)) { - WOLFSSL_MSG("Bad Function Arguments"); - return 0; - } - - /* Encode public key in EC key as DER. */ - derSz = wolfssl_ec_key_to_pubkey_der(ec, &derBuf, ec->heap); - if (derSz == 0) { - ret = 0; - } - - /* Write out to BIO the PEM encoding of the EC public key. */ - if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, - ECC_PUBLICKEY_TYPE) != 1)) { - ret = 0; - } - - /* Dispose of any dynamically allocated data. */ - XFREE(derBuf, ec->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -/* Write out the EC private key as PEM to the BIO. - * - * Return code compliant with OpenSSL. - * - * @param [in] bio BIO to write PEM encoding to. - * @param [in] ec EC private key to encode. - * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. - * @param [in] passwd Password string when PEM encrypted. May be NULL. - * @param [in] passwdSz Length of password string when PEM encrypted. - * @param [in] cb Password callback when PEM encrypted. Unused. - * @param [in] pass NUL terminated string for passphrase when PEM - * encrypted. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, - const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - wc_pem_password_cb* cb, void* arg) -{ - int ret = 1; - unsigned char* pem = NULL; - int pLen = 0; - - (void)cb; - (void)arg; - - /* Validate parameters. */ - if ((bio == NULL) || (ec == NULL)) { - ret = 0; - } - - /* Write EC private key to PEM. */ - if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd, - passwdSz, &pem, &pLen) != 1)) { - ret = 0; - } - /* Write PEM to BIO. */ - if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) { - WOLFSSL_ERROR_MSG("EC private key BIO write failed"); - ret = 0; - } - - XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - - return ret; -} - -#endif /* !NO_BIO */ - -/* Encode the EC private key as PEM into buffer. - * - * Return code compliant with OpenSSL. - * Not an OpenSSL API. - * - * @param [in] ec EC private key to encode. - * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. - * @param [in] passwd Password string when PEM encrypted. May be NULL. - * @param [in] passwdSz Length of password string when PEM encrypted. - * @param [out] pem Newly allocated buffer holding PEM encoding. - * @param [out] pLen Length of PEM encoding in bytes. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, - const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, - unsigned char **pem, int *pLen) -{ -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - int ret = 1; - byte* derBuf = NULL; - word32 der_max_len = 0; - int derSz = 0; - - WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey"); - - /* Validate parameters. */ - if ((pem == NULL) || (pLen == NULL) || (ec == NULL) || - (ec->internal == NULL)) { - WOLFSSL_MSG("Bad function arguments"); - ret = 0; - } - - /* Ensure internal EC key is set from external. */ - if ((ret == 1) && (ec->inSet == 0)) { - WOLFSSL_MSG("No ECC internal set, do it"); - - if (SetECKeyInternal(ec) != 1) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = 0; - } - } - - if (ret == 1) { - /* Calculate maximum size of DER encoding. - * 4 > size of pub, priv + ASN.1 additional information */ - der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) + - WC_AES_BLOCK_SIZE; - - /* Allocate buffer big enough to hold encoding. */ - derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - ret = 0; - } - } - - if (ret == 1) { - /* Encode EC private key as DER. */ - derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len); - if (derSz < 0) { - WOLFSSL_MSG("wc_EccKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - ret = 0; - } - } - - /* Convert DER to PEM - possibly encrypting. */ - if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd, - passwdSz, ECC_PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) { - WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed"); - ret = 0; - } - - return ret; -#else - (void)ec; - (void)cipher; - (void)passwd; - (void)passwdSz; - (void)pem; - (void)pLen; - return 0; -#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ -} - -#ifndef NO_FILESYSTEM -/* Write out the EC private key as PEM to file. - * - * Return code compliant with OpenSSL. - * - * @param [in] fp File pointer to write PEM encoding to. - * @param [in] ec EC private key to encode. - * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. - * @param [in] passwd Password string when PEM encrypted. May be NULL. - * @param [in] passwdSz Length of password string when PEM encrypted. - * @param [in] cb Password callback when PEM encrypted. Unused. - * @param [in] pass NUL terminated string for passphrase when PEM - * encrypted. Unused. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec, - const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, - wc_pem_password_cb *cb, void *pass) -{ - int ret = 1; - byte *pem = NULL; - int pLen = 0; - - (void)cb; - (void)pass; - - WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey"); - - /* Validate parameters. */ - if ((fp == XBADFILE) || (ec == NULL) || (ec->internal == NULL)) { - WOLFSSL_MSG("Bad function arguments"); - ret = 0; - } - - /* Write EC private key to PEM. */ - if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd, - passwdSz, &pem, &pLen) != 1)) { - WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed"); - ret = 0; - } - - /* Write out to file the PEM encoding of the EC private key. */ - if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) { - WOLFSSL_MSG("ECC private key file write failed"); - ret = 0; - } - - /* Dispose of any dynamically allocated data. */ - XFREE(pem, NULL, DYNAMIC_TYPE_KEY); - - return ret; -} - -#endif /* NO_FILESYSTEM */ -#endif /* WOLFSSL_KEY_GEN && HAVE_ECC_KEY_EXPORT */ - -/* - * EC key print APIs - */ - -#ifndef NO_CERTS - -#if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) -/* Print the EC key to a file pointer as text. - * - * @param [in] fp File pointer. - * @param [in] key EC key to print. - * @param [in] indent Number of spaces to place before each line printed. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent) -{ - int ret = 1; - int bits = 0; - int priv = 0; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_print_fp"); - - /* Validate parameters. */ - if ((fp == XBADFILE) || (key == NULL) || (key->group == NULL) || - (indent < 0)) { - ret = 0; - } - - if (ret == 1) { - /* Get EC groups order size in bits. */ - bits = wolfSSL_EC_GROUP_order_bits(key->group); - if (bits <= 0) { - WOLFSSL_MSG("Failed to get group order bits."); - ret = 0; - } - } - if (ret == 1) { - const char* keyType; - - /* Determine whether this is a private or public key. */ - if ((key->priv_key != NULL) && (!wolfSSL_BN_is_zero(key->priv_key))) { - keyType = "Private-Key"; - priv = 1; - } - else { - keyType = "Public-Key"; - } - - /* Print key header. */ - if (XFPRINTF(fp, "%*s%s: (%d bit)\n", indent, "", keyType, bits) < 0) { - ret = 0; - } - } - if ((ret == 1) && priv) { - /* Print the private key BN. */ - ret = pk_bn_field_print_fp(fp, indent, "priv", key->priv_key); - } - /* Check for public key data in EC key. */ - if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) { - /* Get the public key point as one BN. */ - WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group, - key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); - if (pubBn == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed."); - ret = 0; - } - else { - /* Print the public key in a BN. */ - ret = pk_bn_field_print_fp(fp, indent, "pub", pubBn); - wolfSSL_BN_free(pubBn); - } - } - if (ret == 1) { - /* Get the NID of the group. */ - int nid = wolfSSL_EC_GROUP_get_curve_name(key->group); - if (nid > 0) { - /* Convert the NID into a long name and NIST name. */ - const char* curve = wolfSSL_OBJ_nid2ln(nid); - const char* nistName = wolfSSL_EC_curve_nid2nist(nid); - - /* Print OID name if known. */ - if ((curve != NULL) && - (XFPRINTF(fp, "%*sASN1 OID: %s\n", indent, "", curve) < 0)) { - ret = 0; - } - /* Print NIST curve name if known. */ - if ((nistName != NULL) && - (XFPRINTF(fp, "%*sNIST CURVE: %s\n", indent, "", - nistName) < 0)) { - ret = 0; - } - } - } - - - WOLFSSL_LEAVE("wolfSSL_EC_KEY_print_fp", ret); - - return ret; -} -#endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ - -#endif /* !NO_CERTS */ - -/* - * EC_KEY get/set/test APIs - */ - -/* Set data of internal, wolfCrypt EC key object into EC key. - * - * EC_KEY wolfSSL -> OpenSSL - * - * @param [in, out] p EC key to update. - * @return 1 on success. - * @return -1 on failure. - */ -int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) -{ - int ret = 1; - - WOLFSSL_ENTER("SetECKeyExternal"); - - /* Validate parameter. */ - if ((eckey == NULL) || (eckey->internal == NULL)) { - WOLFSSL_MSG("ec key NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - else { - ecc_key* key = (ecc_key*)eckey->internal; - - /* Set group (OID, nid and idx) from wolfCrypt EC key. */ - eckey->group->curve_oid = (int)key->dp->oidSum; - eckey->group->curve_nid = EccEnumToNID(key->dp->id); - eckey->group->curve_idx = key->idx; - - if (eckey->pub_key->internal != NULL) { - /* Copy internal public point from internal key's public point. */ - if (wc_ecc_copy_point(&key->pubkey, - (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { - WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Set external public key from internal wolfCrypt, public key. */ - if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) { - WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - /* set the external privkey */ - if ((ret == 1) && (key->type == ECC_PRIVATEKEY) && - (wolfssl_bn_set_value(&eckey->priv_key, - wc_ecc_key_get_priv(key)) != 1)) { - WOLFSSL_MSG("ec priv key error"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* External values set when operations succeeded. */ - eckey->exSet = (ret == 1); - } - - return ret; -} - -/* Set data of EC key into internal, wolfCrypt EC key object. - * - * EC_KEY Openssl -> WolfSSL - * - * @param [in, out] p EC key to update. - * @return 1 on success. - * @return -1 on failure. - */ -int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) -{ - int ret = 1; - - WOLFSSL_ENTER("SetECKeyInternal"); - - /* Validate parameter. */ - if ((eckey == NULL) || (eckey->internal == NULL) || - (eckey->group == NULL)) { - WOLFSSL_MSG("ec key NULL error"); - ret = WOLFSSL_FATAL_ERROR; - } - else { - ecc_key* key = (ecc_key*)eckey->internal; - int pubSet = 0; - - /* Validate group. */ - if ((eckey->group->curve_idx < 0) || - (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) { - WOLFSSL_MSG("invalid curve idx"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - /* Set group (idx of curve and corresponding domain parameters). */ - key->idx = eckey->group->curve_idx; - key->dp = &ecc_sets[key->idx]; - pubSet = (eckey->pub_key != NULL); - } - /* Set public key (point). */ - if ((ret == 1) && pubSet) { - if (ec_point_internal_set(eckey->pub_key) != 1) { - WOLFSSL_MSG("ec key pub error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* Copy public point to key. */ - if ((ret == 1) && (wc_ecc_copy_point( - (ecc_point*)eckey->pub_key->internal, &key->pubkey) != - MP_OKAY)) { - WOLFSSL_MSG("wc_ecc_copy_point error"); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 1) { - /* Set that the internal key is a public key */ - key->type = ECC_PUBLICKEY; - } - } - - /* set privkey */ - if ((ret == 1) && (eckey->priv_key != NULL)) { - if (wolfssl_bn_get_value(eckey->priv_key, - wc_ecc_key_get_priv(key)) != 1) { - WOLFSSL_MSG("ec key priv error"); - ret = WOLFSSL_FATAL_ERROR; - } - /* private key */ - if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) { - if (pubSet) { - key->type = ECC_PRIVATEKEY; - } - else { - key->type = ECC_PRIVATEKEY_ONLY; - } - } - } - - /* Internal values set when operations succeeded. */ - eckey->inSet = (ret == 1); - } - - return ret; -} - -/* Get point conversion format of EC key. - * - * @param [in] key EC key. - * @return Point conversion format on success. - * @return -1 on error. - */ -wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form( - const WOLFSSL_EC_KEY* key) -{ - if (key == NULL) - return WOLFSSL_FATAL_ERROR; - return key->form; -} - -/* Set point conversion format into EC key. - * - * @param [in, out] key EC key to set format into. - * @param [in] form Point conversion format. Valid values: - * WC_POINT_CONVERSION_UNCOMPRESSED, - * WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY) - */ -void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form) -{ - if (key == NULL) { - WOLFSSL_MSG("Key passed in NULL"); - } - else if (form == WC_POINT_CONVERSION_UNCOMPRESSED -#ifdef HAVE_COMP_KEY - || form == WC_POINT_CONVERSION_COMPRESSED -#endif - ) { - key->form = (unsigned char)form; - } - else { - WOLFSSL_MSG("Incorrect form or HAVE_COMP_KEY not compiled in"); - } -} - -/* Get the EC group object that is in EC key. - * - * @param [in] key EC key. - * @return EC group object on success. - * @return NULL when key is NULL. - */ -const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key) -{ - WOLFSSL_EC_GROUP* group = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group"); - - if (key != NULL) { - group = key->group; - } - - return group; -} - -/* Set the group in WOLFSSL_EC_KEY - * - * @param [in, out] key EC key to update. - * @param [in] group EC group to copy. - * @return 1 on success - * @return 0 on failure. - */ -int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); - - /* Validate parameters. */ - if ((key == NULL) || (group == NULL)) { - ret = 0; - } - - if (ret == 1) { - /* Dispose of the current group. */ - if (key->group != NULL) { - wolfSSL_EC_GROUP_free(key->group); - } - /* Duplicate the passed in group into EC key. */ - key->group = wolfSSL_EC_GROUP_dup(group); - if (key->group == NULL) { - ret = 0; - } - } - - return ret; -} - -/* Get the BN object that is the private key in the EC key. - * - * @param [in] key EC key. - * @return BN object on success. - * @return NULL when key is NULL or private key is not set. - */ -WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key) -{ - WOLFSSL_BIGNUM* priv_key = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key"); - - /* Validate parameter. */ - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments"); - } - /* Only return private key if it is not 0. */ - else if (!wolfSSL_BN_is_zero(key->priv_key)) { - priv_key = key->priv_key; - } - - return priv_key; -} - -/* Sets the private key value into EC key. - * - * Return code compliant with OpenSSL. - * - * @param [in, out] key EC key to set. - * @param [in] priv_key Private key value in a BN. - * @return 1 on success - * @return 0 on failure. - */ -int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, - const WOLFSSL_BIGNUM *priv_key) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key"); - - /* Validate parameters. */ - if ((key == NULL) || (priv_key == NULL)) { - WOLFSSL_MSG("Bad arguments"); - ret = 0; - } - - /* Check for obvious invalid values. */ - if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) || - wolfSSL_BN_is_one(priv_key)) { - WOLFSSL_MSG("Invalid private key value"); - ret = 0; - } - - if (ret == 1) { - /* Free key if previously set. */ - if (key->priv_key != NULL) { - wolfSSL_BN_free(key->priv_key); - } - - /* Duplicate the BN passed in. */ - key->priv_key = wolfSSL_BN_dup(priv_key); - if (key->priv_key == NULL) { - WOLFSSL_MSG("key ecc priv key NULL"); - ret = 0; - } - } - /* Set the external values into internal EC key. */ - if ((ret == 1) && (SetECKeyInternal(key) != 1)) { - WOLFSSL_MSG("SetECKeyInternal failed"); - /* Dispose of new private key on error. */ - wolfSSL_BN_free(key->priv_key); - key->priv_key = NULL; - ret = 0; - } - - return ret; -} - -/* Get the public key EC point object that is in EC key. - * - * @param [in] key EC key. - * @return EC point object that is the public key on success. - * @return NULL when key is NULL. - */ -WOLFSSL_EC_POINT* wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key) -{ - WOLFSSL_EC_POINT* pub_key = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key"); - - if (key != NULL) { - pub_key = key->pub_key; - } - - return pub_key; -} - -/* - * Return code compliant with OpenSSL. - * - * @param [in, out] key EC key. - * @param [in] pub Public key as an EC point. - * @return 1 on success - * @return 0 on failure. - */ -int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, - const WOLFSSL_EC_POINT *pub) -{ - int ret = 1; - ecc_point *pub_p = NULL; - ecc_point *key_p = NULL; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key"); - - /* Validate parameters. */ - if ((key == NULL) || (key->internal == NULL) || (pub == NULL) || - (pub->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_KEY_set_public_key Bad arguments"); - ret = 0; - } - - /* Ensure the internal EC key is set. */ - if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(key) != 1)) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = 0; - } - - /* Ensure the internal EC point of pub is setup. */ - if ((ret == 1) && (ec_point_setup(pub) != 1)) { - ret = 0; - } - - if (ret == 1) { - /* Get the internal point of pub and the public key in key. */ - pub_p = (ecc_point*)pub->internal; - key_p = (ecc_point*)key->pub_key->internal; - - /* Create new point if required. */ - if (key_p == NULL) { - key_p = wc_ecc_new_point(); - key->pub_key->internal = (void*)key_p; - } - /* Check point available. */ - if (key_p == NULL) { - WOLFSSL_MSG("key ecc point NULL"); - ret = 0; - } - } - - /* Copy the internal pub point into internal key point. */ - if ((ret == 1) && (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY)) { - WOLFSSL_MSG("ecc_copy_point failure"); - ret = 0; - } - - /* Copy the internal point data into external. */ - if ((ret == 1) && (ec_point_external_set(key->pub_key) != 1)) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = 0; - } - - /* Copy the internal key into external. */ - if ((ret == 1) && (SetECKeyInternal(key) != 1)) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = 0; - } - - if (ret == 1) { - /* Dump out the point and the key's public key for debug. */ - wolfSSL_EC_POINT_dump("pub", pub); - wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key); - } - - return ret; -} - -#ifndef NO_WOLFSSL_STUB -/* Set the ASN.1 encoding flag against the EC key. - * - * No implementation as only named curves supported for encoding. - * - * @param [in, out] key EC key. - * @param [in] flag ASN.1 flag to set. Valid values: - * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE - */ -void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag) -{ - (void)key; - (void)asn1_flag; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag"); - WOLFSSL_STUB("EC_KEY_set_asn1_flag"); -} -#endif - -/* - * EC key generate key APIs - */ - -/* Generate an EC key. - * - * Uses the internal curve index set in the EC key or the default. - * - * @param [in, out] key EC key. - * @return 1 on success - * @return 0 on failure. - */ -int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) -{ - int res = 1; - int initTmpRng = 0; - WC_RNG* rng = NULL; - WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0); - - WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); - - /* Validate parameters. */ - if ((key == NULL) || (key->internal == NULL) || (key->group == NULL)) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments"); - res = 0; - } - if (res == 1) { - /* Check if we know which internal curve index to use. */ - if (key->group->curve_idx < 0) { - /* Generate key using the default curve. */ -#if FIPS_VERSION3_GE(6,0,0) - key->group->curve_idx = ECC_SECP256R1; /* FIPS default to 256 */ -#else - key->group->curve_idx = ECC_CURVE_DEF; -#endif - } - - /* Create a random number generator. */ - rng = wolfssl_make_rng(tmpRng, &initTmpRng); - if (rng == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); - res = 0; - } - } - if (res == 1) { - /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid - * is 0 then pass ECC_CURVE_DEF as arg */ - int eccEnum = key->group->curve_nid ? -#if FIPS_VERSION3_GE(6,0,0) - NIDToEccEnum(key->group->curve_nid) : ECC_SECP256R1; -#else - NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF; -#endif - /* Get the internal EC key. */ - ecc_key* ecKey = (ecc_key*)key->internal; - /* Make the key using internal API. */ - int ret = 0; - -#if FIPS_VERSION3_GE(6,0,0) - /* In the case of FIPS only allow key generation with approved curves */ - if (eccEnum != ECC_SECP256R1 && eccEnum != ECC_SECP224R1 && - eccEnum != ECC_SECP384R1 && eccEnum != ECC_SECP521R1) { - WOLFSSL_MSG("Unsupported curve selected in FIPS mode"); - res = 0; - } - if (res == 1) { -#endif - ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum); -#if FIPS_VERSION3_GE(6,0,0) - } -#endif - - #if defined(WOLFSSL_ASYNC_CRYPT) - /* Wait on asynchronouse operation. */ - ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE); - #endif - if (ret != 0) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed"); - res = 0; - } - } - - /* Dispose of local random number generator if initialized. */ - if (initTmpRng) { - wc_FreeRng(rng); - WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG); - } - - /* Set the external key from new internal key values. */ - if ((res == 1) && (SetECKeyExternal(key) != 1)) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed"); - res = 0; - } - - return res; -} - -/* - * EC key check key APIs - */ - -/* Check that the EC key is valid. - * - * @param [in] key EC key. - * @return 1 on valid. - * @return 0 on invalid or error. - */ -int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key) -{ - int ret = 1; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_check_key"); - - /* Validate parameter. */ - if ((key == NULL) || (key->internal == NULL)) { - WOLFSSL_MSG("Bad parameter"); - ret = 0; - } - - /* Set the external EC key values into internal if not already. */ - if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal( - (WOLFSSL_EC_KEY*)key) != 1)) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = 0; - } - - if (ret == 1) { - /* Have internal EC implementation check key. */ - ret = wc_ecc_check_key((ecc_key*)key->internal) == 0; - } - - return ret; -} - -/* End EC_KEY */ - -#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) -/* Get the supported, built-in EC curves - * - * @param [in, out] curves Pre-allocated list to put supported curves into. - * @param [in] len Maximum number of items to place in list. - * @return Number of built-in EC curves when curves is NULL or len is 0. - * @return Number of items placed in list otherwise. - */ -size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *curves, - size_t len) -{ - size_t i; - size_t cnt; -#ifdef HAVE_SELFTEST - /* Defined in ecc.h when available. */ - size_t ecc_sets_count; - - /* Count the pre-defined curves since global not available. */ - for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) { - /* Do nothing. */ - } - ecc_sets_count = i; -#endif - - /* Assume we are going to return total count. */ - cnt = ecc_sets_count; - /* Check we have a list that can hold data. */ - if ((curves != NULL) && (len != 0)) { - /* Limit count to length of list. */ - if (cnt > len) { - cnt = len; - } - - /* Put in built-in EC curve nid and short name. */ - for (i = 0; i < cnt; i++) { - curves[i].nid = EccEnumToNID(ecc_sets[i].id); - curves[i].comment = wolfSSL_OBJ_nid2sn(curves[i].nid); - } - } - - return cnt; -} -#endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ - -/* Start ECDSA_SIG */ - -/* Allocate a new ECDSA signature object. - * - * @return New, allocated ECDSA signature object on success. - * @return NULL on error. - */ -WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void) -{ - int err = 0; - WOLFSSL_ECDSA_SIG *sig; - - WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new"); - - /* Allocate memory for ECDSA signature object. */ - sig = (WOLFSSL_ECDSA_SIG*)XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, - DYNAMIC_TYPE_ECC); - if (sig == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure"); - err = 1; - } - - if (!err) { - /* Set s to NULL in case of error. */ - sig->s = NULL; - /* Allocate BN into r. */ - sig->r = wolfSSL_BN_new(); - if (sig->r == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure"); - err = 1; - } - } - if (!err) { - /* Allocate BN into s. */ - sig->s = wolfSSL_BN_new(); - if (sig->s == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure"); - err = 1; - } - } - - if (err && (sig != NULL)) { - /* Dispose of allocated memory. */ - wolfSSL_ECDSA_SIG_free(sig); - sig = NULL; - } - return sig; -} - -/* Dispose of ECDSA signature object. - * - * Cannot use object after this call. - * - * @param [in] sig ECDSA signature object to free. - */ -void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig) -{ - WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free"); - - if (sig != NULL) { - /* Dispose of BNs allocated for r and s. */ - wolfSSL_BN_free(sig->r); - wolfSSL_BN_free(sig->s); - - /* Dispose of memory associated with ECDSA signature object. */ - XFREE(sig, NULL, DYNAMIC_TYPE_ECC); - } -} - -/* Create an ECDSA signature from the DER encoding. - * - * @param [in, out] sig Reference to ECDSA signature object. May be NULL. - * @param [in, out] pp On in, reference to buffer containing DER encoding. - * On out, reference to buffer after signature data. - * @param [in] len Length of the data in the buffer. May be more than - * the length of the signature. - * @return ECDSA signature object on success. - * @return NULL on error. - */ -WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig, - const unsigned char** pp, long len) -{ - int err = 0; - /* ECDSA signature object to return. */ - WOLFSSL_ECDSA_SIG *s = NULL; - - /* Validate parameter. */ - if (pp == NULL) { - err = 1; - } - if (!err) { - if (sig != NULL) { - /* Use the ECDSA signature object passed in. */ - s = *sig; - } - if (s == NULL) { - /* No ECDSA signature object passed in - create a new one. */ - s = wolfSSL_ECDSA_SIG_new(); - if (s == NULL) { - err = 1; - } - } - } - if (!err) { - /* DecodeECC_DSA_Sig calls mp_init, so free these. */ - mp_free((mp_int*)s->r->internal); - mp_free((mp_int*)s->s->internal); - - /* Decode the signature into internal r and s fields. */ - if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal, - (mp_int*)s->s->internal) != MP_OKAY) { - err = 1; - } - } - - if (!err) { - /* Move pointer passed signature data successfully decoded. */ - *pp += wolfssl_der_length(*pp, (int)len); - if (sig != NULL) { - /* Update reference to ECDSA signature object. */ - *sig = s; - } - } - - /* Dispose of newly allocated object on error. */ - if (err) { - if ((s != NULL) && ((sig == NULL) || (*sig != s))) { - wolfSSL_ECDSA_SIG_free(s); - } - /* Return NULL for object on error. */ - s = NULL; - } - return s; -} - -/* Encode the ECDSA signature as DER. - * - * @param [in] sig ECDSA signature object. - * @param [in, out] pp On in, reference to buffer in which to place encoding. - * On out, reference to buffer after encoding. - * May be NULL or point to NULL in which case no encoding - * is done. - * @return Length of encoding on success. - * @return 0 on error. - */ -int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) -{ - word32 len = 0; - int update_p = 1; - - /* Validate parameter. */ - if (sig != NULL) { - /* ASN.1: SEQ + INT + INT - * ASN.1 Integer must be a positive value - prepend zero if number has - * top bit set. - */ - /* Get total length of r including any prepended zero. */ - word32 rLen = (word32)(mp_leading_bit((mp_int*)sig->r->internal) + - mp_unsigned_bin_size((mp_int*)sig->r->internal)); - /* Get total length of s including any prepended zero. */ - word32 sLen = (word32)(mp_leading_bit((mp_int*)sig->s->internal) + - mp_unsigned_bin_size((mp_int*)sig->s->internal)); - /* Calculate length of data in sequence. */ - len = (word32)1 + ASN_LEN_SIZE(rLen) + rLen + - (word32)1 + ASN_LEN_SIZE(sLen) + sLen; - /* Add in the length of the SEQUENCE. */ - len += (word32)1 + ASN_LEN_SIZE(len); - - #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC - if ((pp != NULL) && (*pp == NULL)) { - *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); - if (*pp != NULL) { - WOLFSSL_MSG("malloc error"); - return 0; - } - update_p = 0; - } - #endif - - /* Encode only if there is a buffer to encode into. */ - if ((pp != NULL) && (*pp != NULL)) { - /* Encode using the internal representations of r and s. */ - if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal, - (mp_int*)sig->s->internal) != MP_OKAY) { - /* No bytes encoded. */ - len = 0; - } - else if (update_p) { - /* Update pointer to after encoding. */ - *pp += len; - } - } - } - - return (int)len; -} - -/* Get the pointer to the fields of the ECDSA signature. - * - * r and s untouched when sig is NULL. - * - * @param [in] sig ECDSA signature object. - * @param [out] r R field of ECDSA signature as a BN. May be NULL. - * @param [out] s S field of ECDSA signature as a BN. May be NULL. - */ -void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig, - const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s) -{ - /* Validate parameter. */ - if (sig != NULL) { - /* Return the r BN when pointer to return through. */ - if (r != NULL) { - *r = sig->r; - } - /* Return the s BN when pointer to return through. */ - if (s != NULL) { - *s = sig->s; - } - } -} - -/* Set the pointers to the fields of the ECDSA signature. - * - * @param [in, out] sig ECDSA signature object to update. - * @param [in] r R field of ECDSA signature as a BN. - * @param [in] s S field of ECDSA signature as a BN. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r, - WOLFSSL_BIGNUM* s) -{ - int ret = 1; - - /* Validate parameters. */ - if ((sig == NULL) || (r == NULL) || (s == NULL)) { - ret = 0; - } - - if (ret == 1) { - /* Dispose of old BN objects. */ - wolfSSL_BN_free(sig->r); - wolfSSL_BN_free(sig->s); - - /* Assign new BN objects. */ - sig->r = r; - sig->s = s; - } - - return ret; -} - -/* End ECDSA_SIG */ - -/* Start ECDSA */ - -/* Calculate maximum size of the DER encoded ECDSA signature for the curve. - * - * @param [in] key EC key. - * @return Size of DER encoded signature on success. - * @return 0 on error. - */ -int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key) -{ - int err = 0; - int len = 0; - const WOLFSSL_EC_GROUP *group = NULL; - int bits = 0; - - /* Validate parameter. */ - if (key == NULL) { - err = 1; - } - - /* Get group from key to get order bits. */ - if ((!err) && ((group = wolfSSL_EC_KEY_get0_group(key)) == NULL)) { - err = 1; - } - /* Get order bits of group. */ - if ((!err) && ((bits = wolfSSL_EC_GROUP_order_bits(group)) == 0)) { - /* Group is not set. */ - err = 1; - } - - if (!err) { - /* r and s are mod order. */ - int bytes = (bits + 7) / 8; /* Bytes needed to hold bits. */ - len = SIG_HEADER_SZ + /* 2*ASN_TAG + 2*LEN(ENUM) */ - ECC_MAX_PAD_SZ + /* possible leading zeroes in r and s */ - bytes + bytes; /* max r and s in bytes */ - } - - return len; -} - -/* Create ECDSA signature by signing digest with key. - * - * @param [in] dgst Digest to sign. - * @param [in] dLen Length of digest in bytes. - * @param [in] key EC key to sign with. - * @return ECDSA signature object on success. - * @return NULL on error. - */ -WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dLen, - WOLFSSL_EC_KEY *key) -{ - int err = 0; - WOLFSSL_ECDSA_SIG *sig = NULL; - WC_DECLARE_VAR(out, byte, ECC_BUFSIZE, 0); - unsigned int outLen = ECC_BUFSIZE; - - WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); - - /* Validate parameters. */ - if ((dgst == NULL) || (key == NULL) || (key->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments"); - err = 1; - } - - /* Ensure internal EC key is set from external. */ - if ((!err) && (key->inSet == 0)) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it"); - - if (SetECKeyInternal(key) != 1) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed"); - err = 1; - } - } - -#ifdef WOLFSSL_SMALL_STACK - if (!err) { - /* Allocate buffer to hold encoded signature. */ - out = (byte*)XMALLOC(outLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (out == NULL) { - err = 1; - } - } -#endif - - /* Sign the digest with the key to create encoded ECDSA signature. */ - if ((!err) && (wolfSSL_ECDSA_sign(0, dgst, dLen, out, &outLen, key) != 1)) { - err = 1; - } - - if (!err) { - const byte* p = out; - /* Decode the ECDSA signature into a new object. */ - sig = wolfSSL_d2i_ECDSA_SIG(NULL, &p, outLen); - } - - WC_FREE_VAR_EX(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - return sig; -} - -/* Verify ECDSA signature in the object using digest and key. - * - * Return code compliant with OpenSSL. - * - * @param [in] dgst Digest to verify. - * @param [in] dLen Length of the digest in bytes. - * @param [in] sig ECDSA signature object. - * @param [in] key EC key containing public key. - * @return 1 when signature is valid. - * @return 0 when signature is invalid. - * @return -1 on error. - */ -int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, - const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key) -{ - int ret = 1; - int verified = 0; -#ifdef WOLF_CRYPTO_CB_ONLY_ECC - byte signature[ECC_MAX_SIG_SIZE]; - int signatureLen; - byte* p = signature; -#endif - - WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify"); - - /* Validate parameters. */ - if ((dgst == NULL) || (sig == NULL) || (key == NULL) || - (key->internal == NULL)) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); - ret = WOLFSSL_FATAL_ERROR; - } - - /* Ensure internal EC key is set from external. */ - if ((ret == 1) && (key->inSet == 0)) { - WOLFSSL_MSG("No EC key internal set, do it"); - - if (SetECKeyInternal(key) != 1) { - WOLFSSL_MSG("SetECKeyInternal failed"); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 1) { -#ifndef WOLF_CRYPTO_CB_ONLY_ECC - /* Verify hash using digest, r and s as MP ints and internal EC key. */ - if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, - (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified, - (ecc_key *)key->internal) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = WOLFSSL_FATAL_ERROR; - } - else if (verified == 0) { - WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); - ret = 0; - } -#else - signatureLen = i2d_ECDSA_SIG(sig, &p); - if (signatureLen > 0) { - /* verify hash. expects to call wc_CryptoCb_EccVerify internally */ - ret = wc_ecc_verify_hash(signature, signatureLen, dgst, - (word32)dLen, &verified, (ecc_key*)key->internal); - if (ret != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = WOLFSSL_FATAL_ERROR; - } - else if (verified == 0) { - WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); - ret = 0; - } - } -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ - } - - return ret; -} - -/* Sign the digest with the key to produce a DER encode signature. - * - * @param [in] type Digest algorithm used to create digest. Unused. - * @param [in] digest Digest of the message to sign. - * @param [in] digestSz Size of the digest in bytes. - * @param [out] sig Buffer to hold signature. - * @param [in, out] sigSz On in, size of buffer in bytes. - * On out, size of signatre in bytes. - * @param [in] key EC key containing private key. - * @return 1 on success. - * @return 0 on error. - */ -int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz, - unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key) -{ - int ret = 1; - WC_RNG* rng = NULL; - WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0); - int initTmpRng = 0; - - WOLFSSL_ENTER("wolfSSL_ECDSA_sign"); - - /* Digest algorithm not used in DER encoding. */ - (void)type; - - /* Validate parameters. */ - if (key == NULL) { - ret = 0; - } - - if (ret == 1) { - /* Make an RNG - create local or get global. */ - rng = wolfssl_make_rng(tmpRng, &initTmpRng); - if (rng == NULL) { - ret = 0; - } - } - /* Sign the digest with the key using the RNG and put signature into buffer - * update sigSz to be actual length. - */ - if ((ret == 1) && (wc_ecc_sign_hash(digest, (word32)digestSz, sig, sigSz, - rng, (ecc_key*)key->internal) != 0)) { - ret = 0; - } - - if (initTmpRng) { - wc_FreeRng(rng); - WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG); - } - - return ret; -} - -/* Verify the signature with the digest and key. - * - * @param [in] type Digest algorithm used to create digest. Unused. - * @param [in] digest Digest of the message to verify. - * @param [in] digestSz Size of the digest in bytes. - * @param [in] sig Buffer holding signature. - * @param [in] sigSz Size of signature data in bytes. - * @param [in] key EC key containing public key. - * @return 1 when signature is valid. - * @return 0 when signature is invalid or error. - */ -int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz, - const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key) -{ - int ret = 1; - int verify = 0; - - WOLFSSL_ENTER("wolfSSL_ECDSA_verify"); - - /* Digest algorithm not used in DER encoding. */ - (void)type; - - /* Validate parameters. */ - if (key == NULL) { - ret = 0; - } - - /* Verify signature using digest and key. */ - if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest, - (word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) { - ret = 0; - } - /* When no error, verification may still have failed - check now. */ - if ((ret == 1) && (verify != 1)) { - WOLFSSL_MSG("wolfSSL_ECDSA_verify failed"); - ret = 0; - } - - return ret; -} - -/* End ECDSA */ - -/* Start ECDH */ - -#ifndef WOLF_CRYPTO_CB_ONLY_ECC -/* Compute the shared secret (key) using ECDH. - * - * KDF not supported. - * - * Return code compliant with OpenSSL. - * - * @param [out] out Buffer to hold key. - * @param [in] outLen Length of buffer in bytes. - * @param [in] pubKey Public key as an EC point. - * @param [in] privKey EC key holding a private key. - * @param [in] kdf Key derivation function to apply to secret. - * @return Length of computed key on success - * @return 0 on error. - */ -int wolfSSL_ECDH_compute_key(void *out, size_t outLen, - const WOLFSSL_EC_POINT *pubKey, WOLFSSL_EC_KEY *privKey, - void *(*kdf) (const void *in, size_t inlen, void *out, size_t *outLen)) -{ - int err = 0; - word32 len = 0; - ecc_key* key = NULL; -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) - int setGlobalRNG = 0; -#endif - - /* TODO: support using the KDF. */ - (void)kdf; - - WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); - - /* Validate parameters. */ - if ((out == NULL) || (pubKey == NULL) || (pubKey->internal == NULL) || - (privKey == NULL) || (privKey->internal == NULL)) { - WOLFSSL_MSG("Bad function arguments"); - err = 1; - } - - /* Ensure internal EC key is set from external. */ - if ((!err) && (privKey->inSet == 0)) { - WOLFSSL_MSG("No EC key internal set, do it"); - - if (SetECKeyInternal(privKey) != 1) { - WOLFSSL_MSG("SetECKeyInternal failed"); - err = 1; - } - } - - if (!err) { - int ret; - - /* Get the internal key. */ - key = (ecc_key*)privKey->internal; - /* Set length into variable of type suitable for wolfSSL API. */ - len = (word32)outLen; - - #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) - /* An RNG is needed. */ - if (key->rng == NULL) { - key->rng = wolfssl_make_global_rng(); - /* RNG set and needs to be unset. */ - setGlobalRNG = 1; - } - #endif - - PRIVATE_KEY_UNLOCK(); - /* Create secret using wolfSSL. */ - ret = wc_ecc_shared_secret_ex(key, (ecc_point*)pubKey->internal, - (byte *)out, &len); - PRIVATE_KEY_LOCK(); - if (ret != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_shared_secret failed"); - err = 1; - } - } - -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) - /* Remove global from key. */ - if (setGlobalRNG) { - key->rng = NULL; - } -#endif - - if (err) { - /* Make returned value zero. */ - len = 0; - } - return (int)len; -} -#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ - -/* End ECDH */ - -#ifndef NO_WOLFSSL_STUB -const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_OpenSSL"); - - return NULL; -} - -WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new( - const WOLFSSL_EC_KEY_METHOD *meth) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_new"); - - (void)meth; - - return NULL; -} - -void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_free"); - - (void)meth; -} - -void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth, - void* a1, void* a2, void* a3, void* a4, void* a5, void* a6) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_init"); - - (void)meth; - (void)a1; - (void)a2; - (void)a3; - (void)a4; - (void)a5; - (void)a6; -} - -void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth, - void* a1, void* a2, void* a3) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_sign"); - - (void)meth; - (void)a1; - (void)a2; - (void)a3; -} - -const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method( - const WOLFSSL_EC_KEY *key) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_get_method"); - - (void)key; - - return NULL; -} - -int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key, - const WOLFSSL_EC_KEY_METHOD *meth) -{ - WOLFSSL_STUB("wolfSSL_EC_KEY_set_method"); - - (void)key; - (void)meth; - - return 0; -} - -#endif /* !NO_WOLFSSL_STUB */ - -#endif /* OPENSSL_EXTRA */ - -#endif /* HAVE_ECC */ - -/******************************************************************************* - * END OF EC API - ******************************************************************************/ /******************************************************************************* * START OF EC25519 API @@ -15428,11 +6015,11 @@ break; #endif /* WOLFSSL_KEY_GEN && !NO_RSA */ #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && \ - (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)) + defined(WOLFSSL_KEY_GEN) case WC_EVP_PKEY_DSA: ret = wolfSSL_PEM_write_bio_DSA_PUBKEY(bio, key->dsa); break; -#endif /* !NO_DSA && !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ +#endif /* !NO_DSA && !HAVE_SELFTEST && defined(WOLFSSL_KEY_GEN) */ #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) case WC_EVP_PKEY_EC: @@ -16529,7 +7116,8 @@ if (res == 1) { /* Guestimate key size and PEM size. */ - if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (pkcs8_encode(pkey, NULL, &keySz) != + WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { res = 0; } } @@ -16721,4 +7309,3 @@ ******************************************************************************/ #endif /* !WOLFSSL_PK_INCLUDED */ - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk_ec.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_ec.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk_ec.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_ec.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,5613 @@ +/* pk_ec.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include +#ifndef WC_NO_RNG + #include +#endif + +#ifdef HAVE_ECC + #include + #ifdef HAVE_SELFTEST + /* point compression types. */ + #define ECC_POINT_COMP_EVEN 0x02 + #define ECC_POINT_COMP_ODD 0x03 + #define ECC_POINT_UNCOMP 0x04 + #endif +#endif +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + +#if !defined(WOLFSSL_PK_EC_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning pk_ec.c does not need to be compiled separately from ssl.c + #endif +#else + +/******************************************************************************* + * START OF EC API + ******************************************************************************/ + +#ifdef HAVE_ECC + +#if defined(OPENSSL_EXTRA) + +/* Start EC_curve */ + +/* Get the NIST name for the numeric ID. + * + * @param [in] nid Numeric ID of an EC curve. + * @return String representing NIST name of EC curve on success. + * @return NULL on error. + */ +const char* wolfSSL_EC_curve_nid2nist(int nid) +{ + const char* name = NULL; + const WOLF_EC_NIST_NAME* nist_name; + + /* Attempt to find the curve info matching the NID passed in. */ + for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { + if (nist_name->nid == nid) { + /* NID found - return name. */ + name = nist_name->name; + break; + } + } + + return name; +} + +/* Get the numeric ID for the NIST name. + * + * @param [in] name NIST name of EC curve. + * @return NID matching NIST name on success. + * @return 0 on error. + */ +int wolfSSL_EC_curve_nist2nid(const char* name) +{ + int nid = 0; + const WOLF_EC_NIST_NAME* nist_name; + + /* Attempt to find the curve info matching the NIST name passed in. */ + for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { + if (XSTRCMP(nist_name->name, name) == 0) { + /* Name found - return NID. */ + nid = nist_name->nid; + break; + } + } + + return nid; +} + +#endif /* OPENSSL_EXTRA */ + +/* End EC_curve */ + +/* Start EC_METHOD */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Get the EC method of the EC group object. + * + * wolfSSL doesn't use method tables. Implementation used is dependent upon + * the NID. + * + * @param [in] group EC group object. + * @return EC method. + */ +const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of( + const WOLFSSL_EC_GROUP *group) +{ + /* No method table used so just return the same object. */ + return group; +} + +/* Get field type for method. + * + * Only prime fields are supported. + * + * @param [in] meth EC method. + * @return X9.63 prime field NID on success. + * @return 0 on error. + */ +int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth) +{ + int nid = 0; + + if (meth != NULL) { + /* Only field type supported by code base. */ + nid = WC_NID_X9_62_prime_field; + } + + return nid; +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +/* End EC_METHOD */ + +/* Start EC_GROUP */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Converts ECC curve enum values in ecc_curve_id to the associated OpenSSL NID + * value. + * + * @param [in] n ECC curve id. + * @return ECC curve NID (OpenSSL compatible value). + */ +int EccEnumToNID(int n) +{ + WOLFSSL_ENTER("EccEnumToNID"); + + switch(n) { + case ECC_SECP192R1: + return WC_NID_X9_62_prime192v1; + case ECC_PRIME192V2: + return WC_NID_X9_62_prime192v2; + case ECC_PRIME192V3: + return WC_NID_X9_62_prime192v3; + case ECC_PRIME239V1: + return WC_NID_X9_62_prime239v1; + case ECC_PRIME239V2: + return WC_NID_X9_62_prime239v2; + case ECC_PRIME239V3: + return WC_NID_X9_62_prime239v3; + case ECC_SECP256R1: + return WC_NID_X9_62_prime256v1; + case ECC_SECP112R1: + return WC_NID_secp112r1; + case ECC_SECP112R2: + return WC_NID_secp112r2; + case ECC_SECP128R1: + return WC_NID_secp128r1; + case ECC_SECP128R2: + return WC_NID_secp128r2; + case ECC_SECP160R1: + return WC_NID_secp160r1; + case ECC_SECP160R2: + return WC_NID_secp160r2; + case ECC_SECP224R1: + return WC_NID_secp224r1; + case ECC_SECP384R1: + return WC_NID_secp384r1; + case ECC_SECP521R1: + return WC_NID_secp521r1; + case ECC_SECP160K1: + return WC_NID_secp160k1; + case ECC_SECP192K1: + return WC_NID_secp192k1; + case ECC_SECP224K1: + return WC_NID_secp224k1; + case ECC_SECP256K1: + return WC_NID_secp256k1; + case ECC_BRAINPOOLP160R1: + return WC_NID_brainpoolP160r1; + case ECC_BRAINPOOLP192R1: + return WC_NID_brainpoolP192r1; + case ECC_BRAINPOOLP224R1: + return WC_NID_brainpoolP224r1; + case ECC_BRAINPOOLP256R1: + return WC_NID_brainpoolP256r1; + case ECC_BRAINPOOLP320R1: + return WC_NID_brainpoolP320r1; + case ECC_BRAINPOOLP384R1: + return WC_NID_brainpoolP384r1; + case ECC_BRAINPOOLP512R1: + return WC_NID_brainpoolP512r1; + #ifdef WOLFSSL_SM2 + case ECC_SM2P256V1: + return WC_NID_sm2; + #endif + default: + WOLFSSL_MSG("NID not found"); + return WOLFSSL_FATAL_ERROR; + } +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +/* Converts OpenSSL NID of EC curve to the enum value in ecc_curve_id + * + * Used by ecc_sets[]. + * + * @param [in] n OpenSSL NID of EC curve. + * @return wolfCrypt EC curve id. + * @return -1 on error. + */ +int NIDToEccEnum(int nid) +{ + int id; + + WOLFSSL_ENTER("NIDToEccEnum"); + + switch (nid) { + case WC_NID_X9_62_prime192v1: + id = ECC_SECP192R1; + break; + case WC_NID_X9_62_prime192v2: + id = ECC_PRIME192V2; + break; + case WC_NID_X9_62_prime192v3: + id = ECC_PRIME192V3; + break; + case WC_NID_X9_62_prime239v1: + id = ECC_PRIME239V1; + break; + case WC_NID_X9_62_prime239v2: + id = ECC_PRIME239V2; + break; + case WC_NID_X9_62_prime239v3: + id = ECC_PRIME239V3; + break; + case WC_NID_X9_62_prime256v1: + id = ECC_SECP256R1; + break; + case WC_NID_secp112r1: + id = ECC_SECP112R1; + break; + case WC_NID_secp112r2: + id = ECC_SECP112R2; + break; + case WC_NID_secp128r1: + id = ECC_SECP128R1; + break; + case WC_NID_secp128r2: + id = ECC_SECP128R2; + break; + case WC_NID_secp160r1: + id = ECC_SECP160R1; + break; + case WC_NID_secp160r2: + id = ECC_SECP160R2; + break; + case WC_NID_secp224r1: + id = ECC_SECP224R1; + break; + case WC_NID_secp384r1: + id = ECC_SECP384R1; + break; + case WC_NID_secp521r1: + id = ECC_SECP521R1; + break; + case WC_NID_secp160k1: + id = ECC_SECP160K1; + break; + case WC_NID_secp192k1: + id = ECC_SECP192K1; + break; + case WC_NID_secp224k1: + id = ECC_SECP224K1; + break; + case WC_NID_secp256k1: + id = ECC_SECP256K1; + break; + case WC_NID_brainpoolP160r1: + id = ECC_BRAINPOOLP160R1; + break; + case WC_NID_brainpoolP192r1: + id = ECC_BRAINPOOLP192R1; + break; + case WC_NID_brainpoolP224r1: + id = ECC_BRAINPOOLP224R1; + break; + case WC_NID_brainpoolP256r1: + id = ECC_BRAINPOOLP256R1; + break; + case WC_NID_brainpoolP320r1: + id = ECC_BRAINPOOLP320R1; + break; + case WC_NID_brainpoolP384r1: + id = ECC_BRAINPOOLP384R1; + break; + case WC_NID_brainpoolP512r1: + id = ECC_BRAINPOOLP512R1; + break; + default: + WOLFSSL_MSG("NID not found"); + /* -1 on error. */ + id = WOLFSSL_FATAL_ERROR; + } + + return id; +} + +/* Set the fields of the EC group based on numeric ID. + * + * @param [in, out] group EC group. + * @param [in] nid Numeric ID of an EC curve. + */ +static void ec_group_set_nid(WOLFSSL_EC_GROUP* group, int nid) +{ + int eccEnum; + int realNid; + + /* Convert ecc_curve_id enum to NID. */ + if ((realNid = EccEnumToNID(nid)) != -1) { + /* ecc_curve_id enum passed in - have real NID value set. */ + eccEnum = nid; + } + else { + /* NID passed in is OpenSSL type. */ + realNid = nid; + /* Convert NID to ecc_curve_id enum. */ + eccEnum = NIDToEccEnum(nid); + } + + /* Set the numeric ID of the curve */ + group->curve_nid = realNid; + /* Initialize index to -1 (i.e. wolfCrypt doesn't support curve). */ + group->curve_idx = -1; + + /* Find index and OID sum for curve if wolfCrypt supports it. */ + if (eccEnum != -1) { + int i; + + /* Find id and set the internal curve idx and OID sum. */ + for (i = 0; ecc_sets[i].size != 0; i++) { + if (ecc_sets[i].id == eccEnum) { + /* Found id in wolfCrypt supported EC curves. */ + group->curve_idx = i; + group->curve_oid = (int)ecc_sets[i].oidSum; + break; + } + } + } +} + +/* Create a new EC group with the numeric ID for an EC curve. + * + * @param [in] nid Numeric ID of an EC curve. + * @return New, allocated EC group on success. + * @return NULL on error. + */ +WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_new_by_curve_name(int nid) +{ + int err = 0; + WOLFSSL_EC_GROUP* group; + + WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); + + /* Allocate EC group. */ + group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, + DYNAMIC_TYPE_ECC); + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); + err = 1; + } + + if (!err) { + /* Reset all fields. */ + XMEMSET(group, 0, sizeof(WOLFSSL_EC_GROUP)); + + /* Set the fields of group based on the numeric ID. */ + ec_group_set_nid(group, nid); + } + + return group; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Dispose of the EC group. + * + * Cannot use group after this call. + * + * @param [in] group EC group to free. + */ +void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) +{ + WOLFSSL_ENTER("wolfSSL_EC_GROUP_free"); + + /* Dispose of EC group. */ + XFREE(group, NULL, DYNAMIC_TYPE_ECC); +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#ifdef OPENSSL_EXTRA +#ifndef NO_BIO + +/* Creates an EC group from the DER encoding. + * + * Only named curves supported. + * + * @param [out] group Reference to EC group object. + * @param [in] in Buffer holding DER encoding of curve. + * @param [in] inSz Length of data in buffer. + * @return EC group on success. + * @return NULL on error. + */ +static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group, + const unsigned char** in_pp, long inSz) +{ + int err = 0; + WOLFSSL_EC_GROUP* ret = NULL; + word32 idx = 0; + word32 oid = 0; + int id = 0; + const unsigned char* in; + + if (in_pp == NULL || *in_pp == NULL) + return NULL; + + in = *in_pp; + + /* Use the group passed in. */ + if ((group != NULL) && (*group != NULL)) { + ret = *group; + } + + /* Only support named curves. */ + if (in[0] != ASN_OBJECT_ID) { + WOLFSSL_ERROR_MSG("Invalid or unsupported encoding"); + err = 1; + } + /* Decode the OBJECT ID - expecting an EC curve OID. */ + if ((!err) && (GetObjectId(in, &idx, &oid, oidCurveType, (word32)inSz) != + 0)) { + err = 1; + } + if (!err) { + /* Get the internal ID for OID. */ + id = wc_ecc_get_oid(oid, NULL, NULL); + if (id < 0) { + err = 1; + } + } + if (!err) { + /* Get the NID for the internal ID. */ + int nid = EccEnumToNID(id); + if (ret == NULL) { + /* Create a new EC group with the numeric ID. */ + ret = wolfSSL_EC_GROUP_new_by_curve_name(nid); + if (ret == NULL) { + err = 1; + } + } + else { + ec_group_set_nid(ret, nid); + } + } + if ((!err) && (group != NULL)) { + /* Return the EC group through reference. */ + *group = ret; + } + + if (err) { + if ((ret != NULL) && (ret != *group)) { + wolfSSL_EC_GROUP_free(ret); + } + ret = NULL; + } + else { + *in_pp += idx; + } + return ret; +} + +/* Creates a new EC group from the PEM encoding in the BIO. + * + * @param [in] bio BIO to read PEM encoding from. + * @param [out] group Reference to EC group object. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * @return EC group on success. + * @return NULL on error. + */ +WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, + WOLFSSL_EC_GROUP** group, wc_pem_password_cb* cb, void* pass) +{ + int err = 0; + WOLFSSL_EC_GROUP* ret = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + if (bio == NULL) { + err = 1; + } + + /* Read parameters from BIO and convert PEM to DER. */ + if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PARAM_TYPE, + &keyFormat, &der) < 0)) { + err = 1; + } + if (!err) { + /* Create EC group from DER encoding. */ + const byte** p = (const byte**)&der->buffer; + ret = wolfssl_ec_group_d2i(group, p, der->length); + if (ret == NULL) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP"); + } + } + + /* Dispose of any allocated data. */ + FreeDer(&der); + return ret; +} + +WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, + const unsigned char **in, long len) +{ + return wolfssl_ec_group_d2i(out, in, len); +} + +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) +{ + unsigned char* out = NULL; + int len = 0; + int idx; + const byte* oid = NULL; + word32 oidSz = 0; + + if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || + grp->curve_idx < 0) + return WOLFSSL_FATAL_ERROR; + + /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid + * is just the numerical representation. */ + if (wc_ecc_get_oid((word32)grp->curve_oid, &oid, &oidSz) < 0) + return WOLFSSL_FATAL_ERROR; + + len = SetObjectId((int)oidSz, NULL) + (int)oidSz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = SetObjectId((int)oidSz, out); + XMEMCPY(out + idx, oid, oidSz); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} +#endif /* !NO_BIO */ + +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) +/* Copy an EC group. + * + * Only used by wolfSSL_EC_KEY_dup at this time. + * + * @param [in, out] dst Destination EC group. + * @param [in] src Source EC group. + * @return 0 on success. + */ +static int wolfssl_ec_group_copy(WOLFSSL_EC_GROUP* dst, + const WOLFSSL_EC_GROUP* src) +{ + /* Copy the fields. */ + dst->curve_idx = src->curve_idx; + dst->curve_nid = src->curve_nid; + dst->curve_oid = src->curve_oid; + + return 0; +} +#endif /* OPENSSL_ALL && !NO_CERTS */ + +/* Copies ecc_key into new WOLFSSL_EC_GROUP object + * + * @param [in] src EC group to duplicate. + * + * @return EC group on success. + * @return NULL on error. + */ +WOLFSSL_EC_GROUP* wolfSSL_EC_GROUP_dup(const WOLFSSL_EC_GROUP *src) +{ + WOLFSSL_EC_GROUP* newGroup = NULL; + + if (src != NULL) { + /* Create new group base on NID in original EC group. */ + newGroup = wolfSSL_EC_GROUP_new_by_curve_name(src->curve_nid); + } + + return newGroup; +} + +/* Compare two EC groups. + * + * Return code compliant with OpenSSL. + * + * @param [in] a First EC group. + * @param [in] b Second EC group. + * @param [in] ctx Big number context to use when comparing fields. Unused. + * + * @return 0 if equal. + * @return 1 if not equal. + * @return -1 on error. + */ +int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, + WOLFSSL_BN_CTX *ctx) +{ + int ret; + + /* No BN operations performed. */ + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp"); + + /* Validate parameters. */ + if ((a == NULL) || (b == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); + /* Return error value. */ + ret = WOLFSSL_FATAL_ERROR; + } + /* Compare NID and wolfSSL curve index. */ + else { + /* 0 when same, 1 when not. */ + ret = ((a->curve_nid == b->curve_nid) && + (a->curve_idx == b->curve_idx)) ? 0 : 1; + } + + return ret; +} + +#ifndef NO_WOLFSSL_STUB +/* Set the ASN.1 flag that indicate encoding of curve. + * + * Stub function - flag not used elsewhere. + * Always encoded as named curve. + * + * @param [in] group EC group to modify. + * @param [in] flag ASN.1 flag to set. Valid values: + * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE + */ +void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) +{ + (void)group; + (void)flag; + + WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag"); + WOLFSSL_STUB("EC_GROUP_set_asn1_flag"); +} +#endif + +/* Get the curve NID of the group. + * + * Return code compliant with OpenSSL. + * + * @param [in] group EC group. + * @return Curve NID on success. + * @return 0 on error. + */ +int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) +{ + int nid = 0; + WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name"); + + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments"); + } + else { + nid = group->curve_nid; + } + + return nid; +} + +/* Get the degree (curve size in bits) of the EC group. + * + * Return code compliant with OpenSSL. + * + * @return Degree of the curve on success. + * @return 0 on error. + */ +int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) +{ + int degree = 0; + + WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree"); + + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments"); + } + else { + switch (group->curve_nid) { + case WC_NID_secp112r1: + case WC_NID_secp112r2: + degree = 112; + break; + case WC_NID_secp128r1: + case WC_NID_secp128r2: + degree = 128; + break; + case WC_NID_secp160k1: + case WC_NID_secp160r1: + case WC_NID_secp160r2: + case WC_NID_brainpoolP160r1: + degree = 160; + break; + case WC_NID_secp192k1: + case WC_NID_brainpoolP192r1: + case WC_NID_X9_62_prime192v1: + case WC_NID_X9_62_prime192v2: + case WC_NID_X9_62_prime192v3: + degree = 192; + break; + case WC_NID_secp224k1: + case WC_NID_secp224r1: + case WC_NID_brainpoolP224r1: + degree = 224; + break; + case WC_NID_X9_62_prime239v1: + case WC_NID_X9_62_prime239v2: + case WC_NID_X9_62_prime239v3: + degree = 239; + break; + case WC_NID_secp256k1: + case WC_NID_brainpoolP256r1: + case WC_NID_X9_62_prime256v1: + degree = 256; + break; + case WC_NID_brainpoolP320r1: + degree = 320; + break; + case WC_NID_secp384r1: + case WC_NID_brainpoolP384r1: + degree = 384; + break; + case WC_NID_brainpoolP512r1: + degree = 512; + break; + case WC_NID_secp521r1: + degree = 521; + break; + } + } + + return degree; +} +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +/* Get the length of the order in bits of the EC group. + * + * TODO: consider switch statement or calculating directly from hex string + * array instead of using mp_int. + * + * @param [in] group EC group. + * @return Length of order in bits on success. + * @return 0 on error. + */ +int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) +{ + int ret = 0; + WC_DECLARE_VAR(order, mp_int, 1, 0); + + /* Validate parameter. */ + if ((group == NULL) || (group->curve_idx < 0)) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + /* Allocate memory for mp_int that will hold order value. */ + order = (mp_int *)XMALLOC(sizeof(*order), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (order == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } +#endif + + if (ret == 0) { + /* Initialize mp_int. */ + ret = mp_init(order); + } + + if (ret == 0) { + /* Read hex string of order from wolfCrypt array of curves. */ + ret = mp_read_radix(order, ecc_sets[group->curve_idx].order, + MP_RADIX_HEX); + if (ret == 0) { + /* Get bits of order. */ + ret = mp_count_bits(order); + } + /* Clear and free mp_int. */ + mp_clear(order); + } + + WC_FREE_VAR_EX(order, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* Convert error code to length of 0. */ + if (ret < 0) { + ret = 0; + } + + return ret; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) +/* Get the order of the group as a BN. + * + * Return code compliant with OpenSSL. + * + * @param [in] group EC group. + * @param [in, out] order BN to hold order value. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, + WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx) +{ + int ret = 1; + mp_int* mp = NULL; + + /* No BN operations performed - done with mp_int in BN. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (order == NULL) || (order->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error"); + ret = 0; + } + + if (ret == 1 && + (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); + ret = 0; + } + + if (ret == 1) { + mp = (mp_int*)order->internal; + } + /* Initialize */ + if ((ret == 1) && (mp_init(mp) != MP_OKAY)) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); + ret = 0; + } + /* Read hex string of order from wolfCrypt array of curves. */ + if ((ret == 1) && (mp_read_radix(mp, ecc_sets[group->curve_idx].order, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); + /* Zero out any partial value but don't free. */ + mp_zero(mp); + ret = 0; + } + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +/* End EC_GROUP */ + +/* Start EC_POINT */ + +#if defined(OPENSSL_EXTRA) + +/* Set data of EC point into internal, wolfCrypt EC point object. + * + * EC_POINT Openssl -> WolfSSL + * + * @param [in, out] p EC point to update. + * @return 1 on success. + * @return -1 on failure. + */ +static int ec_point_internal_set(WOLFSSL_EC_POINT *p) +{ + int ret = 1; + + WOLFSSL_ENTER("ec_point_internal_set"); + + /* Validate parameter. */ + if ((p == NULL) || (p->internal == NULL)) { + WOLFSSL_MSG("ECPoint NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* Get internal point as a wolfCrypt EC point. */ + ecc_point* point = (ecc_point*)p->internal; + + /* Set X ordinate if available. */ + if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) { + WOLFSSL_MSG("ecc point X error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Set Y ordinate if available. */ + if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y, + point->y) != 1)) { + WOLFSSL_MSG("ecc point Y error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Set Z ordinate if available. */ + if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z, + point->z) != 1)) { + WOLFSSL_MSG("ecc point Z error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Internal values set when operations succeeded. */ + p->inSet = (ret == 1); + } + + return ret; +} + +/* Set data of internal, wolfCrypt EC point object into EC point. + * + * EC_POINT WolfSSL -> OpenSSL + * + * @param [in, out] p EC point to update. + * @return 1 on success. + * @return -1 on failure. + */ +static int ec_point_external_set(WOLFSSL_EC_POINT *p) +{ + int ret = 1; + + WOLFSSL_ENTER("ec_point_external_set"); + + /* Validate parameter. */ + if ((p == NULL) || (p->internal == NULL)) { + WOLFSSL_MSG("ECPoint NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* Get internal point as a wolfCrypt EC point. */ + ecc_point* point = (ecc_point*)p->internal; + + /* Set X ordinate. */ + if (wolfssl_bn_set_value(&p->X, point->x) != 1) { + WOLFSSL_MSG("ecc point X error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Set Y ordinate. */ + if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) { + WOLFSSL_MSG("ecc point Y error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Set Z ordinate. */ + if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) { + WOLFSSL_MSG("ecc point Z error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* External values set when operations succeeded. */ + p->exSet = (ret == 1); + } + + return ret; +} + +/* Setup internals of EC point. + * + * Assumes point is not NULL. + * + * @param [in, out] point EC point to update. + * @return 1 on success. + * @return 0 on failure. + */ +static int ec_point_setup(const WOLFSSL_EC_POINT *point) { + int ret = 1; + + /* Check if internal values need setting. */ + if (!point->inSet) { + WOLFSSL_MSG("No ECPoint internal set, do it"); + + /* Forcing to non-constant type to update internals. */ + if (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1) { + WOLFSSL_MSG("ec_point_internal_set failed"); + ret = 0; + } + } + + return ret; +} + +/* Create a new EC point from the group. + * + * @param [in] group EC group. + * @return EC point on success. + * @return NULL on error. + */ +WOLFSSL_EC_POINT* wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP* group) +{ + int err = 0; + WOLFSSL_EC_POINT* point = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_new"); + + /* Validate parameter. */ + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error"); + err = 1; + } + + if (!err) { + /* Allocate memory for new EC point. */ + point = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, + DYNAMIC_TYPE_ECC); + if (point == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure"); + err = 1; + } + } + if (!err) { + /* Clear fields of EC point. */ + XMEMSET(point, 0, sizeof(WOLFSSL_EC_POINT)); + + /* Allocate internal EC point. */ + point->internal = wc_ecc_new_point(); + if (point->internal == NULL) { + WOLFSSL_MSG("ecc_new_point failure"); + err = 1; + } + } + + if (err) { + XFREE(point, NULL, DYNAMIC_TYPE_ECC); + point = NULL; + } + return point; +} + +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Dispose of the EC point. + * + * Cannot use point after this call. + * + * @param [in, out] point EC point to free. + */ +void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point) +{ + WOLFSSL_ENTER("wolfSSL_EC_POINT_free"); + + if (point != NULL) { + if (point->internal != NULL) { + wc_ecc_del_point((ecc_point*)point->internal); + point->internal = NULL; + } + + /* Free ordinates. */ + wolfSSL_BN_free(point->X); + wolfSSL_BN_free(point->Y); + wolfSSL_BN_free(point->Z); + /* Clear fields. */ + point->X = NULL; + point->Y = NULL; + point->Z = NULL; + point->inSet = 0; + point->exSet = 0; + + /* Dispose of EC point. */ + XFREE(point, NULL, DYNAMIC_TYPE_ECC); + } +} +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#ifdef OPENSSL_EXTRA + +/* Clear and dispose of the EC point. + * + * Cannot use point after this call. + * + * @param [in, out] point EC point to free. + */ +void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point) +{ + WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free"); + + if (point != NULL) { + if (point->internal != NULL) { + /* Force internal point to be zeros. */ + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + wc_ecc_forcezero_point((ecc_point*)point->internal); + #else + ecc_point* p = (ecc_point*)point->internal; + mp_forcezero(p->x); + mp_forcezero(p->y); + mp_forcezero(p->z); + #endif + wc_ecc_del_point((ecc_point*)point->internal); + point->internal = NULL; + } + + /* Clear the ordinates before freeing. */ + wolfSSL_BN_clear_free(point->X); + wolfSSL_BN_clear_free(point->Y); + wolfSSL_BN_clear_free(point->Z); + /* Clear fields. */ + point->X = NULL; + point->Y = NULL; + point->Z = NULL; + point->inSet = 0; + point->exSet = 0; + + /* Dispose of EC point. */ + XFREE(point, NULL, DYNAMIC_TYPE_ECC); + } +} + +/* Print out the internals of EC point in debug and when logging callback set. + * + * Not an OpenSSL API. + * + * TODO: Use WOLFSSL_MSG_EX()? + * + * @param [in] msg Message to prepend. + * @param [in] point EC point to print. + */ +void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *point) +{ +#if defined(DEBUG_WOLFSSL) + char *num; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_dump"); + + /* Only print when debugging on. */ + if (WOLFSSL_IS_DEBUG_ON()) { + if (point == NULL) { + /* No point passed in so just put out "NULL". */ + WOLFSSL_MSG_EX("%s = NULL\n", msg); + } + else { + /* Put out message and status of internal/external data set. */ + WOLFSSL_MSG_EX("%s:\n\tinSet=%d, exSet=%d\n", msg, point->inSet, + point->exSet); + /* Get x-ordinate as a hex string and print. */ + num = wolfSSL_BN_bn2hex(point->X); + WOLFSSL_MSG_EX("\tX = %s\n", num); + XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); + /* Get x-ordinate as a hex string and print. */ + num = wolfSSL_BN_bn2hex(point->Y); + WOLFSSL_MSG_EX("\tY = %s\n", num); + XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); + /* Get z-ordinate as a hex string and print. */ + num = wolfSSL_BN_bn2hex(point->Z); + WOLFSSL_MSG_EX("\tZ = %s\n", num); + XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); + } + } +#else + (void)msg; + (void)point; +#endif +} + +/* Convert EC point to hex string that as either uncompressed or compressed. + * + * ECC point compression types were not included in selftest ecc.h + * + * @param [in] group EC group for point. + * @param [in] point EC point to encode. + * @param [in] form Format of encoding. Valid values: + * POINT_CONVERSION_UNCOMPRESSED, POINT_CONVERSION_COMPRESSED + * @param [in] ctx Context to use for BN operations. Unused. + * @return Allocated hex string on success. + * @return NULL on error. + */ +char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BN_CTX* ctx) +{ + static const char* hexDigit = "0123456789ABCDEF"; + char* hex = NULL; + int i; + int sz = 0; + int len = 0; + int err = 0; + + /* No BN operations performed. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL)) { + err = 1; + } + /* Get curve id expects a positive index. */ + if ((!err) && (group->curve_idx < 0)) { + err = 1; + } + + if (!err) { + /* Get curve id to look up ordinate size. */ + int id = wc_ecc_get_curve_id(group->curve_idx); + /* Get size of ordinate. */ + if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) { + err = 1; + } + } + if (!err) { + /* [] */ + len = sz + 1; + if (form == WC_POINT_CONVERSION_UNCOMPRESSED) { + /* Include y ordinate when uncompressed. */ + len += sz; + } + + /* Hex string: allocate 2 bytes to represent each byte plus 1 for '\0'. + */ + hex = (char*)XMALLOC((size_t)(2 * len + 1), NULL, DYNAMIC_TYPE_ECC); + if (hex == NULL) { + err = 1; + } + } + if (!err) { + /* Make bytes all zeros to allow for ordinate values less than max size. + */ + XMEMSET(hex, 0, (size_t)(2 * len + 1)); + + /* Calculate offset as leading zeros not encoded. */ + i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1; + /* Put in x-ordinate after format byte. */ + if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) < + 0) { + err = 1; + } + } + if (!err) { + if (form == WC_POINT_CONVERSION_COMPRESSED) { + /* Compressed format byte value dependent on whether y-ordinate is + * odd. + */ + hex[0] = mp_isodd((mp_int*)point->Y->internal) ? + ECC_POINT_COMP_ODD : ECC_POINT_COMP_EVEN; + /* No y-ordinate. */ + } + else { + /* Put in uncompressed format byte. */ + hex[0] = ECC_POINT_UNCOMP; + /* Calculate offset as leading zeros not encoded. */ + i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal); + /* Put in y-ordinate after x-ordinate. */ + if (mp_to_unsigned_bin((mp_int*)point->Y->internal, + (byte*)(hex + i)) < 0) { + err = 1; + } + } + } + if (!err) { + /* Convert binary encoding to hex string. */ + /* Start at end so as not to overwrite. */ + for (i = len-1; i >= 0; i--) { + /* Get byte value and store has hex string. */ + byte b = (byte)hex[i]; + hex[i * 2 + 1] = hexDigit[b & 0xf]; + hex[i * 2 ] = hexDigit[b >> 4]; + } + /* Memset put trailing zero or '\0' on end of string. */ + } + + if (err && (hex != NULL)) { + /* Dispose of allocated data not being returned. */ + XFREE(hex, NULL, DYNAMIC_TYPE_ECC); + hex = NULL; + } + /* Return hex string encoding. */ + return hex; +} + +static size_t hex_to_bytes(const char *hex, unsigned char *output, size_t sz) +{ + word32 i; + for (i = 0; i < sz; i++) { + signed char ch1, ch2; + ch1 = HexCharToByte(hex[i * 2]); + ch2 = HexCharToByte(hex[i * 2 + 1]); + if ((ch1 < 0) || (ch2 < 0)) { + WOLFSSL_MSG("hex_to_bytes: syntax error"); + return 0; + } + output[i] = (unsigned char)((ch1 << 4) + ch2); + } + return sz; +} + +WOLFSSL_EC_POINT* wolfSSL_EC_POINT_hex2point(const WOLFSSL_EC_GROUP *group, + const char *hex, WOLFSSL_EC_POINT*p, WOLFSSL_BN_CTX *ctx) +{ + /* for uncompressed mode */ + size_t str_sz; + WOLFSSL_BIGNUM *Gx = NULL; + WOLFSSL_BIGNUM *Gy = NULL; + char strGx[MAX_ECC_BYTES * 2 + 1]; + + /* for compressed mode */ + int key_sz; + byte *octGx = (byte *)strGx; /* octGx[MAX_ECC_BYTES] */ + + int p_alloc = 0; + int ret; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_hex2point"); + + if (group == NULL || hex == NULL || ctx == NULL) + return NULL; + + if (p == NULL) { + if ((p = wolfSSL_EC_POINT_new(group)) == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new"); + goto err; + } + p_alloc = 1; + } + + key_sz = (wolfSSL_EC_GROUP_get_degree(group) + 7) / 8; + if (hex[0] == '0' && hex[1] == '4') { /* uncompressed mode */ + str_sz = (size_t)key_sz * 2; + + XMEMSET(strGx, 0x0, str_sz + 1); + XMEMCPY(strGx, hex + 2, str_sz); + + if (wolfSSL_BN_hex2bn(&Gx, strGx) == 0) + goto err; + + if (wolfSSL_BN_hex2bn(&Gy, hex + 2 + str_sz) == 0) + goto err; + + ret = wolfSSL_EC_POINT_set_affine_coordinates_GFp + (group, p, Gx, Gy, ctx); + + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp"); + goto err; + } + } + else if (hex[0] == '0' && (hex[1] == '2' || hex[1] == '3')) { + size_t sz = XSTRLEN(hex + 2) / 2; + /* compressed mode */ + octGx[0] = ECC_POINT_COMP_ODD; + if (hex_to_bytes(hex + 2, octGx + 1, sz) != sz) { + goto err; + } + if (wolfSSL_ECPoint_d2i(octGx, (word32)key_sz + 1, group, p) + != WOLFSSL_SUCCESS) { + goto err; + } + } + else + goto err; + + wolfSSL_BN_free(Gx); + wolfSSL_BN_free(Gy); + return p; + +err: + wolfSSL_BN_free(Gx); + wolfSSL_BN_free(Gy); + if (p_alloc) { + wolfSSL_EC_POINT_free(p); + } + return NULL; + +} + +/* Encode the EC point as an uncompressed point in DER. + * + * Return code compliant with OpenSSL. + * Not OpenSSL API. + * + * @param [in] group EC group point belongs to. + * @param [in] point EC point to encode. + * @param [out] out Buffer to encode into. May be NULL. + * @param [in, out] len On in, length of buffer in bytes. + * On out, length of encoding in bytes. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point, unsigned char *out, unsigned int *len) +{ + int res = 1; + + WOLFSSL_ENTER("wolfSSL_ECPoint_i2d"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL) || (len == NULL)) { + WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error"); + res = 0; + } + + /* Ensure points internals are set up. */ + if ((res == 1) && (ec_point_setup(point) != 1)) { + res = 0; + } + + /* Dump the point if encoding. */ + if ((res == 1) && (out != NULL)) { + wolfSSL_EC_POINT_dump("i2d p", point); + } + + if (res == 1) { + /* DER encode point in uncompressed format. */ + int ret = wc_ecc_export_point_der(group->curve_idx, + (ecc_point*)point->internal, out, len); + /* Check return. When out is NULL, return will be length only error. */ + if ((ret != MP_OKAY) && ((out != NULL) || + (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)))) { + WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); + res = 0; + } + } + + return res; +} + +/* Decode the uncompressed point in DER into EC point. + * + * Return code compliant with OpenSSL. + * Not OpenSSL API. + * + * @param [in] in Buffer containing DER encoded point. + * @param [in] len Length of data in bytes. + * @param [in] group EC group associated with point. + * @param [in, out] point EC point to set data into. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_ECPoint_d2i(const unsigned char *in, unsigned int len, + const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *point) +{ + int ret = 1; + WOLFSSL_BIGNUM* x = NULL; + WOLFSSL_BIGNUM* y = NULL; + + WOLFSSL_ENTER("wolfSSL_ECPoint_d2i"); + + /* Validate parameters. */ + if ((in == NULL) || (group == NULL) || (point == NULL) || + (point->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error"); + ret = 0; + } + + if (ret == 1) { + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Import point into internal EC point. */ + if (wc_ecc_import_point_der_ex(in, len, group->curve_idx, + (ecc_point*)point->internal, 0) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_import_point_der_ex failed"); + ret = 0; + } + #else + /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */ + if (in[0] == 0x04) { + /* Import point into internal EC point. */ + if (wc_ecc_import_point_der((unsigned char *)in, len, + group->curve_idx, (ecc_point*)point->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_import_point_der failed"); + ret = 0; + } + } + else { + WOLFSSL_MSG("Only uncompressed points supported with " + "HAVE_SELFTEST"); + ret = 0; + } + #endif + } + + if (ret == 1) + point->inSet = 1; + + /* Set new external point. */ + if (ret == 1 && ec_point_external_set(point) != 1) { + WOLFSSL_MSG("ec_point_external_set failed"); + ret = 0; + } + + if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) { +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + x = wolfSSL_BN_new(); + y = wolfSSL_BN_new(); + if (x == NULL || y == NULL) + ret = 0; + + if (ret == 1 && wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, + point, x, y, NULL) != 1) { + WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp failed"); + ret = 0; + } + + /* wolfSSL_EC_POINT_set_affine_coordinates_GFp checks that the point is + * on the curve. */ + if (ret == 1 && wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, + point, x, y, NULL) != 1) { + WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp failed"); + ret = 0; + } +#else + WOLFSSL_MSG("Importing non-affine point. This may cause issues in math " + "operations later on."); +#endif + } +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Validate that the imported point lies on the curve. The Z!=1 path + * above validates via set_affine_coordinates_GFp, but for affine + * imports (Z==1), the common case for uncompressed points, that + * block is skipped. Check unconditionally so no import path can + * bypass validation. */ + if (ret == 1 && wolfSSL_EC_POINT_is_on_curve(group, + (WOLFSSL_EC_POINT *)point, NULL) != 1) { + WOLFSSL_MSG("wolfSSL_ECPoint_d2i: point not on curve"); + ret = 0; + } +#endif + + if (ret == 1) { + /* Dump new point. */ + wolfSSL_EC_POINT_dump("d2i p", point); + } + + wolfSSL_BN_free(x); + wolfSSL_BN_free(y); + + return ret; +} + +/* Encode point as octet string. + * + * HYBRID not supported. + * + * @param [in] group EC group that point belongs to. + * @param [in] point EC point to encode. + * @param [in] form Format of encoding. Valid values: + * POINT_CONVERSION_UNCOMPRESSED,POINT_CONVERSION_COMPRESSED + * @param [out] buf Buffer to write encoding into. + * @param [in] len Length of buffer. + * @param [in] ctx Context to use for BN operations. Unused. + * @return Length of encoded data on success. + * @return 0 on error. + */ +size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point, int form, byte *buf, size_t len, + WOLFSSL_BN_CTX *ctx) +{ + int err = 0; + word32 enc_len = (word32)len; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + int compressed = ((form == WC_POINT_CONVERSION_COMPRESSED) ? 1 : 0); +#endif /* !HAVE_SELFTEST */ + + WOLFSSL_ENTER("wolfSSL_EC_POINT_point2oct"); + + /* No BN operations performed. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL)) { + err = 1; + } + + /* Ensure points internals are set up. */ + if ((!err) && (ec_point_setup(point) != 1)) { + err = 1; + } + + /* Special case when point is infinity. */ + if ((!err) && wolfSSL_EC_POINT_is_at_infinity(group, point)) { + /* Encoding is a single octet: 0x00. */ + enc_len = 1; + if (buf != NULL) { + /* Check whether buffer has space. */ + if (len < 1) { + wolfSSL_ECerr(WOLFSSL_EC_F_EC_GFP_SIMPLE_POINT2OCT, BUFFER_E); + err = 1; + } + else { + /* Put in encoding of infinity. */ + buf[0] = 0x00; + } + } + } + /* Not infinity. */ + else if (!err) { + /* Validate format. */ + if (form != WC_POINT_CONVERSION_UNCOMPRESSED + #ifndef HAVE_SELFTEST + && form != WC_POINT_CONVERSION_COMPRESSED + #endif /* !HAVE_SELFTEST */ + ) { + WOLFSSL_MSG("Unsupported point form"); + err = 1; + } + + if (!err) { + int ret; + + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Encode as compressed or uncompressed. */ + ret = wc_ecc_export_point_der_ex(group->curve_idx, + (ecc_point*)point->internal, buf, &enc_len, compressed); + #else + /* Encode uncompressed point in DER format. */ + ret = wc_ecc_export_point_der(group->curve_idx, + (ecc_point*)point->internal, buf, &enc_len); + #endif /* !HAVE_SELFTEST */ + /* Check return. When buf is NULL, return will be length only + * error. + */ + if (ret != ((buf != NULL) ? MP_OKAY : + WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { + err = 1; + } + } + } + +#if defined(DEBUG_WOLFSSL) + if (!err) { + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_point2oct point", point); + WOLFSSL_MSG("\twolfSSL_EC_POINT_point2oct output:"); + WOLFSSL_BUFFER(buf, enc_len); + } +#endif + + /* On error, return encoding length of 0. */ + if (err) { + enc_len = 0; + } + return (size_t)enc_len; +} + + +/* Convert octet string to EC point. + * + * @param [in] group EC group. + * @param [in, out] point EC point to set data into. + * @param [in] buf Buffer holding octet string. + * @param [in] len Length of data in buffer in bytes. + * @param [in] ctx Context to use for BN operations. Unused. + */ +int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, + WOLFSSL_EC_POINT *point, const unsigned char *buf, size_t len, + WOLFSSL_BN_CTX *ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point"); + + /* No BN operations performed. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL)) { + ret = 0; + } + else { + /* Decode DER encoding into EC point. */ + ret = wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group, + point); + } + + return ret; +} + +/* Convert an EC point to a single BN. + * + * @param [in] group EC group. + * @param [in] point EC point. + * @param [in] form Format of encoding. Valid values: + * WC_POINT_CONVERSION_UNCOMPRESSED, + * WC_POINT_CONVERSION_COMPRESSED. + * @param [in, out] bn BN to hold point value. + * When NULL a new BN is allocated otherwise this is + * returned on success. + * @param [in] ctx Context to use for BN operations. Unused. + * @return BN object with point as a value on success. + * @return NULL on error. + */ +WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, int form, WOLFSSL_BIGNUM* bn, + WOLFSSL_BN_CTX* ctx) +{ + int err = 0; + size_t len = 0; + byte *buf = NULL; + WOLFSSL_BIGNUM *ret = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL)) { + err = 1; + } + + /* Calculate length of octet encoding. */ + if ((!err) && ((len = wolfSSL_EC_POINT_point2oct(group, point, form, NULL, + 0, ctx)) == 0)) { + err = 1; + } + /* Allocate buffer to hold octet encoding. */ + if ((!err) && ((buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)) == + NULL)) { + WOLFSSL_MSG("malloc failed"); + err = 1; + } + /* Encode EC point as an octet string. */ + if ((!err) && (wolfSSL_EC_POINT_point2oct(group, point, form, buf, len, + ctx) != len)) { + err = 1; + } + /* Load BN with octet string data. */ + if (!err) { + ret = wolfSSL_BN_bin2bn(buf, (int)len, bn); + } + + /* Dispose of any allocated data. */ + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) +/* Check if EC point is on the the curve defined by the EC group. + * + * @param [in] group EC group defining curve. + * @param [in] point EC point to check. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 when point is on curve. + * @return 0 when point is not on curve or error. + */ +int wolfSSL_EC_POINT_is_on_curve(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx) +{ + int err = 0; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_is_on_curve"); + + /* No BN operations performed. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL)) { + WOLFSSL_MSG("Invalid arguments"); + err = 1; + } + + /* Ensure internal EC point set. */ + if ((!err) && (!point->inSet) && ec_point_internal_set( + (WOLFSSL_EC_POINT*)point) != 1) { + WOLFSSL_MSG("ec_point_internal_set error"); + err = 1; + } + + /* Check point is on curve from group. */ + if ((!err) && (wc_ecc_point_is_on_curve((ecc_point*)point->internal, + group->curve_idx) != MP_OKAY)) { + err = 1; + } + + /* Return boolean of on curve. No error means on curve. */ + return !err; +} +#endif /* !HAVE_SELFTEST && !(HAVE_FIPS && FIPS_VERSION <= 2) */ + +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) +/* Convert Jacobian ordinates to affine. + * + * @param [in] group EC group. + * @param [in] point EC point to get coordinates from. + * @return 1 on success. + * @return 0 on error. + */ +int ec_point_convert_to_affine(const WOLFSSL_EC_GROUP *group, + WOLFSSL_EC_POINT *point) +{ + int err = 0; + mp_digit mp = 0; + WC_DECLARE_VAR(modulus, mp_int, 1, 0); + + /* Allocate memory for curve's prime modulus. */ + WC_ALLOC_VAR_EX(modulus, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, err=1); + /* Initialize the MP integer. */ + if ((!err) && (mp_init(modulus) != MP_OKAY)) { + WOLFSSL_MSG("mp_init failed"); + err = 1; + } + + if (!err) { + /* Get the modulus from the hex string in the EC curve set. */ + if (mp_read_radix(modulus, ecc_sets[group->curve_idx].prime, + MP_RADIX_HEX) != MP_OKAY) { + WOLFSSL_MSG("mp_read_radix failed"); + err = 1; + } + /* Get Montgomery multiplier for the modulus as ordinates in + * Montgomery form. + */ + if ((!err) && (mp_montgomery_setup(modulus, &mp) != MP_OKAY)) { + WOLFSSL_MSG("mp_montgomery_setup failed"); + err = 1; + } + /* Map internal EC point from Jacobian to affine. */ + if ((!err) && (ecc_map((ecc_point*)point->internal, modulus, mp) != + MP_OKAY)) { + WOLFSSL_MSG("ecc_map failed"); + err = 1; + } + /* Set new ordinates into external EC point. */ + if ((!err) && (ec_point_external_set((WOLFSSL_EC_POINT *)point) != 1)) { + WOLFSSL_MSG("ec_point_external_set failed"); + err = 1; + } + + point->exSet = !err; + mp_clear(modulus); + } + + WC_FREE_VAR_EX(modulus, NULL, DYNAMIC_TYPE_BIGINT); + + return err; +} + +/* Get the affine coordinates of the EC point on a Prime curve. + * + * When z-ordinate is not one then coordinates are Jacobian and need to be + * converted to affine before storing in BNs. + * + * Return code compliant with OpenSSL. + * + * TODO: OpenSSL doesn't change point when Jacobian. Do the same? + * + * @param [in] group EC group. + * @param [in] point EC point to get coordinates from. + * @param [in, out] x BN to hold x-ordinate. + * @param [in, out] y BN to hold y-ordinate. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT* point, WOLFSSL_BIGNUM* x, WOLFSSL_BIGNUM* y, + WOLFSSL_BN_CTX* ctx) +{ + int ret = 1; + + /* BN operations don't need context. */ + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL) || (point->internal == NULL) || + (x == NULL) || (y == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error"); + ret = 0; + } + /* Don't return point at infinity. */ + if ((ret == 1) && wolfSSL_EC_POINT_is_at_infinity(group, point)) { + ret = 0; + } + + /* Ensure internal EC point has values of external EC point. */ + if ((ret == 1) && (ec_point_setup(point) != 1)) { + ret = 0; + } + + /* Check whether ordinates are in Jacobian form. */ + if ((ret == 1) && (!wolfSSL_BN_is_one(point->Z))) { + /* Convert from Jacobian to affine. */ + if (ec_point_convert_to_affine(group, (WOLFSSL_EC_POINT*)point) == 1) { + ret = 0; + } + } + + /* Copy the externally set x and y ordinates. */ + if ((ret == 1) && (wolfSSL_BN_copy(x, point->X) == NULL)) { + ret = 0; + } + if ((ret == 1) && (wolfSSL_BN_copy(y, point->Y) == NULL)) { + ret = 0; + } + + return ret; +} +#endif /* !WOLFSSL_SP_MATH && !WOLF_CRYPTO_CB_ONLY_ECC */ + +/* Sets the affine coordinates that belong on a prime curve. + * + * @param [in] group EC group. + * @param [in, out] point EC point to set coordinates into. + * @param [in] x BN holding x-ordinate. + * @param [in] y BN holding y-ordinate. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP* group, + WOLFSSL_EC_POINT* point, const WOLFSSL_BIGNUM* x, const WOLFSSL_BIGNUM* y, + WOLFSSL_BN_CTX* ctx) +{ + int ret = 1; + + /* BN operations don't need context. */ + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_set_affine_coordinates_GFp"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL) || (point->internal == NULL) || + (x == NULL) || (y == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp NULL error"); + ret = 0; + } + + /* Ensure we have a object for x-ordinate. */ + if ((ret == 1) && (point->X == NULL) && + ((point->X = wolfSSL_BN_new()) == NULL)) { + WOLFSSL_MSG("wolfSSL_BN_new failed"); + ret = 0; + } + /* Ensure we have a object for y-ordinate. */ + if ((ret == 1) && (point->Y == NULL) && + ((point->Y = wolfSSL_BN_new()) == NULL)) { + WOLFSSL_MSG("wolfSSL_BN_new failed"); + ret = 0; + } + /* Ensure we have a object for z-ordinate. */ + if ((ret == 1) && (point->Z == NULL) && + ((point->Z = wolfSSL_BN_new()) == NULL)) { + WOLFSSL_MSG("wolfSSL_BN_new failed"); + ret = 0; + } + + /* Copy the x-ordinate. */ + if ((ret == 1) && ((wolfSSL_BN_copy(point->X, x)) == NULL)) { + WOLFSSL_MSG("wolfSSL_BN_copy failed"); + ret = 0; + } + /* Copy the y-ordinate. */ + if ((ret == 1) && ((wolfSSL_BN_copy(point->Y, y)) == NULL)) { + WOLFSSL_MSG("wolfSSL_BN_copy failed"); + ret = 0; + } + /* z-ordinate is one for affine coordinates. */ + if ((ret == 1) && ((wolfSSL_BN_one(point->Z)) == 0)) { + WOLFSSL_MSG("wolfSSL_BN_one failed"); + ret = 0; + } + + /* Copy the new point data to internal object. */ + if ((ret == 1) && (ec_point_internal_set((WOLFSSL_EC_POINT *)point) != 1)) { + WOLFSSL_MSG("ec_point_internal_set failed"); + ret = 0; + } + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Check that the point is valid. */ + if ((ret == 1) && (wolfSSL_EC_POINT_is_on_curve(group, + (WOLFSSL_EC_POINT *)point, ctx) != 1)) { + WOLFSSL_MSG("EC_POINT_is_on_curve failed"); + ret = 0; + } +#endif + + return ret; +} + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) +/* Add two points on the same together. + * + * @param [in] curveIdx Index of curve in ecc_set. + * @param [out] r Result point. + * @param [in] p1 First point to add. + * @param [in] p2 Second point to add. + * @return 1 on success. + * @return 0 on error. + */ +static int wolfssl_ec_point_add(int curveIdx, ecc_point* r, ecc_point* p1, + ecc_point* p2) +{ + int ret = 1; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; + mp_int* prime = NULL; + mp_int* mu = NULL; +#else + mp_int a[1]; + mp_int prime[1]; + mp_int mu[1]; +#endif + mp_digit mp = 0; + ecc_point* montP1 = NULL; + ecc_point* montP2 = NULL; + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 1) { + /* Allocate memory for curve parameter: a. */ + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { + WOLFSSL_MSG("Failed to allocate memory for mp_int a"); + ret = 0; + } + } + if (ret == 1) { + /* Allocate memory for curve parameter: prime. */ + prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (prime == NULL) { + WOLFSSL_MSG("Failed to allocate memory for mp_int prime"); + ret = 0; + } + } + if (ret == 1) { + /* Allocate memory for mu (Montgomery normalizer). */ + mu = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (mu == NULL) { + WOLFSSL_MSG("Failed to allocate memory for mp_int mu"); + ret = 0; + } + } + if (ret == 1) { + /* Zero out all MP int data in case initialization fails. */ + XMEMSET(a, 0, sizeof(mp_int)); + XMEMSET(prime, 0, sizeof(mp_int)); + XMEMSET(mu, 0, sizeof(mp_int)); + } +#endif + + /* Initialize the MP ints. */ + if ((ret == 1) && (mp_init_multi(prime, a, mu, NULL, NULL, NULL) != + MP_OKAY)) { + WOLFSSL_MSG("mp_init_multi error"); + ret = 0; + } + + /* Read the curve parameter: a. */ + if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, MP_RADIX_HEX) != + MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix a error"); + ret = 0; + } + + /* Read the curve parameter: prime. */ + if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix prime error"); + ret = 0; + } + + /* Calculate the Montgomery product. */ + if ((ret == 1) && (mp_montgomery_setup(prime, &mp) != MP_OKAY)) { + WOLFSSL_MSG("mp_montgomery_setup nqm error"); + ret = 0; + } + + /* TODO: use the heap filed of one of the points? */ + /* Allocate new points to hold the Montgomery form values. */ + if ((ret == 1) && (((montP1 = wc_ecc_new_point_h(NULL)) == NULL) || + ((montP2 = wc_ecc_new_point_h(NULL)) == NULL))) { + WOLFSSL_MSG("wc_ecc_new_point_h nqm error"); + ret = 0; + } + + /* Calculate the Montgomery normalizer. */ + if ((ret == 1) && (mp_montgomery_calc_normalization(mu, prime) != + MP_OKAY)) { + WOLFSSL_MSG("mp_montgomery_calc_normalization error"); + ret = 0; + } + + /* Convert to Montgomery form. */ + if ((ret == 1) && (mp_cmp_d(mu, 1) == MP_EQ)) { + /* Copy the points if the normalizer is 1. */ + if ((wc_ecc_copy_point(p1, montP1) != MP_OKAY) || + (wc_ecc_copy_point(p2, montP2) != MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_copy_point error"); + ret = 0; + } + } + else if (ret == 1) { + /* Multiply each ordinate by the Montgomery normalizer. */ + if ((mp_mulmod(p1->x, mu, prime, montP1->x) != MP_OKAY) || + (mp_mulmod(p1->y, mu, prime, montP1->y) != MP_OKAY) || + (mp_mulmod(p1->z, mu, prime, montP1->z) != MP_OKAY)) { + WOLFSSL_MSG("mp_mulmod error"); + ret = 0; + } + /* Multiply each ordinate by the Montgomery normalizer. */ + if ((mp_mulmod(p2->x, mu, prime, montP2->x) != MP_OKAY) || + (mp_mulmod(p2->y, mu, prime, montP2->y) != MP_OKAY) || + (mp_mulmod(p2->z, mu, prime, montP2->z) != MP_OKAY)) { + WOLFSSL_MSG("mp_mulmod error"); + ret = 0; + } + } + + /* Perform point addition with internal EC point objects - Jacobian form + * result. + */ + if ((ret == 1) && (ecc_projective_add_point(montP1, montP2, r, a, prime, + mp) != MP_OKAY)) { + WOLFSSL_MSG("ecc_projective_add_point error"); + ret = 0; + } + + /* Map point back to affine coordinates. Converts from Montogomery form. */ + if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) { + WOLFSSL_MSG("ecc_map error"); + ret = 0; + } + + /* Dispose of allocated memory. */ + mp_clear(a); + mp_clear(prime); + mp_clear(mu); + wc_ecc_del_point_h(montP1, NULL); + wc_ecc_del_point_h(montP2, NULL); + WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT); + WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); + WC_FREE_VAR_EX(mu, NULL, DYNAMIC_TYPE_BIGINT); + return ret; +} + +/* Add two points on the same curve together. + * + * @param [in] group EC group. + * @param [out] r EC point that is result of point addition. + * @param [in] p1 First EC point to add. + * @param [in] p2 Second EC point to add. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP* group, WOLFSSL_EC_POINT* r, + const WOLFSSL_EC_POINT* p1, const WOLFSSL_EC_POINT* p2, WOLFSSL_BN_CTX* ctx) +{ + int ret = 1; + + /* No BN operations performed. */ + (void)ctx; + + /* Validate parameters. */ + if ((group == NULL) || (r == NULL) || (p1 == NULL) || (p2 == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_add error"); + ret = 0; + } + + /* Ensure the internal objects of the EC points are setup. */ + if ((ret == 1) && ((ec_point_setup(r) != 1) || (ec_point_setup(p1) != 1) || + (ec_point_setup(p2) != 1))) { + WOLFSSL_MSG("ec_point_setup error"); + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + int nid = wolfSSL_EC_GROUP_get_curve_name(group); + const char* curve = wolfSSL_OBJ_nid2ln(nid); + const char* nistName = wolfSSL_EC_curve_nid2nist(nid); + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p1", p1); + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add p2", p2); + if (curve != NULL) + WOLFSSL_MSG_EX("curve name: %s", curve); + if (nistName != NULL) + WOLFSSL_MSG_EX("nist curve name: %s", nistName); + } +#endif + + if (ret == 1) { + /* Add points using wolfCrypt objects. */ + ret = wolfssl_ec_point_add(group->curve_idx, (ecc_point*)r->internal, + (ecc_point*)p1->internal, (ecc_point*)p2->internal); + } + + /* Copy internal EC point values out to external EC point. */ + if ((ret == 1) && (ec_point_external_set(r) != 1)) { + WOLFSSL_MSG("ec_point_external_set error"); + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_add result", r); + } +#endif + + return ret; +} + +/* Sum the scalar multiplications of the base point and n, and q and m. + * + * r = base point * n + q * m + * + * @param [out] r EC point that is result of operation. + * @param [in] b Base point of curve. + * @param [in] n Scalar to multiply by base point. + * @param [in] q EC point to be scalar multiplied. + * @param [in] m Scalar to multiply q by. + * @param [in] a Parameter A of curve. + * @param [in] prime Prime (modulus) of curve. + * @return 1 on success. + * @return 0 on error. + */ +static int ec_mul2add(ecc_point* r, ecc_point* b, mp_int* n, ecc_point* q, + mp_int* m, mp_int* a, mp_int* prime) +{ + int ret = 1; +#if defined(ECC_SHAMIR) && !defined(WOLFSSL_KCAPI_ECC) + if (ecc_mul2add(b, n, q, m, r, a, prime, NULL) != MP_OKAY) { + WOLFSSL_MSG("ecc_mul2add error"); + ret = 0; + } +#else + ecc_point* tmp = NULL; + mp_digit mp = 0; + + /* Calculate Montgomery product. */ + if (mp_montgomery_setup(prime, &mp) != MP_OKAY) { + WOLFSSL_MSG("mp_montgomery_setup nqm error"); + ret = 0; + } + /* Create temporary point to hold: q * m */ + if ((ret == 1) && ((tmp = wc_ecc_new_point()) == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new nqm error"); + ret = 0; + } + /* r = base point * n */ + if ((ret == 1) && (wc_ecc_mulmod(n, b, r, a, prime, 0) != + MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_mulmod nqm error"); + ret = 0; + } + /* tmp = q * m */ + if ((ret == 1) && (wc_ecc_mulmod(m, q, tmp, a, prime, 0) != MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_mulmod nqm error"); + ret = 0; + } + /* r = r + tmp */ + if ((ret == 1) && (ecc_projective_add_point(tmp, r, r, a, prime, mp) != + MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_mulmod nqm error"); + ret = 0; + } + /* Map point back to affine coordinates. Converts from Montogomery + * form. */ + if ((ret == 1) && (ecc_map(r, prime, mp) != MP_OKAY)) { + WOLFSSL_MSG("ecc_map nqm error"); + ret = 0; + } + + /* Dispose of allocated temporary point. */ + wc_ecc_del_point(tmp); +#endif + + return ret; +} + +/* Sum the scalar multiplications of the base point and n, and q and m. + * + * r = base point * n + q * m + * + * @param [in] curveIdx Index of curve in ecc_set. + * @param [out] r EC point that is result of operation. + * @param [in] n Scalar to multiply by base point. May be NULL. + * @param [in] q EC point to be scalar multiplied. May be NULL. + * @param [in] m Scalar to multiply q by. May be NULL. + * @return 1 on success. + * @return 0 on error. + */ +static int wolfssl_ec_point_mul(int curveIdx, ecc_point* r, mp_int* n, + ecc_point* q, mp_int* m) +{ + int ret = 1; +#ifdef WOLFSSL_SMALL_STACK + mp_int* a = NULL; + mp_int* prime = NULL; +#else + mp_int a[1], prime[1]; +#endif + +#ifdef WOLFSSL_SMALL_STACK + /* Allocate MP integer for curve parameter: a. */ + a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (a == NULL) { + ret = 0; + } + if (ret == 1) { + /* Allocate MP integer for curve parameter: prime. */ + prime = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT); + if (prime == NULL) { + ret = 0; + } + } +#endif + + /* Initialize the MP ints. */ + if ((ret == 1) && (mp_init_multi(prime, a, NULL, NULL, NULL, NULL) != + MP_OKAY)) { + WOLFSSL_MSG("mp_init_multi error"); + ret = 0; + } + + /* Read the curve parameter: prime. */ + if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix prime error"); + ret = 0; + } + + /* Read the curve parameter: a. */ + if ((ret == 1) && (mp_read_radix(a, ecc_sets[curveIdx].Af, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix a error"); + ret = 0; + } + + if ((ret == 1) && (n != NULL)) { + /* Get generator - base point. */ + #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) + if ((ret == 1) && (wc_ecc_get_generator(r, curveIdx) != MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_get_generator error"); + ret = 0; + } + #else + /* wc_ecc_get_generator is not defined in the FIPS v2 module. */ + /* Read generator (base point) x-ordinate. */ + if ((ret == 1) && (mp_read_radix(r->x, ecc_sets[curveIdx].Gx, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix Gx error"); + ret = 0; + } + /* Read generator (base point) y-ordinate. */ + if ((ret == 1) && (mp_read_radix(r->y, ecc_sets[curveIdx].Gy, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix Gy error"); + ret = 0; + } + /* z-ordinate is one as point is affine. */ + if ((ret == 1) && (mp_set(r->z, 1) != MP_OKAY)) { + WOLFSSL_MSG("mp_set Gz error"); + ret = 0; + } + #endif /* NOPT_FIPS_VERSION == 2 */ + } + + if ((ret == 1) && (n != NULL) && (q != NULL) && (m != NULL)) { + /* r = base point * n + q * m */ + ret = ec_mul2add(r, r, n, q, m, a, prime); + } + /* Not all values present, see if we are only doing base point * n. */ + else if ((ret == 1) && (n != NULL)) { + /* r = base point * n */ + if (wc_ecc_mulmod(n, r, r, a, prime, 1) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_mulmod gn error"); + ret = 0; + } + } + /* Not all values present, see if we are only doing q * m. */ + else if ((ret == 1) && (q != NULL) && (m != NULL)) { + /* r = q * m */ + if (wc_ecc_mulmod(m, q, r, a, prime, 1) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_mulmod qm error"); + ret = 0; + } + } + /* No values to use. */ + else if (ret == 1) { + /* Set result to infinity as no values passed in. */ + mp_zero(r->x); + mp_zero(r->y); + mp_zero(r->z); + } + + mp_clear(a); + mp_clear(prime); + WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT); + WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); + return ret; +} + +/* Sum the scalar multiplications of the base point and n, and q and m. + * + * r = base point * n + q * m + * + * Return code compliant with OpenSSL. + * + * @param [in] group EC group. + * @param [out] r EC point that is result of operation. + * @param [in] n Scalar to multiply by base point. May be NULL. + * @param [in] q EC point to be scalar multiplied. May be NULL. + * @param [in] m Scalar to multiply q by. May be NULL. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, + const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, + WOLFSSL_BN_CTX *ctx) +{ + int ret = 1; + + /* No BN operations performed. */ + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_mul"); + + /* Validate parameters. */ + if ((group == NULL) || (r == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error"); + ret = 0; + } + + /* Ensure the internal representation of the EC point q is setup. */ + if ((ret == 1) && (q != NULL) && (ec_point_setup(q) != 1)) { + WOLFSSL_MSG("ec_point_setup error"); + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + int nid = wolfSSL_EC_GROUP_get_curve_name(group); + const char* curve = wolfSSL_OBJ_nid2ln(nid); + const char* nistName = wolfSSL_EC_curve_nid2nist(nid); + char* num; + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul input q", q); + num = wolfSSL_BN_bn2hex(n); + WOLFSSL_MSG_EX("\tn = %s", num); + XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); + num = wolfSSL_BN_bn2hex(m); + WOLFSSL_MSG_EX("\tm = %s", num); + XFREE(num, NULL, DYNAMIC_TYPE_OPENSSL); + if (curve != NULL) + WOLFSSL_MSG_EX("curve name: %s", curve); + if (nistName != NULL) + WOLFSSL_MSG_EX("nist curve name: %s", nistName); + } +#endif + + if (ret == 1) { + mp_int* ni = (n != NULL) ? (mp_int*)n->internal : NULL; + ecc_point* qi = (q != NULL) ? (ecc_point*)q->internal : NULL; + mp_int* mi = (m != NULL) ? (mp_int*)m->internal : NULL; + + /* Perform multiplication with wolfCrypt objects. */ + ret = wolfssl_ec_point_mul(group->curve_idx, (ecc_point*)r->internal, + ni, qi, mi); + } + + /* Only on success is the internal point guaranteed to be set. */ + if (r != NULL) { + r->inSet = (ret == 1); + } + /* Copy internal EC point values out to external EC point. */ + if ((ret == 1) && (ec_point_external_set(r) != 1)) { + WOLFSSL_MSG("ec_point_external_set error"); + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_mul result", r); + } +#endif + + return ret; +} +#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A && !HAVE_SELFTEST && + * !WOLFSSL_SP_MATH */ + +/* Invert the point on the curve. + * (x, y) -> (x, -y) = (x, (prime - y) % prime) + * + * @param [in] curveIdx Index of curve in ecc_set. + * @param [in, out] point EC point to invert. + * @return 1 on success. + * @return 0 on error. + */ +static int wolfssl_ec_point_invert(int curveIdx, ecc_point* point) +{ + int ret = 1; + WC_DECLARE_VAR(prime, mp_int, 1, 0); + + /* Allocate memory for an MP int to hold the prime of the curve. */ + WC_ALLOC_VAR_EX(prime, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT, ret=0); + + /* Initialize MP int. */ + if ((ret == 1) && (mp_init(prime) != MP_OKAY)) { + WOLFSSL_MSG("mp_init_multi error"); + ret = 0; + } + + /* Read the curve parameter: prime. */ + if ((ret == 1) && (mp_read_radix(prime, ecc_sets[curveIdx].prime, + MP_RADIX_HEX) != MP_OKAY)) { + WOLFSSL_MSG("mp_read_radix prime error"); + ret = 0; + } + + /* y = (prime - y) mod prime. */ + if ((ret == 1) && (!mp_iszero(point->y)) && (mp_sub(prime, point->y, + point->y) != MP_OKAY)) { + WOLFSSL_MSG("mp_sub error"); + ret = 0; + } + + /* Dispose of memory associated with MP. */ + mp_free(prime); + WC_FREE_VAR_EX(prime, NULL, DYNAMIC_TYPE_BIGINT); + return ret; +} + +/* Invert the point on the curve. + * (x, y) -> (x, -y) = (x, (prime - y) % prime) + * + * @param [in] group EC group. + * @param [in, out] point EC point to invert. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_invert(const WOLFSSL_EC_GROUP *group, + WOLFSSL_EC_POINT *point, WOLFSSL_BN_CTX *ctx) +{ + int ret = 1; + + /* No BN operations performed. */ + (void)ctx; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_invert"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL) || (point->internal == NULL)) { + ret = 0; + } + + /* Ensure internal representation of point is setup. */ + if ((ret == 1) && (ec_point_setup(point) != 1)) { + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + int nid = wolfSSL_EC_GROUP_get_curve_name(group); + const char* curve = wolfSSL_OBJ_nid2ln(nid); + const char* nistName = wolfSSL_EC_curve_nid2nist(nid); + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert input", point); + if (curve != NULL) + WOLFSSL_MSG_EX("curve name: %s", curve); + if (nistName != NULL) + WOLFSSL_MSG_EX("nist curve name: %s", nistName); + + } +#endif + + if (ret == 1 && !wolfSSL_BN_is_one(point->Z)) { +#if !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + if (ec_point_convert_to_affine(group, point) != 0) + ret = 0; +#else + WOLFSSL_MSG("wolfSSL_EC_POINT_invert called on non-affine point"); + ret = 0; +#endif + } + + if (ret == 1) { + /* Perform inversion using wolfCrypt objects. */ + ret = wolfssl_ec_point_invert(group->curve_idx, + (ecc_point*)point->internal); + } + + /* Set the external EC point representation based on internal. */ + if ((ret == 1) && (ec_point_external_set(point) != 1)) { + WOLFSSL_MSG("ec_point_external_set error"); + ret = 0; + } + +#ifdef DEBUG_WOLFSSL + if (ret == 1) { + wolfSSL_EC_POINT_dump("wolfSSL_EC_POINT_invert result", point); + } +#endif + + return ret; +} + +#ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN +/* Compare two points on a the same curve. + * + * (Ax, Ay, Az) => (Ax / (Az ^ 2), Ay / (Az ^ 3)) + * (Bx, By, Bz) => (Bx / (Bz ^ 2), By / (Bz ^ 3)) + * When equal: + * (Ax / (Az ^ 2), Ay / (Az ^ 3)) = (Bx / (Bz ^ 2), By / (Bz ^ 3)) + * => (Ax * (Bz ^ 2), Ay * (Bz ^ 3)) = (Bx * (Az ^ 2), By * (Az ^ 3)) + * + * @param [in] group EC group. + * @param [in] a EC point to compare. + * @param [in] b EC point to compare. + * @return 0 when equal. + * @return 1 when different. + * @return -1 on error. + */ +static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, + const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) +{ + int ret = 0; + BIGNUM* at = BN_new(); + BIGNUM* bt = BN_new(); + BIGNUM* az = BN_new(); + BIGNUM* bz = BN_new(); + BIGNUM* mod = BN_new(); + + /* Check that the big numbers were allocated. */ + if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) || + (mod == NULL)) { + ret = WOLFSSL_FATAL_ERROR; + } + /* Get the modulus for the curve. */ + if ((ret == 0) && + (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + if (ret == 0) { + /* bt = Bx * (Az ^ 2). When Az is one then just copy. */ + if (BN_is_one(a->Z)) { + if (BN_copy(bt, b->X) == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* az = Az ^ 2 */ + else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + /* bt = Bx * az = Bx * (Az ^ 2) */ + else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 0) { + /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */ + if (BN_is_one(b->Z)) { + if (BN_copy(at, a->X) == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* bz = Bz ^ 2 */ + else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + /* at = Ax * bz = Ax * (Bz ^ 2) */ + else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* Compare x-ordinates. */ + if ((ret == 0) && (BN_cmp(at, bt) != 0)) { + ret = 1; + } + if (ret == 0) { + /* bt = By * (Az ^ 3). When Az is one then just copy. */ + if (BN_is_one(a->Z)) { + if (BN_copy(bt, b->Y) == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* az = az * Az = Az ^ 3 */ + else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + /* bt = By * az = By * (Az ^ 3) */ + else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 0) { + /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */ + if (BN_is_one(b->Z)) { + if (BN_copy(at, a->Y) == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* bz = bz * Bz = Bz ^ 3 */ + else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + /* at = Ay * bz = Ay * (Bz ^ 3) */ + else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + } + /* Compare y-ordinates. */ + if ((ret == 0) && (BN_cmp(at, bt) != 0)) { + ret = 1; + } + + BN_free(mod); + BN_free(bz); + BN_free(az); + BN_free(bt); + BN_free(at); + return ret; +} +#endif + +/* Compare two points on a the same curve. + * + * Return code compliant with OpenSSL. + * + * @param [in] group EC group. + * @param [in] a EC point to compare. + * @param [in] b EC point to compare. + * @param [in] ctx Context to use for BN operations. Unused. + * @return 0 when equal. + * @return 1 when different. + * @return -1 on error. + */ +int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) +{ + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); + + /* Validate parameters. */ + if ((group == NULL) || (a == NULL) || (a->internal == NULL) || + (b == NULL) || (b->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + if (ret != -1) { + #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN + /* If same Z ordinate then no need to convert to affine. */ + if (BN_cmp(a->Z, b->Z) == 0) { + /* Compare */ + ret = ((BN_cmp(a->X, b->X) != 0) || (BN_cmp(a->Y, b->Y) != 0)); + } + else { + ret = ec_point_cmp_jacobian(group, a, b, ctx); + } + #else + /* No BN operations performed. */ + (void)ctx; + + ret = (wc_ecc_cmp_point((ecc_point*)a->internal, + (ecc_point*)b->internal) != MP_EQ); + #endif + } + + return ret; +} + +/* Copy EC point. + * + * @param [out] dest EC point to copy into. + * @param [in] src EC point to copy. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_copy"); + + /* Validate parameters. */ + if ((dest == NULL) || (src == NULL)) { + ret = 0; + } + + /* Ensure internal EC point of src is setup. */ + if ((ret == 1) && (ec_point_setup(src) != 1)) { + ret = 0; + } + + /* Copy internal EC points. */ + if ((ret == 1) && (wc_ecc_copy_point((ecc_point*)src->internal, + (ecc_point*)dest->internal) != MP_OKAY)) { + ret = 0; + } + + if (ret == 1) { + /* Destinatation internal point is set. */ + dest->inSet = 1; + + /* Set the external EC point of dest based on internal. */ + if (ec_point_external_set(dest) != 1) { + ret = 0; + } + } + + return ret; +} + +/* Duplicates an EC point. + * + * @param [in] src EC point to duplicate. + * @param [in] group EC group for the new point. + * @return New EC point on success. + * @return NULL on failure. + */ +WOLFSSL_EC_POINT *wolfSSL_EC_POINT_dup(const WOLFSSL_EC_POINT *src, + const WOLFSSL_EC_GROUP *group) +{ + WOLFSSL_EC_POINT *dest; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_dup"); + + if ((src == NULL) || (group == NULL)) { + return NULL; + } + + dest = wolfSSL_EC_POINT_new(group); + if (dest == NULL) { + return NULL; + } + + if (wolfSSL_EC_POINT_copy(dest, src) != 1) { + wolfSSL_EC_POINT_free(dest); + return NULL; + } + + return dest; +} + +/* Checks whether point is at infinity. + * + * Return code compliant with OpenSSL. + * + * @param [in] group EC group. + * @param [in] point EC point to check. + * @return 1 when at infinity. + * @return 0 when not at infinity. + */ +int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity"); + + /* Validate parameters. */ + if ((group == NULL) || (point == NULL) || (point->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error"); + ret = 0; + } + + /* Ensure internal EC point is setup. */ + if ((ret == 1) && (ec_point_setup(point) != 1)) { + ret = 0; + } + if (ret == 1) { + #ifndef WOLF_CRYPTO_CB_ONLY_ECC + /* Check for infinity. */ + ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal); + if (ret < 0) { + WOLFSSL_MSG("ecc_point_is_at_infinity failure"); + /* Error return is 0 by OpenSSL. */ + ret = 0; + } + #else + WOLFSSL_MSG("ecc_point_is_at_infinitiy compiled out"); + ret = 0; + #endif + } + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +/* End EC_POINT */ + +/* Start EC_KEY */ + +#ifdef OPENSSL_EXTRA + +/* + * EC key constructor/deconstructor APIs + */ + +/* Allocate a new EC key. + * + * Not OpenSSL API. + * + * @param [in] heap Heap hint for dynamic memory allocation. + * @param [in] devId Device identifier value. + * @return New, allocated EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId) +{ + WOLFSSL_EC_KEY *key = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_new"); + + /* Allocate memory for EC key. */ + key = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), heap, + DYNAMIC_TYPE_ECC); + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure"); + err = 1; + } + if (!err) { + /* Reset all fields to 0. */ + XMEMSET(key, 0, sizeof(WOLFSSL_EC_KEY)); + /* Cache heap hint. */ + key->heap = heap; + /* Initialize fields to defaults. */ + key->form = WC_POINT_CONVERSION_UNCOMPRESSED; + + /* Initialize reference count. */ + wolfSSL_RefInit(&key->ref, &err); +#ifdef WOLFSSL_REFCNT_ERROR_RETURN + } + if (!err) { +#endif + /* Allocate memory for internal EC key representation. */ + key->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, + DYNAMIC_TYPE_ECC); + if (key->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure"); + err = 1; + } + } + if (!err) { + /* Initialize wolfCrypt EC key. */ + if (wc_ecc_init_ex((ecc_key*)key->internal, heap, devId) != 0) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure"); + err = 1; + } + } + + if (!err) { + /* Group unknown at creation */ + key->group = wolfSSL_EC_GROUP_new_by_curve_name(WC_NID_undef); + if (key->group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); + err = 1; + } + } + + if (!err) { + /* Allocate a point as public key. */ + key->pub_key = wolfSSL_EC_POINT_new(key->group); + if (key->pub_key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new failure"); + err = 1; + } + } + + if (!err) { + /* Allocate a BN as private key. */ + key->priv_key = wolfSSL_BN_new(); + if (key->priv_key == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new failure"); + err = 1; + } + } + + if (err) { + /* Dispose of EC key on error. */ + wolfSSL_EC_KEY_free(key); + key = NULL; + } + /* Return new EC key object. */ + return key; +} + +/* Allocate a new EC key. + * + * @return New, allocated EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) +{ + return wolfSSL_EC_KEY_new_ex(NULL, INVALID_DEVID); +} + +/* Create new EC key with the group having the specified numeric ID. + * + * @param [in] nid Numeric ID. + * @return New, allocated EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) +{ + WOLFSSL_EC_KEY *key; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name"); + + /* Allocate empty, EC key. */ + key = wolfSSL_EC_KEY_new(); + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); + err = 1; + } + + if (!err) { + /* Set group to be nid. */ + ec_group_set_nid(key->group, nid); + if (key->group->curve_idx == -1) { + wolfSSL_EC_KEY_free(key); + key = NULL; + } + } + + /* Return the new EC key object. */ + return key; +} + +/* Dispose of the EC key and allocated data. + * + * Cannot use key after this call. + * + * @param [in] key EC key to free. + */ +void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key) +{ + int doFree = 0; + int err; + + (void)err; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_free"); + + if (key != NULL) { + void* heap = key->heap; + + /* Decrement reference count. */ + wolfSSL_RefDec(&key->ref, &doFree, &err); + if (doFree) { + /* Dispose of allocated reference counting data. */ + wolfSSL_RefFree(&key->ref); + + /* Dispose of private key. */ + wolfSSL_BN_free(key->priv_key); + wolfSSL_EC_POINT_free(key->pub_key); + wolfSSL_EC_GROUP_free(key->group); + if (key->internal != NULL) { + /* Dispose of wolfCrypt representation of EC key. */ + wc_ecc_free((ecc_key*)key->internal); + XFREE(key->internal, heap, DYNAMIC_TYPE_ECC); + } + + /* Set back to NULLs for safety. */ + ForceZero(key, sizeof(*key)); + + /* Dispose of the memory associated with the EC key. */ + XFREE(key, heap, DYNAMIC_TYPE_ECC); + (void)heap; + } + } +} + +/* Increments ref count of EC key. + * + * @param [in, out] key EC key. + * @return 1 on success + * @return 0 on error + */ +int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key) +{ + int err = 1; + + if (key != NULL) { + wolfSSL_RefInc(&key->ref, &err); + } + + return !err; +} + +#ifndef NO_CERTS + +#if defined(OPENSSL_ALL) +/* Copy the internal, wolfCrypt EC key. + * + * @param [in, out] dst Destination wolfCrypt EC key. + * @param [in] src Source wolfCrypt EC key. + * @return 0 on success. + * @return Negative on error. + */ +static int wolfssl_ec_key_int_copy(ecc_key* dst, const ecc_key* src) +{ + int ret; + + /* Copy public key. */ +#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) + ret = wc_ecc_copy_point(&src->pubkey, &dst->pubkey); +#else + ret = wc_ecc_copy_point((ecc_point*)&src->pubkey, &dst->pubkey); +#endif + if (ret != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_copy_point error"); + } + + if (ret == 0) { + /* Copy private key. */ + ret = mp_copy(wc_ecc_key_get_priv((ecc_key*)src), + wc_ecc_key_get_priv(dst)); + if (ret != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + } + } + + if (ret == 0) { + /* Copy domain parameters. */ + if (src->dp) { + ret = wc_ecc_set_curve(dst, 0, src->dp->id); + if (ret != 0) { + WOLFSSL_MSG("wc_ecc_set_curve error"); + } + } + } + + if (ret == 0) { + /* Copy the other components. */ + dst->type = src->type; + dst->idx = src->idx; + dst->state = src->state; + dst->flags = src->flags; + } + + return ret; +} + +/* Copies ecc_key into new WOLFSSL_EC_KEY object + * + * Copies the internal representation as well. + * + * @param [in] src EC key to duplicate. + * + * @return EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src) +{ + int err = 0; + WOLFSSL_EC_KEY* newKey = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_dup"); + + /* Validate EC key. */ + if ((src == NULL) || (src->internal == NULL) || (src->group == NULL) || + (src->pub_key == NULL) || (src->priv_key == NULL)) { + WOLFSSL_MSG("src NULL error"); + err = 1; + } + + if (!err) { + /* Create a new, empty key. */ + newKey = wolfSSL_EC_KEY_new(); + if (newKey == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); + err = 1; + } + } + + if (!err) { + /* Copy internal EC key. */ + if (wolfssl_ec_key_int_copy((ecc_key*)newKey->internal, + (ecc_key*)src->internal) != 0) { + WOLFSSL_MSG("Copying internal EC key error"); + err = 1; + } + } + if (!err) { + /* Internal key set. */ + newKey->inSet = 1; + + /* Copy group */ + err = wolfssl_ec_group_copy(newKey->group, src->group); + } + /* Copy public key. */ + if ((!err) && (wolfSSL_EC_POINT_copy(newKey->pub_key, src->pub_key) != 1)) { + WOLFSSL_MSG("Copying EC public key error"); + err = 1; + } + + if (!err) { + /* Set header size of private key in PKCS#8 format.*/ + newKey->pkcs8HeaderSz = src->pkcs8HeaderSz; + + /* Copy private key. */ + if (wolfSSL_BN_copy(newKey->priv_key, src->priv_key) == NULL) { + WOLFSSL_MSG("Copying EC private key error"); + err = 1; + } + } + + if (err) { + /* Dispose of EC key on error. */ + wolfSSL_EC_KEY_free(newKey); + newKey = NULL; + } + /* Return the new EC key. */ + return newKey; +} + +#endif /* OPENSSL_ALL */ + +#endif /* !NO_CERTS */ + +/* + * EC key to/from bin/octet APIs + */ + +/* Create an EC key from the octet encoded public key. + * + * Behaviour checked against OpenSSL. + * + * @param [out] key Reference to EC key. Must pass in a valid object with + * group set. + * @param [in, out] in On in, reference to buffer that contains data. + * On out, reference to buffer after public key data. + * @param [in] len Length of data in the buffer. Must be length of the + * encoded public key. + * @return Allocated EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **key, + const unsigned char **in, long len) +{ + int err = 0; + WOLFSSL_EC_KEY* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_o2i_ECPublicKey"); + + /* Validate parameters: EC group needed to perform import. */ + if ((key == NULL) || (*key == NULL) || ((*key)->group == NULL) || + (in == NULL) || (*in == NULL) || (len <= 0)) { + WOLFSSL_MSG("wolfSSL_o2i_ECPublicKey Bad arguments"); + err = 1; + } + + if (!err) { + /* Return the EC key object passed in. */ + ret = *key; + + /* Import point into public key field. */ + if (wolfSSL_EC_POINT_oct2point(ret->group, ret->pub_key, *in, + (size_t)len, NULL) != 1) { + WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point error"); + ret = NULL; + err = 1; + } + } + if (!err) { + /* Assumed length passed in is all the data. */ + *in += len; + } + + return ret; +} + +/* Puts the encoded public key into out. + * + * Passing in NULL for out returns length only. + * Passing in NULL for *out has buffer allocated, encoded into and passed back. + * Passing non-NULL for *out has it encoded into and pointer moved past. + * + * @param [in] key EC key to encode. + * @param [in, out] out Reference to buffer to encode into. May be NULL or + * point to NULL. + * @return Length of encoding in bytes on success. + * @return 0 on error. + */ +int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *key, unsigned char **out) +{ + int ret = 1; + size_t len = 0; + int form = WC_POINT_CONVERSION_UNCOMPRESSED; + + WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey"); + + /* Validate parameters. */ + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_i2o_ECPublicKey Bad arguments"); + ret = 0; + } + + /* Ensure the external key data is set from the internal EC key. */ + if ((ret == 1) && (!key->exSet) && (SetECKeyExternal((WOLFSSL_EC_KEY*) + key) != 1)) { + WOLFSSL_MSG("SetECKeyExternal failure"); + ret = 0; + } + + if (ret == 1) { + #ifdef HAVE_COMP_KEY + /* Default to compressed form if not set */ + form = (key->form == WC_POINT_CONVERSION_UNCOMPRESSED) ? + WC_POINT_CONVERSION_UNCOMPRESSED : + WC_POINT_CONVERSION_COMPRESSED; + #endif + + /* Calculate length of point encoding. */ + len = wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, form, NULL, + 0, NULL); + } + /* Encode if length calculated and pointer supplied to update. */ + if ((ret == 1) && (len != 0) && (out != NULL)) { + unsigned char *tmp = NULL; + + /* Allocate buffer for encoding if no buffer supplied. */ + if (*out == NULL) { + tmp = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (tmp == NULL) { + WOLFSSL_MSG("malloc failed"); + ret = 0; + } + } + else { + /* Get buffer to encode into. */ + tmp = *out; + } + + /* Encode public key into buffer. */ + if ((ret == 1) && (wolfSSL_EC_POINT_point2oct(key->group, key->pub_key, + form, tmp, len, NULL) == 0)) { + ret = 0; + } + + if (ret == 1) { + /* Return buffer if allocated. */ + if (*out == NULL) { + *out = tmp; + } + else { + /* Step over encoded data if not allocated. */ + *out += len; + } + } + else if (*out == NULL) { + /* Dispose of allocated buffer. */ + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } + } + + if (ret == 1) { + /* Return length on success. */ + ret = (int)len; + } + return ret; +} + +#ifdef HAVE_ECC_KEY_IMPORT +/* Create a EC key from the DER encoded private key. + * + * @param [out] key Reference to EC key. + * @param [in, out] in On in, reference to buffer that contains DER data. + * On out, reference to buffer after private key data. + * @param [in] long Length of data in the buffer. May be larger than the + * length of the encoded private key. + * @return Allocated EC key on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY* wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY** key, + const unsigned char** in, long len) +{ + int err = 0; + word32 idx = 0; + WOLFSSL_EC_KEY* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_ECPrivateKey"); + + /* Validate parameters. */ + if ((in == NULL) || (*in == NULL) || (len <= 0)) { + WOLFSSL_MSG("wolfSSL_d2i_ECPrivateKey Bad arguments"); + err = 1; + } + + /* Create a new, empty EC key. */ + if ((!err) && ((ret = wolfSSL_EC_KEY_new()) == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); + err = 1; + } + + /* Decode the private key DER data into internal EC key. */ + if ((!err) && (wc_EccPrivateKeyDecode(*in, &idx, (ecc_key*)ret->internal, + (word32)len) != 0)) { + WOLFSSL_MSG("wc_EccPrivateKeyDecode error"); + err = 1; + } + + if (!err) { + /* Internal EC key setup. */ + ret->inSet = 1; + + /* Set the EC key from the internal values. */ + if (SetECKeyExternal(ret) != 1) { + WOLFSSL_MSG("SetECKeyExternal error"); + err = 1; + } + } + + if (!err) { + /* Move buffer on to next byte after data used. */ + *in += idx; + if (key) { + /* Return new EC key through reference. */ + *key = ret; + } + } + + if (err && (ret != NULL)) { + /* Dispose of allocated EC key. */ + wolfSSL_EC_KEY_free(ret); + ret = NULL; + } + return ret; +} +#endif /* HAVE_ECC_KEY_IMPORT */ + +/* Enecode the private key of the EC key into the buffer as DER. + * + * @param [in] key EC key to encode. + * @param [in, out] out On in, reference to buffer to place DER encoding into. + * On out, reference to buffer after the encoding. + * May be NULL. + * @return Length of DER encoding on success. + * @return 0 on error. + */ +int wolfSSL_i2d_ECPrivateKey(const WOLFSSL_EC_KEY *key, unsigned char **out) +{ + int err = 0; + word32 len = 0; + + WOLFSSL_ENTER("wolfSSL_i2d_ECPrivateKey"); + + /* Validate parameters. */ + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_i2d_ECPrivateKey Bad arguments"); + err = 1; + } + + /* Update the internal EC key if not set. */ + if ((!err) && (!key->inSet) && (SetECKeyInternal((WOLFSSL_EC_KEY*)key) != + 1)) { + WOLFSSL_MSG("SetECKeyInternal error"); + err = 1; + } + + /* Calculate the length of the private key DER encoding using internal EC + * key. */ + if ((!err) && ((int)(len = (word32)wc_EccKeyDerSize((ecc_key*)key->internal, + 0)) <= 0)) { + WOLFSSL_MSG("wc_EccKeyDerSize error"); + err = 1; + } + + /* Only return length when out is NULL. */ + if ((!err) && (out != NULL)) { + unsigned char* buf = NULL; + + /* Must have a buffer to encode into. */ + if (*out == NULL) { + /* Allocate a new buffer of appropriate length. */ + buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + /* Error and return 0. */ + err = 1; + len = 0; + } + else { + /* Return the allocated buffer. */ + *out = buf; + } + } + /* Encode the internal EC key as a private key in DER format. */ + if ((!err) && wc_EccPrivateKeyToDer((ecc_key*)key->internal, *out, + len) < 0) { + WOLFSSL_MSG("wc_EccPrivateKeyToDer error"); + err = 1; + } + else if (buf != *out) { + /* Move the reference to byte past encoded private key. */ + *out += len; + } + + /* Dispose of any allocated buffer on error. */ + if (err && (*out == buf)) { + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *out = NULL; + } + } + + return (int)len; +} + +/* Load private key into EC key from DER encoding. + * + * Not an OpenSSL compatibility API. + * + * @param [in, out] key EC key to put private key values into. + * @param [in] derBuf Buffer holding DER encoding. + * @param [in] derSz Size of DER encoding in bytes. + * @return 1 on success. + * @return -1 on error. + */ +int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, + int derSz) +{ + return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz, + WOLFSSL_EC_KEY_LOAD_PRIVATE); +} + +/* Load private/public key into EC key from DER encoding. + * + * Not an OpenSSL compatibility API. + * + * @param [in, out] key EC key to put private/public key values into. + * @param [in] derBuf Buffer holding DER encoding. + * @param [in] derSz Size of DER encoding in bytes. + * @param [in] opt Key type option. Valid values: + * WOLFSSL_EC_KEY_LOAD_PRIVATE, + * WOLFSSL_EC_KEY_LOAD_PUBLIC. + * @return 1 on success. + * @return -1 on error. + */ +int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, + int derSz, int opt) +{ + int res = 1; + int ret; + word32 idx = 0; + word32 algId; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer"); + + /* Validate parameters. */ + if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) || + (derSz <= 0)) { + WOLFSSL_MSG("Bad function arguments"); + res = WOLFSSL_FATAL_ERROR; + } + if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) && + (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) { + res = WOLFSSL_FATAL_ERROR; + } + + if (res == 1) { + /* Assume no PKCS#8 header. */ + key->pkcs8HeaderSz = 0; + + /* Check if input buffer has PKCS8 header. In the case that it does not + * have a PKCS8 header then do not error out. + */ + if ((ret = ToTraditionalInline_ex((const byte*)derBuf, &idx, + (word32)derSz, &algId)) >= 0) { + WOLFSSL_MSG("Found PKCS8 header"); + key->pkcs8HeaderSz = (word16)idx; + res = 1; + } + /* Error out on parsing error. */ + else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); + res = WOLFSSL_FATAL_ERROR; + } + } + + if (res == 1) { + /* Load into internal EC key based on key type option. */ + if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { + ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, + (word32)derSz); + } + else { + ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal, + (word32)derSz); + if (ret < 0) { + ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key), + ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC); + if (tmp == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* We now try again as x.963 [point type][x][opt y]. */ + ret = wc_ecc_init_ex(tmp, ((ecc_key*)key->internal)->heap, + INVALID_DEVID); + if (ret == 0) { + ret = wc_ecc_import_x963(derBuf, (word32)derSz, tmp); + if (ret == 0) { + /* Take ownership of new key - set tmp to the old + * key which will then be freed below. */ + ecc_key *old = (ecc_key *)key->internal; + key->internal = tmp; + tmp = old; + + idx = (word32)derSz; + } + wc_ecc_free(tmp); + } + XFREE(tmp, ((ecc_key*)key->internal)->heap, + DYNAMIC_TYPE_ECC); + } + } + } + if (ret < 0) { + /* Error returned from wolfSSL. */ + if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { + WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); + } + else { + WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); + } + res = WOLFSSL_FATAL_ERROR; + } + + /* Internal key updated - update whether it is a valid key. */ + key->inSet = (res == 1); + } + + /* Set the external EC key based on value in internal. */ + if ((res == 1) && (SetECKeyExternal(key) != 1)) { + WOLFSSL_MSG("SetECKeyExternal failed"); + res = WOLFSSL_FATAL_ERROR; + } + + return res; +} + + +#ifndef NO_BIO + +WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, + WOLFSSL_EC_KEY **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_EC_KEY* ec = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + WOLFSSL_ERROR_MSG("wolfssl_read_bio failed"); + err = 1; + } + + if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed"); + err = 1; + } + + /* Load the EC key with the public key from the DER encoding. */ + if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data, + dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed"); + err = 1; + } + + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (err) { /* on error */ + wolfSSL_EC_KEY_free(ec); + ec = NULL; + } + else { /* on success */ + if (out != NULL) + *out = ec; + } + + return ec; +} + +#endif /* !NO_BIO */ + +/* + * EC key PEM APIs + */ + +#ifdef HAVE_ECC_KEY_EXPORT +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_FILESYSTEM) || !defined(NO_BIO)) +/* Encode the EC public key as DER. + * + * @param [in] key EC key to encode. + * @param [out] der Pointer through which buffer is returned. + * @param [in] heap Heap hint. + * @return Size of encoding on success. + * @return 0 on error. + */ +static int wolfssl_ec_key_to_pubkey_der(WOLFSSL_EC_KEY* key, + unsigned char** der, void* heap) +{ + int sz; + unsigned char* buf = NULL; + + (void)heap; + + /* Calculate encoded size to allocate. */ + sz = wc_EccPublicKeyDerSize((ecc_key*)key->internal, 1); + if (sz <= 0) { + WOLFSSL_MSG("wc_EccPublicKeyDerSize failed"); + sz = 0; + } + if (sz > 0) { + /* Allocate memory to hold encoding. */ + buf = (byte*)XMALLOC((size_t)sz, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + WOLFSSL_MSG("malloc failed"); + sz = 0; + } + } + if (sz > 0) { + /* Encode public key to DER using wolfSSL. */ + sz = wc_EccPublicKeyToDer((ecc_key*)key->internal, buf, (word32)sz, 1); + if (sz < 0) { + WOLFSSL_MSG("wc_EccPublicKeyToDer failed"); + sz = 0; + } + } + + /* Return buffer on success. */ + if (sz > 0) { + *der = buf; + } + else { + /* Dispose of any dynamically allocated data not returned. */ + XFREE(buf, heap, DYNAMIC_TYPE_TMP_BUFFER); + } + + return sz; +} +#endif + +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_KEY_GEN) +/* + * Return code compliant with OpenSSL. + * + * @param [in] fp File pointer to write PEM encoding to. + * @param [in] key EC key to encode and write. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY* key) +{ + int ret = 1; + unsigned char* derBuf = NULL; + int derSz = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_write_EC_PUBKEY"); + + /* Validate parameters. */ + if ((fp == XBADFILE) || (key == NULL)) { + WOLFSSL_MSG("Bad argument."); + return 0; + } + + /* Encode public key in EC key as DER. */ + derSz = wolfssl_ec_key_to_pubkey_der(key, &derBuf, key->heap); + if (derSz == 0) { + ret = 0; + } + + /* Write out to file the PEM encoding of the DER. */ + if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, + ECC_PUBLICKEY_TYPE, key->heap) != 1)) { + ret = 0; + } + + /* Dispose of any dynamically allocated data. */ + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + WOLFSSL_LEAVE("wolfSSL_PEM_write_EC_PUBKEY", ret); + + return ret; +} +#endif +#endif + +#ifndef NO_BIO +/* Read a PEM encoded EC public key from a BIO. + * + * @param [in] bio BIO to read EC public key from. + * @param [out] out Pointer to return EC key object through. May be NULL. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM + * encrypted. + * @return New EC key object on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass) +{ + int err = 0; + WOLFSSL_EC_KEY* ec = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY"); + + /* Validate parameters. */ + if (bio == NULL) { + err = 1; + } + + if (!err) { + /* Create an empty EC key. */ + ec = wolfSSL_EC_KEY_new(); + if (ec == NULL) { + err = 1; + } + } + /* Read a PEM key in to a new DER buffer. */ + if ((!err) && (pem_read_bio_key(bio, cb, pass, ECC_PUBLICKEY_TYPE, + &keyFormat, &der) <= 0)) { + err = 1; + } + /* Load the EC key with the public key from the DER encoding. */ + if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length, + WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1)) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY"); + err = 1; + } + + /* Dispose of dynamically allocated data not needed anymore. */ + FreeDer(&der); + if (err) { + wolfSSL_EC_KEY_free(ec); + ec = NULL; + } + + /* Return EC key through out if required. */ + if ((out != NULL) && (ec != NULL)) { + *out = ec; + } + return ec; +} + +/* Read a PEM encoded EC private key from a BIO. + * + * @param [in] bio BIO to read EC private key from. + * @param [out] out Pointer to return EC key object through. May be NULL. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM + * encrypted. + * @return New EC key object on success. + * @return NULL on error. + */ +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** out, wc_pem_password_cb* cb, void *pass) +{ + int err = 0; + WOLFSSL_EC_KEY* ec = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey"); + + /* Validate parameters. */ + if (bio == NULL) { + err = 1; + } + + if (!err) { + /* Create an empty EC key. */ + ec = wolfSSL_EC_KEY_new(); + if (ec == NULL) { + err = 1; + } + } + /* Read a PEM key in to a new DER buffer. + * To check ENC EC PRIVATE KEY, it uses PRIVATEKEY_TYPE to call + * pem_read_bio_key(), and then check key format if it is EC. + */ + if ((!err) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, + &keyFormat, &der) <= 0)) { + err = 1; + } + if (keyFormat != ECDSAk) { + WOLFSSL_ERROR_MSG("Error not EC key format"); + err = 1; + } + /* Load the EC key with the private key from the DER encoding. */ + if ((!err) && (wolfSSL_EC_KEY_LoadDer_ex(ec, der->buffer, (int)der->length, + WOLFSSL_EC_KEY_LOAD_PRIVATE) != 1)) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_KEY"); + err = 1; + } + + /* Dispose of dynamically allocated data not needed anymore. */ + FreeDer(&der); + if (err) { + wolfSSL_EC_KEY_free(ec); + ec = NULL; + } + + /* Return EC key through out if required. */ + if ((out != NULL) && (ec != NULL)) { + *out = ec; + } + return ec; +} +#endif /* !NO_BIO */ + +#if defined(WOLFSSL_KEY_GEN) && defined(HAVE_ECC_KEY_EXPORT) +#ifndef NO_BIO +/* Write out the EC public key as PEM to the BIO. + * + * @param [in] bio BIO to write PEM encoding to. + * @param [in] ec EC public key to encode. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) +{ + int ret = 1; + unsigned char* derBuf = NULL; + int derSz = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY"); + + /* Validate parameters. */ + if ((bio == NULL) || (ec == NULL)) { + WOLFSSL_MSG("Bad Function Arguments"); + return 0; + } + + /* Encode public key in EC key as DER. */ + derSz = wolfssl_ec_key_to_pubkey_der(ec, &derBuf, ec->heap); + if (derSz == 0) { + ret = 0; + } + + /* Write out to BIO the PEM encoding of the EC public key. */ + if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, + ECC_PUBLICKEY_TYPE) != 1)) { + ret = 0; + } + + /* Dispose of any dynamically allocated data. */ + XFREE(derBuf, ec->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +/* Write out the EC private key as PEM to the BIO. + * + * Return code compliant with OpenSSL. + * + * @param [in] bio BIO to write PEM encoding to. + * @param [in] ec EC private key to encode. + * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. + * @param [in] passwd Password string when PEM encrypted. May be NULL. + * @param [in] passwdSz Length of password string when PEM encrypted. + * @param [in] cb Password callback when PEM encrypted. Unused. + * @param [in] pass NUL terminated string for passphrase when PEM + * encrypted. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + wc_pem_password_cb* cb, void* arg) +{ + int ret = 1; + unsigned char* pem = NULL; + int pLen = 0; + + (void)cb; + (void)arg; + + /* Validate parameters. */ + if ((bio == NULL) || (ec == NULL)) { + ret = 0; + } + + /* Write EC private key to PEM. */ + if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd, + passwdSz, &pem, &pLen) != 1)) { + ret = 0; + } + /* Write PEM to BIO. */ + if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) != pLen)) { + WOLFSSL_ERROR_MSG("EC private key BIO write failed"); + ret = 0; + } + + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + + return ret; +} + +#endif /* !NO_BIO */ + +/* Encode the EC private key as PEM into buffer. + * + * Return code compliant with OpenSSL. + * Not an OpenSSL API. + * + * @param [in] ec EC private key to encode. + * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. + * @param [in] passwd Password string when PEM encrypted. May be NULL. + * @param [in] passwdSz Length of password string when PEM encrypted. + * @param [out] pem Newly allocated buffer holding PEM encoding. + * @param [out] pLen Length of PEM encoding in bytes. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ec, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + unsigned char **pem, int *pLen) +{ +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + int ret = 1; + byte* derBuf = NULL; + word32 der_max_len = 0; + int derSz = 0; + + WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey"); + + /* Validate parameters. */ + if ((pem == NULL) || (pLen == NULL) || (ec == NULL) || + (ec->internal == NULL)) { + WOLFSSL_MSG("Bad function arguments"); + ret = 0; + } + + /* Ensure internal EC key is set from external. */ + if ((ret == 1) && (ec->inSet == 0)) { + WOLFSSL_MSG("No ECC internal set, do it"); + + if (SetECKeyInternal(ec) != 1) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = 0; + } + } + + if (ret == 1) { + /* Calculate maximum size of DER encoding. + * 4 > size of pub, priv + ASN.1 additional information */ + der_max_len = 4 * (word32)wc_ecc_size((ecc_key*)ec->internal) + + WC_AES_BLOCK_SIZE; + + /* Allocate buffer big enough to hold encoding. */ + derBuf = (byte*)XMALLOC((size_t)der_max_len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + ret = 0; + } + } + + if (ret == 1) { + /* Encode EC private key as DER. */ + derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len); + if (derSz < 0) { + WOLFSSL_MSG("wc_EccKeyToDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + ret = 0; + } + } + + /* Convert DER to PEM - possibly encrypting. */ + if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd, + passwdSz, ECC_PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) { + WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed"); + ret = 0; + } + + return ret; +#else + (void)ec; + (void)cipher; + (void)passwd; + (void)passwdSz; + (void)pem; + (void)pLen; + return 0; +#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ +} + +#ifndef NO_FILESYSTEM +/* Write out the EC private key as PEM to file. + * + * Return code compliant with OpenSSL. + * + * @param [in] fp File pointer to write PEM encoding to. + * @param [in] ec EC private key to encode. + * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. + * @param [in] passwd Password string when PEM encrypted. May be NULL. + * @param [in] passwdSz Length of password string when PEM encrypted. + * @param [in] cb Password callback when PEM encrypted. Unused. + * @param [in] pass NUL terminated string for passphrase when PEM + * encrypted. Unused. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ec, + const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, + wc_pem_password_cb *cb, void *pass) +{ + int ret = 1; + byte *pem = NULL; + int pLen = 0; + + (void)cb; + (void)pass; + + WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey"); + + /* Validate parameters. */ + if ((fp == XBADFILE) || (ec == NULL) || (ec->internal == NULL)) { + WOLFSSL_MSG("Bad function arguments"); + ret = 0; + } + + /* Write EC private key to PEM. */ + if ((ret == 1) && (wolfSSL_PEM_write_mem_ECPrivateKey(ec, cipher, passwd, + passwdSz, &pem, &pLen) != 1)) { + WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed"); + ret = 0; + } + + /* Write out to file the PEM encoding of the EC private key. */ + if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) { + WOLFSSL_MSG("ECC private key file write failed"); + ret = 0; + } + + /* Dispose of any dynamically allocated data. */ + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + + return ret; +} + +#endif /* NO_FILESYSTEM */ +#endif /* WOLFSSL_KEY_GEN && HAVE_ECC_KEY_EXPORT */ + +/* + * EC key print APIs + */ + +#ifndef NO_CERTS + +#if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) +/* Print the EC key to a file pointer as text. + * + * @param [in] fp File pointer. + * @param [in] key EC key to print. + * @param [in] indent Number of spaces to place before each line printed. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_EC_KEY_print_fp(XFILE fp, WOLFSSL_EC_KEY* key, int indent) +{ + int ret = 1; + int bits = 0; + int priv = 0; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_print_fp"); + + /* Validate parameters. */ + if ((fp == XBADFILE) || (key == NULL) || (key->group == NULL) || + (indent < 0)) { + ret = 0; + } + + if (ret == 1) { + /* Get EC groups order size in bits. */ + bits = wolfSSL_EC_GROUP_order_bits(key->group); + if (bits <= 0) { + WOLFSSL_MSG("Failed to get group order bits."); + ret = 0; + } + } + if (ret == 1) { + const char* keyType; + + /* Determine whether this is a private or public key. */ + if ((key->priv_key != NULL) && (!wolfSSL_BN_is_zero(key->priv_key))) { + keyType = "Private-Key"; + priv = 1; + } + else { + keyType = "Public-Key"; + } + + /* Print key header. */ + if (XFPRINTF(fp, "%*s%s: (%d bit)\n", indent, "", keyType, bits) < 0) { + ret = 0; + } + } + if ((ret == 1) && priv) { + /* Print the private key BN. */ + ret = pk_bn_field_print_fp(fp, indent, "priv", key->priv_key); + } + /* Check for public key data in EC key. */ + if ((ret == 1) && (key->pub_key != NULL) && (key->pub_key->exSet)) { + /* Get the public key point as one BN. */ + WOLFSSL_BIGNUM* pubBn = wolfSSL_EC_POINT_point2bn(key->group, + key->pub_key, WC_POINT_CONVERSION_UNCOMPRESSED, NULL, NULL); + if (pubBn == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_point2bn failed."); + ret = 0; + } + else { + /* Print the public key in a BN. */ + ret = pk_bn_field_print_fp(fp, indent, "pub", pubBn); + wolfSSL_BN_free(pubBn); + } + } + if (ret == 1) { + /* Get the NID of the group. */ + int nid = wolfSSL_EC_GROUP_get_curve_name(key->group); + if (nid > 0) { + /* Convert the NID into a long name and NIST name. */ + const char* curve = wolfSSL_OBJ_nid2ln(nid); + const char* nistName = wolfSSL_EC_curve_nid2nist(nid); + + /* Print OID name if known. */ + if ((curve != NULL) && + (XFPRINTF(fp, "%*sASN1 OID: %s\n", indent, "", curve) < 0)) { + ret = 0; + } + /* Print NIST curve name if known. */ + if ((nistName != NULL) && + (XFPRINTF(fp, "%*sNIST CURVE: %s\n", indent, "", + nistName) < 0)) { + ret = 0; + } + } + } + + + WOLFSSL_LEAVE("wolfSSL_EC_KEY_print_fp", ret); + + return ret; +} +#endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ + +#endif /* !NO_CERTS */ + +/* + * EC_KEY get/set/test APIs + */ + +/* Set data of internal, wolfCrypt EC key object into EC key. + * + * EC_KEY wolfSSL -> OpenSSL + * + * @param [in, out] p EC key to update. + * @return 1 on success. + * @return -1 on failure. + */ +int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) +{ + int ret = 1; + + WOLFSSL_ENTER("SetECKeyExternal"); + + /* Validate parameter. */ + if ((eckey == NULL) || (eckey->internal == NULL)) { + WOLFSSL_MSG("ec key NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + ecc_key* key = (ecc_key*)eckey->internal; + + /* Set group (OID, nid and idx) from wolfCrypt EC key. */ + eckey->group->curve_oid = (int)key->dp->oidSum; + eckey->group->curve_nid = EccEnumToNID(key->dp->id); + eckey->group->curve_idx = key->idx; + + if (eckey->pub_key->internal != NULL) { + /* Copy internal public point from internal key's public point. */ + if (wc_ecc_copy_point(&key->pubkey, + (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { + WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Set external public key from internal wolfCrypt, public key. */ + if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) { + WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + /* set the external privkey */ + if ((ret == 1) && (key->type == ECC_PRIVATEKEY) && + (wolfssl_bn_set_value(&eckey->priv_key, + wc_ecc_key_get_priv(key)) != 1)) { + WOLFSSL_MSG("ec priv key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* External values set when operations succeeded. */ + eckey->exSet = (ret == 1); + } + + return ret; +} + +/* Set data of EC key into internal, wolfCrypt EC key object. + * + * EC_KEY Openssl -> WolfSSL + * + * @param [in, out] p EC key to update. + * @return 1 on success. + * @return -1 on failure. + */ +int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) +{ + int ret = 1; + + WOLFSSL_ENTER("SetECKeyInternal"); + + /* Validate parameter. */ + if ((eckey == NULL) || (eckey->internal == NULL) || + (eckey->group == NULL)) { + WOLFSSL_MSG("ec key NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + ecc_key* key = (ecc_key*)eckey->internal; + int pubSet = 0; + + /* Validate group. */ + if ((eckey->group->curve_idx < 0) || + (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) { + WOLFSSL_MSG("invalid curve idx"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + /* Set group (idx of curve and corresponding domain parameters). */ + key->idx = eckey->group->curve_idx; + key->dp = &ecc_sets[key->idx]; + pubSet = (eckey->pub_key != NULL); + } + /* Set public key (point). */ + if ((ret == 1) && pubSet) { + if (ec_point_internal_set(eckey->pub_key) != 1) { + WOLFSSL_MSG("ec key pub error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* Copy public point to key. */ + if ((ret == 1) && (wc_ecc_copy_point( + (ecc_point*)eckey->pub_key->internal, &key->pubkey) != + MP_OKAY)) { + WOLFSSL_MSG("wc_ecc_copy_point error"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + /* Set that the internal key is a public key */ + key->type = ECC_PUBLICKEY; + } + } + + /* set privkey */ + if ((ret == 1) && (eckey->priv_key != NULL)) { + if (wolfssl_bn_get_value(eckey->priv_key, + wc_ecc_key_get_priv(key)) != 1) { + WOLFSSL_MSG("ec key priv error"); + ret = WOLFSSL_FATAL_ERROR; + } + /* private key */ + if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) { + if (pubSet) { + key->type = ECC_PRIVATEKEY; + } + else { + key->type = ECC_PRIVATEKEY_ONLY; + } + } + } + + /* Internal values set when operations succeeded. */ + eckey->inSet = (ret == 1); + } + + return ret; +} + +/* Get point conversion format of EC key. + * + * @param [in] key EC key. + * @return Point conversion format on success. + * @return -1 on error. + */ +wc_point_conversion_form_t wolfSSL_EC_KEY_get_conv_form( + const WOLFSSL_EC_KEY* key) +{ + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + return key->form; +} + +/* Set point conversion format into EC key. + * + * @param [in, out] key EC key to set format into. + * @param [in] form Point conversion format. Valid values: + * WC_POINT_CONVERSION_UNCOMPRESSED, + * WC_POINT_CONVERSION_COMPRESSED (when HAVE_COMP_KEY) + */ +void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *key, int form) +{ + if (key == NULL) { + WOLFSSL_MSG("Key passed in NULL"); + } + else if (form == WC_POINT_CONVERSION_UNCOMPRESSED +#ifdef HAVE_COMP_KEY + || form == WC_POINT_CONVERSION_COMPRESSED +#endif + ) { + key->form = (unsigned char)form; + } + else { + WOLFSSL_MSG("Incorrect form or HAVE_COMP_KEY not compiled in"); + } +} + +/* Get the EC group object that is in EC key. + * + * @param [in] key EC key. + * @return EC group object on success. + * @return NULL when key is NULL. + */ +const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_EC_GROUP* group = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group"); + + if (key != NULL) { + group = key->group; + } + + return group; +} + +/* Set the group in WOLFSSL_EC_KEY + * + * @param [in, out] key EC key to update. + * @param [in] group EC group to copy. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); + + /* Validate parameters. */ + if ((key == NULL) || (group == NULL)) { + ret = 0; + } + + if (ret == 1) { + /* Dispose of the current group. */ + if (key->group != NULL) { + wolfSSL_EC_GROUP_free(key->group); + } + /* Duplicate the passed in group into EC key. */ + key->group = wolfSSL_EC_GROUP_dup(group); + if (key->group == NULL) { + ret = 0; + } + } + + return ret; +} + +/* Get the BN object that is the private key in the EC key. + * + * @param [in] key EC key. + * @return BN object on success. + * @return NULL when key is NULL or private key is not set. + */ +WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_BIGNUM* priv_key = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key"); + + /* Validate parameter. */ + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments"); + } + /* Only return private key if it is not 0. */ + else if (!wolfSSL_BN_is_zero(key->priv_key)) { + priv_key = key->priv_key; + } + + return priv_key; +} + +/* Sets the private key value into EC key. + * + * Return code compliant with OpenSSL. + * + * @param [in, out] key EC key to set. + * @param [in] priv_key Private key value in a BN. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_BIGNUM *priv_key) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key"); + + /* Validate parameters. */ + if ((key == NULL) || (priv_key == NULL)) { + WOLFSSL_MSG("Bad arguments"); + ret = 0; + } + + /* Check for obvious invalid values. */ + if (wolfSSL_BN_is_negative(priv_key) || wolfSSL_BN_is_zero(priv_key) || + wolfSSL_BN_is_one(priv_key)) { + WOLFSSL_MSG("Invalid private key value"); + ret = 0; + } + + if (ret == 1) { + /* Free key if previously set. */ + if (key->priv_key != NULL) { + wolfSSL_BN_free(key->priv_key); + } + + /* Duplicate the BN passed in. */ + key->priv_key = wolfSSL_BN_dup(priv_key); + if (key->priv_key == NULL) { + WOLFSSL_MSG("key ecc priv key NULL"); + ret = 0; + } + } + /* Set the external values into internal EC key. */ + if ((ret == 1) && (SetECKeyInternal(key) != 1)) { + WOLFSSL_MSG("SetECKeyInternal failed"); + /* Dispose of new private key on error. */ + wolfSSL_BN_free(key->priv_key); + key->priv_key = NULL; + ret = 0; + } + + return ret; +} + +/* Get the public key EC point object that is in EC key. + * + * @param [in] key EC key. + * @return EC point object that is the public key on success. + * @return NULL when key is NULL. + */ +WOLFSSL_EC_POINT* wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_EC_POINT* pub_key = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key"); + + if (key != NULL) { + pub_key = key->pub_key; + } + + return pub_key; +} + +/* + * Return code compliant with OpenSSL. + * + * @param [in, out] key EC key. + * @param [in] pub Public key as an EC point. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_POINT *pub) +{ + int ret = 1; + ecc_point *pub_p = NULL; + ecc_point *key_p = NULL; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key"); + + /* Validate parameters. */ + if ((key == NULL) || (key->internal == NULL) || (pub == NULL) || + (pub->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_KEY_set_public_key Bad arguments"); + ret = 0; + } + + /* Ensure the internal EC key is set. */ + if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal(key) != 1)) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = 0; + } + + /* Ensure the internal EC point of pub is setup. */ + if ((ret == 1) && (ec_point_setup(pub) != 1)) { + ret = 0; + } + + if (ret == 1) { + /* Get the internal point of pub and the public key in key. */ + pub_p = (ecc_point*)pub->internal; + key_p = (ecc_point*)key->pub_key->internal; + + /* Create new point if required. */ + if (key_p == NULL) { + key_p = wc_ecc_new_point(); + key->pub_key->internal = (void*)key_p; + } + /* Check point available. */ + if (key_p == NULL) { + WOLFSSL_MSG("key ecc point NULL"); + ret = 0; + } + } + + /* Copy the internal pub point into internal key point. */ + if ((ret == 1) && (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY)) { + WOLFSSL_MSG("ecc_copy_point failure"); + ret = 0; + } + + /* Copy the internal point data into external. */ + if ((ret == 1) && (ec_point_external_set(key->pub_key) != 1)) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = 0; + } + + /* Copy the internal key into external. */ + if ((ret == 1) && (SetECKeyInternal(key) != 1)) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = 0; + } + + if (ret == 1) { + /* Dump out the point and the key's public key for debug. */ + wolfSSL_EC_POINT_dump("pub", pub); + wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key); + } + + return ret; +} + +#ifndef NO_WOLFSSL_STUB +/* Set the ASN.1 encoding flag against the EC key. + * + * No implementation as only named curves supported for encoding. + * + * @param [in, out] key EC key. + * @param [in] flag ASN.1 flag to set. Valid values: + * OPENSSL_EC_EXPLICIT_CURVE, OPENSSL_EC_NAMED_CURVE + */ +void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag) +{ + (void)key; + (void)asn1_flag; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag"); + WOLFSSL_STUB("EC_KEY_set_asn1_flag"); +} +#endif + +/* + * EC key generate key APIs + */ + +/* Generate an EC key. + * + * Uses the internal curve index set in the EC key or the default. + * + * @param [in, out] key EC key. + * @return 1 on success + * @return 0 on failure. + */ +int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) +{ + int res = 1; + int initTmpRng = 0; + WC_RNG* rng = NULL; + WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0); + + WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); + + /* Validate parameters. */ + if ((key == NULL) || (key->internal == NULL) || (key->group == NULL)) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments"); + res = 0; + } + if (res == 1) { + /* Check if we know which internal curve index to use. */ + if (key->group->curve_idx < 0) { + /* Generate key using the default curve. */ +#if FIPS_VERSION3_GE(6,0,0) + key->group->curve_idx = ECC_SECP256R1; /* FIPS default to 256 */ +#else + key->group->curve_idx = ECC_CURVE_DEF; +#endif + } + + /* Create a random number generator. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to make RNG"); + res = 0; + } + } + if (res == 1) { + /* NIDToEccEnum returns -1 for invalid NID so if key->group->curve_nid + * is 0 then pass ECC_CURVE_DEF as arg */ + int eccEnum = key->group->curve_nid ? +#if FIPS_VERSION3_GE(6,0,0) + NIDToEccEnum(key->group->curve_nid) : ECC_SECP256R1; +#else + NIDToEccEnum(key->group->curve_nid) : ECC_CURVE_DEF; +#endif + /* Get the internal EC key. */ + ecc_key* ecKey = (ecc_key*)key->internal; + /* Make the key using internal API. */ + int ret = 0; + +#if FIPS_VERSION3_GE(6,0,0) + /* In the case of FIPS only allow key generation with approved curves */ + if (eccEnum != ECC_SECP256R1 && eccEnum != ECC_SECP224R1 && + eccEnum != ECC_SECP384R1 && eccEnum != ECC_SECP521R1) { + WOLFSSL_MSG("Unsupported curve selected in FIPS mode"); + res = 0; + } + if (res == 1) { +#endif + ret = wc_ecc_make_key_ex(rng, 0, ecKey, eccEnum); +#if FIPS_VERSION3_GE(6,0,0) + } +#endif + + #if defined(WOLFSSL_ASYNC_CRYPT) + /* Wait on asynchronouse operation. */ + ret = wc_AsyncWait(ret, &ecKey->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed"); + res = 0; + } + } + + /* Dispose of local random number generator if initialized. */ + if (initTmpRng) { + wc_FreeRng(rng); + WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG); + } + + /* Set the external key from new internal key values. */ + if ((res == 1) && (SetECKeyExternal(key) != 1)) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed"); + res = 0; + } + + return res; +} + +/* + * EC key check key APIs + */ + +/* Check that the EC key is valid. + * + * @param [in] key EC key. + * @return 1 on valid. + * @return 0 on invalid or error. + */ +int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_check_key"); + + /* Validate parameter. */ + if ((key == NULL) || (key->internal == NULL)) { + WOLFSSL_MSG("Bad parameter"); + ret = 0; + } + + /* Set the external EC key values into internal if not already. */ + if ((ret == 1) && (key->inSet == 0) && (SetECKeyInternal( + (WOLFSSL_EC_KEY*)key) != 1)) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = 0; + } + + if (ret == 1) { + /* Have internal EC implementation check key. */ + ret = wc_ecc_check_key((ecc_key*)key->internal) == 0; + } + + return ret; +} + +/* End EC_KEY */ + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) +/* Get the supported, built-in EC curves + * + * @param [in, out] curves Pre-allocated list to put supported curves into. + * @param [in] len Maximum number of items to place in list. + * @return Number of built-in EC curves when curves is NULL or len is 0. + * @return Number of items placed in list otherwise. + */ +size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *curves, + size_t len) +{ + size_t i; + size_t cnt; +#ifdef HAVE_SELFTEST + /* Defined in ecc.h when available. */ + size_t ecc_sets_count; + + /* Count the pre-defined curves since global not available. */ + for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) { + /* Do nothing. */ + } + ecc_sets_count = i; +#endif + + /* Assume we are going to return total count. */ + cnt = ecc_sets_count; + /* Check we have a list that can hold data. */ + if ((curves != NULL) && (len != 0)) { + /* Limit count to length of list. */ + if (cnt > len) { + cnt = len; + } + + /* Put in built-in EC curve nid and short name. */ + for (i = 0; i < cnt; i++) { + curves[i].nid = EccEnumToNID(ecc_sets[i].id); + curves[i].comment = wolfSSL_OBJ_nid2sn(curves[i].nid); + } + } + + return cnt; +} +#endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ + +/* Start ECDSA_SIG */ + +/* Allocate a new ECDSA signature object. + * + * @return New, allocated ECDSA signature object on success. + * @return NULL on error. + */ +WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void) +{ + int err = 0; + WOLFSSL_ECDSA_SIG *sig; + + WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new"); + + /* Allocate memory for ECDSA signature object. */ + sig = (WOLFSSL_ECDSA_SIG*)XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, + DYNAMIC_TYPE_ECC); + if (sig == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure"); + return NULL; + } + + /* Set s to NULL in case of error. */ + sig->s = NULL; + /* Allocate BN into r. */ + sig->r = wolfSSL_BN_new(); + if (sig->r == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure"); + err = 1; + } + if (!err) { + /* Allocate BN into s. */ + sig->s = wolfSSL_BN_new(); + if (sig->s == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure"); + err = 1; + } + } + + if (err) { + /* Dispose of allocated memory. */ + wolfSSL_ECDSA_SIG_free(sig); + sig = NULL; + } + return sig; +} + +/* Dispose of ECDSA signature object. + * + * Cannot use object after this call. + * + * @param [in] sig ECDSA signature object to free. + */ +void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig) +{ + WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free"); + + if (sig != NULL) { + /* Dispose of BNs allocated for r and s. */ + wolfSSL_BN_free(sig->r); + wolfSSL_BN_free(sig->s); + + /* Dispose of memory associated with ECDSA signature object. */ + XFREE(sig, NULL, DYNAMIC_TYPE_ECC); + } +} + +/* Create an ECDSA signature from the DER encoding. + * + * @param [in, out] sig Reference to ECDSA signature object. May be NULL. + * @param [in, out] pp On in, reference to buffer containing DER encoding. + * On out, reference to buffer after signature data. + * @param [in] len Length of the data in the buffer. May be more than + * the length of the signature. + * @return ECDSA signature object on success. + * @return NULL on error. + */ +WOLFSSL_ECDSA_SIG* wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG** sig, + const unsigned char** pp, long len) +{ + int err = 0; + /* ECDSA signature object to return. */ + WOLFSSL_ECDSA_SIG *s = NULL; + + /* Validate parameter. */ + if (pp == NULL) { + err = 1; + } + if (!err) { + if (sig != NULL) { + /* Use the ECDSA signature object passed in. */ + s = *sig; + } + if (s == NULL) { + /* No ECDSA signature object passed in - create a new one. */ + s = wolfSSL_ECDSA_SIG_new(); + if (s == NULL) { + err = 1; + } + } + } + if (!err) { + /* DecodeECC_DSA_Sig calls mp_init, so free these. */ + mp_free((mp_int*)s->r->internal); + mp_free((mp_int*)s->s->internal); + + /* Decode the signature into internal r and s fields. */ + if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal, + (mp_int*)s->s->internal) != MP_OKAY) { + err = 1; + } + } + + if (!err) { + /* Move pointer passed signature data successfully decoded. */ + *pp += wolfssl_der_length(*pp, (int)len); + if (sig != NULL) { + /* Update reference to ECDSA signature object. */ + *sig = s; + } + } + + /* Dispose of newly allocated object on error. */ + if (err) { + if ((s != NULL) && ((sig == NULL) || (*sig != s))) { + wolfSSL_ECDSA_SIG_free(s); + } + /* Return NULL for object on error. */ + s = NULL; + } + return s; +} + +/* Encode the ECDSA signature as DER. + * + * @param [in] sig ECDSA signature object. + * @param [in, out] pp On in, reference to buffer in which to place encoding. + * On out, reference to buffer after encoding. + * May be NULL or point to NULL in which case no encoding + * is done. + * @return Length of encoding on success. + * @return 0 on error. + */ +int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) +{ + word32 len = 0; + int update_p = 1; + + /* Validate parameter. */ + if (sig != NULL) { + /* ASN.1: SEQ + INT + INT + * ASN.1 Integer must be a positive value - prepend zero if number has + * top bit set. + */ + /* Get total length of r including any prepended zero. */ + word32 rLen = (word32)(mp_leading_bit((mp_int*)sig->r->internal) + + mp_unsigned_bin_size((mp_int*)sig->r->internal)); + /* Get total length of s including any prepended zero. */ + word32 sLen = (word32)(mp_leading_bit((mp_int*)sig->s->internal) + + mp_unsigned_bin_size((mp_int*)sig->s->internal)); + /* Calculate length of data in sequence. */ + len = (word32)1 + ASN_LEN_SIZE(rLen) + rLen + + (word32)1 + ASN_LEN_SIZE(sLen) + sLen; + /* Add in the length of the SEQUENCE. */ + len += (word32)1 + ASN_LEN_SIZE(len); + + #ifdef WOLFSSL_I2D_ECDSA_SIG_ALLOC + if ((pp != NULL) && (*pp == NULL)) { + *pp = (unsigned char *)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); + if (*pp == NULL) { + WOLFSSL_MSG("malloc error"); + return 0; + } + update_p = 0; + } + #endif + + /* Encode only if there is a buffer to encode into. */ + if ((pp != NULL) && (*pp != NULL)) { + /* Encode using the internal representations of r and s. */ + if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal, + (mp_int*)sig->s->internal) != MP_OKAY) { + /* No bytes encoded. */ + len = 0; + } + else if (update_p) { + /* Update pointer to after encoding. */ + *pp += len; + } + } + } + + return (int)len; +} + +/* Get the pointer to the fields of the ECDSA signature. + * + * r and s untouched when sig is NULL. + * + * @param [in] sig ECDSA signature object. + * @param [out] r R field of ECDSA signature as a BN. May be NULL. + * @param [out] s S field of ECDSA signature as a BN. May be NULL. + */ +void wolfSSL_ECDSA_SIG_get0(const WOLFSSL_ECDSA_SIG* sig, + const WOLFSSL_BIGNUM** r, const WOLFSSL_BIGNUM** s) +{ + /* Validate parameter. */ + if (sig != NULL) { + /* Return the r BN when pointer to return through. */ + if (r != NULL) { + *r = sig->r; + } + /* Return the s BN when pointer to return through. */ + if (s != NULL) { + *s = sig->s; + } + } +} + +/* Set the pointers to the fields of the ECDSA signature. + * + * @param [in, out] sig ECDSA signature object to update. + * @param [in] r R field of ECDSA signature as a BN. + * @param [in] s S field of ECDSA signature as a BN. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_ECDSA_SIG_set0(WOLFSSL_ECDSA_SIG* sig, WOLFSSL_BIGNUM* r, + WOLFSSL_BIGNUM* s) +{ + int ret = 1; + + /* Validate parameters. */ + if ((sig == NULL) || (r == NULL) || (s == NULL)) { + ret = 0; + } + + if (ret == 1) { + /* Dispose of old BN objects. */ + wolfSSL_BN_free(sig->r); + wolfSSL_BN_free(sig->s); + + /* Assign new BN objects. */ + sig->r = r; + sig->s = s; + } + + return ret; +} + +/* End ECDSA_SIG */ + +/* Start ECDSA */ + +/* Calculate maximum size of the DER encoded ECDSA signature for the curve. + * + * @param [in] key EC key. + * @return Size of DER encoded signature on success. + * @return 0 on error. + */ +int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key) +{ + int err = 0; + int len = 0; + const WOLFSSL_EC_GROUP *group = NULL; + int bits = 0; + + /* Validate parameter. */ + if (key == NULL) { + err = 1; + } + + /* Get group from key to get order bits. */ + if ((!err) && ((group = wolfSSL_EC_KEY_get0_group(key)) == NULL)) { + err = 1; + } + /* Get order bits of group. */ + if ((!err) && ((bits = wolfSSL_EC_GROUP_order_bits(group)) == 0)) { + /* Group is not set. */ + err = 1; + } + + if (!err) { + /* r and s are mod order. */ + int bytes = (bits + 7) / 8; /* Bytes needed to hold bits. */ + len = SIG_HEADER_SZ + /* 2*ASN_TAG + 2*LEN(ENUM) */ + ECC_MAX_PAD_SZ + /* possible leading zeroes in r and s */ + bytes + bytes; /* max r and s in bytes */ + } + + return len; +} + +/* Create ECDSA signature by signing digest with key. + * + * @param [in] dgst Digest to sign. + * @param [in] dLen Length of digest in bytes. + * @param [in] key EC key to sign with. + * @return ECDSA signature object on success. + * @return NULL on error. + */ +WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dLen, + WOLFSSL_EC_KEY *key) +{ + int err = 0; + WOLFSSL_ECDSA_SIG *sig = NULL; + WC_DECLARE_VAR(out, byte, ECC_BUFSIZE, 0); + unsigned int outLen = ECC_BUFSIZE; + + WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); + + /* Validate parameters. */ + if ((dgst == NULL) || (key == NULL) || (key->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments"); + err = 1; + } + + /* Ensure internal EC key is set from external. */ + if ((!err) && (key->inSet == 0)) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it"); + + if (SetECKeyInternal(key) != 1) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed"); + err = 1; + } + } + +#ifdef WOLFSSL_SMALL_STACK + if (!err) { + /* Allocate buffer to hold encoded signature. */ + out = (byte*)XMALLOC(outLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) { + err = 1; + } + } +#endif + + /* Sign the digest with the key to create encoded ECDSA signature. */ + if ((!err) && (wolfSSL_ECDSA_sign(0, dgst, dLen, out, &outLen, key) != 1)) { + err = 1; + } + + if (!err) { + const byte* p = out; + /* Decode the ECDSA signature into a new object. */ + sig = wolfSSL_d2i_ECDSA_SIG(NULL, &p, outLen); + } + + WC_FREE_VAR_EX(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return sig; +} + +/* Verify ECDSA signature in the object using digest and key. + * + * Return code compliant with OpenSSL. + * + * @param [in] dgst Digest to verify. + * @param [in] dLen Length of the digest in bytes. + * @param [in] sig ECDSA signature object. + * @param [in] key EC key containing public key. + * @return 1 when signature is valid. + * @return 0 when signature is invalid. + * @return -1 on error. + */ +int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, + const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key) +{ + int ret = 1; + int verified = 0; +#ifdef WOLF_CRYPTO_CB_ONLY_ECC + byte signature[ECC_MAX_SIG_SIZE]; + int signatureLen; + byte* p = signature; +#endif + + WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify"); + + /* Validate parameters. */ + if ((dgst == NULL) || (sig == NULL) || (key == NULL) || + (key->internal == NULL)) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Check hash length */ + if ((ret == 1) && + ((dLen > WC_MAX_DIGEST_SIZE) || + (dLen < WC_MIN_DIGEST_SIZE))) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad digest size"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Ensure internal EC key is set from external. */ + if ((ret == 1) && (key->inSet == 0)) { + WOLFSSL_MSG("No EC key internal set, do it"); + + if (SetECKeyInternal(key) != 1) { + WOLFSSL_MSG("SetECKeyInternal failed"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 1) { +#ifndef WOLF_CRYPTO_CB_ONLY_ECC + /* Verify hash using digest, r and s as MP ints and internal EC key. */ + if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, + (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified, + (ecc_key *)key->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_verify_hash failed"); + ret = WOLFSSL_FATAL_ERROR; + } + else if (verified == 0) { + WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); + ret = 0; + } +#else + signatureLen = i2d_ECDSA_SIG(sig, &p); + if (signatureLen > 0) { + /* verify hash. expects to call wc_CryptoCb_EccVerify internally */ + ret = wc_ecc_verify_hash(signature, signatureLen, dgst, + (word32)dLen, &verified, (ecc_key*)key->internal); + if (ret != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_verify_hash failed"); + ret = WOLFSSL_FATAL_ERROR; + } + else if (verified == 0) { + WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); + ret = 0; + } + } +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + } + + return ret; +} + +/* Sign the digest with the key to produce a DER encode signature. + * + * @param [in] type Digest algorithm used to create digest. Unused. + * @param [in] digest Digest of the message to sign. + * @param [in] digestSz Size of the digest in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, size of buffer in bytes. + * On out, size of signatre in bytes. + * @param [in] key EC key containing private key. + * @return 1 on success. + * @return 0 on error. + */ +int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz, + unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key) +{ + int ret = 1; + WC_RNG* rng = NULL; + WC_DECLARE_VAR(tmpRng, WC_RNG, 1, 0); + int initTmpRng = 0; + + WOLFSSL_ENTER("wolfSSL_ECDSA_sign"); + + /* Digest algorithm not used in DER encoding. */ + (void)type; + + /* Validate parameters. */ + if (key == NULL) { + ret = 0; + } + + if (ret == 1) { + /* Make an RNG - create local or get global. */ + rng = wolfssl_make_rng(tmpRng, &initTmpRng); + if (rng == NULL) { + ret = 0; + } + } + /* Sign the digest with the key using the RNG and put signature into buffer + * update sigSz to be actual length. + */ + if ((ret == 1) && (wc_ecc_sign_hash(digest, (word32)digestSz, sig, sigSz, + rng, (ecc_key*)key->internal) != 0)) { + ret = 0; + } + + if (initTmpRng) { + wc_FreeRng(rng); + WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG); + } + + return ret; +} + +/* Verify the signature with the digest and key. + * + * @param [in] type Digest algorithm used to create digest. Unused. + * @param [in] digest Digest of the message to verify. + * @param [in] digestSz Size of the digest in bytes. + * @param [in] sig Buffer holding signature. + * @param [in] sigSz Size of signature data in bytes. + * @param [in] key EC key containing public key. + * @return 1 when signature is valid. + * @return 0 when signature is invalid or error. + */ +int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, int digestSz, + const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key) +{ + int ret = 1; + int verify = 0; + + WOLFSSL_ENTER("wolfSSL_ECDSA_verify"); + + /* Digest algorithm not used in DER encoding. */ + (void)type; + + /* Validate parameters. */ + if (key == NULL) { + ret = 0; + } + + /* Check hash length */ + if ((ret == 1) && + ((digestSz > WC_MAX_DIGEST_SIZE) || + (digestSz < WC_MIN_DIGEST_SIZE))) { + WOLFSSL_MSG("wolfSSL_ECDSA_verify Bad digest size"); + ret = 0; + } + + /* Verify signature using digest and key. */ + if ((ret == 1) && (wc_ecc_verify_hash(sig, (word32)sigSz, digest, + (word32)digestSz, &verify, (ecc_key*)key->internal) != 0)) { + ret = 0; + } + /* When no error, verification may still have failed - check now. */ + if ((ret == 1) && (verify != 1)) { + WOLFSSL_MSG("wolfSSL_ECDSA_verify failed"); + ret = 0; + } + + return ret; +} + +/* End ECDSA */ + +/* Start ECDH */ + +#ifndef WOLF_CRYPTO_CB_ONLY_ECC +/* Compute the shared secret (key) using ECDH. + * + * KDF not supported. + * + * Return code compliant with OpenSSL. + * + * @param [out] out Buffer to hold key. + * @param [in] outLen Length of buffer in bytes. + * @param [in] pubKey Public key as an EC point. + * @param [in] privKey EC key holding a private key. + * @param [in] kdf Key derivation function to apply to secret. + * @return Length of computed key on success + * @return 0 on error. + */ +int wolfSSL_ECDH_compute_key(void *out, size_t outLen, + const WOLFSSL_EC_POINT *pubKey, WOLFSSL_EC_KEY *privKey, + void *(*kdf) (const void *in, size_t inlen, void *out, size_t *outLen)) +{ + int err = 0; + word32 len = 0; + ecc_key* key = NULL; +#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) + int setGlobalRNG = 0; +#endif + + /* TODO: support using the KDF. */ + (void)kdf; + + WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); + + /* Validate parameters. */ + if ((out == NULL) || (pubKey == NULL) || (pubKey->internal == NULL) || + (privKey == NULL) || (privKey->internal == NULL)) { + WOLFSSL_MSG("Bad function arguments"); + err = 1; + } + + /* Ensure internal EC key is set from external. */ + if ((!err) && (privKey->inSet == 0)) { + WOLFSSL_MSG("No EC key internal set, do it"); + + if (SetECKeyInternal(privKey) != 1) { + WOLFSSL_MSG("SetECKeyInternal failed"); + err = 1; + } + } + + if (!err) { + int ret; + + /* Get the internal key. */ + key = (ecc_key*)privKey->internal; + /* Set length into variable of type suitable for wolfSSL API. */ + len = (word32)outLen; + + #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) + /* An RNG is needed. */ + if (key->rng == NULL) { + key->rng = wolfssl_make_global_rng(); + /* RNG set and needs to be unset. */ + setGlobalRNG = 1; + } + #endif + + PRIVATE_KEY_UNLOCK(); + /* Create secret using wolfSSL. */ + ret = wc_ecc_shared_secret_ex(key, (ecc_point*)pubKey->internal, + (byte *)out, &len); + PRIVATE_KEY_LOCK(); + if (ret != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_shared_secret failed"); + err = 1; + } + } + +#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) + /* Remove global from key. */ + if (setGlobalRNG) { + key->rng = NULL; + } +#endif + + if (err) { + /* Make returned value zero. */ + len = 0; + } + return (int)len; +} +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + +/* End ECDH */ + +#ifndef NO_WOLFSSL_STUB +const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_OpenSSL(void) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_OpenSSL"); + + return NULL; +} + +WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_METHOD_new( + const WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_new"); + + (void)meth; + + return NULL; +} + +void wolfSSL_EC_KEY_METHOD_free(WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_free"); + + (void)meth; +} + +void wolfSSL_EC_KEY_METHOD_set_init(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3, void* a4, void* a5, void* a6) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_init"); + + (void)meth; + (void)a1; + (void)a2; + (void)a3; + (void)a4; + (void)a5; + (void)a6; +} + +void wolfSSL_EC_KEY_METHOD_set_sign(WOLFSSL_EC_KEY_METHOD *meth, + void* a1, void* a2, void* a3) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_METHOD_set_sign"); + + (void)meth; + (void)a1; + (void)a2; + (void)a3; +} + +const WOLFSSL_EC_KEY_METHOD *wolfSSL_EC_KEY_get_method( + const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_get_method"); + + (void)key; + + return NULL; +} + +int wolfSSL_EC_KEY_set_method(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_KEY_METHOD *meth) +{ + WOLFSSL_STUB("wolfSSL_EC_KEY_set_method"); + + (void)key; + (void)meth; + + return 0; +} + +#endif /* !NO_WOLFSSL_STUB */ + +#endif /* OPENSSL_EXTRA */ + +#endif /* HAVE_ECC */ + +/******************************************************************************* + * END OF EC API + ******************************************************************************/ + +#endif /* !WOLFSSL_PK_EC_INCLUDED */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/pk_rsa.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/pk_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,3943 @@ +/* pk_rsa.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include +#ifndef WC_NO_RNG + #include +#endif + +#if !defined(WOLFSSL_PK_RSA_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning pk_rsa.c does not need to be compiled separately from ssl.c + #endif +#else + +#ifndef NO_RSA + #include +#endif + +/******************************************************************************* + * START OF RSA API + ******************************************************************************/ + +#ifndef NO_RSA + +/* + * RSA METHOD + * Could be used to hold function pointers to implementations of RSA operations. + */ + +#if defined(OPENSSL_EXTRA) +/* Return a blank RSA method and set the name and flags. + * + * Only one implementation of RSA operations. + * name is duplicated. + * + * @param [in] name Name to use in method. + * @param [in] flags Flags to set into method. + * @return Newly allocated RSA method on success. + * @return NULL on failure. + */ +WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags) +{ + WOLFSSL_RSA_METHOD* meth = NULL; + int name_len = 0; + int err; + + /* Validate name is not NULL. */ + if (name == NULL) + return NULL; + /* Allocate an RSA METHOD to return. */ + meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL, + DYNAMIC_TYPE_OPENSSL); + if (meth == NULL) + return NULL; + + XMEMSET(meth, 0, sizeof(*meth)); + meth->flags = flags; + meth->dynamic = 1; + + name_len = (int)XSTRLEN(name); + meth->name = (char*)XMALLOC((size_t)(name_len + 1), NULL, + DYNAMIC_TYPE_OPENSSL); + err = (meth->name == NULL); + + if (!err) { + XMEMCPY(meth->name, name, (size_t)(name_len + 1)); + } + + if (err) { + /* meth->name won't be allocated on error. */ + XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL); + meth = NULL; + } + return meth; +} + +/* Default RSA method is one with wolfSSL name and no flags. + * + * @return Newly allocated wolfSSL RSA method on success. + * @return NULL on failure. + */ +const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void) +{ + static const WOLFSSL_RSA_METHOD wolfssl_rsa_meth = { + 0, /* No flags. */ + (char*)"wolfSSL RSA", + 0 /* Static definition. */ + }; + return &wolfssl_rsa_meth; +} + +/* Dispose of RSA method and allocated data. + * + * @param [in] meth RSA method to free. + */ +void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth) +{ + /* Free method if available and dynamically allocated. */ + if ((meth != NULL) && meth->dynamic) { + /* Name was duplicated and must be freed. */ + XFREE(meth->name, NULL, DYNAMIC_TYPE_OPENSSL); + /* Dispose of RSA method. */ + XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL); + } +} + +#ifndef NO_WOLFSSL_STUB +/* Stub function for any RSA method setting function. + * + * Nothing is stored - not even flags or name. + * + * @param [in] meth RSA method. + * @param [in] p A pointer. + * @return 1 to indicate success. + */ +int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *meth, void* p) +{ + WOLFSSL_STUB("RSA_METHOD is not implemented."); + + (void)meth; + (void)p; + + return 1; +} +#endif /* !NO_WOLFSSL_STUB */ +#endif /* OPENSSL_EXTRA */ + +/* + * RSA constructor/deconstructor APIs + */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Dispose of RSA key and allocated data. + * + * Cannot use rsa after this call. + * + * @param [in] rsa RSA key to free. + */ +void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) +{ + int doFree = 1; + + WOLFSSL_ENTER("wolfSSL_RSA_free"); + + /* Validate parameter. */ + if (rsa == NULL) { + doFree = 0; + } + if (doFree) { + int err; + + /* Decrement reference count. */ + wolfSSL_RefDec(&rsa->ref, &doFree, &err); + #ifndef WOLFSSL_REFCNT_ERROR_RETURN + (void)err; + #endif + } + if (doFree) { + void* heap = rsa->heap; + + /* Dispose of allocated reference counting data. */ + wolfSSL_RefFree(&rsa->ref); + + #ifdef HAVE_EX_DATA_CLEANUP_HOOKS + wolfSSL_CRYPTO_cleanup_ex_data(&rsa->ex_data); + #endif + + if (rsa->internal != NULL) { + #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) + /* Check if RNG is owned before freeing it. */ + if (rsa->ownRng) { + WC_RNG* rng = ((RsaKey*)(rsa->internal))->rng; + if ((rng != NULL) && (rng != wolfssl_get_global_rng())) { + wc_FreeRng(rng); + XFREE(rng, heap, DYNAMIC_TYPE_RNG); + } + /* RNG isn't freed by wolfCrypt RSA free. */ + } + #endif + /* Dispose of allocated data in wolfCrypt RSA key. */ + wc_FreeRsaKey((RsaKey*)rsa->internal); + /* Dispose of memory for wolfCrypt RSA key. */ + XFREE(rsa->internal, heap, DYNAMIC_TYPE_RSA); + } + + /* Dispose of external representation of RSA values. */ + wolfSSL_BN_clear_free(rsa->iqmp); + wolfSSL_BN_clear_free(rsa->dmq1); + wolfSSL_BN_clear_free(rsa->dmp1); + wolfSSL_BN_clear_free(rsa->q); + wolfSSL_BN_clear_free(rsa->p); + wolfSSL_BN_clear_free(rsa->d); + wolfSSL_BN_free(rsa->e); + wolfSSL_BN_free(rsa->n); + + #if defined(OPENSSL_EXTRA) + if (rsa->meth) { + wolfSSL_RSA_meth_free((WOLFSSL_RSA_METHOD*)rsa->meth); + } + #endif + + /* Set back to NULLs for safety. */ + ForceZero(rsa, sizeof(*rsa)); + + XFREE(rsa, heap, DYNAMIC_TYPE_RSA); + (void)heap; + } +} + +/* Allocate and initialize a new RSA key. + * + * Not OpenSSL API. + * + * @param [in] heap Heap hint for dynamic memory allocation. + * @param [in] devId Device identifier value. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_RSA_new_ex(void* heap, int devId) +{ + WOLFSSL_RSA* rsa = NULL; + RsaKey* key = NULL; + int err = 0; + int rsaKeyInited = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_new"); + + /* Allocate memory for new wolfCrypt RSA key. */ + key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc RsaKey failure"); + err = 1; + } + if (!err) { + /* Allocate memory for new RSA key. */ + rsa = (WOLFSSL_RSA*)XMALLOC(sizeof(WOLFSSL_RSA), heap, + DYNAMIC_TYPE_RSA); + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure"); + err = 1; + } + } + if (!err) { + /* Clear all fields of RSA key. */ + XMEMSET(rsa, 0, sizeof(WOLFSSL_RSA)); + /* Cache heap to use for all allocations. */ + rsa->heap = heap; + #ifdef OPENSSL_EXTRA + /* Always have a method set. */ + rsa->meth = wolfSSL_RSA_get_default_method(); + #endif + + /* Initialize reference counting. */ + wolfSSL_RefInit(&rsa->ref, &err); +#ifdef WOLFSSL_REFCNT_ERROR_RETURN + } + if (!err) { +#endif + /* Initialize wolfCrypt RSA key. */ + if (wc_InitRsaKey_ex(key, heap, devId) != 0) { + WOLFSSL_ERROR_MSG("InitRsaKey WOLFSSL_RSA failure"); + err = 1; + } + else { + rsaKeyInited = 1; + } + } + #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) + if (!err) { + WC_RNG* rng; + + /* Create a local RNG. */ + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), heap, DYNAMIC_TYPE_RNG); + if ((rng != NULL) && (wc_InitRng_ex(rng, heap, devId) != 0)) { + WOLFSSL_MSG("InitRng failure, attempting to use global RNG"); + XFREE(rng, heap, DYNAMIC_TYPE_RNG); + rng = NULL; + } + + rsa->ownRng = 1; + if (rng == NULL) { + /* Get the wolfSSL global RNG - not thread safe. */ + rng = wolfssl_get_global_rng(); + rsa->ownRng = 0; + } + if (rng == NULL) { + /* Couldn't create global either. */ + WOLFSSL_ERROR_MSG("wolfSSL_RSA_new no WC_RNG for blinding"); + err = 1; + } + else { + /* Set the local or global RNG into the wolfCrypt RSA key. */ + (void)wc_RsaSetRNG(key, rng); + /* Won't fail as key and rng are not NULL. */ + } + } + #endif /* !HAVE_FIPS && WC_RSA_BLINDING */ + if (!err) { + /* Set wolfCrypt RSA key into RSA key. */ + rsa->internal = key; + /* Data from external RSA key has not been set into internal one. */ + rsa->inSet = 0; + } + + if (err) { + /* Dispose of any allocated data on error. */ + /* No failure after RNG allocation - no need to free RNG. */ + if (rsaKeyInited) { + wc_FreeRsaKey(key); + } + XFREE(key, heap, DYNAMIC_TYPE_RSA); + XFREE(rsa, heap, DYNAMIC_TYPE_RSA); + /* Return NULL. */ + rsa = NULL; + } + return rsa; +} + +/* Allocate and initialize a new RSA key. + * + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_RSA_new(void) +{ + /* Call wolfSSL API to do work. */ + return wolfSSL_RSA_new_ex(NULL, INVALID_DEVID); +} + +/* Increments ref count of RSA key. + * + * @param [in, out] rsa RSA key. + * @return 1 on success + * @return 0 on error + */ +int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa) +{ + int err = 0; + if (rsa != NULL) { + wolfSSL_RefInc(&rsa->ref, &err); + } + return !err; +} + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#ifdef OPENSSL_EXTRA + +#if defined(WOLFSSL_KEY_GEN) + +/* Allocate a new RSA key and make it a copy. + * + * Encodes to and from DER to copy. + * + * @param [in] rsa RSA key to duplicate. + * @return RSA key on success. + * @return NULL on error. + */ +WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) +{ + WOLFSSL_RSA* ret = NULL; + int derSz = 0; + byte* derBuf = NULL; + int err; + + WOLFSSL_ENTER("wolfSSL_RSAPublicKey_dup"); + + err = (rsa == NULL); + if (!err) { + /* Create a new RSA key to return. */ + ret = wolfSSL_RSA_new(); + if (ret == NULL) { + WOLFSSL_ERROR_MSG("Error creating a new WOLFSSL_RSA structure"); + err = 1; + } + } + if (!err) { + /* Encode RSA public key to copy to DER - allocates DER buffer. */ + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + err = 1; + } + } + if (!err) { + /* Decode DER of the RSA public key into new key. */ + if (wolfSSL_RSA_LoadDer_ex(ret, derBuf, derSz, + WOLFSSL_RSA_LOAD_PUBLIC) != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_LoadDer_ex failed"); + err = 1; + } + } + + /* Dispose of any allocated DER buffer. */ + XFREE(derBuf, rsa ? rsa->heap : NULL, DYNAMIC_TYPE_ASN1); + if (err) { + /* Disposes of any created RSA key - on error. */ + wolfSSL_RSA_free(ret); + ret = NULL; + } + return ret; +} + +/* wolfSSL_RSAPrivateKey_dup not supported */ + +#endif /* WOLFSSL_KEY_GEN */ + +static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, + void* heap); + +/* + * RSA to/from bin APIs + */ + +/* Convert RSA public key data to internal. + * + * Creates new RSA key from the DER encoded RSA public key. + * + * @param [out] out Pointer to RSA key to return through. May be NULL. + * @param [in, out] derBuf Pointer to start of DER encoded data. + * @param [in] derSz Length of the data in the DER buffer. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **out, + const unsigned char **derBuf, long derSz) +{ + WOLFSSL_RSA *rsa = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey"); + + /* Validate parameters. */ + if (derBuf == NULL) { + WOLFSSL_ERROR_MSG("Bad argument"); + err = 1; + } + /* Create a new RSA key to return. */ + if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { + WOLFSSL_ERROR_MSG("RSA_new failed"); + err = 1; + } + /* Decode RSA key from DER. */ + if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, + WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { + WOLFSSL_ERROR_MSG("RSA_LoadDer failed"); + err = 1; + } + if ((!err) && (out != NULL)) { + /* Return through parameter too. */ + *out = rsa; + /* Move buffer on by the used amount. */ + *derBuf += wolfssl_der_length(*derBuf, (int)derSz); + } + + if (err) { + /* Dispose of any created RSA key. */ + wolfSSL_RSA_free(rsa); + rsa = NULL; + } + return rsa; +} + +/* Convert RSA private key data to internal. + * + * Create a new RSA key from the DER encoded RSA private key. + * + * @param [out] out Pointer to RSA key to return through. May be NULL. + * @param [in, out] derBuf Pointer to start of DER encoded data. + * @param [in] derSz Length of the data in the DER buffer. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **out, + const unsigned char **derBuf, long derSz) +{ + WOLFSSL_RSA *rsa = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_RSAPublicKey"); + + /* Validate parameters. */ + if (derBuf == NULL) { + WOLFSSL_ERROR_MSG("Bad argument"); + err = 1; + } + /* Create a new RSA key to return. */ + if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { + WOLFSSL_ERROR_MSG("RSA_new failed"); + err = 1; + } + /* Decode RSA key from DER. */ + if ((!err) && (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, + WOLFSSL_RSA_LOAD_PRIVATE) != 1)) { + WOLFSSL_ERROR_MSG("RSA_LoadDer failed"); + err = 1; + } + if ((!err) && (out != NULL)) { + /* Return through parameter too. */ + *out = rsa; + /* Move buffer on by the used amount. */ + *derBuf += wolfssl_der_length(*derBuf, (int)derSz); + } + + if (err) { + /* Dispose of any created RSA key. */ + wolfSSL_RSA_free(rsa); + rsa = NULL; + } + return rsa; +} + +/* Converts an internal RSA structure to DER format for the private key. + * + * If "pp" is null then buffer size only is returned. + * If "*pp" is null then a created buffer is set in *pp and the caller is + * responsible for free'ing it. + * + * @param [in] rsa RSA key. + * @param [in, out] pp On in, pointer to allocated buffer or NULL. + * May be NULL. + * On out, newly allocated buffer or pointer to byte after + * encoding in passed in buffer. + * + * @return Size of DER encoding on success + * @return BAD_FUNC_ARG when rsa is NULL. + * @return 0 on failure. + */ +int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey"); + + /* Validate parameters. */ + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Bad Function Arguments"); + ret = BAD_FUNC_ARG; + } + /* Encode the RSA key as a DER. Call allocates buffer into pp. + * No heap hint as this gets returned to the user */ + else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 0, NULL)) < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + ret = 0; + } + + /* Size of DER encoding. */ + return ret; +} + +/* Converts an internal RSA structure to DER format for the public key. + * + * If "pp" is null then buffer size only is returned. + * If "*pp" is null then a created buffer is set in *pp and the caller is + * responsible for free'ing it. + * + * @param [in] rsa RSA key. + * @param [in, out] pp On in, pointer to allocated buffer or NULL. + * May be NULL. + * On out, newly allocated buffer or pointer to byte after + * encoding in passed in buffer. + * @return Size of DER encoding on success + * @return BAD_FUNC_ARG when rsa is NULL. + * @return 0 on failure. + */ +int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, unsigned char **pp) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_i2d_RSAPublicKey"); + + /* check for bad functions arguments */ + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Bad Function Arguments"); + ret = BAD_FUNC_ARG; + } + /* Encode the RSA key as a DER. Call allocates buffer into pp. + * No heap hint as this gets returned to the user */ + else if ((ret = wolfSSL_RSA_To_Der_ex(rsa, pp, 1, NULL)) < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + ret = 0; + } + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +/* + * RSA to/from BIO APIs + */ + +/* wolfSSL_d2i_RSAPublicKey_bio not supported */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_BIO) + +/* Read DER data from a BIO. + * + * DER structures start with a constructed sequence. Use this to calculate the + * total length of the DER data. + * + * @param [in] bio BIO object to read from. + * @param [out] out Buffer holding DER encoding. + * @return Number of bytes to DER encoding on success. + * @return 0 on failure. + */ +static int wolfssl_read_der_bio(WOLFSSL_BIO* bio, unsigned char** out) +{ + int err = 0; + unsigned char seq[MAX_SEQ_SZ]; + unsigned char* der = NULL; + int derLen = 0; + + /* Read in a minimal amount to get a SEQUENCE header of any size. */ + if (wolfSSL_BIO_read(bio, seq, sizeof(seq)) != sizeof(seq)) { + WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() of sequence failure"); + err = 1; + } + /* Calculate complete DER encoding length. */ + if ((!err) && ((derLen = wolfssl_der_length(seq, sizeof(seq))) <= 0)) { + WOLFSSL_ERROR_MSG("DER SEQUENCE decode failed"); + err = 1; + } + /* Allocate a buffer to read DER data into. */ + if ((!err) && ((der = (unsigned char*)XMALLOC((size_t)derLen, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) { + WOLFSSL_ERROR_MSG("Malloc failure"); + err = 1; + } + if ((!err) && (derLen <= (int)sizeof(seq))) { + /* Copy the previously read data into the buffer. */ + XMEMCPY(der, seq, derLen); + } + else if (!err) { + /* Calculate the unread amount. */ + int len = derLen - (int)sizeof(seq); + /* Copy the previously read data into the buffer. */ + XMEMCPY(der, seq, sizeof(seq)); + /* Read rest of DER data from BIO. */ + if (wolfSSL_BIO_read(bio, der + sizeof(seq), len) != len) { + WOLFSSL_ERROR_MSG("wolfSSL_BIO_read() failure"); + err = 1; + } + } + if (!err) { + /* Return buffer through parameter. */ + *out = der; + } + + if (err) { + /* Dispose of any allocated buffer on error. */ + XFREE(der, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + derLen = 0; + } + return derLen; +} + +/* Reads the RSA private key data from a BIO to the internal form. + * + * Creates new RSA key from the DER encoded RSA private key read from the BIO. + * + * @param [in] bio BIO object to read from. + * @param [out] out Pointer to RSA key to return through. May be NULL. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + WOLFSSL_RSA* key = NULL; + unsigned char* der = NULL; + int derLen = 0; + int err; + + WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio"); + + /* Validate parameters. */ + err = (bio == NULL); + /* Read just DER encoding from BIO - buffer allocated in call. */ + if ((!err) && ((derLen = wolfssl_read_der_bio(bio, &der)) == 0)) { + err = 1; + } + if (!err) { + /* Keep der for call to deallocate. */ + const unsigned char* cder = der; + /* Create an RSA key from the data from the BIO. */ + key = wolfSSL_d2i_RSAPrivateKey(NULL, &cder, derLen); + err = (key == NULL); + } + if ((!err) && (out != NULL)) { + /* Return the created RSA key through the parameter. */ + *out = key; + } + + if (err) { + /* Dispose of created key on error. */ + wolfSSL_RSA_free(key); + key = NULL; + } + /* Dispose of allocated data. */ + XFREE(der, bio ? bio->heap : NULL, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif /* defined(WOLFSSL_KEY_GEN) && !NO_BIO */ + +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ + +/* + * RSA DER APIs + */ + +#ifdef OPENSSL_EXTRA + +/* Create a DER encoding of key. + * + * Not OpenSSL API. + * + * @param [in] rsa RSA key. + * @param [out] outBuf Allocated buffer containing DER encoding. + * May be NULL. + * @param [in] publicKey Whether to encode as public key. + * @param [in] heap Heap hint. + * @return Encoding size on success. + * @return Negative on failure. + */ +int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, + void* heap) +{ + byte* p = NULL; + int ret; + + if (outBuf != NULL) { + p = *outBuf; + } + ret = wolfSSL_RSA_To_Der_ex(rsa, outBuf, publicKey, heap); + if ((ret > 0) && (p != NULL)) { + *outBuf = p; + } + return ret; +} + +/* Create a DER encoding of key. + * + * Buffer allocated with heap and DYNAMIC_TYPE_TMP_BUFFER. + * + * @param [in] rsa RSA key. + * @param [in, out] outBuf On in, pointer to allocated buffer or NULL. + * May be NULL. + * On out, newly allocated buffer or pointer to byte + * after encoding in passed in buffer. + * @param [in] publicKey Whether to encode as public key. + * @param [in] heap Heap hint. + * @return Encoding size on success. + * @return Negative on failure. + */ +static int wolfSSL_RSA_To_Der_ex(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey, + void* heap) +{ + int ret = 1; + int derSz = 0; + byte* derBuf = NULL; + + WOLFSSL_ENTER("wolfSSL_RSA_To_Der"); + + /* Unused if memory is disabled. */ + (void)heap; + + /* Validate parameters. */ + if ((rsa == NULL) || ((publicKey != 0) && (publicKey != 1))) { + WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", BAD_FUNC_ARG); + ret = BAD_FUNC_ARG; + } + /* Push external RSA data into internal RSA key if not set. */ + if ((ret == 1) && (!rsa->inSet)) { + ret = SetRsaInternal(rsa); + } + /* wc_RsaKeyToPublicDer encode regardless of values. */ + if ((ret == 1) && publicKey && (mp_iszero(&((RsaKey*)rsa->internal)->n) || + mp_iszero(&((RsaKey*)rsa->internal)->e))) { + ret = BAD_FUNC_ARG; + } + + if (ret == 1) { + if (publicKey) { + /* Calculate length of DER encoded RSA public key. */ + derSz = wc_RsaPublicKeyDerSize((RsaKey*)rsa->internal, 1); + if (derSz < 0) { + WOLFSSL_ERROR_MSG("wc_RsaPublicKeyDerSize failed"); + ret = derSz; + } + } + else { + /* Calculate length of DER encoded RSA private key. */ + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, NULL, 0); + if (derSz < 0) { + WOLFSSL_ERROR_MSG("wc_RsaKeyToDer failed"); + ret = derSz; + } + } + } + + if ((ret == 1) && (outBuf != NULL)) { + derBuf = *outBuf; + if (derBuf == NULL) { + /* Allocate buffer to hold DER encoded RSA key. */ + derBuf = (byte*)XMALLOC((size_t)derSz, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_ERROR_MSG("Memory allocation failed"); + ret = MEMORY_ERROR; + } + } + } + if ((ret == 1) && (outBuf != NULL)) { + if (publicKey > 0) { + /* RSA public key to DER. */ + derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, + (word32)derSz); + } + else { + /* RSA private key to DER. */ + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, + (word32)derSz); + } + if (derSz < 0) { + WOLFSSL_ERROR_MSG("RSA key encoding failed"); + ret = derSz; + } + else if ((*outBuf) != NULL) { + derBuf = NULL; + *outBuf += derSz; + } + else { + /* Return allocated buffer. */ + *outBuf = derBuf; + } + } + if (ret == 1) { + /* Success - return DER encoding size. */ + ret = derSz; + } + + if ((outBuf != NULL) && (*outBuf != derBuf)) { + /* Not returning buffer, needs to be disposed of. */ + XFREE(derBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); + } + WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret); + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Load the DER encoded private RSA key. + * + * Not OpenSSL API. + * + * @param [in] rsa RSA key. + * @param [in] derBuf Buffer holding DER encoding. + * @param [in] derSz Length of DER encoding. + * @return 1 on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, + int derSz) +{ + /* Call implementation that handles both private and public keys. */ + return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); +} + +/* Load the DER encoded public or private RSA key. + * + * Not OpenSSL API. + * + * @param [in] rsa RSA key. + * @param [in] derBuf Buffer holding DER encoding. + * @param [in] derSz Length of DER encoding. + * @param [in] opt Indicates public or private key. + * (WOLFSSL_RSA_LOAD_PUBLIC or WOLFSSL_RSA_LOAD_PRIVATE) + * @return 1 on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, + int derSz, int opt) +{ + int ret = 1; + int res; + word32 idx = 0; + word32 algId; + + WOLFSSL_ENTER("wolfSSL_RSA_LoadDer"); + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) || + (derSz <= 0)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + rsa->pkcs8HeaderSz = 0; + /* Check if input buffer has PKCS8 header. In the case that it does not + * have a PKCS8 header then do not error out. */ + res = ToTraditionalInline_ex((const byte*)derBuf, &idx, (word32)derSz, + &algId); + if (res >= 0) { + /* Store size of PKCS#8 header for encoding. */ + WOLFSSL_MSG("Found PKCS8 header"); + rsa->pkcs8HeaderSz = (word16)idx; + } + /* When decoding and not PKCS#8, return will be ASN_PARSE_E. */ + else if (res != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + /* Something went wrong while decoding. */ + WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 " + "header"); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Decode private or public key data. */ + if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { + res = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, + (word32)derSz); + } + else { + res = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, + (word32)derSz); + } + /* Check for error. */ + if (res < 0) { + if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { + WOLFSSL_ERROR_MSG("RsaPrivateKeyDecode failed"); + } + else { + WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed"); + } + WOLFSSL_ERROR_VERBOSE(res); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Set external RSA key data from wolfCrypt key. */ + if (SetRsaExternal(rsa) != 1) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + rsa->inSet = 1; + } + } + + return ret; +} + +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + +#if !defined(NO_BIO) || !defined(NO_FILESYSTEM) +/* Load DER encoded data into WOLFSSL_RSA object. + * + * Creates a new WOLFSSL_RSA object if one is not passed in. + * + * @param [in, out] rsa WOLFSSL_RSA object to load into. + * When rsa or *rsa is NULL a new object is created. + * When not NULL and *rsa is NULL then new object + * returned through pointer. + * @param [in] in DER encoded RSA key data. + * @param [in] inSz Size of DER encoded data in bytes. + * @param [in] opt Public or private key encoded in data. Valid values: + * WOLFSSL_RSA_LOAD_PRIVATE, WOLFSSL_RSA_LOAD_PUBLIC. + * @return NULL on failure. + * @return WOLFSSL_RSA object on success. + */ +static WOLFSSL_RSA* wolfssl_rsa_d2i(WOLFSSL_RSA** rsa, const unsigned char* in, + long inSz, int opt) +{ + WOLFSSL_RSA* ret = NULL; + + if ((rsa != NULL) && (*rsa != NULL)) { + ret = *rsa; + } + else { + ret = wolfSSL_RSA_new(); + } + if ((ret != NULL) && (wolfSSL_RSA_LoadDer_ex(ret, in, (int)inSz, opt) + != 1)) { + if ((rsa == NULL) || (ret != *rsa)) { + wolfSSL_RSA_free(ret); + } + ret = NULL; + } + + if ((rsa != NULL) && (*rsa == NULL)) { + *rsa = ret; + } + return ret; +} +#endif + +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +/* + * RSA PEM APIs + */ + +#ifdef OPENSSL_EXTRA + +#ifndef NO_BIO +#if defined(WOLFSSL_KEY_GEN) +/* Writes PEM encoding of an RSA public key to a BIO. + * + * @param [in] bio BIO object to write to. + * @param [in] rsa RSA key to write. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) +{ + int ret = 1; + int derSz = 0; + byte* derBuf = NULL; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY"); + + /* Validate parameters. */ + if ((bio == NULL) || (rsa == NULL)) { + WOLFSSL_ERROR_MSG("Bad Function Arguments"); + return 0; + } + + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, bio->heap)) < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + ret = 0; + } + if (derBuf == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer"); + ret = 0; + } + if ((ret == 1) && (der_write_to_bio_as_pem(derBuf, derSz, bio, + PUBLICKEY_TYPE) != 1)) { + ret = 0; + } + + /* Dispose of DER buffer. */ + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +#endif /* WOLFSSL_KEY_GEN */ +#endif /* !NO_BIO */ + +#if defined(WOLFSSL_KEY_GEN) +#ifndef NO_FILESYSTEM + +/* Writes PEM encoding of an RSA public key to a file pointer. + * + * @param [in] fp File pointer to write to. + * @param [in] rsa RSA key to write. + * @param [in] type PEM type to write out. + * @return 1 on success. + * @return 0 on failure. + */ +static int wolfssl_pem_write_rsa_public_key(XFILE fp, WOLFSSL_RSA* rsa, + int type) +{ + int ret = 1; + int derSz; + byte* derBuf = NULL; + + /* Validate parameters. */ + if ((fp == XBADFILE) || (rsa == NULL)) { + WOLFSSL_ERROR_MSG("Bad Function Arguments"); + return 0; + } + + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1, rsa->heap)) < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + ret = 0; + } + if (derBuf == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed to get buffer"); + ret = 0; + } + if ((ret == 1) && (der_write_to_file_as_pem(derBuf, derSz, fp, type, + rsa->heap) != 1)) { + ret = 0; + } + + /* Dispose of DER buffer. */ + XFREE(derBuf, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +/* Writes PEM encoding of an RSA public key to a file pointer. + * + * Header/footer will contain: PUBLIC KEY + * + * @param [in] fp File pointer to write to. + * @param [in] rsa RSA key to write. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA* rsa) +{ + return wolfssl_pem_write_rsa_public_key(fp, rsa, PUBLICKEY_TYPE); +} + +/* Writes PEM encoding of an RSA public key to a file pointer. + * + * Header/footer will contain: RSA PUBLIC KEY + * + * @param [in] fp File pointer to write to. + * @param [in] rsa RSA key to write. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA* rsa) +{ + return wolfssl_pem_write_rsa_public_key(fp, rsa, RSA_PUBLICKEY_TYPE); +} +#endif /* !NO_FILESYSTEM */ +#endif /* WOLFSSL_KEY_GEN */ + +#ifndef NO_BIO +/* Create an RSA public key by reading the PEM encoded data from the BIO. + * + * @param [in] bio BIO object to read from. + * @param [out] out RSA key created. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass) +{ + WOLFSSL_RSA* rsa = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSA_PUBKEY"); + + if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, + &keyFormat, &der) >= 0)) { + rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, + WOLFSSL_RSA_LOAD_PUBLIC); + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); + } + } + + FreeDer(&der); + if ((out != NULL) && (rsa != NULL)) { + *out = rsa; + } + return rsa; +} + +WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_RSA* rsa = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz, + WOLFSSL_RSA_LOAD_PUBLIC); + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return rsa; +} +#endif /* !NO_BIO */ + +#ifndef NO_FILESYSTEM +/* Create an RSA public key by reading the PEM encoded data from the BIO. + * + * Header/footer should contain: PUBLIC KEY + * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'. + * + * @param [in] fp File pointer to read from. + * @param [out] out RSA key created. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA *wolfSSL_PEM_read_RSA_PUBKEY(XFILE fp, + WOLFSSL_RSA** out, wc_pem_password_cb* cb, void *pass) +{ + WOLFSSL_RSA* rsa = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_RSA_PUBKEY"); + + if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE, + &keyFormat, &der) >= 0)) { + rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, + WOLFSSL_RSA_LOAD_PUBLIC); + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); + } + } + + FreeDer(&der); + if ((out != NULL) && (rsa != NULL)) { + *out = rsa; + } + return rsa; +} + +/* Create an RSA public key by reading the PEM encoded data from the BIO. + * + * Header/footer should contain: RSA PUBLIC KEY + * PEM decoder supports either 'RSA PUBLIC KEY' or 'PUBLIC KEY'. + * + * @param [in] fp File pointer to read from. + * @param [out] rsa RSA key created. + * @param [in] cb Password callback when PEM encrypted. May be NULL. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * May be NULL. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA** rsa, + wc_pem_password_cb* cb, void* pass) +{ + return wolfSSL_PEM_read_RSA_PUBKEY(fp, rsa, cb, pass); +} + +#endif /* NO_FILESYSTEM */ + +#if defined(WOLFSSL_KEY_GEN) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) + +/* Writes PEM encoding of an RSA private key to newly allocated buffer. + * + * Buffer returned was allocated with: DYNAMIC_TYPE_KEY. + * + * @param [in] rsa RSA key to write. + * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. + * @param [in] passwd Password string when PEM encrypted. May be NULL. + * @param [in] passwdSz Length of password string when PEM encrypted. + * @param [out] pem Allocated buffer with PEM encoding. + * @param [out] pLen Length of PEM encoding. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int passwdSz, + unsigned char **pem, int *pLen) +{ + int ret = 1; + byte* derBuf = NULL; + int derSz = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey"); + + /* Validate parameters. */ + if ((pem == NULL) || (pLen == NULL) || (rsa == NULL) || + (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = 0; + } + + /* Set the RSA key data into the wolfCrypt RSA key if not done so. */ + if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = 0; + } + + /* Encode wolfCrypt RSA key to DER - derBuf allocated in call. */ + if ((ret == 1) && ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0, + rsa->heap)) < 0)) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_To_Der failed"); + ret = 0; + } + + if ((ret == 1) && (der_to_enc_pem_alloc(derBuf, derSz, cipher, passwd, + passwdSz, PRIVATEKEY_TYPE, NULL, pem, pLen) != 1)) { + WOLFSSL_ERROR_MSG("der_to_enc_pem_alloc failed"); + ret = 0; + } + + return ret; +} + +#ifndef NO_BIO +/* Writes PEM encoding of an RSA private key to a BIO. + * + * @param [in] bio BIO object to write to. + * @param [in] rsa RSA key to write. + * @param [in] cipher Cipher to use when PEM encrypted. + * @param [in] passwd Password string when PEM encrypted. + * @param [in] len Length of password string when PEM encrypted. + * @param [in] cb Password callback to use when PEM encrypted. + * @param [in] arg NUL terminated string for passphrase when PEM encrypted. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, + const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, + wc_pem_password_cb* cb, void* arg) +{ + int ret = 1; + byte* pem = NULL; + int pLen = 0; + + (void)cb; + (void)arg; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey"); + + /* Validate parameters. */ + if ((bio == NULL) || (rsa == NULL) || (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = 0; + } + + if (ret == 1) { + /* Write PEM to buffer that is allocated in the call. */ + ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, len, + &pem, &pLen); + if (ret != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed"); + } + } + /* Write PEM to BIO. */ + if ((ret == 1) && (wolfSSL_BIO_write(bio, pem, pLen) <= 0)) { + WOLFSSL_ERROR_MSG("RSA private key BIO write failed"); + ret = 0; + } + + /* Dispose of any allocated PEM buffer. */ + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + return ret; +} +#endif /* !NO_BIO */ + +#ifndef NO_FILESYSTEM +/* Writes PEM encoding of an RSA private key to a file pointer. + * + * TODO: Support use of the password callback and callback context. + * + * @param [in] fp File pointer to write to. + * @param [in] rsa RSA key to write. + * @param [in] cipher Cipher to use when PEM encrypted. May be NULL. + * @param [in] passwd Password string when PEM encrypted. May be NULL. + * @param [in] passwdSz Length of password string when PEM encrypted. + * @param [in] cb Password callback to use when PEM encrypted. Unused. + * @param [in] arg NUL terminated string for passphrase when PEM + * encrypted. Unused. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, + const WOLFSSL_EVP_CIPHER *cipher, unsigned char *passwd, int passwdSz, + wc_pem_password_cb *cb, void *arg) +{ + int ret = 1; + byte* pem = NULL; + int pLen = 0; + + (void)cb; + (void)arg; + + WOLFSSL_ENTER("wolfSSL_PEM_write_RSAPrivateKey"); + + /* Validate parameters. */ + if ((fp == XBADFILE) || (rsa == NULL) || (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = 0; + } + + if (ret == 1) { + /* Write PEM to buffer that is allocated in the call. */ + ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, cipher, passwd, passwdSz, + &pem, &pLen); + if (ret != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed"); + } + } + /* Write PEM to file pointer. */ + if ((ret == 1) && ((int)XFWRITE(pem, 1, (size_t)pLen, fp) != pLen)) { + WOLFSSL_ERROR_MSG("RSA private key file write failed"); + ret = 0; + } + + /* Dispose of any allocated PEM buffer. */ + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + return ret; +} +#endif /* NO_FILESYSTEM */ +#endif /* WOLFSSL_KEY_GEN && WOLFSSL_PEM_TO_DER */ + +#ifndef NO_BIO +/* Create an RSA private key by reading the PEM encoded data from the BIO. + * + * @param [in] bio BIO object to read from. + * @param [out] out RSA key created. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * @return RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_RSA** out, wc_pem_password_cb* cb, void* pass) +{ + WOLFSSL_RSA* rsa = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSAPrivateKey"); + + if ((bio != NULL) && (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, + &keyFormat, &der) >= 0)) { + rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, + WOLFSSL_RSA_LOAD_PRIVATE); + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); + } + } + + FreeDer(&der); + if ((out != NULL) && (rsa != NULL)) { + *out = rsa; + } + return rsa; +} +#endif /* !NO_BIO */ + +/* Create an RSA private key by reading the PEM encoded data from the file + * pointer. + * + * @param [in] fp File pointer to read from. + * @param [out] out RSA key created. + * @param [in] cb Password callback when PEM encrypted. + * @param [in] pass NUL terminated string for passphrase when PEM encrypted. + * @return RSA key on success. + * @return NULL on failure. + */ +#ifndef NO_FILESYSTEM +WOLFSSL_RSA* wolfSSL_PEM_read_RSAPrivateKey(XFILE fp, WOLFSSL_RSA** out, + wc_pem_password_cb* cb, void* pass) +{ + WOLFSSL_RSA* rsa = NULL; + DerBuffer* der = NULL; + int keyFormat = 0; + + WOLFSSL_ENTER("wolfSSL_PEM_read_RSAPrivateKey"); + + if ((fp != XBADFILE) && (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, + &keyFormat, &der) >= 0)) { + rsa = wolfssl_rsa_d2i(out, der->buffer, der->length, + WOLFSSL_RSA_LOAD_PRIVATE); + if (rsa == NULL) { + WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_RSA"); + } + } + + FreeDer(&der); + if ((out != NULL) && (rsa != NULL)) { + *out = rsa; + } + return rsa; +} +#endif /* !NO_FILESYSTEM */ + +/* + * RSA print APIs + */ + +#if defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) +/* Print an RSA key to a file pointer. + * + * @param [in] fp File pointer to write to. + * @param [in] rsa RSA key to write. + * @param [in] indent Number of spaces to prepend to each line. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_print_fp(XFILE fp, WOLFSSL_RSA* rsa, int indent) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_RSA_print_fp"); + + /* Validate parameters. */ + if ((fp == XBADFILE) || (rsa == NULL)) { + ret = 0; + } + + /* Set the external data from the wolfCrypt RSA key if not done. */ + if ((ret == 1) && (!rsa->exSet)) { + ret = SetRsaExternal(rsa); + } + + /* Get the key size from modulus if available. */ + if ((ret == 1) && (rsa->n != NULL)) { + int keySize = wolfSSL_BN_num_bits(rsa->n); + if (keySize == 0) { + ret = 0; + } + else { + if (XFPRINTF(fp, "%*s", indent, "") < 0) + ret = 0; + else if (XFPRINTF(fp, "RSA Private-Key: (%d bit, 2 primes)\n", + keySize) < 0) + ret = 0; + } + } + /* Print out any components available. */ + if ((ret == 1) && (rsa->n != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "modulus", rsa->n); + } + if ((ret == 1) && (rsa->d != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "privateExponent", rsa->d); + } + if ((ret == 1) && (rsa->p != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "prime1", rsa->p); + } + if ((ret == 1) && (rsa->q != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "prime2", rsa->q); + } + if ((ret == 1) && (rsa->dmp1 != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "exponent1", rsa->dmp1); + } + if ((ret == 1) && (rsa->dmq1 != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "exponent2", rsa->dmq1); + } + if ((ret == 1) && (rsa->iqmp != NULL)) { + ret = pk_bn_field_print_fp(fp, indent, "coefficient", rsa->iqmp); + } + + WOLFSSL_LEAVE("wolfSSL_RSA_print_fp", ret); + + return ret; +} +#endif /* XFPRINTF && !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */ + +#if defined(XSNPRINTF) && !defined(NO_BIO) +/* snprintf() must be available */ + +/* Maximum size of a header line. */ +#define RSA_PRINT_MAX_HEADER_LINE PRINT_NUM_MAX_INDENT + +/* Writes the human readable form of RSA to a BIO. + * + * @param [in] bio BIO object to write to. + * @param [in] rsa RSA key to write. + * @param [in] indent Number of spaces before each line. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) +{ + int ret = 1; + int sz = 0; + RsaKey* key = NULL; + char line[RSA_PRINT_MAX_HEADER_LINE]; + int i = 0; + mp_int *num = NULL; + /* Header strings. */ + const char *name[] = { + "Modulus:", "Exponent:", "PrivateExponent:", "Prime1:", "Prime2:", + "Exponent1:", "Exponent2:", "Coefficient:" + }; + + WOLFSSL_ENTER("wolfSSL_RSA_print"); + + /* Validate parameters. */ + if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) { + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + key = (RsaKey*)rsa->internal; + + /* Get size in bits of key for printing out. */ + sz = wolfSSL_RSA_bits(rsa); + if (sz <= 0) { + WOLFSSL_ERROR_MSG("Error getting RSA key size"); + ret = 0; + } + } + if (ret == 1) { + /* Print any indent spaces. */ + ret = wolfssl_print_indent(bio, line, sizeof(line), indent); + } + if (ret == 1) { + /* Print header line. */ + int len = XSNPRINTF(line, sizeof(line), "\nRSA %s: (%d bit)\n", + (!mp_iszero(&key->d)) ? "Private-Key" : "Public-Key", sz); + if (len >= (int)sizeof(line)) { + WOLFSSL_ERROR_MSG("Buffer overflow while formatting key preamble"); + ret = 0; + } + else { + if (wolfSSL_BIO_write(bio, line, len) <= 0) { + ret = 0; + } + } + } + + for (i = 0; (ret == 1) && (i < RSA_INTS); i++) { + /* Get mp_int for index. */ + switch (i) { + case 0: + /* Print out modulus */ + num = &key->n; + break; + case 1: + num = &key->e; + break; + case 2: + num = &key->d; + break; + case 3: + num = &key->p; + break; + case 4: + num = &key->q; + break; + case 5: + num = &key->dP; + break; + case 6: + num = &key->dQ; + break; + case 7: + num = &key->u; + break; + default: + WOLFSSL_ERROR_MSG("Bad index value"); + } + + if (i == 1) { + /* Print exponent as a 32-bit value. */ + ret = wolfssl_print_value(bio, num, name[i], indent); + } + else if (!mp_iszero(num)) { + /* Print name and MP integer. */ + ret = wolfssl_print_number(bio, num, name[i], indent); + } + } + + return ret; +} +#endif /* XSNPRINTF && !NO_BIO */ + +#endif /* OPENSSL_EXTRA */ + +/* + * RSA get/set/test APIs + */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +/* Set RSA key data (external) from wolfCrypt RSA key (internal). + * + * @param [in, out] rsa RSA key. + * @return 1 on success. + * @return 0 on failure. + */ +int SetRsaExternal(WOLFSSL_RSA* rsa) +{ + int ret = 1; + + WOLFSSL_ENTER("SetRsaExternal"); + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("rsa key NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + RsaKey* key = (RsaKey*)rsa->internal; + + /* Copy modulus. */ + ret = wolfssl_bn_set_value(&rsa->n, &key->n); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa n error"); + } + if (ret == 1) { + /* Copy public exponent. */ + ret = wolfssl_bn_set_value(&rsa->e, &key->e); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa e error"); + } + } + + if (key->type == RSA_PRIVATE) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY + if (ret == 1) { + /* Copy private exponent. */ + ret = wolfssl_bn_set_value(&rsa->d, &key->d); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa d error"); + } + } + if (ret == 1) { + /* Copy first prime. */ + ret = wolfssl_bn_set_value(&rsa->p, &key->p); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa p error"); + } + } + if (ret == 1) { + /* Copy second prime. */ + ret = wolfssl_bn_set_value(&rsa->q, &key->q); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa q error"); + } + } + #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) + if (ret == 1) { + /* Copy d mod p-1. */ + ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa dP error"); + } + } + if (ret == 1) { + /* Copy d mod q-1. */ + ret = wolfssl_bn_set_value(&rsa->dmq1, &key->dQ); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa dq error"); + } + } + if (ret == 1) { + /* Copy 1/q mod p. */ + ret = wolfssl_bn_set_value(&rsa->iqmp, &key->u); + if (ret != 1) { + WOLFSSL_ERROR_MSG("rsa u error"); + } + } + #endif + #else + WOLFSSL_ERROR_MSG("rsa private key not compiled in "); + ret = 0; + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ + } + } + if (ret == 1) { + /* External values set. */ + rsa->exSet = 1; + } + else { + /* Return 0 on failure. */ + ret = 0; + } + + return ret; +} +#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ + +#ifdef OPENSSL_EXTRA + +/* Set wolfCrypt RSA key data (internal) from RSA key (external). + * + * @param [in, out] rsa RSA key. + * @return 1 on success. + * @return 0 on failure. + */ +int SetRsaInternal(WOLFSSL_RSA* rsa) +{ + int ret = 1; + + WOLFSSL_ENTER("SetRsaInternal"); + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("rsa key NULL error"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 1) { + RsaKey* key = (RsaKey*)rsa->internal; + + /* Copy down modulus if available. */ + if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) { + WOLFSSL_ERROR_MSG("rsa n key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Copy down public exponent if available. */ + if ((ret == 1) && (rsa->e != NULL) && + (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) { + WOLFSSL_ERROR_MSG("rsa e key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Enough numbers for public key */ + key->type = RSA_PUBLIC; + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + /* Copy down private exponent if available. */ + if ((ret == 1) && (rsa->d != NULL)) { + if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { + WOLFSSL_ERROR_MSG("rsa d key error"); + ret = WOLFSSL_FATAL_ERROR; + } + else { + /* Enough numbers for private key */ + key->type = RSA_PRIVATE; + } + } + + /* Copy down first prime if available. */ + if ((ret == 1) && (rsa->p != NULL) && + (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) { + WOLFSSL_ERROR_MSG("rsa p key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Copy down second prime if available. */ + if ((ret == 1) && (rsa->q != NULL) && + (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) { + WOLFSSL_ERROR_MSG("rsa q key error"); + ret = WOLFSSL_FATAL_ERROR; + } + +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + /* Copy down d mod p-1 if available. */ + if ((ret == 1) && (rsa->dmp1 != NULL) && + (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { + WOLFSSL_ERROR_MSG("rsa dP key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Copy down d mod q-1 if available. */ + if ((ret == 1) && (rsa->dmq1 != NULL) && + (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) { + WOLFSSL_ERROR_MSG("rsa dQ key error"); + ret = WOLFSSL_FATAL_ERROR; + } + + /* Copy down 1/q mod p if available. */ + if ((ret == 1) && (rsa->iqmp != NULL) && + (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) { + WOLFSSL_ERROR_MSG("rsa u key error"); + ret = WOLFSSL_FATAL_ERROR; + } +#endif +#endif + + if (ret == 1) { + /* All available numbers have been set down. */ + rsa->inSet = 1; + } + } + + return ret; +} + +/* Set the RSA method into object. + * + * @param [in, out] rsa RSA key. + * @param [in] meth RSA method. + * @return 1 always. + */ +int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth) +{ + if (rsa != NULL) { + /* Store the method into object. */ + rsa->meth = meth; + /* Copy over flags. */ + rsa->flags = meth->flags; + } + /* OpenSSL always assumes it will work. */ + return 1; +} + +/* Get the RSA method from the RSA object. + * + * @param [in] rsa RSA key. + * @return RSA method on success. + * @return NULL when RSA is NULL or no method set. + */ +const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa) +{ + return (rsa != NULL) ? rsa->meth : NULL; +} + +/* Get the size in bytes of the RSA key. + * + * Return compliant with OpenSSL + * + * @param [in] rsa RSA key. + * @return RSA modulus size in bytes. + * @return 0 on error. + */ +int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) +{ + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_size"); + + if (rsa != NULL) { + /* Make sure we have set the RSA values into wolfCrypt RSA key. */ + if (rsa->inSet || (SetRsaInternal((WOLFSSL_RSA*)rsa) == 1)) { + /* Get key size in bytes using wolfCrypt RSA key. */ + ret = wc_RsaEncryptSize((RsaKey*)rsa->internal); + } + } + + return ret; +} + +/* Get the size in bits of the RSA key. + * + * Uses external modulus field. + * + * @param [in] rsa RSA key. + * @return RSA modulus size in bits. + * @return 0 on error. + */ +int wolfSSL_RSA_bits(const WOLFSSL_RSA* rsa) +{ + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_bits"); + + if (rsa != NULL) { + /* Get number of bits in external modulus. */ + ret = wolfSSL_BN_num_bits(rsa->n); + } + + return ret; +} + +/* Get the BN objects that are the Chinese-Remainder Theorem (CRT) parameters. + * + * Only for those that are not NULL parameters. + * + * @param [in] rsa RSA key. + * @param [out] dmp1 BN that is d mod (p - 1). May be NULL. + * @param [out] dmq1 BN that is d mod (q - 1). May be NULL. + * @param [out] iqmp BN that is 1/q mod p. May be NULL. + */ +void wolfSSL_RSA_get0_crt_params(const WOLFSSL_RSA *rsa, + const WOLFSSL_BIGNUM **dmp1, const WOLFSSL_BIGNUM **dmq1, + const WOLFSSL_BIGNUM **iqmp) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get0_crt_params"); + + /* For any parameters not NULL, return the BN from the key or NULL. */ + if (dmp1 != NULL) { + *dmp1 = (rsa != NULL) ? rsa->dmp1 : NULL; + } + if (dmq1 != NULL) { + *dmq1 = (rsa != NULL) ? rsa->dmq1 : NULL; + } + if (iqmp != NULL) { + *iqmp = (rsa != NULL) ? rsa->iqmp : NULL; + } +} + +/* Set the BN objects that are the Chinese-Remainder Theorem (CRT) parameters + * into RSA key. + * + * If CRT parameter is NULL then there must be one in the RSA key already. + * + * @param [in, out] rsa RSA key. + * @param [in] dmp1 BN that is d mod (p - 1). May be NULL. + * @param [in] dmq1 BN that is d mod (q - 1). May be NULL. + * @param [in] iqmp BN that is 1/q mod p. May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *dmp1, + WOLFSSL_BIGNUM *dmq1, WOLFSSL_BIGNUM *iqmp) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_RSA_set0_crt_params"); + + /* If a param is NULL in rsa then it must be non-NULL in the + * corresponding user input. */ + if ((rsa == NULL) || ((rsa->dmp1 == NULL) && (dmp1 == NULL)) || + ((rsa->dmq1 == NULL) && (dmq1 == NULL)) || + ((rsa->iqmp == NULL) && (iqmp == NULL))) { + WOLFSSL_ERROR_MSG("Bad parameters"); + ret = 0; + } + if (ret == 1) { + /* Replace the BNs. */ + if (dmp1 != NULL) { + wolfSSL_BN_clear_free(rsa->dmp1); + rsa->dmp1 = dmp1; + } + if (dmq1 != NULL) { + wolfSSL_BN_clear_free(rsa->dmq1); + rsa->dmq1 = dmq1; + } + if (iqmp != NULL) { + wolfSSL_BN_clear_free(rsa->iqmp); + rsa->iqmp = iqmp; + } + + /* Set the values into the wolfCrypt RSA key. */ + if (SetRsaInternal(rsa) != 1) { + if (dmp1 != NULL) { + rsa->dmp1 = NULL; + } + if (dmq1 != NULL) { + rsa->dmq1 = NULL; + } + if (iqmp != NULL) { + rsa->iqmp = NULL; + } + ret = 0; + } + } + + return ret; +} + +/* Get the BN objects that are the factors of the RSA key (two primes p and q). + * + * @param [in] rsa RSA key. + * @param [out] p BN that is first prime. May be NULL. + * @param [out] q BN that is second prime. May be NULL. + */ +void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **p, + const WOLFSSL_BIGNUM **q) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get0_factors"); + + /* For any primes not NULL, return the BN from the key or NULL. */ + if (p != NULL) { + *p = (rsa != NULL) ? rsa->p : NULL; + } + if (q != NULL) { + *q = (rsa != NULL) ? rsa->q : NULL; + } +} + +/* Set the BN objects that are the factors of the RSA key (two primes p and q). + * + * If factor parameter is NULL then there must be one in the RSA key already. + * + * @param [in, out] rsa RSA key. + * @param [in] p BN that is first prime. May be NULL. + * @param [in] q BN that is second prime. May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *p, + WOLFSSL_BIGNUM *q) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_RSA_set0_factors"); + + /* If a param is null in r then it must be non-null in the + * corresponding user input. */ + if (rsa == NULL || ((rsa->p == NULL) && (p == NULL)) || + ((rsa->q == NULL) && (q == NULL))) { + WOLFSSL_ERROR_MSG("Bad parameters"); + ret = 0; + } + if (ret == 1) { + /* Replace the BNs. */ + if (p != NULL) { + wolfSSL_BN_clear_free(rsa->p); + rsa->p = p; + } + if (q != NULL) { + wolfSSL_BN_clear_free(rsa->q); + rsa->q = q; + } + + /* Set the values into the wolfCrypt RSA key. */ + if (SetRsaInternal(rsa) != 1) { + if (p != NULL) { + rsa->p = NULL; + } + if (q != NULL) { + rsa->q = NULL; + } + ret = 0; + } + } + + return ret; +} + +/* Get the BN objects for the basic key numbers of the RSA key (modulus, public + * exponent, private exponent). + * + * @param [in] rsa RSA key. + * @param [out] n BN that is the modulus. May be NULL. + * @param [out] e BN that is the public exponent. May be NULL. + * @param [out] d BN that is the private exponent. May be NULL. + */ +void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *rsa, const WOLFSSL_BIGNUM **n, + const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get0_key"); + + /* For any parameters not NULL, return the BN from the key or NULL. */ + if (n != NULL) { + *n = (rsa != NULL) ? rsa->n : NULL; + } + if (e != NULL) { + *e = (rsa != NULL) ? rsa->e : NULL; + } + if (d != NULL) { + *d = (rsa != NULL) ? rsa->d : NULL; + } +} + +/* Set the BN objects for the basic key numbers into the RSA key (modulus, + * public exponent, private exponent). + * + * If BN parameter is NULL then there must be one in the RSA key already. + * + * @param [in,out] rsa RSA key. + * @param [in] n BN that is the modulus. May be NULL. + * @param [in] e BN that is the public exponent. May be NULL. + * @param [in] d BN that is the private exponent. May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_set0_key(WOLFSSL_RSA *rsa, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, + WOLFSSL_BIGNUM *d) +{ + int ret = 1; + + /* If the fields n and e in r are NULL, the corresponding input + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ + if ((rsa == NULL) || ((rsa->n == NULL) && (n == NULL)) || + ((rsa->e == NULL) && (e == NULL))) { + ret = 0; + } + if (ret == 1) { + /* Replace the BNs. */ + if (n != NULL) { + wolfSSL_BN_free(rsa->n); + rsa->n = n; + } + if (e != NULL) { + wolfSSL_BN_free(rsa->e); + rsa->e = e; + } + if (d != NULL) { + /* Private key is sensitive data. */ + wolfSSL_BN_clear_free(rsa->d); + rsa->d = d; + } + + /* Set the values into the wolfCrypt RSA key. */ + if (SetRsaInternal(rsa) != 1) { + if (n != NULL) { + rsa->n = NULL; + } + if (e != NULL) { + rsa->e = NULL; + } + if (d != NULL) { + rsa->d = NULL; + } + ret = 0; + } + } + + return ret; +} + +/* Get the flags of the RSA key. + * + * @param [in] rsa RSA key. + * @return Flags set in RSA key on success. + * @return 0 when RSA key is NULL. + */ +int wolfSSL_RSA_flags(const WOLFSSL_RSA *rsa) +{ + int ret = 0; + + /* Get flags from the RSA key if available. */ + if (rsa != NULL) { + ret = rsa->flags; + } + + return ret; +} + +/* Set the flags into the RSA key. + * + * @param [in, out] rsa RSA key. + * @param [in] flags Flags to set. + */ +void wolfSSL_RSA_set_flags(WOLFSSL_RSA *rsa, int flags) +{ + /* Add the flags into RSA key if available. */ + if (rsa != NULL) { + rsa->flags |= flags; + } +} + +/* Clear the flags in the RSA key. + * + * @param [in, out] rsa RSA key. + * @param [in] flags Flags to clear. + */ +void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *rsa, int flags) +{ + /* Clear the flags passed in that are on the RSA key if available. */ + if (rsa != NULL) { + rsa->flags &= ~flags; + } +} + +/* Test the flags in the RSA key. + * + * @param [in] rsa RSA key. + * @return Matching flags of RSA key on success. + * @return 0 when RSA key is NULL. + */ +int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *rsa, int flags) +{ + /* Return the flags passed in that are set on the RSA key if available. */ + return (rsa != NULL) ? (rsa->flags & flags) : 0; +} + +/* Get the extra data, by index, associated with the RSA key. + * + * @param [in] rsa RSA key. + * @param [in] idx Index of extra data. + * @return Extra data (anonymous type) on success. + * @return NULL on failure. + */ +void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get_ex_data"); + +#ifdef HAVE_EX_DATA + return (rsa == NULL) ? NULL : + wolfSSL_CRYPTO_get_ex_data(&rsa->ex_data, idx); +#else + (void)rsa; + (void)idx; + + return NULL; +#endif +} + +/* Set extra data against the RSA key at an index. + * + * @param [in, out] rsa RSA key. + * @param [in] idx Index set set extra data at. + * @param [in] data Extra data of anonymous type. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data) +{ + WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data"); + +#ifdef HAVE_EX_DATA + return (rsa == NULL) ? 0 : + wolfSSL_CRYPTO_set_ex_data(&rsa->ex_data, idx, data); +#else + (void)rsa; + (void)idx; + (void)data; + + return 0; +#endif +} + +#ifdef HAVE_EX_DATA_CLEANUP_HOOKS +/* Set the extra data and cleanup callback against the RSA key at an index. + * + * Not OpenSSL API. + * + * @param [in, out] rsa RSA key. + * @param [in] idx Index set set extra data at. + * @param [in] data Extra data of anonymous type. + * @param [in] freeCb Callback function to free extra data. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_set_ex_data_with_cleanup(WOLFSSL_RSA *rsa, int idx, void *data, + wolfSSL_ex_data_cleanup_routine_t freeCb) +{ + WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data_with_cleanup"); + + return (rsa == NULL) ? 0 : + wolfSSL_CRYPTO_set_ex_data_with_cleanup(&rsa->ex_data, idx, data, + freeCb); +} +#endif /* HAVE_EX_DATA_CLEANUP_HOOKS */ + +/* + * RSA check key APIs + */ + +#ifdef WOLFSSL_RSA_KEY_CHECK +/* Check that the RSA key is valid using wolfCrypt. + * + * @param [in] rsa RSA key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_check_key(const WOLFSSL_RSA* rsa) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_RSA_check_key"); + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->internal == NULL)) { + ret = 0; + } + + /* Constant RSA - assume internal data has been set. */ + + /* Check wolfCrypt RSA key. */ + if ((ret == 1) && (wc_CheckRsaKey((RsaKey*)rsa->internal) != 0)) { + ret = 0; + } + + WOLFSSL_LEAVE("wolfSSL_RSA_check_key", ret); + + return ret; +} +#endif /* WOLFSSL_RSA_KEY_CHECK */ + +/* + * RSA generate APIs + */ + +/* Get a random number generator associated with the RSA key. + * + * If not able, then get the global if possible. + * *tmpRng must not be an initialized RNG. + * *tmpRng is allocated when WOLFSSL_SMALL_STACK is defined and an RNG isn't + * associated with the wolfCrypt RSA key. + * + * @param [in] rsa RSA key. + * @param [out] tmpRng Temporary random number generator. + * @param [out] initTmpRng Temporary random number generator was initialized. + * + * @return A wolfCrypt RNG to use on success. + * @return NULL on error. + */ +WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA* rsa, WC_RNG** tmpRng, int* initTmpRng) +{ + WC_RNG* rng = NULL; + int err = 0; + + /* Check validity of parameters. */ + if ((rsa == NULL) || (initTmpRng == NULL)) { + err = 1; + } + if (!err) { + /* Haven't initialized any RNG passed through tmpRng. */ + *initTmpRng = 0; + + #if !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) + /* Use wolfCrypt RSA key's RNG if available/set. */ + rng = ((RsaKey*)rsa->internal)->rng; + #endif + } + if ((!err) && (rng == NULL) && (tmpRng != NULL)) { + /* Make an RNG with tmpRng or get global. */ + rng = wolfssl_make_rng(*tmpRng, initTmpRng); + if ((rng != NULL) && *initTmpRng) { + *tmpRng = rng; + } + } + + return rng; +} + +/* Use the wolfCrypt RSA APIs to generate a new RSA key. + * + * @param [in, out] rsa RSA key. + * @param [in] bits Number of bits that the modulus must have. + * @param [in] e A BN object holding the public exponent to use. + * @param [in] cb Status callback. Unused. + * @return 0 on success. + * @return wolfSSL native error code on error. + */ +static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, + WOLFSSL_BIGNUM* e, void* cb) +{ +#ifdef WOLFSSL_KEY_GEN + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRng = NULL; +#else + WC_RNG _tmpRng[1]; + WC_RNG* tmpRng = _tmpRng; +#endif + int initTmpRng = 0; + WC_RNG* rng = NULL; + long en = 0; +#endif + + (void)cb; + + WOLFSSL_ENTER("wolfssl_rsa_generate_key_native"); + +#ifdef WOLFSSL_KEY_GEN + /* Get RNG in wolfCrypt RSA key or initialize a new one (or global). */ + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); + if (rng == NULL) { + /* Something went wrong so return memory error. */ + ret = MEMORY_E; + } + if ((ret == 0) && ((en = (long)wolfSSL_BN_get_word(e)) <= 0)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Generate an RSA key. */ + ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, en, rng); + if (ret != MP_OKAY) { + WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed"); + } + } + if (ret == 0) { + /* Get the values from wolfCrypt RSA key into external RSA key. */ + ret = SetRsaExternal(rsa); + if (ret == 1) { + /* Internal matches external. */ + rsa->inSet = 1; + /* Return success. */ + ret = 0; + } + else { + /* Something went wrong so return memory error. */ + ret = MEMORY_E; + } + } + + /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ + if (initTmpRng) { + wc_FreeRng(tmpRng); + } + WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); + + return ret; +#else + WOLFSSL_ERROR_MSG("No Key Gen built in"); + + (void)rsa; + (void)e; + (void)bits; + + return NOT_COMPILED_IN; +#endif +} + +/* Generate an RSA key that has the specified modulus size and public exponent. + * + * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded + * down to nearest multiple of 8. For example generating a key of size + * 2999 bits will make a key of size 374 bytes instead of 375 bytes. + * + * @param [in] bits Number of bits that the modulus must have i.e. 2048. + * @param [in] e Public exponent to use i.e. 65537. + * @param [in] cb Status callback. Unused. + * @param [in] data Data to pass to status callback. Unused. + * @return A new RSA key on success. + * @return NULL on failure. + */ +WOLFSSL_RSA* wolfSSL_RSA_generate_key(int bits, unsigned long e, + void(*cb)(int, int, void*), void* data) +{ + WOLFSSL_RSA* rsa = NULL; + WOLFSSL_BIGNUM* bn = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_generate_key"); + + (void)cb; + (void)data; + + /* Validate bits. */ + if (bits < 0) { + WOLFSSL_ERROR_MSG("Bad argument: bits was less than 0"); + err = 1; + } + /* Create a new BN to hold public exponent - for when wolfCrypt supports + * longer values. */ + if ((!err) && ((bn = wolfSSL_BN_new()) == NULL)) { + WOLFSSL_ERROR_MSG("Error creating big number"); + err = 1; + } + /* Set public exponent. */ + if ((!err) && (wolfSSL_BN_set_word(bn, e) != 1)) { + WOLFSSL_ERROR_MSG("Error using e value"); + err = 1; + } + + /* Create an RSA key object to hold generated key. */ + if ((!err) && ((rsa = wolfSSL_RSA_new()) == NULL)) { + WOLFSSL_ERROR_MSG("memory error"); + err = 1; + } + while (!err) { + int ret; + + /* Use wolfCrypt to generate RSA key. */ + ret = wolfssl_rsa_generate_key_native(rsa, bits, bn, NULL); + #ifdef HAVE_FIPS + /* Keep trying if failed to find a prime. */ + if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { + continue; + } + #endif + if (ret != WOLFSSL_ERROR_NONE) { + /* Unrecoverable error in generation. */ + err = 1; + } + /* Done generating - unrecoverable error or success. */ + break; + } + if (err) { + /* Dispose of RSA key object if generation didn't work. */ + wolfSSL_RSA_free(rsa); + /* Returning NULL on error. */ + rsa = NULL; + } + /* Dispose of the temporary BN used for the public exponent. */ + wolfSSL_BN_free(bn); + + return rsa; +} + +/* Generate an RSA key that has the specified modulus size and public exponent. + * + * Note: Because of wc_MakeRsaKey an RSA key size generated can be rounded + * down to nearest multiple of 8. For example generating a key of size + * 2999 bits will make a key of size 374 bytes instead of 375 bytes. + * + * @param [in] bits Number of bits that the modulus must have i.e. 2048. + * @param [in] e Public exponent to use, i.e. 65537, as a BN. + * @param [in] cb Status callback. Unused. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, + void* cb) +{ + int ret = 1; + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->internal == NULL)) { + WOLFSSL_ERROR_MSG("bad arguments"); + ret = 0; + } + else { + for (;;) { + /* Use wolfCrypt to generate RSA key. */ + int gen_ret = wolfssl_rsa_generate_key_native(rsa, bits, e, cb); + #ifdef HAVE_FIPS + /* Keep trying again if public key value didn't work. */ + if (gen_ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) { + continue; + } + #endif + if (gen_ret != WOLFSSL_ERROR_NONE) { + /* Unrecoverable error in generation. */ + ret = 0; + } + /* Done generating - unrecoverable error or success. */ + break; + } + } + + return ret; +} + +#endif /* OPENSSL_EXTRA */ + +/* + * RSA padding APIs + */ + +#ifdef WC_RSA_PSS + +#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) +static int rsa_pss_calc_salt(int saltLen, int hashLen, int emLen) +{ + /* Calculate the salt length to use for special cases. */ + switch (saltLen) { + /* Negative saltLen values are treated differently. */ + case WC_RSA_PSS_SALTLEN_DIGEST: + saltLen = hashLen; + break; + case WC_RSA_PSS_SALTLEN_MAX_SIGN: + case WC_RSA_PSS_SALTLEN_MAX: + #ifdef WOLFSSL_PSS_LONG_SALT + saltLen = emLen - hashLen - 2; + #else + saltLen = hashLen; + (void)emLen; + #endif + break; + default: + break; + } + if (saltLen < 0) { + /* log invalid salt, let wolfCrypt handle error */ + WOLFSSL_ERROR_MSG("invalid saltLen"); + saltLen = -3; /* for wolfCrypt to produce error must be < -2 */ + } + return saltLen; +} +#endif /* OPENSSL_EXTRA && !HAVE_SELFTEST */ + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + +/* Add PKCS#1 PSS padding to hash. + * + * + * +-----------+ + * | M | + * +-----------+ + * | + * V + * Hash + * | + * V + * +--------+----------+----------+ + * M' = |Padding1| mHash | salt | + * +--------+----------+----------+ + * | + * +--------+----------+ V + * DB = |Padding2|maskedseed| Hash + * +--------+----------+ | + * | | + * V | +--+ + * xor <--- MGF <---| |bc| + * | | +--+ + * | | | + * V V V + * +-------------------+----------+--+ + * EM = | maskedDB |maskedseed|bc| + * +-------------------+----------+--+ + * Diagram taken from https://tools.ietf.org/html/rfc3447#section-9.1 + * + * @param [in] rsa RSA key. + * @param [out] em Encoded message. + * @param [in[ mHash Message hash. + * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. + * @param [in] saltLen Length of salt to generate. + * @return 1 on success. + * @return 0 on failure. + */ + +int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) +{ + int ret = 1; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + int hashLen = 0; + int emLen = 0; + int mgf = 0; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRng = NULL; +#else + WC_RNG _tmpRng[1]; + WC_RNG* tmpRng = _tmpRng; +#endif + + WOLFSSL_ENTER("wolfSSL_RSA_padding_add_PKCS1_PSS"); + + /* Validate parameters. */ + if ((rsa == NULL) || (em == NULL) || (mHash == NULL) || (hashAlg == NULL)) { + ret = 0; + } + + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + + if (ret == 1) { + /* Get/create an RNG. */ + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error"); + ret = 0; + } + } + + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ + /* Set the external data from the wolfCrypt RSA key if not done. */ + if ((ret == 1) && (!rsa->exSet)) { + ret = SetRsaExternal(rsa); + } + + if (ret == 1) { + /* Get the wolfCrypt hash algorithm type. */ + hashType = EvpMd2MacType(hashAlg); + if (hashType > WC_HASH_TYPE_MAX) { + WOLFSSL_ERROR_MSG("EvpMd2MacType error"); + ret = 0; + } + } + if (ret == 1) { + /* Get the wolfCrypt MGF algorithm from hash algorithm. */ + mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); + if (mgf == WC_MGF1NONE) { + WOLFSSL_ERROR_MSG("wc_hash2mgf error"); + ret = 0; + } + } + if (ret == 1) { + /* Get the length of the hash output. */ + hashLen = wolfSSL_EVP_MD_size(hashAlg); + if (hashLen < 0) { + WOLFSSL_ERROR_MSG("wolfSSL_EVP_MD_size error"); + ret = 0; + } + } + + if (ret == 1) { + /* Get length of RSA key - encrypted message length. */ + emLen = wolfSSL_RSA_size(rsa); + if (emLen <= 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error"); + ret = 0; + } + } + + if (ret == 1) { + saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); + } + + if (ret == 1) { + /* Generate RSA PKCS#1 PSS padding for hash using wolfCrypt. */ + if (wc_RsaPad_ex(mHash, (word32)hashLen, em, (word32)emLen, + RSA_BLOCK_TYPE_1, rng, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0, + saltLen, wolfSSL_BN_num_bits(rsa->n), NULL) != MP_OKAY) { + WOLFSSL_ERROR_MSG("wc_RsaPad_ex error"); + ret = 0; + } + } + + /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ + if (initTmpRng) { + wc_FreeRng(tmpRng); + } + WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); + + return ret; +} + +int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) +{ + return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, + saltLen); +} + +/* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. + * + * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. + * + * @param [in] rsa RSA key. + * @param [in[ mHash Message hash. + * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. + * @param [in] em Encoded message. + * @param [in] saltLen Length of salt to generate. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) +{ + int ret = 1; + int hashLen = 0; + int mgf = 0; + int emLen = 0; + int mPrimeLen = 0; + enum wc_HashType hashType = WC_HASH_TYPE_NONE; + byte *mPrime = NULL; + byte *buf = NULL; + + WOLFSSL_ENTER("wolfSSL_RSA_verify_PKCS1_PSS"); + + /* Validate parameters. */ + if ((rsa == NULL) || (mHash == NULL) || (hashAlg == NULL) || (em == NULL)) { + ret = 0; + } + + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ + /* Set the external data from the wolfCrypt RSA key if not done. */ + if ((ret == 1) && (!rsa->exSet)) { + ret = SetRsaExternal(rsa); + } + + if (ret == 1) { + /* Get hash length for hash algorithm. */ + hashLen = wolfSSL_EVP_MD_size(hashAlg); + if (hashLen < 0) { + ret = 0; + } + } + + if (ret == 1) { + /* Get length of RSA key - encrypted message length. */ + emLen = wolfSSL_RSA_size(rsa); + if (emLen <= 0) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_size error"); + ret = 0; + } + } + + if (ret == 1) { + saltLen = rsa_pss_calc_salt(saltLen, hashLen, emLen); + } + + if (ret == 1) { + /* Get the wolfCrypt hash algorithm type. */ + hashType = EvpMd2MacType(hashAlg); + if (hashType > WC_HASH_TYPE_MAX) { + WOLFSSL_ERROR_MSG("EvpMd2MacType error"); + ret = 0; + } + } + + if (ret == 1) { + /* Get the wolfCrypt MGF algorithm from hash algorithm. */ + if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { + WOLFSSL_ERROR_MSG("wc_hash2mgf error"); + ret = 0; + } + } + + if (ret == 1) { + /* Allocate buffer to unpad inline with. */ + buf = (byte*)XMALLOC((size_t)emLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) { + WOLFSSL_ERROR_MSG("malloc error"); + ret = 0; + } + } + + if (ret == 1) { + /* Copy encrypted message to temp for inline unpadding. */ + XMEMCPY(buf, em, (size_t)emLen); + + /* Remove and verify the PSS padding. */ + mPrimeLen = wc_RsaUnPad_ex(buf, (word32)emLen, &mPrime, + RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD, hashType, mgf, NULL, 0, saltLen, + wolfSSL_BN_num_bits(rsa->n), NULL); + if (mPrimeLen < 0) { + WOLFSSL_ERROR_MSG("wc_RsaPad_ex error"); + ret = 0; + } + } + + if (ret == 1) { + /* Verify the hash is correct. */ + if (wc_RsaPSS_CheckPadding_ex(mHash, (word32)hashLen, mPrime, + (word32)mPrimeLen, hashType, saltLen, + wolfSSL_BN_num_bits(rsa->n)) != MP_OKAY) { + WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); + ret = 0; + } + } + + /* Dispose of any allocated buffer. */ + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *em, int saltLen) +{ + return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, + saltLen); +} +#endif /* (!HAVE_FIPS || FIPS_VERSION_GT(2,0)) && \ + (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_NGINX) */ +#endif /* WC_RSA_PSS */ + +/* + * RSA sign/verify APIs + */ + +#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) + #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DEFAULT + #else + #define DEF_PSS_SALT_LEN RSA_PSS_SALT_LEN_DISCOVER + #endif +#else + #define DEF_PSS_SALT_LEN 0 /* not used */ +#endif + +#if defined(OPENSSL_EXTRA) + +/* Encode the message hash. + * + * Used by signing and verification. + * + * @param [in] hashAlg Hash algorithm OID. + * @param [in] hash Hash of message to encode for signing. + * @param [in] hLen Length of hash of message. + * @param [out] enc Encoded message hash. + * @param [out] encLen Length of encoded message hash. + * @param [in] padding Which padding scheme is being used. + * @return 1 on success. + * @return 0 on failure. + */ +static int wolfssl_rsa_sig_encode(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* enc, unsigned int* encLen, int padding) +{ + int ret = 1; + int hType = WC_HASH_TYPE_NONE; + + /* Validate parameters. */ + if ((hash == NULL) || (enc == NULL) || (encLen == NULL)) { + ret = 0; + } + + if ((ret == 1) && (hashAlg != WC_NID_undef) && + (padding == WC_RSA_PKCS1_PADDING)) { + /* Convert hash algorithm to hash type for PKCS#1.5 padding. */ + hType = (int)nid2oid(hashAlg, oidHashType); + if (hType == -1) { + ret = 0; + } + } + if ((ret == 1) && (padding == WC_RSA_PKCS1_PADDING)) { + /* PKCS#1.5 encoding. */ + word32 encSz = wc_EncodeSignature(enc, hash, hLen, hType); + if (encSz == 0) { + WOLFSSL_ERROR_MSG("Bad Encode Signature"); + ret = 0; + } + else { + *encLen = (unsigned int)encSz; + } + } + /* Other padding schemes require the hash as is. */ + if ((ret == 1) && (padding != WC_RSA_PKCS1_PADDING)) { + XMEMCPY(enc, hash, hLen); + *encLen = hLen; + } + + return ret; +} + +/* Sign the message hash using hash algorithm and RSA key. + * + * @param [in] hashAlg Hash algorithm OID. + * @param [in] hash Hash of message to encode for signing. + * @param [in] hLen Length of hash of message. + * @param [out] enc Encoded message hash. + * @param [out] encLen Length of encoded message hash. + * @param [in] rsa RSA key. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_sign(int hashAlg, const unsigned char* hash, unsigned int hLen, + unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) +{ + if (sigLen != NULL) { + /* No size checking in this API */ + *sigLen = RSA_MAX_SIZE / CHAR_BIT; + } + /* flag is 1: output complete signature. */ + return wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, + sigLen, rsa, 1, WC_RSA_PKCS1_PADDING); +} + +/* Sign the message hash using hash algorithm and RSA key. + * + * Not OpenSSL API. + * + * @param [in] hashAlg Hash algorithm NID. + * @param [in] hash Hash of message to encode for signing. + * @param [in] hLen Length of hash of message. + * @param [out] enc Encoded message hash. + * @param [out] encLen Length of encoded message hash. + * @param [in] rsa RSA key. + * @param [in] flag When 1: Output encrypted signature. + * When 0: Output encoded hash. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_sign_ex(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag) +{ + int ret = 0; + + if ((flag == 0) || (flag == 1)) { + if (sigLen != NULL) { + /* No size checking in this API */ + *sigLen = RSA_MAX_SIZE / CHAR_BIT; + } + ret = wolfSSL_RSA_sign_generic_padding(hashAlg, hash, hLen, sigRet, + sigLen, rsa, flag, WC_RSA_PKCS1_PADDING); + } + + return ret; +} + +int wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag, int padding) +{ + return wolfSSL_RSA_sign_mgf(hashAlg, hash, hLen, sigRet, sigLen, rsa, flag, + padding, hashAlg, DEF_PSS_SALT_LEN); +} + +/** + * Sign a message hash with the chosen message digest, padding, and RSA key. + * + * Not OpenSSL API. + * + * @param [in] hashAlg Hash NID + * @param [in] hash Message hash to sign. + * @param [in] mLen Length of message hash to sign. + * @param [out] sigRet Output buffer. + * @param [in, out] sigLen On Input: length of sigRet buffer. + * On Output: length of data written to sigRet. + * @param [in] rsa RSA key used to sign the input. + * @param [in] flag 1: Output the signature. + * 0: Output the value that the unpadded signature + * should be compared to. + * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + * WC_RSA_PKCS1_PADDING are currently supported for + * signing. + * @param [in] mgf1Hash MGF1 Hash NID + * @param [in] saltLen Length of RSA PSS salt + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_sign_mgf(int hashAlg, const unsigned char* hash, + unsigned int hLen, unsigned char* sigRet, unsigned int* sigLen, + WOLFSSL_RSA* rsa, int flag, int padding, int mgf1Hash, int saltLen) +{ + int ret = 1; + word32 outLen = 0; + int signSz = 0; + WC_RNG* rng = NULL; + int initTmpRng = 0; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRng = NULL; + byte* encodedSig = NULL; +#else + WC_RNG _tmpRng[1]; + WC_RNG* tmpRng = _tmpRng; + byte encodedSig[MAX_ENCODED_SIG_SZ]; +#endif + unsigned int encSz = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_sign_mgf"); + + if (flag == 0) { + /* Only encode message. */ + return wolfssl_rsa_sig_encode(hashAlg, hash, hLen, sigRet, sigLen, + padding); + } + + /* Validate parameters. */ + if ((hash == NULL) || (sigRet == NULL) || sigLen == NULL || rsa == NULL) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = 0; + } + + /* Set wolfCrypt RSA key data from external if not already done. */ + if ((ret == 1) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = 0; + } + + if (ret == 1) { + /* Get the maximum signature length. */ + outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); + /* Check not an error return. */ + if (outLen == 0) { + WOLFSSL_ERROR_MSG("Bad RSA size"); + ret = 0; + } + /* Check signature buffer is big enough. */ + else if (outLen > *sigLen) { + WOLFSSL_ERROR_MSG("Output buffer too small"); + ret = 0; + } + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 1) { + /* Allocate encoded signature buffer if doing PKCS#1 padding. */ + encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_SIGNATURE); + if (encodedSig == NULL) { + ret = 0; + } + } +#endif + + if (ret == 1) { + /* Get/create an RNG. */ + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); + if (rng == NULL) { + WOLFSSL_ERROR_MSG("WOLFSSL_RSA_GetRNG error"); + ret = 0; + } + } + + /* Either encodes with PKCS#1.5 or copies hash into encodedSig. */ + if ((ret == 1) && (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, + &encSz, padding) == 0)) { + WOLFSSL_ERROR_MSG("Bad Encode Signature"); + ret = 0; + } + + if (ret == 1) { + switch (padding) { + #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) + case WC_RSA_NO_PAD: + if ((signSz = wc_RsaDirect(encodedSig, encSz, sigRet, &outLen, + (RsaKey*)rsa->internal, RSA_PRIVATE_ENCRYPT, rng)) <= 0) { + WOLFSSL_ERROR_MSG("Bad RSA Sign no pad"); + ret = 0; + } + break; + #endif + #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) + case WC_RSA_PKCS1_PSS_PADDING: + { + RsaKey* key = (RsaKey*)rsa->internal; + enum wc_HashType mgf1, hType; + hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); + if (mgf1Hash == WC_NID_undef) + mgf1Hash = hashAlg; + mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); + /* handle compat layer salt special cases */ + saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), + wolfSSL_RSA_size(rsa)); + + /* Create RSA PSS signature. */ + if ((signSz = wc_RsaPSS_Sign_ex(encodedSig, encSz, sigRet, outLen, + hType, wc_hash2mgf(mgf1), saltLen, key, rng)) <= 0) { + WOLFSSL_ERROR_MSG("Bad RSA PSS Sign"); + ret = 0; + } + break; + } + #endif + #ifndef WC_NO_RSA_OAEP + case WC_RSA_PKCS1_OAEP_PADDING: + /* Not a signature padding scheme. */ + WOLFSSL_ERROR_MSG("RSA_PKCS1_OAEP_PADDING not supported for " + "signing"); + ret = 0; + break; + #endif + case WC_RSA_PKCS1_PADDING: + { + /* Sign (private encrypt) PKCS#1 encoded signature. */ + if ((signSz = wc_RsaSSL_Sign(encodedSig, encSz, sigRet, outLen, + (RsaKey*)rsa->internal, rng)) <= 0) { + WOLFSSL_ERROR_MSG("Bad PKCS1 RSA Sign"); + ret = 0; + } + break; + } + default: + WOLFSSL_ERROR_MSG("Unsupported padding"); + (void)mgf1Hash; + (void)saltLen; + ret = 0; + break; + } + } + + if (ret == 1) { + /* Return the size of signature generated. */ + *sigLen = (unsigned int)signSz; + } + + /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ + if (initTmpRng) { + wc_FreeRng(tmpRng); + } + WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); + WC_FREE_VAR_EX(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); + + WOLFSSL_LEAVE("wolfSSL_RSA_sign_mgf", ret); + return ret; +} + +/** + * Verify a message hash with the chosen message digest, padding, and RSA key. + * + * @param [in] hashAlg Hash NID + * @param [in] hash Message hash. + * @param [in] mLen Length of message hash. + * @param [in] sigRet Signature data. + * @param [in] sigLen Length of signature data. + * @param [in] rsa RSA key used to sign the input + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_verify(int hashAlg, const unsigned char* hash, + unsigned int hLen, const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa) +{ + return wolfSSL_RSA_verify_ex(hashAlg, hash, hLen, sig, sigLen, rsa, + WC_RSA_PKCS1_PADDING); +} + +int wolfSSL_RSA_verify_ex(int hashAlg, const unsigned char* hash, + unsigned int hLen, const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa, int padding) +{ + return wolfSSL_RSA_verify_mgf(hashAlg, hash, hLen, sig, sigLen, rsa, + padding, hashAlg, DEF_PSS_SALT_LEN); +} + +/** + * Verify a message hash with the chosen message digest, padding, and RSA key. + * + * Not OpenSSL API. + * + * @param [in] hashAlg Hash NID + * @param [in] hash Message hash. + * @param [in] mLen Length of message hash. + * @param [in] sigRet Signature data. + * @param [in] sigLen Length of signature data. + * @param [in] rsa RSA key used to sign the input + * @param [in] padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + * WC_RSA_PKCS1_PADDING are currently supported for + * signing. + * @param [in] mgf1Hash MGF1 Hash NID + * @param [in] saltLen Length of RSA PSS salt + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_RSA_verify_mgf(int hashAlg, const unsigned char* hash, + unsigned int hLen, const unsigned char* sig, unsigned int sigLen, + WOLFSSL_RSA* rsa, int padding, int mgf1Hash, int saltLen) +{ + int ret = 1; +#ifdef WOLFSSL_SMALL_STACK + unsigned char* encodedSig = NULL; +#else + unsigned char encodedSig[MAX_ENCODED_SIG_SZ]; +#endif + unsigned char* sigDec = NULL; + unsigned int len = MAX_ENCODED_SIG_SZ; + int verLen = 0; +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && !defined(HAVE_SELFTEST) + enum wc_HashType hType = WC_HASH_TYPE_NONE; +#endif + + WOLFSSL_ENTER("wolfSSL_RSA_verify_mgf"); + + /* Validate parameters. */ + if ((hash == NULL) || (sig == NULL) || (rsa == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = 0; + } + + if (ret == 1) { + /* Allocate memory for decrypted signature. */ + sigDec = (unsigned char *)XMALLOC(sigLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (sigDec == NULL) { + WOLFSSL_ERROR_MSG("Memory allocation failure"); + ret = 0; + } + } + if (ret == 1 && padding == WC_RSA_PKCS1_PSS_PADDING) { + #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,1)) + RsaKey* key = (RsaKey*)rsa->internal; + enum wc_HashType mgf1; + hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); + if (mgf1Hash == WC_NID_undef) + mgf1Hash = hashAlg; + mgf1 = wc_OidGetHash((int)nid2oid(mgf1Hash, oidHashType)); + + /* handle compat layer salt special cases */ + saltLen = rsa_pss_calc_salt(saltLen, wc_HashGetDigestSize(hType), + wolfSSL_RSA_size(rsa)); + + verLen = wc_RsaPSS_Verify_ex((byte*)sig, sigLen, sigDec, sigLen, + hType, wc_hash2mgf(mgf1), saltLen, key); + if (verLen > 0) { + /* Check PSS padding is valid. */ + if (wc_RsaPSS_CheckPadding_ex(hash, hLen, sigDec, (word32)verLen, + hType, saltLen, mp_count_bits(&key->n)) != 0) { + WOLFSSL_ERROR_MSG("wc_RsaPSS_CheckPadding_ex error"); + ret = WOLFSSL_FAILURE; + } + else { + /* Success! Free resources and return early */ + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_SUCCESS; + } + } + else { + WOLFSSL_ERROR_MSG("wc_RsaPSS_Verify_ex failed!"); + ret = WOLFSSL_FAILURE; + } + #else + (void)mgf1Hash; + (void)saltLen; + WOLFSSL_ERROR_MSG("RSA PSS not compiled in!"); + ret = WOLFSSL_FAILURE; + #endif + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 1) { + /* Allocate memory for encoded signature. */ + encodedSig = (unsigned char *)XMALLOC(len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig == NULL) { + WOLFSSL_ERROR_MSG("Memory allocation failure"); + ret = 0; + } + } +#endif + if (ret == 1) { + /* Make encoded signature to compare with decrypted signature. */ + if (wolfssl_rsa_sig_encode(hashAlg, hash, hLen, encodedSig, &len, + padding) <= 0) { + WOLFSSL_ERROR_MSG("Message Digest Error"); + ret = 0; + } + } + if (ret == 1) { + /* Decrypt signature */ + #if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 1)) && \ + !defined(HAVE_SELFTEST) + hType = wc_OidGetHash((int)nid2oid(hashAlg, oidHashType)); + if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, + sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { + WOLFSSL_ERROR_MSG("RSA Decrypt error"); + ret = 0; + } + #else + verLen = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal); + if (verLen < 0) { + ret = 0; + } + #endif + } + if (ret == 1) { + /* Compare decrypted signature to encoded signature. */ + if (((int)len != verLen) || + (XMEMCMP(encodedSig, sigDec, (size_t)verLen) != 0)) { + WOLFSSL_ERROR_MSG("wolfSSL_RSA_verify_ex failed"); + ret = 0; + } + } + + /* Dispose of any allocated data. */ + WC_FREE_VAR_EX(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + WOLFSSL_LEAVE("wolfSSL_RSA_verify_mgf", ret); + return ret; +} + +/* + * RSA public/private encrypt/decrypt APIs + */ + +/* Encrypt with the RSA public key. + * + * Return compliant with OpenSSL. + * + * @param [in] len Length of data to encrypt. + * @param [in] from Data to encrypt. + * @param [out] to Encrypted data. + * @param [in] rsa RSA key. + * @param [in] padding Type of padding to place around plaintext. + * @return Size of encrypted data on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, + unsigned char* to, WOLFSSL_RSA* rsa, int padding) +{ + int ret = 0; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRng = NULL; +#else + WC_RNG _tmpRng[1]; + WC_RNG* tmpRng = _tmpRng; +#endif +#if !defined(HAVE_FIPS) + int mgf = WC_MGF1NONE; + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int pad_type = WC_RSA_NO_PAD; +#endif + int outLen = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_public_encrypt"); + + /* Validate parameters. */ + if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || + (from == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + #if !defined(HAVE_FIPS) + /* Convert to wolfCrypt padding, hash and MGF. */ + switch (padding) { + case WC_RSA_PKCS1_PADDING: + pad_type = WC_RSA_PKCSV15_PAD; + break; + case WC_RSA_PKCS1_OAEP_PADDING: + pad_type = WC_RSA_OAEP_PAD; + hash = WC_HASH_TYPE_SHA; + mgf = WC_MGF1SHA1; + break; + case WC_RSA_NO_PAD: + pad_type = WC_RSA_NO_PAD; + break; + default: + WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding " + "scheme"); + ret = WOLFSSL_FATAL_ERROR; + } + #else + /* Check for supported padding schemes in FIPS. */ + /* TODO: Do we support more schemes in later versions of FIPS? */ + if (padding != WC_RSA_PKCS1_PADDING) { + WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " + "FIPS"); + ret = WOLFSSL_FATAL_ERROR; + } + #endif + } + + /* Set wolfCrypt RSA key data from external if not already done. */ + if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + /* Calculate maximum length of encrypted data. */ + outLen = wolfSSL_RSA_size(rsa); + if (outLen == 0) { + WOLFSSL_ERROR_MSG("Bad RSA size"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Get an RNG. */ + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); + if (rng == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Use wolfCrypt to public-encrypt with RSA key. */ + #if !defined(HAVE_FIPS) + ret = wc_RsaPublicEncrypt_ex(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal, rng, pad_type, hash, mgf, NULL, 0); + #else + ret = wc_RsaPublicEncrypt(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal, rng); + #endif + } + + /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ + if (initTmpRng) { + wc_FreeRng(tmpRng); + } + WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); + + /* wolfCrypt error means return -1. */ + if (ret <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret); + return ret; +} + +/* Decrypt with the RSA public key. + * + * Return compliant with OpenSSL. + * + * @param [in] len Length of encrypted data. + * @param [in] from Encrypted data. + * @param [out] to Decrypted data. + * @param [in] rsa RSA key. + * @param [in] padding Type of padding to around plaintext to remove. + * @return Size of decrypted data on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, + unsigned char* to, WOLFSSL_RSA* rsa, int padding) +{ + int ret = 0; +#if !defined(HAVE_FIPS) + int mgf = WC_MGF1NONE; + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int pad_type = WC_RSA_NO_PAD; +#endif + int outLen = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_private_decrypt"); + + /* Validate parameters. */ + if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || + (from == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + #if !defined(HAVE_FIPS) + switch (padding) { + case WC_RSA_PKCS1_PADDING: + pad_type = WC_RSA_PKCSV15_PAD; + break; + case WC_RSA_PKCS1_OAEP_PADDING: + pad_type = WC_RSA_OAEP_PAD; + hash = WC_HASH_TYPE_SHA; + mgf = WC_MGF1SHA1; + break; + case WC_RSA_NO_PAD: + pad_type = WC_RSA_NO_PAD; + break; + default: + WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding"); + ret = WOLFSSL_FATAL_ERROR; + } + #else + /* Check for supported padding schemes in FIPS. */ + /* TODO: Do we support more schemes in later versions of FIPS? */ + if (padding != WC_RSA_PKCS1_PADDING) { + WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " + "FIPS"); + ret = WOLFSSL_FATAL_ERROR; + } + #endif + } + + /* Set wolfCrypt RSA key data from external if not already done. */ + if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + /* Calculate maximum length of decrypted data. */ + outLen = wolfSSL_RSA_size(rsa); + if (outLen == 0) { + WOLFSSL_ERROR_MSG("Bad RSA size"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Use wolfCrypt to private-decrypt with RSA key. + * Size of 'to' buffer must be size of RSA key */ + #if !defined(HAVE_FIPS) + ret = wc_RsaPrivateDecrypt_ex(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal, pad_type, hash, mgf, NULL, 0); + #else + ret = wc_RsaPrivateDecrypt(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal); + #endif + } + + /* wolfCrypt error means return -1. */ + if (ret <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret); + return ret; +} + +/* Decrypt with the RSA public key. + * + * @param [in] len Length of encrypted data. + * @param [in] from Encrypted data. + * @param [out] to Decrypted data. + * @param [in] rsa RSA key. + * @param [in] padding Type of padding to around plaintext to remove. + * @return Size of decrypted data on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, + unsigned char* to, WOLFSSL_RSA* rsa, int padding) +{ + int ret = 0; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + int pad_type = WC_RSA_NO_PAD; +#endif + int outLen = 0; + + WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt"); + + /* Validate parameters. */ + if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || + (from == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + switch (padding) { + case WC_RSA_PKCS1_PADDING: + pad_type = WC_RSA_PKCSV15_PAD; + break; + case WC_RSA_NO_PAD: + pad_type = WC_RSA_NO_PAD; + break; + /* TODO: RSA_X931_PADDING not supported */ + default: + WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding"); + ret = WOLFSSL_FATAL_ERROR; + } + #else + if (padding != WC_RSA_PKCS1_PADDING) { + WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in " + "FIPS"); + ret = WOLFSSL_FATAL_ERROR; + } + #endif + } + + /* Set wolfCrypt RSA key data from external if not already done. */ + if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + /* Calculate maximum length of encrypted data. */ + outLen = wolfSSL_RSA_size(rsa); + if (outLen == 0) { + WOLFSSL_ERROR_MSG("Bad RSA size"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Use wolfCrypt to public-decrypt with RSA key. */ + #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Size of 'to' buffer must be size of RSA key. */ + ret = wc_RsaSSL_Verify_ex(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal, pad_type); + #else + /* For FIPS v1/v2 only PKCSV15 padding is supported */ + ret = wc_RsaSSL_Verify(from, (word32)len, to, (word32)outLen, + (RsaKey*)rsa->internal); + #endif + } + + /* wolfCrypt error means return -1. */ + if (ret <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret); + return ret; +} + +/* Encrypt with the RSA private key. + * + * Calls wc_RsaSSL_Sign. + * + * @param [in] len Length of data to encrypt. + * @param [in] from Data to encrypt. + * @param [out] to Encrypted data. + * @param [in] rsa RSA key. + * @param [in] padding Type of padding to place around plaintext. + * @return Size of encrypted data on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, + unsigned char* to, WOLFSSL_RSA* rsa, int padding) +{ + int ret = 0; + int initTmpRng = 0; + WC_RNG *rng = NULL; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRng = NULL; +#else + WC_RNG _tmpRng[1]; + WC_RNG* tmpRng = _tmpRng; +#endif + + WOLFSSL_ENTER("wolfSSL_RSA_private_encrypt"); + + /* Validate parameters. */ + if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || + (from == NULL)) { + WOLFSSL_ERROR_MSG("Bad function arguments"); + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + switch (padding) { + case WC_RSA_PKCS1_PADDING: + #ifdef WC_RSA_NO_PADDING + case WC_RSA_NO_PAD: + #endif + break; + /* TODO: RSA_X931_PADDING not supported */ + default: + WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + /* Set wolfCrypt RSA key data from external if not already done. */ + if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { + ret = WOLFSSL_FATAL_ERROR; + } + + if (ret == 0) { + /* Get an RNG. */ + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); + if (rng == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Use wolfCrypt to private-encrypt with RSA key. + * Size of output buffer must be size of RSA key. */ + if (padding == WC_RSA_PKCS1_PADDING) { + ret = wc_RsaSSL_Sign(from, (word32)len, to, + (word32)wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, rng); + } + #ifdef WC_RSA_NO_PADDING + else if (padding == WC_RSA_NO_PAD) { + word32 outLen = (word32)wolfSSL_RSA_size(rsa); + ret = wc_RsaFunction(from, (word32)len, to, &outLen, + RSA_PRIVATE_ENCRYPT, (RsaKey*)rsa->internal, rng); + if (ret == 0) + ret = (int)outLen; + } + #endif + } + + /* Finalize RNG if initialized in WOLFSSL_RSA_GetRNG(). */ + if (initTmpRng) { + wc_FreeRng(tmpRng); + } + WC_FREE_VAR_EX(tmpRng, NULL, DYNAMIC_TYPE_RNG); + + /* wolfCrypt error means return -1. */ + if (ret <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret); + return ret; +} + +/* + * RSA misc operation APIs + */ + +/* Calculate d mod p-1 and q-1 into BNs. + * + * Not OpenSSL API. + * + * @param [in, out] rsa RSA key. + * @return 1 on success. + * @return -1 on failure. + */ +int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) +{ + int ret = 1; + int err; + mp_int* t = NULL; + WC_DECLARE_VAR(tmp, mp_int, 1, 0); + + WOLFSSL_ENTER("wolfSSL_RsaGenAdd"); + + /* Validate parameters. */ + if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) || + (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) { + WOLFSSL_ERROR_MSG("rsa no init error"); + ret = WOLFSSL_FATAL_ERROR; + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 1) { + tmp = (mp_int *)XMALLOC(sizeof(*tmp), rsa->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + WOLFSSL_ERROR_MSG("Memory allocation failure"); + ret = WOLFSSL_FATAL_ERROR; + } + } +#endif + + if (ret == 1) { + /* Initialize temp MP integer. */ + if (mp_init(tmp) != MP_OKAY) { + WOLFSSL_ERROR_MSG("mp_init error"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 1) { + t = tmp; + + /* Sub 1 from p into temp. */ + err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp); + if (err != MP_OKAY) { + WOLFSSL_ERROR_MSG("mp_sub_d error"); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Calculate d mod (p - 1) into dmp1 MP integer of BN. */ + err = mp_mod((mp_int*)rsa->d->internal, tmp, + (mp_int*)rsa->dmp1->internal); + if (err != MP_OKAY) { + WOLFSSL_ERROR_MSG("mp_mod error"); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Sub 1 from q into temp. */ + err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp); + if (err != MP_OKAY) { + WOLFSSL_ERROR_MSG("mp_sub_d error"); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 1) { + /* Calculate d mod (q - 1) into dmq1 MP integer of BN. */ + err = mp_mod((mp_int*)rsa->d->internal, tmp, + (mp_int*)rsa->dmq1->internal); + if (err != MP_OKAY) { + WOLFSSL_ERROR_MSG("mp_mod error"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + mp_forcezero(t); + +#ifdef WOLFSSL_SMALL_STACK + if (rsa != NULL) { + XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + + return ret; +} + + +#ifndef NO_WOLFSSL_STUB +/* Enable blinding for RSA key operations. + * + * Blinding is a compile time option in wolfCrypt. + * + * @param [in] rsa RSA key. Unused. + * @param [in] bnCtx BN context to use for blinding. Unused. + * @return 1 always. + */ +int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bnCtx) +{ + WOLFSSL_STUB("RSA_blinding_on"); + WOLFSSL_ENTER("wolfSSL_RSA_blinding_on"); + + (void)rsa; + (void)bnCtx; + + return 1; /* on by default */ +} +#endif + +#endif /* OPENSSL_EXTRA */ + +#endif /* !NO_RSA */ + +/******************************************************************************* + * END OF RSA API + ******************************************************************************/ + +#endif /* !WOLFSSL_PK_RSA_INCLUDED */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/quic.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/quic.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/quic.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/quic.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* quic.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,7 +72,7 @@ qr = (QuicRecord*)XMALLOC(sizeof(*qr), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (qr) { - memset(qr, 0, sizeof(*qr)); + XMEMSET(qr, 0, sizeof(*qr)); qr->level = level; if (level == wolfssl_encryption_early_data) { qr->capacity = qr->len = (word32)len; @@ -184,13 +184,14 @@ static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) { - word32 len = qr->end - qr->start; + word32 len; word32 offset = 0; word32 rlen; - if (len <= 0) { + if (qr->end <= qr->start) { return 0; } + len = qr->end - qr->start; /* We check if the buf is at least RECORD_HEADER_SZ */ if (sz < RECORD_HEADER_SZ) { @@ -227,7 +228,7 @@ { QuicTransportParam* tp; - if (len > 65353) return NULL; + if (len > 65535) return NULL; tp = (QuicTransportParam*)XMALLOC(sizeof(*tp), heap, DYNAMIC_TYPE_TLSX); if (!tp) return NULL; tp->data = (uint8_t*)XMALLOC(len, heap, DYNAMIC_TYPE_TLSX); @@ -430,7 +431,7 @@ { return ssl->quic.transport_peer ? TLSX_KEY_QUIC_TP_PARAMS : (ssl->quic.transport_peer_draft ? - TLSX_KEY_QUIC_TP_PARAMS : -1); + TLSX_KEY_QUIC_TP_PARAMS_DRAFT : -1); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/sniffer.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/sniffer.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/sniffer.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/sniffer.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -56,15 +56,23 @@ /* default */ #define XINET_NTOA inet_ntoa #define XINET_ATON inet_aton +#ifdef FREESCALE_MQX + #define XINET_PTON(a,b,c,d) inet_pton((a),(b),(c),(d)) +#else #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) +#endif #define XINET_NTOP inet_ntop #define XINET_ADDR inet_addr #define XHTONS htons #define XNTOHS ntohs #define XHTONL htonl #define XNTOHL ntohl +#ifdef FREESCALE_MQX + #define XINADDR_NONE INADDR_BROADCAST +#else #define XINADDR_NONE INADDR_NONE #endif +#endif #if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) #ifdef WOLFSSL_SNIFFER @@ -76,7 +84,7 @@ #ifdef TCP_PROTOCOL #undef TCP_PROTOCOL #endif -#else +#elif !defined(FREESCALE_MQX) #ifndef _WIN32 #include #else @@ -1817,6 +1825,9 @@ #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, address, serverIp.ip6, sizeof(serverIp.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, address, serverIp.ip6, + sizeof(serverIp.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, address, serverIp.ip6) == 1) #endif @@ -2110,6 +2121,11 @@ int version = IP_V(iphdr); int exthdrsz = IP6_HDR_SZ; + if (length < IP6_HDR_SZ) { + SetError(BAD_IPVER_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + TraceIP6(iphdr); Trace(IP_CHECK_STR); @@ -2130,8 +2146,13 @@ exthdrsz += hdrsz; exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz); } - while (exthdr->next_header != TCP_PROTOCOL && + while (exthdrsz < length && + exthdr->next_header != TCP_PROTOCOL && exthdr->next_header != NO_NEXT_HEADER); + if (exthdrsz >= length) { + SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } } #ifndef WOLFSSL_SNIFFER_WATCH @@ -2164,6 +2185,11 @@ if (version == IPV6) return CheckIp6Hdr((Ip6Hdr*)iphdr, info, length, error); + if (length < IP_HDR_SZ) { + SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + if (trace) { TraceIP(iphdr); Trace(IP_CHECK_STR); @@ -3343,6 +3369,11 @@ info->curve_id = ECC_SM2P256V1; break; #endif /* WOLFSSL_SM2 */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP256R1TLS13: + info->curve_id = ECC_BRAINPOOLP256R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP @@ -3350,6 +3381,18 @@ info->curve_id = ECC_SECP384R1; break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP384R1TLS13: + info->curve_id = ECC_BRAINPOOLP384R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ + #endif + #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP512R1TLS13: + info->curve_id = ECC_BRAINPOOLP512R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) #ifndef NO_ECC_SECP @@ -3435,7 +3478,7 @@ /* TLS v1.3 has hint age and nonce */ if (IsAtLeastTLSv1_3(ssl->version)) { /* make sure can read through hint age and nonce len */ - if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) { + if (TICKET_HINT_AGE_LEN + OPAQUE8_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; } @@ -3444,7 +3487,7 @@ /* ticket nonce */ len = input[0]; - if (len > MAX_TICKET_NONCE_STATIC_SZ) { + if (len > MAX_TICKET_NONCE_STATIC_SZ || len + OPAQUE8_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; } @@ -3804,6 +3847,11 @@ case EXT_MAX_FRAGMENT_LENGTH: { word16 max_fragment = MAX_RECORD_SIZE; + if (extLen != 1) { + SetError(SERVER_HELLO_INPUT_STR, error, session, + FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } switch (input[0]) { case WOLFSSL_MFL_2_8 : max_fragment = 256; break; case WOLFSSL_MFL_2_9 : max_fragment = 512; break; @@ -3819,6 +3867,11 @@ } #endif case EXT_SUPPORTED_VERSIONS: + if (extLen != 2) { + SetError(SERVER_HELLO_INPUT_STR, error, session, + FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } session->sslServer->version.major = input[0]; session->sslServer->version.minor = input[1]; session->sslClient->version.major = input[0]; @@ -4200,7 +4253,7 @@ const byte *identity, *binders; idsLen = (word16)((input[idx] << 8) | input[idx+1]); - if (idsLen + OPAQUE16_LEN + idx > extLen) { + if ((word32)idsLen + OPAQUE16_LEN + idx > (word32)extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; } @@ -4208,7 +4261,7 @@ /* PSK identity */ idLen = (word16)((input[idx] << 8) | input[idx+1]); - if (idLen + OPAQUE16_LEN + idx > extLen) { + if ((word32)idLen + OPAQUE16_LEN + idx > (word32)extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; } @@ -4217,14 +4270,22 @@ idx += idLen; /* Obfuscated Ticket Age 32-bits */ + if ((word32)idx + OPAQUE32_LEN > (word32)extLen) { + SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } ticketAge = (word32)((input[idx] << 24) | (input[idx+1] << 16) | (input[idx+2] << 8) | input[idx+3]); (void)ticketAge; /* not used */ idx += OPAQUE32_LEN; /* binders - all binders */ + if ((word32)idx + OPAQUE16_LEN > (word32)extLen) { + SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } bindersLen = (word16)((input[idx] << 8) | input[idx+1]); - if (bindersLen + OPAQUE16_LEN + idx > extLen) { + if ((word32)bindersLen + OPAQUE16_LEN + idx > (word32)extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; } @@ -4533,6 +4594,10 @@ #ifdef HAVE_MAX_FRAGMENT if (session->tlsFragBuf) { + if (session->tlsFragOffset + rhSize > session->tlsFragSize) { + SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } XMEMCPY(session->tlsFragBuf + session->tlsFragOffset, input, rhSize); session->tlsFragOffset += rhSize; *sslBytes -= rhSize; @@ -4587,6 +4652,10 @@ *sslBytes += HANDSHAKE_HEADER_SZ; } + if (session->tlsFragOffset + rhSize > session->tlsFragSize) { + SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_FATAL_ERROR; + } XMEMCPY(session->tlsFragBuf + session->tlsFragOffset, input, rhSize); session->tlsFragOffset += rhSize; *sslBytes -= rhSize; @@ -4836,18 +4905,25 @@ XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ); XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ); - if ((ret = aes_auth_fn(ssl->decrypt.aes, - plain, - input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.nonce, AESGCM_NONCE_SZ, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, - NULL, 0)) < 0) { - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { - ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); + if (sz < AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size) { + ret = BUFFER_ERROR; + } + + if (ret == 0) { + ret = aes_auth_fn(ssl->decrypt.aes, + plain, + input + AESGCM_EXP_IV_SZ, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + ssl->decrypt.nonce, AESGCM_NONCE_SZ, + ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, + NULL, 0); + if (ret < 0) { + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev); + } + #endif } - #endif } } break; @@ -4855,13 +4931,19 @@ #ifdef HAVE_ARIA case wolfssl_aria_gcm: - ret = wc_AriaDecrypt(ssl->decrypt.aria, - plain, - (byte *)input + AESGCM_EXP_IV_SZ, - sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.nonce, AESGCM_NONCE_SZ, - ssl->decrypt.additional, ssl->specs.aead_mac_size, - NULL, 0); + if (sz < AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size) { + ret = BUFFER_ERROR; + } + + if (ret == 0) { + ret = wc_AriaDecrypt(ssl->decrypt.aria, + plain, + (byte *)input + AESGCM_EXP_IV_SZ, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + ssl->decrypt.nonce, AESGCM_NONCE_SZ, + ssl->decrypt.additional, ssl->specs.aead_mac_size, + NULL, 0); + } break; #endif @@ -5002,6 +5084,10 @@ #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { + if (sz <= ssl->specs.aead_mac_size) { + *error = BUFFER_ERROR; + return NULL; + } ret = DecryptTls13(ssl, output, input, sz, (byte*)rh, RECORD_HEADER_SZ); } else @@ -5055,6 +5141,10 @@ #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { word16 i = (word16)(sz - ssl->keys.padSz); + if (i == 0) { + *error = BUFFER_ERROR; + return NULL; + } /* Remove padding from end of plain text. */ for (--i; i > 0; i--) { if (output[i] != 0) @@ -5176,6 +5266,7 @@ } if (HashInit(newHash) != 0) { SetError(EXTENDED_MASTER_HASH_STR, error, NULL, 0); + XFREE(newHash, NULL, DYNAMIC_TYPE_HASHES); XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION); return NULL; } @@ -5380,6 +5471,12 @@ /* trim VLAN header and try again */ packet += 8; length -= 8; + if (length < IP_HDR_SZ) { + SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + iphdr = (IpHdr*)packet; + version = IP_V(iphdr); } } @@ -5423,6 +5520,12 @@ * data after the IP record for the FCS for Ethernet. */ *sslBytes = (int)(packet + ipInfo->total - *sslFrame); + /* Ensure sslBytes does not exceed the actual size. */ + if (*sslBytes > (int)(length - (ipInfo->length + tcpInfo->length))) { + SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); + return WOLFSSL_FATAL_ERROR; + } + (void)checkReg; return 0; @@ -5561,7 +5664,7 @@ if (end >= curr->begin) end = curr->begin - 1; - if (MaxRecoveryMemory -1 && + if (MaxRecoveryMemory != -1 && (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); return WOLFSSL_FATAL_ERROR; @@ -6617,12 +6720,21 @@ #ifdef WOLFSSL_SNIFFER_CHAIN_INPUT struct iovec* chain; word32 i; + size_t totalLength; word32 chainSz = (word32)length; chain = (struct iovec*)packet; - length = 0; - for (i = 0; i < chainSz; i++) length += chain[i].iov_len; + totalLength = 0; + for (i = 0; i < chainSz; i++) { + size_t prev = totalLength; + totalLength += chain[i].iov_len; + if (totalLength < prev || totalLength > (size_t)INT_MAX) { + SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); + return WOLFSSL_SNIFFER_ERROR; + } + } + length = (int)totalLength; tmpPacket = (byte*)XMALLOC(length, NULL, DYNAMIC_TYPE_SNIFFER_CHAIN_BUFFER); if (tmpPacket == NULL) return MEMORY_E; @@ -6630,7 +6742,7 @@ length = 0; for (i = 0; i < chainSz; i++) { XMEMCPY(tmpPacket+length,chain[i].iov_base,chain[i].iov_len); - length += chain[i].iov_len; + length += (int)chain[i].iov_len; } packet = (const byte*)tmpPacket; #else @@ -7672,6 +7784,9 @@ #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, sizeof(clientAddr.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, + sizeof(clientAddr.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6) == 1) #endif @@ -7691,6 +7806,9 @@ #ifdef FUSION_RTOS if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6, sizeof(serverAddr.ip4)) == 1) + #elif defined(FREESCALE_MQX) + if (XINET_PTON(AF_INET6, clientIp, clientAddr.ip6, + sizeof(clientAddr.ip6)) == RTCS_OK) #else if (XINET_PTON(AF_INET6, serverIp, serverAddr.ip6) == 1) #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,6 +31,7 @@ #include #include +#include #include #include #ifdef NO_INLINE @@ -152,26 +153,121 @@ #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */ /* + * ssl.c Build Options: + * + * See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3, + * internal.c for handshake internals, wc_port.c for platform/memory. + * + * OpenSSL Compatibility: + * OPENSSL_EXTRA: Enable OpenSSL compatibility API default: off + * OPENSSL_ALL: Enable all OpenSSL compat APIs default: off + * OPENSSL_EXTRA_X509_SMALL: Minimal OpenSSL X509 compat APIs default: off + * OPENSSL_EXTRA_NO_ASN1: OpenSSL extra without ASN1 objects default: off * OPENSSL_COMPATIBLE_DEFAULTS: - * Enable default behaviour that is compatible with OpenSSL. For example - * SSL_CTX by default doesn't verify the loaded certs. Enabling this - * should make porting to new projects easier. - * WOLFSSL_CHECK_ALERT_ON_ERR: - * Check for alerts during the handshake in the event of an error. - * NO_SESSION_CACHE_REF: - * wolfSSL_get_session on a client will return a reference to the internal - * ClientCache by default for backwards compatibility. This define will - * make wolfSSL_get_session return a reference to ssl->session. The returned - * pointer will be freed with the related WOLFSSL object. - * SESSION_CACHE_DYNAMIC_MEM: - * Dynamically allocate sessions for the session cache from the heap, as - * opposed to the default which allocates from the stack. Allocates - * memory only when a session is added to the cache, frees memory after the - * session is no longer being used. Recommended for memory-constrained - * systems. - * WOLFSSL_SYS_CA_CERTS - * Enables ability to load system CA certs from the OS via - * wolfSSL_CTX_load_system_CA_certs. + * Default behavior compatible with OpenSSL default: off + * NO_WOLFSSL_STUB: Disable stubs for unimplemented funcs default: off + * WOLFSSL_DEBUG_OPENSSL: Debug logging for OpenSSL compat layer default: off + * WOLFSSL_HAVE_ERROR_QUEUE: OpenSSL-compatible error queue default: off + * WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off + * WOLFSSL_CIPHER_INTERNALNAME: + * Use wolfSSL internal cipher suite names default: off + * NO_CIPHER_SUITE_ALIASES: Disable cipher suite name aliases default: off + * WOLFSSL_SET_CIPHER_BYTES: Set cipher suites by raw byte values default: off + * WOLFSSL_OLD_SET_CURVES_LIST: + * Old-style curve list parsing for compat default: off + * WOLFSSL_NO_OPENSSL_RAND_CB: Disable OpenSSL RAND callback compat default: off + * NO_ERROR_STRINGS: Disable human-readable error strings default: off + * WOLFSSL_PUBLIC_ASN: Make ASN parsing functions public default: off + * + * Extra Data / BIO: + * HAVE_EX_DATA: Enable ex_data on SSL/CTX/X509 objects default: off + * HAVE_EX_DATA_CLEANUP_HOOKS: Cleanup callbacks for ex_data default: off + * HAVE_EX_DATA_CRYPTO: ex_data support for wolfCrypt objects default: off + * MAX_EX_DATA: Max ex_data entries per object default: 5 + * NO_BIO: Disable BIO abstraction layer default: off + * + * Session & Cache: + * NO_SESSION_CACHE: Disable server session cache default: off + * NO_SESSION_CACHE_REF: wolfSSL_get_session returns ssl->session + * reference instead of ClientCache ref default: off + * SESSION_CACHE_DYNAMIC_MEM: Dynamically allocate session cache default: off + * NO_CLIENT_CACHE: Disable client-side session cache default: off + * SESSION_CERTS: Store full cert chain in session default: off + * WOLFSSL_SESSION_ID_CTX: Session ID context for cache sharing default: off + * + * I/O & Transport: + * USE_WOLFSSL_IO: Use built-in I/O callbacks default: on + * WOLFSSL_USER_IO: Application provides custom I/O default: off + * WOLFSSL_NO_SOCK: Build without socket support default: off + * NO_WRITEV: Disable writev() scatter/gather I/O default: off + * WOLFSSL_DTLS_MTU: Enable DTLS MTU management APIs default: off + * WOLFSSL_DTLS_DROP_STATS: Track DTLS packet drop statistics default: off + * WOLFSSL_MULTICAST: Enable DTLS multicast support default: off + * + * Callbacks & Features: + * WOLFSSL_CHECK_ALERT_ON_ERR: Check alerts on handshake error default: off + * ATOMIC_USER: User-defined record layer callbacks default: off + * HAVE_WRITE_DUP: Separate threads for SSL read/write default: off + * WOLFSSL_CALLBACKS: Handshake monitoring callbacks default: off + * NO_HANDSHAKE_DONE_CB: Disable handshake completion callback default: off + * WOLFSSL_SHUTDOWNONCE: Send close_notify only once default: off + * WOLFSSL_COPY_CERT: Copy certificate buffer (own copy) default: off + * WOLFSSL_COPY_KEY: Copy private key buffer (own copy) default: off + * WOLF_PRIVATE_KEY_ID: Reference private keys by ID default: off + * WOLFSSL_REFCNT_ERROR_RETURN: + * Return errors on ref counting failures default: off + * WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST: + * Allow runtime max fragment size adjustment default: off + * WOLFSSL_ALLOW_NO_SUITES: Allow SSL objects with no cipher suites default: off + * + * Certificates & Keys: + * KEEP_PEER_CERT: Keep peer cert after handshake default: off + * KEEP_OUR_CERT: Keep our cert after handshake default: off + * WOLFSSL_STATIC_RSA: Enable static RSA key exchange default: off + * WOLFSSL_HAVE_CERT_SERVICE: Certificate service callbacks default: off + * WOLFSSL_SYS_CA_CERTS: Load system CA certs from OS default: off + * + * Application Compatibility: + * HAVE_CURL: APIs for libcurl compatibility default: off + * HAVE_LIGHTY: APIs for lighttpd compatibility default: off + * HAVE_MEMCACHED: APIs for memcached compatibility default: off + * WOLFSSL_APACHE_HTTPD: APIs for Apache httpd compatibility default: off + * WOLFSSL_NGINX: APIs for nginx compatibility default: off + * WOLFSSL_HAPROXY: APIs for HAProxy compatibility default: off + * WOLFSSL_ASIO: APIs for Boost.Asio compatibility default: off + * WOLFSSL_PYTHON: APIs for Python module compatibility default: off + * WOLFSSL_QT: APIs for Qt framework compatibility default: off + * WOLFSSL_JNI: APIs for Java JNI/JSSE compatibility default: off + * + * Protocol Features: + * WOLFSSL_HAVE_WOLFSCEP: Enable wolfSCEP protocol support default: off + * WOLFCRYPT_HAVE_SRP: Enable SRP protocol support default: off + * HAVE_LIBZ: Enable zlib TLS compression default: off + * WOLFSSL_EXTRA: Extra SSL session info APIs default: off + * WOLFSSL_WPAS_SMALL: Minimal wpa_supplicant/hostapd APIs default: off + * HAVE_FUZZER: Fuzzing callback support default: off + * + * Memory & Threading: + * WOLFSSL_STATIC_MEMORY_LEAN: Lean static memory allocation default: off + * WOLFSSL_THREADED_CRYPT: Multi-threaded crypto operations default: off + * WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS: + * Thread-safe cleanup via atomics default: off + * WOLFSSL_ATOMIC_INITIALIZER: Static init for atomic variables default: off + * WOLFSSL_DEBUG_MEMORY: Log malloc/free with file/line info default: off + * WOLFSSL_NO_REALLOC: Disable realloc, use malloc+copy+free default: off + * WOLFSSL_HEAP_TEST: Heap-related testing utilities default: off + * + * Debugging & Build: + * SHOW_SIZES: Display struct sizes at init default: off + * WOLFSSL_DEBUG_TRACE_ERROR_CODES: + * Trace error code origins for debugging default: off + * HAVE_ATEXIT: Register wolfSSL_Cleanup via atexit default: off + * WOLFSSL_SYS_CRYPTO_POLICY: Honor system crypto policy settings default: off + * + * Hardware TLS: + * WOLFSSL_RENESAS_TSIP_TLS: Renesas TSIP hardware crypto for TLS default: off + * WOLFSSL_RENESAS_FSPSM_TLS: Renesas FSP Security Module for TLS default: off + * WOLFSSL_EGD_NBLOCK: Non-blocking EGD entropy support default: off */ #define WOLFSSL_SSL_MISC_INCLUDED @@ -190,6 +286,12 @@ #define WOLFSSL_SSL_SESS_INCLUDED #include "src/ssl_sess.c" + +#define WOLFSSL_SSL_API_CERT_INCLUDED +#include "src/ssl_api_cert.c" + +#define WOLFSSL_SSL_API_PK_INCLUDED +#include "src/ssl_api_pk.c" #endif #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ @@ -359,6 +461,9 @@ #define WOLFSSL_PK_INCLUDED #include "src/pk.c" +#define WOLFSSL_EVP_PK_INCLUDED +#include "wolfcrypt/src/evp_pk.c" + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* copies over data of "in" to "out" */ static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out) @@ -404,710 +509,8 @@ #include -#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) -/* create the hpke key and ech config to send to clients */ -int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, - word16 kemId, word16 kdfId, word16 aeadId) -{ - int ret = 0; - word16 encLen = DHKEM_X25519_ENC_LEN; - WOLFSSL_EchConfig* newConfig; - WOLFSSL_EchConfig* parentConfig; -#ifdef WOLFSSL_SMALL_STACK - Hpke* hpke = NULL; - WC_RNG* rng; -#else - Hpke hpke[1]; - WC_RNG rng[1]; -#endif - - if (ctx == NULL || publicName == NULL) - return BAD_FUNC_ARG; - - WC_ALLOC_VAR_EX(rng, WC_RNG, 1, ctx->heap, DYNAMIC_TYPE_RNG, - return MEMORY_E); - ret = wc_InitRng(rng); - if (ret != 0) { - WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG); - return ret; - } - - newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), - ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (newConfig == NULL) - ret = MEMORY_E; - else - XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig)); - - /* set random config id */ - if (ret == 0) - ret = wc_RNG_GenerateByte(rng, &newConfig->configId); - - /* if 0 is selected for algorithms use default, may change with draft */ - if (kemId == 0) - kemId = DHKEM_X25519_HKDF_SHA256; - - if (kdfId == 0) - kdfId = HKDF_SHA256; - - if (aeadId == 0) - aeadId = HPKE_AES_128_GCM; - - if (ret == 0) { - /* set the kem id */ - newConfig->kemId = kemId; - - /* set the cipher suite, only 1 for now */ - newConfig->numCipherSuites = 1; - newConfig->cipherSuites = - (EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - - if (newConfig->cipherSuites == NULL) { - ret = MEMORY_E; - } - else { - newConfig->cipherSuites[0].kdfId = kdfId; - newConfig->cipherSuites[0].aeadId = aeadId; - } - } - -#ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - hpke = (Hpke*)XMALLOC(sizeof(Hpke), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (hpke == NULL) - ret = MEMORY_E; - } -#endif - - if (ret == 0) - ret = wc_HpkeInit(hpke, kemId, kdfId, aeadId, ctx->heap); - - /* generate the receiver private key */ - if (ret == 0) - ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng); - - /* done with RNG */ - wc_FreeRng(rng); - - /* serialize the receiver key */ - if (ret == 0) - ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey, - newConfig->receiverPubkey, &encLen); - - if (ret == 0) { - newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1, - ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (newConfig->publicName == NULL) { - ret = MEMORY_E; - } - else { - XMEMCPY(newConfig->publicName, publicName, - XSTRLEN(publicName) + 1); - } - } - - if (ret != 0) { - if (newConfig) { - XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - } - else { - parentConfig = ctx->echConfigs; - - if (parentConfig == NULL) { - ctx->echConfigs = newConfig; - } - else { - while (parentConfig->next != NULL) { - parentConfig = parentConfig->next; - } - - parentConfig->next = newConfig; - } - } - - if (ret == 0) - ret = WOLFSSL_SUCCESS; - - WC_FREE_VAR_EX(hpke, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG); - - return ret; -} - -int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64, - word32 echConfigs64Len) -{ - int ret = 0; - word32 decodedLen = echConfigs64Len * 3 / 4 + 1; - byte* decodedConfigs; - - if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0) - return BAD_FUNC_ARG; - - decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); - - if (decodedConfigs == NULL) - return MEMORY_E; - - decodedConfigs[decodedLen - 1] = 0; - - /* decode the echConfigs */ - ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len, - decodedConfigs, &decodedLen); - - if (ret != 0) { - XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - - ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen); - - XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs, - word32 echConfigsLen) -{ - int ret; - - if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0) - return BAD_FUNC_ARG; - - FreeEchConfigs(ctx->echConfigs, ctx->heap); - ctx->echConfigs = NULL; - ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs, - echConfigsLen); - - if (ret == 0) - return WOLFSSL_SUCCESS; - - return ret; -} - -/* get the ech configs that the server context is using */ -int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, - word32* outputLen) { - if (ctx == NULL || outputLen == NULL) - return BAD_FUNC_ARG; - - /* if we don't have ech configs */ - if (ctx->echConfigs == NULL) - return WOLFSSL_FATAL_ERROR; - - return GetEchConfigsEx(ctx->echConfigs, output, outputLen); -} - -void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable) -{ - if (ctx != NULL) { - ctx->disableECH = !enable; - if (ctx->disableECH) { - TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap); - FreeEchConfigs(ctx->echConfigs, ctx->heap); - ctx->echConfigs = NULL; - } - } -} - -/* set the ech config from base64 for our client ssl object, base64 is the - * format ech configs are sent using dns records */ -int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64, - word32 echConfigs64Len) -{ - int ret = 0; - word32 decodedLen = echConfigs64Len * 3 / 4 + 1; - byte* decodedConfigs; - - if (ssl == NULL || echConfigs64 == NULL || echConfigs64Len == 0) - return BAD_FUNC_ARG; - - /* already have ech configs */ - if (ssl->options.useEch == 1) { - return WOLFSSL_FATAL_ERROR; - } - - decodedConfigs = (byte*)XMALLOC(decodedLen, ssl->heap, - DYNAMIC_TYPE_TMP_BUFFER); - - if (decodedConfigs == NULL) - return MEMORY_E; - - decodedConfigs[decodedLen - 1] = 0; - - /* decode the echConfigs */ - ret = Base64_Decode((byte*)echConfigs64, echConfigs64Len, - decodedConfigs, &decodedLen); - - if (ret != 0) { - XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - - ret = wolfSSL_SetEchConfigs(ssl, decodedConfigs, decodedLen); - - XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -} - -/* set the ech config from a raw buffer, this is the format ech configs are - * sent using retry_configs from the ech server */ -int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, - word32 echConfigsLen) -{ - int ret; - - if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0) - return BAD_FUNC_ARG; - - /* already have ech configs */ - if (ssl->options.useEch == 1) { - return WOLFSSL_FATAL_ERROR; - } - - ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs, - echConfigsLen); - - /* if we found valid configs */ - if (ret == 0) { - ssl->options.useEch = 1; - return WOLFSSL_SUCCESS; - } - - return ret; -} - -/* get the raw ech config from our struct */ -int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) -{ - int i; - word16 totalLen = 0; - - if (config == NULL || (output == NULL && outputLen == NULL)) - return BAD_FUNC_ARG; - - /* 2 for version */ - totalLen += 2; - /* 2 for length */ - totalLen += 2; - /* 1 for configId */ - totalLen += 1; - /* 2 for kemId */ - totalLen += 2; - /* 2 for hpke_len */ - totalLen += 2; - - /* hpke_pub_key */ - switch (config->kemId) { - case DHKEM_P256_HKDF_SHA256: - totalLen += DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - totalLen += DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - totalLen += DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - totalLen += DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - totalLen += DHKEM_X448_ENC_LEN; - break; - } - - /* cipherSuitesLen */ - totalLen += 2; - /* cipherSuites */ - totalLen += config->numCipherSuites * 4; - /* public name len */ - totalLen += 2; - - /* public name */ - totalLen += XSTRLEN(config->publicName); - /* trailing zeros */ - totalLen += 2; - - if (output == NULL) { - *outputLen = totalLen; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - if (totalLen > *outputLen) { - *outputLen = totalLen; - return INPUT_SIZE_E; - } - - /* version */ - c16toa(TLSX_ECH, output); - output += 2; - - /* length - 4 for version and length itself */ - c16toa(totalLen - 4, output); - output += 2; - - /* configId */ - *output = config->configId; - output++; - /* kemId */ - c16toa(config->kemId, output); - output += 2; - - /* length and key itself */ - switch (config->kemId) { - case DHKEM_P256_HKDF_SHA256: - c16toa(DHKEM_P256_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P256_ENC_LEN); - output += DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - c16toa(DHKEM_P384_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P384_ENC_LEN); - output += DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - c16toa(DHKEM_P521_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_P521_ENC_LEN); - output += DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - c16toa(DHKEM_X25519_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X25519_ENC_LEN); - output += DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - c16toa(DHKEM_X448_ENC_LEN, output); - output += 2; - XMEMCPY(output, config->receiverPubkey, DHKEM_X448_ENC_LEN); - output += DHKEM_X448_ENC_LEN; - break; - } - - /* cipherSuites len */ - c16toa(config->numCipherSuites * 4, output); - output += 2; - - /* cipherSuites */ - for (i = 0; i < config->numCipherSuites; i++) { - c16toa(config->cipherSuites[i].kdfId, output); - output += 2; - c16toa(config->cipherSuites[i].aeadId, output); - output += 2; - } - - /* set maximum name length to 0 */ - *output = 0; - output++; - - /* publicName len */ - *output = XSTRLEN(config->publicName); - output++; - - /* publicName */ - XMEMCPY(output, config->publicName, - XSTRLEN(config->publicName)); - output += XSTRLEN(config->publicName); - - /* terminating zeros */ - c16toa(0, output); - /* output += 2; */ - - *outputLen = totalLen; - - return 0; -} - -/* wrapper function to get ech configs from application code */ -int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen) -{ - if (ssl == NULL || outputLen == NULL) - return BAD_FUNC_ARG; - - /* if we don't have ech configs */ - if (ssl->options.useEch != 1) { - return WOLFSSL_FATAL_ERROR; - } - - return GetEchConfigsEx(ssl->echConfigs, output, outputLen); -} - -void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable) -{ - if (ssl != NULL) { - ssl->options.disableECH = !enable; - if (ssl->options.disableECH) { - TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); - FreeEchConfigs(ssl->echConfigs, ssl->heap); - ssl->echConfigs = NULL; - } - } -} - -int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap, - const byte* echConfigs, word32 echConfigsLen) -{ - int ret = 0; - int i; - int j; - word16 totalLength; - word16 version; - word16 length; - word16 hpkePubkeyLen; - word16 cipherSuitesLen; - word16 publicNameLen; - WOLFSSL_EchConfig* configList = NULL; - WOLFSSL_EchConfig* workingConfig = NULL; - WOLFSSL_EchConfig* lastConfig = NULL; - byte* echConfig = NULL; - - if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen == 0) - return BAD_FUNC_ARG; - - /* check that the total length is well formed */ - ato16(echConfigs, &totalLength); - - if (totalLength != echConfigsLen - 2) { - return WOLFSSL_FATAL_ERROR; - } - - /* skip the total length uint16_t */ - i = 2; - - do { - echConfig = (byte*)echConfigs + i; - ato16(echConfig, &version); - ato16(echConfig + 2, &length); - - /* if the version does not match */ - if (version != TLSX_ECH) { - /* we hit the end of the configs */ - if ( (word32)i + 2 >= echConfigsLen ) { - break; - } - - /* skip this config, +4 for version and length */ - i += length + 4; - continue; - } - - /* check if the length will overrun the buffer */ - if ((word32)i + length + 4 > echConfigsLen) { - break; - } - - if (workingConfig == NULL) { - workingConfig = - (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap, - DYNAMIC_TYPE_TMP_BUFFER); - configList = workingConfig; - if (workingConfig != NULL) { - workingConfig->next = NULL; - } - } - else { - lastConfig = workingConfig; - workingConfig->next = - (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), - heap, DYNAMIC_TYPE_TMP_BUFFER); - workingConfig = workingConfig->next; - } - - if (workingConfig == NULL) { - ret = MEMORY_E; - break; - } - - XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig)); - - /* rawLen */ - workingConfig->rawLen = length + 4; - - /* raw body */ - workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen, - heap, DYNAMIC_TYPE_TMP_BUFFER); - if (workingConfig->raw == NULL) { - ret = MEMORY_E; - break; - } - - XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen); - - /* skip over version and length */ - echConfig += 4; - - /* configId, 1 byte */ - workingConfig->configId = *(echConfig); - echConfig++; - /* kemId, 2 bytes */ - ato16(echConfig, &workingConfig->kemId); - echConfig += 2; - /* hpke public_key length, 2 bytes */ - ato16(echConfig, &hpkePubkeyLen); - echConfig += 2; - /* hpke public_key */ - XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen); - echConfig += hpkePubkeyLen; - /* cipherSuitesLen */ - ato16(echConfig, &cipherSuitesLen); - - workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen, - heap, DYNAMIC_TYPE_TMP_BUFFER); - if (workingConfig->cipherSuites == NULL) { - ret = MEMORY_E; - break; - } - - echConfig += 2; - workingConfig->numCipherSuites = cipherSuitesLen / 4; - /* cipherSuites */ - for (j = 0; j < workingConfig->numCipherSuites; j++) { - ato16(echConfig + j * 4, &workingConfig->cipherSuites[j].kdfId); - ato16(echConfig + j * 4 + 2, - &workingConfig->cipherSuites[j].aeadId); - } - echConfig += cipherSuitesLen; - /* ignore the maximum name length */ - echConfig++; - /* publicNameLen */ - publicNameLen = *(echConfig); - workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1, - heap, DYNAMIC_TYPE_TMP_BUFFER); - if (workingConfig->publicName == NULL) { - ret = MEMORY_E; - break; - } - echConfig++; - /* publicName */ - XMEMCPY(workingConfig->publicName, echConfig, publicNameLen); - /* null terminated */ - workingConfig->publicName[publicNameLen] = 0; - - /* add length to go to next config, +4 for version and length */ - i += length + 4; - - /* check that we support this config */ - for (j = 0; j < HPKE_SUPPORTED_KEM_LEN; j++) { - if (hpkeSupportedKem[j] == workingConfig->kemId) - break; - } - - /* if we don't support the kem or at least one cipher suite */ - if (j >= HPKE_SUPPORTED_KEM_LEN || - EchConfigGetSupportedCipherSuite(workingConfig) < 0) - { - XFREE(workingConfig->cipherSuites, heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(workingConfig->publicName, heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); - workingConfig = lastConfig; - } - } while ((word32)i < echConfigsLen); - - /* if we found valid configs */ - if (ret == 0 && configList != NULL) { - *outputConfigs = configList; - - return ret; - } - - workingConfig = configList; - - while (workingConfig != NULL) { - lastConfig = workingConfig; - workingConfig = workingConfig->next; - - XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); - - XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER); - } - - if (ret == 0) - return WOLFSSL_FATAL_ERROR; - - return ret; -} - -/* get the raw ech configs from our linked list of ech config structs */ -int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) -{ - int ret = 0; - WOLFSSL_EchConfig* workingConfig = NULL; - byte* outputStart = output; - word32 totalLen = 2; - word32 workingOutputLen = 0; - - if (configs == NULL || outputLen == NULL || - (output != NULL && *outputLen < totalLen)) { - return BAD_FUNC_ARG; - } - - - /* skip over total length which we fill in later */ - if (output != NULL) { - workingOutputLen = *outputLen - totalLen; - output += 2; - } - else { - /* caller getting the size only, set current 2 byte length size */ - *outputLen = totalLen; - } - - workingConfig = configs; - - while (workingConfig != NULL) { - /* get this config */ - ret = GetEchConfig(workingConfig, output, &workingOutputLen); - - if (output != NULL) - output += workingOutputLen; - - /* add this config's length to the total length */ - totalLen += workingOutputLen; - - if (totalLen > *outputLen) - workingOutputLen = 0; - else - workingOutputLen = *outputLen - totalLen; - - /* only error we break on, other 2 we need to keep finding length */ - if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return BAD_FUNC_ARG; - - workingConfig = workingConfig->next; - } - - if (output == NULL) { - *outputLen = totalLen; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - if (totalLen > *outputLen) { - *outputLen = totalLen; - return INPUT_SIZE_E; - } - - /* total size -2 for size itself */ - c16toa(totalLen - 2, outputStart); - - *outputLen = totalLen; - - return WOLFSSL_SUCCESS; -} -#endif /* WOLFSSL_TLS13 && HAVE_ECH */ +#define WOLFSSL_SSL_ECH_INCLUDED +#include "src/ssl_ech.c" #ifdef OPENSSL_EXTRA static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, @@ -1119,7 +522,12 @@ #endif /* prevent multiple mutex initializations */ + +/* note, initRefCount is not used for thread synchronization, only for + * bookkeeping while inits_count_mutex is held. + */ static volatile WC_THREADSHARED int initRefCount = 0; + /* init ref count mutex */ static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex); @@ -1434,9 +842,28 @@ } if (doFree) { - WOLFSSL_MSG("Doing WriteDup full free, count to zero"); +#ifdef WOLFSSL_DTLS13 + struct Dtls13RecordNumber* rn = ssl->dupWrite->sendAckList; + while (rn != NULL) { + struct Dtls13RecordNumber* next = rn->next; + XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + rn = next; + } +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + Free_HS_Hashes(ssl->dupWrite->postHandshakeHashState, ssl->heap); + { + CertReqCtx* ctx = ssl->dupWrite->postHandshakeCertReqCtx; + while (ctx != NULL) { + CertReqCtx* nxt = ctx->next; + XFREE(ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + ctx = nxt; + } + } +#endif /* WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */ wc_FreeMutex(&ssl->dupWrite->dupMutex); XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP); + WOLFSSL_MSG("Did WriteDup full free, count to zero"); } } @@ -1479,6 +906,9 @@ XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion)); XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion)); + /* dup side now owns encrypt/write ciphers */ + XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); + #ifdef HAVE_ONE_TIME_AUTH #ifdef HAVE_POLY1305 if (ssl->auth.setup && ssl->auth.poly1305 != NULL) { @@ -1491,8 +921,39 @@ #endif #endif - /* dup side now owns encrypt/write ciphers */ - XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers)); +#ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->version)) { + /* Copy TLS 1.3 application traffic secrets so the write side can + * derive updated keys when wolfSSL_update_keys() is called. */ + XMEMCPY(dup->clientSecret, ssl->clientSecret, SECRET_LEN); + XMEMCPY(dup->serverSecret, ssl->serverSecret, SECRET_LEN); + +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* Copy epoch array (contains only value types -- safe to memcpy). */ + XMEMCPY(dup->dtls13Epochs, ssl->dtls13Epochs, + sizeof(ssl->dtls13Epochs)); + + /* Re-point dtls13EncryptEpoch into dup's own epoch array. */ + if (ssl->dtls13EncryptEpoch != NULL) { + dup->dtls13EncryptEpoch = + &dup->dtls13Epochs[ssl->dtls13EncryptEpoch - + ssl->dtls13Epochs]; + } + + /* Copy current write epoch number. */ + dup->dtls13Epoch = ssl->dtls13Epoch; + + /* Transfer record-number encryption cipher ownership to dup. */ + XMEMCPY(&dup->dtlsRecordNumberEncrypt, + &ssl->dtlsRecordNumberEncrypt, sizeof(RecordNumberCiphers)); + XMEMSET(&ssl->dtlsRecordNumberEncrypt, + 0, sizeof(RecordNumberCiphers)); + } +#endif /* WOLFSSL_DTLS13 */ + } +#endif /* WOLFSSL_TLS13 */ + dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx; dup->CBIOSend = ssl->CBIOSend; @@ -1813,7 +1274,7 @@ { const char* cipher; - if (ssl == NULL) + if (ssl == NULL || len <= 0) return NULL; cipher = wolfSSL_get_cipher_name_iana(ssl); @@ -1853,48 +1314,6 @@ return dtlsOpt; } -#if !defined(NO_CERTS) -/* Set whether mutual authentication is required for connections. - * Server side only. - * - * ctx The SSL/TLS CTX object. - * req 1 to indicate required and 0 when not. - * returns BAD_FUNC_ARG when ctx is NULL, SIDE_ERROR when not a server and - * 0 on success. - */ -int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req) -{ - if (ctx == NULL) - return BAD_FUNC_ARG; - if (ctx->method->side != WOLFSSL_SERVER_END) - return SIDE_ERROR; - - ctx->mutualAuth = (byte)req; - - return 0; -} - -/* Set whether mutual authentication is required for the connection. - * Server side only. - * - * ssl The SSL/TLS object. - * req 1 to indicate required and 0 when not. - * returns BAD_FUNC_ARG when ssl is NULL and - * SIDE_ERROR when not a server and 0 on success. - */ -int wolfSSL_mutual_auth(WOLFSSL* ssl, int req) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - if (ssl->options.side != WOLFSSL_SERVER_END) - return SIDE_ERROR; - - ssl->options.mutualAuth = (word16)req; - - return 0; -} -#endif /* NO_CERTS */ - #ifdef WOLFSSL_WOLFSENTRY_HOOKS int wolfSSL_CTX_set_AcceptFilter( @@ -2905,7 +2324,7 @@ return BAD_FUNC_ARG; } - return wolfSSL_GetMaxFragSize(ssl, OUTPUT_RECORD_SIZE); + return min(OUTPUT_RECORD_SIZE, wolfssl_local_GetMaxPlaintextSize(ssl)); } @@ -2925,8 +2344,7 @@ if (inSz > maxSize) return INPUT_SIZE_E; - return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0, - CUR_ORDER); + return wolfssl_local_GetRecordSize(ssl, inSz, 1); } @@ -3144,7 +2562,7 @@ static int wolfSSL_write_internal(WOLFSSL* ssl, const void* data, size_t sz) { - int ret; + int ret = 0; WOLFSSL_ENTER("wolfSSL_write"); @@ -3159,32 +2577,143 @@ #endif #ifdef HAVE_WRITE_DUP - { /* local variable scope */ + if (ssl->dupSide == READ_DUP_SIDE) { + WOLFSSL_MSG("Read dup side cannot write"); + return WRITE_DUP_WRITE_E; + } + /* Only enter special dupWrite logic when error is cleared. This will help + * with handling async data and other edge case errors. */ + if (ssl->dupWrite != NULL && ssl->error == 0) { int dupErr = 0; /* local copy */ + /* Lock ssl->dupWrite to gather what needs to be done. */ + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + dupErr = ssl->dupWrite->dupErr; +#ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->version)) { + /* TLS 1.3: if the read side received a KeyUpdate(update_requested) + * it cannot respond; send the response from here. */ + ssl->keys.keyUpdateRespond |= ssl->dupWrite->keyUpdateRespond; + ssl->dupWrite->keyUpdateRespond = 0; +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + ssl->postHandshakeAuthPending |= + ssl->dupWrite->postHandshakeAuthPending; + ssl->dupWrite->postHandshakeAuthPending = 0; + if (ssl->postHandshakeAuthPending) { + /* Take ownership of the delegated auth state. */ + CertReqCtx** tail = &ssl->dupWrite->postHandshakeCertReqCtx; + while (*tail != NULL) + tail = &(*tail)->next; + *tail = ssl->certReqCtx; + ssl->certReqCtx = ssl->dupWrite->postHandshakeCertReqCtx; + ssl->dupWrite->postHandshakeCertReqCtx = NULL; + FreeHandshakeHashes(ssl); + ssl->hsHashes = ssl->dupWrite->postHandshakeHashState; + ssl->dupWrite->postHandshakeHashState = NULL; + ssl->options.sendVerify = ssl->dupWrite->postHandshakeSendVerify; + ssl->options.sigAlgo = ssl->dupWrite->postHandshakeSigAlgo; + ssl->options.hashAlgo = ssl->dupWrite->postHandshakeHashAlgo; + } +#endif /* WOLFSSL_POST_HANDSHAKE_AUTH */ +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* Schedule key update to be sent. */ + if (ssl->keys.keyUpdateRespond) + ssl->dtls13DoKeyUpdate = 1; + + /* Copy over ACKs */ + ssl->dtls13Rtx.sendAcks |= ssl->dupWrite->sendAcks; + if (ssl->dupWrite->sendAcks) { + /* Insert each record number so the + * ACK message is properly ordered. */ + struct Dtls13RecordNumber* rn; + for (rn = ssl->dupWrite->sendAckList; rn != NULL; + rn = rn->next) { + ret = Dtls13RtxAddAck(ssl, rn->epoch, rn->seq); + if (ret != 0) + break; + } + /* Clear only on success so no ACKs get dropped */ + if (ret == 0) { + rn = ssl->dupWrite->sendAckList; + ssl->dupWrite->sendAckList = NULL; + ssl->dupWrite->sendAcks = 0; + while (rn != NULL) { + struct Dtls13RecordNumber* next = rn->next; + XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + rn = next; + } + } + } - ret = 0; - - if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) { - WOLFSSL_MSG("Read dup side cannot write"); - return WRITE_DUP_WRITE_E; - } - if (ssl->dupWrite) { - if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) { - return BAD_MUTEX_E; + /* Remove KeyUpdate record from RTX list. */ + if (ssl->dupWrite->keyUpdateAcked) { + Dtls13RtxRemoveRecord(ssl, ssl->dupWrite->keyUpdateEpoch, + ssl->dupWrite->keyUpdateSeq); + } + /* Store if KeyUpdate was ACKed. */ + ssl->dtls13KeyUpdateAcked |= ssl->dupWrite->keyUpdateAcked; + ssl->dupWrite->keyUpdateAcked = 0; } - dupErr = ssl->dupWrite->dupErr; - ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex); +#endif /* WOLFSSL_DTLS13 */ } +#endif /* WOLFSSL_TLS13 */ + wc_UnLockMutex(&ssl->dupWrite->dupMutex); - if (ret != 0) { - ssl->error = ret; /* high priority fatal error */ - return WOLFSSL_FATAL_ERROR; - } if (dupErr != 0) { WOLFSSL_MSG("Write dup error from other side"); ssl->error = dupErr; return WOLFSSL_FATAL_ERROR; } + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + + +#ifdef WOLFSSL_TLS13 + if (IsAtLeastTLSv1_3(ssl->version)) { +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + /* Read side received a CertificateRequest but couldn't write; + * send Certificate+CertificateVerify+Finished from the write side. */ + if (ssl->postHandshakeAuthPending) { + /* reset handshake states */ + ssl->postHandshakeAuthPending = 0; + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + ssl->options.processReply = 0; /* doProcessInit */ + if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) { + if (ssl->error != WC_NO_ERR_TRACE(WANT_WRITE) && + ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) { + WOLFSSL_MSG("Post-handshake auth send failed"); + ssl->error = POST_HAND_AUTH_ERROR; + } + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* WOLFSSL_POST_HANDSHAKE_AUTH */ +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + if (ssl->dtls13KeyUpdateAcked) + ret = DoDtls13KeyUpdateAck(ssl); + ssl->dtls13KeyUpdateAcked = 0; + if (ret == 0) + ret = Dtls13DoScheduledWork(ssl); + } + else +#endif /* WOLFSSL_DTLS13 */ + if (ssl->keys.keyUpdateRespond) /* cleared in SendTls13KeyUpdate */ + ret = Tls13UpdateKeys(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + /* WANT_WRITE is safe to clear. Data is buffered in output buffer + * or in DTLS RTX queue */ + ret = 0; + } +#endif /* WOLFSSL_TLS13 */ } #endif @@ -3662,58 +3191,6 @@ #endif /* NO_WOLFSSL_CLIENT */ #endif /* HAVE_TRUNCATED_HMAC */ -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST - -int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options) -{ - WOLFSSL_ENTER("wolfSSL_UseOCSPStapling"); - - if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) - return BAD_FUNC_ARG; - - return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, - options, NULL, ssl->heap, ssl->devId); -} - - -int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type, - byte options) -{ - WOLFSSL_ENTER("wolfSSL_CTX_UseOCSPStapling"); - - if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) - return BAD_FUNC_ARG; - - return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type, - options, NULL, ctx->heap, ctx->devId); -} - -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ - -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 - -int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options) -{ - if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) - return BAD_FUNC_ARG; - - return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type, - options, ssl->heap, ssl->devId); -} - - -int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type, - byte options) -{ - if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) - return BAD_FUNC_ARG; - - return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type, - options, ctx->heap, ctx->devId); -} - -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ - /* Elliptic Curves */ #if defined(HAVE_SUPPORTED_CURVES) @@ -3737,6 +3214,9 @@ case WOLFSSL_ECC_SM2P256V1: case WOLFSSL_ECC_X25519: case WOLFSSL_ECC_X448: + case WOLFSSL_ECC_BRAINPOOLP256R1TLS13: + case WOLFSSL_ECC_BRAINPOOLP384R1TLS13: + case WOLFSSL_ECC_BRAINPOOLP512R1TLS13: case WOLFSSL_FFDHE_2048: case WOLFSSL_FFDHE_3072: @@ -3746,18 +3226,24 @@ #ifdef WOLFSSL_HAVE_MLKEM #ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE case WOLFSSL_ML_KEM_512: case WOLFSSL_ML_KEM_768: case WOLFSSL_ML_KEM_1024: + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ #if defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS) + #ifdef WOLFSSL_PQC_HYBRIDS + case WOLFSSL_SECP384R1MLKEM1024: + case WOLFSSL_X25519MLKEM768: + case WOLFSSL_SECP256R1MLKEM768: + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM512: case WOLFSSL_SECP384R1MLKEM768: case WOLFSSL_SECP521R1MLKEM1024: - case WOLFSSL_SECP384R1MLKEM1024: case WOLFSSL_X25519MLKEM512: case WOLFSSL_X448MLKEM768: - case WOLFSSL_X25519MLKEM768: - case WOLFSSL_SECP256R1MLKEM768: + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif #endif /* !WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER @@ -3820,6 +3306,10 @@ WOLFSSL_MSG("Group count is zero"); return WOLFSSL_FAILURE; } + if (count > WOLFSSL_MAX_GROUP_COUNT) { + WOLFSSL_MSG("Group count exceeds maximum"); + return WOLFSSL_FAILURE; + } for (i = 0; i < count; i++) { if (isValidCurveGroup((word16)groups[i])) { _groups[i] = groups[i]; @@ -3855,6 +3345,10 @@ WOLFSSL_MSG("Group count is zero"); return WOLFSSL_FAILURE; } + if (count > WOLFSSL_MAX_GROUP_COUNT) { + WOLFSSL_MSG("Group count exceeds maximum"); + return WOLFSSL_FAILURE; + } for (i = 0; i < count; i++) { if (isValidCurveGroup((word16)groups[i])) { _groups[i] = groups[i]; @@ -4216,6 +3710,30 @@ #endif /* HAVE_SECURE_RENEGOTIATION_INFO */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) +WOLFSSL_API int wolfSSL_get_scr_check_enabled(const WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_scr_check_enabled"); + + if (ssl == NULL) + return BAD_FUNC_ARG; + + return ssl->scr_check_enabled; +} + +WOLFSSL_API int wolfSSL_set_scr_check_enabled(WOLFSSL* ssl, byte enabled) +{ + WOLFSSL_ENTER("wolfSSL_set_scr_check_enabled"); + + if (ssl == NULL) + return BAD_FUNC_ARG; + + ssl->scr_check_enabled = !!enabled; + return WOLFSSL_SUCCESS; +} +#endif + #if defined(HAVE_SESSION_TICKET) /* Session Ticket */ @@ -4257,6 +3775,11 @@ if (ctx == NULL) return BAD_FUNC_ARG; + /* RFC8446 Section 4.6.1: Servers MUST NOT use any value greater than + * 604800 seconds (7 days). */ + if (hint < 0 || hint > 604800) + return BAD_FUNC_ARG; + ctx->ticketHint = hint; return WOLFSSL_SUCCESS; @@ -4661,6 +4184,10 @@ else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E)) return WOLFSSL_ERROR_SYSCALL; /* convert to OpenSSL type */ #endif +#ifdef WOLFSSL_ASYNC_CRYPT + else if (ssl->error == WC_NO_ERR_TRACE(MP_WOULDBLOCK)) + return WC_PENDING_E; /* map non-blocking crypto */ +#endif return ssl->error; } @@ -5169,16 +4696,6 @@ #endif /* ATOMIC_USER */ -#ifndef NO_CERTS -WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx) -{ - WOLFSSL_CERT_MANAGER* cm = NULL; - if (ctx) - cm = ctx->cm; - return cm; -} -#endif /* NO_CERTS */ - #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) \ && defined(XFPRINTF) @@ -5483,6 +5000,8 @@ return BAD_FUNC_ARG; } + ssl->options.downgrade = 0; + #ifdef NO_RSA haveRSA = 0; #endif @@ -5503,826 +5022,6 @@ } #endif /* !leanpsk */ -#ifndef NO_CERTS - -/* hash is the SHA digest of name, just use first 32 bits as hash */ -static WC_INLINE word32 HashSigner(const byte* hash) -{ - return MakeWordFromHash(hash) % CA_TABLE_SIZE; -} - - -/* does CA already exist on signer list */ -int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash) -{ - Signer* signers; - int ret = 0; - word32 row; - - if (cm == NULL || hash == NULL) { - return ret; - } - - row = HashSigner(hash); - - if (wc_LockMutex(&cm->caLock) != 0) { - return ret; - } - signers = cm->caTable[row]; - while (signers) { - byte* subjectHash; - - #ifndef NO_SKID - subjectHash = signers->subjectKeyIdHash; - #else - subjectHash = signers->subjectNameHash; - #endif - - if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { - ret = 1; /* success */ - break; - } - signers = signers->next; - } - wc_UnLockMutex(&cm->caLock); - - return ret; -} - - -#ifdef WOLFSSL_TRUST_PEER_CERT -/* hash is the SHA digest of name, just use first 32 bits as hash */ -static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash) -{ - return MakeWordFromHash(hash) % TP_TABLE_SIZE; -} - -/* does trusted peer already exist on signer list */ -int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert) -{ - TrustedPeerCert* tp; - int ret = 0; - word32 row = TrustedPeerHashSigner(cert->subjectHash); - - if (wc_LockMutex(&cm->tpLock) != 0) - return ret; - tp = cm->tpTable[row]; - while (tp) { - if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, - SIGNER_DIGEST_SIZE) == 0) - #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER - && (XMEMCMP(cert->issuerHash, tp->issuerHash, - SIGNER_DIGEST_SIZE) == 0) - #endif - ) - ret = 1; - #ifndef NO_SKID - if (cert->extSubjKeyIdSet) { - /* Compare SKID as well if available */ - if (ret == 1 && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash, - SIGNER_DIGEST_SIZE) != 0) - ret = 0; - } - #endif - if (ret == 1) - break; - tp = tp->next; - } - wc_UnLockMutex(&cm->tpLock); - - return ret; -} - - -/* return Trusted Peer if found, otherwise NULL - type is what to match on - */ -TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert) -{ - WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; - TrustedPeerCert* ret = NULL; - TrustedPeerCert* tp = NULL; - word32 row; - - if (cm == NULL || cert == NULL) - return NULL; - - row = TrustedPeerHashSigner(cert->subjectHash); - - if (wc_LockMutex(&cm->tpLock) != 0) - return ret; - - tp = cm->tpTable[row]; - while (tp) { - if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, - SIGNER_DIGEST_SIZE) == 0) - #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER - && (XMEMCMP(cert->issuerHash, tp->issuerHash, - SIGNER_DIGEST_SIZE) == 0) - #endif - ) - ret = tp; - #ifndef NO_SKID - if (cert->extSubjKeyIdSet) { - /* Compare SKID as well if available */ - if (ret != NULL && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash, - SIGNER_DIGEST_SIZE) != 0) - ret = NULL; - } - #endif - if (ret != NULL) - break; - tp = tp->next; - } - wc_UnLockMutex(&cm->tpLock); - - return ret; -} - - -int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert) -{ - if (tp == NULL || cert == NULL) - return BAD_FUNC_ARG; - - /* subject key id or subject hash has been compared when searching - tpTable for the cert from function GetTrustedPeer */ - - /* compare signatures */ - if (tp->sigLen == cert->sigLength) { - if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) { - return WOLFSSL_FAILURE; - } - } - else { - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} -#endif /* WOLFSSL_TRUST_PEER_CERT */ - - -/* return CA if found, otherwise NULL */ -Signer* GetCA(void* vp, byte* hash) -{ - WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; - Signer* ret = NULL; - Signer* signers; - word32 row = 0; - - if (cm == NULL || hash == NULL) - return NULL; - - row = HashSigner(hash); - - if (wc_LockMutex(&cm->caLock) != 0) - return ret; - - signers = cm->caTable[row]; - while (signers) { - byte* subjectHash; - #ifndef NO_SKID - subjectHash = signers->subjectKeyIdHash; - #else - subjectHash = signers->subjectNameHash; - #endif - if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { - ret = signers; - break; - } - signers = signers->next; - } - wc_UnLockMutex(&cm->caLock); - - return ret; -} - -#if defined(HAVE_OCSP) -Signer* GetCAByKeyHash(void* vp, const byte* keyHash) -{ - WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; - Signer* ret = NULL; - Signer* signers; - int row; - - if (cm == NULL || keyHash == NULL) - return NULL; - - /* try lookup using keyHash as subjKeyID first */ - ret = GetCA(vp, (byte*)keyHash); - if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { - return ret; - } - - /* if we can't find the cert, we have to scan the full table */ - if (wc_LockMutex(&cm->caLock) != 0) - return NULL; - - /* Unfortunately we need to look through the entire table */ - for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { - for (signers = cm->caTable[row]; signers != NULL; - signers = signers->next) { - if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { - ret = signers; - break; - } - } - } - - wc_UnLockMutex(&cm->caLock); - return ret; -} -#endif -#ifdef WOLFSSL_AKID_NAME -Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, - const byte* serial, word32 serialSz) -{ - WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; - Signer* ret = NULL; - Signer* signers; - byte nameHash[SIGNER_DIGEST_SIZE]; - byte serialHash[SIGNER_DIGEST_SIZE]; - word32 row; - - if (cm == NULL || issuer == NULL || issuerSz == 0 || - serial == NULL || serialSz == 0) - return NULL; - - if (CalcHashId(issuer, issuerSz, nameHash) != 0 || - CalcHashId(serial, serialSz, serialHash) != 0) - return NULL; - - if (wc_LockMutex(&cm->caLock) != 0) - return ret; - - /* Unfortunately we need to look through the entire table */ - for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { - for (signers = cm->caTable[row]; signers != NULL; - signers = signers->next) { - if (XMEMCMP(signers->subjectNameHash, nameHash, SIGNER_DIGEST_SIZE) - == 0 && XMEMCMP(signers->serialHash, serialHash, - SIGNER_DIGEST_SIZE) == 0) { - ret = signers; - break; - } - } - } - - wc_UnLockMutex(&cm->caLock); - - return ret; -} -#endif - -#ifndef NO_SKID -/* return CA if found, otherwise NULL. Walk through hash table. */ -Signer* GetCAByName(void* vp, byte* hash) -{ - WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; - Signer* ret = NULL; - Signer* signers; - word32 row; - - if (cm == NULL) - return NULL; - - if (wc_LockMutex(&cm->caLock) != 0) - return ret; - - for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { - signers = cm->caTable[row]; - while (signers && ret == NULL) { - if (XMEMCMP(hash, signers->subjectNameHash, - SIGNER_DIGEST_SIZE) == 0) { - ret = signers; - } - signers = signers->next; - } - } - wc_UnLockMutex(&cm->caLock); - - return ret; -} -#endif - - -#ifdef WOLFSSL_TRUST_PEER_CERT -/* add a trusted peer cert to linked list */ -int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) -{ - int ret = 0; - int row = 0; - TrustedPeerCert* peerCert; - DecodedCert* cert; - DerBuffer* der = *pDer; - - WOLFSSL_MSG("Adding a Trusted Peer Cert"); - - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, - DYNAMIC_TYPE_DCERT); - if (cert == NULL) { - FreeDer(&der); - return MEMORY_E; - } - - InitDecodedCert(cert, der->buffer, der->length, cm->heap); - if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) { - FreeDecodedCert(cert); - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); - FreeDer(&der); - return ret; - } - WOLFSSL_MSG("\tParsed new trusted peer cert"); - - peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap, - DYNAMIC_TYPE_CERT); - if (peerCert == NULL) { - FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); - FreeDer(&der); - return MEMORY_E; - } - XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); - - #ifndef IGNORE_NAME_CONSTRAINTS - if (peerCert->permittedNames) - FreeNameSubtrees(peerCert->permittedNames, cm->heap); - if (peerCert->excludedNames) - FreeNameSubtrees(peerCert->excludedNames, cm->heap); - #endif - - if (AlreadyTrustedPeer(cm, cert)) { - WOLFSSL_MSG("\tAlready have this CA, not adding again"); - FreeTrustedPeer(peerCert, cm->heap); - (void)ret; - } - else { - /* add trusted peer signature */ - peerCert->sigLen = cert->sigLength; - peerCert->sig = (byte *)XMALLOC(cert->sigLength, cm->heap, - DYNAMIC_TYPE_SIGNATURE); - if (peerCert->sig == NULL) { - FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); - FreeTrustedPeer(peerCert, cm->heap); - FreeDer(&der); - return MEMORY_E; - } - XMEMCPY(peerCert->sig, cert->signature, cert->sigLength); - - /* add trusted peer name */ - peerCert->nameLen = cert->subjectCNLen; - peerCert->name = cert->subjectCN; - #ifndef IGNORE_NAME_CONSTRAINTS - peerCert->permittedNames = cert->permittedNames; - peerCert->excludedNames = cert->excludedNames; - #endif - - /* add SKID when available and hash of name */ - #ifndef NO_SKID - XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId, - SIGNER_DIGEST_SIZE); - #endif - XMEMCPY(peerCert->subjectNameHash, cert->subjectHash, - SIGNER_DIGEST_SIZE); - #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER - XMEMCPY(peerCert->issuerHash, cert->issuerHash, - SIGNER_DIGEST_SIZE); - #endif - /* If Key Usage not set, all uses valid. */ - peerCert->next = NULL; - cert->subjectCN = 0; - #ifndef IGNORE_NAME_CONSTRAINTS - cert->permittedNames = NULL; - cert->excludedNames = NULL; - #endif - - row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash); - - if (wc_LockMutex(&cm->tpLock) == 0) { - peerCert->next = cm->tpTable[row]; - cm->tpTable[row] = peerCert; /* takes ownership */ - wc_UnLockMutex(&cm->tpLock); - } - else { - WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed"); - FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); - FreeTrustedPeer(peerCert, cm->heap); - FreeDer(&der); - return BAD_MUTEX_E; - } - } - - WOLFSSL_MSG("\tFreeing parsed trusted peer cert"); - FreeDecodedCert(cert); - XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); - WOLFSSL_MSG("\tFreeing der trusted peer cert"); - FreeDer(&der); - WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert"); - WOLFSSL_LEAVE("AddTrustedPeer", ret); - - return WOLFSSL_SUCCESS; -} -#endif /* WOLFSSL_TRUST_PEER_CERT */ - -int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s) -{ - byte* subjectHash; - Signer* signers; - word32 row; - - if (cm == NULL || s == NULL) - return BAD_FUNC_ARG; - -#ifndef NO_SKID - subjectHash = s->subjectKeyIdHash; -#else - subjectHash = s->subjectNameHash; -#endif - - if (AlreadySigner(cm, subjectHash)) { - FreeSigner(s, cm->heap); - return 0; - } - - row = HashSigner(subjectHash); - - if (wc_LockMutex(&cm->caLock) != 0) - return BAD_MUTEX_E; - - signers = cm->caTable[row]; - s->next = signers; - cm->caTable[row] = s; - - wc_UnLockMutex(&cm->caLock); - return 0; -} - -/* owns der, internal now uses too */ -/* type flag ids from user or from chain received during verify - don't allow chain ones to be added w/o isCA extension */ -int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) -{ - int ret; - Signer* signer = NULL; - word32 row; - byte* subjectHash; - WC_DECLARE_VAR(cert, DecodedCert, 1, 0); - DerBuffer* der = *pDer; - - WOLFSSL_MSG_CERT_LOG("Adding a CA"); - - if (cm == NULL) { - FreeDer(pDer); - return BAD_FUNC_ARG; - } - - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); - if (cert == NULL) { - FreeDer(pDer); - return MEMORY_E; - } - #endif - - InitDecodedCert(cert, der->buffer, der->length, cm->heap); - -#ifdef WC_ASN_UNKNOWN_EXT_CB - if (cm->unknownExtCallback != NULL) { - wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); - } -#endif - - WOLFSSL_MSG_CERT("\tParsing new CA"); - ret = ParseCert(cert, CA_TYPE, verify, cm); - - WOLFSSL_MSG("\tParsed new CA"); -#ifdef WOLFSSL_DEBUG_CERTS - { - const char* err_msg; - if (ret == 0) { - WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'", - cert->issuer); - WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'", - cert->subject); - } - else { - WOLFSSL_MSG_CERT( - WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA"); - err_msg = wc_GetErrorString(ret); - WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s", - ret, err_msg); - } - } -#endif /* WOLFSSL_DEBUG_CERTS */ - -#ifndef NO_SKID - subjectHash = cert->extSubjKeyId; -#else - subjectHash = cert->subjectHash; -#endif - - /* check CA key size */ - if (verify && (ret == 0 )) { - switch (cert->keyOID) { - #ifndef NO_RSA - #ifdef WC_RSA_PSS - case RSAPSSk: - #endif - case RSAk: - if (cm->minRsaKeySz < 0 || - cert->pubKeySize < (word16)cm->minRsaKeySz) { - ret = RSA_KEY_SIZE_E; - WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error"); - WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; " - "minRsaKeySz = %d", - cert->pubKeySize, cm->minRsaKeySz); - } - break; - #endif /* !NO_RSA */ - #ifdef HAVE_ECC - case ECDSAk: - if (cm->minEccKeySz < 0 || - cert->pubKeySize < (word16)cm->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error"); - WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; " - "minEccKeySz = %d", - cert->pubKeySize, cm->minEccKeySz); - } - break; - #endif /* HAVE_ECC */ - #ifdef HAVE_ED25519 - case ED25519k: - if (cm->minEccKeySz < 0 || - ED25519_KEY_SIZE < (word16)cm->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("\tCA ECC key size error"); - } - break; - #endif /* HAVE_ED25519 */ - #ifdef HAVE_ED448 - case ED448k: - if (cm->minEccKeySz < 0 || - ED448_KEY_SIZE < (word16)cm->minEccKeySz) { - ret = ECC_KEY_SIZE_E; - WOLFSSL_MSG("\tCA ECC key size error"); - } - break; - #endif /* HAVE_ED448 */ - #if defined(HAVE_FALCON) - case FALCON_LEVEL1k: - if (cm->minFalconKeySz < 0 || - FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Falcon level 1 key size error"); - } - break; - case FALCON_LEVEL5k: - if (cm->minFalconKeySz < 0 || - FALCON_LEVEL5_KEY_SIZE < (word16)cm->minFalconKeySz) { - ret = FALCON_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Falcon level 5 key size error"); - } - break; - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - case DILITHIUM_LEVEL2k: - if (cm->minDilithiumKeySz < 0 || - DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 2 key size error"); - } - break; - case DILITHIUM_LEVEL3k: - if (cm->minDilithiumKeySz < 0 || - DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 3 key size error"); - } - break; - case DILITHIUM_LEVEL5k: - if (cm->minDilithiumKeySz < 0 || - DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); - } - break; - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ - case ML_DSA_LEVEL2k: - if (cm->minDilithiumKeySz < 0 || - ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 2 key size error"); - } - break; - case ML_DSA_LEVEL3k: - if (cm->minDilithiumKeySz < 0 || - ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 3 key size error"); - } - break; - case ML_DSA_LEVEL5k: - if (cm->minDilithiumKeySz < 0 || - ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) { - ret = DILITHIUM_KEY_SIZE_E; - WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); - } - break; - #endif /* HAVE_DILITHIUM */ - - default: - WOLFSSL_MSG("\tNo key size check done on CA"); - break; /* no size check if key type is not in switch */ - } - } - - if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && - type != WOLFSSL_TEMP_CA) { - WOLFSSL_MSG("\tCan't add as CA if not actually one"); - ret = NOT_CA_ERROR; - } -#ifndef ALLOW_INVALID_CERTSIGN - else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - type != WOLFSSL_TEMP_CA && !cert->selfSigned && - (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { - /* Intermediate CA certs are required to have the keyCertSign - * extension set. User loaded root certs are not. */ - WOLFSSL_MSG("\tDoesn't have key usage certificate signing"); - ret = NOT_CA_ERROR; - } -#endif - else if (ret == 0 && AlreadySigner(cm, subjectHash)) { - WOLFSSL_MSG("\tAlready have this CA, not adding again"); - (void)ret; - } - else if (ret == 0) { - /* take over signer parts */ - signer = MakeSigner(cm->heap); - if (!signer) - ret = MEMORY_ERROR; - } - if (ret == 0 && signer != NULL) { - ret = FillSigner(signer, cert, type, der); - - if (ret == 0){ - #ifndef NO_SKID - row = HashSigner(signer->subjectKeyIdHash); - #else - row = HashSigner(signer->subjectNameHash); - #endif - } - - #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - /* Verify CA by TSIP so that generated tsip key is going to */ - /* be able to be used for peer's cert verification */ - /* TSIP is only able to handle USER CA, and only one CA. */ - /* Therefore, it doesn't need to call TSIP again if there is already */ - /* verified CA. */ - if ( ret == 0 && signer != NULL ) { - signer->cm_idx = row; - if (type == WOLFSSL_USER_CA) { - if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, - cert->maxIdx, - cert->sigCtx.CertAtt.pubkey_n_start, - cert->sigCtx.CertAtt.pubkey_n_len - 1, - cert->sigCtx.CertAtt.pubkey_e_start, - cert->sigCtx.CertAtt.pubkey_e_len - 1, - row/* cm index */)) - < 0) - WOLFSSL_MSG("Renesas_RootCertVerify() failed"); - else - WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); - } - } - #endif /* TSIP or SCE */ - - if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { - signer->next = cm->caTable[row]; - cm->caTable[row] = signer; /* takes ownership */ - wc_UnLockMutex(&cm->caLock); - if (cm->caCacheCallback) - cm->caCacheCallback(der->buffer, (int)der->length, type); - } - else { - WOLFSSL_MSG("\tCA Mutex Lock failed"); - ret = BAD_MUTEX_E; - } - } - - WOLFSSL_MSG("\tFreeing Parsed CA"); - FreeDecodedCert(cert); - if (ret != 0 && signer != NULL) - FreeSigner(signer, cm->heap); - WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT); - WOLFSSL_MSG("\tFreeing der CA"); - FreeDer(pDer); - WOLFSSL_MSG("\t\tOK Freeing der CA"); - - WOLFSSL_LEAVE("AddCA", ret); - - return ret == 0 ? WOLFSSL_SUCCESS : ret; -} - -/* Removes the CA with the passed in subject hash from the - cert manager's CA cert store. */ -int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type) -{ - Signer* current; - Signer** prev; - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - word32 row; - - WOLFSSL_MSG("Removing a CA"); - - if (cm == NULL || hash == NULL) { - return BAD_FUNC_ARG; - } - - row = HashSigner(hash); - - if (wc_LockMutex(&cm->caLock) != 0) { - return BAD_MUTEX_E; - } - current = cm->caTable[row]; - prev = &cm->caTable[row]; - while (current) { - byte* subjectHash; - - #ifndef NO_SKID - subjectHash = current->subjectKeyIdHash; - #else - subjectHash = current->subjectNameHash; - #endif - - if ((current->type == type) && - (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) { - *prev = current->next; - FreeSigner(current, cm->heap); - ret = WOLFSSL_SUCCESS; - break; - } - prev = ¤t->next; - current = current->next; - } - wc_UnLockMutex(&cm->caLock); - - WOLFSSL_LEAVE("RemoveCA", ret); - - return ret; -} - - -/* Sets the CA with the passed in subject hash - to the provided type. */ -int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type) -{ - Signer* current; - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - word32 row; - - WOLFSSL_MSG_EX("Setting CA to type %d", type); - - if (cm == NULL || hash == NULL || - type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) { - return ret; - } - - row = HashSigner(hash); - - if (wc_LockMutex(&cm->caLock) != 0) { - return ret; - } - current = cm->caTable[row]; - while (current) { - byte* subjectHash; - - #ifndef NO_SKID - subjectHash = current->subjectKeyIdHash; - #else - subjectHash = current->subjectNameHash; - #endif - - if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { - current->type = (byte)type; - ret = WOLFSSL_SUCCESS; - break; - } - current = current->next; - } - wc_UnLockMutex(&cm->caLock); - - WOLFSSL_LEAVE("SetCAType", ret); - - return ret; -} -#endif /* !NO_CERTS */ - - #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int wolfSSL_RAND_InitMutex(void); #endif @@ -6528,7 +5227,7 @@ #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ if (ret == WOLFSSL_SUCCESS) { - initRefCount++; + initRefCount = initRefCount + 1; } else { initRefCount = 1; /* Force cleanup */ @@ -6827,2548 +5526,8 @@ #define WOLFSSL_SSL_LOAD_INCLUDED #include -#ifndef NO_CERTS - -#ifdef HAVE_CRL - -int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, - long sz, int type) -{ - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type); -} - - -int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, - long sz, int type) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer"); - - if (ssl == NULL || ssl->ctx == NULL) - return BAD_FUNC_ARG; - - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type); -} - -#endif /* HAVE_CRL */ - -#ifdef HAVE_OCSP -int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) -{ - WOLFSSL_ENTER("wolfSSL_EnableOCSP"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_DisableOCSP(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_DisableOCSP"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) -{ - WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); - } - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, - CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) -{ - WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ - return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), - ioCb, respFreeCb, NULL); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP"); - if (ctx) - return wolfSSL_CertManagerEnableOCSP(ctx->cm, options); - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP"); - if (ctx) - return wolfSSL_CertManagerDisableOCSP(ctx->cm); - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url) -{ - WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); - if (ctx) - return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url); - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, - CbOCSPRespFree respFreeCb, void* ioCbCtx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb"); - if (ctx) - return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, - respFreeCb, ioCbCtx); - else - return BAD_FUNC_ARG; -} - -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) -int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); - if (ctx) - return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling"); - if (ctx) - return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm); - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple"); - if (ctx) - return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm); - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple"); - if (ctx) - return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm); - else - return BAD_FUNC_ARG; -} -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \ - * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ - -#endif /* HAVE_OCSP */ - -#ifdef HAVE_CRL - -int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) -{ - WOLFSSL_ENTER("wolfSSL_EnableCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); - } - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_DisableCRL(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_DisableCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); - } - else - return BAD_FUNC_ARG; -} - -#ifndef NO_FILESYSTEM -int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRL"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) -{ - WOLFSSL_ENTER("wolfSSL_LoadCRLFile"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); - } - else - return BAD_FUNC_ARG; -} -#endif - -int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) -{ - WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); - } - else - return BAD_FUNC_ARG; -} - -int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx) -{ - WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx); - } - else - return BAD_FUNC_ARG; -} - -#ifdef HAVE_CRL_IO -int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) -{ - WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); - if (ssl) { - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb); - } - else - return BAD_FUNC_ARG; -} -#endif - -int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options) -{ - WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL"); - if (ctx) - return wolfSSL_CertManagerEnableCRL(ctx->cm, options); - else - return BAD_FUNC_ARG; -} - - -int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL"); - if (ctx) - return wolfSSL_CertManagerDisableCRL(ctx->cm); - else - return BAD_FUNC_ARG; -} - - -#ifndef NO_FILESYSTEM -int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, - int type, int monitor) -{ - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); - if (ctx) - return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file, - int type) -{ - WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); - if (ctx) - return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type); - else - return BAD_FUNC_ARG; -} -#endif - - -int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb"); - if (ctx) - return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb); - else - return BAD_FUNC_ARG; -} - -int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb"); - if (ctx) - return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx); - else - return BAD_FUNC_ARG; -} - -#ifdef HAVE_CRL_IO -int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb"); - if (ctx) - return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb); - else - return BAD_FUNC_ARG; -} -#endif - - -#endif /* HAVE_CRL */ - - -/* Sets the max chain depth when verifying a certificate chain. Default depth - * is set to MAX_CHAIN_DEPTH. - * - * ctx WOLFSSL_CTX structure to set depth in - * depth max depth - */ -void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { - WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); - - if (ctx == NULL || depth < 0 || depth > MAX_CHAIN_DEPTH) { - WOLFSSL_MSG("Bad depth argument, too large or less than 0"); - return; - } - - ctx->verifyDepth = (byte)depth; -} - - -/* get cert chaining depth using ssl struct */ -long wolfSSL_get_verify_depth(WOLFSSL* ssl) -{ - if(ssl == NULL) { - return BAD_FUNC_ARG; - } -#ifndef OPENSSL_EXTRA - return MAX_CHAIN_DEPTH; -#else - return ssl->options.verifyDepth; -#endif -} - - -/* get cert chaining depth using ctx struct */ -long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) -{ - if (ctx == NULL) { - return BAD_FUNC_ARG; - } -#ifndef OPENSSL_EXTRA - return MAX_CHAIN_DEPTH; -#else - return ctx->verifyDepth; -#endif -} - -#ifndef NO_CHECK_PRIVATE_KEY - -#ifdef WOLF_PRIVATE_KEY_ID -/* Check private against public in certificate for match using external - * device with given devId */ -static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, - const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId) -{ - int ret = 0; - int type = 0; - void *pkey = NULL; - - if (privKey == NULL) { - return MISSING_KEY; - } - -#ifndef NO_RSA - if (keyOID == RSAk) { - type = DYNAMIC_TYPE_RSA; - } -#ifdef WC_RSA_PSS - if (keyOID == RSAPSSk) { - type = DYNAMIC_TYPE_RSA; - } -#endif -#endif -#ifdef HAVE_ECC - if (keyOID == ECDSAk) { - type = DYNAMIC_TYPE_ECC; - } -#endif -#if defined(HAVE_DILITHIUM) - if ((keyOID == ML_DSA_LEVEL2k) || - (keyOID == ML_DSA_LEVEL3k) || - (keyOID == ML_DSA_LEVEL5k) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - || (keyOID == DILITHIUM_LEVEL2k) - || (keyOID == DILITHIUM_LEVEL3k) - || (keyOID == DILITHIUM_LEVEL5k) - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ - ) { - type = DYNAMIC_TYPE_DILITHIUM; - } -#endif -#if defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - type = DYNAMIC_TYPE_FALCON; - } -#endif - - ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, - heap, devId); - #ifdef WOLF_CRYPTO_CB - if (ret == 0) { - #ifndef NO_RSA - if (keyOID == RSAk - #ifdef WC_RSA_PSS - || keyOID == RSAPSSk - #endif - ) { - ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz); - } - #endif - #ifdef HAVE_ECC - if (keyOID == ECDSAk) { - ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, pubSz); - } - #endif - #if defined(HAVE_DILITHIUM) - if ((keyOID == ML_DSA_LEVEL2k) || - (keyOID == ML_DSA_LEVEL3k) || - (keyOID == ML_DSA_LEVEL5k) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - || (keyOID == DILITHIUM_LEVEL2k) - || (keyOID == DILITHIUM_LEVEL3k) - || (keyOID == DILITHIUM_LEVEL5k) - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ - ) { - ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, - WC_PQC_SIG_TYPE_DILITHIUM, - pubKey, pubSz); - } - #endif - #if defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, - WC_PQC_SIG_TYPE_FALCON, - pubKey, pubSz); - } - #endif - } - #else - /* devId was set, don't check, for now */ - /* TODO: Add callback for private key check? */ - (void) pubKey; - (void) pubSz; - #endif - if (pkey != NULL) { - #ifndef NO_RSA - if (keyOID == RSAk - #ifdef WC_RSA_PSS - || keyOID == RSAPSSk - #endif - ) { - wc_FreeRsaKey((RsaKey*)pkey); - } - #endif - #ifdef HAVE_ECC - if (keyOID == ECDSAk) { - wc_ecc_free((ecc_key*)pkey); - } - #endif - #if defined(HAVE_DILITHIUM) - if ((keyOID == ML_DSA_LEVEL2k) || - (keyOID == ML_DSA_LEVEL3k) || - (keyOID == ML_DSA_LEVEL5k) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - || (keyOID == DILITHIUM_LEVEL2k) - || (keyOID == DILITHIUM_LEVEL3k) - || (keyOID == DILITHIUM_LEVEL5k) - #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ - ) { - wc_dilithium_free((dilithium_key*)pkey); - } - #endif - #if defined(HAVE_FALCON) - if ((keyOID == FALCON_LEVEL1k) || - (keyOID == FALCON_LEVEL5k)) { - wc_falcon_free((falcon_key*)pkey); - } - #endif - XFREE(pkey, heap, type); - } - - return ret; -} -#endif /* WOLF_PRIVATE_KEY_ID */ - -/* Check private against public in certificate for match - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched */ -static int check_cert_key(const DerBuffer* cert, const DerBuffer* key, - const DerBuffer* altKey, void* heap, int devId, int isKeyLabel, int isKeyId, - int altDevId, int isAltKeyLabel, int isAltKeyId) -{ - WC_DECLARE_VAR(der, DecodedCert, 1, 0); - word32 size; - byte* buff; - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - - WOLFSSL_ENTER("check_cert_key"); - - if (cert == NULL || key == NULL) { - return WOLFSSL_FAILURE; - } - - WC_ALLOC_VAR_EX(der, DecodedCert, 1, heap, DYNAMIC_TYPE_DCERT, - return MEMORY_E); - - size = cert->length; - buff = cert->buffer; - InitDecodedCert_ex(der, buff, size, heap, devId); - if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { - FreeDecodedCert(der); - WC_FREE_VAR_EX(der, heap, DYNAMIC_TYPE_DCERT); - return WOLFSSL_FAILURE; - } - - size = key->length; - buff = key->buffer; -#ifdef WOLF_PRIVATE_KEY_ID - if (devId != INVALID_DEVID) { - ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey, - der->pubKeySize, isKeyLabel, isKeyId, heap, - devId); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { - ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - } - else { - /* fall through if unavailable */ - ret = CRYPTOCB_UNAVAILABLE; - } - - if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) -#endif /* WOLF_PRIVATE_KEY_ID */ - { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); - ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (ret == WOLFSSL_SUCCESS && der->extSapkiSet && der->sapkiDer != NULL) { - /* Certificate contains an alternative public key. Hence, we also - * need an alternative private key. */ - if (altKey == NULL) { - ret = MISSING_KEY; - buff = NULL; - size = 0; - } - else { - size = altKey->length; - buff = altKey->buffer; - } -#ifdef WOLF_PRIVATE_KEY_ID - if (ret == WOLFSSL_SUCCESS && altDevId != INVALID_DEVID) { - /* We have to decode the public key first */ - /* Default to max pub key size. */ - word32 pubKeyLen = MAX_PUBLIC_KEY_SZ; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (decodedPubKey == NULL) { - ret = MEMORY_E; - } - if (ret == WOLFSSL_SUCCESS) { - if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) { - /* Simply copy the data */ - XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); - pubKeyLen = der->sapkiLen; - ret = 0; - } - else { - #if defined(WC_ENABLE_ASYM_KEY_IMPORT) - word32 idx = 0; - ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, - der->sapkiLen, decodedPubKey, - &pubKeyLen, der->sapkiOID); - #else - ret = NOT_COMPILED_IN; - #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ - } - } - if (ret == 0) { - ret = check_cert_key_dev(der->sapkiOID, buff, size, - decodedPubKey, pubKeyLen, - isAltKeyLabel, isAltKeyId, - heap, altDevId); - } - XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { - ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - } - else { - /* fall through if unavailable */ - ret = CRYPTOCB_UNAVAILABLE; - } - - if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) -#endif /* WOLF_PRIVATE_KEY_ID */ - { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); - ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; - } - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - FreeDecodedCert(der); - WC_FREE_VAR_EX(der, heap, DYNAMIC_TYPE_DCERT); - - (void)devId; - (void)isKeyLabel; - (void)isKeyId; - (void)altKey; - (void)altDevId; - (void)isAltKeyLabel; - (void)isAltKeyId; - - return ret; -} - -/* Check private against public in certificate for match - * - * ctx WOLFSSL_CTX structure to check private key in - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched. */ -int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) -{ - int res = WOLFSSL_SUCCESS; -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - DerBuffer *privateKey; -#ifdef WOLFSSL_DUAL_ALG_CERTS - DerBuffer *altPrivateKey; -#endif -#else - const DerBuffer *privateKey; -#ifdef WOLFSSL_DUAL_ALG_CERTS - const DerBuffer *altPrivateKey; -#endif -#endif - - if (ctx == NULL) { - return WOLFSSL_FAILURE; - } - -#ifdef WOLFSSL_DUAL_ALG_CERTS -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - privateKey = wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); - altPrivateKey = wolfssl_priv_der_unblind(ctx->altPrivateKey, - ctx->altPrivateKeyMask); - if ((privateKey == NULL) || (altPrivateKey == NULL)) { - res = WOLFSSL_FAILURE; - } -#else - privateKey = ctx->privateKey; - altPrivateKey = ctx->altPrivateKey; -#endif - if (res == WOLFSSL_SUCCESS) { - res = check_cert_key(ctx->certificate, privateKey, altPrivateKey, - ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel, - ctx->privateKeyId, ctx->altPrivateKeyDevId, - ctx->altPrivateKeyLabel, ctx->altPrivateKeyId) != 0; - } -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_unblind_free(privateKey); - wolfssl_priv_der_unblind_free(altPrivateKey); -#endif -#else -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - privateKey = wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); - if (privateKey == NULL) { - res = WOLFSSL_FAILURE; - } -#else - privateKey = ctx->privateKey; -#endif - if (res == WOLFSSL_SUCCESS) { - res = check_cert_key(ctx->certificate, privateKey, NULL, ctx->heap, - ctx->privateKeyDevId, ctx->privateKeyLabel, - ctx->privateKeyId, INVALID_DEVID, 0, 0); - } -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_unblind_free(privateKey); -#endif -#endif - - /* placing error into error queue for Python port */ - if (res != WOLFSSL_SUCCESS) { - WOLFSSL_ERROR(WC_KEY_MISMATCH_E); - } - - return res; -} -#endif /* !NO_CHECK_PRIVATE_KEY */ - -#ifdef OPENSSL_ALL -/** - * Return the private key of the WOLFSSL_CTX struct - * @return WOLFSSL_EVP_PKEY* The caller doesn *NOT*` free the returned object. - * - * Note, even though the supplied ctx pointer is designated const, on success - * ctx->privateKeyPKey is changed by this call. The change is done safely using - * a hardware-synchronized store. - */ -WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) -{ - WOLFSSL_EVP_PKEY* res; - const unsigned char *key; - int type; - - WOLFSSL_ENTER("wolfSSL_CTX_get0_privatekey"); - - if (ctx == NULL || ctx->privateKey == NULL || - ctx->privateKey->buffer == NULL) { - WOLFSSL_MSG("Bad parameter or key not set"); - return NULL; - } - - switch (ctx->privateKeyType) { -#ifndef NO_RSA - case rsa_sa_algo: - type = WC_EVP_PKEY_RSA; - break; -#endif -#ifdef HAVE_ECC - case ecc_dsa_sa_algo: - type = WC_EVP_PKEY_EC; - break; -#endif -#ifdef WOLFSSL_SM2 - case sm2_sa_algo: - type = WC_EVP_PKEY_EC; - break; -#endif - default: - /* Other key types not supported either as ssl private keys - * or in the EVP layer */ - WOLFSSL_MSG("Unsupported key type"); - return NULL; - } - - if (ctx->privateKeyPKey != NULL) { - res = ctx->privateKeyPKey; - } - else { - #ifdef WOLFSSL_BLIND_PRIVATE_KEY - DerBuffer *unblinded_privateKey = - wolfssl_priv_der_unblind(ctx->privateKey, ctx->privateKeyMask); - if (unblinded_privateKey == NULL) - return NULL; - key = unblinded_privateKey->buffer; - #else - key = ctx->privateKey->buffer; - #endif - res = wolfSSL_d2i_PrivateKey(type, NULL, &key, - (long)ctx->privateKey->length); - #ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_unblind_free(unblinded_privateKey); - #endif - if (res) { -#ifdef WOLFSSL_ATOMIC_OPS - WOLFSSL_EVP_PKEY *current_pkey = NULL; - if (! wolfSSL_Atomic_Ptr_CompareExchange( - (void **)&ctx->privateKeyPKey, - (void **)¤t_pkey, res)) - { - wolfSSL_EVP_PKEY_free(res); - res = current_pkey; - } -#else - ((WOLFSSL_CTX *)ctx)->privateKeyPKey = res; -#endif - } - } - - return res; -} -#endif - -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - -#if !defined(NO_RSA) -static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - word32 keyIdx = 0; - int isRsaKey; - int ret = 1; -#ifndef WOLFSSL_SMALL_STACK - RsaKey rsa[1]; -#else - RsaKey *rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); - if (rsa == NULL) - return 0; -#endif - - XMEMSET(rsa, 0, sizeof(RsaKey)); - - if (wc_InitRsaKey(rsa, NULL) != 0) { - WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA); - return 0; - } - /* test if RSA key */ - if (priv) { - isRsaKey = - (wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); - } - else { - isRsaKey = - (wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); - } - wc_FreeRsaKey(rsa); - WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA); - - if (!isRsaKey) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("RSA wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - - pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - ret = 0; - } - if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = WC_EVP_PKEY_RSA; - - pkey->ownRsa = 1; - pkey->rsa = wolfssl_rsa_d2i(NULL, mem, memSz, - priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC); - if (pkey->rsa == NULL) { - ret = 0; - } - } - - if (ret == 1) { - *out = pkey; - } - - if ((ret == 0) && (*out == NULL)) { - wolfSSL_EVP_PKEY_free(pkey); - } - return ret; -} -#endif /* !NO_RSA */ - -#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) -static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - word32 keyIdx = 0; - int isEccKey; - int ret = 1; -#ifndef WOLFSSL_SMALL_STACK - ecc_key ecc[1]; -#else - ecc_key *ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, - DYNAMIC_TYPE_ECC); - if (ecc == NULL) - return 0; -#endif - - XMEMSET(ecc, 0, sizeof(ecc_key)); - - if (wc_ecc_init(ecc) != 0) { - WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC); - return 0; - } - - if (priv) { - isEccKey = - (wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); - } - else { - isEccKey = - (wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); - } - wc_ecc_free(ecc); - WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC); - - if (!isEccKey) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("ECC wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - - pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - ret = 0; - } - if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = WC_EVP_PKEY_EC; - - pkey->ownEcc = 1; - pkey->ecc = wolfSSL_EC_KEY_new(); - if (pkey->ecc == NULL) { - ret = 0; - } - } - if ((ret == 1) && (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE - : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { - ret = 0; - } - if (ret == 1) { - *out = pkey; - } - - if ((ret == 0) && (*out == NULL)) { - wolfSSL_EVP_PKEY_free(pkey); - } - return ret; -} -#endif /* HAVE_ECC && OPENSSL_EXTRA */ - -#if !defined(NO_DSA) -static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - word32 keyIdx = 0; - int isDsaKey; - int ret = 1; -#ifndef WOLFSSL_SMALL_STACK - DsaKey dsa[1]; -#else - DsaKey *dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA); - if (dsa == NULL) - return 0; -#endif - - XMEMSET(dsa, 0, sizeof(DsaKey)); - - if (wc_InitDsaKey(dsa) != 0) { - WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA); - return 0; - } - - if (priv) { - isDsaKey = - (wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); - } - else { - isDsaKey = - (wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); - } - wc_FreeDsaKey(dsa); - WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA); - - /* test if DSA key */ - if (!isDsaKey) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("DSA wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - - pkey->pkey_sz = (int)keyIdx; - pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - ret = 0; - } - if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, keyIdx); - pkey->type = WC_EVP_PKEY_DSA; - - pkey->ownDsa = 1; - pkey->dsa = wolfSSL_DSA_new(); - if (pkey->dsa == NULL) { - ret = 0; - } - } - - if ((ret == 1) && (wolfSSL_DSA_LoadDer_ex(pkey->dsa, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE - : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { - ret = 0; - } - if (ret == 1) { - *out = pkey; - } - - if ((ret == 0) && (*out == NULL)) { - wolfSSL_EVP_PKEY_free(pkey); - } - return ret; -} -#endif /* NO_DSA */ - -#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) -static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - int isDhKey; - word32 keyIdx = 0; - int ret = 1; -#ifndef WOLFSSL_SMALL_STACK - DhKey dh[1]; -#else - DhKey *dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); - if (dh == NULL) - return 0; -#endif - - XMEMSET(dh, 0, sizeof(DhKey)); - - if (wc_InitDhKey(dh) != 0) { - WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); - return 0; - } - - isDhKey = (wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0); - wc_FreeDhKey(dh); - WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); - - /* test if DH key */ - if (!isDhKey) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("DH wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - - pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - ret = 0; - } - if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); - pkey->type = WC_EVP_PKEY_DH; - - pkey->ownDh = 1; - pkey->dh = wolfSSL_DH_new(); - if (pkey->dh == NULL) { - ret = 0; - } - } - - if ((ret == 1) && (wolfSSL_DH_LoadDer(pkey->dh, - (const unsigned char*)pkey->pkey.ptr, - pkey->pkey_sz) != WOLFSSL_SUCCESS)) { - ret = 0; - } - if (ret == 1) { - *out = pkey; - } - - if ((ret == 0) && (*out == NULL)) { - wolfSSL_EVP_PKEY_free(pkey); - } - return ret; -} -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ - -#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) -static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - word32 keyIdx = 0; - DhKey* key = NULL; - int elements; - int ret; -#ifndef WOLFSSL_SMALL_STACK - DhKey dh[1]; -#else - DhKey* dh = (DhKey*)XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); - if (dh == NULL) - return 0; -#endif - XMEMSET(dh, 0, sizeof(DhKey)); - - /* test if DH-public key */ - if (wc_InitDhKey(dh) != 0) { - WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); - return 0; - } - - ret = wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz); - wc_FreeDhKey(dh); - WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); - - if (ret != 0) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - return 0; - } - } - - ret = 1; - pkey->type = WC_EVP_PKEY_DH; - pkey->pkey_sz = (int)memSz; - pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, - priv ? DYNAMIC_TYPE_PRIVATE_KEY : - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL) { - ret = 0; - } - if (ret == 1) { - XMEMCPY(pkey->pkey.ptr, mem, (size_t)memSz); - pkey->ownDh = 1; - pkey->dh = wolfSSL_DH_new(); - if (pkey->dh == NULL) { - ret = 0; - } - } - - if (ret == 1) { - key = (DhKey*)pkey->dh->internal; - - keyIdx = 0; - if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) != 0) { - ret = 0; - } - } - - if (ret == 1) { - elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; - if (priv) { - elements |= ELEMENT_PRV; - } - if (SetDhExternal_ex(pkey->dh, elements) != WOLFSSL_SUCCESS ) { - ret = 0; - } - } - if (ret == 1) { - *out = pkey; - } - - if ((ret == 0) && (*out == NULL)) { - wolfSSL_EVP_PKEY_free(pkey); - } - return ret; -} -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ - -#ifdef HAVE_FALCON -static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - int isFalcon = 0; -#ifndef WOLFSSL_SMALL_STACK - falcon_key falcon[1]; -#else - falcon_key *falcon = (falcon_key *)XMALLOC(sizeof(falcon_key), NULL, - DYNAMIC_TYPE_FALCON); - if (falcon == NULL) { - return 0; - } -#endif - - if (wc_falcon_init(falcon) != 0) { - WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON); - return 0; - } - - /* test if Falcon key */ - if (priv) { - /* Try level 1 */ - isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) && - (wc_falcon_import_private_only(mem, (word32)memSz, - falcon) == 0)); - if (!isFalcon) { - /* Try level 5 */ - isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) && - (wc_falcon_import_private_only(mem, (word32)memSz, - falcon) == 0)); - } - } - else { - /* Try level 1 */ - isFalcon = ((wc_falcon_set_level(falcon, 1) == 0) && - (wc_falcon_import_public(mem, (word32)memSz, falcon) == 0)); - - if (!isFalcon) { - /* Try level 5 */ - isFalcon = ((wc_falcon_set_level(falcon, 5) == 0) && - (wc_falcon_import_public(mem, (word32)memSz, - falcon) == 0)); - } - } - wc_falcon_free(falcon); - WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON); - - if (!isFalcon) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - /* Create a fake Falcon EVP_PKEY. In the future, we might integrate - * Falcon into the compatibility layer. */ - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("Falcon wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - pkey->type = WC_EVP_PKEY_FALCON; - pkey->pkey.ptr = NULL; - pkey->pkey_sz = 0; - - *out = pkey; - return 1; - -} -#endif /* HAVE_FALCON */ - -#ifdef HAVE_DILITHIUM -static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, - long memSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey; - int isDilithium = 0; -#ifndef WOLFSSL_SMALL_STACK - dilithium_key dilithium[1]; -#else - dilithium_key *dilithium = (dilithium_key *) - XMALLOC(sizeof(dilithium_key), NULL, DYNAMIC_TYPE_DILITHIUM); - if (dilithium == NULL) { - return 0; - } -#endif - - if (wc_dilithium_init(dilithium) != 0) { - WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); - return 0; - } - - /* Test if Dilithium key. Try all levels. */ - if (priv) { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) && - (wc_dilithium_import_private(mem, - (word32)memSz, dilithium) == 0)); - if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) && - (wc_dilithium_import_private(mem, - (word32)memSz, dilithium) == 0)); - } - if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) && - (wc_dilithium_import_private(mem, - (word32)memSz, dilithium) == 0)); - } - } - else { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) && - (wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0)); - if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) && - (wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0)); - } - if (!isDilithium) { - isDilithium = ((wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) && - (wc_dilithium_import_public(mem, (word32)memSz, - dilithium) == 0)); - } - } - wc_dilithium_free(dilithium); - WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); - - if (!isDilithium) { - return WOLFSSL_FATAL_ERROR; - } - - if (*out != NULL) { - pkey = *out; - } - else { - /* Create a fake Dilithium EVP_PKEY. In the future, we might - * integrate Dilithium into the compatibility layer. */ - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey == NULL) { - WOLFSSL_MSG("Dilithium wolfSSL_EVP_PKEY_new error"); - return 0; - } - } - pkey->type = WC_EVP_PKEY_DILITHIUM; - pkey->pkey.ptr = NULL; - pkey->pkey_sz = 0; - - *out = pkey; - return 1; -} -#endif /* HAVE_DILITHIUM */ - -static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out, - const unsigned char** in, long inSz, int priv) -{ - WOLFSSL_EVP_PKEY* pkey = NULL; - - WOLFSSL_ENTER("d2iGenericKey"); - - if (in == NULL || *in == NULL || inSz < 0) { - WOLFSSL_MSG("Bad argument"); - return NULL; - } - - if ((out != NULL) && (*out != NULL)) { - pkey = *out; - } - -#if !defined(NO_RSA) - if (d2iTryRsaKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* NO_RSA */ -#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - if (d2iTryEccKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* HAVE_ECC && OPENSSL_EXTRA */ -#if !defined(NO_DSA) - if (d2iTryDsaKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* NO_DSA */ -#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - if (d2iTryDhKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ - -#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - if (d2iTryAltDhKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ - -#ifdef HAVE_FALCON - if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* HAVE_FALCON */ -#ifdef HAVE_DILITHIUM - if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) { - ; - } - else -#endif /* HAVE_DILITHIUM */ - { - WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type"); - } - - if ((pkey != NULL) && (out != NULL)) { - *out = pkey; - } - return pkey; -} -#endif /* OPENSSL_EXTRA || WPA_SMALL */ - -#ifdef OPENSSL_EXTRA - -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, - long keyLen) -{ - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - int ret; - DerBuffer* pkcs8Der = NULL; - DerBuffer rawDer; - EncryptedInfo info; - int advanceLen = 0; - - XMEMSET(&info, 0, sizeof(info)); - XMEMSET(&rawDer, 0, sizeof(rawDer)); - - if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { - WOLFSSL_MSG("Bad key PEM/DER args"); - return NULL; - } - - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, - NULL); - if (ret < 0) { - WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); - if (ret == 0) { - XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen); - } - } - else { - advanceLen = (int)info.consumed; - } - - if (ret == 0) { - /* Verify this is PKCS8 Key */ - word32 inOutIdx = 0; - word32 algId; - ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, - pkcs8Der->length, &algId); - if (ret >= 0) { - if (advanceLen == 0) /* Set only if not PEM */ - advanceLen = (int)inOutIdx + ret; - if (algId == DHk) { - /* Special case for DH as we expect the DER buffer to be always - * be in PKCS8 format */ - rawDer.buffer = pkcs8Der->buffer; - rawDer.length = inOutIdx + (word32)ret; - } - else { - rawDer.buffer = pkcs8Der->buffer + inOutIdx; - rawDer.length = (word32)ret; - } - ret = 0; /* good DER */ - } - } - - if (ret == 0) { - pkcs8 = wolfSSL_EVP_PKEY_new(); - if (pkcs8 == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkcs8->pkey.ptr == NULL) - ret = MEMORY_E; - } - if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); - pkcs8->pkey_sz = (int)rawDer.length; - } - - FreeDer(&pkcs8Der); - if (ret != 0) { - wolfSSL_EVP_PKEY_free(pkcs8); - pkcs8 = NULL; - } - else { - *keyBuf += advanceLen; - } - if (pkey != NULL) { - *pkey = pkcs8; - } - -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ - - return pkcs8; -} - -#ifdef OPENSSL_ALL -int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) -{ - word32 keySz = 0; - unsigned char* out; - int len; - - WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); - - if (key == NULL) - return WOLFSSL_FATAL_ERROR; - - if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) - return WOLFSSL_FATAL_ERROR; - len = (int)keySz; - - if ((pp == NULL) || (len == 0)) - return len; - - if (*pp == NULL) { - out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); - if (out == NULL) - return WOLFSSL_FATAL_ERROR; - } - else { - out = *pp; - } - - if (pkcs8_encode(key, out, &keySz) != len) { - if (*pp == NULL) - XFREE(out, NULL, DYNAMIC_TYPE_ASN1); - return WOLFSSL_FATAL_ERROR; - } - - if (*pp == NULL) - *pp = out; - else - *pp += len; - - return len; -} -#endif - -#ifndef NO_BIO -/* put SSL type in extra for now, not very common */ - -/* Converts a DER format key read from "bio" to a PKCS8 structure. - * - * bio input bio to read DER from - * pkey If not NULL then this pointer will be overwritten with a new PKCS8 - * structure. - * - * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail - * case. - */ -WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) -{ - WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; -#ifdef WOLFSSL_PEM_TO_DER - unsigned char* mem = NULL; - int memSz; - - WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); - - if (bio == NULL) { - return NULL; - } - - if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { - return NULL; - } - - pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); -#else - (void)bio; - (void)pkey; -#endif /* WOLFSSL_PEM_TO_DER */ - - return pkcs8; -} - - -/* expecting DER format public key - * - * bio input bio to read DER from - * out If not NULL then this pointer will be overwritten with a new - * WOLFSSL_EVP_PKEY pointer - * - * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** out) -{ - unsigned char* mem; - long memSz; - WOLFSSL_EVP_PKEY* pkey = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio"); - - if (bio == NULL) { - return NULL; - } - (void)out; - - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - return NULL; - } - - mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - return NULL; - } - - if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { - pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); - if (out != NULL && pkey != NULL) { - *out = pkey; - } - } - - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return pkey; -} - -#endif /* !NO_BIO */ - - -/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. - * - * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL - * in DER buffer to convert - * inSz size of in buffer - * - * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL - * on fail - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, - const unsigned char** in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); - return d2iGenericKey(out, in, inSz, 0); -} - -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \ - !defined(NO_PWDBASED) - -/* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */ -static int wolfSSL_EVP_PKEY_get_der(const WOLFSSL_EVP_PKEY* key, - unsigned char** der) -{ - int sz; - word16 pkcs8HeaderSz; - - if (!key || !key->pkey_sz) - return WOLFSSL_FATAL_ERROR; - - /* return the key without PKCS8 for compatibility */ - /* if pkcs8HeaderSz is invalid, use 0 and return all of pkey */ - pkcs8HeaderSz = 0; - if (key->pkey_sz > key->pkcs8HeaderSz) - pkcs8HeaderSz = key->pkcs8HeaderSz; - sz = key->pkey_sz - pkcs8HeaderSz; - if (der) { - unsigned char* pt = (unsigned char*)key->pkey.ptr; - if (*der) { - /* since this function signature has no size value passed in it is - * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); - *der += sz; - } - else { - *der = (unsigned char*)XMALLOC((size_t)sz, NULL, - DYNAMIC_TYPE_OPENSSL); - if (*der == NULL) { - return WOLFSSL_FATAL_ERROR; - } - XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); - } - } - return sz; -} - -int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) -{ - return wolfSSL_i2d_PublicKey(key, der); -} - -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ - -static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz, int priv) -{ - int ret = 0; - word32 idx = 0, algId; - word16 pkcs8HeaderSz = 0; - WOLFSSL_EVP_PKEY* local; - int opt = 0; - - (void)opt; - - if (in == NULL || inSz < 0) { - WOLFSSL_MSG("Bad argument"); - return NULL; - } - - if (priv == 1) { - /* Check if input buffer has PKCS8 header. In the case that it does not - * have a PKCS8 header then do not error out. */ - if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, - (word32)inSz, &algId)) > 0) { - WOLFSSL_MSG("Found PKCS8 header"); - pkcs8HeaderSz = (word16)idx; - - if ((type == WC_EVP_PKEY_RSA && algId != RSAk - #ifdef WC_RSA_PSS - && algId != RSAPSSk - #endif - ) || - (type == WC_EVP_PKEY_EC && algId != ECDSAk) || - (type == WC_EVP_PKEY_DSA && algId != DSAk) || - (type == WC_EVP_PKEY_DH && algId != DHk)) { - WOLFSSL_MSG("PKCS8 does not match EVP key type"); - return NULL; - } - - (void)idx; /* not used */ - } - else { - if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { - WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 " - "header"); - return NULL; - } - } - } - - if (out != NULL && *out != NULL) { - wolfSSL_EVP_PKEY_free(*out); - *out = NULL; - } - local = wolfSSL_EVP_PKEY_new(); - if (local == NULL) { - return NULL; - } - - local->type = type; - local->pkey_sz = (int)inSz; - local->pkcs8HeaderSz = pkcs8HeaderSz; - local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (local->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(local); - local = NULL; - return NULL; - } - else { - XMEMCPY(local->pkey.ptr, *in, (size_t)inSz); - } - - switch (type) { -#ifndef NO_RSA - case WC_EVP_PKEY_RSA: - opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC; - local->ownRsa = 1; - local->rsa = wolfssl_rsa_d2i(NULL, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, opt); - if (local->rsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* NO_RSA */ -#ifdef HAVE_ECC - case WC_EVP_PKEY_EC: - local->ownEcc = 1; - local->ecc = wolfSSL_EC_KEY_new(); - if (local->ecc == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - opt = priv ? WOLFSSL_EC_KEY_LOAD_PRIVATE : - WOLFSSL_EC_KEY_LOAD_PUBLIC; - if (wolfSSL_EC_KEY_LoadDer_ex(local->ecc, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, - opt) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* HAVE_ECC */ -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) -#ifndef NO_DSA - case WC_EVP_PKEY_DSA: - local->ownDsa = 1; - local->dsa = wolfSSL_DSA_new(); - if (local->dsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - opt = priv ? WOLFSSL_DSA_LOAD_PRIVATE : WOLFSSL_DSA_LOAD_PUBLIC; - if (wolfSSL_DSA_LoadDer_ex(local->dsa, - (const unsigned char*)local->pkey.ptr, local->pkey_sz, - opt) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* NO_DSA */ -#ifndef NO_DH -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - case WC_EVP_PKEY_DH: - local->ownDh = 1; - local->dh = wolfSSL_DH_new(); - if (local->dh == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - if (wolfSSL_DH_LoadDer(local->dh, - (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != WOLFSSL_SUCCESS) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - break; -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* HAVE_DH */ -#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ - default: - WOLFSSL_MSG("Unsupported key type"); - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - - /* advance pointer with success */ - if (local != NULL) { - if (local->pkey_sz <= (int)inSz) { - *in += local->pkey_sz; - } - - if (out != NULL) { - *out = local; - } - } - - return local; -} - -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PublicKey"); - - return _d2i_PublicKey(type, out, in, inSz, 0); -} -/* Reads in a DER format key. If PKCS8 headers are found they are stripped off. - * - * type type of key - * out newly created WOLFSSL_EVP_PKEY structure - * in pointer to input key DER - * inSz size of in buffer - * - * On success a non null pointer is returned and the pointer in is advanced the - * same number of bytes read. - */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, - const unsigned char **in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); - - return _d2i_PublicKey(type, out, in, inSz, 1); -} - -#ifdef WOLF_PRIVATE_KEY_ID -/* Create an EVP structure for use with crypto callbacks */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, - void* heap, int devId) -{ - WOLFSSL_EVP_PKEY* local; - - if (out != NULL && *out != NULL) { - wolfSSL_EVP_PKEY_free(*out); - *out = NULL; - } - - local = wolfSSL_EVP_PKEY_new_ex(heap); - if (local == NULL) { - return NULL; - } - - local->type = type; - local->pkey_sz = 0; - local->pkcs8HeaderSz = 0; - - switch (type) { -#ifndef NO_RSA - case WC_EVP_PKEY_RSA: - { - RsaKey* key; - local->ownRsa = 1; - local->rsa = wolfSSL_RSA_new_ex(heap, devId); - if (local->rsa == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - key = (RsaKey*)local->rsa->internal; - #ifdef WOLF_CRYPTO_CB - key->devId = devId; - #endif - (void)key; - local->rsa->inSet = 1; - break; - } -#endif /* !NO_RSA */ -#ifdef HAVE_ECC - case WC_EVP_PKEY_EC: - { - ecc_key* key; - local->ownEcc = 1; - local->ecc = wolfSSL_EC_KEY_new_ex(heap, devId); - if (local->ecc == NULL) { - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - key = (ecc_key*)local->ecc->internal; - #ifdef WOLF_CRYPTO_CB - key->devId = devId; - #endif - key->type = ECC_PRIVATEKEY; - /* key is required to have a key size / curve set, although - * actual one used is determined by devId callback function */ - wc_ecc_set_curve(key, ECDHE_SIZE, ECC_CURVE_DEF); - - local->ecc->inSet = 1; - break; - } -#endif /* HAVE_ECC */ - default: - WOLFSSL_MSG("Unsupported private key id type"); - wolfSSL_EVP_PKEY_free(local); - return NULL; - } - - if (local != NULL && out != NULL) { - *out = local; - } - - return local; -} -#endif /* WOLF_PRIVATE_KEY_ID */ - -#ifndef NO_CERTS /* // NOLINT(readability-redundant-preprocessor) */ - -#ifndef NO_CHECK_PRIVATE_KEY -/* Check private against public in certificate for match - * - * ssl WOLFSSL structure to check private key in - * - * Returns WOLFSSL_SUCCESS on good private key - * WOLFSSL_FAILURE if mismatched. */ -int wolfSSL_check_private_key(const WOLFSSL* ssl) -{ - int res = WOLFSSL_SUCCESS; - - if (ssl == NULL) { - return WOLFSSL_FAILURE; - } -#ifdef WOLFSSL_DUAL_ALG_CERTS -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_unblind(ssl->buffers.key, ssl->buffers.keyMask); - wolfssl_priv_der_unblind(ssl->buffers.altKey, ssl->buffers.altKeyMask); -#endif - res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key, - ssl->buffers.altKey, ssl->heap, ssl->buffers.keyDevId, - ssl->buffers.keyLabel, ssl->buffers.keyId, ssl->buffers.altKeyDevId, - ssl->buffers.altKeyLabel, ssl->buffers.altKeyId); -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - if (res == WOLFSSL_SUCCESS) { - int ret; - ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, - (DerBuffer**)&ssl->buffers.keyMask); - if (ret == 0) { - ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, - (DerBuffer**)&ssl->buffers.altKeyMask); - } - if (ret != 0) { - res = WOLFSSL_FAILURE; - } - } -#endif -#else -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - wolfssl_priv_der_blind_toggle(ssl->buffers.key, ssl->buffers.keyMask); -#endif - res = check_cert_key(ssl->buffers.certificate, ssl->buffers.key, NULL, - ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel, - ssl->buffers.keyId, INVALID_DEVID, 0, 0); -#ifdef WOLFSSL_BLIND_PRIVATE_KEY - if (res == WOLFSSL_SUCCESS) { - int ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, - (DerBuffer**)&ssl->buffers.keyMask); - if (ret != 0) { - res = WOLFSSL_FAILURE; - } - } -#endif -#endif - - return res; -} -#endif /* !NO_CHECK_PRIVATE_KEY */ - -#endif /* !NO_CERTS */ - -#endif /* OPENSSL_EXTRA */ - -#if defined(HAVE_RPK) -/* Confirm that all the byte data in the buffer is unique. - * return 1 if all the byte data in the buffer is unique, otherwise 0. - */ -static int isArrayUnique(const char* buf, size_t len) -{ - size_t i, j; - /* check the array is unique */ - for (i = 0; i < len -1; ++i) { - for (j = i+ 1; j < len; ++j) { - if (buf[i] == buf[j]) { - return 0; - } - } - } - return 1; -} - -/* Set user preference for the {client,server}_cert_type extension. - * Takes byte array containing cert types the caller can provide to its peer. - * Cert types are in preferred order in the array. - */ -static int set_cert_type(RpkConfig* cfg, - int client, const char* buf, int bufLen) -{ - int i; - byte* certTypeCnt; - byte* certTypes; - - if (cfg == NULL || bufLen > (client ? MAX_CLIENT_CERT_TYPE_CNT : - MAX_SERVER_CERT_TYPE_CNT)) { - return BAD_FUNC_ARG; - } - - if (client) { - certTypeCnt = &cfg->preferred_ClientCertTypeCnt; - certTypes = cfg->preferred_ClientCertTypes; - } - else { - certTypeCnt = &cfg->preferred_ServerCertTypeCnt; - certTypes = cfg->preferred_ServerCertTypes; - } - /* if buf is set to NULL or bufLen is zero, it defaults the setting*/ - if (buf == NULL || bufLen == 0) { - *certTypeCnt = 1; - for (i = 0; i < 2; i++) - certTypes[i] = WOLFSSL_CERT_TYPE_X509; - return WOLFSSL_SUCCESS; - } - - if (!isArrayUnique(buf, (size_t)bufLen)) - return BAD_FUNC_ARG; - - for (i = 0; i < bufLen; i++) { - if (buf[i] != WOLFSSL_CERT_TYPE_RPK && buf[i] != WOLFSSL_CERT_TYPE_X509) - return BAD_FUNC_ARG; - certTypes[i] = (byte)buf[i]; - } - *certTypeCnt = bufLen; - - return WOLFSSL_SUCCESS; -} -int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int buflen) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - return set_cert_type(&ssl->options.rpkConfig, 1, buf, buflen); -} -int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int buflen) -{ - if (ssl == NULL) - return BAD_FUNC_ARG; - return set_cert_type(&ssl->options.rpkConfig, 0, buf, buflen); -} -int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, - const char* buf, int buflen) -{ - if (ctx == NULL) - return BAD_FUNC_ARG; - return set_cert_type(&ctx->rpkConfig, 1, buf, buflen); -} -int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, - const char* buf, int buflen) -{ - if (ctx == NULL) - return BAD_FUNC_ARG; - return set_cert_type(&ctx->rpkConfig, 0, buf, buflen); -} - -/* get negotiated certificate type value and return it to the second parameter. - * cert type value: - * -1: WOLFSSL_CERT_TYPE_UNKNOWN - * 0: WOLFSSL_CERT_TYPE_X509 - * 2: WOLFSSL_CERT_TYPE_RPK - * return WOLFSSL_SUCCESS on success, otherwise negative value. - * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for - * cert type. - */ -int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) -{ - int ret = WOLFSSL_SUCCESS; - - if (ssl == NULL || tp == NULL) - return BAD_FUNC_ARG; - - if (ssl->options.side == WOLFSSL_CLIENT_END) { - if (ssl->options.rpkState.received_ClientCertTypeCnt == 1) - *tp = ssl->options.rpkState.received_ClientCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - else { - if (ssl->options.rpkState.sending_ClientCertTypeCnt == 1) - *tp = ssl->options.rpkState.sending_ClientCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - return ret; -} - -/* get negotiated certificate type value and return it to the second parameter. - * cert type value: - * -1: WOLFSSL_CERT_TYPE_UNKNOWN - * 0: WOLFSSL_CERT_TYPE_X509 - * 2: WOLFSSL_CERT_TYPE_RPK - * return WOLFSSL_SUCCESS on success, otherwise negative value. - * in case no negotiation performed, it returns WOLFSSL_SUCCESS and -1 is for - * cert type. - */ -int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) -{ - int ret = WOLFSSL_SUCCESS; - - if (ssl == NULL || tp == NULL) - return BAD_FUNC_ARG; - - if (ssl->options.side == WOLFSSL_CLIENT_END) { - if (ssl->options.rpkState.received_ServerCertTypeCnt == 1) - *tp = ssl->options.rpkState.received_ServerCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - else { - if (ssl->options.rpkState.sending_ServerCertTypeCnt == 1) - *tp = ssl->options.rpkState.sending_ServerCertTypes[0]; - else - *tp = WOLFSSL_CERT_TYPE_UNKNOWN; - } - return ret; -} - -#endif /* HAVE_RPK */ - -#ifdef HAVE_ECC - -/* Set Temp CTX EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ -int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetTmpEC_DHE_Sz"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - /* if 0 then get from loaded private key */ - if (sz == 0) { - /* applies only to ECDSA */ - if (ctx->privateKeyType != ecc_dsa_sa_algo) - return WOLFSSL_SUCCESS; - - if (ctx->privateKeySz == 0) { - WOLFSSL_MSG("Must set private key/cert first"); - return BAD_FUNC_ARG; - } - - sz = (word16)ctx->privateKeySz; - } - - /* check size */ -#if ECC_MIN_KEY_SZ > 0 - if (sz < ECC_MINSIZE) - return BAD_FUNC_ARG; -#endif - if (sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; - - ctx->eccTempKeySz = sz; - - return WOLFSSL_SUCCESS; -} - - -/* Set Temp SSL EC-DHE size in octets, can be 14 - 66 (112 - 521 bit) */ -int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz) -{ - WOLFSSL_ENTER("wolfSSL_SetTmpEC_DHE_Sz"); - - if (ssl == NULL) - return BAD_FUNC_ARG; - - /* check size */ -#if ECC_MIN_KEY_SZ > 0 - if (sz < ECC_MINSIZE) - return BAD_FUNC_ARG; -#endif - if (sz > ECC_MAXSIZE) - return BAD_FUNC_ARG; - - ssl->eccTempKeySz = sz; - - return WOLFSSL_SUCCESS; -} - -#endif /* HAVE_ECC */ - - -typedef struct { - byte verifyPeer:1; - byte verifyNone:1; - byte failNoCert:1; - byte failNoCertxPSK:1; - byte verifyPostHandshake:1; -} SetVerifyOptions; - -static SetVerifyOptions ModeToVerifyOptions(int mode) -{ - SetVerifyOptions opts; - XMEMSET(&opts, 0, sizeof(SetVerifyOptions)); - - if (mode != WOLFSSL_VERIFY_DEFAULT) { - opts.verifyNone = (mode == WOLFSSL_VERIFY_NONE); - if (!opts.verifyNone) { - opts.verifyPeer = - (mode & WOLFSSL_VERIFY_PEER) != 0; - opts.failNoCertxPSK = - (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) != 0; - opts.failNoCert = - (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) != 0; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - opts.verifyPostHandshake = - (mode & WOLFSSL_VERIFY_POST_HANDSHAKE) != 0; -#endif - } - } - - return opts; -} - -WOLFSSL_ABI -void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback verify_callback) -{ - SetVerifyOptions opts; - - WOLFSSL_ENTER("wolfSSL_CTX_set_verify"); - if (ctx == NULL) - return; - - opts = ModeToVerifyOptions(mode); - - ctx->verifyNone = opts.verifyNone; - ctx->verifyPeer = opts.verifyPeer; - ctx->failNoCert = opts.failNoCert; - ctx->failNoCertxPSK = opts.failNoCertxPSK; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - ctx->verifyPostHandshake = opts.verifyPostHandshake; -#endif - - ctx->verifyCallback = verify_callback; -} - -#ifdef OPENSSL_ALL -void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, - CertVerifyCallback cb, void* arg) -{ - WOLFSSL_ENTER("wolfSSL_CTX_set_cert_verify_callback"); - if (ctx == NULL) - return; - - ctx->verifyCertCb = cb; - ctx->verifyCertCbArg = arg; -} -#endif - - -void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback) -{ - SetVerifyOptions opts; - - WOLFSSL_ENTER("wolfSSL_set_verify"); - if (ssl == NULL) - return; - - opts = ModeToVerifyOptions(mode); - - ssl->options.verifyNone = opts.verifyNone; - ssl->options.verifyPeer = opts.verifyPeer; - ssl->options.failNoCert = opts.failNoCert; - ssl->options.failNoCertxPSK = opts.failNoCertxPSK; -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) - ssl->options.verifyPostHandshake = opts.verifyPostHandshake; -#endif - - ssl->verifyCallback = verify_callback; -} - -void wolfSSL_set_verify_result(WOLFSSL *ssl, long v) -{ - WOLFSSL_ENTER("wolfSSL_set_verify_result"); - - if (ssl == NULL) - return; - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(OPENSSL_ALL) - ssl->peerVerifyRet = (unsigned long)v; -#else - (void)v; - WOLFSSL_STUB("wolfSSL_set_verify_result"); -#endif -} - -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) -/* For TLS v1.3 send handshake messages after handshake completes. */ -/* Returns 1=WOLFSSL_SUCCESS or 0=WOLFSSL_FAILURE */ -int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl) -{ - int ret = wolfSSL_request_certificate(ssl); - if (ret != WOLFSSL_SUCCESS) { - if (!IsAtLeastTLSv1_3(ssl->version)) { - /* specific error of wrong version expected */ - WOLFSSL_ERROR(UNSUPPORTED_PROTO_VERSION); - - } - else { - WOLFSSL_ERROR(ret); /* log the error in the error queue */ - } - } - return (ret == WOLFSSL_SUCCESS) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} - -int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val) -{ - int ret = wolfSSL_CTX_allow_post_handshake_auth(ctx); - if (ret == 0) { - ctx->postHandshakeAuth = (val != 0); - } - return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val) -{ - int ret = wolfSSL_allow_post_handshake_auth(ssl); - if (ret == 0) { - ssl->options.postHandshakeAuth = (val != 0); - } - return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; -} -#endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_TLS13 && - * WOLFSSL_POST_HANDSHAKE_AUTH */ - -/* store user ctx for verify callback */ -void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx) -{ - WOLFSSL_ENTER("wolfSSL_SetCertCbCtx"); - if (ssl) - ssl->verifyCbCtx = ctx; -} - - -/* store user ctx for verify callback */ -void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_SetCertCbCtx"); - if (ctx) - ctx->verifyCbCtx = userCtx; -} - - -/* store context CA Cache addition callback */ -void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb) -{ - if (ctx && ctx->cm) - ctx->cm->caCacheCallback = cb; -} - - -#if defined(PERSIST_CERT_CACHE) - -#if !defined(NO_FILESYSTEM) - -/* Persist cert cache to file */ -int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname) -{ - WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache"); - - if (ctx == NULL || fname == NULL) - return BAD_FUNC_ARG; - - return CM_SaveCertCache(ctx->cm, fname); -} - - -/* Persist cert cache from file */ -int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname) -{ - WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache"); - - if (ctx == NULL || fname == NULL) - return BAD_FUNC_ARG; - - return CM_RestoreCertCache(ctx->cm, fname); -} - -#endif /* NO_FILESYSTEM */ - -/* Persist cert cache to memory */ -int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, - int sz, int* used) -{ - WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache"); - - if (ctx == NULL || mem == NULL || used == NULL || sz <= 0) - return BAD_FUNC_ARG; - - return CM_MemSaveCertCache(ctx->cm, mem, sz, used); -} - - -/* Restore cert cache from memory */ -int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz) -{ - WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache"); - - if (ctx == NULL || mem == NULL || sz <= 0) - return BAD_FUNC_ARG; - - return CM_MemRestoreCertCache(ctx->cm, mem, sz); -} - - -/* get how big the the cert cache save buffer needs to be */ -int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - return CM_GetCertCacheMemSize(ctx->cm); -} - -#endif /* PERSIST_CERT_CACHE */ -#endif /* !NO_CERTS */ +#define WOLFSSL_SSL_API_CRL_OCSP_INCLUDED +#include "src/ssl_api_crl_ocsp.c" void wolfSSL_load_error_strings(void) @@ -9674,7 +5833,15 @@ * - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites * Since we direct both API here we attempt to provide API compatibility. If * we only get suites from <= 1.2 or == 1.3 then we will only update those - * suites and keep the suites from the other group. */ + * suites and keep the suites from the other group. + * If downgrade is disabled, skip preserving the other group's suites. */ + if ((ssl != NULL && !ssl->options.downgrade) || + (ctx != NULL && !ctx->method->downgrade)) { + /* Downgrade disabled - don't preserve other group's suites */ + WC_FREE_VAR_EX(suitesCpy, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + for (i = 0; i < suitesCpySz && suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) { /* Check for duplicates */ @@ -9837,6 +6004,13 @@ return WOLFSSL_FAILURE; } + /* Sanity check contextLen to prevent integer overflow when cast to word32 + * and to ensure it fits in the 2-byte length encoding (max 65535). */ + if (use_context && contextLen > WOLFSSL_MAX_16BIT) { + WOLFSSL_MSG("contextLen too large"); + return WOLFSSL_FAILURE; + } + /* clientRandom + serverRandom * OR * clientRandom + serverRandom + ctx len encoding + ctx */ @@ -9978,7 +6152,7 @@ */ int wolfSSL_dtls13_use_quick_timeout(WOLFSSL* ssl) { - return ssl->dtls13FastTimeout; + return ssl != NULL && ssl->dtls13FastTimeout; } /* @@ -10591,9 +6765,7 @@ #endif if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificate(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -10612,9 +6784,7 @@ #endif if (!ssl->options.resuming) { if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); #ifdef WOLFSSL_EXTRA_ALERTS if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) || ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) { @@ -10643,9 +6813,7 @@ #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) if (ssl->options.sendVerify) { if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -10658,9 +6826,7 @@ case FIRST_REPLY_THIRD : if ( (ssl->error = SendChangeCipher(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -10671,9 +6837,7 @@ case FIRST_REPLY_FOURTH : if ( (ssl->error = SendFinished(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11051,9 +7215,7 @@ return WOLFSSL_FATAL_ERROR; } if ( (ssl->error = SendServerHello(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11070,9 +7232,7 @@ #ifndef NO_CERTS if (!ssl->options.resuming) if ( (ssl->error = SendCertificate(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11085,9 +7245,7 @@ #ifndef NO_CERTS if (!ssl->options.resuming) if ( (ssl->error = SendCertificateStatus(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11104,9 +7262,7 @@ #endif if (!ssl->options.resuming) if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11119,10 +7275,7 @@ if (!ssl->options.resuming) { if (ssl->options.verifyPeer) { if ( (ssl->error = SendCertificateRequest(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - /* See if an alert was sent. */ - ProcessReplyEx(ssl, 1); - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11140,9 +7293,7 @@ case CERT_REQ_SENT : if (!ssl->options.resuming) if ( (ssl->error = SendServerHelloDone(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11181,9 +7332,7 @@ #ifdef HAVE_SESSION_TICKET if (ssl->options.createTicket && !ssl->options.noTicketTls12) { if ( (ssl->error = SendTicket(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_MSG("Thought we need ticket but failed"); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; @@ -11202,9 +7351,7 @@ } if ( (ssl->error = SendChangeCipher(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11214,9 +7361,7 @@ case CHANGE_CIPHER_SENT : if ( (ssl->error = SendFinished(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -11429,7 +7574,7 @@ #endif if (initRefCount > 0) { - --initRefCount; + initRefCount = initRefCount - 1; if (initRefCount == 0) release = 1; } @@ -11582,6 +7727,48 @@ } } +/* call before SSL_connect, if verifying will add IP SAN check to + date check and signature check */ +WOLFSSL_ABI +int wolfSSL_check_ip_address(WOLFSSL* ssl, const char* ipaddr) +{ + WOLFSSL_ENTER("wolfSSL_check_ip_address"); + + if (ssl == NULL || ipaddr == NULL) { + WOLFSSL_MSG("Bad function argument: NULL"); + return WOLFSSL_FAILURE; + } + + if (ssl->buffers.ipasc.buffer != NULL) { + XFREE(ssl->buffers.ipasc.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); + ssl->buffers.ipasc.buffer = NULL; + ssl->buffers.ipasc.length = 0; + } + + ssl->buffers.ipasc.length = (word32)XSTRLEN(ipaddr); + ssl->buffers.ipasc.buffer = (byte*)XMALLOC(ssl->buffers.ipasc.length + 1, + ssl->heap, DYNAMIC_TYPE_DOMAIN); + if (ssl->buffers.ipasc.buffer == NULL) { + ssl->error = MEMORY_ERROR; + return WOLFSSL_FAILURE; + } + + XMEMCPY(ssl->buffers.ipasc.buffer, ipaddr, ssl->buffers.ipasc.length); + ssl->buffers.ipasc.buffer[ssl->buffers.ipasc.length] = '\0'; + +#ifdef OPENSSL_EXTRA + if (ssl->param == NULL) { + return WOLFSSL_FAILURE; + } + if (wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(ssl->param, ipaddr) != + WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } +#endif + + return WOLFSSL_SUCCESS; +} + #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) const char *wolfSSL_get0_peername(WOLFSSL *ssl) { if (ssl == NULL) { @@ -12052,126 +8239,6 @@ #endif /* HAVE_ANON */ -#ifndef NO_CERTS - - /* unload any certs or keys that SSL owns, leave CTX as is - WOLFSSL_SUCCESS on ok */ - int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl) - { - if (ssl == NULL) { - WOLFSSL_MSG("Null function arg"); - return BAD_FUNC_ARG; - } - - if (ssl->buffers.weOwnCert && !ssl->keepCert) { - WOLFSSL_MSG("Unloading cert"); - FreeDer(&ssl->buffers.certificate); - #ifdef KEEP_OUR_CERT - wolfSSL_X509_free(ssl->ourCert); - ssl->ourCert = NULL; - #endif - ssl->buffers.weOwnCert = 0; - } - - if (ssl->buffers.weOwnCertChain) { - WOLFSSL_MSG("Unloading cert chain"); - FreeDer(&ssl->buffers.certChain); - ssl->buffers.weOwnCertChain = 0; - } - - if (ssl->buffers.weOwnKey) { - WOLFSSL_MSG("Unloading key"); - ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length); - FreeDer(&ssl->buffers.key); - #ifdef WOLFSSL_BLIND_PRIVATE_KEY - FreeDer(&ssl->buffers.keyMask); - #endif - ssl->buffers.weOwnKey = 0; - } - -#ifdef WOLFSSL_DUAL_ALG_CERTS - if (ssl->buffers.weOwnAltKey) { - WOLFSSL_MSG("Unloading alt key"); - ForceZero(ssl->buffers.altKey->buffer, ssl->buffers.altKey->length); - FreeDer(&ssl->buffers.altKey); - #ifdef WOLFSSL_BLIND_PRIVATE_KEY - FreeDer(&ssl->buffers.altKeyMask); - #endif - ssl->buffers.weOwnAltKey = 0; - } -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - - return WOLFSSL_SUCCESS; - } - - - int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_CertManagerUnloadCAs(ctx->cm); - } - - int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx) - { - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - ret = wolfSSL_RefWithMutexLock(&ctx->ref); - if (ret < 0) - return ret; - - if (ctx->ref.count > 1) { - WOLFSSL_MSG("ctx object must have a ref count of 1 before " - "unloading intermediate certs"); - ret = BAD_STATE_E; - } - else { - ret = wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); - } - - if (wolfSSL_RefWithMutexUnlock(&ctx->ref) != 0) - WOLFSSL_MSG("Failed to unlock mutex!"); - - return ret; - } - - -#ifdef WOLFSSL_TRUST_PEER_CERT - int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); - - if (ctx == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_CertManagerUnload_trust_peers(ctx->cm); - } - -#ifdef WOLFSSL_LOCAL_X509_STORE - int wolfSSL_Unload_trust_peers(WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); - - if (ssl == NULL) - return BAD_FUNC_ARG; - - SSL_CM_WARNING(ssl); - return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl)); - } -#endif /* WOLFSSL_LOCAL_X509_STORE */ -#endif /* WOLFSSL_TRUST_PEER_CERT */ -/* old NO_FILESYSTEM end */ -#endif /* !NO_CERTS */ - - #ifdef OPENSSL_EXTRA int wolfSSL_add_all_algorithms(void) @@ -12314,50 +8381,6 @@ #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ -#ifndef WOLFSSL_NO_CA_NAMES - void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list"); - if (ctx != NULL) { - wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL); - ctx->client_ca_names = names; - } - } - - void wolfSSL_set_client_CA_list(WOLFSSL* ssl, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_set_client_CA_list"); - if (ssl != NULL) { - if (ssl->client_ca_names != ssl->ctx->client_ca_names) - wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL); - ssl->client_ca_names = names; - } - } - - void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX* ctx, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_CTX_set0_CA_list"); - if (ctx != NULL) { - wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL); - ctx->ca_names = names; - } - } - - void wolfSSL_set0_CA_list(WOLFSSL* ssl, - WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) - { - WOLFSSL_ENTER("wolfSSL_set0_CA_list"); - if (ssl != NULL) { - if (ssl->ca_names != ssl->ctx->ca_names) - wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL); - ssl->ca_names = names; - } - } -#endif /* WOLFSSL_NO_CA_NAMES */ - #ifdef WOLFSSL_CERT_SETUP_CB #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* registers client cert callback, called during handshake if server @@ -12462,6 +8485,7 @@ *sigAlgo = DSAk; break; case ecc_dsa_sa_algo: + case ecc_brainpool_sa_algo: *sigAlgo = ECDSAk; break; case rsa_pss_sa_algo: @@ -12575,249 +8599,6 @@ } #endif /* WOLFSSL_CERT_SETUP_CB */ -#ifndef WOLFSSL_NO_CA_NAMES - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( - const WOLFSSL_CTX *ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list"); - - if (ctx == NULL) { - WOLFSSL_MSG("Bad argument passed to " - "wolfSSL_CTX_get_client_CA_list"); - return NULL; - } - - return ctx->client_ca_names; - } - - /* On server side: returns the CAs set via *_set_client_CA_list(); - * On client side: returns the CAs received from server -- same as - * wolfSSL_get0_peer_CA_list() */ - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list( - const WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_get_client_CA_list"); - - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list"); - return NULL; - } - - if (ssl->options.side == WOLFSSL_CLIENT_END) - return ssl->peer_ca_names; - else - return SSL_CLIENT_CA_NAMES(ssl); - } - - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get0_CA_list( - const WOLFSSL_CTX *ctx) - { - WOLFSSL_ENTER("wolfSSL_CTX_get0_CA_list"); - - if (ctx == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get0_CA_list"); - return NULL; - } - - return ctx->ca_names; - } - - /* Always returns the CA's set via *_set0_CA_list */ - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_CA_list(const WOLFSSL *ssl) - { - WOLFSSL_ENTER("wolfSSL_get0_CA_list"); - - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_CA_list"); - return NULL; - } - - return SSL_CA_NAMES(ssl); - } - - /* Always returns the CA's received from the peer */ - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_peer_CA_list( - const WOLFSSL* ssl) - { - WOLFSSL_ENTER("wolfSSL_get0_peer_CA_list"); - - if (ssl == NULL) { - WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_peer_CA_list"); - return NULL; - } - - return ssl->peer_ca_names; - } - - #if !defined(NO_CERTS) - static int add_to_CA_list(WOLFSSL_STACK* ca_names, WOLFSSL_X509* x509) - { - WOLFSSL_X509_NAME *nameCopy = NULL; - - nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509)); - if (nameCopy == NULL) { - WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); - return WOLFSSL_FAILURE; - } - - if (wolfSSL_sk_X509_NAME_push(ca_names, nameCopy) <= 0) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); - wolfSSL_X509_NAME_free(nameCopy); - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; - } - - int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); - if (ctx == NULL || x509 == NULL) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } - if (ctx->client_ca_names == NULL) { - ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); - if (ctx->client_ca_names == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - return WOLFSSL_FAILURE; - } - } - return add_to_CA_list(ctx->client_ca_names, x509); - } - - int wolfSSL_add_client_CA(WOLFSSL* ssl, WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_add_client_CA"); - if (ssl == NULL || x509 == NULL) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } - if (ssl->client_ca_names == NULL) { - ssl->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); - if (ssl->client_ca_names == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - return WOLFSSL_FAILURE; - } - } - return add_to_CA_list(ssl->client_ca_names, x509); - } - - int wolfSSL_CTX_add1_to_CA_list(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_CTX_add1_to_CA_list"); - if (ctx == NULL || x509 == NULL) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } - if (ctx->ca_names == NULL) { - ctx->ca_names = wolfSSL_sk_X509_NAME_new(NULL); - if (ctx->ca_names == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - return WOLFSSL_FAILURE; - } - } - return add_to_CA_list(ctx->ca_names, x509); - } - - int wolfSSL_add1_to_CA_list(WOLFSSL* ssl, WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_add1_to_CA_list"); - if (ssl == NULL || x509 == NULL) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } - if (ssl->ca_names == NULL) { - ssl->ca_names = wolfSSL_sk_X509_NAME_new(NULL); - if (ssl->ca_names == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - return WOLFSSL_FAILURE; - } - } - return add_to_CA_list(ssl->ca_names, x509); - } - #endif /* !NO_CERTS */ - - #ifndef NO_BIO - #if !defined(NO_RSA) && !defined(NO_CERTS) - WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file( - const char* fname) - { - /* The webserver build is using this to load a CA into the server - * for client authentication as an option. Have this return NULL in - * that case. If OPENSSL_EXTRA is enabled, go ahead and include - * the function. */ - #ifdef OPENSSL_EXTRA - WOLFSSL_STACK *list = NULL; - WOLFSSL_BIO* bio = NULL; - WOLFSSL_X509 *cert = NULL; - WOLFSSL_X509_NAME *nameCopy = NULL; - unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - - WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); - - bio = wolfSSL_BIO_new_file(fname, "rb"); - if (bio == NULL) { - WOLFSSL_MSG("wolfSSL_BIO_new_file error"); - goto cleanup; - } - - list = wolfSSL_sk_X509_NAME_new(NULL); - if (list == NULL) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); - goto cleanup; - } - - /* Read each certificate in the chain out of the file. */ - while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) { - /* Need a persistent copy of the subject name. */ - nameCopy = wolfSSL_X509_NAME_dup( - wolfSSL_X509_get_subject_name(cert)); - if (nameCopy == NULL) { - WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); - goto cleanup; - } - /* - * Original cert will be freed so make sure not to try to access - * it in the future. - */ - nameCopy->x509 = NULL; - - if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) { - WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); - /* Do free in loop because nameCopy is now responsibility - * of list to free and adding jumps to cleanup after this - * might result in a double free. */ - wolfSSL_X509_NAME_free(nameCopy); - goto cleanup; - } - - wolfSSL_X509_free(cert); - cert = NULL; - } - - CLEAR_ASN_NO_PEM_HEADER_ERROR(err); - - err = WOLFSSL_SUCCESS; -cleanup: - wolfSSL_X509_free(cert); - cert = NULL; - wolfSSL_BIO_free(bio); - if (err != WOLFSSL_SUCCESS) { - /* We failed so return NULL */ - wolfSSL_sk_X509_NAME_pop_free(list, NULL); - list = NULL; - } - return list; - #else - (void)fname; - return NULL; - #endif - } - #endif - #endif /* !NO_BIO */ -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ - #ifdef OPENSSL_EXTRA #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ @@ -13052,12 +8833,12 @@ if (ssl == NULL) return 0; -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT) +#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT) if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { return ssl->options.serverState == SERVER_FINISHED_ACKED; } -#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */ +#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT */ /* Can't use ssl->options.connectState and ssl->options.acceptState * because they differ in meaning for TLS <=1.2 and 1.3 */ @@ -13168,130 +8949,6 @@ } #endif /* OPENSSL_EXTRA */ -#if !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_WPAS_SMALL)) - - WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx) - { - if (ctx == NULL) { - return NULL; - } - - if (ctx->x509_store_pt != NULL) - return ctx->x509_store_pt; - return &((WOLFSSL_CTX*)ctx)->x509_store; - } - - void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_CTX_set_cert_store"); - if (ctx == NULL || str == NULL || ctx->cm == str->cm) { - return; - } - - if (wolfSSL_CertManager_up_ref(str->cm) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_CertManager_up_ref error"); - return; - } - /* free cert manager if have one */ - if (ctx->cm != NULL) { - wolfSSL_CertManagerFree(ctx->cm); - } - ctx->cm = str->cm; - ctx->x509_store.cm = str->cm; - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ctx->x509_store_pt); - ctx->x509_store.cache = str->cache; - ctx->x509_store_pt = str; /* take ownership of store and free it - with CTX free */ - ctx->cm->x509_store_p = ctx->x509_store_pt;/* CTX has ownership - and free it with CTX free*/ - } - -#ifdef OPENSSL_ALL - int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx, - WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_CTX_set1_verify_cert_store"); - - if (ctx == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - /* NO-OP when setting existing store */ - if (str == CTX_STORE(ctx)) - return WOLFSSL_SUCCESS; - - if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); - return WOLFSSL_FAILURE; - } - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ctx->x509_store_pt); - ctx->x509_store_pt = str; /* take ownership of store and free it - with CTX free */ - return WOLFSSL_SUCCESS; - } -#endif - - int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_set0_verify_cert_store"); - - if (ssl == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - /* NO-OP when setting existing store */ - if (str == SSL_STORE(ssl)) - return WOLFSSL_SUCCESS; - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ssl->x509_store_pt); - if (str == ssl->ctx->x509_store_pt) - ssl->x509_store_pt = NULL; /* if setting ctx store then just revert - to using that instead */ - else - ssl->x509_store_pt = str; /* take ownership of store and free it - with SSL free */ - return WOLFSSL_SUCCESS; - } - - - int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) - { - WOLFSSL_ENTER("wolfSSL_set1_verify_cert_store"); - - if (ssl == NULL || str == NULL) { - WOLFSSL_MSG("Bad parameter"); - return WOLFSSL_FAILURE; - } - - /* NO-OP when setting existing store */ - if (str == SSL_STORE(ssl)) - return WOLFSSL_SUCCESS; - - if (wolfSSL_X509_STORE_up_ref(str) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); - return WOLFSSL_FAILURE; - } - - /* free existing store if it exists */ - wolfSSL_X509_STORE_free(ssl->x509_store_pt); - if (str == ssl->ctx->x509_store_pt) - ssl->x509_store_pt = NULL; /* if setting ctx store then just revert - to using that instead */ - else - ssl->x509_store_pt = str; /* take ownership of store and free it - with SSL free */ - return WOLFSSL_SUCCESS; - } -#endif /* !NO_CERTS && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ - #ifdef WOLFSSL_ENCRYPTED_KEYS void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, @@ -14928,78 +10585,6 @@ #endif /* KEEP_PEER_CERT */ #endif /* SESSION_CERTS && OPENSSL_EXTRA */ -#ifndef NO_CERTS - -/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function - KEEP_OUR_CERT is to insure ability for returning ssl certificate */ -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - defined(KEEP_OUR_CERT) -WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) -{ - if (ssl == NULL) { - return NULL; - } - - if (ssl->buffers.weOwnCert) { - if (ssl->ourCert == NULL) { - if (ssl->buffers.certificate == NULL) { - WOLFSSL_MSG("Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->buffers.certificate->buffer, - (int)ssl->buffers.certificate->length, - ssl->heap); - #endif - } - return ssl->ourCert; - } - else { /* if cert not owned get parent ctx cert or return null */ - if (ssl->ctx) { - if (ssl->ctx->ourCert == NULL) { - if (ssl->ctx->certificate == NULL) { - WOLFSSL_MSG("Ctx Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ssl->ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ssl->ctx->certificate->buffer, - (int)ssl->ctx->certificate->length, - ssl->heap); - #endif - ssl->ctx->ownOurCert = 1; - } - return ssl->ctx->ourCert; - } - } - - return NULL; -} - -WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) -{ - if (ctx) { - if (ctx->ourCert == NULL) { - if (ctx->certificate == NULL) { - WOLFSSL_MSG("Ctx Certificate buffer not set!"); - return NULL; - } - #ifndef WOLFSSL_X509_STORE_CERTS - ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, - ctx->certificate->buffer, - (int)ctx->certificate->length, - ctx->heap); - #endif - ctx->ownOurCert = 1; - } - return ctx->ourCert; - } - return NULL; -} -#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ -#endif /* NO_CERTS */ - #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) void wolfSSL_set_connect_state(WOLFSSL* ssl) { @@ -15333,49 +10918,59 @@ #ifndef WOLFSSL_NO_ML_KEM_512 case WOLFSSL_ML_KEM_512: return "ML_KEM_512"; - case WOLFSSL_SECP256R1MLKEM512: - return "SecP256r1MLKEM512"; -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS case WOLFSSL_P256_ML_KEM_512_OLD: return "P256_ML_KEM_512_OLD"; -#endif + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */ + case WOLFSSL_SECP256R1MLKEM512: + return "SecP256r1MLKEM512"; #ifdef HAVE_CURVE25519 case WOLFSSL_X25519MLKEM512: return "X25519MLKEM512"; - #endif - #endif + #endif /* HAVE_CURVE25519 */ + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #endif /* WOLFSSL_NO_ML_KEM_512 */ #ifndef WOLFSSL_NO_ML_KEM_768 case WOLFSSL_ML_KEM_768: return "ML_KEM_768"; - case WOLFSSL_SECP384R1MLKEM768: - return "SecP384r1MLKEM768"; -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS - case WOLFSSL_P384_ML_KEM_768_OLD: - return "P384_ML_KEM_768_OLD"; -#endif + #ifdef WOLFSSL_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM768: return "SecP256r1MLKEM768"; #ifdef HAVE_CURVE25519 case WOLFSSL_X25519MLKEM768: return "X25519MLKEM768"; #endif + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P384_ML_KEM_768_OLD: + return "P384_ML_KEM_768_OLD"; + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */ + case WOLFSSL_SECP384R1MLKEM768: + return "SecP384r1MLKEM768"; #ifdef HAVE_CURVE448 case WOLFSSL_X448MLKEM768: return "X448MLKEM768"; - #endif - #endif + #endif /* HAVE_CURVE448 */ + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #endif /* WOLFSSL_NO_ML_KEM_768 */ #ifndef WOLFSSL_NO_ML_KEM_1024 case WOLFSSL_ML_KEM_1024: return "ML_KEM_1024"; - case WOLFSSL_SECP521R1MLKEM1024: - return "SecP521r1MLKEM1024"; -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS - case WOLFSSL_P521_ML_KEM_1024_OLD: - return "P521_ML_KEM_1024_OLD"; -#endif + #ifdef WOLFSSL_PQC_HYBRIDS case WOLFSSL_SECP384R1MLKEM1024: return "SecP384r1MLKEM1024"; - #endif + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + case WOLFSSL_P521_ML_KEM_1024_OLD: + return "P521_ML_KEM_1024_OLD"; + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */ + case WOLFSSL_SECP521R1MLKEM1024: + return "SecP521r1MLKEM1024"; + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #endif /* WOLFSSL_NO_ML_KEM_1024 */ #elif defined(HAVE_LIBOQS) case WOLFSSL_ML_KEM_512: return "ML_KEM_512"; @@ -16151,8 +11746,11 @@ if (upath != NULL && uport >= upath) goto err; XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL); - *port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1, - NULL, DYNAMIC_TYPE_OPENSSL); + if (upath) + *port = CopyString(uport, (int)(upath - uport), NULL, + DYNAMIC_TYPE_OPENSSL); + else + *port = CopyString(uport, -1, NULL, DYNAMIC_TYPE_OPENSSL); if (*port == NULL) goto err; hostEnd = uport - 1; @@ -16160,8 +11758,11 @@ else hostEnd = upath; - *host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL, - DYNAMIC_TYPE_OPENSSL); + if (hostEnd) + *host = CopyString(u, (int)(hostEnd - u), NULL, DYNAMIC_TYPE_OPENSSL); + else + *host = CopyString(u, -1, NULL, DYNAMIC_TYPE_OPENSSL); + if (*host == NULL) goto err; @@ -16251,202 +11852,6 @@ (void)f; } - -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA -#ifndef NO_CERTS - -#if !defined(NO_ASN) && !defined(NO_PWDBASED) -/* Copies unencrypted DER key buffer into "der". If "der" is null then the size - * of buffer needed is returned. If *der == NULL then it allocates a buffer. - * NOTE: This also advances the "der" pointer to be at the end of buffer. - * - * Returns size of key buffer on success - */ -int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der) -{ - return wolfSSL_EVP_PKEY_get_der(key, der); -} - -int wolfSSL_i2d_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) -{ - int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); - int derSz = 0; - byte* der = NULL; - - if (bio == NULL || key == NULL) { - return WOLFSSL_FAILURE; - } - - derSz = wolfSSL_i2d_PrivateKey(key, NULL); - if (derSz <= 0) { - WOLFSSL_MSG("wolfSSL_i2d_PrivateKey (for getting size) failed"); - return WOLFSSL_FAILURE; - } - - der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!der) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - derSz = wolfSSL_i2d_PrivateKey(key, &der); - if (derSz <= 0) { - WOLFSSL_MSG("wolfSSL_i2d_PrivateKey failed"); - goto cleanup; - } - - if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { - goto cleanup; - } - - ret = WOLFSSL_SUCCESS; - -cleanup: - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; -} - -int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) -{ -#if !defined(NO_RSA) || defined(HAVE_ECC) -#ifdef HAVE_ECC - unsigned char *local_der = NULL; - word32 local_derSz = 0; - unsigned char *pub_der = NULL; - ecc_key *eccKey = NULL; - word32 inOutIdx = 0; -#endif - word32 pub_derSz = 0; - int ret; - int key_type = 0; - - if (key == NULL) { - return WOLFSSL_FATAL_ERROR; - } - - key_type = key->type; - if ((key_type != WC_EVP_PKEY_EC) && (key_type != WC_EVP_PKEY_RSA)) { - return WOLFSSL_FATAL_ERROR; - } - -#ifndef NO_RSA - if (key_type == WC_EVP_PKEY_RSA) { - return wolfSSL_i2d_RSAPublicKey(key->rsa, der); - } -#endif - - /* Now that RSA is taken care of, we only need to consider the ECC case. */ - -#ifdef HAVE_ECC - - /* We need to get the DER, then convert it to a public key. But what we get - * might be a buffered private key so we need to decode it and then encode - * the public part. */ - ret = wolfSSL_EVP_PKEY_get_der(key, &local_der); - if (ret <= 0) { - /* In this case, there was no buffered DER at all. This could be the - * case where the key that was passed in was generated. So now we - * have to create the local DER. */ - local_derSz = (word32)wolfSSL_i2d_ECPrivateKey(key->ecc, &local_der); - if (local_derSz == 0) { - ret = WOLFSSL_FATAL_ERROR; - } - } else { - local_derSz = (word32)ret; - ret = 0; - } - - if (ret == 0) { - eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, DYNAMIC_TYPE_ECC); - if (eccKey == NULL) { - WOLFSSL_MSG("Failed to allocate key buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - ret = wc_ecc_init(eccKey); - } - - if (ret == 0) { - ret = wc_EccPublicKeyDecode(local_der, &inOutIdx, eccKey, local_derSz); - if (ret < 0) { - /* We now try again as x.963 [point type][x][opt y]. */ - ret = wc_ecc_import_x963(local_der, local_derSz, eccKey); - } - } - - if (ret == 0) { - pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 1); - if ((int)pub_derSz <= 0) { - ret = WOLFSSL_FAILURE; - } - } - - if (ret == 0) { - pub_der = (unsigned char*)XMALLOC(pub_derSz, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pub_der == NULL) { - WOLFSSL_MSG("Failed to allocate output buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - } - - if (ret == 0) { - pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 1); - if ((int)pub_derSz <= 0) { - ret = WOLFSSL_FATAL_ERROR; - } - } - - /* This block is for actually returning the DER of the public key */ - if ((ret == 0) && (der != NULL)) { - if (*der == NULL) { - *der = (unsigned char*)XMALLOC(pub_derSz, NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (*der == NULL) { - WOLFSSL_MSG("Failed to allocate output buffer."); - ret = WOLFSSL_FATAL_ERROR; - } - - if (ret == 0) { - XMEMCPY(*der, pub_der, pub_derSz); - } - } - else { - XMEMCPY(*der, pub_der, pub_derSz); - *der += pub_derSz; - } - } - - XFREE(pub_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - XFREE(local_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - - wc_ecc_free(eccKey); - XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC); - -#else - ret = WOLFSSL_FATAL_ERROR; -#endif /* HAVE_ECC */ - - if (ret == 0) { - return (int)pub_derSz; - } - - return ret; -#else - return WOLFSSL_FATAL_ERROR; -#endif /* !NO_RSA || HAVE_ECC */ -} -#endif /* !NO_ASN && !NO_PWDBASED */ - -#endif /* !NO_CERTS */ -#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA - /* Sets the DNS hostname to name. * Hostname is cleared if name is NULL or empty. */ int wolfSSL_set1_host(WOLFSSL * ssl, const char* name) @@ -16604,15 +12009,15 @@ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) /* Nginx looks for this error to know to stop parsing certificates. * Same for HAProxy. */ - if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) || - ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) || - ((err & 0xFFFL) == PEM_R_NO_START_LINE )) + if ((err == (unsigned long)((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) || + ((err & 0xFFFFFFL) == (unsigned long)(-WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER))) || + ((err & 0xFFFL) == (unsigned long)PEM_R_NO_START_LINE)) return PEM_R_NO_START_LINE; - if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) + if (err == (unsigned long)((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) return SSL_R_HTTP_REQUEST; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (err == ((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) + if (err == (unsigned long)((ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG)) return ASN1_R_HEADER_TOO_LONG; #endif @@ -17151,7 +12556,15 @@ if (AllocateSuites(ssl) != 0) return 0; if (!ssl->suites->setSuites) { - InitSuites(ssl->suites, ssl->version, keySz, haveRSA, + /* Client side won't set DH params, so it needs haveDH set to TRUE. */ + if (ssl->options.side == WOLFSSL_CLIENT_END) + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, + havePSK, TRUE, ssl->options.haveECDSAsig, + ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, + ssl->options.useAnon, + TRUE, TRUE, TRUE, TRUE, ssl->options.side); + else + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE, ssl->options.haveStaticECC, ssl->options.useAnon, @@ -17280,38 +12693,6 @@ } #endif /* HAVE_PK_CALLBACKS */ -#ifdef HAVE_CERTIFICATE_STATUS_REQUEST -long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) -{ - WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); - - if (s == NULL){ - return BAD_FUNC_ARG; - } - - if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){ - int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, - s, s->heap, s->devId); - return (long)r; - } else { - WOLFSSL_MSG( - "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); - return WOLFSSL_FAILURE; - } - -} - -long wolfSSL_get_tlsext_status_type(WOLFSSL *s) -{ - TLSX* extension; - - if (s == NULL) - return WOLFSSL_FATAL_ERROR; - extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST); - return extension != NULL ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : WOLFSSL_FATAL_ERROR; -} -#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ - #ifndef NO_WOLFSSL_STUB long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) { @@ -17886,6 +13267,12 @@ #ifdef WOLFSSL_SM3 { WC_NID_sm3, SM3h, oidHashType, "SM3", "sm3"}, #endif + #ifdef WOLFSSL_SHAKE128 + { WC_NID_shake128, SHAKE128h, oidHashType, "SHAKE128", "shake128"}, + #endif + #ifdef WOLFSSL_SHAKE256 + { WC_NID_shake256, SHAKE256h, oidHashType, "SHAKE256", "shake256"}, + #endif /* oidSigType */ #ifndef NO_DSA #ifndef NO_SHA @@ -18387,6 +13774,7 @@ *nid = WC_NID_dsa; break; case ecc_dsa_sa_algo: + case ecc_brainpool_sa_algo: *nid = WC_NID_X9_62_id_ecPublicKey; break; case rsa_pss_sa_algo: @@ -18717,374 +14105,6 @@ #ifndef NO_CERTS #ifdef HAVE_PK_CALLBACKS -#ifdef HAVE_ECC -void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb) -{ - if (ctx) - ctx->EccKeyGenCb = cb; -} -void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccKeyGenCtx = ctx; -} -void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccKeyGenCtx; - - return NULL; -} -void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) -{ - if (ctx) - ctx->EccSignCtx = userCtx; -} -void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) -{ - if (ctx) - return ctx->EccSignCtx; - - return NULL; -} - -WOLFSSL_ABI -void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) -{ - if (ctx) - ctx->EccSignCb = cb; -} -void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccSignCtx = ctx; -} -void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccSignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb) -{ - if (ctx) - ctx->EccVerifyCb = cb; -} -void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccVerifyCtx = ctx; -} -void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccVerifyCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, - CallbackEccSharedSecret cb) -{ - if (ctx) - ctx->EccSharedSecretCb = cb; -} -void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->EccSharedSecretCtx = ctx; -} -void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->EccSharedSecretCtx; - - return NULL; -} -#endif /* HAVE_ECC */ - -#ifdef HAVE_ED25519 -void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb) -{ - if (ctx) - ctx->Ed25519SignCb = cb; -} -void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed25519SignCtx = ctx; -} -void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed25519SignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb) -{ - if (ctx) - ctx->Ed25519VerifyCb = cb; -} -void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed25519VerifyCtx = ctx; -} -void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed25519VerifyCtx; - - return NULL; -} -#endif /* HAVE_ED25519 */ - -#ifdef HAVE_CURVE25519 -void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, - CallbackX25519KeyGen cb) -{ - if (ctx) - ctx->X25519KeyGenCb = cb; -} -void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X25519KeyGenCtx = ctx; -} -void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X25519KeyGenCtx; - - return NULL; -} - -void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, - CallbackX25519SharedSecret cb) -{ - if (ctx) - ctx->X25519SharedSecretCb = cb; -} -void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X25519SharedSecretCtx = ctx; -} -void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X25519SharedSecretCtx; - - return NULL; -} -#endif /* HAVE_CURVE25519 */ - -#ifdef HAVE_ED448 -void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb) -{ - if (ctx) - ctx->Ed448SignCb = cb; -} -void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed448SignCtx = ctx; -} -void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed448SignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb) -{ - if (ctx) - ctx->Ed448VerifyCb = cb; -} -void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->Ed448VerifyCtx = ctx; -} -void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->Ed448VerifyCtx; - - return NULL; -} -#endif /* HAVE_ED448 */ - -#ifdef HAVE_CURVE448 -void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx, - CallbackX448KeyGen cb) -{ - if (ctx) - ctx->X448KeyGenCb = cb; -} -void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X448KeyGenCtx = ctx; -} -void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X448KeyGenCtx; - - return NULL; -} - -void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx, - CallbackX448SharedSecret cb) -{ - if (ctx) - ctx->X448SharedSecretCb = cb; -} -void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->X448SharedSecretCtx = ctx; -} -void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->X448SharedSecretCtx; - - return NULL; -} -#endif /* HAVE_CURVE448 */ - -#ifndef NO_RSA -void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb) -{ - if (ctx) - ctx->RsaSignCb = cb; -} -void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) -{ - if (ctx) - ctx->RsaSignCheckCb = cb; -} -void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaSignCtx = ctx; -} -void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaSignCtx; - - return NULL; -} - - -void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) -{ - if (ctx) - ctx->RsaVerifyCb = cb; -} -void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaVerifyCtx = ctx; -} -void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaVerifyCtx; - - return NULL; -} - -#ifdef WC_RSA_PSS -void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb) -{ - if (ctx) - ctx->RsaPssSignCb = cb; -} -void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, - CallbackRsaPssVerify cb) -{ - if (ctx) - ctx->RsaPssSignCheckCb = cb; -} -void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaPssSignCtx = ctx; -} -void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaPssSignCtx; - - return NULL; -} - -void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) -{ - if (ctx) - ctx->RsaPssVerifyCb = cb; -} -void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaPssVerifyCtx = ctx; -} -void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaPssVerifyCtx; - - return NULL; -} -#endif /* WC_RSA_PSS */ - -void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb) -{ - if (ctx) - ctx->RsaEncCb = cb; -} -void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaEncCtx = ctx; -} -void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaEncCtx; - - return NULL; -} - -void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb) -{ - if (ctx) - ctx->RsaDecCb = cb; -} -void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->RsaDecCtx = ctx; -} -void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->RsaDecCtx; - - return NULL; -} -#endif /* NO_RSA */ - /* callback for premaster secret generation */ void wolfSSL_CTX_SetGenPreMasterCb(WOLFSSL_CTX* ctx, CallbackGenPreMaster cb) { @@ -19267,31 +14287,6 @@ #endif /* HAVE_PK_CALLBACKS */ #endif /* NO_CERTS */ -#if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH) -void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx, - CallbackDhGenerateKeyPair cb) { - if (ctx) - ctx->DhGenerateKeyPairCb = cb; -} -void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb) -{ - if (ctx) - ctx->DhAgreeCb = cb; -} -void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx) -{ - if (ssl) - ssl->DhAgreeCtx = ctx; -} -void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) -{ - if (ssl) - return ssl->DhAgreeCtx; - - return NULL; -} -#endif /* HAVE_PK_CALLBACKS && !NO_DH */ - #if defined(HAVE_PK_CALLBACKS) && defined(HAVE_HKDF) void wolfSSL_CTX_SetHKDFExtractCb(WOLFSSL_CTX* ctx, CallbackHKDFExtract cb) @@ -20588,114 +15583,9 @@ return NULL; } -#ifndef NO_BIO -/* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. -Returns pointer to private EVP_PKEY struct upon success, NULL if there -is a failure.*/ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** out) -{ - unsigned char* mem = NULL; - int memSz = 0; - WOLFSSL_EVP_PKEY* key = NULL; - unsigned char* extraBioMem = NULL; - - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio"); - - if (bio == NULL) { - return NULL; - } - (void)out; - - memSz = wolfSSL_BIO_get_len(bio); - if (memSz <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_get_len() failure"); - return NULL; - } - - mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { - WOLFSSL_MSG("Malloc failure"); - return NULL; - } - - if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { - int extraBioMemSz; - int derLength; - - /* Determines key type and returns the new private EVP_PKEY object */ - if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == - NULL) { - WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - - /* Write extra data back into bio object if necessary. */ - derLength = key->pkey_sz; - extraBioMemSz = (memSz - derLength); - if (extraBioMemSz > 0) { - int i; - int j = 0; - - extraBioMem = (unsigned char *)XMALLOC((size_t)extraBioMemSz, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (extraBioMem == NULL) { - WOLFSSL_MSG("Malloc failure"); - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - - for (i = derLength; i < memSz; i++) { - *(extraBioMem + j) = *(mem + i); - j++; - } - - wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); - if (wolfSSL_BIO_get_len(bio) <= 0) { - WOLFSSL_MSG("Failed to write memory to bio"); - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; - } - XFREE((unsigned char*)extraBioMem, bio->heap, - DYNAMIC_TYPE_TMP_BUFFER); - } - - if (out != NULL) { - *out = key; - } - } - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return key; -} -#endif /* !NO_BIO */ - #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL) - -/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. - * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL - * on fail */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, - unsigned char** in, long inSz) -{ - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); - return d2iGenericKey(out, (const unsigned char**)in, inSz, 1); -} - -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || - * WOLFSSL_WPAS_SMALL*/ - - /* stunnel compatibility functions*/ #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ @@ -20961,11 +15851,10 @@ #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY #ifdef WOLFSSL_COPY_KEY + if (ssl->buffers.key != NULL && ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + } if (ctx->privateKey != NULL) { - if (ssl->buffers.key != NULL) { - FreeDer(&ssl->buffers.key); - ssl->buffers.key = NULL; - } ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); @@ -21016,14 +15905,15 @@ ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altKey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); if (ret != 0) { return NULL; } /* Blind the private key for the SSL with new random mask. */ - wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); + wolfssl_priv_der_blind_toggle(ssl->buffers.altKey, + ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, &ssl->buffers.altKeyMask); if (ret != 0) { @@ -21129,7 +16019,7 @@ int wolfSSL_CRYPTO_memcmp(const void *a, const void *b, size_t size) { if (!a || !b) - return 0; + return -1; return ConstantCompare((const byte*)a, (const byte*)b, (int)size); } @@ -21390,7 +16280,11 @@ } buf[WOLFSSL_IP6_ADDR_LEN] = '\0'; +#ifdef FREESCALE_MQX + if (XINET_PTON(af, ipa, (void*)buf, sizeof(buf)) != RTCS_OK) { +#else if (XINET_PTON(af, ipa, (void*)buf) != 1) { +#endif WOLFSSL_MSG("Error parsing IP address"); return NULL; } @@ -21464,9 +16358,8 @@ */ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) { - WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; const Suites* suites; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) const CipherSuiteInfo* cipher_names = GetCipherNames(); int cipherSz = GetCipherNamesSize(); #endif @@ -21482,15 +16375,20 @@ /* check if stack needs populated */ if (ssl->suitesStack == NULL) { int i; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - int j; + + ((WOLFSSL*)ssl)->suitesStack = + wolfssl_sk_new_type_ex(STACK_TYPE_CIPHER, ssl->heap); + if (ssl->suitesStack == NULL) + return NULL; /* higher priority of cipher suite will be on top of stack */ - for (i = suites->suiteSz - 2; i >=0; i-=2) { +#if defined(OPENSSL_ALL) + for (i = suites->suiteSz - 2; i >=0; i-=2) #else - for (i = 0; i < suites->suiteSz; i+=2) { + for (i = 0; i < suites->suiteSz; i+=2) #endif - WOLFSSL_STACK* add; + { + struct WOLFSSL_CIPHER cipher; /* A couple of suites are placeholders for special options, * skip those. */ @@ -21500,39 +16398,36 @@ continue; } - add = wolfSSL_sk_new_node(ssl->heap); - if (add != NULL) { - add->type = STACK_TYPE_CIPHER; - add->data.cipher.cipherSuite0 = suites->suites[i]; - add->data.cipher.cipherSuite = suites->suites[i+1]; - add->data.cipher.ssl = ssl; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + XMEMSET(&cipher, 0, sizeof(cipher)); + cipher.cipherSuite0 = suites->suites[i]; + cipher.cipherSuite = suites->suites[i+1]; + cipher.ssl = ssl; +#if defined(OPENSSL_ALL) + cipher.in_stack = 1; + { + int j; for (j = 0; j < cipherSz; j++) { - if (cipher_names[j].cipherSuite0 == - add->data.cipher.cipherSuite0 && - cipher_names[j].cipherSuite == - add->data.cipher.cipherSuite) { - add->data.cipher.offset = (unsigned long)j; + if (cipher_names[j].cipherSuite0 == cipher.cipherSuite0 && + cipher_names[j].cipherSuite == cipher.cipherSuite) { + cipher.offset = (unsigned long)j; break; } } + } #endif - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - /* in_stack is checked in wolfSSL_CIPHER_description */ - add->data.cipher.in_stack = 1; - #endif - - add->next = ret; - if (ret != NULL) { - add->num = ret->num + 1; - } - else { - add->num = 1; - } - ret = add; + if (wolfSSL_sk_insert(ssl->suitesStack, &cipher, 0) <= 0) { + WOLFSSL_MSG("Error inserting cipher onto stack"); + wolfSSL_sk_CIPHER_free(ssl->suitesStack); + ((WOLFSSL*)ssl)->suitesStack = NULL; + break; } } - ((WOLFSSL*)ssl)->suitesStack = ret; + + /* If no ciphers were added, free empty stack and return NULL */ + if (ssl->suitesStack != NULL && wolfSSL_sk_num(ssl->suitesStack) == 0) { + wolfSSL_sk_CIPHER_free(ssl->suitesStack); + ((WOLFSSL*)ssl)->suitesStack = NULL; + } } return ssl->suitesStack; } @@ -21860,7 +16755,7 @@ goto end; if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz)) goto end; - if (XMEMCMP(mac, digest, mdSz) != 0) + if (ConstantCompare(mac, digest, (int)mdSz) != 0) goto end; /* Decrypt the ticket data in place. */ @@ -21985,179 +16880,6 @@ } #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) -#ifdef HAVE_OCSP -/* Not an OpenSSL API. */ -int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response) -{ - *response = ssl->ocspCsrResp[0].buffer; - return ssl->ocspCsrResp[0].length; -} - -/* Not an OpenSSL API. */ -char* wolfSSL_get_ocsp_url(WOLFSSL* ssl) -{ - return ssl->url; -} - -/* Not an OpenSSL API. */ -int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) -{ - if (ssl == NULL) - return WOLFSSL_FAILURE; - - ssl->url = url; - return WOLFSSL_SUCCESS; -} -#endif /* OCSP */ -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ - -#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) -int wolfSSL_get_ocsp_producedDate( - WOLFSSL *ssl, - byte *producedDate, - size_t producedDate_space, - int *producedDateFormat) -{ - if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && - (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) - return BAD_FUNC_ARG; - - if ((producedDate == NULL) || (producedDateFormat == NULL)) - return BAD_FUNC_ARG; - - if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space) - return BUFFER_E; - - XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, - producedDate_space); - *producedDateFormat = ssl->ocspProducedDateFormat; - - return 0; -} - -int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { - int idx = 0; - - if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && - (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) - return BAD_FUNC_ARG; - - if (produced_tm == NULL) - return BAD_FUNC_ARG; - - if (ExtractDate(ssl->ocspProducedDate, - (unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx)) - return 0; - else - return ASN_PARSE_E; -} -#endif - -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) -int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb) -{ - if (ctx == NULL || ctx->cm == NULL || cb == NULL) - return WOLFSSL_FAILURE; - -#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) - if (ctx->cm->ocsp_stapling == NULL) - return WOLFSSL_FAILURE; - - *cb = ctx->cm->ocsp_stapling->statusCb; -#else - (void)cb; - *cb = NULL; -#endif - - return WOLFSSL_SUCCESS; - -} - -int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb) -{ - if (ctx == NULL || ctx->cm == NULL) - return WOLFSSL_FAILURE; - -#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) - /* Ensure stapling is on for callback to be used. */ - wolfSSL_CTX_EnableOCSPStapling(ctx); - - if (ctx->cm->ocsp_stapling == NULL) - return WOLFSSL_FAILURE; - - ctx->cm->ocsp_stapling->statusCb = cb; -#else - (void)cb; -#endif - - return WOLFSSL_SUCCESS; -} - -long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg) -{ - if (ctx == NULL || ctx->cm == NULL) - return WOLFSSL_FAILURE; - -#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) - /* Ensure stapling is on for callback to be used. */ - wolfSSL_CTX_EnableOCSPStapling(ctx); - - if (ctx->cm->ocsp_stapling == NULL) - return WOLFSSL_FAILURE; - - ctx->cm->ocsp_stapling->statusCbArg = arg; -#else - (void)arg; -#endif - - return WOLFSSL_SUCCESS; -} - -long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char **resp) -{ - if (ssl == NULL || resp == NULL) - return 0; - - *resp = ssl->ocspCsrResp[0].buffer; - return (long)ssl->ocspCsrResp[0].length; -} - -long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char *resp, - int len) -{ - return wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, resp, len, 0); -} - -int wolfSSL_set_tlsext_status_ocsp_resp_multi(WOLFSSL* ssl, unsigned char *resp, - int len, word32 idx) -{ - if (ssl == NULL || idx >= XELEM_CNT(ssl->ocspCsrResp) || len < 0) - return WOLFSSL_FAILURE; - if (!((resp == NULL) ^ (len > 0))) - return WOLFSSL_FAILURE; - - XFREE(ssl->ocspCsrResp[idx].buffer, NULL, 0); - ssl->ocspCsrResp[idx].buffer = resp; - ssl->ocspCsrResp[idx].length = (word32)len; - - return WOLFSSL_SUCCESS; -} - -void wolfSSL_CTX_set_ocsp_status_verify_cb(WOLFSSL_CTX* ctx, - ocspVerifyStatusCb cb, void* cbArg) -{ - if (ctx != NULL) { - ctx->ocspStatusVerifyCb = cb; - ctx->ocspStatusVerifyCbArg = cbArg; - } -} -#endif - #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, @@ -22289,8 +17011,12 @@ for (i = 0; i < inLen; i += lenIn) { lenIn = in[i++]; + if (lenIn == 0 || i + lenIn > inLen) + break; for (j = 0; j < clientLen; j += lenClient) { lenClient = clientNames[j++]; + if (lenClient == 0 || j + lenClient > clientLen) + break; if (lenIn != lenClient) continue; @@ -22303,8 +17029,14 @@ } } - *out = (unsigned char *)clientNames + 1; - *outLen = clientNames[0]; + if (clientLen > 0 && (unsigned int)clientNames[0] + 1 <= clientLen) { + *out = (unsigned char *)clientNames + 1; + *outLen = clientNames[0]; + } + else { + *out = (unsigned char *)clientNames; + *outLen = 0; + } return WOLFSSL_NPN_NO_OVERLAP; } @@ -22418,7 +17150,7 @@ {CURVE_NAME("P-521"), WC_NID_secp521r1, WOLFSSL_ECC_SECP521R1}, {CURVE_NAME("K-160"), WC_NID_secp160k1, WOLFSSL_ECC_SECP160K1}, {CURVE_NAME("K-192"), WC_NID_secp192k1, WOLFSSL_ECC_SECP192K1}, - {CURVE_NAME("K-224"), WC_NID_secp224k1, WOLFSSL_ECC_SECP224R1}, + {CURVE_NAME("K-224"), WC_NID_secp224k1, WOLFSSL_ECC_SECP224K1}, {CURVE_NAME("K-256"), WC_NID_secp256k1, WOLFSSL_ECC_SECP256K1}, {CURVE_NAME("B-256"), WC_NID_brainpoolP256r1, WOLFSSL_ECC_BRAINPOOLP256R1}, @@ -22439,22 +17171,26 @@ {CURVE_NAME("ML_KEM_768"), WOLFSSL_ML_KEM_768, WOLFSSL_ML_KEM_768}, {CURVE_NAME("ML_KEM_1024"), WOLFSSL_ML_KEM_1024, WOLFSSL_ML_KEM_1024}, #if (defined(WOLFSSL_WC_MLKEM) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) + #ifdef WOLFSSL_PQC_HYBRIDS + {CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768, + WOLFSSL_SECP256R1MLKEM768}, + {CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024, + WOLFSSL_SECP384R1MLKEM1024}, + {CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768, + WOLFSSL_X25519MLKEM768}, + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS {CURVE_NAME("SecP256r1MLKEM512"), WOLFSSL_SECP256R1MLKEM512, WOLFSSL_SECP256R1MLKEM512}, {CURVE_NAME("SecP384r1MLKEM768"), WOLFSSL_SECP384R1MLKEM768, WOLFSSL_SECP384R1MLKEM768}, - {CURVE_NAME("SecP256r1MLKEM768"), WOLFSSL_SECP256R1MLKEM768, - WOLFSSL_SECP256R1MLKEM768}, {CURVE_NAME("SecP521r1MLKEM1024"), WOLFSSL_SECP521R1MLKEM1024, WOLFSSL_SECP521R1MLKEM1024}, - {CURVE_NAME("SecP384r1MLKEM1024"), WOLFSSL_SECP384R1MLKEM1024, - WOLFSSL_SECP384R1MLKEM1024}, {CURVE_NAME("X25519MLKEM512"), WOLFSSL_X25519MLKEM512, WOLFSSL_X25519MLKEM512}, {CURVE_NAME("X448MLKEM768"), WOLFSSL_X448MLKEM768, WOLFSSL_X448MLKEM768}, - {CURVE_NAME("X25519MLKEM768"), WOLFSSL_X25519MLKEM768, - WOLFSSL_X25519MLKEM768}, + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif #endif /* !WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER @@ -22549,7 +17285,7 @@ goto leave; } - eccSet = wc_ecc_get_curve_params(ret); + eccSet = wc_ecc_get_curve_params(nret); if (eccSet == NULL) { WOLFSSL_MSG("NULL set returned"); goto leave; @@ -22898,6 +17634,10 @@ #include "src/bio.c" #endif +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + word32 nid2oid(int nid, int grp) { /* get OID type */ @@ -23665,6 +18405,10 @@ return WOLFSSL_FATAL_ERROR; } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) + /* frees all nodes in the current threads error queue * * id thread id. ERR_remove_state is depreciated and id is ignored. The @@ -23681,144 +18425,6 @@ #endif /* OPENSSL_EXTRA */ -#ifdef OPENSSL_ALL - -#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - -static int bio_get_data(WOLFSSL_BIO* bio, byte** data) -{ - int ret = 0; - byte* mem = NULL; - - ret = wolfSSL_BIO_get_len(bio); - if (ret > 0) { - mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (mem == NULL) { - WOLFSSL_MSG("Memory error"); - ret = MEMORY_E; - } - if (ret >= 0) { - if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { - XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); - ret = MEMORY_E; - mem = NULL; - } - } - } - - *data = mem; - - return ret; -} - -/* DER data is PKCS#8 encrypted. */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, - WOLFSSL_EVP_PKEY** pkey, - wc_pem_password_cb* cb, - void* ctx) -{ - int ret; - byte* der; - int len; - byte* p; - word32 algId; - WOLFSSL_EVP_PKEY* key; - - if ((len = bio_get_data(bio, &der)) < 0) - return NULL; - - if (cb != NULL) { - char password[NAME_SZ]; - int passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); - if (passwordSz < 0) { - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wolfSSL_d2i_PKCS8PrivateKey_bio password", password, - passwordSz); - #endif - - ret = ToTraditionalEnc(der, (word32)len, password, passwordSz, &algId); - if (ret < 0) { - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return NULL; - } - - ForceZero(password, (word32)passwordSz); - #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Check(password, passwordSz); - #endif - } - - p = der; - key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len); - XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); - return key; -} - -#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ - -/* Detect which type of key it is before decoding. */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, - const unsigned char** pp, - long length) -{ - int ret; - WOLFSSL_EVP_PKEY* key = NULL; - const byte* der = *pp; - word32 idx = 0; - int len = 0; - int cnt = 0; - word32 algId; - word32 keyLen = (word32)length; - - /* Take off PKCS#8 wrapper if found. */ - if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) { - der += idx; - keyLen = (word32)len; - } - idx = 0; - len = 0; - - /* Use the number of elements in the outer sequence to determine key type. - */ - ret = GetSequence(der, &idx, &len, keyLen); - if (ret >= 0) { - word32 end = idx + (word32)len; - while (ret >= 0 && idx < end) { - /* Skip type */ - idx++; - /* Get length and skip over - keeping count */ - len = 0; - ret = GetLength(der, &idx, &len, keyLen); - if (ret >= 0) { - if (idx + (word32)len > end) - ret = ASN_PARSE_E; - else { - idx += (word32)len; - cnt++; - } - } - } - } - - if (ret >= 0) { - int type; - /* ECC includes version, private[, curve][, public key] */ - if (cnt >= 2 && cnt <= 4) - type = WC_EVP_PKEY_EC; - else - type = WC_EVP_PKEY_RSA; - - key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); - *pp = der; - } - - return key; -} -#endif /* OPENSSL_ALL */ - #ifdef WOLFSSL_STATIC_EPHEMERAL int wolfSSL_StaticEphemeralKeyLoad(WOLFSSL* ssl, int keyAlgo, void* keyPtr) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_cert.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_cert.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_cert.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_cert.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1761 @@ +/* ssl_api_cert.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(WOLFSSL_SSL_API_CERT_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_api_cert.c is not compiled separately from ssl.c + #endif +#else + +#ifndef NO_CERTS + +/* Set whether mutual authentication is required for connections. + * Server side only. + * + * @param [in] ctx The SSL/TLS CTX object. + * @param [in] req 1 to indicate required and 0 when not. + * @return 0 on success. + * @return BAD_FUNC_ARG when ctx is NULL. + * @return SIDE_ERROR when not a server. + */ +int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req) +{ + if (ctx == NULL) + return BAD_FUNC_ARG; + if (ctx->method->side != WOLFSSL_SERVER_END) + return SIDE_ERROR; + + ctx->mutualAuth = (byte)req; + + return 0; +} + +/* Set whether mutual authentication is required for the connection. + * Server side only. + * + * @param [in] ssl The SSL/TLS object. + * @param [in] req 1 to indicate required and 0 when not. + * @return 0 on success. + * @return BAD_FUNC_ARG when ssl is NULL. + * @return SIDE_ERROR when not a server + */ +int wolfSSL_mutual_auth(WOLFSSL* ssl, int req) +{ + if (ssl == NULL) + return BAD_FUNC_ARG; + if (ssl->options.side != WOLFSSL_SERVER_END) + return SIDE_ERROR; + + ssl->options.mutualAuth = (word16)req; + + return 0; +} + +/* Get the certificate manager from the WOLFSSL_CTX. + * + * @param [in] ctx SSL/TLS CTX object. + * @return Certificate manager object on success. + * @return NULL when ctx is NULL. + */ +WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx) +{ + WOLFSSL_CERT_MANAGER* cm = NULL; + + if (ctx) + cm = ctx->cm; + + return cm; +} + +/* Sets the max chain depth when verifying a certificate chain. + * + * Default depth is set to MAX_CHAIN_DEPTH. + * + * @param [in] ctx WOLFSSL_CTX structure to set depth in + * @param [in] depth max depth + */ +void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); + + if ((ctx == NULL) || (depth < 0) || (depth > MAX_CHAIN_DEPTH)) { + WOLFSSL_MSG("Bad depth argument, too large or less than 0"); + } + else { + ctx->verifyDepth = (byte)depth; + } +} + + +/* Get certificate chaining depth of SSL/TLS context object + * + * @param [in] ctx SSL/TLS context object. + * @return Verification depth on success. + * @return BAD_FUNC_ARG when ctx is NULL. + */ +long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx) +{ + long ret; + + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + #ifndef OPENSSL_EXTRA + ret = MAX_CHAIN_DEPTH; + #else + ret = ctx->verifyDepth; + #endif + } + + return ret; +} + +/* Get certificate chaining depth of SSL/TLS object + * + * @param [in] ssl SSL/TLS object. + * @return Verification depth on success. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +long wolfSSL_get_verify_depth(WOLFSSL* ssl) +{ + long ret; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + #ifndef OPENSSL_EXTRA + ret = MAX_CHAIN_DEPTH; + #else + ret = ssl->options.verifyDepth; + #endif + } + + return ret; +} + +#if defined(HAVE_RPK) +/* TODO: Change this to use a bitfield. */ + +/* Confirm that all the byte data in the buffer is unique. + * + * @param [in] buf Buffer to check. + * @param [in] len Length of buffer in bytes. + * @return 1 if all the byte data in the buffer is unique. + * @return 0 otherwise. + */ +static int isArrayUnique(const char* buf, size_t len) +{ + size_t i; + /* check the array is unique */ + for (i = 0; i < len - 1; ++i) { + size_t j; + for (j = i + 1; j < len; ++j) { + if (buf[i] == buf[j]) { + return 0; + } + } + } + return 1; +} +/* Set user preference for the {client,server}_cert_type extension. + * + * Takes byte array containing cert types the caller can provide to its peer. + * Cert types are in preferred order in the array. + * + * @param [in] cfg Raw Public Key configuration. + * @param [in] client Indicates whether this is the client side. + * @param [in] buf List of certificate types. + * @param [in] len Length of certificate types. + * @return 1 on success. + * @return BAD_FUNC_ARG when cfg is NULL. + * @return BAD_FUNC_ARG when len is too long. + * @return BAD_FUNC_ARG when buffer values are not unique. + * @return BAD_FUNC_ARG when buffer contains unrecognized certificate type. + */ +static int set_cert_type(RpkConfig* cfg, int client, const char* buf, + int len) +{ + int i; + byte* certTypeCnt; + byte* certTypes; + + /* Validate parameters. */ + if ((cfg == NULL) || (len > (client ? MAX_CLIENT_CERT_TYPE_CNT : + MAX_SERVER_CERT_TYPE_CNT))) { + return BAD_FUNC_ARG; + } + + /* Get preferred certificate types for side. */ + if (client) { + certTypeCnt = &cfg->preferred_ClientCertTypeCnt; + certTypes = cfg->preferred_ClientCertTypes; + } + else { + certTypeCnt = &cfg->preferred_ServerCertTypeCnt; + certTypes = cfg->preferred_ServerCertTypes; + } + /* If no buffer or empty buffer passed in, set the defaults. */ + if ((buf == NULL) || (len == 0)) { + *certTypeCnt = 1; + for (i = 0; i < 2; i++) { + certTypes[i] = WOLFSSL_CERT_TYPE_X509; + } + return 1; + } + + /* Check that the certificate types set are unique. */ + if (!isArrayUnique(buf, (size_t)len)) + return BAD_FUNC_ARG; + + /* Check that the certificate types being set are known and then set. */ + for (i = 0; i < len; i++) { + if ((buf[i] != WOLFSSL_CERT_TYPE_RPK) && + (buf[i] != WOLFSSL_CERT_TYPE_X509)) { + return BAD_FUNC_ARG; + } + certTypes[i] = (byte)buf[i]; + } + *certTypeCnt = len; + + return 1; +} +/* Set the client certificate types against the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] buf List of certificate types. + * @param [in] len Length of certificate types. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx is NULL. + * @return BAD_FUNC_ARG when len is too long. + * @return BAD_FUNC_ARG when buffer values are not unique. + * @return BAD_FUNC_ARG when buffer contains unrecognized certificate type. + */ +int wolfSSL_CTX_set_client_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len) +{ + int ret; + + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = set_cert_type(&ctx->rpkConfig, 1, buf, len); + } + + return ret; +} +/* Set the server certificate types against the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] buf List of certificate types. + * @param [in] len Length of certificate types. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx is NULL. + * @return BAD_FUNC_ARG when len is too long. + * @return BAD_FUNC_ARG when buffer values are not unique. + * @return BAD_FUNC_ARG when buffer contains unrecognized certificate type. + */ +int wolfSSL_CTX_set_server_cert_type(WOLFSSL_CTX* ctx, const char* buf, int len) +{ + int ret; + + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = set_cert_type(&ctx->rpkConfig, 0, buf, len); + } + + return ret; +} +/* Set the client certificate types against the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] buf List of certificate types. + * @param [in] len Length of certificate types. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl is NULL. + * @return BAD_FUNC_ARG when len is too long. + * @return BAD_FUNC_ARG when buffer values are not unique. + * @return BAD_FUNC_ARG when buffer contains unrecognized certificate type. + */ +int wolfSSL_set_client_cert_type(WOLFSSL* ssl, const char* buf, int len) +{ + int ret; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = set_cert_type(&ssl->options.rpkConfig, 1, buf, len); + } + + return ret; +} +/* Set the server certificate types against the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] buf List of certificate types. + * @param [in] len Length of certificate types. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl is NULL. + * @return BAD_FUNC_ARG when len is too long. + * @return BAD_FUNC_ARG when buffer values are not unique. + * @return BAD_FUNC_ARG when buffer contains unrecognized certificate type. + */ +int wolfSSL_set_server_cert_type(WOLFSSL* ssl, const char* buf, int len) +{ + int ret; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = set_cert_type(&ssl->options.rpkConfig, 0, buf, len); + } + + return ret; +} + +/* Get negotiated client certificate type value. + * + * WOLFSSL_CERT_TYPE_UNKNOWN returned when no negotiation has been performed. + * + * @param [in] ssl SSL/TLS object. + * @param [out] tp Certificate type. One of: + * -1: WOLFSSL_CERT_TYPE_UNKNOWN + * 0: WOLFSSL_CERT_TYPE_X509 + * 2: WOLFSSL_CERT_TYPE_RPK + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl or tp is NULL. + */ +int wolfSSL_get_negotiated_client_cert_type(WOLFSSL* ssl, int* tp) +{ + int ret = 1; + + /* Validate parameters. */ + if ((ssl == NULL) || (tp == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check side. */ + else if (ssl->options.side == WOLFSSL_CLIENT_END) { + /* Check certificate type negotiated. */ + if (ssl->options.rpkState.received_ClientCertTypeCnt == 1) { + *tp = ssl->options.rpkState.received_ClientCertTypes[0]; + } + else { + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; + } + } + /* Check certificate type negotiated. */ + else if (ssl->options.rpkState.sending_ClientCertTypeCnt == 1) { + *tp = ssl->options.rpkState.sending_ClientCertTypes[0]; + } + else { + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; + } + + return ret; +} + +/* Get negotiated server certificate type value. + * + * WOLFSSL_CERT_TYPE_UNKNOWN returned when no negotiation has been performed. + * + * @param [in] ssl SSL/TLS object. + * @param [out] tp Certificate type. One of: + * -1: WOLFSSL_CERT_TYPE_UNKNOWN + * 0: WOLFSSL_CERT_TYPE_X509 + * 2: WOLFSSL_CERT_TYPE_RPK + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl or tp is NULL. + */ +int wolfSSL_get_negotiated_server_cert_type(WOLFSSL* ssl, int* tp) +{ + int ret = 1; + + /* Validate parameters. */ + if ((ssl == NULL) || (tp == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check side. */ + else if (ssl->options.side == WOLFSSL_CLIENT_END) { + /* Check certificate type negotiated. */ + if (ssl->options.rpkState.received_ServerCertTypeCnt == 1) { + *tp = ssl->options.rpkState.received_ServerCertTypes[0]; + } + else { + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; + } + } + /* Check certificate type negotiated. */ + else if (ssl->options.rpkState.sending_ServerCertTypeCnt == 1) { + *tp = ssl->options.rpkState.sending_ServerCertTypes[0]; + } + else { + *tp = WOLFSSL_CERT_TYPE_UNKNOWN; + } + return ret; +} +#endif /* HAVE_RPK */ + +/* Certificate verification options. */ +typedef struct { + /* Verify the peer certificate. */ + byte verifyPeer:1; + /* No peer certificate verification. */ + byte verifyNone:1; + /* Fail when no peer certificate seen. */ + byte failNoCert:1; + /* Fail when no peer certificate except when PSK handshake performed. */ + byte failNoCertxPSK:1; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + /* Verify peer certificate post handshake. */ + byte verifyPostHandshake:1; +#endif +} SetVerifyOptions; + +/* Convert the mode flags into certificate verification options. + * + * @param [in] mode Certificate verification mode flags. + * @return Certificate verification options. + */ +static SetVerifyOptions ModeToVerifyOptions(int mode) +{ + SetVerifyOptions opts; + + /* Set the options to the default - none set. */ + XMEMSET(&opts, 0, sizeof(SetVerifyOptions)); + + /* When the mode is not default - set the options. */ + if (mode != WOLFSSL_VERIFY_DEFAULT) { + opts.verifyNone = (mode == WOLFSSL_VERIFY_NONE); + /* When not no verification, set the chosen options. */ + if (!opts.verifyNone) { + opts.verifyPeer = + (mode & WOLFSSL_VERIFY_PEER) != 0; + opts.failNoCertxPSK = + (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) != 0; + opts.failNoCert = + (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) != 0; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + opts.verifyPostHandshake = + (mode & WOLFSSL_VERIFY_POST_HANDSHAKE) != 0; +#endif + } + } + + return opts; +} + +/* Set the verification options against the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] mode Verification mode options. + * @param [in] verify_callback Verification callback. + */ +WOLFSSL_ABI void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, + VerifyCallback verify_callback) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_verify"); + + /* Ensure we have an SSL/TLS context to work with. */ + if (ctx != NULL) { + SetVerifyOptions opts = ModeToVerifyOptions(mode); + + /* Set the bitfield options. */ + ctx->verifyNone = opts.verifyNone; + ctx->verifyPeer = opts.verifyPeer; + ctx->failNoCert = opts.failNoCert; + ctx->failNoCertxPSK = opts.failNoCertxPSK; + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ctx->verifyPostHandshake = opts.verifyPostHandshake; + #endif + + /* Store the user verification callback against the context. */ + ctx->verifyCallback = verify_callback; + } +} + +#ifdef OPENSSL_ALL +/* Set certificate verification callback and context against SSL/TLS context. + * + * @param [in] ctx SSL/TLS context object. + * @param [in] cb Certificate verification callback. + * @param [in] arg Context for certification verification callback. + */ +void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx, + CertVerifyCallback cb, void* arg) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_cert_verify_callback"); + + /* Ensure we have an SSL/TLS context to work with. */ + if (ctx != NULL) { + ctx->verifyCertCb = cb; + ctx->verifyCertCbArg = arg; + } +} +#endif + +/* Set the verification options against the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] mode Verification mode options. + * @param [in] verify_callback Verification callback. + */ +void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback verify_callback) +{ + WOLFSSL_ENTER("wolfSSL_set_verify"); + + /* Ensure we have an SSL/TLS object to work with. */ + if (ssl != NULL) { + SetVerifyOptions opts = ModeToVerifyOptions(mode); + + /* Set the bitfield options. */ + ssl->options.verifyNone = opts.verifyNone; + ssl->options.verifyPeer = opts.verifyPeer; + ssl->options.failNoCert = opts.failNoCert; + ssl->options.failNoCertxPSK = opts.failNoCertxPSK; + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ssl->options.verifyPostHandshake = opts.verifyPostHandshake; + #endif + + /* Store the user verification callback against the object. */ + ssl->verifyCallback = verify_callback; + } +} + +/* Set the certificate verification result for the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] v Verification result. + */ +void wolfSSL_set_verify_result(WOLFSSL *ssl, long v) +{ + WOLFSSL_ENTER("wolfSSL_set_verify_result"); + + /* Ensure we have an SSL/TLS object to work with. */ + if (ssl != NULL) { + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + ssl->peerVerifyRet = (unsigned long)v; + #else + WOLFSSL_STUB("wolfSSL_set_verify_result"); + (void)v; + #endif + } +} + +/* Store user ctx for verify callback into SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] userCtx User context for verify callback. + */ +void wolfSSL_CTX_SetCertCbCtx(WOLFSSL_CTX* ctx, void* userCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCertCbCtx"); + + /* Validate parameters. */ + if (ctx != NULL) { + ctx->verifyCbCtx = userCtx; + } +} + +/* Store user ctx for verify callback into SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx User context for verify callback. + */ +void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_SetCertCbCtx"); + + /* Validate parameters. */ + if (ssl != NULL) { + ssl->verifyCbCtx = ctx; + } +} + + + +/* Store context CA Cache addition callback into SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] userCtx User context for verify callback. + */ +void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb) +{ + /* Validate parameters. */ + if ((ctx != NULL) && (ctx->cm != NULL)) { + ctx->cm->caCacheCallback = cb; + } +} + +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_POST_HANDSHAKE_AUTH) +/* For TLS v1.3, send authentication messages after handshake completes. + * + * @return 1 on success. + * @return UNSUPPORTED_PROTO_VERSION when not a TLSv1.3 handshake. + * @return 0 on other failure. + */ +int wolfSSL_verify_client_post_handshake(WOLFSSL* ssl) +{ + int ret; + + /* Do request of certificate. */ + ret = wolfSSL_request_certificate(ssl); + if (ret != 1) { + /* Special logging for wrong protocol version. */ + if ((ssl != NULL) && !IsAtLeastTLSv1_3(ssl->version)) { + WOLFSSL_ERROR(UNSUPPORTED_PROTO_VERSION); + } + else { + /* Other errors - return 0. */ + WOLFSSL_ERROR(ret); + } + ret = 0; + } + + return ret; +} + +/* Set whether handshakes from this SSL/TLS context allow auth post handshake. + * + * @param [in] ctx SSL/TLS context. + * @param [in] val Whether to allow post handshake authentication. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_set_post_handshake_auth(WOLFSSL_CTX* ctx, int val) +{ + int ret; + + /* Try to allow - really just checking conditions. */ + if (wolfSSL_CTX_allow_post_handshake_auth(ctx) == 0) { + /* Set value as a bit. */ + ctx->postHandshakeAuth = (val != 0); + ret = 1; + } + else { + ret = 0; + } + + return ret; +} +/* Set whether handshakes with this SSL/TLS object allow auth post handshake. + * + * @param [in] ctx SSL/TLS context. + * @param [in] val Whether to allow post handshake authentication. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_set_post_handshake_auth(WOLFSSL* ssl, int val) +{ + int ret; + + /* Try to allow - really just checking conditions. */ + if (wolfSSL_allow_post_handshake_auth(ssl) == 0) { + /* Set value as a bit. */ + ssl->options.postHandshakeAuth = (val != 0); + ret = 1; + } + else { + ret = 0; + } + + return ret; +} +#endif /* OPENSSL_EXTRA && WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */ + +#if defined(PERSIST_CERT_CACHE) + +#if !defined(NO_FILESYSTEM) + +/* Persist certificate cache in SSL/TLS context to file. + * + * @param [in] ctx SSL/TLS context. + * @param [in] fname Filename so store certificate cache to. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or fname is NULL. + * @return Other values on failure. + */ +int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache"); + + /* Validate parameters. */ + if ((ctx == NULL) || (fname == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Save certificate cache. */ + ret = CM_SaveCertCache(ctx->cm, fname); + } + + return ret; +} + + +/* Load certificate cache into SSL/TLS context from file. + * + * @param [in] ctx SSL/TLS context. + * @param [in] fname Filename so store certificate cache to. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or fname is NULL. + * @return Other values on failure. + */ +int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache"); + + /* Validate parameters. */ + if ((ctx == NULL) || (fname == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Restore certificate cache. */ + ret = CM_RestoreCertCache(ctx->cm, fname); + } + + return ret; +} + +#endif /* NO_FILESYSTEM */ + +/* Persist certificate cache in SSL/TLS context to memory. + * + * @param [in] ctx SSL/TLS context. + * @param [in] mem Memory to fill with certificate cache. + * @param [in] sz Size of memory to fill in bytes. + * @param [out] used The number of bytes of memory used. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx, mem or used is NULL. + * @return BAD_FUNC_ARG when sz is less than or equal to zero. + * @return Other values on failure. + */ +int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, + int sz, int* used) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache"); + + /* Validate parameters. */ + if ((ctx == NULL) || (mem == NULL) || (used == NULL) || (sz <= 0)) { + ret = BAD_FUNC_ARG; + } + else { + /* Persist certificate change to memory. */ + ret = CM_MemSaveCertCache(ctx->cm, mem, sz, used); + } + + return ret; +} + + +/* Load certificate cache into SSL/TLS context from memory. + * + * @param [in] ctx SSL/TLS context. + * @param [in] mem Memory with certificate cache. + * @param [in] sz Size of certificate cache in bytes + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or mem is NULL. + * @return BAD_FUNC_ARG when sz is less than or equal to zero. + * @return Other values on failure. + */ +int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache"); + + /* Validate parameters. */ + if ((ctx == NULL) || (mem == NULL) || (sz <= 0)) { + ret = BAD_FUNC_ARG; + } + else { + /* Restore certificate cache. */ + ret = CM_MemRestoreCertCache(ctx->cm, mem, sz); + } + + return ret; +} + + +/* Get size of certificate cache when persisted. + * + * @param [in] ctx SSL/TLS context. + * @return Size of certificate cache when pesisted in bytes. + * @return BAD_FUNC_ARG when ctx is NULL. + */ +int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize"); + + /* Validate parameter. */ + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + /* Get size. */ + ret = CM_GetCertCacheMemSize(ctx->cm); + } + + return ret; +} + +#endif /* PERSIST_CERT_CACHE */ + +/* Unload certificates and keys that the SSL/TLS object owns. + * + * The WOLFSSL_CTX referenced is untouched. + * + * @param [in] ssl SSL/TLS object. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl is NULL. + */ +int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl) +{ + int ret = 1; + + /* Validate parameter. */ + if (ssl == NULL) { + WOLFSSL_MSG("Null function arg"); + ret = BAD_FUNC_ARG; + } + else { + if (ssl->buffers.weOwnCert && !ssl->keepCert) { + WOLFSSL_MSG("Unloading cert"); + FreeDer(&ssl->buffers.certificate); + #ifdef KEEP_OUR_CERT + wolfSSL_X509_free(ssl->ourCert); + ssl->ourCert = NULL; + #endif + ssl->buffers.weOwnCert = 0; + } + + if (ssl->buffers.weOwnCertChain) { + WOLFSSL_MSG("Unloading cert chain"); + FreeDer(&ssl->buffers.certChain); + ssl->buffers.weOwnCertChain = 0; + } + + if (ssl->buffers.weOwnKey) { + WOLFSSL_MSG("Unloading key"); + if (ssl->buffers.key != NULL && ssl->buffers.key->buffer != NULL) + ForceZero(ssl->buffers.key->buffer, ssl->buffers.key->length); + FreeDer(&ssl->buffers.key); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.keyMask); + #endif + ssl->buffers.weOwnKey = 0; + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + if (ssl->buffers.weOwnAltKey) { + WOLFSSL_MSG("Unloading alt key"); + if (ssl->buffers.altKey != NULL && + ssl->buffers.altKey->buffer != NULL) { + ForceZero(ssl->buffers.altKey->buffer, + ssl->buffers.altKey->length); + } + FreeDer(&ssl->buffers.altKey); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + FreeDer(&ssl->buffers.altKeyMask); + #endif + ssl->buffers.weOwnAltKey = 0; + } + #endif /* WOLFSSL_DUAL_ALG_CERTS */ + } + + return ret; +} + +/* Unload CAs from the certificate manager of the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or ctx->cm is NULL. + * @return BAD_MUTEX_E when locking fails. + */ +int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs"); + + /* Validate parameter. */ + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = wolfSSL_CertManagerUnloadCAs(ctx->cm); + } + + return ret; +} + +/* Unload Intermediate CAs from the certificate manager of the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or ctx->cm is NULL. + * @return BAD_MUTEX_E when locking fails. + */ +int wolfSSL_CTX_UnloadIntermediateCerts(WOLFSSL_CTX* ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_UnloadIntermediateCerts"); + + /* Validate parameter. */ + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + /* Lock reference count. */ + else if ((ret = wolfSSL_RefWithMutexLock(&ctx->ref)) == 0) { + /* Must not have another reference for this operation to be done. */ + if (ctx->ref.count > 1) { + WOLFSSL_MSG("ctx object must have a ref count of 1 before " + "unloading intermediate certs"); + ret = BAD_STATE_E; + } + else { + ret = wolfSSL_CertManagerUnloadIntermediateCerts(ctx->cm); + } + + /* Unlock reference count. */ + if (wolfSSL_RefWithMutexUnlock(&ctx->ref) != 0) { + WOLFSSL_MSG("Failed to unlock mutex!"); + } + } + + return ret; +} + + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Unload trusted peers from the certificate manager of the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx or ctx->cm is NULL. + * @return BAD_MUTEX_E when locking fails. + */ +int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + + /* Validate parameter. */ + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ret = wolfSSL_CertManagerUnload_trust_peers(ctx->cm); + } + + return ret; +} + +#ifdef WOLFSSL_LOCAL_X509_STORE +/* Unload trusted peers from the certificate manager of the SSL/TLS object. + * + * @param [in] ctx SSL/TLS context. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl is NULL. + * @return BAD_MUTEX_E when locking fails. + */ +int wolfSSL_Unload_trust_peers(WOLFSSL* ssl) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers"); + + /* Validate parameter. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + /* Output message when certificate manager for object. */ + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerUnload_trust_peers(SSL_CM(ssl)); + } + + return ret; +} +#endif /* WOLFSSL_LOCAL_X509_STORE */ +#endif /* WOLFSSL_TRUST_PEER_CERT */ + +#ifndef WOLFSSL_NO_CA_NAMES +/* Add a CA certificate to the list of CA names. + * + * @param [in, out] ca_names List of CA certificate subject names. + * @param [in] x509 X509 certificate. + * @return 1 on success. + * @return 0 on failure. + */ +static int add_to_ca_names_list(WOLFSSL_STACK* ca_names, WOLFSSL_X509* x509) +{ + int ret = 1; + WOLFSSL_X509_NAME *nameCopy = NULL; + + nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(x509)); + if (nameCopy == NULL) { + WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); + ret = 0; + } + else if (wolfSSL_sk_X509_NAME_push(ca_names, nameCopy) <= 0) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); + wolfSSL_X509_NAME_free(nameCopy); + ret = 0; + } + + return ret; +} + +/* Add a client's CA to SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] x509 X509 certificate. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); + + /* Validate parameters. */ + if ((ctx == NULL) || (x509 == NULL)) { + WOLFSSL_MSG("Bad argument"); + ret = 0; + } + /* Create a stack of names if not present. */ + else if (ctx->client_ca_names == NULL) { + ctx->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); + if (ctx->client_ca_names == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + ret = 0; + } + } + if (ret == 1) { + /* Add certificate's subject name to client CA name list. */ + ret = add_to_ca_names_list(ctx->client_ca_names, x509); + } + + return ret; +} + +/* Add a client's CA to SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] x509 X509 certificate. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_add_client_CA(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_add_client_CA"); + + /* Validate parameters. */ + if ((ssl == NULL) || (x509 == NULL)) { + WOLFSSL_MSG("Bad argument"); + ret = 0; + } + /* Create a stack of names if not present. */ + else if (ssl->client_ca_names == NULL) { + ssl->client_ca_names = wolfSSL_sk_X509_NAME_new(NULL); + if (ssl->client_ca_names == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + ret = 0; + } + } + if (ret == 1) { + /* Add certificate's subject name to client CA name list. */ + ret = add_to_ca_names_list(ssl->client_ca_names, x509); + } + + return ret; +} + +/* Add a CA to SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] x509 X509 certificate. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_add1_to_CA_list(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_CTX_add1_to_CA_list"); + + /* Validate parameters. */ + if ((ctx == NULL) || (x509 == NULL)) { + WOLFSSL_MSG("Bad argument"); + ret = 0; + } + /* Create a stack of names if not present. */ + else if (ctx->ca_names == NULL) { + ctx->ca_names = wolfSSL_sk_X509_NAME_new(NULL); + if (ctx->ca_names == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + ret = 0; + } + } + if (ret == 1) { + /* Add certificate's subject name to CA name list. */ + ret = add_to_ca_names_list(ctx->ca_names, x509); + } + + return ret; +} + +/* Add a CA to SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] x509 X509 certificate. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_add1_to_CA_list(WOLFSSL* ssl, WOLFSSL_X509* x509) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_add1_to_CA_list"); + + /* Validate parameters. */ + if ((ssl == NULL) || (x509 == NULL)) { + WOLFSSL_MSG("Bad argument"); + ret = 0; + } + /* Create a stack of names if not present. */ + else if (ssl->ca_names == NULL) { + ssl->ca_names = wolfSSL_sk_X509_NAME_new(NULL); + if (ssl->ca_names == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + ret = 0; + } + } + if (ret == 1) { + /* Add certificate's subject name to CA name list. */ + ret = add_to_ca_names_list(ssl->ca_names, x509); + } + + return ret; +} + +/* Set the client CA list into SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] names List of CA subject names. + */ +void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list"); + + /* Validate parameters. */ + if (ctx != NULL) { + /* Dispose of any existing list. */ + wolfSSL_sk_X509_NAME_pop_free(ctx->client_ca_names, NULL); + /* Take ownership of names list. */ + ctx->client_ca_names = names; + } +} + +/* Set the client CA list into SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] names List of CA subject names. + */ +void wolfSSL_set_client_CA_list(WOLFSSL* ssl, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) +{ + WOLFSSL_ENTER("wolfSSL_set_client_CA_list"); + + /* Validate parameters. */ + if (ssl != NULL) { + /* Dispose of any existing list if the object owns it. */ + if (ssl->client_ca_names != ssl->ctx->client_ca_names) { + wolfSSL_sk_X509_NAME_pop_free(ssl->client_ca_names, NULL); + } + /* Take ownership of names list. */ + ssl->client_ca_names = names; + } +} + +/* Set the CA list into SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] names List of CA subject names. + */ +void wolfSSL_CTX_set0_CA_list(WOLFSSL_CTX* ctx, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set0_CA_list"); + + /* Validate parameters. */ + if (ctx != NULL) { + /* Dispose of any existing list. */ + wolfSSL_sk_X509_NAME_pop_free(ctx->ca_names, NULL); + /* Take ownership of names list. */ + ctx->ca_names = names; + } +} + +/* Set the client CA list into SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] names List of CA subject names. + */ +void wolfSSL_set0_CA_list(WOLFSSL* ssl, + WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) +{ + WOLFSSL_ENTER("wolfSSL_set0_CA_list"); + + /* Validate parameters. */ + if (ssl != NULL) { + /* Dispose of any existing list if the object owns it. */ + if (ssl->ca_names != ssl->ctx->ca_names) { + wolfSSL_sk_X509_NAME_pop_free(ssl->ca_names, NULL); + } + /* Take ownership of names list. */ + ssl->ca_names = names; + } +} + +/* Get the list of client CA subject names from the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return List of CA subject names on success. + * @return NULL when ctx is NULL or no names set. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list( + const WOLFSSL_CTX *ctx) +{ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret; + + WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list"); + + /* Validate parameter. */ + if (ctx == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get_client_CA_list"); + ret = NULL; + } + else { + ret = ctx->client_ca_names; + } + + return ret; +} + +/* Get the list of client CA subject names from the SSL/TLS object. + * + * On server side: returns the CAs set via *_set_client_CA_list(); + * On client side: returns the CAs received from server -- same as + * wolfSSL_get0_peer_CA_list(). + * + * @param [in] ssl SSL/TLS object. + * @return List of CA subject names on success. + * @return NULL when ssl is NULL or no names set. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(const WOLFSSL* ssl) +{ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret; + + WOLFSSL_ENTER("wolfSSL_get_client_CA_list"); + + /* Validate parameter. */ + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list"); + ret = NULL; + } + /* Client side return peer CA names. */ + else if (ssl->options.side == WOLFSSL_CLIENT_END) { + ret = ssl->peer_ca_names; + } + /* Server side return client CA names. */ + else { + ret = SSL_CLIENT_CA_NAMES(ssl); + } + + return ret; +} + +/* Get the list of CA subject names from the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return List of CA subject names on success. + * @return NULL when ctx is NULL or no names set. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get0_CA_list( + const WOLFSSL_CTX *ctx) +{ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret; + + WOLFSSL_ENTER("wolfSSL_CTX_get0_CA_list"); + + /* Validate parameter. */ + if (ctx == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_CTX_get0_CA_list"); + ret = NULL; + } + else { + /* Return list directly. */ + ret = ctx->ca_names; + } + + return ret; +} + +/* Get the list of CA subject names from the SSL/TLS object. + * + * Always returns the CA's set via *_set0_CA_list. + * + * @param [in] ssl SSL/TLS object. + * @return List of CA subject names on success. + * @return NULL when ssl is NULL or no names set. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_CA_list(const WOLFSSL *ssl) +{ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret; + + WOLFSSL_ENTER("wolfSSL_get0_CA_list"); + + /* Validate parameter. */ + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_CA_list"); + ret = NULL; + } + else { + /* Return list directly from object, if available, or context. */ + ret = SSL_CA_NAMES(ssl); + } + + return ret; +} + +/* Get the list of peer CA subject names from the SSL/TLS object. + * + * Always returns the CA's received from the peer. + * + * @param [in] ssl SSL/TLS object. + * @return List of CA subject names on success. + * @return NULL when ssl is NULL or no names set. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get0_peer_CA_list(const WOLFSSL* ssl) +{ + WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret; + + WOLFSSL_ENTER("wolfSSL_get0_peer_CA_list"); + + /* Validate parameter. */ + if (ssl == NULL) { + WOLFSSL_MSG("Bad argument passed to wolfSSL_get0_peer_CA_list"); + ret = NULL; + } + else { + /* Return list directly from object. */ + ret = ssl->peer_ca_names; + } + + return ret; +} + +#ifndef NO_BIO +/* Load the client CA subject names from file. + * + * @param [in] fname Name of file containing client CA certificates. + * @return A list of certificate names on success. + * @return NULL on error. + */ +WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname) +{ + /* The webserver build is using this to load a CA into the server + * for client authentication as an option. Have this return NULL in + * that case. If OPENSSL_EXTRA is enabled, go ahead and include + * the function. */ +#ifdef OPENSSL_EXTRA + WOLFSSL_STACK *list = NULL; + WOLFSSL_BIO* bio = NULL; + WOLFSSL_X509 *cert = NULL; + int err = 0; + unsigned long error; + + WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); + + /* Create a file BIO to read. */ + bio = wolfSSL_BIO_new_file(fname, "rb"); + if (bio == NULL) { + WOLFSSL_MSG("wolfSSL_BIO_new_file error"); + err = 1; + } + + if (!err) { + /* Create an empty list of certificate names - default compare cb. */ + list = wolfSSL_sk_X509_NAME_new(NULL); + if (list == NULL) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_new error"); + err = 1; + } + } + + /* Read each certificate in the chain out of the file. */ + while (!err && wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) { + WOLFSSL_X509_NAME *nameCopy; + + /* Need a persistent copy of the subject name. */ + nameCopy = wolfSSL_X509_NAME_dup(wolfSSL_X509_get_subject_name(cert)); + if (nameCopy == NULL) { + WOLFSSL_MSG("wolfSSL_X509_NAME_dup error"); + err = 1; + } + else { + /* Original certificate will be freed - clear reference to it. */ + nameCopy->x509 = NULL; + + if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) { + WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); + /* Name not stored - free now as only place needing to. */ + wolfSSL_X509_NAME_free(nameCopy); + err = 1; + } + } + + /* Dispose of certificate read. */ + wolfSSL_X509_free(cert); + cert = NULL; + } + + /* Clear any error due to no more certificates. */ + CLEAR_ASN_NO_PEM_HEADER_ERROR(error); + + if (err) { + /* Error occurred so return NULL. */ + wolfSSL_sk_X509_NAME_pop_free(list, NULL); + list = NULL; + } + wolfSSL_BIO_free(bio); + return list; +#else + (void)fname; + return NULL; +#endif +} +#endif /* !NO_BIO */ +#endif /* WOLFSSL_NO_CA_NAMES */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +/* Get the certificate store of the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return X509 certificate store on success. + * @return NULL when ctx is NULL. + */ +WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(const WOLFSSL_CTX* ctx) +{ + WOLFSSL_X509_STORE* ret; + + /* Validate parameter. */ + if (ctx == NULL) { + ret = NULL; + } + /* Use pointer to external store if set. */ + else if (ctx->x509_store_pt != NULL) { + ret = ctx->x509_store_pt; + } + else { + /* Return reference to store that is part of the context. */ + ret = (WOLFSSL_X509_STORE*)&ctx->x509_store; + } + + return ret; +} + +/* Set the certificate store of the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return X509 certificate store on success. + * @return NULL when ctx is NULL. + */ +void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) +{ + WOLFSSL_ENTER("wolfSSL_CTX_set_cert_store"); + + /* Validate parameters. */ + if ((ctx == NULL) || (str == NULL) || (ctx->cm == str->cm)) { + WOLFSSL_MSG("Invalid parameters"); + } + else if (wolfSSL_CertManager_up_ref(str->cm) != 1) { + WOLFSSL_MSG("wolfSSL_CertManager_up_ref error"); + } + else { + /* Free any cert manager. */ + wolfSSL_CertManagerFree(ctx->cm); + /* Free any external store. */ + wolfSSL_X509_STORE_free(ctx->x509_store_pt); + /* Set the certificate manager into context. */ + ctx->cm = str->cm; + ctx->x509_store.cm = str->cm; + ctx->x509_store.cache = str->cache; + /* Take ownership of store and free it with context free. */ + ctx->x509_store_pt = str; + /* Context has ownership and free it with context free. */ + ctx->cm->x509_store_p = ctx->x509_store_pt; + } +} + +#ifdef OPENSSL_ALL +/* Set certificate store into SSL/TLS context but don't take ownership. + * + * @param [in] ctx SSL/TLS context. + * @param [in] str Certificate store. + * @return 1 on success. + * @return 0 when ctx or str is NULL or on other error. + */ +int wolfSSL_CTX_set1_verify_cert_store(WOLFSSL_CTX* ctx, + WOLFSSL_X509_STORE* str) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_set1_verify_cert_store"); + + /* Validate parameters. */ + if ((ctx == NULL) || (str == NULL)) { + WOLFSSL_MSG("Bad parameter"); + ret = 0; + } + /* Nothing to do when store being set is the same as existing in context. */ + else if (str == CTX_STORE(ctx)) { + ret = 1; + } + /* Increase ref so we can store pointer and free it with context free. */ + else if (wolfSSL_X509_STORE_up_ref(str) != 1) { + WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); + ret = 0; + } + else { + /* Free any external store. */ + wolfSSL_X509_STORE_free(ctx->x509_store_pt); + /* Ref count increased - store pointer and free with context free. */ + ctx->x509_store_pt = str; + ret = 1; + } + + return ret; +} +#endif + + +/* Set certificate store into SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] str Certificate store. + * @param [in] ref Take a reference to passed in certificate store. + * @return 1 on success. + * @return 0 when ssl or str is NULL or on other error. + */ +static int wolfssl_set_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str, + int ref) +{ + int ret; + + WOLFSSL_ENTER("wolfssl_set_verify_cert_store"); + + /* Validate parameters. */ + if ((ssl == NULL) || (str == NULL)) { + WOLFSSL_MSG("Bad parameter"); + ret = 0; + } + /* Nothing to do when store being set is the same as existing in object. */ + else if (str == SSL_STORE(ssl)) { + ret = 1; + } + else if (ref && (wolfSSL_X509_STORE_up_ref(str) != 1)) { + WOLFSSL_MSG("wolfSSL_X509_STORE_up_ref error"); + ret = 0; + } + else { + /* Free any external store. */ + wolfSSL_X509_STORE_free(ssl->x509_store_pt); + if (str == ssl->ctx->x509_store_pt) { + /* Setting ctx store - just revert to using that instead. */ + ssl->x509_store_pt = NULL; + } + else { + /* Ref count increased - store pointer and free with object free. */ + ssl->x509_store_pt = str; + } + ret = 1; + } + + return ret; +} + +/* Set certificate store into SSL/TLS object and take ownership. + * + * @param [in] ssl SSL/TLS object. + * @param [in] str Certificate store. + * @return 1 on success. + * @return 0 when ssl or str is NULL or on other error. + */ +int wolfSSL_set0_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) +{ + WOLFSSL_ENTER("wolfSSL_set0_verify_cert_store"); + + return wolfssl_set_verify_cert_store(ssl, str, 0); +} + +/* Set certificate store into SSL/TLS object but don't take ownership. + * + * @param [in] ssl SSL/TLS object. + * @param [in] str Certificate store. + * @return 1 on success. + * @return 0 when ssl or str is NULL or on other error. + */ +int wolfSSL_set1_verify_cert_store(WOLFSSL *ssl, WOLFSSL_X509_STORE* str) +{ + WOLFSSL_ENTER("wolfSSL_set1_verify_cert_store"); + + return wolfssl_set_verify_cert_store(ssl, str, 1); +} +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ + +/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function + KEEP_OUR_CERT is to ensure ability to return ssl certificate */ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + defined(KEEP_OUR_CERT) +/* Get the certificate in the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return Certificate being sent to peer. + * @return NULL when ctx is NULL, no certificate set or on other error. + */ +WOLFSSL_X509* wolfSSL_CTX_get0_certificate(WOLFSSL_CTX* ctx) +{ + WOLFSSL_X509* ret = NULL; + + /* Validate parameters. */ + if (ctx == NULL) { + WOLFSSL_MSG("Invalid parameter"); + } + else { + /* Check if we already have a certificate allocated. */ + if (ctx->ourCert == NULL) { + /* Check if there is a raw certificate. */ + if (ctx->certificate == NULL) { + WOLFSSL_MSG("Ctx Certificate buffer not set!"); + } + #ifndef WOLFSSL_X509_STORE_CERTS + else { + /* Create a certificate object from raw data. */ + ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, + ctx->certificate->buffer, (int)ctx->certificate->length, + ctx->heap); + ctx->ownOurCert = 1; + } + #endif + } + /* Return certificate cached against SSL/TLS context. */ + ret = ctx->ourCert; + } + + return ret; +} + +/* Get the certificate in the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Certificate being sent to peer. + * @return NULL when ssl is NULL, no certificate set or on other error. + */ +WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) +{ + WOLFSSL_X509* ret = NULL; + + /* Validate parameters. */ + if (ssl == NULL) { + WOLFSSL_MSG("Invalid parameter"); + } + /* Use certificate in SSL/TLS object if we own it. */ + else if (ssl->buffers.weOwnCert) { + /* Check if we already have a certificate allocated. */ + if (ssl->ourCert == NULL) { + /* Check if ctx has ourCert set - if so, use it instead of creating + * a new X509. This maintains pointer compatibility with + * applications (like nginx OCSP stapling) that use the X509 pointer + * from SSL_CTX_use_certificate as a lookup key. */ + if (ssl->ctx != NULL && ssl->ctx->ourCert != NULL) { + /* Compare cert buffers to make sure they are the same */ + if (ssl->buffers.certificate == NULL || + ssl->buffers.certificate->buffer == NULL || + (ssl->buffers.certificate->length == + ssl->ctx->certificate->length && + XMEMCMP(ssl->buffers.certificate->buffer, + ssl->ctx->certificate->buffer, + ssl->buffers.certificate->length) == 0)) { + return ssl->ctx->ourCert; + } + } + /* We own certificate so this should never happen. */ + if (ssl->buffers.certificate == NULL) { + WOLFSSL_MSG("Certificate buffer not set!"); + } + #ifndef WOLFSSL_X509_STORE_CERTS + else { + /* Create a certificate object from raw data. */ + ssl->ourCert = wolfSSL_X509_d2i_ex(NULL, + ssl->buffers.certificate->buffer, + (int)ssl->buffers.certificate->length, ssl->heap); + } + #endif + } + /* Return certificate cached against SSL/TLS object. */ + ret = ssl->ourCert; + } + else { + /* Use any certificate in SSL/TLS context instead. */ + ret = wolfSSL_CTX_get0_certificate(ssl->ctx); + } + + return ret; +} +#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && KEEP_OUR_CERT */ + +#endif /* !NO_CERTS */ + +#endif /* !WOLFSSL_SSL_API_CERT_INCLUDED */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_crl_ocsp.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_crl_ocsp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_crl_ocsp.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_crl_ocsp.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,634 @@ +/* ssl_api_crl_ocsp.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(WOLFSSL_SSL_API_CRL_OCSP_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_api_crl_ocsp.c is not compiled separately from ssl.c + #endif +#else + +#ifndef NO_CERTS + +#ifdef HAVE_CRL + +int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, + long sz, int type) +{ + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer"); + + if (ctx == NULL) + return BAD_FUNC_ARG; + + return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type); +} + + +int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, + long sz, int type) +{ + WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer"); + + if (ssl == NULL || ssl->ctx == NULL) + return BAD_FUNC_ARG; + + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRLBuffer(SSL_CM(ssl), buff, sz, type); +} + +int wolfSSL_EnableCRL(WOLFSSL* ssl, int options) +{ + WOLFSSL_ENTER("wolfSSL_EnableCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableCRL(SSL_CM(ssl), options); + } + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_DisableCRL(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_DisableCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableCRL(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} + +#ifndef NO_FILESYSTEM +int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor) +{ + WOLFSSL_ENTER("wolfSSL_LoadCRL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRL(SSL_CM(ssl), path, type, monitor); + } + else + return BAD_FUNC_ARG; +} + +int wolfSSL_LoadCRLFile(WOLFSSL* ssl, const char* file, int type) +{ + WOLFSSL_ENTER("wolfSSL_LoadCRLFile"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerLoadCRLFile(SSL_CM(ssl), file, type); + } + else + return BAD_FUNC_ARG; +} +#endif + +int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) +{ + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_Cb(SSL_CM(ssl), cb); + } + else + return BAD_FUNC_ARG; +} + +int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx); + } + else + return BAD_FUNC_ARG; +} + +#ifdef HAVE_CRL_IO +int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) +{ + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_IOCb(SSL_CM(ssl), cb); + } + else + return BAD_FUNC_ARG; +} +#endif + +int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL"); + if (ctx) + return wolfSSL_CertManagerEnableCRL(ctx->cm, options); + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL"); + if (ctx) + return wolfSSL_CertManagerDisableCRL(ctx->cm); + else + return BAD_FUNC_ARG; +} + + +#ifndef NO_FILESYSTEM +int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, + int type, int monitor) +{ + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); + if (ctx) + return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor); + else + return BAD_FUNC_ARG; +} + +int wolfSSL_CTX_LoadCRLFile(WOLFSSL_CTX* ctx, const char* file, + int type) +{ + WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); + if (ctx) + return wolfSSL_CertManagerLoadCRLFile(ctx->cm, file, type); + else + return BAD_FUNC_ARG; +} +#endif + + +int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb); + else + return BAD_FUNC_ARG; +} + +int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx); + else + return BAD_FUNC_ARG; +} + +#ifdef HAVE_CRL_IO +int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb); + else + return BAD_FUNC_ARG; +} +#endif + +#endif /* HAVE_CRL */ + + +#ifdef HAVE_OCSP +int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options) +{ + WOLFSSL_ENTER("wolfSSL_EnableOCSP"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableOCSP(SSL_CM(ssl), options); + } + else + return BAD_FUNC_ARG; +} + +int wolfSSL_DisableOCSP(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_DisableOCSP"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableOCSP(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerEnableOCSPStapling(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} + +int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerDisableOCSPStapling(SSL_CM(ssl)); + } + else + return BAD_FUNC_ARG; +} +int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetOCSPOverrideURL(SSL_CM(ssl), url); + } + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, + CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */ + return wolfSSL_CertManagerSetOCSP_Cb(SSL_CM(ssl), + ioCb, respFreeCb, NULL); + } + else + return BAD_FUNC_ARG; +} + +int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP"); + if (ctx) + return wolfSSL_CertManagerEnableOCSP(ctx->cm, options); + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP"); + if (ctx) + return wolfSSL_CertManagerDisableOCSP(ctx->cm); + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url) +{ + WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL"); + if (ctx) + return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url); + else + return BAD_FUNC_ARG; +} + + +int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, + CbOCSPRespFree respFreeCb, void* ioCbCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb"); + if (ctx) + return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, + respFreeCb, ioCbCtx); + else + return BAD_FUNC_ARG; +} + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; +} + +int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling"); + if (ctx) + return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm); + else + return BAD_FUNC_ARG; +} +int wolfSSL_CTX_EnableOCSPMustStaple(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPMustStaple"); + if (ctx) + return wolfSSL_CertManagerEnableOCSPMustStaple(ctx->cm); + else + return BAD_FUNC_ARG; +} + +int wolfSSL_CTX_DisableOCSPMustStaple(WOLFSSL_CTX* ctx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPMustStaple"); + if (ctx) + return wolfSSL_CertManagerDisableOCSPMustStaple(ctx->cm); + else + return BAD_FUNC_ARG; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || \ + * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +/* Not an OpenSSL API. */ +int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response) +{ + *response = ssl->ocspCsrResp[0].buffer; + return ssl->ocspCsrResp[0].length; +} + +/* Not an OpenSSL API. */ +char* wolfSSL_get_ocsp_url(WOLFSSL* ssl) +{ + return ssl->url; +} + +/* Not an OpenSSL API. */ +int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) +{ + if (ssl == NULL) + return WOLFSSL_FAILURE; + + ssl->url = url; + return WOLFSSL_SUCCESS; +} +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#if !defined(NO_ASN_TIME) +int wolfSSL_get_ocsp_producedDate( + WOLFSSL *ssl, + byte *producedDate, + size_t producedDate_space, + int *producedDateFormat) +{ + if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && + (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) + return BAD_FUNC_ARG; + + if ((producedDate == NULL) || (producedDateFormat == NULL)) + return BAD_FUNC_ARG; + + if (XSTRLEN((char *)ssl->ocspProducedDate) >= producedDate_space) + return BUFFER_E; + + XSTRNCPY((char *)producedDate, (const char *)ssl->ocspProducedDate, + producedDate_space); + *producedDateFormat = ssl->ocspProducedDateFormat; + + return 0; +} + +int wolfSSL_get_ocsp_producedDate_tm(WOLFSSL *ssl, struct tm *produced_tm) { + int idx = 0; + + if ((ssl->ocspProducedDateFormat != ASN_UTC_TIME) && + (ssl->ocspProducedDateFormat != ASN_GENERALIZED_TIME)) + return BAD_FUNC_ARG; + + if (produced_tm == NULL) + return BAD_FUNC_ARG; + + if (ExtractDate(ssl->ocspProducedDate, + (unsigned char)ssl->ocspProducedDateFormat, produced_tm, &idx, + MAX_DATE_SIZE)) + return 0; + else + return ASN_PARSE_E; +} +#endif /* !NO_ASN_TIME */ +#endif /* HAVE_OCSP */ + +#if !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + +int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options) +{ + WOLFSSL_ENTER("wolfSSL_UseOCSPStapling"); + + if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, + options, NULL, ssl->heap, ssl->devId); +} + + +int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type, + byte options) +{ + WOLFSSL_ENTER("wolfSSL_CTX_UseOCSPStapling"); + + if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type, + options, NULL, ctx->heap, ctx->devId); +} + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + +int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options) +{ + if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type, + options, ssl->heap, ssl->devId); +} + + +int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type, + byte options) +{ + if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) + return BAD_FUNC_ARG; + + return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type, + options, ctx->heap, ctx->devId); +} + +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ +#endif /* !NO_TLS && !NO_WOLFSSL_CLIENT */ + +#ifdef OPENSSL_EXTRA +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) +{ + WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); + + if (s == NULL){ + return BAD_FUNC_ARG; + } + + if (type == WOLFSSL_TLSEXT_STATUSTYPE_ocsp){ + int r = TLSX_UseCertificateStatusRequest(&s->extensions, (byte)type, 0, + s, s->heap, s->devId); + return (long)r; + } else { + WOLFSSL_MSG( + "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); + return WOLFSSL_FAILURE; + } + +} + +long wolfSSL_get_tlsext_status_type(WOLFSSL *s) +{ + TLSX* extension; + + if (s == NULL) + return WOLFSSL_FATAL_ERROR; + extension = TLSX_Find(s->extensions, TLSX_STATUS_REQUEST); + return (extension != NULL) ? WOLFSSL_TLSEXT_STATUSTYPE_ocsp : + WOLFSSL_FATAL_ERROR; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +int wolfSSL_CTX_get_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb* cb) +{ + if (ctx == NULL || ctx->cm == NULL || cb == NULL) + return WOLFSSL_FAILURE; + +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + if (ctx->cm->ocsp_stapling == NULL) + return WOLFSSL_FAILURE; + + *cb = ctx->cm->ocsp_stapling->statusCb; +#else + (void)cb; + *cb = NULL; +#endif + + return WOLFSSL_SUCCESS; + +} + +int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, tlsextStatusCb cb) +{ + if (ctx == NULL || ctx->cm == NULL) + return WOLFSSL_FAILURE; + +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + /* Ensure stapling is on for callback to be used. */ + wolfSSL_CTX_EnableOCSPStapling(ctx); + + if (ctx->cm->ocsp_stapling == NULL) + return WOLFSSL_FAILURE; + + ctx->cm->ocsp_stapling->statusCb = cb; +#else + (void)cb; +#endif + + return WOLFSSL_SUCCESS; +} + +long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg) +{ + if (ctx == NULL || ctx->cm == NULL) + return WOLFSSL_FAILURE; + +#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + /* Ensure stapling is on for callback to be used. */ + wolfSSL_CTX_EnableOCSPStapling(ctx); + + if (ctx->cm->ocsp_stapling == NULL) + return WOLFSSL_FAILURE; + + ctx->cm->ocsp_stapling->statusCbArg = arg; +#else + (void)arg; +#endif + + return WOLFSSL_SUCCESS; +} + +long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char **resp) +{ + if (ssl == NULL || resp == NULL) + return 0; + + *resp = ssl->ocspCsrResp[0].buffer; + return (long)ssl->ocspCsrResp[0].length; +} + +long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *ssl, unsigned char *resp, + int len) +{ + return wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, resp, len, 0); +} + +int wolfSSL_set_tlsext_status_ocsp_resp_multi(WOLFSSL* ssl, unsigned char *resp, + int len, word32 idx) +{ + if (ssl == NULL || idx >= XELEM_CNT(ssl->ocspCsrResp) || len < 0) + return WOLFSSL_FAILURE; + if (!((resp == NULL) ^ (len > 0))) + return WOLFSSL_FAILURE; + + XFREE(ssl->ocspCsrResp[idx].buffer, NULL, 0); + ssl->ocspCsrResp[idx].buffer = resp; + ssl->ocspCsrResp[idx].length = (word32)len; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_WOLFSSL_SERVER +void wolfSSL_CTX_set_ocsp_status_verify_cb(WOLFSSL_CTX* ctx, + ocspVerifyStatusCb cb, void* cbArg) +{ + if (ctx != NULL) { + ctx->ocspStatusVerifyCb = cb; + ctx->ocspStatusVerifyCbArg = cbArg; + } +} +#endif /* NO_WOLFSSL_SERVER */ +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST || + * HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + +#endif /* !NO_CERTS */ + +#endif /* !WOLFSSL_SSL_API_CRL_OCSP_INCLUDED */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_pk.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_pk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_api_pk.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_api_pk.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1609 @@ +/* ssl_api_pk.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(WOLFSSL_SSL_API_PK_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_api_pk.c is not compiled separately from ssl.c + #endif +#else + +#ifndef NO_CERTS + +#ifndef NO_CHECK_PRIVATE_KEY + +#ifdef WOLF_PRIVATE_KEY_ID +/* Check priv against pub for match using external device with given devId + * + * @param [in] keyOID Public key OID. + * @param [in] privKey Private key data. + * @param [in] privSz Length of private key data in bytes. + * @param [in] pubKey Public key data. + * @param [in] pubSz Length of public key data in bytes. + * @param [in] label Key data is a hardware label. + * @param [in] id Key data is a hardware id. + * @param [in] heap Heap hint for dynamic memory allocation. + * @param [in] devId Device Id. + * @return 0 on success. + * @return MISSING_KEY when privKey is NULL. + * @return Other negative value on error. + */ +static int check_cert_key_dev(word32 keyOID, byte* privKey, word32 privSz, + const byte* pubKey, word32 pubSz, int label, int id, void* heap, int devId) +{ + int ret = 0; + int type = 0; + void *pkey = NULL; + + if (privKey == NULL) { + ret = MISSING_KEY; + } + else { + switch (keyOID) { + #ifndef NO_RSA + case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + type = DYNAMIC_TYPE_RSA; + break; + #endif + #ifdef HAVE_ECC + case ECDSAk: + type = DYNAMIC_TYPE_ECC; + break; + #endif + #if defined(HAVE_DILITHIUM) + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + case DILITHIUM_LEVEL3k: + case DILITHIUM_LEVEL5k: + #endif + type = DYNAMIC_TYPE_DILITHIUM; + break; + #endif + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + case FALCON_LEVEL5k: + type = DYNAMIC_TYPE_FALCON; + break; + #endif + } + + ret = CreateDevPrivateKey(&pkey, privKey, privSz, type, label, id, heap, + devId); + } +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + switch (keyOID) { + #ifndef NO_RSA + case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, pubKey, pubSz); + break; + #endif + #ifdef HAVE_ECC + case ECDSAk: + ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, pubKey, + pubSz); + break; + #endif + #if defined(HAVE_DILITHIUM) + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + case DILITHIUM_LEVEL3k: + case DILITHIUM_LEVEL5k: + #endif + ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, + WC_PQC_SIG_TYPE_DILITHIUM, pubKey, pubSz); + break; + #endif + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + case FALCON_LEVEL5k: + ret = wc_CryptoCb_PqcSignatureCheckPrivKey(pkey, + WC_PQC_SIG_TYPE_FALCON, pubKey, pubSz); + break; + #endif + default: + ret = 0; + } + } +#else + /* devId was set, don't check, for now */ + /* TODO: Add callback for private key check? */ + (void) pubKey; + (void) pubSz; +#endif + + switch (keyOID) { + #ifndef NO_RSA + case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + wc_FreeRsaKey((RsaKey*)pkey); + break; + #endif + #ifdef HAVE_ECC + case ECDSAk: + wc_ecc_free((ecc_key*)pkey); + break; + #endif + #if defined(HAVE_DILITHIUM) + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + case DILITHIUM_LEVEL3k: + case DILITHIUM_LEVEL5k: + #endif + wc_dilithium_free((dilithium_key*)pkey); + break; + #endif + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + case FALCON_LEVEL5k: + wc_falcon_free((falcon_key*)pkey); + break; + #endif + default: + WC_DO_NOTHING; + } + XFREE(pkey, heap, type); + + return ret; +} +#endif /* WOLF_PRIVATE_KEY_ID */ + +/* Check private against public in certificate for match. + * + * @param [in] cert DER encoded certificate. + * @param [in] key DER encoded private key. + * @param [in] altKey Alternative DER encoded key. + * @param [in] heap Heap hint for dynamic memory allocation. + * @param [in] devId Device Id. + * @param [in] isKeyLabel Whether key is label. + * @param [in] isKeyId Whether key is an id. + * @param [in] altDevId Alternative key's device id. + * @param [in] isAltKeyLabel Is alternative key a label. + * @param [in] isAltKeyId Is alternative key an id. + * @return 1 on success. + * @return 0 on failure. + * @return MEMORY_E when memory allocation fails. + */ +static int check_cert_key(const DerBuffer* cert, const DerBuffer* key, + const DerBuffer* altKey, void* heap, int devId, int isKeyLabel, int isKeyId, + int altDevId, int isAltKeyLabel, int isAltKeyId) +{ + WC_DECLARE_VAR(der, DecodedCert, 1, 0); + word32 size; + byte* buff; + int ret = 1; + + WOLFSSL_ENTER("check_cert_key"); + + /* Validate parameters. */ + if ((cert == NULL) || (key == NULL)) { + return 0; + } + if (ret == 1) { + /* Make a decoded certificate object available. */ + WC_ALLOC_VAR_EX(der, DecodedCert, 1, heap, DYNAMIC_TYPE_DCERT, + return MEMORY_E); + } + + if (ret == 1) { + /* Decode certificate. */ + InitDecodedCert_ex(der, cert->buffer, cert->length, heap, devId); + /* Parse certificate. */ + if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { + ret = 0; + } + } + + if (ret == 1) { + buff = key->buffer; + size = key->length; + #ifdef WOLF_PRIVATE_KEY_ID + if (devId != INVALID_DEVID) { + ret = check_cert_key_dev(der->keyOID, buff, size, der->publicKey, + der->pubKeySize, isKeyLabel, isKeyId, heap, devId); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + ret = (ret == 0) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; + } + } + else { + /* fall through if unavailable */ + ret = CRYPTOCB_UNAVAILABLE; + } + + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + #endif /* WOLF_PRIVATE_KEY_ID */ + { + ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); + if (ret != 1) { + ret = 0; + } + } + + #ifdef WOLFSSL_DUAL_ALG_CERTS + if ((ret == 1) && der->extSapkiSet && (der->sapkiDer != NULL)) { + /* Certificate contains an alternative public key. Hence, we also + * need an alternative private key. */ + if (altKey == NULL) { + ret = MISSING_KEY; + buff = NULL; + size = 0; + } + else { + size = altKey->length; + buff = altKey->buffer; + } + #ifdef WOLF_PRIVATE_KEY_ID + if (altDevId != INVALID_DEVID) { + /* We have to decode the public key first */ + /* Default to max pub key size. */ + word32 pubKeyLen = MAX_PUBLIC_KEY_SZ; + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (decodedPubKey == NULL) { + ret = MEMORY_E; + } + if (ret == WOLFSSL_SUCCESS) { + if ((der->sapkiOID == RSAk) || (der->sapkiOID == ECDSAk)) { + /* Simply copy the data */ + XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); + pubKeyLen = der->sapkiLen; + ret = 0; + } + else { + #if defined(WC_ENABLE_ASYM_KEY_IMPORT) + word32 idx = 0; + ret = DecodeAsymKeyPublic(der->sapkiDer, &idx, + der->sapkiLen, decodedPubKey, + &pubKeyLen, der->sapkiOID); + #else + ret = NOT_COMPILED_IN; + #endif /* WC_ENABLE_ASYM_KEY_IMPORT */ + } + } + if (ret == 0) { + ret = check_cert_key_dev(der->sapkiOID, buff, size, + decodedPubKey, pubKeyLen, isAltKeyLabel, isAltKeyId, + heap, altDevId); + } + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + ret = (ret == 0) ? 1: 0; + } + } + else { + /* fall through if unavailable */ + ret = CRYPTOCB_UNAVAILABLE; + } + + if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + #else + if (ret == 1) + #endif /* WOLF_PRIVATE_KEY_ID */ + { + ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); + if (ret != 1) { + ret = 0; + } + } + } + #endif /* WOLFSSL_DUAL_ALG_CERTS */ + } + + FreeDecodedCert(der); + WC_FREE_VAR_EX(der, heap, DYNAMIC_TYPE_DCERT); + + (void)devId; + (void)isKeyLabel; + (void)isKeyId; + (void)altKey; + (void)altDevId; + (void)isAltKeyLabel; + (void)isAltKeyId; + + return ret; +} + +/* Check private against public in certificate for match + * + * @param [in] ctx SSL/TLS context with a private key and certificate. + * + * @return 1 on good private key + * @return 0 if mismatched. + */ +int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) +{ + int res = 1; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer *privateKey; +#ifdef WOLFSSL_DUAL_ALG_CERTS + DerBuffer *altPrivateKey; +#endif +#else + const DerBuffer *privateKey; +#ifdef WOLFSSL_DUAL_ALG_CERTS + const DerBuffer *altPrivateKey; +#endif +#endif + + /* Validate parameter. */ + if (ctx == NULL) { + res = 0; + } + else { +#ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Unblind private keys. */ + privateKey = wolfssl_priv_der_unblind(ctx->privateKey, + ctx->privateKeyMask); + if (privateKey == NULL) { + res = 0; + } + if (ctx->altPrivateKey != NULL) { + altPrivateKey = wolfssl_priv_der_unblind(ctx->altPrivateKey, + ctx->altPrivateKeyMask); + if (altPrivateKey == NULL) { + res = 0; + } + } + else { + altPrivateKey = NULL; + } + #else + privateKey = ctx->privateKey; + altPrivateKey = ctx->altPrivateKey; + #endif + if (res == 1) { + /* Check certificate and private keys. */ + res = check_cert_key(ctx->certificate, privateKey, altPrivateKey, + ctx->heap, ctx->privateKeyDevId, ctx->privateKeyLabel, + ctx->privateKeyId, ctx->altPrivateKeyDevId, + ctx->altPrivateKeyLabel, ctx->altPrivateKeyId) != 0; + } + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Dispose of the unblinded buffers. */ + wolfssl_priv_der_unblind_free(privateKey); + wolfssl_priv_der_unblind_free(altPrivateKey); + #endif +#else + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Unblind private key. */ + privateKey = wolfssl_priv_der_unblind(ctx->privateKey, + ctx->privateKeyMask); + if (privateKey == NULL) { + res = 0; + } + #else + privateKey = ctx->privateKey; + #endif + if (res == WOLFSSL_SUCCESS) { + /* Check certificate and private key. */ + res = check_cert_key(ctx->certificate, privateKey, NULL, ctx->heap, + ctx->privateKeyDevId, ctx->privateKeyLabel, ctx->privateKeyId, + INVALID_DEVID, 0, 0); + } + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Dispose of the unblinded buffer. */ + wolfssl_priv_der_unblind_free(privateKey); + #endif +#endif + } + + /* Place error into queue for Python port. */ + if (res != 1) { + WOLFSSL_ERROR(WC_KEY_MISMATCH_E); + } + + return res; +} + +#ifdef OPENSSL_EXTRA +/* Check private against public in certificate for match. + * + * @param [in] ssl SSL/TLS object with a private key and certificate. + * + * @return 1 on good private key + * @return 0 if mismatched. + */ +int wolfSSL_check_private_key(const WOLFSSL* ssl) +{ + int res = 1; +#ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer *privateKey; +#ifdef WOLFSSL_DUAL_ALG_CERTS + DerBuffer *altPrivateKey; +#endif +#else + const DerBuffer *privateKey; +#ifdef WOLFSSL_DUAL_ALG_CERTS + const DerBuffer *altPrivateKey; +#endif +#endif + + /* Validate parameter. */ + if (ssl == NULL) { + res = 0; + } + else { +#ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Unblind private keys. */ + privateKey = wolfssl_priv_der_unblind(ssl->buffers.key, + ssl->buffers.keyMask); + if (privateKey == NULL) { + res = 0; + } + if (ssl->buffers.altKey != NULL) { + altPrivateKey = wolfssl_priv_der_unblind(ssl->buffers.altKey, + ssl->buffers.altKeyMask); + if (altPrivateKey == NULL) { + res = 0; + } + } + else { + altPrivateKey = NULL; + } + #else + privateKey = ssl->buffers.key; + altPrivateKey = ssl->buffers.altKey; + #endif + if (res == 1) { + /* Check certificate and private keys. */ + res = check_cert_key(ssl->buffers.certificate, privateKey, + altPrivateKey, ssl->heap, ssl->buffers.keyDevId, + ssl->buffers.keyLabel, ssl->buffers.keyId, + ssl->buffers.altKeyDevId, ssl->buffers.altKeyLabel, + ssl->buffers.altKeyId); + } + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Dispose of the unblinded buffers. */ + wolfssl_priv_der_unblind_free(privateKey); + wolfssl_priv_der_unblind_free(altPrivateKey); + #endif +#else + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Unblind private key. */ + privateKey = wolfssl_priv_der_unblind(ssl->buffers.key, + ssl->buffers.keyMask); + if (privateKey == NULL) { + res = 0; + } + #else + privateKey = ssl->buffers.key; + #endif + if (res == 1) { + /* Check certificate and private key. */ + res = check_cert_key(ssl->buffers.certificate, privateKey, NULL, + ssl->heap, ssl->buffers.keyDevId, ssl->buffers.keyLabel, + ssl->buffers.keyId, INVALID_DEVID, 0, 0); + } + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + /* Dispose of the unblinded buffer. */ + wolfssl_priv_der_unblind_free(privateKey); + #endif +#endif + } + + return res; +} +#endif /* OPENSSL_EXTRA */ +#endif /* !NO_CHECK_PRIVATE_KEY */ + + +#ifdef OPENSSL_ALL +/** + * Return the private key of the SSL/TLS context. + * + * The caller doesn *NOT*` free the returned object. + * + * Note, even though the supplied ctx pointer is designated const, on success + * ctx->privateKeyPKey is changed by this call. The change is done safely using + * a hardware-synchronized store. + * + * @param [in] ctx SSL/TLS context. + * @return A WOFLSSL_EVP_PKEY on success. + * @return NULL on error. + */ +WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) +{ + WOLFSSL_EVP_PKEY* res = NULL; + const unsigned char *key; + int type = WC_EVP_PKEY_NONE; + + WOLFSSL_ENTER("wolfSSL_CTX_get0_privatekey"); + + if ((ctx == NULL) || (ctx->privateKey == NULL) || + (ctx->privateKey->buffer == NULL)) { + WOLFSSL_MSG("Bad parameter or key not set"); + } + else { + switch (ctx->privateKeyType) { + #ifndef NO_RSA + case rsa_sa_algo: + type = WC_EVP_PKEY_RSA; + break; + #endif + #ifdef HAVE_ECC + case ecc_dsa_sa_algo: + type = WC_EVP_PKEY_EC; + break; + #endif + #ifdef WOLFSSL_SM2 + case sm2_sa_algo: + type = WC_EVP_PKEY_EC; + break; + #endif + default: + /* Other key types not supported either as ssl private keys + * or in the EVP layer */ + WOLFSSL_MSG("Unsupported key type"); + } + } + + if (type != WC_EVP_PKEY_NONE) { + if (ctx->privateKeyPKey != NULL) { + res = ctx->privateKeyPKey; + } + else { + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + DerBuffer* unblinded_privateKey = wolfssl_priv_der_unblind( + ctx->privateKey, ctx->privateKeyMask); + if (unblinded_privateKey != NULL) { + key = unblinded_privateKey->buffer; + } + else { + key = NULL; + } + #else + key = ctx->privateKey->buffer; + #endif + if (key != NULL) { + res = wolfSSL_d2i_PrivateKey(type, NULL, &key, + (long)ctx->privateKey->length); + #ifdef WOLFSSL_BLIND_PRIVATE_KEY + wolfssl_priv_der_unblind_free(unblinded_privateKey); + #endif + } + if (res != NULL) { + #ifdef WOLFSSL_ATOMIC_OPS + WOLFSSL_EVP_PKEY *current_pkey = NULL; + if (!wolfSSL_Atomic_Ptr_CompareExchange( + (void * volatile *)&ctx->privateKeyPKey, + (void **)¤t_pkey, res)) { + wolfSSL_EVP_PKEY_free(res); + res = current_pkey; + } + #else + ((WOLFSSL_CTX *)ctx)->privateKeyPKey = res; + #endif + } + } + } + + return res; +} +#endif /* OPENSSL_ALL */ + +#ifdef HAVE_ECC + +/* Set size, in bytes, of temporary ECDHE key into SSL/TLS context. + * + * Values can be: 14 - 66 (112 - 521 bit) + * Uses the private key length if sz is 0. + * + * @param [in] ctx SSL/TLS context. + * @param [in] sz Size of EC key in bytes. + * @return 1 on success. + * @return BAD_FUNC_ARG when ctx is NULL or sz is invalid. + */ +int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz) +{ + int ret = 0; + + WOLFSSL_ENTER("wolfSSL_CTX_SetTmpEC_DHE_Sz"); + + /* Validate parameters. */ + if (ctx == NULL) { + ret = BAD_FUNC_ARG; + } + /* If size is 0 then get value from loaded private key. */ + else if (sz == 0) { + /* Applies only to ECDSA. */ + if (ctx->privateKeyType != ecc_dsa_sa_algo) { + ret = 1; + } + /* Must have a key set. */ + else if (ctx->privateKeySz == 0) { + WOLFSSL_MSG("Must set private key/cert first"); + ret = BAD_FUNC_ARG; + } + else { + sz = (word16)ctx->privateKeySz; + } + } + if (ret == 0) { + /* Check size against bounds. */ + #if ECC_MIN_KEY_SZ > 0 + if (sz < ECC_MINSIZE) { + ret = BAD_FUNC_ARG; + } + else + #endif + if (sz > ECC_MAXSIZE) { + ret = BAD_FUNC_ARG; + } + else { + /* Store the size requested. */ + ctx->eccTempKeySz = sz; + ret = 1; + } + } + + return ret; +} + + +/* Set size, in bytes, of temporary ECDHE key into SSL/TLS object. + * + * Values can be: 14 - 66 (112 - 521 bit) + * Uses the private key length if sz is 0. + * + * @param [in] ssl SSL/TLS object. + * @param [in] sz Size of EC key in bytes. + * @return 1 on success. + * @return BAD_FUNC_ARG when ssl is NULL or sz is invalid. + */ +int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz) +{ + int ret = 1; + + WOLFSSL_ENTER("wolfSSL_SetTmpEC_DHE_Sz"); + + /* Validate parameters. */ + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + /* Check size against bounds. */ +#if ECC_MIN_KEY_SZ > 0 + else if (sz < ECC_MINSIZE) { + ret = BAD_FUNC_ARG; + } +#endif + else if (sz > ECC_MAXSIZE) { + ret = BAD_FUNC_ARG; + } + else { + /* Store the size requested. */ + ssl->eccTempKeySz = sz; + } + + return ret; +} + +#endif /* HAVE_ECC */ + +#ifdef HAVE_PK_CALLBACKS + +#ifdef HAVE_ECC +/* Set the ECC key generation callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb ECC key generation callback. + */ +void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb) +{ + if (ctx != NULL) { + ctx->EccKeyGenCb = cb; + } +} +/* Set the context for ECC key generation callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for ECC key generation callback. + */ +void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->EccKeyGenCtx = ctx; + } +} +/* Get the context for ECC key generation callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for ECC key generation callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->EccKeyGenCtx; + } + + return ret; +} +/* Set the context for ECC sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] userCtx Context for ECC sign callback. + */ +void wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX* ctx, void *userCtx) +{ + if (ctx != NULL) { + ctx->EccSignCtx = userCtx; + } +} +/* Get the context for ECC sign callback from the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @return Context for ECC sign for callback. + * @return NULL when ctx is NULL. + */ +void* wolfSSL_CTX_GetEccSignCtx(WOLFSSL_CTX* ctx) +{ + void* ret; + + if (ctx == NULL) { + ret = NULL; + } + else { + ret = ctx->EccSignCtx; + } + + return ret; +} + +/* Set the ECC sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb ECC sign callback. + */ +WOLFSSL_ABI void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) +{ + if (ctx != NULL) { + ctx->EccSignCb = cb; + } +} +/* Set the context for ECC sign callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for ECC sign callback. + */ +void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->EccSignCtx = ctx; + } +} +/* Get the context for ECC sign callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for ECC sign for callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->EccSignCtx; + } + + return ret; +} + +/* Set the ECC verify callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb ECC verify callback. + */ +void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb) +{ + if (ctx != NULL) { + ctx->EccVerifyCb = cb; + } +} +/* Set the context for ECC verify callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for ECC verify callback. + */ +void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->EccVerifyCtx = ctx; + } +} +/* Get the context for ECC verify callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for ECC verify for callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->EccVerifyCtx; + } + + return ret; +} + +/* Set the ECC shared secret callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb ECC shared secret callback. + */ +void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, + CallbackEccSharedSecret cb) +{ + if (ctx != NULL) { + ctx->EccSharedSecretCb = cb; + } +} +/* Set the context for ECC shared secret callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for ECC shared secret callback. + */ +void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->EccSharedSecretCtx = ctx; + } +} +/* Get the context for ECC shared secret callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for ECC shared secret callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->EccSharedSecretCtx; + } + + return ret; +} +#endif /* HAVE_ECC */ + +#ifdef HAVE_ED25519 +/* Set the Ed25519 sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb Ed25519 sign callback. + */ +void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb) +{ + if (ctx != NULL) { + ctx->Ed25519SignCb = cb; + } +} +/* Set the context for Ed25519 sign callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for Ed25519 sign callback. + */ +void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->Ed25519SignCtx = ctx; + } +} +/* Get the context for Ed25519 sign callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for Ed25519 sign callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->Ed25519SignCtx; + } + + return ret; +} + +/* Set the Ed25519 verify callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb Ed25519 verify callback. + */ +void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb) +{ + if (ctx != NULL) { + ctx->Ed25519VerifyCb = cb; + } +} +/* Set the context for Ed25519 verify callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for Ed25519 verify callback. + */ +void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->Ed25519VerifyCtx = ctx; + } +} +/* Get the context for Ed25519 verify callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for Ed25519 verify callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->Ed25519VerifyCtx; + } + + return ret; +} +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE25519 +/* Set the X25519 key generation callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb X25519 key generation callback. + */ +void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, CallbackX25519KeyGen cb) +{ + if (ctx != NULL) { + ctx->X25519KeyGenCb = cb; + } +} +/* Set the context for X25519 key generation callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for X25519 key generation callback. + */ +void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->X25519KeyGenCtx = ctx; + } +} +/* Get the context for X25519 key generation callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for X25519 key generation callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->X25519KeyGenCtx; + } + + return ret; +} + +/* Set the X25519 shared secret callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb X25519 shared secret callback. + */ +void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX25519SharedSecret cb) +{ + if (ctx != NULL) { + ctx->X25519SharedSecretCb = cb; + } +} +/* Set the context for X25519 shared secret callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for X25519 shared secret callback. + */ +void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->X25519SharedSecretCtx = ctx; + } +} +/* Get the context for X25519 shared secret callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for X25519 shared secret callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->X25519SharedSecretCtx; + } + + return ret; +} +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED448 +/* Set the Ed448 sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb Ed448 sign callback. + */ +void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb) +{ + if (ctx != NULL) { + ctx->Ed448SignCb = cb; + } +} +/* Set the context for Ed448 sign callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for Ed448 sign callback. + */ +void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->Ed448SignCtx = ctx; + } +} +/* Get the context for Ed448 sign callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for Ed448 sign callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->Ed448SignCtx; + } + + return ret; +} + +/* Set the Ed448 verify callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb Ed448 verify callback. + */ +void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb) +{ + if (ctx != NULL) { + ctx->Ed448VerifyCb = cb; + } +} +/* Set the context for Ed448 verify callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for Ed448 verify callback. + */ +void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->Ed448VerifyCtx = ctx; + } +} +/* Get the context for Ed448 verify callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for Ed448 verify callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->Ed448VerifyCtx; + } + + return ret; +} +#endif /* HAVE_ED448 */ + +#ifdef HAVE_CURVE448 +/* Set the X448 key generation callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb X448 key generation callback. + */ +void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx, + CallbackX448KeyGen cb) +{ + if (ctx != NULL) { + ctx->X448KeyGenCb = cb; + } +} +/* Set the context for X448 key generation callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for X448 key generation callback. + */ +void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->X448KeyGenCtx = ctx; + } +} +/* Get the context for X448 key generation callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for X448 key generation callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->X448KeyGenCtx; + } + + return ret; +} + +/* Set the X448 shared secret callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb X448 shared secret callback. + */ +void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx, + CallbackX448SharedSecret cb) +{ + if (ctx != NULL) { + ctx->X448SharedSecretCb = cb; + } +} +/* Set the context for X448 shared secret callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for X448 shared secret callback. + */ +void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->X448SharedSecretCtx = ctx; + } +} +/* Get the context for X448 shared secret callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for X448 shared secret callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->X448SharedSecretCtx; + } + + return ret; +} +#endif /* HAVE_CURVE448 */ + +#ifndef NO_RSA +/* Set the RSA sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA sign callback. + */ +void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb) +{ + if (ctx != NULL) { + ctx->RsaSignCb = cb; + } +} +/* Set the RSA sign check callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA sign check callback. + */ +void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) +{ + if (ctx != NULL) { + ctx->RsaSignCheckCb = cb; + } +} +/* Set the context for RSA sign callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA sign callback. + */ +void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaSignCtx = ctx; + } +} +/* Get the context for RSA sign callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA sign callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaSignCtx; + } + + return ret; +} + +/* Set the RSA verify callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA verify callback. + */ +void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) +{ + if (ctx != NULL) { + ctx->RsaVerifyCb = cb; + } +} +/* Set the context for RSA verify callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA verify callback. + */ +void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaVerifyCtx = ctx; + } +} +/* Get the context for RSA verify callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA verify callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaVerifyCtx; + } + + return ret; +} + +#ifdef WC_RSA_PSS +/* Set the RSA PSS sign callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA PSS sign callback. + */ +void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb) +{ + if (ctx != NULL) { + ctx->RsaPssSignCb = cb; + } +} +/* Set the RSA PSS sign check callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA PSS sign check callback. + */ +void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, + CallbackRsaPssVerify cb) +{ + if (ctx != NULL) { + ctx->RsaPssSignCheckCb = cb; + } +} +/* Set the context for RSA PSS sign callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA PSS sign callback. + */ +void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaPssSignCtx = ctx; + } +} +/* Get the context for RSA PSS sign callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA PSS sign callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaPssSignCtx; + } + + return ret; +} + +/* Set the RSA PSS verify callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA PSS verify callback. + */ +void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) +{ + if (ctx != NULL) { + ctx->RsaPssVerifyCb = cb; + } +} +/* Set the context for RSA PSS verify callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA PSS verify callback. + */ +void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaPssVerifyCtx = ctx; + } +} +/* Get the context for RSA PSS verify callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA PSS verify callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaPssVerifyCtx; + } + + return ret; +} +#endif /* WC_RSA_PSS */ + +/* Set the RSA encrypt callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA encrypt callback. + */ +void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb) +{ + if (ctx != NULL) { + ctx->RsaEncCb = cb; + } +} +/* Set the context for RSA encrypt callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA encrypt callback. + */ +void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaEncCtx = ctx; + } +} +/* Get the context for RSA encrypt callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA encrypt callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaEncCtx; + } + + return ret; +} + +/* Set the RSA decrypt callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb RSA decrypt callback. + */ +void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb) +{ + if (ctx != NULL) { + ctx->RsaDecCb = cb; + } +} +/* Set the context for RSA decrypt callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for RSA decrypt callback. + */ +void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->RsaDecCtx = ctx; + } +} +/* Get the context for RSA decrypt callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for RSA decrypt callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->RsaDecCtx; + } + + return ret; +} +#endif /* NO_RSA */ + +#endif /* HAVE_PK_CALLBACKS */ + +#endif /* !NO_CERTS */ + +#if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH) +/* Set the DH key pair generation callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb DH key pair generation callback. + */ +void wolfSSL_CTX_SetDhGenerateKeyPair(WOLFSSL_CTX* ctx, + CallbackDhGenerateKeyPair cb) +{ + if (ctx != NULL) { + ctx->DhGenerateKeyPairCb = cb; + } +} +/* Set the DH key agree callback into the SSL/TLS context. + * + * @param [in] ctx SSL/TLS context. + * @param [in] cb DH key agree callback. + */ +void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb) +{ + if (ctx != NULL) { + ctx->DhAgreeCb = cb; + } +} +/* Set the context for DH key agree callback into the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @param [in] ctx Context for DH key agree callback. + */ +void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx) +{ + if (ssl != NULL) { + ssl->DhAgreeCtx = ctx; + } +} +/* Get the context for DH key ageww callback from the SSL/TLS object. + * + * @param [in] ssl SSL/TLS object. + * @return Context for DH key agree callback. + * @return NULL when ssl is NULL. + */ +void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) +{ + void* ret; + + if (ssl == NULL) { + ret = NULL; + } + else { + ret = ssl->DhAgreeCtx; + } + + return ret; +} +#endif /* HAVE_PK_CALLBACKS && !NO_DH */ + +#endif /* !WOLFSSL_SSL_API_PK_INCLUDED */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_asn1.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_asn1.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_asn1.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_asn1.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_asn1.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -395,7 +395,6 @@ { int ret = 1; int len = 0; - byte* buf = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d"); @@ -408,6 +407,7 @@ ret = 0; if ((ret == 1) && (dest != NULL)) { + byte* buf = NULL; if (*dest == NULL) { buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (buf == NULL) @@ -428,11 +428,11 @@ else *dest += len; } + if (ret == 0 && *dest == NULL) + XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); } if (ret == 0) { - if (*dest == NULL) - XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); len = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len); @@ -722,7 +722,8 @@ * ASN1_BIT_STRING APIs ******************************************************************************/ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_WPAS_SMALL) /* Create a new ASN.1 BIT_STRING object. * * @return ASN.1 BIT_STRING object on success. @@ -999,6 +1000,60 @@ XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL); } +/* Get the length of the raw integer value bytes, stripping the DER tag/length + * header if present. Required for OpenSSL compatibility where ASN1_INTEGER is + * typedef'd to ASN1_STRING and callers use ASN1_STRING_length() on integers. + * + * @param [in] ai ASN.1 INTEGER object. + * @return Length of the raw integer value on success. + * @return 0 when ai is NULL or data is invalid. + */ +int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai) +{ + if (ai == NULL || ai->data == NULL || ai->length <= 0) { + return 0; + } + if (ai->data[0] == ASN_INTEGER) { + word32 idx = 1; + int len = 0; + if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 && + idx + (word32)len == (word32)ai->length) { + return len; + } + } + /* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header, + * or data that coincidentally starts with 0x02 but whose header+value + * boundaries do not span exactly ai->length. */ + return ai->length; +} + +/* Get a pointer to the raw integer value bytes, skipping the DER tag/length + * header if present. Required for OpenSSL compatibility where ASN1_INTEGER is + * typedef'd to ASN1_STRING and callers use ASN1_STRING_get0_data() on integers. + * + * @param [in] ai ASN.1 INTEGER object. + * @return Pointer to the raw integer value bytes on success. + * @return NULL when ai is NULL or data is invalid. + */ +const unsigned char* wolfSSL_ASN1_INTEGER_get0_data(const WOLFSSL_ASN1_INTEGER* ai) +{ + if (ai == NULL || ai->data == NULL || ai->length <= 0) { + return NULL; + } + if (ai->data[0] == ASN_INTEGER) { + word32 idx = 1; + int len = 0; + if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 && + idx + (word32)len == (word32)ai->length) { + return ai->data + idx; + } + } + /* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header, + * or data that coincidentally starts with 0x02 but whose header+value + * boundaries do not span exactly ai->length. */ + return ai->data; +} + #if defined(OPENSSL_EXTRA) /* Reset the data of ASN.1 INTEGER object back to empty fixed array. * @@ -2025,9 +2080,17 @@ dupl->objSz = obj->objSz; #ifdef OPENSSL_EXTRA dupl->ca = obj->ca; + if (obj->pathlen != NULL) { + dupl->pathlen = wolfSSL_ASN1_INTEGER_dup(obj->pathlen); + if (dupl->pathlen == NULL) { + WOLFSSL_MSG("ASN1 pathlen alloc error"); + wolfSSL_ASN1_OBJECT_free(dupl); + dupl = NULL; + } + } #endif /* Check for encoding. */ - if (obj->obj) { + if (dupl != NULL && obj->obj) { /* Allocate memory for ASN.1 OBJECT_ID DER encoding. */ dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); @@ -3334,7 +3397,8 @@ const char* str = "(unknown)"; /* Clear negative flag. */ - if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) { + if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || + (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) { tag &= ~WOLFSSL_V_ASN1_NEG; } /* Check for known basic types. */ @@ -4194,7 +4258,8 @@ } /* Get time as human readable string. */ - if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len)) { + if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len, + t->length)) { buf = NULL; } @@ -4549,7 +4614,8 @@ * ASN1_TYPE APIs ******************************************************************************/ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) /** * Allocate a new ASN.1 TYPE object. @@ -4623,6 +4689,11 @@ XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL); } +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || + WOLFSSL_WPAS_SMALL */ + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); @@ -4660,8 +4731,8 @@ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \ - defined(WOLFSSL_WPAS_SMALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL) /** * Set ASN.1 TYPE object with a type and value. * @@ -4717,15 +4788,17 @@ int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a) { - if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL - || a->value.ptr != NULL)) + if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || + a->type == WOLFSSL_V_ASN1_NULL || + a->value.ptr != NULL)) { return a->type; + } return 0; } -#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || + WOLFSSL_WPAS_SMALL */ #endif /* !NO_ASN */ #endif /* !WOLFSSL_SSL_ASN1_INCLUDED */ - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_bn.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_bn.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_bn.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_bn.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_bn.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_certman.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_certman.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_certman.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_certman.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_certman.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,7 +25,7 @@ #if !defined(WOLFSSL_SSL_CERTMAN_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN - #warning ssl_certman.c does not need to be compiled separately from ssl.c + #warning ssl_certman.c not to be compiled separately from ssl.c #endif #else @@ -716,7 +716,8 @@ } #endif /* WC_ASN_UNKNOWN_EXT_CB */ -#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) /* Verify the certificate. * * Uses the verification callback if available. @@ -796,7 +797,8 @@ (void)fatal; -#ifndef NO_WOLFSSL_CM_VERIFY +#if !defined(NO_WOLFSSL_CM_VERIFY) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) /* Use callback to perform verification too if available. */ if ((!fatal) && cm->verifyCallback) { WC_DECLARE_VAR(args, ProcPeerCertArgs, 1, 0); @@ -884,11 +886,12 @@ return ret; } -#endif /* !NO_WOLFSSL_CLIENT || !WOLFSSL_NO_CLIENT_AUTH */ +#endif /* (!NO_WOLFSSL_CLIENT || !WOLFSSL_NO_CLIENT_AUTH) || OPENSSL_EXTRA */ #ifndef NO_FILESYSTEM -#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) /* Verify the certificate loaded from a file. * * Uses the verification callback if available. @@ -1262,7 +1265,9 @@ if (ret == 0) { /* Copy in certificate name. */ - XMEMCPY(signer->name, current + idx, (size_t)signer->nameLen); + /* safe cast -- allocated by above XMALLOC(). */ + XMEMCPY((void *)(wc_ptr_t)signer->name, current + idx, + (size_t)signer->nameLen); idx += signer->nameLen; /* Copy in hash of subject name. */ @@ -1795,6 +1800,7 @@ * WOLFSSL_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM. * @return WOLFSSL_SUCCESS on success. * @return BAD_FUNC_ARG when cm or buff is NULL or sz is negative or zero. + * @return DUPE_ENTRY_E if the same or a newer CRL already exists in the cm. * @return WOLFSSL_FATAL_ERROR when creating CRL object fails. */ int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm, @@ -2138,8 +2144,8 @@ /* Initialize the OCSP object. */ if (InitOCSP(cm->ocsp, cm) != 0) { WOLFSSL_MSG("Init OCSP failed"); - /* Dispose of OCSP object - indicating dynamically allocated. - */ + /* Dispose of OCSP object - indicating dynamically + * allocated. */ FreeOCSP(cm->ocsp, 1); cm->ocsp = NULL; ret = 0; @@ -2529,6 +2535,821 @@ #endif /* HAVE_OCSP */ +/****************************************************************************** + * Internal APIs that use WOLFSSL_CERT_MANAGER + ******************************************************************************/ + +/* hash is the SHA digest of name, just use first 32 bits as hash */ +static WC_INLINE word32 HashSigner(const byte* hash) +{ + return MakeWordFromHash(hash) % CA_TABLE_SIZE; +} + + +/* does CA already exist on signer list */ +int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash) +{ + Signer* signers; + int ret = 0; + word32 row; + + if (cm == NULL || hash == NULL) { + return ret; + } + + row = HashSigner(hash); + + if (wc_LockMutex(&cm->caLock) != 0) { + return ret; + } + signers = cm->caTable[row]; + while (signers) { + byte* subjectHash; + + #ifndef NO_SKID + subjectHash = signers->subjectKeyIdHash; + #else + subjectHash = signers->subjectNameHash; + #endif + + if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { + ret = 1; /* success */ + break; + } + signers = signers->next; + } + wc_UnLockMutex(&cm->caLock); + + return ret; +} + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* hash is the SHA digest of name, just use first 32 bits as hash */ +static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash) +{ + return MakeWordFromHash(hash) % TP_TABLE_SIZE; +} + +/* does trusted peer already exist on signer list */ +int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DecodedCert* cert) +{ + TrustedPeerCert* tp; + int ret = 0; + word32 row = TrustedPeerHashSigner(cert->subjectHash); + + if (wc_LockMutex(&cm->tpLock) != 0) + return ret; + tp = cm->tpTable[row]; + while (tp) { + if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, + SIGNER_DIGEST_SIZE) == 0) + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + && (XMEMCMP(cert->issuerHash, tp->issuerHash, + SIGNER_DIGEST_SIZE) == 0) + #endif + ) + ret = 1; + #ifndef NO_SKID + if (cert->extSubjKeyIdSet) { + /* Compare SKID as well if available */ + if (ret == 1 && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash, + SIGNER_DIGEST_SIZE) != 0) + ret = 0; + } + #endif + if (ret == 1) + break; + tp = tp->next; + } + wc_UnLockMutex(&cm->tpLock); + + return ret; +} + +/* return Trusted Peer if found, otherwise NULL + type is what to match on + */ +TrustedPeerCert* GetTrustedPeer(void* vp, DecodedCert* cert) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + TrustedPeerCert* ret = NULL; + TrustedPeerCert* tp = NULL; + word32 row; + + if (cm == NULL || cert == NULL) + return NULL; + + row = TrustedPeerHashSigner(cert->subjectHash); + + if (wc_LockMutex(&cm->tpLock) != 0) + return ret; + + tp = cm->tpTable[row]; + while (tp) { + if ((XMEMCMP(cert->subjectHash, tp->subjectNameHash, + SIGNER_DIGEST_SIZE) == 0) + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + && (XMEMCMP(cert->issuerHash, tp->issuerHash, + SIGNER_DIGEST_SIZE) == 0) + #endif + ) + ret = tp; + #ifndef NO_SKID + if (cert->extSubjKeyIdSet) { + /* Compare SKID as well if available */ + if (ret != NULL && XMEMCMP(cert->extSubjKeyId, tp->subjectKeyIdHash, + SIGNER_DIGEST_SIZE) != 0) + ret = NULL; + } + #endif + if (ret != NULL) + break; + tp = tp->next; + } + wc_UnLockMutex(&cm->tpLock); + + return ret; +} + + +int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert) +{ + if (tp == NULL || cert == NULL) + return BAD_FUNC_ARG; + + /* subject key id or subject hash has been compared when searching + tpTable for the cert from function GetTrustedPeer */ + + /* compare signatures */ + if (tp->sigLen == cert->sigLength) { + if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) { + return WOLFSSL_FAILURE; + } + } + else { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + +/* return CA if found, otherwise NULL */ +Signer* GetCA(void* vp, byte* hash) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + Signer* ret = NULL; + Signer* signers; + word32 row = 0; + + if (cm == NULL || hash == NULL) + return NULL; + + row = HashSigner(hash); + + if (wc_LockMutex(&cm->caLock) != 0) + return ret; + + signers = cm->caTable[row]; + while (signers) { + byte* subjectHash; + #ifndef NO_SKID + subjectHash = signers->subjectKeyIdHash; + #else + subjectHash = signers->subjectNameHash; + #endif + if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { + ret = signers; + break; + } + signers = signers->next; + } + wc_UnLockMutex(&cm->caLock); + + return ret; +} + +#if defined(HAVE_OCSP) +Signer* GetCAByKeyHash(void* vp, const byte* keyHash) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + Signer* ret = NULL; + Signer* signers; + int row; + + if (cm == NULL || keyHash == NULL) + return NULL; + + /* try lookup using keyHash as subjKeyID first */ + ret = GetCA(vp, (byte*)keyHash); + if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { + return ret; + } + + /* if we can't find the cert, we have to scan the full table */ + if (wc_LockMutex(&cm->caLock) != 0) + return NULL; + + /* Unfortunately we need to look through the entire table */ + for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { + for (signers = cm->caTable[row]; signers != NULL; + signers = signers->next) { + if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { + ret = signers; + break; + } + } + } + + wc_UnLockMutex(&cm->caLock); + return ret; +} +#endif +#ifdef WOLFSSL_AKID_NAME +Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, + const byte* serial, word32 serialSz) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + Signer* ret = NULL; + Signer* signers; + byte nameHash[SIGNER_DIGEST_SIZE]; + byte serialHash[SIGNER_DIGEST_SIZE]; + word32 row; + + if (cm == NULL || issuer == NULL || issuerSz == 0 || + serial == NULL || serialSz == 0) + return NULL; + + if (CalcHashId(issuer, issuerSz, nameHash) != 0 || + CalcHashId(serial, serialSz, serialHash) != 0) + return NULL; + + if (wc_LockMutex(&cm->caLock) != 0) + return ret; + + /* Unfortunately we need to look through the entire table */ + for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { + for (signers = cm->caTable[row]; signers != NULL; + signers = signers->next) { + if (XMEMCMP(signers->issuerNameHash, nameHash, SIGNER_DIGEST_SIZE) + == 0 && XMEMCMP(signers->serialHash, serialHash, + SIGNER_DIGEST_SIZE) == 0) { + ret = signers; + break; + } + } + } + + wc_UnLockMutex(&cm->caLock); + + return ret; +} +#endif + +#ifndef NO_SKID +/* return CA if found, otherwise NULL. Walk through hash table. */ +Signer* GetCAByName(void* vp, byte* hash) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + Signer* ret = NULL; + Signer* signers; + word32 row; + + if (cm == NULL) + return NULL; + + if (wc_LockMutex(&cm->caLock) != 0) + return ret; + + for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { + signers = cm->caTable[row]; + while (signers && ret == NULL) { + if (XMEMCMP(hash, signers->subjectNameHash, + SIGNER_DIGEST_SIZE) == 0) { + ret = signers; + } + signers = signers->next; + } + } + wc_UnLockMutex(&cm->caLock); + + return ret; +} +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT +/* add a trusted peer cert to linked list */ +int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify) +{ + int ret = 0; + int row = 0; + TrustedPeerCert* peerCert; + DecodedCert* cert; + DerBuffer* der = *pDer; + + WOLFSSL_MSG("Adding a Trusted Peer Cert"); + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + FreeDer(&der); + return MEMORY_E; + } + + InitDecodedCert(cert, der->buffer, der->length, cm->heap); + if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) { + FreeDecodedCert(cert); + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + FreeDer(&der); + return ret; + } + WOLFSSL_MSG("\tParsed new trusted peer cert"); + + peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap, + DYNAMIC_TYPE_CERT); + if (peerCert == NULL) { + FreeDecodedCert(cert); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + FreeDer(&der); + return MEMORY_E; + } + XMEMSET(peerCert, 0, sizeof(TrustedPeerCert)); + + #ifndef IGNORE_NAME_CONSTRAINTS + if (peerCert->permittedNames) + FreeNameSubtrees(peerCert->permittedNames, cm->heap); + if (peerCert->excludedNames) + FreeNameSubtrees(peerCert->excludedNames, cm->heap); + #endif + + if (AlreadyTrustedPeer(cm, cert)) { + WOLFSSL_MSG("\tAlready have this CA, not adding again"); + FreeTrustedPeer(peerCert, cm->heap); + (void)ret; + } + else { + /* add trusted peer signature */ + peerCert->sigLen = cert->sigLength; + peerCert->sig = (byte *)XMALLOC(cert->sigLength, cm->heap, + DYNAMIC_TYPE_SIGNATURE); + if (peerCert->sig == NULL) { + FreeDecodedCert(cert); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + FreeTrustedPeer(peerCert, cm->heap); + FreeDer(&der); + return MEMORY_E; + } + XMEMCPY(peerCert->sig, cert->signature, cert->sigLength); + + /* add trusted peer name */ + peerCert->nameLen = cert->subjectCNLen; + peerCert->name = cert->subjectCN; + #ifndef IGNORE_NAME_CONSTRAINTS + peerCert->permittedNames = cert->permittedNames; + peerCert->excludedNames = cert->excludedNames; + #endif + + /* add SKID when available and hash of name */ + #ifndef NO_SKID + XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId, + SIGNER_DIGEST_SIZE); + #endif + XMEMCPY(peerCert->subjectNameHash, cert->subjectHash, + SIGNER_DIGEST_SIZE); + #ifndef WOLFSSL_NO_ISSUERHASH_TDPEER + XMEMCPY(peerCert->issuerHash, cert->issuerHash, + SIGNER_DIGEST_SIZE); + #endif + /* If Key Usage not set, all uses valid. */ + peerCert->next = NULL; + cert->subjectCN = 0; + #ifndef IGNORE_NAME_CONSTRAINTS + cert->permittedNames = NULL; + cert->excludedNames = NULL; + #endif + + row = (int)TrustedPeerHashSigner(peerCert->subjectNameHash); + + if (wc_LockMutex(&cm->tpLock) == 0) { + peerCert->next = cm->tpTable[row]; + cm->tpTable[row] = peerCert; /* takes ownership */ + wc_UnLockMutex(&cm->tpLock); + } + else { + WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed"); + FreeDecodedCert(cert); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + FreeTrustedPeer(peerCert, cm->heap); + FreeDer(&der); + return BAD_MUTEX_E; + } + } + + WOLFSSL_MSG("\tFreeing parsed trusted peer cert"); + FreeDecodedCert(cert); + XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); + WOLFSSL_MSG("\tFreeing der trusted peer cert"); + FreeDer(&der); + WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert"); + WOLFSSL_LEAVE("AddTrustedPeer", ret); + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + +int AddSigner(WOLFSSL_CERT_MANAGER* cm, Signer *s) +{ + byte* subjectHash; + Signer* signers; + word32 row; + + if (cm == NULL || s == NULL) + return BAD_FUNC_ARG; + +#ifndef NO_SKID + subjectHash = s->subjectKeyIdHash; +#else + subjectHash = s->subjectNameHash; +#endif + + if (AlreadySigner(cm, subjectHash)) { + FreeSigner(s, cm->heap); + return 0; + } + + row = HashSigner(subjectHash); + + if (wc_LockMutex(&cm->caLock) != 0) + return BAD_MUTEX_E; + + signers = cm->caTable[row]; + s->next = signers; + cm->caTable[row] = s; + + wc_UnLockMutex(&cm->caLock); + return 0; +} + +/* owns der, internal now uses too */ +/* type flag ids from user or from chain received during verify + don't allow chain ones to be added w/o isCA extension */ +int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) +{ + int ret = 0; + Signer* signer = NULL; + word32 row = 0; + byte* subjectHash = NULL; + WC_DECLARE_VAR(cert, DecodedCert, 1, 0); + DerBuffer* der = *pDer; + + WOLFSSL_MSG_CERT_LOG("Adding a CA"); + + if (cm == NULL) { + FreeDer(pDer); + return BAD_FUNC_ARG; + } + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + FreeDer(pDer); + return MEMORY_E; + } + #endif + + InitDecodedCert(cert, der->buffer, der->length, cm->heap); + +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (cm->unknownExtCallback != NULL) { + wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); + } +#endif + + WOLFSSL_MSG_CERT("\tParsing new CA"); + ret = ParseCert(cert, CA_TYPE, verify, cm); + + WOLFSSL_MSG("\tParsed new CA"); +#ifdef WOLFSSL_DEBUG_CERTS + { + const char* err_msg; + if (ret == 0) { + WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "issuer: '%s'", + cert->issuer); + WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "subject: '%s'", + cert->subject); + } + else { + WOLFSSL_MSG_CERT( + WOLFSSL_MSG_CERT_INDENT "Failed during parse of new CA"); + err_msg = wc_GetErrorString(ret); + WOLFSSL_MSG_CERT_EX(WOLFSSL_MSG_CERT_INDENT "error ret: %d; %s", + ret, err_msg); + } + } +#endif /* WOLFSSL_DEBUG_CERTS */ + +#ifndef NO_SKID + subjectHash = cert->extSubjKeyId; +#else + subjectHash = cert->subjectHash; +#endif + + /* check CA key size */ + if (verify && (ret == 0 )) { + switch (cert->keyOID) { + #ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + case RSAk: + if (cm->minRsaKeySz < 0 || + cert->pubKeySize < (word16)cm->minRsaKeySz) { + ret = RSA_KEY_SIZE_E; + WOLFSSL_MSG_CERT_LOG("\tCA RSA key size error"); + WOLFSSL_MSG_CERT_EX("\tCA RSA pubKeySize = %d; " + "minRsaKeySz = %d", + cert->pubKeySize, cm->minRsaKeySz); + } + break; + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + case ECDSAk: + if (cm->minEccKeySz < 0 || + cert->pubKeySize < (word16)cm->minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG_CERT_LOG("\tCA ECC key size error"); + WOLFSSL_MSG_CERT_EX("\tCA ECC pubKeySize = %d; " + "minEccKeySz = %d", + cert->pubKeySize, cm->minEccKeySz); + } + break; + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + case ED25519k: + if (cm->minEccKeySz < 0 || + ED25519_KEY_SIZE < (word16)cm->minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG("\tCA ECC key size error"); + } + break; + #endif /* HAVE_ED25519 */ + #ifdef HAVE_ED448 + case ED448k: + if (cm->minEccKeySz < 0 || + ED448_KEY_SIZE < (word16)cm->minEccKeySz) { + ret = ECC_KEY_SIZE_E; + WOLFSSL_MSG("\tCA ECC key size error"); + } + break; + #endif /* HAVE_ED448 */ + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + if (cm->minFalconKeySz < 0 || + FALCON_LEVEL1_KEY_SIZE < (word16)cm->minFalconKeySz) { + ret = FALCON_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Falcon level 1 key size error"); + } + break; + case FALCON_LEVEL5k: + if (cm->minFalconKeySz < 0 || + FALCON_LEVEL5_KEY_SIZE < (word16)cm->minFalconKeySz) { + ret = FALCON_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Falcon level 5 key size error"); + } + break; + #endif /* HAVE_FALCON */ + #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + if (cm->minDilithiumKeySz < 0 || + DILITHIUM_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 2 key size error"); + } + break; + case DILITHIUM_LEVEL3k: + if (cm->minDilithiumKeySz < 0 || + DILITHIUM_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 3 key size error"); + } + break; + case DILITHIUM_LEVEL5k: + if (cm->minDilithiumKeySz < 0 || + DILITHIUM_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); + } + break; + #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + case ML_DSA_LEVEL2k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL2_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 2 key size error"); + } + break; + case ML_DSA_LEVEL3k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL3_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 3 key size error"); + } + break; + case ML_DSA_LEVEL5k: + if (cm->minDilithiumKeySz < 0 || + ML_DSA_LEVEL5_KEY_SIZE < (word16)cm->minDilithiumKeySz) { + ret = DILITHIUM_KEY_SIZE_E; + WOLFSSL_MSG("\tCA Dilithium level 5 key size error"); + } + break; + #endif /* HAVE_DILITHIUM */ + + default: + WOLFSSL_MSG("\tNo key size check done on CA"); + break; /* no size check if key type is not in switch */ + } + } + + if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && + type != WOLFSSL_TEMP_CA) { + WOLFSSL_MSG("\tCan't add as CA if not actually one"); + ret = NOT_CA_ERROR; + } +#ifndef ALLOW_INVALID_CERTSIGN + else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && + type != WOLFSSL_TEMP_CA && !cert->selfSigned && + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + /* Intermediate CA certs are required to have the keyCertSign + * extension set. User loaded root certs are not. */ + WOLFSSL_MSG("\tDoesn't have key usage certificate signing"); + ret = NOT_CA_ERROR; + } +#endif + else if (ret == 0 && AlreadySigner(cm, subjectHash)) { + WOLFSSL_MSG("\tAlready have this CA, not adding again"); + (void)ret; + } + else if (ret == 0) { + /* take over signer parts */ + signer = MakeSigner(cm->heap); + if (!signer) + ret = MEMORY_ERROR; + } + if (ret == 0 && signer != NULL) { + ret = FillSigner(signer, cert, type, der); + + if (ret == 0){ + #ifndef NO_SKID + row = HashSigner(signer->subjectKeyIdHash); + #else + row = HashSigner(signer->subjectNameHash); + #endif + } + + #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) + /* Verify CA by TSIP so that generated tsip key is going to */ + /* be able to be used for peer's cert verification */ + /* TSIP is only able to handle USER CA, and only one CA. */ + /* Therefore, it doesn't need to call TSIP again if there is already */ + /* verified CA. */ + if ( ret == 0 && signer != NULL ) { + signer->cm_idx = row; + if (type == WOLFSSL_USER_CA) { + if ((ret = wc_Renesas_cmn_RootCertVerify(cert->source, + cert->maxIdx, + cert->sigCtx.CertAtt.pubkey_n_start, + cert->sigCtx.CertAtt.pubkey_n_len - 1, + cert->sigCtx.CertAtt.pubkey_e_start, + cert->sigCtx.CertAtt.pubkey_e_len - 1, + row/* cm index */)) + < 0) + WOLFSSL_MSG("Renesas_RootCertVerify() failed"); + else + WOLFSSL_MSG("Renesas_RootCertVerify() succeed or skipped"); + } + } + #endif /* TSIP or SCE */ + + if (ret == 0 && wc_LockMutex(&cm->caLock) == 0) { + signer->next = cm->caTable[row]; + cm->caTable[row] = signer; /* takes ownership */ + wc_UnLockMutex(&cm->caLock); + if (cm->caCacheCallback) + cm->caCacheCallback(der->buffer, (int)der->length, type); + } + else { + WOLFSSL_MSG("\tCA Mutex Lock failed"); + ret = BAD_MUTEX_E; + } + } + + WOLFSSL_MSG("\tFreeing Parsed CA"); + FreeDecodedCert(cert); + if (ret != 0 && signer != NULL) + FreeSigner(signer, cm->heap); + WC_FREE_VAR_EX(cert, NULL, DYNAMIC_TYPE_DCERT); + WOLFSSL_MSG("\tFreeing der CA"); + FreeDer(pDer); + WOLFSSL_MSG("\t\tOK Freeing der CA"); + + WOLFSSL_LEAVE("AddCA", ret); + + return ret == 0 ? WOLFSSL_SUCCESS : ret; +} + +/* Removes the CA with the passed in subject hash from the + cert manager's CA cert store. */ +int RemoveCA(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type) +{ + Signer* current; + Signer** prev; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + word32 row; + + WOLFSSL_MSG("Removing a CA"); + + if (cm == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + + row = HashSigner(hash); + + if (wc_LockMutex(&cm->caLock) != 0) { + return BAD_MUTEX_E; + } + current = cm->caTable[row]; + prev = &cm->caTable[row]; + while (current) { + byte* subjectHash; + + #ifndef NO_SKID + subjectHash = current->subjectKeyIdHash; + #else + subjectHash = current->subjectNameHash; + #endif + + if ((current->type == type) && + (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0)) { + *prev = current->next; + FreeSigner(current, cm->heap); + ret = WOLFSSL_SUCCESS; + break; + } + prev = ¤t->next; + current = current->next; + } + wc_UnLockMutex(&cm->caLock); + + WOLFSSL_LEAVE("RemoveCA", ret); + + return ret; +} + +/* Sets the CA with the passed in subject hash + to the provided type. */ +int SetCAType(WOLFSSL_CERT_MANAGER* cm, byte* hash, int type) +{ + Signer* current; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + word32 row; + + WOLFSSL_MSG_EX("Setting CA to type %d", type); + + if (cm == NULL || hash == NULL || + type < WOLFSSL_USER_CA || type > WOLFSSL_USER_INTER) { + return ret; + } + + row = HashSigner(hash); + + if (wc_LockMutex(&cm->caLock) != 0) { + return ret; + } + current = cm->caTable[row]; + while (current) { + byte* subjectHash; + + #ifndef NO_SKID + subjectHash = current->subjectKeyIdHash; + #else + subjectHash = current->subjectNameHash; + #endif + + if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) { + current->type = (byte)type; + ret = WOLFSSL_SUCCESS; + break; + } + current = current->next; + } + wc_UnLockMutex(&cm->caLock); + + WOLFSSL_LEAVE("SetCAType", ret); + + return ret; +} + #endif /* NO_CERTS */ #endif /* !WOLFSSL_SSL_CERTMAN_INCLUDED */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_crypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_crypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_crypto.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_crypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_crypto.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -3071,8 +3071,8 @@ WOLFSSL_MSG("Null argument passed in"); } else -#if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0))) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,3,0))) /* Decrypt a block with wolfCrypt AES. */ if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesDecryptDirect failed"); @@ -3203,7 +3203,8 @@ * AES_ENCRPT for encryption, AES_DECRYPTION for decryption. */ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, - size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, const int enc) + size_t len, WOLFSSL_AES_KEY *key, unsigned char* iv, int* num, + const int enc) { #ifndef WOLFSSL_AES_CFB WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB"); @@ -3435,13 +3436,15 @@ * Use 0 buffer as IV to do straight decryption. * This places the Cn-1 block at lastBlk */ XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); - (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPTION); + (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, + AES_DECRYPTION); /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn * to create En. */ XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); /* Cn and Cn-1 can now be decrypted */ (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION); - (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPTION); + (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, + AES_DECRYPTION); XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_ech.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_ech.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_ech.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_ech.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,775 @@ +/* ssl_ech.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(WOLFSSL_SSL_ECH_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning ssl_ech.c does not need to be compiled separately from ssl.c + #endif +#else + +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + +/* create the hpke key and ech config to send to clients */ +int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, const char* publicName, + word16 kemId, word16 kdfId, word16 aeadId) +{ + int ret = 0; + WOLFSSL_EchConfig* newConfig; + word16 encLen = HPKE_Npk_MAX; +#ifdef WOLFSSL_SMALL_STACK + Hpke* hpke = NULL; + WC_RNG* rng; +#else + Hpke hpke[1]; + WC_RNG rng[1]; +#endif + + if (ctx == NULL || publicName == NULL) + return BAD_FUNC_ARG; + + /* ECH spec limits public_name to 255 bytes (1-byte length prefix) */ + if (XSTRLEN(publicName) > 255) + return BAD_FUNC_ARG; + + WC_ALLOC_VAR_EX(rng, WC_RNG, 1, ctx->heap, DYNAMIC_TYPE_RNG, + return MEMORY_E); + ret = wc_InitRng(rng); + if (ret != 0) { + WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG); + return ret; + } + + newConfig = (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), + ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (newConfig == NULL) + ret = MEMORY_E; + else + XMEMSET(newConfig, 0, sizeof(WOLFSSL_EchConfig)); + + /* set random configId */ + if (ret == 0) + ret = wc_RNG_GenerateByte(rng, &newConfig->configId); + + /* if 0 is selected for algorithms use default, may change with draft */ + if (kemId == 0) + kemId = DHKEM_X25519_HKDF_SHA256; + + if (kdfId == 0) + kdfId = HKDF_SHA256; + + if (aeadId == 0) + aeadId = HPKE_AES_128_GCM; + + if (ret == 0) { + /* set the kem id */ + newConfig->kemId = kemId; + + /* set the cipher suite, only 1 for now */ + newConfig->numCipherSuites = 1; + newConfig->cipherSuites = + (EchCipherSuite*)XMALLOC(sizeof(EchCipherSuite), ctx->heap, + DYNAMIC_TYPE_TMP_BUFFER); + + if (newConfig->cipherSuites == NULL) { + ret = MEMORY_E; + } + else { + newConfig->cipherSuites[0].kdfId = kdfId; + newConfig->cipherSuites[0].aeadId = aeadId; + } + } + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + hpke = (Hpke*)XMALLOC(sizeof(Hpke), ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (hpke == NULL) + ret = MEMORY_E; + } +#endif + + if (ret == 0) + ret = wc_HpkeInit(hpke, kemId, kdfId, aeadId, ctx->heap); + + /* generate the receiver private key */ + if (ret == 0) + ret = wc_HpkeGenerateKeyPair(hpke, &newConfig->receiverPrivkey, rng); + + /* done with RNG */ + wc_FreeRng(rng); + + /* serialize the receiver key */ + if (ret == 0) + ret = wc_HpkeSerializePublicKey(hpke, newConfig->receiverPrivkey, + newConfig->receiverPubkey, &encLen); + + if (ret == 0) { + newConfig->publicName = (char*)XMALLOC(XSTRLEN(publicName) + 1, + ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (newConfig->publicName == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(newConfig->publicName, publicName, + XSTRLEN(publicName) + 1); + } + } + + if (ret != 0) { + if (newConfig) { + if (newConfig->receiverPrivkey != NULL) { + wc_HpkeFreeKey(hpke, newConfig->kemId, + newConfig->receiverPrivkey, ctx->heap); + } + XFREE(newConfig->cipherSuites, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(newConfig->publicName, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(newConfig, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + } + else { + /* insert new configs at beginning of LL as preference should be given + * to the most recently generated configs */ + if (ctx->echConfigs == NULL) { + ctx->echConfigs = newConfig; + } + else { + newConfig->next = ctx->echConfigs; + ctx->echConfigs = newConfig; + } + } + + if (ret == 0) + ret = WOLFSSL_SUCCESS; + + WC_FREE_VAR_EX(hpke, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(rng, ctx->heap, DYNAMIC_TYPE_RNG); + + return ret; +} + +int wolfSSL_CTX_SetEchConfigsBase64(WOLFSSL_CTX* ctx, const char* echConfigs64, + word32 echConfigs64Len) +{ + int ret = 0; + word32 decodedLen = echConfigs64Len * 3 / 4 + 1; + byte* decodedConfigs; + + if (ctx == NULL || echConfigs64 == NULL || echConfigs64Len == 0) + return BAD_FUNC_ARG; + + decodedConfigs = (byte*)XMALLOC(decodedLen, ctx->heap, + DYNAMIC_TYPE_TMP_BUFFER); + + if (decodedConfigs == NULL) + return MEMORY_E; + + decodedConfigs[decodedLen - 1] = 0; + + /* decode the echConfigs */ + ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len, + decodedConfigs, &decodedLen); + + if (ret != 0) { + XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + ret = wolfSSL_CTX_SetEchConfigs(ctx, decodedConfigs, decodedLen); + + XFREE(decodedConfigs, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +int wolfSSL_CTX_SetEchConfigs(WOLFSSL_CTX* ctx, const byte* echConfigs, + word32 echConfigsLen) +{ + int ret; + + if (ctx == NULL || echConfigs == NULL || echConfigsLen == 0) + return BAD_FUNC_ARG; + + FreeEchConfigs(ctx->echConfigs, ctx->heap); + ctx->echConfigs = NULL; + ret = SetEchConfigsEx(&ctx->echConfigs, ctx->heap, echConfigs, + echConfigsLen); + + if (ret == 0) + return WOLFSSL_SUCCESS; + + return ret; +} + +/* get the ech configs that the server context is using */ +int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, + word32* outputLen) { + if (ctx == NULL || outputLen == NULL) + return BAD_FUNC_ARG; + + /* if we don't have ech configs */ + if (ctx->echConfigs == NULL) + return WOLFSSL_FATAL_ERROR; + + return GetEchConfigsEx(ctx->echConfigs, output, outputLen); +} + +void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable) +{ + if (ctx != NULL) { + ctx->disableECH = !enable; + if (ctx->disableECH) { + TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap); + FreeEchConfigs(ctx->echConfigs, ctx->heap); + ctx->echConfigs = NULL; + } + } +} + +/* set the ech config from base64 for our client ssl object, base64 is the + * format ech configs are sent using dns records */ +int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, const char* echConfigs64, + word32 echConfigs64Len) +{ + int ret = 0; + word32 decodedLen = echConfigs64Len * 3 / 4 + 1; + byte* decodedConfigs; + + if (ssl == NULL || echConfigs64 == NULL || echConfigs64Len == 0) + return BAD_FUNC_ARG; + + /* already have ech configs */ + if (ssl->echConfigs != NULL) { + return WOLFSSL_FATAL_ERROR; + } + + decodedConfigs = (byte*)XMALLOC(decodedLen, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + + if (decodedConfigs == NULL) + return MEMORY_E; + + decodedConfigs[decodedLen - 1] = 0; + + /* decode the echConfigs */ + ret = Base64_Decode((const byte*)echConfigs64, echConfigs64Len, + decodedConfigs, &decodedLen); + + if (ret != 0) { + XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + ret = wolfSSL_SetEchConfigs(ssl, decodedConfigs, decodedLen); + + XFREE(decodedConfigs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +/* set the ech config from a raw buffer, this is the format ech configs are + * sent using retry_configs from the ech server */ +int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, + word32 echConfigsLen) +{ + int ret; + + if (ssl == NULL || echConfigs == NULL || echConfigsLen == 0) + return BAD_FUNC_ARG; + + /* already have ech configs */ + if (ssl->echConfigs != NULL) { + return WOLFSSL_FATAL_ERROR; + } + + ret = SetEchConfigsEx(&ssl->echConfigs, ssl->heap, echConfigs, + echConfigsLen); + + /* if we found valid configs */ + if (ret == 0) { + return WOLFSSL_SUCCESS; + } + + return ret; +} + +/* get the raw ech config from our struct */ +int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) +{ + int i; + word16 totalLen = 0; + word16 kemEncLen; + word16 publicNameLen; + + if (config == NULL || (output == NULL && outputLen == NULL)) + return BAD_FUNC_ARG; + + /* ECH spec limits public_name to 255 bytes (1-byte length prefix) */ + if (config->publicName == NULL || XSTRLEN(config->publicName) > 255) + return BAD_FUNC_ARG; + publicNameLen = (word16)XSTRLEN(config->publicName); + + /* 2 for version */ + totalLen += 2; + /* 2 for length */ + totalLen += 2; + /* 1 for configId */ + totalLen += 1; + /* 2 for kemId */ + totalLen += 2; + /* 2 for hpke_len */ + totalLen += 2; + + /* hpke_pub_key */ + kemEncLen = wc_HpkeKemGetEncLen(config->kemId); + if (kemEncLen == 0) + return BAD_FUNC_ARG; + totalLen += kemEncLen; + + /* cipherSuitesLen */ + totalLen += 2; + /* cipherSuites */ + totalLen += config->numCipherSuites * 4; + /* public name len */ + totalLen += 2; + + /* public name */ + totalLen += publicNameLen; + /* trailing zeros */ + totalLen += 2; + + if (output == NULL) { + *outputLen = totalLen; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (totalLen > *outputLen) { + *outputLen = totalLen; + return INPUT_SIZE_E; + } + + /* version */ + c16toa(TLSX_ECH, output); + output += 2; + + /* length - 4 for version and length itself */ + c16toa(totalLen - 4, output); + output += 2; + + /* configId */ + *output = config->configId; + output++; + /* kemId */ + c16toa(config->kemId, output); + output += 2; + + /* length and key itself */ + c16toa(kemEncLen, output); + output += 2; + XMEMCPY(output, config->receiverPubkey, kemEncLen); + output += kemEncLen; + + /* cipherSuites len */ + c16toa(config->numCipherSuites * 4, output); + output += 2; + + /* cipherSuites */ + for (i = 0; i < config->numCipherSuites; i++) { + c16toa(config->cipherSuites[i].kdfId, output); + output += 2; + c16toa(config->cipherSuites[i].aeadId, output); + output += 2; + } + + /* set maximum name length to 0 */ + *output = 0; + output++; + + /* publicName len */ + *output = (byte)publicNameLen; + output++; + + /* publicName */ + XMEMCPY(output, config->publicName, publicNameLen); + output += publicNameLen; + + /* terminating zeros */ + c16toa(0, output); + /* output += 2; */ + + *outputLen = totalLen; + + return 0; +} + +/* wrapper function to get ech configs from application code */ +int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen) +{ + if (ssl == NULL || outputLen == NULL) + return BAD_FUNC_ARG; + + /* if we don't have ech configs */ + if (ssl->echConfigs == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + return GetEchConfigsEx(ssl->echConfigs, output, outputLen); +} + +void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable) +{ + if (ssl != NULL) { + ssl->options.disableECH = !enable; + if (ssl->options.disableECH) { + TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); + FreeEchConfigs(ssl->echConfigs, ssl->heap); + ssl->echConfigs = NULL; + } + } +} + +int SetEchConfigsEx(WOLFSSL_EchConfig** outputConfigs, void* heap, + const byte* echConfigs, word32 echConfigsLen) +{ + int ret = 0; + word32 configIdx; + word32 idx; + int j; + word16 totalLength; + word16 version; + word16 length; + word16 hpkePubkeyLen; + word16 cipherSuitesLen; + word16 extensionsLen; + byte publicNameLen; + WOLFSSL_EchConfig* configList = NULL; + WOLFSSL_EchConfig* workingConfig = NULL; + WOLFSSL_EchConfig* lastConfig = NULL; + const byte* echConfig = NULL; + + if (outputConfigs == NULL || echConfigs == NULL || echConfigsLen < 2) + return BAD_FUNC_ARG; + + /* check that the total length is well formed */ + ato16(echConfigs, &totalLength); + if (totalLength != echConfigsLen - 2) { + return WOLFSSL_FATAL_ERROR; + } + configIdx = 2; + + do { + if (configIdx + 4 > echConfigsLen) { + ret = BUFFER_E; + break; + } + echConfig = echConfigs + configIdx; + ato16(echConfig, &version); + ato16(echConfig + 2, &length); + + if (configIdx + length + 4 > echConfigsLen) { + ret = BUFFER_E; + break; + } + else if (version != TLSX_ECH) { + /* skip this config and try the next one */ + configIdx += length + 4; + continue; + } + + if (workingConfig == NULL) { + workingConfig = + (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap, + DYNAMIC_TYPE_TMP_BUFFER); + configList = workingConfig; + } + else { + lastConfig = workingConfig; + workingConfig->next = + (WOLFSSL_EchConfig*)XMALLOC(sizeof(WOLFSSL_EchConfig), heap, + DYNAMIC_TYPE_TMP_BUFFER); + workingConfig = workingConfig->next; + } + + if (workingConfig == NULL) { + ret = MEMORY_E; + break; + } + + XMEMSET(workingConfig, 0, sizeof(WOLFSSL_EchConfig)); + + /* rawLen */ + workingConfig->rawLen = length + 4; + + /* raw body */ + workingConfig->raw = (byte*)XMALLOC(workingConfig->rawLen, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (workingConfig->raw == NULL) { + ret = MEMORY_E; + break; + } + + XMEMCPY(workingConfig->raw, echConfig, workingConfig->rawLen); + + /* skip over version and length */ + echConfig += 4; + + idx = 5; + if (idx >= length) { + ret = BUFFER_E; + break; + } + + /* configId, 1 byte */ + workingConfig->configId = *echConfig; + echConfig++; + /* kemId, 2 bytes */ + ato16(echConfig, &workingConfig->kemId); + echConfig += 2; + /* hpke public_key length, 2 bytes */ + ato16(echConfig, &hpkePubkeyLen); + echConfig += 2; + + /* hpke public_key */ + if (hpkePubkeyLen > HPKE_Npk_MAX || hpkePubkeyLen == 0) { + ret = BUFFER_E; + break; + } + idx += hpkePubkeyLen; + if (idx >= length) { + ret = BUFFER_E; + break; + } + + XMEMCPY(workingConfig->receiverPubkey, echConfig, hpkePubkeyLen); + echConfig += hpkePubkeyLen; + + /* cipherSuitesLen */ + idx += 2; + if (idx >= length) { + ret = BUFFER_E; + break; + } + ato16(echConfig, &cipherSuitesLen); + if (cipherSuitesLen == 0 || cipherSuitesLen % 4 != 0 || + cipherSuitesLen >= 1024) { + /* numCipherSuites is a byte so only 256 ciphersuites (each 4 bytes) + * can be accessed */ + ret = BUFFER_E; + break; + } + + idx += cipherSuitesLen; + if (idx >= length) { + ret = BUFFER_E; + break; + } + + workingConfig->cipherSuites = (EchCipherSuite*)XMALLOC(cipherSuitesLen, + heap, DYNAMIC_TYPE_TMP_BUFFER); + if (workingConfig->cipherSuites == NULL) { + ret = MEMORY_E; + break; + } + + echConfig += 2; + workingConfig->numCipherSuites = (byte)(cipherSuitesLen / 4); + /* cipherSuites */ + for (j = 0; j < workingConfig->numCipherSuites; j++) { + ato16(echConfig, &workingConfig->cipherSuites[j].kdfId); + ato16(echConfig + 2, &workingConfig->cipherSuites[j].aeadId); + echConfig += 4; + } + + /* ignore the maximum name length */ + idx++; + if (idx >= length) { + ret = BUFFER_E; + break; + } + echConfig++; + + /* publicNameLen */ + idx++; + if (idx >= length) { + ret = BUFFER_E; + break; + } + + publicNameLen = *echConfig; + if (publicNameLen == 0) { + ret = BUFFER_E; + break; + } + + idx += publicNameLen; + if (idx >= length) { + ret = BUFFER_E; + break; + } + echConfig++; + + workingConfig->publicName = (char*)XMALLOC(publicNameLen + 1, + heap, DYNAMIC_TYPE_TMP_BUFFER); + if (workingConfig->publicName == NULL) { + ret = MEMORY_E; + break; + } + + /* publicName */ + XMEMCPY(workingConfig->publicName, echConfig, publicNameLen); + workingConfig->publicName[publicNameLen] = '\0'; + echConfig += publicNameLen; + + /* TODO: Parse ECHConfigExtension */ + /* --> for now just ignore it */ + idx += 2; + if (idx > length) { + ret = BUFFER_E; + break; + } + ato16(echConfig, &extensionsLen); + + idx += extensionsLen; + if (idx != length) { + ret = BUFFER_E; + break; + } + + /* KEM or ciphersuite not supported, free this config and then try to + * parse another */ + if (EchConfigGetSupportedCipherSuite(workingConfig) < 0) { + XFREE(workingConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(workingConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(workingConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(workingConfig, heap, DYNAMIC_TYPE_TMP_BUFFER); + workingConfig = lastConfig; + + if (workingConfig != NULL) { + workingConfig->next = NULL; + } + else { + /* if one (or more) of the leading configs are unsupported then + * this case will be hit */ + configList = NULL; + } + } + + configIdx += 4 + length; + } while (configIdx < echConfigsLen); + if (ret == 0 && configIdx != echConfigsLen){ + ret = BUFFER_E; + } + + /* if we found valid configs */ + if (ret == 0 && configList != NULL) { + *outputConfigs = configList; + + return ret; + } + + workingConfig = configList; + while (workingConfig != NULL) { + lastConfig = workingConfig; + workingConfig = workingConfig->next; + + XFREE(lastConfig->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lastConfig->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lastConfig->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(lastConfig, heap, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (ret == 0) + return WOLFSSL_FATAL_ERROR; + + return ret; +} + +/* get the raw ech configs from our linked list of ech config structs */ +int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) +{ + int ret = 0; + WOLFSSL_EchConfig* workingConfig = NULL; + byte* outputStart = output; + word32 totalLen = 2; + word32 workingOutputLen = 0; + + if (configs == NULL || outputLen == NULL || + (output != NULL && *outputLen < totalLen)) { + return BAD_FUNC_ARG; + } + + + /* skip over total length which we fill in later */ + if (output != NULL) { + workingOutputLen = *outputLen - totalLen; + output += 2; + } + else { + /* caller getting the size only, set current 2 byte length size */ + *outputLen = totalLen; + } + + workingConfig = configs; + + while (workingConfig != NULL) { + /* get this config */ + ret = GetEchConfig(workingConfig, output, &workingOutputLen); + + if (output != NULL) + output += workingOutputLen; + + /* add this config's length to the total length */ + totalLen += workingOutputLen; + + if (totalLen > *outputLen) + workingOutputLen = 0; + else + workingOutputLen = *outputLen - totalLen; + + /* only error we break on, other 2 we need to keep finding length */ + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return BAD_FUNC_ARG; + + workingConfig = workingConfig->next; + } + + if (output == NULL) { + *outputLen = totalLen; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (totalLen > *outputLen) { + *outputLen = totalLen; + return INPUT_SIZE_E; + } + + /* total size -2 for size itself */ + c16toa(totalLen - 2, outputStart); + + *outputLen = totalLen; + + return WOLFSSL_SUCCESS; +} + +#endif /* WOLFSSL_TLS13 && HAVE_ECH */ + +#endif /* !WOLFSSL_SSL_ECH_INCLUDED */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_load.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_load.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_load.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_load.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_load.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,8 @@ */ #ifdef WOLFSSL_SYS_CA_CERTS -/* Will be turned off automatically when NO_FILESYSTEM is defined */ +/* Will be turned off automatically when NO_FILESYSTEM is defined + * for non Mac/Windows systems */ #ifdef _WIN32 #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ @@ -769,11 +770,13 @@ WOLFSSL_MSG("ED448 private key too small"); ret = ECC_KEY_SIZE_E; } + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED448_CLIENT_AUTH) if (ssl != NULL) { /* Ed448 requires caching enabled for tracking message * hash used in EdDSA_Update for signing */ ssl->options.cacheMessages = 1; } + #endif } /* Not an Ed448 key but check whether we know what it is. */ else if (*keyFormat == 0) { @@ -925,7 +928,8 @@ if (ret == 0) { /* Decode as a Dilithium private key. */ idx = 0; - ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, der->length); + ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key, + der->length); if (ret == 0) { ret = dilithium_get_oid_sum(key, &keyFormatTemp); if (ret == 0) { @@ -1076,11 +1080,9 @@ } #ifdef WC_RSA_PSS if((ret == 0) && (*keyFormat == RSAPSSk)) { - /* - Require logic to verify that the der is RSAPSSk (when *keyFormat == RSAPSSK), - and to detect that the der is RSAPSSk (when *keyFormat == 0). - */ - + /* Require logic to verify that the der is RSAPSSk + * (when *keyFormat == RSAPSSK), and to detect that the der is RSAPSSk + * (when *keyFormat == 0). */ matchAnyKey = 1; } #endif /* WC_RSA_PSS */ @@ -1607,6 +1609,9 @@ #ifndef NO_RSA word32 idx; #endif + if (ctx == NULL && ssl == NULL) { + return BAD_FUNC_ARG; + } /* Get key size and check unless not verifying. */ switch (cert->keyOID) { @@ -1624,6 +1629,14 @@ ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E); } + #ifdef WC_RSA_PSS + if (ssl) { + ssl->useRsaPss = cert->keyOID == RSAPSSk; + } + if (ctx) { + ctx->useRsaPss = cert->keyOID == RSAPSSk; + } + #endif break; #endif /* !NO_RSA */ #ifdef HAVE_ECC @@ -2053,7 +2066,7 @@ } /* Don't check if no SSL object verification is disabled for SSL * context. */ - else if ((ssl == NULL) && ctx->verifyNone) { + else if ((ssl == NULL) && (ctx != NULL) && ctx->verifyNone) { checkKeySz = 0; } @@ -2124,7 +2137,8 @@ * certificates so we can inject them at verification time */ if (ret == 1 && ctx->doAppleNativeCertValidationFlag == 1) { WOLFSSL_MSG("ANCV Test: Appending CA to cert list"); - ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf, (int)derLen); + ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf, + (int)derLen); if (ret == WOLFSSL_SUCCESS) { WOLFSSL_MSG("ANCV Test: Clearing CA table"); /* Clear the CA table so we can ensure they won't be used for @@ -2935,8 +2949,8 @@ NULL, verify); #else /* Load the DER formatted CA file */ - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, 0, - NULL, verify); + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL, + 0, NULL, verify); #endif #ifndef NO_WOLFSSL_DIR if (ret == 1) { @@ -3030,6 +3044,231 @@ return WS_RETURN_CODE(ret, 0); } +#ifdef WOLFSSL_TRUST_PEER_CERT +/* Load a trusted peer certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 when ctx or file is NULL. + */ +int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert"); + + /* Validate parameters. */ + if ((ctx == NULL) || (file == NULL)) { + ret = 0; + } + else { + ret = ProcessFile(ctx, file, format, TRUSTED_PEER_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + } + + return ret; +} + +/* Load a trusted peer certificate into SSL. + * + * @param [in, out] ssl SSL object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 when ssl or file is NULL. + */ +int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_trust_peer_cert"); + + /* Validate parameters. */ + if ((ssl == NULL) || (file == NULL)) { + ret = 0; + } + else { + ret = ProcessFile(NULL, file, format, TRUSTED_PEER_TYPE, ssl, 0, NULL, + GET_VERIFY_SETTING_SSL(ssl)); + } + + return ret; +} +#endif /* WOLFSSL_TRUST_PEER_CERT */ + + +#ifdef WOLFSSL_DER_LOAD + +/* Load a CA certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of peer certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations"); + + /* Validate parameters. */ + if ((ctx == NULL) || (file == NULL)) { + ret = 0; + } + else { +#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + /* TEST ONLY CODE: force native cert validation on */ + WOLFSSL_MSG("ANCV Test: loading system CA certs"); + wolfSSL_CTX_load_system_CA_certs(ctx); +#endif + ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + } + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#endif /* WOLFSSL_DER_LOAD */ + + +/* Load a user certificate into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of user certificate file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file"); + + ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + + +/* Load a private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); + + ret = ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#ifdef WOLFSSL_DUAL_ALG_CERTS +/* Load an alternative private key into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, + int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file"); + + ret = ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + + +/* Load a PEM certificate chain into SSL context. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of PEM certificate chain file. + * @return 1 on success. + * @return 0 on failure. + */ +WOLFSSL_ABI +int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) +{ + int ret; + + /* process up to MAX_CHAIN_DEPTH plus subject cert */ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); + +#ifdef WOLFSSL_PEM_TO_DER + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL, + GET_VERIFY_SETTING_CTX(ctx)); +#else + ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, + NULL, GET_VERIFY_SETTING_CTX(ctx)); +#endif + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +/* Load certificate chain into SSL context. + * + * Processes up to MAX_CHAIN_DEPTH plus subject cert. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of private key file. + * @param [in] format Format of data: + * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, + const char* file, int format) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); + + ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL, + GET_VERIFY_SETTING_CTX(ctx)); + + /* Return 1 on success or 0 on failure. */ + return WS_RC(ret); +} + +#endif /* NO_FILESYSTEM */ + #ifdef WOLFSSL_SYS_CA_CERTS #ifdef USE_WINDOWS_API @@ -3173,7 +3412,7 @@ } #endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */ -#else +#elif !defined(NO_FILESYSTEM) /* Potential system CA certs directories on Linux/Unix distros. */ static const char* systemCaDirs[] = { @@ -3327,231 +3566,6 @@ #endif /* WOLFSSL_SYS_CA_CERTS */ -#ifdef WOLFSSL_TRUST_PEER_CERT -/* Load a trusted peer certificate into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of peer certificate file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 when ctx or file is NULL. - */ -int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert"); - - /* Validate parameters. */ - if ((ctx == NULL) || (file == NULL)) { - ret = 0; - } - else { - ret = ProcessFile(ctx, file, format, TRUSTED_PEER_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - } - - return ret; -} - -/* Load a trusted peer certificate into SSL. - * - * @param [in, out] ssl SSL object. - * @param [in] file Name of peer certificate file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 when ssl or file is NULL. - */ -int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_trust_peer_cert"); - - /* Validate parameters. */ - if ((ssl == NULL) || (file == NULL)) { - ret = 0; - } - else { - ret = ProcessFile(NULL, file, format, TRUSTED_PEER_TYPE, ssl, 0, NULL, - GET_VERIFY_SETTING_SSL(ssl)); - } - - return ret; -} -#endif /* WOLFSSL_TRUST_PEER_CERT */ - - -#ifdef WOLFSSL_DER_LOAD - -/* Load a CA certificate into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of peer certificate file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations"); - - /* Validate parameters. */ - if ((ctx == NULL) || (file == NULL)) { - ret = 0; - } - else { -#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION - /* TEST ONLY CODE: force native cert validation on */ - WOLFSSL_MSG("ANCV Test: loading system CA certs"); - wolfSSL_CTX_load_system_CA_certs(ctx); -#endif - ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - } - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} - -#endif /* WOLFSSL_DER_LOAD */ - - -/* Load a user certificate into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of user certificate file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 on failure. - */ -WOLFSSL_ABI -int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file"); - - ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} - - -/* Load a private key into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of private key file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 on failure. - */ -WOLFSSL_ABI -int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); - - ret = ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} - -#ifdef WOLFSSL_DUAL_ALG_CERTS -/* Load an alternative private key into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of private key file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file, - int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file"); - - ret = ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} -#endif /* WOLFSSL_DUAL_ALG_CERTS */ - - -/* Load a PEM certificate chain into SSL context. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of PEM certificate chain file. - * @return 1 on success. - * @return 0 on failure. - */ -WOLFSSL_ABI -int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) -{ - int ret; - - /* process up to MAX_CHAIN_DEPTH plus subject cert */ - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); - -#ifdef WOLFSSL_PEM_TO_DER - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL, - GET_VERIFY_SETTING_CTX(ctx)); -#else - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1, NULL, - GET_VERIFY_SETTING_CTX(ctx)); -#endif - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} - -/* Load certificate chain into SSL context. - * - * Processes up to MAX_CHAIN_DEPTH plus subject cert. - * - * @param [in, out] ctx SSL context object. - * @param [in] file Name of private key file. - * @param [in] format Format of data: - * WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1. - * @return 1 on success. - * @return 0 on failure. - */ -int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, - const char* file, int format) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); - - ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL, - GET_VERIFY_SETTING_CTX(ctx)); - - /* Return 1 on success or 0 on failure. */ - return WS_RC(ret); -} - -#endif /* NO_FILESYSTEM */ - #ifdef OPENSSL_EXTRA /* Load a private key into SSL. @@ -4143,6 +4157,8 @@ { int ret = 1; + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id"); + /* Dispose of old private key and allocate and copy in id. */ FreeDer(&ctx->privateKey); if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE, @@ -4168,6 +4184,7 @@ #endif } + WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Id", ret); return ret; } @@ -4184,12 +4201,17 @@ int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, long sz, int devId, long keySz) { - int ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId); + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_id"); + + ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId); if (ret == 1) { /* Set the key size which normally is calculated during decoding. */ ctx->privateKeySz = (int)keySz; } + WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_id", ret); return ret; } @@ -4207,6 +4229,8 @@ int ret = 1; word32 sz = (word32)XSTRLEN(label) + 1; + WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Label"); + /* Dispose of old private key and allocate and copy in label. */ FreeDer(&ctx->privateKey); if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz, @@ -4232,6 +4256,7 @@ #endif } + WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Label", ret); return ret; } @@ -4241,6 +4266,8 @@ { int ret = 1; + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id"); + if ((ctx == NULL) || (id == NULL)) { ret = 0; } @@ -4263,17 +4290,23 @@ } } + WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Id", ret); return ret; } int wolfSSL_CTX_use_AltPrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id, long sz, int devId, long keySz) { - int ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); + int ret; + + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_id"); + + ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId); if (ret == 1) { ctx->altPrivateKeySz = (word32)keySz; } + WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_id", ret); return ret; } @@ -4283,6 +4316,8 @@ int ret = 1; word32 sz; + WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Label"); + if ((ctx == NULL) || (label == NULL)) { ret = 0; } @@ -4306,6 +4341,7 @@ } } + WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Label", ret); return ret; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -4795,12 +4831,21 @@ /* Get length of previous chain. */ len = oldChain->length; } - /* Allocate DER buffer bug enough to hold old and new certificates. */ - ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, heap); - if (ret != 0) { - WOLFSSL_MSG("AllocDer error"); + /* Check for integer overflow in size calculation. */ + if ((len > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ) || + (certSz > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ - len)) { + WOLFSSL_MSG("wolfssl_add_to_chain overflow"); res = 0; } + if (res == 1) { + /* Allocate DER buffer big enough to hold old and new certificates. */ + ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE, + heap); + if (ret != 0) { + WOLFSSL_MSG("AllocDer error"); + res = 0; + } + } if (res == 1) { if (oldChain != NULL) { @@ -4857,7 +4902,8 @@ if (res == 1) { /* Add chain to DER buffer. */ - res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, ctx->heap); + res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz, + ctx->heap); #ifdef WOLFSSL_TLS13 /* Update count of certificates. */ ctx->certChainCnt++; @@ -5403,7 +5449,8 @@ } #else /* OpenSSL's implementation of this API does not require loading the - system CA cert directory. Allow skipping this without erroring out. */ + * system CA cert directory. Allow skipping this without erroring out. + */ ret = 1; #endif } @@ -5524,8 +5571,10 @@ if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { /* Memory will be freed below in the (ret != 1) block */ ret = MEMORY_E; @@ -5576,7 +5625,8 @@ /* Initialize a DH object. */ if ((ret = wc_InitDhKey(checkKey)) == 0) { /* Check DH parameters. */ - ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng); + ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, + NULL, 0, 0, &rng); /* Dispose of DH object. */ wc_FreeDhKey(checkKey); } @@ -5672,8 +5722,10 @@ if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL context. */ - pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, + DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { ret = MEMORY_E; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_misc.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_misc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_misc.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_misc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_misc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -230,7 +230,15 @@ /* Get file offset at end of file. */ curr = (long)XFTELL(fp); if (curr < 0) { - ret = WOLFSSL_BAD_FILE; +#ifdef ESPIPE + if (errno == ESPIPE) { + WOLFSSL_ERROR_MSG("wolfssl_file_len: file is a pipe"); + *fileSz = 0; + ret = WOLFSSL_BAD_FILETYPE; + } + else +#endif + ret = WOLFSSL_BAD_FILE; } } /* Move to end of file. */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_p7p12.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_p7p12.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_p7p12.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_p7p12.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_p7p12.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -292,6 +292,7 @@ } if (wolfSSL_sk_X509_push(signers, x509) <= 0) { + wolfSSL_X509_free(x509); wolfSSL_sk_X509_pop_free(signers, NULL); return NULL; } @@ -1029,7 +1030,8 @@ XMEMSET(pem, 0, pemSz); - if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL, CERT_TYPE) < 0) { + if (wc_DerToPemEx(output, outputSz, pem, (word32)pemSz, NULL,CERT_TYPE) + < 0) { goto error; } if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) { @@ -1205,12 +1207,14 @@ /* If line endings were added, the initial length may be * exceeded. */ if ((canonPos + canonLineLen) >= canonSize) { + char* newCanonSection; canonSize = canonPos + canonLineLen; - canonSection = (char*)XREALLOC(canonSection, canonSize, + newCanonSection = (char*)XREALLOC(canonSection, canonSize, NULL, DYNAMIC_TYPE_PKCS7); - if (canonSection == NULL) { + if (newCanonSection == NULL) { goto error; } + canonSection = newCanonSection; } XMEMCPY(&canonSection[canonPos], canonLine, (int)canonLineLen - 1); @@ -1368,8 +1372,8 @@ WOLFSSL_MSG("Error base64 decoding S/MIME message."); goto error; } - pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, (int)outLen, - bcontMem, (word32)bcontMemSz); + pkcs7 = wolfSSL_d2i_PKCS7_only(NULL, (const unsigned char**)&out, + (int)outLen, bcontMem, (word32)bcontMemSz); wc_MIME_free_hdrs(allHdrs); XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); @@ -1912,7 +1916,8 @@ DYNAMIC_TYPE_X509); InitX509(x509, 1, heap); InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); - if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) != 0) { + if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) + != 0) { WOLFSSL_MSG("Issue with parsing certificate"); FreeDecodedCert(DeCert); wolfSSL_X509_free(x509); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_sess.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sess.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_sess.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sess.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_sess.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -483,6 +483,38 @@ } +#if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) +static void SessionSanityPointerSet(SessionRow* row) +{ + int j; + + /* Reset pointers to safe values after raw copy */ + for (j = 0; j < SESSIONS_PER_ROW; j++) { + WOLFSSL_SESSION* s = &row->Sessions[j]; +#ifdef HAVE_SESSION_TICKET + s->ticket = s->staticTicket; + s->ticketLenAlloc = 0; + if (s->ticketLen > SESSION_TICKET_LEN) { + s->ticketLen = SESSION_TICKET_LEN; + } +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + s->ticketNonce.data = s->ticketNonce.dataStatic; + if (s->ticketNonce.len > MAX_TICKET_NONCE_STATIC_SZ) { + s->ticketNonce.len = MAX_TICKET_NONCE_STATIC_SZ; + } +#endif +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + s->peer = NULL; +#endif + } +} +#endif + /* Restore the persistent session cache from memory */ int wolfSSL_memrestore_session_cache(const void* mem, int sz) { @@ -522,6 +554,11 @@ #endif XMEMCPY(&SessionCache[i], row++, SIZEOF_SESSION_ROW); + #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) + SessionSanityPointerSet(&SessionCache[i]); + #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK SESSION_ROW_UNLOCK(&SessionCache[i]); #endif @@ -681,6 +718,11 @@ #endif ret = (int)XFREAD(&SessionCache[i], SIZEOF_SESSION_ROW, 1, file); + #if !defined(SESSION_CACHE_DYNAMIC_MEM) && \ + (defined(HAVE_SESSION_TICKET) || \ + (defined(SESSION_CERTS) && defined(OPENSSL_EXTRA))) + SessionSanityPointerSet(&SessionCache[i]); + #endif #ifdef ENABLE_SESSION_CACHE_ROW_LOCK SESSION_ROW_UNLOCK(&SessionCache[i]); #endif @@ -968,7 +1010,8 @@ } /* start from most recently used */ - count = (int)min((word32)ClientCache[row].totalCount, CLIENT_SESSIONS_PER_ROW); + count = (int)min((word32)ClientCache[row].totalCount, + CLIENT_SESSIONS_PER_ROW); idx = ClientCache[row].nextIdx - 1; if (idx < 0 || idx >= CLIENT_SESSIONS_PER_ROW) { /* if back to front, the previous was end */ @@ -997,7 +1040,8 @@ #else current = &sessRow->Sessions[clSess[idx].serverIdx]; #endif - if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) { + if (current && XMEMCMP(current->serverID, id, + (unsigned long)len) == 0) { WOLFSSL_MSG("Found a serverid match for client"); if (LowResTimer() < (current->bornOn + current->timeout)) { WOLFSSL_MSG("Session valid"); @@ -1140,10 +1184,8 @@ XMEMCMP(ssl->sessionCtx, sess->sessionCtx, sess->sessionCtxSz) != 0)) return 0; #endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) if (IsAtLeastTLSv1_3(ssl->version) != IsAtLeastTLSv1_3(sess->version)) return 0; -#endif return 1; } @@ -1265,8 +1307,8 @@ #endif if (output->ticketLenAlloc) XFREE(output->ticket, output->heap, DYNAMIC_TYPE_SESSION_TICK); - output->ticket = tmpTicket; /* cppcheck-suppress autoVariables - */ + /* cppcheck-suppress autoVariables */ + output->ticket = tmpTicket; output->ticketLenAlloc = PREALLOC_SESSION_TICKET_LEN; output->ticketLen = 0; tmpBufSet = 1; @@ -1394,7 +1436,8 @@ output->ticketLen = 0; } if (error == WOLFSSL_SUCCESS) { - XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */ + /* cppcheck-suppress uninitvar */ + XMEMCPY(output->ticket, tmpTicket, output->ticketLen); } } WC_FREE_VAR_EX(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1550,12 +1593,11 @@ ssl->options.resuming = 1; ssl->options.haveEMS = (ssl->session->haveEMS) ? 1 : 0; -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) - ssl->version = ssl->session->version; - if (IsAtLeastTLSv1_3(ssl->version)) - ssl->options.tls1_3 = 1; -#endif + if (ssl->session->version.major != 0) { + ssl->version = ssl->session->version; + if (IsAtLeastTLSv1_3(ssl->version)) + ssl->options.tls1_3 = 1; + } #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) ssl->options.cipherSuite0 = ssl->session->cipherSuite0; @@ -1839,8 +1881,9 @@ if (SESSION_ROW_WR_LOCK(sessRow) != 0) { #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \ + FIPS_VERSION_GE(5,3))) XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); #endif #endif @@ -1879,8 +1922,9 @@ if (cacheSession == NULL) { #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \ + FIPS_VERSION_GE(5,3))) XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); #endif #endif @@ -2028,8 +2072,8 @@ #ifndef NO_CLIENT_CACHE if (ret == 0 && clientCacheEntry != NULL) { - ClientSession* clientCache = AddSessionToClientCache(side, row, (int)idx, - addSession->serverID, addSession->idLen, id, useTicket); + ClientSession* clientCache = AddSessionToClientCache(side, row, + (int)idx, addSession->serverID, addSession->idLen, id, useTicket); if (clientCache != NULL) *clientCacheEntry = clientCache; } @@ -2596,11 +2640,8 @@ for (i = 0; i < sess->chain.count; i++) size += OPAQUE16_LEN + sess->chain.certs[i].length; #endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) /* Protocol version */ size += OPAQUE16_LEN; -#endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) /* cipher suite */ @@ -2676,11 +2717,8 @@ idx += sess->chain.certs[i].length; } #endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) data[idx++] = sess->version.major; data[idx++] = sess->version.minor; -#endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) data[idx++] = sess->cipherSuite0; @@ -2790,6 +2828,10 @@ ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN; ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN; s->sessionIDSz = data[idx++]; + if (s->sessionIDSz > ID_LEN) { + ret = BUFFER_ERROR; + goto end; + } /* sessionID | secret | haveEMS | haveAltSessionID */ if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN + OPAQUE8_LEN) { @@ -2822,12 +2864,20 @@ goto end; } s->chain.count = data[idx++]; + if (s->chain.count > MAX_CHAIN_DEPTH) { + ret = BUFFER_ERROR; + goto end; + } for (j = 0; j < s->chain.count; j++) { if (i - idx < OPAQUE16_LEN) { ret = BUFFER_ERROR; goto end; } ato16(data + idx, &length); idx += OPAQUE16_LEN; + if (length > MAX_X509_SIZE) { + ret = BUFFER_ERROR; + goto end; + } s->chain.certs[j].length = length; if (i - idx < length) { ret = BUFFER_ERROR; @@ -2837,8 +2887,6 @@ idx += length; } #endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) /* Protocol Version */ if (i - idx < OPAQUE16_LEN) { ret = BUFFER_ERROR; @@ -2846,7 +2894,6 @@ } s->version.major = data[idx++]; s->version.minor = data[idx++]; -#endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) /* Cipher suite */ @@ -2864,6 +2911,10 @@ goto end; } ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN; + if (s->idLen > SERVER_ID_LEN) { + ret = BUFFER_ERROR; + goto end; + } /* ServerID */ if (i - idx < s->idLen) { @@ -2879,6 +2930,10 @@ goto end; } s->sessionCtxSz = data[idx++]; + if (s->sessionCtxSz > ID_LEN) { + ret = BUFFER_ERROR; + goto end; + } /* app session context ID */ if (i - idx < s->sessionCtxSz) { @@ -2905,17 +2960,21 @@ #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #ifdef WOLFSSL_TLS13 - if (i - idx < (OPAQUE32_LEN * 2)) { + +#ifdef WOLFSSL_32BIT_MILLI_TIME + if (i - idx < OPAQUE32_LEN) { ret = BUFFER_ERROR; goto end; } -#ifdef WOLFSSL_32BIT_MILLI_TIME ato32(data + idx, &s->ticketSeen); idx += OPAQUE32_LEN; #else + if (i - idx < (OPAQUE32_LEN * 2)) { + ret = BUFFER_ERROR; + goto end; + } { word32 seenHi, seenLo; - ato32(data + idx, &seenHi); idx += OPAQUE32_LEN; ato32(data + idx, &seenLo); @@ -2923,6 +2982,11 @@ s->ticketSeen = ((sword64)seenHi << 32) + seenLo; } #endif + + if (i - idx < OPAQUE32_LEN) { + ret = BUFFER_ERROR; + goto end; + } ato32(data + idx, &s->ticketAdd); idx += OPAQUE32_LEN; if (i - idx < OPAQUE8_LEN) { @@ -3142,10 +3206,8 @@ if (cacheSession && cacheSession->sessionIDSz == ID_LEN && XMEMCMP(id, cacheSession->sessionID, ID_LEN) == 0 && session->side == cacheSession->side - #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && (IsAtLeastTLSv1_3(session->version) == IsAtLeastTLSv1_3(cacheSession->version)) - #endif ) { if (get) { if (getRet) { @@ -3570,10 +3632,7 @@ #ifndef NO_ASN_TIME session->bornOn = LowResTimer(); #endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) session->version = ssl->version; -#endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) session->cipherSuite0 = ssl->options.cipherSuite0; @@ -4088,7 +4147,8 @@ ForceZero(session->sessionID, ID_LEN); if (session->type == WOLFSSL_SESSION_TYPE_HEAP) { - XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); /* // NOLINT(clang-analyzer-unix.Malloc) */ + /* // NOLINTNEXTLINE(clang-analyzer-unix.Malloc) */ + XFREE(session, session->heap, DYNAMIC_TYPE_SESSION); } } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_sk.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/ssl_sk.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/ssl_sk.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl_sk.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -113,24 +113,6 @@ #endif /* !NO_CERT && OPENSSL_EXTRA*/ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* Copy all fields from src into dst. - * - * Shallow copy only. - * - * @param [in, out] dst Node to copy into. - * @param [in] src Node to copy. - */ -static void wolfssl_sk_node_copy(WOLFSSL_STACK* dst, WOLFSSL_STACK* src) -{ - dst->data.generic = src->data.generic; - dst->next = src->next; -#ifdef OPENSSL_ALL - dst->hash_fn = src->hash_fn; - dst->hash = src->hash; -#endif - dst->type = src->type; - dst->num = src->num; -} #ifndef NO_CERTS /* Get data pointer from node. @@ -168,6 +150,8 @@ case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: case STACK_TYPE_X509_CRL: + case STACK_TYPE_X509_REVOKED: + case STACK_TYPE_GENERAL_SUBTREE: default: ret = node->data.generic; break; @@ -187,13 +171,12 @@ { switch (type) { case STACK_TYPE_CIPHER: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) node->data.cipher = *(WOLFSSL_CIPHER*)data; - if (node->hash_fn != NULL) { +#ifdef OPENSSL_ALL + if (node->hash_fn != NULL) node->hash = node->hash_fn(&node->data.cipher); - } - break; #endif + break; case STACK_TYPE_X509: case STACK_TYPE_GEN_NAME: case STACK_TYPE_BIO: @@ -212,6 +195,8 @@ case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: case STACK_TYPE_X509_CRL: + case STACK_TYPE_X509_REVOKED: + case STACK_TYPE_GENERAL_SUBTREE: default: node->data.generic = (void*)data; #ifdef OPENSSL_ALL @@ -257,6 +242,50 @@ return ret; } +/* Pushes the node onto the back of the stack. + * + * If *stack is NULL, node becomes the head. + * + * @param [in, out] stack Stack of nodes. + * @param [in] node Node to append. + * + * @return WOLFSSL_SUCCESS on success + * @return WOLFSSL_FAILURE when stack or node is NULL. + */ +int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* node) +{ + int ret = WOLFSSL_SUCCESS; + + /* Validate parameters. */ + if (stack == NULL || node == NULL) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS) { + node->next = NULL; + /* Tail node has num of 1, indicating 1 node till the end */ + node->num = 1; + + if (*stack == NULL) { + /* First node. */ + *stack = node; + } + else { + /* Walk to the end and append. Each node's num field holds the + * count of nodes from that node to the tail (inclusive), so + * every existing node's num increases by one. */ + WOLFSSL_STACK* cur = *stack; + while (cur->next != NULL) { + cur->num++; + cur = cur->next; + } + cur->num++; + cur->next = node; + } + } + + return ret; +} + /* Removes the node at the index from the stack and returns data. * * This is an internal API. @@ -285,7 +314,7 @@ if (stack->next) { /* Keep the first node as it is the pointer passed in. */ tmp = stack->next; - wolfssl_sk_node_copy(stack, stack->next); + XMEMCPY(stack, stack->next, sizeof(WOLFSSL_STACK)); wolfSSL_sk_free_node(tmp); } } @@ -328,7 +357,12 @@ */ WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type) { - WOLFSSL_STACK* stack = wolfSSL_sk_new_node(NULL); + return wolfssl_sk_new_type_ex(type, NULL); +} + +WOLFSSL_STACK* wolfssl_sk_new_type_ex(WOLF_STACK_TYPE type, void* heap) +{ + WOLFSSL_STACK* stack = wolfSSL_sk_new_node(heap); if (stack != NULL) { stack->type = type; } @@ -402,8 +436,24 @@ break; } break; + case STACK_TYPE_X509_CRL: +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + if (src->data.crl == NULL) { + break; + } + dst->data.crl = wolfSSL_X509_CRL_dup(src->data.crl); + if (dst->data.crl == NULL) { + WOLFSSL_MSG("wolfSSL_X509_CRL_dup error"); + err = 1; + break; + } +#else + WOLFSSL_MSG("CRL support not enabled"); + err = 1; +#endif + break; case STACK_TYPE_X509_OBJ: - #if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) if (src->data.x509_obj == NULL) { break; } @@ -414,8 +464,11 @@ err = 1; break; } +#else + WOLFSSL_MSG("OPENSSL_ALL support not enabled"); + err = 1; +#endif break; - #endif case STACK_TYPE_BIO: case STACK_TYPE_STRING: case STACK_TYPE_ACCESS_DESCRIPTION: @@ -429,7 +482,8 @@ case STACK_TYPE_BY_DIR_entry: case STACK_TYPE_BY_DIR_hash: case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: + case STACK_TYPE_X509_REVOKED: + case STACK_TYPE_GENERAL_SUBTREE: default: WOLFSSL_MSG("Unsupported stack type"); err = 1; @@ -441,7 +495,8 @@ /* Duplicate the stack of nodes. * - * TODO: OpenSSL does a shallow copy but we have wolfSSL_shallow_sk_dup(). + * OpenSSL does a shallow copy but we map to wolfSSL_shallow_sk_dup() + * when we want a shallow copy. * * Data is copied/duplicated - deep copy. * @@ -480,7 +535,7 @@ /* Update last node in linked list. */ last = cur; - wolfssl_sk_node_copy(cur, stack); + XMEMCPY(cur, stack, sizeof(WOLFSSL_STACK)); /* We will allocate new memory for this */ XMEMSET(&cur->data, 0, sizeof(cur->data)); cur->next = NULL; @@ -522,7 +577,7 @@ break; } - wolfssl_sk_node_copy(cur, stack); + XMEMCPY(cur, stack, sizeof(WOLFSSL_STACK)); cur->next = NULL; *prev = cur; @@ -622,6 +677,8 @@ case STACK_TYPE_X509_OBJ: case STACK_TYPE_DIST_POINT: case STACK_TYPE_X509_CRL: + case STACK_TYPE_X509_REVOKED: + case STACK_TYPE_GENERAL_SUBTREE: default: val = sk->data.generic; break; @@ -635,7 +692,7 @@ #if (!defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_WPAS_SMALL))) || defined(WOLFSSL_QT) || \ defined(OPENSSL_ALL) -/* Put the data into a node at the top of the stack. +/* Put the data into a node at the end of the list. * * @param [in, out] stack Stack of objects. * @param [in] data Data to store in stack. @@ -650,7 +707,7 @@ return wolfSSL_sk_insert(stack, data, -1); } -/* Put the data into a node at an index in the stack. +/* Put the data into a node at an index in the list. * * @param [in, out] stack Stack of objects. * @param [in] data Data to store in stack. @@ -689,7 +746,7 @@ if (idx == 0) { /* Special case where we need to change the values in the head * element to avoid changing the initial pointer. */ - wolfssl_sk_node_copy(node, stack); + XMEMCPY(node, stack, sizeof(WOLFSSL_STACK)); wolfssl_sk_node_set_data(stack, stack->type, data); stack->num++; stack->next = node; @@ -806,6 +863,11 @@ case STACK_TYPE_GEN_NAME: func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_NAME_free; break; + case STACK_TYPE_GENERAL_SUBTREE: + #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) + func = (wolfSSL_sk_freefunc)wolfSSL_GENERAL_SUBTREE_free; + #endif + break; case STACK_TYPE_STRING: #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) @@ -868,6 +930,11 @@ func = (wolfSSL_sk_freefunc)wolfSSL_X509_CRL_free; #endif break; + case STACK_TYPE_X509_REVOKED: + #if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) + func = (wolfSSL_sk_freefunc)wolfSSL_X509_REVOKED_free; + #endif + break; case STACK_TYPE_CIPHER: /* Static copy kept in node. */ case STACK_TYPE_NULL: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/tls.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,103 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * TLS Build Options: + * (See tls13.c for TLS 1.3-specific options) + * + * Protocol Control: + * NO_OLD_TLS: Disable TLS 1.0 and 1.1 default: off + * WOLFSSL_ALLOW_TLSV10: Allow TLS 1.0 connections default: off + * WOLFSSL_NO_TLS12: Disable TLS 1.2 default: off + * NO_TLS: Disable TLS entirely (SSL only) default: off + * WOLFSSL_DTLS: Enable DTLS support default: off + * WOLFSSL_DTLS13: Enable DTLS 1.3 support default: off + * WOLFSSL_DTLS_CID: Enable DTLS Connection ID default: off + * WOLFSSL_AEAD_ONLY: Only allow AEAD cipher suites default: off + * NO_WOLFSSL_CLIENT: Disable TLS client functionality default: off + * NO_WOLFSSL_SERVER: Disable TLS server functionality default: off + * WOLFSSL_EITHER_SIDE: Allow same context for client/server default: off + * HAVE_TLS_EXTENSIONS: Enable TLS extension support default: on + * HAVE_SNI: Server Name Indication extension default: off + * WOLFSSL_ALWAYS_KEEP_SNI: Keep SNI after handshake default: off + * HAVE_MAX_FRAGMENT: Max Fragment Length extension default: off + * HAVE_TRUNCATED_HMAC: Truncated HMAC extension default: off + * HAVE_SUPPORTED_CURVES: Supported Curves extension default: on + * HAVE_EXTENDED_MASTER: Extended Master Secret (RFC 7627) default: on + * HAVE_ENCRYPT_THEN_MAC: Encrypt-Then-MAC extension default: on + * HAVE_ALPN: Application-Layer Protocol Negotiation default: off + * HAVE_CERTIFICATE_STATUS_REQUEST: OCSP stapling default: off + * HAVE_CERTIFICATE_STATUS_REQUEST_V2: OCSP stapling v2 default: off + * HAVE_SECURE_RENEGOTIATION: Secure renegotiation support default: off + * HAVE_SERVER_RENEGOTIATION_INFO: Server renegotiation info default: off + * HAVE_SESSION_TICKET: Session ticket support default: off + * HAVE_TRUSTED_CA: Trusted CA Indication extension default: off + * HAVE_RPK: Raw Public Key support (RFC 7250) default: off + * HAVE_ECH: Encrypted Client Hello support default: off + * WOLFSSL_NO_SIGALG: Disable signature algorithms ext default: off + * WOLFSSL_NO_CA_NAMES: Disable CA Names in CertificateReq default: off + * WOLFSSL_NO_SERVER_GROUPS_EXT: Don't send server groups ext default: off + * NO_TLSX_PSKKEM_PLAIN_ANNOUNCE: Disable plain PSK announce default: off + * WOLFSSL_OLD_UNSUPPORTED_EXTENSION: Old unsupported ext handling default: off + * WOLFSSL_ALLOW_SERVER_SC_EXT: Allow server supported curves ext default: off + * + * Pre-Shared Keys: + * NO_PSK: Disable PSK cipher suites default: off + * + * Key Exchange: + * HAVE_FFDHE: Enable Finite Field DH ephemeral default: off + * HAVE_FFDHE_2048: Enable FFDHE 2048-bit group default: off + * HAVE_FFDHE_3072: Enable FFDHE 3072-bit group default: off + * HAVE_FFDHE_4096: Enable FFDHE 4096-bit group default: off + * HAVE_FFDHE_6144: Enable FFDHE 6144-bit group default: off + * HAVE_FFDHE_8192: Enable FFDHE 8192-bit group default: off + * HAVE_PUBLIC_FFDHE: Use public FFDHE parameters only default: off + * WOLFSSL_OLD_PRIME_CHECK: Use old DH prime checking method default: off + * WOLFSSL_STATIC_DH: Enable static DH cipher suites default: off + * WOLFSSL_STATIC_EPHEMERAL: Enable static ephemeral key loading default: off + * + * Post-Quantum: + * WOLFSSL_HAVE_MLKEM: Enable ML-KEM (Kyber) support default: off + * WOLFSSL_WC_MLKEM: Use wolfCrypt ML-KEM implementation default: off + * WOLFSSL_MLKEM_KYBER: Use Kyber round 3 parameters default: off + * WOLFSSL_KYBER512: Enable Kyber/ML-KEM-512 default: off + * WOLFSSL_KYBER768: Enable Kyber/ML-KEM-768 default: off + * WOLFSSL_KYBER1024: Enable Kyber/ML-KEM-1024 default: off + * WOLFSSL_NO_ML_KEM: Disable all ML-KEM support default: off + * WOLFSSL_NO_ML_KEM_512: Disable ML-KEM-512 default: off + * WOLFSSL_NO_ML_KEM_768: Disable ML-KEM-768 default: off + * WOLFSSL_NO_ML_KEM_1024: Disable ML-KEM-1024 default: off + * WOLFSSL_ML_KEM_USE_OLD_IDS: Use old IANA IDs for ML-KEM default: off + * WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ: Store ML-KEM object in ext default: off + * WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY: Store ML-KEM priv key default: off + * WOLFSSL_MLKEM_CACHE_A: Cache ML-KEM A matrix default: off + * WOLFSSL_MLKEM_NO_MAKE_KEY: Disable ML-KEM key generation default: off + * WOLFSSL_MLKEM_NO_ENCAPSULATE: Disable ML-KEM encapsulation default: off + * WOLFSSL_MLKEM_NO_DECAPSULATE: Disable ML-KEM decapsulation default: off + * HAVE_LIBOQS: Use liboqs for PQ algorithms default: off + * + * Curves: + * HAVE_SECRET_CALLBACK: Enable TLS secret callback default: off + * HAVE_PK_CALLBACKS: Enable public key callbacks default: off + * HAVE_FUZZER: Enable fuzzing callback support default: off + * + * Features: + * WOLFSSL_SNIFFER: Enable TLS packet sniffing support default: off + * WOLFSSL_SNIFFER_KEYLOGFILE: Sniffer keylog file support default: off + * WOLFSSL_SSLKEYLOGFILE: Enable SSL key log file output default: off + * WOLFSSL_SRTP: Enable SRTP extension support default: off + * WOLFSSL_DUAL_ALG_CERTS: Enable dual algorithm certificates default: off + * WOLFSSL_HAVE_PRF: Enable TLS PRF function access default: off + * WOLFSSL_DEBUG_TLS: Debug TLS protocol messages default: off + * WOLFSSL_32BIT_MILLI_TIME: 32-bit millisecond time function default: off + * WOLFSSL_REQUIRE_TCA: Require Trusted CA extension default: off + * WOLFSSL_DH_EXTRA: Extra DH key info in SSL object default: off + * WOLFSSL_CURVE25519_BLINDING: Curve25519 blinding in TLS default: off + * HAVE_NULL_CIPHER: Allow NULL cipher suites default: off + * HAVE_WEBSERVER: Enable web server features default: off + * NO_CERTS: Disable certificate processing default: off + */ + #include #ifndef WOLFCRYPT_ONLY @@ -175,7 +272,7 @@ byte handshake_hash[HSHASH_SZ]; #else byte* handshake_hash = NULL; - handshake_hash = XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_DIGEST); + handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, DYNAMIC_TYPE_DIGEST); if (handshake_hash == NULL) return MEMORY_E; #endif @@ -404,7 +501,7 @@ int ret; #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) byte* seed = NULL; - seed = XMALLOC(SEED_LEN, heap, DYNAMIC_TYPE_SEED); + seed = (byte*)XMALLOC(SEED_LEN, heap, DYNAMIC_TYPE_SEED); if (seed == NULL) return MEMORY_E; #else @@ -488,6 +585,14 @@ if (ret == 0) ret = StoreKeys(ssl, key_dig, PROVISION_CLIENT_SERVER); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("DeriveTlsKeys key_dig", key_dig, MAX_PRF_DIG); +#endif + ForceZero(key_dig, MAX_PRF_DIG); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(key_dig, MAX_PRF_DIG); +#endif + WC_FREE_VAR_EX(key_dig, ssl->heap, DYNAMIC_TYPE_DIGEST); return ret; @@ -504,7 +609,7 @@ byte seed[SEED_LEN]; #else byte* seed = NULL; - seed = XMALLOC(SEED_LEN, heap, DYNAMIC_TYPE_SEED); + seed = (byte*)XMALLOC(SEED_LEN, heap, DYNAMIC_TYPE_SEED); if (seed == NULL) return MEMORY_E; #endif @@ -937,6 +1042,9 @@ word32 realLen; byte extraBlock; + if (macLen <= 0 || macLen > (int)sizeof(hmac->innerHash)) + return BAD_FUNC_ARG; + switch (hmac->macType) { #ifndef NO_SHA case WC_SHA: @@ -1061,7 +1169,8 @@ hashBlock[j] = b; } - ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); /* cppcheck-suppress uninitvar */ + /* cppcheck-suppress uninitvar */ + ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); if (ret != 0) return ret; ret = Hmac_HashFinalRaw(hmac, hashBlock); @@ -1079,7 +1188,7 @@ #endif #if defined(WOLFSSL_NO_HASH_RAW) || defined(HAVE_FIPS) || \ - defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2) + defined(HAVE_SELFTEST) || defined(HAVE_BLAKE2B) /* Calculate the HMAC of the header + message data. * Constant time implementation using normal hashing operations. @@ -1140,14 +1249,14 @@ break; #endif /* WOLFSSL_SHA512 */ - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2B case WC_HASH_TYPE_BLAKE2B: blockSz = BLAKE2B_BLOCKBYTES; blockBits = 7; macSz = BLAKE2B_256; padSz = 0; break; - #endif /* HAVE_BLAKE2 */ + #endif /* HAVE_BLAKE2B */ #ifdef WOLFSSL_SM3 case WC_SM3: @@ -1279,6 +1388,7 @@ int ret = 0; const byte* macSecret = NULL; word32 hashSz = 0; + word32 totalSz = 0; if (ssl == NULL) return BAD_FUNC_ARG; @@ -1290,11 +1400,23 @@ hashSz = ssl->specs.hash_size; #endif + /* Pre-compute sz + hashSz + padSz + 1 with overflow checking. + * Used by fuzzer callback and Hmac_UpdateFinal* in the verify path. */ + if (verify && padSz >= 0) { + word32 hmacSz = 0; + if (!WC_SAFE_SUM_WORD32(sz, hashSz, hmacSz) || + !WC_SAFE_SUM_WORD32(hmacSz, (word32)padSz, hmacSz) || + !WC_SAFE_SUM_WORD32(hmacSz, 1, hmacSz)) { + return BUFFER_E; + } + totalSz = hmacSz; + } + #ifdef HAVE_FUZZER /* Fuzz "in" buffer with sz to be used in HMAC algorithm */ if (ssl->fuzzerCb) { if (verify && padSz >= 0) { - ssl->fuzzerCb(ssl, in, sz + hashSz + padSz + 1, FUZZ_HMAC, + ssl->fuzzerCb(ssl, in, totalSz, FUZZ_HMAC, ssl->fuzzerCtx); } else { @@ -1328,22 +1450,21 @@ if (verify && padSz >= 0) { #if !defined(WOLFSSL_NO_HASH_RAW) && !defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST) - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2B if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, - sz + hashSz + (word32)padSz + 1, myInner, innerSz); + totalSz, myInner, innerSz); } else #endif { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, - (sz + hashSz + (word32)padSz + 1), + totalSz, (int)hashSz, myInner, innerSz); } #else - ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + - (word32)(padSz) + 1, + ret = Hmac_UpdateFinal(&hmac, digest, in, totalSz, myInner, innerSz); #endif } @@ -1400,7 +1521,7 @@ return WC_SHA; } #endif - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2B case blake2b_mac: { return BLAKE2B_ID; @@ -1458,7 +1579,7 @@ case TLSX_ECH: /* 0xfe0d */ return 65; #endif -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) case TLSX_CKS: return 66; #endif @@ -1906,7 +2027,7 @@ return BUFFER_ERROR; /* validating length of entries before accepting */ - for (s = input + offset; (s - input) < size; s += wlen) { + for (s = input + offset; (s - input) < length; s += wlen) { wlen = *s++; if (wlen == 0 || (s + wlen - input) > length) return BUFFER_ERROR; @@ -2131,10 +2252,10 @@ } /** Tells the buffered size of the SNI objects in a list. */ -static word16 TLSX_SNI_GetSize(SNI* list) +WOLFSSL_TEST_VIS word16 TLSX_SNI_GetSize(SNI* list) { SNI* sni; - word16 length = OPAQUE16_LEN; /* list length */ + word32 length = OPAQUE16_LEN; /* list length */ while ((sni = list)) { list = sni->next; @@ -2143,12 +2264,16 @@ switch (sni->type) { case WOLFSSL_SNI_HOST_NAME: - length += (word16)XSTRLEN((char*)sni->data.host_name); + length += (word32)XSTRLEN((char*)sni->data.host_name); break; } + + if (length > WOLFSSL_MAX_16BIT) { + return 0; + } } - return length; + return (word16)length; } /** Writes the SNI objects of a list in a buffer. */ @@ -2229,9 +2354,10 @@ byte type; byte matched; #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + TLSX* echX = NULL; WOLFSSL_ECH* ech = NULL; WOLFSSL_EchConfig* workingConfig; - TLSX* echX; + word16 privateNameLen; #endif #endif /* !NO_WOLFSSL_SERVER */ TLSX *extension = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); @@ -2263,7 +2389,22 @@ } #ifndef NO_WOLFSSL_SERVER +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + if (!ssl->options.disableECH) { + echX = TLSX_Find(ssl->extensions, TLSX_ECH); + if (echX != NULL) { + ech = (WOLFSSL_ECH*)(echX->data); + } + } +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + if ((!extension || !extension->data) || + (ech != NULL && ech->sniState == ECH_INNER_SNI && + ech->privateName == NULL)) { +#else if (!extension || !extension->data) { +#endif /* This will keep SNI even though TLSX_UseSNI has not been called. * Enable it so that the received sni is available to functions * that use a custom callback when SNI is received. @@ -2311,24 +2452,54 @@ if (!cacheOnly && !(sni = TLSX_SNI_Find((SNI*)extension->data, type))) return 0; /* not using this type of SNI. */ -#ifdef WOLFSSL_TLS13 +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + if (ech != NULL && ech->sniState == ECH_INNER_SNI){ + /* SNI status is carried over from processing the outer hello so it is + * necessary to clear it before processing the inner hello */ + ech->sniState = ECH_INNER_SNI_ATTEMPT; + if (sni != NULL){ + sni->status = WOLFSSL_SNI_NO_MATCH; + } + } + else if (ech != NULL && ech->sniState == ECH_OUTER_SNI && + ech->privateName == NULL && sni != NULL){ + /* save the private SNI before it is overwritten by the public SNI */ + privateNameLen = (word16)XSTRLEN(sni->data.host_name) + 1; + ech->privateName = (char*)XMALLOC(privateNameLen, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (ech->privateName == NULL) + return MEMORY_E; + XMEMCPY((char*)ech->privateName, sni->data.host_name, + privateNameLen); + } +#endif + +#if defined(WOLFSSL_TLS13) /* Don't process the second ClientHello SNI extension if there * was problems with the first. */ - if (!cacheOnly && sni->status != 0) + if (!cacheOnly && sni != NULL && sni->status != WOLFSSL_SNI_NO_MATCH) return 0; #endif - matched = cacheOnly || (XSTRLEN(sni->data.host_name) == size && - XSTRNCMP(sni->data.host_name, (const char*)input + offset, size) == 0); -#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - echX = TLSX_Find(ssl->extensions, TLSX_ECH); - if (echX != NULL) - ech = (WOLFSSL_ECH*)(echX->data); +#if defined(HAVE_ECH) + if (ech != NULL && ech->sniState == ECH_INNER_SNI_ATTEMPT && + ech->privateName != NULL) { + matched = cacheOnly || (XSTRLEN(ech->privateName) == size && + XSTRNCMP(ech->privateName, (const char*)input + offset, size) == 0); + } + else +#endif + { + const char* hostName = (sni != NULL) ? sni->data.host_name : NULL; + matched = cacheOnly || (hostName != NULL && + XSTRLEN(hostName) == size && + XSTRNCMP(hostName, (const char*)input + offset, size) == 0); + } - if (!matched && ech != NULL) { +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + if (!matched && ech != NULL && ech->sniState == ECH_OUTER_SNI) { workingConfig = ech->echConfig; - while (workingConfig != NULL) { matched = XSTRLEN(workingConfig->publicName) == size && XSTRNCMP(workingConfig->publicName, @@ -2342,10 +2513,12 @@ } #endif - if (matched || sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH) { + if (matched || + (sni != NULL && (sni->options & WOLFSSL_SNI_ANSWER_ON_MISMATCH))) { int matchStat; int r = TLSX_UseSNI(&ssl->extensions, type, input + offset, size, ssl->heap); + if (r != WOLFSSL_SUCCESS) return r; /* throws error. */ @@ -2367,7 +2540,8 @@ if (!cacheOnly) TLSX_SetResponse(ssl, TLSX_SERVER_NAME); } - else if (!(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { + else if ((sni == NULL) || + !(sni->options & WOLFSSL_SNI_CONTINUE_ON_MISMATCH)) { SendAlert(ssl, alert_fatal, unrecognized_name); WOLFSSL_ERROR_VERBOSE(UNKNOWN_SNI_HOST_NAME_E); return UNKNOWN_SNI_HOST_NAME_E; @@ -2845,9 +3019,14 @@ { TCA* tca = list; - while (tca && tca->type != type && type != WOLFSSL_TRUSTED_CA_PRE_AGREED && - idSz != tca->idSz && !XMEMCMP(id, tca->id, idSz)) + while (tca) { + if (type == WOLFSSL_TRUSTED_CA_PRE_AGREED) + break; + if (tca->type == type && idSz == tca->idSz && + XMEMCMP(id, tca->id, idSz) == 0) + break; tca = tca->next; + } return tca; } @@ -3207,7 +3386,7 @@ word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, int idx) { - word16 size = 0; + word32 size = 0; /* shut up compiler warnings */ (void) csr; (void) isRequest; @@ -3228,15 +3407,25 @@ if (csr->ssl != NULL && SSL_CM(csr->ssl) != NULL && SSL_CM(csr->ssl)->ocsp_stapling != NULL && SSL_CM(csr->ssl)->ocsp_stapling->statusCb != NULL) { - return OPAQUE8_LEN + OPAQUE24_LEN + csr->ssl->ocspCsrResp[idx].length; + if (WOLFSSL_MAX_16BIT - OPAQUE8_LEN - OPAQUE24_LEN < + csr->ssl->ocspCsrResp[idx].length) { + return 0; + } + size = OPAQUE8_LEN + OPAQUE24_LEN + + csr->ssl->ocspCsrResp[idx].length; + return (word16)size; } - return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + - csr->responses[idx].length); + if (WOLFSSL_MAX_16BIT - OPAQUE8_LEN - OPAQUE24_LEN < + csr->responses[idx].length) { + return 0; + } + size = OPAQUE8_LEN + OPAQUE24_LEN + csr->responses[idx].length; + return (word16)size; } #else (void)idx; #endif - return size; + return (word16)size; } #if (defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)) @@ -3474,8 +3663,7 @@ word16 size = 0; #endif -#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) \ - && defined(WOLFSSL_TLS13) +#if !defined(NO_WOLFSSL_CLIENT) OcspRequest* request; TLSX* extension; CertificateStatusRequest* csr; @@ -3847,7 +4035,7 @@ static word16 TLSX_CSR2_GetSize(CertificateStatusRequestItemV2* csr2, byte isRequest) { - word16 size = 0; + word32 size = 0; /* shut up compiler warnings */ (void) csr2; (void) isRequest; @@ -3868,11 +4056,15 @@ size += OCSP_NONCE_EXT_SZ; break; } + + if (size > WOLFSSL_MAX_16BIT) { + return 0; + } } } #endif - return size; + return (word16)size; } static int TLSX_CSR2_Write(CertificateStatusRequestItemV2* csr2, @@ -4039,7 +4231,7 @@ return BUFFER_ERROR; ato16(input + offset, &size); - if (length - offset < size) + if (length - offset - OPAQUE16_LEN < size) return BUFFER_ERROR; offset += OPAQUE16_LEN + size; @@ -4370,7 +4562,7 @@ * namedGroup The named group to check. * returns 1 when supported or 0 otherwise. */ -static int TLSX_IsGroupSupported(int namedGroup) +int TLSX_IsGroupSupported(int namedGroup) { switch (namedGroup) { #ifdef HAVE_FFDHE_2048 @@ -4404,6 +4596,7 @@ #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP256R1: + case WOLFSSL_ECC_BRAINPOOLP256R1TLS13: break; #endif #ifdef WOLFSSL_SM2 @@ -4426,6 +4619,7 @@ #endif /* !NO_ECC_SECP */ #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP384R1: + case WOLFSSL_ECC_BRAINPOOLP384R1TLS13: break; #endif #endif @@ -4472,6 +4666,7 @@ #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 #ifdef HAVE_ECC_BRAINPOOL case WOLFSSL_ECC_BRAINPOOLP512R1: + case WOLFSSL_ECC_BRAINPOOLP512R1TLS13: break; #endif #endif @@ -4479,35 +4674,55 @@ #ifndef WOLFSSL_NO_ML_KEM #ifdef WOLFSSL_WC_MLKEM #ifndef WOLFSSL_NO_ML_KEM_512 + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE case WOLFSSL_ML_KEM_512: + break; + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM512: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 case WOLFSSL_X25519MLKEM512: - #endif - #endif + #endif /* HAVE_CURVE25519 */ + break; + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + #endif /* WOLFSSL_NO_ML_KEM_512 */ #ifndef WOLFSSL_NO_ML_KEM_768 + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE case WOLFSSL_ML_KEM_768: - case WOLFSSL_SECP384R1MLKEM768: + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM768: - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 case WOLFSSL_X25519MLKEM768: - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + #endif /* HAVE_CURVE25519 */ + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + case WOLFSSL_SECP384R1MLKEM768: + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 case WOLFSSL_X448MLKEM768: - #endif - #endif + #endif /* HAVE_CURVE448 */ + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ + break; + #endif /* WOLFSSL_NO_ML_KEM_768 */ #ifndef WOLFSSL_NO_ML_KEM_1024 + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE case WOLFSSL_ML_KEM_1024: - case WOLFSSL_SECP521R1MLKEM1024: + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS case WOLFSSL_SECP384R1MLKEM1024: + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + case WOLFSSL_SECP521R1MLKEM1024: + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ break; #endif -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + #if defined(WOLFSSL_ML_KEM_USE_OLD_IDS) && \ + defined (WOLFSSL_EXTRA_PQC_HYBRIDS) case WOLFSSL_P256_ML_KEM_512_OLD: case WOLFSSL_P384_ML_KEM_768_OLD: case WOLFSSL_P521_ML_KEM_1024_OLD: break; -#endif + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS && WOLFSSL_EXTRA_PQC_HYBRIDS */ #elif defined(HAVE_LIBOQS) case WOLFSSL_ML_KEM_512: case WOLFSSL_ML_KEM_768: @@ -5325,9 +5540,33 @@ return ret; } #endif /* HAVE_FFDHE && !WOLFSSL_NO_TLS12 */ - #endif /* !NO_WOLFSSL_SERVER */ +/* Check if the given curve is present in the supported groups extension. + * + * ssl SSL/TLS object. + * name The curve name to check. + * returns 1 if present, 0 otherwise. + */ +int TLSX_SupportedCurve_IsSupported(WOLFSSL* ssl, word16 name) +{ + TLSX* extension; + SupportedCurve* curve; + + extension = TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS); + if (extension == NULL) + return 0; + + curve = (SupportedCurve*)extension->data; + while (curve != NULL) { + if (curve->name == name) + return 1; + curve = curve->next; + } + + return 0; +} + #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_SERVER_GROUPS_EXT) /* Return the preferred group. * @@ -5790,7 +6029,8 @@ heap); if (ret != 0) return ret; -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + #if defined(WOLFSSL_ML_KEM_USE_OLD_IDS) && \ + defined (WOLFSSL_EXTRA_PQC_HYBRIDS) if (name == WOLFSSL_SECP256R1MLKEM512) { ret = TLSX_SupportedCurve_Append((SupportedCurve*)extension->data, WOLFSSL_P256_ML_KEM_512_OLD, heap); @@ -5806,7 +6046,7 @@ if (ret != 0) { return ret; } -#endif + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS && WOLFSSL_EXTRA_PQC_HYBRIDS */ } return WOLFSSL_SUCCESS; @@ -5980,7 +6220,7 @@ input++; /* get past size */ /* validate client verify data */ - if (XMEMCMP(input, + if (ConstantCompare(input, ssl->secure_renegotiation->client_verify_data, TLS_FINISHED_SZ) == 0) { WOLFSSL_MSG("SCR client verify data match"); @@ -6005,15 +6245,16 @@ } else if (*input == 2 * TLS_FINISHED_SZ && length == 2 * TLS_FINISHED_SZ + OPAQUE8_LEN) { + int cmpRes = 0; input++; /* get past size */ - + cmpRes |= ConstantCompare(input, + ssl->secure_renegotiation->client_verify_data, + TLS_FINISHED_SZ); + cmpRes |= ConstantCompare(input + TLS_FINISHED_SZ, + ssl->secure_renegotiation->server_verify_data, + TLS_FINISHED_SZ); /* validate client and server verify data */ - if (XMEMCMP(input, - ssl->secure_renegotiation->client_verify_data, - TLS_FINISHED_SZ) == 0 && - XMEMCMP(input + TLS_FINISHED_SZ, - ssl->secure_renegotiation->server_verify_data, - TLS_FINISHED_SZ) == 0) { + if (cmpRes == 0) { WOLFSSL_MSG("SCR client and server verify data match"); ret = 0; /* verified */ } @@ -6105,24 +6346,6 @@ #ifdef HAVE_SESSION_TICKET -#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT) -static void TLSX_SessionTicket_ValidateRequest(WOLFSSL* ssl) -{ - TLSX* extension = TLSX_Find(ssl->extensions, TLSX_SESSION_TICKET); - SessionTicket* ticket = extension ? - (SessionTicket*)extension->data : NULL; - - if (ticket) { - /* TODO validate ticket timeout here! */ - if (ticket->lifetime == 0xfffffff) { - /* send empty ticket on timeout */ - TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap); - } - } -} -#endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ - - static word16 TLSX_SessionTicket_GetSize(SessionTicket* ticket, int isRequest) { (void)isRequest; @@ -6301,7 +6524,6 @@ return WOLFSSL_SUCCESS; } -#define WOLF_STK_VALIDATE_REQUEST TLSX_SessionTicket_ValidateRequest #define WOLF_STK_GET_SIZE TLSX_SessionTicket_GetSize #define WOLF_STK_WRITE TLSX_SessionTicket_Write #define WOLF_STK_PARSE TLSX_SessionTicket_Parse @@ -6494,6 +6716,7 @@ word16 ids; /* selected bits */ } TlsxSrtp; +#ifndef NO_WOLFSSL_SERVER static int TLSX_UseSRTP_GetSize(TlsxSrtp *srtp) { /* SRTP Profile Len (2) @@ -6501,6 +6724,7 @@ * MKI (master key id) Length */ return (OPAQUE16_LEN + (srtp->profileCount * OPAQUE16_LEN) + 1); } +#endif static TlsxSrtp* TLSX_UseSRTP_New(word16 ids, void* heap) { @@ -6531,6 +6755,7 @@ (void)heap; } +#ifndef NO_WOLFSSL_SERVER static int TLSX_UseSRTP_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { @@ -6538,10 +6763,8 @@ word16 profile_len = 0; word16 profile_value = 0; word16 offset = 0; -#ifndef NO_WOLFSSL_SERVER int i; TlsxSrtp* srtp = NULL; -#endif if (length < OPAQUE16_LEN) { return BUFFER_ERROR; @@ -6553,11 +6776,27 @@ /* total length, not include itself */ ato16(input, &profile_len); offset += OPAQUE16_LEN; + /* Check profile length is not bigger than remaining length. */ + if (profile_len > length - offset) { + return BUFFER_ERROR; + } + /* Protection profiles are 2 bytes long - ensure not an odd no. bytes. */ + if ((profile_len & 1) == 1) { + return BUFFER_ERROR; + } + /* Ignoring srtp_mki field - SRTP Make Key Identifier. + * Defined to be 0..255 bytes long. + */ + if ((length - profile_len - offset) > 255) { + return BUFFER_ERROR; + } if (!isRequest) { #ifndef NO_WOLFSSL_CLIENT - if (length < offset + OPAQUE16_LEN) + /* Only one SRTP Protection Profile can be chosen. */ + if (profile_len != OPAQUE16_LEN) { return BUFFER_ERROR; + } ato16(input + offset, &profile_value); @@ -6569,18 +6808,11 @@ } #endif } -#ifndef NO_WOLFSSL_SERVER else { /* parse remainder one profile at a time, looking for match in CTX */ ret = 0; - for (i=offset; idtlsSrtpProfiles & (1 << profile_value)) { @@ -6612,8 +6844,6 @@ ssl->dtlsSrtpId = 0; TLSX_UseSRTP_Free(srtp, ssl->heap); } -#endif - (void)profile_len; return ret; } @@ -6638,6 +6868,7 @@ return offset; } +#endif static int TLSX_UseSRTP(TLSX** extensions, word16 profiles, void* heap) { @@ -6972,8 +7203,10 @@ int set = 0; /* Must contain a length and at least one version. */ - if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1) + if (length < OPAQUE8_LEN + OPAQUE16_LEN || (length & 1) != 1 + || length > MAX_SV_EXT_LEN) { return BUFFER_ERROR; + } len = *input; @@ -7398,7 +7631,7 @@ return BUFFER_ERROR; while (length) { - word32 idx = 0; + word16 idx = 0; WOLFSSL_X509_NAME* name = NULL; int ret = 0; int didInit = FALSE; @@ -7421,7 +7654,7 @@ ato16(input, &extLen); idx += OPAQUE16_LEN; - if (idx + extLen > length) + if (extLen > length - idx) ret = BUFFER_ERROR; } @@ -7451,7 +7684,7 @@ return ret; input += idx; - length -= (word16)idx; + length -= idx; } return 0; } @@ -7582,12 +7815,11 @@ if (length != OPAQUE16_LEN + len) return BUFFER_ERROR; + /* Truncate hashSigAlgo list if too long. */ + suites->hashSigAlgoSz = len; /* Sig Algo list size must be even. */ if (suites->hashSigAlgoSz % 2 != 0) return BUFFER_ERROR; - - /* truncate hashSigAlgo list if too long */ - suites->hashSigAlgoSz = len; if (suites->hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { WOLFSSL_MSG("TLSX SigAlgo list exceeds max, truncating"); suites->hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; @@ -7970,18 +8202,54 @@ /* Make an Curve25519 key. */ ret = wc_curve25519_init_ex((curve25519_key*)kse->key, ssl->heap, - INVALID_DEVID); + ssl->devId); if (ret == 0) { /* setting "key" means okay to call wc_curve25519_free */ key = (curve25519_key*)kse->key; kse->keyLen = CURVE25519_KEYSIZE; - + } + #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_X25519) + /* Only set non-blocking context when async device is active. With + * INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so + * skip non-blocking setup and use blocking mode instead. */ + if (ret == 0 && ssl->devId != INVALID_DEVID) { + x25519_nb_ctx_t* nb_ctx = (x25519_nb_ctx_t*)XMALLOC( + sizeof(x25519_nb_ctx_t), ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (nb_ctx == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_set_nonblock(key, nb_ctx); + if (ret != 0) { + XFREE(nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + } + } + #endif /* WC_X25519_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && + WC_ASYNC_ENABLE_X25519 */ + if (ret == 0) { #ifdef WOLFSSL_STATIC_EPHEMERAL ret = wolfSSL_StaticEphemeralKeyLoad(ssl, WC_PK_TYPE_CURVE25519, kse->key); - if (ret != 0) + if (ret != 0) /* on failure, fallback to local key generation */ #endif { + #ifdef WOLFSSL_ASYNC_CRYPT + /* initialize event */ + ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, + WC_ASYNC_FLAG_NONE); + if (ret != 0) + return ret; + #endif ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key); + + /* Handle async pending response */ + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + return wolfSSL_AsyncPush(ssl, &key->asyncDev); + } + #endif /* WOLFSSL_ASYNC_CRYPT */ } } } @@ -8018,8 +8286,14 @@ /* Data owned by key share entry otherwise. */ XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; - if (key != NULL) + if (key != NULL) { + #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) + if (key->nb_ctx != NULL) { + XFREE(key->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_curve25519_free(key); + } XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); kse->key = NULL; } @@ -8134,36 +8408,48 @@ word16 curveId = (word16) ECC_CURVE_INVALID; ecc_key* eccKey = (ecc_key*)kse->key; - /* TODO: [TLS13] Get key sizes using wc_ecc_get_curve_size_from_id. */ /* Translate named group to a curve id. */ switch (kse->group) { #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP256R1: curveId = ECC_SECP256R1; - keySize = 32; break; #endif /* !NO_ECC_SECP */ #ifdef WOLFSSL_SM2 case WOLFSSL_ECC_SM2P256V1: curveId = ECC_SM2P256V1; - keySize = 32; break; - #endif /* !NO_ECC_SECP */ + #endif /* !WOLFSSL_SM2 */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP256R1TLS13: + curveId = ECC_BRAINPOOLP256R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP384R1: curveId = ECC_SECP384R1; - keySize = 48; break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP384R1TLS13: + curveId = ECC_BRAINPOOLP384R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ + #endif + #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP512R1TLS13: + curveId = ECC_BRAINPOOLP512R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #ifndef NO_ECC_SECP case WOLFSSL_ECC_SECP521R1: curveId = ECC_SECP521R1; - keySize = 66; break; #endif /* !NO_ECC_SECP */ #endif @@ -8172,6 +8458,15 @@ return BAD_FUNC_ARG; } + { + int size = wc_ecc_get_curve_size_from_id(curveId); + if (size < 0) { + WOLFSSL_ERROR_VERBOSE(size); + return size; + } + keySize = (word32)size; + } + if (kse->key == NULL) { /* Allocate an ECC key to hold private key. */ kse->key = (byte*)XMALLOC(sizeof(ecc_key), ssl->heap, DYNAMIC_TYPE_ECC); @@ -8185,6 +8480,28 @@ /* Initialize an ECC key struct for the ephemeral key */ ret = wc_ecc_init_ex((ecc_key*)kse->key, ssl->heap, ssl->devId); + #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + /* Only set non-blocking context when async device is active. With + * INVALID_DEVID there is no async loop to retry on FP_WOULDBLOCK, so + * skip non-blocking setup and use blocking mode instead. */ + if (ret == 0 && ssl->devId != INVALID_DEVID) { + ecc_nb_ctx_t* eccNbCtx = (ecc_nb_ctx_t*)XMALLOC( + sizeof(ecc_nb_ctx_t), ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (eccNbCtx == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ecc_set_nonblock((ecc_key*)kse->key, eccNbCtx); + if (ret != 0) { + XFREE(eccNbCtx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + } + } + #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && + WC_ASYNC_ENABLE_ECC */ + if (ret == 0) { kse->keyLen = keySize; kse->pubKeyLen = keySize * 2 + 1; @@ -8262,8 +8579,15 @@ /* Cleanup on error, otherwise data owned by key share entry */ XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); kse->pubKey = NULL; - if (eccKey != NULL) + if (eccKey != NULL) { + #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + if (eccKey->nb_ctx != NULL) { + XFREE(eccKey->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_ecc_free(eccKey); + } XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); kse->key = NULL; } @@ -8343,6 +8667,11 @@ } #endif +#if defined(WOLFSSL_NO_ML_KEM_768) && defined(WOLFSSL_NO_ML_KEM_1024) && \ + defined(WOLFSSL_PQC_HYBRIDS) + #error "PQC hybrid combinations require either ML-KEM 768 or ML-KEM 1024" +#endif + /* Structures and objects needed for hybrid key exchanges using both classic * ECDHE and PQC KEM key material. */ typedef struct PqcHybridMapping { @@ -8354,23 +8683,33 @@ static const PqcHybridMapping pqc_hybrid_mapping[] = { #ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_PQC_HYBRIDS + {WOLFSSL_SECP256R1MLKEM768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, + {WOLFSSL_SECP384R1MLKEM1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, +#endif /* WOLFSSL_PQC_HYBRIDS */ +#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS {WOLFSSL_SECP256R1MLKEM512, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, {WOLFSSL_SECP384R1MLKEM768, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, - {WOLFSSL_SECP256R1MLKEM768, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_768, 0}, {WOLFSSL_SECP521R1MLKEM1024, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, - {WOLFSSL_SECP384R1MLKEM1024, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_1024, 0}, #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS {WOLFSSL_P256_ML_KEM_512_OLD, WOLFSSL_ECC_SECP256R1, WOLFSSL_ML_KEM_512, 0}, {WOLFSSL_P384_ML_KEM_768_OLD, WOLFSSL_ECC_SECP384R1, WOLFSSL_ML_KEM_768, 0}, {WOLFSSL_P521_ML_KEM_1024_OLD, WOLFSSL_ECC_SECP521R1, WOLFSSL_ML_KEM_1024, 0}, -#endif +#endif /* WOLFSSL_ML_KEM_USE_OLD_IDS */ +#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #ifdef HAVE_CURVE25519 - {WOLFSSL_X25519MLKEM512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, +#ifdef WOLFSSL_PQC_HYBRIDS {WOLFSSL_X25519MLKEM768, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_768, 1}, -#endif +#endif /* WOLFSSL_PQC_HYBRIDS */ +#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + {WOLFSSL_X25519MLKEM512, WOLFSSL_ECC_X25519, WOLFSSL_ML_KEM_512, 1}, +#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ +#endif /* HAVE_CURVE25519 */ #ifdef HAVE_CURVE448 +#ifdef WOLFSSL_EXTRA_PQC_HYBRIDS {WOLFSSL_X448MLKEM768, WOLFSSL_ECC_X448, WOLFSSL_ML_KEM_768, 1}, -#endif +#endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ +#endif /* HAVE_CURVE448 */ #endif /* WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER {WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_ECC_SECP256R1, WOLFSSL_KYBER_LEVEL1, 0}, @@ -8623,6 +8962,21 @@ /* Generate ECC key share part */ if (ret == 0) { ecc_kse->group = ecc_group; + + #ifdef WOLFSSL_ASYNC_CRYPT + /* Check if the provided kse already contains an ECC key and the + * last error was WC_PENDING_E. In this case, we already tried to + * generate an ECC key. Hence, we have to restore it. */ + if (kse->key != NULL && kse->keyLen > 0 && + kse->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ecc_kse->key = kse->key; + ecc_kse->keyLen = kse->keyLen; + ecc_kse->pubKeyLen = kse->pubKeyLen; + ecc_kse->lastRet = kse->lastRet; + kse->key = NULL; + } + #endif + #ifdef HAVE_CURVE25519 if (ecc_group == WOLFSSL_ECC_X25519) { ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse); @@ -8638,7 +8992,17 @@ { ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); } - /* No error message, TLSX_KeyShare_Gen*Key will do it. */ + + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + /* Store the generated ECC key in the provided kse to later + * restore it.*/ + kse->key = ecc_kse->key; + kse->keyLen = ecc_kse->keyLen; + kse->pubKeyLen = ecc_kse->pubKeyLen; + ecc_kse->key = NULL; + } + #endif } /* Generate PQC key share part */ @@ -8756,6 +9120,13 @@ } else if (current->group == WOLFSSL_ECC_X25519) { #ifdef HAVE_CURVE25519 + #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) + if (current->key != NULL && + ((curve25519_key*)current->key)->nb_ctx != NULL) { + XFREE(((curve25519_key*)current->key)->nb_ctx, heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_curve25519_free((curve25519_key*)current->key); #endif } @@ -8799,6 +9170,15 @@ } else { #ifdef HAVE_ECC + #if defined(WC_ECC_NONBLOCK) && \ + defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + if (current->key != NULL && + ((ecc_key*)current->key)->nb_ctx != NULL) { + XFREE(((ecc_key*)current->key)->nb_ctx, heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_ecc_free((ecc_key*)current->key); #endif } @@ -8806,6 +9186,14 @@ #endif else { #ifdef HAVE_ECC + #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + if (current->key != NULL && + ((ecc_key*)current->key)->nb_ctx != NULL) { + XFREE(((ecc_key*)current->key)->nb_ctx, heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_ecc_free((ecc_key*)current->key); #endif } @@ -9049,67 +9437,113 @@ unsigned char* ssOutput, word32* ssOutSz) { - int ret; + int ret = 0; #ifdef HAVE_CURVE25519 curve25519_key* key = (curve25519_key*)keyShareEntry->key; - curve25519_key* peerX25519Key; -#ifdef HAVE_ECC - if (ssl->peerEccKey != NULL) { - wc_ecc_free(ssl->peerEccKey); - ssl->peerEccKey = NULL; - ssl->peerEccKeyPresent = 0; - } +#ifdef WOLFSSL_ASYNC_CRYPT + if (keyShareEntry->lastRet == 0) /* don't enter here if WC_PENDING_E */ #endif + { + #ifdef HAVE_ECC + if (ssl->peerEccKey != NULL) { + wc_ecc_free(ssl->peerEccKey); + ssl->peerEccKey = NULL; + ssl->peerEccKeyPresent = 0; + } + #endif - peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, - DYNAMIC_TYPE_TLSX); - if (peerX25519Key == NULL) { - WOLFSSL_MSG("PeerEccKey Memory error"); - return MEMORY_ERROR; - } - ret = wc_curve25519_init(peerX25519Key); - if (ret != 0) { - XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); - return ret; - } -#ifdef WOLFSSL_DEBUG_TLS - WOLFSSL_MSG("Peer Curve25519 Key"); - WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); -#endif + ssl->peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), + ssl->heap, DYNAMIC_TYPE_TLSX); + if (ssl->peerX25519Key == NULL) { + WOLFSSL_MSG("PeerX25519Key Memory error"); + return MEMORY_ERROR; + } + ret = wc_curve25519_init(ssl->peerX25519Key); + if (ret != 0) { + XFREE(ssl->peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); + ssl->peerX25519Key = NULL; + return ret; + } + #ifdef WOLFSSL_DEBUG_TLS + WOLFSSL_MSG("Peer Curve25519 Key"); + WOLFSSL_BUFFER(keyShareEntry->ke, keyShareEntry->keLen); + #endif - if (wc_curve25519_check_public(keyShareEntry->ke, keyShareEntry->keLen, + if (wc_curve25519_check_public(keyShareEntry->ke, keyShareEntry->keLen, EC25519_LITTLE_ENDIAN) != 0) { - ret = ECC_PEERKEY_ERROR; - WOLFSSL_ERROR_VERBOSE(ret); - } - - if (ret == 0) { - if (wc_curve25519_import_public_ex(keyShareEntry->ke, - keyShareEntry->keLen, peerX25519Key, - EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); } + + if (ret == 0) { + if (wc_curve25519_import_public_ex(keyShareEntry->ke, + keyShareEntry->keLen, + ssl->peerX25519Key, + EC25519_LITTLE_ENDIAN) != 0) { + ret = ECC_PEERKEY_ERROR; + WOLFSSL_ERROR_VERBOSE(ret); + } + } + + if (ret == 0) { + ssl->ecdhCurveOID = ECC_X25519_OID; + ssl->peerX25519KeyPresent = 1; + } } + if (ret == 0 && key == NULL) + ret = BAD_FUNC_ARG; if (ret == 0) { - ssl->ecdhCurveOID = ECC_X25519_OID; #ifdef WOLFSSL_CURVE25519_BLINDING ret = wc_curve25519_set_rng(key, ssl->rng); } if (ret == 0) { #endif - ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, - ssOutput, ssOutSz, EC25519_LITTLE_ENDIAN); + #ifdef WOLFSSL_ASYNC_CRYPT + if (keyShareEntry->lastRet != WC_NO_ERR_TRACE(WC_PENDING_E)) + #endif + { + #ifdef WOLFSSL_ASYNC_CRYPT + /* initialize event */ + ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret != 0) + return ret; + #endif + ret = wc_curve25519_shared_secret_ex(key, ssl->peerX25519Key, + ssOutput, ssOutSz, EC25519_LITTLE_ENDIAN); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + return wolfSSL_AsyncPush(ssl, &key->asyncDev); + } + #endif + } + /* On CALL_AGAIN re-entry (lastRet == PENDING): the block above + * is skipped entirely, so wc_curve25519_shared_secret_ex is not + * called again. ret stays 0 from initialization, and execution + * falls through to the cleanup code below. */ } - wc_curve25519_free(peerX25519Key); - XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); - wc_curve25519_free((curve25519_key*)keyShareEntry->key); - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->key = NULL; + /* done with key share, release resources */ + if (ssl->peerX25519Key != NULL) { + wc_curve25519_free(ssl->peerX25519Key); + XFREE(ssl->peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); + ssl->peerX25519Key = NULL; + ssl->peerX25519KeyPresent = 0; + } + if (keyShareEntry->key != NULL) { + #if defined(WC_X25519_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) + if (((curve25519_key*)keyShareEntry->key)->nb_ctx != NULL) { + XFREE(((curve25519_key*)keyShareEntry->key)->nb_ctx, ssl->heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + #endif + wc_curve25519_free((curve25519_key*)keyShareEntry->key); + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; + } XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = NULL; #else @@ -9268,7 +9702,12 @@ case WOLFSSL_ECC_SM2P256V1: curveId = ECC_SM2P256V1; break; - #endif + #endif /* WOLFSSL_SM2 */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP256R1TLS13: + curveId = ECC_BRAINPOOLP256R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 #ifndef NO_ECC_SECP @@ -9276,6 +9715,18 @@ curveId = ECC_SECP384R1; break; #endif /* !NO_ECC_SECP */ + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP384R1TLS13: + curveId = ECC_BRAINPOOLP384R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ + #endif + #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + #ifdef HAVE_ECC_BRAINPOOL + case WOLFSSL_ECC_BRAINPOOLP512R1TLS13: + curveId = ECC_BRAINPOOLP512R1; + break; + #endif /* HAVE_ECC_BRAINPOOL */ #endif #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #ifndef NO_ECC_SECP @@ -9330,8 +9781,14 @@ /* Point is validated by import function. */ if (ret == 0) { - ret = wc_ecc_import_x963_ex(keyShareEntry->ke, keyShareEntry->keLen, - ssl->peerEccKey, curveId); +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = wc_ecc_import_x963_ex2(keyShareEntry->ke, + keyShareEntry->keLen, ssl->peerEccKey, curveId, 1); +#else + /* FIPS has validation define on. */ + ret = wc_ecc_import_x963_ex(keyShareEntry->ke, + keyShareEntry->keLen, ssl->peerEccKey, curveId); +#endif if (ret != 0) { ret = ECC_PEERKEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -9367,8 +9824,14 @@ ssl->peerEccKey = NULL; ssl->peerEccKeyPresent = 0; } - if (keyShareEntry->key) { - wc_ecc_free((ecc_key*)keyShareEntry->key); + if (eccKey != NULL) { + #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ + defined(WC_ASYNC_ENABLE_ECC) + if (eccKey->nb_ctx != NULL) { + XFREE(eccKey->nb_ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif + wc_ecc_free(eccKey); XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_ECC); keyShareEntry->key = NULL; } @@ -9487,6 +9950,10 @@ } #endif + if (ret == 0 && keyShareEntry->keLen < ctSz) { + WOLFSSL_MSG("PQC key share data too short for ciphertext."); + ret = BUFFER_E; + } if (ret == 0) { ret = wc_KyberKey_Decapsulate(kem, ssOutput, keyShareEntry->ke, ctSz); @@ -9542,7 +10009,6 @@ KeyShareEntry *ecc_kse = NULL; word32 ctSz = 0; word32 ssSzPqc = 0; - word32 ssSzEcc = 0; if (ssl->options.side == WOLFSSL_SERVER_END) { /* I am the server, the shared secret has already been generated and @@ -9677,6 +10143,9 @@ XMEMCPY(ecc_kse->ke, keyShareEntry->ke + offset, ecc_kse->keLen); } + #ifdef WOLFSSL_ASYNC_CRYPT + ecc_kse->lastRet = keyShareEntry->lastRet; + #endif } /* Process ECDH key share part. The generated shared secret is directly @@ -9686,36 +10155,47 @@ if (ret == 0) { int offset = 0; - /* Set the ECC size variable to the initial buffer size */ - ssSzEcc = ssl->arrays->preMasterSz; - if (pqc_first) offset = ssSzPqc; #ifdef HAVE_CURVE25519 if (ecc_group == WOLFSSL_ECC_X25519) { ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + offset, &ssSzEcc); + ssl->arrays->preMasterSecret + offset, + &ssl->arrays->preMasterSz); } else #endif #ifdef HAVE_CURVE448 if (ecc_group == WOLFSSL_ECC_X448) { ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + offset, &ssSzEcc); + ssl->arrays->preMasterSecret + offset, + &ssl->arrays->preMasterSz); } else #endif { ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + offset, &ssSzEcc); + ssl->arrays->preMasterSecret + offset, + &ssl->arrays->preMasterSz); } + + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + keyShareEntry->lastRet = WC_PENDING_E; + /* Prevent freeing of the ECC and ML-KEM private keys */ + ecc_kse->key = NULL; + pqc_kse->privKey = NULL; + } + #endif } if (ret == 0) { keyShareEntry->key = ecc_kse->key; + ecc_kse->key = NULL; - if ((ret == 0) && ((ssSzEcc + ssSzPqc) > ENCRYPT_LEN)) { + if ((ret == 0) && + ((ssl->arrays->preMasterSz + ssSzPqc) > ENCRYPT_LEN)) { WOLFSSL_MSG("shared secret is too long."); ret = LENGTH_ERROR; } @@ -9724,7 +10204,7 @@ /* Process PQC KEM key share part. Depending on the pqc_first flag, the * KEM shared secret part goes before or after the ECDH part. */ if (ret == 0) { - int offset = ssSzEcc; + int offset = ssl->arrays->preMasterSz; if (pqc_first) offset = 0; @@ -9736,7 +10216,29 @@ if (ret == 0) { keyShareEntry->privKey = (byte*)pqc_kse->key; - ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; + ssl->arrays->preMasterSz += ssSzPqc; + } + else +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) +#endif + { + /* Clear the pre master secret buffer to prevent leaking any + * intermediate keys in the error case. Do not use preMasterSz + * here as it may already been set to the ECC shared secret size, + * which would be too small due to the PQC offset case. */ + ForceZero(ssl->arrays->preMasterSecret, ENCRYPT_LEN); + + /* Prevent FreeAll from freeing pointers owned by keyShareEntry. */ + if (ecc_kse != NULL) + ecc_kse->key = NULL; + if (pqc_kse != NULL) { + #ifndef WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ + pqc_kse->privKey = NULL; + #else + pqc_kse->key = NULL; + #endif + } } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); @@ -9825,7 +10327,7 @@ ato16(&input[offset], &keLen); offset += OPAQUE16_LEN; if (keLen == 0) - return INVALID_PARAMETER; + return BUFFER_ERROR; if (keLen > length - offset) return BUFFER_ERROR; @@ -9842,10 +10344,12 @@ *seenGroupsCnt = i + 1; } -#ifdef WOLFSSL_HAVE_MLKEM - if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) || - WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) && - ssl->options.side == WOLFSSL_SERVER_END) { +#if defined(WOLFSSL_HAVE_MLKEM) + if ((WOLFSSL_NAMED_GROUP_IS_PQC(group) + #if !defined(WOLFSSL_ASYNC_CRYPT) + || WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group) + #endif + ) && ssl->options.side == WOLFSSL_SERVER_END) { /* When handling a key share containing a KEM public key on the server * end, we have to perform the encapsulation immediately in order to * send the resulting ciphertext back to the client in the ServerHello @@ -9853,7 +10357,12 @@ * don't have to create a copy of it. * In case of a hybrid key exchange, the ECDH part is also performed * immediately (to not split the generation of the master secret). - * Hence, we also don't have to store this public key either. */ + * Hence, we also don't have to store this public key either. + * + * When WOLFSSL_ASYNC_CRYPT is enabled, this handling is not possible + * for the hybrid case, as the ECC part is performed asynchronously, + * requiring the key share data to be stored. + */ ke = (byte *)&input[offset]; } else #endif @@ -9963,10 +10472,13 @@ if (length < OPAQUE16_LEN) return BUFFER_ERROR; - /* ClientHello contains zero or more key share entries. */ + /* ClientHello contains zero or more key share entries. Limits extension + * length to 2^16-1 and subtracting 4 bytes for header size per RFC 8446 */ ato16(input, &len); - if (len != length - OPAQUE16_LEN) + if ((len != length - OPAQUE16_LEN) || + length > (MAX_EXT_DATA_LEN - HELLO_EXT_SZ)) { return BUFFER_ERROR; + } offset += OPAQUE16_LEN; while (offset < (int)length) { @@ -10008,6 +10520,8 @@ if (length < OPAQUE16_LEN) return BUFFER_ERROR; + ssl->options.shSentKeyShare = 1; + /* The data is the named group the server wants to use. */ ato16(input, &group); @@ -10225,6 +10739,7 @@ keyShareEntry->ke = NULL; keyShareEntry->keLen = 0; + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->pubKey = ciphertext; keyShareEntry->pubKeyLen = ctSz; ciphertext = NULL; @@ -10242,7 +10757,7 @@ return ret; } -static int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, +int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, KeyShareEntry* keyShareEntry, byte* data, word16 len) { /* I am the server. The data parameter is the concatenation of the client's @@ -10262,7 +10777,6 @@ word32 pubSz = 0; word32 ctSz = 0; word32 ssSzPqc = 0; - word32 ssSzEcc = 0; if (data == NULL) { WOLFSSL_MSG("No hybrid key share data from the client."); @@ -10286,14 +10800,17 @@ ret = MEMORY_ERROR; } } + if (ret == 0) { + XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); + ecc_kse->group = ecc_group; + XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); + pqc_kse->group = pqc_group; + } /* The ciphertext and shared secret sizes of a KEM are fixed. Hence, we * decode these sizes to properly concatenate the KEM ciphertext with the * ECDH public key. */ if (ret == 0) { - XMEMSET(pqc_kse, 0, sizeof(*pqc_kse)); - pqc_kse->group = pqc_group; - /* Allocate a Kyber key to hold private key. */ pqc_kse->key = (KyberKey*) XMALLOC(sizeof(KyberKey), ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -10329,10 +10846,26 @@ } } +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret == 0) { + /* Check if the provided kse already contains ECC data and the + * last error was WC_PENDING_E. In this case, we already tried to + * process ECC kse data. Hence, we have to restore it. */ + if (keyShareEntry->key != NULL && keyShareEntry->keyLen > 0 && + keyShareEntry->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ecc_kse->key = keyShareEntry->key; + ecc_kse->keyLen = keyShareEntry->keyLen; + ecc_kse->pubKey = keyShareEntry->pubKey; + ecc_kse->pubKeyLen = keyShareEntry->pubKeyLen; + ecc_kse->lastRet = keyShareEntry->lastRet; + keyShareEntry->key = NULL; + keyShareEntry->pubKey = NULL; + } + } +#endif + /* Generate the ECDH key share part to be sent to the client */ - if (ret == 0 && ecc_group != 0) { - XMEMSET(ecc_kse, 0, sizeof(*ecc_kse)); - ecc_kse->group = ecc_group; + if (ret == 0 && ecc_group != 0 && ecc_kse->pubKey == NULL) { #ifdef HAVE_CURVE25519 if (ecc_group == WOLFSSL_ECC_X25519) { ret = TLSX_KeyShare_GenX25519Key(ssl, ecc_kse); @@ -10348,7 +10881,22 @@ { ret = TLSX_KeyShare_GenEccKey(ssl, ecc_kse); } - /* No error message, TLSX_KeyShare_GenKey will do it. */ + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + /* Store the generated ECC key in the provided kse to later + * restore it.*/ + keyShareEntry->key = ecc_kse->key; + keyShareEntry->keyLen = ecc_kse->keyLen; + keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen; + keyShareEntry->lastRet = WC_PENDING_E; + ecc_kse->key = NULL; + } + else if (ret == 0 && + keyShareEntry->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { + keyShareEntry->lastRet = 0; + ecc_kse->lastRet = 0; + } + #endif } if (ret == 0 && len != pubSz + ecc_kse->pubKeyLen) { @@ -10384,9 +10932,6 @@ int pubOffset = 0; int ssOffset = 0; - /* Set the ECC size variable to the initial buffer size */ - ssSzEcc = ssl->arrays->preMasterSz; - if (pqc_first) { pubOffset = pubSz; ssOffset = ssSzPqc; @@ -10397,31 +10942,44 @@ #ifdef HAVE_CURVE25519 if (ecc_group == WOLFSSL_ECC_X25519) { ret = TLSX_KeyShare_ProcessX25519_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + ssl->arrays->preMasterSecret + ssOffset, + &ssl->arrays->preMasterSz); } else #endif #ifdef HAVE_CURVE448 if (ecc_group == WOLFSSL_ECC_X448) { ret = TLSX_KeyShare_ProcessX448_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + ssl->arrays->preMasterSecret + ssOffset, + &ssl->arrays->preMasterSz); } else #endif { ret = TLSX_KeyShare_ProcessEcc_ex(ssl, ecc_kse, - ssl->arrays->preMasterSecret + ssOffset, &ssSzEcc); + ssl->arrays->preMasterSecret + ssOffset, + &ssl->arrays->preMasterSz); } } if (ret == 0) { - if (ssSzEcc != ecc_kse->keyLen) { + if (ssl->arrays->preMasterSz != ecc_kse->keyLen) { WOLFSSL_MSG("Data length mismatch."); ret = BAD_FUNC_ARG; } } + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + keyShareEntry->lastRet = WC_PENDING_E; + keyShareEntry->key = ecc_kse->key; + keyShareEntry->pubKey = ecc_kse->pubKey; + keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen; + ecc_kse->key = NULL; + ecc_kse->pubKey = NULL; + } + #endif } - if (ret == 0 && ssSzEcc + ssSzPqc > ENCRYPT_LEN) { + if (ret == 0 && ssl->arrays->preMasterSz + ssSzPqc > ENCRYPT_LEN) { WOLFSSL_MSG("shared secret is too long."); ret = LENGTH_ERROR; } @@ -10430,7 +10988,7 @@ * KEM shared secret part goes before or after the ECDH part. */ if (ret == 0) { int input_offset = ecc_kse->keLen; - int output_offset = ssSzEcc; + int output_offset = ssl->arrays->preMasterSz; if (pqc_first) { input_offset = 0; @@ -10445,7 +11003,7 @@ if (ret == 0) { XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - ssl->arrays->preMasterSz = ssSzEcc + ssSzPqc; + ssl->arrays->preMasterSz += ssSzPqc; keyShareEntry->ke = NULL; keyShareEntry->keLen = 0; @@ -10461,6 +11019,7 @@ XMEMCPY(ciphertext + ecc_kse->pubKeyLen, pqc_kse->pubKey, ctSz); } + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->pubKey = ciphertext; keyShareEntry->pubKeyLen = ecc_kse->pubKeyLen + ctSz; ciphertext = NULL; @@ -10469,6 +11028,17 @@ * the server side. */ ssl->namedGroup = keyShareEntry->group; } + else +#ifdef WOLFSSL_ASYNC_CRYPT + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) +#endif + { + /* Clear the pre master secret buffer to prevent leaking any + * intermediate keys in the error case. Do not use preMasterSz + * here as it may already been set to the ECC shared secret size, + * which would be too small due to the PQC offset case. */ + ForceZero(ssl->arrays->preMasterSecret, ENCRYPT_LEN); + } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); TLSX_KeyShare_FreeAll(pqc_kse, ssl->heap); @@ -10510,7 +11080,8 @@ /* Try to find the key share entry with this group. */ keyShareEntry = (KeyShareEntry*)extension->data; while (keyShareEntry != NULL) { -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + #if defined(WOLFSSL_ML_KEM_USE_OLD_IDS) && \ + defined (WOLFSSL_EXTRA_PQC_HYBRIDS) if ((group == WOLFSSL_P256_ML_KEM_512_OLD && keyShareEntry->group == WOLFSSL_SECP256R1MLKEM512) || (group == WOLFSSL_P384_ML_KEM_768_OLD && @@ -10521,7 +11092,7 @@ break; } else -#endif + #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS && WOLFSSL_EXTRA_PQC_HYBRIDS */ if (keyShareEntry->group == group) break; keyShareEntry = keyShareEntry->next; @@ -10539,24 +11110,41 @@ #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) if (ssl->options.side == WOLFSSL_SERVER_END && WOLFSSL_NAMED_GROUP_IS_PQC(group)) { - ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len, - ssl->arrays->preMasterSecret, - &ssl->arrays->preMasterSz); - if (ret != 0) - return ret; + if (TLSX_IsGroupSupported(group)) { + ret = TLSX_KeyShare_HandlePqcKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len, + ssl->arrays->preMasterSecret, + &ssl->arrays->preMasterSz); + if (ret != 0) + return ret; + } + else { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + } } - else if (ssl->options.side == WOLFSSL_SERVER_END && + else +#if !defined(WOLFSSL_ASYNC_CRYPT) + if (ssl->options.side == WOLFSSL_SERVER_END && WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(group)) { - ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, - keyShareEntry, - data, len); - if (ret != 0) - return ret; + if (TLSX_IsGroupSupported(group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer((WOLFSSL*)ssl, + keyShareEntry, + data, len); + if (ret != 0) + return ret; + } + else { + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->ke = NULL; + keyShareEntry->keLen = 0; + } } else #endif +#endif if (data != NULL) { XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = data; @@ -10603,94 +11191,106 @@ } static const word16 preferredGroup[] = { + /* Sort by strength, but prefer non-experimental PQ/T hybrid groups */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_NO_ML_KEM) && \ + defined(WOLFSSL_PQC_HYBRIDS) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ + ECC_MIN_KEY_SZ <= 256 + WOLFSSL_X25519MLKEM768, + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 + WOLFSSL_SECP384R1MLKEM1024, + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256 + WOLFSSL_SECP256R1MLKEM768, + #endif +#endif /* WOLFSSL_HAVE_MLKEM && !WOLFSSL_NO_ML_KEM && WOLFSSL_PQC_HYBRIDS */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_NO_ML_KEM) && \ + !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_1024, +#endif +#if defined(HAVE_ECC) && (!defined(NO_ECC521) || \ + defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 + WOLFSSL_ECC_SECP521R1, +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC512) && \ + defined(HAVE_ECC_BRAINPOOL) && ECC_MIN_KEY_SZ <= 512 + WOLFSSL_ECC_BRAINPOOLP512R1TLS13, +#endif +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_NO_ML_KEM) && \ + !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_768, +#endif +#if defined(HAVE_ECC) && (!defined(NO_ECC384) || \ + defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 384 + WOLFSSL_ECC_SECP384R1, +#if defined(HAVE_ECC_BRAINPOOL) + WOLFSSL_ECC_BRAINPOOLP384R1TLS13, +#endif +#endif +#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + WOLFSSL_ECC_X448, +#endif +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_NO_ML_KEM) && \ + !defined(WOLFSSL_NO_ML_KEM_512) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_512, +#endif #if defined(HAVE_ECC) && (!defined(NO_ECC256) || \ defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 256 WOLFSSL_ECC_SECP256R1, #if !defined(HAVE_FIPS) && defined(WOLFSSL_SM2) WOLFSSL_ECC_SM2P256V1, #endif +#if defined(HAVE_ECC_BRAINPOOL) + WOLFSSL_ECC_BRAINPOOLP256R1TLS13, +#endif #endif #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 WOLFSSL_ECC_X25519, #endif -#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_ECC_X448, -#endif -#if defined(HAVE_ECC) && (!defined(NO_ECC384) || \ - defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 384 - WOLFSSL_ECC_SECP384R1, -#endif -#if defined(HAVE_ECC) && (!defined(NO_ECC521) || \ - defined(HAVE_ALL_CURVES)) && !defined(NO_ECC_SECP) && ECC_MIN_KEY_SZ <= 521 - WOLFSSL_ECC_SECP521R1, -#endif -#if defined(HAVE_FFDHE_2048) - WOLFSSL_FFDHE_2048, +#if defined(HAVE_FFDHE_8192) + WOLFSSL_FFDHE_8192, #endif -#if defined(HAVE_FFDHE_3072) - WOLFSSL_FFDHE_3072, +#if defined(HAVE_FFDHE_6144) + WOLFSSL_FFDHE_6144, #endif #if defined(HAVE_FFDHE_4096) WOLFSSL_FFDHE_4096, #endif -#if defined(HAVE_FFDHE_6144) - WOLFSSL_FFDHE_6144, +#if defined(HAVE_FFDHE_3072) + WOLFSSL_FFDHE_3072, #endif -#if defined(HAVE_FFDHE_8192) - WOLFSSL_FFDHE_8192, +#if defined(HAVE_FFDHE_2048) + WOLFSSL_FFDHE_2048, #endif #ifndef WOLFSSL_NO_ML_KEM -#ifdef WOLFSSL_WC_MLKEM - #ifndef WOLFSSL_NO_ML_KEM_512 - WOLFSSL_ML_KEM_512, - WOLFSSL_SECP256R1MLKEM512, - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519MLKEM512, - #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) + WOLFSSL_SECP521R1MLKEM1024, #endif - #ifndef WOLFSSL_NO_ML_KEM_768 - WOLFSSL_ML_KEM_768, + #if !defined(WOLFSSL_NO_ML_KEM_768) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) WOLFSSL_SECP384R1MLKEM768, - WOLFSSL_SECP256R1MLKEM768, - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519MLKEM768, - #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 WOLFSSL_X448MLKEM768, + #endif /* HAVE_CURVE448 */ #endif - #endif - #ifndef WOLFSSL_NO_ML_KEM_1024 - WOLFSSL_ML_KEM_1024, - WOLFSSL_SECP521R1MLKEM1024, - WOLFSSL_SECP384R1MLKEM1024, - #endif -#elif defined(HAVE_LIBOQS) - /* These require a runtime call to TLSX_IsGroupSupported to use */ - WOLFSSL_ML_KEM_512, - WOLFSSL_ML_KEM_768, - WOLFSSL_ML_KEM_1024, + #if !defined(WOLFSSL_NO_ML_KEM_512) && \ + defined(WOLFSSL_EXTRA_PQC_HYBRIDS) WOLFSSL_SECP256R1MLKEM512, - WOLFSSL_SECP384R1MLKEM768, - WOLFSSL_SECP256R1MLKEM768, - WOLFSSL_SECP521R1MLKEM1024, - WOLFSSL_SECP384R1MLKEM1024, #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 WOLFSSL_X25519MLKEM512, - WOLFSSL_X25519MLKEM768, - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_X448MLKEM768, + #endif /* HAVE_CURVE25519 */ #endif -#endif #endif /* !WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER -#ifdef WOLFSSL_WC_MLKEM - #ifdef WOLFSSL_KYBER512 - WOLFSSL_KYBER_LEVEL1, - WOLFSSL_P256_KYBER_LEVEL1, - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - WOLFSSL_X25519_KYBER_LEVEL1, - #endif + #ifdef WOLFSSL_KYBER1024 + WOLFSSL_KYBER_LEVEL5, + WOLFSSL_P521_KYBER_LEVEL5, #endif #ifdef WOLFSSL_KYBER768 WOLFSSL_KYBER_LEVEL3, @@ -10703,27 +11303,13 @@ WOLFSSL_X448_KYBER_LEVEL3, #endif #endif - #ifdef WOLFSSL_KYBER1024 - WOLFSSL_KYBER_LEVEL5, - WOLFSSL_P521_KYBER_LEVEL5, - #endif -#elif defined(HAVE_LIBOQS) - /* These require a runtime call to TLSX_IsGroupSupported to use */ + #ifdef WOLFSSL_KYBER512 WOLFSSL_KYBER_LEVEL1, - WOLFSSL_KYBER_LEVEL3, - WOLFSSL_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1, - WOLFSSL_P384_KYBER_LEVEL3, - WOLFSSL_P256_KYBER_LEVEL3, - WOLFSSL_P521_KYBER_LEVEL5, #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 WOLFSSL_X25519_KYBER_LEVEL1, - WOLFSSL_X25519_KYBER_LEVEL3, #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - WOLFSSL_X448_KYBER_LEVEL3, #endif -#endif #endif /* WOLFSSL_MLKEM_KYBER */ WOLFSSL_NAMED_GROUP_INVALID }; @@ -10760,7 +11346,8 @@ #endif for (i = 0; i < numGroups; i++) { -#ifdef WOLFSSL_ML_KEM_USE_OLD_IDS +#if defined(WOLFSSL_ML_KEM_USE_OLD_IDS) && \ + defined (WOLFSSL_EXTRA_PQC_HYBRIDS) if ((group == WOLFSSL_P256_ML_KEM_512_OLD && groups[i] == WOLFSSL_SECP256R1MLKEM512) || (group == WOLFSSL_P384_ML_KEM_768_OLD && @@ -11140,8 +11727,11 @@ if (clientKSE->key == NULL) { #ifdef WOLFSSL_HAVE_MLKEM - if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) || - WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) { + if (WOLFSSL_NAMED_GROUP_IS_PQC(clientKSE->group) + #if !defined(WOLFSSL_ASYNC_CRYPT) + || WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group) + #endif + ) { /* Going to need the public key (AKA ciphertext). */ serverKSE->pubKey = clientKSE->pubKey; clientKSE->pubKey = NULL; @@ -11149,6 +11739,13 @@ clientKSE->pubKeyLen = 0; } else + #if defined(WOLFSSL_ASYNC_CRYPT) + if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(clientKSE->group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer(ssl, serverKSE, + clientKSE->ke, clientKSE->keLen); + } + else + #endif #endif { ret = TLSX_KeyShare_GenKey(ssl, serverKSE); @@ -11593,7 +12190,7 @@ /* Find the list of identities sent to server. */ extension = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (extension == NULL) - return PSK_KEY_ERROR; + return INCOMPLETE_DATA; list = (PreSharedKey*)extension->data; /* Mark the identity as chosen. */ @@ -11605,7 +12202,6 @@ } list->chosen = 1; - #ifdef HAVE_SESSION_TICKET if (list->resumption) { /* Check that the session's details are the same as the server's. */ if (ssl->options.cipherSuite0 != ssl->session->cipherSuite0 || @@ -11616,7 +12212,6 @@ return PSK_KEY_ERROR; } } - #endif return 0; } @@ -12932,23 +13527,10 @@ /* configId */ ech->configId = echConfig->configId; /* encLen */ - switch (echConfig->kemId) - { - case DHKEM_P256_HKDF_SHA256: - ech->encLen = DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - ech->encLen = DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - ech->encLen = DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - ech->encLen = DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - ech->encLen = DHKEM_X448_ENC_LEN; - break; + ech->encLen = wc_HpkeKemGetEncLen(echConfig->kemId); + if (ech->encLen == 0) { + XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); + return BAD_FUNC_ARG; } /* setup hpke */ ech->hpke = (Hpke*)XMALLOC(sizeof(Hpke), heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -12961,8 +13543,13 @@ /* setup the ephemeralKey */ if (ret == 0) ret = wc_HpkeGenerateKeyPair(ech->hpke, &ech->ephemeralKey, rng); - if (ret == 0) + if (ret == 0) { ret = TLSX_Push(extensions, TLSX_ECH, ech, heap); + if (ret != 0) { + wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, + ech->hpke->heap); + } + } if (ret != 0) { XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -13008,20 +13595,28 @@ word32 configsLen = 0; void* ephemeralKey = NULL; byte* writeBuf_p = writeBuf; -#ifdef WOLFSSL_SMALL_STACK - Hpke* hpke = NULL; - WC_RNG* rng = NULL; -#else - Hpke hpke[1]; - WC_RNG rng[1]; -#endif + WC_DECLARE_VAR(hpke, Hpke, 1, DYNAMIC_TYPE_TMP_BUFFER); + WC_DECLARE_VAR(rng, WC_RNG, 1, DYNAMIC_TYPE_RNG); + WOLFSSL_MSG("TLSX_ECH_Write"); if (msgType == hello_retry_request) { - /* reserve space to write the confirmation to */ - *offset += ECH_ACCEPT_CONFIRMATION_SZ; - /* set confBuf */ - ech->confBuf = writeBuf; - return 0; + WC_ALLOC_VAR_EX(rng, WC_RNG, 1, NULL, DYNAMIC_TYPE_RNG, ret = MEMORY_E); + if (ret == 0) { + ret = wc_InitRng(rng); + } + if (ret == 0) { + /* randomize confirmation in case ech is rejected */ + ret = wc_RNG_GenerateBlock(rng, writeBuf, + ECH_ACCEPT_CONFIRMATION_SZ); + wc_FreeRng(rng); + } + if (ret == 0) { + *offset += ECH_ACCEPT_CONFIRMATION_SZ; + ech->confBuf = writeBuf; + } + + WC_FREE_VAR_EX(rng, NULL, DYNAMIC_TYPE_RNG); + return ret; } if (ech->state == ECH_WRITE_NONE || ech->state == ECH_PARSED_INTERNAL) return 0; @@ -13060,19 +13655,13 @@ } writeBuf_p += 2; if (ech->state == ECH_WRITE_GREASE) { -#ifdef WOLFSSL_SMALL_STACK - hpke = (Hpke*)XMALLOC(sizeof(Hpke), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hpke == NULL) - return MEMORY_E; - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (rng == NULL) { - XFREE(hpke, NULL, DYNAMIC_TYPE_RNG); - return MEMORY_E; - } -#endif + WC_ALLOC_VAR_EX(hpke, Hpke, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, ret = MEMORY_E); + WC_ALLOC_VAR_EX(rng, WC_RNG, 1, NULL, DYNAMIC_TYPE_RNG, ret = MEMORY_E); /* hpke init */ - ret = wc_HpkeInit(hpke, ech->kemId, ech->cipherSuite.kdfId, - ech->cipherSuite.aeadId, NULL); + if (ret == 0) { + ret = wc_HpkeInit(hpke, ech->kemId, ech->cipherSuite.kdfId, + ech->cipherSuite.aeadId, NULL); + } if (ret == 0) rngRet = ret = wc_InitRng(rng); /* create the ephemeralKey */ @@ -13169,6 +13758,417 @@ return (int)size; } +/* rough check that inner hello fields do not exceed length of decrypted + * information. Additionally, this function will check that all padding bytes + * are zero and decrease the innerHelloLen accordingly if so. + * returns 0 on success and otherwise failure */ +static int TLSX_ECH_CheckInnerPadding(WOLFSSL* ssl, WOLFSSL_ECH* ech) +{ + int headerSz; + const byte* innerCh; + word32 innerChLen; + word32 idx; + byte sessionIdLen; + word16 cipherSuitesLen; + byte compressionLen; + word16 extLen; + byte acc = 0; + word32 i; + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + innerCh = ech->innerClientHello + headerSz; + innerChLen = ech->innerClientHelloLen; + + idx = OPAQUE16_LEN + RAN_LEN; + if (idx >= innerChLen) + return BUFFER_ERROR; + + sessionIdLen = innerCh[idx++]; + /* innerHello sessionID must initially be empty */ + if (sessionIdLen != 0) + return INVALID_PARAMETER; + idx += sessionIdLen; + if (idx + OPAQUE16_LEN > innerChLen) + return BUFFER_ERROR; + + ato16(innerCh + idx, &cipherSuitesLen); + idx += OPAQUE16_LEN + cipherSuitesLen; + if (idx >= innerChLen) + return BUFFER_ERROR; + + compressionLen = innerCh[idx++]; + idx += compressionLen; + if (idx + OPAQUE16_LEN > innerChLen) + return BUFFER_ERROR; + + ato16(innerCh + idx, &extLen); + idx += OPAQUE16_LEN + extLen; + if (idx > innerChLen) + return BUFFER_ERROR; + + /* should now be at the end of the innerHello + * Per ECH spec all padding bytes MUST be 0 */ + for (i = idx; i < innerChLen; i++) { + acc |= innerCh[i]; + } + if (acc != 0) { + SendAlert(ssl, alert_fatal, illegal_parameter); + return INVALID_PARAMETER; + } + + ech->innerClientHelloLen -= i - idx; + return 0; +} + +/* Locate the given extension type, use the extOffset to start off after where a + * previous call to this function ended + * + * outerCh The outer ClientHello buffer. + * chLen Outer ClientHello length. + * extType Extension type to look for. + * extLen Out parameter, length of found extension. + * extOffset Offset into outer ClientHello to look for extension from. + * extensionsStart Start of outer ClientHello extensions. + * extensionsLen Length of outer ClientHello extensions. + * returns 0 on success and otherwise failure. + */ +static const byte* TLSX_ECH_FindOuterExtension(const byte* outerCh, + word32 chLen, word16 extType, word32* extLen, word32* extOffset, + word16* extensionsStart, word16* extensionsLen) +{ + word32 idx = *extOffset; + byte sessionIdLen; + word16 cipherSuitesLen; + byte compressionLen; + word16 type; + word16 len; + + if (idx == 0) { + idx = OPAQUE16_LEN + RAN_LEN; + if (idx >= chLen) + return NULL; + + sessionIdLen = outerCh[idx++]; + idx += sessionIdLen; + if (idx + OPAQUE16_LEN > chLen) + return NULL; + + ato16(outerCh + idx, &cipherSuitesLen); + idx += OPAQUE16_LEN + cipherSuitesLen; + if (idx >= chLen) + return NULL; + + compressionLen = outerCh[idx++]; + idx += compressionLen; + if (idx + OPAQUE16_LEN > chLen) + return NULL; + + ato16(outerCh + idx, extensionsLen); + idx += OPAQUE16_LEN; + *extensionsStart = (word16)idx; + + if (idx + *extensionsLen > chLen) + return NULL; + } + + while (idx - *extensionsStart < *extensionsLen) { + if (idx + OPAQUE16_LEN + OPAQUE16_LEN > chLen) + return NULL; + + ato16(outerCh + idx, &type); + idx += OPAQUE16_LEN; + ato16(outerCh + idx, &len); + idx += OPAQUE16_LEN; + + if (idx + len - *extensionsStart > *extensionsLen) + return NULL; + + if (type == extType) { + *extLen = len + OPAQUE16_LEN + OPAQUE16_LEN; + *extOffset = idx + len; + return outerCh + idx - OPAQUE16_LEN - OPAQUE16_LEN; + } + + idx += len; + } + + return NULL; +} + +/* If newinnerCh is NULL, validate ordering and existence of references + * - updates newInnerChLen with total length of selected extensions + * If newinnerCh in not NULL, copy extensions into newInnerCh + * + * outerCh The outer ClientHello buffer. + * outerChLen Outer ClientHello length. + * newInnerCh The inner ClientHello buffer. + * newInnerChLen Inner ClientHello length. + * numOuterRefs Number of references described by OuterExtensions extension. + * numOuterTypes References described by OuterExtensions extension. + * returns 0 on success and otherwise failure. + */ +static int TLSX_ECH_CopyOuterExtensions(const byte* outerCh, word32 outerChLen, + byte** newInnerCh, word32* newInnerChLen, + word16 numOuterRefs, const byte* outerRefTypes) +{ + int ret = 0; + word16 refType; + word32 outerExtLen; + word32 outerExtOffset = 0; + word16 extsStart; + word16 extsLen; + const byte* outerExtData; + + if (newInnerCh == NULL) { + *newInnerChLen = 0; + + while (numOuterRefs-- > 0) { + ato16(outerRefTypes, &refType); + + if (refType == TLSXT_ECH) { + WOLFSSL_MSG("ECH: ech_outer_extensions references ECH"); + ret = INVALID_PARAMETER; + break; + } + + outerExtData = TLSX_ECH_FindOuterExtension(outerCh, outerChLen, + refType, &outerExtLen, &outerExtOffset, + &extsStart, &extsLen); + + if (outerExtData == NULL) { + WOLFSSL_MSG("ECH: referenced extension not in outer CH"); + ret = INVALID_PARAMETER; + break; + } + + *newInnerChLen += outerExtLen; + + outerRefTypes += OPAQUE16_LEN; + } + } + else { + while (numOuterRefs-- > 0) { + ato16(outerRefTypes, &refType); + + outerExtData = TLSX_ECH_FindOuterExtension(outerCh, outerChLen, + refType, &outerExtLen, &outerExtOffset, + &extsStart, &extsLen); + + if (outerExtData == NULL) { + ret = INVALID_PARAMETER; + break; + } + + XMEMCPY(*newInnerCh, outerExtData, outerExtLen); + *newInnerCh += outerExtLen; + + outerRefTypes += OPAQUE16_LEN; + } + } + + return ret; +} + +/* Expand ech_outer_extensions in the inner ClientHello by copying referenced + * extensions from the outer ClientHello. + * If the sessionID exists in the outer ClientHello then also copy that into the + * expanded inner ClientHello. + * + * ssl SSL/TLS object. + * ech ECH object. + * heap Heap hint. + * returns 0 on success and otherwise failure. + */ +static int TLSX_ECH_ExpandOuterExtensions(WOLFSSL* ssl, WOLFSSL_ECH* ech, + void* heap) +{ + int ret = 0; + int headerSz; + const byte* innerCh; + word32 innerChLen; + const byte* outerCh; + word32 outerChLen; + word32 idx; + byte sessionIdLen; + word16 cipherSuitesLen; + byte compressionLen; + + word32 innerExtIdx; + word16 innerExtLen; + word32 echOuterExtIdx = 0; + word16 echOuterExtLen = 0; + int foundEchOuter = 0; + word16 numOuterRefs = 0; + const byte* outerRefTypes = NULL; + word32 extraSize = 0; + byte* newInnerCh = NULL; + byte* newInnerChRef; + word32 newInnerChLen; + word32 copyLen; + + WOLFSSL_ENTER("TLSX_ExpandEchOuterExtensions"); + + if (ech == NULL || ech->innerClientHello == NULL || ech->aad == NULL) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + innerCh = ech->innerClientHello + headerSz; + innerChLen = ech->innerClientHelloLen; + outerCh = ech->aad; + outerChLen = ech->aadLen; + + /* don't need to check for buffer overflows here since they are caught by + * TLSX_ECH_CheckInnerPadding */ + idx = OPAQUE16_LEN + RAN_LEN; + + sessionIdLen = innerCh[idx++]; + idx += sessionIdLen; + + ato16(innerCh + idx, &cipherSuitesLen); + idx += OPAQUE16_LEN + cipherSuitesLen; + + compressionLen = innerCh[idx++]; + idx += compressionLen; + + ato16(innerCh + idx, &innerExtLen); + idx += OPAQUE16_LEN; + innerExtIdx = idx; + + /* validate ech_outer_extensions and calculate extra size */ + while (idx < innerChLen && (idx - innerExtIdx) < innerExtLen) { + word16 type; + word16 len; + byte outerExtListLen; + + if (idx + OPAQUE16_LEN + OPAQUE16_LEN > innerChLen) + return BUFFER_ERROR; + + ato16(innerCh + idx, &type); + idx += OPAQUE16_LEN; + ato16(innerCh + idx, &len); + idx += OPAQUE16_LEN; + + if (idx + len > innerChLen) + return BUFFER_ERROR; + + if (type == TLSXT_ECH_OUTER_EXTENSIONS) { + if (foundEchOuter) { + WOLFSSL_MSG("ECH: duplicate ech_outer_extensions"); + return INVALID_PARAMETER; + } + foundEchOuter = 1; + echOuterExtIdx = idx - OPAQUE16_LEN - OPAQUE16_LEN; + echOuterExtLen = len + OPAQUE16_LEN + OPAQUE16_LEN; + + /* ech_outer_extensions data format: 1-byte length + extension types + * ExtensionType OuterExtensions<2..254>; */ + if (len < 1) + return BUFFER_ERROR; + outerExtListLen = innerCh[idx]; + if (outerExtListLen + 1 != len || outerExtListLen < 2 || + outerExtListLen == 255) + return BUFFER_ERROR; + + outerRefTypes = innerCh + idx + 1; + numOuterRefs = outerExtListLen / OPAQUE16_LEN; + + ret = TLSX_ECH_CopyOuterExtensions(outerCh, outerChLen, NULL, + &extraSize, numOuterRefs, outerRefTypes); + if (ret != 0) + return ret; + } + + idx += len; + } + + newInnerChLen = innerChLen - echOuterExtLen + extraSize - sessionIdLen + + ssl->session->sessionIDSz; + + if (!foundEchOuter && sessionIdLen == ssl->session->sessionIDSz) { + /* no extensions + no sessionID to copy */ + WOLFSSL_MSG("ECH: no EchOuterExtensions extension found"); + return ret; + } + else { + newInnerCh = (byte*)XMALLOC(newInnerChLen + headerSz, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (newInnerCh == NULL) + return MEMORY_E; + } + + /* note: The first HANDSHAKE_HEADER_SZ bytes are reserved for the header + * but not initialized here. The header will be properly set later by + * AddTls13HandShakeHeader() in DoTls13ClientHello(). */ + + /* copy everything up to EchOuterExtensions */ + newInnerChRef = newInnerCh + headerSz; + copyLen = OPAQUE16_LEN + RAN_LEN; + XMEMCPY(newInnerChRef, innerCh, copyLen); + newInnerChRef += copyLen; + + *newInnerChRef = ssl->session->sessionIDSz; + newInnerChRef += OPAQUE8_LEN; + + copyLen = ssl->session->sessionIDSz; + XMEMCPY(newInnerChRef, ssl->session->sessionID, copyLen); + newInnerChRef += copyLen; + + if (!foundEchOuter) { + WOLFSSL_MSG("ECH: no EchOuterExtensions extension found"); + + copyLen = innerChLen - OPAQUE16_LEN - RAN_LEN - OPAQUE8_LEN - + sessionIdLen; + XMEMCPY(newInnerChRef, innerCh + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN + + sessionIdLen, copyLen); + } + else { + copyLen = echOuterExtIdx - OPAQUE16_LEN - RAN_LEN - OPAQUE8_LEN - + sessionIdLen; + XMEMCPY(newInnerChRef, innerCh + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN + + sessionIdLen, copyLen); + newInnerChRef += copyLen; + + /* update extensions length in the new ClientHello */ + c16toa(innerExtLen - echOuterExtLen + (word16)extraSize, + newInnerChRef - OPAQUE16_LEN); + + ret = TLSX_ECH_CopyOuterExtensions(outerCh, outerChLen, &newInnerChRef, + &newInnerChLen, numOuterRefs, outerRefTypes); + if (ret == 0) { + /* copy remaining extensions after ech_outer_extensions */ + copyLen = innerChLen - (echOuterExtIdx + echOuterExtLen); + XMEMCPY(newInnerChRef, innerCh + echOuterExtIdx + echOuterExtLen, + copyLen); + + WOLFSSL_MSG("ECH: expanded ech_outer_extensions successfully"); + } + } + + if (ret == 0) { + XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); + ech->innerClientHello = newInnerCh; + ech->innerClientHelloLen = (word16)newInnerChLen; + newInnerCh = NULL; + } + + if (newInnerCh != NULL) + XFREE(newInnerCh, heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + /* return status after attempting to open the hpke encrypted ech extension, if * successful the inner client hello will be stored in * ech->innerClientHelloLen */ @@ -13176,7 +14176,6 @@ byte* aad, word32 aadLen, void* heap) { int ret = 0; - int expectedEncLen; int i; word32 rawConfigLen = 0; byte* info = NULL; @@ -13184,28 +14183,7 @@ if (ech == NULL || echConfig == NULL || aad == NULL) return BAD_FUNC_ARG; /* verify the kem and key len */ - switch (echConfig->kemId) - { - case DHKEM_P256_HKDF_SHA256: - expectedEncLen = DHKEM_P256_ENC_LEN; - break; - case DHKEM_P384_HKDF_SHA384: - expectedEncLen = DHKEM_P384_ENC_LEN; - break; - case DHKEM_P521_HKDF_SHA512: - expectedEncLen = DHKEM_P521_ENC_LEN; - break; - case DHKEM_X25519_HKDF_SHA256: - expectedEncLen = DHKEM_X25519_ENC_LEN; - break; - case DHKEM_X448_HKDF_SHA512: - expectedEncLen = DHKEM_X448_ENC_LEN; - break; - default: - expectedEncLen = 0; - break; - } - if (expectedEncLen != ech->encLen) + if (wc_HpkeKemGetEncLen(echConfig->kemId) != ech->encLen) return BAD_FUNC_ARG; /* verify the cipher suite */ for (i = 0; i < echConfig->numCipherSuites; i++) { @@ -13287,19 +14265,23 @@ byte msgType) { int ret = 0; - int i; TLSX* echX; WOLFSSL_ECH* ech; WOLFSSL_EchConfig* echConfig; byte* aadCopy; byte* readBuf_p = (byte*)readBuf; + word32 offset = 0; + word16 len; + word16 tmpVal16; + WOLFSSL_MSG("TLSX_ECH_Parse"); - if (size == 0) - return BAD_FUNC_ARG; if (ssl->options.disableECH) { WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring."); return 0; } + if (size == 0) + return BAD_FUNC_ARG; + /* retry configs */ if (msgType == encrypted_extensions) { ret = wolfSSL_SetEchConfigs(ssl, readBuf, size); @@ -13308,15 +14290,17 @@ ret = 0; } /* HRR with special confirmation */ - else if (msgType == hello_retry_request && ssl->options.useEch) { + else if (msgType == hello_retry_request && ssl->echConfigs != NULL) { /* length must be 8 */ if (size != ECH_ACCEPT_CONFIRMATION_SZ) return BAD_FUNC_ARG; + /* get extension */ echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) return BAD_FUNC_ARG; ech = (WOLFSSL_ECH*)echX->data; + ech->confBuf = (byte*)readBuf; } else if (msgType == client_hello && ssl->ctx->echConfigs != NULL) { @@ -13325,43 +14309,97 @@ if (echX == NULL) return BAD_FUNC_ARG; ech = (WOLFSSL_ECH*)echX->data; + /* read the ech parameters before the payload */ ech->type = *readBuf_p; readBuf_p++; + offset += 1; if (ech->type == ECH_TYPE_INNER) { ech->state = ECH_PARSED_INTERNAL; return 0; } - /* technically the payload would only be 1 byte at this length */ - if (size < 11 + ech->encLen) + else if (ech->type != ECH_TYPE_OUTER) { + /* type MUST be INNER or OUTER */ return BAD_FUNC_ARG; - /* read kdfId */ - ato16(readBuf_p, &ech->cipherSuite.kdfId); - readBuf_p += 2; - /* read aeadId */ - ato16(readBuf_p, &ech->cipherSuite.aeadId); - readBuf_p += 2; - /* read configId */ - ech->configId = *readBuf_p; - readBuf_p++; + } + /* Must have kdfId, aeadId, configId, enc len and payload len. */ + if (size < offset + 2 + 2 + 1 + 2 + 2) { + return BUFFER_ERROR; + } /* only get enc if we don't already have the hpke context */ if (ech->hpkeContext == NULL) { - /* read encLen */ - ato16(readBuf_p, &ech->encLen); + /* kdfId */ + ato16(readBuf_p, &ech->cipherSuite.kdfId); + readBuf_p += 2; + offset += 2; + /* aeadId */ + ato16(readBuf_p, &ech->cipherSuite.aeadId); + readBuf_p += 2; + offset += 2; + /* configId */ + ech->configId = *readBuf_p; + readBuf_p++; + offset++; + /* encLen */ + ato16(readBuf_p, &len); readBuf_p += 2; - if (ech->encLen > HPKE_Npk_MAX) + offset += 2; + /* Check encLen isn't more than remaining bytes minus + * payload length. */ + if (len > size - offset - 2) { return BAD_FUNC_ARG; + } + if (len > HPKE_Npk_MAX) { + return BAD_FUNC_ARG; + } /* read enc */ - XMEMCPY(ech->enc, readBuf_p, ech->encLen); - readBuf_p += ech->encLen; + XMEMCPY(ech->enc, readBuf_p, len); + ech->encLen = len; } else { + /* kdfId, aeadId, and configId must be the same as last time */ + /* kdfId */ + ato16(readBuf_p, &tmpVal16); + if (tmpVal16 != ech->cipherSuite.kdfId) { + return BAD_FUNC_ARG; + } + readBuf_p += 2; + offset += 2; + /* aeadId */ + ato16(readBuf_p, &tmpVal16); + if (tmpVal16 != ech->cipherSuite.aeadId) { + return BAD_FUNC_ARG; + } + readBuf_p += 2; + offset += 2; + /* configId */ + if (*readBuf_p != ech->configId) { + return BAD_FUNC_ARG; + } + readBuf_p++; + offset++; + /* on an HRR the enc value MUST be empty */ + ato16(readBuf_p, &len); + if (len != 0) { + return BAD_FUNC_ARG; + } readBuf_p += 2; + offset += 2; } - /* read hello inner len */ + readBuf_p += len; + offset += len; + /* read payload (encrypted CH) len */ ato16(readBuf_p, &ech->innerClientHelloLen); - ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE; readBuf_p += 2; + offset += 2; + /* Check payload is no bigger than remaining bytes. */ + if (ech->innerClientHelloLen > size - offset) { + return BAD_FUNC_ARG; + } + if (ech->innerClientHelloLen < WC_AES_BLOCK_SIZE) { + return BUFFER_ERROR; + } + ech->innerClientHelloLen -= WC_AES_BLOCK_SIZE; ech->outerClientPayload = readBuf_p; /* make a copy of the aad */ aadCopy = (byte*)XMALLOC(ech->aadLen, ssl->heap, @@ -13372,7 +14410,7 @@ /* set the ech payload of the copy to zeros */ XMEMSET(aadCopy + (readBuf_p - ech->aad), 0, ech->innerClientHelloLen + WC_AES_BLOCK_SIZE); - /* free the old ech in case this is our second client hello */ + /* free the old ech when this is the second client hello */ if (ech->innerClientHello != NULL) XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); /* allocate the inner payload buffer */ @@ -13383,10 +14421,9 @@ XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } - /* first check if the config id matches */ + /* try to decrypt with matching configId */ echConfig = ssl->ctx->echConfigs; while (echConfig != NULL) { - /* decrypt with this config */ if (echConfig->configId == ech->configId) { ret = TLSX_ExtractEch(ech, echConfig, aadCopy, ech->aadLen, ssl->heap); @@ -13394,33 +14431,31 @@ } echConfig = echConfig->next; } - /* try to decrypt with all configs */ + /* otherwise, try to decrypt with all configs */ if (echConfig == NULL || ret != 0) { echConfig = ssl->ctx->echConfigs; while (echConfig != NULL) { ret = TLSX_ExtractEch(ech, echConfig, aadCopy, ech->aadLen, ssl->heap); - if (ret== 0) + if (ret == 0) break; echConfig = echConfig->next; } } - /* if we failed to extract, set state to retry configs */ + if (ret == 0) { + ret = TLSX_ECH_CheckInnerPadding(ssl, ech); + if (ret == 0) { + /* expand EchOuterExtensions if present. + * Also, if it exists, copy sessionID from outer hello */ + ret = TLSX_ECH_ExpandOuterExtensions(ssl, ech, ssl->heap); + } + } + /* if we failed to extract/expand, set state to retry configs */ if (ret != 0) { XFREE(ech->innerClientHello, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); ech->innerClientHello = NULL; ech->state = ECH_WRITE_RETRY_CONFIGS; } - else { - i = 0; - /* decrement until before the padding */ - while (ech->innerClientHello[ech->innerClientHelloLen + - HANDSHAKE_HEADER_SZ - i - 1] != ECH_TYPE_INNER) { - i++; - } - /* subtract the length of the padding from the length */ - ech->innerClientHelloLen -= i; - } XFREE(aadCopy, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); return 0; } @@ -13432,13 +14467,16 @@ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap) { XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (ech->ephemeralKey != NULL) - wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, - ech->hpke->heap); - if (ech->hpke != NULL) + if (ech->hpke != NULL) { + if (ech->ephemeralKey != NULL) + wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, + ech->hpke->heap); XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); + } if (ech->hpkeContext != NULL) XFREE(ech->hpkeContext, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ech->privateName != NULL) + XFREE((char*)ech->privateName, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; @@ -13695,7 +14733,7 @@ ECH_FREE((WOLFSSL_ECH*)extension->data, heap); break; #endif -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) case TLSX_CKS: WOLFSSL_MSG("CKS extension free"); /* nothing to do */ @@ -13741,7 +14779,7 @@ length += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; switch (extension->type) { -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) case TLSX_CKS: length += ((WOLFSSL*)extension->data)->sigSpecSz ; break; @@ -13940,7 +14978,7 @@ /* extension data should be written internally. */ switch (extension->type) { -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) case TLSX_CKS: WOLFSSL_MSG("CKS extension to write"); offset += CKS_WRITE(((WOLFSSL*)extension->data), @@ -14194,90 +15232,204 @@ } #endif /* WOLFSSL_TLS13 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_PQC_HYBRIDS) + /* Prefer non-experimental PQ/T hybrid groups (only for TLS 1.3) */ + if (IsAtLeastTLSv1_3(ssl->version)) { + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ + ECC_MIN_KEY_SZ <= 256 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + } +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_1024) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } +#endif + #if defined(HAVE_ECC) - /* list in order by strength, since not all servers choose by strength */ - #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 - #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP521R1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif + /* list in order by strength, since not all servers choose by strength */ + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 + #ifndef NO_ECC_SECP + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP521R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; #endif - #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 - #ifdef HAVE_ECC_BRAINPOOL + #endif + #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + #ifdef HAVE_ECC_BRAINPOOL + if (IsAtLeastTLSv1_3(ssl->version)) { + /* TLS 1.3 BrainpoolP512 curve */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP512R1TLS13, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + + /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ + if (ssl->options.downgrade && + (ssl->options.minDowngrade <= TLSv1_2_MINOR || + ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); if (ret != WOLFSSL_SUCCESS) return ret; - #endif + } + } + else { + /* TLS 1.2 only */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } #endif - #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 - #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP384R1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #ifdef HAVE_ECC_BRAINPOOL + #endif +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } +#endif + +#if defined(HAVE_ECC) + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + #ifndef NO_ECC_SECP + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP384R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #ifdef HAVE_ECC_BRAINPOOL + if (IsAtLeastTLSv1_3(ssl->version)) { + /* TLS 1.3 BrainpoolP384 curve */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP384R1TLS13, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + + /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ + if (ssl->options.downgrade && + (ssl->options.minDowngrade <= TLSv1_2_MINOR || + ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); if (ret != WOLFSSL_SUCCESS) return ret; - #endif + } + } + else { + /* TLS 1.2 only */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } #endif + #endif #endif /* HAVE_ECC */ - #ifndef HAVE_FIPS - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_X448, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #endif /* HAVE_FIPS */ +#ifndef HAVE_FIPS + #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_X448, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif +#endif /* HAVE_FIPS */ + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_512) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, + ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } +#endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 - #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP256R1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP256K1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #ifdef HAVE_ECC_BRAINPOOL - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #ifdef WOLFSSL_SM2 + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + #ifndef NO_ECC_SECP + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP256R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #ifdef HAVE_ECC_KOBLITZ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP256K1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #ifdef HAVE_ECC_BRAINPOOL + if (IsAtLeastTLSv1_3(ssl->version)) { + /* TLS 1.3 BrainpoolP256 curve */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP256R1TLS13, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + + /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ + if (ssl->options.downgrade && + (ssl->options.minDowngrade <= TLSv1_2_MINOR || + ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SM2P256V1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); if (ret != WOLFSSL_SUCCESS) return ret; - #endif + } + } + else { + /* TLS 1.2 only */ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + } + #endif + #ifdef WOLFSSL_SM2 + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SM2P256V1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; #endif + #endif #endif /* HAVE_ECC */ - #ifndef HAVE_FIPS - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_X25519, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #endif /* HAVE_FIPS */ +#ifndef HAVE_FIPS + #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_X25519, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif +#endif /* HAVE_FIPS */ #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) - #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 - #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP224R1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif - #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP224K1, ssl->heap); - if (ret != WOLFSSL_SUCCESS) return ret; - #endif + #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 + #ifndef NO_ECC_SECP + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP224R1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; + #endif + #ifdef HAVE_ECC_KOBLITZ + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_ECC_SECP224K1, ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; #endif + #endif #ifndef HAVE_FIPS #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 @@ -14313,220 +15465,149 @@ #endif /* HAVE_ECC */ #ifndef NO_DH - /* Add FFDHE supported groups. */ - #ifdef HAVE_FFDHE_8192 - if (8192/8 >= ssl->options.minDhKeySz && - 8192/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_8192, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - #endif - #ifdef HAVE_FFDHE_6144 - if (6144/8 >= ssl->options.minDhKeySz && - 6144/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_6144, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - #endif - #ifdef HAVE_FFDHE_4096 - if (4096/8 >= ssl->options.minDhKeySz && - 4096/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_4096, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - #endif - #ifdef HAVE_FFDHE_3072 - if (3072/8 >= ssl->options.minDhKeySz && - 3072/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_3072, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - #endif - #ifdef HAVE_FFDHE_2048 - if (2048/8 >= ssl->options.minDhKeySz && - 2048/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_2048, ssl->heap); - if (ret != WOLFSSL_SUCCESS) - return ret; - } - #endif -#endif - -#ifdef WOLFSSL_HAVE_MLKEM -#ifndef WOLFSSL_NO_ML_KEM -#ifdef WOLFSSL_WC_MLKEM -#ifndef WOLFSSL_NO_ML_KEM_512 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, - ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512, - ssl->heap); + /* Add FFDHE supported groups. */ + #ifdef HAVE_FFDHE_8192 + if (8192/8 >= ssl->options.minDhKeySz && + 8192/8 <= ssl->options.maxDhKeySz) { + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_FFDHE_8192, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } #endif -#endif -#ifndef WOLFSSL_NO_ML_KEM_768 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, - ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, - ssl->heap); + #ifdef HAVE_FFDHE_6144 + if (6144/8 >= ssl->options.minDhKeySz && + 6144/8 <= ssl->options.maxDhKeySz) { + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_FFDHE_6144, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, - ssl->heap); + #ifdef HAVE_FFDHE_4096 + if (4096/8 >= ssl->options.minDhKeySz && + 4096/8 <= ssl->options.maxDhKeySz) { + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_FFDHE_4096, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } + #endif + #ifdef HAVE_FFDHE_3072 + if (3072/8 >= ssl->options.minDhKeySz && + 3072/8 <= ssl->options.maxDhKeySz) { + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_FFDHE_3072, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } + #endif + #ifdef HAVE_FFDHE_2048 + if (2048/8 >= ssl->options.minDhKeySz && + 2048/8 <= ssl->options.maxDhKeySz) { + ret = TLSX_UseSupportedCurve(extensions, + WOLFSSL_FFDHE_2048, ssl->heap); + if (ret != WOLFSSL_SUCCESS) + return ret; + } #endif #endif -#ifndef WOLFSSL_NO_ML_KEM_1024 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_EXTRA_PQC_HYBRIDS) + if (IsAtLeastTLSv1_3(ssl->version)) { +#if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ + (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, - ssl->heap); + if (ret != WOLFSSL_SUCCESS) return ret; #endif -#elif defined(HAVE_LIBOQS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) +#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024, + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \ + ECC_MIN_KEY_SZ <= 448 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_ECC) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \ + ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, - ssl->heap); - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, - ssl->heap); - #endif -#endif /* HAVE_LIBOQS */ -#endif /* !WOLFSSL_NO_ML_KEM */ -#ifdef WOLFSSL_MLKEM_KYBER -#ifdef WOLFSSL_WC_MLKEM -#ifdef WOLFSSL_KYBER512 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, + if (ret != WOLFSSL_SUCCESS) return ret; +#endif + } +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ + defined(WOLFSSL_MLKEM_KYBER) + if (IsAtLeastTLSv1_3(ssl->version)) { +#ifdef WOLFSSL_KYBER1024 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1, + if (ret != WOLFSSL_SUCCESS) return ret; +#if defined(HAVE_ECC) && (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 521 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, ssl->heap); - #endif + if (ret != WOLFSSL_SUCCESS) return ret; +#endif #endif #ifdef WOLFSSL_KYBER768 - if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3, ssl->heap); - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#if defined(HAVE_ECC) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, ssl->heap); - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if defined(HAVE_ECC) && (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3, ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3, ssl->heap); - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3, ssl->heap); - #endif + if (ret != WOLFSSL_SUCCESS) return ret; #endif -#ifdef WOLFSSL_KYBER1024 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, - ssl->heap); #endif -#elif defined(HAVE_LIBOQS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, +#ifdef WOLFSSL_KYBER512 + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#if defined(HAVE_ECC) && (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3, - ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, - ssl->heap); - #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - if (ret == WOLFSSL_SUCCESS) + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1, ssl->heap); - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3, - ssl->heap); - #endif - #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - if (ret == WOLFSSL_SUCCESS) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3, - ssl->heap); - #endif -#endif /* HAVE_LIBOQS */ -#endif /* WOLFSSL_MLKEM_KYBER */ -#endif /* WOLFSSL_HAVE_MLKEM */ + if (ret != WOLFSSL_SUCCESS) return ret; +#endif +#endif + } +#endif (void)ssl; (void)extensions; @@ -14599,7 +15680,7 @@ } } #endif -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) if ((IsAtLeastTLSv1_3(ssl->version)) && (ssl->sigSpec != NULL)) { WOLFSSL_MSG("Adding CKS extension"); if ((ret = TLSX_UseCKS(&ssl->extensions, ssl, ssl->heap)) != 0) { @@ -15009,11 +16090,18 @@ if (serverNameX == NULL && ssl->ctx && ssl->ctx->extensions) { serverNameX = TLSX_Find(ssl->ctx->extensions, TLSX_SERVER_NAME); - extensions = &ssl->ctx->extensions; + if (serverNameX != NULL) + extensions = &ssl->ctx->extensions; + } + + /* ECH requires an inner SNI to be present for ClientHelloInner. + * Without it, fail instead of mutating extension lists. */ + if (serverNameX == NULL) { + ret = BAD_FUNC_ARG; } /* store the inner server name */ - if (serverNameX != NULL) { + if (ret == 0 && serverNameX != NULL) { char* hostName = ((SNI*)serverNameX->data)->data.host_name; word32 hostNameSz = (word32)XSTRLEN(hostName) + 1; @@ -15024,15 +16112,19 @@ XMEMCPY(serverName, hostName, hostNameSz); } - /* remove the inner server name */ - TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap); - - /* set the public name as the server name */ - if ((ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, - ((WOLFSSL_ECH*)echX->data)->echConfig->publicName, - XSTRLEN(((WOLFSSL_ECH*)echX->data)->echConfig->publicName), - ssl->heap)) == WOLFSSL_SUCCESS) - ret = 0; + /* only swap the SNI if one was found; extensions is non-NULL if an + * SNI entry was found on ssl->extensions or ctx->extensions */ + if (ret == 0 && extensions != NULL) { + /* remove the inner server name */ + TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap); + + /* set the public name as the server name */ + if ((ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, + ((WOLFSSL_ECH*)echX->data)->echConfig->publicName, + XSTRLEN(((WOLFSSL_ECH*)echX->data)->echConfig->publicName), + ssl->heap)) == WOLFSSL_SUCCESS) + ret = 0; + } } *pServerNameX = serverNameX; *pExtensions = extensions; @@ -15045,10 +16137,12 @@ { int ret = 0; - if (serverNameX != NULL) { - /* remove the public name SNI */ + /* always remove the publicName SNI we injected, regardless of whether + * there was a prior inner SNI to restore */ + if (extensions != NULL) TLSX_Remove(extensions, TLSX_SERVER_NAME, ssl->heap); + if (serverNameX != NULL) { /* restore the inner server name */ ret = TLSX_UseSNI(extensions, WOLFSSL_SNI_HOST_NAME, serverName, XSTRLEN(serverName), ssl->heap); @@ -15099,7 +16193,6 @@ if (msgType == client_hello) { EC_VALIDATE_REQUEST(ssl, semaphore); PF_VALIDATE_REQUEST(ssl, semaphore); - WOLF_STK_VALIDATE_REQUEST(ssl); #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); @@ -15164,7 +16257,7 @@ } #endif #if defined(HAVE_ECH) - if (ssl->options.useEch == 1 && !ssl->options.disableECH + if (ssl->echConfigs != NULL && !ssl->options.disableECH && msgType == client_hello) { ret = TLSX_GetSizeWithEch(ssl, semaphore, msgType, &length); if (ret != 0) @@ -15276,7 +16369,6 @@ if (msgType == client_hello) { EC_VALIDATE_REQUEST(ssl, semaphore); PF_VALIDATE_REQUEST(ssl, semaphore); - WOLF_STK_VALIDATE_REQUEST(ssl); #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) if (WOLFSSL_SUITES(ssl)->hashSigAlgoSz == 0) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_SIGNATURE_ALGORITHMS)); @@ -15350,7 +16442,7 @@ #endif #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - if (ssl->options.useEch == 1 && !ssl->options.disableECH + if (ssl->echConfigs != NULL && !ssl->options.disableECH && msgType == client_hello) { ret = TLSX_WriteWithEch(ssl, output, semaphore, msgType, &offset); @@ -15955,7 +17047,7 @@ #ifdef WOLFSSL_QUIC || (type == TLSX_KEY_QUIC_TP_PARAMS_DRAFT) #endif - #ifdef WOLFSSL_DUAL_ALG_CERTS + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) || (type == TLSX_CKS) #endif ) @@ -16108,7 +17200,7 @@ ret = EC_PARSE(ssl, input + offset, size, isRequest, &ssl->extensions); break; -#ifdef WOLFSSL_DUAL_ALG_CERTS +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) case TLSX_CKS: WOLFSSL_MSG("CKS extension received"); if (msgType != client_hello && @@ -16322,13 +17414,13 @@ break; + #ifdef WOLFSSL_SEND_HRR_COOKIE case TLSX_COOKIE: WOLFSSL_MSG("Cookie extension received"); #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_BUFFER(input + offset, size); #endif - if (!IsAtLeastTLSv1_3(ssl->version)) break; @@ -16494,7 +17586,6 @@ if (IsAtLeastTLSv1_3(ssl->version) && msgType != client_hello && - msgType != server_hello && msgType != encrypted_extensions) { return EXT_NOT_ALLOWED; } @@ -16524,11 +17615,51 @@ #if defined(HAVE_RPK) case TLSX_CLIENT_CERTIFICATE_TYPE: WOLFSSL_MSG("Client Certificate Type extension received"); +#if defined(WOLFSSL_TLS13) + /* RFC 8446, Section 4.2 (Extensions), client_certificate_type + and server_certificate_type MUST be sent in ClientHello(CH) + or EncryptedExtensions(EE) */ + if (IsAtLeastTLSv1_3(ssl->version)) { + if (msgType != client_hello && + msgType != encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); + return EXT_NOT_ALLOWED; + } + } + else +#endif + { + /* TLS 1.2: allowed in CH and SH (RFC 7250) */ + if (msgType != client_hello && + msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); + return EXT_NOT_ALLOWED; + } + } ret = CCT_PARSE(ssl, input + offset, size, msgType); break; case TLSX_SERVER_CERTIFICATE_TYPE: WOLFSSL_MSG("Server Certificate Type extension received"); +#if defined(WOLFSSL_TLS13) + /* RFC 8446, Section 4.2 (Extensions) */ + if (IsAtLeastTLSv1_3(ssl->version)) { + if (msgType != client_hello && + msgType != encrypted_extensions) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); + return EXT_NOT_ALLOWED; + } + } + else +#endif + { + /* TLS 1.2: allowed in CH and SH (RFC 7250) */ + if (msgType != client_hello && + msgType != server_hello) { + WOLFSSL_ERROR_VERBOSE(EXT_NOT_ALLOWED); + return EXT_NOT_ALLOWED; + } + } ret = SCT_PARSE(ssl, input + offset, size, msgType); break; #endif /* HAVE_RPK */ @@ -16567,15 +17698,18 @@ * contain SupportedGroups and vice-versa. */ if (IsAtLeastTLSv1_3(ssl->version) && msgType == client_hello && isRequest) { int hasKeyShare = !IS_OFF(seenType, TLSX_ToSemaphore(TLSX_KEY_SHARE)); - int hasSupportedGroups = !IS_OFF(seenType, TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); + int hasSupportedGroups = !IS_OFF(seenType, + TLSX_ToSemaphore(TLSX_SUPPORTED_GROUPS)); if (hasKeyShare && !hasSupportedGroups) { - WOLFSSL_MSG("ClientHello with KeyShare extension missing required SupportedGroups extension"); - return MISSING_HANDSHAKE_DATA; + WOLFSSL_MSG("ClientHello with KeyShare extension missing required " + "SupportedGroups extension"); + return INCOMPLETE_DATA; } if (hasSupportedGroups && !hasKeyShare) { - WOLFSSL_MSG("ClientHello with SupportedGroups extension missing required KeyShare extension"); - return MISSING_HANDSHAKE_DATA; + WOLFSSL_MSG("ClientHello with SupportedGroups extension missing " + "required KeyShare extension"); + return INCOMPLETE_DATA; } } #endif @@ -16585,6 +17719,19 @@ if (ret == 0) ret = TCA_VERIFY_PARSE(ssl, isRequest); +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + /* If client used ECH, server HRR must include ECH confirmation */ + if (ret == 0 && msgType == hello_retry_request && ssl->echConfigs != NULL && + !ssl->options.disableECH) { + TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH); + if (echX == NULL || ((WOLFSSL_ECH*)echX->data)->confBuf == NULL) { + WOLFSSL_MSG("ECH used but HRR missing ECH confirmation"); + WOLFSSL_ERROR_VERBOSE(EXT_MISSING); + ret = EXT_MISSING; + } + } +#endif + WOLFSSL_LEAVE("Leaving TLSX_Parse", ret); return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/tls13.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls13.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/tls13.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/tls13.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls13.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,71 +22,61 @@ #include /* - * BUILD_GCM - * Enables AES-GCM ciphersuites. - * HAVE_AESCCM - * Enables AES-CCM ciphersuites. - * HAVE_SESSION_TICKET - * Enables session tickets - required for TLS 1.3 resumption. - * NO_PSK - * Do not enable Pre-Shared Keys. - * HAVE_KEYING_MATERIAL - * Enables exporting keying material based on section 7.5 of RFC 8446. - * WOLFSSL_ASYNC_CRYPT - * Enables the use of asynchronous cryptographic operations. - * This is available for ciphers and certificates. - * HAVE_CHACHA && HAVE_POLY1305 - * Enables use of CHACHA20-POLY1305 ciphersuites. - * WOLFSSL_DEBUG_TLS - * Writes out details of TLS 1.3 protocol including handshake message buffers - * and key generation input and output. - * WOLFSSL_EARLY_DATA - * Allow 0-RTT Handshake using Early Data extensions and handshake message - * WOLFSSL_EARLY_DATA_GROUP - * Group EarlyData message with ClientHello when sending - * WOLFSSL_NO_SERVER_GROUPS_EXT - * Do not send the server's groups in an extension when the server's top - * preference is not in client's list. - * WOLFSSL_POST_HANDSHAKE_AUTH - * Allow TLS v1.3 code to perform post-handshake authentication of the - * client. - * WOLFSSL_SEND_HRR_COOKIE - * Send a cookie in hello_retry_request message to enable stateless tracking - * of ClientHello replies. - * WOLFSSL_TLS13 - * Enable TLS 1.3 protocol implementation. - * WOLFSSL_TLS13_MIDDLEBOX_COMPAT - * Enable middlebox compatibility in the TLS 1.3 handshake. - * This includes sending ChangeCipherSpec before encrypted messages and - * including a session id. - * WOLFSSL_TLS13_SHA512 - * Allow generation of SHA-512 digests in handshake - no ciphersuite - * requires SHA-512 at this time. - * WOLFSSL_TLS13_TICKET_BEFORE_FINISHED - * Allow a NewSessionTicket message to be sent by server before Client's - * Finished message. - * See TLS v1.3 specification, Section 4.6.1, Paragraph 4 (Note). - * WOLFSSL_PSK_ONE_ID - * When only one PSK ID is used and only one call to the PSK callback can - * be made per connect. - * You cannot use wc_psk_client_cs_callback type callback on client. - * WOLFSSL_PRIORITIZE_PSK - * During a handshake, prioritize PSK order instead of ciphersuite order. - * WOLFSSL_CHECK_ALERT_ON_ERR - * Check for alerts during the handshake in the event of an error. - * WOLFSSL_NO_CLIENT_CERT_ERROR - * Requires client to set a client certificate - * WOLFSSL_PSK_MULTI_ID_PER_CS - * When multiple PSK identities are available for the same cipher suite. - * Sets the first byte of the client identity to the count of identities - * that have been seen so far for the cipher suite. - * WOLFSSL_CHECK_SIG_FAULTS - * Verifies the ECC signature after signing in case of faults in the - * calculation of the signature. Useful when signature fault injection is a - * possible attack. - * WOLFSSL_32BIT_MILLI_TIME - * Function TimeNowInMilliseconds() returns an unsigned 32-bit value. - * Default behavior is to return a signed 64-bit value. + * TLS 1.3-Specific Build Options: + * (See tls.c for generic TLS options: extensions, curves, callbacks, etc.) + * + * Protocol: + * WOLFSSL_TLS13: Enable TLS 1.3 protocol default: on + * WOLFSSL_TLS13_DRAFT: Enable TLS 1.3 draft version support default: off + * WOLFSSL_QUIC: Enable QUIC protocol support (TLS 1.3) default: off + * WOLFSSL_DTLS13_NO_HRR_ON_RESUME: Skip HRR on DTLS 1.3 resume default: off + * WOLFSSL_DTLS_CH_FRAG: Enable DTLS 1.3 ClientHello frag default: off + * + * Handshake: + * WOLFSSL_TLS13_MIDDLEBOX_COMPAT: Enable middlebox compatibility default: on + * Sends ChangeCipherSpec and includes session id + * WOLFSSL_SEND_HRR_COOKIE: Send cookie in HelloRetryRequest default: off + * for stateless ClientHello tracking + * WOLFSSL_EARLY_DATA: Allow 0-RTT early data default: off + * WOLFSSL_EARLY_DATA_GROUP: Group early data with ClientHello default: off + * WOLFSSL_POST_HANDSHAKE_AUTH: Post-handshake client auth default: off + * WOLFSSL_TLS13_TICKET_BEFORE_FINISHED: Send NewSessionTicket default: off + * before client Finished message + * WOLFSSL_NO_CLIENT_AUTH: Disable TLS 1.3 client authentication default: off + * WOLFSSL_NO_CLIENT_CERT_ERROR: Require client certificate default: off + * WOLFSSL_CERT_SETUP_CB: Certificate setup callback default: off + * WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION: Allow bad legacy version default: off + * + * Security: + * WOLFSSL_BLIND_PRIVATE_KEY: Blind private key during signing default: off + * WOLFSSL_CHECK_SIG_FAULTS: Verify signature after ECC signing default: off + * to detect fault injection attacks + * WOLFSSL_CIPHER_TEXT_CHECK: Verify ciphertext integrity default: off + * + * TLS 1.3 PSK: + * WOLFSSL_PSK_ONE_ID: Single PSK identity per connect default: off + * WOLFSSL_PSK_MULTI_ID_PER_CS: Multiple PSK IDs per cipher suite default: off + * WOLFSSL_PRIORITIZE_PSK: Prioritize PSK over ciphersuite order default: off + * WOLFSSL_PSK_ID_PROTECTION: Enable PSK identity protection default: off + * + * TLS 1.3 Session Tickets: + * WOLFSSL_TICKET_HAVE_ID: Session tickets include ID default: off + * WOLFSSL_TICKET_NONCE_MALLOC: Dynamically allocate ticket nonce default: off + * + * TLS 1.3 Key Exchange: + * HAVE_KEYING_MATERIAL: Export keying material (RFC 8446 7.5) default: off + * WOLFSSL_HAVE_TLS_UNIQUE: Enable tls-unique channel binding default: off + * + * TLS 1.3 Hash/Signature: + * WOLFSSL_TLS13_SHA512: Allow SHA-512 in TLS 1.3 handshake default: off + * (no ciphersuite requires it currently) + * WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off + * WOLFSSL_SSLKEYLOGFILE_OUTPUT: Set key log output file path default: off + * WOLFSSL_RW_THREADED: Enable read/write threading support default: off + * WOLFSSL_ASYNC_IO: Enable async I/O operations default: off + * WOLFSSL_NONBLOCK_OCSP: Non-blocking OCSP processing default: off + * WOLFSSL_TLS_OCSP_MULTI: Multiple OCSP responses default: off + * WOLFSSL_WOLFSENTRY_HOOKS: wolfSentry integration hooks default: off */ #if !defined(NO_TLS) && defined(WOLFSSL_TLS13) @@ -244,7 +234,7 @@ { int ret; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->HKDFExpandLabelCb) { ret = ssl->ctx->HKDFExpandLabelCb(okm, okmLen, prk, prkLen, protocol, protocolLen, @@ -958,6 +948,13 @@ 0xF9, 0x27, 0xDA, 0x3E }; #endif +#ifdef WOLFSSL_SM3 +static const byte emptySM3Hash[] = { + 0x1A, 0xB2, 0x1D, 0x83, 0x55, 0xCF, 0xA1, 0x7F, 0x8E, 0x61, 0x19, 0x48, + 0x31, 0xE8, 0x1A, 0x8F, 0x22, 0xBE, 0xC8, 0xC7, 0x28, 0xFE, 0xFB, 0x74, + 0x7E, 0xD0, 0x35, 0xEB, 0x50, 0x82, 0xAA, 0x2B +}; +#endif /** * Implement section 7.5 of RFC 8446 * @return 0 on success @@ -1013,6 +1010,17 @@ emptyHash = emptySHA512Hash; break; #endif + + #ifdef WOLFSSL_SM3 + case sm3_mac: + hashType = WC_HASH_TYPE_SM3; + hashLen = WC_SM3_DIGEST_SIZE; + emptyHash = emptySM3Hash; + break; + #endif + + default: + return BAD_FUNC_ARG; } /* Derive-Secret(Secret, label, "") */ @@ -1023,6 +1031,11 @@ if (ret != 0) return ret; + /* Sanity check contextLen to prevent truncation when cast to word32. */ + if (contextLen > WOLFSSL_MAX_32BIT) { + return BAD_FUNC_ARG; + } + /* Hash(context_value) */ ret = wc_Hash(hashType, context, (word32)contextLen, hashOut, WC_MAX_DIGEST_SIZE); if (ret != 0) @@ -1197,19 +1210,27 @@ return ret; #endif + /* Derive-Secret(., "derived", "") per RFC 8446 Section 7.1. + * Empty hash (NULL, 0) is required by the TLS 1.3 key schedule. */ ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->secret, derivedLabel, DERIVED_LABEL_SZ, NULL, 0, ssl->specs.mac_algorithm); - if (ret != 0) - return ret; - - PRIVATE_KEY_UNLOCK(); - ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret, - key, ssl->specs.hash_size, - ssl->arrays->preMasterSecret, (int)ssl->arrays->preMasterSz, - mac2hash(ssl->specs.mac_algorithm)); - PRIVATE_KEY_LOCK(); + if (ret == 0) { + PRIVATE_KEY_UNLOCK(); + ret = Tls13_HKDF_Extract(ssl, ssl->arrays->preMasterSecret, + key, ssl->specs.hash_size, + ssl->arrays->preMasterSecret, (int)ssl->arrays->preMasterSz, + mac2hash(ssl->specs.mac_algorithm)); + PRIVATE_KEY_LOCK(); + } +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("DeriveHandshakeSecret key", key, WC_MAX_DIGEST_SIZE); +#endif + ForceZero(key, sizeof(key)); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(key, sizeof(key)); +#endif return ret; } @@ -1232,17 +1253,27 @@ return ret; #endif + /* Derive-Secret(., "derived", "") per RFC 8446 Section 7.1. + * Empty hash (NULL, 0) is required by the TLS 1.3 key schedule. */ ret = DeriveKeyMsg(ssl, key, -1, ssl->arrays->preMasterSecret, derivedLabel, DERIVED_LABEL_SZ, NULL, 0, ssl->specs.mac_algorithm); - if (ret != 0) - return ret; + if (ret == 0) { + PRIVATE_KEY_UNLOCK(); + ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret, + key, ssl->specs.hash_size, + ssl->arrays->masterSecret, 0, + mac2hash(ssl->specs.mac_algorithm)); + PRIVATE_KEY_LOCK(); + } - PRIVATE_KEY_UNLOCK(); - ret = Tls13_HKDF_Extract(ssl, ssl->arrays->masterSecret, - key, ssl->specs.hash_size, - ssl->arrays->masterSecret, 0, mac2hash(ssl->specs.mac_algorithm)); - PRIVATE_KEY_LOCK(); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("DeriveMasterSecret key", key, WC_MAX_DIGEST_SIZE); +#endif + ForceZero(key, sizeof(key)); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(key, sizeof(key)); +#endif #ifdef HAVE_KEYING_MATERIAL if (ret != 0) @@ -1444,6 +1475,8 @@ * traffic messages. * update_traffic_key when deriving next keys and IVs for encrypting * traffic messages. + * no_key when deriving keys and IVs from existing secrets without + * re-deriving the secrets. Used during early data transitions. * side ENCRYPT_SIDE_ONLY when only encryption secret needs to be derived. * DECRYPT_SIDE_ONLY when only decryption secret needs to be derived. * ENCRYPT_AND_DECRYPT_SIDE when both secret needs to be derived. @@ -1532,6 +1565,12 @@ } break; + case no_key: + /* Called with early data to derive keys from existing secrets + * without re-deriving the secrets themselves. */ + ret = 0; + break; + default: ret = BAD_FUNC_ARG; break; @@ -1661,7 +1700,7 @@ return ret; } -#if (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) +#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) || defined(WOLFSSL_DTLS13) #ifdef WOLFSSL_32BIT_MILLI_TIME #ifndef NO_ASN_TIME #if defined(USER_TICKS) @@ -2260,7 +2299,7 @@ */ #endif /* !NO_ASN_TIME */ #endif /* WOLFSSL_32BIT_MILLI_TIME */ -#endif /* HAVE_SESSION_TICKET || !NO_PSK */ +#endif /* HAVE_SESSION_TICKET || !NO_PSK || WOLFSSL_DTLS13 */ /* Add record layer header to message. * @@ -2422,9 +2461,13 @@ * order The side on which the message is to be or was sent. */ static WC_INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv, - int order) + int ivSz, int order) { - int seq_offset = AEAD_NONCE_SZ - SEQ_SZ; + int seq_offset; + /* Ensure minimum nonce size for standard AEAD ciphers */ + if (ivSz < AEAD_NONCE_SZ) + ivSz = AEAD_NONCE_SZ; + seq_offset = ivSz - SEQ_SZ; /* The nonce is the IV with the sequence XORed into the last bytes. */ WriteSEQTls13(ssl, order, nonce + seq_offset); XMEMCPY(nonce, iv, seq_offset); @@ -2517,7 +2560,7 @@ int ret; /* HMAC: nonce | aad | input */ - ret = wc_HmacUpdate(ssl->encrypt.hmac, nonce, HMAC_NONCE_SZ); + ret = wc_HmacUpdate(ssl->encrypt.hmac, nonce, ssl->specs.iv_size); if (ret == 0) ret = wc_HmacUpdate(ssl->encrypt.hmac, aad, aadSz); if (ret == 0) @@ -2547,7 +2590,7 @@ word16 sz, const byte* aad, word16 aadSz, int asyncOkay) { int ret = 0; - word16 dataSz = sz - ssl->specs.aead_mac_size; + word16 dataSz; word16 macSz = ssl->specs.aead_mac_size; word32 nonceSz = 0; #ifdef WOLFSSL_ASYNC_CRYPT @@ -2556,6 +2599,9 @@ #endif WOLFSSL_ENTER("EncryptTls13"); + if (sz < ssl->specs.aead_mac_size) + return BUFFER_E; + dataSz = sz - ssl->specs.aead_mac_size; (void)output; (void)input; @@ -2600,12 +2646,12 @@ #ifdef CIPHER_NONCE if (ssl->encrypt.nonce == NULL) { - ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ, + ssl->encrypt.nonce = (byte*)XMALLOC(AEAD_MAX_IMP_SZ, ssl->heap, DYNAMIC_TYPE_CIPHER); #ifdef WOLFSSL_CHECK_MEM_ZERO if (ssl->encrypt.nonce != NULL) { wc_MemZero_Add("EncryptTls13 nonce", ssl->encrypt.nonce, - AEAD_NONCE_SZ); + ssl->specs.iv_size); } #endif } @@ -2613,7 +2659,7 @@ return MEMORY_E; BuildTls13Nonce(ssl, ssl->encrypt.nonce, ssl->keys.aead_enc_imp_IV, - CUR_ORDER); + ssl->specs.iv_size, CUR_ORDER); #endif /* Advance state and proceed */ @@ -2637,7 +2683,7 @@ nonceSz = AESGCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, output, input, dataSz, @@ -2679,7 +2725,7 @@ nonceSz = AESCCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 1, output, input, dataSz, @@ -2795,7 +2841,7 @@ #endif #ifdef CIPHER_NONCE - ForceZero(ssl->encrypt.nonce, AEAD_NONCE_SZ); + ForceZero(ssl->encrypt.nonce, ssl->specs.iv_size); #endif break; @@ -2909,7 +2955,7 @@ byte hmac[WC_MAX_DIGEST_SIZE]; /* HMAC: nonce | aad | input */ - ret = wc_HmacUpdate(ssl->decrypt.hmac, nonce, HMAC_NONCE_SZ); + ret = wc_HmacUpdate(ssl->decrypt.hmac, nonce, ssl->specs.iv_size); if (ret == 0) ret = wc_HmacUpdate(ssl->decrypt.hmac, aad, aadSz); if (ret == 0) @@ -2922,6 +2968,7 @@ /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); + ForceZero(hmac, sizeof(hmac)); return ret; } #endif @@ -2941,11 +2988,15 @@ const byte* aad, word16 aadSz) { int ret = 0; - word16 dataSz = sz - ssl->specs.aead_mac_size; + word16 dataSz; word16 macSz = ssl->specs.aead_mac_size; word32 nonceSz = 0; WOLFSSL_ENTER("DecryptTls13"); + if (sz < ssl->specs.aead_mac_size) { + return BAD_FUNC_ARG; + } + dataSz = sz - ssl->specs.aead_mac_size; #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13AesDecrypt(ssl, output, input, sz); @@ -3001,12 +3052,12 @@ #ifdef CIPHER_NONCE if (ssl->decrypt.nonce == NULL) { - ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_NONCE_SZ, + ssl->decrypt.nonce = (byte*)XMALLOC(AEAD_MAX_IMP_SZ, ssl->heap, DYNAMIC_TYPE_CIPHER); #ifdef WOLFSSL_CHECK_MEM_ZERO if (ssl->decrypt.nonce != NULL) { wc_MemZero_Add("DecryptTls13 nonce", ssl->decrypt.nonce, - AEAD_NONCE_SZ); + ssl->specs.iv_size); } #endif } @@ -3014,7 +3065,7 @@ return MEMORY_E; BuildTls13Nonce(ssl, ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV, - PEER_ORDER); + ssl->specs.iv_size, PEER_ORDER); #endif /* Advance state and proceed */ @@ -3038,7 +3089,7 @@ nonceSz = AESGCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, output, input, dataSz, @@ -3077,7 +3128,7 @@ nonceSz = AESCCM_NONCE_SZ; #if defined(HAVE_PK_CALLBACKS) - ret = NOT_COMPILED_IN; + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); if (ssl->ctx && ssl->ctx->PerformTlsRecordProcessingCb) { ret = ssl->ctx->PerformTlsRecordProcessingCb(ssl, 0, output, input, dataSz, @@ -3112,7 +3163,7 @@ case wolfssl_sm4_gcm: nonceSz = SM4_GCM_NONCE_SZ; ret = wc_Sm4GcmDecrypt(ssl->decrypt.sm4, output, input, - dataSz, ssl->decrypt.nonce, nonceSz, output + dataSz, + dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz, macSz, aad, aadSz); break; #endif @@ -3121,7 +3172,7 @@ case wolfssl_sm4_ccm: nonceSz = SM4_CCM_NONCE_SZ; ret = wc_Sm4CcmDecrypt(ssl->decrypt.sm4, output, input, - dataSz, ssl->decrypt.nonce, nonceSz, output + dataSz, + dataSz, ssl->decrypt.nonce, nonceSz, input + dataSz, macSz, aad, aadSz); break; #endif @@ -3167,7 +3218,7 @@ #endif #ifdef CIPHER_NONCE - ForceZero(ssl->decrypt.nonce, AEAD_NONCE_SZ); + ForceZero(ssl->decrypt.nonce, ssl->specs.iv_size); #endif break; @@ -3743,6 +3794,275 @@ }; #endif +#ifdef HAVE_ECH +/* returns the index of the first supported cipher suite, -1 if none */ +int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config) +{ + int i = 0; + + if (!wc_HpkeKemIsSupported(config->kemId)) { + return WOLFSSL_FATAL_ERROR; + } + + for (i = 0; i < config->numCipherSuites; i++) { + if (wc_HpkeKdfIsSupported(config->cipherSuites[i].kdfId) && + wc_HpkeAeadIsSupported(config->cipherSuites[i].aeadId)) { + return i; + } + } + + return WOLFSSL_FATAL_ERROR; +} + +/* Hash the inner client hello, initializing the hsHashesEch field if needed. + * + * ssl SSL/TLS object. + * ech ECH object. + * returns 0 on success and otherwise failure. + */ +static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) +{ + int ret = 0; + int headerSz; + word32 realSz; + HS_Hashes* tmpHashes; +#ifndef NO_WOLFSSL_CLIENT + byte falseHeader[HRR_MAX_HS_HEADER_SZ]; +#endif + + if (ssl == NULL || ech == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + realSz = ech->innerClientHelloLen; +#ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + realSz -= ech->paddingLen + ech->hpke->Nt; + } +#endif + + tmpHashes = ssl->hsHashes; + + ssl->hsHashes = ssl->hsHashesEch; + if (ssl->options.echAccepted == 0 && ssl->hsHashes == NULL) { + ret = InitHandshakeHashes(ssl); + if (ret == 0) { + ssl->hsHashesEch = ssl->hsHashes; + ech->innerCount = 1; + } + } + + if (ret == 0) { +#ifndef NO_WOLFSSL_CLIENT + if (ssl->options.side == WOLFSSL_CLIENT_END) { + /* client-side: innerClientHello contains body only */ + AddTls13HandShakeHeader(falseHeader, realSz, 0, 0, client_hello, + ssl); + ret = HashRaw(ssl, falseHeader, headerSz); + if (ret == 0) { + ret = HashRaw(ssl, ech->innerClientHello, realSz); + } + } +#endif +#ifndef NO_WOLFSSL_SERVER + if (ssl->options.side == WOLFSSL_SERVER_END) { + /* server-side: innerClientHello contains header + body */ + ret = HashRaw(ssl, ech->innerClientHello, headerSz + realSz); + } +#endif + } + + ssl->hsHashes = tmpHashes; + return ret; +} + +/* Calculate the 8 ECH confirmation bytes. + * + * ssl SSL/TLS object. + * label Ascii string describing ECH acceptance or rejection. + * labelSz Length of label excluding NULL character. + * input The buffer to calculate confirmation off of. + * acceptOffset Where the 8 ECH confirmation bytes start. + * helloSz Size of hello message. + * isHrr Whether message is a HelloRetryRequest or not. + * acceptExpanded An 8 byte array to store calculated confirmation to. + * returns 0 on success and otherwise failure. + */ +static int EchCalcAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, + const byte* input, int acceptOffset, int helloSz, byte isHrr, + byte* acceptExpanded) +{ + int ret = 0; + int digestType = 0; + int digestSize = 0; + int hashSz = 0; + int headerSz; + HS_Hashes* tmpHashes; + HS_Hashes* acceptHash = NULL; + byte zeros[WC_MAX_DIGEST_SIZE]; + byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; + byte clientHelloInnerHash[WC_MAX_DIGEST_SIZE]; + byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; + byte messageHashHeader[HRR_MAX_HS_HEADER_SZ]; + + XMEMSET(zeros, 0, sizeof(zeros)); + XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); + XMEMSET(clientHelloInnerHash, 0, sizeof(clientHelloInnerHash)); + XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); + +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("ECH PRK", expandLabelPrk, sizeof(expandLabelPrk)); +#endif + + tmpHashes = ssl->hsHashes; + ssl->hsHashes = ssl->hsHashesEch; + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + if (isHrr) { + /* the transcript hash of ClientHelloInner1 */ + hashSz = GetMsgHash(ssl, clientHelloInnerHash); + if (hashSz > 0) { + ret = 0; + } + + /* restart ECH transcript hash, similar to RestartHandshakeHash but + * don't add a cookie */ + if (ret == 0) { + ret = InitHandshakeHashes(ssl); + } + if (ret == 0) { + ssl->hsHashesEch = ssl->hsHashes; + AddTls13HandShakeHeader(messageHashHeader, (word32)hashSz, 0, 0, + message_hash, ssl); + ret = HashRaw(ssl, messageHashHeader, headerSz); + } + if (ret == 0) { + ret = HashRaw(ssl, clientHelloInnerHash, (word32)hashSz); + } + } + + /* hash with zeros for confirmation computation */ + if (ret == 0) { + ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashesEch, &acceptHash); + } + if (ret == 0) { + ssl->hsHashes = acceptHash; + ret = HashRaw(ssl, input, acceptOffset); + } + if (ret == 0) { + ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); + } + if (ret == 0) { + ret = HashRaw(ssl, input + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ, + helloSz + headerSz - (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ)); + } + + /* get the modified transcript hash */ + if (ret == 0) { + ret = GetMsgHash(ssl, transcriptEchConf); + if (ret > 0) { + ret = 0; + } + } + + /* pick the right type and size based on mac_algorithm */ + if (ret == 0) { + switch (ssl->specs.mac_algorithm) { +#ifndef NO_SHA256 + case sha256_mac: + digestType = WC_SHA256; + digestSize = WC_SHA256_DIGEST_SIZE; + break; +#endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 + case sha384_mac: + digestType = WC_SHA384; + digestSize = WC_SHA384_DIGEST_SIZE; + break; +#endif /* WOLFSSL_SHA384 */ +#ifdef WOLFSSL_TLS13_SHA512 + case sha512_mac: + digestType = WC_SHA512; + digestSize = WC_SHA512_DIGEST_SIZE; + break; +#endif /* WOLFSSL_TLS13_SHA512 */ +#ifdef WOLFSSL_SM3 + case sm3_mac: + digestType = WC_SM3; + digestSize = WC_SM3_DIGEST_SIZE; + break; +#endif /* WOLFSSL_SM3 */ + default: + ret = WOLFSSL_FATAL_ERROR; + break; + } + } + + /* extract clientRandomInner with a key of all zeros */ + if (ret == 0) { + PRIVATE_KEY_UNLOCK(); + #if !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) + ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, + ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk, + ssl->heap, ssl->devId); + #else + ret = wc_HKDF_Extract(digestType, zeros, digestSize, + ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk); + #endif + PRIVATE_KEY_LOCK(); + } + + /* tls expand with the confirmation label */ + if (ret == 0) { + PRIVATE_KEY_UNLOCK(); +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + ret = Tls13HKDFExpandKeyLabel(ssl, acceptExpanded, + ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, + dtls13ProtocolLabel, DTLS13_PROTOCOL_LABEL_SZ, label, labelSz, + transcriptEchConf, (word32)digestSize, digestType, + WOLFSSL_SERVER_END); + } + else +#endif + { + ret = Tls13HKDFExpandKeyLabel(ssl, acceptExpanded, + ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, + tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz, + transcriptEchConf, (word32)digestSize, digestType, + WOLFSSL_SERVER_END); + } + PRIVATE_KEY_LOCK(); + } + + if (acceptHash != NULL) { + ssl->hsHashes = acceptHash; + FreeHandshakeHashes(ssl); + } + + ssl->hsHashes = tmpHashes; + ForceZero(expandLabelPrk, sizeof(expandLabelPrk)); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(expandLabelPrk, sizeof(expandLabelPrk)); +#endif + return ret; +} +#endif + #ifndef NO_WOLFSSL_CLIENT #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_PSK_ONE_ID) && \ @@ -3756,6 +4076,7 @@ { switch(mac_alg) { case no_mac: + return NULL; #ifndef NO_MD5 case md5_mac: return wolfSSL_EVP_md5(); @@ -3863,6 +4184,8 @@ #endif /* Set the client identity to use. */ + if (psk->identityLen > MAX_PSK_ID_LEN) + return PSK_KEY_ERROR; XMEMSET(ssl->arrays->client_identity, 0, sizeof(ssl->arrays->client_identity)); XMEMCPY(ssl->arrays->client_identity, psk->identity, psk->identityLen); @@ -4161,98 +4484,6 @@ } #endif -#if defined(HAVE_ECH) -/* returns the index of the first supported cipher suite, -1 if none */ -int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config) -{ - int i, j, supported = 0; - - for (i = 0; i < config->numCipherSuites; i++) { - supported = 0; - - for (j = 0; j < HPKE_SUPPORTED_KDF_LEN; j++) { - if (config->cipherSuites[i].kdfId == hpkeSupportedKdf[j]) - break; - } - - if (j < HPKE_SUPPORTED_KDF_LEN) - for (j = 0; j < HPKE_SUPPORTED_AEAD_LEN; j++) { - if (config->cipherSuites[i].aeadId == hpkeSupportedAead[j]) { - supported = 1; - break; - } - } - - if (supported) - return i; - } - - return WOLFSSL_FATAL_ERROR; -} - -/* returns status after we hash the ech inner */ -static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) -{ - int ret = 0; - word32 realSz; - HS_Hashes* tmpHashes; -#ifdef WOLFSSL_DTLS13 - byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ]; -#else - byte falseHeader[HANDSHAKE_HEADER_SZ]; -#endif - - if (ssl == NULL || ech == NULL) - return BAD_FUNC_ARG; - realSz = ech->innerClientHelloLen - ech->paddingLen - ech->hpke->Nt; - tmpHashes = ssl->hsHashes; - ssl->hsHashes = NULL; - /* init the ech hashes */ - ret = InitHandshakeHashes(ssl); - if (ret == 0) { - ssl->hsHashesEch = ssl->hsHashes; - /* do the handshake header then the body */ - AddTls13HandShakeHeader(falseHeader, realSz, 0, 0, client_hello, ssl); - ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ); - /* hash with inner */ - if (ret == 0) { - /* init hsHashesEchInner */ - if (ech->innerCount == 0) { - ssl->hsHashes = ssl->hsHashesEchInner; - ret = InitHandshakeHashes(ssl); - if (ret == 0) { - ssl->hsHashesEchInner = ssl->hsHashes; - ech->innerCount = 1; - } - } - else { - /* switch back to hsHashes so we have hrr -> echInner2 */ - ssl->hsHashes = tmpHashes; - ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, - &ssl->hsHashesEchInner); - } - - if (ret == 0) { - ssl->hsHashes = ssl->hsHashesEchInner; - ret = HashRaw(ssl, falseHeader, HANDSHAKE_HEADER_SZ); - ssl->hsHashes = ssl->hsHashesEch; - } - } - } - /* hash the body */ - if (ret == 0) - ret = HashRaw(ssl, ech->innerClientHello, realSz); - /* hash with inner */ - if (ret == 0) { - ssl->hsHashes = ssl->hsHashesEchInner; - ret = HashRaw(ssl, ech->innerClientHello, realSz); - } - /* swap hsHashes back */ - ssl->hsHashes = tmpHashes; - return ret; -} -#endif - static void GetTls13SessionId(WOLFSSL* ssl, byte* output, word32* idx) { if (ssl->session->sessionIDSz > 0) { @@ -4318,6 +4549,26 @@ #endif } Sch13Args; +#ifdef WOLFSSL_EARLY_DATA +/* Check if early data can potentially be sent. + * Returns 1 if early data is possible, 0 otherwise. + */ +static int EarlyDataPossible(WOLFSSL* ssl) +{ + /* Need session resumption OR PSK callback configured */ + if (ssl->options.resuming) { + return 1; + } +#ifndef NO_PSK + if (ssl->options.client_psk_tls13_cb != NULL || + ssl->options.client_psk_cb != NULL) { + return 1; + } +#endif + return 0; +} +#endif /* WOLFSSL_EARLY_DATA */ + int SendTls13ClientHello(WOLFSSL* ssl) { int ret; @@ -4348,8 +4599,8 @@ } #endif /* WOLFSSL_DTLS */ -#ifdef HAVE_SESSION_TICKET if (ssl->options.resuming && + ssl->session->version.major != 0 && (ssl->session->version.major != ssl->version.major || ssl->session->version.minor != ssl->version.minor)) { #ifndef WOLFSSL_NO_TLS12 @@ -4368,7 +4619,6 @@ return VERSION_ERROR; } } -#endif suites = WOLFSSL_SUITES(ssl); if (suites == NULL) { @@ -4423,6 +4673,13 @@ ssl->options.tls13MiddleBoxCompat = 0; } #endif +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* RFC 9147 Section 5: DTLS implementations do not use the + * TLS 1.3 "compatibility mode" */ + ssl->options.tls13MiddleBoxCompat = 0; + } +#endif GetTls13SessionId(ssl, NULL, &sessIdSz); args->length += (word16)sessIdSz; @@ -4457,14 +4714,8 @@ case TLS_ASYNC_FINALIZE: { #ifdef WOLFSSL_EARLY_DATA - #ifndef NO_PSK - if (!ssl->options.resuming && - ssl->options.client_psk_tls13_cb == NULL && - ssl->options.client_psk_cb == NULL) - #else - if (!ssl->options.resuming) - #endif - ssl->earlyData = no_early_data; + if (!EarlyDataPossible(ssl)) + ssl->earlyData = no_early_data; if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST_COMPLETE) ssl->earlyData = no_early_data; if (ssl->earlyData == no_early_data) @@ -4484,7 +4735,7 @@ /* find length of outer and inner */ #if defined(HAVE_ECH) - if (ssl->options.useEch == 1 && !ssl->options.disableECH) { + if (ssl->echConfigs != NULL && !ssl->options.disableECH) { TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) return WOLFSSL_FATAL_ERROR; @@ -4518,7 +4769,7 @@ { #ifdef WOLFSSL_DTLS_CH_FRAG - word16 maxFrag = wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + word16 maxFrag = wolfssl_local_GetMaxPlaintextSize(ssl); word16 lenWithoutExts = args->length; #endif @@ -4638,7 +4889,7 @@ #if defined(HAVE_ECH) /* write inner then outer */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH && + if (ssl->echConfigs != NULL && !ssl->options.disableECH && (ssl->options.echAccepted || args->ech->innerCount == 0)) { /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; @@ -4662,9 +4913,16 @@ XMEMCPY(args->ech->innerClientHello, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, args->idx - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ)); - /* copy the client random to inner */ - XMEMCPY(ssl->arrays->clientRandomInner, ssl->arrays->clientRandom, - RAN_LEN); + /* copy the client random to inner - only for first CH, not after HRR */ + if (!ssl->options.echAccepted) { + XMEMCPY(ssl->arrays->clientRandomInner, ssl->arrays->clientRandom, + RAN_LEN); + } + else { + /* After HRR, use the same inner random as CH1 */ + XMEMCPY(args->ech->innerClientHello + VERSION_SZ, + ssl->arrays->clientRandomInner, RAN_LEN); + } /* change the outer client random */ ret = wc_RNG_GenerateBlock(ssl->rng, args->output + args->clientRandomOffset, RAN_LEN); @@ -4696,7 +4954,7 @@ #if defined(HAVE_ECH) /* encrypt and pack the ech innerClientHello */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH && + if (ssl->echConfigs != NULL && !ssl->options.disableECH && (ssl->options.echAccepted || args->ech->innerCount == 0)) { ret = TLSX_FinalizeEch(args->ech, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, @@ -4727,9 +4985,10 @@ { #if defined(HAVE_ECH) /* compute the inner hash */ - if (ssl->options.useEch == 1 && !ssl->options.disableECH && - (ssl->options.echAccepted || args->ech->innerCount == 0)) + if (ssl->echConfigs != NULL && !ssl->options.disableECH && + (ssl->options.echAccepted || args->ech->innerCount == 0)) { ret = EchHashHelloInner(ssl, args->ech); + } #endif /* compute the outer hash */ if (ret == 0) @@ -4794,7 +5053,7 @@ return ret; } -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT) +#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT) static int Dtls13ClientDoDowngrade(WOLFSSL* ssl) { int ret; @@ -4818,236 +5077,78 @@ w64GetLow32(ssl->dtls13EncryptEpoch->nextSeqNumber); return ret; } -#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT*/ +#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT*/ #if defined(HAVE_ECH) -/* check if the server accepted ech or not, must be run after an hsHashes - * restart */ +/* Calculate ECH acceptance and verify the server accepted ECH. + * + * ssl SSL/TLS object. + * label Ascii string describing ECH acceptance type. + * labelSz Length of label excluding NULL character. + * input The buffer to calculate confirmation off of. + * acceptOffset Where the 8 ECH confirmation bytes start. + * helloSz Size of hello message. + * returns 0 on success and otherwise failure. + */ static int EchCheckAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, - const byte* input, int acceptOffset, int helloSz) + const byte* input, int acceptOffset, int helloSz, byte msgType) { int ret = 0; - int digestType = 0; - int digestSize = 0; + int headerSz; HS_Hashes* tmpHashes; - byte zeros[WC_MAX_DIGEST_SIZE]; - byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; - byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; byte acceptConfirmation[ECH_ACCEPT_CONFIRMATION_SZ]; - XMEMSET(zeros, 0, sizeof(zeros)); - XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); - XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); + XMEMSET(acceptConfirmation, 0, sizeof(acceptConfirmation)); - /* store so we can restore regardless of the outcome */ - tmpHashes = ssl->hsHashes; - /* swap hsHashes to hsHashesEch */ - ssl->hsHashes = ssl->hsHashesEch; - /* hash up to the last 8 bytes */ - ret = HashRaw(ssl, input, acceptOffset); - /* hash 8 zeros */ - if (ret == 0) - ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); - /* hash the rest of the hello */ - if (ret == 0) { - ret = HashRaw(ssl, input + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ, - helloSz + HANDSHAKE_HEADER_SZ - - (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ)); - } - /* get the modified transcript hash */ - if (ret == 0) - ret = GetMsgHash(ssl, transcriptEchConf); - if (ret > 0) - ret = 0; - /* pick the right type and size based on mac_algorithm */ - if (ret == 0) { - switch (ssl->specs.mac_algorithm) { -#ifndef NO_SHA256 - case sha256_mac: - digestType = WC_SHA256; - digestSize = WC_SHA256_DIGEST_SIZE; - break; -#endif /* !NO_SHA256 */ -#ifdef WOLFSSL_SHA384 - case sha384_mac: - digestType = WC_SHA384; - digestSize = WC_SHA384_DIGEST_SIZE; - break; -#endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_TLS13_SHA512 - case sha512_mac: - digestType = WC_SHA512; - digestSize = WC_SHA512_DIGEST_SIZE; - break; -#endif /* WOLFSSL_TLS13_SHA512 */ -#ifdef WOLFSSL_SM3 - case sm3_mac: - digestType = WC_SM3; - digestSize = WC_SM3_DIGEST_SIZE; - break; -#endif /* WOLFSSL_SM3 */ - default: - ret = WOLFSSL_FATAL_ERROR; - break; - } - } - /* extract clientRandomInner with a key of all zeros */ - if (ret == 0) { - PRIVATE_KEY_UNLOCK(); - #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) - ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, - ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk, - ssl->heap, ssl->devId); - #else - ret = wc_HKDF_Extract(digestType, zeros, digestSize, - ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk); - #endif - PRIVATE_KEY_LOCK(); - } - /* tls expand with the confirmation label */ - if (ret == 0) { - PRIVATE_KEY_UNLOCK(); - ret = Tls13HKDFExpandKeyLabel(ssl, acceptConfirmation, - ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, - tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz, - transcriptEchConf, (word32)digestSize, digestType, - WOLFSSL_SERVER_END); - PRIVATE_KEY_LOCK(); - } + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + ret = EchCalcAcceptance(ssl, label, labelSz, input, acceptOffset, helloSz, + msgType == hello_retry_request, acceptConfirmation); + if (ret == 0) { - /* last 8 bytes should match our expand output */ - ret = XMEMCMP(acceptConfirmation, input + acceptOffset, + tmpHashes = ssl->hsHashes; + ssl->hsHashes = ssl->hsHashesEch; + + /* last 8 bytes must match the expand output */ + ret = ConstantCompare(acceptConfirmation, input + acceptOffset, ECH_ACCEPT_CONFIRMATION_SZ); - /* ech accepted */ + if (ret == 0) { - /* set echAccepted to 1 */ ssl->options.echAccepted = 1; - /* free hsHashes and go with inner */ - ssl->hsHashes = tmpHashes; - FreeHandshakeHashes(ssl); - ssl->hsHashes = ssl->hsHashesEch; - tmpHashes = ssl->hsHashesEchInner; - ssl->hsHashesEchInner = NULL; + + /* after HRR, hsHashesEch must contain: + * message_hash(ClientHelloInner1) || HRR (actual, not zeros) */ + if (msgType == hello_retry_request) { + ret = HashRaw(ssl, input, helloSz + headerSz); + } + /* normal TLS code will calculate transcript of ServerHello */ + else { + ssl->hsHashes = tmpHashes; + FreeHandshakeHashes(ssl); + tmpHashes = ssl->hsHashesEch; + ssl->hsHashesEch = NULL; + } } - /* ech rejected */ else { - /* set echAccepted to 0, needed in case HRR */ ssl->options.echAccepted = 0; - /* free inner since we're continuing with outer */ - ssl->hsHashes = ssl->hsHashesEchInner; + ret = 0; + + /* ECH rejected, continue with outer transcript */ FreeHandshakeHashes(ssl); - ssl->hsHashesEchInner = NULL; + ssl->hsHashesEch = NULL; } - /* continue with outer if we failed to verify ech was accepted */ - ret = 0; - } - FreeHandshakeHashes(ssl); - /* set hsHashesEch to NULL to avoid double free */ - ssl->hsHashesEch = NULL; - /* swap to tmp, will be inner if accepted, hsHashes if rejected */ - ssl->hsHashes = tmpHashes; - return ret; -} -/* replace the last acceptance field for either sever hello or hrr with the ech - * acceptance parameter, return status */ -static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, - byte* output, int acceptOffset, int helloSz, byte msgType) -{ - int ret = 0; - int digestType = 0; - int digestSize = 0; - HS_Hashes* tmpHashes = NULL; - byte zeros[WC_MAX_DIGEST_SIZE]; - byte transcriptEchConf[WC_MAX_DIGEST_SIZE]; - byte expandLabelPrk[WC_MAX_DIGEST_SIZE]; - XMEMSET(zeros, 0, sizeof(zeros)); - XMEMSET(transcriptEchConf, 0, sizeof(transcriptEchConf)); - XMEMSET(expandLabelPrk, 0, sizeof(expandLabelPrk)); - /* store so we can restore regardless of the outcome */ - tmpHashes = ssl->hsHashes; - ssl->hsHashes = ssl->hsHashesEch; - /* hash up to the acceptOffset */ - ret = HashRaw(ssl, output, acceptOffset); - /* hash 8 zeros */ - if (ret == 0) - ret = HashRaw(ssl, zeros, ECH_ACCEPT_CONFIRMATION_SZ); - /* hash the rest of the hello */ - if (ret == 0) { - ret = HashRaw(ssl, output + acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ, - helloSz - (acceptOffset + ECH_ACCEPT_CONFIRMATION_SZ)); - } - /* get the modified transcript hash */ - if (ret == 0) - ret = GetMsgHash(ssl, transcriptEchConf); - if (ret > 0) - ret = 0; - /* pick the right type and size based on mac_algorithm */ - if (ret == 0) { - switch (ssl->specs.mac_algorithm) { -#ifndef NO_SHA256 - case sha256_mac: - digestType = WC_SHA256; - digestSize = WC_SHA256_DIGEST_SIZE; - break; -#endif /* !NO_SHA256 */ -#ifdef WOLFSSL_SHA384 - case sha384_mac: - digestType = WC_SHA384; - digestSize = WC_SHA384_DIGEST_SIZE; - break; -#endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_TLS13_SHA512 - case sha512_mac: - digestType = WC_SHA512; - digestSize = WC_SHA512_DIGEST_SIZE; - break; -#endif /* WOLFSSL_TLS13_SHA512 */ -#ifdef WOLFSSL_SM3 - case sm3_mac: - digestType = WC_SM3; - digestSize = WC_SM3_DIGEST_SIZE; - break; -#endif /* WOLFSSL_SM3 */ - default: - ret = WOLFSSL_FATAL_ERROR; - break; - } - } - /* extract clientRandom with a key of all zeros */ - if (ret == 0) { - PRIVATE_KEY_UNLOCK(); - #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) - ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, - ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk, - ssl->heap, ssl->devId); - #else - ret = wc_HKDF_Extract(digestType, zeros, digestSize, - ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk); - #endif - PRIVATE_KEY_LOCK(); - } - /* tls expand with the confirmation label */ - if (ret == 0) { - PRIVATE_KEY_UNLOCK(); - ret = Tls13HKDFExpandKeyLabel(ssl, output + acceptOffset, - ECH_ACCEPT_CONFIRMATION_SZ, expandLabelPrk, (word32)digestSize, - tls13ProtocolLabel, TLS13_PROTOCOL_LABEL_SZ, label, labelSz, - transcriptEchConf, (word32)digestSize, digestType, - WOLFSSL_SERVER_END); - PRIVATE_KEY_LOCK(); + ssl->hsHashes = tmpHashes; } - /* mark that ech was accepted */ - if (ret == 0 && msgType != hello_retry_request) - ssl->options.echAccepted = 1; - /* free hsHashesEch, if this is an HRR we will start at client hello 2*/ - FreeHandshakeHashes(ssl); - ssl->hsHashesEch = NULL; - ssl->hsHashes = tmpHashes; + return ret; } -#endif +#endif /* HAVE_ECH */ /* handle processing of TLS 1.3 server_hello (2) and hello_retry_request (6) */ /* Handle the ServerHello message from the server. @@ -5521,8 +5622,17 @@ } else #endif /* WOLFSSL_TLS13_MIDDLEBOX_COMPAT */ +#if defined(WOLFSSL_QUIC) || defined(WOLFSSL_DTLS13) + if (0 #ifdef WOLFSSL_QUIC - if (WOLFSSL_IS_QUIC(ssl)) { + || WOLFSSL_IS_QUIC(ssl) +#endif +#ifdef WOLFSSL_DTLS13 + || ssl->options.dtls +#endif + ) { + /* RFC 9147 Section 5.3 / RFC 9001 Section 8.4: DTLS 1.3 and QUIC + * ServerHello must have empty legacy_session_id_echo. */ if (args->sessIdSz != 0) { WOLFSSL_MSG("args->sessIdSz != 0"); WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); @@ -5530,7 +5640,7 @@ } } else -#endif /* WOLFSSL_QUIC */ +#endif /* WOLFSSL_QUIC || WOLFSSL_DTLS13 */ if (args->sessIdSz != ssl->session->sessionIDSz || (args->sessIdSz > 0 && XMEMCMP(ssl->session->sessionID, args->sessId, args->sessIdSz) != 0)) { @@ -5576,13 +5686,13 @@ suite[1] = ssl->options.cipherSuite; if (!FindSuiteSSL(ssl, suite)) { WOLFSSL_MSG("Cipher suite not supported on client"); - WOLFSSL_ERROR_VERBOSE(MATCH_SUITE_ERROR); - return MATCH_SUITE_ERROR; + WOLFSSL_ERROR_VERBOSE(INVALID_PARAMETER); + return INVALID_PARAMETER; } #if defined(HAVE_ECH) - /* check for acceptConfirmation, must be done after hashes restart */ - if (ssl->options.useEch == 1) { + /* check for acceptConfirmation */ + if (ssl->echConfigs != NULL && !ssl->options.disableECH) { args->echX = TLSX_Find(ssl->extensions, TLSX_ECH); /* account for hrr extension instead of server random */ if (args->extMsgType == hello_retry_request) { @@ -5598,7 +5708,8 @@ /* check acceptance */ if (ret == 0) { ret = EchCheckAcceptance(ssl, args->acceptLabel, - args->acceptLabelSz, input, args->acceptOffset, helloSz); + args->acceptLabelSz, input, args->acceptOffset, helloSz, + args->extMsgType); } if (ret != 0) return ret; @@ -5638,7 +5749,8 @@ #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) ssl->options.pskNegotiated == 0 && #endif - ssl->session->namedGroup == 0) { + (ssl->session->namedGroup == 0 || + ssl->options.shSentKeyShare == 0)) { return EXT_MISSING; } @@ -5659,7 +5771,7 @@ #endif ) { SendAlert(ssl, alert_fatal, illegal_parameter); - return DUPLICATE_MSG_E; + return EXT_MISSING; } ssl->options.tls1_3 = 1; @@ -5740,15 +5852,13 @@ if (ext == NULL || !ext->val) ssl->earlyData = no_early_data; } -#endif -#ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData == no_early_data) { ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY); if (ret != 0) return ret; } -#endif +#endif /* WOLFSSL_EARLY_DATA */ ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE; @@ -5792,11 +5902,6 @@ if (ssl->toInfoOn) AddLateName("CertificateRequest", &ssl->timeoutInfo); #endif -#ifdef WOLFSSL_CERT_SETUP_CB - if ((ret = CertSetupCbWrapper(ssl)) != 0) - return ret; -#endif - if (OPAQUE8_LEN > size) return BUFFER_ERROR; @@ -5812,7 +5917,7 @@ * Increase size to handle other implementations sending more than one byte. * That is, allocate extra space, over one byte, to hold the context value. */ - certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx) + len - 1, ssl->heap, + certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx) + (len == 0 ? 0 : len - 1), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); if (certReqCtx == NULL) return MEMORY_E; @@ -5841,7 +5946,7 @@ } *inOutIdx += len; -#ifdef OPENSSL_EXTRA +#ifdef WOLFSSL_CERT_SETUP_CB if ((ret = CertSetupCbWrapper(ssl)) != 0) return ret; #endif @@ -5917,7 +6022,7 @@ } if (*found) { if (*psk_keySz > MAX_PSK_KEY_LEN && - *((int*)psk_keySz) != WC_NO_ERR_TRACE(USE_HW_PSK)) { + (int)*psk_keySz != WC_NO_ERR_TRACE(USE_HW_PSK)) { WOLFSSL_MSG("Key len too long in FindPsk()"); ret = PSK_KEY_ERROR; WOLFSSL_ERROR_VERBOSE(ret); @@ -6039,7 +6144,8 @@ ext = TLSX_Find(ssl->extensions, TLSX_PRE_SHARED_KEY); if (ext == NULL) { WOLFSSL_MSG("No pre shared extension keys found"); - return BAD_FUNC_ARG; + ret = BAD_FUNC_ARG; + goto cleanup; } /* Look through all client's pre-shared keys for a match. */ @@ -6047,7 +6153,8 @@ current = current->next) { #ifndef NO_PSK if (current->identityLen > MAX_PSK_ID_LEN) { - return BUFFER_ERROR; + ret = BUFFER_ERROR; + goto cleanup; } XMEMCPY(ssl->arrays->client_identity, current->identity, current->identityLen); @@ -6074,7 +6181,7 @@ #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) - return ret; + goto cleanup; #endif if (ret != WOLFSSL_TICKET_RET_OK && current->sess_free_cb != NULL) { @@ -6109,45 +6216,45 @@ ssl->options.cipherSuite = ssl->session->cipherSuite; ret = SetCipherSpecs(ssl); if (ret != 0) - return ret; + goto cleanup; /* Resumption PSK is resumption master secret. */ ssl->arrays->psk_keySz = ssl->specs.hash_size; if ((ret = DeriveResumptionPSK(ssl, ssl->session->ticketNonce.data, ssl->session->ticketNonce.len, ssl->arrays->psk_key)) != 0) { - return ret; + goto cleanup; } /* Derive the early secret using the PSK. */ ret = DeriveEarlySecret(ssl); if (ret != 0) - return ret; + goto cleanup; /* Hash data up to binders for deriving binders in PSK extension. */ ret = HashInput(ssl, input, (int)inputSz); if (ret < 0) - return ret; + goto cleanup; /* Derive the binder key to use with HMAC. */ ret = DeriveBinderKeyResume(ssl, binderKey); if (ret != 0) - return ret; + goto cleanup; } else #endif /* HAVE_SESSION_TICKET */ #ifndef NO_PSK if (FindPsk(ssl, current, suite, &ret)) { if (ret != 0) - return ret; + goto cleanup; ret = HashInput(ssl, input, (int)inputSz); if (ret < 0) - return ret; + goto cleanup; /* Derive the binder key to use with HMAC. */ ret = DeriveBinderKey(ssl, binderKey); if (ret != 0) - return ret; + goto cleanup; } else #endif @@ -6162,18 +6269,19 @@ ssl->keys.client_write_MAC_secret, 0 /* neither end */); if (ret != 0) - return ret; + goto cleanup; /* Derive the binder and compare with the one in the extension. */ ret = BuildTls13HandshakeHmac(ssl, ssl->keys.client_write_MAC_secret, binder, &binderLen); if (ret != 0) - return ret; + goto cleanup; if (binderLen != current->binderLen || ConstantCompare(binder, current->binder, binderLen) != 0) { WOLFSSL_ERROR_VERBOSE(BAD_BINDER); - return BAD_BINDER; + ret = BAD_BINDER; + goto cleanup; } /* This PSK works, no need to try any more. */ @@ -6185,19 +6293,26 @@ if (current == NULL) { #ifdef WOLFSSL_PSK_ID_PROTECTION #ifndef NO_CERTS - if (ssl->buffers.certChainCnt != 0) - return 0; + if (ssl->buffers.certChainCnt != 0) { + ret = 0; + goto cleanup; + } #endif WOLFSSL_ERROR_VERBOSE(BAD_BINDER); - return BAD_BINDER; + ret = BAD_BINDER; + goto cleanup; #else - return 0; + ret = 0; + goto cleanup; #endif } *first = (current == ext->data); *usingPSK = 1; +cleanup: + ForceZero(binderKey, sizeof(binderKey)); + ForceZero(binder, sizeof(binder)); WOLFSSL_LEAVE("DoPreSharedKeys", ret); return ret; @@ -6257,6 +6372,8 @@ client_hello, &bindersLen); if (ret < 0) return ret; + if (bindersLen > helloSz) + return BUFFER_ERROR; /* Refine list for PSK processing. */ sslRefineSuites(ssl, clSuites); @@ -6498,8 +6615,9 @@ word16 length; int keyShareExt = 0; int ret; + byte sessIdSz; - ret = TlsCheckCookie(ssl, cookie->data, (byte)cookie->len); + ret = TlsCheckCookie(ssl, cookie->data, cookie->len); if (ret < 0) return ret; cookieDataSz = (word16)ret; @@ -6522,7 +6640,13 @@ return ret; /* Reconstruct the HelloRetryMessage for handshake hash. */ - length = HRR_BODY_SZ - ID_LEN + ssl->session->sessionIDSz + + sessIdSz = ssl->session->sessionIDSz; +#ifdef WOLFSSL_DTLS13 + /* RFC 9147 Section 5.3: DTLS 1.3 must use empty legacy_session_id. */ + if (ssl->options.dtls) + sessIdSz = 0; +#endif + length = HRR_BODY_SZ - ID_LEN + sessIdSz + HRR_COOKIE_HDR_SZ + cookie->len; length += HRR_VERSIONS_SZ; /* HashSz (1 byte) + Hash (HashSz bytes) + CipherSuite (2 bytes) */ @@ -6549,21 +6673,23 @@ XMEMCPY(hrr + hrrIdx, helloRetryRequestRandom, RAN_LEN); hrrIdx += RAN_LEN; - hrr[hrrIdx++] = ssl->session->sessionIDSz; - if (ssl->session->sessionIDSz > 0) { - XMEMCPY(hrr + hrrIdx, ssl->session->sessionID, ssl->session->sessionIDSz); - hrrIdx += ssl->session->sessionIDSz; + hrr[hrrIdx++] = sessIdSz; + if (sessIdSz > 0) { + XMEMCPY(hrr + hrrIdx, ssl->session->sessionID, sessIdSz); + hrrIdx += sessIdSz; } - /* Cipher Suite */ + /* Restore the cipher suite from the cookie. */ + ssl->options.hrrCipherSuite0 = cookieData[idx]; hrr[hrrIdx++] = cookieData[idx++]; + ssl->options.hrrCipherSuite = cookieData[idx]; hrr[hrrIdx++] = cookieData[idx++]; /* Compression not supported in TLS v1.3. */ hrr[hrrIdx++] = 0; /* Extensions' length */ - length -= HRR_BODY_SZ - ID_LEN + ssl->session->sessionIDSz; + length -= HRR_BODY_SZ - ID_LEN + sessIdSz; c16toa(length, hrr + hrrIdx); hrrIdx += 2; @@ -6573,6 +6699,8 @@ hrrIdx += 2; c16toa(OPAQUE16_LEN, hrr + hrrIdx); hrrIdx += 2; + /* Restore the HRR key share group from the cookie. */ + ato16(cookieData + idx, &ssl->hrr_keyshare_group); hrr[hrrIdx++] = cookieData[idx++]; hrr[hrrIdx++] = cookieData[idx++]; } @@ -6689,6 +6817,63 @@ return 0; } +#ifdef HAVE_ECH +/* Calculate and write the 8 ECH confirmation bytes. + * Output into confirmation field on HRR and into ServerRandom on ServerHello. + * + * ssl SSL/TLS object. + * label Ascii string describing ECH acceptance or rejection. + * labelSz Length of label excluding NULL character. + * output The buffer to calculate/write confirmation from/to. + * acceptOffset Where the 8 ECH confirmation bytes should be placed. + * helloSz Size of hello message. + * msgType Type of message being written. + * returns 0 on success and otherwise failure. + */ +static int EchWriteAcceptance(WOLFSSL* ssl, byte* label, word16 labelSz, + byte* output, int acceptOffset, int helloSz, byte msgType) +{ + int ret = 0; + int headerSz; + HS_Hashes* tmpHashes; + +#ifdef WOLFSSL_DTLS13 + headerSz = ssl->options.dtls ? DTLS13_HANDSHAKE_HEADER_SZ : + HANDSHAKE_HEADER_SZ; +#else + headerSz = HANDSHAKE_HEADER_SZ; +#endif + + ret = EchCalcAcceptance(ssl, label, labelSz, output, acceptOffset, + helloSz - headerSz, msgType == hello_retry_request, + output + acceptOffset); + + if (ret == 0) { + tmpHashes = ssl->hsHashes; + ssl->hsHashes = ssl->hsHashesEch; + + /* after HRR, hsHashesEch must contain: + * message_hash(ClientHelloInner1) || HRR (actual, not zeros) */ + if (msgType == hello_retry_request) { + ret = HashRaw(ssl, output, helloSz); + } + /* normal TLS code will calculate transcript of ServerHello */ + else { + ssl->options.echAccepted = 1; + + ssl->hsHashes = tmpHashes; + FreeHandshakeHashes(ssl); + tmpHashes = ssl->hsHashesEch; + ssl->hsHashesEch = NULL; + } + + ssl->hsHashes = tmpHashes; + } + + return ret; +} +#endif + /* Handle a ClientHello handshake message. * If the protocol version in the message is not TLS v1.3 or higher, use * DoClientHello() @@ -6737,7 +6922,6 @@ #endif #if defined(HAVE_ECH) TLSX* echX = NULL; - HS_Hashes* tmpHashes; #endif WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); @@ -6764,7 +6948,7 @@ #endif { /* Reset state */ - ret = VERSION_ERROR; + ret = WC_NO_ERR_TRACE(VERSION_ERROR); ssl->options.asyncState = TLS_ASYNC_BEGIN; XMEMSET(args, 0, sizeof(Dch13Args)); #ifdef WOLFSSL_ASYNC_CRYPT @@ -6922,11 +7106,7 @@ #endif sessIdSz = input[args->idx++]; -#ifndef WOLFSSL_TLS13_MIDDLEBOX_COMPAT if (sessIdSz > ID_LEN) -#else - if (sessIdSz != ID_LEN && sessIdSz != 0) -#endif { ERROR_OUT(INVALID_PARAMETER, exit_dch); } @@ -6934,11 +7114,30 @@ if (sessIdSz + args->idx > helloSz) ERROR_OUT(BUFFER_ERROR, exit_dch); - ssl->session->sessionIDSz = sessIdSz; - if (sessIdSz > 0) - XMEMCPY(ssl->session->sessionID, input + args->idx, sessIdSz); +#ifdef WOLFSSL_DTLS13 + /* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty + * legacy_session_id_echo. Don't store the client's value so it + * won't be echoed in SendTls13ServerHello. */ + if (ssl->options.dtls) { + ssl->session->sessionIDSz = 0; + } + else +#endif + { + ssl->session->sessionIDSz = sessIdSz; + if (sessIdSz > 0) + XMEMCPY(ssl->session->sessionID, input + args->idx, sessIdSz); + } args->idx += sessIdSz; +#ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT + /* RFC 8446 Appendix D.4: server MUST only send CCS if the client's + * ClientHello contains a non-empty legacy_session_id. */ + if (sessIdSz == 0) { + ssl->options.tls13MiddleBoxCompat = 0; + } +#endif + #ifdef WOLFSSL_DTLS13 /* legacy_cookie */ if (ssl->options.dtls) { @@ -7025,9 +7224,19 @@ } #if defined(HAVE_ECH) - /* jump to the end to clean things up */ - if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) - goto exit_dch; + if (echX != NULL && ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) { + if (((WOLFSSL_ECH*)echX->data)->innerClientHello != NULL) { + /* Client sent real ECH and inner hello was decrypted, jump to + * exit so the caller can re-invoke with the inner hello */ + goto exit_dch; + } + else { + /* Server has ECH but client did not send ECH. Clear the + * response flag so the empty ECH extension is not written + * in EncryptedExtensions. */ + echX->resp = 0; + } + } #endif #ifdef HAVE_SNI @@ -7078,19 +7287,37 @@ } #endif +#ifdef HAVE_SUPPORTED_CURVES + if (ssl->hrr_keyshare_group != 0) { + /* + * https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.8 + * when sending the new ClientHello, the client MUST + * replace the original "key_share" extension with one containing only + * a new KeyShareEntry for the group indicated in the selected_group + * field of the triggering HelloRetryRequest. + */ + TLSX* extension = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + if (extension != NULL) { + KeyShareEntry* kse = (KeyShareEntry*)extension->data; + /* Exactly one KeyShareEntry with the HRR group must be present. */ + if (kse == NULL || kse->next != NULL || + kse->group != ssl->hrr_keyshare_group) { + ERROR_OUT(BAD_KEY_SHARE_DATA, exit_dch); + } + } + else + ERROR_OUT(BAD_KEY_SHARE_DATA, exit_dch); + } +#endif + #if defined(HAVE_ECH) - /* hash clientHelloInner to hsHashesEch independently since it can't include - * the HRR */ - if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { - tmpHashes = ssl->hsHashes; - ssl->hsHashes = NULL; - ret = InitHandshakeHashes(ssl); + /* hash clientHelloInner to hsHashesEch */ + if (echX != NULL && ssl->ctx->echConfigs != NULL && + !ssl->options.disableECH && + ((WOLFSSL_ECH*)echX->data)->innerClientHello != NULL) { + ret = EchHashHelloInner(ssl, (WOLFSSL_ECH*)echX->data); if (ret != 0) goto exit_dch; - if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0) - goto exit_dch; - ssl->hsHashesEch = ssl->hsHashes; - ssl->hsHashes = tmpHashes; } #endif @@ -7180,6 +7407,21 @@ } #endif + /* Verify the cipher suite is the same as what was chosen in HRR. + * got_client_hello == 2 covers the stateful path. + * cookieGood covers the stateless DTLS path. */ + if ((ssl->msgsReceived.got_client_hello == 2 +#ifdef WOLFSSL_SEND_HRR_COOKIE + || ssl->options.cookieGood +#endif + ) && + (ssl->options.cipherSuite0 != ssl->options.hrrCipherSuite0 || + ssl->options.cipherSuite != ssl->options.hrrCipherSuite)) { + WOLFSSL_MSG("Cipher suite in second ClientHello does not match " + "HelloRetryRequest"); + ERROR_OUT(INVALID_PARAMETER, exit_dch); + } + /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_VERIFY; } /* case TLS_ASYNC_BUILD || TLS_ASYNC_DO */ @@ -7196,7 +7438,16 @@ KeyShareEntry* serverKSE = (KeyShareEntry*)extension->data; if (serverKSE != NULL && serverKSE->lastRet == WC_NO_ERR_TRACE(WC_PENDING_E)) { - ret = TLSX_KeyShare_GenKey(ssl, serverKSE); + #if defined(WOLFSSL_HAVE_MLKEM) + if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(serverKSE->group)) { + ret = TLSX_KeyShare_HandlePqcHybridKeyServer(ssl, serverKSE, + serverKSE->ke, serverKSE->keLen); + } + else + #endif + { + ret = TLSX_KeyShare_GenKey(ssl, serverKSE); + } if (ret != 0) goto exit_dch; } @@ -7346,7 +7597,8 @@ #if defined(HAVE_ECH) if (ret == 0 && echX != NULL && - ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) { + ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE && + ((WOLFSSL_ECH*)echX->data)->innerClientHello != NULL) { /* add the header to the inner hello */ AddTls13HandShakeHeader(((WOLFSSL_ECH*)echX->data)->innerClientHello, @@ -7448,10 +7700,21 @@ WOLFSSL_BUFFER(ssl->arrays->serverRandom, RAN_LEN); #endif - output[idx++] = ssl->session->sessionIDSz; - if (ssl->session->sessionIDSz > 0) { - XMEMCPY(output + idx, ssl->session->sessionID, ssl->session->sessionIDSz); - idx += ssl->session->sessionIDSz; +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty + * legacy_session_id_echo. */ + output[idx++] = 0; + } + else +#endif + { + output[idx++] = ssl->session->sessionIDSz; + if (ssl->session->sessionIDSz > 0) { + XMEMCPY(output + idx, ssl->session->sessionID, + ssl->session->sessionIDSz); + idx += ssl->session->sessionIDSz; + } } /* Chosen cipher suite */ @@ -7471,6 +7734,31 @@ if (ret != 0) return ret; + /* When we send a HRR, we store the selected key share group to later check + * that the client uses the same group in the second ClientHello. + * + * In case of stateless DTLS, we do not store the group, however, as it is + * already stored in the cookie that is sent to the client. We later recover + * the group from the cookie to prevent storing a state in a stateless + * server. + * + * Similar logic holds for the hrrCipherSuite. */ + if (extMsgType == hello_retry_request +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) + && (!ssl->options.dtls || ssl->options.dtlsStateful) +#endif + ) { + TLSX* ksExt = TLSX_Find(ssl->extensions, TLSX_KEY_SHARE); + if (ksExt != NULL) { + KeyShareEntry* kse = (KeyShareEntry*)ksExt->data; + if (kse != NULL) + ssl->hrr_keyshare_group = kse->group; + } + + ssl->options.hrrCipherSuite0 = ssl->options.cipherSuite0; + ssl->options.hrrCipherSuite = ssl->options.cipherSuite; + } + #ifdef WOLFSSL_SEND_HRR_COOKIE if (ssl->options.sendCookie && extMsgType == hello_retry_request) { /* Reset the hashes from here. We will be able to restart the hashes @@ -7749,7 +8037,6 @@ int sendSz; word32 i; word32 reqSz; - word16 hashSigAlgoSz = 0; SignatureAlgorithms* sa; WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); @@ -7760,14 +8047,11 @@ if (ssl->options.side != WOLFSSL_SERVER_END) return SIDE_ERROR; - /* Get the length of the hashSigAlgo buffer */ - InitSuitesHashSigAlgo(NULL, SIG_ALL, 1, ssl->buffers.keySz, - &hashSigAlgoSz); - sa = TLSX_SignatureAlgorithms_New(ssl, hashSigAlgoSz, ssl->heap); + /* Use ssl->suites->hashSigAlgo so wolfSSL_set1_sigalgs_list() is honored. + * hashSigAlgoSz=0 makes GetSize/Write fall back to WOLFSSL_SUITES(ssl). */ + sa = TLSX_SignatureAlgorithms_New(ssl, 0, ssl->heap); if (sa == NULL) return MEMORY_ERROR; - InitSuitesHashSigAlgo(sa->hashSigAlgo, SIG_ALL, 1, ssl->buffers.keySz, - &hashSigAlgoSz); ret = TLSX_Push(&ssl->extensions, TLSX_SIGNATURE_ALGORITHMS, sa, ssl->heap); if (ret != 0) { TLSX_SignatureAlgorithms_FreeAll(sa, ssl->heap); @@ -7859,21 +8143,38 @@ #endif /* NO_WOLFSSL_SERVER */ #ifndef NO_CERTS -#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ - defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) +#if (!defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH)) && \ + (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM)) /* Encode the signature algorithm into buffer. * * hashalgo The hash algorithm. * hsType The signature type. * output The buffer to encode into. */ -static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) +static WC_INLINE void EncodeSigAlg(const WOLFSSL * ssl, byte hashAlgo, + byte hsType, byte* output) { + (void)ssl; switch (hsType) { #ifdef HAVE_ECC case ecc_dsa_sa_algo: - output[0] = hashAlgo; - output[1] = ecc_dsa_sa_algo; + if (ssl->pkCurveOID == ECC_BRAINPOOLP256R1_OID) { + output[0] = NEW_SA_MAJOR; + output[1] = ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR; + } + else if (ssl->pkCurveOID == ECC_BRAINPOOLP384R1_OID) { + output[0] = NEW_SA_MAJOR; + output[1] = ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR; + } + else if (ssl->pkCurveOID == ECC_BRAINPOOLP512R1_OID) { + output[0] = NEW_SA_MAJOR; + output[1] = ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR; + } + else { + output[0] = hashAlgo; + output[1] = ecc_dsa_sa_algo; + } break; #endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) @@ -7899,10 +8200,24 @@ break; #endif #ifndef NO_RSA - /* PSS signatures: 0x080[4-6] */ + /* PSS signatures: 0x080[4-6] or 0x080[9-B] */ case rsa_pss_sa_algo: output[0] = rsa_pss_sa_algo; - output[1] = hashAlgo; +#ifdef WC_RSA_PSS + /* If the private key uses the RSA-PSS OID, and the peer supports + * the rsa_pss_pss_* signature algorithm in use, then report + * rsa_pss_pss_* rather than rsa_pss_rsae_*. */ + if (ssl->useRsaPss && + ((ssl->pssAlgo & (1U << hashAlgo)) != 0U) && + (sha256_mac <= hashAlgo) && (hashAlgo <= sha512_mac)) + { + output[1] = PSS_RSAE_TO_PSS_PSS(hashAlgo); + } + else +#endif + { + output[1] = hashAlgo; + } break; #endif #ifdef HAVE_FALCON @@ -7933,7 +8248,10 @@ break; } } +#endif +#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ + defined(HAVE_ED448) || defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) #ifdef WOLFSSL_DUAL_ALG_CERTS /* These match up with what the OQS team has defined. */ #define HYBRID_SA_MAJOR 0xFE @@ -8028,16 +8346,19 @@ switch (typeIn) { case RSA_PSS_RSAE_SHA256_MINOR: case RSA_PSS_PSS_SHA256_MINOR: + case ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR: return sha256_mac; case RSA_PSS_RSAE_SHA384_MINOR: case RSA_PSS_PSS_SHA384_MINOR: + case ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR: return sha384_mac; case RSA_PSS_RSAE_SHA512_MINOR: case RSA_PSS_PSS_SHA512_MINOR: case ED25519_SA_MINOR: case ED448_SA_MINOR: + case ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR: return sha512_mac; default: return no_mac; @@ -8094,6 +8415,13 @@ /* Hash performed as part of sign/verify operation. */ } #endif + #ifdef HAVE_ECC_BRAINPOOL + else if ((input[1] == ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR) || + (input[1] == ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR) || + (input[1] == ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR)) { + *hsType = ecc_dsa_sa_algo; + } + #endif else ret = INVALID_PARAMETER; break; @@ -8523,8 +8851,8 @@ { word32 len; - /* Is index at end of list. */ - if (*idx == length) + /* Would index read past end of list? */ + if (*idx + 3 > length) return 0; /* Length of the current ASN.1 encoded certificate. */ @@ -8532,6 +8860,10 @@ /* Include the length field. */ len += 3; + /* Ensure len does not overrun certificate list */ + if (*idx + len > length) + return 0; + /* Move index to next certificate and return the current certificate's * length. */ @@ -8575,7 +8907,9 @@ if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && certExts[extIdx] == NULL) { /* csr extension is not zero */ - extSz[extIdx] = tmpSz; + if (tmpSz > WOLFSSL_MAX_16BIT) + return BUFFER_E; + extSz[extIdx] = (word16)tmpSz; ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset, CERT_TYPE, ssl->heap); @@ -8815,7 +9149,7 @@ return ret; ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0], - 1 /* +1 for leaf */ + ssl->buffers.certChainCnt); + 1 /* +1 for leaf */ + (word16)ssl->buffers.certChainCnt); if (ret < 0) return ret; totalextSz += ret; @@ -8853,7 +9187,7 @@ if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); - maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + maxFragment = (word32)wolfssl_local_GetMaxPlaintextSize(ssl); extIdx = 0; @@ -8968,7 +9302,7 @@ break; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ !defined(NO_WOLFSSL_SERVER) - if (MAX_CERT_EXTENSIONS > extIdx) + if (extIdx + 1 < MAX_CERT_EXTENSIONS) extIdx++; #endif } @@ -8983,10 +9317,11 @@ if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS && ssl->buffers.certExts[extIdx] != NULL && - offset == len + extSz[extIdx]) + offset == len + extSz[extIdx]) { FreeDer(&ssl->buffers.certExts[extIdx]); - /* for next chain cert */ - len += extSz[extIdx] - OPAQUE16_LEN; + /* for next chain cert */ + len += extSz[extIdx] - OPAQUE16_LEN; + } } } @@ -9000,6 +9335,10 @@ /* DTLS1.3 uses a separate variable and logic for fragments */ ssl->options.buildingMsg = 0; ssl->fragOffset = 0; + if ((word32)sendSz > WOLFSSL_MAX_16BIT || i > WOLFSSL_MAX_16BIT) { + WOLFSSL_MSG("Send Cert DTLS size exceeds word16"); + return BUFFER_E; + } ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i, certificate, 1); } @@ -9257,10 +9596,13 @@ /* Swap keys */ ssl->buffers.key = ssl->buffers.altKey; + ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey; + #ifdef WOLFSSL_BLIND_PRIVATE_KEY ssl->buffers.keyMask = ssl->buffers.altKeyMask; + /* Unblind the alternative key before decoding */ + wolfssl_priv_der_blind_toggle(ssl->buffers.key, ssl->buffers.keyMask); #endif - ssl->buffers.weOwnKey = ssl->buffers.weOwnAltKey; } #endif /* WOLFSSL_DUAL_ALG_CERTS */ ret = DecodePrivateKey(ssl, &args->sigLen); @@ -9328,7 +9670,7 @@ /* The native was already decoded. Now we need to do the * alternative. Note that no swap was done because this case is * both native and alternative, not just alternative. */ - if (ssl->ctx->altPrivateKey == NULL) { + if (ssl->buffers.altKey == NULL) { ERROR_OUT(NO_PRIVATE_KEY, exit_scv); } @@ -9361,7 +9703,7 @@ } else #endif /* WOLFSSL_DUAL_ALG_CERTS */ - EncodeSigAlg(ssl->options.hashAlgo, args->sigAlgo, + EncodeSigAlg(ssl, ssl->options.hashAlgo, args->sigAlgo, args->verify); if (args->sigData == NULL) { @@ -9484,6 +9826,7 @@ #ifndef NO_RSA if (ssl->hsAltType == DYNAMIC_TYPE_RSA) { /* build encoded signature buffer */ + XFREE(rsaSigBuf->buffer, ssl->heap, DYNAMIC_TYPE_SIGNATURE); rsaSigBuf->length = WC_MAX_DIGEST_SIZE; rsaSigBuf->buffer = (byte*)XMALLOC(rsaSigBuf->length, ssl->heap, @@ -10215,18 +10558,6 @@ ERROR_OUT(BUFFER_ERROR, exit_dcv); } - validSigAlgo = 0; - for (i = 0; i < suites->hashSigAlgoSz; i += 2) { - if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) && - (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) { - validSigAlgo = 1; - break; - } - } - if (!validSigAlgo) { - ERROR_OUT(INVALID_PARAMETER, exit_dcv); - } - #ifdef WOLFSSL_DUAL_ALG_CERTS if (ssl->peerSigSpec == NULL) { /* The peer did not respond. We didn't send CKS or they don't @@ -10243,6 +10574,18 @@ *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_NATIVE || *ssl->sigSpec == WOLFSSL_CKS_SIGSPEC_ALTERNATIVE) { #endif /* WOLFSSL_DUAL_ALG_CERTS */ + validSigAlgo = 0; + for (i = 0; i < suites->hashSigAlgoSz; i += 2) { + if ((suites->hashSigAlgo[i + 0] == input[args->idx + 0]) && + (suites->hashSigAlgo[i + 1] == input[args->idx + 1])) { + validSigAlgo = 1; + break; + } + } + if (!validSigAlgo) { + ERROR_OUT(INVALID_PARAMETER, exit_dcv); + } + ret = DecodeTls13SigAlg(input + args->idx, &ssl->options.peerHashAlgo, &ssl->options.peerSigAlgo); #ifdef WOLFSSL_DUAL_ALG_CERTS @@ -10267,8 +10610,7 @@ args->idx += OPAQUE16_LEN; /* Signature data. */ - if ((args->idx - args->begin) + args->sz > totalSz || - args->sz > ENCRYPT_LEN) { + if ((args->idx - args->begin) + args->sz > totalSz) { ERROR_OUT(BUFFER_ERROR, exit_dcv); } @@ -10448,10 +10790,16 @@ * we can decode both lengths here now. */ word32 tmpIdx = args->idx; word16 tmpSz = 0; + if (args->sz < OPAQUE16_LEN) { + ERROR_OUT(BUFFER_ERROR, exit_dcv); + } ato16(input + tmpIdx, &tmpSz); args->sigSz = tmpSz; tmpIdx += OPAQUE16_LEN + args->sigSz; + if (tmpIdx - args->idx + OPAQUE16_LEN > args->sz) { + ERROR_OUT(BUFFER_ERROR, exit_dcv); + } ato16(input + tmpIdx, &tmpSz); args->altSignatureSz = tmpSz; @@ -10522,17 +10870,12 @@ #ifdef HAVE_ECC if ((ssl->options.peerSigAlgo == ecc_dsa_sa_algo) && (ssl->peerEccDsaKeyPresent)) { - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - if (ssl->options.peerSigAlgo != sm2_sa_algo) - #endif - { - ret = CreateECCEncodedSig(args->sigData, - args->sigDataSz, ssl->options.peerHashAlgo); - if (ret < 0) - goto exit_dcv; - args->sigDataSz = (word16)ret; - ret = 0; - } + ret = CreateECCEncodedSig(args->sigData, + args->sigDataSz, ssl->options.peerHashAlgo); + if (ret < 0) + goto exit_dcv; + args->sigDataSz = (word16)ret; + ret = 0; } #ifdef WOLFSSL_DUAL_ALG_CERTS @@ -11007,28 +11350,30 @@ ret = NO_PEER_CERT; /* NO_PEER_VERIFY */ WOLFSSL_MSG("TLS v1.3 client did not present peer cert"); DoCertFatalAlert(ssl, ret); - return ret; + goto cleanup; } } #endif /* check against totalSz */ - if (*inOutIdx + size > totalSz) - return BUFFER_E; + if (*inOutIdx + size > totalSz) { + ret = BUFFER_E; + goto cleanup; + } #if defined(WOLFSSL_RENESAS_TSIP_TLS) ret = tsip_Tls13HandleFinished(ssl, input, inOutIdx, size, totalSz); if (ret == 0) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; - return ret; + goto cleanup; } if (ret == WC_NO_ERR_TRACE(VERIFY_FINISHED_ERROR)) { SendAlert(ssl, alert_fatal, decrypt_error); - return ret; + goto cleanup; } if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { /* other errors */ - return ret; + goto cleanup; } ret = 0; #endif /* WOLFSSL_RENESAS_TSIP_TLS */ @@ -11038,7 +11383,7 @@ ssl->keys.client_write_MAC_secret, WOLFSSL_CLIENT_END); if (ret != 0) - return ret; + goto cleanup; secret = ssl->keys.client_write_MAC_secret; } @@ -11050,13 +11395,13 @@ ssl->keys.client_write_MAC_secret, WOLFSSL_CLIENT_END); if (ret != 0) - return ret; + goto cleanup; ret = DeriveFinishedSecret(ssl, ssl->serverSecret, ssl->keys.server_write_MAC_secret, WOLFSSL_SERVER_END); if (ret != 0) - return ret; + goto cleanup; secret = ssl->keys.server_write_MAC_secret; } @@ -11069,7 +11414,8 @@ ret = BuildTls13HandshakeHmac(ssl, secret, mac, &finishedSz); #ifdef WOLFSSL_HAVE_TLS_UNIQUE if (finishedSz > TLS_FINISHED_SZ_MAX) { - return BUFFER_ERROR; + ret = BUFFER_ERROR; + goto cleanup; } if (ssl->options.side == WOLFSSL_CLIENT_END) { XMEMCPY(ssl->serverFinished, mac, finishedSz); @@ -11081,9 +11427,11 @@ } #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ if (ret != 0) - return ret; - if (size != finishedSz) - return BUFFER_ERROR; + goto cleanup; + if (size != finishedSz) { + ret = BUFFER_ERROR; + goto cleanup; + } } #ifdef WOLFSSL_CALLBACKS @@ -11094,11 +11442,12 @@ if (sniff == NO_SNIFF) { /* Actually check verify data. */ if (size > WC_MAX_DIGEST_SIZE || - XMEMCMP(input + *inOutIdx, mac, size) != 0){ + ConstantCompare(input + *inOutIdx, mac, size) != 0){ WOLFSSL_MSG("Verify finished error on hashes"); SendAlert(ssl, alert_fatal, decrypt_error); WOLFSSL_ERROR_VERBOSE(VERIFY_FINISHED_ERROR); - return VERIFY_FINISHED_ERROR; + ret = VERIFY_FINISHED_ERROR; + goto cleanup; } } @@ -11111,12 +11460,12 @@ #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData != no_early_data) { if ((ret = DeriveTls13Keys(ssl, no_key, DECRYPT_SIDE_ONLY, 1)) != 0) - return ret; + goto cleanup; } #endif /* Setup keys for application data messages from client. */ if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0) - return ret; + goto cleanup; } #endif @@ -11147,10 +11496,13 @@ } #endif /* WOLFSSL_QUIC && WOLFSSL_EARLY_DATA */ - WOLFSSL_LEAVE("DoTls13Finished", 0); + ret = 0; +cleanup: + ForceZero(mac, sizeof(mac)); + WOLFSSL_LEAVE("DoTls13Finished", ret); WOLFSSL_END(WC_FUNC_FINISHED_DO); - return 0; + return ret; } #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) @@ -11231,13 +11583,13 @@ */ ret = DeriveFinishedSecret(ssl, ssl->clientSecret, ssl->keys.client_write_MAC_secret, - WOLFSSL_SERVER_END); + WOLFSSL_CLIENT_END); if (ret != 0) return ret; ret = DeriveFinishedSecret(ssl, ssl->serverSecret, ssl->keys.server_write_MAC_secret, - WOLFSSL_CLIENT_END); + WOLFSSL_SERVER_END); if (ret != 0) return ret; @@ -11263,7 +11615,7 @@ (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished, 1); if (dtlsRet != 0 && dtlsRet != WC_NO_ERR_TRACE(WANT_WRITE)) - return ret; + return dtlsRet; } else #endif /* WOLFSSL_DTLS13 */ @@ -11356,7 +11708,7 @@ if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) return ret; -#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) +#if defined(HAVE_SESSION_TICKET) ret = DeriveResumptionSecret(ssl, ssl->session->masterSecret); if (ret != 0) return ret; @@ -11589,6 +11941,18 @@ } #endif /* WOLFSSL_DTLS13 */ +#if defined(HAVE_WRITE_DUP) && defined(WOLFSSL_TLS13) + /* Read side cannot write; delegate the response to the write side. */ + if (ssl->dupWrite != NULL && ssl->dupSide == READ_DUP_SIDE) { + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + ssl->dupWrite->keyUpdateRespond = 1; + wc_UnLockMutex(&ssl->dupWrite->dupMutex); + ssl->keys.keyUpdateRespond = 0; + return 0; + } +#endif /* HAVE_WRITE_DUP && WOLFSSL_TLS13 */ + #ifndef WOLFSSL_RW_THREADED return SendTls13KeyUpdate(ssl); #else @@ -11897,7 +12261,9 @@ word32 finishedSz = 0; byte mac[WC_MAX_DIGEST_SIZE]; Digest digest; - static byte header[] = { 0x14, 0x00, 0x00, 0x00 }; + byte header[] = { 0x14, 0x00, 0x00, 0x00 }; + + XMEMSET(&digest, 0, sizeof(Digest)); /* Copy the running hash so we can restore it after. */ switch (ssl->specs.mac_algorithm) { @@ -11935,33 +12301,32 @@ ret = BuildTls13HandshakeHmac(ssl, ssl->keys.client_write_MAC_secret, mac, &finishedSz); if (ret != 0) - return ret; + goto restore; header[FINISHED_MSG_SIZE_OFFSET] = finishedSz; #ifdef WOLFSSL_EARLY_DATA if (ssl->earlyData != no_early_data) { static byte endOfEarlyData[] = { 0x05, 0x00, 0x00, 0x00 }; ret = HashRaw(ssl, endOfEarlyData, sizeof(endOfEarlyData)); if (ret != 0) - return ret; + goto restore; } #endif if ((ret = HashRaw(ssl, header, sizeof(header))) != 0) - return ret; + goto restore; if ((ret = HashRaw(ssl, mac, finishedSz)) != 0) - return ret; + goto restore; if ((ret = DeriveResumptionSecret(ssl, ssl->session->masterSecret)) != 0) - return ret; + goto restore; /* Restore the hash inline with currently seen messages. */ +restore: switch (ssl->specs.mac_algorithm) { #ifndef NO_SHA256 case sha256_mac: wc_Sha256Free(&ssl->hsHashes->hashSha256); ret = wc_Sha256Copy(&digest.sha256, &ssl->hsHashes->hashSha256); wc_Sha256Free(&digest.sha256); - if (ret != 0) - return ret; break; #endif #ifdef WOLFSSL_SHA384 @@ -11969,8 +12334,6 @@ wc_Sha384Free(&ssl->hsHashes->hashSha384); ret = wc_Sha384Copy(&digest.sha384, &ssl->hsHashes->hashSha384); wc_Sha384Free(&digest.sha384); - if (ret != 0) - return ret; break; #endif #ifdef WOLFSSL_TLS13_SHA512 @@ -11978,8 +12341,6 @@ wc_Sha512Free(&ssl->hsHashes->hashSha512); ret = wc_Sha512Copy(&digest.sha512, &ssl->hsHashes->hashSha512); wc_Sha512Free(&digest.sha512); - if (ret != 0) - return ret; break; #endif #ifdef WOLFSSL_SM3 @@ -11987,12 +12348,11 @@ wc_Sm3Free(&ssl->hsHashes->hashSm3); ret = wc_Sm3Copy(&digest.sm3, &ssl->hsHashes->hashSm3); wc_Sm3Free(&digest.sm3); - if (ret != 0) - return ret; break; #endif } + ForceZero(mac, sizeof(mac)); return ret; } #endif @@ -12037,6 +12397,13 @@ if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) #endif { + if (ssl->session->ticketNonce.data[0] == 255) { + /* RFC8446 Section 4.6.1: Each ticket must have a unique nonce + * value. As the nonce is only a single byte, we have to prevent + * the overflow and abort. */ + return SESSION_TICKET_NONCE_OVERFLOW; + } + else ssl->session->ticketNonce.data[0]++; } @@ -12080,7 +12447,7 @@ /* Nonce */ length += TICKET_NONCE_LEN_SZ + DEF_TICKET_NONCE_SZ; - sendSz = (word16)(idx + length + MAX_MSG_EXTRA); + sendSz = (int)(idx + length + MAX_MSG_EXTRA); /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) @@ -12136,7 +12503,8 @@ idx += EXTS_SZ; #endif - if (idx > WOLFSSL_MAX_16BIT) { + if (idx > WOLFSSL_MAX_16BIT || + sendSz > (int)WOLFSSL_MAX_16BIT) { return BAD_LENGTH_E; } @@ -12705,7 +13073,7 @@ int ret = 0, tmp; word32 inIdx = *inOutIdx; int alertType; -#if defined(HAVE_ECH) +#if defined(HAVE_ECH) && !defined(NO_WOLFSSL_SERVER) TLSX* echX = NULL; word32 echInOutIdx; #endif @@ -12849,20 +13217,34 @@ echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX != NULL && - ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE) { + ((WOLFSSL_ECH*)echX->data)->state == ECH_WRITE_NONE && + ((WOLFSSL_ECH*)echX->data)->innerClientHello != NULL) { + byte copyRandom = ((WOLFSSL_ECH*)echX->data)->innerCount == 0; /* reset the inOutIdx to the outer start */ *inOutIdx = echInOutIdx; /* call again with the inner hello */ if (ret == 0) { + ((WOLFSSL_ECH*)echX->data)->sniState = ECH_INNER_SNI; + ret = DoTls13ClientHello(ssl, ((WOLFSSL_ECH*)echX->data)->innerClientHello, &echInOutIdx, ((WOLFSSL_ECH*)echX->data)->innerClientHelloLen); + + ((WOLFSSL_ECH*)echX->data)->sniState = ECH_SNI_DONE; } /* if the inner ech parsed successfully we have successfully * handled the hello and can skip the whole message */ - if (ret == 0) + if (ret == 0) { + /* Copy inner client random for ECH acceptance calculation. + * Only on first inner ClientHello (before HRR), not CH2. */ + if (copyRandom) { + XMEMCPY(ssl->arrays->clientRandomInner, + ((WOLFSSL_ECH*)echX->data)->innerClientHello + + HANDSHAKE_HEADER_SZ + VERSION_SZ, RAN_LEN); + } *inOutIdx += size; + } } } #endif /* HAVE_ECH */ @@ -13032,25 +13414,61 @@ #ifdef WOLFSSL_POST_HANDSHAKE_AUTH if (type == certificate_request && ssl->options.handShakeState == HANDSHAKE_DONE) { - /* reset handshake states */ - ssl->options.clientState = CLIENT_HELLO_COMPLETE; - ssl->options.connectState = FIRST_REPLY_DONE; - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - ssl->options.processReply = 0; /* doProcessInit */ - - /* - DTLSv1.3 note: We can't reset serverState to - SERVER_FINISHED_COMPLETE with the goal that this connect - blocks until the cert/cert_verify/finished flight gets ACKed - by the server. The problem is that we will invoke - ProcessReplyEx() in that case, but we came here from - ProcessReplyEx() and it is not re-entrant safe (the input - buffer would still have the certificate_request message). */ - - if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) { - ret = ssl->error; - if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) - ret = POST_HAND_AUTH_ERROR; +#if defined(HAVE_WRITE_DUP) + /* Read side cannot write; delegate the cert response to the + * write side by saving auth state in the shared WriteDup. */ + if (ssl->dupSide == READ_DUP_SIDE) { + if (ssl->dupWrite == NULL) + return BAD_STATE_E; + if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) + return BAD_MUTEX_E; + /* Copy the current transcript so the write side can + * compute the correct Finished MAC. */ + ret = InitHandshakeHashesAndCopy(ssl, ssl->hsHashes, + &ssl->dupWrite->postHandshakeHashState); + if (ret == 0) { + /* Copy the cert request context. */ + CertReqCtx** tail = &ssl->certReqCtx; + while (*tail != NULL) + tail = &(*tail)->next; + *tail = ssl->dupWrite->postHandshakeCertReqCtx; + ssl->dupWrite->postHandshakeCertReqCtx = ssl->certReqCtx; + ssl->certReqCtx = NULL; + ssl->dupWrite->postHandshakeSendVerify = + ssl->options.sendVerify; + ssl->dupWrite->postHandshakeSigAlgo = + ssl->options.sigAlgo; + ssl->dupWrite->postHandshakeHashAlgo = + ssl->options.hashAlgo; + ssl->dupWrite->postHandshakeAuthPending = 1; + } + wc_UnLockMutex(&ssl->dupWrite->dupMutex); + /* Leave ssl->options unchanged: read side must not reset + * its states or call wolfSSL_connect_TLSv13. */ + } + else +#endif /* HAVE_WRITE_DUP */ + { + /* reset handshake states */ + ssl->options.clientState = CLIENT_HELLO_COMPLETE; + ssl->options.connectState = FIRST_REPLY_DONE; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + ssl->options.processReply = 0; /* doProcessInit */ + + /* + DTLSv1.3 note: We can't reset serverState to + SERVER_FINISHED_COMPLETE with the goal that this connect + blocks until the cert/cert_verify/finished flight gets ACKed + by the server. The problem is that we will invoke + ProcessReplyEx() in that case, but we came here from + ProcessReplyEx() and it is not re-entrant safe (the input + buffer would still have the certificate_request message). */ + + if (wolfSSL_connect_TLSv13(ssl) != WOLFSSL_SUCCESS) { + ret = ssl->error; + if (ret != WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = POST_HAND_AUTH_ERROR; + } } } #endif @@ -13058,7 +13476,7 @@ #endif /* NO_WOLFSSL_CLIENT */ #ifndef NO_WOLFSSL_SERVER - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + #if defined(HAVE_SESSION_TICKET) if (ssl->options.side == WOLFSSL_SERVER_END && type == finished) { ret = DeriveResumptionSecret(ssl, ssl->session->masterSecret); if (ret != 0) @@ -13131,7 +13549,8 @@ } ret = EarlySanityCheckMsgReceived(ssl, type, - min(inputLength - HANDSHAKE_HEADER_SZ, size)); + (inputLength > HANDSHAKE_HEADER_SZ) ? + min(inputLength - HANDSHAKE_HEADER_SZ, size) : 0); if (ret != 0) { WOLFSSL_ERROR(ret); return ret; @@ -13193,8 +13612,9 @@ &idx, ssl->arrays->pendingMsgType, ssl->arrays->pendingMsgSz - HANDSHAKE_HEADER_SZ, ssl->arrays->pendingMsgSz); - #ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || + ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) { /* setup to process fragment again */ ssl->arrays->pendingMsgOffset -= inputLength; *inOutIdx -= inputLength + ssl->keys.padSz; @@ -13368,24 +13788,26 @@ ssl->options.connectState = CLIENT_HELLO_SENT; WOLFSSL_MSG("TLSv13 connect state: CLIENT_HELLO_SENT"); + FALL_THROUGH; + + case CLIENT_HELLO_SENT: #ifdef WOLFSSL_EARLY_DATA - if (ssl->earlyData != no_early_data) { + if (ssl->earlyData != no_early_data && + ssl->options.handShakeState != CLIENT_HELLO_COMPLETE) { #if defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) - if (!ssl->options.dtls && ssl->options.tls13MiddleBoxCompat) { - if ((ssl->error = SendChangeCipher(ssl)) != 0) { - WOLFSSL_ERROR(ssl->error); - return WOLFSSL_FATAL_ERROR; + if (!ssl->options.dtls && + ssl->options.tls13MiddleBoxCompat) { + if ((ssl->error = SendChangeCipher(ssl)) != 0) { + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + ssl->options.sentChangeCipher = 1; } - ssl->options.sentChangeCipher = 1; - } #endif - ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; - return WOLFSSL_SUCCESS; + ssl->options.handShakeState = CLIENT_HELLO_COMPLETE; + return WOLFSSL_SUCCESS; } #endif - FALL_THROUGH; - - case CLIENT_HELLO_SENT: /* Get the response/s from the server. */ while (ssl->options.serverState < SERVER_HELLOVERIFYREQUEST_COMPLETE) { @@ -13518,9 +13940,7 @@ if (!ssl->options.resuming && ssl->options.sendVerify) { ssl->error = SendTls13Certificate(ssl); if (ssl->error != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -13540,9 +13960,7 @@ if (!ssl->options.resuming && ssl->options.sendVerify) { ssl->error = SendTls13CertificateVerify(ssl); if (ssl->error != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -13556,9 +13974,7 @@ case FIRST_REPLY_FOURTH: if ((ssl->error = SendTls13Finished(ssl)) != 0) { - #ifdef WOLFSSL_CHECK_ALERT_ON_ERR - ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ - #endif + wolfssl_local_MaybeCheckAlertOnErr(ssl, ssl->error); WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; } @@ -13782,6 +14198,12 @@ (void)ret; (void)group; #else + /* Check if the group is supported. */ + if (!TLSX_IsGroupSupported(group)) { + WOLFSSL_MSG("Group not supported."); + return BAD_FUNC_ARG; + } + ret = TLSX_KeyShare_Use(ssl, group, 0, NULL, NULL, &ssl->extensions); if (ret != 0) return ret; @@ -14064,6 +14486,13 @@ return NOT_READY_ERROR; if (!ssl->options.postHandshakeAuth) return POST_HAND_AUTH_ERROR; + if (ssl->certReqCtx != NULL) { + if (ssl->certReqCtx->len != 1) + return BAD_STATE_E; + /* We support sending up to 255 certificate requests */ + if (ssl->certReqCtx->ctx == 255) + return BAD_STATE_E; + } certReqCtx = (CertReqCtx*)XMALLOC(sizeof(CertReqCtx), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -14708,15 +15137,16 @@ ssl->options.acceptState = TLS13_ACCEPT_FINISHED_SENT; WOLFSSL_MSG("accept state ACCEPT_FINISHED_SENT"); + FALL_THROUGH; + + case TLS13_ACCEPT_FINISHED_SENT: #ifdef WOLFSSL_EARLY_DATA - if (ssl->earlyData != no_early_data) { + if (ssl->earlyData != no_early_data && + ssl->options.handShakeState != SERVER_FINISHED_COMPLETE) { ssl->options.handShakeState = SERVER_FINISHED_COMPLETE; return WOLFSSL_SUCCESS; } #endif - FALL_THROUGH; - - case TLS13_ACCEPT_FINISHED_SENT : #ifdef HAVE_SESSION_TICKET #ifdef WOLFSSL_TLS13_TICKET_BEFORE_FINISHED if (!ssl->options.verifyPeer && !ssl->options.noTicketTls13 && @@ -14953,8 +15383,9 @@ * sz The size of the early data in bytes. * outSz The number of early data bytes written. * returns BAD_FUNC_ARG when: ssl, data or outSz is NULL; sz is negative; - * or not using TLS v1.3. SIDE ERROR when not a server. Otherwise the number of - * early data bytes written. + * or not using TLS v1.3. SIDE ERROR when not a server. BAD_STATE_E if invoked + * without a valid session or without a valid PSK CB. + * Otherwise the number of early data bytes written. */ int wolfSSL_write_early_data(WOLFSSL* ssl, const void* data, int sz, int* outSz) { @@ -14967,12 +15398,21 @@ if (!IsAtLeastTLSv1_3(ssl->version)) return BAD_FUNC_ARG; + *outSz = 0; + #ifndef NO_WOLFSSL_CLIENT if (ssl->options.side == WOLFSSL_SERVER_END) return SIDE_ERROR; + /* Early data requires PSK or session resumption */ + if (!EarlyDataPossible(ssl)) { + return BAD_STATE_E; + } + if (ssl->options.handShakeState == NULL_STATE) { - if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) + /* avoid re-setting ssl->earlyData if we re-enter the function because + * of WC_PENDING_E, WANT_WRITE or WANT_READ */ + if (ssl->error == 0) ssl->earlyData = expecting_early_data; ret = wolfSSL_connect_TLSv13(ssl); if (ret != WOLFSSL_SUCCESS) @@ -15036,7 +15476,10 @@ return SIDE_ERROR; if (ssl->options.handShakeState == NULL_STATE) { - if (ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E)) + /* the server flight can return WANT_WRITE and we re-enter here after + * setting ssl->earlyData = process_early_data, set earlyData to + * expecting_early_data just once */ + if (ssl->earlyData < expecting_early_data) ssl->earlyData = expecting_early_data; /* this used to be: ret = wolfSSL_accept_TLSv13(ssl); * However, wolfSSL_accept_TLSv13() expects a certificate to @@ -15068,6 +15511,20 @@ #endif /* WOLFSSL_DTLS13 */ } } +#ifdef WOLFSSL_DTLS13 + else if (ssl->buffers.outputBuffer.length > 0 && + ssl->options.dtls && ssl->dtls13SendingAckOrRtx) { + ret = SendBuffered(ssl); + if (ret == 0) { + ssl->dtls13SendingAckOrRtx = 0; + } + else { + ssl->error = ret; + WOLFSSL_ERROR(ssl->error); + return WOLFSSL_FATAL_ERROR; + } + } +#endif /* WOLFSSL_DTLS13 */ else ret = 0; #else diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/wolfio.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/wolfio.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/wolfio.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/wolfio.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfio.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -384,8 +384,8 @@ } /* If retry and write flags are set, return WANT_WRITE */ - if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_WRITE) && - (ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) { + if ((ssl->biowr->flags & WOLFSSL_BIO_FLAG_WRITE) && + (ssl->biowr->flags & WOLFSSL_BIO_FLAG_RETRY)) { return WOLFSSL_CBIO_ERR_WANT_WRITE; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/x509.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/x509.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* x509.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,13 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #include #endif +#ifdef OPENSSL_EXTRA + #include +#endif + +/* 16 times MAX_X509_SIZE should be more than enough to read any X509 + * certificate file */ +#define MAX_BIO_READ_BUFFER (MAX_X509_SIZE * 16) #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509) @@ -571,7 +578,6 @@ tag = WOLFSSL_V_ASN1_SEQUENCE; } - /* Create a WOLFSSL_ASN1_STRING from the DER. */ str = wolfSSL_ASN1_STRING_type_new(tag); if (str == NULL) { @@ -584,15 +590,23 @@ if (type == NULL) goto err; wolfSSL_ASN1_TYPE_set(type, tag, str); + str = NULL; /* type now owns str */ + + if (wolfSSL_GENERAL_NAME_set_type(gn, WOLFSSL_GEN_OTHERNAME) + != WOLFSSL_SUCCESS) { + goto err; + } /* Store the object and string in general name. */ gn->d.otherName->type_id = obj; gn->d.otherName->value = type; + type = NULL; /* gn->d.otherName owns type */ ret = 1; err: if (ret != 1) { wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_ASN1_TYPE_free(type); wolfSSL_ASN1_STRING_free(str); } return ret; @@ -602,13 +616,13 @@ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns) { - gn->type = dns->type; - switch (gn->type) { + switch (dns->type) { case WOLFSSL_GEN_OTHERNAME: - if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) { - WOLFSSL_MSG("OTHERNAME set failed"); - return WOLFSSL_FAILURE; - } + /* Sets gn->type internally */ + if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) { + WOLFSSL_MSG("OTHERNAME set failed"); + return WOLFSSL_FAILURE; + } break; case WOLFSSL_GEN_EMAIL: @@ -616,16 +630,18 @@ case WOLFSSL_GEN_URI: case WOLFSSL_GEN_IPADD: case WOLFSSL_GEN_IA5: - gn->d.ia5->length = dns->len; - if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, - gn->d.ia5->length) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("ASN1_STRING_set failed"); - return WOLFSSL_FAILURE; - } - break; + gn->type = dns->type; + gn->d.ia5->length = dns->len; + if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, + gn->d.ia5->length) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("ASN1_STRING_set failed"); + return WOLFSSL_FAILURE; + } + break; case WOLFSSL_GEN_DIRNAME: + gn->type = dns->type; /* wolfSSL_GENERAL_NAME_new() mallocs this by default */ wolfSSL_ASN1_STRING_free(gn->d.ia5); gn->d.ia5 = NULL; @@ -636,6 +652,7 @@ #ifdef WOLFSSL_RID_ALT_NAME case WOLFSSL_GEN_RID: + gn->type = dns->type; /* wolfSSL_GENERAL_NAME_new() mallocs this by default */ wolfSSL_ASN1_STRING_free(gn->d.ia5); gn->d.ia5 = NULL; @@ -644,17 +661,25 @@ if (gn->d.registeredID == NULL) { return WOLFSSL_FAILURE; } - gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len, - gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); - if (gn->d.registeredID->obj == NULL) { - /* registeredID gets free'd up by caller after failure */ - return WOLFSSL_FAILURE; + { + /* Store DER-encoded OID (tag + length + content) in obj */ + word32 derSz = 1 + SetLength(dns->len, NULL) + dns->len; + byte* der = (byte*)XMALLOC(derSz, + gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); + if (der == NULL) { + return WOLFSSL_FAILURE; + } + { + word32 idx = 0; + der[idx++] = ASN_OBJECT_ID; + idx += SetLength(dns->len, der + idx); + XMEMCPY(der + idx, dns->name, dns->len); + } + gn->d.registeredID->obj = der; + gn->d.registeredID->objSz = derSz; } gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; - XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len); - gn->d.registeredID->objSz = dns->len; gn->d.registeredID->grp = oidCertExtType; - gn->d.registeredID->nid = WC_NID_registeredAddress; break; #endif @@ -1069,15 +1094,15 @@ XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1); } else if (tmp == NULL) { - ext->obj->obj = tmp; + XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1); } ext->obj->obj = tmp; #else tmp = (byte*)XREALLOC((byte*)ext->obj->obj, objSz, NULL, DYNAMIC_TYPE_ASN1); - if (tmp != NULL) { - ext->obj->obj = tmp; - } + if (tmp == NULL) + XFREE((byte*)ext->obj->obj, NULL, DYNAMIC_TYPE_ASN1); + ext->obj->obj = tmp; #endif if (ext->obj->obj == NULL) { wolfSSL_X509_EXTENSION_free(ext); @@ -1340,6 +1365,7 @@ if (ext->obj->pathlen) { x509->pathLength = (word32)ext->obj->pathlen->length; x509->basicConstPlSet = 1; + x509->pathLengthSet = 1; } x509->basicConstSet = 1; } @@ -2208,6 +2234,159 @@ #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) +/* + * Convert a Base_entry linked list to a STACK of GENERAL_SUBTREE. + * + * Base_entry stores name constraint data from DecodedCert. This function + * converts it to GENERAL_SUBTREE format. + * + * Supported types: ASN_DNS_TYPE, ASN_RFC822_TYPE, ASN_DIR_TYPE, ASN_IP_TYPE, + * ASN_URI_TYPE + * + * Returns 0 on success, negative on error. + */ +static int ConvertBaseEntryToSubtreeStack(Base_entry* list, WOLFSSL_STACK* sk, + void* heap) +{ + Base_entry* entry = list; + WOLFSSL_GENERAL_SUBTREE* subtree = NULL; + WOLFSSL_GENERAL_NAME* gn = NULL; + (void)heap; + + while (entry != NULL) { + + if (entry->type != ASN_DNS_TYPE && entry->type != ASN_RFC822_TYPE && + entry->type != ASN_DIR_TYPE && entry->type != ASN_IP_TYPE && + entry->type != ASN_URI_TYPE) { + entry = entry->next; + continue; + } + + /* Allocate subtree and general name */ + subtree = (WOLFSSL_GENERAL_SUBTREE*)XMALLOC( + sizeof(WOLFSSL_GENERAL_SUBTREE), heap, DYNAMIC_TYPE_OPENSSL); + if (subtree == NULL) { + WOLFSSL_MSG("Failed to allocate GENERAL_SUBTREE"); + return MEMORY_E; + } + XMEMSET(subtree, 0, sizeof(WOLFSSL_GENERAL_SUBTREE)); + + gn = wolfSSL_GENERAL_NAME_new(); + if (gn == NULL) { + WOLFSSL_MSG("Failed to allocate GENERAL_NAME"); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + + /* Free default ia5 string allocated by GENERAL_NAME_new */ + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.ia5 = NULL; + + switch (entry->type) { + case ASN_DNS_TYPE: + case ASN_RFC822_TYPE: + case ASN_URI_TYPE: + { + if (entry->type == ASN_DNS_TYPE) { + gn->type = WOLFSSL_GEN_DNS; + } + else if (entry->type == ASN_RFC822_TYPE) { + gn->type = WOLFSSL_GEN_EMAIL; + } + else { + gn->type = WOLFSSL_GEN_URI; + } + gn->d.ia5 = wolfSSL_ASN1_STRING_new(); + if (gn->d.ia5 == NULL) { + WOLFSSL_MSG("Failed to allocate ASN1_STRING"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + if (wolfSSL_ASN1_STRING_set(gn->d.ia5, entry->name, + entry->nameSz) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set ASN1_STRING"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + gn->d.ia5->type = WOLFSSL_V_ASN1_IA5STRING; + break; + } + + case ASN_DIR_TYPE: + { + byte* seqBuf = NULL; + unsigned char* p = NULL; + int seqLen = 0; + + /* Wrap in SEQUENCE and parse as X509_NAME */ + gn->type = WOLFSSL_GEN_DIRNAME; + seqBuf = (byte*)XMALLOC((word32)entry->nameSz + MAX_SEQ_SZ, + heap, DYNAMIC_TYPE_TMP_BUFFER); + if (seqBuf == NULL) { + WOLFSSL_MSG("Failed to allocate sequence buffer"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + + seqLen = SetSequence(entry->nameSz, seqBuf); + XMEMCPY(seqBuf + seqLen, entry->name, entry->nameSz); + + p = seqBuf; + gn->d.directoryName = wolfSSL_d2i_X509_NAME(NULL, &p, + (long)entry->nameSz + seqLen); + XFREE(seqBuf, heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (gn->d.directoryName == NULL) { + WOLFSSL_MSG("Failed to parse directoryName"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return ASN_PARSE_E; + } + break; + } + + case ASN_IP_TYPE: + { + /* For IP address, store raw bytes as OCTET_STRING. */ + gn->type = WOLFSSL_GEN_IPADD; + gn->d.iPAddress = wolfSSL_ASN1_STRING_new(); + if (gn->d.iPAddress == NULL) { + WOLFSSL_MSG("Failed to allocate ASN1_STRING for IP"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + if (wolfSSL_ASN1_STRING_set(gn->d.iPAddress, entry->name, + entry->nameSz) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to set IP ASN1_STRING"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + gn->d.iPAddress->type = WOLFSSL_V_ASN1_OCTET_STRING; + break; + } + } + + subtree->base = gn; + + if (wolfSSL_sk_push(sk, subtree) <= 0) { + WOLFSSL_MSG("Failed to push subtree onto stack"); + wolfSSL_GENERAL_NAME_free(gn); + XFREE(subtree, heap, DYNAMIC_TYPE_OPENSSL); + return MEMORY_E; + } + entry = entry->next; + } + + return 0; +} +#endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Looks for the extension matching the passed in nid * @@ -2310,9 +2489,9 @@ goto err; } - gn->type = dns->type; - switch (gn->type) { + switch (dns->type) { case ASN_DIR_TYPE: + gn->type = dns->type; { int localIdx = 0; unsigned char* n = (unsigned char*)XMALLOC( @@ -2336,12 +2515,14 @@ break; case ASN_OTHER_TYPE: + /* gn->type set internally */ if (!wolfssl_dns_entry_othername_to_gn(dns, gn)) { goto err; } break; case ASN_IP_TYPE: + gn->type = dns->type; if (wolfSSL_ASN1_STRING_set(gn->d.iPAddress, dns->name, dns->len) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); @@ -2350,7 +2531,44 @@ gn->d.iPAddress->type = WOLFSSL_V_ASN1_OCTET_STRING; break; + #ifdef WOLFSSL_RID_ALT_NAME + case ASN_RID_TYPE: + gn->type = dns->type; + /* Free ia5 before using union for registeredID */ + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.ia5 = NULL; + + gn->d.registeredID = wolfSSL_ASN1_OBJECT_new(); + if (gn->d.registeredID == NULL) { + goto err; + } + { + /* Store DER-encoded OID (tag+length+content) */ + word32 derSz = 1 + SetLength(dns->len, NULL) + + dns->len; + byte* der = (byte*)XMALLOC(derSz, + gn->d.registeredID->heap, + DYNAMIC_TYPE_ASN1); + if (der == NULL) { + goto err; + } + { + word32 derIdx = 0; + der[derIdx++] = ASN_OBJECT_ID; + derIdx += SetLength(dns->len, der + derIdx); + XMEMCPY(der + derIdx, dns->name, dns->len); + } + gn->d.registeredID->obj = der; + gn->d.registeredID->objSz = derSz; + } + gn->d.registeredID->dynamic |= + WOLFSSL_ASN1_DYNAMIC_DATA; + gn->d.registeredID->grp = oidCertExtType; + break; + #endif /* WOLFSSL_RID_ALT_NAME */ + default: + gn->type = dns->type; if (wolfSSL_ASN1_STRING_set(gn->d.dNSName, dns->name, dns->len) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); @@ -2680,9 +2898,69 @@ } break; + #if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) case NAME_CONS_OID: - WOLFSSL_MSG("Name Constraint OID extension not supported"); - break; + { + WOLFSSL_NAME_CONSTRAINTS* nc = NULL; + + /* Check if name constraints exist in stored X509 */ + if (x509->permittedNames == NULL && x509->excludedNames == NULL) { + WOLFSSL_MSG("No Name Constraints set"); + break; + } + + if (c != NULL) { + *c = x509->nameConstraintCrit; + } + + nc = (WOLFSSL_NAME_CONSTRAINTS*)XMALLOC( + sizeof(WOLFSSL_NAME_CONSTRAINTS), x509->heap, + DYNAMIC_TYPE_OPENSSL); + if (nc == NULL) { + WOLFSSL_MSG("Failed to allocate NAME_CONSTRAINTS"); + break; + } + XMEMSET(nc, 0, sizeof(WOLFSSL_NAME_CONSTRAINTS)); + + /* Convert permitted names */ + if (x509->permittedNames != NULL) { + nc->permittedSubtrees = wolfSSL_sk_new_null(); + if (nc->permittedSubtrees == NULL) { + WOLFSSL_MSG("Failed to allocate permitted stack"); + wolfSSL_NAME_CONSTRAINTS_free(nc); + break; + } + nc->permittedSubtrees->type = STACK_TYPE_GENERAL_SUBTREE; + + if (ConvertBaseEntryToSubtreeStack(x509->permittedNames, + nc->permittedSubtrees, x509->heap) != 0) { + WOLFSSL_MSG("Failed to convert permitted names"); + wolfSSL_NAME_CONSTRAINTS_free(nc); + break; + } + } + + /* Convert excluded names */ + if (x509->excludedNames != NULL) { + nc->excludedSubtrees = wolfSSL_sk_new_null(); + if (nc->excludedSubtrees == NULL) { + WOLFSSL_MSG("Failed to allocate excluded stack"); + wolfSSL_NAME_CONSTRAINTS_free(nc); + break; + } + nc->excludedSubtrees->type = STACK_TYPE_GENERAL_SUBTREE; + + if (ConvertBaseEntryToSubtreeStack(x509->excludedNames, + nc->excludedSubtrees, x509->heap) != 0) { + WOLFSSL_MSG("Failed to convert excluded names"); + wolfSSL_NAME_CONSTRAINTS_free(nc); + break; + } + } + + return nc; + } + #endif /* OPENSSL_EXTRA && !IGNORE_NAME_CONSTRAINTS */ case PRIV_KEY_USAGE_PERIOD_OID: WOLFSSL_MSG("Private Key Usage Period extension not supported"); @@ -2783,6 +3061,7 @@ newAltName->type = type; newAltName->len = (int)nameSz; newAltName->name = nameCopy; + newAltName->nameStored = 1; x509->altNames = newAltName; return WOLFSSL_SUCCESS; @@ -2800,8 +3079,31 @@ return WOLFSSL_SUCCESS; if (type == ASN_IP_TYPE) { - WOLFSSL_MSG("Type not supported, use wolfSSL_X509_add_altname_ex"); +#ifdef WOLFSSL_IP_ALT_NAME + byte ip4[4]; + byte ip6[16]; + int ptonRet; + + /* Check if this is an ip4 address */ + ptonRet = XINET_PTON(WOLFSSL_IP4, name, ip4); + if (ptonRet == 1) { + return wolfSSL_X509_add_altname_ex(x509, (const char*)ip4, 4, + type); + } + + /* Check for ip6 */ + ptonRet = XINET_PTON(WOLFSSL_IP6, name, ip6); + if (ptonRet == 1) { + return wolfSSL_X509_add_altname_ex(x509, (const char*)ip6, 16, + type); + } + + WOLFSSL_MSG("IP address parse failed"); return WOLFSSL_FAILURE; +#else + WOLFSSL_MSG("WOLFSSL_IP_ALT_NAME not enabled"); + return WOLFSSL_FAILURE; +#endif } return wolfSSL_X509_add_altname_ex(x509, name, nameSz, type); @@ -3448,25 +3750,25 @@ const char* wolfSSL_X509_get_default_cert_file_env(void) { WOLFSSL_STUB("X509_get_default_cert_file_env"); - return NULL; + return ""; } const char* wolfSSL_X509_get_default_cert_file(void) { WOLFSSL_STUB("X509_get_default_cert_file"); - return NULL; + return ""; } const char* wolfSSL_X509_get_default_cert_dir_env(void) { WOLFSSL_STUB("X509_get_default_cert_dir_env"); - return NULL; + return ""; } const char* wolfSSL_X509_get_default_cert_dir(void) { WOLFSSL_STUB("X509_get_default_cert_dir"); - return NULL; + return ""; } #endif @@ -3958,7 +4260,8 @@ return NULL; } - ret = cert->altNamesNext->name; + /* unsafe cast required for ABI compatibility. */ + ret = (char *)(wc_ptr_t)cert->altNamesNext->name; #ifdef WOLFSSL_IP_ALT_NAME /* return the IP address as a string */ if (cert->altNamesNext->type == ASN_IP_TYPE) { @@ -4118,8 +4421,14 @@ { WOLFSSL_ENTER("wolfSSL_X509_notBefore"); - if (x509 == NULL) + if (x509 == NULL) { + return NULL; + } + + if (x509->notBefore.length < 0 || + x509->notBefore.length > (int)sizeof(x509->notBeforeData) - 2) { return NULL; + } XMEMSET(x509->notBeforeData, 0, sizeof(x509->notBeforeData)); x509->notBeforeData[0] = (byte)x509->notBefore.type; @@ -4136,8 +4445,14 @@ { WOLFSSL_ENTER("wolfSSL_X509_notAfter"); - if (x509 == NULL) + if (x509 == NULL) { return NULL; + } + + if (x509->notAfter.length < 0 || + x509->notAfter.length > (int)sizeof(x509->notAfterData) - 2) { + return NULL; + } XMEMSET(x509->notAfterData, 0, sizeof(x509->notAfterData)); x509->notAfterData[0] = (byte)x509->notAfter.type; @@ -4393,6 +4708,14 @@ return s; } +WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new_null(void) +{ + WOLFSSL_STACK* s = wolfSSL_sk_new_null(); + if (s != NULL) + s->type = STACK_TYPE_X509_CRL; + return s; +} + void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, void (*f) (WOLFSSL_X509_CRL*)) { @@ -4643,7 +4966,12 @@ return WOLFSSL_FAILURE; } - gen->type = WOLFSSL_GEN_OTHERNAME; + if (wolfSSL_GENERAL_NAME_set_type(gen, WOLFSSL_GEN_OTHERNAME) + != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_OBJECT_free(x); + return WOLFSSL_FAILURE; + } + gen->d.otherName->type_id = x; gen->d.otherName->value = value; return WOLFSSL_SUCCESS; @@ -4975,6 +5303,16 @@ if (name->d.uniformResourceIdentifier == NULL) ret = MEMORY_E; break; + case WOLFSSL_GEN_OTHERNAME: + name->d.otherName = (WOLFSSL_ASN1_OTHERNAME*)XMALLOC( + sizeof(WOLFSSL_ASN1_OTHERNAME), NULL, DYNAMIC_TYPE_ASN1); + if (name->d.otherName == NULL) { + ret = MEMORY_E; + } + else { + XMEMSET(name->d.otherName, 0, sizeof(WOLFSSL_ASN1_OTHERNAME)); + } + break; default: name->type = WOLFSSL_GEN_IA5; name->d.ia5 = wolfSSL_ASN1_STRING_new(); @@ -5057,6 +5395,375 @@ wolfSSL_sk_X509_pop_free(sk, NULL); } +#if !defined(IGNORE_NAME_CONSTRAINTS) +/* + * Allocate and initialize an empty GENERAL_SUBTREE structure. + * Returns NULL on allocation failure. + */ +WOLFSSL_GENERAL_SUBTREE* wolfSSL_GENERAL_SUBTREE_new(void) +{ + WOLFSSL_GENERAL_SUBTREE* subtree; + + WOLFSSL_ENTER("wolfSSL_GENERAL_SUBTREE_new"); + + subtree = (WOLFSSL_GENERAL_SUBTREE*)XMALLOC(sizeof(WOLFSSL_GENERAL_SUBTREE), + NULL, DYNAMIC_TYPE_OPENSSL); + if (subtree == NULL) { + WOLFSSL_MSG("Failed to allocate GENERAL_SUBTREE"); + return NULL; + } + XMEMSET(subtree, 0, sizeof(WOLFSSL_GENERAL_SUBTREE)); + return subtree; +} + +/* + * Create an empty NAME_CONSTRAINTS structure. + * Returns NULL on allocation failure. + */ +WOLFSSL_NAME_CONSTRAINTS* wolfSSL_NAME_CONSTRAINTS_new(void) +{ + WOLFSSL_NAME_CONSTRAINTS* nc; + + WOLFSSL_ENTER("wolfSSL_NAME_CONSTRAINTS_new"); + + nc = (WOLFSSL_NAME_CONSTRAINTS*)XMALLOC(sizeof(WOLFSSL_NAME_CONSTRAINTS), + NULL, DYNAMIC_TYPE_OPENSSL); + if (nc == NULL) { + WOLFSSL_MSG("Failed to allocate NAME_CONSTRAINTS"); + return NULL; + } + XMEMSET(nc, 0, sizeof(WOLFSSL_NAME_CONSTRAINTS)); + return nc; +} + +/* Free a GENERAL_SUBTREE and its contents. */ +void wolfSSL_GENERAL_SUBTREE_free(WOLFSSL_GENERAL_SUBTREE* subtree) +{ + if (subtree == NULL) { + return; + } + wolfSSL_GENERAL_NAME_free(subtree->base); + XFREE(subtree, NULL, DYNAMIC_TYPE_OPENSSL); +} + +/* Free a NAME_CONSTRAINTS structure and all its contents. */ +void wolfSSL_NAME_CONSTRAINTS_free(WOLFSSL_NAME_CONSTRAINTS* nc) +{ + WOLFSSL_ENTER("wolfSSL_NAME_CONSTRAINTS_free"); + + if (nc == NULL) { + return; + } + + if (nc->permittedSubtrees != NULL) { + wolfSSL_sk_pop_free(nc->permittedSubtrees, + (wolfSSL_sk_freefunc)wolfSSL_GENERAL_SUBTREE_free); + } + + if (nc->excludedSubtrees != NULL) { + wolfSSL_sk_pop_free(nc->excludedSubtrees, + (wolfSSL_sk_freefunc)wolfSSL_GENERAL_SUBTREE_free); + } + + XFREE(nc, NULL, DYNAMIC_TYPE_OPENSSL); +} + +/* Get number of items in GENERAL_SUBTREE stack. */ +int wolfSSL_sk_GENERAL_SUBTREE_num(const WOLFSSL_STACK* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_SUBTREE_num"); + + return wolfSSL_sk_num(sk); +} + +/* Get GENERAL_SUBTREE at index from stack. */ +WOLFSSL_GENERAL_SUBTREE* wolfSSL_sk_GENERAL_SUBTREE_value( + const WOLFSSL_STACK* sk, int idx) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_SUBTREE_value"); + + return (WOLFSSL_GENERAL_SUBTREE*)wolfSSL_sk_value(sk, idx); +} + +/* Check IP address string matches constraint. + * + * name: IP address string (ex "192.168.1.50") + * nameSz: length of name string + * gn: GENERAL_NAME containing IP constraint (IP + mask bytes) + * + * Return 1 on match, otherwise 0 + */ +static int MatchIpName(const char* name, int nameSz, WOLFSSL_GENERAL_NAME* gn) +{ + int ipLen = 0; + int constraintLen; + char ipStr[WOLFSSL_MAX_IPSTR]; + unsigned char ipBytes[16]; /* Max 16 bytes for IPv6 */ + const unsigned char* constraintData; + + if (name == NULL || nameSz <= 0 || gn == NULL || gn->d.iPAddress == NULL) { + return 0; + } + + constraintData = wolfSSL_ASN1_STRING_get0_data(gn->d.iPAddress); + constraintLen = wolfSSL_ASN1_STRING_length(gn->d.iPAddress); + if (constraintData == NULL || constraintLen <= 0) { + return 0; + } + + /* Null-terminate IP string */ + if (nameSz >= (int)sizeof(ipStr)) { + return 0; + } + XMEMCPY(ipStr, name, nameSz); + ipStr[nameSz] = '\0'; + + /* IPv4 constraint 8 bytes (IP + mask), + * IPv6 constraint 32 bytes (IP + mask) */ + if (constraintLen == 8) { + if (XINET_PTON(WOLFSSL_IP4, ipStr, ipBytes) == 1) { + ipLen = 4; + } + } + else if (constraintLen == 32) { + if (XINET_PTON(WOLFSSL_IP6, ipStr, ipBytes) == 1) { + ipLen = 16; + } + } + + if (ipLen == 0) { + return 0; + } + + return wolfssl_local_MatchIpSubnet(ipBytes, ipLen, + constraintData, constraintLen); +} + +/* Extract host from URI for name constraint matching. + * URI format: scheme://[userinfo@]host[:port][/path][?query][#fragment] + * IPv6 literals are enclosed in brackets: scheme://[ipv6addr]:port/path + * Returns pointer to host start and sets hostLen, or NULL on failure. */ +static const char* ExtractHostFromUri(const char* uri, int uriLen, int* hostLen) +{ + const char* hostStart; + const char* hostEnd; + const char* p; + const char* uriEnd; + + if (uri == NULL || uriLen <= 0 || hostLen == NULL) { + return NULL; + } + + uriEnd = uri + uriLen; + + /* Find "://" to skip scheme */ + hostStart = NULL; + for (p = uri; p < uriEnd - 2; p++) { + if (p[0] == ':' && p[1] == '/' && p[2] == '/') { + hostStart = p + 3; + break; + } + } + if (hostStart == NULL || hostStart >= uriEnd) { + return NULL; + } + + /* Skip userinfo if present (look for @ before any /, ?, #) + * userinfo can contain ':' (ex: user:pass@host), don't stop at ':' + * For IPv6, also don't stop at '[' in userinfo */ + for (p = hostStart; p < uriEnd; p++) { + if (*p == '@') { + hostStart = p + 1; + break; + } + if (*p == '/' || *p == '?' || *p == '#') { + /* No userinfo found */ + break; + } + /* If '[' before '@', found IPv6 literal, not userinfo */ + if (*p == '[') { + break; + } + } + if (hostStart >= uriEnd) { + return NULL; + } + + /* Check for IPv6 literal */ + if (*hostStart == '[') { + /* Find closing bracket, skip opening one */ + hostStart++; + hostEnd = hostStart; + while (hostEnd < uriEnd && *hostEnd != ']') { + hostEnd++; + } + if (hostEnd >= uriEnd) { + /* No closing bracket found, malformed */ + return NULL; + } + /* hostEnd points to closing bracket, extract content between */ + *hostLen = (int)(hostEnd - hostStart); + if (*hostLen <= 0) { + return NULL; + } + return hostStart; + } + + /* Regular hostname, find end */ + hostEnd = hostStart; + while (hostEnd < uriEnd && *hostEnd != ':' && *hostEnd != '/' && + *hostEnd != '?' && *hostEnd != '#') { + hostEnd++; + } + + *hostLen = (int)(hostEnd - hostStart); + if (*hostLen <= 0) { + return NULL; + } + + return hostStart; +} + +/* Helper to check if name string matches a single GENERAL_NAME constraint. + * Returns 1 if matches, 0 if not. */ +static int MatchNameConstraint(int type, const char* name, int nameSz, + WOLFSSL_GENERAL_NAME* gn) +{ + const char* baseStr; + int baseLen; + + if (gn == NULL || gn->type != type) { + return 0; + } + + switch (type) { + case WOLFSSL_GEN_IPADD: + return MatchIpName(name, nameSz, gn); + + case WOLFSSL_GEN_DNS: + case WOLFSSL_GEN_EMAIL: + case WOLFSSL_GEN_URI: + if (gn->d.ia5 == NULL) { + return 0; + } + baseStr = (const char*)wolfSSL_ASN1_STRING_get0_data(gn->d.ia5); + baseLen = wolfSSL_ASN1_STRING_length(gn->d.ia5); + if (baseStr == NULL || baseLen <= 0) { + return 0; + } + + if (type == WOLFSSL_GEN_EMAIL) { + return wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, name, + nameSz, baseStr, baseLen); + } + else if (type == WOLFSSL_GEN_URI) { + const char* host; + int hostLen; + + /* For URI, extract host and match against DNS-style */ + host = ExtractHostFromUri(name, nameSz, &hostLen); + if (host == NULL) { + return 0; + } + return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, host, hostLen, + baseStr, baseLen); + } + else { + /* WOLFSSL_GEN_DNS uses DNS-style matching */ + return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, name, nameSz, + baseStr, baseLen); + } + + default: + /* Unsupported type */ + return 0; + } +} + +/* + * Check if a name string satisfies given name constraints. + * + * nc: NAME_CONSTRAINTS struct containing permitted/excluded subtrees + * type: GeneralName type (WOLFSSL_GEN_DNS, WOLFSSL_GEN_EMAIL, etc.) + * name: The name string to check + * nameSz: Length of name string + * + * Returns 1 if name satisfies constraints (permitted and not excluded), + * otherwise 0 if name does not satisfy constraints or on error + * + * A name satisfies constraints if permitted subtrees exist for the type, + * name matches at least one, and name does not match any excluded subtree. + */ +int wolfSSL_NAME_CONSTRAINTS_check_name(WOLFSSL_NAME_CONSTRAINTS* nc, + int type, const char* name, int nameSz) +{ + int i, num; + int hasPermittedType = 0; + int matchedPermitted = 0; + WOLFSSL_GENERAL_SUBTREE* subtree; + WOLFSSL_GENERAL_NAME* gn; + + WOLFSSL_ENTER("wolfSSL_NAME_CONSTRAINTS_check_name"); + + if (nc == NULL || name == NULL || nameSz <= 0) { + WOLFSSL_MSG("Bad argument to NAME_CONSTRAINTS_check_name"); + return 0; + } + + /* Check permitted subtrees */ + if (nc->permittedSubtrees != NULL) { + num = wolfSSL_sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); + for (i = 0; i < num; i++) { + subtree = wolfSSL_sk_GENERAL_SUBTREE_value( + nc->permittedSubtrees, i); + if (subtree == NULL || subtree->base == NULL) { + continue; + } + + gn = subtree->base; + if (gn->type != type) { + continue; + } + hasPermittedType = 1; + + if (MatchNameConstraint(type, name, nameSz, gn)) { + matchedPermitted = 1; + break; + } + } + } + + /* If permitted constraints exist for this type but none matched, fail */ + if (hasPermittedType && !matchedPermitted) { + WOLFSSL_MSG("Name not in permitted subtrees"); + return 0; + } + + /* Check excluded subtrees */ + if (nc->excludedSubtrees != NULL) { + num = wolfSSL_sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); + for (i = 0; i < num; i++) { + subtree = wolfSSL_sk_GENERAL_SUBTREE_value(nc->excludedSubtrees, i); + if (subtree == NULL || subtree->base == NULL) { + continue; + } + + gn = subtree->base; + if (gn->type != type) { + continue; + } + + if (MatchNameConstraint(type, name, nameSz, gn)) { + WOLFSSL_MSG("Name in excluded subtrees"); + return 0; + } + } + } + + return 1; +} +#endif /* !IGNORE_NAME_CONSTRAINTS */ + #if defined(OPENSSL_ALL) && !defined(NO_BIO) /* Outputs name string of the given WOLFSSL_GENERAL_NAME_OBJECT to WOLFSSL_BIO. * Can handle following GENERAL_NAME_OBJECT types: @@ -5393,14 +6100,25 @@ /* ready to be decoded. */ if (der != NULL && der->buffer != NULL) { WC_DECLARE_VAR(cert, DecodedCert, 1, 0); + /* For TRUSTED_CERT_TYPE, the DER buffer contains the certificate + * followed by auxiliary trust info. ParseCertRelative expects CERT_TYPE + * and will parse only the certificate portion, ignoring the rest. */ + int parseType = (type == TRUSTED_CERT_TYPE) ? CERT_TYPE : type; WC_ALLOC_VAR_EX(cert, DecodedCert, 1, NULL, DYNAMIC_TYPE_DCERT, ret=MEMORY_ERROR); if (WC_VAR_OK(cert)) { InitDecodedCert(cert, der->buffer, der->length, NULL); - ret = ParseCertRelative(cert, type, 0, NULL, NULL); + ret = ParseCertRelative(cert, parseType, 0, NULL, NULL); if (ret == 0) { + /* For TRUSTED_CERT_TYPE, truncate the DER buffer to exclude + * auxiliary trust data. ParseCertRelative sets srcIdx to the + * end of the certificate, so we adjust cert->maxIdx accordingly. */ + if (type == TRUSTED_CERT_TYPE && cert->srcIdx < cert->maxIdx) { + cert->maxIdx = cert->srcIdx; + } + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, DYNAMIC_TYPE_X509); if (x509 != NULL) { @@ -6440,9 +7158,9 @@ } if (notBefore->length > 0) { if (GetTimeString(notBefore->data, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + tmp, sizeof(tmp), notBefore->length) != WOLFSSL_SUCCESS) { if (GetTimeString(notBefore->data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + tmp, sizeof(tmp), notBefore->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting not before date"); return WOLFSSL_FAILURE; } @@ -6462,9 +7180,9 @@ } if (notAfter->length > 0) { if (GetTimeString(notAfter->data, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + tmp, sizeof(tmp), notAfter->length) != WOLFSSL_SUCCESS) { if (GetTimeString(notAfter->data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + tmp, sizeof(tmp), notAfter->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting not after date"); return WOLFSSL_FAILURE; } @@ -8655,7 +9373,7 @@ * return X509_NAME* on success * return NULL on failure */ -WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(WOLFSSL_X509_CRL* crl) +WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name(const WOLFSSL_X509_CRL* crl) { if (crl == NULL || crl->crlList == NULL) return NULL; @@ -8663,6 +9381,31 @@ return crl->crlList->issuer; } +/* Set issuer name of CRL + * return WOLFSSL_SUCCESS on success + * return WOLFSSL_FAILURE on failure + */ +int wolfSSL_X509_CRL_set_issuer_name(WOLFSSL_X509_CRL* crl, + const WOLFSSL_X509_NAME* name) +{ + WOLFSSL_X509_NAME* newName; + + if (crl == NULL || crl->crlList == NULL || name == NULL) + return WOLFSSL_FAILURE; + + newName = wolfSSL_X509_NAME_dup(name); + if (newName == NULL) + return WOLFSSL_FAILURE; + + if (crl->crlList->issuer != NULL) { + FreeX509Name(crl->crlList->issuer); + XFREE(crl->crlList->issuer, crl->heap, DYNAMIC_TYPE_X509); + } + crl->crlList->issuer = newName; + + return WOLFSSL_SUCCESS; +} + /* Retrieve version from CRL * return version on success * return 0 on failure @@ -8675,6 +9418,27 @@ return crl->crlList->version; } +/* Set version of CRL + * Caller passes the RFC 5280 value: 0 for v1, 1 for v2. + * Internally wolfSSL stores version + 1 (v1 = 1, v2 = 2) to match + * what ParseCRL produces, so apply the same normalization here. + * return WOLFSSL_SUCCESS on success + * return WOLFSSL_FAILURE on failure + */ +int wolfSSL_X509_CRL_set_version(WOLFSSL_X509_CRL* crl, long version) +{ + if (crl == NULL || crl->crlList == NULL) + return WOLFSSL_FAILURE; + + /* Only v1 (0) and v2 (1) are defined by RFC 5280. */ + if (version < 0 || version > 1) + return WOLFSSL_FAILURE; + + /* Store as version + 1 to match internal convention. */ + crl->crlList->version = (int)version + 1; + return WOLFSSL_SUCCESS; +} + /* Retrieve sig OID from CRL * return OID on success * return 0 on failure @@ -8687,6 +9451,20 @@ return crl->crlList->signatureOID; } +/* Set signature type of CRL + * return WOLFSSL_SUCCESS on success + * return WOLFSSL_FAILURE on failure + */ +int wolfSSL_X509_CRL_set_signature_type(WOLFSSL_X509_CRL* crl, + int signatureType) +{ + if (crl == NULL || crl->crlList == NULL) + return WOLFSSL_FAILURE; + + crl->crlList->signatureOID = signatureType; + return WOLFSSL_SUCCESS; +} + /* Retrieve sig NID from CRL * return NID on success * return 0 on failure @@ -8699,6 +9477,32 @@ return oid2nid(crl->crlList->signatureOID, oidSigType); } +/* Set signature NID of CRL + * return WOLFSSL_SUCCESS on success + * return negative value on failure + */ +int wolfSSL_X509_CRL_set_signature_nid(WOLFSSL_X509_CRL* crl, int nid) +{ + int ret = WOLFSSL_SUCCESS; + word32 oid; + + if (crl == NULL || crl->crlList == NULL || nid <= 0) { + ret = BAD_FUNC_ARG; + } + + if (ret == WOLFSSL_SUCCESS) { + oid = nid2oid(nid, oidSigType); + if (oid == (word32)-1 || oid == (word32)WOLFSSL_FATAL_ERROR) { + ret = WOLFSSL_FATAL_ERROR; + } + else { + crl->crlList->signatureOID = oid; + } + } + + return ret; +} + /* Retrieve signature from CRL * return WOLFSSL_SUCCESS on success and negative values on failure */ @@ -8725,6 +9529,45 @@ return WOLFSSL_SUCCESS; } +int wolfSSL_X509_CRL_set_signature(WOLFSSL_X509_CRL* crl, + unsigned char* buf, int bufSz) +{ + byte* newSig; + + if (crl == NULL || crl->crlList == NULL || buf == NULL || bufSz <= 0) { + return BAD_FUNC_ARG; + } + + /* Ensure signature buffer is allocated and large enough. */ + if (crl->crlList->signature == NULL) { + crl->crlList->signature = (byte*)XMALLOC((word32)bufSz, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + if (crl->crlList->signature == NULL) { + return MEMORY_E; + } + crl->crlList->signatureSz = (word32)bufSz; + } + else if ((word32)bufSz > crl->crlList->signatureSz) { + newSig = (byte*)XMALLOC((word32)bufSz, crl->heap, + DYNAMIC_TYPE_CRL_ENTRY); + if (newSig == NULL) { + return MEMORY_E; + } + XFREE(crl->crlList->signature, crl->heap, DYNAMIC_TYPE_CRL_ENTRY); + crl->crlList->signature = newSig; + crl->crlList->signatureSz = (word32)bufSz; + } + else { + /* Reuse existing buffer, clear contents in case new signature + * is smaller. Note that we do not shrink the buffer. */ + XMEMSET(crl->crlList->signature, 0, crl->crlList->signatureSz); + } + + XMEMCPY(crl->crlList->signature, buf, bufSz); + crl->crlList->signatureSz = (word32)bufSz; + return WOLFSSL_SUCCESS; +} + /* Retrieve serial number from RevokedCert * return WOLFSSL_SUCCESS on success and negative values on failure */ @@ -8760,16 +9603,16 @@ return NULL; } -#ifndef NO_WOLFSSL_STUB const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const WOLFSSL_X509_REVOKED *rev) { - WOLFSSL_STUB("wolfSSL_X509_REVOKED_get0_revocation_date"); + WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get0_revocation_date"); - (void) rev; + if (rev != NULL) { + return rev->revocationDate; + } return NULL; } -#endif #ifndef NO_BIO @@ -9018,9 +9861,9 @@ if (revoked->revDate[0] != 0) { if (GetTimeString(revoked->revDate, ASN_UTC_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { + tmp, MAX_WIDTH, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { if (GetTimeString(revoked->revDate, ASN_GENERALIZED_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { + tmp, MAX_WIDTH, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting revocation date"); return WOLFSSL_FAILURE; } @@ -9071,13 +9914,10 @@ } if (crl->crlList->lastDate[0] != 0) { - if (GetTimeString(crl->crlList->lastDate, ASN_UTC_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - if (GetTimeString(crl->crlList->lastDate, ASN_GENERALIZED_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting last update date"); - return WOLFSSL_FAILURE; - } + if (GetTimeString(crl->crlList->lastDate, crl->crlList->lastDateFormat, + tmp, MAX_WIDTH, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting last update date"); + return WOLFSSL_FAILURE; } } else { @@ -9102,13 +9942,10 @@ } if (crl->crlList->nextDate[0] != 0) { - if (GetTimeString(crl->crlList->nextDate, ASN_UTC_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - if (GetTimeString(crl->crlList->nextDate, ASN_GENERALIZED_TIME, - tmp, MAX_WIDTH) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting next update date"); - return WOLFSSL_FAILURE; - } + if (GetTimeString(crl->crlList->nextDate, crl->crlList->nextDateFormat, + tmp, MAX_WIDTH, MAX_DATE_SIZE) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting next update date"); + return WOLFSSL_FAILURE; } } else { @@ -9212,8 +10049,17 @@ (crl->crlList->lastDateAsn1.data[0] != 0)) { return &crl->crlList->lastDateAsn1; } - else - return NULL; + return NULL; +} + +int wolfSSL_X509_CRL_set_lastUpdate(WOLFSSL_X509_CRL* crl, + const WOLFSSL_ASN1_TIME* time) +{ + if (crl != NULL && crl->crlList != NULL && time != NULL) { + crl->crlList->lastDateAsn1 = *time; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; } WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) @@ -9222,8 +10068,17 @@ (crl->crlList->nextDateAsn1.data[0] != 0)) { return &crl->crlList->nextDateAsn1; } - else - return NULL; + return NULL; +} + +int wolfSSL_X509_CRL_set_nextUpdate(WOLFSSL_X509_CRL* crl, + const WOLFSSL_ASN1_TIME* time) +{ + if (crl != NULL && crl->crlList != NULL && time != NULL) { + crl->crlList->nextDateAsn1 = *time; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; } #ifndef NO_WOLFSSL_STUB @@ -9235,8 +10090,217 @@ return 0; } #endif + +/* Encode CRL to DER format in memory. + * + * If *out is NULL, allocates memory and returns it via *out. + * If *out is not NULL, writes DER data starting at *out. + * + * @param crl CRL to encode + * @param out Pointer to output buffer pointer + * @return Size of DER encoding on success, WOLFSSL_FAILURE on failure + */ +int wolfSSL_i2d_X509_CRL(WOLFSSL_X509_CRL* crl, unsigned char** out) +{ + int ret; + long derSz = 0; + byte* der = NULL; + int alloced = 0; + + WOLFSSL_ENTER("wolfSSL_i2d_X509_CRL"); + + if (crl == NULL) { + return BAD_FUNC_ARG; + } + + /* Get required size */ + ret = BufferStoreCRL(crl, NULL, &derSz, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS || derSz <= 0) { + WOLFSSL_MSG("BufferStoreCRL failed to get size"); + return WOLFSSL_FAILURE; + } + + if (out == NULL) { + /* Just return size */ + return (int)derSz; + } + + if (*out == NULL) { + /* Allocate output buffer */ + der = (byte*)XMALLOC((size_t)derSz, NULL, DYNAMIC_TYPE_OPENSSL); + if (der == NULL) { + WOLFSSL_MSG("Memory allocation failed"); + return MEMORY_E; + } + alloced = 1; + } + else { + der = *out; + } + + /* Encode CRL to DER */ + ret = BufferStoreCRL(crl, der, &derSz, WOLFSSL_FILETYPE_ASN1); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("BufferStoreCRL failed to encode"); + if (alloced) { + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + } + return WOLFSSL_FAILURE; + } + + if (alloced) { + *out = der; + } + else { + *out += derSz; + } + + return (int)derSz; +} #endif /* HAVE_CRL && OPENSSL_EXTRA */ +#if defined(WOLFSSL_CERT_EXT) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +/* Set CRL Distribution Points from pre-encoded DER. + * + * x509 - Certificate to modify + * der - Pre-encoded CRLDistributionPoints DER + * derSz - Size of DER in bytes + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_CRL_set_dist_points(WOLFSSL_X509* x509, + const unsigned char* der, int derSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_CRL_set_dist_points"); + + if (x509 == NULL || der == NULL || derSz <= 0) { + return WOLFSSL_FAILURE; + } + + if (x509->rawCRLInfo != NULL) { + XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + } + x509->rawCRLInfo = (byte*)XMALLOC((word32)derSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->rawCRLInfo == NULL) { + return WOLFSSL_FAILURE; + } + + XMEMCPY(x509->rawCRLInfo, der, (word32)derSz); + x509->rawCRLInfoSz = derSz; + x509->CRLdistSet = 1; + + return WOLFSSL_SUCCESS; +} + +/* Add CRL Distribution Point URI. + * Encodes URI into proper CRLDistributionPoints DER format. + * + * x509 - Certificate to modify + * uri - URI string (e.g., "http://crl.example.com/ca.crl") + * critical - Whether extension is critical + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_CRL_add_dist_point(WOLFSSL_X509* x509, + const char* uri, int critical) +{ + word32 uriLen; + byte* derBuf = NULL; + word32 derSz; + word32 idx; + word32 uriTagLen; /* [6] tag + length + URI */ + word32 genNamesLen; /* [0] IMPLICIT GeneralNames wrapper */ + word32 distPtNmLen; /* [0] EXPLICIT distributionPoint wrapper */ + word32 distPtSeqLen; /* SEQUENCE for DistributionPoint */ + word32 outerSeqLen; /* SEQUENCE for CRLDistributionPoints */ + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_X509_CRL_add_dist_point"); + + if (x509 == NULL || uri == NULL) { + return WOLFSSL_FAILURE; + } + + uriLen = (word32)XSTRLEN(uri); + if (uriLen == 0) { + WOLFSSL_MSG("URI empty"); + return WOLFSSL_FAILURE; + } + + /* + * Encode CRL Distribution Points in DER format: + * CRLDistributionPoints ::= SEQUENCE OF DistributionPoint + * DistributionPoint ::= SEQUENCE { + * distributionPoint [0] EXPLICIT DistributionPointName OPTIONAL + * } + * DistributionPointName ::= CHOICE { + * fullName [0] IMPLICIT GeneralNames + * } + * GeneralNames ::= SEQUENCE OF GeneralName + * GeneralName ::= [6] IMPLICIT IA5String (uniformResourceIdentifier) + */ + + /* Calculate sizes from innermost to outermost */ + /* [6] tag (1 byte) + length encoding + URI data */ + uriTagLen = ASN_TAG_SZ + SetLength(uriLen, NULL) + uriLen; + /* [0] CONSTRUCTED tag (1 byte) + length encoding + uriTagLen */ + genNamesLen = ASN_TAG_SZ + SetLength(uriTagLen, NULL) + uriTagLen; + /* [0] CONSTRUCTED tag (1 byte) + length encoding + genNamesLen */ + distPtNmLen = ASN_TAG_SZ + SetLength(genNamesLen, NULL) + genNamesLen; + /* SEQUENCE header + distPtNmLen */ + distPtSeqLen = SetSequence(distPtNmLen, NULL) + distPtNmLen; + /* Outer SEQUENCE header + distPtSeqLen */ + outerSeqLen = SetSequence(distPtSeqLen, NULL) + distPtSeqLen; + + derSz = outerSeqLen; + + /* Allocate buffer for DER encoding */ + derBuf = (byte*)XMALLOC(derSz, x509->heap, DYNAMIC_TYPE_X509_EXT); + if (derBuf == NULL) { + return WOLFSSL_FAILURE; + } + + /* Build forward using SetSequence/SetHeader/SetLength */ + idx = 0; + + /* SEQUENCE for CRLDistributionPoints (outer) */ + idx += SetSequence(distPtSeqLen, derBuf + idx); + + /* SEQUENCE for DistributionPoint */ + idx += SetSequence(distPtNmLen, derBuf + idx); + + /* [0] EXPLICIT wrapper for distributionPoint */ + derBuf[idx++] = (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED); + idx += SetLength(genNamesLen, derBuf + idx); + + /* [0] IMPLICIT wrapper for GeneralNames (constructed) */ + derBuf[idx++] = (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED); + idx += SetLength(uriTagLen, derBuf + idx); + + /* [6] IMPLICIT IA5String tag for URI (context-specific, primitive) */ + derBuf[idx++] = (ASN_CONTEXT_SPECIFIC | 6); /* [6] tag */ + idx += SetLength(uriLen, derBuf + idx); + + /* Copy URI string */ + XMEMCPY(derBuf + idx, uri, uriLen); + idx += uriLen; + + /* Store the encoded CRL info in x509 */ + { + ret = wolfSSL_X509_CRL_set_dist_points(x509, derBuf, (int)idx); + if (ret == WOLFSSL_SUCCESS && critical) { + x509->CRLdistCrit = 1; + } + } + + XFREE(derBuf, x509->heap, DYNAMIC_TYPE_X509_EXT); + + return ret; +} +#endif /* WOLFSSL_CERT_EXT && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ + #ifdef OPENSSL_EXTRA @@ -9728,34 +10792,192 @@ } #endif -#ifndef NO_WOLFSSL_STUB -int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked) +int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_STACK* sk) { - (void)revoked; - WOLFSSL_STUB("sk_X509_REVOKED_num"); + WOLFSSL_ENTER("wolfSSL_sk_X509_REVOKED_num"); + if (sk != NULL) { + return (int)sk->num; + } return 0; } -#endif -#ifndef NO_WOLFSSL_STUB -WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl) +/* Free a WOLFSSL_X509_REVOKED and all its owned memory. */ +void wolfSSL_X509_REVOKED_free(WOLFSSL_X509_REVOKED* rev) { - (void)crl; - WOLFSSL_STUB("X509_CRL_get_REVOKED"); + if (rev == NULL) { + return; + } + + wolfSSL_ASN1_INTEGER_free(rev->serialNumber); + wolfSSL_ASN1_TIME_free(rev->revocationDate); + + if (rev->extensions != NULL) { + wolfSSL_sk_pop_free(rev->extensions, NULL); + } + if (rev->issuer != NULL) { + wolfSSL_sk_pop_free(rev->issuer, NULL); + } + + XFREE(rev, NULL, DYNAMIC_TYPE_OPENSSL); +} + +#ifdef HAVE_CRL +/* Build a WOLFSSL_X509_REVOKED from an internal RevokedCert. + * Caller takes ownership of the returned object. */ +static WOLFSSL_X509_REVOKED* RevokedCertToRevoked(RevokedCert* rc, int seq) +{ + WOLFSSL_X509_REVOKED* rev; + WOLFSSL_ASN1_INTEGER* serial; + + if (rc == NULL) { + return NULL; + } + + rev = (WOLFSSL_X509_REVOKED*)XMALLOC(sizeof(WOLFSSL_X509_REVOKED), NULL, + DYNAMIC_TYPE_OPENSSL); + if (rev == NULL) { + return NULL; + } + XMEMSET(rev, 0, sizeof(WOLFSSL_X509_REVOKED)); + + /* Serial number */ + serial = wolfSSL_ASN1_INTEGER_new(); + if (serial == NULL) { + XFREE(rev, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + if (rc->serialSz > 0 && rc->serialSz <= EXTERNAL_SERIAL_SIZE) { + serial->data = (unsigned char*)XMALLOC((size_t)rc->serialSz, NULL, + DYNAMIC_TYPE_OPENSSL); + if (serial->data == NULL) { + wolfSSL_ASN1_INTEGER_free(serial); + XFREE(rev, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + XMEMCPY(serial->data, rc->serialNumber, (size_t)rc->serialSz); + serial->length = rc->serialSz; + serial->dataMax = rc->serialSz; + serial->isDynamic = 1; + } + rev->serialNumber = serial; + + /* Revocation date */ + { + WOLFSSL_ASN1_TIME* revDate = wolfSSL_ASN1_TIME_new(); + if (revDate != NULL) { + int dateLen = 0; + /* Determine date length from the format byte */ + if (rc->revDateFormat == ASN_UTC_TIME || + rc->revDateFormat == ASN_GENERALIZED_TIME) { + /* Find actual length: dates are null-terminated strings in + * revDate buffer up to MAX_DATE_SIZE */ + while (dateLen < MAX_DATE_SIZE && rc->revDate[dateLen] != 0) + dateLen++; + } + if (dateLen > 0 && dateLen < MAX_DATE_SIZE) { + XMEMCPY(revDate->data, rc->revDate, (size_t)dateLen); + revDate->length = dateLen; + revDate->type = rc->revDateFormat; + } + } + rev->revocationDate = revDate; + } + + /* Reason code */ + rev->reason = rc->reasonCode; + + /* Sequence (load order) */ + rev->sequence = seq; + + /* issuer: left as NULL (indirect CRL not yet supported) */ + /* extensions: left as NULL for now (raw DER available in RevokedCert + * but decoded STACK_OF(X509_EXTENSION) build not yet implemented) */ + + return rev; +} +#endif /* HAVE_CRL */ + +WOLFSSL_STACK* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl) +{ + WOLFSSL_ENTER("wolfSSL_X509_CRL_get_REVOKED"); + + if (crl == NULL) { + return NULL; + } + +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + /* Return cached stack if already built */ + if (crl->revokedStack != NULL) { + return crl->revokedStack; + } + + /* Build the stack from the internal RevokedCert linked list */ + if (crl->crlList != NULL) { + WOLFSSL_STACK* sk; + RevokedCert* rc; + int seq = 0; + + sk = wolfSSL_sk_new_null(); + if (sk == NULL) { + return NULL; + } + sk->type = STACK_TYPE_X509_REVOKED; + + for (rc = crl->crlList->certs; rc != NULL; rc = rc->next) { + WOLFSSL_X509_REVOKED* rev = RevokedCertToRevoked(rc, seq); + if (rev == NULL) { + /* Clean up on failure */ + wolfSSL_sk_pop_free(sk, NULL); + return NULL; + } + /* Push to stack. wolfSSL_sk_push returns total count on success. */ + if (wolfSSL_sk_push(sk, rev) <= 0) { + wolfSSL_X509_REVOKED_free(rev); + wolfSSL_sk_pop_free(sk, NULL); + return NULL; + } + seq++; + } + + crl->revokedStack = sk; + return sk; + } +#endif /* OPENSSL_EXTRA && HAVE_CRL */ + return NULL; } -#endif -#ifndef NO_WOLFSSL_STUB WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( - WOLFSSL_X509_REVOKED* revoked, int value) + WOLFSSL_STACK* sk, int idx) { - (void)revoked; - (void)value; - WOLFSSL_STUB("sk_X509_REVOKED_value"); + WOLFSSL_ENTER("wolfSSL_sk_X509_REVOKED_value"); + + if (sk == NULL) { + return NULL; + } + + return (WOLFSSL_X509_REVOKED*)wolfSSL_sk_value(sk, idx); +} + +/* Extension accessors for WOLFSSL_X509_REVOKED */ +int wolfSSL_X509_REVOKED_get_ext_count(const WOLFSSL_X509_REVOKED* rev) +{ + WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get_ext_count"); + if (rev != NULL && rev->extensions != NULL) { + return (int)rev->extensions->num; + } + return 0; +} + +WOLFSSL_X509_EXTENSION* wolfSSL_X509_REVOKED_get_ext( + const WOLFSSL_X509_REVOKED* rev, int loc) +{ + WOLFSSL_ENTER("wolfSSL_X509_REVOKED_get_ext"); + if (rev != NULL && rev->extensions != NULL) { + return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(rev->extensions, loc); + } return NULL; } -#endif #endif /* OPENSSL_EXTRA */ @@ -9815,10 +11037,11 @@ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) \ - || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_APACHE_HTTPD) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_WPAS) WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void) { WOLFSSL_X509_ALGOR* ret; @@ -10233,10 +11456,11 @@ return WOLFSSL_FAILURE; } -#endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || - * WOLFSSL_WPAS */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_APACHE_HTTPD || + * WOLFSSL_HAPROXY || WOLFSSL_WPAS */ -#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED) +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN) && \ + !defined(NO_PWDBASED) int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) @@ -10246,9 +11470,9 @@ return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); } -#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */ +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_ASN && !NO_PWDBASED */ -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void) @@ -10399,7 +11623,7 @@ /* Creates a duplicate of a WOLFSSL_X509_NAME structure. Returns a new WOLFSSL_X509_NAME structure or NULL on failure */ - WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME *name) + WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(const WOLFSSL_X509_NAME *name) { WOLFSSL_X509_NAME* copy = NULL; @@ -10630,7 +11854,7 @@ cert->isCA = wolfSSL_X509_get_isCA(x509); cert->basicConstCrit = x509->basicConstCrit; cert->basicConstSet = x509->basicConstSet; - cert->pathLen = x509->pathLength; + cert->pathLen = (byte)x509->pathLength; cert->pathLenSet = x509->pathLengthSet; #ifdef WOLFSSL_CERT_EXT @@ -10646,25 +11870,28 @@ return WOLFSSL_FAILURE; } - if (x509->authKeyIdSz < sizeof(cert->akid)) { #ifdef WOLFSSL_AKID_NAME - cert->rawAkid = 0; - if (x509->authKeyIdSrc) { - XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); - cert->akidSz = (int)x509->authKeyIdSrcSz; - cert->rawAkid = 1; + cert->rawAkid = 0; + if (x509->authKeyIdSrc) { + if (x509->authKeyIdSrcSz > sizeof(cert->akid)) { + WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; } - else + XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); + cert->akidSz = (int)x509->authKeyIdSrcSz; + cert->rawAkid = 1; + } + else #endif - if (x509->authKeyId) { - XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); - cert->akidSz = (int)x509->authKeyIdSz; + if (x509->authKeyId) { + if (x509->authKeyIdSz > sizeof(cert->akid)) { + WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; } - } - else { - WOLFSSL_MSG("Auth Key ID too large"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; + XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); + cert->akidSz = (int)x509->authKeyIdSz; } for (i = 0; i < x509->certPoliciesNb; i++) { @@ -11630,15 +12857,20 @@ } nameStr = (const char*)wolfSSL_ASN1_STRING_data(cano_data); - ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, - (byte)ConvertNIDToWolfSSL(entry->nid)); - if (ret < 0) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_ASN1_STRING_free(cano_data); - WOLFSSL_MSG("EncodeName failed"); - return WOLFSSL_FATAL_ERROR; + /* allow for blank values in the name structure, eg OU= */ + if (nameStr) + { + ret = wc_EncodeNameCanonical(&names[i], nameStr, CTC_UTF8, + (byte)ConvertNIDToWolfSSL(entry->nid)); + if (ret < 0) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_ASN1_STRING_free(cano_data); + WOLFSSL_MSG("EncodeName failed"); + return WOLFSSL_FATAL_ERROR; + } + totalBytes += ret; } - totalBytes += ret; + wolfSSL_ASN1_STRING_free(cano_data); } } @@ -11906,22 +13138,23 @@ int pemSz; long i = 0, l, footerSz; const char* footer = NULL; + int streaming = 0; /* Flag to indicate if source is streaming (FIFO) */ + const char* altFooter = NULL; + long altFooterSz = 0; WOLFSSL_ENTER("loadX509orX509REQFromPemBio"); - if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE)) { + if (bp == NULL || (type != CERT_TYPE && type != CERTREQ_TYPE && + type != TRUSTED_CERT_TYPE)) { WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG); return NULL; } if ((l = wolfSSL_BIO_get_len(bp)) <= 0) { - /* No certificate in buffer */ -#if defined (WOLFSSL_HAPROXY) - WOLFSSL_ERROR(PEM_R_NO_START_LINE); -#else - WOLFSSL_ERROR(ASN_NO_PEM_HEADER); -#endif - return NULL; + /* No certificate size available - could be FIFO or other streaming + * source. Use MAX_X509_SIZE as initial buffer, will resize if needed. */ + l = MAX_X509_SIZE; + streaming = 1; } pemSz = (int)l; @@ -11937,17 +13170,66 @@ } footerSz = (long)XSTRLEN(footer); + /* For TRUSTED_CERT_TYPE, also prepare to check for regular CERT footer + * as the file might contain regular certificates instead of TRUSTED + * format */ + if (type == TRUSTED_CERT_TYPE) { + wc_PemGetHeaderFooter(CERT_TYPE, NULL, &altFooter); + if (altFooter != NULL) { + altFooterSz = (long)XSTRLEN(altFooter); + } + } + /* TODO: Inefficient * reading in one byte at a time until see the footer */ while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) { + int foundFooter = 0; i++; - if (i > footerSz && XMEMCMP((char *)&pem[i-footerSz], footer, - footerSz) == 0) { - if (wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) { + /* Check if buffer is full and we're reading from streaming source */ + if (i >= pemSz && streaming) { + /* Double the buffer size for streaming sources */ + int newSz = pemSz * 2; + unsigned char* newPem; + + /* Sanity check: don't grow beyond reasonable limit */ + if (newSz > MAX_BIO_READ_BUFFER) { + WOLFSSL_MSG("PEM data too large for streaming source"); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + return NULL; + } + + newPem = (unsigned char*)XREALLOC(pem, newSz, 0, DYNAMIC_TYPE_PEM); + if (newPem == NULL) { + WOLFSSL_MSG("Failed to resize PEM buffer"); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); + return NULL; + } + + pem = newPem; + pemSz = newSz; + } + else if (i >= pemSz) { + /* Buffer full for non-streaming source - this shouldn't happen */ + break; + } + + /* Check for the expected footer OR alternate footer (for + * TRUSTED_CERT_TYPE) */ + if (i > footerSz && + XMEMCMP((char *)&pem[i-footerSz], footer, footerSz) == 0) { + foundFooter = 1; + } + else if (i > altFooterSz && altFooter != NULL && + XMEMCMP((char *)&pem[i-altFooterSz], altFooter, altFooterSz) == 0) { + foundFooter = 1; + } + + if (foundFooter) { + if (i < pemSz && wolfSSL_BIO_read(bp, (char *)&pem[i], 1) == 1) { /* attempt to read newline following footer */ i++; - if (pem[i-1] == '\r') { + if (i < pemSz && pem[i-1] == '\r') { /* found \r , Windows line ending is \r\n so try to read one * more byte for \n, ignoring return value */ (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); @@ -11956,8 +13238,9 @@ break; } } - if (l == 0) + if (l == 0 && i == 0) { WOLFSSL_ERROR(ASN_NO_PEM_HEADER); + } if (i > pemSz) { WOLFSSL_MSG("Error parsing PEM"); } @@ -11969,6 +13252,12 @@ CERTREQ_TYPE, cb, u); else #endif + /* Use TRUSTED_CERT_TYPE if input was TRUSTED CERTIFICATE format, + * otherwise use CERT_TYPE for regular certificates */ + if (type == TRUSTED_CERT_TYPE) + x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM, + TRUSTED_CERT_TYPE, cb, u); + else x509 = loadX509orX509REQFromBuffer(pem, pemSz, WOLFSSL_FILETYPE_PEM, CERT_TYPE, cb, u); } @@ -11989,6 +13278,86 @@ } +WC_MAYBE_UNUSED +static unsigned char* ReadPemFromBioToBuffer(WOLFSSL_BIO *bp, int *pemSz) +{ + unsigned char* pem = NULL; + + WOLFSSL_ENTER("ReadPemFromBioToBuffer"); + + if (bp == NULL || pemSz == NULL) { + WOLFSSL_LEAVE("ReadPemFromBioToBuffer", BAD_FUNC_ARG); + return NULL; + } + + if ((*pemSz = wolfSSL_BIO_get_len(bp)) <= 0) { + /* No certificate size available - could be FIFO or other streaming + * source. Use MAX_X509_SIZE as initial buffer, read in loop. */ + int totalRead = 0; + int readSz; + + *pemSz = MAX_X509_SIZE; + pem = (unsigned char*)XMALLOC(*pemSz, 0, DYNAMIC_TYPE_PEM); + if (pem == NULL) { + return NULL; + } + + /* Read from streaming source until EOF or buffer full */ + while ((readSz = wolfSSL_BIO_read(bp, pem + totalRead, + *pemSz - totalRead)) > 0) { + totalRead += readSz; + + /* If buffer is full, try to grow it */ + if (totalRead >= *pemSz) { + int newSz = *pemSz * 2; + unsigned char* newPem; + + /* Sanity check */ + if (newSz > MAX_BIO_READ_BUFFER) { + WOLFSSL_MSG("PEM data too large for streaming source"); + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return NULL; + } + + newPem = (unsigned char*)XREALLOC(pem, newSz, 0, + DYNAMIC_TYPE_PEM); + if (newPem == NULL) { + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return NULL; + } + pem = newPem; + *pemSz = newSz; + } + } + + *pemSz = totalRead; + if (*pemSz <= 0) { + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return NULL; + } + } + else { + /* Known size - allocate and read */ + pem = (unsigned char*)XMALLOC(*pemSz, 0, DYNAMIC_TYPE_PEM); + if (pem == NULL) { + return NULL; + } + + XMEMSET(pem, 0, *pemSz); + + *pemSz = wolfSSL_BIO_read(bp, pem, *pemSz); + if (*pemSz <= 0) { + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return NULL; + } + } + + WOLFSSL_LEAVE("ReadPemFromBioToBuffer", 0); + return pem; +} + + + #if defined(WOLFSSL_ACERT) WOLFSSL_X509_ACERT *wolfSSL_PEM_read_bio_X509_ACERT(WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, @@ -12003,29 +13372,14 @@ WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_ACERT"); if (bp == NULL) { - WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509_ACERT", BAD_FUNC_ARG); return NULL; } - if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) { - /* No certificate in buffer */ - WOLFSSL_ERROR(ASN_NO_PEM_HEADER); - return NULL; - } - - pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM); - + pem = ReadPemFromBioToBuffer(bp, &pemSz); if (pem == NULL) { return NULL; } - XMEMSET(pem, 0, pemSz); - - if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) { - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); - return NULL; - } - x509 = wolfSSL_X509_ACERT_load_certificate_buffer(pem, pemSz, WOLFSSL_FILETYPE_PEM); @@ -12063,14 +13417,15 @@ WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) { - WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_AUX"); /* AUX info is; trusted/rejected uses, friendly name, private key id, * and potentially a stack of "other" info. wolfSSL does not store * friendly name or private key id yet in WOLFSSL_X509 for human * readability and does not support extra trusted/rejected uses for - * root CA. */ - return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); + * root CA. Use TRUSTED_CERT_TYPE to properly parse TRUSTED CERTIFICATE + * format and strip auxiliary data. */ + return loadX509orX509REQFromPemBio(bp, x, cb, u, TRUSTED_CERT_TYPE); } #ifdef WOLFSSL_CERT_REQ @@ -12123,21 +13478,14 @@ { #if defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_CRL) unsigned char* pem = NULL; - int pemSz; - int derSz; + int pemSz = 0; + int derSz = 0; DerBuffer* der = NULL; WOLFSSL_X509_CRL* crl = NULL; - if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) { - goto err; - } + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_CRL"); - pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM); - if (pem == NULL) { - goto err; - } - - if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) { + if ((pem = ReadPemFromBioToBuffer(bp, &pemSz)) == NULL) { goto err; } @@ -12150,6 +13498,9 @@ } err: + if (pemSz == 0) { + WOLFSSL_ERROR(ASN_NO_PEM_HEADER); + } XFREE(pem, 0, DYNAMIC_TYPE_PEM); if (der != NULL) { FreeDer(&der); @@ -12273,6 +13624,18 @@ return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE); } + +/* Store CRL to file in DER or PEM format. + * Returns WOLFSSL_SUCCESS on success, negative on failure. + */ +int wolfSSL_write_X509_CRL(WOLFSSL_X509_CRL* crl, const char* path, int type) +{ + int ret; + WOLFSSL_ENTER("wolfSSL_write_X509_CRL"); + ret = StoreCRL(crl, path, type); + WOLFSSL_LEAVE("wolfSSL_write_X509_CRL", ret); + return ret; +} #endif #ifdef WOLFSSL_CERT_GEN @@ -12957,7 +14320,7 @@ else { /* iterate through and find first open spot */ for (i = 0; i < MAX_NAME_ENTRIES; i++) { - if (name->entry[i].set != 1) { /* not set so overwritten */ + if (name->entry[i].set == 0) { /* not set so overwritten */ WOLFSSL_MSG("Found place for name entry"); break; } @@ -13000,6 +14363,15 @@ return WOLFSSL_FAILURE; } +#ifdef WOLFSSL_PYTHON + /* Set name index for OpenSSL stack index position and so Python can + * generate tuples/sets from the list. */ + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].set != 0) + name->entry[i].set = i + 1; + } +#endif + if (RebuildFullName(name) != 0) return WOLFSSL_FAILURE; @@ -13071,6 +14443,17 @@ return NULL; } name->entry[loc].set = 0; +#ifdef WOLFSSL_PYTHON + { + int i; + /* Set name index for OpenSSL stack index position and so Python can + * generate tuples/sets from the list. */ + for (i = 0; i < MAX_NAME_ENTRIES; i++) { + if (name->entry[i].set != 0) + name->entry[i].set = i + 1; + } + } +#endif return ret; } @@ -13121,7 +14504,7 @@ /* returns a pointer to the internal entry at location 'loc' on success, * a null pointer is returned in fail cases */ WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( - WOLFSSL_X509_NAME *name, int loc) + const WOLFSSL_X509_NAME *name, int loc) { #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); @@ -13137,15 +14520,7 @@ } if (name->entry[loc].set) { -#ifdef WOLFSSL_PYTHON - /* "set" is not only flag use, but also stack index position use in - * OpenSSL. Python makes tuple based on this number. Therefore, - * updating "set" by position + 1. "plus 1" means to avoid "not set" - * zero. - */ - name->entry[loc].set = loc + 1; -#endif - return &name->entry[loc]; + return (WOLFSSL_X509_NAME_ENTRY*)&name->entry[loc]; } else { return NULL; @@ -14190,6 +15565,13 @@ chklen--; } +#ifdef WOLFSSL_IP_ALT_NAME + ret = CheckIPAddr(dCert, (char *)chk); + if (ret == 0) { + goto out; + } +#endif /* WOLFSSL_IP_ALT_NAME */ + ret = CheckHostName(dCert, (char *)chk, chklen, flags, 0); out: @@ -14343,40 +15725,105 @@ void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { - WOLFSSL_STACK *curr; - - while (sk != NULL) { - curr = sk; - sk = sk->next; + wolfSSL_sk_pop_free(sk, NULL); +} - XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL); +static int x509_aia_append_string(WOLFSSL_STACK* list, const byte* uri, + word32 uriSz) +{ + WOLFSSL_STRING url = (WOLFSSL_STRING)XMALLOC(uriSz + 1, NULL, + DYNAMIC_TYPE_OPENSSL); + if (url == NULL) + return -1; + XMEMCPY(url, uri, uriSz); + url[uriSz] = '\0'; + + if (wolfSSL_sk_push(list, url) <= 0) { + XFREE(url, NULL, DYNAMIC_TYPE_OPENSSL); + return -1; } + + return 0; } -WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x) +static WOLFSSL_STACK* x509_get1_aia_by_method(WOLFSSL_X509* x, word32 method, + const byte* fallback, int fallbackSz) { - WOLFSSL_STACK* list = NULL; - char* url; + WOLFSSL_STACK* ret = NULL; + int i; - if (x == NULL || x->authInfoSz == 0) + if (x == NULL) return NULL; - list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1, - NULL, DYNAMIC_TYPE_OPENSSL); - if (list == NULL) + ret = wolfSSL_sk_WOLFSSL_STRING_new(); + if (ret == NULL) return NULL; - url = (char*)list; - url += sizeof(WOLFSSL_STACK); - XMEMCPY(url, x->authInfo, x->authInfoSz); - url[x->authInfoSz] = '\0'; + /* Build from multi-entry list when available; otherwise fall back to the + * legacy single-entry fields to preserve previous behavior. */ + if (x->authInfoListSz > 0) { + for (i = 0; i < x->authInfoListSz; i++) { + if (x->authInfoList[i].method != method || + x->authInfoList[i].uri == NULL || + x->authInfoList[i].uriSz == 0) { + continue; + } + + if (x509_aia_append_string(ret, x->authInfoList[i].uri, + x->authInfoList[i].uriSz) != 0) { + wolfSSL_X509_email_free(ret); + return NULL; + } + } + } + /* Only use fallback when nothing was found in the list */ + if (wolfSSL_sk_num(ret) == 0 && fallback != NULL && fallbackSz > 0) { + if (x509_aia_append_string(ret, fallback, (word32)fallbackSz) != 0) { + wolfSSL_X509_email_free(ret); + return NULL; + } + } + + /* Return NULL when empty */ + if (wolfSSL_sk_num(ret) == 0) { + wolfSSL_X509_email_free(ret); + ret = NULL; + } + + return ret; +} + +WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x) +{ + if (x == NULL) + return NULL; + return x509_get1_aia_by_method(x, AIA_OCSP_OID, x->authInfo, x->authInfoSz); +} + +int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x) +{ + int overflow = 0; + + WOLFSSL_ENTER("wolfSSL_X509_get_aia_overflow"); + + if (x != NULL) { + overflow = x->authInfoListOverflow; + } - list->data.string = url; - list->next = NULL; - list->num = 1; + WOLFSSL_LEAVE("wolfSSL_X509_get_aia_overflow", overflow); - return list; + return overflow; +} + +#ifdef WOLFSSL_ASN_CA_ISSUER +WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers(WOLFSSL_X509 *x) +{ + if (x == NULL) + return NULL; + return x509_get1_aia_by_method(x, AIA_CA_ISSUER_OID, x->authInfoCaIssuer, + x->authInfoCaIssuerSz); } +#endif /* WOLFSSL_ASN_CA_ISSUER */ int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject) { @@ -14536,7 +15983,7 @@ /* unlike wolfSSL_X509_NAME_dup this does not malloc a duplicate, only deep * copy. "to" is expected to be a fresh blank name, if not pointers could be * lost */ -int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) +int wolfSSL_X509_NAME_copy(const WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to) { int i; @@ -14630,6 +16077,10 @@ return WOLFSSL_FAILURE; } + if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) { + return WOLFSSL_FAILURE; + } + x509->notAfter.type = t->type; x509->notAfter.length = t->length; @@ -14644,6 +16095,10 @@ return WOLFSSL_FAILURE; } + if (t->length < 0 || t->length > CTC_DATE_SIZE - 2) { + return WOLFSSL_FAILURE; + } + x509->notBefore.type = t->type; x509->notBefore.length = t->length; @@ -14670,13 +16125,13 @@ /* WOLFSSL_ASN1_INTEGER has type | size | data * Sanity check that the data is actually in ASN format */ - if (s->length < 3 && s->data[0] != ASN_INTEGER && + if (s->length < 3 || s->data[0] != ASN_INTEGER || s->data[1] != s->length - 2) { return WOLFSSL_FAILURE; } XMEMCPY(x509->serial, s->data + 2, s->length - 2); x509->serialSz = s->length - 2; - x509->serial[s->length] = 0; + x509->serial[x509->serialSz] = 0; return WOLFSSL_SUCCESS; } @@ -14788,6 +16243,183 @@ return WOLFSSL_SUCCESS; } +#ifdef WOLFSSL_CERT_EXT +/* Set Subject Key Identifier from raw bytes. + * + * x509 - Certificate to modify + * skid - Raw SKID bytes + * skidSz - Size of SKID in bytes + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_set_subject_key_id(WOLFSSL_X509* x509, + const unsigned char* skid, int skidSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_set_subject_key_id"); + + if (x509 == NULL || skid == NULL || skidSz <= 0) { + return WOLFSSL_FAILURE; + } + + /* Allocate/reallocate memory for subjKeyId */ + if (x509->subjKeyId == NULL || (int)x509->subjKeyIdSz < skidSz) { + if (x509->subjKeyId != NULL) { + XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); + } + x509->subjKeyId = (byte*)XMALLOC((word32)skidSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->subjKeyId == NULL) { + return WOLFSSL_FAILURE; + } + } + + XMEMCPY(x509->subjKeyId, skid, (word32)skidSz); + x509->subjKeyIdSz = (word32)skidSz; + x509->subjKeyIdSet = 1; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_SHA +/* Set Subject Key Identifier by computing SHA-1 hash of the public key. + * + * x509 - Certificate to modify (must have public key set) + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_set_subject_key_id_ex(WOLFSSL_X509* x509) +{ + byte hash[WC_SHA_DIGEST_SIZE]; + int ret; + + WOLFSSL_ENTER("wolfSSL_X509_set_subject_key_id_ex"); + + if (x509 == NULL) { + return WOLFSSL_FAILURE; + } + + /* Check if public key has been set */ + if (x509->pubKey.buffer == NULL || x509->pubKey.length == 0) { + WOLFSSL_MSG("Public key not set"); + return WOLFSSL_FAILURE; + } + + /* Compute SHA-1 hash of the public key */ + ret = wc_ShaHash(x509->pubKey.buffer, x509->pubKey.length, hash); + if (ret != 0) { + WOLFSSL_MSG("wc_ShaHash failed"); + return WOLFSSL_FAILURE; + } + + return wolfSSL_X509_set_subject_key_id(x509, hash, WC_SHA_DIGEST_SIZE); +} +#endif /* !NO_SHA */ + +/* Set Authority Key Identifier from raw bytes. + * + * x509 - Certificate to modify + * akid - Raw AKID bytes + * akidSz - Size of AKID in bytes + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_set_authority_key_id(WOLFSSL_X509* x509, + const unsigned char* akid, int akidSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_set_authority_key_id"); + + if (x509 == NULL || akid == NULL || akidSz <= 0) { + return WOLFSSL_FAILURE; + } + + /* Allocate/reallocate memory for authKeyIdSrc */ + if (x509->authKeyIdSrc == NULL || (int)x509->authKeyIdSrcSz < akidSz) { + if (x509->authKeyIdSrc != NULL) { + XFREE(x509->authKeyIdSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); + } + x509->authKeyIdSrc = (byte*)XMALLOC((word32)akidSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->authKeyIdSrc == NULL) { + return WOLFSSL_FAILURE; + } + } + + XMEMCPY(x509->authKeyIdSrc, akid, (word32)akidSz); + x509->authKeyIdSrcSz = (word32)akidSz; + x509->authKeyId = x509->authKeyIdSrc; + x509->authKeyIdSz = (word32)akidSz; + x509->authKeyIdSet = 1; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_SHA +/* Set Authority Key Identifier from issuer certificate. + * Extracts SKID from issuer (or computes from issuer's public key). + * + * x509 - Certificate to modify + * issuer - Issuer certificate + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_set_authority_key_id_ex(WOLFSSL_X509* x509, + WOLFSSL_X509* issuer) +{ + byte hash[WC_SHA_DIGEST_SIZE]; + int ret; + + WOLFSSL_ENTER("wolfSSL_X509_set_authority_key_id_ex"); + + if (x509 == NULL || issuer == NULL) { + return WOLFSSL_FAILURE; + } + + /* First try to use issuer's SKID if it's set */ + if (issuer->subjKeyIdSet && issuer->subjKeyId != NULL && + issuer->subjKeyIdSz > 0) { + return wolfSSL_X509_set_authority_key_id(x509, issuer->subjKeyId, + (int)issuer->subjKeyIdSz); + } + + /* Otherwise compute from issuer's public key */ + if (issuer->pubKey.buffer == NULL || issuer->pubKey.length == 0) { + WOLFSSL_MSG("Issuer public key not available"); + return WOLFSSL_FAILURE; + } + + ret = wc_ShaHash(issuer->pubKey.buffer, issuer->pubKey.length, hash); + if (ret != 0) { + WOLFSSL_MSG("wc_ShaHash failed"); + return WOLFSSL_FAILURE; + } + + return wolfSSL_X509_set_authority_key_id(x509, hash, WC_SHA_DIGEST_SIZE); +} +#endif /* !NO_SHA */ +#endif /* WOLFSSL_CERT_EXT */ + +#ifndef IGNORE_NETSCAPE_CERT_TYPE +/* Set Netscape Certificate Type extension. + * + * x509 - Certificate to modify + * nsCertType - Bitwise OR of NS_SSL_CLIENT, NS_SSL_SERVER, etc. + * + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_X509_set_ns_cert_type(WOLFSSL_X509* x509, int nsCertType) +{ + WOLFSSL_ENTER("wolfSSL_X509_set_ns_cert_type"); + + if (x509 == NULL) { + return WOLFSSL_FAILURE; + } + + x509->nsCertType = (byte)nsCertType; + + return WOLFSSL_SUCCESS; +} +#endif /* !IGNORE_NETSCAPE_CERT_TYPE */ + #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */ #if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/src/x509_str.c mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509_str.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/src/x509_str.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/src/x509_str.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* x509_str.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -230,6 +230,18 @@ XMEMSET(ctx->param, 0, sizeof(*ctx->param)); } + /* Copy check_time from store parameters if available */ + if (store != NULL && store->param != NULL) { + if ((store->param->flags & WOLFSSL_USE_CHECK_TIME) != 0 && + store->param->check_time != 0) { + ctx->param->check_time = store->param->check_time; + ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; + } + if ((store->param->flags & WOLFSSL_NO_CHECK_TIME) != 0) { + ctx->param->flags |= WOLFSSL_NO_CHECK_TIME; + } + } + return WOLFSSL_SUCCESS; } return WOLFSSL_FAILURE; @@ -306,6 +318,11 @@ { int error = GetX509Error(ret); + /* Do not overwrite a previously recorded error with success; preserve + * the worst-seen error across the chain walk. */ + if (error == 0 && ctx->error != 0) + return; + wolfSSL_X509_STORE_CTX_set_error(ctx, error); wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); } @@ -321,6 +338,92 @@ SetupStoreCtxError_ex(ctx, ret, depth); } +#ifndef NO_ASN_TIME +/* Post certificate validation date handling. This function is called after the + * certificate has been verified by the certificate manager. It then checks if + * X509 store parameters are set for date validation override. + * @param ctx The certificate store context + * @param ret The return value from the certificate manager verify + * @return The return value for the certificate date validation after override + */ +static int X509StoreVerifyCertDate(WOLFSSL_X509_STORE_CTX* ctx, int ret) +{ + byte *afterDate = ctx->current_cert->notAfter.data; + byte *beforeDate = ctx->current_cert->notBefore.data; + + /* Only override existing date errors or WOLFSSL_SUCCESS. */ + if (ret == WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) || + ret == WC_NO_ERR_TRACE(ASN_AFTER_DATE_E) || + ret == WC_NO_ERR_TRACE(WOLFSSL_SUCCESS)) { +#ifdef USE_WOLF_VALIDDATE + WOLFSSL_X509_VERIFY_PARAM* param = NULL; + + /* If no external XVALIDATE_DATE was defined then use param for date + validation overrides. */ + if (ctx->param != NULL) { + param = ctx->param; + } + else if (ctx->store != NULL && ctx->store->param != NULL) { + param = ctx->store->param; + } + + if (param != NULL) { + if ((param->flags & WOLFSSL_NO_CHECK_TIME) != 0) { + WOLFSSL_MSG("Overriding date validation WOLFSSL_NO_CHECK_TIME"); + ret = WOLFSSL_SUCCESS; + } + else if ((param->flags & WOLFSSL_USE_CHECK_TIME) != 0 && + (param->check_time != 0)) { + time_t checkTime = param->check_time; + ret = WOLFSSL_SUCCESS; /* override date error and use custom set + time for validating certificate dates */ + WOLFSSL_MSG("Override date validation, WOLFSSL_USE_CHECK_TIME"); + if (wc_ValidateDateWithTime(afterDate, + (byte)ctx->current_cert->notAfter.type, ASN_AFTER, + checkTime, ctx->current_cert->notAfter.length) < 1) { + ret = ASN_AFTER_DATE_E; + } + else if (wc_ValidateDateWithTime(beforeDate, + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE, + checkTime, ctx->current_cert->notBefore.length) < 1) { + ret = ASN_BEFORE_DATE_E; + } + } + #if defined(OPENSSL_ALL) + else { + WOLFSSL_MSG("Using system time for date validation"); + /* use system time for date validation */ + if (wc_ValidateDate(afterDate, + (byte)ctx->current_cert->notAfter.type, ASN_AFTER, + ctx->current_cert->notAfter.length) < 1) { + ret = ASN_AFTER_DATE_E; + } + else if (wc_ValidateDate(beforeDate, + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE, + ctx->current_cert->notBefore.length) < 1) { + ret = ASN_BEFORE_DATE_E; + } + } + #endif + } +#else + if (XVALIDATE_DATE(afterDate, + (byte)ctx->current_cert->notAfter.type, ASN_AFTER, + ctx->current_cert->notAfter.length) < 1) { + ret = ASN_AFTER_DATE_E; + } + else if (XVALIDATE_DATE(beforeDate, + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE, + ctx->current_cert->notBefore.length) < 1) { + ret = ASN_BEFORE_DATE_E; + } +#endif /* USE_WOLF_VALIDDATE */ + } + + return ret; +} +#endif /* NO_ASN_TIME */ + static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); @@ -331,41 +434,37 @@ ctx->current_cert->derCert->buffer, ctx->current_cert->derCert->length, WOLFSSL_FILETYPE_ASN1); + #ifndef NO_ASN_TIME + /* update return value with any date validation overrides */ + ret = X509StoreVerifyCertDate(ctx, ret); + #endif SetupStoreCtxError(ctx, ret); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) if (ctx->store->verify_cb) ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? WOLFSSL_SUCCESS : ret; #endif - - #ifndef NO_ASN_TIME - if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && - ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { - /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or - * ASN_BEFORE_DATE_E if there are no additional errors found in the - * cert. Therefore, check if the cert is expired or not yet valid - * in order to return the correct expected error. */ - byte *afterDate = ctx->current_cert->notAfter.data; - byte *beforeDate = ctx->current_cert->notBefore.data; - - if (XVALIDATE_DATE(afterDate, - (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) { - ret = ASN_AFTER_DATE_E; - } - else if (XVALIDATE_DATE(beforeDate, - (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) { - ret = ASN_BEFORE_DATE_E; + } +#if !defined(NO_ASN_TIME) && defined(OPENSSL_ALL) + if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && + ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { + /* With OpenSSL, we need to check the certificate's date + * after certificate manager verification, + * as it skips date validation when other errors are present. + */ + ret = X509StoreVerifyCertDate(ctx, ret); + SetupStoreCtxError(ctx, ret); + ret = ret == WOLFSSL_SUCCESS ? 1 : 0; + if (ctx->store->verify_cb) { + if (ctx->store->verify_cb(ret, ctx) == 1) { + ret = WOLFSSL_SUCCESS; + } + else { + ret = -1; } - SetupStoreCtxError(ctx, ret); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store->verify_cb) - ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, - ctx) == 1 ? WOLFSSL_SUCCESS : -1; - #endif } - #endif } - +#endif return ret; } @@ -541,9 +640,14 @@ if (ctx->store->verify_cb) { ret = ctx->store->verify_cb(0, ctx); if (ret != WOLFSSL_SUCCESS) { + ret = WOLFSSL_FAILURE; goto exit; } } + else { + ret = WOLFSSL_FAILURE; + goto exit; + } } else #endif { @@ -646,6 +750,33 @@ wolfSSL_sk_X509_free(certsToUse); } + /* Enforce hostname / IP verification from X509_VERIFY_PARAM if set. + * Always check against the leaf (end-entity) certificate, captured in + * orig before the chain-building loop modified ctx->current_cert. */ + if (ctx->param != NULL) { + if (ret == WOLFSSL_SUCCESS && ctx->param->hostName[0] != '\0') { + if (wolfSSL_X509_check_host(orig, + ctx->param->hostName, + XSTRLEN(ctx->param->hostName), + ctx->param->hostFlags, NULL) != WOLFSSL_SUCCESS) { + ctx->error = WOLFSSL_X509_V_ERR_HOSTNAME_MISMATCH; + ctx->error_depth = 0; + ctx->current_cert = orig; + ret = WOLFSSL_FAILURE; + } + } + if (ret == WOLFSSL_SUCCESS && ctx->param->ipasc[0] != '\0') { + if (wolfSSL_X509_check_ip_asc(orig, + ctx->param->ipasc, + ctx->param->hostFlags) != WOLFSSL_SUCCESS) { + ctx->error = WOLFSSL_X509_V_ERR_IP_ADDRESS_MISMATCH; + ctx->error_depth = 0; + ctx->current_cert = orig; + ret = WOLFSSL_FAILURE; + } + } + } + return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } @@ -1445,16 +1576,22 @@ { int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); DerBuffer* derCert = NULL; + int verify = VERIFY; WOLFSSL_ENTER("X509StoreAddCa"); if (store != NULL && x509 != NULL && x509->derCert != NULL) { + /* Check if NO_CHECK_TIME flag is set - if so, skip date validation */ + if (store->param != NULL && + (store->param->flags & WOLFSSL_NO_CHECK_TIME) != 0) { + verify = VERIFY_SKIP_DATE; + } result = AllocDer(&derCert, x509->derCert->length, x509->derCert->type, NULL); if (result == 0) { /* AddCA() frees the buffer. */ XMEMCPY(derCert->buffer, x509->derCert->buffer, x509->derCert->length); - result = AddCA(store->cm, &derCert, type, VERIFY); + result = AddCA(store->cm, &derCert, type, verify); } } @@ -2047,4 +2184,3 @@ #endif /* !WOLFCRYPT_ONLY */ #endif /* !WOLFSSL_X509_STORE_INCLUDED */ - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/sslSniffer/sslSnifferTest/snifftest.c mariadb-11.8.8/extra/wolfssl/wolfssl/sslSniffer/sslSnifferTest/snifftest.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/sslSniffer/sslSnifferTest/snifftest.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/sslSniffer/sslSnifferTest/snifftest.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* snifftest.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -466,7 +466,7 @@ #ifdef HAVE_CURVE448 "x448 " #endif - #ifdef HAVE_CURVE22519 + #ifdef HAVE_CURVE25519 "x22519 " #endif #ifdef WOLFSSL_STATIC_RSA diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/api.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/api.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* api.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,10 +37,32 @@ #define HEAP_HINT NULL #endif +#include -#define TEST_STRING "Everyone gets Friday off." -#define TEST_STRING_SZ 25 - +#if defined(WC_FIPS_186_5_PLUS) + #define TEST_STRING "WC_FIPS_186_5_PLUS test test" + #define TEST_STRING_SZ 28 +#elif defined(WC_FIPS_186_4_PLUS) || defined(HAVE_SELFTEST) + #define TEST_STRING "WC_FIPS_186_4_PLUS test.." + #define TEST_STRING_SZ 25 +#elif WC_MIN_DIGEST_SIZE <= 25 + #define TEST_STRING "Everyone gets Friday off." + #define TEST_STRING_SZ 25 +#elif WC_MIN_DIGEST_SIZE <= 28 + #define TEST_STRING "Everyone works the weekends." + #define TEST_STRING_SZ 28 +#elif WC_MIN_DIGEST_SIZE <= 32 + #define TEST_STRING "Everyone works through the night" + #define TEST_STRING_SZ 32 +#elif WC_MIN_DIGEST_SIZE <= 48 + #define TEST_STRING "Everyone gets to summer in Tuscany with Chianti." + #define TEST_STRING_SZ 48 +#elif WC_MIN_DIGEST_SIZE <= 64 + #define TEST_STRING "Everyone works from Christmas Eve, clear through New Year's Day." + #define TEST_STRING_SZ 64 +#else + #error WC_MIN_DIGEST_SIZE value not supported by unit test. +#endif #ifndef ONEK_BUF #define ONEK_BUF 1024 @@ -52,6 +74,11 @@ #define FOURK_BUF 4096 #endif +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_CERTS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + #define HAVE_CERT_CHAIN_VALIDATION +#endif #ifndef NO_RSA #define GEN_BUF 294 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/api_decl.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api_decl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/api_decl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/api_decl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* api_decl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/create_ocsp_test_blobs.py mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/create_ocsp_test_blobs.py --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/create_ocsp_test_blobs.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/create_ocsp_test_blobs.py 2026-05-24 09:58:33.000000000 +0000 @@ -126,6 +126,10 @@ revoked['revocationTime'] = useful.GeneralizedTime().fromDateTime( datetime.now() - timedelta(days=1)) cs['revoked'] = revoked + elif value == CERT_UNKNOWN: + unknown = rfc6960.UnknownInfo('').subtype(implicitTag=tag.Tag( + tag.tagClassContext, tag.tagFormatSimple, 2)) + cs['unknown'] = unknown return cs @@ -444,6 +448,38 @@ 'responder_key': WOLFSSL_OCSP_CERT_PATH + 'ocsp-responder-key.pem', 'name': 'resp_root_ca_cert' }, + { + 'response_status': 0, + 'signature_algorithm': signature_algorithm(), + 'certs_path': [WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem'], + 'responder_by_name': True, + 'responder_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', + 'responses': [ + { + 'issuer_cert': WOLFSSL_OCSP_CERT_PATH + 'root-ca-cert.pem', + 'serial': 0x01, + 'status': CERT_UNKNOWN + } + ], + 'responder_key': WOLFSSL_OCSP_CERT_PATH + 'root-ca-key.pem', + 'name': 'resp_cert_unknown' + }, + { + 'response_status': 0, + 'signature_algorithm': signature_algorithm(), + 'certs_path': [WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem'], + 'responder_by_name': True, + 'responder_cert': WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem', + 'responses': [ + { + 'issuer_cert': WOLFSSL_OCSP_CERT_PATH + '../ca-cert.pem', + 'serial': 0x01, + 'status': CERT_UNKNOWN + } + ], + 'responder_key': WOLFSSL_OCSP_CERT_PATH + '../ca-key.pem', + 'name': 'resp_server_cert_unknown' + }, ] with open('./tests/api/test_ocsp_test_blobs.h', 'w') as f: @@ -453,7 +489,7 @@ * * ocsp_test_blobs.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -46,6 +46,7 @@ tests_unit_test_SOURCES += tests/api/test_ed448.c tests_unit_test_SOURCES += tests/api/test_mlkem.c tests_unit_test_SOURCES += tests/api/test_mldsa.c +tests_unit_test_SOURCES += tests/api/test_slhdsa.c tests_unit_test_SOURCES += tests/api/test_signature.c # TLS Protocol tests_unit_test_SOURCES += tests/api/test_dtls.c @@ -78,6 +79,31 @@ tests_unit_test_SOURCES += tests/api/test_ossl_ecx.c tests_unit_test_SOURCES += tests/api/test_ossl_dsa.c tests_unit_test_SOURCES += tests/api/test_ossl_sk.c +# OpenSSL X509 +tests_unit_test_SOURCES += tests/api/test_ossl_x509.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_ext.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_name.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_pk.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_vp.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_io.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_crypto.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_acert.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_info.c +# OpenSSL X509 Store +tests_unit_test_SOURCES += tests/api/test_ossl_x509_str.c +tests_unit_test_SOURCES += tests/api/test_ossl_x509_lu.c +# SSL PEM +tests_unit_test_SOURCES += tests/api/test_ossl_pem.c +# SSL Random +tests_unit_test_SOURCES += tests/api/test_ossl_rand.c +tests_unit_test_SOURCES += tests/api/test_ossl_obj.c +tests_unit_test_SOURCES += tests/api/test_ossl_p7p12.c +# EVP APIs +tests_unit_test_SOURCES += tests/api/test_evp_digest.c +tests_unit_test_SOURCES += tests/api/test_evp_cipher.c +tests_unit_test_SOURCES += tests/api/test_evp_pkey.c +# CertificateManager +tests_unit_test_SOURCES += tests/api/test_certman.c # TLS 1.3 specific tests_unit_test_SOURCES += tests/api/test_tls13.c endif @@ -123,6 +149,7 @@ EXTRA_DIST += tests/api/test_ed448.h EXTRA_DIST += tests/api/test_mlkem.h EXTRA_DIST += tests/api/test_mldsa.h +EXTRA_DIST += tests/api/test_slhdsa.h EXTRA_DIST += tests/api/test_signature.h EXTRA_DIST += tests/api/test_dtls.h EXTRA_DIST += tests/api/test_ocsp.h @@ -147,5 +174,24 @@ EXTRA_DIST += tests/api/test_ossl_ecx.h EXTRA_DIST += tests/api/test_ossl_dsa.h EXTRA_DIST += tests/api/test_ossl_sk.h +EXTRA_DIST += tests/api/test_ossl_x509.h +EXTRA_DIST += tests/api/test_ossl_x509_ext.h +EXTRA_DIST += tests/api/test_ossl_x509_name.h +EXTRA_DIST += tests/api/test_ossl_x509_pk.h +EXTRA_DIST += tests/api/test_ossl_x509_vp.h +EXTRA_DIST += tests/api/test_ossl_x509_io.h +EXTRA_DIST += tests/api/test_ossl_x509_crypto.h +EXTRA_DIST += tests/api/test_ossl_x509_acert.h +EXTRA_DIST += tests/api/test_ossl_x509_info.h +EXTRA_DIST += tests/api/test_ossl_x509_str.h +EXTRA_DIST += tests/api/test_ossl_x509_lu.h +EXTRA_DIST += tests/api/test_ossl_pem.h +EXTRA_DIST += tests/api/test_ossl_rand.h +EXTRA_DIST += tests/api/test_ossl_obj.h +EXTRA_DIST += tests/api/test_ossl_p7p12.h +EXTRA_DIST += tests/api/test_evp_digest.h +EXTRA_DIST += tests/api/test_evp_cipher.h +EXTRA_DIST += tests/api/test_evp_pkey.h +EXTRA_DIST += tests/api/test_certman.h EXTRA_DIST += tests/api/test_tls13.h diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -289,7 +289,7 @@ #if !defined(NO_AES) && defined(HAVE_AES_ECB) /* Assembly code doing 8 iterations at a time. */ -#define ECB_LEN (9 * WC_AES_BLOCK_SIZE) +#define ECB_LEN (15 * WC_AES_BLOCK_SIZE) static int test_wc_AesEcbEncryptDecrypt_BadArgs(Aes* aes, byte* key, word32 keyLen) @@ -1993,7 +1993,7 @@ #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) /* Assembly code doing 8 iterations at a time. */ -#define CTR_LEN (9 * WC_AES_BLOCK_SIZE) +#define CTR_LEN (15 * WC_AES_BLOCK_SIZE) static int test_wc_AesCtrEncrypt_BadArgs(Aes* aes, byte* key, word32 keyLen, byte* iv) @@ -2237,6 +2237,18 @@ 0x86, 0x8f, 0x83, 0xff, 0x3d, 0xbe, 0x6e, 0xfa, 0xd2, 0x2b, 0x3e, 0x70, 0x21, 0x1c, 0xe8, 0x7b, 0xe4, 0x01, 0x2c, 0xd0, 0x82, 0xe2, 0x7a, 0x4a, + 0xcf, 0x67, 0x82, 0x1c, 0x80, 0x79, 0x85, 0x5e, + 0xe5, 0xf9, 0x3a, 0x0d, 0x1a, 0xa7, 0x89, 0x29, + 0xee, 0xe7, 0x2b, 0xd6, 0x29, 0xac, 0xfa, 0xca, + 0xc8, 0xcb, 0x4e, 0x6c, 0x1f, 0x30, 0x5e, 0x95, + 0xa5, 0xa2, 0x17, 0xe2, 0x93, 0xd3, 0xe6, 0xbe, + 0x91, 0x37, 0x84, 0x01, 0xdb, 0x44, 0x4c, 0x60, + 0x1c, 0x2c, 0x64, 0x7d, 0xb7, 0x73, 0x12, 0x11, + 0xc2, 0x6a, 0xfd, 0xac, 0x6d, 0x85, 0xd8, 0xeb, + 0x0e, 0x70, 0xd3, 0x82, 0x93, 0x65, 0xff, 0x18, + 0x4e, 0x22, 0x07, 0x8a, 0xf6, 0xfd, 0x36, 0x9d, + 0x5c, 0x15, 0x1c, 0x84, 0x69, 0x13, 0x68, 0x78, + 0xf1, 0x04, 0x02, 0x66, 0xec, 0x37, 0xcc, 0x0d, }; #elif defined(WOLFSSL_AES_192) byte expected24[CTR_LEN] = { @@ -2258,6 +2270,18 @@ 0x8d, 0x3b, 0xa9, 0x17, 0x4c, 0x2a, 0xc7, 0x97, 0x99, 0xb7, 0xaf, 0x86, 0x17, 0xf9, 0xe4, 0x2c, 0x5a, 0x4d, 0x6d, 0x7f, 0xfe, 0xb8, 0xaa, 0x9b, + 0xf8, 0xb6, 0xcb, 0x6f, 0x2f, 0xa4, 0x57, 0x61, + 0x88, 0x6c, 0x94, 0xaa, 0xf7, 0x97, 0xcf, 0xcd, + 0x19, 0x29, 0x9e, 0xf3, 0x30, 0xb8, 0xaa, 0x56, + 0x49, 0xcb, 0xf0, 0x56, 0xdd, 0xac, 0x4b, 0x41, + 0x00, 0xb3, 0x19, 0xdd, 0xef, 0x69, 0xd0, 0x9c, + 0xd1, 0x67, 0x48, 0x62, 0x9f, 0x56, 0x21, 0x2d, + 0x05, 0xb3, 0x4d, 0x0b, 0xac, 0xb6, 0x63, 0xf4, + 0x44, 0xfc, 0x43, 0xc0, 0xa9, 0x8c, 0x37, 0xd6, + 0xc3, 0x8c, 0xa4, 0x42, 0x68, 0x08, 0x2c, 0x1e, + 0xe7, 0xcc, 0xe4, 0x1f, 0x82, 0x9a, 0xe0, 0xfb, + 0x18, 0x84, 0x55, 0xaf, 0x02, 0xcc, 0x55, 0x13, + 0x7e, 0xc7, 0x05, 0xb8, 0xb9, 0x5e, 0x90, 0xc3, }; #else byte expected32[CTR_LEN] = { @@ -2279,6 +2303,18 @@ 0xf1, 0x7b, 0x2b, 0x87, 0xe4, 0xcd, 0x93, 0x22, 0x07, 0xdc, 0x35, 0x46, 0x8a, 0x1d, 0xf5, 0xe4, 0x23, 0x01, 0x67, 0x00, 0x66, 0x7b, 0xd6, 0x56, + 0x0d, 0x57, 0x4f, 0x6f, 0x45, 0x82, 0x91, 0x58, + 0x81, 0x37, 0xcc, 0xb4, 0xa4, 0xa3, 0x3c, 0x57, + 0x42, 0x05, 0x95, 0xa3, 0x04, 0x1f, 0xfd, 0x32, + 0xb7, 0xc8, 0xbb, 0x14, 0xe7, 0xf1, 0xc1, 0x1f, + 0xe9, 0x33, 0x6a, 0xb0, 0x10, 0x0d, 0xfb, 0x91, + 0x88, 0xca, 0x20, 0x29, 0xeb, 0xcd, 0x9c, 0x71, + 0x07, 0xfd, 0x3f, 0x6b, 0x1f, 0xb3, 0x76, 0xb7, + 0x6b, 0xa1, 0xad, 0xbe, 0xd3, 0x45, 0xb5, 0xe9, + 0x04, 0x9a, 0xfd, 0x6a, 0x85, 0xa2, 0xbc, 0x4e, + 0xca, 0xdb, 0x84, 0xbc, 0x0e, 0x0c, 0x96, 0x65, + 0xc9, 0x95, 0x2b, 0xcb, 0x98, 0x8c, 0xd2, 0x78, + 0x85, 0x7e, 0x1a, 0xa2, 0x6a, 0x73, 0x90, 0x80, }; #endif byte iv[] = "1234567890abcdef"; @@ -3407,6 +3443,275 @@ return EXPECT_RESULT(); } /* END test_wc_AesCcmEncryptDecrypt */ +/******************************************************************************* + * AES-XTS + ******************************************************************************/ + +/* + * test function for wc_AesXtsSetKey() + */ +int test_wc_AesXtsSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) + XtsAes aes; +#ifdef WOLFSSL_AES_128 + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + }; +#endif +#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte* key; + word32 keyLen; + +#ifdef WOLFSSL_AES_128 + key = key16; + keyLen = sizeof(key16)/sizeof(byte); +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = sizeof(key24)/sizeof(byte); +#else + key = key32; + keyLen = sizeof(key32)/sizeof(byte); +#endif + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesXtsSetKey(&aes, key16, sizeof(key16)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif +#if defined(WOLFSSL_AES_192) && !defined(HAVE_FIPS) + ExpectIntEQ(wc_AesXtsSetKey(&aes, key24, sizeof(key24)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + wc_AesXtsFree(&aes); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesXtsSetKey(NULL, NULL, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(NULL, key, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, NULL, keyLen, AES_ENCRYPTION, NULL, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + ExpectIntEQ(wc_AesXtsSetKey(&aes, key, keyLen, -2, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesXtsSetKey */ + +int test_wc_AesXtsEncryptDecrypt_Sizes(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \ + defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + #define XTS_LEN (WC_AES_BLOCK_SIZE * 16) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte tweak[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + }; + XtsAes aes; + word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte); + int sz; + WC_DECLARE_VAR(plain, byte, XTS_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, XTS_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, XTS_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, XTS_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, XTS_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, XTS_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(plain, 0xa5, XTS_LEN); + + for (sz = WC_AES_BLOCK_SIZE; sz <= XTS_LEN; sz *= 2) { + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + XMEMSET(cipher, 0, XTS_LEN); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, cipher, plain, sz, tweak, tweakLen), + 0); + wc_AesXtsFree(&aes); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + XMEMSET(decrypted, 0xff, XTS_LEN); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, decrypted, cipher, sz, tweak, + tweakLen), 0); + ExpectBufEQ(decrypted, plain, sz); + wc_AesXtsFree(&aes); +#endif + } + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +/* + * test function for wc_AesXtsEncrypt and wc_AesXtsDecrypt + */ +int test_wc_AesXtsEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_XTS) && \ + defined(WOLFSSL_AES_256) + XtsAes aes; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte tweak[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + }; + word32 tweakLen = (word32)sizeof(tweak)/sizeof(byte); + byte enc[sizeof(vector)]; + byte resultT[WC_AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(enc, 0, sizeof(vector)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, vector, sizeof(vector), tweak, + tweakLen), 0); + wc_AesXtsFree(&aes); + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, enc, sizeof(vector), tweak, + tweakLen), 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + wc_AesXtsFree(&aes); + + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_ENCRYPTION, NULL, INVALID_DEVID), 0); + /* Test bad args for wc_AesXtsEncrypt and wc_AesXtsDecrypt */ + ExpectIntEQ(wc_AesXtsEncrypt(NULL, enc, vector, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, NULL, vector, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsEncrypt(&aes, enc, NULL, sizeof(vector), tweak, + tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesXtsFree(&aes); + /* END wc_AesXtsEncrypt */ + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesXtsSetKey(&aes, key32, sizeof(key32)/sizeof(byte), + AES_DECRYPTION, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesXtsDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesXtsDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), + tweak, tweakLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesXtsFree(&aes); +#endif /* HAVE_AES_DECRYPT */ +#endif + + return EXPECT_RESULT(); +} /* END test_wc_AesXtsEncryptDecrypt */ + #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) @@ -4917,3 +5222,742 @@ * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST */ +/*----------------------------------------------------------------------------* + | CryptoCB AES SetKey Test + *----------------------------------------------------------------------------*/ + +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) + +#include + +#define TEST_CRYPTOCB_AES_DEVID 7 + +/* Test state tracking */ +static int cryptoCbAesSetKeyCalled = 0; +static int cryptoCbAesFreeCalled = 0; + +/* Simulated SE key storage - in real SE this would be in secure hardware */ +typedef struct { + byte key[AES_256_KEY_SIZE]; + word32 keySz; + int valid; +} MockSeKeySlot; + +static MockSeKeySlot mockSeKey = {0}; + +/* Mock handle pointing to our key slot */ +static void* cryptoCbAesMockHandle = (void*)&mockSeKey; + +/* Test CryptoCB callback for AES key import operations + * This emulates a Secure Element by: + * - Storing the key on SetKey (simulating SE key import) + * - Using stored key for encrypt/decrypt (simulating SE crypto) + * - Clearing key on Free (simulating SE key deletion) + */ +static int test_CryptoCb_Aes_Cb(int devId, wc_CryptoInfo* info, void* ctx) +{ + (void)ctx; + + if (devId != TEST_CRYPTOCB_AES_DEVID) + return CRYPTOCB_UNAVAILABLE; + + /* AES SetKey operation - simulate SE key import */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES && + info->cipher.aessetkey.aes != NULL) { + + Aes* aes = info->cipher.aessetkey.aes; + const byte* key = info->cipher.aessetkey.key; + word32 keySz = info->cipher.aessetkey.keySz; + + /* Validate key */ + if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) { + return BAD_FUNC_ARG; + } + + /* "Import" key to simulated SE storage */ + XMEMCPY(mockSeKey.key, key, keySz); + mockSeKey.keySz = keySz; + mockSeKey.valid = 1; + + /* Store handle in aes->devCtx - this is what wolfSSL will use */ + aes->devCtx = cryptoCbAesMockHandle; + + + cryptoCbAesSetKeyCalled++; + + return 0; + } + + /* AES-GCM Encrypt - simulate SE encryption using stored key */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES_GCM && + info->cipher.enc) { + + Aes* aes = info->cipher.aesgcm_enc.aes; + MockSeKeySlot* slot; + Aes tempAes; + int ret; + + /* Verify handle points to our key slot */ + if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) { + return BAD_FUNC_ARG; + } + + slot = (MockSeKeySlot*)aes->devCtx; + if (!slot->valid) { + return BAD_STATE_E; + } + + /* Initialize a temporary Aes for software crypto (simulating SE internal operation) */ + XMEMSET(&tempAes, 0, sizeof(tempAes)); + ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */ + if (ret != 0) return ret; + + ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz); + if (ret != 0) { + wc_AesFree(&tempAes); + return ret; + } + + /* Perform the actual encryption */ + ret = wc_AesGcmEncrypt(&tempAes, + info->cipher.aesgcm_enc.out, + info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz); + + wc_AesFree(&tempAes); + + return ret; + } + + /* AES-GCM Decrypt - simulate SE decryption using stored key */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES_GCM && + !info->cipher.enc) { + + Aes* aes = info->cipher.aesgcm_dec.aes; + MockSeKeySlot* slot; + Aes tempAes; + int ret; + + /* Verify handle points to our key slot */ + if (aes == NULL || aes->devCtx != cryptoCbAesMockHandle) { + return BAD_FUNC_ARG; + } + + slot = (MockSeKeySlot*)aes->devCtx; + if (!slot->valid) { + return BAD_STATE_E; + } + + /* Initialize a temporary Aes for software crypto (simulating SE internal operation) */ + XMEMSET(&tempAes, 0, sizeof(tempAes)); + ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); + if (ret != 0) return ret; + + ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz); + if (ret != 0) { + wc_AesFree(&tempAes); + return ret; + } + + /* Perform the actual decryption */ + ret = wc_AesGcmDecrypt(&tempAes, + info->cipher.aesgcm_dec.out, + info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz); + + wc_AesFree(&tempAes); + + return ret; + } + +#ifdef WOLF_CRYPTO_CB_FREE + /* Free operation - simulate SE key deletion */ + if (info->algo_type == WC_ALGO_TYPE_FREE && + info->free.algo == WC_ALGO_TYPE_CIPHER && + info->free.type == WC_CIPHER_AES) { + + Aes* aes = (Aes*)info->free.obj; + + if (aes != NULL && aes->devCtx == cryptoCbAesMockHandle) { + /* "Delete" key from simulated SE */ + ForceZero(&mockSeKey, sizeof(mockSeKey)); + cryptoCbAesFreeCalled++; + } + + return 0; + } +#endif + + return CRYPTOCB_UNAVAILABLE; +} + +/* + * Test: CryptoCB AES SetKey hook for key import / secure element support + */ +int test_wc_CryptoCb_AesSetKey(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; + byte* key = NULL; + byte* iv = NULL; + byte* plain = NULL; + byte* cipher = NULL; + byte* decrypted = NULL; + byte* authTag = NULL; +#else + Aes aes[1]; + byte key[AES_128_KEY_SIZE]; + byte iv[GCM_NONCE_MID_SZ]; + byte plain[16]; + byte cipher[16]; + byte decrypted[16]; + byte authTag[AES_BLOCK_SIZE]; +#endif + int ret; + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + plain = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + cipher = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (aes == NULL || key == NULL || iv == NULL || plain == NULL || + cipher == NULL || decrypted == NULL || authTag == NULL) { + ret = MEMORY_E; + goto out; + } +#endif + + /* Initialize key, iv, plain arrays */ + { + static const byte keyData[AES_128_KEY_SIZE] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + static const byte plainData[16] = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00 + }; + XMEMCPY(key, keyData, AES_128_KEY_SIZE); + XMEMSET(iv, 0, GCM_NONCE_MID_SZ); + XMEMCPY(plain, plainData, 16); + } + + XMEMSET(aes, 0, sizeof(Aes)); + XMEMSET(&mockSeKey, 0, sizeof(mockSeKey)); + + /* Reset test state */ + cryptoCbAesSetKeyCalled = 0; + cryptoCbAesFreeCalled = 0; + + /* Register test callback */ + ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AES_DEVID, + test_CryptoCb_Aes_Cb, NULL); + ExpectIntEQ(ret, 0); + + /* Initialize Aes with device ID */ + ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AES_DEVID); + ExpectIntEQ(ret, 0); + ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AES_DEVID); + + /* Set key - should trigger CryptoCB and "import" to mock SE */ + ret = wc_AesGcmSetKey(aes, key, sizeof(key)); + ExpectIntEQ(ret, 0); + + /* Verify callback was invoked */ + ExpectIntEQ(cryptoCbAesSetKeyCalled, 1); + + /* Verify handle stored in devCtx */ + ExpectPtrEq(aes->devCtx, cryptoCbAesMockHandle); + + /* Verify key was "imported" to mock SE */ + ExpectIntEQ(mockSeKey.valid, 1); + ExpectIntEQ(mockSeKey.keySz, (int)sizeof(key)); + + /* Verify keylen metadata stored in Aes struct */ + ExpectIntEQ(aes->keylen, (int)sizeof(key)); + + /* After SetKey succeeds via CryptoCB, verify key NOT in devKey */ + { + byte zeroKey[AES_128_KEY_SIZE] = {0}; + /* Key should NOT be copied to devKey - SE owns it */ + ExpectIntEQ(XMEMCMP(aes->devKey, zeroKey, sizeof(key)), 0); + } + + /* Test encrypt - callback performs crypto using stored key */ + ret = wc_AesGcmEncrypt(aes, cipher, plain, sizeof(plain), + iv, sizeof(iv), authTag, sizeof(authTag), + NULL, 0); + ExpectIntEQ(ret, 0); + + /* Test decrypt - callback performs crypto using stored key */ + ret = wc_AesGcmDecrypt(aes, decrypted, cipher, sizeof(cipher), + iv, sizeof(iv), authTag, sizeof(authTag), + NULL, 0); + ExpectIntEQ(ret, 0); + + /* Verify round-trip */ + ExpectIntEQ(XMEMCMP(plain, decrypted, sizeof(plain)), 0); + +#ifdef WOLF_CRYPTO_CB_FREE + /* Free should trigger callback and "delete" key from mock SE */ + cryptoCbAesFreeCalled = 0; + wc_AesFree(aes); + + /* Verify free callback invoked */ + ExpectIntEQ(cryptoCbAesFreeCalled, 1); + + /* Verify devCtx cleared */ + ExpectPtrEq(aes->devCtx, NULL); + + /* Verify key was "deleted" from mock SE */ + ExpectIntEQ(mockSeKey.valid, 0); +#else + wc_AesFree(aes); +#endif + + /* Cleanup */ + wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AES_DEVID); + + /* Test software path (no devId) still works */ + XMEMSET(aes, 0, sizeof(Aes)); + cryptoCbAesSetKeyCalled = 0; + + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + ExpectIntEQ(ret, 0); + + ret = wc_AesGcmSetKey(aes, key, sizeof(key)); + ExpectIntEQ(ret, 0); + + /* Callback should NOT have been invoked */ + ExpectIntEQ(cryptoCbAesSetKeyCalled, 0); + + /* devCtx should be NULL */ + ExpectPtrEq(aes->devCtx, NULL); + + wc_AesFree(aes); + +#ifdef WOLFSSL_SMALL_STACK +out: + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return EXPECT_RESULT(); +} + +#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */ + +/*----------------------------------------------------------------------------* + | CryptoCB AES-GCM End-to-End Offload Test + *----------------------------------------------------------------------------*/ + +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) + +#define TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID 8 + +/* Test state tracking for end-to-end offload test */ +static int cryptoCbAesGcmSetKeyCalled = 0; +static int cryptoCbAesGcmEncryptCalled = 0; +static int cryptoCbAesGcmDecryptCalled = 0; +static int cryptoCbAesGcmFreeCalled = 0; + +/* Mock SE key storage for offload test */ +typedef struct { + byte key[AES_256_KEY_SIZE]; + word32 keySz; + int valid; +} MockSeKeySlotOffload; + +static MockSeKeySlotOffload mockSeKeyOffload = {0}; + +/* Mock handle pointing to our key slot */ +static void* cryptoCbAesGcmMockHandle = (void*)&mockSeKeyOffload; + +/* Mock CryptoCB callback for end-to-end AES-GCM offload test + * This emulates a Secure Element that: + * - Stores the key on SetKey (simulating SE key import) + * - Performs encryption/decryption using stored key (simulating SE crypto) + * - Tracks all callback invocations to verify offload is working + * - Uses software AES internally (simulating SE internal operation) + */ +static int test_CryptoCb_AesGcm_Offload_Cb(int devId, wc_CryptoInfo* info, void* ctx) +{ + (void)ctx; + + if (devId != TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID) + return CRYPTOCB_UNAVAILABLE; + + /* AES SetKey operation - simulate SE key import */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES && + info->cipher.aessetkey.aes != NULL) { + + Aes* aes = info->cipher.aessetkey.aes; + const byte* key = info->cipher.aessetkey.key; + word32 keySz = info->cipher.aessetkey.keySz; + + /* Validate key */ + if (key == NULL || keySz == 0 || keySz > AES_256_KEY_SIZE) { + return BAD_FUNC_ARG; + } + + /* "Import" key to simulated SE storage */ + XMEMCPY(mockSeKeyOffload.key, key, keySz); + mockSeKeyOffload.keySz = keySz; + mockSeKeyOffload.valid = 1; + + /* Store handle in aes->devCtx - this is what wolfSSL will use */ + aes->devCtx = cryptoCbAesGcmMockHandle; + + + cryptoCbAesGcmSetKeyCalled++; + + return 0; + } + + /* AES-GCM Encrypt - simulate SE encryption using stored key */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES_GCM && + info->cipher.enc) { + + Aes* aes = info->cipher.aesgcm_enc.aes; + MockSeKeySlotOffload* slot; + Aes tempAes; + int ret; + + /* Verify handle points to our key slot */ + if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) { + return BAD_FUNC_ARG; + } + + slot = (MockSeKeySlotOffload*)aes->devCtx; + if (!slot->valid) { + return BAD_STATE_E; + } + + /* Track that encrypt callback was invoked */ + cryptoCbAesGcmEncryptCalled++; + + /* Initialize a temporary Aes for software crypto (simulating SE internal operation) */ + XMEMSET(&tempAes, 0, sizeof(tempAes)); + ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); /* No CryptoCB for internal use */ + if (ret != 0) return ret; + + ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz); + if (ret != 0) { + wc_AesFree(&tempAes); + return ret; + } + + /* Perform the actual encryption using software AES (simulating SE internal operation) */ + ret = wc_AesGcmEncrypt(&tempAes, + info->cipher.aesgcm_enc.out, + info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz); + + wc_AesFree(&tempAes); + + return ret; + } + + /* AES-GCM Decrypt - simulate SE decryption using stored key */ + if (info->algo_type == WC_ALGO_TYPE_CIPHER && + info->cipher.type == WC_CIPHER_AES_GCM && + !info->cipher.enc) { + + Aes* aes = info->cipher.aesgcm_dec.aes; + MockSeKeySlotOffload* slot; + Aes tempAes; + int ret; + + /* Verify handle points to our key slot */ + if (aes == NULL || aes->devCtx != cryptoCbAesGcmMockHandle) { + return BAD_FUNC_ARG; + } + + slot = (MockSeKeySlotOffload*)aes->devCtx; + if (!slot->valid) { + return BAD_STATE_E; + } + + /* Track that decrypt callback was invoked */ + cryptoCbAesGcmDecryptCalled++; + + /* Initialize a temporary Aes for software crypto (simulating SE internal operation) */ + XMEMSET(&tempAes, 0, sizeof(tempAes)); + ret = wc_AesInit(&tempAes, NULL, INVALID_DEVID); + if (ret != 0) return ret; + + ret = wc_AesGcmSetKey(&tempAes, slot->key, slot->keySz); + if (ret != 0) { + wc_AesFree(&tempAes); + return ret; + } + + /* Perform the actual decryption using software AES (simulating SE internal operation) */ + ret = wc_AesGcmDecrypt(&tempAes, + info->cipher.aesgcm_dec.out, + info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz); + + wc_AesFree(&tempAes); + + return ret; + } + +#ifdef WOLF_CRYPTO_CB_FREE + /* Free operation - simulate SE key deletion */ + if (info->algo_type == WC_ALGO_TYPE_FREE && + info->free.algo == WC_ALGO_TYPE_CIPHER && + info->free.type == WC_CIPHER_AES) { + + Aes* aes = (Aes*)info->free.obj; + + if (aes != NULL && aes->devCtx == cryptoCbAesGcmMockHandle) { + /* "Delete" key from simulated SE */ + ForceZero(&mockSeKeyOffload, sizeof(mockSeKeyOffload)); + cryptoCbAesGcmFreeCalled++; + } + + return 0; + } +#endif + + return CRYPTOCB_UNAVAILABLE; +} + +/* + * Test: End-to-End AES-GCM Offload via CryptoCB + * This test verifies that: + * - AES-GCM encryption/decryption operations are routed through CryptoCb + * - Software AES is bypassed when offload is enabled + * - Encrypted output and auth tag are correct + * - Decryption via CryptoCb restores the original plaintext + */ +int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes = NULL; + byte* key = NULL; + byte* iv = NULL; + byte* aad = NULL; + byte* plaintext = NULL; + byte* ciphertext = NULL; + byte* decrypted = NULL; + byte* authTag = NULL; +#else + Aes aes[1]; + byte key[AES_128_KEY_SIZE]; + byte iv[GCM_NONCE_MID_SZ]; + byte aad[16]; + byte plaintext[32]; + byte ciphertext[32]; + byte decrypted[32]; + byte authTag[AES_BLOCK_SIZE]; +#endif + int ret; + int i; + int hasNonZero = 0; + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (byte*)XMALLOC(AES_128_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + iv = (byte*)XMALLOC(GCM_NONCE_MID_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + aad = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); + plaintext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ciphertext = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_TMP_BUFFER); + authTag = (byte*)XMALLOC(AES_BLOCK_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (aes == NULL || key == NULL || iv == NULL || aad == NULL || + plaintext == NULL || ciphertext == NULL || decrypted == NULL || + authTag == NULL) { + ret = MEMORY_E; + goto out; + } +#endif + + /* Initialize key, iv, aad, plaintext arrays */ + { + static const byte keyData[AES_128_KEY_SIZE] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + static const byte ivData[GCM_NONCE_MID_SZ] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b + }; + static const byte aadData[16] = { + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + static const byte plaintextData[32] = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x2c, 0x20, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x21, 0x00, + 0x54, 0x65, 0x73, 0x74, 0x20, 0x6d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x20, 0x32, 0x21, 0x00 + }; + XMEMCPY(key, keyData, AES_128_KEY_SIZE); + XMEMCPY(iv, ivData, GCM_NONCE_MID_SZ); + XMEMCPY(aad, aadData, 16); + XMEMCPY(plaintext, plaintextData, 32); + } + + XMEMSET(aes, 0, sizeof(Aes)); + XMEMSET(&mockSeKeyOffload, 0, sizeof(mockSeKeyOffload)); + XMEMSET(ciphertext, 0, 32); + XMEMSET(decrypted, 0, 32); + XMEMSET(authTag, 0, AES_BLOCK_SIZE); + + /* Reset test state */ + cryptoCbAesGcmSetKeyCalled = 0; + cryptoCbAesGcmEncryptCalled = 0; + cryptoCbAesGcmDecryptCalled = 0; + cryptoCbAesGcmFreeCalled = 0; + + /* Register test callback */ + ret = wc_CryptoCb_RegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID, + test_CryptoCb_AesGcm_Offload_Cb, NULL); + ExpectIntEQ(ret, 0); + + /* Initialize Aes with device ID */ + ret = wc_AesInit(aes, NULL, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID); + ExpectIntEQ(ret, 0); + ExpectIntEQ(aes->devId, TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID); + + /* Set key - should trigger CryptoCB and "import" to mock SE */ + ret = wc_AesGcmSetKey(aes, key, sizeof(key)); + ExpectIntEQ(ret, 0); + + /* Verify SetKey callback was invoked */ + ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1); + + /* Verify handle stored in devCtx */ + ExpectPtrEq(aes->devCtx, cryptoCbAesGcmMockHandle); + + /* Verify key was "imported" to mock SE */ + ExpectIntEQ(mockSeKeyOffload.valid, 1); + ExpectIntEQ(mockSeKeyOffload.keySz, (int)sizeof(key)); + + /* Verify keylen metadata stored in Aes struct */ + ExpectIntEQ(aes->keylen, (int)sizeof(key)); + + /* Encrypt via wolfCrypt API - should route through CryptoCb */ + ret = wc_AesGcmEncrypt(aes, ciphertext, plaintext, 32, + iv, sizeof(iv), authTag, sizeof(authTag), + aad, 16); + ExpectIntEQ(ret, 0); + + /* Assert: Encrypt callback was invoked */ + ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1); + + /* Assert: Ciphertext is different from plaintext */ + ExpectIntNE(XMEMCMP(plaintext, ciphertext, 32), 0); + + /* Assert: Auth tag is non-zero */ + hasNonZero = 0; + for (i = 0; i < (int)sizeof(authTag); i++) { + if (authTag[i] != 0) { + hasNonZero = 1; + break; + } + } + ExpectIntEQ(hasNonZero, 1); + + /* Decrypt via wolfCrypt API - should route through CryptoCb */ + ret = wc_AesGcmDecrypt(aes, decrypted, ciphertext, 32, + iv, sizeof(iv), authTag, sizeof(authTag), + aad, 16); + ExpectIntEQ(ret, 0); + + /* Assert: Decrypt callback was invoked */ + ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1); + + /* Assert: Decrypted plaintext matches original */ + ExpectIntEQ(XMEMCMP(plaintext, decrypted, 32), 0); + +#ifdef WOLF_CRYPTO_CB_FREE + /* Free should trigger callback and "delete" key from mock SE */ + cryptoCbAesGcmFreeCalled = 0; + wc_AesFree(aes); + + /* Verify free callback invoked */ + ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1); + + /* Verify devCtx cleared */ + ExpectPtrEq(aes->devCtx, NULL); + + /* Verify key was "deleted" from mock SE */ + ExpectIntEQ(mockSeKeyOffload.valid, 0); +#else + wc_AesFree(aes); +#endif + + /* Cleanup */ + wc_CryptoCb_UnRegisterDevice(TEST_CRYPTOCB_AESGCM_OFFLOAD_DEVID); + + /* Verify lifecycle: SetKey -> Encrypt -> Decrypt -> Free */ + ExpectIntEQ(cryptoCbAesGcmSetKeyCalled, 1); + ExpectIntEQ(cryptoCbAesGcmEncryptCalled, 1); + ExpectIntEQ(cryptoCbAesGcmDecryptCalled, 1); +#ifdef WOLF_CRYPTO_CB_FREE + ExpectIntEQ(cryptoCbAesGcmFreeCalled, 1); +#endif + +#ifdef WOLFSSL_SMALL_STACK +out: + XFREE(aes, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aad, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plaintext, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ciphertext, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(authTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return EXPECT_RESULT(); +} + +#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_AES_SETKEY && !NO_AES && HAVE_AESGCM */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_aes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_aes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,9 @@ int test_wc_AesGcmStream(void); int test_wc_AesCcmSetKey(void); int test_wc_AesCcmEncryptDecrypt(void); +int test_wc_AesXtsSetKey(void); +int test_wc_AesXtsEncryptDecrypt_Sizes(void); +int test_wc_AesXtsEncryptDecrypt(void); #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) int test_wc_AesEaxVectors(void); @@ -50,6 +53,19 @@ int test_wc_GmacSetKey(void); int test_wc_GmacUpdate(void); +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) +int test_wc_CryptoCb_AesSetKey(void); +int test_wc_CryptoCb_AesGcm_EncryptDecrypt(void); +#endif + +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_AES_SETKEY) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) +#define TEST_CRYPTOCB_AES_SETKEY_DECL , TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesSetKey), \ + TEST_DECL_GROUP("aes", test_wc_CryptoCb_AesGcm_EncryptDecrypt) +#else +#define TEST_CRYPTOCB_AES_SETKEY_DECL +#endif #define TEST_AES_DECLS \ TEST_DECL_GROUP("aes", test_wc_AesSetKey), \ @@ -68,7 +84,11 @@ TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \ TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \ TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \ - TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt) + TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt_Sizes), \ + TEST_DECL_GROUP("aes", test_wc_AesXtsEncryptDecrypt) \ + TEST_CRYPTOCB_AES_SETKEY_DECL #if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_arc4.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_arc4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_arc4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_arc4.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_arc4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_arc4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_arc4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ascon.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ascon.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon_kats.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon_kats.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ascon_kats.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ascon_kats.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ascon_kats.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_asn.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_asn.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_asn.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,6 +23,9 @@ #include +#include +#include + #if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519) static int test_SetAsymKeyDer_once(byte* privKey, word32 privKeySz, byte* pubKey, word32 pubKeySz, byte* trueDer, word32 trueDerSz) @@ -638,3 +641,464 @@ return EXPECT_RESULT(); } + +int test_wolfssl_local_MatchBaseName(void) +{ + EXPECT_DECLS; + +#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(IGNORE_NAME_CONSTRAINTS) + /* + * Tests for DNS type (ASN_DNS_TYPE = 0x02) + */ + + /* Positive tests - should match */ + /* Exact match */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "domain.com", 10, "domain.com", 10), 1); + /* Case insensitive match */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "DOMAIN.COM", 10, "domain.com", 10), 1); + /* Subdomain match (RFC 5280: adding labels to the left) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "sub.domain.com", 14, "domain.com", 10), 1); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "a.b.domain.com", 14, "domain.com", 10), 1); + /* Leading dot constraint with subdomain (not RFC 5280 compliant for DNS, + * but kept for backwards compatibility) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "sub.domain.com", 14, ".domain.com", 11), 1); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "a.b.domain.com", 14, ".domain.com", 11), 1); + + /* Negative tests - should NOT match */ + /* Bug #3: fakedomain.com should NOT match domain.com (no dot boundary) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "fakedomain.com", 14, "domain.com", 10), 0); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "notdomain.com", 13, "domain.com", 10), 0); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "xexample.com", 12, "example.com", 11), 0); + /* Bug #3: fakedomain.com should NOT match .domain.com */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "fakedomain.com", 14, ".domain.com", 11), 0); + /* domain.com should NOT match .domain.com (leading dot requires subdomain) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "domain.com", 10, ".domain.com", 11), 0); + /* Different domain */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "other.com", 9, "domain.com", 10), 0); + /* Name starting with dot */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + ".domain.com", 11, "domain.com", 10), 0); + + /* + * Tests for email type (ASN_RFC822_TYPE = 0x01) + */ + + /* Positive tests - should match */ + /* Exact email match */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain.com", 15, "user@domain.com", 15), 1); + /* Email with domain constraint (leading dot) - subdomain present */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@sub.domain.com", 19, ".domain.com", 11), 1); + /* Email with domain constraint (no leading dot) - exact domain */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain.com", 15, "domain.com", 10), 1); + + /* Negative tests - should NOT match */ + /* user@domain.com should NOT match .domain.com (subdomain required) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain.com", 15, ".domain.com", 11), 0); + /* user@sub.domain.com should NOT match domain.com (exact domain only) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@sub.domain.com", 19, "domain.com", 10), 0); + /* @ at start is invalid */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "@domain.com", 11, ".domain.com", 11), 0); + /* @ at end is invalid */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@", 5, ".domain.com", 11), 0); + /* double @ is invalid */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@@domain.com", 16, ".domain.com", 11), 0); + /* multiple @ is invalid */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain@extra.com", 21, ".domain.com", 11), 0); + /* No @ in email name */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "userdomain.com", 14, ".domain.com", 11), 0); + /* Email domain doesn't match constraint */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@other.com", 14, ".domain.com", 11), 0); + /* Email suffix without dot boundary (fakedomain) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@fakedomain.com", 19, ".domain.com", 11), 0); + /* Base constraint with invalid @ position */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain.com", 15, "@domain.com", 11), 0); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_RFC822_TYPE, + "user@domain.com", 15, "user@", 5), 0); + + /* + * Tests for directory type (ASN_DIR_TYPE = 0x04) + */ + + /* Positive tests - should match */ + /* Exact match */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DIR_TYPE, + "CN=test", 7, "CN=test", 7), 1); + /* Prefix match (name longer than base) */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DIR_TYPE, + "CN=test,O=org", 13, "CN=test", 7), 1); + + /* Negative tests - should NOT match */ + /* Different content */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DIR_TYPE, + "CN=other", 8, "CN=test", 7), 0); + /* Case sensitive for directory */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DIR_TYPE, + "CN=TEST", 7, "CN=test", 7), 0); + + /* + * Edge cases and error handling + */ + + /* NULL pointers */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + NULL, 10, "domain.com", 10), 0); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "domain.com", 10, NULL, 10), 0); + /* Empty/zero size */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "", 0, "domain.com", 10), 0); + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "domain.com", 10, "", 0), 0); + /* Invalid type */ + ExpectIntEQ(wolfssl_local_MatchBaseName(0xFF, + "domain.com", 10, "domain.com", 10), 0); + /* Name starting with dot */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + ".", 1, ".", 1), 0); + /* Name shorter than base */ + ExpectIntEQ(wolfssl_local_MatchBaseName(ASN_DNS_TYPE, + "a.com", 5, "domain.com", 10), 0); + +#endif /* !NO_CERTS && !NO_ASN && !IGNORE_NAME_CONSTRAINTS */ + + return EXPECT_RESULT(); +} + +/* + * Testing wc_DecodeRsaPssParams with known DER byte arrays. + * Exercises both WOLFSSL_ASN_TEMPLATE and non-template paths. + */ +int test_wc_DecodeRsaPssParams(void) +{ + EXPECT_DECLS; +#if defined(WC_RSA_PSS) && !defined(NO_RSA) && !defined(NO_ASN) + enum wc_HashType hash; + int mgf; + int saltLen; + + /* SHA-256 / MGF1-SHA-256 / saltLen=32 */ + static const byte pssParamsSha256[] = { + 0x30, 0x34, + 0xA0, 0x0F, + 0x30, 0x0D, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, + 0x05, 0x00, + 0xA1, 0x1C, + 0x30, 0x1A, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x08, + 0x30, 0x0D, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, + 0x05, 0x00, + 0xA2, 0x03, + 0x02, 0x01, 0x20, + }; + + /* Hash-only: SHA-256 hash, defaults for MGF and salt */ + static const byte pssParamsHashOnly[] = { + 0x30, 0x11, + 0xA0, 0x0F, + 0x30, 0x0D, + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, + 0x05, 0x00, + }; + + /* Salt-only: default hash/mgf, saltLen=48 */ + static const byte pssParamsSaltOnly[] = { + 0x30, 0x05, + 0xA2, 0x03, + 0x02, 0x01, 0x30, + }; + + /* NULL tag (05 00) means all defaults */ + static const byte pssParamsNull[] = { 0x05, 0x00 }; + + /* Empty SEQUENCE means all non-default fields omitted => defaults */ + static const byte pssParamsEmptySeq[] = { 0x30, 0x00 }; + + /* --- Test 1: sz=0 => all defaults --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams((const byte*)"", 0, + &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA); + ExpectIntEQ(mgf, WC_MGF1SHA1); + ExpectIntEQ(saltLen, 20); + + /* --- Test 2: NULL tag => all defaults --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams(pssParamsNull, + (word32)sizeof(pssParamsNull), &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA); + ExpectIntEQ(mgf, WC_MGF1SHA1); + ExpectIntEQ(saltLen, 20); + + /* --- Test 3: Empty SEQUENCE => all defaults --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams(pssParamsEmptySeq, + (word32)sizeof(pssParamsEmptySeq), &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA); + ExpectIntEQ(mgf, WC_MGF1SHA1); + ExpectIntEQ(saltLen, 20); + +#ifndef NO_SHA256 + /* --- Test 4: SHA-256 / MGF1-SHA-256 / salt=32 --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams(pssParamsSha256, + (word32)sizeof(pssParamsSha256), &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA256); + ExpectIntEQ(mgf, WC_MGF1SHA256); + ExpectIntEQ(saltLen, 32); + + /* --- Test 5: Hash only => SHA-256, default MGF/salt --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams(pssParamsHashOnly, + (word32)sizeof(pssParamsHashOnly), &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA256); + ExpectIntEQ(mgf, WC_MGF1SHA1); + ExpectIntEQ(saltLen, 20); +#endif + + /* --- Test 6: Salt only => default hash/MGF, salt=48 --- */ + hash = WC_HASH_TYPE_NONE; + mgf = 0; + saltLen = 0; + ExpectIntEQ(wc_DecodeRsaPssParams(pssParamsSaltOnly, + (word32)sizeof(pssParamsSaltOnly), &hash, &mgf, &saltLen), 0); + ExpectIntEQ((int)hash, (int)WC_HASH_TYPE_SHA); + ExpectIntEQ(mgf, WC_MGF1SHA1); + ExpectIntEQ(saltLen, 48); + + /* --- Test 7: NULL pointer -> BAD_FUNC_ARG --- */ + ExpectIntEQ(wc_DecodeRsaPssParams(NULL, 10, &hash, &mgf, &saltLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* --- Test 8: Bad leading tag => ASN_PARSE_E --- */ + { + static const byte badTag[] = { 0x01, 0x00 }; + ExpectIntEQ(wc_DecodeRsaPssParams(badTag, (word32)sizeof(badTag), + &hash, &mgf, &saltLen), WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + +#endif /* WC_RSA_PSS && !NO_RSA && !NO_ASN */ + return EXPECT_RESULT(); +} + +/* Test that DecodeAltNames rejects a SAN entry whose length exceeds the + * remaining SEQUENCE length (integer underflow on the length tracker). */ +int test_DecodeAltNames_length_underflow(void) +{ + EXPECT_DECLS; + +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_ASN) + /* Self-signed DER certificate with a well-formed SAN extension. + * Byte at offset 418 is the SAN SEQUENCE length (0x06). The negative + * test below copies this cert and shrinks that byte to 0x03 so the + * DNS entry length exceeds the SEQUENCE bounds. */ + static const unsigned char good_san_cert[] = { + 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, + 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, + 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, + 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, + 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, + 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, + 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, + 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, + 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, + 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, + 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, + 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, + 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, + 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, + 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, + 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, + 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, + 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, + 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, + 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, + 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, + 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, + 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, + 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, + 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, + 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + /* SAN extension: correct SEQUENCE length 0x06 */ + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, + 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, + 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, + 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, + 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, + 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, + 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, + 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, + 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, + 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, + 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, + 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, + 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, + 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, + 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, + 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, + 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, + 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, + 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, + 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, + 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, + 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, + 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, + 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, + 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd + }; + + /* Offset of the SAN SEQUENCE length byte inside good_san_cert. */ + #define SAN_SEQ_LEN_OFFSET 418 + + DecodedCert cert; + unsigned char bad_san_cert[sizeof(good_san_cert)]; + + /* Control: the original cert with correct SAN SEQUENCE length should + * parse successfully (signature won't verify, but NO_VERIFY skips that). */ + wc_InitDecodedCert(&cert, good_san_cert, (word32)sizeof(good_san_cert), + NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), 0); + wc_FreeDecodedCert(&cert); + + /* Build a malformed variant: shrink the SAN SEQUENCE length from 6 to 3 + * so the DNS entry length (4) exceeds the SEQUENCE bounds. Without a + * bounds check DecodeAltNames would underflow the length tracker. */ + XMEMCPY(bad_san_cert, good_san_cert, sizeof(good_san_cert)); + bad_san_cert[SAN_SEQ_LEN_OFFSET] = 0x03; + + wc_InitDecodedCert(&cert, bad_san_cert, (word32)sizeof(bad_san_cert), + NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL), + WC_NO_ERR_TRACE(ASN_PARSE_E)); + wc_FreeDecodedCert(&cert); + +#endif /* !NO_CERTS && !NO_RSA && !NO_ASN */ + return EXPECT_RESULT(); +} + +int test_wc_DecodeObjectId(void) +{ + EXPECT_DECLS; + +#if !defined(NO_ASN) && \ + (defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT)) + { + /* OID 1.2.840.113549.1.1.11 (sha256WithRSAEncryption) + * DER encoding: 2a 86 48 86 f7 0d 01 01 0b + * First byte 0x2a = 42 => arc0 = 42/40 = 1, arc1 = 42%40 = 2 + * Remaining arcs: 840, 113549, 1, 1, 11 + */ + static const byte oid_sha256rsa[] = { + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b + }; + word16 out[MAX_OID_SZ]; + word32 outSz; + + /* Test 1: Normal decode */ + outSz = MAX_OID_SZ; + ExpectIntEQ(DecodeObjectId(oid_sha256rsa, sizeof(oid_sha256rsa), + out, &outSz), 0); + ExpectIntEQ((int)outSz, 7); + ExpectIntEQ(out[0], 1); + ExpectIntEQ(out[1], 2); + ExpectIntEQ(out[2], 840); + ExpectIntEQ(out[3], (word16)113549); /* truncated to word16 */ + ExpectIntEQ(out[4], 1); + ExpectIntEQ(out[5], 1); + ExpectIntEQ(out[6], 11); + + /* Test 2: NULL args */ + outSz = MAX_OID_SZ; + ExpectIntEQ(DecodeObjectId(NULL, sizeof(oid_sha256rsa), out, &outSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(DecodeObjectId(oid_sha256rsa, sizeof(oid_sha256rsa), + out, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test 3 (Bug 1): outSz=1 must return BUFFER_E, not OOB write. + * The first OID byte decodes into two arcs, so outSz must be >= 2. */ + outSz = 1; + ExpectIntEQ(DecodeObjectId(oid_sha256rsa, sizeof(oid_sha256rsa), + out, &outSz), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Test 4: outSz=0 must also return BUFFER_E */ + outSz = 0; + ExpectIntEQ(DecodeObjectId(oid_sha256rsa, sizeof(oid_sha256rsa), + out, &outSz), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Test 5: outSz=2 is enough for a single-byte OID (two arcs) */ + { + static const byte oid_one_byte[] = { 0x2a }; /* 1.2 */ + outSz = 2; + ExpectIntEQ(DecodeObjectId(oid_one_byte, sizeof(oid_one_byte), + out, &outSz), 0); + ExpectIntEQ((int)outSz, 2); + ExpectIntEQ(out[0], 1); + ExpectIntEQ(out[1], 2); + } + + /* Test 6: Buffer too small for later arcs */ + outSz = 3; /* only room for 3 arcs, but OID has 7 */ + ExpectIntEQ(DecodeObjectId(oid_sha256rsa, sizeof(oid_sha256rsa), + out, &outSz), + WC_NO_ERR_TRACE(BUFFER_E)); + } +#endif /* !NO_ASN && (HAVE_OID_DECODING || WOLFSSL_ASN_PRINT) */ + + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_asn.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_asn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_asn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_asn.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,10 +27,18 @@ int test_SetAsymKeyDer(void); int test_GetSetShortInt(void); int test_wc_IndexSequenceOf(void); +int test_wolfssl_local_MatchBaseName(void); +int test_wc_DecodeRsaPssParams(void); +int test_DecodeAltNames_length_underflow(void); +int test_wc_DecodeObjectId(void); #define TEST_ASN_DECLS \ TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \ TEST_DECL_GROUP("asn", test_GetSetShortInt), \ - TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf) + TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf), \ + TEST_DECL_GROUP("asn", test_wolfssl_local_MatchBaseName), \ + TEST_DECL_GROUP("asn", test_wc_DecodeRsaPssParams), \ + TEST_DECL_GROUP("asn", test_DecodeAltNames_length_underflow), \ + TEST_DECL_GROUP("asn", test_wc_DecodeObjectId) #endif /* WOLFCRYPT_TEST_ASN_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_blake2.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_blake2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_blake2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,7 @@ int test_wc_InitBlake2b(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; /* Test bad arg. */ @@ -50,6 +50,12 @@ ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz values that truncate via (byte) cast to a valid size must be + * rejected: 257 mod 256 = 1, 320 mod 256 = 64 - both within BLAKE2B range */ + ExpectIntEQ(wc_InitBlake2b(&blake, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(&blake, 256 + BLAKE2B_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good arg. */ ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); @@ -60,7 +66,7 @@ int test_wc_InitBlake2b_WithKey(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; word32 digestSz = BLAKE2B_KEYBYTES; byte key[BLAKE2B_KEYBYTES]; @@ -82,6 +88,12 @@ ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates to a valid byte-sized value must be rejected */ + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 257, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 256 + BLAKE2B_OUTBYTES, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test good arg. */ ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0); ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0); @@ -92,7 +104,7 @@ int test_wc_Blake2bUpdate(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); @@ -115,7 +127,7 @@ int test_wc_Blake2bFinal(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; byte hash[WC_BLAKE2B_DIGEST_SIZE]; @@ -127,8 +139,14 @@ ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* requestSz that truncates to valid byte must be rejected */ + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 256 + BLAKE2B_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good args. */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); #endif return EXPECT_RESULT(); @@ -138,7 +156,7 @@ int test_wc_Blake2b_KATs(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; testVector blake2b_kat[BLAKE2B_KAT_CNT]; @@ -254,7 +272,7 @@ int test_wc_Blake2b_other(void) { EXPECT_DECLS; -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B Blake2b blake; byte hash[WC_BLAKE2B_DIGEST_SIZE + 1]; byte data[WC_BLAKE2B_DIGEST_SIZE * 8 + 1]; @@ -322,6 +340,12 @@ ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates via (byte) cast to a valid size must be rejected: + * 257 mod 256 = 1, 288 mod 256 = 32 - both within BLAKE2S range */ + ExpectIntEQ(wc_InitBlake2s(&blake, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(&blake, 256 + BLAKE2S_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good arg. */ ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); @@ -352,6 +376,12 @@ ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates to a valid byte-sized value must be rejected */ + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 257, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 256 + BLAKE2S_OUTBYTES, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test good arg. */ ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0); ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0); @@ -397,8 +427,14 @@ ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* requestSz that truncates to valid byte must be rejected */ + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 256 + BLAKE2S_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good args. */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); #endif return EXPECT_RESULT(); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_blake2.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_blake2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_blake2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_blake2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_camellia.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_camellia.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_camellia.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_camellia.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_camellia.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_camellia.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_camellia.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_certman.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_certman.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2542 @@ +/* test_certman.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +int test_wolfSSL_CertManagerAPI(void) +{ + EXPECT_DECLS; +#ifndef NO_CERTS + WOLFSSL_CERT_MANAGER* cm = NULL; + unsigned char c = 0; + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + + wolfSSL_CertManagerFree(NULL); + ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_TRUST_PEER_CERT + ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1, + WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + +#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1), + WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); +#endif + +#if !defined(NO_FILESYSTEM) + { + #ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; + #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + const char* ca_cert_der = "./certs/ca-cert.der"; + #endif + #else + const char* ca_cert = "./certs/ca-cert.der"; + #endif + const char* ca_path = "./certs"; + + #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1), + WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file", + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); + #endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + } +#endif + +#ifdef OPENSSL_COMPATIBLE_DEFAULTS + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1); +#elif !defined(HAVE_CRL) + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1); +#ifdef HAVE_CRL + /* Test APIs when CRL is disabled. */ +#ifdef HAVE_CRL_IO + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); +#endif + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), 1); + ExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); +#endif + + /* OCSP */ + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + +#ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1); + + ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1); + + ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1); + /* Test APIs when OCSP is disabled. */ + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, &c, 1, + NULL, NULL, NULL, NULL), 1); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, 1), 1); + +#endif + + ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1); + if (EXPECT_SUCCESS()) { + wolfSSL_CertManagerFree(cm); + } + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + +#ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, WOLFSSL_OCSP_URL_OVERRIDE | + WOLFSSL_OCSP_CHECKALL), 1); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), 1); +#endif + + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(cm), 1); +#endif + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, + int file_type) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) { + fprintf(stderr, "test_cm_load_ca failed\n"); + return -1; + } + + ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, + file_type); + + wolfSSL_CertManagerFree(cm); + + return ret; +} + +static int test_cm_load_ca_file(const char* ca_cert_file) +{ + int ret = 0; + byte* cert_buf = NULL; + size_t cert_sz = 0; +#if defined(WOLFSSL_PEM_TO_DER) + DerBuffer* pDer = NULL; +#endif + + ret = load_file(ca_cert_file, &cert_buf, &cert_sz); + if (ret == 0) { + /* normal test */ + ret = test_cm_load_ca_buffer(cert_buf, cert_sz, CERT_FILETYPE); + + if (ret == WOLFSSL_SUCCESS) { + /* test including null terminator in length */ + byte* tmp = (byte*)XREALLOC(cert_buf, cert_sz+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = MEMORY_E; + } + else { + cert_buf = tmp; + cert_buf[cert_sz] = '\0'; + ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, + CERT_FILETYPE); + } + + } + + #if defined(WOLFSSL_PEM_TO_DER) + if (ret == WOLFSSL_SUCCESS) { + /* test loading DER */ + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); + if (ret == 0 && pDer != NULL) { + ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, + WOLFSSL_FILETYPE_ASN1); + + wc_FreeDer(&pDer); + } + } + #endif + + } + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz, + int file_type, word32 flags) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) { + fprintf(stderr, "test_cm_load_ca failed\n"); + return -1; + } + + ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, + file_type, 0, flags); + + wolfSSL_CertManagerFree(cm); + + return ret; +} + +static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) +{ + int ret = 0; + byte* cert_buf = NULL; + size_t cert_sz = 0; +#if defined(WOLFSSL_PEM_TO_DER) + DerBuffer* pDer = NULL; +#endif + + ret = load_file(ca_cert_file, &cert_buf, &cert_sz); + if (ret == 0) { + /* normal test */ + ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz, + CERT_FILETYPE, flags); + + if (ret == WOLFSSL_SUCCESS) { + /* test including null terminator in length */ + byte* tmp = (byte*)XREALLOC(cert_buf, cert_sz+1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = MEMORY_E; + } + else { + cert_buf = tmp; + cert_buf[cert_sz] = '\0'; + ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1, + CERT_FILETYPE, flags); + } + + } + + #if defined(WOLFSSL_PEM_TO_DER) + if (ret == WOLFSSL_SUCCESS) { + /* test loading DER */ + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); + if (ret == 0 && pDer != NULL) { + ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length, + WOLFSSL_FILETYPE_ASN1, flags); + + wc_FreeDer(&pDer); + } + } + #endif + + } + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + +int test_wolfSSL_CertManagerLoadCABuffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif + int ret; + + ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + + ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS && \ + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && !defined(NO_ASN_TIME) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerLoadCABuffer_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif + int ret; + + ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE), + 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + + ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS && \ + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerLoadCABufferType(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(NO_SHA256) && \ + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* int1_cert = "./certs/intermediate/ca-int-cert.pem"; + const char* int2_cert = "./certs/intermediate/ca-int2-cert.pem"; + const char* client_cert = "./certs/intermediate/client-int-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* int1_cert = "./certs/intermediate/ca-int-cert.der"; + const char* int2_cert = "./certs/intermediate/ca-int2-cert.der"; + const char* client_cert = "./certs/intermediate/client-int-cert.der"; +#endif + byte* ca_cert_buf = NULL; + byte* int1_cert_buf = NULL; + byte* int2_cert_buf = NULL; + byte* client_cert_buf = NULL; + size_t ca_cert_sz = 0; + size_t int1_cert_sz = 0; + size_t int2_cert_sz = 0; + size_t client_cert_sz = 0; + WOLFSSL_CERT_MANAGER* cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(load_file(ca_cert, &ca_cert_buf, &ca_cert_sz), 0); + ExpectIntEQ(load_file(int1_cert, &int1_cert_buf, &int1_cert_sz), 0); + ExpectIntEQ(load_file(int2_cert, &int2_cert_buf, &int2_cert_sz), 0); + ExpectIntEQ(load_file(client_cert, &client_cert_buf, &client_cert_sz), 0); + + ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 0), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 5), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, + (sword32)client_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + /* Intermediate certs have been unloaded, but CA cert is still + loaded. Expect first level intermediate to verify, rest to fail. */ +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_TEMP_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_CHAIN_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, + (sword32)client_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_CA), + WOLFSSL_SUCCESS); +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) || \ + defined(OPENSSL_EXTRA) + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); +#endif + + if (cm) + wolfSSL_CertManagerFree(cm); + if (ca_cert_buf) + XFREE(ca_cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (int1_cert_buf) + XFREE(int1_cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (int2_cert_buf) + XFREE(int2_cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (client_cert_buf) + XFREE(client_cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerGetCerts(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_STACK* sk = NULL; + X509* x509 = NULL; + X509* cert1 = NULL; + FILE* file1 = NULL; +#ifdef DEBUG_WOLFSSL_VERBOSE + WOLFSSL_BIO* bio = NULL; +#endif + int i = 0; + int ret = 0; + const byte* der = NULL; + int derSz = 0; + + ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb")); + + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != NULL) { + fclose(file1); + } + + ExpectNull(sk = wolfSSL_CertManagerGetCerts(NULL)); + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); + + ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT + * and full OpenSSL compatibility */ + ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)); +#else + ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); +#endif + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, + "./certs/ca-cert.pem", NULL)); + + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); + + for (i = 0; EXPECT_SUCCESS() && i < sk_X509_num(sk); i++) { + ExpectNotNull(x509 = sk_X509_value(sk, i)); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); + +#ifdef DEBUG_WOLFSSL_VERBOSE + bio = BIO_new(wolfSSL_BIO_s_file()); + if (bio != NULL) { + BIO_set_fp(bio, stderr, BIO_NOCLOSE); + X509_print(bio, x509); + BIO_free(bio); + } +#endif /* DEBUG_WOLFSSL_VERBOSE */ + } + wolfSSL_X509_free(cert1); + sk_X509_pop_free(sk, NULL); + wolfSSL_CertManagerFree(cm); +#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) */ + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerSetVerify(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + WOLFSSL_CERT_MANAGER* cm = NULL; + int tmp = myVerifyAction; +#ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; + const char* expiredCert = "./certs/test/expired/expired-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* expiredCert = "./certs/test/expired/expired-cert.der"; +#endif + + wolfSSL_CertManagerSetVerify(NULL, NULL); + wolfSSL_CertManagerSetVerify(NULL, myVerify); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + + wolfSSL_CertManagerSetVerify(cm, myVerify); + +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1); +#else + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), + WOLFSSL_SUCCESS); +#endif + /* Use the test CB that always accepts certs */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert, + CERT_FILETYPE), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_ALWAYS_VERIFY_CB + { + const char* verifyCert = "./certs/server-cert.der"; + /* Use the test CB that always fails certs */ + myVerifyAction = VERIFY_FORCE_FAIL; + + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR)); + } +#endif + + wolfSSL_CertManagerFree(cm); + myVerifyAction = tmp; +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerNameConstraint(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-nc.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + int i = 0; + static const byte extNameConsOid[] = {85, 29, 30}; + + RsaKey key; + WC_RNG rng; + byte *der = NULL; + int derSz = 0; + word32 idx = 0; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + wc_InitRng(&rng); + + /* load in CA private key for signing */ + ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + sizeof_server_key_der_2048), 0); + + /* get ca certificate then alter it */ + ExpectNotNull(der = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); + if (EXPECT_SUCCESS() && (der != NULL)) { + XMEMCPY(der, pt, (size_t)derSz); + + /* find the name constraint extension and alter it */ + pt = der; + for (i = 0; i < derSz - 3; i++) { + if (XMEMCMP(pt, extNameConsOid, 3) == 0) { + pt += 3; + break; + } + pt++; + } + ExpectIntNE(i, derSz - 3); /* did not find OID if this case is hit */ + + /* go to the length value and set it to 0 */ + while (i < derSz && *pt != 0x81) { + pt++; + i++; + } + ExpectIntNE(i, derSz); /* did not place to alter */ + pt++; + *pt = 0x00; + } + + /* resign the altered certificate */ + ExpectIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, + FOURK_BUF, &key, NULL, &rng)), 0); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + wolfSSL_CertManagerFree(cm); + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_X509_free(x509); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + + /* add email alt name to satisfy constraint */ + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* Good cert test with proper alt email name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + + /* Cert with bad alt name list */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerNameConstraint2(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) + const char* ca_cert = "./certs/test/cert-ext-ndir.der"; + const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; + const char* server_cert = "./certs/server-cert.pem"; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + const unsigned char *der = NULL; + const unsigned char *pt; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + int derSz = 0; + + /* C=US*/ + char altName[] = { + 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53 + }; + + /* C=ID */ + char altNameFail[] = { + 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44 + }; + + /* C=US ST=California*/ + char altNameExc[] = { + 0x30, 0x22, + 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61 + }; + /* load in CA private key for signing */ + pt = ca_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + sizeof_ca_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* Test no name case. */ + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE), + WOLFSSL_SUCCESS); + /* IP not supported unless WOLFSSL_IP_ALT_NAME is enabled. */ +#ifdef WOLFSSL_IP_ALT_NAME + ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE), + WOLFSSL_FAILURE); +#endif + + /* add in matching DIR alt name and resign */ + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check verify fail */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + + /* add in miss matching DIR alt name and resign */ + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + /* check that it still fails if one bad altname and one good altname is in + * the certificate */ + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + /* check it fails with switching position of bad altname */ + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + wolfSSL_CertManagerFree(cm); + + wolfSSL_X509_free(x509); + x509 = NULL; + wolfSSL_X509_free(ca); + ca = NULL; + + /* now test with excluded name constraint */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), + ASN_DIR_TYPE); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerNameConstraint3(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-mnc.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz = 0; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying .wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying .random.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail case when neither constraint is matched */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerNameConstraint4(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying example.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying wolfssl.com constraint passes with list of DNS's */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail when one DNS in the list is bad */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail case when neither constraint is matched */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"common", 6, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerNameConstraint5(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"example", 7, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail with DNS check because of common name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail on permitted DNS name constraint */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail on permitted email name constraint */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); + wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* success with empty email name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerCRL(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ + !defined(NO_RSA) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* crl1 = "./certs/crl/crl.pem"; + const char* crl2 = "./certs/crl/crl2.pem"; +#ifdef WC_RSA_PSS + const char* crl_rsapss = "./certs/crl/crl_rsapss.pem"; + const char* ca_rsapss = "./certs/rsapss/ca-rsapss.pem"; +#endif + /* ./certs/crl/crl.der */ + const unsigned char crl_buff[] = { + 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02, + 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39, + 0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30, + 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14, + 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32, + 0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33, + 0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C, + 0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04, + 0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77, + 0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71, + 0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64, + 0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B, + 0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15, + 0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8, + 0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E, + 0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19, + 0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8, + 0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E, + 0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6, + 0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12, + 0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58, + 0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A, + 0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43, + 0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2, + 0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75, + 0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E, + 0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B, + 0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7, + 0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65, + 0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF, + 0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00, + 0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF, + 0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D, + 0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9, + 0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6, + 0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9, + 0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60, + 0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D, + 0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1, + 0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B + }; + + WOLFSSL_CERT_MANAGER* cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, + WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); + + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + + ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1); +#ifdef HAVE_CRL_IO + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); +#endif + +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* -1 seen as !WOLFSSL_FILETYPE_PEM */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1); + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* -1 seen as !WOLFSSL_FILETYPE_PEM */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); + + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); + wolfSSL_CertManagerFreeCRL(cm); + +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), + WC_NO_ERR_TRACE(CRL_MISSING)); +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff), + WOLFSSL_FILETYPE_ASN1), 1); + +#if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS) + /* loading should fail without the CA set */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); + + /* now successfully load the RSA-PSS crl once loading in it's CA */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CertManagerFree(cm); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_CRL_reason_extensions_cleanup(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_CERT_MANAGER* cm = NULL; + const char* crlReasonFile = "./certs/crl/crl_reason.pem"; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + if (cm != NULL) { + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_2048, + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + /* Exercises ParseCRL/GetRevoked path that allocates entry extensions; + * cleanup runs via FreeDecodedCRL in BufferLoadCRL. */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crlReasonFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CRL_static_revoked_list(void) +{ + EXPECT_DECLS; +#if defined(CRL_STATIC_REVOKED_LIST) && defined(HAVE_CRL) && \ + !defined(NO_RSA) && !defined(NO_CERTS) + /* CRL signed by certs/ca-cert.pem that revokes serials 05, 02, 01 in that + * (unsorted) wire order. The unsorted order exposes a binary search bug in + * FindRevokedSerial when CRL_STATIC_REVOKED_LIST is enabled: the revoked + * cert array is never sorted after parsing, so binary search misses entries + * that are out of order. + * + * Generated with Python cryptography library: + * builder.add_revoked_certificate(serial=5) + * builder.add_revoked_certificate(serial=2) + * builder.add_revoked_certificate(serial=1) + * crl = builder.sign(ca_key, hashes.SHA256()) + */ + static const unsigned char crl_multi_revoked[] = { + 0x30, 0x82, 0x02, 0x1D, 0x30, 0x82, 0x01, 0x05, + 0x02, 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, + 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, + 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x17, 0x0D, 0x32, 0x36, 0x30, 0x31, 0x30, + 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, + 0x17, 0x0D, 0x33, 0x36, 0x30, 0x31, 0x30, 0x31, + 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, + 0x3C, 0x30, 0x12, 0x02, 0x01, 0x05, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x12, 0x02, + 0x01, 0x02, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x32, + 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x5A, 0x30, 0x12, 0x02, 0x01, 0x01, 0x17, 0x0D, + 0x32, 0x33, 0x30, 0x33, 0x30, 0x31, 0x30, 0x30, + 0x30, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x0D, 0x06, + 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, + 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x15, 0x9F, 0xC1, 0x9E, 0x17, 0xB3, 0x5A, + 0xF1, 0x48, 0xA5, 0x87, 0x2A, 0x84, 0xD1, 0x93, + 0x8D, 0x19, 0x24, 0xCB, 0xC5, 0x32, 0x56, 0x10, + 0x6C, 0x4D, 0xF5, 0xD1, 0x9A, 0xC0, 0x1A, 0x8B, + 0x1C, 0x84, 0x6B, 0x4B, 0x20, 0xA7, 0xA4, 0x2C, + 0x11, 0x5C, 0x23, 0xBD, 0x0C, 0xB1, 0x33, 0xBE, + 0x38, 0x1B, 0xCB, 0xDB, 0x8E, 0xD4, 0x0F, 0x62, + 0x0D, 0xB5, 0x18, 0x21, 0x28, 0x0B, 0x77, 0xB9, + 0xB4, 0xA8, 0xE9, 0xA0, 0x25, 0x00, 0x83, 0xED, + 0x64, 0x49, 0x8E, 0x52, 0xD9, 0x8D, 0xAF, 0xC2, + 0x16, 0x3E, 0xD3, 0x93, 0x09, 0xB9, 0x18, 0xBB, + 0x6C, 0x41, 0xDF, 0x59, 0x59, 0x53, 0x8C, 0x64, + 0x8B, 0xD1, 0x9D, 0xBB, 0x92, 0x8F, 0xB2, 0x26, + 0x27, 0x78, 0x41, 0xFB, 0xF8, 0xB1, 0x2F, 0x8F, + 0xA1, 0x85, 0xB6, 0xC7, 0x8E, 0x42, 0x72, 0xEF, + 0xF4, 0x3F, 0xC4, 0xAF, 0x40, 0x95, 0xCA, 0x94, + 0xE5, 0x88, 0x89, 0x18, 0x32, 0x54, 0xC3, 0xC4, + 0xBE, 0x7E, 0x48, 0x1B, 0x3D, 0xB3, 0x6C, 0x11, + 0x54, 0x6F, 0x9E, 0xFE, 0x09, 0x5B, 0x72, 0x3F, + 0xD7, 0xA0, 0x02, 0xFF, 0x43, 0x01, 0xFE, 0x23, + 0xF8, 0x72, 0xCD, 0xA9, 0x76, 0x36, 0x31, 0x78, + 0x21, 0xCB, 0x0E, 0xC2, 0x25, 0x8D, 0x0B, 0x4C, + 0x2C, 0xAA, 0x6A, 0x80, 0x6E, 0xE2, 0x1E, 0xAC, + 0x70, 0x5D, 0x4A, 0xAA, 0x56, 0x17, 0xF0, 0x2D, + 0xA2, 0x2A, 0x4E, 0x2B, 0xC8, 0xC9, 0x87, 0x8E, + 0x07, 0xEB, 0xD8, 0x36, 0x42, 0x39, 0xA0, 0xA4, + 0xF6, 0x34, 0xC2, 0x5F, 0xE1, 0x21, 0x07, 0x50, + 0x4B, 0x37, 0x15, 0x7D, 0xF9, 0x18, 0x54, 0x13, + 0xC0, 0x1D, 0x0A, 0x27, 0x3A, 0x63, 0xD2, 0xC3, + 0xD5, 0x57, 0x5E, 0x67, 0x56, 0x65, 0x9E, 0x2E, + 0x4D, 0xB4, 0x96, 0x54, 0x7A, 0x3D, 0xFD, 0xF9, + 0xCF, 0xCD, 0x10, 0x65, 0x05, 0x97, 0x53, 0x72, + 0x12 + }; + WOLFSSL_CERT_MANAGER* cm = NULL; + + /* Set up CertManager with the CA and CRL checking enabled */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + + /* Load the CRL that revokes serials {05, 02, 01} in unsorted wire order */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_multi_revoked, + sizeof(crl_multi_revoked), WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* server-cert.pem has serial 01, which is in the CRL but at the last + * position in the unsorted array. Binary search on unsorted data misses + * it, so this assertion fails before the bug fix. */ + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CRL_duplicate_extensions(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_NO_ASN_STRICT) && \ + (defined(WC_ASN_RUNTIME_DATE_CHECK_CONTROL) || defined(NO_ASN_TIME_CHECK)) + const unsigned char crl_duplicate_akd[] = + "-----BEGIN X509 CRL-----\n" + "MIICCDCB8QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzETMBEGA1UE\n" + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n" + "TXkgQ29tcGFueTETMBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9v\n" + "dCBDQRcNMjQwOTAxMDAwMDAwWhcNMjUxMjAxMDAwMDAwWqBEMEIwHwYDVR0jBBgw\n" + "FoAU72ng99Ud5pns3G3Q9+K5XGRxgzUwHwYDVR0jBBgwFoAU72ng99Ud5pns3G3Q\n" + "9+K5XGRxgzUwDQYJKoZIhvcNAQELBQADggEBAIFVw4jrS4taSXR/9gPzqGrqFeHr\n" + "IXCnFtHJTLxqa8vUOAqSwqysvNpepVKioMVoGrLjFMjANjWQqTEiMROAnLfJ/+L8\n" + "FHZkV/mZwOKAXMhIC9MrJzifxBICwmvD028qnwQm09EP8z4ICZptD6wPdRTDzduc\n" + "KBuAX+zn8pNrJgyrheRKpPgno9KsbCzK4D/RIt1sTK2M3vVOtY+vpsN70QYUXvQ4\n" + "r2RZac3omlT43x5lddPxIlcouQpwWcVvr/K+Va770MRrjn88PBrJmvsEw/QYVBXp\n" + "Gxv2b78HFDacba80sMIm8ltRdqUCa5qIc6OATsz7izCQXEbkTEeESrcK1MA=\n" + "-----END X509 CRL-----\n"; + + WOLFSSL_CERT_MANAGER* cm = NULL; + int ret; + + (void)wc_AsnSetSkipDateCheck(1); + + cm = wolfSSL_CertManagerNew(); + ExpectNotNull(cm); + + /* Test loading CRL with duplicate extensions */ + WOLFSSL_MSG("Testing CRL with duplicate Authority Key Identifier " + "extensions"); + ret = wolfSSL_CertManagerLoadCRLBuffer(cm, crl_duplicate_akd, + sizeof(crl_duplicate_akd), + WOLFSSL_FILETYPE_PEM); + ExpectIntEQ(ret, ASN_PARSE_E); + + wolfSSL_CertManagerFree(cm); + + (void)wc_AsnSetSkipDateCheck(0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CertManagerCheckOCSPResponse(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) +/* Need one of these for wolfSSL_OCSP_REQUEST_new. */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ + defined(HAVE_LIGHTY) + WOLFSSL_CERT_MANAGER* cm = NULL; + /* Raw OCSP response bytes captured using the following setup: + * - Run responder with + * openssl ocsp -port 9999 -ndays 9999 + * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt + * -rsigner certs/ocsp/ocsp-responder-cert.pem + * -rkey certs/ocsp/ocsp-responder-key.pem + * -CA certs/ocsp/intermediate1-ca-cert.pem + * - Run client with + * openssl ocsp -host 127.0.0.1:9999 -respout resp.out + * -issuer certs/ocsp/intermediate1-ca-cert.pem + * -cert certs/ocsp/server1-cert.pem + * -CAfile certs/ocsp/root-ca-cert.pem -noverify + * - Select the response packet in Wireshark, and export it using + * "File->Export Packet Dissection->As "C" Arrays". Select "Selected + * packets only". After importing into the editor, remove the initial + * ~148 bytes of header, ending with the Content-Length and the \r\n\r\n. + */ + static const byte response[] = { + 0x30, 0x82, 0x07, 0x40, /* ....0..@ */ + 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, /* ......90 */ + 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, /* ..5..+.. */ + 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, /* ...0.... */ + 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, /* .&0.."0. */ + 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, /* .@...0.. */ + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, /* ring1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, /* olfSSL O */ + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, /* CSP Resp */ + 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, /* onder1.0 */ + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, /* ...*.H.. */ + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */ + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */ + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */ + 0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */ + 0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */ + 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */ + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */ + 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */ + 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, /* ...7C.1. */ + 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, /* ..C..... */ + 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */ + 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */ + 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */ + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */ + 0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */ + 0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */ + 0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */ + 0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */ + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */ + 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */ + 0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */ + 0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */ + 0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */ + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */ + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */ + 0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */ + 0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */ + 0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */ + 0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */ + 0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */ + 0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */ + 0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */ + 0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */ + 0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */ + 0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */ + 0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */ + 0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */ + 0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */ + 0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */ + 0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */ + 0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */ + 0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */ + 0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */ + 0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */ + 0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */ + 0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */ + 0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */ + 0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */ + 0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */ + 0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */ + 0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */ + 0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */ + 0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */ + 0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */ + 0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */ + 0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */ + 0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */ + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */ + 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */ + 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, /* ..*.H... */ + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, /* .....0.. */ + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, /* ring1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, /* olfSSL r */ + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, /* oot CA1. */ + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, /* 0...*.H. */ + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */ + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */ + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */ + 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */ + 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */ + 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */ + 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */ + 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */ + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */ + 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, /* ..Washin */ + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, /* gton1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, /* ..U....S */ + 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, /* eattle1. */ + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, /* 0...U... */ + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, /* ...Engin */ + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, /* eering1. */ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, /* 0...U... */ + 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, /* OCSP Re */ + 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, /* sponder1 */ + 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, /* .0...*.H */ + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, /* ........ */ + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, /* info@wol */ + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, /* fssl.com */ + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, /* 0.."0... */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, /* ........ */ + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, /* 0....... */ + 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, /* ...#...{ */ + 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, /* .....a.. */ + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, /* .c..#4Pm */ + 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, /* .|.....u */ + 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, /* \-.c...z */ + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, /* ..E5+... */ + 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, /* "..A8..t */ + 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, /* ..0".Q.. */ + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, /* .?F+..Z? */ + 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, /* Atgu.... */ + 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, /* ..B..... */ + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, /* ..e.C... */ + 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, /* ....$5!. */ + 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, /* U.ZQ..-. */ + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, /* .ZOJs1P. */ + 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, /* J..9...H */ + 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, /* .......r */ + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, /* g.\..... */ + 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, /* v..J.... */ + 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, /* fL(q..f. */ + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, /* ..0..... */ + 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, /* ....]... */ + 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, /* ..<..qx. */ + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, /* .?2..q.. */ + 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, /* .'....CI */ + 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, /* ..p..... */ + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, /* $..;..el */ + 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, /* .vP..... */ + 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, /* sh&...._ */ + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, /* na...... */ + 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */ + 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, /* .et|qTe. */ + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, /* 9....... */ + 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, /* ..0...0. */ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, /* ..U....0 */ + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, /* .0...U.. */ + 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, /* ....2g.. */ + 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, /* y....#.p */ + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, /* @P.FV.06 */ + 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, /* 0....U.# */ + 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, /* ...0.... */ + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, /* s.../... */ + 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, /* G.8....: */ + 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, /* ~r.!.... */ + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, /* ..0..1.0 */ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, /* ...U.... */ + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, /* US1.0... */ + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, /* U....Was */ + 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, /* hington1 */ + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, /* .0...U.. */ + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, /* ..Seattl */ + 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, /* e1.0...U */ + 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, /* SSL1.0.. */ + 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, /* .U....En */ + 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, /* gineerin */ + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, /* g1.0...U */ + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ + 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, /* SSL root */ + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, /* CA1.0.. */ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, /* .*.H.... */ + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, /* ....info */ + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, /* @wolfssl */ + 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, /* .com..c0 */ + 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, /* ...U.%.. */ + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, /* 0...+... */ + 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */ + 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */ + 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */ + 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */ + 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */ + 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */ + 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */ + 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */ + 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */ + 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */ + 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */ + 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */ + 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */ + 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */ + 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */ + 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */ + 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */ + 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */ + 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */ + 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */ + 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */ + 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */ + 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */ + 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */ + 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */ + 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */ + 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */ + 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */ + 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */ + 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */ + 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */ + 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */ + 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57 /* A.%..j.W */ + }; + OcspEntry entry[1]; + CertStatus status[1]; + OcspRequest* request = NULL; +#ifndef NO_FILESYSTEM + const char* ca_cert = "./certs/ca-cert.pem"; +#endif + + byte serial[] = {0x05}; + byte issuerHash[] = { + 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, + 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, + 0x43, 0x18, 0xda, 0x04 + }; + byte issuerKeyHash[] = { + 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, + 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, + 0x64, 0x44, 0xda, 0x0e + }; + + + XMEMSET(entry, 0, sizeof(OcspEntry)); + XMEMSET(status, 0, sizeof(CertStatus)); + + ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); + ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, + DYNAMIC_TYPE_OCSP_REQUEST)); + + if ((request != NULL) && (request->serial != NULL)) { + request->serialSz = sizeof(serial); + XMEMCPY(request->serial, serial, sizeof(serial)); + XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); + XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); + } + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, + "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); + + /* Response should be valid. */ + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, + sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); + + /* Flip a byte in the request serial number, response should be invalid + * now. */ + if ((request != NULL) && (request->serial != NULL)) + request->serial[0] ^= request->serial[0]; + ExpectIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, + sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); + +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, + sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, + sizeof(server_cert_der_2048)), 1); +#endif + + wolfSSL_OCSP_REQUEST_free(request); + wolfSSL_CertManagerFree(cm); +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ +#endif /* HAVE_OCSP */ + return EXPECT_RESULT(); +} + +#ifdef HAVE_CERT_CHAIN_VALIDATION +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +#ifdef WOLFSSL_PEM_TO_DER +#ifndef NO_SHA256 +static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) +{ + int ret; + + if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "loading cert %s failed\n", certA); + fprintf(stderr, "Error: (%d): %s\n", ret, + wolfSSL_ERR_reason_error_string((word32)ret)); + return -1; + } + + return 0; +} + +static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) +{ + int ret; + if ((ret = wolfSSL_CertManagerVerify(cm, certA, CERT_FILETYPE)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "could not verify the cert: %s\n", certA); + fprintf(stderr, "Error: (%d): %s\n", ret, + wolfSSL_ERR_reason_error_string((word32)ret)); + return -1; + } + else { + fprintf(stderr, "successfully verified: %s\n", certA); + } + + return 0; +} +#define LOAD_ONE_CA(a, b, c, d) \ + do { \ + (a) = load_ca_into_cm(c, d); \ + if ((a) != 0) \ + return (b); \ + else \ + (b)--; \ + } while(0) + +#define VERIFY_ONE_CERT(a, b, c, d) \ + do { \ + (a) = verify_cert_with_cm(c, d);\ + if ((a) != 0) \ + return (b); \ + else \ + (b)--; \ + } while(0) + +static int test_chainG(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */ + char chainGArr[9][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainG-ICA7-pathlen100.pem", + "certs/test-pathlen/chainG-ICA6-pathlen10.pem", + "certs/test-pathlen/chainG-ICA5-pathlen20.pem", + "certs/test-pathlen/chainG-ICA4-pathlen5.pem", + "certs/test-pathlen/chainG-ICA3-pathlen99.pem", + "certs/test-pathlen/chainG-ICA2-pathlen1.pem", + "certs/test-pathlen/chainG-ICA1-pathlen0.pem", + "certs/test-pathlen/chainG-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */ + + /* test validating the entity twice, should have no effect on pathLen since + * entity/leaf cert */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */ + + return ret; +} + +static int test_chainH(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9: + * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2) + * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1) + * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0) + * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR) + * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 + */ + char chainHArr[6][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainH-ICA4-pathlen2.pem", + "certs/test-pathlen/chainH-ICA3-pathlen2.pem", + "certs/test-pathlen/chainH-ICA2-pathlen2.pem", + "certs/test-pathlen/chainH-ICA1-pathlen0.pem", + "certs/test-pathlen/chainH-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */ + + return ret; +} + +static int test_chainI(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain I is a valid chain per RFC5280 section 4.2.1.9: + * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2) + * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1) + * ICA1-no_pathlen signing entity (reduce maxPathLen to 0) + * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 + */ + char chainIArr[5][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainI-ICA3-pathlen2.pem", + "certs/test-pathlen/chainI-ICA2-no_pathlen.pem", + "certs/test-pathlen/chainI-ICA1-no_pathlen.pem", + "certs/test-pathlen/chainI-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */ + + return ret; +} + +static int test_chainJ(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9: + * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2) + * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1) + * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0) + * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert) + */ + char chainJArr[6][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainJ-ICA4-pathlen2.pem", + "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem", + "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem", + "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem", + "certs/test-pathlen/chainJ-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */ + + return ret; +} +#endif +#endif +#endif +#endif + +int test_various_pathlen_chains(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_CERT_CHAIN_VALIDATION) && \ + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +#ifndef NO_SHA256 + WOLFSSL_CERT_MANAGER* cm = NULL; + + /* Test chain G (large chain with varying pathLens) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(test_chainG(cm), -1); +#else + ExpectIntEQ(test_chainG(cm), 0); +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + /* end test chain G */ + + /* Test chain H (5 chain with same pathLens) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntLT(test_chainH(cm), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + /* end test chain H */ + + /* Test chain I (only first ICA has pathLen set and it's set to 2, + * followed by 2 ICA's, should pass) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(test_chainI(cm), -1); +#else + ExpectIntEQ(test_chainI(cm), 0); +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + /* Test chain J (Again only first ICA has pathLen set and it's set to 2, + * this time followed by 3 ICA's, should fail */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntLT(test_chainJ(cm), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); +#endif +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_certman.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_certman.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_certman.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,65 @@ +/* test_certman.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CERTMAN_H +#define WOLFCRYPT_TEST_CERTMAN_H + +#include + +int test_wolfSSL_CertManagerAPI(void); +int test_wolfSSL_CertManagerLoadCABuffer(void); +int test_wolfSSL_CertManagerLoadCABuffer_ex(void); +int test_wolfSSL_CertManagerLoadCABufferType(void); +int test_wolfSSL_CertManagerGetCerts(void); +int test_wolfSSL_CertManagerSetVerify(void); +int test_wolfSSL_CertManagerNameConstraint(void); +int test_wolfSSL_CertManagerNameConstraint2(void); +int test_wolfSSL_CertManagerNameConstraint3(void); +int test_wolfSSL_CertManagerNameConstraint4(void); +int test_wolfSSL_CertManagerNameConstraint5(void); +int test_wolfSSL_CertManagerCRL(void); +int test_wolfSSL_CRL_reason_extensions_cleanup(void); +int test_wolfSSL_CRL_static_revoked_list(void); +int test_wolfSSL_CRL_duplicate_extensions(void); +int test_wolfSSL_CertManagerCheckOCSPResponse(void); +int test_various_pathlen_chains(void); + +#define TEST_CERTMAN_DECLS \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerAPI), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerLoadCABuffer), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerLoadCABuffer_ex), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerLoadCABufferType), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerGetCerts), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerSetVerify), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint2), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint3), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint4), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerNameConstraint5), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCRL), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CRL_reason_extensions_cleanup), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CRL_static_revoked_list), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CRL_duplicate_extensions), \ + TEST_DECL_GROUP("certman", test_wolfSSL_CertManagerCheckOCSPResponse), \ + TEST_DECL_GROUP("certman", test_various_pathlen_chains) + +#endif /* WOLFCRYPT_TEST_CERTMAN_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_chacha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -186,3 +186,189 @@ return EXPECT_RESULT(); } /* END test_wc_Chacha_Process */ + +#define CHACHA_LEN 1024 +/* + * Testing wc_Chacha_Process() + */ +int test_wc_Chacha_Process_Chunking(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CHACHA + ChaCha enc; + WC_DECLARE_VAR(plain, byte, CHACHA_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CHACHA_LEN, NULL); + byte key[CHACHA_MAX_KEY_SZ]; + byte iv[CHACHA_IV_BYTES]; + int i; + int cnt; + int sz; + const byte expected[CHACHA_LEN] = { + 0xbc, 0xf5, 0x3b, 0xf2, 0x75, 0x85, 0x9e, 0x0a, + 0x09, 0x58, 0x83, 0x50, 0x33, 0x12, 0x01, 0xa1, + 0xb4, 0xaf, 0x8a, 0xe8, 0x4d, 0x3d, 0xa5, 0x68, + 0xf7, 0x6d, 0x3e, 0xe0, 0x62, 0x7e, 0x62, 0x66, + 0xdd, 0x07, 0xe9, 0x36, 0x6f, 0x4d, 0xe9, 0x7a, + 0x16, 0x48, 0xa1, 0x83, 0x9e, 0x67, 0x4d, 0xa3, + 0xfe, 0x7e, 0x4a, 0x31, 0xdd, 0xb6, 0x50, 0x39, + 0xd2, 0x2b, 0x93, 0xf2, 0x4d, 0x51, 0x44, 0x42, + 0x5d, 0xf1, 0xd9, 0x24, 0xd7, 0xef, 0x4b, 0xa4, + 0xfd, 0x6a, 0x53, 0xa5, 0x1e, 0x4a, 0xc8, 0x68, + 0x11, 0x69, 0xc6, 0xbd, 0xe1, 0x59, 0xe4, 0xca, + 0x5b, 0xa9, 0x77, 0xfe, 0x4f, 0x82, 0x9f, 0xcf, + 0x55, 0x16, 0x3c, 0xd5, 0x83, 0xee, 0xc7, 0x53, + 0xaf, 0xca, 0x8a, 0xe2, 0xcf, 0xf1, 0x4b, 0x3b, + 0x44, 0xf6, 0xc9, 0x6c, 0x5b, 0xd3, 0x28, 0x8a, + 0x7e, 0x67, 0xaa, 0x9e, 0xad, 0xce, 0x96, 0xc4, + 0x6e, 0x95, 0x8c, 0xf8, 0xf6, 0xb6, 0x42, 0x8e, + 0xe7, 0xab, 0xc8, 0x2c, 0x66, 0x8b, 0x80, 0xcf, + 0x78, 0xfe, 0x35, 0x8b, 0x59, 0x18, 0x45, 0xcb, + 0x18, 0xd4, 0x09, 0x88, 0xa9, 0xf9, 0x27, 0xd1, + 0x3b, 0x9d, 0x2b, 0xff, 0x89, 0x21, 0xb0, 0xd2, + 0xa7, 0x7e, 0x35, 0x61, 0xae, 0x1c, 0xc3, 0x1c, + 0x07, 0x5c, 0x10, 0x5d, 0x71, 0x3a, 0x3a, 0xe8, + 0x4c, 0xba, 0x00, 0xde, 0xd1, 0xf9, 0xa1, 0xae, + 0x7b, 0x91, 0x9d, 0x66, 0x31, 0x18, 0x55, 0x39, + 0xec, 0x1d, 0x83, 0x85, 0x1e, 0x5b, 0x35, 0x17, + 0x2e, 0xbc, 0x7a, 0x22, 0x79, 0x09, 0xa7, 0x02, + 0xf7, 0x3b, 0x93, 0x2c, 0x89, 0x1b, 0x69, 0xde, + 0x80, 0xc8, 0xdf, 0xce, 0xf9, 0xcd, 0xc8, 0x58, + 0xd6, 0x4b, 0x65, 0x9a, 0xc4, 0x4f, 0x27, 0xdb, + 0x9a, 0x6c, 0x3a, 0xef, 0x20, 0x0b, 0x00, 0x5c, + 0x9f, 0x91, 0xc1, 0xf6, 0x80, 0x53, 0x6c, 0x42, + 0xe3, 0xd0, 0xfb, 0x3b, 0x23, 0x75, 0x45, 0xa7, + 0x5b, 0x9b, 0xaa, 0xcd, 0x1e, 0x03, 0x35, 0x68, + 0x17, 0xee, 0xff, 0xd7, 0x4f, 0x77, 0x2f, 0xd0, + 0x1d, 0x5e, 0x89, 0x16, 0x50, 0x6f, 0x22, 0x44, + 0x10, 0x64, 0x37, 0x66, 0x70, 0x7f, 0x4d, 0x58, + 0x36, 0xec, 0x56, 0x4e, 0xfd, 0x22, 0x8d, 0x77, + 0xb1, 0x37, 0x07, 0x13, 0xdf, 0x34, 0x40, 0x1c, + 0x65, 0x95, 0x9b, 0xb9, 0xac, 0x11, 0xfe, 0x7a, + 0xae, 0x1f, 0x17, 0x94, 0xd4, 0xdd, 0x5b, 0x4f, + 0x69, 0xa8, 0x04, 0x8e, 0x80, 0x87, 0x7d, 0x96, + 0x25, 0x37, 0x83, 0x0e, 0xca, 0xa4, 0xb3, 0x29, + 0x2f, 0x4b, 0x83, 0xa4, 0x01, 0x36, 0x0d, 0xdb, + 0xd7, 0x6e, 0x7a, 0x9c, 0x3e, 0x82, 0xc8, 0x5f, + 0x4e, 0xc6, 0xd2, 0x97, 0x64, 0xe6, 0xd9, 0x50, + 0x89, 0xcb, 0x64, 0x33, 0x28, 0x9c, 0x14, 0xf9, + 0x41, 0x33, 0x99, 0x0c, 0x87, 0x6f, 0x00, 0x3f, + 0x00, 0x6f, 0xae, 0xe9, 0x20, 0xc2, 0xcd, 0xb8, + 0x7a, 0x58, 0xde, 0x57, 0x34, 0xda, 0x63, 0xa1, + 0x0b, 0x55, 0xfc, 0x54, 0x2a, 0xed, 0xc0, 0xbc, + 0x29, 0x5f, 0x88, 0x7d, 0x37, 0x3b, 0x48, 0x86, + 0x3f, 0x88, 0xa2, 0xef, 0x55, 0xe6, 0xc4, 0xf8, + 0xb8, 0x11, 0x9e, 0x3a, 0x45, 0x79, 0xac, 0x85, + 0xb2, 0x70, 0x40, 0xd0, 0x66, 0xe7, 0x66, 0xc8, + 0x8e, 0x8f, 0xde, 0xde, 0xf8, 0x50, 0x79, 0x9e, + 0x37, 0x04, 0x07, 0x83, 0x5b, 0xe0, 0x68, 0x5b, + 0x32, 0xbc, 0x6e, 0x50, 0x05, 0xca, 0xf8, 0x3b, + 0xec, 0x15, 0x13, 0xf8, 0x9a, 0xa2, 0x58, 0x98, + 0x03, 0x29, 0x83, 0x7f, 0x11, 0xb4, 0x98, 0x41, + 0xc1, 0xd9, 0x02, 0x6e, 0x2c, 0x45, 0x55, 0xab, + 0xff, 0xcf, 0x23, 0x80, 0xf0, 0x82, 0x73, 0xe9, + 0xe6, 0x8f, 0x1a, 0xd9, 0x70, 0xd6, 0x46, 0x1f, + 0xa8, 0xf8, 0xbd, 0x14, 0xd9, 0x50, 0x59, 0x8e, + 0x46, 0xbf, 0xe2, 0x8a, 0x8e, 0xce, 0xe7, 0x81, + 0xf4, 0x3a, 0xd9, 0x07, 0xd8, 0x1d, 0x29, 0x19, + 0xc1, 0x9d, 0xac, 0x6f, 0xfb, 0xce, 0x95, 0x03, + 0x29, 0xce, 0x4a, 0x60, 0x34, 0x6a, 0x88, 0xc7, + 0x5e, 0x8c, 0x71, 0x29, 0x81, 0x64, 0x2f, 0xfb, + 0xb4, 0x20, 0x08, 0x57, 0xba, 0x50, 0x75, 0x7b, + 0x1e, 0xfa, 0xcc, 0x60, 0xe7, 0x09, 0xab, 0x4e, + 0x46, 0x64, 0xfe, 0x17, 0x00, 0x84, 0x8b, 0xca, + 0xa8, 0xcb, 0x18, 0x5b, 0xa2, 0x04, 0x13, 0x68, + 0x99, 0x02, 0xaf, 0xcb, 0x75, 0xcb, 0x46, 0x61, + 0x66, 0x05, 0xd9, 0x5c, 0x6d, 0x8c, 0xf9, 0x8a, + 0x57, 0xde, 0xf4, 0xb9, 0x5d, 0x51, 0x17, 0x4a, + 0x8c, 0x42, 0xca, 0x0d, 0x7f, 0x92, 0x69, 0x0d, + 0x88, 0x2b, 0xc6, 0xee, 0xbd, 0x5a, 0x32, 0x17, + 0x84, 0xef, 0xf9, 0xd9, 0x51, 0x33, 0x57, 0x2f, + 0x87, 0xf8, 0xda, 0x3c, 0x3c, 0x14, 0xa9, 0x26, + 0xad, 0x19, 0xfd, 0x14, 0x5e, 0x33, 0x92, 0xb1, + 0xe1, 0xd7, 0xfb, 0x1e, 0x55, 0x40, 0xe5, 0x80, + 0x9b, 0x8e, 0x4b, 0x88, 0x58, 0x77, 0xa9, 0xd2, + 0xbf, 0x40, 0x90, 0xbe, 0x8f, 0x1f, 0xa7, 0x8a, + 0xaf, 0x8e, 0x03, 0x93, 0x4d, 0x8a, 0x73, 0x8e, + 0x76, 0x67, 0x43, 0x37, 0xc1, 0x76, 0x87, 0x50, + 0x37, 0xc4, 0x02, 0x4a, 0x53, 0x1a, 0x5b, 0xe8, + 0x5f, 0xc8, 0x28, 0xad, 0xd3, 0x8a, 0x97, 0x53, + 0xa3, 0xf6, 0x48, 0xba, 0x05, 0x18, 0x56, 0x90, + 0xa9, 0x95, 0xd8, 0xac, 0xe9, 0xd5, 0x6c, 0xe3, + 0x1f, 0xd8, 0xfc, 0xc5, 0x27, 0x19, 0xab, 0x4a, + 0xc4, 0x36, 0xc9, 0xe9, 0xaa, 0x30, 0xef, 0x8e, + 0x9e, 0x01, 0x18, 0x68, 0xe9, 0x06, 0xf8, 0x54, + 0xe5, 0xe2, 0xec, 0xde, 0x52, 0xfc, 0x3b, 0xdd, + 0xe9, 0xc7, 0xc8, 0x2b, 0x93, 0xd4, 0xdb, 0x28, + 0x72, 0x06, 0x07, 0xd1, 0xba, 0x05, 0x23, 0xa6, + 0x41, 0x42, 0x55, 0x6a, 0x6e, 0x6f, 0x6c, 0x40, + 0x6a, 0x19, 0xa4, 0xd5, 0xa2, 0x11, 0xb5, 0x2b, + 0x16, 0x4a, 0xe3, 0x41, 0xf3, 0xaf, 0x93, 0xbd, + 0xc8, 0xd9, 0x26, 0x43, 0x71, 0x56, 0xd2, 0x5e, + 0xf5, 0xa8, 0x3c, 0x64, 0x83, 0x04, 0x89, 0x62, + 0x20, 0xd3, 0xe9, 0x8e, 0x60, 0xcd, 0xec, 0xd9, + 0xce, 0x89, 0xf0, 0x5c, 0xf2, 0x26, 0x72, 0x51, + 0xd5, 0x16, 0x7b, 0xef, 0x19, 0x10, 0xb4, 0xce, + 0x60, 0x47, 0xab, 0x98, 0x86, 0xbd, 0x39, 0xb7, + 0xc9, 0x29, 0x38, 0x1a, 0xc1, 0x5c, 0xab, 0x77, + 0xea, 0xe9, 0xf4, 0x7f, 0x6a, 0x06, 0xf7, 0xc0, + 0x0b, 0x17, 0x1f, 0x2f, 0xce, 0x07, 0x1b, 0x33, + 0x68, 0x4d, 0x64, 0x6a, 0x28, 0x6d, 0x1d, 0xc6, + 0x54, 0x5c, 0xa2, 0x69, 0xf9, 0xb4, 0x62, 0xc9, + 0x71, 0xf5, 0xd1, 0xb7, 0x7b, 0x02, 0x81, 0x6d, + 0x4b, 0x1f, 0x62, 0xc5, 0xce, 0x2e, 0xc6, 0x2a, + 0x1d, 0x6f, 0xc7, 0xc1, 0x99, 0x48, 0x7b, 0xc7, + 0xf3, 0x53, 0xb7, 0x02, 0x7f, 0x82, 0xda, 0xfa, + 0xce, 0xd3, 0x54, 0xf8, 0x9b, 0x30, 0x6f, 0xed, + 0x6c, 0xec, 0x1c, 0x21, 0x49, 0x04, 0x51, 0xae, + 0xd0, 0x3f, 0xb1, 0xfb, 0x78, 0x1a, 0x6f, 0x35, + 0xc8, 0x3f, 0x4c, 0x43, 0x71, 0xe9, 0xb8, 0xd7, + 0x74, 0xca, 0x46, 0x68, 0xeb, 0xd9, 0xa3, 0x94, + 0x6e, 0x9d, 0xea, 0x57, 0x22, 0x1e, 0x15, 0x27, + 0x40, 0xd4, 0x0c, 0x32, 0x40, 0xc0, 0x40, 0x8a, + 0x1e, 0x2e, 0x1a, 0x58, 0x84, 0xa0, 0xc3, 0x68, + 0x96, 0xfe, 0xb0, 0x96, 0x6c, 0x04, 0x61, 0x35, + 0x4a, 0x78, 0xc5, 0xeb, 0x50, 0xca, 0xcb, 0x22, + 0x7b, 0x53, 0x02, 0xfa, 0x63, 0x28, 0x10, 0x68, + 0x77, 0xab, 0xda, 0x7d, 0xd1, 0xc2, 0x3f, 0x95, + 0xa6, 0x5a, 0x92, 0x56, 0xb3, 0xb0, 0x29, 0x7e, + 0x0c, 0xb3, 0xc9, 0x39, 0x0f, 0x1f, 0x51, 0x9d + }; + + WC_ALLOC_VAR_EX(plain, byte, CHACHA_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER, + ExpectNotNull(plain); goto cleanup); + WC_ALLOC_VAR_EX(cipher, byte, CHACHA_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER, + ExpectNotNull(cipher); goto cleanup); + + XMEMSET(plain, 0xa5, CHACHA_LEN); + for (i = 0; i < (int)sizeof(key); i++) { + key[i] = (byte)i; + } + for (i = 0; i < (int)sizeof(iv); i++) { + iv[i] = (byte)(i + 0x40); + } + + for (sz = 1; sz < CHACHA_LEN; sz++) { + ExpectIntEQ(wc_Chacha_SetKey(&enc, key, (word32)sizeof(key)), 0); + ExpectIntEQ(wc_Chacha_SetIV(&enc, iv, 0), 0); + + for (cnt = 0; cnt + sz <= CHACHA_LEN; cnt += sz) { + ExpectIntEQ(wc_Chacha_Process(&enc, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < CHACHA_LEN) { + ExpectIntEQ(wc_Chacha_Process(&enc, cipher + cnt, plain + cnt, + CHACHA_LEN - cnt), 0); + } + ExpectBufEQ(cipher, expected, (int)sizeof(expected)); + } + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC +cleanup: +#endif + WC_FREE_VAR_EX(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(cipher, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Chacha_Process */ + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_chacha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,9 +26,11 @@ int test_wc_Chacha_SetKey(void); int test_wc_Chacha_Process(void); +int test_wc_Chacha_Process_Chunking(void); -#define TEST_CHACHA_DECLS \ - TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey), \ - TEST_DECL_GROUP("chacha", test_wc_Chacha_Process) +#define TEST_CHACHA_DECLS \ + TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey), \ + TEST_DECL_GROUP("chacha", test_wc_Chacha_Process), \ + TEST_DECL_GROUP("chacha", test_wc_Chacha_Process_Chunking) #endif /* WOLFCRYPT_TEST_CHACHA_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_chacha20_poly1305.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -154,3 +154,132 @@ return EXPECT_RESULT(); } /* END test_wc_ChaCha20Poly1305_aead */ +/* + * Testing wc_XChaCha20Poly1305_Encrypt() and wc_XChaCha20Poly1305_Decrypt() + * Test vector from Draft IRTF CFRG XChaCha Appendix A.3 + */ +int test_wc_XChaCha20Poly1305_aead(void) +{ + EXPECT_DECLS; +#if defined(HAVE_POLY1305) && defined(HAVE_XCHACHA) + const byte key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + /* XChaCha uses a 24-byte nonce */ + const byte nonce[] = { + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 + }; + const byte plaintext[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + }; + const byte aad[] = { + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + }; + /* Expected combined ciphertext + 16-byte tag */ + const byte expected[] = { + 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, + 0x93, 0xc0, 0xe9, 0x39, 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, + 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb, 0x73, 0x1c, 0x7f, 0x1b, + 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39, + 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, + 0x12, 0x13, 0xb4, 0x52, 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, + 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e, 0x3f, 0x3f, 0xac, 0x2b, + 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9, + 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, + 0x15, 0xc6, 0x8b, 0x13, 0xb5, 0x2e, + /* Authentication Tag */ + 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, + 0x78, 0x0a, 0xcf, 0x49 + }; + + byte out[256]; + byte plain_out[256]; + word32 outLen = sizeof(plaintext) + 16; + + XMEMSET(out, 0, sizeof(out)); + XMEMSET(plain_out, 0, sizeof(plain_out)); + + /* Test Encrypt (One-shot) */ + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), 0); + ExpectIntEQ(XMEMCMP(out, expected, outLen), 0); + + /* Test Decrypt (One-shot) */ + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), 0); + ExpectIntEQ(XMEMCMP(plain_out, plaintext, sizeof(plaintext)), 0); + + /* Test Encrypt bad args. */ + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(NULL, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), NULL, + sizeof(plaintext), aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), NULL, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), NULL, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), nonce, sizeof(nonce), + NULL, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Wrong nonce size (12 instead of 24) */ + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), nonce, 12, + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Wrong key size */ + ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(out, sizeof(out), plaintext, + sizeof(plaintext), aad, sizeof(aad), nonce, sizeof(nonce), + key, 16), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test Decrypt bad args. */ + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(NULL, sizeof(plain_out), out, + outLen, aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), NULL, + outLen, aad, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, NULL, sizeof(aad), nonce, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, aad, sizeof(aad), NULL, sizeof(nonce), + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, aad, sizeof(aad), nonce, sizeof(nonce), + NULL, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Wrong nonce size (12 instead of 24) */ + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, aad, sizeof(aad), nonce, 12, + key, sizeof(key)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Wrong key size */ + ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(plain_out, sizeof(plain_out), out, + outLen, aad, sizeof(aad), nonce, sizeof(nonce), + key, 16), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_XChaCha20Poly1305_aead */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_chacha20_poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_chacha20_poly1305.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,8 +25,10 @@ #include int test_wc_ChaCha20Poly1305_aead(void); +int test_wc_XChaCha20Poly1305_aead(void); -#define TEST_CHACHA20_POLY1305_DECLS \ - TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead) +#define TEST_CHACHA20_POLY1305_DECLS \ + TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead), \ + TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_aead) #endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_cmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_cmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_cmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_cmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_cmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_curve25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_curve25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve448.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_curve448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve448.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_curve448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_curve448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_curve448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_des3.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_des3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_des3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_des3.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_des3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_des3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_des3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dh.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dh.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dh.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_digest.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_digest.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_digest.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_digest.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_digest.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -61,7 +61,7 @@ int test_wc_DsaSignVerify(void) { EXPECT_DECLS; -#if !defined(NO_DSA) +#if !defined(NO_DSA) && !defined(WC_FIPS_186_5_PLUS) DsaKey key; WC_RNG rng; wc_Sha sha; @@ -117,7 +117,7 @@ ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) /* hard set q to 0 and test fail case */ mp_free(&key.q); ExpectIntEQ(mp_init(&key.q), 0); @@ -130,7 +130,8 @@ DoExpectIntEQ(wc_FreeRng(&rng),0); wc_FreeDsaKey(&key); wc_ShaFree(&sha); -#endif +#endif /* !NO_DSA && !WC_FIPS_186_5_PLUS */ + return EXPECT_RESULT(); } /* END test_wc_DsaSign */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dtls.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dtls.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dtls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -918,7 +918,7 @@ ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 2)), 0); ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 2)), 0); ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords, - &length), 0); + ssl_c->dtls13Rtx.seenRecordsCount, &length), 0); /* must zero the span reserved for the header to avoid read of uninited * data. @@ -939,6 +939,124 @@ return EXPECT_RESULT(); } +int test_dtls13_ack_overflow(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + word32 length = 0; + int i; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Edge case 1: one below limit - all inserts must succeed */ + for (i = 0; i < DTLS13_ACK_MAX_RECORDS - 1; i++) { + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0), + w64From32(0, (word32)i)), 0); + } + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS - 1); + + /* Edge case 2: insert the last allowed record - must succeed */ + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0), + w64From32(0, (word32)(DTLS13_ACK_MAX_RECORDS - 1))), 0); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS); + + /* Writing a full-but-valid list must succeed */ + ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords, + ssl_c->dtls13Rtx.seenRecordsCount, &length), 0); + + /* Edge case 3: one over limit - must be silently dropped */ + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 0), + w64From32(0, (word32)DTLS13_ACK_MAX_RECORDS)), 0); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, DTLS13_ACK_MAX_RECORDS); + + /* Bypass the insert guard to force the list one element over the limit, + * then verify Dtls13WriteAckMessage errors out instead of overflowing */ + ssl_c->dtls13Rtx.seenRecordsCount = 0; + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 1), + w64From32(0, (word32)DTLS13_ACK_MAX_RECORDS)), 0); + ssl_c->dtls13Rtx.seenRecordsCount = (word16)(DTLS13_ACK_MAX_RECORDS + 1); + ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords, + ssl_c->dtls13Rtx.seenRecordsCount, &length), BUFFER_E); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_dtls13_ack_dup_write_counter(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && defined(HAVE_WRITE_DUP) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL *ssl_c2 = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int i; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* Drain any post-handshake messages */ + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Split ssl_c: ssl_c becomes READ_DUP_SIDE, ssl_c2 becomes WRITE_DUP_SIDE */ + ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c)); + + /* Cycle 1: add records, trigger handoff, verify counter is reset to 0 */ + for (i = 0; i < 5; i++) + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), + w64From32(0, (word32)i)), 0); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 5); + ssl_c->dtls13Rtx.sendAcks = 1; + ExpectIntEQ(Dtls13DoScheduledWork(ssl_c), 0); + /* seenRecords ownership was transferred to dupWrite->sendAckList; + * seenRecordsCount must be reset to 0, not left at 5. */ + ExpectNull(ssl_c->dtls13Rtx.seenRecords); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 0); + + /* Cycle 2 (different epoch to avoid the dup-filter): verify the counter + * did not accumulate across the previous transfer. Without the fix, + * seenRecordsCount would now be 10 after this second batch. */ + for (i = 0; i < 5; i++) + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 4), + w64From32(0, (word32)i)), 0); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 5); + ssl_c->dtls13Rtx.sendAcks = 1; + ExpectIntEQ(Dtls13DoScheduledWork(ssl_c), 0); + ExpectNull(ssl_c->dtls13Rtx.seenRecords); + ExpectIntEQ(ssl_c->dtls13Rtx.seenRecordsCount, 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + int test_dtls_version_checking(void) { EXPECT_DECLS; @@ -1487,6 +1605,125 @@ #endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_NO_TLS12) */ +int test_dtls_mtu_fragment_headroom(void) +{ +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS_MTU) && defined(HAVE_AESGCM) && defined(HAVE_ECC) && \ + !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) + EXPECT_DECLS; + struct { + method_provider client_meth; + method_provider server_meth; + const char* cipher; + int use_cid; + } params[] = { +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "TLS13-AES128-GCM-SHA256", 0 }, +#ifdef WOLFSSL_DTLS_CID + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "TLS13-AES128-GCM-SHA256", 1 }, +#endif +#endif +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-GCM-SHA256", 0 }, +#ifdef WOLFSSL_DTLS_CID + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-GCM-SHA256", 1 }, +#endif +#if !defined(WOLFSSL_AEAD_ONLY) && !defined(NO_AES) && !defined(NO_SHA) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-SHA", 0 }, +#ifdef WOLFSSL_DTLS_CID + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-SHA", 1 }, +#endif +#endif +#endif + }; + size_t i; + + for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char payload[33]; + word16 mtu; + int recordLen; + int overhead; + int ret; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + XMEMSET(payload, 'A', sizeof(payload)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), + 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i].cipher), 1); + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i].cipher), 1); + +#ifdef WOLFSSL_DTLS_CID + if (params[i].use_cid) { + unsigned char cid_c[] = { 0,1,2,3 }; + unsigned char cid_s[] = { 4,5,6,7,8,9 }; + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, cid_s, (int)sizeof(cid_s)), + 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, cid_c, (int)sizeof(cid_c)), + 1); + } +#endif + + /* Complete handshake and clear any leftover records. */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + test_memio_clear_buffer(&test_ctx, 1); + test_memio_clear_buffer(&test_ctx, 0); + + /* Measure application-data record overhead. */ + ExpectIntEQ(wolfSSL_write(ssl_c, payload, 32), 32); + ExpectIntEQ(test_ctx.s_msg_count, 1); + recordLen = test_ctx.s_len; + ExpectIntGT(recordLen, 32); + overhead = recordLen - 32; + + /* Reset buffers before MTU-limited send. */ + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + + /* Set MTU to overhead + 32 bytes of payload. */ + mtu = (word16)(overhead + 32); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_c, mtu), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_s, mtu), WOLFSSL_SUCCESS); + + /* With the tightened MTU, we should still be able to send 32 bytes. */ + ExpectIntEQ(wolfSSL_write(ssl_c, payload, 32), 32); + ExpectIntEQ(test_ctx.s_msg_count, 1); + recordLen = test_ctx.s_len; + ExpectIntEQ(recordLen, overhead + 32); + ExpectIntLE(recordLen, mtu); + + /* Underestimation: drop MTU by 1 and expect DTLS_SIZE_ERROR. */ + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_c, mtu - 1), WOLFSSL_SUCCESS); + ret = wolfSSL_write(ssl_c, payload, 32); + ExpectIntNE(ret, 32); + ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), DTLS_SIZE_ERROR); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } + return EXPECT_RESULT(); +#else + return TEST_SKIPPED; +#endif +} + int test_dtls_rtx_across_epoch_change(void) { EXPECT_DECLS; @@ -1495,6 +1732,43 @@ WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; +#if defined(WOLFSSL_HAVE_MLKEM) + /* When ML-KEM is used in the key share, the hello messages are fragmented + *into two messages */ + int helloMsgCount = 2; + int groups[2] = { + #if defined(HAVE_CURVE25519) && defined(WOLFSSL_PQC_HYBRIDS) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768) + WOLFSSL_X25519MLKEM768, + #elif defined(HAVE_ECC) && defined(WOLFSSL_PQC_HYBRIDS) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768) + WOLFSSL_SECP256R1MLKEM768, + #elif defined(HAVE_ECC) && defined(WOLFSSL_PQC_HYBRIDS) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_1024) + WOLFSSL_SECP384R1MLKEM1024, + #elif !defined(WOLFSSL_NO_ML_KEM_1024) && !defined(WOLFSSL_NO_ML_KEM) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_1024, + #elif !defined(WOLFSSL_NO_ML_KEM_768) && !defined(WOLFSSL_NO_ML_KEM) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_768, + #elif !defined(WOLFSSL_NO_ML_KEM_512) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + WOLFSSL_ML_KEM_512, + #elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER1024) + WOLFSSL_KYBER_LEVEL5, + #elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER768) + WOLFSSL_KYBER_LEVEL3, + #elif defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_KYBER512) + WOLFSSL_KYBER_LEVEL1, + #endif + WOLFSSL_ECC_SECP256R1, + }; +#else + /* When ECC is used in the key share, the hello messages are not + * fragmented */ + int helloMsgCount = 1; +#endif XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -1503,6 +1777,11 @@ wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); +#if defined(WOLFSSL_HAVE_MLKEM) + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, groups, 2), WOLFSSL_SUCCESS); +#endif + /* CH0 */ wolfSSL_SetLoggingPrefix("client:"); ExpectIntEQ(wolfSSL_connect(ssl_c), -1); @@ -1527,7 +1806,7 @@ ExpectIntGE(test_ctx.c_msg_count, 2); /* drop everything but the SH */ - while (test_ctx.c_msg_count > 1 && EXPECT_SUCCESS()) { + while (test_ctx.c_msg_count > helloMsgCount && EXPECT_SUCCESS()) { ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, test_ctx.c_msg_count - 1), 0); } @@ -2257,3 +2536,376 @@ #endif return EXPECT_RESULT(); } + +int test_dtls_mtu_split_messages(void) +{ +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_NO_DTLS_SIZE_CHECK) && \ + defined(HAVE_AESGCM) && defined(HAVE_ECC) + EXPECT_DECLS; + struct { + method_provider client_meth; + method_provider server_meth; + const char* cipher; + } params[] = { +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_TLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "TLS13-AES128-GCM-SHA256" }, +#endif +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-GCM-SHA256" }, +#if !defined(WOLFSSL_AEAD_ONLY) && !defined(NO_AES) && !defined(NO_SHA) + /* Block cipher test */ + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + "ECDHE-RSA-AES128-SHA" }, +#endif +#endif + }; + size_t i; + + for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + /* Payload larger than typical MTU to force splitting */ + unsigned char payload[200]; + unsigned char readBuf[200]; + word16 mtu; + int recordLen; + int overhead; + int totalRead; + int ret; + int j; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + XMEMSET(payload, 'A', sizeof(payload)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), + 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i].cipher), 1); + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i].cipher), 1); + + /* Complete handshake and clear any leftover records. */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + test_memio_clear_buffer(&test_ctx, 1); + test_memio_clear_buffer(&test_ctx, 0); + + /* Measure application-data record overhead with small payload. */ + ExpectIntEQ(wolfSSL_write(ssl_c, payload, 32), 32); + ExpectIntEQ(test_ctx.s_msg_count, 1); + recordLen = test_ctx.s_len; + ExpectIntGT(recordLen, 32); + overhead = recordLen - 32; + + /* Reset buffers before MTU-limited send. */ + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + + /* Set MTU to allow only ~50 bytes of payload per record. + * This ensures a 200-byte payload must be split into multiple msgs. */ + mtu = (word16)(overhead + 50); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_c, mtu), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_s, mtu), WOLFSSL_SUCCESS); + + /* Write payload larger than MTU allows in single record. + * With WOLFSSL_NO_DTLS_SIZE_CHECK, this should split into multiple + * messages instead of returning DTLS_SIZE_ERROR. */ + ExpectIntEQ(wolfSSL_write(ssl_c, payload, (int)sizeof(payload)), + (int)sizeof(payload)); + + /* Verify multiple messages were sent */ + ExpectIntGT(test_ctx.s_msg_count, 1); + + /* Each record should fit within MTU */ + for (j = 0; j < test_ctx.s_msg_count && EXPECT_SUCCESS(); j++) { + ExpectIntLE(test_ctx.s_msg_sizes[j], mtu); + } + + /* Read all data on server side and verify it matches */ + totalRead = 0; + while (totalRead < (int)sizeof(payload) && EXPECT_SUCCESS()) { + ret = wolfSSL_read(ssl_s, readBuf + totalRead, + (int)sizeof(readBuf) - totalRead); + if (ret > 0) { + totalRead += ret; + } + else { + break; + } + } + ExpectIntEQ(totalRead, (int)sizeof(payload)); + ExpectIntEQ(XMEMCMP(payload, readBuf, sizeof(payload)), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } + return EXPECT_RESULT(); +#else + return TEST_SKIPPED; +#endif +} + +/* Test DTLS 1.3 minimum retransmission interval. This test calls + * wolfSSL_dtls_got_timeout() to simulate timeouts and verify that + * retransmissions are spaced at least DTLS13_MIN_RTX_INTERVAL apart. + * This tests relies on timing of the retransmission logic so it may be + * flaky on very slow systems. + */ +int test_dtls13_min_rtx_interval(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS13) && !defined(DTLS13_MIN_RTX_INTERVAL) && \ + !defined(NO_ASN_TIME) + /* We don't want to test when DTLS13_MIN_RTX_INTERVAL is defined because + * it may be too low to trigger reliably in a test. The default value is + * 1 second which is sufficient for testing here. */ + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int c_msg_count = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS 1.3 contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* CH0 */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ); + + /* HRR */ + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ); + + /* CH1 */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ); + + /* SH ... FINISHED */ + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ); + + /* We should have SH ... FINISHED messages in the buffer */ + ExpectIntGE(test_ctx.c_msg_count, 2); + + /* Drop everything */ + test_memio_clear_buffer(&test_ctx, 1); + + /* First timeout. This one should trigger a retransmission */ + if (wolfSSL_dtls13_use_quick_timeout(ssl_s)) + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), WOLFSSL_SUCCESS); + /* Save the message count to make sure no new messages are sent */ + ExpectIntGE(test_ctx.c_msg_count, 2); + c_msg_count = test_ctx.c_msg_count; + + /* Second timeout. This one should not trigger a retransmission */ + if (wolfSSL_dtls13_use_quick_timeout(ssl_s)) + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), WOLFSSL_SUCCESS); + /* This is the critical check. The message count should not increase + * after the second timeout. DTLS13_MIN_RTX_INTERVAL should have blocked + * retransmission here. */ + ExpectIntEQ(c_msg_count, test_ctx.c_msg_count); + + /* Now complete the handshake. We didn't clear the first retransmission + * so the handshake should proceed without issues. */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Cleanup */ + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +/* RFC 9147 Section 5.3: DTLS 1.3 ServerHello must have empty + * legacy_session_id_echo, even if the ClientHello had a non-empty + * legacy_session_id. */ +int test_dtls13_no_session_id_echo(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) && \ + defined(HAVE_SESSION_TICKET) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL_SESSION *sess = NULL; + char readBuf[1]; + /* Use traditional groups to avoid HRR from PQ key share mismatch */ + int groups[] = { + WOLFSSL_ECC_SECP256R1, + WOLFSSL_ECC_SECP384R1, + }; + + /* First connection: complete a DTLS 1.3 handshake to get a session */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Read to process any NewSessionTicket */ + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + + /* Ensure the session has a non-empty session ID so the ClientHello + * will have a populated legacy_session_id field (which is legal per + * RFC 9147). */ + if (sess != NULL && sess->sessionIDSz == 0) { + sess->sessionIDSz = ID_LEN; + XMEMSET(sess->sessionID, 0x42, ID_LEN); + } + + wolfSSL_free(ssl_c); ssl_c = NULL; + wolfSSL_free(ssl_s); ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); ctx_c = NULL; + wolfSSL_CTX_free(ctx_s); ctx_s = NULL; + + /* Second connection: set the session on the client so the ClientHello + * contains a non-empty legacy_session_id. Verify the server does NOT + * echo it in the ServerHello. */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); + /* Use traditional groups to avoid HRR from key share mismatch */ + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS); + /* Disable HRR cookie so the server directly sends a ServerHello */ + ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); + + /* Client sends ClientHello (with non-empty legacy_session_id) */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Server processes ClientHello and sends ServerHello + flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Verify the ServerHello on the wire. + * Layout: DTLS Record Header (13) + DTLS Handshake Header (12) + + * ProtocolVersion (2) + Random (32) = offset 59 for + * legacy_session_id_echo length byte. */ + ExpectIntGE(test_ctx.c_len, 60); + ExpectIntEQ(test_ctx.c_buff[0], handshake); + ExpectIntEQ(test_ctx.c_buff[DTLS_RECORD_HEADER_SZ], server_hello); + ExpectIntEQ(test_ctx.c_buff[DTLS_RECORD_HEADER_SZ + + DTLS_HANDSHAKE_HEADER_SZ + OPAQUE16_LEN + RAN_LEN], 0); + + /* Complete the handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +/* Test that a DTLS 1.3 handshake with an oversized certificate chain does + * not crash or cause out-of-bounds access in SendTls13Certificate. */ +int test_dtls13_oversized_cert_chain(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + XFILE f = XBADFILE; + long sz = 0; + byte *cert = NULL; + byte *chain = NULL; + int copies, off, i; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Read server cert */ + f = XFOPEN(svrCertFile, "rb"); + ExpectTrue(f != XBADFILE); + if (EXPECT_SUCCESS()) { + (void)XFSEEK(f, 0, XSEEK_END); + sz = XFTELL(f); + (void)XFSEEK(f, 0, XSEEK_SET); + } + ExpectTrue(sz > 0); + cert = (byte*)XMALLOC((size_t)(sz + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(cert); + if (EXPECT_SUCCESS()) + ExpectIntEQ((int)XFREAD(cert, 1, (size_t)sz, f), (int)sz); + if (f != XBADFILE) + XFCLOSE(f); + + /* Build an oversized chain by duplicating the cert */ + copies = EXPECT_SUCCESS() ? (int)(70000 / sz) + 2 : 0; + chain = (byte*)XMALLOC((size_t)(sz * copies + 1), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(chain); + off = 0; + if (EXPECT_SUCCESS()) { + for (i = 0; i < copies; i++) { + XMEMCPY(chain + off, cert, (size_t)sz); + off += (int)sz; + } + } + + /* Server context: load the oversized chain */ + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfDTLSv1_3_server_method())); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx_s, + chain, (long)off), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIORecv(ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(ctx_s, test_memio_write_cb); + } + + /* Client context: no verification (chain certs are duplicates) */ + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfDTLSv1_3_client_method())); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx_c, WOLFSSL_VERIFY_NONE, NULL); + wolfSSL_SetIORecv(ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(ctx_c, test_memio_write_cb); + } + + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); + } + + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + } + + /* Handshake must not crash. If SendTls13Certificate mishandles the + * oversized chain this will trigger a wild pointer dereference or stack + * overflow resulting with the test failing. + * The correct behaviour either returns BUFFER_E or succeeds + * if the build config truncated the chain during loading. */ + (void)test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(chain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dtls.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_dtls.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_dtls.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_dtls.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,8 @@ int test_wolfSSL_dtls_set_pending_peer(void); int test_dtls13_epochs(void); int test_dtls13_ack_order(void); +int test_dtls13_ack_overflow(void); +int test_dtls13_ack_dup_write_counter(void); int test_dtls_version_checking(void); int test_dtls_short_ciphertext(void); int test_dtls12_record_length_mismatch(void); @@ -47,6 +49,11 @@ int test_dtls_certreq_order(void); int test_dtls_memio_wolfio(void); int test_dtls_memio_wolfio_stateless(void); +int test_dtls_mtu_fragment_headroom(void); +int test_dtls_mtu_split_messages(void); +int test_dtls13_min_rtx_interval(void); +int test_dtls13_no_session_id_echo(void); +int test_dtls13_oversized_cert_chain(void); #define TEST_DTLS_DECLS \ TEST_DECL_GROUP("dtls", test_dtls12_basic_connection_id), \ @@ -57,6 +64,8 @@ TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_pending_peer), \ TEST_DECL_GROUP("dtls", test_dtls13_epochs), \ TEST_DECL_GROUP("dtls", test_dtls13_ack_order), \ + TEST_DECL_GROUP("dtls", test_dtls13_ack_overflow), \ + TEST_DECL_GROUP("dtls", test_dtls13_ack_dup_write_counter), \ TEST_DECL_GROUP("dtls", test_dtls_version_checking), \ TEST_DECL_GROUP("dtls", test_dtls_short_ciphertext), \ TEST_DECL_GROUP("dtls", test_dtls12_record_length_mismatch), \ @@ -73,5 +82,10 @@ TEST_DECL_GROUP("dtls", test_dtls_certreq_order), \ TEST_DECL_GROUP("dtls", test_dtls_timeout), \ TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio), \ - TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless) + TEST_DECL_GROUP("dtls", test_dtls_mtu_fragment_headroom), \ + TEST_DECL_GROUP("dtls", test_dtls_mtu_split_messages), \ + TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless), \ + TEST_DECL_GROUP("dtls", test_dtls13_min_rtx_interval), \ + TEST_DECL_GROUP("dtls", test_dtls13_no_session_id_echo), \ + TEST_DECL_GROUP("dtls", test_dtls13_oversized_cert_chain) #endif /* TESTS_API_DTLS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ecc.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ecc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ecc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -676,7 +676,8 @@ WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3)) +#if (defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3)))\ + || defined(HAVE_SELFTEST) ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), WC_NO_ERR_TRACE(BUFFER_E)); #else @@ -1313,6 +1314,7 @@ #ifdef WOLFSSL_ECIES_OLD tmpKey.dp = cliKey.dp; + tmpKey.idx = cliKey.idx; ExpectIntEQ(wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey), 0); #endif @@ -1444,7 +1446,6 @@ #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) -#ifdef USE_ECC_B_PARAM /* On curve if ret == 0 */ ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0); /* Test bad args. */ @@ -1452,7 +1453,6 @@ WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); -#endif /* USE_ECC_B_PARAM */ #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ /* Free */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ecc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ecc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ed25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -170,6 +170,52 @@ } /* END test_wc_ed25519_sign_msg */ /* + * Test that wc_ed25519_sign_msg() rejects a public-key-only key object. + * A key with pubKeySet=1 but privKeySet=0 must not silently sign. + */ +int test_wc_ed25519_sign_msg_pubonly_fails(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0) +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) && \ + defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key fullKey; + ed25519_key pubOnlyKey; + WC_RNG rng; + byte pubBuf[ED25519_PUB_KEY_SIZE]; + word32 pubSz = sizeof(pubBuf); + byte msg[] = "test message for pubonly check"; + byte sig[ED25519_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + XMEMSET(&fullKey, 0, sizeof(fullKey)); + XMEMSET(&pubOnlyKey, 0, sizeof(pubOnlyKey)); + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_ed25519_init(&fullKey), 0); + ExpectIntEQ(wc_ed25519_init(&pubOnlyKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Generate a real key pair and export its public key. */ + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &fullKey), 0); + ExpectIntEQ(wc_ed25519_export_public(&fullKey, pubBuf, &pubSz), 0); + + /* Import only the public key into a fresh key object. */ + ExpectIntEQ(wc_ed25519_import_public(pubBuf, pubSz, &pubOnlyKey), 0); + + /* Signing with a public-key-only object must fail. */ + ExpectIntEQ(wc_ed25519_sign_msg(msg, sizeof(msg), sig, &sigLen, + &pubOnlyKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&pubOnlyKey); + wc_ed25519_free(&fullKey); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_sign_msg_pubonly_fails */ + +/* * Testing wc_ed25519_import_public() */ int test_wc_ed25519_import_public(void) @@ -489,8 +535,16 @@ ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_ed25519_init(&key), 0); +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(7,0,0) + if (EXPECT_SUCCESS()) { + int ret = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(BUFFER_E)) || + (ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E))); + } +#else ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), - WC_NO_ERR_TRACE(BUFFER_E)); + WC_NO_ERR_TRACE(PUBLIC_KEY_E)); +#endif wc_ed25519_free(&key); /* Test good args */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ed25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,7 @@ int test_wc_ed25519_make_key(void); int test_wc_ed25519_init(void); int test_wc_ed25519_sign_msg(void); +int test_wc_ed25519_sign_msg_pubonly_fails(void); int test_wc_ed25519_import_public(void); int test_wc_ed25519_import_private_key(void); int test_wc_ed25519_export(void); @@ -40,6 +41,7 @@ TEST_DECL_GROUP("ed25519", test_wc_ed25519_make_key), \ TEST_DECL_GROUP("ed25519", test_wc_ed25519_init), \ TEST_DECL_GROUP("ed25519", test_wc_ed25519_sign_msg), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_sign_msg_pubonly_fails), \ TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_public), \ TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_private_key), \ TEST_DECL_GROUP("ed25519", test_wc_ed25519_export), \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed448.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ed448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -163,6 +163,52 @@ } /* END test_wc_ed448_sign_msg */ /* + * Test that wc_ed448_sign_msg() rejects a public-key-only key object. + * A key with pubKeySet=1 but privKeySet=0 must not silently sign. + */ +int test_wc_ed448_sign_msg_pubonly_fails(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0) +#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) && \ + defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key fullKey; + ed448_key pubOnlyKey; + WC_RNG rng; + byte pubBuf[ED448_PUB_KEY_SIZE]; + word32 pubSz = sizeof(pubBuf); + byte msg[] = "test message for pubonly check"; + byte sig[ED448_SIG_SIZE]; + word32 sigLen = sizeof(sig); + + XMEMSET(&fullKey, 0, sizeof(fullKey)); + XMEMSET(&pubOnlyKey, 0, sizeof(pubOnlyKey)); + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_ed448_init(&fullKey), 0); + ExpectIntEQ(wc_ed448_init(&pubOnlyKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Generate a real key pair and export its public key. */ + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &fullKey), 0); + ExpectIntEQ(wc_ed448_export_public(&fullKey, pubBuf, &pubSz), 0); + + /* Import only the public key into a fresh key object. */ + ExpectIntEQ(wc_ed448_import_public(pubBuf, pubSz, &pubOnlyKey), 0); + + /* Signing with a public-key-only object must fail. */ + ExpectIntEQ(wc_ed448_sign_msg(msg, sizeof(msg), sig, &sigLen, + &pubOnlyKey, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&pubOnlyKey); + wc_ed448_free(&fullKey); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_sign_msg_pubonly_fails */ + +/* * Testing wc_ed448_import_public() */ int test_wc_ed448_import_public(void) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed448.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ed448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ed448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ed448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,7 @@ int test_wc_ed448_make_key(void); int test_wc_ed448_init(void); int test_wc_ed448_sign_msg(void); +int test_wc_ed448_sign_msg_pubonly_fails(void); int test_wc_ed448_import_public(void); int test_wc_ed448_import_private_key(void); int test_wc_ed448_export(void); @@ -40,6 +41,7 @@ TEST_DECL_GROUP("ed448", test_wc_ed448_make_key), \ TEST_DECL_GROUP("ed448", test_wc_ed448_init), \ TEST_DECL_GROUP("ed448", test_wc_ed448_sign_msg), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_sign_msg_pubonly_fails), \ TEST_DECL_GROUP("ed448", test_wc_ed448_import_public), \ TEST_DECL_GROUP("ed448", test_wc_ed448_import_private_key), \ TEST_DECL_GROUP("ed448", test_wc_ed448_export), \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_evp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,75 +26,546 @@ #include #include -/* Test for NULL_CIPHER_TYPE in wolfSSL_EVP_CipherUpdate() */ -int test_wolfSSL_EVP_CipherUpdate_Null(void) +/* Test functions for base64 encode/decode */ +int test_wolfSSL_EVP_ENCODE_CTX_new(void) { EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - WOLFSSL_EVP_CIPHER_CTX* ctx; - const char* testData = "Test NULL cipher data"; - unsigned char output[100]; - int outputLen = 0; - int testDataLen = (int)XSTRLEN(testData); - - /* Create and initialize the cipher context */ - ctx = wolfSSL_EVP_CIPHER_CTX_new(); - ExpectNotNull(ctx); - - /* Initialize with NULL cipher */ - ExpectIntEQ(wolfSSL_EVP_CipherInit_ex(ctx, wolfSSL_EVP_enc_null(), - NULL, NULL, NULL, 1), WOLFSSL_SUCCESS); - - /* Test encryption (which should just copy the data) */ - ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, output, &outputLen, - (const unsigned char*)testData, - testDataLen), WOLFSSL_SUCCESS); - - /* Verify output length matches input length */ - ExpectIntEQ(outputLen, testDataLen); +#if defined(OPENSSL_EXTRA) && \ +( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ(ctx->remaining,0); + ExpectIntEQ(ctx->data[0],0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1],0); + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_ENCODE_CTX_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && \ +( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ + return EXPECT_RESULT(); +} - /* Verify output data matches input data (no encryption occurred) */ - ExpectIntEQ(XMEMCMP(output, testData, testDataLen), 0); +int test_wolfSSL_EVP_EncodeInit(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + EVP_ENCODE_CTX* ctx = NULL; - /* Clean up */ - wolfSSL_EVP_CIPHER_CTX_free(ctx); -#endif /* OPENSSL_EXTRA */ + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ(ctx->remaining, 0); + ExpectIntEQ(ctx->data[0], 0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); + + if (ctx != NULL) { + /* make ctx dirty */ + ctx->remaining = 10; + XMEMSET(ctx->data, 0x77, sizeof(ctx->data)); + } + + EVP_EncodeInit(ctx); + + ExpectIntEQ(ctx->remaining, 0); + ExpectIntEQ(ctx->data[0], 0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ return EXPECT_RESULT(); } -/* Test for wolfSSL_EVP_CIPHER_type_string() */ -int test_wolfSSL_EVP_CIPHER_type_string(void) +int test_wolfSSL_EVP_EncodeUpdate(void) { EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - const char* cipherStr; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + int outl; + int total; + + const unsigned char plain0[] = {"Th"}; + const unsigned char plain1[] = {"This is a base64 encodeing test."}; + const unsigned char plain2[] = {"This is additional data."}; + + const unsigned char encBlock0[] = {"VGg="}; + const unsigned char enc0[] = {"VGg=\n"}; + /* expected encoded result for the first output 64 chars plus trailing LF*/ + const unsigned char enc1[] = { + "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n" + }; + + const unsigned char enc2[] = { + "VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n" + "YWwgZGF0YS4=\n" + }; + + unsigned char encOutBuff[300]; + + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + + EVP_EncodeInit(ctx); + + /* illegal parameter test */ + ExpectIntEQ( + EVP_EncodeUpdate( + NULL, /* pass NULL as ctx */ + encOutBuff, + &outl, + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + NULL, /* pass NULL as out buff */ + &outl, + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + NULL, /* pass NULL as outl */ + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + NULL, /* pass NULL as in */ + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1); + + /* meaningless parameter test */ + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + plain1, + 0), /* pass zero input */ + 1 /* expected result code 1: success */ + ); + + /* very small data encoding test */ + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + plain0, + sizeof(plain0)-1), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl,0); + + if (EXPECT_SUCCESS()) { + EVP_EncodeFinal( + ctx, + encOutBuff + outl, + &outl); + } + + ExpectIntEQ( outl, sizeof(enc0)-1); + ExpectIntEQ( + XSTRNCMP( + (const char*)encOutBuff, + (const char*)enc0,sizeof(enc0) ), + 0); + + XMEMSET( encOutBuff,0, sizeof(encOutBuff)); + ExpectIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1), + sizeof(encBlock0)-1); + ExpectStrEQ(encOutBuff, encBlock0); + + /* pass small size( < 48bytes ) input, then make sure they are not + * encoded and just stored in ctx + */ + + EVP_EncodeInit(ctx); + + total = 0; + outl = 0; + XMEMSET( encOutBuff,0, sizeof(encOutBuff)); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, /* buffer for output */ + &outl, /* size of output */ + plain1, /* input */ + sizeof(plain1)-1), /* size of input */ + 1); /* expected result code 1:success */ + + total += outl; + + ExpectIntEQ(outl, 0); /* no output expected */ + ExpectIntEQ(ctx->remaining, sizeof(plain1) -1); + ExpectTrue( + XSTRNCMP((const char*)(ctx->data), + (const char*)plain1, + ctx->remaining) ==0 ); + ExpectTrue(encOutBuff[0] == 0); + + /* call wolfSSL_EVP_EncodeUpdate again to make it encode + * the stored data and the new input together + */ + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff + outl, /* buffer for output */ + &outl, /* size of output */ + plain2, /* additional input */ + sizeof(plain2) -1), /* size of additional input */ + 1); /* expected result code 1:success */ + + total += outl; + + ExpectIntNE(outl, 0); /* some output is expected this time*/ + ExpectIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */ + ExpectIntEQ( + XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0); + + /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */ + EVP_EncodeFinal( + ctx, + encOutBuff + outl, + &outl); + + total += outl; + + ExpectIntNE(total,0); + ExpectIntNE(outl,0); + ExpectIntEQ(XSTRNCMP( + (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0); + + /* test with illeagal parameters */ + outl = 1; + EVP_EncodeFinal(NULL, encOutBuff + outl, &outl); + ExpectIntEQ(outl, 0); + outl = 1; + EVP_EncodeFinal(ctx, NULL, &outl); + ExpectIntEQ(outl, 0); + EVP_EncodeFinal(ctx, encOutBuff + outl, NULL); + EVP_EncodeFinal(NULL, NULL, NULL); - /* Test with valid cipher types */ -#ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_AES_128_CBC_TYPE); - ExpectNotNull(cipherStr); - ExpectStrEQ(cipherStr, "AES-128-CBC"); - #endif -#endif + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_EncodeFinal(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + /* tests for wolfSSL_EVP_EncodeFinal are included in + * test_wolfSSL_EVP_EncodeUpdate + */ + res = TEST_SUCCESS; +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ + return res; +} -#ifndef NO_DES3 - cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_DES_CBC_TYPE); - ExpectNotNull(cipherStr); - ExpectStrEQ(cipherStr, "DES-CBC"); -#endif - /* Test with NULL cipher type */ - cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_NULL_CIPHER_TYPE); - ExpectNotNull(cipherStr); - ExpectStrEQ(cipherStr, "NULL"); +int test_wolfSSL_EVP_DecodeInit(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull( ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ( ctx->remaining,0); + ExpectIntEQ( ctx->data[0],0); + ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); + + if (ctx != NULL) { + /* make ctx dirty */ + ctx->remaining = 10; + XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); + } + + EVP_DecodeInit(ctx); + + ExpectIntEQ( ctx->remaining,0); + ExpectIntEQ( ctx->data[0],0); + ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); - /* Test with invalid cipher type */ - cipherStr = wolfSSL_EVP_CIPHER_type_string(0xFFFF); - ExpectNull(cipherStr); -#endif /* OPENSSL_EXTRA */ + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_DecodeUpdate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + int outl; + unsigned char decOutBuff[300]; + + EVP_ENCODE_CTX* ctx = NULL; + + static const unsigned char enc1[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; +/* const unsigned char plain1[] = + {"This is a base64 decoding test."} */ + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + + EVP_DecodeInit(ctx); + + /* illegal parameter tests */ + + /* pass NULL as ctx */ + ExpectIntEQ( + EVP_DecodeUpdate( + NULL, /* pass NULL as ctx */ + decOutBuff, + &outl, + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + /* pass NULL as output */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + NULL, /* pass NULL as out buff */ + &outl, + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + /* pass NULL as outl */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + NULL, /* pass NULL as outl */ + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + + /* pass NULL as input */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + NULL, /* pass NULL as in */ + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + ExpectIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1); + + /* pass zero length input */ + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc1, + 0), /* pass zero as input len */ + 1 /* expected result code 1: success */ + ); + + /* decode correct base64 string */ + + { + static const unsigned char enc2[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; + static const unsigned char plain2[] = + {"This is a base64 decoding test."}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc2, + sizeof(enc2)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain2) -1); + + ExpectIntEQ( + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl, 0); /* expected DecodeFinal output no data */ + + ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, + sizeof(plain2) -1 ),0); + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)), + sizeof(plain2)-1); + ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, + sizeof(plain2) -1 ),0); + } + + /* decode correct base64 string which does not have '\n' in its last*/ + + { + static const unsigned char enc3[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */ + static const unsigned char plain3[] = + {"This is a base64 decoding test."}; /* 31 chars */ + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc3, + sizeof(enc3)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */ + + ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, + sizeof(plain3) -1 ),0); + + ExpectIntEQ( + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl), + 1 /* expected result code 1: success */ + ); + + ExpectIntEQ(outl,0 ); + + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1), + sizeof(plain3)-1); + ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, + sizeof(plain3) -1 ),0); + } + + /* decode string which has a padding char ('=') in the illegal position*/ + + { + static const unsigned char enc4[] = + {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc4, + sizeof(enc4)-1), + -1 /* expected result code -1: error */ + ); + ExpectIntEQ(outl,0); + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1); + } + + /* small data decode test */ + + { + static const unsigned char enc00[] = {"VG"}; + static const unsigned char enc01[] = {"g=\n"}; + static const unsigned char plain4[] = {"Th"}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc00, + sizeof(enc00)-1), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl,0); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff + outl, + &outl, + enc01, + sizeof(enc01)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain4)-1); + + /* test with illegal parameters */ + ExpectIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1); + ExpectIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1); + ExpectIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1); + ExpectIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1); + + if (EXPECT_SUCCESS()) { + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl); + } + + ExpectIntEQ( outl, 0); + ExpectIntEQ( + XSTRNCMP( + (const char*)decOutBuff, + (const char*)plain4,sizeof(plain4)-1 ), + 0); + } + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ return EXPECT_RESULT(); } +int test_wolfSSL_EVP_DecodeFinal(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + /* tests for wolfSSL_EVP_DecodeFinal are included in + * test_wolfSSL_EVP_DecodeUpdate + */ + res = TEST_SUCCESS; +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ + return res; +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_evp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,7 +22,25 @@ #ifndef WOLFSSL_TEST_EVP_H #define WOLFSSL_TEST_EVP_H -int test_wolfSSL_EVP_CipherUpdate_Null(void); -int test_wolfSSL_EVP_CIPHER_type_string(void); +#include + +int test_wolfSSL_EVP_ENCODE_CTX_new(void); +int test_wolfSSL_EVP_ENCODE_CTX_free(void); +int test_wolfSSL_EVP_EncodeInit(void); +int test_wolfSSL_EVP_EncodeUpdate(void); +int test_wolfSSL_EVP_EncodeFinal(void); +int test_wolfSSL_EVP_DecodeInit(void); +int test_wolfSSL_EVP_DecodeUpdate(void); +int test_wolfSSL_EVP_DecodeFinal(void); + +#define TEST_EVP_ENC_DECLS \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_ENCODE_CTX_new), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_ENCODE_CTX_free), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_EncodeInit), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_EncodeUpdate), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_EncodeFinal), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_DecodeInit), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_DecodeUpdate), \ + TEST_DECL_GROUP("evp_enc", test_wolfSSL_EVP_DecodeFinal) #endif /* WOLFSSL_TEST_EVP_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2866 @@ +/* test_evp_cipher.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) + #include +#endif + + +int test_wolfSSL_EVP_CIPHER_CTX(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(OPENSSL_EXTRA) + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + const EVP_CIPHER *init = EVP_aes_128_cbc(); + const EVP_CIPHER *test; + byte key[AES_BLOCK_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + + ExpectNotNull(ctx); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + test = EVP_CIPHER_CTX_cipher(ctx); + ExpectTrue(init == test); + ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc); + + ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + EVP_CIPHER_CTX_free(ctx); + /* test EVP_CIPHER_CTX_cleanup with NULL */ + ExpectIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS); +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + /* This is large enough to be used for all key sizes */ + byte key[AES_256_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int i; + int nids[] = { + #ifdef HAVE_AES_CBC + NID_aes_128_cbc, + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + NID_aes_128_gcm, + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + NID_aes_128_ctr, + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + }; + int iv_lengths[] = { + #ifdef HAVE_AES_CBC + AES_BLOCK_SIZE, + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + GCM_NONCE_MID_SZ, + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + AES_BLOCK_SIZE, + #endif + #ifndef NO_DES3 + DES_BLOCK_SIZE, + DES_BLOCK_SIZE, + #endif + }; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER* init = wolfSSL_EVP_get_cipherbynid(nids[i]); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]); + + EVP_CIPHER_CTX_free(ctx); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_CIPHER_CTX_key_length(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + byte key[AES_256_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int i; + int nids[] = { + #ifdef HAVE_AES_CBC + NID_aes_128_cbc, + #ifdef WOLFSSL_AES_256 + NID_aes_256_cbc, + #endif + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + NID_aes_128_gcm, + #ifdef WOLFSSL_AES_256 + NID_aes_256_gcm, + #endif + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + NID_aes_128_ctr, + #ifdef WOLFSSL_AES_256 + NID_aes_256_ctr, + #endif + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + }; + int key_lengths[] = { + #ifdef HAVE_AES_CBC + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #ifndef NO_DES3 + DES_KEY_SIZE, + DES3_KEY_SIZE, + #endif + }; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER *init = wolfSSL_EVP_get_cipherbynid(nids[i]); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), key_lengths[i]); + + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, key_lengths[i]), + WOLFSSL_SUCCESS); + + EVP_CIPHER_CTX_free(ctx); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && !defined(NO_DES3) && defined(OPENSSL_ALL) + int ivLen, keyLen; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); +#ifdef HAVE_AESGCM + byte key[AES_128_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + const EVP_CIPHER *init = EVP_aes_128_gcm(); +#else + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_BLOCK_SIZE] = {0}; + const EVP_CIPHER *init = EVP_des_ede3_cbc(); +#endif + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1); + + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_get_cipherbynid(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA +#ifndef NO_AES + const WOLFSSL_EVP_CIPHER* c; + + c = wolfSSL_EVP_get_cipherbynid(419); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(423); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(427); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(904); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(905); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(906); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(418); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_ECB", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(422); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_ECB", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(426); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_ECB", c)); + #else + ExpectNull(c); + #endif +#endif /* !NO_AES */ + +#ifndef NO_DES3 + ExpectNotNull(XSTRCMP("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31))); +#ifdef WOLFSSL_DES_ECB + ExpectNotNull(XSTRCMP("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29))); +#endif + ExpectNotNull(XSTRCMP("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44))); +#ifdef WOLFSSL_DES_ECB + ExpectNotNull(XSTRCMP("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33))); +#endif +#endif /* !NO_DES3 */ + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ExpectNotNull(XSTRCMP("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018))); +#endif + + /* test for nid is out of range */ + ExpectNull(wolfSSL_EVP_get_cipherbynid(1)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_CIPHER_block_size(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE); + #endif +#endif + +#ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1); + #endif +#endif + +#ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1); + #endif +#endif + +#ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1); + #endif +#endif + +#ifdef HAVE_AES_ECB + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE); + #endif +#endif + +#ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1); + #endif +#endif + +#ifndef NO_RC4 + ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1); +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1); +#endif + +#ifdef WOLFSSL_SM4_ECB + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ecb()), SM4_BLOCK_SIZE); +#endif +#ifdef WOLFSSL_SM4_CBC + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_cbc()), SM4_BLOCK_SIZE); +#endif +#ifdef WOLFSSL_SM4_CTR + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ctr()), 1); +#endif +#ifdef WOLFSSL_SM4_GCM + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_gcm()), 1); +#endif +#ifdef WOLFSSL_SM4_CCM + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ccm()), 1); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_CIPHER_iv_length(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + int nids[] = { + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + NID_aes_128_cbc, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_cbc, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_cbc, + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + NID_aes_128_gcm, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_gcm, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_gcm, + #endif + #endif /* HAVE_AESGCM */ + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + NID_aes_128_ctr, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_ctr, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_ctr, + #endif + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + NID_chacha20_poly1305, + #endif + }; + int iv_lengths[] = { + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_192 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_256 + AES_BLOCK_SIZE, + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + GCM_NONCE_MID_SZ, + #endif + #ifdef WOLFSSL_AES_192 + GCM_NONCE_MID_SZ, + #endif + #ifdef WOLFSSL_AES_256 + GCM_NONCE_MID_SZ, + #endif + #endif /* HAVE_AESGCM */ + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_192 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_256 + AES_BLOCK_SIZE, + #endif + #endif + #ifndef NO_DES3 + DES_BLOCK_SIZE, + DES_BLOCK_SIZE, + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + CHACHA20_POLY1305_AEAD_IV_SIZE, + #endif + }; + int i; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER *c = EVP_get_cipherbynid(nids[i]); + ExpectIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); + } +#endif + return EXPECT_RESULT(); +} + +/* Test for NULL_CIPHER_TYPE in wolfSSL_EVP_CipherUpdate() */ +int test_wolfSSL_EVP_CipherUpdate_Null(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_EVP_CIPHER_CTX* ctx; + const char* testData = "Test NULL cipher data"; + unsigned char output[100]; + int outputLen = 0; + int testDataLen = (int)XSTRLEN(testData); + + /* Create and initialize the cipher context */ + ctx = wolfSSL_EVP_CIPHER_CTX_new(); + ExpectNotNull(ctx); + + /* Initialize with NULL cipher */ + ExpectIntEQ(wolfSSL_EVP_CipherInit_ex(ctx, wolfSSL_EVP_enc_null(), + NULL, NULL, NULL, 1), WOLFSSL_SUCCESS); + + /* Test encryption (which should just copy the data) */ + ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, output, &outputLen, + (const unsigned char*)testData, + testDataLen), WOLFSSL_SUCCESS); + + /* Verify output length matches input length */ + ExpectIntEQ(outputLen, testDataLen); + + /* Verify output data matches input data (no encryption occurred) */ + ExpectIntEQ(XMEMCMP(output, testData, testDataLen), 0); + + /* Clean up */ + wolfSSL_EVP_CIPHER_CTX_free(ctx); +#endif /* OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + +/* Test for wolfSSL_EVP_CIPHER_type_string() */ +int test_wolfSSL_EVP_CIPHER_type_string(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const char* cipherStr; + + /* Test with valid cipher types */ +#ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_AES_128_CBC_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "AES-128-CBC"); + #endif +#endif + +#ifndef NO_DES3 + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_DES_CBC_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "DES-CBC"); +#endif + + /* Test with NULL cipher type */ + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_NULL_CIPHER_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "NULL"); + + /* Test with invalid cipher type */ + cipherStr = wolfSSL_EVP_CIPHER_type_string(0xFFFF); + ExpectNull(cipherStr); +#endif /* OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_BytesToKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_ALL) + byte key[AES_BLOCK_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int count = 0; + const EVP_MD* md = EVP_sha256(); + const EVP_CIPHER *type; + const unsigned char *salt = (unsigned char *)"salt1234"; + int sz = 5; + const byte data[] = { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); + + /* Bad cases */ + ExpectIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), + 0); + ExpectIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), + 16); + md = "2"; + ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + md = EVP_sha256(); + ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + 16); +#endif + return EXPECT_RESULT(); +} + +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\ + (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)) +static void binary_dump(void *ptr, int size) +{ + #ifdef WOLFSSL_EVP_PRINT + int i = 0; + unsigned char *p = (unsigned char *) ptr; + + fprintf(stderr, "{"); + while ((p != NULL) && (i < size)) { + if ((i % 8) == 0) { + fprintf(stderr, "\n"); + fprintf(stderr, " "); + } + fprintf(stderr, "0x%02x, ", p[i]); + i++; + } + fprintf(stderr, "\n};\n"); + #else + (void) ptr; + (void) size; + #endif +} + +static int last_val = 0x0f; + +static int check_result(unsigned char *data, int len) +{ + int i; + + for ( ; len; ) { + last_val = (last_val + 1) % 16; + for (i = 0; i < 16; len--, i++, data++) + if (*data != last_val) { + return -1; + } + } + return 0; +} + +static int r_offset; +static int w_offset; + +static void init_offset(void) +{ + r_offset = 0; + w_offset = 0; +} + +static void get_record(unsigned char *data, unsigned char *buf, int len) +{ + XMEMCPY(buf, data+r_offset, len); + r_offset += len; +} + +static void set_record(unsigned char *data, unsigned char *buf, int len) +{ + XMEMCPY(data+w_offset, buf, len); + w_offset += len; +} + +static void set_plain(unsigned char *plain, int rec) +{ + int i, j; + unsigned char *p = plain; + + #define BLOCKSZ 16 + + for (i=0; i<(rec/BLOCKSZ); i++) { + for (j=0; j 0 && keylen != klen) { + ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); + } + ilen = EVP_CIPHER_CTX_iv_length(evp); + if (ilen > 0 && ivlen != ilen) { + ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); + } + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); + + for (j = 0; j 0) + set_record(cipher, outb, outl); + } + + for (i = 0; test_drive[i]; i++) { + last_val = 0x0f; + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0); + + init_offset(); + + for (j = 0; test_drive[i][j]; j++) { + inl = test_drive[i][j]; + get_record(cipher, inb, inl); + + ExpectIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), + 0); + + binary_dump(outb, outl); + ExpectIntEQ((ret = check_result(outb, outl)), 0); + ExpectFalse(outl > ((inl/16+1)*16) && outl > 16); + } + + ret = EVP_CipherFinal(evp, outb, &outl); + + binary_dump(outb, outl); + + ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) || + (((test_drive_len[i] % 16) == 0) && (ret == 1)); + ExpectTrue(ret); + } + + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(evp), WOLFSSL_SUCCESS); + + EVP_CIPHER_CTX_free(evp); + evp = NULL; + + /* Do an extra test to verify correct behavior with empty input. */ + + ExpectNotNull(evp = EVP_CIPHER_CTX_new()); + ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0); + + ExpectIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc); + + klen = EVP_CIPHER_CTX_key_length(evp); + if (klen > 0 && keylen != klen) { + ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); + } + ilen = EVP_CIPHER_CTX_iv_length(evp); + if (ilen > 0 && ivlen != ilen) { + ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); + } + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); + + /* outl should be set to 0 after passing NULL, 0 for input args. */ + outl = -1; + ExpectIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0); + ExpectIntEQ(outl, 0); + + EVP_CIPHER_CTX_free(evp); +#endif /* test_EVP_Cipher */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_X_STATE(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && !defined(NO_RC4) && defined(OPENSSL_ALL) + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_IV_SIZE] = {0}; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *init = NULL; + + /* Bad test cases */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = EVP_des_ede3_cbc()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectNull(wolfSSL_EVP_X_STATE(NULL)); + ExpectNull(wolfSSL_EVP_X_STATE(ctx)); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Good test case */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = wolfSSL_EVP_rc4()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectNotNull(wolfSSL_EVP_X_STATE(ctx)); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_X_STATE_LEN(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && !defined(NO_RC4) && defined(OPENSSL_ALL) + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_IV_SIZE] = {0}; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *init = NULL; + + /* Bad test cases */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = EVP_des_ede3_cbc()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0); + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Good test case */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = wolfSSL_EVP_rc4()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4)); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_EVP_aes_256_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_256_gcm()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_aes_192_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_192) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_192_gcm()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_aes_128_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_128_gcm()); +#endif + return EXPECT_RESULT(); +} + +int test_evp_cipher_aes_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(OPENSSL_ALL) && ((!defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2))) && defined(WOLFSSL_AES_256) + /* + * This test checks data at various points in the encrypt/decrypt process + * against known values produced using the same test with OpenSSL. This + * interop testing is critical for verifying the correctness of our + * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises + * a flow supported by OpenSSL that uses the control command + * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without + * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We + * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to + * wolfSSL OpenSSH clients because there was a bug in this flow that + * happened to "cancel out" if both sides of the connection had the bug. + */ + enum { + NUM_ENCRYPTIONS = 3, + AAD_SIZE = 4 + }; + static const byte plainText1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 + }; + static const byte plainText2[] = { + 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14, + 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22, + 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c + }; + static const byte plainText3[] = { + 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e, + 0x5b, 0x57, 0x10 + }; + static const byte* plainTexts[NUM_ENCRYPTIONS] = { + plainText1, + plainText2, + plainText3 + }; + static const int plainTextSzs[NUM_ENCRYPTIONS] = { + sizeof(plainText1), + sizeof(plainText2), + sizeof(plainText3) + }; + static const byte aad1[AAD_SIZE] = { + 0x00, 0x00, 0x00, 0x01 + }; + static const byte aad2[AAD_SIZE] = { + 0x00, 0x00, 0x00, 0x10 + }; + static const byte aad3[AAD_SIZE] = { + 0x00, 0x00, 0x01, 0x00 + }; + static const byte* aads[NUM_ENCRYPTIONS] = { + aad1, + aad2, + aad3 + }; + const byte iv[GCM_NONCE_MID_SZ] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte currentIv[GCM_NONCE_MID_SZ]; + const byte key[] = { + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, + 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f + }; + const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = { + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xEF + }, + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xF0 + }, + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xF1 + } + }; + const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = { + { + 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14, + 0x3D, 0x32, 0x18, 0x34, 0xA9 + }, + { + 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57, + 0xA2, 0xFD, 0x2D, 0x6B, 0x7F + }, + { + 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13, + 0x5B, 0xEC, 0x52, 0x49, 0x32, + } + }; + static const byte expCipherText1[] = { + 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15, + 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51, + 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE + }; + static const byte expCipherText2[] = { + 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45, + 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2, + 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0 + }; + static const byte expCipherText3[] = { + 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B, + 0x80, 0x5E, 0x6B, + }; + static const byte* expCipherTexts[NUM_ENCRYPTIONS] = { + expCipherText1, + expCipherText2, + expCipherText3 + }; + byte* cipherText = NULL; + byte* calcPlainText = NULL; + byte tag[AES_BLOCK_SIZE]; + EVP_CIPHER_CTX* encCtx = NULL; + EVP_CIPHER_CTX* decCtx = NULL; + int i, j, outl; + + /****************************************************/ + for (i = 0; i < 3; ++i) { + ExpectNotNull(encCtx = EVP_CIPHER_CTX_new()); + ExpectNotNull(decCtx = EVP_CIPHER_CTX_new()); + + /* First iteration, set key before IV. */ + if (i == 0) { + ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1), + SSL_SUCCESS); + + /* + * The call to EVP_CipherInit below (with NULL key) should clear the + * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a + * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL + * behavior. + */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, + -1, (void*)iv), SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0), + SSL_SUCCESS); + } + /* Second iteration, IV before key. */ + else { + ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0), + SSL_SUCCESS); + } + + /* + * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't + * been issued first. + */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, + (void*)iv), SSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, + (void*)iv), SSL_SUCCESS); + + for (j = 0; j < NUM_ENCRYPTIONS; ++j) { + /*************** Encrypt ***************/ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), SSL_SUCCESS); + /* Check current IV against expected. */ + ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); + + /* Add AAD. */ + if (i == 2) { + /* Test streaming API. */ + ExpectIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j], + AAD_SIZE), SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(encCtx, NULL, (byte *)aads[j], AAD_SIZE), + AAD_SIZE); + } + + ExpectNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + /* Encrypt plaintext. */ + if (i == 2) { + ExpectIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl, + plainTexts[j], plainTextSzs[j]), + SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(encCtx, cipherText, + (byte *)plainTexts[j], plainTextSzs[j]), + plainTextSzs[j]); + } + + if (i == 2) { + ExpectIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl), + SSL_SUCCESS); + } + else { + /* + * Calling EVP_Cipher with NULL input and output for AES-GCM is + * akin to calling EVP_CipherFinal. + */ + ExpectIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0); + } + + /* Check ciphertext against expected. */ + ExpectIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]), + 0); + + /* Get and check tag against expected. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, + sizeof(tag), tag), SSL_SUCCESS); + ExpectIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0); + + /*************** Decrypt ***************/ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), SSL_SUCCESS); + /* Check current IV against expected. */ + ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); + + /* Add AAD. */ + if (i == 2) { + /* Test streaming API. */ + ExpectIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j], + AAD_SIZE), SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(decCtx, NULL, (byte *)aads[j], AAD_SIZE), + AAD_SIZE); + } + + /* Set expected tag. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, + sizeof(tag), tag), SSL_SUCCESS); + + /* Decrypt ciphertext. */ + ExpectNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (i == 2) { + ExpectIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl, + cipherText, plainTextSzs[j]), + SSL_SUCCESS); + } + else { + /* This first EVP_Cipher call will check the tag, too. */ + ExpectIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText, + plainTextSzs[j]), plainTextSzs[j]); + } + + if (i == 2) { + ExpectIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl), + SSL_SUCCESS); + } + else { + ExpectIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0); + } + + /* Check plaintext against expected. */ + ExpectIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]), + 0); + + XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER); + cipherText = NULL; + XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER); + calcPlainText = NULL; + } + + EVP_CIPHER_CTX_free(encCtx); + encCtx = NULL; + EVP_CIPHER_CTX_free(decCtx); + decCtx = NULL; + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aes_gcm(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = AES_BLOCK_SIZE; + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[AES_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, + AES_BLOCK_SIZE, tag)); + wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + tag[AES_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + + wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); + } +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + const byte iv[12] = { 0 }; + const byte key[16] = { 0 }; + const byte cleartext[16] = { 0 }; + const byte aad[] = { + 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, + 0x4f + }; + byte out1Part[16]; + byte outTag1Part[16]; + byte out2Part[16]; + byte outTag2Part[16]; + byte decryptBuf[16]; + int len = 0; + int tlen; + EVP_CIPHER_CTX* ctx = NULL; + + /* ENCRYPT */ + /* Send AAD and data in 1 part */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, + sizeof(cleartext)), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag1Part), 1); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* DECRYPT */ + /* Send AAD and data in 1 part */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, + sizeof(cleartext)), 1); + tlen += len; + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); + + /* ENCRYPT */ + /* Send AAD and data in 2 parts */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, + sizeof(cleartext) - 1), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag2Part), 1); + + ExpectIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); + ExpectIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* DECRYPT */ + /* Send AAD and data in 2 parts */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); + tlen += len; + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, + sizeof(cleartext) - 1), 1); + tlen += len; + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + + ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); + + /* Test AAD reuse */ + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aes_gcm_zeroLen(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + /* Zero length plain text */ + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + unsigned char tag_kat[] = { + 0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, + 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b + }; + + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_aes_256_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_256) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_256_ccm()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_aes_192_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_192) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_192_ccm()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_aes_128_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_aes_128_ccm()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aes_ccm(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012"; + int ivSz = (int)XSTRLEN((char*)iv); + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[AES_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + int ret; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, + AES_BLOCK_SIZE, tag)); + ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); + ExpectIntEQ(ret, 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[AES_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); + ExpectIntEQ(ret, 1); + } +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */ + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aes_ccm_zeroLen(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + /* Zero length plain text */ + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_chacha20(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) + byte key[CHACHA_MAX_KEY_SZ]; + byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + EVP_CIPHER_CTX* ctx = NULL; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + 16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(), + key, NULL, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_chacha20_poly1305(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; + byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + byte badTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + EVP_CIPHER_CTX* ctx = NULL; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + /* Invalid IV length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid IV length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); + /* Invalid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + /* Invalid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Negative test: forged (all-zero) tag must be rejected. */ + XMEMSET(badTag, 0, sizeof(badTag)); + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, + NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, badTag), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + /* EVP_DecryptFinal_ex MUST return failure on tag mismatch */ + ExpectIntNE(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(), + key, NULL, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz, + aad, sizeof(aad)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_EVP_aria_gcm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = ARIA_BLOCK_SIZE; + /* Message to be encrypted */ + const int plaintxtSz = 40; + byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; + XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz); + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[ARIA_BLOCK_SIZE] = {0}; + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; + byte decryptedtxt[plaintxtSz]; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + #define TEST_ARIA_GCM_COUNT 6 + EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT]; + EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT]; + + for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) { + + EVP_CIPHER_CTX_init(&en[i]); + switch (i) { + case 0: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), + NULL, key, iv)); + break; + case 1: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), + NULL, key, iv)); + break; + case 2: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), + NULL, key, iv)); + break; + case 3: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + case 4: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + case 5: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + } + XMEMSET(ciphertxt,0,sizeof(ciphertxt)); + AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz)); + ciphertxtSz += len; + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, + ARIA_BLOCK_SIZE, tag)); + AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + switch (i) { + case 0: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), + NULL, key, iv)); + break; + case 1: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), + NULL, key, iv)); + break; + case 2: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), + NULL, key, iv)); + break; + case 3: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + case 4: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + case 5: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), + NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], + EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + } + XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + ARIA_BLOCK_SIZE, tag)); + AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + AssertIntEQ(plaintxtSz, decryptedtxtSz); + AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); + /* modify tag*/ + tag[AES_BLOCK_SIZE-1]+=0xBB; + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + ARIA_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + AssertIntEQ(0, len); + AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = TEST_RES_CHECK(1); +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ + return res; +} + +int test_wolfssl_EVP_sm4_ecb(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_ECB) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte plainText[SM4_BLOCK_SIZE] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; + byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, SM4_BLOCK_SIZE); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +int test_wolfssl_EVP_sm4_cbc(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CBC) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte iv[SM4_BLOCK_SIZE]; + byte plainText[SM4_BLOCK_SIZE] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; + byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, SM4_BLOCK_SIZE); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_cbc(), key, NULL, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +int test_wolfssl_EVP_sm4_ctr(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CTR) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte iv[SM4_BLOCK_SIZE]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_ctr(), key, NULL, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +int test_wolfssl_EVP_sm4_gcm_zeroLen(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) + /* Zero length plain text */ + EXPECT_DECLS; + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + unsigned char tag_kat[16] = { + 0x23,0x2f,0x0c,0xfe,0x30,0x8b,0x49,0xea, + 0x6f,0xc8,0x82,0x29,0xb5,0xdc,0x85,0x8d + }; + + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ + return res; +} + +int test_wolfssl_EVP_sm4_gcm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) + EXPECT_DECLS; + byte *key = (byte*)"0123456789012345"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = SM4_BLOCK_SIZE; + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[SM4_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[SM4_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ + return res; +} + +int test_wolfssl_EVP_sm4_ccm_zeroLen(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) + /* Zero length plain text */ + EXPECT_DECLS; + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ + return res; +} + +int test_wolfssl_EVP_sm4_ccm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) + EXPECT_DECLS; + byte *key = (byte*)"0123456789012345"; + byte *iv = (byte*)"0123456789012"; + int ivSz = (int)XSTRLEN((char*)iv); + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[SM4_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[SM4_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ + return res; +} + + +int test_wolfSSL_EVP_rc4(void) +{ + EXPECT_DECLS; +#if !defined(NO_RC4) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_rc4()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_enc_null(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + ExpectNotNull(wolfSSL_EVP_enc_null()); +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_rc2_cbc(void) + +{ + EXPECT_DECLS; +#if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) + ExpectNull(wolfSSL_EVP_rc2_cbc()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_mdc2(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_STUB) && defined(OPENSSL_ALL) + ExpectNull(wolfSSL_EVP_mdc2()); +#endif + return EXPECT_RESULT(); +} + +/* Test for integer overflow in EVP AEAD AAD accumulation. + * + * wolfSSL_EVP_CipherUpdate_GCM_AAD (and the CCM/ARIA variants) compute + * allocation sizes as (ctx->authInSz + inl) where both operands are int. + * Repeated AAD calls can accumulate authInSz to a value where adding inl + * overflows the signed int sum. The overflowed value is then cast to size_t + * for XMALLOC/XREALLOC, producing either: + * - A huge allocation on 64-bit (masking the bug as MEMORY_E), or + * - A potential heap buffer overflow on 32-bit if the wrapped size is small + * enough to succeed but the subsequent XMEMCPY uses the original large + * authInSz offset. + * + * This test simulates the overflow condition by directly setting authInSz near + * INT_MAX after legitimate initialization, then calling EVP_EncryptUpdate with + * AAD that triggers the overflow. A properly-fixed implementation should detect + * the overflow and return WOLFSSL_FAILURE before attempting the allocation. + */ +int test_evp_cipher_pkcs7_pad_zero(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(OPENSSL_EXTRA) + EVP_CIPHER_CTX *ctx = NULL; + /* AES-128-CBC key and IV */ + byte key[AES_BLOCK_SIZE] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + byte iv[AES_BLOCK_SIZE] = {0}; + /* Two plaintext blocks, with the last byte set to 0x00. When decrypted + * with padding enabled, the last byte (0x00) will be interpreted as the + * PKCS#7 padding length, which is invalid (valid range is 1..block_size). + * Using two blocks ensures CipherUpdate outputs the first block and + * CipherFinal processes the second (last) block through checkPad. */ + byte plain[AES_BLOCK_SIZE * 2] = { + 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, + 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, + 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, + 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00 + }; + byte cipher[AES_BLOCK_SIZE * 3]; + byte decrypted[AES_BLOCK_SIZE * 3]; + int outl = 0; + int total = 0; + + /* Encrypt two plaintext blocks with padding disabled so the ciphertext + * is exactly two blocks. */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectIntEQ(EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_set_padding(ctx, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CipherUpdate(ctx, cipher, &outl, plain, + AES_BLOCK_SIZE * 2), WOLFSSL_SUCCESS); + total = outl; + ExpectIntEQ(EVP_CipherFinal(ctx, cipher + total, &outl), WOLFSSL_SUCCESS); + total += outl; + ExpectIntEQ(total, AES_BLOCK_SIZE * 2); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Decrypt the ciphertext with padding enabled (the default). + * CipherUpdate should output the first block. CipherFinal processes + * the last block through checkPad, which should reject padding value 0. */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectIntEQ(EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CipherUpdate(ctx, decrypted, &outl, cipher, total), + WOLFSSL_SUCCESS); + ExpectIntEQ(outl, AES_BLOCK_SIZE); + ExpectIntNE(EVP_CipherFinal(ctx, decrypted + outl, &outl), + WOLFSSL_SUCCESS); + EVP_CIPHER_CTX_free(ctx); + +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_evp_cipher_aead_aad_overflow(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && \ + !defined(WOLFSSL_AESGCM_STREAM) + + WOLFSSL_EVP_CIPHER_CTX *ctx = NULL; + byte key[32] = {0}; + byte iv[12] = {0}; + byte aad[32] = {0}; + int outl = 0; + int savedAuthInSz; + + /* Initialize AES-256-GCM encryption context */ + ctx = EVP_CIPHER_CTX_new(); + ExpectNotNull(ctx); + ExpectIntEQ(WOLFSSL_SUCCESS, EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), + NULL, key, iv)); + + /* Feed a small legitimate AAD to allocate authIn */ + ExpectIntEQ(WOLFSSL_SUCCESS, EVP_EncryptUpdate(ctx, NULL, &outl, aad, 16)); + + if (EXPECT_SUCCESS()) { + ExpectIntEQ(ctx->authInSz, 16); + + /* Simulate accumulated AAD near INT_MAX. + * In a real attack scenario, an attacker controlling AAD input to a + * server could accumulate authInSz toward INT_MAX through many calls. + * We set it directly to avoid needing ~2GB of actual allocations. + */ + savedAuthInSz = ctx->authInSz; + ctx->authInSz = INT_MAX - 16; + + /* Attempt AAD update that causes overflow: + * (INT_MAX - 16) + 32 = INT_MAX + 16 + * This overflows signed int (undefined behavior in C). The result: + * - As signed int: wraps to INT_MIN + 15 (on 2's complement) + * - Cast to size_t on 64-bit: ~0xFFFFFFFF8000000F (huge) + * - Cast to size_t on 32-bit: ~0x8000000F (~2GB) + * + * With no overflow check, the code proceeds to XREALLOC with the + * wrapped size. On 64-bit this fails (MEMORY_E), accidentally + * preventing corruption. On 32-bit, if the allocation succeeds, + * XMEMCPY writes at offset (INT_MAX - 16) into the buffer, causing + * heap corruption. + */ + ExpectIntNE(WOLFSSL_SUCCESS, + EVP_EncryptUpdate(ctx, NULL, &outl, aad, 32)); + + /* Restore authInSz so cleanup doesn't operate on corrupted state */ + if (ctx != NULL) + ctx->authInSz = savedAuthInSz; + } + + EVP_CIPHER_CTX_free(ctx); + +#endif /* OPENSSL_EXTRA && HAVE_AESGCM && WOLFSSL_AES_256 */ + return EXPECT_RESULT(); +} + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_cipher.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,112 @@ +/* test_evp_cipher.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_EVP_CIPHER_H +#define WOLFCRYPT_TEST_EVP_CIPHER_H + +#include + +int test_wolfSSL_EVP_CIPHER_CTX(void); +int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void); +int test_wolfSSL_EVP_CIPHER_CTX_key_length(void); +int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void); +int test_wolfSSL_EVP_get_cipherbynid(void); +int test_wolfSSL_EVP_CIPHER_block_size(void); +int test_wolfSSL_EVP_CIPHER_iv_length(void); +int test_wolfSSL_EVP_CipherUpdate_Null(void); +int test_wolfSSL_EVP_CIPHER_type_string(void); +int test_wolfSSL_EVP_BytesToKey(void); +int test_wolfSSL_EVP_Cipher_extra(void); +int test_wolfSSL_EVP_X_STATE(void); +int test_wolfSSL_EVP_X_STATE_LEN(void); +int test_wolfSSL_EVP_aes_256_gcm(void); +int test_wolfSSL_EVP_aes_192_gcm(void); +int test_wolfSSL_EVP_aes_128_gcm(void); +int test_evp_cipher_aes_gcm(void); +int test_wolfssl_EVP_aes_gcm(void); +int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void); +int test_wolfssl_EVP_aes_gcm_zeroLen(void); +int test_wolfSSL_EVP_aes_256_ccm(void); +int test_wolfSSL_EVP_aes_192_ccm(void); +int test_wolfSSL_EVP_aes_128_ccm(void); +int test_wolfssl_EVP_aes_ccm(void); +int test_wolfssl_EVP_aes_ccm_zeroLen(void); +int test_wolfssl_EVP_chacha20(void); +int test_wolfssl_EVP_chacha20_poly1305(void); +int test_wolfssl_EVP_aria_gcm(void); +int test_wolfssl_EVP_sm4_ecb(void); +int test_wolfssl_EVP_sm4_cbc(void); +int test_wolfssl_EVP_sm4_ctr(void); +int test_wolfssl_EVP_sm4_gcm_zeroLen(void); +int test_wolfssl_EVP_sm4_gcm(void); +int test_wolfssl_EVP_sm4_ccm_zeroLen(void); +int test_wolfssl_EVP_sm4_ccm(void); +int test_wolfSSL_EVP_rc4(void); +int test_wolfSSL_EVP_enc_null(void); +int test_wolfSSL_EVP_rc2_cbc(void); +int test_wolfSSL_EVP_mdc2(void); +int test_evp_cipher_pkcs7_pad_zero(void); +int test_evp_cipher_aead_aad_overflow(void); + +#define TEST_EVP_CIPHER_DECLS \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_CTX), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_CTX_iv_length), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_CTX_key_length), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_CTX_set_iv), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_get_cipherbynid), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_block_size), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_iv_length), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CipherUpdate_Null), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_CIPHER_type_string), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_BytesToKey), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_Cipher_extra), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_X_STATE), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_X_STATE_LEN), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_256_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_192_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_128_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_evp_cipher_aes_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aes_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aes_gcm_AAD_2_parts), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aes_gcm_zeroLen), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_256_ccm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_192_ccm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_aes_128_ccm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aes_ccm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aes_ccm_zeroLen), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_chacha20), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_chacha20_poly1305), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_aria_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_ecb), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_cbc), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_ctr), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_gcm_zeroLen), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_gcm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_ccm_zeroLen), \ + TEST_DECL_GROUP("evp_cipher", test_wolfssl_EVP_sm4_ccm), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_rc4), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_enc_null), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_rc2_cbc), \ + TEST_DECL_GROUP("evp_cipher", test_wolfSSL_EVP_mdc2), \ + TEST_DECL_GROUP("evp_cipher", test_evp_cipher_pkcs7_pad_zero), \ + TEST_DECL_GROUP("evp_cipher", test_evp_cipher_aead_aad_overflow) + +#endif /* WOLFCRYPT_TEST_EVP_CIPHER_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_digest.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_digest.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,588 @@ +/* test_evp_digest.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_EVP_shake128(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ + defined(WOLFSSL_SHAKE128) + const EVP_MD* md = NULL; + + ExpectNotNull(md = EVP_shake128()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_shake256(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ + defined(WOLFSSL_SHAKE256) + const EVP_MD* md = NULL; + + ExpectNotNull(md = EVP_shake256()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); +#endif + + return EXPECT_RESULT(); +} + +/* + * Testing EVP digest API with SM3 + */ +int test_wolfSSL_EVP_sm3(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM3) + EXPECT_DECLS; + const EVP_MD* md = NULL; + EVP_MD_CTX* mdCtx = NULL; + byte data[WC_SM3_BLOCK_SIZE * 4]; + byte hash[WC_SM3_DIGEST_SIZE]; + byte calcHash[WC_SM3_DIGEST_SIZE]; + byte expHash[WC_SM3_DIGEST_SIZE] = { + 0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27, + 0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1, + 0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b, + 0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6 + }; + word32 chunk; + word32 i; + unsigned int sz; + int ret; + + XMEMSET(data, 0, sizeof(data)); + + md = EVP_sm3(); + ExpectTrue(md != NULL); + ExpectIntEQ(XSTRNCMP(md, "SM3", XSTRLEN("SM3")), 0); + mdCtx = EVP_MD_CTX_new(); + ExpectTrue(mdCtx != NULL); + + /* Invalid Parameters */ + ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS); + + ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE - 2), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE * 2), + WOLFSSL_SUCCESS); + /* Ensure too many bytes for lengths. */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_PAD_SIZE), + WOLFSSL_SUCCESS); + + /* Invalid Parameters */ + ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); + ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE); + + /* Chunk tests. */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, sizeof(data)), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(mdCtx, calcHash, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, WC_SM3_DIGEST_SIZE); + for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) { + for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) { + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, chunk), + WOLFSSL_SUCCESS); + } + if (i < (word32)sizeof(data)) { + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, + (word32)sizeof(data) - i), WOLFSSL_SUCCESS); + } + ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); + ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE); + } + + /* Not testing when the low 32-bit length overflows. */ + + ret = EVP_MD_CTX_cleanup(mdCtx); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + wolfSSL_EVP_MD_CTX_free(mdCtx); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_EVP_sm3 */ + +int test_EVP_blake2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S)) + const EVP_MD* md = NULL; + (void)md; + +#if defined(HAVE_BLAKE2B) + ExpectNotNull(md = EVP_blake2b512()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0); +#endif + +#if defined(HAVE_BLAKE2S) + ExpectNotNull(md = EVP_blake2s256()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0); +#endif +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_md4(void) +{ + EXPECT_DECLS; +#if !defined(NO_MD4) && defined(OPENSSL_ALL) + ExpectNotNull(wolfSSL_EVP_md4()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_ripemd160(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_STUB) && defined(OPENSSL_ALL) + ExpectNull(wolfSSL_EVP_ripemd160()); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_get_digestbynid(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#ifndef NO_MD5 + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); +#endif +#ifndef NO_SHA + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); +#endif +#ifndef NO_SHA256 + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256)); +#endif + ExpectNull(wolfSSL_EVP_get_digestbynid(0)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_Digest(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) + const char* in = "abc"; + int inLen = (int)XSTRLEN(in); + byte out[WC_SHA256_DIGEST_SIZE]; + unsigned int outLen; + const char* expOut = + "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + + ExpectIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, + "SHA256", NULL), 1); + ExpectIntEQ(outLen, WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0); +#endif /* OPEN_EXTRA && ! NO_SHA256 */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_Digest_all(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const char* digests[] = { +#ifndef NO_MD5 + "MD5", +#endif +#ifndef NO_SHA + "SHA", +#endif +#ifdef WOLFSSL_SHA224 + "SHA224", +#endif +#ifndef NO_SHA256 + "SHA256", +#endif +#ifdef WOLFSSL_SHA384 + "SHA384", +#endif +#ifdef WOLFSSL_SHA512 + "SHA512", +#endif +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + "SHA512-224", +#endif +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + "SHA512-256", +#endif +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + "SHA3-224", +#endif +#ifndef WOLFSSL_NOSHA3_256 + "SHA3-256", +#endif + "SHA3-384", +#ifndef WOLFSSL_NOSHA3_512 + "SHA3-512", +#endif +#endif /* WOLFSSL_SHA3 */ + NULL + }; + const char** d; + const unsigned char in[] = "abc"; + int inLen = XSTR_SIZEOF(in); + byte out[WC_MAX_DIGEST_SIZE]; + unsigned int outLen; + + for (d = digests; *d != NULL; d++) { + ExpectIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1); + ExpectIntGT(outLen, 0); + ExpectIntEQ(EVP_MD_size(*d), outLen); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_DigestFinal_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA256) && defined(OPENSSL_ALL) + WOLFSSL_EVP_MD_CTX mdCtx; + unsigned int s = 0; + unsigned char md[WC_SHA256_DIGEST_SIZE]; + unsigned char md2[WC_SHA256_DIGEST_SIZE]; + + /* Bad Case */ +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#else + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + +#endif + + /* Good Case */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, EVP_sha256()), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_DigestFinalXOF(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL) + WOLFSSL_EVP_MD_CTX mdCtx; + unsigned char shake[256]; + unsigned char zeros[10]; + unsigned char data[] = "Test data"; + unsigned int sz; + + XMEMSET(zeros, 0, sizeof(zeros)); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF); + ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + XMEMSET(shake, 0, sizeof(shake)); + ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS); + + /* make sure was only size of 10 */ + ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, 32); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + + #if defined(WOLFSSL_SHAKE128) + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake128()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, 16); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + #endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_MD_nid(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#ifndef NO_MD5 + ExpectIntEQ(EVP_MD_nid(EVP_md5()), NID_md5); +#endif +#ifndef NO_SHA + ExpectIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1); +#endif +#ifndef NO_SHA256 + ExpectIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256); +#endif + ExpectIntEQ(EVP_MD_nid(NULL), NID_undef); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) +static void list_md_fn(const EVP_MD* m, const char* from, + const char* to, void* arg) +{ + const char* mn; + BIO *bio; + + (void) from; + (void) to; + (void) arg; + (void) mn; + (void) bio; + + if (!m) { + /* alias */ + AssertNull(m); + AssertNotNull(to); + } + else { + AssertNotNull(m); + AssertNull(to); + } + + AssertNotNull(from); + +#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) + mn = EVP_get_digestbyname(from); + /* print to stderr */ + AssertNotNull(arg); + + bio = BIO_new(BIO_s_file()); + BIO_set_fp(bio, arg, BIO_NOCLOSE); + BIO_printf(bio, "Use %s message digest algorithm\n", mn); + BIO_free(bio); +#endif +} +#endif + +int test_EVP_MD_do_all(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + EVP_MD_do_all(NULL, stderr); + + EVP_MD_do_all(list_md_fn, stderr); + + res = TEST_SUCCESS; +#endif + + return res; +} + +int test_wolfSSL_EVP_MD_size(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_EVP_MD_CTX mdCtx; + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif +#ifndef WOLFSSL_NOSHA3_256 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#ifndef WOLFSSL_NOSHA3_512 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif +#endif /* WOLFSSL_SHA3 */ + +#ifndef NO_SHA256 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifndef NO_MD5 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_MD5_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_MD5_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA224 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA384 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA512 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifndef NO_SHA + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif + /* error case */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0); + /* Cleanup is valid on uninit'ed struct */ + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_digest.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_digest.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_digest.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,58 @@ +/* test_evp_digest.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_EVP_DIGEST_H +#define WOLFCRYPT_TEST_EVP_DIGEST_H + +#include + +int test_wolfSSL_EVP_shake128(void); +int test_wolfSSL_EVP_shake256(void); +int test_wolfSSL_EVP_sm3(void); +int test_EVP_blake2(void); +int test_wolfSSL_EVP_md4(void); +int test_wolfSSL_EVP_ripemd160(void); +int test_wolfSSL_EVP_get_digestbynid(void); +int test_wolfSSL_EVP_Digest(void); +int test_wolfSSL_EVP_Digest_all(void); +int test_wolfSSL_EVP_DigestFinal_ex(void); +int test_wolfSSL_EVP_DigestFinalXOF(void); +int test_wolfSSL_EVP_MD_nid(void); +int test_EVP_MD_do_all(void); +int test_wolfSSL_EVP_MD_size(void); + +#define TEST_EVP_DIGEST_DECLS \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_shake128), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_shake256), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_sm3), \ + TEST_DECL_GROUP("evp_digest", test_EVP_blake2), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_md4), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_ripemd160), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_get_digestbynid), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_Digest), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_Digest_all), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_DigestFinal_ex), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_DigestFinalXOF), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_MD_nid), \ + TEST_DECL_GROUP("evp_digest", test_EVP_MD_do_all), \ + TEST_DECL_GROUP("evp_digest", test_wolfSSL_EVP_MD_size) + +#endif /* WOLFCRYPT_TEST_EVP_DIGEST_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2361 @@ +/* test_evp_pkey.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + + +int test_wolfSSL_EVP_PKEY_CTX_new_id(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_ENGINE* e = NULL; + int id = 0; + EVP_PKEY_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e)); + + EVP_PKEY_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + int bits = 2048; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits), + WOLFSSL_SUCCESS); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_QT_EVP_PKEY_CTX_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) + EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + /* void */ + EVP_PKEY_CTX_free(ctx); +#else + /* int */ + ExpectIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS); +#endif + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_up_ref(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + EVP_PKEY* pkey; + + pkey = EVP_PKEY_new(); + ExpectNotNull(pkey); + ExpectIntEQ(EVP_PKEY_up_ref(NULL), 0); + ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); + EVP_PKEY_free(pkey); + ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); + EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_base_id(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef); + + ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA); + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_PKEY_id(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0); + + ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA); + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_MD_pkey_type(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const WOLFSSL_EVP_MD* md; + +#ifndef NO_MD5 + ExpectNotNull(md = EVP_md5()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption); +#endif +#ifndef NO_SHA + ExpectNotNull(md = EVP_sha1()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption); +#endif +#ifdef WOLFSSL_SHA224 + ExpectNotNull(md = EVP_sha224()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption); +#endif + ExpectNotNull(md = EVP_sha256()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption); +#ifdef WOLFSSL_SHA384 + ExpectNotNull(md = EVP_sha384()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption); +#endif +#ifdef WOLFSSL_SHA512 + ExpectNotNull(md = EVP_sha512()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption); +#endif +#endif + return EXPECT_RESULT(); +} + +#ifdef OPENSSL_EXTRA +static int test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey, + size_t testKeySz, const char* testData, size_t testDataSz, + const byte* testResult, size_t testResultSz) +{ + EXPECT_DECLS; + unsigned char check[WC_MAX_DIGEST_SIZE]; + size_t checkSz = 0; + WOLFSSL_EVP_PKEY* key = NULL; + WOLFSSL_EVP_MD_CTX mdCtx; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + testKey, (int)testKeySz)); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)testDataSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, (int)testResultSz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)testDataSz), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, (int)testResultSz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)testDataSz - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)testDataSz - 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_PKEY_free(key); + + return EXPECT_RESULT(); +} +#endif + +int test_wolfSSL_EVP_MD_hmac_signing(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + static const unsigned char testKey[] = + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b + }; + static const char testData[] = "Hi There"; +#ifdef WOLFSSL_SHA224 + static const unsigned char testResultSha224[] = + { + 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, + 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, + 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, + 0x53, 0x68, 0x4b, 0x22 + }; +#endif +#ifndef NO_SHA256 + static const unsigned char testResultSha256[] = + { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 + }; +#endif +#ifdef WOLFSSL_SHA384 + static const unsigned char testResultSha384[] = + { + 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, + 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, + 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, + 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, + 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, + 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 + }; +#endif +#ifdef WOLFSSL_SHA512 + static const unsigned char testResultSha512[] = + { + 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, + 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, + 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, + 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, + 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, + 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, + 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, + 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 + }; +#endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + static const unsigned char testResultSha3_224[] = + { + 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70, + 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d, + 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a, + 0xf3, 0xc8, 0x60, 0xf7 + }; + #endif + #ifndef WOLFSSL_NOSHA3_256 + static const unsigned char testResultSha3_256[] = + { + 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96, + 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51, + 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd, + 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb + }; + #endif + #ifndef WOLFSSL_NOSHA3_384 + static const unsigned char testResultSha3_384[] = + { + 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a, + 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61, + 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e, + 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a, + 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e, + 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd + }; + #endif + #ifndef WOLFSSL_NOSHA3_512 + static const unsigned char testResultSha3_512[] = + { + 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5, + 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac, + 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53, + 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba, + 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f, + 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2, + 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05, + 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e + }; + #endif +#endif + +#ifndef NO_SHA256 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha256(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha256, + sizeof(testResultSha256)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA224 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha224(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha224, + sizeof(testResultSha224)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA384 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha384(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha384, + sizeof(testResultSha384)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA512 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha512(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha512, + sizeof(testResultSha512)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224, + sizeof(testResultSha3_224)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_256 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256, + sizeof(testResultSha3_256)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_384 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384, + sizeof(testResultSha3_384)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_512 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512, + sizeof(testResultSha3_512)), TEST_SUCCESS); + #endif +#endif +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_new_mac_key(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + static const unsigned char pw[] = "password"; + static const int pwSz = sizeof(pw) - 1; + size_t checkPwSz = 0; + const unsigned char* checkPw = NULL; + WOLFSSL_EVP_PKEY* key = NULL; + + ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz)); + ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz)); + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, + pwSz)); + if (key != NULL) { + ExpectIntEQ(key->type, EVP_PKEY_HMAC); + ExpectIntEQ(key->save_type, EVP_PKEY_HMAC); + ExpectIntEQ(key->pkey_sz, pwSz); + ExpectIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0); + } + ExpectNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz)); + ExpectIntEQ((int)checkPwSz, pwSz); + ExpectIntEQ(XMEMCMP(checkPw, pw, pwSz), 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, + 0)); + ExpectIntEQ(key->pkey_sz, 0); + if (EXPECT_SUCCESS()) { + /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ + checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); + } + ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); + ExpectIntEQ((int)checkPwSz, 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, + 0)); + ExpectIntEQ(key->pkey_sz, 0); + if (EXPECT_SUCCESS()) { + /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ + checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); + } + ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); + ExpectIntEQ((int)checkPwSz, 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_hkdf(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) + EVP_PKEY_CTX* ctx = NULL; + byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; + byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05}; + byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A}; + byte outKey[34]; + size_t outKeySz = sizeof(outKey); + /* These expected outputs were gathered by running the same test below using + * OpenSSL. */ + const byte extractAndExpand[] = { + 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10, + 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE, + 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6 + }; + const byte extractOnly[] = { + 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E, + 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C, + 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E + }; + const byte expandOnly[] = { + 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53, + 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B, + 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74 + }; + const byte extractAndExpandAddInfo[] = { + 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A, + 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45, + 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A + }; + + ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL md. */ + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL salt is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)), + WOLFSSL_SUCCESS); + /* Salt length <= 0. */ + /* Length 0 salt is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL key. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Key length <= 0 */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL info is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)), + WOLFSSL_SUCCESS); + /* Info length <= 0 */ + /* Length 0 info is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Extract and expand (default). */ + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractAndExpand)); + ExpectIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0); + /* Extract only. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractOnly)); + ExpectIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0); + outKeySz = sizeof(outKey); + /* Expand only. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(expandOnly)); + ExpectIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0); + outKeySz = sizeof(outKey); + /* Extract and expand with appended additional info. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, + EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractAndExpandAddInfo)); + ExpectIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0); + + EVP_PKEY_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && HAVE_HKDF */ + return EXPECT_RESULT(); +} + + +int test_wolfSSL_EVP_PBE_scrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5)) +#if !defined(NO_PWDBASED) && !defined(NO_SHA256) + int ret; + + const char pwd[] = {'p','a','s','s','w','o','r','d'}; + int pwdlen = sizeof(pwd); + const byte salt[] = {'N','a','C','l'}; + int saltlen = sizeof(salt); + byte key[80]; + word64 numOvr32 = (word64)INT32_MAX + 1; + + /* expected derived key for N:16, r:1, p:1 */ + const byte expectedKey[] = { + 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B, + 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A, + 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97, + 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6, + 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C, + 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53, + 0xE7, 0xE9, 0xC0, 0x9A}; + + /* N r p mx key keylen */ + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* N must be greater than 1 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* N must be power of 2 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* r must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64); + ExpectIntEQ(ret, 0); /* p must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0); + ExpectIntEQ(ret, 0); /* keylen must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* r must be smaller than 9 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64); + ExpectIntEQ(ret, 1); /* should succeed if key is NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0, + key, 64); + ExpectIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0, + key, 64); + ExpectIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed even if salt is NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/ + + ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/ + + ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */ + + ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); + + ret = XMEMCMP(expectedKey, key, sizeof(expectedKey)); + ExpectIntEQ(ret, 0); /* derived key must be the same as expected-key */ +#endif /* !NO_PWDBASED && !NO_SHA256 */ +#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */ + return EXPECT_RESULT(); +} + +int test_EVP_PKEY_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EVP_PKEY *a = NULL; + EVP_PKEY *b = NULL; + const unsigned char *in; + +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + in = client_key_der_2048; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = client_key_der_2048; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + + /* Test success case RSA */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + in = ecc_clikey_der_256; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + in = ecc_clikey_der_256; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + + /* Test success case ECC */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + + /* Test failure cases */ +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + in = client_key_der_2048; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = ecc_clikey_der_256; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), -1); +#else + ExpectIntNE(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + + /* invalid or empty failure cases */ + a = EVP_PKEY_new(); + b = EVP_PKEY_new(); +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(NULL, NULL), 0); + ExpectIntEQ(EVP_PKEY_cmp(a, NULL), 0); + ExpectIntEQ(EVP_PKEY_cmp(NULL, b), 0); +#ifdef NO_RSA + /* Type check will fail since RSA is the default EVP key type */ + ExpectIntEQ(EVP_PKEY_cmp(a, b), -2); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif +#else + ExpectIntNE(EVP_PKEY_cmp(NULL, NULL), 0); + ExpectIntNE(EVP_PKEY_cmp(a, NULL), 0); + ExpectIntNE(EVP_PKEY_cmp(NULL, b), 0); + ExpectIntNE(EVP_PKEY_cmp(a, b), 0); +#endif + EVP_PKEY_free(b); + EVP_PKEY_free(a); + + (void)in; +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined (NO_DSA) && !defined(HAVE_SELFTEST) && \ + !defined(WC_FIPS_186_5_PLUS) && defined(WOLFSSL_KEY_GEN) + DSA *dsa = NULL; + DSA *setDsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *set1Pkey = NULL; + + SHA_CTX sha; + byte signature[DSA_SIG_SIZE]; + byte hash[WC_SHA_DIGEST_SIZE]; + word32 bytes; + int answer; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* dsaKeyDer = dsa_key_der_1024; + int dsaKeySz = sizeof_dsa_key_der_1024; + byte tmp[ONEK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = dsaKeySz; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* dsaKeyDer = dsa_key_der_2048; + int dsaKeySz = sizeof_dsa_key_der_2048; + byte tmp[TWOK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = (word32)dsaKeySz; +#else + byte tmp[TWOK_BUF]; + const unsigned char* dsaKeyDer = (const unsigned char*)tmp; + int dsaKeySz; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectIntGT(dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + /* Create hash to later Sign and Verify */ + ExpectIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); + ExpectIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); + ExpectIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); + + /* Initialize pkey with der format dsa key */ + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer, + (long)dsaKeySz)); + + /* Test wolfSSL_EVP_PKEY_get1_DSA */ + /* Should Fail: NULL argument */ + ExpectNull(dsa = EVP_PKEY_get0_DSA(NULL)); + ExpectNull(dsa = EVP_PKEY_get1_DSA(NULL)); + /* Should Pass: Initialized pkey argument */ + ExpectNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); + ExpectNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); + +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(DSA_bits(dsa), 1024); +#else + ExpectIntEQ(DSA_bits(dsa), 2048); +#endif + + /* Sign */ + ExpectIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); + /* Verify. */ + ExpectIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), + WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_set1_DSA */ + /* Should Fail: set1Pkey not initialized */ + ExpectIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + + /* Initialize set1Pkey */ + set1Pkey = EVP_PKEY_new(); + + /* Should Fail Verify: setDsa not initialized from set1Pkey */ + ExpectIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), + WOLFSSL_SUCCESS); + + /* Should Pass: set dsa into set1Pkey */ + ExpectIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + + DSA_free(dsa); + DSA_free(setDsa); + EVP_PKEY_free(pkey); + EVP_PKEY_free(set1Pkey); +#endif /* OPENSSL_ALL && !NO_DSA && !HAVE_SELFTEST && !WC_FIPS_186_5_PLUS */ + /* && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_DSA */ + +int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(OPENSSL_ALL) + WOLFSSL_EC_KEY* ecKey = NULL; + WOLFSSL_EC_KEY* ecGet1 = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should fail since ecKey is empty */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ + ExpectNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); + ExpectNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); + + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(ecGet1); + EVP_PKEY_free(pkey); +#endif /* HAVE_ECC && OPENSSL_ALL */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_EC_KEY */ + +int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(OPENSSL_ALL) + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNull(EVP_PKEY_get0_EC_KEY(NULL)); + + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectNull(EVP_PKEY_get0_EC_KEY(pkey)); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_set1_get1_DH(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) + DH *dh = NULL; + DH *setDh = NULL; + EVP_PKEY *pkey = NULL; + + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* dh2048 = "./certs/dh2048.der"; + long len = 0; + int code = -1; + + XMEMSET(buf, 0, sizeof(buf)); + + ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Load dh2048.der into DH with internal format */ + ExpectNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + + ExpectIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + code = -1; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Set DH into PKEY */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); + + /* Get DH from PKEY */ + ExpectNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); + + ExpectIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + + EVP_PKEY_free(pkey); + DH_free(setDh); + setDh = NULL; + DH_free(dh); + dh = NULL; +#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */ +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_DH */ + +int test_wolfSSL_EVP_PKEY_assign(void) +{ + EXPECT_DECLS; +#if (!defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC)) && \ + defined(OPENSSL_ALL) + int type; + WOLFSSL_EVP_PKEY* pkey = NULL; +#ifndef NO_RSA + WOLFSSL_RSA* rsa = NULL; +#endif +#ifndef NO_DSA + WOLFSSL_DSA* dsa = NULL; +#endif +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey = NULL; +#endif + +#ifndef NO_RSA + type = EVP_PKEY_RSA; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* NO_RSA */ + +#ifndef NO_DSA + type = EVP_PKEY_DSA; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dsa = wolfSSL_DSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DSA_free(dsa); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* NO_DSA */ + +#ifdef HAVE_ECC + type = EVP_PKEY_EC; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ecKey); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* HAVE_ECC */ +#endif /* (!NO_RSA || !NO_DSA || HAVE_ECC) && OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_assign_DH(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && defined(OPENSSL_ALL) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* params1 = "./certs/dh2048.der"; + long len = 0; + WOLFSSL_DH* dh = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Load DH parameters DER. */ + ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DH_free(dh); + } + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_EVP_PKEY_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + WOLFSSL_RSA* rsa = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + ExpectPtrEq(EVP_PKEY_get0_RSA(pkey), rsa); + wolfSSL_EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_EVP_PKEY_ec(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_EC_KEY* ecKey = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should fail since ecKey is empty */ + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ecKey); + } + wolfSSL_EVP_PKEY_free(pkey); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_missing_parameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(NULL), 0); + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_copy_parameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) && defined(WOLFSSL_DH_EXTRA) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && !defined(NO_FILESYSTEM) + WOLFSSL_EVP_PKEY* params = NULL; + WOLFSSL_EVP_PKEY* copy = NULL; + DH* dh = NULL; + BIGNUM* p1; + BIGNUM* g1; + BIGNUM* q1; + BIGNUM* p2; + BIGNUM* g2; + BIGNUM* q2; + + /* create DH with DH_get_2048_256 params */ + ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_get_2048_256()); + ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); + DH_get0_pqg(dh, (const BIGNUM**)&p1, + (const BIGNUM**)&q1, + (const BIGNUM**)&g1); + DH_free(dh); + dh = NULL; + + /* create DH with random generated DH params */ + ExpectNotNull(copy = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); + ExpectIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS); + DH_free(dh); + dh = NULL; + + ExpectIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS); + ExpectNotNull(dh = EVP_PKEY_get1_DH(copy)); + ExpectNotNull(dh->p); + ExpectNotNull(dh->g); + ExpectNotNull(dh->q); + DH_get0_pqg(dh, (const BIGNUM**)&p2, + (const BIGNUM**)&q2, + (const BIGNUM**)&g2); + + ExpectIntEQ(BN_cmp(p1, p2), 0); + ExpectIntEQ(BN_cmp(q1, q2), 0); + ExpectIntEQ(BN_cmp(g1, g2), 0); + + DH_free(dh); + dh = NULL; + EVP_PKEY_free(copy); + EVP_PKEY_free(params); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_paramgen(void) +{ + EXPECT_DECLS; + /* ECC check taken from ecc.c. It is the condition that defines ECC256 */ +#if defined(OPENSSL_ALL) && !defined(NO_ECC_SECP) && \ + ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256) + EVP_PKEY_CTX* ctx = NULL; + EVP_PKEY* pkey = NULL; + + /* Test error conditions. */ + ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifndef NO_RSA + EVP_PKEY_CTX_free(ctx); + /* Parameter generation for RSA not supported yet. */ + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + +#ifdef HAVE_ECC + EVP_PKEY_CTX_free(ctx); + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, + NID_X9_62_prime256v1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); +#endif + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_param_check(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) + + DH *dh = NULL; + DH *setDh = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + + FILE* f = NULL; + unsigned char buf[512]; + const unsigned char* pt = buf; + const char* dh2048 = "./certs/dh2048.der"; + long len = 0; + int code = -1; + + XMEMSET(buf, 0, sizeof(buf)); + + ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Load dh2048.der into DH with internal format */ + ExpectNotNull(setDh = d2i_DHparams(NULL, &pt, len)); + ExpectIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + code = -1; + + pkey = wolfSSL_EVP_PKEY_new(); + /* Set DH into PKEY */ + ExpectIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); + /* create ctx from pkey */ + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */); + + /* TODO: more invalid cases */ + ExpectIntEQ(EVP_PKEY_param_check(NULL), 0); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + DH_free(setDh); + setDh = NULL; + DH_free(dh); + dh = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_keygen_init(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(NULL), WOLFSSL_SUCCESS); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_keygen(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; +#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + WOLFSSL_EVP_PKEY* params = NULL; + DH* dh = NULL; + const BIGNUM* pubkey = NULL; + const BIGNUM* privkey = NULL; + ASN1_INTEGER* asn1int = NULL; + unsigned int length = 0; + byte* derBuffer = NULL; +#endif + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + +#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Test DH keygen */ + { + ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_get_2048_256()); + ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(params, NULL)); + ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); + + DH_free(dh); + dh = NULL; + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(params); + + /* try exporting generated key to DER, to verify */ + ExpectNotNull(dh = EVP_PKEY_get1_DH(pkey)); + DH_get0_key(dh, &pubkey, &privkey); + ExpectNotNull(pubkey); + ExpectNotNull(privkey); + ExpectNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL)); + ExpectIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0); + + ASN1_INTEGER_free(asn1int); + DH_free(dh); + dh = NULL; + XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + EVP_PKEY_free(pkey); + } +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_SignInit_ex(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_EVP_MD_CTX mdCtx; + WOLFSSL_ENGINE* e = 0; + const EVP_MD* md = EVP_sha256(); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif +#if defined(OPENSSL_EXTRA) +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif + +#ifdef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY +static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_RSA* rsa = NULL; +#endif +#endif +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + WOLFSSL_DSA* dsa = NULL; +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_EC_KEY* ecKey = NULL; +#endif +#endif + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL; + const char* in = "What is easy to do is easy not to do."; + size_t inlen = XSTRLEN(in); + byte hash[SHA256_DIGEST_LENGTH] = {0}; + byte zero[SHA256_DIGEST_LENGTH] = {0}; + SHA256_CTX c; + byte* sig = NULL; + byte* sigVerify = NULL; + size_t siglen; + size_t siglenOnlyLen; + size_t keySz = 2048/8; /* Bytes */ + + ExpectNotNull(sig = + (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(sigVerify = + (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + + siglen = keySz; + ExpectNotNull(XMEMSET(sig, 0, keySz)); + ExpectNotNull(XMEMSET(sigVerify, 0, keySz)); + + /* Generate hash */ + SHA256_Init(&c); + SHA256_Update(&c, in, inlen); + SHA256_Final(hash, &c); +#ifdef WOLFSSL_SMALL_STACK_CACHE + /* workaround for small stack cache case */ + wc_Sha256Free((wc_Sha256*)&c); +#endif + + /* Generate key */ + ExpectNotNull(pkey = EVP_PKEY_new()); + switch (keyType) { + case EVP_PKEY_RSA: +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + } +#endif +#endif + break; + case EVP_PKEY_DSA: +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + ExpectNotNull(dsa = DSA_new()); + ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, + NULL, 0, NULL, NULL, NULL), 1); + ExpectIntEQ(DSA_generate_key(dsa), 1); + ExpectIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS); +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + break; + case EVP_PKEY_EC: +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + ExpectNotNull(ecKey = EC_KEY_new()); + ExpectIntEQ(EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ( + EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + EC_KEY_free(ecKey); + } + } +#endif +#endif + break; + } + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); +#endif +#endif + + /* Check returning only length */ + ExpectIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash, + SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); + ExpectIntGT(siglenOnlyLen, 0); + /* Sign data */ + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, + SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); + ExpectIntGE(siglenOnlyLen, siglen); + + /* Verify signature */ + ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) + ExpectIntEQ( + EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); +#endif +#endif + ExpectIntEQ(EVP_PKEY_verify( + ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify( + ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) { + #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) + /* Try RSA sign/verify with no padding. */ + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, + siglen), WOLFSSL_SUCCESS); + ExpectIntGE(siglenOnlyLen, siglen); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_NO_PADDING), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, + siglen), WOLFSSL_SUCCESS); + #endif + + /* Wrong padding schemes. */ + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, + RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, + siglen), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, + siglen), WOLFSSL_SUCCESS); + + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); + } +#endif +#endif + + /* error cases */ + siglen = keySz; /* Reset because sig size may vary slightly */ + ExpectIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen), + WOLFSSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + DSA_free(dsa); + dsa = NULL; +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + EVP_PKEY_CTX_free(ctx_verify); + ctx_verify = NULL; + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +#endif + +int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) +#if !defined (NO_DSA) && !defined(WC_FIPS_186_5_PLUS) && \ + !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_EVP_PKEY_sign_verify_ec(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_EC), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_EVP_MD_rsa_signing(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + WOLFSSL_EVP_PKEY* privKey = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL; + const char testData[] = "Hi There"; + WOLFSSL_EVP_MD_CTX mdCtx; + WOLFSSL_EVP_MD_CTX mdCtxCopy; + int ret; + size_t checkSz = -1; + int sz = 2048 / 8; + const unsigned char* cp; + const unsigned char* p; + unsigned char check[2048/8]; + size_t i; + int paddings[] = { + RSA_PKCS1_PADDING, +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) + RSA_PKCS1_PSS_PADDING, +#endif + }; + + + cp = client_key_der_2048; + ExpectNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp, + sizeof_client_key_der_2048))); + p = client_keypub_der_2048; + ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, + sizeof_client_keypub_der_2048))); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + wolfSSL_EVP_MD_CTX_init(&mdCtxCopy); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,sz); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy); + ExpectIntEQ(ret, 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + /* Check all signing padding types */ + for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,sz); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + } + + wolfSSL_EVP_PKEY_free(pubKey); + wolfSSL_EVP_PKEY_free(privKey); +#endif + return EXPECT_RESULT(); +} + +/* Test RSA-PSS digital signature creation and verification */ +int test_wc_RsaPSS_DigitalSignVerify(void) +{ + EXPECT_DECLS; + + /* Early FIPS did not support PSS. */ +#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) && \ + (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \ + (HAVE_SELFTEST_VERSION > 2))) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_KEY_GEN) && defined(WC_RSA_NO_PADDING) && \ + !defined(NO_SHA256) + + /* Test digest */ + const unsigned char test_digest[32] = { + 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, + 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, + 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 + }; + const unsigned int digest_len = sizeof(test_digest); + + /* Variables for RSA key generation and signature operations */ + EVP_PKEY_CTX *pkctx = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *sign_ctx = NULL; + EVP_PKEY_CTX *verify_ctx = NULL; + unsigned char signature[256+MAX_DER_DIGEST_ASN_SZ] = {0}; + size_t signature_len = sizeof(signature); + int modulus_bits = 2048; + + /* Generate RSA key pair to avoid file dependencies */ + ExpectNotNull(pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); + ExpectIntEQ(EVP_PKEY_keygen_init(pkctx), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_keygen_bits(pkctx, modulus_bits), 1); + ExpectIntEQ(EVP_PKEY_keygen(pkctx, &pkey), 1); + + /* Create signing context */ + ExpectNotNull(sign_ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(sign_ctx), 1); + + /* Configure RSA-PSS parameters for signing. */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(sign_ctx, RSA_PKCS1_PSS_PADDING), + 1); + /* Default salt length matched hash so use 32 for SHA256 */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(sign_ctx, 32), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(sign_ctx, EVP_sha256()), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(sign_ctx, EVP_sha256()), 1); + + /* Create the digital signature */ + ExpectIntEQ(EVP_PKEY_sign(sign_ctx, signature, &signature_len, test_digest, + digest_len), 1); + ExpectIntGT((int)signature_len, 0); + + /* Create verification context */ + ExpectNotNull(verify_ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_verify_init(verify_ctx), 1); + + /* Configure RSA-PSS parameters for verification */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(verify_ctx, RSA_PKCS1_PSS_PADDING), + 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(verify_ctx, 32), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(verify_ctx, EVP_sha256()), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(verify_ctx, EVP_sha256()), 1); + + /* Verify the digital signature */ + ExpectIntEQ(EVP_PKEY_verify(verify_ctx, signature, signature_len, + test_digest, digest_len), 1); + + /* Test with wrong digest to ensure verification fails (negative test) */ + { + const unsigned char wrong_digest[32] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02 + }; + ExpectIntNE(EVP_PKEY_verify(verify_ctx, signature, signature_len, + wrong_digest, digest_len), 1); + } + + /* Clean up */ + if (verify_ctx) + EVP_PKEY_CTX_free(verify_ctx); + if (sign_ctx) + EVP_PKEY_CTX_free(sign_ctx); + if (pkey) + EVP_PKEY_free(pkey); + if (pkctx) + EVP_PKEY_CTX_free(pkctx); + +#endif + + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_MD_ecc_signing(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + WOLFSSL_EVP_PKEY* privKey = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + const char testData[] = "Hi There"; + WOLFSSL_EVP_MD_CTX mdCtx; + int ret; + const unsigned char* cp; + const unsigned char* p; + unsigned char check[2048/8]; + size_t checkSz = sizeof(check); + + XMEMSET(check, 0, sizeof(check)); + + cp = ecc_clikey_der_256; + ExpectNotNull(privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, + sizeof_ecc_clikey_der_256)); + p = ecc_clikeypub_der_256; + ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, + sizeof_ecc_clikeypub_der_256))); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_PKEY_free(pubKey); + wolfSSL_EVP_PKEY_free(privKey); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_EVP_PKEY_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + WOLFSSL_RSA* rsa = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + const char* in = "What is easy to do is easy not to do."; + size_t inlen = XSTRLEN(in); + size_t outEncLen = 0; + byte* outEnc = NULL; + byte* outDec = NULL; + size_t outDecLen = 0; + size_t rsaKeySz = 2048/8; /* Bytes */ +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + byte* inTmp = NULL; + byte* outEncTmp = NULL; + byte* outDecTmp = NULL; +#endif + + ExpectNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outEnc != NULL) { + XMEMSET(outEnc, 0, rsaKeySz); + } + ExpectNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outDec != NULL) { + XMEMSET(outDec, 0, rsaKeySz); + } + + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + RSA_free(rsa); + } + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); + + /* Test pkey references count is decremented. pkey shouldn't be destroyed + since ctx uses it.*/ + ExpectIntEQ(pkey->ref.count, 2); + EVP_PKEY_free(pkey); + ExpectIntEQ(pkey->ref.count, 1); + + /* Encrypt data */ + /* Check that we can get the required output buffer length by passing in a + * NULL output buffer. */ + ExpectIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen, + (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); + ExpectIntEQ(rsaKeySz, outEncLen); + /* Now do the actual encryption. */ + ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen, + (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); + + /* Decrypt data */ + ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); + /* Check that we can get the required output buffer length by passing in a + * NULL output buffer. */ + ExpectIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen), + WOLFSSL_SUCCESS); + ExpectIntEQ(rsaKeySz, outDecLen); + /* Now do the actual decryption. */ + ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen), + WOLFSSL_SUCCESS); + + ExpectIntEQ(XMEMCMP(in, outDec, outDecLen), 0); + +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + /* The input length must be the same size as the RSA key.*/ + ExpectNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (inTmp != NULL) { + XMEMSET(inTmp, 9, rsaKeySz); + } + ExpectNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outEncTmp != NULL) { + XMEMSET(outEncTmp, 0, rsaKeySz); + } + ExpectNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outDecTmp != NULL) { + XMEMSET(outDecTmp, 0, rsaKeySz); + } + ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, + outEncLen), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0); +#endif + EVP_PKEY_CTX_free(ctx); + XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_derive(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) +#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) + EVP_PKEY_CTX *ctx = NULL; + unsigned char *skey = NULL; + size_t skeylen; + EVP_PKEY *pkey = NULL; + EVP_PKEY *peerkey = NULL; + const unsigned char* key; + +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) + /* DH */ + key = dh_key_der_2048; + ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, + sizeof_dh_key_der_2048))); + ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1); + key = dh_key_der_2048; + ExpectNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, + sizeof_dh_key_der_2048))); + ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); + ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); + ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); + ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, + DYNAMIC_TYPE_OPENSSL)); + ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(peerkey); + peerkey = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); + skey = NULL; +#endif + +#ifdef HAVE_ECC + /* ECDH */ + key = ecc_clikey_der_256; + ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key, + sizeof_ecc_clikey_der_256))); + key = ecc_clikeypub_der_256; + ExpectNotNull((peerkey = d2i_PUBKEY(NULL, &key, + sizeof_ecc_clikeypub_der_256))); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); + ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); + ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); + ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, + DYNAMIC_TYPE_OPENSSL)); + ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(peerkey); + EVP_PKEY_free(pkey); + XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); +#endif /* HAVE_ECC */ +#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ +#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_EVP_PKEY_print_public(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + WOLFSSL_BIO* rbio = NULL; + WOLFSSL_BIO* wbio = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + char line[256] = { 0 }; + char line1[256] = { 0 }; + int i = 0; + + /* test error cases */ + ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); + + /* + * test RSA public key print + * in this test, pass '3' for indent + */ +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) + + ExpectNotNull(rbio = BIO_new_mem_buf( client_keypub_der_1024, + sizeof_client_keypub_der_1024)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " RSA Public-Key: (1024 bit)\n"); + ExpectIntEQ(XSTRNCMP(line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " Modulus:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of modulus element*/ + for (i = 0; i < 8 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " Exponent: 65537 (0x010001)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ + + /* + * test DSA public key print + */ +#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) + ExpectNotNull(rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, + sizeof_dsa_pub_key_der_2048)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "DSA Public-Key: (2048 bit)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "pub:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of pub element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "P:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of P element*/ + for (i = 0; i < 18 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "Q:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of Q element*/ + for (i = 0; i < 3 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "G:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of G element*/ + for (i = 0; i < 18 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ + + /* + * test ECC public key print + */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + ExpectNotNull(rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, + sizeof_ecc_clikeypub_der_256)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + ExpectStrEQ(line, "Public-Key: (256 bit)\n"); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "pub:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of pub element*/ + for (i = 0; i < 4 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "ASN1 OID: prime256v1\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "NIST CURVE: P-256\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + + /* + * test DH public key print + */ +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + + ExpectNotNull(rbio = BIO_new_mem_buf( dh_pub_key_der_2048, + sizeof_dh_pub_key_der_2048)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL), 1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "DH Public-Key: (2048 bit)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "public-key:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of public-key element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "prime:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of prime element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "generator: 2 (0x02)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ + + /* to prevent "unused variable" warning */ + (void)pkey; + (void)wbio; + (void)rbio; + (void)line; + (void)line1; + (void)i; +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_evp_pkey.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,102 @@ +/* test_evp_pkey.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_EVP_PKEY_H +#define WOLFCRYPT_TEST_EVP_PKEY_H + +#include + +int test_wolfSSL_EVP_PKEY_CTX_new_id(void); +int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void); +int test_wolfSSL_QT_EVP_PKEY_CTX_free(void); +int test_wolfSSL_EVP_PKEY_up_ref(void); +int test_wolfSSL_EVP_PKEY_base_id(void); +int test_wolfSSL_EVP_PKEY_id(void); +int test_wolfSSL_EVP_MD_pkey_type(void); +int test_wolfSSL_EVP_MD_hmac_signing(void); +int test_wolfSSL_EVP_PKEY_new_mac_key(void); +int test_wolfSSL_EVP_PKEY_hkdf(void); +int test_wolfSSL_EVP_PBE_scrypt(void); +int test_EVP_PKEY_cmp(void); +int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void); +int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void); +int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void); +int test_wolfSSL_EVP_PKEY_set1_get1_DH (void); +int test_wolfSSL_EVP_PKEY_assign(void); +int test_wolfSSL_EVP_PKEY_assign_DH(void); +int test_EVP_PKEY_rsa(void); +int test_EVP_PKEY_ec(void); +int test_wolfSSL_EVP_PKEY_missing_parameters(void); +int test_wolfSSL_EVP_PKEY_copy_parameters(void); +int test_wolfSSL_EVP_PKEY_paramgen(void); +int test_wolfSSL_EVP_PKEY_param_check(void); +int test_wolfSSL_EVP_PKEY_keygen_init(void); +int test_wolfSSL_EVP_PKEY_keygen(void); +int test_wolfSSL_EVP_SignInit_ex(void); +int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void); +int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void); +int test_wolfSSL_EVP_PKEY_sign_verify_ec(void); +int test_wolfSSL_EVP_MD_rsa_signing(void); +int test_wc_RsaPSS_DigitalSignVerify(void); +int test_wolfSSL_EVP_MD_ecc_signing(void); +int test_wolfSSL_EVP_PKEY_encrypt(void); +int test_wolfSSL_EVP_PKEY_derive(void); +int test_wolfSSL_EVP_PKEY_print_public(void); + +#define TEST_EVP_PKEY_DECLS \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_CTX_new_id), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits),\ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_QT_EVP_PKEY_CTX_free), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_up_ref), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_base_id), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_id), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_MD_pkey_type), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_MD_hmac_signing), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_new_mac_key), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_hkdf), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PBE_scrypt), \ + TEST_DECL_GROUP("evp_pkey", test_EVP_PKEY_cmp), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_set1_get1_DSA), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_get0_EC_KEY), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_set1_get1_DH), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_assign), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_assign_DH), \ + TEST_DECL_GROUP("evp_pkey", test_EVP_PKEY_rsa), \ + TEST_DECL_GROUP("evp_pkey", test_EVP_PKEY_ec), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_missing_parameters), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_copy_parameters), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_paramgen), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_param_check), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_keygen_init), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_keygen), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_SignInit_ex), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_sign_verify_rsa), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_sign_verify_dsa), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_sign_verify_ec), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_MD_rsa_signing), \ + TEST_DECL_GROUP("evp_pkey", test_wc_RsaPSS_DigitalSignVerify), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_MD_ecc_signing), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_encrypt), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_derive), \ + TEST_DECL_GROUP("evp_pkey", test_wolfSSL_EVP_PKEY_print_public) + +#endif /* WOLFCRYPT_TEST_EVP_PKEY_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -102,24 +102,35 @@ WC_HASH_TYPE_SHA3_384, WC_HASH_TYPE_SHA3_512, #endif - WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ -}; -static const int notCompiledHashLen = (sizeof(notCompiledHash) / - sizeof(enum wc_HashType)) - 1; - -static const enum wc_HashType notSupportedHash[] = { -#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) +#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE128) WC_HASH_TYPE_SHAKE128, #endif -#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) +#if !defined(WOLFSSL_SHA3) || !defined(WOLFSSL_SHAKE256) WC_HASH_TYPE_SHAKE256, #endif +#if defined(NO_MD5) || defined(NO_SHA) WC_HASH_TYPE_MD5_SHA, +#endif +#ifndef WOLFSSL_MD2 WC_HASH_TYPE_MD2, +#endif +#ifdef NO_MD4 WC_HASH_TYPE_MD4, +#endif +#ifndef HAVE_BLAKE2B WC_HASH_TYPE_BLAKE2B, +#endif +#ifndef HAVE_BLAKE2S WC_HASH_TYPE_BLAKE2S, - WC_HASH_TYPE_NONE +#endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ +}; +static const int notCompiledHashLen = (sizeof(notCompiledHash) / + sizeof(enum wc_HashType)) - 1; + +static const int notSupportedHash[] = { + WC_HASH_TYPE_NONE, + WC_HASH_TYPE_MAX + 1 }; static const int notSupportedHashLen = (sizeof(notSupportedHash) / sizeof(enum wc_HashType)); @@ -134,8 +145,10 @@ #ifndef NO_MD4 WC_HASH_TYPE_MD4, #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#ifdef HAVE_BLAKE2B WC_HASH_TYPE_BLAKE2B, +#endif +#ifdef HAVE_BLAKE2S WC_HASH_TYPE_BLAKE2S, #endif WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ @@ -152,22 +165,21 @@ #ifdef NO_MD4 WC_HASH_TYPE_MD4, #endif -#if !defined(HAVE_BLAKE2) && !defined(HAVE_BLAKE2S) +#ifndef HAVE_BLAKE2B WC_HASH_TYPE_BLAKE2B, +#endif +#ifndef HAVE_BLAKE2S WC_HASH_TYPE_BLAKE2S, #endif + WC_HASH_TYPE_SHAKE128, + WC_HASH_TYPE_SHAKE256, WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ }; static const int sizeNotCompiledHashLen = (sizeof(sizeNotCompiledHash) / sizeof(enum wc_HashType)) - 1; -static const enum wc_HashType sizeNotSupportedHash[] = { -#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) - WC_HASH_TYPE_SHAKE128, -#endif -#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) - WC_HASH_TYPE_SHAKE256, -#endif - WC_HASH_TYPE_NONE +static const int sizeNotSupportedHash[] = { + WC_HASH_TYPE_NONE, + WC_HASH_TYPE_MAX + 1 }; static const int sizeNotSupportedHashLen = (sizeof(sizeNotSupportedHash) / sizeof(enum wc_HashType)); @@ -214,19 +226,19 @@ for (i = 0; i < notSupportedHashLen; i++) { /* check for null ptr */ - ExpectIntEQ(wc_HashInit(NULL, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(NULL, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashInit_ex(NULL, notSupportedHash[i], HEAP_HINT, + ExpectIntEQ(wc_HashInit_ex(NULL, (enum wc_HashType)notSupportedHash[i], HEAP_HINT, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_HashFree(&hash, notSupportedHash[i]); - ExpectIntEQ(wc_HashInit_ex(&hash, notSupportedHash[i], HEAP_HINT, + wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]); + ExpectIntEQ(wc_HashInit_ex(&hash, (enum wc_HashType)notSupportedHash[i], HEAP_HINT, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_HashFree(&hash, notSupportedHash[i]); + wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]); - wc_HashFree(NULL, notSupportedHash[i]); + wc_HashFree(NULL, (enum wc_HashType)notSupportedHash[i]); } /* end of for loop */ #endif @@ -282,25 +294,25 @@ } for (i = 0; i < notSupportedHashLen; i++) { - ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Invalid parameters */ - ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 1), + ExpectIntEQ(wc_HashUpdate(NULL, (enum wc_HashType)notSupportedHash[i], NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 1), + ExpectIntEQ(wc_HashUpdate(&hash, (enum wc_HashType)notSupportedHash[i], NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 0), + ExpectIntEQ(wc_HashUpdate(NULL, (enum wc_HashType)notSupportedHash[i], NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], (byte*)"a", 1), + ExpectIntEQ(wc_HashUpdate(NULL, (enum wc_HashType)notSupportedHash[i], (byte*)"a", 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 0), + ExpectIntEQ(wc_HashUpdate(&hash, (enum wc_HashType)notSupportedHash[i], NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], (byte*)"a", 1), + ExpectIntEQ(wc_HashUpdate(&hash, (enum wc_HashType)notSupportedHash[i], (byte*)"a", 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_HashFree(&hash, notSupportedHash[i]); + wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]); } #if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512) @@ -357,21 +369,21 @@ } for (i = 0; i < notSupportedHashLen; i++) { - ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Invalid parameters */ - ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], NULL), + ExpectIntEQ(wc_HashFinal(NULL, (enum wc_HashType)notSupportedHash[i], NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], NULL), + ExpectIntEQ(wc_HashFinal(&hash, (enum wc_HashType)notSupportedHash[i], NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], digest), + ExpectIntEQ(wc_HashFinal(NULL, (enum wc_HashType)notSupportedHash[i], digest), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], digest), + ExpectIntEQ(wc_HashFinal(&hash, (enum wc_HashType)notSupportedHash[i], digest), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - wc_HashFree(&hash, notSupportedHash[i]); + wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]); } #if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512) ExpectIntEQ(wc_HashInit(&hash, WC_HASH_TYPE_SHA256), 0); @@ -417,7 +429,7 @@ } for (i = 0; i < notSupportedHashLen; i++) { - ExpectNull(wc_HashNew(notSupportedHash[i], HEAP_HINT, INVALID_DEVID, + ExpectNull(wc_HashNew((enum wc_HashType)notSupportedHash[i], HEAP_HINT, INVALID_DEVID, &ret)); ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } @@ -438,17 +450,13 @@ ExpectIntGT(wc_HashGetDigestSize(sizeSupportedHash[i]), 0); } - for (i = 0; i < notCompiledHashLen; i++) { - ExpectIntEQ(wc_HashGetDigestSize(notCompiledHash[i]), - WC_NO_ERR_TRACE(HASH_TYPE_E)); - } for (i = 0; i < sizeNotCompiledHashLen; i++) { ExpectIntEQ(wc_HashGetDigestSize(sizeNotCompiledHash[i]), WC_NO_ERR_TRACE(HASH_TYPE_E)); } for (i = 0; i < sizeNotSupportedHashLen; i++) { - ExpectIntEQ(wc_HashGetDigestSize(sizeNotSupportedHash[i]), + ExpectIntEQ(wc_HashGetDigestSize((enum wc_HashType)sizeNotSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } #endif @@ -468,17 +476,13 @@ ExpectIntGT(wc_HashGetBlockSize(sizeSupportedHash[i]), 0); } - for (i = 0; i < notCompiledHashLen; i++) { - ExpectIntEQ(wc_HashGetBlockSize(notCompiledHash[i]), - WC_NO_ERR_TRACE(HASH_TYPE_E)); - } for (i = 0; i < sizeNotCompiledHashLen; i++) { ExpectIntEQ(wc_HashGetBlockSize(sizeNotCompiledHash[i]), WC_NO_ERR_TRACE(HASH_TYPE_E)); } for (i = 0; i < sizeNotSupportedHashLen; i++) { - ExpectIntEQ(wc_HashGetBlockSize(sizeNotSupportedHash[i]), + ExpectIntEQ(wc_HashGetBlockSize((enum wc_HashType)sizeNotSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } #endif @@ -525,9 +529,9 @@ /* Algorithm only supported with wc_Hash() and wc_Hash_ex(). */ continue; } - ExpectIntEQ(wc_Hash(sizeNotSupportedHash[i], (byte*)"a", 1, + ExpectIntEQ(wc_Hash((enum wc_HashType)sizeNotSupportedHash[i], (byte*)"a", 1, digest, sizeof(digest)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Hash_ex(sizeNotSupportedHash[i], (byte*)"a", 1, + ExpectIntEQ(wc_Hash_ex((enum wc_HashType)sizeNotSupportedHash[i], (byte*)"a", 1, digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } @@ -570,11 +574,11 @@ /* For loop to test not supported cases */ for (i = 0; i < notSupportedHashLen; i++) { - ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashSetFlags(&hash, notSupportedHash[i], flags), + ExpectIntEQ(wc_HashSetFlags(&hash, (enum wc_HashType)notSupportedHash[i], flags), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } #endif @@ -613,11 +617,11 @@ /* For loop to test not supported cases */ for (i = 0; i < notSupportedHashLen; i++) { - ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashInit(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashGetFlags(&hash, notSupportedHash[i], &flags), + ExpectIntEQ(wc_HashGetFlags(&hash, (enum wc_HashType)notSupportedHash[i], &flags), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]), + ExpectIntEQ(wc_HashFree(&hash, (enum wc_HashType)notSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } #endif @@ -682,7 +686,7 @@ #ifdef WOLFSSL_MD2 WC_HASH_TYPE_MD2, #endif - #ifndef NO_MD5 + #if !defined(NO_MD5) && !defined(NO_SHA) WC_HASH_TYPE_MD5_SHA, #endif WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ @@ -696,15 +700,16 @@ #ifdef NO_MD5 WC_HASH_TYPE_MD5_SHA, #endif + WC_HASH_TYPE_MD4, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_BLAKE2S, WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ }; static const int oidOnlyNotCompiledHashLen = (sizeof(oidOnlyNotCompiledHash) / sizeof(enum wc_HashType)) - 1; - static const enum wc_HashType oidNotSupportedHash[] = { - WC_HASH_TYPE_MD4, - WC_HASH_TYPE_BLAKE2B, - WC_HASH_TYPE_BLAKE2S, - WC_HASH_TYPE_NONE + static const int oidNotSupportedHash[] = { + WC_HASH_TYPE_NONE, + WC_HASH_TYPE_MAX + 1 }; static const int oidNotSupportedHashLen = (sizeof(oidNotSupportedHash) / sizeof(enum wc_HashType)); @@ -727,7 +732,7 @@ } for (i = 0; i < oidNotSupportedHashLen; i++) { - ExpectIntEQ(wc_HashGetOID(oidNotSupportedHash[i]), + ExpectIntEQ(wc_HashGetOID((enum wc_HashType)oidNotSupportedHash[i]), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_cmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,7 @@ #include #include +#include #include #include @@ -681,3 +682,76 @@ return EXPECT_RESULT(); } /* END test_wc_Sha384HmacFinal */ +/* Test for integer overflow in TLS_hmac size calculation (ZD #21240). + * + * TLS_hmac() computes sz + hashSz + padSz + 1 and passes the result to + * Hmac_UpdateFinal / Hmac_UpdateFinal_CT. When sz (word32) is near + * UINT32_MAX, the addition overflows and wraps to a small value, causing + * the HMAC routines to operate on an undersized length. The fix adds + * WC_SAFE_SUM_WORD32 overflow checks and returns BUFFER_E on overflow. + * + * This test calls through ssl->hmac (which points to TLS_hmac) with + * values that trigger the overflow condition and verifies the function + * correctly rejects them. + */ +int test_tls_hmac_size_overflow(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(WOLFSSL_AEAD_ONLY) && !defined(NO_TLS) && \ + defined(NO_OLD_TLS) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + byte digest[WC_MAX_DIGEST_SIZE]; + byte dummy_in[64]; + + XMEMSET(dummy_in, 0xAA, sizeof(dummy_in)); + XMEMSET(digest, 0, sizeof(digest)); + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + ExpectNotNull(ctx); + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + if (EXPECT_SUCCESS()) { + ExpectNotNull(ssl->hmac); + + /* Set a hash size so the verify path in TLS_hmac is exercised. */ + ssl->specs.hash_size = WC_SHA256_DIGEST_SIZE; + + /* Overflow case 1: sz near UINT32_MAX, padSz pushes sum past limit. + * (UINT32_MAX - 300) + 32 + 500 + 1 = UINT32_MAX + 233 -> wraps to 232 + */ + ExpectIntEQ(ssl->hmac(ssl, digest, dummy_in, + (word32)(WOLFSSL_MAX_32BIT - 300), + 500, /* padSz */ + application_data, 1, PEER_ORDER), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Overflow case 2: padSz = 0, hashSz alone causes overflow. + * (UINT32_MAX - 10) + 32 + 0 + 1 = UINT32_MAX + 23 -> wraps to 22 + */ + ExpectIntEQ(ssl->hmac(ssl, digest, dummy_in, + (word32)(WOLFSSL_MAX_32BIT - 10), + 0, /* padSz */ + application_data, 1, PEER_ORDER), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Normal case: should NOT return BUFFER_E. + * May fail for other reasons (no keys configured) but the overflow + * check must not fire for small legitimate values. + */ + ExpectIntNE(ssl->hmac(ssl, digest, dummy_in, + 100, + 10, /* padSz */ + application_data, 1, PEER_ORDER), + WC_NO_ERR_TRACE(BUFFER_E)); + } + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_Cleanup(); +#endif /* !NO_HMAC && !WOLFSSL_AEAD_ONLY && !NO_TLS && NO_OLD_TLS && + * !NO_WOLFSSL_CLIENT */ + return EXPECT_RESULT(); +} /* END test_tls_hmac_size_overflow */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_hmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_hmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_hmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,6 +39,7 @@ int test_wc_Sha384HmacSetKey(void); int test_wc_Sha384HmacUpdate(void); int test_wc_Sha384HmacFinal(void); +int test_tls_hmac_size_overflow(void); #define TEST_HMAC_DECLS \ TEST_DECL_GROUP("hmac", test_wc_Md5HmacSetKey), \ @@ -55,6 +56,7 @@ TEST_DECL_GROUP("hmac", test_wc_Sha256HmacFinal), \ TEST_DECL_GROUP("hmac", test_wc_Sha384HmacSetKey), \ TEST_DECL_GROUP("hmac", test_wc_Sha384HmacUpdate), \ - TEST_DECL_GROUP("hmac", test_wc_Sha384HmacFinal) + TEST_DECL_GROUP("hmac", test_wc_Sha384HmacFinal), \ + TEST_DECL_GROUP("hmac", test_tls_hmac_size_overflow) #endif /* WOLFCRYPT_TEST_HMAC_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md2.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md2.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md4.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md4.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md5.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md5.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md5.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md5.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_md5.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_md5.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_md5.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mldsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mldsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_mldsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,7 +38,8 @@ #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) && \ + defined(WOLFSSL_DILITHIUM_NO_CTX) static const byte ml_dsa_44_pub_key[] = { 0x7c, 0x33, 0x31, 0x41, 0x15, 0xa7, 0x2d, 0x6b, 0x17, 0x7c, 0x10, 0xab, 0x75, 0xf7, 0x83, 0xb3, @@ -685,6 +686,84 @@ return EXPECT_RESULT(); } +/* + * Test that wc_dilithium_sign_msg() rejects a public-key-only key object. + * A key with prvKeySet=0 must not silently sign with zeroed key data. + */ +int test_wc_dilithium_sign_pubonly_fails(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0) +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_CTX) + dilithium_key* key; + dilithium_key* pubOnlyKey; + WC_RNG rng; + byte* pubBuf = NULL; + word32 pubLen = DILITHIUM_MAX_PUB_KEY_SIZE; + byte msg[] = "test message for pubonly check"; + byte* sig = NULL; + word32 sigLen = DILITHIUM_MAX_SIG_SIZE; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + pubOnlyKey = (dilithium_key*)XMALLOC(sizeof(*pubOnlyKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubOnlyKey); + pubBuf = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubBuf); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) + XMEMSET(key, 0, sizeof(*key)); + if (pubOnlyKey != NULL) + XMEMSET(pubOnlyKey, 0, sizeof(*pubOnlyKey)); + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + ExpectIntEQ(wc_dilithium_init(pubOnlyKey), 0); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_set_level(pubOnlyKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_set_level(pubOnlyKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_set_level(pubOnlyKey, WC_ML_DSA_87), 0); +#endif + + /* Generate a real key pair and export its public key. */ + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + ExpectIntEQ(wc_dilithium_export_public(key, pubBuf, &pubLen), 0); + + /* Import only the public key into a fresh key object. */ + ExpectIntEQ(wc_dilithium_import_public(pubBuf, pubLen, pubOnlyKey), 0); + + /* Signing with a public-key-only object must fail. */ + ExpectIntEQ(wc_dilithium_sign_ctx_msg(NULL, 0, msg, sizeof(msg), sig, + &sigLen, pubOnlyKey, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_dilithium_free(pubOnlyKey); + wc_dilithium_free(key); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubOnlyKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_dilithium_sign_pubonly_fails */ + int test_wc_dilithium_make_key(void) { EXPECT_DECLS; @@ -730,7 +809,7 @@ { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_SIGN) + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && defined(WOLFSSL_DILITHIUM_NO_CTX) dilithium_key* key; dilithium_key* importKey = NULL; WC_RNG rng; @@ -893,7 +972,7 @@ { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && defined(WOLFSSL_DILITHIUM_NO_CTX) && \ (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN)) dilithium_key* key; dilithium_key* importKey = NULL; @@ -7573,7 +7652,7 @@ { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ - !defined(WOLFSSL_DILITHIUM_NO_SIGN) + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && defined(WOLFSSL_DILITHIUM_NO_CTX) dilithium_key* key; #ifndef WOLFSSL_NO_ML_DSA_44 static const byte sk_44[] = { @@ -12383,13 +12462,7798 @@ return EXPECT_RESULT(); } -int test_wc_dilithium_verify_kats(void) +int test_wc_dilithium_sign_ctx_kats(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + dilithium_key* key; + word32 sigLen; + byte* sig = NULL; + +#ifndef WOLFSSL_NO_ML_DSA_44 + /* ML-DSA-44: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Secret key (2560 bytes) */ + static const byte sk_44[] = { + 0xdc, 0x7b, 0xc9, 0xa2, 0xe0, 0xb6, 0xdc, 0x66, + 0x82, 0x3a, 0xe4, 0xfb, 0xde, 0x97, 0x1c, 0x0c, + 0xfc, 0x46, 0xf9, 0xd9, 0x6b, 0xbf, 0xbe, 0xeb, + 0xb3, 0x47, 0x0a, 0xe0, 0xa5, 0xa0, 0x13, 0x9f, + 0xf0, 0x37, 0xb8, 0x4e, 0x75, 0x53, 0x7e, 0x0a, + 0x1c, 0xf0, 0x2a, 0x51, 0x7a, 0xcf, 0xe3, 0x23, + 0xff, 0xff, 0xe1, 0x1d, 0xf7, 0x2e, 0x4f, 0x38, + 0x43, 0x0e, 0x0e, 0x66, 0xa2, 0x65, 0x4b, 0x2f, + 0x2e, 0xf7, 0x57, 0xda, 0x47, 0x64, 0x9d, 0x9f, + 0x63, 0xfa, 0x03, 0xf1, 0xbf, 0x6f, 0xe6, 0xbc, + 0x7c, 0x62, 0x97, 0x1a, 0x98, 0xa2, 0xbd, 0x9d, + 0x36, 0xeb, 0x0e, 0xc4, 0x3a, 0xd4, 0xe9, 0xd9, + 0x40, 0xdf, 0x3b, 0xb5, 0x87, 0x4f, 0x5c, 0x92, + 0x19, 0x2a, 0xa3, 0x1e, 0x05, 0x35, 0xd3, 0xcf, + 0x70, 0x95, 0x0b, 0xba, 0x85, 0x8d, 0x11, 0xa6, + 0x88, 0xea, 0xf8, 0x54, 0xf6, 0x3e, 0xcf, 0xc5, + 0x20, 0xc5, 0x0d, 0x62, 0x48, 0x91, 0x43, 0x42, + 0x65, 0xd8, 0xb0, 0x68, 0x0c, 0x03, 0x06, 0x10, + 0x40, 0x29, 0x9a, 0x10, 0x40, 0x82, 0xc0, 0x91, + 0x0c, 0x85, 0x08, 0xd1, 0x10, 0x0d, 0x44, 0xa6, + 0x50, 0x94, 0x08, 0x29, 0x22, 0x11, 0x12, 0x5b, + 0x90, 0x50, 0x8a, 0x26, 0x88, 0xe1, 0x30, 0x2d, + 0xc4, 0x02, 0x12, 0x80, 0x02, 0x8a, 0xc3, 0x02, + 0x61, 0x18, 0x20, 0x85, 0x12, 0x37, 0x80, 0x8a, + 0x00, 0x0a, 0xe2, 0x04, 0x04, 0x21, 0xb4, 0x91, + 0x0b, 0xb8, 0x05, 0x50, 0xa0, 0x80, 0x51, 0xb2, + 0x51, 0x1c, 0x28, 0x42, 0x8a, 0x36, 0x72, 0xa4, + 0x94, 0x50, 0x49, 0x10, 0x20, 0x1b, 0xb4, 0x51, + 0x61, 0x42, 0x44, 0x24, 0xa7, 0x50, 0x01, 0x32, + 0x81, 0x81, 0x94, 0x2d, 0x62, 0xa8, 0x50, 0x02, + 0x34, 0x49, 0xca, 0x94, 0x20, 0x0b, 0x29, 0x62, + 0x13, 0x15, 0x64, 0x08, 0x92, 0x4c, 0x48, 0x12, + 0x21, 0x00, 0xb6, 0x05, 0x03, 0x02, 0x08, 0xe0, + 0x06, 0x02, 0x00, 0xa3, 0x11, 0xe1, 0x80, 0x20, + 0x21, 0x11, 0x64, 0x83, 0xa6, 0x28, 0x98, 0x02, + 0x92, 0x91, 0x48, 0x08, 0x01, 0x08, 0x30, 0x41, + 0x06, 0x66, 0x13, 0x20, 0x0e, 0x5b, 0x36, 0x09, + 0x51, 0x40, 0x0c, 0x53, 0x00, 0x0a, 0xa0, 0x88, + 0x51, 0x94, 0x48, 0x42, 0xe3, 0x16, 0x70, 0x4a, + 0xb2, 0x08, 0x9b, 0x92, 0x44, 0x00, 0x25, 0x12, + 0x1b, 0x03, 0x09, 0x41, 0x82, 0x09, 0xc2, 0xa0, + 0x80, 0x0b, 0x29, 0x0a, 0x81, 0x98, 0x51, 0xc4, + 0x34, 0x0d, 0xa4, 0x42, 0x45, 0x00, 0xa0, 0x10, + 0x5b, 0x04, 0x8e, 0x60, 0x34, 0x00, 0x13, 0x89, + 0x28, 0xa4, 0x42, 0x26, 0x48, 0x00, 0x2c, 0x90, + 0x20, 0x2d, 0x19, 0x40, 0x68, 0xe2, 0x14, 0x6d, + 0x19, 0x27, 0x8a, 0x08, 0x37, 0x46, 0xe4, 0x14, + 0x69, 0x14, 0x00, 0x64, 0x22, 0xc6, 0x60, 0xd3, + 0xa0, 0x30, 0x13, 0x24, 0x28, 0x44, 0x96, 0x50, + 0x14, 0x16, 0x6d, 0xa0, 0x28, 0x4d, 0xcc, 0x46, + 0x2e, 0x94, 0x36, 0x71, 0x00, 0x23, 0x2e, 0x1c, + 0x11, 0x49, 0x09, 0xa2, 0x04, 0x01, 0x31, 0x06, + 0x0a, 0x21, 0x72, 0xc2, 0x14, 0x2a, 0xda, 0x00, + 0x0c, 0x5a, 0x26, 0x0d, 0x13, 0x22, 0x8a, 0x62, + 0xc4, 0x44, 0xe3, 0x14, 0x2d, 0x01, 0x34, 0x45, + 0x98, 0x02, 0x24, 0xd3, 0x38, 0x41, 0xc0, 0x30, + 0x81, 0x21, 0xa6, 0x21, 0xe3, 0x48, 0x72, 0x0b, + 0x19, 0x84, 0xd2, 0xc8, 0x91, 0x08, 0xb8, 0x69, + 0x08, 0x87, 0x71, 0x4a, 0x28, 0x84, 0xd4, 0x96, + 0x45, 0x1a, 0x93, 0x01, 0xca, 0x22, 0x85, 0xda, + 0x30, 0x85, 0x9a, 0xc8, 0x51, 0xdc, 0xc0, 0x08, + 0x20, 0x10, 0x60, 0x60, 0x46, 0x52, 0x62, 0x30, + 0x2a, 0xa2, 0x24, 0x25, 0x10, 0x44, 0x64, 0x0b, + 0x28, 0x42, 0x98, 0x80, 0x11, 0x54, 0x06, 0x92, + 0x14, 0x42, 0x51, 0xd2, 0x36, 0x71, 0x9b, 0xb4, + 0x90, 0x0b, 0x08, 0x28, 0x90, 0x18, 0x8e, 0x41, + 0xc4, 0x69, 0xe1, 0xa4, 0x69, 0x03, 0x21, 0x60, + 0xe0, 0x14, 0x09, 0xd3, 0x02, 0x0c, 0x20, 0xc8, + 0x8c, 0x1c, 0xb2, 0x31, 0x64, 0x08, 0x62, 0x18, + 0x47, 0x69, 0x20, 0x22, 0x8c, 0xcb, 0x84, 0x70, + 0x08, 0x95, 0x28, 0x02, 0x95, 0x50, 0x53, 0x32, + 0x70, 0x01, 0x34, 0x05, 0x88, 0x84, 0x24, 0x54, + 0x10, 0x41, 0xd2, 0x02, 0x88, 0x1a, 0xa8, 0x4c, + 0xca, 0xc8, 0x81, 0x81, 0x00, 0x8d, 0x03, 0x92, + 0x89, 0x9a, 0xb8, 0x09, 0xd9, 0x90, 0x0c, 0x9a, + 0x12, 0x90, 0x61, 0x40, 0x65, 0xc9, 0x32, 0x2d, + 0x89, 0x86, 0x0c, 0x12, 0x35, 0x21, 0xcc, 0x42, + 0x66, 0xc8, 0x36, 0x00, 0x10, 0x06, 0x24, 0x11, + 0x02, 0x8e, 0xa3, 0xb4, 0x4d, 0x44, 0x02, 0x30, + 0x43, 0xa0, 0x28, 0x5a, 0x00, 0x2e, 0xd1, 0x98, + 0x0c, 0x48, 0x82, 0x65, 0x89, 0x22, 0x44, 0x1c, + 0x01, 0x02, 0x12, 0x90, 0x70, 0x84, 0x22, 0x6e, + 0x12, 0x13, 0x4d, 0x01, 0x19, 0x02, 0x51, 0x90, + 0x64, 0x11, 0x33, 0x64, 0xc9, 0x18, 0x06, 0xc2, + 0xc0, 0x45, 0x89, 0x26, 0x29, 0x08, 0xb6, 0x30, + 0x24, 0x30, 0x8c, 0xda, 0x02, 0x2e, 0x0c, 0x27, + 0x25, 0x0b, 0x36, 0x70, 0x58, 0x16, 0x2c, 0x51, + 0x16, 0x42, 0x0b, 0x49, 0x46, 0xc1, 0x20, 0x88, + 0x41, 0x24, 0x6c, 0x99, 0x46, 0x6a, 0x04, 0x43, + 0x4e, 0x18, 0xa8, 0x6c, 0x82, 0x16, 0x61, 0x92, + 0x20, 0x28, 0x63, 0x94, 0x09, 0xc3, 0x02, 0x11, + 0x02, 0x95, 0x20, 0x21, 0x17, 0x82, 0xd4, 0x38, + 0x68, 0x00, 0x34, 0x60, 0xc8, 0x46, 0x88, 0xe0, + 0x16, 0x00, 0x00, 0xa3, 0x2d, 0xc0, 0xa8, 0x28, + 0x24, 0xb6, 0x40, 0x83, 0x14, 0x64, 0xc8, 0x10, + 0x22, 0xa2, 0x08, 0x65, 0x03, 0x23, 0x4a, 0xc8, + 0x12, 0x2e, 0xa0, 0x98, 0x41, 0x8c, 0x20, 0x72, + 0xcc, 0x30, 0x8a, 0x62, 0xc6, 0x65, 0x09, 0x34, + 0x08, 0x41, 0x26, 0x82, 0xda, 0x42, 0x90, 0x89, + 0x32, 0x85, 0x14, 0x96, 0x70, 0x81, 0x22, 0x60, + 0x01, 0x17, 0x6d, 0x59, 0x48, 0x42, 0x8a, 0xb8, + 0x8d, 0x59, 0x20, 0x51, 0xd8, 0x08, 0x92, 0xe2, + 0xc0, 0x88, 0x90, 0x44, 0x70, 0x0a, 0xc0, 0x24, + 0x5a, 0x02, 0x09, 0x04, 0x21, 0x8a, 0x59, 0xc4, + 0x50, 0x94, 0x44, 0x10, 0x94, 0x14, 0x08, 0x20, + 0x46, 0x02, 0x09, 0x27, 0x0c, 0x44, 0x10, 0x20, + 0xdc, 0xc8, 0x20, 0x92, 0x12, 0x01, 0x50, 0x38, + 0x25, 0x0c, 0x45, 0x6e, 0x4a, 0x16, 0x66, 0x22, + 0x37, 0x70, 0xdc, 0x80, 0x8c, 0xa4, 0x26, 0x41, + 0x22, 0x22, 0x44, 0x1b, 0xa3, 0x61, 0x8a, 0x34, + 0x30, 0x99, 0x84, 0x40, 0x99, 0xc4, 0x29, 0x52, + 0x04, 0x6d, 0x88, 0x14, 0x6c, 0xcb, 0x24, 0x2a, + 0x7c, 0xd1, 0x29, 0xa8, 0xd3, 0x33, 0x11, 0x5c, + 0x62, 0xd0, 0x33, 0xb6, 0xa8, 0x35, 0x7c, 0xf7, + 0xcd, 0x10, 0x26, 0x8a, 0xb1, 0x2f, 0x16, 0xfc, + 0xeb, 0x79, 0x75, 0xd0, 0xa2, 0x8a, 0x6c, 0x48, + 0x22, 0x21, 0x3c, 0x9a, 0x77, 0x2d, 0xf0, 0x84, + 0xad, 0x91, 0xa6, 0x69, 0xe2, 0x04, 0x05, 0x50, + 0xfc, 0x5e, 0x8d, 0x0a, 0xeb, 0x10, 0xfa, 0xb2, + 0x37, 0x5f, 0xc9, 0x62, 0x5e, 0xf9, 0xcd, 0x48, + 0xc1, 0x96, 0x31, 0x99, 0x7a, 0x1c, 0xb6, 0x45, + 0x5d, 0x2c, 0x62, 0x86, 0xc5, 0x69, 0xc9, 0x63, + 0x7a, 0xdd, 0x03, 0x17, 0xce, 0x99, 0x09, 0x96, + 0xb2, 0x8e, 0x51, 0xc3, 0xf3, 0xf7, 0x17, 0xfb, + 0x59, 0x07, 0xbb, 0xdd, 0x53, 0x96, 0x1a, 0xd3, + 0x49, 0x7f, 0x2c, 0x3c, 0x47, 0x3c, 0xce, 0x17, + 0x09, 0x06, 0xac, 0x4c, 0x62, 0x4a, 0x89, 0xaa, + 0x8f, 0xbe, 0x62, 0x4d, 0x99, 0x38, 0x5e, 0x9c, + 0x95, 0x48, 0xbf, 0x05, 0xe8, 0xca, 0xfd, 0x47, + 0xd2, 0x47, 0x6e, 0x41, 0xb7, 0x30, 0x01, 0xf8, + 0x13, 0x72, 0x64, 0x99, 0xe8, 0x8b, 0x2b, 0x3b, + 0x6f, 0x59, 0x6c, 0xa3, 0x11, 0x65, 0x78, 0x50, + 0x34, 0x65, 0x98, 0x99, 0x4c, 0x40, 0xe3, 0x47, + 0x47, 0x16, 0x1e, 0x4e, 0x76, 0x26, 0x4d, 0xee, + 0xf2, 0xa3, 0x01, 0x93, 0x89, 0xd1, 0x59, 0x4c, + 0x94, 0x23, 0x01, 0xaf, 0x47, 0xb7, 0x54, 0x4c, + 0x23, 0xec, 0xda, 0x2d, 0xf2, 0xde, 0xce, 0x81, + 0xe4, 0x87, 0xd8, 0xf3, 0xf5, 0x8e, 0xa8, 0x9c, + 0xd8, 0x11, 0xd7, 0x27, 0x58, 0x07, 0xff, 0x1b, + 0x03, 0x69, 0xba, 0x86, 0x47, 0x00, 0x88, 0xc1, + 0x74, 0xa3, 0x09, 0x9f, 0xda, 0xfb, 0xe5, 0xfb, + 0xb4, 0xd1, 0x58, 0x80, 0x10, 0x53, 0xb2, 0xb4, + 0x35, 0xd5, 0x40, 0x59, 0xe2, 0x6d, 0xee, 0x76, + 0xd1, 0x0a, 0x7a, 0x37, 0x2f, 0x06, 0xb0, 0xb8, + 0x8b, 0x98, 0x5b, 0x32, 0xf5, 0x20, 0x52, 0x38, + 0x74, 0x38, 0xbe, 0x8d, 0xc8, 0xbc, 0x6a, 0xe7, + 0x36, 0x9e, 0x2d, 0xa9, 0xaa, 0x5e, 0x25, 0x85, + 0xf8, 0xde, 0x40, 0x3d, 0x09, 0x1c, 0xcb, 0x7f, + 0x79, 0x0d, 0x54, 0xdd, 0xb3, 0x4c, 0x60, 0x8b, + 0x08, 0x76, 0xf2, 0x82, 0x5e, 0x91, 0x13, 0xbe, + 0x20, 0xa2, 0xb8, 0x58, 0x67, 0xa0, 0x1b, 0xda, + 0x53, 0x28, 0x7a, 0xc7, 0x80, 0xbc, 0xd8, 0xb6, + 0x06, 0xd2, 0xe6, 0xd7, 0x71, 0x2c, 0x56, 0xce, + 0x01, 0x42, 0xd2, 0x2f, 0xe6, 0xb7, 0x86, 0xde, + 0x54, 0x49, 0x63, 0xe1, 0x34, 0xfe, 0xce, 0xdf, + 0xaf, 0xb8, 0x3d, 0x76, 0x30, 0x61, 0xd7, 0x99, + 0x09, 0x6a, 0x59, 0xe3, 0x0d, 0x44, 0x72, 0xe4, + 0x40, 0xae, 0x1f, 0xaa, 0xab, 0xdf, 0x42, 0x64, + 0x0c, 0xe6, 0x97, 0x40, 0xce, 0xb9, 0xca, 0xe1, + 0xa9, 0x61, 0x2c, 0x21, 0x93, 0x1b, 0x74, 0xaf, + 0x3f, 0x78, 0x02, 0x36, 0x12, 0x33, 0x21, 0xb2, + 0x05, 0xb6, 0xef, 0xd6, 0xcb, 0xb1, 0x34, 0xf4, + 0xc7, 0x3d, 0x63, 0xc0, 0xc1, 0x3e, 0x66, 0x0b, + 0x59, 0xd5, 0x92, 0x0b, 0xc3, 0x31, 0x97, 0xc3, + 0x55, 0x85, 0x3d, 0x8d, 0x1c, 0xdd, 0xc7, 0x95, + 0x9f, 0x7b, 0xc5, 0x00, 0xac, 0x81, 0xd9, 0x85, + 0x01, 0x6f, 0x5b, 0x89, 0xa0, 0xee, 0xc7, 0x9b, + 0x0d, 0x93, 0x64, 0xea, 0xd8, 0xe3, 0x85, 0x77, + 0xc2, 0xa6, 0x54, 0x9f, 0x2d, 0x06, 0x7c, 0xb0, + 0x94, 0x38, 0xfd, 0xb2, 0x12, 0x20, 0xae, 0xc8, + 0x0f, 0x6e, 0x22, 0xa4, 0x76, 0xf3, 0x32, 0xa2, + 0xa4, 0xa0, 0xb7, 0xac, 0xbe, 0xb9, 0xe0, 0x78, + 0xd2, 0xb5, 0xa9, 0x2a, 0xe8, 0x4c, 0x92, 0x4f, + 0x7c, 0xb1, 0x9f, 0xc7, 0xdf, 0x37, 0x7b, 0xeb, + 0x65, 0x46, 0xaf, 0x97, 0xaa, 0x98, 0x5c, 0x74, + 0x7c, 0xd1, 0x11, 0xa1, 0x27, 0xa6, 0x74, 0xb4, + 0xc2, 0x6d, 0x89, 0xc1, 0x44, 0x85, 0xb8, 0x2e, + 0x3a, 0x49, 0x8a, 0x12, 0xd0, 0x54, 0x06, 0xfe, + 0xbd, 0x6c, 0x4d, 0x4b, 0x8b, 0xc0, 0x51, 0xab, + 0x2c, 0xb9, 0x12, 0x24, 0xb0, 0x78, 0x53, 0x83, + 0x74, 0xb7, 0x94, 0xb7, 0xdd, 0x9d, 0xdf, 0x3a, + 0xc2, 0xb4, 0xa6, 0x71, 0xfb, 0x7b, 0x9c, 0xf5, + 0xac, 0xb7, 0x86, 0x22, 0xae, 0x27, 0x09, 0xeb, + 0x2d, 0xb1, 0x69, 0x43, 0xaa, 0x24, 0xa9, 0xc9, + 0x7a, 0x81, 0x07, 0x7b, 0xc7, 0x84, 0xd2, 0x5c, + 0x0e, 0xa5, 0x99, 0x1d, 0x2d, 0xe8, 0x83, 0x79, + 0x8a, 0x1f, 0x0e, 0x78, 0xf3, 0x36, 0x1e, 0xd6, + 0xa1, 0x0d, 0xde, 0xd8, 0x1b, 0x1d, 0x68, 0x36, + 0x58, 0x33, 0x15, 0x34, 0xfd, 0x7c, 0x01, 0xbc, + 0x0e, 0xb0, 0x0d, 0xfc, 0x4c, 0x3c, 0x84, 0xf0, + 0x69, 0x30, 0x46, 0xff, 0x80, 0x6b, 0xb2, 0x00, + 0xdd, 0x7b, 0xd4, 0xc0, 0xe6, 0xab, 0xca, 0x3f, + 0x29, 0x34, 0xb4, 0x81, 0x4f, 0xc0, 0xe1, 0xf8, + 0xbe, 0x61, 0x5a, 0x2d, 0xda, 0x7c, 0x8a, 0x8d, + 0x06, 0xcf, 0x9c, 0xe8, 0x56, 0x6b, 0x40, 0xf4, + 0xa6, 0x54, 0x3b, 0x25, 0xba, 0xcd, 0xdc, 0x92, + 0x68, 0x63, 0xfc, 0x0f, 0xa2, 0x00, 0x7d, 0x6d, + 0x7b, 0xf6, 0xd1, 0x8d, 0xc9, 0x8d, 0xf6, 0x96, + 0xbd, 0x08, 0x65, 0xbf, 0x0b, 0xe4, 0xc4, 0x92, + 0xb8, 0x04, 0x3a, 0x32, 0xde, 0xf8, 0xe3, 0x59, + 0x5b, 0xa7, 0xda, 0x34, 0x52, 0x52, 0xf3, 0x8f, + 0x95, 0xbe, 0x10, 0xfd, 0x7f, 0xb8, 0x99, 0xb4, + 0x98, 0xfa, 0x01, 0xb0, 0x9d, 0xe5, 0xd5, 0x60, + 0x8e, 0xab, 0xc4, 0x4a, 0x72, 0x1a, 0xa0, 0x4c, + 0x4e, 0xf1, 0xdc, 0xb8, 0x61, 0x02, 0xac, 0x5f, + 0x5f, 0x79, 0xc9, 0x70, 0x8d, 0xcf, 0x5c, 0x5e, + 0x89, 0x6e, 0xdd, 0x8c, 0x2c, 0x7b, 0xde, 0x3f, + 0xa8, 0x3e, 0x6f, 0xfc, 0xe2, 0x2d, 0x66, 0x17, + 0x4e, 0x31, 0x65, 0x7a, 0x0b, 0x63, 0x61, 0x58, + 0x5e, 0x66, 0x9d, 0x30, 0x31, 0x95, 0x2f, 0x08, + 0x63, 0x1a, 0xe1, 0xf1, 0x6f, 0xf9, 0x0b, 0x90, + 0xd0, 0xaa, 0xd3, 0xc6, 0xd7, 0xe1, 0xdd, 0x0a, + 0x9c, 0x41, 0xab, 0x00, 0xa6, 0xe1, 0xc4, 0xf9, + 0x6a, 0xf9, 0xac, 0x5b, 0x79, 0xfc, 0xf8, 0x21, + 0xff, 0xc0, 0x16, 0xcb, 0x05, 0x92, 0x45, 0xfb, + 0x78, 0xdb, 0xe6, 0xc6, 0x33, 0xd9, 0x65, 0xaa, + 0xab, 0x53, 0x33, 0xbe, 0x07, 0x19, 0x5c, 0x4b, + 0x74, 0xb1, 0x8e, 0x46, 0x00, 0xce, 0x78, 0x3c, + 0x0a, 0x91, 0x4e, 0xf4, 0x28, 0x10, 0x16, 0xe8, + 0x0a, 0x7c, 0x9a, 0xa9, 0x2d, 0x0f, 0xd7, 0x89, + 0x87, 0x9c, 0x5e, 0x67, 0x51, 0x12, 0x5e, 0xcb, + 0x15, 0x44, 0x32, 0x31, 0x1e, 0x41, 0xce, 0xbd, + 0x4f, 0xab, 0x3a, 0x31, 0xe4, 0xd2, 0xce, 0x22, + 0xd0, 0xf8, 0xc6, 0x77, 0x37, 0xbf, 0x8a, 0x0d, + 0xd8, 0x5f, 0xe1, 0x34, 0x9d, 0x50, 0x79, 0xa4, + 0xd5, 0xfe, 0xb3, 0xfe, 0xe9, 0x37, 0x8c, 0xa4, + 0x7a, 0xe4, 0x6c, 0xc5, 0x8a, 0x3f, 0x02, 0x03, + 0x8c, 0xfd, 0x53, 0xc4, 0xce, 0xe9, 0xcc, 0x42, + 0x70, 0xce, 0xbc, 0x3d, 0x11, 0x5a, 0x39, 0xc8, + 0x31, 0xe8, 0xed, 0x41, 0xc4, 0xdb, 0xe4, 0x05, + 0x1b, 0x51, 0xd7, 0x87, 0x2b, 0xa0, 0xc2, 0xbb, + 0x16, 0x3e, 0x00, 0x85, 0x20, 0x11, 0x88, 0xea, + 0xa6, 0x24, 0xa6, 0xbe, 0xa9, 0x40, 0x0a, 0x3a, + 0x1f, 0xcc, 0x35, 0x5a, 0x57, 0xf1, 0x57, 0x04, + 0xe6, 0x1f, 0xda, 0x55, 0xa5, 0xdb, 0xae, 0xa8, + 0x44, 0x8f, 0xa5, 0xcb, 0x2d, 0x37, 0x7a, 0x07, + 0xf5, 0x83, 0x05, 0xad, 0x10, 0x7e, 0x84, 0x4a, + 0xb4, 0x80, 0x6e, 0x5b, 0xf9, 0x9c, 0x1f, 0x51, + 0x3e, 0xe1, 0xd0, 0xa2, 0xac, 0xc0, 0x45, 0x49, + 0xf0, 0x80, 0x17, 0x42, 0x16, 0x9a, 0x77, 0x97, + 0x1d, 0x0a, 0xdb, 0xfb, 0xfe, 0x0d, 0xd2, 0xee, + 0x5d, 0x16, 0xbc, 0x46, 0x1e, 0x35, 0x74, 0x8d, + 0x1f, 0x3f, 0x6f, 0x45, 0x98, 0x32, 0x1e, 0x8c, + 0x49, 0xe7, 0x9e, 0x74, 0x0f, 0x99, 0x03, 0x59, + 0x85, 0x8d, 0x27, 0x29, 0xdd, 0xe0, 0x07, 0xfc, + 0xb2, 0x6f, 0xdd, 0xa9, 0xaa, 0x6e, 0x2e, 0xc4, + 0xbd, 0x73, 0x6f, 0x28, 0x36, 0xe7, 0xe4, 0xc8, + 0x34, 0x40, 0x19, 0x1c, 0x84, 0x9f, 0x6a, 0x53, + 0xc7, 0x2a, 0x4f, 0x8f, 0x83, 0x0d, 0x00, 0x1e, + 0xa3, 0xb1, 0x8f, 0x3c, 0xb4, 0xa5, 0xbd, 0x3c, + 0xf0, 0x66, 0x03, 0x2b, 0x49, 0x32, 0xcf, 0xd2, + 0xe6, 0x2a, 0x9b, 0x55, 0x72, 0x3f, 0xa6, 0x1c, + 0x68, 0x8c, 0x93, 0x55, 0x18, 0xaf, 0x68, 0x60, + 0xcd, 0x64, 0x9b, 0xfb, 0xf1, 0xbf, 0x5f, 0xdc, + 0x1f, 0x36, 0xdc, 0xae, 0xfa, 0xa1, 0x57, 0x43, + 0x8d, 0x1c, 0xc8, 0xd5, 0x6a, 0x15, 0x01, 0x61, + 0x51, 0x1d, 0xf8, 0x26, 0x31, 0xf5, 0xe8, 0x8e, + 0x77, 0x3e, 0x4c, 0xe2, 0x63, 0xf2, 0x76, 0xb7, + 0xb3, 0x67, 0x8d, 0x4c, 0x6f, 0xc7, 0x53, 0x11, + 0xd4, 0x11, 0xc0, 0xd0, 0x1b, 0xfd, 0xb5, 0x95, + 0xbb, 0x70, 0x55, 0x28, 0x38, 0xe1, 0xb8, 0x65, + 0x17, 0xc8, 0x37, 0xd9, 0x09, 0xe7, 0x72, 0xb4, + 0x28, 0x59, 0x9e, 0x1f, 0xe5, 0x69, 0xf7, 0x7c, + 0xe6, 0x15, 0x31, 0xfd, 0xe6, 0xfd, 0x31, 0xcd, + 0xce, 0x1b, 0xde, 0xe4, 0xba, 0x46, 0x7f, 0xcb, + 0xfb, 0xb9, 0xfe, 0xea, 0xad, 0x99, 0xfe, 0xf6, + 0x7d, 0x49, 0x06, 0xe0, 0x36, 0xc7, 0x36, 0x62, + 0xdd, 0xce, 0x15, 0x8d, 0x4e, 0x5d, 0x46, 0x35, + 0xe5, 0xd3, 0x66, 0xf7, 0x9f, 0x31, 0xa1, 0x9d, + 0x1b, 0x3d, 0xc4, 0xa5, 0x91, 0xb0, 0xdf, 0x19, + 0x4b, 0xb0, 0x6c, 0x18, 0x14, 0x7f, 0x41, 0xd8, + 0x8d, 0x1a, 0x40, 0x9b, 0xec, 0xdf, 0xb6, 0x7e, + 0xb0, 0x63, 0xd1, 0x63, 0x12, 0x26, 0x6f, 0xd5, + 0x1b, 0x52, 0x1b, 0xa9, 0x11, 0x5e, 0x2e, 0x5e, + 0x2a, 0xea, 0xe6, 0xec, 0x51, 0x1c, 0xed, 0xe1, + 0x3e, 0xd4, 0x13, 0x2f, 0xfb, 0xe0, 0x27, 0x3f, + 0x6c, 0x70, 0x39, 0xb3, 0x87, 0x4f, 0x05, 0x88, + 0x04, 0xa5, 0x48, 0x09, 0xaf, 0x60, 0x55, 0x7a, + 0x21, 0xd9, 0xb4, 0xb8, 0x31, 0xd0, 0x41, 0x56, + 0xa7, 0xc2, 0x2d, 0xcb, 0xcd, 0xfe, 0x14, 0xf6, + 0x24, 0x37, 0xf4, 0x49, 0xcb, 0x5e, 0xf1, 0x2b, + 0xf4, 0x25, 0x1d, 0x48, 0x54, 0x96, 0xcd, 0x83, + 0x5c, 0x0c, 0x2b, 0xc5, 0x8b, 0xd8, 0x45, 0x96, + 0x3d, 0xfa, 0x76, 0xec, 0xd6, 0x85, 0x19, 0xc4, + 0xbd, 0xaf, 0x11, 0x0b, 0xe7, 0xab, 0x05, 0x28, + 0x76, 0xdc, 0x34, 0x07, 0x59, 0x15, 0x68, 0xc9, + 0x56, 0xea, 0x3b, 0xf1, 0x07, 0xc9, 0x0f, 0xd5, + 0x85, 0x3a, 0x29, 0x2f, 0x59, 0xa8, 0xd4, 0xb5, + 0x8b, 0x5d, 0x3f, 0xdd, 0xf2, 0x9b, 0xdb, 0xea, + 0xc3, 0x68, 0x52, 0xe3, 0xc6, 0x97, 0x66, 0xfe, + 0x46, 0x01, 0x76, 0xa8, 0x01, 0x83, 0x12, 0x92, + 0xb8, 0xe8, 0x8a, 0x74, 0xa0, 0x1e, 0xcb, 0xbe, + 0x09, 0xa7, 0xb4, 0xd7, 0x4c, 0xfd, 0x7f, 0xd6, + 0x28, 0x84, 0x19, 0x44, 0xd9, 0xd5, 0x56, 0xdb, + 0xd6, 0x0c, 0x76, 0xf9, 0x6f, 0x07, 0xdc, 0x53, + 0x44, 0x38, 0x05, 0xee, 0x9a, 0xa0, 0x93, 0x65, + 0xde, 0x4f, 0xb8, 0x17, 0x92, 0x52, 0xc6, 0xb0, + 0x99, 0xb5, 0xdd, 0x35, 0x1f, 0xde, 0xfc, 0x23, + 0xdb, 0xd8, 0x09, 0x05, 0x96, 0xc5, 0xd2, 0x08, + 0xff, 0xd2, 0xc5, 0x66, 0x1d, 0x8e, 0x56, 0x12, + 0xdd, 0x57, 0x4f, 0xc6, 0x90, 0x45, 0xc7, 0x69, + 0xa9, 0x69, 0xe6, 0x00, 0xd7, 0x7c, 0xfe, 0x19, + 0x2f, 0x1d, 0x3a, 0xe9, 0x11, 0x28, 0x93, 0x55, + 0xc5, 0x85, 0x81, 0x14, 0x91, 0xb0, 0xcc, 0xd7, + 0x36, 0x92, 0xab, 0x15, 0x88, 0x24, 0xab, 0x9e, + 0xdf, 0x8a, 0xc8, 0x19, 0x3f, 0x0b, 0x33, 0xe6, + 0x13, 0x8b, 0x72, 0xc6, 0xdc, 0xd5, 0xd3, 0x44, + 0xf8, 0x07, 0xb3, 0xda, 0x92, 0x42, 0x50, 0x37, + 0xde, 0x5e, 0xa4, 0xee, 0xad, 0x1c, 0x79, 0x5e, + 0xff, 0xaa, 0x14, 0x5e, 0x2e, 0xcd, 0xd3, 0x27, + 0x60, 0x6e, 0xb2, 0x60, 0x99, 0x29, 0xb9, 0x47, + 0x4b, 0x2b, 0xb0, 0x46, 0x53, 0x60, 0x25, 0x55, + 0xc0, 0x68, 0x38, 0x5e, 0x92, 0xf0, 0x6f, 0x29, + 0xca, 0x61, 0x3c, 0xe5, 0xb4, 0x40, 0x4f, 0x01, + 0xab, 0x18, 0x05, 0xdb, 0x0a, 0xca, 0xa8, 0x90, + 0x33, 0x0d, 0x29, 0x1f, 0x40, 0x69, 0x2d, 0xf3, + 0x82, 0x50, 0x93, 0x02, 0xb6, 0xdc, 0x86, 0x68, + 0xf2, 0xc8, 0xf2, 0xd3, 0xa4, 0x4f, 0xd5, 0x8d, + 0xca, 0x26, 0xe9, 0x80, 0x27, 0x94, 0xf7, 0x3d, + 0x25, 0xb3, 0x14, 0x9e, 0x6d, 0x57, 0x64, 0x41 + }; + /* Message (33 bytes) */ + static const byte msg_44[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_44[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signing randomness (32 bytes) */ + static const byte rnd_44[] = { + 0x62, 0x55, 0x56, 0x3b, 0xa9, 0x61, 0x77, 0x21, + 0x46, 0xca, 0x08, 0x67, 0x67, 0x8d, 0x56, 0x78, + 0x7c, 0xad, 0x77, 0xab, 0x4f, 0xc8, 0xfc, 0xfe, + 0x9e, 0x02, 0xdf, 0x83, 0x9c, 0x99, 0x42, 0x4d + }; + /* Expected signature with empty context (ctx=NULL, ctxLen=0), 2420 bytes */ + static const byte sig_44_ctx0[] = { + 0x5e, 0x71, 0x6f, 0xe1, 0x3d, 0xf9, 0x71, 0xd5, + 0x0b, 0xf0, 0x14, 0xca, 0xaa, 0x51, 0xa5, 0x45, + 0xcc, 0xad, 0xf8, 0x09, 0xef, 0xe0, 0xec, 0xe2, + 0x3d, 0x4d, 0x63, 0x41, 0x58, 0xfe, 0xde, 0xd4, + 0x96, 0x1c, 0x04, 0xd2, 0x36, 0x71, 0x82, 0x7f, + 0xd1, 0x61, 0xa0, 0x40, 0xb3, 0x02, 0x30, 0x2f, + 0xe4, 0xc0, 0x0c, 0x61, 0x73, 0xb3, 0xb2, 0x4a, + 0x57, 0x89, 0x34, 0xbd, 0x11, 0x80, 0xd2, 0x18, + 0x26, 0x1b, 0x53, 0x01, 0x52, 0x8a, 0x76, 0x76, + 0x79, 0xc9, 0xdc, 0xef, 0xc5, 0xe6, 0xe8, 0xf6, + 0xfe, 0x4b, 0xe8, 0x17, 0xfc, 0x73, 0xdf, 0x5d, + 0x12, 0x16, 0x5b, 0x61, 0xb3, 0x73, 0xc5, 0x60, + 0x72, 0x0c, 0xa4, 0x93, 0x75, 0x75, 0xab, 0x5e, + 0xb6, 0x4c, 0x02, 0xb3, 0xc9, 0x51, 0xcf, 0x4b, + 0xfa, 0x1e, 0xc2, 0x95, 0x48, 0x3a, 0xa0, 0x55, + 0x94, 0x47, 0x86, 0x1a, 0x46, 0xac, 0xd8, 0x2b, + 0x93, 0xb6, 0x9b, 0x8e, 0x00, 0xed, 0x6c, 0x03, + 0x9c, 0xa8, 0xb6, 0x1c, 0xbb, 0xbd, 0x2d, 0xc9, + 0x08, 0xd2, 0xe3, 0xce, 0x8d, 0x39, 0xb0, 0xb1, + 0x0c, 0xb5, 0x3f, 0xee, 0x75, 0xc7, 0x5d, 0xdd, + 0xc4, 0x8f, 0x95, 0x04, 0x9d, 0x31, 0x6d, 0xc2, + 0x9e, 0x41, 0x7d, 0x16, 0xd9, 0x97, 0x36, 0x82, + 0x7c, 0xcb, 0xa5, 0x4a, 0x73, 0x5e, 0x33, 0x90, + 0x77, 0x99, 0x6d, 0x51, 0xae, 0xf0, 0x3c, 0xd7, + 0x75, 0x8e, 0xbf, 0xda, 0xba, 0xf0, 0x55, 0xd7, + 0x50, 0x99, 0x79, 0xa7, 0x27, 0x92, 0x44, 0x6a, + 0xe1, 0x5d, 0x20, 0x9c, 0x17, 0xcf, 0x26, 0x76, + 0x68, 0x97, 0xed, 0xc3, 0xec, 0x77, 0x70, 0x82, + 0x18, 0x54, 0x43, 0x77, 0x6b, 0x23, 0x1e, 0xff, + 0x18, 0xe7, 0x8b, 0x06, 0x6f, 0xc4, 0xd0, 0x2e, + 0xf5, 0xc6, 0x6c, 0x50, 0xee, 0x86, 0x16, 0x0e, + 0x37, 0xa2, 0x44, 0x84, 0xdd, 0xaf, 0xe6, 0x3e, + 0x71, 0xdf, 0xd7, 0xca, 0x35, 0x4f, 0x69, 0x4e, + 0x19, 0x1e, 0xfa, 0x00, 0x0b, 0x8c, 0x9f, 0x5f, + 0x80, 0xda, 0xb7, 0x60, 0x0a, 0x8c, 0x07, 0xbe, + 0x1c, 0xb1, 0x14, 0x14, 0xe6, 0x00, 0x17, 0x52, + 0x94, 0x81, 0x75, 0xd2, 0xb8, 0xcf, 0xfc, 0x81, + 0x1b, 0xb8, 0x6c, 0x62, 0x89, 0x3f, 0x60, 0x62, + 0x33, 0x32, 0x1f, 0x43, 0x67, 0xd0, 0xbb, 0xb1, + 0x78, 0xe0, 0x9d, 0x21, 0x76, 0x7e, 0xe9, 0x0f, + 0xcf, 0x48, 0x22, 0x54, 0xd3, 0xc9, 0xc2, 0x1c, + 0xdd, 0x0f, 0xb5, 0x32, 0x5c, 0xfc, 0xa7, 0x30, + 0xad, 0x67, 0xd8, 0xcc, 0x54, 0x15, 0x1c, 0x82, + 0x7b, 0x95, 0x3e, 0x55, 0x29, 0x40, 0xe2, 0x12, + 0x84, 0x88, 0xd5, 0xf5, 0x06, 0x6f, 0x1b, 0xcb, + 0x48, 0x68, 0x38, 0xe7, 0xdf, 0xa0, 0xa4, 0x49, + 0x25, 0x7d, 0x72, 0xe6, 0x8a, 0xdd, 0x8e, 0x82, + 0xba, 0xff, 0xf8, 0xd8, 0x18, 0x6e, 0x4c, 0x58, + 0x81, 0xb3, 0x84, 0x16, 0xac, 0xa3, 0xea, 0x31, + 0x8a, 0xdc, 0x51, 0x3e, 0xbd, 0x45, 0xa2, 0xc7, + 0x35, 0xba, 0x0d, 0x62, 0xaa, 0x16, 0x6c, 0x0c, + 0xc4, 0xb9, 0x38, 0xed, 0x03, 0x76, 0x92, 0xfd, + 0xa9, 0xce, 0xfa, 0x16, 0x8f, 0xf7, 0x36, 0x23, + 0xef, 0x5e, 0x3e, 0x25, 0x9c, 0x2d, 0x5b, 0xd7, + 0xce, 0x1e, 0xd4, 0xf2, 0xcd, 0x60, 0x79, 0x5c, + 0xce, 0x87, 0x91, 0x59, 0xf7, 0x4f, 0xf5, 0x46, + 0x02, 0x26, 0xf2, 0x94, 0x18, 0x38, 0xf4, 0x6f, + 0x00, 0xef, 0xd0, 0x0a, 0x28, 0xd1, 0xf6, 0x7e, + 0x8e, 0x8d, 0xcf, 0xd2, 0x1f, 0xb7, 0x3e, 0xc6, + 0x6f, 0xaa, 0xc6, 0x0c, 0xf8, 0x12, 0x68, 0x76, + 0xef, 0x4a, 0x61, 0x10, 0x37, 0xc6, 0xdc, 0xc3, + 0xae, 0xc0, 0xf6, 0xc8, 0x79, 0x1b, 0xb8, 0x6c, + 0x7c, 0x33, 0xc6, 0x52, 0x89, 0xc4, 0x01, 0xd1, + 0x88, 0xc5, 0xd8, 0x19, 0x02, 0xdc, 0xd9, 0xda, + 0x0b, 0x40, 0xa8, 0xac, 0xe8, 0x70, 0xae, 0xf8, + 0x60, 0x9b, 0xcc, 0x36, 0x3d, 0x65, 0x44, 0x54, + 0x74, 0xf6, 0x4f, 0xb3, 0x03, 0xbf, 0x07, 0x30, + 0x62, 0xcb, 0x78, 0x87, 0x11, 0x2d, 0x14, 0x76, + 0x66, 0x41, 0x0a, 0x29, 0xd2, 0x65, 0xb1, 0x96, + 0xff, 0xba, 0x7e, 0x43, 0x58, 0x8d, 0x8e, 0x8b, + 0x04, 0xfd, 0x1a, 0xbe, 0x9e, 0xb5, 0xe8, 0xf2, + 0x8c, 0x56, 0x6c, 0x0f, 0xde, 0x2c, 0x77, 0x21, + 0xab, 0x6a, 0xe5, 0xa0, 0x12, 0x9a, 0x67, 0x43, + 0x6c, 0xe1, 0x15, 0xf1, 0xb9, 0x34, 0xbb, 0xc2, + 0xe2, 0x58, 0x3d, 0x60, 0xab, 0xff, 0xef, 0x2a, + 0x81, 0xa8, 0xdd, 0x1e, 0x5f, 0xea, 0xfb, 0x0c, + 0x89, 0xe2, 0x2a, 0x9a, 0x92, 0xd7, 0xd2, 0xad, + 0x44, 0x84, 0xf9, 0x9a, 0x8b, 0xd8, 0x05, 0xa3, + 0x18, 0x4a, 0x25, 0x76, 0x90, 0xc2, 0x8e, 0xc4, + 0xb3, 0x2f, 0x05, 0x51, 0xea, 0x84, 0x4e, 0x43, + 0x79, 0x9c, 0xba, 0x61, 0xa6, 0x21, 0x7a, 0xb9, + 0x40, 0x74, 0x24, 0xa8, 0x02, 0x03, 0x88, 0x4a, + 0x5a, 0xd8, 0x5a, 0x37, 0x87, 0x27, 0x01, 0xc2, + 0xe8, 0x13, 0xfb, 0xe4, 0x0c, 0xb4, 0x69, 0x71, + 0xfa, 0xe4, 0x72, 0x40, 0x3f, 0xc2, 0xe9, 0xb9, + 0xd6, 0x4c, 0x06, 0xbf, 0x8e, 0x54, 0x76, 0xfa, + 0x49, 0x0b, 0xca, 0x57, 0x9e, 0xbd, 0x1a, 0x58, + 0x7b, 0x65, 0xf1, 0x04, 0xc8, 0x54, 0x3a, 0x83, + 0x72, 0x61, 0x46, 0x95, 0xdc, 0x25, 0x73, 0x16, + 0xe5, 0x83, 0xcb, 0x95, 0xc3, 0x7d, 0x4a, 0x4f, + 0xf4, 0x88, 0xf9, 0x74, 0xb9, 0x09, 0x5b, 0xd7, + 0xa5, 0x84, 0xd3, 0x4c, 0x67, 0x6f, 0xac, 0x04, + 0x6e, 0x9b, 0x64, 0xa6, 0xd4, 0xa7, 0x06, 0x7e, + 0x37, 0xdb, 0x2b, 0x2c, 0x94, 0xdd, 0xfd, 0x38, + 0xfc, 0x0f, 0x72, 0x45, 0xbb, 0xc1, 0x0d, 0x2a, + 0xfa, 0x27, 0x30, 0x75, 0x07, 0x52, 0x73, 0x33, + 0xc9, 0xe4, 0x89, 0x4e, 0x51, 0xf4, 0x94, 0xff, + 0x41, 0x12, 0xf0, 0x61, 0x67, 0xe0, 0x36, 0xea, + 0x24, 0x94, 0x61, 0xf2, 0x81, 0x6b, 0xbb, 0xe0, + 0x55, 0xc8, 0x71, 0x77, 0x1f, 0x14, 0x28, 0x0e, + 0x87, 0xbd, 0x2c, 0x48, 0xd3, 0x4e, 0x6d, 0xc1, + 0x15, 0xe6, 0xcf, 0xa4, 0x91, 0xb0, 0xe6, 0x35, + 0x78, 0x67, 0xe1, 0x9c, 0xc2, 0xc4, 0x22, 0x55, + 0x5a, 0xa0, 0x8a, 0xf1, 0xc3, 0x2d, 0xd9, 0xec, + 0xa1, 0x7b, 0x5a, 0xf7, 0x5f, 0x93, 0x06, 0x26, + 0x15, 0xcf, 0xc9, 0x0b, 0x9f, 0xed, 0x6e, 0xa0, + 0x2e, 0x75, 0x09, 0x1e, 0xac, 0x03, 0x81, 0x84, + 0x1d, 0x4e, 0xff, 0xc7, 0x30, 0x1e, 0xe3, 0xba, + 0x67, 0xb9, 0x5d, 0x00, 0xec, 0xb5, 0x39, 0x55, + 0x0d, 0xb9, 0x20, 0x9e, 0x22, 0xe7, 0x28, 0x6c, + 0xb9, 0xab, 0x5f, 0x4d, 0xfe, 0xc9, 0xb0, 0x87, + 0x07, 0x01, 0x79, 0x2c, 0x54, 0xbe, 0xa2, 0xf9, + 0x3e, 0x8e, 0xbd, 0x79, 0x26, 0x6a, 0xd4, 0x64, + 0xd8, 0x09, 0x0a, 0x8e, 0x68, 0x46, 0x23, 0xc1, + 0x14, 0xcd, 0x9f, 0x70, 0xa5, 0xfb, 0x6d, 0xf6, + 0x37, 0x94, 0xf8, 0x04, 0xf9, 0x81, 0xb0, 0xb2, + 0xe1, 0xf6, 0x9a, 0x5a, 0xf4, 0xa6, 0x54, 0xd8, + 0x68, 0x0b, 0xd8, 0x72, 0x0c, 0x37, 0x4b, 0x46, + 0x05, 0x45, 0x85, 0xd0, 0xc6, 0x98, 0xaf, 0xc2, + 0x5a, 0x75, 0xf1, 0x3d, 0x22, 0x6d, 0x79, 0x0b, + 0x69, 0x58, 0xdb, 0x89, 0xf8, 0x29, 0x9d, 0x6e, + 0x11, 0xc0, 0xee, 0x49, 0x14, 0xd3, 0x4b, 0xf2, + 0xb6, 0x43, 0x66, 0x91, 0x50, 0x7c, 0x15, 0xcd, + 0x8a, 0x56, 0x8b, 0xe4, 0x88, 0x1a, 0x75, 0xe4, + 0x43, 0x91, 0x1b, 0x06, 0xd8, 0x56, 0xaa, 0x1c, + 0x11, 0x73, 0x45, 0x91, 0x07, 0x6a, 0xab, 0x36, + 0x26, 0xcb, 0x12, 0x64, 0xab, 0xae, 0x68, 0x49, + 0xb5, 0xca, 0x8e, 0xa9, 0x38, 0xc3, 0xea, 0x12, + 0x7c, 0x4e, 0x38, 0xcf, 0x87, 0xdb, 0x9b, 0x04, + 0x03, 0xfb, 0xc3, 0x85, 0xa9, 0xe5, 0xaa, 0xd6, + 0x37, 0xb4, 0xab, 0x75, 0x3b, 0x3d, 0x5d, 0x04, + 0xe9, 0x25, 0x62, 0xfa, 0x35, 0x0f, 0x24, 0xa1, + 0x1f, 0x85, 0xbe, 0x80, 0xe8, 0xff, 0xfd, 0x2c, + 0xe7, 0x2a, 0xba, 0x38, 0x54, 0x2f, 0xe5, 0x2a, + 0x9a, 0x8b, 0xa2, 0xc2, 0x17, 0xdd, 0x00, 0x96, + 0x47, 0xa9, 0x58, 0x33, 0xd4, 0xf4, 0x9d, 0xac, + 0xcd, 0xd6, 0xa8, 0xca, 0x63, 0x48, 0x4e, 0xa1, + 0x7e, 0xfa, 0x8e, 0xa4, 0x92, 0x32, 0x94, 0x50, + 0x3e, 0x9a, 0x5b, 0x1a, 0x1d, 0x99, 0x10, 0x53, + 0x53, 0x52, 0xe9, 0x93, 0xf0, 0xcb, 0x0e, 0xfd, + 0xa1, 0x57, 0xe1, 0x6a, 0xc6, 0x60, 0xf2, 0x23, + 0xed, 0x2c, 0x71, 0x1e, 0xc2, 0x93, 0x7d, 0x19, + 0x8d, 0x69, 0xfe, 0xbb, 0x1f, 0xdc, 0x81, 0xb5, + 0x24, 0x34, 0x0e, 0x85, 0xad, 0x44, 0xbd, 0xcf, + 0x20, 0x98, 0x9a, 0x2d, 0x5e, 0xad, 0x92, 0xa7, + 0xd0, 0x42, 0x9e, 0xd9, 0x79, 0x95, 0x1f, 0x1e, + 0x33, 0xd2, 0xf1, 0x1e, 0x96, 0x5a, 0xf1, 0x9a, + 0xc3, 0x0c, 0xcc, 0xd1, 0xcd, 0x46, 0xc2, 0xf1, + 0xbd, 0x8b, 0x06, 0x41, 0xab, 0xa7, 0x6d, 0xa4, + 0x43, 0x9f, 0x08, 0xaa, 0x7f, 0x84, 0x77, 0xa7, + 0x03, 0x0f, 0x20, 0x95, 0x9d, 0xa0, 0x6e, 0xec, + 0x6a, 0x4d, 0x75, 0x54, 0xa2, 0x70, 0xb0, 0xc2, + 0x61, 0x15, 0xa1, 0xf7, 0x15, 0xe0, 0xe6, 0xbd, + 0x51, 0x2b, 0x44, 0xa2, 0x3e, 0x85, 0xc3, 0x52, + 0xd3, 0xde, 0x79, 0x27, 0x91, 0x80, 0x41, 0x12, + 0xf2, 0x1c, 0x98, 0x02, 0x70, 0x9a, 0xb7, 0x39, + 0xcd, 0x34, 0xa4, 0x25, 0xa1, 0x4c, 0x7e, 0x59, + 0x59, 0x44, 0x75, 0x87, 0x1a, 0xec, 0x48, 0x5e, + 0x17, 0xe7, 0xbc, 0xd8, 0x06, 0x11, 0x1a, 0x41, + 0x63, 0x75, 0x28, 0x16, 0xde, 0xb1, 0x27, 0x9c, + 0xc9, 0x45, 0x2a, 0x22, 0x3e, 0xd8, 0xbd, 0x3a, + 0xb3, 0xb2, 0xbc, 0x30, 0x22, 0x6a, 0x32, 0x58, + 0xb7, 0xfa, 0xc6, 0x33, 0x70, 0x08, 0x62, 0xba, + 0x76, 0xed, 0xf5, 0x85, 0xec, 0x15, 0x66, 0xae, + 0x76, 0xd6, 0x91, 0x91, 0x1e, 0x95, 0x9c, 0xdd, + 0xac, 0x1d, 0x0b, 0x51, 0x19, 0x8d, 0xca, 0x2a, + 0xbd, 0xad, 0x19, 0x96, 0x2e, 0x59, 0x14, 0x72, + 0xc0, 0x0b, 0x83, 0x84, 0x13, 0xb6, 0x7b, 0x35, + 0xcd, 0x54, 0x3c, 0x49, 0xc0, 0x68, 0xd7, 0x1c, + 0x78, 0x27, 0x6d, 0x53, 0x33, 0xaf, 0x03, 0x0d, + 0x1b, 0xf6, 0x8c, 0xe6, 0xdb, 0x16, 0xd4, 0x28, + 0x73, 0xcf, 0xe3, 0x5d, 0x1c, 0x5f, 0xe3, 0xac, + 0x9c, 0x38, 0x41, 0x67, 0x43, 0x11, 0x3a, 0x1c, + 0xac, 0xf4, 0x16, 0x0b, 0x23, 0x96, 0x50, 0x09, + 0x73, 0x43, 0xdf, 0x99, 0xab, 0x4d, 0xa9, 0x01, + 0x1c, 0x20, 0x08, 0x38, 0x17, 0xe4, 0x6c, 0xc9, + 0x41, 0xea, 0xc8, 0x9e, 0x58, 0xb5, 0x40, 0xde, + 0x93, 0x4f, 0x29, 0x08, 0x86, 0xff, 0x3a, 0x38, + 0xdd, 0x94, 0x88, 0x84, 0x7f, 0xe5, 0x64, 0x36, + 0xd4, 0x07, 0xa8, 0xfd, 0x59, 0x77, 0x5a, 0x5c, + 0xbb, 0x53, 0xcc, 0x7f, 0x2f, 0x9b, 0xac, 0xea, + 0xaf, 0x54, 0x7e, 0x69, 0x7e, 0xe9, 0x20, 0x80, + 0x1e, 0x9b, 0x1f, 0xa6, 0xf3, 0x90, 0xd7, 0xba, + 0xaa, 0x8b, 0x32, 0xc1, 0x65, 0x6b, 0x61, 0xbd, + 0xf2, 0x7b, 0x5c, 0x26, 0x8a, 0xe2, 0xa2, 0xc0, + 0xcc, 0xc1, 0x0e, 0xc5, 0x49, 0x57, 0x1b, 0xb4, + 0xef, 0x6a, 0x1e, 0x7b, 0x57, 0x27, 0x66, 0x90, + 0x4d, 0x10, 0x90, 0x3c, 0x14, 0xb3, 0x78, 0xe7, + 0xf8, 0x30, 0x2b, 0xf2, 0x40, 0x50, 0xa3, 0x18, + 0x83, 0xb4, 0xfc, 0x91, 0xb5, 0x1a, 0x75, 0xba, + 0x78, 0x8b, 0x93, 0x94, 0x89, 0x4b, 0xa6, 0xf4, + 0x28, 0xa8, 0xc4, 0xcb, 0xc1, 0x77, 0x68, 0x40, + 0xcd, 0xa5, 0xf8, 0x65, 0x28, 0xec, 0xd0, 0x47, + 0x95, 0xe9, 0x84, 0x40, 0xd3, 0x59, 0x2a, 0xcf, + 0x70, 0xec, 0xc1, 0x5f, 0x68, 0x10, 0x62, 0x65, + 0x00, 0x95, 0x63, 0x2f, 0x69, 0xe8, 0xaf, 0x4f, + 0xf0, 0xeb, 0xb7, 0x18, 0x62, 0xcd, 0x2a, 0x12, + 0x32, 0x20, 0x46, 0x3f, 0xac, 0xca, 0x73, 0x2c, + 0x66, 0xf5, 0xdd, 0x5f, 0x15, 0xe7, 0xf0, 0xfe, + 0x43, 0xfa, 0x9c, 0x26, 0xf3, 0x9c, 0x24, 0x96, + 0x68, 0x0f, 0x84, 0x7a, 0x90, 0x49, 0xb2, 0xd5, + 0x2a, 0x84, 0xb9, 0xc1, 0x97, 0x83, 0x21, 0x50, + 0xc3, 0xbb, 0xc0, 0x2b, 0xad, 0x4c, 0x18, 0x07, + 0xc9, 0xb6, 0xaa, 0x67, 0x15, 0x58, 0x0f, 0xb5, + 0x45, 0x75, 0x1f, 0x9a, 0x8d, 0x50, 0xf6, 0xd6, + 0x78, 0x8f, 0x72, 0x96, 0xb5, 0xd1, 0x54, 0xe7, + 0x93, 0xc4, 0xc6, 0x88, 0x84, 0x10, 0x1e, 0x2f, + 0x65, 0xab, 0x52, 0xed, 0xbc, 0x95, 0xe3, 0x3f, + 0x87, 0xfd, 0x1c, 0xed, 0x92, 0x2a, 0x34, 0x88, + 0x6f, 0x8e, 0x1e, 0xf2, 0x3f, 0xf5, 0xa4, 0x56, + 0x1a, 0x08, 0x11, 0xc8, 0x5a, 0x7d, 0xcf, 0xe0, + 0x43, 0x25, 0x3e, 0xfc, 0x33, 0x6a, 0x65, 0xe7, + 0xf9, 0xa9, 0x9b, 0x71, 0x85, 0x67, 0x7e, 0x13, + 0x01, 0xd3, 0xcd, 0xe0, 0x57, 0x6d, 0x84, 0xa0, + 0xae, 0x5e, 0x6a, 0x30, 0xde, 0x69, 0xc5, 0x1b, + 0xc0, 0xee, 0x4e, 0xe1, 0x97, 0x1a, 0x9d, 0x6b, + 0x67, 0x65, 0x44, 0xdf, 0x60, 0x1e, 0x35, 0x43, + 0x92, 0x9e, 0x9b, 0x47, 0xeb, 0x4d, 0x6c, 0x3c, + 0x08, 0x49, 0x61, 0x5b, 0x0c, 0xf9, 0x2e, 0x57, + 0x0a, 0xe6, 0x81, 0x93, 0x24, 0xf6, 0xcb, 0x3d, + 0xf8, 0xee, 0xa7, 0x36, 0xf3, 0x0d, 0xb0, 0x56, + 0x13, 0x0f, 0xb6, 0x97, 0x8f, 0xef, 0x39, 0xb0, + 0xba, 0xbf, 0x9f, 0x16, 0x01, 0xa0, 0x06, 0xd0, + 0x24, 0x6c, 0x48, 0x6f, 0xd5, 0x36, 0x5f, 0xa9, + 0x25, 0xf0, 0xab, 0x8b, 0xc9, 0x73, 0x26, 0x3b, + 0xd1, 0x34, 0xba, 0x14, 0xdc, 0x0d, 0xef, 0x53, + 0x76, 0xf4, 0x0e, 0x2e, 0x98, 0x33, 0x87, 0x0e, + 0x12, 0x75, 0x97, 0xf2, 0x42, 0xb4, 0x26, 0xd7, + 0xee, 0x53, 0xea, 0x00, 0x45, 0x19, 0xb6, 0xc4, + 0xa5, 0x53, 0xdc, 0x0b, 0x11, 0x0a, 0xa8, 0x99, + 0x98, 0x16, 0x37, 0x0a, 0x77, 0x8a, 0x7a, 0x11, + 0x77, 0xe8, 0xa7, 0x61, 0xb9, 0xeb, 0x02, 0xd5, + 0xf9, 0x52, 0x69, 0xb0, 0xe0, 0x9a, 0x5d, 0xe7, + 0x44, 0x47, 0x44, 0x37, 0x12, 0x3f, 0xb3, 0x37, + 0xba, 0x87, 0x3c, 0x30, 0x23, 0x13, 0x8d, 0x56, + 0x12, 0xad, 0xd0, 0x05, 0x56, 0x9c, 0xf8, 0x8f, + 0x40, 0x86, 0x0b, 0x1a, 0x10, 0xd0, 0xe5, 0xfc, + 0xb5, 0x87, 0x46, 0x1a, 0xc3, 0x15, 0xf2, 0x32, + 0xe0, 0xbe, 0x8b, 0xf7, 0x6f, 0x3d, 0x49, 0x17, + 0xe1, 0x30, 0x59, 0x9e, 0x7f, 0xcf, 0x5c, 0x08, + 0x99, 0xdd, 0x2d, 0x9e, 0xdc, 0xc6, 0xfc, 0x00, + 0x2f, 0x17, 0x54, 0x85, 0x49, 0x91, 0x28, 0xc2, + 0x86, 0x64, 0x69, 0xb8, 0x7d, 0xd0, 0xea, 0xb4, + 0x0a, 0xcd, 0x39, 0x5f, 0x90, 0x46, 0x9b, 0xd0, + 0x32, 0x28, 0xfc, 0x90, 0xc2, 0xa5, 0xf8, 0x30, + 0x6c, 0xfc, 0x36, 0x20, 0xf6, 0x9b, 0x48, 0x21, + 0x7d, 0x27, 0xb7, 0x8a, 0xa0, 0xc5, 0x61, 0xa8, + 0xf3, 0x34, 0xb6, 0x2c, 0x5b, 0xaf, 0x6f, 0x99, + 0xe2, 0xea, 0xe5, 0x2e, 0x80, 0x84, 0xdd, 0xd4, + 0x0d, 0x8e, 0x3f, 0xf0, 0x6f, 0x19, 0x5d, 0xfc, + 0x9e, 0x15, 0xaa, 0xf1, 0xdb, 0x7e, 0x30, 0xf7, + 0x29, 0x87, 0x19, 0x0d, 0xcf, 0x51, 0xdd, 0x9f, + 0xea, 0x81, 0xe8, 0xa2, 0xa7, 0x06, 0x7a, 0x7e, + 0xd5, 0x1d, 0x4a, 0xf3, 0x2d, 0x8d, 0x39, 0xc9, + 0xd2, 0xc6, 0x11, 0x19, 0xeb, 0x83, 0x62, 0xf2, + 0x9a, 0x8f, 0x5a, 0x2a, 0x04, 0xa1, 0xca, 0x52, + 0xac, 0x2c, 0x2f, 0x72, 0xfe, 0x02, 0xbc, 0x34, + 0xce, 0x04, 0xbf, 0xc0, 0xb1, 0x14, 0x1d, 0x68, + 0x23, 0x2d, 0x63, 0x90, 0xc1, 0x56, 0x8a, 0x1f, + 0xf9, 0x48, 0x21, 0x17, 0xe3, 0x8e, 0x04, 0x0a, + 0x89, 0x74, 0xd2, 0x89, 0x44, 0xfb, 0x10, 0xdb, + 0x2f, 0x95, 0x0c, 0x36, 0x83, 0x30, 0x4e, 0x83, + 0xb0, 0x18, 0xbd, 0xee, 0xf9, 0x38, 0x30, 0x04, + 0xda, 0x05, 0x32, 0x01, 0xb0, 0xed, 0x7b, 0x1f, + 0x72, 0xd6, 0xbe, 0x95, 0x6f, 0xd3, 0x98, 0x0a, + 0xbd, 0x00, 0xf0, 0x97, 0x04, 0xdb, 0x00, 0x2c, + 0x77, 0x87, 0x36, 0x21, 0x89, 0xf2, 0xc8, 0x06, + 0xe2, 0x5a, 0x4e, 0x51, 0x01, 0x54, 0xae, 0x69, + 0xd2, 0xec, 0xe2, 0x21, 0x22, 0xd0, 0x9f, 0xe2, + 0x79, 0x60, 0xff, 0x84, 0x1c, 0xf7, 0x1f, 0xf8, + 0x10, 0x6d, 0xac, 0xcb, 0xfb, 0xc0, 0x8b, 0x7b, + 0x46, 0x00, 0x65, 0x42, 0xe3, 0x00, 0x89, 0x65, + 0x88, 0x3b, 0x97, 0x54, 0x77, 0x9a, 0x82, 0x4d, + 0x5b, 0x52, 0x01, 0x20, 0xf8, 0x07, 0x0b, 0xbd, + 0xc6, 0x60, 0x7c, 0x18, 0x4d, 0xc3, 0xc8, 0x3e, + 0xa2, 0x06, 0x2b, 0xfe, 0x98, 0x24, 0xa1, 0xb3, + 0x10, 0x8b, 0x60, 0x21, 0xfd, 0xf3, 0xf7, 0xe6, + 0x5e, 0xa9, 0x8d, 0x7c, 0xf1, 0x15, 0x42, 0x33, + 0x9d, 0x28, 0x2a, 0x60, 0xce, 0xa5, 0x36, 0x4a, + 0x33, 0x90, 0xcb, 0x0d, 0xc0, 0x63, 0xbb, 0x72, + 0x99, 0x29, 0x46, 0xfa, 0x6b, 0xcd, 0x70, 0x87, + 0x98, 0x18, 0x05, 0xb0, 0xaf, 0xdf, 0xa8, 0x4a, + 0xce, 0x5d, 0xfd, 0x6a, 0xce, 0xc9, 0xbb, 0xe0, + 0xaf, 0x77, 0xbb, 0x47, 0xd6, 0xac, 0x2b, 0x28, + 0xe3, 0x89, 0xe7, 0xa8, 0x04, 0xcd, 0xfc, 0x56, + 0x6c, 0x10, 0xe3, 0x63, 0xf9, 0x73, 0x46, 0x38, + 0x4c, 0x8c, 0xf3, 0x20, 0xb1, 0xc5, 0xc2, 0xc7, + 0xb4, 0xef, 0x77, 0x18, 0x96, 0xb6, 0x8f, 0x8c, + 0x22, 0xe7, 0x12, 0x8e, 0x73, 0xf2, 0x3b, 0x28, + 0x6c, 0xbf, 0xb6, 0xab, 0x8e, 0x30, 0x4a, 0x25, + 0x43, 0xf6, 0xca, 0x4f, 0xb9, 0x43, 0x26, 0x84, + 0xd0, 0x69, 0xca, 0xe9, 0x59, 0x7f, 0x32, 0x63, + 0x08, 0x13, 0x16, 0x2e, 0x40, 0x6e, 0x87, 0x8a, + 0xa7, 0xb9, 0xce, 0xd2, 0xd8, 0xf0, 0xfb, 0x0b, + 0x17, 0x28, 0x2a, 0x2c, 0x48, 0x4a, 0x6d, 0x77, + 0x79, 0x84, 0xac, 0xb5, 0xba, 0xd2, 0xdd, 0xeb, + 0xf0, 0xf8, 0x04, 0x0e, 0x22, 0x24, 0x2b, 0x38, + 0x58, 0x70, 0x76, 0x7e, 0x84, 0x9f, 0xb5, 0xbe, + 0xd4, 0xf8, 0x20, 0x22, 0x2c, 0x30, 0x39, 0x47, + 0x67, 0x6b, 0x7c, 0x7f, 0x80, 0x82, 0xc0, 0xe7, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0f, 0x22, 0x32, 0x40 + }; + /* Expected signature with context from gist record 1 (ctxLen=33), 2420 bytes */ + static const byte sig_44_ctx33[] = { + 0xcd, 0xa4, 0xa7, 0x8c, 0xab, 0x6c, 0xed, 0x4e, + 0xcf, 0xa2, 0x56, 0x27, 0xae, 0xce, 0x5d, 0xcf, + 0xba, 0x40, 0xab, 0x7f, 0x29, 0xbc, 0xca, 0x35, + 0x51, 0x7b, 0x0e, 0xf8, 0x17, 0x14, 0xbb, 0x1a, + 0x6b, 0x62, 0x25, 0x09, 0x65, 0x23, 0xa6, 0x3b, + 0x1f, 0x41, 0xe2, 0x58, 0xd1, 0x62, 0x08, 0x81, + 0xbb, 0x0b, 0xc9, 0x0e, 0xf1, 0x79, 0xb6, 0x83, + 0x87, 0x00, 0x1d, 0xe3, 0x51, 0xbf, 0xd8, 0xf1, + 0x42, 0x94, 0x4f, 0xbb, 0x23, 0xcd, 0x16, 0xb4, + 0xf5, 0x69, 0x58, 0xe3, 0x17, 0x9f, 0x35, 0xa1, + 0x72, 0x28, 0xc2, 0x48, 0x63, 0x6a, 0x96, 0xac, + 0x1d, 0x5f, 0xc9, 0xec, 0xd1, 0x1f, 0xd3, 0xea, + 0xd2, 0xcc, 0xac, 0xac, 0x24, 0xbd, 0x6a, 0xaa, + 0x45, 0x71, 0xa8, 0x03, 0x21, 0xbe, 0x96, 0xb2, + 0x53, 0x45, 0xb5, 0x68, 0x10, 0xd6, 0x5c, 0x87, + 0xfa, 0x80, 0xe8, 0xb7, 0xf0, 0xea, 0x1f, 0x7a, + 0xcc, 0xde, 0xb1, 0x71, 0x75, 0x3d, 0x28, 0x72, + 0x5a, 0xb6, 0xd7, 0xc0, 0x66, 0x56, 0xb8, 0xce, + 0xd0, 0x6f, 0x1c, 0xfd, 0x25, 0x96, 0x3c, 0x14, + 0xb8, 0x57, 0xc1, 0xbe, 0xa0, 0x64, 0x11, 0x6f, + 0x25, 0x30, 0x20, 0x2a, 0x9c, 0x3a, 0x3e, 0x8c, + 0xa7, 0x5d, 0xb4, 0x07, 0xc6, 0x70, 0x42, 0x82, + 0xe9, 0x50, 0x51, 0x5a, 0xdb, 0xe2, 0x01, 0x73, + 0x9e, 0xd5, 0x8a, 0xcf, 0xcf, 0xab, 0xe7, 0xfe, + 0x9b, 0x2a, 0xcb, 0x62, 0xf4, 0x9a, 0xac, 0xa5, + 0xfd, 0x64, 0xaf, 0x27, 0x89, 0x0b, 0x47, 0x63, + 0x04, 0x2a, 0x8e, 0x30, 0xb5, 0xb1, 0x20, 0x67, + 0x7b, 0x34, 0x9f, 0x69, 0x3a, 0xdb, 0xbf, 0x64, + 0x2e, 0xcb, 0xb6, 0xc1, 0x1a, 0xca, 0xd9, 0xf7, + 0xea, 0xf5, 0xea, 0x16, 0xd5, 0x4b, 0x24, 0x5d, + 0x61, 0x09, 0x15, 0x73, 0xd5, 0x04, 0x21, 0xea, + 0xe3, 0x4b, 0x98, 0xcc, 0xfb, 0xdc, 0xc6, 0xc3, + 0x6e, 0x82, 0x33, 0x5f, 0xec, 0x44, 0xb3, 0x76, + 0x1b, 0x98, 0xd9, 0x82, 0xa7, 0x95, 0x0d, 0xe4, + 0x90, 0x92, 0xab, 0x05, 0x80, 0x75, 0xfa, 0xbd, + 0xb2, 0x4a, 0xaf, 0xb2, 0xcb, 0xab, 0xad, 0x4f, + 0x50, 0x5f, 0xe8, 0x15, 0x02, 0x1f, 0xd7, 0xb4, + 0xba, 0x70, 0x02, 0xff, 0x09, 0xc9, 0xc9, 0x31, + 0x53, 0x7e, 0xbd, 0xf0, 0x6d, 0xa2, 0xfa, 0x09, + 0xaf, 0x9c, 0x3c, 0x2b, 0xeb, 0x7e, 0xe9, 0x13, + 0xb7, 0x3d, 0x84, 0x3c, 0xb7, 0xd4, 0xc9, 0x8a, + 0xa9, 0x00, 0x8c, 0xc6, 0x83, 0x23, 0x3f, 0x79, + 0x5a, 0x99, 0x45, 0xbd, 0x6a, 0xe1, 0xc6, 0x99, + 0x70, 0xa6, 0x99, 0xf8, 0x22, 0xe8, 0x94, 0x31, + 0xec, 0x46, 0xc2, 0xb7, 0x14, 0x5f, 0x17, 0x0a, + 0xfd, 0x84, 0x3d, 0xf0, 0x9d, 0x93, 0xb1, 0x30, + 0xca, 0x44, 0x77, 0xd9, 0x3b, 0xd9, 0x74, 0x91, + 0x3c, 0xd6, 0xfb, 0x75, 0xd0, 0xc7, 0x8f, 0xa7, + 0x1b, 0xd2, 0xed, 0xc7, 0xdc, 0x02, 0x7d, 0xea, + 0xfc, 0x11, 0xce, 0x40, 0x6c, 0x0b, 0xee, 0x7d, + 0x4c, 0xdc, 0x77, 0x95, 0xbb, 0xbd, 0x3f, 0x39, + 0x6d, 0x5a, 0x8c, 0x28, 0xdc, 0x42, 0xfe, 0x7e, + 0x41, 0xaf, 0xc9, 0xdd, 0x70, 0x23, 0x08, 0xdc, + 0x82, 0x77, 0xd1, 0x7f, 0x5d, 0xec, 0x88, 0xb3, + 0x45, 0x16, 0xb1, 0xa3, 0x8c, 0x75, 0xcb, 0x40, + 0x50, 0x9d, 0xfe, 0x59, 0xaf, 0x08, 0x69, 0xa1, + 0x5a, 0x6e, 0x2b, 0xcf, 0xcc, 0xbf, 0x0b, 0x70, + 0x45, 0xc0, 0xbf, 0x6d, 0xab, 0x17, 0xa9, 0x69, + 0x49, 0x81, 0x77, 0x32, 0xac, 0x7a, 0x7c, 0x81, + 0xf7, 0xb4, 0x9e, 0xd3, 0x9c, 0x95, 0xf5, 0x72, + 0x9c, 0xb9, 0xa3, 0x49, 0xef, 0x1f, 0xd7, 0xb7, + 0xbd, 0xe3, 0x5c, 0x10, 0x83, 0x45, 0xeb, 0xb2, + 0xbe, 0xb3, 0x6b, 0x60, 0x97, 0xa5, 0x4c, 0x32, + 0x2d, 0xd3, 0x37, 0x15, 0x00, 0x91, 0x3b, 0xe0, + 0x49, 0x12, 0x74, 0x6c, 0x7a, 0x2c, 0x40, 0x0b, + 0xd1, 0x5f, 0x0b, 0x5a, 0xaf, 0xb2, 0x32, 0x24, + 0x10, 0x0f, 0x0d, 0x1e, 0xe7, 0x30, 0x0c, 0xf8, + 0xe1, 0xba, 0x86, 0xcb, 0x92, 0xbc, 0xc5, 0x78, + 0xb4, 0xac, 0x4e, 0x7f, 0xfd, 0x1e, 0x47, 0xc2, + 0x90, 0x8e, 0x09, 0xf4, 0x92, 0x27, 0x33, 0x06, + 0x97, 0xbd, 0xc1, 0xa9, 0x46, 0x32, 0x11, 0x52, + 0x6f, 0xf3, 0x5a, 0x3f, 0xbb, 0x1e, 0x3d, 0x9c, + 0x8f, 0xcb, 0xa4, 0x9b, 0x07, 0xea, 0x08, 0x91, + 0xc7, 0x09, 0xc9, 0x22, 0x66, 0x97, 0x0f, 0x38, + 0x4d, 0x5e, 0xcf, 0xbb, 0xa2, 0x1c, 0xc2, 0xc3, + 0x26, 0x3f, 0x6d, 0xeb, 0x82, 0x62, 0x72, 0xe2, + 0xa3, 0x9d, 0xe6, 0x3e, 0x9f, 0x76, 0xb8, 0x46, + 0x96, 0xa7, 0x70, 0x41, 0xea, 0xc1, 0x79, 0x88, + 0xd9, 0x2b, 0xd2, 0x1d, 0xed, 0x53, 0xd1, 0xad, + 0x36, 0x31, 0x8a, 0xc3, 0xaf, 0x5a, 0x71, 0xd7, + 0x8d, 0x12, 0x2e, 0x08, 0x72, 0x38, 0xc6, 0x30, + 0x13, 0x88, 0x9c, 0x60, 0x29, 0x53, 0x08, 0x6d, + 0x05, 0x16, 0x36, 0xb9, 0xab, 0xf8, 0x72, 0x9b, + 0x6a, 0x10, 0x76, 0xe3, 0x82, 0xff, 0x1c, 0x0b, + 0x32, 0x75, 0x14, 0xd3, 0xa5, 0xb2, 0x35, 0x9b, + 0x27, 0x96, 0xe7, 0xef, 0xb3, 0x15, 0xd7, 0xd4, + 0x44, 0x73, 0xe2, 0x0d, 0xa5, 0x1c, 0xed, 0xb2, + 0xd7, 0xa9, 0x58, 0xed, 0x74, 0x6e, 0x8d, 0x70, + 0x57, 0x30, 0x43, 0x86, 0x9d, 0x36, 0xfc, 0xd4, + 0x54, 0xa8, 0x52, 0xeb, 0xde, 0xb6, 0x99, 0x47, + 0xa2, 0x41, 0x3e, 0x4b, 0xff, 0xdf, 0xea, 0x22, + 0x32, 0xd0, 0xdd, 0xe9, 0x4b, 0xee, 0xf1, 0x76, + 0x9d, 0x4d, 0xa8, 0x8c, 0x82, 0x46, 0x97, 0xd9, + 0x4f, 0x0b, 0x21, 0xed, 0x53, 0x6e, 0x9d, 0x2f, + 0x28, 0x4e, 0xaf, 0xa4, 0x1b, 0xea, 0x9b, 0x19, + 0x23, 0xa1, 0xca, 0x5a, 0x4d, 0xf1, 0xa2, 0xb2, + 0x44, 0xe6, 0x1f, 0xad, 0xb4, 0x8a, 0x42, 0x7e, + 0x4a, 0x80, 0x61, 0x7f, 0x52, 0xca, 0x05, 0xd4, + 0x31, 0xd9, 0x16, 0x94, 0xc4, 0x7e, 0x05, 0xbe, + 0x5b, 0xa5, 0x36, 0x2c, 0xcc, 0xfa, 0x02, 0x35, + 0x8e, 0x6a, 0x81, 0xc7, 0xef, 0x0d, 0xd7, 0x82, + 0x4c, 0x12, 0x9b, 0x26, 0x80, 0x81, 0x4b, 0x69, + 0x2c, 0xb1, 0x30, 0xa8, 0xdc, 0xed, 0x71, 0xce, + 0xdb, 0x24, 0xe3, 0xe9, 0x4e, 0xe2, 0x8b, 0xa7, + 0x36, 0x19, 0x67, 0x6d, 0x1f, 0x27, 0x67, 0xc1, + 0x05, 0x74, 0xfa, 0x86, 0x1e, 0x7e, 0x50, 0x79, + 0xc6, 0xad, 0x05, 0x75, 0x06, 0xf6, 0xb7, 0x35, + 0xc4, 0x82, 0x1c, 0xc0, 0x65, 0x7b, 0x39, 0x51, + 0xd2, 0x36, 0xa5, 0xfa, 0xc3, 0x39, 0x92, 0x5c, + 0xc8, 0x05, 0xd2, 0x68, 0x8f, 0x63, 0x71, 0x21, + 0x08, 0x96, 0x52, 0x2a, 0xcf, 0xcb, 0x84, 0x6a, + 0x4b, 0xeb, 0x77, 0xc2, 0xe6, 0x35, 0x5c, 0x71, + 0x43, 0x06, 0xcc, 0xc4, 0xf2, 0xcf, 0x71, 0x14, + 0xd2, 0xc5, 0x7b, 0x26, 0xc2, 0x36, 0xf1, 0x41, + 0xd5, 0x2f, 0xc7, 0x23, 0x4a, 0xa8, 0xe4, 0x4d, + 0x94, 0xd2, 0xaa, 0xad, 0xee, 0xe7, 0x16, 0xb2, + 0xcc, 0xc0, 0x23, 0xac, 0xd1, 0xca, 0xcb, 0xc7, + 0x57, 0x2f, 0xd4, 0xda, 0xb1, 0xe7, 0x0a, 0x34, + 0x04, 0x71, 0x68, 0x3c, 0x2a, 0xd7, 0xac, 0x10, + 0xed, 0xef, 0x3e, 0x1f, 0xc6, 0x59, 0xe6, 0xd8, + 0x30, 0xa8, 0x44, 0x7c, 0xc3, 0xef, 0xd0, 0x0a, + 0x16, 0x65, 0x2b, 0x64, 0xcf, 0x64, 0x4b, 0x06, + 0x8b, 0xc0, 0xd5, 0x20, 0xa6, 0xf3, 0xf7, 0x9b, + 0xd5, 0x28, 0x6d, 0x7c, 0x6f, 0x8c, 0xbf, 0x39, + 0xf3, 0x0e, 0xf0, 0x0c, 0x21, 0x51, 0xfa, 0x49, + 0x59, 0xd8, 0x99, 0x55, 0x6e, 0x88, 0x99, 0xde, + 0xd1, 0xe2, 0xb4, 0xd4, 0x60, 0xea, 0x72, 0xe5, + 0x3e, 0xd9, 0xb5, 0xa9, 0x8b, 0x96, 0xdd, 0x77, + 0xef, 0x3e, 0x6a, 0x5c, 0x96, 0x85, 0x40, 0x12, + 0x89, 0x32, 0xe3, 0x87, 0xf1, 0x36, 0x50, 0x66, + 0x54, 0xa5, 0x9b, 0xee, 0xaa, 0xe6, 0x49, 0xaa, + 0x6f, 0x74, 0xea, 0xc0, 0x26, 0x92, 0x6a, 0x3b, + 0x7b, 0x7c, 0x0e, 0x9e, 0xdc, 0x56, 0xa8, 0xa1, + 0x50, 0xbe, 0x1d, 0x2a, 0xb7, 0xf8, 0x30, 0x59, + 0x4f, 0x29, 0x53, 0xc1, 0x0f, 0x2b, 0x4c, 0x26, + 0x69, 0xd4, 0x71, 0xf4, 0xb2, 0x2a, 0x56, 0x54, + 0x40, 0x2c, 0x7d, 0x03, 0x32, 0xdf, 0xb8, 0xf5, + 0xd1, 0x59, 0xd4, 0x93, 0x14, 0xc1, 0x7e, 0xf6, + 0x0e, 0x42, 0x6b, 0xee, 0xef, 0xf2, 0x81, 0x64, + 0xfb, 0xa1, 0x5a, 0x04, 0x63, 0x9b, 0xdd, 0xf1, + 0x43, 0x3a, 0x3f, 0x4d, 0x8b, 0x87, 0x14, 0x29, + 0x09, 0x7a, 0xa1, 0x91, 0x7e, 0x79, 0x18, 0x49, + 0xe9, 0xe4, 0xae, 0x84, 0xda, 0xac, 0x6a, 0x39, + 0x31, 0x9f, 0x92, 0xe4, 0xa7, 0x0a, 0x63, 0xa7, + 0xdd, 0xc9, 0x19, 0xa1, 0xf1, 0x79, 0x20, 0x9e, + 0x5c, 0x5b, 0xd1, 0x5b, 0x86, 0xba, 0xc2, 0xcd, + 0x39, 0x33, 0x36, 0xae, 0xb2, 0xf8, 0x5f, 0x2e, + 0x16, 0x3b, 0xab, 0xa6, 0xc1, 0x66, 0x29, 0xe1, + 0xe8, 0x8d, 0x61, 0xb2, 0x90, 0x6c, 0x8f, 0x5a, + 0x97, 0x15, 0x47, 0xb1, 0x99, 0x0a, 0x1d, 0x58, + 0xa0, 0x4c, 0xf4, 0x32, 0xa5, 0x45, 0xe9, 0x45, + 0xfd, 0x63, 0x8e, 0xb8, 0x71, 0xa6, 0x9f, 0x2c, + 0x75, 0x4c, 0x37, 0x1d, 0x60, 0x09, 0x0d, 0xc2, + 0xc7, 0x9c, 0xd4, 0x5a, 0xbd, 0x98, 0x85, 0xd0, + 0xd1, 0x38, 0xb5, 0x44, 0xe3, 0xf0, 0x89, 0x1c, + 0xf6, 0x01, 0xf7, 0xf1, 0x48, 0x3f, 0xfd, 0x29, + 0xb9, 0x37, 0x7e, 0x9a, 0x33, 0xbb, 0xa6, 0x3c, + 0xf7, 0x15, 0x65, 0x1e, 0x26, 0xaf, 0x1d, 0x02, + 0x07, 0x94, 0x3e, 0xd0, 0x42, 0x8f, 0xf4, 0xb5, + 0x9f, 0x63, 0xb6, 0xb4, 0xdc, 0x9d, 0xec, 0x62, + 0xa9, 0x90, 0xcc, 0x91, 0x3b, 0x91, 0x09, 0x6b, + 0xce, 0x2f, 0x83, 0x3e, 0xc6, 0x25, 0x98, 0x1e, + 0xbe, 0xa1, 0xb3, 0x97, 0x77, 0x7c, 0x6b, 0x2a, + 0x9e, 0x68, 0x98, 0x61, 0xe7, 0x6a, 0x23, 0xc2, + 0x81, 0x98, 0x62, 0x35, 0xbc, 0xb8, 0x00, 0xfb, + 0x28, 0xe3, 0x4c, 0xe3, 0xd8, 0x16, 0x77, 0xbd, + 0xea, 0xa6, 0x7e, 0xf3, 0xbf, 0x86, 0xe0, 0x09, + 0x93, 0xa8, 0xcf, 0xf2, 0x3c, 0x1c, 0xf6, 0xaf, + 0x93, 0x48, 0xdb, 0x04, 0xab, 0x1f, 0x49, 0x81, + 0x73, 0x10, 0x74, 0x4b, 0x01, 0x24, 0x14, 0xe3, + 0x99, 0x7e, 0xb3, 0x86, 0x6e, 0x1d, 0xf6, 0xfc, + 0xd1, 0xca, 0x64, 0x4d, 0xa0, 0xf2, 0x0b, 0xee, + 0x25, 0x87, 0xf9, 0x72, 0x32, 0xcd, 0x62, 0xc5, + 0xfe, 0x91, 0x81, 0x76, 0xa0, 0xd1, 0x42, 0xe6, + 0x80, 0x70, 0x39, 0x00, 0xa8, 0xe1, 0x31, 0x5d, + 0x9f, 0xad, 0x43, 0x74, 0xc9, 0x60, 0x2c, 0x3b, + 0x5e, 0xac, 0xf8, 0xf4, 0xe2, 0x99, 0xe3, 0x30, + 0x64, 0xc8, 0x0b, 0x65, 0xe9, 0x4a, 0xdc, 0x84, + 0x38, 0x2d, 0xd8, 0xd6, 0x75, 0xef, 0x53, 0x80, + 0x16, 0xa2, 0x1d, 0x76, 0x76, 0x1d, 0xaa, 0x48, + 0x87, 0x7d, 0xb2, 0xb5, 0xc6, 0x76, 0xe8, 0xf4, + 0x2c, 0x42, 0x53, 0xea, 0x86, 0xc2, 0xab, 0xed, + 0x54, 0x16, 0x69, 0x61, 0x63, 0x8b, 0x90, 0x8e, + 0xfd, 0x26, 0xff, 0x20, 0x76, 0x05, 0x59, 0x96, + 0x4c, 0x42, 0x3c, 0xa5, 0x56, 0xc0, 0x1c, 0x9d, + 0x9f, 0xeb, 0xbc, 0x55, 0x83, 0xe4, 0x88, 0xc1, + 0xbb, 0x3b, 0x6e, 0x2b, 0x0e, 0xa4, 0x58, 0x85, + 0xd7, 0xbb, 0x36, 0x2a, 0xbe, 0xf2, 0x1a, 0xfe, + 0x87, 0x43, 0x23, 0x3b, 0x39, 0x7f, 0x90, 0xc7, + 0xe3, 0x5a, 0xe8, 0xf2, 0x25, 0xfb, 0x09, 0xd0, + 0x3f, 0x29, 0xc6, 0x64, 0xe3, 0x30, 0xb9, 0xcd, + 0x35, 0xf7, 0x33, 0xa4, 0x31, 0x4b, 0x23, 0x6b, + 0x20, 0xf3, 0x7b, 0xfe, 0x00, 0xfc, 0xe9, 0xcb, + 0x11, 0x99, 0x10, 0x80, 0x4e, 0xba, 0x63, 0x6b, + 0xf8, 0x77, 0x7c, 0xf4, 0xec, 0xa5, 0xe8, 0xf1, + 0xf1, 0x43, 0x97, 0x85, 0xb2, 0x1d, 0x43, 0xce, + 0x26, 0xc0, 0x36, 0x30, 0x95, 0x15, 0x3f, 0x31, + 0x6c, 0x1f, 0x9b, 0x97, 0xfe, 0xa3, 0x17, 0x6b, + 0x11, 0x6e, 0x3c, 0xa6, 0xce, 0x83, 0xa2, 0xa4, + 0x56, 0xd1, 0xc9, 0x15, 0xf8, 0x73, 0x79, 0xa0, + 0x3d, 0x68, 0xdc, 0xff, 0xfe, 0x80, 0xb1, 0xcc, + 0x60, 0x0c, 0x02, 0x09, 0x14, 0xed, 0x58, 0x20, + 0x12, 0xb4, 0x88, 0x77, 0x59, 0x42, 0xa4, 0x65, + 0xce, 0x7a, 0xcc, 0xf0, 0x88, 0xf9, 0x7a, 0x6f, + 0xe8, 0x5f, 0x9b, 0xc8, 0x2a, 0x24, 0x6e, 0xa5, + 0x9e, 0x99, 0x55, 0xa8, 0x41, 0x8d, 0xb5, 0x00, + 0x69, 0x18, 0x6f, 0xb1, 0xbf, 0xfe, 0x06, 0x2f, + 0xe6, 0x38, 0x35, 0x3c, 0x4f, 0x5c, 0x4c, 0x53, + 0x28, 0xd9, 0x57, 0xad, 0xf3, 0x53, 0xa8, 0x6d, + 0xdd, 0xd1, 0xef, 0x33, 0x2c, 0x53, 0x7c, 0xb8, + 0x32, 0xff, 0xe7, 0x73, 0x14, 0x80, 0xab, 0x13, + 0x4b, 0x02, 0x06, 0xbe, 0xef, 0x43, 0x73, 0xa2, + 0x65, 0x51, 0xc4, 0x01, 0xd5, 0x4f, 0x62, 0x3f, + 0xb0, 0x78, 0xd9, 0x62, 0x6a, 0xd7, 0x87, 0x24, + 0x60, 0xf3, 0xab, 0x10, 0xd3, 0xa2, 0x78, 0xf2, + 0xc5, 0xc8, 0x4c, 0x7e, 0xfd, 0xb6, 0x4f, 0x60, + 0x82, 0x9a, 0x45, 0x11, 0x02, 0xd7, 0x4e, 0xcf, + 0x80, 0x7f, 0xef, 0xff, 0x5f, 0x83, 0xb2, 0xff, + 0x56, 0xf4, 0x90, 0xb6, 0x3c, 0xda, 0xee, 0xb9, + 0x51, 0xe6, 0x63, 0x74, 0xe1, 0xb3, 0x4d, 0xd2, + 0x18, 0x97, 0x4d, 0xfc, 0xa9, 0x34, 0xdb, 0x5b, + 0x39, 0x94, 0x11, 0x74, 0x35, 0xa5, 0x3c, 0xc6, + 0xae, 0x31, 0x82, 0x90, 0xf2, 0x6e, 0x20, 0x33, + 0x8d, 0xee, 0xa0, 0x45, 0xa9, 0xf1, 0x87, 0x2b, + 0x4c, 0xf9, 0xf2, 0x5c, 0x5e, 0xb0, 0xfb, 0xe8, + 0x41, 0x1f, 0x5f, 0x8b, 0xe1, 0x9a, 0x37, 0x24, + 0xd4, 0xe2, 0x47, 0x9d, 0x62, 0xa8, 0x3f, 0x6f, + 0xa3, 0x41, 0xea, 0x59, 0x06, 0x7a, 0x68, 0xd7, + 0xe2, 0x97, 0x2e, 0xfb, 0xc0, 0x77, 0x6c, 0xb0, + 0x79, 0x54, 0xc2, 0x46, 0xd3, 0xba, 0xdd, 0x1c, + 0x6b, 0xfb, 0x0b, 0x94, 0xae, 0x25, 0xa7, 0x98, + 0xc4, 0x14, 0x7e, 0x59, 0x52, 0x0d, 0x11, 0x6c, + 0x2b, 0x9e, 0xe7, 0x6a, 0x3f, 0x72, 0x31, 0xef, + 0x57, 0x2e, 0xcd, 0x59, 0x38, 0x0f, 0xd4, 0x4f, + 0x4a, 0x83, 0x19, 0x3d, 0x80, 0x41, 0xee, 0xff, + 0x58, 0x69, 0xfd, 0xb9, 0x3e, 0x72, 0xaf, 0xf6, + 0x59, 0x8f, 0xc1, 0x8e, 0x7e, 0x08, 0x41, 0x30, + 0xe9, 0xf2, 0x39, 0x61, 0xd4, 0x1a, 0x99, 0x4d, + 0xe8, 0xd5, 0x29, 0x63, 0xd1, 0x01, 0xa1, 0x64, + 0x03, 0x01, 0xce, 0x8a, 0xfa, 0x81, 0x53, 0x79, + 0x6c, 0x6b, 0xcc, 0x21, 0x4c, 0x61, 0x38, 0x89, + 0x0f, 0x8a, 0x3d, 0xce, 0x29, 0x93, 0xc5, 0xad, + 0x3c, 0xdf, 0x7e, 0x4c, 0x20, 0xc5, 0x20, 0xfe, + 0x0c, 0xd0, 0x5b, 0x24, 0xee, 0xe0, 0x1a, 0xe4, + 0x0e, 0xe3, 0x2a, 0x81, 0x1d, 0x00, 0x5d, 0x12, + 0x03, 0xfa, 0x22, 0xca, 0x22, 0x4c, 0xbc, 0x5d, + 0xee, 0xdf, 0xe2, 0x64, 0x8d, 0xc3, 0x50, 0xd2, + 0x0a, 0x0b, 0x3a, 0x6c, 0xdd, 0xbe, 0x8f, 0xa2, + 0x62, 0xba, 0xc4, 0x53, 0xe8, 0xf4, 0x33, 0x5e, + 0xbb, 0xaa, 0xc7, 0x39, 0x19, 0x75, 0x23, 0x37, + 0x7b, 0xa3, 0xb5, 0xe1, 0x22, 0x37, 0x14, 0x57, + 0xbd, 0xd0, 0xa6, 0x36, 0xfa, 0x5d, 0xef, 0x7c, + 0xed, 0xb1, 0x58, 0x33, 0x47, 0x69, 0x5d, 0x9c, + 0x49, 0x64, 0x10, 0x28, 0xaa, 0x5c, 0x29, 0xd5, + 0xb1, 0x97, 0x66, 0x8b, 0x84, 0x9c, 0x25, 0x76, + 0xd0, 0x0d, 0x23, 0x17, 0x37, 0xc0, 0x7d, 0x57, + 0x33, 0x00, 0x57, 0xc8, 0xba, 0x32, 0x68, 0x4e, + 0x04, 0xbe, 0xe4, 0xc2, 0xb6, 0xad, 0xea, 0xc3, + 0xa1, 0x47, 0xb7, 0xcd, 0x76, 0x85, 0xb9, 0x46, + 0x28, 0x82, 0x8d, 0x23, 0xef, 0x7e, 0x96, 0x72, + 0x71, 0x0e, 0xd4, 0xb3, 0xb3, 0xa6, 0x2e, 0x03, + 0xe4, 0xea, 0xde, 0xb9, 0x9a, 0x87, 0x7c, 0x89, + 0xf5, 0x40, 0x70, 0x06, 0xa6, 0x8a, 0xa1, 0x8c, + 0xa9, 0xe0, 0x5a, 0x49, 0xc6, 0x27, 0x4b, 0x8b, + 0xd8, 0x49, 0xeb, 0x0b, 0x36, 0x9b, 0xa4, 0x5d, + 0xda, 0x8c, 0xb1, 0x62, 0x55, 0xe2, 0x07, 0x96, + 0x52, 0x1a, 0xca, 0xa1, 0x76, 0xc6, 0x62, 0x4a, + 0x9f, 0xfa, 0x6d, 0x6b, 0xe6, 0xe5, 0x7b, 0x7a, + 0x7f, 0xde, 0x80, 0x1d, 0xb6, 0x26, 0x6b, 0x8e, + 0x38, 0xe7, 0x8d, 0x27, 0x8f, 0xb4, 0x27, 0xf5, + 0xe4, 0xb3, 0x7a, 0x1e, 0x4d, 0x82, 0x31, 0x9f, + 0x63, 0x40, 0x68, 0xfb, 0x8c, 0xcc, 0xb2, 0x75, + 0x18, 0x48, 0xa4, 0x0e, 0x3c, 0xf7, 0x7e, 0x1f, + 0x46, 0x90, 0xa4, 0x46, 0x86, 0xd4, 0x65, 0x4f, + 0x22, 0x89, 0xb3, 0x4f, 0x38, 0x13, 0x86, 0x1a, + 0xa5, 0x9d, 0x11, 0x93, 0x79, 0x05, 0xeb, 0xef, + 0xd2, 0x5d, 0x4c, 0xa1, 0x96, 0x1d, 0xfc, 0x17, + 0x27, 0x3f, 0x5f, 0x63, 0xdf, 0x2b, 0xa0, 0xd6, + 0xb8, 0x82, 0xf6, 0xda, 0x9e, 0xe0, 0xab, 0x26, + 0x74, 0x80, 0x2d, 0x0c, 0xa3, 0xd1, 0x7c, 0xa3, + 0xe3, 0xd6, 0x3e, 0x6b, 0x21, 0xe5, 0xc0, 0x21, + 0xdc, 0x34, 0x79, 0xbb, 0xbc, 0x6b, 0xc3, 0x46, + 0x1d, 0x5e, 0x7c, 0x13, 0x2b, 0xa0, 0xb8, 0x73, + 0xc8, 0x5f, 0x49, 0x97, 0x96, 0xbd, 0x9d, 0xca, + 0x3b, 0xa5, 0x69, 0xb9, 0x4c, 0x01, 0xab, 0x6f, + 0xdb, 0xaf, 0x7f, 0x31, 0x28, 0x07, 0x82, 0x99, + 0x32, 0x60, 0xd6, 0x81, 0xea, 0xda, 0x05, 0xed, + 0x85, 0xca, 0x69, 0xb7, 0xa9, 0x64, 0xea, 0xc8, + 0xd9, 0xf3, 0x45, 0x08, 0x73, 0x71, 0x0b, 0x3c, + 0x36, 0xf1, 0x44, 0xba, 0x22, 0xc2, 0x43, 0xe9, + 0x9e, 0x4c, 0x5c, 0x74, 0xfa, 0x24, 0x73, 0x83, + 0x2e, 0x67, 0x3e, 0xab, 0x80, 0xad, 0xc1, 0x98, + 0x14, 0x18, 0x19, 0x30, 0x4d, 0x56, 0x69, 0xa8, + 0xb3, 0xbb, 0xcf, 0xd0, 0xd1, 0x07, 0x0e, 0x14, + 0x1e, 0x26, 0x29, 0x31, 0x39, 0x42, 0x43, 0x58, + 0x72, 0x7d, 0x82, 0x83, 0x8c, 0x9e, 0xa2, 0xb8, + 0xd3, 0xd7, 0x0d, 0x23, 0x29, 0x7b, 0x7c, 0xb4, + 0xb5, 0xbe, 0xd6, 0xfe, 0x0b, 0x19, 0x4d, 0x5a, + 0x6c, 0x8d, 0x92, 0xac, 0xb8, 0xd4, 0xe4, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0d, 0x22, 0x2c, 0x37 + }; +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 + /* ML-DSA-65: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Secret key (4032 bytes) */ + static const byte sk_65[] = { + 0x14, 0x83, 0x23, 0x6f, 0xc9, 0xf9, 0x43, 0xd9, + 0x84, 0x17, 0x80, 0x9e, 0x95, 0x40, 0x53, 0x84, + 0x53, 0x0e, 0xd8, 0x3e, 0x15, 0x1e, 0x84, 0x65, + 0xd3, 0x4e, 0x46, 0x38, 0xf1, 0xf8, 0xd7, 0x05, + 0x2a, 0xf1, 0x1a, 0xb9, 0xeb, 0xff, 0xd6, 0x80, + 0x56, 0x44, 0x4d, 0xcf, 0xb2, 0x4f, 0x49, 0x92, + 0xe6, 0x70, 0x7e, 0x4a, 0x4d, 0x33, 0xff, 0x23, + 0x8f, 0x67, 0x3c, 0xd8, 0xa2, 0x48, 0xbf, 0x66, + 0x04, 0xd4, 0x5a, 0x15, 0x5f, 0xbd, 0x53, 0x4e, + 0xc0, 0x9b, 0xee, 0x11, 0x9b, 0x6f, 0x14, 0xba, + 0xf8, 0x4b, 0xcc, 0x4d, 0x3a, 0x03, 0xfc, 0x0d, + 0xb2, 0xb6, 0x1b, 0x55, 0x15, 0x6f, 0x13, 0x8a, + 0xe6, 0x06, 0xcc, 0x03, 0xff, 0x4d, 0x60, 0x90, + 0xa4, 0xdc, 0x86, 0x30, 0xd3, 0xed, 0x13, 0xdd, + 0x6a, 0x52, 0x49, 0x31, 0xae, 0x73, 0x76, 0x36, + 0x7e, 0x4c, 0xc9, 0x5b, 0xaf, 0xfd, 0x8d, 0x97, + 0x23, 0x04, 0x06, 0x02, 0x68, 0x28, 0x41, 0x48, + 0x40, 0x36, 0x01, 0x25, 0x75, 0x67, 0x41, 0x14, + 0x42, 0x55, 0x42, 0x86, 0x34, 0x77, 0x22, 0x64, + 0x84, 0x18, 0x31, 0x58, 0x77, 0x51, 0x35, 0x77, + 0x87, 0x34, 0x25, 0x78, 0x83, 0x34, 0x35, 0x87, + 0x74, 0x82, 0x35, 0x44, 0x28, 0x61, 0x88, 0x23, + 0x05, 0x15, 0x35, 0x88, 0x31, 0x25, 0x45, 0x53, + 0x88, 0x11, 0x25, 0x25, 0x02, 0x48, 0x33, 0x71, + 0x12, 0x37, 0x11, 0x16, 0x47, 0x24, 0x43, 0x33, + 0x33, 0x14, 0x06, 0x77, 0x46, 0x16, 0x66, 0x66, + 0x57, 0x77, 0x07, 0x07, 0x85, 0x16, 0x68, 0x42, + 0x71, 0x86, 0x85, 0x51, 0x26, 0x40, 0x07, 0x32, + 0x34, 0x88, 0x26, 0x21, 0x70, 0x66, 0x32, 0x73, + 0x30, 0x60, 0x26, 0x01, 0x40, 0x16, 0x88, 0x84, + 0x78, 0x85, 0x16, 0x24, 0x75, 0x66, 0x87, 0x18, + 0x57, 0x12, 0x50, 0x86, 0x45, 0x35, 0x38, 0x61, + 0x68, 0x23, 0x66, 0x64, 0x58, 0x47, 0x81, 0x60, + 0x02, 0x85, 0x44, 0x35, 0x25, 0x76, 0x64, 0x03, + 0x38, 0x72, 0x74, 0x30, 0x65, 0x03, 0x88, 0x08, + 0x43, 0x85, 0x80, 0x72, 0x45, 0x06, 0x48, 0x24, + 0x78, 0x65, 0x25, 0x40, 0x55, 0x32, 0x25, 0x02, + 0x02, 0x15, 0x03, 0x36, 0x65, 0x73, 0x86, 0x70, + 0x64, 0x01, 0x73, 0x88, 0x12, 0x68, 0x27, 0x83, + 0x47, 0x15, 0x54, 0x00, 0x03, 0x02, 0x68, 0x16, + 0x35, 0x67, 0x77, 0x06, 0x86, 0x60, 0x68, 0x85, + 0x02, 0x14, 0x04, 0x65, 0x42, 0x25, 0x46, 0x82, + 0x23, 0x21, 0x06, 0x12, 0x60, 0x62, 0x51, 0x62, + 0x13, 0x16, 0x21, 0x62, 0x02, 0x21, 0x75, 0x58, + 0x32, 0x86, 0x40, 0x48, 0x58, 0x80, 0x58, 0x38, + 0x72, 0x88, 0x20, 0x64, 0x72, 0x34, 0x47, 0x63, + 0x48, 0x42, 0x60, 0x10, 0x62, 0x64, 0x00, 0x46, + 0x47, 0x43, 0x37, 0x11, 0x74, 0x80, 0x52, 0x42, + 0x51, 0x00, 0x62, 0x07, 0x68, 0x17, 0x71, 0x42, + 0x12, 0x38, 0x75, 0x64, 0x11, 0x84, 0x30, 0x47, + 0x77, 0x01, 0x62, 0x33, 0x64, 0x07, 0x44, 0x88, + 0x15, 0x72, 0x43, 0x56, 0x71, 0x22, 0x66, 0x11, + 0x87, 0x78, 0x22, 0x27, 0x23, 0x67, 0x65, 0x86, + 0x62, 0x81, 0x17, 0x87, 0x81, 0x66, 0x23, 0x03, + 0x41, 0x35, 0x15, 0x53, 0x45, 0x52, 0x02, 0x12, + 0x06, 0x55, 0x11, 0x42, 0x84, 0x44, 0x63, 0x77, + 0x51, 0x84, 0x62, 0x75, 0x44, 0x71, 0x13, 0x44, + 0x11, 0x34, 0x16, 0x84, 0x04, 0x81, 0x84, 0x22, + 0x26, 0x16, 0x76, 0x04, 0x52, 0x54, 0x16, 0x32, + 0x78, 0x37, 0x84, 0x50, 0x51, 0x25, 0x64, 0x55, + 0x20, 0x68, 0x20, 0x58, 0x40, 0x26, 0x46, 0x25, + 0x62, 0x21, 0x17, 0x27, 0x26, 0x16, 0x38, 0x43, + 0x78, 0x48, 0x54, 0x24, 0x33, 0x33, 0x62, 0x58, + 0x58, 0x37, 0x20, 0x82, 0x78, 0x60, 0x02, 0x04, + 0x05, 0x06, 0x30, 0x48, 0x85, 0x20, 0x15, 0x22, + 0x14, 0x54, 0x21, 0x00, 0x04, 0x54, 0x74, 0x67, + 0x06, 0x42, 0x14, 0x43, 0x11, 0x07, 0x40, 0x14, + 0x04, 0x84, 0x02, 0x66, 0x54, 0x74, 0x83, 0x51, + 0x67, 0x83, 0x22, 0x88, 0x62, 0x31, 0x41, 0x34, + 0x83, 0x77, 0x63, 0x62, 0x01, 0x77, 0x13, 0x42, + 0x45, 0x43, 0x22, 0x77, 0x55, 0x65, 0x21, 0x33, + 0x80, 0x73, 0x71, 0x56, 0x32, 0x24, 0x51, 0x70, + 0x58, 0x43, 0x24, 0x21, 0x30, 0x34, 0x86, 0x83, + 0x13, 0x50, 0x28, 0x40, 0x21, 0x83, 0x77, 0x32, + 0x37, 0x07, 0x04, 0x26, 0x48, 0x01, 0x62, 0x42, + 0x37, 0x62, 0x42, 0x67, 0x70, 0x74, 0x04, 0x65, + 0x03, 0x25, 0x46, 0x01, 0x56, 0x61, 0x02, 0x22, + 0x24, 0x71, 0x20, 0x45, 0x68, 0x02, 0x68, 0x35, + 0x78, 0x57, 0x20, 0x12, 0x13, 0x71, 0x38, 0x20, + 0x75, 0x28, 0x16, 0x11, 0x84, 0x08, 0x52, 0x23, + 0x55, 0x41, 0x15, 0x70, 0x45, 0x28, 0x86, 0x87, + 0x07, 0x38, 0x86, 0x01, 0x77, 0x65, 0x36, 0x30, + 0x41, 0x04, 0x08, 0x20, 0x35, 0x52, 0x12, 0x42, + 0x25, 0x50, 0x01, 0x67, 0x33, 0x27, 0x46, 0x70, + 0x80, 0x07, 0x88, 0x02, 0x74, 0x60, 0x64, 0x01, + 0x84, 0x33, 0x36, 0x70, 0x70, 0x10, 0x57, 0x04, + 0x42, 0x73, 0x41, 0x27, 0x16, 0x86, 0x26, 0x07, + 0x40, 0x43, 0x44, 0x84, 0x85, 0x81, 0x08, 0x53, + 0x14, 0x81, 0x18, 0x60, 0x67, 0x72, 0x54, 0x67, + 0x75, 0x17, 0x63, 0x74, 0x45, 0x41, 0x67, 0x52, + 0x58, 0x06, 0x40, 0x11, 0x56, 0x88, 0x37, 0x42, + 0x11, 0x31, 0x62, 0x70, 0x81, 0x46, 0x06, 0x18, + 0x61, 0x67, 0x55, 0x15, 0x72, 0x00, 0x18, 0x40, + 0x74, 0x30, 0x22, 0x05, 0x24, 0x50, 0x05, 0x75, + 0x52, 0x78, 0x57, 0x05, 0x74, 0x76, 0x40, 0x58, + 0x84, 0x44, 0x86, 0x85, 0x74, 0x56, 0x26, 0x13, + 0x38, 0x88, 0x07, 0x02, 0x18, 0x40, 0x75, 0x77, + 0x25, 0x22, 0x50, 0x64, 0x32, 0x25, 0x65, 0x38, + 0x13, 0x37, 0x50, 0x64, 0x55, 0x33, 0x53, 0x46, + 0x85, 0x30, 0x55, 0x02, 0x60, 0x77, 0x27, 0x56, + 0x76, 0x71, 0x38, 0x66, 0x44, 0x72, 0x65, 0x11, + 0x26, 0x36, 0x58, 0x78, 0x17, 0x17, 0x78, 0x88, + 0x32, 0x30, 0x83, 0x14, 0x04, 0x42, 0x55, 0x24, + 0x14, 0x04, 0x82, 0x71, 0x52, 0x58, 0x55, 0x21, + 0x71, 0x77, 0x55, 0x83, 0x61, 0x74, 0x47, 0x00, + 0x00, 0x33, 0x00, 0x37, 0x18, 0x06, 0x38, 0x76, + 0x10, 0x48, 0x87, 0x83, 0x58, 0x85, 0x62, 0x11, + 0x53, 0x88, 0x41, 0x70, 0x22, 0x68, 0x06, 0x68, + 0x65, 0x83, 0x32, 0x35, 0x76, 0x26, 0x64, 0x48, + 0x57, 0x51, 0x13, 0x82, 0x15, 0x81, 0x11, 0x37, + 0x85, 0x45, 0x26, 0x02, 0x58, 0x53, 0x06, 0x80, + 0x10, 0x14, 0x66, 0x38, 0x62, 0x00, 0x32, 0x85, + 0x83, 0x51, 0x82, 0x51, 0x27, 0x12, 0x14, 0x35, + 0x40, 0x14, 0x40, 0x25, 0x32, 0x53, 0x03, 0x08, + 0x06, 0x42, 0x34, 0x34, 0x41, 0x66, 0x64, 0x66, + 0x40, 0x68, 0x26, 0x42, 0x40, 0x06, 0x22, 0x26, + 0x11, 0x63, 0x50, 0x27, 0x17, 0x14, 0x51, 0x84, + 0x28, 0x64, 0x72, 0x56, 0x20, 0x02, 0x64, 0x56, + 0x32, 0x75, 0x17, 0x64, 0x58, 0x28, 0x12, 0x50, + 0x06, 0x33, 0x22, 0x20, 0x21, 0x47, 0x81, 0x00, + 0x40, 0x42, 0x46, 0x06, 0x37, 0x44, 0x28, 0x37, + 0x85, 0x35, 0x03, 0x38, 0x85, 0x26, 0x86, 0x66, + 0x30, 0x42, 0x51, 0x68, 0x67, 0x16, 0x88, 0x44, + 0x55, 0x38, 0x24, 0x66, 0x00, 0x41, 0x47, 0x83, + 0x24, 0x24, 0x47, 0x52, 0x74, 0x65, 0x86, 0x43, + 0x37, 0x30, 0x14, 0x86, 0x51, 0x28, 0x78, 0x07, + 0x46, 0x05, 0x14, 0x18, 0x25, 0x62, 0x05, 0x76, + 0x04, 0x08, 0x80, 0x22, 0x22, 0x20, 0x83, 0x43, + 0x21, 0x03, 0x41, 0x37, 0x35, 0x03, 0x62, 0x85, + 0x02, 0x25, 0x84, 0x78, 0x88, 0x28, 0x81, 0x82, + 0x27, 0x76, 0x08, 0x78, 0x05, 0x40, 0x46, 0x64, + 0x74, 0x40, 0x84, 0x25, 0x66, 0x45, 0x58, 0x72, + 0x32, 0x37, 0x77, 0x35, 0x74, 0x14, 0x68, 0x56, + 0x81, 0x56, 0x21, 0x03, 0x23, 0x06, 0x36, 0x60, + 0x82, 0x66, 0x05, 0x34, 0x15, 0x36, 0x12, 0x52, + 0x00, 0x12, 0x34, 0x30, 0x51, 0x58, 0x38, 0x33, + 0x34, 0x48, 0x40, 0x55, 0x87, 0x36, 0x11, 0x36, + 0x10, 0x73, 0x20, 0x34, 0x86, 0x52, 0x42, 0x88, + 0x42, 0x47, 0x36, 0x71, 0x71, 0x80, 0x81, 0x32, + 0x73, 0x61, 0x71, 0x24, 0x54, 0x52, 0x27, 0x60, + 0x67, 0x25, 0x30, 0x12, 0x53, 0x82, 0x43, 0x47, + 0x23, 0x65, 0x33, 0x26, 0x75, 0x81, 0x20, 0x32, + 0x37, 0x62, 0x22, 0x64, 0x36, 0x56, 0x77, 0x07, + 0x81, 0x63, 0x16, 0x06, 0x62, 0x70, 0x17, 0x21, + 0x21, 0x72, 0x43, 0x41, 0x63, 0x23, 0x45, 0x36, + 0x58, 0x84, 0x04, 0x04, 0x73, 0x22, 0x72, 0x38, + 0x65, 0x74, 0x25, 0x55, 0x48, 0x52, 0x82, 0x58, + 0x57, 0x74, 0x22, 0x72, 0x75, 0x16, 0x60, 0x63, + 0x36, 0x43, 0x05, 0x47, 0x80, 0x22, 0x71, 0x10, + 0x46, 0x38, 0x36, 0x73, 0x07, 0x53, 0x64, 0x73, + 0x32, 0x20, 0x62, 0x12, 0x84, 0x08, 0x52, 0x13, + 0x74, 0x26, 0x47, 0x70, 0x25, 0x57, 0x80, 0x08, + 0x65, 0x53, 0x27, 0x85, 0x41, 0x80, 0x10, 0x61, + 0x18, 0x65, 0x08, 0x42, 0x50, 0x18, 0x18, 0x14, + 0x74, 0x36, 0x84, 0x00, 0x54, 0x15, 0x40, 0x61, + 0x05, 0x06, 0x32, 0x22, 0x03, 0x73, 0x00, 0x43, + 0x54, 0x04, 0x37, 0x51, 0x72, 0x88, 0x07, 0x24, + 0x35, 0x17, 0x72, 0x46, 0x32, 0x47, 0x33, 0x56, + 0x77, 0x82, 0x54, 0x33, 0x20, 0x68, 0x73, 0x62, + 0x28, 0x84, 0x24, 0x52, 0x85, 0x25, 0x46, 0x86, + 0x46, 0x88, 0x60, 0x28, 0x17, 0x22, 0x23, 0x66, + 0x71, 0x12, 0x28, 0x13, 0x43, 0x35, 0x63, 0x37, + 0x33, 0x05, 0x22, 0x41, 0x45, 0x50, 0x12, 0x43, + 0x68, 0x35, 0x04, 0x68, 0x72, 0x46, 0x20, 0x73, + 0x40, 0x76, 0x46, 0x36, 0x83, 0x34, 0x38, 0x76, + 0x61, 0x30, 0x16, 0x37, 0x85, 0x67, 0x40, 0x47, + 0x51, 0x27, 0x30, 0x07, 0x45, 0x05, 0x80, 0x34, + 0x42, 0x14, 0x32, 0x51, 0x75, 0x06, 0x30, 0x45, + 0x60, 0x84, 0x26, 0x84, 0x78, 0x77, 0x22, 0x06, + 0x36, 0x16, 0x81, 0x30, 0x08, 0x80, 0x67, 0x51, + 0x34, 0x53, 0x83, 0x12, 0x23, 0x05, 0x55, 0x58, + 0x13, 0x82, 0x00, 0x16, 0x51, 0x81, 0x52, 0x38, + 0x35, 0x04, 0x58, 0x22, 0x14, 0x41, 0x75, 0x83, + 0x70, 0x84, 0x15, 0x42, 0x83, 0x05, 0x74, 0x23, + 0x12, 0x86, 0x06, 0x33, 0x20, 0x37, 0x27, 0x28, + 0x40, 0x13, 0x58, 0x64, 0x76, 0x55, 0x15, 0x74, + 0x86, 0x07, 0x01, 0x42, 0x55, 0x87, 0x72, 0x14, + 0x16, 0x45, 0x06, 0x53, 0x57, 0x58, 0x01, 0x12, + 0x11, 0x58, 0x44, 0x51, 0x28, 0x17, 0x48, 0x16, + 0x75, 0x27, 0x68, 0x25, 0x50, 0x40, 0x32, 0x44, + 0x14, 0x60, 0x42, 0x12, 0x26, 0x51, 0x70, 0x15, + 0x10, 0x11, 0x73, 0x34, 0x00, 0x83, 0x72, 0x22, + 0x77, 0x54, 0x48, 0x45, 0x00, 0x40, 0x26, 0x74, + 0x48, 0x08, 0x46, 0x66, 0x30, 0x88, 0x22, 0x20, + 0x57, 0x54, 0x40, 0x62, 0x23, 0x03, 0x37, 0x04, + 0x22, 0x73, 0x77, 0x86, 0x64, 0x46, 0x70, 0x41, + 0x85, 0x48, 0x37, 0x42, 0x66, 0x66, 0x60, 0x21, + 0x52, 0x33, 0x08, 0x42, 0x74, 0x47, 0x07, 0x30, + 0x66, 0x07, 0x11, 0x22, 0x18, 0x55, 0x76, 0x26, + 0x21, 0x05, 0x86, 0x21, 0x46, 0x88, 0x52, 0x26, + 0x36, 0x13, 0x81, 0x53, 0x57, 0x78, 0x00, 0x71, + 0x05, 0x00, 0x17, 0x21, 0x66, 0x03, 0x04, 0x48, + 0x9f, 0xe2, 0x3d, 0xa5, 0x1d, 0x48, 0xff, 0x5b, + 0x18, 0x2e, 0x87, 0x6a, 0xbd, 0x59, 0x0d, 0xd2, + 0xc6, 0x2c, 0x67, 0xc1, 0x12, 0x49, 0xdc, 0xb4, + 0x94, 0x6d, 0xde, 0x62, 0xea, 0x38, 0xb3, 0xc3, + 0xf7, 0xed, 0xf2, 0xd2, 0x0f, 0x4d, 0x56, 0xb1, + 0x69, 0x18, 0x32, 0x76, 0xaf, 0x19, 0xca, 0x6f, + 0x3c, 0xed, 0x96, 0x9c, 0x4f, 0xfb, 0x5a, 0xdd, + 0xbe, 0xe8, 0x7c, 0x4a, 0x2a, 0x5b, 0x7c, 0x3b, + 0x68, 0xb7, 0xf9, 0xb2, 0x64, 0x70, 0x9c, 0x57, + 0x82, 0x95, 0x64, 0x59, 0x4c, 0xa8, 0xe4, 0xe1, + 0x65, 0x11, 0x65, 0xf8, 0x1c, 0xd3, 0xf1, 0x25, + 0x9a, 0x4f, 0x3f, 0xa6, 0x55, 0xda, 0x8e, 0xa6, + 0xff, 0xf7, 0x83, 0x71, 0x3c, 0x08, 0xca, 0x48, + 0x2a, 0xfd, 0xe8, 0xb2, 0x96, 0xa4, 0x00, 0x49, + 0x09, 0x2e, 0x6d, 0x88, 0xf6, 0x95, 0x77, 0x22, + 0x45, 0xc4, 0xef, 0x44, 0x8a, 0x47, 0xa9, 0x99, + 0x97, 0x01, 0xad, 0x5d, 0x65, 0xc9, 0x65, 0x9c, + 0x34, 0x51, 0xb2, 0xbe, 0x0a, 0x5d, 0xb4, 0x44, + 0x8d, 0xce, 0x66, 0x45, 0xa1, 0xab, 0xa8, 0xe4, + 0xb2, 0x01, 0xca, 0x3d, 0x99, 0x4f, 0xc2, 0xae, + 0x2f, 0x42, 0xe2, 0x5c, 0xdf, 0xdb, 0x73, 0xf9, + 0xc6, 0x86, 0x8b, 0x71, 0x17, 0xbe, 0x40, 0x34, + 0xc9, 0x6e, 0x72, 0x1d, 0x38, 0xc7, 0xf7, 0x67, + 0x6b, 0x1c, 0x6f, 0x17, 0x23, 0x0a, 0x66, 0x54, + 0xf6, 0x2d, 0x67, 0xb0, 0x11, 0x3e, 0xf6, 0x22, + 0x6f, 0x3d, 0x72, 0x95, 0x79, 0x92, 0x4b, 0xbf, + 0x66, 0x5e, 0x7e, 0xe6, 0x6d, 0xee, 0xe5, 0x8c, + 0x1b, 0xb8, 0x15, 0x31, 0x97, 0xc3, 0x61, 0x08, + 0x11, 0xa7, 0x93, 0x73, 0x94, 0xde, 0x07, 0x93, + 0x0b, 0x5a, 0x13, 0x04, 0x4e, 0x7d, 0x36, 0xa6, + 0xc4, 0x83, 0x55, 0x6b, 0xc3, 0xc6, 0xd4, 0x15, + 0xdb, 0xfb, 0x31, 0xd5, 0x34, 0x94, 0xc7, 0x9e, + 0x92, 0xd4, 0x22, 0x14, 0xc0, 0x74, 0x72, 0x74, + 0xc2, 0xa8, 0xc5, 0xb5, 0xf9, 0x37, 0x0f, 0x08, + 0xef, 0xf0, 0xd2, 0x7d, 0x03, 0x19, 0x3a, 0xd2, + 0x83, 0x4a, 0xe9, 0x28, 0x3c, 0xba, 0x51, 0xb3, + 0x5c, 0xff, 0x01, 0xbd, 0x3f, 0xd1, 0x25, 0xd9, + 0xc2, 0x4b, 0x21, 0xda, 0x4b, 0xc6, 0x10, 0x04, + 0x7f, 0xe4, 0xc5, 0xc4, 0x22, 0x34, 0x3f, 0x9f, + 0x19, 0xd4, 0x67, 0x4a, 0xa1, 0x32, 0xde, 0x48, + 0xb4, 0xb2, 0x43, 0x6e, 0x9e, 0x4c, 0xde, 0xe8, + 0x1c, 0x1a, 0x6c, 0x41, 0x0e, 0x14, 0xbf, 0xb4, + 0x38, 0xa7, 0xa3, 0xcb, 0xc7, 0xa1, 0xa7, 0x5d, + 0x03, 0x30, 0x10, 0xb0, 0x9d, 0x00, 0xb6, 0x25, + 0x35, 0x0b, 0x82, 0x19, 0xc1, 0xf0, 0x07, 0x37, + 0x74, 0xb6, 0x4b, 0x72, 0xc6, 0xd5, 0x13, 0xae, + 0x43, 0x3f, 0x6d, 0x27, 0x89, 0x7e, 0x9b, 0x0a, + 0x0d, 0x96, 0xb2, 0x8d, 0x9b, 0x87, 0x43, 0x24, + 0xea, 0xaf, 0x11, 0x3e, 0xae, 0x0b, 0x5e, 0xc1, + 0xa2, 0xac, 0xc3, 0x43, 0x52, 0xd0, 0xe5, 0x92, + 0xab, 0xcc, 0xc9, 0x4f, 0x0d, 0xa0, 0x90, 0x66, + 0xb8, 0x01, 0x50, 0xe7, 0xe0, 0xd0, 0xed, 0x78, + 0x17, 0x8e, 0xf7, 0x43, 0x99, 0x57, 0x8a, 0xc6, + 0x9f, 0xcd, 0x3e, 0x55, 0xa0, 0xd6, 0x2c, 0x97, + 0x2e, 0x94, 0x2f, 0x3e, 0xc8, 0xac, 0xf0, 0xcb, + 0xda, 0x3d, 0x3b, 0xbd, 0x7f, 0xeb, 0xf6, 0xb5, + 0x85, 0x09, 0xd9, 0x44, 0x0b, 0x4c, 0xce, 0xe7, + 0x8e, 0xc4, 0xfa, 0x11, 0xb7, 0xd3, 0xae, 0xe4, + 0x5a, 0x2a, 0x67, 0x58, 0x32, 0xc2, 0x38, 0x86, + 0x26, 0x19, 0xbe, 0xe4, 0x34, 0xed, 0xae, 0x1e, + 0x0c, 0xea, 0x56, 0xea, 0x7f, 0x98, 0x75, 0xae, + 0xec, 0xaf, 0xc0, 0x43, 0xf9, 0x97, 0x11, 0xc0, + 0xbf, 0x44, 0x6a, 0xed, 0x17, 0x07, 0xa1, 0xc1, + 0xa8, 0x3a, 0x16, 0xa4, 0x4c, 0x0a, 0x91, 0xd2, + 0xd7, 0x16, 0x3a, 0xf7, 0xc5, 0x53, 0x19, 0x2a, + 0xc8, 0x7e, 0xc3, 0xae, 0xad, 0x1d, 0xcc, 0x40, + 0xde, 0xf0, 0x04, 0xdc, 0x17, 0xb7, 0x3d, 0x1f, + 0x76, 0x5d, 0xf3, 0xb1, 0x8d, 0xcb, 0x3f, 0xfe, + 0xc8, 0x98, 0xe6, 0x7f, 0xa1, 0x5b, 0x71, 0x44, + 0x7a, 0x16, 0x1a, 0x45, 0x77, 0xe1, 0xa1, 0xf3, + 0x53, 0x3d, 0xbc, 0xde, 0x01, 0x36, 0x31, 0xba, + 0xd7, 0x0e, 0x55, 0xc6, 0x0c, 0x4b, 0x00, 0xd3, + 0xf9, 0x88, 0x40, 0xcd, 0x54, 0xe8, 0x6f, 0x09, + 0x99, 0x37, 0xf8, 0x56, 0xcd, 0x45, 0xd2, 0xad, + 0x15, 0x45, 0x51, 0x73, 0x75, 0xec, 0x9e, 0x25, + 0x38, 0xf9, 0xc6, 0xad, 0x32, 0x47, 0x66, 0x2a, + 0x69, 0x9d, 0x8a, 0xfa, 0x83, 0x7a, 0x66, 0x07, + 0x23, 0x5a, 0x80, 0xc0, 0xdb, 0xa8, 0xfa, 0xe6, + 0xa0, 0xb8, 0x03, 0x42, 0x75, 0xb0, 0x5f, 0x99, + 0xc3, 0x42, 0x3e, 0x74, 0xd5, 0x98, 0xd0, 0xaf, + 0x53, 0x5c, 0xef, 0x82, 0x55, 0xc3, 0x13, 0x62, + 0x48, 0xb6, 0xdb, 0x1c, 0x9a, 0x15, 0xa6, 0x17, + 0x19, 0x92, 0x36, 0xff, 0x62, 0x03, 0x6d, 0x5f, + 0xdb, 0x3b, 0x9c, 0xee, 0xaa, 0x63, 0x52, 0x4a, + 0xdb, 0x13, 0xf4, 0x1f, 0xb1, 0x0f, 0xaa, 0x48, + 0xe5, 0x03, 0x7b, 0x4c, 0xea, 0x0c, 0x3c, 0xac, + 0xdd, 0xe0, 0x8f, 0x26, 0xf2, 0xc1, 0x1f, 0x17, + 0x1b, 0x46, 0x8b, 0x26, 0xd6, 0x79, 0x12, 0x60, + 0xea, 0x65, 0x84, 0x5b, 0x48, 0xa2, 0xe2, 0x9f, + 0x17, 0x4c, 0x46, 0x60, 0xff, 0x27, 0xad, 0xa4, + 0x69, 0x33, 0x4f, 0xe5, 0x5c, 0x99, 0xc0, 0x0c, + 0xd0, 0xd3, 0xe6, 0x87, 0xd9, 0x5b, 0x91, 0x88, + 0x23, 0x88, 0xf7, 0x39, 0xb7, 0x8e, 0xff, 0xd2, + 0x11, 0x05, 0x9a, 0x30, 0xa9, 0xf4, 0xed, 0xd0, + 0x8e, 0x81, 0x2e, 0xa0, 0x6e, 0x16, 0x85, 0x3f, + 0xe6, 0x28, 0xde, 0x2b, 0x77, 0xaa, 0x90, 0x36, + 0xf9, 0xbc, 0xdb, 0xd2, 0xf5, 0x33, 0xa5, 0x17, + 0x1d, 0x66, 0x99, 0xa9, 0xec, 0xdb, 0x87, 0x67, + 0x50, 0x1f, 0x9d, 0x82, 0xd8, 0x44, 0x61, 0x83, + 0xfd, 0x57, 0x6c, 0x71, 0xfc, 0xba, 0x34, 0x26, + 0xd9, 0x7f, 0x2c, 0xe2, 0x58, 0xbf, 0xc9, 0x7a, + 0x48, 0x38, 0x6a, 0xab, 0xe3, 0xb3, 0x78, 0xca, + 0x30, 0xa7, 0xab, 0x63, 0xae, 0xf6, 0xae, 0x1f, + 0xc3, 0x33, 0x4d, 0x5f, 0xb7, 0x0a, 0x40, 0x22, + 0xac, 0x7e, 0x3e, 0xdc, 0x99, 0x8c, 0x8b, 0x63, + 0x12, 0x8b, 0x45, 0xa7, 0x87, 0x32, 0x9d, 0x5c, + 0x10, 0x45, 0x46, 0x2f, 0x7a, 0x89, 0x92, 0xa3, + 0x73, 0x0b, 0xd6, 0x9d, 0x84, 0x67, 0x59, 0xb1, + 0xc9, 0x2e, 0x01, 0x3d, 0x2d, 0x62, 0x25, 0xf3, + 0x74, 0xcd, 0x3c, 0xe5, 0xfb, 0xa4, 0x67, 0xf3, + 0xda, 0x5d, 0xe5, 0x39, 0x3f, 0xab, 0x4d, 0x18, + 0x90, 0xa3, 0x4c, 0x80, 0x61, 0xfc, 0x96, 0x96, + 0x97, 0x0e, 0xe3, 0xe7, 0x2f, 0xc9, 0x97, 0x56, + 0x88, 0xca, 0x71, 0xb6, 0x98, 0xf4, 0x4d, 0x2b, + 0x48, 0x6f, 0x09, 0x54, 0x88, 0x1f, 0x83, 0xc8, + 0x66, 0x45, 0x82, 0xa4, 0x2f, 0x67, 0x56, 0xd3, + 0xab, 0x7e, 0x35, 0xde, 0x40, 0xd6, 0x55, 0x90, + 0x98, 0xea, 0x6e, 0xd2, 0xc6, 0xd2, 0x50, 0xb4, + 0x18, 0x73, 0x11, 0xb0, 0x95, 0x18, 0x89, 0xd3, + 0x21, 0xdf, 0xce, 0x9d, 0x65, 0x2d, 0x40, 0x4a, + 0x6c, 0x63, 0xd2, 0x35, 0x0d, 0x3d, 0x40, 0x16, + 0x1c, 0x1e, 0xb9, 0x48, 0x0b, 0x0f, 0x45, 0x52, + 0x47, 0x44, 0x64, 0x32, 0x8f, 0xce, 0x6a, 0x4f, + 0x75, 0x8d, 0xa4, 0x78, 0x85, 0x86, 0x87, 0x60, + 0xe1, 0xac, 0x14, 0x68, 0xc3, 0xcd, 0x84, 0xdd, + 0xfc, 0xaf, 0x22, 0xac, 0x10, 0xfd, 0xf5, 0xf7, + 0x3a, 0x3e, 0x75, 0x8a, 0xa9, 0x48, 0x81, 0x46, + 0xd5, 0xa8, 0xb0, 0xc2, 0x40, 0xc1, 0xde, 0xd1, + 0x34, 0x03, 0xfe, 0x41, 0x17, 0xb7, 0x56, 0x19, + 0x46, 0x1f, 0x2b, 0xef, 0xbb, 0x0a, 0xb1, 0xb3, + 0x3c, 0x33, 0x93, 0xc2, 0x09, 0xf3, 0xb5, 0x9e, + 0x4a, 0x1e, 0xe0, 0xe4, 0x79, 0x5c, 0x12, 0x78, + 0xb5, 0xac, 0xce, 0xd5, 0xa1, 0x71, 0xc7, 0x10, + 0x0f, 0x22, 0xc6, 0x44, 0x28, 0xf2, 0xbc, 0x85, + 0x6e, 0x14, 0x30, 0x31, 0xa9, 0x94, 0x7d, 0x2a, + 0xfd, 0xec, 0xff, 0xf2, 0x50, 0x6a, 0x86, 0x26, + 0xdd, 0x14, 0x41, 0x36, 0xb7, 0x52, 0x35, 0x4c, + 0xde, 0x6a, 0xf4, 0x3b, 0x95, 0x80, 0x2c, 0x56, + 0xbc, 0x86, 0xe9, 0x75, 0xe7, 0xed, 0x79, 0xe2, + 0xd4, 0xef, 0x10, 0x53, 0x92, 0x00, 0x00, 0x27, + 0x8a, 0x4e, 0x3a, 0x98, 0xb9, 0xcc, 0xd6, 0x34, + 0xcc, 0x6f, 0x37, 0x3d, 0x6d, 0xc9, 0x70, 0x78, + 0xa9, 0xcc, 0xd5, 0xe7, 0x11, 0x19, 0xb0, 0x5a, + 0x82, 0xe1, 0x54, 0x46, 0x76, 0x0e, 0x49, 0x6d, + 0xe9, 0xa2, 0x52, 0x29, 0x18, 0x4b, 0xff, 0x93, + 0x5b, 0x52, 0xe4, 0x72, 0xa0, 0xe4, 0x48, 0x51, + 0x3b, 0xfe, 0x61, 0x5e, 0xa7, 0xdc, 0x5e, 0xfa, + 0x34, 0x2a, 0x50, 0x1d, 0xb9, 0x51, 0x2e, 0x81, + 0x58, 0xa6, 0xe2, 0x89, 0x73, 0x30, 0x29, 0xb1, + 0x98, 0xe1, 0x71, 0xc9, 0x7c, 0xa4, 0x14, 0xf0, + 0x2e, 0x10, 0xbf, 0x90, 0x22, 0xb6, 0x80, 0x53, + 0x44, 0x33, 0xa6, 0xcc, 0xca, 0x66, 0xad, 0xc6, + 0x17, 0x41, 0x36, 0x87, 0xd8, 0xac, 0x09, 0xa9, + 0xcf, 0xbd, 0xcd, 0xef, 0x84, 0xae, 0xee, 0x5b, + 0x85, 0x7e, 0x19, 0x52, 0x5e, 0xdc, 0x5a, 0xa5, + 0xc8, 0x85, 0x62, 0xf7, 0x2c, 0xa8, 0x90, 0xa3, + 0x7a, 0x50, 0xa8, 0x81, 0xb9, 0xb3, 0xae, 0xd4, + 0xfd, 0x26, 0xa4, 0x85, 0xcf, 0x9a, 0x0b, 0x0d, + 0x57, 0x09, 0xcb, 0x60, 0xd9, 0x26, 0x08, 0x93, + 0xb9, 0x3f, 0xfe, 0xd5, 0x10, 0xbd, 0x9f, 0xf2, + 0xb9, 0x7b, 0xf5, 0xdb, 0x7c, 0xa5, 0xd6, 0x7c, + 0x63, 0xd6, 0x8d, 0x3c, 0xb7, 0x2b, 0xb1, 0x3a, + 0x9e, 0x49, 0x66, 0xc0, 0xa2, 0x71, 0xc0, 0xcb, + 0x92, 0xf6, 0xba, 0x68, 0x03, 0xd3, 0xa4, 0x12, + 0xf9, 0x91, 0x0c, 0xc2, 0xc2, 0x50, 0xe9, 0x34, + 0x9f, 0x59, 0xef, 0xa3, 0xc9, 0x4a, 0x60, 0x6e, + 0xab, 0x7d, 0x1f, 0xa4, 0x22, 0x0e, 0x5a, 0xee, + 0xea, 0x3a, 0x6f, 0xf1, 0xf7, 0x99, 0x02, 0xf6, + 0x23, 0xa2, 0xde, 0x6f, 0x08, 0x6b, 0xb1, 0x0f, + 0x14, 0x46, 0xdd, 0xc3, 0xec, 0xbd, 0x1a, 0x38, + 0xb8, 0xc9, 0xfd, 0x80, 0x67, 0xb1, 0x61, 0x74, + 0xb2, 0x5e, 0xf4, 0x50, 0x33, 0x6f, 0xe9, 0x1c, + 0x14, 0x09, 0x47, 0xcb, 0x0b, 0x40, 0x47, 0xab, + 0xb7, 0xab, 0x6e, 0xcd, 0xf2, 0xd4, 0xda, 0xd9, + 0xaf, 0xf8, 0x80, 0xb4, 0x32, 0x2d, 0x90, 0xc6, + 0xfa, 0xfc, 0xb8, 0xab, 0xd8, 0x64, 0xd5, 0x73, + 0xc6, 0xee, 0xa6, 0x56, 0xcc, 0x8b, 0x59, 0xa4, + 0xcf, 0xdb, 0x7d, 0x6b, 0x9f, 0x76, 0x69, 0x7c, + 0xe4, 0x7c, 0x8d, 0xea, 0x6d, 0xb2, 0x53, 0x8a, + 0xec, 0x08, 0x50, 0x70, 0x54, 0x69, 0xa6, 0x9b, + 0x98, 0xb0, 0xa6, 0xdb, 0xc8, 0x72, 0x90, 0xed, + 0xe4, 0xa1, 0x55, 0x88, 0x6c, 0x9e, 0x2a, 0xf1, + 0x6b, 0x4e, 0x10, 0x22, 0xa0, 0x94, 0x82, 0xf0, + 0x3a, 0x5f, 0xcc, 0xc0, 0x07, 0x54, 0xbb, 0x25, + 0x2c, 0x86, 0xba, 0x5e, 0x71, 0x79, 0x39, 0xa2, + 0xaf, 0x1a, 0x2e, 0x93, 0x57, 0xeb, 0x2e, 0x6f, + 0x4b, 0x39, 0x63, 0x2c, 0x85, 0xb1, 0x0c, 0xaf, + 0xe0, 0x0c, 0x6e, 0x69, 0xb7, 0xa1, 0xba, 0x4f, + 0x81, 0x09, 0x25, 0x1b, 0x2c, 0xd2, 0x08, 0x81, + 0xaa, 0x63, 0x7e, 0xf1, 0xae, 0x54, 0x50, 0x12, + 0x61, 0xa0, 0x4c, 0x88, 0x37, 0x0f, 0x8f, 0x5f, + 0x1b, 0x12, 0x0c, 0x72, 0x91, 0x4c, 0xf3, 0x85, + 0xb3, 0xc1, 0x8e, 0x84, 0x9b, 0xbb, 0xbf, 0xd5, + 0x8d, 0x42, 0x27, 0x4f, 0x50, 0xf8, 0xf6, 0x10, + 0xbc, 0xc4, 0x3c, 0xf6, 0x61, 0x71, 0xf7, 0x6b, + 0xf6, 0xf9, 0x6c, 0x61, 0x5b, 0x17, 0x11, 0x47, + 0x4b, 0xb9, 0xbd, 0xac, 0x9b, 0xa6, 0xbe, 0xec, + 0x36, 0x6f, 0x70, 0x52, 0xd0, 0xc1, 0x15, 0xc6, + 0x39, 0x17, 0xa2, 0xc8, 0x7f, 0xae, 0xab, 0x63, + 0xa3, 0xec, 0x86, 0xf4, 0x76, 0x2b, 0xef, 0xd0, + 0x88, 0xb4, 0xb3, 0x1d, 0x6f, 0x56, 0xca, 0xa4, + 0xc3, 0x02, 0x98, 0xde, 0xbf, 0xb3, 0x82, 0x47, + 0xaf, 0xb6, 0xba, 0xbb, 0x55, 0xd8, 0xd4, 0x3f, + 0x02, 0x89, 0x3d, 0x75, 0x96, 0xbd, 0xb0, 0xca, + 0x1a, 0x30, 0xc4, 0x5a, 0xd7, 0x70, 0xa9, 0x3c, + 0x17, 0x59, 0x99, 0xb9, 0x1a, 0xb3, 0x38, 0x39, + 0x51, 0xdf, 0x26, 0x17, 0x66, 0x39, 0x9b, 0x1e, + 0xaa, 0xe5, 0x86, 0x14, 0x66, 0x3d, 0x37, 0x03, + 0x95, 0xfd, 0xd1, 0xa9, 0xf5, 0x33, 0xb8, 0x86, + 0xdf, 0x77, 0xed, 0xf6, 0xb9, 0x9c, 0x15, 0x46, + 0xe9, 0x0a, 0xaa, 0x51, 0x89, 0x50, 0x71, 0x56, + 0x1c, 0x32, 0x08, 0x87, 0xeb, 0x50, 0xce, 0xbc, + 0x70, 0x8e, 0xcf, 0x0c, 0x2b, 0x3b, 0x4c, 0x33, + 0xdc, 0x67, 0xd3, 0x49, 0x6c, 0x69, 0xfd, 0x16, + 0xbb, 0xe7, 0x62, 0xfc, 0x03, 0x47, 0x65, 0x28, + 0xcf, 0xab, 0xd3, 0x04, 0xb6, 0xc3, 0xf4, 0x7b, + 0xc5, 0x40, 0xce, 0x87, 0x8c, 0xa6, 0x46, 0xe5, + 0x2e, 0x2c, 0xb6, 0xef, 0x1c, 0x27, 0xee, 0x70, + 0x7a, 0x34, 0x89, 0x69, 0xb1, 0xb6, 0x77, 0xe2, + 0xc3, 0xdb, 0xf2, 0x35, 0xd7, 0xca, 0x14, 0xd9, + 0x82, 0xa7, 0x07, 0x0e, 0x4a, 0xda, 0xd0, 0x33, + 0xcc, 0xa2, 0x42, 0x27, 0x1b, 0x7c, 0x64, 0xeb, + 0x2d, 0x97, 0xba, 0xde, 0xfe, 0x59, 0x0d, 0x4f, + 0x83, 0x17, 0xf2, 0xca, 0xce, 0xfe, 0x10, 0xf2, + 0x5d, 0x9a, 0xf0, 0xdd, 0x7a, 0xa7, 0xfa, 0x38, + 0x58, 0x9d, 0xe3, 0x0d, 0x61, 0x89, 0xa5, 0xef, + 0xc1, 0x01, 0x8d, 0x2f, 0xfe, 0x2f, 0x7e, 0x57, + 0x1c, 0x18, 0x46, 0x2a, 0x5e, 0xca, 0x4e, 0xf6, + 0x57, 0xf9, 0xa9, 0xaa, 0xa2, 0xa1, 0x53, 0x16, + 0xca, 0xaa, 0x53, 0xa3, 0x9e, 0xb0, 0xb0, 0xc3, + 0xa3, 0x30, 0x1e, 0x92, 0xd7, 0x7a, 0x61, 0xc9, + 0x18, 0x08, 0x18, 0x2a, 0x26, 0x3c, 0x93, 0xeb, + 0x9f, 0x6c, 0x7e, 0x3d, 0x15, 0xdc, 0x3f, 0x84, + 0x48, 0x46, 0xfb, 0x52, 0x87, 0x07, 0xcb, 0xd5, + 0x8d, 0x05, 0xc4, 0x89, 0x27, 0x91, 0x6c, 0xe8, + 0xa7, 0x86, 0x65, 0x20, 0x01, 0x99, 0x43, 0x9b, + 0xc6, 0xe7, 0x65, 0x4b, 0xbc, 0xd5, 0xb3, 0x26, + 0x98, 0x0a, 0xf7, 0x97, 0x79, 0xd0, 0xcf, 0x3c, + 0x84, 0x97, 0xea, 0xf6, 0xab, 0x58, 0xca, 0x0e, + 0x1a, 0xc5, 0x87, 0xf8, 0xf2, 0x82, 0x97, 0xa5, + 0x90, 0xb8, 0xb2, 0x39, 0x76, 0x5a, 0xad, 0x4a, + 0xd4, 0xdc, 0x6c, 0xc2, 0xf7, 0x7d, 0xa6, 0x49, + 0x70, 0x49, 0x77, 0x29, 0x68, 0xaa, 0xba, 0x2f, + 0x3d, 0x13, 0x61, 0x72, 0xfb, 0x08, 0x2e, 0x84, + 0x6d, 0x51, 0x72, 0x92, 0x93, 0x8f, 0x31, 0x5b, + 0x0a, 0xab, 0x21, 0x81, 0x63, 0x46, 0x0b, 0xde, + 0xca, 0xd8, 0x0a, 0x55, 0x51, 0xfb, 0xe0, 0x59, + 0xcd, 0x39, 0x96, 0x07, 0x5b, 0x37, 0x74, 0xc7, + 0x64, 0xb0, 0x91, 0xcf, 0xa2, 0x49, 0x36, 0x16, + 0xbb, 0x9a, 0xce, 0xcc, 0xee, 0x4b, 0x37, 0x76, + 0x0d, 0xe1, 0x29, 0x63, 0x6a, 0x97, 0x89, 0x13, + 0x67, 0x9a, 0xd9, 0x13, 0xdf, 0xc5, 0x05, 0x53, + 0x00, 0xf3, 0xaf, 0x31, 0x9b, 0xcd, 0xc7, 0xe4, + 0x68, 0x6d, 0x88, 0x97, 0xa3, 0xd2, 0xa1, 0xb4, + 0xcc, 0x62, 0x0b, 0x48, 0xcb, 0x7d, 0xcc, 0xbf, + 0xb3, 0x9d, 0xd3, 0xa5, 0x23, 0x61, 0xee, 0x34, + 0xcd, 0xfe, 0xf3, 0xcc, 0xd5, 0xf2, 0x69, 0xef, + 0x31, 0x6b, 0xff, 0x3e, 0x57, 0xcb, 0x80, 0x8e, + 0x45, 0x5d, 0xc1, 0x0f, 0x4f, 0xa5, 0x38, 0xb1, + 0x2e, 0x83, 0x75, 0xd4, 0xa1, 0x6f, 0xb4, 0xda, + 0xf6, 0x8b, 0x75, 0xe0, 0x92, 0xcd, 0xae, 0x17, + 0x8c, 0x5d, 0xbf, 0x0f, 0xf4, 0xc2, 0x95, 0x35, + 0x8c, 0x84, 0xaf, 0xec, 0xfd, 0x6e, 0x49, 0xc4, + 0x60, 0x70, 0x2e, 0x6a, 0x51, 0x42, 0x42, 0xc0, + 0x85, 0x70, 0x4f, 0xd0, 0x27, 0x09, 0xd2, 0x81, + 0x3f, 0x04, 0x53, 0xb6, 0x9f, 0xdd, 0x46, 0x57, + 0xa3, 0xc5, 0x1c, 0xff, 0x3a, 0x6d, 0x7d, 0xf5, + 0x1b, 0x30, 0xef, 0x22, 0xdf, 0x32, 0x8d, 0xa0, + 0x2d, 0x80, 0x03, 0x0b, 0x9e, 0xbe, 0x57, 0x08, + 0xe8, 0xde, 0x2e, 0x71, 0x01, 0x2f, 0xa2, 0x2b, + 0xdf, 0xf7, 0x59, 0xd4, 0x27, 0xf8, 0x83, 0x05, + 0x2d, 0xb3, 0x24, 0x9a, 0xdd, 0x0b, 0x3c, 0x57, + 0x33, 0xb9, 0x8a, 0x96, 0xf4, 0xf2, 0x96, 0x81, + 0xd6, 0xd9, 0x8e, 0xff, 0x82, 0x30, 0xaf, 0x5f, + 0xc6, 0x1f, 0x7c, 0x08, 0x3a, 0xd5, 0x7e, 0xaa, + 0x6e, 0x63, 0x85, 0x9d, 0xe7, 0x8d, 0xc5, 0x09, + 0x81, 0x86, 0xe8, 0xb8, 0xf3, 0x79, 0xf0, 0x6b, + 0xcc, 0x6a, 0x87, 0xc8, 0xe1, 0xfe, 0xa1, 0x9a, + 0xfe, 0x9d, 0x1b, 0xbc, 0x67, 0x36, 0x3a, 0x8d, + 0x0d, 0x88, 0xd7, 0x40, 0xbb, 0x6d, 0xa5, 0x86, + 0xf0, 0x54, 0x3e, 0xfc, 0x09, 0xa3, 0xf6, 0x12, + 0x6c, 0x84, 0xeb, 0xb0, 0x31, 0xef, 0x6e, 0x88, + 0x37, 0x4f, 0x1a, 0xa6, 0x04, 0x17, 0xec, 0x4f, + 0xd1, 0xe8, 0x6a, 0x71, 0x5f, 0xa1, 0xf2, 0x03, + 0xde, 0x29, 0x0a, 0x1e, 0xd0, 0x8a, 0x5d, 0x1f, + 0x3e, 0x91, 0xfb, 0x0d, 0x9d, 0x74, 0x19, 0x0a, + 0x66, 0x14, 0x52, 0x4a, 0x30, 0x49, 0x4a, 0x2f, + 0xb3, 0xde, 0x71, 0xea, 0x2f, 0x5e, 0x93, 0x7f, + 0xef, 0x1d, 0x18, 0xa1, 0x44, 0x03, 0xda, 0x24, + 0x89, 0x35, 0xd8, 0x20, 0x50, 0x55, 0xb9, 0xc8, + 0xc0, 0xbd, 0x50, 0xb2, 0x9f, 0x61, 0xbf, 0x57, + 0xd4, 0x80, 0x98, 0x90, 0x57, 0x43, 0x4e, 0xc2, + 0x06, 0x21, 0xd5, 0x06, 0x1a, 0x17, 0xf4, 0xc7, + 0x9d, 0x51, 0x84, 0x05, 0x85, 0xa3, 0x3e, 0x13, + 0x06, 0xb3, 0xf4, 0xfb, 0x3f, 0x0b, 0x33, 0xd0, + 0x3f, 0xef, 0xb0, 0xf6, 0x58, 0xe7, 0x83, 0xea, + 0x9d, 0xe6, 0xc6, 0xa1, 0x2f, 0xd0, 0x96, 0xde, + 0x27, 0xa1, 0x91, 0x72, 0x44, 0xeb, 0xa6, 0x9e, + 0x59, 0xb0, 0xfd, 0xf9, 0x3b, 0x91, 0x5c, 0x37, + 0x2e, 0x79, 0x6e, 0xef, 0x36, 0x93, 0x61, 0x37, + 0x56, 0x93, 0x7d, 0x37, 0x76, 0x4d, 0x39, 0xd4, + 0xee, 0xb5, 0x4a, 0xa8, 0x85, 0xd1, 0x23, 0x0a, + 0xe1, 0xc2, 0x51, 0x05, 0xdb, 0x09, 0xee, 0xd9, + 0xd5, 0xe4, 0xf9, 0xa7, 0x51, 0x33, 0x82, 0x11, + 0xc4, 0x90, 0x76, 0x46, 0x11, 0xdf, 0x76, 0xa1, + 0x29, 0xe0, 0x40, 0x4e, 0x56, 0x78, 0x61, 0x78, + 0x28, 0x3a, 0x4a, 0xd9, 0xe9, 0xf4, 0xe4, 0x8b, + 0x59, 0xec, 0x6e, 0x05, 0x6f, 0x09, 0xce, 0x6c, + 0x58, 0xbc, 0x4a, 0xef, 0xd4, 0x84, 0xf7, 0xd9, + 0x0c, 0x4b, 0x19, 0xaf, 0x8b, 0xaa, 0x7a, 0xa2, + 0x04, 0x20, 0xe4, 0xc5, 0x97, 0x89, 0x24, 0x88, + 0xb6, 0x7b, 0x20, 0x3f, 0xcc, 0x0c, 0x9f, 0x84 + }; + /* Message (33 bytes) */ + static const byte msg_65[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_65[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signing randomness (32 bytes) */ + static const byte rnd_65[] = { + 0x62, 0x55, 0x56, 0x3b, 0xa9, 0x61, 0x77, 0x21, + 0x46, 0xca, 0x08, 0x67, 0x67, 0x8d, 0x56, 0x78, + 0x7c, 0xad, 0x77, 0xab, 0x4f, 0xc8, 0xfc, 0xfe, + 0x9e, 0x02, 0xdf, 0x83, 0x9c, 0x99, 0x42, 0x4d + }; + /* Expected signature with empty context (ctx=NULL, ctxLen=0), 3309 bytes */ + static const byte sig_65_ctx0[] = { + 0x72, 0x7f, 0x65, 0x82, 0xe8, 0xd2, 0xe3, 0xc8, + 0xd5, 0xe7, 0x29, 0xca, 0x43, 0x91, 0xda, 0x3d, + 0xcc, 0xfb, 0x78, 0x7b, 0xc5, 0x9c, 0x68, 0x1a, + 0xb0, 0x33, 0x34, 0x71, 0x63, 0x7f, 0x55, 0x03, + 0x81, 0x10, 0x83, 0x60, 0xa7, 0x22, 0x67, 0x10, + 0x87, 0x71, 0xf4, 0xd5, 0xf6, 0x88, 0x1d, 0xa8, + 0x29, 0x4d, 0x82, 0x7c, 0x17, 0x34, 0xea, 0xa4, + 0x09, 0x51, 0x53, 0x22, 0xc0, 0x74, 0x44, 0x87, + 0xad, 0x3a, 0x24, 0x6a, 0x1b, 0x30, 0x3f, 0xfa, + 0x19, 0x52, 0x7f, 0x78, 0x3a, 0x24, 0x90, 0x93, + 0xb6, 0xe1, 0x9e, 0x68, 0xd8, 0x72, 0x28, 0x8e, + 0x95, 0xd5, 0x1e, 0x30, 0xd8, 0x13, 0x19, 0x86, + 0x65, 0xfb, 0x57, 0x9c, 0xaa, 0x1a, 0xf2, 0xf0, + 0xc4, 0xf7, 0xc0, 0x4a, 0xb0, 0x36, 0xec, 0x41, + 0x10, 0x5f, 0x9a, 0x5d, 0x7e, 0xff, 0x81, 0xcc, + 0x0d, 0xfc, 0xab, 0x2d, 0x93, 0x8e, 0xc3, 0x7c, + 0x4b, 0xe2, 0x22, 0x5c, 0x73, 0x61, 0x4c, 0xe9, + 0x29, 0x16, 0x1e, 0x2e, 0xd7, 0x0c, 0x2d, 0x4f, + 0x5c, 0xba, 0x29, 0xa9, 0xce, 0xba, 0x50, 0x9c, + 0xb0, 0xb9, 0x66, 0x40, 0x43, 0x95, 0x90, 0xa4, + 0xbc, 0xd3, 0xe1, 0x79, 0x2f, 0x6a, 0xbc, 0xda, + 0x23, 0x89, 0xf6, 0xfe, 0x07, 0x5a, 0xf1, 0xaf, + 0x7f, 0x83, 0x64, 0x16, 0x71, 0xf5, 0x87, 0x06, + 0x17, 0xf6, 0x48, 0x3e, 0xb6, 0xd1, 0x91, 0xca, + 0xad, 0x92, 0xf5, 0x0c, 0x63, 0xfa, 0x58, 0x3b, + 0x96, 0x2b, 0x88, 0x56, 0xbc, 0x9d, 0x47, 0x0c, + 0x42, 0x18, 0x72, 0x0d, 0x32, 0xea, 0x22, 0x7a, + 0x90, 0xc2, 0xf4, 0xfc, 0xac, 0x43, 0x2c, 0x74, + 0xd7, 0x63, 0xd5, 0xc9, 0x82, 0xc6, 0xc8, 0xe9, + 0xe1, 0xa9, 0xc6, 0xd2, 0x8a, 0x73, 0x2c, 0xb5, + 0x26, 0x70, 0xab, 0xc6, 0xe2, 0xf8, 0xbd, 0x2a, + 0xc2, 0xa5, 0xf9, 0xb0, 0x20, 0xbc, 0xfb, 0x43, + 0x02, 0xb4, 0x3a, 0x30, 0x87, 0x81, 0x23, 0x50, + 0xd9, 0xc3, 0x8a, 0x43, 0xdf, 0x8e, 0x22, 0x4f, + 0x71, 0x74, 0x52, 0x39, 0x04, 0x3a, 0x72, 0xc6, + 0x3f, 0x5f, 0x01, 0x94, 0xe8, 0xb7, 0x86, 0x38, + 0xf8, 0xd9, 0x33, 0x8f, 0x4f, 0x9d, 0x89, 0x47, + 0x18, 0x3c, 0x4d, 0x15, 0xc8, 0xba, 0x1e, 0x5c, + 0x20, 0x3e, 0x42, 0x20, 0x06, 0x6e, 0x44, 0x9e, + 0xdd, 0x66, 0x30, 0x75, 0xd9, 0x9a, 0xf8, 0x03, + 0x0a, 0x6f, 0x3a, 0x3d, 0x18, 0x8d, 0x4e, 0x94, + 0xc4, 0x41, 0x33, 0xd2, 0xe5, 0x5f, 0x73, 0xf7, + 0xcf, 0xe2, 0xe3, 0x92, 0xb5, 0x7e, 0xbf, 0xef, + 0xd0, 0x59, 0xd6, 0x79, 0x9c, 0xcb, 0xc8, 0x7f, + 0x7e, 0x35, 0x25, 0xae, 0x95, 0xc1, 0xf5, 0xa5, + 0xfc, 0x4f, 0xe8, 0xa3, 0xd8, 0x4b, 0x06, 0x7e, + 0xec, 0x52, 0x73, 0xe7, 0xbe, 0x14, 0xa3, 0x1f, + 0xa3, 0xd6, 0x1d, 0xf4, 0xcf, 0x4a, 0x23, 0xf3, + 0x2a, 0x04, 0xef, 0x8a, 0x40, 0x46, 0x79, 0x29, + 0x54, 0xa4, 0x65, 0xec, 0xd5, 0xe5, 0x9e, 0x9c, + 0x64, 0xa9, 0x35, 0x71, 0x90, 0xc3, 0x99, 0x12, + 0x65, 0xce, 0x0c, 0x99, 0xd2, 0xdf, 0x4d, 0x17, + 0x4e, 0x53, 0x5d, 0xec, 0x6c, 0x12, 0x3e, 0xa3, + 0x3d, 0x6b, 0xa8, 0x9e, 0x9b, 0xd9, 0x22, 0x27, + 0x75, 0x00, 0x4c, 0x62, 0x04, 0x85, 0x9e, 0x7f, + 0x3a, 0x05, 0x37, 0xc5, 0x59, 0xe6, 0xb7, 0x14, + 0x3d, 0xbd, 0x5e, 0x48, 0x39, 0xcc, 0x68, 0x54, + 0x5d, 0xf2, 0x5c, 0x99, 0x16, 0x17, 0x00, 0xca, + 0x8a, 0xc6, 0x85, 0xe4, 0x24, 0x28, 0x0e, 0xfe, + 0x4e, 0x79, 0x0f, 0xe9, 0x55, 0x70, 0x2b, 0xbe, + 0xaa, 0x0c, 0x48, 0xeb, 0x8c, 0x90, 0xd4, 0xe2, + 0xf1, 0x47, 0xad, 0x14, 0xd7, 0xc6, 0xed, 0xb6, + 0xb5, 0xd7, 0x9d, 0xa9, 0x4b, 0x45, 0x12, 0xa0, + 0x8a, 0x08, 0x64, 0x7a, 0x7d, 0xd6, 0xaf, 0xc1, + 0x73, 0xda, 0xd8, 0x91, 0x1e, 0x06, 0xac, 0x18, + 0x60, 0x38, 0xbe, 0x7c, 0x47, 0x3e, 0x81, 0x04, + 0x14, 0x5e, 0x8e, 0xd4, 0x1d, 0x85, 0xf4, 0xd8, + 0xe3, 0x30, 0xee, 0xe4, 0xab, 0xb7, 0x5c, 0x1e, + 0xce, 0x17, 0x51, 0xd8, 0xa3, 0xfc, 0x2b, 0x8b, + 0x61, 0x16, 0x59, 0x06, 0xe5, 0x7e, 0x06, 0x6b, + 0x0d, 0x3a, 0x95, 0xd7, 0xff, 0x8b, 0x10, 0x7a, + 0xaf, 0x9d, 0x4c, 0xc2, 0xff, 0x8f, 0xd8, 0x51, + 0x62, 0xc8, 0x53, 0x5f, 0xeb, 0x0c, 0x21, 0x0d, + 0x82, 0x98, 0x3b, 0xea, 0xd7, 0x57, 0x6c, 0x6f, + 0x00, 0xbb, 0x34, 0xed, 0x1b, 0x7f, 0x84, 0xd3, + 0xc4, 0x25, 0xa9, 0xcd, 0x1f, 0x4e, 0x7e, 0x42, + 0xe0, 0x46, 0xe2, 0x8d, 0xf1, 0x66, 0x30, 0xb5, + 0xb9, 0x73, 0x61, 0xf1, 0x63, 0x28, 0x2c, 0x3a, + 0xc0, 0x9b, 0xc5, 0x58, 0xb4, 0x83, 0x53, 0x3e, + 0x3b, 0xfe, 0x39, 0xa7, 0x6f, 0x80, 0xf9, 0x56, + 0x6a, 0xcc, 0xa7, 0xd6, 0xf8, 0x35, 0xea, 0x85, + 0xcc, 0x8a, 0x83, 0xc2, 0x5b, 0x95, 0x7e, 0x77, + 0x0a, 0x8d, 0x29, 0x0a, 0xf7, 0xc0, 0x3e, 0x76, + 0xd3, 0xda, 0x0c, 0x3e, 0x1f, 0x0e, 0x22, 0x2b, + 0xa7, 0x1d, 0xf9, 0xc2, 0x3d, 0x3e, 0xcd, 0x8a, + 0xb4, 0xa5, 0xcb, 0x1c, 0x02, 0xc3, 0x8f, 0x32, + 0x6b, 0x61, 0xee, 0x86, 0x20, 0x96, 0xc1, 0x92, + 0x63, 0x10, 0xbd, 0x1e, 0x86, 0xb9, 0x33, 0xf0, + 0x01, 0x66, 0x45, 0x8b, 0x7d, 0x5c, 0x2b, 0x72, + 0xa4, 0xb7, 0xfd, 0xf7, 0x5e, 0x62, 0x9d, 0xe6, + 0x4d, 0x82, 0x22, 0x9b, 0xbf, 0x47, 0x22, 0xf2, + 0x5c, 0x79, 0x6c, 0xa4, 0x21, 0x0a, 0xf0, 0x71, + 0x3b, 0xb3, 0xde, 0x0b, 0x35, 0x38, 0xf8, 0xcc, + 0x1f, 0x13, 0x18, 0x04, 0xb5, 0x29, 0xa2, 0x88, + 0x48, 0x84, 0xfe, 0x28, 0x47, 0x8f, 0xd3, 0x3f, + 0x44, 0x49, 0x3a, 0x00, 0x48, 0x70, 0x01, 0x7e, + 0x7c, 0x2c, 0xa0, 0xa9, 0x64, 0xbe, 0x2f, 0xa3, + 0xde, 0x40, 0x96, 0x12, 0x44, 0xc0, 0x7f, 0x29, + 0x96, 0x84, 0xdd, 0x13, 0x19, 0xcb, 0x3a, 0xaa, + 0xbb, 0x1f, 0x55, 0xe5, 0xb3, 0x02, 0x9f, 0x49, + 0xd9, 0xd3, 0xaa, 0x1b, 0xbf, 0xce, 0xbd, 0xbd, + 0x55, 0xa3, 0x5e, 0x31, 0xb6, 0x42, 0x39, 0x6e, + 0x81, 0x9c, 0xac, 0x84, 0x7f, 0x47, 0x9a, 0x1b, + 0x4f, 0x41, 0x2f, 0x9e, 0x44, 0x25, 0x34, 0xc7, + 0xe5, 0x9d, 0x12, 0xad, 0xf9, 0x94, 0xcc, 0x9d, + 0xd7, 0x15, 0xdc, 0x3d, 0x92, 0xd6, 0x2b, 0xef, + 0x2e, 0xe6, 0x1f, 0x42, 0x3b, 0xee, 0x66, 0xa4, + 0xba, 0x99, 0x03, 0xd7, 0xb6, 0x3a, 0xc3, 0xab, + 0x19, 0x86, 0xfa, 0x88, 0xf0, 0xe1, 0x0b, 0x8d, + 0x1b, 0x29, 0xb0, 0xf2, 0x8c, 0x83, 0x8d, 0x08, + 0x8f, 0x6e, 0x9b, 0xa7, 0xad, 0xc8, 0x7e, 0x49, + 0xeb, 0x01, 0x82, 0x8e, 0xf3, 0x0e, 0x54, 0x23, + 0xd9, 0x94, 0x8b, 0x84, 0x1d, 0xe7, 0x74, 0x1c, + 0xf0, 0xe3, 0xfa, 0x31, 0x97, 0xe0, 0xce, 0x93, + 0xa1, 0x96, 0x7f, 0x5b, 0x79, 0xd8, 0x4c, 0x3e, + 0x35, 0x52, 0x7a, 0xfd, 0x5a, 0xd2, 0x85, 0x12, + 0x89, 0xe7, 0x05, 0x9d, 0x7e, 0x54, 0x81, 0xad, + 0xb5, 0x24, 0x7f, 0x79, 0x82, 0xec, 0xc7, 0x6b, + 0x90, 0x5d, 0x2d, 0xe6, 0x8f, 0x7d, 0x4d, 0xba, + 0xf0, 0x18, 0x34, 0x91, 0x88, 0xb2, 0xfc, 0xb3, + 0x00, 0xe6, 0x5f, 0xa5, 0xa8, 0x33, 0xc7, 0x6a, + 0x58, 0x06, 0xe5, 0x17, 0xd8, 0xb5, 0xe1, 0x00, + 0xe2, 0xf4, 0x47, 0x09, 0xea, 0xe2, 0xb4, 0x58, + 0xed, 0x11, 0xa5, 0xbb, 0x28, 0x62, 0x9b, 0xe7, + 0x89, 0x9f, 0xae, 0x25, 0xbf, 0x0c, 0x67, 0xc2, + 0xd9, 0x87, 0xe2, 0x3e, 0x9b, 0x53, 0x3c, 0x33, + 0x92, 0x2d, 0x81, 0x0d, 0x88, 0x05, 0x0b, 0x73, + 0x5f, 0xfd, 0x10, 0xc0, 0x14, 0xb2, 0x8e, 0xf0, + 0x52, 0x02, 0x2c, 0x22, 0x8b, 0x66, 0x71, 0xf8, + 0x14, 0x04, 0xd4, 0xeb, 0x6b, 0x69, 0x32, 0x3a, + 0xed, 0xd1, 0xcd, 0x74, 0x27, 0xf2, 0xe7, 0x7f, + 0x86, 0xc1, 0x27, 0x17, 0x8b, 0x62, 0x1f, 0xed, + 0x33, 0xc4, 0x94, 0x49, 0x90, 0x09, 0x3c, 0x00, + 0xf6, 0x67, 0x63, 0x7b, 0x03, 0xeb, 0x07, 0x3f, + 0xc2, 0xe2, 0x48, 0xe6, 0x50, 0x67, 0x71, 0xac, + 0xf6, 0x67, 0x3b, 0x5f, 0x82, 0xd3, 0x68, 0x51, + 0x6f, 0x95, 0x4f, 0x17, 0x49, 0x01, 0x5c, 0xaf, + 0xf9, 0xf7, 0xb3, 0xed, 0xa7, 0x5d, 0x79, 0x68, + 0x32, 0x23, 0xd3, 0xc2, 0x00, 0xae, 0x13, 0x39, + 0x09, 0x51, 0x13, 0x70, 0x2f, 0x73, 0x5d, 0xb0, + 0x7c, 0x79, 0xdf, 0x9a, 0xb2, 0x76, 0x87, 0x4d, + 0x21, 0x44, 0xb5, 0xe4, 0x1f, 0x41, 0x5a, 0x13, + 0x03, 0xbd, 0x14, 0x81, 0x22, 0xfa, 0x2e, 0xb4, + 0x8c, 0x0f, 0xd6, 0xa1, 0x7c, 0x28, 0xa5, 0xec, + 0xb1, 0x66, 0x53, 0x45, 0x13, 0xea, 0x7f, 0x9c, + 0x50, 0x5e, 0x32, 0x5a, 0xef, 0xb6, 0xb4, 0xde, + 0x82, 0xa5, 0xb6, 0xc3, 0xb1, 0xdc, 0x7a, 0xd8, + 0xad, 0xf6, 0x67, 0x94, 0x41, 0x8b, 0x6d, 0x2c, + 0x2b, 0xdc, 0x60, 0xbe, 0xf3, 0x06, 0x55, 0x26, + 0x5c, 0x08, 0x71, 0x41, 0x79, 0xe2, 0x74, 0x11, + 0x6b, 0x89, 0xc6, 0xd2, 0x58, 0xee, 0xd5, 0xc2, + 0x9e, 0x9d, 0x2f, 0xd8, 0x16, 0x4f, 0xd6, 0x68, + 0xcb, 0x55, 0xf2, 0x2a, 0x00, 0xc0, 0x3e, 0x59, + 0x61, 0x60, 0xb3, 0x7e, 0xad, 0x9b, 0x8f, 0x27, + 0xb7, 0xfb, 0x4b, 0x02, 0xe7, 0x62, 0xda, 0x2b, + 0x9c, 0xcd, 0x02, 0xa6, 0xe8, 0x51, 0x6a, 0xa9, + 0xa1, 0xcc, 0x21, 0x7e, 0x96, 0x47, 0x24, 0x14, + 0x83, 0xe2, 0x43, 0xe4, 0xdd, 0x0d, 0x9b, 0x4c, + 0x8e, 0x45, 0x63, 0x28, 0xd0, 0xe9, 0x02, 0xcc, + 0x29, 0x27, 0x4f, 0xa7, 0xa7, 0x42, 0xb4, 0xb8, + 0x58, 0xf2, 0xfe, 0x20, 0xaa, 0x6f, 0x61, 0x25, + 0x89, 0x1a, 0x1a, 0x6d, 0xd7, 0x13, 0x27, 0xf9, + 0xb8, 0x78, 0x90, 0xa8, 0x12, 0x09, 0x96, 0xc8, + 0x70, 0xa4, 0xe3, 0xb0, 0x82, 0xe1, 0xbe, 0x01, + 0xfa, 0x71, 0x79, 0x6e, 0x9c, 0xc3, 0x49, 0x96, + 0x3c, 0x62, 0xa3, 0xae, 0xcb, 0xe8, 0x0d, 0x08, + 0x86, 0x1c, 0x6e, 0x84, 0x70, 0x03, 0xf6, 0x7b, + 0x91, 0x12, 0x44, 0x96, 0xb6, 0xf0, 0xe6, 0xca, + 0xd7, 0x3c, 0x7a, 0x3d, 0xc9, 0xcd, 0xc3, 0x90, + 0xab, 0x5f, 0x75, 0xe8, 0x50, 0x20, 0xf5, 0xed, + 0xed, 0xd0, 0x7a, 0xa1, 0x20, 0x5c, 0x37, 0x26, + 0x17, 0xb8, 0xa2, 0x9e, 0xe9, 0x4a, 0xbe, 0xd9, + 0x09, 0x27, 0xd3, 0x86, 0xdd, 0x2b, 0x03, 0x53, + 0xbf, 0xe0, 0x0e, 0xb3, 0x83, 0xbd, 0xe2, 0x73, + 0x4c, 0x1d, 0x09, 0x12, 0xbe, 0x51, 0x54, 0x8f, + 0xdb, 0xfa, 0x9d, 0x9f, 0xad, 0xe9, 0xac, 0x50, + 0x09, 0xbf, 0x1d, 0x62, 0x8d, 0x35, 0x18, 0x98, + 0x09, 0x6e, 0x8a, 0x95, 0xb6, 0x09, 0x1f, 0x1f, + 0x08, 0xd2, 0xe9, 0x63, 0xac, 0x3c, 0x7e, 0xde, + 0xff, 0xbd, 0x9e, 0xc1, 0x9c, 0x67, 0xcd, 0x67, + 0x39, 0xaa, 0x99, 0xb3, 0xec, 0xb9, 0xd0, 0x33, + 0x7a, 0x9b, 0x0a, 0x6d, 0x27, 0xe3, 0x37, 0xb0, + 0xb2, 0x39, 0x3e, 0x7a, 0x08, 0xc6, 0x57, 0xae, + 0xed, 0xeb, 0x83, 0xb1, 0x93, 0x4e, 0xd4, 0x82, + 0x79, 0x24, 0xf3, 0x70, 0x1b, 0x56, 0x9e, 0x5d, + 0x31, 0x11, 0x3a, 0x4c, 0xb5, 0x9f, 0xfe, 0x41, + 0x5f, 0x2f, 0x7f, 0x60, 0x72, 0x34, 0xbb, 0xa0, + 0xea, 0x54, 0x89, 0x59, 0xf6, 0x75, 0x18, 0x6e, + 0x33, 0xc5, 0xe8, 0x1d, 0xae, 0x0a, 0x40, 0x31, + 0x3d, 0xa5, 0x4e, 0x24, 0x6f, 0x8a, 0x2d, 0x77, + 0x70, 0xe2, 0xc9, 0x21, 0x82, 0x5d, 0x79, 0xb8, + 0xe7, 0xcf, 0x16, 0xd0, 0xdd, 0x1a, 0x43, 0x5b, + 0x21, 0x8b, 0x77, 0x9d, 0x72, 0x35, 0xd8, 0x35, + 0xcc, 0xbc, 0xb0, 0xf0, 0xeb, 0x79, 0x26, 0xe4, + 0xbf, 0xce, 0x37, 0x31, 0xe5, 0x1a, 0xf1, 0x6c, + 0xad, 0xae, 0xca, 0x7c, 0xe3, 0x62, 0x23, 0xcb, + 0x94, 0x43, 0xe3, 0x2d, 0xe4, 0x26, 0xef, 0xe8, + 0xb1, 0xe0, 0x7b, 0xe2, 0x81, 0x39, 0xa3, 0xb3, + 0x4b, 0x1b, 0x0e, 0xfb, 0x0f, 0xc7, 0xb5, 0x5f, + 0x56, 0x0d, 0xfb, 0x22, 0x05, 0xc2, 0xe0, 0x67, + 0xfb, 0x82, 0xe2, 0x94, 0x62, 0x64, 0xa0, 0x5e, + 0xa7, 0xaa, 0xf5, 0x25, 0xba, 0x20, 0x71, 0xb7, + 0xd1, 0xf0, 0x3a, 0xe6, 0xe1, 0x79, 0x14, 0xc3, + 0x36, 0x0c, 0xd3, 0x25, 0xee, 0x57, 0x67, 0xdc, + 0x7f, 0x6b, 0x27, 0x6e, 0x97, 0x50, 0xc8, 0x31, + 0x44, 0x2a, 0x04, 0x14, 0x3e, 0xd8, 0xfa, 0xed, + 0x4c, 0xa8, 0x29, 0x28, 0xe7, 0xae, 0x27, 0x57, + 0x89, 0x5a, 0x83, 0x18, 0x7e, 0x37, 0x0f, 0xfa, + 0x1e, 0x94, 0x6c, 0x18, 0xca, 0x6a, 0x2c, 0x75, + 0x35, 0x6b, 0x6a, 0x7a, 0x61, 0xcf, 0x6b, 0x6c, + 0x40, 0x21, 0x8a, 0x6b, 0xd5, 0x92, 0xf8, 0x90, + 0x4c, 0x8b, 0xbb, 0x48, 0x1d, 0x54, 0x51, 0xe0, + 0x4a, 0x62, 0x6a, 0x73, 0x32, 0xb2, 0xf9, 0x52, + 0x3d, 0x0b, 0xe7, 0xf1, 0x72, 0x75, 0x9d, 0x7f, + 0xf1, 0xf8, 0xb0, 0x9f, 0x1b, 0x71, 0x4c, 0x4e, + 0x55, 0xac, 0x5f, 0x12, 0x4e, 0xf8, 0x2e, 0x02, + 0xae, 0xad, 0xd7, 0x2f, 0x47, 0x70, 0x7c, 0x8e, + 0x5f, 0x6d, 0xdf, 0x32, 0x37, 0xc9, 0x96, 0x32, + 0x69, 0x8e, 0x94, 0x2a, 0xc8, 0x9a, 0x00, 0x2d, + 0x57, 0xec, 0x53, 0x9c, 0x8b, 0x8f, 0x84, 0x6c, + 0xc1, 0x35, 0xc8, 0x9b, 0x36, 0x1c, 0x55, 0x54, + 0xaf, 0xfd, 0x99, 0x50, 0x10, 0x9e, 0x80, 0xd3, + 0xd6, 0xfa, 0x6f, 0x89, 0x0a, 0xad, 0xdf, 0x97, + 0x3e, 0xae, 0x85, 0xb9, 0xe9, 0x36, 0xc2, 0x6a, + 0x62, 0xee, 0xd4, 0xf0, 0x1f, 0x76, 0x97, 0x4b, + 0xec, 0x8c, 0xb4, 0x93, 0x3e, 0x29, 0xe1, 0x02, + 0xdd, 0x4f, 0x93, 0xcf, 0xee, 0x4a, 0xfc, 0x9d, + 0xbd, 0xc0, 0xc7, 0xa5, 0xf1, 0x18, 0x02, 0xbb, + 0xd9, 0xda, 0xda, 0x75, 0x57, 0x42, 0xc1, 0x6e, + 0x7e, 0x2e, 0x4a, 0xa7, 0xdc, 0x30, 0xe6, 0x8b, + 0x7b, 0xd9, 0x96, 0x90, 0x30, 0x59, 0xe9, 0x8f, + 0xc7, 0xdf, 0xdb, 0xe4, 0x1a, 0x95, 0xda, 0xc6, + 0x12, 0x5c, 0x9f, 0x8e, 0xf1, 0x5b, 0xf0, 0xda, + 0xde, 0xe3, 0xad, 0xba, 0x32, 0x9a, 0xbf, 0x21, + 0xda, 0xae, 0x97, 0x3b, 0x7c, 0xc8, 0x6d, 0x25, + 0x43, 0xdc, 0x5d, 0xf6, 0xf7, 0xf5, 0xb4, 0xde, + 0x93, 0x0d, 0xef, 0x05, 0x8b, 0xcd, 0xf4, 0x03, + 0xcd, 0x00, 0x22, 0x6a, 0xd0, 0x3c, 0x50, 0x76, + 0x60, 0x3a, 0x40, 0x3c, 0x8d, 0xc8, 0xa3, 0x6d, + 0x0e, 0x1e, 0x61, 0xb8, 0x28, 0x12, 0x6e, 0x53, + 0xbf, 0xbd, 0x64, 0x81, 0x9c, 0x7e, 0x37, 0xc4, + 0x3b, 0x40, 0xa6, 0x99, 0x2a, 0x9c, 0xe1, 0xcc, + 0x95, 0xd6, 0x83, 0x49, 0x4d, 0x30, 0x85, 0xa4, + 0xbb, 0x1c, 0xed, 0xca, 0xa8, 0xf8, 0x96, 0x48, + 0x42, 0x98, 0xde, 0x14, 0x4a, 0x46, 0x16, 0x3d, + 0xd1, 0xb7, 0x14, 0xb2, 0x0a, 0xb1, 0x98, 0x5c, + 0x1e, 0xa4, 0xc4, 0x51, 0x70, 0xd8, 0x57, 0x14, + 0x41, 0x8f, 0x32, 0xf1, 0xb6, 0x9d, 0xcc, 0xce, + 0x3f, 0x5d, 0xcf, 0x4e, 0x4b, 0xcc, 0x81, 0xba, + 0x17, 0x68, 0xa8, 0xed, 0xfc, 0xad, 0xd8, 0xc1, + 0xd3, 0x52, 0xd7, 0xe9, 0x04, 0x1b, 0xca, 0xe8, + 0x21, 0x66, 0xac, 0x45, 0x3f, 0x58, 0x7f, 0xaf, + 0x06, 0x5d, 0x1a, 0xe1, 0x06, 0xe2, 0xbd, 0x7d, + 0xcc, 0x96, 0x3a, 0xef, 0xde, 0x83, 0xe5, 0xb3, + 0x74, 0x40, 0x42, 0xca, 0x28, 0xbb, 0xa7, 0xbf, + 0x6c, 0x3a, 0x6b, 0x9d, 0xf5, 0x93, 0xdd, 0x09, + 0x49, 0xdf, 0xb2, 0xc9, 0x01, 0x59, 0xf2, 0x50, + 0x00, 0x99, 0xe0, 0x88, 0x3d, 0x1a, 0x45, 0x9e, + 0x62, 0xa7, 0x1e, 0xcb, 0x91, 0x65, 0x4b, 0x79, + 0x7f, 0x0d, 0xb1, 0xb0, 0x35, 0xaa, 0x27, 0xaa, + 0xaa, 0x76, 0x00, 0x59, 0xf2, 0xe5, 0x4f, 0x69, + 0x38, 0x00, 0x6c, 0xfd, 0xcf, 0x12, 0x43, 0x6a, + 0x6b, 0x75, 0x10, 0x5a, 0x8b, 0x34, 0x68, 0xb7, + 0x5a, 0xca, 0x41, 0x34, 0x51, 0x0e, 0x64, 0x11, + 0x0e, 0x78, 0xdf, 0x1d, 0x15, 0xd9, 0xd2, 0x8c, + 0x60, 0xae, 0x52, 0x76, 0x34, 0x4e, 0xf3, 0x54, + 0x72, 0x70, 0x04, 0xdf, 0xd3, 0x0a, 0xe6, 0xa4, + 0x80, 0x18, 0x46, 0x1f, 0x56, 0xb2, 0x5c, 0x57, + 0x8a, 0x35, 0x96, 0xd4, 0x42, 0x28, 0xd1, 0x01, + 0x28, 0xf6, 0x1a, 0xa6, 0x05, 0x79, 0xe4, 0xf3, + 0x4e, 0xd8, 0xb2, 0x88, 0xa5, 0x15, 0xdf, 0x0a, + 0xea, 0x48, 0x0b, 0x81, 0x9d, 0xa6, 0xe2, 0xc6, + 0x18, 0xa2, 0xc6, 0xc6, 0x1f, 0x19, 0x08, 0xb8, + 0x3f, 0x90, 0xfd, 0xe1, 0x07, 0x0c, 0x4d, 0xdf, + 0x72, 0x4d, 0xf9, 0xa8, 0xe8, 0x19, 0x57, 0x45, + 0xd3, 0x81, 0xb0, 0xc6, 0x53, 0x7d, 0xc3, 0xfc, + 0x82, 0xee, 0xb0, 0x00, 0x11, 0x5b, 0xf7, 0x60, + 0x51, 0x37, 0x6c, 0xca, 0x6a, 0x83, 0xbf, 0xea, + 0x75, 0x95, 0x9e, 0xf0, 0x19, 0x5d, 0x25, 0x45, + 0x97, 0xf4, 0x1b, 0x89, 0x4c, 0x19, 0xc0, 0x98, + 0xb4, 0x9d, 0xb9, 0xa4, 0xab, 0x24, 0x55, 0xc9, + 0x7a, 0x49, 0x5b, 0x8b, 0x8c, 0xd1, 0x48, 0x9f, + 0xae, 0x0a, 0x5e, 0x95, 0x2d, 0x10, 0x2d, 0x3e, + 0x82, 0x07, 0x45, 0x0b, 0x16, 0x2d, 0xe2, 0xa9, + 0x4c, 0x8d, 0x93, 0xc9, 0x18, 0x87, 0xab, 0x5d, + 0x29, 0xa2, 0x77, 0x44, 0xee, 0x65, 0xce, 0x4b, + 0x3a, 0x78, 0xbd, 0x9c, 0xd2, 0x37, 0x30, 0x0a, + 0xaf, 0xc5, 0x74, 0x38, 0xf8, 0x2d, 0x51, 0x51, + 0xa0, 0x6c, 0xe8, 0x52, 0x18, 0x3a, 0x4c, 0x3c, + 0xf9, 0x38, 0x40, 0xa7, 0x8c, 0x81, 0x64, 0x40, + 0xd2, 0xcc, 0xc2, 0x06, 0x97, 0x01, 0x2e, 0xaf, + 0x64, 0xcf, 0xe6, 0x5a, 0x0b, 0x1b, 0x93, 0x15, + 0x31, 0xa5, 0xf7, 0x2a, 0xef, 0x0d, 0x9e, 0x42, + 0x82, 0x81, 0x41, 0xce, 0x8e, 0xbc, 0x9c, 0x6c, + 0xb2, 0x32, 0xf9, 0x99, 0xcf, 0x5a, 0x24, 0x5d, + 0x9a, 0x7e, 0xe9, 0xa1, 0x59, 0x19, 0xaa, 0x08, + 0x86, 0x49, 0x4a, 0x59, 0x0b, 0x82, 0x4a, 0xf9, + 0x89, 0x1a, 0x2e, 0xe5, 0x57, 0x50, 0x20, 0x2c, + 0xac, 0x99, 0x39, 0xde, 0x0b, 0x9e, 0x69, 0x47, + 0xa6, 0x3d, 0x03, 0x4f, 0xb2, 0x61, 0x4d, 0xe8, + 0x2d, 0x0b, 0x86, 0x7a, 0x25, 0x1d, 0x0c, 0x59, + 0x25, 0x44, 0xbc, 0xc9, 0x08, 0x9b, 0x8f, 0xa5, + 0x2b, 0xfc, 0x80, 0xd5, 0xc3, 0x3f, 0x47, 0x2a, + 0xa7, 0xda, 0xfe, 0x40, 0xa8, 0x06, 0x46, 0x24, + 0xda, 0x84, 0xa0, 0x3e, 0x4c, 0x2b, 0x03, 0x81, + 0x90, 0x4e, 0x72, 0x27, 0x96, 0x76, 0xe4, 0x52, + 0xd1, 0xb9, 0x57, 0xab, 0x62, 0x17, 0x28, 0xca, + 0x08, 0x2c, 0x8b, 0x13, 0x7e, 0x1e, 0x41, 0xfa, + 0x5c, 0x33, 0x12, 0x4d, 0xc5, 0x91, 0x40, 0xba, + 0x96, 0x10, 0x87, 0xfa, 0xee, 0xb8, 0xff, 0x09, + 0x85, 0x46, 0x00, 0xe9, 0x4d, 0x08, 0xb6, 0x19, + 0x73, 0xc0, 0x5e, 0x35, 0xf7, 0x4a, 0x2e, 0x7f, + 0x26, 0xe8, 0xdd, 0x26, 0x33, 0x0b, 0xa0, 0xb5, + 0x3d, 0xf6, 0x04, 0xfb, 0x11, 0x4f, 0x78, 0x4f, + 0x5b, 0xa5, 0xaf, 0xc5, 0x5b, 0xab, 0x54, 0x35, + 0x63, 0x25, 0xd1, 0x66, 0x3b, 0x8f, 0x78, 0x3d, + 0x59, 0x19, 0xf2, 0x15, 0xd4, 0xa4, 0xd3, 0x77, + 0x50, 0x8c, 0x70, 0x52, 0x30, 0x63, 0xd6, 0x4f, + 0x88, 0x92, 0x79, 0x31, 0xa7, 0xbe, 0x09, 0xf2, + 0xb8, 0x41, 0x22, 0x37, 0x86, 0xd5, 0xf0, 0x81, + 0x75, 0x03, 0xca, 0x09, 0x98, 0x45, 0xae, 0xf7, + 0x60, 0x4e, 0x5f, 0xf4, 0xc3, 0xc2, 0xfc, 0xde, + 0x23, 0x22, 0xc4, 0x28, 0xe2, 0x0c, 0x6c, 0xb9, + 0x45, 0xd9, 0x19, 0x64, 0xab, 0xff, 0x20, 0x7f, + 0xe2, 0xee, 0x3f, 0xd1, 0x90, 0xf5, 0xad, 0xb8, + 0xc9, 0xa8, 0xe3, 0xf9, 0x56, 0x08, 0x4a, 0x77, + 0x6d, 0x9d, 0x87, 0xcd, 0xb6, 0x13, 0x38, 0x2b, + 0x23, 0x66, 0xbf, 0x12, 0x7e, 0xe7, 0x8a, 0xc8, + 0x4a, 0x45, 0xf3, 0xfa, 0xbe, 0xc8, 0x67, 0x16, + 0x3d, 0xb6, 0x0b, 0x61, 0x48, 0xb4, 0x44, 0xfa, + 0xbd, 0x50, 0x93, 0x0e, 0x93, 0x90, 0x42, 0xb3, + 0x3d, 0x9e, 0xf1, 0xc7, 0x57, 0x5b, 0x22, 0x38, + 0x11, 0xc5, 0x9f, 0x58, 0x5d, 0xd9, 0x17, 0x42, + 0xae, 0xa7, 0xec, 0xdc, 0xde, 0xa7, 0xce, 0x39, + 0x73, 0x75, 0xcc, 0x50, 0x94, 0xfb, 0x3c, 0x57, + 0xd8, 0xba, 0xaa, 0x8d, 0xc4, 0x90, 0x81, 0x09, + 0x74, 0x91, 0x08, 0xab, 0xb4, 0x2b, 0xf4, 0xa8, + 0xe3, 0xe1, 0xa1, 0x76, 0x88, 0x32, 0x8f, 0xbe, + 0xfe, 0x87, 0x08, 0x8c, 0x39, 0x77, 0x3f, 0x35, + 0x53, 0x1e, 0x9d, 0xda, 0x64, 0xb6, 0x17, 0x65, + 0xcf, 0xfc, 0xc9, 0xf6, 0x9b, 0xd7, 0xf0, 0x26, + 0x67, 0xbc, 0xa1, 0x04, 0x5c, 0x41, 0xf1, 0xf3, + 0xcb, 0xb8, 0x90, 0x09, 0x80, 0x53, 0xb3, 0xca, + 0x2a, 0xa1, 0x8c, 0xd5, 0xbf, 0xa5, 0xab, 0xea, + 0xab, 0x41, 0xb4, 0x98, 0x8f, 0xd4, 0x3a, 0x28, + 0x1b, 0x6d, 0x27, 0x5a, 0xbc, 0x0f, 0x57, 0x5f, + 0x26, 0x13, 0xf8, 0x7c, 0x3c, 0xdf, 0x72, 0xd2, + 0xc8, 0xab, 0xfa, 0xd5, 0xa7, 0x3c, 0x00, 0x3e, + 0x79, 0x3c, 0xf0, 0x15, 0x3a, 0x16, 0x7f, 0x7e, + 0xca, 0xfa, 0x59, 0x27, 0x70, 0x81, 0xbf, 0xdb, + 0x68, 0xc0, 0xd3, 0x73, 0x40, 0x7c, 0x01, 0xf4, + 0xaf, 0x95, 0x73, 0x6f, 0x02, 0xab, 0x0b, 0x61, + 0x2c, 0xd2, 0xa5, 0x64, 0x65, 0xba, 0x6c, 0xec, + 0xc4, 0xc3, 0x5c, 0x67, 0xba, 0x80, 0xdc, 0x99, + 0x2e, 0xfd, 0x55, 0xfd, 0xb2, 0x47, 0x5b, 0xa5, + 0xa8, 0x7d, 0x71, 0x20, 0x03, 0x1d, 0xda, 0x01, + 0x9e, 0x4a, 0x8e, 0xdc, 0xe4, 0xe1, 0xef, 0x6c, + 0x33, 0xca, 0x15, 0x6b, 0x0d, 0x37, 0xec, 0x76, + 0xa6, 0xb4, 0x41, 0x78, 0x2d, 0x98, 0xfa, 0x52, + 0x48, 0x5b, 0x76, 0x3f, 0x6f, 0x69, 0xa8, 0x0b, + 0xeb, 0x2b, 0x08, 0xab, 0x78, 0x13, 0x28, 0x18, + 0xb3, 0x29, 0xc9, 0x92, 0x46, 0x74, 0x10, 0xf0, + 0xd9, 0x8e, 0x75, 0x16, 0x2e, 0x47, 0x42, 0x9c, + 0xb0, 0x69, 0x42, 0x50, 0x39, 0x05, 0xda, 0x9e, + 0x09, 0xad, 0x0a, 0xb0, 0xf7, 0xd1, 0xb5, 0x79, + 0xff, 0x48, 0x92, 0xfc, 0x1e, 0x0e, 0xfe, 0x7b, + 0xa9, 0x2a, 0xbb, 0x6e, 0x9d, 0x75, 0xa7, 0x1d, + 0xaf, 0x4a, 0x2b, 0x9b, 0xb0, 0x2d, 0xb2, 0x17, + 0x1c, 0xad, 0x3f, 0xc7, 0xb4, 0x05, 0x0e, 0xe6, + 0xec, 0x59, 0xb0, 0x0d, 0x6e, 0xc0, 0x4d, 0xb4, + 0x4c, 0xe0, 0x48, 0xee, 0xeb, 0x34, 0x0a, 0x8b, + 0xe4, 0x8e, 0xce, 0xad, 0xac, 0x39, 0xf4, 0xa9, + 0x95, 0xf9, 0x8e, 0xb8, 0x21, 0x0d, 0xe0, 0x46, + 0xcc, 0x1c, 0x82, 0x4d, 0x12, 0x79, 0xc4, 0xf3, + 0xc1, 0x08, 0x81, 0xf9, 0xc5, 0x8b, 0x6f, 0x79, + 0xc1, 0xfd, 0x81, 0x6f, 0x66, 0x1a, 0x26, 0x7a, + 0x94, 0x56, 0x38, 0x1c, 0x47, 0x75, 0x74, 0xa1, + 0x63, 0x5a, 0x4c, 0x2f, 0x29, 0x47, 0x86, 0x0a, + 0x2d, 0x8e, 0xbc, 0x01, 0x1a, 0xf0, 0x58, 0xa9, + 0xaa, 0xbd, 0x89, 0xeb, 0x0d, 0xf0, 0x5d, 0x0c, + 0x65, 0xb5, 0x43, 0x93, 0x8d, 0x49, 0x5d, 0xe8, + 0x69, 0x7d, 0x71, 0xfb, 0xb7, 0xfa, 0x7e, 0x42, + 0x71, 0x8e, 0x68, 0x94, 0xcb, 0xe3, 0x8f, 0x28, + 0xfc, 0x4b, 0xea, 0x1a, 0xbc, 0x7c, 0x5d, 0x28, + 0xc2, 0xdc, 0x88, 0xbb, 0x91, 0xd5, 0x14, 0x2f, + 0xa9, 0x89, 0x6b, 0xe2, 0xfa, 0x55, 0x3e, 0xd6, + 0xe2, 0xbc, 0x4a, 0x0b, 0x9c, 0xc0, 0x59, 0xfb, + 0xc8, 0xb7, 0x98, 0xef, 0x63, 0x6d, 0x2b, 0xb2, + 0x7e, 0x8e, 0x31, 0x82, 0x98, 0x91, 0x26, 0x81, + 0x56, 0x27, 0x80, 0x29, 0x63, 0xa5, 0xa8, 0x59, + 0x31, 0x20, 0x98, 0x12, 0x13, 0xc8, 0x4e, 0xac, + 0x98, 0xac, 0x26, 0xe7, 0x7e, 0x37, 0x4d, 0x18, + 0x29, 0xd4, 0x13, 0x66, 0x4b, 0xd3, 0x4c, 0x74, + 0x08, 0x8d, 0x34, 0x65, 0xfe, 0x80, 0x7e, 0xe4, + 0x3d, 0x25, 0x86, 0xf7, 0xf3, 0xb8, 0xbf, 0x22, + 0x92, 0x5f, 0x21, 0xc2, 0xbe, 0x92, 0x22, 0x52, + 0xac, 0x27, 0xc0, 0xf7, 0xa9, 0xbc, 0xa8, 0xea, + 0xda, 0x9f, 0xf2, 0xb9, 0x4c, 0xf6, 0x8a, 0x6e, + 0xb9, 0xa6, 0x4b, 0x05, 0xd6, 0xf4, 0x5f, 0x48, + 0xcd, 0xbf, 0xfb, 0x55, 0xd2, 0x2f, 0x15, 0x7b, + 0x3d, 0x61, 0x88, 0xcf, 0x32, 0x3f, 0xc2, 0x45, + 0x34, 0x3a, 0xb6, 0xbe, 0xef, 0x6d, 0xa2, 0x29, + 0xe6, 0xb4, 0x49, 0x1a, 0xea, 0xe7, 0x80, 0xee, + 0x15, 0xcf, 0xc1, 0x1c, 0xd3, 0x1b, 0x88, 0x6b, + 0xd8, 0x84, 0x33, 0x05, 0xf4, 0xeb, 0xd9, 0x74, + 0x19, 0x81, 0x1e, 0xe6, 0x06, 0xe5, 0x20, 0x67, + 0x00, 0x10, 0x1c, 0x65, 0x8a, 0x9a, 0xd2, 0xd8, + 0xeb, 0xff, 0x2b, 0x53, 0x6a, 0x91, 0xc7, 0xd1, + 0x16, 0x2c, 0x48, 0x92, 0xb2, 0xbd, 0xe4, 0x08, + 0x3e, 0x90, 0xd8, 0xf4, 0x14, 0x37, 0x38, 0x64, + 0x81, 0xb7, 0x0f, 0x4e, 0x5d, 0x78, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, + 0x10, 0x17, 0x1c, 0x22, 0x26 + }; + /* Expected signature with context from gist record 1 (ctxLen=33), 3309 bytes */ + static const byte sig_65_ctx33[] = { + 0x10, 0x44, 0x31, 0xe7, 0x50, 0xdb, 0xef, 0x67, + 0xf5, 0x2d, 0xa2, 0xab, 0x2d, 0x0f, 0x2d, 0xa3, + 0x32, 0x94, 0x27, 0x77, 0x42, 0xb6, 0x9d, 0xda, + 0x7d, 0x66, 0x82, 0xc8, 0x6c, 0xf8, 0x23, 0x5e, + 0x6a, 0x61, 0x87, 0x3f, 0x18, 0xab, 0xf9, 0xa2, + 0xc8, 0xc7, 0xd9, 0x51, 0x86, 0xb3, 0x2f, 0xb8, + 0xac, 0x5d, 0xbf, 0x7b, 0x0a, 0x6c, 0xd8, 0x29, + 0x8b, 0x6e, 0x94, 0xea, 0x27, 0x54, 0x90, 0x35, + 0x55, 0x5f, 0xb1, 0x26, 0xfb, 0x74, 0xb7, 0x07, + 0x7c, 0xb1, 0x6a, 0xa7, 0xa6, 0xcd, 0xa5, 0xfd, + 0x8c, 0xc2, 0x50, 0x51, 0x6c, 0xe7, 0x24, 0xd3, + 0xa4, 0x22, 0xda, 0xec, 0x2b, 0xec, 0xce, 0xae, + 0x02, 0x68, 0x74, 0xed, 0x60, 0xf9, 0x8f, 0xb5, + 0x5b, 0xdd, 0x1b, 0xe0, 0x6f, 0x9e, 0xb6, 0x28, + 0x7f, 0xe4, 0xb5, 0x3b, 0xbe, 0x28, 0xb6, 0x1f, + 0xf4, 0x00, 0xc7, 0xb9, 0x9a, 0xba, 0xd4, 0xa8, + 0x4c, 0x72, 0xfc, 0xd2, 0x5f, 0x1f, 0x54, 0x4f, + 0xb6, 0x08, 0xbc, 0xe7, 0xf0, 0xb1, 0xc6, 0xa9, + 0x04, 0xad, 0xe1, 0xdc, 0x71, 0x2b, 0x66, 0xec, + 0x6c, 0xfe, 0x9f, 0x80, 0xdd, 0xfe, 0xdd, 0xa2, + 0x39, 0x20, 0x1f, 0x80, 0xb4, 0x8b, 0xe0, 0xb0, + 0x7d, 0xf0, 0x3e, 0x32, 0x25, 0x94, 0x44, 0x97, + 0x71, 0xb4, 0x9a, 0x01, 0x11, 0x78, 0xcf, 0xf6, + 0x0c, 0x13, 0x13, 0x6f, 0x3f, 0x25, 0xc8, 0x09, + 0x32, 0x44, 0x06, 0x1a, 0xd0, 0xce, 0x94, 0x83, + 0x80, 0xa9, 0xfc, 0xc2, 0x23, 0x67, 0xfb, 0x55, + 0xdd, 0x33, 0x6d, 0x82, 0xa8, 0x15, 0x8e, 0xc7, + 0x58, 0x22, 0xad, 0xbf, 0x9d, 0x1f, 0x57, 0x81, + 0xe1, 0x81, 0x62, 0x29, 0x37, 0xc7, 0xfb, 0x9b, + 0xae, 0x06, 0x6c, 0x15, 0x9c, 0x49, 0xcd, 0x49, + 0xc3, 0xc1, 0xb7, 0xe9, 0xf7, 0x1c, 0x46, 0x23, + 0xa8, 0xc3, 0xbb, 0xc9, 0x4a, 0xc4, 0xc6, 0x8f, + 0x09, 0xa1, 0x49, 0x8b, 0xba, 0x49, 0xfa, 0x1c, + 0x62, 0x4b, 0x3e, 0x33, 0x8f, 0x66, 0x18, 0x23, + 0xf4, 0xa7, 0x94, 0xc8, 0x04, 0xe9, 0x7d, 0x90, + 0xf1, 0xa9, 0x6b, 0x55, 0xcb, 0x92, 0xb3, 0xf0, + 0x2b, 0x21, 0xc0, 0xb3, 0xc4, 0xba, 0xc7, 0x12, + 0xe7, 0x2e, 0x48, 0xda, 0x18, 0xf9, 0x31, 0xb8, + 0xc0, 0x85, 0x55, 0xb6, 0x18, 0x37, 0xc6, 0x29, + 0x24, 0x37, 0x86, 0x29, 0xe4, 0x48, 0x31, 0x54, + 0xb2, 0x87, 0x57, 0x62, 0x7d, 0xee, 0xde, 0x01, + 0xe0, 0x75, 0x04, 0x3a, 0x28, 0xb3, 0x4c, 0x7d, + 0x28, 0xfd, 0x3c, 0x75, 0x96, 0x74, 0xaf, 0xd1, + 0x25, 0x5b, 0x4a, 0xb8, 0x44, 0xce, 0xdb, 0x00, + 0xf1, 0x86, 0x64, 0xff, 0xb0, 0x0e, 0x3e, 0x2b, + 0x08, 0x27, 0x20, 0x19, 0xa4, 0x81, 0x94, 0x44, + 0x1d, 0xee, 0x20, 0xe6, 0xa8, 0x8f, 0x8f, 0x69, + 0xa9, 0x3e, 0x70, 0x00, 0x1b, 0x58, 0xe8, 0x59, + 0x5b, 0xf3, 0x72, 0xd2, 0xd4, 0x1a, 0x31, 0x88, + 0xec, 0x73, 0x92, 0x26, 0xb0, 0x85, 0x97, 0xa4, + 0xbf, 0x05, 0xa1, 0x6e, 0xc9, 0xd1, 0xb8, 0x75, + 0xd1, 0x61, 0x40, 0x63, 0x6a, 0x22, 0x06, 0xff, + 0x1f, 0x3a, 0x37, 0x57, 0x87, 0xe9, 0x07, 0x1a, + 0xd8, 0x15, 0x04, 0xd4, 0x7f, 0x3c, 0xfb, 0x35, + 0x46, 0x69, 0x37, 0xbb, 0x95, 0xe4, 0x36, 0x4e, + 0x8f, 0x48, 0x48, 0x43, 0xdc, 0x8b, 0xe5, 0xea, + 0x3e, 0x09, 0x7b, 0xf0, 0xd2, 0x1d, 0x2a, 0x76, + 0x97, 0xbd, 0x2c, 0xca, 0x81, 0x5e, 0xdd, 0x69, + 0x98, 0xc6, 0x1b, 0xcc, 0xee, 0xb0, 0x62, 0x57, + 0x03, 0x2e, 0x35, 0x15, 0x51, 0x60, 0x7f, 0x0b, + 0xd4, 0x8d, 0xa2, 0xf6, 0xc2, 0x24, 0xc7, 0xfb, + 0xb8, 0xb6, 0xa4, 0xc3, 0x5c, 0x6c, 0x51, 0x72, + 0x9e, 0xbf, 0x60, 0x33, 0x56, 0x1e, 0x70, 0xd1, + 0x36, 0x22, 0xb1, 0x6e, 0xbf, 0x11, 0x1a, 0xd6, + 0x2e, 0x91, 0xd0, 0x7a, 0x61, 0x7a, 0x9b, 0x8c, + 0x95, 0xa9, 0x88, 0x7d, 0x63, 0xfd, 0x02, 0x86, + 0xc0, 0xf1, 0x99, 0xd7, 0xaa, 0x02, 0xad, 0x3d, + 0x50, 0xd6, 0x01, 0xbf, 0x38, 0x7c, 0xd5, 0x1a, + 0x64, 0x79, 0xb2, 0xf7, 0xd5, 0xe7, 0x9f, 0x7f, + 0x9e, 0xc5, 0x3c, 0x5b, 0x1a, 0x35, 0xb2, 0xf6, + 0xa2, 0xb2, 0xcb, 0x2c, 0x49, 0x6f, 0xaa, 0x80, + 0x08, 0xb7, 0x60, 0xc9, 0x1a, 0xda, 0xf5, 0x7a, + 0x4b, 0x09, 0x2b, 0xff, 0xce, 0x52, 0x2f, 0xe0, + 0x4c, 0xd1, 0xbe, 0x16, 0x57, 0xc6, 0x13, 0x3b, + 0x3c, 0x67, 0xbd, 0x0f, 0xfa, 0x03, 0xdd, 0xe4, + 0x3c, 0xcb, 0xca, 0xc4, 0x4a, 0x13, 0x6b, 0xf5, + 0xc3, 0x17, 0x9c, 0x9a, 0x13, 0x16, 0x11, 0x48, + 0xed, 0xa2, 0x14, 0x96, 0xeb, 0x34, 0xf4, 0x04, + 0x97, 0x40, 0xee, 0x19, 0x8a, 0xa7, 0xe9, 0x45, + 0x18, 0x89, 0x96, 0x66, 0x28, 0xa1, 0xca, 0xc9, + 0x1e, 0xfe, 0x26, 0x66, 0xd3, 0x41, 0x0e, 0x0a, + 0x58, 0x94, 0x2e, 0xab, 0x3e, 0xef, 0x6a, 0xd6, + 0x14, 0x63, 0xe9, 0x90, 0x1c, 0x4c, 0x4e, 0xd5, + 0xf7, 0x11, 0x68, 0x5e, 0xde, 0xf5, 0x23, 0x0f, + 0xcf, 0x91, 0xa4, 0x39, 0x61, 0xbe, 0x26, 0x77, + 0xfa, 0xbb, 0xe2, 0xca, 0xea, 0x00, 0xbb, 0xb2, + 0x2d, 0x9e, 0x20, 0xaf, 0xb1, 0x43, 0x4e, 0xf2, + 0x5e, 0x77, 0x4d, 0x2c, 0x77, 0x2a, 0xac, 0x7e, + 0x66, 0x9f, 0xb7, 0xc3, 0x11, 0x61, 0x07, 0x07, + 0xfe, 0xec, 0xbe, 0xf6, 0x36, 0xce, 0xad, 0xc5, + 0x74, 0x63, 0xca, 0xe9, 0xd1, 0x29, 0x0f, 0x3b, + 0xc5, 0x11, 0x65, 0x47, 0xa0, 0x75, 0xaa, 0xcd, + 0x37, 0xcd, 0x69, 0x88, 0x1f, 0xb0, 0xd8, 0x19, + 0x00, 0xcb, 0x17, 0xe9, 0x43, 0xc2, 0x5c, 0x69, + 0xe0, 0x0f, 0x0f, 0x72, 0x54, 0xf2, 0xff, 0x16, + 0x87, 0x6a, 0x64, 0xcb, 0x10, 0x28, 0xf9, 0x14, + 0x81, 0x7b, 0x2d, 0x23, 0xb8, 0xc5, 0xce, 0x4c, + 0x83, 0xfa, 0xd8, 0xcf, 0xb3, 0x32, 0x4e, 0xe6, + 0xa9, 0x27, 0x41, 0x04, 0x8f, 0x34, 0x14, 0xe5, + 0x2f, 0x4f, 0xfd, 0x82, 0x3f, 0x0a, 0xcd, 0x80, + 0x2a, 0xb3, 0x48, 0x3d, 0xa9, 0xa2, 0x3a, 0x8e, + 0x11, 0x60, 0x62, 0xf3, 0x2b, 0x7d, 0xc3, 0xdb, + 0x16, 0x02, 0x0f, 0xf3, 0xc4, 0x85, 0x46, 0x35, + 0xbc, 0xa8, 0x59, 0x7a, 0xd9, 0x0f, 0x6e, 0x4d, + 0x6a, 0x24, 0xe4, 0x29, 0x87, 0xb7, 0x6e, 0x3f, + 0x69, 0x0f, 0x08, 0x76, 0xd3, 0x24, 0x3b, 0x17, + 0x6c, 0x92, 0xfd, 0xb8, 0xeb, 0x25, 0x45, 0x18, + 0xf3, 0x1d, 0x14, 0xc3, 0x60, 0xd5, 0xd3, 0xe2, + 0xa8, 0x2b, 0x06, 0x74, 0xe1, 0xc3, 0x84, 0x8d, + 0xae, 0xa6, 0x0a, 0xca, 0x79, 0x07, 0xaa, 0x9e, + 0x65, 0xa2, 0xf1, 0xea, 0x29, 0x6a, 0xfd, 0xd7, + 0x38, 0x6a, 0x6b, 0x39, 0xb9, 0xd1, 0xe4, 0xfc, + 0x60, 0x4d, 0x1e, 0x48, 0x5f, 0x9f, 0xc7, 0xfe, + 0xe9, 0x42, 0xd0, 0x33, 0x60, 0xde, 0xda, 0x38, + 0x7b, 0x80, 0x04, 0x83, 0x56, 0x65, 0x54, 0x8b, + 0x69, 0x3a, 0xe4, 0x5b, 0x57, 0x53, 0x8b, 0x7a, + 0x9a, 0xd2, 0xe5, 0x00, 0x29, 0x7a, 0xa3, 0xf7, + 0x2b, 0xc6, 0x0a, 0xa9, 0x2d, 0x41, 0x85, 0x62, + 0xbf, 0x5e, 0x25, 0xae, 0x9b, 0xed, 0x3e, 0xc2, + 0x51, 0x26, 0xfa, 0x0c, 0xab, 0xbd, 0xa4, 0x74, + 0x55, 0x91, 0x99, 0xb7, 0xb2, 0xec, 0xa7, 0x83, + 0xe9, 0xb0, 0x31, 0x69, 0x4a, 0x4d, 0xd9, 0x4d, + 0x1f, 0xf9, 0x30, 0x7e, 0x1f, 0xdb, 0xa0, 0xc0, + 0x69, 0x78, 0xdc, 0x12, 0x22, 0xd2, 0x9d, 0xca, + 0x49, 0x2a, 0x78, 0xe9, 0x26, 0x54, 0x8c, 0xac, + 0xb1, 0x2b, 0x80, 0xf5, 0x76, 0x64, 0xdd, 0x1f, + 0xdf, 0x9d, 0x23, 0xa5, 0x87, 0xb4, 0x00, 0x7f, + 0x58, 0xd7, 0xfa, 0xd2, 0x90, 0x07, 0x3b, 0xe7, + 0x6a, 0xed, 0xa6, 0x6b, 0x57, 0xd3, 0x97, 0x7d, + 0x39, 0xf1, 0xa4, 0x69, 0x2e, 0x20, 0xe9, 0x0c, + 0xef, 0x50, 0xb5, 0x38, 0xb1, 0xa1, 0x6a, 0x2d, + 0xcf, 0xd1, 0xd7, 0x47, 0x87, 0x76, 0xfc, 0x22, + 0x35, 0xae, 0x34, 0xb1, 0x4b, 0x39, 0xe7, 0x26, + 0x09, 0xa7, 0xd1, 0xf1, 0xd3, 0xe4, 0x6b, 0x1a, + 0x14, 0x14, 0x30, 0x45, 0x59, 0x89, 0x02, 0x98, + 0x99, 0xbc, 0x2d, 0xcd, 0xc2, 0xe0, 0xf1, 0x5e, + 0xa4, 0x8e, 0xd5, 0xc6, 0x6a, 0xfb, 0xe8, 0x91, + 0x20, 0x56, 0xc8, 0x0c, 0x60, 0x89, 0xdd, 0x09, + 0x2d, 0xf7, 0x4c, 0x71, 0xba, 0x43, 0x13, 0x08, + 0x4a, 0xd6, 0x2a, 0x4a, 0xe7, 0x36, 0xcc, 0x7f, + 0xbf, 0x0a, 0x3b, 0x82, 0x11, 0xe8, 0xbe, 0x1e, + 0x8a, 0xab, 0x64, 0x72, 0xbf, 0xc0, 0xb9, 0x3d, + 0xfa, 0x17, 0x27, 0x28, 0x98, 0xd9, 0x97, 0xa3, + 0x7a, 0x92, 0x92, 0x59, 0xbb, 0xed, 0x96, 0x6b, + 0x69, 0x0e, 0x9f, 0xf0, 0xb0, 0x78, 0xb4, 0xc5, + 0x5b, 0x76, 0xc1, 0x4d, 0xf3, 0x02, 0x4d, 0x9c, + 0x2f, 0x2c, 0xf1, 0x8c, 0xea, 0x9f, 0x74, 0x7f, + 0xc0, 0x85, 0xa1, 0x78, 0xc0, 0xc8, 0x9e, 0x05, + 0xba, 0xcb, 0x5d, 0x24, 0x6c, 0xab, 0x4e, 0x1a, + 0x5e, 0xbe, 0x9f, 0xfc, 0xd1, 0x16, 0x1d, 0x75, + 0xeb, 0xf7, 0x0c, 0x6d, 0x0a, 0xe3, 0xe9, 0x39, + 0xca, 0x15, 0x10, 0xe1, 0xb3, 0x1f, 0x84, 0xc0, + 0x9c, 0x89, 0xe6, 0x42, 0x1d, 0x4d, 0xd1, 0xb7, + 0x86, 0xe9, 0x03, 0xa6, 0x01, 0x75, 0x22, 0x3d, + 0x6c, 0x11, 0x2c, 0xbe, 0x88, 0xba, 0xe5, 0xe5, + 0x73, 0x60, 0x4f, 0x8c, 0x9a, 0x0c, 0xf3, 0xcf, + 0x0f, 0xb3, 0x4e, 0x55, 0x25, 0xae, 0x86, 0x06, + 0x26, 0xe3, 0x72, 0x5a, 0x69, 0xc7, 0x0f, 0xff, + 0x25, 0xc7, 0xfd, 0x41, 0x7e, 0x67, 0x01, 0x21, + 0xf8, 0x12, 0x2e, 0x9b, 0x22, 0xf1, 0xd3, 0x0d, + 0xb9, 0x07, 0x9b, 0x9b, 0xe0, 0x68, 0xfb, 0x28, + 0xe0, 0x9f, 0xc7, 0x6f, 0xe9, 0x7f, 0xe2, 0x9d, + 0xe1, 0x5b, 0x51, 0x9c, 0xdd, 0xe5, 0xbf, 0x0c, + 0xc6, 0x05, 0x8e, 0xca, 0x54, 0x43, 0xac, 0x9e, + 0x40, 0x5d, 0x68, 0x9e, 0x32, 0x2e, 0x44, 0x1e, + 0xc1, 0xbf, 0x46, 0xd2, 0x00, 0x38, 0xff, 0x5b, + 0x69, 0xfc, 0xc2, 0x34, 0xb6, 0xcf, 0xf2, 0xd6, + 0x14, 0xef, 0x78, 0xa1, 0x6a, 0xf5, 0xee, 0x36, + 0x3f, 0xa6, 0x85, 0x85, 0x9b, 0x37, 0x48, 0x80, + 0xe0, 0x91, 0x89, 0x2d, 0x6d, 0x9f, 0xf9, 0x42, + 0xdc, 0x1a, 0xaf, 0x3e, 0xc6, 0xb6, 0xd7, 0xb9, + 0x2a, 0x4c, 0x5a, 0xd3, 0xac, 0x32, 0x9f, 0x4f, + 0xa0, 0xa6, 0x33, 0xa3, 0x3d, 0x98, 0x24, 0x91, + 0xe4, 0x09, 0xa4, 0x7f, 0x0b, 0x34, 0x7a, 0xfe, + 0xa1, 0xce, 0x6d, 0x9f, 0xd0, 0x32, 0x6a, 0x9a, + 0xb9, 0x01, 0x9a, 0x26, 0x56, 0x3c, 0x29, 0x61, + 0x9f, 0xde, 0xa7, 0xca, 0xfd, 0x1f, 0x3a, 0xb2, + 0x1e, 0xe0, 0x73, 0x7a, 0xac, 0x0f, 0x5f, 0xc7, + 0x10, 0xd3, 0x3f, 0xc9, 0xfa, 0x91, 0xa1, 0xe9, + 0xaa, 0x74, 0xc6, 0xd7, 0x73, 0x24, 0xb5, 0x3d, + 0x38, 0x20, 0xe8, 0xe0, 0x6e, 0xe7, 0x9b, 0x02, + 0x2d, 0x32, 0xef, 0x9e, 0xd5, 0xd0, 0xcc, 0x5a, + 0x23, 0xeb, 0xda, 0x44, 0x77, 0x2b, 0x95, 0x57, + 0xfd, 0xbd, 0x03, 0xc7, 0xbe, 0xa0, 0x01, 0x95, + 0xf6, 0x92, 0x0f, 0xe5, 0x1c, 0x2b, 0x83, 0x56, + 0xc6, 0xe1, 0x18, 0xcf, 0x7c, 0xc6, 0xd7, 0x87, + 0x8b, 0xc3, 0xbf, 0xc7, 0xca, 0xf4, 0x67, 0x62, + 0xb8, 0x38, 0xb0, 0x8c, 0x1d, 0x33, 0x39, 0x53, + 0x2d, 0xce, 0x89, 0x6f, 0xb7, 0xd7, 0xc6, 0xad, + 0x7e, 0x70, 0x27, 0x1d, 0x42, 0xe9, 0x21, 0xc1, + 0x48, 0x60, 0xbf, 0x78, 0x94, 0x35, 0x01, 0xb4, + 0xc1, 0x31, 0x6a, 0x82, 0x22, 0xcb, 0xf0, 0xd1, + 0x6e, 0xb1, 0x4b, 0xe5, 0x80, 0x57, 0x28, 0xb3, + 0xa5, 0x1b, 0x9d, 0x8b, 0xfd, 0x75, 0x1d, 0x89, + 0x67, 0xaf, 0x2b, 0xd0, 0x3f, 0xce, 0xdc, 0x2f, + 0x8b, 0x9f, 0xb9, 0x03, 0x13, 0x24, 0xbf, 0xbc, + 0x38, 0x50, 0x2d, 0xc2, 0x02, 0xd7, 0x7a, 0xaa, + 0x6d, 0x2c, 0xc1, 0x42, 0x5f, 0x1b, 0xb9, 0x85, + 0x54, 0x48, 0x68, 0x21, 0xfb, 0x12, 0x42, 0xdf, + 0x02, 0xb2, 0x46, 0x1c, 0xbd, 0x45, 0xa1, 0x02, + 0x19, 0x3d, 0x3b, 0x34, 0x92, 0x3d, 0xe2, 0xe9, + 0x0b, 0x73, 0x51, 0x37, 0x38, 0x93, 0x72, 0x62, + 0x01, 0x49, 0xa1, 0x95, 0xa0, 0x61, 0x47, 0xab, + 0x5b, 0xc9, 0x4c, 0xc7, 0x3b, 0x29, 0x65, 0xdf, + 0xe4, 0x01, 0x80, 0xa5, 0xe3, 0x80, 0x9a, 0xb9, + 0x68, 0x43, 0x56, 0x58, 0xd3, 0xd6, 0xf9, 0x47, + 0x8d, 0x59, 0x61, 0xa8, 0x78, 0xc4, 0xc5, 0x02, + 0x41, 0xc0, 0xbe, 0xdd, 0x3e, 0xbb, 0x17, 0x21, + 0x26, 0x0f, 0xed, 0xba, 0x2a, 0x35, 0xa3, 0x65, + 0xea, 0x48, 0xfa, 0xd6, 0x75, 0xb8, 0xad, 0xb7, + 0xf7, 0xff, 0x5e, 0x44, 0x83, 0x2a, 0xa3, 0x3d, + 0xa7, 0x12, 0xa7, 0xf9, 0x7d, 0xb0, 0x02, 0x5d, + 0x3c, 0xb2, 0x12, 0x12, 0x3b, 0x1d, 0x1c, 0x7c, + 0x0f, 0x86, 0xf3, 0xd6, 0x98, 0xb8, 0x4d, 0xea, + 0xfa, 0x8d, 0x92, 0x89, 0x78, 0xae, 0xbf, 0x7b, + 0xc0, 0x1c, 0xa4, 0xaa, 0xda, 0xd5, 0xda, 0x2c, + 0xcb, 0x82, 0xcd, 0x96, 0x37, 0x74, 0xb3, 0xca, + 0x65, 0x99, 0x3b, 0xfe, 0xbe, 0xf5, 0xcb, 0x6c, + 0x84, 0xcc, 0xc7, 0x9b, 0x49, 0xbb, 0x76, 0x70, + 0xa8, 0x8a, 0x66, 0xbd, 0xe1, 0xca, 0x1b, 0xbb, + 0xf7, 0x6c, 0x5d, 0x30, 0x3f, 0x91, 0xfc, 0xba, + 0x02, 0x88, 0xff, 0x45, 0x24, 0xb2, 0x53, 0x3e, + 0x1c, 0xf5, 0x22, 0xf1, 0xc1, 0xe7, 0x99, 0x24, + 0xb4, 0x8d, 0xcb, 0x0e, 0xea, 0xf7, 0xef, 0x4f, + 0x03, 0xf6, 0x44, 0xaa, 0x1f, 0xff, 0x70, 0xed, + 0x09, 0x77, 0xfc, 0x07, 0x4f, 0x1d, 0x85, 0xbb, + 0x19, 0x37, 0x04, 0x3a, 0x71, 0x12, 0x77, 0x93, + 0x1a, 0x2e, 0xab, 0x0b, 0xe7, 0x5c, 0x5b, 0x8a, + 0x6d, 0xc4, 0xa9, 0x73, 0x74, 0x5c, 0x2f, 0x96, + 0x5d, 0xbc, 0x62, 0xac, 0xb1, 0x51, 0xc8, 0x6f, + 0x4c, 0xfa, 0x2a, 0x01, 0xcb, 0x04, 0x3e, 0x6c, + 0x3b, 0x03, 0x61, 0x85, 0xd2, 0x1a, 0xdd, 0x6c, + 0xe5, 0x34, 0x64, 0x7f, 0xf2, 0xd8, 0x7d, 0xe8, + 0x22, 0xf4, 0x90, 0x37, 0xd6, 0xd1, 0xe3, 0x02, + 0xf0, 0x45, 0x58, 0x51, 0x29, 0xd2, 0xeb, 0x64, + 0xb1, 0x44, 0x37, 0xa2, 0x82, 0xda, 0xc9, 0x4d, + 0x28, 0xe6, 0xdc, 0xe6, 0xd0, 0x24, 0x8d, 0x81, + 0x92, 0x0d, 0x5f, 0xb5, 0x44, 0xe0, 0x48, 0x80, + 0x18, 0xde, 0x18, 0x90, 0x9d, 0xb9, 0xdf, 0x42, + 0x47, 0x1b, 0x5d, 0x23, 0x1f, 0x42, 0x5f, 0xc6, + 0x56, 0xb7, 0x50, 0xd4, 0x78, 0x0a, 0x1e, 0x70, + 0xd0, 0x5e, 0xd2, 0x5e, 0xd8, 0x20, 0x02, 0x2e, + 0xed, 0x16, 0xf8, 0x2c, 0x38, 0x32, 0x15, 0xa4, + 0x6d, 0xce, 0xd5, 0x34, 0x9e, 0xd1, 0xb2, 0x3f, + 0x3f, 0x2d, 0x8c, 0xe5, 0x54, 0x50, 0x4b, 0x5e, + 0xb3, 0x67, 0x4e, 0x6c, 0x7f, 0x9f, 0x10, 0xcc, + 0xd9, 0x7a, 0x38, 0xb1, 0x92, 0xda, 0x2c, 0x75, + 0x14, 0xa0, 0x51, 0x00, 0x5e, 0xf3, 0x05, 0xf1, + 0x66, 0xf9, 0xf3, 0x8d, 0x33, 0x44, 0xfd, 0x2a, + 0xaa, 0xfa, 0x6c, 0x08, 0x5f, 0x5b, 0x9e, 0x4f, + 0x53, 0x71, 0x21, 0xc5, 0xc0, 0x65, 0xf2, 0x19, + 0x69, 0x65, 0xd7, 0x72, 0x78, 0x3f, 0x03, 0xcb, + 0xae, 0x77, 0x3f, 0xbb, 0x3a, 0xeb, 0x42, 0x6b, + 0xf0, 0x6c, 0x94, 0xcd, 0x40, 0x3f, 0x3a, 0xd2, + 0xcf, 0xa3, 0x7e, 0x22, 0x31, 0x5c, 0x2f, 0x1b, + 0x6c, 0xc6, 0x2e, 0x84, 0xbd, 0x1a, 0xc9, 0xeb, + 0xe2, 0x9c, 0xc1, 0x9e, 0xb8, 0x0a, 0x35, 0x65, + 0xa7, 0x52, 0x14, 0x56, 0x79, 0x95, 0x1f, 0xaf, + 0xaf, 0x2d, 0xcb, 0x08, 0x6f, 0xcc, 0x17, 0x79, + 0x91, 0xba, 0x0c, 0xff, 0xd8, 0xa6, 0x8d, 0x41, + 0x54, 0x3e, 0x01, 0x86, 0x66, 0x63, 0x79, 0x0b, + 0x2a, 0xf2, 0x1f, 0xa7, 0x82, 0xe8, 0x3f, 0xff, + 0x0a, 0x6e, 0x58, 0xe2, 0x4f, 0x1a, 0xbb, 0x2d, + 0x4b, 0x6d, 0xbe, 0x96, 0x12, 0xa8, 0x95, 0x1f, + 0x23, 0x86, 0x4f, 0x4f, 0xde, 0xe9, 0xe1, 0x23, + 0x6d, 0x0e, 0xfd, 0x5d, 0x9d, 0xb5, 0xb7, 0x5f, + 0xc0, 0x18, 0xc8, 0xde, 0x8b, 0x1e, 0x53, 0xb4, + 0x3f, 0x34, 0xc7, 0xc2, 0xcf, 0xcb, 0xba, 0x01, + 0x3a, 0xdd, 0xf7, 0x6f, 0x66, 0x0e, 0x72, 0xea, + 0x91, 0x0b, 0x60, 0xfb, 0x7c, 0xa8, 0xa7, 0x0b, + 0x46, 0x57, 0x45, 0xcc, 0x53, 0x95, 0xc8, 0x63, + 0xc8, 0x13, 0x71, 0xe2, 0x9a, 0xfe, 0xbb, 0xd8, + 0xbb, 0xc9, 0x60, 0x91, 0xca, 0x6c, 0xc4, 0x24, + 0xad, 0xd5, 0xab, 0x1d, 0x3d, 0xb4, 0x75, 0x01, + 0x35, 0x3c, 0xa0, 0xd1, 0xe6, 0xc9, 0x91, 0xf8, + 0x1e, 0x43, 0xa0, 0xd4, 0x85, 0x1b, 0x14, 0xa1, + 0xd2, 0xdf, 0xea, 0xb8, 0x5d, 0xd4, 0xe6, 0xd3, + 0x96, 0x2d, 0x9a, 0x85, 0xb8, 0xbe, 0x9a, 0x71, + 0xd2, 0xf6, 0xa9, 0xa6, 0xb2, 0x96, 0xe7, 0x8c, + 0xb4, 0x47, 0xb6, 0xf2, 0xe4, 0xbb, 0xa4, 0x8c, + 0xe6, 0x91, 0x7b, 0xf8, 0xbc, 0x40, 0x72, 0x1d, + 0x5b, 0xc4, 0x5f, 0xc8, 0x8a, 0xba, 0x3c, 0x5e, + 0x4e, 0x08, 0x3e, 0x2e, 0x95, 0xd0, 0xaf, 0x5f, + 0xef, 0xb1, 0xda, 0x79, 0x7a, 0x7b, 0xa1, 0x27, + 0x66, 0x95, 0x10, 0x1a, 0x08, 0xc7, 0x3a, 0x0f, + 0x35, 0xaf, 0xfc, 0xd6, 0xf8, 0x56, 0x59, 0x1b, + 0xd4, 0x26, 0x4e, 0x28, 0xbc, 0xb2, 0x6b, 0xbb, + 0x9f, 0x0a, 0x46, 0x7f, 0xb9, 0x26, 0xdb, 0x64, + 0x5a, 0x69, 0xa5, 0xd1, 0x81, 0x16, 0xf7, 0xc8, + 0xb4, 0xa4, 0x23, 0x24, 0xd5, 0xb1, 0xcc, 0x3c, + 0xa2, 0x28, 0x15, 0x98, 0x3e, 0x7e, 0x75, 0x7d, + 0x2b, 0x9e, 0xe3, 0x10, 0x52, 0x7b, 0xa9, 0x4a, + 0xd4, 0x7c, 0x64, 0x86, 0xad, 0x43, 0x71, 0x95, + 0xa6, 0x95, 0x50, 0xe4, 0xb6, 0x99, 0xff, 0x7e, + 0xec, 0xe7, 0x13, 0x31, 0xa2, 0x86, 0xac, 0x54, + 0xd8, 0x82, 0x24, 0xf8, 0x7f, 0xe2, 0x69, 0xde, + 0x2f, 0xfd, 0xbc, 0xb9, 0x9b, 0xb8, 0xee, 0x12, + 0xef, 0x5f, 0x2a, 0x42, 0x99, 0xbc, 0x0c, 0x87, + 0x0c, 0x85, 0xa6, 0x4b, 0xa4, 0xf0, 0xfb, 0x94, + 0x1b, 0x3c, 0x8a, 0x11, 0x14, 0x53, 0x7f, 0x7a, + 0x89, 0x7e, 0xf9, 0xfe, 0xfc, 0x89, 0xb7, 0x97, + 0x5f, 0x44, 0xb1, 0x5d, 0x4f, 0xba, 0x66, 0x2d, + 0x8a, 0x5c, 0xa2, 0xf4, 0x39, 0x69, 0x19, 0x02, + 0x33, 0x48, 0x9d, 0x08, 0x91, 0x5e, 0x63, 0xdc, + 0x9f, 0xf8, 0xee, 0xed, 0xb6, 0x21, 0x68, 0x33, + 0xab, 0x80, 0xf8, 0xdc, 0xe0, 0x90, 0x87, 0x9e, + 0x1f, 0x3a, 0x3e, 0x63, 0x1a, 0xfa, 0x98, 0x14, + 0x05, 0x8f, 0x0c, 0x5e, 0x58, 0x7c, 0x60, 0x12, + 0xeb, 0x9a, 0xe8, 0x6c, 0x24, 0xbe, 0x78, 0x7f, + 0xa1, 0x4c, 0xd6, 0xbe, 0xda, 0x6f, 0xbc, 0x0c, + 0xdc, 0x2e, 0xa5, 0x41, 0xbd, 0x2d, 0x1e, 0xb0, + 0xd4, 0xe8, 0xbc, 0x42, 0xa1, 0x27, 0x59, 0x58, + 0x06, 0x8d, 0x8a, 0x7b, 0xf7, 0x5d, 0xff, 0xca, + 0x5e, 0x46, 0x92, 0x97, 0x17, 0xb1, 0x22, 0xf8, + 0x52, 0x84, 0x48, 0x73, 0x46, 0x3c, 0x2d, 0x79, + 0x1c, 0x4f, 0x89, 0x7d, 0x29, 0xb4, 0x1a, 0x1f, + 0xbf, 0x89, 0xf5, 0x0b, 0x46, 0x63, 0x10, 0x94, + 0x62, 0x13, 0x3b, 0x86, 0x61, 0x6f, 0x97, 0x1e, + 0xd0, 0x85, 0x99, 0x83, 0xf8, 0xbe, 0x30, 0x19, + 0xb7, 0x6c, 0xba, 0x3e, 0x77, 0x0e, 0x4a, 0x1f, + 0xab, 0x3f, 0x6d, 0x66, 0xfd, 0x56, 0xea, 0x47, + 0xc3, 0x56, 0xa8, 0xc6, 0x84, 0x06, 0xe3, 0x62, + 0x07, 0x78, 0x49, 0xb1, 0xcc, 0xce, 0x0a, 0x8d, + 0x3c, 0x71, 0x7b, 0x88, 0x36, 0x31, 0x97, 0xc4, + 0x1a, 0x60, 0x06, 0x24, 0x9c, 0x9e, 0xd7, 0x45, + 0x1e, 0x74, 0x51, 0x3a, 0x97, 0xab, 0x81, 0x87, + 0x94, 0x62, 0x69, 0x5a, 0x69, 0xbb, 0xfe, 0x52, + 0xbf, 0x99, 0x90, 0x5c, 0x1e, 0x37, 0xb1, 0xc8, + 0x4f, 0x4c, 0x78, 0x6f, 0xe8, 0xb0, 0x1a, 0x4b, + 0x35, 0x7c, 0x16, 0x8d, 0x54, 0x49, 0x6b, 0xc1, + 0x29, 0x27, 0x40, 0x3e, 0x60, 0xf6, 0x8c, 0xa4, + 0xe8, 0xdb, 0x90, 0xee, 0x01, 0x35, 0x0e, 0x7a, + 0x98, 0xf9, 0xc5, 0x30, 0x2b, 0x19, 0xd5, 0xb8, + 0xa3, 0xe6, 0x09, 0xd6, 0x65, 0x79, 0x55, 0x6d, + 0xd5, 0x04, 0xef, 0xd6, 0xfc, 0xbb, 0x7a, 0xbd, + 0x90, 0xe4, 0xf8, 0xaa, 0x03, 0xcd, 0x87, 0xac, + 0x0b, 0x60, 0xd0, 0x55, 0x58, 0x88, 0xcb, 0x46, + 0x63, 0xa6, 0x75, 0xea, 0x80, 0x16, 0xe6, 0x46, + 0xf0, 0x51, 0xea, 0xdd, 0x8a, 0x21, 0x0f, 0x1a, + 0xe3, 0x34, 0xbb, 0x27, 0x67, 0xf7, 0x09, 0xb7, + 0xf5, 0x0f, 0xa2, 0x67, 0x7b, 0x5a, 0x5e, 0xb0, + 0xcf, 0x43, 0xec, 0xb8, 0x63, 0x95, 0x7b, 0xf1, + 0x2b, 0x95, 0x71, 0xa2, 0xa3, 0x7d, 0x57, 0x5a, + 0xd1, 0x0a, 0xb4, 0x13, 0x99, 0x49, 0x8a, 0x1d, + 0x91, 0xdf, 0xae, 0x48, 0x01, 0x65, 0x88, 0x3d, + 0x7e, 0x06, 0x47, 0x83, 0x9e, 0x6d, 0x57, 0x93, + 0xf4, 0x60, 0xa6, 0x19, 0x74, 0xd7, 0xc0, 0xb8, + 0x29, 0x81, 0x7d, 0xed, 0xf6, 0x06, 0xe8, 0xfa, + 0x45, 0x5d, 0x35, 0x6a, 0x2f, 0xf3, 0x38, 0xda, + 0xff, 0x2c, 0x8c, 0x53, 0xb6, 0x70, 0xe4, 0x4a, + 0x63, 0x4a, 0xf7, 0x4d, 0x4c, 0x78, 0xf0, 0x47, + 0x4d, 0x55, 0x18, 0x8b, 0x1b, 0x5b, 0xeb, 0xce, + 0xc1, 0x75, 0xc6, 0xf3, 0x4c, 0x96, 0x2f, 0x1e, + 0xe7, 0xf6, 0x4e, 0x4e, 0x8c, 0x8d, 0x7a, 0xf2, + 0x02, 0x49, 0xeb, 0xef, 0xd2, 0xdd, 0x3b, 0x33, + 0x4d, 0xbf, 0x6d, 0x79, 0x2a, 0x10, 0x79, 0x8a, + 0xd5, 0xcd, 0xf8, 0x79, 0x02, 0xa5, 0x61, 0x80, + 0x1f, 0xc4, 0xc7, 0xd3, 0x20, 0x42, 0x81, 0xdc, + 0x7a, 0x8d, 0x4e, 0x27, 0x24, 0x6a, 0xa5, 0x08, + 0x9e, 0x90, 0xe9, 0x4a, 0xe8, 0xea, 0x3c, 0x31, + 0x81, 0xd9, 0xfe, 0xd6, 0xd3, 0xf2, 0xd4, 0xd7, + 0xfd, 0xe1, 0xfe, 0xfc, 0x56, 0x1f, 0x07, 0x02, + 0xd4, 0x63, 0x58, 0x05, 0xa4, 0x85, 0x90, 0xaf, + 0x46, 0x79, 0xce, 0xca, 0x11, 0xb7, 0x04, 0xc3, + 0x94, 0x87, 0x9d, 0xe4, 0x70, 0xc0, 0xb5, 0x4b, + 0x08, 0x9f, 0xb3, 0x8a, 0x8c, 0x3e, 0x00, 0x19, + 0x18, 0x76, 0x2f, 0x0d, 0xfa, 0xfd, 0x1c, 0xc1, + 0xa7, 0xd6, 0x69, 0x73, 0xe8, 0x88, 0xec, 0xb9, + 0xe0, 0x32, 0x8f, 0x77, 0x4d, 0x32, 0x70, 0x17, + 0xb6, 0x54, 0xf2, 0x79, 0xc6, 0xbe, 0xc3, 0x10, + 0xa2, 0x07, 0xe4, 0x4a, 0x74, 0xe4, 0xed, 0x5a, + 0xbc, 0xb6, 0xaa, 0x7f, 0x3a, 0xe8, 0x27, 0x87, + 0xfb, 0xa8, 0xc7, 0xb9, 0xb6, 0x34, 0x40, 0x43, + 0xea, 0x38, 0xb1, 0x3f, 0xa4, 0x64, 0x2c, 0xa7, + 0x13, 0x06, 0x9b, 0xaa, 0x83, 0xab, 0xfc, 0xf9, + 0x03, 0x3b, 0xeb, 0x2e, 0xbc, 0x35, 0xe4, 0xc9, + 0xcf, 0x2d, 0x5e, 0xc0, 0xa6, 0x31, 0xf0, 0xb0, + 0x98, 0x98, 0xa5, 0x2d, 0xf3, 0x98, 0x82, 0x49, + 0xd4, 0x06, 0xe4, 0x72, 0xd5, 0xe5, 0xfd, 0xad, + 0x79, 0x13, 0x18, 0x6e, 0x2c, 0x33, 0x41, 0x1e, + 0xd1, 0xb0, 0xb2, 0x41, 0xc2, 0x80, 0x0b, 0x91, + 0xd2, 0x99, 0x60, 0xef, 0x67, 0xa8, 0xad, 0x9c, + 0x9b, 0xd4, 0xb2, 0x54, 0x65, 0x97, 0xb5, 0xc5, + 0x06, 0x1c, 0x05, 0x53, 0x09, 0x20, 0xce, 0x49, + 0xd7, 0xbe, 0x3e, 0x15, 0x5d, 0x77, 0x76, 0x53, + 0x18, 0x02, 0xd1, 0x46, 0x1d, 0x5f, 0xe9, 0x74, + 0xab, 0x45, 0x05, 0xa7, 0xd7, 0xa4, 0x4f, 0x81, + 0x41, 0x7e, 0xec, 0xf0, 0xd1, 0xb8, 0x67, 0xf3, + 0xef, 0x09, 0x4b, 0xae, 0x8d, 0x7d, 0xe0, 0x12, + 0x54, 0xf0, 0x7a, 0x90, 0x4a, 0x3b, 0xfc, 0x2f, + 0xe0, 0x13, 0xde, 0xd8, 0x98, 0x3c, 0x85, 0xce, + 0xd3, 0x06, 0x6f, 0x6c, 0x6a, 0xdc, 0xfa, 0xab, + 0x4e, 0x01, 0x57, 0xc8, 0x5b, 0x3f, 0xb2, 0x69, + 0xfd, 0x4d, 0xfc, 0x71, 0x07, 0xcd, 0xee, 0xf7, + 0x1c, 0x33, 0xba, 0x0f, 0x25, 0x09, 0x71, 0x65, + 0xc1, 0xf0, 0x33, 0xf8, 0xa8, 0xfa, 0x8c, 0xc4, + 0xaf, 0xa9, 0xe9, 0xcd, 0x23, 0xd0, 0xf6, 0xb9, + 0x24, 0x08, 0x09, 0x13, 0x15, 0x68, 0x10, 0x8c, + 0x2f, 0xf7, 0x96, 0xb4, 0x1f, 0x81, 0x24, 0x7d, + 0x9d, 0xc1, 0x9b, 0xef, 0xe9, 0x4a, 0x87, 0x70, + 0x0a, 0x04, 0x1c, 0x9d, 0xbc, 0x6c, 0x57, 0x1a, + 0xa4, 0xfd, 0x90, 0xb6, 0x25, 0x03, 0x9b, 0xb7, + 0x3d, 0x73, 0x0a, 0xdf, 0xaf, 0xdf, 0xea, 0x64, + 0x7a, 0x0c, 0xeb, 0xdf, 0x29, 0xc4, 0x2d, 0xb0, + 0x43, 0x91, 0xdb, 0x6f, 0xa4, 0x7a, 0xa9, 0x84, + 0xae, 0x03, 0x27, 0xe4, 0xf3, 0xf6, 0x3d, 0x35, + 0x74, 0xe1, 0xe4, 0x09, 0x1a, 0x61, 0x76, 0x89, + 0x8e, 0xa7, 0xbc, 0xc3, 0x16, 0x3e, 0x3f, 0x4a, + 0x4d, 0x5a, 0x62, 0x93, 0xd0, 0xe1, 0xf5, 0xb7, + 0xc5, 0xd3, 0xe3, 0x07, 0x31, 0x70, 0xce, 0xe3, + 0xed, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0x0c, 0x17, 0x1b, 0x21 + }; +#endif /* !WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 + /* ML-DSA-87: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Secret key (4896 bytes) */ + static const byte sk_87[] = { + 0x90, 0x3e, 0xfb, 0xf1, 0x6c, 0xd1, 0xf7, 0x79, + 0x82, 0x51, 0x06, 0xf7, 0x6d, 0xe1, 0x2d, 0xf4, + 0x9c, 0xa4, 0x37, 0x1b, 0x57, 0x11, 0x74, 0x80, + 0x70, 0x2a, 0x1d, 0x94, 0xdd, 0x9c, 0x20, 0x42, + 0xef, 0x36, 0xc0, 0x28, 0xda, 0x0f, 0xc8, 0x30, + 0x49, 0x5d, 0x9b, 0xa9, 0x0d, 0x50, 0x35, 0x1e, + 0xc7, 0x19, 0x6f, 0x68, 0xb7, 0x3c, 0x77, 0x25, + 0x3a, 0xcd, 0xcc, 0x03, 0x6c, 0xfc, 0x89, 0xea, + 0x9c, 0x66, 0x61, 0x36, 0x19, 0x73, 0x85, 0xc1, + 0xe3, 0xee, 0xa6, 0xf5, 0xe4, 0x84, 0x50, 0x3f, + 0x1c, 0x33, 0xd7, 0xab, 0xee, 0x2a, 0xc4, 0x50, + 0x73, 0xb0, 0xd8, 0xb5, 0x1c, 0x64, 0x9a, 0x1d, + 0x23, 0xad, 0xb8, 0xb6, 0x26, 0x61, 0x00, 0xc3, + 0x3b, 0xee, 0x32, 0xd2, 0x5c, 0x46, 0x63, 0xe8, + 0xb7, 0xf6, 0xdf, 0x96, 0x47, 0x89, 0x4d, 0xc1, + 0x46, 0xfa, 0xbe, 0x7a, 0xc5, 0xb5, 0xfd, 0x5f, + 0x14, 0x24, 0x40, 0x14, 0x99, 0x4c, 0x21, 0x09, + 0x0e, 0x54, 0x06, 0x68, 0x0b, 0x06, 0x69, 0x4b, + 0xc4, 0x6c, 0x93, 0x22, 0x6d, 0xd2, 0x22, 0x91, + 0xc1, 0x40, 0x4d, 0x1a, 0x44, 0x6a, 0x18, 0xa7, + 0x00, 0x1c, 0x14, 0x88, 0x41, 0x80, 0x28, 0xe0, + 0xc4, 0x30, 0x5b, 0xa4, 0x64, 0x5a, 0xb2, 0x80, + 0x24, 0x45, 0x0e, 0x23, 0x94, 0x51, 0x5b, 0x98, + 0x81, 0x58, 0x32, 0x4d, 0x09, 0x02, 0x4c, 0x49, + 0xa0, 0x10, 0xd3, 0x90, 0x01, 0x18, 0x29, 0x04, + 0x82, 0x86, 0x28, 0xd4, 0x32, 0x48, 0x42, 0xc0, + 0x24, 0x44, 0x90, 0x45, 0x19, 0x44, 0x6e, 0x1c, + 0x41, 0x6a, 0xdb, 0xb8, 0x00, 0x00, 0xa0, 0x4d, + 0x64, 0xa6, 0x10, 0xcb, 0x48, 0x80, 0x0b, 0x80, + 0x31, 0x11, 0xa0, 0x88, 0x44, 0x82, 0x29, 0x04, + 0x48, 0x21, 0x58, 0x96, 0x80, 0x62, 0x42, 0x26, + 0x8a, 0x44, 0x66, 0xd2, 0x84, 0x2d, 0x00, 0x01, + 0x4e, 0xc9, 0xc6, 0x65, 0x0a, 0x82, 0x10, 0x1b, + 0x24, 0x21, 0x5a, 0xa0, 0x4d, 0x8c, 0x38, 0x2a, + 0x51, 0x88, 0x4c, 0x1a, 0x30, 0x81, 0x1c, 0xc2, + 0x84, 0x88, 0xc0, 0x90, 0x19, 0xa5, 0x0d, 0xd8, + 0x24, 0x09, 0x1c, 0xb6, 0x68, 0x51, 0xc0, 0x0c, + 0x84, 0x40, 0x82, 0xa3, 0x28, 0x48, 0xe2, 0x80, + 0x69, 0xa1, 0x48, 0x21, 0x1c, 0x30, 0x0d, 0x09, + 0x27, 0x46, 0xe3, 0x98, 0x2c, 0xd9, 0x44, 0x06, + 0x22, 0xc7, 0x64, 0x88, 0x82, 0x49, 0x5b, 0xb6, + 0x88, 0xc1, 0x24, 0x2d, 0x83, 0x36, 0x89, 0x94, + 0xc0, 0x84, 0x91, 0xc2, 0x88, 0xe0, 0x94, 0x0c, + 0x5c, 0x44, 0x32, 0x59, 0x80, 0x2d, 0x0c, 0x25, + 0x0c, 0xd0, 0x48, 0x2e, 0x09, 0x47, 0x08, 0x02, + 0x17, 0x11, 0x09, 0xb1, 0x65, 0x19, 0xc4, 0x30, + 0x0b, 0x98, 0x21, 0x8a, 0xc2, 0x4c, 0x00, 0xb7, + 0x48, 0x42, 0x24, 0x44, 0xc2, 0x26, 0x65, 0x42, + 0xb6, 0x08, 0x12, 0x14, 0x8a, 0x40, 0x92, 0x25, + 0xc4, 0xa2, 0x61, 0x0c, 0x22, 0x26, 0xda, 0x40, + 0x6e, 0x49, 0x08, 0x6c, 0x9b, 0x90, 0x40, 0x18, + 0x87, 0x90, 0xcb, 0x06, 0x81, 0x20, 0x00, 0x01, + 0x43, 0xb0, 0x65, 0x91, 0xa0, 0x0d, 0x1c, 0x16, + 0x48, 0x21, 0x86, 0x6c, 0x00, 0x04, 0x06, 0x0c, + 0x94, 0x30, 0x41, 0x48, 0x4a, 0xa1, 0x46, 0x60, + 0x61, 0x06, 0x25, 0x54, 0x88, 0x81, 0x14, 0x10, + 0x2d, 0x5b, 0x88, 0x69, 0xe4, 0x88, 0x05, 0xe3, + 0x40, 0x45, 0x08, 0x90, 0x84, 0x64, 0xa2, 0x4c, + 0xd9, 0x36, 0x62, 0xe0, 0x34, 0x10, 0x00, 0x27, + 0x48, 0x5a, 0xc6, 0x89, 0x21, 0x83, 0x08, 0x98, + 0x08, 0x22, 0x93, 0xc4, 0x11, 0x24, 0x12, 0x8d, + 0x81, 0xb6, 0x45, 0x09, 0x21, 0x82, 0x4a, 0x48, + 0x49, 0xd2, 0x40, 0x31, 0x24, 0x06, 0x84, 0x0a, + 0x81, 0x24, 0x44, 0xc2, 0x90, 0x51, 0xc8, 0x45, + 0x24, 0x45, 0x88, 0xe4, 0x12, 0x6c, 0xa0, 0x98, + 0x88, 0xda, 0x30, 0x88, 0x9c, 0x36, 0x60, 0x5a, + 0xa8, 0x6c, 0xd1, 0x88, 0x8c, 0x14, 0x36, 0x2e, + 0x93, 0x00, 0x8d, 0x89, 0x44, 0x88, 0xd1, 0x14, + 0x91, 0x44, 0x26, 0x62, 0x58, 0x26, 0x82, 0xc3, + 0x26, 0x81, 0xa2, 0xb8, 0x21, 0xc9, 0x00, 0x0c, + 0x83, 0x94, 0x50, 0x10, 0x15, 0x0e, 0x09, 0x03, + 0x85, 0x5c, 0x00, 0x69, 0x03, 0x80, 0x51, 0x60, + 0x10, 0x86, 0x92, 0x86, 0x68, 0xc2, 0xc4, 0x68, + 0x93, 0x26, 0x68, 0x20, 0x88, 0x60, 0x8b, 0x44, + 0x81, 0x23, 0x04, 0x80, 0x4b, 0x38, 0x6a, 0x0a, + 0xb8, 0x50, 0xe0, 0x00, 0x4e, 0x01, 0xc6, 0x4d, + 0xc4, 0x38, 0x0e, 0xa4, 0x06, 0x69, 0x89, 0xb6, + 0x70, 0x98, 0x44, 0x26, 0xc1, 0x30, 0x52, 0x93, + 0x98, 0x69, 0xe3, 0x16, 0x8e, 0x01, 0x49, 0x26, + 0xa3, 0xa2, 0x4d, 0xa4, 0x18, 0x49, 0x14, 0x12, + 0x88, 0xc0, 0x80, 0x51, 0xc3, 0xb0, 0x6d, 0xc8, + 0xa2, 0x0d, 0x48, 0xb8, 0x41, 0x18, 0x46, 0x71, + 0x18, 0x24, 0x85, 0xca, 0xb2, 0x70, 0x64, 0x20, + 0x68, 0x9b, 0xc6, 0x8d, 0x01, 0xa0, 0x20, 0xe2, + 0x18, 0x25, 0x01, 0xc3, 0x81, 0x1b, 0x43, 0x80, + 0x41, 0x86, 0x05, 0xc1, 0xc0, 0x40, 0xa4, 0x98, + 0x10, 0x10, 0x99, 0x00, 0xe1, 0x92, 0x31, 0x03, + 0xc4, 0x4c, 0xe1, 0x84, 0x09, 0x12, 0x49, 0x01, + 0xd4, 0x20, 0x6c, 0x41, 0x36, 0x09, 0x20, 0xc2, + 0x20, 0x98, 0x44, 0x69, 0xa1, 0xa8, 0x81, 0x9b, + 0x22, 0x70, 0xa4, 0x20, 0x88, 0xcc, 0x36, 0x30, + 0x98, 0x96, 0x20, 0xd0, 0x32, 0x60, 0x10, 0x18, + 0x91, 0x41, 0x84, 0x44, 0x40, 0x04, 0x84, 0x9c, + 0x92, 0x80, 0xd2, 0x22, 0x4e, 0x84, 0xc4, 0x4c, + 0x88, 0x90, 0x84, 0x60, 0x36, 0x0c, 0xd9, 0x84, + 0x49, 0xc9, 0x10, 0x21, 0x41, 0x26, 0x71, 0xd1, + 0x32, 0x24, 0xe3, 0x92, 0x84, 0x02, 0x23, 0x0a, + 0x4c, 0x84, 0x60, 0x14, 0xb4, 0x21, 0xe4, 0x04, + 0x90, 0xdb, 0x38, 0x32, 0x9b, 0x42, 0x10, 0x12, + 0x97, 0x29, 0x13, 0xb6, 0x20, 0x63, 0xc2, 0x91, + 0x1c, 0x45, 0x8a, 0xa1, 0x80, 0x84, 0x63, 0x06, + 0x6d, 0xda, 0x38, 0x32, 0x90, 0x14, 0x0c, 0xe1, + 0x48, 0x4e, 0x60, 0xc2, 0x69, 0x19, 0xb0, 0x00, + 0x0c, 0x99, 0x81, 0x22, 0x45, 0x2a, 0x1b, 0x25, + 0x4c, 0x22, 0x81, 0x40, 0x5b, 0xb0, 0x8c, 0x02, + 0xa9, 0x41, 0x1c, 0x24, 0x20, 0xdb, 0x86, 0x4c, + 0x98, 0x20, 0x0d, 0xd8, 0x96, 0x49, 0x13, 0x35, + 0x72, 0x10, 0x83, 0x2d, 0x91, 0x48, 0x48, 0x0c, + 0xa7, 0x01, 0x08, 0x84, 0x45, 0x62, 0x86, 0x49, + 0x22, 0x82, 0x6d, 0x0a, 0x80, 0x84, 0x0a, 0x14, + 0x68, 0x42, 0x86, 0x29, 0x4b, 0x10, 0x82, 0xd8, + 0x10, 0x02, 0x02, 0x18, 0x92, 0x22, 0x34, 0x46, + 0x82, 0x06, 0x2c, 0x0c, 0x17, 0x6a, 0x1c, 0x98, + 0x6c, 0x20, 0x41, 0x25, 0x42, 0x10, 0x8e, 0xd1, + 0x02, 0x89, 0x00, 0xb5, 0x21, 0x94, 0x38, 0x80, + 0xc2, 0x12, 0x91, 0x1b, 0x04, 0x48, 0x91, 0x22, + 0x2e, 0xe2, 0x94, 0x4c, 0x1b, 0x94, 0x45, 0x84, + 0x42, 0x6e, 0x80, 0x46, 0x6e, 0x19, 0x25, 0x72, + 0xa1, 0xc8, 0x0d, 0x08, 0x16, 0x01, 0x4b, 0x48, + 0x10, 0x4b, 0x24, 0x81, 0x61, 0x20, 0x64, 0x42, + 0x24, 0x86, 0x10, 0x26, 0x46, 0x02, 0x19, 0x05, + 0x8c, 0x12, 0x2d, 0x1c, 0x21, 0x00, 0x1a, 0x31, + 0x30, 0xc0, 0x24, 0x32, 0x03, 0x19, 0x52, 0x03, + 0x36, 0x44, 0xc3, 0x10, 0x44, 0xd0, 0x26, 0x32, + 0x24, 0x46, 0x86, 0x02, 0x09, 0x46, 0xe3, 0x10, + 0x6a, 0x88, 0x00, 0x89, 0x94, 0xa6, 0x84, 0x08, + 0x44, 0x6a, 0x98, 0x32, 0x6a, 0xc3, 0x94, 0x50, + 0x41, 0x32, 0x50, 0x4c, 0x94, 0x8d, 0x8b, 0xc2, + 0x88, 0xdb, 0x12, 0x91, 0xe1, 0xc6, 0x8c, 0x84, + 0x26, 0x6c, 0x61, 0x16, 0x4e, 0x20, 0xb6, 0x89, + 0x93, 0x14, 0x05, 0x22, 0x21, 0x2e, 0xa4, 0xa2, + 0x70, 0x03, 0x34, 0x0a, 0x80, 0xc4, 0x50, 0x0a, + 0x29, 0x25, 0x9b, 0x16, 0x70, 0x9c, 0x02, 0x65, + 0x1b, 0x85, 0x2d, 0x1b, 0x96, 0x24, 0x0c, 0xb0, + 0x41, 0x00, 0x34, 0x70, 0x41, 0xa4, 0x0c, 0x61, + 0x06, 0x81, 0x5b, 0x06, 0x40, 0x93, 0x94, 0x60, + 0x1a, 0x49, 0x41, 0x22, 0x06, 0x22, 0x14, 0x40, + 0x60, 0xa3, 0xb6, 0x50, 0x44, 0x00, 0x89, 0x18, + 0x24, 0x01, 0x43, 0x88, 0x04, 0xa0, 0x20, 0x90, + 0x9b, 0x02, 0x81, 0x9c, 0x32, 0x4a, 0x84, 0x12, + 0x4a, 0xda, 0x00, 0x6d, 0x1a, 0x46, 0x26, 0x93, + 0x04, 0x45, 0x13, 0xb3, 0x01, 0x03, 0x39, 0x41, + 0x61, 0x22, 0x81, 0x5c, 0xb2, 0x41, 0x14, 0x35, + 0x91, 0x09, 0xa3, 0x8c, 0x01, 0x10, 0x6d, 0x14, + 0x36, 0x30, 0x81, 0x48, 0x2d, 0xc8, 0xc8, 0x2d, + 0x4b, 0x30, 0x4d, 0x11, 0xc0, 0x6c, 0x21, 0x96, + 0x64, 0x14, 0x26, 0x65, 0x51, 0xa0, 0x8d, 0x14, + 0x20, 0x42, 0xc2, 0x32, 0x85, 0x02, 0x94, 0x64, + 0x02, 0x42, 0x2c, 0xa1, 0x38, 0x90, 0x44, 0xb8, + 0x4c, 0xd2, 0x22, 0x61, 0xa1, 0xc4, 0x31, 0x43, + 0xa6, 0x25, 0x50, 0x06, 0x62, 0x53, 0x80, 0x49, + 0x23, 0x34, 0x89, 0x09, 0x81, 0x40, 0x88, 0x30, + 0x91, 0xc0, 0xc8, 0x31, 0x43, 0x12, 0x02, 0xca, + 0x26, 0x06, 0x1c, 0x00, 0x4e, 0xca, 0xb6, 0x50, + 0xa3, 0x02, 0x10, 0x10, 0x34, 0x61, 0x14, 0x06, + 0x88, 0xcb, 0x90, 0x29, 0x21, 0x47, 0x2d, 0x01, + 0x98, 0x71, 0x1c, 0x48, 0x0e, 0xd4, 0x26, 0x90, + 0x5b, 0x22, 0x61, 0xc3, 0xb4, 0x4c, 0x24, 0x24, + 0x2c, 0xa4, 0x14, 0x60, 0x5c, 0x08, 0x2e, 0xc1, + 0x90, 0x28, 0xe2, 0x34, 0x6a, 0x0c, 0x21, 0x11, + 0x4a, 0x18, 0x44, 0xe1, 0x18, 0x71, 0xd0, 0x02, + 0x92, 0xd8, 0x06, 0x26, 0x1a, 0x05, 0x02, 0x41, + 0x18, 0x71, 0x98, 0x98, 0x91, 0xc1, 0x00, 0x61, + 0x03, 0xa5, 0x4d, 0x48, 0x04, 0x92, 0xcb, 0xc6, + 0x81, 0xd0, 0x36, 0x82, 0x04, 0xc7, 0x11, 0x21, + 0x05, 0x01, 0x0c, 0xb9, 0x04, 0xc0, 0x42, 0x49, + 0x90, 0xc6, 0x48, 0x93, 0x24, 0x91, 0x92, 0x80, + 0x84, 0xd3, 0xa4, 0x50, 0x90, 0x22, 0x04, 0x08, + 0x89, 0x45, 0x52, 0x02, 0x26, 0x93, 0xc6, 0x70, + 0xc8, 0x94, 0x11, 0xd2, 0x34, 0x86, 0xcc, 0x82, + 0x05, 0x00, 0x01, 0x44, 0xc8, 0x40, 0x0d, 0x19, + 0x40, 0x0a, 0x1a, 0xa8, 0x05, 0xd3, 0x06, 0x71, + 0x82, 0x28, 0x84, 0x21, 0x05, 0x4d, 0x8b, 0x22, + 0x50, 0x10, 0x27, 0x08, 0xe3, 0x48, 0x61, 0x61, + 0x24, 0x8a, 0x4c, 0x04, 0x90, 0x11, 0x92, 0x6c, + 0xc2, 0xa6, 0x29, 0x90, 0x44, 0x4a, 0x12, 0x30, + 0x65, 0x80, 0xb0, 0x24, 0x0c, 0x29, 0x81, 0x41, + 0xc0, 0x88, 0x01, 0x32, 0x81, 0x90, 0x86, 0x90, + 0x22, 0x84, 0x4c, 0xa1, 0x32, 0x30, 0x58, 0x00, + 0x2e, 0x8a, 0x80, 0x20, 0x0a, 0x34, 0x8c, 0x92, + 0x06, 0x92, 0x49, 0x98, 0x20, 0x8c, 0x24, 0x6c, + 0x64, 0x80, 0x11, 0x18, 0x95, 0x61, 0x12, 0x98, + 0x60, 0x48, 0x00, 0x48, 0x1a, 0xc8, 0x40, 0xcc, + 0x06, 0x01, 0xa0, 0x28, 0x4e, 0x1a, 0x16, 0x24, + 0xca, 0x30, 0x91, 0x49, 0xa0, 0x84, 0x0b, 0x34, + 0x44, 0x8a, 0xa0, 0x40, 0xca, 0x24, 0x64, 0x90, + 0xb8, 0x45, 0x60, 0xc4, 0x00, 0x12, 0x99, 0x45, + 0x24, 0xb8, 0x30, 0x61, 0x40, 0x28, 0x51, 0x44, + 0x31, 0xe1, 0xc6, 0x11, 0x1b, 0x87, 0x29, 0xa0, + 0xc2, 0x2c, 0x11, 0xb6, 0x88, 0x64, 0x40, 0x31, + 0x9a, 0xb4, 0x64, 0xa3, 0x98, 0x50, 0x9c, 0xa4, + 0x64, 0x89, 0x06, 0x29, 0x51, 0x18, 0x64, 0x50, + 0x46, 0x0d, 0xd1, 0x36, 0x40, 0x19, 0xc1, 0x0c, + 0x12, 0x14, 0x92, 0x02, 0x06, 0x80, 0x60, 0xc0, + 0x00, 0x08, 0x48, 0x4e, 0x22, 0x04, 0x72, 0x04, + 0xb6, 0x60, 0x24, 0x99, 0x6d, 0xd4, 0x36, 0x31, + 0x86, 0xaf, 0x29, 0x32, 0x57, 0x20, 0x8b, 0x57, + 0x6c, 0xaf, 0x86, 0xd1, 0x4b, 0x02, 0x8a, 0x73, + 0xd0, 0xc7, 0xb2, 0x78, 0x1f, 0xcd, 0xf5, 0xfc, + 0x02, 0xdd, 0x3d, 0x92, 0x6e, 0x96, 0xd0, 0x77, + 0x47, 0xdf, 0x7b, 0x4d, 0x5c, 0x54, 0x26, 0x07, + 0x3f, 0x05, 0x87, 0x60, 0x0f, 0x6f, 0xf9, 0x8a, + 0xbb, 0x97, 0xe0, 0x94, 0x39, 0x2d, 0x0b, 0xfc, + 0x03, 0x7e, 0x48, 0x9a, 0x9f, 0xa9, 0xe7, 0x96, + 0x4d, 0xba, 0xa4, 0x68, 0x61, 0xcb, 0x55, 0x81, + 0x9a, 0x02, 0x34, 0x75, 0xbb, 0x34, 0xb9, 0x9d, + 0x95, 0x41, 0x1a, 0x4c, 0x6b, 0x3d, 0x13, 0x1d, + 0x50, 0x0b, 0x52, 0x17, 0xc7, 0xce, 0xaf, 0x07, + 0x13, 0xcd, 0xa8, 0xe5, 0x4a, 0xac, 0x2e, 0x4d, + 0xa2, 0xa3, 0xe1, 0x4d, 0x3b, 0xc4, 0x20, 0xbe, + 0xc4, 0xbd, 0x0e, 0x1a, 0xa9, 0xbd, 0x9d, 0x3e, + 0x34, 0x78, 0xe4, 0x61, 0xe5, 0x5f, 0x75, 0x19, + 0xe9, 0x19, 0x97, 0xaa, 0x35, 0xd6, 0x28, 0x58, + 0xc2, 0x5d, 0x64, 0x5e, 0x34, 0x42, 0xc2, 0x41, + 0x1b, 0xeb, 0x30, 0x6e, 0x9f, 0x21, 0x5d, 0xc9, + 0xd3, 0x89, 0x00, 0x33, 0x16, 0x77, 0x46, 0x10, + 0x67, 0x23, 0x6b, 0x8e, 0x4c, 0xec, 0x7a, 0x22, + 0x2f, 0xdb, 0x89, 0x83, 0x42, 0x03, 0xc7, 0x9e, + 0x16, 0x06, 0xb3, 0xa1, 0xa8, 0x0f, 0x05, 0xc7, + 0x3b, 0xea, 0x37, 0x69, 0x66, 0xe7, 0xdc, 0xda, + 0xef, 0x6e, 0xd9, 0x56, 0x0a, 0xea, 0x88, 0x0a, + 0x22, 0x1f, 0x77, 0xa3, 0x16, 0x91, 0x27, 0x91, + 0x2d, 0xf9, 0xed, 0x9e, 0xe9, 0x5b, 0x72, 0xd4, + 0xfd, 0xea, 0x9e, 0xbe, 0xe5, 0x5f, 0xed, 0x40, + 0xc1, 0xbe, 0x36, 0xc3, 0x13, 0x7f, 0xda, 0x7a, + 0x1b, 0xf4, 0x6c, 0xdb, 0xb0, 0x06, 0x1b, 0x86, + 0xcb, 0xc9, 0x96, 0x31, 0xb0, 0x0b, 0x05, 0x50, + 0xca, 0x93, 0xdf, 0x52, 0x92, 0xa3, 0x9a, 0xb6, + 0x1e, 0x4d, 0x1a, 0x16, 0x97, 0x3e, 0xcb, 0x18, + 0xde, 0x87, 0xde, 0x42, 0xef, 0x23, 0x4d, 0x57, + 0xfb, 0x34, 0x84, 0xf8, 0xdf, 0x07, 0x84, 0x7c, + 0xd6, 0x55, 0x9e, 0x0e, 0x13, 0xe2, 0x65, 0xf3, + 0x20, 0x3a, 0x24, 0xd7, 0x9f, 0xb3, 0x48, 0x89, + 0xc2, 0xa1, 0x63, 0x86, 0x03, 0x05, 0x8a, 0x46, + 0xa5, 0x7f, 0xe0, 0xf8, 0xc3, 0x72, 0x9f, 0xfd, + 0x7c, 0xb1, 0x60, 0x21, 0xe0, 0x3b, 0x11, 0xb9, + 0x5a, 0x87, 0xfb, 0xd4, 0x9b, 0x3d, 0x9a, 0xa1, + 0xa9, 0x61, 0x78, 0x2a, 0x02, 0xcc, 0x66, 0x36, + 0xb2, 0xa5, 0x5d, 0xe6, 0xa8, 0xa1, 0xef, 0x7b, + 0x1d, 0x8a, 0x63, 0x9d, 0xb9, 0xb7, 0x39, 0x11, + 0x63, 0x00, 0xd4, 0xa8, 0x5a, 0x4b, 0xcd, 0xd8, + 0x65, 0x85, 0x08, 0xbc, 0xf3, 0x64, 0x05, 0x7a, + 0x06, 0x02, 0x9c, 0x6e, 0x52, 0xb0, 0x91, 0x67, + 0x30, 0x5e, 0x2a, 0x37, 0x3b, 0x98, 0x5a, 0xbd, + 0xbf, 0xf1, 0x2b, 0xd6, 0xaa, 0x6b, 0x18, 0x9e, + 0xdb, 0xd5, 0x45, 0x74, 0x4a, 0x65, 0x79, 0xab, + 0x1c, 0x5e, 0x10, 0x55, 0xdb, 0x5f, 0x97, 0xe3, + 0x57, 0x0e, 0xf0, 0x7c, 0x06, 0xfd, 0xa1, 0x55, + 0xea, 0xed, 0xb3, 0x6c, 0x95, 0xf6, 0x50, 0x57, + 0xa7, 0x0e, 0xa3, 0x15, 0x0a, 0x92, 0x3b, 0x07, + 0x34, 0x3c, 0x74, 0xc0, 0xb4, 0xae, 0x0a, 0x5e, + 0x9c, 0xc1, 0xcb, 0x0c, 0x31, 0x10, 0x40, 0x48, + 0x84, 0x67, 0x43, 0x63, 0x1f, 0x49, 0xf1, 0xf8, + 0x98, 0x86, 0x28, 0x53, 0x83, 0xa1, 0x6c, 0xd8, + 0x8d, 0xb6, 0x4c, 0x44, 0xda, 0xd1, 0x0e, 0xaa, + 0xd0, 0x11, 0x2c, 0x88, 0xf7, 0xae, 0x17, 0xf9, + 0xb1, 0xf4, 0x91, 0xdf, 0x0e, 0xee, 0x81, 0xeb, + 0x50, 0xf1, 0xd8, 0x9a, 0x61, 0x6b, 0xe9, 0xa3, + 0x86, 0xb4, 0x14, 0x6a, 0x2e, 0xe5, 0x89, 0x97, + 0xa1, 0x06, 0xa8, 0x8b, 0xe8, 0x3e, 0x2e, 0x71, + 0x92, 0xa0, 0x6f, 0x42, 0xcd, 0x39, 0x10, 0x44, + 0x18, 0x5d, 0xdb, 0xf2, 0x99, 0x29, 0x8c, 0xfb, + 0xa5, 0xf1, 0x27, 0xdf, 0xfd, 0xf1, 0x8b, 0x46, + 0x6f, 0xdf, 0x6d, 0x36, 0xce, 0x7d, 0xaf, 0x4f, + 0x2b, 0xb8, 0x9c, 0xe6, 0x9e, 0x3f, 0x98, 0xa1, + 0x7d, 0x2c, 0xad, 0xd2, 0xa6, 0xc2, 0x5c, 0x05, + 0x11, 0x21, 0x31, 0xc5, 0x4a, 0x0c, 0xd4, 0xfe, + 0xb4, 0x0d, 0xef, 0x10, 0xa6, 0xe9, 0xc1, 0x9f, + 0xeb, 0x1d, 0xb7, 0xd4, 0x76, 0x6a, 0x47, 0xd4, + 0x0e, 0xc3, 0xca, 0xc0, 0xe6, 0x79, 0x0a, 0xfc, + 0x14, 0x4b, 0x20, 0x60, 0xa8, 0x07, 0xee, 0x02, + 0x31, 0x8c, 0x09, 0x44, 0x5d, 0x89, 0x50, 0x1e, + 0x9e, 0x61, 0xf8, 0x22, 0x05, 0x55, 0x62, 0x99, + 0x83, 0xcf, 0x04, 0x20, 0x1a, 0xde, 0xd4, 0xb1, + 0xb7, 0xf4, 0x86, 0x2f, 0xd0, 0x73, 0x2c, 0x7c, + 0xd1, 0x1a, 0x37, 0x63, 0xb5, 0xe3, 0x4a, 0x49, + 0x2c, 0x8c, 0x96, 0x48, 0x27, 0x53, 0x88, 0xa9, + 0xad, 0x01, 0xed, 0xd8, 0x29, 0xe7, 0x1c, 0xf7, + 0x34, 0xfa, 0xef, 0x7d, 0x75, 0x55, 0x97, 0xc1, + 0x7c, 0x8d, 0xfb, 0xbc, 0xd3, 0xd1, 0xad, 0xc7, + 0x06, 0xae, 0x10, 0x62, 0x54, 0x26, 0xbb, 0x71, + 0xb7, 0x59, 0x17, 0x3f, 0x67, 0x6a, 0xe2, 0x95, + 0xd9, 0xa7, 0x3b, 0x06, 0x95, 0x3e, 0xd3, 0x4f, + 0xef, 0x80, 0x76, 0x89, 0x33, 0x81, 0x9d, 0xab, + 0x50, 0x28, 0x3b, 0x91, 0x26, 0x5f, 0x79, 0x95, + 0x62, 0xa0, 0x33, 0x3e, 0x91, 0xac, 0x3b, 0xd1, + 0x25, 0xd6, 0x8a, 0xbf, 0x17, 0x3f, 0x8b, 0x6b, + 0x6d, 0xee, 0x06, 0x35, 0xec, 0x67, 0x2f, 0x0c, + 0xb4, 0x4a, 0x14, 0x3e, 0xdf, 0x14, 0x51, 0x46, + 0x50, 0x72, 0x75, 0x4a, 0x14, 0x12, 0xdd, 0xf1, + 0xfb, 0x8f, 0xc8, 0x6b, 0x8c, 0xfd, 0x5d, 0xba, + 0x05, 0xc1, 0xfd, 0x47, 0xcd, 0x57, 0x08, 0x09, + 0xfd, 0xcc, 0xe4, 0xae, 0x33, 0x52, 0x12, 0xe5, + 0xd3, 0xd0, 0x95, 0x79, 0xfc, 0x7b, 0x5a, 0x11, + 0x21, 0xce, 0x85, 0x25, 0xa1, 0x1f, 0xa3, 0x1e, + 0x4a, 0xfb, 0xea, 0x07, 0x9b, 0x4b, 0xe8, 0x08, + 0x35, 0x0d, 0xd4, 0xdf, 0x53, 0x25, 0xe2, 0x14, + 0x40, 0x9b, 0x5f, 0x22, 0x67, 0x78, 0x8e, 0xc9, + 0x90, 0x4a, 0xa6, 0x55, 0x50, 0xbb, 0x19, 0x74, + 0xfe, 0x57, 0x45, 0xd9, 0x2c, 0xd1, 0x59, 0xea, + 0xb7, 0x2d, 0x55, 0x24, 0xee, 0x56, 0xad, 0xab, + 0xbd, 0xfa, 0x38, 0xd8, 0x96, 0x27, 0x49, 0x99, + 0x6c, 0x98, 0xe0, 0x07, 0x24, 0x82, 0x7a, 0xe3, + 0x1e, 0x38, 0x8c, 0xee, 0x40, 0xf9, 0xc3, 0x18, + 0x95, 0xd5, 0x24, 0x4a, 0x91, 0xb7, 0xee, 0xf8, + 0xd9, 0x83, 0x1b, 0xea, 0x76, 0x92, 0x62, 0xdc, + 0x43, 0xb0, 0xa8, 0x34, 0x8b, 0xbc, 0xc6, 0x02, + 0xa0, 0x62, 0xcc, 0xae, 0x3c, 0xc7, 0x97, 0x02, + 0x9a, 0x3b, 0xc6, 0x8e, 0x24, 0x3f, 0xb8, 0x98, + 0x5d, 0x2f, 0xf1, 0x01, 0x1a, 0x2e, 0x9f, 0x15, + 0x0b, 0x6c, 0x97, 0x5e, 0x38, 0xd8, 0x6c, 0xe0, + 0x28, 0x05, 0x0d, 0x5e, 0x42, 0x37, 0x17, 0xb6, + 0x5a, 0x09, 0xee, 0xe2, 0xf9, 0x80, 0xb9, 0x48, + 0xe0, 0x1a, 0x8d, 0xf8, 0x62, 0x82, 0x30, 0x43, + 0x4b, 0x7a, 0x4c, 0xd9, 0xca, 0xc9, 0x5a, 0x8f, + 0x17, 0xde, 0xeb, 0xd1, 0x86, 0xe9, 0x63, 0x72, + 0xdd, 0x9a, 0xd0, 0x54, 0xcf, 0x86, 0x2f, 0x1b, + 0xec, 0x8d, 0x13, 0x35, 0x43, 0xd4, 0xe8, 0x9a, + 0xb3, 0x5c, 0x74, 0x63, 0x4e, 0x0d, 0x07, 0xde, + 0x2f, 0x1f, 0x0a, 0xa3, 0xc8, 0xc1, 0x09, 0x3a, + 0x6b, 0xc7, 0xce, 0xd4, 0x56, 0xb0, 0xb2, 0xa6, + 0xc1, 0xa7, 0x85, 0x2f, 0x6a, 0x0f, 0xec, 0xa5, + 0x4b, 0xbf, 0x5f, 0xb1, 0x24, 0xbe, 0x8d, 0xd1, + 0x72, 0x2f, 0xcd, 0x64, 0x6e, 0xbf, 0xed, 0xc9, + 0x2a, 0x3a, 0x30, 0x76, 0x25, 0x24, 0x70, 0x1f, + 0xa6, 0x0f, 0x30, 0x76, 0xea, 0xd2, 0xda, 0xeb, + 0x42, 0x62, 0x1f, 0x22, 0xf9, 0x00, 0xa0, 0x6c, + 0xdb, 0xe9, 0x2d, 0x86, 0x3f, 0xb6, 0x18, 0x91, + 0xf1, 0xb0, 0xcc, 0x27, 0xa3, 0xd7, 0x3c, 0x1f, + 0x82, 0x58, 0x6b, 0xb8, 0x7a, 0xee, 0xb3, 0x17, + 0x74, 0xc5, 0xc7, 0xaf, 0x01, 0xf3, 0x75, 0x28, + 0x50, 0xf3, 0x4d, 0x12, 0x58, 0x90, 0x51, 0x69, + 0x9a, 0x2f, 0x50, 0x5b, 0xfa, 0x6d, 0xb2, 0xd4, + 0xe5, 0x14, 0xac, 0xa8, 0x48, 0x37, 0xef, 0xfc, + 0x71, 0xd4, 0x85, 0x82, 0x75, 0x2b, 0x23, 0xd8, + 0xfa, 0x99, 0xe3, 0x7f, 0x27, 0x15, 0x26, 0x96, + 0x07, 0xc2, 0x09, 0xc8, 0x4f, 0x11, 0xf1, 0xb3, + 0xcd, 0x14, 0xf7, 0x67, 0xe8, 0xc3, 0x58, 0x5f, + 0xec, 0xdc, 0xf1, 0x39, 0x9c, 0x3c, 0xe5, 0x5f, + 0xd2, 0xc4, 0xb4, 0xf9, 0x10, 0xfb, 0x9c, 0xda, + 0xb9, 0x77, 0xb5, 0x6b, 0x51, 0x2b, 0xea, 0x3c, + 0x93, 0x1e, 0x45, 0x19, 0x85, 0xb9, 0x50, 0x05, + 0xb4, 0x5d, 0xb0, 0xc9, 0xda, 0xcc, 0x87, 0xd1, + 0x35, 0x26, 0x25, 0x1f, 0x67, 0x1e, 0xf8, 0x36, + 0x56, 0x3b, 0xba, 0x62, 0xb7, 0x77, 0x07, 0x65, + 0x3c, 0x0c, 0xa5, 0x83, 0x85, 0x05, 0xbd, 0x3f, + 0x5d, 0x38, 0xb8, 0x63, 0xe1, 0xb4, 0xf6, 0x98, + 0xdb, 0x9e, 0x52, 0xc9, 0x5b, 0xcd, 0xf3, 0x85, + 0xd8, 0x5f, 0x7a, 0x6a, 0xe9, 0x37, 0x0c, 0x81, + 0x5d, 0x57, 0x32, 0xcc, 0xb7, 0x2e, 0x6e, 0xb9, + 0x79, 0xbd, 0x0c, 0x2d, 0xd2, 0x1c, 0x66, 0x4d, + 0xeb, 0xdb, 0x9a, 0x1a, 0x03, 0x17, 0x59, 0x77, + 0x45, 0x57, 0xc0, 0x6b, 0x42, 0x07, 0x77, 0xcc, + 0x2a, 0xde, 0x89, 0x49, 0x69, 0x4e, 0x8b, 0x71, + 0x62, 0xc9, 0xf2, 0x3d, 0x0c, 0x1c, 0xb7, 0xd7, + 0xbd, 0xe1, 0xb2, 0x43, 0xde, 0x33, 0x58, 0xe4, + 0x12, 0x63, 0xc7, 0xbe, 0x1b, 0xde, 0x8f, 0xbf, + 0x3f, 0xf3, 0xec, 0x23, 0x57, 0xe5, 0x1f, 0x0b, + 0x15, 0xf8, 0x4a, 0x62, 0x7e, 0x01, 0xc1, 0xa8, + 0x1d, 0x65, 0xcf, 0x7e, 0xb6, 0xfe, 0x40, 0x6b, + 0xbb, 0x3e, 0x89, 0xc3, 0x5f, 0x7e, 0xa9, 0x96, + 0x70, 0xab, 0x53, 0xcf, 0x7e, 0x90, 0x8e, 0x62, + 0xb7, 0xb5, 0xec, 0xe3, 0x1c, 0x1a, 0x42, 0xf9, + 0xad, 0xdd, 0x67, 0x71, 0x75, 0x29, 0xef, 0xac, + 0xeb, 0xef, 0xb2, 0x89, 0x89, 0xc1, 0x9d, 0x3c, + 0x31, 0x1a, 0xf4, 0x57, 0xbc, 0x40, 0xd1, 0xad, + 0xec, 0x93, 0xf6, 0xb6, 0xcb, 0xf9, 0x15, 0x7d, + 0x06, 0x1e, 0x1f, 0xbb, 0xeb, 0x3f, 0x46, 0x3c, + 0x16, 0x1d, 0x2a, 0x88, 0x5b, 0xfd, 0x59, 0x5b, + 0x9f, 0x7a, 0x5f, 0xa3, 0x8a, 0x1d, 0xc6, 0x6a, + 0xeb, 0xfb, 0xb6, 0xfa, 0xd9, 0x05, 0xb9, 0x3f, + 0x52, 0x39, 0x87, 0x67, 0x1e, 0x60, 0xe2, 0x7a, + 0x2d, 0x8a, 0xf0, 0x8f, 0xd9, 0xa7, 0x9a, 0x63, + 0xf6, 0x07, 0xf9, 0x3e, 0x15, 0xbc, 0x9b, 0xb8, + 0x65, 0x9b, 0xd9, 0x71, 0x3b, 0x70, 0x74, 0xd1, + 0x57, 0x6c, 0xcf, 0xe6, 0x77, 0x25, 0xd2, 0xd7, + 0xdc, 0x8f, 0xf4, 0x02, 0xc9, 0x3d, 0x12, 0xbe, + 0x9d, 0xb0, 0xb7, 0x01, 0x73, 0xa3, 0x46, 0xe8, + 0x4c, 0x19, 0xc4, 0x24, 0x64, 0x52, 0x4b, 0xed, + 0x60, 0x69, 0x60, 0xc1, 0x02, 0x4e, 0x15, 0x9e, + 0xa3, 0x95, 0x2c, 0x55, 0xa9, 0x7c, 0xdc, 0x8a, + 0xcc, 0x71, 0x83, 0x10, 0xb0, 0xd7, 0x24, 0x26, + 0xd6, 0x29, 0x8b, 0xd4, 0x0c, 0x88, 0x2b, 0xc9, + 0x84, 0xa7, 0x38, 0x33, 0xb5, 0x3a, 0xb0, 0xaa, + 0x9f, 0x81, 0x9a, 0x1c, 0xc6, 0xee, 0x8d, 0xb3, + 0xd8, 0x51, 0xdb, 0xbe, 0x53, 0xf5, 0xf2, 0xec, + 0xd1, 0x2f, 0xc6, 0x36, 0x47, 0x7d, 0x5f, 0x4d, + 0xff, 0x9d, 0x6b, 0x74, 0x0e, 0xe9, 0xca, 0xa5, + 0xf5, 0x1c, 0x48, 0x05, 0xa2, 0xab, 0xd0, 0x73, + 0x0e, 0xe8, 0xa3, 0x8e, 0x99, 0xdf, 0xc2, 0x89, + 0x52, 0xc9, 0x45, 0x56, 0xa5, 0x66, 0x05, 0x1f, + 0x70, 0x1c, 0x6e, 0x2c, 0xd5, 0x34, 0xb3, 0xd4, + 0x4f, 0xfe, 0x15, 0xfa, 0x00, 0x45, 0x25, 0xc7, + 0xc4, 0x05, 0xea, 0x08, 0xe7, 0x92, 0x8a, 0xbd, + 0x1c, 0x1c, 0x8c, 0xc0, 0xe4, 0x51, 0x34, 0xf9, + 0xbd, 0x6c, 0xaa, 0x02, 0xa6, 0xef, 0xff, 0xc3, + 0x14, 0x25, 0xa3, 0xe0, 0x9d, 0xe5, 0xbb, 0x61, + 0x6f, 0xb6, 0x18, 0xbe, 0xbd, 0x5c, 0x72, 0xd1, + 0x89, 0x93, 0xda, 0x4b, 0xab, 0x83, 0xf8, 0xd5, + 0x66, 0x67, 0x15, 0x7b, 0x1f, 0x1a, 0x34, 0x7c, + 0x4a, 0x85, 0x28, 0x1d, 0x93, 0xc5, 0xe3, 0xd9, + 0x31, 0x0b, 0xb7, 0x21, 0xdf, 0x99, 0x55, 0xed, + 0x2d, 0xdd, 0x7c, 0xab, 0xb2, 0x5e, 0xc8, 0x3f, + 0x50, 0x50, 0x59, 0x8f, 0x08, 0x79, 0xeb, 0x9f, + 0x07, 0x12, 0x03, 0x21, 0x6a, 0xf1, 0x06, 0x62, + 0x2f, 0x10, 0x02, 0x56, 0x57, 0xe6, 0x2b, 0xa9, + 0xb8, 0x44, 0xc8, 0xcb, 0xaa, 0x73, 0xf8, 0xd6, + 0xa3, 0x7c, 0x62, 0x64, 0x10, 0x50, 0x54, 0xd5, + 0x12, 0xca, 0x6d, 0x24, 0x2f, 0x0d, 0x0f, 0x46, + 0x98, 0x3e, 0x91, 0xc2, 0x31, 0xae, 0x97, 0x75, + 0x80, 0x0a, 0x35, 0xdf, 0xb4, 0xcd, 0x83, 0x9c, + 0xc6, 0x58, 0x7e, 0xe8, 0x9d, 0xe1, 0x4f, 0x7e, + 0x26, 0x92, 0x60, 0x52, 0x92, 0x7c, 0xdf, 0x20, + 0x2f, 0xb3, 0xa3, 0x9c, 0x1b, 0x94, 0x2a, 0xa9, + 0xd6, 0x7a, 0xb0, 0x04, 0x26, 0xa6, 0xd2, 0x3a, + 0xcb, 0xde, 0x0b, 0x12, 0x54, 0xaf, 0xd2, 0xe4, + 0x42, 0xab, 0x7a, 0xa1, 0x9e, 0x54, 0xe7, 0xb2, + 0xd6, 0xe9, 0x8b, 0x27, 0x1d, 0xe5, 0xe8, 0xf7, + 0xca, 0x6a, 0x44, 0x7c, 0x12, 0x75, 0x31, 0x3b, + 0x9e, 0x45, 0xbd, 0xbb, 0xac, 0x6f, 0xc5, 0x7a, + 0xa9, 0xce, 0x78, 0xb5, 0x85, 0x8e, 0xc7, 0x9c, + 0x3a, 0x85, 0x26, 0xde, 0x42, 0xfd, 0xa4, 0x7a, + 0x62, 0x1a, 0xcd, 0x26, 0xd9, 0x36, 0x1f, 0x23, + 0xf1, 0x03, 0xd2, 0x47, 0xe0, 0xfc, 0x7d, 0x10, + 0xc3, 0x00, 0x7b, 0x70, 0x8e, 0xf2, 0x14, 0x6a, + 0xf3, 0x08, 0x70, 0x9d, 0x8d, 0x2d, 0x8f, 0x8d, + 0xd0, 0x94, 0xcb, 0x30, 0xda, 0x11, 0xec, 0x74, + 0xb1, 0x5f, 0xa8, 0x02, 0xa4, 0xe3, 0x73, 0x5f, + 0x6e, 0xa0, 0x93, 0x42, 0xf3, 0xe8, 0x1e, 0xdb, + 0xff, 0x04, 0x48, 0x6d, 0x96, 0x18, 0x29, 0x5d, + 0xad, 0x02, 0xe8, 0x8d, 0x5d, 0xd7, 0xa8, 0x4d, + 0x2d, 0x9f, 0x1d, 0x55, 0x80, 0xec, 0xd2, 0x51, + 0x3a, 0x0d, 0xd6, 0x2b, 0xe5, 0xc3, 0x90, 0x1e, + 0x36, 0xce, 0x22, 0xf2, 0x88, 0xfb, 0x76, 0x55, + 0x17, 0xcd, 0x5b, 0xe0, 0x77, 0x92, 0x9e, 0x36, + 0x69, 0xa3, 0x79, 0xe6, 0xbe, 0xef, 0xf8, 0xf0, + 0x49, 0xad, 0xfa, 0x5b, 0x4e, 0x32, 0xe8, 0x0f, + 0x62, 0x83, 0x27, 0x06, 0x65, 0x5e, 0xf5, 0xa7, + 0x92, 0x02, 0x4f, 0xae, 0xa9, 0xd7, 0x69, 0x4d, + 0xbf, 0x94, 0xe4, 0xc2, 0x80, 0xae, 0xbb, 0x50, + 0x3e, 0xef, 0x07, 0xfc, 0xc5, 0x9e, 0x63, 0xa2, + 0x32, 0x09, 0x69, 0x31, 0x4a, 0x38, 0x3e, 0xe0, + 0xb9, 0x84, 0xf1, 0x1d, 0xc4, 0x78, 0xc3, 0x18, + 0x9a, 0x3e, 0x58, 0x47, 0x3f, 0x06, 0xa3, 0x7d, + 0x32, 0xfe, 0x88, 0xde, 0x4a, 0xad, 0xa8, 0x07, + 0x77, 0xc8, 0xf0, 0x4f, 0x89, 0x42, 0x02, 0x4d, + 0xee, 0xc2, 0x82, 0x64, 0x43, 0x86, 0x67, 0x7b, + 0xae, 0x8d, 0xca, 0x9d, 0x84, 0x87, 0x68, 0xfa, + 0x72, 0x6e, 0xe4, 0x07, 0x52, 0xa2, 0x0c, 0xde, + 0x5c, 0xe6, 0x25, 0x56, 0x83, 0x89, 0x31, 0xff, + 0xf9, 0xcf, 0x1d, 0x89, 0xe6, 0xa0, 0x9d, 0xa6, + 0xe1, 0xbb, 0xe9, 0xce, 0x1f, 0xa1, 0xc6, 0x45, + 0x55, 0xd8, 0x2a, 0x30, 0x5a, 0x39, 0x07, 0xff, + 0xb9, 0x6e, 0xc4, 0x9d, 0xfa, 0x88, 0x1c, 0xe0, + 0xf3, 0x95, 0x58, 0xa4, 0x75, 0x8d, 0xc8, 0x93, + 0x3a, 0x0a, 0xab, 0x59, 0x85, 0x7f, 0x69, 0xaf, + 0x74, 0xc5, 0x3c, 0x8b, 0x9b, 0x1e, 0x1a, 0xe7, + 0x36, 0xb2, 0x8e, 0xad, 0x6a, 0x71, 0x78, 0x3f, + 0x81, 0xff, 0x23, 0xb4, 0xff, 0xfe, 0x42, 0x2a, + 0x32, 0x1c, 0x93, 0xec, 0xeb, 0x38, 0x3e, 0xb7, + 0xd6, 0x2f, 0x35, 0x68, 0xa2, 0xfb, 0x59, 0xd8, + 0x93, 0x3f, 0x52, 0xfd, 0x92, 0xbd, 0xff, 0x4d, + 0x21, 0x9f, 0xd0, 0x93, 0x1e, 0x76, 0xad, 0x7f, + 0xb8, 0xa3, 0xde, 0x09, 0xe2, 0x90, 0x32, 0xf2, + 0x88, 0x9b, 0x53, 0xfc, 0x8f, 0x91, 0x9e, 0x11, + 0x64, 0x3b, 0x59, 0x8a, 0x36, 0x6e, 0xcb, 0x9e, + 0x4f, 0xc6, 0x8a, 0xd0, 0x3c, 0x22, 0xef, 0x0a, + 0x1e, 0xef, 0x98, 0x52, 0xae, 0xa8, 0xf0, 0xff, + 0xfb, 0x4e, 0x46, 0xc3, 0x72, 0x17, 0x3a, 0x43, + 0x02, 0xa3, 0xea, 0x2e, 0xdb, 0x51, 0x20, 0xe1, + 0x8a, 0x3f, 0xfe, 0x4d, 0xe3, 0x1b, 0x0c, 0x35, + 0x96, 0xaa, 0x0c, 0xa0, 0xda, 0x4e, 0xae, 0xe6, + 0x09, 0xb7, 0x2f, 0x6c, 0xb3, 0x66, 0xeb, 0x68, + 0xf4, 0x5e, 0x00, 0x0a, 0xe7, 0xfe, 0x7a, 0x88, + 0xe0, 0x4f, 0x47, 0x1a, 0xa9, 0xa6, 0x6d, 0xd1, + 0x8a, 0xa6, 0xc5, 0x0b, 0x44, 0xc4, 0x85, 0x5e, + 0xeb, 0xe5, 0x30, 0xd4, 0x0d, 0x79, 0x9b, 0x1a, + 0x2d, 0x88, 0x90, 0x1c, 0xfc, 0x91, 0xd1, 0x7f, + 0xf7, 0x48, 0xa8, 0x62, 0xd2, 0xa4, 0x62, 0xb5, + 0xa7, 0xee, 0x80, 0x35, 0x29, 0x24, 0xec, 0xb7, + 0x22, 0x32, 0xb6, 0xbc, 0xc4, 0x43, 0x3e, 0x72, + 0x1d, 0x20, 0xf1, 0xb8, 0x8d, 0x57, 0xd7, 0xe3, + 0x42, 0xb1, 0x18, 0xc7, 0xd1, 0xce, 0x5d, 0xa4, + 0x14, 0x3f, 0x3a, 0xb4, 0x8b, 0xc1, 0xb6, 0x02, + 0xb0, 0xcb, 0x9d, 0x45, 0x5f, 0xc3, 0x62, 0xe5, + 0xa1, 0x76, 0x8f, 0xff, 0xe3, 0x45, 0xcc, 0xf0, + 0x2f, 0xda, 0x37, 0x97, 0xb3, 0x58, 0xcb, 0x5b, + 0xf8, 0x1a, 0x69, 0xbf, 0xa7, 0xbd, 0xbc, 0x6f, + 0x05, 0xb5, 0x63, 0xe4, 0x0f, 0xc3, 0x0d, 0x0f, + 0xac, 0x31, 0xae, 0xac, 0x62, 0x08, 0xf6, 0x1d, + 0x63, 0x8c, 0x1e, 0xa4, 0x63, 0x08, 0x9f, 0xe6, + 0xd7, 0x5c, 0xfe, 0xdb, 0x42, 0x86, 0xf2, 0xb8, + 0xf1, 0x2b, 0x63, 0x1d, 0x53, 0xbb, 0xb2, 0xf3, + 0x9d, 0x5d, 0x12, 0xc5, 0xed, 0x3a, 0x45, 0x14, + 0x5c, 0x37, 0xba, 0x99, 0xb1, 0x68, 0x13, 0xb4, + 0x0a, 0x1f, 0x56, 0xc9, 0xc7, 0x22, 0x9f, 0x22, + 0x52, 0xa4, 0xd5, 0xd6, 0x90, 0x74, 0xc2, 0xff, + 0xa8, 0x18, 0x0d, 0xd7, 0xf5, 0xfc, 0x23, 0xb4, + 0x23, 0x42, 0x0b, 0x62, 0x42, 0x11, 0xe0, 0x6d, + 0xa3, 0x01, 0x74, 0x80, 0xcb, 0x90, 0xfc, 0xee, + 0x45, 0x8d, 0x20, 0x47, 0xd0, 0x8b, 0xb4, 0x98, + 0x6e, 0x1d, 0xdb, 0x04, 0x6a, 0x22, 0x10, 0xc9, + 0xcf, 0xb4, 0xa6, 0x28, 0xe1, 0xfb, 0x99, 0x69, + 0x8c, 0x47, 0x9b, 0xd3, 0xc1, 0x7a, 0xb6, 0xa4, + 0x9c, 0x3f, 0xe0, 0x94, 0xa0, 0x1f, 0x37, 0xbc, + 0x36, 0x6c, 0x3d, 0x2c, 0xd6, 0xde, 0x7c, 0x66, + 0xe6, 0x3f, 0x5e, 0x44, 0xc3, 0xaf, 0x20, 0xa0, + 0xf2, 0x9f, 0xd7, 0xe0, 0xeb, 0x3d, 0xe0, 0x0a, + 0x04, 0x85, 0xda, 0xea, 0x89, 0x03, 0x6c, 0x7a, + 0x17, 0x67, 0xa8, 0x6c, 0xaf, 0xa8, 0x67, 0x5d, + 0xb3, 0x65, 0xac, 0x63, 0x26, 0xd8, 0x36, 0x12, + 0x0d, 0x8b, 0xcb, 0xb9, 0x7e, 0xb3, 0x9a, 0x9f, + 0xe4, 0xa7, 0xad, 0xb7, 0xc3, 0x61, 0x62, 0xd4, + 0xed, 0x77, 0xdf, 0xf6, 0xe8, 0xae, 0x5f, 0xd1, + 0x1e, 0x41, 0xef, 0x85, 0x57, 0xb8, 0xdc, 0x78, + 0xa9, 0xa5, 0x5b, 0x96, 0x19, 0xaf, 0x9a, 0x77, + 0x5a, 0xd0, 0x8a, 0xdc, 0x08, 0x6f, 0x45, 0x47, + 0xd0, 0xf6, 0x81, 0x1f, 0xfd, 0x65, 0x0d, 0x59, + 0x6e, 0xc1, 0x56, 0xc4, 0x7c, 0x2a, 0x5e, 0xb2, + 0x5b, 0x41, 0x69, 0x51, 0x75, 0x07, 0x16, 0x3b, + 0x90, 0x56, 0xf2, 0xf2, 0x2b, 0x77, 0x53, 0xb7, + 0x6b, 0x62, 0xc5, 0x86, 0x52, 0x7b, 0xc2, 0x0a, + 0x62, 0x7f, 0x65, 0x69, 0xdb, 0x23, 0xc1, 0x9b, + 0xef, 0xd3, 0x8d, 0xf3, 0x35, 0x34, 0x28, 0xa6, + 0x38, 0x55, 0x4b, 0x0e, 0x6e, 0x0f, 0x8d, 0xd1, + 0x00, 0x2b, 0x04, 0x49, 0x06, 0xec, 0xc4, 0x9a, + 0x4b, 0xf3, 0xe2, 0xd8, 0x36, 0x83, 0x74, 0xd3, + 0x30, 0x73, 0xac, 0x3f, 0x2d, 0xee, 0xb0, 0x0e, + 0xda, 0x86, 0x2a, 0xdb, 0x5f, 0x57, 0xc4, 0xa2, + 0xa0, 0x02, 0x52, 0xb3, 0xed, 0x26, 0xdb, 0xea, + 0x8b, 0xeb, 0x2a, 0x31, 0x01, 0x2e, 0x68, 0xad, + 0x1c, 0x05, 0x3f, 0x7f, 0x5c, 0x7e, 0x2a, 0xa9, + 0x60, 0xa0, 0x68, 0x58, 0xe3, 0x51, 0x0f, 0x68, + 0xa1, 0xfb, 0x40, 0x40, 0xaa, 0x2b, 0x08, 0xd1, + 0xd7, 0x2c, 0xa3, 0xaa, 0xe9, 0x09, 0xfe, 0x1b, + 0xeb, 0x9d, 0x10, 0x02, 0x79, 0x42, 0x05, 0x00, + 0x99, 0x08, 0x56, 0x79, 0x89, 0x1a, 0xa9, 0x49, + 0x12, 0x9f, 0x2a, 0xc3, 0xef, 0xdc, 0xb5, 0x0e, + 0xc6, 0x6e, 0x68, 0x8f, 0x5b, 0xe7, 0xc0, 0x05, + 0xe7, 0x50, 0x24, 0x11, 0xd5, 0x9e, 0x29, 0xbd, + 0x5c, 0x5d, 0x77, 0x12, 0x32, 0x4c, 0x84, 0xba, + 0xa8, 0x40, 0x1d, 0x6b, 0x45, 0xfd, 0xec, 0xa3, + 0x6b, 0x07, 0xc6, 0x55, 0xee, 0xfb, 0x32, 0x71, + 0x26, 0x9b, 0xab, 0x84, 0x23, 0x02, 0x1f, 0x23, + 0x32, 0xfe, 0x1c, 0x10, 0xe1, 0xfe, 0x91, 0xdf, + 0x5b, 0xaa, 0xc2, 0x80, 0x62, 0x8d, 0x5e, 0xdb, + 0x6d, 0x1c, 0x6f, 0x05, 0x1c, 0x92, 0x40, 0xfb, + 0x04, 0x16, 0x8b, 0xa0, 0xd0, 0x9e, 0x06, 0x25, + 0x9c, 0x32, 0x9e, 0x17, 0xec, 0x41, 0x65, 0xb1, + 0xb3, 0x84, 0x5f, 0x54, 0x04, 0x65, 0xc3, 0xee, + 0x6d, 0xe5, 0x15, 0x8d, 0xea, 0x31, 0xe9, 0x39, + 0xb0, 0xf7, 0xde, 0xad, 0x94, 0x40, 0x4e, 0x39, + 0x3b, 0xe3, 0x61, 0xcb, 0x08, 0x80, 0x07, 0x8c, + 0x69, 0xc4, 0xa4, 0x03, 0xfb, 0x2b, 0x24, 0xb5, + 0x48, 0x88, 0x7d, 0x2b, 0x5f, 0x77, 0xfc, 0x7b, + 0x4c, 0xba, 0xd0, 0x2d, 0x16, 0xed, 0x6a, 0x8c, + 0x55, 0x99, 0x6d, 0x31, 0xde, 0x2f, 0x27, 0x1a, + 0x22, 0x8d, 0xc5, 0x2c, 0x3f, 0xf3, 0xd2, 0x58, + 0x74, 0xe1, 0x07, 0x5f, 0x26, 0xf1, 0xcd, 0x81, + 0x67, 0x88, 0xde, 0x8d, 0x33, 0xe8, 0xdd, 0x1f, + 0xc0, 0xa1, 0x23, 0x6f, 0x90, 0x6d, 0xec, 0x85, + 0xa9, 0x2f, 0x11, 0xca, 0xba, 0x9c, 0x85, 0x11, + 0x6c, 0x40, 0x88, 0xb4, 0x6e, 0xb7, 0x75, 0xc6, + 0xf5, 0x94, 0x42, 0xb5, 0x45, 0x4c, 0x7b, 0x86, + 0x07, 0xea, 0x01, 0xfc, 0xb4, 0xcd, 0xad, 0xa3, + 0x31, 0x9b, 0x38, 0xbf, 0xb1, 0x5a, 0x2b, 0x6e, + 0x4b, 0x7e, 0x52, 0x67, 0xff, 0x13, 0x23, 0x5a, + 0x72, 0x8d, 0x4b, 0x61, 0xa6, 0xde, 0xa6, 0x20, + 0x09, 0x9e, 0x06, 0xc0, 0xd0, 0x1e, 0xc5, 0x88, + 0xdb, 0xb4, 0xb6, 0x25, 0xd9, 0x11, 0x4c, 0x06, + 0xd5, 0x87, 0x50, 0xec, 0xdf, 0x3d, 0x4b, 0x9a, + 0x5c, 0xfa, 0x7b, 0x7f, 0xdc, 0x79, 0x33, 0x14, + 0x6d, 0x19, 0xbd, 0x22, 0x90, 0xf5, 0xf1, 0x06, + 0x15, 0xdb, 0x5a, 0x3e, 0x93, 0x22, 0xd3, 0x64, + 0xf5, 0xb1, 0x02, 0x89, 0x71, 0xe7, 0x63, 0xe9, + 0x30, 0x69, 0xa4, 0xc8, 0x5f, 0xcf, 0x78, 0xe5, + 0x2b, 0x54, 0x3d, 0x25, 0x27, 0xcb, 0x24, 0x00, + 0xb6, 0xb2, 0x7c, 0xec, 0xe0, 0x99, 0x11, 0x93, + 0x37, 0x85, 0xd2, 0xeb, 0x3d, 0xf8, 0xc8, 0xf0, + 0x84, 0x48, 0xfe, 0xfa, 0xff, 0x4d, 0x4b, 0xd3, + 0x92, 0x68, 0x88, 0x30, 0xcf, 0x07, 0x76, 0xd5, + 0x1e, 0x1a, 0x96, 0x37, 0xc7, 0xe3, 0x8e, 0xae, + 0x1d, 0xde, 0xae, 0xf8, 0x9c, 0xf1, 0x7e, 0x34, + 0xef, 0x74, 0x35, 0x15, 0xaa, 0xfd, 0x7f, 0x33, + 0x74, 0x68, 0x55, 0xec, 0x8d, 0x06, 0x8b, 0x0c, + 0x77, 0xc5, 0xc3, 0x02, 0xa6, 0x1b, 0x3b, 0x94, + 0xb0, 0xab, 0x4a, 0x9d, 0x8e, 0xe1, 0x42, 0x7a, + 0x91, 0xe5, 0x16, 0xf2, 0xdd, 0x95, 0xe3, 0x18, + 0xb8, 0x98, 0x5b, 0x21, 0x12, 0x59, 0x40, 0x5f, + 0xbb, 0xa9, 0x2f, 0x65, 0xb3, 0x1b, 0xfc, 0x7c, + 0x93, 0xcf, 0x26, 0xc7, 0x68, 0x14, 0x3c, 0xa8, + 0x63, 0xf9, 0x35, 0xd3, 0xc8, 0xec, 0x93, 0x61, + 0x15, 0x84, 0x72, 0xd9, 0xf4, 0x08, 0x70, 0x94, + 0x94, 0xe2, 0xb5, 0xf3, 0x4f, 0xc0, 0x95, 0x88, + 0x55, 0x1c, 0x4d, 0xe8, 0xa8, 0x42, 0x0d, 0xc0, + 0xc0, 0x96, 0x96, 0xee, 0x9a, 0xad, 0x01, 0x19, + 0x4c, 0x21, 0xa1, 0xcd, 0xbc, 0xba, 0xad, 0xf9, + 0xf4, 0xde, 0x8b, 0xb3, 0xe6, 0x6c, 0x7f, 0xad, + 0x2b, 0x95, 0x97, 0x3e, 0xc2, 0x2c, 0xf1, 0x56, + 0x2c, 0x79, 0x1c, 0x6c, 0x1d, 0xeb, 0xd2, 0xee, + 0xc0, 0x2e, 0xc5, 0x72, 0xed, 0xc9, 0x2f, 0x20, + 0xa9, 0x75, 0x81, 0x01, 0xff, 0xdc, 0xfa, 0x09, + 0x4c, 0x68, 0x60, 0x98, 0x51, 0x4c, 0x6f, 0xb2, + 0xc1, 0xe5, 0xda, 0x4d, 0x92, 0x4b, 0x50, 0x42, + 0x2c, 0x7a, 0x01, 0x1b, 0x4a, 0x8e, 0x29, 0x21, + 0xf5, 0x70, 0x74, 0x80, 0xdf, 0xfb, 0x68, 0xe7, + 0x69, 0x5b, 0xe9, 0xc9, 0xcb, 0x5c, 0x2f, 0xa1, + 0x9d, 0xcc, 0x31, 0xcd, 0xcf, 0x1a, 0x90, 0x4c, + 0x40, 0xd5, 0xbb, 0xa8, 0xa3, 0x81, 0xb8, 0x12, + 0xd9, 0xae, 0x0f, 0x10, 0x67, 0x92, 0x28, 0xb2, + 0xd8, 0x69, 0x2a, 0x91, 0xd3, 0x82, 0xd8, 0x75, + 0x63, 0x58, 0xd9, 0x7e, 0x78, 0x77, 0x7c, 0x4b + }; + /* Message (33 bytes) */ + static const byte msg_87[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_87[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signing randomness (32 bytes) */ + static const byte rnd_87[] = { + 0x62, 0x55, 0x56, 0x3b, 0xa9, 0x61, 0x77, 0x21, + 0x46, 0xca, 0x08, 0x67, 0x67, 0x8d, 0x56, 0x78, + 0x7c, 0xad, 0x77, 0xab, 0x4f, 0xc8, 0xfc, 0xfe, + 0x9e, 0x02, 0xdf, 0x83, 0x9c, 0x99, 0x42, 0x4d + }; + /* Expected signature with empty context (ctx=NULL, ctxLen=0), 4627 bytes */ + static const byte sig_87_ctx0[] = { + 0x73, 0x58, 0x39, 0x6f, 0xe7, 0xf7, 0xff, 0xa4, + 0xd7, 0xc6, 0x4b, 0x0b, 0x27, 0x26, 0x07, 0x68, + 0xa6, 0x37, 0x1e, 0xea, 0xdb, 0x1b, 0x43, 0xd2, + 0xa7, 0xd8, 0xe4, 0x02, 0x91, 0x80, 0x77, 0x27, + 0x64, 0xe9, 0xc2, 0xe1, 0x4c, 0xef, 0xc0, 0xb1, + 0x80, 0x03, 0xe9, 0x4a, 0x26, 0x5f, 0xfc, 0x62, + 0x4e, 0xd6, 0x23, 0xa3, 0x7d, 0x84, 0x58, 0xb4, + 0xbd, 0x8c, 0xfe, 0x67, 0x45, 0xcb, 0xa7, 0xf1, + 0x9e, 0x7f, 0xe6, 0x5b, 0x38, 0x8e, 0xe8, 0x7e, + 0x07, 0x07, 0xb8, 0x77, 0xb3, 0x1d, 0x63, 0x72, + 0x2e, 0x17, 0x60, 0xbe, 0x83, 0x01, 0x9c, 0xf4, + 0x61, 0x28, 0x6e, 0x87, 0xec, 0x5c, 0xa1, 0xb9, + 0xd4, 0xb0, 0x1a, 0xeb, 0xb1, 0xd0, 0xfa, 0xc1, + 0x88, 0x56, 0xa0, 0x11, 0xfe, 0x51, 0xc6, 0xe7, + 0x4c, 0x56, 0x10, 0xd6, 0x0d, 0xba, 0x2e, 0x45, + 0x25, 0xda, 0xca, 0xb2, 0x86, 0x5e, 0xec, 0x1b, + 0x43, 0xa1, 0x02, 0x18, 0x62, 0xdd, 0xbd, 0xfe, + 0xa2, 0xfd, 0x61, 0x45, 0xeb, 0x48, 0x87, 0x58, + 0x5e, 0x56, 0x89, 0xba, 0xea, 0xe8, 0x71, 0xf8, + 0xbb, 0xaa, 0x8b, 0x84, 0x0d, 0x53, 0xce, 0x87, + 0xfa, 0x59, 0x33, 0xbc, 0xec, 0x32, 0x61, 0x23, + 0xbf, 0x46, 0xa3, 0x36, 0xe2, 0xa2, 0xc5, 0xa7, + 0x61, 0x62, 0x29, 0x90, 0x05, 0x60, 0x40, 0xb2, + 0x07, 0x9f, 0xbc, 0x66, 0x50, 0xb9, 0xfd, 0xc2, + 0xb6, 0x2a, 0x4b, 0xcb, 0x6c, 0x22, 0xae, 0xa2, + 0x11, 0x5e, 0x79, 0x5c, 0x56, 0xd2, 0x4e, 0x77, + 0x13, 0xf5, 0x6e, 0xba, 0xc4, 0x1c, 0x88, 0xf8, + 0x1f, 0x9d, 0xb3, 0x7e, 0x17, 0xc6, 0x66, 0x49, + 0xe2, 0x9a, 0x98, 0x00, 0x0f, 0x42, 0xb1, 0x65, + 0x88, 0x1f, 0xb3, 0xa0, 0x63, 0xb0, 0x79, 0xd0, + 0x88, 0x19, 0x5f, 0xeb, 0x2b, 0x3e, 0x68, 0x5c, + 0x2a, 0x92, 0xe6, 0xd8, 0x8b, 0x51, 0x13, 0x7d, + 0xbd, 0x13, 0x5c, 0x0d, 0xad, 0x3c, 0xe5, 0x13, + 0x42, 0x09, 0x05, 0x6e, 0x51, 0x90, 0xb2, 0x5f, + 0xb9, 0x12, 0xeb, 0x5d, 0x42, 0xcb, 0x89, 0xc6, + 0x8a, 0x96, 0x64, 0x05, 0x0b, 0xcb, 0x6f, 0x51, + 0xff, 0x3e, 0xb2, 0xfd, 0x62, 0x96, 0x55, 0x4e, + 0xac, 0x66, 0xd7, 0x16, 0xa2, 0xac, 0xd8, 0x66, + 0xea, 0x04, 0x72, 0x6e, 0xf0, 0x1d, 0x30, 0xdb, + 0x45, 0xe3, 0x8f, 0x6b, 0x9d, 0x09, 0xc4, 0x8a, + 0xac, 0x66, 0xbd, 0x36, 0x7b, 0xe3, 0x46, 0xfb, + 0x66, 0xd0, 0xd0, 0xd8, 0x61, 0x02, 0x90, 0x17, + 0xe3, 0xa2, 0x70, 0x50, 0xac, 0xd3, 0xcc, 0xd8, + 0x4d, 0x2c, 0x90, 0x7c, 0x6e, 0x5f, 0x4d, 0x99, + 0x50, 0xe1, 0x7e, 0xcd, 0x17, 0x78, 0x40, 0xab, + 0xd2, 0xb5, 0x17, 0x1d, 0x0b, 0xa3, 0xb6, 0x5a, + 0xc4, 0x2c, 0xc7, 0x53, 0xcd, 0x3e, 0xa0, 0x98, + 0x5a, 0x06, 0x88, 0x50, 0x17, 0xd7, 0x2a, 0xa3, + 0xf6, 0x3a, 0x75, 0x3a, 0x68, 0x7e, 0x71, 0xdb, + 0x66, 0x29, 0x94, 0x2e, 0x30, 0x0a, 0x6a, 0x9e, + 0xf6, 0x81, 0x42, 0x7c, 0xb6, 0x8e, 0xe6, 0x8a, + 0xf4, 0xd1, 0xb9, 0xa1, 0x2e, 0x73, 0x46, 0x0f, + 0x94, 0x2e, 0x48, 0x0a, 0x16, 0xd0, 0x37, 0xdc, + 0x65, 0xb9, 0xc4, 0xdc, 0xfd, 0xc9, 0xdf, 0x7c, + 0x91, 0x67, 0x68, 0x8e, 0xd2, 0xf4, 0x6f, 0x13, + 0x65, 0xa7, 0xbe, 0x46, 0x51, 0xf4, 0x01, 0xe1, + 0x6a, 0x4c, 0xc3, 0x85, 0xea, 0x4f, 0x80, 0x54, + 0xd0, 0xf1, 0xc7, 0xaa, 0xcb, 0x42, 0x40, 0x7f, + 0xb2, 0x05, 0x14, 0xc9, 0x93, 0x52, 0x3f, 0x22, + 0x2d, 0xd7, 0x3a, 0x3c, 0x0c, 0xf9, 0x28, 0x63, + 0x84, 0x98, 0x16, 0x51, 0x9b, 0x48, 0x1a, 0x44, + 0x1c, 0x60, 0xdc, 0x14, 0x4d, 0x58, 0x23, 0x58, + 0x3a, 0xd0, 0x2b, 0x9d, 0x2f, 0x52, 0xc4, 0xad, + 0x52, 0xd5, 0x89, 0x88, 0xab, 0xee, 0x12, 0x25, + 0x1e, 0x86, 0x9b, 0xb0, 0xf8, 0x77, 0xd2, 0xf1, + 0x4f, 0x25, 0xf9, 0x2d, 0x28, 0xb4, 0x14, 0x8c, + 0x58, 0xda, 0x0d, 0xa4, 0x5d, 0x51, 0x05, 0xf6, + 0xf7, 0xc3, 0xb6, 0x37, 0x46, 0x4a, 0x0c, 0x9a, + 0xcb, 0x67, 0x17, 0xce, 0xcc, 0x62, 0xf8, 0xc3, + 0x32, 0x7f, 0x63, 0x53, 0x8d, 0x45, 0xdc, 0x80, + 0x45, 0x68, 0x7f, 0x58, 0xb0, 0x45, 0xdd, 0xe3, + 0xdd, 0x5d, 0x54, 0xe6, 0x16, 0xbb, 0x38, 0xf1, + 0xca, 0x7c, 0x5e, 0xa8, 0xe8, 0x58, 0xa8, 0x34, + 0x5d, 0xc8, 0x38, 0x84, 0xf2, 0xb9, 0x2a, 0x35, + 0xb8, 0xde, 0x25, 0x16, 0x30, 0x18, 0x53, 0xd0, + 0x82, 0x51, 0x6d, 0x83, 0x14, 0x0a, 0xf9, 0x69, + 0x4e, 0xb3, 0xcc, 0xcf, 0x06, 0x3d, 0xdf, 0x2b, + 0xa4, 0x05, 0x56, 0xb7, 0x39, 0x76, 0x9c, 0x16, + 0x3e, 0x6f, 0x19, 0x93, 0xbf, 0x3a, 0x52, 0x1d, + 0xd8, 0x4f, 0xe0, 0x89, 0xfd, 0x8a, 0xd0, 0x22, + 0x66, 0x3e, 0x53, 0xb0, 0xc1, 0xc5, 0xb8, 0x3e, + 0xc8, 0x6e, 0xad, 0xd5, 0x3f, 0x31, 0x8e, 0x34, + 0xab, 0x54, 0x0e, 0x0d, 0x2b, 0xc0, 0x96, 0xed, + 0x5d, 0x42, 0xa0, 0x6a, 0x35, 0x16, 0x1f, 0xca, + 0x1e, 0x4d, 0x29, 0x35, 0x23, 0x5a, 0x33, 0x8a, + 0x91, 0x90, 0x1d, 0xbb, 0xd0, 0xc8, 0x46, 0x22, + 0x8f, 0xfd, 0x83, 0x4d, 0x60, 0x82, 0x7f, 0xa1, + 0x03, 0x79, 0x1c, 0xfc, 0x1d, 0x3f, 0x64, 0x57, + 0x7a, 0x59, 0x67, 0x49, 0xd0, 0x09, 0x7c, 0x29, + 0xb4, 0x09, 0x4f, 0xe4, 0x3c, 0x84, 0x4f, 0xbb, + 0x3a, 0x1e, 0x17, 0x4e, 0x10, 0xb8, 0x62, 0x81, + 0x1e, 0x08, 0x1d, 0x27, 0x91, 0x52, 0x64, 0xed, + 0x1b, 0xc9, 0xe1, 0x36, 0xad, 0x71, 0xe9, 0xe5, + 0x21, 0xcf, 0xef, 0x8a, 0x26, 0x82, 0xb7, 0xda, + 0x57, 0x6d, 0x73, 0x82, 0xfb, 0xc8, 0x28, 0xec, + 0x1d, 0x48, 0xbc, 0xba, 0x76, 0xf9, 0x43, 0x31, + 0xe8, 0x7c, 0x58, 0x20, 0x19, 0x73, 0x75, 0xf0, + 0x47, 0x0d, 0x2d, 0xcc, 0x20, 0x05, 0x56, 0xb2, + 0x3c, 0xfd, 0xee, 0xd7, 0x82, 0xc1, 0xf1, 0x0a, + 0x33, 0x52, 0x46, 0xe1, 0xfc, 0x28, 0xba, 0x0f, + 0x2c, 0x52, 0xd4, 0xda, 0xeb, 0x52, 0xf0, 0x07, + 0xd9, 0xa4, 0x17, 0x04, 0xba, 0x00, 0x34, 0x26, + 0x82, 0xa9, 0x73, 0x68, 0x46, 0x35, 0x31, 0x11, + 0x73, 0xcf, 0xf9, 0xea, 0xf8, 0x7b, 0xc7, 0x5e, + 0x38, 0x38, 0xdb, 0x36, 0x87, 0x9b, 0xaf, 0x82, + 0xca, 0x36, 0xba, 0x5f, 0x53, 0x9d, 0xf1, 0xff, + 0xb3, 0x0e, 0x59, 0xe0, 0x01, 0x1e, 0xd4, 0x6a, + 0xe1, 0xaa, 0x44, 0xe7, 0x7e, 0xef, 0xbe, 0x5e, + 0x8b, 0x9d, 0x72, 0xa4, 0xcb, 0xd4, 0xe5, 0x01, + 0x60, 0xc3, 0x25, 0x03, 0x62, 0x55, 0xc9, 0x47, + 0xfb, 0xaf, 0x6e, 0xb3, 0x6d, 0x3d, 0x64, 0xb6, + 0x1f, 0x35, 0x08, 0xdb, 0xec, 0x26, 0xbb, 0xe1, + 0x2d, 0x85, 0xc5, 0x04, 0x8e, 0x5b, 0x34, 0x49, + 0x4e, 0x3e, 0xd4, 0x8c, 0xdf, 0x5b, 0x85, 0x94, + 0xf8, 0xa3, 0x57, 0x3c, 0x11, 0x38, 0xe9, 0x4b, + 0x39, 0x48, 0x98, 0xc6, 0xa9, 0xa1, 0x78, 0x6f, + 0x55, 0x72, 0x6c, 0xfe, 0xa6, 0x52, 0xd6, 0x7a, + 0x87, 0xb5, 0x6a, 0x27, 0xbc, 0x3f, 0xb5, 0xe6, + 0xe0, 0x76, 0xe7, 0x75, 0x07, 0x4a, 0x92, 0xc1, + 0x7a, 0xc4, 0x45, 0xd0, 0x7e, 0xcc, 0x71, 0xbe, + 0x11, 0xea, 0xc3, 0x35, 0x83, 0x61, 0x98, 0x83, + 0xae, 0x28, 0xc0, 0x5f, 0x90, 0x2f, 0x4b, 0xda, + 0x15, 0x80, 0x15, 0x28, 0x5a, 0x2c, 0xe8, 0xa4, + 0x62, 0x87, 0x9b, 0xa2, 0x2c, 0xde, 0x19, 0x5e, + 0x33, 0x56, 0x84, 0x63, 0x25, 0xbc, 0x11, 0x3e, + 0xfd, 0xb5, 0xd6, 0x44, 0x82, 0x3a, 0xf7, 0x27, + 0x95, 0xb2, 0x21, 0xa6, 0x1c, 0x10, 0xac, 0x67, + 0x76, 0x1b, 0x10, 0x74, 0x86, 0x71, 0xde, 0x13, + 0x43, 0x84, 0x4c, 0x16, 0xf4, 0x01, 0x96, 0xff, + 0x6a, 0xfe, 0x00, 0x71, 0x37, 0xd0, 0x91, 0x3a, + 0xa7, 0xc1, 0x39, 0x2f, 0xb1, 0x44, 0x1b, 0x9c, + 0x44, 0xe3, 0xd4, 0x28, 0x60, 0x66, 0xa6, 0xb8, + 0x21, 0xe4, 0x87, 0xdf, 0x5a, 0xcc, 0xa4, 0x8f, + 0x67, 0x8c, 0x1d, 0xee, 0x22, 0x2a, 0xdd, 0xae, + 0x5e, 0x7e, 0x42, 0xe9, 0x1f, 0x70, 0x43, 0x52, + 0x1e, 0x7c, 0x48, 0x39, 0x30, 0xf6, 0xf4, 0x97, + 0xfc, 0x3d, 0x41, 0x9d, 0x6d, 0xc2, 0xfd, 0xef, + 0x23, 0x12, 0x60, 0x81, 0xa0, 0xb0, 0x75, 0xc6, + 0xd9, 0xd5, 0x2a, 0x53, 0x39, 0x29, 0x27, 0xeb, + 0x04, 0xd3, 0xb1, 0x34, 0xb0, 0x04, 0x3c, 0x80, + 0xc9, 0x61, 0xad, 0xb4, 0x5b, 0xc6, 0x29, 0x16, + 0x28, 0x6c, 0x79, 0xd1, 0x12, 0x14, 0xd0, 0x1e, + 0x80, 0x4e, 0x6c, 0x48, 0x47, 0x0c, 0x60, 0xe2, + 0xbb, 0x1e, 0xe1, 0x65, 0xd3, 0xd0, 0x2c, 0xe9, + 0xde, 0x7b, 0x17, 0x8d, 0x46, 0x3e, 0xde, 0x17, + 0xa9, 0x6d, 0x97, 0xf4, 0xbb, 0xd2, 0xdc, 0xa2, + 0xac, 0xe4, 0xb5, 0x67, 0xe8, 0xbf, 0x8c, 0x5d, + 0xd5, 0xb1, 0x56, 0x2c, 0xab, 0xc5, 0x05, 0xd5, + 0x77, 0x23, 0xe6, 0x19, 0x5b, 0xce, 0xda, 0x4a, + 0xc8, 0x0a, 0xe1, 0x7c, 0xa0, 0xd4, 0xd5, 0xc4, + 0xcc, 0xa1, 0xa3, 0xb5, 0xab, 0xef, 0x52, 0x10, + 0xc3, 0x4f, 0xa1, 0x8f, 0x9a, 0xfe, 0xed, 0x8c, + 0xf3, 0x23, 0xb8, 0x4c, 0xb6, 0xd8, 0x61, 0xaa, + 0x1f, 0x0e, 0x32, 0x0a, 0x48, 0x90, 0x26, 0xdf, + 0x85, 0x0d, 0xdd, 0xe9, 0xfa, 0x0f, 0x67, 0x01, + 0x13, 0x24, 0xa2, 0x06, 0x62, 0x60, 0x2a, 0xde, + 0x20, 0x78, 0x74, 0x29, 0xe9, 0x64, 0x51, 0x87, + 0x16, 0xe9, 0xe9, 0xeb, 0xf4, 0xec, 0x08, 0x81, + 0xf2, 0x1c, 0x72, 0x79, 0xe6, 0xd3, 0x0c, 0x56, + 0xf0, 0x75, 0x36, 0x2e, 0xa4, 0x2b, 0xfc, 0xb9, + 0x84, 0x42, 0x14, 0x71, 0xb3, 0x45, 0xec, 0xe2, + 0x5d, 0xc9, 0x7a, 0x39, 0xf9, 0xfa, 0x1e, 0xf4, + 0xe2, 0x2f, 0xc6, 0xb1, 0xfb, 0x68, 0xd3, 0xda, + 0xc6, 0x2e, 0x79, 0x61, 0x77, 0xa1, 0x2e, 0x47, + 0xc3, 0x34, 0x72, 0x2d, 0xbb, 0xa8, 0x7a, 0x80, + 0xeb, 0x29, 0xa2, 0x0a, 0x19, 0xe5, 0x52, 0x5e, + 0x9b, 0xd7, 0xbd, 0x56, 0x8e, 0xa3, 0x7a, 0xdd, + 0xea, 0x29, 0xe2, 0xb1, 0xdc, 0x6e, 0x2b, 0x9a, + 0x25, 0x4c, 0xc4, 0x4f, 0xfc, 0xa5, 0x4c, 0x36, + 0xda, 0x58, 0x94, 0x4e, 0xc1, 0x57, 0x43, 0x53, + 0x7e, 0xdf, 0x99, 0x5b, 0x78, 0x49, 0xc5, 0x06, + 0xc2, 0x1f, 0x4e, 0x34, 0xe5, 0x1b, 0xe3, 0x7c, + 0xfe, 0x65, 0x25, 0x93, 0xf4, 0x6b, 0x3f, 0x0e, + 0xe8, 0x24, 0x3d, 0x38, 0x14, 0xdc, 0x90, 0x37, + 0xd3, 0x6d, 0x1c, 0x0f, 0x17, 0x87, 0x56, 0x18, + 0x07, 0x72, 0xd1, 0xbf, 0xf1, 0x2b, 0x96, 0xf4, + 0x6b, 0x01, 0xf5, 0x11, 0xbe, 0xe8, 0xf2, 0xbd, + 0xed, 0x54, 0x94, 0x20, 0x15, 0xed, 0x1b, 0xd1, + 0x64, 0x9d, 0xc1, 0xfd, 0x9c, 0xdb, 0x02, 0x21, + 0x47, 0x43, 0x24, 0xc9, 0x98, 0xd7, 0xe6, 0x5a, + 0x9f, 0x97, 0x99, 0x60, 0x9d, 0x32, 0x80, 0xfd, + 0xa5, 0x12, 0x82, 0x68, 0xa3, 0x43, 0xbd, 0xbf, + 0x7c, 0x72, 0xbc, 0xdd, 0xc3, 0x8a, 0x7e, 0xba, + 0x28, 0x0c, 0x17, 0x56, 0x19, 0xd9, 0xd4, 0xdf, + 0xcf, 0x82, 0x4e, 0xc6, 0x9b, 0xad, 0xc2, 0xf9, + 0x95, 0xfb, 0x91, 0xe2, 0xdf, 0xd3, 0x01, 0x2c, + 0x4c, 0x6a, 0xc9, 0xd7, 0x29, 0x72, 0x8b, 0x1c, + 0xbe, 0x97, 0x71, 0x98, 0x64, 0x39, 0x24, 0xd7, + 0x6c, 0xb8, 0x4b, 0xb1, 0xf0, 0x48, 0x51, 0xdc, + 0xcb, 0x63, 0x80, 0x39, 0x9f, 0x6e, 0xcd, 0xcb, + 0xeb, 0x7f, 0x44, 0x13, 0x86, 0x8e, 0x59, 0xc3, + 0xfe, 0xdc, 0xd1, 0x81, 0xf2, 0xa4, 0x5b, 0x63, + 0x57, 0x65, 0x8e, 0xeb, 0x70, 0xfc, 0x53, 0xe2, + 0xf5, 0xf8, 0x50, 0xc2, 0x79, 0x17, 0xe3, 0x99, + 0x8d, 0xe6, 0xd9, 0x13, 0x67, 0xa9, 0x3a, 0x63, + 0x8c, 0x45, 0x4f, 0x85, 0x44, 0x2d, 0x4f, 0x30, + 0x39, 0xa2, 0xec, 0x72, 0x9b, 0x61, 0xb6, 0x2a, + 0x1f, 0x35, 0x93, 0x0c, 0xab, 0xad, 0x34, 0x54, + 0xae, 0xcb, 0x5a, 0xc7, 0xf0, 0xd9, 0xdc, 0xd8, + 0xf8, 0x3c, 0x6f, 0xf7, 0x64, 0x8c, 0xdc, 0xa9, + 0x75, 0x96, 0x32, 0x56, 0x86, 0x91, 0x70, 0x45, + 0x0b, 0xb1, 0x5b, 0x16, 0x44, 0x35, 0xee, 0x7c, + 0x20, 0xa0, 0xee, 0xf0, 0xbc, 0x0d, 0xa4, 0xa0, + 0x6f, 0x00, 0xdb, 0xbf, 0x89, 0xa1, 0x78, 0x6b, + 0xbf, 0x2e, 0x6b, 0xd5, 0x74, 0x1b, 0x09, 0x37, + 0xa1, 0x1e, 0x29, 0x9f, 0x91, 0xed, 0x29, 0x55, + 0xfb, 0x1d, 0x99, 0x99, 0x11, 0x56, 0xec, 0xb4, + 0x45, 0x20, 0x40, 0x72, 0x2f, 0x2f, 0x10, 0xb1, + 0xde, 0x23, 0x08, 0x21, 0xb6, 0xbb, 0x76, 0x80, + 0xb3, 0xdf, 0x4b, 0xd5, 0x08, 0xe9, 0x3c, 0xae, + 0x1d, 0x71, 0xc2, 0x7c, 0x04, 0x44, 0x0d, 0x38, + 0xcd, 0x85, 0xad, 0xde, 0xb3, 0xbb, 0x70, 0x18, + 0xa7, 0xe1, 0x9a, 0x8f, 0x02, 0xa5, 0x7e, 0x51, + 0xb3, 0x49, 0x32, 0xc3, 0x58, 0x7b, 0xac, 0x1a, + 0xf5, 0xa1, 0x60, 0x8b, 0xba, 0xe8, 0xc0, 0x50, + 0xd3, 0x38, 0x6e, 0xde, 0x25, 0x8c, 0x08, 0x78, + 0xab, 0x0d, 0xd3, 0x86, 0xb3, 0xfd, 0x02, 0x21, + 0xc1, 0x7a, 0x78, 0xc7, 0x6a, 0x8f, 0xec, 0x55, + 0xfd, 0x96, 0x48, 0x8c, 0xba, 0x09, 0xf9, 0x32, + 0x50, 0x7a, 0x50, 0x97, 0x3d, 0x0e, 0x2e, 0xd4, + 0xdc, 0x5d, 0x55, 0x92, 0x9f, 0x94, 0x73, 0x4a, + 0xa9, 0x24, 0x05, 0x3c, 0xd2, 0xd2, 0x06, 0x19, + 0x83, 0x83, 0x84, 0x3c, 0xaa, 0x77, 0x48, 0x8a, + 0xf6, 0xbf, 0xa2, 0x00, 0xff, 0x13, 0x42, 0x92, + 0xee, 0x77, 0xde, 0xa3, 0x9a, 0xe6, 0x45, 0xad, + 0xf0, 0x73, 0x2b, 0x09, 0xeb, 0x7d, 0xe0, 0x9c, + 0xad, 0xd0, 0x21, 0x3d, 0x93, 0x13, 0x7c, 0xc8, + 0x62, 0xfc, 0x7b, 0xb5, 0xac, 0x5b, 0x3a, 0x6c, + 0xbd, 0xd3, 0xed, 0x37, 0xa0, 0xd7, 0xbf, 0xf5, + 0xf8, 0x18, 0x63, 0xb4, 0x9d, 0x3c, 0x67, 0x83, + 0x9a, 0x9c, 0xf2, 0xa8, 0x93, 0xa7, 0x3f, 0x95, + 0xc3, 0x92, 0x67, 0x42, 0x2c, 0xe9, 0x1c, 0x1a, + 0xc7, 0xff, 0x00, 0x2c, 0x09, 0x81, 0x70, 0x31, + 0x0c, 0x6c, 0xb0, 0xb6, 0xbd, 0x4a, 0xcd, 0x16, + 0x80, 0xdc, 0xe2, 0x24, 0x3c, 0xc4, 0x53, 0x65, + 0x1f, 0x13, 0x86, 0x6f, 0x1a, 0x95, 0x16, 0xac, + 0xd4, 0xbf, 0x93, 0xba, 0xa0, 0x7a, 0x98, 0xdf, + 0x75, 0xc2, 0x8e, 0x8c, 0x73, 0x28, 0xc9, 0xda, + 0x46, 0x09, 0x96, 0x57, 0x5b, 0xe8, 0xdb, 0xd1, + 0x68, 0x52, 0xe4, 0x00, 0xaf, 0x17, 0xe6, 0x3c, + 0x4c, 0x55, 0x34, 0x96, 0x45, 0xf6, 0xa3, 0x54, + 0x0c, 0x20, 0xc7, 0x44, 0xad, 0xf6, 0xde, 0xee, + 0x02, 0xf0, 0x84, 0x4b, 0x02, 0xea, 0x8f, 0x65, + 0x65, 0xfd, 0x8a, 0xc1, 0xeb, 0x58, 0x13, 0xb1, + 0xf1, 0xb2, 0x86, 0x70, 0x2e, 0xb4, 0xca, 0x98, + 0x16, 0x27, 0xab, 0x0f, 0x8f, 0x4f, 0xe8, 0x04, + 0x0c, 0xf2, 0xc1, 0x57, 0x72, 0xee, 0x9f, 0x46, + 0xd7, 0xe1, 0x2a, 0x04, 0xb8, 0x42, 0x22, 0x38, + 0x86, 0x63, 0x27, 0x08, 0x9e, 0x4e, 0x25, 0xae, + 0xf8, 0x29, 0xbb, 0x1e, 0x25, 0xe8, 0x66, 0xa0, + 0x5a, 0xed, 0xa6, 0x57, 0xa9, 0xe3, 0x38, 0x25, + 0x96, 0x77, 0x01, 0x23, 0x42, 0x3a, 0xdf, 0xf0, + 0x4d, 0x00, 0x13, 0xe5, 0xb1, 0x83, 0x5c, 0x53, + 0xad, 0xbc, 0x9d, 0x67, 0x7d, 0x81, 0x3e, 0x63, + 0x70, 0x45, 0xff, 0xa2, 0x4e, 0xe6, 0x35, 0x66, + 0xff, 0x87, 0xdf, 0xb4, 0x73, 0xdf, 0xc6, 0x9b, + 0xa1, 0x33, 0x19, 0xd5, 0x3b, 0x0e, 0x06, 0x78, + 0xc7, 0xb7, 0x97, 0x1d, 0x5b, 0x72, 0xc3, 0xcd, + 0xa8, 0x21, 0xdd, 0xe0, 0xce, 0x83, 0x0c, 0xcf, + 0x8f, 0xce, 0x38, 0x8b, 0xf2, 0xa7, 0xc5, 0xc2, + 0x30, 0x4c, 0x9b, 0x9a, 0xb0, 0x49, 0x53, 0x63, + 0xf6, 0x88, 0x1e, 0x15, 0xa1, 0xd2, 0x49, 0xc4, + 0x93, 0x2a, 0x6d, 0xa8, 0x0b, 0x4e, 0x21, 0xed, + 0x00, 0xcf, 0x99, 0x41, 0xec, 0x05, 0x9b, 0x82, + 0xf8, 0x91, 0xdf, 0x0e, 0x3a, 0xfb, 0x57, 0xd9, + 0xd4, 0x67, 0x96, 0x9e, 0x23, 0xbc, 0xf7, 0x51, + 0x8c, 0x47, 0xb4, 0x8b, 0xc3, 0xb4, 0xaa, 0x16, + 0x84, 0x54, 0x8e, 0x8a, 0x8e, 0x41, 0xe1, 0x6d, + 0x24, 0x72, 0x03, 0xc5, 0xf7, 0xa8, 0xa6, 0x9a, + 0x9b, 0xaa, 0x64, 0xe6, 0xc8, 0xad, 0x91, 0xad, + 0xb0, 0x79, 0x62, 0xfd, 0xda, 0xe6, 0xf6, 0x5e, + 0x98, 0xee, 0xe5, 0x5a, 0x51, 0xb0, 0xc4, 0x36, + 0xcf, 0xcb, 0x77, 0xeb, 0x71, 0x9a, 0xde, 0x3e, + 0xd0, 0x38, 0xe1, 0x86, 0x41, 0x3c, 0x55, 0x54, + 0x94, 0xba, 0x57, 0x5a, 0xc1, 0x5b, 0x5a, 0xaa, + 0x46, 0xab, 0xf9, 0x70, 0x20, 0x0d, 0xf9, 0xf8, + 0x62, 0xa8, 0x55, 0x60, 0x27, 0x89, 0xf6, 0x41, + 0x23, 0x51, 0x0b, 0x28, 0xce, 0xaf, 0x26, 0xec, + 0x8b, 0x3c, 0xa4, 0xb4, 0x15, 0x50, 0x39, 0x9c, + 0x34, 0xff, 0x50, 0x98, 0xbd, 0xaa, 0xb7, 0xef, + 0xa8, 0xc7, 0x26, 0x14, 0xcf, 0xb9, 0xbf, 0x30, + 0xd2, 0xca, 0x48, 0x4e, 0xde, 0xff, 0x48, 0x60, + 0x30, 0x54, 0x7a, 0x3e, 0x66, 0x0b, 0x81, 0xe3, + 0x5b, 0x7e, 0x0a, 0x68, 0x32, 0x3c, 0xe5, 0x44, + 0x02, 0x27, 0x98, 0x3f, 0x55, 0xd0, 0x9c, 0xa4, + 0xbe, 0x3f, 0xf3, 0x16, 0x5f, 0xa8, 0x78, 0xd2, + 0x51, 0x37, 0x28, 0x4d, 0x5e, 0x6f, 0xd1, 0x2e, + 0xc6, 0x17, 0xe1, 0x55, 0xcf, 0xf2, 0x5b, 0x66, + 0xb9, 0xee, 0x35, 0xf1, 0x99, 0xad, 0xda, 0xa5, + 0xcc, 0x4c, 0x61, 0x40, 0x9a, 0x44, 0x28, 0x13, + 0x1a, 0x03, 0xd6, 0xd4, 0x4c, 0xb3, 0xbe, 0xc7, + 0x7c, 0x12, 0x69, 0xa3, 0x78, 0x09, 0x10, 0xac, + 0xd6, 0x45, 0x5a, 0xa0, 0x35, 0x08, 0xbc, 0xad, + 0x7f, 0xc1, 0x96, 0xd3, 0x1d, 0x66, 0x46, 0x01, + 0x08, 0x91, 0x6b, 0x7c, 0x3b, 0x5c, 0xae, 0x70, + 0xac, 0x51, 0x6c, 0x3e, 0xc6, 0x24, 0x00, 0xf8, + 0x13, 0x1d, 0x82, 0x89, 0x2f, 0x72, 0x5f, 0xaa, + 0x99, 0x3c, 0x63, 0xfd, 0xc4, 0xeb, 0x80, 0x28, + 0xb3, 0xc1, 0x75, 0xe0, 0xd6, 0x4d, 0x20, 0x0b, + 0xc4, 0xc3, 0x0c, 0x9b, 0x50, 0x61, 0x35, 0x8b, + 0xeb, 0x19, 0x35, 0xa6, 0xcf, 0xa2, 0x1d, 0x57, + 0x03, 0xa9, 0x3f, 0xe8, 0x31, 0x10, 0xe6, 0x87, + 0x6a, 0xd6, 0x70, 0x05, 0xd4, 0x56, 0x97, 0x62, + 0xfc, 0x71, 0xba, 0xb3, 0x0e, 0x4b, 0xc6, 0xe5, + 0x10, 0xfe, 0xf2, 0x57, 0x45, 0x39, 0x9d, 0x58, + 0xde, 0x49, 0xa9, 0xc7, 0x65, 0xe5, 0xde, 0x72, + 0x03, 0xce, 0x1f, 0xfa, 0x0c, 0x37, 0xa4, 0x21, + 0x06, 0x71, 0x87, 0xdd, 0x14, 0x3f, 0x72, 0x37, + 0xb4, 0xd8, 0x15, 0xce, 0xcc, 0x3d, 0x2b, 0x10, + 0xe3, 0x8b, 0xf8, 0x55, 0x08, 0xf3, 0x2b, 0xf7, + 0x1e, 0x28, 0xbe, 0xb3, 0xd8, 0xab, 0xf6, 0xc6, + 0x11, 0x04, 0xd4, 0x92, 0xec, 0xe6, 0x1a, 0xe8, + 0xe9, 0xb0, 0xd2, 0x5f, 0x92, 0xeb, 0x36, 0x0f, + 0xc5, 0x5b, 0xbb, 0xc1, 0xb2, 0x0f, 0xdd, 0x4f, + 0x71, 0xdf, 0x2c, 0x98, 0xb3, 0xd7, 0xc4, 0x68, + 0x1d, 0x82, 0x14, 0x8d, 0xab, 0x70, 0x90, 0x45, + 0x1b, 0x2d, 0x83, 0xe7, 0x64, 0x53, 0x53, 0x01, + 0x9c, 0x2f, 0xd1, 0x51, 0x05, 0xb3, 0x50, 0x1d, + 0x99, 0x7c, 0x08, 0x95, 0x99, 0x49, 0x76, 0xdf, + 0x80, 0xc7, 0x1f, 0xf5, 0x92, 0xc7, 0x07, 0x13, + 0x54, 0x67, 0x5b, 0xb8, 0x9d, 0x09, 0x53, 0x7c, + 0x13, 0xc6, 0xe2, 0x4d, 0xa5, 0x6f, 0x65, 0x96, + 0x40, 0x38, 0xdb, 0xaf, 0x8e, 0x1a, 0x91, 0x1c, + 0x6d, 0x7a, 0x99, 0x4f, 0x50, 0x4f, 0xe5, 0x04, + 0x0b, 0x05, 0x81, 0x74, 0x4a, 0x01, 0xac, 0xf3, + 0x3b, 0x4f, 0x59, 0x76, 0x44, 0x5c, 0x0a, 0x69, + 0x4a, 0x30, 0x93, 0xb3, 0xde, 0x13, 0x2b, 0x79, + 0xc4, 0x95, 0xa4, 0xfe, 0x38, 0x5f, 0x49, 0x92, + 0x23, 0xf7, 0x1b, 0xb9, 0x25, 0x85, 0x41, 0x4b, + 0x69, 0x9a, 0xd4, 0x93, 0xd3, 0xd9, 0x7a, 0x69, + 0xab, 0x9b, 0xf7, 0x1b, 0x53, 0x46, 0x35, 0xfb, + 0x8e, 0x20, 0xa4, 0x3f, 0x8d, 0x55, 0xc1, 0xfb, + 0x6e, 0x82, 0x74, 0xd2, 0x76, 0x33, 0x3e, 0x49, + 0xf6, 0x96, 0xe6, 0x1f, 0xd4, 0x4a, 0x40, 0x89, + 0x9b, 0xe5, 0xb3, 0x1f, 0x0b, 0xde, 0x13, 0x7e, + 0x3c, 0x76, 0xce, 0x2d, 0x0d, 0xc4, 0x7f, 0x4a, + 0x1d, 0x28, 0x20, 0xfc, 0x0f, 0x3e, 0x23, 0x58, + 0x2c, 0x69, 0x0d, 0xde, 0xa4, 0xcc, 0x35, 0xd5, + 0x26, 0xef, 0x14, 0xc9, 0x0d, 0x2b, 0x8b, 0x1c, + 0x6d, 0xfd, 0x33, 0xd7, 0x69, 0x99, 0x27, 0x76, + 0xee, 0x52, 0x9e, 0x4f, 0xa2, 0x37, 0x13, 0x54, + 0xb4, 0xb0, 0x21, 0x47, 0x1a, 0x6a, 0x11, 0x57, + 0x25, 0x69, 0x49, 0xa6, 0x8a, 0x9e, 0xda, 0x5a, + 0x91, 0xa6, 0xea, 0x76, 0x16, 0x8e, 0x66, 0x46, + 0xc9, 0x8d, 0x1f, 0xbc, 0x44, 0x53, 0x5e, 0xb9, + 0x39, 0xa4, 0xbe, 0x62, 0xd1, 0xe4, 0xa1, 0x16, + 0x70, 0x5e, 0x2d, 0x2a, 0xa7, 0xea, 0x8d, 0x94, + 0xfb, 0x19, 0x08, 0x2a, 0x9c, 0x2c, 0x62, 0xb0, + 0x0b, 0x8d, 0x79, 0x94, 0x81, 0x3a, 0x4c, 0x8b, + 0x14, 0x60, 0x32, 0x62, 0x43, 0x9b, 0xbb, 0x6e, + 0xae, 0x5a, 0x0a, 0xa5, 0xec, 0xa9, 0xc7, 0x29, + 0x86, 0xa3, 0xa1, 0x17, 0x2d, 0xaa, 0x08, 0x27, + 0x68, 0x37, 0xd6, 0x2e, 0xaa, 0x3d, 0xb0, 0xac, + 0x27, 0xb0, 0xce, 0xc2, 0x7c, 0x83, 0xb0, 0x6f, + 0xe0, 0x00, 0x76, 0xef, 0xf0, 0xe2, 0xd7, 0x87, + 0x55, 0xf2, 0x95, 0x93, 0xd6, 0x83, 0x25, 0x88, + 0xf9, 0x9f, 0x6a, 0x58, 0x54, 0xd3, 0x78, 0x02, + 0xa2, 0xd2, 0xaa, 0x89, 0x33, 0x4c, 0xd0, 0xad, + 0xd2, 0xdf, 0x78, 0xf5, 0x03, 0xa5, 0x74, 0xef, + 0x77, 0xfe, 0x30, 0xc1, 0x16, 0x44, 0xa1, 0xb6, + 0x38, 0x38, 0x9e, 0xf1, 0x05, 0xe7, 0x18, 0x58, + 0x9f, 0x29, 0xa5, 0xda, 0xe5, 0x92, 0x1f, 0x33, + 0xc7, 0x90, 0xe2, 0x87, 0xd1, 0x0e, 0xdc, 0x1b, + 0x75, 0x65, 0xaa, 0x8c, 0xcb, 0x4f, 0x68, 0xb2, + 0x1a, 0xf6, 0x3b, 0x3e, 0xdf, 0x8f, 0xb5, 0x0a, + 0xdf, 0xfb, 0x6a, 0x9e, 0x4a, 0xdb, 0x83, 0x92, + 0x12, 0x7e, 0x39, 0x2b, 0x96, 0x85, 0x1f, 0xe5, + 0xdf, 0x59, 0x8f, 0x7c, 0x88, 0x96, 0xfa, 0x84, + 0x9a, 0x4b, 0xd8, 0x79, 0x03, 0x75, 0x88, 0x22, + 0x73, 0x61, 0x00, 0x02, 0x67, 0x11, 0x09, 0xbd, + 0x34, 0xce, 0x81, 0x34, 0x2d, 0x9d, 0x67, 0xa0, + 0x2c, 0xfc, 0x77, 0x46, 0x19, 0x84, 0x68, 0xa8, + 0x0e, 0xd5, 0x46, 0xe1, 0x82, 0xb6, 0xc4, 0xcd, + 0x0d, 0x64, 0x1f, 0x9b, 0xeb, 0x35, 0x21, 0x87, + 0x7d, 0xae, 0x6e, 0xce, 0xe5, 0x14, 0xca, 0xe0, + 0x37, 0xdf, 0x86, 0x75, 0xaa, 0x9e, 0x76, 0x02, + 0xaa, 0xea, 0x19, 0x6c, 0xe6, 0x26, 0xf9, 0x79, + 0xb6, 0xd9, 0x9e, 0x88, 0xca, 0xaa, 0x26, 0x5e, + 0xbc, 0x1a, 0xea, 0xfe, 0xd5, 0xe9, 0x12, 0x8c, + 0x08, 0x41, 0x35, 0xac, 0xaf, 0xb9, 0xed, 0x56, + 0xc6, 0xab, 0x5f, 0xb5, 0xd8, 0x64, 0xde, 0x1f, + 0x07, 0x50, 0x5b, 0xf4, 0x71, 0xbe, 0x7f, 0xf3, + 0xdd, 0x3e, 0x73, 0xa1, 0xba, 0x71, 0x55, 0x09, + 0x0a, 0x04, 0x9f, 0x54, 0x9d, 0x3f, 0x78, 0xd9, + 0xcb, 0xad, 0x1b, 0x2e, 0xc7, 0xde, 0xcd, 0x66, + 0x31, 0xf8, 0xd5, 0x8b, 0x6b, 0x41, 0xbe, 0x04, + 0x6a, 0xcc, 0x08, 0x29, 0x8c, 0x10, 0x7d, 0x10, + 0xdf, 0xcc, 0x42, 0x89, 0x9f, 0xab, 0x1b, 0x2f, + 0x78, 0x38, 0x5a, 0x34, 0x46, 0xc7, 0x3c, 0x2b, + 0x49, 0x89, 0xf1, 0x94, 0xc8, 0xa1, 0x16, 0x76, + 0x66, 0xa6, 0x5f, 0xf6, 0x36, 0x05, 0xb7, 0x8a, + 0xaf, 0x15, 0x88, 0x7f, 0xfb, 0xd1, 0x7e, 0x4d, + 0x53, 0x6a, 0xb9, 0x09, 0x38, 0x43, 0xef, 0x67, + 0x5b, 0x28, 0x47, 0x66, 0x62, 0x3a, 0xe4, 0x55, + 0xbf, 0x13, 0x87, 0x68, 0xde, 0x23, 0xb6, 0x57, + 0xbd, 0xaa, 0x2f, 0x99, 0x9a, 0xfd, 0xbb, 0x21, + 0xb7, 0xc0, 0x4d, 0x96, 0x8d, 0x40, 0xd6, 0xf0, + 0xac, 0x20, 0x79, 0xa0, 0x03, 0x87, 0xbe, 0x50, + 0xfa, 0x78, 0x18, 0x04, 0x36, 0x7c, 0x34, 0x4a, + 0x71, 0x1c, 0x02, 0x67, 0xfe, 0xbc, 0x45, 0x96, + 0xb7, 0x0f, 0x38, 0x1c, 0x14, 0x57, 0x05, 0xfd, + 0x13, 0x03, 0xcd, 0xa0, 0x04, 0xbb, 0xae, 0xfc, + 0xf0, 0x85, 0x04, 0x7d, 0xdb, 0x86, 0xff, 0xcf, + 0x3a, 0x20, 0xec, 0xc9, 0xe7, 0x84, 0x4c, 0x51, + 0x0c, 0xcc, 0xad, 0xb4, 0x0d, 0x28, 0xcb, 0x66, + 0x20, 0xc8, 0x62, 0x7d, 0x13, 0x89, 0x28, 0xbb, + 0x87, 0x98, 0xea, 0x64, 0xe4, 0x83, 0xc3, 0xae, + 0x1a, 0xea, 0x68, 0x11, 0x05, 0x05, 0xc3, 0x1e, + 0x90, 0x1e, 0xd4, 0x06, 0xd3, 0xdd, 0xdc, 0x08, + 0xb5, 0x65, 0xb9, 0x4d, 0xcb, 0xf7, 0xb7, 0x33, + 0x18, 0x05, 0xbf, 0x59, 0x55, 0x14, 0x61, 0x15, + 0xa9, 0x21, 0x92, 0xa2, 0x2d, 0xed, 0x89, 0xd8, + 0x96, 0x30, 0xc7, 0x4f, 0xfb, 0x15, 0x34, 0x33, + 0xa4, 0x21, 0xe2, 0x3d, 0x1e, 0xd3, 0xd4, 0xa4, + 0x5b, 0x89, 0xe4, 0xa3, 0xc3, 0xc2, 0x73, 0x7b, + 0x0e, 0x0e, 0xb5, 0x3c, 0xc5, 0x09, 0x5e, 0x77, + 0x00, 0xbe, 0x43, 0x99, 0x2f, 0x91, 0xd4, 0x79, + 0x1e, 0x30, 0xf5, 0x39, 0x0b, 0xc9, 0x1b, 0xd8, + 0xfc, 0x0d, 0xf8, 0x39, 0x1e, 0xc1, 0x40, 0x7a, + 0xde, 0x5c, 0x63, 0xb1, 0xd1, 0xd0, 0x7b, 0x90, + 0xf6, 0x2b, 0x27, 0x0c, 0x68, 0x40, 0xee, 0x7c, + 0x36, 0xd6, 0xdb, 0x87, 0x25, 0x36, 0xdf, 0x49, + 0xbb, 0xed, 0xa4, 0xa6, 0x90, 0xde, 0x59, 0x0c, + 0x49, 0xf5, 0x26, 0xe2, 0xed, 0x4e, 0x6b, 0x35, + 0x3e, 0x6c, 0x36, 0x81, 0x11, 0xde, 0x91, 0xc8, + 0xa1, 0x76, 0x55, 0x54, 0xf9, 0xa7, 0x96, 0xda, + 0x3d, 0x9c, 0x8c, 0x3f, 0xd8, 0xd7, 0xa0, 0xe2, + 0x9b, 0xef, 0xcd, 0x8c, 0xa4, 0x91, 0x27, 0x37, + 0x09, 0xfb, 0xa1, 0x98, 0x03, 0x72, 0x44, 0x67, + 0x48, 0x3a, 0x3d, 0x93, 0xcb, 0x77, 0x52, 0x55, + 0x20, 0xc5, 0xe9, 0x41, 0x9f, 0xd8, 0x8d, 0x9d, + 0x6b, 0x74, 0x98, 0xbe, 0xca, 0x8f, 0x43, 0xf7, + 0xb0, 0x6d, 0x63, 0x00, 0x64, 0x2f, 0x7f, 0xd8, + 0x89, 0x8c, 0x09, 0xb2, 0xa1, 0xb1, 0x7a, 0xc9, + 0xf4, 0xd6, 0xd1, 0x54, 0xe6, 0x34, 0xf2, 0x55, + 0xe6, 0xa5, 0x1d, 0x3b, 0xd2, 0x8f, 0x93, 0x88, + 0xd3, 0x17, 0xd2, 0x56, 0x8e, 0x93, 0xb5, 0x5b, + 0xeb, 0xda, 0xae, 0x0f, 0xfe, 0xe5, 0xcd, 0x46, + 0x87, 0x34, 0xe9, 0xc6, 0xb8, 0x27, 0xe1, 0x11, + 0x73, 0xb1, 0xab, 0x28, 0x12, 0xa3, 0xfe, 0x0b, + 0xa1, 0x42, 0xb3, 0x65, 0xfc, 0x18, 0x44, 0x27, + 0x83, 0x43, 0xf8, 0x15, 0x90, 0x1d, 0x60, 0xfe, + 0xe4, 0x49, 0xa1, 0x63, 0x74, 0x42, 0x2d, 0x5c, + 0x0d, 0xe9, 0xaf, 0x00, 0xfa, 0xa4, 0xb5, 0xa0, + 0xca, 0xb7, 0xeb, 0x3a, 0x52, 0x5c, 0xe5, 0xcb, + 0x8d, 0x14, 0xe7, 0x44, 0x32, 0x6c, 0x9d, 0xc1, + 0x50, 0xb0, 0x9f, 0x2b, 0x40, 0xa1, 0x40, 0xbe, + 0x73, 0xdd, 0x4c, 0xec, 0x76, 0xd9, 0x13, 0x5e, + 0x3e, 0x76, 0x4a, 0x1b, 0x75, 0xfa, 0x67, 0x55, + 0x0d, 0xce, 0x00, 0x95, 0xbd, 0xdb, 0x82, 0xfd, + 0xb2, 0x65, 0x49, 0x31, 0xa3, 0xd0, 0x75, 0x6f, + 0xab, 0xc2, 0x9a, 0xaa, 0x04, 0xed, 0x18, 0xd3, + 0x89, 0x1e, 0xbc, 0x2a, 0xad, 0xb0, 0xca, 0x70, + 0xf4, 0x89, 0xa0, 0xb6, 0x66, 0x89, 0x6e, 0x33, + 0x3f, 0x73, 0x18, 0x4e, 0x14, 0xe1, 0xdc, 0xf8, + 0x85, 0x56, 0xf7, 0x45, 0x72, 0xc2, 0x8c, 0x95, + 0xd1, 0xde, 0x1b, 0x96, 0x10, 0x5e, 0x75, 0x23, + 0x13, 0x2d, 0x39, 0x01, 0x74, 0x85, 0x8b, 0x94, + 0x52, 0x27, 0x8c, 0x0c, 0xa0, 0x04, 0xa2, 0xe7, + 0xdb, 0xfb, 0xc4, 0xb3, 0xc5, 0x66, 0x60, 0xc9, + 0x76, 0x40, 0x00, 0x29, 0xac, 0xc7, 0xc0, 0xe1, + 0xc5, 0xab, 0x4e, 0xc5, 0xff, 0x04, 0x5e, 0xdd, + 0x9e, 0xa7, 0x13, 0xe9, 0x8a, 0xa6, 0xb9, 0xc0, + 0x92, 0x9e, 0x9c, 0x00, 0x02, 0xe6, 0x3c, 0xe3, + 0x7b, 0xb6, 0x79, 0x24, 0xfc, 0x82, 0x3c, 0xa8, + 0x3d, 0xba, 0xef, 0x73, 0x30, 0xe3, 0x0a, 0x9c, + 0xf0, 0xd9, 0x86, 0x29, 0x54, 0xd5, 0xa2, 0x32, + 0xf8, 0x1f, 0x00, 0x29, 0x86, 0x3d, 0x5c, 0x18, + 0xab, 0x18, 0x5b, 0x79, 0x5c, 0x6f, 0xb5, 0x18, + 0x09, 0xcb, 0x1d, 0x3f, 0x51, 0x64, 0x9e, 0x8c, + 0xc6, 0x48, 0x83, 0x54, 0x24, 0x4b, 0x1b, 0xff, + 0x80, 0xc1, 0xa4, 0x49, 0x67, 0x7c, 0xbf, 0xe3, + 0xda, 0x6b, 0x3e, 0xae, 0x39, 0x4a, 0x03, 0xff, + 0xd9, 0xe8, 0x92, 0x2a, 0xb7, 0x44, 0x68, 0x4a, + 0x36, 0x5f, 0xbd, 0x6d, 0xfe, 0xbc, 0xd1, 0x64, + 0x3f, 0x26, 0xae, 0xbc, 0x6a, 0xfe, 0xce, 0xfa, + 0xb8, 0xf5, 0x17, 0x3b, 0x3c, 0x8d, 0xa0, 0xe6, + 0x40, 0x46, 0xa6, 0xcb, 0x3c, 0xc5, 0x69, 0xb8, + 0x28, 0xfa, 0xe8, 0x9f, 0x1a, 0x7c, 0xa2, 0x7d, + 0x72, 0x78, 0x8a, 0x03, 0x8f, 0xe8, 0x27, 0x63, + 0x02, 0x7d, 0xa0, 0x39, 0x4a, 0xa2, 0x5e, 0xf9, + 0x79, 0x64, 0x95, 0xd3, 0x8d, 0x18, 0x8d, 0x09, + 0x99, 0x96, 0xe1, 0x01, 0x2d, 0xeb, 0x08, 0x12, + 0x3b, 0xc8, 0xe4, 0xaf, 0xaa, 0x88, 0x93, 0x49, + 0xe9, 0x59, 0xb3, 0xfe, 0x8b, 0x1b, 0x78, 0x3c, + 0x6d, 0x7c, 0x24, 0x33, 0xb8, 0x28, 0x97, 0x3b, + 0x76, 0x06, 0xd2, 0x43, 0x42, 0xec, 0xbe, 0x18, + 0x17, 0x81, 0xf6, 0xc7, 0x1d, 0xa4, 0x0e, 0xa4, + 0xe7, 0xcf, 0xb1, 0x2c, 0x9b, 0x09, 0x38, 0x73, + 0x67, 0xc5, 0x2c, 0xe7, 0x2d, 0x8d, 0x43, 0x72, + 0x23, 0x6d, 0xaa, 0xcf, 0x80, 0x23, 0x61, 0x08, + 0x3f, 0xbd, 0xd7, 0xc5, 0x2a, 0x0b, 0x3a, 0x83, + 0x3f, 0xf6, 0x65, 0x52, 0x94, 0x68, 0x27, 0x90, + 0x7d, 0x75, 0xfa, 0x3a, 0x82, 0x0c, 0xae, 0x66, + 0x39, 0x71, 0x17, 0xda, 0xbf, 0x26, 0x9c, 0xb9, + 0x56, 0x2e, 0x76, 0x11, 0xa1, 0xb3, 0x4d, 0xa1, + 0x51, 0x14, 0x1c, 0x90, 0xf5, 0xba, 0xf0, 0x53, + 0x32, 0xe1, 0xc7, 0x9f, 0x19, 0x03, 0xb9, 0x87, + 0x33, 0xbf, 0xe0, 0xde, 0xce, 0xc5, 0x38, 0xe3, + 0xd9, 0xe2, 0xa6, 0x55, 0xf5, 0xdb, 0x90, 0x42, + 0xa0, 0x02, 0x50, 0x6e, 0x01, 0xe4, 0x65, 0x79, + 0x43, 0xfd, 0x2e, 0x57, 0xa6, 0x25, 0x74, 0x31, + 0x5f, 0x55, 0x3d, 0x6a, 0x44, 0x04, 0x5e, 0xb0, + 0xce, 0x50, 0xe7, 0xf4, 0x7d, 0xb1, 0x7d, 0x4f, + 0xce, 0xd7, 0x42, 0x97, 0xb1, 0xee, 0x19, 0x52, + 0x32, 0x63, 0x02, 0x9b, 0x47, 0x19, 0xee, 0xa4, + 0x36, 0xaa, 0x25, 0x0f, 0xbd, 0xda, 0x03, 0xd8, + 0x5d, 0x2c, 0x88, 0x0b, 0x99, 0xc7, 0x72, 0x75, + 0x1a, 0x65, 0x95, 0xd5, 0x46, 0x4e, 0x9c, 0xcb, + 0xfc, 0xd0, 0xb1, 0x92, 0xd9, 0x3c, 0xcd, 0x6f, + 0xe2, 0x5b, 0x43, 0x88, 0xd2, 0xb0, 0xa9, 0x2e, + 0xaf, 0xb8, 0x36, 0xaa, 0x62, 0x97, 0x86, 0xd9, + 0x47, 0x8f, 0x24, 0xae, 0x50, 0x93, 0x09, 0xe9, + 0x80, 0x70, 0x2d, 0x4a, 0xf7, 0x03, 0xff, 0x09, + 0x04, 0xfa, 0x81, 0x55, 0x73, 0x8d, 0x13, 0x02, + 0x75, 0x53, 0x5e, 0x3f, 0x81, 0xec, 0x77, 0xb1, + 0x01, 0x07, 0x76, 0x83, 0x29, 0xae, 0x0b, 0x3b, + 0x50, 0x96, 0xed, 0xeb, 0x15, 0x54, 0x3d, 0x9c, + 0xc5, 0xa3, 0xf3, 0xe4, 0xee, 0xd4, 0x6b, 0xb6, + 0xa5, 0xec, 0x6a, 0x42, 0x85, 0x73, 0xbf, 0x31, + 0xac, 0x64, 0x32, 0x74, 0x24, 0xd1, 0x29, 0x1b, + 0xb2, 0xf9, 0x33, 0x52, 0x8e, 0x22, 0x23, 0x51, + 0xde, 0x80, 0x40, 0x94, 0x7b, 0x80, 0xdc, 0xbc, + 0xf9, 0xac, 0x91, 0xda, 0x17, 0x91, 0xa0, 0xfc, + 0xf8, 0x75, 0xec, 0xd2, 0x0a, 0x03, 0x25, 0x36, + 0x7c, 0xfa, 0x36, 0x18, 0xd3, 0x6a, 0x76, 0x5d, + 0x45, 0x60, 0x43, 0xa2, 0xe1, 0x8e, 0xee, 0x7a, + 0xf9, 0xfe, 0x94, 0xcd, 0xf8, 0xa1, 0x4f, 0x2f, + 0x14, 0xb3, 0x4b, 0xb4, 0xe8, 0x68, 0x97, 0xae, + 0xca, 0x2a, 0x7b, 0xd2, 0x9e, 0x6a, 0x28, 0xec, + 0xcb, 0xf0, 0xf8, 0xa2, 0x68, 0x54, 0x05, 0x8e, + 0x8e, 0x86, 0x31, 0x56, 0xb8, 0xc9, 0x68, 0x8f, + 0x26, 0x9d, 0xaa, 0x70, 0x43, 0x2f, 0x6f, 0x9f, + 0x5b, 0x60, 0x2a, 0xf8, 0xf6, 0xd6, 0x3e, 0x22, + 0x2a, 0x1c, 0xcd, 0xde, 0x96, 0xb7, 0xfc, 0x09, + 0xd4, 0xc6, 0x25, 0x3c, 0xaa, 0xb8, 0x67, 0x0f, + 0x3e, 0x50, 0x43, 0x45, 0xeb, 0x4d, 0x18, 0x29, + 0xae, 0x03, 0x10, 0x78, 0x3f, 0x71, 0x10, 0x29, + 0x71, 0x2a, 0xdb, 0xaa, 0xe6, 0x56, 0x64, 0x7a, + 0x95, 0x62, 0x13, 0x50, 0xe2, 0xcb, 0xdc, 0xf2, + 0xa9, 0xec, 0xc6, 0x4e, 0x8a, 0x3c, 0xc2, 0x8d, + 0xe7, 0x56, 0xd0, 0xb0, 0xbd, 0x58, 0x34, 0x25, + 0xaf, 0xb2, 0x07, 0xdc, 0x40, 0x8e, 0x92, 0x6f, + 0xc9, 0xe7, 0x7e, 0xf5, 0xb9, 0xd8, 0xe7, 0x1b, + 0x64, 0x49, 0x4d, 0x91, 0x7e, 0x0f, 0x2a, 0x06, + 0xf6, 0x7c, 0xc8, 0x55, 0x7a, 0x0f, 0xa3, 0x0d, + 0x16, 0x13, 0x88, 0xc7, 0x3b, 0xa7, 0xe3, 0x28, + 0x02, 0x96, 0xc8, 0x6c, 0x0a, 0x99, 0x6f, 0x31, + 0xc4, 0xb3, 0x2a, 0x78, 0xc0, 0x73, 0xae, 0xc7, + 0x54, 0xd5, 0x4a, 0xb0, 0xc6, 0x83, 0x53, 0xa8, + 0x0b, 0x05, 0xcd, 0xfd, 0x12, 0x14, 0x7b, 0x12, + 0x6a, 0x8d, 0x3f, 0x45, 0x90, 0x0f, 0xda, 0x07, + 0xe9, 0xec, 0x92, 0xa3, 0xee, 0xb0, 0x24, 0x45, + 0x0f, 0x07, 0x2b, 0x5b, 0x84, 0xe8, 0x9b, 0x71, + 0xfe, 0x82, 0x83, 0x22, 0x36, 0xa4, 0xf8, 0x45, + 0xf5, 0xdd, 0xf4, 0x9e, 0xf3, 0x24, 0x23, 0x09, + 0xb4, 0x4c, 0x11, 0xc5, 0xaa, 0x81, 0x80, 0xa7, + 0xd3, 0xec, 0xaf, 0x6c, 0xf7, 0x2d, 0x8e, 0x04, + 0x27, 0xfe, 0xe4, 0x26, 0x4c, 0x8d, 0xf4, 0x39, + 0x02, 0xca, 0x5d, 0x9e, 0xf8, 0x6e, 0x48, 0x23, + 0x41, 0xb9, 0x12, 0x3b, 0x63, 0xe4, 0x82, 0x48, + 0x8a, 0x0e, 0x7f, 0xbe, 0x1c, 0x41, 0x50, 0x4b, + 0xce, 0x82, 0x49, 0x2b, 0x48, 0x83, 0xee, 0xd1, + 0x97, 0x35, 0x39, 0xb8, 0x1b, 0x24, 0x43, 0x81, + 0xda, 0x76, 0x60, 0x12, 0x41, 0x98, 0x29, 0x85, + 0x24, 0xe1, 0x63, 0xf7, 0x05, 0x1a, 0x59, 0xdb, + 0x64, 0x6f, 0x15, 0xd8, 0x37, 0x55, 0x01, 0xdd, + 0xc9, 0x48, 0xcb, 0x24, 0xc2, 0xa2, 0x39, 0x16, + 0x07, 0x16, 0x4e, 0x71, 0x95, 0x96, 0xc4, 0xc8, + 0x01, 0x33, 0x65, 0x76, 0x7a, 0x8c, 0x97, 0xd0, + 0xdd, 0xf9, 0x02, 0x15, 0x31, 0x5e, 0x70, 0xfa, + 0x4a, 0x9a, 0xd8, 0xfc, 0x1e, 0x39, 0x89, 0xa7, + 0xcd, 0xec, 0xf3, 0x53, 0x56, 0x5c, 0x86, 0xc3, + 0xcd, 0xfb, 0x63, 0x6e, 0x8e, 0x95, 0xab, 0x12, + 0x7b, 0xf1, 0xfb, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x08, 0x12, 0x18, 0x1c, 0x23, + 0x2a, 0x2f, 0x33 + }; + /* Expected signature with context from gist record 1 (ctxLen=33), 4627 bytes */ + static const byte sig_87_ctx33[] = { + 0xef, 0x5e, 0x4b, 0x6a, 0x19, 0xd7, 0xe3, 0xf2, + 0x61, 0x0c, 0xf5, 0x1c, 0xaf, 0x5e, 0xc2, 0xaf, + 0xb1, 0xca, 0xcf, 0x9e, 0x18, 0x60, 0xc4, 0xb6, + 0x5a, 0x0b, 0xd6, 0xf1, 0xa5, 0xd4, 0xde, 0xc3, + 0x73, 0xfc, 0xaf, 0x0e, 0x72, 0x08, 0x2f, 0x5d, + 0x02, 0xf2, 0xcd, 0x03, 0x4f, 0xaa, 0xa7, 0x7c, + 0xb3, 0xd4, 0xd3, 0x63, 0xf5, 0xb0, 0x79, 0x88, + 0x90, 0x39, 0x6d, 0x39, 0x5a, 0x6b, 0xa0, 0x02, + 0x5f, 0x01, 0x93, 0x7d, 0x38, 0xf1, 0xa7, 0x3f, + 0xac, 0x80, 0x1a, 0xd1, 0xe1, 0xbb, 0xe5, 0x09, + 0x53, 0x19, 0xec, 0x38, 0xf7, 0x33, 0x1b, 0x17, + 0x4f, 0x19, 0xdb, 0xfe, 0x45, 0xe5, 0xbb, 0xa1, + 0x46, 0xcc, 0xcd, 0x16, 0x64, 0xb3, 0x6b, 0x74, + 0xd4, 0x3f, 0x5e, 0x68, 0x03, 0x16, 0xc1, 0x43, + 0x6b, 0x94, 0x3b, 0x0a, 0x24, 0xf9, 0x30, 0x5a, + 0x16, 0x8a, 0x17, 0x00, 0x76, 0x7f, 0x6b, 0x72, + 0xfe, 0xdd, 0x51, 0xc3, 0x07, 0x2c, 0xd8, 0xf1, + 0x89, 0x30, 0xe1, 0x4e, 0x4e, 0x5c, 0x1d, 0xbb, + 0x25, 0x49, 0x6e, 0x95, 0x63, 0xc2, 0x1e, 0x41, + 0x4a, 0x52, 0xe1, 0x60, 0xc4, 0xea, 0xb3, 0x18, + 0xe4, 0x01, 0xb1, 0x1b, 0x52, 0xa8, 0x3e, 0xbb, + 0x4a, 0x1b, 0x71, 0x8b, 0xe9, 0xec, 0xc1, 0xd5, + 0xb8, 0xc6, 0x1c, 0x59, 0x9b, 0x8e, 0x8f, 0xba, + 0x75, 0x2a, 0x6a, 0x25, 0xd3, 0x7a, 0xca, 0x16, + 0x7e, 0x3f, 0x6f, 0xd4, 0x6e, 0x96, 0xd6, 0x57, + 0xa6, 0x13, 0x38, 0x51, 0xf2, 0x98, 0x3f, 0x62, + 0xc4, 0x9e, 0x1d, 0x24, 0xe6, 0x2e, 0x9d, 0xe8, + 0xba, 0xed, 0x34, 0x2c, 0x18, 0xac, 0xbe, 0x23, + 0x21, 0xd2, 0xc4, 0xdf, 0x02, 0xff, 0x30, 0xa9, + 0x3e, 0x31, 0xcf, 0x3a, 0xdb, 0xdd, 0xfc, 0x79, + 0xf9, 0xf7, 0x09, 0x53, 0x6d, 0xab, 0x9f, 0x85, + 0x34, 0x82, 0x51, 0x8c, 0x84, 0xd9, 0xbd, 0xd0, + 0xe0, 0xfb, 0x7c, 0x0c, 0x68, 0x22, 0xed, 0x57, + 0x1a, 0x73, 0xee, 0xdc, 0xcc, 0x0c, 0xe7, 0x14, + 0x9c, 0x10, 0xf3, 0xf7, 0xbe, 0xf3, 0x92, 0xbf, + 0x27, 0x4b, 0x9f, 0xe9, 0x95, 0xf7, 0x71, 0x12, + 0x0f, 0x15, 0x74, 0x4d, 0x62, 0x3a, 0x1e, 0x8c, + 0x4f, 0x5c, 0x6c, 0x65, 0x9e, 0xb0, 0xba, 0x02, + 0x87, 0xb4, 0xdb, 0x75, 0xea, 0x1e, 0x9a, 0xff, + 0xbd, 0xa0, 0xb3, 0x43, 0xb8, 0xfa, 0x85, 0x5a, + 0xff, 0x45, 0x92, 0x6c, 0xa6, 0x2f, 0x8f, 0xc5, + 0x8d, 0xdd, 0x9d, 0x5c, 0x71, 0xd2, 0xe7, 0xb8, + 0x00, 0x94, 0x1c, 0x2c, 0x74, 0xbc, 0xaf, 0x62, + 0xcd, 0xe9, 0xc9, 0x7c, 0xfe, 0x20, 0x57, 0x37, + 0xfe, 0xf8, 0xa2, 0xa5, 0x27, 0xf9, 0x54, 0xf0, + 0x08, 0xa5, 0xd3, 0x45, 0x31, 0xa1, 0x27, 0xb9, + 0xfe, 0x6c, 0xc2, 0x18, 0xfe, 0x71, 0x3b, 0x34, + 0x17, 0xd7, 0xac, 0x0f, 0xa8, 0xe0, 0x6a, 0x93, + 0x85, 0xb0, 0x3f, 0x1f, 0xd8, 0xb8, 0xb0, 0x43, + 0xc5, 0xb6, 0x26, 0x6c, 0x07, 0xaa, 0xc9, 0x8a, + 0xfc, 0x7c, 0xbf, 0x55, 0x4b, 0x00, 0xfe, 0x48, + 0x2f, 0x82, 0x18, 0xf4, 0x54, 0x2b, 0x82, 0x53, + 0x46, 0x1b, 0x85, 0xfe, 0xf3, 0x01, 0x1e, 0xc2, + 0x88, 0x8d, 0x7f, 0xae, 0xfc, 0x35, 0x1f, 0x19, + 0x92, 0x88, 0xe7, 0x6c, 0xd2, 0x90, 0x49, 0x01, + 0x99, 0x52, 0x0a, 0x20, 0x07, 0xfd, 0x71, 0x4c, + 0x6f, 0x68, 0x17, 0xe9, 0x03, 0x4d, 0x7d, 0x51, + 0xb3, 0xf2, 0x7c, 0x34, 0xe9, 0x4b, 0xd0, 0x42, + 0xb6, 0xcc, 0xf0, 0x46, 0x9f, 0x14, 0x19, 0x2c, + 0xca, 0x7c, 0x63, 0xc8, 0x85, 0xb3, 0xe1, 0xc0, + 0x85, 0xef, 0x29, 0xbd, 0x87, 0x58, 0x86, 0x51, + 0x65, 0xfa, 0xd6, 0xfe, 0x9e, 0x7f, 0xd1, 0xc5, + 0x16, 0xc5, 0xab, 0x7d, 0x51, 0x0a, 0xe5, 0x46, + 0x90, 0xeb, 0x1b, 0xae, 0xe1, 0x46, 0xae, 0xe2, + 0x48, 0x93, 0x5c, 0x9d, 0x8b, 0x99, 0x24, 0x69, + 0xac, 0x9f, 0x66, 0xba, 0x64, 0x33, 0xa7, 0x0e, + 0x36, 0x0a, 0x1c, 0xff, 0xf6, 0xf2, 0xf0, 0x16, + 0x8e, 0x24, 0x1b, 0x1c, 0x39, 0x0f, 0xf9, 0xc6, + 0x9e, 0xa2, 0x89, 0xbb, 0xc7, 0xd6, 0x6b, 0x7c, + 0x34, 0x44, 0xd5, 0xdc, 0x04, 0xee, 0x23, 0xa7, + 0xd8, 0x03, 0x28, 0xc8, 0xe2, 0x9c, 0x2a, 0x34, + 0x38, 0x96, 0x9a, 0x3d, 0x6c, 0x80, 0x6e, 0xfd, + 0x7e, 0xaf, 0x8f, 0x18, 0x74, 0xf7, 0x74, 0x44, + 0x10, 0xce, 0x0c, 0x25, 0xe0, 0xb8, 0x11, 0x7f, + 0x6d, 0xa4, 0x41, 0x11, 0x4d, 0x93, 0x1b, 0xb8, + 0x47, 0xbd, 0xf2, 0x11, 0x07, 0xa5, 0x8a, 0x6d, + 0x85, 0x65, 0xe1, 0x09, 0x80, 0x4b, 0xd0, 0x70, + 0x4f, 0xab, 0x71, 0x00, 0x12, 0x6c, 0x6b, 0xe6, + 0xb8, 0x06, 0x05, 0xc6, 0xc1, 0x52, 0x26, 0x21, + 0x57, 0x70, 0xc5, 0xfb, 0x72, 0x8f, 0xe4, 0xea, + 0xe4, 0xc5, 0xc5, 0x28, 0x12, 0xed, 0x69, 0x77, + 0x32, 0xd7, 0x25, 0xc8, 0x5e, 0xb5, 0x14, 0x3f, + 0x91, 0xb5, 0x1e, 0xad, 0x5e, 0xd9, 0xb8, 0x33, + 0x4e, 0x61, 0x3d, 0xc7, 0x0e, 0x2c, 0xaa, 0x29, + 0x78, 0x38, 0xa0, 0x27, 0xca, 0xc1, 0xd9, 0x08, + 0xaf, 0xab, 0x31, 0x1e, 0xb0, 0xc1, 0xd7, 0x10, + 0x79, 0xd3, 0xee, 0x7a, 0xb4, 0x48, 0xa3, 0x8a, + 0x7e, 0xc9, 0xd2, 0x6d, 0x8c, 0xc4, 0x5c, 0xb8, + 0x26, 0x2f, 0x63, 0x54, 0x04, 0x5d, 0x75, 0x75, + 0x52, 0xac, 0x83, 0x49, 0xe3, 0xee, 0xa9, 0x02, + 0xdc, 0x10, 0xc0, 0x88, 0xad, 0x54, 0x5f, 0x3a, + 0x1a, 0xd5, 0xea, 0xb5, 0x0d, 0x6d, 0x6c, 0x5c, + 0xe3, 0xb6, 0x23, 0x02, 0xb2, 0x88, 0x2e, 0x3f, + 0xca, 0x68, 0x16, 0x29, 0xe4, 0x58, 0x9e, 0xa0, + 0x6f, 0x74, 0xfb, 0x39, 0x7d, 0x59, 0x78, 0x28, + 0x7e, 0xc5, 0x61, 0x16, 0x7f, 0x5a, 0x97, 0x2a, + 0x82, 0x5f, 0x77, 0x9f, 0x30, 0xa9, 0x54, 0x3c, + 0x9a, 0xc4, 0x6e, 0xec, 0x1f, 0xa2, 0x58, 0xf8, + 0xa9, 0x2c, 0x65, 0xeb, 0x6e, 0x61, 0x2f, 0x58, + 0x81, 0x0f, 0x70, 0x8a, 0x1d, 0x5d, 0xb1, 0xf8, + 0x48, 0x58, 0xd9, 0x0f, 0x36, 0xd7, 0x67, 0xe3, + 0x5f, 0xfb, 0x79, 0x1f, 0x48, 0x28, 0xa2, 0x3f, + 0xbe, 0x37, 0x41, 0x35, 0xa5, 0x63, 0x31, 0x8c, + 0x9e, 0x77, 0x46, 0xaf, 0x28, 0x9d, 0xdb, 0x44, + 0x73, 0xe3, 0x32, 0xab, 0xa3, 0x0e, 0xda, 0x25, + 0x37, 0x9a, 0xf1, 0x06, 0x0e, 0x1d, 0xa9, 0x32, + 0x9f, 0xc5, 0x4c, 0xed, 0x87, 0x04, 0xeb, 0x0b, + 0x26, 0x45, 0x03, 0xae, 0xc6, 0xd9, 0x2a, 0x8b, + 0x24, 0x31, 0x03, 0x52, 0x38, 0x87, 0x7d, 0x64, + 0x15, 0x0b, 0x36, 0xc7, 0x91, 0xf1, 0x93, 0xaf, + 0x3a, 0x41, 0xa9, 0x51, 0x1f, 0xcd, 0xeb, 0x02, + 0x13, 0x83, 0x8c, 0x08, 0x4f, 0x05, 0xe8, 0x02, + 0x4e, 0x5a, 0x3b, 0x3c, 0x19, 0x6c, 0x6b, 0x49, + 0xfb, 0x8d, 0x82, 0x10, 0x5c, 0xb9, 0x03, 0x81, + 0x3d, 0x39, 0xd5, 0x6c, 0x96, 0xfe, 0xf1, 0x4e, + 0xa2, 0xe4, 0x0d, 0x0f, 0xa1, 0xb3, 0x09, 0xdf, + 0x96, 0xe8, 0x30, 0xb2, 0x08, 0xff, 0x58, 0x28, + 0x29, 0xc6, 0x04, 0xf4, 0x6c, 0x8c, 0x8a, 0x1d, + 0x45, 0xca, 0x15, 0xea, 0x3c, 0xfe, 0x5d, 0x8e, + 0x12, 0x67, 0x28, 0x66, 0x66, 0xeb, 0x52, 0x4f, + 0x51, 0xaf, 0x51, 0x05, 0x0d, 0xce, 0x9e, 0xba, + 0xd7, 0xe0, 0x64, 0xdc, 0xcf, 0xf5, 0xc1, 0xd3, + 0xab, 0x3d, 0x15, 0xbe, 0x87, 0x23, 0x26, 0xbf, + 0x0d, 0x02, 0xac, 0xc7, 0xe7, 0xe4, 0xe1, 0x3a, + 0x42, 0x24, 0xab, 0xd9, 0x3b, 0x2a, 0x74, 0x6c, + 0x1d, 0x4f, 0xba, 0xc8, 0x2b, 0xdc, 0x99, 0x1c, + 0x58, 0x44, 0x6c, 0xd4, 0xd1, 0x58, 0x88, 0x02, + 0x5a, 0x7c, 0x11, 0x51, 0xf2, 0x5f, 0x3c, 0x63, + 0x71, 0xd3, 0xa6, 0xba, 0xd5, 0xee, 0xca, 0x06, + 0x43, 0x48, 0x6c, 0xc9, 0xe6, 0xde, 0xc5, 0xfc, + 0xcc, 0x20, 0xbe, 0x05, 0x29, 0x4a, 0xf6, 0x30, + 0xbc, 0xa5, 0xb5, 0xa8, 0xc5, 0xd1, 0xa3, 0xc9, + 0xa9, 0x4d, 0x29, 0x4f, 0x27, 0x3b, 0xfd, 0x92, + 0x2d, 0x8b, 0x66, 0x62, 0x2c, 0x44, 0xe5, 0x7b, + 0x21, 0xe2, 0xfc, 0x48, 0x70, 0x9d, 0xe6, 0xcc, + 0xf3, 0x40, 0x0e, 0x4d, 0x8a, 0x63, 0xd7, 0x69, + 0x44, 0x95, 0xe4, 0x42, 0x7b, 0xe3, 0x0a, 0xf4, + 0x08, 0xc0, 0x55, 0x85, 0xad, 0x62, 0xb1, 0x57, + 0xee, 0xac, 0x27, 0xde, 0x5f, 0xab, 0xbb, 0xc5, + 0x11, 0x8c, 0x5f, 0xc9, 0x08, 0x69, 0xa6, 0x6d, + 0x31, 0x12, 0x8a, 0x36, 0xb2, 0x0e, 0xe4, 0x0d, + 0x7f, 0x3f, 0x08, 0x55, 0xc1, 0x0f, 0x5f, 0x31, + 0xef, 0x84, 0x39, 0xf0, 0x12, 0x8e, 0x96, 0x13, + 0x69, 0x39, 0x00, 0xf4, 0xa4, 0x65, 0x30, 0xbd, + 0x2e, 0x57, 0x52, 0x2c, 0x66, 0x4b, 0x51, 0x15, + 0xe0, 0xa8, 0x91, 0xfe, 0xda, 0x1e, 0x78, 0x71, + 0x7b, 0x03, 0xae, 0xac, 0x93, 0x80, 0xd4, 0x09, + 0x2e, 0x6e, 0x88, 0x5f, 0xcb, 0x7a, 0xb7, 0x83, + 0xb6, 0xcb, 0x70, 0x53, 0x49, 0xa4, 0xe1, 0xeb, + 0xe3, 0x5e, 0x7b, 0xa3, 0x56, 0xe5, 0x57, 0x3e, + 0xb2, 0xe4, 0x2e, 0xf3, 0x19, 0x86, 0x9f, 0x27, + 0x8b, 0xf9, 0x8e, 0xe7, 0xca, 0x46, 0x35, 0xa1, + 0x0f, 0x14, 0xc1, 0x37, 0xfe, 0xd3, 0x89, 0xff, + 0x11, 0xff, 0x54, 0x39, 0xc0, 0xc0, 0x42, 0xe9, + 0x55, 0xd1, 0x0c, 0x86, 0x63, 0xbc, 0x2f, 0xa0, + 0x82, 0xa1, 0x92, 0x6c, 0x98, 0x4b, 0xe9, 0x91, + 0x89, 0x11, 0xe0, 0x8e, 0x5f, 0xb6, 0xd3, 0xb7, + 0x4a, 0x5a, 0xd1, 0xa4, 0x3b, 0xfb, 0x8e, 0x2c, + 0x90, 0xaa, 0xcd, 0xd4, 0x91, 0x0d, 0x5d, 0x3e, + 0x34, 0xf1, 0xf4, 0xd7, 0x8d, 0x2b, 0x9e, 0x41, + 0x89, 0xe5, 0xac, 0x29, 0xb7, 0x71, 0x2a, 0x8c, + 0x34, 0x8a, 0xc8, 0x15, 0x22, 0x4c, 0x2c, 0x61, + 0xb6, 0x3a, 0x42, 0xf7, 0xea, 0xc4, 0xe7, 0x94, + 0xdd, 0x99, 0x63, 0x25, 0xc9, 0x2d, 0x1b, 0xb9, + 0xe8, 0xfd, 0x71, 0xb0, 0x3a, 0x1c, 0x2c, 0x06, + 0x6a, 0x99, 0x1e, 0x7b, 0x2c, 0x42, 0x1a, 0x30, + 0x29, 0xcf, 0x26, 0x33, 0x77, 0xf8, 0x05, 0xac, + 0xa9, 0x9b, 0x09, 0x9d, 0xdd, 0x69, 0xf8, 0x34, + 0x63, 0x7b, 0x87, 0x0b, 0x86, 0x9f, 0x7b, 0xc9, + 0x3d, 0x55, 0xdd, 0x07, 0x26, 0x7a, 0xff, 0x48, + 0xc7, 0x52, 0xb4, 0x2a, 0x17, 0x5a, 0x8c, 0x41, + 0x20, 0xa0, 0x24, 0x11, 0x03, 0xab, 0xcd, 0xad, + 0xa0, 0x0e, 0x6b, 0xfe, 0xd3, 0x98, 0x9b, 0xa8, + 0x12, 0x8a, 0x0d, 0x2f, 0xcc, 0x3d, 0x5b, 0x60, + 0xb0, 0x48, 0x93, 0xe5, 0x3a, 0x95, 0xd1, 0x61, + 0x34, 0x83, 0x5c, 0xf1, 0x10, 0x05, 0xf8, 0xba, + 0x54, 0x90, 0xd9, 0xcc, 0x40, 0x93, 0x36, 0x51, + 0x6b, 0xc1, 0x5c, 0x07, 0xa8, 0xa4, 0x1b, 0x9f, + 0x09, 0x3a, 0xfe, 0x5f, 0x1d, 0x97, 0x95, 0x8a, + 0x8f, 0x19, 0xd0, 0x5d, 0x5d, 0x73, 0xf5, 0x35, + 0x9b, 0xc7, 0x12, 0xcf, 0x15, 0x1c, 0x28, 0x70, + 0x0f, 0xb8, 0x2b, 0xc9, 0x78, 0x39, 0xea, 0xa1, + 0x5d, 0x69, 0xa6, 0x26, 0x36, 0x5a, 0x9f, 0x74, + 0x46, 0x90, 0xa3, 0x04, 0x72, 0xbb, 0x43, 0xe9, + 0x23, 0x20, 0x65, 0xb1, 0x1d, 0x87, 0xa9, 0x24, + 0x87, 0xed, 0xfb, 0x84, 0x4f, 0xe8, 0xfe, 0xe5, + 0xa3, 0x53, 0x60, 0x66, 0x5d, 0x00, 0x62, 0x94, + 0x51, 0x6d, 0x71, 0x7e, 0xd5, 0x27, 0x6c, 0x8f, + 0xfb, 0x70, 0xf0, 0xd6, 0x77, 0xdd, 0x16, 0xd4, + 0xb2, 0xeb, 0xf7, 0x1a, 0x60, 0xeb, 0x90, 0xf3, + 0xcf, 0x9a, 0x41, 0xe6, 0xb9, 0x6a, 0xd6, 0x0a, + 0xa9, 0xa8, 0x0a, 0xc6, 0x6e, 0xd8, 0x2e, 0x89, + 0x84, 0xe8, 0x68, 0x0e, 0x5b, 0x51, 0x28, 0xae, + 0x0a, 0xf6, 0x6c, 0x1c, 0x11, 0xab, 0x26, 0xe1, + 0x11, 0x9c, 0x23, 0x99, 0x6f, 0x34, 0xd6, 0x9c, + 0xd2, 0xad, 0xa6, 0x1c, 0x2e, 0x3e, 0xc5, 0x06, + 0xf2, 0xf0, 0x03, 0x7a, 0xec, 0x8a, 0xb2, 0xad, + 0x45, 0xcd, 0xcb, 0x84, 0xea, 0x3f, 0xf0, 0xb6, + 0x0a, 0x1b, 0xc6, 0x03, 0x02, 0x6c, 0x34, 0xc3, + 0x8f, 0xac, 0xdd, 0x90, 0xac, 0xda, 0xcd, 0x20, + 0xa7, 0xf0, 0x80, 0xe1, 0x98, 0xd8, 0x60, 0x8d, + 0x09, 0xbf, 0x3b, 0xa3, 0xe9, 0xd9, 0x77, 0x02, + 0xc6, 0x83, 0xf7, 0xc1, 0x6a, 0x16, 0x5c, 0x4c, + 0x1a, 0x63, 0x91, 0x31, 0xfd, 0x54, 0xa2, 0x8f, + 0x70, 0xc4, 0x91, 0x23, 0xc0, 0x7f, 0xc8, 0x37, + 0xae, 0x81, 0x2e, 0xdf, 0xfb, 0xc4, 0x88, 0x1d, + 0xf6, 0x3f, 0x6c, 0x8d, 0x7f, 0xb4, 0x4f, 0xee, + 0xd0, 0x4e, 0x6b, 0x87, 0xba, 0xef, 0x5a, 0xb3, + 0x59, 0x6b, 0xf5, 0x02, 0xb6, 0x73, 0xde, 0x4c, + 0x1b, 0x05, 0x32, 0xb7, 0xdc, 0x59, 0x5d, 0x51, + 0x40, 0xf4, 0xa4, 0x73, 0xe2, 0x14, 0xd2, 0x83, + 0x1d, 0x4e, 0x89, 0x2d, 0x1b, 0xbc, 0x16, 0xf7, + 0xdb, 0x1e, 0x71, 0x20, 0x80, 0x46, 0x6d, 0x3d, + 0x07, 0x26, 0x55, 0xda, 0xff, 0xa2, 0xd3, 0xdf, + 0x1f, 0xdb, 0x09, 0x4c, 0xaf, 0x53, 0x99, 0xb9, + 0x69, 0x84, 0x41, 0xbf, 0xbe, 0x35, 0x38, 0xb4, + 0xb6, 0x1b, 0x70, 0x84, 0xbd, 0x70, 0x78, 0x9f, + 0x8c, 0x20, 0x92, 0x71, 0x3c, 0x71, 0x65, 0x10, + 0x28, 0x2f, 0x87, 0x57, 0x7e, 0xb2, 0x96, 0x76, + 0x21, 0x6a, 0x03, 0x7d, 0x3b, 0xef, 0x52, 0x71, + 0xc7, 0x97, 0xfc, 0xa2, 0xab, 0xf3, 0x32, 0x28, + 0xd7, 0xe6, 0x43, 0x87, 0x49, 0x3f, 0x38, 0x0e, + 0xfc, 0x65, 0xa0, 0x60, 0x9a, 0x82, 0xb3, 0xab, + 0xe4, 0xe7, 0xc2, 0xd8, 0x40, 0x07, 0xc2, 0x3f, + 0x26, 0xfc, 0x92, 0x65, 0xe6, 0xe2, 0x21, 0x9c, + 0xdb, 0x06, 0x96, 0x45, 0xf2, 0x63, 0xff, 0xe6, + 0x4f, 0x6c, 0xc5, 0xdd, 0x31, 0xb4, 0xb3, 0x62, + 0xa7, 0x08, 0x74, 0x75, 0x61, 0xcc, 0x65, 0x4c, + 0xbb, 0x1c, 0x08, 0x61, 0xa8, 0xc5, 0x23, 0x92, + 0x90, 0x5a, 0x72, 0x55, 0x71, 0xd0, 0x88, 0x03, + 0x48, 0xaf, 0x36, 0xfa, 0x4b, 0x27, 0x46, 0x70, + 0xa9, 0x11, 0x6c, 0x7d, 0xcc, 0x3d, 0xe3, 0x84, + 0xf0, 0x40, 0xf9, 0xef, 0xc2, 0xab, 0x8a, 0x46, + 0x19, 0x80, 0xaa, 0x3c, 0x72, 0x41, 0x48, 0x54, + 0xad, 0x3b, 0xea, 0x2f, 0xef, 0xf6, 0x8a, 0x6f, + 0x76, 0xe3, 0xd3, 0xf4, 0x45, 0xf4, 0x1e, 0xa1, + 0x3e, 0xf6, 0xcf, 0x03, 0x22, 0xcc, 0xc5, 0x89, + 0x16, 0xd4, 0x72, 0xc3, 0x9f, 0xf0, 0x42, 0x12, + 0x3a, 0x5e, 0xbb, 0x5c, 0x05, 0x57, 0x98, 0x76, + 0xae, 0x12, 0x48, 0x7f, 0xe2, 0x65, 0x7d, 0xdc, + 0x4d, 0xec, 0x2c, 0x90, 0xa0, 0xc1, 0x8e, 0xa0, + 0xc8, 0x62, 0xa6, 0xd1, 0x94, 0x92, 0xe0, 0x45, + 0x4b, 0xdd, 0x72, 0x13, 0x89, 0x13, 0xab, 0x0a, + 0x89, 0x99, 0xf8, 0xc8, 0x0a, 0xe9, 0x7d, 0x1d, + 0x36, 0x9f, 0x42, 0xfc, 0x0b, 0xdb, 0xd0, 0x12, + 0x8a, 0x56, 0x05, 0x14, 0x62, 0xae, 0x71, 0xab, + 0x1e, 0x78, 0x8e, 0x98, 0x9a, 0xbb, 0x4c, 0xe8, + 0x8e, 0x9d, 0x08, 0xb7, 0x96, 0x64, 0xf8, 0xeb, + 0x4d, 0x1f, 0x8c, 0x20, 0xd3, 0x50, 0xda, 0x25, + 0xf4, 0xaa, 0xd0, 0xcd, 0xe2, 0xcf, 0x10, 0x69, + 0x66, 0xa3, 0x88, 0x9d, 0x13, 0x17, 0xe3, 0xad, + 0x99, 0x94, 0x07, 0x97, 0x49, 0x22, 0x6f, 0xb0, + 0x70, 0xc2, 0x21, 0xd7, 0xd8, 0xfa, 0x14, 0xb2, + 0x4b, 0xfc, 0xbb, 0x26, 0x3e, 0x49, 0x35, 0x9f, + 0x3c, 0x6d, 0xfc, 0x93, 0x46, 0x2c, 0x43, 0xf8, + 0x89, 0x13, 0xfd, 0x06, 0x7f, 0x54, 0x08, 0x99, + 0x1b, 0xb8, 0xd7, 0x06, 0xec, 0xbf, 0x0e, 0x93, + 0xf5, 0x66, 0x87, 0xfe, 0x86, 0xd4, 0x01, 0xc1, + 0x1d, 0xbc, 0x1d, 0x3a, 0x71, 0x8b, 0x17, 0x5a, + 0x12, 0xbf, 0xed, 0x6f, 0xc4, 0x17, 0x4c, 0xbf, + 0xa2, 0xa5, 0xc4, 0x3d, 0x9f, 0xb8, 0x07, 0xaa, + 0xe5, 0x78, 0x70, 0x0e, 0x5c, 0x90, 0xe6, 0x81, + 0x28, 0x0f, 0x5b, 0x14, 0xdb, 0xef, 0x66, 0xff, + 0x4a, 0x51, 0xe8, 0x41, 0xa6, 0xca, 0x0f, 0x26, + 0x23, 0x43, 0xb4, 0x1a, 0x2c, 0x05, 0x15, 0x4f, + 0xa2, 0x60, 0xd8, 0x20, 0x94, 0x68, 0x81, 0xa1, + 0xa7, 0x5d, 0xab, 0x8c, 0xeb, 0xb2, 0x00, 0xb9, + 0xe0, 0x8e, 0x71, 0x4a, 0x01, 0xcc, 0x6f, 0xd4, + 0x9e, 0x63, 0x1b, 0x0a, 0xbd, 0x30, 0x4c, 0xc1, + 0x49, 0xae, 0x34, 0xf5, 0xf3, 0x1f, 0xae, 0xce, + 0x02, 0xf7, 0xcb, 0x07, 0xf8, 0xfd, 0x5c, 0x7e, + 0xf9, 0xbd, 0x01, 0x3b, 0x2b, 0x02, 0x56, 0x97, + 0x7f, 0x08, 0xf5, 0x42, 0x25, 0xc5, 0x92, 0x2e, + 0x7e, 0x59, 0xdd, 0x4f, 0xbe, 0x00, 0x53, 0x16, + 0x4b, 0x18, 0x85, 0x30, 0x10, 0x71, 0x1b, 0xc3, + 0x61, 0x9c, 0x3a, 0xd5, 0x10, 0xb0, 0x32, 0x4b, + 0x3f, 0x03, 0x58, 0xe1, 0x71, 0x78, 0x9d, 0xa5, + 0x96, 0x85, 0x8a, 0xb0, 0x17, 0x47, 0xa9, 0x4d, + 0xa0, 0x35, 0xca, 0xd8, 0xcc, 0x85, 0x51, 0x4b, + 0x70, 0x32, 0xc2, 0xbc, 0x0f, 0xdb, 0x01, 0xbf, + 0xcc, 0xa5, 0x44, 0xae, 0xf6, 0x9d, 0xa9, 0x0d, + 0x6f, 0xd6, 0xaf, 0x7c, 0x51, 0x09, 0x0a, 0x36, + 0x46, 0x98, 0x85, 0x6a, 0x07, 0xe1, 0x9d, 0xb8, + 0x6c, 0x8b, 0xf7, 0x1b, 0x87, 0x9e, 0x99, 0xb8, + 0x6c, 0x4c, 0x70, 0x9c, 0x91, 0x8d, 0xb8, 0x04, + 0x1e, 0x20, 0xc7, 0x50, 0x2a, 0x37, 0xd5, 0x43, + 0x3e, 0xb5, 0x7c, 0xfe, 0x30, 0xec, 0x1e, 0xbe, + 0xf6, 0x62, 0x57, 0x15, 0xb4, 0xe4, 0xe6, 0x1f, + 0x97, 0xea, 0xc6, 0xcc, 0xb1, 0x67, 0xbb, 0xa3, + 0xc1, 0x3f, 0x2f, 0xf6, 0x2c, 0xb7, 0x5d, 0x2e, + 0xb3, 0x9a, 0x89, 0xbd, 0x3f, 0xbe, 0x9b, 0x4f, + 0xc3, 0x6a, 0x8d, 0x33, 0xaa, 0x9b, 0x48, 0x43, + 0xa0, 0xe1, 0xec, 0xce, 0x09, 0xf5, 0x03, 0x46, + 0x7b, 0x2d, 0xc6, 0x07, 0x50, 0xc5, 0xd1, 0x4c, + 0x19, 0x2b, 0x6e, 0x56, 0xf9, 0x2e, 0x15, 0x1f, + 0xff, 0x00, 0x18, 0x7d, 0x0f, 0x16, 0xd0, 0xa0, + 0x60, 0x8c, 0x30, 0xac, 0x3c, 0x47, 0x94, 0x2e, + 0xae, 0xb2, 0x1f, 0x2e, 0x63, 0x42, 0x3c, 0x2c, + 0x9e, 0x91, 0x38, 0xf2, 0x50, 0xc9, 0xf0, 0x09, + 0x93, 0x07, 0xe3, 0x89, 0xe5, 0xde, 0x71, 0xba, + 0x87, 0x14, 0x50, 0x9d, 0x9b, 0x33, 0x53, 0x6d, + 0xef, 0x02, 0x2f, 0x8e, 0xdf, 0xb0, 0x27, 0x72, + 0x86, 0xda, 0xd0, 0xd7, 0x8f, 0xa7, 0x20, 0x0b, + 0x5b, 0xd4, 0xb3, 0xbf, 0x9d, 0x4c, 0xf6, 0x27, + 0xe9, 0xc6, 0x8a, 0x0a, 0xfa, 0x8d, 0x16, 0x95, + 0xe9, 0xc7, 0x2a, 0x62, 0xff, 0x80, 0x75, 0x02, + 0x66, 0x43, 0x0e, 0xff, 0x90, 0xe6, 0xe9, 0x43, + 0x9c, 0x95, 0x53, 0xa3, 0x26, 0xd8, 0x4c, 0x54, + 0xf9, 0x77, 0xcb, 0x4f, 0x53, 0x70, 0xa1, 0x9c, + 0x12, 0x10, 0x05, 0xe0, 0xc8, 0x0a, 0x7b, 0x66, + 0x05, 0xb6, 0x83, 0xea, 0x23, 0x66, 0x67, 0xfa, + 0x04, 0x5e, 0x5f, 0x73, 0x24, 0x39, 0x98, 0x49, + 0x0a, 0x69, 0x92, 0x69, 0x3c, 0x5f, 0xef, 0x79, + 0x25, 0x9f, 0x52, 0xbe, 0x42, 0xe6, 0x56, 0x0d, + 0x0e, 0x64, 0x48, 0x88, 0xf1, 0x6c, 0xe5, 0xa4, + 0xa0, 0x14, 0x98, 0xb5, 0x85, 0xf9, 0x0e, 0x67, + 0x08, 0x31, 0xc4, 0x9e, 0x42, 0x98, 0x98, 0x02, + 0x0a, 0x4c, 0x3f, 0xac, 0xb7, 0x6c, 0x0f, 0x12, + 0x01, 0x26, 0xbb, 0x6c, 0x94, 0x59, 0x08, 0x7f, + 0xf0, 0xb6, 0x49, 0xed, 0x5d, 0x14, 0x36, 0x83, + 0xbe, 0x7a, 0x43, 0x7e, 0x21, 0xc8, 0x0e, 0xe8, + 0xa5, 0xf9, 0x2a, 0x76, 0x06, 0xb3, 0x86, 0x55, + 0x43, 0x34, 0x27, 0xcd, 0xdf, 0xc1, 0x27, 0x77, + 0x07, 0x73, 0x3a, 0x3b, 0xa1, 0xc6, 0x7e, 0x25, + 0x4b, 0x6f, 0x47, 0x74, 0x7e, 0xb9, 0xb3, 0xa5, + 0x37, 0xdc, 0x12, 0xcd, 0xe1, 0xe6, 0x3c, 0x05, + 0x79, 0x6f, 0xdc, 0x8d, 0x6e, 0xa6, 0x13, 0xd0, + 0x21, 0x11, 0x74, 0xd6, 0x6a, 0x34, 0x52, 0x0e, + 0xb4, 0xd0, 0x47, 0x65, 0x21, 0xa0, 0xde, 0x3d, + 0x45, 0xc2, 0x59, 0x8c, 0x57, 0x6e, 0x7d, 0xa7, + 0x3b, 0xa4, 0xcb, 0x9d, 0xea, 0x45, 0x04, 0x47, + 0x2f, 0xfe, 0xff, 0x85, 0x9d, 0xc2, 0xde, 0x71, + 0x15, 0x32, 0xc3, 0x90, 0xb0, 0x76, 0x0b, 0x9c, + 0xfb, 0xda, 0xd5, 0x42, 0xbd, 0x5d, 0x62, 0x38, + 0x42, 0x34, 0x0b, 0xc7, 0xca, 0x0f, 0x13, 0x02, + 0x2a, 0x59, 0xc0, 0xa8, 0x2d, 0x8f, 0xcc, 0xf0, + 0x72, 0x65, 0xd2, 0x45, 0x82, 0xed, 0xe1, 0xfe, + 0x3a, 0xbd, 0xb1, 0x49, 0x14, 0x87, 0x70, 0x80, + 0x45, 0x7b, 0xe3, 0xbf, 0x8c, 0xe1, 0x24, 0xd5, + 0xcf, 0xcf, 0x64, 0xf6, 0xad, 0x86, 0x96, 0xd0, + 0x0a, 0x7f, 0x9c, 0x8a, 0x8a, 0xff, 0x63, 0x65, + 0x9f, 0x18, 0x88, 0xcf, 0xd6, 0x70, 0xf3, 0xdd, + 0xc0, 0xab, 0x04, 0xc8, 0xc6, 0x46, 0xd6, 0x18, + 0x56, 0xfe, 0x3e, 0x2e, 0x47, 0x9d, 0x21, 0x46, + 0x19, 0xf3, 0x4b, 0x99, 0x94, 0xc6, 0x80, 0x0d, + 0xba, 0x43, 0x23, 0x97, 0x8c, 0xa5, 0x5b, 0x9a, + 0x31, 0x16, 0xe7, 0x52, 0x6f, 0x6e, 0xf7, 0x53, + 0xb7, 0x05, 0x78, 0x3f, 0x64, 0xf9, 0x94, 0x2c, + 0x62, 0xb5, 0x3a, 0x1f, 0xc3, 0xb8, 0xe6, 0xb1, + 0x23, 0x7e, 0x21, 0x5c, 0xa1, 0x8a, 0xa5, 0x4f, + 0x2a, 0xda, 0x12, 0xe4, 0xcf, 0x7a, 0x6a, 0x63, + 0xe2, 0x1d, 0xfe, 0xaa, 0x28, 0xd7, 0xa2, 0x70, + 0x96, 0xe0, 0x1d, 0xd1, 0xaa, 0x77, 0xa9, 0x5a, + 0x0c, 0x04, 0xc4, 0x7b, 0x9f, 0xbb, 0xc3, 0xc3, + 0x1f, 0xe1, 0x24, 0xbb, 0xf6, 0xf8, 0xc8, 0x7b, + 0xf0, 0x5b, 0x44, 0x22, 0xd1, 0xd5, 0x85, 0xed, + 0x4a, 0xc4, 0xdb, 0x62, 0xbb, 0xfc, 0x8a, 0x52, + 0xbb, 0x5f, 0xc0, 0xc1, 0x62, 0x79, 0x7a, 0xe4, + 0x4d, 0xef, 0x77, 0x7b, 0x25, 0xa1, 0x69, 0xcf, + 0xd2, 0xfe, 0x7c, 0xbe, 0x87, 0x87, 0x38, 0x34, + 0xe9, 0x9f, 0x4f, 0x0a, 0xbd, 0xa6, 0x63, 0x7a, + 0x2a, 0x82, 0x0b, 0x17, 0x7e, 0xaa, 0x7a, 0x5d, + 0x85, 0x06, 0xf6, 0x3d, 0x16, 0x04, 0xf9, 0xe4, + 0x92, 0xfd, 0xc3, 0x34, 0xe9, 0xfb, 0x0a, 0xe2, + 0x63, 0x54, 0x8a, 0x2a, 0xa8, 0x60, 0x7a, 0x59, + 0xf7, 0x41, 0x93, 0x42, 0x46, 0xb3, 0x16, 0xb9, + 0x00, 0xdb, 0xb0, 0x7c, 0xcb, 0x56, 0x06, 0x7c, + 0x00, 0xd2, 0xc4, 0x2d, 0x44, 0x28, 0xd1, 0xbf, + 0x48, 0x9d, 0x96, 0x91, 0x2c, 0xa2, 0xe1, 0xe6, + 0x2d, 0x0f, 0xc5, 0xbe, 0xd1, 0x21, 0x03, 0xca, + 0x41, 0x19, 0x0c, 0x14, 0xf7, 0xd8, 0x51, 0x3d, + 0xca, 0xcd, 0x7b, 0x9b, 0x14, 0x1d, 0x69, 0x08, + 0x5f, 0xdc, 0x72, 0x4b, 0x6e, 0xce, 0x8e, 0x50, + 0x50, 0x20, 0x88, 0x40, 0xbc, 0x90, 0xbe, 0xa4, + 0xa1, 0x82, 0xd2, 0x8d, 0x3b, 0xff, 0xbe, 0x1e, + 0x1c, 0x7e, 0xc6, 0x6e, 0x3d, 0x5e, 0x31, 0x0a, + 0x93, 0x8b, 0x9b, 0x71, 0x27, 0xef, 0xcc, 0x47, + 0xf4, 0x07, 0xde, 0x15, 0xb0, 0x59, 0xdb, 0x8c, + 0xa7, 0xa7, 0x3e, 0x0e, 0x6d, 0x28, 0x9f, 0x37, + 0x81, 0x85, 0x4a, 0x90, 0x61, 0x3e, 0x94, 0xa8, + 0x8a, 0x6d, 0x7c, 0x9b, 0x80, 0x3c, 0x24, 0x8b, + 0xe7, 0x97, 0x0e, 0x4b, 0xe1, 0x93, 0x8a, 0x61, + 0x68, 0xb9, 0x9e, 0x38, 0xa4, 0x11, 0x23, 0xe6, + 0xaf, 0x0c, 0x20, 0x86, 0xd2, 0x91, 0xb9, 0x83, + 0x63, 0x0a, 0xf4, 0x85, 0x2d, 0x07, 0xff, 0x9d, + 0xc6, 0xa6, 0xff, 0x46, 0x1c, 0x95, 0x33, 0x8c, + 0xad, 0x2b, 0x13, 0xc5, 0xc6, 0x1b, 0xab, 0xdb, + 0xde, 0x8d, 0x51, 0x11, 0x2a, 0x1d, 0xe2, 0x11, + 0xa4, 0x1a, 0xea, 0x0c, 0xbb, 0xba, 0xa7, 0x45, + 0x3b, 0xb9, 0xac, 0x70, 0x76, 0x62, 0x20, 0x75, + 0x13, 0x9a, 0xb7, 0xb4, 0x46, 0x35, 0x27, 0x00, + 0x4a, 0xb2, 0x6b, 0x67, 0x5e, 0x5e, 0x3f, 0x42, + 0xf1, 0xf2, 0x39, 0x3d, 0x94, 0xa2, 0xa6, 0x71, + 0xe8, 0xc9, 0xc5, 0xed, 0x5b, 0x16, 0x66, 0xc8, + 0xea, 0x5e, 0xb1, 0x68, 0x6f, 0xd1, 0x08, 0x76, + 0x29, 0xb4, 0x56, 0x05, 0x51, 0xf0, 0xa5, 0x7f, + 0x64, 0xab, 0x7f, 0xe8, 0x29, 0xa3, 0x61, 0x47, + 0x48, 0x15, 0xfc, 0x16, 0xd6, 0xdf, 0x53, 0x4f, + 0x69, 0xec, 0x7e, 0xd5, 0x24, 0x4b, 0xc8, 0xb6, + 0x42, 0x2f, 0x26, 0x1d, 0x39, 0x20, 0x5a, 0xcc, + 0xc9, 0xb9, 0xa1, 0x42, 0xe6, 0xe5, 0x21, 0xd1, + 0xf4, 0x95, 0x49, 0x11, 0x4d, 0x4a, 0xbb, 0xe9, + 0x9c, 0x43, 0x17, 0x5d, 0x09, 0x97, 0x8e, 0x8f, + 0x0d, 0x3c, 0x26, 0x83, 0x9c, 0xdc, 0x73, 0x65, + 0x9b, 0x19, 0x15, 0x31, 0xcc, 0x81, 0x48, 0x1e, + 0xe0, 0x39, 0x59, 0x52, 0x7a, 0x38, 0x54, 0x72, + 0x90, 0xb4, 0x94, 0x49, 0x69, 0x7e, 0x85, 0xb9, + 0xd8, 0xa9, 0x8c, 0xfe, 0x70, 0x73, 0xa1, 0x26, + 0xf3, 0x26, 0x3b, 0x99, 0xa0, 0x79, 0xc4, 0x14, + 0x1a, 0xe1, 0xf4, 0x5f, 0xfb, 0xa2, 0x93, 0xfc, + 0x19, 0x74, 0x84, 0xa3, 0xc3, 0xc7, 0xb8, 0x5b, + 0x1b, 0xbe, 0x46, 0xe1, 0x6b, 0x76, 0xe1, 0x7c, + 0xc1, 0xba, 0xd3, 0xcd, 0x48, 0x7d, 0x7a, 0x10, + 0xd2, 0xd0, 0x1c, 0x8e, 0xd8, 0x4f, 0x8d, 0x67, + 0x43, 0x54, 0xaf, 0x11, 0xed, 0xe1, 0xda, 0xd5, + 0xa0, 0x10, 0x8d, 0xc6, 0x44, 0xb5, 0x8f, 0x5c, + 0xc7, 0x18, 0xd4, 0xc6, 0x96, 0xc9, 0x36, 0x17, + 0xdc, 0xf4, 0x9b, 0x11, 0x4f, 0x22, 0xbf, 0xab, + 0xcf, 0xcc, 0x14, 0xec, 0x15, 0xc3, 0xc1, 0x59, + 0x8f, 0xd1, 0xe1, 0xd4, 0x88, 0xd0, 0x4f, 0x07, + 0xea, 0xfa, 0x74, 0x60, 0x0f, 0xe6, 0x59, 0x6d, + 0x68, 0x22, 0x52, 0xc4, 0x22, 0xae, 0xbd, 0xda, + 0x3d, 0xb3, 0xc3, 0x11, 0x80, 0xef, 0x83, 0xd0, + 0x1e, 0x45, 0x7d, 0x0e, 0xc8, 0x1c, 0xc1, 0x77, + 0xf2, 0x11, 0xbb, 0xa5, 0xd9, 0x38, 0x39, 0xf0, + 0x03, 0xf4, 0xb6, 0xdb, 0x62, 0x04, 0x67, 0x8d, + 0x08, 0x4f, 0xe1, 0x94, 0x25, 0x63, 0x8c, 0x1d, + 0xe5, 0xdf, 0xa5, 0x93, 0x95, 0x6c, 0x83, 0xf3, + 0x68, 0x62, 0xea, 0x59, 0x21, 0x0c, 0x31, 0xbd, + 0x26, 0x00, 0x00, 0x0a, 0x81, 0x1a, 0xb9, 0x5a, + 0x94, 0x73, 0xb0, 0x7b, 0xf4, 0x60, 0xbe, 0x22, + 0x37, 0x04, 0xa7, 0x36, 0xa5, 0x5d, 0xff, 0x24, + 0x8d, 0x25, 0xfd, 0xe0, 0xe3, 0xbb, 0xb2, 0xf1, + 0xb1, 0x70, 0x3a, 0xad, 0x3a, 0x80, 0x99, 0x8b, + 0xf5, 0xf3, 0x61, 0x24, 0x50, 0x0a, 0xd7, 0x46, + 0x91, 0x9a, 0x11, 0x16, 0x1f, 0xbc, 0x01, 0x14, + 0x2b, 0xb6, 0x0c, 0xd9, 0xe8, 0x0a, 0x56, 0xf9, + 0xeb, 0xb7, 0x13, 0x7c, 0xfb, 0x05, 0x43, 0xb7, + 0xe9, 0x9c, 0x8f, 0x65, 0x7b, 0xdf, 0xfd, 0x90, + 0x0b, 0x5d, 0x95, 0xf6, 0xb6, 0xf9, 0x9a, 0xef, + 0x60, 0xad, 0xc2, 0xd0, 0xc4, 0xb4, 0xdd, 0x52, + 0x83, 0xde, 0xef, 0x2a, 0x43, 0x22, 0x28, 0xfb, + 0x52, 0x1a, 0xdb, 0x74, 0xfa, 0xab, 0x82, 0xda, + 0x64, 0xbf, 0xdd, 0xc9, 0xc5, 0x22, 0xaa, 0x5f, + 0x4f, 0x75, 0x50, 0x02, 0x1c, 0x0e, 0x82, 0x7c, + 0x70, 0x80, 0xb7, 0xf8, 0x7e, 0x5d, 0x19, 0x8d, + 0xc2, 0x89, 0xe6, 0xb8, 0x78, 0x0c, 0x00, 0xbb, + 0xc8, 0xd5, 0x99, 0x7c, 0x82, 0x09, 0x22, 0xd0, + 0x72, 0xe6, 0x09, 0x15, 0x5d, 0xa4, 0xe2, 0xd0, + 0xc4, 0xfc, 0x06, 0x53, 0xc9, 0xda, 0x48, 0x94, + 0xcb, 0xc2, 0xec, 0xf6, 0xf7, 0xdc, 0xae, 0x0b, + 0x1f, 0x5b, 0x06, 0xa9, 0xf7, 0x4b, 0xff, 0x02, + 0xd1, 0xf3, 0xaf, 0xe3, 0xe9, 0x57, 0xab, 0x6d, + 0x4b, 0x43, 0x53, 0xe9, 0xd1, 0xcd, 0xbd, 0xbe, + 0xb8, 0x95, 0xa0, 0xaa, 0x3f, 0xe1, 0x49, 0x32, + 0x7b, 0x5f, 0x3c, 0x17, 0x48, 0x2f, 0x77, 0xb4, + 0x15, 0xab, 0xa9, 0x72, 0x3f, 0x3c, 0x8c, 0x55, + 0x8e, 0x4c, 0xcf, 0x33, 0xd5, 0x09, 0x27, 0x55, + 0x65, 0x2c, 0x1a, 0x9c, 0x54, 0xf8, 0x21, 0x2f, + 0xce, 0x53, 0x53, 0x94, 0x42, 0x62, 0xb8, 0xf6, + 0xd1, 0x69, 0x93, 0xc7, 0xc7, 0xf3, 0x3b, 0xf2, + 0xf8, 0xc3, 0xeb, 0x6d, 0x54, 0x08, 0x85, 0x96, + 0x1f, 0x3d, 0x01, 0x3c, 0x06, 0x3d, 0x5b, 0xf2, + 0xbe, 0x35, 0x89, 0x50, 0xe7, 0x70, 0x08, 0xb9, + 0xf3, 0x41, 0x20, 0x82, 0x88, 0xe9, 0x56, 0xeb, + 0xbe, 0xf2, 0x19, 0xbd, 0x1f, 0x96, 0xb7, 0x65, + 0xab, 0xbb, 0x7d, 0x0d, 0x29, 0xb6, 0x83, 0xaf, + 0xde, 0x5d, 0x63, 0xf7, 0xfc, 0x1b, 0xf9, 0x07, + 0xda, 0xc9, 0x6b, 0xdb, 0x3e, 0x06, 0x99, 0x73, + 0x2b, 0x51, 0x9e, 0x69, 0xe4, 0xf4, 0xbf, 0x57, + 0x71, 0x1a, 0x0d, 0x36, 0xce, 0xd7, 0xab, 0x2c, + 0xf3, 0x77, 0x15, 0xa4, 0xeb, 0x9c, 0x37, 0xed, + 0xdb, 0xb6, 0xe1, 0xd0, 0xf7, 0xb8, 0xec, 0x5f, + 0xa9, 0x9b, 0xef, 0x4a, 0x4f, 0x08, 0xc5, 0x21, + 0x6d, 0x33, 0x05, 0x36, 0xa8, 0x16, 0x1a, 0x40, + 0x44, 0x31, 0x44, 0xb4, 0x24, 0x67, 0x4e, 0xee, + 0x55, 0xdc, 0xdd, 0x19, 0x58, 0xdd, 0xf6, 0x12, + 0x98, 0xf2, 0x95, 0x38, 0xc4, 0x42, 0xbf, 0xd6, + 0x02, 0x8b, 0x4d, 0x48, 0x3f, 0x36, 0xc1, 0x51, + 0xcb, 0x46, 0x74, 0xfc, 0xe4, 0x5d, 0xc9, 0x01, + 0xa9, 0x2a, 0x48, 0x1d, 0x69, 0xd4, 0x38, 0x3d, + 0x75, 0x53, 0xe0, 0x4c, 0x4f, 0x36, 0x7c, 0x17, + 0x1c, 0x87, 0xe8, 0x68, 0xdd, 0x9a, 0x28, 0x98, + 0xd1, 0x36, 0xe5, 0x67, 0x73, 0xaf, 0x1d, 0x36, + 0x35, 0x15, 0x72, 0xf2, 0x0b, 0x0b, 0xb4, 0x9f, + 0xc7, 0x2b, 0xf2, 0x25, 0x78, 0x87, 0x39, 0x42, + 0x50, 0xba, 0x80, 0x3f, 0xa5, 0x84, 0xdc, 0xde, + 0xc3, 0x43, 0x2b, 0xa6, 0x56, 0x15, 0xa4, 0x8f, + 0x27, 0xf9, 0x75, 0xd8, 0x61, 0x0d, 0x22, 0x4d, + 0x81, 0x56, 0xee, 0xe8, 0x48, 0x57, 0xb8, 0xe5, + 0x70, 0x64, 0x94, 0x2f, 0xa1, 0x2f, 0xe4, 0x16, + 0xa8, 0x18, 0xa8, 0xee, 0x79, 0x0b, 0x4f, 0x60, + 0x80, 0x86, 0x39, 0x57, 0x6c, 0x71, 0x5e, 0xed, + 0x0c, 0x1c, 0x63, 0x33, 0xdd, 0xa6, 0x2c, 0xf2, + 0x89, 0x91, 0xa7, 0x79, 0xdf, 0x67, 0xf2, 0x9c, + 0x07, 0xa6, 0xeb, 0x74, 0x4d, 0xb1, 0xfe, 0xdd, + 0x99, 0xe2, 0x01, 0x72, 0x86, 0xe0, 0x87, 0x0d, + 0x3d, 0x63, 0xe0, 0x84, 0xbd, 0x93, 0xf1, 0x33, + 0x00, 0x59, 0x7c, 0xb9, 0xcd, 0x71, 0x4c, 0xc5, + 0x29, 0x17, 0x48, 0xcc, 0xf4, 0xb1, 0x40, 0xd8, + 0x1a, 0x72, 0x0c, 0xd5, 0xa3, 0xb1, 0x93, 0x07, + 0xa4, 0xdc, 0x48, 0xbb, 0x09, 0x34, 0xfe, 0x13, + 0x39, 0x37, 0x14, 0xf3, 0x94, 0x89, 0x1d, 0xbc, + 0x00, 0xe7, 0x58, 0x0c, 0xf9, 0x65, 0xd2, 0xdc, + 0x8f, 0x14, 0x55, 0xd1, 0x1c, 0x23, 0x70, 0x1f, + 0xaa, 0x4d, 0x26, 0xbf, 0xba, 0xff, 0xb7, 0xa0, + 0xe3, 0x56, 0x3a, 0x92, 0xa0, 0xfa, 0xb3, 0x43, + 0x60, 0x0a, 0x26, 0x5d, 0x84, 0xea, 0x3b, 0xe4, + 0xae, 0xbe, 0x50, 0x8a, 0x4e, 0x87, 0x2c, 0x00, + 0x31, 0x80, 0xf7, 0x0c, 0xc6, 0x45, 0x1e, 0x20, + 0x6f, 0x20, 0xb2, 0x1b, 0x37, 0x16, 0x8b, 0x11, + 0x70, 0x1a, 0x7d, 0x20, 0xeb, 0x40, 0x7e, 0x23, + 0x35, 0x90, 0x75, 0xa1, 0xb3, 0x6c, 0x31, 0x9d, + 0x85, 0xe6, 0x98, 0xdf, 0x3a, 0xc9, 0xc4, 0xd9, + 0x92, 0xe0, 0xa1, 0xf7, 0x65, 0x5c, 0xa2, 0x7f, + 0x67, 0x27, 0x4a, 0xaf, 0x32, 0x2a, 0xbd, 0x7a, + 0x3a, 0x9a, 0xfa, 0x39, 0x05, 0xc9, 0x29, 0x8d, + 0x60, 0x81, 0x89, 0x87, 0x97, 0x79, 0x62, 0x40, + 0x98, 0x87, 0xf1, 0x29, 0x30, 0xb2, 0xeb, 0x53, + 0xdf, 0xdc, 0xfa, 0x9d, 0x3c, 0x98, 0xe7, 0xc3, + 0xa9, 0x61, 0xc5, 0xd7, 0x12, 0xb0, 0xb2, 0xf7, + 0x65, 0x8a, 0x24, 0xa9, 0x70, 0xa0, 0x62, 0xf3, + 0x7f, 0xc8, 0xdc, 0xad, 0xde, 0x33, 0x37, 0x45, + 0x54, 0xb6, 0xb3, 0x04, 0x6b, 0x28, 0xd6, 0xa2, + 0xc6, 0x7c, 0x79, 0x94, 0x88, 0x6b, 0xb2, 0x33, + 0x33, 0x5e, 0xbb, 0xbf, 0x42, 0xee, 0xda, 0x2c, + 0x28, 0xf4, 0x77, 0xba, 0x0b, 0xae, 0xa2, 0x5e, + 0xf5, 0x95, 0x46, 0x6f, 0xf7, 0x43, 0xd9, 0x01, + 0x9f, 0x0d, 0xf3, 0xd4, 0xc7, 0xef, 0x76, 0x46, + 0x78, 0xa2, 0xc6, 0x29, 0xab, 0xa8, 0xa5, 0x9f, + 0x67, 0x31, 0xd5, 0xdb, 0xe0, 0xe0, 0xb1, 0x17, + 0x6e, 0xf5, 0x8e, 0xa5, 0x93, 0xca, 0xf4, 0xd1, + 0xc9, 0xc2, 0xd2, 0xce, 0x20, 0x46, 0x3f, 0xb4, + 0x22, 0xa6, 0x58, 0x64, 0x5b, 0x01, 0xa6, 0x14, + 0xd7, 0xec, 0x5b, 0x9b, 0x80, 0x0f, 0x81, 0x29, + 0xed, 0x2b, 0x9d, 0xe4, 0x5e, 0xce, 0x64, 0xc6, + 0x51, 0xde, 0xef, 0xc2, 0xff, 0xa8, 0x74, 0x75, + 0x62, 0x71, 0xc0, 0x49, 0x04, 0x78, 0x06, 0xbd, + 0xaa, 0x77, 0xab, 0x02, 0x3c, 0xde, 0xd5, 0x33, + 0xa0, 0x09, 0xe0, 0x79, 0xd5, 0x54, 0x80, 0xde, + 0x7d, 0xdb, 0xb7, 0xba, 0xaa, 0xb3, 0xac, 0x3a, + 0x8b, 0x5f, 0x35, 0x7f, 0x54, 0x25, 0xf0, 0x29, + 0xde, 0x76, 0xe0, 0x97, 0x16, 0x53, 0x6b, 0x2c, + 0xdf, 0x76, 0x3c, 0xf5, 0xc1, 0xe5, 0x15, 0x4f, + 0xd8, 0x1d, 0x1c, 0xc4, 0xd4, 0xac, 0xc1, 0xed, + 0x23, 0x59, 0x41, 0x96, 0x01, 0x1d, 0xae, 0x52, + 0x9e, 0x0e, 0xe8, 0xf1, 0x1d, 0xb9, 0xc3, 0x25, + 0x8a, 0x57, 0x89, 0xb7, 0x71, 0x00, 0xe9, 0x69, + 0xa2, 0xdc, 0x91, 0xb7, 0x91, 0xe9, 0x6c, 0xa1, + 0x0c, 0xb1, 0x7b, 0x84, 0xb6, 0x3b, 0xe2, 0xf2, + 0x10, 0x3b, 0x8e, 0x34, 0xb4, 0x99, 0xb8, 0x28, + 0xc1, 0xaf, 0x59, 0x38, 0x62, 0x6e, 0x12, 0xf1, + 0x19, 0x95, 0x58, 0x66, 0xc8, 0x58, 0x79, 0xdb, + 0x5d, 0x97, 0x01, 0xc2, 0x93, 0x48, 0xd1, 0x6a, + 0xea, 0xdb, 0xb7, 0xb5, 0x47, 0x26, 0x3f, 0x38, + 0x97, 0x1e, 0x00, 0xbb, 0x5f, 0x2f, 0x80, 0x59, + 0xe3, 0xe4, 0x23, 0x1d, 0x1c, 0x1e, 0xc5, 0xd1, + 0x62, 0x01, 0xc6, 0x8a, 0x4a, 0xf0, 0xf5, 0xbc, + 0xa7, 0xf7, 0x44, 0x3a, 0xda, 0x85, 0xe1, 0x8a, + 0x9e, 0x96, 0x9e, 0x73, 0x29, 0x23, 0x0c, 0x5d, + 0x38, 0xae, 0xce, 0x15, 0xc9, 0x38, 0x6e, 0xc0, + 0xf0, 0x96, 0x3e, 0x73, 0x6e, 0x08, 0x1b, 0x1d, + 0x2b, 0x75, 0xd6, 0x57, 0x7b, 0x63, 0x17, 0xeb, + 0xcc, 0x94, 0xaf, 0x57, 0xd0, 0x0c, 0x5b, 0x58, + 0xae, 0x9d, 0x95, 0xc5, 0x08, 0x4e, 0x66, 0x04, + 0xd3, 0x45, 0x56, 0xbb, 0xfb, 0x62, 0x36, 0x3c, + 0xd6, 0x03, 0xb3, 0xa4, 0x8d, 0xd2, 0xd9, 0xed, + 0xdb, 0xce, 0x3d, 0xbe, 0x67, 0xb6, 0xf4, 0x36, + 0x15, 0x31, 0x58, 0x61, 0x63, 0xa1, 0xa5, 0xb9, + 0xbe, 0xc1, 0xcf, 0x03, 0x31, 0x8d, 0xff, 0x91, + 0xba, 0xe0, 0xed, 0xee, 0x68, 0x6e, 0x93, 0x9b, + 0xa0, 0xa7, 0xe3, 0xf0, 0xf5, 0x09, 0x16, 0x3c, + 0xd3, 0xe2, 0x1b, 0x3a, 0x47, 0x5a, 0x82, 0xb6, + 0xcc, 0xd6, 0xfc, 0x0e, 0x2d, 0x4c, 0x50, 0x6c, + 0x74, 0x79, 0x9e, 0xb8, 0xe3, 0xe6, 0x01, 0x23, + 0x2b, 0x33, 0x4a, 0xc6, 0xcb, 0xf8, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x0b, 0x0f, 0x14, 0x1d, 0x22, + 0x2b, 0x36, 0x3e + }; +#endif /* !WOLFSSL_NO_ML_DSA_87 */ + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + +#ifndef WOLFSSL_NO_ML_DSA_44 + /* ML-DSA-44: empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(NULL, 0, msg_44, + (word32)sizeof(msg_44), sig, &sigLen, key, rnd_44), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_44_ctx0)); + ExpectIntEQ(XMEMCMP(sig, sig_44_ctx0, sizeof(sig_44_ctx0)), 0); + wc_dilithium_free(key); + + /* ML-DSA-44: context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(ctx_44, + (byte)sizeof(ctx_44), msg_44, (word32)sizeof(msg_44), + sig, &sigLen, key, rnd_44), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_44_ctx33)); + ExpectIntEQ(XMEMCMP(sig, sig_44_ctx33, sizeof(sig_44_ctx33)), 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 + /* ML-DSA-65: empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(NULL, 0, msg_65, + (word32)sizeof(msg_65), sig, &sigLen, key, rnd_65), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_65_ctx0)); + ExpectIntEQ(XMEMCMP(sig, sig_65_ctx0, sizeof(sig_65_ctx0)), 0); + wc_dilithium_free(key); + + /* ML-DSA-65: context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(ctx_65, + (byte)sizeof(ctx_65), msg_65, (word32)sizeof(msg_65), + sig, &sigLen, key, rnd_65), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_65_ctx33)); + ExpectIntEQ(XMEMCMP(sig, sig_65_ctx33, sizeof(sig_65_ctx33)), 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 + /* ML-DSA-87: empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(NULL, 0, msg_87, + (word32)sizeof(msg_87), sig, &sigLen, key, rnd_87), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_87_ctx0)); + ExpectIntEQ(XMEMCMP(sig, sig_87_ctx0, sizeof(sig_87_ctx0)), 0); + wc_dilithium_free(key); + + /* ML-DSA-87: context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key), 0); + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg_with_seed(ctx_87, + (byte)sizeof(ctx_87), msg_87, (word32)sizeof(msg_87), + sig, &sigLen, key, rnd_87), 0); + ExpectIntEQ(sigLen, (word32)sizeof(sig_87_ctx33)); + ExpectIntEQ(XMEMCMP(sig, sig_87_ctx33, sizeof(sig_87_ctx33)), 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_87 */ + + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* HAVE_DILITHIUM && WOLFSSL_WC_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */ + return EXPECT_RESULT(); +} + + +int test_wc_dilithium_verify_ctx_kats(void) { EXPECT_DECLS; #if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) dilithium_key* key; int res; + +#ifndef WOLFSSL_NO_ML_DSA_44 + /* ML-DSA-44: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Public key (1312 bytes) */ + static const byte pk_44[] = { + 0xdc, 0x7b, 0xc9, 0xa2, 0xe0, 0xb6, 0xdc, 0x66, + 0x82, 0x3a, 0xe4, 0xfb, 0xde, 0x97, 0x1c, 0x0c, + 0xfc, 0x46, 0xf9, 0xd9, 0x6b, 0xbf, 0xbe, 0xeb, + 0xb3, 0x47, 0x0a, 0xe0, 0xa5, 0xa0, 0x13, 0x9f, + 0xdd, 0x6a, 0x6c, 0xe5, 0xbc, 0x76, 0xe9, 0x4f, + 0xaa, 0x9e, 0x92, 0x50, 0xab, 0xd4, 0xce, 0xe0, + 0x2c, 0xf1, 0xee, 0x46, 0xa8, 0xe9, 0x9c, 0xe1, + 0x2d, 0x73, 0x95, 0x78, 0x1f, 0xa7, 0x51, 0x90, + 0x21, 0x27, 0x3d, 0xa3, 0x36, 0x55, 0x19, 0x72, + 0x4e, 0xfb, 0xe2, 0x79, 0xad, 0xd6, 0xc3, 0x5f, + 0x92, 0xc9, 0xd4, 0x2b, 0x03, 0x28, 0x32, 0xf1, + 0xbf, 0x29, 0xeb, 0xbe, 0xcd, 0x3e, 0xc8, 0x7a, + 0x3a, 0xf3, 0xda, 0x33, 0xc6, 0x11, 0xf7, 0xf3, + 0x5f, 0xa3, 0x5a, 0xca, 0xb1, 0x74, 0x02, 0x4f, + 0x11, 0x89, 0x79, 0xe2, 0x3b, 0xf2, 0xfe, 0x06, + 0x92, 0x69, 0xa2, 0xec, 0x45, 0xfb, 0xc1, 0xb9, + 0xc1, 0xfb, 0x0e, 0x1f, 0x05, 0x48, 0x6a, 0x6a, + 0x83, 0x3e, 0xb4, 0x8a, 0xdc, 0x29, 0x60, 0x64, + 0x1d, 0x9a, 0xf6, 0xeb, 0x8b, 0x73, 0x81, 0xb1, + 0xec, 0x55, 0xd8, 0x89, 0xf2, 0x6b, 0x08, 0x4d, + 0xdf, 0xa1, 0xc9, 0xed, 0x9b, 0x96, 0x2d, 0x34, + 0x26, 0x94, 0xce, 0xde, 0x83, 0x82, 0x53, 0x09, + 0xd9, 0xdb, 0x6b, 0xd6, 0xba, 0x75, 0x82, 0x13, + 0x25, 0x34, 0x86, 0x1e, 0x44, 0xa0, 0x43, 0x88, + 0xa6, 0x94, 0x24, 0x24, 0x11, 0x76, 0x1d, 0x34, + 0xe7, 0xc0, 0x85, 0xd2, 0x82, 0xb7, 0x23, 0xc6, + 0x59, 0x48, 0xa2, 0xac, 0x76, 0x4d, 0x97, 0x02, + 0xbd, 0x8e, 0xd7, 0xfe, 0x99, 0x31, 0xd7, 0xd8, + 0x70, 0x4a, 0x39, 0xe6, 0x50, 0x88, 0x44, 0xf3, + 0xf8, 0x48, 0x43, 0xc3, 0x05, 0x59, 0x4f, 0xe6, + 0xe5, 0x40, 0x4e, 0x08, 0xf1, 0x8e, 0xd0, 0x39, + 0xac, 0x65, 0x63, 0xcb, 0xaa, 0x34, 0xb0, 0xca, + 0x38, 0x32, 0x02, 0x99, 0xd6, 0x25, 0x6e, 0xc0, + 0xf7, 0x8d, 0x42, 0x1f, 0x08, 0x81, 0x59, 0xd4, + 0x9d, 0xc4, 0x39, 0xcb, 0xc5, 0x39, 0xa5, 0x58, + 0x84, 0xa3, 0xeb, 0x4e, 0xfc, 0x9c, 0xf1, 0x90, + 0xb4, 0x2f, 0x71, 0x34, 0x41, 0xcb, 0x97, 0x00, + 0x42, 0x45, 0xd4, 0x14, 0x37, 0xa3, 0x9b, 0x7b, + 0x77, 0xfc, 0x60, 0x2f, 0xbb, 0xfd, 0x61, 0x9a, + 0x42, 0x36, 0x37, 0x14, 0xb2, 0x65, 0x17, 0x3c, + 0xae, 0x68, 0xfd, 0x8a, 0x1b, 0x3c, 0xa2, 0xbd, + 0x30, 0xae, 0x60, 0xc5, 0x3e, 0x56, 0x04, 0x57, + 0x7a, 0x4a, 0x3b, 0x1f, 0x15, 0x06, 0xe6, 0x97, + 0xc3, 0x74, 0x32, 0xdb, 0xd8, 0x83, 0x55, 0x3a, + 0xac, 0x8d, 0x38, 0x2a, 0x3d, 0x25, 0x0c, 0xf5, + 0xb2, 0x9e, 0x4d, 0x1b, 0xe2, 0xcb, 0xcd, 0x53, + 0x1f, 0xf0, 0xe0, 0x7e, 0x89, 0xc1, 0xf7, 0xdb, + 0xc8, 0xd4, 0x52, 0x9a, 0xee, 0xbe, 0x55, 0xb5, + 0xce, 0x4d, 0x02, 0x14, 0xbf, 0xde, 0xc6, 0x9e, + 0x08, 0x0b, 0xd3, 0xef, 0x36, 0xcc, 0xa6, 0xa5, + 0x49, 0x33, 0xf1, 0xef, 0x2f, 0x37, 0x86, 0x7c, + 0x0d, 0x38, 0xfd, 0x58, 0x65, 0xb8, 0x79, 0x29, + 0x11, 0x58, 0x08, 0xc7, 0xe2, 0x59, 0x54, 0x58, + 0xe9, 0x93, 0xba, 0xcc, 0x6c, 0x5a, 0x3b, 0x9f, + 0x50, 0x25, 0x00, 0x1e, 0x9b, 0x41, 0x44, 0x77, + 0x08, 0xbf, 0xba, 0xa0, 0x46, 0x2e, 0xfa, 0x63, + 0x87, 0x6c, 0x42, 0xf7, 0x69, 0x90, 0x8b, 0x43, + 0x2f, 0x54, 0x85, 0x50, 0x8a, 0x39, 0x32, 0x24, + 0x96, 0x05, 0x51, 0xd7, 0x7e, 0xad, 0xfa, 0xf4, + 0x41, 0x1c, 0xbc, 0x49, 0xfd, 0xff, 0x46, 0xf2, + 0xf1, 0x55, 0xdd, 0xd6, 0xec, 0x30, 0x86, 0x79, + 0x05, 0xb7, 0x09, 0x88, 0x8c, 0xa0, 0xf3, 0x0f, + 0x93, 0x5f, 0xb8, 0xd7, 0xf4, 0x80, 0x3c, 0xfc, + 0x7a, 0x5f, 0x77, 0x90, 0xca, 0x18, 0x1d, 0x99, + 0xca, 0x21, 0xf2, 0x62, 0x1d, 0x69, 0xa5, 0xc6, + 0xd4, 0x9c, 0x76, 0xb4, 0x96, 0x9d, 0xa6, 0x27, + 0x40, 0xa3, 0x78, 0x47, 0x03, 0x32, 0xb3, 0x09, + 0x47, 0xab, 0x31, 0xcc, 0xdb, 0x9b, 0xa0, 0xc7, + 0xb6, 0x25, 0x87, 0x9e, 0xec, 0x4b, 0xd8, 0x1f, + 0x02, 0x00, 0xba, 0x23, 0x50, 0x4a, 0x7d, 0xc3, + 0xb1, 0x18, 0xbc, 0x2a, 0xb1, 0x14, 0x5d, 0xf1, + 0x3a, 0xf3, 0xc8, 0xcc, 0x39, 0xf5, 0x77, 0x87, + 0x3b, 0x84, 0x91, 0x1b, 0x3d, 0x85, 0xfb, 0xbf, + 0x4c, 0xb1, 0x9e, 0x4d, 0x36, 0xb1, 0x0a, 0x93, + 0x8e, 0xeb, 0x78, 0xb5, 0x99, 0xdc, 0x86, 0x61, + 0x5f, 0xd6, 0xce, 0xc6, 0xeb, 0x7b, 0x8f, 0x7a, + 0xfa, 0x5f, 0x6d, 0x6b, 0xe1, 0x9e, 0xa8, 0x16, + 0x30, 0xd3, 0x6c, 0xcf, 0xb2, 0xf4, 0x87, 0xde, + 0x50, 0xd0, 0xcf, 0x46, 0xda, 0x8d, 0x3f, 0xe3, + 0x51, 0x28, 0x12, 0x04, 0x3c, 0x0e, 0x3e, 0xf2, + 0xd7, 0x23, 0x1f, 0xb0, 0xb0, 0xa3, 0x5a, 0x0f, + 0xb2, 0x83, 0xbe, 0x30, 0xa1, 0x24, 0x77, 0x80, + 0xf3, 0x0a, 0xe0, 0x29, 0x4e, 0x8b, 0x6f, 0x58, + 0x97, 0x38, 0x3e, 0xdb, 0x89, 0x55, 0x95, 0xf5, + 0x77, 0x52, 0x4d, 0xf5, 0x45, 0x93, 0xcd, 0xf9, + 0x27, 0xb4, 0x96, 0x76, 0x16, 0xee, 0x39, 0x13, + 0xe4, 0xd6, 0xb2, 0x9b, 0x0d, 0xbd, 0x7c, 0x33, + 0xa2, 0xa4, 0x5e, 0x4e, 0xf1, 0xb1, 0x95, 0x4e, + 0xa5, 0xd9, 0x1c, 0xe3, 0x7e, 0xfc, 0x13, 0x02, + 0xe7, 0xce, 0x02, 0xa9, 0x73, 0x95, 0x56, 0x5d, + 0xa2, 0xa5, 0xc5, 0xd3, 0xfd, 0xb0, 0xd8, 0x76, + 0x84, 0xe9, 0xb1, 0xc0, 0xad, 0x07, 0xec, 0x33, + 0xdf, 0x2d, 0xfa, 0xd5, 0x28, 0xe2, 0xea, 0x09, + 0x66, 0xd2, 0xa4, 0x7d, 0xd5, 0xee, 0x88, 0xe7, + 0x7d, 0x65, 0x3c, 0x0d, 0x00, 0x4f, 0xab, 0x01, + 0x65, 0xf0, 0x75, 0x7c, 0x4d, 0xa4, 0x0a, 0xf3, + 0x27, 0xe7, 0x19, 0x25, 0x36, 0xc7, 0x99, 0x47, + 0xa8, 0x0a, 0x82, 0x7a, 0xa2, 0x10, 0x7d, 0xac, + 0xfa, 0xe3, 0xde, 0xbf, 0xc8, 0xfa, 0xd3, 0xd6, + 0xe0, 0x80, 0x76, 0xd9, 0x38, 0xc5, 0x10, 0xa2, + 0x76, 0xbd, 0xf6, 0x72, 0x1a, 0x1f, 0x08, 0x7c, + 0xb1, 0x69, 0x51, 0x50, 0x28, 0xad, 0x5c, 0xe2, + 0x7a, 0x10, 0x47, 0xab, 0xd9, 0x28, 0x09, 0x93, + 0x4c, 0xa6, 0x3b, 0x89, 0x3f, 0x71, 0xf9, 0xa3, + 0x4a, 0x99, 0xc0, 0xfd, 0x30, 0x31, 0x0c, 0x47, + 0xe9, 0xaa, 0x37, 0x39, 0x4d, 0x0a, 0xb7, 0x3b, + 0x25, 0x4d, 0x3c, 0xa6, 0x9d, 0x9c, 0x55, 0x49, + 0xc9, 0x47, 0x9a, 0xae, 0x24, 0x26, 0x4a, 0xc5, + 0xea, 0x64, 0xd3, 0xfd, 0x82, 0x1c, 0x39, 0x62, + 0xec, 0x77, 0xe7, 0x09, 0xf9, 0xd3, 0x0b, 0xc7, + 0xb6, 0x5a, 0x52, 0xe4, 0x8c, 0x16, 0xe8, 0x06, + 0x03, 0x55, 0x8c, 0xac, 0xa1, 0x81, 0x14, 0x11, + 0xc3, 0x15, 0x5d, 0x1f, 0x94, 0x9f, 0xc9, 0xcf, + 0x9a, 0xa9, 0x38, 0x5a, 0x71, 0x99, 0xe9, 0x9b, + 0xe7, 0x7a, 0x66, 0xfa, 0xd7, 0xee, 0xd9, 0x12, + 0x58, 0xde, 0x55, 0xb2, 0xc4, 0xc8, 0x3f, 0x9a, + 0x05, 0x0a, 0xde, 0xbe, 0xa5, 0xf0, 0x97, 0x58, + 0xf4, 0x0d, 0xac, 0x4a, 0x1c, 0x39, 0x4e, 0xe8, + 0xd6, 0x87, 0x87, 0x91, 0x50, 0xd2, 0x64, 0x26, + 0x89, 0x5a, 0xb1, 0x93, 0x8e, 0x14, 0xae, 0x11, + 0xb3, 0x76, 0x25, 0x4c, 0x91, 0xfc, 0x61, 0x30, + 0x43, 0x69, 0x96, 0xf8, 0xed, 0x43, 0xbd, 0x27, + 0xbe, 0x20, 0xec, 0x90, 0x67, 0x11, 0x1c, 0x11, + 0x6e, 0xc9, 0x4c, 0xc2, 0xb0, 0x6c, 0xc9, 0x1a, + 0x13, 0xc5, 0xd1, 0x0b, 0xbd, 0x7e, 0xec, 0xea, + 0x47, 0x92, 0xf1, 0x7b, 0x2b, 0x77, 0x63, 0x1e, + 0xf1, 0x45, 0xe9, 0xfb, 0x41, 0xa8, 0x3e, 0xaa, + 0x11, 0xc2, 0xb7, 0x2a, 0x48, 0xfb, 0x90, 0xfd, + 0xbd, 0x88, 0x64, 0x4c, 0x4e, 0xdf, 0x8a, 0xb2, + 0x0d, 0xce, 0x31, 0x18, 0x36, 0x4b, 0x27, 0x6a, + 0xc1, 0x23, 0x7b, 0x36, 0xc8, 0x92, 0x6e, 0x34, + 0x6a, 0xab, 0x5a, 0x11, 0x1a, 0xa0, 0xbf, 0x34, + 0x1c, 0x51, 0x8b, 0x7b, 0xff, 0x9e, 0x9d, 0xbb, + 0x8b, 0xcb, 0x47, 0x28, 0x60, 0x1b, 0x37, 0x60, + 0x66, 0x3e, 0x67, 0x65, 0x03, 0x31, 0xe6, 0xfb, + 0x54, 0xac, 0x82, 0xfc, 0x41, 0x4c, 0xb8, 0xdd, + 0xfc, 0x16, 0x0a, 0x25, 0x31, 0x1e, 0xc5, 0x27, + 0x2d, 0xe4, 0x62, 0x17, 0xfe, 0xf8, 0xb9, 0x92, + 0xff, 0x89, 0x75, 0x4f, 0xbe, 0xe3, 0x51, 0xf2, + 0x1b, 0xb9, 0x0b, 0x6c, 0x97, 0x07, 0x8b, 0x51, + 0x0c, 0x98, 0x33, 0x50, 0x68, 0x12, 0x66, 0xc8, + 0xfe, 0xd1, 0xf0, 0x58, 0x3c, 0x51, 0x51, 0xe7, + 0xb8, 0xfe, 0x3b, 0x72, 0x92, 0x31, 0x96, 0x99, + 0x68, 0x7c, 0xc6, 0xb6, 0x41, 0xfd, 0xbd, 0x68, + 0x94, 0x28, 0x54, 0x3b, 0xc0, 0xfa, 0x1f, 0xac, + 0xc1, 0x09, 0xde, 0x65, 0xb6, 0x27, 0x84, 0xc2, + 0xd9, 0x85, 0xab, 0x15, 0xd7, 0x7d, 0x3a, 0xf1, + 0x2a, 0xf6, 0xd0, 0x3e, 0x8d, 0x18, 0x59, 0xa5, + 0x53, 0x68, 0x85, 0x84, 0xd7, 0x5e, 0xf6, 0x73, + 0xa1, 0xde, 0x74, 0x09, 0x3e, 0xe1, 0x08, 0xc7, + 0x61, 0xff, 0xf3, 0x2c, 0x21, 0x7c, 0x23, 0x1b, + 0x0e, 0x29, 0x53, 0xda, 0xf5, 0x21, 0x42, 0x92, + 0x64, 0xc0, 0x96, 0x3b, 0xc8, 0xa5, 0xcd, 0xed, + 0xdc, 0x61, 0x7a, 0x72, 0x85, 0xb9, 0x34, 0xea, + 0x51, 0xdd, 0xb5, 0xcd, 0xab, 0x23, 0xbc, 0xed, + 0xe8, 0x6b, 0xe3, 0x6e, 0x00, 0x1b, 0xc6, 0x5c, + 0x65, 0xe9, 0xa1, 0xc9, 0x4b, 0xaf, 0xf4, 0xfa, + 0xb8, 0xeb, 0x5f, 0x8e, 0xd4, 0x2e, 0xc3, 0x77, + 0x42, 0x36, 0x33, 0xfe, 0x00, 0x04, 0x91, 0x42, + 0x46, 0x7c, 0x47, 0xc5, 0xd5, 0x8a, 0x72, 0x02, + 0xc8, 0xe9, 0x10, 0x48, 0x41, 0xc1, 0xf7, 0xf3, + 0x80, 0x14, 0x5a, 0x6a, 0x0a, 0x82, 0x8c, 0x57, + 0x02, 0x35, 0xe5, 0x07, 0xae, 0x58, 0x68, 0xa6, + 0x06, 0x2f, 0x72, 0x2b, 0xb9, 0x8f, 0xf6, 0xbe + }; + /* Message (33 bytes) */ + static const byte msg_44[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_44[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signature for empty context (ctx=NULL, ctxLen=0), 2420 bytes */ + static const byte sig_44_ctx0[] = { + 0x5e, 0x71, 0x6f, 0xe1, 0x3d, 0xf9, 0x71, 0xd5, + 0x0b, 0xf0, 0x14, 0xca, 0xaa, 0x51, 0xa5, 0x45, + 0xcc, 0xad, 0xf8, 0x09, 0xef, 0xe0, 0xec, 0xe2, + 0x3d, 0x4d, 0x63, 0x41, 0x58, 0xfe, 0xde, 0xd4, + 0x96, 0x1c, 0x04, 0xd2, 0x36, 0x71, 0x82, 0x7f, + 0xd1, 0x61, 0xa0, 0x40, 0xb3, 0x02, 0x30, 0x2f, + 0xe4, 0xc0, 0x0c, 0x61, 0x73, 0xb3, 0xb2, 0x4a, + 0x57, 0x89, 0x34, 0xbd, 0x11, 0x80, 0xd2, 0x18, + 0x26, 0x1b, 0x53, 0x01, 0x52, 0x8a, 0x76, 0x76, + 0x79, 0xc9, 0xdc, 0xef, 0xc5, 0xe6, 0xe8, 0xf6, + 0xfe, 0x4b, 0xe8, 0x17, 0xfc, 0x73, 0xdf, 0x5d, + 0x12, 0x16, 0x5b, 0x61, 0xb3, 0x73, 0xc5, 0x60, + 0x72, 0x0c, 0xa4, 0x93, 0x75, 0x75, 0xab, 0x5e, + 0xb6, 0x4c, 0x02, 0xb3, 0xc9, 0x51, 0xcf, 0x4b, + 0xfa, 0x1e, 0xc2, 0x95, 0x48, 0x3a, 0xa0, 0x55, + 0x94, 0x47, 0x86, 0x1a, 0x46, 0xac, 0xd8, 0x2b, + 0x93, 0xb6, 0x9b, 0x8e, 0x00, 0xed, 0x6c, 0x03, + 0x9c, 0xa8, 0xb6, 0x1c, 0xbb, 0xbd, 0x2d, 0xc9, + 0x08, 0xd2, 0xe3, 0xce, 0x8d, 0x39, 0xb0, 0xb1, + 0x0c, 0xb5, 0x3f, 0xee, 0x75, 0xc7, 0x5d, 0xdd, + 0xc4, 0x8f, 0x95, 0x04, 0x9d, 0x31, 0x6d, 0xc2, + 0x9e, 0x41, 0x7d, 0x16, 0xd9, 0x97, 0x36, 0x82, + 0x7c, 0xcb, 0xa5, 0x4a, 0x73, 0x5e, 0x33, 0x90, + 0x77, 0x99, 0x6d, 0x51, 0xae, 0xf0, 0x3c, 0xd7, + 0x75, 0x8e, 0xbf, 0xda, 0xba, 0xf0, 0x55, 0xd7, + 0x50, 0x99, 0x79, 0xa7, 0x27, 0x92, 0x44, 0x6a, + 0xe1, 0x5d, 0x20, 0x9c, 0x17, 0xcf, 0x26, 0x76, + 0x68, 0x97, 0xed, 0xc3, 0xec, 0x77, 0x70, 0x82, + 0x18, 0x54, 0x43, 0x77, 0x6b, 0x23, 0x1e, 0xff, + 0x18, 0xe7, 0x8b, 0x06, 0x6f, 0xc4, 0xd0, 0x2e, + 0xf5, 0xc6, 0x6c, 0x50, 0xee, 0x86, 0x16, 0x0e, + 0x37, 0xa2, 0x44, 0x84, 0xdd, 0xaf, 0xe6, 0x3e, + 0x71, 0xdf, 0xd7, 0xca, 0x35, 0x4f, 0x69, 0x4e, + 0x19, 0x1e, 0xfa, 0x00, 0x0b, 0x8c, 0x9f, 0x5f, + 0x80, 0xda, 0xb7, 0x60, 0x0a, 0x8c, 0x07, 0xbe, + 0x1c, 0xb1, 0x14, 0x14, 0xe6, 0x00, 0x17, 0x52, + 0x94, 0x81, 0x75, 0xd2, 0xb8, 0xcf, 0xfc, 0x81, + 0x1b, 0xb8, 0x6c, 0x62, 0x89, 0x3f, 0x60, 0x62, + 0x33, 0x32, 0x1f, 0x43, 0x67, 0xd0, 0xbb, 0xb1, + 0x78, 0xe0, 0x9d, 0x21, 0x76, 0x7e, 0xe9, 0x0f, + 0xcf, 0x48, 0x22, 0x54, 0xd3, 0xc9, 0xc2, 0x1c, + 0xdd, 0x0f, 0xb5, 0x32, 0x5c, 0xfc, 0xa7, 0x30, + 0xad, 0x67, 0xd8, 0xcc, 0x54, 0x15, 0x1c, 0x82, + 0x7b, 0x95, 0x3e, 0x55, 0x29, 0x40, 0xe2, 0x12, + 0x84, 0x88, 0xd5, 0xf5, 0x06, 0x6f, 0x1b, 0xcb, + 0x48, 0x68, 0x38, 0xe7, 0xdf, 0xa0, 0xa4, 0x49, + 0x25, 0x7d, 0x72, 0xe6, 0x8a, 0xdd, 0x8e, 0x82, + 0xba, 0xff, 0xf8, 0xd8, 0x18, 0x6e, 0x4c, 0x58, + 0x81, 0xb3, 0x84, 0x16, 0xac, 0xa3, 0xea, 0x31, + 0x8a, 0xdc, 0x51, 0x3e, 0xbd, 0x45, 0xa2, 0xc7, + 0x35, 0xba, 0x0d, 0x62, 0xaa, 0x16, 0x6c, 0x0c, + 0xc4, 0xb9, 0x38, 0xed, 0x03, 0x76, 0x92, 0xfd, + 0xa9, 0xce, 0xfa, 0x16, 0x8f, 0xf7, 0x36, 0x23, + 0xef, 0x5e, 0x3e, 0x25, 0x9c, 0x2d, 0x5b, 0xd7, + 0xce, 0x1e, 0xd4, 0xf2, 0xcd, 0x60, 0x79, 0x5c, + 0xce, 0x87, 0x91, 0x59, 0xf7, 0x4f, 0xf5, 0x46, + 0x02, 0x26, 0xf2, 0x94, 0x18, 0x38, 0xf4, 0x6f, + 0x00, 0xef, 0xd0, 0x0a, 0x28, 0xd1, 0xf6, 0x7e, + 0x8e, 0x8d, 0xcf, 0xd2, 0x1f, 0xb7, 0x3e, 0xc6, + 0x6f, 0xaa, 0xc6, 0x0c, 0xf8, 0x12, 0x68, 0x76, + 0xef, 0x4a, 0x61, 0x10, 0x37, 0xc6, 0xdc, 0xc3, + 0xae, 0xc0, 0xf6, 0xc8, 0x79, 0x1b, 0xb8, 0x6c, + 0x7c, 0x33, 0xc6, 0x52, 0x89, 0xc4, 0x01, 0xd1, + 0x88, 0xc5, 0xd8, 0x19, 0x02, 0xdc, 0xd9, 0xda, + 0x0b, 0x40, 0xa8, 0xac, 0xe8, 0x70, 0xae, 0xf8, + 0x60, 0x9b, 0xcc, 0x36, 0x3d, 0x65, 0x44, 0x54, + 0x74, 0xf6, 0x4f, 0xb3, 0x03, 0xbf, 0x07, 0x30, + 0x62, 0xcb, 0x78, 0x87, 0x11, 0x2d, 0x14, 0x76, + 0x66, 0x41, 0x0a, 0x29, 0xd2, 0x65, 0xb1, 0x96, + 0xff, 0xba, 0x7e, 0x43, 0x58, 0x8d, 0x8e, 0x8b, + 0x04, 0xfd, 0x1a, 0xbe, 0x9e, 0xb5, 0xe8, 0xf2, + 0x8c, 0x56, 0x6c, 0x0f, 0xde, 0x2c, 0x77, 0x21, + 0xab, 0x6a, 0xe5, 0xa0, 0x12, 0x9a, 0x67, 0x43, + 0x6c, 0xe1, 0x15, 0xf1, 0xb9, 0x34, 0xbb, 0xc2, + 0xe2, 0x58, 0x3d, 0x60, 0xab, 0xff, 0xef, 0x2a, + 0x81, 0xa8, 0xdd, 0x1e, 0x5f, 0xea, 0xfb, 0x0c, + 0x89, 0xe2, 0x2a, 0x9a, 0x92, 0xd7, 0xd2, 0xad, + 0x44, 0x84, 0xf9, 0x9a, 0x8b, 0xd8, 0x05, 0xa3, + 0x18, 0x4a, 0x25, 0x76, 0x90, 0xc2, 0x8e, 0xc4, + 0xb3, 0x2f, 0x05, 0x51, 0xea, 0x84, 0x4e, 0x43, + 0x79, 0x9c, 0xba, 0x61, 0xa6, 0x21, 0x7a, 0xb9, + 0x40, 0x74, 0x24, 0xa8, 0x02, 0x03, 0x88, 0x4a, + 0x5a, 0xd8, 0x5a, 0x37, 0x87, 0x27, 0x01, 0xc2, + 0xe8, 0x13, 0xfb, 0xe4, 0x0c, 0xb4, 0x69, 0x71, + 0xfa, 0xe4, 0x72, 0x40, 0x3f, 0xc2, 0xe9, 0xb9, + 0xd6, 0x4c, 0x06, 0xbf, 0x8e, 0x54, 0x76, 0xfa, + 0x49, 0x0b, 0xca, 0x57, 0x9e, 0xbd, 0x1a, 0x58, + 0x7b, 0x65, 0xf1, 0x04, 0xc8, 0x54, 0x3a, 0x83, + 0x72, 0x61, 0x46, 0x95, 0xdc, 0x25, 0x73, 0x16, + 0xe5, 0x83, 0xcb, 0x95, 0xc3, 0x7d, 0x4a, 0x4f, + 0xf4, 0x88, 0xf9, 0x74, 0xb9, 0x09, 0x5b, 0xd7, + 0xa5, 0x84, 0xd3, 0x4c, 0x67, 0x6f, 0xac, 0x04, + 0x6e, 0x9b, 0x64, 0xa6, 0xd4, 0xa7, 0x06, 0x7e, + 0x37, 0xdb, 0x2b, 0x2c, 0x94, 0xdd, 0xfd, 0x38, + 0xfc, 0x0f, 0x72, 0x45, 0xbb, 0xc1, 0x0d, 0x2a, + 0xfa, 0x27, 0x30, 0x75, 0x07, 0x52, 0x73, 0x33, + 0xc9, 0xe4, 0x89, 0x4e, 0x51, 0xf4, 0x94, 0xff, + 0x41, 0x12, 0xf0, 0x61, 0x67, 0xe0, 0x36, 0xea, + 0x24, 0x94, 0x61, 0xf2, 0x81, 0x6b, 0xbb, 0xe0, + 0x55, 0xc8, 0x71, 0x77, 0x1f, 0x14, 0x28, 0x0e, + 0x87, 0xbd, 0x2c, 0x48, 0xd3, 0x4e, 0x6d, 0xc1, + 0x15, 0xe6, 0xcf, 0xa4, 0x91, 0xb0, 0xe6, 0x35, + 0x78, 0x67, 0xe1, 0x9c, 0xc2, 0xc4, 0x22, 0x55, + 0x5a, 0xa0, 0x8a, 0xf1, 0xc3, 0x2d, 0xd9, 0xec, + 0xa1, 0x7b, 0x5a, 0xf7, 0x5f, 0x93, 0x06, 0x26, + 0x15, 0xcf, 0xc9, 0x0b, 0x9f, 0xed, 0x6e, 0xa0, + 0x2e, 0x75, 0x09, 0x1e, 0xac, 0x03, 0x81, 0x84, + 0x1d, 0x4e, 0xff, 0xc7, 0x30, 0x1e, 0xe3, 0xba, + 0x67, 0xb9, 0x5d, 0x00, 0xec, 0xb5, 0x39, 0x55, + 0x0d, 0xb9, 0x20, 0x9e, 0x22, 0xe7, 0x28, 0x6c, + 0xb9, 0xab, 0x5f, 0x4d, 0xfe, 0xc9, 0xb0, 0x87, + 0x07, 0x01, 0x79, 0x2c, 0x54, 0xbe, 0xa2, 0xf9, + 0x3e, 0x8e, 0xbd, 0x79, 0x26, 0x6a, 0xd4, 0x64, + 0xd8, 0x09, 0x0a, 0x8e, 0x68, 0x46, 0x23, 0xc1, + 0x14, 0xcd, 0x9f, 0x70, 0xa5, 0xfb, 0x6d, 0xf6, + 0x37, 0x94, 0xf8, 0x04, 0xf9, 0x81, 0xb0, 0xb2, + 0xe1, 0xf6, 0x9a, 0x5a, 0xf4, 0xa6, 0x54, 0xd8, + 0x68, 0x0b, 0xd8, 0x72, 0x0c, 0x37, 0x4b, 0x46, + 0x05, 0x45, 0x85, 0xd0, 0xc6, 0x98, 0xaf, 0xc2, + 0x5a, 0x75, 0xf1, 0x3d, 0x22, 0x6d, 0x79, 0x0b, + 0x69, 0x58, 0xdb, 0x89, 0xf8, 0x29, 0x9d, 0x6e, + 0x11, 0xc0, 0xee, 0x49, 0x14, 0xd3, 0x4b, 0xf2, + 0xb6, 0x43, 0x66, 0x91, 0x50, 0x7c, 0x15, 0xcd, + 0x8a, 0x56, 0x8b, 0xe4, 0x88, 0x1a, 0x75, 0xe4, + 0x43, 0x91, 0x1b, 0x06, 0xd8, 0x56, 0xaa, 0x1c, + 0x11, 0x73, 0x45, 0x91, 0x07, 0x6a, 0xab, 0x36, + 0x26, 0xcb, 0x12, 0x64, 0xab, 0xae, 0x68, 0x49, + 0xb5, 0xca, 0x8e, 0xa9, 0x38, 0xc3, 0xea, 0x12, + 0x7c, 0x4e, 0x38, 0xcf, 0x87, 0xdb, 0x9b, 0x04, + 0x03, 0xfb, 0xc3, 0x85, 0xa9, 0xe5, 0xaa, 0xd6, + 0x37, 0xb4, 0xab, 0x75, 0x3b, 0x3d, 0x5d, 0x04, + 0xe9, 0x25, 0x62, 0xfa, 0x35, 0x0f, 0x24, 0xa1, + 0x1f, 0x85, 0xbe, 0x80, 0xe8, 0xff, 0xfd, 0x2c, + 0xe7, 0x2a, 0xba, 0x38, 0x54, 0x2f, 0xe5, 0x2a, + 0x9a, 0x8b, 0xa2, 0xc2, 0x17, 0xdd, 0x00, 0x96, + 0x47, 0xa9, 0x58, 0x33, 0xd4, 0xf4, 0x9d, 0xac, + 0xcd, 0xd6, 0xa8, 0xca, 0x63, 0x48, 0x4e, 0xa1, + 0x7e, 0xfa, 0x8e, 0xa4, 0x92, 0x32, 0x94, 0x50, + 0x3e, 0x9a, 0x5b, 0x1a, 0x1d, 0x99, 0x10, 0x53, + 0x53, 0x52, 0xe9, 0x93, 0xf0, 0xcb, 0x0e, 0xfd, + 0xa1, 0x57, 0xe1, 0x6a, 0xc6, 0x60, 0xf2, 0x23, + 0xed, 0x2c, 0x71, 0x1e, 0xc2, 0x93, 0x7d, 0x19, + 0x8d, 0x69, 0xfe, 0xbb, 0x1f, 0xdc, 0x81, 0xb5, + 0x24, 0x34, 0x0e, 0x85, 0xad, 0x44, 0xbd, 0xcf, + 0x20, 0x98, 0x9a, 0x2d, 0x5e, 0xad, 0x92, 0xa7, + 0xd0, 0x42, 0x9e, 0xd9, 0x79, 0x95, 0x1f, 0x1e, + 0x33, 0xd2, 0xf1, 0x1e, 0x96, 0x5a, 0xf1, 0x9a, + 0xc3, 0x0c, 0xcc, 0xd1, 0xcd, 0x46, 0xc2, 0xf1, + 0xbd, 0x8b, 0x06, 0x41, 0xab, 0xa7, 0x6d, 0xa4, + 0x43, 0x9f, 0x08, 0xaa, 0x7f, 0x84, 0x77, 0xa7, + 0x03, 0x0f, 0x20, 0x95, 0x9d, 0xa0, 0x6e, 0xec, + 0x6a, 0x4d, 0x75, 0x54, 0xa2, 0x70, 0xb0, 0xc2, + 0x61, 0x15, 0xa1, 0xf7, 0x15, 0xe0, 0xe6, 0xbd, + 0x51, 0x2b, 0x44, 0xa2, 0x3e, 0x85, 0xc3, 0x52, + 0xd3, 0xde, 0x79, 0x27, 0x91, 0x80, 0x41, 0x12, + 0xf2, 0x1c, 0x98, 0x02, 0x70, 0x9a, 0xb7, 0x39, + 0xcd, 0x34, 0xa4, 0x25, 0xa1, 0x4c, 0x7e, 0x59, + 0x59, 0x44, 0x75, 0x87, 0x1a, 0xec, 0x48, 0x5e, + 0x17, 0xe7, 0xbc, 0xd8, 0x06, 0x11, 0x1a, 0x41, + 0x63, 0x75, 0x28, 0x16, 0xde, 0xb1, 0x27, 0x9c, + 0xc9, 0x45, 0x2a, 0x22, 0x3e, 0xd8, 0xbd, 0x3a, + 0xb3, 0xb2, 0xbc, 0x30, 0x22, 0x6a, 0x32, 0x58, + 0xb7, 0xfa, 0xc6, 0x33, 0x70, 0x08, 0x62, 0xba, + 0x76, 0xed, 0xf5, 0x85, 0xec, 0x15, 0x66, 0xae, + 0x76, 0xd6, 0x91, 0x91, 0x1e, 0x95, 0x9c, 0xdd, + 0xac, 0x1d, 0x0b, 0x51, 0x19, 0x8d, 0xca, 0x2a, + 0xbd, 0xad, 0x19, 0x96, 0x2e, 0x59, 0x14, 0x72, + 0xc0, 0x0b, 0x83, 0x84, 0x13, 0xb6, 0x7b, 0x35, + 0xcd, 0x54, 0x3c, 0x49, 0xc0, 0x68, 0xd7, 0x1c, + 0x78, 0x27, 0x6d, 0x53, 0x33, 0xaf, 0x03, 0x0d, + 0x1b, 0xf6, 0x8c, 0xe6, 0xdb, 0x16, 0xd4, 0x28, + 0x73, 0xcf, 0xe3, 0x5d, 0x1c, 0x5f, 0xe3, 0xac, + 0x9c, 0x38, 0x41, 0x67, 0x43, 0x11, 0x3a, 0x1c, + 0xac, 0xf4, 0x16, 0x0b, 0x23, 0x96, 0x50, 0x09, + 0x73, 0x43, 0xdf, 0x99, 0xab, 0x4d, 0xa9, 0x01, + 0x1c, 0x20, 0x08, 0x38, 0x17, 0xe4, 0x6c, 0xc9, + 0x41, 0xea, 0xc8, 0x9e, 0x58, 0xb5, 0x40, 0xde, + 0x93, 0x4f, 0x29, 0x08, 0x86, 0xff, 0x3a, 0x38, + 0xdd, 0x94, 0x88, 0x84, 0x7f, 0xe5, 0x64, 0x36, + 0xd4, 0x07, 0xa8, 0xfd, 0x59, 0x77, 0x5a, 0x5c, + 0xbb, 0x53, 0xcc, 0x7f, 0x2f, 0x9b, 0xac, 0xea, + 0xaf, 0x54, 0x7e, 0x69, 0x7e, 0xe9, 0x20, 0x80, + 0x1e, 0x9b, 0x1f, 0xa6, 0xf3, 0x90, 0xd7, 0xba, + 0xaa, 0x8b, 0x32, 0xc1, 0x65, 0x6b, 0x61, 0xbd, + 0xf2, 0x7b, 0x5c, 0x26, 0x8a, 0xe2, 0xa2, 0xc0, + 0xcc, 0xc1, 0x0e, 0xc5, 0x49, 0x57, 0x1b, 0xb4, + 0xef, 0x6a, 0x1e, 0x7b, 0x57, 0x27, 0x66, 0x90, + 0x4d, 0x10, 0x90, 0x3c, 0x14, 0xb3, 0x78, 0xe7, + 0xf8, 0x30, 0x2b, 0xf2, 0x40, 0x50, 0xa3, 0x18, + 0x83, 0xb4, 0xfc, 0x91, 0xb5, 0x1a, 0x75, 0xba, + 0x78, 0x8b, 0x93, 0x94, 0x89, 0x4b, 0xa6, 0xf4, + 0x28, 0xa8, 0xc4, 0xcb, 0xc1, 0x77, 0x68, 0x40, + 0xcd, 0xa5, 0xf8, 0x65, 0x28, 0xec, 0xd0, 0x47, + 0x95, 0xe9, 0x84, 0x40, 0xd3, 0x59, 0x2a, 0xcf, + 0x70, 0xec, 0xc1, 0x5f, 0x68, 0x10, 0x62, 0x65, + 0x00, 0x95, 0x63, 0x2f, 0x69, 0xe8, 0xaf, 0x4f, + 0xf0, 0xeb, 0xb7, 0x18, 0x62, 0xcd, 0x2a, 0x12, + 0x32, 0x20, 0x46, 0x3f, 0xac, 0xca, 0x73, 0x2c, + 0x66, 0xf5, 0xdd, 0x5f, 0x15, 0xe7, 0xf0, 0xfe, + 0x43, 0xfa, 0x9c, 0x26, 0xf3, 0x9c, 0x24, 0x96, + 0x68, 0x0f, 0x84, 0x7a, 0x90, 0x49, 0xb2, 0xd5, + 0x2a, 0x84, 0xb9, 0xc1, 0x97, 0x83, 0x21, 0x50, + 0xc3, 0xbb, 0xc0, 0x2b, 0xad, 0x4c, 0x18, 0x07, + 0xc9, 0xb6, 0xaa, 0x67, 0x15, 0x58, 0x0f, 0xb5, + 0x45, 0x75, 0x1f, 0x9a, 0x8d, 0x50, 0xf6, 0xd6, + 0x78, 0x8f, 0x72, 0x96, 0xb5, 0xd1, 0x54, 0xe7, + 0x93, 0xc4, 0xc6, 0x88, 0x84, 0x10, 0x1e, 0x2f, + 0x65, 0xab, 0x52, 0xed, 0xbc, 0x95, 0xe3, 0x3f, + 0x87, 0xfd, 0x1c, 0xed, 0x92, 0x2a, 0x34, 0x88, + 0x6f, 0x8e, 0x1e, 0xf2, 0x3f, 0xf5, 0xa4, 0x56, + 0x1a, 0x08, 0x11, 0xc8, 0x5a, 0x7d, 0xcf, 0xe0, + 0x43, 0x25, 0x3e, 0xfc, 0x33, 0x6a, 0x65, 0xe7, + 0xf9, 0xa9, 0x9b, 0x71, 0x85, 0x67, 0x7e, 0x13, + 0x01, 0xd3, 0xcd, 0xe0, 0x57, 0x6d, 0x84, 0xa0, + 0xae, 0x5e, 0x6a, 0x30, 0xde, 0x69, 0xc5, 0x1b, + 0xc0, 0xee, 0x4e, 0xe1, 0x97, 0x1a, 0x9d, 0x6b, + 0x67, 0x65, 0x44, 0xdf, 0x60, 0x1e, 0x35, 0x43, + 0x92, 0x9e, 0x9b, 0x47, 0xeb, 0x4d, 0x6c, 0x3c, + 0x08, 0x49, 0x61, 0x5b, 0x0c, 0xf9, 0x2e, 0x57, + 0x0a, 0xe6, 0x81, 0x93, 0x24, 0xf6, 0xcb, 0x3d, + 0xf8, 0xee, 0xa7, 0x36, 0xf3, 0x0d, 0xb0, 0x56, + 0x13, 0x0f, 0xb6, 0x97, 0x8f, 0xef, 0x39, 0xb0, + 0xba, 0xbf, 0x9f, 0x16, 0x01, 0xa0, 0x06, 0xd0, + 0x24, 0x6c, 0x48, 0x6f, 0xd5, 0x36, 0x5f, 0xa9, + 0x25, 0xf0, 0xab, 0x8b, 0xc9, 0x73, 0x26, 0x3b, + 0xd1, 0x34, 0xba, 0x14, 0xdc, 0x0d, 0xef, 0x53, + 0x76, 0xf4, 0x0e, 0x2e, 0x98, 0x33, 0x87, 0x0e, + 0x12, 0x75, 0x97, 0xf2, 0x42, 0xb4, 0x26, 0xd7, + 0xee, 0x53, 0xea, 0x00, 0x45, 0x19, 0xb6, 0xc4, + 0xa5, 0x53, 0xdc, 0x0b, 0x11, 0x0a, 0xa8, 0x99, + 0x98, 0x16, 0x37, 0x0a, 0x77, 0x8a, 0x7a, 0x11, + 0x77, 0xe8, 0xa7, 0x61, 0xb9, 0xeb, 0x02, 0xd5, + 0xf9, 0x52, 0x69, 0xb0, 0xe0, 0x9a, 0x5d, 0xe7, + 0x44, 0x47, 0x44, 0x37, 0x12, 0x3f, 0xb3, 0x37, + 0xba, 0x87, 0x3c, 0x30, 0x23, 0x13, 0x8d, 0x56, + 0x12, 0xad, 0xd0, 0x05, 0x56, 0x9c, 0xf8, 0x8f, + 0x40, 0x86, 0x0b, 0x1a, 0x10, 0xd0, 0xe5, 0xfc, + 0xb5, 0x87, 0x46, 0x1a, 0xc3, 0x15, 0xf2, 0x32, + 0xe0, 0xbe, 0x8b, 0xf7, 0x6f, 0x3d, 0x49, 0x17, + 0xe1, 0x30, 0x59, 0x9e, 0x7f, 0xcf, 0x5c, 0x08, + 0x99, 0xdd, 0x2d, 0x9e, 0xdc, 0xc6, 0xfc, 0x00, + 0x2f, 0x17, 0x54, 0x85, 0x49, 0x91, 0x28, 0xc2, + 0x86, 0x64, 0x69, 0xb8, 0x7d, 0xd0, 0xea, 0xb4, + 0x0a, 0xcd, 0x39, 0x5f, 0x90, 0x46, 0x9b, 0xd0, + 0x32, 0x28, 0xfc, 0x90, 0xc2, 0xa5, 0xf8, 0x30, + 0x6c, 0xfc, 0x36, 0x20, 0xf6, 0x9b, 0x48, 0x21, + 0x7d, 0x27, 0xb7, 0x8a, 0xa0, 0xc5, 0x61, 0xa8, + 0xf3, 0x34, 0xb6, 0x2c, 0x5b, 0xaf, 0x6f, 0x99, + 0xe2, 0xea, 0xe5, 0x2e, 0x80, 0x84, 0xdd, 0xd4, + 0x0d, 0x8e, 0x3f, 0xf0, 0x6f, 0x19, 0x5d, 0xfc, + 0x9e, 0x15, 0xaa, 0xf1, 0xdb, 0x7e, 0x30, 0xf7, + 0x29, 0x87, 0x19, 0x0d, 0xcf, 0x51, 0xdd, 0x9f, + 0xea, 0x81, 0xe8, 0xa2, 0xa7, 0x06, 0x7a, 0x7e, + 0xd5, 0x1d, 0x4a, 0xf3, 0x2d, 0x8d, 0x39, 0xc9, + 0xd2, 0xc6, 0x11, 0x19, 0xeb, 0x83, 0x62, 0xf2, + 0x9a, 0x8f, 0x5a, 0x2a, 0x04, 0xa1, 0xca, 0x52, + 0xac, 0x2c, 0x2f, 0x72, 0xfe, 0x02, 0xbc, 0x34, + 0xce, 0x04, 0xbf, 0xc0, 0xb1, 0x14, 0x1d, 0x68, + 0x23, 0x2d, 0x63, 0x90, 0xc1, 0x56, 0x8a, 0x1f, + 0xf9, 0x48, 0x21, 0x17, 0xe3, 0x8e, 0x04, 0x0a, + 0x89, 0x74, 0xd2, 0x89, 0x44, 0xfb, 0x10, 0xdb, + 0x2f, 0x95, 0x0c, 0x36, 0x83, 0x30, 0x4e, 0x83, + 0xb0, 0x18, 0xbd, 0xee, 0xf9, 0x38, 0x30, 0x04, + 0xda, 0x05, 0x32, 0x01, 0xb0, 0xed, 0x7b, 0x1f, + 0x72, 0xd6, 0xbe, 0x95, 0x6f, 0xd3, 0x98, 0x0a, + 0xbd, 0x00, 0xf0, 0x97, 0x04, 0xdb, 0x00, 0x2c, + 0x77, 0x87, 0x36, 0x21, 0x89, 0xf2, 0xc8, 0x06, + 0xe2, 0x5a, 0x4e, 0x51, 0x01, 0x54, 0xae, 0x69, + 0xd2, 0xec, 0xe2, 0x21, 0x22, 0xd0, 0x9f, 0xe2, + 0x79, 0x60, 0xff, 0x84, 0x1c, 0xf7, 0x1f, 0xf8, + 0x10, 0x6d, 0xac, 0xcb, 0xfb, 0xc0, 0x8b, 0x7b, + 0x46, 0x00, 0x65, 0x42, 0xe3, 0x00, 0x89, 0x65, + 0x88, 0x3b, 0x97, 0x54, 0x77, 0x9a, 0x82, 0x4d, + 0x5b, 0x52, 0x01, 0x20, 0xf8, 0x07, 0x0b, 0xbd, + 0xc6, 0x60, 0x7c, 0x18, 0x4d, 0xc3, 0xc8, 0x3e, + 0xa2, 0x06, 0x2b, 0xfe, 0x98, 0x24, 0xa1, 0xb3, + 0x10, 0x8b, 0x60, 0x21, 0xfd, 0xf3, 0xf7, 0xe6, + 0x5e, 0xa9, 0x8d, 0x7c, 0xf1, 0x15, 0x42, 0x33, + 0x9d, 0x28, 0x2a, 0x60, 0xce, 0xa5, 0x36, 0x4a, + 0x33, 0x90, 0xcb, 0x0d, 0xc0, 0x63, 0xbb, 0x72, + 0x99, 0x29, 0x46, 0xfa, 0x6b, 0xcd, 0x70, 0x87, + 0x98, 0x18, 0x05, 0xb0, 0xaf, 0xdf, 0xa8, 0x4a, + 0xce, 0x5d, 0xfd, 0x6a, 0xce, 0xc9, 0xbb, 0xe0, + 0xaf, 0x77, 0xbb, 0x47, 0xd6, 0xac, 0x2b, 0x28, + 0xe3, 0x89, 0xe7, 0xa8, 0x04, 0xcd, 0xfc, 0x56, + 0x6c, 0x10, 0xe3, 0x63, 0xf9, 0x73, 0x46, 0x38, + 0x4c, 0x8c, 0xf3, 0x20, 0xb1, 0xc5, 0xc2, 0xc7, + 0xb4, 0xef, 0x77, 0x18, 0x96, 0xb6, 0x8f, 0x8c, + 0x22, 0xe7, 0x12, 0x8e, 0x73, 0xf2, 0x3b, 0x28, + 0x6c, 0xbf, 0xb6, 0xab, 0x8e, 0x30, 0x4a, 0x25, + 0x43, 0xf6, 0xca, 0x4f, 0xb9, 0x43, 0x26, 0x84, + 0xd0, 0x69, 0xca, 0xe9, 0x59, 0x7f, 0x32, 0x63, + 0x08, 0x13, 0x16, 0x2e, 0x40, 0x6e, 0x87, 0x8a, + 0xa7, 0xb9, 0xce, 0xd2, 0xd8, 0xf0, 0xfb, 0x0b, + 0x17, 0x28, 0x2a, 0x2c, 0x48, 0x4a, 0x6d, 0x77, + 0x79, 0x84, 0xac, 0xb5, 0xba, 0xd2, 0xdd, 0xeb, + 0xf0, 0xf8, 0x04, 0x0e, 0x22, 0x24, 0x2b, 0x38, + 0x58, 0x70, 0x76, 0x7e, 0x84, 0x9f, 0xb5, 0xbe, + 0xd4, 0xf8, 0x20, 0x22, 0x2c, 0x30, 0x39, 0x47, + 0x67, 0x6b, 0x7c, 0x7f, 0x80, 0x82, 0xc0, 0xe7, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0f, 0x22, 0x32, 0x40 + }; + /* Signature for context from gist record 1 (ctxLen=33), 2420 bytes */ + static const byte sig_44_ctx33[] = { + 0xcd, 0xa4, 0xa7, 0x8c, 0xab, 0x6c, 0xed, 0x4e, + 0xcf, 0xa2, 0x56, 0x27, 0xae, 0xce, 0x5d, 0xcf, + 0xba, 0x40, 0xab, 0x7f, 0x29, 0xbc, 0xca, 0x35, + 0x51, 0x7b, 0x0e, 0xf8, 0x17, 0x14, 0xbb, 0x1a, + 0x6b, 0x62, 0x25, 0x09, 0x65, 0x23, 0xa6, 0x3b, + 0x1f, 0x41, 0xe2, 0x58, 0xd1, 0x62, 0x08, 0x81, + 0xbb, 0x0b, 0xc9, 0x0e, 0xf1, 0x79, 0xb6, 0x83, + 0x87, 0x00, 0x1d, 0xe3, 0x51, 0xbf, 0xd8, 0xf1, + 0x42, 0x94, 0x4f, 0xbb, 0x23, 0xcd, 0x16, 0xb4, + 0xf5, 0x69, 0x58, 0xe3, 0x17, 0x9f, 0x35, 0xa1, + 0x72, 0x28, 0xc2, 0x48, 0x63, 0x6a, 0x96, 0xac, + 0x1d, 0x5f, 0xc9, 0xec, 0xd1, 0x1f, 0xd3, 0xea, + 0xd2, 0xcc, 0xac, 0xac, 0x24, 0xbd, 0x6a, 0xaa, + 0x45, 0x71, 0xa8, 0x03, 0x21, 0xbe, 0x96, 0xb2, + 0x53, 0x45, 0xb5, 0x68, 0x10, 0xd6, 0x5c, 0x87, + 0xfa, 0x80, 0xe8, 0xb7, 0xf0, 0xea, 0x1f, 0x7a, + 0xcc, 0xde, 0xb1, 0x71, 0x75, 0x3d, 0x28, 0x72, + 0x5a, 0xb6, 0xd7, 0xc0, 0x66, 0x56, 0xb8, 0xce, + 0xd0, 0x6f, 0x1c, 0xfd, 0x25, 0x96, 0x3c, 0x14, + 0xb8, 0x57, 0xc1, 0xbe, 0xa0, 0x64, 0x11, 0x6f, + 0x25, 0x30, 0x20, 0x2a, 0x9c, 0x3a, 0x3e, 0x8c, + 0xa7, 0x5d, 0xb4, 0x07, 0xc6, 0x70, 0x42, 0x82, + 0xe9, 0x50, 0x51, 0x5a, 0xdb, 0xe2, 0x01, 0x73, + 0x9e, 0xd5, 0x8a, 0xcf, 0xcf, 0xab, 0xe7, 0xfe, + 0x9b, 0x2a, 0xcb, 0x62, 0xf4, 0x9a, 0xac, 0xa5, + 0xfd, 0x64, 0xaf, 0x27, 0x89, 0x0b, 0x47, 0x63, + 0x04, 0x2a, 0x8e, 0x30, 0xb5, 0xb1, 0x20, 0x67, + 0x7b, 0x34, 0x9f, 0x69, 0x3a, 0xdb, 0xbf, 0x64, + 0x2e, 0xcb, 0xb6, 0xc1, 0x1a, 0xca, 0xd9, 0xf7, + 0xea, 0xf5, 0xea, 0x16, 0xd5, 0x4b, 0x24, 0x5d, + 0x61, 0x09, 0x15, 0x73, 0xd5, 0x04, 0x21, 0xea, + 0xe3, 0x4b, 0x98, 0xcc, 0xfb, 0xdc, 0xc6, 0xc3, + 0x6e, 0x82, 0x33, 0x5f, 0xec, 0x44, 0xb3, 0x76, + 0x1b, 0x98, 0xd9, 0x82, 0xa7, 0x95, 0x0d, 0xe4, + 0x90, 0x92, 0xab, 0x05, 0x80, 0x75, 0xfa, 0xbd, + 0xb2, 0x4a, 0xaf, 0xb2, 0xcb, 0xab, 0xad, 0x4f, + 0x50, 0x5f, 0xe8, 0x15, 0x02, 0x1f, 0xd7, 0xb4, + 0xba, 0x70, 0x02, 0xff, 0x09, 0xc9, 0xc9, 0x31, + 0x53, 0x7e, 0xbd, 0xf0, 0x6d, 0xa2, 0xfa, 0x09, + 0xaf, 0x9c, 0x3c, 0x2b, 0xeb, 0x7e, 0xe9, 0x13, + 0xb7, 0x3d, 0x84, 0x3c, 0xb7, 0xd4, 0xc9, 0x8a, + 0xa9, 0x00, 0x8c, 0xc6, 0x83, 0x23, 0x3f, 0x79, + 0x5a, 0x99, 0x45, 0xbd, 0x6a, 0xe1, 0xc6, 0x99, + 0x70, 0xa6, 0x99, 0xf8, 0x22, 0xe8, 0x94, 0x31, + 0xec, 0x46, 0xc2, 0xb7, 0x14, 0x5f, 0x17, 0x0a, + 0xfd, 0x84, 0x3d, 0xf0, 0x9d, 0x93, 0xb1, 0x30, + 0xca, 0x44, 0x77, 0xd9, 0x3b, 0xd9, 0x74, 0x91, + 0x3c, 0xd6, 0xfb, 0x75, 0xd0, 0xc7, 0x8f, 0xa7, + 0x1b, 0xd2, 0xed, 0xc7, 0xdc, 0x02, 0x7d, 0xea, + 0xfc, 0x11, 0xce, 0x40, 0x6c, 0x0b, 0xee, 0x7d, + 0x4c, 0xdc, 0x77, 0x95, 0xbb, 0xbd, 0x3f, 0x39, + 0x6d, 0x5a, 0x8c, 0x28, 0xdc, 0x42, 0xfe, 0x7e, + 0x41, 0xaf, 0xc9, 0xdd, 0x70, 0x23, 0x08, 0xdc, + 0x82, 0x77, 0xd1, 0x7f, 0x5d, 0xec, 0x88, 0xb3, + 0x45, 0x16, 0xb1, 0xa3, 0x8c, 0x75, 0xcb, 0x40, + 0x50, 0x9d, 0xfe, 0x59, 0xaf, 0x08, 0x69, 0xa1, + 0x5a, 0x6e, 0x2b, 0xcf, 0xcc, 0xbf, 0x0b, 0x70, + 0x45, 0xc0, 0xbf, 0x6d, 0xab, 0x17, 0xa9, 0x69, + 0x49, 0x81, 0x77, 0x32, 0xac, 0x7a, 0x7c, 0x81, + 0xf7, 0xb4, 0x9e, 0xd3, 0x9c, 0x95, 0xf5, 0x72, + 0x9c, 0xb9, 0xa3, 0x49, 0xef, 0x1f, 0xd7, 0xb7, + 0xbd, 0xe3, 0x5c, 0x10, 0x83, 0x45, 0xeb, 0xb2, + 0xbe, 0xb3, 0x6b, 0x60, 0x97, 0xa5, 0x4c, 0x32, + 0x2d, 0xd3, 0x37, 0x15, 0x00, 0x91, 0x3b, 0xe0, + 0x49, 0x12, 0x74, 0x6c, 0x7a, 0x2c, 0x40, 0x0b, + 0xd1, 0x5f, 0x0b, 0x5a, 0xaf, 0xb2, 0x32, 0x24, + 0x10, 0x0f, 0x0d, 0x1e, 0xe7, 0x30, 0x0c, 0xf8, + 0xe1, 0xba, 0x86, 0xcb, 0x92, 0xbc, 0xc5, 0x78, + 0xb4, 0xac, 0x4e, 0x7f, 0xfd, 0x1e, 0x47, 0xc2, + 0x90, 0x8e, 0x09, 0xf4, 0x92, 0x27, 0x33, 0x06, + 0x97, 0xbd, 0xc1, 0xa9, 0x46, 0x32, 0x11, 0x52, + 0x6f, 0xf3, 0x5a, 0x3f, 0xbb, 0x1e, 0x3d, 0x9c, + 0x8f, 0xcb, 0xa4, 0x9b, 0x07, 0xea, 0x08, 0x91, + 0xc7, 0x09, 0xc9, 0x22, 0x66, 0x97, 0x0f, 0x38, + 0x4d, 0x5e, 0xcf, 0xbb, 0xa2, 0x1c, 0xc2, 0xc3, + 0x26, 0x3f, 0x6d, 0xeb, 0x82, 0x62, 0x72, 0xe2, + 0xa3, 0x9d, 0xe6, 0x3e, 0x9f, 0x76, 0xb8, 0x46, + 0x96, 0xa7, 0x70, 0x41, 0xea, 0xc1, 0x79, 0x88, + 0xd9, 0x2b, 0xd2, 0x1d, 0xed, 0x53, 0xd1, 0xad, + 0x36, 0x31, 0x8a, 0xc3, 0xaf, 0x5a, 0x71, 0xd7, + 0x8d, 0x12, 0x2e, 0x08, 0x72, 0x38, 0xc6, 0x30, + 0x13, 0x88, 0x9c, 0x60, 0x29, 0x53, 0x08, 0x6d, + 0x05, 0x16, 0x36, 0xb9, 0xab, 0xf8, 0x72, 0x9b, + 0x6a, 0x10, 0x76, 0xe3, 0x82, 0xff, 0x1c, 0x0b, + 0x32, 0x75, 0x14, 0xd3, 0xa5, 0xb2, 0x35, 0x9b, + 0x27, 0x96, 0xe7, 0xef, 0xb3, 0x15, 0xd7, 0xd4, + 0x44, 0x73, 0xe2, 0x0d, 0xa5, 0x1c, 0xed, 0xb2, + 0xd7, 0xa9, 0x58, 0xed, 0x74, 0x6e, 0x8d, 0x70, + 0x57, 0x30, 0x43, 0x86, 0x9d, 0x36, 0xfc, 0xd4, + 0x54, 0xa8, 0x52, 0xeb, 0xde, 0xb6, 0x99, 0x47, + 0xa2, 0x41, 0x3e, 0x4b, 0xff, 0xdf, 0xea, 0x22, + 0x32, 0xd0, 0xdd, 0xe9, 0x4b, 0xee, 0xf1, 0x76, + 0x9d, 0x4d, 0xa8, 0x8c, 0x82, 0x46, 0x97, 0xd9, + 0x4f, 0x0b, 0x21, 0xed, 0x53, 0x6e, 0x9d, 0x2f, + 0x28, 0x4e, 0xaf, 0xa4, 0x1b, 0xea, 0x9b, 0x19, + 0x23, 0xa1, 0xca, 0x5a, 0x4d, 0xf1, 0xa2, 0xb2, + 0x44, 0xe6, 0x1f, 0xad, 0xb4, 0x8a, 0x42, 0x7e, + 0x4a, 0x80, 0x61, 0x7f, 0x52, 0xca, 0x05, 0xd4, + 0x31, 0xd9, 0x16, 0x94, 0xc4, 0x7e, 0x05, 0xbe, + 0x5b, 0xa5, 0x36, 0x2c, 0xcc, 0xfa, 0x02, 0x35, + 0x8e, 0x6a, 0x81, 0xc7, 0xef, 0x0d, 0xd7, 0x82, + 0x4c, 0x12, 0x9b, 0x26, 0x80, 0x81, 0x4b, 0x69, + 0x2c, 0xb1, 0x30, 0xa8, 0xdc, 0xed, 0x71, 0xce, + 0xdb, 0x24, 0xe3, 0xe9, 0x4e, 0xe2, 0x8b, 0xa7, + 0x36, 0x19, 0x67, 0x6d, 0x1f, 0x27, 0x67, 0xc1, + 0x05, 0x74, 0xfa, 0x86, 0x1e, 0x7e, 0x50, 0x79, + 0xc6, 0xad, 0x05, 0x75, 0x06, 0xf6, 0xb7, 0x35, + 0xc4, 0x82, 0x1c, 0xc0, 0x65, 0x7b, 0x39, 0x51, + 0xd2, 0x36, 0xa5, 0xfa, 0xc3, 0x39, 0x92, 0x5c, + 0xc8, 0x05, 0xd2, 0x68, 0x8f, 0x63, 0x71, 0x21, + 0x08, 0x96, 0x52, 0x2a, 0xcf, 0xcb, 0x84, 0x6a, + 0x4b, 0xeb, 0x77, 0xc2, 0xe6, 0x35, 0x5c, 0x71, + 0x43, 0x06, 0xcc, 0xc4, 0xf2, 0xcf, 0x71, 0x14, + 0xd2, 0xc5, 0x7b, 0x26, 0xc2, 0x36, 0xf1, 0x41, + 0xd5, 0x2f, 0xc7, 0x23, 0x4a, 0xa8, 0xe4, 0x4d, + 0x94, 0xd2, 0xaa, 0xad, 0xee, 0xe7, 0x16, 0xb2, + 0xcc, 0xc0, 0x23, 0xac, 0xd1, 0xca, 0xcb, 0xc7, + 0x57, 0x2f, 0xd4, 0xda, 0xb1, 0xe7, 0x0a, 0x34, + 0x04, 0x71, 0x68, 0x3c, 0x2a, 0xd7, 0xac, 0x10, + 0xed, 0xef, 0x3e, 0x1f, 0xc6, 0x59, 0xe6, 0xd8, + 0x30, 0xa8, 0x44, 0x7c, 0xc3, 0xef, 0xd0, 0x0a, + 0x16, 0x65, 0x2b, 0x64, 0xcf, 0x64, 0x4b, 0x06, + 0x8b, 0xc0, 0xd5, 0x20, 0xa6, 0xf3, 0xf7, 0x9b, + 0xd5, 0x28, 0x6d, 0x7c, 0x6f, 0x8c, 0xbf, 0x39, + 0xf3, 0x0e, 0xf0, 0x0c, 0x21, 0x51, 0xfa, 0x49, + 0x59, 0xd8, 0x99, 0x55, 0x6e, 0x88, 0x99, 0xde, + 0xd1, 0xe2, 0xb4, 0xd4, 0x60, 0xea, 0x72, 0xe5, + 0x3e, 0xd9, 0xb5, 0xa9, 0x8b, 0x96, 0xdd, 0x77, + 0xef, 0x3e, 0x6a, 0x5c, 0x96, 0x85, 0x40, 0x12, + 0x89, 0x32, 0xe3, 0x87, 0xf1, 0x36, 0x50, 0x66, + 0x54, 0xa5, 0x9b, 0xee, 0xaa, 0xe6, 0x49, 0xaa, + 0x6f, 0x74, 0xea, 0xc0, 0x26, 0x92, 0x6a, 0x3b, + 0x7b, 0x7c, 0x0e, 0x9e, 0xdc, 0x56, 0xa8, 0xa1, + 0x50, 0xbe, 0x1d, 0x2a, 0xb7, 0xf8, 0x30, 0x59, + 0x4f, 0x29, 0x53, 0xc1, 0x0f, 0x2b, 0x4c, 0x26, + 0x69, 0xd4, 0x71, 0xf4, 0xb2, 0x2a, 0x56, 0x54, + 0x40, 0x2c, 0x7d, 0x03, 0x32, 0xdf, 0xb8, 0xf5, + 0xd1, 0x59, 0xd4, 0x93, 0x14, 0xc1, 0x7e, 0xf6, + 0x0e, 0x42, 0x6b, 0xee, 0xef, 0xf2, 0x81, 0x64, + 0xfb, 0xa1, 0x5a, 0x04, 0x63, 0x9b, 0xdd, 0xf1, + 0x43, 0x3a, 0x3f, 0x4d, 0x8b, 0x87, 0x14, 0x29, + 0x09, 0x7a, 0xa1, 0x91, 0x7e, 0x79, 0x18, 0x49, + 0xe9, 0xe4, 0xae, 0x84, 0xda, 0xac, 0x6a, 0x39, + 0x31, 0x9f, 0x92, 0xe4, 0xa7, 0x0a, 0x63, 0xa7, + 0xdd, 0xc9, 0x19, 0xa1, 0xf1, 0x79, 0x20, 0x9e, + 0x5c, 0x5b, 0xd1, 0x5b, 0x86, 0xba, 0xc2, 0xcd, + 0x39, 0x33, 0x36, 0xae, 0xb2, 0xf8, 0x5f, 0x2e, + 0x16, 0x3b, 0xab, 0xa6, 0xc1, 0x66, 0x29, 0xe1, + 0xe8, 0x8d, 0x61, 0xb2, 0x90, 0x6c, 0x8f, 0x5a, + 0x97, 0x15, 0x47, 0xb1, 0x99, 0x0a, 0x1d, 0x58, + 0xa0, 0x4c, 0xf4, 0x32, 0xa5, 0x45, 0xe9, 0x45, + 0xfd, 0x63, 0x8e, 0xb8, 0x71, 0xa6, 0x9f, 0x2c, + 0x75, 0x4c, 0x37, 0x1d, 0x60, 0x09, 0x0d, 0xc2, + 0xc7, 0x9c, 0xd4, 0x5a, 0xbd, 0x98, 0x85, 0xd0, + 0xd1, 0x38, 0xb5, 0x44, 0xe3, 0xf0, 0x89, 0x1c, + 0xf6, 0x01, 0xf7, 0xf1, 0x48, 0x3f, 0xfd, 0x29, + 0xb9, 0x37, 0x7e, 0x9a, 0x33, 0xbb, 0xa6, 0x3c, + 0xf7, 0x15, 0x65, 0x1e, 0x26, 0xaf, 0x1d, 0x02, + 0x07, 0x94, 0x3e, 0xd0, 0x42, 0x8f, 0xf4, 0xb5, + 0x9f, 0x63, 0xb6, 0xb4, 0xdc, 0x9d, 0xec, 0x62, + 0xa9, 0x90, 0xcc, 0x91, 0x3b, 0x91, 0x09, 0x6b, + 0xce, 0x2f, 0x83, 0x3e, 0xc6, 0x25, 0x98, 0x1e, + 0xbe, 0xa1, 0xb3, 0x97, 0x77, 0x7c, 0x6b, 0x2a, + 0x9e, 0x68, 0x98, 0x61, 0xe7, 0x6a, 0x23, 0xc2, + 0x81, 0x98, 0x62, 0x35, 0xbc, 0xb8, 0x00, 0xfb, + 0x28, 0xe3, 0x4c, 0xe3, 0xd8, 0x16, 0x77, 0xbd, + 0xea, 0xa6, 0x7e, 0xf3, 0xbf, 0x86, 0xe0, 0x09, + 0x93, 0xa8, 0xcf, 0xf2, 0x3c, 0x1c, 0xf6, 0xaf, + 0x93, 0x48, 0xdb, 0x04, 0xab, 0x1f, 0x49, 0x81, + 0x73, 0x10, 0x74, 0x4b, 0x01, 0x24, 0x14, 0xe3, + 0x99, 0x7e, 0xb3, 0x86, 0x6e, 0x1d, 0xf6, 0xfc, + 0xd1, 0xca, 0x64, 0x4d, 0xa0, 0xf2, 0x0b, 0xee, + 0x25, 0x87, 0xf9, 0x72, 0x32, 0xcd, 0x62, 0xc5, + 0xfe, 0x91, 0x81, 0x76, 0xa0, 0xd1, 0x42, 0xe6, + 0x80, 0x70, 0x39, 0x00, 0xa8, 0xe1, 0x31, 0x5d, + 0x9f, 0xad, 0x43, 0x74, 0xc9, 0x60, 0x2c, 0x3b, + 0x5e, 0xac, 0xf8, 0xf4, 0xe2, 0x99, 0xe3, 0x30, + 0x64, 0xc8, 0x0b, 0x65, 0xe9, 0x4a, 0xdc, 0x84, + 0x38, 0x2d, 0xd8, 0xd6, 0x75, 0xef, 0x53, 0x80, + 0x16, 0xa2, 0x1d, 0x76, 0x76, 0x1d, 0xaa, 0x48, + 0x87, 0x7d, 0xb2, 0xb5, 0xc6, 0x76, 0xe8, 0xf4, + 0x2c, 0x42, 0x53, 0xea, 0x86, 0xc2, 0xab, 0xed, + 0x54, 0x16, 0x69, 0x61, 0x63, 0x8b, 0x90, 0x8e, + 0xfd, 0x26, 0xff, 0x20, 0x76, 0x05, 0x59, 0x96, + 0x4c, 0x42, 0x3c, 0xa5, 0x56, 0xc0, 0x1c, 0x9d, + 0x9f, 0xeb, 0xbc, 0x55, 0x83, 0xe4, 0x88, 0xc1, + 0xbb, 0x3b, 0x6e, 0x2b, 0x0e, 0xa4, 0x58, 0x85, + 0xd7, 0xbb, 0x36, 0x2a, 0xbe, 0xf2, 0x1a, 0xfe, + 0x87, 0x43, 0x23, 0x3b, 0x39, 0x7f, 0x90, 0xc7, + 0xe3, 0x5a, 0xe8, 0xf2, 0x25, 0xfb, 0x09, 0xd0, + 0x3f, 0x29, 0xc6, 0x64, 0xe3, 0x30, 0xb9, 0xcd, + 0x35, 0xf7, 0x33, 0xa4, 0x31, 0x4b, 0x23, 0x6b, + 0x20, 0xf3, 0x7b, 0xfe, 0x00, 0xfc, 0xe9, 0xcb, + 0x11, 0x99, 0x10, 0x80, 0x4e, 0xba, 0x63, 0x6b, + 0xf8, 0x77, 0x7c, 0xf4, 0xec, 0xa5, 0xe8, 0xf1, + 0xf1, 0x43, 0x97, 0x85, 0xb2, 0x1d, 0x43, 0xce, + 0x26, 0xc0, 0x36, 0x30, 0x95, 0x15, 0x3f, 0x31, + 0x6c, 0x1f, 0x9b, 0x97, 0xfe, 0xa3, 0x17, 0x6b, + 0x11, 0x6e, 0x3c, 0xa6, 0xce, 0x83, 0xa2, 0xa4, + 0x56, 0xd1, 0xc9, 0x15, 0xf8, 0x73, 0x79, 0xa0, + 0x3d, 0x68, 0xdc, 0xff, 0xfe, 0x80, 0xb1, 0xcc, + 0x60, 0x0c, 0x02, 0x09, 0x14, 0xed, 0x58, 0x20, + 0x12, 0xb4, 0x88, 0x77, 0x59, 0x42, 0xa4, 0x65, + 0xce, 0x7a, 0xcc, 0xf0, 0x88, 0xf9, 0x7a, 0x6f, + 0xe8, 0x5f, 0x9b, 0xc8, 0x2a, 0x24, 0x6e, 0xa5, + 0x9e, 0x99, 0x55, 0xa8, 0x41, 0x8d, 0xb5, 0x00, + 0x69, 0x18, 0x6f, 0xb1, 0xbf, 0xfe, 0x06, 0x2f, + 0xe6, 0x38, 0x35, 0x3c, 0x4f, 0x5c, 0x4c, 0x53, + 0x28, 0xd9, 0x57, 0xad, 0xf3, 0x53, 0xa8, 0x6d, + 0xdd, 0xd1, 0xef, 0x33, 0x2c, 0x53, 0x7c, 0xb8, + 0x32, 0xff, 0xe7, 0x73, 0x14, 0x80, 0xab, 0x13, + 0x4b, 0x02, 0x06, 0xbe, 0xef, 0x43, 0x73, 0xa2, + 0x65, 0x51, 0xc4, 0x01, 0xd5, 0x4f, 0x62, 0x3f, + 0xb0, 0x78, 0xd9, 0x62, 0x6a, 0xd7, 0x87, 0x24, + 0x60, 0xf3, 0xab, 0x10, 0xd3, 0xa2, 0x78, 0xf2, + 0xc5, 0xc8, 0x4c, 0x7e, 0xfd, 0xb6, 0x4f, 0x60, + 0x82, 0x9a, 0x45, 0x11, 0x02, 0xd7, 0x4e, 0xcf, + 0x80, 0x7f, 0xef, 0xff, 0x5f, 0x83, 0xb2, 0xff, + 0x56, 0xf4, 0x90, 0xb6, 0x3c, 0xda, 0xee, 0xb9, + 0x51, 0xe6, 0x63, 0x74, 0xe1, 0xb3, 0x4d, 0xd2, + 0x18, 0x97, 0x4d, 0xfc, 0xa9, 0x34, 0xdb, 0x5b, + 0x39, 0x94, 0x11, 0x74, 0x35, 0xa5, 0x3c, 0xc6, + 0xae, 0x31, 0x82, 0x90, 0xf2, 0x6e, 0x20, 0x33, + 0x8d, 0xee, 0xa0, 0x45, 0xa9, 0xf1, 0x87, 0x2b, + 0x4c, 0xf9, 0xf2, 0x5c, 0x5e, 0xb0, 0xfb, 0xe8, + 0x41, 0x1f, 0x5f, 0x8b, 0xe1, 0x9a, 0x37, 0x24, + 0xd4, 0xe2, 0x47, 0x9d, 0x62, 0xa8, 0x3f, 0x6f, + 0xa3, 0x41, 0xea, 0x59, 0x06, 0x7a, 0x68, 0xd7, + 0xe2, 0x97, 0x2e, 0xfb, 0xc0, 0x77, 0x6c, 0xb0, + 0x79, 0x54, 0xc2, 0x46, 0xd3, 0xba, 0xdd, 0x1c, + 0x6b, 0xfb, 0x0b, 0x94, 0xae, 0x25, 0xa7, 0x98, + 0xc4, 0x14, 0x7e, 0x59, 0x52, 0x0d, 0x11, 0x6c, + 0x2b, 0x9e, 0xe7, 0x6a, 0x3f, 0x72, 0x31, 0xef, + 0x57, 0x2e, 0xcd, 0x59, 0x38, 0x0f, 0xd4, 0x4f, + 0x4a, 0x83, 0x19, 0x3d, 0x80, 0x41, 0xee, 0xff, + 0x58, 0x69, 0xfd, 0xb9, 0x3e, 0x72, 0xaf, 0xf6, + 0x59, 0x8f, 0xc1, 0x8e, 0x7e, 0x08, 0x41, 0x30, + 0xe9, 0xf2, 0x39, 0x61, 0xd4, 0x1a, 0x99, 0x4d, + 0xe8, 0xd5, 0x29, 0x63, 0xd1, 0x01, 0xa1, 0x64, + 0x03, 0x01, 0xce, 0x8a, 0xfa, 0x81, 0x53, 0x79, + 0x6c, 0x6b, 0xcc, 0x21, 0x4c, 0x61, 0x38, 0x89, + 0x0f, 0x8a, 0x3d, 0xce, 0x29, 0x93, 0xc5, 0xad, + 0x3c, 0xdf, 0x7e, 0x4c, 0x20, 0xc5, 0x20, 0xfe, + 0x0c, 0xd0, 0x5b, 0x24, 0xee, 0xe0, 0x1a, 0xe4, + 0x0e, 0xe3, 0x2a, 0x81, 0x1d, 0x00, 0x5d, 0x12, + 0x03, 0xfa, 0x22, 0xca, 0x22, 0x4c, 0xbc, 0x5d, + 0xee, 0xdf, 0xe2, 0x64, 0x8d, 0xc3, 0x50, 0xd2, + 0x0a, 0x0b, 0x3a, 0x6c, 0xdd, 0xbe, 0x8f, 0xa2, + 0x62, 0xba, 0xc4, 0x53, 0xe8, 0xf4, 0x33, 0x5e, + 0xbb, 0xaa, 0xc7, 0x39, 0x19, 0x75, 0x23, 0x37, + 0x7b, 0xa3, 0xb5, 0xe1, 0x22, 0x37, 0x14, 0x57, + 0xbd, 0xd0, 0xa6, 0x36, 0xfa, 0x5d, 0xef, 0x7c, + 0xed, 0xb1, 0x58, 0x33, 0x47, 0x69, 0x5d, 0x9c, + 0x49, 0x64, 0x10, 0x28, 0xaa, 0x5c, 0x29, 0xd5, + 0xb1, 0x97, 0x66, 0x8b, 0x84, 0x9c, 0x25, 0x76, + 0xd0, 0x0d, 0x23, 0x17, 0x37, 0xc0, 0x7d, 0x57, + 0x33, 0x00, 0x57, 0xc8, 0xba, 0x32, 0x68, 0x4e, + 0x04, 0xbe, 0xe4, 0xc2, 0xb6, 0xad, 0xea, 0xc3, + 0xa1, 0x47, 0xb7, 0xcd, 0x76, 0x85, 0xb9, 0x46, + 0x28, 0x82, 0x8d, 0x23, 0xef, 0x7e, 0x96, 0x72, + 0x71, 0x0e, 0xd4, 0xb3, 0xb3, 0xa6, 0x2e, 0x03, + 0xe4, 0xea, 0xde, 0xb9, 0x9a, 0x87, 0x7c, 0x89, + 0xf5, 0x40, 0x70, 0x06, 0xa6, 0x8a, 0xa1, 0x8c, + 0xa9, 0xe0, 0x5a, 0x49, 0xc6, 0x27, 0x4b, 0x8b, + 0xd8, 0x49, 0xeb, 0x0b, 0x36, 0x9b, 0xa4, 0x5d, + 0xda, 0x8c, 0xb1, 0x62, 0x55, 0xe2, 0x07, 0x96, + 0x52, 0x1a, 0xca, 0xa1, 0x76, 0xc6, 0x62, 0x4a, + 0x9f, 0xfa, 0x6d, 0x6b, 0xe6, 0xe5, 0x7b, 0x7a, + 0x7f, 0xde, 0x80, 0x1d, 0xb6, 0x26, 0x6b, 0x8e, + 0x38, 0xe7, 0x8d, 0x27, 0x8f, 0xb4, 0x27, 0xf5, + 0xe4, 0xb3, 0x7a, 0x1e, 0x4d, 0x82, 0x31, 0x9f, + 0x63, 0x40, 0x68, 0xfb, 0x8c, 0xcc, 0xb2, 0x75, + 0x18, 0x48, 0xa4, 0x0e, 0x3c, 0xf7, 0x7e, 0x1f, + 0x46, 0x90, 0xa4, 0x46, 0x86, 0xd4, 0x65, 0x4f, + 0x22, 0x89, 0xb3, 0x4f, 0x38, 0x13, 0x86, 0x1a, + 0xa5, 0x9d, 0x11, 0x93, 0x79, 0x05, 0xeb, 0xef, + 0xd2, 0x5d, 0x4c, 0xa1, 0x96, 0x1d, 0xfc, 0x17, + 0x27, 0x3f, 0x5f, 0x63, 0xdf, 0x2b, 0xa0, 0xd6, + 0xb8, 0x82, 0xf6, 0xda, 0x9e, 0xe0, 0xab, 0x26, + 0x74, 0x80, 0x2d, 0x0c, 0xa3, 0xd1, 0x7c, 0xa3, + 0xe3, 0xd6, 0x3e, 0x6b, 0x21, 0xe5, 0xc0, 0x21, + 0xdc, 0x34, 0x79, 0xbb, 0xbc, 0x6b, 0xc3, 0x46, + 0x1d, 0x5e, 0x7c, 0x13, 0x2b, 0xa0, 0xb8, 0x73, + 0xc8, 0x5f, 0x49, 0x97, 0x96, 0xbd, 0x9d, 0xca, + 0x3b, 0xa5, 0x69, 0xb9, 0x4c, 0x01, 0xab, 0x6f, + 0xdb, 0xaf, 0x7f, 0x31, 0x28, 0x07, 0x82, 0x99, + 0x32, 0x60, 0xd6, 0x81, 0xea, 0xda, 0x05, 0xed, + 0x85, 0xca, 0x69, 0xb7, 0xa9, 0x64, 0xea, 0xc8, + 0xd9, 0xf3, 0x45, 0x08, 0x73, 0x71, 0x0b, 0x3c, + 0x36, 0xf1, 0x44, 0xba, 0x22, 0xc2, 0x43, 0xe9, + 0x9e, 0x4c, 0x5c, 0x74, 0xfa, 0x24, 0x73, 0x83, + 0x2e, 0x67, 0x3e, 0xab, 0x80, 0xad, 0xc1, 0x98, + 0x14, 0x18, 0x19, 0x30, 0x4d, 0x56, 0x69, 0xa8, + 0xb3, 0xbb, 0xcf, 0xd0, 0xd1, 0x07, 0x0e, 0x14, + 0x1e, 0x26, 0x29, 0x31, 0x39, 0x42, 0x43, 0x58, + 0x72, 0x7d, 0x82, 0x83, 0x8c, 0x9e, 0xa2, 0xb8, + 0xd3, 0xd7, 0x0d, 0x23, 0x29, 0x7b, 0x7c, 0xb4, + 0xb5, 0xbe, 0xd6, 0xfe, 0x0b, 0x19, 0x4d, 0x5a, + 0x6c, 0x8d, 0x92, 0xac, 0xb8, 0xd4, 0xe4, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0d, 0x22, 0x2c, 0x37 + }; +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 + /* ML-DSA-65: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Public key (1952 bytes) */ + static const byte pk_65[] = { + 0x14, 0x83, 0x23, 0x6f, 0xc9, 0xf9, 0x43, 0xd9, + 0x84, 0x17, 0x80, 0x9e, 0x95, 0x40, 0x53, 0x84, + 0x53, 0x0e, 0xd8, 0x3e, 0x15, 0x1e, 0x84, 0x65, + 0xd3, 0x4e, 0x46, 0x38, 0xf1, 0xf8, 0xd7, 0x05, + 0x8d, 0x62, 0xe1, 0x9a, 0xb8, 0x06, 0x49, 0x08, + 0x83, 0xa8, 0x23, 0x17, 0x6d, 0x4d, 0xc8, 0xa3, + 0xc1, 0x0c, 0x99, 0x60, 0xd0, 0xe9, 0x48, 0xa9, + 0xf7, 0xb6, 0x2c, 0xa8, 0xe1, 0x18, 0xde, 0x5d, + 0x7a, 0x05, 0xbb, 0x18, 0xe8, 0x01, 0x8b, 0x6c, + 0xac, 0xb4, 0xfe, 0x78, 0x85, 0x49, 0x05, 0x99, + 0x93, 0x9d, 0x90, 0xd0, 0x04, 0xbd, 0x48, 0x0b, + 0x11, 0x6f, 0x5d, 0x66, 0x27, 0xb6, 0xc4, 0xc1, + 0xb2, 0xa1, 0x49, 0x6c, 0xc3, 0x52, 0x5e, 0xf9, + 0xf1, 0x99, 0x53, 0xec, 0x63, 0xcd, 0xd6, 0xeb, + 0xdb, 0x21, 0xd6, 0x5b, 0x27, 0xc6, 0x44, 0x19, + 0x49, 0x16, 0xaa, 0xd0, 0x7c, 0xc5, 0x59, 0xb0, + 0x8c, 0xfc, 0x12, 0x82, 0xd2, 0x5d, 0x72, 0x76, + 0xc9, 0xe5, 0x06, 0x2e, 0x0b, 0x1c, 0x4c, 0xf1, + 0x11, 0xc0, 0xa9, 0xdc, 0xc4, 0x9b, 0xf4, 0x0f, + 0x5e, 0xd3, 0xc2, 0x7c, 0xb4, 0xe7, 0x8e, 0x39, + 0xc1, 0xf0, 0x68, 0x73, 0x6a, 0x78, 0x8e, 0x2e, + 0xd4, 0xa0, 0x2e, 0x9e, 0xf2, 0x3e, 0xac, 0xe8, + 0x02, 0xcd, 0x29, 0x5b, 0x6e, 0xb9, 0x7d, 0x53, + 0x30, 0x91, 0xb3, 0x29, 0x3d, 0x9b, 0xad, 0x29, + 0x38, 0xdf, 0xde, 0xcf, 0x2c, 0x4f, 0x9f, 0x63, + 0x87, 0xb3, 0x8a, 0x7f, 0xd2, 0x27, 0x38, 0xa0, + 0x10, 0xb8, 0x59, 0x49, 0x68, 0x86, 0x50, 0xb6, + 0xf0, 0x63, 0xb6, 0xbc, 0x63, 0x50, 0xa1, 0xe8, + 0x4c, 0x86, 0x9f, 0xb3, 0xbb, 0xcd, 0xc4, 0xbf, + 0x6c, 0x0d, 0x06, 0x74, 0xd7, 0xc0, 0x7f, 0x7a, + 0xe7, 0x8e, 0x4b, 0xbb, 0x30, 0x2b, 0x6d, 0xb8, + 0x48, 0x8b, 0x5f, 0x91, 0x64, 0xe5, 0xe2, 0x64, + 0x68, 0x2e, 0x45, 0xe7, 0x1b, 0x58, 0xfc, 0x19, + 0xad, 0xf5, 0xea, 0x89, 0x24, 0x39, 0xeb, 0x35, + 0x2a, 0xfd, 0xdb, 0x63, 0xd2, 0x21, 0x77, 0xae, + 0xf1, 0x72, 0x61, 0x90, 0x9e, 0x3f, 0x87, 0xbc, + 0xc7, 0xe1, 0xb1, 0xa5, 0x8c, 0xd5, 0xde, 0x8f, + 0x8a, 0x88, 0x6a, 0x12, 0xd7, 0x13, 0x7c, 0xe5, + 0xbf, 0xbd, 0x2c, 0x53, 0xec, 0xeb, 0xfd, 0x1b, + 0x9f, 0x22, 0x98, 0x58, 0x3d, 0x76, 0x7e, 0x0d, + 0xb5, 0x17, 0x8b, 0x95, 0x2f, 0x4d, 0x06, 0x9d, + 0x66, 0xfd, 0xed, 0xca, 0x1f, 0xbd, 0xcf, 0x87, + 0x20, 0xaa, 0xaa, 0x53, 0x13, 0xc0, 0x50, 0x0e, + 0xcf, 0x95, 0xb9, 0xb7, 0x0e, 0x7e, 0x3d, 0x58, + 0xdd, 0x2b, 0x57, 0x43, 0x3d, 0x3a, 0x06, 0x37, + 0xdf, 0x36, 0xe9, 0x64, 0xb2, 0x1f, 0x44, 0xf7, + 0x91, 0xb3, 0xaf, 0x90, 0x74, 0xd6, 0xdb, 0xc9, + 0xa2, 0xfc, 0x04, 0x1d, 0x9e, 0x22, 0xd5, 0xe3, + 0x87, 0xc4, 0x08, 0x1e, 0x6d, 0x4c, 0xce, 0x6a, + 0xb1, 0x1f, 0xc8, 0xb4, 0xf2, 0xc7, 0x18, 0xeb, + 0x2a, 0x19, 0x92, 0x4e, 0x3f, 0x17, 0xea, 0x1f, + 0x44, 0xd0, 0x08, 0x4b, 0x5d, 0x52, 0x96, 0xa9, + 0x7a, 0x36, 0x24, 0xe4, 0xe1, 0xf6, 0xca, 0x05, + 0x22, 0x9f, 0x28, 0x88, 0x55, 0x7a, 0xab, 0x57, + 0x7f, 0xd7, 0x2f, 0x8d, 0xc3, 0x28, 0xf0, 0xe4, + 0xf4, 0x5d, 0xd1, 0x3a, 0x19, 0x19, 0x20, 0xf6, + 0x71, 0xac, 0xe3, 0xbc, 0x29, 0xdc, 0x31, 0x95, + 0xe9, 0x51, 0xd0, 0xf5, 0xee, 0xaa, 0x09, 0x5a, + 0x3d, 0x5f, 0x20, 0xe4, 0xe4, 0xea, 0x1a, 0xc1, + 0x57, 0x26, 0x1c, 0x1c, 0x51, 0x4a, 0xeb, 0x69, + 0x40, 0xe6, 0x30, 0x53, 0xad, 0x68, 0x38, 0x3f, + 0x14, 0xe9, 0x23, 0x60, 0x2e, 0x6b, 0x24, 0x1e, + 0x98, 0x13, 0x24, 0x6b, 0x47, 0xf0, 0x09, 0xdb, + 0x44, 0x6f, 0xbf, 0x61, 0x24, 0x6b, 0xad, 0x7e, + 0xd3, 0x86, 0x64, 0x7d, 0x02, 0x0a, 0x85, 0x4c, + 0xca, 0x39, 0xec, 0xae, 0x5f, 0xa6, 0xd6, 0x67, + 0xcb, 0x6d, 0x43, 0x3f, 0x02, 0xbc, 0x2f, 0xab, + 0x9f, 0x37, 0x09, 0x6f, 0x3c, 0x12, 0x77, 0x41, + 0xec, 0x02, 0xa4, 0x6c, 0x81, 0x02, 0x2e, 0x07, + 0x0a, 0xe1, 0xdf, 0x54, 0x62, 0x3d, 0xf4, 0x4c, + 0x5c, 0x74, 0x4e, 0xdd, 0x0d, 0x3b, 0xc6, 0x65, + 0x81, 0xb8, 0xe1, 0x34, 0x8e, 0x75, 0xb5, 0xc5, + 0x2d, 0x0e, 0x41, 0xbc, 0x71, 0xed, 0xad, 0x5b, + 0x12, 0xdd, 0xa2, 0x28, 0x07, 0x24, 0xb7, 0xd7, + 0x04, 0xbf, 0xf2, 0xaf, 0x04, 0x50, 0x5f, 0x65, + 0xae, 0x49, 0x6d, 0xa8, 0x67, 0x01, 0xd3, 0x6b, + 0xc9, 0xaf, 0xb0, 0xb1, 0x99, 0x44, 0x2a, 0x9c, + 0x5c, 0x74, 0x3d, 0x97, 0x88, 0x0e, 0x89, 0xc8, + 0xcc, 0xb3, 0x4c, 0x51, 0x89, 0x06, 0x02, 0x62, + 0x79, 0x24, 0x31, 0x6e, 0x79, 0xd4, 0x41, 0x5c, + 0xc1, 0xc2, 0xed, 0x49, 0x0a, 0x7a, 0x6e, 0xbb, + 0x4b, 0x50, 0x71, 0x81, 0xcf, 0xf1, 0x8b, 0xb5, + 0x3a, 0x6b, 0x8f, 0x81, 0x6c, 0x15, 0xa2, 0xea, + 0x86, 0x67, 0xce, 0x59, 0xed, 0xbe, 0x8f, 0x42, + 0x37, 0x60, 0x01, 0xe3, 0x19, 0x81, 0x31, 0x0c, + 0xa4, 0x03, 0xe0, 0x83, 0x28, 0xaa, 0x97, 0x82, + 0x8d, 0xc3, 0xa8, 0x6c, 0x26, 0x08, 0x19, 0xbc, + 0x8d, 0xf7, 0x2a, 0x3e, 0x29, 0x65, 0x7c, 0xa6, + 0x5b, 0x77, 0x63, 0xa5, 0x40, 0x67, 0x95, 0x8c, + 0xcd, 0x6f, 0xd7, 0x3d, 0xf7, 0x89, 0xb3, 0x06, + 0xa3, 0x71, 0x85, 0xc8, 0x11, 0x7f, 0x0c, 0x86, + 0xcf, 0x9d, 0x1c, 0x48, 0xd1, 0x02, 0xec, 0xa8, + 0x34, 0x3f, 0x41, 0xf8, 0x6f, 0x60, 0x84, 0xe2, + 0xe7, 0x2e, 0x69, 0x52, 0x35, 0x7d, 0x7d, 0xc0, + 0x76, 0xa0, 0x2a, 0x7c, 0xef, 0x64, 0x72, 0x4a, + 0xe6, 0x34, 0xe3, 0x57, 0x12, 0xe2, 0x91, 0xa2, + 0x47, 0x04, 0xd2, 0x93, 0x97, 0x17, 0x24, 0x63, + 0x71, 0xb4, 0x2c, 0x11, 0xa6, 0x72, 0xfe, 0x8f, + 0xd3, 0x1d, 0xa8, 0x3f, 0xc3, 0xd5, 0xde, 0x65, + 0x0f, 0xb2, 0x13, 0x6a, 0x13, 0xa0, 0xd6, 0x22, + 0x9a, 0x11, 0x5e, 0xa3, 0x75, 0x8e, 0x3a, 0xd0, + 0x81, 0x0a, 0x99, 0x94, 0x42, 0x75, 0xfa, 0x8f, + 0xec, 0xfd, 0x2b, 0xf1, 0xd1, 0x30, 0xb4, 0x04, + 0x73, 0xf4, 0xab, 0xf8, 0x86, 0x48, 0x5a, 0x1e, + 0x36, 0x29, 0x0d, 0xb4, 0x37, 0xb3, 0x31, 0xdb, + 0x30, 0x35, 0x39, 0xf9, 0x8d, 0x29, 0x81, 0x83, + 0x50, 0x9d, 0x93, 0x4f, 0x1a, 0x74, 0x7a, 0xf2, + 0x9b, 0xc3, 0x6b, 0xd7, 0xca, 0x79, 0xe5, 0xd4, + 0x0d, 0x09, 0x8e, 0xbf, 0xe6, 0x1f, 0x40, 0x06, + 0x20, 0xb5, 0xb1, 0xaf, 0xb8, 0x13, 0x27, 0x34, + 0x2a, 0xad, 0xec, 0x63, 0x4f, 0x1a, 0x77, 0xda, + 0xe7, 0x93, 0xd5, 0x5a, 0x25, 0x2d, 0x39, 0x1a, + 0xd1, 0x55, 0xa6, 0x15, 0x0a, 0xb0, 0x49, 0xcb, + 0xa0, 0x27, 0x0f, 0x07, 0x93, 0x6a, 0xc2, 0x15, + 0x75, 0xbe, 0x6f, 0xad, 0x53, 0xa0, 0xdc, 0x23, + 0xf4, 0x62, 0xe3, 0x77, 0xf2, 0xc8, 0x82, 0x39, + 0x1b, 0xac, 0x1c, 0x17, 0xc1, 0x1d, 0x18, 0xa6, + 0x77, 0xc3, 0xef, 0xfa, 0xcc, 0x4c, 0x6a, 0x92, + 0x05, 0x96, 0xf8, 0x65, 0x4b, 0xb4, 0x95, 0x57, + 0x50, 0xbc, 0xbc, 0x18, 0x74, 0x43, 0x75, 0x65, + 0x6f, 0x0b, 0x59, 0x4d, 0x82, 0x58, 0x72, 0xbb, + 0x16, 0x1a, 0x1b, 0x7f, 0xdf, 0xe7, 0xd0, 0x1e, + 0x7a, 0x19, 0xe0, 0x2f, 0x41, 0xab, 0x9d, 0x02, + 0xd1, 0xfe, 0xd4, 0x71, 0x61, 0x71, 0x61, 0x72, + 0xb8, 0xd6, 0x8d, 0xb0, 0x4e, 0x57, 0xc7, 0x40, + 0x53, 0xda, 0xc7, 0x85, 0xe9, 0x24, 0x5b, 0xcc, + 0x8d, 0xca, 0x48, 0xc7, 0x36, 0x45, 0x7e, 0xde, + 0xb8, 0xa0, 0x75, 0xc1, 0xc4, 0x22, 0x54, 0xe8, + 0x71, 0x10, 0xcb, 0xe4, 0xa9, 0x09, 0x42, 0x1a, + 0xe6, 0xae, 0xce, 0xce, 0x5d, 0x65, 0x83, 0x47, + 0x39, 0xbe, 0x6c, 0xac, 0x51, 0xd1, 0x02, 0x3c, + 0xa2, 0x5c, 0x32, 0x2b, 0x7b, 0x34, 0x61, 0xec, + 0x65, 0x16, 0x8c, 0xcc, 0xf4, 0x83, 0xa2, 0x66, + 0x8f, 0xb4, 0x52, 0x7b, 0xcb, 0x31, 0x25, 0x64, + 0xc4, 0x09, 0x72, 0x24, 0xdb, 0xc3, 0x8a, 0xb3, + 0x97, 0xc3, 0xa7, 0xfd, 0x69, 0x3b, 0x29, 0x99, + 0x2b, 0x9a, 0x77, 0x3c, 0x43, 0xc0, 0xe9, 0xe9, + 0x44, 0x79, 0xf1, 0x76, 0x2c, 0x91, 0xc3, 0x67, + 0xd9, 0xa0, 0x79, 0xb1, 0x3f, 0xdc, 0x38, 0xbd, + 0x74, 0xf2, 0x09, 0xe4, 0xd5, 0x43, 0xab, 0xf8, + 0xc9, 0xb1, 0x4c, 0xed, 0x01, 0x55, 0x99, 0xdf, + 0xae, 0x94, 0x72, 0x33, 0x61, 0xac, 0xbf, 0x6c, + 0x1c, 0x04, 0x34, 0xdc, 0x0e, 0xfa, 0xf2, 0x2c, + 0x61, 0x05, 0x77, 0x75, 0xf1, 0x7f, 0x36, 0xd7, + 0x6f, 0xd7, 0x5d, 0x6b, 0xfc, 0xe7, 0xdc, 0xe9, + 0x22, 0xdc, 0xd7, 0x58, 0x5a, 0xa3, 0x3c, 0xae, + 0x7a, 0x69, 0x16, 0xc4, 0xe4, 0xac, 0x5f, 0x86, + 0xe4, 0x75, 0x3f, 0x8c, 0xc7, 0x98, 0xc2, 0x02, + 0x05, 0xc8, 0xc4, 0x76, 0x56, 0xfb, 0xad, 0x77, + 0x99, 0xb6, 0xa5, 0x3d, 0xae, 0x5d, 0xcb, 0x74, + 0xcd, 0xb6, 0x77, 0xff, 0xfa, 0x66, 0xcb, 0xf2, + 0x87, 0x3a, 0x21, 0x94, 0x13, 0x71, 0x45, 0x78, + 0xd6, 0xda, 0x3b, 0x61, 0xaa, 0x29, 0xc4, 0x94, + 0xc2, 0xf0, 0x84, 0xbe, 0x1f, 0xa1, 0xc1, 0xcc, + 0x40, 0xd1, 0xe4, 0xa4, 0x24, 0xa4, 0xce, 0xc7, + 0x3e, 0x45, 0x50, 0x62, 0xb6, 0xe2, 0x8c, 0x33, + 0x38, 0x39, 0x57, 0x0d, 0x6f, 0xc6, 0xc0, 0x84, + 0x02, 0xa8, 0xd3, 0x9f, 0x14, 0x5b, 0x97, 0xc3, + 0xaa, 0xcc, 0x6f, 0x24, 0x70, 0x2e, 0x80, 0xf6, + 0x6f, 0x5d, 0x2f, 0xa1, 0x53, 0x0c, 0xff, 0x2a, + 0x07, 0x48, 0x6b, 0x3d, 0x38, 0xd8, 0xc9, 0x99, + 0x4e, 0xe6, 0x33, 0xc2, 0xe5, 0x27, 0xaf, 0x49, + 0xfb, 0xe2, 0x6f, 0x63, 0x4c, 0x66, 0x63, 0xcf, + 0x95, 0x52, 0x0e, 0x04, 0xa7, 0x6f, 0x33, 0xe8, + 0x87, 0x68, 0x26, 0xb8, 0x88, 0x87, 0xc4, 0xfe, + 0x8f, 0xde, 0xb1, 0xc5, 0x0f, 0x55, 0xc7, 0xe7, + 0xfb, 0xc2, 0xa5, 0x07, 0x7f, 0xa0, 0x29, 0xdb, + 0x53, 0xb7, 0xcd, 0x8f, 0xa3, 0x57, 0x6b, 0xbc, + 0x21, 0x9a, 0xe7, 0xd7, 0xb2, 0x15, 0x18, 0xfd, + 0x94, 0xfa, 0x18, 0x7d, 0x39, 0xd6, 0x31, 0x87, + 0xbf, 0x9f, 0x2b, 0xf2, 0x59, 0x2f, 0x1a, 0x7a, + 0x35, 0x62, 0x81, 0x37, 0xd8, 0x2e, 0x50, 0x47, + 0x7f, 0xf3, 0x40, 0x6d, 0xab, 0xfe, 0x55, 0x8a, + 0x3f, 0xd3, 0x0d, 0x4e, 0x72, 0xd1, 0xf5, 0x23, + 0xeb, 0xf5, 0x1d, 0xf6, 0xc7, 0xbf, 0xd9, 0xc8, + 0x53, 0x25, 0x89, 0x7a, 0x79, 0x49, 0x11, 0x3f, + 0x30, 0xc9, 0x57, 0x0f, 0x3a, 0x9f, 0xba, 0xf7, + 0x36, 0x58, 0x43, 0x0c, 0x3b, 0x2a, 0xfa, 0x43, + 0xbf, 0x9d, 0x37, 0xd5, 0x41, 0x0b, 0x5e, 0x41, + 0x6c, 0x5c, 0xf3, 0x75, 0xcf, 0x9a, 0xdd, 0xce, + 0xcf, 0x56, 0x0e, 0x7d, 0x63, 0x6c, 0x2d, 0x58, + 0xb8, 0x9d, 0x3e, 0x5a, 0x44, 0x62, 0x01, 0x99, + 0x0e, 0xff, 0xc4, 0x67, 0xff, 0xba, 0x10, 0x09, + 0xee, 0x90, 0xd0, 0xf4, 0x6b, 0xd2, 0xd7, 0x01, + 0x8a, 0xe9, 0x2c, 0xab, 0xec, 0xf6, 0x21, 0x30, + 0xbd, 0x7b, 0x4a, 0x07, 0x7a, 0xf3, 0x18, 0x82, + 0xa7, 0x13, 0xc7, 0x35, 0x72, 0x38, 0x75, 0x33, + 0xea, 0x24, 0x9c, 0x9a, 0x18, 0xf0, 0x59, 0x9c, + 0x06, 0xee, 0x21, 0x6c, 0xfc, 0x60, 0xf7, 0x49, + 0x8b, 0x2a, 0x75, 0xf3, 0xf8, 0x14, 0x3d, 0x90, + 0xa4, 0xab, 0xf8, 0x65, 0x1d, 0xef, 0xad, 0x60, + 0x0f, 0xd3, 0x32, 0xab, 0x09, 0xe3, 0xd8, 0xfa, + 0xef, 0xa2, 0xec, 0x91, 0x52, 0xea, 0xf6, 0xf2, + 0xbe, 0x6b, 0x78, 0x62, 0x90, 0x22, 0xc0, 0x23, + 0x18, 0x49, 0xbe, 0x4c, 0x13, 0xfa, 0x08, 0xb8, + 0x27, 0xec, 0x30, 0x11, 0x50, 0xfa, 0x38, 0x06, + 0x63, 0xf7, 0x37, 0x41, 0x8c, 0x8b, 0xf0, 0x70, + 0x0f, 0x43, 0x27, 0xf5, 0x8c, 0x22, 0x56, 0xf8, + 0xba, 0x8b, 0x61, 0x17, 0x6d, 0xfd, 0x1a, 0xce, + 0x6a, 0x81, 0xc1, 0x90, 0x33, 0xe3, 0xd6, 0x78, + 0xa9, 0xcb, 0x23, 0x4f, 0x85, 0xa5, 0xb6, 0x37, + 0x2e, 0xaf, 0x1a, 0x18, 0x83, 0xf5, 0xac, 0xed, + 0x3a, 0xdf, 0x58, 0xb7, 0xfa, 0xbf, 0xe4, 0x4d, + 0x98, 0x6d, 0xbe, 0xda, 0x35, 0x1e, 0xa9, 0xde, + 0x5a, 0x84, 0x1c, 0xd5, 0x23, 0x33, 0x6f, 0x98, + 0x6a, 0xb8, 0xfb, 0xbe, 0xcf, 0x1f, 0x52, 0xb1, + 0xe8, 0x7d, 0xbb, 0x3a, 0xc4, 0x57, 0xa7, 0x43, + 0xfa, 0xe8, 0x99, 0xa5, 0xbb, 0x3d, 0x10, 0xea, + 0xfc, 0x4d, 0x08, 0x08, 0xb7, 0xfa, 0x98, 0xc8, + 0x06, 0x80, 0x93, 0xca, 0xe7, 0xa0, 0xbc, 0x20, + 0x74, 0xba, 0xa7, 0x01, 0x27, 0x37, 0x34, 0xc2, + 0x8e, 0x97, 0xcd, 0x11, 0x02, 0xff, 0xbc, 0xeb, + 0xb8, 0x3e, 0xbb, 0x17, 0xc9, 0x20, 0x0b, 0xe6, + 0xdb, 0xe5, 0x8b, 0xc8, 0x7c, 0x52, 0x2e, 0x4d, + 0x24, 0x25, 0x42, 0x04, 0xfd, 0x2e, 0xc5, 0x2c, + 0x60, 0xc1, 0x22, 0x56, 0x49, 0xc3, 0xde, 0xe1, + 0x70, 0x12, 0xc1, 0xcc, 0x0d, 0x5c, 0xda, 0x0b, + 0x2f, 0x0f, 0xc4, 0xf2, 0x72, 0x74, 0xe0, 0x4a, + 0xce, 0xde, 0x68, 0xba, 0xce, 0x92, 0xe2, 0x94, + 0xb5, 0x89, 0xbe, 0x45, 0xd7, 0x4c, 0x53, 0x77, + 0xaf, 0xea, 0xc7, 0x18, 0x2f, 0x4b, 0x70, 0x2b, + 0x5a, 0x50, 0xb4, 0x9f, 0x1b, 0x32, 0xbd, 0x47, + 0x64, 0x83, 0x95, 0x7c, 0x66, 0x46, 0x76, 0xa8, + 0x19, 0xfe, 0x68, 0x51, 0xf0, 0x77, 0x68, 0xda, + 0x82, 0x26, 0x1c, 0x75, 0xd5, 0x3f, 0x8f, 0x04, + 0xa6, 0x42, 0x91, 0xa5, 0x6e, 0x00, 0x8b, 0x11, + 0xae, 0x09, 0xee, 0x73, 0x92, 0x32, 0x57, 0xec, + 0x19, 0x50, 0x20, 0xd9, 0x58, 0xf7, 0xb6, 0xd4, + 0x3a, 0xba, 0x26, 0x89, 0x78, 0xcb, 0x33, 0xb1, + 0x50, 0xa9, 0xc0, 0xde, 0xca, 0xfb, 0xb3, 0x62, + 0x91, 0x25, 0x75, 0x12, 0xcc, 0x7f, 0x2c, 0xb0, + 0xb5, 0x56, 0x4a, 0x0f, 0x81, 0xef, 0x46, 0x86, + 0x83, 0x8c, 0xdb, 0xfe, 0x10, 0x47, 0x55, 0x20, + 0xe6, 0xef, 0x69, 0x04, 0x7c, 0xca, 0x86, 0x4e, + 0x50, 0xc8, 0x6e, 0x9d, 0x91, 0xfc, 0x4e, 0xae, + 0x74, 0x1d, 0x4b, 0xe8, 0xad, 0x7b, 0x12, 0x95, + 0x2b, 0x76, 0xc3, 0x42, 0x95, 0x48, 0x16, 0x9c, + 0x37, 0x0a, 0x7a, 0x5e, 0x2d, 0xb3, 0xfc, 0x80, + 0x9b, 0x99, 0x30, 0x95, 0x2e, 0xf5, 0xaf, 0x9c, + 0xdc, 0xca, 0xf7, 0x4f, 0xc1, 0x3d, 0x0d, 0xb8, + 0xd5, 0x58, 0x62, 0x85, 0x8e, 0x47, 0xe4, 0xc6, + 0xf6, 0x6f, 0xda, 0x9d, 0xa4, 0x23, 0xb8, 0x84, + 0xdb, 0x6e, 0xd7, 0x9d, 0x01, 0x25, 0x87, 0xf7, + 0x57, 0xf0, 0xbd, 0x97, 0x46, 0x80, 0xad, 0x8e + }; + /* Message (33 bytes) */ + static const byte msg_65[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_65[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signature for empty context (ctx=NULL, ctxLen=0), 3309 bytes */ + static const byte sig_65_ctx0[] = { + 0x72, 0x7f, 0x65, 0x82, 0xe8, 0xd2, 0xe3, 0xc8, + 0xd5, 0xe7, 0x29, 0xca, 0x43, 0x91, 0xda, 0x3d, + 0xcc, 0xfb, 0x78, 0x7b, 0xc5, 0x9c, 0x68, 0x1a, + 0xb0, 0x33, 0x34, 0x71, 0x63, 0x7f, 0x55, 0x03, + 0x81, 0x10, 0x83, 0x60, 0xa7, 0x22, 0x67, 0x10, + 0x87, 0x71, 0xf4, 0xd5, 0xf6, 0x88, 0x1d, 0xa8, + 0x29, 0x4d, 0x82, 0x7c, 0x17, 0x34, 0xea, 0xa4, + 0x09, 0x51, 0x53, 0x22, 0xc0, 0x74, 0x44, 0x87, + 0xad, 0x3a, 0x24, 0x6a, 0x1b, 0x30, 0x3f, 0xfa, + 0x19, 0x52, 0x7f, 0x78, 0x3a, 0x24, 0x90, 0x93, + 0xb6, 0xe1, 0x9e, 0x68, 0xd8, 0x72, 0x28, 0x8e, + 0x95, 0xd5, 0x1e, 0x30, 0xd8, 0x13, 0x19, 0x86, + 0x65, 0xfb, 0x57, 0x9c, 0xaa, 0x1a, 0xf2, 0xf0, + 0xc4, 0xf7, 0xc0, 0x4a, 0xb0, 0x36, 0xec, 0x41, + 0x10, 0x5f, 0x9a, 0x5d, 0x7e, 0xff, 0x81, 0xcc, + 0x0d, 0xfc, 0xab, 0x2d, 0x93, 0x8e, 0xc3, 0x7c, + 0x4b, 0xe2, 0x22, 0x5c, 0x73, 0x61, 0x4c, 0xe9, + 0x29, 0x16, 0x1e, 0x2e, 0xd7, 0x0c, 0x2d, 0x4f, + 0x5c, 0xba, 0x29, 0xa9, 0xce, 0xba, 0x50, 0x9c, + 0xb0, 0xb9, 0x66, 0x40, 0x43, 0x95, 0x90, 0xa4, + 0xbc, 0xd3, 0xe1, 0x79, 0x2f, 0x6a, 0xbc, 0xda, + 0x23, 0x89, 0xf6, 0xfe, 0x07, 0x5a, 0xf1, 0xaf, + 0x7f, 0x83, 0x64, 0x16, 0x71, 0xf5, 0x87, 0x06, + 0x17, 0xf6, 0x48, 0x3e, 0xb6, 0xd1, 0x91, 0xca, + 0xad, 0x92, 0xf5, 0x0c, 0x63, 0xfa, 0x58, 0x3b, + 0x96, 0x2b, 0x88, 0x56, 0xbc, 0x9d, 0x47, 0x0c, + 0x42, 0x18, 0x72, 0x0d, 0x32, 0xea, 0x22, 0x7a, + 0x90, 0xc2, 0xf4, 0xfc, 0xac, 0x43, 0x2c, 0x74, + 0xd7, 0x63, 0xd5, 0xc9, 0x82, 0xc6, 0xc8, 0xe9, + 0xe1, 0xa9, 0xc6, 0xd2, 0x8a, 0x73, 0x2c, 0xb5, + 0x26, 0x70, 0xab, 0xc6, 0xe2, 0xf8, 0xbd, 0x2a, + 0xc2, 0xa5, 0xf9, 0xb0, 0x20, 0xbc, 0xfb, 0x43, + 0x02, 0xb4, 0x3a, 0x30, 0x87, 0x81, 0x23, 0x50, + 0xd9, 0xc3, 0x8a, 0x43, 0xdf, 0x8e, 0x22, 0x4f, + 0x71, 0x74, 0x52, 0x39, 0x04, 0x3a, 0x72, 0xc6, + 0x3f, 0x5f, 0x01, 0x94, 0xe8, 0xb7, 0x86, 0x38, + 0xf8, 0xd9, 0x33, 0x8f, 0x4f, 0x9d, 0x89, 0x47, + 0x18, 0x3c, 0x4d, 0x15, 0xc8, 0xba, 0x1e, 0x5c, + 0x20, 0x3e, 0x42, 0x20, 0x06, 0x6e, 0x44, 0x9e, + 0xdd, 0x66, 0x30, 0x75, 0xd9, 0x9a, 0xf8, 0x03, + 0x0a, 0x6f, 0x3a, 0x3d, 0x18, 0x8d, 0x4e, 0x94, + 0xc4, 0x41, 0x33, 0xd2, 0xe5, 0x5f, 0x73, 0xf7, + 0xcf, 0xe2, 0xe3, 0x92, 0xb5, 0x7e, 0xbf, 0xef, + 0xd0, 0x59, 0xd6, 0x79, 0x9c, 0xcb, 0xc8, 0x7f, + 0x7e, 0x35, 0x25, 0xae, 0x95, 0xc1, 0xf5, 0xa5, + 0xfc, 0x4f, 0xe8, 0xa3, 0xd8, 0x4b, 0x06, 0x7e, + 0xec, 0x52, 0x73, 0xe7, 0xbe, 0x14, 0xa3, 0x1f, + 0xa3, 0xd6, 0x1d, 0xf4, 0xcf, 0x4a, 0x23, 0xf3, + 0x2a, 0x04, 0xef, 0x8a, 0x40, 0x46, 0x79, 0x29, + 0x54, 0xa4, 0x65, 0xec, 0xd5, 0xe5, 0x9e, 0x9c, + 0x64, 0xa9, 0x35, 0x71, 0x90, 0xc3, 0x99, 0x12, + 0x65, 0xce, 0x0c, 0x99, 0xd2, 0xdf, 0x4d, 0x17, + 0x4e, 0x53, 0x5d, 0xec, 0x6c, 0x12, 0x3e, 0xa3, + 0x3d, 0x6b, 0xa8, 0x9e, 0x9b, 0xd9, 0x22, 0x27, + 0x75, 0x00, 0x4c, 0x62, 0x04, 0x85, 0x9e, 0x7f, + 0x3a, 0x05, 0x37, 0xc5, 0x59, 0xe6, 0xb7, 0x14, + 0x3d, 0xbd, 0x5e, 0x48, 0x39, 0xcc, 0x68, 0x54, + 0x5d, 0xf2, 0x5c, 0x99, 0x16, 0x17, 0x00, 0xca, + 0x8a, 0xc6, 0x85, 0xe4, 0x24, 0x28, 0x0e, 0xfe, + 0x4e, 0x79, 0x0f, 0xe9, 0x55, 0x70, 0x2b, 0xbe, + 0xaa, 0x0c, 0x48, 0xeb, 0x8c, 0x90, 0xd4, 0xe2, + 0xf1, 0x47, 0xad, 0x14, 0xd7, 0xc6, 0xed, 0xb6, + 0xb5, 0xd7, 0x9d, 0xa9, 0x4b, 0x45, 0x12, 0xa0, + 0x8a, 0x08, 0x64, 0x7a, 0x7d, 0xd6, 0xaf, 0xc1, + 0x73, 0xda, 0xd8, 0x91, 0x1e, 0x06, 0xac, 0x18, + 0x60, 0x38, 0xbe, 0x7c, 0x47, 0x3e, 0x81, 0x04, + 0x14, 0x5e, 0x8e, 0xd4, 0x1d, 0x85, 0xf4, 0xd8, + 0xe3, 0x30, 0xee, 0xe4, 0xab, 0xb7, 0x5c, 0x1e, + 0xce, 0x17, 0x51, 0xd8, 0xa3, 0xfc, 0x2b, 0x8b, + 0x61, 0x16, 0x59, 0x06, 0xe5, 0x7e, 0x06, 0x6b, + 0x0d, 0x3a, 0x95, 0xd7, 0xff, 0x8b, 0x10, 0x7a, + 0xaf, 0x9d, 0x4c, 0xc2, 0xff, 0x8f, 0xd8, 0x51, + 0x62, 0xc8, 0x53, 0x5f, 0xeb, 0x0c, 0x21, 0x0d, + 0x82, 0x98, 0x3b, 0xea, 0xd7, 0x57, 0x6c, 0x6f, + 0x00, 0xbb, 0x34, 0xed, 0x1b, 0x7f, 0x84, 0xd3, + 0xc4, 0x25, 0xa9, 0xcd, 0x1f, 0x4e, 0x7e, 0x42, + 0xe0, 0x46, 0xe2, 0x8d, 0xf1, 0x66, 0x30, 0xb5, + 0xb9, 0x73, 0x61, 0xf1, 0x63, 0x28, 0x2c, 0x3a, + 0xc0, 0x9b, 0xc5, 0x58, 0xb4, 0x83, 0x53, 0x3e, + 0x3b, 0xfe, 0x39, 0xa7, 0x6f, 0x80, 0xf9, 0x56, + 0x6a, 0xcc, 0xa7, 0xd6, 0xf8, 0x35, 0xea, 0x85, + 0xcc, 0x8a, 0x83, 0xc2, 0x5b, 0x95, 0x7e, 0x77, + 0x0a, 0x8d, 0x29, 0x0a, 0xf7, 0xc0, 0x3e, 0x76, + 0xd3, 0xda, 0x0c, 0x3e, 0x1f, 0x0e, 0x22, 0x2b, + 0xa7, 0x1d, 0xf9, 0xc2, 0x3d, 0x3e, 0xcd, 0x8a, + 0xb4, 0xa5, 0xcb, 0x1c, 0x02, 0xc3, 0x8f, 0x32, + 0x6b, 0x61, 0xee, 0x86, 0x20, 0x96, 0xc1, 0x92, + 0x63, 0x10, 0xbd, 0x1e, 0x86, 0xb9, 0x33, 0xf0, + 0x01, 0x66, 0x45, 0x8b, 0x7d, 0x5c, 0x2b, 0x72, + 0xa4, 0xb7, 0xfd, 0xf7, 0x5e, 0x62, 0x9d, 0xe6, + 0x4d, 0x82, 0x22, 0x9b, 0xbf, 0x47, 0x22, 0xf2, + 0x5c, 0x79, 0x6c, 0xa4, 0x21, 0x0a, 0xf0, 0x71, + 0x3b, 0xb3, 0xde, 0x0b, 0x35, 0x38, 0xf8, 0xcc, + 0x1f, 0x13, 0x18, 0x04, 0xb5, 0x29, 0xa2, 0x88, + 0x48, 0x84, 0xfe, 0x28, 0x47, 0x8f, 0xd3, 0x3f, + 0x44, 0x49, 0x3a, 0x00, 0x48, 0x70, 0x01, 0x7e, + 0x7c, 0x2c, 0xa0, 0xa9, 0x64, 0xbe, 0x2f, 0xa3, + 0xde, 0x40, 0x96, 0x12, 0x44, 0xc0, 0x7f, 0x29, + 0x96, 0x84, 0xdd, 0x13, 0x19, 0xcb, 0x3a, 0xaa, + 0xbb, 0x1f, 0x55, 0xe5, 0xb3, 0x02, 0x9f, 0x49, + 0xd9, 0xd3, 0xaa, 0x1b, 0xbf, 0xce, 0xbd, 0xbd, + 0x55, 0xa3, 0x5e, 0x31, 0xb6, 0x42, 0x39, 0x6e, + 0x81, 0x9c, 0xac, 0x84, 0x7f, 0x47, 0x9a, 0x1b, + 0x4f, 0x41, 0x2f, 0x9e, 0x44, 0x25, 0x34, 0xc7, + 0xe5, 0x9d, 0x12, 0xad, 0xf9, 0x94, 0xcc, 0x9d, + 0xd7, 0x15, 0xdc, 0x3d, 0x92, 0xd6, 0x2b, 0xef, + 0x2e, 0xe6, 0x1f, 0x42, 0x3b, 0xee, 0x66, 0xa4, + 0xba, 0x99, 0x03, 0xd7, 0xb6, 0x3a, 0xc3, 0xab, + 0x19, 0x86, 0xfa, 0x88, 0xf0, 0xe1, 0x0b, 0x8d, + 0x1b, 0x29, 0xb0, 0xf2, 0x8c, 0x83, 0x8d, 0x08, + 0x8f, 0x6e, 0x9b, 0xa7, 0xad, 0xc8, 0x7e, 0x49, + 0xeb, 0x01, 0x82, 0x8e, 0xf3, 0x0e, 0x54, 0x23, + 0xd9, 0x94, 0x8b, 0x84, 0x1d, 0xe7, 0x74, 0x1c, + 0xf0, 0xe3, 0xfa, 0x31, 0x97, 0xe0, 0xce, 0x93, + 0xa1, 0x96, 0x7f, 0x5b, 0x79, 0xd8, 0x4c, 0x3e, + 0x35, 0x52, 0x7a, 0xfd, 0x5a, 0xd2, 0x85, 0x12, + 0x89, 0xe7, 0x05, 0x9d, 0x7e, 0x54, 0x81, 0xad, + 0xb5, 0x24, 0x7f, 0x79, 0x82, 0xec, 0xc7, 0x6b, + 0x90, 0x5d, 0x2d, 0xe6, 0x8f, 0x7d, 0x4d, 0xba, + 0xf0, 0x18, 0x34, 0x91, 0x88, 0xb2, 0xfc, 0xb3, + 0x00, 0xe6, 0x5f, 0xa5, 0xa8, 0x33, 0xc7, 0x6a, + 0x58, 0x06, 0xe5, 0x17, 0xd8, 0xb5, 0xe1, 0x00, + 0xe2, 0xf4, 0x47, 0x09, 0xea, 0xe2, 0xb4, 0x58, + 0xed, 0x11, 0xa5, 0xbb, 0x28, 0x62, 0x9b, 0xe7, + 0x89, 0x9f, 0xae, 0x25, 0xbf, 0x0c, 0x67, 0xc2, + 0xd9, 0x87, 0xe2, 0x3e, 0x9b, 0x53, 0x3c, 0x33, + 0x92, 0x2d, 0x81, 0x0d, 0x88, 0x05, 0x0b, 0x73, + 0x5f, 0xfd, 0x10, 0xc0, 0x14, 0xb2, 0x8e, 0xf0, + 0x52, 0x02, 0x2c, 0x22, 0x8b, 0x66, 0x71, 0xf8, + 0x14, 0x04, 0xd4, 0xeb, 0x6b, 0x69, 0x32, 0x3a, + 0xed, 0xd1, 0xcd, 0x74, 0x27, 0xf2, 0xe7, 0x7f, + 0x86, 0xc1, 0x27, 0x17, 0x8b, 0x62, 0x1f, 0xed, + 0x33, 0xc4, 0x94, 0x49, 0x90, 0x09, 0x3c, 0x00, + 0xf6, 0x67, 0x63, 0x7b, 0x03, 0xeb, 0x07, 0x3f, + 0xc2, 0xe2, 0x48, 0xe6, 0x50, 0x67, 0x71, 0xac, + 0xf6, 0x67, 0x3b, 0x5f, 0x82, 0xd3, 0x68, 0x51, + 0x6f, 0x95, 0x4f, 0x17, 0x49, 0x01, 0x5c, 0xaf, + 0xf9, 0xf7, 0xb3, 0xed, 0xa7, 0x5d, 0x79, 0x68, + 0x32, 0x23, 0xd3, 0xc2, 0x00, 0xae, 0x13, 0x39, + 0x09, 0x51, 0x13, 0x70, 0x2f, 0x73, 0x5d, 0xb0, + 0x7c, 0x79, 0xdf, 0x9a, 0xb2, 0x76, 0x87, 0x4d, + 0x21, 0x44, 0xb5, 0xe4, 0x1f, 0x41, 0x5a, 0x13, + 0x03, 0xbd, 0x14, 0x81, 0x22, 0xfa, 0x2e, 0xb4, + 0x8c, 0x0f, 0xd6, 0xa1, 0x7c, 0x28, 0xa5, 0xec, + 0xb1, 0x66, 0x53, 0x45, 0x13, 0xea, 0x7f, 0x9c, + 0x50, 0x5e, 0x32, 0x5a, 0xef, 0xb6, 0xb4, 0xde, + 0x82, 0xa5, 0xb6, 0xc3, 0xb1, 0xdc, 0x7a, 0xd8, + 0xad, 0xf6, 0x67, 0x94, 0x41, 0x8b, 0x6d, 0x2c, + 0x2b, 0xdc, 0x60, 0xbe, 0xf3, 0x06, 0x55, 0x26, + 0x5c, 0x08, 0x71, 0x41, 0x79, 0xe2, 0x74, 0x11, + 0x6b, 0x89, 0xc6, 0xd2, 0x58, 0xee, 0xd5, 0xc2, + 0x9e, 0x9d, 0x2f, 0xd8, 0x16, 0x4f, 0xd6, 0x68, + 0xcb, 0x55, 0xf2, 0x2a, 0x00, 0xc0, 0x3e, 0x59, + 0x61, 0x60, 0xb3, 0x7e, 0xad, 0x9b, 0x8f, 0x27, + 0xb7, 0xfb, 0x4b, 0x02, 0xe7, 0x62, 0xda, 0x2b, + 0x9c, 0xcd, 0x02, 0xa6, 0xe8, 0x51, 0x6a, 0xa9, + 0xa1, 0xcc, 0x21, 0x7e, 0x96, 0x47, 0x24, 0x14, + 0x83, 0xe2, 0x43, 0xe4, 0xdd, 0x0d, 0x9b, 0x4c, + 0x8e, 0x45, 0x63, 0x28, 0xd0, 0xe9, 0x02, 0xcc, + 0x29, 0x27, 0x4f, 0xa7, 0xa7, 0x42, 0xb4, 0xb8, + 0x58, 0xf2, 0xfe, 0x20, 0xaa, 0x6f, 0x61, 0x25, + 0x89, 0x1a, 0x1a, 0x6d, 0xd7, 0x13, 0x27, 0xf9, + 0xb8, 0x78, 0x90, 0xa8, 0x12, 0x09, 0x96, 0xc8, + 0x70, 0xa4, 0xe3, 0xb0, 0x82, 0xe1, 0xbe, 0x01, + 0xfa, 0x71, 0x79, 0x6e, 0x9c, 0xc3, 0x49, 0x96, + 0x3c, 0x62, 0xa3, 0xae, 0xcb, 0xe8, 0x0d, 0x08, + 0x86, 0x1c, 0x6e, 0x84, 0x70, 0x03, 0xf6, 0x7b, + 0x91, 0x12, 0x44, 0x96, 0xb6, 0xf0, 0xe6, 0xca, + 0xd7, 0x3c, 0x7a, 0x3d, 0xc9, 0xcd, 0xc3, 0x90, + 0xab, 0x5f, 0x75, 0xe8, 0x50, 0x20, 0xf5, 0xed, + 0xed, 0xd0, 0x7a, 0xa1, 0x20, 0x5c, 0x37, 0x26, + 0x17, 0xb8, 0xa2, 0x9e, 0xe9, 0x4a, 0xbe, 0xd9, + 0x09, 0x27, 0xd3, 0x86, 0xdd, 0x2b, 0x03, 0x53, + 0xbf, 0xe0, 0x0e, 0xb3, 0x83, 0xbd, 0xe2, 0x73, + 0x4c, 0x1d, 0x09, 0x12, 0xbe, 0x51, 0x54, 0x8f, + 0xdb, 0xfa, 0x9d, 0x9f, 0xad, 0xe9, 0xac, 0x50, + 0x09, 0xbf, 0x1d, 0x62, 0x8d, 0x35, 0x18, 0x98, + 0x09, 0x6e, 0x8a, 0x95, 0xb6, 0x09, 0x1f, 0x1f, + 0x08, 0xd2, 0xe9, 0x63, 0xac, 0x3c, 0x7e, 0xde, + 0xff, 0xbd, 0x9e, 0xc1, 0x9c, 0x67, 0xcd, 0x67, + 0x39, 0xaa, 0x99, 0xb3, 0xec, 0xb9, 0xd0, 0x33, + 0x7a, 0x9b, 0x0a, 0x6d, 0x27, 0xe3, 0x37, 0xb0, + 0xb2, 0x39, 0x3e, 0x7a, 0x08, 0xc6, 0x57, 0xae, + 0xed, 0xeb, 0x83, 0xb1, 0x93, 0x4e, 0xd4, 0x82, + 0x79, 0x24, 0xf3, 0x70, 0x1b, 0x56, 0x9e, 0x5d, + 0x31, 0x11, 0x3a, 0x4c, 0xb5, 0x9f, 0xfe, 0x41, + 0x5f, 0x2f, 0x7f, 0x60, 0x72, 0x34, 0xbb, 0xa0, + 0xea, 0x54, 0x89, 0x59, 0xf6, 0x75, 0x18, 0x6e, + 0x33, 0xc5, 0xe8, 0x1d, 0xae, 0x0a, 0x40, 0x31, + 0x3d, 0xa5, 0x4e, 0x24, 0x6f, 0x8a, 0x2d, 0x77, + 0x70, 0xe2, 0xc9, 0x21, 0x82, 0x5d, 0x79, 0xb8, + 0xe7, 0xcf, 0x16, 0xd0, 0xdd, 0x1a, 0x43, 0x5b, + 0x21, 0x8b, 0x77, 0x9d, 0x72, 0x35, 0xd8, 0x35, + 0xcc, 0xbc, 0xb0, 0xf0, 0xeb, 0x79, 0x26, 0xe4, + 0xbf, 0xce, 0x37, 0x31, 0xe5, 0x1a, 0xf1, 0x6c, + 0xad, 0xae, 0xca, 0x7c, 0xe3, 0x62, 0x23, 0xcb, + 0x94, 0x43, 0xe3, 0x2d, 0xe4, 0x26, 0xef, 0xe8, + 0xb1, 0xe0, 0x7b, 0xe2, 0x81, 0x39, 0xa3, 0xb3, + 0x4b, 0x1b, 0x0e, 0xfb, 0x0f, 0xc7, 0xb5, 0x5f, + 0x56, 0x0d, 0xfb, 0x22, 0x05, 0xc2, 0xe0, 0x67, + 0xfb, 0x82, 0xe2, 0x94, 0x62, 0x64, 0xa0, 0x5e, + 0xa7, 0xaa, 0xf5, 0x25, 0xba, 0x20, 0x71, 0xb7, + 0xd1, 0xf0, 0x3a, 0xe6, 0xe1, 0x79, 0x14, 0xc3, + 0x36, 0x0c, 0xd3, 0x25, 0xee, 0x57, 0x67, 0xdc, + 0x7f, 0x6b, 0x27, 0x6e, 0x97, 0x50, 0xc8, 0x31, + 0x44, 0x2a, 0x04, 0x14, 0x3e, 0xd8, 0xfa, 0xed, + 0x4c, 0xa8, 0x29, 0x28, 0xe7, 0xae, 0x27, 0x57, + 0x89, 0x5a, 0x83, 0x18, 0x7e, 0x37, 0x0f, 0xfa, + 0x1e, 0x94, 0x6c, 0x18, 0xca, 0x6a, 0x2c, 0x75, + 0x35, 0x6b, 0x6a, 0x7a, 0x61, 0xcf, 0x6b, 0x6c, + 0x40, 0x21, 0x8a, 0x6b, 0xd5, 0x92, 0xf8, 0x90, + 0x4c, 0x8b, 0xbb, 0x48, 0x1d, 0x54, 0x51, 0xe0, + 0x4a, 0x62, 0x6a, 0x73, 0x32, 0xb2, 0xf9, 0x52, + 0x3d, 0x0b, 0xe7, 0xf1, 0x72, 0x75, 0x9d, 0x7f, + 0xf1, 0xf8, 0xb0, 0x9f, 0x1b, 0x71, 0x4c, 0x4e, + 0x55, 0xac, 0x5f, 0x12, 0x4e, 0xf8, 0x2e, 0x02, + 0xae, 0xad, 0xd7, 0x2f, 0x47, 0x70, 0x7c, 0x8e, + 0x5f, 0x6d, 0xdf, 0x32, 0x37, 0xc9, 0x96, 0x32, + 0x69, 0x8e, 0x94, 0x2a, 0xc8, 0x9a, 0x00, 0x2d, + 0x57, 0xec, 0x53, 0x9c, 0x8b, 0x8f, 0x84, 0x6c, + 0xc1, 0x35, 0xc8, 0x9b, 0x36, 0x1c, 0x55, 0x54, + 0xaf, 0xfd, 0x99, 0x50, 0x10, 0x9e, 0x80, 0xd3, + 0xd6, 0xfa, 0x6f, 0x89, 0x0a, 0xad, 0xdf, 0x97, + 0x3e, 0xae, 0x85, 0xb9, 0xe9, 0x36, 0xc2, 0x6a, + 0x62, 0xee, 0xd4, 0xf0, 0x1f, 0x76, 0x97, 0x4b, + 0xec, 0x8c, 0xb4, 0x93, 0x3e, 0x29, 0xe1, 0x02, + 0xdd, 0x4f, 0x93, 0xcf, 0xee, 0x4a, 0xfc, 0x9d, + 0xbd, 0xc0, 0xc7, 0xa5, 0xf1, 0x18, 0x02, 0xbb, + 0xd9, 0xda, 0xda, 0x75, 0x57, 0x42, 0xc1, 0x6e, + 0x7e, 0x2e, 0x4a, 0xa7, 0xdc, 0x30, 0xe6, 0x8b, + 0x7b, 0xd9, 0x96, 0x90, 0x30, 0x59, 0xe9, 0x8f, + 0xc7, 0xdf, 0xdb, 0xe4, 0x1a, 0x95, 0xda, 0xc6, + 0x12, 0x5c, 0x9f, 0x8e, 0xf1, 0x5b, 0xf0, 0xda, + 0xde, 0xe3, 0xad, 0xba, 0x32, 0x9a, 0xbf, 0x21, + 0xda, 0xae, 0x97, 0x3b, 0x7c, 0xc8, 0x6d, 0x25, + 0x43, 0xdc, 0x5d, 0xf6, 0xf7, 0xf5, 0xb4, 0xde, + 0x93, 0x0d, 0xef, 0x05, 0x8b, 0xcd, 0xf4, 0x03, + 0xcd, 0x00, 0x22, 0x6a, 0xd0, 0x3c, 0x50, 0x76, + 0x60, 0x3a, 0x40, 0x3c, 0x8d, 0xc8, 0xa3, 0x6d, + 0x0e, 0x1e, 0x61, 0xb8, 0x28, 0x12, 0x6e, 0x53, + 0xbf, 0xbd, 0x64, 0x81, 0x9c, 0x7e, 0x37, 0xc4, + 0x3b, 0x40, 0xa6, 0x99, 0x2a, 0x9c, 0xe1, 0xcc, + 0x95, 0xd6, 0x83, 0x49, 0x4d, 0x30, 0x85, 0xa4, + 0xbb, 0x1c, 0xed, 0xca, 0xa8, 0xf8, 0x96, 0x48, + 0x42, 0x98, 0xde, 0x14, 0x4a, 0x46, 0x16, 0x3d, + 0xd1, 0xb7, 0x14, 0xb2, 0x0a, 0xb1, 0x98, 0x5c, + 0x1e, 0xa4, 0xc4, 0x51, 0x70, 0xd8, 0x57, 0x14, + 0x41, 0x8f, 0x32, 0xf1, 0xb6, 0x9d, 0xcc, 0xce, + 0x3f, 0x5d, 0xcf, 0x4e, 0x4b, 0xcc, 0x81, 0xba, + 0x17, 0x68, 0xa8, 0xed, 0xfc, 0xad, 0xd8, 0xc1, + 0xd3, 0x52, 0xd7, 0xe9, 0x04, 0x1b, 0xca, 0xe8, + 0x21, 0x66, 0xac, 0x45, 0x3f, 0x58, 0x7f, 0xaf, + 0x06, 0x5d, 0x1a, 0xe1, 0x06, 0xe2, 0xbd, 0x7d, + 0xcc, 0x96, 0x3a, 0xef, 0xde, 0x83, 0xe5, 0xb3, + 0x74, 0x40, 0x42, 0xca, 0x28, 0xbb, 0xa7, 0xbf, + 0x6c, 0x3a, 0x6b, 0x9d, 0xf5, 0x93, 0xdd, 0x09, + 0x49, 0xdf, 0xb2, 0xc9, 0x01, 0x59, 0xf2, 0x50, + 0x00, 0x99, 0xe0, 0x88, 0x3d, 0x1a, 0x45, 0x9e, + 0x62, 0xa7, 0x1e, 0xcb, 0x91, 0x65, 0x4b, 0x79, + 0x7f, 0x0d, 0xb1, 0xb0, 0x35, 0xaa, 0x27, 0xaa, + 0xaa, 0x76, 0x00, 0x59, 0xf2, 0xe5, 0x4f, 0x69, + 0x38, 0x00, 0x6c, 0xfd, 0xcf, 0x12, 0x43, 0x6a, + 0x6b, 0x75, 0x10, 0x5a, 0x8b, 0x34, 0x68, 0xb7, + 0x5a, 0xca, 0x41, 0x34, 0x51, 0x0e, 0x64, 0x11, + 0x0e, 0x78, 0xdf, 0x1d, 0x15, 0xd9, 0xd2, 0x8c, + 0x60, 0xae, 0x52, 0x76, 0x34, 0x4e, 0xf3, 0x54, + 0x72, 0x70, 0x04, 0xdf, 0xd3, 0x0a, 0xe6, 0xa4, + 0x80, 0x18, 0x46, 0x1f, 0x56, 0xb2, 0x5c, 0x57, + 0x8a, 0x35, 0x96, 0xd4, 0x42, 0x28, 0xd1, 0x01, + 0x28, 0xf6, 0x1a, 0xa6, 0x05, 0x79, 0xe4, 0xf3, + 0x4e, 0xd8, 0xb2, 0x88, 0xa5, 0x15, 0xdf, 0x0a, + 0xea, 0x48, 0x0b, 0x81, 0x9d, 0xa6, 0xe2, 0xc6, + 0x18, 0xa2, 0xc6, 0xc6, 0x1f, 0x19, 0x08, 0xb8, + 0x3f, 0x90, 0xfd, 0xe1, 0x07, 0x0c, 0x4d, 0xdf, + 0x72, 0x4d, 0xf9, 0xa8, 0xe8, 0x19, 0x57, 0x45, + 0xd3, 0x81, 0xb0, 0xc6, 0x53, 0x7d, 0xc3, 0xfc, + 0x82, 0xee, 0xb0, 0x00, 0x11, 0x5b, 0xf7, 0x60, + 0x51, 0x37, 0x6c, 0xca, 0x6a, 0x83, 0xbf, 0xea, + 0x75, 0x95, 0x9e, 0xf0, 0x19, 0x5d, 0x25, 0x45, + 0x97, 0xf4, 0x1b, 0x89, 0x4c, 0x19, 0xc0, 0x98, + 0xb4, 0x9d, 0xb9, 0xa4, 0xab, 0x24, 0x55, 0xc9, + 0x7a, 0x49, 0x5b, 0x8b, 0x8c, 0xd1, 0x48, 0x9f, + 0xae, 0x0a, 0x5e, 0x95, 0x2d, 0x10, 0x2d, 0x3e, + 0x82, 0x07, 0x45, 0x0b, 0x16, 0x2d, 0xe2, 0xa9, + 0x4c, 0x8d, 0x93, 0xc9, 0x18, 0x87, 0xab, 0x5d, + 0x29, 0xa2, 0x77, 0x44, 0xee, 0x65, 0xce, 0x4b, + 0x3a, 0x78, 0xbd, 0x9c, 0xd2, 0x37, 0x30, 0x0a, + 0xaf, 0xc5, 0x74, 0x38, 0xf8, 0x2d, 0x51, 0x51, + 0xa0, 0x6c, 0xe8, 0x52, 0x18, 0x3a, 0x4c, 0x3c, + 0xf9, 0x38, 0x40, 0xa7, 0x8c, 0x81, 0x64, 0x40, + 0xd2, 0xcc, 0xc2, 0x06, 0x97, 0x01, 0x2e, 0xaf, + 0x64, 0xcf, 0xe6, 0x5a, 0x0b, 0x1b, 0x93, 0x15, + 0x31, 0xa5, 0xf7, 0x2a, 0xef, 0x0d, 0x9e, 0x42, + 0x82, 0x81, 0x41, 0xce, 0x8e, 0xbc, 0x9c, 0x6c, + 0xb2, 0x32, 0xf9, 0x99, 0xcf, 0x5a, 0x24, 0x5d, + 0x9a, 0x7e, 0xe9, 0xa1, 0x59, 0x19, 0xaa, 0x08, + 0x86, 0x49, 0x4a, 0x59, 0x0b, 0x82, 0x4a, 0xf9, + 0x89, 0x1a, 0x2e, 0xe5, 0x57, 0x50, 0x20, 0x2c, + 0xac, 0x99, 0x39, 0xde, 0x0b, 0x9e, 0x69, 0x47, + 0xa6, 0x3d, 0x03, 0x4f, 0xb2, 0x61, 0x4d, 0xe8, + 0x2d, 0x0b, 0x86, 0x7a, 0x25, 0x1d, 0x0c, 0x59, + 0x25, 0x44, 0xbc, 0xc9, 0x08, 0x9b, 0x8f, 0xa5, + 0x2b, 0xfc, 0x80, 0xd5, 0xc3, 0x3f, 0x47, 0x2a, + 0xa7, 0xda, 0xfe, 0x40, 0xa8, 0x06, 0x46, 0x24, + 0xda, 0x84, 0xa0, 0x3e, 0x4c, 0x2b, 0x03, 0x81, + 0x90, 0x4e, 0x72, 0x27, 0x96, 0x76, 0xe4, 0x52, + 0xd1, 0xb9, 0x57, 0xab, 0x62, 0x17, 0x28, 0xca, + 0x08, 0x2c, 0x8b, 0x13, 0x7e, 0x1e, 0x41, 0xfa, + 0x5c, 0x33, 0x12, 0x4d, 0xc5, 0x91, 0x40, 0xba, + 0x96, 0x10, 0x87, 0xfa, 0xee, 0xb8, 0xff, 0x09, + 0x85, 0x46, 0x00, 0xe9, 0x4d, 0x08, 0xb6, 0x19, + 0x73, 0xc0, 0x5e, 0x35, 0xf7, 0x4a, 0x2e, 0x7f, + 0x26, 0xe8, 0xdd, 0x26, 0x33, 0x0b, 0xa0, 0xb5, + 0x3d, 0xf6, 0x04, 0xfb, 0x11, 0x4f, 0x78, 0x4f, + 0x5b, 0xa5, 0xaf, 0xc5, 0x5b, 0xab, 0x54, 0x35, + 0x63, 0x25, 0xd1, 0x66, 0x3b, 0x8f, 0x78, 0x3d, + 0x59, 0x19, 0xf2, 0x15, 0xd4, 0xa4, 0xd3, 0x77, + 0x50, 0x8c, 0x70, 0x52, 0x30, 0x63, 0xd6, 0x4f, + 0x88, 0x92, 0x79, 0x31, 0xa7, 0xbe, 0x09, 0xf2, + 0xb8, 0x41, 0x22, 0x37, 0x86, 0xd5, 0xf0, 0x81, + 0x75, 0x03, 0xca, 0x09, 0x98, 0x45, 0xae, 0xf7, + 0x60, 0x4e, 0x5f, 0xf4, 0xc3, 0xc2, 0xfc, 0xde, + 0x23, 0x22, 0xc4, 0x28, 0xe2, 0x0c, 0x6c, 0xb9, + 0x45, 0xd9, 0x19, 0x64, 0xab, 0xff, 0x20, 0x7f, + 0xe2, 0xee, 0x3f, 0xd1, 0x90, 0xf5, 0xad, 0xb8, + 0xc9, 0xa8, 0xe3, 0xf9, 0x56, 0x08, 0x4a, 0x77, + 0x6d, 0x9d, 0x87, 0xcd, 0xb6, 0x13, 0x38, 0x2b, + 0x23, 0x66, 0xbf, 0x12, 0x7e, 0xe7, 0x8a, 0xc8, + 0x4a, 0x45, 0xf3, 0xfa, 0xbe, 0xc8, 0x67, 0x16, + 0x3d, 0xb6, 0x0b, 0x61, 0x48, 0xb4, 0x44, 0xfa, + 0xbd, 0x50, 0x93, 0x0e, 0x93, 0x90, 0x42, 0xb3, + 0x3d, 0x9e, 0xf1, 0xc7, 0x57, 0x5b, 0x22, 0x38, + 0x11, 0xc5, 0x9f, 0x58, 0x5d, 0xd9, 0x17, 0x42, + 0xae, 0xa7, 0xec, 0xdc, 0xde, 0xa7, 0xce, 0x39, + 0x73, 0x75, 0xcc, 0x50, 0x94, 0xfb, 0x3c, 0x57, + 0xd8, 0xba, 0xaa, 0x8d, 0xc4, 0x90, 0x81, 0x09, + 0x74, 0x91, 0x08, 0xab, 0xb4, 0x2b, 0xf4, 0xa8, + 0xe3, 0xe1, 0xa1, 0x76, 0x88, 0x32, 0x8f, 0xbe, + 0xfe, 0x87, 0x08, 0x8c, 0x39, 0x77, 0x3f, 0x35, + 0x53, 0x1e, 0x9d, 0xda, 0x64, 0xb6, 0x17, 0x65, + 0xcf, 0xfc, 0xc9, 0xf6, 0x9b, 0xd7, 0xf0, 0x26, + 0x67, 0xbc, 0xa1, 0x04, 0x5c, 0x41, 0xf1, 0xf3, + 0xcb, 0xb8, 0x90, 0x09, 0x80, 0x53, 0xb3, 0xca, + 0x2a, 0xa1, 0x8c, 0xd5, 0xbf, 0xa5, 0xab, 0xea, + 0xab, 0x41, 0xb4, 0x98, 0x8f, 0xd4, 0x3a, 0x28, + 0x1b, 0x6d, 0x27, 0x5a, 0xbc, 0x0f, 0x57, 0x5f, + 0x26, 0x13, 0xf8, 0x7c, 0x3c, 0xdf, 0x72, 0xd2, + 0xc8, 0xab, 0xfa, 0xd5, 0xa7, 0x3c, 0x00, 0x3e, + 0x79, 0x3c, 0xf0, 0x15, 0x3a, 0x16, 0x7f, 0x7e, + 0xca, 0xfa, 0x59, 0x27, 0x70, 0x81, 0xbf, 0xdb, + 0x68, 0xc0, 0xd3, 0x73, 0x40, 0x7c, 0x01, 0xf4, + 0xaf, 0x95, 0x73, 0x6f, 0x02, 0xab, 0x0b, 0x61, + 0x2c, 0xd2, 0xa5, 0x64, 0x65, 0xba, 0x6c, 0xec, + 0xc4, 0xc3, 0x5c, 0x67, 0xba, 0x80, 0xdc, 0x99, + 0x2e, 0xfd, 0x55, 0xfd, 0xb2, 0x47, 0x5b, 0xa5, + 0xa8, 0x7d, 0x71, 0x20, 0x03, 0x1d, 0xda, 0x01, + 0x9e, 0x4a, 0x8e, 0xdc, 0xe4, 0xe1, 0xef, 0x6c, + 0x33, 0xca, 0x15, 0x6b, 0x0d, 0x37, 0xec, 0x76, + 0xa6, 0xb4, 0x41, 0x78, 0x2d, 0x98, 0xfa, 0x52, + 0x48, 0x5b, 0x76, 0x3f, 0x6f, 0x69, 0xa8, 0x0b, + 0xeb, 0x2b, 0x08, 0xab, 0x78, 0x13, 0x28, 0x18, + 0xb3, 0x29, 0xc9, 0x92, 0x46, 0x74, 0x10, 0xf0, + 0xd9, 0x8e, 0x75, 0x16, 0x2e, 0x47, 0x42, 0x9c, + 0xb0, 0x69, 0x42, 0x50, 0x39, 0x05, 0xda, 0x9e, + 0x09, 0xad, 0x0a, 0xb0, 0xf7, 0xd1, 0xb5, 0x79, + 0xff, 0x48, 0x92, 0xfc, 0x1e, 0x0e, 0xfe, 0x7b, + 0xa9, 0x2a, 0xbb, 0x6e, 0x9d, 0x75, 0xa7, 0x1d, + 0xaf, 0x4a, 0x2b, 0x9b, 0xb0, 0x2d, 0xb2, 0x17, + 0x1c, 0xad, 0x3f, 0xc7, 0xb4, 0x05, 0x0e, 0xe6, + 0xec, 0x59, 0xb0, 0x0d, 0x6e, 0xc0, 0x4d, 0xb4, + 0x4c, 0xe0, 0x48, 0xee, 0xeb, 0x34, 0x0a, 0x8b, + 0xe4, 0x8e, 0xce, 0xad, 0xac, 0x39, 0xf4, 0xa9, + 0x95, 0xf9, 0x8e, 0xb8, 0x21, 0x0d, 0xe0, 0x46, + 0xcc, 0x1c, 0x82, 0x4d, 0x12, 0x79, 0xc4, 0xf3, + 0xc1, 0x08, 0x81, 0xf9, 0xc5, 0x8b, 0x6f, 0x79, + 0xc1, 0xfd, 0x81, 0x6f, 0x66, 0x1a, 0x26, 0x7a, + 0x94, 0x56, 0x38, 0x1c, 0x47, 0x75, 0x74, 0xa1, + 0x63, 0x5a, 0x4c, 0x2f, 0x29, 0x47, 0x86, 0x0a, + 0x2d, 0x8e, 0xbc, 0x01, 0x1a, 0xf0, 0x58, 0xa9, + 0xaa, 0xbd, 0x89, 0xeb, 0x0d, 0xf0, 0x5d, 0x0c, + 0x65, 0xb5, 0x43, 0x93, 0x8d, 0x49, 0x5d, 0xe8, + 0x69, 0x7d, 0x71, 0xfb, 0xb7, 0xfa, 0x7e, 0x42, + 0x71, 0x8e, 0x68, 0x94, 0xcb, 0xe3, 0x8f, 0x28, + 0xfc, 0x4b, 0xea, 0x1a, 0xbc, 0x7c, 0x5d, 0x28, + 0xc2, 0xdc, 0x88, 0xbb, 0x91, 0xd5, 0x14, 0x2f, + 0xa9, 0x89, 0x6b, 0xe2, 0xfa, 0x55, 0x3e, 0xd6, + 0xe2, 0xbc, 0x4a, 0x0b, 0x9c, 0xc0, 0x59, 0xfb, + 0xc8, 0xb7, 0x98, 0xef, 0x63, 0x6d, 0x2b, 0xb2, + 0x7e, 0x8e, 0x31, 0x82, 0x98, 0x91, 0x26, 0x81, + 0x56, 0x27, 0x80, 0x29, 0x63, 0xa5, 0xa8, 0x59, + 0x31, 0x20, 0x98, 0x12, 0x13, 0xc8, 0x4e, 0xac, + 0x98, 0xac, 0x26, 0xe7, 0x7e, 0x37, 0x4d, 0x18, + 0x29, 0xd4, 0x13, 0x66, 0x4b, 0xd3, 0x4c, 0x74, + 0x08, 0x8d, 0x34, 0x65, 0xfe, 0x80, 0x7e, 0xe4, + 0x3d, 0x25, 0x86, 0xf7, 0xf3, 0xb8, 0xbf, 0x22, + 0x92, 0x5f, 0x21, 0xc2, 0xbe, 0x92, 0x22, 0x52, + 0xac, 0x27, 0xc0, 0xf7, 0xa9, 0xbc, 0xa8, 0xea, + 0xda, 0x9f, 0xf2, 0xb9, 0x4c, 0xf6, 0x8a, 0x6e, + 0xb9, 0xa6, 0x4b, 0x05, 0xd6, 0xf4, 0x5f, 0x48, + 0xcd, 0xbf, 0xfb, 0x55, 0xd2, 0x2f, 0x15, 0x7b, + 0x3d, 0x61, 0x88, 0xcf, 0x32, 0x3f, 0xc2, 0x45, + 0x34, 0x3a, 0xb6, 0xbe, 0xef, 0x6d, 0xa2, 0x29, + 0xe6, 0xb4, 0x49, 0x1a, 0xea, 0xe7, 0x80, 0xee, + 0x15, 0xcf, 0xc1, 0x1c, 0xd3, 0x1b, 0x88, 0x6b, + 0xd8, 0x84, 0x33, 0x05, 0xf4, 0xeb, 0xd9, 0x74, + 0x19, 0x81, 0x1e, 0xe6, 0x06, 0xe5, 0x20, 0x67, + 0x00, 0x10, 0x1c, 0x65, 0x8a, 0x9a, 0xd2, 0xd8, + 0xeb, 0xff, 0x2b, 0x53, 0x6a, 0x91, 0xc7, 0xd1, + 0x16, 0x2c, 0x48, 0x92, 0xb2, 0xbd, 0xe4, 0x08, + 0x3e, 0x90, 0xd8, 0xf4, 0x14, 0x37, 0x38, 0x64, + 0x81, 0xb7, 0x0f, 0x4e, 0x5d, 0x78, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0a, + 0x10, 0x17, 0x1c, 0x22, 0x26 + }; + /* Signature for context from gist record 1 (ctxLen=33), 3309 bytes */ + static const byte sig_65_ctx33[] = { + 0x10, 0x44, 0x31, 0xe7, 0x50, 0xdb, 0xef, 0x67, + 0xf5, 0x2d, 0xa2, 0xab, 0x2d, 0x0f, 0x2d, 0xa3, + 0x32, 0x94, 0x27, 0x77, 0x42, 0xb6, 0x9d, 0xda, + 0x7d, 0x66, 0x82, 0xc8, 0x6c, 0xf8, 0x23, 0x5e, + 0x6a, 0x61, 0x87, 0x3f, 0x18, 0xab, 0xf9, 0xa2, + 0xc8, 0xc7, 0xd9, 0x51, 0x86, 0xb3, 0x2f, 0xb8, + 0xac, 0x5d, 0xbf, 0x7b, 0x0a, 0x6c, 0xd8, 0x29, + 0x8b, 0x6e, 0x94, 0xea, 0x27, 0x54, 0x90, 0x35, + 0x55, 0x5f, 0xb1, 0x26, 0xfb, 0x74, 0xb7, 0x07, + 0x7c, 0xb1, 0x6a, 0xa7, 0xa6, 0xcd, 0xa5, 0xfd, + 0x8c, 0xc2, 0x50, 0x51, 0x6c, 0xe7, 0x24, 0xd3, + 0xa4, 0x22, 0xda, 0xec, 0x2b, 0xec, 0xce, 0xae, + 0x02, 0x68, 0x74, 0xed, 0x60, 0xf9, 0x8f, 0xb5, + 0x5b, 0xdd, 0x1b, 0xe0, 0x6f, 0x9e, 0xb6, 0x28, + 0x7f, 0xe4, 0xb5, 0x3b, 0xbe, 0x28, 0xb6, 0x1f, + 0xf4, 0x00, 0xc7, 0xb9, 0x9a, 0xba, 0xd4, 0xa8, + 0x4c, 0x72, 0xfc, 0xd2, 0x5f, 0x1f, 0x54, 0x4f, + 0xb6, 0x08, 0xbc, 0xe7, 0xf0, 0xb1, 0xc6, 0xa9, + 0x04, 0xad, 0xe1, 0xdc, 0x71, 0x2b, 0x66, 0xec, + 0x6c, 0xfe, 0x9f, 0x80, 0xdd, 0xfe, 0xdd, 0xa2, + 0x39, 0x20, 0x1f, 0x80, 0xb4, 0x8b, 0xe0, 0xb0, + 0x7d, 0xf0, 0x3e, 0x32, 0x25, 0x94, 0x44, 0x97, + 0x71, 0xb4, 0x9a, 0x01, 0x11, 0x78, 0xcf, 0xf6, + 0x0c, 0x13, 0x13, 0x6f, 0x3f, 0x25, 0xc8, 0x09, + 0x32, 0x44, 0x06, 0x1a, 0xd0, 0xce, 0x94, 0x83, + 0x80, 0xa9, 0xfc, 0xc2, 0x23, 0x67, 0xfb, 0x55, + 0xdd, 0x33, 0x6d, 0x82, 0xa8, 0x15, 0x8e, 0xc7, + 0x58, 0x22, 0xad, 0xbf, 0x9d, 0x1f, 0x57, 0x81, + 0xe1, 0x81, 0x62, 0x29, 0x37, 0xc7, 0xfb, 0x9b, + 0xae, 0x06, 0x6c, 0x15, 0x9c, 0x49, 0xcd, 0x49, + 0xc3, 0xc1, 0xb7, 0xe9, 0xf7, 0x1c, 0x46, 0x23, + 0xa8, 0xc3, 0xbb, 0xc9, 0x4a, 0xc4, 0xc6, 0x8f, + 0x09, 0xa1, 0x49, 0x8b, 0xba, 0x49, 0xfa, 0x1c, + 0x62, 0x4b, 0x3e, 0x33, 0x8f, 0x66, 0x18, 0x23, + 0xf4, 0xa7, 0x94, 0xc8, 0x04, 0xe9, 0x7d, 0x90, + 0xf1, 0xa9, 0x6b, 0x55, 0xcb, 0x92, 0xb3, 0xf0, + 0x2b, 0x21, 0xc0, 0xb3, 0xc4, 0xba, 0xc7, 0x12, + 0xe7, 0x2e, 0x48, 0xda, 0x18, 0xf9, 0x31, 0xb8, + 0xc0, 0x85, 0x55, 0xb6, 0x18, 0x37, 0xc6, 0x29, + 0x24, 0x37, 0x86, 0x29, 0xe4, 0x48, 0x31, 0x54, + 0xb2, 0x87, 0x57, 0x62, 0x7d, 0xee, 0xde, 0x01, + 0xe0, 0x75, 0x04, 0x3a, 0x28, 0xb3, 0x4c, 0x7d, + 0x28, 0xfd, 0x3c, 0x75, 0x96, 0x74, 0xaf, 0xd1, + 0x25, 0x5b, 0x4a, 0xb8, 0x44, 0xce, 0xdb, 0x00, + 0xf1, 0x86, 0x64, 0xff, 0xb0, 0x0e, 0x3e, 0x2b, + 0x08, 0x27, 0x20, 0x19, 0xa4, 0x81, 0x94, 0x44, + 0x1d, 0xee, 0x20, 0xe6, 0xa8, 0x8f, 0x8f, 0x69, + 0xa9, 0x3e, 0x70, 0x00, 0x1b, 0x58, 0xe8, 0x59, + 0x5b, 0xf3, 0x72, 0xd2, 0xd4, 0x1a, 0x31, 0x88, + 0xec, 0x73, 0x92, 0x26, 0xb0, 0x85, 0x97, 0xa4, + 0xbf, 0x05, 0xa1, 0x6e, 0xc9, 0xd1, 0xb8, 0x75, + 0xd1, 0x61, 0x40, 0x63, 0x6a, 0x22, 0x06, 0xff, + 0x1f, 0x3a, 0x37, 0x57, 0x87, 0xe9, 0x07, 0x1a, + 0xd8, 0x15, 0x04, 0xd4, 0x7f, 0x3c, 0xfb, 0x35, + 0x46, 0x69, 0x37, 0xbb, 0x95, 0xe4, 0x36, 0x4e, + 0x8f, 0x48, 0x48, 0x43, 0xdc, 0x8b, 0xe5, 0xea, + 0x3e, 0x09, 0x7b, 0xf0, 0xd2, 0x1d, 0x2a, 0x76, + 0x97, 0xbd, 0x2c, 0xca, 0x81, 0x5e, 0xdd, 0x69, + 0x98, 0xc6, 0x1b, 0xcc, 0xee, 0xb0, 0x62, 0x57, + 0x03, 0x2e, 0x35, 0x15, 0x51, 0x60, 0x7f, 0x0b, + 0xd4, 0x8d, 0xa2, 0xf6, 0xc2, 0x24, 0xc7, 0xfb, + 0xb8, 0xb6, 0xa4, 0xc3, 0x5c, 0x6c, 0x51, 0x72, + 0x9e, 0xbf, 0x60, 0x33, 0x56, 0x1e, 0x70, 0xd1, + 0x36, 0x22, 0xb1, 0x6e, 0xbf, 0x11, 0x1a, 0xd6, + 0x2e, 0x91, 0xd0, 0x7a, 0x61, 0x7a, 0x9b, 0x8c, + 0x95, 0xa9, 0x88, 0x7d, 0x63, 0xfd, 0x02, 0x86, + 0xc0, 0xf1, 0x99, 0xd7, 0xaa, 0x02, 0xad, 0x3d, + 0x50, 0xd6, 0x01, 0xbf, 0x38, 0x7c, 0xd5, 0x1a, + 0x64, 0x79, 0xb2, 0xf7, 0xd5, 0xe7, 0x9f, 0x7f, + 0x9e, 0xc5, 0x3c, 0x5b, 0x1a, 0x35, 0xb2, 0xf6, + 0xa2, 0xb2, 0xcb, 0x2c, 0x49, 0x6f, 0xaa, 0x80, + 0x08, 0xb7, 0x60, 0xc9, 0x1a, 0xda, 0xf5, 0x7a, + 0x4b, 0x09, 0x2b, 0xff, 0xce, 0x52, 0x2f, 0xe0, + 0x4c, 0xd1, 0xbe, 0x16, 0x57, 0xc6, 0x13, 0x3b, + 0x3c, 0x67, 0xbd, 0x0f, 0xfa, 0x03, 0xdd, 0xe4, + 0x3c, 0xcb, 0xca, 0xc4, 0x4a, 0x13, 0x6b, 0xf5, + 0xc3, 0x17, 0x9c, 0x9a, 0x13, 0x16, 0x11, 0x48, + 0xed, 0xa2, 0x14, 0x96, 0xeb, 0x34, 0xf4, 0x04, + 0x97, 0x40, 0xee, 0x19, 0x8a, 0xa7, 0xe9, 0x45, + 0x18, 0x89, 0x96, 0x66, 0x28, 0xa1, 0xca, 0xc9, + 0x1e, 0xfe, 0x26, 0x66, 0xd3, 0x41, 0x0e, 0x0a, + 0x58, 0x94, 0x2e, 0xab, 0x3e, 0xef, 0x6a, 0xd6, + 0x14, 0x63, 0xe9, 0x90, 0x1c, 0x4c, 0x4e, 0xd5, + 0xf7, 0x11, 0x68, 0x5e, 0xde, 0xf5, 0x23, 0x0f, + 0xcf, 0x91, 0xa4, 0x39, 0x61, 0xbe, 0x26, 0x77, + 0xfa, 0xbb, 0xe2, 0xca, 0xea, 0x00, 0xbb, 0xb2, + 0x2d, 0x9e, 0x20, 0xaf, 0xb1, 0x43, 0x4e, 0xf2, + 0x5e, 0x77, 0x4d, 0x2c, 0x77, 0x2a, 0xac, 0x7e, + 0x66, 0x9f, 0xb7, 0xc3, 0x11, 0x61, 0x07, 0x07, + 0xfe, 0xec, 0xbe, 0xf6, 0x36, 0xce, 0xad, 0xc5, + 0x74, 0x63, 0xca, 0xe9, 0xd1, 0x29, 0x0f, 0x3b, + 0xc5, 0x11, 0x65, 0x47, 0xa0, 0x75, 0xaa, 0xcd, + 0x37, 0xcd, 0x69, 0x88, 0x1f, 0xb0, 0xd8, 0x19, + 0x00, 0xcb, 0x17, 0xe9, 0x43, 0xc2, 0x5c, 0x69, + 0xe0, 0x0f, 0x0f, 0x72, 0x54, 0xf2, 0xff, 0x16, + 0x87, 0x6a, 0x64, 0xcb, 0x10, 0x28, 0xf9, 0x14, + 0x81, 0x7b, 0x2d, 0x23, 0xb8, 0xc5, 0xce, 0x4c, + 0x83, 0xfa, 0xd8, 0xcf, 0xb3, 0x32, 0x4e, 0xe6, + 0xa9, 0x27, 0x41, 0x04, 0x8f, 0x34, 0x14, 0xe5, + 0x2f, 0x4f, 0xfd, 0x82, 0x3f, 0x0a, 0xcd, 0x80, + 0x2a, 0xb3, 0x48, 0x3d, 0xa9, 0xa2, 0x3a, 0x8e, + 0x11, 0x60, 0x62, 0xf3, 0x2b, 0x7d, 0xc3, 0xdb, + 0x16, 0x02, 0x0f, 0xf3, 0xc4, 0x85, 0x46, 0x35, + 0xbc, 0xa8, 0x59, 0x7a, 0xd9, 0x0f, 0x6e, 0x4d, + 0x6a, 0x24, 0xe4, 0x29, 0x87, 0xb7, 0x6e, 0x3f, + 0x69, 0x0f, 0x08, 0x76, 0xd3, 0x24, 0x3b, 0x17, + 0x6c, 0x92, 0xfd, 0xb8, 0xeb, 0x25, 0x45, 0x18, + 0xf3, 0x1d, 0x14, 0xc3, 0x60, 0xd5, 0xd3, 0xe2, + 0xa8, 0x2b, 0x06, 0x74, 0xe1, 0xc3, 0x84, 0x8d, + 0xae, 0xa6, 0x0a, 0xca, 0x79, 0x07, 0xaa, 0x9e, + 0x65, 0xa2, 0xf1, 0xea, 0x29, 0x6a, 0xfd, 0xd7, + 0x38, 0x6a, 0x6b, 0x39, 0xb9, 0xd1, 0xe4, 0xfc, + 0x60, 0x4d, 0x1e, 0x48, 0x5f, 0x9f, 0xc7, 0xfe, + 0xe9, 0x42, 0xd0, 0x33, 0x60, 0xde, 0xda, 0x38, + 0x7b, 0x80, 0x04, 0x83, 0x56, 0x65, 0x54, 0x8b, + 0x69, 0x3a, 0xe4, 0x5b, 0x57, 0x53, 0x8b, 0x7a, + 0x9a, 0xd2, 0xe5, 0x00, 0x29, 0x7a, 0xa3, 0xf7, + 0x2b, 0xc6, 0x0a, 0xa9, 0x2d, 0x41, 0x85, 0x62, + 0xbf, 0x5e, 0x25, 0xae, 0x9b, 0xed, 0x3e, 0xc2, + 0x51, 0x26, 0xfa, 0x0c, 0xab, 0xbd, 0xa4, 0x74, + 0x55, 0x91, 0x99, 0xb7, 0xb2, 0xec, 0xa7, 0x83, + 0xe9, 0xb0, 0x31, 0x69, 0x4a, 0x4d, 0xd9, 0x4d, + 0x1f, 0xf9, 0x30, 0x7e, 0x1f, 0xdb, 0xa0, 0xc0, + 0x69, 0x78, 0xdc, 0x12, 0x22, 0xd2, 0x9d, 0xca, + 0x49, 0x2a, 0x78, 0xe9, 0x26, 0x54, 0x8c, 0xac, + 0xb1, 0x2b, 0x80, 0xf5, 0x76, 0x64, 0xdd, 0x1f, + 0xdf, 0x9d, 0x23, 0xa5, 0x87, 0xb4, 0x00, 0x7f, + 0x58, 0xd7, 0xfa, 0xd2, 0x90, 0x07, 0x3b, 0xe7, + 0x6a, 0xed, 0xa6, 0x6b, 0x57, 0xd3, 0x97, 0x7d, + 0x39, 0xf1, 0xa4, 0x69, 0x2e, 0x20, 0xe9, 0x0c, + 0xef, 0x50, 0xb5, 0x38, 0xb1, 0xa1, 0x6a, 0x2d, + 0xcf, 0xd1, 0xd7, 0x47, 0x87, 0x76, 0xfc, 0x22, + 0x35, 0xae, 0x34, 0xb1, 0x4b, 0x39, 0xe7, 0x26, + 0x09, 0xa7, 0xd1, 0xf1, 0xd3, 0xe4, 0x6b, 0x1a, + 0x14, 0x14, 0x30, 0x45, 0x59, 0x89, 0x02, 0x98, + 0x99, 0xbc, 0x2d, 0xcd, 0xc2, 0xe0, 0xf1, 0x5e, + 0xa4, 0x8e, 0xd5, 0xc6, 0x6a, 0xfb, 0xe8, 0x91, + 0x20, 0x56, 0xc8, 0x0c, 0x60, 0x89, 0xdd, 0x09, + 0x2d, 0xf7, 0x4c, 0x71, 0xba, 0x43, 0x13, 0x08, + 0x4a, 0xd6, 0x2a, 0x4a, 0xe7, 0x36, 0xcc, 0x7f, + 0xbf, 0x0a, 0x3b, 0x82, 0x11, 0xe8, 0xbe, 0x1e, + 0x8a, 0xab, 0x64, 0x72, 0xbf, 0xc0, 0xb9, 0x3d, + 0xfa, 0x17, 0x27, 0x28, 0x98, 0xd9, 0x97, 0xa3, + 0x7a, 0x92, 0x92, 0x59, 0xbb, 0xed, 0x96, 0x6b, + 0x69, 0x0e, 0x9f, 0xf0, 0xb0, 0x78, 0xb4, 0xc5, + 0x5b, 0x76, 0xc1, 0x4d, 0xf3, 0x02, 0x4d, 0x9c, + 0x2f, 0x2c, 0xf1, 0x8c, 0xea, 0x9f, 0x74, 0x7f, + 0xc0, 0x85, 0xa1, 0x78, 0xc0, 0xc8, 0x9e, 0x05, + 0xba, 0xcb, 0x5d, 0x24, 0x6c, 0xab, 0x4e, 0x1a, + 0x5e, 0xbe, 0x9f, 0xfc, 0xd1, 0x16, 0x1d, 0x75, + 0xeb, 0xf7, 0x0c, 0x6d, 0x0a, 0xe3, 0xe9, 0x39, + 0xca, 0x15, 0x10, 0xe1, 0xb3, 0x1f, 0x84, 0xc0, + 0x9c, 0x89, 0xe6, 0x42, 0x1d, 0x4d, 0xd1, 0xb7, + 0x86, 0xe9, 0x03, 0xa6, 0x01, 0x75, 0x22, 0x3d, + 0x6c, 0x11, 0x2c, 0xbe, 0x88, 0xba, 0xe5, 0xe5, + 0x73, 0x60, 0x4f, 0x8c, 0x9a, 0x0c, 0xf3, 0xcf, + 0x0f, 0xb3, 0x4e, 0x55, 0x25, 0xae, 0x86, 0x06, + 0x26, 0xe3, 0x72, 0x5a, 0x69, 0xc7, 0x0f, 0xff, + 0x25, 0xc7, 0xfd, 0x41, 0x7e, 0x67, 0x01, 0x21, + 0xf8, 0x12, 0x2e, 0x9b, 0x22, 0xf1, 0xd3, 0x0d, + 0xb9, 0x07, 0x9b, 0x9b, 0xe0, 0x68, 0xfb, 0x28, + 0xe0, 0x9f, 0xc7, 0x6f, 0xe9, 0x7f, 0xe2, 0x9d, + 0xe1, 0x5b, 0x51, 0x9c, 0xdd, 0xe5, 0xbf, 0x0c, + 0xc6, 0x05, 0x8e, 0xca, 0x54, 0x43, 0xac, 0x9e, + 0x40, 0x5d, 0x68, 0x9e, 0x32, 0x2e, 0x44, 0x1e, + 0xc1, 0xbf, 0x46, 0xd2, 0x00, 0x38, 0xff, 0x5b, + 0x69, 0xfc, 0xc2, 0x34, 0xb6, 0xcf, 0xf2, 0xd6, + 0x14, 0xef, 0x78, 0xa1, 0x6a, 0xf5, 0xee, 0x36, + 0x3f, 0xa6, 0x85, 0x85, 0x9b, 0x37, 0x48, 0x80, + 0xe0, 0x91, 0x89, 0x2d, 0x6d, 0x9f, 0xf9, 0x42, + 0xdc, 0x1a, 0xaf, 0x3e, 0xc6, 0xb6, 0xd7, 0xb9, + 0x2a, 0x4c, 0x5a, 0xd3, 0xac, 0x32, 0x9f, 0x4f, + 0xa0, 0xa6, 0x33, 0xa3, 0x3d, 0x98, 0x24, 0x91, + 0xe4, 0x09, 0xa4, 0x7f, 0x0b, 0x34, 0x7a, 0xfe, + 0xa1, 0xce, 0x6d, 0x9f, 0xd0, 0x32, 0x6a, 0x9a, + 0xb9, 0x01, 0x9a, 0x26, 0x56, 0x3c, 0x29, 0x61, + 0x9f, 0xde, 0xa7, 0xca, 0xfd, 0x1f, 0x3a, 0xb2, + 0x1e, 0xe0, 0x73, 0x7a, 0xac, 0x0f, 0x5f, 0xc7, + 0x10, 0xd3, 0x3f, 0xc9, 0xfa, 0x91, 0xa1, 0xe9, + 0xaa, 0x74, 0xc6, 0xd7, 0x73, 0x24, 0xb5, 0x3d, + 0x38, 0x20, 0xe8, 0xe0, 0x6e, 0xe7, 0x9b, 0x02, + 0x2d, 0x32, 0xef, 0x9e, 0xd5, 0xd0, 0xcc, 0x5a, + 0x23, 0xeb, 0xda, 0x44, 0x77, 0x2b, 0x95, 0x57, + 0xfd, 0xbd, 0x03, 0xc7, 0xbe, 0xa0, 0x01, 0x95, + 0xf6, 0x92, 0x0f, 0xe5, 0x1c, 0x2b, 0x83, 0x56, + 0xc6, 0xe1, 0x18, 0xcf, 0x7c, 0xc6, 0xd7, 0x87, + 0x8b, 0xc3, 0xbf, 0xc7, 0xca, 0xf4, 0x67, 0x62, + 0xb8, 0x38, 0xb0, 0x8c, 0x1d, 0x33, 0x39, 0x53, + 0x2d, 0xce, 0x89, 0x6f, 0xb7, 0xd7, 0xc6, 0xad, + 0x7e, 0x70, 0x27, 0x1d, 0x42, 0xe9, 0x21, 0xc1, + 0x48, 0x60, 0xbf, 0x78, 0x94, 0x35, 0x01, 0xb4, + 0xc1, 0x31, 0x6a, 0x82, 0x22, 0xcb, 0xf0, 0xd1, + 0x6e, 0xb1, 0x4b, 0xe5, 0x80, 0x57, 0x28, 0xb3, + 0xa5, 0x1b, 0x9d, 0x8b, 0xfd, 0x75, 0x1d, 0x89, + 0x67, 0xaf, 0x2b, 0xd0, 0x3f, 0xce, 0xdc, 0x2f, + 0x8b, 0x9f, 0xb9, 0x03, 0x13, 0x24, 0xbf, 0xbc, + 0x38, 0x50, 0x2d, 0xc2, 0x02, 0xd7, 0x7a, 0xaa, + 0x6d, 0x2c, 0xc1, 0x42, 0x5f, 0x1b, 0xb9, 0x85, + 0x54, 0x48, 0x68, 0x21, 0xfb, 0x12, 0x42, 0xdf, + 0x02, 0xb2, 0x46, 0x1c, 0xbd, 0x45, 0xa1, 0x02, + 0x19, 0x3d, 0x3b, 0x34, 0x92, 0x3d, 0xe2, 0xe9, + 0x0b, 0x73, 0x51, 0x37, 0x38, 0x93, 0x72, 0x62, + 0x01, 0x49, 0xa1, 0x95, 0xa0, 0x61, 0x47, 0xab, + 0x5b, 0xc9, 0x4c, 0xc7, 0x3b, 0x29, 0x65, 0xdf, + 0xe4, 0x01, 0x80, 0xa5, 0xe3, 0x80, 0x9a, 0xb9, + 0x68, 0x43, 0x56, 0x58, 0xd3, 0xd6, 0xf9, 0x47, + 0x8d, 0x59, 0x61, 0xa8, 0x78, 0xc4, 0xc5, 0x02, + 0x41, 0xc0, 0xbe, 0xdd, 0x3e, 0xbb, 0x17, 0x21, + 0x26, 0x0f, 0xed, 0xba, 0x2a, 0x35, 0xa3, 0x65, + 0xea, 0x48, 0xfa, 0xd6, 0x75, 0xb8, 0xad, 0xb7, + 0xf7, 0xff, 0x5e, 0x44, 0x83, 0x2a, 0xa3, 0x3d, + 0xa7, 0x12, 0xa7, 0xf9, 0x7d, 0xb0, 0x02, 0x5d, + 0x3c, 0xb2, 0x12, 0x12, 0x3b, 0x1d, 0x1c, 0x7c, + 0x0f, 0x86, 0xf3, 0xd6, 0x98, 0xb8, 0x4d, 0xea, + 0xfa, 0x8d, 0x92, 0x89, 0x78, 0xae, 0xbf, 0x7b, + 0xc0, 0x1c, 0xa4, 0xaa, 0xda, 0xd5, 0xda, 0x2c, + 0xcb, 0x82, 0xcd, 0x96, 0x37, 0x74, 0xb3, 0xca, + 0x65, 0x99, 0x3b, 0xfe, 0xbe, 0xf5, 0xcb, 0x6c, + 0x84, 0xcc, 0xc7, 0x9b, 0x49, 0xbb, 0x76, 0x70, + 0xa8, 0x8a, 0x66, 0xbd, 0xe1, 0xca, 0x1b, 0xbb, + 0xf7, 0x6c, 0x5d, 0x30, 0x3f, 0x91, 0xfc, 0xba, + 0x02, 0x88, 0xff, 0x45, 0x24, 0xb2, 0x53, 0x3e, + 0x1c, 0xf5, 0x22, 0xf1, 0xc1, 0xe7, 0x99, 0x24, + 0xb4, 0x8d, 0xcb, 0x0e, 0xea, 0xf7, 0xef, 0x4f, + 0x03, 0xf6, 0x44, 0xaa, 0x1f, 0xff, 0x70, 0xed, + 0x09, 0x77, 0xfc, 0x07, 0x4f, 0x1d, 0x85, 0xbb, + 0x19, 0x37, 0x04, 0x3a, 0x71, 0x12, 0x77, 0x93, + 0x1a, 0x2e, 0xab, 0x0b, 0xe7, 0x5c, 0x5b, 0x8a, + 0x6d, 0xc4, 0xa9, 0x73, 0x74, 0x5c, 0x2f, 0x96, + 0x5d, 0xbc, 0x62, 0xac, 0xb1, 0x51, 0xc8, 0x6f, + 0x4c, 0xfa, 0x2a, 0x01, 0xcb, 0x04, 0x3e, 0x6c, + 0x3b, 0x03, 0x61, 0x85, 0xd2, 0x1a, 0xdd, 0x6c, + 0xe5, 0x34, 0x64, 0x7f, 0xf2, 0xd8, 0x7d, 0xe8, + 0x22, 0xf4, 0x90, 0x37, 0xd6, 0xd1, 0xe3, 0x02, + 0xf0, 0x45, 0x58, 0x51, 0x29, 0xd2, 0xeb, 0x64, + 0xb1, 0x44, 0x37, 0xa2, 0x82, 0xda, 0xc9, 0x4d, + 0x28, 0xe6, 0xdc, 0xe6, 0xd0, 0x24, 0x8d, 0x81, + 0x92, 0x0d, 0x5f, 0xb5, 0x44, 0xe0, 0x48, 0x80, + 0x18, 0xde, 0x18, 0x90, 0x9d, 0xb9, 0xdf, 0x42, + 0x47, 0x1b, 0x5d, 0x23, 0x1f, 0x42, 0x5f, 0xc6, + 0x56, 0xb7, 0x50, 0xd4, 0x78, 0x0a, 0x1e, 0x70, + 0xd0, 0x5e, 0xd2, 0x5e, 0xd8, 0x20, 0x02, 0x2e, + 0xed, 0x16, 0xf8, 0x2c, 0x38, 0x32, 0x15, 0xa4, + 0x6d, 0xce, 0xd5, 0x34, 0x9e, 0xd1, 0xb2, 0x3f, + 0x3f, 0x2d, 0x8c, 0xe5, 0x54, 0x50, 0x4b, 0x5e, + 0xb3, 0x67, 0x4e, 0x6c, 0x7f, 0x9f, 0x10, 0xcc, + 0xd9, 0x7a, 0x38, 0xb1, 0x92, 0xda, 0x2c, 0x75, + 0x14, 0xa0, 0x51, 0x00, 0x5e, 0xf3, 0x05, 0xf1, + 0x66, 0xf9, 0xf3, 0x8d, 0x33, 0x44, 0xfd, 0x2a, + 0xaa, 0xfa, 0x6c, 0x08, 0x5f, 0x5b, 0x9e, 0x4f, + 0x53, 0x71, 0x21, 0xc5, 0xc0, 0x65, 0xf2, 0x19, + 0x69, 0x65, 0xd7, 0x72, 0x78, 0x3f, 0x03, 0xcb, + 0xae, 0x77, 0x3f, 0xbb, 0x3a, 0xeb, 0x42, 0x6b, + 0xf0, 0x6c, 0x94, 0xcd, 0x40, 0x3f, 0x3a, 0xd2, + 0xcf, 0xa3, 0x7e, 0x22, 0x31, 0x5c, 0x2f, 0x1b, + 0x6c, 0xc6, 0x2e, 0x84, 0xbd, 0x1a, 0xc9, 0xeb, + 0xe2, 0x9c, 0xc1, 0x9e, 0xb8, 0x0a, 0x35, 0x65, + 0xa7, 0x52, 0x14, 0x56, 0x79, 0x95, 0x1f, 0xaf, + 0xaf, 0x2d, 0xcb, 0x08, 0x6f, 0xcc, 0x17, 0x79, + 0x91, 0xba, 0x0c, 0xff, 0xd8, 0xa6, 0x8d, 0x41, + 0x54, 0x3e, 0x01, 0x86, 0x66, 0x63, 0x79, 0x0b, + 0x2a, 0xf2, 0x1f, 0xa7, 0x82, 0xe8, 0x3f, 0xff, + 0x0a, 0x6e, 0x58, 0xe2, 0x4f, 0x1a, 0xbb, 0x2d, + 0x4b, 0x6d, 0xbe, 0x96, 0x12, 0xa8, 0x95, 0x1f, + 0x23, 0x86, 0x4f, 0x4f, 0xde, 0xe9, 0xe1, 0x23, + 0x6d, 0x0e, 0xfd, 0x5d, 0x9d, 0xb5, 0xb7, 0x5f, + 0xc0, 0x18, 0xc8, 0xde, 0x8b, 0x1e, 0x53, 0xb4, + 0x3f, 0x34, 0xc7, 0xc2, 0xcf, 0xcb, 0xba, 0x01, + 0x3a, 0xdd, 0xf7, 0x6f, 0x66, 0x0e, 0x72, 0xea, + 0x91, 0x0b, 0x60, 0xfb, 0x7c, 0xa8, 0xa7, 0x0b, + 0x46, 0x57, 0x45, 0xcc, 0x53, 0x95, 0xc8, 0x63, + 0xc8, 0x13, 0x71, 0xe2, 0x9a, 0xfe, 0xbb, 0xd8, + 0xbb, 0xc9, 0x60, 0x91, 0xca, 0x6c, 0xc4, 0x24, + 0xad, 0xd5, 0xab, 0x1d, 0x3d, 0xb4, 0x75, 0x01, + 0x35, 0x3c, 0xa0, 0xd1, 0xe6, 0xc9, 0x91, 0xf8, + 0x1e, 0x43, 0xa0, 0xd4, 0x85, 0x1b, 0x14, 0xa1, + 0xd2, 0xdf, 0xea, 0xb8, 0x5d, 0xd4, 0xe6, 0xd3, + 0x96, 0x2d, 0x9a, 0x85, 0xb8, 0xbe, 0x9a, 0x71, + 0xd2, 0xf6, 0xa9, 0xa6, 0xb2, 0x96, 0xe7, 0x8c, + 0xb4, 0x47, 0xb6, 0xf2, 0xe4, 0xbb, 0xa4, 0x8c, + 0xe6, 0x91, 0x7b, 0xf8, 0xbc, 0x40, 0x72, 0x1d, + 0x5b, 0xc4, 0x5f, 0xc8, 0x8a, 0xba, 0x3c, 0x5e, + 0x4e, 0x08, 0x3e, 0x2e, 0x95, 0xd0, 0xaf, 0x5f, + 0xef, 0xb1, 0xda, 0x79, 0x7a, 0x7b, 0xa1, 0x27, + 0x66, 0x95, 0x10, 0x1a, 0x08, 0xc7, 0x3a, 0x0f, + 0x35, 0xaf, 0xfc, 0xd6, 0xf8, 0x56, 0x59, 0x1b, + 0xd4, 0x26, 0x4e, 0x28, 0xbc, 0xb2, 0x6b, 0xbb, + 0x9f, 0x0a, 0x46, 0x7f, 0xb9, 0x26, 0xdb, 0x64, + 0x5a, 0x69, 0xa5, 0xd1, 0x81, 0x16, 0xf7, 0xc8, + 0xb4, 0xa4, 0x23, 0x24, 0xd5, 0xb1, 0xcc, 0x3c, + 0xa2, 0x28, 0x15, 0x98, 0x3e, 0x7e, 0x75, 0x7d, + 0x2b, 0x9e, 0xe3, 0x10, 0x52, 0x7b, 0xa9, 0x4a, + 0xd4, 0x7c, 0x64, 0x86, 0xad, 0x43, 0x71, 0x95, + 0xa6, 0x95, 0x50, 0xe4, 0xb6, 0x99, 0xff, 0x7e, + 0xec, 0xe7, 0x13, 0x31, 0xa2, 0x86, 0xac, 0x54, + 0xd8, 0x82, 0x24, 0xf8, 0x7f, 0xe2, 0x69, 0xde, + 0x2f, 0xfd, 0xbc, 0xb9, 0x9b, 0xb8, 0xee, 0x12, + 0xef, 0x5f, 0x2a, 0x42, 0x99, 0xbc, 0x0c, 0x87, + 0x0c, 0x85, 0xa6, 0x4b, 0xa4, 0xf0, 0xfb, 0x94, + 0x1b, 0x3c, 0x8a, 0x11, 0x14, 0x53, 0x7f, 0x7a, + 0x89, 0x7e, 0xf9, 0xfe, 0xfc, 0x89, 0xb7, 0x97, + 0x5f, 0x44, 0xb1, 0x5d, 0x4f, 0xba, 0x66, 0x2d, + 0x8a, 0x5c, 0xa2, 0xf4, 0x39, 0x69, 0x19, 0x02, + 0x33, 0x48, 0x9d, 0x08, 0x91, 0x5e, 0x63, 0xdc, + 0x9f, 0xf8, 0xee, 0xed, 0xb6, 0x21, 0x68, 0x33, + 0xab, 0x80, 0xf8, 0xdc, 0xe0, 0x90, 0x87, 0x9e, + 0x1f, 0x3a, 0x3e, 0x63, 0x1a, 0xfa, 0x98, 0x14, + 0x05, 0x8f, 0x0c, 0x5e, 0x58, 0x7c, 0x60, 0x12, + 0xeb, 0x9a, 0xe8, 0x6c, 0x24, 0xbe, 0x78, 0x7f, + 0xa1, 0x4c, 0xd6, 0xbe, 0xda, 0x6f, 0xbc, 0x0c, + 0xdc, 0x2e, 0xa5, 0x41, 0xbd, 0x2d, 0x1e, 0xb0, + 0xd4, 0xe8, 0xbc, 0x42, 0xa1, 0x27, 0x59, 0x58, + 0x06, 0x8d, 0x8a, 0x7b, 0xf7, 0x5d, 0xff, 0xca, + 0x5e, 0x46, 0x92, 0x97, 0x17, 0xb1, 0x22, 0xf8, + 0x52, 0x84, 0x48, 0x73, 0x46, 0x3c, 0x2d, 0x79, + 0x1c, 0x4f, 0x89, 0x7d, 0x29, 0xb4, 0x1a, 0x1f, + 0xbf, 0x89, 0xf5, 0x0b, 0x46, 0x63, 0x10, 0x94, + 0x62, 0x13, 0x3b, 0x86, 0x61, 0x6f, 0x97, 0x1e, + 0xd0, 0x85, 0x99, 0x83, 0xf8, 0xbe, 0x30, 0x19, + 0xb7, 0x6c, 0xba, 0x3e, 0x77, 0x0e, 0x4a, 0x1f, + 0xab, 0x3f, 0x6d, 0x66, 0xfd, 0x56, 0xea, 0x47, + 0xc3, 0x56, 0xa8, 0xc6, 0x84, 0x06, 0xe3, 0x62, + 0x07, 0x78, 0x49, 0xb1, 0xcc, 0xce, 0x0a, 0x8d, + 0x3c, 0x71, 0x7b, 0x88, 0x36, 0x31, 0x97, 0xc4, + 0x1a, 0x60, 0x06, 0x24, 0x9c, 0x9e, 0xd7, 0x45, + 0x1e, 0x74, 0x51, 0x3a, 0x97, 0xab, 0x81, 0x87, + 0x94, 0x62, 0x69, 0x5a, 0x69, 0xbb, 0xfe, 0x52, + 0xbf, 0x99, 0x90, 0x5c, 0x1e, 0x37, 0xb1, 0xc8, + 0x4f, 0x4c, 0x78, 0x6f, 0xe8, 0xb0, 0x1a, 0x4b, + 0x35, 0x7c, 0x16, 0x8d, 0x54, 0x49, 0x6b, 0xc1, + 0x29, 0x27, 0x40, 0x3e, 0x60, 0xf6, 0x8c, 0xa4, + 0xe8, 0xdb, 0x90, 0xee, 0x01, 0x35, 0x0e, 0x7a, + 0x98, 0xf9, 0xc5, 0x30, 0x2b, 0x19, 0xd5, 0xb8, + 0xa3, 0xe6, 0x09, 0xd6, 0x65, 0x79, 0x55, 0x6d, + 0xd5, 0x04, 0xef, 0xd6, 0xfc, 0xbb, 0x7a, 0xbd, + 0x90, 0xe4, 0xf8, 0xaa, 0x03, 0xcd, 0x87, 0xac, + 0x0b, 0x60, 0xd0, 0x55, 0x58, 0x88, 0xcb, 0x46, + 0x63, 0xa6, 0x75, 0xea, 0x80, 0x16, 0xe6, 0x46, + 0xf0, 0x51, 0xea, 0xdd, 0x8a, 0x21, 0x0f, 0x1a, + 0xe3, 0x34, 0xbb, 0x27, 0x67, 0xf7, 0x09, 0xb7, + 0xf5, 0x0f, 0xa2, 0x67, 0x7b, 0x5a, 0x5e, 0xb0, + 0xcf, 0x43, 0xec, 0xb8, 0x63, 0x95, 0x7b, 0xf1, + 0x2b, 0x95, 0x71, 0xa2, 0xa3, 0x7d, 0x57, 0x5a, + 0xd1, 0x0a, 0xb4, 0x13, 0x99, 0x49, 0x8a, 0x1d, + 0x91, 0xdf, 0xae, 0x48, 0x01, 0x65, 0x88, 0x3d, + 0x7e, 0x06, 0x47, 0x83, 0x9e, 0x6d, 0x57, 0x93, + 0xf4, 0x60, 0xa6, 0x19, 0x74, 0xd7, 0xc0, 0xb8, + 0x29, 0x81, 0x7d, 0xed, 0xf6, 0x06, 0xe8, 0xfa, + 0x45, 0x5d, 0x35, 0x6a, 0x2f, 0xf3, 0x38, 0xda, + 0xff, 0x2c, 0x8c, 0x53, 0xb6, 0x70, 0xe4, 0x4a, + 0x63, 0x4a, 0xf7, 0x4d, 0x4c, 0x78, 0xf0, 0x47, + 0x4d, 0x55, 0x18, 0x8b, 0x1b, 0x5b, 0xeb, 0xce, + 0xc1, 0x75, 0xc6, 0xf3, 0x4c, 0x96, 0x2f, 0x1e, + 0xe7, 0xf6, 0x4e, 0x4e, 0x8c, 0x8d, 0x7a, 0xf2, + 0x02, 0x49, 0xeb, 0xef, 0xd2, 0xdd, 0x3b, 0x33, + 0x4d, 0xbf, 0x6d, 0x79, 0x2a, 0x10, 0x79, 0x8a, + 0xd5, 0xcd, 0xf8, 0x79, 0x02, 0xa5, 0x61, 0x80, + 0x1f, 0xc4, 0xc7, 0xd3, 0x20, 0x42, 0x81, 0xdc, + 0x7a, 0x8d, 0x4e, 0x27, 0x24, 0x6a, 0xa5, 0x08, + 0x9e, 0x90, 0xe9, 0x4a, 0xe8, 0xea, 0x3c, 0x31, + 0x81, 0xd9, 0xfe, 0xd6, 0xd3, 0xf2, 0xd4, 0xd7, + 0xfd, 0xe1, 0xfe, 0xfc, 0x56, 0x1f, 0x07, 0x02, + 0xd4, 0x63, 0x58, 0x05, 0xa4, 0x85, 0x90, 0xaf, + 0x46, 0x79, 0xce, 0xca, 0x11, 0xb7, 0x04, 0xc3, + 0x94, 0x87, 0x9d, 0xe4, 0x70, 0xc0, 0xb5, 0x4b, + 0x08, 0x9f, 0xb3, 0x8a, 0x8c, 0x3e, 0x00, 0x19, + 0x18, 0x76, 0x2f, 0x0d, 0xfa, 0xfd, 0x1c, 0xc1, + 0xa7, 0xd6, 0x69, 0x73, 0xe8, 0x88, 0xec, 0xb9, + 0xe0, 0x32, 0x8f, 0x77, 0x4d, 0x32, 0x70, 0x17, + 0xb6, 0x54, 0xf2, 0x79, 0xc6, 0xbe, 0xc3, 0x10, + 0xa2, 0x07, 0xe4, 0x4a, 0x74, 0xe4, 0xed, 0x5a, + 0xbc, 0xb6, 0xaa, 0x7f, 0x3a, 0xe8, 0x27, 0x87, + 0xfb, 0xa8, 0xc7, 0xb9, 0xb6, 0x34, 0x40, 0x43, + 0xea, 0x38, 0xb1, 0x3f, 0xa4, 0x64, 0x2c, 0xa7, + 0x13, 0x06, 0x9b, 0xaa, 0x83, 0xab, 0xfc, 0xf9, + 0x03, 0x3b, 0xeb, 0x2e, 0xbc, 0x35, 0xe4, 0xc9, + 0xcf, 0x2d, 0x5e, 0xc0, 0xa6, 0x31, 0xf0, 0xb0, + 0x98, 0x98, 0xa5, 0x2d, 0xf3, 0x98, 0x82, 0x49, + 0xd4, 0x06, 0xe4, 0x72, 0xd5, 0xe5, 0xfd, 0xad, + 0x79, 0x13, 0x18, 0x6e, 0x2c, 0x33, 0x41, 0x1e, + 0xd1, 0xb0, 0xb2, 0x41, 0xc2, 0x80, 0x0b, 0x91, + 0xd2, 0x99, 0x60, 0xef, 0x67, 0xa8, 0xad, 0x9c, + 0x9b, 0xd4, 0xb2, 0x54, 0x65, 0x97, 0xb5, 0xc5, + 0x06, 0x1c, 0x05, 0x53, 0x09, 0x20, 0xce, 0x49, + 0xd7, 0xbe, 0x3e, 0x15, 0x5d, 0x77, 0x76, 0x53, + 0x18, 0x02, 0xd1, 0x46, 0x1d, 0x5f, 0xe9, 0x74, + 0xab, 0x45, 0x05, 0xa7, 0xd7, 0xa4, 0x4f, 0x81, + 0x41, 0x7e, 0xec, 0xf0, 0xd1, 0xb8, 0x67, 0xf3, + 0xef, 0x09, 0x4b, 0xae, 0x8d, 0x7d, 0xe0, 0x12, + 0x54, 0xf0, 0x7a, 0x90, 0x4a, 0x3b, 0xfc, 0x2f, + 0xe0, 0x13, 0xde, 0xd8, 0x98, 0x3c, 0x85, 0xce, + 0xd3, 0x06, 0x6f, 0x6c, 0x6a, 0xdc, 0xfa, 0xab, + 0x4e, 0x01, 0x57, 0xc8, 0x5b, 0x3f, 0xb2, 0x69, + 0xfd, 0x4d, 0xfc, 0x71, 0x07, 0xcd, 0xee, 0xf7, + 0x1c, 0x33, 0xba, 0x0f, 0x25, 0x09, 0x71, 0x65, + 0xc1, 0xf0, 0x33, 0xf8, 0xa8, 0xfa, 0x8c, 0xc4, + 0xaf, 0xa9, 0xe9, 0xcd, 0x23, 0xd0, 0xf6, 0xb9, + 0x24, 0x08, 0x09, 0x13, 0x15, 0x68, 0x10, 0x8c, + 0x2f, 0xf7, 0x96, 0xb4, 0x1f, 0x81, 0x24, 0x7d, + 0x9d, 0xc1, 0x9b, 0xef, 0xe9, 0x4a, 0x87, 0x70, + 0x0a, 0x04, 0x1c, 0x9d, 0xbc, 0x6c, 0x57, 0x1a, + 0xa4, 0xfd, 0x90, 0xb6, 0x25, 0x03, 0x9b, 0xb7, + 0x3d, 0x73, 0x0a, 0xdf, 0xaf, 0xdf, 0xea, 0x64, + 0x7a, 0x0c, 0xeb, 0xdf, 0x29, 0xc4, 0x2d, 0xb0, + 0x43, 0x91, 0xdb, 0x6f, 0xa4, 0x7a, 0xa9, 0x84, + 0xae, 0x03, 0x27, 0xe4, 0xf3, 0xf6, 0x3d, 0x35, + 0x74, 0xe1, 0xe4, 0x09, 0x1a, 0x61, 0x76, 0x89, + 0x8e, 0xa7, 0xbc, 0xc3, 0x16, 0x3e, 0x3f, 0x4a, + 0x4d, 0x5a, 0x62, 0x93, 0xd0, 0xe1, 0xf5, 0xb7, + 0xc5, 0xd3, 0xe3, 0x07, 0x31, 0x70, 0xce, 0xe3, + 0xed, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x03, 0x0c, 0x17, 0x1b, 0x21 + }; +#endif /* !WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 + /* ML-DSA-87: record 1 from + * https://gist.github.com/itzmeanjan/d14afc3866b82119221682f0f3c9822d */ + /* Public key (2592 bytes) */ + static const byte pk_87[] = { + 0x90, 0x3e, 0xfb, 0xf1, 0x6c, 0xd1, 0xf7, 0x79, + 0x82, 0x51, 0x06, 0xf7, 0x6d, 0xe1, 0x2d, 0xf4, + 0x9c, 0xa4, 0x37, 0x1b, 0x57, 0x11, 0x74, 0x80, + 0x70, 0x2a, 0x1d, 0x94, 0xdd, 0x9c, 0x20, 0x42, + 0xbd, 0xda, 0x05, 0x35, 0x91, 0x44, 0x23, 0x07, + 0x62, 0xa5, 0x5d, 0x09, 0xaa, 0xf6, 0x96, 0x12, + 0x45, 0xe2, 0x1b, 0x0d, 0x41, 0x3d, 0xc2, 0xf3, + 0x9c, 0xf9, 0x95, 0x32, 0x7c, 0x6a, 0x1d, 0x52, + 0x60, 0x7b, 0xd9, 0xc3, 0xad, 0xdf, 0x70, 0xd0, + 0x56, 0x36, 0x1d, 0x8e, 0xb8, 0x6c, 0x4b, 0x60, + 0xfb, 0x7e, 0x0d, 0xe5, 0x63, 0x8e, 0x42, 0x55, + 0x45, 0x4c, 0xd3, 0x2e, 0xb4, 0x86, 0x53, 0xf6, + 0xa9, 0x04, 0x72, 0x47, 0x23, 0x32, 0x84, 0x95, + 0x3d, 0xa6, 0xd5, 0xf6, 0x5a, 0xf1, 0xb5, 0x94, + 0x21, 0x67, 0x3f, 0x6f, 0x9e, 0x89, 0xb5, 0x8d, + 0x48, 0x3c, 0x6a, 0x9d, 0x3f, 0xc4, 0xea, 0xc3, + 0x6c, 0xc3, 0xe4, 0x89, 0xca, 0x24, 0x3f, 0x17, + 0xdb, 0xcf, 0x06, 0x86, 0xb8, 0xb4, 0xdc, 0xc4, + 0xa3, 0x70, 0x78, 0xb7, 0xa8, 0xb2, 0x82, 0x18, + 0x77, 0x7c, 0x5c, 0x22, 0x3a, 0xba, 0x31, 0x23, + 0xea, 0xac, 0xd8, 0x3c, 0xe2, 0xed, 0x91, 0xad, + 0xa7, 0xee, 0x0e, 0xfa, 0x23, 0x17, 0x9f, 0x44, + 0x57, 0x90, 0x34, 0x17, 0xed, 0xa5, 0x35, 0x0c, + 0x4f, 0x4b, 0xd8, 0x56, 0xde, 0x0b, 0xc4, 0x19, + 0xc9, 0x1b, 0x76, 0xe7, 0xde, 0x90, 0x74, 0xc8, + 0xeb, 0x44, 0x34, 0xd6, 0x05, 0x5d, 0x80, 0xac, + 0x55, 0xba, 0x27, 0x64, 0x27, 0xfe, 0x3c, 0x84, + 0x4e, 0xc4, 0x2b, 0xbd, 0x37, 0xeb, 0xc6, 0xcb, + 0x14, 0x2c, 0x6c, 0x17, 0x55, 0xf0, 0x2f, 0x7f, + 0x0c, 0x94, 0x63, 0x1c, 0x98, 0x7e, 0xc4, 0x47, + 0x06, 0x08, 0x98, 0xb5, 0x78, 0x14, 0x49, 0x50, + 0xe7, 0x7c, 0xc5, 0x1d, 0x97, 0x97, 0xdf, 0x07, + 0x02, 0x5c, 0x83, 0x93, 0xec, 0xb5, 0x65, 0xc3, + 0x2e, 0xad, 0xd3, 0x17, 0x9c, 0x69, 0x6c, 0xb6, + 0xab, 0x5d, 0xe9, 0x9b, 0x8f, 0xcb, 0x62, 0x3e, + 0x8c, 0x59, 0xd8, 0x36, 0xae, 0x3d, 0x4e, 0x87, + 0x9c, 0xff, 0x4c, 0x48, 0x49, 0x88, 0x0f, 0x0f, + 0xbb, 0x29, 0x3e, 0x7e, 0x63, 0x7d, 0x38, 0x97, + 0xd4, 0x7c, 0xaa, 0x89, 0x46, 0x56, 0xd5, 0x84, + 0x34, 0x24, 0x45, 0x93, 0xd7, 0x2a, 0x97, 0x81, + 0xff, 0x04, 0x5a, 0x40, 0x5f, 0x9c, 0x88, 0x86, + 0xd1, 0xc2, 0xb8, 0x28, 0x46, 0x7a, 0x9b, 0xc2, + 0x8c, 0x4e, 0x29, 0xae, 0xce, 0x65, 0x36, 0xab, + 0xf5, 0x39, 0xb0, 0x2a, 0xb0, 0x3c, 0x87, 0x6d, + 0x89, 0x93, 0x76, 0xcc, 0xdd, 0xa5, 0xc1, 0xab, + 0xc4, 0xd3, 0xb2, 0xaa, 0xf3, 0xc5, 0xb3, 0xc7, + 0xad, 0x19, 0x56, 0xfc, 0xdb, 0x37, 0xf6, 0x91, + 0xe3, 0xe3, 0xdb, 0xb4, 0x3e, 0xa9, 0x67, 0xe7, + 0x33, 0xec, 0x9e, 0x2d, 0x06, 0xd5, 0xa0, 0xe9, + 0xfd, 0x67, 0xaf, 0x30, 0x20, 0xcb, 0xae, 0x5f, + 0xcd, 0x74, 0x90, 0xe4, 0x4f, 0x5e, 0x26, 0x46, + 0x24, 0x5f, 0xb1, 0xb9, 0x2c, 0x93, 0xbf, 0xd6, + 0x94, 0x50, 0x93, 0x24, 0x6d, 0x49, 0x0a, 0x1a, + 0x0f, 0xcd, 0xdd, 0x6d, 0x46, 0xbc, 0x4f, 0xa1, + 0x11, 0x37, 0xaa, 0x67, 0x3d, 0x56, 0x24, 0x88, + 0xfa, 0x72, 0xcf, 0xb7, 0xfd, 0x21, 0x0d, 0x3b, + 0x3f, 0x04, 0x79, 0x44, 0x15, 0x82, 0x68, 0x61, + 0xe8, 0x7c, 0x50, 0xfd, 0x9b, 0x29, 0x7f, 0x0e, + 0xbe, 0x32, 0x15, 0x3b, 0x95, 0x9d, 0x2b, 0xa6, + 0x84, 0xaa, 0x97, 0x88, 0x27, 0xbe, 0xbf, 0x6b, + 0x82, 0x5c, 0x8c, 0x28, 0x33, 0x88, 0xde, 0x62, + 0x37, 0xba, 0x4b, 0x51, 0xa0, 0xd4, 0x7f, 0x01, + 0xc5, 0x79, 0x51, 0x80, 0x9b, 0x95, 0x92, 0xc9, + 0x35, 0xc9, 0xac, 0xd6, 0x4f, 0x45, 0xd0, 0x8d, + 0x52, 0x07, 0xba, 0x36, 0x5c, 0xa2, 0xaf, 0x79, + 0x08, 0xc7, 0x79, 0x1a, 0x4e, 0xcb, 0x8c, 0x20, + 0xef, 0xde, 0xd6, 0x6e, 0xa6, 0x40, 0x86, 0x02, + 0x93, 0x54, 0x24, 0x79, 0x79, 0x12, 0xe1, 0x36, + 0x3c, 0xb7, 0x25, 0xc4, 0x2d, 0xee, 0xc9, 0x87, + 0x30, 0xfa, 0x99, 0xf1, 0x7a, 0xf4, 0xdb, 0xaa, + 0x82, 0x51, 0x59, 0x16, 0x48, 0x78, 0xf5, 0xb9, + 0x7f, 0xfb, 0x89, 0x59, 0x16, 0x0e, 0xf3, 0x04, + 0xe5, 0xe1, 0xa1, 0x0d, 0x7f, 0x86, 0x71, 0x45, + 0x4b, 0x81, 0x08, 0x1d, 0x7e, 0x24, 0xa7, 0x59, + 0x22, 0xea, 0xac, 0x49, 0xdd, 0x67, 0xc0, 0xca, + 0xac, 0x7e, 0x24, 0xd3, 0xf9, 0x14, 0xed, 0x64, + 0xfe, 0x61, 0x8e, 0x26, 0x86, 0x0c, 0x6b, 0xe0, + 0x9a, 0x6b, 0xa5, 0x61, 0x00, 0x68, 0x7b, 0x3f, + 0x0a, 0x61, 0xea, 0xd9, 0xd5, 0x5c, 0x98, 0x41, + 0x07, 0xb1, 0xdb, 0x88, 0xa1, 0x90, 0x1a, 0xbf, + 0xb9, 0x3b, 0x0c, 0x35, 0x56, 0xe4, 0xa3, 0x60, + 0x1e, 0x08, 0xba, 0xe9, 0xba, 0xba, 0xfb, 0x17, + 0x7d, 0x61, 0x70, 0x2e, 0x0e, 0x8a, 0x35, 0x7a, + 0x2e, 0x76, 0x0e, 0xdd, 0x39, 0xcf, 0x7a, 0x3c, + 0x60, 0x1c, 0x02, 0x2c, 0x62, 0x96, 0x07, 0xbe, + 0xa7, 0x71, 0xe4, 0x08, 0xbe, 0xd8, 0xc9, 0x67, + 0x88, 0x20, 0x0f, 0x16, 0xf3, 0xf7, 0x6f, 0x9f, + 0xb8, 0x9b, 0x4f, 0x04, 0x38, 0x9d, 0x40, 0xb7, + 0x6f, 0xf7, 0x20, 0xce, 0x47, 0x8b, 0xac, 0xd7, + 0x7e, 0x65, 0x93, 0x59, 0xd3, 0x80, 0x3b, 0xae, + 0x4b, 0xe4, 0x39, 0xfd, 0x4a, 0x21, 0x2b, 0x38, + 0xe1, 0x69, 0xbc, 0x1a, 0x1c, 0xf9, 0x59, 0x4f, + 0xed, 0xf4, 0xa3, 0x3e, 0xd7, 0xda, 0x7b, 0x3e, + 0x1d, 0x85, 0x3d, 0x05, 0x5d, 0x45, 0xc8, 0x5b, + 0x81, 0x78, 0x05, 0xd2, 0x5b, 0x59, 0xb5, 0x28, + 0x79, 0xb1, 0xeb, 0x7d, 0x59, 0xb7, 0x23, 0xd0, + 0x5a, 0xfb, 0xf9, 0xf6, 0x2f, 0xb1, 0x38, 0x4a, + 0x12, 0x74, 0x8b, 0x09, 0x65, 0xfe, 0xaf, 0x5c, + 0xcc, 0x5f, 0x45, 0x16, 0x2f, 0x17, 0x38, 0x36, + 0xd8, 0x7b, 0x25, 0x90, 0x7c, 0x26, 0x2a, 0xa2, + 0x47, 0xc1, 0x98, 0xe7, 0xed, 0xfe, 0x7a, 0x47, + 0x2b, 0xc6, 0x55, 0x38, 0x43, 0xe1, 0x4c, 0x39, + 0xe7, 0x0d, 0xc9, 0x93, 0xe5, 0x66, 0xf0, 0xc3, + 0x39, 0x10, 0x8f, 0xdf, 0x32, 0xa7, 0xc9, 0xc9, + 0x18, 0x6a, 0x09, 0xbd, 0x57, 0x73, 0xb3, 0xd3, + 0x39, 0x3c, 0xaf, 0x8f, 0x8d, 0x3c, 0xcc, 0x2e, + 0xdb, 0x7b, 0xa0, 0x8f, 0xfa, 0x76, 0xc9, 0x18, + 0x66, 0x95, 0x60, 0xcc, 0x17, 0x0f, 0x69, 0xca, + 0x41, 0x61, 0x4a, 0xbf, 0xe6, 0xd2, 0x30, 0xac, + 0x16, 0x7a, 0x8f, 0x74, 0xf6, 0x66, 0x4a, 0x23, + 0x17, 0x95, 0x80, 0x79, 0x6e, 0xc0, 0xc0, 0x12, + 0x69, 0xba, 0x2f, 0xef, 0x89, 0x5b, 0x36, 0xec, + 0x66, 0x6e, 0x75, 0x0d, 0xce, 0x0f, 0x76, 0xbb, + 0x41, 0x18, 0x67, 0xec, 0x51, 0x52, 0xef, 0x5b, + 0x1a, 0x1a, 0xe2, 0xa8, 0x57, 0xd7, 0x91, 0x14, + 0x7e, 0xc9, 0xbf, 0x50, 0xd4, 0xb1, 0xe9, 0x35, + 0x62, 0x81, 0x27, 0x87, 0xc7, 0xcd, 0x07, 0xb8, + 0xed, 0x8c, 0xcb, 0xc2, 0x94, 0xec, 0x07, 0x21, + 0x77, 0x5c, 0x69, 0x73, 0x1b, 0x3b, 0x47, 0x1b, + 0xa1, 0x62, 0x1c, 0xd5, 0xbd, 0xfd, 0x11, 0xd5, + 0xca, 0x1d, 0x38, 0xea, 0xd2, 0xa5, 0xb5, 0x65, + 0xd6, 0x17, 0xa8, 0x4d, 0x08, 0xff, 0x1f, 0x4a, + 0xd5, 0xbe, 0xe0, 0x47, 0x0d, 0x09, 0xb6, 0x7c, + 0x8d, 0x24, 0xc9, 0x01, 0x8e, 0xb1, 0x32, 0x05, + 0xe6, 0xc8, 0x60, 0x49, 0xb5, 0x0c, 0x5d, 0xe2, + 0xc5, 0x23, 0x45, 0xe0, 0x15, 0x73, 0x2c, 0xf2, + 0xce, 0x1d, 0xa9, 0xe5, 0xdf, 0x6c, 0xf0, 0xf5, + 0x42, 0x56, 0xb4, 0xd1, 0xd3, 0x5e, 0x71, 0x93, + 0xaf, 0xaa, 0xcf, 0x61, 0x6e, 0x28, 0xe7, 0x61, + 0xd9, 0x77, 0xab, 0xf2, 0xa5, 0x4a, 0x3f, 0xe5, + 0xd2, 0x82, 0x3a, 0x27, 0x5d, 0xca, 0x63, 0x60, + 0x39, 0x4f, 0x0a, 0x78, 0x79, 0xab, 0x61, 0x87, + 0x1b, 0xb8, 0xf1, 0x5c, 0x9b, 0xf1, 0xd8, 0x99, + 0x0d, 0xd2, 0x56, 0xfb, 0x7f, 0x07, 0xc9, 0x05, + 0x41, 0xfb, 0x2a, 0xf3, 0xc2, 0x64, 0xe2, 0x4c, + 0x8d, 0xc2, 0x4b, 0xa4, 0x7f, 0x6e, 0x23, 0xc9, + 0xc1, 0x7b, 0xa3, 0x16, 0x2c, 0xce, 0x97, 0x9c, + 0x06, 0x3a, 0x47, 0x84, 0x1a, 0x3d, 0x26, 0x4c, + 0xb8, 0x48, 0x90, 0x82, 0xb3, 0xb1, 0x26, 0x65, + 0x39, 0xab, 0xf7, 0xbb, 0x6d, 0x6c, 0x27, 0x70, + 0x64, 0x98, 0x07, 0x99, 0x79, 0x36, 0x56, 0xe1, + 0xf5, 0x69, 0x06, 0xba, 0x45, 0x41, 0xc1, 0x9a, + 0x89, 0x69, 0xca, 0xe9, 0xfb, 0x98, 0xee, 0x76, + 0x50, 0x0a, 0x89, 0x5d, 0xf4, 0x93, 0xfa, 0x7a, + 0xa4, 0xd8, 0xc4, 0xcf, 0x2f, 0x6a, 0xc5, 0x54, + 0xae, 0xe0, 0x54, 0x90, 0xc1, 0xcc, 0x88, 0x8a, + 0x8d, 0x9f, 0x30, 0xf4, 0x77, 0xef, 0x76, 0xdd, + 0xc1, 0x91, 0x79, 0x4f, 0x0e, 0x92, 0xd3, 0xfe, + 0xad, 0xe9, 0xb0, 0x9b, 0x1d, 0xe6, 0x4e, 0xd0, + 0xeb, 0xa2, 0xbf, 0xc8, 0x2d, 0x6b, 0xfc, 0x69, + 0x3a, 0x48, 0x20, 0x53, 0x10, 0xd3, 0x2b, 0xdd, + 0xbd, 0xd4, 0x83, 0x33, 0xac, 0x81, 0xdb, 0x32, + 0xb4, 0x04, 0x16, 0x3e, 0x6a, 0x83, 0x5a, 0x5d, + 0xcc, 0x33, 0x08, 0xaa, 0x09, 0x36, 0xf3, 0x9e, + 0x66, 0xcf, 0xd9, 0x17, 0x34, 0x37, 0xb0, 0x0b, + 0xae, 0x28, 0xd6, 0xd4, 0xde, 0xfc, 0x2d, 0xda, + 0xd0, 0x01, 0xe2, 0xa6, 0xe7, 0x82, 0xbd, 0xef, + 0xab, 0x16, 0x4a, 0x21, 0x4f, 0x36, 0xe9, 0x5c, + 0x30, 0x7c, 0xa1, 0x41, 0xa1, 0xf3, 0x8d, 0x5e, + 0xfa, 0x94, 0x37, 0x79, 0xe9, 0xd0, 0x1a, 0x72, + 0x10, 0x0f, 0x5d, 0xe7, 0x6a, 0x07, 0x20, 0x74, + 0x28, 0x6b, 0x5c, 0x67, 0x39, 0xb8, 0x05, 0xee, + 0xef, 0xba, 0x56, 0x39, 0xf2, 0xee, 0x08, 0x80, + 0x26, 0x5e, 0xd0, 0x91, 0xe4, 0xa2, 0xde, 0xc2, + 0x30, 0xcf, 0x74, 0x53, 0xf4, 0xbd, 0xec, 0x31, + 0x3e, 0x16, 0x29, 0x73, 0x38, 0xa3, 0xe3, 0xf6, + 0xe0, 0x3c, 0x8f, 0xb1, 0x20, 0x89, 0x09, 0xa4, + 0x6d, 0xad, 0x66, 0x7d, 0x14, 0xbc, 0xb6, 0x6f, + 0x9d, 0x21, 0x57, 0x3e, 0xfc, 0xbd, 0x3a, 0x4b, + 0x2d, 0x81, 0x96, 0xc9, 0x4e, 0xec, 0xc4, 0x53, + 0xd9, 0x43, 0xc8, 0xb2, 0x7d, 0x3e, 0x2b, 0xf9, + 0xb7, 0xde, 0xfc, 0x2d, 0x00, 0xef, 0xa3, 0xfd, + 0x13, 0x1b, 0xb4, 0x81, 0x70, 0xa2, 0x63, 0xa7, + 0x63, 0x66, 0xb7, 0x8b, 0xbc, 0xc0, 0xd8, 0x07, + 0xcb, 0x0d, 0xca, 0x4d, 0xaa, 0x99, 0x48, 0xc8, + 0x24, 0x0b, 0x53, 0x7e, 0xcc, 0x28, 0xfe, 0xfc, + 0x3a, 0xb6, 0x0d, 0x88, 0xa3, 0x48, 0x6a, 0x5f, + 0xc1, 0x5c, 0x4b, 0xc6, 0xec, 0x09, 0x9e, 0x17, + 0xd3, 0xa6, 0xb7, 0xb2, 0x76, 0x1e, 0xa8, 0x69, + 0x80, 0x18, 0x9e, 0x0e, 0x60, 0x6b, 0xc0, 0xb1, + 0xe9, 0x71, 0x53, 0x2e, 0x62, 0x7a, 0xc1, 0x67, + 0x72, 0x69, 0x02, 0xa9, 0xd4, 0x4c, 0x50, 0xbe, + 0x24, 0xff, 0xc3, 0x42, 0x12, 0xb5, 0x4d, 0xc5, + 0x96, 0x06, 0x4e, 0x34, 0xb9, 0x82, 0x1e, 0x6e, + 0xa5, 0xa6, 0x38, 0x92, 0xf1, 0x87, 0x90, 0x16, + 0x91, 0xf5, 0x16, 0x64, 0x9e, 0x7b, 0x01, 0x74, + 0x8a, 0xf1, 0x86, 0x7a, 0x42, 0xa6, 0x3b, 0xab, + 0x54, 0xbf, 0x55, 0x16, 0x68, 0xd0, 0x82, 0x5e, + 0x64, 0x77, 0x37, 0x52, 0x44, 0x9c, 0x64, 0xec, + 0x20, 0x84, 0x2e, 0x5b, 0x8c, 0x67, 0x60, 0xd3, + 0x37, 0x91, 0x37, 0xeb, 0x9b, 0x5c, 0xaa, 0xaf, + 0x46, 0x94, 0x74, 0xaa, 0x9b, 0xb3, 0xc1, 0xf1, + 0xa5, 0xc2, 0x57, 0x36, 0x3e, 0xb2, 0x7b, 0xe4, + 0xc7, 0xbc, 0x5c, 0x89, 0x0f, 0x5d, 0x95, 0x32, + 0x97, 0x50, 0x51, 0xf2, 0xc4, 0xd6, 0x2d, 0x14, + 0xc0, 0x02, 0x42, 0x89, 0xf2, 0x40, 0xa6, 0xab, + 0xde, 0x67, 0xc0, 0x89, 0x6d, 0xe2, 0xeb, 0xc8, + 0x4f, 0xcf, 0xe9, 0x9c, 0xef, 0x7d, 0x15, 0xf7, + 0x9b, 0x22, 0x16, 0x17, 0xd3, 0x85, 0x78, 0x2f, + 0x60, 0x56, 0x4b, 0x0b, 0x59, 0x11, 0xee, 0x2d, + 0x1b, 0xe5, 0x45, 0x90, 0x58, 0xa3, 0x7c, 0x57, + 0x8d, 0x03, 0x48, 0xd1, 0xc6, 0xe5, 0x97, 0x6d, + 0xed, 0x66, 0xb6, 0xbd, 0x26, 0xd5, 0xed, 0x78, + 0xaf, 0xc5, 0x95, 0x61, 0xbc, 0x28, 0xc7, 0x5f, + 0xa4, 0xb5, 0x04, 0x8a, 0xa5, 0x9d, 0x7d, 0x70, + 0x10, 0xe2, 0x22, 0x93, 0xa1, 0x4d, 0x27, 0xb7, + 0xb6, 0xf2, 0xed, 0x3b, 0x8e, 0x59, 0x74, 0xbe, + 0x2e, 0x8e, 0x46, 0x85, 0x0e, 0x30, 0x73, 0x78, + 0x96, 0xfa, 0x0a, 0x21, 0x04, 0xef, 0x31, 0xec, + 0xb2, 0x4a, 0xe8, 0xb1, 0x6f, 0xb0, 0x90, 0xaa, + 0xf5, 0x78, 0x81, 0x1a, 0x60, 0xd8, 0x64, 0x71, + 0x1b, 0x8b, 0xe1, 0xcb, 0x53, 0x8f, 0x69, 0xa3, + 0xaf, 0x67, 0xef, 0x47, 0xb8, 0x1d, 0x50, 0xf0, + 0x7d, 0xda, 0xfb, 0x39, 0x43, 0x73, 0xf8, 0xc8, + 0x67, 0x8d, 0x93, 0x8e, 0x61, 0x81, 0x84, 0x95, + 0x5d, 0x14, 0xea, 0xb8, 0x8d, 0x71, 0x5e, 0x1c, + 0xd2, 0x2e, 0x33, 0xaa, 0xa7, 0x02, 0x73, 0x78, + 0xc3, 0x92, 0xd7, 0x6f, 0x45, 0x84, 0x63, 0xf2, + 0x8a, 0x7f, 0x36, 0x5e, 0xe7, 0x08, 0xee, 0xfe, + 0xef, 0xdd, 0xb2, 0x61, 0xd0, 0xec, 0x1f, 0x44, + 0xee, 0xf0, 0xe0, 0x08, 0x4d, 0xdd, 0xfc, 0xd7, + 0xdd, 0x4f, 0x28, 0x01, 0x9d, 0x91, 0x84, 0x09, + 0x1c, 0x6e, 0x2f, 0xf0, 0xdc, 0xea, 0x26, 0x1d, + 0xa0, 0xee, 0x74, 0x6a, 0xb6, 0xea, 0x80, 0x2f, + 0x63, 0xc1, 0xc3, 0x74, 0x67, 0x5b, 0x52, 0xb3, + 0x93, 0x5b, 0x93, 0x7e, 0xb7, 0x37, 0x5e, 0xa2, + 0x8e, 0x3b, 0x51, 0x98, 0xc8, 0xfe, 0x2c, 0x9a, + 0x67, 0x7b, 0xe3, 0x19, 0x93, 0x3d, 0x98, 0x1a, + 0x19, 0x50, 0x5e, 0x55, 0x7a, 0x2e, 0xd6, 0xe0, + 0x07, 0x11, 0x0f, 0x0d, 0x95, 0x68, 0x9e, 0xd2, + 0x3f, 0x62, 0xf2, 0x05, 0x25, 0xe0, 0x02, 0x9e, + 0x47, 0x89, 0x93, 0x31, 0x36, 0xb6, 0xcd, 0x36, + 0x44, 0xf4, 0xd6, 0x3b, 0x00, 0x2a, 0x0b, 0x59, + 0x42, 0xea, 0xb5, 0xff, 0x7b, 0x85, 0x8b, 0x40, + 0xdc, 0x12, 0x0d, 0x78, 0xba, 0xe0, 0x89, 0xa6, + 0x5e, 0xe5, 0xc7, 0x12, 0x8d, 0xb3, 0x84, 0x1d, + 0xf8, 0x63, 0xf4, 0x76, 0xac, 0x15, 0x02, 0x9e, + 0xc0, 0x14, 0x7a, 0x05, 0x96, 0xd2, 0x29, 0x3d, + 0x1b, 0x5f, 0x48, 0xb1, 0x30, 0x71, 0x82, 0x2e, + 0x2e, 0x8e, 0x9f, 0x52, 0x5f, 0xff, 0x08, 0x37, + 0x32, 0xba, 0x87, 0x71, 0x9f, 0xe9, 0x2f, 0x6b, + 0x26, 0x4d, 0x99, 0x50, 0x45, 0x8b, 0xd2, 0xc4, + 0x99, 0xe4, 0x5a, 0xf0, 0xc6, 0x17, 0x9b, 0x0f, + 0x11, 0x62, 0x10, 0x84, 0x43, 0x06, 0xec, 0x28, + 0x9c, 0x47, 0x8f, 0xa7, 0x2f, 0x76, 0xa6, 0xac, + 0x46, 0xac, 0xc5, 0x5a, 0x32, 0xc1, 0x9b, 0x28, + 0x27, 0x12, 0x7f, 0xa1, 0xa6, 0xd6, 0xf3, 0x6b, + 0x1e, 0xf5, 0x0c, 0xe6, 0x7a, 0x45, 0x86, 0x43, + 0xca, 0xaf, 0x9b, 0x8a, 0x9f, 0xe3, 0xf2, 0x8e, + 0xbb, 0x78, 0x96, 0x52, 0x0d, 0x14, 0x82, 0x7f, + 0x64, 0xca, 0x7d, 0x6e, 0xfd, 0x9b, 0x85, 0x99, + 0xed, 0xe0, 0xd3, 0x2f, 0x97, 0x48, 0x38, 0x75, + 0x69, 0xab, 0xb5, 0x20, 0x28, 0xe0, 0x42, 0xef, + 0xc6, 0x59, 0xae, 0xde, 0x4e, 0xf4, 0xee, 0x4b, + 0x85, 0xff, 0xcd, 0x17, 0x45, 0x5a, 0x52, 0x2a, + 0xdf, 0x71, 0x2c, 0x66, 0x75, 0xf4, 0x6a, 0x3d, + 0xbf, 0x34, 0x1e, 0x6f, 0xc7, 0x48, 0xcc, 0x19, + 0xce, 0x83, 0x06, 0xc1, 0xe3, 0xbb, 0x76, 0x2f, + 0x69, 0xb1, 0x71, 0x44, 0x6d, 0x36, 0xe6, 0x3a, + 0x29, 0x9d, 0x0d, 0x68, 0xb8, 0x8e, 0xce, 0xe3, + 0xd7, 0xfa, 0x91, 0x9b, 0xf4, 0x02, 0xca, 0x3e, + 0xbd, 0x46, 0xfa, 0xd0, 0x01, 0xbc, 0x25, 0x0c, + 0x81, 0x77, 0xcd, 0x43, 0xae, 0xef, 0x01, 0xd3, + 0x24, 0x17, 0x30, 0x3b, 0x65, 0x72, 0x8f, 0xd2, + 0x5d, 0xce, 0xb9, 0xf1, 0x28, 0x98, 0x15, 0xc3, + 0x13, 0x2e, 0xc1, 0xe5, 0x7a, 0x37, 0x6f, 0x1c, + 0x19, 0xd6, 0x90, 0x1c, 0x39, 0x8c, 0x58, 0xa3, + 0xd7, 0xda, 0x3a, 0xe2, 0x3c, 0x39, 0x9e, 0xb7, + 0x1f, 0xa3, 0x1a, 0x86, 0xd1, 0xcd, 0xa4, 0x94, + 0x0b, 0x62, 0x4d, 0x28, 0xac, 0x93, 0xda, 0x1e, + 0x9f, 0xac, 0x52, 0x02, 0x6c, 0x3a, 0x11, 0x02, + 0x50, 0xb5, 0xe9, 0x5f, 0x78, 0x22, 0x90, 0x59, + 0xae, 0xb9, 0x70, 0x33, 0x77, 0x67, 0x1e, 0x47, + 0xa0, 0x94, 0x96, 0xf1, 0xdc, 0x33, 0x3b, 0xe1, + 0x9c, 0x53, 0x75, 0x14, 0xab, 0x52, 0x55, 0xa2, + 0x78, 0x38, 0xcb, 0x03, 0x9c, 0xb7, 0x81, 0x7d, + 0x35, 0xc3, 0x87, 0xf3, 0xa1, 0x9e, 0x21, 0x43, + 0x7e, 0xe1, 0xcd, 0xd2, 0xc7, 0xef, 0x58, 0x83, + 0x02, 0x84, 0xea, 0xf6, 0x77, 0xdc, 0xe2, 0xd2, + 0x1d, 0x4b, 0x1e, 0xd5, 0x4e, 0x2b, 0x2b, 0x15, + 0x97, 0x7a, 0x98, 0x3c, 0xf9, 0x39, 0xa9, 0xf5, + 0xac, 0x55, 0x98, 0xdd, 0x73, 0xe5, 0x0a, 0x43, + 0xcd, 0xb6, 0xbd, 0x4c, 0xa9, 0xf0, 0x8b, 0x78, + 0xcd, 0x9c, 0x96, 0xce, 0xd0, 0x65, 0x54, 0xdb, + 0x1c, 0xf4, 0xa6, 0x74, 0x9f, 0xd5, 0x0b, 0x06, + 0x2c, 0x70, 0x2a, 0x6a, 0x2e, 0xe9, 0xf6, 0x10, + 0x2d, 0x7e, 0x84, 0x82, 0x54, 0x59, 0x3e, 0x43, + 0x0e, 0xc9, 0xa6, 0x59, 0xe0, 0x10, 0x46, 0x02, + 0x05, 0x0b, 0x49, 0xb7, 0x0c, 0x4f, 0x18, 0x23, + 0x27, 0xf3, 0xeb, 0xbc, 0x42, 0x14, 0xfa, 0x6b, + 0xd0, 0x34, 0xe2, 0x22, 0x2c, 0xa0, 0x12, 0xb3, + 0xbc, 0x28, 0x84, 0x13, 0xf6, 0xec, 0xe6, 0x18, + 0xea, 0xf3, 0xac, 0xf1, 0xb0, 0xd9, 0xaa, 0x94, + 0xa1, 0x02, 0xda, 0x9b, 0x56, 0x32, 0x9f, 0x4c, + 0x80, 0x8a, 0xc3, 0x3d, 0x35, 0xaf, 0x54, 0xe6, + 0xd4, 0xc1, 0xd1, 0x2e, 0x60, 0x73, 0x4e, 0xb0, + 0x28, 0x9f, 0x16, 0x74, 0x25, 0x5a, 0xd4, 0xfa, + 0xca, 0x96, 0x44, 0xc3, 0x63, 0x88, 0xe6, 0x5c, + 0x1d, 0xa8, 0x98, 0xe4, 0xcd, 0x65, 0x31, 0xe8, + 0x95, 0x92, 0xe1, 0xe5, 0x7b, 0xb2, 0x98, 0x8d, + 0x57, 0x88, 0xeb, 0xe1, 0xb0, 0x13, 0x28, 0x3d, + 0xdd, 0xfa, 0x34, 0x6c, 0xda, 0x5b, 0x22, 0x4f, + 0x5f, 0x8b, 0xef, 0xfa, 0xc5, 0xca, 0x52, 0x1b, + 0xc5, 0x46, 0xaa, 0x3f, 0x1e, 0xec, 0xb2, 0x54, + 0xc5, 0x97, 0x31, 0x46, 0x57, 0xdd, 0xa9, 0x17, + 0x27, 0xba, 0x42, 0x92, 0x9b, 0x39, 0x93, 0xc3, + 0xc4, 0x4e, 0xd3, 0xce, 0x00, 0xaa, 0x1a, 0xf9, + 0xb0, 0x0c, 0xf9, 0xee, 0xfd, 0x75, 0x30, 0xac, + 0xf2, 0x9c, 0x50, 0xbd, 0x07, 0x06, 0x62, 0x03, + 0x72, 0x42, 0x4f, 0x58, 0xbf, 0xb3, 0x56, 0xd2, + 0x8e, 0xf5, 0xa8, 0xd9, 0x04, 0x03, 0xc5, 0x2d, + 0x62, 0xdd, 0x2f, 0x92, 0xa1, 0x9b, 0x75, 0xe6, + 0xc4, 0x6c, 0xb4, 0xea, 0xc7, 0x7a, 0x91, 0x02, + 0xa6, 0xdc, 0xbb, 0x1d, 0xce, 0xa0, 0x5a, 0x28, + 0x68, 0x8b, 0x94, 0xed, 0x39, 0x66, 0xe9, 0x56, + 0x45, 0x19, 0x58, 0x08, 0x03, 0x79, 0x5f, 0x03, + 0x82, 0x55, 0xcc, 0xf0, 0xab, 0x91, 0x76, 0x28, + 0x98, 0x94, 0x2a, 0xfa, 0x38, 0xe4, 0xbf, 0x78, + 0x39, 0xb3, 0xde, 0xc1, 0x9d, 0x24, 0x44, 0xd5, + 0x23, 0x72, 0x12, 0xe1, 0x5a, 0x49, 0x1d, 0x1f, + 0x56, 0x36, 0xd4, 0x1d, 0x0c, 0xc3, 0x75, 0x1d, + 0x96, 0xd8, 0x56, 0xf1, 0xcd, 0x4b, 0xf2, 0xa3, + 0xfe, 0x1a, 0xe8, 0x16, 0x8b, 0x24, 0x75, 0xd1, + 0x10, 0x51, 0xeb, 0x19, 0x80, 0xc3, 0x9f, 0xe1 + }; + /* Message (33 bytes) */ + static const byte msg_87[] = { + 0xd8, 0x1c, 0x4d, 0x8d, 0x73, 0x4f, 0xcb, 0xfb, + 0xea, 0xde, 0x3d, 0x3f, 0x8a, 0x03, 0x9f, 0xaa, + 0x2a, 0x2c, 0x99, 0x57, 0xe8, 0x35, 0xad, 0x55, + 0xb2, 0x2e, 0x75, 0xbf, 0x57, 0xbb, 0x55, 0x6a, + 0xc8 + }; + /* Context (33 bytes) */ + static const byte ctx_87[] = { + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f, + 0xab + }; + /* Signature for empty context (ctx=NULL, ctxLen=0), 4627 bytes */ + static const byte sig_87_ctx0[] = { + 0x73, 0x58, 0x39, 0x6f, 0xe7, 0xf7, 0xff, 0xa4, + 0xd7, 0xc6, 0x4b, 0x0b, 0x27, 0x26, 0x07, 0x68, + 0xa6, 0x37, 0x1e, 0xea, 0xdb, 0x1b, 0x43, 0xd2, + 0xa7, 0xd8, 0xe4, 0x02, 0x91, 0x80, 0x77, 0x27, + 0x64, 0xe9, 0xc2, 0xe1, 0x4c, 0xef, 0xc0, 0xb1, + 0x80, 0x03, 0xe9, 0x4a, 0x26, 0x5f, 0xfc, 0x62, + 0x4e, 0xd6, 0x23, 0xa3, 0x7d, 0x84, 0x58, 0xb4, + 0xbd, 0x8c, 0xfe, 0x67, 0x45, 0xcb, 0xa7, 0xf1, + 0x9e, 0x7f, 0xe6, 0x5b, 0x38, 0x8e, 0xe8, 0x7e, + 0x07, 0x07, 0xb8, 0x77, 0xb3, 0x1d, 0x63, 0x72, + 0x2e, 0x17, 0x60, 0xbe, 0x83, 0x01, 0x9c, 0xf4, + 0x61, 0x28, 0x6e, 0x87, 0xec, 0x5c, 0xa1, 0xb9, + 0xd4, 0xb0, 0x1a, 0xeb, 0xb1, 0xd0, 0xfa, 0xc1, + 0x88, 0x56, 0xa0, 0x11, 0xfe, 0x51, 0xc6, 0xe7, + 0x4c, 0x56, 0x10, 0xd6, 0x0d, 0xba, 0x2e, 0x45, + 0x25, 0xda, 0xca, 0xb2, 0x86, 0x5e, 0xec, 0x1b, + 0x43, 0xa1, 0x02, 0x18, 0x62, 0xdd, 0xbd, 0xfe, + 0xa2, 0xfd, 0x61, 0x45, 0xeb, 0x48, 0x87, 0x58, + 0x5e, 0x56, 0x89, 0xba, 0xea, 0xe8, 0x71, 0xf8, + 0xbb, 0xaa, 0x8b, 0x84, 0x0d, 0x53, 0xce, 0x87, + 0xfa, 0x59, 0x33, 0xbc, 0xec, 0x32, 0x61, 0x23, + 0xbf, 0x46, 0xa3, 0x36, 0xe2, 0xa2, 0xc5, 0xa7, + 0x61, 0x62, 0x29, 0x90, 0x05, 0x60, 0x40, 0xb2, + 0x07, 0x9f, 0xbc, 0x66, 0x50, 0xb9, 0xfd, 0xc2, + 0xb6, 0x2a, 0x4b, 0xcb, 0x6c, 0x22, 0xae, 0xa2, + 0x11, 0x5e, 0x79, 0x5c, 0x56, 0xd2, 0x4e, 0x77, + 0x13, 0xf5, 0x6e, 0xba, 0xc4, 0x1c, 0x88, 0xf8, + 0x1f, 0x9d, 0xb3, 0x7e, 0x17, 0xc6, 0x66, 0x49, + 0xe2, 0x9a, 0x98, 0x00, 0x0f, 0x42, 0xb1, 0x65, + 0x88, 0x1f, 0xb3, 0xa0, 0x63, 0xb0, 0x79, 0xd0, + 0x88, 0x19, 0x5f, 0xeb, 0x2b, 0x3e, 0x68, 0x5c, + 0x2a, 0x92, 0xe6, 0xd8, 0x8b, 0x51, 0x13, 0x7d, + 0xbd, 0x13, 0x5c, 0x0d, 0xad, 0x3c, 0xe5, 0x13, + 0x42, 0x09, 0x05, 0x6e, 0x51, 0x90, 0xb2, 0x5f, + 0xb9, 0x12, 0xeb, 0x5d, 0x42, 0xcb, 0x89, 0xc6, + 0x8a, 0x96, 0x64, 0x05, 0x0b, 0xcb, 0x6f, 0x51, + 0xff, 0x3e, 0xb2, 0xfd, 0x62, 0x96, 0x55, 0x4e, + 0xac, 0x66, 0xd7, 0x16, 0xa2, 0xac, 0xd8, 0x66, + 0xea, 0x04, 0x72, 0x6e, 0xf0, 0x1d, 0x30, 0xdb, + 0x45, 0xe3, 0x8f, 0x6b, 0x9d, 0x09, 0xc4, 0x8a, + 0xac, 0x66, 0xbd, 0x36, 0x7b, 0xe3, 0x46, 0xfb, + 0x66, 0xd0, 0xd0, 0xd8, 0x61, 0x02, 0x90, 0x17, + 0xe3, 0xa2, 0x70, 0x50, 0xac, 0xd3, 0xcc, 0xd8, + 0x4d, 0x2c, 0x90, 0x7c, 0x6e, 0x5f, 0x4d, 0x99, + 0x50, 0xe1, 0x7e, 0xcd, 0x17, 0x78, 0x40, 0xab, + 0xd2, 0xb5, 0x17, 0x1d, 0x0b, 0xa3, 0xb6, 0x5a, + 0xc4, 0x2c, 0xc7, 0x53, 0xcd, 0x3e, 0xa0, 0x98, + 0x5a, 0x06, 0x88, 0x50, 0x17, 0xd7, 0x2a, 0xa3, + 0xf6, 0x3a, 0x75, 0x3a, 0x68, 0x7e, 0x71, 0xdb, + 0x66, 0x29, 0x94, 0x2e, 0x30, 0x0a, 0x6a, 0x9e, + 0xf6, 0x81, 0x42, 0x7c, 0xb6, 0x8e, 0xe6, 0x8a, + 0xf4, 0xd1, 0xb9, 0xa1, 0x2e, 0x73, 0x46, 0x0f, + 0x94, 0x2e, 0x48, 0x0a, 0x16, 0xd0, 0x37, 0xdc, + 0x65, 0xb9, 0xc4, 0xdc, 0xfd, 0xc9, 0xdf, 0x7c, + 0x91, 0x67, 0x68, 0x8e, 0xd2, 0xf4, 0x6f, 0x13, + 0x65, 0xa7, 0xbe, 0x46, 0x51, 0xf4, 0x01, 0xe1, + 0x6a, 0x4c, 0xc3, 0x85, 0xea, 0x4f, 0x80, 0x54, + 0xd0, 0xf1, 0xc7, 0xaa, 0xcb, 0x42, 0x40, 0x7f, + 0xb2, 0x05, 0x14, 0xc9, 0x93, 0x52, 0x3f, 0x22, + 0x2d, 0xd7, 0x3a, 0x3c, 0x0c, 0xf9, 0x28, 0x63, + 0x84, 0x98, 0x16, 0x51, 0x9b, 0x48, 0x1a, 0x44, + 0x1c, 0x60, 0xdc, 0x14, 0x4d, 0x58, 0x23, 0x58, + 0x3a, 0xd0, 0x2b, 0x9d, 0x2f, 0x52, 0xc4, 0xad, + 0x52, 0xd5, 0x89, 0x88, 0xab, 0xee, 0x12, 0x25, + 0x1e, 0x86, 0x9b, 0xb0, 0xf8, 0x77, 0xd2, 0xf1, + 0x4f, 0x25, 0xf9, 0x2d, 0x28, 0xb4, 0x14, 0x8c, + 0x58, 0xda, 0x0d, 0xa4, 0x5d, 0x51, 0x05, 0xf6, + 0xf7, 0xc3, 0xb6, 0x37, 0x46, 0x4a, 0x0c, 0x9a, + 0xcb, 0x67, 0x17, 0xce, 0xcc, 0x62, 0xf8, 0xc3, + 0x32, 0x7f, 0x63, 0x53, 0x8d, 0x45, 0xdc, 0x80, + 0x45, 0x68, 0x7f, 0x58, 0xb0, 0x45, 0xdd, 0xe3, + 0xdd, 0x5d, 0x54, 0xe6, 0x16, 0xbb, 0x38, 0xf1, + 0xca, 0x7c, 0x5e, 0xa8, 0xe8, 0x58, 0xa8, 0x34, + 0x5d, 0xc8, 0x38, 0x84, 0xf2, 0xb9, 0x2a, 0x35, + 0xb8, 0xde, 0x25, 0x16, 0x30, 0x18, 0x53, 0xd0, + 0x82, 0x51, 0x6d, 0x83, 0x14, 0x0a, 0xf9, 0x69, + 0x4e, 0xb3, 0xcc, 0xcf, 0x06, 0x3d, 0xdf, 0x2b, + 0xa4, 0x05, 0x56, 0xb7, 0x39, 0x76, 0x9c, 0x16, + 0x3e, 0x6f, 0x19, 0x93, 0xbf, 0x3a, 0x52, 0x1d, + 0xd8, 0x4f, 0xe0, 0x89, 0xfd, 0x8a, 0xd0, 0x22, + 0x66, 0x3e, 0x53, 0xb0, 0xc1, 0xc5, 0xb8, 0x3e, + 0xc8, 0x6e, 0xad, 0xd5, 0x3f, 0x31, 0x8e, 0x34, + 0xab, 0x54, 0x0e, 0x0d, 0x2b, 0xc0, 0x96, 0xed, + 0x5d, 0x42, 0xa0, 0x6a, 0x35, 0x16, 0x1f, 0xca, + 0x1e, 0x4d, 0x29, 0x35, 0x23, 0x5a, 0x33, 0x8a, + 0x91, 0x90, 0x1d, 0xbb, 0xd0, 0xc8, 0x46, 0x22, + 0x8f, 0xfd, 0x83, 0x4d, 0x60, 0x82, 0x7f, 0xa1, + 0x03, 0x79, 0x1c, 0xfc, 0x1d, 0x3f, 0x64, 0x57, + 0x7a, 0x59, 0x67, 0x49, 0xd0, 0x09, 0x7c, 0x29, + 0xb4, 0x09, 0x4f, 0xe4, 0x3c, 0x84, 0x4f, 0xbb, + 0x3a, 0x1e, 0x17, 0x4e, 0x10, 0xb8, 0x62, 0x81, + 0x1e, 0x08, 0x1d, 0x27, 0x91, 0x52, 0x64, 0xed, + 0x1b, 0xc9, 0xe1, 0x36, 0xad, 0x71, 0xe9, 0xe5, + 0x21, 0xcf, 0xef, 0x8a, 0x26, 0x82, 0xb7, 0xda, + 0x57, 0x6d, 0x73, 0x82, 0xfb, 0xc8, 0x28, 0xec, + 0x1d, 0x48, 0xbc, 0xba, 0x76, 0xf9, 0x43, 0x31, + 0xe8, 0x7c, 0x58, 0x20, 0x19, 0x73, 0x75, 0xf0, + 0x47, 0x0d, 0x2d, 0xcc, 0x20, 0x05, 0x56, 0xb2, + 0x3c, 0xfd, 0xee, 0xd7, 0x82, 0xc1, 0xf1, 0x0a, + 0x33, 0x52, 0x46, 0xe1, 0xfc, 0x28, 0xba, 0x0f, + 0x2c, 0x52, 0xd4, 0xda, 0xeb, 0x52, 0xf0, 0x07, + 0xd9, 0xa4, 0x17, 0x04, 0xba, 0x00, 0x34, 0x26, + 0x82, 0xa9, 0x73, 0x68, 0x46, 0x35, 0x31, 0x11, + 0x73, 0xcf, 0xf9, 0xea, 0xf8, 0x7b, 0xc7, 0x5e, + 0x38, 0x38, 0xdb, 0x36, 0x87, 0x9b, 0xaf, 0x82, + 0xca, 0x36, 0xba, 0x5f, 0x53, 0x9d, 0xf1, 0xff, + 0xb3, 0x0e, 0x59, 0xe0, 0x01, 0x1e, 0xd4, 0x6a, + 0xe1, 0xaa, 0x44, 0xe7, 0x7e, 0xef, 0xbe, 0x5e, + 0x8b, 0x9d, 0x72, 0xa4, 0xcb, 0xd4, 0xe5, 0x01, + 0x60, 0xc3, 0x25, 0x03, 0x62, 0x55, 0xc9, 0x47, + 0xfb, 0xaf, 0x6e, 0xb3, 0x6d, 0x3d, 0x64, 0xb6, + 0x1f, 0x35, 0x08, 0xdb, 0xec, 0x26, 0xbb, 0xe1, + 0x2d, 0x85, 0xc5, 0x04, 0x8e, 0x5b, 0x34, 0x49, + 0x4e, 0x3e, 0xd4, 0x8c, 0xdf, 0x5b, 0x85, 0x94, + 0xf8, 0xa3, 0x57, 0x3c, 0x11, 0x38, 0xe9, 0x4b, + 0x39, 0x48, 0x98, 0xc6, 0xa9, 0xa1, 0x78, 0x6f, + 0x55, 0x72, 0x6c, 0xfe, 0xa6, 0x52, 0xd6, 0x7a, + 0x87, 0xb5, 0x6a, 0x27, 0xbc, 0x3f, 0xb5, 0xe6, + 0xe0, 0x76, 0xe7, 0x75, 0x07, 0x4a, 0x92, 0xc1, + 0x7a, 0xc4, 0x45, 0xd0, 0x7e, 0xcc, 0x71, 0xbe, + 0x11, 0xea, 0xc3, 0x35, 0x83, 0x61, 0x98, 0x83, + 0xae, 0x28, 0xc0, 0x5f, 0x90, 0x2f, 0x4b, 0xda, + 0x15, 0x80, 0x15, 0x28, 0x5a, 0x2c, 0xe8, 0xa4, + 0x62, 0x87, 0x9b, 0xa2, 0x2c, 0xde, 0x19, 0x5e, + 0x33, 0x56, 0x84, 0x63, 0x25, 0xbc, 0x11, 0x3e, + 0xfd, 0xb5, 0xd6, 0x44, 0x82, 0x3a, 0xf7, 0x27, + 0x95, 0xb2, 0x21, 0xa6, 0x1c, 0x10, 0xac, 0x67, + 0x76, 0x1b, 0x10, 0x74, 0x86, 0x71, 0xde, 0x13, + 0x43, 0x84, 0x4c, 0x16, 0xf4, 0x01, 0x96, 0xff, + 0x6a, 0xfe, 0x00, 0x71, 0x37, 0xd0, 0x91, 0x3a, + 0xa7, 0xc1, 0x39, 0x2f, 0xb1, 0x44, 0x1b, 0x9c, + 0x44, 0xe3, 0xd4, 0x28, 0x60, 0x66, 0xa6, 0xb8, + 0x21, 0xe4, 0x87, 0xdf, 0x5a, 0xcc, 0xa4, 0x8f, + 0x67, 0x8c, 0x1d, 0xee, 0x22, 0x2a, 0xdd, 0xae, + 0x5e, 0x7e, 0x42, 0xe9, 0x1f, 0x70, 0x43, 0x52, + 0x1e, 0x7c, 0x48, 0x39, 0x30, 0xf6, 0xf4, 0x97, + 0xfc, 0x3d, 0x41, 0x9d, 0x6d, 0xc2, 0xfd, 0xef, + 0x23, 0x12, 0x60, 0x81, 0xa0, 0xb0, 0x75, 0xc6, + 0xd9, 0xd5, 0x2a, 0x53, 0x39, 0x29, 0x27, 0xeb, + 0x04, 0xd3, 0xb1, 0x34, 0xb0, 0x04, 0x3c, 0x80, + 0xc9, 0x61, 0xad, 0xb4, 0x5b, 0xc6, 0x29, 0x16, + 0x28, 0x6c, 0x79, 0xd1, 0x12, 0x14, 0xd0, 0x1e, + 0x80, 0x4e, 0x6c, 0x48, 0x47, 0x0c, 0x60, 0xe2, + 0xbb, 0x1e, 0xe1, 0x65, 0xd3, 0xd0, 0x2c, 0xe9, + 0xde, 0x7b, 0x17, 0x8d, 0x46, 0x3e, 0xde, 0x17, + 0xa9, 0x6d, 0x97, 0xf4, 0xbb, 0xd2, 0xdc, 0xa2, + 0xac, 0xe4, 0xb5, 0x67, 0xe8, 0xbf, 0x8c, 0x5d, + 0xd5, 0xb1, 0x56, 0x2c, 0xab, 0xc5, 0x05, 0xd5, + 0x77, 0x23, 0xe6, 0x19, 0x5b, 0xce, 0xda, 0x4a, + 0xc8, 0x0a, 0xe1, 0x7c, 0xa0, 0xd4, 0xd5, 0xc4, + 0xcc, 0xa1, 0xa3, 0xb5, 0xab, 0xef, 0x52, 0x10, + 0xc3, 0x4f, 0xa1, 0x8f, 0x9a, 0xfe, 0xed, 0x8c, + 0xf3, 0x23, 0xb8, 0x4c, 0xb6, 0xd8, 0x61, 0xaa, + 0x1f, 0x0e, 0x32, 0x0a, 0x48, 0x90, 0x26, 0xdf, + 0x85, 0x0d, 0xdd, 0xe9, 0xfa, 0x0f, 0x67, 0x01, + 0x13, 0x24, 0xa2, 0x06, 0x62, 0x60, 0x2a, 0xde, + 0x20, 0x78, 0x74, 0x29, 0xe9, 0x64, 0x51, 0x87, + 0x16, 0xe9, 0xe9, 0xeb, 0xf4, 0xec, 0x08, 0x81, + 0xf2, 0x1c, 0x72, 0x79, 0xe6, 0xd3, 0x0c, 0x56, + 0xf0, 0x75, 0x36, 0x2e, 0xa4, 0x2b, 0xfc, 0xb9, + 0x84, 0x42, 0x14, 0x71, 0xb3, 0x45, 0xec, 0xe2, + 0x5d, 0xc9, 0x7a, 0x39, 0xf9, 0xfa, 0x1e, 0xf4, + 0xe2, 0x2f, 0xc6, 0xb1, 0xfb, 0x68, 0xd3, 0xda, + 0xc6, 0x2e, 0x79, 0x61, 0x77, 0xa1, 0x2e, 0x47, + 0xc3, 0x34, 0x72, 0x2d, 0xbb, 0xa8, 0x7a, 0x80, + 0xeb, 0x29, 0xa2, 0x0a, 0x19, 0xe5, 0x52, 0x5e, + 0x9b, 0xd7, 0xbd, 0x56, 0x8e, 0xa3, 0x7a, 0xdd, + 0xea, 0x29, 0xe2, 0xb1, 0xdc, 0x6e, 0x2b, 0x9a, + 0x25, 0x4c, 0xc4, 0x4f, 0xfc, 0xa5, 0x4c, 0x36, + 0xda, 0x58, 0x94, 0x4e, 0xc1, 0x57, 0x43, 0x53, + 0x7e, 0xdf, 0x99, 0x5b, 0x78, 0x49, 0xc5, 0x06, + 0xc2, 0x1f, 0x4e, 0x34, 0xe5, 0x1b, 0xe3, 0x7c, + 0xfe, 0x65, 0x25, 0x93, 0xf4, 0x6b, 0x3f, 0x0e, + 0xe8, 0x24, 0x3d, 0x38, 0x14, 0xdc, 0x90, 0x37, + 0xd3, 0x6d, 0x1c, 0x0f, 0x17, 0x87, 0x56, 0x18, + 0x07, 0x72, 0xd1, 0xbf, 0xf1, 0x2b, 0x96, 0xf4, + 0x6b, 0x01, 0xf5, 0x11, 0xbe, 0xe8, 0xf2, 0xbd, + 0xed, 0x54, 0x94, 0x20, 0x15, 0xed, 0x1b, 0xd1, + 0x64, 0x9d, 0xc1, 0xfd, 0x9c, 0xdb, 0x02, 0x21, + 0x47, 0x43, 0x24, 0xc9, 0x98, 0xd7, 0xe6, 0x5a, + 0x9f, 0x97, 0x99, 0x60, 0x9d, 0x32, 0x80, 0xfd, + 0xa5, 0x12, 0x82, 0x68, 0xa3, 0x43, 0xbd, 0xbf, + 0x7c, 0x72, 0xbc, 0xdd, 0xc3, 0x8a, 0x7e, 0xba, + 0x28, 0x0c, 0x17, 0x56, 0x19, 0xd9, 0xd4, 0xdf, + 0xcf, 0x82, 0x4e, 0xc6, 0x9b, 0xad, 0xc2, 0xf9, + 0x95, 0xfb, 0x91, 0xe2, 0xdf, 0xd3, 0x01, 0x2c, + 0x4c, 0x6a, 0xc9, 0xd7, 0x29, 0x72, 0x8b, 0x1c, + 0xbe, 0x97, 0x71, 0x98, 0x64, 0x39, 0x24, 0xd7, + 0x6c, 0xb8, 0x4b, 0xb1, 0xf0, 0x48, 0x51, 0xdc, + 0xcb, 0x63, 0x80, 0x39, 0x9f, 0x6e, 0xcd, 0xcb, + 0xeb, 0x7f, 0x44, 0x13, 0x86, 0x8e, 0x59, 0xc3, + 0xfe, 0xdc, 0xd1, 0x81, 0xf2, 0xa4, 0x5b, 0x63, + 0x57, 0x65, 0x8e, 0xeb, 0x70, 0xfc, 0x53, 0xe2, + 0xf5, 0xf8, 0x50, 0xc2, 0x79, 0x17, 0xe3, 0x99, + 0x8d, 0xe6, 0xd9, 0x13, 0x67, 0xa9, 0x3a, 0x63, + 0x8c, 0x45, 0x4f, 0x85, 0x44, 0x2d, 0x4f, 0x30, + 0x39, 0xa2, 0xec, 0x72, 0x9b, 0x61, 0xb6, 0x2a, + 0x1f, 0x35, 0x93, 0x0c, 0xab, 0xad, 0x34, 0x54, + 0xae, 0xcb, 0x5a, 0xc7, 0xf0, 0xd9, 0xdc, 0xd8, + 0xf8, 0x3c, 0x6f, 0xf7, 0x64, 0x8c, 0xdc, 0xa9, + 0x75, 0x96, 0x32, 0x56, 0x86, 0x91, 0x70, 0x45, + 0x0b, 0xb1, 0x5b, 0x16, 0x44, 0x35, 0xee, 0x7c, + 0x20, 0xa0, 0xee, 0xf0, 0xbc, 0x0d, 0xa4, 0xa0, + 0x6f, 0x00, 0xdb, 0xbf, 0x89, 0xa1, 0x78, 0x6b, + 0xbf, 0x2e, 0x6b, 0xd5, 0x74, 0x1b, 0x09, 0x37, + 0xa1, 0x1e, 0x29, 0x9f, 0x91, 0xed, 0x29, 0x55, + 0xfb, 0x1d, 0x99, 0x99, 0x11, 0x56, 0xec, 0xb4, + 0x45, 0x20, 0x40, 0x72, 0x2f, 0x2f, 0x10, 0xb1, + 0xde, 0x23, 0x08, 0x21, 0xb6, 0xbb, 0x76, 0x80, + 0xb3, 0xdf, 0x4b, 0xd5, 0x08, 0xe9, 0x3c, 0xae, + 0x1d, 0x71, 0xc2, 0x7c, 0x04, 0x44, 0x0d, 0x38, + 0xcd, 0x85, 0xad, 0xde, 0xb3, 0xbb, 0x70, 0x18, + 0xa7, 0xe1, 0x9a, 0x8f, 0x02, 0xa5, 0x7e, 0x51, + 0xb3, 0x49, 0x32, 0xc3, 0x58, 0x7b, 0xac, 0x1a, + 0xf5, 0xa1, 0x60, 0x8b, 0xba, 0xe8, 0xc0, 0x50, + 0xd3, 0x38, 0x6e, 0xde, 0x25, 0x8c, 0x08, 0x78, + 0xab, 0x0d, 0xd3, 0x86, 0xb3, 0xfd, 0x02, 0x21, + 0xc1, 0x7a, 0x78, 0xc7, 0x6a, 0x8f, 0xec, 0x55, + 0xfd, 0x96, 0x48, 0x8c, 0xba, 0x09, 0xf9, 0x32, + 0x50, 0x7a, 0x50, 0x97, 0x3d, 0x0e, 0x2e, 0xd4, + 0xdc, 0x5d, 0x55, 0x92, 0x9f, 0x94, 0x73, 0x4a, + 0xa9, 0x24, 0x05, 0x3c, 0xd2, 0xd2, 0x06, 0x19, + 0x83, 0x83, 0x84, 0x3c, 0xaa, 0x77, 0x48, 0x8a, + 0xf6, 0xbf, 0xa2, 0x00, 0xff, 0x13, 0x42, 0x92, + 0xee, 0x77, 0xde, 0xa3, 0x9a, 0xe6, 0x45, 0xad, + 0xf0, 0x73, 0x2b, 0x09, 0xeb, 0x7d, 0xe0, 0x9c, + 0xad, 0xd0, 0x21, 0x3d, 0x93, 0x13, 0x7c, 0xc8, + 0x62, 0xfc, 0x7b, 0xb5, 0xac, 0x5b, 0x3a, 0x6c, + 0xbd, 0xd3, 0xed, 0x37, 0xa0, 0xd7, 0xbf, 0xf5, + 0xf8, 0x18, 0x63, 0xb4, 0x9d, 0x3c, 0x67, 0x83, + 0x9a, 0x9c, 0xf2, 0xa8, 0x93, 0xa7, 0x3f, 0x95, + 0xc3, 0x92, 0x67, 0x42, 0x2c, 0xe9, 0x1c, 0x1a, + 0xc7, 0xff, 0x00, 0x2c, 0x09, 0x81, 0x70, 0x31, + 0x0c, 0x6c, 0xb0, 0xb6, 0xbd, 0x4a, 0xcd, 0x16, + 0x80, 0xdc, 0xe2, 0x24, 0x3c, 0xc4, 0x53, 0x65, + 0x1f, 0x13, 0x86, 0x6f, 0x1a, 0x95, 0x16, 0xac, + 0xd4, 0xbf, 0x93, 0xba, 0xa0, 0x7a, 0x98, 0xdf, + 0x75, 0xc2, 0x8e, 0x8c, 0x73, 0x28, 0xc9, 0xda, + 0x46, 0x09, 0x96, 0x57, 0x5b, 0xe8, 0xdb, 0xd1, + 0x68, 0x52, 0xe4, 0x00, 0xaf, 0x17, 0xe6, 0x3c, + 0x4c, 0x55, 0x34, 0x96, 0x45, 0xf6, 0xa3, 0x54, + 0x0c, 0x20, 0xc7, 0x44, 0xad, 0xf6, 0xde, 0xee, + 0x02, 0xf0, 0x84, 0x4b, 0x02, 0xea, 0x8f, 0x65, + 0x65, 0xfd, 0x8a, 0xc1, 0xeb, 0x58, 0x13, 0xb1, + 0xf1, 0xb2, 0x86, 0x70, 0x2e, 0xb4, 0xca, 0x98, + 0x16, 0x27, 0xab, 0x0f, 0x8f, 0x4f, 0xe8, 0x04, + 0x0c, 0xf2, 0xc1, 0x57, 0x72, 0xee, 0x9f, 0x46, + 0xd7, 0xe1, 0x2a, 0x04, 0xb8, 0x42, 0x22, 0x38, + 0x86, 0x63, 0x27, 0x08, 0x9e, 0x4e, 0x25, 0xae, + 0xf8, 0x29, 0xbb, 0x1e, 0x25, 0xe8, 0x66, 0xa0, + 0x5a, 0xed, 0xa6, 0x57, 0xa9, 0xe3, 0x38, 0x25, + 0x96, 0x77, 0x01, 0x23, 0x42, 0x3a, 0xdf, 0xf0, + 0x4d, 0x00, 0x13, 0xe5, 0xb1, 0x83, 0x5c, 0x53, + 0xad, 0xbc, 0x9d, 0x67, 0x7d, 0x81, 0x3e, 0x63, + 0x70, 0x45, 0xff, 0xa2, 0x4e, 0xe6, 0x35, 0x66, + 0xff, 0x87, 0xdf, 0xb4, 0x73, 0xdf, 0xc6, 0x9b, + 0xa1, 0x33, 0x19, 0xd5, 0x3b, 0x0e, 0x06, 0x78, + 0xc7, 0xb7, 0x97, 0x1d, 0x5b, 0x72, 0xc3, 0xcd, + 0xa8, 0x21, 0xdd, 0xe0, 0xce, 0x83, 0x0c, 0xcf, + 0x8f, 0xce, 0x38, 0x8b, 0xf2, 0xa7, 0xc5, 0xc2, + 0x30, 0x4c, 0x9b, 0x9a, 0xb0, 0x49, 0x53, 0x63, + 0xf6, 0x88, 0x1e, 0x15, 0xa1, 0xd2, 0x49, 0xc4, + 0x93, 0x2a, 0x6d, 0xa8, 0x0b, 0x4e, 0x21, 0xed, + 0x00, 0xcf, 0x99, 0x41, 0xec, 0x05, 0x9b, 0x82, + 0xf8, 0x91, 0xdf, 0x0e, 0x3a, 0xfb, 0x57, 0xd9, + 0xd4, 0x67, 0x96, 0x9e, 0x23, 0xbc, 0xf7, 0x51, + 0x8c, 0x47, 0xb4, 0x8b, 0xc3, 0xb4, 0xaa, 0x16, + 0x84, 0x54, 0x8e, 0x8a, 0x8e, 0x41, 0xe1, 0x6d, + 0x24, 0x72, 0x03, 0xc5, 0xf7, 0xa8, 0xa6, 0x9a, + 0x9b, 0xaa, 0x64, 0xe6, 0xc8, 0xad, 0x91, 0xad, + 0xb0, 0x79, 0x62, 0xfd, 0xda, 0xe6, 0xf6, 0x5e, + 0x98, 0xee, 0xe5, 0x5a, 0x51, 0xb0, 0xc4, 0x36, + 0xcf, 0xcb, 0x77, 0xeb, 0x71, 0x9a, 0xde, 0x3e, + 0xd0, 0x38, 0xe1, 0x86, 0x41, 0x3c, 0x55, 0x54, + 0x94, 0xba, 0x57, 0x5a, 0xc1, 0x5b, 0x5a, 0xaa, + 0x46, 0xab, 0xf9, 0x70, 0x20, 0x0d, 0xf9, 0xf8, + 0x62, 0xa8, 0x55, 0x60, 0x27, 0x89, 0xf6, 0x41, + 0x23, 0x51, 0x0b, 0x28, 0xce, 0xaf, 0x26, 0xec, + 0x8b, 0x3c, 0xa4, 0xb4, 0x15, 0x50, 0x39, 0x9c, + 0x34, 0xff, 0x50, 0x98, 0xbd, 0xaa, 0xb7, 0xef, + 0xa8, 0xc7, 0x26, 0x14, 0xcf, 0xb9, 0xbf, 0x30, + 0xd2, 0xca, 0x48, 0x4e, 0xde, 0xff, 0x48, 0x60, + 0x30, 0x54, 0x7a, 0x3e, 0x66, 0x0b, 0x81, 0xe3, + 0x5b, 0x7e, 0x0a, 0x68, 0x32, 0x3c, 0xe5, 0x44, + 0x02, 0x27, 0x98, 0x3f, 0x55, 0xd0, 0x9c, 0xa4, + 0xbe, 0x3f, 0xf3, 0x16, 0x5f, 0xa8, 0x78, 0xd2, + 0x51, 0x37, 0x28, 0x4d, 0x5e, 0x6f, 0xd1, 0x2e, + 0xc6, 0x17, 0xe1, 0x55, 0xcf, 0xf2, 0x5b, 0x66, + 0xb9, 0xee, 0x35, 0xf1, 0x99, 0xad, 0xda, 0xa5, + 0xcc, 0x4c, 0x61, 0x40, 0x9a, 0x44, 0x28, 0x13, + 0x1a, 0x03, 0xd6, 0xd4, 0x4c, 0xb3, 0xbe, 0xc7, + 0x7c, 0x12, 0x69, 0xa3, 0x78, 0x09, 0x10, 0xac, + 0xd6, 0x45, 0x5a, 0xa0, 0x35, 0x08, 0xbc, 0xad, + 0x7f, 0xc1, 0x96, 0xd3, 0x1d, 0x66, 0x46, 0x01, + 0x08, 0x91, 0x6b, 0x7c, 0x3b, 0x5c, 0xae, 0x70, + 0xac, 0x51, 0x6c, 0x3e, 0xc6, 0x24, 0x00, 0xf8, + 0x13, 0x1d, 0x82, 0x89, 0x2f, 0x72, 0x5f, 0xaa, + 0x99, 0x3c, 0x63, 0xfd, 0xc4, 0xeb, 0x80, 0x28, + 0xb3, 0xc1, 0x75, 0xe0, 0xd6, 0x4d, 0x20, 0x0b, + 0xc4, 0xc3, 0x0c, 0x9b, 0x50, 0x61, 0x35, 0x8b, + 0xeb, 0x19, 0x35, 0xa6, 0xcf, 0xa2, 0x1d, 0x57, + 0x03, 0xa9, 0x3f, 0xe8, 0x31, 0x10, 0xe6, 0x87, + 0x6a, 0xd6, 0x70, 0x05, 0xd4, 0x56, 0x97, 0x62, + 0xfc, 0x71, 0xba, 0xb3, 0x0e, 0x4b, 0xc6, 0xe5, + 0x10, 0xfe, 0xf2, 0x57, 0x45, 0x39, 0x9d, 0x58, + 0xde, 0x49, 0xa9, 0xc7, 0x65, 0xe5, 0xde, 0x72, + 0x03, 0xce, 0x1f, 0xfa, 0x0c, 0x37, 0xa4, 0x21, + 0x06, 0x71, 0x87, 0xdd, 0x14, 0x3f, 0x72, 0x37, + 0xb4, 0xd8, 0x15, 0xce, 0xcc, 0x3d, 0x2b, 0x10, + 0xe3, 0x8b, 0xf8, 0x55, 0x08, 0xf3, 0x2b, 0xf7, + 0x1e, 0x28, 0xbe, 0xb3, 0xd8, 0xab, 0xf6, 0xc6, + 0x11, 0x04, 0xd4, 0x92, 0xec, 0xe6, 0x1a, 0xe8, + 0xe9, 0xb0, 0xd2, 0x5f, 0x92, 0xeb, 0x36, 0x0f, + 0xc5, 0x5b, 0xbb, 0xc1, 0xb2, 0x0f, 0xdd, 0x4f, + 0x71, 0xdf, 0x2c, 0x98, 0xb3, 0xd7, 0xc4, 0x68, + 0x1d, 0x82, 0x14, 0x8d, 0xab, 0x70, 0x90, 0x45, + 0x1b, 0x2d, 0x83, 0xe7, 0x64, 0x53, 0x53, 0x01, + 0x9c, 0x2f, 0xd1, 0x51, 0x05, 0xb3, 0x50, 0x1d, + 0x99, 0x7c, 0x08, 0x95, 0x99, 0x49, 0x76, 0xdf, + 0x80, 0xc7, 0x1f, 0xf5, 0x92, 0xc7, 0x07, 0x13, + 0x54, 0x67, 0x5b, 0xb8, 0x9d, 0x09, 0x53, 0x7c, + 0x13, 0xc6, 0xe2, 0x4d, 0xa5, 0x6f, 0x65, 0x96, + 0x40, 0x38, 0xdb, 0xaf, 0x8e, 0x1a, 0x91, 0x1c, + 0x6d, 0x7a, 0x99, 0x4f, 0x50, 0x4f, 0xe5, 0x04, + 0x0b, 0x05, 0x81, 0x74, 0x4a, 0x01, 0xac, 0xf3, + 0x3b, 0x4f, 0x59, 0x76, 0x44, 0x5c, 0x0a, 0x69, + 0x4a, 0x30, 0x93, 0xb3, 0xde, 0x13, 0x2b, 0x79, + 0xc4, 0x95, 0xa4, 0xfe, 0x38, 0x5f, 0x49, 0x92, + 0x23, 0xf7, 0x1b, 0xb9, 0x25, 0x85, 0x41, 0x4b, + 0x69, 0x9a, 0xd4, 0x93, 0xd3, 0xd9, 0x7a, 0x69, + 0xab, 0x9b, 0xf7, 0x1b, 0x53, 0x46, 0x35, 0xfb, + 0x8e, 0x20, 0xa4, 0x3f, 0x8d, 0x55, 0xc1, 0xfb, + 0x6e, 0x82, 0x74, 0xd2, 0x76, 0x33, 0x3e, 0x49, + 0xf6, 0x96, 0xe6, 0x1f, 0xd4, 0x4a, 0x40, 0x89, + 0x9b, 0xe5, 0xb3, 0x1f, 0x0b, 0xde, 0x13, 0x7e, + 0x3c, 0x76, 0xce, 0x2d, 0x0d, 0xc4, 0x7f, 0x4a, + 0x1d, 0x28, 0x20, 0xfc, 0x0f, 0x3e, 0x23, 0x58, + 0x2c, 0x69, 0x0d, 0xde, 0xa4, 0xcc, 0x35, 0xd5, + 0x26, 0xef, 0x14, 0xc9, 0x0d, 0x2b, 0x8b, 0x1c, + 0x6d, 0xfd, 0x33, 0xd7, 0x69, 0x99, 0x27, 0x76, + 0xee, 0x52, 0x9e, 0x4f, 0xa2, 0x37, 0x13, 0x54, + 0xb4, 0xb0, 0x21, 0x47, 0x1a, 0x6a, 0x11, 0x57, + 0x25, 0x69, 0x49, 0xa6, 0x8a, 0x9e, 0xda, 0x5a, + 0x91, 0xa6, 0xea, 0x76, 0x16, 0x8e, 0x66, 0x46, + 0xc9, 0x8d, 0x1f, 0xbc, 0x44, 0x53, 0x5e, 0xb9, + 0x39, 0xa4, 0xbe, 0x62, 0xd1, 0xe4, 0xa1, 0x16, + 0x70, 0x5e, 0x2d, 0x2a, 0xa7, 0xea, 0x8d, 0x94, + 0xfb, 0x19, 0x08, 0x2a, 0x9c, 0x2c, 0x62, 0xb0, + 0x0b, 0x8d, 0x79, 0x94, 0x81, 0x3a, 0x4c, 0x8b, + 0x14, 0x60, 0x32, 0x62, 0x43, 0x9b, 0xbb, 0x6e, + 0xae, 0x5a, 0x0a, 0xa5, 0xec, 0xa9, 0xc7, 0x29, + 0x86, 0xa3, 0xa1, 0x17, 0x2d, 0xaa, 0x08, 0x27, + 0x68, 0x37, 0xd6, 0x2e, 0xaa, 0x3d, 0xb0, 0xac, + 0x27, 0xb0, 0xce, 0xc2, 0x7c, 0x83, 0xb0, 0x6f, + 0xe0, 0x00, 0x76, 0xef, 0xf0, 0xe2, 0xd7, 0x87, + 0x55, 0xf2, 0x95, 0x93, 0xd6, 0x83, 0x25, 0x88, + 0xf9, 0x9f, 0x6a, 0x58, 0x54, 0xd3, 0x78, 0x02, + 0xa2, 0xd2, 0xaa, 0x89, 0x33, 0x4c, 0xd0, 0xad, + 0xd2, 0xdf, 0x78, 0xf5, 0x03, 0xa5, 0x74, 0xef, + 0x77, 0xfe, 0x30, 0xc1, 0x16, 0x44, 0xa1, 0xb6, + 0x38, 0x38, 0x9e, 0xf1, 0x05, 0xe7, 0x18, 0x58, + 0x9f, 0x29, 0xa5, 0xda, 0xe5, 0x92, 0x1f, 0x33, + 0xc7, 0x90, 0xe2, 0x87, 0xd1, 0x0e, 0xdc, 0x1b, + 0x75, 0x65, 0xaa, 0x8c, 0xcb, 0x4f, 0x68, 0xb2, + 0x1a, 0xf6, 0x3b, 0x3e, 0xdf, 0x8f, 0xb5, 0x0a, + 0xdf, 0xfb, 0x6a, 0x9e, 0x4a, 0xdb, 0x83, 0x92, + 0x12, 0x7e, 0x39, 0x2b, 0x96, 0x85, 0x1f, 0xe5, + 0xdf, 0x59, 0x8f, 0x7c, 0x88, 0x96, 0xfa, 0x84, + 0x9a, 0x4b, 0xd8, 0x79, 0x03, 0x75, 0x88, 0x22, + 0x73, 0x61, 0x00, 0x02, 0x67, 0x11, 0x09, 0xbd, + 0x34, 0xce, 0x81, 0x34, 0x2d, 0x9d, 0x67, 0xa0, + 0x2c, 0xfc, 0x77, 0x46, 0x19, 0x84, 0x68, 0xa8, + 0x0e, 0xd5, 0x46, 0xe1, 0x82, 0xb6, 0xc4, 0xcd, + 0x0d, 0x64, 0x1f, 0x9b, 0xeb, 0x35, 0x21, 0x87, + 0x7d, 0xae, 0x6e, 0xce, 0xe5, 0x14, 0xca, 0xe0, + 0x37, 0xdf, 0x86, 0x75, 0xaa, 0x9e, 0x76, 0x02, + 0xaa, 0xea, 0x19, 0x6c, 0xe6, 0x26, 0xf9, 0x79, + 0xb6, 0xd9, 0x9e, 0x88, 0xca, 0xaa, 0x26, 0x5e, + 0xbc, 0x1a, 0xea, 0xfe, 0xd5, 0xe9, 0x12, 0x8c, + 0x08, 0x41, 0x35, 0xac, 0xaf, 0xb9, 0xed, 0x56, + 0xc6, 0xab, 0x5f, 0xb5, 0xd8, 0x64, 0xde, 0x1f, + 0x07, 0x50, 0x5b, 0xf4, 0x71, 0xbe, 0x7f, 0xf3, + 0xdd, 0x3e, 0x73, 0xa1, 0xba, 0x71, 0x55, 0x09, + 0x0a, 0x04, 0x9f, 0x54, 0x9d, 0x3f, 0x78, 0xd9, + 0xcb, 0xad, 0x1b, 0x2e, 0xc7, 0xde, 0xcd, 0x66, + 0x31, 0xf8, 0xd5, 0x8b, 0x6b, 0x41, 0xbe, 0x04, + 0x6a, 0xcc, 0x08, 0x29, 0x8c, 0x10, 0x7d, 0x10, + 0xdf, 0xcc, 0x42, 0x89, 0x9f, 0xab, 0x1b, 0x2f, + 0x78, 0x38, 0x5a, 0x34, 0x46, 0xc7, 0x3c, 0x2b, + 0x49, 0x89, 0xf1, 0x94, 0xc8, 0xa1, 0x16, 0x76, + 0x66, 0xa6, 0x5f, 0xf6, 0x36, 0x05, 0xb7, 0x8a, + 0xaf, 0x15, 0x88, 0x7f, 0xfb, 0xd1, 0x7e, 0x4d, + 0x53, 0x6a, 0xb9, 0x09, 0x38, 0x43, 0xef, 0x67, + 0x5b, 0x28, 0x47, 0x66, 0x62, 0x3a, 0xe4, 0x55, + 0xbf, 0x13, 0x87, 0x68, 0xde, 0x23, 0xb6, 0x57, + 0xbd, 0xaa, 0x2f, 0x99, 0x9a, 0xfd, 0xbb, 0x21, + 0xb7, 0xc0, 0x4d, 0x96, 0x8d, 0x40, 0xd6, 0xf0, + 0xac, 0x20, 0x79, 0xa0, 0x03, 0x87, 0xbe, 0x50, + 0xfa, 0x78, 0x18, 0x04, 0x36, 0x7c, 0x34, 0x4a, + 0x71, 0x1c, 0x02, 0x67, 0xfe, 0xbc, 0x45, 0x96, + 0xb7, 0x0f, 0x38, 0x1c, 0x14, 0x57, 0x05, 0xfd, + 0x13, 0x03, 0xcd, 0xa0, 0x04, 0xbb, 0xae, 0xfc, + 0xf0, 0x85, 0x04, 0x7d, 0xdb, 0x86, 0xff, 0xcf, + 0x3a, 0x20, 0xec, 0xc9, 0xe7, 0x84, 0x4c, 0x51, + 0x0c, 0xcc, 0xad, 0xb4, 0x0d, 0x28, 0xcb, 0x66, + 0x20, 0xc8, 0x62, 0x7d, 0x13, 0x89, 0x28, 0xbb, + 0x87, 0x98, 0xea, 0x64, 0xe4, 0x83, 0xc3, 0xae, + 0x1a, 0xea, 0x68, 0x11, 0x05, 0x05, 0xc3, 0x1e, + 0x90, 0x1e, 0xd4, 0x06, 0xd3, 0xdd, 0xdc, 0x08, + 0xb5, 0x65, 0xb9, 0x4d, 0xcb, 0xf7, 0xb7, 0x33, + 0x18, 0x05, 0xbf, 0x59, 0x55, 0x14, 0x61, 0x15, + 0xa9, 0x21, 0x92, 0xa2, 0x2d, 0xed, 0x89, 0xd8, + 0x96, 0x30, 0xc7, 0x4f, 0xfb, 0x15, 0x34, 0x33, + 0xa4, 0x21, 0xe2, 0x3d, 0x1e, 0xd3, 0xd4, 0xa4, + 0x5b, 0x89, 0xe4, 0xa3, 0xc3, 0xc2, 0x73, 0x7b, + 0x0e, 0x0e, 0xb5, 0x3c, 0xc5, 0x09, 0x5e, 0x77, + 0x00, 0xbe, 0x43, 0x99, 0x2f, 0x91, 0xd4, 0x79, + 0x1e, 0x30, 0xf5, 0x39, 0x0b, 0xc9, 0x1b, 0xd8, + 0xfc, 0x0d, 0xf8, 0x39, 0x1e, 0xc1, 0x40, 0x7a, + 0xde, 0x5c, 0x63, 0xb1, 0xd1, 0xd0, 0x7b, 0x90, + 0xf6, 0x2b, 0x27, 0x0c, 0x68, 0x40, 0xee, 0x7c, + 0x36, 0xd6, 0xdb, 0x87, 0x25, 0x36, 0xdf, 0x49, + 0xbb, 0xed, 0xa4, 0xa6, 0x90, 0xde, 0x59, 0x0c, + 0x49, 0xf5, 0x26, 0xe2, 0xed, 0x4e, 0x6b, 0x35, + 0x3e, 0x6c, 0x36, 0x81, 0x11, 0xde, 0x91, 0xc8, + 0xa1, 0x76, 0x55, 0x54, 0xf9, 0xa7, 0x96, 0xda, + 0x3d, 0x9c, 0x8c, 0x3f, 0xd8, 0xd7, 0xa0, 0xe2, + 0x9b, 0xef, 0xcd, 0x8c, 0xa4, 0x91, 0x27, 0x37, + 0x09, 0xfb, 0xa1, 0x98, 0x03, 0x72, 0x44, 0x67, + 0x48, 0x3a, 0x3d, 0x93, 0xcb, 0x77, 0x52, 0x55, + 0x20, 0xc5, 0xe9, 0x41, 0x9f, 0xd8, 0x8d, 0x9d, + 0x6b, 0x74, 0x98, 0xbe, 0xca, 0x8f, 0x43, 0xf7, + 0xb0, 0x6d, 0x63, 0x00, 0x64, 0x2f, 0x7f, 0xd8, + 0x89, 0x8c, 0x09, 0xb2, 0xa1, 0xb1, 0x7a, 0xc9, + 0xf4, 0xd6, 0xd1, 0x54, 0xe6, 0x34, 0xf2, 0x55, + 0xe6, 0xa5, 0x1d, 0x3b, 0xd2, 0x8f, 0x93, 0x88, + 0xd3, 0x17, 0xd2, 0x56, 0x8e, 0x93, 0xb5, 0x5b, + 0xeb, 0xda, 0xae, 0x0f, 0xfe, 0xe5, 0xcd, 0x46, + 0x87, 0x34, 0xe9, 0xc6, 0xb8, 0x27, 0xe1, 0x11, + 0x73, 0xb1, 0xab, 0x28, 0x12, 0xa3, 0xfe, 0x0b, + 0xa1, 0x42, 0xb3, 0x65, 0xfc, 0x18, 0x44, 0x27, + 0x83, 0x43, 0xf8, 0x15, 0x90, 0x1d, 0x60, 0xfe, + 0xe4, 0x49, 0xa1, 0x63, 0x74, 0x42, 0x2d, 0x5c, + 0x0d, 0xe9, 0xaf, 0x00, 0xfa, 0xa4, 0xb5, 0xa0, + 0xca, 0xb7, 0xeb, 0x3a, 0x52, 0x5c, 0xe5, 0xcb, + 0x8d, 0x14, 0xe7, 0x44, 0x32, 0x6c, 0x9d, 0xc1, + 0x50, 0xb0, 0x9f, 0x2b, 0x40, 0xa1, 0x40, 0xbe, + 0x73, 0xdd, 0x4c, 0xec, 0x76, 0xd9, 0x13, 0x5e, + 0x3e, 0x76, 0x4a, 0x1b, 0x75, 0xfa, 0x67, 0x55, + 0x0d, 0xce, 0x00, 0x95, 0xbd, 0xdb, 0x82, 0xfd, + 0xb2, 0x65, 0x49, 0x31, 0xa3, 0xd0, 0x75, 0x6f, + 0xab, 0xc2, 0x9a, 0xaa, 0x04, 0xed, 0x18, 0xd3, + 0x89, 0x1e, 0xbc, 0x2a, 0xad, 0xb0, 0xca, 0x70, + 0xf4, 0x89, 0xa0, 0xb6, 0x66, 0x89, 0x6e, 0x33, + 0x3f, 0x73, 0x18, 0x4e, 0x14, 0xe1, 0xdc, 0xf8, + 0x85, 0x56, 0xf7, 0x45, 0x72, 0xc2, 0x8c, 0x95, + 0xd1, 0xde, 0x1b, 0x96, 0x10, 0x5e, 0x75, 0x23, + 0x13, 0x2d, 0x39, 0x01, 0x74, 0x85, 0x8b, 0x94, + 0x52, 0x27, 0x8c, 0x0c, 0xa0, 0x04, 0xa2, 0xe7, + 0xdb, 0xfb, 0xc4, 0xb3, 0xc5, 0x66, 0x60, 0xc9, + 0x76, 0x40, 0x00, 0x29, 0xac, 0xc7, 0xc0, 0xe1, + 0xc5, 0xab, 0x4e, 0xc5, 0xff, 0x04, 0x5e, 0xdd, + 0x9e, 0xa7, 0x13, 0xe9, 0x8a, 0xa6, 0xb9, 0xc0, + 0x92, 0x9e, 0x9c, 0x00, 0x02, 0xe6, 0x3c, 0xe3, + 0x7b, 0xb6, 0x79, 0x24, 0xfc, 0x82, 0x3c, 0xa8, + 0x3d, 0xba, 0xef, 0x73, 0x30, 0xe3, 0x0a, 0x9c, + 0xf0, 0xd9, 0x86, 0x29, 0x54, 0xd5, 0xa2, 0x32, + 0xf8, 0x1f, 0x00, 0x29, 0x86, 0x3d, 0x5c, 0x18, + 0xab, 0x18, 0x5b, 0x79, 0x5c, 0x6f, 0xb5, 0x18, + 0x09, 0xcb, 0x1d, 0x3f, 0x51, 0x64, 0x9e, 0x8c, + 0xc6, 0x48, 0x83, 0x54, 0x24, 0x4b, 0x1b, 0xff, + 0x80, 0xc1, 0xa4, 0x49, 0x67, 0x7c, 0xbf, 0xe3, + 0xda, 0x6b, 0x3e, 0xae, 0x39, 0x4a, 0x03, 0xff, + 0xd9, 0xe8, 0x92, 0x2a, 0xb7, 0x44, 0x68, 0x4a, + 0x36, 0x5f, 0xbd, 0x6d, 0xfe, 0xbc, 0xd1, 0x64, + 0x3f, 0x26, 0xae, 0xbc, 0x6a, 0xfe, 0xce, 0xfa, + 0xb8, 0xf5, 0x17, 0x3b, 0x3c, 0x8d, 0xa0, 0xe6, + 0x40, 0x46, 0xa6, 0xcb, 0x3c, 0xc5, 0x69, 0xb8, + 0x28, 0xfa, 0xe8, 0x9f, 0x1a, 0x7c, 0xa2, 0x7d, + 0x72, 0x78, 0x8a, 0x03, 0x8f, 0xe8, 0x27, 0x63, + 0x02, 0x7d, 0xa0, 0x39, 0x4a, 0xa2, 0x5e, 0xf9, + 0x79, 0x64, 0x95, 0xd3, 0x8d, 0x18, 0x8d, 0x09, + 0x99, 0x96, 0xe1, 0x01, 0x2d, 0xeb, 0x08, 0x12, + 0x3b, 0xc8, 0xe4, 0xaf, 0xaa, 0x88, 0x93, 0x49, + 0xe9, 0x59, 0xb3, 0xfe, 0x8b, 0x1b, 0x78, 0x3c, + 0x6d, 0x7c, 0x24, 0x33, 0xb8, 0x28, 0x97, 0x3b, + 0x76, 0x06, 0xd2, 0x43, 0x42, 0xec, 0xbe, 0x18, + 0x17, 0x81, 0xf6, 0xc7, 0x1d, 0xa4, 0x0e, 0xa4, + 0xe7, 0xcf, 0xb1, 0x2c, 0x9b, 0x09, 0x38, 0x73, + 0x67, 0xc5, 0x2c, 0xe7, 0x2d, 0x8d, 0x43, 0x72, + 0x23, 0x6d, 0xaa, 0xcf, 0x80, 0x23, 0x61, 0x08, + 0x3f, 0xbd, 0xd7, 0xc5, 0x2a, 0x0b, 0x3a, 0x83, + 0x3f, 0xf6, 0x65, 0x52, 0x94, 0x68, 0x27, 0x90, + 0x7d, 0x75, 0xfa, 0x3a, 0x82, 0x0c, 0xae, 0x66, + 0x39, 0x71, 0x17, 0xda, 0xbf, 0x26, 0x9c, 0xb9, + 0x56, 0x2e, 0x76, 0x11, 0xa1, 0xb3, 0x4d, 0xa1, + 0x51, 0x14, 0x1c, 0x90, 0xf5, 0xba, 0xf0, 0x53, + 0x32, 0xe1, 0xc7, 0x9f, 0x19, 0x03, 0xb9, 0x87, + 0x33, 0xbf, 0xe0, 0xde, 0xce, 0xc5, 0x38, 0xe3, + 0xd9, 0xe2, 0xa6, 0x55, 0xf5, 0xdb, 0x90, 0x42, + 0xa0, 0x02, 0x50, 0x6e, 0x01, 0xe4, 0x65, 0x79, + 0x43, 0xfd, 0x2e, 0x57, 0xa6, 0x25, 0x74, 0x31, + 0x5f, 0x55, 0x3d, 0x6a, 0x44, 0x04, 0x5e, 0xb0, + 0xce, 0x50, 0xe7, 0xf4, 0x7d, 0xb1, 0x7d, 0x4f, + 0xce, 0xd7, 0x42, 0x97, 0xb1, 0xee, 0x19, 0x52, + 0x32, 0x63, 0x02, 0x9b, 0x47, 0x19, 0xee, 0xa4, + 0x36, 0xaa, 0x25, 0x0f, 0xbd, 0xda, 0x03, 0xd8, + 0x5d, 0x2c, 0x88, 0x0b, 0x99, 0xc7, 0x72, 0x75, + 0x1a, 0x65, 0x95, 0xd5, 0x46, 0x4e, 0x9c, 0xcb, + 0xfc, 0xd0, 0xb1, 0x92, 0xd9, 0x3c, 0xcd, 0x6f, + 0xe2, 0x5b, 0x43, 0x88, 0xd2, 0xb0, 0xa9, 0x2e, + 0xaf, 0xb8, 0x36, 0xaa, 0x62, 0x97, 0x86, 0xd9, + 0x47, 0x8f, 0x24, 0xae, 0x50, 0x93, 0x09, 0xe9, + 0x80, 0x70, 0x2d, 0x4a, 0xf7, 0x03, 0xff, 0x09, + 0x04, 0xfa, 0x81, 0x55, 0x73, 0x8d, 0x13, 0x02, + 0x75, 0x53, 0x5e, 0x3f, 0x81, 0xec, 0x77, 0xb1, + 0x01, 0x07, 0x76, 0x83, 0x29, 0xae, 0x0b, 0x3b, + 0x50, 0x96, 0xed, 0xeb, 0x15, 0x54, 0x3d, 0x9c, + 0xc5, 0xa3, 0xf3, 0xe4, 0xee, 0xd4, 0x6b, 0xb6, + 0xa5, 0xec, 0x6a, 0x42, 0x85, 0x73, 0xbf, 0x31, + 0xac, 0x64, 0x32, 0x74, 0x24, 0xd1, 0x29, 0x1b, + 0xb2, 0xf9, 0x33, 0x52, 0x8e, 0x22, 0x23, 0x51, + 0xde, 0x80, 0x40, 0x94, 0x7b, 0x80, 0xdc, 0xbc, + 0xf9, 0xac, 0x91, 0xda, 0x17, 0x91, 0xa0, 0xfc, + 0xf8, 0x75, 0xec, 0xd2, 0x0a, 0x03, 0x25, 0x36, + 0x7c, 0xfa, 0x36, 0x18, 0xd3, 0x6a, 0x76, 0x5d, + 0x45, 0x60, 0x43, 0xa2, 0xe1, 0x8e, 0xee, 0x7a, + 0xf9, 0xfe, 0x94, 0xcd, 0xf8, 0xa1, 0x4f, 0x2f, + 0x14, 0xb3, 0x4b, 0xb4, 0xe8, 0x68, 0x97, 0xae, + 0xca, 0x2a, 0x7b, 0xd2, 0x9e, 0x6a, 0x28, 0xec, + 0xcb, 0xf0, 0xf8, 0xa2, 0x68, 0x54, 0x05, 0x8e, + 0x8e, 0x86, 0x31, 0x56, 0xb8, 0xc9, 0x68, 0x8f, + 0x26, 0x9d, 0xaa, 0x70, 0x43, 0x2f, 0x6f, 0x9f, + 0x5b, 0x60, 0x2a, 0xf8, 0xf6, 0xd6, 0x3e, 0x22, + 0x2a, 0x1c, 0xcd, 0xde, 0x96, 0xb7, 0xfc, 0x09, + 0xd4, 0xc6, 0x25, 0x3c, 0xaa, 0xb8, 0x67, 0x0f, + 0x3e, 0x50, 0x43, 0x45, 0xeb, 0x4d, 0x18, 0x29, + 0xae, 0x03, 0x10, 0x78, 0x3f, 0x71, 0x10, 0x29, + 0x71, 0x2a, 0xdb, 0xaa, 0xe6, 0x56, 0x64, 0x7a, + 0x95, 0x62, 0x13, 0x50, 0xe2, 0xcb, 0xdc, 0xf2, + 0xa9, 0xec, 0xc6, 0x4e, 0x8a, 0x3c, 0xc2, 0x8d, + 0xe7, 0x56, 0xd0, 0xb0, 0xbd, 0x58, 0x34, 0x25, + 0xaf, 0xb2, 0x07, 0xdc, 0x40, 0x8e, 0x92, 0x6f, + 0xc9, 0xe7, 0x7e, 0xf5, 0xb9, 0xd8, 0xe7, 0x1b, + 0x64, 0x49, 0x4d, 0x91, 0x7e, 0x0f, 0x2a, 0x06, + 0xf6, 0x7c, 0xc8, 0x55, 0x7a, 0x0f, 0xa3, 0x0d, + 0x16, 0x13, 0x88, 0xc7, 0x3b, 0xa7, 0xe3, 0x28, + 0x02, 0x96, 0xc8, 0x6c, 0x0a, 0x99, 0x6f, 0x31, + 0xc4, 0xb3, 0x2a, 0x78, 0xc0, 0x73, 0xae, 0xc7, + 0x54, 0xd5, 0x4a, 0xb0, 0xc6, 0x83, 0x53, 0xa8, + 0x0b, 0x05, 0xcd, 0xfd, 0x12, 0x14, 0x7b, 0x12, + 0x6a, 0x8d, 0x3f, 0x45, 0x90, 0x0f, 0xda, 0x07, + 0xe9, 0xec, 0x92, 0xa3, 0xee, 0xb0, 0x24, 0x45, + 0x0f, 0x07, 0x2b, 0x5b, 0x84, 0xe8, 0x9b, 0x71, + 0xfe, 0x82, 0x83, 0x22, 0x36, 0xa4, 0xf8, 0x45, + 0xf5, 0xdd, 0xf4, 0x9e, 0xf3, 0x24, 0x23, 0x09, + 0xb4, 0x4c, 0x11, 0xc5, 0xaa, 0x81, 0x80, 0xa7, + 0xd3, 0xec, 0xaf, 0x6c, 0xf7, 0x2d, 0x8e, 0x04, + 0x27, 0xfe, 0xe4, 0x26, 0x4c, 0x8d, 0xf4, 0x39, + 0x02, 0xca, 0x5d, 0x9e, 0xf8, 0x6e, 0x48, 0x23, + 0x41, 0xb9, 0x12, 0x3b, 0x63, 0xe4, 0x82, 0x48, + 0x8a, 0x0e, 0x7f, 0xbe, 0x1c, 0x41, 0x50, 0x4b, + 0xce, 0x82, 0x49, 0x2b, 0x48, 0x83, 0xee, 0xd1, + 0x97, 0x35, 0x39, 0xb8, 0x1b, 0x24, 0x43, 0x81, + 0xda, 0x76, 0x60, 0x12, 0x41, 0x98, 0x29, 0x85, + 0x24, 0xe1, 0x63, 0xf7, 0x05, 0x1a, 0x59, 0xdb, + 0x64, 0x6f, 0x15, 0xd8, 0x37, 0x55, 0x01, 0xdd, + 0xc9, 0x48, 0xcb, 0x24, 0xc2, 0xa2, 0x39, 0x16, + 0x07, 0x16, 0x4e, 0x71, 0x95, 0x96, 0xc4, 0xc8, + 0x01, 0x33, 0x65, 0x76, 0x7a, 0x8c, 0x97, 0xd0, + 0xdd, 0xf9, 0x02, 0x15, 0x31, 0x5e, 0x70, 0xfa, + 0x4a, 0x9a, 0xd8, 0xfc, 0x1e, 0x39, 0x89, 0xa7, + 0xcd, 0xec, 0xf3, 0x53, 0x56, 0x5c, 0x86, 0xc3, + 0xcd, 0xfb, 0x63, 0x6e, 0x8e, 0x95, 0xab, 0x12, + 0x7b, 0xf1, 0xfb, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x08, 0x12, 0x18, 0x1c, 0x23, + 0x2a, 0x2f, 0x33 + }; + /* Signature for context from gist record 1 (ctxLen=33), 4627 bytes */ + static const byte sig_87_ctx33[] = { + 0xef, 0x5e, 0x4b, 0x6a, 0x19, 0xd7, 0xe3, 0xf2, + 0x61, 0x0c, 0xf5, 0x1c, 0xaf, 0x5e, 0xc2, 0xaf, + 0xb1, 0xca, 0xcf, 0x9e, 0x18, 0x60, 0xc4, 0xb6, + 0x5a, 0x0b, 0xd6, 0xf1, 0xa5, 0xd4, 0xde, 0xc3, + 0x73, 0xfc, 0xaf, 0x0e, 0x72, 0x08, 0x2f, 0x5d, + 0x02, 0xf2, 0xcd, 0x03, 0x4f, 0xaa, 0xa7, 0x7c, + 0xb3, 0xd4, 0xd3, 0x63, 0xf5, 0xb0, 0x79, 0x88, + 0x90, 0x39, 0x6d, 0x39, 0x5a, 0x6b, 0xa0, 0x02, + 0x5f, 0x01, 0x93, 0x7d, 0x38, 0xf1, 0xa7, 0x3f, + 0xac, 0x80, 0x1a, 0xd1, 0xe1, 0xbb, 0xe5, 0x09, + 0x53, 0x19, 0xec, 0x38, 0xf7, 0x33, 0x1b, 0x17, + 0x4f, 0x19, 0xdb, 0xfe, 0x45, 0xe5, 0xbb, 0xa1, + 0x46, 0xcc, 0xcd, 0x16, 0x64, 0xb3, 0x6b, 0x74, + 0xd4, 0x3f, 0x5e, 0x68, 0x03, 0x16, 0xc1, 0x43, + 0x6b, 0x94, 0x3b, 0x0a, 0x24, 0xf9, 0x30, 0x5a, + 0x16, 0x8a, 0x17, 0x00, 0x76, 0x7f, 0x6b, 0x72, + 0xfe, 0xdd, 0x51, 0xc3, 0x07, 0x2c, 0xd8, 0xf1, + 0x89, 0x30, 0xe1, 0x4e, 0x4e, 0x5c, 0x1d, 0xbb, + 0x25, 0x49, 0x6e, 0x95, 0x63, 0xc2, 0x1e, 0x41, + 0x4a, 0x52, 0xe1, 0x60, 0xc4, 0xea, 0xb3, 0x18, + 0xe4, 0x01, 0xb1, 0x1b, 0x52, 0xa8, 0x3e, 0xbb, + 0x4a, 0x1b, 0x71, 0x8b, 0xe9, 0xec, 0xc1, 0xd5, + 0xb8, 0xc6, 0x1c, 0x59, 0x9b, 0x8e, 0x8f, 0xba, + 0x75, 0x2a, 0x6a, 0x25, 0xd3, 0x7a, 0xca, 0x16, + 0x7e, 0x3f, 0x6f, 0xd4, 0x6e, 0x96, 0xd6, 0x57, + 0xa6, 0x13, 0x38, 0x51, 0xf2, 0x98, 0x3f, 0x62, + 0xc4, 0x9e, 0x1d, 0x24, 0xe6, 0x2e, 0x9d, 0xe8, + 0xba, 0xed, 0x34, 0x2c, 0x18, 0xac, 0xbe, 0x23, + 0x21, 0xd2, 0xc4, 0xdf, 0x02, 0xff, 0x30, 0xa9, + 0x3e, 0x31, 0xcf, 0x3a, 0xdb, 0xdd, 0xfc, 0x79, + 0xf9, 0xf7, 0x09, 0x53, 0x6d, 0xab, 0x9f, 0x85, + 0x34, 0x82, 0x51, 0x8c, 0x84, 0xd9, 0xbd, 0xd0, + 0xe0, 0xfb, 0x7c, 0x0c, 0x68, 0x22, 0xed, 0x57, + 0x1a, 0x73, 0xee, 0xdc, 0xcc, 0x0c, 0xe7, 0x14, + 0x9c, 0x10, 0xf3, 0xf7, 0xbe, 0xf3, 0x92, 0xbf, + 0x27, 0x4b, 0x9f, 0xe9, 0x95, 0xf7, 0x71, 0x12, + 0x0f, 0x15, 0x74, 0x4d, 0x62, 0x3a, 0x1e, 0x8c, + 0x4f, 0x5c, 0x6c, 0x65, 0x9e, 0xb0, 0xba, 0x02, + 0x87, 0xb4, 0xdb, 0x75, 0xea, 0x1e, 0x9a, 0xff, + 0xbd, 0xa0, 0xb3, 0x43, 0xb8, 0xfa, 0x85, 0x5a, + 0xff, 0x45, 0x92, 0x6c, 0xa6, 0x2f, 0x8f, 0xc5, + 0x8d, 0xdd, 0x9d, 0x5c, 0x71, 0xd2, 0xe7, 0xb8, + 0x00, 0x94, 0x1c, 0x2c, 0x74, 0xbc, 0xaf, 0x62, + 0xcd, 0xe9, 0xc9, 0x7c, 0xfe, 0x20, 0x57, 0x37, + 0xfe, 0xf8, 0xa2, 0xa5, 0x27, 0xf9, 0x54, 0xf0, + 0x08, 0xa5, 0xd3, 0x45, 0x31, 0xa1, 0x27, 0xb9, + 0xfe, 0x6c, 0xc2, 0x18, 0xfe, 0x71, 0x3b, 0x34, + 0x17, 0xd7, 0xac, 0x0f, 0xa8, 0xe0, 0x6a, 0x93, + 0x85, 0xb0, 0x3f, 0x1f, 0xd8, 0xb8, 0xb0, 0x43, + 0xc5, 0xb6, 0x26, 0x6c, 0x07, 0xaa, 0xc9, 0x8a, + 0xfc, 0x7c, 0xbf, 0x55, 0x4b, 0x00, 0xfe, 0x48, + 0x2f, 0x82, 0x18, 0xf4, 0x54, 0x2b, 0x82, 0x53, + 0x46, 0x1b, 0x85, 0xfe, 0xf3, 0x01, 0x1e, 0xc2, + 0x88, 0x8d, 0x7f, 0xae, 0xfc, 0x35, 0x1f, 0x19, + 0x92, 0x88, 0xe7, 0x6c, 0xd2, 0x90, 0x49, 0x01, + 0x99, 0x52, 0x0a, 0x20, 0x07, 0xfd, 0x71, 0x4c, + 0x6f, 0x68, 0x17, 0xe9, 0x03, 0x4d, 0x7d, 0x51, + 0xb3, 0xf2, 0x7c, 0x34, 0xe9, 0x4b, 0xd0, 0x42, + 0xb6, 0xcc, 0xf0, 0x46, 0x9f, 0x14, 0x19, 0x2c, + 0xca, 0x7c, 0x63, 0xc8, 0x85, 0xb3, 0xe1, 0xc0, + 0x85, 0xef, 0x29, 0xbd, 0x87, 0x58, 0x86, 0x51, + 0x65, 0xfa, 0xd6, 0xfe, 0x9e, 0x7f, 0xd1, 0xc5, + 0x16, 0xc5, 0xab, 0x7d, 0x51, 0x0a, 0xe5, 0x46, + 0x90, 0xeb, 0x1b, 0xae, 0xe1, 0x46, 0xae, 0xe2, + 0x48, 0x93, 0x5c, 0x9d, 0x8b, 0x99, 0x24, 0x69, + 0xac, 0x9f, 0x66, 0xba, 0x64, 0x33, 0xa7, 0x0e, + 0x36, 0x0a, 0x1c, 0xff, 0xf6, 0xf2, 0xf0, 0x16, + 0x8e, 0x24, 0x1b, 0x1c, 0x39, 0x0f, 0xf9, 0xc6, + 0x9e, 0xa2, 0x89, 0xbb, 0xc7, 0xd6, 0x6b, 0x7c, + 0x34, 0x44, 0xd5, 0xdc, 0x04, 0xee, 0x23, 0xa7, + 0xd8, 0x03, 0x28, 0xc8, 0xe2, 0x9c, 0x2a, 0x34, + 0x38, 0x96, 0x9a, 0x3d, 0x6c, 0x80, 0x6e, 0xfd, + 0x7e, 0xaf, 0x8f, 0x18, 0x74, 0xf7, 0x74, 0x44, + 0x10, 0xce, 0x0c, 0x25, 0xe0, 0xb8, 0x11, 0x7f, + 0x6d, 0xa4, 0x41, 0x11, 0x4d, 0x93, 0x1b, 0xb8, + 0x47, 0xbd, 0xf2, 0x11, 0x07, 0xa5, 0x8a, 0x6d, + 0x85, 0x65, 0xe1, 0x09, 0x80, 0x4b, 0xd0, 0x70, + 0x4f, 0xab, 0x71, 0x00, 0x12, 0x6c, 0x6b, 0xe6, + 0xb8, 0x06, 0x05, 0xc6, 0xc1, 0x52, 0x26, 0x21, + 0x57, 0x70, 0xc5, 0xfb, 0x72, 0x8f, 0xe4, 0xea, + 0xe4, 0xc5, 0xc5, 0x28, 0x12, 0xed, 0x69, 0x77, + 0x32, 0xd7, 0x25, 0xc8, 0x5e, 0xb5, 0x14, 0x3f, + 0x91, 0xb5, 0x1e, 0xad, 0x5e, 0xd9, 0xb8, 0x33, + 0x4e, 0x61, 0x3d, 0xc7, 0x0e, 0x2c, 0xaa, 0x29, + 0x78, 0x38, 0xa0, 0x27, 0xca, 0xc1, 0xd9, 0x08, + 0xaf, 0xab, 0x31, 0x1e, 0xb0, 0xc1, 0xd7, 0x10, + 0x79, 0xd3, 0xee, 0x7a, 0xb4, 0x48, 0xa3, 0x8a, + 0x7e, 0xc9, 0xd2, 0x6d, 0x8c, 0xc4, 0x5c, 0xb8, + 0x26, 0x2f, 0x63, 0x54, 0x04, 0x5d, 0x75, 0x75, + 0x52, 0xac, 0x83, 0x49, 0xe3, 0xee, 0xa9, 0x02, + 0xdc, 0x10, 0xc0, 0x88, 0xad, 0x54, 0x5f, 0x3a, + 0x1a, 0xd5, 0xea, 0xb5, 0x0d, 0x6d, 0x6c, 0x5c, + 0xe3, 0xb6, 0x23, 0x02, 0xb2, 0x88, 0x2e, 0x3f, + 0xca, 0x68, 0x16, 0x29, 0xe4, 0x58, 0x9e, 0xa0, + 0x6f, 0x74, 0xfb, 0x39, 0x7d, 0x59, 0x78, 0x28, + 0x7e, 0xc5, 0x61, 0x16, 0x7f, 0x5a, 0x97, 0x2a, + 0x82, 0x5f, 0x77, 0x9f, 0x30, 0xa9, 0x54, 0x3c, + 0x9a, 0xc4, 0x6e, 0xec, 0x1f, 0xa2, 0x58, 0xf8, + 0xa9, 0x2c, 0x65, 0xeb, 0x6e, 0x61, 0x2f, 0x58, + 0x81, 0x0f, 0x70, 0x8a, 0x1d, 0x5d, 0xb1, 0xf8, + 0x48, 0x58, 0xd9, 0x0f, 0x36, 0xd7, 0x67, 0xe3, + 0x5f, 0xfb, 0x79, 0x1f, 0x48, 0x28, 0xa2, 0x3f, + 0xbe, 0x37, 0x41, 0x35, 0xa5, 0x63, 0x31, 0x8c, + 0x9e, 0x77, 0x46, 0xaf, 0x28, 0x9d, 0xdb, 0x44, + 0x73, 0xe3, 0x32, 0xab, 0xa3, 0x0e, 0xda, 0x25, + 0x37, 0x9a, 0xf1, 0x06, 0x0e, 0x1d, 0xa9, 0x32, + 0x9f, 0xc5, 0x4c, 0xed, 0x87, 0x04, 0xeb, 0x0b, + 0x26, 0x45, 0x03, 0xae, 0xc6, 0xd9, 0x2a, 0x8b, + 0x24, 0x31, 0x03, 0x52, 0x38, 0x87, 0x7d, 0x64, + 0x15, 0x0b, 0x36, 0xc7, 0x91, 0xf1, 0x93, 0xaf, + 0x3a, 0x41, 0xa9, 0x51, 0x1f, 0xcd, 0xeb, 0x02, + 0x13, 0x83, 0x8c, 0x08, 0x4f, 0x05, 0xe8, 0x02, + 0x4e, 0x5a, 0x3b, 0x3c, 0x19, 0x6c, 0x6b, 0x49, + 0xfb, 0x8d, 0x82, 0x10, 0x5c, 0xb9, 0x03, 0x81, + 0x3d, 0x39, 0xd5, 0x6c, 0x96, 0xfe, 0xf1, 0x4e, + 0xa2, 0xe4, 0x0d, 0x0f, 0xa1, 0xb3, 0x09, 0xdf, + 0x96, 0xe8, 0x30, 0xb2, 0x08, 0xff, 0x58, 0x28, + 0x29, 0xc6, 0x04, 0xf4, 0x6c, 0x8c, 0x8a, 0x1d, + 0x45, 0xca, 0x15, 0xea, 0x3c, 0xfe, 0x5d, 0x8e, + 0x12, 0x67, 0x28, 0x66, 0x66, 0xeb, 0x52, 0x4f, + 0x51, 0xaf, 0x51, 0x05, 0x0d, 0xce, 0x9e, 0xba, + 0xd7, 0xe0, 0x64, 0xdc, 0xcf, 0xf5, 0xc1, 0xd3, + 0xab, 0x3d, 0x15, 0xbe, 0x87, 0x23, 0x26, 0xbf, + 0x0d, 0x02, 0xac, 0xc7, 0xe7, 0xe4, 0xe1, 0x3a, + 0x42, 0x24, 0xab, 0xd9, 0x3b, 0x2a, 0x74, 0x6c, + 0x1d, 0x4f, 0xba, 0xc8, 0x2b, 0xdc, 0x99, 0x1c, + 0x58, 0x44, 0x6c, 0xd4, 0xd1, 0x58, 0x88, 0x02, + 0x5a, 0x7c, 0x11, 0x51, 0xf2, 0x5f, 0x3c, 0x63, + 0x71, 0xd3, 0xa6, 0xba, 0xd5, 0xee, 0xca, 0x06, + 0x43, 0x48, 0x6c, 0xc9, 0xe6, 0xde, 0xc5, 0xfc, + 0xcc, 0x20, 0xbe, 0x05, 0x29, 0x4a, 0xf6, 0x30, + 0xbc, 0xa5, 0xb5, 0xa8, 0xc5, 0xd1, 0xa3, 0xc9, + 0xa9, 0x4d, 0x29, 0x4f, 0x27, 0x3b, 0xfd, 0x92, + 0x2d, 0x8b, 0x66, 0x62, 0x2c, 0x44, 0xe5, 0x7b, + 0x21, 0xe2, 0xfc, 0x48, 0x70, 0x9d, 0xe6, 0xcc, + 0xf3, 0x40, 0x0e, 0x4d, 0x8a, 0x63, 0xd7, 0x69, + 0x44, 0x95, 0xe4, 0x42, 0x7b, 0xe3, 0x0a, 0xf4, + 0x08, 0xc0, 0x55, 0x85, 0xad, 0x62, 0xb1, 0x57, + 0xee, 0xac, 0x27, 0xde, 0x5f, 0xab, 0xbb, 0xc5, + 0x11, 0x8c, 0x5f, 0xc9, 0x08, 0x69, 0xa6, 0x6d, + 0x31, 0x12, 0x8a, 0x36, 0xb2, 0x0e, 0xe4, 0x0d, + 0x7f, 0x3f, 0x08, 0x55, 0xc1, 0x0f, 0x5f, 0x31, + 0xef, 0x84, 0x39, 0xf0, 0x12, 0x8e, 0x96, 0x13, + 0x69, 0x39, 0x00, 0xf4, 0xa4, 0x65, 0x30, 0xbd, + 0x2e, 0x57, 0x52, 0x2c, 0x66, 0x4b, 0x51, 0x15, + 0xe0, 0xa8, 0x91, 0xfe, 0xda, 0x1e, 0x78, 0x71, + 0x7b, 0x03, 0xae, 0xac, 0x93, 0x80, 0xd4, 0x09, + 0x2e, 0x6e, 0x88, 0x5f, 0xcb, 0x7a, 0xb7, 0x83, + 0xb6, 0xcb, 0x70, 0x53, 0x49, 0xa4, 0xe1, 0xeb, + 0xe3, 0x5e, 0x7b, 0xa3, 0x56, 0xe5, 0x57, 0x3e, + 0xb2, 0xe4, 0x2e, 0xf3, 0x19, 0x86, 0x9f, 0x27, + 0x8b, 0xf9, 0x8e, 0xe7, 0xca, 0x46, 0x35, 0xa1, + 0x0f, 0x14, 0xc1, 0x37, 0xfe, 0xd3, 0x89, 0xff, + 0x11, 0xff, 0x54, 0x39, 0xc0, 0xc0, 0x42, 0xe9, + 0x55, 0xd1, 0x0c, 0x86, 0x63, 0xbc, 0x2f, 0xa0, + 0x82, 0xa1, 0x92, 0x6c, 0x98, 0x4b, 0xe9, 0x91, + 0x89, 0x11, 0xe0, 0x8e, 0x5f, 0xb6, 0xd3, 0xb7, + 0x4a, 0x5a, 0xd1, 0xa4, 0x3b, 0xfb, 0x8e, 0x2c, + 0x90, 0xaa, 0xcd, 0xd4, 0x91, 0x0d, 0x5d, 0x3e, + 0x34, 0xf1, 0xf4, 0xd7, 0x8d, 0x2b, 0x9e, 0x41, + 0x89, 0xe5, 0xac, 0x29, 0xb7, 0x71, 0x2a, 0x8c, + 0x34, 0x8a, 0xc8, 0x15, 0x22, 0x4c, 0x2c, 0x61, + 0xb6, 0x3a, 0x42, 0xf7, 0xea, 0xc4, 0xe7, 0x94, + 0xdd, 0x99, 0x63, 0x25, 0xc9, 0x2d, 0x1b, 0xb9, + 0xe8, 0xfd, 0x71, 0xb0, 0x3a, 0x1c, 0x2c, 0x06, + 0x6a, 0x99, 0x1e, 0x7b, 0x2c, 0x42, 0x1a, 0x30, + 0x29, 0xcf, 0x26, 0x33, 0x77, 0xf8, 0x05, 0xac, + 0xa9, 0x9b, 0x09, 0x9d, 0xdd, 0x69, 0xf8, 0x34, + 0x63, 0x7b, 0x87, 0x0b, 0x86, 0x9f, 0x7b, 0xc9, + 0x3d, 0x55, 0xdd, 0x07, 0x26, 0x7a, 0xff, 0x48, + 0xc7, 0x52, 0xb4, 0x2a, 0x17, 0x5a, 0x8c, 0x41, + 0x20, 0xa0, 0x24, 0x11, 0x03, 0xab, 0xcd, 0xad, + 0xa0, 0x0e, 0x6b, 0xfe, 0xd3, 0x98, 0x9b, 0xa8, + 0x12, 0x8a, 0x0d, 0x2f, 0xcc, 0x3d, 0x5b, 0x60, + 0xb0, 0x48, 0x93, 0xe5, 0x3a, 0x95, 0xd1, 0x61, + 0x34, 0x83, 0x5c, 0xf1, 0x10, 0x05, 0xf8, 0xba, + 0x54, 0x90, 0xd9, 0xcc, 0x40, 0x93, 0x36, 0x51, + 0x6b, 0xc1, 0x5c, 0x07, 0xa8, 0xa4, 0x1b, 0x9f, + 0x09, 0x3a, 0xfe, 0x5f, 0x1d, 0x97, 0x95, 0x8a, + 0x8f, 0x19, 0xd0, 0x5d, 0x5d, 0x73, 0xf5, 0x35, + 0x9b, 0xc7, 0x12, 0xcf, 0x15, 0x1c, 0x28, 0x70, + 0x0f, 0xb8, 0x2b, 0xc9, 0x78, 0x39, 0xea, 0xa1, + 0x5d, 0x69, 0xa6, 0x26, 0x36, 0x5a, 0x9f, 0x74, + 0x46, 0x90, 0xa3, 0x04, 0x72, 0xbb, 0x43, 0xe9, + 0x23, 0x20, 0x65, 0xb1, 0x1d, 0x87, 0xa9, 0x24, + 0x87, 0xed, 0xfb, 0x84, 0x4f, 0xe8, 0xfe, 0xe5, + 0xa3, 0x53, 0x60, 0x66, 0x5d, 0x00, 0x62, 0x94, + 0x51, 0x6d, 0x71, 0x7e, 0xd5, 0x27, 0x6c, 0x8f, + 0xfb, 0x70, 0xf0, 0xd6, 0x77, 0xdd, 0x16, 0xd4, + 0xb2, 0xeb, 0xf7, 0x1a, 0x60, 0xeb, 0x90, 0xf3, + 0xcf, 0x9a, 0x41, 0xe6, 0xb9, 0x6a, 0xd6, 0x0a, + 0xa9, 0xa8, 0x0a, 0xc6, 0x6e, 0xd8, 0x2e, 0x89, + 0x84, 0xe8, 0x68, 0x0e, 0x5b, 0x51, 0x28, 0xae, + 0x0a, 0xf6, 0x6c, 0x1c, 0x11, 0xab, 0x26, 0xe1, + 0x11, 0x9c, 0x23, 0x99, 0x6f, 0x34, 0xd6, 0x9c, + 0xd2, 0xad, 0xa6, 0x1c, 0x2e, 0x3e, 0xc5, 0x06, + 0xf2, 0xf0, 0x03, 0x7a, 0xec, 0x8a, 0xb2, 0xad, + 0x45, 0xcd, 0xcb, 0x84, 0xea, 0x3f, 0xf0, 0xb6, + 0x0a, 0x1b, 0xc6, 0x03, 0x02, 0x6c, 0x34, 0xc3, + 0x8f, 0xac, 0xdd, 0x90, 0xac, 0xda, 0xcd, 0x20, + 0xa7, 0xf0, 0x80, 0xe1, 0x98, 0xd8, 0x60, 0x8d, + 0x09, 0xbf, 0x3b, 0xa3, 0xe9, 0xd9, 0x77, 0x02, + 0xc6, 0x83, 0xf7, 0xc1, 0x6a, 0x16, 0x5c, 0x4c, + 0x1a, 0x63, 0x91, 0x31, 0xfd, 0x54, 0xa2, 0x8f, + 0x70, 0xc4, 0x91, 0x23, 0xc0, 0x7f, 0xc8, 0x37, + 0xae, 0x81, 0x2e, 0xdf, 0xfb, 0xc4, 0x88, 0x1d, + 0xf6, 0x3f, 0x6c, 0x8d, 0x7f, 0xb4, 0x4f, 0xee, + 0xd0, 0x4e, 0x6b, 0x87, 0xba, 0xef, 0x5a, 0xb3, + 0x59, 0x6b, 0xf5, 0x02, 0xb6, 0x73, 0xde, 0x4c, + 0x1b, 0x05, 0x32, 0xb7, 0xdc, 0x59, 0x5d, 0x51, + 0x40, 0xf4, 0xa4, 0x73, 0xe2, 0x14, 0xd2, 0x83, + 0x1d, 0x4e, 0x89, 0x2d, 0x1b, 0xbc, 0x16, 0xf7, + 0xdb, 0x1e, 0x71, 0x20, 0x80, 0x46, 0x6d, 0x3d, + 0x07, 0x26, 0x55, 0xda, 0xff, 0xa2, 0xd3, 0xdf, + 0x1f, 0xdb, 0x09, 0x4c, 0xaf, 0x53, 0x99, 0xb9, + 0x69, 0x84, 0x41, 0xbf, 0xbe, 0x35, 0x38, 0xb4, + 0xb6, 0x1b, 0x70, 0x84, 0xbd, 0x70, 0x78, 0x9f, + 0x8c, 0x20, 0x92, 0x71, 0x3c, 0x71, 0x65, 0x10, + 0x28, 0x2f, 0x87, 0x57, 0x7e, 0xb2, 0x96, 0x76, + 0x21, 0x6a, 0x03, 0x7d, 0x3b, 0xef, 0x52, 0x71, + 0xc7, 0x97, 0xfc, 0xa2, 0xab, 0xf3, 0x32, 0x28, + 0xd7, 0xe6, 0x43, 0x87, 0x49, 0x3f, 0x38, 0x0e, + 0xfc, 0x65, 0xa0, 0x60, 0x9a, 0x82, 0xb3, 0xab, + 0xe4, 0xe7, 0xc2, 0xd8, 0x40, 0x07, 0xc2, 0x3f, + 0x26, 0xfc, 0x92, 0x65, 0xe6, 0xe2, 0x21, 0x9c, + 0xdb, 0x06, 0x96, 0x45, 0xf2, 0x63, 0xff, 0xe6, + 0x4f, 0x6c, 0xc5, 0xdd, 0x31, 0xb4, 0xb3, 0x62, + 0xa7, 0x08, 0x74, 0x75, 0x61, 0xcc, 0x65, 0x4c, + 0xbb, 0x1c, 0x08, 0x61, 0xa8, 0xc5, 0x23, 0x92, + 0x90, 0x5a, 0x72, 0x55, 0x71, 0xd0, 0x88, 0x03, + 0x48, 0xaf, 0x36, 0xfa, 0x4b, 0x27, 0x46, 0x70, + 0xa9, 0x11, 0x6c, 0x7d, 0xcc, 0x3d, 0xe3, 0x84, + 0xf0, 0x40, 0xf9, 0xef, 0xc2, 0xab, 0x8a, 0x46, + 0x19, 0x80, 0xaa, 0x3c, 0x72, 0x41, 0x48, 0x54, + 0xad, 0x3b, 0xea, 0x2f, 0xef, 0xf6, 0x8a, 0x6f, + 0x76, 0xe3, 0xd3, 0xf4, 0x45, 0xf4, 0x1e, 0xa1, + 0x3e, 0xf6, 0xcf, 0x03, 0x22, 0xcc, 0xc5, 0x89, + 0x16, 0xd4, 0x72, 0xc3, 0x9f, 0xf0, 0x42, 0x12, + 0x3a, 0x5e, 0xbb, 0x5c, 0x05, 0x57, 0x98, 0x76, + 0xae, 0x12, 0x48, 0x7f, 0xe2, 0x65, 0x7d, 0xdc, + 0x4d, 0xec, 0x2c, 0x90, 0xa0, 0xc1, 0x8e, 0xa0, + 0xc8, 0x62, 0xa6, 0xd1, 0x94, 0x92, 0xe0, 0x45, + 0x4b, 0xdd, 0x72, 0x13, 0x89, 0x13, 0xab, 0x0a, + 0x89, 0x99, 0xf8, 0xc8, 0x0a, 0xe9, 0x7d, 0x1d, + 0x36, 0x9f, 0x42, 0xfc, 0x0b, 0xdb, 0xd0, 0x12, + 0x8a, 0x56, 0x05, 0x14, 0x62, 0xae, 0x71, 0xab, + 0x1e, 0x78, 0x8e, 0x98, 0x9a, 0xbb, 0x4c, 0xe8, + 0x8e, 0x9d, 0x08, 0xb7, 0x96, 0x64, 0xf8, 0xeb, + 0x4d, 0x1f, 0x8c, 0x20, 0xd3, 0x50, 0xda, 0x25, + 0xf4, 0xaa, 0xd0, 0xcd, 0xe2, 0xcf, 0x10, 0x69, + 0x66, 0xa3, 0x88, 0x9d, 0x13, 0x17, 0xe3, 0xad, + 0x99, 0x94, 0x07, 0x97, 0x49, 0x22, 0x6f, 0xb0, + 0x70, 0xc2, 0x21, 0xd7, 0xd8, 0xfa, 0x14, 0xb2, + 0x4b, 0xfc, 0xbb, 0x26, 0x3e, 0x49, 0x35, 0x9f, + 0x3c, 0x6d, 0xfc, 0x93, 0x46, 0x2c, 0x43, 0xf8, + 0x89, 0x13, 0xfd, 0x06, 0x7f, 0x54, 0x08, 0x99, + 0x1b, 0xb8, 0xd7, 0x06, 0xec, 0xbf, 0x0e, 0x93, + 0xf5, 0x66, 0x87, 0xfe, 0x86, 0xd4, 0x01, 0xc1, + 0x1d, 0xbc, 0x1d, 0x3a, 0x71, 0x8b, 0x17, 0x5a, + 0x12, 0xbf, 0xed, 0x6f, 0xc4, 0x17, 0x4c, 0xbf, + 0xa2, 0xa5, 0xc4, 0x3d, 0x9f, 0xb8, 0x07, 0xaa, + 0xe5, 0x78, 0x70, 0x0e, 0x5c, 0x90, 0xe6, 0x81, + 0x28, 0x0f, 0x5b, 0x14, 0xdb, 0xef, 0x66, 0xff, + 0x4a, 0x51, 0xe8, 0x41, 0xa6, 0xca, 0x0f, 0x26, + 0x23, 0x43, 0xb4, 0x1a, 0x2c, 0x05, 0x15, 0x4f, + 0xa2, 0x60, 0xd8, 0x20, 0x94, 0x68, 0x81, 0xa1, + 0xa7, 0x5d, 0xab, 0x8c, 0xeb, 0xb2, 0x00, 0xb9, + 0xe0, 0x8e, 0x71, 0x4a, 0x01, 0xcc, 0x6f, 0xd4, + 0x9e, 0x63, 0x1b, 0x0a, 0xbd, 0x30, 0x4c, 0xc1, + 0x49, 0xae, 0x34, 0xf5, 0xf3, 0x1f, 0xae, 0xce, + 0x02, 0xf7, 0xcb, 0x07, 0xf8, 0xfd, 0x5c, 0x7e, + 0xf9, 0xbd, 0x01, 0x3b, 0x2b, 0x02, 0x56, 0x97, + 0x7f, 0x08, 0xf5, 0x42, 0x25, 0xc5, 0x92, 0x2e, + 0x7e, 0x59, 0xdd, 0x4f, 0xbe, 0x00, 0x53, 0x16, + 0x4b, 0x18, 0x85, 0x30, 0x10, 0x71, 0x1b, 0xc3, + 0x61, 0x9c, 0x3a, 0xd5, 0x10, 0xb0, 0x32, 0x4b, + 0x3f, 0x03, 0x58, 0xe1, 0x71, 0x78, 0x9d, 0xa5, + 0x96, 0x85, 0x8a, 0xb0, 0x17, 0x47, 0xa9, 0x4d, + 0xa0, 0x35, 0xca, 0xd8, 0xcc, 0x85, 0x51, 0x4b, + 0x70, 0x32, 0xc2, 0xbc, 0x0f, 0xdb, 0x01, 0xbf, + 0xcc, 0xa5, 0x44, 0xae, 0xf6, 0x9d, 0xa9, 0x0d, + 0x6f, 0xd6, 0xaf, 0x7c, 0x51, 0x09, 0x0a, 0x36, + 0x46, 0x98, 0x85, 0x6a, 0x07, 0xe1, 0x9d, 0xb8, + 0x6c, 0x8b, 0xf7, 0x1b, 0x87, 0x9e, 0x99, 0xb8, + 0x6c, 0x4c, 0x70, 0x9c, 0x91, 0x8d, 0xb8, 0x04, + 0x1e, 0x20, 0xc7, 0x50, 0x2a, 0x37, 0xd5, 0x43, + 0x3e, 0xb5, 0x7c, 0xfe, 0x30, 0xec, 0x1e, 0xbe, + 0xf6, 0x62, 0x57, 0x15, 0xb4, 0xe4, 0xe6, 0x1f, + 0x97, 0xea, 0xc6, 0xcc, 0xb1, 0x67, 0xbb, 0xa3, + 0xc1, 0x3f, 0x2f, 0xf6, 0x2c, 0xb7, 0x5d, 0x2e, + 0xb3, 0x9a, 0x89, 0xbd, 0x3f, 0xbe, 0x9b, 0x4f, + 0xc3, 0x6a, 0x8d, 0x33, 0xaa, 0x9b, 0x48, 0x43, + 0xa0, 0xe1, 0xec, 0xce, 0x09, 0xf5, 0x03, 0x46, + 0x7b, 0x2d, 0xc6, 0x07, 0x50, 0xc5, 0xd1, 0x4c, + 0x19, 0x2b, 0x6e, 0x56, 0xf9, 0x2e, 0x15, 0x1f, + 0xff, 0x00, 0x18, 0x7d, 0x0f, 0x16, 0xd0, 0xa0, + 0x60, 0x8c, 0x30, 0xac, 0x3c, 0x47, 0x94, 0x2e, + 0xae, 0xb2, 0x1f, 0x2e, 0x63, 0x42, 0x3c, 0x2c, + 0x9e, 0x91, 0x38, 0xf2, 0x50, 0xc9, 0xf0, 0x09, + 0x93, 0x07, 0xe3, 0x89, 0xe5, 0xde, 0x71, 0xba, + 0x87, 0x14, 0x50, 0x9d, 0x9b, 0x33, 0x53, 0x6d, + 0xef, 0x02, 0x2f, 0x8e, 0xdf, 0xb0, 0x27, 0x72, + 0x86, 0xda, 0xd0, 0xd7, 0x8f, 0xa7, 0x20, 0x0b, + 0x5b, 0xd4, 0xb3, 0xbf, 0x9d, 0x4c, 0xf6, 0x27, + 0xe9, 0xc6, 0x8a, 0x0a, 0xfa, 0x8d, 0x16, 0x95, + 0xe9, 0xc7, 0x2a, 0x62, 0xff, 0x80, 0x75, 0x02, + 0x66, 0x43, 0x0e, 0xff, 0x90, 0xe6, 0xe9, 0x43, + 0x9c, 0x95, 0x53, 0xa3, 0x26, 0xd8, 0x4c, 0x54, + 0xf9, 0x77, 0xcb, 0x4f, 0x53, 0x70, 0xa1, 0x9c, + 0x12, 0x10, 0x05, 0xe0, 0xc8, 0x0a, 0x7b, 0x66, + 0x05, 0xb6, 0x83, 0xea, 0x23, 0x66, 0x67, 0xfa, + 0x04, 0x5e, 0x5f, 0x73, 0x24, 0x39, 0x98, 0x49, + 0x0a, 0x69, 0x92, 0x69, 0x3c, 0x5f, 0xef, 0x79, + 0x25, 0x9f, 0x52, 0xbe, 0x42, 0xe6, 0x56, 0x0d, + 0x0e, 0x64, 0x48, 0x88, 0xf1, 0x6c, 0xe5, 0xa4, + 0xa0, 0x14, 0x98, 0xb5, 0x85, 0xf9, 0x0e, 0x67, + 0x08, 0x31, 0xc4, 0x9e, 0x42, 0x98, 0x98, 0x02, + 0x0a, 0x4c, 0x3f, 0xac, 0xb7, 0x6c, 0x0f, 0x12, + 0x01, 0x26, 0xbb, 0x6c, 0x94, 0x59, 0x08, 0x7f, + 0xf0, 0xb6, 0x49, 0xed, 0x5d, 0x14, 0x36, 0x83, + 0xbe, 0x7a, 0x43, 0x7e, 0x21, 0xc8, 0x0e, 0xe8, + 0xa5, 0xf9, 0x2a, 0x76, 0x06, 0xb3, 0x86, 0x55, + 0x43, 0x34, 0x27, 0xcd, 0xdf, 0xc1, 0x27, 0x77, + 0x07, 0x73, 0x3a, 0x3b, 0xa1, 0xc6, 0x7e, 0x25, + 0x4b, 0x6f, 0x47, 0x74, 0x7e, 0xb9, 0xb3, 0xa5, + 0x37, 0xdc, 0x12, 0xcd, 0xe1, 0xe6, 0x3c, 0x05, + 0x79, 0x6f, 0xdc, 0x8d, 0x6e, 0xa6, 0x13, 0xd0, + 0x21, 0x11, 0x74, 0xd6, 0x6a, 0x34, 0x52, 0x0e, + 0xb4, 0xd0, 0x47, 0x65, 0x21, 0xa0, 0xde, 0x3d, + 0x45, 0xc2, 0x59, 0x8c, 0x57, 0x6e, 0x7d, 0xa7, + 0x3b, 0xa4, 0xcb, 0x9d, 0xea, 0x45, 0x04, 0x47, + 0x2f, 0xfe, 0xff, 0x85, 0x9d, 0xc2, 0xde, 0x71, + 0x15, 0x32, 0xc3, 0x90, 0xb0, 0x76, 0x0b, 0x9c, + 0xfb, 0xda, 0xd5, 0x42, 0xbd, 0x5d, 0x62, 0x38, + 0x42, 0x34, 0x0b, 0xc7, 0xca, 0x0f, 0x13, 0x02, + 0x2a, 0x59, 0xc0, 0xa8, 0x2d, 0x8f, 0xcc, 0xf0, + 0x72, 0x65, 0xd2, 0x45, 0x82, 0xed, 0xe1, 0xfe, + 0x3a, 0xbd, 0xb1, 0x49, 0x14, 0x87, 0x70, 0x80, + 0x45, 0x7b, 0xe3, 0xbf, 0x8c, 0xe1, 0x24, 0xd5, + 0xcf, 0xcf, 0x64, 0xf6, 0xad, 0x86, 0x96, 0xd0, + 0x0a, 0x7f, 0x9c, 0x8a, 0x8a, 0xff, 0x63, 0x65, + 0x9f, 0x18, 0x88, 0xcf, 0xd6, 0x70, 0xf3, 0xdd, + 0xc0, 0xab, 0x04, 0xc8, 0xc6, 0x46, 0xd6, 0x18, + 0x56, 0xfe, 0x3e, 0x2e, 0x47, 0x9d, 0x21, 0x46, + 0x19, 0xf3, 0x4b, 0x99, 0x94, 0xc6, 0x80, 0x0d, + 0xba, 0x43, 0x23, 0x97, 0x8c, 0xa5, 0x5b, 0x9a, + 0x31, 0x16, 0xe7, 0x52, 0x6f, 0x6e, 0xf7, 0x53, + 0xb7, 0x05, 0x78, 0x3f, 0x64, 0xf9, 0x94, 0x2c, + 0x62, 0xb5, 0x3a, 0x1f, 0xc3, 0xb8, 0xe6, 0xb1, + 0x23, 0x7e, 0x21, 0x5c, 0xa1, 0x8a, 0xa5, 0x4f, + 0x2a, 0xda, 0x12, 0xe4, 0xcf, 0x7a, 0x6a, 0x63, + 0xe2, 0x1d, 0xfe, 0xaa, 0x28, 0xd7, 0xa2, 0x70, + 0x96, 0xe0, 0x1d, 0xd1, 0xaa, 0x77, 0xa9, 0x5a, + 0x0c, 0x04, 0xc4, 0x7b, 0x9f, 0xbb, 0xc3, 0xc3, + 0x1f, 0xe1, 0x24, 0xbb, 0xf6, 0xf8, 0xc8, 0x7b, + 0xf0, 0x5b, 0x44, 0x22, 0xd1, 0xd5, 0x85, 0xed, + 0x4a, 0xc4, 0xdb, 0x62, 0xbb, 0xfc, 0x8a, 0x52, + 0xbb, 0x5f, 0xc0, 0xc1, 0x62, 0x79, 0x7a, 0xe4, + 0x4d, 0xef, 0x77, 0x7b, 0x25, 0xa1, 0x69, 0xcf, + 0xd2, 0xfe, 0x7c, 0xbe, 0x87, 0x87, 0x38, 0x34, + 0xe9, 0x9f, 0x4f, 0x0a, 0xbd, 0xa6, 0x63, 0x7a, + 0x2a, 0x82, 0x0b, 0x17, 0x7e, 0xaa, 0x7a, 0x5d, + 0x85, 0x06, 0xf6, 0x3d, 0x16, 0x04, 0xf9, 0xe4, + 0x92, 0xfd, 0xc3, 0x34, 0xe9, 0xfb, 0x0a, 0xe2, + 0x63, 0x54, 0x8a, 0x2a, 0xa8, 0x60, 0x7a, 0x59, + 0xf7, 0x41, 0x93, 0x42, 0x46, 0xb3, 0x16, 0xb9, + 0x00, 0xdb, 0xb0, 0x7c, 0xcb, 0x56, 0x06, 0x7c, + 0x00, 0xd2, 0xc4, 0x2d, 0x44, 0x28, 0xd1, 0xbf, + 0x48, 0x9d, 0x96, 0x91, 0x2c, 0xa2, 0xe1, 0xe6, + 0x2d, 0x0f, 0xc5, 0xbe, 0xd1, 0x21, 0x03, 0xca, + 0x41, 0x19, 0x0c, 0x14, 0xf7, 0xd8, 0x51, 0x3d, + 0xca, 0xcd, 0x7b, 0x9b, 0x14, 0x1d, 0x69, 0x08, + 0x5f, 0xdc, 0x72, 0x4b, 0x6e, 0xce, 0x8e, 0x50, + 0x50, 0x20, 0x88, 0x40, 0xbc, 0x90, 0xbe, 0xa4, + 0xa1, 0x82, 0xd2, 0x8d, 0x3b, 0xff, 0xbe, 0x1e, + 0x1c, 0x7e, 0xc6, 0x6e, 0x3d, 0x5e, 0x31, 0x0a, + 0x93, 0x8b, 0x9b, 0x71, 0x27, 0xef, 0xcc, 0x47, + 0xf4, 0x07, 0xde, 0x15, 0xb0, 0x59, 0xdb, 0x8c, + 0xa7, 0xa7, 0x3e, 0x0e, 0x6d, 0x28, 0x9f, 0x37, + 0x81, 0x85, 0x4a, 0x90, 0x61, 0x3e, 0x94, 0xa8, + 0x8a, 0x6d, 0x7c, 0x9b, 0x80, 0x3c, 0x24, 0x8b, + 0xe7, 0x97, 0x0e, 0x4b, 0xe1, 0x93, 0x8a, 0x61, + 0x68, 0xb9, 0x9e, 0x38, 0xa4, 0x11, 0x23, 0xe6, + 0xaf, 0x0c, 0x20, 0x86, 0xd2, 0x91, 0xb9, 0x83, + 0x63, 0x0a, 0xf4, 0x85, 0x2d, 0x07, 0xff, 0x9d, + 0xc6, 0xa6, 0xff, 0x46, 0x1c, 0x95, 0x33, 0x8c, + 0xad, 0x2b, 0x13, 0xc5, 0xc6, 0x1b, 0xab, 0xdb, + 0xde, 0x8d, 0x51, 0x11, 0x2a, 0x1d, 0xe2, 0x11, + 0xa4, 0x1a, 0xea, 0x0c, 0xbb, 0xba, 0xa7, 0x45, + 0x3b, 0xb9, 0xac, 0x70, 0x76, 0x62, 0x20, 0x75, + 0x13, 0x9a, 0xb7, 0xb4, 0x46, 0x35, 0x27, 0x00, + 0x4a, 0xb2, 0x6b, 0x67, 0x5e, 0x5e, 0x3f, 0x42, + 0xf1, 0xf2, 0x39, 0x3d, 0x94, 0xa2, 0xa6, 0x71, + 0xe8, 0xc9, 0xc5, 0xed, 0x5b, 0x16, 0x66, 0xc8, + 0xea, 0x5e, 0xb1, 0x68, 0x6f, 0xd1, 0x08, 0x76, + 0x29, 0xb4, 0x56, 0x05, 0x51, 0xf0, 0xa5, 0x7f, + 0x64, 0xab, 0x7f, 0xe8, 0x29, 0xa3, 0x61, 0x47, + 0x48, 0x15, 0xfc, 0x16, 0xd6, 0xdf, 0x53, 0x4f, + 0x69, 0xec, 0x7e, 0xd5, 0x24, 0x4b, 0xc8, 0xb6, + 0x42, 0x2f, 0x26, 0x1d, 0x39, 0x20, 0x5a, 0xcc, + 0xc9, 0xb9, 0xa1, 0x42, 0xe6, 0xe5, 0x21, 0xd1, + 0xf4, 0x95, 0x49, 0x11, 0x4d, 0x4a, 0xbb, 0xe9, + 0x9c, 0x43, 0x17, 0x5d, 0x09, 0x97, 0x8e, 0x8f, + 0x0d, 0x3c, 0x26, 0x83, 0x9c, 0xdc, 0x73, 0x65, + 0x9b, 0x19, 0x15, 0x31, 0xcc, 0x81, 0x48, 0x1e, + 0xe0, 0x39, 0x59, 0x52, 0x7a, 0x38, 0x54, 0x72, + 0x90, 0xb4, 0x94, 0x49, 0x69, 0x7e, 0x85, 0xb9, + 0xd8, 0xa9, 0x8c, 0xfe, 0x70, 0x73, 0xa1, 0x26, + 0xf3, 0x26, 0x3b, 0x99, 0xa0, 0x79, 0xc4, 0x14, + 0x1a, 0xe1, 0xf4, 0x5f, 0xfb, 0xa2, 0x93, 0xfc, + 0x19, 0x74, 0x84, 0xa3, 0xc3, 0xc7, 0xb8, 0x5b, + 0x1b, 0xbe, 0x46, 0xe1, 0x6b, 0x76, 0xe1, 0x7c, + 0xc1, 0xba, 0xd3, 0xcd, 0x48, 0x7d, 0x7a, 0x10, + 0xd2, 0xd0, 0x1c, 0x8e, 0xd8, 0x4f, 0x8d, 0x67, + 0x43, 0x54, 0xaf, 0x11, 0xed, 0xe1, 0xda, 0xd5, + 0xa0, 0x10, 0x8d, 0xc6, 0x44, 0xb5, 0x8f, 0x5c, + 0xc7, 0x18, 0xd4, 0xc6, 0x96, 0xc9, 0x36, 0x17, + 0xdc, 0xf4, 0x9b, 0x11, 0x4f, 0x22, 0xbf, 0xab, + 0xcf, 0xcc, 0x14, 0xec, 0x15, 0xc3, 0xc1, 0x59, + 0x8f, 0xd1, 0xe1, 0xd4, 0x88, 0xd0, 0x4f, 0x07, + 0xea, 0xfa, 0x74, 0x60, 0x0f, 0xe6, 0x59, 0x6d, + 0x68, 0x22, 0x52, 0xc4, 0x22, 0xae, 0xbd, 0xda, + 0x3d, 0xb3, 0xc3, 0x11, 0x80, 0xef, 0x83, 0xd0, + 0x1e, 0x45, 0x7d, 0x0e, 0xc8, 0x1c, 0xc1, 0x77, + 0xf2, 0x11, 0xbb, 0xa5, 0xd9, 0x38, 0x39, 0xf0, + 0x03, 0xf4, 0xb6, 0xdb, 0x62, 0x04, 0x67, 0x8d, + 0x08, 0x4f, 0xe1, 0x94, 0x25, 0x63, 0x8c, 0x1d, + 0xe5, 0xdf, 0xa5, 0x93, 0x95, 0x6c, 0x83, 0xf3, + 0x68, 0x62, 0xea, 0x59, 0x21, 0x0c, 0x31, 0xbd, + 0x26, 0x00, 0x00, 0x0a, 0x81, 0x1a, 0xb9, 0x5a, + 0x94, 0x73, 0xb0, 0x7b, 0xf4, 0x60, 0xbe, 0x22, + 0x37, 0x04, 0xa7, 0x36, 0xa5, 0x5d, 0xff, 0x24, + 0x8d, 0x25, 0xfd, 0xe0, 0xe3, 0xbb, 0xb2, 0xf1, + 0xb1, 0x70, 0x3a, 0xad, 0x3a, 0x80, 0x99, 0x8b, + 0xf5, 0xf3, 0x61, 0x24, 0x50, 0x0a, 0xd7, 0x46, + 0x91, 0x9a, 0x11, 0x16, 0x1f, 0xbc, 0x01, 0x14, + 0x2b, 0xb6, 0x0c, 0xd9, 0xe8, 0x0a, 0x56, 0xf9, + 0xeb, 0xb7, 0x13, 0x7c, 0xfb, 0x05, 0x43, 0xb7, + 0xe9, 0x9c, 0x8f, 0x65, 0x7b, 0xdf, 0xfd, 0x90, + 0x0b, 0x5d, 0x95, 0xf6, 0xb6, 0xf9, 0x9a, 0xef, + 0x60, 0xad, 0xc2, 0xd0, 0xc4, 0xb4, 0xdd, 0x52, + 0x83, 0xde, 0xef, 0x2a, 0x43, 0x22, 0x28, 0xfb, + 0x52, 0x1a, 0xdb, 0x74, 0xfa, 0xab, 0x82, 0xda, + 0x64, 0xbf, 0xdd, 0xc9, 0xc5, 0x22, 0xaa, 0x5f, + 0x4f, 0x75, 0x50, 0x02, 0x1c, 0x0e, 0x82, 0x7c, + 0x70, 0x80, 0xb7, 0xf8, 0x7e, 0x5d, 0x19, 0x8d, + 0xc2, 0x89, 0xe6, 0xb8, 0x78, 0x0c, 0x00, 0xbb, + 0xc8, 0xd5, 0x99, 0x7c, 0x82, 0x09, 0x22, 0xd0, + 0x72, 0xe6, 0x09, 0x15, 0x5d, 0xa4, 0xe2, 0xd0, + 0xc4, 0xfc, 0x06, 0x53, 0xc9, 0xda, 0x48, 0x94, + 0xcb, 0xc2, 0xec, 0xf6, 0xf7, 0xdc, 0xae, 0x0b, + 0x1f, 0x5b, 0x06, 0xa9, 0xf7, 0x4b, 0xff, 0x02, + 0xd1, 0xf3, 0xaf, 0xe3, 0xe9, 0x57, 0xab, 0x6d, + 0x4b, 0x43, 0x53, 0xe9, 0xd1, 0xcd, 0xbd, 0xbe, + 0xb8, 0x95, 0xa0, 0xaa, 0x3f, 0xe1, 0x49, 0x32, + 0x7b, 0x5f, 0x3c, 0x17, 0x48, 0x2f, 0x77, 0xb4, + 0x15, 0xab, 0xa9, 0x72, 0x3f, 0x3c, 0x8c, 0x55, + 0x8e, 0x4c, 0xcf, 0x33, 0xd5, 0x09, 0x27, 0x55, + 0x65, 0x2c, 0x1a, 0x9c, 0x54, 0xf8, 0x21, 0x2f, + 0xce, 0x53, 0x53, 0x94, 0x42, 0x62, 0xb8, 0xf6, + 0xd1, 0x69, 0x93, 0xc7, 0xc7, 0xf3, 0x3b, 0xf2, + 0xf8, 0xc3, 0xeb, 0x6d, 0x54, 0x08, 0x85, 0x96, + 0x1f, 0x3d, 0x01, 0x3c, 0x06, 0x3d, 0x5b, 0xf2, + 0xbe, 0x35, 0x89, 0x50, 0xe7, 0x70, 0x08, 0xb9, + 0xf3, 0x41, 0x20, 0x82, 0x88, 0xe9, 0x56, 0xeb, + 0xbe, 0xf2, 0x19, 0xbd, 0x1f, 0x96, 0xb7, 0x65, + 0xab, 0xbb, 0x7d, 0x0d, 0x29, 0xb6, 0x83, 0xaf, + 0xde, 0x5d, 0x63, 0xf7, 0xfc, 0x1b, 0xf9, 0x07, + 0xda, 0xc9, 0x6b, 0xdb, 0x3e, 0x06, 0x99, 0x73, + 0x2b, 0x51, 0x9e, 0x69, 0xe4, 0xf4, 0xbf, 0x57, + 0x71, 0x1a, 0x0d, 0x36, 0xce, 0xd7, 0xab, 0x2c, + 0xf3, 0x77, 0x15, 0xa4, 0xeb, 0x9c, 0x37, 0xed, + 0xdb, 0xb6, 0xe1, 0xd0, 0xf7, 0xb8, 0xec, 0x5f, + 0xa9, 0x9b, 0xef, 0x4a, 0x4f, 0x08, 0xc5, 0x21, + 0x6d, 0x33, 0x05, 0x36, 0xa8, 0x16, 0x1a, 0x40, + 0x44, 0x31, 0x44, 0xb4, 0x24, 0x67, 0x4e, 0xee, + 0x55, 0xdc, 0xdd, 0x19, 0x58, 0xdd, 0xf6, 0x12, + 0x98, 0xf2, 0x95, 0x38, 0xc4, 0x42, 0xbf, 0xd6, + 0x02, 0x8b, 0x4d, 0x48, 0x3f, 0x36, 0xc1, 0x51, + 0xcb, 0x46, 0x74, 0xfc, 0xe4, 0x5d, 0xc9, 0x01, + 0xa9, 0x2a, 0x48, 0x1d, 0x69, 0xd4, 0x38, 0x3d, + 0x75, 0x53, 0xe0, 0x4c, 0x4f, 0x36, 0x7c, 0x17, + 0x1c, 0x87, 0xe8, 0x68, 0xdd, 0x9a, 0x28, 0x98, + 0xd1, 0x36, 0xe5, 0x67, 0x73, 0xaf, 0x1d, 0x36, + 0x35, 0x15, 0x72, 0xf2, 0x0b, 0x0b, 0xb4, 0x9f, + 0xc7, 0x2b, 0xf2, 0x25, 0x78, 0x87, 0x39, 0x42, + 0x50, 0xba, 0x80, 0x3f, 0xa5, 0x84, 0xdc, 0xde, + 0xc3, 0x43, 0x2b, 0xa6, 0x56, 0x15, 0xa4, 0x8f, + 0x27, 0xf9, 0x75, 0xd8, 0x61, 0x0d, 0x22, 0x4d, + 0x81, 0x56, 0xee, 0xe8, 0x48, 0x57, 0xb8, 0xe5, + 0x70, 0x64, 0x94, 0x2f, 0xa1, 0x2f, 0xe4, 0x16, + 0xa8, 0x18, 0xa8, 0xee, 0x79, 0x0b, 0x4f, 0x60, + 0x80, 0x86, 0x39, 0x57, 0x6c, 0x71, 0x5e, 0xed, + 0x0c, 0x1c, 0x63, 0x33, 0xdd, 0xa6, 0x2c, 0xf2, + 0x89, 0x91, 0xa7, 0x79, 0xdf, 0x67, 0xf2, 0x9c, + 0x07, 0xa6, 0xeb, 0x74, 0x4d, 0xb1, 0xfe, 0xdd, + 0x99, 0xe2, 0x01, 0x72, 0x86, 0xe0, 0x87, 0x0d, + 0x3d, 0x63, 0xe0, 0x84, 0xbd, 0x93, 0xf1, 0x33, + 0x00, 0x59, 0x7c, 0xb9, 0xcd, 0x71, 0x4c, 0xc5, + 0x29, 0x17, 0x48, 0xcc, 0xf4, 0xb1, 0x40, 0xd8, + 0x1a, 0x72, 0x0c, 0xd5, 0xa3, 0xb1, 0x93, 0x07, + 0xa4, 0xdc, 0x48, 0xbb, 0x09, 0x34, 0xfe, 0x13, + 0x39, 0x37, 0x14, 0xf3, 0x94, 0x89, 0x1d, 0xbc, + 0x00, 0xe7, 0x58, 0x0c, 0xf9, 0x65, 0xd2, 0xdc, + 0x8f, 0x14, 0x55, 0xd1, 0x1c, 0x23, 0x70, 0x1f, + 0xaa, 0x4d, 0x26, 0xbf, 0xba, 0xff, 0xb7, 0xa0, + 0xe3, 0x56, 0x3a, 0x92, 0xa0, 0xfa, 0xb3, 0x43, + 0x60, 0x0a, 0x26, 0x5d, 0x84, 0xea, 0x3b, 0xe4, + 0xae, 0xbe, 0x50, 0x8a, 0x4e, 0x87, 0x2c, 0x00, + 0x31, 0x80, 0xf7, 0x0c, 0xc6, 0x45, 0x1e, 0x20, + 0x6f, 0x20, 0xb2, 0x1b, 0x37, 0x16, 0x8b, 0x11, + 0x70, 0x1a, 0x7d, 0x20, 0xeb, 0x40, 0x7e, 0x23, + 0x35, 0x90, 0x75, 0xa1, 0xb3, 0x6c, 0x31, 0x9d, + 0x85, 0xe6, 0x98, 0xdf, 0x3a, 0xc9, 0xc4, 0xd9, + 0x92, 0xe0, 0xa1, 0xf7, 0x65, 0x5c, 0xa2, 0x7f, + 0x67, 0x27, 0x4a, 0xaf, 0x32, 0x2a, 0xbd, 0x7a, + 0x3a, 0x9a, 0xfa, 0x39, 0x05, 0xc9, 0x29, 0x8d, + 0x60, 0x81, 0x89, 0x87, 0x97, 0x79, 0x62, 0x40, + 0x98, 0x87, 0xf1, 0x29, 0x30, 0xb2, 0xeb, 0x53, + 0xdf, 0xdc, 0xfa, 0x9d, 0x3c, 0x98, 0xe7, 0xc3, + 0xa9, 0x61, 0xc5, 0xd7, 0x12, 0xb0, 0xb2, 0xf7, + 0x65, 0x8a, 0x24, 0xa9, 0x70, 0xa0, 0x62, 0xf3, + 0x7f, 0xc8, 0xdc, 0xad, 0xde, 0x33, 0x37, 0x45, + 0x54, 0xb6, 0xb3, 0x04, 0x6b, 0x28, 0xd6, 0xa2, + 0xc6, 0x7c, 0x79, 0x94, 0x88, 0x6b, 0xb2, 0x33, + 0x33, 0x5e, 0xbb, 0xbf, 0x42, 0xee, 0xda, 0x2c, + 0x28, 0xf4, 0x77, 0xba, 0x0b, 0xae, 0xa2, 0x5e, + 0xf5, 0x95, 0x46, 0x6f, 0xf7, 0x43, 0xd9, 0x01, + 0x9f, 0x0d, 0xf3, 0xd4, 0xc7, 0xef, 0x76, 0x46, + 0x78, 0xa2, 0xc6, 0x29, 0xab, 0xa8, 0xa5, 0x9f, + 0x67, 0x31, 0xd5, 0xdb, 0xe0, 0xe0, 0xb1, 0x17, + 0x6e, 0xf5, 0x8e, 0xa5, 0x93, 0xca, 0xf4, 0xd1, + 0xc9, 0xc2, 0xd2, 0xce, 0x20, 0x46, 0x3f, 0xb4, + 0x22, 0xa6, 0x58, 0x64, 0x5b, 0x01, 0xa6, 0x14, + 0xd7, 0xec, 0x5b, 0x9b, 0x80, 0x0f, 0x81, 0x29, + 0xed, 0x2b, 0x9d, 0xe4, 0x5e, 0xce, 0x64, 0xc6, + 0x51, 0xde, 0xef, 0xc2, 0xff, 0xa8, 0x74, 0x75, + 0x62, 0x71, 0xc0, 0x49, 0x04, 0x78, 0x06, 0xbd, + 0xaa, 0x77, 0xab, 0x02, 0x3c, 0xde, 0xd5, 0x33, + 0xa0, 0x09, 0xe0, 0x79, 0xd5, 0x54, 0x80, 0xde, + 0x7d, 0xdb, 0xb7, 0xba, 0xaa, 0xb3, 0xac, 0x3a, + 0x8b, 0x5f, 0x35, 0x7f, 0x54, 0x25, 0xf0, 0x29, + 0xde, 0x76, 0xe0, 0x97, 0x16, 0x53, 0x6b, 0x2c, + 0xdf, 0x76, 0x3c, 0xf5, 0xc1, 0xe5, 0x15, 0x4f, + 0xd8, 0x1d, 0x1c, 0xc4, 0xd4, 0xac, 0xc1, 0xed, + 0x23, 0x59, 0x41, 0x96, 0x01, 0x1d, 0xae, 0x52, + 0x9e, 0x0e, 0xe8, 0xf1, 0x1d, 0xb9, 0xc3, 0x25, + 0x8a, 0x57, 0x89, 0xb7, 0x71, 0x00, 0xe9, 0x69, + 0xa2, 0xdc, 0x91, 0xb7, 0x91, 0xe9, 0x6c, 0xa1, + 0x0c, 0xb1, 0x7b, 0x84, 0xb6, 0x3b, 0xe2, 0xf2, + 0x10, 0x3b, 0x8e, 0x34, 0xb4, 0x99, 0xb8, 0x28, + 0xc1, 0xaf, 0x59, 0x38, 0x62, 0x6e, 0x12, 0xf1, + 0x19, 0x95, 0x58, 0x66, 0xc8, 0x58, 0x79, 0xdb, + 0x5d, 0x97, 0x01, 0xc2, 0x93, 0x48, 0xd1, 0x6a, + 0xea, 0xdb, 0xb7, 0xb5, 0x47, 0x26, 0x3f, 0x38, + 0x97, 0x1e, 0x00, 0xbb, 0x5f, 0x2f, 0x80, 0x59, + 0xe3, 0xe4, 0x23, 0x1d, 0x1c, 0x1e, 0xc5, 0xd1, + 0x62, 0x01, 0xc6, 0x8a, 0x4a, 0xf0, 0xf5, 0xbc, + 0xa7, 0xf7, 0x44, 0x3a, 0xda, 0x85, 0xe1, 0x8a, + 0x9e, 0x96, 0x9e, 0x73, 0x29, 0x23, 0x0c, 0x5d, + 0x38, 0xae, 0xce, 0x15, 0xc9, 0x38, 0x6e, 0xc0, + 0xf0, 0x96, 0x3e, 0x73, 0x6e, 0x08, 0x1b, 0x1d, + 0x2b, 0x75, 0xd6, 0x57, 0x7b, 0x63, 0x17, 0xeb, + 0xcc, 0x94, 0xaf, 0x57, 0xd0, 0x0c, 0x5b, 0x58, + 0xae, 0x9d, 0x95, 0xc5, 0x08, 0x4e, 0x66, 0x04, + 0xd3, 0x45, 0x56, 0xbb, 0xfb, 0x62, 0x36, 0x3c, + 0xd6, 0x03, 0xb3, 0xa4, 0x8d, 0xd2, 0xd9, 0xed, + 0xdb, 0xce, 0x3d, 0xbe, 0x67, 0xb6, 0xf4, 0x36, + 0x15, 0x31, 0x58, 0x61, 0x63, 0xa1, 0xa5, 0xb9, + 0xbe, 0xc1, 0xcf, 0x03, 0x31, 0x8d, 0xff, 0x91, + 0xba, 0xe0, 0xed, 0xee, 0x68, 0x6e, 0x93, 0x9b, + 0xa0, 0xa7, 0xe3, 0xf0, 0xf5, 0x09, 0x16, 0x3c, + 0xd3, 0xe2, 0x1b, 0x3a, 0x47, 0x5a, 0x82, 0xb6, + 0xcc, 0xd6, 0xfc, 0x0e, 0x2d, 0x4c, 0x50, 0x6c, + 0x74, 0x79, 0x9e, 0xb8, 0xe3, 0xe6, 0x01, 0x23, + 0x2b, 0x33, 0x4a, 0xc6, 0xcb, 0xf8, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x0b, 0x0f, 0x14, 0x1d, 0x22, + 0x2b, 0x36, 0x3e + }; +#endif /* !WOLFSSL_NO_ML_DSA_87 */ + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + +#ifndef WOLFSSL_NO_ML_DSA_44 + /* ML-DSA-44: verify with empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_44_ctx0, + (word32)sizeof(sig_44_ctx0), NULL, 0, + msg_44, (word32)sizeof(msg_44), &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-44: verify with context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_44_ctx33, + (word32)sizeof(sig_44_ctx33), ctx_44, + (byte)sizeof(ctx_44), msg_44, (word32)sizeof(msg_44), + &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-44: cross-context rejection, empty-ctx sig must not verify with ctx */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key), 0); + res = 1; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_44_ctx0, + (word32)sizeof(sig_44_ctx0), ctx_44, + (byte)sizeof(ctx_44), msg_44, (word32)sizeof(msg_44), + &res, key), 0); + ExpectIntEQ(res, 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 + /* ML-DSA-65: verify with empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_65_ctx0, + (word32)sizeof(sig_65_ctx0), NULL, 0, + msg_65, (word32)sizeof(msg_65), &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-65: verify with context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_65_ctx33, + (word32)sizeof(sig_65_ctx33), ctx_65, + (byte)sizeof(ctx_65), msg_65, (word32)sizeof(msg_65), + &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-65: cross-context rejection, empty-ctx sig must not verify with ctx */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key), 0); + res = 1; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_65_ctx0, + (word32)sizeof(sig_65_ctx0), ctx_65, + (byte)sizeof(ctx_65), msg_65, (word32)sizeof(msg_65), + &res, key), 0); + ExpectIntEQ(res, 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 + /* ML-DSA-87: verify with empty context (ctx=NULL, ctxLen=0) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_87_ctx0, + (word32)sizeof(sig_87_ctx0), NULL, 0, + msg_87, (word32)sizeof(msg_87), &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-87: verify with context from gist record 1 (ctxLen=33) */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_87_ctx33, + (word32)sizeof(sig_87_ctx33), ctx_87, + (byte)sizeof(ctx_87), msg_87, (word32)sizeof(msg_87), + &res, key), 0); + ExpectIntEQ(res, 1); + wc_dilithium_free(key); + + /* ML-DSA-87: cross-context rejection, empty-ctx sig must not verify with ctx */ + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key), 0); + res = 1; + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig_87_ctx0, + (word32)sizeof(sig_87_ctx0), ctx_87, + (byte)sizeof(ctx_87), msg_87, (word32)sizeof(msg_87), + &res, key), 0); + ExpectIntEQ(res, 0); + wc_dilithium_free(key); +#endif /* !WOLFSSL_NO_ML_DSA_87 */ + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* HAVE_DILITHIUM && WOLFSSL_WC_DILITHIUM && !WOLFSSL_DILITHIUM_NO_VERIFY */ + return EXPECT_RESULT(); +} + + +int test_wc_dilithium_verify_kats(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && defined(WOLFSSL_DILITHIUM_NO_CTX) + dilithium_key* key; + int res; #ifndef WOLFSSL_NO_ML_DSA_44 static const byte pk_44[] = { 0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37, @@ -16995,6 +24859,135 @@ return EXPECT_RESULT(); } +/* Exercise w1 encoding with adversarial inputs to catch undefined behavior. + * + * The word32-optimized paths in dilithium_encode_w1_88_c and + * dilithium_encode_w1_32_c left-shift sword32 values by up to 30 bits. + * Large or invalid w1 values trigger signed integer overflow (UB in C). + * Under -fsanitize=undefined this test will trap on the offending shifts. + * + * We also test that encoding the same input twice yields identical output + * (determinism check - UB can cause nondeterministic results). + */ +int test_wc_dilithium_encode_w1_large_values(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) + + sword32 w1[DILITHIUM_N]; + unsigned int j, k; + + /* Adversarial w1 values: + * - valid boundary values (0, 1, max-for-bit-width) + * - oversize values that exceed the expected bit width + * - negative values (should never appear but might if prior step is buggy) + * - extreme values near INT32 limits + * - alternating patterns that stress cross-element packing + */ + const sword32 patterns[] = { + 0, /* trivial zero */ + 1, /* minimal nonzero */ + 0x7F, /* 7 bits set - wider than both 4-bit and 6-bit */ + 0xFF, /* full byte */ + 0xFFFF, /* 16 bits */ + 0x7FFFFFFF, /* INT32_MAX */ + -1, /* all bits set (negative) */ + -128, /* negative */ + (sword32)0x80000000 /* INT32_MIN */ + }; + const int n_patterns = (int)(sizeof(patterns) / sizeof(patterns[0])); + + /* ---- 6-bit encoding (dilithium_encode_w1_88 path) ---- */ +#ifndef WOLFSSL_NO_ML_DSA_44 + { + ALIGN32 byte enc_a[DILITHIUM_N * DILITHIUM_Q_HI_88_ENC_BITS / 8]; + ALIGN32 byte enc_b[DILITHIUM_N * DILITHIUM_Q_HI_88_ENC_BITS / 8]; + + /* Uniform fill with each pattern */ + for (k = 0; k < (unsigned int)n_patterns; k++) { + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = patterns[k]; + } + + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_88(w1, enc_a); + wc_dilithium_encode_w1_88(w1, enc_b); + + /* Determinism: same input must produce same output */ + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + } + + /* Alternating pattern: adjacent elements get different values */ + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = (j & 1) ? 43 : 0; + } + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_88(w1, enc_a); + wc_dilithium_encode_w1_88(w1, enc_b); + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + + /* Ascending pattern: each element differs */ + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = (sword32)(j % 44); /* 0..43 cycling */ + } + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_88(w1, enc_a); + wc_dilithium_encode_w1_88(w1, enc_b); + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + } +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + + /* ---- 4-bit encoding (dilithium_encode_w1_32 path) ---- */ +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + { + ALIGN32 byte enc_a[DILITHIUM_N * DILITHIUM_Q_HI_32_ENC_BITS / 8]; + ALIGN32 byte enc_b[DILITHIUM_N * DILITHIUM_Q_HI_32_ENC_BITS / 8]; + + /* Uniform fill with each pattern */ + for (k = 0; k < (unsigned int)n_patterns; k++) { + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = patterns[k]; + } + + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_32(w1, enc_a); + wc_dilithium_encode_w1_32(w1, enc_b); + + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + } + + /* Alternating pattern */ + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = (j & 1) ? 15 : 0; + } + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_32(w1, enc_a); + wc_dilithium_encode_w1_32(w1, enc_b); + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + + /* Ascending pattern */ + for (j = 0; j < DILITHIUM_N; j++) { + w1[j] = (sword32)(j % 16); /* 0..15 cycling */ + } + XMEMSET(enc_a, 0, sizeof(enc_a)); + XMEMSET(enc_b, 0, sizeof(enc_b)); + wc_dilithium_encode_w1_32(w1, enc_a); + wc_dilithium_encode_w1_32(w1, enc_b); + ExpectIntEQ(XMEMCMP(enc_a, enc_b, sizeof(enc_a)), 0); + } +#endif /* !WOLFSSL_NO_ML_DSA_65 || !WOLFSSL_NO_ML_DSA_87 */ + +#endif /* HAVE_DILITHIUM && WOLFSSL_WC_DILITHIUM && sign/verify */ + return EXPECT_RESULT(); +} + int test_mldsa_pkcs12(void) { EXPECT_DECLS; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mldsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mldsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mldsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_mldsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,6 +25,7 @@ #include int test_wc_dilithium(void); +int test_wc_dilithium_sign_pubonly_fails(void); int test_wc_dilithium_make_key(void); int test_wc_dilithium_sign(void); int test_wc_dilithium_verify(void); @@ -34,14 +35,18 @@ int test_wc_dilithium_der(void); int test_wc_dilithium_make_key_from_seed(void); int test_wc_dilithium_sig_kats(void); +int test_wc_dilithium_sign_ctx_kats(void); +int test_wc_dilithium_verify_ctx_kats(void); int test_wc_dilithium_verify_kats(void); int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void); int test_mldsa_pkcs8_import_OpenSSL_form(void); int test_mldsa_pkcs8_export_import_wolfSSL_form(void); +int test_wc_dilithium_encode_w1_large_values(void); int test_mldsa_pkcs12(void); #define TEST_MLDSA_DECLS \ TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_pubonly_fails), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ @@ -51,10 +56,13 @@ TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_ctx_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_ctx_kats), \ TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_encode_w1_large_values), \ TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12) #endif /* WOLFCRYPT_TEST_MLDSA_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mlkem.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mlkem.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_mlkem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -3872,3 +3872,81 @@ return EXPECT_RESULT(); } +/* + * Test that wc_MlKemKey_Decapsulate() rejects a public-key-only key object. + * A key with MLKEM_FLAG_PUB_SET but not MLKEM_FLAG_PRIV_SET must not + * silently decapsulate with zeroed private key data. + */ +int test_wc_mlkem_decapsulate_pubonly_fails(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0) +#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + MlKemKey* fullKey; + MlKemKey* pubOnlyKey; + WC_RNG rng; + byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; + byte ss[WC_ML_KEM_SS_SZ]; + byte ssDec[WC_ML_KEM_SS_SZ]; + byte pubBuf[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + word32 pubLen = 0; + word32 ctLen = 0; + + fullKey = (MlKemKey*)XMALLOC(sizeof(*fullKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(fullKey); + pubOnlyKey = (MlKemKey*)XMALLOC(sizeof(*pubOnlyKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubOnlyKey); + + XMEMSET(&rng, 0, sizeof(rng)); + ExpectIntEQ(wc_InitRng(&rng), 0); + +#ifndef WOLFSSL_NO_ML_KEM_768 + ExpectIntEQ(wc_MlKemKey_Init(fullKey, WC_ML_KEM_768, NULL, + INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_Init(pubOnlyKey, WC_ML_KEM_768, NULL, + INVALID_DEVID), 0); +#elif !defined(WOLFSSL_NO_ML_KEM_512) + ExpectIntEQ(wc_MlKemKey_Init(fullKey, WC_ML_KEM_512, NULL, + INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_Init(pubOnlyKey, WC_ML_KEM_512, NULL, + INVALID_DEVID), 0); +#else + ExpectIntEQ(wc_MlKemKey_Init(fullKey, WC_ML_KEM_1024, NULL, + INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_Init(pubOnlyKey, WC_ML_KEM_1024, NULL, + INVALID_DEVID), 0); +#endif + + /* Get correct sizes for this key type. */ + ExpectIntEQ(wc_MlKemKey_PublicKeySize(fullKey, &pubLen), 0); + ExpectIntEQ(wc_MlKemKey_CipherTextSize(fullKey, &ctLen), 0); + + /* Generate a real key pair. */ + ExpectIntEQ(wc_MlKemKey_MakeKey(fullKey, &rng), 0); + + /* Encapsulate with the full key to get a valid ciphertext. */ + ExpectIntEQ(wc_MlKemKey_Encapsulate(fullKey, ct, ss, &rng), 0); + + /* Export and import only the public key. */ + ExpectIntEQ(wc_MlKemKey_EncodePublicKey(fullKey, pubBuf, pubLen), 0); + ExpectIntEQ(wc_MlKemKey_DecodePublicKey(pubOnlyKey, pubBuf, pubLen), 0); + + /* Decapsulating with a public-key-only object must fail. */ + ExpectIntEQ(wc_MlKemKey_Decapsulate(pubOnlyKey, ssDec, ct, ctLen), + WC_NO_ERR_TRACE(BAD_STATE_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_MlKemKey_Free(pubOnlyKey); + wc_MlKemKey_Free(fullKey); + XFREE(pubOnlyKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(fullKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_mlkem_decapsulate_pubonly_fails */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mlkem.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_mlkem.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_mlkem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_mlkem.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,10 +27,12 @@ int test_wc_mlkem_make_key_kats(void); int test_wc_mlkem_encapsulate_kats(void); int test_wc_mlkem_decapsulate_kats(void); +int test_wc_mlkem_decapsulate_pubonly_fails(void); #define TEST_MLKEM_DECLS \ TEST_DECL_GROUP("mlkem", test_wc_mlkem_make_key_kats), \ TEST_DECL_GROUP("mlkem", test_wc_mlkem_encapsulate_kats), \ - TEST_DECL_GROUP("mlkem", test_wc_mlkem_decapsulate_kats) + TEST_DECL_GROUP("mlkem", test_wc_mlkem_decapsulate_kats), \ + TEST_DECL_GROUP("mlkem", test_wc_mlkem_decapsulate_pubonly_fails) #endif /* WOLFCRYPT_TEST_MLKEM_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ocsp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,6 +26,7 @@ #include #include #include +#include #if defined(HAVE_OCSP) && !defined(NO_SHA) && !defined(NO_RSA) struct ocsp_cb_ctx { @@ -136,6 +137,18 @@ #endif ExpectIntEQ(test_ocsp_response_with_cm(&conf, expectedRet), TEST_SUCCESS); + /* Test response with CERT_UNKNOWN status */ + conf.resp = (unsigned char*)resp_cert_unknown; + conf.respSz = sizeof(resp_cert_unknown); + conf.ca0 = root_ca_cert_pem; + conf.ca0Sz = sizeof(root_ca_cert_pem); + conf.ca1 = NULL; + conf.ca1Sz = 0; + conf.targetCert = intermediate1_ca_cert_pem; + conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); + ExpectIntEQ(test_ocsp_response_with_cm(&conf, OCSP_CERT_UNKNOWN), + TEST_SUCCESS); + /* Test response with unusable internal cert but that can be verified in CM */ conf.resp = (unsigned char*)resp_bad_embedded_cert; @@ -202,6 +215,7 @@ ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME); ExpectBufEQ(response->responderId.nameHash, cert.subjectHash, @@ -212,6 +226,8 @@ ptr = (const unsigned char*)resp_rid_bykey; ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_rid_bykey))); + ExpectPtrEq(ptr, (const unsigned char*)resp_rid_bykey + + sizeof(resp_rid_bykey)); ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY); ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash, @@ -222,6 +238,7 @@ ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntEQ(response->responseStatus, 0); wolfSSL_OCSP_RESPONSE_free(response); @@ -233,12 +250,13 @@ ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); /* no verify signer certificate */ ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY), WOLFSSL_SUCCESS); /* verify that the signature is checked */ if (EXPECT_SUCCESS()) { - response->sig[0] ^= 0xff; + ((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff; } ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY), WOLFSSL_FAILURE); @@ -259,6 +277,7 @@ ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -268,16 +287,17 @@ ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), WOLFSSL_SUCCESS); /* make invalid signature */ if (EXPECT_SUCCESS()) { - response->sig[0] ^= 0xff; + ((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff; } ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), WOLFSSL_FAILURE); if (EXPECT_SUCCESS()) { - response->sig[0] ^= 0xff; + ((byte *)(wc_ptr_t)response->sig)[0] ^= 0xff; } /* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */ @@ -298,6 +318,7 @@ ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -319,6 +340,7 @@ ptr = (const unsigned char*)resp_multi; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi))); + ExpectPtrEq(ptr, (const unsigned char*)resp_multi + sizeof(resp_multi)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -329,6 +351,8 @@ ptr = (const unsigned char*)resp_bad_noauth; ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad_noauth))); + ExpectPtrEq(ptr, (const unsigned char*)resp_bad_noauth + + sizeof(resp_bad_noauth)); expectedRet = WOLFSSL_FAILURE; #ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK @@ -652,11 +676,51 @@ wolfSSL_X509_free(issuer); return EXPECT_SUCCESS(); } +int test_ocsp_certid_dup(void) +{ + EXPECT_DECLS; + WOLFSSL_OCSP_CERTID* certId = NULL; + WOLFSSL_OCSP_CERTID* certIdDup = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509* issuer = NULL; + + /* Load test certificates */ + ExpectNotNull( + subject = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/intermediate1-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/root-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + + /* Create CERTID from certificates */ + ExpectNotNull(certId = wolfSSL_OCSP_cert_to_id(NULL, subject, issuer)); + + /* Dup */ + ExpectNotNull(certIdDup = wolfSSL_OCSP_CERTID_dup(certId)); + + /* Verify the dup compares equal */ + ExpectIntEQ(wolfSSL_OCSP_id_cmp(certId, certIdDup), 0); + + /* Verify status is a distinct allocation (deep copy) */ + ExpectPtrNE(certId->status, certIdDup->status); + + /* Freeing both must not double-free (ASAN will catch it) */ + wolfSSL_OCSP_CERTID_free(certId); + wolfSSL_OCSP_CERTID_free(certIdDup); + + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); + return EXPECT_SUCCESS(); +} + #else /* !NO_SHA && OPENSSL_ALL && HAVE_OCSP && !WOLFSSL_SM3 && !WOLFSSL_SM2 */ int test_ocsp_certid_enc_dec(void) { return TEST_SKIPPED; } +int test_ocsp_certid_dup(void) +{ + return TEST_SKIPPED; +} #endif #if defined(HAVE_OCSP) && defined(WOLFSSL_CERT_SETUP_CB) && \ @@ -1025,3 +1089,588 @@ return TEST_SKIPPED; } #endif + +/* + * Test: OCSP returns CERT_UNKNOWN for the leaf cert, CRL says cert is valid. + * Expects the TLS handshake to succeed via CRL fallback. + * + * Uses: + * - server-cert.pem (serial 0x01, issued by ca-cert.pem) + * - resp_server_cert_unknown: OCSP response with CERT_UNKNOWN for serial 0x01 + * - crl/crl.pem: CRL from ca-cert.pem, only revokes serial 0x02 + */ +#if defined(HAVE_OCSP) && defined(HAVE_CRL) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) && \ + !defined(NO_SHA) + +static int test_ocsp_unknown_crl_fallback_ocsp_io_cb(void* ioCtx, + const char* url, int urlSz, unsigned char* request, int requestSz, + unsigned char** response) +{ + (void)url; + (void)urlSz; + (void)request; + (void)requestSz; + + /* Return the pre-built CERT_UNKNOWN response for server-cert.pem */ + *response = (unsigned char*)ioCtx; + return (int)sizeof(resp_server_cert_unknown); +} + +static int test_ocsp_unknown_crl_fallback_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + + /* Enable OCSP on client with URL override so no real network is needed */ + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, + WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "http://dummy.test"), + WOLFSSL_SUCCESS); + /* Set the OCSP I/O callback to return our CERT_UNKNOWN response blob */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, + test_ocsp_unknown_crl_fallback_ocsp_io_cb, NULL, + (void*)resp_server_cert_unknown), + WOLFSSL_SUCCESS); + + /* Enable CRL checking (already loaded via crlPemFile in the framework) */ + + return EXPECT_RESULT(); +} + +int test_ocsp_cert_unknown_crl_fallback(void) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Server setup: use standard server cert issued by ca-cert.pem */ + test_ctx.s_cb.certPemFile = "./certs/server-cert.pem"; + test_ctx.s_cb.keyPemFile = "./certs/server-key.pem"; + + /* Client setup: CA cert, CRL file, and custom ctx_ready for OCSP */ + test_ctx.c_cb.caPemFile = "./certs/ca-cert.pem"; + test_ctx.c_cb.crlPemFile = "./certs/crl/crl.pem"; + test_ctx.c_cb.ctx_ready = test_ocsp_unknown_crl_fallback_ctx_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* The OCSP response returns CERT_UNKNOWN for the server cert. + * CRL (crl.pem) does NOT revoke serial 0x01 (only 0x02 is revoked). + * If OCSP CERT_UNKNOWN correctly falls back to CRL, the handshake + * should succeed. + */ + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + + test_ssl_memio_cleanup(&test_ctx); + return EXPECT_RESULT(); +} + +#else +int test_ocsp_cert_unknown_crl_fallback(void) +{ + return TEST_SKIPPED; +} +#endif /* HAVE_OCSP && HAVE_CRL && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && */ + /* !NO_RSA && !NO_SHA */ + +/* + * Test: OCSP returns CERT_UNKNOWN for a non-leaf (intermediate) cert, + * CRL says the cert is valid. With both OCSP_CHECKALL and CRL_CHECKALL + * enabled, the CRL fallback for non-leaf certs should kick in. + * + * Chain: server1 (serial 0x05) -> intermediate1 (serial 0x01) -> root-ca + * + * OCSP responses: + * - intermediate1: resp_cert_unknown (CERT_UNKNOWN) + * - server1: resp_server1_cert (CERT_GOOD) + * + * CRL files (empty = no revocations): + * - root-ca-crl.pem: covers intermediate1 (serial 0x01 not revoked) + * - intermediate1-ca-crl.pem: covers server1 (serial 0x05 not revoked) + */ +#if defined(HAVE_OCSP) && defined(HAVE_CRL) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) && \ + !defined(NO_SHA) + +static int test_ocsp_unknown_nonleaf_call_count; + +static int test_ocsp_unknown_nonleaf_ocsp_io_cb(void* ioCtx, + const char* url, int urlSz, unsigned char* request, int requestSz, + unsigned char** response) +{ + (void)ioCtx; + (void)url; + (void)urlSz; + (void)request; + (void)requestSz; + + test_ocsp_unknown_nonleaf_call_count++; + + if (test_ocsp_unknown_nonleaf_call_count == 1) { + /* First OCSP lookup: non-leaf cert (intermediate1). + * Return CERT_UNKNOWN. */ + *response = (unsigned char*)resp_cert_unknown; + return (int)sizeof(resp_cert_unknown); + } + else { + /* Second OCSP lookup: leaf cert (server1). + * Return CERT_GOOD. */ + *response = (unsigned char*)resp_server1_cert; + return (int)sizeof(resp_server1_cert); + } +} + +static int test_ocsp_unknown_nonleaf_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + + /* Need VERIFY_PEER so chain certs get added to the CM. Without it + * (e.g. OPENSSL_COMPATIBLE_DEFAULTS sets VERIFY_NONE), the intermediate + * CA won't be registered and the leaf cert's issuerKeyHash stays zero, + * causing the OCSP CertID comparison to fail. */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + + /* Enable OCSP with CHECKALL so non-leaf certs are also OCSP-checked */ + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL | + WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "http://dummy.test"), + WOLFSSL_SUCCESS); + /* Set the OCSP I/O callback to return our test responses */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, + test_ocsp_unknown_nonleaf_ocsp_io_cb, NULL, NULL), + WOLFSSL_SUCCESS); + + /* Load CRL from root-ca (covers intermediate1, serial 0x01 not revoked). + * The leaf cert (server1) gets CERT_GOOD from OCSP so doesn't need CRL. */ + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/ocsp/root-ca-crl.pem", WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + + return EXPECT_RESULT(); +} + +int test_ocsp_cert_unknown_crl_fallback_nonleaf(void) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ocsp_unknown_nonleaf_call_count = 0; + + /* Server: server1-chain-noroot.pem contains server1 + intermediate1 + * (no root-ca, since the client already trusts root-ca) */ + test_ctx.s_cb.certPemFile = "./certs/ocsp/server1-chain-noroot.pem"; + test_ctx.s_cb.keyPemFile = "./certs/ocsp/server1-key.pem"; + + /* Client: trust root-ca, enable OCSP+CRL in ctx_ready */ + test_ctx.c_cb.caPemFile = "./certs/ocsp/root-ca-cert.pem"; + test_ctx.c_cb.ctx_ready = test_ocsp_unknown_nonleaf_ctx_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* OCSP returns CERT_UNKNOWN for intermediate1 (non-leaf). + * CRL (root-ca-crl.pem) has no revocations, so intermediate1 is valid. + * If the non-leaf OCSP->CRL fallback works, the handshake should succeed. + */ + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + + test_ssl_memio_cleanup(&test_ctx); + return EXPECT_RESULT(); +} + +#else +int test_ocsp_cert_unknown_crl_fallback_nonleaf(void) +{ + return TEST_SKIPPED; +} +#endif /* HAVE_OCSP && HAVE_CRL && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + +#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_NONBLOCK_OCSP) && defined(HAVE_MAX_FRAGMENT) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_RSA) && !defined(NO_SHA) + +/* Number of times the OCSP IO callback has been called. */ +static int test_tls13_nonblock_ocsp_mfl_cb_cnt; + +/* + * OCSP IO callback: simulates a nonblocking responder. Returns WANT_READ + * a few times before finally returning the OCSP response. + */ +static int test_tls13_nonblock_ocsp_mfl_io_cb(void* ioCtx, const char* url, + int urlSz, unsigned char* req, int reqSz, unsigned char** respBuf) +{ + (void)ioCtx; + (void)url; + (void)urlSz; + (void)req; + (void)reqSz; + + if (test_tls13_nonblock_ocsp_mfl_cb_cnt++ < 5) + return WOLFSSL_CBIO_ERR_WANT_READ; + + *respBuf = (unsigned char*)resp_server1_cert; + return (int)sizeof(resp_server1_cert); +} + +/* CTX-ready callback: enable client-side OCSP with URL override. */ +static int test_tls13_nonblock_ocsp_mfl_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, + WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "http://example.com"), + WOLFSSL_SUCCESS); + /* NULL free-callback: resp points to static array, must not be freed. */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, + test_tls13_nonblock_ocsp_mfl_io_cb, NULL, NULL), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +/* SSL-ready callback: cap record payload at 1024 bytes. */ +static int test_tls13_nonblock_ocsp_mfl_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_2_10), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +int test_tls13_nonblock_ocsp_low_mfl(void) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_tls13_nonblock_ocsp_mfl_cb_cnt = 0; + + /* + * Server: two-cert chain (server1 + intermediate1, no root). + * Total DER size ~2534 bytes -> splits into 3 TLS records at MFL=1024. + */ + test_ctx.s_cb.certPemFile = "./certs/ocsp/server1-chain-noroot.pem"; + test_ctx.s_cb.keyPemFile = "./certs/ocsp/server1-key.pem"; + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + + /* Client: trust root-ca, TLS 1.3, OCSP + MFL=1024. */ + test_ctx.c_cb.caPemFile = "./certs/ocsp/root-ca-cert.pem"; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + test_ctx.c_cb.ctx_ready = test_tls13_nonblock_ocsp_mfl_ctx_ready; + test_ctx.c_cb.ssl_ready = test_tls13_nonblock_ocsp_mfl_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + + /* The OCSP callback must have been retried (called more than once). */ + ExpectIntGT(test_tls13_nonblock_ocsp_mfl_cb_cnt, 1); + + test_ssl_memio_cleanup(&test_ctx); + return EXPECT_RESULT(); +} + +#else +int test_tls13_nonblock_ocsp_low_mfl(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_OCSP_RESPONDER) && defined(WOLFSSL_ASN_TEMPLATE) && \ + !defined(NO_SHA) && !defined(NO_RSA) +/* Structure to hold test configuration */ +typedef struct { + const char* caCertPath; + const char* responderCertPath; + const char* responderKeyPath; + const char* targetCertPath; + enum Ocsp_Cert_Status certStatus; + time_t revocationTime; /* Used when status is CERT_REVOKED */ + enum WC_CRL_Reason revocationReason; /* Used when status is CERT_REVOKED */ + word32 validityPeriod; /* Used when status is CERT_GOOD */ + int expectedResult; + const char* testName; +} OcspResponderTestConfig; + +/* Helper function to run a single OCSP responder test configuration */ +static int ocspResponderTest_Run(OcspResponderTestConfig* config, int sendCerts) +{ + EXPECT_DECLS; + OcspResponder* responder = NULL; + OcspRequest* clientReq = NULL; + DecodedCert targetCert; + DecodedCert decodedCaCert; + WOLFSSL_CERT_MANAGER* cm = NULL; + byte caCertDer[4096]; + byte responderCertDer[4096]; + byte responderKeyDer[4096]; + byte targetCertDer[4096]; + byte* respBuf = NULL; + word32 caCertSz = sizeof(caCertDer); + word32 responderCertSz = sizeof(responderCertDer); + word32 responderKeyDerSz = sizeof(responderKeyDer); + word32 targetCertSz = sizeof(targetCertDer); + word32 respSz = 0; + byte reqBuf[1024]; + int reqSz = 0; + char caSubject[WC_ASN_NAME_MAX]; + word32 caSubjectSz = sizeof(caSubject); + byte serial[EXTERNAL_SERIAL_SIZE]; + word32 serialSz = sizeof(serial); + XFILE f = XBADFILE; + byte usingAuthCa = XSTRCMP(config->caCertPath, config->responderCertPath) != 0; + + printf("\nRunning OCSP Responder Test: %s (sendCerts=%d)\n", + config->testName, sendCerts); + + XMEMSET(&targetCert, 0, sizeof(targetCert)); + XMEMSET(&decodedCaCert, 0, sizeof(decodedCaCert)); + + /* Create certificate manager */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + + /* Load CA certificate */ + ExpectTrue((f = XFOPEN(config->caCertPath, "rb")) != XBADFILE); + ExpectIntGT(caCertSz = (word32)XFREAD(caCertDer, 1, + caCertSz, f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caCertDer, caCertSz, + WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + + wc_InitDecodedCert(&decodedCaCert, caCertDer, caCertSz, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCaCert, CERT_TYPE, 0, NULL), 0); + + /* Load responder certificate */ + ExpectTrue((f = XFOPEN(config->responderCertPath, "rb")) != XBADFILE); + ExpectIntGT(responderCertSz = (word32)XFREAD(responderCertDer, 1, + responderCertSz, f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + if (usingAuthCa && !sendCerts) { + /* If responder is not sending certs then it must be loaded into cm */ + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, responderCertDer, + responderCertSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + } + + /* Load responder private key */ + ExpectTrue((f = XFOPEN(config->responderKeyPath, "rb")) != XBADFILE); + ExpectIntGT(responderKeyDerSz = (word32)XFREAD(responderKeyDer, 1, + responderKeyDerSz, f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Load target certificate */ + ExpectTrue((f = XFOPEN(config->targetCertPath, "rb")) != XBADFILE); + ExpectIntGT(targetCertSz = (word32)XFREAD(targetCertDer, 1, + targetCertSz, f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Parse target certificate */ + wc_InitDecodedCert(&targetCert, targetCertDer, targetCertSz, NULL); + ExpectIntEQ(wc_ParseCert(&targetCert, CERT_TYPE, 0, cm), 0); + + /* Create OCSP request from target certificate */ + ExpectNotNull(clientReq = wc_OcspRequest_new(NULL)); + ExpectIntEQ(wc_InitOcspRequest(clientReq, &targetCert, 1, NULL), 0); + ExpectIntGT(reqSz = wc_EncodeOcspRequest(clientReq, reqBuf, + sizeof(reqBuf)), 0); + + /* Create OCSP Responder */ + ExpectNotNull(responder = wc_OcspResponder_new(NULL, sendCerts)); + + /* Add responder (authorized) to responder */ + ExpectIntEQ(wc_OcspResponder_AddSigner(responder, + responderCertDer, responderCertSz, + responderKeyDer, responderKeyDerSz, + usingAuthCa ? caCertDer : NULL, usingAuthCa ? caCertSz : 0), 0); + + /* Set certificate status */ + ExpectIntEQ(wc_GetDecodedCertSubject(&decodedCaCert, caSubject, &caSubjectSz), 0); + ExpectIntGT(caSubjectSz, 0); + ExpectIntEQ(wc_GetDecodedCertSerial(&targetCert, serial, &serialSz), 0); + ExpectIntGT(serialSz, 0); + + ExpectIntEQ(wc_OcspResponder_SetCertStatus(responder, + caSubject, caSubjectSz, + serial, serialSz, + config->certStatus, + config->revocationTime, + config->revocationReason, + config->validityPeriod), 0); + + /* Get required response size */ + ExpectIntEQ(wc_OcspResponder_WriteResponse(responder, reqBuf, reqSz, + NULL, &respSz), 0); + + /* Allocate response buffer */ + ExpectNotNull(respBuf = (byte*)XMALLOC(respSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + /* Generate OCSP response */ + ExpectIntEQ(wc_OcspResponder_WriteResponse(responder, reqBuf, reqSz, + respBuf, &respSz), 0); + + /* Verify response matches expected result */ + { + WOLFSSL_OCSP* ocsp = NULL; + ExpectNotNull(ocsp = wc_NewOCSP(cm)); + ExpectIntEQ(wc_CheckCertOcspResponse(ocsp, &targetCert, respBuf, + respSz, NULL), config->expectedResult); + wc_FreeOCSP(ocsp); + } + + /* Cleanup */ + XFREE(respBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_OcspRequest_free(clientReq); + wc_OcspResponder_free(responder); + wc_FreeDecodedCert(&targetCert); + wc_FreeDecodedCert(&decodedCaCert); + wolfSSL_CertManagerFree(cm); + + return EXPECT_RESULT(); +} + +int test_ocsp_responder(void) +{ + EXPECT_DECLS; + time_t now = wc_Time(NULL); + OcspResponderTestConfig configs[] = { + { + "./certs/ca-cert.der", + "./certs/ca-cert.der", + "./certs/ca-key.der", + "./certs/server-cert.der", + CERT_GOOD, + 0, WC_CRL_REASON_UNSPECIFIED, + 86400, /* validityPeriod - 24 hours */ + 0, + "RSA server cert - GOOD status" + }, + { + "./certs/ca-cert.der", + "./certs/ca-cert.der", + "./certs/ca-key.der", + "./certs/server-cert.der", + CERT_REVOKED, + now, WC_CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ + 0, /* validityPeriod (not used for REVOKED) */ + OCSP_CERT_REVOKED, + "RSA server cert - REVOKED status" + }, + { + "./certs/ca-cert.der", + "./certs/ca-cert.der", + "./certs/ca-key.der", + "./certs/server-cert.der", + CERT_UNKNOWN, + 0, WC_CRL_REASON_UNSPECIFIED, + 0, /* validityPeriod (not used for UNKNOWN) */ + OCSP_CERT_UNKNOWN, + "RSA server cert - UNKNOWN status" + }, + { + "./certs/ocsp/root-ca-cert.der", + "./certs/ocsp/ocsp-responder-cert.der", + "./certs/ocsp/ocsp-responder-key.der", + "./certs/ocsp/intermediate1-ca-cert.der", + CERT_GOOD, + 0, WC_CRL_REASON_UNSPECIFIED, + 86400, /* validityPeriod - 24 hours */ + 0, + "RSA int1 cert with responder - GOOD status" + }, + { + "./certs/ocsp/root-ca-cert.der", + "./certs/ocsp/ocsp-responder-cert.der", + "./certs/ocsp/ocsp-responder-key.der", + "./certs/ocsp/intermediate1-ca-cert.der", + CERT_REVOKED, + now, WC_CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ + 0, /* validityPeriod (not used for REVOKED) */ + OCSP_CERT_REVOKED, + "RSA int1 cert with responder - REVOKED status" + }, + { + "./certs/ocsp/root-ca-cert.der", + "./certs/ocsp/ocsp-responder-cert.der", + "./certs/ocsp/ocsp-responder-key.der", + "./certs/ocsp/intermediate1-ca-cert.der", + CERT_UNKNOWN, + 0, WC_CRL_REASON_UNSPECIFIED, + 0, /* validityPeriod (not used for UNKNOWN) */ + OCSP_CERT_UNKNOWN, + "RSA int1 cert with responder - UNKNOWN status" + }, +#ifdef HAVE_ECC + { + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-key.der", + "./certs/server-ecc.der", + CERT_GOOD, + 0, WC_CRL_REASON_UNSPECIFIED, + 86400, /* validityPeriod - 24 hours */ + 0, + "ECC server cert - GOOD status" + }, + { + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-key.der", + "./certs/server-ecc.der", + CERT_REVOKED, + now, WC_CRL_REASON_AFFILIATION_CHANGED, + 0, /* validityPeriod (not used for REVOKED) */ + OCSP_CERT_REVOKED, + "ECC server cert - REVOKED status" + }, + { + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc-key.der", + "./certs/server-ecc.der", + CERT_UNKNOWN, + 0, WC_CRL_REASON_UNSPECIFIED, + 0, /* validityPeriod (not used for UNKNOWN) */ + OCSP_CERT_UNKNOWN, + "ECC server cert - UNKNOWN status" + } +#endif + }; + int i; + int numTests = (int)(sizeof(configs) / sizeof(configs[0])); + + /* Run each test configuration twice: once without certs, once with certs */ + for (i = 0; i < numTests; i++) { + ExpectIntEQ(ocspResponderTest_Run(&configs[i], 0), TEST_SUCCESS); + ExpectIntEQ(ocspResponderTest_Run(&configs[i], 1), TEST_SUCCESS); + } + + return EXPECT_RESULT(); +} +#else +int test_ocsp_responder(void) +{ + return TEST_SKIPPED; +} +#endif /* HAVE_OCSP_RESPONDER && !NO_SHA && !NO_RSA */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ocsp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,9 +23,14 @@ #define WOLFSSL_TEST_OCSP_H int test_ocsp_certid_enc_dec(void); +int test_ocsp_certid_dup(void); int test_ocsp_status_callback(void); int test_ocsp_basic_verify(void); int test_ocsp_response_parsing(void); int test_ocsp_tls_cert_cb(void); +int test_ocsp_cert_unknown_crl_fallback(void); +int test_ocsp_cert_unknown_crl_fallback_nonleaf(void); +int test_tls13_nonblock_ocsp_low_mfl(void); +int test_ocsp_responder(void); #endif /* WOLFSSL_TEST_OCSP_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp_test_blobs.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp_test_blobs.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ocsp_test_blobs.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ocsp_test_blobs.h 2026-05-24 09:58:33.000000000 +0000 @@ -3,7 +3,7 @@ * * ocsp_test_blobs.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,37 +42,37 @@ 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, - 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, - 0x31, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, - 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x31, 0x5a, + 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0xa3, 0x5a, 0x2a, 0x99, 0x67, - 0x53, 0x05, 0x9a, 0x78, 0x1d, 0x37, 0x22, 0x63, 0x0d, 0x59, 0x9e, 0x41, - 0x38, 0xef, 0xc2, 0x2a, 0x6e, 0x6e, 0xad, 0x35, 0xd4, 0x4d, 0xa9, 0x91, - 0x33, 0xf8, 0x74, 0xef, 0xf9, 0xaa, 0x18, 0xb7, 0x29, 0xf8, 0x3b, 0xe0, - 0x49, 0xe8, 0x50, 0x3c, 0x38, 0xd8, 0xee, 0x53, 0xd9, 0xb6, 0xe2, 0xda, - 0x63, 0x84, 0xef, 0xe3, 0xa8, 0xbc, 0x7c, 0x6d, 0x65, 0x9b, 0x97, 0x13, - 0x3f, 0x25, 0x82, 0x48, 0x61, 0x9b, 0x28, 0xdc, 0xae, 0xad, 0xa3, 0xb1, - 0x56, 0x42, 0xb8, 0x78, 0x10, 0x53, 0x03, 0x77, 0x51, 0x28, 0xd5, 0x7d, - 0x4d, 0x88, 0x9c, 0x15, 0xee, 0x7c, 0xac, 0x54, 0x86, 0x6b, 0xc2, 0x5e, - 0x2d, 0x64, 0xfb, 0xd9, 0x35, 0xfd, 0x18, 0x7e, 0xc3, 0x89, 0x3c, 0x72, - 0x8e, 0x22, 0xd0, 0x31, 0xb5, 0x5f, 0xc9, 0x2b, 0xed, 0x89, 0xec, 0xff, - 0x4b, 0xba, 0xde, 0x1a, 0x9e, 0xed, 0x61, 0x79, 0x4f, 0x85, 0xbc, 0x5c, - 0xc5, 0x50, 0xe3, 0x8a, 0xb1, 0x28, 0x45, 0x75, 0xb5, 0x65, 0x0b, 0xb9, - 0xb3, 0x6f, 0xd4, 0x4b, 0x4f, 0x6d, 0x45, 0x0a, 0x8f, 0xbf, 0xe5, 0xdf, - 0x87, 0x33, 0xd2, 0xaf, 0x09, 0x8a, 0x19, 0x5b, 0x3b, 0x4e, 0xad, 0xb3, - 0x6f, 0xdd, 0xf3, 0xf4, 0x4f, 0xd3, 0x68, 0xc5, 0x70, 0x74, 0x7c, 0xa0, - 0x77, 0xa8, 0x88, 0x73, 0x05, 0x6c, 0xe8, 0x56, 0x43, 0xa4, 0xe3, 0x9f, - 0x66, 0xa1, 0xbb, 0x3e, 0xbf, 0xbb, 0x49, 0xaf, 0x13, 0xa7, 0x13, 0x09, - 0x04, 0x52, 0x87, 0xdd, 0x0a, 0x72, 0x7b, 0x69, 0xd9, 0x5b, 0xa9, 0xfc, - 0xa5, 0x5a, 0x33, 0xad, 0xc6, 0x95, 0x26, 0x2c, 0x64, 0x3d, 0x6c, 0x47, - 0x3d, 0x88, 0xcb, 0x8b, 0x5b, 0x73, 0xf4, 0x93, 0x57, 0x70, 0x3e, 0xc1, - 0xbf, 0xfc, 0x54, 0xd1, 0xfb, 0xe3, 0x1f, 0x73, 0x9d, 0x47, 0xa0, 0x82, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7a, 0xc5, 0x6d, 0xfa, 0x8b, 0x75, + 0x9a, 0x46, 0x91, 0x3b, 0x23, 0xc2, 0xa0, 0x0d, 0x60, 0x0e, 0x61, 0x54, + 0x7c, 0xd7, 0xcb, 0x6c, 0x14, 0x9b, 0x11, 0x96, 0xe2, 0x83, 0xfa, 0x0f, + 0x70, 0xc9, 0xc9, 0x07, 0xa8, 0x53, 0x69, 0x90, 0xbb, 0xd5, 0x31, 0xb4, + 0x6f, 0xfc, 0x6b, 0x6b, 0xd9, 0x1a, 0xe5, 0xbc, 0xc8, 0x25, 0x93, 0x0b, + 0x9e, 0x9d, 0xb3, 0x9b, 0x07, 0x38, 0x79, 0x4c, 0xd0, 0xa1, 0xd1, 0x3f, + 0xf6, 0x8a, 0xf0, 0x77, 0xa4, 0xea, 0x8d, 0x23, 0xf4, 0xb0, 0xdf, 0x59, + 0x41, 0x5c, 0x77, 0x0e, 0xc2, 0x1c, 0xab, 0xbb, 0xb6, 0x12, 0x2e, 0x37, + 0x1f, 0xf7, 0x57, 0xa0, 0x02, 0x02, 0xed, 0x8c, 0xb7, 0x4d, 0xdd, 0xd0, + 0x02, 0xb6, 0x5f, 0xff, 0xa3, 0x0a, 0x28, 0x4b, 0x8f, 0x4e, 0x6d, 0x57, + 0x55, 0xd0, 0x4f, 0x3f, 0x4c, 0x45, 0x5b, 0x6f, 0x8c, 0x8e, 0xe4, 0xd9, + 0x62, 0xe8, 0x4c, 0x72, 0xd8, 0x0b, 0x5c, 0xce, 0xc9, 0x53, 0x76, 0x0e, + 0xb1, 0xaf, 0xf8, 0x15, 0xb2, 0x50, 0xd5, 0x69, 0x6f, 0xbe, 0xee, 0x17, + 0x06, 0x43, 0xc6, 0x6d, 0x9a, 0x12, 0x3d, 0x57, 0x14, 0xb3, 0x39, 0xc8, + 0x58, 0x76, 0x46, 0x57, 0xe3, 0xb4, 0x4a, 0x82, 0x8e, 0xf3, 0xdc, 0x99, + 0x0a, 0x34, 0x6e, 0x65, 0x3c, 0xef, 0xe4, 0x42, 0x85, 0x6c, 0xc5, 0xaf, + 0x76, 0xdb, 0x75, 0x2d, 0xd5, 0xb2, 0x69, 0x08, 0xec, 0xa3, 0x1d, 0x8e, + 0xdc, 0x7c, 0xbf, 0xb7, 0xa9, 0x6c, 0x9f, 0x7f, 0x9e, 0xb8, 0x9e, 0x1d, + 0x20, 0x64, 0xcf, 0x30, 0xf2, 0x2d, 0xa7, 0x80, 0x77, 0x53, 0xf9, 0x15, + 0xf1, 0xef, 0xb2, 0xa4, 0x30, 0x02, 0x94, 0xfe, 0x43, 0xad, 0xa0, 0x7c, + 0x67, 0x47, 0xe2, 0x42, 0x4a, 0x2d, 0x02, 0x9e, 0x6a, 0xb6, 0xa1, 0x57, + 0x3e, 0x9a, 0x47, 0xe2, 0xb1, 0xb7, 0xd2, 0x0f, 0x32, 0x8f, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, @@ -183,37 +183,37 @@ 0x01, 0x01, 0x04, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x06, 0x58, 0x30, 0x7a, 0xa2, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, - 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, - 0x34, 0x35, 0x31, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, + 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, + 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, - 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, + 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, - 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x96, 0x55, 0xb7, 0x59, - 0xc8, 0x72, 0xda, 0xa4, 0xae, 0xa4, 0x38, 0x1f, 0x65, 0x2e, 0x3f, 0x2c, - 0x19, 0x66, 0xa0, 0x10, 0x5d, 0xcf, 0x45, 0x52, 0x84, 0xcc, 0xe3, 0x45, - 0xd8, 0x6c, 0x74, 0x39, 0x01, 0x1d, 0x6b, 0x6a, 0x9c, 0x65, 0xc0, 0x26, - 0x32, 0x24, 0x38, 0x0d, 0xd3, 0xcd, 0x14, 0xa4, 0x22, 0x7e, 0x49, 0x10, - 0xee, 0xf0, 0xda, 0xb4, 0x7b, 0x92, 0x04, 0x3a, 0xe0, 0xce, 0x8b, 0x0c, - 0xdf, 0xa4, 0xf5, 0xe7, 0x94, 0x6d, 0x8b, 0x4b, 0x7c, 0x9e, 0xd3, 0x3f, - 0x20, 0xf8, 0x0a, 0x7f, 0xe6, 0x1a, 0x20, 0xd0, 0x7e, 0xde, 0x65, 0x38, - 0xe8, 0xc9, 0x99, 0xb2, 0x82, 0xf7, 0x95, 0xce, 0xf6, 0x25, 0x5e, 0xb6, - 0xb5, 0xad, 0x73, 0x63, 0x84, 0x4f, 0x6c, 0x54, 0xe2, 0x48, 0xb1, 0x65, - 0x6a, 0x6d, 0x2c, 0xe8, 0xf1, 0x6d, 0x42, 0x0e, 0x75, 0x02, 0x8f, 0x90, - 0xc4, 0x3d, 0x27, 0x64, 0x55, 0xfe, 0x31, 0x63, 0x4b, 0x9c, 0xa2, 0x99, - 0xa5, 0xb8, 0xa4, 0x10, 0x6f, 0xf9, 0x86, 0xbd, 0xb6, 0xeb, 0x49, 0x10, - 0x6c, 0x73, 0xd2, 0x9e, 0x9a, 0x8e, 0xe1, 0xb3, 0xde, 0x8a, 0xfe, 0x8b, - 0xdd, 0xb3, 0x81, 0x79, 0x26, 0x4a, 0x75, 0x70, 0xb9, 0x3a, 0x95, 0x27, - 0x6a, 0xe3, 0x2a, 0xaf, 0x57, 0x0e, 0xf8, 0x56, 0xc0, 0x71, 0x65, 0x75, - 0xdd, 0x3e, 0x51, 0x11, 0xda, 0x63, 0xae, 0x26, 0x8f, 0x8e, 0xc1, 0x5e, - 0xfb, 0xee, 0xa9, 0x39, 0xfa, 0xc8, 0xbe, 0xec, 0x62, 0x56, 0xf1, 0x5b, - 0x9c, 0xa0, 0x63, 0xde, 0x2b, 0xbf, 0x1f, 0xef, 0xd5, 0xec, 0x17, 0x13, - 0xba, 0x48, 0x30, 0x22, 0x19, 0xe1, 0xce, 0x25, 0xee, 0x90, 0xff, 0x2a, - 0x7d, 0xd4, 0x88, 0x79, 0x5b, 0xe7, 0x23, 0xe1, 0xbe, 0x8d, 0x84, 0x3d, - 0x1c, 0x4e, 0x1a, 0xdb, 0x15, 0x65, 0x79, 0xf7, 0xb1, 0xf8, 0xb0, 0x19, + 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x8b, 0x06, 0xc9, + 0x4f, 0x6c, 0x1d, 0xc4, 0x4e, 0x1a, 0xc6, 0xd2, 0xbc, 0x6b, 0xbe, 0x3f, + 0x9d, 0x73, 0x0c, 0xbd, 0x3a, 0x82, 0xc0, 0xed, 0xdf, 0x70, 0xaf, 0x00, + 0x7d, 0xdd, 0x53, 0xdd, 0x48, 0xd0, 0x6d, 0xcb, 0xec, 0xd6, 0x31, 0x08, + 0x03, 0x3b, 0xcf, 0x82, 0xce, 0x28, 0x9c, 0x2f, 0xc6, 0x19, 0x48, 0x75, + 0xe4, 0xa7, 0xce, 0x7d, 0x6f, 0xb0, 0x10, 0xb4, 0xc0, 0xbd, 0x1d, 0xe1, + 0x9c, 0x57, 0xbc, 0xff, 0xbf, 0x33, 0x42, 0x0b, 0xea, 0xb4, 0x17, 0x9a, + 0x47, 0x5b, 0x3b, 0xf5, 0xbf, 0xdc, 0x2d, 0xb5, 0xc6, 0xb1, 0xa5, 0xfd, + 0x31, 0xaf, 0xe4, 0x6d, 0xdd, 0xe0, 0x8c, 0x7b, 0x70, 0xe3, 0xcc, 0x59, + 0x77, 0xb3, 0x38, 0x7e, 0x0a, 0xf0, 0xbc, 0x08, 0x86, 0x37, 0xcf, 0x28, + 0xa8, 0x07, 0xe8, 0xae, 0x5c, 0x0d, 0xa5, 0x21, 0x0c, 0xdb, 0xa8, 0x8b, + 0x9e, 0x73, 0x77, 0xf8, 0x0d, 0x05, 0x21, 0xec, 0x4a, 0xf9, 0xb3, 0x71, + 0xcd, 0x4b, 0xc9, 0x5a, 0x22, 0xd4, 0x53, 0x0b, 0xac, 0x28, 0x8e, 0x12, + 0x6c, 0x73, 0xe9, 0x65, 0x53, 0xc8, 0x0e, 0xac, 0x39, 0x7e, 0xd0, 0x77, + 0xaf, 0x82, 0xfe, 0xa4, 0xf2, 0x85, 0xb3, 0x10, 0x73, 0xde, 0x5d, 0xe6, + 0xf0, 0xb6, 0xb9, 0x8c, 0x23, 0x35, 0xcc, 0x5f, 0x29, 0x42, 0x13, 0xd8, + 0x72, 0x6f, 0xc2, 0xf6, 0x10, 0x56, 0xb5, 0x27, 0xe8, 0xd2, 0x2b, 0x15, + 0x5f, 0x4e, 0x8e, 0xa2, 0x19, 0xba, 0x78, 0x0a, 0xa4, 0x24, 0xad, 0xe5, + 0x79, 0x72, 0x18, 0xac, 0xa5, 0xa4, 0x63, 0x0d, 0x33, 0xa3, 0x0c, 0xc0, + 0xbb, 0xcd, 0x15, 0x92, 0x7d, 0xa7, 0x4e, 0xd1, 0x89, 0xb7, 0x00, 0xde, + 0x49, 0x48, 0x0d, 0x28, 0xf1, 0xf1, 0xd8, 0x9c, 0xc3, 0xfa, 0xe8, 0x22, + 0xd9, 0x75, 0x9c, 0x0f, 0xfe, 0x80, 0x7e, 0xbb, 0x68, 0x70, 0x7f, 0x6c, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, @@ -337,37 +337,37 @@ 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, - 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, - 0x31, 0x32, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, - 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, + 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0c, 0x08, 0xa7, 0x1f, 0x3b, 0x80, - 0x04, 0x81, 0x91, 0x97, 0xf6, 0xe1, 0x1f, 0xb9, 0x88, 0x02, 0x83, 0xb2, - 0xe9, 0x25, 0x0c, 0x4e, 0x27, 0xcd, 0x5f, 0xc7, 0x8b, 0x40, 0x01, 0xb9, - 0x3b, 0xa1, 0xd4, 0x5b, 0xb4, 0x88, 0x30, 0x47, 0x35, 0xa9, 0xe4, 0x9c, - 0x6d, 0xee, 0x4c, 0xbf, 0x2c, 0x34, 0x41, 0x3e, 0x7a, 0x23, 0x0a, 0x37, - 0x19, 0x4c, 0x57, 0xce, 0xa6, 0x95, 0xda, 0xc9, 0x0f, 0xb3, 0x3a, 0x33, - 0x82, 0x93, 0x07, 0x84, 0x0b, 0x2b, 0x3f, 0x31, 0x00, 0x9c, 0xe2, 0xae, - 0x82, 0x44, 0x0e, 0x96, 0x01, 0x19, 0xa9, 0x95, 0x13, 0xd2, 0xcc, 0x8e, - 0xf2, 0x42, 0xac, 0x90, 0x4a, 0xfb, 0x54, 0xb8, 0x67, 0x09, 0x70, 0x87, - 0x02, 0xa9, 0x29, 0xfa, 0xee, 0x41, 0xf1, 0xf0, 0x0b, 0x6a, 0x8c, 0xeb, - 0x83, 0x55, 0xcf, 0x63, 0xc4, 0x92, 0x31, 0xa2, 0x4e, 0x1c, 0xad, 0x53, - 0x24, 0x96, 0x71, 0x03, 0x06, 0x15, 0xac, 0x8a, 0x6e, 0x17, 0x23, 0x2a, - 0x6e, 0x55, 0xae, 0xcb, 0xe4, 0x6a, 0x90, 0x31, 0x87, 0x32, 0x55, 0x02, - 0xc6, 0xf8, 0x84, 0xd9, 0x53, 0x87, 0x63, 0x74, 0x01, 0x8c, 0x75, 0x35, - 0xa7, 0x01, 0x94, 0xd4, 0x06, 0x77, 0xb5, 0xac, 0x13, 0xe6, 0x21, 0x59, - 0x42, 0x7c, 0x3f, 0x5a, 0x19, 0x79, 0xb7, 0xd5, 0xde, 0xac, 0x80, 0x03, - 0xd8, 0x52, 0x5c, 0xc9, 0xcd, 0xf1, 0x1c, 0xe2, 0x86, 0x72, 0x5f, 0xe7, - 0xfc, 0xe8, 0xa3, 0xa9, 0xb1, 0xb0, 0xbc, 0x06, 0xe8, 0xe7, 0x33, 0x71, - 0x64, 0xb3, 0x9d, 0xb3, 0x61, 0x1c, 0x13, 0x86, 0x16, 0x55, 0xc0, 0x8e, - 0x3d, 0x60, 0xea, 0x36, 0xdd, 0xbf, 0x88, 0x08, 0x2c, 0x07, 0x7d, 0xb0, - 0xac, 0xe9, 0x48, 0xd5, 0xf4, 0x1f, 0x0e, 0xb4, 0xe3, 0x79, 0xbe, 0x75, - 0x7e, 0x74, 0x0a, 0xa3, 0xb3, 0xf6, 0x5a, 0x85, 0x03, 0x38, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7a, 0xc5, 0x6d, 0xfa, 0x8b, 0x75, + 0x9a, 0x46, 0x91, 0x3b, 0x23, 0xc2, 0xa0, 0x0d, 0x60, 0x0e, 0x61, 0x54, + 0x7c, 0xd7, 0xcb, 0x6c, 0x14, 0x9b, 0x11, 0x96, 0xe2, 0x83, 0xfa, 0x0f, + 0x70, 0xc9, 0xc9, 0x07, 0xa8, 0x53, 0x69, 0x90, 0xbb, 0xd5, 0x31, 0xb4, + 0x6f, 0xfc, 0x6b, 0x6b, 0xd9, 0x1a, 0xe5, 0xbc, 0xc8, 0x25, 0x93, 0x0b, + 0x9e, 0x9d, 0xb3, 0x9b, 0x07, 0x38, 0x79, 0x4c, 0xd0, 0xa1, 0xd1, 0x3f, + 0xf6, 0x8a, 0xf0, 0x77, 0xa4, 0xea, 0x8d, 0x23, 0xf4, 0xb0, 0xdf, 0x59, + 0x41, 0x5c, 0x77, 0x0e, 0xc2, 0x1c, 0xab, 0xbb, 0xb6, 0x12, 0x2e, 0x37, + 0x1f, 0xf7, 0x57, 0xa0, 0x02, 0x02, 0xed, 0x8c, 0xb7, 0x4d, 0xdd, 0xd0, + 0x02, 0xb6, 0x5f, 0xff, 0xa3, 0x0a, 0x28, 0x4b, 0x8f, 0x4e, 0x6d, 0x57, + 0x55, 0xd0, 0x4f, 0x3f, 0x4c, 0x45, 0x5b, 0x6f, 0x8c, 0x8e, 0xe4, 0xd9, + 0x62, 0xe8, 0x4c, 0x72, 0xd8, 0x0b, 0x5c, 0xce, 0xc9, 0x53, 0x76, 0x0e, + 0xb1, 0xaf, 0xf8, 0x15, 0xb2, 0x50, 0xd5, 0x69, 0x6f, 0xbe, 0xee, 0x17, + 0x06, 0x43, 0xc6, 0x6d, 0x9a, 0x12, 0x3d, 0x57, 0x14, 0xb3, 0x39, 0xc8, + 0x58, 0x76, 0x46, 0x57, 0xe3, 0xb4, 0x4a, 0x82, 0x8e, 0xf3, 0xdc, 0x99, + 0x0a, 0x34, 0x6e, 0x65, 0x3c, 0xef, 0xe4, 0x42, 0x85, 0x6c, 0xc5, 0xaf, + 0x76, 0xdb, 0x75, 0x2d, 0xd5, 0xb2, 0x69, 0x08, 0xec, 0xa3, 0x1d, 0x8e, + 0xdc, 0x7c, 0xbf, 0xb7, 0xa9, 0x6c, 0x9f, 0x7f, 0x9e, 0xb8, 0x9e, 0x1d, + 0x20, 0x64, 0xcf, 0x30, 0xf2, 0x2d, 0xa7, 0x80, 0x77, 0x53, 0xf9, 0x15, + 0xf1, 0xef, 0xb2, 0xa4, 0x30, 0x02, 0x94, 0xfe, 0x43, 0xad, 0xa0, 0x7c, + 0x67, 0x47, 0xe2, 0x42, 0x4a, 0x2d, 0x02, 0x9e, 0x6a, 0xb6, 0xa1, 0x57, + 0x3e, 0x9a, 0x47, 0xe2, 0xb1, 0xb7, 0xd2, 0x0f, 0x32, 0x8f, }; unsigned char resp_multi[] = { @@ -387,44 +387,44 @@ 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, - 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x81, 0x9e, 0x30, + 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, + 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x81, 0x9e, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, - 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, - 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, + 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x02, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, - 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, + 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0x2b, 0x73, 0x06, 0x9f, - 0x64, 0x03, 0xa4, 0x84, 0xdc, 0x1d, 0x19, 0x1e, 0x2e, 0xee, 0x6e, 0xfd, - 0x96, 0x07, 0x6d, 0xa1, 0x79, 0xad, 0x65, 0xbd, 0x6e, 0xe5, 0xf1, 0x0d, - 0xae, 0xd2, 0x3d, 0xda, 0xf0, 0xc3, 0x2b, 0x21, 0xd7, 0x31, 0x7c, 0x77, - 0x74, 0x86, 0xc8, 0xad, 0xb7, 0xb0, 0xc3, 0x13, 0x42, 0x37, 0x58, 0x39, - 0xf6, 0xb1, 0x1a, 0x15, 0x57, 0x0c, 0x5e, 0xe6, 0xe7, 0x5b, 0x29, 0x3c, - 0x59, 0xba, 0x41, 0x91, 0xe1, 0x8f, 0x7a, 0x95, 0x9e, 0xaf, 0xa0, 0xbc, - 0xf2, 0x69, 0x85, 0x34, 0xe0, 0xb0, 0x9e, 0xc3, 0x73, 0x67, 0xec, 0xd3, - 0x67, 0xbe, 0x15, 0xbd, 0x5f, 0xa0, 0x07, 0xd4, 0x37, 0xda, 0xd5, 0x3d, - 0xf5, 0x4c, 0xfc, 0x40, 0xe3, 0x61, 0xdc, 0xb4, 0x42, 0x04, 0x64, 0xb8, - 0xf7, 0x68, 0x86, 0x3d, 0x2b, 0x68, 0xf3, 0xf1, 0x80, 0xf9, 0x52, 0x93, - 0x5f, 0x9e, 0x67, 0xa9, 0xec, 0x4c, 0x37, 0x2a, 0xfe, 0xbe, 0x57, 0xa5, - 0x28, 0x0b, 0xfb, 0xc7, 0xa2, 0x18, 0x4b, 0xed, 0xee, 0xc0, 0x23, 0x8e, - 0xd3, 0x73, 0x5c, 0x6a, 0x58, 0xf4, 0x8e, 0x39, 0x3e, 0x54, 0xf2, 0x93, - 0x97, 0x4b, 0x46, 0xd7, 0x64, 0xc9, 0x8c, 0x0b, 0x5f, 0x69, 0xeb, 0x34, - 0x73, 0x69, 0xd0, 0x99, 0x4e, 0x84, 0x3d, 0x3b, 0x1c, 0x6c, 0x39, 0x5f, - 0xfa, 0x19, 0xd2, 0xa9, 0xd4, 0xf9, 0xc5, 0x99, 0x6e, 0xfa, 0x8e, 0xdb, - 0x67, 0x14, 0x01, 0xf8, 0x20, 0xfa, 0xad, 0x29, 0x27, 0xf9, 0x58, 0x97, - 0xbe, 0x78, 0x6b, 0xb5, 0xa2, 0x02, 0x15, 0xff, 0xde, 0x41, 0xbb, 0xec, - 0x07, 0x75, 0xcf, 0xe5, 0x6a, 0x3e, 0x87, 0x8d, 0x35, 0xc4, 0xf0, 0xbc, - 0x6e, 0x47, 0x66, 0x6c, 0x8f, 0x23, 0x0e, 0xb0, 0xfe, 0x52, 0xa7, 0xc0, - 0xf3, 0x54, 0x9c, 0xee, 0xea, 0x14, 0xd4, 0xb7, 0x10, 0x1c, 0x73, + 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x41, 0x54, 0xbe, 0x6b, 0x1c, + 0x61, 0x04, 0xd8, 0x18, 0x01, 0xc8, 0x63, 0xc4, 0x27, 0x4d, 0xf6, 0x16, + 0x1e, 0xef, 0x8e, 0x4b, 0x80, 0x90, 0x2d, 0x9d, 0xfe, 0xa6, 0x6c, 0x2b, + 0x91, 0x1c, 0x95, 0xbe, 0x2b, 0x5c, 0xdf, 0xaa, 0xcf, 0x79, 0x07, 0x15, + 0xe8, 0x31, 0x4f, 0xf5, 0xb5, 0x74, 0x47, 0x16, 0x75, 0x97, 0x49, 0x5e, + 0x60, 0xb5, 0x0e, 0x87, 0x35, 0x47, 0x99, 0x1e, 0xd7, 0x6b, 0x06, 0xad, + 0x38, 0xa5, 0x63, 0x00, 0x3e, 0x8c, 0xe5, 0xb1, 0xbf, 0x91, 0x85, 0x1a, + 0x70, 0x25, 0xcd, 0xa6, 0xcc, 0x0c, 0xb3, 0x18, 0x54, 0x4c, 0x52, 0x5e, + 0x33, 0x41, 0x61, 0xf7, 0x1e, 0x24, 0xc2, 0x42, 0xe2, 0xa4, 0xfe, 0xad, + 0x51, 0x09, 0x89, 0xe5, 0xb2, 0x4d, 0x32, 0x47, 0xd3, 0x5f, 0x8a, 0xc5, + 0x78, 0xa9, 0x8b, 0x4e, 0x78, 0xf0, 0xc6, 0xbd, 0x68, 0x72, 0x3a, 0xe7, + 0x1f, 0x80, 0x84, 0xbb, 0x05, 0x23, 0x16, 0x7a, 0x56, 0xf5, 0xff, 0xac, + 0xba, 0xbf, 0x99, 0x63, 0x9e, 0x7e, 0x8b, 0x1b, 0x98, 0xf3, 0x33, 0xcf, + 0xd4, 0x5b, 0x94, 0xcb, 0x4b, 0xd4, 0x4e, 0x55, 0x12, 0x4d, 0x33, 0xcf, + 0x12, 0x2f, 0x9c, 0xbd, 0x42, 0xf6, 0xb1, 0xad, 0x92, 0x81, 0x35, 0x24, + 0x29, 0x50, 0x25, 0x36, 0xb3, 0x6f, 0x9e, 0x78, 0x16, 0x2c, 0x3b, 0x4b, + 0x55, 0x46, 0xf9, 0x42, 0x24, 0x50, 0x4d, 0xba, 0x72, 0xae, 0x6e, 0xa0, + 0xa9, 0xcf, 0x46, 0xe1, 0xb3, 0x14, 0x6b, 0x4c, 0xbb, 0x1d, 0x92, 0x0f, + 0x90, 0xf8, 0xa5, 0x13, 0x88, 0x4c, 0x77, 0xc5, 0xd4, 0x82, 0xa3, 0xde, + 0xef, 0x74, 0x62, 0x4a, 0xc1, 0xb7, 0x8b, 0xb4, 0xac, 0xa4, 0x26, 0x32, + 0xed, 0x69, 0x1b, 0x3e, 0x4c, 0x04, 0xca, 0x5e, 0xbf, 0x19, 0x17, 0xf9, + 0xf1, 0x5e, 0x7a, 0x44, 0xd5, 0x1c, 0x51, 0xc2, 0x06, 0x2f, 0x74, }; unsigned char resp_bad_noauth[] = { @@ -444,44 +444,44 @@ 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, - 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x81, 0x9e, 0x30, + 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, + 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x81, 0x9e, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, - 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, - 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, + 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0xff, 0x66, 0x21, 0x8a, 0x6e, 0xc5, 0x86, 0x61, 0x84, 0x25, 0x9a, 0xba, 0xd6, 0x55, 0x39, 0xfb, 0x25, 0x51, 0x2c, 0xdd, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, - 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, + 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, - 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x05, 0xf6, 0xc6, 0x48, 0x26, - 0x16, 0xf7, 0x42, 0x1d, 0x97, 0xa4, 0x49, 0xc9, 0x3d, 0xad, 0x42, 0x72, - 0x01, 0xe7, 0x76, 0x9b, 0x4b, 0xc6, 0x61, 0x6d, 0xa4, 0x62, 0xc4, 0x0e, - 0x24, 0x67, 0xdd, 0xfa, 0xd0, 0xa2, 0x10, 0x73, 0x0d, 0x23, 0xb1, 0xd1, - 0xd1, 0x19, 0x3d, 0x26, 0x8b, 0xd1, 0x0d, 0x43, 0xfe, 0x30, 0x23, 0xf8, - 0xde, 0x0a, 0x9a, 0x61, 0xe4, 0xb6, 0xa8, 0x1b, 0xec, 0xd5, 0x79, 0x9b, - 0x8f, 0x06, 0x2b, 0x78, 0x26, 0xca, 0xfc, 0xa3, 0x45, 0x07, 0x77, 0x69, - 0xab, 0x65, 0x9c, 0x66, 0x08, 0x0b, 0x94, 0xe1, 0x2b, 0x3e, 0xd2, 0x84, - 0xed, 0x68, 0xdd, 0x12, 0x76, 0x47, 0x43, 0x7e, 0xc3, 0x5c, 0x3d, 0x88, - 0x39, 0x6c, 0xf0, 0xb5, 0x86, 0xc1, 0x17, 0xb9, 0x2e, 0xdc, 0xf3, 0x4c, - 0xd8, 0x9b, 0xe4, 0xfe, 0xd1, 0x12, 0xee, 0x8e, 0xbd, 0xc3, 0xb8, 0x20, - 0x36, 0x4e, 0x06, 0xdc, 0x64, 0xab, 0x97, 0xd0, 0x81, 0x57, 0xc0, 0xf0, - 0x6c, 0x09, 0xe6, 0x3a, 0x13, 0x49, 0xc7, 0x66, 0x23, 0xf6, 0xd1, 0xec, - 0x06, 0xe7, 0x8a, 0xca, 0xfc, 0x24, 0xec, 0x1f, 0xc4, 0x37, 0x04, 0x6e, - 0x10, 0x0d, 0xbf, 0x73, 0x5c, 0x8c, 0x5b, 0xc3, 0xb6, 0xb7, 0xf0, 0xc7, - 0x80, 0xbc, 0x45, 0xa3, 0x34, 0x4c, 0x87, 0x94, 0x5e, 0x1c, 0xc8, 0xb0, - 0x46, 0xc5, 0xc6, 0x80, 0x83, 0x82, 0x66, 0x2a, 0x22, 0xa9, 0x66, 0xf3, - 0x3e, 0x7e, 0x17, 0xd7, 0x43, 0x11, 0x34, 0xf3, 0xf6, 0x83, 0x51, 0xd6, - 0x5a, 0x70, 0x3b, 0xe6, 0x79, 0xab, 0x47, 0x76, 0x83, 0x45, 0x93, 0xb9, - 0xc5, 0x11, 0xa9, 0x76, 0x93, 0x16, 0x58, 0xf3, 0x4f, 0x46, 0x9f, 0x13, - 0x6c, 0x41, 0x3d, 0xc0, 0x07, 0xac, 0x40, 0x6a, 0x23, 0x30, 0x97, 0x92, - 0x9f, 0x9a, 0xbf, 0x10, 0x9b, 0x0e, 0x14, 0xcd, 0x9a, 0x93, 0x49, + 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x48, 0xda, 0xe8, 0xb5, 0x4d, + 0xaa, 0x6e, 0x28, 0xd8, 0x30, 0xb3, 0x3d, 0x50, 0xf8, 0x83, 0x3c, 0xbb, + 0x2a, 0xb2, 0x10, 0x20, 0x48, 0x53, 0x78, 0x33, 0x8d, 0x31, 0x90, 0xbd, + 0x54, 0xa1, 0x49, 0x6b, 0xc0, 0x2f, 0x8b, 0xf1, 0x02, 0x39, 0x90, 0x73, + 0xfc, 0x81, 0x1e, 0xf2, 0xc9, 0xaa, 0x14, 0x5e, 0xb8, 0xda, 0x89, 0xdb, + 0x1a, 0xde, 0xc1, 0xcf, 0x61, 0xb2, 0xbf, 0x1a, 0xa7, 0x50, 0x51, 0x47, + 0x5e, 0x0e, 0xdb, 0xdb, 0x2f, 0xad, 0x46, 0xcc, 0x02, 0x71, 0xb7, 0x37, + 0xc9, 0x1a, 0x7d, 0xc9, 0xc2, 0x55, 0x45, 0xa3, 0xc6, 0x17, 0xfc, 0x53, + 0x6e, 0x11, 0xf2, 0x31, 0x13, 0x71, 0xe6, 0x65, 0xc0, 0xf7, 0x05, 0xda, + 0x97, 0x33, 0x37, 0xdc, 0x81, 0x4a, 0xc5, 0x99, 0x89, 0xc1, 0xe3, 0x8f, + 0x99, 0x02, 0xb1, 0xda, 0x44, 0x16, 0x63, 0x14, 0x12, 0x20, 0x49, 0x01, + 0x44, 0xa4, 0xe6, 0x6d, 0xde, 0x8f, 0xfb, 0x7a, 0xbd, 0xcb, 0xf8, 0xd4, + 0x2d, 0x18, 0x65, 0x44, 0xc5, 0x5c, 0xec, 0xd4, 0x7a, 0x1f, 0x6a, 0xf6, + 0xa2, 0x71, 0x7b, 0x03, 0x61, 0xa9, 0x9b, 0x2b, 0x3d, 0xe1, 0x8d, 0xea, + 0x75, 0xa8, 0x0c, 0x22, 0xa3, 0xa6, 0x3d, 0xb8, 0x79, 0x88, 0x4b, 0x34, + 0x9c, 0x5b, 0x37, 0x17, 0x85, 0xf7, 0xbb, 0xd4, 0xaa, 0x51, 0x58, 0x09, + 0x39, 0x0c, 0xa1, 0xca, 0x90, 0x50, 0x7c, 0x2f, 0x4e, 0x92, 0xfc, 0xdd, + 0xd3, 0xca, 0x64, 0xcc, 0x25, 0x4c, 0xfc, 0xaa, 0x04, 0x68, 0x5e, 0x66, + 0x7f, 0x3d, 0x04, 0x28, 0x42, 0xae, 0x93, 0xd2, 0x75, 0x38, 0x55, 0x38, + 0xc3, 0xda, 0x5d, 0x93, 0x20, 0x74, 0x31, 0x02, 0x95, 0x07, 0x8e, 0x91, + 0xd0, 0x0e, 0x17, 0xca, 0xe7, 0x8d, 0x1e, 0xb1, 0x56, 0x26, 0x4c, 0x65, + 0x66, 0x5f, 0x53, 0x69, 0x7d, 0xd7, 0x3a, 0xa7, 0x70, 0xf7, 0xbd, }; unsigned char resp_bad_embedded_cert[] = { @@ -501,38 +501,38 @@ 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, - 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, - 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, + 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, + 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, - 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, - 0x35, 0x31, 0x32, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x39, 0xb1, - 0xe0, 0x89, 0x79, 0xb7, 0x70, 0x14, 0xb9, 0x05, 0x0a, 0x2d, 0xf1, 0xa7, - 0x48, 0xbc, 0x28, 0x31, 0xc4, 0x8c, 0xd9, 0xe8, 0x99, 0x99, 0x0d, 0xb8, - 0x7c, 0x05, 0xc1, 0xd8, 0x16, 0x72, 0x30, 0x98, 0x85, 0xbb, 0xc9, 0xc3, - 0x99, 0x79, 0xaa, 0x2b, 0x82, 0xb3, 0x24, 0xc9, 0xe1, 0x27, 0x71, 0x37, - 0x6c, 0x07, 0x6a, 0x44, 0x96, 0xa3, 0x5e, 0x8b, 0x07, 0x54, 0x4a, 0x2b, - 0x3d, 0xe0, 0x1f, 0xfb, 0xa6, 0xce, 0xb7, 0x0a, 0x40, 0x1a, 0xb8, 0x8e, - 0xff, 0x5c, 0xeb, 0xb7, 0x87, 0xcf, 0xfc, 0xfb, 0x2d, 0xf0, 0x14, 0x60, - 0xc0, 0x9a, 0xfa, 0xc7, 0x1a, 0x91, 0x61, 0xe9, 0x66, 0x32, 0x52, 0x73, - 0x2b, 0x44, 0x28, 0xd9, 0xe9, 0xb9, 0xcd, 0x3d, 0x8e, 0x8a, 0x56, 0x09, - 0x21, 0x24, 0xf4, 0x74, 0xd9, 0xad, 0xf2, 0x52, 0xb9, 0x7e, 0xd0, 0x34, - 0xa0, 0xfe, 0xf0, 0xfc, 0x3f, 0x2f, 0x27, 0x0b, 0x85, 0x26, 0x52, 0xc4, - 0x0f, 0xb2, 0x75, 0xdd, 0x9e, 0xd6, 0xd2, 0xcf, 0x78, 0x47, 0x72, 0x5c, - 0x31, 0xdc, 0x95, 0x4e, 0x4a, 0x97, 0x67, 0xbd, 0x81, 0x80, 0xee, 0xc3, - 0xc8, 0xb6, 0xd2, 0x8d, 0xb2, 0x67, 0xfd, 0x79, 0x3c, 0xc6, 0xa4, 0xbf, - 0xf8, 0xea, 0xcf, 0xf8, 0x95, 0x66, 0x65, 0x1d, 0x28, 0x6c, 0x52, 0x91, - 0xdc, 0x2a, 0x6c, 0x17, 0x54, 0x2b, 0x89, 0x44, 0xd9, 0xe3, 0x9c, 0x4c, - 0xf3, 0x8d, 0x1c, 0x02, 0x1b, 0x8d, 0x83, 0xbe, 0x4d, 0x67, 0xed, 0x13, - 0x47, 0xbd, 0xfb, 0x45, 0xa6, 0x7c, 0x6d, 0x20, 0x1a, 0xbc, 0x6f, 0x28, - 0xa3, 0xa2, 0xc5, 0xfc, 0x89, 0x12, 0xc6, 0x3d, 0x9e, 0x0b, 0x32, 0xdc, - 0x7d, 0x62, 0x96, 0xaa, 0x08, 0x05, 0x55, 0xf4, 0x6b, 0x8c, 0xa8, 0x27, - 0xbb, 0x10, 0xdf, 0xe1, 0xdc, 0x01, 0x4b, 0x2a, 0x2b, 0x88, 0x48, 0x4d, - 0x42, 0x11, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x30, 0x82, + 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, + 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0xd5, + 0x57, 0x10, 0xc3, 0x7e, 0x8c, 0x6c, 0x0b, 0x75, 0x68, 0xca, 0x03, 0x12, + 0x30, 0xa7, 0xdb, 0x48, 0xf8, 0x1e, 0x3c, 0x42, 0x41, 0xdd, 0x4f, 0xf2, + 0x6c, 0xa4, 0x6f, 0x67, 0x15, 0x5a, 0xce, 0x04, 0xb9, 0x6d, 0xcb, 0x9d, + 0x06, 0x24, 0xa7, 0xf4, 0xaa, 0x31, 0x8c, 0xb5, 0x3c, 0x23, 0xbc, 0xea, + 0x5e, 0xe1, 0x47, 0x13, 0xe7, 0xcd, 0x33, 0x93, 0x23, 0x8d, 0xe4, 0x16, + 0x70, 0xdb, 0x75, 0x93, 0x34, 0xeb, 0x25, 0xbf, 0xd4, 0x24, 0x62, 0x27, + 0xe0, 0xfe, 0x20, 0xed, 0x1a, 0xd1, 0x2a, 0xae, 0xc4, 0x2d, 0xb6, 0xd8, + 0xbf, 0xbc, 0x6f, 0x15, 0x9f, 0xa1, 0xdc, 0x7d, 0x49, 0xa2, 0x95, 0x02, + 0xcf, 0x7f, 0x82, 0xeb, 0x27, 0x5a, 0x5b, 0xc2, 0xc9, 0xf8, 0xa9, 0x3c, + 0xc1, 0xc4, 0xa5, 0xed, 0xf2, 0x10, 0x3b, 0x2b, 0x5d, 0x84, 0xea, 0x90, + 0xff, 0x9b, 0xff, 0x23, 0x64, 0x15, 0x8e, 0x7b, 0xaf, 0x53, 0x16, 0x38, + 0x7c, 0x68, 0x3c, 0xfb, 0x29, 0x4c, 0xf4, 0x25, 0xf6, 0xf9, 0x91, 0x38, + 0xdd, 0x41, 0xa2, 0xb6, 0xd6, 0x85, 0x6e, 0xaf, 0xdf, 0x8a, 0x7f, 0x45, + 0xcd, 0x3b, 0x91, 0x84, 0x69, 0x93, 0xe2, 0xf7, 0x97, 0x0f, 0x93, 0x06, + 0xbe, 0x8e, 0x51, 0xda, 0x4f, 0x91, 0xa9, 0x7f, 0x97, 0xc3, 0x4b, 0x4a, + 0x4a, 0xd7, 0x8c, 0x9b, 0xb0, 0x38, 0x80, 0xe4, 0x9e, 0x74, 0xec, 0x2f, + 0x31, 0xb2, 0xa2, 0x77, 0x36, 0x5a, 0x4a, 0x74, 0x00, 0x3b, 0x33, 0x4e, + 0x59, 0xdc, 0xe4, 0xff, 0xb4, 0xfd, 0x1a, 0x37, 0x19, 0x37, 0x5c, 0xf9, + 0x9b, 0x94, 0x55, 0x99, 0xe2, 0x41, 0x78, 0xd2, 0xe0, 0x87, 0xf2, 0xc6, + 0x94, 0x7c, 0xaa, 0xd5, 0x28, 0xc4, 0x44, 0x0b, 0xa2, 0x29, 0xeb, 0xcb, + 0x2e, 0x2e, 0xcb, 0x6f, 0xe3, 0x64, 0xea, 0xe0, 0x77, 0x09, 0xf2, 0x3f, + 0x0b, 0xd6, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x30, 0x82, 0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, @@ -659,37 +659,37 @@ 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, - 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, - 0x31, 0x33, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, - 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x33, 0x5a, + 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92, 0xf3, 0x3c, 0x80, 0x59, 0xca, - 0xcd, 0xd6, 0xf4, 0x67, 0x69, 0x0d, 0x23, 0x4a, 0x0c, 0xa7, 0x0e, 0xfb, - 0xf7, 0xef, 0x99, 0xdf, 0x5b, 0xef, 0xac, 0x95, 0x8e, 0x81, 0x94, 0x4d, - 0x81, 0xf2, 0x8c, 0xb8, 0x93, 0x67, 0x84, 0x39, 0xdb, 0x6d, 0x97, 0x3e, - 0xc3, 0xff, 0xef, 0xb4, 0x66, 0x34, 0xb4, 0xb4, 0x66, 0xfa, 0x8a, 0xc0, - 0x17, 0x8b, 0xac, 0x8b, 0x02, 0x70, 0x49, 0x5b, 0x9b, 0xc7, 0xf7, 0xc3, - 0xcd, 0x8c, 0x2a, 0xd8, 0x07, 0xfd, 0xc2, 0x64, 0x37, 0x09, 0x2b, 0x29, - 0xba, 0xa4, 0xfc, 0xb2, 0xcd, 0x9c, 0xbf, 0x53, 0xa6, 0xe4, 0x41, 0xa4, - 0x3b, 0x75, 0x48, 0x6e, 0xd3, 0x23, 0xca, 0x9e, 0xbd, 0x49, 0xcc, 0xaf, - 0x41, 0x78, 0x93, 0xba, 0x91, 0xa6, 0xae, 0xd3, 0xbf, 0x2e, 0x79, 0x0a, - 0x9c, 0xa2, 0x89, 0xe3, 0x0d, 0xe1, 0x4c, 0x1e, 0xf0, 0x53, 0x62, 0x19, - 0xc4, 0x89, 0x18, 0xc9, 0x67, 0x64, 0x14, 0x4a, 0x4c, 0x50, 0xf1, 0xdf, - 0x64, 0xe8, 0x49, 0xc2, 0x19, 0xca, 0x74, 0xb6, 0x3d, 0xdb, 0x50, 0x59, - 0x33, 0x96, 0x72, 0x43, 0x5b, 0x7c, 0x51, 0x0b, 0x88, 0x5f, 0x90, 0x67, - 0x1b, 0xdd, 0x77, 0xca, 0xef, 0xb1, 0x32, 0x01, 0xcb, 0x4c, 0x9d, 0xbb, - 0x42, 0xbc, 0x68, 0x30, 0xc6, 0xa0, 0x61, 0x1f, 0xcd, 0xbd, 0x79, 0xc5, - 0x5d, 0x61, 0x87, 0x04, 0xad, 0x03, 0x6a, 0xdc, 0xd4, 0xfa, 0x36, 0xc5, - 0xde, 0x77, 0xd3, 0xf0, 0x5b, 0x26, 0x26, 0x17, 0x13, 0xbe, 0x03, 0x5d, - 0x19, 0x0b, 0x80, 0x52, 0xf7, 0x0c, 0xa9, 0x2a, 0xba, 0x03, 0x21, 0xe9, - 0xaf, 0x0b, 0xf8, 0x38, 0x3e, 0x01, 0x84, 0x5e, 0xd7, 0xe1, 0x1f, 0x29, - 0xd9, 0xb8, 0xb3, 0x7b, 0x4c, 0x2b, 0xb2, 0x1f, 0xcb, 0xb3, 0xb8, 0x98, - 0x0d, 0x42, 0xa8, 0x25, 0x61, 0x7f, 0x48, 0xa6, 0xb4, 0xd8, 0xa0, 0x82, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x71, 0x24, 0xd7, 0x8c, 0x32, 0x35, + 0x81, 0xe4, 0x17, 0xd4, 0x7a, 0xa2, 0xc4, 0x8f, 0xb6, 0xa3, 0x02, 0x94, + 0x5b, 0xf4, 0xfc, 0x8e, 0xed, 0x3a, 0xb5, 0x47, 0xfe, 0xe5, 0xe7, 0xb5, + 0x0a, 0xc7, 0x2d, 0x2e, 0x64, 0x80, 0x42, 0x32, 0x89, 0x89, 0x87, 0x6e, + 0x42, 0x08, 0xa8, 0x3e, 0x19, 0x09, 0xb3, 0x8b, 0xde, 0x3c, 0x90, 0x37, + 0x92, 0x9a, 0xb3, 0xf5, 0x71, 0x4b, 0x75, 0x99, 0x71, 0x75, 0xd2, 0xc0, + 0x1a, 0x09, 0xdf, 0x38, 0xf8, 0x08, 0x5e, 0x67, 0xa1, 0x39, 0x24, 0xe7, + 0xb7, 0x2a, 0x0e, 0xd6, 0x5b, 0x27, 0x64, 0xbf, 0x7d, 0x55, 0x13, 0x48, + 0x43, 0xa2, 0xac, 0x17, 0x9a, 0x4a, 0x84, 0x12, 0xb0, 0xb2, 0xdc, 0x8e, + 0xa0, 0xd8, 0x06, 0xb9, 0x85, 0xb1, 0xb3, 0x71, 0xe9, 0x01, 0xdb, 0xc7, + 0x67, 0x53, 0xa3, 0xcf, 0xab, 0x7a, 0x38, 0x43, 0x06, 0xc6, 0xec, 0x50, + 0x7d, 0xb0, 0xb3, 0xdd, 0xa0, 0x04, 0xfc, 0xa3, 0xe1, 0x1b, 0x83, 0xb4, + 0xfd, 0x6e, 0x0f, 0x94, 0xa2, 0x51, 0x02, 0x53, 0xbe, 0xed, 0x77, 0x6d, + 0xe3, 0x3a, 0xec, 0x1d, 0x61, 0xac, 0xcd, 0x24, 0x47, 0xbd, 0x1a, 0xa4, + 0xcd, 0x04, 0x36, 0x6d, 0x31, 0xe2, 0xca, 0x1c, 0xd8, 0x0e, 0xa3, 0x3b, + 0x12, 0xee, 0x35, 0x33, 0xe1, 0x75, 0x88, 0xd5, 0x0d, 0x71, 0x19, 0x9c, + 0xdf, 0x96, 0x62, 0x2f, 0xa5, 0x77, 0xbb, 0x93, 0x51, 0x80, 0xe8, 0x71, + 0x2b, 0xb3, 0x72, 0x1a, 0xda, 0x25, 0x44, 0x7a, 0x9a, 0x8d, 0xb3, 0x14, + 0x64, 0x16, 0xe4, 0xf6, 0x59, 0x32, 0x4e, 0x37, 0xa0, 0x7a, 0x4d, 0xcb, + 0xb8, 0xef, 0x1a, 0xfd, 0x40, 0x0e, 0x29, 0x47, 0x14, 0x7a, 0xd6, 0x2f, + 0xa3, 0x08, 0x5f, 0xe2, 0xe0, 0xf7, 0xac, 0xb8, 0x1e, 0x82, 0xae, 0x1d, + 0x21, 0x61, 0xa5, 0xec, 0x83, 0x57, 0x03, 0x06, 0xdc, 0xe9, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, @@ -812,37 +812,37 @@ 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, - 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, - 0x31, 0x33, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, - 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x33, 0x5a, + 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x70, 0xd2, 0x32, 0xbe, 0x2d, 0x7d, - 0x94, 0xce, 0x8d, 0x9b, 0x71, 0x1a, 0x2c, 0x84, 0x82, 0xa4, 0x3b, 0x1a, - 0x94, 0x5f, 0x47, 0x58, 0xb7, 0x1d, 0xae, 0xd2, 0xf3, 0xdd, 0x96, 0x96, - 0xe0, 0x94, 0x9e, 0x04, 0xf7, 0x98, 0x2f, 0x3a, 0x8e, 0x03, 0x18, 0x7f, - 0x06, 0x91, 0xdb, 0x13, 0x37, 0xb5, 0xb8, 0x44, 0x82, 0x84, 0xf2, 0x87, - 0xc2, 0xf8, 0x28, 0x1d, 0x19, 0x66, 0x98, 0x88, 0x0e, 0xc0, 0x7c, 0xec, - 0x7e, 0x82, 0xe3, 0x64, 0xa3, 0xf7, 0x83, 0x11, 0xbb, 0x83, 0x34, 0xfc, - 0x98, 0x6d, 0xbd, 0x37, 0xaa, 0x36, 0xd2, 0x98, 0x3a, 0xce, 0x80, 0x95, - 0x21, 0xad, 0x8d, 0x10, 0xb3, 0xb4, 0x91, 0x59, 0xc7, 0x2c, 0x79, 0xda, - 0xc0, 0x4a, 0xe1, 0xed, 0x07, 0x4d, 0x04, 0xad, 0x4c, 0x51, 0x40, 0x28, - 0xd8, 0x83, 0xe6, 0xd7, 0x83, 0x2b, 0x0b, 0xfa, 0x46, 0xda, 0x9a, 0x06, - 0xf9, 0x3c, 0xf6, 0x05, 0x53, 0xb9, 0xce, 0x56, 0xa0, 0x51, 0xa8, 0x3f, - 0xe0, 0x2a, 0xa8, 0x50, 0x2d, 0xa9, 0x36, 0x48, 0x2e, 0x80, 0x16, 0x31, - 0x1e, 0xbb, 0x57, 0x5f, 0x57, 0x5d, 0x45, 0xd0, 0xc5, 0x2b, 0x0f, 0xe4, - 0xa2, 0xa5, 0x00, 0x4f, 0x90, 0x58, 0x0d, 0x4c, 0x0a, 0xae, 0xc1, 0x5d, - 0xda, 0x22, 0xa2, 0xe3, 0x81, 0x9a, 0xb1, 0x5a, 0xb8, 0xf7, 0x9d, 0xd9, - 0xb6, 0x11, 0x0b, 0x89, 0x59, 0x51, 0x79, 0xa5, 0x94, 0x1f, 0xae, 0xa1, - 0x74, 0x14, 0x95, 0xea, 0xce, 0xf6, 0x72, 0x6d, 0x8d, 0x3c, 0xd7, 0xe2, - 0x62, 0x9c, 0x60, 0xe6, 0x30, 0x46, 0xba, 0x94, 0x5b, 0x28, 0x04, 0x4c, - 0xe4, 0x32, 0xeb, 0xc5, 0xc1, 0x82, 0x87, 0x50, 0x00, 0xd2, 0xc0, 0x21, - 0xec, 0xff, 0xda, 0xf1, 0x87, 0x8b, 0xa4, 0x19, 0xc2, 0x0c, 0x3b, 0x75, - 0xbb, 0x4e, 0xf9, 0x7f, 0x4d, 0x68, 0xef, 0xa8, 0x46, 0x93, 0xa0, 0x82, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x7a, 0xc5, 0x6d, 0xfa, 0x8b, 0x75, + 0x9a, 0x46, 0x91, 0x3b, 0x23, 0xc2, 0xa0, 0x0d, 0x60, 0x0e, 0x61, 0x54, + 0x7c, 0xd7, 0xcb, 0x6c, 0x14, 0x9b, 0x11, 0x96, 0xe2, 0x83, 0xfa, 0x0f, + 0x70, 0xc9, 0xc9, 0x07, 0xa8, 0x53, 0x69, 0x90, 0xbb, 0xd5, 0x31, 0xb4, + 0x6f, 0xfc, 0x6b, 0x6b, 0xd9, 0x1a, 0xe5, 0xbc, 0xc8, 0x25, 0x93, 0x0b, + 0x9e, 0x9d, 0xb3, 0x9b, 0x07, 0x38, 0x79, 0x4c, 0xd0, 0xa1, 0xd1, 0x3f, + 0xf6, 0x8a, 0xf0, 0x77, 0xa4, 0xea, 0x8d, 0x23, 0xf4, 0xb0, 0xdf, 0x59, + 0x41, 0x5c, 0x77, 0x0e, 0xc2, 0x1c, 0xab, 0xbb, 0xb6, 0x12, 0x2e, 0x37, + 0x1f, 0xf7, 0x57, 0xa0, 0x02, 0x02, 0xed, 0x8c, 0xb7, 0x4d, 0xdd, 0xd0, + 0x02, 0xb6, 0x5f, 0xff, 0xa3, 0x0a, 0x28, 0x4b, 0x8f, 0x4e, 0x6d, 0x57, + 0x55, 0xd0, 0x4f, 0x3f, 0x4c, 0x45, 0x5b, 0x6f, 0x8c, 0x8e, 0xe4, 0xd9, + 0x62, 0xe8, 0x4c, 0x72, 0xd8, 0x0b, 0x5c, 0xce, 0xc9, 0x53, 0x76, 0x0e, + 0xb1, 0xaf, 0xf8, 0x15, 0xb2, 0x50, 0xd5, 0x69, 0x6f, 0xbe, 0xee, 0x17, + 0x06, 0x43, 0xc6, 0x6d, 0x9a, 0x12, 0x3d, 0x57, 0x14, 0xb3, 0x39, 0xc8, + 0x58, 0x76, 0x46, 0x57, 0xe3, 0xb4, 0x4a, 0x82, 0x8e, 0xf3, 0xdc, 0x99, + 0x0a, 0x34, 0x6e, 0x65, 0x3c, 0xef, 0xe4, 0x42, 0x85, 0x6c, 0xc5, 0xaf, + 0x76, 0xdb, 0x75, 0x2d, 0xd5, 0xb2, 0x69, 0x08, 0xec, 0xa3, 0x1d, 0x8e, + 0xdc, 0x7c, 0xbf, 0xb7, 0xa9, 0x6c, 0x9f, 0x7f, 0x9e, 0xb8, 0x9e, 0x1d, + 0x20, 0x64, 0xcf, 0x30, 0xf2, 0x2d, 0xa7, 0x80, 0x77, 0x53, 0xf9, 0x15, + 0xf1, 0xef, 0xb2, 0xa4, 0x30, 0x02, 0x94, 0xfe, 0x43, 0xad, 0xa0, 0x7c, + 0x67, 0x47, 0xe2, 0x42, 0x4a, 0x2d, 0x02, 0x9e, 0x6a, 0xb6, 0xa1, 0x57, + 0x3e, 0x9a, 0x47, 0xe2, 0xb1, 0xb7, 0xd2, 0x0f, 0x32, 0x8f, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, @@ -965,37 +965,37 @@ 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, - 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, - 0x31, 0x34, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, + 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x63, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, - 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x34, 0x5a, + 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, - 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa7, 0x77, 0x60, 0x0d, 0x73, 0x9f, - 0x30, 0x09, 0xeb, 0x2f, 0xe4, 0x30, 0x7e, 0xf6, 0x42, 0x81, 0x60, 0x26, - 0x7d, 0x7e, 0x75, 0x2f, 0xe4, 0xb6, 0xd3, 0xe4, 0xd7, 0x04, 0x3c, 0x89, - 0xcd, 0x43, 0x51, 0x39, 0x25, 0xdc, 0x7e, 0xa4, 0xad, 0x7b, 0x26, 0xd3, - 0xe3, 0xa6, 0xe3, 0x5b, 0xf6, 0x5f, 0x1a, 0x28, 0xdb, 0xcd, 0xef, 0x78, - 0xe8, 0xde, 0x91, 0x5b, 0xe4, 0x10, 0x6d, 0xfb, 0x36, 0x74, 0x34, 0xf7, - 0xb5, 0xec, 0xb3, 0x4b, 0x02, 0xf2, 0x58, 0x5c, 0x97, 0x0a, 0xad, 0x2a, - 0xc8, 0x0c, 0xba, 0x2e, 0x7c, 0x90, 0x0b, 0x97, 0xa4, 0xc3, 0x2a, 0x58, - 0x77, 0xc4, 0x09, 0xc1, 0x9e, 0x63, 0xd9, 0x1e, 0x14, 0x63, 0x1a, 0x13, - 0xfa, 0xd6, 0xd1, 0xdd, 0xb8, 0xa0, 0x20, 0xda, 0x74, 0x49, 0x4f, 0x63, - 0xc9, 0x51, 0x7e, 0xa5, 0x14, 0x2c, 0xe1, 0xc1, 0x0d, 0x44, 0xe2, 0x60, - 0xc3, 0xdd, 0x6b, 0xd8, 0x8f, 0x09, 0x77, 0x7d, 0x17, 0x35, 0x44, 0x1b, - 0x24, 0x4e, 0x06, 0x1c, 0x25, 0x35, 0xc3, 0x2e, 0xe2, 0x61, 0x0e, 0xc9, - 0x19, 0xe7, 0x91, 0x62, 0x78, 0x04, 0x8d, 0x8c, 0xb6, 0x67, 0xfe, 0xda, - 0x7e, 0x29, 0x7e, 0xf1, 0xa5, 0x1e, 0x44, 0xe1, 0xdb, 0x6e, 0x6c, 0xd9, - 0x5d, 0x9c, 0x03, 0x2f, 0xb6, 0x86, 0xae, 0xe7, 0x47, 0x2e, 0x0f, 0xb0, - 0xac, 0xbf, 0x94, 0x03, 0x9c, 0xdb, 0x8b, 0xdc, 0x3c, 0xe6, 0x46, 0x69, - 0xf7, 0x3a, 0x17, 0x5b, 0x5e, 0xea, 0xbe, 0x2c, 0xf0, 0x34, 0xe9, 0x59, - 0xa8, 0xac, 0x38, 0x48, 0xb7, 0xda, 0x79, 0xe9, 0x77, 0x71, 0x3a, 0xa2, - 0xdc, 0xb2, 0x26, 0x48, 0x35, 0x6e, 0xac, 0x19, 0x5d, 0x4d, 0xd5, 0xe4, - 0xe5, 0x9c, 0xae, 0x4f, 0xe4, 0x70, 0x7d, 0xe3, 0xc1, 0x4d, 0x35, 0x00, - 0x58, 0xed, 0x18, 0x6c, 0x8a, 0x36, 0x82, 0x0f, 0x49, 0x66, 0xa0, 0x82, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x5b, 0x3e, 0x7d, 0xdc, 0x1b, 0x84, + 0xba, 0x74, 0xae, 0x09, 0x6d, 0xa3, 0xe2, 0x9e, 0x2f, 0x59, 0x10, 0x4c, + 0x8b, 0x65, 0x09, 0xa1, 0x49, 0x89, 0xa2, 0x02, 0x01, 0xd3, 0x94, 0x25, + 0xa6, 0xe4, 0x5a, 0x9a, 0x6b, 0xda, 0xbe, 0x55, 0xf5, 0x5c, 0x18, 0x4f, + 0x8e, 0xda, 0x0e, 0xfe, 0x16, 0x22, 0xc7, 0x08, 0xaa, 0x6b, 0x18, 0x96, + 0x94, 0xaa, 0x64, 0xe4, 0x0e, 0xc4, 0x5d, 0x73, 0x34, 0x6a, 0x29, 0xb0, + 0xe0, 0x4d, 0xc6, 0x9d, 0x7f, 0xea, 0x4c, 0x18, 0x32, 0xff, 0x64, 0x67, + 0x89, 0xbe, 0xbf, 0xe0, 0xf4, 0x0a, 0xe7, 0x03, 0x39, 0x1a, 0xb3, 0x2b, + 0x52, 0xd9, 0xd7, 0x48, 0x7a, 0x18, 0x0f, 0x92, 0x8e, 0xa8, 0xe3, 0x44, + 0x6a, 0x67, 0x65, 0x7c, 0xbe, 0x3f, 0xf9, 0xa0, 0x80, 0x58, 0x29, 0x40, + 0xa7, 0x56, 0xb8, 0x7e, 0x87, 0x78, 0x14, 0x5e, 0xd3, 0xb6, 0x2d, 0x1a, + 0xf0, 0x49, 0xe1, 0xd2, 0xb4, 0x79, 0xfe, 0xab, 0xaf, 0xb8, 0x04, 0x57, + 0xbb, 0x75, 0x4f, 0xe9, 0x55, 0xd2, 0x23, 0xb0, 0xb9, 0xf3, 0x02, 0x67, + 0xd8, 0x94, 0x66, 0x76, 0xd9, 0x5e, 0x3f, 0x77, 0x9b, 0x87, 0x7e, 0x43, + 0xa5, 0xef, 0x35, 0x06, 0xaa, 0xaf, 0x0f, 0x20, 0x2f, 0x09, 0x4f, 0xba, + 0x0b, 0xcd, 0x4f, 0x9a, 0xf4, 0x11, 0x83, 0x02, 0x34, 0x16, 0x25, 0x20, + 0x25, 0x00, 0xb0, 0x91, 0x42, 0x29, 0x5c, 0xd4, 0xb8, 0xf0, 0x28, 0x22, + 0x59, 0x7e, 0xf3, 0xc9, 0xb2, 0x74, 0x0a, 0xf1, 0xd7, 0x84, 0xb9, 0x0e, + 0x1b, 0xb5, 0xde, 0xa3, 0x0c, 0x25, 0xac, 0xd3, 0xef, 0xf2, 0x22, 0x49, + 0x8d, 0xec, 0x49, 0xa1, 0x25, 0xad, 0xd0, 0xa4, 0x93, 0x68, 0x6a, 0x95, + 0x7c, 0x6c, 0x4f, 0x43, 0x2a, 0x19, 0xbf, 0x55, 0x77, 0xe3, 0xdb, 0x77, + 0xc5, 0x85, 0x38, 0x2d, 0x07, 0x4a, 0x54, 0x45, 0x9e, 0xde, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, @@ -1100,6 +1100,320 @@ 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, }; +unsigned char resp_cert_unknown[] = { + 0x30, 0x82, 0x07, 0x24, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x1d, 0x30, + 0x82, 0x07, 0x19, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x07, 0x0a, 0x30, 0x82, 0x07, 0x06, 0x30, 0x81, + 0xff, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, + 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, + 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, + 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, + 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, + 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, + 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x82, 0x00, 0x18, + 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, + 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa6, 0x3c, + 0x6c, 0x8b, 0x2d, 0x50, 0xc4, 0x7f, 0xad, 0x19, 0x9f, 0x59, 0x6d, 0x18, + 0x5c, 0x5c, 0x49, 0x94, 0x20, 0x4b, 0x9d, 0x8d, 0x5a, 0x91, 0x09, 0x0b, + 0x8b, 0xdf, 0x4b, 0x99, 0xc5, 0xba, 0x62, 0xd1, 0x66, 0x25, 0x86, 0x03, + 0xb6, 0xde, 0x92, 0xb4, 0xab, 0x5d, 0x8d, 0x25, 0xdb, 0x32, 0xe8, 0x8d, + 0xe3, 0xd2, 0x07, 0x78, 0xae, 0x05, 0x66, 0xa2, 0x68, 0xa3, 0x3c, 0x13, + 0x78, 0xe2, 0xb2, 0x64, 0x3d, 0xff, 0x44, 0x27, 0x47, 0x42, 0xb6, 0xb5, + 0xea, 0xa6, 0xfc, 0x84, 0x2f, 0x5d, 0xf1, 0x3a, 0xa6, 0x16, 0xea, 0x4d, + 0x46, 0x3a, 0x5a, 0x89, 0x1a, 0x8d, 0x35, 0xd1, 0xe7, 0xb5, 0x31, 0xc5, + 0x64, 0xbe, 0xcd, 0xb0, 0x92, 0xa5, 0xe0, 0xec, 0x82, 0x1f, 0x2c, 0xbb, + 0x57, 0xa2, 0x77, 0x82, 0xf4, 0x08, 0x54, 0xff, 0xee, 0x77, 0xfb, 0xb6, + 0x5f, 0xc2, 0x3c, 0x84, 0x12, 0x60, 0x8e, 0xd8, 0x19, 0xc4, 0x82, 0xec, + 0x4c, 0x5f, 0x95, 0x0c, 0x93, 0xd4, 0xb4, 0x42, 0x0f, 0x67, 0xaf, 0xbb, + 0xaa, 0x26, 0x10, 0x82, 0x9a, 0xdb, 0xcf, 0x3e, 0x33, 0xe5, 0xe6, 0xd0, + 0x26, 0x84, 0xf5, 0x00, 0xc0, 0xe6, 0x9f, 0x62, 0x56, 0xdb, 0xd7, 0x8b, + 0x07, 0xf4, 0xeb, 0x08, 0x4d, 0xe9, 0xd5, 0x74, 0x04, 0xf4, 0x9f, 0xe2, + 0xde, 0x32, 0xc4, 0x60, 0x9f, 0x18, 0x5b, 0x67, 0x72, 0xab, 0x2a, 0x52, + 0x8c, 0x12, 0x5c, 0x4b, 0x6e, 0xda, 0xd9, 0x82, 0xfc, 0xfb, 0x19, 0xfc, + 0x97, 0x58, 0x2e, 0x12, 0x1c, 0x9e, 0x8c, 0x18, 0x57, 0xe9, 0xcb, 0xc8, + 0x6d, 0xea, 0x6b, 0x8c, 0xfc, 0x02, 0x5f, 0x00, 0xc2, 0x2f, 0x10, 0x2d, + 0xcc, 0xce, 0x9b, 0xc5, 0x4d, 0xf5, 0xdd, 0xca, 0xeb, 0x82, 0x4b, 0xfa, + 0x9d, 0x7b, 0x67, 0xe5, 0x98, 0x67, 0xa7, 0x2e, 0xac, 0xc8, 0x5c, 0xb2, + 0x1e, 0x10, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 0xea, 0x30, 0x82, + 0x04, 0xe6, 0x30, 0x82, 0x03, 0xce, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, + 0x01, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, + 0x33, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x38, + 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, 0x5a, 0x30, + 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, + 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, + 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xab, 0x2c, 0xb4, 0x2f, 0x1d, 0x06, + 0x09, 0xef, 0x4e, 0x29, 0x86, 0x84, 0x7e, 0xcc, 0xbf, 0xa6, 0x79, 0x7c, + 0xf0, 0xc0, 0xc1, 0x64, 0x25, 0x8c, 0x75, 0xb7, 0x10, 0x05, 0xca, 0x48, + 0x27, 0x0c, 0x0e, 0x32, 0x1c, 0xb0, 0xfe, 0x99, 0x85, 0x39, 0xb6, 0xb9, + 0xa2, 0xf7, 0x27, 0xff, 0x6d, 0x3c, 0x8c, 0x16, 0x73, 0x29, 0x21, 0x7f, + 0x8b, 0xa6, 0x54, 0x71, 0x90, 0xad, 0xcc, 0x05, 0xb9, 0x9f, 0x15, 0xc7, + 0x0a, 0x3f, 0x5f, 0x69, 0xf4, 0x0a, 0x5f, 0x8c, 0x71, 0xb5, 0x2c, 0xbf, + 0x66, 0xe2, 0x03, 0x9a, 0x32, 0xf4, 0xd2, 0xec, 0x2a, 0x89, 0x4b, 0xf9, + 0x35, 0x88, 0x14, 0x33, 0x47, 0x4e, 0x2e, 0x05, 0x79, 0x01, 0xed, 0x64, + 0x36, 0x76, 0xb9, 0xf8, 0x85, 0xcd, 0x01, 0x88, 0xac, 0xc5, 0xb2, 0xb1, + 0x59, 0xb8, 0xcd, 0x5a, 0xf4, 0x09, 0x09, 0x38, 0x9b, 0xda, 0x5a, 0xcf, + 0xce, 0x78, 0x99, 0x1f, 0x49, 0x3d, 0x41, 0xd6, 0x06, 0x7c, 0x52, 0x99, + 0xc8, 0x97, 0xd1, 0xb3, 0x80, 0x3a, 0xa2, 0x4f, 0x36, 0xc4, 0xc5, 0x96, + 0x30, 0x77, 0x31, 0x38, 0xc8, 0x70, 0xcc, 0xe1, 0x67, 0x06, 0xb3, 0x2b, + 0x2f, 0x93, 0xb5, 0x69, 0xcf, 0x83, 0x7e, 0x88, 0x53, 0x9b, 0x0f, 0x46, + 0x21, 0x4c, 0xd6, 0x05, 0x36, 0x44, 0x99, 0x60, 0x68, 0x47, 0xe5, 0x32, + 0x01, 0x12, 0xd4, 0x10, 0x73, 0xae, 0x9a, 0x34, 0x94, 0xfa, 0x6e, 0xb8, + 0x58, 0x4f, 0x7b, 0x5b, 0x8a, 0x92, 0x97, 0xad, 0xfd, 0x97, 0xb9, 0x75, + 0xca, 0xc2, 0xd4, 0x45, 0x7d, 0x17, 0x6b, 0xcd, 0x2f, 0xf3, 0x63, 0x7a, + 0x0e, 0x30, 0xb5, 0x0b, 0xa9, 0xd9, 0xa6, 0x7c, 0x74, 0x60, 0x9d, 0xcc, + 0x09, 0x03, 0x43, 0xf1, 0x0f, 0x90, 0xd3, 0xb7, 0xfe, 0x6c, 0x9f, 0xd9, + 0xcd, 0x78, 0x4b, 0x15, 0xae, 0x8c, 0x5b, 0xf9, 0x99, 0x81, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, + 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, + 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x58, 0x41, 0x01, 0xe5, 0x1b, 0xce, 0xbc, 0x51, + 0x0c, 0x23, 0xb2, 0x66, 0xdf, 0x39, 0xd9, 0x1e, 0xb1, 0xbd, 0x9a, 0xdb, + 0xfa, 0xda, 0x16, 0x83, 0x26, 0x6e, 0x7e, 0x2e, 0xf9, 0x5d, 0x46, 0x9a, + 0x52, 0xa0, 0x09, 0x6f, 0xf2, 0xc0, 0x96, 0xba, 0x49, 0xad, 0x29, 0x54, + 0x06, 0xe9, 0x21, 0xd6, 0x36, 0x5e, 0xd5, 0x43, 0x07, 0x2c, 0x5d, 0x4e, + 0xb7, 0xbf, 0x7c, 0xe5, 0x91, 0x75, 0xea, 0x0d, 0x56, 0x7c, 0xa3, 0xfd, + 0x82, 0xd8, 0x2e, 0x70, 0xfa, 0xfc, 0xab, 0x36, 0x36, 0xd5, 0xba, 0x63, + 0xd5, 0x42, 0xda, 0x21, 0xb4, 0x50, 0x9a, 0x86, 0x8a, 0xdf, 0x21, 0x26, + 0x03, 0xe8, 0xca, 0x6f, 0xc7, 0x51, 0x50, 0x6c, 0xcc, 0x40, 0xda, 0x4e, + 0x8f, 0x06, 0x15, 0xc0, 0x9a, 0x0d, 0x7a, 0x80, 0x2c, 0x95, 0xaa, 0x5a, + 0xad, 0xe2, 0x66, 0xb0, 0x32, 0xd6, 0x74, 0x87, 0xea, 0x7a, 0xb2, 0x46, + 0xd5, 0x2c, 0xcf, 0xfa, 0x18, 0x8a, 0x2f, 0xe0, 0x3a, 0xae, 0x17, 0x6a, + 0xf2, 0xce, 0x75, 0x8d, 0xe4, 0x4d, 0x74, 0x8f, 0xe7, 0xc6, 0x21, 0x29, + 0x65, 0x5d, 0x41, 0x07, 0xfb, 0x29, 0xd9, 0xbe, 0xea, 0xb2, 0xe3, 0x80, + 0x07, 0x8c, 0x14, 0x8d, 0xa3, 0x7d, 0xd1, 0x51, 0xaf, 0x26, 0x9d, 0xcd, + 0x01, 0xd5, 0x80, 0xaf, 0x68, 0x12, 0x41, 0x2b, 0xeb, 0x94, 0xcc, 0x45, + 0xd1, 0xc7, 0x66, 0xf3, 0xf9, 0x15, 0x72, 0xbe, 0x94, 0xe3, 0x21, 0x6d, + 0xf1, 0x08, 0x78, 0xb6, 0x5a, 0xee, 0x73, 0x09, 0x4b, 0xf4, 0x1a, 0x5e, + 0x02, 0x2a, 0x25, 0xf0, 0x3d, 0xd2, 0x03, 0xf2, 0x22, 0x15, 0x4b, 0x3d, + 0xaa, 0x35, 0xea, 0x90, 0xca, 0x44, 0x4e, 0x61, 0x77, 0xdb, 0xb4, 0x94, + 0x46, 0x77, 0xc6, 0x8c, 0x33, 0x09, 0xb6, 0x84, 0x3c, 0x4e, 0xac, 0xad, + 0x9d, 0xe0, 0x2f, 0x22, 0x5a, 0xbe, 0x25, 0x19, +}; + +unsigned char resp_server_cert_unknown[] = { + 0x30, 0x82, 0x07, 0x3a, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x33, 0x30, + 0x82, 0x07, 0x2f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x07, 0x20, 0x30, 0x82, 0x07, 0x1c, 0x30, 0x81, + 0xfc, 0xa1, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, + 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, + 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, + 0x0f, 0x32, 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, + 0x32, 0x30, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, + 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0xff, 0x66, 0x21, + 0x8a, 0x6e, 0xc5, 0x86, 0x61, 0x84, 0x25, 0x9a, 0xba, 0xd6, 0x55, 0x39, + 0xfb, 0x25, 0x51, 0x2c, 0xdd, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, + 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, + 0xe5, 0xe8, 0xd5, 0x02, 0x01, 0x01, 0x82, 0x00, 0x18, 0x0f, 0x32, 0x30, + 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, + 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x05, 0x2a, 0x8b, 0x72, 0x45, + 0xf4, 0xd9, 0xc0, 0xd4, 0xb3, 0x3d, 0xe0, 0xe3, 0x81, 0x1d, 0x7a, 0xaa, + 0xc4, 0xe7, 0x2b, 0xe5, 0x31, 0x50, 0x1c, 0x32, 0x7c, 0xe5, 0x15, 0x6a, + 0xdd, 0xe5, 0x8b, 0xb0, 0x61, 0x16, 0x8e, 0xf9, 0x3d, 0x97, 0xc6, 0x71, + 0x05, 0x80, 0x96, 0x64, 0x7f, 0x1f, 0x38, 0x5b, 0x12, 0xba, 0x7e, 0x0c, + 0x1b, 0xe7, 0xaf, 0x51, 0x6c, 0x02, 0xbe, 0xc6, 0xe1, 0xcf, 0xf7, 0x41, + 0xb0, 0x03, 0x89, 0x3d, 0xfd, 0xef, 0x87, 0x0f, 0xda, 0x48, 0xe2, 0x7a, + 0xc8, 0x75, 0x65, 0x38, 0xd6, 0x64, 0xab, 0x86, 0x24, 0x22, 0x20, 0x7f, + 0x8b, 0x36, 0x8c, 0x77, 0x3f, 0x2b, 0x08, 0x53, 0x17, 0x6b, 0xd4, 0x86, + 0x66, 0x42, 0x3e, 0x9d, 0x13, 0x73, 0x3c, 0x9e, 0x1e, 0xe0, 0xf3, 0xf1, + 0x0e, 0x88, 0xfd, 0xb8, 0xc3, 0xe3, 0x4e, 0xf8, 0x35, 0x8b, 0xe5, 0x11, + 0xd3, 0xf1, 0x2e, 0xf8, 0x68, 0x35, 0xd0, 0x73, 0x38, 0xef, 0xf1, 0x4e, + 0x24, 0xb4, 0xc0, 0x84, 0x00, 0xce, 0x7e, 0x9c, 0xe2, 0x67, 0x15, 0x44, + 0x8f, 0x72, 0x25, 0x1c, 0x0a, 0x4d, 0xbc, 0x61, 0xf9, 0x46, 0x0d, 0xb4, + 0x08, 0x0a, 0x21, 0xfd, 0xd5, 0x99, 0x67, 0xe1, 0x72, 0x9f, 0x99, 0x6c, + 0x09, 0xdb, 0xd8, 0xd3, 0xf2, 0x84, 0x7e, 0xb8, 0x84, 0xcf, 0xa5, 0xf6, + 0xfe, 0xc3, 0xa2, 0x86, 0xc5, 0x08, 0xf5, 0xb7, 0xc8, 0x51, 0x25, 0x0b, + 0x7c, 0xce, 0xa4, 0xcd, 0x2f, 0xd7, 0xec, 0x78, 0x1c, 0xce, 0x4b, 0x5b, + 0x95, 0xc3, 0x88, 0xd3, 0xd9, 0x6e, 0xad, 0x9b, 0x02, 0xe8, 0x4e, 0xa5, + 0x1d, 0xc5, 0x4e, 0x44, 0xf5, 0xb2, 0x96, 0xea, 0x18, 0xb7, 0xf1, 0xfd, + 0x7f, 0x01, 0x02, 0x81, 0xf1, 0x11, 0xcf, 0xdc, 0x43, 0x9f, 0x54, 0x1a, + 0x6e, 0x57, 0x1f, 0xc1, 0xb1, 0xe2, 0x1d, 0xbf, 0x11, 0xa2, 0x09, 0xa0, + 0x82, 0x05, 0x07, 0x30, 0x82, 0x05, 0x03, 0x30, 0x82, 0x04, 0xff, 0x30, + 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x3f, 0x29, + 0x11, 0x20, 0x57, 0x71, 0xe7, 0x8e, 0xf9, 0x18, 0x0d, 0xca, 0x70, 0x4d, + 0x5b, 0x15, 0x2a, 0x43, 0xd6, 0x24, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, + 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, + 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, + 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, + 0x31, 0x33, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x5a, 0x17, 0x0d, 0x32, + 0x38, 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x31, 0x31, 0x5a, + 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, + 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xbf, 0x0c, 0xca, 0x2d, 0x14, 0xb2, 0x1e, 0x84, + 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a, 0xf2, 0x4d, 0x75, 0x10, 0xf1, 0xb6, + 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98, 0xd3, 0xac, 0xde, 0x03, 0x66, + 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e, 0x07, 0x54, 0x0b, 0x10, 0x98, + 0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7, 0xcc, 0x4f, 0xde, 0x45, 0x7d, + 0xc9, 0x72, 0x77, 0x32, 0xea, 0xca, 0x90, 0xbb, 0x69, 0x52, 0x10, 0x03, + 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1, 0x8b, 0x62, 0x56, 0x1b, 0xef, 0x67, + 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a, 0x9b, 0xe3, 0xa5, 0xc0, 0xb0, + 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8, 0xe8, 0x08, 0x2c, 0x7c, 0xed, + 0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c, 0xac, 0xc7, 0xed, 0xf2, 0x7c, + 0x95, 0xb0, 0x95, 0x82, 0x7d, 0x49, 0x5c, 0x38, 0xcd, 0x77, 0x25, 0xef, + 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c, 0x3d, 0xca, 0x63, 0x5b, 0x9f, 0x15, + 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1, 0x3c, 0xdb, 0x76, 0x3a, 0xcc, + 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda, 0x40, 0x6f, 0xd8, 0x21, 0xdc, + 0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe, 0x1a, 0xfc, 0x7d, 0xab, 0x7a, + 0x36, 0x3f, 0x98, 0xde, 0x84, 0x7c, 0x05, 0x67, 0xce, 0x6a, 0x14, 0x38, + 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68, 0xcb, 0x68, 0x7f, 0x71, 0x20, 0x2b, + 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3, 0x26, 0xd2, 0xb7, 0x6f, 0xb1, + 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe, 0x93, 0x58, 0x6f, 0xfe, 0xc3, + 0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d, 0x67, 0x00, 0x52, 0x31, 0x67, + 0x23, 0x4e, 0x98, 0xed, 0x51, 0x45, 0x1d, 0xb9, 0x04, 0xd9, 0x0b, 0xec, + 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed, 0x36, 0x79, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, 0x82, 0x01, 0x41, 0x30, 0x1d, 0x06, + 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, + 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, + 0x30, 0xe5, 0xe8, 0xd5, 0x30, 0x81, 0xd4, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, 0x27, 0x8e, 0x67, 0x11, + 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, + 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, 0x81, 0x97, 0x30, 0x81, + 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14, 0x3f, 0x29, 0x11, 0x20, 0x57, + 0x71, 0xe7, 0x8e, 0xf9, 0x18, 0x0d, 0xca, 0x70, 0x4d, 0x5b, 0x15, 0x2a, + 0x43, 0xd6, 0x24, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x0f, 0xae, 0x89, 0xd5, 0x68, 0xe4, 0x41, 0xf8, 0x9b, 0xe0, + 0xc5, 0x61, 0x06, 0x57, 0xff, 0xa0, 0x92, 0x0f, 0xb2, 0xed, 0xd3, 0x99, + 0x5b, 0x99, 0x5e, 0x32, 0x7e, 0x97, 0xc7, 0xaf, 0x6c, 0xfe, 0x8c, 0xa6, + 0xae, 0x32, 0xa1, 0x0d, 0xca, 0xcd, 0xfc, 0x18, 0xe5, 0xd1, 0xf8, 0x20, + 0x5b, 0x5a, 0x38, 0x81, 0x46, 0x5b, 0x48, 0x87, 0xa5, 0x3f, 0x3b, 0x7b, + 0xc7, 0xea, 0xf5, 0x35, 0x29, 0x31, 0x15, 0x39, 0x38, 0x5d, 0x48, 0xe6, + 0x01, 0x81, 0x5c, 0x5e, 0x7c, 0x10, 0xf5, 0x16, 0xe3, 0x59, 0xaf, 0x44, + 0xc8, 0xb5, 0x8d, 0xc1, 0x32, 0x23, 0xb3, 0xb8, 0x12, 0x6e, 0x5c, 0x8d, + 0xe6, 0xc2, 0xd2, 0x41, 0x03, 0xeb, 0x17, 0x42, 0xe2, 0x7f, 0xbc, 0x00, + 0x5d, 0xa5, 0x31, 0xef, 0xc6, 0x48, 0xee, 0xdb, 0xcc, 0xe0, 0xf1, 0x56, + 0xf5, 0xd4, 0xca, 0x45, 0xa1, 0x59, 0xb5, 0xe4, 0xd7, 0x60, 0x9c, 0x57, + 0xe0, 0xa7, 0x5a, 0xf2, 0x35, 0x1e, 0xa0, 0x22, 0xdb, 0x5e, 0x1c, 0x0c, + 0x61, 0xbd, 0xa1, 0xc5, 0x7b, 0x9f, 0x69, 0xf2, 0xd5, 0x95, 0xe2, 0xbc, + 0x52, 0xb9, 0x1d, 0x9c, 0x2c, 0xda, 0xb6, 0x73, 0x75, 0x4a, 0x84, 0xe5, + 0x94, 0xb8, 0x19, 0x4d, 0xdd, 0x70, 0xbd, 0x7f, 0x4c, 0xb9, 0x17, 0x6a, + 0x58, 0x16, 0x89, 0x22, 0x44, 0x37, 0x57, 0x55, 0x26, 0x42, 0xe3, 0xb7, + 0xe5, 0xc7, 0x2b, 0x40, 0x0c, 0xe9, 0xe4, 0x7f, 0x52, 0x75, 0xdf, 0x06, + 0xc9, 0xfb, 0x01, 0x44, 0x34, 0xac, 0x20, 0x3c, 0xb4, 0xbe, 0x2b, 0x3e, + 0xef, 0x85, 0x38, 0x96, 0x5b, 0x9b, 0x1e, 0x25, 0x86, 0x18, 0x4c, 0xa4, + 0x06, 0x70, 0x06, 0x6a, 0xc8, 0x4b, 0x6f, 0x5f, 0xc4, 0x05, 0x1f, 0x03, + 0x62, 0x30, 0x11, 0x61, 0xbc, 0xc1, 0x40, 0x31, 0x66, 0xdc, 0x64, 0xf0, + 0x4f, 0x6b, 0xb9, 0xec, 0xc8, 0x29, +}; + unsigned char ocsp_responder_cert_pem[] = { 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, @@ -1646,37 +1960,37 @@ 0x82, 0x01, 0x92, 0x30, 0x82, 0x01, 0x8e, 0x30, 0x7a, 0xa2, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x18, 0x0f, 0x32, - 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, - 0x34, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, + 0x30, 0x32, 0x36, 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, + 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, - 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, - 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x34, 0x5a, 0x30, + 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x36, + 0x30, 0x32, 0x32, 0x34, 0x32, 0x31, 0x34, 0x32, 0x30, 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x8a, 0x57, 0x27, 0xd9, 0x0b, 0x43, 0xe2, - 0x38, 0x39, 0x8e, 0x8d, 0xa4, 0x00, 0x93, 0xbc, 0x55, 0xbd, 0x95, 0x8e, - 0xbc, 0x4a, 0x10, 0x36, 0xde, 0xff, 0x9d, 0x87, 0x9c, 0xee, 0x69, 0xa8, - 0x3d, 0x7c, 0x16, 0x8d, 0x43, 0xec, 0x40, 0x64, 0x11, 0x4b, 0x92, 0x62, - 0xfd, 0xa9, 0x19, 0xac, 0xeb, 0xa5, 0x84, 0x88, 0xab, 0x16, 0x94, 0xb2, - 0x2e, 0x69, 0xd7, 0x02, 0x27, 0xf0, 0x4a, 0x81, 0xd2, 0xee, 0x74, 0x66, - 0x14, 0x88, 0xb3, 0xf5, 0x55, 0xc6, 0x4b, 0xdb, 0x63, 0xad, 0x45, 0x39, - 0x3d, 0x68, 0x54, 0x13, 0x97, 0x66, 0xc6, 0x78, 0xad, 0xa2, 0x97, 0xd4, - 0xc5, 0xea, 0xf5, 0x2d, 0xfd, 0x53, 0xf4, 0x91, 0x9c, 0x5e, 0xeb, 0x52, - 0x83, 0x6d, 0x84, 0x7a, 0x6c, 0x1c, 0xaa, 0x7a, 0x89, 0xf5, 0xfb, 0x4b, - 0x4e, 0xe4, 0xc9, 0x7c, 0x6f, 0xa8, 0x8b, 0x40, 0xc7, 0xf0, 0x52, 0x4a, - 0xca, 0xf4, 0x4d, 0x6d, 0x2d, 0x16, 0x60, 0x3c, 0xcf, 0xcd, 0xa3, 0x32, - 0xc1, 0x38, 0x97, 0x0d, 0x37, 0x95, 0x6d, 0x57, 0x21, 0x83, 0xf0, 0x92, - 0x43, 0x76, 0x09, 0x21, 0x3c, 0x6b, 0xcc, 0xdb, 0xe0, 0x4b, 0x89, 0xc5, - 0x95, 0x00, 0xe2, 0xab, 0xe3, 0xaa, 0x1e, 0x5f, 0x45, 0x2e, 0xec, 0x19, - 0xe9, 0x4a, 0x55, 0x5e, 0xd6, 0x17, 0xed, 0xed, 0x8a, 0x24, 0x23, 0x4d, - 0x73, 0x17, 0x79, 0x1f, 0xe6, 0x73, 0x94, 0xe8, 0x74, 0x0e, 0xcb, 0xe9, - 0x8e, 0xc7, 0xf8, 0x2b, 0xdd, 0xc6, 0x3d, 0xd2, 0xda, 0x48, 0x92, 0x47, - 0x17, 0x01, 0x36, 0xbf, 0xd5, 0x5e, 0x1f, 0x00, 0x04, 0x3e, 0x7d, 0xe4, - 0xcf, 0x1a, 0x2b, 0x18, 0x07, 0x9e, 0x3e, 0x17, 0x08, 0x56, 0x78, 0x36, - 0x93, 0x95, 0x14, 0x1c, 0x9a, 0x71, 0xc7, 0xd3, 0x5a, 0x6e, 0x21, 0x85, - 0xb8, 0x14, 0x3b, 0x73, 0xa7, 0x90, 0xad, 0xd5, 0x53, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x01, 0x8b, 0x06, 0xc9, 0x4f, 0x6c, 0x1d, + 0xc4, 0x4e, 0x1a, 0xc6, 0xd2, 0xbc, 0x6b, 0xbe, 0x3f, 0x9d, 0x73, 0x0c, + 0xbd, 0x3a, 0x82, 0xc0, 0xed, 0xdf, 0x70, 0xaf, 0x00, 0x7d, 0xdd, 0x53, + 0xdd, 0x48, 0xd0, 0x6d, 0xcb, 0xec, 0xd6, 0x31, 0x08, 0x03, 0x3b, 0xcf, + 0x82, 0xce, 0x28, 0x9c, 0x2f, 0xc6, 0x19, 0x48, 0x75, 0xe4, 0xa7, 0xce, + 0x7d, 0x6f, 0xb0, 0x10, 0xb4, 0xc0, 0xbd, 0x1d, 0xe1, 0x9c, 0x57, 0xbc, + 0xff, 0xbf, 0x33, 0x42, 0x0b, 0xea, 0xb4, 0x17, 0x9a, 0x47, 0x5b, 0x3b, + 0xf5, 0xbf, 0xdc, 0x2d, 0xb5, 0xc6, 0xb1, 0xa5, 0xfd, 0x31, 0xaf, 0xe4, + 0x6d, 0xdd, 0xe0, 0x8c, 0x7b, 0x70, 0xe3, 0xcc, 0x59, 0x77, 0xb3, 0x38, + 0x7e, 0x0a, 0xf0, 0xbc, 0x08, 0x86, 0x37, 0xcf, 0x28, 0xa8, 0x07, 0xe8, + 0xae, 0x5c, 0x0d, 0xa5, 0x21, 0x0c, 0xdb, 0xa8, 0x8b, 0x9e, 0x73, 0x77, + 0xf8, 0x0d, 0x05, 0x21, 0xec, 0x4a, 0xf9, 0xb3, 0x71, 0xcd, 0x4b, 0xc9, + 0x5a, 0x22, 0xd4, 0x53, 0x0b, 0xac, 0x28, 0x8e, 0x12, 0x6c, 0x73, 0xe9, + 0x65, 0x53, 0xc8, 0x0e, 0xac, 0x39, 0x7e, 0xd0, 0x77, 0xaf, 0x82, 0xfe, + 0xa4, 0xf2, 0x85, 0xb3, 0x10, 0x73, 0xde, 0x5d, 0xe6, 0xf0, 0xb6, 0xb9, + 0x8c, 0x23, 0x35, 0xcc, 0x5f, 0x29, 0x42, 0x13, 0xd8, 0x72, 0x6f, 0xc2, + 0xf6, 0x10, 0x56, 0xb5, 0x27, 0xe8, 0xd2, 0x2b, 0x15, 0x5f, 0x4e, 0x8e, + 0xa2, 0x19, 0xba, 0x78, 0x0a, 0xa4, 0x24, 0xad, 0xe5, 0x79, 0x72, 0x18, + 0xac, 0xa5, 0xa4, 0x63, 0x0d, 0x33, 0xa3, 0x0c, 0xc0, 0xbb, 0xcd, 0x15, + 0x92, 0x7d, 0xa7, 0x4e, 0xd1, 0x89, 0xb7, 0x00, 0xde, 0x49, 0x48, 0x0d, + 0x28, 0xf1, 0xf1, 0xd8, 0x9c, 0xc3, 0xfa, 0xe8, 0x22, 0xd9, 0x75, 0x9c, + 0x0f, 0xfe, 0x80, 0x7e, 0xbb, 0x68, 0x70, 0x7f, 0x6c, }; #endif /* OCSP_TEST_BLOBS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_asn1.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -870,6 +870,37 @@ s.objSz = sizeof(der); ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); ASN1_OBJECT_free(a); + a = NULL; + ASN1_OBJECT_free(&s); + + /* Test dup copies pathlen when set */ + XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); + s.type = NID_basic_constraints; + s.ca = 1; + s.pathlen = wolfSSL_ASN1_INTEGER_new(); + ExpectNotNull(s.pathlen); + if (s.pathlen != NULL) { + s.pathlen->length = 5; + } + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + if (a != NULL) { + ExpectIntEQ(a->ca, 1); + ExpectNotNull(a->pathlen); + if (a->pathlen != NULL) { + ExpectIntEQ(a->pathlen->length, 5); + } + } + ASN1_OBJECT_free(a); + a = NULL; + + /* Test dup with NULL pathlen leaves it NULL */ + wolfSSL_ASN1_INTEGER_free(s.pathlen); + s.pathlen = NULL; + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + if (a != NULL) { + ExpectNull(a->pathlen); + } + ASN1_OBJECT_free(a); ASN1_OBJECT_free(&s); #endif /* OPENSSL_EXTRA */ return EXPECT_RESULT(); @@ -1195,7 +1226,8 @@ ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); - ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0); + ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), + 0); a = NULL; /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */ @@ -1269,9 +1301,12 @@ ExpectNotNull(canon = ASN1_STRING_new()); /* Invalid parameter testing. */ - ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); @@ -1622,9 +1657,12 @@ ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1); /* Invalid parameters testing. */ - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1); ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_asn1.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_asn1.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_bio.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,7 +58,8 @@ /* try with bad args */ ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); #ifdef OPENSSL_ALL - ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif /* try with real msg */ @@ -594,7 +595,8 @@ int test_wolfSSL_BIO_datagram(void) { EXPECT_DECLS; -#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) +#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && \ + defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) int ret; SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID; WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; @@ -636,7 +638,8 @@ sin1.sin_port = 0; slen = (socklen_t)sizeof(sin1); ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0); - ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, + (const char *)&timeout, sizeof(timeout)), 0); ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0); } @@ -646,7 +649,8 @@ sin2.sin_port = 0; slen = (socklen_t)sizeof(sin2); ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0); - ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, + (const char *)&timeout, sizeof(timeout)), 0); ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); } @@ -661,15 +665,19 @@ } if (EXPECT_SUCCESS()) { - /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */ + /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs + * must work right. */ XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, + bio_addr2), WOLFSSL_SUCCESS); wolfSSL_BIO_ADDR_clear(bio_addr2); } test_msg_recvd[0] = 0; - ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); - ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), + (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), + (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); #ifdef WOLFSSL_BIO_HAVE_FLOW_STATS @@ -682,58 +690,76 @@ */ test_msg_recvd[0] = 0; - ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); - ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), + (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), + (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); - ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), + WOLFSSL_BIO_ERROR); ExpectIntNE(BIO_should_retry(bio1), 0); - ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), + WOLFSSL_BIO_ERROR); ExpectIntNE(BIO_should_retry(bio2), 0); /* now "connect" the sockets. */ - ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); - ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, + (socklen_t)sizeof(sin2)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, + (socklen_t)sizeof(sin1)), 0); if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, + bio_addr2), WOLFSSL_SUCCESS); wolfSSL_BIO_ADDR_clear(bio_addr2); } if (EXPECT_SUCCESS()) { XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, + bio_addr1), WOLFSSL_SUCCESS); wolfSSL_BIO_ADDR_clear(bio_addr1); } test_msg_recvd[0] = 0; - ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); - ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), + (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), + (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); test_msg_recvd[0] = 0; - ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); - ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), + (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), + (int)sizeof(test_msg)); ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); #ifdef __linux__ /* now "disconnect" the sockets and attempt transmits expected to fail. */ sin1.sin_family = AF_UNSPEC; - ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); - ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, + (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, + (socklen_t)sizeof(sin1)), 0); sin1.sin_family = AF_INET; - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, + NULL), WOLFSSL_SUCCESS); if (EXPECT_SUCCESS()) { - sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ + /* 192.168.192.168 -- invalid for loopback interface. */ + sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); - ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, + bio_addr2), WOLFSSL_SUCCESS); wolfSSL_BIO_ADDR_clear(bio_addr2); } @@ -796,7 +822,8 @@ (void)args; - AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0); + AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, + wolfSSLPort), 0); clientBio = BIO_new_connect(connectAddr); AssertNotNull(clientBio); AssertIntEQ(BIO_do_connect(clientBio), 1); @@ -804,7 +831,8 @@ AssertNotNull(ctx); sslClient = SSL_new(ctx); AssertNotNull(sslClient); - AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), + WOLFSSL_SUCCESS); SSL_set_bio(sslClient, clientBio, clientBio); AssertIntEQ(SSL_connect(sslClient), 1); @@ -1155,6 +1183,500 @@ #endif return EXPECT_RESULT(); } + +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) +static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, + long argl, long ret) +{ + (void)bio; + (void)cmd; + (void)argp; + (void)argi; + (void)argl; + return ret; +} +#endif + +int test_wolfSSL_BIO(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + const unsigned char* p = NULL; + byte buff[20]; + BIO* bio1 = NULL; + BIO* bio2 = NULL; + BIO* bio3 = NULL; + char* bufPt = NULL; + int i; + + for (i = 0; i < 20; i++) { + buff[i] = i; + } + /* test BIO_free with NULL */ + ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Creating and testing type BIO_s_bio */ + ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); + ExpectNotNull(bio2 = BIO_new(BIO_s_bio())); + ExpectNotNull(bio3 = BIO_new(BIO_s_bio())); + + /* read/write before set up */ + ExpectIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); + ExpectIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); + + ExpectIntEQ(BIO_set_nbio(bio1, 1), 1); + ExpectIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); + + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); + ExpectNotNull(XMEMCPY(bufPt, buff, 10)); + ExpectIntEQ(BIO_write(bio1, buff + 10, 10), 10); + /* write buffer full */ + ExpectIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); + ExpectIntEQ((int)BIO_ctrl_pending(bio1), 0); + + /* write the other direction with pair */ + ExpectIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); + ExpectNotNull(XMEMCPY(bufPt, buff, 8)); + ExpectIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); + + /* try read */ + ExpectIntEQ((int)BIO_ctrl_pending(bio1), 8); + ExpectIntEQ((int)BIO_ctrl_pending(bio2), 20); + + /* try read using ctrl function */ + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8); + ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); + ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20); + + ExpectIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); + for (i = 0; i < 20; i++) { + ExpectIntEQ((int)bufPt[i], i); + } + ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0); + ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); + for (i = 0; i < 8; i++) { + ExpectIntEQ((int)bufPt[i], i); + } + ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0); + ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1); + + /* new pair */ + ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio2); /* free bio2 and automatically remove from pair */ + bio2 = NULL; + ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0); + + /* test wrap around... */ + ExpectIntEQ(BIO_reset(bio1), 1); + ExpectIntEQ(BIO_reset(bio3), 1); + + /* fill write buffer, read only small amount then write again */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 4), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], i); + } + + /* try writing over read index */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); + ExpectNotNull(XMEMSET(bufPt, 0, 4)); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 20); + + /* read and write 0 bytes */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); + + /* should read only to end of write buffer then need to read again */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 20), 16); + for (i = 0; i < 16; i++) { + ExpectIntEQ(bufPt[i], buff[4 + i]); + } + + ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], 0); + } + + /* read index should not have advanced with nread0 */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 5), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], 0); + } + + /* write and fill up buffer checking reset of index state */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + + /* test reset on data in bio1 write buffer */ + ExpectIntEQ(BIO_reset(bio1), 1); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); + ExpectNotNull(p); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 6), 6); + for (i = 0; i < 6; i++) { + ExpectIntEQ(bufPt[i], i); + } + + /* test case of writing twice with offset read index */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 1), 1); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + + BIO_free(bio1); + bio1 = NULL; + BIO_free(bio3); + bio3 = NULL; + + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + { + BIO* bioA = NULL; + BIO* bioB = NULL; + ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); + BIO_free(bioA); + bioA = NULL; + BIO_free(bioB); + bioB = NULL; + } + #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + + /* BIOs with file pointers */ + #if !defined(NO_FILESYSTEM) + { + XFILE f1 = XBADFILE; + XFILE f2 = XBADFILE; + BIO* f_bio1 = NULL; + BIO* f_bio2 = NULL; + unsigned char cert[300]; + char testFile[] = "tests/bio_write_test.txt"; + char msg[] = "bio_write_test.txt contains the first 300 bytes of " + "certs/server-cert.pem\n" + "created by tests/unit.test\n\n"; + + ExpectNotNull(f_bio1 = BIO_new(BIO_s_file())); + ExpectNotNull(f_bio2 = BIO_new(BIO_s_file())); + + /* Failure due to wrong BIO type */ + ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); + ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); + + ExpectTrue((f1 = XFOPEN(svrCertFile, "rb+")) != XBADFILE); + ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_write_filename(f_bio2, testFile), + WOLFSSL_SUCCESS); + + ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); + ExpectIntEQ(BIO_tell(f_bio1),sizeof(cert)); + ExpectIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); + ExpectIntEQ(BIO_tell(f_bio2),sizeof(msg)); + ExpectIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); + ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg)); + + ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_reset(f_bio2), 1); + ExpectIntEQ(BIO_tell(NULL),-1); + ExpectIntEQ(BIO_tell(f_bio2),0); + ExpectIntEQ(BIO_seek(f_bio2, 4), 0); + ExpectIntEQ(BIO_tell(f_bio2),4); + + BIO_free(f_bio1); + f_bio1 = NULL; + BIO_free(f_bio2); + f_bio2 = NULL; + + ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rb+")); + ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); + ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); + BIO_free(f_bio1); + f_bio1 = NULL; + } + #endif /* !defined(NO_FILESYSTEM) */ + + /* BIO info callback */ + { + const char* testArg = "test"; + BIO* cb_bio = NULL; + ExpectNotNull(cb_bio = BIO_new(BIO_s_mem())); + + BIO_set_callback(cb_bio, bioCallback); + ExpectNotNull(BIO_get_callback(cb_bio)); + BIO_set_callback(cb_bio, NULL); + ExpectNull(BIO_get_callback(cb_bio)); + + BIO_set_callback_arg(cb_bio, (char*)testArg); + ExpectStrEQ(BIO_get_callback_arg(cb_bio), testArg); + ExpectNull(BIO_get_callback_arg(NULL)); + + BIO_free(cb_bio); + cb_bio = NULL; + } + + /* BIO_vfree */ + ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); + BIO_vfree(NULL); + BIO_vfree(bio1); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_BIO_ring_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_BIO) + BIO* bio1 = NULL; + BIO* bio2 = NULL; + byte data[50]; + byte tmp[50]; + + XMEMSET(data, 42, sizeof(data)); + + + ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)), + SSL_SUCCESS); + + ExpectIntEQ(BIO_write(bio1, data, 40), 40); + ExpectIntEQ(BIO_read(bio1, tmp, 20), -1); + ExpectIntEQ(BIO_read(bio2, tmp, 20), 20); + ExpectBufEQ(tmp, data, 20); + ExpectIntEQ(BIO_write(bio1, data, 20), 20); + ExpectIntEQ(BIO_read(bio2, tmp, 40), 40); + ExpectBufEQ(tmp, data, 40); + + BIO_free(bio1); + BIO_free(bio2); +#endif + return EXPECT_RESULT(); +} + +/* Custom BIO backing store for test_wolfSSL_BIO_custom_method */ +#if defined(OPENSSL_EXTRA) + +static int custom_bio_destroyCalled = 0; + +struct custom_bio_data { + char buf[256]; + int len; + byte createCalled:1; + byte writeCalled:1; + byte readCalled:1; + byte putsCalled:1; + byte getsCalled:1; + byte ctrlCalled:1; +}; + +static int custom_bio_createCb(WOLFSSL_BIO* bio) +{ + struct custom_bio_data* data; + data = (struct custom_bio_data*)XMALLOC(sizeof(*data), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (data == NULL) + return 0; + XMEMSET(data, 0, sizeof(*data)); + data->createCalled = 1; + BIO_set_data(bio, data); + BIO_set_init(bio, 1); + return 1; +} + +static int custom_bio_destroyCb(WOLFSSL_BIO* bio) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + if (data != NULL) { + custom_bio_destroyCalled = 1; + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + BIO_set_data(bio, NULL); + return 1; +} + +static int custom_bio_writeCb(WOLFSSL_BIO* bio, const char* in, int len) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + int avail; + if (data == NULL || in == NULL || len <= 0) + return -1; + data->writeCalled = 1; + avail = (int)sizeof(data->buf) - data->len; + if (len > avail) + len = avail; + XMEMCPY(data->buf + data->len, in, (size_t)len); + data->len += len; + return len; +} + +static int custom_bio_readCb(WOLFSSL_BIO* bio, char* out, int len) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + if (data == NULL || out == NULL || len <= 0) + return -1; + data->readCalled = 1; + if (data->len == 0) + return 0; + if (len > data->len) + len = data->len; + XMEMCPY(out, data->buf, (size_t)len); + /* shift remaining data */ + data->len -= len; + if (data->len > 0) + XMEMMOVE(data->buf, data->buf + len, (size_t)data->len); + return len; +} + +static int custom_bio_putsCb(WOLFSSL_BIO* bio, const char* str) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + if (str == NULL || data == NULL) + return -1; + data->putsCalled = 1; + return custom_bio_writeCb(bio, str, (int)XSTRLEN(str)); +} + +static int custom_bio_getsCb(WOLFSSL_BIO* bio, char* buf, int sz) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + int i; + int readLen; + if (data == NULL || buf == NULL || sz <= 1) + return -1; + data->getsCalled = 1; + if (data->len == 0) + return 0; + /* read up to newline or sz-1 bytes */ + readLen = (sz - 1 < data->len) ? sz - 1 : data->len; + for (i = 0; i < readLen; i++) { + buf[i] = data->buf[i]; + if (data->buf[i] == '\n') { + i++; + break; + } + } + buf[i] = '\0'; + /* shift remaining data */ + data->len -= i; + if (data->len > 0) + XMEMMOVE(data->buf, data->buf + i, (size_t)data->len); + return i; +} + +static long custom_bio_ctrlCb(WOLFSSL_BIO* bio, int cmd, long larg, void* parg) +{ + struct custom_bio_data* data = (struct custom_bio_data*)BIO_get_data(bio); + (void)larg; + if (data == NULL) + return -1; + data->ctrlCalled = 1; + switch (cmd) { + case BIO_CTRL_PENDING: + return (long)data->len; + case BIO_CTRL_RESET: + data->len = 0; + return WOLFSSL_SUCCESS; + case BIO_CTRL_FLUSH: + return 1; + case BIO_CTRL_INFO: + if (parg != NULL) + *(char**)parg = data->buf; + return (long)data->len; + default: + return 0; + } +} + +#endif /* OPENSSL_EXTRA */ + +int test_wolfSSL_BIO_custom_method(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + BIO_METHOD* method = NULL; + BIO* bio = NULL; + struct custom_bio_data* data = NULL; + char buf[256]; + char* memPtr = NULL; + + /* Create custom method and set all callbacks */ + ExpectNotNull(method = BIO_meth_new(WOLFSSL_BIO_UNDEF, "custom_test")); + ExpectIntEQ(BIO_meth_set_create(method, custom_bio_createCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_destroy(method, custom_bio_destroyCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_write(method, custom_bio_writeCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_read(method, custom_bio_readCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_puts(method, custom_bio_putsCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_gets(method, custom_bio_getsCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_meth_set_ctrl(method, custom_bio_ctrlCb), + WOLFSSL_SUCCESS); + + /* Create BIO - should invoke createCb */ + ExpectNotNull(bio = BIO_new(method)); + ExpectNotNull(data = (struct custom_bio_data*)BIO_get_data(bio)); + ExpectTrue(data->createCalled); + + /* write */ + ExpectIntEQ(BIO_write(bio, "hello", 5), 5); + ExpectTrue(data->writeCalled); + + /* ctrl_pending via ctrlCb */ + ExpectIntEQ((int)BIO_ctrl_pending(bio), 5); + ExpectTrue(data->ctrlCalled); + + /* read */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(BIO_read(bio, buf, 5), 5); + ExpectBufEQ(buf, "hello", 5); + ExpectTrue(data->readCalled); + ExpectIntEQ((int)BIO_ctrl_pending(bio), 0); + + /* puts */ + ExpectIntEQ(BIO_puts(bio, "world\nfoo"), 9); + ExpectTrue(data->putsCalled); + ExpectIntEQ((int)BIO_ctrl_pending(bio), 9); + + /* gets - should read up to and including first newline */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(BIO_gets(bio, buf, (int)sizeof(buf)), 6); + ExpectStrEQ(buf, "world\n"); + ExpectTrue(data->getsCalled); + ExpectIntEQ((int)BIO_ctrl_pending(bio), 3); + + /* get_mem_data via BIO_CTRL_INFO */ + ExpectIntEQ(BIO_get_mem_data(bio, &memPtr), 3); + ExpectNotNull(memPtr); + + /* reset via ctrlCb */ + ExpectIntEQ(BIO_reset(bio), WOLFSSL_SUCCESS); + ExpectIntEQ((int)BIO_ctrl_pending(bio), 0); + + /* free - should invoke destroyCb */ + custom_bio_destroyCalled = 0; + BIO_free(bio); + ExpectTrue(custom_bio_destroyCalled); + BIO_meth_free(method); +#endif + return EXPECT_RESULT(); +} #endif /* !NO_BIO */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bio.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_bio.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,6 +40,9 @@ int test_wolfSSL_BIO_up_ref(void); int test_wolfSSL_BIO_reset(void); int test_wolfSSL_BIO_get_len(void); +int test_wolfSSL_BIO(void); +int test_wolfSSL_BIO_BIO_ring_read(void); +int test_wolfSSL_BIO_custom_method(void); #define TEST_OSSL_BIO_DECLS \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_gets), \ @@ -52,7 +55,10 @@ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_f_md), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_up_ref), \ TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_reset), \ - TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_len) + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_len), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_BIO_ring_read), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_custom_method) #define TEST_OSSL_BIO_TLS_DECLS \ TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_connect), \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_bn.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -217,14 +217,16 @@ ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS); /* a^b mod c = */ - ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS); /* check result 3^2 mod 5 */ ExpectIntEQ(BN_get_word(&dv), 4); /* a*b mod c = */ - ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS); /* check result 3*2 mod 5 */ @@ -1027,7 +1029,8 @@ EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) -#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA)) +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ + !defined(NO_DSA)) BIGNUM* a = NULL; BIGNUM* add = NULL; BIGNUM* rem = NULL; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_bn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_bn.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_cipher.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_cipher.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_cipher.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dgst.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -161,8 +161,10 @@ ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0); ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init MD5 CTX */ ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1); @@ -359,8 +361,10 @@ ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0); ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init SHA CTX */ ExpectIntEQ(SHA_Init(&sha.compat), 1); @@ -500,8 +504,10 @@ ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0); ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init SHA256 CTX */ ExpectIntEQ(SHA256_Init(&sha256.compat), 1); @@ -574,8 +580,10 @@ ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0); ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init SHA512 CTX */ ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1); @@ -584,8 +592,8 @@ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); - ExpectIntEQ(XMEMCMP(sha512.native.digest, output1, - WC_SHA512_DIGEST_SIZE), 0); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output1, WC_SHA512_DIGEST_SIZE), + 0); ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ /* Init SHA512 CTX */ @@ -594,8 +602,8 @@ XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); XMEMCPY(local, input2, sLen); ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); - ExpectIntEQ(XMEMCMP(sha512.native.digest, output2, - WC_SHA512_DIGEST_SIZE), 0); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output2, WC_SHA512_DIGEST_SIZE), + 0); ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ (void)input1; @@ -643,10 +651,12 @@ ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0); ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0); - ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init SHA512 CTX */ ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1); @@ -716,10 +726,12 @@ ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0); ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0); ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0); - ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Init SHA512 CTX */ ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dgst.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dgst.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dh.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,7 +41,8 @@ int test_DSA_do_sign_verify(void) { EXPECT_DECLS; -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && \ + !defined(WC_FIPS_186_5_PLUS) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) unsigned char digest[WC_SHA_DIGEST_SIZE]; @@ -88,7 +89,7 @@ DSA_SIG_free(sig); DSA_free(dsa); #endif -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ +#endif /* !HAVE_SELFTEST && !HAVE_FIPS && !WC_FIPS_186_5_PLUS */ return EXPECT_RESULT(); } @@ -110,7 +111,7 @@ { EXPECT_DECLS; #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_FIPS) && defined(OPENSSL_ALL) + !defined(HAVE_FIPS) && !defined(WC_FIPS_186_5_PLUS) && defined(OPENSSL_ALL) DSA *dsa = NULL; DSA *dsa2 = NULL; DSA_SIG *sig = NULL; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_dsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_ec.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -314,6 +314,7 @@ EC_POINT* set_point = NULL; EC_POINT* get_point = NULL; EC_POINT* infinity = NULL; + EC_POINT* dup_point = NULL; BIGNUM* k = NULL; BIGNUM* Gx = NULL; BIGNUM* Gy = NULL; @@ -475,8 +476,7 @@ /* check if point X coordinate is zero */ ExpectIntEQ(BN_is_zero(new_point->X), 0); -#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) ExpectIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1); #endif @@ -507,6 +507,12 @@ ExpectIntEQ(EC_POINT_copy(new_point, NULL), 0); ExpectIntEQ(EC_POINT_copy(new_point, set_point), 1); + /* Test duplicating */ + ExpectNull(EC_POINT_dup(NULL, group)); + ExpectNull(EC_POINT_dup(set_point, NULL)); + ExpectNotNull(dup_point = EC_POINT_dup(set_point, group)); + ExpectIntEQ(EC_POINT_cmp(group, dup_point, set_point, ctx), 0); + /* Test inverting */ ExpectIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0); ExpectIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0); @@ -526,6 +532,12 @@ ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point, NULL), 1); ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0); + /* dup_point equals set_point so let's test with that too */ + ExpectIntEQ(EC_POINT_add(group, orig_point, dup_point, dup_point, NULL), + 1); + ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point, + NULL), 1); + ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0); EC_POINT_free(orig_point); } #endif @@ -610,7 +622,7 @@ hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); ExpectNotNull(hexStr); ExpectStrEQ(hexStr, compG); - #ifdef HAVE_COMP_KEY + #if defined(HAVE_COMP_KEY) && !defined(HAVE_SELFTEST) ExpectNotNull(get_point = EC_POINT_hex2point (group, hexStr, get_point, ctx)); ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0); @@ -769,6 +781,7 @@ BN_free(k); BN_free(set_point_bn); EC_POINT_free(infinity); + EC_POINT_free(dup_point); EC_POINT_free(new_point); EC_POINT_free(set_point); EC_POINT_clear_free(Gxy); @@ -1345,12 +1358,15 @@ EC_KEY* key = NULL; /* Bad file pointer. */ - ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); /* NULL key. */ - ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1))); /* Negative indent. */ - ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ec.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_ec.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_ecx.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_ecx.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_ecx.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_mac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_mac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_mac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,465 @@ +/* test_ossl_obj.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +#if defined(OPENSSL_EXTRA) +static void obj_name_t(const OBJ_NAME* nm, void* arg) +{ + (void)arg; + (void)nm; + + AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF); + +#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) + /* print to stderr */ + AssertNotNull(arg); + + BIO *bio = BIO_new(BIO_s_file()); + BIO_set_fp(bio, arg, BIO_NOCLOSE); + BIO_printf(bio, "%s\n", nm); + BIO_free(bio); +#endif +} + +#endif +int test_OBJ_NAME_do_all(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); + + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr); + + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr); + OBJ_NAME_do_all(-1, obj_name_t, stderr); + + res = TEST_SUCCESS; +#endif + + return res; +} + +int test_wolfSSL_OBJ(void) +{ +/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS + * mode + */ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \ + !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ + defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + ASN1_OBJECT *obj = NULL; + ASN1_OBJECT *obj2 = NULL; + char buf[50]; + + XFILE fp = XBADFILE; + X509 *x509 = NULL; + X509_NAME *x509Name = NULL; + X509_NAME_ENTRY *x509NameEntry = NULL; + ASN1_OBJECT *asn1Name = NULL; + int numNames = 0; + BIO *bio = NULL; + int nid; + int i, j; + const char *f[] = { + #ifndef NO_RSA + "./certs/ca-cert.der", + #endif + #ifdef HAVE_ECC + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc384-cert.der", + #endif + NULL}; + ASN1_OBJECT *field_name_obj = NULL; + int lastpos = -1; + int tmp = -1; + ASN1_STRING *asn1 = NULL; + unsigned char *buf_dyn = NULL; + + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); + ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy); + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + + ExpectNotNull(obj = OBJ_nid2obj(NID_sha256)); + ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256); + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); +#ifdef WOLFSSL_CERT_EXT + ExpectIntEQ(OBJ_txt2nid(buf), NID_sha256); +#endif + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ExpectNotNull(obj2 = OBJ_dup(obj)); + ExpectIntEQ(OBJ_cmp(obj, obj2), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + ASN1_OBJECT_free(obj2); + obj2 = NULL; + + for (i = 0; f[i] != NULL; i++) + { + ExpectTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE); + ExpectNotNull(x509 = d2i_X509_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectNotNull(x509Name = X509_get_issuer_name(x509)); + ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); + + /* Get the Common Name by using OBJ_txt2obj */ + ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0)); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0), + WOLFSSL_FATAL_ERROR); + do + { + lastpos = tmp; + tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos); + } while (tmp > -1); + ExpectIntNE(lastpos, -1); + ASN1_OBJECT_free(field_name_obj); + field_name_obj = NULL; + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos)); + ExpectNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry)); + ExpectIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0); + /* + * All Common Names should be www.wolfssl.com + * This makes testing easier as we can test for the expected value. + */ + ExpectStrEQ((char*)buf_dyn, "www.wolfssl.com"); + OPENSSL_free(buf_dyn); + buf_dyn = NULL; + bio = BIO_new(BIO_s_mem()); + ExpectTrue(bio != NULL); + for (j = 0; j < numNames; j++) + { + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); + ExpectNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); + ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); + } + BIO_free(bio); + bio = NULL; + X509_free(x509); + x509 = NULL; + + } + +#ifdef HAVE_PKCS12 + { + PKCS12 *p12 = NULL; + int boolRet; + EVP_PKEY *pkey = NULL; + const char *p12_f[] = { + /* bundle uses AES-CBC 256 and PKCS7 key uses DES3 */ + #if !defined(NO_DES3) && defined(WOLFSSL_AES_256) && !defined(NO_RSA) + "./certs/test-servercert.p12", + #endif + NULL + }; + + for (i = 0; p12_f[i] != NULL; i++) + { + ExpectTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE); + ExpectNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", + &pkey, &x509, NULL)) > 0); + wc_PKCS12_free(p12); + p12 = NULL; + EVP_PKEY_free(pkey); + x509Name = X509_get_issuer_name(x509); + ExpectNotNull(x509Name); + ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); + ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL); + for (j = 0; j < numNames; j++) + { + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); + ExpectNotNull(asn1Name = + X509_NAME_ENTRY_get_object(x509NameEntry)); + ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); + } + BIO_free(bio); + bio = NULL; + X509_free(x509); + x509 = NULL; + } + } +#endif /* HAVE_PKCS12 */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_OBJ_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) + ASN1_OBJECT *obj = NULL; + ASN1_OBJECT *obj2 = NULL; + + ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); + ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256)); + + ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, obj), 0); + ExpectIntEQ(OBJ_cmp(obj2, obj2), 0); + + ASN1_OBJECT_free(obj); + ASN1_OBJECT_free(obj2); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_OBJ_txt2nid(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_APACHE_HTTPD) + int i; + static const struct { + const char* sn; + const char* ln; + const char* oid; + int nid; + } testVals[] = { +#ifdef WOLFSSL_APACHE_HTTPD + { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature }, + { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7", + NID_id_on_dnsSRV }, + { "msUPN", "Microsoft User Principal Name", + "1.3.6.1.4.1.311.20.2.3", NID_ms_upn }, +#endif + { NULL, NULL, NULL, NID_undef } + }; + + /* Invalid cases */ + ExpectIntEQ(OBJ_txt2nid(NULL), NID_undef); + ExpectIntEQ(OBJ_txt2nid("Bad name"), NID_undef); + + /* Valid cases */ + for (i = 0; testVals[i].sn != NULL; i++) { + ExpectIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid); + ExpectIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid); + ExpectIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_OBJ_txt2obj(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) + int i; + char buf[50]; + ASN1_OBJECT* obj = NULL; + static const struct { + const char* oidStr; + const char* sn; + const char* ln; + } objs_list[] = { + #if defined(WOLFSSL_APACHE_HTTPD) + { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" }, + { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" }, + #endif + { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"}, + { NULL, NULL, NULL } + }; + static const struct { + const char* numeric; + const char* name; + } objs_named[] = { + /* In dictionary but not in normal list. */ + { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, + /* Made up OID. */ + { "1.3.5.7", "1.3.5.7" }, + { NULL, NULL } + }; + + ExpectNull(obj = OBJ_txt2obj("Bad name", 0)); + ASN1_OBJECT_free(obj); + obj = NULL; + ExpectNull(obj = OBJ_txt2obj(NULL, 0)); + ASN1_OBJECT_free(obj); + obj = NULL; + + for (i = 0; objs_list[i].oidStr != NULL; i++) { + /* Test numerical value of oid (oidStr) */ + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test short name (sn) */ + ExpectNull(obj = OBJ_txt2obj(objs_list[i].sn, 1)); + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test long name (ln) - should fail when no_name = 1 */ + ExpectNull(obj = OBJ_txt2obj(objs_list[i].ln, 1)); + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + } + + for (i = 0; objs_named[i].numeric != NULL; i++) { + ExpectNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1)); + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0); + ExpectIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0); + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_OBJ_ln(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + const int nid_set[] = { + NID_commonName, + NID_serialNumber, + NID_countryName, + NID_localityName, + NID_stateOrProvinceName, + NID_organizationName, + NID_organizationalUnitName, + NID_domainComponent, + NID_businessCategory, + NID_jurisdictionCountryName, + NID_jurisdictionStateOrProvinceName, + NID_emailAddress + }; + const char* ln_set[] = { + "commonName", + "serialNumber", + "countryName", + "localityName", + "stateOrProvinceName", + "organizationName", + "organizationalUnitName", + "domainComponent", + "businessCategory", + "jurisdictionCountryName", + "jurisdictionStateOrProvinceName", + "emailAddress", + }; + size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); + + ExpectIntEQ(OBJ_ln2nid(NULL), NID_undef); + +#ifdef HAVE_ECC +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + EC_builtin_curve r[27]; + size_t nCurves = sizeof(r) / sizeof(r[0]); + nCurves = EC_get_builtin_curves(r, nCurves); + + for (i = 0; i < nCurves; i++) { + /* skip ECC_CURVE_INVALID */ + if (r[i].nid != ECC_CURVE_INVALID) { + ExpectIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); + ExpectStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); + } + } + } +#endif +#endif + + for (i = 0; i < maxIdx; i++) { + ExpectIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); + ExpectStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_OBJ_sn(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + int i = 0, maxIdx = 7; + const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, + NID_stateOrProvinceName,NID_organizationName, + NID_organizationalUnitName,NID_emailAddress}; + const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; + + ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); + for (i = 0; i < maxIdx; i++) { + ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_open_set[i]), nid_set[i]); + ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); + } +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_obj.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,45 @@ +/* test_ossl_obj.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_OBJ_H +#define WOLFCRYPT_TEST_OSSL_OBJ_H + +#include + +int test_OBJ_NAME_do_all(void); +int test_wolfSSL_OBJ(void); +int test_wolfSSL_OBJ_cmp(void); +int test_wolfSSL_OBJ_txt2nid(void); +int test_wolfSSL_OBJ_txt2obj(void); +int test_wolfSSL_OBJ_ln(void); +int test_wolfSSL_OBJ_sn(void); + +#define TEST_OSSL_OBJ_DECLS \ + TEST_DECL_GROUP("ossl_obj", test_OBJ_NAME_do_all), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ_cmp), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ_txt2nid), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ_txt2obj), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ_ln), \ + TEST_DECL_GROUP("ossl_obj", test_wolfSSL_OBJ_sn) + +#endif /* WOLFCRYPT_TEST_OSSL_OBJ_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1321 @@ +/* test_ossl_p7p12.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +int test_wolfssl_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ + !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + byte data[FOURK_BUF]; + word32 len = sizeof(data); + const byte* p = data; + byte content[] = "Test data to encode."; +#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) + BIO* bio = NULL; + byte key[sizeof(client_key_der_2048)]; + word32 keySz = (word32)sizeof(key); + byte* out = NULL; +#endif + + ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content, + (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0); + + ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len)); + ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* fail case, without PKCS7_NOVERIFY */ + p = data; + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* success case, with PKCS7_NOVERIFY */ + p = data; + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WOLFSSL_SUCCESS); + +#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) + /* test i2d */ + XMEMCPY(key, client_key_der_2048, keySz); + if (pkcs7 != NULL) { + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + } + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); +#ifndef NO_ASN_TIME + ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 655); +#else + ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 625); +#endif + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + BIO_free(bio); +#endif + + PKCS7_free(NULL); + PKCS7_free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PKCS7_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) + STACK_OF(X509)* sk = NULL; + STACK_OF(X509_INFO)* info_sk = NULL; + PKCS7 *p7 = NULL; + BIO* bio = NULL; + const byte* p = NULL; + int buflen = 0; + int i; + + /* Test twice. Once with d2i and once without to test + * that everything is free'd correctly. */ + for (i = 0; i < 2; i++) { + ExpectNotNull(p7 = PKCS7_new()); + if (p7 != NULL) { + p7->version = 1; + #ifdef NO_SHA + p7->hashOID = SHA256h; + #else + p7->hashOID = SHAh; + #endif + } + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); + ExpectIntEQ(sk_X509_INFO_num(info_sk), 2); + ExpectNotNull(sk = sk_X509_new_null()); + while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) { + X509_INFO* info = NULL; + ExpectNotNull(info = sk_X509_INFO_shift(info_sk)); + if (EXPECT_SUCCESS() && info != NULL) { + ExpectIntGT(sk_X509_push(sk, info->x509), 0); + info->x509 = NULL; + } + X509_INFO_free(info); + } + sk_X509_INFO_pop_free(info_sk, X509_INFO_free); + info_sk = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1); + if ((sk != NULL) && ((p7 == NULL) || (bio == NULL))) { + sk_X509_pop_free(sk, X509_free); + } + sk = NULL; + ExpectIntGT((buflen = BIO_get_mem_data(bio, &p)), 0); + + if (i == 0) { + PKCS7_free(p7); + p7 = NULL; + ExpectNotNull(d2i_PKCS7(&p7, &p, buflen)); + if (p7 != NULL) { + /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate + * them */ + ((WOLFSSL_PKCS7*)p7)->certs = NULL; + } + /* PKCS7_free free's the certs */ + ExpectNotNull(wolfSSL_PKCS7_to_stack(p7)); + } + + BIO_free(bio); + bio = NULL; + PKCS7_free(p7); + p7 = NULL; + } +#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PKCS7_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + + PKCS7* p7 = NULL; + PKCS7* p7Ver = NULL; + byte* out = NULL; + byte* tmpPtr = NULL; + int outLen = 0; + int flags = 0; + byte data[] = "Test data to encode."; + + const char* cert = "./certs/server-cert.pem"; + const char* key = "./certs/server-key.pem"; + const char* ca = "./certs/ca-cert.pem"; + + WOLFSSL_BIO* certBio = NULL; + WOLFSSL_BIO* keyBio = NULL; + WOLFSSL_BIO* caBio = NULL; + WOLFSSL_BIO* inBio = NULL; + X509* signCert = NULL; + EVP_PKEY* signKey = NULL; + X509* caCert = NULL; + X509_STORE* store = NULL; +#ifndef NO_PKCS7_STREAM + int z; + int ret; +#endif /* !NO_PKCS7_STREAM */ + + /* read signer cert/key into BIO */ + ExpectNotNull(certBio = BIO_new_file(cert, "r")); + ExpectNotNull(keyBio = BIO_new_file(key, "r")); + ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); + ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); + + /* read CA cert into store (for verify) */ + ExpectNotNull(caBio = BIO_new_file(ca, "r")); + ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); + + /* data to be signed into BIO */ + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + /* PKCS7_sign, bad args: signer NULL */ + ExpectNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0)); + /* PKCS7_sign, bad args: signer key NULL */ + ExpectNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0)); + /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0)); + /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS)); + /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL)); + + /* TEST SUCCESS: Not detached, not streaming, not MIME */ + { + flags = PKCS7_BINARY; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* verify with d2i_PKCS7 */ + tmpPtr = out; + ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + PKCS7_free(p7Ver); + p7Ver = NULL; + + /* verify with wc_PKCS7_VerifySignedData */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); + /* test for streaming */ + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + #endif /* !NO_PKCS7_STREAM */ + + /* compare the signer found to expected signer */ + ExpectIntNE(p7Ver->verifyCertSz, 0); + tmpPtr = NULL; + ExpectIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); + ExpectIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); + XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL); + tmpPtr = NULL; + + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg + * tests for PKCS7_final() while we have a PKCS7 pointer to use */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* PKCS7_final, bad args: PKCS7 null */ + ExpectIntEQ(PKCS7_final(NULL, inBio, 0), 0); + /* PKCS7_final, bad args: PKCS7 null */ + ExpectIntEQ(PKCS7_final(p7, NULL, 0), 0); + + tmpPtr = out; + ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + PKCS7_free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Detached, not streaming, not MIME */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_DETACHED; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + ExpectNotNull(out); + + /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + /* test for streaming */ + if (EXPECT_SUCCESS()) { + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + } + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + #endif /* !NO_PKCS7_STREAM */ + + /* verify expected failure (NULL return) from d2i_PKCS7, it does not + * yet support detached content */ + tmpPtr = out; + ExpectNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + PKCS7_free(p7Ver); + p7Ver = NULL; + + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Detached, streaming, not MIME */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + /* test for streaming */ + if (EXPECT_SUCCESS()) { + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + } + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + #endif /* !NO_PKCS7_STREAM */ + + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + PKCS7_free(p7); + p7 = NULL; + } + + X509_STORE_free(store); + X509_free(caCert); + X509_free(signCert); + EVP_PKEY_free(signKey); + BIO_free(inBio); + BIO_free(keyBio); + BIO_free(certBio); + BIO_free(caBio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PKCS7_SIGNED_new(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + PKCS7_SIGNED* pkcs7 = NULL; + + ExpectNotNull(pkcs7 = PKCS7_SIGNED_new()); + ExpectIntEQ(pkcs7->contentOID, SIGNED_DATA); + + PKCS7_SIGNED_free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_bio_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + !defined(NO_BIO) + PKCS7* pkcs7 = NULL; + BIO* bio = NULL; + const byte* cert_buf = NULL; + int ret = 0; + WC_RNG rng; + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + #elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof(sizeof_client_cert_der_1024)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz, keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp), + 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + #endif +#else + #error PKCS7 requires ECC or RSA +#endif + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + /* initialize with DER encoded cert */ + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); + + /* init rng */ + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + + if (pkcs7 != NULL) { + pkcs7->rng = &rng; + pkcs7->content = (byte*)data; /* not used for ex */ + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->contentOID = SIGNED_DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->signedAttribs = NULL; + pkcs7->signedAttribsSz = 0; + } + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ + ExpectIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); + + /* Read PKCS#7 PEM from BIO */ + ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf); + ExpectIntGE(ret, 0); + + BIO_free(bio); + wc_PKCS7_Free(pkcs7); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_bio_encryptedKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) && !defined(NO_CERTS) && \ + !defined(NO_DES3) + RSA* rsaKey = NULL; + RSA* retKey = NULL; + const EVP_CIPHER *cipher = NULL; + BIO* bio = NULL; + BIO* retbio = NULL; + byte* out; + const char* password = "wolfssl"; + word32 passwordSz =(word32)XSTRLEN((char*)password); + int membufSz = 0; + +#if defined(USE_CERT_BUFFERS_2048) + const byte* key = client_key_der_2048; + word32 keySz = sizeof_client_key_der_2048; +#elif defined(USE_CERT_BUFFERS_1024) + const byte* key = client_key_der_1024; + word32 keySz = sizeof_client_key_der_1024; +#endif + /* Import Rsa Key */ + ExpectNotNull(rsaKey = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz, + WOLFSSL_RSA_LOAD_PRIVATE), 1); + + ExpectNotNull(cipher = EVP_des_ede3_cbc()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher, + (byte*)password, passwordSz, NULL, NULL), 1); + ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0); + ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz)); + ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL, + NULL, (void*)password))); + if (bio != NULL) { + BIO_free(bio); + } + if (retbio != NULL) { + BIO_free(retbio); + } + if (retKey != NULL) { + RSA_free(retKey); + } + if (rsaKey != NULL) { + RSA_free(rsaKey); + } +#endif + return EXPECT_RESULT(); +} + +/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */ +int test_wolfSSL_SMIME_read_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && !defined(NO_BIO) && defined(HAVE_SMIME) + PKCS7* pkcs7 = NULL; + BIO* bio = NULL; + BIO* bcont = NULL; + BIO* out = NULL; + const byte* outBuf = NULL; + int outBufLen = 0; + static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; + XFILE smimeTestFile = XBADFILE; + + ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) != + XBADFILE); + + /* smime-test.p7s */ + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + ExpectNotNull(bio); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-multipart.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-multipart-badsig.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", + "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */ + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-canon.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */ + smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + out = wolfSSL_BIO_new(BIO_s_mem()); + ExpectNotNull(out); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out, + PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS); + ExpectIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0); + /* Content-Type should not show up at beginning of output buffer */ + ExpectIntGT(outBufLen, XSTRLEN(contTypeText)); + ExpectIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0); + + BIO_free(out); + BIO_free(bio); + if (bcont) BIO_free(bcont); + wolfSSL_PKCS7_free(pkcs7); +#endif + return EXPECT_RESULT(); +} +/* // NOLINTEND(clang-analyzer-unix.Stream) */ + +int test_wolfSSL_SMIME_write_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA) && \ + !defined(NO_BIO) && defined(HAVE_SMIME) + PKCS7* p7 = NULL; + PKCS7* p7Ver = NULL; + int flags = 0; + byte data[] = "Test data to encode."; + + const char* cert = "./certs/server-cert.pem"; + const char* key = "./certs/server-key.pem"; + const char* ca = "./certs/ca-cert.pem"; + + WOLFSSL_BIO* certBio = NULL; + WOLFSSL_BIO* keyBio = NULL; + WOLFSSL_BIO* caBio = NULL; + WOLFSSL_BIO* inBio = NULL; + WOLFSSL_BIO* outBio = NULL; + WOLFSSL_BIO* content = NULL; + X509* signCert = NULL; + EVP_PKEY* signKey = NULL; + X509* caCert = NULL; + X509_STORE* store = NULL; + + /* read signer cert/key into BIO */ + ExpectNotNull(certBio = BIO_new_file(cert, "r")); + ExpectNotNull(keyBio = BIO_new_file(key, "r")); + ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); + ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); + + /* read CA cert into store (for verify) */ + ExpectNotNull(caBio = BIO_new_file(ca, "r")); + ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); + + + /* generate and verify SMIME: not detached */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + /* bad arg: out NULL */ + ExpectIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0); + /* bad arg: pkcs7 NULL */ + ExpectIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: not detached, add Content-Type */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM | PKCS7_TEXT; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: detached */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_DETACHED | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + X509_STORE_free(store); + X509_free(caCert); + X509_free(signCert); + EVP_PKEY_free(signKey); + BIO_free(keyBio); + BIO_free(certBio); + BIO_free(caBio); +#endif + return EXPECT_RESULT(); +} + +/* Testing functions dealing with PKCS12 parsing out X509 certs */ +int test_wolfSSL_PKCS12(void) +{ + EXPECT_DECLS; + /* .p12 file is encrypted with DES3 */ +#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes + * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit) + * Password Key + */ +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ + !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) && \ + defined(WOLFSSL_AES_256) + byte buf[6000]; + char file[] = "./certs/test-servercert.p12"; + char order[] = "./certs/ecc-rsa-server.p12"; +#ifdef WC_RC2 + char rc2p12[] = "./certs/test-servercert-rc2.p12"; +#endif + char pass[] = "a password"; + const char goodPsw[] = "wolfSSL test"; + const char badPsw[] = "bad"; +#ifdef HAVE_ECC + WOLFSSL_X509_NAME *subject = NULL; + WOLFSSL_X509 *x509 = NULL; +#endif + XFILE f = XBADFILE; + int bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0; + WOLFSSL_BIO *bio = NULL; + WOLFSSL_EVP_PKEY *pkey = NULL; + WC_PKCS12 *pkcs12 = NULL; + WC_PKCS12 *pkcs12_2 = NULL; + WOLFSSL_X509 *cert = NULL; + WOLFSSL_X509 *tmp = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; +#endif + + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + goodPswLen = (int)XSTRLEN(goodPsw); + badPswLen = (int)XSTRLEN(badPsw); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + + ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ + ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12)); + ExpectNotNull(pkcs12); + BIO_free(bio); + bio = NULL; + + /* check verify MAC directly */ + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1); + + /* check verify MAC fail case directly */ + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0); + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with no extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) + + /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + /* Copy stack structure */ + ExpectNotNull(tmp_ca = X509_chain_up_ref(ca)); + ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); + /* CTX now owns the tmp_ca stack structure */ + tmp_ca = NULL; + ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); + ExpectNotNull(tmp_ca); + ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); + /* Check that the main cert is also set */ + ExpectNotNull(SSL_CTX_get0_certificate(ctx)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectNotNull(SSL_get_certificate(ssl)); + SSL_free(ssl); + SSL_CTX_free(ctx); + ctx = NULL; +#endif +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + /* should be 2 other certs on stack */ + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNull(sk_X509_pop(ca)); + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, X509_free); + ca = NULL; + + /* check PKCS12_create */ + ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); + ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + SSL_SUCCESS); + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + -1, -1, 100, -1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + 2000, 1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + /* convert to DER then back and parse */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + + ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); + BIO_free(bio); + bio = NULL; + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + + /* should be 2 other certs on stack */ + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNull(sk_X509_pop(ca)); + + +#ifndef NO_RC4 + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, + NID_pbe_WithSHA1And128BitRC4, + NID_pbe_WithSHA1And128BitRC4, + 2000, 1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + +#endif /* NO_RC4 */ + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + +#ifdef HAVE_ECC + /* test order of parsing */ + ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), + WOLFSSL_SUCCESS); + + /* check use of pkey after parse */ +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + SSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif + + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + /* compare subject lines of certificates */ + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + X509_free(x509); + x509 = NULL; + + /* test expected fail case */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + SSL_FILETYPE_PEM)); + ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + X509_free(x509); + x509 = NULL; + X509_free(cert); + cert = NULL; + + /* get subject line from ca stack */ + ExpectNotNull(cert = sk_X509_pop(ca)); + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + + /* compare subject from certificate in ca to expected */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + + /* modify case and compare subject from certificate in ca to expected. + * The first bit of the name is: + * /C=US/ST=Washington + * So we'll change subject->name[1] to 'c' (lower case) */ + if (subject != NULL) { + subject->name[1] = 'c'; + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + } + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(x509); + x509 = NULL; + X509_free(cert); + cert = NULL; + BIO_free(bio); + bio = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; + sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ + ca = NULL; + + /* test order of parsing */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with no extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + PKCS12_free(pkcs12); + pkcs12 = NULL; +#endif /* HAVE_ECC */ + +#ifdef WC_RC2 + /* test PKCS#12 with RC2 encryption */ + ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with not extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + WOLFSSL_SUCCESS); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + WOLFSSL_SUCCESS); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_X509_free(cert); + sk_X509_pop_free(ca, NULL); + + BIO_free(bio); + bio = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; +#endif /* WC_RC2 */ + + /* Test i2d_PKCS12_bio */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1); + + ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0); + + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0); + + PKCS12_free(pkcs12); + BIO_free(bio); + + (void)order; +#endif /* OPENSSL_EXTRA */ +#endif /* HAVE_FIPS */ + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_p7p12.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,54 @@ +/* test_ossl_p7p12.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_P7P12_H +#define WOLFCRYPT_TEST_OSSL_P7P12_H + +#include + +int test_wolfssl_PKCS7(void); +int test_wolfSSL_PKCS7_certs(void); +int test_wolfSSL_PKCS7_sign(void); +int test_wolfSSL_PKCS7_SIGNED_new(void); +int test_wolfSSL_PEM_write_bio_PKCS7(void); +int test_wolfSSL_PEM_write_bio_encryptedKey(void); +int test_wolfSSL_SMIME_read_PKCS7(void); +int test_wolfSSL_SMIME_write_PKCS7(void); +int test_wolfSSL_PKCS12(void); + +#define TEST_OSSL_PKCS7_DECLS \ + TEST_DECL_GROUP("ossl_p7", test_wolfssl_PKCS7), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_PKCS7_certs), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_PKCS7_sign), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_PKCS7_SIGNED_new), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_PEM_write_bio_PKCS7), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_PEM_write_bio_encryptedKey), \ + TEST_DECL_GROUP("ossl_p7", test_wolfSSL_RAND_poll) + +#define TEST_OSSL_SMIME_DECLS \ + TEST_DECL_GROUP("ossl_smime", test_wolfSSL_SMIME_read_PKCS7), \ + TEST_DECL_GROUP("ossl_smime", test_wolfSSL_SMIME_write_PKCS7) + +#define TEST_OSSL_PKCS12_DECLS \ + TEST_DECL_GROUP("ossl_p12", test_wolfSSL_PKCS12) + +#endif /* WOLFCRYPT_TEST_OSSL_P7P12_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1261 @@ +/* test_ossl_pem.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + + +int test_wolfSSL_PEM_def_callback(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + char buf[10]; + const char* defpwd = "DEF PWD"; + int defpwdLen = (int)XSTRLEN(defpwd); + int smallLen = 1; + + /* Bad parameters. */ + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), + 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); + + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), + defpwdLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); + ExpectIntEQ(buf[defpwdLen], 0); + /* Size of buffer is smaller than default password. */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), + smallLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); + ExpectIntEQ(buf[smallLen], 0); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) + XFILE file = XBADFILE; +#if !defined(NO_RSA) + const char* fname_rsa = "./certs/server-key.pem"; + RSA* rsa = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + unsigned char* sig = NULL; + size_t sigLen = 0; + const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; + size_t tbsLen = sizeof(tbs); +#endif +#if !defined(NO_DSA) + const char* fname_dsa = "./certs/dsa2048.pem"; +#endif +#if defined(HAVE_ECC) + const char* fname_ec = "./certs/ecc-key.pem"; +#endif +#if !defined(NO_DH) + const char* fname_dh = "./certs/dh-priv-2048.pem"; +#endif + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); + + /* not a PEM key. */ + ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + +#ifndef NO_RSA + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + + /* Make sure the key is usable by signing some data with it. */ + ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); + ExpectIntGT((sigLen = RSA_size(rsa)), 0); + ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), + WOLFSSL_SUCCESS); + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DSA + /* Read in a DSA key. */ + ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif + +#ifdef HAVE_ECC + /* Read in an EC key. */ + ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DH + /* Read in a DH key. */ + ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ + && !defined(NO_FILESYSTEM) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); + + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); + EVP_PKEY_free(pkey); + if (file != XBADFILE) + XFCLOSE(file); +#endif + return EXPECT_RESULT(); +} + +/* test loading RSA key using BIO */ +int test_wolfSSL_PEM_PrivateKey_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ + !defined(NO_BIO) + BIO* bio = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/server-key.pem"; + const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; + EVP_PKEY* pkey = NULL; + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + RSA* rsa_key = NULL; +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + unsigned char extra[10]; + int i; + BIO* pub_bio = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#endif + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + + /* New empty EVP_PKEY */ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_RSA; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case : rsa pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + + ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); + ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + + RSA_free(rsa_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; + pkey2 = NULL; + +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + #define BIO_PEM_TEST_CHAR 'a' + XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectNull(pkey); + + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + ExpectIntEQ(BIO_pending(bio), 1679); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 451); +#else + /* Not supported. */ + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); +#endif + + /* test creating new EVP_PKEY with good args */ + ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + + /* test of reuse of EVP_PKEY */ + ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + /* add 10 extra bytes after PEM */ + ExpectIntEQ(BIO_write(bio, extra, 10), 10); + ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectNotNull(pkey); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + /* check 10 extra bytes still there */ + ExpectIntEQ(BIO_pending(bio), 10); + ExpectIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); + } + + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + EVP_PKEY_free(pkey2); +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && + * !NO_FILESYSTEM && !NO_BIO */ + return EXPECT_RESULT(); +} + +/* test loading ECC key using BIO */ +int test_wolfSSL_PEM_PrivateKey_ecc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-key.pem"; + const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; + + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + EC_KEY* ec_key = NULL; + int nid = 0; + BIO* pub_bio = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + /* No parameters. */ + ExpectIntEQ(BIO_pending(bio), 227); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 178); +#endif + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(pkey3 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_EC; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); + + + /* Qt unit test case 1*/ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); + #endif + /* Test default digest */ + ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); + ExpectIntEQ(nid, NID_sha256); + EC_KEY_free(ec_key); + ec_key = NULL; + EVP_PKEY_free(pkey3); + pkey3 = NULL; + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case ec pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + /* Qt unit test case */ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + return EXPECT_RESULT(); +} + +/* test loading DSA key using BIO */ +int test_wolfSSL_PEM_PrivateKey_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); + /* Private DSA EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif +#endif + +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif + BIO_reset(bio); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + ExpectIntEQ(BIO_pending(bio), 1196); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +/* test loading DH key using BIO */ +int test_wolfSSL_PEM_PrivateKey_dh(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + int expectedBytes = 0; + + ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); + /* Private DH EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), expectedBytes); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) +#ifndef NO_BIO + BIO* bio = NULL; +#endif + EVP_PKEY* pkey = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + +#ifndef NO_BIO + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* Test bad EVP_PKEY type. */ + /* New HMAC EVP_PKEY */ + ExpectNotNull(bio = BIO_new_mem_buf("", 1)); + ExpectNotNull(pkey = EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = EVP_PKEY_HMAC; + } + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 0); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + + + /* key is DES encrypted */ + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ + !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ + !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + { + XFILE f = XBADFILE; + wc_pem_password_cb* passwd_cb = NULL; + void* passwd_cb_userdata; + SSL_CTX* ctx = NULL; + char passwd[] = "bad password"; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method())); + #endif + #endif + + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); + ExpectNull(passwd_cb_userdata = + SSL_CTX_get_default_passwd_cb_userdata(ctx)); + + /* fail case with password call back */ + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (void*)passwd)); + BIO_free(bio); + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)passwd)); + BIO_free(bio); + + ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE); + ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); + if ((bio == NULL) && (f != XBADFILE)) { + XFCLOSE(f); + } + + /* use callback that works */ + ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)"yassl123")); + + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + SSL_CTX_free(ctx); + } + #endif /* !defined(NO_DES3) */ + +#endif /* !NO_BIO */ + + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + unsigned char buf[2048]; + size_t bytes = 0; + XFILE f = XBADFILE; + SSL_CTX* ctx = NULL; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); + #endif + #endif + + ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + server_key = buf; + pkey = NULL; + ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long int)bytes)); + ExpectNull(pkey); + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long int)bytes)); + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + SSL_CTX_free(ctx); + server_key = NULL; + } + #endif + +#ifndef NO_BIO + (void)bio; +#endif + (void)pkey; + (void)server_key; +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_file_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + RSA* rsa = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(RSA_size(rsa), 256); + + ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); + + ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); + + RSA_free(rsa); +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_file_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) + RSA* rsa = NULL; + XFILE f = NULL; + + ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + RSA_free(rsa); + +#ifdef HAVE_ECC + ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE); + ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + if (f != XBADFILE) + XFCLOSE(f); +#endif /* HAVE_ECC */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_RSA_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + RSA *rsa = NULL; + + ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + RSA_free(rsa); + if (file != XBADFILE) + XFCLOSE(file); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + byte buff[6000]; + XFILE f = XBADFILE; + int bytes = 0; + X509* x509 = NULL; + BIO* bio = NULL; + BUF_MEM* buf = NULL; + + ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); + ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); + ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); + /* BIO should return the set EOF value */ + ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); + ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); + ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); + ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); + + BIO_free(bio); + BUF_MEM_free(buf); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_BIO) + RSA* rsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); + ExpectNotNull(rsa); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + RSA_free(rsa); + rsa = NULL; + + /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ + ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-rsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + #endif /* HAVE_ECC */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) + RSA* rsa = NULL; + RSA* rsa_dup = NULL; + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + ExpectNull(rsa_dup = RSAPublicKey_dup(NULL)); + /* Test duplicating empty key. */ + ExpectNotNull(rsa_dup = RSA_new()); + ExpectNull(RSAPublicKey_dup(rsa_dup)); + RSA_free(rsa_dup); + rsa_dup = NULL; + ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa)); + ExpectPtrNE(rsa_dup, rsa); +#endif + + /* test if valgrind complains about unreleased memory */ + RSA_up_ref(rsa); + RSA_free(rsa); + + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + RSA_free(rsa_dup); + rsa_dup = NULL; + +#ifdef HAVE_ECC + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + + BIO_free(bio); +#endif /* HAVE_ECC */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_DSAKey(void) +{ + EXPECT_DECLS; +#ifndef HAVE_SELFTEST +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && \ + !defined(NO_DSA) && !defined(NO_BIO) + DSA* dsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-dsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + #endif /* HAVE_ECC */ +#endif +#endif /* HAVE_SELFTEST */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_bio_ECKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_ECC) && !defined(NO_BIO) + EC_KEY* ec = NULL; + EC_KEY* ec2; + BIO* bio = NULL; +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + int pLen; +#endif + static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" + "MAA=\n" + "-----END PUBLIC KEY-----"; + static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" + "MAA=\n" + "-----END EC PRIVATE KEY-----"; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Public key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, + NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + NULL), 0); +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + &pLen), 1); + ExpectIntGT(pLen, 0); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + EC_KEY_free(ec); + ec = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, + sizeof(ec_key_bad_1))); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Private key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + /* Same test as above, but with a file pointer rather than a BIO. */ + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); + + EC_KEY_free(ec); + ec = NULL; + + #ifndef NO_RSA + /* ensure that non-ec keys do not work */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ + ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EC_KEY_free(ec); + ec = NULL; + #endif /* !NO_RSA */ + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, + sizeof(ec_priv_key_bad_1))); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-client-keyPub.pem"; + size_t sz = 0; + byte* buf = NULL; + + EVP_PKEY* pkey2 = NULL; + EC_KEY* ec_key = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + + /* Qt unit test case*/ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); + #endif + + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + (void)bio; + (void)pkey; +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_pem.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,65 @@ +/* test_ossl_pem.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SSL_PEM_H +#define WOLFCRYPT_TEST_SSL_PEM_H + +#include + +int test_wolfSSL_PEM_def_callback(void); +int test_wolfSSL_PEM_read_PrivateKey(void); +int test_wolfSSL_PEM_read_PUBKEY(void); +int test_wolfSSL_PEM_PrivateKey_rsa(void); +int test_wolfSSL_PEM_PrivateKey_ecc(void); +int test_wolfSSL_PEM_PrivateKey_dsa(void); +int test_wolfSSL_PEM_PrivateKey_dh(void); +int test_wolfSSL_PEM_PrivateKey(void); +int test_wolfSSL_PEM_file_RSAKey(void); +int test_wolfSSL_PEM_file_RSAPrivateKey(void); +int test_wolfSSL_PEM_read_RSA_PUBKEY(void); +int test_wolfSSL_PEM_read_bio(void); +int test_wolfSSL_PEM_bio_RSAKey(void); +int test_wolfSSL_PEM_bio_RSAPrivateKey(void); +int test_wolfSSL_PEM_bio_DSAKey(void); +int test_wolfSSL_PEM_bio_ECKey(void); +int test_wolfSSL_PEM_PUBKEY(void); + + +#define TEST_SSL_PEM_DECLS \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_def_callback), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_PrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_PUBKEY), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_rsa), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_ecc), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dsa), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey_dh), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_file_RSAPrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_RSA_PUBKEY), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_read_bio), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_RSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_RSAPrivateKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_DSAKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_bio_ECKey), \ + TEST_DECL_GROUP("ossl_pem", test_wolfSSL_PEM_PUBKEY) + +#endif /* WOLFCRYPT_TEST_SSL_PEM_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,340 @@ +/* test_ossl_rand.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if defined(__linux__) || defined(__FreeBSD__) +#include +#include +#endif + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) +static int stub_rand_seed(const void *buf, int num) +{ + (void)buf; + (void)num; + + return 123; +} + +static int stub_rand_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 456; +} + +static byte* was_stub_rand_cleanup_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static void stub_rand_cleanup(void) +{ + byte* was_called = was_stub_rand_cleanup_called(); + + *was_called = 1; + + return; +} + +static byte* was_stub_rand_add_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static int stub_rand_add(const void *buf, int num, double entropy) +{ + byte* was_called = was_stub_rand_add_called(); + + (void)buf; + (void)num; + (void)entropy; + + *was_called = 1; + + return 0; +} + +static int stub_rand_pseudo_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 9876; +} + +static int stub_rand_status(void) +{ + return 5432; +} +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ + +int test_wolfSSL_RAND_set_rand_method(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) + RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; + unsigned char* buf = NULL; + int num = 0; + double entropy = 0; + int ret; + byte* was_cleanup_called = was_stub_rand_cleanup_called(); + byte* was_add_called = was_stub_rand_add_called(); + + ExpectNotNull(buf = (byte*)XMALLOC(32 * sizeof(byte), NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntNE(wolfSSL_RAND_status(), 5432); + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 0); + + + rand_methods.seed = &stub_rand_seed; + rand_methods.bytes = &stub_rand_bytes; + rand_methods.cleanup = &stub_rand_cleanup; + rand_methods.add = &stub_rand_add; + rand_methods.pseudorand = &stub_rand_pseudo_bytes; + rand_methods.status = &stub_rand_status; + + ExpectIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); + ExpectIntEQ(RAND_seed(buf, num), 123); + ExpectIntEQ(RAND_bytes(buf, num), 456); + ExpectIntEQ(RAND_pseudo_bytes(buf, num), 9876); + ExpectIntEQ(RAND_status(), 5432); + + ExpectIntEQ(*was_add_called, 0); + /* The function pointer for RAND_add returns int, but RAND_add itself + * returns void. */ + RAND_add(buf, num, entropy); + ExpectIntEQ(*was_add_called, 1); + was_add_called = 0; + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 1); + *was_cleanup_called = 0; + + + ret = RAND_set_rand_method(NULL); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntNE(RAND_status(), 5432); + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 0); + + RAND_set_rand_method(NULL); + + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_RAND_bytes(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */ + const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */ + const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */ + const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ + int max_bufsize; + byte *my_buf = NULL; +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) + byte seed[16] = {0}; + byte randbuf[8] = {0}; + int pipefds[2] = {0}; + pid_t pid = 0; +#endif + + /* sanity check */ + ExpectIntEQ(RAND_bytes(NULL, 16), 0); + ExpectIntEQ(RAND_bytes(NULL, 0), 0); + + max_bufsize = size4; + + ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntEQ(RAND_bytes(my_buf, 0), 1); + ExpectIntEQ(RAND_bytes(my_buf, -1), 0); + + ExpectNotNull(XMEMSET(my_buf, 0, max_bufsize)); + ExpectIntEQ(RAND_bytes(my_buf, size1), 1); + ExpectIntEQ(RAND_bytes(my_buf, size2), 1); + ExpectIntEQ(RAND_bytes(my_buf, size3), 1); + ExpectIntEQ(RAND_bytes(my_buf, size4), 1); + XFREE(my_buf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) + XMEMSET(seed, 0, sizeof(seed)); + RAND_cleanup(); + + /* No global methods set. */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + + ExpectIntEQ(pipe(pipefds), 0); + pid = fork(); + ExpectIntGE(pid, 0); + if (pid == 0) { + ssize_t n_written = 0; + + /* Child process. */ + close(pipefds[0]); + RAND_bytes(randbuf, sizeof(randbuf)); + n_written = write(pipefds[1], randbuf, sizeof(randbuf)); + close(pipefds[1]); + exit(n_written == sizeof(randbuf) ? 0 : 1); + } + else { + /* Parent process. */ + byte childrand[8] = {0}; + int waitstatus = 0; + + close(pipefds[1]); + ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1); + ExpectIntEQ(read(pipefds[0], childrand, sizeof(childrand)), + sizeof(childrand)); + #ifdef WOLFSSL_NO_GETPID + ExpectBufEQ(randbuf, childrand, sizeof(randbuf)); + #else + ExpectBufNE(randbuf, childrand, sizeof(randbuf)); + #endif + close(pipefds[0]); + waitpid(pid, &waitstatus, 0); + } + RAND_cleanup(); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RAND(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + byte seed[16]; + + XMEMSET(seed, 0, sizeof(seed)); + + /* No global methods set. */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + RAND_cleanup(); + + ExpectIntEQ(RAND_egd(NULL), -1); +#ifndef NO_FILESYSTEM + { + char fname[100]; + + ExpectNotNull(RAND_file_name(fname, (sizeof(fname) - 1))); + ExpectIntEQ(RAND_write_file(NULL), 0); + } +#endif +#endif + return EXPECT_RESULT(); +} + + +#if defined(WC_RNG_SEED_CB) && defined(OPENSSL_EXTRA) +static int wc_DummyGenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + for (i = 0; i < sz; i++ ) + output[i] = (byte)i; + + (void)os; + + return 0; +} +#endif /* WC_RNG_SEED_CB */ + + +int test_wolfSSL_RAND_poll(void) +{ + EXPECT_DECLS; + +#if defined(OPENSSL_EXTRA) + byte seed[16]; + byte rand1[16]; +#ifdef WC_RNG_SEED_CB + byte rand2[16]; +#endif + + XMEMSET(seed, 0, sizeof(seed)); + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + ExpectIntEQ(RAND_bytes(rand1, 16), 1); + RAND_cleanup(); + +#ifdef WC_RNG_SEED_CB + /* Test with custom seed and poll */ + wc_SetSeed_Cb(wc_DummyGenerateSeed); + + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_bytes(rand1, 16), 1); + RAND_cleanup(); + + /* test that the same value is generated twice with dummy seed function */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_bytes(rand2, 16), 1); + ExpectIntEQ(XMEMCMP(rand1, rand2, 16), 0); + RAND_cleanup(); + + /* test that doing a poll is reseeding RNG */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + ExpectIntEQ(RAND_bytes(rand2, 16), 1); + ExpectIntNE(XMEMCMP(rand1, rand2, 16), 0); + + /* reset the seed function used */ + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif + RAND_cleanup(); + + ExpectIntEQ(RAND_egd(NULL), -1); +#endif + + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rand.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,39 @@ +/* test_ossl_rand.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_RAND_H +#define WOLFCRYPT_TEST_OSSL_RAND_H + +#include + +int test_wolfSSL_RAND_set_rand_method(void); +int test_wolfSSL_RAND_bytes(void); +int test_wolfSSL_RAND(void); +int test_wolfSSL_RAND_poll(void); + +#define TEST_OSSL_RAND_DECLS \ + TEST_DECL_GROUP("ossl_rand", test_wolfSSL_RAND_set_rand_method), \ + TEST_DECL_GROUP("ossl_rand", test_wolfSSL_RAND_bytes), \ + TEST_DECL_GROUP("ossl_rand", test_wolfSSL_RAND), \ + TEST_DECL_GROUP("ossl_rand", test_wolfSSL_RAND_poll) + +#endif /* WOLFCRYPT_TEST_OSSL_RAND_H */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -402,12 +402,11 @@ for (i = 0; tbl[i].der != NULL; i++) { - /* Passing in pointer results in pointer moving. */ + /* d2i_RSAPublicKey should fail when given private key DER. + * wc_RsaPublicKeyDecode correctly rejects private key format. */ buff = tbl[i].der; - ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz)); - ExpectNotNull(rsa); - RSA_free(rsa); - rsa = NULL; + ExpectNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz)); + ExpectNull(rsa); } for (i = 0; tbl[i].der != NULL; i++) { @@ -1470,8 +1469,10 @@ rsa = NULL; ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); - ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz); outDer = out; @@ -1491,14 +1492,17 @@ RSA_free(rsa); ExpectNotNull(rsa = RSA_new()); - ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); RSA_free(rsa); der = pubDer; rsa = NULL; ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz)); - ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); RSA_free(rsa); #endif #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_sk.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,7 +55,7 @@ WOLFSSL_STACK* stack = NULL; WOLFSSL_STACK* node1 = NULL; WOLFSSL_STACK* node2 = NULL; - WOLFSSL_STACK* node; + WOLFSSL_STACK* node = NULL; ExpectNotNull(node1 = wolfSSL_sk_new_node(HEAP_HINT)); ExpectNotNull(node2 = wolfSSL_sk_new_node(HEAP_HINT)); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_sk.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ossl_sk.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1726 @@ +/* test_ossl_x509.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_x509_get_key_id(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + const ASN1_STRING* str = NULL; + byte* keyId = NULL; + byte keyIdData[32]; + int len; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + len = (int)sizeof(keyIdData); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNotNull(str = X509_get0_subject_key_id(x509)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + len = (int)sizeof(keyIdData); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, ASN1_STRING_length(str)); + ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + + ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL)); + len = (int)sizeof(keyIdData); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, 20); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_cmp_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ +&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) + WOLFSSL_ASN1_TIME asn_time; + time_t t; + + ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); + XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); + ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); + + ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); + ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); + ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_time_adj(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ + !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ + !defined(NO_ASN_TIME) + X509* x509 = NULL; + time_t t; + time_t not_before; + time_t not_after; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + t = 0; + not_before = wc_Time(0); + not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ + ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); + ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); + /* Check X509_gmtime_adj, too. */ + ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NID(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + int sigType; + int nameSz = 0; + + X509* cert = NULL; + EVP_PKEY* pubKeyTmp = NULL; + X509_NAME* name = NULL; + + char commonName[80]; + char countryName[80]; + char localityName[80]; + char stateName[80]; + char orgName[80]; + char orgUnit[80]; + + /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ + + /* convert cert from DER to internal WOLFSSL_X509 struct */ + ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, + sizeof_client_cert_der_2048, HEAP_HINT)); + + /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ + + /* extract PUBLIC KEY from cert */ + ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert)); + + /* extract signatureType */ + ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0); + ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); + + /* extract subjectName info */ + ExpectNotNull(name = X509_get_subject_name(cert)); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, -2), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + NULL, 0)), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, sizeof(commonName))), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, 9)), 0); + ExpectIntEQ(nameSz, 8); + ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, + countryName, sizeof(countryName))), 0); + ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, + localityName, sizeof(localityName))), 0); + ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); + ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, + orgName, sizeof(orgName))), 0); + ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); + ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); + + EVP_PKEY_free(pubKeyTmp); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_X509_NAME_canon(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ + defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) + const long ex_hash1 = 0x0fdb2da4; + const long ex_hash2 = 0x9f3e8c9e; + X509_NAME *name = NULL; + X509 *x509 = NULL; + XFILE file = XBADFILE; + unsigned long hash = 0; + byte digest[WC_MAX_DIGEST_SIZE] = {0}; + byte *pbuf = NULL; + word32 len = 0; + (void) ex_hash2; + + ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + /* When output buffer is NULL, should return necessary output buffer + * length.*/ + ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + ExpectIntEQ(hash, ex_hash1); + + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + X509_free(x509); + x509 = NULL; + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); + pbuf = NULL; + + ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + + ExpectIntEQ(hash, ex_hash2); + + if (file != XBADFILE) + XFCLOSE(file); + X509_free(x509); + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_X509_subject_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* subjectName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_subject_name_hash(NULL), 0); + ExpectIntEQ(X509_subject_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); + + /* These two + * - X509_subject_name_hash(x509) + * - X509_NAME_hash(X509_get_subject_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_subject_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_subject_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_issuer_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* issuertName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_issuer_name_hash(NULL), 0); + ExpectIntEQ(X509_issuer_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); + + /* These two + * - X509_issuer_name_hash(x509) + * - X509_NAME_hash(X509_get_issuer_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_issuer_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_SHA) && !defined(NO_RSA) + X509* x509 = NULL; + const char altName[] = "example.com"; + const char badAltName[] = "a.example.com"; + + ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(x509); + + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_email(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) + X509* x509 = NULL; + X509* empty = NULL; + const char goodEmail[] = "info@wolfssl.com"; + const char badEmail[] = "disinfo@wolfssl.com"; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + + ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail), + 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail), + 0), 0); + + /* Should fail on non-matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should succeed on matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), + 0), WOLFSSL_SUCCESS); + /* Should compute length internally when not provided */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), + WOLFSSL_SUCCESS); + /* Should fail when email address is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(empty); + X509_free(x509); + + /* Should fail when x509 is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509* x509 = NULL; +#ifndef NO_BIO + BIO* bio = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE* store = NULL; +#endif + char der[] = "certs/ca-cert.der"; + XFILE fp = XBADFILE; + int derSz = 0; + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(wolfSSL_X509_get_der(x509, &derSz)); +#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN) + ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE); +#endif + ExpectNull(wolfSSL_X509_dup(x509)); + X509_free(x509); + x509 = NULL; + +#ifndef NO_BIO + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + +#ifdef WOLFSSL_CERT_GEN + ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + + ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING)); + + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); + +#ifndef NO_WOLFSSL_STUB + ExpectStrEQ(X509_get_default_cert_file_env(), ""); + ExpectStrEQ(X509_get_default_cert_file(), ""); + ExpectStrEQ(X509_get_default_cert_dir_env(), ""); + ExpectStrEQ(X509_get_default_cert_dir(), ""); +#endif + + ExpectNull(wolfSSL_X509_get_der(NULL, NULL)); + ExpectNull(wolfSSL_X509_get_der(x509, NULL)); + ExpectNull(wolfSSL_X509_get_der(NULL, &derSz)); + + ExpectIntEQ(wolfSSL_X509_version(NULL), 0); + ExpectIntEQ(wolfSSL_X509_version(x509), 3); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(x509); + x509 = NULL; + BIO_free(bio); + bio = NULL; +#endif + + /** d2i_X509_fp test **/ + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + ExpectNotNull(x509); + +#ifdef HAVE_EX_DATA_CRYPTO + ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0); +#endif + ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1)); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#ifdef HAVE_EX_DATA + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1); + ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der); +#else + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#endif + + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509)); + ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + ExpectNotNull(x509); + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) + XFCLOSE(fp); + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new_file(der, "rb")); + ExpectNull(d2i_X509_bio(NULL, &x509)); + ExpectNotNull(x509 = d2i_X509_bio(bio, NULL)); + ExpectNotNull(x509); + X509_free(x509); + BIO_free(bio); + bio = NULL; +#endif + + /* X509_up_ref test */ + ExpectIntEQ(X509_up_ref(NULL), 0); + ExpectNotNull(x509 = X509_new()); /* refCount = 1 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ + X509_free(x509); /* refCount = 2 */ + X509_free(x509); /* refCount = 1 */ + X509_free(x509); /* refCount = 0, free */ + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get0_tbs_sigalg(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + const X509_ALGOR* alg; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(alg = X509_get0_tbs_sigalg(NULL)); + ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, + 1), WOLFSSL_SUCCESS); + ExpectNotNull(x509 = X509_new()); + + ExpectIntEQ(X509_set_subject_name(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(NULL, name), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_set_issuer_name(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(NULL, name), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + + X509_free(x509); + X509_NAME_free(name); +#endif /* OPENSSL_ALL && !NO_CERTS */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_notAfterBefore(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ + && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) + X509* x = NULL; + BIO* bio = NULL; + ASN1_TIME* asn_time = NULL; + ASN1_TIME* time_check = NULL; + WOLFSSL_ASN1_TIME crafted_time; + WOLFSSL_ASN1_TIME* retrieved = NULL; + const byte* raw = NULL; + const int year = 365 * 24 * 60 * 60; + const int day = 24 * 60 * 60; + const int hour = 60 * 60; + const int mini = 60; + unsigned char buf[25]; + const unsigned char valid_utc[] = "250101120000Z"; + const int valid_utc_len = 13; + int i; + + ExpectNotNull(x = X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + + /* --- notBefore: set, get, validate, print --- */ + { + time_t t = (time_t)49 * year + 125 * day + 20 * hour + + 30 * mini + 7 * day; + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, 7, 0); + } + ExpectNotNull(asn_time); + ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time)); + ExpectNotNull(time_check = X509_get_notBefore(x)); + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); + + /* wolfSSL_X509_notBefore returns [type][length][data...] */ + ExpectNotNull(raw = wolfSSL_X509_notBefore(x)); + ExpectIntEQ(raw[0], time_check->type); + ExpectIntEQ(raw[1], time_check->length); + ExpectIntEQ(XMEMCMP(&raw[2], time_check->data, time_check->length), 0); + + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + asn_time = NULL; + + /* --- notAfter: set, get, validate, print (needs 64-bit time_t) --- */ +#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) + { + time_t t = (time_t)107 * year + 31 * day + 34 * hour + + 30 * mini + 7 * day; + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, 7, 0); + } + ExpectNotNull(asn_time); + ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time)); + ExpectNotNull(time_check = X509_get_notAfter(x)); + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); + + /* wolfSSL_X509_notAfter returns [type][length][data...] */ + ExpectNotNull(raw = wolfSSL_X509_notAfter(x)); + ExpectIntEQ(raw[0], time_check->type); + ExpectIntEQ(raw[1], time_check->length); + ExpectIntEQ(XMEMCMP(&raw[2], time_check->data, time_check->length), 0); + + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + asn_time = NULL; +#endif + + /* --- NULL parameter tests --- */ + XMEMSET(&crafted_time, 0, sizeof(crafted_time)); + crafted_time.type = ASN_UTC_TIME; + crafted_time.length = valid_utc_len; + XMEMCPY(crafted_time.data, valid_utc, valid_utc_len); + + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, &crafted_time)); + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, &crafted_time)); + ExpectNull(X509_get_notBefore(NULL)); + ExpectNull(X509_get_notAfter(NULL)); + ExpectNull(wolfSSL_X509_notBefore(NULL)); + ExpectNull(wolfSSL_X509_notAfter(NULL)); + + /* --- Malicious length > CTC_DATE_SIZE via set_notAfter --- + * The function blindly propagates t->length into the x509 struct. + * A fixed implementation would reject this or clamp to CTC_DATE_SIZE. */ + /* --- Length > CTC_DATE_SIZE is rejected by the bounds check --- */ + XMEMSET(&crafted_time, 0, sizeof(crafted_time)); + crafted_time.type = ASN_UTC_TIME; + crafted_time.length = 255; + XMEMCPY(crafted_time.data, valid_utc, valid_utc_len); + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), + WOLFSSL_FAILURE); + + crafted_time.length = 128; + ExpectIntEQ(wolfSSL_X509_set_notBefore(x, &crafted_time), + WOLFSSL_FAILURE); + + /* --- Negative length is rejected --- */ + crafted_time.length = -1; + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), + WOLFSSL_FAILURE); + + /* --- Fixed-size copy leaks sentinel bytes beyond valid length --- + * Even when t->length is correct (13 for UTCTime), XMEMCPY copies + * a full CTC_DATE_SIZE (32) bytes from the source. */ + XMEMSET(&crafted_time, 0, sizeof(crafted_time)); + crafted_time.type = ASN_UTC_TIME; + crafted_time.length = valid_utc_len; + XMEMCPY(crafted_time.data, valid_utc, valid_utc_len); + for (i = valid_utc_len; i < CTC_DATE_SIZE; i++) { + crafted_time.data[i] = 0xDE; + } + + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), WOLFSSL_SUCCESS); + ExpectNotNull(retrieved = X509_get_notAfter(x)); + ExpectBufEQ(retrieved->data, valid_utc, valid_utc_len); + for (i = valid_utc_len; i < CTC_DATE_SIZE; i++) { + ExpectIntEQ(retrieved->data[i], 0xDE); + } + + /* --- Boundary: length CTC_DATE_SIZE - 2 (accepted) --- */ + XMEMSET(&crafted_time, 0, sizeof(crafted_time)); + crafted_time.type = ASN_GENERALIZED_TIME; + crafted_time.length = CTC_DATE_SIZE - 2; + XMEMSET(crafted_time.data, 'A', CTC_DATE_SIZE - 2); + + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), + WOLFSSL_SUCCESS); + ExpectNotNull(retrieved = X509_get_notAfter(x)); + ExpectIntEQ(retrieved->length, CTC_DATE_SIZE - 2); + + /* wolfSSL_X509_notAfter must also succeed at this boundary */ + ExpectNotNull(raw = wolfSSL_X509_notAfter(x)); + + /* --- Boundary: length CTC_DATE_SIZE - 1 (rejected) --- */ + crafted_time.length = CTC_DATE_SIZE - 1; + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), + WOLFSSL_FAILURE); + + /* --- Boundary: length CTC_DATE_SIZE (rejected) --- */ + crafted_time.length = CTC_DATE_SIZE; + ExpectIntEQ(wolfSSL_X509_set_notAfter(x, &crafted_time), + WOLFSSL_FAILURE); + + X509_free(x); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_version(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + long v = 2L; + long maxInt = INT_MAX; + + ExpectNotNull(x509 = X509_new()); + /* These should pass. */ + ExpectTrue(wolfSSL_X509_set_version(x509, v)); + ExpectIntEQ(0, wolfSSL_X509_get_version(NULL)); + ExpectIntEQ(v, wolfSSL_X509_get_version(x509)); + /* Fail Case: When v(long) is greater than x509->version(int). */ + v = maxInt+1; + ExpectFalse(wolfSSL_X509_set_version(x509, v)); + + ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE); + + /* Cleanup */ + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_serialNumber(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + ASN1_INTEGER* a = NULL; + BIGNUM* bn = NULL; + X509* x509 = NULL; + X509* empty = NULL; + char *serialHex = NULL; + byte serial[3]; + int serialSz; + + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectNull(X509_get_serialNumber(NULL)); + ExpectNotNull(X509_get_serialNumber(empty)); + ExpectNotNull(a = X509_get_serialNumber(x509)); + + /* check on value of ASN1 Integer */ + ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); + a = NULL; + + /* test setting serial number and then retrieving it */ + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1); + ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL), + BAD_FUNC_ARG); + serialSz = 0; + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + BUFFER_E); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + ExpectIntEQ(serial[0], 3); + ASN1_INTEGER_free(a); + a = NULL; + + /* test setting serial number with 0's in it */ + serial[0] = 0x01; + serial[1] = 0x00; + serial[2] = 0x02; + + ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); + if (a != NULL) { + a->data[0] = ASN_INTEGER; + a->data[1] = sizeof(serial); + XMEMCPY(&a->data[2], serial, sizeof(serial)); + a->length = sizeof(serial) + 2; + } + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + + XMEMSET(serial, 0, sizeof(serial)); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 3); + ExpectIntEQ(serial[0], 0x01); + ExpectIntEQ(serial[1], 0x00); + ExpectIntEQ(serial[2], 0x02); + ASN1_INTEGER_free(a); + a = NULL; + + X509_free(x509); /* free's a */ + X509_free(empty); + + ExpectNotNull(serialHex = BN_bn2hex(bn)); +#ifndef WC_DISABLE_RADIX_ZERO_PAD + ExpectStrEQ(serialHex, "01"); +#else + ExpectStrEQ(serialHex, "1"); +#endif + OPENSSL_free(serialHex); + ExpectIntEQ(BN_get_word(bn), 1); + BN_free(bn); + /* hard test free'ing with dynamic buffer to make sure there is no leaks */ + ExpectNotNull(a = ASN1_INTEGER_new()); + if (a != NULL) { + ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, + DYNAMIC_TYPE_OPENSSL)); + a->isDynamic = 1; + ASN1_INTEGER_free(a); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_get_tbs(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && defined(OPENSSL_EXTRA) + WOLFSSL_X509* x509 = NULL; + const unsigned char* tbs; + int tbsSz; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); + ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + ExpectIntEQ(tbsSz, 1003); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ext_get_critical_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + WOLFSSL_X509* x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_alt_name), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_authority_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_key_usage), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_crl_distribution_points), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_ext_key_usage), 0); +#ifdef WOLFSSL_SEP + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_certificate_policies), 0); +#endif + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_info_access), 0); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_CRL_distribution_points(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_X509* x509 = NULL; + const char* file = "./certs/client-crl-dist.pem"; + + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL, + WC_NID_crl_distribution_points), 0); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 1); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_ip_asc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *empty = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + +#if 0 + /* TODO: add cert gen for testing positive case */ + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); +#endif + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_bad_altname(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + const unsigned char malformed_alt_name_cert[] = { + 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, + 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, + 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, + 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, + 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, + 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, + 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, + 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, + 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, + 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, + 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, + 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, + 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, + 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, + 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, + 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, + 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, + 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, + 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, + 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, + 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, + 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, + 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, + 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, + 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, + 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, + 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, + 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, + 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, + 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, + 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, + 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, + 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, + 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, + 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, + 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, + 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, + 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, + 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, + 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, + 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, + 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, + 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, + 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, + 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, + 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, + 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, + 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, + 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, + 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd + }; + + X509* x509 = NULL; + int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); + const char *name = "aaaaa"; + int nameLen = (int)XSTRLEN(name); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); + + /* malformed_alt_name_cert has a malformed alternative + * name of "a*\0*". Ensure that it does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), 1); + + X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match1(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, + 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, + 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, + 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, + 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, + 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, + 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, + 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, + 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, + 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, + 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, + 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, + 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, + 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, + 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, + 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, + 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, + 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, + 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, + 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, + 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, + 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, + 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, + 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, + 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, + 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, + 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, + 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, + 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, + 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, + 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, + 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, + 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, + 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, + 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, + 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, + 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, + 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, + 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, + 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, + 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, + 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, + 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, + 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, + 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, + 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, + 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "aaaaa"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "a"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "abbbb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "bbb"; + int nameLen4 = (int)(XSTRLEN(name4)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*" matches "aaaaa" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "a" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "abbbb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*' alt name does not have wildcard left-most */ + + /* Ensure that "a*" does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "a" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "abbbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a*b* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, + 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, + 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, + 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, + 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, + 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, + 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, + 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, + 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, + 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, + 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, + 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, + 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, + 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, + 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, + 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, + 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, + 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, + 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, + 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, + 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, + 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, + 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, + 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, + 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, + 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, + 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, + 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, + 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, + 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, + 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, + 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, + 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, + 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, + 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, + 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, + 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, + 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, + 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, + 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, + 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, + 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, + 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, + 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, + 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, + 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, + 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "ab"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "acccbccc"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "accb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "accda"; + int nameLen4 = (int)(XSTRLEN(name4)); + const char *name5 = "acc\0bcc"; + int nameLen5 = 7; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*b*" matches "ab" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "acccbccc" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "accb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" does not match "accda" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*b*' alt name does not have wildcard left-most */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication + * on check len input handling, 0 for len is OK as it should then use + * strlen(name1) */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Openssl also allows for len to include NULL terminator */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that check string with NULL terminator in middle is + * rejected */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_name_match3(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name *.example.com */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, + 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, + 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, + 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, + 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, + 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, + 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, + 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, + 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, + 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, + 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, + 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, + 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, + 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, + 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, + 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, + 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, + 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, + 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, + 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, + 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, + 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, + 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, + 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, + 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, + 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, + 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, + 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, + 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, + 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, + 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, + 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, + 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, + 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, + 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, + 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, + 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, + 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, + 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, + 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, + 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, + 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, + 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, + 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, + 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, + 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "foo.example.com"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "x.y.example.com"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "example.com"; + int nameLen3 = (int)(XSTRLEN(name3)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "*.example.com" matches "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_max_altnames(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) + + /* Only test if max alt names has not been modified */ +#if WOLFSSL_MAX_ALT_NAMES <= 1024 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate encoded with 130 subject alternative names */ + const char* over_max_altnames_cert = \ + "./certs/test/cert-over-max-altnames.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, + over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), + WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_max_name_constraints(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + + /* Only test if max name constraints has not been modified */ +#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate with 130 name constraints */ + const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, + NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif + +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_check_ca(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0); + if (x509 != NULL) { + x509->extKeyUsageCrit = 1; + } + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_X509_get_signature_nid(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* x509 = NULL; + + ExpectIntEQ(X509_get_signature_nid(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file1 = XBADFILE; + XFILE file2 = XBADFILE; + WOLFSSL_X509* cert1 = NULL; + WOLFSSL_X509* cert2 = NULL; + WOLFSSL_X509* empty = NULL; + + ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) != + XBADFILE); + + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); + if (file1 != XBADFILE) + fclose(file1); + if (file2 != XBADFILE) + fclose(file2); + + ExpectNotNull(empty = wolfSSL_X509_new()); + + /* wolfSSL_X509_cmp() testing matching certs */ + ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); + + /* wolfSSL_X509_cmp() testing mismatched certs */ + ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); + + /* wolfSSL_X509_cmp() testing NULL, valid args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2)); + + /* wolfSSL_X509_cmp() testing valid, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL)); + + /* wolfSSL_X509_cmp() testing NULL, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL)); + + /* wolfSSL_X509_cmp() testing empty cert */ + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2)); + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty)); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(cert2); + wolfSSL_X509_free(cert1); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,88 @@ +/* test_ossl_x509.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_H +#define WOLFCRYPT_TEST_OSSL_X509_H + +#include + +int test_x509_get_key_id(void); +int test_wolfSSL_X509_get_version(void); +int test_wolfSSL_X509_cmp_time(void); +int test_wolfSSL_X509_time_adj(void); +int test_wolfSSL_X509_NID(void); +int test_wolfSSL_i2d_X509_NAME_canon(void); +int test_wolfSSL_X509_subject_name_hash(void); +int test_wolfSSL_X509_issuer_name_hash(void); +int test_wolfSSL_X509_check_host(void); +int test_wolfSSL_X509_check_email(void); +int test_wolfSSL_X509(void); +int test_wolfSSL_X509_get0_tbs_sigalg(void); +int test_wolfSSL_X509_set_name(void); +int test_wolfSSL_X509_set_notAfterBefore(void); +int test_wolfSSL_X509_set_version(void); +int test_wolfSSL_X509_get_serialNumber(void); +int test_wolfSSL_get_tbs(void); +int test_wolfSSL_X509_ext_get_critical_by_NID(void); +int test_wolfSSL_X509_CRL_distribution_points(void); +int test_wolfSSL_X509_check_ip_asc(void); +int test_wolfSSL_X509_bad_altname(void); +int test_wolfSSL_X509_name_match1(void); +int test_wolfSSL_X509_name_match2(void); +int test_wolfSSL_X509_name_match3(void); +int test_wolfSSL_X509_max_altnames(void); +int test_wolfSSL_X509_max_name_constraints(void); +int test_wolfSSL_X509_check_ca(void); +int test_X509_get_signature_nid(void); +int test_wolfSSL_X509_cmp(void); + +#define TEST_OSSL_X509_DECLS \ + TEST_DECL_GROUP("ossl_x509", test_x509_get_key_id), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get_version), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_cmp_time), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_time_adj), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_NID), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_i2d_X509_NAME_canon), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_subject_name_hash), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_issuer_name_hash), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_host), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_email), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get0_tbs_sigalg), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_name), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_notAfterBefore), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_set_version), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_get_serialNumber), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_get_tbs), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_ext_get_critical_by_NID), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_CRL_distribution_points), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_ip_asc), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_bad_altname), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match1), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match2), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_name_match3), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_max_altnames), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_max_name_constraints), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_check_ca), \ + TEST_DECL_GROUP("ossl_x509", test_X509_get_signature_nid), \ + TEST_DECL_GROUP("ossl_x509", test_wolfSSL_X509_cmp) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,535 @@ +/* test_ossl_x509_acert.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) +/* Given acert file and its pubkey file, read them and then + * attempt to verify signed acert. + * + * If expect_pass is true, then verification should pass. + * If expect_pass is false, then verification should fail. + * */ +static int do_acert_verify_test(const char * acert_file, + const char * pkey_file, + size_t expect_pass) +{ + X509_ACERT * x509 = NULL; + EVP_PKEY * pkey = NULL; + BIO * bp = NULL; + int verify_rc = 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + if (bp == NULL) { + return -1; + } + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (x509 == NULL) { + return -1; + } + + /* Next read the associated pub key. */ + bp = BIO_new_file(pkey_file, "r"); + + if (bp == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (pkey == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + /* Finally, do verification. */ + verify_rc = X509_ACERT_verify(x509, pkey); + + X509_ACERT_free(x509); + x509 = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; + + if (expect_pass && verify_rc != 1) { + return -1; + } + + if (!expect_pass && verify_rc == 1) { + return -1; + } + + return 0; +} +#endif + +int test_wolfSSL_X509_ACERT_verify(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + /* Walk over list of signed ACERTs and their pubkeys. + * All should load and pass verification. */ + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + const char * pkeys[4] = {"certs/acert/acert_pubkey.pem", + "certs/acert/acert_ietf_pubkey.pem", + "certs/acert/rsa_pss/acert_pubkey.pem", + "certs/acert/rsa_pss/acert_ietf_pubkey.pem"}; + int rc = 0; + size_t i = 0; + size_t j = 0; + + for (i = 0; i < 4; ++i) { + for (j = i; j < 4; ++j) { + rc = do_acert_verify_test(acerts[i], pkeys[j], i == j); + + if (rc) { + fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n", + "do_acert_verify_test", i, j, rc); + break; + } + } + + if (rc) { break; } + } + + ExpectIntEQ(rc, 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ACERT_misc_api(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + int rc = 0; + X509_ACERT * x509 = NULL; + BIO * bp = NULL; + long ver_long = 0; + int ver = 0; + int nid = 0; + const byte * raw_attr = NULL; + word32 attr_len = 0; + size_t i = 0; + int buf_len = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + + for (i = 0; i < 4; ++i) { + const char * acert_file = acerts[i]; + int is_rsa_pss = 0; + int is_ietf_acert = 0; + byte serial[64]; + int serial_len = sizeof(serial); + + XMEMSET(serial, 0, sizeof(serial)); + + is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0; + is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + ExpectNotNull(bp); + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + ExpectNotNull(x509); + + /* We're done with the bio for now. */ + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + + /* Check version and signature NID. */ + ver_long = X509_ACERT_get_version(x509); + ExpectIntEQ(ver_long, 1); + + ver = wolfSSL_X509_ACERT_version(x509); + ExpectIntEQ(ver, 2); + + nid = X509_ACERT_get_signature_nid(x509); + + if (is_rsa_pss) { + ExpectIntEQ(nid, NID_rsassaPss); + } + else { + ExpectIntEQ(nid, NID_sha256WithRSAEncryption); + } + + /* Get the serial number buffer. + * The ietf acert example has a 20 byte serial number. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Repeat the same but with null serial buffer. This is ok. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + } + else { + /* This cert has a 237 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 237); + } + + /* Test printing acert to memory bio. */ + ExpectNotNull(bp = BIO_new(BIO_s_mem())); + rc = X509_ACERT_print(bp, x509); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* Now do a bunch of invalid stuff with partially valid inputs. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + ver_long = X509_ACERT_get_version(NULL); + ExpectIntEQ(ver_long, 0); + + ver = wolfSSL_X509_ACERT_version(NULL); + ExpectIntEQ(ver, 0); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len); + ExpectIntEQ(rc, SSL_SUCCESS); + ExpectIntEQ(buf_len, 256); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = X509_ACERT_print(bp, NULL); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + rc = X509_ACERT_print(NULL, x509); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + /* Finally free the acert and bio, we're done with them. */ + if (x509 != NULL) { + X509_ACERT_free(x509); + x509 = NULL; + } + + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_ACERT_buffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + X509_ACERT * x509 = NULL; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte serial[64]; + int serial_len = sizeof(serial); + const byte * raw_attr = NULL; + word32 attr_len = 0; + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, + sizeof(acert_ietf), + WOLFSSL_FILETYPE_PEM, + HEAP_HINT); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } +#endif + return EXPECT_RESULT(); +} + +/* note: when ACERT generation and signing are implemented, + * this test will be filled out appropriately. + * */ +int test_wolfSSL_X509_ACERT_new_and_sign(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + X509_ACERT * x509 = NULL; + int rc = 0; + + x509 = X509_ACERT_new(); + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + + /* Same but with static memory hint. */ + x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT); + ExpectNotNull(x509); + + #ifndef NO_WOLFSSL_STUB + /* ACERT sign not implemented yet. */ + if (x509 != NULL) { + rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED); + } + #else + (void) rc; + #endif /* NO_WOLFSSL_STUB */ + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +/* Test ACERT support, but with ASN functions only. + * + * This example acert_ietf has both Holder IssuerSerial + * and Holder entityName fields. + * */ +int test_wolfSSL_X509_ACERT_asn(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + int rc = 0; + int n_diff = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x02, 0x43, 0x41}; + byte holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x65, 0x78, + 0x61, 0x6d, 0x70, 0x6c, 0x65}; + DerBuffer * der = NULL; + WC_DECLARE_VAR(acert, DecodedAcert, 1, 0); + + rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, + HEAP_HINT, NULL, NULL); + + ExpectIntEQ(rc, 0); + ExpectNotNull(der); + + if (der != NULL) { + ExpectNotNull(der->buffer); + } + +#ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, + DYNAMIC_TYPE_DCERT); + ExpectNotNull(acert); +#else + XMEMSET(acert, 0, sizeof(DecodedAcert)); +#endif + + if (der != NULL && der->buffer != NULL +#ifdef WOLFSSL_SMALL_STACK + && acert != NULL +#endif + ) { + wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); + rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + ExpectIntEQ(rc, 0); + + ExpectIntEQ(acert->serialSz, 20); + ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), + 0); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(acert->rawAttr); + ExpectIntEQ(acert->rawAttrLen, 65); + + ExpectNotNull(acert->holderIssuerName); + ExpectNotNull(acert->holderEntityName); + + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL)) { + ExpectNotNull(acert->holderEntityName->name); + ExpectNotNull(acert->holderIssuerName->name); + } + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL) && + (acert->holderIssuerName->name != NULL) && + (acert->holderEntityName->name != NULL)) { + ExpectIntEQ(acert->holderIssuerName->len, + sizeof(holderIssuerName)); + ExpectIntEQ(acert->holderEntityName->len, + sizeof(holderEntityName)); + + ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE); + ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE); + + n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName, + sizeof(holderIssuerName)); + ExpectIntEQ(n_diff, 0); + + n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName, + sizeof(holderEntityName)); + ExpectIntEQ(n_diff, 0); + } + + wc_FreeDecodedAcert(acert); + } + +#ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) { + XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); + acert = NULL; + } +#endif + + if (der != NULL) { + wc_FreeDer(&der); + der = NULL; + } + +#endif + return EXPECT_RESULT(); +} + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_acert.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,40 @@ +/* test_ossl_x509_acert.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_ACERT_H +#define WOLFCRYPT_TEST_OSSL_X509_ACERT_H + +#include + +int test_wolfSSL_X509_ACERT_verify(void); +int test_wolfSSL_X509_ACERT_misc_api(void); +int test_wolfSSL_X509_ACERT_buffer(void); +int test_wolfSSL_X509_ACERT_new_and_sign(void); +int test_wolfSSL_X509_ACERT_asn(void); + +#define TEST_OSSL_X509_ACERT_DECLS \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_verify), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_misc_api), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_buffer), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_new_and_sign), \ + TEST_DECL_GROUP("ossl_x509_acert", test_wolfSSL_X509_ACERT_new_and_sign) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_ACERT_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,782 @@ +/* test_ossl_x509_crypto.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +int test_wolfSSL_X509_check_private_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \ + !defined(NO_FILESYSTEM) + X509* x509 = NULL; + EVP_PKEY* pkey = NULL; + const byte* key; + + /* Check with correct key */ + ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + key = client_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_client_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 1); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Check with wrong key */ + key = server_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 0); + + /* test for incorrect parameter */ + ExpectIntEQ(X509_check_private_key(NULL, pkey), 0); + ExpectIntEQ(X509_check_private_key(x509, NULL), 0); + ExpectIntEQ(X509_check_private_key(NULL, NULL), 0); + + EVP_PKEY_free(pkey); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_verify(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(OPENSSL_EXTRA) + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* serv = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + unsigned char buf[2048]; + const unsigned char* pt = NULL; + int bufSz = 0; + + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(bufSz, 294); + + bufSz--; + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); + + + ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + + /* success case */ + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + + ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); + + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + /* fail case */ + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), + WOLFSSL_SUCCESS); + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL)); + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv)); +#endif + + wolfSSL_EVP_PKEY_free(pkey); + + wolfSSL_FreeX509(ca); + wolfSSL_FreeX509(serv); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) + int ret = 0; + char *cn = NULL; + word32 cnSz = 0; + X509_NAME *name = NULL; + X509_NAME *emptyName = NULL; + X509 *x509 = NULL; + X509 *ca = NULL; + DecodedCert dCert; + EVP_PKEY *pub = NULL; + EVP_PKEY *priv = NULL; + EVP_MD_CTX *mctx = NULL; +#if defined(USE_CERT_BUFFERS_1024) + const unsigned char* rsaPriv = client_key_der_1024; + const unsigned char* rsaPub = client_keypub_der_1024; + const unsigned char* certIssuer = client_cert_der_1024; + long clientKeySz = (long)sizeof_client_key_der_1024; + long clientPubKeySz = (long)sizeof_client_keypub_der_1024; + long certIssuerSz = (long)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* rsaPriv = client_key_der_2048; + const unsigned char* rsaPub = client_keypub_der_2048; + const unsigned char* certIssuer = client_cert_der_2048; + long clientKeySz = (long)sizeof_client_key_der_2048; + long clientPubKeySz = (long)sizeof_client_keypub_der_2048; + long certIssuerSz = (long)sizeof_client_cert_der_2048; +#endif + byte sn[16]; + int snSz = sizeof(sn); + int sigSz = 0; +#ifndef NO_WOLFSSL_STUB + const WOLFSSL_ASN1_BIT_STRING* sig = NULL; + const WOLFSSL_X509_ALGOR* alg = NULL; +#endif + + /* Set X509_NAME fields */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); + + /* Get private and public keys */ + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, + clientKeySz)); + ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0); + /* Set version 3 */ + ExpectIntNE(X509_set_version(x509, 2L), 0); + /* Set subject name, add pubkey, and sign certificate */ + ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); +#ifdef WOLFSSL_ALT_NAMES + ExpectNull(wolfSSL_X509_get_next_altname(NULL)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + + /* Add some subject alt names */ + ExpectIntNE(wolfSSL_X509_add_altname(NULL, + "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + NULL, ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "sphygmomanometer", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "supercalifragilisticexpialidocious", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", + ASN_DNS_TYPE), SSL_SUCCESS); +#ifdef WOLFSSL_IP_ALT_NAME + { + unsigned char ip4_type[] = {127,128,0,255}; + unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, + 0xff, 0xee, 0x99, 0x88, + 0x77, 0x66, 0x55, 0x44, + 0x00, 0x33, 0x22, 0x11}; + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, + sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, + sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); + } +#endif + + { + int i; + + if (x509 != NULL) { + x509->altNamesNext = x509->altNames; + } +#ifdef WOLFSSL_IP_ALT_NAME + /* No names in IP address. */ + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#endif + for (i = 0; i < 3; i++) { + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); + } + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); +#endif + } +#endif /* WOLFSSL_ALT_NAMES */ + + { + ASN1_UTCTIME* infinite_past = NULL; + ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); + ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); + ASN1_UTCTIME_free(infinite_past); + } + + /* test valid sign case */ + ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); + /* test getting signature */ +#ifndef NO_WOLFSSL_STUB + wolfSSL_X509_get0_signature(&sig, &alg, x509); +#endif + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz), + WOLFSSL_SUCCESS); + ExpectIntGT(sigSz, 0); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz), + WOLFSSL_FATAL_ERROR); + sigSz = 0; + ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz), + WOLFSSL_FATAL_ERROR); + + /* test valid X509_sign_ctx case */ + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); + ExpectIntGT(X509_sign_ctx(x509, mctx), 0); + +#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) + ExpectIntEQ(X509_get_ext_count(x509), 1); +#endif +#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, + "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); +#endif + + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), + WOLFSSL_SUCCESS); + DEBUG_WRITE_CERT_X509(x509, "signed.pem"); + + /* Variation in size depends on ASN.1 encoding when MSB is set. + * WOLFSSL_ASN_TEMPLATE code does not generate a serial number + * with the MSB set. See GenerateInteger in asn.c */ +#ifndef USE_CERT_BUFFERS_1024 +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 781-786 with 16 byte serial number */ + ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); +#elif defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 955-960 with 16 byte serial number */ + ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); +#else + /* Valid case - size should be 926-931 with 16 byte serial number */ + ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); +#endif +#else +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 537-542 with 16 byte serial number */ + ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); +#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 695-670 with 16 byte serial number */ + ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); +#else + /* Valid case - size should be 666-671 with 16 byte serial number */ + ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); +#endif +#endif + /* check that issuer name is as expected after signature */ + InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); + ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); + + ExpectNotNull(emptyName = X509_NAME_new()); + ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); + ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1); + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz)); + ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn); + ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn); + ExpectNull(X509_NAME_oneline(emptyName, NULL, 0)); + ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn); + ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + +#if defined(XSNPRINTF) + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0)); + ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0)); + ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz)); + ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1)); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; +#endif + X509_NAME_free(emptyName); + +#ifdef WOLFSSL_MULTI_ATTRIB + /* test adding multiple OU's to the signer */ + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); + ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0); +#endif + + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); + + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull(name = X509_get_issuer_name(x509)); + cnSz = X509_NAME_get_sz(name); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); + /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ + ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + + FreeDecodedCert(&dCert); + + /* Test invalid parameters */ + ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, priv, NULL), 0); + + ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0); + EVP_MD_CTX_free(mctx); + mctx = NULL; + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(X509_sign_ctx(x509, mctx), 0); + ExpectIntEQ(X509_sign_ctx(x509, NULL), 0); + + /* test invalid version number */ +#if defined(OPENSSL_ALL) + ExpectIntNE(X509_set_version(x509, 6L), 0); + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + + /* uses ParseCert which fails on bad version number */ + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(priv); + EVP_PKEY_free(pub); + X509_free(x509); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_sign2(void) +{ + EXPECT_DECLS; + /* test requires WOLFSSL_AKID_NAME to match expected output */ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ + (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_IP_ALT_NAME)) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + const unsigned char *der = NULL; + const unsigned char *pt = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME *name = NULL; + int derSz; +#ifndef NO_ASN_TIME + WOLFSSL_ASN1_TIME *notBefore = NULL; + WOLFSSL_ASN1_TIME *notAfter = NULL; + + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + time_t t; +#endif + + const unsigned char expected[] = { + 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, 0x16, + 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, + 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, + 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, + 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, + 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, + 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, + 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, + 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, + 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, + 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, + 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, + 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, + 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, + 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, + 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, + 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, + 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, + 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, + 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, + 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, + 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, + 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, + 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, + 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, + 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, + 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, + 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x82, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, + 0x16, 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, + 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x2F, 0x9F, 0x83, 0x05, 0x15, 0x1E, 0x5D, 0x7C, 0x22, + 0x12, 0x20, 0xEE, 0x07, 0x35, 0x25, 0x39, 0xDD, 0x34, 0x06, 0xD3, 0x89, + 0x31, 0x51, 0x8B, 0x9A, 0xE5, 0xE8, 0x60, 0x30, 0x07, 0x7A, 0xBB, 0x17, + 0xB9, 0x54, 0x72, 0x83, 0xA2, 0x1F, 0x62, 0xE0, 0x18, 0xAC, 0x93, 0x5E, + 0x63, 0xC7, 0xDD, 0x12, 0x58, 0x96, 0xC7, 0x90, 0x8B, 0x12, 0x50, 0xD2, + 0x60, 0x0E, 0x24, 0x07, 0x53, 0x55, 0xD7, 0x8E, 0xC9, 0x56, 0x12, 0x28, + 0xD8, 0xFD, 0x47, 0xE3, 0x13, 0xFB, 0x3C, 0xD6, 0x3D, 0x82, 0x09, 0x7E, + 0x10, 0x19, 0xE1, 0xCD, 0xCC, 0x4C, 0x78, 0xDF, 0xE5, 0xFB, 0x2C, 0x8C, + 0x88, 0xF7, 0x5B, 0x99, 0x93, 0xC6, 0xC7, 0x22, 0xA5, 0xFA, 0x76, 0x6C, + 0xE9, 0xBC, 0x69, 0xBA, 0x02, 0x82, 0x18, 0xAF, 0x47, 0xD0, 0x9C, 0x5F, + 0xED, 0xAE, 0x5A, 0x95, 0x59, 0x78, 0x86, 0x24, 0x22, 0xB6, 0x81, 0x03, + 0x58, 0x9A, 0x14, 0x93, 0xDC, 0x24, 0x58, 0xF3, 0xD2, 0x6C, 0x8E, 0xD2, + 0x6D, 0x8B, 0xE8, 0x4E, 0xC6, 0xA0, 0x2B, 0x0D, 0xDB, 0x1A, 0x76, 0x28, + 0xA9, 0x8D, 0xFB, 0x51, 0xA6, 0xF0, 0x82, 0x30, 0xEE, 0x78, 0x1C, 0x71, + 0xA8, 0x11, 0x8A, 0xA5, 0xC3, 0x91, 0xAB, 0x9A, 0x46, 0xFF, 0x8D, 0xCD, + 0x82, 0x3F, 0x5D, 0xB6, 0x28, 0x46, 0x6D, 0x66, 0xE2, 0xEE, 0x1E, 0x82, + 0x0D, 0x1A, 0x74, 0x87, 0xFB, 0xFD, 0x96, 0x26, 0x50, 0x09, 0xEC, 0xA7, + 0x73, 0x89, 0x43, 0x3B, 0x42, 0x2D, 0xA9, 0x6B, 0x0F, 0x61, 0x81, 0x97, + 0x11, 0x71, 0xF9, 0xDB, 0x9B, 0x69, 0x4B, 0x6E, 0xD3, 0x7D, 0xDA, 0xC6, + 0x61, 0x9F, 0x39, 0x87, 0x53, 0x52, 0xA8, 0x4D, 0xAD, 0x80, 0x29, 0x6C, + 0x19, 0xF0, 0x8D, 0xB1, 0x0D, 0x4E, 0xFB, 0x1B, 0xB7, 0xF1, 0x85, 0x49, + 0x08, 0x2A, 0x94, 0xD0, 0x4E, 0x0B, 0x8F + }; + + pt = ca_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + sizeof_ca_key_der_2048)); + + pt = client_cert_der_2048; + ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, + sizeof_client_cert_der_2048)); + + pt = ca_cert_der_2048; + ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + +#ifndef NO_ASN_TIME + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; + ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); + ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); + ExpectIntEQ(notAfter->length, 13); + + ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); + ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter)); +#endif + + ExpectNull(wolfSSL_X509_notBefore(NULL)); + ExpectNotNull(wolfSSL_X509_notBefore(x509)); + ExpectNull(wolfSSL_X509_notAfter(NULL)); + ExpectNotNull(wolfSSL_X509_notAfter(x509)); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + + ExpectIntEQ(derSz, sizeof(expected)); +#ifndef NO_ASN_TIME + ExpectIntEQ(XMEMCMP(der, expected, derSz), 0); +#endif + wolfSSL_X509_free(ca); + wolfSSL_X509_free(x509); + wolfSSL_EVP_PKEY_free(priv); +#ifndef NO_ASN_TIME + wolfSSL_ASN1_TIME_free(notBefore); + wolfSSL_ASN1_TIME_free(notAfter); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_make_cert(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) + int ret = 0; + Cert cert; + CertName name; + RsaKey key; + WC_RNG rng; + byte der[FOURK_BUF]; + word32 idx = 0; + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + +#ifdef OPENSSL_EXTRA + const unsigned char* pt = NULL; + int certSz = 0; + X509* x509 = NULL; + X509_NAME* x509name = NULL; + X509_NAME_ENTRY* entry = NULL; + ASN1_STRING* entryValue = NULL; +#endif + + XMEMSET(&name, 0, sizeof(CertName)); + + /* set up cert name */ + XMEMCPY(name.country, "US", sizeof("US")); + name.countryEnc = CTC_PRINTABLE; + XMEMCPY(name.state, "Oregon", sizeof("Oregon")); + name.stateEnc = CTC_UTF8; + XMEMCPY(name.locality, "Portland", sizeof("Portland")); + name.localityEnc = CTC_UTF8; + XMEMCPY(name.sur, "Test", sizeof("Test")); + name.surEnc = CTC_UTF8; + XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); + name.orgEnc = CTC_UTF8; + XMEMCPY(name.unit, "Development", sizeof("Development")); + name.unitEnc = CTC_UTF8; + XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); + name.commonNameEnc = CTC_UTF8; + XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); + name.serialDevEnc = CTC_PRINTABLE; + XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); + name.userIdEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_MULTI_ATTRIB + #if CTC_MAX_ATTRIB > 2 + { + NameAttrib* n; + n = &name.name[0]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("com"); + XMEMCPY(n->value, "com", sizeof("com")); + + n = &name.name[1]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("wolfssl"); + XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); + } + #endif +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + /* load test RSA key */ + idx = 0; +#if defined(USE_CERT_BUFFERS_1024) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, + sizeof_server_key_der_1024), 0); +#elif defined(USE_CERT_BUFFERS_2048) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + sizeof_server_key_der_2048), 0); +#else + /* error case, no RSA key loaded, happens later */ + (void)idx; +#endif + + XMEMSET(&cert, 0 , sizeof(Cert)); + ExpectIntEQ(wc_InitCert(&cert), 0); + + XMEMCPY(&cert.subject, &name, sizeof(CertName)); + XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); + cert.serialSz = (int)sizeof(mySerial); + cert.isCA = 1; +#ifndef NO_SHA256 + cert.sigType = CTC_SHA256wRSA; +#else + cert.sigType = CTC_SHAwRSA; +#endif + + /* add SKID from the Public Key */ + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); + + /* add AKID from the Public Key */ + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntGT(ret, 0); + +#ifdef OPENSSL_EXTRA + /* der holds a certificate with DC's now check X509 parsing of it */ + certSz = ret; + pt = der; + ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz)); + ExpectNotNull(x509name = X509_get_subject_name(x509)); +#ifdef WOLFSSL_MULTI_ATTRIB + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), -1); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + /* compare DN at index 0 */ + ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), 2); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); + +#ifndef WOLFSSL_MULTI_ATTRIB + /* compare Serial Number */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, + -1)), 7); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); +#endif + +#ifdef WOLFSSL_MULTI_ATTRIB + /* get first and second DC and compare result */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); + + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectNull(X509_NAME_get_entry(NULL, 0)); + /* try invalid index locations for regression test and sanity check */ + ExpectNull(X509_NAME_get_entry(x509name, 11)); + ExpectNull(X509_NAME_get_entry(x509name, 20)); + + X509_free(x509); +#endif /* OPENSSL_EXTRA */ + + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_crypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,40 @@ +/* test_ossl_x509_crypto.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H +#define WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H + +#include + +int test_wolfSSL_X509_check_private_key(void); +int test_wolfSSL_X509_verify(void); +int test_wolfSSL_X509_sign(void); +int test_wolfSSL_X509_sign2(void); +int test_wolfSSL_make_cert(void); + +#define TEST_OSSL_X509_CRYPTO_DECLS \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_check_private_key), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_verify), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_X509_sign2), \ + TEST_DECL_GROUP("ossl_x509_crypto", test_wolfSSL_make_cert) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_CRYPTO_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2277 @@ +/* test_ossl_x509_ext.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + + +int test_wolfSSL_X509_get_extension_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + X509* x509 = NULL; + unsigned int extFlags; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + + ExpectIntEQ(X509_get_extension_flags(NULL), 0); + ExpectIntEQ(X509_get_key_usage(NULL), 0); + ExpectIntEQ(X509_get_extended_key_usage(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_extension_flags(x509), 0); + ExpectIntEQ(X509_get_key_usage(x509), -1); + ExpectIntEQ(X509_get_extended_key_usage(x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* client-int-cert.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT; + /* and the following extended key usage flags. */ + extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; + + ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) != + XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + X509_free(x509); + x509 = NULL; + + /* client-cert-ext.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN; + + ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + X509_free(x509); +#endif /* OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + int ret = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* foundExtension; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + /* wolfSSL_X509_get_ext() valid input */ + ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); + + /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, valid idx */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); + + ExpectNull(wolfSSL_X509_get0_extensions(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -1), 0); + ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20), + -1); + + /* Start search from last location (should fail) */ + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + rc), -1); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -2), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, + -1), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1); + + /* NID_ext_key_usage, check also its nid and oid */ + ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1), + -1); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext( + x509, rc))); + ExpectIntEQ(obj->nid, NID_ext_key_usage); + ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_subj_alt_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* sanString = NULL; + byte* sanDer = NULL; + + const byte expectedDer[] = { + 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1); + ExpectNotNull(ext = X509_get_ext(x509, rc)); + ExpectNotNull(sanString = X509_EXTENSION_get_data(ext)); + ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); + ExpectNotNull(sanDer = ASN1_STRING_data(sanString)); + ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + XFILE f = XBADFILE; + int loc; + + ExpectNull(wolfSSL_X509_set_ext(NULL, 0)); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Location too small. */ + ExpectNull(wolfSSL_X509_set_ext(x509, -1)); + /* Location too big. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 1)); + /* No DER encoding. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 0)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + } + for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) { + ExpectNotNull(wolfSSL_X509_set_ext(x509, loc)); + } + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) +static int test_X509_add_basic_constraints(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + ASN1_INTEGER* pathLen = NULL; + + p = basicConsObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(basicConsObj))); + if (obj != NULL) { + obj->type = NID_basic_constraints; + } + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + if (obj != NULL) { + obj->ca = 0; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + if (ext != NULL && ext->obj != NULL) { + ext->obj->ca = 0; + ext->obj->pathlen = pathLen; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 0); + ExpectIntEQ(x509->pathLength, 2); + ExpectIntEQ(x509->pathLengthSet, 1); + if (ext != NULL && ext->obj != NULL) { + /* Add second time to without path length. */ + ext->obj->ca = 1; + ext->obj->pathlen = NULL; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 1); + ExpectIntEQ(x509->pathLength, 2); + ExpectIntEQ(x509->pathLengthSet, 1); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1); + ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f }; + const byte data[] = { 0x04, 0x02, 0x01, 0x80 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "digitalSignature,keyCertSign"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; + const byte data[] = { 0x04, 0x01, 0x01 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "serverAuth,codeSigning"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_ext_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_auth_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; + const byte data[] = { + 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, + 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, + 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, + 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, + 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, + 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, + 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c, + 0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a, + 0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44 + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_authority_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_subj_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e }; + const byte data[] = { + 0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, + 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b, + 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_subject_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} +#endif + +int test_wolfSSL_X509_add_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext_empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* data = NULL; + const byte* p; + const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; + const byte subjAltName[] = { + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01 + }; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Create extension: Subject Alternative Name */ + ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new()); + p = subjAltName; + ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(subjAltName))); + p = subjAltNameObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(subjAltNameObj))); + if (obj != NULL) { + obj->type = NID_subject_alt_name; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Add: Subject Alternative Name */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time to ensure no memory leaks. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_X509_EXTENSION_free(ext); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_ASN1_STRING_free(data); + wolfSSL_X509_EXTENSION_free(ext_empty); + + EXPECT_TEST(test_X509_add_basic_constraints(x509)); + EXPECT_TEST(test_X509_add_key_usage(x509)); + EXPECT_TEST(test_X509_add_ext_key_usage(x509)); + EXPECT_TEST(test_x509_add_auth_key_id(x509)); + EXPECT_TEST(test_x509_add_subj_key_id(x509)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_get_ext_count(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + int ret = 0; + WOLFSSL_X509* x509 = NULL; + const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; + XFILE f = XBADFILE; + + /* NULL parameter check */ + ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509_get_ext_count() valid input */ + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +/* Tests X509v3_get_ext_count, X509v3_get_ext_by_NID, and X509v3_get_ext + * working with a stack retrieved from wolfSSL_X509_get0_extensions(). + */ +int test_wolfSSL_X509_stack_extensions(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + const WOLFSSL_STACK* ext_stack = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + int idx = -1; + int count = 0; + XFILE f = XBADFILE; + + /* Load a certificate */ + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* Get the stack of extensions */ + ExpectNotNull(ext_stack = wolfSSL_X509_get0_extensions(x509)); + + /* Test X509v3_get_ext_count */ + ExpectIntGT((count = X509v3_get_ext_count(ext_stack)), 0); + + /* Test X509v3_get_ext_by_NID - find Basic Constraints extension */ + ExpectIntGE((idx = X509v3_get_ext_by_NID(ext_stack, NID_basic_constraints, + -1)), 0); + + /* Test X509v3_get_ext - get extension by index */ + ExpectNotNull(ext = X509v3_get_ext(ext_stack, idx)); + + /* Verify that the extension is the correct one */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(wolfSSL_X509_EXTENSION_get_object(ext)), + NID_basic_constraints); + + /* Test negative cases */ + ExpectIntEQ(X509v3_get_ext_by_NID(NULL, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + ExpectNull(X509v3_get_ext(NULL, 0)); + ExpectNull(X509v3_get_ext(ext_stack, -1)); + ExpectNull(X509v3_get_ext(ext_stack, count)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_new(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); + + wolfSSL_X509_EXTENSION_free(NULL); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_dup(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + + ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL)); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + + wolfSSL_X509_EXTENSION_free(dup); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_object(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + XFILE file = XBADFILE; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + + /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL)); + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(o->nid, SUBJ_KEY_OID); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + wolfSSL_X509_EXTENSION_free(dup); + + /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ + ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_data(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + XFILE file = XBADFILE; +#ifndef WOLFSSL_OLD_EXTDATA_FMT + const byte ext_data[] = { + 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, + 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, + 0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C, + }; +#endif + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL)); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + +#ifndef WOLFSSL_OLD_EXTDATA_FMT + ExpectIntEQ(str->length, sizeof (ext_data)); + ExpectBufEQ(str->data, ext_data, sizeof (ext_data)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_get_critical(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + XFILE file = XBADFILE; + int crit = 0; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509* empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_X509_EXTENSION* ext3 = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + int crit = 0; + WOLFSSL_ASN1_STRING* str = NULL; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str)); + ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit, + str)); + ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit, + str)); + if (ext3 == NULL) { + wolfSSL_X509_EXTENSION_free(ext2); + } + wolfSSL_X509_EXTENSION_free(ext3); + + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + wolfSSL_X509_free(empty); + empty = NULL; + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_set_ctx(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + defined(HAVE_CRL) + WOLFSSL_X509V3_CTX ctx; + WOLFSSL_X509* issuer = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509 req; + WOLFSSL_X509_CRL crl; + + XMEMSET(&ctx, 0, sizeof(ctx)); + ExpectNotNull(issuer = wolfSSL_X509_new()); + ExpectNotNull(subject = wolfSSL_X509_new()); + XMEMSET(&req, 0, sizeof(req)); + XMEMSET(&crl, 0, sizeof(crl)); + + wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1); + /* X509 allocated in context results in 'failure' (but not return). */ + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_get(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt =0; + int extNid = 0; + int i = 0; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + /* No object in extension. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* NID is zero. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + /* NID is not known. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = 1; + } + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + + /* NIDs not in certificate. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_certificate_policies; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_certificate_policies); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_crl_distribution_points; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_crl_distribution_points); + + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509V3_EXT_get() return struct and nid test */ + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + for (i = 0; i < numOfExt; i++) { + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectIntNE((extNid = ext->obj->nid), NID_undef); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, extNid); + if (EXPECT_SUCCESS()) { + if (method->ext_nid == NID_subject_key_identifier) { + ExpectNotNull(method->i2s); + } + } + } + + /* wolfSSL_X509V3_EXT_get() NULL argument test */ + ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_nconf(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + const char *ext_names[] = { + "subjectKeyIdentifier", + "authorityKeyIdentifier", + "subjectAltName", + "keyUsage", + "extendedKeyUsage", + }; + size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); + int ext_nids[] = { + NID_subject_key_identifier, + NID_authority_key_identifier, + NID_subject_alt_name, + NID_key_usage, + NID_ext_key_usage, + }; + size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); + const char *ext_values[] = { + "hash", + "hash", + "DNS:example.com, IP:127.0.0.1", + "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment," + "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly", + "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping," + "OCSPSigning", + }; + size_t i; + X509_EXTENSION* ext = NULL; + X509* x509 = NULL; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + WOLFSSL_CONF conf; + WOLFSSL_X509V3_CTX ctx; +#ifndef NO_WOLFSSL_STUB + WOLFSSL_LHASH lhash; +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL)); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL)); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0])); + + /* conf and ctx ignored. */ + ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0])); + + /* keyUsage / extKeyUsage should match string above */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT + | KU_DATA_ENCIPHERMENT + | KU_KEY_AGREEMENT + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN + | KU_ENCIPHER_ONLY + | KU_DECIPHER_ONLY; + extKeyUsageFlags = XKU_SSL_CLIENT + | XKU_SSL_SERVER + | XKU_CODE_SIGN + | XKU_SMIME + | XKU_TIMESTAMP + | XKU_OCSP_SIGN; + + for (i = 0; i < ext_names_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + /* Test adding extension to X509 */ + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + if (ext_nids[i] == NID_key_usage) { + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + } + else if (ext_nids[i] == NID_ext_key_usage) { + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + } + X509_EXTENSION_free(ext); + ext = NULL; + } + X509_free(x509); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL)); + wolfSSL_X509V3_set_ctx_nodb(NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_bc(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ASN1_INTEGER* pathLen = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + + if (obj != NULL) { + obj->type = NID_basic_constraints; + obj->nid = NID_basic_constraints; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + if ((ext != NULL) && (ext->obj != NULL)) { + ext->obj->pathlen = pathLen; + pathLen = NULL; + } + /* pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_san(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_subject_alt_name; + obj->nid = NID_subject_alt_name; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_sk_free(sk); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_aia(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + WOLFSSL_STACK* node = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_ASN1_OBJECT* entry = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_info_access; + obj->nid = NID_info_access; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set but empty. */ + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *) + wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_AUTHORITY_INFO_ACCESS_free(aia); + aia = NULL; + + ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new()); + if (entry != NULL) { + entry->nid = WC_NID_ad_OCSP; + entry->obj = (const unsigned char*)"http://127.0.0.1"; + entry->objSz = 16; + } + ExpectNotNull(node = wolfSSL_sk_new_node(NULL)); + if ((node != NULL) && (ext != NULL)) { + node->type = STACK_TYPE_OBJ; + node->data.obj = entry; + entry = NULL; + ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) { + node = NULL; + } + } + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *) + wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_ACCESS_DESCRIPTION_free(NULL); + + wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia, + wolfSSL_ACCESS_DESCRIPTION_free); + wolfSSL_ASN1_OBJECT_free(entry); + wolfSSL_sk_free(node); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt = 0, nid = 0, i = 0, expected, actual = 0; + char* str = NULL; + unsigned char* data = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_ASN1_OBJECT *obj = NULL; + WOLFSSL_ASN1_OBJECT *adObj = NULL; + WOLFSSL_ASN1_STRING* asn1str = NULL; + WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ACCESS_DESCRIPTION* ad = NULL; + WOLFSSL_GENERAL_NAME* gn = NULL; + + /* Check NULL argument */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL)); + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_ext_key_usage; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_certificate_policies; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_crl_distribution_points; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_subject_alt_name; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_OBJECT_free(obj); + obj = NULL; + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + /* Using OCSP cert with X509V3 extensions */ + ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + + /* Basic Constraints */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectIntEQ(bc->ca, 1); + ExpectNull(bc->pathlen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + i++; + + /* Subject Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); + ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, + asn1str)); + X509_EXTENSION_free(ext2); + ext2 = NULL; + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(method->i2s); + ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + i++; + + /* Authority Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); + + ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i( + ext)); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(asn1str = aKeyId->keyid); + ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, + asn1str)); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + wolfSSL_AUTHORITY_KEYID_free(aKeyId); + aKeyId = NULL; + i++; + + /* Key Usage */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); +#if defined(WOLFSSL_QT) + ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); +#endif + expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; + if (data != NULL) { + #ifdef BIG_ENDIAN_ORDER + actual = data[1]; + #else + actual = data[0]; + #endif + } + ExpectIntEQ(actual, expected); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected); + i++; + + /* Authority Info Access */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( + ext)); +#if defined(WOLFSSL_QT) + ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#else + ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#endif + /* URI entry is an ACCESS_DESCRIPTION type */ +#if defined(WOLFSSL_QT) + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); +#else + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); +#endif + ExpectNotNull(adObj = ad->method); + /* Make sure nid is OCSP */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); + + /* GENERAL_NAME stores URI as an ASN1_STRING */ + ExpectNotNull(gn = ad->location); + ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ + ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier); + ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); +#if defined(WOLFSSL_QT) + ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str)); +#endif + if (str != NULL) { + actual = strcmp(str, "http://127.0.0.1:22220"); + } + ExpectIntEQ(actual, 0); + + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0)); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1)); + ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0)); + wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); + aia = NULL; + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_delete_ext(x509, 0)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509V3_EXT_print(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ + !defined(NO_RSA) + + { + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + X509_EXTENSION * ext = NULL; + int loc = 0; + BIO *bio = NULL; + + ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + fclose(f); + + ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_basic_constraints, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0), + WOLFSSL_FAILURE); + /* Good case. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_subject_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_authority_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + wolfSSL_BIO_free(bio); + wolfSSL_X509_free(x509); + } + + { + X509 *x509 = NULL; + BIO *bio = NULL; + X509_EXTENSION *ext = NULL; + unsigned int i = 0; + unsigned int idx = 0; + /* Some NIDs to test with */ + int nids[] = { + /* NID_key_usage, currently X509_get_ext returns this as a bit + * string, which messes up X509V3_EXT_print */ + /* NID_ext_key_usage, */ + NID_subject_alt_name, + }; + int* n = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0); + + for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { + /* X509_get_ext_by_NID should return 3 for now. If that changes then + * update the index */ + ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); + ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); + ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); + ExpectIntGT(fprintf(stderr, "\n"), 0); + } + + BIO_free(bio); + X509_free(x509); + } + + { + BIO* bio = NULL; + X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + ExpectNotNull(ext = X509_EXTENSION_new()); + + /* No object. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE); + + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), + WOLFSSL_SUCCESS); + + /* NID not supported yet - just doesn't write anything. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = AUTH_INFO_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CERT_POLICY_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CRL_DIST_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + + ext->obj->nid = EXT_KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + } + + wolfSSL_ASN1_OBJECT_free(obj); + X509_EXTENSION_free(ext); + BIO_free(bio); + } +#endif + return EXPECT_RESULT(); +} + +/* + * Test retrieving Name Constraints extension via X509_get_ext_d2i. + * Tests basic retrieval of permitted and excluded subtrees, stack operations + * (num, value), GENERAL_NAME type and data extraction, free functions. + */ +int test_wolfSSL_X509_get_ext_d2i_name_constraints(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + GENERAL_SUBTREE* subtree = NULL; + GENERAL_NAME* gn = NULL; + int numPermitted = 0; + int numExcluded = 0; + int critical = -1; + + /* Test NULL input handling */ + ExpectNull(X509_get_ext_d2i(NULL, NID_name_constraints, NULL, NULL)); + + /* Test certificate without name constraints + * server-cert.pem does not have name constraints extension */ + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Should return NULL for certificate without name constraints */ + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + &critical, NULL); + ExpectNull(nc); + X509_free(x509); + x509 = NULL; + + /* Test certificate with permitted email name constraint. + * cert-ext-nc.pem has nameConstraints with permitted email */ + ExpectTrue((f = XFOPEN("./certs/test/cert-ext-nc.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + critical = -1; + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + &critical, NULL); + ExpectNotNull(nc); + + /* Verify critical flag is set (cert marks it critical) */ + ExpectIntEQ(critical, 1); + + /* Check permitted subtrees */ + if (nc != NULL) { + ExpectNotNull(nc->permittedSubtrees); + if (nc->permittedSubtrees != NULL) { + numPermitted = sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); + ExpectIntGT(numPermitted, 0); + + /* Get first permitted subtree */ + subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 0); + ExpectNotNull(subtree); + if (subtree != NULL) { + ExpectNotNull(subtree->base); + if (subtree->base != NULL) { + /* Check GENERAL_NAME type is GEN_EMAIL */ + gn = subtree->base; + ExpectIntEQ(gn->type, GEN_EMAIL); + + /* Verify email constraint value */ + ExpectNotNull(gn->d.ia5); + if (gn->d.ia5 != NULL) { + ExpectNotNull(gn->d.ia5->data); + ExpectIntGT(gn->d.ia5->length, 0); + } + } + } + } + + /* Check excluded subtrees, should be NULL or empty */ + if (nc->excludedSubtrees != NULL) { + numExcluded = sk_GENERAL_SUBTREE_num(nc->excludedSubtrees); + ExpectIntEQ(numExcluded, 0); + } + + /* Test out of bounds access */ + if (nc->permittedSubtrees != NULL) { + ExpectNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 100)); + } + } + + /* Test NULL stack handling, wolfSSL returns 0 */ + ExpectIntEQ(sk_GENERAL_SUBTREE_num(NULL), 0); + ExpectNull(sk_GENERAL_SUBTREE_value(NULL, 0)); + + NAME_CONSTRAINTS_free(nc); + nc = NULL; + X509_free(x509); + x509 = NULL; + + /* Test free functions with NULL */ + NAME_CONSTRAINTS_free(NULL); + wolfSSL_GENERAL_SUBTREE_free(NULL); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test sk_GENERAL_SUBTREE_num and sk_GENERAL_SUBTREE_value functions. + */ +int test_wolfSSL_sk_GENERAL_SUBTREE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + GENERAL_SUBTREE* subtree = NULL; + int num = 0; + int i; + + /* Load certificate with name constraints (cert-ext-nc.pem has 1 email) */ + ExpectTrue((f = XFOPEN("./certs/test/cert-ext-nc.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + + if (nc != NULL) { + ExpectNotNull(nc->permittedSubtrees); + if (nc->permittedSubtrees != NULL) { + /* Test sk_GENERAL_SUBTREE_num */ + num = sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); + ExpectIntGT(num, 0); + + /* Test sk_GENERAL_SUBTREE_value with valid indices */ + for (i = 0; i < num && i < 10; i++) { + subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); + ExpectNotNull(subtree); + if (subtree != NULL) { + ExpectNotNull(subtree->base); + } + } + + /* Test sk_GENERAL_SUBTREE_value at boundaries */ + ExpectNotNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 0)); + if (num > 0) { + ExpectNotNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, + num - 1)); + } + + /* Test invalid indices (out of bounds) */ + ExpectNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, num)); + ExpectNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, + num + 1)); + ExpectNull(sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 10000)); + } + } + + /* Test NULL stack - wolfSSL returns 0 */ + ExpectIntEQ(sk_GENERAL_SUBTREE_num(NULL), 0); + ExpectNull(sk_GENERAL_SUBTREE_value(NULL, 0)); + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test GENERAL_NAME types in Name Constraints. + * Verify that different GENERAL_NAME types (DNS, EMAIL, DIRNAME) are properly + * extracted from name constraints. + */ +int test_wolfSSL_NAME_CONSTRAINTS_types(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + GENERAL_SUBTREE* subtree = NULL; + GENERAL_NAME* gn = NULL; + + /* Test EMAIL type constraint from cert-ext-nc.pem */ + ExpectTrue((f = XFOPEN("./certs/test/cert-ext-nc.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + if (EXPECT_SUCCESS()) { + ExpectNotNull(nc->permittedSubtrees); + } + if (EXPECT_SUCCESS()) { + subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 0); + ExpectNotNull(subtree); + } + if (EXPECT_SUCCESS()) { + ExpectNotNull(subtree->base); + } + if (EXPECT_SUCCESS()) { + gn = subtree->base; + ExpectIntEQ(gn->type, GEN_EMAIL); + ExpectNotNull(gn->d.ia5); + } + if (EXPECT_SUCCESS()) { + ExpectNotNull(gn->d.ia5->data); + ExpectIntGT(gn->d.ia5->length, 0); + } + if (EXPECT_SUCCESS()) { + /* Constraint should contain "wolfssl.com" */ + ExpectNotNull(XSTRSTR((const char*)gn->d.ia5->data, "wolfssl.com")); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test URI type in Name Constraints. Verifies that GEN_URI type name + * constraints are properly extracted and stored as IA5STRING. + */ +int test_wolfSSL_NAME_CONSTRAINTS_uri(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + GENERAL_SUBTREE* subtree = NULL; + GENERAL_NAME* gn = NULL; + int i; + int numSubtrees; + int foundUri = 0; + + /* Test URI type constraint from cert-ext-nc-combined.pem + * This cert has both URI and DNS constraints */ + ExpectTrue((f = XFOPEN("./certs/test/cert-ext-nc-combined.pem", "rb")) + != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + if (EXPECT_SUCCESS()) { + ExpectNotNull(nc->permittedSubtrees); + } + /* Find the URI constraint by iterating through subtrees + * (wolfSSL may store them in a different order than in the cert) */ + if (EXPECT_SUCCESS()) { + numSubtrees = sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); + for (i = 0; i < numSubtrees; i++) { + subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, i); + if (subtree != NULL && subtree->base != NULL && + subtree->base->type == GEN_URI) { + gn = subtree->base; + foundUri = 1; + break; + } + } + ExpectIntEQ(foundUri, 1); + } + if (EXPECT_SUCCESS() && foundUri) { + ExpectNotNull(gn->d.ia5); + } + if (EXPECT_SUCCESS() && foundUri) { + ExpectNotNull(gn->d.ia5->data); + ExpectIntGT(gn->d.ia5->length, 0); + } + if (EXPECT_SUCCESS() && foundUri) { + /* Constraint should contain "wolfssl.com" */ + ExpectNotNull(XSTRSTR((const char*)gn->d.ia5->data, "wolfssl.com")); + } + + /* Test URI constraint matching with NAME_CONSTRAINTS_check_name + * Constraint is ".wolfssl.com" (leading dot), matches subdomains only */ + if (EXPECT_SUCCESS()) { + /* Full URIs with subdomain hosts - should match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://www.wolfssl.com/path", 28), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "http://sub.wolfssl.com", 22), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://a.b.c.wolfssl.com:8080/path?q=1", 39), 1); + + /* Exact domain, should not match .wolfssl.com per RFC 5280 */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://wolfssl.com/", 20), 0); + + /* Different domains, should not match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://www.example.com/", 24), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://fakewolfssl.com/", 24), 0); + + /* URI with userinfo, should extract host correctly */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://user@www.wolfssl.com/", 29), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://user:pass@www.wolfssl.com/path", 38), 1); + + /* IPv6 literal URIs, host extracted without brackets. + * These don't match .wolfssl.com constraint (different host type) */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://[::1]:8080/path", 23), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://[2001:db8::1]/", 22), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://[fe80::1%25eth0]:443/", 29), 0); + + /* IPv6 with userinfo */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://user@[::1]:8080/", 24), 0); + + /* Malformed IPv6 (missing closing bracket), should fail */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "https://[::1/path", 17), 0); + + /* Invalid URIs, should fail */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "not-a-uri", 9), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_URI, + "://no-scheme", 12), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test IP address type in Name Constraints. + * Verifies that GEN_IPADD type name constraints are properly extracted + * and contain the raw IP bytes in OCTET_STRING format. + * Format: [IP bytes][subnet mask bytes] (8 bytes for IPv4, 32 for IPv6) + */ +int test_wolfSSL_NAME_CONSTRAINTS_ipaddr(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + GENERAL_SUBTREE* subtree = NULL; + GENERAL_NAME* gn = NULL; + int numPermitted = 0; + int critical = -1; + + /* Test IP address type constraint from cert-ext-ncip.pem + * This cert has permitted IP: 192.168.1.0/255.255.255.0 */ + if ((f = XFOPEN("./certs/test/cert-ext-ncip.pem", "rb")) == XBADFILE) { + return TEST_SKIPPED; + } + x509 = PEM_read_X509(f, NULL, NULL, NULL); + XFCLOSE(f); + f = XBADFILE; + + if (x509 == NULL) { + /* Certificate may fail to load due to constraints, skip */ + return TEST_SKIPPED; + } + + critical = -1; + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + &critical, NULL); + ExpectNotNull(nc); + + /* Verify critical flag is set */ + ExpectIntEQ(critical, 1); + + if (EXPECT_SUCCESS()) { + ExpectNotNull(nc->permittedSubtrees); + } + if (EXPECT_SUCCESS()) { + numPermitted = sk_GENERAL_SUBTREE_num(nc->permittedSubtrees); + ExpectIntEQ(numPermitted, 1); + subtree = sk_GENERAL_SUBTREE_value(nc->permittedSubtrees, 0); + ExpectNotNull(subtree); + } + if (EXPECT_SUCCESS()) { + ExpectNotNull(subtree->base); + } + if (EXPECT_SUCCESS()) { + gn = subtree->base; + /* Verify GENERAL_NAME type is GEN_IPADD */ + ExpectIntEQ(gn->type, GEN_IPADD); + /* Verify IP data is stored in d.ip as OCTET_STRING */ + ExpectNotNull(gn->d.ip); + } + if (EXPECT_SUCCESS()) { + ExpectNotNull(gn->d.ip->data); + /* IPv4 constraint: 4 bytes IP + 4 bytes mask = 8 */ + ExpectIntEQ(gn->d.ip->length, 8); + } + if (EXPECT_SUCCESS()) { + /* Verify the IP address bytes (192.168.1.0) */ + ExpectIntEQ((unsigned char)gn->d.ip->data[0], 192); + ExpectIntEQ((unsigned char)gn->d.ip->data[1], 168); + ExpectIntEQ((unsigned char)gn->d.ip->data[2], 1); + ExpectIntEQ((unsigned char)gn->d.ip->data[3], 0); + /* Verify the subnet mask bytes (255.255.255.0) */ + ExpectIntEQ((unsigned char)gn->d.ip->data[4], 255); + ExpectIntEQ((unsigned char)gn->d.ip->data[5], 255); + ExpectIntEQ((unsigned char)gn->d.ip->data[6], 255); + ExpectIntEQ((unsigned char)gn->d.ip->data[7], 0); + } + if (EXPECT_SUCCESS() && nc->excludedSubtrees != NULL) { + /* Excluded subtrees should be empty */ + ExpectIntEQ(sk_GENERAL_SUBTREE_num(nc->excludedSubtrees), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test wolfSSL_NAME_CONSTRAINTS_check_name() function, checking individual + * names against name constraints. + */ +int test_wolfSSL_NAME_CONSTRAINTS_check_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + + /* Test email constraint checking with cert-ext-nc.pem + * This cert has permitted email for .wolfssl.com (subdomains only) */ + ExpectTrue((f = XFOPEN("./certs/test/cert-ext-nc.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + + if (EXPECT_SUCCESS()) { + /* Constraint is ".wolfssl.com" (leading dot). Per RFC 5280, this + * matches emails where domain ends with ".wolfssl.com" (subdomains + * only), not the exact domain. */ + + /* Subdomain emails, should match .wolfssl.com */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "test@sub.wolfssl.com", 20), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@mail.wolfssl.com", 21), 1); + /* Deeper subdomain, should also match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "admin@a.b.c.wolfssl.com", 23), 1); + + /* Exact domain, should not match .wolfssl.com per RFC */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@wolfssl.com", 16), 0); + + /* Different domains, should not match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@other.com", 14), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@notwolfssl.com", 19), 0); + /* Suffix that doesn't have dot boundary */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@fakewolfssl.com", 20), 0); + + /* Test DNS names, no DNS constraint, so all should pass */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.example.com", 15), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "any.domain.org", 14), 1); + + /* Test NULL/invalid arguments */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(NULL, GEN_EMAIL, + "user@wolfssl.com", 16), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + NULL, 16), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@wolfssl.com", 0), 0); + /* Invalid email format (no @) */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "invalid-email", 13), 0); + /* @ at start */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "@wolfssl.com", 12), 0); + /* @ at end */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@", 5), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + x509 = NULL; + nc = NULL; + + /* Test IP address constraint checking with cert-ext-ncip.pem + * This cert has permitted IP 192.168.1.0/255.255.255.0 */ + if ((f = XFOPEN("./certs/test/cert-ext-ncip.pem", "rb")) == XBADFILE) { + return TEST_SKIPPED; + } + x509 = PEM_read_X509(f, NULL, NULL, NULL); + XFCLOSE(f); + f = XBADFILE; + + if (x509 == NULL) { + return TEST_SKIPPED; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + + if (EXPECT_SUCCESS()) { + /* Test permitted IPs, within 192.168.1.0/24 subnet */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "192.168.1.1", 11), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "192.168.1.50", 12), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "192.168.1.254", 13), 1); + + /* Test non-permitted IPs, outside 192.168.1.0/24 subnet */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "192.168.2.1", 11), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "10.0.0.1", 8), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "8.8.8.8", 7), 0); + + /* Test invalid IP format */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "invalid", 7), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_IPADD, + "256.1.1.1", 9), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test DNS type name constraint checking with leading dot (subdomain matching). + * Uses cert-ext-nc-combined.pem which has permitted;DNS:.wolfssl.com + */ +int test_wolfSSL_NAME_CONSTRAINTS_dns(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + + /* Test DNS constraint checking with cert-ext-nc-combined.pem + * This cert has permitted DNS for .wolfssl.com (subdomains only) */ + f = XFOPEN("./certs/test/cert-ext-nc-combined.pem", "rb"); + if (f == XBADFILE) { + return TEST_SKIPPED; + } + x509 = PEM_read_X509(f, NULL, NULL, NULL); + XFCLOSE(f); + f = XBADFILE; + + if (x509 == NULL) { + return TEST_SKIPPED; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + + if (EXPECT_SUCCESS()) { + /* Constraint is ".wolfssl.com" (leading dot). Per RFC 5280, this + * matches DNS names that end with ".wolfssl.com" (subdomains only). */ + + /* Subdomain DNS names, should match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.wolfssl.com", 15), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "mail.wolfssl.com", 16), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "a.b.c.wolfssl.com", 17), 1); + + /* Exact domain, should not match .wolfssl.com per RFC */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "wolfssl.com", 11), 0); + + /* Different domains, should not match */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.example.com", 15), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "fakewolfssl.com", 15), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + +/* + * Test excluded name constraints. + * Uses cert-ext-ncmulti.pem which has: + * permitted;DNS:.example.com, permitted;email:.example.com + * excluded;DNS:.blocked.example.com, excluded;email:.blocked.example.com + */ +int test_wolfSSL_NAME_CONSTRAINTS_excluded(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + XFILE f = XBADFILE; + X509* x509 = NULL; + NAME_CONSTRAINTS* nc = NULL; + + /* Test excluded constraint checking with cert-ext-ncmulti.pem + * This cert permits .example.com but excludes .blocked.example.com */ + if ((f = XFOPEN("./certs/test/cert-ext-ncmulti.pem", "rb")) == XBADFILE) { + return TEST_SKIPPED; + } + x509 = PEM_read_X509(f, NULL, NULL, NULL); + XFCLOSE(f); + f = XBADFILE; + + if (x509 == NULL) { + return TEST_SKIPPED; + } + + nc = (NAME_CONSTRAINTS*)X509_get_ext_d2i(x509, NID_name_constraints, + NULL, NULL); + ExpectNotNull(nc); + + if (EXPECT_SUCCESS()) { + /* Verify both permitted and excluded subtrees are populated */ + ExpectNotNull(nc->permittedSubtrees); + ExpectNotNull(nc->excludedSubtrees); + ExpectIntGT(sk_GENERAL_SUBTREE_num(nc->excludedSubtrees), 0); + } + + if (EXPECT_SUCCESS()) { + /* Permitted .example.com subdomains should be allowed */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.example.com", 15), 1); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "mail.example.com", 16), 1); + + /* Excluded .blocked.example.com, subdomains should be blocked */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.blocked.example.com", 23), 0); + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "sub.blocked.example.com", 23), 0); + + /* blocked.example.com is permitted because + * .blocked.example.com (with leading dot) only matches subdomains + * per RFC 5280, and it still matches the permitted .example.com + * constraint */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "blocked.example.com", 19), 1); + + /* Domains outside permitted .example.com should not be allowed */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_DNS, + "www.wolfssl.com", 15), 0); + + /* Permitted email .example.com subdomains should be allowed */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@www.example.com", 20), 1); + + /* Excluded email .blocked.example.com, should be blocked */ + ExpectIntEQ(wolfSSL_NAME_CONSTRAINTS_check_name(nc, GEN_EMAIL, + "user@www.blocked.example.com", 28), 0); + } + + NAME_CONSTRAINTS_free(nc); + X509_free(x509); + +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_CERTS && !NO_RSA && + * !IGNORE_NAME_CONSTRAINTS */ + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_ext.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,93 @@ +/* test_ossl_x509_ext.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_EXT_H +#define WOLFCRYPT_TEST_OSSL_X509_EXT_H + +#include + +int test_wolfSSL_X509_get_extension_flags(void); +int test_wolfSSL_X509_get_ext(void); +int test_wolfSSL_X509_get_ext_by_NID(void); +int test_wolfSSL_X509_get_ext_subj_alt_name(void); +int test_wolfSSL_X509_set_ext(void); +int test_wolfSSL_X509_add_ext(void); +int test_wolfSSL_X509_get_ext_count(void); +int test_wolfSSL_X509_stack_extensions(void); +int test_wolfSSL_X509_EXTENSION_new(void); +int test_wolfSSL_X509_EXTENSION_dup(void); +int test_wolfSSL_X509_EXTENSION_get_object(void); +int test_wolfSSL_X509_EXTENSION_get_data(void); +int test_wolfSSL_X509_EXTENSION_get_critical(void); +int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void); +int test_wolfSSL_X509V3_set_ctx(void); +int test_wolfSSL_X509V3_EXT_get(void); +int test_wolfSSL_X509V3_EXT_nconf(void); +int test_wolfSSL_X509V3_EXT_bc(void); +int test_wolfSSL_X509V3_EXT_san(void); +int test_wolfSSL_X509V3_EXT_aia(void); +int test_wolfSSL_X509V3_EXT(void); +int test_wolfSSL_X509V3_EXT_print(void); +int test_wolfSSL_X509_get_ext_d2i_name_constraints(void); +int test_wolfSSL_sk_GENERAL_SUBTREE(void); +int test_wolfSSL_NAME_CONSTRAINTS_types(void); +int test_wolfSSL_NAME_CONSTRAINTS_uri(void); +int test_wolfSSL_NAME_CONSTRAINTS_ipaddr(void); +int test_wolfSSL_NAME_CONSTRAINTS_check_name(void); +int test_wolfSSL_NAME_CONSTRAINTS_dns(void); +int test_wolfSSL_NAME_CONSTRAINTS_excluded(void); + +#define TEST_OSSL_X509_EXT_DECLS \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_extension_flags), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_by_NID), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_subj_alt_name), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_set_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_add_ext), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_get_ext_count), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_stack_extensions), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_new), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_dup), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_get_object), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509_EXTENSION_get_data), \ + TEST_DECL_GROUP("ossl_x509_ext", \ + test_wolfSSL_X509_EXTENSION_get_critical), \ + TEST_DECL_GROUP("ossl_x509_ext", \ + test_wolfSSL_X509_EXTENSION_create_by_OBJ), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_set_ctx), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_get), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_nconf), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_bc), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_san), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_aia), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_X509V3_EXT_print), \ + TEST_DECL_GROUP("ossl_x509_ext", \ + test_wolfSSL_X509_get_ext_d2i_name_constraints), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_sk_GENERAL_SUBTREE), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_types), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_uri), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_ipaddr), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_check_name),\ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_dns), \ + TEST_DECL_GROUP("ossl_x509_ext", test_wolfSSL_NAME_CONSTRAINTS_excluded) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_EXT_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,248 @@ +/* test_ossl_x509_info.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_INFO_multiple_info(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_BIO) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + int len; + int i; + const char* files[] = { + cliCertFile, + cliKeyFile, + /* This needs to be the order as svrCertFile contains the + * intermediate cert as well. */ + svrKeyFile, + svrCertFile, + NULL, + }; + const char** curFile; + BIO *fileBIO = NULL; + BIO *concatBIO = NULL; + byte tmp[FOURK_BUF]; + + /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio + * to group objects together. */ + ExpectNotNull(concatBIO = BIO_new(BIO_s_mem())); + for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) { + int fileLen = 0; + ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb")); + ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0); + if (EXPECT_SUCCESS()) { + while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { + ExpectIntEQ(BIO_write(concatBIO, tmp, len), len); + fileLen -= len; + if (EXPECT_FAIL()) + break; + } + /* Make sure we read the entire file */ + ExpectIntEQ(fileLen, 0); + } + BIO_free(fileBIO); + fileBIO = NULL; + } + + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, + NULL)); + ExpectIntEQ(sk_X509_INFO_num(info_stack), 3); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + if (i != 2) { + ExpectNotNull(info->x_pkey); + ExpectIntEQ(X509_check_private_key(info->x509, + info->x_pkey->dec_pkey), 1); + } + else { + ExpectNull(info->x_pkey); + } + } + + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(concatBIO); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_INFO(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_BIO) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + BIO *cert = NULL; + int i; + /* PEM in hex format to avoid null terminator */ + byte data[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, + 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d + }; + /* PEM in hex format to avoid null terminator */ + byte data2[] = { + 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, + 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, + 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, + 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, + 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d + }; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + ExpectNull(info->x_pkey); + } + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + /* This case should fail due to invalid input. */ + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_X509_INFO_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + !defined(NO_BIO) + BIO* bio = NULL; + X509_INFO* info = NULL; + STACK_OF(X509_INFO)* sk = NULL; + STACK_OF(X509_INFO)* sk2 = NULL; + char* subject = NULL; + char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); + ExpectIntEQ(sk_X509_INFO_num(sk), 2); + + /* using dereference to maintain testing for Apache port*/ + ExpectNull(sk_X509_INFO_pop(NULL)); + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + info = NULL; + + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + ExpectNull(info = sk_X509_INFO_pop(sk)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + sk = NULL; + BIO_free(bio); + bio = NULL; + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); + ExpectPtrEq(sk, sk2); + if (sk2 != sk) { + sk_X509_INFO_pop_free(sk, X509_INFO_free); + } + sk = NULL; + BIO_free(bio); + sk_X509_INFO_pop_free(sk2, X509_INFO_free); + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + sk_X509_INFO_free(sk); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_X509_INFO_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + !defined(NO_BIO) + XFILE fp = XBADFILE; + STACK_OF(X509_INFO)* sk = NULL; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); + ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_info.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,38 @@ +/* test_ossl_x509_info.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_INFO_H +#define WOLFCRYPT_TEST_OSSL_X509_INFO_H + +#include + +int test_wolfSSL_X509_INFO_multiple_info(void); +int test_wolfSSL_X509_INFO(void); +int test_wolfSSL_PEM_X509_INFO_read_bio(void); +int test_wolfSSL_PEM_X509_INFO_read(void); + +#define TEST_OSSL_X509_INFO_DECLS \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_X509_INFO_multiple_info), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_X509_INFO), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_PEM_X509_INFO_read_bio), \ + TEST_DECL_GROUP("ossl_x509_info", test_wolfSSL_PEM_X509_INFO_read) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_INFO_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,247 @@ +/* test_ossl_x509_io.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#ifdef OPENSSL_EXTRA + #include +#endif +#include +#include + +int test_wolfSSL_i2d_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + const unsigned char* cert_buf = server_cert_der_2048; + unsigned char* out = NULL; + unsigned char* tmp = NULL; + const unsigned char* nullPtr = NULL; + const unsigned char notCert[2] = { 0x30, 0x00 }; + const unsigned char* notCertPtr = notCert; + X509* cert = NULL; + + ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &cert_buf, 0)); + ExpectNull(d2i_X509(NULL, ¬CertPtr, sizeof(notCert))); + ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048)); + /* Pointer should be advanced */ + ExpectPtrGT(cert_buf, server_cert_der_2048); + ExpectIntGT(i2d_X509(cert, &out), 0); + ExpectNotNull(out); + tmp = out; + ExpectIntGT(i2d_X509(cert, &tmp), 0); + ExpectPtrGT(tmp, out); +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1); +#endif + + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509 *x509 = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); + X509_free(x509); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_bio_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ + defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ + defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + /* This test contains the hard coded expected + * lengths. Update if necessary */ + XFILE fp = XBADFILE; + WOLFSSL_EVP_PKEY *priv = NULL; + + BIO* input = NULL; + BIO* output = NULL; + X509* x509a = NULL; + X509* x509b = NULL; + X509* empty = NULL; + + ASN1_TIME* notBeforeA = NULL; + ASN1_TIME* notAfterA = NULL; +#ifndef NO_ASN_TIME + ASN1_TIME* notBeforeB = NULL; + ASN1_TIME* notAfterB = NULL; +#endif + int expectedLen; + + ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE); + ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem", + "rb")); + ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000); + + /* read PEM into X509 struct, get notBefore / notAfter to verify against */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + ExpectNotNull(notBeforeA = X509_get_notBefore(x509a)); + ExpectNotNull(notAfterA = X509_get_notAfter(x509a)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed. */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + /* compare length against expected */ + expectedLen = 2000; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + wolfSSL_X509_free(empty); + +#ifndef NO_ASN_TIME + /* read exported X509 PEM back into struct, sanity check on export, + * make sure notBefore/notAfter are the same and certs are identical. */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectNotNull(notBeforeB = X509_get_notBefore(x509b)); + ExpectNotNull(notAfterB = X509_get_notAfter(x509b)); + ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); + ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + X509_free(x509b); + x509b = NULL; +#endif + + /* Reset output buffer */ + BIO_free(output); + output = NULL; + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + + /* Test forcing the AKID to be generated just from KeyIdentifier */ + if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) { + XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); + x509a->authKeyId = x509a->authKeyIdSrc; + x509a->authKeyIdSrc = NULL; + x509a->authKeyIdSrcSz = 0; + } + + /* Resign to re-generate the der */ + ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); + + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* Check that we generate a smaller output since the AKID will + * only contain the KeyIdentifier without any additional + * information */ + + /* Here we copy the validity struct from the original */ + expectedLen = 1688; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + + /* Reset buffers and x509 */ + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + X509_free(x509a); + x509a = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is a CA */ + ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and basicConstSet + * values are maintained and certs are identical.*/ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 1); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + X509_free(x509a); + x509a = NULL; + X509_free(x509b); + x509b = NULL; + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is not CA */ + ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and + * basicConstSet values are maintained and certs are identical */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 0); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + wolfSSL_EVP_PKEY_free(priv); + X509_free(x509a); + X509_free(x509b); + BIO_free(input); + BIO_free(output); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_io.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,36 @@ +/* test_ossl_x509_io.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_IO_H +#define WOLFCRYPT_TEST_OSSL_X509_IO_H + +#include + +int test_wolfSSL_i2d_X509(void); +int test_wolfSSL_PEM_read_X509(void); +int test_wolfSSL_PEM_write_bio_X509(void); + +#define TEST_OSSL_X509_IO_DECLS \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_i2d_X509), \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_PEM_read_X509), \ + TEST_DECL_GROUP("ossl_x509_io", test_wolfSSL_PEM_write_bio_X509) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_IO_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,518 @@ +/* test_ossl_x509_lu.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_LOOKUP_load_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + /* One RSA and one ECC certificate in file. */ + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", + X509_FILETYPE_PEM), 1); + + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, + WOLFSSL_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + } + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + } + + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_LOOKUP_ctrl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + + X509* cert1 = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + + WOLFSSL_STACK* sk = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + XFILE file1 = XBADFILE; + int i; + int cert_count = 0; + int cmp; + + char der[] = "certs/ca-cert.der"; + +#ifdef HAVE_CRL + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; +#endif + ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != XBADFILE) + XFCLOSE(file1); + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der , + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNull(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNotNull(issuer); + caName = X509_get_subject_name(x509Ca); + ExpectNotNull(caName); + issuerName = X509_get_subject_name(issuer); + ExpectNotNull(issuerName); + cmp = X509_NAME_cmp(caName, issuerName); + ExpectIntEQ(cmp, 0); + /* load der format */ + issuer = NULL; + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(x509Svr); + x509Svr = NULL; + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, + SSL_FILETYPE_ASN1,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(cert1); + cert1 = NULL; + +#ifdef HAVE_CRL + ExpectNotNull(str = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, + "certs/server-revoked-cert.pem", + SSL_FILETYPE_PEM,NULL), 1); + if (str) { + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + for (i = 0; pem[i][0] != '\0'; i++) + { + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], + SSL_FILETYPE_PEM, NULL), 1); + } + + if (str) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); + X509_STORE_free(str); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + const int MAX_DIR = 4; + const char paths[][32] = { + "./certs/ed25519", + "./certs/ecc", + "./certs/crl", + "./certs/", + }; + + char CertCrl_path[MAX_FILENAME_SZ]; + char *p; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + WOLFSSL_STACK* sk = NULL; + int len, total_len, i; + + (void)sk; + + XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); + + /* illegal string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", + SSL_FILETYPE_PEM, NULL), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE); + + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* short folder string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* typical function check */ + p = &CertCrl_path[0]; + total_len = 0; + + for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { + len = (int)XSTRLEN((const char*)&paths[i]); + total_len += len; + XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); + p += len; + if (i != 0) *(p++) = SEPARATOR_CHAR; + } + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + + X509_STORE_free(str); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_load_crl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) + int i; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + #ifdef WC_RSA_PSS + "./certs/crl/crl_rsapss.pem", + #endif + "" + }; + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + "" + }; + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); +#ifdef WC_RSA_PSS + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem", + X509_FILETYPE_PEM), 1); +#endif + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0); + for (i = 0; pem[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); +#ifdef WC_RSA_PSS + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); +#endif + } + /* once feeing store */ + X509_STORE_free(store); + store = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + for (i = 0; der[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + /* test for incorrect parameter */ + ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); + ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); + ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); + + X509_STORE_free(store); + store = NULL; +#endif + return EXPECT_RESULT(); +} + +int test_X509_LOOKUP_add_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_der"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store. + * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy + * of crl.der */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT return CRL missing */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + + /* Now repeat the same, but look for X509_FILETYPE_PEM. + * We should get CRL_MISSING at the end, because the lookup + * dir has only ASN1 CRLs. */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Now we SHOULD get CRL_MISSING, because we looked for PEM + * in dir containing only ASN1/DER. */ + ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + X509_V_ERR_UNABLE_TO_GET_CRL); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_lu.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,40 @@ +/* test_ossl_x509_lu.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_LU_H +#define WOLFCRYPT_TEST_OSSL_X509_LU_H + +#include + +int test_wolfSSL_X509_LOOKUP_load_file(void); +int test_wolfSSL_X509_LOOKUP_ctrl_file(void); +int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void); +int test_wolfSSL_X509_load_crl_file(void); +int test_X509_LOOKUP_add_dir(void); + +#define TEST_OSSL_X509_LOOKUP_DECLS \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_load_file), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_file), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), \ + TEST_DECL_GROUP("ossl_x509_lu", test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), \ + TEST_DECL_GROUP("ossl_x509_lu", test_X509_LOOKUP_add_dir) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_LU_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,717 @@ +/* test_ossl_x509_name.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_wolfSSL_X509_NAME_get_entry(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) || \ + (defined(OPENSSL_EXTRA) && \ + (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) + /* use openssl like name to test mapping */ + X509_NAME_ENTRY* ne = NULL; + X509_NAME* name = NULL; + X509* x509 = NULL; + ASN1_STRING* asn = NULL; + char* subCN = NULL; + int idx = 0; + ASN1_OBJECT *object = NULL; +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + BIO* bio = NULL; +#endif +#endif + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_data(NULL)); + ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); + ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); + wolfSSL_FreeX509(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + BIO_free(bio); +#endif +#endif + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + wolfSSL_FreeX509(x509); +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ +#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */ + + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ + defined(OPENSSL_EXTRA)) + X509* x509 = NULL; +#ifndef OPENSSL_EXTRA + const unsigned char* c = NULL; + int bytes = 0; +#endif + unsigned char buf[4096]; + XFILE f = XBADFILE; + const X509_NAME* a = NULL; + const X509_NAME* b = NULL; + X509_NAME* d2i_name = NULL; + int sz = 0; + unsigned char* tmp = NULL; + char file[] = "./certs/ca-cert.der"; +#ifndef OPENSSL_EXTRA_X509_SMALL + byte empty[] = { /* CN=empty emailAddress= */ + 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, + 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x00 + }; +#endif +#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) + byte digest[64]; /* max digest size */ + word32 digestSz; +#endif + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test compile of deprecated function, returns 0 */ + ExpectIntEQ(CRYPTO_thread_id(), 0); +#endif + + ExpectNotNull(a = X509_NAME_new()); + ExpectNotNull(b = X509_NAME_new()); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + X509_NAME_free((X509_NAME*)b); + X509_NAME_free((X509_NAME*)a); + a = NULL; + + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); +#ifndef OPENSSL_EXTRA + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + c = buf; + ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); +#else + ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE)); + ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f)); + if (f != XBADFILE) + XFCLOSE(f); +#endif + + /* test cmp function */ + ExpectNull(X509_get_issuer_name(NULL)); + ExpectNotNull(a = X509_get_issuer_name(x509)); + ExpectNull(X509_get_subject_name(NULL)); + ExpectNotNull(b = X509_get_subject_name(x509)); +#ifdef KEEP_PEER_CERT + ExpectNull(wolfSSL_X509_get_subjectCN(NULL)); + ExpectNotNull(wolfSSL_X509_get_subjectCN(x509)); +#endif + +#if defined(OPENSSL_EXTRA) + ExpectIntEQ(X509_check_issued(NULL, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(NULL, x509), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK); + ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(NULL, b), -2); + ExpectIntEQ(X509_NAME_cmp(a, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ + +#if !defined(NO_PWDBASED) + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL, + NULL), 0); +#endif + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest, + &digestSz), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + NULL), 1); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + &digestSz), 1); + ExpectTrue(digestSz == 32); +#endif +#else + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), + NOT_COMPILED_IN); +#endif +#endif /* OPENSSL_EXTRA */ + + tmp = buf; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); + if (sz > 0 && tmp == buf) { + fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, + __LINE__); + fprintf(stderr, " Expected pointer to be incremented\n"); + abort(); + } + +#ifndef OPENSSL_EXTRA_X509_SMALL + tmp = buf; + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); +#endif + + /* if output parameter is NULL, should still return required size. */ + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); + /* retry but with the function creating a buffer */ + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + +#ifdef WOLFSSL_CERT_NAME_ALL + /* test for givenName and name */ + { + WOLFSSL_X509_NAME_ENTRY* entry = NULL; + WOLFSSL_X509_NAME_ENTRY empty; + const byte gName[] = "test-given-name"; + const byte name[] = "test-name"; + + XMEMSET(&empty, 0, sizeof(empty)); + + ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName))); + ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , entry , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + entry = NULL; + + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_name, ASN_UTF8STRING, name, sizeof(name))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + b = NULL; + ExpectNull(X509_NAME_dup(NULL)); + ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a)); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + ExpectIntEQ(X509_NAME_entry_count(NULL), 0); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + ExpectNotNull(b = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + X509_NAME_free(d2i_name); + d2i_name = NULL; + X509_free(x509); + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test with an empty domain component */ + tmp = empty; + sz = sizeof(empty); + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); + ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2); + + /* size of empty emailAddress will be 0 */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, + (char*)tmp, sizeof(buf)), 0); + + /* should contain no organization name */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, + (char*)tmp, sizeof(buf)), -1); + X509_NAME_free(d2i_name); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) + BIO* bio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectIntEQ(X509_NAME_hash(NULL), 0); + ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL)); + ExpectIntEQ(X509_NAME_hash(name), 0); + X509_NAME_free(name); + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); + ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); + X509_free(x509); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_print_ex(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ + !defined(NO_BIO) && !defined(NO_RSA) + int memSz = 0; + byte* mem = NULL; + BIO* bio = NULL; + BIO* membio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + X509_NAME* empty = NULL; + + const char* expNormal = "C=US, CN=wolfssl.com"; + const char* expEqSpace = "C = US, CN = wolfssl.com"; + const char* expReverse = "CN=wolfssl.com, C=US"; + + const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; + const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; + const char* expRFC5523 = + "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; + + /* Test with real cert (svrCertFile) first */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + wolfSSL_X509_NAME_free(empty); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test with empty issuer cert empty-issuer-cert.pem. + * See notes in certs/test/gen-testcerts.sh for how it was generated. */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + /* Should be empty string "" */ + ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0); + + BIO_free(membio); + membio = NULL; + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test normal case without escaped characters */ + { + /* Create name: "/C=US/CN=wolfssl.com" */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + MBSTRING_UTF8, (byte*)"US", 2, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), + WOLFSSL_SUCCESS); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNormal)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); + BIO_free(membio); + membio = NULL; + + /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for + spaces around '=' */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), + WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); + ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC2253 - should be reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); + BIO_free(membio); + membio = NULL; + + X509_NAME_free(name); + name = NULL; + } + + /* Test RFC2253 characters are escaped with backslashes */ + { + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + /* space at beginning and end, and: ,+"\ */ + MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + /* # at beginning, and: <>;*/ + MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), + WOLFSSL_SUCCESS); + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscaped)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped, + XSTRLEN(expNotEscaped)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expRFC5523)); + ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, + XSTRLEN(expNotEscapedRev)), 0); + BIO_free(membio); + + X509_NAME_free(name); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_ENTRY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) + X509* x509 = NULL; +#ifndef NO_BIO + X509* empty = NULL; + BIO* bio = NULL; +#endif + X509_NAME* nm = NULL; + X509_NAME_ENTRY* entry = NULL; + WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL; + unsigned char cn[] = "another name to add"; +#ifdef OPENSSL_ALL + int i; + int names_len = 0; +#endif + + ExpectNotNull(x509 = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); + wolfSSL_X509_free(empty); +#endif + +#ifdef WOLFSSL_CERT_REQ + { + X509_REQ* req = NULL; +#ifndef NO_BIO + X509_REQ* emptyReq = NULL; + BIO* bReq = NULL; +#endif + + ExpectNotNull(req = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new()); + ExpectNotNull(bReq = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); + + BIO_free(bReq); + X509_REQ_free(emptyReq); +#endif + X509_free(req); + } +#endif + + ExpectNotNull(nm = X509_get_subject_name(x509)); + + /* Test add entry */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, + 0x0c, cn, (int)sizeof(cn))); + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + + /* @TODO the internal name entry set value needs investigated for matching + * behavior with OpenSSL. At the moment the getter function for the set + * value is being tested only in that it succeeds in getting the internal + * value. */ + ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0); + +#ifdef WOLFSSL_CERT_EXT + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1)); + ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1)); + ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0)); +#endif + X509_NAME_ENTRY_free(entry); + entry = NULL; + +#ifdef WOLFSSL_CERT_REQ + { + unsigned char srv_pkcs9p[] = "Server"; + unsigned char rfc822Mlbx[] = "support@wolfssl.com"; + unsigned char fvrtDrnk[] = "tequila"; + unsigned char* der = NULL; + char* subject = NULL; + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, + MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox, + MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, + MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); + ExpectNotNull(der); + + ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0)); + ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com")); + ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); + ExpectNotNull(XSTRSTR(subject, "contentType=Server")); + #ifdef DEBUG_WOLFSSL + if (subject != NULL) { + fprintf(stderr, "\n\t%s\n", subject); + } + #endif + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn, + (int)sizeof(cn))); + /* Test add entry by text */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", + 0x0c, cn, (int)sizeof(cn))); + ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName", + 0x0c, cn, (int)sizeof(cn)), entry); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ + || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) + ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", + V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); + #endif + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + X509_NAME_ENTRY_free(entry); + entry = NULL; + + /* Test add entry by NID */ + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, + cn, -1, -1, 0), SSL_SUCCESS); + +#ifdef OPENSSL_ALL + /* stack of name entry */ + ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); + for (i = 0; i < names_len; i++) { + ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i)); + } +#endif + + ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL)); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0); + ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0)); + ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0)); + wolfSSL_sk_X509_NAME_ENTRY_free(entries); +#ifndef NO_BIO + BIO_free(bio); +#endif + X509_free(x509); /* free's nm */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_NAME_ENTRY_get_object(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + X509_NAME* name = NULL; + int idx = 0; + X509_NAME_ENTRY *ne = NULL; + ASN1_OBJECT *object = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), + BAD_FUNC_ARG); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_object(NULL)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_name.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,42 @@ +/* test_ossl_x509_name.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_NAME_H +#define WOLFCRYPT_TEST_OSSL_X509_NAME_H + +#include + +int test_wolfSSL_X509_NAME_get_entry(void); +int test_wolfSSL_X509_NAME(void); +int test_wolfSSL_X509_NAME_hash(void); +int test_wolfSSL_X509_NAME_print_ex(void); +int test_wolfSSL_X509_NAME_ENTRY(void); +int test_wolfSSL_X509_NAME_ENTRY_get_object(void); + +#define TEST_OSSL_X509_NAME_DECLS \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_get_entry), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_hash), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_print_ex), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_ENTRY), \ + TEST_DECL_GROUP("ossl_x509_name", test_wolfSSL_X509_NAME_ENTRY_get_object) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_NAME_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,350 @@ +/* test_ossl_x509_pk.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +int test_wolfSSL_X509_get_X509_PUBKEY(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + X509_PUBKEY* pubKey; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); + ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_RSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + byte buf[1024]; + byte* tmp; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectNotNull(pubKey); + ExpectIntGT(ppklen, 0); + + tmp = buf; + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294); + + ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); + + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNull(pval); + ExpectIntEQ(pptype, V_ASN1_NULL); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); + + X509_PUBKEY_free(NULL); + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_EC(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + ASN1_OBJECT* poid = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + char buf[50]; + + ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_OBJECT); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); + poid = (ASN1_OBJECT *)pval; + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); + ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); + + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_DSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) + word32 bytes; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; +#else + byte tmp[TWOK_BUF]; +#endif /* END USE_CERT_BUFFERS_1024 */ + const unsigned char* dsaKeyDer = tmp; + + ASN1_OBJECT* obj = NULL; + ASN1_STRING* str; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen, pptype; + X509_ALGOR *pa = NULL; + const void *pval; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + { + XFILE fp = XBADFILE; + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + } +#endif + + /* Initialize pkey with der format dsa key */ + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); + + ExpectNotNull(pubKey = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_SEQUENCE); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); + str = (ASN1_STRING *)pval; + DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(ASN1_STRING_length(str), 291); +#else + ExpectIntEQ(ASN1_STRING_length(str), 549); +#endif /* END USE_CERT_BUFFERS_1024 */ + + X509_PUBKEY_free(pubKey); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_PUBKEY_get(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_X509_PUBKEY pubkey; + WOLFSSL_X509_PUBKEY* key; + WOLFSSL_EVP_PKEY evpkey ; + WOLFSSL_EVP_PKEY* evpPkey; + WOLFSSL_EVP_PKEY* retEvpPkey; + + XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); + XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + + key = &pubkey; + evpPkey = &evpkey; + + evpPkey->type = WOLFSSL_SUCCESS; + key->pkey = evpPkey; + + ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); + + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); + + key->pkey = NULL; + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_set_pubkey(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + WOLFSSL_X509* x509 = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + +#if !defined(NO_RSA) + { + WOLFSSL_RSA* rsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_RSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) + { + WOLFSSL_DSA* dsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(dsa = wolfSSL_DSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DSA_free(dsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if defined(HAVE_ECC) + { + WOLFSSL_EC_KEY* ec = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_EC; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(ec = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ec); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(NO_DH) + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DH; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_pk.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,42 @@ +/* test_ossl_x509_pk.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_PK_H +#define WOLFCRYPT_TEST_OSSL_X509_PK_H + +#include + +int test_wolfSSL_X509_get_X509_PUBKEY(void); +int test_wolfSSL_X509_PUBKEY_RSA(void); +int test_wolfSSL_X509_PUBKEY_EC(void); +int test_wolfSSL_X509_PUBKEY_DSA(void); +int test_wolfSSL_X509_PUBKEY_get(void); +int test_wolfSSL_X509_set_pubkey(void); + +#define TEST_OSSL_X509_PK_DECLS \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_get_X509_PUBKEY), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_RSA), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_EC), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_DSA), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_PUBKEY_get), \ + TEST_DECL_GROUP("ossl_x509_pk", test_wolfSSL_X509_set_pubkey) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_PK_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1845 @@ +/* test_ossl_x509_str.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef OPENSSL_EXTRA + #include + #include +#endif +#include +#include + +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_ASN_TIME) +static int last_errcodes[10]; +static int last_errdepths[10]; +static int err_index = 0; + +static int X509CallbackCount(int ok, X509_STORE_CTX *ctx) +{ + if (!ok) { + if (err_index < 10) { + last_errcodes[err_index] = X509_STORE_CTX_get_error(ctx); + last_errdepths[err_index] = X509_STORE_CTX_get_error_depth(ctx); + err_index++; + } else { + /* Should not happen in test */ + WOLFSSL_MSG("Error index overflow in X509CallbackCount"); + err_index = 0; + } + } + /* Always return OK to allow verification to continue.*/ + return 1; +} +#endif + +int test_wolfSSL_X509_STORE_CTX_set_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509_STORE_CTX* ctx = NULL; + time_t c_time; + + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + c_time = 365*24*60*60; + wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); + ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == + WOLFSSL_USE_CHECK_TIME); + ExpectTrue(ctx->param->check_time == c_time); + wolfSSL_X509_STORE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_check_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_ASN_TIME) && !defined(NO_RSA) + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_STORE_CTX* ctx = NULL; + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* cert = NULL; + int ret; + time_t check_time; + const char* srvCertFile = "./certs/server-cert.pem"; + const char* expiredCertFile = "./certs/test/expired/expired-cert.pem"; + + /* Set check_time to May 26, 2000 - should fail "not yet valid" check */ + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + if (store != NULL) { + /* Load CA certificate - should validate with current time by default */ + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS); + + /* Set check_time to May 26, 2000 (timestamp: 959320800) */ + check_time = (time_t)959320800; /* May 26, 2000 00:00:00 UTC */ + store->param->check_time = check_time; + wolfSSL_X509_VERIFY_PARAM_set_flags(store->param, + WOLFSSL_USE_CHECK_TIME); + ExpectTrue(store->param->check_time == check_time); + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(srvCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL), + WOLFSSL_SUCCESS); + + /* Verify that check_time was copied to context */ + ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == + WOLFSSL_USE_CHECK_TIME); + ExpectTrue(ctx->param->check_time == check_time); + + /* Verify certificate using the custom check_time - should fail because + * certificate is not yet valid (use before check fails) */ + ret = wolfSSL_X509_verify_cert(ctx); + ExpectIntNE(ret, WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error(ctx), + WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + } + wolfSSL_X509_STORE_free(store); + store = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + wolfSSL_X509_free(ca); + ca = NULL; + + /* Verify without setting check_time - should work with current time */ + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + if (store != NULL) { + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS); + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(srvCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL), + WOLFSSL_SUCCESS); + ret = wolfSSL_X509_verify_cert(ctx); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + } + wolfSSL_X509_STORE_free(store); + store = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + wolfSSL_X509_free(ca); + ca = NULL; + + /* Test WOLFSSL_NO_CHECK_TIME flag with expired certificate */ + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + if (store != NULL) { + /* Set NO_CHECK_TIME flag to skip time validation */ + wolfSSL_X509_VERIFY_PARAM_set_flags(store->param, + WOLFSSL_NO_CHECK_TIME); + ExpectTrue((store->param->flags & WOLFSSL_NO_CHECK_TIME) == + WOLFSSL_NO_CHECK_TIME); + + /* Load expired certificate (self-signed) */ + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile, + SSL_FILETYPE_PEM)); + /* Add expired certificate as trusted CA (self-signed) */ + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, cert), WOLFSSL_SUCCESS); + + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, cert, NULL), + WOLFSSL_SUCCESS); + /* Verify expired certificate with NO_CHECK_TIME - should succeed + * because time validation is skipped */ + ret = wolfSSL_X509_verify_cert(ctx); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + wolfSSL_X509_STORE_free(store); + store = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + + err_index = 0; + + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS); + + X509_STORE_set_verify_cb(store, X509CallbackCount); + + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile, + SSL_FILETYPE_PEM)); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, cert, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(ctx), WOLFSSL_SUCCESS); + /* while verifying the certificate, it should have two errors */ + ExpectIntEQ(err_index, 2); + /* self-signed */ + ExpectIntEQ(last_errcodes[err_index - 2], + WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); + /* expired */ + ExpectIntEQ(last_errcodes[err_index - 1], + WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED); + + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(store); + store = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + + err_index = 0; + + ExpectNotNull(store = X509_STORE_new()); + /* Set NO_CHECK_TIME flag to skip time validation */ + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(store->param, + WOLFSSL_NO_CHECK_TIME), WOLFSSL_SUCCESS); + ExpectTrue((store->param->flags & WOLFSSL_NO_CHECK_TIME) == + WOLFSSL_NO_CHECK_TIME); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS); + + X509_STORE_set_verify_cb(store, X509CallbackCount); + + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(expiredCertFile, + SSL_FILETYPE_PEM)); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, cert, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(ctx), WOLFSSL_SUCCESS); + /* while verifying the certificate, it should have an error */ + ExpectIntEQ(err_index, 1); + /* self-signed */ + ExpectIntEQ(last_errcodes[err_index - 1], + WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT); + /* no expired because of no_check_time */ + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(store); + store = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; +#endif +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_ASN_TIME && !NO_RSA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_CTX_get0_store(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx_no_init = NULL; + + ExpectNotNull((store = X509_STORE_new())); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx_no_init = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_store(NULL)); + /* should return NULL if ctx has not bee initialized */ + ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init)); + ExpectNotNull(X509_STORE_CTX_get0_store(ctx)); + + wolfSSL_X509_STORE_CTX_free(ctx); + wolfSSL_X509_STORE_CTX_free(ctx_no_init); + X509_STORE_free(store); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +static int verify_cb(int ok, X509_STORE_CTX *ctx) +{ + (void) ok; + (void) ctx; + fprintf(stderr, "ENTER verify_cb\n"); + return SSL_SUCCESS; +} +#endif + +int test_wolfSSL_X509_STORE_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509 = NULL; +#ifdef OPENSSL_ALL + X509* x5092 = NULL; + STACK_OF(X509) *sk = NULL; + STACK_OF(X509) *sk2 = NULL; + STACK_OF(X509) *sk3 = NULL; +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); +#ifdef OPENSSL_ALL + /* sk_X509_new only in OPENSSL_ALL */ + sk = sk_X509_new_null(); + ExpectNotNull(sk); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); +#endif + ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); + X509_STORE_CTX_set_error(ctx, -5); + X509_STORE_CTX_set_error(NULL, -5); + + X509_STORE_CTX_free(ctx); + ctx = NULL; +#ifdef OPENSSL_ALL + sk_X509_pop_free(sk, NULL); + sk = NULL; +#endif + X509_STORE_free(str); + str = NULL; + X509_free(x509); + x509 = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + X509_STORE_CTX_set_verify_cb(ctx, verify_cb); + X509_STORE_CTX_free(ctx); + ctx = NULL; + +#ifdef OPENSSL_ALL + /* test X509_STORE_CTX_get(1)_chain */ + ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((sk = sk_X509_new_null())); + ExpectIntEQ(sk_X509_push(sk, x509), 1); + if (EXPECT_FAIL()) { + X509_free(x509); + x509 = NULL; + } + ExpectNotNull((str = X509_STORE_new())); + ExpectNotNull((ctx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + /* CTX certs not freed yet */ + X509_free(x5092); + x5092 = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + /* sk3 is dup so free here */ + sk_X509_pop_free(sk3, NULL); + sk3 = NULL; +#endif + + /* test X509_STORE_CTX_get/set_ex_data */ + { + int i = 0, tmpData = 5; + void* tmpDataRet; + ExpectNotNull(ctx = X509_STORE_CTX_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_CTX_free(ctx); + ctx = NULL; + } + + /* test X509_STORE_get/set_ex_data */ + { + int i = 0, tmpData = 99; + void* tmpDataRet; + ExpectNotNull(str = X509_STORE_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_free(str); + str = NULL; + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +typedef struct { + const char *caFile; + const char *caIntFile; + const char *caInt2File; + const char *leafFile; + X509 *x509Ca; + X509 *x509CaInt; + X509 *x509CaInt2; + X509 *x509Leaf; + STACK_OF(X509)* expectedChain; +} X509_STORE_test_data; + +static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) +{ + XFILE fp = XBADFILE; + X509 *x = NULL; + + fp = XFOPEN(file, "rb"); + if (fp == NULL) { + return NULL; + } + x = PEM_read_X509(fp, 0, 0, 0); + XFCLOSE(fp); + + return x; +} + +static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 1, add X509 certs to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 2, add certs by filename to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caIntFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caInt2File, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 3, mix and match X509 with files */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 4, CA loaded by file, intermediates passed on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + int i = 0; + + /* Test case 5, manually set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 6, manually set trusted stack will be unified with + * any intermediates provided on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 7, certs added to store after ctx init are still used */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 8, Only full chain verifies */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx2 = NULL; + STACK_OF(X509)* trusted = NULL; + + /* Test case 9, certs added to store should not be reflected in ctx that + * has been manually set with a trusted stack, but are reflected in ctx + * that has not set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx2 = X509_STORE_CTX_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + /* CTX1 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + /* CTX2 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_free(ctx); + X509_STORE_CTX_free(ctx2); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 10, ensure partial chain flag works */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 11, test partial chain flag on ctx itself */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +#ifdef HAVE_ECC +static int test_wolfSSL_X509_STORE_CTX_ex12(void) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + X509* rootEccX509 = NULL; + X509* badAkiX509 = NULL; + X509* ca1X509 = NULL; + + const char* intCARootECCFile = "./certs/ca-ecc-cert.pem"; + const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem"; + const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem"; + + /* Test case 12, multiple CAs with the same SKI including 1 with + intentionally bad/unregistered AKI. x509_verify_cert should still form a + valid chain using the valid CA, ignoring the bad CA. Developed from + customer provided reproducer. */ + + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCARootECCFile)); + ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1); + ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCABadAKIECCFile)); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 0); + X509_STORE_CTX_cleanup(ctx); + + ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1); + ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper( + intCA1ECCFile)); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(rootEccX509); + X509_free(badAkiX509); + X509_free(ca1X509); + return EXPECT_RESULT(); +} +#endif +#endif + +int test_wolfSSL_X509_STORE_CTX_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_test_data testData; + XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); + testData.caFile = "./certs/ca-cert.pem"; + testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; + testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; + testData.leafFile = "./certs/intermediate/server-chain.pem"; + + ExpectNotNull(testData.x509Ca = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); + ExpectNotNull(testData.x509CaInt = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); + ExpectNotNull(testData.x509CaInt2 = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); + ExpectNotNull(testData.x509Leaf = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); + ExpectNotNull(testData.expectedChain = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); + + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); +#ifdef HAVE_ECC + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex12(), 1); +#endif + + if(testData.x509Ca) { + X509_free(testData.x509Ca); + } + if(testData.x509CaInt) { + X509_free(testData.x509CaInt); + } + if(testData.x509CaInt2) { + X509_free(testData.x509CaInt2); + } + if(testData.x509Leaf) { + X509_free(testData.x509Leaf); + } + if (testData.expectedChain) { + sk_X509_free(testData.expectedChain); + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, + STACK_OF(X509)* chain) +{ + EXPECT_DECLS; + XFILE fp = XBADFILE; + X509* cert = NULL; + + ExpectTrue((fp = XFOPEN(filename, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(sk_X509_push(chain, cert), 0); + if (EXPECT_FAIL()) + X509_free(cert); + + return EXPECT_RESULT(); +} + +static int test_X509_STORE_untrusted_certs(const char** filenames, int ret, + int err, int loadCA) +{ + EXPECT_DECLS; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + ExpectIntEQ(X509_STORE_set_flags(str, 0), 1); + if (loadCA) { + ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL), + 1); + } + for (; *filenames; filenames++) { + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames, + untrusted), TEST_SUCCESS); + } + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), ret); + ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); + + return EXPECT_RESULT(); +} +#endif + +int test_X509_STORE_untrusted(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* untrusted1[] = { + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted2[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted3[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + "./certs/ca-cert.pem", + NULL + }; + /* Adding unrelated certs that should be ignored */ + const char* untrusted4[] = { + "./certs/client-ca.pem", + "./certs/intermediate/ca-int-cert.pem", + "./certs/server-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + + /* Only immediate issuer in untrusted chain. Fails since can't build chain + * to loaded CA. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), + TEST_SUCCESS); + /* Root CA in untrusted chain is OK so long as CA has been loaded + * properly */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), + TEST_SUCCESS); + /* Still needs properly loaded CA, while including it in untrusted + * list is not an error, it also doesn't count for verify */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), + TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), + TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + +static int last_errcode; +static int last_errdepth; + +static int X509Callback(int ok, X509_STORE_CTX *ctx) +{ + + if (!ok) { + last_errcode = X509_STORE_CTX_get_error(ctx); + last_errdepth = X509_STORE_CTX_get_error_depth(ctx); + } + /* Always return OK to allow verification to continue.*/ + return 1; +} + +#endif + +int test_X509_STORE_InvalidCa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* filename = "./certs/intermediate/ca_false_intermediate/" + "test_int_not_cacert.pem"; + const char* srvfile = "./certs/intermediate/ca_false_intermediate/" + "test_sign_bynoca_srv.pem"; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + last_errcode = 0; + last_errdepth = 0; + + ExpectTrue((fp = XFOPEN(srvfile, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + /* create cert chain stack */ + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, + untrusted), TEST_SUCCESS); + + X509_STORE_set_verify_cb(str, X509Callback); + + ExpectIntEQ(X509_STORE_load_locations(str, + "./certs/intermediate/ca_false_intermediate/test_ca.pem", + NULL), 1); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA); + /* Defense in depth: ctx->error must not be clobbered back to X509_V_OK + * by the later successful verification of the intermediate against the + * trusted root. The worst-seen error must persist. */ + ExpectIntEQ(X509_STORE_CTX_get_error(ctx), X509_V_ERR_INVALID_CA); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); +#endif + return EXPECT_RESULT(); +} + +int test_X509_STORE_InvalidCa_NoCallback(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* filename = "./certs/intermediate/ca_false_intermediate/" + "test_int_not_cacert.pem"; + const char* srvfile = "./certs/intermediate/ca_false_intermediate/" + "test_sign_bynoca_srv.pem"; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + ExpectTrue((fp = XFOPEN(srvfile, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + /* Create cert chain stack with an intermediate that is CA:FALSE. */ + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, + untrusted), TEST_SUCCESS); + + ExpectIntEQ(X509_STORE_load_locations(str, + "./certs/intermediate/ca_false_intermediate/test_ca.pem", + NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + /* No verify callback: verification must fail on CA:FALSE issuer. */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_CTX_get_error(ctx), X509_V_ERR_INVALID_CA); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + X509_STORE_CTX_cleanup(NULL); + X509_STORE_CTX_trusted_stack(NULL, NULL); + + res = TEST_SUCCESS; +#endif + return res; +} + +int test_wolfSSL_X509_STORE_CTX_get_issuer(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509Ca = + wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + /* Issuer0 is not set until chain is built for verification */ + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + + /* Issuer1 will use the store to make a new issuer */ + ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); + ExpectNotNull(issuer); + X509_free(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + ExpectNotNull(caName = X509_get_subject_name(x509Ca)); + ExpectNotNull(issuerName = X509_get_subject_name(issuer)); +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); +#endif + + X509_STORE_CTX_free(ctx); + X509_free(x509Svr); + X509_STORE_free(str); + X509_free(x509Ca); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_set_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE* store = NULL; + X509* x509 = NULL; + + ExpectNotNull((store = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); + +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) + X509_STORE *store = NULL; + +#ifdef HAVE_CRL + X509_STORE_CTX *storeCtx = NULL; + X509 *ca = NULL; + X509 *cert = NULL; + const char srvCert[] = "./certs/server-revoked-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + X509_CRL *crl = NULL; + const char crlPem[] = "./certs/crl/crl.revoked"; + XFILE fp = XBADFILE; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + /* should fail to verify now after adding in CRL */ + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + WOLFSSL_X509_V_ERR_CERT_REVOKED); + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ +#endif /* HAVE_CRL */ + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) + { + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + int i; + for (i = 0; i < 2; i++) { + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectNotNull(ssl = SSL_new(ctx)); + if (i == 0) { + ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store), + SSL_SUCCESS); + } + else { + ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), + SSL_SUCCESS); + #ifdef OPENSSL_ALL + ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), + SSL_SUCCESS); + #endif + } + if (EXPECT_FAIL() || (i == 1)) { + X509_STORE_free(store); + store = NULL; + } + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + } +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_load_locations(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \ + !defined(NO_TLS) + SSL_CTX *ctx = NULL; + X509_STORE *store = NULL; + + const char ca_file[] = "./certs/ca-cert.pem"; + const char client_pem_file[] = "./certs/client-cert.pem"; + const char client_der_file[] = "./certs/client-cert.der"; + const char ecc_file[] = "./certs/ecc-key.pem"; + const char certs_path[] = "./certs/"; + const char bad_path[] = "./bad-path/"; +#ifdef HAVE_CRL + const char crl_path[] = "./certs/crl/"; + const char crl_file[] = "./certs/crl/crl.pem"; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test bad arguments */ + ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifdef HAVE_CRL + /* Test with CRL */ + ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path), + WOLFSSL_SUCCESS); +#endif + + /* Test with CA */ + ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test with client_cert and certs path */ + ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path), + WOLFSSL_SUCCESS); + +#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \ + _POSIX_C_SOURCE >= 200112L + ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); + /* Test with env vars */ + ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0); + ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0); + ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS); +#endif + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + /* Clear nodes */ + ERR_clear_error(); +#endif + + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_X509_STORE_get0_objects(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) + X509_STORE *store = NULL; + X509_STORE *store_cpy = NULL; + SSL_CTX *ctx = NULL; + X509_OBJECT *obj = NULL; +#ifdef HAVE_CRL + X509_OBJECT *objCopy = NULL; +#endif + STACK_OF(X509_OBJECT) *objs = NULL; + STACK_OF(X509_OBJECT) *objsCopy = NULL; + int i; + + /* Setup store */ +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store_cpy = X509_STORE_new()); + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), + WOLFSSL_SUCCESS); +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), + WOLFSSL_SUCCESS); +#endif + /* Store ready */ + + /* Similar to HaProxy ssl_set_cert_crl_file use case */ + ExpectNotNull(objs = X509_STORE_get0_objects(store)); +#ifdef HAVE_CRL +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 4); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 1); +#endif +#else +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 3); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 0); +#endif +#endif + ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0); + ExpectNull(sk_X509_OBJECT_value(NULL, 0)); + ExpectNull(sk_X509_OBJECT_value(NULL, 1)); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs))); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1)); +#ifndef NO_WOLFSSL_STUB + ExpectNull(sk_X509_OBJECT_delete(objs, 0)); +#endif + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy)); + for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) { + obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); + #ifdef HAVE_CRL + objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i); + #endif + switch (X509_OBJECT_get_type(obj)) { + case X509_LU_X509: + { + X509* x509 = NULL; + X509_NAME *subj_name = NULL; + ExpectNull(X509_OBJECT_get0_X509_CRL(NULL)); + ExpectNull(X509_OBJECT_get0_X509_CRL(obj)); + ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj)); + ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS); + ExpectNotNull(subj_name = X509_get_subject_name(x509)); + ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509, + subj_name)); + + break; + } + case X509_LU_CRL: +#ifdef HAVE_CRL + { + X509_CRL* crl = NULL; + ExpectNull(X509_OBJECT_get0_X509(NULL)); + ExpectNull(X509_OBJECT_get0_X509(obj)); + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj)); + ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); + break; + } +#endif + case X509_LU_NONE: + default: + Fail(("X509_OBJECT_get_type should return x509 or crl " + "(when built with crl support)"), + ("Unrecognized X509_OBJECT type or none")); + } + } + + X509_STORE_free(store_cpy); + SSL_CTX_free(ctx); + + wolfSSL_sk_X509_OBJECT_free(NULL); + objs = NULL; + wolfSSL_sk_pop_free(objsCopy, NULL); + objsCopy = NULL; + ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new()); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE); + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + wolfSSL_sk_X509_OBJECT_free(objsCopy); + wolfSSL_sk_X509_OBJECT_free(objs); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_STORE_get1_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX *storeCtx = NULL; + X509_STORE *store = NULL; + X509 *caX509 = NULL; + X509 *svrX509 = NULL; + X509_NAME *subject = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; + + ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull(storeCtx = X509_STORE_CTX_new()); + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(subject = X509_get_subject_name(caX509)); + + /* Errors */ + ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); + ExpectNull(X509_STORE_get1_certs(NULL, subject)); + ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); + + ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), + SSL_SUCCESS); + + /* Should find the cert */ + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + /* Should not find the cert */ + ExpectNotNull(subject = X509_get_subject_name(svrX509)); + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(svrX509); + X509_free(caX509); +#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) +static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + X509_CRL *crl = NULL; + XFILE fp = XBADFILE; + char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + int ret = 0; + + (void)ctx; + + if (cert_issuer == NULL) + return 0; + + if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { + PEM_read_X509_CRL(fp, &crl, NULL, NULL); + XFCLOSE(fp); + if (crl != NULL) { + char* crl_issuer = X509_NAME_oneline( + X509_CRL_get_issuer(crl), NULL, 0); + if ((crl_issuer != NULL) && + (XSTRCMP(cert_issuer, crl_issuer) == 0)) { + *crl_out = X509_CRL_dup(crl); + if (*crl_out != NULL) + ret = 1; + } + OPENSSL_free(crl_issuer); + } + } + + X509_CRL_free(crl); + OPENSSL_free(cert_issuer); + return ret; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + (void)ctx; + (void)cert; + *crl_out = NULL; + return 1; +} + +#ifndef NO_WOLFSSL_STUB +static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, + X509_CRL* crl) { + (void)ctx; + (void)crl; + return 1; +} +#endif + +static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, + X509_STORE_CTX* ctx) { + int cert_error = X509_STORE_CTX_get_error(ctx); + X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); + int flags = X509_VERIFY_PARAM_get_flags(param); + if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != + (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { + /* Make sure the flags are set */ + return 0; + } + /* Ignore CRL missing error */ +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) +#else + if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) +#endif + return 1; + return ok; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + X509_VERIFY_PARAM* param = NULL; + + SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider2); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + X509_STORE_set_verify_cb(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_verify); + ExpectNotNull(X509_STORE_get0_param(cert_store)); + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set_flags( + param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); + ExpectIntEQ(X509_STORE_set_flags(cert_store, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + + + X509_VERIFY_PARAM_free(param); + return EXPECT_RESULT(); +} +#endif + +/* This test mimics the usage of the CRL provider in gRPC */ +int test_wolfSSL_X509_STORE_set_get_crl(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_CA_num(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_ECC) && !defined(NO_RSA) + WOLFSSL_X509_STORE *store = NULL; + WOLFSSL_X509 *x509_1 = NULL; + WOLFSSL_X509 *x509_2 = NULL; + int ca_num = 0; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1); + + ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2); + + wolfSSL_X509_free(x509_1); + wolfSSL_X509_free(x509_2); + wolfSSL_X509_STORE_free(store); +#endif + return EXPECT_RESULT(); +} + +/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS + * returns 0) */ +int test_X509_STORE_No_SSL_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_pem"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store + * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy + * of crl.pem */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, + X509_FILETYPE_PEM, NULL), SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT indicate CRL missing due to the + * store CM's X509 store pointer being NULL */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_str.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,70 @@ +/* test_ossl_x509_str.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_STR_H +#define WOLFCRYPT_TEST_OSSL_X509_STR_H + +#include + +int test_wolfSSL_X509_STORE_CTX_set_time(void); +int test_wolfSSL_X509_STORE_check_time(void); +int test_wolfSSL_X509_STORE_CTX_get0_store(void); +int test_wolfSSL_X509_STORE_CTX(void); +int test_wolfSSL_X509_STORE_CTX_ex(void); +int test_X509_STORE_untrusted(void); +int test_X509_STORE_InvalidCa(void); +int test_X509_STORE_InvalidCa_NoCallback(void); +int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void); +int test_wolfSSL_X509_STORE_CTX_get_issuer(void); +int test_wolfSSL_X509_STORE_set_flags(void); +int test_wolfSSL_X509_STORE(void); +int test_wolfSSL_X509_STORE_load_locations(void); +int test_X509_STORE_get0_objects(void); +int test_wolfSSL_X509_STORE_get1_certs(void); +int test_wolfSSL_X509_STORE_set_get_crl(void); +int test_wolfSSL_X509_CA_num(void); +int test_X509_STORE_No_SSL_CTX(void); + +#define TEST_OSSL_X509_STORE_DECLS \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX_set_time), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_check_time), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_get0_store), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_CTX_ex), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_untrusted), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_InvalidCa), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_InvalidCa_NoCallback), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_CTX_get_issuer), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_set_flags), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE), \ + TEST_DECL_GROUP("ossl_x509_store", \ + test_wolfSSL_X509_STORE_load_locations), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_get0_objects), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_get1_certs), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_STORE_set_get_crl), \ + TEST_DECL_GROUP("ossl_x509_store", test_wolfSSL_X509_CA_num), \ + TEST_DECL_GROUP("ossl_x509_store", test_X509_STORE_No_SSL_CTX) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_STR_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,276 @@ +/* test_ossl_x509_vp.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_wolfSSL_X509_VERIFY_PARAM(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_VERIFY_PARAM *paramTo = NULL; + X509_VERIFY_PARAM *paramFrom = NULL; + char testIPv4[] = "127.0.0.1"; + char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; + char testhostName1[] = "foo.hoge.com"; + char testhostName2[] = "foobar.hoge.com"; + + ExpectNotNull(paramTo = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, + (int)XSTRLEN(testhostName1)), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + + X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); + + X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); + ExpectIntEQ(0x01, paramFrom->hostFlags); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* null pointer */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0); + /* in the case of "from" null, returns success */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0); + + /* inherit flags test : VPARAM_DEFAULT */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM OVERWRITE */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_RESET_FLAGS */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_LOCKED */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_LOCKED; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, + (int)XSTRLEN(testhostName2))); + ExpectIntEQ(0x00, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + /* test for incorrect parameters */ + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0); + + /* inherit flags test : VPARAM_ONCE, not testable yet */ + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL), + 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0); + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), + X509_V_FLAG_CRL_CHECK_ALL); + + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo, + X509_V_FLAG_CRL_CHECK_ALL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0); + + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL)); + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup("")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server")); + + X509_VERIFY_PARAM_free(paramTo); + X509_VERIFY_PARAM_free(paramFrom); + X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + unsigned char buf[16] = {0}; + WOLFSSL_X509_VERIFY_PARAM* param = NULL; + + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS); + + /* test 127.0.0.1 */ + buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); + + /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; + buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; + buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, + "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); + + /* test 2001:db8:: */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); + + /* test ::1234:5678 */ + buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); + + + /* test 2001:db8::1234:5678 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", + sizeof(param->ipasc)), 0); + + /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ + /* 2001:db8:1::ab9:c0a8:102 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; + buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", + sizeof(param->ipasc)), 0); + + XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const char host[] = "www.example.com"; + WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; + + ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + if (pParam != NULL) { + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)), + WOLFSSL_FAILURE); + + X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); + + ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + } +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ossl_x509_vp.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,36 @@ +/* test_ossl_x509_vp.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_X509_VP_H +#define WOLFCRYPT_TEST_OSSL_X509_VP_H + +#include + +int test_wolfSSL_X509_VERIFY_PARAM(void); +int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void); +int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void); + +#define TEST_OSSL_X509_VFY_PARAMS_DECLS \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM), \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM_set1_ip), \ + TEST_DECL_GROUP("ossl_x509_vp", test_wolfSSL_X509_VERIFY_PARAM_set1_host) + +#endif /* WOLFCRYPT_TEST_OSSL_X509_VP_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs12.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs12.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_pkcs12.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,7 @@ #endif #include +#include #include #include #include @@ -196,3 +197,482 @@ return EXPECT_RESULT(); } +int test_wc_d2i_PKCS12_bad_mac_salt(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ + && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) && !defined(NO_SHA) && !defined(NO_SHA256) + WC_PKCS12* pkcs12 = NULL; + unsigned char der[FOURK_BUF * 2]; + int derSz = 0; + const char p12_f[] = "./certs/test-servercert.p12"; + XFILE f = XBADFILE; + int i; + int found = 0; + + ExpectTrue((f = XFOPEN(p12_f, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Scan backward within the last 100 bytes to find the MAC salt + * OCTET STRING (tag 0x04, length 0x08 for a typical 8-byte salt). + * Corrupt its length so that saltSz + curIdx > totalSz, triggering + * the error path in GetSignData() after salt allocation. */ + for (i = derSz - 2; i >= 0 && i >= derSz - 100; i--) { + if (der[i] == 0x04 && der[i + 1] == 0x08) { + der[i + 1] = 0xFF; + found = 1; + break; + } + } + ExpectIntEQ(found, 1); + + ExpectNotNull(pkcs12 = wc_PKCS12_new()); + ExpectIntNE(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0); + wc_PKCS12_free(pkcs12); +#endif + return EXPECT_RESULT(); +} + +/* Test that a crafted PKCS12 with a ContentInfo SEQUENCE length smaller than + * the contained OID is rejected, rather than causing an integer underflow + * in ci->dataSz calculation. */ +int test_wc_d2i_PKCS12_oid_underflow(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) + WC_PKCS12* pkcs12 = NULL; + + /* Crafted PKCS12 DER: the inner ContentInfo SEQUENCE declares length 5, + * but contains a valid OID (1.2.840.113549.1.7.1) that is 11 bytes + * on the wire (tag 06 + length 09 + 9 value bytes). Without the bounds + * check, (word32)curSz - (localIdx - curIdx) = 5 - 11 underflows + * to ~4GB. */ + static const byte crafted[] = { + 0x30, 0x23, /* outer SEQ */ + 0x02, 0x01, 0x03, /* version 3 */ + 0x30, 0x1E, /* AuthSafe wrapper SEQ */ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x01, /* OID pkcs7-data */ + 0xA0, 0x11, /* [0] CONSTRUCTED ctx */ + 0x04, 0x0F, /* OCTET STRING */ + 0x30, 0x0D, /* SEQ of ContentInfo arr */ + 0x30, 0x05, /* ContentInfo SEQ, length=5 LIE */ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x07, 0x01 /* OID: 11 bytes actual */ + }; + + ExpectNotNull(pkcs12 = wc_PKCS12_new()); + ExpectIntEQ(wc_d2i_PKCS12(crafted, (word32)sizeof(crafted), pkcs12), + ASN_PARSE_E); + wc_PKCS12_free(pkcs12); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256) + /* Test vectors from RFC 7292 Appendix B (SHA-256 based) */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + static const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + byte derived[24]; + + /* bad args */ + ExpectIntNE(wc_PKCS12_PBKDF(NULL, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, 0, + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntNE(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, 0, 1, 24, WC_SHA256, 1), 0); + + /* 1 iteration */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); + + /* 1000 iterations */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0); + + /* iterations <= 0 treated as 1 */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 0, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA256) + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + static const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + byte derived[24]; + byte derived2[24]; + + /* bad args */ + ExpectIntNE(wc_PKCS12_PBKDF_ex(NULL, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, 0, + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntNE(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, 0, 1, 24, WC_SHA256, 1, NULL), 0); + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0); + + /* _ex and non-_ex produce identical output */ + ExpectIntEQ(wc_PKCS12_PBKDF(derived2, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA256, 1), 0); + ExpectIntEQ(XMEMCMP(derived, derived2, 24), 0); + + /* id 2 (IV) and id 3 (MAC) also accepted */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 2, NULL), 0); + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA256, 3, NULL), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha1(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && !defined(NO_SHA) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-1 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x8A, 0xAA, 0xE6, 0x29, 0x7B, 0x6C, 0xB0, 0x46, + 0x42, 0xAB, 0x5B, 0x07, 0x78, 0x51, 0x28, 0x4E, + 0xB7, 0x12, 0x8F, 0x1A, 0x2A, 0x7F, 0xBC, 0xA3 + }; + static const byte verify2[] = { + 0x48, 0x3D, 0xD6, 0xE9, 0x19, 0xD7, 0xDE, 0x2E, + 0x8E, 0x64, 0x8B, 0xA8, 0xF8, 0x62, 0xF3, 0xFB, + 0xFB, 0xDC, 0x2B, 0xCB, 0x2C, 0x02, 0x95, 0x7F + }; + byte derived[24]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 24, WC_SHA, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 24), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 24, WC_SHA, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 24), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha512(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x13, 0x04, 0xA9, 0xF0, 0x01, 0x53, 0x74, 0x25, + 0x24, 0x12, 0x7D, 0x51, 0xD5, 0x98, 0xBC, 0x04, + 0x7E, 0x64, 0x09, 0x03, 0x09, 0xCA, 0x84, 0xEB, + 0x31, 0x2E, 0xB3, 0xBA, 0xD5, 0x60, 0xDD, 0x8D, + 0x2C, 0x71, 0xAB, 0xA4, 0xF2, 0x15, 0xAB, 0x31, + 0xF3, 0xBC, 0x42, 0xB6, 0xE8, 0x5D, 0xBF, 0x89 + }; + static const byte verify2[] = { + 0xBC, 0xD9, 0x78, 0x3D, 0x77, 0x8D, 0xA0, 0xE4, + 0x69, 0x00, 0x0B, 0x28, 0xE0, 0xD5, 0xDF, 0xDA, + 0xF3, 0xC9, 0x8D, 0x77, 0x39, 0xF9, 0x76, 0x84, + 0x1D, 0xE9, 0x61, 0x79, 0x50, 0x16, 0x6B, 0xA5, + 0x1B, 0x1D, 0x07, 0x65, 0x1B, 0x4B, 0x98, 0x91, + 0xAF, 0xE1, 0x80, 0x15, 0x39, 0xA3, 0x42, 0xDD + }; + byte derived[48]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 48, WC_SHA512, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 48), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 48, WC_SHA512, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 48), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha224(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA224) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-224 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x96, 0x22, 0xB0, 0x87, 0xFF, 0xE5, 0xDC, 0xB2, + 0xA6, 0xE1, 0x67, 0x3A, 0x44, 0x11, 0x50, 0x00, + 0x67, 0xE7, 0x10, 0xB4, 0xE6, 0x63, 0x4D, 0xCF, + 0x37, 0x0C, 0x25, 0x3C + }; + static const byte verify2[] = { + 0x9A, 0x30, 0xD2, 0xD2, 0x14, 0x47, 0x64, 0x3D, + 0x9B, 0xFA, 0x43, 0x49, 0x0F, 0x81, 0x3D, 0x9D, + 0x5E, 0x0E, 0xB9, 0x0D, 0xAF, 0xA6, 0x80, 0x2C, + 0xF9, 0x33, 0x3B, 0x9D + }; + byte derived[28]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 28, WC_SHA224, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 28), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 28, WC_SHA224, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 28), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha384(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && defined(WOLFSSL_SHA384) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-384 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x17, 0xD5, 0x0F, 0x1F, 0x21, 0x8A, 0x3B, 0xC9, + 0x6E, 0x10, 0x41, 0xBA, 0xEC, 0xF0, 0xA1, 0xF2, + 0x11, 0x99, 0x56, 0x55, 0x2B, 0xD0, 0x38, 0x80, + 0x9A, 0x40, 0x2F, 0x13, 0x0A, 0x24, 0x67, 0xFA, + 0x49, 0xED, 0xFA, 0x6A, 0x83, 0xB5, 0x40, 0x69, + 0xFB, 0x73, 0xB7, 0x48, 0x44, 0x33, 0x1A, 0xC3 + }; + static const byte verify2[] = { + 0x7F, 0x50, 0xFB, 0x97, 0xF1, 0x7C, 0x01, 0x15, + 0xA2, 0x0A, 0xCB, 0x88, 0x68, 0xFC, 0x37, 0xA7, + 0x88, 0x8C, 0xD7, 0x1A, 0xF3, 0x1D, 0xB2, 0xDD, + 0x93, 0xCF, 0x44, 0xED, 0xC9, 0xA4, 0x61, 0x04, + 0xBE, 0x4E, 0x16, 0x86, 0x36, 0xF1, 0x6E, 0x65, + 0x41, 0xE0, 0xD7, 0xC3, 0xE2, 0x4D, 0x95, 0x99 + }; + byte derived[48]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 48, WC_SHA384, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 48), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 48, WC_SHA384, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 48), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha512_224(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512/224 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0xE1, 0xAD, 0xB3, 0x9E, 0x3E, 0x72, 0x85, 0x11, + 0x28, 0xFC, 0xF8, 0x5F, 0x4A, 0xBE, 0x74, 0x99, + 0x7B, 0x02, 0xF0, 0x8B, 0x47, 0x1B, 0x71, 0x40, + 0xB9, 0x7C, 0x03, 0x83 + }; + static const byte verify2[] = { + 0xF0, 0x3F, 0x58, 0x16, 0x8B, 0x0C, 0xF5, 0x09, + 0xC5, 0x7F, 0x20, 0xD2, 0x24, 0xEC, 0x27, 0xAE, + 0xC2, 0xA6, 0xBB, 0x21, 0xE5, 0x76, 0x5A, 0xF8, + 0x3C, 0xA6, 0x2A, 0xA6 + }; + byte derived[28]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 28, WC_SHA512_224, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 28), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 28, WC_SHA512_224, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 28), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_PBKDF_ex_sha512_256(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + /* Test vectors generated with OpenSSL PKCS12_key_gen_uni / SHA-512/256 */ + static const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + static const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + static const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + static const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; + static const byte verify[] = { + 0x08, 0x41, 0xAA, 0x5C, 0xBC, 0xEE, 0xA4, 0x3F, + 0x34, 0xA4, 0xDA, 0xB1, 0xEB, 0x83, 0x7E, 0xF1, + 0x84, 0xBC, 0x30, 0x75, 0x40, 0x94, 0x95, 0x1F, + 0xAE, 0x25, 0xAA, 0xD1, 0xFD, 0x80, 0x2B, 0x5B + }; + static const byte verify2[] = { + 0xC9, 0x44, 0xE9, 0x01, 0x53, 0x03, 0x64, 0xB9, + 0x61, 0x6E, 0x7F, 0xAE, 0xAA, 0x8E, 0x2D, 0xBB, + 0xE1, 0xAC, 0x45, 0x34, 0x58, 0x08, 0xB9, 0xE6, + 0xFA, 0x61, 0xF6, 0x1D, 0x15, 0x84, 0x15, 0x75 + }; + byte derived[32]; + + /* 1 iteration, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd, (int)sizeof(passwd), + salt, (int)sizeof(salt), 1, 32, WC_SHA512_256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify, 32), 0); + + /* 1000 iterations, NULL heap */ + ExpectIntEQ(wc_PKCS12_PBKDF_ex(derived, passwd2, (int)sizeof(passwd2), + salt2, (int)sizeof(salt2), 1000, 32, WC_SHA512_256, 1, NULL), 0); + ExpectIntEQ(XMEMCMP(derived, verify2, 32), 0); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs12.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs12.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs12.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_pkcs12.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,9 +26,29 @@ int test_wc_i2d_PKCS12(void); int test_wc_PKCS12_create(void); +int test_wc_d2i_PKCS12_bad_mac_salt(void); +int test_wc_d2i_PKCS12_oid_underflow(void); +int test_wc_PKCS12_PBKDF(void); +int test_wc_PKCS12_PBKDF_ex(void); +int test_wc_PKCS12_PBKDF_ex_sha1(void); +int test_wc_PKCS12_PBKDF_ex_sha512(void); +int test_wc_PKCS12_PBKDF_ex_sha224(void); +int test_wc_PKCS12_PBKDF_ex_sha384(void); +int test_wc_PKCS12_PBKDF_ex_sha512_224(void); +int test_wc_PKCS12_PBKDF_ex_sha512_256(void); -#define TEST_PKCS12_DECLS \ - TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \ - TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create) +#define TEST_PKCS12_DECLS \ + TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create), \ + TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_bad_mac_salt), \ + TEST_DECL_GROUP("pkcs12", test_wc_d2i_PKCS12_oid_underflow), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha1), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha224), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha384), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512_224), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_PBKDF_ex_sha512_256) #endif /* WOLFCRYPT_TEST_PKCS12_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs7.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs7.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_pkcs7.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -388,12 +388,15 @@ #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ !defined(NO_RSA) && !defined(NO_SHA256) -/* RSA sign raw digest callback */ +/* RSA sign raw digest callback + * This callback demonstrates HSM/secure element use case where the private + * key is not passed through PKCS7 structure but obtained independently. + */ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz, byte* out, word32 outSz, byte* privateKey, word32 privateKeySz, int devid, int hashOID) { - /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */ + /* specific DigestInfo ASN.1 encoding prefix for a SHA256 digest */ byte digInfoEncoding[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, @@ -407,6 +410,11 @@ word32 idx = 0; RsaKey rsa; + /* privateKey may be NULL in HSM/secure element use case - we load it + * independently in this callback to simulate that scenario */ + (void)privateKey; + (void)privateKeySz; + /* SHA-256 required only for this example callback due to above * digInfoEncoding[] */ if (pkcs7 == NULL || digest == NULL || out == NULL || @@ -427,7 +435,33 @@ return ret; } - ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz); + /* Load key from test buffer - simulates HSM/secure element access */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_RsaPrivateKeyDecode(client_key_der_2048, &idx, &rsa, + sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_RsaPrivateKeyDecode(client_key_der_1024, &idx, &rsa, + sizeof_client_key_der_1024); +#else + { + XFILE fp; + byte keyBuf[ONEK_BUF]; + int keySz; + + fp = XFOPEN("./certs/client-key.der", "rb"); + if (fp == XBADFILE) { + wc_FreeRsaKey(&rsa); + return -1; + } + keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp); + XFCLOSE(fp); + if (keySz <= 0) { + wc_FreeRsaKey(&rsa); + return -1; + } + ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &rsa, (word32)keySz); + } +#endif /* sign DigestInfo */ if (ret == 0) { @@ -451,6 +485,102 @@ } #endif +#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \ + defined(HAVE_ECC) && !defined(NO_SHA256) +/* ECC sign raw digest callback + * This callback demonstrates HSM/secure element use case where the private + * key is not passed through PKCS7 structure but obtained independently. + * Note: This example callback is hash-agnostic and will work with any + * hash algorithm. The hashOID parameter can be used to validate or select + * different signing behavior if needed. + */ +static int eccSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz, + byte* out, word32 outSz, byte* privateKey, + word32 privateKeySz, int devid, int hashOID) +{ + int ret; + word32 idx = 0; + word32 sigSz = outSz; +#ifdef WOLFSSL_SMALL_STACK + ecc_key* ecc = NULL; +#else + ecc_key ecc[1]; +#endif + + /* privateKey may be NULL in HSM/secure element use case - we load it + * independently in this callback to simulate that scenario */ + (void)privateKey; + (void)privateKeySz; + (void)hashOID; + + if (pkcs7 == NULL || digest == NULL || out == NULL) { + return -1; + } + +#ifdef WOLFSSL_SMALL_STACK + ecc = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, DYNAMIC_TYPE_ECC); + if (ecc == NULL) { + return MEMORY_E; + } +#endif + + /* set up ECC key */ + ret = wc_ecc_init_ex(ecc, pkcs7->heap, devid); + if (ret != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC); + #endif + return ret; + } + + /* Load key from test buffer - simulates HSM/secure element access */ +#if defined(USE_CERT_BUFFERS_256) + ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, ecc, + sizeof_ecc_clikey_der_256); +#else + { + XFILE fp; + byte keyBuf[ONEK_BUF]; + int keySz; + + fp = XFOPEN("./certs/client-ecc-key.der", "rb"); + if (fp == XBADFILE) { + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC); + #endif + return -1; + } + keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), fp); + XFCLOSE(fp); + if (keySz <= 0) { + wc_ecc_free(ecc); + #ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC); + #endif + return -1; + } + ret = wc_EccPrivateKeyDecode(keyBuf, &idx, ecc, (word32)keySz); + } +#endif + + /* sign digest */ + if (ret == 0) { + ret = wc_ecc_sign_hash(digest, digestSz, out, &sigSz, pkcs7->rng, ecc); + if (ret == 0) { + ret = (int)sigSz; + } + } + + wc_ecc_free(ecc); +#ifdef WOLFSSL_SMALL_STACK + XFREE(ecc, pkcs7->heap, DYNAMIC_TYPE_ECC); +#endif + + return ret; +} +#endif + #if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) typedef struct encodeSignedDataStream { byte out[FOURK_BUF*3]; @@ -597,7 +727,7 @@ pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = encryptOid; - #ifdef NO_SHA + #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; @@ -757,8 +887,7 @@ if (pkcs7 != NULL) { pkcs7->content = data; pkcs7->contentSz = (word32)sizeof(data); - pkcs7->privateKey = key; - pkcs7->privateKeySz = (word32)sizeof(key); + /* privateKey not set - callback simulates HSM/secure element access */ pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; @@ -769,6 +898,47 @@ ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); #endif +#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && \ + defined(HAVE_ECC) && !defined(NO_SHA256) + /* test ECC sign raw digest callback, if using ECC and compiled in. + * Example callback assumes SHA-256, so only run test if compiled in. */ + { + #if defined(USE_CERT_BUFFERS_256) + byte eccCert[sizeof(cliecc_cert_der_256)]; + word32 eccCertSz = (word32)sizeof(eccCert); + XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); + #else + byte eccCert[ONEK_BUF]; + int eccCertSz; + XFILE eccFp = XBADFILE; + + ExpectTrue((eccFp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(eccCertSz = (int)XFREAD(eccCert, 1, ONEK_BUF, eccFp), 0); + if (eccFp != XBADFILE) + XFCLOSE(eccFp); + #endif + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, (word32)eccCertSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + /* privateKey not set - callback simulates HSM/secure element access */ + pkcs7->encryptOID = ECDSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + + ExpectIntEQ(wc_PKCS7_SetEccSignRawDigestCb(pkcs7, eccSignRawDigestCb), 0); + + ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); + } +#endif + wc_PKCS7_Free(pkcs7); DoExpectIntEQ(wc_FreeRng(&rng), 0); @@ -778,6 +948,177 @@ /* + * Testing wc_PKCS7_EncodeSignedData() with RSA-PSS signer certificate. + * Uses certs/rsapss/client-rsapss.der and client-rsapss-priv.der. + * Requires both encode and round-trip verify to succeed. + */ +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) +int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void) +{ + EXPECT_DECLS; + PKCS7* pkcs7 = NULL; + WC_RNG rng; + byte output[FOURK_BUF]; + byte cert[FOURK_BUF]; + byte key[FOURK_BUF]; + word32 outputSz = (word32)sizeof(output); + word32 certSz = 0; + word32 keySz = 0; + XFILE fp = XBADFILE; + byte data[] = "Test data for RSA-PSS SignedData."; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(output, 0, outputSz); + XMEMSET(cert, 0, sizeof(cert)); + XMEMSET(key, 0, sizeof(key)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + + ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss.der", "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectIntGT(certSz = (word32)XFREAD(cert, 1, sizeof(cert), fp), 0); + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss-priv.der", "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectIntGT(keySz = (word32)XFREAD(key, 1, sizeof(key), fp), 0); + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + /* Force RSA-PSS so SignerInfo uses id-RSASSA-PSS (cert may use RSA + * in subjectPublicKeyInfo). WC_RSA_PSS is guaranteed by outer guard. */ + pkcs7->publicKeyOID = RSAPSSk; + + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->contentOID = DATA; + pkcs7->hashOID = SHA256h; + pkcs7->encryptOID = RSAk; + pkcs7->privateKey = key; + pkcs7->privateKeySz = keySz; + pkcs7->rng = &rng; + pkcs7->signedAttribs = NULL; + pkcs7->signedAttribsSz = 0; + } + + /* EncodeSignedData with RSA-PSS cert: require encode and verify success */ + { + int outLen = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz); + ExpectIntGT(outLen, 0); + if (outLen > 0) { + int verifyRet = wc_PKCS7_VerifySignedData(pkcs7, output, + (word32)outLen); + ExpectIntEQ(verifyRet, 0); + + if (pkcs7 != NULL) { + /* Verify decoded RSASSA-PSS parameters match what we + * encoded: + * hashAlgorithm = SHA-256 + * maskGenAlgorithm = MGF1-SHA-256 + * saltLength = 32 (== SHA-256 digest length) */ + ExpectIntEQ(pkcs7->pssHashType, (int)WC_HASH_TYPE_SHA256); + ExpectIntEQ(pkcs7->pssMgf, WC_MGF1SHA256); + ExpectIntEQ(pkcs7->pssSaltLen, 32); + } + } + } + + wc_PKCS7_Free(pkcs7); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeSignedData_RSA_PSS */ +#endif + + +/* + * Testing wc_PKCS7_EncodeEnvelopedData() with RSA-PSS signed certificate + * for KTRI key transport. Uses certs/rsapss/client-rsapss.der. + * Requires encode and round-trip decode to succeed. + */ +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +int test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS(void) +{ + EXPECT_DECLS; + PKCS7* pkcs7 = NULL; + byte encrypted[FOURK_BUF]; + byte decrypted[FOURK_BUF]; + byte cert[FOURK_BUF]; + byte key[FOURK_BUF]; + word32 certSz = 0; + word32 keySz = 0; + XFILE fp = XBADFILE; + byte data[] = "Test data for RSA-PSS EnvelopedData KTRI."; + int encryptedSz = 0, decryptedSz = 0; + + XMEMSET(cert, 0, sizeof(cert)); + XMEMSET(key, 0, sizeof(key)); + + /* Load RSA-PSS client cert */ + ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss.der", "rb")) + != XBADFILE); + if (fp != XBADFILE) { + ExpectIntGT(certSz = (word32)XFREAD(cert, 1, sizeof(cert), fp), 0); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Load RSA-PSS client private key */ + ExpectTrue((fp = XFOPEN("./certs/rsapss/client-rsapss-priv.der", "rb")) + != XBADFILE); + if (fp != XBADFILE) { + ExpectIntGT(keySz = (word32)XFREAD(key, 1, sizeof(key), fp), 0); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Encode EnvelopedData with KTRI using RSA-PSS cert */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + } + + ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, + encrypted, sizeof(encrypted)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* Decode EnvelopedData */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + if (pkcs7 != NULL) { + pkcs7->privateKey = key; + pkcs7->privateKeySz = keySz; + } + + ExpectIntGT(decryptedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, + encrypted, (word32)encryptedSz, + decrypted, sizeof(decrypted)), 0); + ExpectIntEQ(decryptedSz, (int)sizeof(data)); + ExpectIntEQ(XMEMCMP(decrypted, data, sizeof(data)), 0); + + wc_PKCS7_Free(pkcs7); + + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS */ +#endif + + +/* * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex() */ int test_wc_PKCS7_EncodeSignedData_ex(void) @@ -1344,7 +1685,7 @@ else { pkcs7->encryptOID = ECDSAk; } - #ifdef NO_SHA + #if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; @@ -1398,7 +1739,7 @@ word32 badOutSz = 0; byte badContent[] = "This is different content than was signed"; wc_HashAlg hash; -#ifdef NO_SHA +#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) enum wc_HashType hashType = WC_HASH_TYPE_SHA256; #else enum wc_HashType hashType = WC_HASH_TYPE_SHA; @@ -1779,7 +2120,7 @@ word32 z; int ret; #endif /* !NO_PKCS7_STREAM */ -#ifdef NO_SHA +#if defined(NO_SHA) || defined(WC_FIPS_186_5_PLUS) enum wc_HashType hashType = WC_HASH_TYPE_SHA256; #else enum wc_HashType hashType = WC_HASH_TYPE_SHA; @@ -2881,7 +3222,7 @@ byte rid[256]; byte cms[1024]; XFILE cmsFile = XBADFILE; - int ret; + int ret = -1; word32 ridSz = sizeof(rid); XFILE skiHexFile = XBADFILE; byte skiHex[256]; @@ -4377,10 +4718,285 @@ XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert_buf != NULL) - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_PKCS7_Free(pkcs7); #endif return EXPECT_RESULT(); } +/* + * Test for PKCS#7 SignedData with non-OCTET_STRING content + * (PKCS#7 style vs CMS) + * + * Tests parsing PKCS#7 SignedData where the encapsulated content + * is a SEQUENCE (as allowed by original PKCS#7 spec "ANY DEFINED BY + * contentType") rather than an OCTET STRING (as mandated by CMS). This showed + * up in use case of Authenticode signatures. + */ +int test_wc_PKCS7_VerifySignedData_PKCS7ContentSeq(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; +#ifndef NO_PKCS7_STREAM + word32 idx; + int ret; +#endif + + /* + * Hand-crafted PKCS#7 SignedData (degenerate, no signers) with: + * - Content type OID (1.3.6.1.4.1.311.2.1.4 = SPC_INDIRECT_DATA) + * - Content is a SEQUENCE, NOT an OCTET STRING + * - eContent is encoded as "ANY" type per original PKCS#7 spec. + * + * This test ensures wolfSSL's PKCS7 streaming code can correctly + * parse SignedData types when the encapsulated content is not an OCTET + * STRING (as CMS requires) but rather a SEQUENCE or other type + * (as PKCS#7's "ANY" type allows). Microsoft Authenticode signatures + * use this format with SPC_INDIRECT_DATA content. + * + * Structure: + * ContentInfo SEQUENCE + * contentType OID signedData + * [0] SignedData SEQUENCE + * version INTEGER 1 + * digestAlgorithms SET { sha256 } + * encapContentInfo SEQUENCE + * eContentType OID 1.3.6.1.4.1.311.2.1.4 + * [0] eContent + * SEQUENCE { OID, OCTET STRING } - SEQUENCE not OCTET STRING + * signerInfos SET {} (empty = degenerate) + */ + static const byte pkcs7Content[] = { + /* ContentInfo SEQUENCE */ + 0x30, 0x56, + /* contentType OID: 1.2.840.113549.1.7.2 (signedData) */ + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02, + /* [0] EXPLICIT - content */ + 0xA0, 0x49, + /* SignedData SEQUENCE */ + 0x30, 0x47, + /* version INTEGER 1 */ + 0x02, 0x01, 0x01, + /* digestAlgorithms SET */ + 0x31, 0x0F, + /* AlgorithmIdentifier SEQUENCE */ + 0x30, 0x0D, + /* OID sha256: 2.16.840.1.101.3.4.2.1 */ + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, + 0x04, 0x02, 0x01, + /* NULL */ + 0x05, 0x00, + /* encapContentInfo SEQUENCE */ + 0x30, 0x2F, + /* eContentType OID: 1.3.6.1.4.1.311.2.1.4 (SPC_INDIRECT_DATA) */ + 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x02, 0x01, 0x04, + /* [0] EXPLICIT - eContent */ + 0xA0, 0x21, + /* Content SEQUENCE (0x30), not OCTET STRING (0x04) + * Following PKCS#7 "ANY" type, not CMS OCTET STRING */ + 0x30, 0x1F, + /* Content: SEQUENCE { OID, OCTET STRING with 24 bytes } */ + 0x06, 0x03, 0x55, 0x04, 0x03, /* OID 2.5.4.3 (5 bytes) */ + 0x04, 0x18, /* OCTET STRING length 24 */ + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, /* "This is " */ + 0x74, 0x65, 0x73, 0x74, 0x20, 0x63, 0x6F, 0x6E, /* "test con" */ + 0x74, 0x65, 0x6E, 0x74, 0x20, 0x64, 0x61, 0x74, /* "tent dat" */ + /* signerInfos SET - empty for degenerate */ + 0x31, 0x00 + }; + + /* Test non-streaming verification */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, (byte*)pkcs7Content, + (word32)sizeof(pkcs7Content)), 0); + + /* Verify content was parsed correctly */ + if (pkcs7 != NULL) { + /* contentIsPkcs7Type should be set */ + ExpectIntEQ(pkcs7->contentIsPkcs7Type, 1); + /* Content should have been parsed (33 bytes) */ + ExpectIntEQ(pkcs7->contentSz, 33); + ExpectNotNull(pkcs7->content); + } + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + /* Test streaming verification - feed data byte by byte */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* Feed data byte by byte to exercise streaming path */ + ret = WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E); + for (idx = 0; idx < (word32)sizeof(pkcs7Content) && ret != 0; idx++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, + (byte*)pkcs7Content + idx, 1); + if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + /* Unexpected error */ + break; + } + } + + /* Expecting ret = 0, not ASN_PARSE_E or other negative error */ + ExpectIntEQ(ret, 0); + if (pkcs7 != NULL) { + ExpectIntEQ(pkcs7->contentIsPkcs7Type, 1); + ExpectIntEQ(pkcs7->contentSz, 33); + ExpectNotNull(pkcs7->content); + } + wc_PKCS7_Free(pkcs7); +#endif /* !NO_PKCS7_STREAM */ +#endif /* HAVE_PKCS7 */ + return EXPECT_RESULT(); +} + +/* + * Test PKCS7 VerifySignedData with indefinite-length BER-encoded SignedData + * containing mismatched nesting depth. Verifies bounds checking in the + * end-of-content octet verification loop in streaming mode. + */ +int test_wc_PKCS7_VerifySignedData_IndefLenOOB(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_STREAM) + PKCS7* pkcs7 = NULL; + + /* PKCS#7 SignedData with indefinite-length BER encoding where the + * nesting depth exceeds the available end-of-content octets. */ + WOLFSSL_SMALL_STACK_STATIC byte der[] = { + 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x02, 0xa0, 0x80, 0x30, + 0x80, 0x02, 0x01, 0x01, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x80, + 0x24, 0x80, 0x04, 0x82, 0x03, 0xba, 0x30, 0x80, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x07, 0x03, 0xa0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x31, 0x81, 0xc0, 0x30, 0x81, 0xbd, + 0x02, 0x01, 0x00, 0x30, 0x26, 0x30, 0x12, 0x32, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x07, 0x45, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x02, 0x10, 0x00, 0xa1, 0xe4, 0x1e, 0x56, + 0xff, 0x4d, 0x65, 0xe1, 0x1b, 0x00, 0x3a, 0xc5, 0xc2, 0x6e, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x80, 0x06, 0xfd, + 0xe1, 0x4e, 0xa8, 0x69, 0x67, 0x1a, 0xee, 0x50, 0xe5, 0x51, 0xbb, 0x5d, 0xde, 0x51, 0xe7, 0x9b, + 0xef, 0xa5, 0x34, 0x5b, 0x74, 0x6a, 0xad, 0x8b, 0xf1, 0xd5, 0x99, 0x05, 0x3b, 0xb6, 0x78, 0xb6, + 0x51, 0x5b, 0x49, 0xa2, 0x0c, 0x8c, 0x79, 0x99, 0x77, 0x85, 0x0f, 0xa9, 0x91, 0x2a, 0x1a, 0xb5, + 0xdb, 0x9d, 0x7e, 0x16, 0x94, 0x8f, 0x56, 0x87, 0x69, 0xdd, 0x8f, 0x9d, 0x83, 0xf5, 0x05, 0xf2, + 0x58, 0x78, 0x80, 0x74, 0xd9, 0x17, 0x90, 0xcd, 0xcf, 0xcd, 0xac, 0x81, 0x71, 0x5d, 0x80, 0xbb, + 0x72, 0x33, 0x9d, 0x93, 0x00, 0xdb, 0x09, 0x04, 0xe2, 0x00, 0x8d, 0x2f, 0xad, 0x38, 0x6f, 0xfa, + 0x00, 0x7b, 0xee, 0x79, 0xee, 0xdf, 0x50, 0x4c, 0xfb, 0x98, 0xa9, 0x34, 0x54, 0x49, 0x0e, 0x4b, + 0xbe, 0x63, 0xb7, 0xa7, 0x77, 0xc2, 0x15, 0x35, 0x54, 0x0b, 0x33, 0x8d, 0xc7, 0x30, 0x80, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x03, 0x07, 0x04, 0x08, 0x0b, 0x1a, 0x1f, 0x4d, 0xbe, 0x2d, 0x9a, 0xf2, + 0xa0, 0x80, 0x04, 0x82, 0x02, 0xb0, 0x94, 0x92, 0x38, 0x98, 0x6a, 0x96, 0x52, 0x1f, 0x50, 0xd9, + 0xc5, 0x89, 0x10, 0x3d, 0xa4, 0xa8, 0xf0, 0xe7, 0x4b, 0xe8, 0x40, 0x7a, 0x3e, 0xdb, 0xf0, 0x91, + 0x31, 0x57, 0x1e, 0xae, 0x0f, 0x68, 0x24, 0x54, 0xfe, 0xe9, 0x34, 0xf4, 0xaf, 0x52, 0x07, 0xe6, + 0xaa, 0x7e, 0x38, 0x3c, 0xc3, 0x9a, 0x7a, 0x88, 0x25, 0xce, 0x10, 0x5d, 0xcf, 0x8e, 0x30, 0x22, + 0xde, 0xb1, 0x48, 0x18, 0xf3, 0x10, 0x1e, 0xf2, 0x78, 0x1e, 0x9e, 0xf7, 0x92, 0x4d, 0xec, 0xd0, + 0xdd, 0x3e, 0x2e, 0x34, 0x65, 0x5c, 0xc4, 0x2f, 0x0b, 0xfc, 0xc5, 0x30, 0xc8, 0x36, 0xe3, 0x52, + 0x11, 0xd8, 0xfa, 0x89, 0x27, 0x02, 0xce, 0x28, 0x68, 0x1e, 0x73, 0x5c, 0xc7, 0xc2, 0x92, 0x9e, + 0xa2, 0xa5, 0xe9, 0x73, 0xb5, 0xe7, 0x13, 0xe3, 0x77, 0x11, 0xfa, 0x05, 0xf0, 0xa1, 0x69, 0x1f, + 0x7d, 0x3d, 0xad, 0x30, 0xe4, 0xef, 0x59, 0xa1, 0xfa, 0xc6, 0xb0, 0xff, 0x14, 0x47, 0x8f, 0xab, + 0xcf, 0x9d, 0x7c, 0xe8, 0x58, 0xed, 0xa3, 0xdb, 0x14, 0xea, 0xda, 0x7c, 0xcc, 0x18, 0x11, 0xcd, + 0x0b, 0xff, 0xb7, 0x36, 0x88, 0xa9, 0x2f, 0xc0, 0x02, 0xb3, 0xe8, 0x5f, 0xa2, 0xe9, 0xbd, 0x3b, + 0x6e, 0xb5, 0x14, 0x7d, 0xea, 0x53, 0x2b, 0x84, 0xce, 0x6a, 0x81, 0x4d, 0x96, 0xb4, 0x05, 0x82, + 0xd7, 0xef, 0x1a, 0x54, 0xf2, 0x12, 0xef, 0x4d, 0x7d, 0x1f, 0x1a, 0xec, 0xd4, 0x36, 0x34, 0x3e, + 0xa0, 0x2e, 0x1d, 0x23, 0xa3, 0x37, 0x7f, 0x83, 0xe1, 0x60, 0x77, 0xb5, 0x31, 0x0d, 0xeb, 0x47, + 0xdc, 0x2a, 0x3d, 0xf2, 0x7b, 0x30, 0x47, 0xfd, 0x6a, 0x81, 0x20, 0x9a, 0x0b, 0x2c, 0x3b, 0x9a, + 0x0e, 0x5e, 0xee, 0x33, 0xde, 0x80, 0x35, 0x9d, 0xd3, 0xc0, 0x6e, 0xe0, 0x3a, 0x02, 0x9c, 0x01, + 0x05, 0xeb, 0x25, 0x29, 0x68, 0xdd, 0x4b, 0x49, 0xc8, 0x58, 0xab, 0x13, 0x51, 0x1d, 0xf3, 0x95, + 0xe0, 0xc8, 0x88, 0x59, 0x6a, 0xa6, 0x5d, 0xb2, 0x18, 0xe4, 0xfd, 0x95, 0x8e, 0x20, 0x34, 0xd7, + 0x06, 0x82, 0x3b, 0x1e, 0xfb, 0xcb, 0xaf, 0x53, 0x37, 0xbf, 0x82, 0xe6, 0xab, 0xf6, 0x38, 0xe0, + 0x9b, 0x66, 0xd4, 0x65, 0xc8, 0x45, 0x3d, 0xb7, 0xb6, 0x17, 0x2b, 0xed, 0x4f, 0xe7, 0xe4, 0x45, + 0x0d, 0xa2, 0xc7, 0x17, 0x2a, 0x6d, 0xc5, 0x8a, 0x3d, 0xc6, 0x38, 0xa0, 0x0c, 0xa9, 0x2e, 0xdc, + 0xd8, 0x9d, 0x1f, 0x9b, 0x03, 0xc8, 0x51, 0x3f, 0xa6, 0x66, 0x5b, 0x76, 0x32, 0xa5, 0x65, 0x17, + 0xaf, 0xfb, 0x34, 0x53, 0x77, 0x0b, 0x67, 0x2b, 0x7c, 0x77, 0x53, 0x93, 0xac, 0xeb, 0x0b, 0xf1, + 0xf5, 0x40, 0x1f, 0x40, 0x2f, 0x7b, 0x01, 0x53, 0x95, 0x1f, 0xca, 0xfd, 0x98, 0x18, 0xbd, 0xa6, + 0xf0, 0x13, 0x1c, 0x6d, 0x8d, 0x67, 0x83, 0xbc, 0x13, 0x86, 0xdd, 0xb4, 0xe2, 0x6a, 0xd6, 0x9e, + 0x79, 0x50, 0xde, 0xa0, 0x03, 0x7e, 0xe6, 0x7f, 0xe6, 0xc9, 0x8c, 0x03, 0x1c, 0x5b, 0xc1, 0x3e, + 0xe6, 0x8c, 0x2e, 0x09, 0xbd, 0x43, 0xdd, 0x66, 0xde, 0xcf, 0xc4, 0xcd, 0xe4, 0xa0, 0x37, 0xa8, + 0x3a, 0x8d, 0x63, 0x0c, 0x13, 0x0e, 0xd7, 0x03, 0x8d, 0xa1, 0x59, 0x81, 0xe5, 0x5d, 0x73, 0xb3, + 0xe6, 0x8f, 0x06, 0x2a, 0x3f, 0x1d, 0xd7, 0x0b, 0xc4, 0x21, 0xcc, 0x6f, 0x0e, 0x43, 0x34, 0xc0, + 0x9f, 0x8d, 0x70, 0x64, 0x24, 0x5e, 0xcf, 0x14, 0x98, 0x22, 0xa4, 0xf4, 0x2e, 0x8b, 0x95, 0x6c, + 0xf7, 0x68, 0xee, 0x60, 0xee, 0xba, 0x8a, 0x0c, 0x60, 0x18, 0x2b, 0x5c, 0x6f, 0x77, 0x48, 0x95, + 0xb2, 0xb5, 0xcb, 0xb0, 0xf7, 0xd3, 0x5b, 0xc8, 0xea, 0x52, 0x09, 0x30, 0x61, 0x1c, 0x6e, 0xbb, + 0x57, 0xa1, 0x48, 0x52, 0x3d, 0xd6, 0x67, 0xa3, 0x6d, 0x1b, 0x92, 0x31, 0xea, 0x56, 0xfb, 0x24, + 0x5e, 0x99, 0x92, 0xff, 0x3e, 0x22, 0xba, 0x06, 0x56, 0x1e, 0xed, 0x98, 0xb0, 0x4a, 0x52, 0x49, + 0x61, 0xf9, 0x48, 0x7d, 0xb4, 0xb6, 0xb3, 0xb5, 0xed, 0x01, 0x27, 0xc0, 0xcc, 0xde, 0x06, 0x19, + 0x6b, 0x3b, 0x0b, 0xf6, 0x2a, 0x18, 0xe9, 0xdc, 0x52, 0xa6, 0xb6, 0xd4, 0xbe, 0x52, 0x95, 0x05, + 0x2e, 0x88, 0x0e, 0x88, 0x11, 0x6e, 0x52, 0x86, 0x63, 0x38, 0x0c, 0xcc, 0x19, 0x2d, 0x88, 0x0b, + 0xd1, 0x05, 0x4b, 0xe3, 0xfe, 0x3b, 0xf1, 0xc6, 0x82, 0x22, 0x7f, 0x4a, 0xe2, 0x30, 0x84, 0x06, + 0x00, 0x37, 0x0a, 0x6f, 0xa0, 0x2b, 0xe1, 0xf0, 0x21, 0xdc, 0x97, 0x31, 0xda, 0x8a, 0x6c, 0xab, + 0xfd, 0x60, 0xcd, 0x1b, 0xdb, 0x81, 0x18, 0x3d, 0x63, 0x43, 0x77, 0xe5, 0x52, 0x92, 0x8e, 0xcf, + 0x8b, 0xf2, 0x1d, 0x02, 0x90, 0x85, 0xbf, 0x83, 0xbd, 0x07, 0xb4, 0x0f, 0x27, 0x1c, 0x72, 0x04, + 0xb8, 0x14, 0x7e, 0x06, 0x6d, 0xab, 0x44, 0xd7, 0x1c, 0x2c, 0x47, 0x53, 0x09, 0xd5, 0x64, 0x92, + 0xb8, 0xac, 0xd1, 0x78, 0xe2, 0xbb, 0xc9, 0x59, 0xc8, 0xc9, 0x0a, 0x93, 0x31, 0xd2, 0x1e, 0xc0, + 0xe6, 0x31, 0xb8, 0x5a, 0xfa, 0xff, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xa0, 0x80, 0x30, 0x82, 0x03, 0x4d, 0x30, 0x82, 0x02, 0x35, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x0a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x05, 0x05, 0x00, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x43, 0x45, + 0x50, 0x31, 0x20, 0x30, 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x38, 0x30, 0x32, 0x30, 0x35, 0x32, 0x32, 0x34, + 0x30, 0x30, 0x37, 0x5a, 0x17, 0x0d, 0x32, 0x32, 0x30, 0x32, 0x30, 0x35, 0x32, 0x32, 0x34, 0x30, + 0x30, 0x37, 0x5a, 0x30, 0x6a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, + 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, + 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x5f, 0x53, 0x43, 0x45, 0x50, 0x31, 0x20, 0x30, + 0x1e, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x17, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xc9, 0x94, 0x88, 0x48, 0x59, 0xe8, 0x0f, 0x34, 0x83, 0xf0, 0xf2, 0x42, 0x2c, 0x58, 0x6c, 0xb9, + 0xa1, 0x60, 0xed, 0xa9, 0xcd, 0x5e, 0xb9, 0x33, 0x74, 0x2a, 0x94, 0x30, 0xa2, 0x18, 0x82, 0x90, + 0xa3, 0xf5, 0x64, 0x40, 0xee, 0x6d, 0x64, 0xbc, 0x15, 0x18, 0x65, 0x48, 0xfe, 0xe4, 0x19, 0xa7, + 0xd4, 0x5d, 0x67, 0x2f, 0xf5, 0x5b, 0x75, 0x65, 0xda, 0x30, 0x01, 0x33, 0x79, 0x80, 0xd8, 0x84, + 0xc9, 0xa3, 0x49, 0xf4, 0xab, 0x1b, 0x54, 0xa1, 0x87, 0x38, 0x0a, 0x5f, 0xd5, 0x7c, 0xd5, 0x73, + 0xe3, 0xaa, 0x43, 0xe9, 0x1c, 0x32, 0x52, 0xdd, 0x05, 0x5f, 0x75, 0xf8, 0x61, 0x15, 0x6d, 0xc7, + 0x19, 0xb3, 0x52, 0xb3, 0xa3, 0xba, 0x6c, 0x5c, 0xfe, 0xd2, 0xb9, 0x72, 0x71, 0xc5, 0xac, 0xd2, + 0x9e, 0x47, 0x37, 0x2c, 0x84, 0xf8, 0x17, 0x55, 0xb3, 0x35, 0x55, 0x5a, 0x35, 0xcb, 0x92, 0x35, + 0xee, 0xca, 0xca, 0xb2, 0xf1, 0xc9, 0x0a, 0xee, 0xc9, 0xfe, 0xec, 0x48, 0x02, 0x57, 0x24, 0xbe, + 0x99, 0xe1, 0x80, 0x60, 0x68, 0xf1, 0x92, 0xc3, 0x51, 0x2e, 0x33, 0x7f, 0xd0, 0x54, 0x8f, 0x19, + 0x6f, 0x24, 0xd7, 0xb4, 0xce, 0xd8, 0xa8, 0xec, 0xe3, 0xf1, 0xb3, 0x8e, 0x35, 0xcf, 0x97, 0x0d, + 0x29, 0x26, 0xdf, 0x6e, 0xc3, 0x33, 0x4f, 0x55, 0x52, 0x73, 0x65, 0x94, 0xf4, 0x88, 0xca, 0xa6, + 0xd7, 0x04, 0xc0, 0xf2, 0xad, 0x8e, 0x73, 0x27, 0xc6, 0xce, 0xb1, 0x72, 0x83, 0xfa, 0x4a, 0x92, + 0x4c, 0x8a, 0x58, 0x4c, 0xf6, 0xf8, 0xd2, 0xcb, 0x12, 0xda, 0xad, 0x73, 0x40, 0x50, 0xef, 0x07, + 0x59, 0x5d, 0x46, 0x39, 0xea, 0x40, 0x9d, 0x10, 0xed, 0x00, 0x09, 0xd0, 0x01, 0x02, 0x39, 0xc5, + 0x73, 0xf3, 0x34, 0xf9, 0x6b, 0x42, 0x5d, 0x00, 0x54, 0xc7, 0x53, 0x0f, 0x80, 0xfa, 0x2b, 0x27, + 0x02, 0x03, 0x01, 0x00, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x05, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3e, 0x83, 0xab, 0x3d, 0x75, 0xe1, 0xcd, + 0x50, 0x02, 0x49, 0xf2, 0x71, 0x7c, 0xfe, 0x66, 0x92, 0x10, 0xdb, 0x02, 0xd1, 0x8b, 0xd6, 0xa8, + 0xd2, 0x16, 0xfb, 0xa3, 0xdd, 0xc6, 0x74, 0xf8, 0x70, 0x48, 0xd9, 0x57, 0x9e, 0x81, 0x2a, 0x0c, + 0x2c, 0x56, 0xfd, 0x61, 0x96, 0xd0, 0x05, 0x84, 0xd0, 0xeb, 0x47, 0xe6, 0xcd, 0x70, 0xba, 0xab, + 0x1a, 0x37, 0xba, 0xed, 0x6a, 0x0a, 0xa0, 0x07, 0xb6, 0x57, 0xfd, 0xe3, 0xd5, 0x58, 0x4c, 0x2c, + 0xac, 0xa6, 0x1b, 0x2e, 0x32, 0xd9, 0x31, 0x45, 0x3c, 0x17, 0xa7, 0x6c, 0xda, 0xe3, 0xb6, 0xc1, + 0x8d, 0xd7, 0xc5, 0xda, 0x24, 0xbb, 0x49, 0x35, 0x60, 0xf2, 0x01, 0x8f, 0x95, 0xa7, 0xea, 0x2d, + 0xdc, 0x3f, 0x69, 0xe5, 0x36, 0x03, 0x2f, 0x7a, 0xdd, 0xeb, 0x82, 0x59, 0xdf, 0x9a, 0xd8, 0x21, + 0x38, 0x14, 0x56, 0x07, 0xa2, 0x45, 0x76, 0x11, 0xa0, 0x84, 0xdc, 0x2f, 0xee, 0x95, 0x35, 0x82, + 0x1b, 0xfa, 0xc4, 0xbc, 0xc4, 0x50, 0xa6, 0x0e, 0x4d, 0x1a, 0x5b, 0xd4, 0x71, 0xb3, 0x66, 0x9b, + 0x4e, 0x70, 0x90, 0x18, 0xa7, 0x21, 0xa6, 0x57, 0xfe, 0x88, 0x69, 0x05, 0x6c, 0x23, 0x30, 0x35, + 0x0f, 0xb9, 0x0f, 0x07, 0xe1, 0x78, 0xc3, 0xa3, 0x67, 0x80, 0x83, 0xb8, 0x3a, 0x74, 0x80, 0x1b, + 0xee, 0xc5, 0x2d, 0xa5, 0x79, 0xa8, 0xb3, 0x58, 0x03, 0x2a, 0x19, 0x42, 0x15, 0x0a, 0x97, 0x82, + 0xf8, 0x22, 0xb0, 0x89, 0xc3, 0x58, 0x8a, 0xa1, 0xc8, 0x16, 0x2d, 0x8e, 0x4d, 0x7f, 0xa4, 0x70, + 0xb7, 0x5b, 0x40, 0x8b, 0x81, 0xc1, 0x5a, 0x81, 0x56, 0xf8, 0x0e, 0x2c, 0x4c, 0x50, 0xc6, 0x5d, + 0x93, 0x6c, 0x7a, 0xde, 0x21, 0x31, 0xf6, 0x14, 0x4e, 0x44, 0xb5, 0xdc, 0xaf, 0x66, 0xb1, 0xab, + 0x1c, 0x3b, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + word32 derSz = (word32)sizeof(der); + + /* Should return a parse error for malformed input */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); + wc_PKCS7_Free(pkcs7); + +#endif /* HAVE_PKCS7 && !NO_PKCS7_STREAM */ + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_pkcs7.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_pkcs7.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,15 @@ int test_wc_PKCS7_InitWithCert(void); int test_wc_PKCS7_EncodeData(void); int test_wc_PKCS7_EncodeSignedData(void); +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) +int test_wc_PKCS7_EncodeSignedData_RSA_PSS(void); +#endif +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +int test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS(void); +#endif int test_wc_PKCS7_EncodeSignedData_ex(void); int test_wc_PKCS7_VerifySignedData_RSA(void); int test_wc_PKCS7_VerifySignedData_ECC(void); @@ -48,26 +57,49 @@ int test_wc_PKCS7_SetOriDecryptCtx(void); int test_wc_PKCS7_DecodeCompressedData(void); int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void); +int test_wc_PKCS7_VerifySignedData_PKCS7ContentSeq(void); +int test_wc_PKCS7_VerifySignedData_IndefLenOOB(void); #define TEST_PKCS7_DECLS \ TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_New), \ TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_Init) +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) +#define TEST_PKCS7_RSA_PSS_SD_DECL \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_RSA_PSS), +#else +#define TEST_PKCS7_RSA_PSS_SD_DECL +#endif + +#if defined(HAVE_PKCS7) && defined(WC_RSA_PSS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA256) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) +#define TEST_PKCS7_RSA_PSS_ED_DECL \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EnvelopedData_KTRI_RSA_PSS), +#else +#define TEST_PKCS7_RSA_PSS_ED_DECL +#endif + #define TEST_PKCS7_SIGNED_DATA_DECLS \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_InitWithCert), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeData), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData), \ + TEST_PKCS7_RSA_PSS_SD_DECL \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_ex), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_RSA), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_ECC), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_Degenerate), \ TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_BER), \ - TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_NoDefaultSignedAttribs) + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_NoDefaultSignedAttribs), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_PKCS7ContentSeq), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_IndefLenOOB) #define TEST_PKCS7_ENCRYPTED_DATA_DECLS \ TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEnvelopedData_stream), \ TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeDecodeEnvelopedData), \ + TEST_PKCS7_RSA_PSS_ED_DECL \ TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetAESKeyWrapUnwrapCb), \ TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_GetEnvelopedDataKariRid), \ TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeEncryptedData), \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_poly1305.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_poly1305.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_poly1305.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_poly1305.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_poly1305.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_random.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_random.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_random.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -327,7 +327,7 @@ #if defined(HAVE_HASHDRBG) && \ (!(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) - byte seed[16]; + byte seed[32]; byte i; #ifdef TEST_WC_RNG_TESTSEED_BAD_PARAMS @@ -345,7 +345,12 @@ /* Bad seed as it repeats. */ XMEMSET(seed, 0xa5, sizeof(seed)); /* Return value is DRBG_CONT_FAILURE which is not public. */ + /* Moving forward with the RCT test check LT instead of GT */ +#if !defined(HAVE_FIPS) || ( defined(HAVE_FIPS) && FIPS_VERSION3_GE(7,0,0) ) + ExpectIntLT(wc_RNG_TestSeed(seed, sizeof(seed)), 0); +#else ExpectIntGT(wc_RNG_TestSeed(seed, sizeof(seed)), 0); +#endif /* Good seed. */ for (i = 0; i < (byte)sizeof(seed); i++) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_random.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_random.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_random.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_random.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rc2.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rc2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_rc2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rc2.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rc2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rc2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_rc2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ripemd.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ripemd.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ripemd.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ripemd.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_ripemd.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_ripemd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_ripemd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,10 +28,6 @@ #include #endif -#ifdef WOLFSSL_ASYNC_CRYPT - #define WOLFSSL_SMALL_STACK -#endif - #include #include #include @@ -824,6 +820,20 @@ ExpectIntEQ(XMEMCMP(plain, inStr, plainLen), 0); /* Pass bad args - tested in another testing function.*/ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + { + WC_DECLARE_VAR(shortPlain, byte, TEST_STRING_SZ - 4, NULL); + WC_ALLOC_VAR(shortPlain, byte, TEST_STRING_SZ - 4, NULL); + #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(shortPlain); + #endif + /* Test for when plain length is less than required. */ + ExpectIntEQ(wc_RsaPrivateDecrypt(cipher, cipherLenResult, shortPlain, + TEST_STRING_SZ - 4, &key), RSA_BUFFER_E); + WC_FREE_VAR(shortPlain, NULL); + } +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ + WC_FREE_VAR(in, NULL); WC_FREE_VAR(plain, NULL); WC_FREE_VAR(cipher, NULL); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha256.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha256.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha256.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha256.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha256.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha256.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha256.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha3.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha512.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha512.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha512.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha512.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sha512.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sha512.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sha512.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_signature.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_signature.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_signature.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_signature.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_signature.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_signature.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_signature.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_slhdsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_slhdsa.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1174 @@ +/* test_slhdsa.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef WOLFSSL_HAVE_SLHDSA + #include +#endif +#include +#include +#include + + +/* + * Test basic init/free and NULL parameter handling for SLH-DSA key operations. + */ +int test_wc_slhdsa(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_HAVE_SLHDSA + SlhDsaKey key; + + /* Test NULL parameter handling for init. */ + ExpectIntEQ(wc_SlhDsaKey_Init(NULL, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test wc_SlhDsaKey_Free with NULL - should not crash. */ + wc_SlhDsaKey_Free(NULL); + + /* Test valid init for each supported parameter set. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_128F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + wc_SlhDsaKey_Free(&key); +#endif + +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test size functions for SLH-DSA. + */ +int test_wc_slhdsa_sizes(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_HAVE_SLHDSA + SlhDsaKey key; + + /* Test NULL parameter handling for size functions. */ +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SigSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test sizes for each parameter set. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE128S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE128S_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE128S_SIG_LEN); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE128S), + WC_SLHDSA_SHAKE128S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE128S), + WC_SLHDSA_SHAKE128S_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE128S), + WC_SLHDSA_SHAKE128S_SIG_LEN); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_128F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE128F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE128F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE128F_SIG_LEN); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE128F), + WC_SLHDSA_SHAKE128F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE128F), + WC_SLHDSA_SHAKE128F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE128F), + WC_SLHDSA_SHAKE128F_SIG_LEN); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE192S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE192S_PUB_LEN); + /* Verify signature size is positive. */ + ExpectIntGT(wc_SlhDsaKey_SigSize(&key), 0); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE192S), + WC_SLHDSA_SHAKE192S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE192S), + WC_SLHDSA_SHAKE192S_PUB_LEN); + /* Verify SigSizeFromParam returns positive value. */ + ExpectIntGT(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE192S), 0); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE192F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE192F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE192F_SIG_LEN); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE192F), + WC_SLHDSA_SHAKE192F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE192F), + WC_SLHDSA_SHAKE192F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE192F), + WC_SLHDSA_SHAKE192F_SIG_LEN); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE256S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE256S_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE256S_SIG_LEN); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE256S), + WC_SLHDSA_SHAKE256S_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE256S), + WC_SLHDSA_SHAKE256S_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE256S), + WC_SLHDSA_SHAKE256S_SIG_LEN); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSize(&key), WC_SLHDSA_SHAKE256F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSize(&key), WC_SLHDSA_SHAKE256F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSize(&key), WC_SLHDSA_SHAKE256F_SIG_LEN); + wc_SlhDsaKey_Free(&key); + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ExpectIntEQ(wc_SlhDsaKey_PrivateSizeFromParam(SLHDSA_SHAKE256F), + WC_SLHDSA_SHAKE256F_PRIV_LEN); +#endif + ExpectIntEQ(wc_SlhDsaKey_PublicSizeFromParam(SLHDSA_SHAKE256F), + WC_SLHDSA_SHAKE256F_PUB_LEN); + ExpectIntEQ(wc_SlhDsaKey_SigSizeFromParam(SLHDSA_SHAKE256F), + WC_SLHDSA_SHAKE256F_SIG_LEN); +#endif + +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test key generation for SLH-DSA. + */ +int test_wc_slhdsa_make_key(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Test NULL parameter handling. */ + ExpectIntEQ(wc_SlhDsaKey_MakeKey(NULL, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_128F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + wc_SlhDsaKey_Free(&key); +#endif + + /* Test MakeKeyWithRandom. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + { + byte sk_seed[WC_SLHDSA_SHAKE128S_SEED_LEN]; + byte sk_prf[WC_SLHDSA_SHAKE128S_SEED_LEN]; + byte pk_seed[WC_SLHDSA_SHAKE128S_SEED_LEN]; + + XMEMSET(sk_seed, 0x01, sizeof(sk_seed)); + XMEMSET(sk_prf, 0x02, sizeof(sk_prf)); + XMEMSET(pk_seed, 0x03, sizeof(pk_seed)); + + /* Test NULL parameter handling. */ + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(NULL, sk_seed, + sizeof(sk_seed), sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, + INVALID_DEVID), 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, NULL, sizeof(sk_seed), + sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed, + sizeof(sk_seed), NULL, sizeof(sk_prf), pk_seed, sizeof(pk_seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed, + sizeof(sk_seed), sk_prf, sizeof(sk_prf), NULL, sizeof(pk_seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test wrong size. */ + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed, 8, + sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_SlhDsaKey_MakeKeyWithRandom(&key, sk_seed, + sizeof(sk_seed), sk_prf, sizeof(sk_prf), pk_seed, sizeof(pk_seed)), + 0); + wc_SlhDsaKey_Free(&key); + } +#endif + + wc_FreeRng(&rng); +#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_VERIFY_ONLY */ + return EXPECT_RESULT(); +} + +/* + * Test signing for SLH-DSA. + */ +int test_wc_slhdsa_sign(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + byte msg[64]; + byte* sig = NULL; + word32 sigLen; + word32 expSigLen; + byte ctx[10]; + + sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0xAA, sizeof(msg)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Test NULL parameter handling. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(NULL, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE128S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE128F_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE192S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE192F_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE256S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE256F_SIG_LEN; +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), NULL, sizeof(msg), + sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + NULL, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test buffer too small. */ + sigLen = 10; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), WC_NO_ERR_TRACE(BAD_LENGTH_E)); + + /* Test successful signing. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, expSigLen); + + /* Test signing with NULL context (allowed). */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, NULL, 0, msg, sizeof(msg), + sig, &sigLen, &rng), 0); + + wc_SlhDsaKey_Free(&key); + + /* Test SignDeterministic. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignDeterministic(NULL, ctx, sizeof(ctx), + msg, sizeof(msg), sig, &sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignDeterministic(&key, ctx, sizeof(ctx), + msg, sizeof(msg), sig, &sigLen), 0); + ExpectIntEQ(sigLen, expSigLen); + + wc_SlhDsaKey_Free(&key); + + /* Test SignWithRandom. */ + { + byte addRnd[WC_SLHDSA_MAX_SEED]; + XMEMSET(addRnd, 0x55, sizeof(addRnd)); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, + INVALID_DEVID), 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, + INVALID_DEVID), 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, + INVALID_DEVID), 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, + INVALID_DEVID), 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, + INVALID_DEVID), 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, + INVALID_DEVID), 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(NULL, ctx, sizeof(ctx), + msg, sizeof(msg), sig, &sigLen, addRnd), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(&key, ctx, sizeof(ctx), + msg, sizeof(msg), sig, &sigLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignWithRandom(&key, ctx, sizeof(ctx), + msg, sizeof(msg), sig, &sigLen, addRnd), 0); + ExpectIntEQ(sigLen, expSigLen); + + wc_SlhDsaKey_Free(&key); + } + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA && !WOLFSSL_SLHDSA_VERIFY_ONLY */ + return EXPECT_RESULT(); +} + +/* + * Test verification for SLH-DSA. + */ +int test_wc_slhdsa_verify(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + byte msg[64]; + byte* sig = NULL; + word32 sigLen; + byte ctx[10]; + + sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0xAA, sizeof(msg)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + /* Generate a signature. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + + /* Test NULL parameter handling. */ + ExpectIntEQ(wc_SlhDsaKey_Verify(NULL, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), NULL, sizeof(msg), + sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + NULL, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test successful verification. */ + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + /* Test verification with wrong message. */ + msg[0] ^= 0xFF; + ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + msg[0] ^= 0xFF; + + /* Test verification with wrong context. */ + ctx[0] ^= 0xFF; + ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + ctx[0] ^= 0xFF; + + /* Test verification with corrupted signature. */ + sig[0] ^= 0xFF; + ExpectIntNE(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + sig[0] ^= 0xFF; + + /* Test verification with NULL context (allowed, but must match signing). */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, NULL, 0, msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, NULL, 0, msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test combined sign and verify for all parameter sets. + */ +int test_wc_slhdsa_sign_vfy(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + byte msg[64]; + byte* sig = NULL; + word32 sigLen; + byte ctx[10]; + + sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0xAA, sizeof(msg)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE128S_SIG_LEN); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_128F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE128F_SIG_LEN); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, (word32)wc_SlhDsaKey_SigSize(&key)); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_192F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE192F_SIG_LEN); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE256S_SIG_LEN); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + +#ifdef WOLFSSL_SLHDSA_PARAM_256F + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, WC_SLHDSA_SHAKE256F_SIG_LEN); + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key); +#endif + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test hash signing and verification for SLH-DSA. + */ +int test_wc_slhdsa_sign_hash(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + byte hash[64]; + byte* sig = NULL; + word32 sigLen; + word32 expSigLen; + byte ctx[10]; + + sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(hash, 0xBB, sizeof(hash)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE128S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE128F_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE192S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE192F_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE256S_SIG_LEN; +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + expSigLen = WC_SLHDSA_SHAKE256F_SIG_LEN; +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + /* Test SignHash NULL parameter handling. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignHash(NULL, ctx, sizeof(ctx), hash, + sizeof(hash), WC_HASH_TYPE_SHA256, sig, &sigLen, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), NULL, + sizeof(hash), WC_HASH_TYPE_SHA256, sig, &sigLen, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, + sizeof(hash), WC_HASH_TYPE_SHA256, NULL, &sigLen, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, + sizeof(hash), WC_HASH_TYPE_SHA256, sig, NULL, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, + sizeof(hash), WC_HASH_TYPE_SHA256, sig, &sigLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test SignHash with SHA-256. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, &sigLen, &rng), 0); + ExpectIntEQ(sigLen, expSigLen); + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), 0); + + /* Test VerifyHash NULL parameter handling. */ + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(NULL, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), NULL, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, NULL, sigLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test VerifyHash with wrong hash. */ + hash[0] ^= 0xFF; + ExpectIntNE(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), 0); + hash[0] ^= 0xFF; + + /* Test SignHashDeterministic. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignHashDeterministic(NULL, ctx, sizeof(ctx), + hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHashDeterministic(&key, ctx, sizeof(ctx), + hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen), 0); + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), 0); + + /* Test SignHashWithRandom. */ + { + byte addRnd[WC_SLHDSA_MAX_SEED]; + XMEMSET(addRnd, 0x55, sizeof(addRnd)); + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(NULL, ctx, sizeof(ctx), + hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, addRnd), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(&key, ctx, sizeof(ctx), + hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_SignHashWithRandom(&key, ctx, sizeof(ctx), + hash, 32, WC_HASH_TYPE_SHA256, sig, &sigLen, addRnd), 0); + ExpectIntEQ(wc_SlhDsaKey_VerifyHash(&key, ctx, sizeof(ctx), hash, 32, + WC_HASH_TYPE_SHA256, sig, sigLen), 0); + } + + wc_SlhDsaKey_Free(&key); + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test export and import for SLH-DSA keys. + */ +int test_wc_slhdsa_export_import(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + SlhDsaKey key2; + WC_RNG rng; + byte* privKey = NULL; + byte* pubKey = NULL; + word32 privKeyLen; + word32 expPrivKeyLen; + word32 pubKeyLen; + word32 expPubKeyLen; + byte msg[64]; + byte* sig = NULL; + word32 sigLen; + byte ctx[10]; + + privKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PRIV_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + pubKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PUB_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + sig = (byte*)XMALLOC(WC_SLHDSA_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0xAA, sizeof(msg)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Test NULL parameter handling for export functions. */ + privKeyLen = WC_SLHDSA_MAX_PRIV_LEN; + pubKeyLen = WC_SLHDSA_MAX_PUB_LEN; + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(NULL, privKey, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(NULL, pubKey, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test NULL parameter handling for import functions. */ + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(NULL, privKey, privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(NULL, pubKey, pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 16; + expPubKeyLen = 2 * 16; +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 16; + expPubKeyLen = 2 * 16; +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 24; + expPubKeyLen = 2 * 24; +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 24; + expPubKeyLen = 2 * 24; +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 32; + expPubKeyLen = 2 * 32; +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); + expPrivKeyLen = 4 * 32; + expPubKeyLen = 2 * 32; +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + /* Test export with NULL buffer. */ + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, NULL, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, NULL, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test export with buffer too small. */ + privKeyLen = 10; + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); + pubKeyLen = 10; + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); + + /* Test successful export. */ + privKeyLen = WC_SLHDSA_MAX_PRIV_LEN; + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen), 0); + ExpectIntEQ(privKeyLen, expPrivKeyLen); + + pubKeyLen = WC_SLHDSA_MAX_PUB_LEN; + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen), 0); + ExpectIntEQ(pubKeyLen, expPubKeyLen); + + /* Sign with original key. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + + /* Test import into new key and verify. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + + /* Test import with NULL data. */ + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, NULL, privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, NULL, pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test import with wrong size. */ + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, privKey, 10), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, pubKey, 10), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); + + /* Test successful import of public key only. */ + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key2, pubKey, pubKeyLen), 0); + /* Verify with imported public key. */ + ExpectIntEQ(wc_SlhDsaKey_Verify(&key2, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + wc_SlhDsaKey_Free(&key2); + + /* Test import of private key. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key2, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key2, privKey, privKeyLen), 0); + /* Sign with imported key. */ + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ExpectIntEQ(wc_SlhDsaKey_Sign(&key2, ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, &rng), 0); + /* Verify with original key. */ + ExpectIntEQ(wc_SlhDsaKey_Verify(&key, ctx, sizeof(ctx), msg, sizeof(msg), + sig, sigLen), 0); + + wc_SlhDsaKey_Free(&key2); + wc_SlhDsaKey_Free(&key); + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} + +/* + * Test key check for SLH-DSA. + */ +int test_wc_slhdsa_check_key(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + SlhDsaKey key; + WC_RNG rng; + byte* privKey = NULL; + byte* pubKey = NULL; + word32 privKeyLen; + word32 pubKeyLen; + + privKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PRIV_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + pubKey = (byte*)XMALLOC(WC_SLHDSA_MAX_PUB_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Test NULL parameter handling. */ + ExpectIntEQ(wc_SlhDsaKey_CheckKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_MakeKey(&key, &rng), 0); + + /* Test check of valid key. */ + ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0); + + /* Export keys. */ + privKeyLen = WC_SLHDSA_MAX_PRIV_LEN; + ExpectIntEQ(wc_SlhDsaKey_ExportPrivate(&key, privKey, &privKeyLen), 0); + pubKeyLen = WC_SLHDSA_MAX_PUB_LEN; + ExpectIntEQ(wc_SlhDsaKey_ExportPublic(&key, pubKey, &pubKeyLen), 0); + + wc_SlhDsaKey_Free(&key); + + /* Test check with only public key imported - requires private key. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key, pubKey, pubKeyLen), 0); + /* CheckKey requires a private key to validate. */ + ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), WC_NO_ERR_TRACE(MISSING_KEY)); + wc_SlhDsaKey_Free(&key); + + /* Test check with only private key imported. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key, privKey, privKeyLen), 0); + ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0); + wc_SlhDsaKey_Free(&key); + + /* Test check with both keys imported. + * Note: ImportPublic overwrites flags, so import Public first then Private. + */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_128F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE128F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_192F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE192F, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256S) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256S, NULL, INVALID_DEVID), + 0); +#elif defined(WOLFSSL_SLHDSA_PARAM_256F) + ExpectIntEQ(wc_SlhDsaKey_Init(&key, SLHDSA_SHAKE256F, NULL, INVALID_DEVID), + 0); +#endif + ExpectIntEQ(wc_SlhDsaKey_ImportPublic(&key, pubKey, pubKeyLen), 0); + ExpectIntEQ(wc_SlhDsaKey_ImportPrivate(&key, privKey, privKeyLen), 0); + ExpectIntEQ(wc_SlhDsaKey_CheckKey(&key), 0); + wc_SlhDsaKey_Free(&key); + + wc_FreeRng(&rng); + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_HAVE_SLHDSA */ + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_slhdsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_slhdsa.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_slhdsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,48 @@ +/* test_slhdsa.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SLHDSA_H +#define WOLFCRYPT_TEST_SLHDSA_H + +#include + +int test_wc_slhdsa(void); +int test_wc_slhdsa_sizes(void); +int test_wc_slhdsa_make_key(void); +int test_wc_slhdsa_sign(void); +int test_wc_slhdsa_verify(void); +int test_wc_slhdsa_sign_vfy(void); +int test_wc_slhdsa_sign_hash(void); +int test_wc_slhdsa_export_import(void); +int test_wc_slhdsa_check_key(void); + +#define TEST_SLHDSA_DECLS \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sizes), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_make_key), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sign), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_verify), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sign_vfy), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_sign_hash), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_export_import), \ + TEST_DECL_GROUP("slhdsa", test_wc_slhdsa_check_key) + +#endif /* WOLFCRYPT_TEST_SLHDSA_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm2.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm2.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm3.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm3.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm4.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm4.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_sm4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_sm4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_sm4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,7 @@ #include #include +#include int test_utils_memio_move_message(void) @@ -346,7 +347,7 @@ } #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - !defined(NO_WOLFSSL_SERVER) + !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH) /* Called when writing. */ static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { @@ -382,7 +383,7 @@ { EXPECT_DECLS; #if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - !defined(NO_WOLFSSL_SERVER) + !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_CLIENT_AUTH) byte clientMsgs[] = { /* Client Hello */ 0x16, 0x03, 0x03, 0x00, 0xe7, @@ -665,4 +666,105 @@ #endif return EXPECT_RESULT(); } + +int test_tls12_no_null_compression(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) + /* ClientHello with compression list missing the required null method (RFC + * 5246 7.4.1.2: the list MUST include the null compression method). */ + const byte badClientHello[] = { + /* record header */ + 0x16, 0x03, 0x03, 0x00, 0x2d, + /* handshake header: ClientHello, length 41 */ + 0x01, 0x00, 0x00, 0x29, + /* client version: TLS 1.2 */ + 0x03, 0x03, + /* random: 32 bytes */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + /* session id length: 0 */ + 0x00, + /* cipher suites length: 2, TLS_RSA_WITH_AES_128_CBC_SHA */ + 0x00, 0x02, 0x00, 0x2f, + /* compression methods: 1 entry, ZLIB only (null is absent) */ + 0x01, 0xdd, + }; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)badClientHello, sizeof(badClientHello)), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WC_NO_ERR_TRACE(COMPRESSION_ERROR)); +#ifdef WOLFSSL_EXTRA_ALERTS + { + const byte illegalParamAlert[] = { + 0x15, /* alert content type */ + 0x03, 0x03, /* version: TLS 1.2 */ + 0x00, 0x02, /* length: 2 */ + 0x02, /* level: fatal */ + 0x2f, /* description: illegal_parameter (47) */ + }; + ExpectIntEQ(test_ctx.c_len, (int)sizeof(illegalParamAlert)); + ExpectBufEQ(test_ctx.c_buff, illegalParamAlert, + sizeof(illegalParamAlert)); + } +#endif + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +/* Test that set_curves_list correctly resolves ECC curve names that fall + * through the kNistCurves table and reach the wc_ecc_get_curve_idx_from_name + * fallback path. The kNistCurves lookup uses a case-sensitive XSTRNCMP, so + * uppercase names like "SECP384R1" do not match the lowercase "secp384r1" + * entry; they fall through to the wolfCrypt ECC look-up which uses + * XSTRCASECMP. */ +int test_tls_set_curves_list_ecc_fallback(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + /* "SECP384R1" (uppercase) is NOT in kNistCurves (case-sensitive table), + * so set_curves_list must use the wc_ecc_get_curve_idx_from_name fallback. + */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + + /* CTX-level: set single curve via its wolfCrypt name (uppercase) */ + ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "SECP384R1"), + WOLFSSL_SUCCESS); + + /* Verify the correct curve was stored, not ecc_sets[0] */ + ExpectIntEQ(ctx->numGroups, 1); + ExpectIntEQ(ctx->group[0], WOLFSSL_ECC_SECP384R1); + + /* SSL-level: same check via wolfSSL_set1_curves_list */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_set1_curves_list(ssl, "SECP384R1"), WOLFSSL_SUCCESS); + ExpectIntEQ(ssl->numGroups, 1); + ExpectIntEQ(ssl->group[0], WOLFSSL_ECC_SECP384R1); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* NO_WOLFSSL_CLIENT */ +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,8 @@ int test_tls13_curve_intersection(void); int test_tls_certreq_order(void); int test_tls12_bad_cv_sig_alg(void); +int test_tls12_no_null_compression(void); +int test_tls_set_curves_list_ecc_fallback(void); #define TEST_TLS_DECLS \ TEST_DECL_GROUP("tls", test_utils_memio_move_message), \ @@ -37,6 +39,8 @@ TEST_DECL_GROUP("tls", test_tls12_curve_intersection), \ TEST_DECL_GROUP("tls", test_tls13_curve_intersection), \ TEST_DECL_GROUP("tls", test_tls_certreq_order), \ - TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg) + TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg), \ + TEST_DECL_GROUP("tls", test_tls12_no_null_compression), \ + TEST_DECL_GROUP("tls", test_tls_set_curves_list_ecc_fallback) #endif /* TESTS_API_TEST_TLS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls13.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls13.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls13.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -102,7 +102,7 @@ #else WOLFSSL_KYBER_LEVEL5 #endif -#else +#elif !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) #ifndef WOLFSSL_NO_ML_KEM_512 WOLFSSL_ML_KEM_512 #elif !defined(WOLFSSL_NO_ML_KEM_768) @@ -110,6 +110,12 @@ #else WOLFSSL_ML_KEM_1024 #endif +#else + #ifndef WOLFSSL_NO_ML_KEM_768 + WOLFSSL_SECP256R1MLKEM768 + #else + WOLFSSL_ECC_SECP256R1 + #endif #endif #else WOLFSSL_ECC_SECP256R1 @@ -119,6 +125,9 @@ int bad_groups[2] = { 0xDEAD, 0xBEEF }; #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ int numGroups = 2; +#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT) + int too_many_groups[WOLFSSL_MAX_GROUP_COUNT + 1]; +#endif #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) char groupList[] = @@ -146,16 +155,22 @@ ":P256_KYBER_LEVEL1" #elif !defined(WOLFSSL_NO_KYBER768) ":P256_KYBER_LEVEL3" - #else + #elif !defined(WOLFSSL_NO_KYBER1024) ":P256_KYBER_LEVEL5" #endif #else - #ifndef WOLFSSL_NO_KYBER512 + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(WOLFSSL_EXTRA_PQC_HYBRIDS) ":SecP256r1MLKEM512" - #elif !defined(WOLFSSL_NO_KYBER768) - ":SecP384r1MLKEM768" - #else - ":SecP521r1MLKEM1024" + #elif !defined(WOLFSSL_NO_ML_KEM_768) && defined(WOLFSSL_PQC_HYBRIDS) + ":SecP256r1MLKEM768" + #elif !defined(WOLFSSL_NO_ML_KEM_1024) && defined(WOLFSSL_PQC_HYBRIDS) + ":SecP384r1MLKEM1024" + #elif !defined(WOLFSSL_NO_ML_KEM_1024) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + ":ML_KEM_1024" + #elif !defined(WOLFSSL_NO_ML_KEM_768) && \ + !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + ":ML_KEM_768" #endif #endif #endif @@ -170,15 +185,15 @@ ":KYBER_LEVEL1" #elif !defined(WOLFSSL_NO_KYBER768) ":KYBER_LEVEL3" - #else + #elif !defined(WOLFSSL_NO_KYBER1024) ":KYBER_LEVEL5" #endif -#else - #ifndef WOLFSSL_NO_KYBER512 +#elif !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + #if !defined(WOLFSSL_NO_ML_KEM_512) ":ML_KEM_512" - #elif !defined(WOLFSSL_NO_KYBER768) + #elif !defined(WOLFSSL_NO_ML_KEM_768) ":ML_KEM_768" - #else + #elif !defined(WOLFSSL_NO_ML_KEM_1024) ":ML_KEM_1024" #endif #endif @@ -188,7 +203,11 @@ #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + defined(HAVE_SUPPORTED_CURVES) && \ + (!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \ + (defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \ + (defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768))) int mlkemLevel; #endif @@ -351,8 +370,12 @@ #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + (!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \ + (defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \ + (defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768))) #ifndef WOLFSSL_NO_ML_KEM +#ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE #ifndef WOLFSSL_NO_ML_KEM_768 mlkemLevel = WOLFSSL_ML_KEM_768; #elif !defined(WOLFSSL_NO_ML_KEM_1024) @@ -361,6 +384,13 @@ mlkemLevel = WOLFSSL_ML_KEM_512; #endif #else +#if defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) + mlkemLevel = WOLFSSL_X25519MLKEM768; +#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768) + mlkemLevel = WOLFSSL_SECP256R1MLKEM768; +#endif +#endif +#else #ifndef WOLFSSL_NO_KYBER768 mlkemLevel = WOLFSSL_KYBER_LEVEL3; #elif !defined(WOLFSSL_NO_KYBER1024) @@ -605,6 +635,17 @@ #endif ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT) + { + int idx; + for (idx = 0; idx < WOLFSSL_MAX_GROUP_COUNT + 1; idx++) + too_many_groups[idx] = WOLFSSL_ECC_SECP256R1; + } + ExpectIntEQ(wolfSSL_CTX_set1_groups(clientCtx, too_many_groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_groups(clientSsl, too_many_groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), @@ -764,8 +805,14 @@ ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #endif + /* invoking without session or psk cbs */ ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, - sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_STATE_E)); + /* verify *outSz is initialized to 0 even on non-success paths */ + outSz = 42; + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_STATE_E)); + ExpectIntEQ(outSz, 0); #endif ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, @@ -1117,7 +1164,8 @@ } -#if defined(HAVE_RPK) && !defined(NO_TLS) +#if defined(HAVE_RPK) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) #define svrRpkCertFile "./certs/rpk/server-cert-rpk.der" #define clntRpkCertFile "./certs/rpk/client-cert-rpk.der" @@ -1224,13 +1272,15 @@ return 0; } -#endif /* HAVE_RPK && !NO_TLS */ +#endif /* HAVE_RPK && !NO_TLS && !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ int test_tls13_rpk_handshake(void) { EXPECT_DECLS; -#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#if defined(HAVE_RPK) && \ + (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifdef WOLFSSL_TLS13 int ret = 0; #endif @@ -1915,27 +1965,34 @@ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + (!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \ + (defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \ + (defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768))) static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) { -#ifndef WOLFSSL_NO_ML_KEM_1024 #ifdef WOLFSSL_MLKEM_KYBER + #if !defined(WOLFSSL_NO_KYBER1024) int group = WOLFSSL_KYBER_LEVEL5; -#else - int group = WOLFSSL_ML_KEM_1024; -#endif /* WOLFSSL_MLKEM_KYBER */ -#elif !defined(WOLFSSL_NO_ML_KEM_768) -#ifdef WOLFSSL_MLKEM_KYBER + #elif !defined(WOLFSSL_NO_KYBER768) int group = WOLFSSL_KYBER_LEVEL3; -#else - int group = WOLFSSL_ML_KEM_768; -#endif /* WOLFSSL_MLKEM_KYBER */ -#else -#ifdef WOLFSSL_MLKEM_KYBER + #else int group = WOLFSSL_KYBER_LEVEL1; -#else + #endif +#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + #if !defined(WOLFSSL_NO_ML_KEM_1024) + int group = WOLFSSL_ML_KEM_1024; + #elif !defined(WOLFSSL_NO_ML_KEM_768) + int group = WOLFSSL_ML_KEM_768; + #else int group = WOLFSSL_ML_KEM_512; -#endif /* WOLFSSL_MLKEM_KYBER */ + #endif +#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768) && \ + defined(WOLFSSL_PQC_HYBRIDS) + int group = WOLFSSL_SECP256R1MLKEM768; +#elif defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) && \ + defined(WOLFSSL_PQC_HYBRIDS) + int group = WOLFSSL_X25519MLKEM768; #endif AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); @@ -1943,24 +2000,28 @@ static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) { -#ifndef WOLFSSL_NO_ML_KEM_1024 #ifdef WOLFSSL_MLKEM_KYBER + #if !defined(WOLFSSL_NO_KYBER1024) AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); -#else - AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); -#endif /* WOLFSSL_MLKEM_KYBER */ -#elif !defined(WOLFSSL_NO_ML_KEM_768) -#ifdef WOLFSSL_MLKEM_KYBER + #elif !defined(WOLFSSL_NO_KYBER768) AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL3"); -#else - AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768"); -#endif /* WOLFSSL_MLKEM_KYBER */ -#else -#ifdef WOLFSSL_MLKEM_KYBER + #else AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL1"); -#else + #endif +#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + #if !defined(WOLFSSL_NO_ML_KEM_1024) + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); + #elif !defined(WOLFSSL_NO_ML_KEM_768) + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768"); + #else AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_512"); -#endif /* WOLFSSL_MLKEM_KYBER */ + #endif +#elif defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768) && \ + defined(WOLFSSL_PQC_HYBRIDS) + AssertStrEQ(wolfSSL_get_curve_name(ssl), "SecP256r1MLKEM768"); +#elif defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) && \ + defined(WOLFSSL_PQC_HYBRIDS) + AssertStrEQ(wolfSSL_get_curve_name(ssl), "X25519MLKEM768"); #endif } #endif @@ -1971,7 +2032,10 @@ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ - !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + (!defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) || \ + (defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768)) || \ + (defined(HAVE_ECC) && !defined(WOLFSSL_NO_ML_KEM_768))) callback_functions func_cb_client; callback_functions func_cb_server; @@ -1992,6 +2056,107 @@ return EXPECT_RESULT(); } +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET) +static int test_tls13_read_until_write_ok(WOLFSSL* ssl, void* buf, int bufLen) +{ + int ret, err; + int tries = 5; + + err = 0; + do { + ret = wolfSSL_read(ssl, buf, bufLen); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + err = wolfSSL_get_error(ssl, ret); + } + } while (tries-- && ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR) && + err == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_WRITE)); + return ret; +} +static int test_tls13_connect_until_write_ok(WOLFSSL* ssl) +{ + int ret, err; + int tries = 5; + + err = 0; + do { + ret = wolfSSL_connect(ssl); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + err = wolfSSL_get_error(ssl, ret); + } + } while (tries-- && ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR) && + err == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_WRITE)); + return ret; +} +static int test_tls13_write_until_write_ok(WOLFSSL* ssl, const void* msg, + int msgLen) +{ + int ret, err; + int tries = 5; + + err = 0; + do { + ret = wolfSSL_write(ssl, msg, msgLen); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + err = wolfSSL_get_error(ssl, ret); + } + } while (tries-- && ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR) && + err == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_WRITE)); + return ret; +} +static int test_tls13_early_data_read_until_write_ok(WOLFSSL* ssl, void* buf, + int bufLen, int* read) +{ + int ret, err; + int tries = 5; + + err = 0; + do { + ret = wolfSSL_read_early_data(ssl, buf, bufLen, read); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + err = wolfSSL_get_error(ssl, ret); + } + } while (tries-- && ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR) && + err == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_WRITE)); + return ret; +} +static int test_tls13_early_data_write_until_write_ok(WOLFSSL* ssl, + const void* msg, int msgLen, int* written) +{ + int ret, err; + int tries = 5; + + err = 0; + do { + ret = wolfSSL_write_early_data(ssl, msg, msgLen, written); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + err = wolfSSL_get_error(ssl, ret); + } + } while (tries-- && ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR) && + err == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_WRITE)); + return ret; +} +struct test_tls13_wwrite_ctx { + int want_write; + struct test_memio_ctx *test_ctx; +}; +static int test_tls13_mock_wantwrite_cb(WOLFSSL* ssl, char* data, int sz, + void* ctx) +{ + struct test_tls13_wwrite_ctx *wwctx = (struct test_tls13_wwrite_ctx *)ctx; +#ifdef WOLFSSL_TLS13_MIDDLEBOX_COMPAT + /* Write ChangeCipherSpec message. */ + if (data[0] != 0x14) +#endif + { + wwctx->want_write = !wwctx->want_write; + if (wwctx->want_write) { + return WOLFSSL_CBIO_ERR_WANT_WRITE; + } + } + return test_memio_write_cb(ssl, data, sz, wwctx->test_ctx); +} +#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_EARLY_DATA */ int test_tls13_early_data(void) { EXPECT_DECLS; @@ -2000,7 +2165,6 @@ int written = 0; int read = 0; size_t i; - int splitEarlyData; char msg[] = "This is early data"; char msg2[] = "This is client data"; char msg3[] = "This is server data"; @@ -2011,164 +2175,226 @@ method_provider server_meth; const char* tls_version; int isUdp; + int splitEarlyData; + int everyWriteWantWrite; } params[] = { #ifdef WOLFSSL_TLS13 { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, - "TLS 1.3", 0 }, + "TLS 1.3", 0, 0, 0 }, + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + "TLS 1.3", 0, 1, 0 }, + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + "TLS 1.3", 0, 0, 1 }, + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + "TLS 1.3", 0, 1, 1 }, #endif #ifdef WOLFSSL_DTLS13 { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, - "DTLS 1.3", 1 }, + "DTLS 1.3", 1, 0, 0 }, + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "DTLS 1.3", 1, 1, 0 }, + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "DTLS 1.3", 1, 0, 1 }, + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "DTLS 1.3", 1, 1, 1 }, #endif }; for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { - for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) { - struct test_memio_ctx test_ctx; - WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; - WOLFSSL *ssl_c = NULL, *ssl_s = NULL; - WOLFSSL_SESSION *sess = NULL; - - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - - fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version); - - ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, - &ssl_s, params[i].client_meth, params[i].server_meth), 0); - - /* Get a ticket so that we can do 0-RTT on the next connection */ - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - /* Make sure we read the ticket */ - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); - ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); - - wolfSSL_free(ssl_c); - ssl_c = NULL; - wolfSSL_free(ssl_s); - ssl_s = NULL; - XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL_SESSION *sess = NULL; + int splitEarlyData = params[i].splitEarlyData; + int everyWriteWantWrite = params[i].everyWriteWantWrite; + struct test_tls13_wwrite_ctx wwrite_ctx_s, wwrite_ctx_c; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + XMEMSET(&wwrite_ctx_c, 0, sizeof(wwrite_ctx_c)); + XMEMSET(&wwrite_ctx_s, 0, sizeof(wwrite_ctx_s)); + + fprintf(stderr, "\tEarly data with %s%s%s\n", params[i].tls_version, + splitEarlyData ? " (split early data)" : "", + everyWriteWantWrite ? " (every write WANT_WRITE)" : ""); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, params[i].client_meth, params[i].server_meth), 0); - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); + + if (params[i].isUdp) { + /* Early data is incompatible with HRR usage. Hence, we have to make + * sure a group is negotiated that does not cause a fragemented CH. + */ + int group[1] = { + #ifdef HAVE_ECC + WOLFSSL_ECC_SECP256R1, + #elif defined(HAVE_CURVE25519) + WOLFSSL_ECC_X25519, + #elif defined(HAVE_CURVE448) + WOLFSSL_ECC_X448, + #elif defined(HAVE_FFDHE_2048) + WOLFSSL_FFDHE_2048, + #endif + }; + ExpectIntEQ(wolfSSL_set_groups(ssl_c, group, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, group, 1), WOLFSSL_SUCCESS); + } + + /* Get a ticket so that we can do 0-RTT on the next connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* Make sure we read the ticket */ + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, params[i].client_meth, params[i].server_meth), 0); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); #ifdef WOLFSSL_DTLS13 - if (params[i].isUdp) { - wolfSSL_SetLoggingPrefix("server"); + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("server"); #ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME - ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), - WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), + WOLFSSL_SUCCESS); #else - /* Let's test this but we generally don't recommend turning off - * the cookie exchange */ - ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); + /* Let's test this but we generally don't recommend turning off + * the cookie exchange */ + ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); #endif - } + } #endif - /* Test 0-RTT data */ - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), - &written), sizeof(msg)); - ExpectIntEQ(written, sizeof(msg)); + if (everyWriteWantWrite) { + wwrite_ctx_c.test_ctx = &test_ctx; + wwrite_ctx_s.test_ctx = &test_ctx; + wolfSSL_SetIOWriteCtx(ssl_c, &wwrite_ctx_c); + wolfSSL_SSLSetIOSend(ssl_c, test_tls13_mock_wantwrite_cb); + wolfSSL_SetIOWriteCtx(ssl_s, &wwrite_ctx_s); + wolfSSL_SSLSetIOSend(ssl_s, test_tls13_mock_wantwrite_cb); + } + /* Test 0-RTT data */ + wolfSSL_SetLoggingPrefix("client"); - if (splitEarlyData) { - ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), - &written), sizeof(msg)); - ExpectIntEQ(written, sizeof(msg)); - } + ExpectIntEQ(test_tls13_early_data_write_until_write_ok(ssl_c, msg, + sizeof(msg), &written), + sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + + if (splitEarlyData) { + ExpectIntEQ(test_tls13_early_data_write_until_write_ok(ssl_c, msg, + sizeof(msg), &written), + sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + } - /* Read first 0-RTT data (if split otherwise entire data) */ - wolfSSL_SetLoggingPrefix("server"); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), - &read), sizeof(msg)); + /* Read first 0-RTT data (if split otherwise entire data) */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(test_tls13_early_data_read_until_write_ok(ssl_s, msgBuf, + sizeof(msgBuf), &read), + sizeof(msg)); + ExpectIntEQ(read, sizeof(msg)); + ExpectStrEQ(msg, msgBuf); + + /* Test 0.5-RTT data */ + ExpectIntEQ(test_tls13_write_until_write_ok(ssl_s, msg4, sizeof(msg4)), + sizeof(msg4)); + + if (splitEarlyData) { + /* Read second 0-RTT data */ + ExpectIntEQ(test_tls13_early_data_read_until_write_ok(ssl_s, msgBuf, + sizeof(msgBuf), &read), + sizeof(msg)); ExpectIntEQ(read, sizeof(msg)); ExpectStrEQ(msg, msgBuf); + } - /* Test 0.5-RTT data */ - ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4)); - - if (splitEarlyData) { - /* Read second 0-RTT data */ - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, - sizeof(msgBuf), &read), sizeof(msg)); - ExpectIntEQ(read, sizeof(msg)); - ExpectStrEQ(msg, msgBuf); - } - - if (params[i].isUdp) { - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), - WC_NO_ERR_TRACE(APP_DATA_READY)); - - /* Read server 0.5-RTT data */ - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), - sizeof(msg4)); - ExpectStrEQ(msg4, msgBuf); - - /* Complete handshake */ - ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), - WOLFSSL_ERROR_WANT_READ); - /* Use wolfSSL_is_init_finished to check if handshake is - * complete. Normally a user would loop until it is true but - * here we control both sides so we just assert the expected - * value. wolfSSL_read_early_data does not provide handshake - * status to us with non-blocking IO and we can't use - * wolfSSL_accept as TLS layer may return ZERO_RETURN due to - * early data parsing logic. */ - wolfSSL_SetLoggingPrefix("server"); - ExpectFalse(wolfSSL_is_init_finished(ssl_s)); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, - sizeof(msgBuf), &read), 0); - ExpectIntEQ(read, 0); - ExpectTrue(wolfSSL_is_init_finished(ssl_s)); - - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - } - else { - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); - - wolfSSL_SetLoggingPrefix("server"); - ExpectFalse(wolfSSL_is_init_finished(ssl_s)); - ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, - sizeof(msgBuf), &read), 0); - ExpectIntEQ(read, 0); - ExpectTrue(wolfSSL_is_init_finished(ssl_s)); - - /* Read server 0.5-RTT data */ - wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), - sizeof(msg4)); - ExpectStrEQ(msg4, msgBuf); - } + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(test_tls13_connect_until_write_ok(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WC_NO_ERR_TRACE(APP_DATA_READY)); + + /* Read server 0.5-RTT data */ + ExpectIntEQ( + test_tls13_read_until_write_ok(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); + + /* Complete handshake */ + ExpectIntEQ(test_tls13_connect_until_write_ok(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + /* Use wolfSSL_is_init_finished to check if handshake is + * complete. Normally a user would loop until it is true but + * here we control both sides so we just assert the expected + * value. wolfSSL_read_early_data does not provide handshake + * status to us with non-blocking IO and we can't use + * wolfSSL_accept as TLS layer may return ZERO_RETURN due to + * early data parsing logic. */ + wolfSSL_SetLoggingPrefix("server"); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(test_tls13_early_data_read_until_write_ok(ssl_s, msgBuf, + sizeof(msgBuf), &read), + 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); - /* Test bi-directional write */ wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2)); + ExpectIntEQ(test_tls13_connect_until_write_ok(ssl_c), + WOLFSSL_SUCCESS); + } + else { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(test_tls13_connect_until_write_ok(ssl_c), + WOLFSSL_SUCCESS); + wolfSSL_SetLoggingPrefix("server"); - ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), - sizeof(msg2)); - ExpectStrEQ(msg2, msgBuf); - ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3)); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(test_tls13_early_data_read_until_write_ok(ssl_s, msgBuf, + sizeof(msgBuf), &read), + 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + /* Read server 0.5-RTT data */ wolfSSL_SetLoggingPrefix("client"); - ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), - sizeof(msg3)); - ExpectStrEQ(msg3, msgBuf); - - wolfSSL_SetLoggingPrefix(NULL); - ExpectTrue(wolfSSL_session_reused(ssl_c)); - ExpectTrue(wolfSSL_session_reused(ssl_s)); - - wolfSSL_SESSION_free(sess); - wolfSSL_free(ssl_c); - wolfSSL_free(ssl_s); - wolfSSL_CTX_free(ctx_c); - wolfSSL_CTX_free(ctx_s); + ExpectIntEQ( + test_tls13_read_until_write_ok(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); } + + /* Test bi-directional write */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(test_tls13_write_until_write_ok(ssl_c, msg2, sizeof(msg2)), + sizeof(msg2)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ( + test_tls13_read_until_write_ok(ssl_s, msgBuf, sizeof(msgBuf)), + sizeof(msg2)); + ExpectStrEQ(msg2, msgBuf); + ExpectIntEQ(test_tls13_write_until_write_ok(ssl_s, msg3, sizeof(msg3)), + sizeof(msg3)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ( + test_tls13_read_until_write_ok(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg3)); + ExpectStrEQ(msg3, msgBuf); + + wolfSSL_SetLoggingPrefix(NULL); + ExpectTrue(wolfSSL_session_reused(ssl_c)); + ExpectTrue(wolfSSL_session_reused(ssl_s)); + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); } #endif return EXPECT_RESULT(); @@ -2217,7 +2443,9 @@ ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, (char*)hrr, sizeof(hrr)), 0); ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), DUPLICATE_MSG_E); + /* issue 9653: use a more appropriate error than DUPLICATE_MSG_E. + * Since the cause of this is missing extension, return that. */ + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), EXT_MISSING); wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); @@ -2318,3 +2546,1102 @@ #endif return EXPECT_RESULT(); } + +/* Server-side complement to test_tls13_hrr_different_cs: the client sends a + * different cipher suite in CH2 than what the server selected in the HRR. */ +int test_tls13_ch2_different_cs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && \ + defined(HAVE_ECC) && defined(HAVE_ECC384) + /* + * First ClientHello: cipher suite TLS_AES_256_GCM_SHA384 (0x1302), + * empty key_share, secp384r1 in supported_groups. This triggers the + * server to send a HelloRetryRequest selecting TLS_AES_256_GCM_SHA384 + * and requesting a secp384r1 key share. + */ + /* + * TLSv1.3 Record Layer: Handshake Protocol: Client Hello + * Content Type: Handshake (22) + * Version: TLS 1.2 (0x0303) + * Length: 110 + * Handshake Protocol: Client Hello + * Handshake Type: Client Hello (1) + * Length: 106 + * Version: TLS 1.2 (0x0303) + * Random: 0101010101010101010101010101010101010101010101010101010101010101 + * Session ID Length: 32 + * Session ID: 0303030303030303030303030303030303030303030303030303030303030303 + * Cipher Suites Length: 2 + * Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) + * Compression Methods Length: 1 + * Compression Method: null (0) + * Extensions Length: 31 + * Extension: supported_groups (len=4) secp384r1 (0x0018) + * Extension: signature_algorithms (len=6) rsa_pkcs1_sha256 (0x0401), + * rsa_pss_rsae_sha256 (0x0804) + * Extension: key_share (len=2) client_shares length=0 (empty) + * Extension: supported_versions (len=3) TLS 1.3 (0x0304) + */ + unsigned char ch1[] = { + 0x16, 0x03, 0x03, 0x00, 0x6e, 0x01, 0x00, 0x00, 0x6a, 0x03, 0x03, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x02, 0x01, 0x00, 0x00, 0x1f, + 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x18, 0x00, 0x0d, 0x00, 0x06, + 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04 + }; + /* + * TLSv1.3 Record Layer: Handshake Protocol: Client Hello + * Content Type: Handshake (22) + * Version: TLS 1.2 (0x0303) + * Length: 211 + * Handshake Protocol: Client Hello + * Handshake Type: Client Hello (1) + * Length: 207 + * Version: TLS 1.2 (0x0303) + * Random: 0101010101010101010101010101010101010101010101010101010101010101 + * Session ID Length: 32 + * Session ID: 0303030303030303030303030303030303030303030303030303030303030303 + * Cipher Suites Length: 2 + * Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) + * Compression Methods Length: 1 + * Compression Method: null (0) + * Extensions Length: 132 + * Extension: supported_groups (len=4) secp384r1 (0x0018) + * Extension: signature_algorithms (len=6) rsa_pkcs1_sha256 (0x0401), + * rsa_pss_rsae_sha256 (0x0804) + * Extension: key_share (len=103) + * client_shares length: 101 + * KeyShareEntry: group secp384r1 (0x0018), key_exchange length: 97 + * key_exchange: 04 || X(48) || Y(48) (uncompressed P-384 point) + * Extension: supported_versions (len=3) TLS 1.3 (0x0304) + */ + unsigned char ch2[] = { + 0x16, 0x03, 0x03, 0x00, 0xd3, 0x01, 0x00, 0x00, 0xcf, 0x03, 0x03, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x01, 0x01, 0x00, 0x00, 0x84, + 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x18, 0x00, 0x0d, 0x00, 0x06, + 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, 0x00, 0x33, 0x00, 0x67, 0x00, 0x65, + 0x00, 0x18, 0x00, 0x61, 0x04, 0x53, 0x3e, 0xe5, 0xbf, 0x40, 0xec, 0x2d, + 0x67, 0x98, 0x8b, 0x77, 0xf3, 0x17, 0x48, 0x9b, 0xb6, 0xdf, 0x95, 0x29, + 0x25, 0xc7, 0x09, 0xfc, 0x03, 0x81, 0x11, 0x1a, 0x59, 0x56, 0xf2, 0xd7, + 0x58, 0x11, 0x0e, 0x59, 0xd3, 0xd7, 0xc1, 0x72, 0x9e, 0x2c, 0x0d, 0x70, + 0xea, 0xf7, 0x73, 0xe6, 0x12, 0x01, 0x16, 0x42, 0x6d, 0xe2, 0x43, 0x6a, + 0x2f, 0x5f, 0xdd, 0x7f, 0xe5, 0x4f, 0xaf, 0x95, 0x2b, 0x04, 0xfd, 0x13, + 0xf5, 0x16, 0xce, 0x62, 0x7f, 0x89, 0xd2, 0x01, 0x9d, 0x4c, 0x87, 0x96, + 0x95, 0x9e, 0x43, 0x33, 0xc7, 0x06, 0x5b, 0x49, 0x6c, 0xa6, 0x34, 0xd5, + 0xdc, 0x63, 0xbd, 0xe9, 0x1f, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04 + }; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_3_server_method), 0); + + /* Server reads CH1, sends HRR, then waits for CH2 */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (char*)ch1, + sizeof(ch1)), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Server must reject CH2 because the cipher suite changed from the HRR */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (char*)ch2, + sizeof(ch2)), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), INVALID_PARAMETER); + + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_ECC) +/* Called when writing. */ +static int MESend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + + /* Force error return from wolfSSL_accept_TLSv13(). */ + return WANT_WRITE; +} +/* Called when reading. */ +static int MERecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +int test_tls13_sg_missing(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_ECC) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + byte clientHello[] = { + 0x16, 0x03, 0x03, 0x00, 0xcb, 0x01, 0x00, 0x00, + 0xc7, 0x03, 0x03, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x01, + 0x01, 0x00, 0x00, 0x7c, 0x00, 0x0d, 0x00, 0x06, + 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, + /* KeyShare */ + 0x00, 0x33, + 0x00, 0x67, 0x00, 0x65, 0x00, 0x18, 0x00, 0x61, + 0x04, 0x53, 0x3e, 0xe5, 0xbf, 0x40, 0xec, 0x2d, + 0x67, 0x98, 0x8b, 0x77, 0xf3, 0x17, 0x48, 0x9b, + 0xb6, 0xdf, 0x95, 0x29, 0x25, 0xc7, 0x09, 0xfc, + 0x03, 0x81, 0x11, 0x1a, 0x59, 0x56, 0xf2, 0xd7, + 0x58, 0x11, 0x0e, 0x59, 0xd3, 0xd7, 0xc1, 0x72, + 0x9e, 0x2c, 0x0d, 0x70, 0xea, 0xf7, 0x73, 0xe6, + 0x12, 0x01, 0x16, 0x42, 0x6d, 0xe2, 0x43, 0x6a, + 0x2f, 0x5f, 0xdd, 0x7f, 0xe5, 0x4f, 0xaf, 0x95, + 0x2b, 0x04, 0xfd, 0x13, 0xf5, 0x16, 0xce, 0x62, + 0x7f, 0x89, 0xd2, 0x01, 0x9d, 0x4c, 0x87, 0x96, + 0x95, 0x9e, 0x43, 0x33, 0xc7, 0x06, 0x5b, 0x49, + 0x6c, 0xa6, 0x34, 0xd5, 0xdc, 0x63, 0xbd, 0xe9, + 0x1f, + /* SupportedVersions */ + 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04 + /* Missing SupportedGroups. */ + }; + WOLFSSL_BUFFER_INFO msg; + WOLFSSL_ALERT_HISTORY h; + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + CERT_FILETYPE)); + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, MERecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, MESend); + + /* Test cipher suite list with many copies of a cipher suite. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_tx.code, missing_extension); + ExpectIntEQ(h.last_tx.level, alert_fatal); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_ks_missing(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_ECC) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + byte clientHello[] = { + 0x16, 0x03, 0x03, 0x00, 0x66, 0x01, 0x00, 0x00, + 0x62, 0x03, 0x03, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x01, + 0x01, 0x00, 0x00, 0x17, 0x00, 0x0d, 0x00, 0x06, + 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, + /* SupportedGroups */ + 0x00, 0x0a, + 0x00, 0x02, 0x00, 0x18, + /* SupportedVersions */ + 0x00, 0x2b, 0x00, 0x03, + 0x02, 0x03, 0x04 + /* Missing KeyShare. */ + }; + WOLFSSL_BUFFER_INFO msg; + WOLFSSL_ALERT_HISTORY h; + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + CERT_FILETYPE)); + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, MERecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, MESend); + + /* Test cipher suite list with many copies of a cipher suite. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_tx.code, missing_extension); + ExpectIntEQ(h.last_tx.level, alert_fatal); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(HAVE_ECC) +/* Called when writing. */ +static int DESend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + + return sz; +} +/* Called when reading. */ +static int DERecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + (void)sz; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +int test_tls13_duplicate_extension(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(HAVE_ECC) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + byte serverHello[] = { + 0x16, 0x03, 0x03, 0x00, 0x81, 0x02, 0x00, 0x00, + 0x7d, 0x03, 0x03, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x00, 0x13, 0x01, 0x00, 0x00, + 0x55, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x00, + 0x33, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, + 0x0c, 0x90, 0x1d, 0x42, 0x3c, 0x83, 0x1c, 0xa8, + 0x5e, 0x27, 0xc7, 0x3c, 0x26, 0x3b, 0xa1, 0x32, + 0x72, 0x1b, 0xb9, 0xd7, 0xa8, 0x4c, 0x4f, 0x03, + 0x80, 0xb2, 0xa6, 0x75, 0x6f, 0xd6, 0x01, 0x33, + 0x1c, 0x88, 0x70, 0x23, 0x4d, 0xec, 0x87, 0x85, + 0x04, 0xc1, 0x74, 0x14, 0x4f, 0xa4, 0xb1, 0x4b, + 0x66, 0xa6, 0x51, 0x69, 0x16, 0x06, 0xd8, 0x17, + 0x3e, 0x55, 0xbd, 0x37, 0xe3, 0x81, 0x56, 0x9e, + 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04 + }; + WOLFSSL_BUFFER_INFO msg; + WOLFSSL_ALERT_HISTORY h; + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, DERecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, DESend); + + /* Test cipher suite list with many copies of a cipher suite. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = serverHello; + msg.length = (unsigned int)sizeof(serverHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntEQ(wolfSSL_connect_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_tx.code, illegal_parameter); + ExpectIntEQ(h.last_tx.level, alert_fatal); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +int test_key_share_mismatch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && (!defined(WOLFSSL_SP_MATH) || \ + (defined(WOLFSSL_SP_521) && !defined(WOLFSSL_SP_NO_256) && \ + defined(WOLFSSL_SP_384))) + /* Taken from payload in https://github.com/wolfSSL/wolfssl/issues/9362 */ + const byte ch1_bin[] = { + 0x16, 0x03, 0x03, 0x00, 0x96, 0x01, 0x00, 0x00, 0x92, 0x03, 0x03, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x01, 0x01, 0x00, 0x00, 0x47, + 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x18, 0x00, 0x17, 0x00, 0x1d, + 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, 0x00, 0x33, + 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x07, 0xaa, 0xff, 0x3e, + 0x9f, 0xc1, 0x67, 0x27, 0x55, 0x44, 0xf4, 0xc3, 0xa6, 0xa1, 0x7c, 0xd8, + 0x37, 0xf2, 0xec, 0x6e, 0x78, 0xcd, 0x8a, 0x57, 0xb1, 0xe3, 0xdf, 0xb3, + 0xcc, 0x03, 0x5a, 0x76, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04 + }; + const byte ch2_bin[] = { + 0x16, 0x03, 0x03, 0x00, 0xb7, 0x01, 0x00, 0x00, 0xb3, 0x03, 0x03, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, + 0x03, 0x03, 0x03, 0x03, 0x00, 0x02, 0x13, 0x01, 0x01, 0x00, 0x00, 0x68, + 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x18, 0x00, 0x17, 0x00, 0x1d, + 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x08, 0x04, 0x00, 0x33, + 0x00, 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x0c, 0x90, 0x1d, + 0x42, 0x3c, 0x83, 0x1c, 0xa8, 0x5e, 0x27, 0xc7, 0x3c, 0x26, 0x3b, 0xa1, + 0x32, 0x72, 0x1b, 0xb9, 0xd7, 0xa8, 0x4c, 0x4f, 0x03, 0x80, 0xb2, 0xa6, + 0x75, 0x6f, 0xd6, 0x01, 0x33, 0x1c, 0x88, 0x70, 0x23, 0x4d, 0xec, 0x87, + 0x85, 0x04, 0xc1, 0x74, 0x14, 0x4f, 0xa4, 0xb1, 0x4b, 0x66, 0xa6, 0x51, + 0x69, 0x16, 0x06, 0xd8, 0x17, 0x3e, 0x55, 0xbd, 0x37, 0xe3, 0x81, 0x56, + 0x9e, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04 + }; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int client_group[] = {WOLFSSL_ECC_SECP521R1}; + int server_group[] = {WOLFSSL_ECC_SECP384R1, WOLFSSL_ECC_SECP256R1}; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, + client_group, XELEM_CNT(client_group)), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, + server_group, XELEM_CNT(server_group)), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), BAD_KEY_SHARE_DATA); + + wolfSSL_free(ssl_s); + ssl_s = NULL; + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, + server_group, XELEM_CNT(server_group)), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (const char*)ch1_bin, + sizeof(ch1_bin)), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (const char*)ch2_bin, + sizeof(ch2_bin)), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), BAD_KEY_SHARE_DATA); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +#if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) +/* Called when writing. */ +static int Tls13PTASend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)ctx; + + return sz; +} +static int Tls13PTARecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len; + + (void)ssl; + + if (msg->length == 0) { + /* Only do as many alerts as required to get to max alert count. */ + msg->buffer[0]--; + if (msg->buffer[0] > 0) { + msg->buffer -= 7; + msg->length += 7; + } + else { + return -1; + } + } + + len = (int)msg->length; + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +/* Test that when a TLS 1.3 client sends a ClientHello with an empty + * legacy_session_id (indicating no middlebox compatibility), the server + * should NOT send a ChangeCipherSpec message. Per RFC 8446 Appendix D.4, + * the server only sends CCS if the client's ClientHello contains a + * non-empty session_id. + * + * This test reproduces the bug reported in GitHub issue #9156 where + * wolfSSL server always sends CCS when compiled with + * WOLFSSL_TLS13_MIDDLEBOX_COMPAT, regardless of the client's session_id. + */ +int test_tls13_middlebox_compat_empty_session_id(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int i; + int found_ccs = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* Disable middlebox compatibility on the client so it sends an empty + * legacy_session_id in ClientHello. The server should respect this and + * NOT send a ChangeCipherSpec. */ + if (EXPECT_SUCCESS()) { + ssl_c->options.tls13MiddleBoxCompat = 0; + } + + /* Client sends ClientHello with empty session ID */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), WOLFSSL_ERROR_WANT_READ); + + /* Server processes ClientHello and sends its flight: + * ServerHello, EncryptedExtensions, Certificate, CertVerify, Finished + * (and potentially an unwanted CCS) */ + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), WOLFSSL_ERROR_WANT_READ); + + /* Now examine the server's output (stored in c_buff, since the server + * writes to the client's read buffer). Scan through TLS records looking + * for a ChangeCipherSpec record (content type 0x14 = 20). */ + if (EXPECT_SUCCESS()) { + i = 0; + while (i + 5 <= test_ctx.c_len) { + byte content_type = test_ctx.c_buff[i]; + int record_len = (test_ctx.c_buff[i + 3] << 8) | + test_ctx.c_buff[i + 4]; + + if (content_type == 20) { /* change_cipher_spec */ + found_ccs = 1; + break; + } + + /* Move to next TLS record: 5 byte header + payload */ + i += 5 + record_len; + } + } + + /* The server should NOT have sent CCS since the client's ClientHello + * had an empty legacy_session_id. If found_ccs is 1, this demonstrates + * the bug from issue #9156. */ + ExpectIntEQ(found_ccs, 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_plaintext_alert(void) +{ + EXPECT_DECLS; + +#if defined(WOLFSSL_TLS13) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + defined(HAVE_AESGCM) && !defined(NO_WOLFSSL_SERVER) + byte clientMsgs[] = { + /* Client Hello */ + 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, + 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01, + 0x13, 0x02, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d, + 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00, + 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, + 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23, + 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9, + 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90, + 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8, + 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca, + 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15, + 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13, + 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d, + 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, + 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, + 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, + 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, + 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, + 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, + 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00, + 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f, + 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51, + 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd, + 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73, + 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48, + 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f, + 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05, + 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd, + 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a, + 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe, + 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c, + 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9, + 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c, + 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3, + 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, + 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, + 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20, + 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5, + 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc, + 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12, + 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c, + 0x15, 0x03, 0x03, 0x00, 0x02, 0x01, 0x00, 0x00 + }; + + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + WOLFSSL_BUFFER_INFO msg; + +#ifdef WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC + /* We fail on WOLFSSL_ALERT_COUNT_MAX alerts. */ + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, Tls13PTARecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, Tls13PTASend); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientMsgs; + msg.length = (unsigned int)sizeof(clientMsgs) - 1; + clientMsgs[sizeof(clientMsgs) - 1] = WOLFSSL_ALERT_COUNT_MAX; + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOReadCtx(ssl, &msg); + } + /* Alert will be ignored until too many. */ + /* Read all message include CertificateVerify with invalid signature + * algorithm. */ + ExpectIntEQ(wolfSSL_accept(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Expect an invalid parameter error. */ + ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FATAL_ERROR), + WC_NO_ERR_TRACE(ALERT_COUNT_E)); + + wolfSSL_free(ssl); + ssl = NULL; + wolfSSL_CTX_free(ctx); + ctx = NULL; + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, Tls13PTARecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, Tls13PTASend); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientMsgs; + msg.length = (unsigned int)sizeof(clientMsgs) - 1; + clientMsgs[sizeof(clientMsgs) - 1] = WOLFSSL_ALERT_COUNT_MAX - 1; + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOReadCtx(ssl, &msg); + } + /* Alert will be ignored until too many. */ + /* Read all message include CertificateVerify with invalid signature + * algorithm. */ + ExpectIntEQ(wolfSSL_accept(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Expect an invalid parameter error. */ + ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FATAL_ERROR), + WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#else + /* Fail on plaintext alert when encryption keys on. */ + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, Tls13PTARecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, Tls13PTASend); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientMsgs; + msg.length = (unsigned int)sizeof(clientMsgs) - 1; + clientMsgs[sizeof(clientMsgs) - 1] = 1; + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOReadCtx(ssl, &msg); + } + /* Alert will be ignored until too many. */ + /* Read all message include CertificateVerify with invalid signature + * algorithm. */ + ExpectIntEQ(wolfSSL_accept(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Expect an invalid parameter error. */ + ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FATAL_ERROR), + WC_NO_ERR_TRACE(PARSE_ERROR)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif +#endif + + return EXPECT_RESULT(); +} + +/* Test that TLS 1.3 warning-level alerts are treated as fatal (RFC 8446 + * Section 6.2). + * A peer sending e.g. {alert_warning, handshake_failure} must still cause the + * connection to be terminated, not silently continued. + */ +int test_tls13_warning_alert_is_fatal(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + /* TLS record: content_type=alert(0x15), version=TLS1.2(0x0303), len=2, + * level=warning(0x01), code=handshake_failure(0x28=40) */ + static const unsigned char warn_alert[] = + { 0x15, 0x03, 0x03, 0x00, 0x02, 0x01, 0x28 }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_3_client_method, NULL), 0); + + /* Client sends ClientHello, then waits for the server response. */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Inject a warning-level handshake_failure alert as if from the server. + * RFC 8446 Section 6.2: In TLS 1.3, all error alerts MUST be treated as + * fatalregardless of the AlertLevel byte. */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)warn_alert, sizeof(warn_alert)), 0); + + /* Expect the connection to be terminated, not silently continued. */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(FATAL_ERROR)); + + /* The alert details should be recorded correctly. */ + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.code, handshake_failure); + ExpectIntEQ(h.last_rx.level, alert_warning); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +/* Test that wolfSSL_set1_sigalgs_list() is honored in TLS 1.3 + */ +int test_tls13_cert_req_sigalgs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_CERTS) && !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* Server: require client cert and load ECC client cert for verification */ + if (EXPECT_SUCCESS()) { + wolfSSL_set_verify(ssl_s, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, + cliEccCertFile, 0), WOLFSSL_SUCCESS); + } + + /* Server: restrict CertificateRequest to RSA-PSS+SHA256 only */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl_s, "RSA-PSS+SHA256"), + WOLFSSL_SUCCESS); + } + + /* Client: load ECC cert/key */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliEccCertFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliEccKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + + /* Handshake must fail: ECC client cannot match RSA-PSS+SHA256 */ + ExpectIntNE(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); ssl_c = NULL; + wolfSSL_free(ssl_s); ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); ctx_c = NULL; + wolfSSL_CTX_free(ctx_s); ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* Server: require client cert and load RSA client cert for verification */ + if (EXPECT_SUCCESS()) { + wolfSSL_set_verify(ssl_s, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, + cliCertFile, 0), WOLFSSL_SUCCESS); + } + + /* Server: restrict CertificateRequest to RSA-PSS+SHA256 only */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl_s, "RSA-PSS+SHA256"), + WOLFSSL_SUCCESS); + } + + /* Client: load RSA cert/key */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliCertFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + + /* Handshake must succeed: RSA client satisfies RSA-PSS+SHA256 */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); ssl_c = NULL; + wolfSSL_free(ssl_s); ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); ctx_c = NULL; + wolfSSL_CTX_free(ctx_s); ctx_s = NULL; +#endif + + return EXPECT_RESULT(); +} + +int test_tls13_derive_keys_no_key(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* DeriveTls13Keys with no_key should succeed (skip secret derivation, + * only derive keys/IVs from existing secrets). This is used with early + * data to derive keys without re-deriving the secrets. */ + ExpectIntEQ(DeriveTls13Keys(ssl_s, no_key, DECRYPT_SIDE_ONLY, 0), 0); + ExpectIntEQ(DeriveTls13Keys(ssl_s, no_key, ENCRYPT_SIDE_ONLY, 0), 0); + ExpectIntEQ(DeriveTls13Keys(ssl_c, no_key, ENCRYPT_AND_DECRYPT_SIDE, 0), + 0); + + /* Unknown secret type should return BAD_FUNC_ARG */ + ExpectIntEQ(DeriveTls13Keys(ssl_c, -1, ENCRYPT_SIDE_ONLY, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + + return EXPECT_RESULT(); +} + +/* Test that a truncated PQC hybrid KeyShare in a ServerHello does not cause a + * heap use-after-free during cleanup. A malicious server sends + * SECP256R1MLKEM768 with only 10 bytes of key exchange data (expected: 1120+). + * This exercises the error path in TLSX_KeyShare_ProcessPqcHybridClient(). + * Under ASAN the UAF manifests as ForceZero writing to freed KyberKey memory + * during wolfSSL_free -> TLSX_FreeAll -> TLSX_KeyShare_FreeAll. */ +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_PQC_HYBRIDS) && \ + !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) +/* Called when writing - discard output. */ +static int PqcHybridUafSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)ctx; + return sz; +} +/* Called when reading - feed from buffer. */ +static int PqcHybridUafRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + msg->buffer += len; + msg->length -= len; + return len; +} +#endif + +int test_tls13_pqc_hybrid_truncated_keyshare(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_PQC_HYBRIDS) && \ + !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + /* Crafted TLS 1.3 ServerHello with SECP256R1MLKEM768 (0x11EB) key_share + * containing only 10 bytes of key exchange data instead of the expected + * ~1120 bytes. This triggers the error cleanup path. */ + byte serverHello[] = { + /* TLS record: Handshake, TLS 1.2 compat, length 68 */ + 0x16, 0x03, 0x03, 0x00, 0x44, + /* Handshake: ServerHello (0x02), length 64 */ + 0x02, 0x00, 0x00, 0x40, + /* legacy_version */ + 0x03, 0x03, + /* random (32 bytes) */ + 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, + 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, + 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, + 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, 0x42, + /* legacy_session_id_echo length: 0 */ + 0x00, + /* cipher_suite: TLS_AES_128_GCM_SHA256 */ + 0x13, 0x01, + /* legacy_compression_method: null */ + 0x00, + /* extensions length: 24 */ + 0x00, 0x18, + /* extension: supported_versions -> TLS 1.3 */ + 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, + /* extension: key_share (truncated hybrid data) */ + 0x00, 0x33, /* type */ + 0x00, 0x0e, /* length: 14 */ + 0x11, 0xeb, /* named_group: SECP256R1MLKEM768 (4587) */ + 0x00, 0x0a, /* key_exchange length: 10 (truncated!) */ + 0x41, 0x41, 0x41, 0x41, 0x41, /* bogus key data */ + 0x41, 0x41, 0x41, 0x41, 0x41 + }; + WOLFSSL_BUFFER_INFO msg; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + wolfSSL_SetIORecv(ctx, PqcHybridUafRecv); + wolfSSL_SetIOSend(ctx, PqcHybridUafSend); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Generate the client-side PQC hybrid key share so the truncated + * ServerHello key_share will be processed (group must match). */ + ExpectIntEQ(wolfSSL_UseKeyShare(ssl, WOLFSSL_SECP256R1MLKEM768), + WOLFSSL_SUCCESS); + + msg.buffer = serverHello; + msg.length = (unsigned int)sizeof(serverHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + + /* Connect should fail gracefully on the truncated key share. */ + ExpectIntEQ(wolfSSL_connect_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + + /* The UAF, if present, triggers here: wolfSSL_free -> TLSX_FreeAll -> + * TLSX_KeyShare_FreeAll -> ForceZero on already-freed KyberKey. */ + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Test that a TLS 1.3 NewSessionTicket with a ticket shorter than ID_LEN + * (32 bytes) does not cause an unsigned integer underflow / OOB read in + * SetTicket. Uses a full memio handshake, then injects a crafted + * NewSessionTicket with a 5-byte ticket into the client's read path. */ +int test_tls13_short_session_ticket(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + char buf[64]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* Complete a TLS 1.3 handshake. The server will send a + * NewSessionTicket as part of post-handshake messages. */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Read on client to consume the server's NewSessionTicket. */ + ExpectIntEQ(wolfSSL_read(ssl_c, buf, sizeof(buf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Now directly test SetTicket with a short ticket by poking the + * session. The session object is accessible; replicate the exact + * vulnerable arithmetic: ticket + length - ID_LEN with length=5. + * With the fix, sessIdLen is capped to length so no underflow. */ + { + byte shortTicket[5] = { 0xBB, 0xCC, 0xDD, 0xEE, 0xFF }; + word32 length = sizeof(shortTicket); + word32 sessIdLen = ID_LEN; + + if (length < ID_LEN) + sessIdLen = length; + + XMEMCPY(ssl_c->session->staticTicket, shortTicket, length); + ssl_c->session->ticketLen = (word16)length; + ssl_c->session->ticket = ssl_c->session->staticTicket; + + /* This is the exact code from SetTicket. Before the fix, + * sessIdLen would be ID_LEN (32), causing: ticket + 5 - 32 + * to underflow and read OOB. */ + XMEMSET(ssl_c->session->sessionID, 0, ID_LEN); + XMEMCPY(ssl_c->session->sessionID, + ssl_c->session->ticket + length - sessIdLen, + sessIdLen); + ssl_c->session->sessionIDSz = ID_LEN; + + /* Verify: sessionID should contain only the 5 ticket bytes, + * zero-padded, not garbage from an OOB read. */ + ExpectBufEQ(ssl_c->session->sessionID, shortTicket, 5); + } + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls13.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls13.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls13.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls13.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,15 +32,39 @@ int test_tls13_early_data(void); int test_tls13_same_ch(void); int test_tls13_hrr_different_cs(void); +int test_tls13_ch2_different_cs(void); +int test_tls13_sg_missing(void); +int test_tls13_ks_missing(void); +int test_tls13_duplicate_extension(void); +int test_key_share_mismatch(void); +int test_tls13_middlebox_compat_empty_session_id(void); +int test_tls13_plaintext_alert(void); +int test_tls13_warning_alert_is_fatal(void); +int test_tls13_cert_req_sigalgs(void); +int test_tls13_derive_keys_no_key(void); +int test_tls13_pqc_hybrid_truncated_keyshare(void); +int test_tls13_short_session_ticket(void); -#define TEST_TLS13_DECLS \ - TEST_DECL_GROUP("tls13", test_tls13_apis), \ - TEST_DECL_GROUP("tls13", test_tls13_cipher_suites), \ - TEST_DECL_GROUP("tls13", test_tls13_bad_psk_binder), \ - TEST_DECL_GROUP("tls13", test_tls13_rpk_handshake), \ - TEST_DECL_GROUP("tls13", test_tls13_pq_groups), \ - TEST_DECL_GROUP("tls13", test_tls13_early_data), \ - TEST_DECL_GROUP("tls13", test_tls13_same_ch), \ - TEST_DECL_GROUP("tls13", test_tls13_hrr_different_cs) +#define TEST_TLS13_DECLS \ + TEST_DECL_GROUP("tls13", test_tls13_apis), \ + TEST_DECL_GROUP("tls13", test_tls13_cipher_suites), \ + TEST_DECL_GROUP("tls13", test_tls13_bad_psk_binder), \ + TEST_DECL_GROUP("tls13", test_tls13_rpk_handshake), \ + TEST_DECL_GROUP("tls13", test_tls13_pq_groups), \ + TEST_DECL_GROUP("tls13", test_tls13_early_data), \ + TEST_DECL_GROUP("tls13", test_tls13_same_ch), \ + TEST_DECL_GROUP("tls13", test_tls13_hrr_different_cs), \ + TEST_DECL_GROUP("tls13", test_tls13_ch2_different_cs), \ + TEST_DECL_GROUP("tls13", test_tls13_sg_missing), \ + TEST_DECL_GROUP("tls13", test_tls13_ks_missing), \ + TEST_DECL_GROUP("tls13", test_tls13_duplicate_extension), \ + TEST_DECL_GROUP("tls13", test_key_share_mismatch), \ + TEST_DECL_GROUP("tls13", test_tls13_middlebox_compat_empty_session_id), \ + TEST_DECL_GROUP("tls13", test_tls13_plaintext_alert), \ + TEST_DECL_GROUP("tls13", test_tls13_warning_alert_is_fatal), \ + TEST_DECL_GROUP("tls13", test_tls13_cert_req_sigalgs), \ + TEST_DECL_GROUP("tls13", test_tls13_derive_keys_no_key), \ + TEST_DECL_GROUP("tls13", test_tls13_pqc_hybrid_truncated_keyshare), \ + TEST_DECL_GROUP("tls13", test_tls13_short_session_ticket) #endif /* WOLFCRYPT_TEST_TLS13_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls_ext.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls_ext.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls_ext.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -323,6 +323,138 @@ } #endif +#if defined(HAVE_TRUSTED_CA) && !defined(NO_SHA) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) +/* Walk the TLSX list to find an extension by type. Avoids calling the + * WOLFSSL_LOCAL TLSX_Find which is not available in shared library builds. */ +static TLSX* test_TLSX_find_ext(TLSX* list, TLSX_Type type) +{ + while (list) { + if (list->type == type) + return list; + list = list->next; + } + return NULL; +} +#endif + +int test_TLSX_TCA_Find(void) +{ + EXPECT_DECLS; +#if defined(HAVE_TRUSTED_CA) && !defined(NO_SHA) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + /* Two different 20-byte SHA1 ids */ + byte id_A[WC_SHA_DIGEST_SIZE]; + byte id_B[WC_SHA_DIGEST_SIZE]; + TLSX* ext; + + XMEMSET(id_A, 0xAA, sizeof(id_A)); + XMEMSET(id_B, 0xBB, sizeof(id_B)); + + /* Test 1: Exact match - same type and same id should match */ + { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + /* Server has KEY_SHA1 with id_A */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_s, WOLFSSL_TRUSTED_CA_KEY_SHA1, + id_A, sizeof(id_A)), WOLFSSL_SUCCESS); + /* Client sends KEY_SHA1 with id_A (same) */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_c, WOLFSSL_TRUSTED_CA_KEY_SHA1, + id_A, sizeof(id_A)), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Server should have found a match and responded */ + ext = test_TLSX_find_ext(ssl_c ? ssl_c->extensions : NULL, + TLSX_TRUSTED_CA_KEYS); + ExpectNotNull(ext); + if (EXPECT_SUCCESS()) + ExpectIntEQ(ext->resp, 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } + + /* Test 2: Same type, different id - should NOT match. + * This is the key test that exposes the logic bug in TLSX_TCA_Find + * where matching on type alone (without checking id content) causes + * a false positive. */ + { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + /* Server has KEY_SHA1 with id_A */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_s, WOLFSSL_TRUSTED_CA_KEY_SHA1, + id_A, sizeof(id_A)), WOLFSSL_SUCCESS); + /* Client sends KEY_SHA1 with id_B (different!) */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_c, WOLFSSL_TRUSTED_CA_KEY_SHA1, + id_B, sizeof(id_B)), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Server should NOT have found a match - ids differ */ + ext = test_TLSX_find_ext(ssl_c ? ssl_c->extensions : NULL, + TLSX_TRUSTED_CA_KEYS); + ExpectNotNull(ext); + if (EXPECT_SUCCESS()) + ExpectIntEQ(ext->resp, 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } + + /* Test 3: PRE_AGREED should match any server entry */ + { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + /* Server has KEY_SHA1 with id_A */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_s, WOLFSSL_TRUSTED_CA_KEY_SHA1, + id_A, sizeof(id_A)), WOLFSSL_SUCCESS); + /* Client sends PRE_AGREED (no id needed) */ + ExpectIntEQ(wolfSSL_UseTrustedCA(ssl_c, WOLFSSL_TRUSTED_CA_PRE_AGREED, + NULL, 0), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Server should have matched (PRE_AGREED matches anything) */ + ext = test_TLSX_find_ext(ssl_c ? ssl_c->extensions : NULL, + TLSX_TRUSTED_CA_KEYS); + ExpectNotNull(ext); + if (EXPECT_SUCCESS()) + ExpectIntEQ(ext->resp, 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + int test_certificate_authorities_client_hello(void) { EXPECT_DECLS; #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ @@ -413,3 +545,67 @@ #endif return EXPECT_RESULT(); } + +/* Test that the SNI size calculation returns 0 on overflow instead of + * wrapping around to a small value (integer overflow vulnerability). */ +int test_TLSX_SNI_GetSize_overflow(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SNI) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + TLSX* sni_ext = NULL; + SNI* head = NULL; + SNI* sni = NULL; + int i; + /* Each SNI adds ENUM_LEN(1) + OPAQUE16_LEN(2) + hostname_len to the size. + * With a 1-byte hostname, each entry adds 4 bytes. Starting from + * OPAQUE16_LEN(2) base, we need enough entries to exceed UINT16_MAX. */ + const int num_sni = (0xFFFF / 4) + 2; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Add initial SNI via public API */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "a", 1)); + + /* Find the SNI extension and manually build a long chain */ + if (EXPECT_SUCCESS()) { + sni_ext = TLSX_Find(ssl->extensions, TLSX_SERVER_NAME); + ExpectNotNull(sni_ext); + } + + if (EXPECT_SUCCESS()) { + head = (SNI*)sni_ext->data; + ExpectNotNull(head); + } + + /* Append many SNI nodes to force overflow in the size calculation */ + for (i = 1; EXPECT_SUCCESS() && i < num_sni; i++) { + sni = (SNI*)XMALLOC(sizeof(SNI), NULL, DYNAMIC_TYPE_TLSX); + ExpectNotNull(sni); + if (sni != NULL) { + XMEMSET(sni, 0, sizeof(SNI)); + sni->type = WOLFSSL_SNI_HOST_NAME; + sni->data.host_name = (char*)XMALLOC(2, NULL, DYNAMIC_TYPE_TLSX); + ExpectNotNull(sni->data.host_name); + if (sni->data.host_name != NULL) { + sni->data.host_name[0] = 'a'; + sni->data.host_name[1] = '\0'; + } + sni->next = head->next; + head->next = sni; + } + } + + if (EXPECT_SUCCESS()) { + /* The fixed calculation should return 0 (overflow detected) */ + ExpectIntEQ(TLSX_SNI_GetSize((SNI*)sni_ext->data), 0); + } + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls_ext.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_tls_ext.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_tls_ext.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_tls_ext.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,5 +26,7 @@ int test_wolfSSL_DisableExtendedMasterSecret(void); int test_certificate_authorities_certificate_request(void); int test_certificate_authorities_client_hello(void); +int test_TLSX_TCA_Find(void); +int test_TLSX_SNI_GetSize_overflow(void); #endif /* TESTS_API_TEST_TLS_EMS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_wc_encrypt.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wc_encrypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_wc_encrypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wolfmath.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wolfmath.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_wolfmath.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wolfmath.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_wolfmath.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_wolfmath.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_wolfmath.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_x509.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_x509.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_x509.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,10 @@ #include #include +#include +#include +#include + #if defined(OPENSSL_ALL) && \ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) #define HAVE_TEST_X509_RFC2818_VERIFICATION_CALLBACK @@ -148,3 +152,726 @@ #endif return EXPECT_RESULT(); } + +/* Basic unit coverage for GetCAByAKID. + * + * These tests construct a minimal WOLFSSL_CERT_MANAGER and Signer objects in + * memory and then call GetCAByAKID directly, verifying that: + * - a NULL or incomplete input returns NULL, + * - a matching issuer/serial pair returns the expected Signer, and + * - a non-matching pair returns NULL. + * + * These tests are intended to check the behaviour of the lookup logic itself; + * they do not exercise certificate parsing or real CA loading. + */ +int test_x509_GetCAByAKID(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_AKID_NAME + WOLFSSL_CERT_MANAGER cm; + Signer signerA; + Signer signerB; + Signer* found; + byte issuerBuf[] = { 0x01, 0x02, 0x03, 0x04 }; + byte serialBuf[] = { 0x0a, 0x0b, 0x0c, 0x0d }; + byte wrongSerial[] = { 0x07, 0x07, 0x07, 0x07 }; + byte issuerHash[SIGNER_DIGEST_SIZE]; + byte serialHash[SIGNER_DIGEST_SIZE]; + word32 row; + + XMEMSET(&cm, 0, sizeof(cm)); + XMEMSET(&signerA, 0, sizeof(signerA)); + XMEMSET(&signerB, 0, sizeof(signerB)); + XMEMSET(issuerHash, 0, sizeof(issuerHash)); + XMEMSET(serialHash, 0, sizeof(serialHash)); + + /* Initialize CA mutex so GetCAByAKID can lock/unlock it. */ + ExpectIntEQ(wc_InitMutex(&cm.caLock), 0); + + /* Place both signers into the same CA table bucket. */ + row = 0; + cm.caTable[row] = &signerA; + signerA.next = &signerB; + signerB.next = NULL; + + /* Pre-compute the expected name and serial hashes using the same helper + * that GetCAByAKID uses internally. */ + ExpectIntEQ(CalcHashId(issuerBuf, sizeof(issuerBuf), issuerHash), 0); + ExpectIntEQ(CalcHashId(serialBuf, sizeof(serialBuf), serialHash), 0); + + /* Configure signerA as the matching signer. */ + XMEMCPY(signerA.issuerNameHash, issuerHash, SIGNER_DIGEST_SIZE); + XMEMCPY(signerA.serialHash, serialHash, SIGNER_DIGEST_SIZE); + + /* Configure signerB with different hashes so it should not match. */ + XMEMSET(signerB.issuerNameHash, 0x11, SIGNER_DIGEST_SIZE); + XMEMSET(signerB.serialHash, 0x22, SIGNER_DIGEST_SIZE); + + /* 1) NULL manager should yield NULL. */ + found = GetCAByAKID(NULL, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 2) NULL issuer should yield NULL. */ + found = GetCAByAKID(&cm, NULL, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 3) NULL serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + NULL, (word32)sizeof(serialBuf)); + ExpectNull(found); + + /* 4) Zero-length issuer/serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, 0, serialBuf, (word32)sizeof(serialBuf)); + ExpectNull(found); + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, 0); + ExpectNull(found); + + /* 5) Non-matching serial should yield NULL. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + wrongSerial, (word32)sizeof(wrongSerial)); + ExpectNull(found); + + /* 6) Matching issuer/serial should return signerA. */ + found = GetCAByAKID(&cm, issuerBuf, (word32)sizeof(issuerBuf), + serialBuf, (word32)sizeof(serialBuf)); + ExpectPtrEq(found, &signerA); + + wc_FreeMutex(&cm.caLock); + +#endif /* WOLFSSL_AKID_NAME */ + return EXPECT_RESULT(); +} + +/* Regression test: wolfSSL_X509_verify_cert() must honour the hostname set via + * X509_VERIFY_PARAM_set1_host(). Before the fix the hostname was stored in + * ctx->param->hostName but never consulted, so any chain-valid certificate + * would pass regardless of hostname mismatch (RFC 6125 sec. 6.4.1 violation). + * + * Uses existing PEM fixtures: + * svrCertFile - CN=www.wolfssl.com, SAN DNS=example.com, SAN IP=127.0.0.1 + * caCertFile - CA that signed svrCertFile + */ +int test_x509_verify_cert_hostname_check(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_STORE_CTX* ctx = NULL; + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* leaf = NULL; + WOLFSSL_X509_VERIFY_PARAM* param = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, ca), WOLFSSL_SUCCESS); + + ExpectNotNull(leaf = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + + /* Case 1: no hostname constraint - must succeed. */ + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, leaf, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_verify_cert(ctx), WOLFSSL_SUCCESS); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + + /* Case 2: hostname matches a SAN DNS entry - must succeed. */ + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, leaf, NULL), + WOLFSSL_SUCCESS); + param = wolfSSL_X509_STORE_CTX_get0_param(ctx); + ExpectNotNull(param); + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_host(param, "example.com", + XSTRLEN("example.com")), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_verify_cert(ctx), WOLFSSL_SUCCESS); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + + /* Case 3: hostname does not match - must FAIL with the right error code. */ + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, leaf, NULL), + WOLFSSL_SUCCESS); + param = wolfSSL_X509_STORE_CTX_get0_param(ctx); + ExpectNotNull(param); + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_host(param, "wrong.com", + XSTRLEN("wrong.com")), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_X509_verify_cert(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error(ctx), + X509_V_ERR_HOSTNAME_MISMATCH); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error_depth(ctx), 0); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + +#ifdef WOLFSSL_IP_ALT_NAME + /* Case 4: IP matches a SAN IP entry - must succeed. */ + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, leaf, NULL), + WOLFSSL_SUCCESS); + param = wolfSSL_X509_STORE_CTX_get0_param(ctx); + ExpectNotNull(param); + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, "127.0.0.1"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_verify_cert(ctx), WOLFSSL_SUCCESS); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + + /* Case 5: IP does not match - must FAIL with the right error code. */ + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_init(ctx, store, leaf, NULL), + WOLFSSL_SUCCESS); + param = wolfSSL_X509_STORE_CTX_get0_param(ctx); + ExpectNotNull(param); + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, "192.168.1.1"), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_X509_verify_cert(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error(ctx), + X509_V_ERR_IP_ADDRESS_MISMATCH); + ExpectIntEQ(wolfSSL_X509_STORE_CTX_get_error_depth(ctx), 0); + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; +#endif /* WOLFSSL_IP_ALT_NAME */ + + wolfSSL_X509_free(leaf); + wolfSSL_X509_free(ca); + wolfSSL_X509_STORE_free(store); +#endif /* OPENSSL_EXTRA && !NO_FILESYSTEM && !NO_RSA */ + return EXPECT_RESULT(); +} + +int test_x509_set_serialNumber(void) +{ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_ASN1_INTEGER* s = NULL; +#if defined(OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_ASN1_INTEGER asnInt; +#endif + + ExpectNotNull(x509 = wolfSSL_X509_new()); +#if defined(OPENSSL_EXTRA_X509_SMALL) + XMEMSET(&asnInt, 0, sizeof(asnInt)); + asnInt.data = asnInt.intData; + asnInt.isDynamic = 0; + asnInt.dataMax = (unsigned int)sizeof(asnInt.intData); + s = &asnInt; +#else + ExpectNotNull(s = wolfSSL_ASN1_INTEGER_new()); +#endif + + /* --- invalid inputs that must be rejected --- */ + + /* NULL x509 */ + ExpectIntEQ(X509_set_serialNumber(NULL, s), WOLFSSL_FAILURE); + /* NULL s */ + ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); + + if (s != NULL) { + /* length == 0: too short */ + s->length = 0; + s->data[0] = ASN_INTEGER; + s->data[1] = 0; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_FAILURE); + + /* length == 1: still too short */ + s->length = 1; + s->data[0] = ASN_INTEGER; + s->data[1] = 0; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_FAILURE); + + /* length == 2: still rejected - the guard requires length >= 3 */ + s->length = 2; + s->data[0] = ASN_INTEGER; + s->data[1] = 0; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_FAILURE); + + /* wrong type byte */ + s->length = 4; + s->data[0] = 0x00; /* not ASN_INTEGER */ + s->data[1] = 2; /* length field */ + s->data[2] = 0x01; + s->data[3] = 0x02; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_FAILURE); + + /* mismatched length byte (data[1] != s->length - 2) */ + s->length = 4; + s->data[0] = ASN_INTEGER; + s->data[1] = 99; /* claims 99 bytes but s->length - 2 == 2 */ + s->data[2] = 0x01; + s->data[3] = 0x02; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_FAILURE); + + /* --- valid two-byte serial number --- */ + s->length = 4; + s->data[0] = ASN_INTEGER; + s->data[1] = 2; + s->data[2] = 0x01; + s->data[3] = 0x02; + ExpectIntEQ(wolfSSL_X509_set_serialNumber(x509, s), + WOLFSSL_SUCCESS); + ExpectIntEQ(x509->serialSz, 2); + /* NUL terminator must be placed right after the copied data */ + ExpectIntEQ(x509->serial[x509->serialSz], 0); + ExpectIntEQ(x509->serial[0], 0x01); + ExpectIntEQ(x509->serial[1], 0x02); + } + +#if !defined(OPENSSL_EXTRA_X509_SMALL) + wolfSSL_ASN1_INTEGER_free(s); +#endif + wolfSSL_X509_free(x509); + return EXPECT_RESULT(); +#else + return TEST_SKIPPED; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +} + +/* + * Test: CopyDateToASN1_TIME clamps attacker-controlled time field length. + * + * Attack chain: + * 1. Attacker crafts a DER certificate with notBefore UTCTime length byte + * set to 0x1F (31) instead of 0x0D (13). The first 13 bytes are a valid + * "YYMMDDHHMMSSZ" string (passes ExtractDate 'Z'-at-position-12 check), + * followed by 18 sentinel bytes (0xDE). Parent SEQUENCE lengths are + * adjusted so the DER is structurally valid. + * 2. The malicious cert is presented as the server cert in a TLS handshake + * (via memio -- no sockets needed). + * 3. The client parses the cert. CopyDateToASN1_TIME() in internal.c must + * clamp the length to CTC_DATE_SIZE - 2 (30) so that downstream code + * in wolfSSL_X509_notBefore() can safely prepend type+length at offset + * 0-1 of the 32-byte notBeforeData without overflowing. + * + * The test verifies that notBefore.length <= CTC_DATE_SIZE - 2 (30), + * regardless of the attacker's wire value (31). + */ + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) + +/* Verify callback that accepts all certificates regardless of errors. */ +static int accept_all_verify_cb(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + (void)preverify; + (void)store; + return 1; +} + +/* + * Craft a malicious DER certificate by inflating the notBefore UTCTime length. + * + * Scans for the Validity SEQUENCE (pattern: 0x30 XX 0x17 0x0D), inflates the + * notBefore length by 'inflate' bytes, inserts sentinel bytes (0xDE), and + * adjusts all parent SEQUENCE lengths. + * + * out: caller-supplied buffer, must be at least origSz + inflate bytes. + * outSz: set to the new cert size on success. + * Returns 0 on success, -1 on failure. + */ +static int craft_malicious_time_cert(const byte* orig, int origSz, + byte* out, int* outSz, int inflate) +{ + int i; + int validityOff = -1; + int notBeforeLenOff; /* offset of the notBefore length byte */ + int notBeforeDataEnd; /* offset just past the 13-byte time data */ + word16 seqLen; + + /* Scan for Validity SEQUENCE: 0x30 XX 0x17 0x0D */ + for (i = 0; i < origSz - 3; i++) { + if (orig[i] == 0x30 && orig[i + 2] == 0x17 && orig[i + 3] == 0x0D) { + validityOff = i; + break; + } + } + if (validityOff < 0) { + return -1; + } + + notBeforeLenOff = validityOff + 3; /* the 0x0D byte */ + notBeforeDataEnd = notBeforeLenOff + 1 + 13; /* tag(1) was at +2, data starts at +4 */ + + /* Build the new buffer: + * [0 .. notBeforeLenOff-1] unchanged prefix + * [notBeforeLenOff] inflated length byte + * [notBeforeLenOff+1 .. notBeforeDataEnd-1] original 13 time bytes + * + * [notBeforeDataEnd .. origSz-1] remainder of cert + */ + + /* Copy prefix including the length byte position */ + XMEMCPY(out, orig, notBeforeDataEnd); + + /* Patch the notBefore UTCTime length byte */ + out[notBeforeLenOff] = (byte)(0x0D + inflate); + + /* Insert sentinel bytes */ + XMEMSET(out + notBeforeDataEnd, 0xDE, inflate); + + /* Copy the rest of the cert (notAfter field onward) */ + XMEMCPY(out + notBeforeDataEnd + inflate, + orig + notBeforeDataEnd, + origSz - notBeforeDataEnd); + + /* Fix Validity SEQUENCE length (single-byte encoding at validityOff+1) */ + out[validityOff + 1] = (byte)(orig[validityOff + 1] + inflate); + + /* Fix TBSCertificate SEQUENCE length (2-byte big-endian at offset 6-7, + * format: 30 82 XX XX) */ + seqLen = ((word16)orig[6] << 8) | orig[7]; + seqLen += (word16)inflate; + out[6] = (byte)(seqLen >> 8); + out[7] = (byte)(seqLen & 0xFF); + + /* Fix Certificate SEQUENCE length (2-byte big-endian at offset 2-3, + * format: 30 82 XX XX) */ + seqLen = ((word16)orig[2] << 8) | orig[3]; + seqLen += (word16)inflate; + out[2] = (byte)(seqLen >> 8); + out[3] = (byte)(seqLen & 0xFF); + + *outSz = origSz + inflate; + return 0; +} + +#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES && ... */ + +int test_x509_time_field_overread_via_tls(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX* ctx_c = NULL; + WOLFSSL_CTX* ctx_s = NULL; + WOLFSSL* ssl_c = NULL; + WOLFSSL* ssl_s = NULL; + WOLFSSL_X509* peer = NULL; + WOLFSSL_ASN1_TIME* notBefore = NULL; + /* + * Inflate notBefore length by 18 bytes: 13 + 18 = 31. + * CopyDecodedToX509() sets notBefore.length = min(31, MAX_DATE_SZ) = 31 + * because it trusts the raw ASN.1 length byte from the wire. + * A valid UTCTime is only 13 bytes. + */ + const int INFLATE = 18; + byte malicious_der[sizeof_server_cert_der_2048 + 18]; + int malicious_der_sz = 0; + + /* --- Step 1: Craft malicious certificate --- */ + ExpectIntEQ(craft_malicious_time_cert( + server_cert_der_2048, (int)sizeof_server_cert_der_2048, + malicious_der, &malicious_der_sz, INFLATE), 0); + ExpectIntEQ(malicious_der_sz, + (int)sizeof_server_cert_der_2048 + INFLATE); + + /* --- Step 2: Set up TLS via memio --- */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup_ex(&test_ctx, &ctx_c, &ctx_s, + &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + (byte*)ca_cert_der_2048, (int)sizeof_ca_cert_der_2048, + malicious_der, malicious_der_sz, + (byte*)server_key_der_2048, (int)sizeof_server_key_der_2048), 0); + + /* Client verify callback accepts all errors (signature is broken + * because we modified the TBSCertificate without re-signing). + * Must be set on ssl_c (not ctx_c) because the SSL object was already + * created from ctx_c inside test_memio_setup_ex(). */ + if (ssl_c != NULL) { + wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_PEER, + accept_all_verify_cb); + } + + /* --- Step 3: Perform TLS handshake --- */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* --- Step 4: Verify CopyDecodedToX509 does not trust wire length --- */ +#ifdef KEEP_PEER_CERT + ExpectNotNull(peer = wolfSSL_get_peer_certificate(ssl_c)); + + /* + * X509_get_notBefore returns &x509->notBefore directly (no copy). + * CopyDecodedToX509() set notBefore.length = min(wireLength, 32) = 31 + * because it trusts the raw ASN.1 length byte from the attacker's cert. + * + * The data buffer is CTC_DATE_SIZE (32) bytes, and the notBeforeData + * encoding prepends type+length at offset 0-1, leaving 30 bytes for + * content. So the maximum safe length is CTC_DATE_SIZE - 2 = 30. + * + * This assertion FAILS on the buggy code (length > 30) and will PASS + * once CopyDateToASN1_TIME clamps to the buffer capacity. + */ + if (peer != NULL) { + notBefore = wolfSSL_X509_get_notBefore(peer); + } + ExpectNotNull(notBefore); + ExpectIntLE(notBefore->length, CTC_DATE_SIZE - 2); /* max: 30 */ + + wolfSSL_X509_free(peer); +#endif /* KEEP_PEER_CERT */ + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); +#endif /* compile guards */ + return EXPECT_RESULT(); +} + + +/* Test that CertFromX509 rejects an oversized raw AuthorityKeyIdentifier + * extension. Before the fix, the guard checked authKeyIdSz (the [0] + * keyIdentifier sub-field) but the WOLFSSL_AKID_NAME branch copied + * authKeyIdSrcSz (the full extension) bytes, causing a heap overflow. */ +int test_x509_CertFromX509_akid_overflow(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && !defined(NO_BIO) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) + /* DER builder helpers -- write into a flat buffer */ +#ifdef WOLFSSL_SMALL_STACK + unsigned char* buf = NULL; +#else + unsigned char buf[16384]; +#endif + size_t pos = 0; + size_t akid_val_len; + unsigned char* akid_val = NULL; + WOLFSSL_X509* x = NULL; + WOLFSSL_BIO* bio = NULL; + +#ifdef WOLFSSL_SMALL_STACK + buf = (unsigned char*)XMALLOC(16384, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(buf); + if (buf == NULL) + return EXPECT_RESULT(); +#endif + + #define PUT1(b) do { buf[pos++] = (b); } while(0) + #define PUTN(p, n) do { XMEMCPY(buf + pos, (p), (n)); pos += (n); } while(0) + + /* Emit tag + definite-length header, return header size */ + #define TLV_HDR(tag, n, out, hlen) do { \ + size_t _i = 0; \ + (out)[_i++] = (tag); \ + if ((n) < 0x80u) { (out)[_i++] = (unsigned char)(n); } \ + else if ((n) < 0x100u) { (out)[_i++] = 0x81; \ + (out)[_i++] = (unsigned char)(n); } \ + else if ((n) < 0x10000u) { (out)[_i++] = 0x82; \ + (out)[_i++] = (unsigned char)((n)>>8); \ + (out)[_i++] = (unsigned char)(n); } \ + (hlen) = _i; \ + } while(0) + + /* Wrap [start, pos) in-place with a TLV header */ + #define WRAP(start, tag) do { \ + size_t _len = pos - (start); \ + unsigned char _hdr[6]; size_t _hlen; \ + TLV_HDR((tag), _len, _hdr, _hlen); \ + XMEMMOVE(buf + (start) + _hlen, buf + (start), _len); \ + XMEMCPY(buf + (start), _hdr, _hlen); \ + pos += _hlen; \ + } while(0) + + /* ---- Build AKID extension value ---- */ + { + size_t akid_start = pos; + size_t s; + int i; + + /* [0] keyIdentifier: 20 bytes (small, passes old check) */ + s = pos; + for (i = 0; i < 20; i++) PUT1(0x41); + WRAP(s, 0x80); + + /* [1] authorityCertIssuer: one URI of ~4000 bytes + * This makes authKeyIdSrcSz >> sizeof(cert->akid) (~1628) */ + s = pos; + { + const char* pfx = "http://e/"; + PUTN(pfx, (size_t)XSTRLEN(pfx)); + for (i = 0; i < 4000; i++) PUT1('Z'); + } + WRAP(s, 0x86); /* GeneralName [6] URI */ + WRAP(s, 0xA1); /* [1] IMPLICIT */ + + /* [2] authorityCertSerialNumber */ + s = pos; + PUT1(0x01); + WRAP(s, 0x82); + + WRAP(akid_start, 0x30); /* SEQUENCE */ + akid_val_len = pos - akid_start; + akid_val = (unsigned char*)XMALLOC(akid_val_len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(akid_val); + if (akid_val != NULL) + XMEMCPY(akid_val, buf + akid_start, akid_val_len); + } + + /* ---- Build minimal self-signed v3 certificate ---- */ + pos = 0; + { + size_t tbs_start = pos; + size_t s; + + /* version [0] EXPLICIT INTEGER 2 (v3) */ + PUT1(0xA0); PUT1(0x03); PUT1(0x02); PUT1(0x01); PUT1(0x02); + + /* serialNumber INTEGER 1 */ + PUT1(0x02); PUT1(0x01); PUT1(0x01); + + /* signature: ecdsa-with-SHA256 */ + s = pos; + { + unsigned char oid[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x04,0x03,0x02}; + PUTN(oid, sizeof(oid)); + } + WRAP(s, 0x30); + + /* issuer: CN=A */ + s = pos; + { + size_t rdn = pos, atv = pos; + unsigned char cn[] = {0x06,0x03,0x55,0x04,0x03}; + PUTN(cn, sizeof(cn)); + PUT1(0x0C); PUT1(0x01); PUT1('A'); + WRAP(atv, 0x30); WRAP(rdn, 0x31); WRAP(s, 0x30); + } + + /* validity */ + s = pos; + { + unsigned char t1[] = {0x17,0x0D,'2','5','0','1','0','1', + '0','0','0','0','0','0','Z'}; + unsigned char t2[] = {0x17,0x0D,'3','5','0','1','0','1', + '0','0','0','0','0','0','Z'}; + PUTN(t1, sizeof(t1)); PUTN(t2, sizeof(t2)); + } + WRAP(s, 0x30); + + /* subject: CN=A */ + s = pos; + { + size_t rdn = pos, atv = pos; + unsigned char cn[] = {0x06,0x03,0x55,0x04,0x03}; + PUTN(cn, sizeof(cn)); + PUT1(0x0C); PUT1(0x01); PUT1('A'); + WRAP(atv, 0x30); WRAP(rdn, 0x31); WRAP(s, 0x30); + } + + /* subjectPublicKeyInfo: EC P-256 with dummy point */ + s = pos; + { + size_t alg = pos, bs; + unsigned char ecpk[] = {0x06,0x07,0x2A,0x86,0x48,0xCE, + 0x3D,0x02,0x01}; + unsigned char p256[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x03,0x01,0x07}; + PUTN(ecpk, sizeof(ecpk)); + PUTN(p256, sizeof(p256)); + WRAP(alg, 0x30); + bs = pos; + PUT1(0x00); PUT1(0x04); + /* Use P-256 generator point (valid on-curve point) so that + * builds with WOLFSSL_VALIDATE_ECC_IMPORT accept the key. */ + { + static const unsigned char p256G[64] = { + 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47, + 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2, + 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0, + 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96, + 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B, + 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16, + 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE, + 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5 + }; + PUTN(p256G, sizeof(p256G)); + } + WRAP(bs, 0x03); + } + WRAP(s, 0x30); + + /* extensions [3] */ + { + size_t exts_outer = pos, exts_seq = pos, ext = pos, ev; + unsigned char akid_oid[] = {0x06,0x03,0x55,0x1D,0x23}; + PUTN(akid_oid, sizeof(akid_oid)); + ev = pos; + if (akid_val != NULL) + PUTN(akid_val, akid_val_len); + WRAP(ev, 0x04); + WRAP(ext, 0x30); + WRAP(exts_seq, 0x30); + WRAP(exts_outer, 0xA3); + } + + WRAP(tbs_start, 0x30); + + /* signatureAlgorithm */ + s = pos; + { + unsigned char oid[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x04,0x03,0x02}; + PUTN(oid, sizeof(oid)); + } + WRAP(s, 0x30); + + /* signatureValue: dummy */ + s = pos; + { + size_t sig; + PUT1(0x00); + sig = pos; + PUT1(0x02); PUT1(0x01); PUT1(0x01); + PUT1(0x02); PUT1(0x01); PUT1(0x01); + WRAP(sig, 0x30); + } + WRAP(s, 0x03); + + WRAP(0, 0x30); /* outer Certificate SEQUENCE */ + } + + /* Parse the crafted certificate */ + x = wolfSSL_X509_d2i(NULL, buf, (int)pos); + ExpectNotNull(x); + + /* Attempt re-encode via i2d_X509_bio -- must fail gracefully, not + * overflow. Before the fix this would write ~4000 bytes past the + * end of cert->akid[]. */ + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ExpectNotNull(bio); + ExpectIntEQ(wolfSSL_i2d_X509_bio(bio, x), 0); + + wolfSSL_BIO_free(bio); + wolfSSL_X509_free(x); + XFREE(akid_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + #undef PUT1 + #undef PUTN + #undef TLV_HDR + #undef WRAP +#endif + return EXPECT_RESULT(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_x509.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api/test_x509.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api/test_x509.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test_x509.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,8 +23,18 @@ #define WOLFCRYPT_TEST_X509_H int test_x509_rfc2818_verification_callback(void); +int test_x509_GetCAByAKID(void); +int test_x509_set_serialNumber(void); +int test_x509_verify_cert_hostname_check(void); +int test_x509_time_field_overread_via_tls(void); +int test_x509_CertFromX509_akid_overflow(void); #define TEST_X509_DECLS \ - TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback) + TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback), \ + TEST_DECL_GROUP("x509", test_x509_GetCAByAKID), \ + TEST_DECL_GROUP("x509", test_x509_set_serialNumber), \ + TEST_DECL_GROUP("x509", test_x509_verify_cert_hostname_check), \ + TEST_DECL_GROUP("x509", test_x509_time_field_overread_via_tls), \ + TEST_DECL_GROUP("x509", test_x509_CertFromX509_akid_overflow) #endif /* WOLFCRYPT_TEST_X509_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/api.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/api.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* api.c API unit tests * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,7 +37,7 @@ #if defined(WOLFSSL_STATIC_MEMORY) #include #endif -#ifdef WOLFSSL_ASNC_CRYPT +#ifdef WOLFSSL_ASYNC_CRYPT #include #endif #ifdef HAVE_ECC @@ -52,13 +52,14 @@ #include -#ifdef __linux__ +#if defined(__linux__) || defined(__FreeBSD__) #include #include #endif #include /* compatibility layer */ #include +#include #include #include @@ -158,6 +159,25 @@ #include "wolfssl/internal.h" #endif +#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_CHAIN_INPUT) + #include + #include + #include +#endif + +#ifdef HAVE_DILITHIUM + #include +#endif +#if defined(WOLFSSL_HAVE_MLKEM) + #include +#endif +#if defined(HAVE_PKCS7) + #include +#endif +#if !defined(NO_BIG_INT) + #include +#endif + /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. @@ -206,6 +226,7 @@ #include #include #include +#include #include #include #include @@ -228,6 +249,25 @@ #include #include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include #include #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ @@ -237,14 +277,9 @@ #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES #endif -#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_CERTS) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) - #define HAVE_CERT_CHAIN_VALIDATION -#endif - #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) - #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ + defined(SESSION_CERTS) || defined(WOLFSSL_HAVE_MLKEM) #ifdef OPENSSL_EXTRA #define TEST_TLS_STATIC_MEMSZ (400000) #else @@ -256,7 +291,7 @@ #endif #ifdef WOLFSSL_DUMP_MEMIO_STREAM -const char* currentTestName; +const char* currentTestName = NULL; char tmpDirName[16]; int tmpDirNameSet = 0; #endif @@ -1422,7 +1457,7 @@ XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); - free(serverKey); + XFREE(serverKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); return EXPECT_RESULT(); } @@ -1497,7 +1532,7 @@ XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); - free(serverKey); + XFREE(serverKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); return EXPECT_RESULT(); } @@ -2039,6 +2074,171 @@ return EXPECT_RESULT(); } +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(HAVE_RENEGOTIATION_INDICATION) && \ + defined(HAVE_AESGCM) && \ + ((!defined(NO_RSA) && defined(HAVE_ECC)) || !defined(NO_ERROR_STRINGS)) +/* Helper function to check if TLS 1.3 suites exist in the suites list */ +static int suites_has_tls13(const byte* suites, word16 suiteSz) +{ + word16 i; + for (i = 0; i < suiteSz; i += 2) { + if (suites[i] == 0x13) { /* TLS13_BYTE */ + return 1; + } + } + return 0; +} + +/* Helper function to check if TLS 1.2 (non-1.3) suites exist in the suites list */ +static int suites_has_tls12(const byte* suites, word16 suiteSz) +{ + word16 i; + for (i = 0; i < suiteSz; i += 2) { + if (suites[i] != 0x13) { /* Not TLS13_BYTE */ + return 1; + } + } + return 0; +} +#endif + +/* Test 1: SSLv23 + set TLS 1.2 cipher -> TLS 1.3 suites should still be there */ +static int test_wolfSSL_set_cipher_list_tls12_keeps_tls13(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(HAVE_RENEGOTIATION_INDICATION) && \ + defined(HAVE_AESGCM) && defined(HAVE_ECC) && !defined(NO_RSA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Set only a TLS 1.2 cipher suite */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + + /* TLS 1.3 suites should still be present (downgrade is enabled) */ + ExpectNotNull(ssl->suites); + ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz)); + /* The TLS 1.2 suite we set should also be there */ + ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Test 2: SSLv23 + set TLS 1.3 cipher -> TLS 1.2 suites should still be there */ +static int test_wolfSSL_set_cipher_list_tls13_keeps_tls12(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(HAVE_RENEGOTIATION_INDICATION) && \ + defined(HAVE_AESGCM) && !defined(NO_ERROR_STRINGS) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Set only a TLS 1.3 cipher suite */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS_AES_128_GCM_SHA256"), + WOLFSSL_SUCCESS); + + /* TLS 1.2 suites should still be present (downgrade is enabled) */ + ExpectNotNull(ssl->suites); + ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz)); + /* The TLS 1.3 suite we set should also be there */ + ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Test 3: SSLv23 + SetVersion(TLS 1.2) + set TLS 1.2 cipher -> only that cipher */ +static int test_wolfSSL_set_cipher_list_tls12_with_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(HAVE_RENEGOTIATION_INDICATION) && \ + defined(HAVE_AESGCM) && defined(HAVE_ECC) && !defined(NO_RSA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Set protocol version to TLS 1.2 (this disables downgrade) */ + ExpectIntEQ(wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1_2), WOLFSSL_SUCCESS); + + /* Set only a TLS 1.2 cipher suite */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + + /* Should have only TLS 1.2 suites (no TLS 1.3) since downgrade is disabled */ + ExpectNotNull(ssl->suites); + ExpectFalse(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz)); + /* Should have the TLS 1.2 suite we set */ + ExpectTrue(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz)); + /* Should have exactly one cipher suite (2 bytes) */ + ExpectIntEQ(ssl->suites->suiteSz, 2); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Test 4: SSLv23 + SetVersion(TLS 1.3) + set TLS 1.3 cipher -> only that cipher */ +static int test_wolfSSL_set_cipher_list_tls13_with_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(HAVE_RENEGOTIATION_INDICATION) && \ + defined(HAVE_AESGCM) && !defined(NO_ERROR_STRINGS) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Set protocol version to TLS 1.3 (this disables downgrade) */ + ExpectIntEQ(wolfSSL_SetVersion(ssl, WOLFSSL_TLSV1_3), WOLFSSL_SUCCESS); + + /* Set only a TLS 1.3 cipher suite */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS_AES_128_GCM_SHA256"), + WOLFSSL_SUCCESS); + + /* Should have only TLS 1.3 suites (no TLS 1.2) since downgrade is disabled */ + ExpectNotNull(ssl->suites); + ExpectFalse(suites_has_tls12(ssl->suites->suites, ssl->suites->suiteSz)); + /* Should have the TLS 1.3 suite we set */ + ExpectTrue(suites_has_tls13(ssl->suites->suites, ssl->suites->suiteSz)); + /* Should have exactly one cipher suite (2 bytes) */ + ExpectIntEQ(ssl->suites->suiteSz, 2); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate(void) { @@ -2771,2078 +2971,6 @@ return res; } -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) -static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, - int file_type) -{ - int ret; - WOLFSSL_CERT_MANAGER* cm; - - cm = wolfSSL_CertManagerNew(); - if (cm == NULL) { - fprintf(stderr, "test_cm_load_ca failed\n"); - return -1; - } - - ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type); - - wolfSSL_CertManagerFree(cm); - - return ret; -} - -static int test_cm_load_ca_file(const char* ca_cert_file) -{ - int ret = 0; - byte* cert_buf = NULL; - size_t cert_sz = 0; -#if defined(WOLFSSL_PEM_TO_DER) - DerBuffer* pDer = NULL; -#endif - - ret = load_file(ca_cert_file, &cert_buf, &cert_sz); - if (ret == 0) { - /* normal test */ - ret = test_cm_load_ca_buffer(cert_buf, cert_sz, CERT_FILETYPE); - - if (ret == WOLFSSL_SUCCESS) { - /* test including null terminator in length */ - byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); - if (tmp == NULL) { - ret = MEMORY_E; - } - else { - cert_buf = tmp; - cert_buf[cert_sz] = '\0'; - ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, - CERT_FILETYPE); - } - - } - - #if defined(WOLFSSL_PEM_TO_DER) - if (ret == WOLFSSL_SUCCESS) { - /* test loading DER */ - ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, - NULL, NULL, NULL); - if (ret == 0 && pDer != NULL) { - ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, - WOLFSSL_FILETYPE_ASN1); - - wc_FreeDer(&pDer); - } - } - #endif - - } - free(cert_buf); - - return ret; -} - -static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz, - int file_type, word32 flags) -{ - int ret; - WOLFSSL_CERT_MANAGER* cm; - - cm = wolfSSL_CertManagerNew(); - if (cm == NULL) { - fprintf(stderr, "test_cm_load_ca failed\n"); - return -1; - } - - ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type, - 0, flags); - - wolfSSL_CertManagerFree(cm); - - return ret; -} - -static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) -{ - int ret = 0; - byte* cert_buf = NULL; - size_t cert_sz = 0; -#if defined(WOLFSSL_PEM_TO_DER) - DerBuffer* pDer = NULL; -#endif - - ret = load_file(ca_cert_file, &cert_buf, &cert_sz); - if (ret == 0) { - /* normal test */ - ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz, - CERT_FILETYPE, flags); - - if (ret == WOLFSSL_SUCCESS) { - /* test including null terminator in length */ - byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); - if (tmp == NULL) { - ret = MEMORY_E; - } - else { - cert_buf = tmp; - cert_buf[cert_sz] = '\0'; - ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1, - CERT_FILETYPE, flags); - } - - } - - #if defined(WOLFSSL_PEM_TO_DER) - if (ret == WOLFSSL_SUCCESS) { - /* test loading DER */ - ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, - NULL, NULL, NULL); - if (ret == 0 && pDer != NULL) { - ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length, - WOLFSSL_FILETYPE_ASN1, flags); - - wc_FreeDer(&pDer); - } - } - #endif - - } - free(cert_buf); - - return ret; -} - -#endif /* !NO_FILESYSTEM && !NO_CERTS */ - -static int test_wolfSSL_CertManagerAPI(void) -{ - EXPECT_DECLS; -#ifndef NO_CERTS - WOLFSSL_CERT_MANAGER* cm = NULL; - unsigned char c = 0; - - ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - - wolfSSL_CertManagerFree(NULL); - ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#ifdef WOLFSSL_TRUST_PEER_CERT - ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#endif - - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1, - WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - -#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1), - WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); -#endif - -#if !defined(NO_FILESYSTEM) - { - #ifdef WOLFSSL_PEM_TO_DER - const char* ca_cert = "./certs/ca-cert.pem"; - #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) - const char* ca_cert_der = "./certs/ca-cert.der"; - #endif - #else - const char* ca_cert = "./certs/ca-cert.der"; - #endif - const char* ca_path = "./certs"; - - #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) - ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert, - WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1), - WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); -#ifdef WOLFSSL_PEM_TO_DER - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der, - WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); -#endif - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file", - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); - #endif - - ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - } -#endif - -#ifdef OPENSSL_COMPATIBLE_DEFAULTS - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1); -#elif !defined(HAVE_CRL) - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif - - ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1); -#ifdef HAVE_CRL - /* Test APIs when CRL is disabled. */ -#ifdef HAVE_CRL_IO - ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); -#endif - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, - sizeof_server_cert_der_2048), 1); - ExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); -#endif - - /* OCSP */ - ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); -#if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ - !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif - -#ifdef HAVE_OCSP - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0, - NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1, - NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1, - NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1); - - ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1); - - ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1); - /* Test APIs when OCSP is disabled. */ - ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, &c, 1, - NULL, NULL, NULL, NULL), 1); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, 1), 1); - -#endif - - ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1); - if (EXPECT_SUCCESS()) { - wolfSSL_CertManagerFree(cm); - } - wolfSSL_CertManagerFree(cm); - cm = NULL; - - ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - -#ifdef HAVE_OCSP - ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, WOLFSSL_OCSP_URL_OVERRIDE | - WOLFSSL_OCSP_CHECKALL), 1); -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ - defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), 1); - ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), 1); -#endif - - ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); - ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); -#endif - -#ifdef WOLFSSL_TRUST_PEER_CERT - ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(cm), 1); -#endif - wolfSSL_CertManagerFree(cm); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerLoadCABuffer(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) -#if defined(WOLFSSL_PEM_TO_DER) - const char* ca_cert = "./certs/ca-cert.pem"; - const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; -#else - const char* ca_cert = "./certs/ca-cert.der"; - const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; -#endif - int ret; - - ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#elif defined(NO_RSA) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); -#else - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif - - ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#elif defined(NO_RSA) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); -#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ - !defined(NO_ASN_TIME) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); -#else - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerLoadCABuffer_ex(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) -#if defined(WOLFSSL_PEM_TO_DER) - const char* ca_cert = "./certs/ca-cert.pem"; - const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; -#else - const char* ca_cert = "./certs/ca-cert.der"; - const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; -#endif - int ret; - - ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE), - 1); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#elif defined(NO_RSA) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); -#else - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif - - ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert, - WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); -#elif defined(NO_RSA) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); -#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ - !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \ - defined(OPENSSL_COMPATIBLE_DEFAULTS) - ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); -#else - ExpectIntEQ(ret, WOLFSSL_SUCCESS); -#endif - -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerLoadCABufferType(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_RSA) && !defined(NO_SHA256) && \ - !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) -#if defined(WOLFSSL_PEM_TO_DER) - const char* ca_cert = "./certs/ca-cert.pem"; - const char* int1_cert = "./certs/intermediate/ca-int-cert.pem"; - const char* int2_cert = "./certs/intermediate/ca-int2-cert.pem"; - const char* client_cert = "./certs/intermediate/client-int-cert.pem"; -#else - const char* ca_cert = "./certs/ca-cert.der"; - const char* int1_cert = "./certs/intermediate/ca-int-cert.der"; - const char* int2_cert = "./certs/intermediate/ca-int2-cert.der"; - const char* client_cert = "./certs/intermediate/client-int-cert.der"; -#endif - byte* ca_cert_buf = NULL; - byte* int1_cert_buf = NULL; - byte* int2_cert_buf = NULL; - byte* client_cert_buf = NULL; - size_t ca_cert_sz = 0; - size_t int1_cert_sz = 0; - size_t int2_cert_sz = 0; - size_t client_cert_sz = 0; - WOLFSSL_CERT_MANAGER* cm = NULL; - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntEQ(load_file(ca_cert, &ca_cert_buf, &ca_cert_sz), 0); - ExpectIntEQ(load_file(int1_cert, &int1_cert_buf, &int1_cert_sz), 0); - ExpectIntEQ(load_file(int2_cert, &int2_cert_buf, &int2_cert_sz), 0); - ExpectIntEQ(load_file(client_cert, &client_cert_buf, &client_cert_sz), 0); - - ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 0), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 5), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, - (sword32)ca_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_CA), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, - (sword32)int1_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, - (sword32)int2_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, - (sword32)client_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - - /* Intermediate certs have been unloaded, but CA cert is still - loaded. Expect first level intermediate to verify, rest to fail. */ - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, - (sword32)int1_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_TEMP_CA), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, - (sword32)int2_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_CHAIN_CA), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, - (sword32)client_cert_sz, CERT_FILETYPE, 0, - WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_CA), - WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, - int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, - int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, - client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); - - if (cm) - wolfSSL_CertManagerFree(cm); - if (ca_cert_buf) - free(ca_cert_buf); - if (int1_cert_buf) - free(int1_cert_buf); - if (int2_cert_buf) - free(int2_cert_buf); - if (client_cert_buf) - free(client_cert_buf); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerGetCerts(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - defined(WOLFSSL_SIGNER_DER_CERT) - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_STACK* sk = NULL; - X509* x509 = NULL; - X509* cert1 = NULL; - FILE* file1 = NULL; -#ifdef DEBUG_WOLFSSL_VERBOSE - WOLFSSL_BIO* bio = NULL; -#endif - int i = 0; - int ret = 0; - const byte* der = NULL; - int derSz = 0; - - ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb")); - - ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - if (file1 != NULL) { - fclose(file1); - } - - ExpectNull(sk = wolfSSL_CertManagerGetCerts(NULL)); - ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); - - ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT - * and full OpenSSL compatibility */ - ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)); -#else - ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); -#endif - - ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, - "./certs/ca-cert.pem", NULL)); - - ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); - - for (i = 0; EXPECT_SUCCESS() && i < sk_X509_num(sk); i++) { - ExpectNotNull(x509 = sk_X509_value(sk, i)); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); - -#ifdef DEBUG_WOLFSSL_VERBOSE - bio = BIO_new(wolfSSL_BIO_s_file()); - if (bio != NULL) { - BIO_set_fp(bio, stderr, BIO_NOCLOSE); - X509_print(bio, x509); - BIO_free(bio); - } -#endif /* DEBUG_WOLFSSL_VERBOSE */ - } - wolfSSL_X509_free(cert1); - sk_X509_pop_free(sk, NULL); - wolfSSL_CertManagerFree(cm); -#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - defined(WOLFSSL_SIGNER_DER_CERT) */ - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerSetVerify(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) - WOLFSSL_CERT_MANAGER* cm = NULL; - int tmp = myVerifyAction; -#ifdef WOLFSSL_PEM_TO_DER - const char* ca_cert = "./certs/ca-cert.pem"; - const char* expiredCert = "./certs/test/expired/expired-cert.pem"; -#else - const char* ca_cert = "./certs/ca-cert.der"; - const char* expiredCert = "./certs/test/expired/expired-cert.der"; -#endif - - wolfSSL_CertManagerSetVerify(NULL, NULL); - wolfSSL_CertManagerSetVerify(NULL, myVerify); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - - wolfSSL_CertManagerSetVerify(cm, myVerify); - -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1); -#else - ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), - WOLFSSL_SUCCESS); -#endif - /* Use the test CB that always accepts certs */ - myVerifyAction = VERIFY_OVERRIDE_ERROR; - - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert, - CERT_FILETYPE), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_ALWAYS_VERIFY_CB - { - const char* verifyCert = "./certs/server-cert.der"; - /* Use the test CB that always fails certs */ - myVerifyAction = VERIFY_FORCE_FAIL; - - ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR)); - } -#endif - - wolfSSL_CertManagerFree(cm); - myVerifyAction = tmp; -#endif - - return EXPECT_RESULT(); -} - -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(DEBUG_UNIT_TEST_CERTS) -/* Used when debugging name constraint tests. Not static to allow use in - * multiple locations with complex define guards. */ -void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) -{ - BIO* out = BIO_new_file(fileName, "wb"); - if (out != NULL) { - PEM_write_bio_X509(out, x509); - BIO_free(out); - } -} -void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) -{ - BIO* out = BIO_new_file(fileName, "wb"); - if (out != NULL) { - BIO_write(out, der, derSz); - BIO_free(out); - } -} -#else -#define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING -#define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING -#endif - - -static int test_wolfSSL_CertManagerNameConstraint(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ - !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME* name = NULL; - const char* ca_cert = "./certs/test/cert-ext-nc.der"; - const char* server_cert = "./certs/test/server-goodcn.pem"; - int i = 0; - static const byte extNameConsOid[] = {85, 29, 30}; - - RsaKey key; - WC_RNG rng; - byte *der = NULL; - int derSz = 0; - word32 idx = 0; - byte *pt; - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - - wc_InitRng(&rng); - - /* load in CA private key for signing */ - ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); - ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, - sizeof_server_key_der_2048), 0); - - /* get ca certificate then alter it */ - ExpectNotNull(der = - (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); - if (EXPECT_SUCCESS() && (der != NULL)) { - XMEMCPY(der, pt, (size_t)derSz); - - /* find the name constraint extension and alter it */ - pt = der; - for (i = 0; i < derSz - 3; i++) { - if (XMEMCMP(pt, extNameConsOid, 3) == 0) { - pt += 3; - break; - } - pt++; - } - ExpectIntNE(i, derSz - 3); /* did not find OID if this case is hit */ - - /* go to the length value and set it to 0 */ - while (i < derSz && *pt != 0x81) { - pt++; - i++; - } - ExpectIntNE(i, derSz); /* did not place to alter */ - pt++; - *pt = 0x00; - } - - /* resign the altered certificate */ - ExpectIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, - FOURK_BUF, &key, NULL, &rng)), 0); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); - wolfSSL_CertManagerFree(cm); - - XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_X509_free(x509); - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); - - /* add email alt name to satisfy constraint */ - pt = (byte*)server_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - (const unsigned char**)&pt, sizeof_server_key_der_2048)); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); - DEBUG_WRITE_DER(der, derSz, "ca.der"); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - /* Good cert test with proper alt email name */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - - /* Cert with bad alt name list */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - - wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); - wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - - wolfSSL_CertManagerFree(cm); - wolfSSL_X509_free(x509); - wolfSSL_X509_free(ca); - wolfSSL_EVP_PKEY_free(priv); -#endif - - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_CertManagerNameConstraint2(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) - const char* ca_cert = "./certs/test/cert-ext-ndir.der"; - const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; - const char* server_cert = "./certs/server-cert.pem"; - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - - const unsigned char *der = NULL; - const unsigned char *pt; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME* name = NULL; - int derSz = 0; - - /* C=US*/ - char altName[] = { - 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53 - }; - - /* C=ID */ - char altNameFail[] = { - 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44 - }; - - /* C=US ST=California*/ - char altNameExc[] = { - 0x30, 0x22, - 0x31, 0x0B, - 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, - 0x31, 0x13, - 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, - 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61 - }; - /* load in CA private key for signing */ - pt = ca_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, - sizeof_ca_key_der_2048)); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - /* Test no name case. */ - ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE), - WOLFSSL_SUCCESS); - /* IP not supported. */ - ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE), - WOLFSSL_FAILURE); - - /* add in matching DIR alt name and resign */ - wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check verify fail */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - - /* add in miss matching DIR alt name and resign */ - wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), - ASN_DIR_TYPE); - -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); -#ifndef WOLFSSL_NO_ASN_STRICT - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); -#else - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#endif - - /* check that it still fails if one bad altname and one good altname is in - * the certificate */ - wolfSSL_X509_free(x509); - x509 = NULL; - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); - wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), - ASN_DIR_TYPE); - -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); -#ifndef WOLFSSL_NO_ASN_STRICT - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); -#else - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#endif - - /* check it fails with switching position of bad altname */ - wolfSSL_X509_free(x509); - x509 = NULL; - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), - ASN_DIR_TYPE); - wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); - -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); -#ifndef WOLFSSL_NO_ASN_STRICT - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); -#else - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#endif - wolfSSL_CertManagerFree(cm); - - wolfSSL_X509_free(x509); - x509 = NULL; - wolfSSL_X509_free(ca); - ca = NULL; - - /* now test with excluded name constraint */ - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), - ASN_DIR_TYPE); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - -#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); -#else - wolfSSL_X509_sign(x509, priv, EVP_sha256()); -#endif - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); -#ifndef WOLFSSL_NO_ASN_STRICT - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); -#else - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); -#endif - wolfSSL_CertManagerFree(cm); - wolfSSL_X509_free(x509); - wolfSSL_X509_free(ca); - wolfSSL_EVP_PKEY_free(priv); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerNameConstraint3(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ - !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME* name = NULL; - const char* ca_cert = "./certs/test/cert-ext-mnc.der"; - const char* server_cert = "./certs/test/server-goodcn.pem"; - - byte *der = NULL; - int derSz = 0; - byte *pt; - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - - pt = (byte*)server_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - (const unsigned char**)&pt, sizeof_server_key_der_2048)); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); - DEBUG_WRITE_DER(der, derSz, "ca.der"); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - /* check satisfying .wolfssl.com constraint passes */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check satisfying .random.com constraint passes */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check fail case when neither constraint is matched */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - - wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - - wolfSSL_CertManagerFree(cm); - wolfSSL_X509_free(x509); - wolfSSL_X509_free(ca); - wolfSSL_EVP_PKEY_free(priv); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerNameConstraint4(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ - !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME* name = NULL; - const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; - const char* server_cert = "./certs/test/server-goodcn.pem"; - - byte *der = NULL; - int derSz; - byte *pt; - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - - pt = (byte*)server_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - (const unsigned char**)&pt, sizeof_server_key_der_2048)); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); - DEBUG_WRITE_DER(der, derSz, "ca.der"); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - /* check satisfying wolfssl.com constraint passes */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check satisfying example.com constraint passes */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check satisfying wolfssl.com constraint passes with list of DNS's */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check fail when one DNS in the list is bad */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* check fail case when neither constraint is matched */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"common", 6, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - - wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - - wolfSSL_CertManagerFree(cm); - wolfSSL_X509_free(x509); - wolfSSL_X509_free(ca); - wolfSSL_EVP_PKEY_free(priv); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerNameConstraint5(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ - defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ - !defined(NO_SHA256) - WOLFSSL_CERT_MANAGER* cm = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME* name = NULL; - const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; - const char* server_cert = "./certs/test/server-goodcn.pem"; - - byte *der = NULL; - int derSz; - byte *pt; - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - - pt = (byte*)server_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - (const unsigned char**)&pt, sizeof_server_key_der_2048)); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, - WOLFSSL_FILETYPE_ASN1)); - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); - DEBUG_WRITE_DER(der, derSz, "ca.der"); - - ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - - /* check satisfying wolfssl.com constraint passes */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"example", 7, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* fail with DNS check because of common name */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* fail on permitted DNS name constraint */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* fail on permitted email name constraint */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - - wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); - wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); - wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* success with empty email name */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - X509_NAME_free(name); - - wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); - - ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, - WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); - wolfSSL_X509_free(x509); - - wolfSSL_CertManagerFree(cm); - wolfSSL_X509_free(ca); - wolfSSL_EVP_PKEY_free(priv); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CRL_duplicate_extensions(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS) && \ - defined(HAVE_CRL) && !defined(NO_RSA) && !defined(WOLFSSL_NO_ASN_STRICT) && \ - (defined(WC_ASN_RUNTIME_DATE_CHECK_CONTROL) || defined(NO_ASN_TIME_CHECK)) - const unsigned char crl_duplicate_akd[] = - "-----BEGIN X509 CRL-----\n" - "MIICCDCB8QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzETMBEGA1UE\n" - "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n" - "TXkgQ29tcGFueTETMBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9v\n" - "dCBDQRcNMjQwOTAxMDAwMDAwWhcNMjUxMjAxMDAwMDAwWqBEMEIwHwYDVR0jBBgw\n" - "FoAU72ng99Ud5pns3G3Q9+K5XGRxgzUwHwYDVR0jBBgwFoAU72ng99Ud5pns3G3Q\n" - "9+K5XGRxgzUwDQYJKoZIhvcNAQELBQADggEBAIFVw4jrS4taSXR/9gPzqGrqFeHr\n" - "IXCnFtHJTLxqa8vUOAqSwqysvNpepVKioMVoGrLjFMjANjWQqTEiMROAnLfJ/+L8\n" - "FHZkV/mZwOKAXMhIC9MrJzifxBICwmvD028qnwQm09EP8z4ICZptD6wPdRTDzduc\n" - "KBuAX+zn8pNrJgyrheRKpPgno9KsbCzK4D/RIt1sTK2M3vVOtY+vpsN70QYUXvQ4\n" - "r2RZac3omlT43x5lddPxIlcouQpwWcVvr/K+Va770MRrjn88PBrJmvsEw/QYVBXp\n" - "Gxv2b78HFDacba80sMIm8ltRdqUCa5qIc6OATsz7izCQXEbkTEeESrcK1MA=\n" - "-----END X509 CRL-----\n"; - - WOLFSSL_CERT_MANAGER* cm = NULL; - int ret; - - (void)wc_AsnSetSkipDateCheck(1); - - cm = wolfSSL_CertManagerNew(); - ExpectNotNull(cm); - - /* Test loading CRL with duplicate extensions */ - WOLFSSL_MSG("Testing CRL with duplicate Authority Key Identifier extensions"); - ret = wolfSSL_CertManagerLoadCRLBuffer(cm, crl_duplicate_akd, - sizeof(crl_duplicate_akd), - WOLFSSL_FILETYPE_PEM); - ExpectIntEQ(ret, ASN_PARSE_E); - - wolfSSL_CertManagerFree(cm); - - (void)wc_AsnSetSkipDateCheck(0); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerCRL(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ - !defined(NO_RSA) - const char* ca_cert = "./certs/ca-cert.pem"; - const char* crl1 = "./certs/crl/crl.pem"; - const char* crl2 = "./certs/crl/crl2.pem"; -#ifdef WC_RSA_PSS - const char* crl_rsapss = "./certs/crl/crl_rsapss.pem"; - const char* ca_rsapss = "./certs/rsapss/ca-rsapss.pem"; -#endif - /* ./certs/crl/crl.der */ - const unsigned char crl_buff[] = { - 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02, - 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, - 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, - 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, - 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, - 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, - 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, - 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, - 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, - 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, - 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, - 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, - 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, - 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, - 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, - 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, - 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39, - 0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17, - 0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30, - 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14, - 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32, - 0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33, - 0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C, - 0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04, - 0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, - 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, - 0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77, - 0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71, - 0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64, - 0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B, - 0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15, - 0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8, - 0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E, - 0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19, - 0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8, - 0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E, - 0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6, - 0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12, - 0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58, - 0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A, - 0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43, - 0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2, - 0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75, - 0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E, - 0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B, - 0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7, - 0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65, - 0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF, - 0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00, - 0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF, - 0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D, - 0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9, - 0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6, - 0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9, - 0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60, - 0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D, - 0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1, - 0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B - }; - - WOLFSSL_CERT_MANAGER* cm = NULL; - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, - WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1); - ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); - - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, - sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); - - ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1); -#ifdef HAVE_CRL_IO - ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); -#endif - -#ifndef NO_FILESYSTEM - ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1, - 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* -1 seen as !WOLFSSL_FILETYPE_PEM */ - ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1); - - ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1), - WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* -1 seen as !WOLFSSL_FILETYPE_PEM */ - ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1), - WC_NO_ERR_TRACE(ASN_PARSE_E)); -#endif - - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1, - WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - - ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); - - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); - wolfSSL_CertManagerFreeCRL(cm); - -#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); - ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, - sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING)); - ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048, - sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(CRL_MISSING)); -#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ - - ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff), - WOLFSSL_FILETYPE_ASN1), 1); - -#if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS) - /* loading should fail without the CA set */ - ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, - WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); - - /* now successfully load the RSA-PSS crl once loading in it's CA */ - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL)); - ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, - WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); -#endif - - wolfSSL_CertManagerFree(cm); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_CertManagerCheckOCSPResponse(void) -{ - EXPECT_DECLS; -#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) -/* Need one of these for wolfSSL_OCSP_REQUEST_new. */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) - WOLFSSL_CERT_MANAGER* cm = NULL; - /* Raw OCSP response bytes captured using the following setup: - * - Run responder with - * openssl ocsp -port 9999 -ndays 9999 - * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt - * -rsigner certs/ocsp/ocsp-responder-cert.pem - * -rkey certs/ocsp/ocsp-responder-key.pem - * -CA certs/ocsp/intermediate1-ca-cert.pem - * - Run client with - * openssl ocsp -host 127.0.0.1:9999 -respout resp.out - * -issuer certs/ocsp/intermediate1-ca-cert.pem - * -cert certs/ocsp/server1-cert.pem - * -CAfile certs/ocsp/root-ca-cert.pem -noverify - * - Select the response packet in Wireshark, and export it using - * "File->Export Packet Dissection->As "C" Arrays". Select "Selected - * packets only". After importing into the editor, remove the initial - * ~148 bytes of header, ending with the Content-Length and the \r\n\r\n. - */ - static const byte response[] = { - 0x30, 0x82, 0x07, 0x40, /* ....0..@ */ - 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, /* ......90 */ - 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, /* ..5..+.. */ - 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, /* ...0.... */ - 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, /* .&0.."0. */ - 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, /* .@...0.. */ - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ - 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ - 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ - 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ - 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ - 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ - 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ - 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ - 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, /* ring1.0. */ - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, /* ..U....w */ - 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, /* olfSSL O */ - 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, /* CSP Resp */ - 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, /* onder1.0 */ - 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, /* ...*.H.. */ - 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */ - 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */ - 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */ - 0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */ - 0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */ - 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */ - 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */ - 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */ - 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, /* ...7C.1. */ - 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, /* ..C..... */ - 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */ - 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */ - 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */ - 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */ - 0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */ - 0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */ - 0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */ - 0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */ - 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */ - 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */ - 0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */ - 0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */ - 0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */ - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */ - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */ - 0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */ - 0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */ - 0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */ - 0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */ - 0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */ - 0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */ - 0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */ - 0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */ - 0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */ - 0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */ - 0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */ - 0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */ - 0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */ - 0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */ - 0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */ - 0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */ - 0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */ - 0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */ - 0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */ - 0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */ - 0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */ - 0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */ - 0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */ - 0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */ - 0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */ - 0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */ - 0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */ - 0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */ - 0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */ - 0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */ - 0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */ - 0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */ - 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */ - 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */ - 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */ - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, /* ..*.H... */ - 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, /* .....0.. */ - 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ - 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ - 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ - 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ - 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ - 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ - 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ - 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ - 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ - 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ - 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, /* ring1.0. */ - 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, /* ..U....w */ - 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, /* olfSSL r */ - 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, /* oot CA1. */ - 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, /* 0...*.H. */ - 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */ - 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */ - 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */ - 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */ - 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */ - 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */ - 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */ - 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */ - 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */ - 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */ - 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, /* ..Washin */ - 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, /* gton1.0. */ - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, /* ..U....S */ - 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, /* eattle1. */ - 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, /* 0...U... */ - 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ - 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, /* ...Engin */ - 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, /* eering1. */ - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, /* 0...U... */ - 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ - 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, /* OCSP Re */ - 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, /* sponder1 */ - 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, /* .0...*.H */ - 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, /* ........ */ - 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, /* info@wol */ - 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, /* fssl.com */ - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, /* 0.."0... */ - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ - 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, /* ........ */ - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, /* 0....... */ - 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, /* ...#...{ */ - 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, /* .....a.. */ - 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, /* .c..#4Pm */ - 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, /* .|.....u */ - 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, /* \-.c...z */ - 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, /* ..E5+... */ - 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, /* "..A8..t */ - 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, /* ..0".Q.. */ - 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, /* .?F+..Z? */ - 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, /* Atgu.... */ - 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, /* ..B..... */ - 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, /* ..e.C... */ - 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, /* ....$5!. */ - 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, /* U.ZQ..-. */ - 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, /* .ZOJs1P. */ - 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, /* J..9...H */ - 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, /* .......r */ - 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, /* g.\..... */ - 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, /* v..J.... */ - 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, /* fL(q..f. */ - 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, /* ..0..... */ - 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, /* ....]... */ - 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, /* ..<..qx. */ - 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, /* .?2..q.. */ - 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, /* .'....CI */ - 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, /* ..p..... */ - 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, /* $..;..el */ - 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, /* .vP..... */ - 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, /* sh&...._ */ - 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, /* na...... */ - 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */ - 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, /* .et|qTe. */ - 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, /* 9....... */ - 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, /* ..0...0. */ - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, /* ..U....0 */ - 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, /* .0...U.. */ - 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, /* ....2g.. */ - 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, /* y....#.p */ - 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, /* @P.FV.06 */ - 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, /* 0....U.# */ - 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, /* ...0.... */ - 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, /* s.../... */ - 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, /* G.8....: */ - 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, /* ~r.!.... */ - 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, /* ..0..1.0 */ - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, /* ...U.... */ - 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, /* US1.0... */ - 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, /* U....Was */ - 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, /* hington1 */ - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, /* .0...U.. */ - 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, /* ..Seattl */ - 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, /* e1.0...U */ - 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ - 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, /* SSL1.0.. */ - 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, /* .U....En */ - 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, /* gineerin */ - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, /* g1.0...U */ - 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ - 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, /* SSL root */ - 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, /* CA1.0.. */ - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, /* .*.H.... */ - 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, /* ....info */ - 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, /* @wolfssl */ - 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, /* .com..c0 */ - 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, /* ...U.%.. */ - 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, /* 0...+... */ - 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */ - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ - 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */ - 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */ - 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */ - 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */ - 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */ - 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */ - 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */ - 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */ - 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */ - 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */ - 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */ - 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */ - 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */ - 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */ - 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */ - 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */ - 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */ - 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */ - 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */ - 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */ - 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */ - 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */ - 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */ - 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */ - 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */ - 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */ - 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */ - 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */ - 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */ - 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */ - 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */ - 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */ - 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57 /* A.%..j.W */ - }; - OcspEntry entry[1]; - CertStatus status[1]; - OcspRequest* request = NULL; -#ifndef NO_FILESYSTEM - const char* ca_cert = "./certs/ca-cert.pem"; -#endif - - byte serial[] = {0x05}; - byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04}; - byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e}; - - - XMEMSET(entry, 0, sizeof(OcspEntry)); - XMEMSET(status, 0, sizeof(CertStatus)); - - ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); - ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, - DYNAMIC_TYPE_OCSP_REQUEST)); - - if ((request != NULL) && (request->serial != NULL)) { - request->serialSz = sizeof(serial); - XMEMCPY(request->serial, serial, sizeof(serial)); - XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); - XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); - } - - ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); - ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, - "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); - - /* Response should be valid. */ - ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, - sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); - - /* Flip a byte in the request serial number, response should be invalid - * now. */ - if ((request != NULL) && (request->serial != NULL)) - request->serial[0] ^= request->serial[0]; - ExpectIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, - sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); - -#ifndef NO_FILESYSTEM - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, - sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); - ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); - ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, - sizeof(server_cert_der_2048)), 1); -#endif - - wolfSSL_OCSP_REQUEST_free(request); - wolfSSL_CertManagerFree(cm); -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || - * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ -#endif /* HAVE_OCSP */ - return EXPECT_RESULT(); -} - static int test_wolfSSL_CheckOCSPResponse(void) { EXPECT_DECLS; @@ -4874,6 +3002,7 @@ pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM)); ExpectNotNull(st = wolfSSL_X509_STORE_new()); @@ -4898,6 +3027,7 @@ pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); wolfSSL_OCSP_RESPONSE_free(res); res = NULL; @@ -5009,6 +3139,7 @@ pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); /* try to verify the response */ ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, @@ -5196,103 +3327,6 @@ #endif /* HAVE_CERT_CHAIN_VALIDATION */ -/* Test RSA-PSS digital signature creation and verification */ -static int test_wc_RsaPSS_DigitalSignVerify(void) -{ - EXPECT_DECLS; - - /* Early FIPS did not support PSS. */ -#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2))) && \ - (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \ - (HAVE_SELFTEST_VERSION > 2))) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_KEY_GEN) && defined(WC_RSA_NO_PADDING) && \ - !defined(NO_SHA256) - - /* Test digest */ - const unsigned char test_digest[32] = { - 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, - 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, - 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, - 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 - }; - const unsigned int digest_len = sizeof(test_digest); - - /* Variables for RSA key generation and signature operations */ - EVP_PKEY_CTX *pkctx = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX *sign_ctx = NULL; - EVP_PKEY_CTX *verify_ctx = NULL; - unsigned char signature[256+MAX_DER_DIGEST_ASN_SZ] = {0}; - size_t signature_len = sizeof(signature); - int modulus_bits = 2048; - - /* Generate RSA key pair to avoid file dependencies */ - ExpectNotNull(pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); - ExpectIntEQ(EVP_PKEY_keygen_init(pkctx), 1); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_keygen_bits(pkctx, modulus_bits), 1); - ExpectIntEQ(EVP_PKEY_keygen(pkctx, &pkey), 1); - - /* Create signing context */ - ExpectNotNull(sign_ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_sign_init(sign_ctx), 1); - - /* Configure RSA-PSS parameters for signing. */ - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(sign_ctx, RSA_PKCS1_PSS_PADDING), - 1); - /* Default salt length matched hash so use 32 for SHA256 */ - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(sign_ctx, 32), 1); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(sign_ctx, EVP_sha256()), 1); - ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(sign_ctx, EVP_sha256()), 1); - - /* Create the digital signature */ - ExpectIntEQ(EVP_PKEY_sign(sign_ctx, signature, &signature_len, test_digest, - digest_len), 1); - ExpectIntGT((int)signature_len, 0); - - /* Create verification context */ - ExpectNotNull(verify_ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_verify_init(verify_ctx), 1); - - /* Configure RSA-PSS parameters for verification */ - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(verify_ctx, RSA_PKCS1_PSS_PADDING), - 1); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(verify_ctx, 32), 1); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(verify_ctx, EVP_sha256()), 1); - ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(verify_ctx, EVP_sha256()), 1); - - /* Verify the digital signature */ - ExpectIntEQ(EVP_PKEY_verify(verify_ctx, signature, signature_len, - test_digest, digest_len), 1); - - /* Test with wrong digest to ensure verification fails (negative test) */ - { - const unsigned char wrong_digest[32] = { - 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, - 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, - 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, - 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02 - }; - ExpectIntNE(EVP_PKEY_verify(verify_ctx, signature, signature_len, - wrong_digest, digest_len), 1); - } - - /* Clean up */ - if (verify_ctx) - EVP_PKEY_CTX_free(verify_ctx); - if (sign_ctx) - EVP_PKEY_CTX_free(sign_ctx); - if (pkey) - EVP_PKEY_free(pkey); - if (pkctx) - EVP_PKEY_CTX_free(pkctx); - -#endif - - return EXPECT_RESULT(); -} - static int test_wolfSSL_CTX_load_verify_locations_ex(void) { EXPECT_DECLS; @@ -5505,6 +3539,60 @@ return EXPECT_RESULT(); } +/* Test that wolfssl_add_to_chain rejects sizes that would overflow word32. + * ZD #21241 */ +static int test_wolfSSL_add_to_chain_overflow(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ + defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_FILESYSTEM) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL_X509* x509 = NULL; + DerBuffer* fakeChain = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + /* Load a real cert so ctx->certificate is set (first add goes there). */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file( + "./certs/intermediate/client-int-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* Now ctx->certificate is set, next add goes to certChain via + * wolfssl_add_to_chain. Fake a chain whose length is near UINT32_MAX + * so the size calculation (len + CERT_HEADER_SZ + certSz) overflows. */ + fakeChain = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + 16, ctx->heap, + DYNAMIC_TYPE_CERT); + ExpectNotNull(fakeChain); + if (EXPECT_SUCCESS()) { + XMEMSET(fakeChain, 0, sizeof(DerBuffer) + 16); + fakeChain->buffer = (byte*)(fakeChain + 1); + fakeChain->length = WOLFSSL_MAX_32BIT - 2; /* will overflow with any cert */ + fakeChain->type = CERT_TYPE; + fakeChain->dynType = DYNAMIC_TYPE_CERT; + /* Replace the real chain with our fake one. */ + if (ctx->certChain != NULL) { + XFREE(ctx->certChain, ctx->heap, DYNAMIC_TYPE_CERT); + } + ctx->certChain = fakeChain; + } + else { + XFREE(fakeChain, ctx ? ctx->heap : NULL, DYNAMIC_TYPE_CERT); + } + + /* Try to add another cert - this MUST fail due to overflow guard. */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file( + "./certs/intermediate/ca-int2-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0); + wolfSSL_X509_free(x509); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) { EXPECT_DECLS; @@ -5578,7 +3666,7 @@ wolfSSL_CTX_free(ctx); #ifndef NO_FILESYSTEM if (buf != NULL) { - free(buf); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif #endif @@ -6359,938 +4447,6 @@ #include -/*----------------------------------------------------------------------------* - | EVP - *----------------------------------------------------------------------------*/ - -static int test_wolfSSL_EVP_PKEY_print_public(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) - WOLFSSL_BIO* rbio = NULL; - WOLFSSL_BIO* wbio = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - char line[256] = { 0 }; - char line1[256] = { 0 }; - int i = 0; - - /* test error cases */ - ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); - - /* - * test RSA public key print - * in this test, pass '3' for indent - */ -#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) - - ExpectNotNull(rbio = BIO_new_mem_buf( client_keypub_der_1024, - sizeof_client_keypub_der_1024)); - - ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); - - ExpectNotNull(wbio = BIO_new(BIO_s_mem())); - - ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, " RSA Public-Key: (1024 bit)\n"); - ExpectIntEQ(XSTRNCMP(line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, " Modulus:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - - /* skip to the end of modulus element*/ - for (i = 0; i < 8 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, " Exponent: 65537 (0x010001)\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - - /* should reach EOF */ - ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(rbio); - BIO_free(wbio); - rbio = NULL; - wbio = NULL; - -#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ - - /* - * test DSA public key print - */ -#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) - ExpectNotNull(rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, - sizeof_dsa_pub_key_der_2048)); - - ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); - - ExpectNotNull(wbio = BIO_new(BIO_s_mem())); - - ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "DSA Public-Key: (2048 bit)\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "pub:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, - " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of pub element*/ - for (i = 0; i < 17 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "P:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of P element*/ - for (i = 0; i < 18 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "Q:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of Q element*/ - for (i = 0; i < 3 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "G:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of G element*/ - for (i = 0; i < 18 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - /* should reach EOF */ - ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(rbio); - BIO_free(wbio); - rbio = NULL; - wbio = NULL; - -#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ - - /* - * test ECC public key print - */ -#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - - ExpectNotNull(rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, - sizeof_ecc_clikeypub_der_256)); - - ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); - - ExpectNotNull(wbio = BIO_new(BIO_s_mem())); - - ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - ExpectStrEQ(line, "Public-Key: (256 bit)\n"); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "pub:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, - " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of pub element*/ - for (i = 0; i < 4 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "ASN1 OID: prime256v1\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "NIST CURVE: P-256\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - - /* should reach EOF */ - ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(rbio); - BIO_free(wbio); - rbio = NULL; - wbio = NULL; - -#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ - - /* - * test DH public key print - */ -#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) - - ExpectNotNull(rbio = BIO_new_mem_buf( dh_pub_key_der_2048, - sizeof_dh_pub_key_der_2048)); - - ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); - - ExpectNotNull(wbio = BIO_new(BIO_s_mem())); - - ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL), 1); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "DH Public-Key: (2048 bit)\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "public-key:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, - " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of public-key element*/ - for (i = 0; i < 17 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "prime:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, - " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* skip to the end of prime element*/ - for (i = 0; i < 17 ;i++) { - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - } - - ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); - strcpy(line1, "generator: 2 (0x02)\n"); - ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); - - /* should reach EOF */ - ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(rbio); - BIO_free(wbio); - rbio = NULL; - wbio = NULL; - -#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ - - /* to prevent "unused variable" warning */ - (void)pkey; - (void)wbio; - (void)rbio; - (void)line; - (void)line1; - (void)i; -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} -/* Test functions for base64 encode/decode */ -static int test_wolfSSL_EVP_ENCODE_CTX_new(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && \ -( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) - EVP_ENCODE_CTX* ctx = NULL; - - ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); - ExpectIntEQ(ctx->remaining,0); - ExpectIntEQ(ctx->data[0],0); - ExpectIntEQ(ctx->data[sizeof(ctx->data) -1],0); - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_ENCODE_CTX_free(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && \ -( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) - EVP_ENCODE_CTX* ctx = NULL; - - ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_EncodeInit(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) - EVP_ENCODE_CTX* ctx = NULL; - - ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); - ExpectIntEQ(ctx->remaining, 0); - ExpectIntEQ(ctx->data[0], 0); - ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); - - if (ctx != NULL) { - /* make ctx dirty */ - ctx->remaining = 10; - XMEMSET(ctx->data, 0x77, sizeof(ctx->data)); - } - - EVP_EncodeInit(ctx); - - ExpectIntEQ(ctx->remaining, 0); - ExpectIntEQ(ctx->data[0], 0); - ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); - - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_EncodeUpdate(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) - int outl; - int total; - - const unsigned char plain0[] = {"Th"}; - const unsigned char plain1[] = {"This is a base64 encodeing test."}; - const unsigned char plain2[] = {"This is additional data."}; - - const unsigned char encBlock0[] = {"VGg="}; - const unsigned char enc0[] = {"VGg=\n"}; - /* expected encoded result for the first output 64 chars plus trailing LF*/ - const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"}; - - const unsigned char enc2[] = - {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"}; - - unsigned char encOutBuff[300]; - - EVP_ENCODE_CTX* ctx = NULL; - - ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); - - EVP_EncodeInit(ctx); - - /* illegal parameter test */ - ExpectIntEQ( - EVP_EncodeUpdate( - NULL, /* pass NULL as ctx */ - encOutBuff, - &outl, - plain1, - sizeof(plain1)-1), - 0 /* expected result code 0: fail */ - ); - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - NULL, /* pass NULL as out buff */ - &outl, - plain1, - sizeof(plain1)-1), - 0 /* expected result code 0: fail */ - ); - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff, - NULL, /* pass NULL as outl */ - plain1, - sizeof(plain1)-1), - 0 /* expected result code 0: fail */ - ); - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff, - &outl, - NULL, /* pass NULL as in */ - sizeof(plain1)-1), - 0 /* expected result code 0: fail */ - ); - - ExpectIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1); - - /* meaningless parameter test */ - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff, - &outl, - plain1, - 0), /* pass zero input */ - 1 /* expected result code 1: success */ - ); - - /* very small data encoding test */ - - EVP_EncodeInit(ctx); - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff, - &outl, - plain0, - sizeof(plain0)-1), - 1 /* expected result code 1: success */ - ); - ExpectIntEQ(outl,0); - - if (EXPECT_SUCCESS()) { - EVP_EncodeFinal( - ctx, - encOutBuff + outl, - &outl); - } - - ExpectIntEQ( outl, sizeof(enc0)-1); - ExpectIntEQ( - XSTRNCMP( - (const char*)encOutBuff, - (const char*)enc0,sizeof(enc0) ), - 0); - - XMEMSET( encOutBuff,0, sizeof(encOutBuff)); - ExpectIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1), - sizeof(encBlock0)-1); - ExpectStrEQ(encOutBuff, encBlock0); - - /* pass small size( < 48bytes ) input, then make sure they are not - * encoded and just stored in ctx - */ - - EVP_EncodeInit(ctx); - - total = 0; - outl = 0; - XMEMSET( encOutBuff,0, sizeof(encOutBuff)); - - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff, /* buffer for output */ - &outl, /* size of output */ - plain1, /* input */ - sizeof(plain1)-1), /* size of input */ - 1); /* expected result code 1:success */ - - total += outl; - - ExpectIntEQ(outl, 0); /* no output expected */ - ExpectIntEQ(ctx->remaining, sizeof(plain1) -1); - ExpectTrue( - XSTRNCMP((const char*)(ctx->data), - (const char*)plain1, - ctx->remaining) ==0 ); - ExpectTrue(encOutBuff[0] == 0); - - /* call wolfSSL_EVP_EncodeUpdate again to make it encode - * the stored data and the new input together - */ - ExpectIntEQ( - EVP_EncodeUpdate( - ctx, - encOutBuff + outl, /* buffer for output */ - &outl, /* size of output */ - plain2, /* additional input */ - sizeof(plain2) -1), /* size of additional input */ - 1); /* expected result code 1:success */ - - total += outl; - - ExpectIntNE(outl, 0); /* some output is expected this time*/ - ExpectIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */ - ExpectIntEQ( - XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0); - - /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */ - EVP_EncodeFinal( - ctx, - encOutBuff + outl, - &outl); - - total += outl; - - ExpectIntNE(total,0); - ExpectIntNE(outl,0); - ExpectIntEQ(XSTRNCMP( - (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0); - - /* test with illeagal parameters */ - outl = 1; - EVP_EncodeFinal(NULL, encOutBuff + outl, &outl); - ExpectIntEQ(outl, 0); - outl = 1; - EVP_EncodeFinal(ctx, NULL, &outl); - ExpectIntEQ(outl, 0); - EVP_EncodeFinal(ctx, encOutBuff + outl, NULL); - EVP_EncodeFinal(NULL, NULL, NULL); - - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_EncodeFinal(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) - /* tests for wolfSSL_EVP_EncodeFinal are included in - * test_wolfSSL_EVP_EncodeUpdate - */ - res = TEST_SUCCESS; -#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ - return res; -} - - -static int test_wolfSSL_EVP_DecodeInit(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) - EVP_ENCODE_CTX* ctx = NULL; - - ExpectNotNull( ctx = EVP_ENCODE_CTX_new()); - ExpectIntEQ( ctx->remaining,0); - ExpectIntEQ( ctx->data[0],0); - ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); - - if (ctx != NULL) { - /* make ctx dirty */ - ctx->remaining = 10; - XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); - } - - EVP_DecodeInit(ctx); - - ExpectIntEQ( ctx->remaining,0); - ExpectIntEQ( ctx->data[0],0); - ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); - - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_DecodeUpdate(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) - int outl; - unsigned char decOutBuff[300]; - - EVP_ENCODE_CTX* ctx = NULL; - - static const unsigned char enc1[] = - {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; -/* const unsigned char plain1[] = - {"This is a base64 decoding test."} */ - - ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); - - EVP_DecodeInit(ctx); - - /* illegal parameter tests */ - - /* pass NULL as ctx */ - ExpectIntEQ( - EVP_DecodeUpdate( - NULL, /* pass NULL as ctx */ - decOutBuff, - &outl, - enc1, - sizeof(enc1)-1), - -1 /* expected result code -1: fail */ - ); - ExpectIntEQ( outl, 0); - - /* pass NULL as output */ - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - NULL, /* pass NULL as out buff */ - &outl, - enc1, - sizeof(enc1)-1), - -1 /* expected result code -1: fail */ - ); - ExpectIntEQ( outl, 0); - - /* pass NULL as outl */ - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - NULL, /* pass NULL as outl */ - enc1, - sizeof(enc1)-1), - -1 /* expected result code -1: fail */ - ); - - /* pass NULL as input */ - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - NULL, /* pass NULL as in */ - sizeof(enc1)-1), - -1 /* expected result code -1: fail */ - ); - ExpectIntEQ( outl, 0); - - ExpectIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1); - - /* pass zero length input */ - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - enc1, - 0), /* pass zero as input len */ - 1 /* expected result code 1: success */ - ); - - /* decode correct base64 string */ - - { - static const unsigned char enc2[] = - {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; - static const unsigned char plain2[] = - {"This is a base64 decoding test."}; - - EVP_EncodeInit(ctx); - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - enc2, - sizeof(enc2)-1), - 0 /* expected result code 0: success */ - ); - - ExpectIntEQ(outl,sizeof(plain2) -1); - - ExpectIntEQ( - EVP_DecodeFinal( - ctx, - decOutBuff + outl, - &outl), - 1 /* expected result code 1: success */ - ); - ExpectIntEQ(outl, 0); /* expected DecodeFinal output no data */ - - ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, - sizeof(plain2) -1 ),0); - ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)), - sizeof(plain2)-1); - ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, - sizeof(plain2) -1 ),0); - } - - /* decode correct base64 string which does not have '\n' in its last*/ - - { - static const unsigned char enc3[] = - {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */ - static const unsigned char plain3[] = - {"This is a base64 decoding test."}; /* 31 chars */ - - EVP_EncodeInit(ctx); - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - enc3, - sizeof(enc3)-1), - 0 /* expected result code 0: success */ - ); - - ExpectIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */ - - ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, - sizeof(plain3) -1 ),0); - - ExpectIntEQ( - EVP_DecodeFinal( - ctx, - decOutBuff + outl, - &outl), - 1 /* expected result code 1: success */ - ); - - ExpectIntEQ(outl,0 ); - - ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1), - sizeof(plain3)-1); - ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, - sizeof(plain3) -1 ),0); - } - - /* decode string which has a padding char ('=') in the illegal position*/ - - { - static const unsigned char enc4[] = - {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"}; - - EVP_EncodeInit(ctx); - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - enc4, - sizeof(enc4)-1), - -1 /* expected result code -1: error */ - ); - ExpectIntEQ(outl,0); - ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1); - } - - /* small data decode test */ - - { - static const unsigned char enc00[] = {"VG"}; - static const unsigned char enc01[] = {"g=\n"}; - static const unsigned char plain4[] = {"Th"}; - - EVP_EncodeInit(ctx); - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff, - &outl, - enc00, - sizeof(enc00)-1), - 1 /* expected result code 1: success */ - ); - ExpectIntEQ(outl,0); - - ExpectIntEQ( - EVP_DecodeUpdate( - ctx, - decOutBuff + outl, - &outl, - enc01, - sizeof(enc01)-1), - 0 /* expected result code 0: success */ - ); - - ExpectIntEQ(outl,sizeof(plain4)-1); - - /* test with illegal parameters */ - ExpectIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1); - ExpectIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1); - ExpectIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1); - ExpectIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1); - - if (EXPECT_SUCCESS()) { - EVP_DecodeFinal( - ctx, - decOutBuff + outl, - &outl); - } - - ExpectIntEQ( outl, 0); - ExpectIntEQ( - XSTRNCMP( - (const char*)decOutBuff, - (const char*)plain4,sizeof(plain4)-1 ), - 0); - } - - EVP_ENCODE_CTX_free(ctx); -#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_DecodeFinal(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) - /* tests for wolfSSL_EVP_DecodeFinal are included in - * test_wolfSSL_EVP_DecodeUpdate - */ - res = TEST_SUCCESS; -#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ - return res; -} - -/* Test function for wolfSSL_EVP_get_cipherbynid. - */ - -#ifdef OPENSSL_EXTRA -static int test_wolfSSL_EVP_get_cipherbynid(void) -{ - EXPECT_DECLS; -#ifndef NO_AES - const WOLFSSL_EVP_CIPHER* c; - - c = wolfSSL_EVP_get_cipherbynid(419); - #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ - defined(WOLFSSL_AES_128) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_128_CBC", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(423); - #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ - defined(WOLFSSL_AES_192) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_192_CBC", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(427); - #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ - defined(WOLFSSL_AES_256) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_256_CBC", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(904); - #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_128_CTR", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(905); - #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_192_CTR", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(906); - #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_256_CTR", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(418); - #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_128_ECB", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(422); - #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_192_ECB", c)); - #else - ExpectNull(c); - #endif - - c = wolfSSL_EVP_get_cipherbynid(426); - #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) - ExpectNotNull(c); - ExpectNotNull(XSTRCMP("EVP_AES_256_ECB", c)); - #else - ExpectNull(c); - #endif -#endif /* !NO_AES */ - -#ifndef NO_DES3 - ExpectNotNull(XSTRCMP("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31))); -#ifdef WOLFSSL_DES_ECB - ExpectNotNull(XSTRCMP("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29))); -#endif - ExpectNotNull(XSTRCMP("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44))); -#ifdef WOLFSSL_DES_ECB - ExpectNotNull(XSTRCMP("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33))); -#endif -#endif /* !NO_DES3 */ - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - ExpectNotNull(XSTRCMP("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018))); -#endif - - /* test for nid is out of range */ - ExpectNull(wolfSSL_EVP_get_cipherbynid(1)); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_CTX(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - const EVP_CIPHER *init = EVP_aes_128_cbc(); - const EVP_CIPHER *test; - byte key[AES_BLOCK_SIZE] = {0}; - byte iv[AES_BLOCK_SIZE] = {0}; - - ExpectNotNull(ctx); - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - test = EVP_CIPHER_CTX_cipher(ctx); - ExpectTrue(init == test); - ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc); - - ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - EVP_CIPHER_CTX_free(ctx); - /* test EVP_CIPHER_CTX_cleanup with NULL */ - ExpectIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS); -#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */ - return EXPECT_RESULT(); -} -#endif /* OPENSSL_EXTRA */ /*----------------------------------------------------------------------------* | IO @@ -7419,12 +4575,12 @@ * "Import from Hex Dump..." option ion and selecting the TCP * encapsulation option. */ char dump_file_name[64]; - WOLFSSL_BIO *dump_file; + XFILE dump_file; sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName); - dump_file = wolfSSL_BIO_new_file(dump_file_name, "a"); - if (dump_file != NULL) { - (void)wolfSSL_BIO_write(dump_file, data, sz); - wolfSSL_BIO_free(dump_file); + dump_file = XFOPEN(dump_file_name, "ab"); + if (dump_file != XBADFILE) { + (void)XFWRITE(data, 1, (size_t)sz, dump_file); + XFCLOSE(dump_file); } } #endif @@ -7734,8 +4890,12 @@ } else { err = wolfSSL_get_error(ctx->c_ssl, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(MP_WOULDBLOCK)) { + /* retry non-blocking math */ + } + else if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE && + err != WC_NO_ERR_TRACE(OCSP_WANT_READ)) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string((word32)err, buff)); @@ -7756,8 +4916,12 @@ } else { err = wolfSSL_get_error(ctx->s_ssl, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) { + if (err == WC_NO_ERR_TRACE(MP_WOULDBLOCK)) { + /* retry non-blocking math */ + } + else if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE && + err != WC_NO_ERR_TRACE(OCSP_WANT_READ)) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string((word32)err, buff)); @@ -9565,13 +6729,15 @@ ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); - ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); - ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SUCCESS); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); + + /* XXX this should be return EXPECT_RESULT(); */ return TEST_SUCCESS; } @@ -9966,7 +7132,7 @@ AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), WOLFSSL_SUCCESS); } -#ifdef SESSION_CERTS +#if defined(SESSION_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) @@ -9986,7 +7152,7 @@ AssertNotNull(SSL_SESSION_get0_peer(*sess)); #endif } -#endif /* SESSION_CERTS */ +#endif /* SESSION_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ } static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl) @@ -10369,7 +7535,7 @@ ExpectIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), WOLFSSL_SUCCESS); } -#ifdef SESSION_CERTS +#if defined(SESSION_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) @@ -10404,7 +7570,7 @@ ExpectIntEQ(wolfSSL_session_reused(ssl), 1); } -#ifdef SESSION_CERTS +#if defined(SESSION_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) @@ -12056,7 +9222,7 @@ }; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { - for (j = 0; j <= 0b11; j++) { + for (j = 0; j <= 3; j++) { XMEMSET(&client_cbf, 0, sizeof(client_cbf)); XMEMSET(&server_cbf, 0, sizeof(server_cbf)); @@ -12065,12 +9231,12 @@ client_cbf.method = params[i].client_meth; server_cbf.method = params[i].server_meth; - if (j & 0b01) { + if (j & 0x1) { client_cbf.on_handshake = test_wolfSSL_dtls_export_peers_on_handshake; printf(" With client export;"); } - if (j & 0b10) { + if (j & 0x2) { server_cbf.on_handshake = test_wolfSSL_dtls_export_peers_on_handshake; printf(" With server export;"); @@ -12088,6 +9254,117 @@ return EXPECT_RESULT(); } +/* Test that ImportKeyState correctly skips extra window words when importing + * state from a peer compiled with a larger WOLFSSL_DTLS_WINDOW_WORDS. */ +static int test_wolfSSL_dtls_import_state_extra_window_words(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + unsigned int stateSz = 0; + byte* state = NULL; + byte* modified = NULL; + unsigned int modifiedSz; + word16 origKeyLen; + word16 origTotalLen; + /* Offset from start of key state data to the first wordCount field. + * Layout: 4 sequence numbers (16 bytes) + DTLS-specific fields (42 bytes) + + * encryptSz(4) + padSz(4) + encryptionOn(1) + decryptedCur(1) = 68 */ + const int keyStateWindowOffset = 68; + /* Buffer header: 2 proto + 2 total_len + 2 key_len = 6 */ + const int headerSz = 6; + int idx, modIdx; + int extraPerWindow = 2 * (int)sizeof(word32); /* 8 bytes extra per window */ + int totalExtra = extraPerWindow * 2; /* 16 bytes extra total */ + + /* Create DTLS context and SSL object */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Get required buffer size and export state-only */ + ExpectIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &stateSz), 0); + ExpectIntGT((int)stateSz, 0); + state = (byte*)XMALLOC(stateSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(state); + ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, state, &stateSz), 0); + + /* Build a modified buffer that simulates a peer with + * WOLFSSL_DTLS_WINDOW_WORDS = WOLFSSL_DTLS_WINDOW_WORDS + 2. + * Each window section gets 2 extra word32 values (8 bytes). + * Two windows => 16 extra bytes total. */ + modifiedSz = stateSz + totalExtra; + modified = (byte*)XMALLOC(modifiedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(modified); + + if (EXPECT_SUCCESS()) { + int windowWords = WOLFSSL_DTLS_WINDOW_WORDS; + int windowDataSz = windowWords * (int)sizeof(word32); + + XMEMSET(modified, 0, modifiedSz); + + /* Copy protocol/version bytes (first 2 bytes) */ + XMEMCPY(modified, state, 2); + + /* Read original total length and key state length */ + ato16(state + 2, &origTotalLen); + ato16(state + 4, &origKeyLen); + + /* Write updated total length and key state length */ + c16toa((word16)(origTotalLen + totalExtra), modified + 2); + c16toa((word16)(origKeyLen + totalExtra), modified + 4); + + /* Copy key state data up to first window section */ + idx = headerSz; + modIdx = headerSz; + XMEMCPY(modified + modIdx, state + idx, keyStateWindowOffset); + idx += keyStateWindowOffset; + modIdx += keyStateWindowOffset; + + /* First window: write increased wordCount */ + c16toa((word16)(windowWords + 2), modified + modIdx); + idx += OPAQUE16_LEN; + modIdx += OPAQUE16_LEN; + + /* Copy original window data */ + XMEMCPY(modified + modIdx, state + idx, windowDataSz); + idx += windowDataSz; + modIdx += windowDataSz; + + /* Insert 2 extra word32 padding values */ + XMEMSET(modified + modIdx, 0, extraPerWindow); + modIdx += extraPerWindow; + + /* Second window (prevWindow): same transformation */ + c16toa((word16)(windowWords + 2), modified + modIdx); + idx += OPAQUE16_LEN; + modIdx += OPAQUE16_LEN; + + XMEMCPY(modified + modIdx, state + idx, windowDataSz); + idx += windowDataSz; + modIdx += windowDataSz; + + XMEMSET(modified + modIdx, 0, extraPerWindow); + modIdx += extraPerWindow; + + /* Copy remainder of key state (after both windows) */ + XMEMCPY(modified + modIdx, state + idx, stateSz - idx); + } + + /* Import the modified state - should succeed with the fix */ + wolfSSL_free(ssl); + ssl = NULL; + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntGT(wolfSSL_dtls_import(ssl, modified, modifiedSz), 0); + + XFREE(state, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(modified, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_UseTrustedCA(void) { EXPECT_DECLS; @@ -12145,10 +9422,9 @@ { EXPECT_DECLS; #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) -#if !defined(NO_TLS) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) +#if !defined(NO_TLS) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else @@ -12275,6 +9551,7 @@ ExpectNotNull(ssl = wolfSSL_new(ctx)); +#ifndef NO_WOLFSSL_CLIENT /* error cases */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); @@ -12282,6 +9559,7 @@ /* success case */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); +#endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -12780,6 +10058,124 @@ return res; } +static int test_wolfSSL_select_next_proto(void) +{ + EXPECT_DECLS; + unsigned char *out = NULL; + unsigned char outLen = 0; + int ret; + + /* Wire format: length-prefixed protocol names */ + unsigned char serverList[] = { + 8, 'h','t','t','p','/','1','.','1', + 6, 's','p','d','y','/','2' + }; + unsigned int serverLen = sizeof(serverList); + + unsigned char clientList[] = { + 6, 's','p','d','y','/','2' + }; + unsigned int clientLen = sizeof(clientList); + + unsigned char clientListHttp[] = { + 8, 'h','t','t','p','/','1','.','1' + }; + unsigned int clientListHttpLen = sizeof(clientListHttp); + + unsigned char clientListNoMatch[] = { + 6, 's','p','d','y','/','3' + }; + unsigned int clientListNoMatchLen = sizeof(clientListNoMatch); + + /* Test 1: NULL parameters return UNSUPPORTED */ + ExpectIntEQ(wolfSSL_select_next_proto(NULL, &outLen, serverList, + serverLen, clientList, clientLen), WOLFSSL_NPN_UNSUPPORTED); + ExpectIntEQ(wolfSSL_select_next_proto(&out, NULL, serverList, + serverLen, clientList, clientLen), WOLFSSL_NPN_UNSUPPORTED); + ExpectIntEQ(wolfSSL_select_next_proto(&out, &outLen, NULL, + serverLen, clientList, clientLen), WOLFSSL_NPN_UNSUPPORTED); + ExpectIntEQ(wolfSSL_select_next_proto(&out, &outLen, serverList, + serverLen, NULL, clientLen), WOLFSSL_NPN_UNSUPPORTED); + + /* Test 2: Normal match - client wants "spdy/2", server offers it */ + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, serverList, serverLen, + clientList, clientLen); + ExpectIntEQ(ret, WOLFSSL_NPN_NEGOTIATED); + ExpectIntEQ(outLen, 6); + ExpectNotNull(out); + ExpectIntEQ(XMEMCMP(out, "spdy/2", 6), 0); + + /* Test 3: No overlap - server offers "http/1.1,spdy/2", client wants + * "spdy/3". Falls back to first client protocol. */ + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, serverList, serverLen, + clientListNoMatch, clientListNoMatchLen); + ExpectIntEQ(ret, WOLFSSL_NPN_NO_OVERLAP); + ExpectIntEQ(outLen, 6); + ExpectNotNull(out); + ExpectIntEQ(XMEMCMP(out, "spdy/3", 6), 0); + + /* Test 4: Malformed server list - length byte overruns buffer. + * Must NOT crash (heap over-read). */ + { + unsigned char malformedServer[] = { 200, 'h','t','t','p' }; + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, malformedServer, + sizeof(malformedServer), clientList, clientLen); + ExpectIntEQ(ret, WOLFSSL_NPN_NO_OVERLAP); + } + + /* Test 5: Malformed client list - length byte overruns buffer. + * Must NOT crash. */ + { + unsigned char malformedClient[] = { 200, 's','p','d','y' }; + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, serverList, serverLen, + malformedClient, sizeof(malformedClient)); + ExpectIntEQ(ret, WOLFSSL_NPN_NO_OVERLAP); + } + + /* Test 6: Zero-length entry in server list - must NOT infinite loop */ + { + unsigned char zeroLenServer[] = { 0, 6, 's','p','d','y','/','2' }; + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, zeroLenServer, + sizeof(zeroLenServer), clientList, clientLen); + /* Zero-length entry causes break, so no match found */ + ExpectIntEQ(ret, WOLFSSL_NPN_NO_OVERLAP); + } + + /* Test 7: Empty client list (clientLen == 0) - must NOT dereference + * clientNames[0]. */ + { + unsigned char emptyClient[] = { 0 }; + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, serverList, serverLen, + emptyClient, 0); + ExpectIntEQ(ret, WOLFSSL_NPN_NO_OVERLAP); + ExpectIntEQ(outLen, 0); + } + + /* Test 8: First protocol match - both start with "http/1.1" */ + out = NULL; + outLen = 0; + ret = wolfSSL_select_next_proto(&out, &outLen, serverList, serverLen, + clientListHttp, clientListHttpLen); + ExpectIntEQ(ret, WOLFSSL_NPN_NEGOTIATED); + ExpectIntEQ(outLen, 8); + ExpectNotNull(out); + ExpectIntEQ(XMEMCMP(out, "http/1.1", 8), 0); + + return EXPECT_RESULT(); +} + #endif /* HAVE_ALPN_PROTOS_SUPPORT */ static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) @@ -12857,6 +10253,115 @@ return EXPECT_RESULT(); } +/* Test SCR check when server doesn't reply to secure_renegotiation. */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) && \ + defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +/* IO callback to remove secure renegotiation extension from ServerHello */ +static int test_SCR_check_remove_ext_io_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + static int sentServerHello = FALSE; + + if (!sentServerHello) { + /* Look for secure renegotiation extension: 0xFF 0x01 (extension type) */ + byte renegExt[] = { 0xFF, 0x01 }; + size_t i; + + if (sz < (int)sizeof(renegExt)) + return test_memio_write_cb(ssl, buf, sz, ctx); + + /* Search for the extension in the buffer */ + for (i = 0; i < (size_t)sz - sizeof(renegExt); i++) { + if (XMEMCMP(buf + i, renegExt, sizeof(renegExt)) == 0) { + /* Found the extension. Remove it by changing the type to something + * unrecognized so it won't be parsed as secure renegotiation. */ + buf[i+1] = 0x11; + break; + } + } + sentServerHello = TRUE; + } + + /* Call the original test_memio_write_cb */ + return test_memio_write_cb(ssl, buf, sz, ctx); +} +#endif + +static int test_wolfSSL_SCR_check_enabled(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) && \ + defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + int ret; + int enabled; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Set up client and server */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + /* Enable secure renegotiation on client (so it sends the extension) */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); + + /* Set up IO callback on server to remove the extension from ServerHello */ + wolfSSL_SSLSetIOSend(ssl_s, test_SCR_check_remove_ext_io_cb); + + /* Try to connect - should fail with SECURE_RENEGOTIATION_E */ + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + ExpectIntNE(0, ret); /* Handshake should fail */ + ret = wolfSSL_get_error(ssl_c, 0); + ExpectIntEQ(WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E), ret); + + /* Clean up for next attempt */ + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + test_memio_clear_buffer(&test_ctx, 1); + test_memio_clear_buffer(&test_ctx, 0); + + /* Set up new client and server */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + /* Enable secure renegotiation on client */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); + + /* Set up IO callback on server to remove the extension from ServerHello */ + wolfSSL_SSLSetIOSend(ssl_s, test_SCR_check_remove_ext_io_cb); + + /* Disable the SCR check */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_scr_check_enabled(ssl_c, 0)); + + /* Verify the state is 0 */ + enabled = wolfSSL_get_scr_check_enabled(ssl_c); + ExpectIntEQ(0, enabled); + + /* Now connection should succeed */ + ExpectIntEQ(0, test_memio_do_handshake(ssl_c, ssl_s, 10, NULL)); + + /* Cleanup */ + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); + ctx_c = NULL; + wolfSSL_CTX_free(ctx_s); + ctx_s = NULL; +#endif + return EXPECT_RESULT(); +} + #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) /* Called when writing. */ @@ -13050,470 +10555,6 @@ /*----------------------------------------------------------------------------* | X509 Tests *----------------------------------------------------------------------------*/ -static int test_wolfSSL_X509_NAME_get_entry(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) -#if defined(OPENSSL_ALL) || \ - (defined(OPENSSL_EXTRA) && \ - (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) - /* use openssl like name to test mapping */ - X509_NAME_ENTRY* ne = NULL; - X509_NAME* name = NULL; - X509* x509 = NULL; - ASN1_STRING* asn = NULL; - char* subCN = NULL; - int idx = 0; - ASN1_OBJECT *object = NULL; -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) -#ifndef NO_BIO - BIO* bio = NULL; -#endif -#endif - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNull(X509_NAME_ENTRY_get_data(NULL)); - ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); - ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); - wolfSSL_FreeX509(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - -#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_NGINX) -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, - (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); - BIO_free(bio); -#endif -#endif - - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); - wolfSSL_FreeX509(x509); -#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ -#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */ - - return EXPECT_RESULT(); -} - -/* Testing functions dealing with PKCS12 parsing out X509 certs */ -static int test_wolfSSL_PKCS12(void) -{ - EXPECT_DECLS; - /* .p12 file is encrypted with DES3 */ -#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes - * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit) - * Password Key - */ -#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \ - !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ - !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) && \ - defined(WOLFSSL_AES_256) - byte buf[6000]; - char file[] = "./certs/test-servercert.p12"; - char order[] = "./certs/ecc-rsa-server.p12"; -#ifdef WC_RC2 - char rc2p12[] = "./certs/test-servercert-rc2.p12"; -#endif - char pass[] = "a password"; - const char goodPsw[] = "wolfSSL test"; - const char badPsw[] = "bad"; -#ifdef HAVE_ECC - WOLFSSL_X509_NAME *subject = NULL; - WOLFSSL_X509 *x509 = NULL; -#endif - XFILE f = XBADFILE; - int bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0; - WOLFSSL_BIO *bio = NULL; - WOLFSSL_EVP_PKEY *pkey = NULL; - WC_PKCS12 *pkcs12 = NULL; - WC_PKCS12 *pkcs12_2 = NULL; - WOLFSSL_X509 *cert = NULL; - WOLFSSL_X509 *tmp = NULL; - WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) - WOLFSSL_CTX *ctx = NULL; - WOLFSSL *ssl = NULL; - WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; -#endif - - ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); - ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - goodPswLen = (int)XSTRLEN(goodPsw); - badPswLen = (int)XSTRLEN(badPsw); - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - - ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ - ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12)); - ExpectNotNull(pkcs12); - BIO_free(bio); - bio = NULL; - - /* check verify MAC directly */ - ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1); - - /* check verify MAC fail case directly */ - ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0); - - /* check verify MAC fail case */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); - ExpectNull(pkey); - ExpectNull(cert); - - /* check parse with no extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), - 1); - ExpectNotNull(pkey); - ExpectNotNull(cert); - - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - wolfSSL_X509_free(cert); - cert = NULL; - - /* check parse with extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), - 1); - ExpectNotNull(pkey); - ExpectNotNull(cert); - ExpectNotNull(ca); - -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) - - /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ -#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) -#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#endif - /* Copy stack structure */ - ExpectNotNull(tmp_ca = X509_chain_up_ref(ca)); - ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); - /* CTX now owns the tmp_ca stack structure */ - tmp_ca = NULL; - ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); - ExpectNotNull(tmp_ca); - ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); - /* Check that the main cert is also set */ - ExpectNotNull(SSL_CTX_get0_certificate(ctx)); - ExpectNotNull(ssl = SSL_new(ctx)); - ExpectNotNull(SSL_get_certificate(ssl)); - SSL_free(ssl); - SSL_CTX_free(ctx); - ctx = NULL; -#endif -#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ - /* should be 2 other certs on stack */ - ExpectNotNull(tmp = sk_X509_pop(ca)); - X509_free(tmp); - ExpectNotNull(tmp = sk_X509_pop(ca)); - X509_free(tmp); - ExpectNull(sk_X509_pop(ca)); - - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(cert); - cert = NULL; - sk_X509_pop_free(ca, X509_free); - ca = NULL; - - /* check PKCS12_create */ - ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); - ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), - SSL_SUCCESS); - ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, - -1, -1, 100, -1, 0))); - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(cert); - cert = NULL; - sk_X509_pop_free(ca, NULL); - ca = NULL; - - ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), - SSL_SUCCESS); - PKCS12_free(pkcs12_2); - pkcs12_2 = NULL; - ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, - NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - NID_pbe_WithSHA1And3_Key_TripleDES_CBC, - 2000, 1, 0))); - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(cert); - cert = NULL; - sk_X509_pop_free(ca, NULL); - ca = NULL; - - /* convert to DER then back and parse */ - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); - PKCS12_free(pkcs12_2); - pkcs12_2 = NULL; - - ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); - BIO_free(bio); - bio = NULL; - ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), - SSL_SUCCESS); - - /* should be 2 other certs on stack */ - ExpectNotNull(tmp = sk_X509_pop(ca)); - X509_free(tmp); - ExpectNotNull(tmp = sk_X509_pop(ca)); - X509_free(tmp); - ExpectNull(sk_X509_pop(ca)); - - -#ifndef NO_RC4 - PKCS12_free(pkcs12_2); - pkcs12_2 = NULL; - ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, - NID_pbe_WithSHA1And128BitRC4, - NID_pbe_WithSHA1And128BitRC4, - 2000, 1, 0))); - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(cert); - cert = NULL; - sk_X509_pop_free(ca, NULL); - ca = NULL; - - ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), - SSL_SUCCESS); - -#endif /* NO_RC4 */ - - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(cert); - cert = NULL; - PKCS12_free(pkcs12); - pkcs12 = NULL; - PKCS12_free(pkcs12_2); - pkcs12_2 = NULL; - sk_X509_pop_free(ca, NULL); - ca = NULL; - -#ifdef HAVE_ECC - /* test order of parsing */ - ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE); - ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); - ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); - ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), - WOLFSSL_SUCCESS); - - /* check use of pkey after parse */ -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) -#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) -#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#endif - ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); - SSL_CTX_free(ctx); -#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ -#endif - - ExpectNotNull(pkey); - ExpectNotNull(cert); - ExpectNotNull(ca); - - /* compare subject lines of certificates */ - ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, - (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); - X509_free(x509); - x509 = NULL; - - /* test expected fail case */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, - SSL_FILETYPE_PEM)); - ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, - (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); - X509_free(x509); - x509 = NULL; - X509_free(cert); - cert = NULL; - - /* get subject line from ca stack */ - ExpectNotNull(cert = sk_X509_pop(ca)); - ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); - - /* compare subject from certificate in ca to expected */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, - (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); - - /* modify case and compare subject from certificate in ca to expected. - * The first bit of the name is: - * /C=US/ST=Washington - * So we'll change subject->name[1] to 'c' (lower case) */ - if (subject != NULL) { - subject->name[1] = 'c'; - ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, - (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); - } - - EVP_PKEY_free(pkey); - pkey = NULL; - X509_free(x509); - x509 = NULL; - X509_free(cert); - cert = NULL; - BIO_free(bio); - bio = NULL; - PKCS12_free(pkcs12); - pkcs12 = NULL; - sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ - ca = NULL; - - /* test order of parsing */ - ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); - ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - /* check verify MAC fail case */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); - ExpectNull(pkey); - ExpectNull(cert); - - /* check parse with no extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), - 1); - ExpectNotNull(pkey); - ExpectNotNull(cert); - - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - wolfSSL_X509_free(cert); - cert = NULL; - - /* check parse with extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), - 1); - ExpectNotNull(pkey); - ExpectNotNull(cert); - ExpectNotNull(ca); - - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - wolfSSL_X509_free(cert); - cert = NULL; - sk_X509_pop_free(ca, NULL); - ca = NULL; - - PKCS12_free(pkcs12); - pkcs12 = NULL; -#endif /* HAVE_ECC */ - -#ifdef WC_RC2 - /* test PKCS#12 with RC2 encryption */ - ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE); - ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); - ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); - - /* check verify MAC fail case */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); - ExpectNull(pkey); - ExpectNull(cert); - - /* check parse with not extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), - WOLFSSL_SUCCESS); - ExpectNotNull(pkey); - ExpectNotNull(cert); - - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - wolfSSL_X509_free(cert); - cert = NULL; - - /* check parse with extra certs kept */ - ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), - WOLFSSL_SUCCESS); - ExpectNotNull(pkey); - ExpectNotNull(cert); - ExpectNotNull(ca); - - wolfSSL_EVP_PKEY_free(pkey); - wolfSSL_X509_free(cert); - sk_X509_pop_free(ca, NULL); - - BIO_free(bio); - bio = NULL; - PKCS12_free(pkcs12); - pkcs12 = NULL; -#endif /* WC_RC2 */ - - /* Test i2d_PKCS12_bio */ - ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); - ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - - ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1); - - ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0); - - ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0); - - PKCS12_free(pkcs12); - BIO_free(bio); - - (void)order; -#endif /* OPENSSL_EXTRA */ -#endif /* HAVE_FIPS */ - return EXPECT_RESULT(); -} - #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \ @@ -13987,601 +11028,6 @@ } -static int test_wolfSSL_TBS(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ - && defined(OPENSSL_EXTRA) - WOLFSSL_X509* x509 = NULL; - const unsigned char* tbs; - int tbsSz; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); - ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); - ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); - ExpectIntEQ(tbsSz, 1003); - - wolfSSL_FreeX509(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_verify(void) -{ - EXPECT_DECLS; -#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ - defined(OPENSSL_EXTRA) - WOLFSSL_X509* ca = NULL; - WOLFSSL_X509* serv = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - unsigned char buf[2048]; - const unsigned char* pt = NULL; - int bufSz = 0; - - ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL), - WOLFSSL_SUCCESS); - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(bufSz, 294); - - bufSz--; - ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), - WOLFSSL_SUCCESS); - bufSz = 2048; - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); - - - ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - - /* success case */ - pt = buf; - ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - - ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); - - ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - - /* fail case */ - bufSz = 2048; - ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), - WOLFSSL_SUCCESS); - pt = buf; - ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); - ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - -#ifndef NO_WOLFSSL_STUB - ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL)); - ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv)); -#endif - - wolfSSL_EVP_PKEY_free(pkey); - - wolfSSL_FreeX509(ca); - wolfSSL_FreeX509(serv); -#endif - return EXPECT_RESULT(); -} - -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) -/* Given acert file and its pubkey file, read them and then - * attempt to verify signed acert. - * - * If expect_pass is true, then verification should pass. - * If expect_pass is false, then verification should fail. - * */ -static int do_acert_verify_test(const char * acert_file, - const char * pkey_file, - size_t expect_pass) -{ - X509_ACERT * x509 = NULL; - EVP_PKEY * pkey = NULL; - BIO * bp = NULL; - int verify_rc = 0; - - /* First read the attribute certificate. */ - bp = BIO_new_file(acert_file, "r"); - if (bp == NULL) { - return -1; - } - - x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); - BIO_free(bp); - bp = NULL; - - if (x509 == NULL) { - return -1; - } - - /* Next read the associated pub key. */ - bp = BIO_new_file(pkey_file, "r"); - - if (bp == NULL) { - X509_ACERT_free(x509); - x509 = NULL; - return -1; - } - - pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL); - BIO_free(bp); - bp = NULL; - - if (pkey == NULL) { - X509_ACERT_free(x509); - x509 = NULL; - return -1; - } - - /* Finally, do verification. */ - verify_rc = X509_ACERT_verify(x509, pkey); - - X509_ACERT_free(x509); - x509 = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; - - if (expect_pass && verify_rc != 1) { - return -1; - } - - if (!expect_pass && verify_rc == 1) { - return -1; - } - - return 0; -} -#endif - -static int test_wolfSSL_X509_ACERT_verify(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) - /* Walk over list of signed ACERTs and their pubkeys. - * All should load and pass verification. */ - const char * acerts[4] = {"certs/acert/acert.pem", - "certs/acert/acert_ietf.pem", - "certs/acert/rsa_pss/acert.pem", - "certs/acert/rsa_pss/acert_ietf.pem"}; - const char * pkeys[4] = {"certs/acert/acert_pubkey.pem", - "certs/acert/acert_ietf_pubkey.pem", - "certs/acert/rsa_pss/acert_pubkey.pem", - "certs/acert/rsa_pss/acert_ietf_pubkey.pem"}; - int rc = 0; - size_t i = 0; - size_t j = 0; - - for (i = 0; i < 4; ++i) { - for (j = i; j < 4; ++j) { - rc = do_acert_verify_test(acerts[i], pkeys[j], i == j); - - if (rc) { - fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n", - "do_acert_verify_test", i, j, rc); - break; - } - } - - if (rc) { break; } - } - - ExpectIntEQ(rc, 0); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ACERT_misc_api(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) - const char * acerts[4] = {"certs/acert/acert.pem", - "certs/acert/acert_ietf.pem", - "certs/acert/rsa_pss/acert.pem", - "certs/acert/rsa_pss/acert_ietf.pem"}; - int rc = 0; - X509_ACERT * x509 = NULL; - BIO * bp = NULL; - long ver_long = 0; - int ver = 0; - int nid = 0; - const byte * raw_attr = NULL; - word32 attr_len = 0; - size_t i = 0; - int buf_len = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - - for (i = 0; i < 4; ++i) { - const char * acert_file = acerts[i]; - int is_rsa_pss = 0; - int is_ietf_acert = 0; - byte serial[64]; - int serial_len = sizeof(serial); - - XMEMSET(serial, 0, sizeof(serial)); - - is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0; - is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0; - - /* First read the attribute certificate. */ - bp = BIO_new_file(acert_file, "r"); - ExpectNotNull(bp); - - x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); - ExpectNotNull(x509); - - /* We're done with the bio for now. */ - if (bp != NULL) { - BIO_free(bp); - bp = NULL; - } - - /* Check version and signature NID. */ - ver_long = X509_ACERT_get_version(x509); - ExpectIntEQ(ver_long, 1); - - ver = wolfSSL_X509_ACERT_version(x509); - ExpectIntEQ(ver, 2); - - nid = X509_ACERT_get_signature_nid(x509); - - if (is_rsa_pss) { - ExpectIntEQ(nid, NID_rsassaPss); - } - else { - ExpectIntEQ(nid, NID_sha256WithRSAEncryption); - } - - /* Get the serial number buffer. - * The ietf acert example has a 20 byte serial number. */ - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - ExpectIntEQ(serial_len, 20); - ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); - } - else { - ExpectIntEQ(serial_len, 1); - ExpectTrue(serial[0] == 0x01); - } - - /* Repeat the same but with null serial buffer. This is ok. */ - rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - ExpectIntEQ(serial_len, 20); - } - else { - ExpectIntEQ(serial_len, 1); - ExpectTrue(serial[0] == 0x01); - } - - /* Get the attributes buffer. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - if (is_ietf_acert) { - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 65); - } - else { - /* This cert has a 237 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 237); - } - - /* Test printing acert to memory bio. */ - ExpectNotNull(bp = BIO_new(BIO_s_mem())); - rc = X509_ACERT_print(bp, x509); - ExpectIntEQ(rc, SSL_SUCCESS); - - /* Now do a bunch of invalid stuff with partially valid inputs. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - ver_long = X509_ACERT_get_version(NULL); - ExpectIntEQ(ver_long, 0); - - ver = wolfSSL_X509_ACERT_version(NULL); - ExpectIntEQ(ver, 0); - - rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL); - ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR); - - rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len); - ExpectIntEQ(rc, SSL_SUCCESS); - ExpectIntEQ(buf_len, 256); - - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL); - ExpectIntEQ(rc, BAD_FUNC_ARG); - - rc = X509_ACERT_print(bp, NULL); - ExpectIntEQ(rc, WOLFSSL_FAILURE); - - rc = X509_ACERT_print(NULL, x509); - ExpectIntEQ(rc, WOLFSSL_FAILURE); - - /* Finally free the acert and bio, we're done with them. */ - if (x509 != NULL) { - X509_ACERT_free(x509); - x509 = NULL; - } - - if (bp != NULL) { - BIO_free(bp); - bp = NULL; - } - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ACERT_buffer(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) && \ - (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) - const byte acert_ietf[] = \ - "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" - "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" - "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" - "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" - "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" - "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" - "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" - "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" - "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" - "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" - "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" - "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" - "Bw==\n" - "-----END ATTRIBUTE CERTIFICATE-----\n"; - X509_ACERT * x509 = NULL; - int rc = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - byte serial[64]; - int serial_len = sizeof(serial); - const byte * raw_attr = NULL; - word32 attr_len = 0; - - x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, - sizeof(acert_ietf), - WOLFSSL_FILETYPE_PEM, - HEAP_HINT); - - rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - ExpectIntEQ(serial_len, 20); - ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); - - /* Get the attributes buffer. */ - rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); - ExpectIntEQ(rc, SSL_SUCCESS); - - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(raw_attr); - ExpectIntEQ(attr_len, 65); - - ExpectNotNull(x509); - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } -#endif - return EXPECT_RESULT(); -} - -/* note: when ACERT generation and signing are implemented, - * this test will be filled out appropriately. - * */ -static int test_wolfSSL_X509_ACERT_new_and_sign(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ - !defined(NO_RSA) && defined(WC_RSA_PSS) && \ - (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) - X509_ACERT * x509 = NULL; - int rc = 0; - - x509 = X509_ACERT_new(); - ExpectNotNull(x509); - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - - /* Same but with static memory hint. */ - x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT); - ExpectNotNull(x509); - - #ifndef NO_WOLFSSL_STUB - /* ACERT sign not implemented yet. */ - if (x509 != NULL) { - rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL); - ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED); - } - #else - (void) rc; - #endif /* NO_WOLFSSL_STUB */ - - if (x509 != NULL) { - wolfSSL_X509_ACERT_free(x509); - x509 = NULL; - } - -#endif - return EXPECT_RESULT(); -} - -/* Test ACERT support, but with ASN functions only. - * - * This example acert_ietf has both Holder IssuerSerial - * and Holder entityName fields. - * */ -static int test_wolfSSL_X509_ACERT_asn(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) - const byte acert_ietf[] = \ - "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" - "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" - "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" - "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" - "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" - "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" - "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" - "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" - "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" - "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" - "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" - "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" - "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" - "Bw==\n" - "-----END ATTRIBUTE CERTIFICATE-----\n"; - int rc = 0; - int n_diff = 0; - byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, - 0xa2, 0xaa, 0xb5, 0x40, 0x21, - 0x44, 0xb8, 0x2c, 0x4f, 0xd9, - 0x80, 0x1b, 0x5f, 0x57, 0xc2}; - byte holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x02, 0x43, 0x41}; - byte holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06, - 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x0e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x65, 0x78, - 0x61, 0x6d, 0x70, 0x6c, 0x65}; - DerBuffer * der = NULL; - WC_DECLARE_VAR(acert, DecodedAcert, 1, 0); - - rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, - HEAP_HINT, NULL, NULL); - - ExpectIntEQ(rc, 0); - ExpectNotNull(der); - - if (der != NULL) { - ExpectNotNull(der->buffer); - } - -#ifdef WOLFSSL_SMALL_STACK - acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, - DYNAMIC_TYPE_DCERT); - ExpectNotNull(acert); -#else - XMEMSET(acert, 0, sizeof(DecodedAcert)); -#endif - - if (der != NULL && der->buffer != NULL -#ifdef WOLFSSL_SMALL_STACK - && acert != NULL -#endif - ) { - wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); - rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); - ExpectIntEQ(rc, 0); - - ExpectIntEQ(acert->serialSz, 20); - ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), - 0); - - /* This cert has a 65 byte attributes field. */ - ExpectNotNull(acert->rawAttr); - ExpectIntEQ(acert->rawAttrLen, 65); - - ExpectNotNull(acert->holderIssuerName); - ExpectNotNull(acert->holderEntityName); - - if ((acert->holderIssuerName != NULL) && - (acert->holderEntityName != NULL)) { - ExpectNotNull(acert->holderEntityName->name); - ExpectNotNull(acert->holderIssuerName->name); - } - - if ((acert->holderIssuerName != NULL) && - (acert->holderEntityName != NULL) && - (acert->holderIssuerName->name != NULL) && - (acert->holderEntityName->name != NULL)) { - ExpectIntEQ(acert->holderIssuerName->len, - sizeof(holderIssuerName)); - ExpectIntEQ(acert->holderEntityName->len, - sizeof(holderEntityName)); - - ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE); - ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE); - - n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName, - sizeof(holderIssuerName)); - ExpectIntEQ(n_diff, 0); - - n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName, - sizeof(holderEntityName)); - ExpectIntEQ(n_diff, 0); - } - - wc_FreeDecodedAcert(acert); - } - -#ifdef WOLFSSL_SMALL_STACK - if (acert != NULL) { - XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); - acert = NULL; - } -#endif - - if (der != NULL) { - wc_FreeDer(&der); - der = NULL; - } - -#endif - return EXPECT_RESULT(); -} - #if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) @@ -14892,7 +11338,8 @@ { EXPECT_DECLS; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \ - (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) + (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) && \ + !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; byte preMasterSecret[512]; @@ -15242,754 +11689,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_NAME(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ - defined(OPENSSL_EXTRA)) - X509* x509 = NULL; -#ifndef OPENSSL_EXTRA - const unsigned char* c = NULL; - int bytes = 0; -#endif - unsigned char buf[4096]; - XFILE f = XBADFILE; - const X509_NAME* a = NULL; - const X509_NAME* b = NULL; - X509_NAME* d2i_name = NULL; - int sz = 0; - unsigned char* tmp = NULL; - char file[] = "./certs/ca-cert.der"; -#ifndef OPENSSL_EXTRA_X509_SMALL - byte empty[] = { /* CN=empty emailAddress= */ - 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, - 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, - 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, - 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, - 0x01, 0x16, 0x00 - }; -#endif -#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) - byte digest[64]; /* max digest size */ - word32 digestSz; -#endif - -#ifndef OPENSSL_EXTRA_X509_SMALL - /* test compile of deprecated function, returns 0 */ - ExpectIntEQ(CRYPTO_thread_id(), 0); -#endif - - ExpectNotNull(a = X509_NAME_new()); - ExpectNotNull(b = X509_NAME_new()); -#ifndef OPENSSL_EXTRA_X509_SMALL - ExpectIntEQ(X509_NAME_cmp(a, b), 0); -#endif - X509_NAME_free((X509_NAME*)b); - X509_NAME_free((X509_NAME*)a); - a = NULL; - - ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); -#ifndef OPENSSL_EXTRA - ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - c = buf; - ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); -#else - ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE)); - ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f)); - if (f != XBADFILE) - XFCLOSE(f); -#endif - - /* test cmp function */ - ExpectNull(X509_get_issuer_name(NULL)); - ExpectNotNull(a = X509_get_issuer_name(x509)); - ExpectNull(X509_get_subject_name(NULL)); - ExpectNotNull(b = X509_get_subject_name(x509)); -#ifdef KEEP_PEER_CERT - ExpectNull(wolfSSL_X509_get_subjectCN(NULL)); - ExpectNotNull(wolfSSL_X509_get_subjectCN(x509)); -#endif - -#if defined(OPENSSL_EXTRA) - ExpectIntEQ(X509_check_issued(NULL, NULL), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(x509, NULL), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(NULL, x509), - WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); - ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK); - - ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2); - ExpectIntEQ(X509_NAME_cmp(NULL, b), -2); - ExpectIntEQ(X509_NAME_cmp(a, NULL), -2); - ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ - -#if !defined(NO_PWDBASED) - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0); -#ifndef NO_SHA256 - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL, - NULL), 0); -#endif - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest, - &digestSz), 0); -#ifndef NO_SHA256 - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest, - &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL, - &digestSz), 0); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, - NULL), 1); - ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, - &digestSz), 1); - ExpectTrue(digestSz == 32); -#endif -#else - ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), - NOT_COMPILED_IN); -#endif -#endif /* OPENSSL_EXTRA */ - - tmp = buf; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); - if (sz > 0 && tmp == buf) { - fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, - __LINE__); - fprintf(stderr, " Expected pointer to be incremented\n"); - abort(); - } - -#ifndef OPENSSL_EXTRA_X509_SMALL - tmp = buf; - ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); -#endif - - /* if output parameter is NULL, should still return required size. */ - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); - /* retry but with the function creating a buffer */ - tmp = NULL; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - tmp = NULL; - -#ifdef WOLFSSL_CERT_NAME_ALL - /* test for givenName and name */ - { - WOLFSSL_X509_NAME_ENTRY* entry = NULL; - WOLFSSL_X509_NAME_ENTRY empty; - const byte gName[] = "test-given-name"; - const byte name[] = "test-name"; - - XMEMSET(&empty, 0, sizeof(empty)); - - ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, - NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName))); - ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, - NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); - ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, - NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , NULL , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , entry , -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0), - 0); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0), - 1); - wolfSSL_X509_NAME_ENTRY_free(entry); - entry = NULL; - - ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, - NID_name, ASN_UTF8STRING, name, sizeof(name))); - ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0), - 1); - wolfSSL_X509_NAME_ENTRY_free(entry); - - tmp = NULL; - ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); - XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); - } -#endif - - b = NULL; - ExpectNull(X509_NAME_dup(NULL)); - ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a)); -#ifndef OPENSSL_EXTRA_X509_SMALL - ExpectIntEQ(X509_NAME_cmp(a, b), 0); -#endif - ExpectIntEQ(X509_NAME_entry_count(NULL), 0); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); - X509_NAME_free((X509_NAME*)b); - ExpectNotNull(b = wolfSSL_X509_NAME_new()); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0); - ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1); - ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); - X509_NAME_free((X509_NAME*)b); - X509_NAME_free(d2i_name); - d2i_name = NULL; - X509_free(x509); - -#ifndef OPENSSL_EXTRA_X509_SMALL - /* test with an empty domain component */ - tmp = empty; - sz = sizeof(empty); - ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); - ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2); - - /* size of empty emailAddress will be 0 */ - tmp = buf; - ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, - (char*)tmp, sizeof(buf)), 0); - - /* should contain no organization name */ - tmp = buf; - ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, - (char*)tmp, sizeof(buf)), -1); - X509_NAME_free(d2i_name); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) - BIO* bio = NULL; - X509* x509 = NULL; - X509_NAME* name = NULL; - - ExpectIntEQ(X509_NAME_hash(NULL), 0); - ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL)); - ExpectIntEQ(X509_NAME_hash(name), 0); - X509_NAME_free(name); - - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); - ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); - X509_free(x509); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_print_ex(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ - (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ - defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ - !defined(NO_BIO) && !defined(NO_RSA) - int memSz = 0; - byte* mem = NULL; - BIO* bio = NULL; - BIO* membio = NULL; - X509* x509 = NULL; - X509_NAME* name = NULL; - X509_NAME* empty = NULL; - - const char* expNormal = "C=US, CN=wolfssl.com"; - const char* expEqSpace = "C = US, CN = wolfssl.com"; - const char* expReverse = "CN=wolfssl.com, C=US"; - - const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; - const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; - const char* expRFC5523 = - "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; - - /* Test with real cert (svrCertFile) first */ - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectNotNull(name = X509_get_subject_name(x509)); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectNotNull(empty = wolfSSL_X509_NAME_new()); - ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - wolfSSL_X509_NAME_free(empty); - BIO_free(membio); - membio = NULL; - - /* Test flag: XN_FLAG_RFC2253 */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - BIO_free(membio); - membio = NULL; - - /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - BIO_free(membio); - membio = NULL; - - X509_free(x509); - BIO_free(bio); - name = NULL; - - /* Test with empty issuer cert empty-issuer-cert.pem. - * See notes in certs/test/gen-testcerts.sh for how it was generated. */ - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0); - ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); - ExpectNotNull(name = X509_get_subject_name(x509)); - - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - /* Should be empty string "" */ - ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0); - - BIO_free(membio); - membio = NULL; - X509_free(x509); - BIO_free(bio); - name = NULL; - - /* Test normal case without escaped characters */ - { - /* Create name: "/C=US/CN=wolfssl.com" */ - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", - MBSTRING_UTF8, (byte*)"US", 2, -1, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", - MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), - WOLFSSL_SUCCESS); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNormal)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); - BIO_free(membio); - membio = NULL; - - /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for - spaces around '=' */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), - WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); - ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_RFC2253 - should be reversed */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expReverse)); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_DN_REV - reversed */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expReverse)); - ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); - BIO_free(membio); - membio = NULL; - - X509_NAME_free(name); - name = NULL; - } - - /* Test RFC2253 characters are escaped with backslashes */ - { - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", - /* space at beginning and end, and: ,+"\ */ - MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", - /* # at beginning, and: <>;*/ - MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), - WOLFSSL_SUCCESS); - - /* Test without flags */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNotEscaped)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped, - XSTRLEN(expNotEscaped)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_RFC2253), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expRFC5523)); - ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); - BIO_free(membio); - membio = NULL; - - /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ - ExpectNotNull(membio = BIO_new(BIO_s_mem())); - ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, - XN_FLAG_DN_REV), WOLFSSL_SUCCESS); - ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); - ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev)); - ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, - XSTRLEN(expNotEscapedRev)), 0); - BIO_free(membio); - - X509_NAME_free(name); - } -#endif - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_X509_INFO_multiple_info(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - STACK_OF(X509_INFO) *info_stack = NULL; - X509_INFO *info = NULL; - int len; - int i; - const char* files[] = { - cliCertFile, - cliKeyFile, - /* This needs to be the order as svrCertFile contains the - * intermediate cert as well. */ - svrKeyFile, - svrCertFile, - NULL, - }; - const char** curFile; - BIO *fileBIO = NULL; - BIO *concatBIO = NULL; - byte tmp[FOURK_BUF]; - - /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio - * to group objects together. */ - ExpectNotNull(concatBIO = BIO_new(BIO_s_mem())); - for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) { - int fileLen = 0; - ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb")); - ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0); - if (EXPECT_SUCCESS()) { - while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { - ExpectIntEQ(BIO_write(concatBIO, tmp, len), len); - fileLen -= len; - if (EXPECT_FAIL()) - break; - } - /* Make sure we read the entire file */ - ExpectIntEQ(fileLen, 0); - } - BIO_free(fileBIO); - fileBIO = NULL; - } - - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, - NULL)); - ExpectIntEQ(sk_X509_INFO_num(info_stack), 3); - for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { - ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); - ExpectNotNull(info->x509); - ExpectNull(info->crl); - if (i != 2) { - ExpectNotNull(info->x_pkey); - ExpectIntEQ(X509_check_private_key(info->x509, - info->x_pkey->dec_pkey), 1); - } - else { - ExpectNull(info->x_pkey); - } - } - - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - BIO_free(concatBIO); -#endif - return EXPECT_RESULT(); -} -#endif - -#ifndef NO_BIO -static int test_wolfSSL_X509_INFO(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - STACK_OF(X509_INFO) *info_stack = NULL; - X509_INFO *info = NULL; - BIO *cert = NULL; - int i; - /* PEM in hex format to avoid null terminator */ - byte data[] = { - 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, - 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, - 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, - 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, - 0x2d, 0x2d, 0x2d - }; - /* PEM in hex format to avoid null terminator */ - byte data2[] = { - 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, - 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, - 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, - 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, - 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, - 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, - 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d - }; - - ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { - ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); - ExpectNotNull(info->x509); - ExpectNull(info->crl); - ExpectNull(info->x_pkey); - } - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - - ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); - ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - - /* This case should fail due to invalid input. */ - ExpectNotNull(cert = BIO_new(BIO_s_mem())); - ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); - ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - info_stack = NULL; - BIO_free(cert); - cert = NULL; - ExpectNotNull(cert = BIO_new(BIO_s_mem())); - ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); - ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); - sk_X509_INFO_pop_free(info_stack, X509_INFO_free); - BIO_free(cert); -#endif - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_subject_name_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) - X509* x509 = NULL; - X509_NAME* subjectName = NULL; - unsigned long ret1 = 0; - unsigned long ret2 = 0; - - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_subject_name_hash(NULL), 0); - ExpectIntEQ(X509_subject_name_hash(x509), 0); - X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); - - /* These two - * - X509_subject_name_hash(x509) - * - X509_NAME_hash(X509_get_subject_name(x509)) - * should give the same hash, if !defined(NO_SHA) is true. */ - - ret1 = X509_subject_name_hash(x509); - ExpectIntNE(ret1, 0); - -#if !defined(NO_SHA) - ret2 = X509_NAME_hash(X509_get_subject_name(x509)); - ExpectIntNE(ret2, 0); - - ExpectIntEQ(ret1, ret2); -#else - (void) ret2; -#endif - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_issuer_name_hash(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ - && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) - X509* x509 = NULL; - X509_NAME* issuertName = NULL; - unsigned long ret1 = 0; - unsigned long ret2 = 0; - - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_issuer_name_hash(NULL), 0); - ExpectIntEQ(X509_issuer_name_hash(x509), 0); - X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); - - /* These two - * - X509_issuer_name_hash(x509) - * - X509_NAME_hash(X509_get_issuer_name(x509)) - * should give the same hash, if !defined(NO_SHA) is true. */ - - ret1 = X509_issuer_name_hash(x509); - ExpectIntNE(ret1, 0); - -#if !defined(NO_SHA) - ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); - ExpectIntNE(ret2, 0); - - ExpectIntEQ(ret1, ret2); -#else - (void) ret2; -#endif - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_host(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ - && !defined(NO_SHA) && !defined(NO_RSA) - X509* x509 = NULL; - const char altName[] = "example.com"; - const char badAltName[] = "a.example.com"; - - ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - - ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), - WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ - ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_check_host(x509, NULL, 0, - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), - WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - X509_free(x509); - - ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ - ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), - WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_email(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) - X509* x509 = NULL; - X509* empty = NULL; - const char goodEmail[] = "info@wolfssl.com"; - const char badEmail[] = "disinfo@wolfssl.com"; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(empty = wolfSSL_X509_new()); - - ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail), - 0), 0); - ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail), - 0), 0); - - /* Should fail on non-matching email address */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Should succeed on matching email address */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), - WOLFSSL_SUCCESS); - /* Should compute length internally when not provided */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), - WOLFSSL_SUCCESS); - /* Should fail when email address is NULL */ - ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - X509_free(empty); - X509_free(x509); - - /* Should fail when x509 is NULL */ - ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ - return EXPECT_RESULT(); -} - static int test_wc_PemToDer(void) { EXPECT_DECLS; @@ -16012,7 +11711,7 @@ pDer = NULL; if (cert_buf != NULL) { - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); cert_buf = NULL; } @@ -16024,7 +11723,7 @@ pDer = NULL; if (cert_buf != NULL) { - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); cert_buf = NULL; } @@ -16046,7 +11745,7 @@ #endif wc_FreeDer(&pDer); if (cert_buf != NULL) - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif #endif @@ -16103,7 +11802,7 @@ if (cert_der != NULL) free(cert_der); if (cert_buf != NULL) - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return EXPECT_RESULT(); } @@ -16217,7 +11916,7 @@ } if (cert_buf != NULL) { - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif return EXPECT_RESULT(); @@ -16598,15 +12297,15 @@ ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0, RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - /* Wrong aglo. */ + /* Wrong algo. */ ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, - keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E)); + keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_SIG_OID_E)); wc_FreeDecodedCert(&decoded); if (cert_der != NULL) free(cert_der); if (cert_buf != NULL) - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return EXPECT_RESULT(); } @@ -17045,44 +12744,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_check_private_key(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \ - !defined(NO_FILESYSTEM) - X509* x509 = NULL; - EVP_PKEY* pkey = NULL; - const byte* key; - - /* Check with correct key */ - ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM))); - key = client_key_der_2048; - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, - (long)sizeof_client_key_der_2048)); - ExpectIntEQ(X509_check_private_key(x509, pkey), 1); - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Check with wrong key */ - key = server_key_der_2048; - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, - (long)sizeof_server_key_der_2048)); - ExpectIntEQ(X509_check_private_key(x509, pkey), 0); - - /* test for incorrect parameter */ - ExpectIntEQ(X509_check_private_key(NULL, pkey), 0); - ExpectIntEQ(X509_check_private_key(x509, NULL), 0); - ExpectIntEQ(X509_check_private_key(NULL, NULL), 0); - - EVP_PKEY_free(pkey); - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - static int test_wolfSSL_private_keys(void) { EXPECT_DECLS; @@ -17344,1181 +13005,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_def_callback(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - char buf[10]; - const char* defpwd = "DEF PWD"; - int defpwdLen = (int)XSTRLEN(defpwd); - int smallLen = 1; - - /* Bad parameters. */ - ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); - ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), - 0); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); - - XMEMSET(buf, 0, sizeof(buf)); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), - defpwdLen); - ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); - ExpectIntEQ(buf[defpwdLen], 0); - /* Size of buffer is smaller than default password. */ - XMEMSET(buf, 0, sizeof(buf)); - ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), - smallLen); - ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); - ExpectIntEQ(buf[smallLen], 0); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_PrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) - XFILE file = XBADFILE; -#if !defined(NO_RSA) - const char* fname_rsa = "./certs/server-key.pem"; - RSA* rsa = NULL; - WOLFSSL_EVP_PKEY_CTX* ctx = NULL; - unsigned char* sig = NULL; - size_t sigLen = 0; - const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; - size_t tbsLen = sizeof(tbs); -#endif -#if !defined(NO_DSA) - const char* fname_dsa = "./certs/dsa2048.pem"; -#endif -#if defined(HAVE_ECC) - const char* fname_ec = "./certs/ecc-key.pem"; -#endif -#if !defined(NO_DH) - const char* fname_dh = "./certs/dh-priv-2048.pem"; -#endif - EVP_PKEY* pkey = NULL; - - /* Check error case. */ - ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); - - /* not a PEM key. */ - ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - -#ifndef NO_RSA - /* Read in an RSA key. */ - ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - - /* Make sure the key is usable by signing some data with it. */ - ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); - ExpectIntGT((sigLen = RSA_size(rsa)), 0); - ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), - WOLFSSL_SUCCESS); - - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - -#ifndef NO_DSA - /* Read in a DSA key. */ - ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; -#else - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); -#endif - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; -#endif - -#ifdef HAVE_ECC - /* Read in an EC key. */ - ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - -#ifndef NO_DH - /* Read in a DH key. */ - ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) - ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; -#else - ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); -#endif - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ - && !defined(NO_FILESYSTEM) - XFILE file = XBADFILE; - const char* fname = "./certs/client-keyPub.pem"; - EVP_PKEY* pkey = NULL; - - /* Check error case. */ - ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); - - /* Read in an RSA key. */ - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); - EVP_PKEY_free(pkey); - pkey = NULL; - if (file != XBADFILE) - XFCLOSE(file); - file = XBADFILE; - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); - EVP_PKEY_free(pkey); - if (file != XBADFILE) - XFCLOSE(file); -#endif - return EXPECT_RESULT(); -} - -/* test loading RSA key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_rsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ - !defined(NO_BIO) - BIO* bio = NULL; - XFILE file = XBADFILE; - const char* fname = "./certs/server-key.pem"; - const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; - EVP_PKEY* pkey = NULL; - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - RSA* rsa_key = NULL; -#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) - unsigned char extra[10]; - int i; - BIO* pub_bio = NULL; - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; -#endif - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - - /* New empty EVP_PKEY */ - ExpectNotNull(pkey2 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_RSA; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); - EVP_PKEY_free(pkey2); - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Qt unit test case : rsa pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); - - ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); - ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); - -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); -#else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); -#endif - - RSA_free(rsa_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; - pkey2 = NULL; - -#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) - #define BIO_PEM_TEST_CHAR 'a' - XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, - (long)sizeof_server_key_der_2048)); - ExpectNull(pkey); - - ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, - (long)sizeof_server_key_der_2048)); - ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(bio), 0); - ExpectIntEQ(BIO_pending(bio), 1679); - /* Check if the pubkey API writes only the public key */ -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(pub_bio), 0); - /* Previously both the private key and the pubkey calls would write - * out the private key and the PEM header was the only difference. - * The public PEM should be significantly shorter than the - * private key versison. */ - ExpectIntEQ(BIO_pending(pub_bio), 451); -#else - /* Not supported. */ - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); -#endif - - /* test creating new EVP_PKEY with good args */ - ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, - pkey->pkey_sz), 0); - } - - /* test of reuse of EVP_PKEY */ - ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectIntEQ(BIO_pending(bio), 0); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - SSL_SUCCESS); - /* add 10 extra bytes after PEM */ - ExpectIntEQ(BIO_write(bio, extra, 10), 10); - ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); - ExpectNotNull(pkey); - if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { - ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, - pkey->pkey_sz), 0); - } - /* check 10 extra bytes still there */ - ExpectIntEQ(BIO_pending(bio), 10); - ExpectIntEQ(BIO_read(bio, extra, 10), 10); - for (i = 0; i < 10; i++) { - ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); - } - - BIO_free(pub_bio); - BIO_free(bio); - bio = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - EVP_PKEY_free(pkey2); -#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && - * !NO_FILESYSTEM && !NO_BIO */ - return EXPECT_RESULT(); -} - -/* test loading ECC key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_ecc(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - XFILE file = XBADFILE; - const char* fname = "./certs/ecc-key.pem"; - const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; - - size_t sz = 0; - byte* buf = NULL; - EVP_PKEY* pkey2 = NULL; - EVP_PKEY* pkey3 = NULL; - EC_KEY* ec_key = NULL; - int nid = 0; - BIO* pub_bio = NULL; - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(bio), 0); - /* No parameters. */ - ExpectIntEQ(BIO_pending(bio), 227); - /* Check if the pubkey API writes only the public key */ -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); - ExpectIntGT(BIO_pending(pub_bio), 0); - /* Previously both the private key and the pubkey calls would write - * out the private key and the PEM header was the only difference. - * The public PEM should be significantly shorter than the - * private key versison. */ - ExpectIntEQ(BIO_pending(pub_bio), 178); -#endif - BIO_free(pub_bio); - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey2 = EVP_PKEY_new()); - ExpectNotNull(pkey3 = EVP_PKEY_new()); - if (pkey2 != NULL) { - pkey2->type = EVP_PKEY_EC; - } - /* Test parameter copy */ - ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); - - - /* Qt unit test case 1*/ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); - #endif - /* Test default digest */ - ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); - ExpectIntEQ(nid, NID_sha256); - EC_KEY_free(ec_key); - ec_key = NULL; - EVP_PKEY_free(pkey3); - pkey3 = NULL; - EVP_PKEY_free(pkey2); - pkey2 = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - - /* Qt unit test case ec pkcs8 key */ - ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); - ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - buf = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(pkey3 = EVP_PKEY_new()); - /* Qt unit test case */ - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); -#ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); -#else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); -#endif - EC_KEY_free(ec_key); - EVP_PKEY_free(pkey3); - EVP_PKEY_free(pkey); - pkey = NULL; -#endif - return EXPECT_RESULT(); -} - -/* test loading DSA key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_dsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - - ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); - /* Private DSA EVP_PKEY */ - ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, - NULL)); - BIO_free(bio); - bio = NULL; - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#ifdef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 1216); -#else - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 1212); -#endif -#endif - -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); -#ifdef WOLFSSL_ASN_TEMPLATE - ExpectIntEQ(BIO_pending(bio), 2394); -#else - ExpectIntEQ(BIO_pending(bio), 2390); -#endif - BIO_reset(bio); -#endif - - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 1); - ExpectIntEQ(BIO_pending(bio), 1196); - - BIO_free(bio); - bio = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; -#endif -#endif - return EXPECT_RESULT(); -} - -/* test loading DH key using BIO */ -static int test_wolfSSL_PEM_PrivateKey_dh(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ - !defined(NO_FILESYSTEM) && !defined(NO_BIO) -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - int expectedBytes = 0; - - ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); - /* Private DH EVP_PKEY */ - ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, - NULL)); - BIO_free(bio); - bio = NULL; - - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - expectedBytes += 806; - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), expectedBytes); -#endif -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); -#endif - - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 1); - expectedBytes += 806; - ExpectIntEQ(BIO_pending(bio), expectedBytes); - - BIO_free(bio); - bio = NULL; - - EVP_PKEY_free(pkey); - pkey = NULL; -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_PrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) -#ifndef NO_BIO - BIO* bio = NULL; -#endif - EVP_PKEY* pkey = NULL; - const unsigned char* server_key = (const unsigned char*)server_key_der_2048; - -#ifndef NO_BIO - - /* test creating new EVP_PKEY with bad arg */ - ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); - - /* Test bad EVP_PKEY type. */ - /* New HMAC EVP_PKEY */ - ExpectNotNull(bio = BIO_new_mem_buf("", 1)); - ExpectNotNull(pkey = EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = EVP_PKEY_HMAC; - } - ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), - 0); -#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) - ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); -#endif -#ifdef WOLFSSL_KEY_GEN - ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(bio); - bio = NULL; - - - /* key is DES encrypted */ - #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ - !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ - !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - { - XFILE f = XBADFILE; - wc_pem_password_cb* passwd_cb = NULL; - void* passwd_cb_userdata; - SSL_CTX* ctx = NULL; - char passwd[] = "bad password"; - - #ifndef WOLFSSL_NO_TLS12 - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); - #endif - #else - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method())); - #endif - #endif - - ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); - SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); - ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); - ExpectNull(passwd_cb_userdata = - SSL_CTX_get_default_passwd_cb_userdata(ctx)); - - /* fail case with password call back */ - ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, - (void*)passwd)); - BIO_free(bio); - ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); - ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, - (void*)passwd)); - BIO_free(bio); - - ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE); - ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); - if ((bio == NULL) && (f != XBADFILE)) { - XFCLOSE(f); - } - - /* use callback that works */ - ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, - (void*)"yassl123")); - - ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); - - EVP_PKEY_free(pkey); - pkey = NULL; - BIO_free(bio); - bio = NULL; - SSL_CTX_free(ctx); - } - #endif /* !defined(NO_DES3) */ - -#endif /* !NO_BIO */ - - #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) - { - unsigned char buf[2048]; - size_t bytes = 0; - XFILE f = XBADFILE; - SSL_CTX* ctx = NULL; - - #ifndef WOLFSSL_NO_TLS12 - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); - #endif - #else - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); - #endif - #endif - - ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); - ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - server_key = buf; - pkey = NULL; - ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long int)bytes)); - ExpectNull(pkey); - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long int)bytes)); - ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); - - EVP_PKEY_free(pkey); - pkey = NULL; - SSL_CTX_free(ctx); - server_key = NULL; - } - #endif - -#ifndef NO_BIO - (void)bio; -#endif - (void)pkey; - (void)server_key; -#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_file_RSAKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - RSA* rsa = NULL; - XFILE fp = XBADFILE; - - ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(RSA_size(rsa), 256); - - ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); - - ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); - - RSA_free(rsa); -#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_file_RSAPrivateKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(NO_FILESYSTEM) && \ - (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) - RSA* rsa = NULL; - XFILE f = NULL; - - ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - - ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - - RSA_free(rsa); - -#ifdef HAVE_ECC - ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE); - ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); - if (f != XBADFILE) - XFCLOSE(f); -#endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_read_RSA_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - XFILE file = XBADFILE; - const char* fname = "./certs/client-keyPub.pem"; - RSA *rsa = NULL; - - ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - RSA_free(rsa); - if (file != XBADFILE) - XFCLOSE(file); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_PEM_bio_RSAKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) - RSA* rsa = NULL; - BIO* bio = NULL; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); - ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); - ExpectNotNull(rsa); - ExpectIntEQ(RSA_size(rsa), 256); - ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); - ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); - ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - RSA_free(rsa); - rsa = NULL; - - /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ - ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); - ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - - #ifdef HAVE_ECC - /* ensure that non-rsa keys do not work */ - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - #endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_RSAPrivateKey(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - RSA* rsa = NULL; - RSA* rsa_dup = NULL; - BIO* bio = NULL; - - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); - ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectIntEQ(RSA_size(rsa), 256); - -#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) - ExpectNull(rsa_dup = RSAPublicKey_dup(NULL)); - /* Test duplicating empty key. */ - ExpectNotNull(rsa_dup = RSA_new()); - ExpectNull(RSAPublicKey_dup(rsa_dup)); - RSA_free(rsa_dup); - rsa_dup = NULL; - ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa)); - ExpectPtrNE(rsa_dup, rsa); -#endif - - /* test if valgrind complains about unreleased memory */ - RSA_up_ref(rsa); - RSA_free(rsa); - - BIO_free(bio); - bio = NULL; - RSA_free(rsa); - rsa = NULL; - RSA_free(rsa_dup); - rsa_dup = NULL; - -#ifdef HAVE_ECC - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); - ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); - - BIO_free(bio); -#endif /* HAVE_ECC */ -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_DSAKey(void) -{ - EXPECT_DECLS; -#ifndef HAVE_SELFTEST -#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) - DSA* dsa = NULL; - BIO* bio = NULL; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); - ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); - ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectIntEQ(BN_num_bytes(dsa->g), 128); - ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); - ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); - ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); - ExpectIntEQ(BN_num_bytes(dsa->g), 128); - ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - - #ifdef HAVE_ECC - /* ensure that non-dsa keys do not work */ - ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ - ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - DSA_free(dsa); - dsa = NULL; - #endif /* HAVE_ECC */ -#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ - !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ -#endif /* HAVE_SELFTEST */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_bio_ECKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) - EC_KEY* ec = NULL; - EC_KEY* ec2; - BIO* bio = NULL; -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - unsigned char* pem = NULL; - int pLen; -#endif - static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" - "MAA=\n" - "-----END PUBLIC KEY-----"; - static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" - "MAA=\n" - "-----END EC PRIVATE KEY-----"; - - /* PrivateKey */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); - ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); - ec2 = NULL; - ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); - ExpectIntEQ(ec == ec2, 1); - ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, - NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - /* Public key data - fail. */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); - ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ - NULL), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, - NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), - WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, - NULL), 0); -#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, - &pLen), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, - NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, - &pLen), 1); - ExpectIntGT(pLen, 0); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - EC_KEY_free(ec); - ec = NULL; - - /* PUBKEY */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); - ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); - ec2 = NULL; - ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); - ExpectIntEQ(ec == ec2, 1); - ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); - ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio); - bio = NULL; - /* Test 0x30, 0x00 fails. */ - ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, - sizeof(ec_key_bad_1))); - ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - - /* Private key data - fail. */ - ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); - ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); - BIO_free(bio); - bio = NULL; - - /* Same test as above, but with a file pointer rather than a BIO. */ - ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); - - EC_KEY_free(ec); - ec = NULL; - - #ifndef NO_RSA - /* ensure that non-ec keys do not work */ - ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ - ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); - ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - EC_KEY_free(ec); - ec = NULL; - #endif /* !NO_RSA */ - /* Test 0x30, 0x00 fails. */ - ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, - sizeof(ec_priv_key_bad_1))); - ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); - BIO_free(bio); - bio = NULL; -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_PUBKEY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) - BIO* bio = NULL; - EVP_PKEY* pkey = NULL; - - /* test creating new EVP_PKEY with bad arg */ - ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); - - /* test loading ECC key using BIO */ -#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) - { - XFILE file = XBADFILE; - const char* fname = "./certs/ecc-client-keyPub.pem"; - size_t sz = 0; - byte* buf = NULL; - - EVP_PKEY* pkey2 = NULL; - EC_KEY* ec_key = NULL; - - ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); - ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); - ExpectIntGT(sz = XFTELL(file), 0); - ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); - ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); - if (buf != NULL) { - ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); - } - if (file != XBADFILE) { - XFCLOSE(file); - } - - /* Test using BIO new mem and loading PEM private key */ - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); - BIO_free(bio); - bio = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); - BIO_free(bio); - bio = NULL; - - /* Qt unit test case*/ - ExpectNotNull(pkey2 = EVP_PKEY_new()); - ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); - ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); - #ifdef WOLFSSL_ERROR_CODE_OPENSSL - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); - #else - ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); - #endif - - EC_KEY_free(ec_key); - EVP_PKEY_free(pkey2); - EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif - - (void)bio; - (void)pkey; -#endif - return EXPECT_RESULT(); -} - -#endif /* !NO_BIO */ - static int test_wolfSSL_tmp_dh(void) { EXPECT_DECLS; @@ -18790,754 +13276,6 @@ } -static int test_wolfSSL_EVP_PKEY_new_mac_key(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - static const unsigned char pw[] = "password"; - static const int pwSz = sizeof(pw) - 1; - size_t checkPwSz = 0; - const unsigned char* checkPw = NULL; - WOLFSSL_EVP_PKEY* key = NULL; - - ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz)); - ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz)); - - ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, - pwSz)); - if (key != NULL) { - ExpectIntEQ(key->type, EVP_PKEY_HMAC); - ExpectIntEQ(key->save_type, EVP_PKEY_HMAC); - ExpectIntEQ(key->pkey_sz, pwSz); - ExpectIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0); - } - ExpectNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz)); - ExpectIntEQ((int)checkPwSz, pwSz); - ExpectIntEQ(XMEMCMP(checkPw, pw, pwSz), 0); - wolfSSL_EVP_PKEY_free(key); - key = NULL; - - ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, - 0)); - ExpectIntEQ(key->pkey_sz, 0); - if (EXPECT_SUCCESS()) { - /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ - checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); - } - ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); - ExpectIntEQ((int)checkPwSz, 0); - wolfSSL_EVP_PKEY_free(key); - key = NULL; - - ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, - 0)); - ExpectIntEQ(key->pkey_sz, 0); - if (EXPECT_SUCCESS()) { - /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ - checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); - } - ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); - ExpectIntEQ((int)checkPwSz, 0); - wolfSSL_EVP_PKEY_free(key); - key = NULL; -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && \ - defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_128) - const char *priv = "ABCDEFGHIJKLMNOP"; - const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc(); - WOLFSSL_EVP_PKEY* key = NULL; - - ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( - NULL, NULL, AES_128_KEY_SIZE, cipher)); - ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( - NULL, (const unsigned char *)priv, 0, cipher)); - ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( - NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, NULL)); - - ExpectNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( - NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, cipher)); - wolfSSL_EVP_PKEY_free(key); -#endif /* WOLFSSL_CMAC && !NO_AES && WOLFSSL_AES_DIRECT && WOLFSSL_AES_128 */ -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_Digest(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) - const char* in = "abc"; - int inLen = (int)XSTRLEN(in); - byte out[WC_SHA256_DIGEST_SIZE]; - unsigned int outLen; - const char* expOut = - "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" - "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" - "\x15\xAD"; - - ExpectIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, - "SHA256", NULL), 1); - ExpectIntEQ(outLen, WC_SHA256_DIGEST_SIZE); - ExpectIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0); -#endif /* OPEN_EXTRA && ! NO_SHA256 */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_Digest_all(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - const char* digests[] = { -#ifndef NO_MD5 - "MD5", -#endif -#ifndef NO_SHA - "SHA", -#endif -#ifdef WOLFSSL_SHA224 - "SHA224", -#endif -#ifndef NO_SHA256 - "SHA256", -#endif -#ifdef WOLFSSL_SHA384 - "SHA384", -#endif -#ifdef WOLFSSL_SHA512 - "SHA512", -#endif -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - "SHA512-224", -#endif -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - "SHA512-256", -#endif -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - "SHA3-224", -#endif -#ifndef WOLFSSL_NOSHA3_256 - "SHA3-256", -#endif - "SHA3-384", -#ifndef WOLFSSL_NOSHA3_512 - "SHA3-512", -#endif -#endif /* WOLFSSL_SHA3 */ - NULL - }; - const char** d; - const unsigned char in[] = "abc"; - int inLen = XSTR_SIZEOF(in); - byte out[WC_MAX_DIGEST_SIZE]; - unsigned int outLen; - - for (d = digests; *d != NULL; d++) { - ExpectIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1); - ExpectIntGT(outLen, 0); - ExpectIntEQ(EVP_MD_size(*d), outLen); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_MD_size(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - WOLFSSL_EVP_MD_CTX mdCtx; - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#endif -#ifndef WOLFSSL_NOSHA3_256 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#endif - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#ifndef WOLFSSL_NOSHA3_512 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#endif -#endif /* WOLFSSL_SHA3 */ - -#ifndef NO_SHA256 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA256_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA256_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#endif - -#ifndef NO_MD5 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_MD5_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_MD5_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#endif - -#ifdef WOLFSSL_SHA224 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA224_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA224_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#endif - -#ifdef WOLFSSL_SHA384 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA384_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA384_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#endif - -#ifdef WOLFSSL_SHA512 - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA512_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA512_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#endif - -#ifndef NO_SHA - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - WC_SHA_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#endif - /* error case */ - wolfSSL_EVP_MD_CTX_init(&mdCtx); - - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0); - /* Cleanup is valid on uninit'ed struct */ - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_MD_pkey_type(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - const WOLFSSL_EVP_MD* md; - -#ifndef NO_MD5 - ExpectNotNull(md = EVP_md5()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption); -#endif -#ifndef NO_SHA - ExpectNotNull(md = EVP_sha1()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption); -#endif -#ifdef WOLFSSL_SHA224 - ExpectNotNull(md = EVP_sha224()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption); -#endif - ExpectNotNull(md = EVP_sha256()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption); -#ifdef WOLFSSL_SHA384 - ExpectNotNull(md = EVP_sha384()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption); -#endif -#ifdef WOLFSSL_SHA512 - ExpectNotNull(md = EVP_sha512()); - ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption); -#endif -#endif - return EXPECT_RESULT(); -} - -#ifdef OPENSSL_EXTRA -static int test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey, - size_t testKeySz, const char* testData, size_t testDataSz, - const byte* testResult, size_t testResultSz) -{ - EXPECT_DECLS; - unsigned char check[WC_MAX_DIGEST_SIZE]; - size_t checkSz = 0; - WOLFSSL_EVP_PKEY* key = NULL; - WOLFSSL_EVP_MD_CTX mdCtx; - - ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, - testKey, (int)testKeySz)); - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, - (unsigned int)testDataSz), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - ExpectIntEQ((int)checkSz, (int)testResultSz); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz,(int)testResultSz); - ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, - (unsigned int)testDataSz), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); - - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - ExpectIntEQ((int)checkSz, (int)testResultSz); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz,(int)testResultSz); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, - (unsigned int)testDataSz - 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz,(int)testResultSz); - ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); - - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, - (unsigned int)testDataSz - 4), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); - - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - - wolfSSL_EVP_PKEY_free(key); - - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_EVP_MD_hmac_signing(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_EXTRA - static const unsigned char testKey[] = - { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b - }; - static const char testData[] = "Hi There"; -#ifdef WOLFSSL_SHA224 - static const unsigned char testResultSha224[] = - { - 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, - 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, - 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, - 0x53, 0x68, 0x4b, 0x22 - }; -#endif -#ifndef NO_SHA256 - static const unsigned char testResultSha256[] = - { - 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, - 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, - 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, - 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 - }; -#endif -#ifdef WOLFSSL_SHA384 - static const unsigned char testResultSha384[] = - { - 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, - 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, - 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, - 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, - 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, - 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 - }; -#endif -#ifdef WOLFSSL_SHA512 - static const unsigned char testResultSha512[] = - { - 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, - 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, - 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, - 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, - 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, - 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, - 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, - 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 - }; -#endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - static const unsigned char testResultSha3_224[] = - { - 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70, - 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d, - 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a, - 0xf3, 0xc8, 0x60, 0xf7 - }; - #endif - #ifndef WOLFSSL_NOSHA3_256 - static const unsigned char testResultSha3_256[] = - { - 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96, - 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51, - 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd, - 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb - }; - #endif - #ifndef WOLFSSL_NOSHA3_384 - static const unsigned char testResultSha3_384[] = - { - 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a, - 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61, - 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e, - 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a, - 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e, - 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd - }; - #endif - #ifndef WOLFSSL_NOSHA3_512 - static const unsigned char testResultSha3_512[] = - { - 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5, - 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac, - 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53, - 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba, - 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f, - 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2, - 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05, - 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e - }; - #endif -#endif - -#ifndef NO_SHA256 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha256(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha256, - sizeof(testResultSha256)), TEST_SUCCESS); -#endif -#ifdef WOLFSSL_SHA224 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha224(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha224, - sizeof(testResultSha224)), TEST_SUCCESS); -#endif -#ifdef WOLFSSL_SHA384 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha384(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha384, - sizeof(testResultSha384)), TEST_SUCCESS); -#endif -#ifdef WOLFSSL_SHA512 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha512(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha512, - sizeof(testResultSha512)), TEST_SUCCESS); -#endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224, - sizeof(testResultSha3_224)), TEST_SUCCESS); - #endif - #ifndef WOLFSSL_NOSHA3_256 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256, - sizeof(testResultSha3_256)), TEST_SUCCESS); - #endif - #ifndef WOLFSSL_NOSHA3_384 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384, - sizeof(testResultSha3_384)), TEST_SUCCESS); - #endif - #ifndef WOLFSSL_NOSHA3_512 - ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, - sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512, - sizeof(testResultSha3_512)), TEST_SUCCESS); - #endif -#endif -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_EVP_MD_rsa_signing(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) - WOLFSSL_EVP_PKEY* privKey = NULL; - WOLFSSL_EVP_PKEY* pubKey = NULL; - WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL; - const char testData[] = "Hi There"; - WOLFSSL_EVP_MD_CTX mdCtx; - WOLFSSL_EVP_MD_CTX mdCtxCopy; - int ret; - size_t checkSz = -1; - int sz = 2048 / 8; - const unsigned char* cp; - const unsigned char* p; - unsigned char check[2048/8]; - size_t i; - int paddings[] = { - RSA_PKCS1_PADDING, -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) - RSA_PKCS1_PSS_PADDING, -#endif - }; - - - cp = client_key_der_2048; - ExpectNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp, - sizeof_client_key_der_2048))); - p = client_keypub_der_2048; - ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, - sizeof_client_keypub_der_2048))); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - wolfSSL_EVP_MD_CTX_init(&mdCtxCopy); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, privKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - ExpectIntEQ((int)checkSz, sz); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz,sz); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy); - ExpectIntEQ(ret, 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, pubKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), - 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, privKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - ExpectIntEQ((int)checkSz, sz); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz, sz); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, - (unsigned int)XSTRLEN(testData) - 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz, sz); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, pubKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, - (unsigned int)XSTRLEN(testData) - 4), - 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - /* Check all signing padding types */ - for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, - wolfSSL_EVP_sha256(), NULL, privKey), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, - paddings[i]), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - ExpectIntEQ((int)checkSz, sz); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ((int)checkSz,sz); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, - wolfSSL_EVP_sha256(), NULL, pubKey), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, - paddings[i]), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - } - - wolfSSL_EVP_PKEY_free(pubKey); - wolfSSL_EVP_PKEY_free(privKey); -#endif - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_EVP_MD_ecc_signing(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - WOLFSSL_EVP_PKEY* privKey = NULL; - WOLFSSL_EVP_PKEY* pubKey = NULL; - const char testData[] = "Hi There"; - WOLFSSL_EVP_MD_CTX mdCtx; - int ret; - const unsigned char* cp; - const unsigned char* p; - unsigned char check[2048/8]; - size_t checkSz = sizeof(check); - - XMEMSET(check, 0, sizeof(check)); - - cp = ecc_clikey_der_256; - ExpectNotNull(privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, - sizeof_ecc_clikey_der_256)); - p = ecc_clikeypub_der_256; - ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, - sizeof_ecc_clikeypub_der_256))); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, privKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, pubKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, - (unsigned int)XSTRLEN(testData)), - 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, privKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, - (unsigned int)XSTRLEN(testData) - 4), 1); - checkSz = sizeof(check); - ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), - NULL, pubKey), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, - (unsigned int)XSTRLEN(testData) - 4), - 1); - ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); - ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); - ExpectIntEQ(ret, 1); - - wolfSSL_EVP_PKEY_free(pubKey); - wolfSSL_EVP_PKEY_free(privKey); -#endif - return EXPECT_RESULT(); -} - - static int test_wolfSSL_CTX_add_extra_chain_cert(void) { EXPECT_DECLS; @@ -19722,1308 +13460,6 @@ } #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) -static int verify_cb(int ok, X509_STORE_CTX *ctx) -{ - (void) ok; - (void) ctx; - fprintf(stderr, "ENTER verify_cb\n"); - return SSL_SUCCESS; -} -#endif - -static int test_wolfSSL_X509_Name_canon(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ - defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) - const long ex_hash1 = 0x0fdb2da4; - const long ex_hash2 = 0x9f3e8c9e; - X509_NAME *name = NULL; - X509 *x509 = NULL; - XFILE file = XBADFILE; - unsigned long hash = 0; - byte digest[WC_MAX_DIGEST_SIZE] = {0}; - byte *pbuf = NULL; - word32 len = 0; - (void) ex_hash2; - - ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); - ExpectNotNull(name = X509_get_issuer_name(x509)); - - /* When output buffer is NULL, should return necessary output buffer - * length.*/ - ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG); - ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); - ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); - ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); - - hash = (((unsigned long)digest[3] << 24) | - ((unsigned long)digest[2] << 16) | - ((unsigned long)digest[1] << 8) | - ((unsigned long)digest[0])); - ExpectIntEQ(hash, ex_hash1); - - if (file != XBADFILE) { - XFCLOSE(file); - file = XBADFILE; - } - X509_free(x509); - x509 = NULL; - XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); - pbuf = NULL; - - ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); - ExpectNotNull(name = X509_get_issuer_name(x509)); - - ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); - ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); - - hash = (((unsigned long)digest[3] << 24) | - ((unsigned long)digest[2] << 16) | - ((unsigned long)digest[1] << 8) | - ((unsigned long)digest[0])); - - ExpectIntEQ(hash, ex_hash2); - - if (file != XBADFILE) - XFCLOSE(file); - X509_free(x509); - XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) - const int MAX_DIR = 4; - const char paths[][32] = { - "./certs/ed25519", - "./certs/ecc", - "./certs/crl", - "./certs/", - }; - - char CertCrl_path[MAX_FILENAME_SZ]; - char *p; - X509_STORE* str = NULL; - X509_LOOKUP* lookup = NULL; - WOLFSSL_STACK* sk = NULL; - int len, total_len, i; - - (void)sk; - - XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); - - /* illegal string */ - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", - SSL_FILETYPE_PEM, NULL), 0); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "", - SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE); - - /* free store */ - X509_STORE_free(str); - str = NULL; - - /* short folder string */ - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", - SSL_FILETYPE_PEM,NULL), 1); - #if defined(WOLFSSL_INT_H) - /* only available when including internal.h */ - ExpectNotNull(sk = lookup->dirs->dir_entry); - #endif - /* free store */ - X509_STORE_free(str); - str = NULL; - - /* typical function check */ - p = &CertCrl_path[0]; - total_len = 0; - - for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { - len = (int)XSTRLEN((const char*)&paths[i]); - total_len += len; - XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); - p += len; - if (i != 0) *(p++) = SEPARATOR_CHAR; - } - - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, - SSL_FILETYPE_PEM,NULL), 1); - #if defined(WOLFSSL_INT_H) - /* only available when including internal.h */ - ExpectNotNull(sk = lookup->dirs->dir_entry); - #endif - - X509_STORE_free(str); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ - defined(WOLFSSL_SIGNER_DER_CERT) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509_LOOKUP* lookup = NULL; - - X509* cert1 = NULL; - X509* x509Ca = NULL; - X509* x509Svr = NULL; - X509* issuer = NULL; - - WOLFSSL_STACK* sk = NULL; - X509_NAME* caName = NULL; - X509_NAME* issuerName = NULL; - - XFILE file1 = XBADFILE; - int i; - int cert_count = 0; - int cmp; - - char der[] = "certs/ca-cert.der"; - -#ifdef HAVE_CRL - char pem[][100] = { - "./certs/crl/crl.pem", - "./certs/crl/crl2.pem", - "./certs/crl/caEccCrl.pem", - "./certs/crl/eccCliCRL.pem", - "./certs/crl/eccSrvCRL.pem", - "" - }; -#endif - ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - if (file1 != XBADFILE) - XFCLOSE(file1); - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile, - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der , - WOLFSSL_FILETYPE_PEM), 0); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, - SSL_FILETYPE_PEM,NULL), 1); - ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); - ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); - - /* check if CA cert is loaded into the store */ - for (i = 0; i < cert_count; i++) { - x509Ca = sk_X509_value(sk, i); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); - } - - ExpectNotNull((x509Svr = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); - - ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNull(issuer); - - ExpectIntEQ(X509_verify_cert(ctx), 1); - - issuer = X509_STORE_CTX_get0_current_issuer(ctx); - ExpectNotNull(issuer); - caName = X509_get_subject_name(x509Ca); - ExpectNotNull(caName); - issuerName = X509_get_subject_name(issuer); - ExpectNotNull(issuerName); - cmp = X509_NAME_cmp(caName, issuerName); - ExpectIntEQ(cmp, 0); - - /* load der format */ - issuer = NULL; - X509_STORE_CTX_free(ctx); - ctx = NULL; - X509_STORE_free(str); - str = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - X509_free(x509Svr); - x509Svr = NULL; - - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, - SSL_FILETYPE_ASN1,NULL), 1); - ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); - ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); - /* check if CA cert is loaded into the store */ - for (i = 0; i < cert_count; i++) { - x509Ca = sk_X509_value(sk, i); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); - } - - X509_STORE_free(str); - str = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - X509_free(cert1); - cert1 = NULL; - -#ifdef HAVE_CRL - ExpectNotNull(str = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, - SSL_FILETYPE_PEM,NULL), 1); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, - "certs/server-revoked-cert.pem", - SSL_FILETYPE_PEM,NULL), 1); - if (str) { - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, - "certs/server-revoked-cert.pem", - WOLFSSL_FILETYPE_PEM), 1); - } - for (i = 0; pem[i][0] != '\0'; i++) - { - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], - SSL_FILETYPE_PEM, NULL), 1); - } - - if (str) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, - "certs/server-revoked-cert.pem", - WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); - } - - ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); - X509_STORE_free(str); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) - X509_STORE_CTX_cleanup(NULL); - X509_STORE_CTX_trusted_stack(NULL, NULL); - - res = TEST_SUCCESS; -#endif - return res; -} - -static int test_wolfSSL_X509_STORE_CTX_get_issuer(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509* x509Ca = NULL; - X509* x509Svr = NULL; - X509* issuer = NULL; - X509_NAME* caName = NULL; - X509_NAME* issuerName = NULL; - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509Ca = - wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); - ExpectNotNull((x509Svr = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); - - /* Issuer0 is not set until chain is built for verification */ - ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); - ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); - - /* Issuer1 will use the store to make a new issuer */ - ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); - ExpectNotNull(issuer); - X509_free(issuer); - - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); - ExpectNotNull(caName = X509_get_subject_name(x509Ca)); - ExpectNotNull(issuerName = X509_get_subject_name(issuer)); -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); -#endif - - X509_STORE_CTX_free(ctx); - X509_free(x509Svr); - X509_STORE_free(str); - X509_free(x509Ca); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PKCS7_certs(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) - STACK_OF(X509)* sk = NULL; - STACK_OF(X509_INFO)* info_sk = NULL; - PKCS7 *p7 = NULL; - BIO* bio = NULL; - const byte* p = NULL; - int buflen = 0; - int i; - - /* Test twice. Once with d2i and once without to test - * that everything is free'd correctly. */ - for (i = 0; i < 2; i++) { - ExpectNotNull(p7 = PKCS7_new()); - if (p7 != NULL) { - p7->version = 1; - #ifdef NO_SHA - p7->hashOID = SHA256h; - #else - p7->hashOID = SHAh; - #endif - } - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); - ExpectIntEQ(sk_X509_INFO_num(info_sk), 2); - ExpectNotNull(sk = sk_X509_new_null()); - while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) { - X509_INFO* info = NULL; - ExpectNotNull(info = sk_X509_INFO_shift(info_sk)); - if (EXPECT_SUCCESS() && info != NULL) { - ExpectIntGT(sk_X509_push(sk, info->x509), 0); - info->x509 = NULL; - } - X509_INFO_free(info); - } - sk_X509_INFO_pop_free(info_sk, X509_INFO_free); - info_sk = NULL; - BIO_free(bio); - bio = NULL; - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1); - if ((sk != NULL) && ((p7 == NULL) || (bio == NULL))) { - sk_X509_pop_free(sk, X509_free); - } - sk = NULL; - ExpectIntGT((buflen = BIO_get_mem_data(bio, &p)), 0); - - if (i == 0) { - PKCS7_free(p7); - p7 = NULL; - ExpectNotNull(d2i_PKCS7(&p7, &p, buflen)); - if (p7 != NULL) { - /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate - * them */ - ((WOLFSSL_PKCS7*)p7)->certs = NULL; - } - /* PKCS7_free free's the certs */ - ExpectNotNull(wolfSSL_PKCS7_to_stack(p7)); - } - - BIO_free(bio); - bio = NULL; - PKCS7_free(p7); - p7 = NULL; - } -#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - X509* x509 = NULL; -#ifdef OPENSSL_ALL - X509* x5092 = NULL; - STACK_OF(X509) *sk = NULL; - STACK_OF(X509) *sk2 = NULL; - STACK_OF(X509) *sk3 = NULL; -#endif - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull((str = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509 = - wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); -#ifdef OPENSSL_ALL - /* sk_X509_new only in OPENSSL_ALL */ - sk = sk_X509_new_null(); - ExpectNotNull(sk); - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); -#else - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); -#endif - ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); - X509_STORE_CTX_set_error(ctx, -5); - X509_STORE_CTX_set_error(NULL, -5); - - X509_STORE_CTX_free(ctx); - ctx = NULL; -#ifdef OPENSSL_ALL - sk_X509_pop_free(sk, NULL); - sk = NULL; -#endif - X509_STORE_free(str); - str = NULL; - X509_free(x509); - x509 = NULL; - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - X509_STORE_CTX_set_verify_cb(ctx, verify_cb); - X509_STORE_CTX_free(ctx); - ctx = NULL; - -#ifdef OPENSSL_ALL - /* test X509_STORE_CTX_get(1)_chain */ - ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull((sk = sk_X509_new_null())); - ExpectIntEQ(sk_X509_push(sk, x509), 1); - if (EXPECT_FAIL()) { - X509_free(x509); - x509 = NULL; - } - ExpectNotNull((str = X509_STORE_new())); - ExpectNotNull((ctx = X509_STORE_CTX_new())); - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); - ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); - ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); - ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); - ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); - X509_STORE_CTX_free(ctx); - ctx = NULL; - X509_STORE_free(str); - str = NULL; - /* CTX certs not freed yet */ - X509_free(x5092); - x5092 = NULL; - sk_X509_pop_free(sk, NULL); - sk = NULL; - /* sk3 is dup so free here */ - sk_X509_pop_free(sk3, NULL); - sk3 = NULL; -#endif - - /* test X509_STORE_CTX_get/set_ex_data */ - { - int i = 0, tmpData = 5; - void* tmpDataRet; - ExpectNotNull(ctx = X509_STORE_CTX_new()); - #ifdef HAVE_EX_DATA - for (i = 0; i < MAX_EX_DATA; i++) { - ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), - WOLFSSL_SUCCESS); - tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); - ExpectNotNull(tmpDataRet); - ExpectIntEQ(tmpData, *(int*)tmpDataRet); - } - #else - ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); - ExpectNull(tmpDataRet); - #endif - X509_STORE_CTX_free(ctx); - ctx = NULL; - } - - /* test X509_STORE_get/set_ex_data */ - { - int i = 0, tmpData = 99; - void* tmpDataRet; - ExpectNotNull(str = X509_STORE_new()); - #ifdef HAVE_EX_DATA - for (i = 0; i < MAX_EX_DATA; i++) { - ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), - WOLFSSL_SUCCESS); - tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); - ExpectNotNull(tmpDataRet); - ExpectIntEQ(tmpData, *(int*)tmpDataRet); - } - #else - ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); - ExpectNull(tmpDataRet); - #endif - X509_STORE_free(str); - str = NULL; - } - -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - -typedef struct { - const char *caFile; - const char *caIntFile; - const char *caInt2File; - const char *leafFile; - X509 *x509Ca; - X509 *x509CaInt; - X509 *x509CaInt2; - X509 *x509Leaf; - STACK_OF(X509)* expectedChain; -} X509_STORE_test_data; - -static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) -{ - XFILE fp = XBADFILE; - X509 *x = NULL; - - fp = XFOPEN(file, "rb"); - if (fp == NULL) { - return NULL; - } - x = PEM_read_X509(fp, 0, 0, 0); - XFCLOSE(fp); - - return x; -} - -static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 1, add X509 certs to store and verify */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 2, add certs by filename to store and verify */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caIntFile, NULL), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caInt2File, NULL), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 3, mix and match X509 with files */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* inter = NULL; - int i = 0; - - /* Test case 4, CA loaded by file, intermediates passed on init */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_load_locations( - store, testData->caFile, NULL), 1); - ExpectNotNull(inter = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(inter); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* trusted = NULL; - int i = 0; - - /* Test case 5, manually set trusted stack */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(trusted); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - STACK_OF(X509)* trusted = NULL; - STACK_OF(X509)* inter = NULL; - int i = 0; - - /* Test case 6, manually set trusted stack will be unified with - * any intermediates provided on init */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectNotNull(inter = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - sk_X509_free(trusted); - sk_X509_free(inter); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 7, certs added to store after ctx init are still used */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - int i = 0; - - /* Test case 8, Only full chain verifies */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); - for (i = 0; i < sk_X509_num(chain); i++) { - ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), - sk_X509_value(testData->expectedChain, i)), 0); - } - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE_CTX* ctx2 = NULL; - STACK_OF(X509)* trusted = NULL; - - /* Test case 9, certs added to store should not be reflected in ctx that - * has been manually set with a trusted stack, but are reflected in ctx - * that has not set trusted stack */ - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(ctx2 = X509_STORE_CTX_new()); - ExpectNotNull(trusted = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); - ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntNE(X509_verify_cert(ctx2), 1); - X509_STORE_CTX_trusted_stack(ctx, trusted); - /* CTX1 should now verify */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectIntNE(X509_verify_cert(ctx2), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - /* CTX2 should now verify */ - ExpectIntEQ(X509_verify_cert(ctx2), 1); - X509_STORE_CTX_free(ctx); - X509_STORE_CTX_free(ctx2); - X509_STORE_free(store); - sk_X509_free(trusted); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - - /* Test case 10, ensure partial chain flag works */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - /* Fails because chain is incomplete */ - ExpectIntNE(X509_verify_cert(ctx), 1); - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); - /* Partial chain now OK */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) -{ - EXPECT_DECLS; - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - - /* Test case 11, test partial chain flag on ctx itself */ - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); - ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); - /* Fails because chain is incomplete */ - ExpectIntNE(X509_verify_cert(ctx), 1); - X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); - /* Partial chain now OK */ - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_ex12(void) -{ - EXPECT_DECLS; -#ifdef HAVE_ECC - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - STACK_OF(X509)* chain = NULL; - X509* rootEccX509 = NULL; - X509* badAkiX509 = NULL; - X509* ca1X509 = NULL; - - const char* intCARootECCFile = "./certs/ca-ecc-cert.pem"; - const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem"; - const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem"; - - /* Test case 12, multiple CAs with the same SKI including 1 with intentionally - bad/unregistered AKI. x509_verify_cert should still form a valid chain - using the valid CA, ignoring the bad CA. Developed from customer provided - reproducer. */ - - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCARootECCFile)); - ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1); - ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCABadAKIECCFile)); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 0); - X509_STORE_CTX_cleanup(ctx); - - ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1); - ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCA1ECCFile)); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); - - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - X509_free(rootEccX509); - X509_free(badAkiX509); - X509_free(ca1X509); -#endif - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_STORE_CTX_ex(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_test_data testData; - XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); - testData.caFile = "./certs/ca-cert.pem"; - testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; - testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; - testData.leafFile = "./certs/intermediate/server-chain.pem"; - - ExpectNotNull(testData.x509Ca = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); - ExpectNotNull(testData.x509CaInt = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); - ExpectNotNull(testData.x509CaInt2 = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); - ExpectNotNull(testData.x509Leaf = \ - test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); - ExpectNotNull(testData.expectedChain = sk_X509_new_null()); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); - ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); - - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); - ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); - test_wolfSSL_X509_STORE_CTX_ex12(); - - if(testData.x509Ca) { - X509_free(testData.x509Ca); - } - if(testData.x509CaInt) { - X509_free(testData.x509CaInt); - } - if(testData.x509CaInt2) { - X509_free(testData.x509CaInt2); - } - if(testData.x509Leaf) { - X509_free(testData.x509Leaf); - } - if (testData.expectedChain) { - sk_X509_free(testData.expectedChain); - } - -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - - return EXPECT_RESULT(); -} - - -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) -static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, - STACK_OF(X509)* chain) -{ - EXPECT_DECLS; - XFILE fp = XBADFILE; - X509* cert = NULL; - - ExpectTrue((fp = XFOPEN(filename, "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntGT(sk_X509_push(chain, cert), 0); - if (EXPECT_FAIL()) - X509_free(cert); - - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_ALL) - -static int last_errcode; -static int last_errdepth; - -static int X509Callback(int ok, X509_STORE_CTX *ctx) -{ - - if (!ok) { - last_errcode = X509_STORE_CTX_get_error(ctx); - last_errdepth = X509_STORE_CTX_get_error_depth(ctx); - } - /* Always return OK to allow verification to continue.*/ - return 1; -} - -static int test_X509_STORE_InvalidCa(void) -{ - EXPECT_DECLS; - const char* filename = "./certs/intermediate/ca_false_intermediate/" - "test_int_not_cacert.pem"; - const char* srvfile = "./certs/intermediate/ca_false_intermediate/" - "test_sign_bynoca_srv.pem"; - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - XFILE fp = XBADFILE; - X509* cert = NULL; - STACK_OF(X509)* untrusted = NULL; - - last_errcode = 0; - last_errdepth = 0; - - ExpectTrue((fp = XFOPEN(srvfile, "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(str = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(untrusted = sk_X509_new_null()); - - /* create cert chain stack */ - ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, - untrusted), TEST_SUCCESS); - - X509_STORE_set_verify_cb(str, X509Callback); - - ExpectIntEQ(X509_STORE_load_locations(str, - "./certs/intermediate/ca_false_intermediate/test_ca.pem", - NULL), 1); - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); - ExpectIntEQ(X509_verify_cert(ctx), 1); - ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA); - - X509_free(cert); - X509_STORE_free(str); - X509_STORE_CTX_free(ctx); - sk_X509_pop_free(untrusted, NULL); - - return EXPECT_RESULT(); -} -#endif /* OPENSSL_ALL */ - - - -static int test_X509_STORE_untrusted_certs(const char** filenames, int ret, - int err, int loadCA) -{ - EXPECT_DECLS; - X509_STORE_CTX* ctx = NULL; - X509_STORE* str = NULL; - XFILE fp = XBADFILE; - X509* cert = NULL; - STACK_OF(X509)* untrusted = NULL; - - ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb")) - != XBADFILE); - ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(str = X509_STORE_new()); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(untrusted = sk_X509_new_null()); - - ExpectIntEQ(X509_STORE_set_flags(str, 0), 1); - if (loadCA) { - ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL), - 1); - } - for (; *filenames; filenames++) { - ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames, - untrusted), TEST_SUCCESS); - } - - ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); - ExpectIntEQ(X509_verify_cert(ctx), ret); - ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err); - - X509_free(cert); - X509_STORE_free(str); - X509_STORE_CTX_free(ctx); - sk_X509_pop_free(untrusted, NULL); - - return EXPECT_RESULT(); -} -#endif - -static int test_X509_STORE_untrusted(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - const char* untrusted1[] = { - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - const char* untrusted2[] = { - "./certs/intermediate/ca-int-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - const char* untrusted3[] = { - "./certs/intermediate/ca-int-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - "./certs/ca-cert.pem", - NULL - }; - /* Adding unrelated certs that should be ignored */ - const char* untrusted4[] = { - "./certs/client-ca.pem", - "./certs/intermediate/ca-int-cert.pem", - "./certs/server-cert.pem", - "./certs/intermediate/ca-int2-cert.pem", - NULL - }; - - /* Only immediate issuer in untrusted chain. Fails since can't build chain - * to loaded CA. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS); - /* Succeeds because path to loaded CA is available. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), - TEST_SUCCESS); - /* Root CA in untrusted chain is OK so long as CA has been loaded - * properly */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), - TEST_SUCCESS); - /* Still needs properly loaded CA, while including it in untrusted - * list is not an error, it also doesn't count for verify */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, - X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), - TEST_SUCCESS); - /* Succeeds because path to loaded CA is available. */ - ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), - TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_set_flags(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE* store = NULL; - X509* x509 = NULL; - - ExpectNotNull((store = wolfSSL_X509_STORE_new())); - ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); - -#ifdef HAVE_CRL - ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); -#else - ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), - WC_NO_ERR_TRACE(NOT_COMPILED_IN)); -#endif - - wolfSSL_X509_free(x509); - wolfSSL_X509_STORE_free(store); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_LOOKUP_load_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC) && \ - (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) - WOLFSSL_X509_STORE* store = NULL; - WOLFSSL_X509_LOOKUP* lookup = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - /* One RSA and one ECC certificate in file. */ - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", - X509_FILETYPE_PEM), 1); - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", - X509_FILETYPE_PEM), 1); - - if (store != NULL) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, - WOLFSSL_FILETYPE_PEM), 1); - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); - } - ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); - if (store != NULL) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - } - - wolfSSL_X509_STORE_free(store); -#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_set_time(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - WOLFSSL_X509_STORE_CTX* ctx = NULL; - time_t c_time; - - ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); - c_time = 365*24*60*60; - wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); - ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == - WOLFSSL_USE_CHECK_TIME); - ExpectTrue(ctx->param->check_time == c_time); - wolfSSL_X509_STORE_CTX_free(ctx); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - static int test_wolfSSL_CTX_get0_set1_param(void) { EXPECT_DECLS; @@ -21101,35 +13537,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - const char host[] = "www.example.com"; - WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; - - ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( - sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - if (pParam != NULL) { - XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)), - WOLFSSL_FAILURE); - - X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); - - ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); - - XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); - - ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); - - XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - } -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - static int test_wolfSSL_set1_host(void) { EXPECT_DECLS; @@ -21176,110 +13583,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) - unsigned char buf[16] = {0}; - WOLFSSL_X509_VERIFY_PARAM* param = NULL; - - ExpectNotNull(param = X509_VERIFY_PARAM_new()); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS); - - /* test 127.0.0.1 */ - buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); - - /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; - buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; - buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, - "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); - - /* test 2001:db8:: */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); - - /* test ::1234:5678 */ - buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); - - - /* test 2001:db8::1234:5678 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; - buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", - sizeof(param->ipasc)), 0); - - /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ - /* 2001:db8:1::ab9:c0a8:102 */ - buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; - buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; - buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; - buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); - ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", - sizeof(param->ipasc)), 0); - - XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_CTX_get0_store(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - X509_STORE* store = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE_CTX* ctx_no_init = NULL; - - ExpectNotNull((store = X509_STORE_new())); - ExpectNotNull(ctx = X509_STORE_CTX_new()); - ExpectNotNull(ctx_no_init = X509_STORE_CTX_new()); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); - - ExpectNull(X509_STORE_CTX_get0_store(NULL)); - /* should return NULL if ctx has not bee initialized */ - ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init)); - ExpectNotNull(X509_STORE_CTX_get0_store(ctx)); - - wolfSSL_X509_STORE_CTX_free(ctx); - wolfSSL_X509_STORE_CTX_free(ctx_no_init); - X509_STORE_free(store); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); -} - #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_ECC) && !defined(NO_TLS) && defined(HAVE_AESGCM) @@ -21538,15 +13841,18 @@ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - WOLFSSL_FILETYPE_PEM)); + WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); + AssertNotNull(ssl); /* set the sni for the server */ - wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen); + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, + privateNameLen)); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL); CloseSocket(sfd); @@ -21565,12 +13871,13 @@ if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; - fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); + fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, + buff)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; - fprintf(stderr, "Client message: %s\n", input); + fprintf(stderr, "Client message: %s\n", input); } AssertIntEQ(privateNameLen, wolfSSL_write(ssl, privateName, @@ -21782,20 +14089,24 @@ #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */ return EXPECT_RESULT(); } -#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) + +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) +#if defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_wolfSSL_Tls13_ECH_params(void) { EXPECT_DECLS; #if !defined(NO_WOLFSSL_CLIENT) - word32 outputLen = 0; - byte testBuf[72]; - WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); - WOLFSSL *ssl = wolfSSL_new(ctx); + byte testBuf[256]; + word32 outputLen = sizeof(testBuf); + word16 tmpLen = 0; + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + WOLFSSL* ssl = wolfSSL_new(ctx); ExpectNotNull(ctx); ExpectNotNull(ssl); + /* generation errors */ + /* invalid ctx */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL, "ech-public-name.com", 0, 0, 0)); @@ -21804,57 +14115,114 @@ 0, 0)); /* invalid algorithms */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, - "ech-public-name.com", 1000, 1000, 1000)); - - /* invalid ctx */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(NULL, - (char*)testBuf, sizeof(testBuf))); - /* invalid base64 configs */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, - NULL, sizeof(testBuf))); - /* invalid length */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, - (char*)testBuf, 0)); - - /* invalid ctx */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(NULL, - testBuf, sizeof(testBuf))); - /* invalid configs */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, - NULL, sizeof(testBuf))); - /* invalid length */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, - testBuf, 0)); + "ech-public-name.com", 1000, 0, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, + "ech-public-name.com", 0, 1000, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, + "ech-public-name.com", 0, 0, 1000)); - /* invalid ctx */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL, - &outputLen)); - /* invalid output len */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL)); + /* bad function calls */ - /* invalid ssl */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, - (char*)testBuf, sizeof(testBuf))); - /* invalid configs64 */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL, + /* NULL ctx */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(NULL, testBuf, sizeof(testBuf))); - /* invalid size */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, - (char*)testBuf, 0)); - - /* invalid ssl */ ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf, sizeof(testBuf))); - /* invalid configs */ + + /* NULL configs */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, NULL, + sizeof(testBuf))); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL, sizeof(testBuf))); - /* invalid size */ + + /* 0 length */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, testBuf, 0)); ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0)); - /* invalid ssl */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen)); - /* invalid size */ - ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL)); + /* stateful errors */ + + /* actually generate configs */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, + "ech-public-name.com", 0, 0, 0)); + + /* bad get: NULL ctx, NULL output len, short output len */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, testBuf, + &outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, testBuf, NULL)); + outputLen = 5; + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, testBuf, + &outputLen)); + + /* should be able to retrieve length with NULL buffer... */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, + &outputLen)); + ExpectIntGE(sizeof(testBuf), outputLen); + + /* and the get should work with this length */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, testBuf, + &outputLen)); + + /* reject config with invalid total length */ + if (EXPECT_SUCCESS()) { + ato16(testBuf, &tmpLen); + testBuf[0] = 0xFF; + testBuf[1] = 0xFF; + } + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, testBuf, + outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, + outputLen)); + if (EXPECT_SUCCESS()) { + c16toa(tmpLen, testBuf); + } + + /* reject config with invalid version */ + if (EXPECT_SUCCESS()) { + testBuf[2] ^= 0x01; + } + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, testBuf, + outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, + outputLen)); + if (EXPECT_SUCCESS()) { + testBuf[2] ^= 0x01; + } + + /* reject config with bad length */ + if (EXPECT_SUCCESS()) { + ato16(testBuf + 4, &tmpLen); + testBuf[4] = 0xFF; + testBuf[5] = 0xFF; + } + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, testBuf, + outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, + outputLen)); + if (EXPECT_SUCCESS()) { + c16toa(tmpLen, testBuf + 4); + } + + /* set valid configs */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, testBuf, + outputLen)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, + outputLen)); + + /* NULL ssl, NULL buffer, NULL output len */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, testBuf, + &outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, &outputLen)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, testBuf, NULL)); + + /* reject setting configs when ssl already has them */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, + outputLen)); + + /* unable to get configs from ssl with no configs (because of disable) */ + wolfSSL_SetEchEnable(ssl, 0); + outputLen = sizeof(testBuf); + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_GetEchConfigs(ssl, testBuf, &outputLen)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); @@ -21863,7 +14231,110 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_Tls13_ECH_ex(int hrr) +static int test_wolfSSL_Tls13_ECH_params_b64(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) + /* base64 ech configs from cloudflare-ech.com (these are good configs) */ + const char* b64Valid = "AEX+DQBBFAAgACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA="; + /* ech configs with bad/unsupported algorithm */ + const char* b64BadAlgo = "AEX+DQBBFP7+ACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAEAAEAAQASY2xvdWRmbGFyZS1lY2guY29tAAA="; + /* ech configs with bad/unsupported ciphersuite */ + const char* b64BadCiph = "AEX+DQBBFAAgACBuAoQI8+liEVYQbXKBDeVgTmF2rfXuKO2knhwrN7jgTgAE/v4AAQASY2xvdWRmbGFyZS1lY2guY29tAAA="; + /* ech configs with bad version first */ + const char* b64BadVers1 = "AIz+HQBCAQAgACCjR6+Qn9UYkMaWdXZzsby88vXFhPHJ2tWCDHQJLvMkEgAEAAEAAQATZWNoLXB1YmxpYy1uYW1lLmNvbQAA/g0AQgIAIAAgMM6vLrTbOfsfA6fTbJY/Iu0Lj2xeHEPGUJeUwQGAYF4ABAABAAEAE2VjaC1wdWJsaWMtbmFtZS5jb20AAA=="; + /* ech configs with bad version second */ + const char* b64BadVers2 = "AIz+DQBCAQAgACCjR6+Qn9UYkMaWdXZzsby88vXFhPHJ2tWCDHQJLvMkEgAEAAEAAQATZWNoLXB1YmxpYy1uYW1lLmNvbQAA/h0AQgIAIAAgMM6vLrTbOfsfA6fTbJY/Iu0Lj2xeHEPGUJeUwQGAYF4ABAABAAEAE2VjaC1wdWJsaWMtbmFtZS5jb20AAA=="; + byte testBuf[256]; + word32 outputLen; + + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + WOLFSSL* ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* NULL ctx/ssl, short public key */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(NULL, + b64Valid, (word32)XSTRLEN(b64Valid))); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, + b64Valid, (word32)XSTRLEN(b64Valid))); + + /* NULL configs */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + NULL, (word32)XSTRLEN(b64Valid))); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + NULL, (word32)XSTRLEN(b64Valid))); + + /* 0 length */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64Valid, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64Valid, 0)); + + /* bad algorithm */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64BadAlgo, (word32)XSTRLEN(b64BadAlgo))); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64BadAlgo, (word32)XSTRLEN(b64BadAlgo))); + + /* bad ciphersuite */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64BadCiph, (word32)XSTRLEN(b64BadCiph))); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64BadCiph, (word32)XSTRLEN(b64BadCiph))); + + /* bad version first, should only have config 2 set */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64BadVers1, (word32)XSTRLEN(b64BadVers1))); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64BadVers1, (word32)XSTRLEN(b64BadVers1))); + ExpectIntEQ(2, ctx->echConfigs->configId); + ExpectIntEQ(2, ssl->echConfigs->configId); + + /* clear configs */ + wolfSSL_CTX_SetEchEnable(ctx, 0); + wolfSSL_CTX_SetEchEnable(ctx, 1); + wolfSSL_SetEchEnable(ssl, 0); + wolfSSL_SetEchEnable(ssl, 1); + + /* bad version second, should only have config 1 set */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64BadVers2, (word32)XSTRLEN(b64BadVers2))); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64BadVers2, (word32)XSTRLEN(b64BadVers2))); + ExpectIntEQ(1, ctx->echConfigs->configId); + ExpectIntEQ(1, ssl->echConfigs->configId); + + /* clear configs */ + wolfSSL_CTX_SetEchEnable(ctx, 0); + wolfSSL_CTX_SetEchEnable(ctx, 1); + wolfSSL_SetEchEnable(ssl, 0); + wolfSSL_SetEchEnable(ssl, 1); + + /* base64 tests */ + + /* set base64 configs */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + b64Valid, (word32)XSTRLEN(b64Valid))); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + b64Valid, (word32)XSTRLEN(b64Valid))); + + /* disable and check ctx has no configs */ + wolfSSL_CTX_SetEchEnable(ctx, 0); + outputLen = sizeof(testBuf); + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_CTX_GetEchConfigs(ctx, testBuf, &outputLen)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT */ + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_ECH_conn_ex(method_provider serverMeth, + method_provider clientMeth, int hrr) { EXPECT_DECLS; tcp_ready ready; @@ -21890,11 +14361,10 @@ XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); - server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ + server_cbf.method = serverMeth; /* create the server context here so we can get the ech config */ - ExpectNotNull(server_cbf.ctx = - wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectNotNull(server_cbf.ctx = wolfSSL_CTX_new(serverMeth())); /* generate ech config */ ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx, @@ -21912,10 +14382,10 @@ start_thread(server_task_ech, &server_args, &serverThread); wait_tcp_ready(&server_args); - /* run as a TLS1.3 client */ - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + /* set the client TLS version and run */ + ExpectNotNull(ctx = wolfSSL_CTX_new(clientMeth())); ExpectIntEQ(WOLFSSL_SUCCESS, - wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); ExpectIntEQ(WOLFSSL_SUCCESS, @@ -21945,8 +14415,8 @@ ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), privateNameLen); ExpectIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0); - /* add th null terminator for string compare */ - reply[replyLen] = 0; + /* add the null terminator for string compare */ + reply[replyLen] = '\0'; /* check that the server replied with the private name */ ExpectStrEQ(privateName, reply); wolfSSL_free(ssl); @@ -21963,13 +14433,668 @@ static int test_wolfSSL_Tls13_ECH(void) { - return test_wolfSSL_Tls13_ECH_ex(0); + return test_wolfSSL_ECH_conn_ex(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, 0); } static int test_wolfSSL_Tls13_ECH_HRR(void) { - return test_wolfSSL_Tls13_ECH_ex(1); + return test_wolfSSL_ECH_conn_ex(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, 1); } + +static int test_wolfSSL_SubTls13_ECH(void) +{ + EXPECT_DECLS; + +#ifndef WOLFSSL_NO_TLS12 + ExpectIntNE(test_wolfSSL_ECH_conn_ex(wolfTLSv1_3_server_method, + wolfTLSv1_2_client_method, 0), WOLFSSL_SUCCESS); + ExpectIntNE(test_wolfSSL_ECH_conn_ex(wolfTLSv1_2_server_method, + wolfTLSv1_3_client_method, 0), WOLFSSL_SUCCESS); + ExpectIntNE(test_wolfSSL_ECH_conn_ex(wolfSSLv23_server_method, + wolfTLSv1_2_client_method, 0), WOLFSSL_SUCCESS); +#endif + + return EXPECT_RESULT(); +} +#endif /* HAVE_IO_TESTS_DEPENDENCIES */ + +#ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES + +/* Static storage for passing ECH config between server and client callbacks */ +static byte echCbTestConfigs[512]; +static word32 echCbTestConfigsLen; +static const char* echCbTestPublicName = "ech-public-name.com"; +static const char* echCbTestPrivateName = "ech-private-name.com"; +static word16 echCbTestKemID = 0; +static word16 echCbTestKdfID = 0; +static word16 echCbTestAeadID = 0; + +/* the arg is whether the client has ech enabled or not */ +static int test_ech_server_sni_callback(WOLFSSL* ssl, int* ad, void* arg) +{ + const char* name; + + if (!wolfSSL_SNI_GetRequest(ssl, WOLFSSL_SNI_HOST_NAME, (void**)&name)) { + *ad = WOLFSSL_AD_UNRECOGNIZED_NAME; + return fatal_return; + } + + /* reached by *_disable_conn test: expect name to be the public SNI when + * client has ECH enabled, otherwise it should be the private SNI */ + if (arg != NULL && *(int*)arg == 1 && + XSTRCMP(name, echCbTestPublicName) == 0) { + return 0; + } + else if (XSTRCMP(name, echCbTestPrivateName) == 0) { + return 0; + } + else { + *ad = WOLFSSL_AD_UNRECOGNIZED_NAME; + return fatal_return; + } +} + +/* Server ctx_ready callback: generate ECH config */ +static int test_ech_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + int ret; + + ret = wolfSSL_CTX_GenerateEchConfig(ctx, echCbTestPublicName, + echCbTestKemID, echCbTestKdfID, echCbTestAeadID); + if (ret != WOLFSSL_SUCCESS) + return TEST_FAIL; + + echCbTestConfigsLen = sizeof(echCbTestConfigs); + ret = wolfSSL_CTX_GetEchConfigs(ctx, echCbTestConfigs, + &echCbTestConfigsLen); + if (ret != WOLFSSL_SUCCESS) + return TEST_FAIL; + + return TEST_SUCCESS; +} + +/* Server ssl_ready callback: set SNI */ +static int test_ech_server_ssl_ready(WOLFSSL* ssl) +{ + int ret; + + ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, echCbTestPrivateName, + (word16)XSTRLEN(echCbTestPrivateName)); + if (ret != WOLFSSL_SUCCESS) + return TEST_FAIL; + + return TEST_SUCCESS; +} + +/* Client ssl_ready callback: set ECH configs and SNI */ +static int test_ech_client_ssl_ready(WOLFSSL* ssl) +{ + int ret; + + ret = wolfSSL_SetEchConfigs(ssl, echCbTestConfigs, echCbTestConfigsLen); + if (ret != WOLFSSL_SUCCESS) + return TEST_FAIL; + + ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, echCbTestPrivateName, + (word16)XSTRLEN(echCbTestPrivateName)); + if (ret != WOLFSSL_SUCCESS) + return TEST_FAIL; + + return TEST_SUCCESS; +} + +static int test_wolfSSL_Tls13_ECH_all_algos_ex(void) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + test_ctx.c_cb.ssl_ready = test_ech_client_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 1); + + if (echCbTestKemID != 0 && echCbTestKdfID != 0 && echCbTestAeadID != 0) { + TLSX* echX = TLSX_Find(test_ctx.c_ssl->extensions, TLSX_ECH); + ExpectNotNull(echX); + if (echX != NULL) { + WOLFSSL_ECH* ech = (WOLFSSL_ECH*)echX->data; + ExpectNotNull(ech); + if (ech != NULL) { + /* verify that the ech extension has the correct algos */ + ExpectIntEQ(ech->kemId, echCbTestKemID); + ExpectIntEQ(ech->cipherSuite.kdfId, echCbTestKdfID); + ExpectIntEQ(ech->cipherSuite.aeadId, echCbTestAeadID); + if (ech->hpke != NULL) { + /* and that hpke was initialized with these algos */ + ExpectIntEQ(ech->hpke->kem, echCbTestKemID); + ExpectIntEQ(ech->hpke->kdf, echCbTestKdfID); + ExpectIntEQ(ech->hpke->aead, echCbTestAeadID); + } + if (ech->echConfig != NULL) { + ExpectIntEQ(ech->echConfig->kemId, echCbTestKemID); + } + } + } + } + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_Tls13_ECH_all_algos(void) +{ + EXPECT_DECLS; + int i; + int j; + int k; + static const word16 kems[] = { +#if defined(HAVE_ECC) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) + DHKEM_P256_HKDF_SHA256, +#endif +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) + DHKEM_P384_HKDF_SHA384, +#endif +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) + DHKEM_P521_HKDF_SHA512, +#endif +#endif /* HAVE_ECC */ +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) + DHKEM_X25519_HKDF_SHA256, +#endif + }; + static const word16 kdfs[] = { +#if !defined(NO_SHA256) + HKDF_SHA256, +#endif +#ifdef WOLFSSL_SHA384 + HKDF_SHA384, +#endif +#ifdef WOLFSSL_SHA512 + HKDF_SHA512, +#endif + }; + static const word16 aeads[] = { +#ifdef WOLFSSL_AES_128 + HPKE_AES_128_GCM, +#endif +#ifdef WOLFSSL_AES_256 + HPKE_AES_256_GCM, +#endif + }; + + for (i = 0; i < (int)(sizeof(kems) / sizeof(*kems)); i++) { + echCbTestKemID = kems[i]; + for (j = 0; j < (int)(sizeof(kdfs) / sizeof(*kdfs)); j++) { + echCbTestKdfID = kdfs[j]; + for (k = 0; k < (int)(sizeof(aeads) / sizeof(*aeads)); k++) { + echCbTestAeadID = aeads[k]; + ExpectIntEQ(test_wolfSSL_Tls13_ECH_all_algos_ex(), + TEST_SUCCESS); + } + } + } + + echCbTestKemID = 0; + echCbTestKdfID = 0; + echCbTestAeadID = 0; + + return EXPECT_RESULT(); +} + +/* Test ECH when no private SNI is set */ +static int test_wolfSSL_Tls13_ECH_no_private_name(void) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + + /* client sends private SNI, server does not have one set */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.c_cb.ssl_ready = test_ech_client_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 1); + + test_ssl_memio_cleanup(&test_ctx); + + /* client does not send private SNI, server has one set */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, echCbTestConfigs, + echCbTestConfigsLen), WOLFSSL_SUCCESS); + + ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + + test_ssl_memio_cleanup(&test_ctx); + + /* client does not send private SNI, server does not have one set */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, echCbTestConfigs, + echCbTestConfigsLen), WOLFSSL_SUCCESS); + + ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +/* Test ECH rejection when configs don't match */ +static int test_wolfSSL_Tls13_ECH_bad_configs_ex(int hrr, int sniCb) +{ + EXPECT_DECLS; + struct test_ssl_memio_ctx test_ctx; + WOLFSSL_CTX* tempCtx = NULL; + const char* badPrivateName = "ech-bad-private-name.com"; + byte badPublicConfig[128]; + word32 badPublicConfigLen = sizeof(badPublicConfig); + + /* verify with bad public SNI / config */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + /* server generates its own ECH config */ + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* generate throwaway ECH config for client to use */ + ExpectNotNull(tempCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectIntEQ(wolfSSL_CTX_GenerateEchConfig(tempCtx, echCbTestPublicName, + 0, 0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_GetEchConfigs(tempCtx, badPublicConfig, + &badPublicConfigLen), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(tempCtx); + tempCtx = NULL; + + /* set bad public config on client */ + ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, badPublicConfig, + badPublicConfigLen), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME, + echCbTestPrivateName, (word16)XSTRLEN(echCbTestPrivateName)), + WOLFSSL_SUCCESS); + + if (hrr) { + ExpectIntEQ(wolfSSL_NoKeyShares(test_ctx.c_ssl), WOLFSSL_SUCCESS); + } + if (sniCb) { + wolfSSL_CTX_set_servername_callback(test_ctx.s_ctx, + test_ech_server_sni_callback); + } + + ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + + test_ssl_memio_cleanup(&test_ctx); + + + /* verify with bad private SNI */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* set bad private SNI on client */ + ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, echCbTestConfigs, + echCbTestConfigsLen), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME, + badPrivateName, (word16)XSTRLEN(badPrivateName)), WOLFSSL_SUCCESS); + + if (hrr) { + ExpectIntEQ(wolfSSL_NoKeyShares(test_ctx.c_ssl), WOLFSSL_SUCCESS); + } + if (sniCb) { + wolfSSL_CTX_set_servername_callback(test_ctx.s_ctx, + test_ech_server_sni_callback); + } + + ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_Tls13_ECH_bad_configs(void) +{ + EXPECT_DECLS; + + ExpectIntEQ(test_wolfSSL_Tls13_ECH_bad_configs_ex(0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(test_wolfSSL_Tls13_ECH_bad_configs_ex(0, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_wolfSSL_Tls13_ECH_bad_configs_ex(1, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(test_wolfSSL_Tls13_ECH_bad_configs_ex(1, 1), WOLFSSL_SUCCESS); + + return EXPECT_RESULT(); +} + +/* Test that client info can be successfully decoded from one of multiple server + * ECH configs + * In this case the server is expected to try it's first config, fail, then try + * its second config and succeed */ +static int test_wolfSSL_Tls13_ECH_new_config(void) +{ + EXPECT_DECLS; + test_ssl_memio_ctx test_ctx; + byte altConfig[512]; + word32 altConfigLen = sizeof(altConfig); + byte combinedConfigs[512]; + word32 combinedConfigsLen = sizeof(combinedConfigs); + word16 firstConfigLen = 0; + word16 secondConfigOffset = 0; + word16 secondConfigLen = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + /* server generates its own ECH config */ + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* generate a second ECH config for the server */ + ExpectIntEQ(wolfSSL_CTX_GenerateEchConfig(test_ctx.s_ctx, + echCbTestPrivateName, 0, 0, 0), WOLFSSL_SUCCESS); + ExpectNotNull(test_ctx.s_ctx->echConfigs->next); + + /* capture the second ECH config in the list for the client to use */ + ExpectIntEQ(wolfSSL_CTX_GetEchConfigs(test_ctx.s_ctx, combinedConfigs, + &combinedConfigsLen), WOLFSSL_SUCCESS); + + /* ECHConfigList: [2 byte list len] [ECHConfig]... + * ECHConfig: [2 byte version] [2 byte config len] [config data] */ + ExpectIntGE(combinedConfigsLen, OPAQUE16_LEN * 3); + if (EXPECT_SUCCESS()) { + ato16(combinedConfigs + OPAQUE16_LEN + OPAQUE16_LEN, &firstConfigLen); + secondConfigOffset = OPAQUE16_LEN + OPAQUE16_LEN + OPAQUE16_LEN + + firstConfigLen; + ExpectIntGE(combinedConfigsLen, + secondConfigOffset + OPAQUE16_LEN + OPAQUE16_LEN); + } + if (EXPECT_SUCCESS()) { + ato16(combinedConfigs + secondConfigOffset + OPAQUE16_LEN, + &secondConfigLen); + secondConfigLen += OPAQUE16_LEN + OPAQUE16_LEN; + ExpectIntGE(combinedConfigsLen, secondConfigOffset + secondConfigLen); + } + if (EXPECT_SUCCESS()) { + /* build the ECHConfigList */ + c16toa(secondConfigLen, altConfig); + ExpectIntLE(OPAQUE16_LEN + secondConfigLen, (word16)sizeof(altConfig)); + if (EXPECT_SUCCESS()) { + XMEMCPY(altConfig + OPAQUE16_LEN, + combinedConfigs + secondConfigOffset, secondConfigLen); + altConfigLen = OPAQUE16_LEN + secondConfigLen; + } + } + + /* Set client configs - server should try both and succeed with second + * Or seek the correct one immediately through the configId */ + ExpectIntEQ(wolfSSL_SetEchConfigs(test_ctx.c_ssl, altConfig, altConfigLen), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME, + echCbTestPrivateName, (word16)XSTRLEN(echCbTestPrivateName)), + WOLFSSL_SUCCESS); + + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 1); + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +/* Test GREASE ECH: + * 1. client sends GREASE ECH extension but server has no ECH configs so it + * ignores it, handshake succeeds normally, no ECH configs received + * 2. client sends GREASE ECH extensions and server has ECH configs, handshake + * succeeds and client receives ECH configs */ +static int test_wolfSSL_Tls13_ECH_GREASE(void) +{ + EXPECT_DECLS; + test_ssl_memio_ctx test_ctx; + byte greaseConfigs[512]; + word32 greaseConfigsLen = sizeof(greaseConfigs); + + /* GREASE when server has no ECH configs */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME, + echCbTestPrivateName, (word16)XSTRLEN(echCbTestPrivateName)), + WOLFSSL_SUCCESS); + + /* verify ECH is enabled on the client and server */ + ExpectIntEQ(test_ctx.s_ssl->options.disableECH, 0); + ExpectIntEQ(test_ctx.c_ssl->options.disableECH, 0); + /* verify no ECH configs are set */ + ExpectNull(test_ctx.s_ctx->echConfigs); + ExpectNull(test_ctx.c_ctx->echConfigs); + + /* handshake should succeed - server ignores the GREASE ECH extension */ + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + + /* ECH should NOT be accepted since this was GREASE */ + ExpectIntEQ(test_ctx.s_ssl->options.echAccepted, 0); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + ExpectIntNE(wolfSSL_GetEchConfigs(test_ctx.c_ssl, greaseConfigs, + &greaseConfigsLen), WOLFSSL_SUCCESS); + + test_ssl_memio_cleanup(&test_ctx); + + /* GREASE when server has ECH configs */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + /* generate ECH configs */ + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + ExpectIntEQ(wolfSSL_UseSNI(test_ctx.c_ssl, WOLFSSL_SNI_HOST_NAME, + echCbTestPrivateName, (word16)XSTRLEN(echCbTestPrivateName)), + WOLFSSL_SUCCESS); + + /* verify ECH is enabled on the client and server */ + ExpectIntEQ(test_ctx.s_ssl->options.disableECH, 0); + ExpectIntEQ(test_ctx.c_ssl->options.disableECH, 0); + /* verify ECH configs are set on server */ + ExpectNotNull(test_ctx.s_ctx->echConfigs); + ExpectNull(test_ctx.c_ctx->echConfigs); + + /* handshake should succeed - server responds to the GREASE ECH extension */ + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + + /* ECH should NOT be accepted since this was GREASE + * However, configs will be present this time */ + ExpectIntEQ(test_ctx.s_ssl->options.echAccepted, 0); + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + ExpectIntEQ(wolfSSL_GetEchConfigs(test_ctx.c_ssl, greaseConfigs, + &greaseConfigsLen), WOLFSSL_SUCCESS); + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_Tls13_ECH_disable_conn_ex(int enableServer, + int enableClient) +{ + EXPECT_DECLS; + test_ssl_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.s_cb.method = wolfTLSv1_3_server_method; + test_ctx.c_cb.method = wolfTLSv1_3_client_method; + + /* both server and client will be setup to use ECH */ + test_ctx.s_cb.ctx_ready = test_ech_server_ctx_ready; + test_ctx.s_cb.ssl_ready = test_ech_server_ssl_ready; + test_ctx.c_cb.ssl_ready = test_ech_client_ssl_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* this callback will ensure that the correct SNI is being held */ + wolfSSL_CTX_set_servername_callback(test_ctx.s_ctx, + test_ech_server_sni_callback); + ExpectIntEQ(wolfSSL_CTX_set_servername_arg(test_ctx.s_ctx, &enableClient), + WOLFSSL_SUCCESS); + + /* disable ECH on the appropriate side(s) */ + wolfSSL_SetEchEnable(test_ctx.s_ssl, enableServer); + wolfSSL_SetEchEnable(test_ctx.c_ssl, enableClient); + + if (!enableClient) { + /* client ECH disabled: no ECH extension sent, handshake succeeds + * normally but ECH is not accepted */ + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + } + else if (!enableServer) { + /* client sends ECH but server can't process it: server has no ECH + * keys so it processes the outer ClientHello, client detects ECH + * rejection and aborts the handshake */ + ExpectIntNE(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + } + ExpectIntEQ(test_ctx.c_ssl->options.echAccepted, 0); + + test_ssl_memio_cleanup(&test_ctx); + + return EXPECT_RESULT(); +} + +/* setup a server and client with ECH then disable on one, the other, or both. + * Verifies that disabling ECH prevents ECH from being used and that the + * public/private SNI's are verified correctly */ +static int test_wolfSSL_Tls13_ECH_disable_conn(void) +{ + EXPECT_DECLS; + + ExpectIntEQ(test_wolfSSL_Tls13_ECH_disable_conn_ex(0, 1), TEST_SUCCESS); + ExpectIntEQ(test_wolfSSL_Tls13_ECH_disable_conn_ex(1, 0), TEST_SUCCESS); + ExpectIntEQ(test_wolfSSL_Tls13_ECH_disable_conn_ex(0, 0), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + +/* verify that ECH can be enabled/disabled without issue */ +static int test_wolfSSL_Tls13_ECH_enable_disable(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + byte echConfigs[128]; + word32 echConfigsLen = sizeof(echConfigs); + + /* NULL ctx, NULL ssl should not crash */ + wolfSSL_SetEchEnable(ssl, 0); + wolfSSL_CTX_SetEchEnable(ctx, 0); + + /* test CTX level enable/disable */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + + ExpectIntEQ(wolfSSL_CTX_GenerateEchConfig(ctx, "public.com", 0, 0, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_GetEchConfigs(ctx, echConfigs, &echConfigsLen), + WOLFSSL_SUCCESS); + + /* disable ECH at CTX level */ + wolfSSL_CTX_SetEchEnable(ctx, 0); + ExpectIntEQ(ctx->disableECH, 1); + ExpectNull(ctx->echConfigs); + + wolfSSL_CTX_SetEchEnable(ctx, 1); + ExpectIntEQ(ctx->disableECH, 0); + + /* test SSL level enable/disable */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectIntEQ(wolfSSL_SetEchConfigs(ssl, echConfigs, echConfigsLen), + WOLFSSL_SUCCESS); + + /* disable ECH at SSL level */ + wolfSSL_SetEchEnable(ssl, 0); + ExpectIntEQ(ssl->options.disableECH, 1); + ExpectNull(ssl->echConfigs); + + wolfSSL_SetEchEnable(ssl, 1); + ExpectIntEQ(ssl->options.disableECH, 0); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT */ + + return EXPECT_RESULT(); +} + #endif /* HAVE_ECH && WOLFSSL_TLS13 */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ @@ -22066,84 +15191,6 @@ } -static int test_wolfSSL_X509_NID(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) - int sigType; - int nameSz = 0; - - X509* cert = NULL; - EVP_PKEY* pubKeyTmp = NULL; - X509_NAME* name = NULL; - - char commonName[80]; - char countryName[80]; - char localityName[80]; - char stateName[80]; - char orgName[80]; - char orgUnit[80]; - - /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ - - /* convert cert from DER to internal WOLFSSL_X509 struct */ - ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, - sizeof_client_cert_der_2048, HEAP_HINT)); - - /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ - - /* extract PUBLIC KEY from cert */ - ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert)); - - /* extract signatureType */ - ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0); - ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); - - /* extract subjectName info */ - ExpectNotNull(name = X509_get_subject_name(cert)); - ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); - ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1); - ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, -2), 0); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - NULL, 0)), 0); - ExpectIntEQ(nameSz, 15); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, sizeof(commonName))), 0); - ExpectIntEQ(nameSz, 15); - ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, - commonName, 9)), 0); - ExpectIntEQ(nameSz, 8); - ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, - countryName, sizeof(countryName))), 0); - ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, - localityName, sizeof(localityName))), 0); - ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, - NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); - ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, - orgName, sizeof(orgName))), 0); - ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); - - ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, - NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); - ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); - - EVP_PKEY_free(pubKeyTmp); - X509_free(cert); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_CTX_set_srp_username(void) { EXPECT_DECLS; @@ -22205,323 +15252,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_STORE(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ - !defined(NO_FILESYSTEM) - X509_STORE *store = NULL; - -#ifdef HAVE_CRL - X509_STORE_CTX *storeCtx = NULL; - X509 *ca = NULL; - X509 *cert = NULL; - const char srvCert[] = "./certs/server-revoked-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; -#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP - X509_CRL *crl = NULL; - const char crlPem[] = "./certs/crl/crl.revoked"; - XFILE fp = XBADFILE; -#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; - -#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP - /* should fail to verify now after adding in CRL */ - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), - WOLFSSL_X509_V_ERR_CERT_REVOKED); - X509_CRL_free(crl); - crl = NULL; - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; -#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ -#endif /* HAVE_CRL */ - - - -#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) - { - #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) - SSL_CTX* ctx = NULL; - SSL* ssl = NULL; - int i; - for (i = 0; i < 2; i++) { - #ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); - #else - ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); - #endif - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - SSL_CTX_set_cert_store(ctx, store); - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - SSL_CTX_set_cert_store(ctx, store); - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, - SSL_FILETYPE_PEM), SSL_SUCCESS); - ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, - SSL_FILETYPE_PEM), SSL_SUCCESS); - ExpectNotNull(ssl = SSL_new(ctx)); - if (i == 0) { - ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store), - SSL_SUCCESS); - } - else { - ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS); - #ifdef OPENSSL_ALL - ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), SSL_SUCCESS); - #endif - } - if (EXPECT_FAIL() || (i == 1)) { - X509_STORE_free(store); - store = NULL; - } - SSL_free(ssl); - ssl = NULL; - SSL_CTX_free(ctx); - ctx = NULL; - } - #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ - } -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_load_locations(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \ - !defined(NO_TLS) - SSL_CTX *ctx = NULL; - X509_STORE *store = NULL; - - const char ca_file[] = "./certs/ca-cert.pem"; - const char client_pem_file[] = "./certs/client-cert.pem"; - const char client_der_file[] = "./certs/client-cert.der"; - const char ecc_file[] = "./certs/ecc-key.pem"; - const char certs_path[] = "./certs/"; - const char bad_path[] = "./bad-path/"; -#ifdef HAVE_CRL - const char crl_path[] = "./certs/crl/"; - const char crl_file[] = "./certs/crl/crl.pem"; -#endif - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); -#endif - ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); - ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), - WOLFSSL_SUCCESS); - - /* Test bad arguments */ - ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - -#ifdef HAVE_CRL - /* Test with CRL */ - ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path), - WOLFSSL_SUCCESS); -#endif - - /* Test with CA */ - ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL), - WOLFSSL_SUCCESS); - - /* Test with client_cert and certs path */ - ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path), - WOLFSSL_SUCCESS); - -#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \ - _POSIX_C_SOURCE >= 200112L - ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); - /* Test with env vars */ - ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0); - ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0); - ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS); -#endif - -#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) - /* Clear nodes */ - ERR_clear_error(); -#endif - - SSL_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_X509_STORE_get0_objects(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \ - !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) - X509_STORE *store = NULL; - X509_STORE *store_cpy = NULL; - SSL_CTX *ctx = NULL; - X509_OBJECT *obj = NULL; -#ifdef HAVE_CRL - X509_OBJECT *objCopy = NULL; -#endif - STACK_OF(X509_OBJECT) *objs = NULL; - STACK_OF(X509_OBJECT) *objsCopy = NULL; - int i; - - /* Setup store */ -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); -#else - ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); -#endif - ExpectNotNull(store_cpy = X509_STORE_new()); - ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); - ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), - WOLFSSL_SUCCESS); -#ifdef HAVE_CRL - ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), - WOLFSSL_SUCCESS); -#endif - /* Store ready */ - - /* Similar to HaProxy ssl_set_cert_crl_file use case */ - ExpectNotNull(objs = X509_STORE_get0_objects(store)); -#ifdef HAVE_CRL -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(sk_X509_OBJECT_num(objs), 4); -#else - ExpectIntEQ(sk_X509_OBJECT_num(objs), 1); -#endif -#else -#ifdef WOLFSSL_SIGNER_DER_CERT - ExpectIntEQ(sk_X509_OBJECT_num(objs), 3); -#else - ExpectIntEQ(sk_X509_OBJECT_num(objs), 0); -#endif -#endif - ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0); - ExpectNull(sk_X509_OBJECT_value(NULL, 0)); - ExpectNull(sk_X509_OBJECT_value(NULL, 1)); - ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs))); - ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1)); -#ifndef NO_WOLFSSL_STUB - ExpectNull(sk_X509_OBJECT_delete(objs, 0)); -#endif - ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); - ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy)); - for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) { - obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); - #ifdef HAVE_CRL - objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i); - #endif - switch (X509_OBJECT_get_type(obj)) { - case X509_LU_X509: - { - X509* x509 = NULL; - X509_NAME *subj_name = NULL; - ExpectNull(X509_OBJECT_get0_X509_CRL(NULL)); - ExpectNull(X509_OBJECT_get0_X509_CRL(obj)); - ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj)); - ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS); - ExpectNotNull(subj_name = X509_get_subject_name(x509)); - ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509, - subj_name)); - - break; - } - case X509_LU_CRL: -#ifdef HAVE_CRL - { - X509_CRL* crl = NULL; - ExpectNull(X509_OBJECT_get0_X509(NULL)); - ExpectNull(X509_OBJECT_get0_X509(obj)); - ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj)); - ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); - - ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); - break; - } -#endif - case X509_LU_NONE: - default: - Fail(("X509_OBJECT_get_type should return x509 or crl " - "(when built with crl support)"), - ("Unrecognized X509_OBJECT type or none")); - } - } - - X509_STORE_free(store_cpy); - SSL_CTX_free(ctx); - - wolfSSL_sk_X509_OBJECT_free(NULL); - objs = NULL; - wolfSSL_sk_pop_free(objsCopy, NULL); - objsCopy = NULL; - ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new()); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE); - ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); - wolfSSL_sk_X509_OBJECT_free(objsCopy); - wolfSSL_sk_X509_OBJECT_free(objs); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #define TEST_ARG 0x1234 @@ -23224,326 +15954,6 @@ return EXPECT_RESULT(); } -#ifndef NO_BIO - -static int test_wolfSSL_PEM_read_bio(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - byte buff[6000]; - XFILE f = XBADFILE; - int bytes = 0; - X509* x509 = NULL; - BIO* bio = NULL; - BUF_MEM* buf = NULL; - - ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE); - ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); - ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); - ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); - ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); - ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); - /* BIO should return the set EOF value */ - ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); - ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); - ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); - ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); - - BIO_free(bio); - BUF_MEM_free(buf); - X509_free(x509); -#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && - * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ - return EXPECT_RESULT(); -} - - -#if defined(OPENSSL_EXTRA) -static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, - long argl, long ret) -{ - (void)bio; - (void)cmd; - (void)argp; - (void)argi; - (void)argl; - return ret; -} -#endif - - -static int test_wolfSSL_BIO(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - const unsigned char* p = NULL; - byte buff[20]; - BIO* bio1 = NULL; - BIO* bio2 = NULL; - BIO* bio3 = NULL; - char* bufPt = NULL; - int i; - - for (i = 0; i < 20; i++) { - buff[i] = i; - } - /* test BIO_free with NULL */ - ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Creating and testing type BIO_s_bio */ - ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); - ExpectNotNull(bio2 = BIO_new(BIO_s_bio())); - ExpectNotNull(bio3 = BIO_new(BIO_s_bio())); - - /* read/write before set up */ - ExpectIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); - ExpectIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); - - ExpectIntEQ(BIO_set_nbio(bio1, 1), 1); - ExpectIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); - ExpectIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); - ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); - - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); - ExpectNotNull(XMEMCPY(bufPt, buff, 10)); - ExpectIntEQ(BIO_write(bio1, buff + 10, 10), 10); - /* write buffer full */ - ExpectIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); - ExpectIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); - ExpectIntEQ((int)BIO_ctrl_pending(bio1), 0); - - /* write the other direction with pair */ - ExpectIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); - ExpectNotNull(XMEMCPY(bufPt, buff, 8)); - ExpectIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); - - /* try read */ - ExpectIntEQ((int)BIO_ctrl_pending(bio1), 8); - ExpectIntEQ((int)BIO_ctrl_pending(bio2), 20); - - /* try read using ctrl function */ - ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); - ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8); - ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); - ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20); - - ExpectIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); - for (i = 0; i < 20; i++) { - ExpectIntEQ((int)bufPt[i], i); - } - ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0); - ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); - for (i = 0; i < 8; i++) { - ExpectIntEQ((int)bufPt[i], i); - } - ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0); - ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1); - - /* new pair */ - ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - BIO_free(bio2); /* free bio2 and automatically remove from pair */ - bio2 = NULL; - ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS); - ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0); - - /* test wrap around... */ - ExpectIntEQ(BIO_reset(bio1), 1); - ExpectIntEQ(BIO_reset(bio3), 1); - - /* fill write buffer, read only small amount then write again */ - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - ExpectNotNull(XMEMCPY(bufPt, buff, 20)); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 4), 4); - for (i = 0; i < 4; i++) { - ExpectIntEQ(bufPt[i], i); - } - - /* try writing over read index */ - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); - ExpectNotNull(XMEMSET(bufPt, 0, 4)); - ExpectIntEQ((int)BIO_ctrl_pending(bio3), 20); - - /* read and write 0 bytes */ - ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); - - /* should read only to end of write buffer then need to read again */ - ExpectIntEQ(BIO_nread(bio3, &bufPt, 20), 16); - for (i = 0; i < 16; i++) { - ExpectIntEQ(bufPt[i], buff[4 + i]); - } - - ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4); - for (i = 0; i < 4; i++) { - ExpectIntEQ(bufPt[i], 0); - } - - /* read index should not have advanced with nread0 */ - ExpectIntEQ(BIO_nread(bio3, &bufPt, 5), 4); - for (i = 0; i < 4; i++) { - ExpectIntEQ(bufPt[i], 0); - } - - /* write and fill up buffer checking reset of index state */ - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - ExpectNotNull(XMEMCPY(bufPt, buff, 20)); - - /* test reset on data in bio1 write buffer */ - ExpectIntEQ(BIO_reset(bio1), 1); - ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); - ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); - ExpectNotNull(p); - ExpectNotNull(XMEMCPY(bufPt, buff, 20)); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 6), 6); - for (i = 0; i < 6; i++) { - ExpectIntEQ(bufPt[i], i); - } - - /* test case of writing twice with offset read index */ - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); - ExpectIntEQ(BIO_nread(bio3, &bufPt, 1), 1); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); - ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); - - BIO_free(bio1); - bio1 = NULL; - BIO_free(bio3); - bio3 = NULL; - - #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) - { - BIO* bioA = NULL; - BIO* bioB = NULL; - ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); - BIO_free(bioA); - bioA = NULL; - BIO_free(bioB); - bioB = NULL; - } - #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ - - /* BIOs with file pointers */ - #if !defined(NO_FILESYSTEM) - { - XFILE f1 = XBADFILE; - XFILE f2 = XBADFILE; - BIO* f_bio1 = NULL; - BIO* f_bio2 = NULL; - unsigned char cert[300]; - char testFile[] = "tests/bio_write_test.txt"; - char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n"; - - ExpectNotNull(f_bio1 = BIO_new(BIO_s_file())); - ExpectNotNull(f_bio2 = BIO_new(BIO_s_file())); - - /* Failure due to wrong BIO type */ - ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); - ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); - - ExpectTrue((f1 = XFOPEN(svrCertFile, "rb+")) != XBADFILE); - ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS); - ExpectIntEQ(BIO_write_filename(f_bio2, testFile), - WOLFSSL_SUCCESS); - - ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); - ExpectIntEQ(BIO_tell(f_bio1),sizeof(cert)); - ExpectIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); - ExpectIntEQ(BIO_tell(f_bio2),sizeof(msg)); - ExpectIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); - ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg)); - - ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS); - ExpectIntEQ(BIO_reset(f_bio2), 1); - ExpectIntEQ(BIO_tell(NULL),-1); - ExpectIntEQ(BIO_tell(f_bio2),0); - ExpectIntEQ(BIO_seek(f_bio2, 4), 0); - ExpectIntEQ(BIO_tell(f_bio2),4); - - BIO_free(f_bio1); - f_bio1 = NULL; - BIO_free(f_bio2); - f_bio2 = NULL; - - ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rb+")); - ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); - ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); - BIO_free(f_bio1); - f_bio1 = NULL; - } - #endif /* !defined(NO_FILESYSTEM) */ - - /* BIO info callback */ - { - const char* testArg = "test"; - BIO* cb_bio = NULL; - ExpectNotNull(cb_bio = BIO_new(BIO_s_mem())); - - BIO_set_callback(cb_bio, bioCallback); - ExpectNotNull(BIO_get_callback(cb_bio)); - BIO_set_callback(cb_bio, NULL); - ExpectNull(BIO_get_callback(cb_bio)); - - BIO_set_callback_arg(cb_bio, (char*)testArg); - ExpectStrEQ(BIO_get_callback_arg(cb_bio), testArg); - ExpectNull(BIO_get_callback_arg(NULL)); - - BIO_free(cb_bio); - cb_bio = NULL; - } - - /* BIO_vfree */ - ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); - BIO_vfree(NULL); - BIO_vfree(bio1); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_BIO_BIO_ring_read(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) - BIO* bio1 = NULL; - BIO* bio2 = NULL; - byte data[50]; - byte tmp[50]; - - XMEMSET(data, 42, sizeof(data)); - - - ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)), - SSL_SUCCESS); - - ExpectIntEQ(BIO_write(bio1, data, 40), 40); - ExpectIntEQ(BIO_read(bio1, tmp, 20), -1); - ExpectIntEQ(BIO_read(bio2, tmp, 20), 20); - ExpectBufEQ(tmp, data, 20); - ExpectIntEQ(BIO_write(bio1, data, 20), 20); - ExpectIntEQ(BIO_read(bio2, tmp, 40), 40); - ExpectBufEQ(tmp, data, 40); - - BIO_free(bio1); - BIO_free(bio2); -#endif - return EXPECT_RESULT(); -} - -#endif /* !NO_BIO */ - static int test_wolfSSL_a2i_IPADDRESS(void) { @@ -23587,1325 +15997,6 @@ return EXPECT_RESULT(); } - -static int test_wolfSSL_X509_cmp_time(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ -&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) - WOLFSSL_ASN1_TIME asn_time; - time_t t; - - ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); - XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); - ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); - - ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); - ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); - ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time)); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_time_adj(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ - !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ - defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ - !defined(NO_ASN_TIME) - X509* x509 = NULL; - time_t t; - time_t not_before; - time_t not_after; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - client_cert_der_2048, sizeof_client_cert_der_2048, - WOLFSSL_FILETYPE_ASN1)); - - t = 0; - not_before = wc_Time(0); - not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ - ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); - ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); - /* Check X509_gmtime_adj, too. */ - ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_bad_altname(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - const unsigned char malformed_alt_name_cert[] = { - 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, - 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, - 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, - 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, - 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, - 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, - 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, - 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, - 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, - 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, - 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, - 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, - 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, - 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, - 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, - 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, - 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, - 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, - 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, - 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, - 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, - 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, - 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, - 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, - 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, - 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, - 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, - 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, - 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, - 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, - 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, - 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, - 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, - 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, - 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, - 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, - 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, - 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, - 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, - 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, - 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, - 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, - 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, - 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, - 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, - 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, - 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, - 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, - 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, - 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, - 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, - 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, - 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, - 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, - 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, - 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, - 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, - 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, - 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, - 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, - 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd - }; - - X509* x509 = NULL; - int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); - const char *name = "aaaaa"; - int nameLen = (int)XSTRLEN(name); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); - - /* malformed_alt_name_cert has a malformed alternative - * name of "a*\0*". Ensure that it does not match "aaaaa" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); - - /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), 1); - - X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name a* */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, - 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, - 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, - 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, - 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, - 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, - 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, - 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, - 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, - 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, - 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, - 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, - 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, - 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, - 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, - 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, - 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, - 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, - 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, - 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, - 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, - 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, - 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, - 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, - 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, - 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, - 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, - 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, - 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, - 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, - 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, - 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, - 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, - 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, - 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, - 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, - 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, - 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, - 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, - 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, - 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, - 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, - 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, - 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, - 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, - 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, - 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, - 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, - 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, - 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "aaaaa"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "a"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "abbbb"; - int nameLen3 = (int)(XSTRLEN(name3)); - const char *name4 = "bbb"; - int nameLen4 = (int)(XSTRLEN(name4)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "a*" matches "aaaaa" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" matches "a" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" matches "abbbb" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "bbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since - * 'a*' alt name does not have wildcard left-most */ - - /* Ensure that "a*" does not match "aaaaa" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "a" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "abbbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*" does not match "bbb" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match2(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name a*b* */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, - 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, - 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, - 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, - 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, - 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, - 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, - 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, - 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, - 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, - 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, - 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, - 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, - 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, - 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, - 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, - 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, - 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, - 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, - 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, - 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, - 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, - 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, - 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, - 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, - 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, - 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, - 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, - 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, - 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, - 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, - 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, - 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, - 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, - 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, - 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, - 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, - 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, - 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, - 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, - 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, - 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, - 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, - 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, - 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, - 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, - 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, - 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, - 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, - 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "ab"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "acccbccc"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "accb"; - int nameLen3 = (int)(XSTRLEN(name3)); - const char *name4 = "accda"; - int nameLen4 = (int)(XSTRLEN(name4)); - const char *name5 = "acc\0bcc"; - int nameLen5 = 7; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "a*b*" matches "ab" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" matches "acccbccc" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" matches "accb" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "a*b*" does not match "accda" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since - * 'a*b*' alt name does not have wildcard left-most */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_FAILURE); - - /* Ensure that "a*b*" matches "ab", testing openssl behavior replication - * on check len input handling, 0 for len is OK as it should then use - * strlen(name1) */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Openssl also allows for len to include NULL terminator */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that check string with NULL terminator in middle is - * rejected */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_name_match3(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) - /* A certificate with the subject alternative name *.example.com */ - const unsigned char cert_der[] = { - 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, - 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, - 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, - 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, - 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, - 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, - 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, - 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, - 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, - 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, - 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, - 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, - 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, - 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, - 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, - 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, - 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, - 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, - 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, - 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, - 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, - 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, - 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, - 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, - 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, - 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, - 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, - 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, - 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, - 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, - 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, - 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, - 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, - 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, - 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, - 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, - 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, - 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, - 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, - 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, - 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, - 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, - 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, - 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, - 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, - 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, - 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, - 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, - 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, - 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, - 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, - 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, - 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, - 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, - 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, - 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, - 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, - 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, - 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, - 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, - 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, - 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, - 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, - 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, - 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, - 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, - 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, - 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, - 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, - 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, - 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, - 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 - }; - - WOLFSSL_X509* x509 = NULL; - int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); - const char *name1 = "foo.example.com"; - int nameLen1 = (int)(XSTRLEN(name1)); - const char *name2 = "x.y.example.com"; - int nameLen2 = (int)(XSTRLEN(name2)); - const char *name3 = "example.com"; - int nameLen3 = (int)(XSTRLEN(name3)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( - cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); - - /* Ensure that "*.example.com" matches "foo.example.com" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - /* Ensure that "*.example.com" does NOT match "example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); - - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ - ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ - ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, - WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, - NULL), WOLFSSL_SUCCESS); - - wolfSSL_X509_free(x509); - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_max_altnames(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_RSA) - - /* Only test if max alt names has not been modified */ -#if WOLFSSL_MAX_ALT_NAMES <= 1024 - - WOLFSSL_CTX* ctx = NULL; - /* File contains a certificate encoded with 130 subject alternative names */ - const char* over_max_altnames_cert = \ - "./certs/test/cert-over-max-altnames.pem"; - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif - - ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, - over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), - WOLFSSL_SUCCESS); - wolfSSL_CTX_free(ctx); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_max_name_constraints(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ - !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) - - /* Only test if max name constraints has not been modified */ -#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 - - WOLFSSL_CTX* ctx = NULL; - /* File contains a certificate with 130 name constraints */ - const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; - -#ifndef NO_WOLFSSL_SERVER - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); -#else - ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); -#endif - - ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, - NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); - wolfSSL_CTX_free(ctx); -#endif - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - X509* x509 = NULL; -#ifndef NO_BIO - BIO* bio = NULL; - X509_STORE_CTX* ctx = NULL; - X509_STORE* store = NULL; -#endif - char der[] = "certs/ca-cert.der"; - XFILE fp = XBADFILE; - int derSz = 0; - -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new(BIO_s_mem())); -#endif - - ExpectNotNull(x509 = X509_new()); - ExpectNull(wolfSSL_X509_get_der(x509, &derSz)); -#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN) - ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE); -#endif - ExpectNull(wolfSSL_X509_dup(x509)); - X509_free(x509); - x509 = NULL; - -#ifndef NO_BIO - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - -#ifdef WOLFSSL_CERT_GEN - ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE); - ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); -#endif - - ExpectNotNull(ctx = X509_STORE_CTX_new()); - - ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING)); - - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); - ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); - -#ifndef NO_WOLFSSL_STUB - ExpectNull(X509_get_default_cert_file_env()); - ExpectNull(X509_get_default_cert_file()); - ExpectNull(X509_get_default_cert_dir_env()); - ExpectNull(X509_get_default_cert_dir()); -#endif - - ExpectNull(wolfSSL_X509_get_der(NULL, NULL)); - ExpectNull(wolfSSL_X509_get_der(x509, NULL)); - ExpectNull(wolfSSL_X509_get_der(NULL, &derSz)); - - ExpectIntEQ(wolfSSL_X509_version(NULL), 0); - ExpectIntEQ(wolfSSL_X509_version(x509), 3); - - X509_STORE_CTX_free(ctx); - X509_STORE_free(store); - X509_free(x509); - x509 = NULL; - BIO_free(bio); - bio = NULL; -#endif - - /** d2i_X509_fp test **/ - ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); - ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); - ExpectNotNull(x509); - -#ifdef HAVE_EX_DATA_CRYPTO - ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0); -#endif - ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1)); - ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); -#ifdef HAVE_EX_DATA - ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); - ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1); - ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der); -#else - ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); - ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0); - ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); -#endif - - X509_free(x509); - x509 = NULL; - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); - ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509)); - ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); - ExpectNotNull(x509); - X509_free(x509); - x509 = NULL; - if (fp != XBADFILE) - XFCLOSE(fp); - -#ifndef NO_BIO - ExpectNotNull(bio = BIO_new_file(der, "rb")); - ExpectNull(d2i_X509_bio(NULL, &x509)); - ExpectNotNull(x509 = d2i_X509_bio(bio, NULL)); - ExpectNotNull(x509); - X509_free(x509); - BIO_free(bio); - bio = NULL; -#endif - - /* X509_up_ref test */ - ExpectIntEQ(X509_up_ref(NULL), 0); - ExpectNotNull(x509 = X509_new()); /* refCount = 1 */ - ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ - ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ - X509_free(x509); /* refCount = 2 */ - X509_free(x509); /* refCount = 1 */ - X509_free(x509); /* refCount = 0, free */ - -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_count(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - int ret = 0; - WOLFSSL_X509* x509 = NULL; - const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; - XFILE f = XBADFILE; - - /* NULL parameter check */ - ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_ext_count(x509), 5); - wolfSSL_X509_free(x509); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_ext_count(x509), 5); - wolfSSL_X509_free(x509); - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* wolfSSL_X509_get_ext_count() valid input */ - ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - -/* Tests X509v3_get_ext_count, X509v3_get_ext_by_NID, and X509v3_get_ext - * working with a stack retrieved from wolfSSL_X509_get0_extensions(). - */ -static int test_wolfSSL_X509_stack_extensions(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - const WOLFSSL_STACK* ext_stack = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - int idx = -1; - int count = 0; - XFILE f = XBADFILE; - - /* Load a certificate */ - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* Get the stack of extensions */ - ExpectNotNull(ext_stack = wolfSSL_X509_get0_extensions(x509)); - - /* Test X509v3_get_ext_count */ - ExpectIntGT((count = X509v3_get_ext_count(ext_stack)), 0); - - /* Test X509v3_get_ext_by_NID - find Basic Constraints extension */ - ExpectIntGE((idx = X509v3_get_ext_by_NID(ext_stack, NID_basic_constraints, - -1)), 0); - - /* Test X509v3_get_ext - get extension by index */ - ExpectNotNull(ext = X509v3_get_ext(ext_stack, idx)); - - /* Verify that the extension is the correct one */ - ExpectIntEQ(wolfSSL_OBJ_obj2nid(wolfSSL_X509_EXTENSION_get_object(ext)), - NID_basic_constraints); - - /* Test negative cases */ - ExpectIntEQ(X509v3_get_ext_by_NID(NULL, NID_basic_constraints, -1), - WOLFSSL_FATAL_ERROR); - ExpectNull(X509v3_get_ext(NULL, 0)); - ExpectNull(X509v3_get_ext(ext_stack, -1)); - ExpectNull(X509v3_get_ext(ext_stack, count)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_sign2(void) -{ - EXPECT_DECLS; - /* test requires WOLFSSL_AKID_NAME to match expected output */ -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ - (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_IP_ALT_NAME)) - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *ca = NULL; - const unsigned char *der = NULL; - const unsigned char *pt = NULL; - WOLFSSL_EVP_PKEY *priv = NULL; - WOLFSSL_X509_NAME *name = NULL; - int derSz; -#ifndef NO_ASN_TIME - WOLFSSL_ASN1_TIME *notBefore = NULL; - WOLFSSL_ASN1_TIME *notAfter = NULL; - - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - time_t t; -#endif - - const unsigned char expected[] = { - 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, - 0x02, 0x02, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, 0x16, - 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, 0x30, - 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, - 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, - 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, - 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, - 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, - 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, - 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, - 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, - 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, - 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, - 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, - 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, - 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, - 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, - 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, - 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, - 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, - 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, - 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, - 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, - 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, - 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, - 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, - 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, - 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, - 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, - 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, - 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, - 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, - 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, - 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, - 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, - 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, - 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, - 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, - 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, - 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, - 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, - 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, - 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, - 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, - 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, - 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, - 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, - 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, - 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, - 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, - 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, - 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, - 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, - 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, - 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, - 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, - 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, - 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, - 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, - 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, - 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, - 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, - 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, - 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, - 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, - 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, - 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, - 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, - 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, - 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, - 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, - 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, - 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, - 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, - 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, - 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, - 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, - 0x6F, 0x6D, 0x82, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, - 0x16, 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, - 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, - 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, - 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, - 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, - 0x01, 0x01, 0x00, 0x2F, 0x9F, 0x83, 0x05, 0x15, 0x1E, 0x5D, 0x7C, 0x22, - 0x12, 0x20, 0xEE, 0x07, 0x35, 0x25, 0x39, 0xDD, 0x34, 0x06, 0xD3, 0x89, - 0x31, 0x51, 0x8B, 0x9A, 0xE5, 0xE8, 0x60, 0x30, 0x07, 0x7A, 0xBB, 0x17, - 0xB9, 0x54, 0x72, 0x83, 0xA2, 0x1F, 0x62, 0xE0, 0x18, 0xAC, 0x93, 0x5E, - 0x63, 0xC7, 0xDD, 0x12, 0x58, 0x96, 0xC7, 0x90, 0x8B, 0x12, 0x50, 0xD2, - 0x60, 0x0E, 0x24, 0x07, 0x53, 0x55, 0xD7, 0x8E, 0xC9, 0x56, 0x12, 0x28, - 0xD8, 0xFD, 0x47, 0xE3, 0x13, 0xFB, 0x3C, 0xD6, 0x3D, 0x82, 0x09, 0x7E, - 0x10, 0x19, 0xE1, 0xCD, 0xCC, 0x4C, 0x78, 0xDF, 0xE5, 0xFB, 0x2C, 0x8C, - 0x88, 0xF7, 0x5B, 0x99, 0x93, 0xC6, 0xC7, 0x22, 0xA5, 0xFA, 0x76, 0x6C, - 0xE9, 0xBC, 0x69, 0xBA, 0x02, 0x82, 0x18, 0xAF, 0x47, 0xD0, 0x9C, 0x5F, - 0xED, 0xAE, 0x5A, 0x95, 0x59, 0x78, 0x86, 0x24, 0x22, 0xB6, 0x81, 0x03, - 0x58, 0x9A, 0x14, 0x93, 0xDC, 0x24, 0x58, 0xF3, 0xD2, 0x6C, 0x8E, 0xD2, - 0x6D, 0x8B, 0xE8, 0x4E, 0xC6, 0xA0, 0x2B, 0x0D, 0xDB, 0x1A, 0x76, 0x28, - 0xA9, 0x8D, 0xFB, 0x51, 0xA6, 0xF0, 0x82, 0x30, 0xEE, 0x78, 0x1C, 0x71, - 0xA8, 0x11, 0x8A, 0xA5, 0xC3, 0x91, 0xAB, 0x9A, 0x46, 0xFF, 0x8D, 0xCD, - 0x82, 0x3F, 0x5D, 0xB6, 0x28, 0x46, 0x6D, 0x66, 0xE2, 0xEE, 0x1E, 0x82, - 0x0D, 0x1A, 0x74, 0x87, 0xFB, 0xFD, 0x96, 0x26, 0x50, 0x09, 0xEC, 0xA7, - 0x73, 0x89, 0x43, 0x3B, 0x42, 0x2D, 0xA9, 0x6B, 0x0F, 0x61, 0x81, 0x97, - 0x11, 0x71, 0xF9, 0xDB, 0x9B, 0x69, 0x4B, 0x6E, 0xD3, 0x7D, 0xDA, 0xC6, - 0x61, 0x9F, 0x39, 0x87, 0x53, 0x52, 0xA8, 0x4D, 0xAD, 0x80, 0x29, 0x6C, - 0x19, 0xF0, 0x8D, 0xB1, 0x0D, 0x4E, 0xFB, 0x1B, 0xB7, 0xF1, 0x85, 0x49, - 0x08, 0x2A, 0x94, 0xD0, 0x4E, 0x0B, 0x8F - }; - - pt = ca_key_der_2048; - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, - sizeof_ca_key_der_2048)); - - pt = client_cert_der_2048; - ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, - sizeof_client_cert_der_2048)); - - pt = ca_cert_der_2048; - ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); - ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); - ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - -#ifndef NO_ASN_TIME - t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; - ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); - ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); - ExpectIntEQ(notAfter->length, 13); - - ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); - ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore)); - ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); - ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter)); -#endif - - ExpectNull(wolfSSL_X509_notBefore(NULL)); - ExpectNotNull(wolfSSL_X509_notBefore(x509)); - ExpectNull(wolfSSL_X509_notAfter(NULL)); - ExpectNotNull(wolfSSL_X509_notAfter(x509)); - - ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); - ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); - - ExpectIntEQ(derSz, sizeof(expected)); -#ifndef NO_ASN_TIME - ExpectIntEQ(XMEMCMP(der, expected, derSz), 0); -#endif - - wolfSSL_X509_free(ca); - wolfSSL_X509_free(x509); - wolfSSL_EVP_PKEY_free(priv); -#ifndef NO_ASN_TIME - wolfSSL_ASN1_TIME_free(notBefore); - wolfSSL_ASN1_TIME_free(notAfter); -#endif -#endif - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_X509_sign(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) - int ret = 0; - char *cn = NULL; - word32 cnSz = 0; - X509_NAME *name = NULL; - X509_NAME *emptyName = NULL; - X509 *x509 = NULL; - X509 *ca = NULL; - DecodedCert dCert; - EVP_PKEY *pub = NULL; - EVP_PKEY *priv = NULL; - EVP_MD_CTX *mctx = NULL; -#if defined(USE_CERT_BUFFERS_1024) - const unsigned char* rsaPriv = client_key_der_1024; - const unsigned char* rsaPub = client_keypub_der_1024; - const unsigned char* certIssuer = client_cert_der_1024; - long clientKeySz = (long)sizeof_client_key_der_1024; - long clientPubKeySz = (long)sizeof_client_keypub_der_1024; - long certIssuerSz = (long)sizeof_client_cert_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - const unsigned char* rsaPriv = client_key_der_2048; - const unsigned char* rsaPub = client_keypub_der_2048; - const unsigned char* certIssuer = client_cert_der_2048; - long clientKeySz = (long)sizeof_client_key_der_2048; - long clientPubKeySz = (long)sizeof_client_keypub_der_2048; - long certIssuerSz = (long)sizeof_client_cert_der_2048; -#endif - byte sn[16]; - int snSz = sizeof(sn); - int sigSz = 0; -#ifndef NO_WOLFSSL_STUB - const WOLFSSL_ASN1_BIT_STRING* sig = NULL; - const WOLFSSL_X509_ALGOR* alg = NULL; -#endif - - /* Set X509_NAME fields */ - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, - (byte*)"US", 2, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); - - /* Get private and public keys */ - ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, - clientKeySz)); - ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); - ExpectNotNull(x509 = X509_new()); - ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0); - /* Set version 3 */ - ExpectIntNE(X509_set_version(x509, 2L), 0); - /* Set subject name, add pubkey, and sign certificate */ - ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); - X509_NAME_free(name); - name = NULL; - ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); -#ifdef WOLFSSL_ALT_NAMES - ExpectNull(wolfSSL_X509_get_next_altname(NULL)); - ExpectNull(wolfSSL_X509_get_next_altname(x509)); - - /* Add some subject alt names */ - ExpectIntNE(wolfSSL_X509_add_altname(NULL, - "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - NULL, ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "sphygmomanometer", - ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "supercalifragilisticexpialidocious", - ASN_DNS_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname(x509, - "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", - ASN_DNS_TYPE), SSL_SUCCESS); -#ifdef WOLFSSL_IP_ALT_NAME - { - unsigned char ip4_type[] = {127,128,0,255}; - unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, - 0xff, 0xee, 0x99, 0x88, - 0x77, 0x66, 0x55, 0x44, - 0x00, 0x33, 0x22, 0x11}; - ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, - sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, - sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); - } -#endif - - { - int i; - - if (x509 != NULL) { - x509->altNamesNext = x509->altNames; - } -#ifdef WOLFSSL_IP_ALT_NAME - /* No names in IP address. */ - ExpectNull(wolfSSL_X509_get_next_altname(x509)); - ExpectNull(wolfSSL_X509_get_next_altname(x509)); -#endif - for (i = 0; i < 3; i++) { - ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); - } - ExpectNull(wolfSSL_X509_get_next_altname(x509)); -#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST - ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); -#endif - } -#endif /* WOLFSSL_ALT_NAMES */ - - { - ASN1_UTCTIME* infinite_past = NULL; - ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); - ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); - ASN1_UTCTIME_free(infinite_past); - } - - /* test valid sign case */ - ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); - /* test getting signature */ -#ifndef NO_WOLFSSL_STUB - wolfSSL_X509_get0_signature(&sig, &alg, x509); -#endif - ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz), - WOLFSSL_SUCCESS); - ExpectIntGT(sigSz, 0); - ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz), - WOLFSSL_FATAL_ERROR); - sigSz = 0; - ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz), - WOLFSSL_FATAL_ERROR); - - /* test valid X509_sign_ctx case */ - ExpectNotNull(mctx = EVP_MD_CTX_new()); - ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); - ExpectIntGT(X509_sign_ctx(x509, mctx), 0); - -#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) - ExpectIntEQ(X509_get_ext_count(x509), 1); -#endif -#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); -#endif - - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), - WOLFSSL_SUCCESS); - DEBUG_WRITE_CERT_X509(x509, "signed.pem"); - - /* Variation in size depends on ASN.1 encoding when MSB is set. - * WOLFSSL_ASN_TEMPLATE code does not generate a serial number - * with the MSB set. See GenerateInteger in asn.c */ -#ifndef USE_CERT_BUFFERS_1024 -#ifndef WOLFSSL_ALT_NAMES - /* Valid case - size should be 781-786 with 16 byte serial number */ - ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); -#elif defined(WOLFSSL_IP_ALT_NAME) - /* Valid case - size should be 955-960 with 16 byte serial number */ - ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); -#else - /* Valid case - size should be 926-931 with 16 byte serial number */ - ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); -#endif -#else -#ifndef WOLFSSL_ALT_NAMES - /* Valid case - size should be 537-542 with 16 byte serial number */ - ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); -#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - /* Valid case - size should be 695-670 with 16 byte serial number */ - ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); -#else - /* Valid case - size should be 666-671 with 16 byte serial number */ - ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); -#endif -#endif - /* check that issuer name is as expected after signature */ - InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); - ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); - - ExpectNotNull(emptyName = X509_NAME_new()); - ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); - ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1); - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR); - ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0); - ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz)); - ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn); - ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn); - ExpectNull(X509_NAME_oneline(emptyName, NULL, 0)); - ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn); - ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; - -#if defined(XSNPRINTF) - ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0)); - ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0)); - ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); - ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz)); - ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1)); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); - ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; -#endif - X509_NAME_free(emptyName); - -#ifdef WOLFSSL_MULTI_ATTRIB - /* test adding multiple OU's to the signer */ - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, - (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, - (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); - ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0); -#endif - - ExpectNotNull(name = X509_get_subject_name(ca)); - ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); - - ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); - ExpectNotNull(name = X509_get_issuer_name(x509)); - cnSz = X509_NAME_get_sz(name); - ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); - ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); - /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ - ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); - XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); - cn = NULL; - - FreeDecodedCert(&dCert); - - /* Test invalid parameters */ - ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); - ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); - ExpectIntEQ(X509_sign(x509, priv, NULL), 0); - - ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0); - EVP_MD_CTX_free(mctx); - mctx = NULL; - ExpectNotNull(mctx = EVP_MD_CTX_new()); - ExpectIntEQ(X509_sign_ctx(x509, mctx), 0); - ExpectIntEQ(X509_sign_ctx(x509, NULL), 0); - - /* test invalid version number */ -#if defined(OPENSSL_ALL) - ExpectIntNE(X509_set_version(x509, 6L), 0); - ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); - - /* uses ParseCert which fails on bad version number */ - ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - - EVP_MD_CTX_free(mctx); - EVP_PKEY_free(priv); - EVP_PKEY_free(pub); - X509_free(x509); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get0_tbs_sigalg(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) - X509* x509 = NULL; - const X509_ALGOR* alg; - - ExpectNotNull(x509 = X509_new()); - - ExpectNull(alg = X509_get0_tbs_sigalg(NULL)); - ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_X509_ALGOR_get0(void) { EXPECT_DECLS; @@ -24961,139 +16052,6 @@ } -static int test_wolfSSL_X509_VERIFY_PARAM(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - X509_VERIFY_PARAM *paramTo = NULL; - X509_VERIFY_PARAM *paramFrom = NULL; - char testIPv4[] = "127.0.0.1"; - char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; - char testhostName1[] = "foo.hoge.com"; - char testhostName2[] = "foobar.hoge.com"; - - ExpectNotNull(paramTo = X509_VERIFY_PARAM_new()); - ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM))); - - ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new()); - ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM))); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, - (int)XSTRLEN(testhostName1)), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - - X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); - - X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); - ExpectIntEQ(0x01, paramFrom->hostFlags); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1); - ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* null pointer */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0); - /* in the case of "from" null, returns success */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0); - - /* inherit flags test : VPARAM_DEFAULT */ - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM OVERWRITE */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM_RESET_FLAGS */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, - (int)XSTRLEN(testhostName1))); - ExpectIntEQ(0x01, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); - - /* inherit flags test : VPARAM_LOCKED */ - ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, - (int)XSTRLEN(testhostName2)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); - X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); - - if (paramTo != NULL) { - paramTo->inherit_flags = X509_VP_FLAG_LOCKED; - } - - ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); - ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, - (int)XSTRLEN(testhostName2))); - ExpectIntEQ(0x00, paramTo->hostFlags); - ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); - - /* test for incorrect parameters */ - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), - 0); - - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0); - - /* inherit flags test : VPARAM_ONCE, not testable yet */ - - ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL), - 1); - - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0); - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), - X509_V_FLAG_CRL_CHECK_ALL); - - ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), - WOLFSSL_FAILURE); - ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo, - X509_V_FLAG_CRL_CHECK_ALL), 1); - - ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0); - - ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL)); - ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup("")); - ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client")); - ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server")); - - X509_VERIFY_PARAM_free(paramTo); - X509_VERIFY_PARAM_free(paramFrom); - X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY) @@ -25157,571 +16115,172 @@ ExpectIntEQ(test_wolfSSL_check_domain_verify_count, 1); #endif - return EXPECT_RESULT(); -} - -#else - -static int test_wolfSSL_check_domain(void) -{ - EXPECT_DECLS; - return EXPECT_RESULT(); -} - -#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256) -static const char* dn = NULL; -static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl) -{ - EXPECT_DECLS; - - ExpectIntEQ(wolfSSL_check_domain_name(ssl, dn), WOLFSSL_SUCCESS); - - return EXPECT_RESULT(); -} -static int test_wolfSSL_check_domain_basic(void) -{ - EXPECT_DECLS; - test_ssl_cbf func_cb_client; - test_ssl_cbf func_cb_server; - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - dn = "invalid.com"; - func_cb_client.ssl_ready = &test_wolfSSL_check_domain_basic_client_ssl; - - /* Expect to fail */ - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), -1001); - - dn = "example.com"; - - /* Expect to succeed */ - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); - - return EXPECT_RESULT(); -} -#else -static int test_wolfSSL_check_domain_basic(void) -{ - EXPECT_DECLS; - return EXPECT_RESULT(); -} -#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ - -static int test_wolfSSL_X509_get_X509_PUBKEY(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) - X509* x509 = NULL; - X509_PUBKEY* pubKey; - - ExpectNotNull(x509 = X509_new()); - - ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); - ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_RSA(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_SHA256) && !defined(NO_RSA) - X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - X509_PUBKEY* pubKey2 = NULL; - EVP_PKEY* evpKey = NULL; - byte buf[1024]; - byte* tmp; - - const unsigned char *pk = NULL; - int ppklen; - int pptype; - X509_ALGOR *pa = NULL; - const void *pval; - - ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, - SSL_FILETYPE_PEM)); - - ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectNotNull(pubKey); - ExpectIntGT(ppklen, 0); - - tmp = buf; - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294); - ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294); - - ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); - - ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); - ExpectNotNull(pubKey2 = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0); - ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0); - ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNull(pval); - ExpectIntEQ(pptype, V_ASN1_NULL); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); - - X509_PUBKEY_free(NULL); - X509_PUBKEY_free(pubKey2); - X509_free(x509); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_EC(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) - X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - ASN1_OBJECT* poid = NULL; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - X509_PUBKEY* pubKey2 = NULL; - EVP_PKEY* evpKey = NULL; - - const unsigned char *pk = NULL; - int ppklen; - int pptype; - X509_ALGOR *pa = NULL; - const void *pval; - char buf[50]; - - ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); - ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); - ExpectNotNull(pubKey2 = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNotNull(pval); - ExpectIntEQ(pptype, V_ASN1_OBJECT); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); - poid = (ASN1_OBJECT *)pval; - ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); - ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); - - X509_PUBKEY_free(pubKey2); - X509_free(x509); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_PUBKEY_DSA(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) - word32 bytes; -#ifdef USE_CERT_BUFFERS_1024 - byte tmp[ONEK_BUF]; -#elif defined(USE_CERT_BUFFERS_2048) - byte tmp[TWOK_BUF]; -#else - byte tmp[TWOK_BUF]; -#endif /* END USE_CERT_BUFFERS_1024 */ - const unsigned char* dsaKeyDer = tmp; - - ASN1_OBJECT* obj = NULL; - ASN1_STRING* str; - const ASN1_OBJECT* pa_oid = NULL; - X509_PUBKEY* pubKey = NULL; - EVP_PKEY* evpKey = NULL; - - const unsigned char *pk = NULL; - int ppklen, pptype; - X509_ALGOR *pa = NULL; - const void *pval; - -#ifdef USE_CERT_BUFFERS_1024 - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); - bytes = sizeof_dsa_key_der_1024; -#elif defined(USE_CERT_BUFFERS_2048) - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); - bytes = sizeof_dsa_key_der_2048; -#else - { - XFILE fp = XBADFILE; - XMEMSET(tmp, 0, sizeof(tmp)); - ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); - ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); - if (fp != XBADFILE) - XFCLOSE(fp); - } -#endif - - /* Initialize pkey with der format dsa key */ - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); - - ExpectNotNull(pubKey = X509_PUBKEY_new()); - ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); - ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); - ExpectNotNull(pk); - ExpectNotNull(pa); - ExpectIntGT(ppklen, 0); - X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); - ExpectNotNull(pa_oid); - ExpectNotNull(pval); - ExpectIntEQ(pptype, V_ASN1_SEQUENCE); - ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); - str = (ASN1_STRING *)pval; - DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); -#ifdef USE_CERT_BUFFERS_1024 - ExpectIntEQ(ASN1_STRING_length(str), 291); -#else - ExpectIntEQ(ASN1_STRING_length(str), 549); -#endif /* END USE_CERT_BUFFERS_1024 */ - - X509_PUBKEY_free(pubKey); - EVP_PKEY_free(evpKey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_BUF(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - BUF_MEM* buf = NULL; - ExpectNotNull(buf = BUF_MEM_new()); - ExpectIntEQ(BUF_MEM_grow(buf, 10), 10); - ExpectIntEQ(BUF_MEM_grow(buf, -1), 0); - BUF_MEM_free(buf); -#endif - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) -static int stub_rand_seed(const void *buf, int num) -{ - (void)buf; - (void)num; - - return 123; -} - -static int stub_rand_bytes(unsigned char *buf, int num) -{ - (void)buf; - (void)num; - - return 456; + return EXPECT_RESULT(); } -static byte* was_stub_rand_cleanup_called(void) -{ - static byte was_called = 0; +#else - return &was_called; +static int test_wolfSSL_check_domain(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); } -static void stub_rand_cleanup(void) +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256) +static const char* dn = NULL; +static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl) { - byte* was_called = was_stub_rand_cleanup_called(); + EXPECT_DECLS; - *was_called = 1; + ExpectIntEQ(wolfSSL_check_domain_name(ssl, dn), WOLFSSL_SUCCESS); - return; + return EXPECT_RESULT(); } - -static byte* was_stub_rand_add_called(void) +/* Verify wolfSSL_check_domain_name() controls DNS-name matching during + * handshake with expected fail/pass outcomes. */ +static int test_wolfSSL_check_domain_basic(void) { - static byte was_called = 0; + EXPECT_DECLS; + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; - return &was_called; -} + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); -static int stub_rand_add(const void *buf, int num, double entropy) -{ - byte* was_called = was_stub_rand_add_called(); + dn = "invalid.com"; + func_cb_client.ssl_ready = &test_wolfSSL_check_domain_basic_client_ssl; - (void)buf; - (void)num; - (void)entropy; + /* Expect to fail */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); + + dn = "example.com"; - *was_called = 1; + /* Expect to succeed */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); - return 0; + return EXPECT_RESULT(); } - -static int stub_rand_pseudo_bytes(unsigned char *buf, int num) +#else +static int test_wolfSSL_check_domain_basic(void) { - (void)buf; - (void)num; - - return 9876; + EXPECT_DECLS; + return EXPECT_RESULT(); } +#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ -static int stub_rand_status(void) +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(WOLFSSL_IP_ALT_NAME) || defined(OPENSSL_ALL)) && \ + !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256) +static const char* ipaddr = NULL; +static int test_wolfSSL_check_ip_param_client_ssl(WOLFSSL* ssl) { - return 5432; + EXPECT_DECLS; + X509_VERIFY_PARAM* param = NULL; + + ExpectNotNull(param = SSL_get0_param(ssl)); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(param, ipaddr), WOLFSSL_SUCCESS); + + return EXPECT_RESULT(); } -#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ -static int test_wolfSSL_RAND_set_rand_method(void) +/* Verify the OpenSSL-compat verify-param path: + * SSL_get0_param() + X509_VERIFY_PARAM_set1_ip_asc() controls IP SAN matching + * during handshake. */ +static int test_wolfSSL_check_ip_param_basic(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) - RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; - unsigned char* buf = NULL; - int num = 0; - double entropy = 0; - int ret; - byte* was_cleanup_called = was_stub_rand_cleanup_called(); - byte* was_add_called = was_stub_rand_add_called(); - - ExpectNotNull(buf = (byte*)XMALLOC(32 * sizeof(byte), NULL, - DYNAMIC_TYPE_TMP_BUFFER)); + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; - ExpectIntNE(wolfSSL_RAND_status(), 5432); - ExpectIntEQ(*was_cleanup_called, 0); - RAND_cleanup(); - ExpectIntEQ(*was_cleanup_called, 0); - - - rand_methods.seed = &stub_rand_seed; - rand_methods.bytes = &stub_rand_bytes; - rand_methods.cleanup = &stub_rand_cleanup; - rand_methods.add = &stub_rand_add; - rand_methods.pseudorand = &stub_rand_pseudo_bytes; - rand_methods.status = &stub_rand_status; - - ExpectIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); - ExpectIntEQ(RAND_seed(buf, num), 123); - ExpectIntEQ(RAND_bytes(buf, num), 456); - ExpectIntEQ(RAND_pseudo_bytes(buf, num), 9876); - ExpectIntEQ(RAND_status(), 5432); - - ExpectIntEQ(*was_add_called, 0); - /* The function pointer for RAND_add returns int, but RAND_add itself - * returns void. */ - RAND_add(buf, num, entropy); - ExpectIntEQ(*was_add_called, 1); - was_add_called = 0; - ExpectIntEQ(*was_cleanup_called, 0); - RAND_cleanup(); - ExpectIntEQ(*was_cleanup_called, 1); - *was_cleanup_called = 0; + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + func_cb_client.ssl_ready = &test_wolfSSL_check_ip_param_client_ssl; - ret = RAND_set_rand_method(NULL); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); - ExpectIntNE(RAND_status(), 5432); - ExpectIntEQ(*was_cleanup_called, 0); - RAND_cleanup(); - ExpectIntEQ(*was_cleanup_called, 0); + ipaddr = "127.0.0.2"; + /* Expect to fail: cert SAN IP is 127.0.0.1 */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); - RAND_set_rand_method(NULL); + ipaddr = "127.0.0.1"; + /* Expect to succeed */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ return EXPECT_RESULT(); } - -static int test_wolfSSL_RAND_bytes(void) +#else +static int test_wolfSSL_check_ip_param_basic(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */ - const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */ - const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */ - const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ - int max_bufsize; - byte *my_buf = NULL; -#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ - !defined(__MINGW32__) - byte seed[16] = {0}; - byte randbuf[8] = {0}; - int pipefds[2] = {0}; - pid_t pid = 0; + return EXPECT_RESULT(); +} #endif - /* sanity check */ - ExpectIntEQ(RAND_bytes(NULL, 16), 0); - ExpectIntEQ(RAND_bytes(NULL, 0), 0); - - max_bufsize = size4; - - ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256) && \ + defined(WOLFSSL_IP_ALT_NAME) +static const char* ipaddr_api = NULL; +static int test_wolfSSL_check_ip_address_basic_client_ssl(WOLFSSL* ssl) +{ + EXPECT_DECLS; - ExpectIntEQ(RAND_bytes(my_buf, 0), 1); - ExpectIntEQ(RAND_bytes(my_buf, -1), 0); + ExpectIntEQ(wolfSSL_check_ip_address(ssl, ipaddr_api), WOLFSSL_SUCCESS); - ExpectNotNull(XMEMSET(my_buf, 0, max_bufsize)); - ExpectIntEQ(RAND_bytes(my_buf, size1), 1); - ExpectIntEQ(RAND_bytes(my_buf, size2), 1); - ExpectIntEQ(RAND_bytes(my_buf, size3), 1); - ExpectIntEQ(RAND_bytes(my_buf, size4), 1); - XFREE(my_buf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - -#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ - !defined(__MINGW32__) - XMEMSET(seed, 0, sizeof(seed)); - RAND_cleanup(); - - /* No global methods set. */ - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - - ExpectIntEQ(pipe(pipefds), 0); - pid = fork(); - ExpectIntGE(pid, 0); - if (pid == 0) { - ssize_t n_written = 0; - - /* Child process. */ - close(pipefds[0]); - RAND_bytes(randbuf, sizeof(randbuf)); - n_written = write(pipefds[1], randbuf, sizeof(randbuf)); - close(pipefds[1]); - exit(n_written == sizeof(randbuf) ? 0 : 1); - } - else { - /* Parent process. */ - byte childrand[8] = {0}; - int waitstatus = 0; - - close(pipefds[1]); - ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1); - ExpectIntEQ(read(pipefds[0], childrand, sizeof(childrand)), - sizeof(childrand)); - #ifdef WOLFSSL_NO_GETPID - ExpectBufEQ(randbuf, childrand, sizeof(randbuf)); - #else - ExpectBufNE(randbuf, childrand, sizeof(randbuf)); - #endif - close(pipefds[0]); - waitpid(pid, &waitstatus, 0); - } - RAND_cleanup(); -#endif -#endif return EXPECT_RESULT(); } -static int test_wolfSSL_RAND(void) +/* Verify wolfSSL convenience API path: + * wolfSSL_check_ip_address() enables IP SAN matching during handshake, + * including the non-OPENSSL_EXTRA storage/verification flow. */ +static int test_wolfSSL_check_ip_address_basic(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - byte seed[16]; + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; - XMEMSET(seed, 0, sizeof(seed)); + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - /* No global methods set. */ - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - ExpectIntEQ(RAND_poll(), 1); - RAND_cleanup(); + func_cb_client.ssl_ready = &test_wolfSSL_check_ip_address_basic_client_ssl; - ExpectIntEQ(RAND_egd(NULL), -1); -#ifndef NO_FILESYSTEM - { - char fname[100]; + ipaddr_api = "127.0.0.2"; + /* Expect to fail: cert SAN IP is 127.0.0.1 */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); + + ipaddr_api = "127.0.0.1"; + /* Expect to succeed */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); - ExpectNotNull(RAND_file_name(fname, (sizeof(fname) - 1))); - ExpectIntEQ(RAND_write_file(NULL), 0); - } -#endif -#endif return EXPECT_RESULT(); } - - -#if defined(WC_RNG_SEED_CB) && defined(OPENSSL_EXTRA) -static int wc_DummyGenerateSeed(OS_Seed* os, byte* output, word32 sz) +#else +static int test_wolfSSL_check_ip_address_basic(void) { - word32 i; - for (i = 0; i < sz; i++ ) - output[i] = (byte)i; - - (void)os; - - return 0; + EXPECT_DECLS; + return EXPECT_RESULT(); } -#endif /* WC_RNG_SEED_CB */ - +#endif -static int test_wolfSSL_RAND_poll(void) +static int test_wolfSSL_BUF(void) { EXPECT_DECLS; - #if defined(OPENSSL_EXTRA) - byte seed[16]; - byte rand1[16]; -#ifdef WC_RNG_SEED_CB - byte rand2[16]; -#endif - - XMEMSET(seed, 0, sizeof(seed)); - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - ExpectIntEQ(RAND_poll(), 1); - ExpectIntEQ(RAND_bytes(rand1, 16), 1); - RAND_cleanup(); - -#ifdef WC_RNG_SEED_CB - /* Test with custom seed and poll */ - wc_SetSeed_Cb(wc_DummyGenerateSeed); - - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - ExpectIntEQ(RAND_bytes(rand1, 16), 1); - RAND_cleanup(); - - /* test that the same value is generated twice with dummy seed function */ - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - ExpectIntEQ(RAND_bytes(rand2, 16), 1); - ExpectIntEQ(XMEMCMP(rand1, rand2, 16), 0); - RAND_cleanup(); - - /* test that doing a poll is reseeding RNG */ - ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); - ExpectIntEQ(RAND_poll(), 1); - ExpectIntEQ(RAND_bytes(rand2, 16), 1); - ExpectIntNE(XMEMCMP(rand1, rand2, 16), 0); - - /* reset the seed function used */ - wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); -#endif - RAND_cleanup(); - - ExpectIntEQ(RAND_egd(NULL), -1); + BUF_MEM* buf = NULL; + ExpectNotNull(buf = BUF_MEM_new()); + ExpectIntEQ(BUF_MEM_grow(buf, 10), 10); + ExpectIntEQ(BUF_MEM_grow(buf, -1), 0); + BUF_MEM_free(buf); #endif - return EXPECT_RESULT(); } - static int test_wolfSSL_PKCS8_Compat(void) { EXPECT_DECLS; @@ -26401,634 +16960,6 @@ #endif /* !NO_BIO */ -static int test_wolfSSL_OBJ(void) -{ -/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS - * mode - */ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \ - !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ - defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \ - !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) - ASN1_OBJECT *obj = NULL; - ASN1_OBJECT *obj2 = NULL; - char buf[50]; - - XFILE fp = XBADFILE; - X509 *x509 = NULL; - X509_NAME *x509Name = NULL; - X509_NAME_ENTRY *x509NameEntry = NULL; - ASN1_OBJECT *asn1Name = NULL; - int numNames = 0; - BIO *bio = NULL; - int nid; - int i, j; - const char *f[] = { - #ifndef NO_RSA - "./certs/ca-cert.der", - #endif - #ifdef HAVE_ECC - "./certs/ca-ecc-cert.der", - "./certs/ca-ecc384-cert.der", - #endif - NULL}; - ASN1_OBJECT *field_name_obj = NULL; - int lastpos = -1; - int tmp = -1; - ASN1_STRING *asn1 = NULL; - unsigned char *buf_dyn = NULL; - - ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); - ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy); - ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); - ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - - ExpectNotNull(obj = OBJ_nid2obj(NID_sha256)); - ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256); - ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); -#ifdef WOLFSSL_CERT_EXT - ExpectIntEQ(OBJ_txt2nid(buf), NID_sha256); -#endif - ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); - ExpectNotNull(obj2 = OBJ_dup(obj)); - ExpectIntEQ(OBJ_cmp(obj, obj2), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - ASN1_OBJECT_free(obj2); - obj2 = NULL; - - for (i = 0; f[i] != NULL; i++) - { - ExpectTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE); - ExpectNotNull(x509 = d2i_X509_fp(fp, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectNotNull(x509Name = X509_get_issuer_name(x509)); - ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); - - /* Get the Common Name by using OBJ_txt2obj */ - ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0)); - ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99), - WOLFSSL_FATAL_ERROR); - ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0), - WOLFSSL_FATAL_ERROR); - do - { - lastpos = tmp; - tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos); - } while (tmp > -1); - ExpectIntNE(lastpos, -1); - ASN1_OBJECT_free(field_name_obj); - field_name_obj = NULL; - ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos)); - ExpectNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry)); - ExpectIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0); - /* - * All Common Names should be www.wolfssl.com - * This makes testing easier as we can test for the expected value. - */ - ExpectStrEQ((char*)buf_dyn, "www.wolfssl.com"); - OPENSSL_free(buf_dyn); - buf_dyn = NULL; - bio = BIO_new(BIO_s_mem()); - ExpectTrue(bio != NULL); - for (j = 0; j < numNames; j++) - { - ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); - ExpectNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); - ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); - } - BIO_free(bio); - bio = NULL; - X509_free(x509); - x509 = NULL; - - } - -#ifdef HAVE_PKCS12 - { - PKCS12 *p12 = NULL; - int boolRet; - EVP_PKEY *pkey = NULL; - const char *p12_f[] = { - /* bundle uses AES-CBC 256 and PKCS7 key uses DES3 */ - #if !defined(NO_DES3) && defined(WOLFSSL_AES_256) && !defined(NO_RSA) - "./certs/test-servercert.p12", - #endif - NULL - }; - - for (i = 0; p12_f[i] != NULL; i++) - { - ExpectTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE); - ExpectNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", - &pkey, &x509, NULL)) > 0); - wc_PKCS12_free(p12); - p12 = NULL; - EVP_PKEY_free(pkey); - x509Name = X509_get_issuer_name(x509); - ExpectNotNull(x509Name); - ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); - ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL); - for (j = 0; j < numNames; j++) - { - ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); - ExpectNotNull(asn1Name = - X509_NAME_ENTRY_get_object(x509NameEntry)); - ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); - } - BIO_free(bio); - bio = NULL; - X509_free(x509); - x509 = NULL; - } - } -#endif /* HAVE_PKCS12 */ -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_OBJ_cmp(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) - ASN1_OBJECT *obj = NULL; - ASN1_OBJECT *obj2 = NULL; - - ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); - ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256)); - - ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(OBJ_cmp(obj, obj), 0); - ExpectIntEQ(OBJ_cmp(obj2, obj2), 0); - - ASN1_OBJECT_free(obj); - ASN1_OBJECT_free(obj2); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_OBJ_txt2nid(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(WOLFSSL_APACHE_HTTPD) - int i; - static const struct { - const char* sn; - const char* ln; - const char* oid; - int nid; - } testVals[] = { -#ifdef WOLFSSL_APACHE_HTTPD - { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature }, - { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7", - NID_id_on_dnsSRV }, - { "msUPN", "Microsoft User Principal Name", - "1.3.6.1.4.1.311.20.2.3", NID_ms_upn }, -#endif - { NULL, NULL, NULL, NID_undef } - }; - - /* Invalid cases */ - ExpectIntEQ(OBJ_txt2nid(NULL), NID_undef); - ExpectIntEQ(OBJ_txt2nid("Bad name"), NID_undef); - - /* Valid cases */ - for (i = 0; testVals[i].sn != NULL; i++) { - ExpectIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid); - ExpectIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid); - ExpectIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_OBJ_txt2obj(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) - int i; - char buf[50]; - ASN1_OBJECT* obj = NULL; - static const struct { - const char* oidStr; - const char* sn; - const char* ln; - } objs_list[] = { - #if defined(WOLFSSL_APACHE_HTTPD) - { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" }, - { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" }, - #endif - { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"}, - { NULL, NULL, NULL } - }; - static const struct { - const char* numeric; - const char* name; - } objs_named[] = { - /* In dictionary but not in normal list. */ - { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, - /* Made up OID. */ - { "1.3.5.7", "1.3.5.7" }, - { NULL, NULL } - }; - - ExpectNull(obj = OBJ_txt2obj("Bad name", 0)); - ASN1_OBJECT_free(obj); - obj = NULL; - ExpectNull(obj = OBJ_txt2obj(NULL, 0)); - ASN1_OBJECT_free(obj); - obj = NULL; - - for (i = 0; objs_list[i].oidStr != NULL; i++) { - /* Test numerical value of oid (oidStr) */ - ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1)); - /* Convert object back to text to confirm oid is correct */ - wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); - ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - XMEMSET(buf, 0, sizeof(buf)); - - /* Test short name (sn) */ - ExpectNull(obj = OBJ_txt2obj(objs_list[i].sn, 1)); - ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0)); - /* Convert object back to text to confirm oid is correct */ - wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); - ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - XMEMSET(buf, 0, sizeof(buf)); - - /* Test long name (ln) - should fail when no_name = 1 */ - ExpectNull(obj = OBJ_txt2obj(objs_list[i].ln, 1)); - ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0)); - /* Convert object back to text to confirm oid is correct */ - wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); - ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - XMEMSET(buf, 0, sizeof(buf)); - } - - for (i = 0; objs_named[i].numeric != NULL; i++) { - ExpectNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1)); - wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0); - ExpectIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0); - wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); - ExpectIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0); - ASN1_OBJECT_free(obj); - obj = NULL; - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_write_bio_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ - defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ - defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - /* This test contains the hard coded expected - * lengths. Update if necessary */ - XFILE fp = XBADFILE; - WOLFSSL_EVP_PKEY *priv = NULL; - - BIO* input = NULL; - BIO* output = NULL; - X509* x509a = NULL; - X509* x509b = NULL; - X509* empty = NULL; - - ASN1_TIME* notBeforeA = NULL; - ASN1_TIME* notAfterA = NULL; -#ifndef NO_ASN_TIME - ASN1_TIME* notBeforeB = NULL; - ASN1_TIME* notAfterB = NULL; -#endif - int expectedLen; - - ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE); - ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem", - "rb")); - ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000); - - /* read PEM into X509 struct, get notBefore / notAfter to verify against */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - ExpectNotNull(notBeforeA = X509_get_notBefore(x509a)); - ExpectNotNull(notAfterA = X509_get_notAfter(x509a)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed. */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - /* compare length against expected */ - expectedLen = 2000; - ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); - wolfSSL_X509_free(empty); - -#ifndef NO_ASN_TIME - /* read exported X509 PEM back into struct, sanity check on export, - * make sure notBefore/notAfter are the same and certs are identical. */ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectNotNull(notBeforeB = X509_get_notBefore(x509b)); - ExpectNotNull(notAfterB = X509_get_notAfter(x509b)); - ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); - ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - X509_free(x509b); - x509b = NULL; -#endif - - /* Reset output buffer */ - BIO_free(output); - output = NULL; - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - - /* Test forcing the AKID to be generated just from KeyIdentifier */ - if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) { - XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); - x509a->authKeyId = x509a->authKeyIdSrc; - x509a->authKeyIdSrc = NULL; - x509a->authKeyIdSrcSz = 0; - } - - /* Resign to re-generate the der */ - ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); - - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* Check that we generate a smaller output since the AKID will - * only contain the KeyIdentifier without any additional - * information */ - - /* Here we copy the validity struct from the original */ - expectedLen = 1688; - ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); - - /* Reset buffers and x509 */ - BIO_free(input); - input = NULL; - BIO_free(output); - output = NULL; - X509_free(x509a); - x509a = NULL; - - /* test CA and basicConstSet values are encoded when - * the cert is a CA */ - ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb")); - - /* read PEM into X509 struct */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* read exported X509 PEM back into struct, ensure isCa and basicConstSet - * values are maintained and certs are identical.*/ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectIntEQ(x509b->isCa, 1); - ExpectIntEQ(x509b->basicConstSet, 1); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - - X509_free(x509a); - x509a = NULL; - X509_free(x509b); - x509b = NULL; - BIO_free(input); - input = NULL; - BIO_free(output); - output = NULL; - - /* test CA and basicConstSet values are encoded when - * the cert is not CA */ - ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb")); - - /* read PEM into X509 struct */ - ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); - - /* write X509 back to PEM BIO; no need to sign as nothing changed */ - ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); - - /* read exported X509 PEM back into struct, ensure isCa and - * basicConstSet values are maintained and certs are identical */ - ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); - ExpectIntEQ(x509b->isCa, 0); - ExpectIntEQ(x509b->basicConstSet, 1); - ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); - - wolfSSL_EVP_PKEY_free(priv); - X509_free(x509a); - X509_free(x509b); - BIO_free(input); - BIO_free(output); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_NAME_ENTRY(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) - X509* x509 = NULL; -#ifndef NO_BIO - X509* empty = NULL; - BIO* bio = NULL; -#endif - X509_NAME* nm = NULL; - X509_NAME_ENTRY* entry = NULL; - WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL; - unsigned char cn[] = "another name to add"; -#ifdef OPENSSL_ALL - int i; - int names_len = 0; -#endif - - ExpectNotNull(x509 = - wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); -#ifndef NO_BIO - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); - wolfSSL_X509_free(empty); -#endif - -#ifdef WOLFSSL_CERT_REQ - { - X509_REQ* req = NULL; -#ifndef NO_BIO - X509_REQ* emptyReq = NULL; - BIO* bReq = NULL; -#endif - - ExpectNotNull(req = - wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); -#ifndef NO_BIO - ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new()); - ExpectNotNull(bReq = BIO_new(BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE); - ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); - - BIO_free(bReq); - X509_REQ_free(emptyReq); -#endif - X509_free(req); - } -#endif - - ExpectNotNull(nm = X509_get_subject_name(x509)); - - /* Test add entry */ - ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, - 0x0c, cn, (int)sizeof(cn))); - ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); - - /* @TODO the internal name entry set value needs investigated for matching - * behavior with OpenSSL. At the moment the getter function for the set - * value is being tested only in that it succeeds in getting the internal - * value. */ - ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0); - -#ifdef WOLFSSL_CERT_EXT - ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1)); - ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1)); - ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0)); -#endif - X509_NAME_ENTRY_free(entry); - entry = NULL; - -#ifdef WOLFSSL_CERT_REQ - { - unsigned char srv_pkcs9p[] = "Server"; - unsigned char rfc822Mlbx[] = "support@wolfssl.com"; - unsigned char fvrtDrnk[] = "tequila"; - unsigned char* der = NULL; - char* subject = NULL; - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, - MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox, - MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, - MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); - - ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG); - ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); - ExpectNotNull(der); - - ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0)); - ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com")); - ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); - ExpectNotNull(XSTRSTR(subject, "contentType=Server")); - #ifdef DEBUG_WOLFSSL - if (subject != NULL) { - fprintf(stderr, "\n\t%s\n", subject); - } - #endif - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); - } -#endif - - ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn, - (int)sizeof(cn))); - /* Test add entry by text */ - ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", - 0x0c, cn, (int)sizeof(cn))); - ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName", - 0x0c, cn, (int)sizeof(cn)), entry); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ - || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) - ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", - V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); - #endif - ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); - X509_NAME_ENTRY_free(entry); - entry = NULL; - - /* Test add entry by NID */ - ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, - cn, -1, -1, 0), SSL_SUCCESS); - -#ifdef OPENSSL_ALL - /* stack of name entry */ - ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); - for (i = 0; i < names_len; i++) { - ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i)); - } -#endif - - ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL)); - ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG); - ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0); - ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0)); - ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0)); - wolfSSL_sk_X509_NAME_ENTRY_free(entries); - -#ifndef NO_BIO - BIO_free(bio); -#endif - X509_free(x509); /* free's nm */ -#endif - return EXPECT_RESULT(); -} - /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ static int test_GENERAL_NAME_set0_othername(void) { @@ -27131,6 +17062,104 @@ return EXPECT_RESULT(); } +/* Test RID (Registered ID) GENERAL_NAME creation and freeing */ +static int test_RID_GENERAL_NAME_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_RID_ALT_NAME) + /* RID OID: 1.2.3.4.5 in DER */ + const unsigned char ridData[] = { 0x06, 0x04, 0x2a, 0x03, 0x04, 0x05 }; + const unsigned char* p = ridData; + GENERAL_NAME* gn = NULL; + GENERAL_NAMES* gns = NULL; + ASN1_OBJECT* ridObj = NULL; + + /* Create RID ASN1_OBJECT from DER */ + ExpectNotNull(ridObj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(ridData))); + + /* Create GENERAL_NAME and set up as RID */ + ExpectNotNull(gn = GENERAL_NAME_new()); + if (gn != NULL) { + /* GENERAL_NAME_new allocates ia5, must free before using as RID */ + gn->type = GEN_RID; + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.ia5 = NULL; + gn->d.registeredID = ridObj; + ridObj = NULL; /* gn owns */ + } + if (EXPECT_FAIL()) { + wolfSSL_ASN1_OBJECT_free(ridObj); + } + + /* Add to stack */ + ExpectNotNull(gns = sk_GENERAL_NAME_new(NULL)); + ExpectIntEQ(sk_GENERAL_NAME_push(gns, gn), 1); + if (EXPECT_FAIL()) { + GENERAL_NAME_free(gn); + gn = NULL; + } + + /* Verify RID is set up correctly */ + ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0)); + ExpectIntEQ(gn->type, GEN_RID); + ExpectNotNull(gn->d.registeredID); + + /* Free via sk_GENERAL_NAME_pop_free, exercises type_free for RID */ + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); +#endif + return EXPECT_RESULT(); +} + +/* Test RID (Registered ID) SAN parsing via X509_get_ext_d2i(). + * Uses rid-cert.der which contains a RID SAN with OID 1.2.3.4.5. This tests + * that ASN_RID_TYPE case in wolfSSL_X509_get_ext_d2i() frees ia5 before + * allocating registeredID. */ +static int test_RID_X509_get_ext_d2i(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_RID_ALT_NAME) && \ + !defined(NO_RSA) && !defined(NO_FILESYSTEM) + int i; + int numNames; + int foundRID = 0; + const char* ridCert = "./certs/rid-cert.der"; + X509* x509 = NULL; + GENERAL_NAMES* gns = NULL; + GENERAL_NAME* gn = NULL; + XFILE f = XBADFILE; + + ExpectTrue((f = XFOPEN(ridCert, "rb")) != XBADFILE); + ExpectNotNull(x509 = d2i_X509_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Get SANs, will exercise ASN_RID_TYPE case */ + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); + + /* rid-cert.der contains: UPN, RID (1.2.3.4.5), DNS, URI, othername */ + numNames = sk_GENERAL_NAME_num(gns); + ExpectIntGE(numNames, 2); + + for (i = 0; i < numNames; i++) { + gn = sk_GENERAL_NAME_value(gns, i); + if (gn != NULL && gn->type == GEN_RID) { + ExpectNotNull(gn->d.registeredID); + foundRID = 1; + break; + } + } + ExpectIntEQ(foundRID, 1); + + /* Free via sk_GENERAL_NAME_pop_free, exercises type_free for RID */ + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + /* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ static int test_othername_and_SID_ext(void) { @@ -27316,192 +17345,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_set_name(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) - X509* x509 = NULL; - X509_NAME* name = NULL; - - ExpectNotNull(name = X509_NAME_new()); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, - (byte*)"wolfssl.com", 11, 0, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, - (byte*)"support@wolfssl.com", 19, -1, - 1), WOLFSSL_SUCCESS); - ExpectNotNull(x509 = X509_new()); - - ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); - - ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); - - X509_free(x509); - X509_NAME_free(name); -#endif /* OPENSSL_ALL && !NO_CERTS */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_notAfter(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ - && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ - !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) - /* Generalized time will overflow time_t if not long */ - X509* x = NULL; - BIO* bio = NULL; - ASN1_TIME *asn_time = NULL; - ASN1_TIME *time_check = NULL; - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - int offset_day; - unsigned char buf[25]; - time_t t; - - /* - * Setup asn_time. APACHE HTTPD uses time(NULL) - */ - t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; - offset_day = 7; - /* - * Free these. - */ - asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); - ExpectNotNull(asn_time); - ExpectNotNull(x = X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - /* - * Tests - */ - ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time)); - /* time_check is simply (ANS1_TIME*)x->notAfter */ - ExpectNotNull(time_check = X509_get_notAfter(x)); - /* ANS1_TIME_check validates by checking if argument can be parsed */ - ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); - /* Convert to human readable format and compare to intended date */ - ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); - ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); - - ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL)); - ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL)); - ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time)); - - /* - * Cleanup - */ - XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(x); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_notBefore(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ - && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) - X509* x = NULL; - BIO* bio = NULL; - ASN1_TIME *asn_time = NULL; - ASN1_TIME *time_check = NULL; - const int year = 365*24*60*60; - const int day = 24*60*60; - const int hour = 60*60; - const int mini = 60; - int offset_day; - unsigned char buf[25]; - time_t t; - - /* - * Setup asn_time. APACHE HTTPD uses time(NULL) - */ - t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; - offset_day = 7; - - /* - * Free these. - */ - asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); - ExpectNotNull(asn_time); - ExpectNotNull(x = X509_new()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); - - /* - * Main Tests - */ - ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time)); - /* time_check == (ANS1_TIME*)x->notBefore */ - ExpectNotNull(time_check = X509_get_notBefore(x)); - /* ANS1_TIME_check validates by checking if argument can be parsed */ - ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); - /* Convert to human readable format and compare to intended date */ - ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); - ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); - ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); - - ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL)); - ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL)); - ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time)); - - ExpectNull(X509_get_notBefore(NULL)); - ExpectNull(X509_get_notAfter(NULL)); - - /* - * Cleanup - */ - XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(x); - BIO_free(bio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_version(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ - !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) - X509* x509 = NULL; - long v = 2L; - long maxInt = INT_MAX; - - ExpectNotNull(x509 = X509_new()); - /* These should pass. */ - ExpectTrue(wolfSSL_X509_set_version(x509, v)); - ExpectIntEQ(0, wolfSSL_X509_get_version(NULL)); - ExpectIntEQ(v, wolfSSL_X509_get_version(x509)); - /* Fail Case: When v(long) is greater than x509->version(int). */ - v = maxInt+1; - ExpectFalse(wolfSSL_X509_set_version(x509, v)); - - ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE); - - /* Cleanup */ - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) /* test that the callback arg is correct */ @@ -27713,7 +17556,7 @@ "ECDSA+SHA256", caEccCertFile, wolfTLSv1_3_server_method}, #endif #endif -#ifndef WOLFSSL_NO_TLS12 +#if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_HARDEN_TLS) #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_DH) {wolfTLSv1_2_client_method, "DHE-RSA-AES128-GCM-SHA256", @@ -27860,7 +17703,7 @@ word16 idx = 0; int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM; - InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len); + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 1, 0xFFFFFFFF, &len); for (idx = 0; idx < len; idx += 2) { int hashAlgo = 0; int sigAlgo = 0; @@ -27872,7 +17715,7 @@ ExpectIntNE(sigAlgo, 0); } - InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1, + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1, 1, 0xFFFFFFFF, &len); for (idx = 0; idx < len; idx += 2) { int hashAlgo = 0; @@ -27888,6 +17731,90 @@ return EXPECT_RESULT(); } +static int test_wolfSSL_d2i_SSL_SESSION_bounds_check(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE) && \ + defined(SESSION_CERTS) && !defined(NO_SESSION_CACHE) + WOLFSSL_SESSION* sess = NULL; + WOLFSSL_SESSION* restored = NULL; + unsigned char* sessDer = NULL; + unsigned char* modData = NULL; + const unsigned char* ptr = NULL; + unsigned char* pp = NULL; + int sz = 0; + int idx = 0; + int sessionIDSz = 0; + int altIDLen = 0; + int chainOffset = 0; + int newLen = 0; + word16 oversized = 0; + + /* Create and serialize a valid empty session to learn the format */ + ExpectNotNull(sess = wolfSSL_SESSION_new()); + ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, NULL)), 0); + ExpectNotNull(sessDer = (unsigned char*)XMALLOC(sz, NULL, + DYNAMIC_TYPE_OPENSSL)); + pp = sessDer; + ExpectIntGT(wolfSSL_i2d_SSL_SESSION(sess, &pp), 0); + wolfSSL_SESSION_free(sess); + sess = NULL; + + /* Calculate offset to chain.count field: + * side(1) + bornOn(4) + timeout(4) + sessionIDSz(1) + sessionID(var) + * + masterSecret(SECRET_LEN=48) + haveEMS(1) + altIDLen(1) + altID(var) + */ + idx = 1 + 4 + 4; + if (EXPECT_SUCCESS()) { + sessionIDSz = sessDer[idx++]; + idx += sessionIDSz + SECRET_LEN + 1; + altIDLen = sessDer[idx++]; + if (altIDLen == ID_LEN) + idx += ID_LEN; + chainOffset = idx; + } + + /* + * The deserialization must reject this with a BUFFER_ERROR (return NULL). + */ + newLen = chainOffset + 1 + 50; + ExpectNotNull(modData = (unsigned char*)XMALLOC(newLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (EXPECT_SUCCESS()) { + XMEMCPY(modData, sessDer, chainOffset); + modData[chainOffset] = MAX_CHAIN_DEPTH + 1; + XMEMSET(modData + chainOffset + 1, 0, newLen - chainOffset - 1); + } + ptr = modData; + ExpectNull(restored = wolfSSL_d2i_SSL_SESSION(NULL, &ptr, (long)newLen)); + XFREE(modData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + modData = NULL; + + /* + * chain.count is valid (1), but the cert length field is too large. + */ + newLen = chainOffset + 1 + 2 + 100; + ExpectNotNull(modData = (unsigned char*)XMALLOC(newLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (EXPECT_SUCCESS()) { + XMEMCPY(modData, sessDer, chainOffset); + idx = chainOffset; + modData[idx++] = 1; /* chain.count = 1 */ + oversized = MAX_X509_SIZE + 1; + modData[idx++] = (byte)(oversized >> 8); + modData[idx++] = (byte)(oversized & 0xFF); + XMEMSET(modData + idx, 0xCC, newLen - idx); + } + ptr = modData; + ExpectNull(restored = wolfSSL_d2i_SSL_SESSION(NULL, &ptr, (long)newLen)); + XFREE(modData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + modData = NULL; + + XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_SESSION(void) { EXPECT_DECLS; @@ -28642,12 +18569,13 @@ RSA_free(rsa); rsa = NULL; + /* d2i_RSA_PUBKEY_bio should fail when given private key DER. + * wc_RsaPublicKeyDecode correctly rejects private key format. */ ExpectIntGT(BIO_write(bio, client_key_der_2048, sizeof_client_key_der_2048), 0); - ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa)); + ExpectNull(d2i_RSA_PUBKEY_bio(bio, &rsa)); (void)BIO_reset(bio); - RSA_free(rsa); rsa = RSA_new(); ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0); #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */ @@ -29133,7 +19061,8 @@ EXPECT_DECLS; #if !defined(NO_RSA) && !defined(NO_TLS) && (defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl = NULL; WOLFSSL_CTX* ctx = NULL; @@ -29283,411 +19212,6 @@ return EXPECT_RESULT(); } -/* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */ -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\ - (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)) -static void binary_dump(void *ptr, int size) -{ - #ifdef WOLFSSL_EVP_PRINT - int i = 0; - unsigned char *p = (unsigned char *) ptr; - - fprintf(stderr, "{"); - while ((p != NULL) && (i < size)) { - if ((i % 8) == 0) { - fprintf(stderr, "\n"); - fprintf(stderr, " "); - } - fprintf(stderr, "0x%02x, ", p[i]); - i++; - } - fprintf(stderr, "\n};\n"); - #else - (void) ptr; - (void) size; - #endif -} - -static int last_val = 0x0f; - -static int check_result(unsigned char *data, int len) -{ - int i; - - for ( ; len; ) { - last_val = (last_val + 1) % 16; - for (i = 0; i < 16; len--, i++, data++) - if (*data != last_val) { - return -1; - } - } - return 0; -} - -static int r_offset; -static int w_offset; - -static void init_offset(void) -{ - r_offset = 0; - w_offset = 0; -} -static void get_record(unsigned char *data, unsigned char *buf, int len) -{ - XMEMCPY(buf, data+r_offset, len); - r_offset += len; -} - -static void set_record(unsigned char *data, unsigned char *buf, int len) -{ - XMEMCPY(data+w_offset, buf, len); - w_offset += len; -} - -static void set_plain(unsigned char *plain, int rec) -{ - int i, j; - unsigned char *p = plain; - - #define BLOCKSZ 16 - - for (i=0; i<(rec/BLOCKSZ); i++) { - for (j=0; j 0 && keylen != klen) { - ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); - } - ilen = EVP_CIPHER_CTX_iv_length(evp); - if (ilen > 0 && ivlen != ilen) { - ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); - } - - ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); - - for (j = 0; j 0) - set_record(cipher, outb, outl); - } - - for (i = 0; test_drive[i]; i++) { - last_val = 0x0f; - - ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0); - - init_offset(); - - for (j = 0; test_drive[i][j]; j++) { - inl = test_drive[i][j]; - get_record(cipher, inb, inl); - - ExpectIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), - 0); - - binary_dump(outb, outl); - ExpectIntEQ((ret = check_result(outb, outl)), 0); - ExpectFalse(outl > ((inl/16+1)*16) && outl > 16); - } - - ret = EVP_CipherFinal(evp, outb, &outl); - - binary_dump(outb, outl); - - ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) || - (((test_drive_len[i] % 16) == 0) && (ret == 1)); - ExpectTrue(ret); - } - - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(evp), WOLFSSL_SUCCESS); - - EVP_CIPHER_CTX_free(evp); - evp = NULL; - - /* Do an extra test to verify correct behavior with empty input. */ - - ExpectNotNull(evp = EVP_CIPHER_CTX_new()); - ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0); - - ExpectIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc); - - klen = EVP_CIPHER_CTX_key_length(evp); - if (klen > 0 && keylen != klen) { - ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); - } - ilen = EVP_CIPHER_CTX_iv_length(evp); - if (ilen > 0 && ivlen != ilen) { - ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); - } - - ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); - - /* outl should be set to 0 after passing NULL, 0 for input args. */ - outl = -1; - ExpectIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0); - ExpectIntEQ(outl, 0); - - EVP_CIPHER_CTX_free(evp); -#endif /* test_EVP_Cipher */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_serialNumber(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - ASN1_INTEGER* a = NULL; - BIGNUM* bn = NULL; - X509* x509 = NULL; - X509* empty = NULL; - char *serialHex = NULL; - byte serial[3]; - int serialSz; - - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectNull(X509_get_serialNumber(NULL)); - ExpectNotNull(X509_get_serialNumber(empty)); - ExpectNotNull(a = X509_get_serialNumber(x509)); - - /* check on value of ASN1 Integer */ - ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); - a = NULL; - - /* test setting serial number and then retrieving it */ - ExpectNotNull(a = ASN1_INTEGER_new()); - ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1); - ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE); - ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL), - BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz), - BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL), - BAD_FUNC_ARG); - serialSz = 0; - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - BUFFER_E); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 1); - serialSz = sizeof(serial); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 1); - ExpectIntEQ(serial[0], 3); - ASN1_INTEGER_free(a); - a = NULL; - - /* test setting serial number with 0's in it */ - serial[0] = 0x01; - serial[1] = 0x00; - serial[2] = 0x02; - - ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); - if (a != NULL) { - a->data[0] = ASN_INTEGER; - a->data[1] = sizeof(serial); - XMEMCPY(&a->data[2], serial, sizeof(serial)); - a->length = sizeof(serial) + 2; - } - ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); - - XMEMSET(serial, 0, sizeof(serial)); - serialSz = sizeof(serial); - ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(serialSz, 3); - ExpectIntEQ(serial[0], 0x01); - ExpectIntEQ(serial[1], 0x00); - ExpectIntEQ(serial[2], 0x02); - ASN1_INTEGER_free(a); - a = NULL; - - X509_free(x509); /* free's a */ - X509_free(empty); - - ExpectNotNull(serialHex = BN_bn2hex(bn)); -#ifndef WC_DISABLE_RADIX_ZERO_PAD - ExpectStrEQ(serialHex, "01"); -#else - ExpectStrEQ(serialHex, "1"); -#endif - OPENSSL_free(serialHex); - ExpectIntEQ(BN_get_word(bn), 1); - BN_free(bn); - - /* hard test free'ing with dynamic buffer to make sure there is no leaks */ - ExpectNotNull(a = ASN1_INTEGER_new()); - if (a != NULL) { - ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, - DYNAMIC_TYPE_OPENSSL)); - a->isDynamic = 1; - ASN1_INTEGER_free(a); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_ext_get_critical_by_NID(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) - WOLFSSL_X509* x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL, - WC_NID_basic_constraints), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_basic_constraints), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_subject_alt_name), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_authority_key_identifier), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_subject_key_identifier), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_key_usage), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_crl_distribution_points), 0); - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_ext_key_usage), 0); -#ifdef WOLFSSL_SEP - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_certificate_policies), 0); -#endif - ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, - WC_NID_info_access), 0); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_CRL_distribution_points(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_FILESYSTEM) - WOLFSSL_X509* x509 = NULL; - const char* file = "./certs/client-crl-dist.pem"; - - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL, - WC_NID_crl_distribution_points), 0); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, - WC_NID_crl_distribution_points), 0); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, - WC_NID_crl_distribution_points), 1); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_X509_SEP(void) { EXPECT_DECLS; @@ -29750,6 +19274,88 @@ return EXPECT_RESULT(); } +/* Test wolfSSL_X509_set_* extension functions */ +static int test_wolfSSL_X509_set_extensions(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + WOLFSSL_X509* x509 = NULL; +#ifdef WOLFSSL_CERT_EXT + byte skid[20] = {1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20}; + byte akid[20] = {20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1}; +#endif +#ifndef IGNORE_NETSCAPE_CERT_TYPE + int nsCertType = 0; +#endif + + ExpectNotNull(x509 = wolfSSL_X509_new()); + +#ifdef WOLFSSL_CERT_EXT + /* Test wolfSSL_X509_set_subject_key_id */ + ExpectIntEQ(wolfSSL_X509_set_subject_key_id(NULL, skid, sizeof(skid)), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_subject_key_id(x509, NULL, sizeof(skid)), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_subject_key_id(x509, skid, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_subject_key_id(x509, skid, sizeof(skid)), + WOLFSSL_SUCCESS); + + /* Test wolfSSL_X509_set_authority_key_id */ + ExpectIntEQ(wolfSSL_X509_set_authority_key_id(NULL, akid, sizeof(akid)), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_authority_key_id(x509, NULL, sizeof(akid)), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_authority_key_id(x509, akid, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_authority_key_id(x509, akid, sizeof(akid)), + WOLFSSL_SUCCESS); + + /* Test wolfSSL_X509_CRL_add_dist_point */ + ExpectIntEQ(wolfSSL_X509_CRL_add_dist_point(NULL, + "http://crl.example.com/ca.crl", 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_add_dist_point(x509, NULL, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_add_dist_point(x509, + "http://crl.example.com/ca.crl", 0), WOLFSSL_SUCCESS); + + /* Test wolfSSL_X509_CRL_set_dist_points with raw DER */ + { + /* Simple CRL DP DER encoding for "http://example.com/crl" */ + byte crlDer[] = { + 0x30, 0x1d, /* SEQUENCE (outer) */ + 0x30, 0x1b, /* SEQUENCE (DistributionPoint) */ + 0xa0, 0x19, /* [0] EXPLICIT */ + 0xa0, 0x17, /* [0] IMPLICIT GeneralNames */ + 0x86, 0x15, /* [6] URI */ + 'h','t','t','p',':','/','/','e','x','a','m','p','l','e','.','c', + 'o','m','/','c','r','l' + }; + ExpectIntEQ(wolfSSL_X509_CRL_set_dist_points(NULL, crlDer, + sizeof(crlDer)), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_set_dist_points(x509, NULL, + sizeof(crlDer)), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_set_dist_points(x509, crlDer, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_set_dist_points(x509, crlDer, + sizeof(crlDer)), WOLFSSL_SUCCESS); + } +#endif /* WOLFSSL_CERT_EXT */ + +#ifndef IGNORE_NETSCAPE_CERT_TYPE + /* Test wolfSSL_X509_set_ns_cert_type */ + nsCertType = WC_NS_SSL_CLIENT | WC_NS_SSL_SERVER; + ExpectIntEQ(wolfSSL_X509_set_ns_cert_type(NULL, nsCertType), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_ns_cert_type(x509, nsCertType), + WOLFSSL_SUCCESS); +#endif + + wolfSSL_X509_free(x509); +#endif /* OPENSSL_EXTRA && !NO_CERTS */ + return EXPECT_RESULT(); +} + static int test_wolfSSL_OpenSSL_add_all_algorithms(void) { EXPECT_DECLS; @@ -29811,331 +19417,11 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_CA_num(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ - defined(HAVE_ECC) && !defined(NO_RSA) - WOLFSSL_X509_STORE *store = NULL; - WOLFSSL_X509 *x509_1 = NULL; - WOLFSSL_X509 *x509_2 = NULL; - int ca_num = 0; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1); - ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1); - - ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1); - ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2); - - wolfSSL_X509_free(x509_1); - wolfSSL_X509_free(x509_2); - wolfSSL_X509_STORE_free(store); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_ca(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - WOLFSSL_X509 *x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0); - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1); - wolfSSL_X509_free(x509); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0); - if (x509 != NULL) { - x509->extKeyUsageCrit = 1; - } - ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_check_ip_asc(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) - WOLFSSL_X509 *x509 = NULL; - WOLFSSL_X509 *empty = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(empty = wolfSSL_X509_new()); - -#if 0 - /* TODO: add cert gen for testing positive case */ - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); -#endif - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); - ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); - - wolfSSL_X509_free(empty); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_make_cert(void) -{ - EXPECT_DECLS; -#if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ - defined(WOLFSSL_CERT_EXT) - int ret = 0; - Cert cert; - CertName name; - RsaKey key; - WC_RNG rng; - byte der[FOURK_BUF]; - word32 idx = 0; - const byte mySerial[8] = {1,2,3,4,5,6,7,8}; - -#ifdef OPENSSL_EXTRA - const unsigned char* pt = NULL; - int certSz = 0; - X509* x509 = NULL; - X509_NAME* x509name = NULL; - X509_NAME_ENTRY* entry = NULL; - ASN1_STRING* entryValue = NULL; -#endif - - XMEMSET(&name, 0, sizeof(CertName)); - - /* set up cert name */ - XMEMCPY(name.country, "US", sizeof("US")); - name.countryEnc = CTC_PRINTABLE; - XMEMCPY(name.state, "Oregon", sizeof("Oregon")); - name.stateEnc = CTC_UTF8; - XMEMCPY(name.locality, "Portland", sizeof("Portland")); - name.localityEnc = CTC_UTF8; - XMEMCPY(name.sur, "Test", sizeof("Test")); - name.surEnc = CTC_UTF8; - XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); - name.orgEnc = CTC_UTF8; - XMEMCPY(name.unit, "Development", sizeof("Development")); - name.unitEnc = CTC_UTF8; - XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); - name.commonNameEnc = CTC_UTF8; - XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); - name.serialDevEnc = CTC_PRINTABLE; - XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); - name.userIdEnc = CTC_PRINTABLE; -#ifdef WOLFSSL_MULTI_ATTRIB - #if CTC_MAX_ATTRIB > 2 - { - NameAttrib* n; - n = &name.name[0]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("com"); - XMEMCPY(n->value, "com", sizeof("com")); - - n = &name.name[1]; - n->id = ASN_DOMAIN_COMPONENT; - n->type = CTC_UTF8; - n->sz = sizeof("wolfssl"); - XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); - } - #endif -#endif /* WOLFSSL_MULTI_ATTRIB */ - - ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); -#ifndef HAVE_FIPS - ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); -#else - ExpectIntEQ(wc_InitRng(&rng), 0); -#endif - - /* load test RSA key */ - idx = 0; -#if defined(USE_CERT_BUFFERS_1024) - ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, - sizeof_server_key_der_1024), 0); -#elif defined(USE_CERT_BUFFERS_2048) - ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, - sizeof_server_key_der_2048), 0); -#else - /* error case, no RSA key loaded, happens later */ - (void)idx; -#endif - - XMEMSET(&cert, 0 , sizeof(Cert)); - ExpectIntEQ(wc_InitCert(&cert), 0); - - XMEMCPY(&cert.subject, &name, sizeof(CertName)); - XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); - cert.serialSz = (int)sizeof(mySerial); - cert.isCA = 1; -#ifndef NO_SHA256 - cert.sigType = CTC_SHA256wRSA; -#else - cert.sigType = CTC_SHAwRSA; -#endif - - /* add SKID from the Public Key */ - ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); - - /* add AKID from the Public Key */ - ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); - - ret = 0; - do { -#if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); -#endif - if (ret >= 0) { - ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); - } - } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); - ExpectIntGT(ret, 0); - -#ifdef OPENSSL_EXTRA - /* der holds a certificate with DC's now check X509 parsing of it */ - certSz = ret; - pt = der; - ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz)); - ExpectNotNull(x509name = X509_get_subject_name(x509)); -#ifdef WOLFSSL_MULTI_ATTRIB - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - -1)), 5); - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), 6); - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), -1); -#endif /* WOLFSSL_MULTI_ATTRIB */ - - /* compare DN at index 0 */ - ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectIntEQ(ASN1_STRING_length(entryValue), 2); - ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); - -#ifndef WOLFSSL_MULTI_ATTRIB - /* compare Serial Number */ - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, - -1)), 7); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); - ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); -#endif - -#ifdef WOLFSSL_MULTI_ATTRIB - /* get first and second DC and compare result */ - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - -1)), 5); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); - - ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, - (int)idx)), 6); - ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); - ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); - ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); -#endif /* WOLFSSL_MULTI_ATTRIB */ - - ExpectNull(X509_NAME_get_entry(NULL, 0)); - /* try invalid index locations for regression test and sanity check */ - ExpectNull(X509_NAME_get_entry(x509name, 11)); - ExpectNull(X509_NAME_get_entry(x509name, 20)); - - X509_free(x509); -#endif /* OPENSSL_EXTRA */ - - wc_FreeRsaKey(&key); - wc_FreeRng(&rng); -#endif - return EXPECT_RESULT(); -} - -static int test_x509_get_key_id(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509 *x509 = NULL; - const ASN1_STRING* str = NULL; - byte* keyId = NULL; - byte keyIdData[32]; - int len; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - len = (int)sizeof(keyIdData); - ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); - ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); - ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); - ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - - ExpectNotNull(str = X509_get0_subject_key_id(x509)); - ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL)); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - len = (int)sizeof(keyIdData); - ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); - ExpectIntEQ(len, ASN1_STRING_length(str)); - ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), - ASN1_STRING_length(str)); - - ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL)); - len = (int)sizeof(keyIdData); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len)); - ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); - ExpectIntEQ(len, 20); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - - -static int test_wolfSSL_X509_get_version(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - WOLFSSL_X509 *x509 = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2); - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - #if defined(OPENSSL_ALL) static int test_wolfSSL_sk_CIPHER_description(void) { EXPECT_DECLS; -#if !defined(NO_RSA) && !defined(NO_TLS) +#if !defined(NO_RSA) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; int i; int numCiphers = 0; @@ -30197,7 +19483,7 @@ static int test_wolfSSL_get_ciphers_compat(void) { EXPECT_DECLS; -#if !defined(NO_RSA) && !defined(NO_TLS) +#if !defined(NO_RSA) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) const SSL_METHOD *method = NULL; const char certPath[] = "./certs/client-cert.pem"; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; @@ -30228,297 +19514,39 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_PUBKEY_get(void) -{ - EXPECT_DECLS; - WOLFSSL_X509_PUBKEY pubkey; - WOLFSSL_X509_PUBKEY* key; - WOLFSSL_EVP_PKEY evpkey ; - WOLFSSL_EVP_PKEY* evpPkey; - WOLFSSL_EVP_PKEY* retEvpPkey; - - XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); - XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); - - key = &pubkey; - evpPkey = &evpkey; - - evpPkey->type = WOLFSSL_SUCCESS; - key->pkey = evpPkey; - - ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); - ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); - - ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); - - key->pkey = NULL; - ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_pubkey(void) +/* Test that wolfSSL_get_ciphers_compat returns NULL (not an empty stack) + * when no ciphers are available for a given protocol configuration. + * wolfSSL_get_ciphers_compat() is mapped to SSL_get_ciphers(), which has + * an expected return of NULL when no ciphers are available. */ +static int test_wolfSSL_get_ciphers_compat_empty(void) { EXPECT_DECLS; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; +#if !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) + const SSL_METHOD *method = NULL; + SSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + STACK_OF(SSL_CIPHER) *ciphers = NULL; - ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectNotNull(method = SSLv23_client_method()); + ExpectNotNull(ctx = SSL_CTX_new(method)); + ExpectNotNull(ssl = SSL_new(ctx)); -#if !defined(NO_RSA) - { - WOLFSSL_RSA* rsa = NULL; + /* Disable all protocol versions via options mask so that + * sslCipherMinMaxCheck filters out every cipher suite */ + wolfSSL_set_options(ssl, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | + SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2 | SSL_OP_NO_TLSv1_3); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_RSA; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(rsa = wolfSSL_RSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_RSA_free(rsa); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ - defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) - { - WOLFSSL_DSA* dsa = NULL; + ciphers = wolfSSL_get_ciphers_compat(ssl); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_DSA; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(dsa = wolfSSL_DSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_DSA_free(dsa); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if defined(HAVE_ECC) - { - WOLFSSL_EC_KEY* ec = NULL; + /* Must be NULL, not a non-NULL empty stack */ + ExpectNull(ciphers); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_EC; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - ExpectNotNull(ec = wolfSSL_EC_KEY_new()); - ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec), - WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_EC_KEY_free(ec); - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } -#endif -#if !defined(NO_DH) - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - if (pkey != NULL) { - pkey->type = WC_EVP_PKEY_DH; - } - ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; + SSL_free(ssl); + SSL_CTX_free(ctx); #endif - - wolfSSL_X509_free(x509); - return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) -{ - EXPECT_DECLS; -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - DSA *dsa = NULL; - DSA *setDsa = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY *set1Pkey = NULL; - - SHA_CTX sha; - byte signature[DSA_SIG_SIZE]; - byte hash[WC_SHA_DIGEST_SIZE]; - word32 bytes; - int answer; -#ifdef USE_CERT_BUFFERS_1024 - const unsigned char* dsaKeyDer = dsa_key_der_1024; - int dsaKeySz = sizeof_dsa_key_der_1024; - byte tmp[ONEK_BUF]; - - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsaKeyDer , dsaKeySz); - bytes = dsaKeySz; -#elif defined(USE_CERT_BUFFERS_2048) - const unsigned char* dsaKeyDer = dsa_key_der_2048; - int dsaKeySz = sizeof_dsa_key_der_2048; - byte tmp[TWOK_BUF]; - - XMEMSET(tmp, 0, sizeof(tmp)); - XMEMCPY(tmp, dsaKeyDer , dsaKeySz); - bytes = (word32)dsaKeySz; -#else - byte tmp[TWOK_BUF]; - const unsigned char* dsaKeyDer = (const unsigned char*)tmp; - int dsaKeySz; - XFILE fp = XBADFILE; - - XMEMSET(tmp, 0, sizeof(tmp)); - ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); - ExpectIntGT(dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif /* END USE_CERT_BUFFERS_1024 */ - - /* Create hash to later Sign and Verify */ - ExpectIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); - ExpectIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); - ExpectIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); - - /* Initialize pkey with der format dsa key */ - ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer, - (long)dsaKeySz)); - - /* Test wolfSSL_EVP_PKEY_get1_DSA */ - /* Should Fail: NULL argument */ - ExpectNull(dsa = EVP_PKEY_get0_DSA(NULL)); - ExpectNull(dsa = EVP_PKEY_get1_DSA(NULL)); - /* Should Pass: Initialized pkey argument */ - ExpectNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); - ExpectNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); - -#ifdef USE_CERT_BUFFERS_1024 - ExpectIntEQ(DSA_bits(dsa), 1024); -#else - ExpectIntEQ(DSA_bits(dsa), 2048); -#endif - - /* Sign */ - ExpectIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); - /* Verify. */ - ExpectIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), - WOLFSSL_SUCCESS); - - /* Test wolfSSL_EVP_PKEY_set1_DSA */ - /* Should Fail: set1Pkey not initialized */ - ExpectIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); - - /* Initialize set1Pkey */ - set1Pkey = EVP_PKEY_new(); - - /* Should Fail Verify: setDsa not initialized from set1Pkey */ - ExpectIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), - WOLFSSL_SUCCESS); - - /* Should Pass: set dsa into set1Pkey */ - ExpectIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); - - DSA_free(dsa); - DSA_free(setDsa); - EVP_PKEY_free(pkey); - EVP_PKEY_free(set1Pkey); -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - return EXPECT_RESULT(); -} /* END test_EVP_PKEY_set1_get1_DSA */ - -static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) -{ - EXPECT_DECLS; -#ifdef HAVE_ECC - WOLFSSL_EC_KEY* ecKey = NULL; - WOLFSSL_EC_KEY* ecGet1 = NULL; - EVP_PKEY* pkey = NULL; - - ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ - ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Should fail since ecKey is empty */ - ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); - - /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ - ExpectNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); - ExpectNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); - - wolfSSL_EC_KEY_free(ecKey); - wolfSSL_EC_KEY_free(ecGet1); - EVP_PKEY_free(pkey); -#endif /* HAVE_ECC */ - return EXPECT_RESULT(); -} /* END test_EVP_PKEY_set1_get1_EC_KEY */ - -static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) - DH *dh = NULL; - DH *setDh = NULL; - EVP_PKEY *pkey = NULL; - - XFILE f = XBADFILE; - unsigned char buf[4096]; - const unsigned char* pt = buf; - const char* dh2048 = "./certs/dh2048.der"; - long len = 0; - int code = -1; - - XMEMSET(buf, 0, sizeof(buf)); - - ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); - ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); - if (f != XBADFILE) - XFCLOSE(f); - - /* Load dh2048.der into DH with internal format */ - ExpectNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); - - ExpectIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); - ExpectIntEQ(code, 0); - code = -1; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - /* Set DH into PKEY */ - ExpectIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); - - /* Get DH from PKEY */ - ExpectNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); - - ExpectIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); - ExpectIntEQ(code, 0); - - EVP_PKEY_free(pkey); - DH_free(setDh); - setDh = NULL; - DH_free(dh); - dh = NULL; -#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */ -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ - return EXPECT_RESULT(); -} /* END test_EVP_PKEY_set1_get1_DH */ - static int test_wolfSSL_CTX_ctrl(void) { EXPECT_DECLS; @@ -30694,1542 +19722,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_PKEY_assign(void) -{ - EXPECT_DECLS; -#if !defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC) - int type; - WOLFSSL_EVP_PKEY* pkey = NULL; -#ifndef NO_RSA - WOLFSSL_RSA* rsa = NULL; -#endif -#ifndef NO_DSA - WOLFSSL_DSA* dsa = NULL; -#endif -#ifdef HAVE_ECC - WOLFSSL_EC_KEY* ecKey = NULL; -#endif - -#ifndef NO_RSA - type = EVP_PKEY_RSA; - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(rsa = wolfSSL_RSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_RSA_free(rsa); - } - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; -#endif /* NO_RSA */ - -#ifndef NO_DSA - type = EVP_PKEY_DSA; - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(dsa = wolfSSL_DSA_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_DSA_free(dsa); - } - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; -#endif /* NO_DSA */ - -#ifdef HAVE_ECC - type = EVP_PKEY_EC; - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_EC_KEY_free(ecKey); - } - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; -#endif /* HAVE_ECC */ -#endif /* !NO_RSA || !NO_DSA || HAVE_ECC */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_assign_DH(void) -{ - EXPECT_DECLS; -#if !defined(NO_DH) && \ - !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - XFILE f = XBADFILE; - unsigned char buf[4096]; - const unsigned char* pt = buf; - const char* params1 = "./certs/dh2048.der"; - long len = 0; - WOLFSSL_DH* dh = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - XMEMSET(buf, 0, sizeof(buf)); - - /* Load DH parameters DER. */ - ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE); - ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); - ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - /* Bad cases */ - ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Good case */ - ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_DH_free(dh); - } - - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_base_id(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef); - - ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA); - - EVP_PKEY_free(pkey); - - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_id(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - ExpectIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0); - - ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA); - - EVP_PKEY_free(pkey); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_paramgen(void) -{ - EXPECT_DECLS; - /* ECC check taken from ecc.c. It is the condition that defines ECC256 */ -#if defined(OPENSSL_ALL) && !defined(NO_ECC_SECP) && \ - ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ - ECC_MIN_KEY_SZ <= 256) - EVP_PKEY_CTX* ctx = NULL; - EVP_PKEY* pkey = NULL; - - /* Test error conditions. */ - ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); - ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - -#ifndef NO_RSA - EVP_PKEY_CTX_free(ctx); - /* Parameter generation for RSA not supported yet. */ - ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); - ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); -#endif - -#ifdef HAVE_ECC - EVP_PKEY_CTX_free(ctx); - ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); - ExpectIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, - NID_X9_62_prime256v1), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); -#endif - - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_keygen(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_PKEY* pkey = NULL; - EVP_PKEY_CTX* ctx = NULL; -#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - WOLFSSL_EVP_PKEY* params = NULL; - DH* dh = NULL; - const BIGNUM* pubkey = NULL; - const BIGNUM* privkey = NULL; - ASN1_INTEGER* asn1int = NULL; - unsigned int length = 0; - byte* derBuffer = NULL; -#endif - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - - /* Bad cases */ - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0); - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0); - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0); - - /* Good case */ - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); - - EVP_PKEY_CTX_free(ctx); - ctx = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - -#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) - /* Test DH keygen */ - { - ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(dh = DH_get_2048_256()); - ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(params, NULL)); - ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); - - DH_free(dh); - dh = NULL; - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(params); - - /* try exporting generated key to DER, to verify */ - ExpectNotNull(dh = EVP_PKEY_get1_DH(pkey)); - DH_get0_key(dh, &pubkey, &privkey); - ExpectNotNull(pubkey); - ExpectNotNull(privkey); - ExpectNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL)); - ExpectIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0); - - ASN1_INTEGER_free(asn1int); - DH_free(dh); - dh = NULL; - XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - EVP_PKEY_free(pkey); - } -#endif - - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_keygen_init(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_PKEY* pkey = NULL; - EVP_PKEY_CTX *ctx = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(NULL), WOLFSSL_SUCCESS); - - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_missing_parameters(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - - ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0); - ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(NULL), 0); - - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_copy_parameters(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ - defined(WOLFSSL_OPENSSH)) && defined(WOLFSSL_DH_EXTRA) && \ - !defined(NO_FILESYSTEM) - WOLFSSL_EVP_PKEY* params = NULL; - WOLFSSL_EVP_PKEY* copy = NULL; - DH* dh = NULL; - BIGNUM* p1; - BIGNUM* g1; - BIGNUM* q1; - BIGNUM* p2; - BIGNUM* g2; - BIGNUM* q2; - - /* create DH with DH_get_2048_256 params */ - ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(dh = DH_get_2048_256()); - ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); - DH_get0_pqg(dh, (const BIGNUM**)&p1, - (const BIGNUM**)&q1, - (const BIGNUM**)&g1); - DH_free(dh); - dh = NULL; - - /* create DH with random generated DH params */ - ExpectNotNull(copy = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); - ExpectIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS); - DH_free(dh); - dh = NULL; - - ExpectIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS); - ExpectNotNull(dh = EVP_PKEY_get1_DH(copy)); - ExpectNotNull(dh->p); - ExpectNotNull(dh->g); - ExpectNotNull(dh->q); - DH_get0_pqg(dh, (const BIGNUM**)&p2, - (const BIGNUM**)&q2, - (const BIGNUM**)&g2); - - ExpectIntEQ(BN_cmp(p1, p2), 0); - ExpectIntEQ(BN_cmp(q1, q2), 0); - ExpectIntEQ(BN_cmp(g1, g2), 0); - - DH_free(dh); - dh = NULL; - EVP_PKEY_free(copy); - EVP_PKEY_free(params); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_PKEY* pkey = NULL; - EVP_PKEY_CTX* ctx = NULL; - int bits = 2048; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - - ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits), - WOLFSSL_SUCCESS); - - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void) -{ - EXPECT_DECLS; - /* This is large enough to be used for all key sizes */ - byte key[AES_256_KEY_SIZE] = {0}; - byte iv[AES_BLOCK_SIZE] = {0}; - int i; - int nids[] = { - #ifdef HAVE_AES_CBC - NID_aes_128_cbc, - #endif - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - NID_aes_128_gcm, - #endif - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - NID_aes_128_ctr, - #endif - #ifndef NO_DES3 - NID_des_cbc, - NID_des_ede3_cbc, - #endif - }; - int iv_lengths[] = { - #ifdef HAVE_AES_CBC - AES_BLOCK_SIZE, - #endif - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - GCM_NONCE_MID_SZ, - #endif - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - AES_BLOCK_SIZE, - #endif - #ifndef NO_DES3 - DES_BLOCK_SIZE, - DES_BLOCK_SIZE, - #endif - }; - int nidsLen = (sizeof(nids)/sizeof(int)); - - for (i = 0; i < nidsLen; i++) { - const EVP_CIPHER* init = wolfSSL_EVP_get_cipherbynid(nids[i]); - EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); - wolfSSL_EVP_CIPHER_CTX_init(ctx); - - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]); - - EVP_CIPHER_CTX_free(ctx); - } - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void) -{ - EXPECT_DECLS; - byte key[AES_256_KEY_SIZE] = {0}; - byte iv[AES_BLOCK_SIZE] = {0}; - int i; - int nids[] = { - #ifdef HAVE_AES_CBC - NID_aes_128_cbc, - #ifdef WOLFSSL_AES_256 - NID_aes_256_cbc, - #endif - #endif - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - NID_aes_128_gcm, - #ifdef WOLFSSL_AES_256 - NID_aes_256_gcm, - #endif - #endif - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - NID_aes_128_ctr, - #ifdef WOLFSSL_AES_256 - NID_aes_256_ctr, - #endif - #endif - #ifndef NO_DES3 - NID_des_cbc, - NID_des_ede3_cbc, - #endif - }; - int key_lengths[] = { - #ifdef HAVE_AES_CBC - AES_128_KEY_SIZE, - #ifdef WOLFSSL_AES_256 - AES_256_KEY_SIZE, - #endif - #endif - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - AES_128_KEY_SIZE, - #ifdef WOLFSSL_AES_256 - AES_256_KEY_SIZE, - #endif - #endif - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - AES_128_KEY_SIZE, - #ifdef WOLFSSL_AES_256 - AES_256_KEY_SIZE, - #endif - #endif - #ifndef NO_DES3 - DES_KEY_SIZE, - DES3_KEY_SIZE, - #endif - }; - int nidsLen = (sizeof(nids)/sizeof(int)); - - for (i = 0; i < nidsLen; i++) { - const EVP_CIPHER *init = wolfSSL_EVP_get_cipherbynid(nids[i]); - EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); - wolfSSL_EVP_CIPHER_CTX_init(ctx); - - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), key_lengths[i]); - - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, key_lengths[i]), - WOLFSSL_SUCCESS); - - EVP_CIPHER_CTX_free(ctx); - } - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESGCM) && !defined(NO_DES3) - int ivLen, keyLen; - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); -#ifdef HAVE_AESGCM - byte key[AES_128_KEY_SIZE] = {0}; - byte iv[AES_BLOCK_SIZE] = {0}; - const EVP_CIPHER *init = EVP_aes_128_gcm(); -#else - byte key[DES3_KEY_SIZE] = {0}; - byte iv[DES_BLOCK_SIZE] = {0}; - const EVP_CIPHER *init = EVP_des_ede3_cbc(); -#endif - - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - - ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); - keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); - - /* Bad cases */ - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Good case */ - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1); - - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_CTX_new_id(void) -{ - EXPECT_DECLS; - WOLFSSL_ENGINE* e = NULL; - int id = 0; - EVP_PKEY_CTX *ctx = NULL; - - ExpectNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e)); - - EVP_PKEY_CTX_free(ctx); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_rc4(void) -{ - EXPECT_DECLS; -#if !defined(NO_RC4) - ExpectNotNull(wolfSSL_EVP_rc4()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_enc_null(void) -{ - EXPECT_DECLS; - ExpectNotNull(wolfSSL_EVP_enc_null()); - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_rc2_cbc(void) - -{ - EXPECT_DECLS; -#if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) - ExpectNull(wolfSSL_EVP_rc2_cbc()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_mdc2(void) -{ - EXPECT_DECLS; -#if !defined(NO_WOLFSSL_STUB) - ExpectNull(wolfSSL_EVP_mdc2()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_md4(void) -{ - EXPECT_DECLS; -#if !defined(NO_MD4) - ExpectNotNull(wolfSSL_EVP_md4()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_aes_256_gcm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) - ExpectNotNull(wolfSSL_EVP_aes_256_gcm()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_aes_192_gcm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_192) - ExpectNotNull(wolfSSL_EVP_aes_192_gcm()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_aes_256_ccm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_256) - ExpectNotNull(wolfSSL_EVP_aes_256_ccm()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_aes_192_ccm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_192) - ExpectNotNull(wolfSSL_EVP_aes_192_ccm()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_aes_128_ccm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) - ExpectNotNull(wolfSSL_EVP_aes_128_ccm()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_ripemd160(void) -{ - EXPECT_DECLS; -#if !defined(NO_WOLFSSL_STUB) - ExpectNull(wolfSSL_EVP_ripemd160()); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_get_digestbynid(void) -{ - EXPECT_DECLS; - -#ifndef NO_MD5 - ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); -#endif -#ifndef NO_SHA - ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); -#endif -#ifndef NO_SHA256 - ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256)); -#endif - ExpectNull(wolfSSL_EVP_get_digestbynid(0)); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_MD_nid(void) -{ - EXPECT_DECLS; - -#ifndef NO_MD5 - ExpectIntEQ(EVP_MD_nid(EVP_md5()), NID_md5); -#endif -#ifndef NO_SHA - ExpectIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1); -#endif -#ifndef NO_SHA256 - ExpectIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256); -#endif - ExpectIntEQ(EVP_MD_nid(NULL), NID_undef); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void) -{ - EXPECT_DECLS; -#if defined(HAVE_ECC) - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNull(EVP_PKEY_get0_EC_KEY(NULL)); - - ExpectNotNull(pkey = EVP_PKEY_new()); - ExpectNull(EVP_PKEY_get0_EC_KEY(pkey)); - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_X_STATE(void) -{ - EXPECT_DECLS; -#if !defined(NO_DES3) && !defined(NO_RC4) - byte key[DES3_KEY_SIZE] = {0}; - byte iv[DES_IV_SIZE] = {0}; - EVP_CIPHER_CTX *ctx = NULL; - const EVP_CIPHER *init = NULL; - - /* Bad test cases */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - ExpectNotNull(init = EVP_des_ede3_cbc()); - - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - - ExpectNull(wolfSSL_EVP_X_STATE(NULL)); - ExpectNull(wolfSSL_EVP_X_STATE(ctx)); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Good test case */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - ExpectNotNull(init = wolfSSL_EVP_rc4()); - - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - - ExpectNotNull(wolfSSL_EVP_X_STATE(ctx)); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_X_STATE_LEN(void) -{ - EXPECT_DECLS; -#if !defined(NO_DES3) && !defined(NO_RC4) - byte key[DES3_KEY_SIZE] = {0}; - byte iv[DES_IV_SIZE] = {0}; - EVP_CIPHER_CTX *ctx = NULL; - const EVP_CIPHER *init = NULL; - - /* Bad test cases */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - ExpectNotNull(init = EVP_des_ede3_cbc()); - - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0); - ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Good test case */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - ExpectNotNull(init = wolfSSL_EVP_rc4()); - - wolfSSL_EVP_CIPHER_CTX_init(ctx); - ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4)); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_block_size(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AES_CBC) || defined(HAVE_AESGCM) || \ - defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) || \ - defined(WOLFSSL_AES_OFB) || !defined(NO_RC4) || \ - (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) - -#ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE); - #endif -#endif - -#ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1); - #endif -#endif - -#ifdef HAVE_AESCCM - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1); - #endif -#endif - -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1); - #endif -#endif - -#ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE); - #endif -#endif - -#ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1); - #endif - #ifdef WOLFSSL_AES_192 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1); - #endif - #ifdef WOLFSSL_AES_256 - ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1); - #endif -#endif - -#ifndef NO_RC4 - ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1); -#endif - -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1); -#endif -#endif - -#ifdef WOLFSSL_SM4_ECB - ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ecb()), SM4_BLOCK_SIZE); -#endif -#ifdef WOLFSSL_SM4_CBC - ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_cbc()), SM4_BLOCK_SIZE); -#endif -#ifdef WOLFSSL_SM4_CTR - ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ctr()), 1); -#endif -#ifdef WOLFSSL_SM4_GCM - ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_gcm()), 1); -#endif -#ifdef WOLFSSL_SM4_CCM - ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ccm()), 1); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_CIPHER_iv_length(void) -{ - EXPECT_DECLS; - int nids[] = { - #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - #ifdef WOLFSSL_AES_128 - NID_aes_128_cbc, - #endif - #ifdef WOLFSSL_AES_192 - NID_aes_192_cbc, - #endif - #ifdef WOLFSSL_AES_256 - NID_aes_256_cbc, - #endif - #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - NID_aes_128_gcm, - #endif - #ifdef WOLFSSL_AES_192 - NID_aes_192_gcm, - #endif - #ifdef WOLFSSL_AES_256 - NID_aes_256_gcm, - #endif - #endif /* HAVE_AESGCM */ - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - NID_aes_128_ctr, - #endif - #ifdef WOLFSSL_AES_192 - NID_aes_192_ctr, - #endif - #ifdef WOLFSSL_AES_256 - NID_aes_256_ctr, - #endif - #endif - #ifndef NO_DES3 - NID_des_cbc, - NID_des_ede3_cbc, - #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - NID_chacha20_poly1305, - #endif - }; - int iv_lengths[] = { - #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) - #ifdef WOLFSSL_AES_128 - AES_BLOCK_SIZE, - #endif - #ifdef WOLFSSL_AES_192 - AES_BLOCK_SIZE, - #endif - #ifdef WOLFSSL_AES_256 - AES_BLOCK_SIZE, - #endif - #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ - #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - GCM_NONCE_MID_SZ, - #endif - #ifdef WOLFSSL_AES_192 - GCM_NONCE_MID_SZ, - #endif - #ifdef WOLFSSL_AES_256 - GCM_NONCE_MID_SZ, - #endif - #endif /* HAVE_AESGCM */ - #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - AES_BLOCK_SIZE, - #endif - #ifdef WOLFSSL_AES_192 - AES_BLOCK_SIZE, - #endif - #ifdef WOLFSSL_AES_256 - AES_BLOCK_SIZE, - #endif - #endif - #ifndef NO_DES3 - DES_BLOCK_SIZE, - DES_BLOCK_SIZE, - #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - CHACHA20_POLY1305_AEAD_IV_SIZE, - #endif - }; - int i; - int nidsLen = (sizeof(nids)/sizeof(int)); - - for (i = 0; i < nidsLen; i++) { - const EVP_CIPHER *c = EVP_get_cipherbynid(nids[i]); - ExpectIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); - } - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_SignInit_ex(void) -{ - EXPECT_DECLS; - WOLFSSL_EVP_MD_CTX mdCtx; - WOLFSSL_ENGINE* e = 0; - const EVP_MD* md = EVP_sha256(); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS); - - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_DigestFinalXOF(void) -{ - EXPECT_DECLS; -#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL) - WOLFSSL_EVP_MD_CTX mdCtx; - unsigned char shake[256]; - unsigned char zeros[10]; - unsigned char data[] = "Test data"; - unsigned int sz; - - XMEMSET(zeros, 0, sizeof(zeros)); - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF); - ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0); - ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); - XMEMSET(shake, 0, sizeof(shake)); - ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS); - - /* make sure was only size of 10 */ - ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0); - ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); - - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); - ExpectIntEQ(sz, 32); - ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); - - #if defined(WOLFSSL_SHAKE128) - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake128()), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); - ExpectIntEQ(sz, 16); - ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); - #endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_DigestFinal_ex(void) -{ - EXPECT_DECLS; -#if !defined(NO_SHA256) - WOLFSSL_EVP_MD_CTX mdCtx; - unsigned int s = 0; - unsigned char md[WC_SHA256_DIGEST_SIZE]; - unsigned char md2[WC_SHA256_DIGEST_SIZE]; - - /* Bad Case */ -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION > 2)) - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); - -#else - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); - -#endif - - /* Good Case */ - wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, EVP_sha256()), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_QT_EVP_PKEY_CTX_free(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - EVP_PKEY* pkey = NULL; - EVP_PKEY_CTX* ctx = NULL; - - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L - /* void */ - EVP_PKEY_CTX_free(ctx); -#else - /* int */ - ExpectIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS); -#endif - - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_param_check(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) - - DH *dh = NULL; - DH *setDh = NULL; - EVP_PKEY *pkey = NULL; - EVP_PKEY_CTX* ctx = NULL; - - FILE* f = NULL; - unsigned char buf[512]; - const unsigned char* pt = buf; - const char* dh2048 = "./certs/dh2048.der"; - long len = 0; - int code = -1; - - XMEMSET(buf, 0, sizeof(buf)); - - ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); - ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); - if (f != XBADFILE) - XFCLOSE(f); - - /* Load dh2048.der into DH with internal format */ - ExpectNotNull(setDh = d2i_DHparams(NULL, &pt, len)); - ExpectIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS); - ExpectIntEQ(code, 0); - code = -1; - - pkey = wolfSSL_EVP_PKEY_new(); - /* Set DH into PKEY */ - ExpectIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); - /* create ctx from pkey */ - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */); - - /* TODO: more invalid cases */ - ExpectIntEQ(EVP_PKEY_param_check(NULL), 0); - - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(pkey); - DH_free(setDh); - setDh = NULL; - DH_free(dh); - dh = NULL; -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_BytesToKey(void) -{ - EXPECT_DECLS; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) - byte key[AES_BLOCK_SIZE] = {0}; - byte iv[AES_BLOCK_SIZE] = {0}; - int count = 0; - const EVP_MD* md = EVP_sha256(); - const EVP_CIPHER *type; - const unsigned char *salt = (unsigned char *)"salt1234"; - int sz = 5; - const byte data[] = { - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; - - type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); - - /* Bad cases */ - ExpectIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), - 0); - ExpectIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), - 16); - md = "2"; - ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Good case */ - md = EVP_sha256(); - ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), - 16); -#endif - return EXPECT_RESULT(); -} - -static int test_evp_cipher_aes_gcm(void) -{ - EXPECT_DECLS; -#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2))) && defined(WOLFSSL_AES_256) - /* - * This test checks data at various points in the encrypt/decrypt process - * against known values produced using the same test with OpenSSL. This - * interop testing is critical for verifying the correctness of our - * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises - * a flow supported by OpenSSL that uses the control command - * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without - * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We - * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to - * wolfSSL OpenSSH clients because there was a bug in this flow that - * happened to "cancel out" if both sides of the connection had the bug. - */ - enum { - NUM_ENCRYPTIONS = 3, - AAD_SIZE = 4 - }; - static const byte plainText1[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 - }; - static const byte plainText2[] = { - 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14, - 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22, - 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c - }; - static const byte plainText3[] = { - 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e, - 0x5b, 0x57, 0x10 - }; - static const byte* plainTexts[NUM_ENCRYPTIONS] = { - plainText1, - plainText2, - plainText3 - }; - static const int plainTextSzs[NUM_ENCRYPTIONS] = { - sizeof(plainText1), - sizeof(plainText2), - sizeof(plainText3) - }; - static const byte aad1[AAD_SIZE] = { - 0x00, 0x00, 0x00, 0x01 - }; - static const byte aad2[AAD_SIZE] = { - 0x00, 0x00, 0x00, 0x10 - }; - static const byte aad3[AAD_SIZE] = { - 0x00, 0x00, 0x01, 0x00 - }; - static const byte* aads[NUM_ENCRYPTIONS] = { - aad1, - aad2, - aad3 - }; - const byte iv[GCM_NONCE_MID_SZ] = { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF - }; - byte currentIv[GCM_NONCE_MID_SZ]; - const byte key[] = { - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, - 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f - }; - const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = { - { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, - 0xEF - }, - { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, - 0xF0 - }, - { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, - 0xF1 - } - }; - const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = { - { - 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14, - 0x3D, 0x32, 0x18, 0x34, 0xA9 - }, - { - 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57, - 0xA2, 0xFD, 0x2D, 0x6B, 0x7F - }, - { - 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13, - 0x5B, 0xEC, 0x52, 0x49, 0x32, - } - }; - static const byte expCipherText1[] = { - 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15, - 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51, - 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE - }; - static const byte expCipherText2[] = { - 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45, - 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2, - 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0 - }; - static const byte expCipherText3[] = { - 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B, - 0x80, 0x5E, 0x6B, - }; - static const byte* expCipherTexts[NUM_ENCRYPTIONS] = { - expCipherText1, - expCipherText2, - expCipherText3 - }; - byte* cipherText = NULL; - byte* calcPlainText = NULL; - byte tag[AES_BLOCK_SIZE]; - EVP_CIPHER_CTX* encCtx = NULL; - EVP_CIPHER_CTX* decCtx = NULL; - int i, j, outl; - - /****************************************************/ - for (i = 0; i < 3; ++i) { - ExpectNotNull(encCtx = EVP_CIPHER_CTX_new()); - ExpectNotNull(decCtx = EVP_CIPHER_CTX_new()); - - /* First iteration, set key before IV. */ - if (i == 0) { - ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1), - SSL_SUCCESS); - - /* - * The call to EVP_CipherInit below (with NULL key) should clear the - * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a - * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL - * behavior. - */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, - (void*)iv), SSL_SUCCESS); - ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1), - SSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, - currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0), - SSL_SUCCESS); - ExpectIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0), - SSL_SUCCESS); - } - /* Second iteration, IV before key. */ - else { - ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1), - SSL_SUCCESS); - ExpectIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1), - SSL_SUCCESS); - ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0), - SSL_SUCCESS); - ExpectIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0), - SSL_SUCCESS); - } - - /* - * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't - * been issued first. - */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, - currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, - (void*)iv), SSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, - (void*)iv), SSL_SUCCESS); - - for (j = 0; j < NUM_ENCRYPTIONS; ++j) { - /*************** Encrypt ***************/ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, - currentIv), SSL_SUCCESS); - /* Check current IV against expected. */ - ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); - - /* Add AAD. */ - if (i == 2) { - /* Test streaming API. */ - ExpectIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j], - AAD_SIZE), SSL_SUCCESS); - } - else { - ExpectIntEQ(EVP_Cipher(encCtx, NULL, (byte *)aads[j], AAD_SIZE), - AAD_SIZE); - } - - ExpectNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL, - DYNAMIC_TYPE_TMP_BUFFER)); - - /* Encrypt plaintext. */ - if (i == 2) { - ExpectIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl, - plainTexts[j], plainTextSzs[j]), - SSL_SUCCESS); - } - else { - ExpectIntEQ(EVP_Cipher(encCtx, cipherText, (byte *)plainTexts[j], - plainTextSzs[j]), plainTextSzs[j]); - } - - if (i == 2) { - ExpectIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl), - SSL_SUCCESS); - } - else { - /* - * Calling EVP_Cipher with NULL input and output for AES-GCM is - * akin to calling EVP_CipherFinal. - */ - ExpectIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0); - } - - /* Check ciphertext against expected. */ - ExpectIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]), - 0); - - /* Get and check tag against expected. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, - sizeof(tag), tag), SSL_SUCCESS); - ExpectIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0); - - /*************** Decrypt ***************/ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1, - currentIv), SSL_SUCCESS); - /* Check current IV against expected. */ - ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); - - /* Add AAD. */ - if (i == 2) { - /* Test streaming API. */ - ExpectIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j], - AAD_SIZE), SSL_SUCCESS); - } - else { - ExpectIntEQ(EVP_Cipher(decCtx, NULL, (byte *)aads[j], AAD_SIZE), - AAD_SIZE); - } - - /* Set expected tag. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, - sizeof(tag), tag), SSL_SUCCESS); - - /* Decrypt ciphertext. */ - ExpectNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL, - DYNAMIC_TYPE_TMP_BUFFER)); - if (i == 2) { - ExpectIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl, - cipherText, plainTextSzs[j]), - SSL_SUCCESS); - } - else { - /* This first EVP_Cipher call will check the tag, too. */ - ExpectIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText, - plainTextSzs[j]), plainTextSzs[j]); - } - - if (i == 2) { - ExpectIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl), - SSL_SUCCESS); - } - else { - ExpectIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0); - } - - /* Check plaintext against expected. */ - ExpectIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]), - 0); - - XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER); - cipherText = NULL; - XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER); - calcPlainText = NULL; - } - - EVP_CIPHER_CTX_free(encCtx); - encCtx = NULL; - EVP_CIPHER_CTX_free(decCtx); - decCtx = NULL; - } -#endif - return EXPECT_RESULT(); -} -static int test_wolfSSL_OBJ_ln(void) -{ - EXPECT_DECLS; - const int nid_set[] = { - NID_commonName, - NID_serialNumber, - NID_countryName, - NID_localityName, - NID_stateOrProvinceName, - NID_organizationName, - NID_organizationalUnitName, - NID_domainComponent, - NID_businessCategory, - NID_jurisdictionCountryName, - NID_jurisdictionStateOrProvinceName, - NID_emailAddress - }; - const char* ln_set[] = { - "commonName", - "serialNumber", - "countryName", - "localityName", - "stateOrProvinceName", - "organizationName", - "organizationalUnitName", - "domainComponent", - "businessCategory", - "jurisdictionCountryName", - "jurisdictionStateOrProvinceName", - "emailAddress", - }; - size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); - - ExpectIntEQ(OBJ_ln2nid(NULL), NID_undef); - -#ifdef HAVE_ECC -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - { - EC_builtin_curve r[27]; - size_t nCurves = sizeof(r) / sizeof(r[0]); - nCurves = EC_get_builtin_curves(r, nCurves); - - for (i = 0; i < nCurves; i++) { - /* skip ECC_CURVE_INVALID */ - if (r[i].nid != ECC_CURVE_INVALID) { - ExpectIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); - ExpectStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); - } - } - } -#endif -#endif - - for (i = 0; i < maxIdx; i++) { - ExpectIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); - ExpectStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); - } - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_OBJ_sn(void) -{ - EXPECT_DECLS; - int i = 0, maxIdx = 7; - const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, - NID_stateOrProvinceName,NID_organizationName, - NID_organizationalUnitName,NID_emailAddress}; - const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; - - ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); - for (i = 0; i < maxIdx; i++) { - ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_open_set[i]), nid_set[i]); - ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); - } - - return EXPECT_RESULT(); -} - #if !defined(NO_BIO) static word32 TXT_DB_hash(const WOLFSSL_STRING *s) { @@ -32325,1500 +19817,15 @@ } #endif /* OPENSSL_ALL */ -static int test_wolfSSL_X509V3_set_ctx(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ - defined(HAVE_CRL) - WOLFSSL_X509V3_CTX ctx; - WOLFSSL_X509* issuer = NULL; - WOLFSSL_X509* subject = NULL; - WOLFSSL_X509 req; - WOLFSSL_X509_CRL crl; - - XMEMSET(&ctx, 0, sizeof(ctx)); - ExpectNotNull(issuer = wolfSSL_X509_new()); - ExpectNotNull(subject = wolfSSL_X509_new()); - XMEMSET(&req, 0, sizeof(req)); - XMEMSET(&crl, 0, sizeof(crl)); - - wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1); - /* X509 allocated in context results in 'failure' (but not return). */ - wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); - wolfSSL_X509_free(ctx.x509); - ctx.x509 = NULL; - - wolfSSL_X509_free(subject); - wolfSSL_X509_free(issuer); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_get(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - int numOfExt =0; - int extNid = 0; - int i = 0; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - const WOLFSSL_v3_ext_method* method = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - /* No object in extension. */ - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* NID is zero. */ - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - /* NID is not known. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = 1; - } - ExpectNull(wolfSSL_X509V3_EXT_get(ext)); - - /* NIDs not in certificate. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = NID_certificate_policies; - } - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, NID_certificate_policies); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = NID_crl_distribution_points; - } - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, NID_crl_distribution_points); - - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - ext = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - /* wolfSSL_X509V3_EXT_get() return struct and nid test */ - ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); - for (i = 0; i < numOfExt; i++) { - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectIntNE((extNid = ext->obj->nid), NID_undef); - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectIntEQ(method->ext_nid, extNid); - if (EXPECT_SUCCESS()) { - if (method->ext_nid == NID_subject_key_identifier) { - ExpectNotNull(method->i2s); - } - } - } - - /* wolfSSL_X509V3_EXT_get() NULL argument test */ - ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_nconf(void) -{ - EXPECT_DECLS; -#ifdef OPENSSL_ALL - const char *ext_names[] = { - "subjectKeyIdentifier", - "authorityKeyIdentifier", - "subjectAltName", - "keyUsage", - "extendedKeyUsage", - }; - size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); - int ext_nids[] = { - NID_subject_key_identifier, - NID_authority_key_identifier, - NID_subject_alt_name, - NID_key_usage, - NID_ext_key_usage, - }; - size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); - const char *ext_values[] = { - "hash", - "hash", - "DNS:example.com, IP:127.0.0.1", - "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment," - "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly", - "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping," - "OCSPSigning", - }; - size_t i; - X509_EXTENSION* ext = NULL; - X509* x509 = NULL; - unsigned int keyUsageFlags; - unsigned int extKeyUsageFlags; - WOLFSSL_CONF conf; - WOLFSSL_X509V3_CTX ctx; -#ifndef NO_WOLFSSL_STUB - WOLFSSL_LHASH lhash; -#endif - - ExpectNotNull(x509 = X509_new()); - ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL)); - ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL)); - ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0])); - - /* conf and ctx ignored. */ - ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0])); - ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0])); - - /* keyUsage / extKeyUsage should match string above */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_NON_REPUDIATION - | KU_KEY_ENCIPHERMENT - | KU_DATA_ENCIPHERMENT - | KU_KEY_AGREEMENT - | KU_KEY_CERT_SIGN - | KU_CRL_SIGN - | KU_ENCIPHER_ONLY - | KU_DECIPHER_ONLY; - extKeyUsageFlags = XKU_SSL_CLIENT - | XKU_SSL_SERVER - | XKU_CODE_SIGN - | XKU_SMIME - | XKU_TIMESTAMP - | XKU_OCSP_SIGN; - - for (i = 0; i < ext_names_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], - ext_values[i])); - X509_EXTENSION_free(ext); - ext = NULL; - } - - for (i = 0; i < ext_nids_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], - ext_values[i])); - X509_EXTENSION_free(ext); - ext = NULL; - } - - /* Test adding extension to X509 */ - for (i = 0; i < ext_nids_count; i++) { - ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], - ext_values[i])); - ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - if (ext_nids[i] == NID_key_usage) { - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - } - else if (ext_nids[i] == NID_ext_key_usage) { - ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); - } - X509_EXTENSION_free(ext); - ext = NULL; - } - X509_free(x509); - -#ifndef NO_WOLFSSL_STUB - ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL)); - ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL)); - wolfSSL_X509V3_set_ctx_nodb(NULL); -#endif -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_bc(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; - WOLFSSL_ASN1_INTEGER* pathLen = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); - if (pathLen != NULL) { - pathLen->length = 2; - } - - if (obj != NULL) { - obj->type = NID_basic_constraints; - obj->nid = NID_basic_constraints; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No pathlen set. */ - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - bc = NULL; - - if ((ext != NULL) && (ext->obj != NULL)) { - ext->obj->pathlen = pathLen; - pathLen = NULL; - } - /* pathlen set. */ - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_ASN1_INTEGER_free(pathLen); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_san(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_STACK* sk = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - if (obj != NULL) { - obj->type = NID_subject_alt_name; - obj->nid = NID_subject_alt_name; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectNotNull(sk = wolfSSL_sk_new_null()); - if (ext != NULL) { - ext->ext_sk = sk; - sk = NULL; - } - /* Extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_sk_free(sk); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_aia(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_STACK* sk = NULL; - WOLFSSL_STACK* node = NULL; - WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; - WOLFSSL_ASN1_OBJECT* entry = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - if (obj != NULL) { - obj->type = NID_info_access; - obj->nid = NID_info_access; - } - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); - /* No extension stack set. */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectNotNull(sk = wolfSSL_sk_new_null()); - if (ext != NULL) { - ext->ext_sk = sk; - sk = NULL; - } - /* Extension stack set but empty. */ - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_AUTHORITY_INFO_ACCESS_free(aia); - aia = NULL; - - ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new()); - if (entry != NULL) { - entry->nid = WC_NID_ad_OCSP; - entry->obj = (const unsigned char*)"http://127.0.0.1"; - entry->objSz = 16; - } - ExpectNotNull(node = wolfSSL_sk_new_node(NULL)); - if ((node != NULL) && (ext != NULL)) { - node->type = STACK_TYPE_OBJ; - node->data.obj = entry; - entry = NULL; - ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS); - if (EXPECT_SUCCESS()) { - node = NULL; - } - } - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); - wolfSSL_ACCESS_DESCRIPTION_free(NULL); - - wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia, - wolfSSL_ACCESS_DESCRIPTION_free); - wolfSSL_ASN1_OBJECT_free(entry); - wolfSSL_sk_free(node); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - int numOfExt = 0, nid = 0, i = 0, expected, actual = 0; - char* str = NULL; - unsigned char* data = NULL; - const WOLFSSL_v3_ext_method* method = NULL; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* ext2 = NULL; - WOLFSSL_ASN1_OBJECT *obj = NULL; - WOLFSSL_ASN1_OBJECT *adObj = NULL; - WOLFSSL_ASN1_STRING* asn1str = NULL; - WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL; - WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; - WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; - WOLFSSL_ACCESS_DESCRIPTION* ad = NULL; - WOLFSSL_GENERAL_NAME* gn = NULL; - - /* Check NULL argument */ - ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL)); - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_ext_key_usage; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_certificate_policies; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_crl_distribution_points; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = ext->obj->type = NID_subject_alt_name; - } - ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); - - wolfSSL_ASN1_OBJECT_free(obj); - obj = NULL; - wolfSSL_X509_EXTENSION_free(ext); - ext = NULL; - - /* Using OCSP cert with X509V3 extensions */ - ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); - - /* Basic Constraints */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); - ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); - - ExpectIntEQ(bc->ca, 1); - ExpectNull(bc->pathlen); - wolfSSL_BASIC_CONSTRAINTS_free(bc); - bc = NULL; - i++; - - /* Subject Key Identifier */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); - - ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); - ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, - asn1str)); - X509_EXTENSION_free(ext2); - ext2 = NULL; - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(method->i2s); - ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); - wolfSSL_ASN1_STRING_free(asn1str); - asn1str = NULL; - if (str != NULL) { - actual = strcmp(str, - "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); - } - ExpectIntEQ(actual, 0); - XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); - str = NULL; - i++; - - /* Authority Key Identifier */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); - - ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i( - ext)); - ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); - ExpectNotNull(asn1str = aKeyId->keyid); - ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, - asn1str)); - asn1str = NULL; - if (str != NULL) { - actual = strcmp(str, - "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); - } - ExpectIntEQ(actual, 0); - XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); - str = NULL; - wolfSSL_AUTHORITY_KEYID_free(aKeyId); - aKeyId = NULL; - i++; - - /* Key Usage */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); - - ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); -#if defined(WOLFSSL_QT) - ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); -#else - ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); -#endif - expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; - if (data != NULL) { - #ifdef BIG_ENDIAN_ORDER - actual = data[1]; - #else - actual = data[0]; - #endif - } - ExpectIntEQ(actual, expected); - wolfSSL_ASN1_STRING_free(asn1str); - asn1str = NULL; - ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected); - i++; - - /* Authority Info Access */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); - ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( - ext)); -#if defined(WOLFSSL_QT) - ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ -#else - ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ -#endif - /* URI entry is an ACCESS_DESCRIPTION type */ -#if defined(WOLFSSL_QT) - ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); -#else - ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); -#endif - ExpectNotNull(adObj = ad->method); - /* Make sure nid is OCSP */ - ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); - - /* GENERAL_NAME stores URI as an ASN1_STRING */ - ExpectNotNull(gn = ad->location); - ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ - ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier); - ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); -#if defined(WOLFSSL_QT) - ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str)); -#else - ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str)); -#endif - if (str != NULL) { - actual = strcmp(str, "http://127.0.0.1:22220"); - } - ExpectIntEQ(actual, 0); - - ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR); - ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1); - ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0)); - ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1)); - ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0)); - wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); - aia = NULL; - -#ifndef NO_WOLFSSL_STUB - ExpectNull(wolfSSL_X509_delete_ext(x509, 0)); -#endif - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_extension_flags(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE f = XBADFILE; - X509* x509 = NULL; - unsigned int extFlags; - unsigned int keyUsageFlags; - unsigned int extKeyUsageFlags; - - ExpectIntEQ(X509_get_extension_flags(NULL), 0); - ExpectIntEQ(X509_get_key_usage(NULL), 0); - ExpectIntEQ(X509_get_extended_key_usage(NULL), 0); - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(X509_get_extension_flags(x509), 0); - ExpectIntEQ(X509_get_key_usage(x509), -1); - ExpectIntEQ(X509_get_extended_key_usage(x509), 0); - wolfSSL_X509_free(x509); - x509 = NULL; - - /* client-int-cert.pem has the following extension flags. */ - extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; - /* and the following key usage flags. */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_NON_REPUDIATION - | KU_KEY_ENCIPHERMENT; - /* and the following extended key usage flags. */ - extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; - - ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) != - XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) { - XFCLOSE(f); - f = XBADFILE; - } - ExpectIntEQ(X509_get_extension_flags(x509), extFlags); - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); - X509_free(x509); - x509 = NULL; - - /* client-cert-ext.pem has the following extension flags. */ - extFlags = EXFLAG_KUSAGE; - /* and the following key usage flags. */ - keyUsageFlags = KU_DIGITAL_SIGNATURE - | KU_KEY_CERT_SIGN - | KU_CRL_SIGN; - - ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - ExpectIntEQ(X509_get_extension_flags(x509), extFlags); - ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); - X509_free(x509); -#endif /* OPENSSL_ALL */ - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - int ret = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* foundExtension; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); - - /* wolfSSL_X509_get_ext() valid input */ - ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); - - /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); - ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); - - /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); - - /* wolfSSL_X509_get_ext() NULL x509, valid idx */ - ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); - - ExpectNull(wolfSSL_X509_get0_extensions(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_by_NID(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - int rc = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - ASN1_OBJECT* obj = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1), - WOLFSSL_FATAL_ERROR); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - -1), 0); - ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20), - -1); - - /* Start search from last location (should fail) */ - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - rc), -1); - - ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, - -2), -1); - - ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, - -1), -1); - - ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1); - - /* NID_ext_key_usage, check also its nid and oid */ - ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1), - -1); - ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext( - x509, rc))); - ExpectIntEQ(obj->nid, NID_ext_key_usage); - ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_get_ext_subj_alt_name(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - int rc = 0; - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_STRING* sanString = NULL; - byte* sanDer = NULL; - - const byte expectedDer[] = { - 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, - 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - XFCLOSE(f); - - ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1); - ExpectNotNull(ext = X509_get_ext(x509, rc)); - ExpectNotNull(sanString = X509_EXTENSION_get_data(ext)); - ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); - ExpectNotNull(sanDer = ASN1_STRING_data(sanString)); - ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_set_ext(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - XFILE f = XBADFILE; - int loc; - - ExpectNull(wolfSSL_X509_set_ext(NULL, 0)); - - ExpectNotNull(x509 = wolfSSL_X509_new()); - /* Location too small. */ - ExpectNull(wolfSSL_X509_set_ext(x509, -1)); - /* Location too big. */ - ExpectNull(wolfSSL_X509_set_ext(x509, 1)); - /* No DER encoding. */ - ExpectNull(wolfSSL_X509_set_ext(x509, 0)); - wolfSSL_X509_free(x509); - x509 = NULL; - - ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) { - XFCLOSE(f); - } - for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) { - ExpectNotNull(wolfSSL_X509_set_ext(x509, loc)); - } - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_ALL) -static int test_X509_add_basic_constraints(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - ASN1_INTEGER* pathLen = NULL; - - p = basicConsObj; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, - sizeof(basicConsObj))); - if (obj != NULL) { - obj->type = NID_basic_constraints; - } - ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); - if (pathLen != NULL) { - pathLen->length = 2; - } - if (obj != NULL) { - obj->ca = 0; - } - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - if (ext != NULL && ext->obj != NULL) { - ext->obj->ca = 0; - ext->obj->pathlen = pathLen; - } - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->isCa, 0); - ExpectIntEQ(x509->pathLength, 2); - if (ext != NULL && ext->obj != NULL) { - /* Add second time to without path length. */ - ext->obj->ca = 1; - ext->obj->pathlen = NULL; - } - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->isCa, 1); - ExpectIntEQ(x509->pathLength, 2); - ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1); - ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0); - ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2); - - wolfSSL_ASN1_INTEGER_free(pathLen); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_X509_add_key_usage(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f }; - const byte data[] = { 0x04, 0x02, 0x01, 0x80 }; - const byte emptyData[] = { 0x04, 0x00 }; - const char* strData = "digitalSignature,keyCertSign"; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_key_usage; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* No Data - no change. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY); - - /* Add second time with string to interpret. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN); - - /* Empty data. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - p = emptyData; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(emptyData))); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - /* Invalid string to parse. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; - const byte data[] = { 0x04, 0x01, 0x01 }; - const byte emptyData[] = { 0x04, 0x00 }; - const char* strData = "serverAuth,codeSigning"; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_ext_key_usage; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - /* No Data - no change. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY); - - /* Add second time with string to interpret. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN); - - /* Empty data. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - p = emptyData; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(emptyData))); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - /* Invalid string to parse. */ - wolfSSL_ASN1_STRING_free(str); - str = NULL; - ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); - ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_x509_add_auth_key_id(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; - const byte data[] = { - 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, - 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, - 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, - 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, - 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, - 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, - 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, - 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, - 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, - 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, - 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, - 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, - 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, - 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, - 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, - 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, - 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, - 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, - 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, - 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, - 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, - 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, - 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, - 0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c, - 0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a, - 0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44 - }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_authority_key_identifier; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - /* Add second time with string to interpret. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} - -static int test_x509_add_subj_key_id(WOLFSSL_X509* x509) -{ - EXPECT_DECLS; - const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e }; - const byte data[] = { - 0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, - 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b, - 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c - }; - const byte* p; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - - p = objData; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); - if (obj != NULL) { - obj->type = NID_subject_key_identifier; - } - p = data; - ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - /* Add second time with string to interpret. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_ASN1_STRING_free(str); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_X509_EXTENSION_free(ext); - - return EXPECT_RESULT(); -} -#endif - -static int test_wolfSSL_X509_add_ext(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext_empty = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - WOLFSSL_ASN1_STRING* data = NULL; - const byte* p; - const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; - const byte subjAltName[] = { - 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01 - }; - - ExpectNotNull(x509 = wolfSSL_X509_new()); - - /* Create extension: Subject Alternative Name */ - ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new()); - p = subjAltName; - ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p, - (long)sizeof(subjAltName))); - p = subjAltNameObj; - ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, - sizeof(subjAltNameObj))); - if (obj != NULL) { - obj->type = NID_subject_alt_name; - } - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS); - - /* Failure cases. */ - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Add: Subject Alternative Name */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - /* Add second time to ensure no memory leaks. */ - ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); - - wolfSSL_X509_EXTENSION_free(ext); - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_ASN1_STRING_free(data); - wolfSSL_X509_EXTENSION_free(ext_empty); - - EXPECT_TEST(test_X509_add_basic_constraints(x509)); - EXPECT_TEST(test_X509_add_key_usage(x509)); - EXPECT_TEST(test_X509_add_ext_key_usage(x509)); - EXPECT_TEST(test_x509_add_auth_key_id(x509)); - EXPECT_TEST(test_x509_add_subj_key_id(x509)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_new(void) -{ - EXPECT_DECLS; -#if defined (OPENSSL_ALL) - WOLFSSL_X509_EXTENSION* ext = NULL; - - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); - - wolfSSL_X509_EXTENSION_free(NULL); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_dup(void) -{ - EXPECT_DECLS; -#if defined (OPENSSL_ALL) - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* dup = NULL; - - ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL)); - ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); - ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); - - wolfSSL_X509_EXTENSION_free(dup); - wolfSSL_X509_EXTENSION_free(ext); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_object(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* dup = NULL; - WOLFSSL_ASN1_OBJECT* o = NULL; - XFILE file = XBADFILE; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - - /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL)); - ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ(o->nid, SUBJ_KEY_OID); - ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); - wolfSSL_X509_EXTENSION_free(dup); - - /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ - ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_data(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_STRING* str = NULL; - XFILE file = XBADFILE; -#ifndef WOLFSSL_OLD_EXTDATA_FMT - const byte ext_data[] = { - 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, - 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, - 0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C, - }; -#endif - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL)); - ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); - -#ifndef WOLFSSL_OLD_EXTDATA_FMT - ExpectIntEQ(str->length, sizeof (ext_data)); - ExpectBufEQ(str->data, ext_data, sizeof (ext_data)); -#endif - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_get_critical(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - XFILE file = XBADFILE; - int crit = 0; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE file = XBADFILE; - WOLFSSL_X509* x509 = NULL; - WOLFSSL_X509* empty = NULL; - WOLFSSL_X509_EXTENSION* ext = NULL; - WOLFSSL_X509_EXTENSION* ext2 = NULL; - WOLFSSL_X509_EXTENSION* ext3 = NULL; - WOLFSSL_ASN1_OBJECT* o = NULL; - int crit = 0; - WOLFSSL_ASN1_STRING* str = NULL; - - ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); - if (file != XBADFILE) - XFCLOSE(file); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); - - ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); - ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); - ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); - - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL)); - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL)); - ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str)); - ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit, - str)); - ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit, - str)); - if (ext3 == NULL) { - wolfSSL_X509_EXTENSION_free(ext2); - } - wolfSSL_X509_EXTENSION_free(ext3); - - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectNotNull(empty = wolfSSL_X509_new()); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - wolfSSL_X509_free(empty); - empty = NULL; - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0); - ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0), - WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); - - wolfSSL_X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509V3_EXT_print(void) -{ - EXPECT_DECLS; -#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ - !defined(NO_RSA) - - { - XFILE f = XBADFILE; - WOLFSSL_X509* x509 = NULL; - X509_EXTENSION * ext = NULL; - int loc = 0; - BIO *bio = NULL; - - ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); - if (f != XBADFILE) - fclose(f); - - ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_basic_constraints, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - - /* Failure cases. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0), - WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0), - WOLFSSL_FAILURE); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0), - WOLFSSL_FAILURE); - /* Good case. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_subject_key_identifier, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, - NID_authority_key_identifier, -1), -1); - ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); - - wolfSSL_BIO_free(bio); - wolfSSL_X509_free(x509); - } - - { - X509 *x509 = NULL; - BIO *bio = NULL; - X509_EXTENSION *ext = NULL; - unsigned int i = 0; - unsigned int idx = 0; - /* Some NIDs to test with */ - int nids[] = { - /* NID_key_usage, currently X509_get_ext returns this as a bit - * string, which messes up X509V3_EXT_print */ - /* NID_ext_key_usage, */ - NID_subject_alt_name, - }; - int* n = NULL; - - ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, - WOLFSSL_FILETYPE_PEM)); - - ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0); - - for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { - /* X509_get_ext_by_NID should return 3 for now. If that changes then - * update the index */ - ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); - ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); - ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); - ExpectIntGT(fprintf(stderr, "\n"), 0); - } - - BIO_free(bio); - X509_free(x509); - } - - { - BIO* bio = NULL; - X509_EXTENSION* ext = NULL; - WOLFSSL_ASN1_OBJECT* obj = NULL; - - ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); - ExpectNotNull(ext = X509_EXTENSION_new()); - - /* No object. */ - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE); - - ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); - ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), - WOLFSSL_SUCCESS); - - /* NID not supported yet - just doesn't write anything. */ - if (ext != NULL && ext->obj != NULL) { - ext->obj->nid = AUTH_INFO_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = CERT_POLICY_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = CRL_DIST_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - ext->obj->nid = KEY_USAGE_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - - ext->obj->nid = EXT_KEY_USAGE_OID; - ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), - WOLFSSL_SUCCESS); - } - - wolfSSL_ASN1_OBJECT_free(obj); - X509_EXTENSION_free(ext); - BIO_free(bio); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_cmp(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - XFILE file1 = XBADFILE; - XFILE file2 = XBADFILE; - WOLFSSL_X509* cert1 = NULL; - WOLFSSL_X509* cert2 = NULL; - WOLFSSL_X509* empty = NULL; - - ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); - ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) != - XBADFILE); - - ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); - ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); - if (file1 != XBADFILE) - fclose(file1); - if (file2 != XBADFILE) - fclose(file2); - - ExpectNotNull(empty = wolfSSL_X509_new()); - - /* wolfSSL_X509_cmp() testing matching certs */ - ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); - - /* wolfSSL_X509_cmp() testing mismatched certs */ - ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); - - /* wolfSSL_X509_cmp() testing NULL, valid args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2)); - - /* wolfSSL_X509_cmp() testing valid, NULL args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL)); - - /* wolfSSL_X509_cmp() testing NULL, NULL args */ - ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL)); - - /* wolfSSL_X509_cmp() testing empty cert */ - ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2)); - ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty)); - - wolfSSL_X509_free(empty); - wolfSSL_X509_free(cert2); - wolfSSL_X509_free(cert1); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_PKEY_up_ref(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) - EVP_PKEY* pkey; - - pkey = EVP_PKEY_new(); - ExpectNotNull(pkey); - ExpectIntEQ(EVP_PKEY_up_ref(NULL), 0); - ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); - EVP_PKEY_free(pkey); - ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); - EVP_PKEY_free(pkey); - EVP_PKEY_free(pkey); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_d2i_and_i2d_PublicKey(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) EVP_PKEY* pkey = NULL; - const unsigned char* p; + const unsigned char* p = NULL; unsigned char *der = NULL; unsigned char *tmp = NULL; - int derLen; + int derLen = 0; p = client_keypub_der_2048; /* Check that key can be successfully decoded. */ @@ -33853,7 +19860,7 @@ const unsigned char* p; unsigned char *der = NULL; unsigned char *tmp = NULL; - int derLen; + int derLen = -1; unsigned char pub_buf[65]; unsigned char pub_spki_buf[91]; const int pub_len = 65; @@ -33963,7 +19970,7 @@ }; int derInLen = sizeof(derIn); byte* derOut = NULL; - int derOutLen; + int derOutLen = -1; byte* p = derIn; /* Check that params can be successfully decoded. */ @@ -34143,9 +20150,9 @@ { EXPECT_DECLS; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) - WOLFSSL_OCSP_CERTID* certIdGood; - WOLFSSL_OCSP_CERTID* certIdBad; - const unsigned char* rawCertIdPtr; + WOLFSSL_OCSP_CERTID* certIdGood = NULL; + WOLFSSL_OCSP_CERTID* certIdBad = NULL; + const unsigned char* rawCertIdPtr = NULL; const unsigned char rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, @@ -34629,152 +20636,106 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_PKEY_derive(void) +static int test_wolfSSL_X509_get1_ca_issuers(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) -#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) - EVP_PKEY_CTX *ctx = NULL; - unsigned char *skey = NULL; - size_t skeylen; - EVP_PKEY *pkey = NULL; - EVP_PKEY *peerkey = NULL; - const unsigned char* key; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509* cert = NULL; + STACK_OF(WOLFSSL_STRING) *skStr = NULL; + WOLFSSL_STRING url = NULL; + const char* expected = "http://example.com/ca.pem"; -#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) - /* DH */ - key = dh_key_der_2048; - ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, - sizeof_dh_key_der_2048))); - ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1); - key = dh_key_der_2048; - ExpectNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, - sizeof_dh_key_der_2048))); - ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); - ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); - ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); - ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, - DYNAMIC_TYPE_OPENSSL)); - ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); + ExpectNull(wolfSSL_X509_get1_ca_issuers(NULL)); + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file( + "certs/aia/ca-issuers-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(skStr = wolfSSL_X509_get1_ca_issuers(cert)); + ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(skStr), 1); + ExpectNotNull(url = wolfSSL_sk_WOLFSSL_STRING_value(skStr, 0)); + ExpectIntEQ(XSTRCMP(url, expected), 0); - EVP_PKEY_CTX_free(ctx); - ctx = NULL; - EVP_PKEY_free(peerkey); - peerkey = NULL; - EVP_PKEY_free(pkey); - pkey = NULL; - XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); - skey = NULL; + wolfSSL_X509_email_free(skStr); + wolfSSL_X509_free(cert); #endif + return EXPECT_RESULT(); +} -#ifdef HAVE_ECC - /* ECDH */ - key = ecc_clikey_der_256; - ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key, - sizeof_ecc_clikey_der_256))); - key = ecc_clikeypub_der_256; - ExpectNotNull((peerkey = d2i_PUBKEY(NULL, &key, - sizeof_ecc_clikeypub_der_256))); - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); - ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); - ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); - ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, - DYNAMIC_TYPE_OPENSSL)); - ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); +static int test_wolfSSL_X509_get1_aia_multi(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + defined(WOLFSSL_ASN_CA_ISSUER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509* cert = NULL; + STACK_OF(WOLFSSL_STRING) *ocsp = NULL; + STACK_OF(WOLFSSL_STRING) *ca = NULL; + const char* ocspExp1 = "http://127.0.0.1:22221"; + const char* ocspExp2 = "http://127.0.0.1:22222"; + const char* caExp1 = "http://www.wolfssl.com/ca.pem"; + const char* caExp2 = "https://www.wolfssl.com/ca2.pem"; + int i; + int ocspFound1 = 0, ocspFound2 = 0; + int caFound1 = 0, caFound2 = 0; - EVP_PKEY_CTX_free(ctx); - EVP_PKEY_free(peerkey); - EVP_PKEY_free(pkey); - XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); -#endif /* HAVE_ECC */ -#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ -#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file( + "certs/aia/multi-aia-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 0); + + ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert)); + ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ocsp), 2); + for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ocsp); i++) { + WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ocsp, i); + if (url == NULL) + continue; + if (XSTRCMP(url, ocspExp1) == 0) ocspFound1 = 1; + if (XSTRCMP(url, ocspExp2) == 0) ocspFound2 = 1; + } + ExpectIntEQ(ocspFound1, 1); + ExpectIntEQ(ocspFound2, 1); + + ExpectNotNull(ca = wolfSSL_X509_get1_ca_issuers(cert)); + ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(ca), 2); + for (i = 0; i < wolfSSL_sk_WOLFSSL_STRING_num(ca); i++) { + WOLFSSL_STRING url = wolfSSL_sk_WOLFSSL_STRING_value(ca, i); + if (url == NULL) + continue; + if (XSTRCMP(url, caExp1) == 0) caFound1 = 1; + if (XSTRCMP(url, caExp2) == 0) caFound2 = 1; + } + ExpectIntEQ(caFound1, 1); + ExpectIntEQ(caFound2, 1); + + wolfSSL_X509_email_free(ocsp); + wolfSSL_X509_email_free(ca); + wolfSSL_X509_free(cert); +#endif return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_PBE_scrypt(void) +static int test_wolfSSL_X509_get1_aia_overflow(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5)) -#if !defined(NO_PWDBASED) && !defined(NO_SHA256) - int ret; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* cert = NULL; + STACK_OF(WOLFSSL_STRING) *ocsp = NULL; + int count; - const char pwd[] = {'p','a','s','s','w','o','r','d'}; - int pwdlen = sizeof(pwd); - const byte salt[] = {'N','a','C','l'}; - int saltlen = sizeof(salt); - byte key[80]; - word64 numOvr32 = (word64)INT32_MAX + 1; - - /* expected derived key for N:16, r:1, p:1 */ - const byte expectedKey[] = { - 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B, - 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A, - 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97, - 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6, - 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C, - 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53, - 0xE7, 0xE9, 0xC0, 0x9A}; - - /* N r p mx key keylen */ - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* N must be greater than 1 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* N must be power of 2 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* r must be greater than 0 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64); - ExpectIntEQ(ret, 0); /* p must be greater than 0 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0); - ExpectIntEQ(ret, 0); /* keylen must be greater than 0 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* r must be smaller than 9 */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64); - ExpectIntEQ(ret, 1); /* should succeed if key is NULL */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 1); /* should succeed */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0, - key, 64); - ExpectIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0, - key, 64); - ExpectIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 1); /* should succeed even if salt is NULL */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/ - - ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/ - - ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */ - - ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */ - - ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64); - ExpectIntEQ(ret, 1); - - ret = XMEMCMP(expectedKey, key, sizeof(expectedKey)); - ExpectIntEQ(ret, 0); /* derived key must be the same as expected-key */ -#endif /* !NO_PWDBASED && !NO_SHA256 */ -#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */ + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file( + "certs/aia/overflow-aia-cert.pem", WOLFSSL_FILETYPE_PEM)); + + ExpectNotNull(ocsp = wolfSSL_X509_get1_ocsp(cert)); + count = wolfSSL_sk_WOLFSSL_STRING_num(ocsp); + ExpectIntEQ(count, 8); + ExpectIntEQ(wolfSSL_X509_get_aia_overflow(cert), 1); + + wolfSSL_X509_email_free(ocsp); + wolfSSL_X509_free(cert); +#endif return EXPECT_RESULT(); } @@ -35566,510 +21527,261 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_PKEY_encrypt(void) +/* Mock callback for testing wc_SignCert_cb */ +#if defined(WOLFSSL_CERT_SIGN_CB) && (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ)) +/* Context structure for mock signing callback */ +typedef struct { + void* key; /* Pointer to RSA or ECC key */ + WC_RNG* rng; /* Random number generator (required for ECC) */ +} MockSignCtx; + +static int mockSignCb(const byte* in, word32 inLen, byte* out, word32* outLen, + int sigAlgo, int keyType, void* ctx) { - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) - WOLFSSL_RSA* rsa = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - WOLFSSL_EVP_PKEY_CTX* ctx = NULL; - const char* in = "What is easy to do is easy not to do."; - size_t inlen = XSTRLEN(in); - size_t outEncLen = 0; - byte* outEnc = NULL; - byte* outDec = NULL; - size_t outDecLen = 0; - size_t rsaKeySz = 2048/8; /* Bytes */ -#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) - byte* inTmp = NULL; - byte* outEncTmp = NULL; - byte* outDecTmp = NULL; -#endif + int ret = 0; + MockSignCtx* signCtx = (MockSignCtx*)ctx; - ExpectNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - if (outEnc != NULL) { - XMEMSET(outEnc, 0, rsaKeySz); - } - ExpectNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - if (outDec != NULL) { - XMEMSET(outDec, 0, rsaKeySz); + if (signCtx == NULL || signCtx->key == NULL || in == NULL || + out == NULL || outLen == NULL) { + return BAD_FUNC_ARG; } - ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - RSA_free(rsa); - } - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), - WOLFSSL_SUCCESS); + (void)sigAlgo; - /* Test pkey references count is decremented. pkey shouldn't be destroyed - since ctx uses it.*/ - ExpectIntEQ(pkey->ref.count, 2); - EVP_PKEY_free(pkey); - ExpectIntEQ(pkey->ref.count, 1); +#ifndef NO_RSA + if (keyType == RSA_TYPE) { + RsaKey* rsaKey = (RsaKey*)signCtx->key; + word32 outSz = *outLen; - /* Encrypt data */ - /* Check that we can get the required output buffer length by passing in a - * NULL output buffer. */ - ExpectIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen, - (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); - ExpectIntEQ(rsaKeySz, outEncLen); - /* Now do the actual encryption. */ - ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen, - (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); - - /* Decrypt data */ - ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); - /* Check that we can get the required output buffer length by passing in a - * NULL output buffer. */ - ExpectIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen), - WOLFSSL_SUCCESS); - ExpectIntEQ(rsaKeySz, outDecLen); - /* Now do the actual decryption. */ - ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen), - WOLFSSL_SUCCESS); - - ExpectIntEQ(XMEMCMP(in, outDec, outDecLen), 0); - -#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) - /* The input length must be the same size as the RSA key.*/ - ExpectNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - if (inTmp != NULL) { - XMEMSET(inTmp, 9, rsaKeySz); - } - ExpectNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - if (outEncTmp != NULL) { - XMEMSET(outEncTmp, 0, rsaKeySz); - } - ExpectNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, - DYNAMIC_TYPE_TMP_BUFFER)); - if (outDecTmp != NULL) { - XMEMSET(outDecTmp, 0, rsaKeySz); + /* For RSA, input is DER-encoded digest (DigestInfo structure) */ + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, rsaKey, signCtx->rng); + if (ret > 0) { + *outLen = (word32)ret; + ret = 0; + } } - ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, - outEncLen), WOLFSSL_SUCCESS); - ExpectIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0); -#endif - EVP_PKEY_CTX_free(ctx); - XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) - XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif -#endif - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #endif -#endif -#endif -#if defined(OPENSSL_EXTRA) -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #endif -#endif -#endif -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY - #endif -#endif -#endif - -#ifdef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY -static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - WOLFSSL_RSA* rsa = NULL; -#endif -#endif -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - WOLFSSL_DSA* dsa = NULL; -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - WOLFSSL_EC_KEY* ecKey = NULL; -#endif -#endif - WOLFSSL_EVP_PKEY* pkey = NULL; - WOLFSSL_EVP_PKEY_CTX* ctx = NULL; - WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL; - const char* in = "What is easy to do is easy not to do."; - size_t inlen = XSTRLEN(in); - byte hash[SHA256_DIGEST_LENGTH] = {0}; - byte zero[SHA256_DIGEST_LENGTH] = {0}; - SHA256_CTX c; - byte* sig = NULL; - byte* sigVerify = NULL; - size_t siglen; - size_t siglenOnlyLen; - size_t keySz = 2048/8; /* Bytes */ - - ExpectNotNull(sig = - (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); - ExpectNotNull(sigVerify = - (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); - - siglen = keySz; - ExpectNotNull(XMEMSET(sig, 0, keySz)); - ExpectNotNull(XMEMSET(sigVerify, 0, keySz)); - - /* Generate hash */ - SHA256_Init(&c); - SHA256_Update(&c, in, inlen); - SHA256_Final(hash, &c); -#ifdef WOLFSSL_SMALL_STACK_CACHE - /* workaround for small stack cache case */ - wc_Sha256Free((wc_Sha256*)&c); + else #endif +#ifdef HAVE_ECC + if (keyType == ECC_TYPE) { + ecc_key* eccKey = (ecc_key*)signCtx->key; + word32 outSz = *outLen; - /* Generate key */ - ExpectNotNull(pkey = EVP_PKEY_new()); - switch (keyType) { - case EVP_PKEY_RSA: -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - { - ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); - ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); - } -#endif -#endif - break; - case EVP_PKEY_DSA: -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - ExpectNotNull(dsa = DSA_new()); - ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, - NULL, 0, NULL, NULL, NULL), 1); - ExpectIntEQ(DSA_generate_key(dsa), 1); - ExpectIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS); -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - break; - case EVP_PKEY_EC: -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - { - ExpectNotNull(ecKey = EC_KEY_new()); - ExpectIntEQ(EC_KEY_generate_key(ecKey), 1); - ExpectIntEQ( - EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - EC_KEY_free(ecKey); - } + /* For ECC, input is raw hash, sign it (RNG required for ECDSA k value) */ + ret = wc_ecc_sign_hash(in, inLen, out, &outSz, signCtx->rng, eccKey); + if (ret == 0) { + *outLen = outSz; } -#endif -#endif - break; } - ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - if (keyType == EVP_PKEY_RSA) - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), - WOLFSSL_SUCCESS); -#endif -#endif - - /* Check returning only length */ - ExpectIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash, - SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); - ExpectIntGT(siglenOnlyLen, 0); - /* Sign data */ - ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, - SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); - ExpectIntGE(siglenOnlyLen, siglen); - - /* Verify signature */ - ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL)); - ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - if (keyType == EVP_PKEY_RSA) - ExpectIntEQ( - EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING), - WOLFSSL_SUCCESS); -#endif + else #endif - ExpectIntEQ(EVP_PKEY_verify( - ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_verify( - ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - if (keyType == EVP_PKEY_RSA) { - #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) - /* Try RSA sign/verify with no padding. */ - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, - siglen), WOLFSSL_SUCCESS); - ExpectIntGE(siglenOnlyLen, siglen); - ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, - RSA_NO_PADDING), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, - siglen), WOLFSSL_SUCCESS); - #endif - - /* Wrong padding schemes. */ - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, - RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); - ExpectIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, - siglen), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, - RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); - ExpectIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, - siglen), WOLFSSL_SUCCESS); - - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, - RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); + { + ret = BAD_FUNC_ARG; } -#endif -#endif - - /* error cases */ - siglen = keySz; /* Reset because sig size may vary slightly */ - ExpectIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); - ExpectIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen), - WOLFSSL_SUCCESS); - - EVP_PKEY_free(pkey); - pkey = NULL; -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - DSA_free(dsa); - dsa = NULL; -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - EVP_PKEY_CTX_free(ctx_verify); - ctx_verify = NULL; - EVP_PKEY_CTX_free(ctx); - ctx = NULL; - XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* OPENSSL_EXTRA */ - return EXPECT_RESULT(); + return ret; } -#endif -static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS); -#endif -#endif - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) - ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS); -#endif -#endif - return EXPECT_RESULT(); -} -static int test_wolfSSL_EVP_PKEY_sign_verify_ec(void) +/* Mock callback that always returns an error for testing */ +static int mockSignCbError(const byte* in, word32 inLen, byte* out, + word32* outLen, int sigAlgo, int keyType, void* ctx) { - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_EC), TEST_SUCCESS); -#endif -#endif - return EXPECT_RESULT(); + (void)in; + (void)inLen; + (void)out; + (void)outLen; + (void)sigAlgo; + (void)keyType; + (void)ctx; + return BAD_STATE_E; /* Return an error */ } - -static int test_EVP_PKEY_rsa(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) - WOLFSSL_RSA* rsa = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - - ExpectNotNull(rsa = wolfSSL_RSA_new()); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_RSA_free(rsa); - } - ExpectPtrEq(EVP_PKEY_get0_RSA(pkey), rsa); - wolfSSL_EVP_PKEY_free(pkey); #endif - return EXPECT_RESULT(); -} -static int test_EVP_PKEY_ec(void) +#ifdef WOLFSSL_CERT_SIGN_CB +static int test_wc_SignCert_cb(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - WOLFSSL_EC_KEY* ecKey = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) - ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); - ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); - ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Should fail since ecKey is empty */ - ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); - ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); - if (EXPECT_FAIL()) { - wolfSSL_EC_KEY_free(ecKey); - } - wolfSSL_EVP_PKEY_free(pkey); -#endif -#endif - return EXPECT_RESULT(); -} +#ifdef HAVE_ECC + /* Test with ECC key */ + { + Cert cert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + ecc_key key; + MockSignCtx signCtx; + DecodedCert decodedCert; + int ret; -static int test_EVP_PKEY_cmp(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) - EVP_PKEY *a = NULL; - EVP_PKEY *b = NULL; - const unsigned char *in; + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&signCtx, 0, sizeof(MockSignCtx)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "locality", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "org", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "unit", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.example.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "test@example.com", CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 0; + cert.sigType = CTC_SHA256wECDSA; + + /* Make cert body */ + ExpectIntGT(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); + + /* Setup signing context with key and RNG */ + signCtx.key = &key; + signCtx.rng = &rng; + + /* Sign using callback API */ + ExpectIntGT(derSize = wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, ECC_TYPE, mockSignCb, &signCtx, &rng), 0); -#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) - in = client_key_der_2048; - ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - &in, (long)sizeof_client_key_der_2048)); - in = client_key_der_2048; - ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - &in, (long)sizeof_client_key_der_2048)); + /* Verify the certificate was created properly */ + ExpectIntGT(derSize, 0); - /* Test success case RSA */ -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); -#else - ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); -#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + /* Parse the certificate and verify it's well-formed */ + if (EXPECT_SUCCESS()) { + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), + 0); + /* Verify signature algorithm matches what we set */ + ExpectIntEQ(decodedCert.signatureOID, CTC_SHA256wECDSA); + wc_FreeDecodedCert(&decodedCert); + } + + /* Test error cases */ + /* NULL callback */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, ECC_TYPE, NULL, &signCtx, &rng), BAD_FUNC_ARG); + /* NULL buffer */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, NULL, + FOURK_BUF, ECC_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + /* Zero buffer size */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + 0, ECC_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + /* Negative requestSz - should return the negative value */ + ExpectIntLT(wc_SignCert_cb(-1, cert.sigType, der, + FOURK_BUF, ECC_TYPE, mockSignCb, &signCtx, &rng), 0); + /* Callback returning error */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, ECC_TYPE, mockSignCbError, &signCtx, &rng), BAD_STATE_E); + #ifndef NO_RSA + /* Invalid keyType for ECC signature */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, ED25519_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + #endif - EVP_PKEY_free(b); - b = NULL; - EVP_PKEY_free(a); - a = NULL; -#endif + ret = wc_ecc_free(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); + } +#endif /* HAVE_ECC */ -#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - in = ecc_clikey_der_256; - ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, - &in, (long)sizeof_ecc_clikey_der_256)); - in = ecc_clikey_der_256; - ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, - &in, (long)sizeof_ecc_clikey_der_256)); +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + /* Test with RSA key */ + { + Cert cert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + RsaKey key; + MockSignCtx signCtx; + DecodedCert decodedCert; + int ret; - /* Test success case ECC */ -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); -#else - ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); -#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&signCtx, 0, sizeof(MockSignCtx)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_InitRsaKey(&key, NULL), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "locality", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "org", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "unit", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.example.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "test@example.com", CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 0; + cert.sigType = CTC_SHA256wRSA; + + /* Make cert body */ + ExpectIntGT(wc_MakeCert(&cert, der, FOURK_BUF, &key, NULL, &rng), 0); + + /* Setup signing context with key and RNG */ + signCtx.key = &key; + signCtx.rng = &rng; + + /* Sign using callback API with RSA */ + ExpectIntGT(derSize = wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, RSA_TYPE, mockSignCb, &signCtx, &rng), 0); - EVP_PKEY_free(b); - b = NULL; - EVP_PKEY_free(a); - a = NULL; -#endif - - /* Test failure cases */ -#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ - defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) - - in = client_key_der_2048; - ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, - &in, (long)sizeof_client_key_der_2048)); - in = ecc_clikey_der_256; - ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, - &in, (long)sizeof_ecc_clikey_der_256)); + /* Verify the certificate was created properly */ + ExpectIntGT(derSize, 0); -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - ExpectIntEQ(EVP_PKEY_cmp(a, b), -1); -#else - ExpectIntNE(EVP_PKEY_cmp(a, b), 0); -#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ - EVP_PKEY_free(b); - b = NULL; - EVP_PKEY_free(a); - a = NULL; -#endif + /* Parse the certificate and verify it's well-formed */ + if (EXPECT_SUCCESS()) { + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), + 0); + /* Verify signature algorithm matches what we set */ + ExpectIntEQ(decodedCert.signatureOID, CTC_SHA256wRSA); + wc_FreeDecodedCert(&decodedCert); + } + + /* Test error cases */ + /* NULL callback */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, RSA_TYPE, NULL, &signCtx, &rng), BAD_FUNC_ARG); + /* NULL buffer */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, NULL, + FOURK_BUF, RSA_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + /* Zero buffer size */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + 0, RSA_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + /* Callback returning error */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, RSA_TYPE, mockSignCbError, &signCtx, &rng), BAD_STATE_E); + #ifdef HAVE_ECC + /* Invalid keyType */ + ExpectIntEQ(wc_SignCert_cb(cert.bodySz, cert.sigType, der, + FOURK_BUF, ED448_TYPE, mockSignCb, &signCtx, &rng), BAD_FUNC_ARG); + #endif - /* invalid or empty failure cases */ - a = EVP_PKEY_new(); - b = EVP_PKEY_new(); -#if defined(WOLFSSL_ERROR_CODE_OPENSSL) - ExpectIntEQ(EVP_PKEY_cmp(NULL, NULL), 0); - ExpectIntEQ(EVP_PKEY_cmp(a, NULL), 0); - ExpectIntEQ(EVP_PKEY_cmp(NULL, b), 0); -#ifdef NO_RSA - /* Type check will fail since RSA is the default EVP key type */ - ExpectIntEQ(EVP_PKEY_cmp(a, b), -2); -#else - ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); -#endif -#else - ExpectIntNE(EVP_PKEY_cmp(NULL, NULL), 0); - ExpectIntNE(EVP_PKEY_cmp(a, NULL), 0); - ExpectIntNE(EVP_PKEY_cmp(NULL, b), 0); - ExpectIntNE(EVP_PKEY_cmp(a, b), 0); -#endif - EVP_PKEY_free(b); - EVP_PKEY_free(a); + ret = wc_FreeRsaKey(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); + } +#endif /* !NO_RSA && WOLFSSL_KEY_GEN */ - (void)in; -#endif +#endif /* WOLFSSL_CERT_GEN && !NO_ASN_TIME */ return EXPECT_RESULT(); } +#endif /* WOLFSSL_CERT_SIGN_CB */ static int test_ERR_load_crypto_strings(void) { @@ -36100,10 +21812,12 @@ ExpectNotNull(s = wolfSSL_sk_X509_new(NULL)); ExpectIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); + s = NULL; ExpectNotNull(s = sk_X509_new_null()); ExpectIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); + s = NULL; ExpectNotNull(s = sk_X509_new_null()); @@ -36199,11 +21913,11 @@ return EXPECT_RESULT(); } -static int test_sk_X509_CRL(void) +static int test_sk_X509_CRL_decode(void) { EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ - !defined(NO_RSA) +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_RSA) X509_CRL* crl = NULL; XFILE fp = XBADFILE; STACK_OF(X509_CRL)* s = NULL; @@ -36223,6 +21937,9 @@ WOLFSSL_ASN1_INTEGER* asnInt = NULL; const WOLFSSL_ASN1_INTEGER* sn = NULL; + XMEMSET(&revoked, 0, sizeof(revoked)); + revoked.reason = CRL_REASON_NONE; + #if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \ !defined(NO_BIO) XMEMSET(&empty, 0, sizeof(X509_CRL)); @@ -36247,10 +21964,25 @@ ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1324); #endif BIO_free(bio); + bio = NULL; + wolfSSL_X509_CRL_free(crl); + crl = NULL; + +#ifndef NO_ASN_TIME + /* Test CRL with invalid GeneralizedTime */ + ExpectNotNull(bio = BIO_new_file("./certs/crl/bad_time_fmt.pem", "rb")); + ExpectNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_X509_CRL_print(bio, crl), WOLFSSL_FAILURE); + BIO_free(bio); + bio = NULL; wolfSSL_X509_CRL_free(crl); crl = NULL; -#endif +#endif /* !NO_ASN_TIME */ +#endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE); @@ -36280,11 +22012,17 @@ ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(&empty), 0); ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0); ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0); - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl , NULL, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &len), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &len), - BAD_FUNC_ARG); + { + int sigSz = 0; + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &sigSz), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &sigSz), + BAD_FUNC_ARG); + } ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL), BAD_FUNC_ARG); ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev , NULL, NULL), @@ -36301,15 +22039,12 @@ ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(crl), CTC_SHA256wRSA); ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl), WC_NID_sha256WithRSAEncryption); - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &len), - WOLFSSL_SUCCESS); - ExpectIntEQ(len, 256); - len--; - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), BUFFER_E); - len += 2; - ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), - WOLFSSL_SUCCESS); - ExpectIntEQ(len, 256); + { + int sigSz = 0; + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &sigSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(sigSz, 256); + } ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl)); ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl)); @@ -36324,13 +22059,32 @@ WOLFSSL_SUCCESS); ExpectIntEQ(len, 1); -#ifndef NO_WOLFSSL_STUB + /* Test X509_CRL_get_REVOKED and stack iteration */ ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(NULL), 0); - ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(&revoked), 0); ExpectNull(wolfSSL_X509_CRL_get_REVOKED(NULL)); - ExpectNull(wolfSSL_X509_CRL_get_REVOKED(crl)); - ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0)); - ExpectNull(wolfSSL_sk_X509_REVOKED_value(&revoked, 0)); + { + WOLFSSL_STACK* revokedSk = NULL; + ExpectNotNull(revokedSk = wolfSSL_X509_CRL_get_REVOKED(crl)); + if (revokedSk != NULL) { + int numRevoked = wolfSSL_sk_X509_REVOKED_num(revokedSk); + ExpectIntGT(numRevoked, 0); + /* Verify first revoked entry has a serial number */ + { + WOLFSSL_X509_REVOKED* r = NULL; + ExpectNotNull(r = wolfSSL_sk_X509_REVOKED_value(revokedSk, 0)); + if (r != NULL) { + ExpectNotNull(r->serialNumber); + /* Verify revocation date is populated */ + ExpectNotNull( + wolfSSL_X509_REVOKED_get0_revocation_date(r)); + /* Verify sequence field (first entry should be 0) */ + ExpectIntEQ(r->sequence, 0); + } + } + } + ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0)); + } +#ifndef NO_WOLFSSL_STUB ExpectIntEQ(wolfSSL_X509_CRL_verify(NULL, NULL), 0); ExpectIntEQ(X509_OBJECT_set1_X509_CRL(NULL, NULL), 0); ExpectIntEQ(X509_OBJECT_set1_X509(NULL, NULL), 0); @@ -36346,10 +22100,9 @@ ExpectNull(wolfSSL_X509_REVOKED_get0_serial_number(NULL)); ExpectNotNull(sn = wolfSSL_X509_REVOKED_get0_serial_number(&revoked)); ExpectPtrEq(sn, asnInt); -#ifndef NO_WOLFSSL_STUB ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(NULL)); + /* revoked on stack has no revocationDate set, so should be NULL */ ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(&revoked)); -#endif wolfSSL_ASN1_INTEGER_free(asnInt); ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE); @@ -36379,17 +22132,639 @@ return EXPECT_RESULT(); } -static int test_X509_get_signature_nid(void) +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) +/* Ensure oversized caller-provided revocationDate is rejected. */ +static int test_wolfSSL_X509_CRL_add_revoked_oversized_revocation_date(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509* x509 = NULL; + WOLFSSL_X509_CRL* crl = NULL; + WOLFSSL_ASN1_INTEGER* serial = NULL; + WOLFSSL_X509_REVOKED revoked; + WOLFSSL_ASN1_TIME revDate; + byte serialData[] = { 0x01 }; - ExpectIntEQ(X509_get_signature_nid(NULL), 0); - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM)); - ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); - X509_free(x509); + XMEMSET(&revoked, 0, sizeof(revoked)); + XMEMSET(&revDate, 0, sizeof(revDate)); + + ExpectNotNull(crl = wolfSSL_X509_CRL_new()); + ExpectNotNull(serial = wolfSSL_ASN1_INTEGER_new()); + if (serial != NULL) { + serial->data = serialData; + serial->dataMax = (int)sizeof(serialData); + serial->length = (int)sizeof(serialData); + serial->isDynamic = 0; + } + + revDate.length = MAX_DATE_SIZE + 1; /* intentionally too large */ + revDate.type = ASN_GENERALIZED_TIME; + + revoked.serialNumber = serial; + revoked.revocationDate = &revDate; + revoked.reason = CRL_REASON_NONE; + + ExpectIntEQ(wolfSSL_X509_CRL_add_revoked(crl, &revoked), BAD_FUNC_ARG); + + wolfSSL_ASN1_INTEGER_free(serial); + wolfSSL_X509_CRL_free(crl); + + return EXPECT_RESULT(); +} +#endif + +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) +/* Ensure reason-code parsing handles optional critical BOOLEAN in entry ext. */ +static int test_wolfSSL_X509_CRL_reason_critical_boolean(void) +{ + EXPECT_DECLS; + int reasonCode = CRL_REASON_NONE; + /* One Extension SEQUENCE with: + * OID: 2.5.29.21 (CRL Reason Code) + * critical: TRUE + * extnValue: OCTET STRING wrapping ENUMERATED 2 (CA compromise) */ + static const byte ext[] = { + 0x30, 0x0d, 0x06, 0x03, 0x55, 0x1d, 0x15, + 0x01, 0x01, 0xff, 0x04, 0x03, 0x0a, 0x01, 0x02 + }; + + ExpectIntEQ(wc_ParseCRLReasonFromExtensions(ext, (word32)sizeof(ext), + &reasonCode), 0); + ExpectIntEQ(reasonCode, CRL_REASON_CA_COMPROMISE); + + return EXPECT_RESULT(); +} +#endif + +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) && \ + !defined(NO_ASN_TIME) +/* Helper function to create, sign, and write a CRL */ +static int generate_crl_test(const char* keyFile, const char* certFile, + const char* derFile, const char* pemFile, + const char* certToRevokePath) +{ + EXPECT_DECLS; + X509_NAME* issuer = NULL; + X509_NAME* decodedIssuer = NULL; + WOLFSSL_X509* cert = NULL; + WOLFSSL_ASN1_TIME asnTime; + XFILE fp = XBADFILE; + WOLFSSL_X509_CRL* crl = NULL; + WOLFSSL_X509_CRL* decodedCrl = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + int i = 0; + int revokedCount = 0; + byte certSerial[EXTERNAL_SERIAL_SIZE]; + int certSerialSz = 0; + byte serialsToRevokeBytes[][1] = { { 0x02 }, { 0x03 }, { 0x04 } }; + static const int numSerials = + (int)(sizeof(serialsToRevokeBytes) / + sizeof(serialsToRevokeBytes[0])); + WOLFSSL_ASN1_INTEGER serialsToRevoke[3] = { + { .intData = {0}, .negative = 0, + .data = serialsToRevokeBytes[0], + .dataMax = sizeof(serialsToRevokeBytes[0]), + .isDynamic = 0, + .length = sizeof(serialsToRevokeBytes[0]), + .type = 0 }, + { .intData = {0}, .negative = 0, + .data = serialsToRevokeBytes[1], + .dataMax = sizeof(serialsToRevokeBytes[1]), + .isDynamic = 0, + .length = sizeof(serialsToRevokeBytes[1]), + .type = 0 }, + { .intData = {0}, .negative = 0, + .data = serialsToRevokeBytes[2], + .dataMax = sizeof(serialsToRevokeBytes[2]), + .isDynamic = 0, + .length = sizeof(serialsToRevokeBytes[2]), + .type = 0 } + }; + WOLFSSL_X509_REVOKED revoked[3]; + WOLFSSL_X509* certToRevoke = NULL; + + /* Load certificate to get issuer name (CRL issuer = cert subject) */ + ExpectTrue((fp = XFOPEN(certFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(cert = PEM_read_X509(fp, NULL, NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Create a new empty CRL */ + ExpectNotNull(crl = wolfSSL_X509_CRL_new()); + ExpectIntEQ(wolfSSL_X509_CRL_version(crl), 2); + + /* Set issuer name, must match certificate subject for verification */ + ExpectNotNull(issuer = X509_get_subject_name(cert)); + ExpectIntEQ(wolfSSL_X509_CRL_set_issuer_name(crl, issuer), WOLFSSL_SUCCESS); + + /* Set thisUpdate to current time */ + XMEMSET(&asnTime, 0, sizeof(asnTime)); + ExpectNotNull(wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 0, 0)); + ExpectIntEQ(wolfSSL_X509_CRL_set_lastUpdate(crl, &asnTime), + WOLFSSL_SUCCESS); + + /* Set nextUpdate to 30 days from now */ + ExpectNotNull(wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 30, 0)); + ExpectIntEQ(wolfSSL_X509_CRL_set_nextUpdate(crl, &asnTime), + WOLFSSL_SUCCESS); + + XMEMSET(revoked, 0, sizeof(revoked)); + for (i = 0; i < numSerials; i++) { + revoked[i].serialNumber = &serialsToRevoke[i]; + revoked[i].reason = CRL_REASON_NONE; + } + + /* Add revoked certificates based on serial numbers */ + for (i = 0; i < numSerials; i++) { + ExpectIntEQ(wolfSSL_X509_CRL_add_revoked(crl, &revoked[i]), + WOLFSSL_SUCCESS); + } + + /* Add a revoked certificate entry to CRL by parsing a different + * certificate buffer */ + ExpectTrue((fp = XFOPEN(certToRevokePath, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(certToRevoke = PEM_read_X509(fp, NULL, NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + { + const byte* certDer = NULL; + int certDerSz = 0; + + ExpectNotNull(certDer = + wolfSSL_X509_get_der(certToRevoke, &certDerSz)); + ExpectIntEQ(wolfSSL_X509_CRL_add_revoked_cert(crl, certDer, certDerSz), + WOLFSSL_SUCCESS); + } + + /* Save cert serial for verification after round-trip */ + certSerialSz = (int)sizeof(certSerial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(certToRevoke, certSerial, + &certSerialSz), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(certToRevoke); + certToRevoke = NULL; + + /* Count revoked certificates - should be 'numSerials' + 1 */ + revokedCount = 0; + if (EXPECT_SUCCESS() && crl != NULL && crl->crlList != NULL) { + RevokedCert* rev = crl->crlList->certs; + while (rev != NULL) { + revokedCount++; + rev = rev->next; + } + } + ExpectIntEQ(revokedCount, numSerials + 1); + + /* Load private key for signing */ + ExpectTrue((fp = XFOPEN(keyFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Sign the CRL */ + ExpectIntEQ(wolfSSL_X509_CRL_sign(crl, pkey, wolfSSL_EVP_sha256()), + WOLFSSL_SUCCESS); + + /* Encode CRL to DER */ + ExpectIntEQ(wolfSSL_write_X509_CRL(crl, derFile, WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + + /* Encode CRL to PEM */ + ExpectIntEQ(wolfSSL_write_X509_CRL(crl, pemFile, WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + + /* ===== Validate encoded DER CRL by decoding and checking contents ===== */ + ExpectTrue((fp = XFOPEN(derFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(decodedCrl = d2i_X509_CRL_fp(fp, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Verify CRL version is v2 */ + ExpectIntEQ(wolfSSL_X509_CRL_version(decodedCrl), 2); + + /* Verify issuer name matches */ + ExpectNotNull(decodedIssuer = wolfSSL_X509_CRL_get_issuer_name(decodedCrl)); + ExpectIntEQ(X509_NAME_cmp(issuer, decodedIssuer), 0); + + /* Verify signature type is SHA256 with RSA or ECDSA */ + ExpectIntNE(wolfSSL_X509_CRL_get_signature_type(decodedCrl), 0); + + /* Verify lastUpdate and nextUpdate are set */ + ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(decodedCrl)); + ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(decodedCrl)); + + /* Count revoked certificates and verify serial values. + * CRL parsing prepends entries, so decoded list is in reverse order. */ + revokedCount = 0; + if (EXPECT_SUCCESS() && decodedCrl != NULL && decodedCrl->crlList != NULL) { + RevokedCert* rev = decodedCrl->crlList->certs; + while (rev != NULL) { + if (revokedCount == 0) { + /* Last added (cert serial) appears first in decoded list */ + ExpectIntEQ(rev->serialSz, certSerialSz); + ExpectIntEQ(XMEMCMP(rev->serialNumber, certSerial, + rev->serialSz), 0); + } + else { + /* Remaining serials in reverse: index numSerials-revokedCount */ + int idx = numSerials - revokedCount; + ExpectIntEQ(rev->serialSz, + (int)sizeof(serialsToRevokeBytes[0])); + ExpectIntEQ(XMEMCMP(rev->serialNumber, + serialsToRevokeBytes[idx], rev->serialSz), 0); + } + revokedCount++; + rev = rev->next; + } + } + ExpectIntEQ(revokedCount, numSerials + 1); + + wolfSSL_X509_CRL_free(decodedCrl); + decodedCrl = NULL; + + /* ===== Validate encoded PEM CRL by decoding and checking contents ===== */ + ExpectTrue((fp = XFOPEN(pemFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(decodedCrl = (X509_CRL*)PEM_read_X509_CRL(fp, NULL, + NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + /* Verify CRL version is v2 */ + ExpectIntEQ(wolfSSL_X509_CRL_version(decodedCrl), 2); + + /* Verify issuer name matches */ + ExpectNotNull(decodedIssuer = wolfSSL_X509_CRL_get_issuer_name(decodedCrl)); + ExpectIntEQ(X509_NAME_cmp(issuer, decodedIssuer), 0); + + /* Count revoked certificates from PEM and verify serial values. + * CRL parsing prepends entries, so decoded list is in reverse order. */ + revokedCount = 0; + if (EXPECT_SUCCESS() && decodedCrl != NULL && decodedCrl->crlList != NULL) { + RevokedCert* rev = decodedCrl->crlList->certs; + while (rev != NULL) { + if (revokedCount == 0) { + ExpectIntEQ(rev->serialSz, certSerialSz); + ExpectIntEQ(XMEMCMP(rev->serialNumber, certSerial, + rev->serialSz), 0); + } + else { + int idx = numSerials - revokedCount; + ExpectIntEQ(rev->serialSz, + (int)sizeof(serialsToRevokeBytes[0])); + ExpectIntEQ(XMEMCMP(rev->serialNumber, + serialsToRevokeBytes[idx], rev->serialSz), 0); + } + revokedCount++; + rev = rev->next; + } + } + ExpectIntEQ(revokedCount, numSerials + 1); + + wolfSSL_X509_CRL_free(decodedCrl); + + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_X509_CRL_free(crl); + wolfSSL_X509_free(cert); + + return EXPECT_RESULT(); +} +#endif + +static int test_sk_X509_CRL_encode(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) && \ + !defined(NO_ASN_TIME) +#ifndef NO_RSA + static const char* crlRsaPemFile = "./certs/crl/crlRsaOut.pem"; + static const char* crlRsaDerFile = "./certs/crl/crlRsaOut.der"; + static const char* testRsaKeyFile = "./certs/ca-key.pem"; + /* Use ca-cert.pem to match ca-key.pem for proper CRL verification */ + static const char* testRsaCertFile = "./certs/ca-cert.pem"; + static const char* revokeRsaCertFile = "./certs/server-cert.pem"; +#endif +#ifdef HAVE_ECC + static const char* crlEccPemFile = "./certs/crl/crlEccOut.pem"; + static const char* crlEccDerFile = "./certs/crl/crlEccOut.der"; + static const char* testEccKeyFile = "./certs/ca-ecc-key.pem"; + /* Use ca-ecc-cert.pem to match ca-ecc-key.pem for proper CRL + * verification */ + static const char* testEccCertFile = "./certs/ca-ecc-cert.pem"; + static const char* revokeEccCertFile = "./certs/server-ecc.pem"; +#endif + +#ifndef NO_RSA + /* Generate RSA-signed CRL (PEM and DER) */ + ExpectIntEQ(generate_crl_test(testRsaKeyFile, testRsaCertFile, + crlRsaDerFile, crlRsaPemFile, revokeRsaCertFile), TEST_SUCCESS); +#endif + +#ifdef HAVE_ECC + /* Generate ECC-signed CRL (PEM and DER) */ + ExpectIntEQ(generate_crl_test(testEccKeyFile, testEccCertFile, + crlEccDerFile, crlEccPemFile, revokeEccCertFile), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_CRL_sign_large(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN) && \ + !defined(NO_ASN_TIME) +#ifndef NO_RSA + static const char* testRsaKeyFile = "./certs/ca-key.pem"; + static const char* testRsaCertFile = "./certs/ca-cert.pem"; + X509_NAME* issuer = NULL; + WOLFSSL_X509* cert = NULL; + WOLFSSL_X509_CRL* crl = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_ASN1_TIME asnTime; + WOLFSSL_X509_REVOKED revoked; + XFILE fp = XBADFILE; + int i; + byte serial[4]; + + ExpectTrue((fp = XFOPEN(testRsaCertFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(cert = PEM_read_X509(fp, NULL, NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(crl = wolfSSL_X509_CRL_new()); + ExpectNotNull(issuer = X509_get_subject_name(cert)); + ExpectIntEQ(wolfSSL_X509_CRL_set_issuer_name(crl, issuer), WOLFSSL_SUCCESS); + + XMEMSET(&asnTime, 0, sizeof(asnTime)); + ExpectNotNull(wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 0, 0)); + ExpectIntEQ(wolfSSL_X509_CRL_set_lastUpdate(crl, &asnTime), + WOLFSSL_SUCCESS); + + ExpectNotNull(wolfSSL_ASN1_TIME_adj(&asnTime, XTIME(NULL), 30, 0)); + ExpectIntEQ(wolfSSL_X509_CRL_set_nextUpdate(crl, &asnTime), + WOLFSSL_SUCCESS); + + XMEMSET(&revoked, 0, sizeof(revoked)); + revoked.serialNumber = wolfSSL_ASN1_INTEGER_new(); + ExpectNotNull(revoked.serialNumber); + revoked.reason = CRL_REASON_NONE; + if (revoked.serialNumber != NULL) { + revoked.serialNumber->data = serial; + revoked.serialNumber->length = (int)sizeof(serial); + } + + for (i = 1; i <= 1024; i++) { + serial[0] = (byte)(i & 0xff); + serial[1] = (byte)((i >> 8) & 0xff); + serial[2] = (byte)((i >> 16) & 0xff); + serial[3] = (byte)((i >> 24) & 0xff); + ExpectIntEQ(wolfSSL_X509_CRL_add_revoked(crl, &revoked), + WOLFSSL_SUCCESS); + } + + ExpectTrue((fp = XFOPEN(testRsaKeyFile, "rb")) != XBADFILE); + if (fp != XBADFILE) { + ExpectNotNull(pkey = PEM_read_PrivateKey(fp, NULL, NULL, NULL)); + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectIntEQ(wolfSSL_X509_CRL_sign(crl, pkey, wolfSSL_EVP_sha256()), + WOLFSSL_SUCCESS); + + if (revoked.serialNumber != NULL) { + revoked.serialNumber->data = NULL; + wolfSSL_ASN1_INTEGER_free(revoked.serialNumber); + revoked.serialNumber = NULL; + } + + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_X509_CRL_free(crl); + wolfSSL_X509_free(cert); +#endif /* !NO_RSA */ +#endif + return EXPECT_RESULT(); +} + +/* Test round-trip of a CRL with the maximum size CRL number (CRL_MAX_NUM_SZ + * = 20 bytes). Build TBS with wc_MakeCRL_ex, sign with wc_SignCRL_ex, then + * decode with d2i_X509_CRL and verify the CRL number survives. + * Then patch the DER to make the CRL number negative and verify rejection. */ +static int test_wc_MakeCRL_max_crlnum(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_CRL) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(OPENSSL_EXTRA) + const char* caCertDerFile = "./certs/ca-cert.der"; + const char* caKeyDerFile = "./certs/ca-key.der"; + byte certBuf[4096]; + byte keyBuf[4096]; + int certSz = 0; + int keySz = 0; + XFILE f = XBADFILE; + DecodedCert caCert; + int caCertInit = 0; + RsaKey rsaKey; + WC_RNG rng; + word32 idx = 0; + int rsaKeyInit = 0; + int rngInit = 0; + + /* 20-byte CRL number: 0x01..0x14. First byte < 0x80 so no ASN.1 + * padding byte is needed - the encoded INTEGER content is exactly + * 20 bytes, matching CRL_MAX_NUM_SZ. */ + byte crlNum[CRL_MAX_NUM_SZ]; + const char* expHex = + "0102030405060708090A0B0C0D0E0F1011121314"; + + /* thisUpdate/nextUpdate dates in UTC time format */ + const byte thisUpdate[] = "260101000000Z"; /* Jan 1, 2026 */ + const byte nextUpdate[] = "270101000000Z"; /* Jan 1, 2027 */ + + /* issuer DER (SEQUENCE-wrapped Name) */ + byte issuerDer[512]; + word32 issuerDerSz = 0; + + byte* tbsBuf = NULL; + int tbsSz = 0; + byte* crlBuf = NULL; + int crlSz = 0; + int bufSz = 0; + + WOLFSSL_X509_CRL* decodedCrl = NULL; + int i; + + /* CRL Number OID 2.5.29.20: used to locate the extension in the DER */ + static const byte crlNumOid[] = { 0x55, 0x1D, 0x14 }; + + /* Fill CRL number with 0x01..0x14 */ + for (i = 0; i < (int)CRL_MAX_NUM_SZ; i++) { + crlNum[i] = (byte)(i + 1); + } + + /* Load CA cert DER */ + ExpectTrue((f = XFOPEN(caCertDerFile, "rb")) != XBADFILE); + if (f != XBADFILE) { + ExpectIntGT(certSz = (int)XFREAD(certBuf, 1, sizeof(certBuf), f), 0); + XFCLOSE(f); + f = XBADFILE; + } + + /* Load CA key DER */ + ExpectTrue((f = XFOPEN(caKeyDerFile, "rb")) != XBADFILE); + if (f != XBADFILE) { + ExpectIntGT(keySz = (int)XFREAD(keyBuf, 1, sizeof(keyBuf), f), 0); + XFCLOSE(f); + f = XBADFILE; + } + + /* Parse CA cert to extract the subject (= CRL issuer) DER. + * subjectRaw is the Name contents without the outer SEQUENCE tag, + * so we re-wrap it with SetSequence to produce a valid issuer Name. */ + wc_InitDecodedCert(&caCert, certBuf, (word32)certSz, NULL); + caCertInit = 1; + ExpectIntEQ(wc_ParseCert(&caCert, CERT_TYPE, 0, NULL), 0); + if (EXPECT_SUCCESS()) { + word32 seqHdrSz = SetSequence((word32)caCert.subjectRawLen, issuerDer); + XMEMCPY(issuerDer + seqHdrSz, caCert.subjectRaw, + (size_t)caCert.subjectRawLen); + issuerDerSz = seqHdrSz + (word32)caCert.subjectRawLen; + } + + /* Decode RSA private key */ + ExpectIntEQ(wc_InitRsaKey(&rsaKey, NULL), 0); + if (EXPECT_SUCCESS()) { + rsaKeyInit = 1; + } + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(keyBuf, &idx, &rsaKey, (word32)keySz), + 0); + + /* Init RNG for signing */ + ExpectIntEQ(wc_InitRng(&rng), 0); + if (EXPECT_SUCCESS()) { + rngInit = 1; + } + + /* --- Build TBS --- */ + /* First call with NULL output to get required size */ + tbsSz = wc_MakeCRL_ex( + issuerDer, issuerDerSz, + thisUpdate, ASN_UTC_TIME, /* thisUpdate */ + nextUpdate, ASN_UTC_TIME, /* nextUpdate */ + NULL, /* no revoked certs */ + crlNum, (word32)sizeof(crlNum), /* max-size CRL number */ + CTC_SHA256wRSA, 2, /* v2 for extensions */ + NULL, 0); + ExpectIntGT(tbsSz, 0); + + /* Allocate buffer large enough for TBS + signature overhead */ + if (EXPECT_SUCCESS()) { + bufSz = tbsSz + 512; /* generous room for signature wrapper */ + ExpectNotNull(tbsBuf = (byte*)XMALLOC(bufSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + } + + /* Second call to actually encode TBS */ + if (EXPECT_SUCCESS()) { + tbsSz = wc_MakeCRL_ex( + issuerDer, issuerDerSz, + thisUpdate, ASN_UTC_TIME, + nextUpdate, ASN_UTC_TIME, + NULL, + crlNum, (word32)sizeof(crlNum), + CTC_SHA256wRSA, 2, + tbsBuf, (word32)bufSz); + ExpectIntGT(tbsSz, 0); + } + + /* --- Sign the CRL --- */ + if (EXPECT_SUCCESS()) { + ExpectNotNull(crlBuf = (byte*)XMALLOC(bufSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + } + if (EXPECT_SUCCESS()) { + crlSz = wc_SignCRL_ex(tbsBuf, tbsSz, CTC_SHA256wRSA, + crlBuf, (word32)bufSz, &rsaKey, NULL, &rng); + ExpectIntGT(crlSz, 0); + } + + /* --- Decode the CRL and verify CRL number --- */ + if (EXPECT_SUCCESS()) { + ExpectNotNull(decodedCrl = d2i_X509_CRL(NULL, crlBuf, crlSz)); + } + if (decodedCrl != NULL && decodedCrl->crlList != NULL) { + ExpectTrue(decodedCrl->crlList->crlNumberSet); + if (decodedCrl->crlList->crlNumberSet) { + ExpectIntEQ(XMEMCMP(decodedCrl->crlList->crlNumber, expHex, + XSTRLEN(expHex)), 0); + } + } + wolfSSL_X509_CRL_free(decodedCrl); + decodedCrl = NULL; + + /* --- Negative test: patch the CRL number to be negative --- */ + /* The encoded CRL number INTEGER is: 02 14 01 02 03 ... 14 + * (tag=0x02, length=0x14=20, content bytes 0x01..0x14). + * Flip the high bit of the first content byte (0x01 -> 0x81) to make + * the INTEGER negative. No lengths change, so the DER stays + * structurally valid. The signature is now wrong, but d2i_X509_CRL + * uses NO_VERIFY so that doesn't matter. */ + if (EXPECT_SUCCESS()) { + /* Find CRL Number OID (55 1D 14) in the DER */ + int found = 0; + for (i = 0; i < crlSz - (int)sizeof(crlNumOid); i++) { + if (XMEMCMP(crlBuf + i, crlNumOid, sizeof(crlNumOid)) == 0) { + /* OID found at i. Skip past: OID (3 bytes) -> OCTET STRING + * tag (1) + length (1) -> INTEGER tag (1) + length (1) -> + * first content byte. */ + int contentIdx = i + 3 + 2 + 2; + if (contentIdx < crlSz) { + crlBuf[contentIdx] |= 0x80; + found = 1; + } + break; + } + } + ExpectTrue(found); + } + /* Decoding the patched CRL must fail - the CRL number is negative. */ + if (EXPECT_SUCCESS()) { + decodedCrl = d2i_X509_CRL(NULL, crlBuf, crlSz); + ExpectNull(decodedCrl); + wolfSSL_X509_CRL_free(decodedCrl); + } + + XFREE(crlBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tbsBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (caCertInit) { + wc_FreeDecodedCert(&caCert); + } + if (rngInit) { + wc_FreeRng(&rng); + } + if (rsaKeyInit) { + wc_FreeRsaKey(&rsaKey); + } #endif return EXPECT_RESULT(); } @@ -36679,1008 +23054,6 @@ return EXPECT_RESULT(); } -static int test_wolfssl_PKCS7(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ - !defined(NO_RSA) - PKCS7* pkcs7 = NULL; - byte data[FOURK_BUF]; - word32 len = sizeof(data); - const byte* p = data; - byte content[] = "Test data to encode."; -#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) - BIO* bio = NULL; - byte key[sizeof(client_key_der_2048)]; - word32 keySz = (word32)sizeof(key); - byte* out = NULL; -#endif - - ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content, - (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0); - - ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len)); - ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); - ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, - PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* fail case, without PKCS7_NOVERIFY */ - p = data; - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, - 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* success case, with PKCS7_NOVERIFY */ - p = data; - ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, - PKCS7_NOVERIFY), WOLFSSL_SUCCESS); - -#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) - /* test i2d */ - XMEMCPY(key, client_key_der_2048, keySz); - if (pkcs7 != NULL) { - pkcs7->privateKey = key; - pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; - #ifdef NO_SHA - pkcs7->hashOID = SHA256h; - #else - pkcs7->hashOID = SHAh; - #endif - } - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); -#ifndef NO_ASN_TIME - ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 655); -#else - ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 625); -#endif - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - BIO_free(bio); -#endif - - PKCS7_free(NULL); - PKCS7_free(pkcs7); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PKCS7_sign(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - - PKCS7* p7 = NULL; - PKCS7* p7Ver = NULL; - byte* out = NULL; - byte* tmpPtr = NULL; - int outLen = 0; - int flags = 0; - byte data[] = "Test data to encode."; - - const char* cert = "./certs/server-cert.pem"; - const char* key = "./certs/server-key.pem"; - const char* ca = "./certs/ca-cert.pem"; - - WOLFSSL_BIO* certBio = NULL; - WOLFSSL_BIO* keyBio = NULL; - WOLFSSL_BIO* caBio = NULL; - WOLFSSL_BIO* inBio = NULL; - X509* signCert = NULL; - EVP_PKEY* signKey = NULL; - X509* caCert = NULL; - X509_STORE* store = NULL; -#ifndef NO_PKCS7_STREAM - int z; - int ret; -#endif /* !NO_PKCS7_STREAM */ - - /* read signer cert/key into BIO */ - ExpectNotNull(certBio = BIO_new_file(cert, "r")); - ExpectNotNull(keyBio = BIO_new_file(key, "r")); - ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); - ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); - - /* read CA cert into store (for verify) */ - ExpectNotNull(caBio = BIO_new_file(ca, "r")); - ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); - - /* data to be signed into BIO */ - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - /* PKCS7_sign, bad args: signer NULL */ - ExpectNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0)); - /* PKCS7_sign, bad args: signer key NULL */ - ExpectNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0)); - /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */ - ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0)); - /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */ - ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS)); - /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */ - ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL)); - - /* TEST SUCCESS: Not detached, not streaming, not MIME */ - { - flags = PKCS7_BINARY; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); - - /* verify with d2i_PKCS7 */ - tmpPtr = out; - ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); - PKCS7_free(p7Ver); - p7Ver = NULL; - - /* verify with wc_PKCS7_VerifySignedData */ - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); - - #ifndef NO_PKCS7_STREAM - /* verify with wc_PKCS7_VerifySignedData streaming */ - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); - /* test for streaming */ - ret = -1; - for (z = 0; z < outLen && ret != 0; z++) { - ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); - if (ret < 0){ - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); - } - } - ExpectIntEQ(ret, 0); - #endif /* !NO_PKCS7_STREAM */ - - /* compare the signer found to expected signer */ - ExpectIntNE(p7Ver->verifyCertSz, 0); - tmpPtr = NULL; - ExpectIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); - ExpectIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); - XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL); - tmpPtr = NULL; - - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - - ExpectNotNull(out); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - out = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg - * tests for PKCS7_final() while we have a PKCS7 pointer to use */ - { - /* re-populate input BIO, may have been consumed */ - BIO_free(inBio); - inBio = NULL; - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_BINARY | PKCS7_STREAM; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); - ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); - - /* PKCS7_final, bad args: PKCS7 null */ - ExpectIntEQ(PKCS7_final(NULL, inBio, 0), 0); - /* PKCS7_final, bad args: PKCS7 null */ - ExpectIntEQ(PKCS7_final(p7, NULL, 0), 0); - - tmpPtr = out; - ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); - PKCS7_free(p7Ver); - p7Ver = NULL; - - ExpectNotNull(out); - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - out = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* TEST SUCCESS: Detached, not streaming, not MIME */ - { - /* re-populate input BIO, may have been consumed */ - BIO_free(inBio); - inBio = NULL; - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_BINARY | PKCS7_DETACHED; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); - ExpectNotNull(out); - - /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - if (p7Ver != NULL) { - p7Ver->content = data; - p7Ver->contentSz = sizeof(data); - } - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - - #ifndef NO_PKCS7_STREAM - /* verify with wc_PKCS7_VerifySignedData streaming */ - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - if (p7Ver != NULL) { - p7Ver->content = data; - p7Ver->contentSz = sizeof(data); - } - /* test for streaming */ - if (EXPECT_SUCCESS()) { - ret = -1; - for (z = 0; z < outLen && ret != 0; z++) { - ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); - if (ret < 0){ - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); - } - } - ExpectIntEQ(ret, 0); - } - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - #endif /* !NO_PKCS7_STREAM */ - - /* verify expected failure (NULL return) from d2i_PKCS7, it does not - * yet support detached content */ - tmpPtr = out; - ExpectNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); - PKCS7_free(p7Ver); - p7Ver = NULL; - - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - out = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* TEST SUCCESS: Detached, streaming, not MIME */ - { - /* re-populate input BIO, may have been consumed */ - BIO_free(inBio); - inBio = NULL; - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); - ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); - - /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - if (p7Ver != NULL) { - p7Ver->content = data; - p7Ver->contentSz = sizeof(data); - } - ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - - ExpectNotNull(out); - - #ifndef NO_PKCS7_STREAM - /* verify with wc_PKCS7_VerifySignedData streaming */ - ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); - if (p7Ver != NULL) { - p7Ver->content = data; - p7Ver->contentSz = sizeof(data); - } - /* test for streaming */ - if (EXPECT_SUCCESS()) { - ret = -1; - for (z = 0; z < outLen && ret != 0; z++) { - ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); - if (ret < 0){ - ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); - } - } - ExpectIntEQ(ret, 0); - } - wc_PKCS7_Free(p7Ver); - p7Ver = NULL; - #endif /* !NO_PKCS7_STREAM */ - - XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - PKCS7_free(p7); - p7 = NULL; - } - - X509_STORE_free(store); - X509_free(caCert); - X509_free(signCert); - EVP_PKEY_free(signKey); - BIO_free(inBio); - BIO_free(keyBio); - BIO_free(certBio); - BIO_free(caBio); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PKCS7_SIGNED_new(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) - PKCS7_SIGNED* pkcs7 = NULL; - - ExpectNotNull(pkcs7 = PKCS7_SIGNED_new()); - ExpectIntEQ(pkcs7->contentOID, SIGNED_DATA); - - PKCS7_SIGNED_free(pkcs7); -#endif - return EXPECT_RESULT(); -} - -#ifndef NO_BIO - -static int test_wolfSSL_PEM_write_bio_encryptedKey(void) -{ - EXPECT_DECLS; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ - defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ - defined(WOLFSSL_ENCRYPTED_KEYS) && \ - (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ - !defined(NO_DES3) - RSA* rsaKey = NULL; - RSA* retKey = NULL; - const EVP_CIPHER *cipher = NULL; - BIO* bio = NULL; - BIO* retbio = NULL; - byte* out; - const char* password = "wolfssl"; - word32 passwordSz =(word32)XSTRLEN((char*)password); - int membufSz = 0; - -#if defined(USE_CERT_BUFFERS_2048) - const byte* key = client_key_der_2048; - word32 keySz = sizeof_client_key_der_2048; -#elif defined(USE_CERT_BUFFERS_1024) - const byte* key = client_key_der_1024; - word32 keySz = sizeof_client_key_der_1024; -#endif - /* Import Rsa Key */ - ExpectNotNull(rsaKey = wolfSSL_RSA_new()); - ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz, - WOLFSSL_RSA_LOAD_PRIVATE), 1); - - ExpectNotNull(cipher = EVP_des_ede3_cbc()); - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher, - (byte*)password, passwordSz, NULL, NULL), 1); - ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0); - ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz)); - ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL, - NULL, (void*)password))); - if (bio != NULL) { - BIO_free(bio); - } - if (retbio != NULL) { - BIO_free(retbio); - } - if (retKey != NULL) { - RSA_free(retKey); - } - if (rsaKey != NULL) { - RSA_free(rsaKey); - } -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_write_bio_PKCS7(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) - PKCS7* pkcs7 = NULL; - BIO* bio = NULL; - const byte* cert_buf = NULL; - int ret = 0; - WC_RNG rng; - const byte data[] = { /* Hello World */ - 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, - 0x72,0x6c,0x64 - }; -#ifndef NO_RSA - #if defined(USE_CERT_BUFFERS_2048) - byte key[sizeof(client_key_der_2048)]; - byte cert[sizeof(client_cert_der_2048)]; - word32 keySz = (word32)sizeof(key); - word32 certSz = (word32)sizeof(cert); - XMEMSET(key, 0, keySz); - XMEMSET(cert, 0, certSz); - XMEMCPY(key, client_key_der_2048, keySz); - XMEMCPY(cert, client_cert_der_2048, certSz); - #elif defined(USE_CERT_BUFFERS_1024) - byte key[sizeof_client_key_der_1024]; - byte cert[sizeof(sizeof_client_cert_der_1024)]; - word32 keySz = (word32)sizeof(key); - word32 certSz = (word32)sizeof(cert); - XMEMSET(key, 0, keySz); - XMEMSET(cert, 0, certSz); - XMEMCPY(key, client_key_der_1024, keySz); - XMEMCPY(cert, client_cert_der_1024, certSz); - #else - unsigned char cert[ONEK_BUF]; - unsigned char key[ONEK_BUF]; - XFILE fp = XBADFILE; - int certSz; - int keySz; - - ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != - XBADFILE); - ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, - fp), 0); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != - XBADFILE); - ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), - 0); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - #endif -#elif defined(HAVE_ECC) - #if defined(USE_CERT_BUFFERS_256) - unsigned char cert[sizeof(cliecc_cert_der_256)]; - unsigned char key[sizeof(ecc_clikey_der_256)]; - int certSz = (int)sizeof(cert); - int keySz = (int)sizeof(key); - XMEMSET(cert, 0, certSz); - XMEMSET(key, 0, keySz); - XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); - XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); - #else - unsigned char cert[ONEK_BUF]; - unsigned char key[ONEK_BUF]; - XFILE fp = XBADFILE; - int certSz, keySz; - - ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != - XBADFILE); - ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, - fp), 0); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - - ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != - XBADFILE); - ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp), - 0); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - #endif -#else - #error PKCS7 requires ECC or RSA -#endif - - ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); - /* initialize with DER encoded cert */ - ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); - - /* init rng */ - XMEMSET(&rng, 0, sizeof(WC_RNG)); - ExpectIntEQ(wc_InitRng(&rng), 0); - - if (pkcs7 != NULL) { - pkcs7->rng = &rng; - pkcs7->content = (byte*)data; /* not used for ex */ - pkcs7->contentSz = (word32)sizeof(data); - pkcs7->contentOID = SIGNED_DATA; - pkcs7->privateKey = key; - pkcs7->privateKeySz = (word32)sizeof(key); - pkcs7->encryptOID = RSAk; - #ifdef NO_SHA - pkcs7->hashOID = SHA256h; - #else - pkcs7->hashOID = SHAh; - #endif - pkcs7->signedAttribs = NULL; - pkcs7->signedAttribsSz = 0; - } - - ExpectNotNull(bio = BIO_new(BIO_s_mem())); - /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ - ExpectIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); - - /* Read PKCS#7 PEM from BIO */ - ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf); - ExpectIntGE(ret, 0); - - BIO_free(bio); - wc_PKCS7_Free(pkcs7); - wc_FreeRng(&rng); -#endif - return EXPECT_RESULT(); -} - -#ifdef HAVE_SMIME -/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */ -static int test_wolfSSL_SMIME_read_PKCS7(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - PKCS7* pkcs7 = NULL; - BIO* bio = NULL; - BIO* bcont = NULL; - BIO* out = NULL; - const byte* outBuf = NULL; - int outBufLen = 0; - static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; - XFILE smimeTestFile = XBADFILE; - - ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) != - XBADFILE); - - /* smime-test.p7s */ - bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); - ExpectNotNull(bio); - ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); - pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); - ExpectNotNull(pkcs7); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, - PKCS7_NOVERIFY), SSL_SUCCESS); - if (smimeTestFile != XBADFILE) { - XFCLOSE(smimeTestFile); - smimeTestFile = XBADFILE; - } - if (bcont) BIO_free(bcont); - bcont = NULL; - wolfSSL_PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* smime-test-multipart.p7s */ - smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb"); - ExpectFalse(smimeTestFile == XBADFILE); - ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); - pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); - ExpectNotNull(pkcs7); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, - PKCS7_NOVERIFY), SSL_SUCCESS); - if (smimeTestFile != XBADFILE) { - XFCLOSE(smimeTestFile); - smimeTestFile = XBADFILE; - } - if (bcont) BIO_free(bcont); - bcont = NULL; - wolfSSL_PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* smime-test-multipart-badsig.p7s */ - smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", - "rb"); - ExpectFalse(smimeTestFile == XBADFILE); - ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); - pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); - ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */ - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, - PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - if (smimeTestFile != XBADFILE) { - XFCLOSE(smimeTestFile); - smimeTestFile = XBADFILE; - } - if (bcont) BIO_free(bcont); - bcont = NULL; - wolfSSL_PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* smime-test-canon.p7s */ - smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); - ExpectFalse(smimeTestFile == XBADFILE); - ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); - pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); - ExpectNotNull(pkcs7); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, - PKCS7_NOVERIFY), SSL_SUCCESS); - if (smimeTestFile != XBADFILE) { - XFCLOSE(smimeTestFile); - smimeTestFile = XBADFILE; - } - if (bcont) BIO_free(bcont); - bcont = NULL; - wolfSSL_PKCS7_free(pkcs7); - pkcs7 = NULL; - - /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */ - smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); - ExpectFalse(smimeTestFile == XBADFILE); - ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); - pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); - ExpectNotNull(pkcs7); - out = wolfSSL_BIO_new(BIO_s_mem()); - ExpectNotNull(out); - ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out, - PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS); - ExpectIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0); - /* Content-Type should not show up at beginning of output buffer */ - ExpectIntGT(outBufLen, XSTRLEN(contTypeText)); - ExpectIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0); - - BIO_free(out); - BIO_free(bio); - if (bcont) BIO_free(bcont); - wolfSSL_PKCS7_free(pkcs7); -#endif - return EXPECT_RESULT(); -} -/* // NOLINTEND(clang-analyzer-unix.Stream) */ - -static int test_wolfSSL_SMIME_write_PKCS7(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA) - PKCS7* p7 = NULL; - PKCS7* p7Ver = NULL; - int flags = 0; - byte data[] = "Test data to encode."; - - const char* cert = "./certs/server-cert.pem"; - const char* key = "./certs/server-key.pem"; - const char* ca = "./certs/ca-cert.pem"; - - WOLFSSL_BIO* certBio = NULL; - WOLFSSL_BIO* keyBio = NULL; - WOLFSSL_BIO* caBio = NULL; - WOLFSSL_BIO* inBio = NULL; - WOLFSSL_BIO* outBio = NULL; - WOLFSSL_BIO* content = NULL; - X509* signCert = NULL; - EVP_PKEY* signKey = NULL; - X509* caCert = NULL; - X509_STORE* store = NULL; - - /* read signer cert/key into BIO */ - ExpectNotNull(certBio = BIO_new_file(cert, "r")); - ExpectNotNull(keyBio = BIO_new_file(key, "r")); - ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); - ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); - - /* read CA cert into store (for verify) */ - ExpectNotNull(caBio = BIO_new_file(ca, "r")); - ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); - ExpectNotNull(store = X509_STORE_new()); - ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); - - - /* generate and verify SMIME: not detached */ - { - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_STREAM; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectNotNull(outBio = BIO_new(BIO_s_mem())); - ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); - - /* bad arg: out NULL */ - ExpectIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0); - /* bad arg: pkcs7 NULL */ - ExpectIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0); - - ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); - - BIO_free(content); - content = NULL; - BIO_free(inBio); - inBio = NULL; - BIO_free(outBio); - outBio = NULL; - PKCS7_free(p7Ver); - p7Ver = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* generate and verify SMIME: not detached, add Content-Type */ - { - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_STREAM | PKCS7_TEXT; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectNotNull(outBio = BIO_new(BIO_s_mem())); - ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); - - ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); - - BIO_free(content); - content = NULL; - BIO_free(inBio); - inBio = NULL; - BIO_free(outBio); - outBio = NULL; - PKCS7_free(p7Ver); - p7Ver = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* generate and verify SMIME: detached */ - { - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_DETACHED | PKCS7_STREAM; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectNotNull(outBio = BIO_new(BIO_s_mem())); - ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); - - ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); - - BIO_free(content); - content = NULL; - BIO_free(inBio); - inBio = NULL; - BIO_free(outBio); - outBio = NULL; - PKCS7_free(p7Ver); - p7Ver = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */ - { - ExpectNotNull(inBio = BIO_new(BIO_s_mem())); - ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); - - flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT; - ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); - ExpectNotNull(outBio = BIO_new(BIO_s_mem())); - ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); - - ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); - ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); - - BIO_free(content); - content = NULL; - BIO_free(inBio); - inBio = NULL; - BIO_free(outBio); - outBio = NULL; - PKCS7_free(p7Ver); - p7Ver = NULL; - PKCS7_free(p7); - p7 = NULL; - } - - X509_STORE_free(store); - X509_free(caCert); - X509_free(signCert); - EVP_PKEY_free(signKey); - BIO_free(keyBio); - BIO_free(certBio); - BIO_free(caBio); -#endif - return EXPECT_RESULT(); -} -#endif /* HAVE_SMIME */ -#endif /* !NO_BIO */ - -/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS - * returns 0) */ -static int test_X509_STORE_No_SSL_CTX(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ - defined(HAVE_CRL) && !defined(NO_RSA) - - X509_STORE * store = NULL; - X509_STORE_CTX * storeCtx = NULL; - X509_CRL * crl = NULL; - X509 * ca = NULL; - X509 * cert = NULL; - const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; - const char srvCert[] = "./certs/server-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; - const char caDir[] = "./certs/crl/hash_pem"; - XFILE fp = XBADFILE; - X509_LOOKUP * lookup = NULL; - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - /* Set up store with CA */ - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - /* Add CRL lookup directory to store - * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy - * of crl.pem */ - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, - X509_FILETYPE_PEM, NULL), SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - /* Add CRL to store NOT containing the verified certificate, which - * forces use of the CRL lookup directory */ - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) - XFCLOSE(fp); - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - /* Create verification context outside of an SSL session */ - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Perform verification, which should NOT indicate CRL missing due to the - * store CM's X509 store pointer being NULL */ - ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); - - X509_CRL_free(crl); - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(cert); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - -/* Test of X509 store use outside of SSL context w/ CRL lookup, but - * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */ -static int test_X509_LOOKUP_add_dir(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ - !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ - (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ - defined(HAVE_CRL) && !defined(NO_RSA) - - X509_STORE * store = NULL; - X509_STORE_CTX * storeCtx = NULL; - X509_CRL * crl = NULL; - X509 * ca = NULL; - X509 * cert = NULL; - const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; - const char srvCert[] = "./certs/server-cert.pem"; - const char caCert[] = "./certs/ca-cert.pem"; - const char caDir[] = "./certs/crl/hash_der"; - XFILE fp = XBADFILE; - X509_LOOKUP * lookup = NULL; - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - /* Set up store with CA */ - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - /* Add CRL lookup directory to store. - * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy - * of crl.der */ - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - - ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), - SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - /* Add CRL to store NOT containing the verified certificate, which - * forces use of the CRL lookup directory */ - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - /* Create verification context outside of an SSL session */ - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Perform verification, which should NOT return CRL missing */ - ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); - - X509_CRL_free(crl); - crl = NULL; - X509_STORE_free(store); - store = NULL; - X509_STORE_CTX_free(storeCtx); - storeCtx = NULL; - X509_free(cert); - cert = NULL; - X509_free(ca); - ca = NULL; - - /* Now repeat the same, but look for X509_FILETYPE_PEM. - * We should get CRL_MISSING at the end, because the lookup - * dir has only ASN1 CRLs. */ - - ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); - - ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); - - ExpectNotNull((lookup = X509_STORE_add_lookup(store, - X509_LOOKUP_hash_dir()))); - - ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), - SSL_SUCCESS); - - ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), - SSL_SUCCESS); - - ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); - ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, - NULL, NULL)); - if (fp != XBADFILE) { - XFCLOSE(fp); - fp = XBADFILE; - } - ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); - - ExpectNotNull((storeCtx = X509_STORE_CTX_new())); - ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, - SSL_FILETYPE_PEM))); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); - - /* Now we SHOULD get CRL_MISSING, because we looked for PEM - * in dir containing only ASN1/DER. */ - ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), - X509_V_ERR_UNABLE_TO_GET_CRL); - - X509_CRL_free(crl); - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(cert); - X509_free(ca); -#endif - return EXPECT_RESULT(); -} - - - /*----------------------------------------------------------------------------* | Certificate Failure Checks *----------------------------------------------------------------------------*/ @@ -37773,9 +23146,9 @@ #endif } - /* load_file() uses malloc. */ + /* load_file() uses XMALLOC. */ if (cert_buf != NULL) { - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* !NO_RSA */ return EXPECT_RESULT(); @@ -37814,9 +23187,9 @@ #endif } - /* load_file() uses malloc. */ + /* load_file() uses XMALLOC. */ if (cert_buf != NULL) { - free(cert_buf); + XFREE(cert_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #ifdef FP_ECC wc_ecc_fp_free(); @@ -37829,6 +23202,23 @@ #endif /* !NO_RSA || HAVE_ECC */ #endif /* NO_CERTS */ +static int test_wc_CheckPrivateKey_RSA_pub_only(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) && \ + !defined(NO_CHECK_PRIVATE_KEY) && \ + (defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)) + /* With RSA public-only or verify-only, wc_CheckPrivateKey should return + * NOT_COMPILED_IN for RSA key types since private key operations are not + * available. */ + ExpectIntEQ(wc_CheckPrivateKey(server_key_der_2048, + sizeof_server_key_der_2048, server_cert_der_2048, + sizeof_server_cert_der_2048, RSAk, NULL), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + return EXPECT_RESULT(); +} + #if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ @@ -38059,146 +23449,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_X509_load_crl_file(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ - !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) - int i; - char pem[][100] = { - "./certs/crl/crl.pem", - "./certs/crl/crl2.pem", - "./certs/crl/caEccCrl.pem", - "./certs/crl/eccCliCRL.pem", - "./certs/crl/eccSrvCRL.pem", - #ifdef WC_RSA_PSS - "./certs/crl/crl_rsapss.pem", - #endif - "" - }; - char der[][100] = { - "./certs/crl/crl.der", - "./certs/crl/crl2.der", - "" - }; - WOLFSSL_X509_STORE* store = NULL; - WOLFSSL_X509_LOOKUP* lookup = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); -#ifdef WC_RSA_PSS - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem", - X509_FILETYPE_PEM), 1); -#endif - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", - X509_FILETYPE_PEM), 1); - if (store) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); - } - - ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0); - for (i = 0; pem[i][0] != '\0'; i++) { - ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), - 1); - } - - if (store) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); -#ifdef WC_RSA_PSS - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); -#endif - } - /* once feeing store */ - X509_STORE_free(store); - store = NULL; - - ExpectNotNull(store = wolfSSL_X509_STORE_new()); - ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); - - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", - X509_FILETYPE_PEM), 1); - ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", - X509_FILETYPE_PEM), 1); - if (store) { - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, - WOLFSSL_FILETYPE_PEM), 1); - /* since store hasn't yet known the revoked cert*/ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); - } - - for (i = 0; der[i][0] != '\0'; i++) { - ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), - 1); - } - - if (store) { - /* since store knows crl list */ - ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, - "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), - WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); - } - - /* test for incorrect parameter */ - ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); - ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); - ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); - - X509_STORE_free(store); - store = NULL; -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_i2d_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) - const unsigned char* cert_buf = server_cert_der_2048; - unsigned char* out = NULL; - unsigned char* tmp = NULL; - const unsigned char* nullPtr = NULL; - const unsigned char notCert[2] = { 0x30, 0x00 }; - const unsigned char* notCertPtr = notCert; - X509* cert = NULL; - - ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048)); - ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048)); - ExpectNull(d2i_X509(NULL, &cert_buf, 0)); - ExpectNull(d2i_X509(NULL, ¬CertPtr, sizeof(notCert))); - ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048)); - /* Pointer should be advanced */ - ExpectPtrGT(cert_buf, server_cert_der_2048); - ExpectIntGT(i2d_X509(cert, &out), 0); - ExpectNotNull(out); - tmp = out; - ExpectIntGT(i2d_X509(cert, &tmp), 0); - ExpectPtrGT(tmp, out); -#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) - ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0); - ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0); - ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1); -#endif - - XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); - X509_free(cert); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_d2i_X509_REQ(void) { EXPECT_DECLS; @@ -38389,23 +23639,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_PEM_read_X509(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) - X509 *x509 = NULL; - XFILE fp = XBADFILE; - - ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); - X509_free(x509); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif - return EXPECT_RESULT(); -} - static int test_wolfSSL_PEM_read(void) { EXPECT_DECLS; @@ -38567,1758 +23800,6 @@ return EXPECT_RESULT(); } -static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - const byte iv[12] = { 0 }; - const byte key[16] = { 0 }; - const byte cleartext[16] = { 0 }; - const byte aad[] = { - 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, - 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, - 0x4f - }; - byte out1Part[16]; - byte outTag1Part[16]; - byte out2Part[16]; - byte outTag2Part[16]; - byte decryptBuf[16]; - int len = 0; - int tlen; - EVP_CIPHER_CTX* ctx = NULL; - - /* ENCRYPT */ - /* Send AAD and data in 1 part */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, - sizeof(cleartext)), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, - outTag1Part), 1); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* DECRYPT */ - /* Send AAD and data in 1 part */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, - sizeof(cleartext)), 1); - tlen += len; - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, - outTag1Part), 1); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); - - /* ENCRYPT */ - /* Send AAD and data in 2 parts */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), - 1); - ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, - sizeof(cleartext) - 1), 1); - tlen += len; - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, - outTag2Part), 1); - - ExpectIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); - ExpectIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* DECRYPT */ - /* Send AAD and data in 2 parts */ - ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); - tlen = 0; - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), - 1); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), - 1); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); - tlen += len; - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, - sizeof(cleartext) - 1), 1); - tlen += len; - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, - outTag1Part), 1); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); - tlen += len; - ExpectIntEQ(tlen, sizeof(cleartext)); - - ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); - - /* Test AAD reuse */ - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_gcm_zeroLen(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - /* Zero length plain text */ - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - unsigned char tag_kat[] = { - 0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, - 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b - }; - - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_gcm(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = AES_BLOCK_SIZE; - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[AES_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, - AES_BLOCK_SIZE, tag)); - wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - tag[AES_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - - wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); - } -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aria_gcm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = ARIA_BLOCK_SIZE; - /* Message to be encrypted */ - const int plaintxtSz = 40; - byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; - XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz); - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[ARIA_BLOCK_SIZE] = {0}; - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; - byte decryptedtxt[plaintxtSz]; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - #define TEST_ARIA_GCM_COUNT 6 - EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT]; - EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT]; - - for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) { - - EVP_CIPHER_CTX_init(&en[i]); - switch (i) { - case 0: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, key, iv)); - break; - case 1: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, key, iv)); - break; - case 2: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, key, iv)); - break; - case 3: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - case 4: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - case 5: - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - break; - } - XMEMSET(ciphertxt,0,sizeof(ciphertxt)); - AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); - ciphertxtSz = len; - AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz)); - ciphertxtSz += len; - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, ARIA_BLOCK_SIZE, tag)); - AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - switch (i) { - case 0: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, key, iv)); - break; - case 1: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, key, iv)); - break; - case 2: - /* Default uses 96-bits IV length */ - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, key, iv)); - break; - case 3: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - case 4: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - case 5: - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - break; - } - XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); - decryptedtxtSz = len; - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); - AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - AssertIntEQ(plaintxtSz, decryptedtxtSz); - AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); - /* modify tag*/ - tag[AES_BLOCK_SIZE-1]+=0xBB; - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); - AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - AssertIntEQ(0, len); - AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = TEST_RES_CHECK(1); -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ - return res; -} - -static int test_wolfssl_EVP_aes_ccm_zeroLen(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) - /* Zero length plain text */ - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_aes_ccm(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ - !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - /* A 256 bit key, AES_128 will use the first 128 bit*/ - byte *key = (byte*)"01234567890123456789012345678901"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012"; - int ivSz = (int)XSTRLEN((char*)iv); - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[AES_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - int ret; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, - AES_BLOCK_SIZE, tag)); - ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); - ExpectIntEQ(ret, 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, - key, iv)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, - key, iv)); -#endif - } - else { -#ifdef WOLFSSL_AES_128 - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, - NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, - NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[AES_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - AES_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); - ExpectIntEQ(ret, 1); - } -#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */ - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_chacha20_poly1305(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) - byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; - byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; - EVP_CIPHER_CTX* ctx = NULL; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - /* Invalid IV length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid IV length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); - /* Invalid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - /* Invalid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid tag length. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, - CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(), - key, NULL, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz, - aad, sizeof(aad)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(aad)); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_chacha20(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) - byte key[CHACHA_MAX_KEY_SZ]; - byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - EVP_CIPHER_CTX* ctx = NULL; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, - 16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, - NULL), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); - ctx = NULL; - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(), - key, NULL, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - EVP_CIPHER_CTX_free(ctx); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfssl_EVP_sm4_ecb(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_ECB) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte plainText[SM4_BLOCK_SIZE] = { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF - }; - byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; - byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, SM4_BLOCK_SIZE); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_cbc(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CBC) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte iv[SM4_BLOCK_SIZE]; - byte plainText[SM4_BLOCK_SIZE] = { - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, - 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF - }; - byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; - byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, SM4_BLOCK_SIZE); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_cbc(), key, NULL, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_ctr(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CTR) - EXPECT_DECLS; - byte key[SM4_KEY_SIZE]; - byte iv[SM4_BLOCK_SIZE]; - byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; - byte cipherText[sizeof(plainText)]; - byte decryptedText[sizeof(plainText)]; - EVP_CIPHER_CTX* ctx; - int outSz; - - XMEMSET(key, 0, sizeof(key)); - XMEMSET(iv, 0, sizeof(iv)); - - /* Encrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - /* Any tag length must fail - not an AEAD cipher. */ - ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, - sizeof(plainText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(plainText)); - ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufNE(cipherText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Decrypt. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - /* Test partial Inits. CipherInit() allow setting of key and iv - * in separate calls. */ - ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_ctr(), key, NULL, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, - sizeof(cipherText)), WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, sizeof(cipherText)); - ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), - WOLFSSL_SUCCESS); - ExpectIntEQ(outSz, 0); - ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); - EVP_CIPHER_CTX_free(ctx); - - res = EXPECT_RESULT(); -#endif - return res; -} - -static int test_wolfssl_EVP_sm4_gcm_zeroLen(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) - /* Zero length plain text */ - EXPECT_DECLS; - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - unsigned char tag_kat[16] = { - 0x23,0x2f,0x0c,0xfe,0x30,0x8b,0x49,0xea, - 0x6f,0xc8,0x82,0x29,0xb5,0xdc,0x85,0x8d - }; - - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_gcm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_gcm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) - EXPECT_DECLS; - byte *key = (byte*)"0123456789012345"; - /* A 128 bit IV */ - byte *iv = (byte*)"0123456789012345"; - int ivSz = SM4_BLOCK_SIZE; - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[SM4_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[SM4_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_ccm_zeroLen(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) - /* Zero length plain text */ - EXPECT_DECLS; - byte key[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte iv[] = { - 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 - }; /* align */ - byte plaintxt[1]; - int ivSz = 12; - int plaintxtSz = 0; - unsigned char tag[16]; - - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - - EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); - EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); - - ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, - plaintxtSz)); - ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); - - ExpectIntEQ(0, ciphertxtSz); - - EVP_CIPHER_CTX_init(de); - ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_ccm(), NULL, key, iv)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(0, decryptedtxtSz); - - EVP_CIPHER_CTX_free(en); - EVP_CIPHER_CTX_free(de); - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ - return res; -} - -static int test_wolfssl_EVP_sm4_ccm(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) - EXPECT_DECLS; - byte *key = (byte*)"0123456789012345"; - byte *iv = (byte*)"0123456789012"; - int ivSz = (int)XSTRLEN((char*)iv); - /* Message to be encrypted */ - byte *plaintxt = (byte*)"for things to change you have to change"; - /* Additional non-confidential data */ - byte *aad = (byte*)"Don't spend major time on minor things."; - - unsigned char tag[SM4_BLOCK_SIZE] = {0}; - int plaintxtSz = (int)XSTRLEN((char*)plaintxt); - int aadSz = (int)XSTRLEN((char*)aad); - byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; - byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; - int ciphertxtSz = 0; - int decryptedtxtSz = 0; - int len = 0; - int i = 0; - EVP_CIPHER_CTX en[2]; - EVP_CIPHER_CTX de[2]; - - for (i = 0; i < 2; i++) { - EVP_CIPHER_CTX_init(&en[i]); - - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); - } - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, - plaintxtSz)); - ciphertxtSz = len; - ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); - ciphertxtSz += len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); - - EVP_CIPHER_CTX_init(&de[i]); - if (i == 0) { - /* Default uses 96-bits IV length */ - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, key, - iv)); - } - else { - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, NULL, - NULL)); - /* non-default must to set the IV length first */ - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, - ivSz, NULL)); - ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); - - } - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - decryptedtxtSz = len; - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - decryptedtxtSz += len; - ExpectIntEQ(ciphertxtSz, decryptedtxtSz); - ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - - /* modify tag*/ - tag[SM4_BLOCK_SIZE-1]+=0xBB; - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); - ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, - SM4_BLOCK_SIZE, tag)); - /* fail due to wrong tag */ - ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, - ciphertxtSz)); - ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); - ExpectIntEQ(0, len); - ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); - } - - res = EXPECT_RESULT(); -#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ - return res; -} - -static int test_wolfSSL_EVP_PKEY_hkdf(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) - EVP_PKEY_CTX* ctx = NULL; - byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; - byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; - byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05}; - byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A}; - byte outKey[34]; - size_t outKeySz = sizeof(outKey); - /* These expected outputs were gathered by running the same test below using - * OpenSSL. */ - const byte extractAndExpand[] = { - 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10, - 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE, - 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6 - }; - const byte extractOnly[] = { - 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E, - 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C, - 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E - }; - const byte expandOnly[] = { - 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53, - 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B, - 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74 - }; - const byte extractAndExpandAddInfo[] = { - 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A, - 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45, - 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A - }; - - ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))); - ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL md. */ - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL salt is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)), - WOLFSSL_SUCCESS); - /* Salt length <= 0. */ - /* Length 0 salt is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL key. */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Key length <= 0 */ - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* NULL info is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)), - WOLFSSL_SUCCESS); - /* Info length <= 0 */ - /* Length 0 info is ok. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)), - WOLFSSL_SUCCESS); - /* NULL ctx. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), - WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Extract and expand (default). */ - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractAndExpand)); - ExpectIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0); - /* Extract only. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractOnly)); - ExpectIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0); - outKeySz = sizeof(outKey); - /* Expand only. */ - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(expandOnly)); - ExpectIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0); - outKeySz = sizeof(outKey); - /* Extract and expand with appended additional info. */ - ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, - EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); - ExpectIntEQ(outKeySz, sizeof(extractAndExpandAddInfo)); - ExpectIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0); - - EVP_PKEY_CTX_free(ctx); -#endif /* OPENSSL_EXTRA && HAVE_HKDF */ - return EXPECT_RESULT(); -} - -#ifndef NO_BIO -static int test_wolfSSL_PEM_X509_INFO_read_bio(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - BIO* bio = NULL; - X509_INFO* info = NULL; - STACK_OF(X509_INFO)* sk = NULL; - STACK_OF(X509_INFO)* sk2 = NULL; - char* subject = NULL; - char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" - "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; - - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); - ExpectIntEQ(sk_X509_INFO_num(sk), 2); - - /* using dereference to maintain testing for Apache port*/ - ExpectNull(sk_X509_INFO_pop(NULL)); - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - info = NULL; - - ExpectNotNull(info = sk_X509_INFO_pop(sk)); - ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), - 0, 0)); - - ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); - XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); - subject = NULL; - X509_INFO_free(info); - ExpectNull(info = sk_X509_INFO_pop(sk)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - sk = NULL; - BIO_free(bio); - bio = NULL; - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - ExpectNotNull(bio = BIO_new(BIO_s_file())); - ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); - ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); - ExpectPtrEq(sk, sk2); - if (sk2 != sk) { - sk_X509_INFO_pop_free(sk, X509_INFO_free); - } - sk = NULL; - BIO_free(bio); - sk_X509_INFO_pop_free(sk2, X509_INFO_free); - - ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); - sk_X509_INFO_free(sk); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_PEM_X509_INFO_read(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - XFILE fp = XBADFILE; - STACK_OF(X509_INFO)* sk = NULL; - - ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); - ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); - ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); - - sk_X509_INFO_pop_free(sk, X509_INFO_free); - if (fp != XBADFILE) - XFCLOSE(fp); -#endif - return EXPECT_RESULT(); -} -#endif /* !NO_BIO */ - -static int test_wolfSSL_X509_NAME_ENTRY_get_object(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509 *x509 = NULL; - X509_NAME* name = NULL; - int idx = 0; - X509_NAME_ENTRY *ne = NULL; - ASN1_OBJECT *object = NULL; - - ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, - WOLFSSL_FILETYPE_PEM)); - ExpectNotNull(name = X509_get_subject_name(x509)); - ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), - BAD_FUNC_ARG); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); - ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); - - ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); - ExpectNull(X509_NAME_ENTRY_get_object(NULL)); - ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); - - X509_free(x509); -#endif - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_get1_certs(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ - !defined(NO_FILESYSTEM) && !defined(NO_RSA) - X509_STORE_CTX *storeCtx = NULL; - X509_STORE *store = NULL; - X509 *caX509 = NULL; - X509 *svrX509 = NULL; - X509_NAME *subject = NULL; - WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; - - ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, - SSL_FILETYPE_PEM)); - ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, - SSL_FILETYPE_PEM))); - ExpectNotNull(storeCtx = X509_STORE_CTX_new()); - ExpectNotNull(store = X509_STORE_new()); - ExpectNotNull(subject = X509_get_subject_name(caX509)); - - /* Errors */ - ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); - ExpectNull(X509_STORE_get1_certs(NULL, subject)); - ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); - - ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); - ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), - SSL_SUCCESS); - - /* Should find the cert */ - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - /* Should not find the cert */ - ExpectNotNull(subject = X509_get_subject_name(svrX509)); - ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); - ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); - - sk_X509_pop_free(certs, NULL); - certs = NULL; - - X509_STORE_free(store); - X509_STORE_CTX_free(storeCtx); - X509_free(svrX509); - X509_free(caX509); -#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ - return EXPECT_RESULT(); -} - -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) -static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - X509_CRL *crl = NULL; - XFILE fp = XBADFILE; - char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); - int ret = 0; - - (void)ctx; - - if (cert_issuer == NULL) - return 0; - - if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { - PEM_read_X509_CRL(fp, &crl, NULL, NULL); - XFCLOSE(fp); - if (crl != NULL) { - char* crl_issuer = X509_NAME_oneline( - X509_CRL_get_issuer(crl), NULL, 0); - if ((crl_issuer != NULL) && - (XSTRCMP(cert_issuer, crl_issuer) == 0)) { - *crl_out = X509_CRL_dup(crl); - if (*crl_out != NULL) - ret = 1; - } - OPENSSL_free(crl_issuer); - } - } - - X509_CRL_free(crl); - OPENSSL_free(cert_issuer); - return ret; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, - X509_CRL** crl_out, X509* cert) { - (void)ctx; - (void)cert; - *crl_out = NULL; - return 1; -} - -#ifndef NO_WOLFSSL_STUB -static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, - X509_CRL* crl) { - (void)ctx; - (void)crl; - return 1; -} -#endif - -static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, - X509_STORE_CTX* ctx) { - int cert_error = X509_STORE_CTX_get_error(ctx); - X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); - int flags = X509_VERIFY_PARAM_get_flags(param); - if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != - (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { - /* Make sure the flags are set */ - return 0; - } - /* Ignore CRL missing error */ -#ifndef OPENSSL_COMPATIBLE_DEFAULTS - if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) -#else - if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) -#endif - return 1; - return ok; -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) -{ - EXPECT_DECLS; - X509_STORE* cert_store = NULL; - X509_VERIFY_PARAM* param = NULL; - - SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); - ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), - WOLFSSL_SUCCESS); - ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); - X509_STORE_set_get_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_provider2); -#ifndef NO_WOLFSSL_STUB - X509_STORE_set_check_crl(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_check); -#endif - X509_STORE_set_verify_cb(cert_store, - test_wolfSSL_X509_STORE_set_get_crl_verify); - ExpectNotNull(X509_STORE_get0_param(cert_store)); - ExpectNotNull(param = X509_VERIFY_PARAM_new()); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); - ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, - X509_STORE_get0_param(cert_store)), 1); - ExpectIntEQ(X509_VERIFY_PARAM_set_flags( - param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); - ExpectIntEQ(X509_STORE_set_flags(cert_store, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); - - - X509_VERIFY_PARAM_free(param); - return EXPECT_RESULT(); -} -#endif - -/* This test mimics the usage of the CRL provider in gRPC */ -static int test_wolfSSL_X509_STORE_set_get_crl(void) -{ - EXPECT_DECLS; -#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ - defined(WOLFSSL_LOCAL_X509_STORE) && \ - (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) - test_ssl_cbf func_cb_client; - test_ssl_cbf func_cb_server; - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); - - XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); - XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); - - func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; - - ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_SUCCESS); -#endif - return EXPECT_RESULT(); -} - - static int test_wolfSSL_dup_CA_list(void) { int res = TEST_SKIPPED; @@ -40416,7 +23897,7 @@ { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && defined(XSNPRINTF) + !defined(NO_RSA) && defined(XSNPRINTF) && !defined(WC_DISABLE_RADIX_ZERO_PAD) X509 *x509 = NULL; BIO *bio = NULL; #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) @@ -40834,6 +24315,69 @@ return EXPECT_RESULT(); } +static int test_wolfSSL_CTX_LoadCRL_largeCRLnum(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_CRL_UPDATE_CB) + WOLFSSL_CERT_MANAGER* cm = NULL; + const char* caCert = "./certs/ca-cert.pem"; + const char* crl_lrgcrlnum = "./certs/crl/extra-crls/large_crlnum.pem"; + const char* crl_lrgcrlnum2 = "./certs/crl/extra-crls/large_crlnum2.pem"; + const char* crl_57oct = "./certs/crl/extra-crls/crlnum_57oct.pem"; + const char* crl_64oct = "./certs/crl/extra-crls/crlnum_64oct.pem"; + const char* exp_crlnum = "D8AFADA7F08B38E6178BD0E5CD7B0DF80071BA74"; + byte *crlLrgCrlNumBuff = NULL; + word32 crlLrgCrlNumSz; + CrlInfo crlInfo; + XFILE f; + word32 sz; + + cm = wolfSSL_CertManagerNew(); + ExpectNotNull(cm); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caCert, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_lrgcrlnum, + WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + + AssertTrue((f = XFOPEN(crl_lrgcrlnum, "rb")) != XBADFILE); + AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); + AssertIntGE(sz = (word32) XFTELL(f), 1); + AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); + AssertTrue( \ + (crlLrgCrlNumBuff = + (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL); + AssertTrue(XFREAD(crlLrgCrlNumBuff, 1, sz, f) == sz); + XFCLOSE(f); + crlLrgCrlNumSz = sz; + + AssertIntEQ(wolfSSL_CertManagerGetCRLInfo( + cm, &crlInfo, crlLrgCrlNumBuff, crlLrgCrlNumSz, WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + AssertIntEQ(XMEMCMP( + crlInfo.crlNumber, exp_crlnum, XSTRLEN(exp_crlnum)), 0); + /* Expect to fail loading CRL because of >21 octets CRL number */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_lrgcrlnum2, + WOLFSSL_FILETYPE_PEM), + ASN_PARSE_E); + + /* Expect to fail loading CRL because of >57 octets CRL number */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_57oct, + WOLFSSL_FILETYPE_PEM), + ASN_PARSE_E); + /* Expect to fail loading CRL because of >64 octets CRL number */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_64oct, + WOLFSSL_FILETYPE_PEM), + ASN_PARSE_E); + + XFREE(crlLrgCrlNumBuff, NULL, DYNAMIC_TYPE_FILE); + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); + +} + #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ defined(HAVE_CRL_UPDATE_CB) int crlUpdateTestStatus = 0; @@ -40891,7 +24435,7 @@ AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen); AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat); AssertIntEQ(XMEMCMP( - crl1Info.crlNumber, old->crlNumber, CRL_MAX_NUM_SZ), 0); + crl1Info.crlNumber, old->crlNumber, sizeof(old->crlNumber)), 0); AssertIntEQ(XMEMCMP( crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0); AssertIntEQ(XMEMCMP( @@ -40906,7 +24450,7 @@ AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen); AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat); AssertIntEQ(XMEMCMP( - crlRevInfo.crlNumber, cnew->crlNumber, CRL_MAX_NUM_SZ), 0); + crlRevInfo.crlNumber, cnew->crlNumber, sizeof(cnew->crlNumber)), 0); AssertIntEQ(XMEMCMP( crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0); AssertIntEQ(XMEMCMP( @@ -41331,19 +24875,33 @@ test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); - ExpectFalse(func_cb_client.return_code); - ExpectFalse(func_cb_server.return_code); - - /* The socket should be closed by the server resulting in a - * socket error, fatal error or reading a close notify alert */ - if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN && - func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) { - ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + /* If the client failed, check that the error it encountered was from + * the server aborting, resulting in a socket error, fatal error or + * reading a close notify alert. + * + * Under slow execution (e.g. valgrind + noasm), the server may + * still be processing fragments when the client completes its + * handshake and write, so the client may succeed -- in that + * case return_code is TEST_SUCCESS and these checks don't apply. + */ + if (func_cb_client.return_code == TEST_FAIL) { + if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN && + func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) { + ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + } } /* Check the server returned an error indicating the msg buffer - * was full */ - ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E)); + * was full. + * + * Under slow execution (e.g. valgrind + noasm), the real handshake + * from wolfSSL_negotiate() may complete before enough spam fragments + * accumulate to trigger DTLS_TOO_MANY_FRAGMENTS_E. Accept both + * outcomes: server hit the fragment limit, or completed normally. + */ + if (func_cb_server.return_code == TEST_FAIL) { + ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E)); + } if (EXPECT_FAIL()) break; @@ -41895,8 +25453,10 @@ wc_HashAlg hash; const TLSX* exts = ssl->extensions; WOLFSSL sslCopy; /* Use a copy to omit certain fields */ +#ifndef WOLFSSL_SMALL_STACK_CACHE HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in * InitHandshakeHashes */ +#endif XMEMCPY(&sslCopy, ssl, sizeof(*ssl)); XMEMSET(hashBuf, 0, sizeof(hashBuf)); @@ -41924,6 +25484,12 @@ sslCopy.keys.dtls_peer_handshake_number = 0; XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history)); sslCopy.hsHashes = NULL; +#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ + ((defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)) || \ + (defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ + (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) + sslCopy.options.cacheMessages = 0; +#endif #ifdef WOLFSSL_ASYNC_IO #ifdef WOLFSSL_ASYNC_CRYPT sslCopy.asyncDev = NULL; @@ -41943,9 +25509,17 @@ AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites, sizeof(struct Suites)), 0); } + +#ifdef WOLFSSL_SMALL_STACK_CACHE + /* with WOLFSSL_SMALL_STACK_CACHE, the SHA-2 objects always differ after + * initialization because of cached W and (for SHA512) X buffers. + */ +#else /* Hash hsHashes */ AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes, sizeof(*hsHashes)), 0); +#endif + AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); AssertIntEQ(wc_HashFree(&hash, hashType), 0); @@ -42053,260 +25627,124 @@ return TEST_SUCCESS; } -#else -static int test_wolfSSL_dtls_stateless(void) -{ - return TEST_SKIPPED; -} -#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && - * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ -#ifdef HAVE_CERT_CHAIN_VALIDATION -#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION -#ifdef WOLFSSL_PEM_TO_DER -#ifndef NO_SHA256 -static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) +/* DTLS stateless API handling multiple CHs with different HRR groups */ +static int test_wolfSSL_dtls_stateless_hrr_group(void) { - int ret; + EXPECT_DECLS; +#if defined(WOLFSSL_SEND_HRR_COOKIE) + size_t i; + word32 initHash; + struct { + method_provider client_meth; + method_provider server_meth; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method }, +#endif +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method }, +#endif + }; + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL; + WOLFSSL *ssl_s = NULL, *ssl_c = NULL, *ssl_c2 = NULL; + struct test_memio_ctx test_ctx; + int groups_1[] = { + WOLFSSL_ECC_SECP256R1, + WOLFSSL_ECC_SECP384R1, + WOLFSSL_ECC_SECP521R1 + }; + int groups_2[] = { + WOLFSSL_ECC_SECP384R1, + WOLFSSL_ECC_SECP521R1 + }; + char hrrBuf[1000]; + int hrrSz = sizeof(hrrBuf); - if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { - fprintf(stderr, "loading cert %s failed\n", certA); - fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string((word32)ret)); - return -1; - } + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); - return 0; -} + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); -static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) -{ - int ret; - if ((ret = wolfSSL_CertManagerVerify(cm, certA, CERT_FILETYPE)) - != WOLFSSL_SUCCESS) { - fprintf(stderr, "could not verify the cert: %s\n", certA); - fprintf(stderr, "Error: (%d): %s\n", ret, - wolfSSL_ERR_reason_error_string((word32)ret)); - return -1; - } - else { - fprintf(stderr, "successfully verified: %s\n", certA); - } + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c2, NULL, + params[i].client_meth, params[i].server_meth), 0); - return 0; -} -#define LOAD_ONE_CA(a, b, c, d) \ - do { \ - (a) = load_ca_into_cm(c, d); \ - if ((a) != 0) \ - return (b); \ - else \ - (b)--; \ - } while(0) - -#define VERIFY_ONE_CERT(a, b, c, d) \ - do { \ - (a) = verify_cert_with_cm(c, d);\ - if ((a) != 0) \ - return (b); \ - else \ - (b)--; \ - } while(0) -static int test_chainG(WOLFSSL_CERT_MANAGER* cm) -{ - int ret; - int i = -1; - /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */ - char chainGArr[9][50] = {"certs/ca-cert.pem", - "certs/test-pathlen/chainG-ICA7-pathlen100.pem", - "certs/test-pathlen/chainG-ICA6-pathlen10.pem", - "certs/test-pathlen/chainG-ICA5-pathlen20.pem", - "certs/test-pathlen/chainG-ICA4-pathlen5.pem", - "certs/test-pathlen/chainG-ICA3-pathlen99.pem", - "certs/test-pathlen/chainG-ICA2-pathlen1.pem", - "certs/test-pathlen/chainG-ICA1-pathlen0.pem", - "certs/test-pathlen/chainG-entity.pem"}; - - LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */ - LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */ - - /* test validating the entity twice, should have no effect on pathLen since - * entity/leaf cert */ - VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */ + wolfSSL_SetLoggingPrefix("server"); + wolfSSL_dtls_set_using_nonblock(ssl_s, 1); - return ret; -} + initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl_s); -static int test_chainH(WOLFSSL_CERT_MANAGER* cm) -{ - int ret; - int i = -1; - /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9: - * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2) - * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1) - * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0) - * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR) - * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 - */ - char chainHArr[6][50] = {"certs/ca-cert.pem", - "certs/test-pathlen/chainH-ICA4-pathlen2.pem", - "certs/test-pathlen/chainH-ICA3-pathlen2.pem", - "certs/test-pathlen/chainH-ICA2-pathlen2.pem", - "certs/test-pathlen/chainH-ICA1-pathlen0.pem", - "certs/test-pathlen/chainH-entity.pem"}; - - LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */ - LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */ - LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */ - LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */ - LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */ - VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */ - VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */ - VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */ - VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */ - VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */ + /* Set groups and disable key shares. This ensures that only the given + * groups are in the SupportedGroups extension and that an empty key + * share extension is sent in the initial ClientHello of each session. + * This triggers the server to send a HelloRetryRequest with the first + * group in the SupportedGroups extension selected. */ + wolfSSL_SetLoggingPrefix("client1"); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups_1, 3), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_NoKeyShares(ssl_c), WOLFSSL_SUCCESS); + + wolfSSL_SetLoggingPrefix("client2"); + ExpectIntEQ(wolfSSL_set_groups(ssl_c2, groups_2, 2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_NoKeyShares(ssl_c2), WOLFSSL_SUCCESS); - return ret; -} + /* Start handshake, send first ClientHello */ + wolfSSL_SetLoggingPrefix("client1"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); -static int test_chainI(WOLFSSL_CERT_MANAGER* cm) -{ - int ret; - int i = -1; - /* Chain I is a valid chain per RFC5280 section 4.2.1.9: - * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2) - * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1) - * ICA1-no_pathlen signing entity (reduce maxPathLen to 0) - * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 - */ - char chainIArr[5][50] = {"certs/ca-cert.pem", - "certs/test-pathlen/chainI-ICA3-pathlen2.pem", - "certs/test-pathlen/chainI-ICA2-no_pathlen.pem", - "certs/test-pathlen/chainI-ICA1-no_pathlen.pem", - "certs/test-pathlen/chainI-entity.pem"}; - - LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */ - LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */ - LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */ - LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */ - VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */ - VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */ - VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */ - VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */ + /* Read first ClientHello, send HRR with WOLFSSL_ECC_SECP256R1 */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), 0); + ExpectIntEQ(test_memio_copy_message(&test_ctx, 1, hrrBuf, &hrrSz, 0), 0); + ExpectIntGT(hrrSz, 0); + ExpectIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl_s)); + test_memio_clear_buffer(&test_ctx, 1); + + /* Send second ClientHello */ + wolfSSL_SetLoggingPrefix("client2"); + ExpectIntEQ(wolfSSL_connect(ssl_c2), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c2, -1), WOLFSSL_ERROR_WANT_READ); + + /* Read second ClientHello, send HRR now with WOLFSSL_ECC_SECP384R1 */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), 0); + ExpectIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl_s)); + test_memio_clear_buffer(&test_ctx, 1); + + /* Complete first handshake with WOLFSSL_ECC_SECP256R1 */ + wolfSSL_SetLoggingPrefix("client1"); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, hrrBuf, hrrSz), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); - return ret; -} + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_SUCCESS); -static int test_chainJ(WOLFSSL_CERT_MANAGER* cm) -{ - int ret; - int i = -1; - /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9: - * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2) - * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1) - * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0) - * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert) - */ - char chainJArr[6][50] = {"certs/ca-cert.pem", - "certs/test-pathlen/chainJ-ICA4-pathlen2.pem", - "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem", - "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem", - "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem", - "certs/test-pathlen/chainJ-entity.pem"}; - - LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */ - LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */ - LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */ - LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */ - LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */ - VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */ - VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */ - VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */ - VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */ - VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); - return ret; + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + } +#endif /* WOLFSSL_SEND_HRR_COOKIE */ + return EXPECT_RESULT(); } -#endif - -static int test_various_pathlen_chains(void) -{ - EXPECT_DECLS; -#ifndef NO_SHA256 - WOLFSSL_CERT_MANAGER* cm = NULL; - - /* Test chain G (large chain with varying pathLens) */ - ExpectNotNull(cm = wolfSSL_CertManagerNew()); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(test_chainG(cm), -1); -#else - ExpectIntEQ(test_chainG(cm), 0); -#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - /* end test chain G */ - - /* Test chain H (5 chain with same pathLens) */ - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntLT(test_chainH(cm), 0); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - /* end test chain H */ - - /* Test chain I (only first ICA has pathLen set and it's set to 2, - * followed by 2 ICA's, should pass) */ - ExpectNotNull(cm = wolfSSL_CertManagerNew()); -#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) - ExpectIntEQ(test_chainI(cm), -1); #else - ExpectIntEQ(test_chainI(cm), 0); -#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - cm = NULL; - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - cm = NULL; - - /* Test chain J (Again only first ICA has pathLen set and it's set to 2, - * this time followed by 3 ICA's, should fail */ - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntLT(test_chainJ(cm), 0); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); - cm = NULL; - - ExpectNotNull(cm = wolfSSL_CertManagerNew()); - ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); - wolfSSL_CertManagerFree(cm); -#endif +static int test_wolfSSL_dtls_stateless(void) +{ + return TEST_SKIPPED; +} - return EXPECT_RESULT(); +static int test_wolfSSL_dtls_stateless_hrr_group(void) +{ + return TEST_SKIPPED; } -#endif -#endif -#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ +#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && + * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) @@ -42336,6 +25774,11 @@ NULL, 0, 0), 0); ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0); + /* contextLen overflow: values exceeding UINT16_MAX must be rejected to + * prevent integer overflow in seedLen calculation (ZD #21242). */ + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "Test label", XSTR_SIZEOF("Test label"), ekm, + (size_t)0xFFFF + 1, 1), 0); return EXPECT_RESULT(); } @@ -42550,8 +25993,8 @@ char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; - int idx; - int ret, err; + int idx = 0; + int ret = 0, err = 0; if (!args) WOLFSSL_RETURN_FROM_THREAD(0); @@ -42599,7 +26042,7 @@ if (EXPECT_SUCCESS()) { ret = wolfSSL_shutdown(ssl); - if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)) { ret = wolfSSL_shutdown(ssl); } } @@ -44045,7 +27488,7 @@ { EXPECT_DECLS; const char* errStr; - const char* unknownStr = wc_GetErrorString(0); + const char* unknownStr = wc_GetErrorString(WC_LAST_E - 1); #ifdef NO_ERROR_STRINGS /* Ensure a valid error code's string matches an invalid code's. @@ -44056,6 +27499,7 @@ if (EXPECT_FAIL()) return OPEN_RAN_E; #else + int start_idx = 0; int i; int j = 0; /* Values that are not or no longer error codes. */ @@ -44069,18 +27513,18 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) - { -11, -12 }, - { -15, -17 }, - { -19, -19 }, - { -26, -27 }, - { -30, WC_SPAN1_FIRST_E + 1 }, -#else - { -9, WC_SPAN1_FIRST_E + 1 }, + {11, 11}, + {17, 15}, + {19, 19}, + {27, 26 }, + {61, 30}, + {63, 63}, #endif + { -9, WC_SPAN1_FIRST_E + 1 }, { -124, -124 }, { -167, -169 }, { -300, -300 }, - { -334, -336 }, + { -335, -336 }, { -346, -349 }, { -356, -356 }, { -358, -358 }, @@ -44094,7 +27538,10 @@ * APIs. Check that the values that are not errors map to the unknown * string. */ - for (i = 0; i >= MIN_CODE_E; i--) { +#if defined(OPENSSL_EXTRA) + start_idx = WC_OSSL_V509_V_ERR_MAX - 1; +#endif + for (i = start_idx; i >= MIN_CODE_E; i--) { int this_missing = 0; for (j = 0; j < (int)XELEM_CNT(missing); ++j) { if ((i <= missing[j].first) && (i >= missing[j].last)) { @@ -44165,243 +27612,6 @@ return EXPECT_RESULT(); } -static int test_wolfSSL_EVP_shake128(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ - defined(WOLFSSL_SHAKE128) - const EVP_MD* md = NULL; - - ExpectNotNull(md = EVP_shake128()); - ExpectIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); -#endif - - return EXPECT_RESULT(); -} - -static int test_wolfSSL_EVP_shake256(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ - defined(WOLFSSL_SHAKE256) - const EVP_MD* md = NULL; - - ExpectNotNull(md = EVP_shake256()); - ExpectIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); -#endif - - return EXPECT_RESULT(); -} - -/* - * Testing EVP digest API with SM3 - */ -static int test_wolfSSL_EVP_sm3(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM3) - EXPECT_DECLS; - const EVP_MD* md = NULL; - EVP_MD_CTX* mdCtx = NULL; - byte data[WC_SM3_BLOCK_SIZE * 4]; - byte hash[WC_SM3_DIGEST_SIZE]; - byte calcHash[WC_SM3_DIGEST_SIZE]; - byte expHash[WC_SM3_DIGEST_SIZE] = { - 0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27, - 0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1, - 0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b, - 0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6 - }; - word32 chunk; - word32 i; - unsigned int sz; - int ret; - - XMEMSET(data, 0, sizeof(data)); - - md = EVP_sm3(); - ExpectTrue(md != NULL); - ExpectIntEQ(XSTRNCMP(md, "SM3", XSTRLEN("SM3")), 0); - mdCtx = EVP_MD_CTX_new(); - ExpectTrue(mdCtx != NULL); - - /* Invalid Parameters */ - ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - /* Valid Parameters */ - ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS); - - ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Valid Parameters */ - ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE - 2), - WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE * 2), - WOLFSSL_SUCCESS); - /* Ensure too many bytes for lengths. */ - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_PAD_SIZE), - WOLFSSL_SUCCESS); - - /* Invalid Parameters */ - ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); - - /* Valid Parameters */ - ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); - ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE); - - /* Chunk tests. */ - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, sizeof(data)), WOLFSSL_SUCCESS); - ExpectIntEQ(EVP_DigestFinal(mdCtx, calcHash, &sz), WOLFSSL_SUCCESS); - ExpectIntEQ(sz, WC_SM3_DIGEST_SIZE); - for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) { - for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) { - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, chunk), - WOLFSSL_SUCCESS); - } - if (i < (word32)sizeof(data)) { - ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, - (word32)sizeof(data) - i), WOLFSSL_SUCCESS); - } - ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); - ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE); - } - - /* Not testing when the low 32-bit length overflows. */ - - ret = EVP_MD_CTX_cleanup(mdCtx); - ExpectIntEQ(ret, WOLFSSL_SUCCESS); - wolfSSL_EVP_MD_CTX_free(mdCtx); - - res = EXPECT_RESULT(); -#endif - return res; -} /* END test_EVP_sm3 */ - -static int test_EVP_blake2(void) -{ - EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)) - const EVP_MD* md = NULL; - (void)md; - -#if defined(HAVE_BLAKE2) - ExpectNotNull(md = EVP_blake2b512()); - ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0); -#endif - -#if defined(HAVE_BLAKE2S) - ExpectNotNull(md = EVP_blake2s256()); - ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0); -#endif -#endif - - return EXPECT_RESULT(); -} - -#if defined(OPENSSL_EXTRA) -static void list_md_fn(const EVP_MD* m, const char* from, - const char* to, void* arg) -{ - const char* mn; - BIO *bio; - - (void) from; - (void) to; - (void) arg; - (void) mn; - (void) bio; - - if (!m) { - /* alias */ - AssertNull(m); - AssertNotNull(to); - } - else { - AssertNotNull(m); - AssertNull(to); - } - - AssertNotNull(from); - -#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) - mn = EVP_get_digestbyname(from); - /* print to stderr */ - AssertNotNull(arg); - - bio = BIO_new(BIO_s_file()); - BIO_set_fp(bio, arg, BIO_NOCLOSE); - BIO_printf(bio, "Use %s message digest algorithm\n", mn); - BIO_free(bio); -#endif -} -#endif - -static int test_EVP_MD_do_all(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) - EVP_MD_do_all(NULL, stderr); - - EVP_MD_do_all(list_md_fn, stderr); - - res = TEST_SUCCESS; -#endif - - return res; -} - -#if defined(OPENSSL_EXTRA) -static void obj_name_t(const OBJ_NAME* nm, void* arg) -{ - (void)arg; - (void)nm; - - AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF); - -#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) - /* print to stderr */ - AssertNotNull(arg); - - BIO *bio = BIO_new(BIO_s_file()); - BIO_set_fp(bio, arg, BIO_NOCLOSE); - BIO_printf(bio, "%s\n", nm); - BIO_free(bio); -#endif -} - -#endif -static int test_OBJ_NAME_do_all(void) -{ - int res = TEST_SKIPPED; -#if defined(OPENSSL_EXTRA) - - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); - - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr); - - OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr); - OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr); - OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr); - OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr); - OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr); - OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr); - OBJ_NAME_do_all(-1, obj_name_t, stderr); - - res = TEST_SUCCESS; -#endif - - return res; -} static int test_SSL_CIPHER_get_xxx(void) { @@ -44556,7 +27766,7 @@ } if (key_buf != NULL) { - free(key_buf); key_buf = NULL; + XFREE(key_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); key_buf = NULL; } (void)encInfo; /* not used in this test */ @@ -45074,6 +28284,23 @@ break; } } + else if (info->free.algo == WC_ALGO_TYPE_CIPHER) { + switch (info->free.type) { + #ifndef NO_AES + case WC_CIPHER_AES: + { + Aes* aes = (Aes*)info->free.obj; + aes->devId = INVALID_DEVID; + wc_AesFree(aes); + ret = 0; + break; + } + #endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } else { ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); } @@ -45618,7 +28845,8 @@ static int DFB_TEST(WOLFSSL* ssl, word32 seq, word32 len, word32 f_offset, word32 f_len, word32 f_count, byte ready, word32 bytesReceived) { - DtlsMsg* cur; + EXPECT_DECLS; + DtlsMsg* cur = NULL; static byte msg[100]; static byte msgInit = 0; @@ -45630,40 +28858,34 @@ } /* Sanitize test parameters */ - if (len > sizeof(msg)) - return -1; - if (f_offset + f_len > sizeof(msg)) - return -1; + ExpectIntLE(len, sizeof(msg)); + ExpectIntLE(f_offset + f_len, sizeof(msg)); - DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL); + if (EXPECT_SUCCESS()) + DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL); - if (ssl->dtls_rx_msg_list == NULL) - return -100; + ExpectNotNull(ssl->dtls_rx_msg_list); - if ((cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)) == NULL) - return -200; - if (cur->fragBucketListCount != f_count) - return -300; - if (cur->ready != ready) - return -400; - if (cur->bytesReceived != bytesReceived) - return -500; + ExpectNotNull(cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)); + ExpectIntEQ(cur->fragBucketListCount, f_count); + ExpectIntEQ(cur->ready, ready); + ExpectIntEQ(cur->bytesReceived, bytesReceived); if (ready) { - if (cur->fragBucketList != NULL) - return -600; - if (XMEMCMP(cur->fullMsg, msg, cur->sz) != 0) - return -700; + ExpectNull(cur->fragBucketList); + ExpectBufEQ(cur->fullMsg, msg, cur->sz); } else { DtlsFragBucket* fb; - if (cur->fragBucketList == NULL) - return -800; - for (fb = cur->fragBucketList; fb != NULL; fb = fb->m.m.next) { - if (XMEMCMP(fb->buf, msg + fb->m.m.offset, fb->m.m.sz) != 0) - return -900; - } + ExpectNotNull(cur->fragBucketList); + for (fb = cur != NULL ? cur->fragBucketList : NULL; + EXPECT_SUCCESS() && fb != NULL; fb = fb->m.m.next) + ExpectBufEQ(fb->buf, msg + fb->m.m.offset, fb->m.m.sz); } - return 0; + if (EXPECT_FAIL()) { + printf("Test parameters: seq %u len %u f_offset %u f_len %u f_count %u ready %u bytesReceived %u\n", + seq, len, f_offset, f_len, f_count, ready, bytesReceived); + } + return EXPECT_RESULT(); } static int test_wolfSSL_DTLS_fragment_buckets(void) @@ -45673,68 +28895,114 @@ XMEMSET(ssl, 0, sizeof(*ssl)); - ExpectIntEQ(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100), 0); /* 0-100 */ + EXPECT_TEST(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100)); /* 0-100 */ - ExpectIntEQ(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ - ExpectIntEQ(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40), 0); /* 20-40 */ - ExpectIntEQ(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60), 0); /* 40-60 */ - ExpectIntEQ(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80), 0); /* 60-80 */ - ExpectIntEQ(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100), 0); /* 80-100 */ + EXPECT_TEST(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20)); /* 0-20 */ + EXPECT_TEST(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40)); /* 20-40 */ + EXPECT_TEST(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60)); /* 40-60 */ + EXPECT_TEST(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80)); /* 60-80 */ + EXPECT_TEST(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100)); /* 80-100 */ /* Test all permutations of 3 regions */ /* 1 2 3 */ - ExpectIntEQ(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ - ExpectIntEQ(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60), 0); /* 30-60 */ - ExpectIntEQ(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60)); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100)); /* 60-100 */ /* 1 3 2 */ - ExpectIntEQ(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ - ExpectIntEQ(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70), 0); /* 60-100 */ - ExpectIntEQ(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70)); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100)); /* 30-60 */ /* 2 1 3 */ - ExpectIntEQ(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ - ExpectIntEQ(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60), 0); /* 0-30 */ - ExpectIntEQ(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30)); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100)); /* 60-100 */ /* 2 3 1 */ - ExpectIntEQ(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ - ExpectIntEQ(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70), 0); /* 60-100 */ - ExpectIntEQ(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30)); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70)); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100)); /* 0-30 */ /* 3 1 2 */ - ExpectIntEQ(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ - ExpectIntEQ(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70), 0); /* 0-30 */ - ExpectIntEQ(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40)); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100)); /* 30-60 */ /* 3 2 1 */ - ExpectIntEQ(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ - ExpectIntEQ(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70), 0); /* 30-60 */ - ExpectIntEQ(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40)); /* 60-100 */ + EXPECT_TEST(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70)); /* 30-60 */ + EXPECT_TEST(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100)); /* 0-30 */ /* Test overlapping regions */ - ExpectIntEQ(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ - ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30), 0); /* 20-30 */ - ExpectIntEQ(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40), 0); /* 70-80 */ - ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60), 0); /* 20-50 */ - ExpectIntEQ(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100), 0); /* 40-100 */ + EXPECT_TEST(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30)); /* 20-30 */ + EXPECT_TEST(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40)); /* 70-80 */ + EXPECT_TEST(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60)); /* 20-50 */ + EXPECT_TEST(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100)); /* 40-100 */ /* Test overlapping multiple regions */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25), 0); /* 30-35 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30), 0); /* 40-45 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35), 0); /* 50-55 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40), 0); /* 60-65 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45), 0); /* 70-75 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55), 0); /* 30-55 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65), 0); /* 55-70 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90), 0); /* 75-100 */ - ExpectIntEQ(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100), 0); /* 10-35 */ - - ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ - ExpectIntEQ(DFB_TEST(ssl, 10, 100, 30, 20, 2, 0, 40), 0); /* 30-50 */ - ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 40, 1, 0, 50), 0); /* 0-40 */ - ExpectIntEQ(DFB_TEST(ssl, 10, 100, 50, 50, 0, 1, 100), 0); /* 10-35 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20)); /* 0-20 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25)); /* 30-35 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30)); /* 40-45 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35)); /* 50-55 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40)); /* 60-65 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45)); /* 70-75 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55)); /* 30-55 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65)); /* 55-70 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90)); /* 75-100 */ + EXPECT_TEST(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100)); /* 10-35 */ + + EXPECT_TEST(DFB_TEST(ssl,10, 100, 0, 20, 1, 0, 20)); /* 0-20 */ + EXPECT_TEST(DFB_TEST(ssl,10, 100, 30, 20, 2, 0, 40)); /* 30-50 */ + EXPECT_TEST(DFB_TEST(ssl,10, 100, 0, 40, 1, 0, 50)); /* 0-40 */ + EXPECT_TEST(DFB_TEST(ssl,10, 100, 50, 50, 0, 1, 100)); /* 50-100 */ + + /* Test region between other regions */ + EXPECT_TEST(DFB_TEST(ssl,11, 100, 0, 20, 1, 0, 20)); /* 0-20 */ + EXPECT_TEST(DFB_TEST(ssl,11, 100, 80, 20, 2, 0, 40)); /* 80-100 */ + EXPECT_TEST(DFB_TEST(ssl,11, 100, 40, 20, 3, 0, 60)); /* 40-60 */ + EXPECT_TEST(DFB_TEST(ssl,11, 100, 20, 20, 2, 0, 80)); /* 20-40 */ + EXPECT_TEST(DFB_TEST(ssl,11, 100, 60, 20, 0, 1, 100)); /* 60-80 */ + + /* Test gap before first bucket (prev==NULL in gap-before branch) */ + EXPECT_TEST(DFB_TEST(ssl,12, 100, 50, 20, 1, 0, 20)); /* 50-70 */ + EXPECT_TEST(DFB_TEST(ssl,12, 100, 0, 20, 2, 0, 40)); /* 0-20 gap before first */ + EXPECT_TEST(DFB_TEST(ssl,12, 100, 20, 30, 1, 0, 70)); /* 20-50 bridges gap */ + EXPECT_TEST(DFB_TEST(ssl,12, 100, 70, 30, 0, 1, 100)); /* 70-100 */ + + /* Test fragment after message is already complete (ready early return) */ + EXPECT_TEST(DFB_TEST(ssl,13, 100, 0,100, 0, 1, 100)); /* 0-100 complete */ + EXPECT_TEST(DFB_TEST(ssl,13, 100, 0, 50, 0, 1, 100)); /* 0-50 dup on ready */ + + /* Test combine where next bucket is larger than cur (chosenBucket=&next) */ + EXPECT_TEST(DFB_TEST(ssl,14, 100, 0, 10, 1, 0, 10)); /* 0-10 */ + EXPECT_TEST(DFB_TEST(ssl,14, 100, 30, 50, 2, 0, 60)); /* 30-80 */ + EXPECT_TEST(DFB_TEST(ssl,14, 100, 5, 30, 1, 0, 80)); /* 5-35 next>cur */ + EXPECT_TEST(DFB_TEST(ssl,14, 100, 80, 20, 0, 1, 100)); /* 80-100 */ + + /* Test super fragment covering all existing buckets */ + EXPECT_TEST(DFB_TEST(ssl,15, 100, 10, 10, 1, 0, 10)); /* 10-20 */ + EXPECT_TEST(DFB_TEST(ssl,15, 100, 30, 10, 2, 0, 20)); /* 30-40 */ + EXPECT_TEST(DFB_TEST(ssl,15, 100, 60, 10, 3, 0, 30)); /* 60-70 */ + EXPECT_TEST(DFB_TEST(ssl,15, 100, 0,100, 0, 1, 100)); /* 0-100 super frag */ + + /* Test exact duplicate fragment */ + EXPECT_TEST(DFB_TEST(ssl,16, 100, 20, 40, 1, 0, 40)); /* 20-60 */ + EXPECT_TEST(DFB_TEST(ssl,16, 100, 20, 40, 1, 0, 40)); /* 20-60 exact dup */ + EXPECT_TEST(DFB_TEST(ssl,16, 100, 0, 20, 1, 0, 60)); /* 0-20 */ + EXPECT_TEST(DFB_TEST(ssl,16, 100, 60, 40, 0, 1, 100)); /* 60-100 */ + + /* Test combine bridging two buckets (combineNext, cur->data) */ + EXPECT_TEST(DFB_TEST(ssl,17, 100, 0, 30, 1, 0, 30)); /* 0-30 */ + EXPECT_TEST(DFB_TEST(ssl,17, 100, 60, 20, 2, 0, 50)); /* 60-80 */ + EXPECT_TEST(DFB_TEST(ssl,17, 100, 20, 45, 1, 0, 80)); /* 20-65 bridge */ + EXPECT_TEST(DFB_TEST(ssl,17, 100, 80, 20, 0, 1, 100)); /* 80-100 */ + + /* Test progressive left-extension with partial overlaps */ + EXPECT_TEST(DFB_TEST(ssl,18, 100, 70, 30, 1, 0, 30)); /* 70-100 */ + EXPECT_TEST(DFB_TEST(ssl,18, 100, 50, 30, 1, 0, 50)); /* 50-80 extend left */ + EXPECT_TEST(DFB_TEST(ssl,18, 100, 30, 30, 1, 0, 70)); /* 30-60 extend left */ + EXPECT_TEST(DFB_TEST(ssl,18, 100, 0, 40, 0, 1, 100)); /* 0-40 complete left */ DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap); ssl->dtls_rx_msg_list = NULL; ssl->dtls_rx_msg_list_sz = 0; - return EXPECT_RESULT(); } @@ -46279,6 +29547,122 @@ } #endif +/* Build a valid TLS 1.2 ticket by completing an initial handshake, then tamper + * with enc_len so it is larger than the true encrypted payload. */ +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + !defined(NO_RSA) && defined(HAVE_ECC) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + +static int test_ticket_enc_corrupted_cb(WOLFSSL* ssl, + byte key_name[WOLFSSL_TICKET_NAME_SZ], byte iv[WOLFSSL_TICKET_IV_SZ], + byte mac[WOLFSSL_TICKET_MAC_SZ], int enc, byte* ticket, int inLen, + int* outLen, void* userCtx) +{ + (void)ssl; + (void)key_name; + (void)iv; + (void)mac; + (void)userCtx; + (void)outLen; + + if (!enc) { + XMEMSET(ticket, 0, (size_t)inLen); + return WOLFSSL_TICKET_RET_REJECT; /* keep handshake progressing */ + } + return WOLFSSL_TICKET_RET_CREATE; +} + +static int test_ticket_enc_corrupted(void) +{ + EXPECT_DECLS; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX* ctx_c = NULL; + WOLFSSL_CTX* ctx_s = NULL; + WOLFSSL* ssl_c = NULL; + WOLFSSL* ssl_s = NULL; + WOLFSSL_SESSION* sess = NULL; + ExternalTicket* et; + word16 encLen; + int actualEncLen; + int craftedBadLen = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); + ExpectIntEQ(wolfSSL_CTX_UseSessionTicket(ctx_c), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + if (sess != NULL) { + ExpectIntGT(sess->ticketLen, WOLFSSL_TICKET_FIXED_SZ); + + /* Force enc_len to exceed actual encrypted ticket payload while still + * staying <= WOLFSSL_TICKET_ENC_SZ, so callback is reached. */ + et = (ExternalTicket*)sess->ticket; + ato16(et->enc_len, &encLen); + actualEncLen = (int)(sess->ticketLen - WOLFSSL_TICKET_FIXED_SZ); + if (actualEncLen + 100 <= (int)WOLFSSL_TICKET_ENC_SZ) { + encLen = (word16)(actualEncLen + 100); + c16toa(encLen, et->enc_len); + craftedBadLen = 1; + } + else if (actualEncLen + 1 <= (int)WOLFSSL_TICKET_ENC_SZ) { + encLen = (word16)(actualEncLen + 1); + c16toa(encLen, et->enc_len); + craftedBadLen = 1; + } + } + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + test_memio_clear_buffer(&test_ctx, 1); + test_memio_clear_buffer(&test_ctx, 0); + + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); + if (sess != NULL) { + if (!craftedBadLen) { + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return TEST_SKIPPED; + } + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_TicketEncCb(ctx_s, + test_ticket_enc_corrupted_cb), WOLFSSL_SUCCESS); + ExpectTrue((wolfSSL_connect(ssl_c) == + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectTrue((wolfSSL_accept(ssl_s) == + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + } + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_ticket_enc_corrupted(void) { return TEST_SKIPPED; } +#endif + #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && \ defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ @@ -46296,7 +29680,7 @@ } do { ret = wolfSSL_shutdown(ssl); - } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); #ifndef OPENSSL_COMPATIBLE_DEFAULTS @@ -46387,7 +29771,7 @@ } do { ret = wolfSSL_shutdown(ssl); - } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + } while (ret == WC_NO_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE)); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is @@ -47310,7 +30694,7 @@ static int test_rpk_set_xxx_cert_type(void) { EXPECT_DECLS; -#if defined(HAVE_RPK) && !defined(NO_TLS) +#if defined(HAVE_RPK) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) char ctype[MAX_CLIENT_CERT_TYPE_CNT + 1]; /* prepare bigger buffer */ WOLFSSL_CTX* ctx = NULL; @@ -47554,6 +30938,10 @@ WOLFSSL *ssl_s = NULL; struct test_memio_ctx test_ctx; const int EPOCH_OFF = 3; + int groups[] = { + WOLFSSL_ECC_SECP256R1, + WOLFSSL_ECC_SECP384R1, + }; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, @@ -47563,6 +30951,9 @@ * with just one message */ ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); + /* Set client groups to traditional only to avoid CH fragmentation */ + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), WOLFSSL_ERROR_WANT_READ); @@ -47616,10 +31007,7 @@ /* Setup the session to avoid errors */ ssl->session->timeout = (word32)-1; ssl->session->side = WOLFSSL_CLIENT_END; -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) ssl->session->version = ssl->version; -#endif /* Force a short session ID to be sent */ ssl->session->sessionIDSz = 4; #ifndef NO_SESSION_CACHE_REF @@ -48177,6 +31565,10 @@ 0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x06, 0x00, 0x04, 0x00, 0x03, 0x30, 0x00, 0x13, 0x94, 0x00, 0x06, 0x00, 0x04, 0x02 }; + int groups[2] = { + WOLFSSL_ECC_SECP256R1, + WOLFSSL_ECC_SECP521R1, + }; int i = 0; for (i = 0; i < 2; i++) { @@ -48199,9 +31591,12 @@ break; } + /* Ensure the correct groups are used for the test */ + ExpectIntEQ(wolfSSL_set_groups(ssl_c, groups, 2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); #ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E)); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(EXT_MISSING)); #else ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR)); #endif @@ -48966,7 +32361,13 @@ maxIdx = idx + (int)len; for (; idx < maxIdx && EXPECT_SUCCESS(); idx += OPAQUE16_LEN) { if (test_ctx.c_buff[idx+1] == ED25519_SA_MINOR || - test_ctx.c_buff[idx+1] == ED448_SA_MINOR) + test_ctx.c_buff[idx+1] == ED448_SA_MINOR || + test_ctx.c_buff[idx+1] == + ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR || + test_ctx.c_buff[idx+1] == + ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR || + test_ctx.c_buff[idx+1] == + ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR) ExpectIntEQ(test_ctx.c_buff[idx], NEW_SA_MAJOR); else ExpectIntEQ(test_ctx.c_buff[idx+1], ecc_dsa_sa_algo); @@ -49126,7 +32527,7 @@ { EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ - && defined(WOLFSSL_DTLS_CH_FRAG) && defined(HAVE_LIBOQS) + && defined(WOLFSSL_DTLS_CH_FRAG) && defined(WOLFSSL_HAVE_MLKEM) WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_CTX *ctx_s = NULL; WOLFSSL *ssl_c = NULL; @@ -49135,10 +32536,39 @@ const char *test_str = "test"; int test_str_size; byte buf[255]; -#ifdef WOLFSSL_MLKEM_KYBER +#if defined(WOLFSSL_MLKEM_KYBER) + #if !defined(WOLFSSL_NO_KYBER1024) int group = WOLFSSL_KYBER_LEVEL5; -#else + const char *group_name = "KYBER_LEVEL5"; + #elif !defined(WOLFSSL_NO_KYBER768) + int group = WOLFSSL_KYBER_LEVEL3; + const char *group_name = "KYBER_LEVEL3"; + #else + int group = WOLFSSL_KYBER_LEVEL1; + const char *group_name = "KYBER_LEVEL1"; + #endif +#elif !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) + #if !defined(WOLFSSL_NO_ML_KEM_1024) int group = WOLFSSL_ML_KEM_1024; + const char *group_name = "ML_KEM_1024"; + #elif !defined(WOLFSSL_NO_ML_KEM_768) + int group = WOLFSSL_ML_KEM_768; + const char *group_name = "ML_KEM_768"; + #else + int group = WOLFSSL_ML_KEM_512; + const char *group_name = "ML_KEM_512"; + #endif +#elif defined(WOLFSSL_PQC_HYBRIDS) + #if defined(HAVE_CURVE25519) && !defined(WOLFSSL_NO_ML_KEM_768) + int group = WOLFSSL_X25519MLKEM768; + const char *group_name = "X25519MLKEM768"; + #elif !defined(WOLFSSL_NO_ML_KEM_768) + int group = WOLFSSL_SECP256R1MLKEM768; + const char *group_name = "SecP256r1MLKEM768"; + #else + int group = WOLFSSL_SECP384R1MLKEM1024; + const char *group_name = "SecP384r1MLKEM1024"; + #endif #endif XMEMSET(&test_ctx, 0, sizeof(test_ctx)); @@ -49149,13 +32579,8 @@ ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); -#ifdef WOLFSSL_MLKEM_KYBER - ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5"); - ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5"); -#else - ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024"); - ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024"); -#endif + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), group_name); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), group_name); test_str_size = XSTRLEN("test") + 1; ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); @@ -49679,7 +33104,48 @@ return EXPECT_RESULT(); } +static int test_dtls13_finished_send_error_propagation(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HRR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client second flight with finished - block sends to force error */ + test_ctx.s_len = TEST_MEMIO_BUF_SZ; + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + /* Verify the error is propagated, not silently swallowed as success */ + ExpectIntNE(wolfSSL_get_error(ssl_c, -1), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifdef HAVE_CERTIFICATE_STATUS_REQUEST static int test_self_signed_stapling_client_v1_ctx_ready(WOLFSSL_CTX* ctx) { @@ -49720,12 +33186,14 @@ return EXPECT_RESULT(); } #endif +#endif static int test_self_signed_stapling(void) { EXPECT_DECLS; -#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ - || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +#if (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_ssl_cbf client_cbf; test_ssl_cbf server_cbf; size_t i; @@ -49805,33 +33273,50 @@ rh = (RecordLayerHeader*)(test_ctx.c_buff); len = &rh->length[0]; ato16((const byte*)len, &recLen); - XMEMCPY(buff, test_ctx.c_buff, RECORD_HEADER_SZ + recLen); - newRecIdx = idx = RECORD_HEADER_SZ + recLen; - /* Combine server handshake msgs into one record */ - while (idx < test_ctx.c_len) { - rh = (RecordLayerHeader*)(test_ctx.c_buff + idx); - len = &rh->length[0]; + ExpectIntLE(RECORD_HEADER_SZ + recLen, (int)sizeof(buff)); + ExpectIntLE(RECORD_HEADER_SZ + recLen, test_ctx.c_len); - ato16((const byte*)len, &recLen); - idx += RECORD_HEADER_SZ; + if (EXPECT_SUCCESS()) { + XMEMCPY(buff, test_ctx.c_buff, RECORD_HEADER_SZ + recLen); + newRecIdx = idx = RECORD_HEADER_SZ + recLen; + /* Combine server handshake msgs into one record */ + while (idx < test_ctx.c_len) { + + rh = (RecordLayerHeader*)(test_ctx.c_buff + idx); + len = &rh->length[0]; + + ato16((const byte*)len, &recLen); + ExpectIntLE(idx + RECORD_HEADER_SZ + recLen, test_ctx.c_len); + ExpectIntLE(newRecIdx + recLen, (int)sizeof(buff)); - XMEMCPY(buff + newRecIdx, test_ctx.c_buff + idx, - (size_t)recLen); + if (!EXPECT_SUCCESS()) { + break; + } - newRecIdx += recLen; - idx += recLen; - } - rh = (RecordLayerHeader*)(buff); - len = &rh->length[0]; - c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len); - test_memio_clear_buffer(&test_ctx, 1); - test_memio_inject_message(&test_ctx, 1, (const char*)buff, newRecIdx); + idx += RECORD_HEADER_SZ; - ExpectIntEQ(wolfSSL_connect(ssl_c), -1); - ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + XMEMCPY(buff + newRecIdx, test_ctx.c_buff + idx, + (size_t)recLen); + + newRecIdx += recLen; + idx += recLen; + } + if (EXPECT_SUCCESS()) { + rh = (RecordLayerHeader*)(buff); + len = &rh->length[0]; + c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len); + test_memio_clear_buffer(&test_ctx, 1); + test_memio_inject_message(&test_ctx, 1, (const char*)buff, + newRecIdx); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + } + } - ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); @@ -49846,9 +33331,12 @@ { EXPECT_DECLS; #if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP) - size_t i, j; + size_t i, j, k; char hiWorld[] = "dup message"; char readData[sizeof(hiWorld) + 5]; +#ifdef WOLFSSL_TLS13 + int required; +#endif struct { method_provider client_meth; method_provider server_meth; @@ -49857,9 +33345,11 @@ } methods[] = { #ifndef WOLFSSL_NO_TLS12 {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2}, + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLS 1.2", WOLFSSL_TLSV1_2}, #endif #ifdef WOLFSSL_TLS13 {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3}, + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLS 1.3", WOLFSSL_TLSV1_3}, #endif }; struct { @@ -49925,6 +33415,18 @@ #endif }; +/* Macro capturing local variables for concise bidirectional data exchange. */ +#define EXCHANGE_DATA do { \ + ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ +} while (0) + for (i = 0; i < XELEM_CNT(methods); i++) { for (j = 0; j < XELEM_CNT(ciphers) && !EXPECT_FAIL(); j++) { struct test_memio_ctx test_ctx; @@ -49947,23 +33449,77 @@ ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, methods[i].client_meth, methods[i].server_meth), 0); +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (methods[i].version == WOLFSSL_TLSV1_3) { + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(ssl_c), 0); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, + NULL), WOLFSSL_SUCCESS); + } +#endif ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c)); ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)), WC_NO_ERR_TRACE(WRITE_DUP_WRITE_E)); - ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), - sizeof(hiWorld)); - - ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)), - sizeof(hiWorld)); - ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)), - sizeof(hiWorld)); - + EXCHANGE_DATA; ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)), WC_NO_ERR_TRACE(WRITE_DUP_READ_E)); - ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)), - sizeof(hiWorld)); +#ifdef WOLFSSL_DTLS13 + /* The initial EXCHANGE_DATA above processes the post-handshake + * NewSessionTicket (S2C part delegates ACK) and triggers the + * ACK (C2S part sends it). Verify it completed. */ + if (methods[i].client_meth == wolfDTLSv1_3_client_method) { + ExpectNotNull(ssl_c->dupWrite); + ExpectIntEQ(ssl_c->dupWrite->sendAcks, 0); + ExpectNull(ssl_s->dtls13Rtx.rtxRecords); + } +#endif + for (k = 0; k < 10; k++) + EXCHANGE_DATA; + +#ifdef WOLFSSL_TLS13 + if (methods[i].version == WOLFSSL_TLSV1_3) { + /* Client-initiated key update. */ + ExpectIntEQ(wolfSSL_update_keys(ssl_c2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_key_update_response(ssl_c2, &required), 0); + ExpectIntEQ(required, 1); + for (k = 0; k < 10; k++) + EXCHANGE_DATA; + } + + if (methods[i].version == WOLFSSL_TLSV1_3) { + /* Server-initiated key update. */ + ExpectIntEQ(wolfSSL_update_keys(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 1); + for (k = 0; k < 10; k++) + EXCHANGE_DATA; + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 0); + } +#endif /* WOLFSSL_TLS13 */ + +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (methods[i].version == WOLFSSL_TLSV1_3) { + WOLFSSL_X509_CHAIN* chain = NULL; + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 0); + ExpectIntEQ(wolfSSL_request_certificate(ssl_s), WOLFSSL_SUCCESS); + EXCHANGE_DATA; + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 1); + for (k = 0; k < 10; k++) + EXCHANGE_DATA; + } +#endif if (EXPECT_SUCCESS()) printf("ok\n"); @@ -49977,6 +33533,245 @@ wolfSSL_CTX_free(ctx_s); } } +#undef EXCHANGE_DATA +#endif + return EXPECT_RESULT(); +} + +static int test_write_dup_want_write(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP) + size_t i, k; + char hiWorld[] = "dup message"; + char readData[sizeof(hiWorld) + 5]; +#ifdef WOLFSSL_TLS13 + int required; +#endif + struct { + method_provider client_meth; + method_provider server_meth; + const char* version_name; + int version; + } methods[] = { +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2}, + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLS 1.2", WOLFSSL_TLSV1_2}, +#endif +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3}, + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLS 1.3", WOLFSSL_TLSV1_3}, +#endif + }; + +/* Same as test_write_dup's EXCHANGE_DATA but every client (write-dup side) + * write is preceded by a simulated WANT_WRITE that must be retried. */ +#define EXCHANGE_DATA do { \ + ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ + test_memio_simulate_want_write(&test_ctx, 1, 1); \ + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), \ + WOLFSSL_FATAL_ERROR); \ + ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR), \ + WOLFSSL_ERROR_WANT_WRITE); \ + test_memio_simulate_want_write(&test_ctx, 1, 0); \ + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ +} while (0) + + for (i = 0; i < XELEM_CNT(methods) && !EXPECT_FAIL(); i++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL *ssl_c2 = NULL; + + if (i == 0) + printf("\n"); + printf("Testing write_dup WANT_WRITE %s... ", + methods[i].version_name); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + methods[i].client_meth, methods[i].server_meth), 0); +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (methods[i].version == WOLFSSL_TLSV1_3) { + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(ssl_c), 0); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, + NULL), WOLFSSL_SUCCESS); + } +#endif + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c)); + + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + +#ifdef WOLFSSL_TLS13 + if (methods[i].version == WOLFSSL_TLSV1_3) { + /* Client-initiated key update with WANT_WRITE. */ + ExpectIntEQ(wolfSSL_update_keys(ssl_c2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_key_update_response(ssl_c2, &required), 0); + ExpectIntEQ(required, 1); + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + + /* Server-initiated key update: response goes through write side + * with WANT_WRITE. */ + ExpectIntEQ(wolfSSL_update_keys(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 1); + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 0); + } +#endif /* WOLFSSL_TLS13 */ + +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + if (methods[i].version == WOLFSSL_TLSV1_3) { + WOLFSSL_X509_CHAIN* chain = NULL; + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 0); + ExpectIntEQ(wolfSSL_request_certificate(ssl_s), WOLFSSL_SUCCESS); + EXCHANGE_DATA; + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 1); + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + } +#endif /* WOLFSSL_POST_HANDSHAKE_AUTH */ + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#undef EXCHANGE_DATA +#endif + return EXPECT_RESULT(); +} + +/* Simultaneous key update and cert req */ +static int test_write_dup_want_write_simul(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP) && \ + defined(WOLFSSL_POST_HANDSHAKE_AUTH) && defined(WOLFSSL_TLS13) + size_t i, k; + char hiWorld[] = "dup message"; + char readData[sizeof(hiWorld) + 5]; + int required; + struct { + method_provider client_meth; + method_provider server_meth; + const char* version_name; + } methods[] = { +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3"}, + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLS 1.3"}, +#endif + }; + +/* Same as test_write_dup's EXCHANGE_DATA but every client (write-dup side) + * write is preceded by a simulated WANT_WRITE that must be retried. */ +#define EXCHANGE_DATA do { \ + ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ + test_memio_simulate_want_write(&test_ctx, 1, 1); \ + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), \ + WOLFSSL_FATAL_ERROR); \ + ExpectIntEQ(wolfSSL_get_error(ssl_c2, WOLFSSL_FATAL_ERROR), \ + WOLFSSL_ERROR_WANT_WRITE); \ + test_memio_simulate_want_write(&test_ctx, 1, 0); \ + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), \ + sizeof(hiWorld)); \ + ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)), \ + sizeof(hiWorld)); \ +} while (0) + + for (i = 0; i < XELEM_CNT(methods) && !EXPECT_FAIL(); i++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL *ssl_c2 = NULL; + WOLFSSL_X509_CHAIN* chain = NULL; + + if (i == 0) + printf("\n"); + printf("Testing write_dup WANT_WRITE %s... ", + methods[i].version_name); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + methods[i].client_meth, methods[i].server_meth), 0); + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(ssl_c), 0); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c)); + + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + + /* Server-initiated key update and cert req: response goes through + * write side with WANT_WRITE. */ + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 0); + ExpectIntEQ(wolfSSL_update_keys(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 1); + ExpectIntEQ(wolfSSL_request_certificate(ssl_s), WOLFSSL_SUCCESS); + for (k = 0; k < 10 && !EXPECT_FAIL(); k++) + EXCHANGE_DATA; + ExpectNotNull(chain = wolfSSL_get_peer_chain(ssl_s)); + ExpectIntEQ(wolfSSL_get_chain_count(chain), 1); + ExpectIntEQ(wolfSSL_key_update_response(ssl_s, &required), 0); + ExpectIntEQ(required, 0); + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#undef EXCHANGE_DATA #endif return EXPECT_RESULT(); } @@ -50690,6 +34485,638 @@ int testAll = 1; int stopOnFail = 0; +/*----------------------------------------------------------------------------*/ +/* LMS tests */ +/*----------------------------------------------------------------------------*/ +int test_wc_LmsKey_sign_verify(void); +int test_wc_LmsKey_reload_cache(void); + +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ + !defined(WOLFSSL_LMS_VERIFY_ONLY) + +#include +#include + +#define LMS_TEST_PRIV_KEY_FILE "/tmp/wolfssl_test_lms.key" + +static int test_lms_write_key(const byte* priv, word32 privSz, void* context) +{ + FILE* f = fopen((const char*)context, "wb"); + int ret = WC_LMS_RC_SAVED_TO_NV_MEMORY; + if (f == NULL) + return -1; + if (fwrite(priv, 1, privSz, f) != privSz) + ret = -1; + fclose(f); + return ret; +} + +static int test_lms_read_key(byte* priv, word32 privSz, void* context) +{ + FILE* f = fopen((const char*)context, "rb"); + if (f == NULL) + return -1; + if (fread(priv, 1, privSz, f) == 0) { + fclose(f); + return -1; + } + fclose(f); + return WC_LMS_RC_READ_TO_MEMORY; +} + +/* Helper: init an LMS key with callbacks and L1-H10-W8 params */ +static int test_lms_init_key(LmsKey* key, WC_RNG* rng) +{ + int ret; + + ret = wc_LmsKey_Init(key, NULL, INVALID_DEVID); + if (ret != 0) return ret; + + ret = wc_LmsKey_SetParameters(key, 1, 10, 8); + if (ret != 0) return ret; + + ret = wc_LmsKey_SetWriteCb(key, test_lms_write_key); + if (ret != 0) return ret; + + ret = wc_LmsKey_SetReadCb(key, test_lms_read_key); + if (ret != 0) return ret; + + ret = wc_LmsKey_SetContext(key, (void*)LMS_TEST_PRIV_KEY_FILE); + if (ret != 0) return ret; + + (void)rng; + return 0; +} + +#endif /* WOLFSSL_HAVE_LMS && WOLFSSL_WC_LMS && !WOLFSSL_LMS_VERIFY_ONLY */ + +/* + * Test basic LMS sign/verify with multiple signings. + * Uses L1-H10-W8 (1024 total signatures, 32-entry leaf cache). + */ +int test_wc_LmsKey_sign_verify(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ + !defined(WOLFSSL_LMS_VERIFY_ONLY) + LmsKey key; + WC_RNG rng; + byte msg[] = "test message for LMS signing"; + byte sig[2048]; + word32 sigSz; + int i; + int numSigs = 5; + + ExpectIntEQ(wc_InitRng(&rng), 0); + + remove(LMS_TEST_PRIV_KEY_FILE); + ExpectIntEQ(test_lms_init_key(&key, &rng), 0); + ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0); + + for (i = 0; i < numSigs; i++) { + sigSz = sizeof(sig); + ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0); + ExpectIntEQ(wc_LmsKey_Verify(&key, sig, sigSz, msg, sizeof(msg)), 0); + } + + wc_LmsKey_Free(&key); + wc_FreeRng(&rng); + remove(LMS_TEST_PRIV_KEY_FILE); +#endif + return EXPECT_RESULT(); +} + +/* + * Test LMS key reload after advancing past the leaf cache window. + * + * Reproduces a heap-buffer-overflow bug in wc_lms_treehash_init() where the + * leaf cache write uses (i * hash_len) instead of ((i - leaf->idx) * hash_len). + * When q > max_cb (default 32), wc_LmsKey_Reload calls wc_hss_init_auth_path + * which calls wc_lms_treehash_init with q > 0, causing writes past the end of + * the leaf cache buffer. + * + * Reproduction steps: + * 1. Generate L1-H10-W8 key (cacheBits=5, max_cb=32) + * 2. Sign 33 times to advance q past the cache window + * 3. Free the key and reload from persisted state + * 4. Sign and verify after reload + * + * Without the fix: heap-buffer-overflow at wc_lms_impl.c:1965 + * With the fix: all operations succeed, signatures verify + */ +int test_wc_LmsKey_reload_cache(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_WC_LMS) && \ + !defined(WOLFSSL_LMS_VERIFY_ONLY) + LmsKey key; + LmsKey vkey; + WC_RNG rng; + byte msg[] = "test message for LMS signing"; + byte sig[2048]; + word32 sigSz; + byte pub[64]; + word32 pubSz = sizeof(pub); + int i; + /* Sign 33 times to advance q past the 32-entry cache window. */ + int preSigs = 33; + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Phase 1: Generate key and sign past cache window */ + remove(LMS_TEST_PRIV_KEY_FILE); + ExpectIntEQ(test_lms_init_key(&key, &rng), 0); + ExpectIntEQ(wc_LmsKey_MakeKey(&key, &rng), 0); + + for (i = 0; i < preSigs; i++) { + sigSz = sizeof(sig); + ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0); + } + + /* Save public key for verification after reload */ + ExpectIntEQ(wc_LmsKey_ExportPubRaw(&key, pub, &pubSz), 0); + + wc_LmsKey_Free(&key); + + /* Phase 2: Reload key. Triggers wc_lms_treehash_init with q=33 */ + ExpectIntEQ(test_lms_init_key(&key, &rng), 0); + ExpectIntEQ(wc_LmsKey_Reload(&key), 0); + + /* Phase 3: Sign after reload and verify with separate verify-only key */ + sigSz = sizeof(sig); + ExpectIntEQ(wc_LmsKey_Sign(&key, sig, &sigSz, msg, sizeof(msg)), 0); + + ExpectIntEQ(wc_LmsKey_Init(&vkey, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_LmsKey_SetParameters(&vkey, 1, 10, 8), 0); + ExpectIntEQ(wc_LmsKey_ImportPubRaw(&vkey, pub, pubSz), 0); + ExpectIntEQ(wc_LmsKey_Verify(&vkey, sig, sigSz, msg, sizeof(msg)), 0); + + wc_LmsKey_Free(&vkey); + wc_LmsKey_Free(&key); + wc_FreeRng(&rng); + remove(LMS_TEST_PRIV_KEY_FILE); +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_CHAIN_INPUT) +static int test_sniffer_chain_input_overflow(void) +{ + EXPECT_DECLS; + struct iovec chain[3]; + byte* data = NULL; + char error[WOLFSSL_MAX_ERROR_SZ]; + int ret; + byte dummy[1] = {0}; + + /* Test 1: iov_len values that sum to more than INT_MAX. + * Before the fix, these size_t values would be truncated when accumulated + * into an int, causing an undersized allocation followed by an oversized + * copy (heap buffer overflow). After the fix, the function should detect + * the overflow and return an error without allocating or copying. */ + chain[0].iov_base = dummy; + chain[0].iov_len = (size_t)0x80000000UL; /* 2GB */ + chain[1].iov_base = dummy; + chain[1].iov_len = (size_t)0x80000000UL; /* 2GB */ + chain[2].iov_base = dummy; + chain[2].iov_len = (size_t)0x80000000UL; /* 2GB */ + + XMEMSET(error, 0, sizeof(error)); + ret = ssl_DecodePacketWithChain(chain, 3, &data, error); + ExpectIntEQ(ret, WOLFSSL_SNIFFER_ERROR); + + /* Test 2: total exactly at INT_MAX boundary should also be rejected since + * it would require a ~2GB allocation that is unreasonable for a packet. */ + chain[0].iov_len = (size_t)0x7FFFFFFFUL; /* INT_MAX */ + chain[1].iov_len = (size_t)1; + chain[2].iov_len = (size_t)0; + + XMEMSET(error, 0, sizeof(error)); + ret = ssl_DecodePacketWithChain(chain, 2, &data, error); + ExpectIntEQ(ret, WOLFSSL_SNIFFER_ERROR); + + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_SNIFFER && WOLFSSL_SNIFFER_CHAIN_INPUT */ + +/* Test: wc_DhAgree must reject p-1 as peer public key. + * ffdhe2048 p ends with ...FFFFFFFFFFFFFFFF so p-1 ends ...FFFFFFFFFFFFFFFE */ +static int test_DhAgree_rejects_p_minus_1(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_SELFTEST) && !defined(NO_DH) && \ + defined(HAVE_FFDHE_2048) && !defined(WOLFSSL_NO_MALLOC) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + DhKey key; + WC_RNG rng; + byte priv[256], pub[256], agree[256]; + word32 privSz = sizeof(priv), pubSz = sizeof(pub), agreeSz; + + /* ffdhe2048 p - copied from wolfcrypt/src/dh.c dh_ffdhe2048_p. + * p ends with 0xFF*8 so p-1 ends with ...0xFE */ + static const byte ffdhe2048_p[256] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xAD,0xF8,0x54,0x58,0xA2,0xBB,0x4A,0x9A, + 0xAF,0xDC,0x56,0x20,0x27,0x3D,0x3C,0xF1, + 0xD8,0xB9,0xC5,0x83,0xCE,0x2D,0x36,0x95, + 0xA9,0xE1,0x36,0x41,0x14,0x64,0x33,0xFB, + 0xCC,0x93,0x9D,0xCE,0x24,0x9B,0x3E,0xF9, + 0x7D,0x2F,0xE3,0x63,0x63,0x0C,0x75,0xD8, + 0xF6,0x81,0xB2,0x02,0xAE,0xC4,0x61,0x7A, + 0xD3,0xDF,0x1E,0xD5,0xD5,0xFD,0x65,0x61, + 0x24,0x33,0xF5,0x1F,0x5F,0x06,0x6E,0xD0, + 0x85,0x63,0x65,0x55,0x3D,0xED,0x1A,0xF3, + 0xB5,0x57,0x13,0x5E,0x7F,0x57,0xC9,0x35, + 0x98,0x4F,0x0C,0x70,0xE0,0xE6,0x8B,0x77, + 0xE2,0xA6,0x89,0xDA,0xF3,0xEF,0xE8,0x72, + 0x1D,0xF1,0x58,0xA1,0x36,0xAD,0xE7,0x35, + 0x30,0xAC,0xCA,0x4F,0x48,0x3A,0x79,0x7A, + 0xBC,0x0A,0xB1,0x82,0xB3,0x24,0xFB,0x61, + 0xD1,0x08,0xA9,0x4B,0xB2,0xC8,0xE3,0xFB, + 0xB9,0x6A,0xDA,0xB7,0x60,0xD7,0xF4,0x68, + 0x1D,0x4F,0x42,0xA3,0xDE,0x39,0x4D,0xF4, + 0xAE,0x56,0xED,0xE7,0x63,0x72,0xBB,0x19, + 0x0B,0x07,0xA7,0xC8,0xEE,0x0A,0x6D,0x70, + 0x9E,0x02,0xFC,0xE1,0xCD,0xF7,0xE2,0xEC, + 0xC0,0x34,0x04,0xCD,0x28,0x34,0x2F,0x61, + 0x91,0x72,0xFE,0x9C,0xE9,0x85,0x83,0xFF, + 0x8E,0x4F,0x12,0x32,0xEE,0xF2,0x81,0x83, + 0xC3,0xFE,0x3B,0x1B,0x4C,0x6F,0xAD,0x73, + 0x3B,0xB5,0xFC,0xBC,0x2E,0xC2,0x20,0x05, + 0xC5,0x8E,0xF1,0x83,0x7D,0x16,0x83,0xB2, + 0xC6,0xF3,0x4A,0x26,0xC1,0xB2,0xEF,0xFA, + 0x88,0x6B,0x42,0x38,0x61,0x28,0x5C,0x97, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF + }; + byte pMinus1[256]; + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_InitDhKey(&key), 0); + ExpectIntEQ(wc_DhSetNamedKey(&key, WC_FFDHE_2048), 0); + ExpectIntEQ(wc_DhGenerateKeyPair(&key, &rng, priv, &privSz, + pub, &pubSz), 0); + + /* Construct p-1: last byte FF -> FE */ + XMEMCPY(pMinus1, ffdhe2048_p, sizeof(ffdhe2048_p)); + pMinus1[255] -= 1; + + /* wc_DhAgree must reject p-1 */ + agreeSz = sizeof(agree); + ExpectIntNE(wc_DhAgree(&key, agree, &agreeSz, priv, privSz, + pMinus1, sizeof(pMinus1)), 0); + + wc_FreeDhKey(&key); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + + +/* ML-DSA HashML-DSA verify must reject hashLen > WC_MAX_DIGEST_SIZE */ +static int test_mldsa_verify_hash(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + dilithium_key key; + WC_RNG rng; + int res = 0; + byte sig[4000]; + byte hash[4096]; /* larger than WC_MAX_DIGEST_SIZE */ + + XMEMSET(&key, 0, sizeof(key)); + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(sig, 0x41, sizeof(sig)); + XMEMSET(hash, 'A', sizeof(hash)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&key), 0); +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_44) + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0); + + /* hashLen=4096 must be rejected, not overflow the stack */ + ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sizeof(sig), NULL, 0, + WC_HASH_TYPE_SHA256, hash, sizeof(hash), &res, &key), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); + + wc_dilithium_free(&key); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +/* Test: Ed448 must reject identity public key (0,1) */ +static int test_ed448_rejects_identity_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) + ed448_key key; + byte identity[ED448_PUB_KEY_SIZE]; + byte forged_sig[ED448_SIG_SIZE]; + const byte msg[] = "test message"; + int res = 0; + + XMEMSET(identity, 0, sizeof(identity)); + identity[0] = 0x01; /* identity (0,1) encoding */ + + XMEMSET(forged_sig, 0, sizeof(forged_sig)); + forged_sig[0] = 0x01; /* R = identity, S = 0 */ + + ExpectIntEQ(wc_ed448_init(&key), 0); + + /* The identity public key must be rejected at import time. */ + ExpectIntNE(wc_ed448_import_public(identity, sizeof(identity), &key), 0); + + /* If import somehow succeeded, verify must also reject the forgery. */ + if (EXPECT_SUCCESS() && key.pubKeySet) { + int verifyRet = wc_ed448_verify_msg(forged_sig, sizeof(forged_sig), + msg, sizeof(msg) - 1, + &res, &key, NULL, 0); + ExpectTrue(verifyRet != 0 || res == 0); + } + + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} + +/* Test: wc_PKCS7_DecodeEncryptedData must respect outputSz. + * 588-byte EncryptedData blob: 496 bytes of 'A' encrypted with + * AES-256-CBC under all-zero key/IV. Decrypted content is 496 bytes, + * but we pass a 128-byte output buffer. Must return BUFFER_E. */ +static int test_pkcs7_decode_encrypted_outputsz(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + !defined(WOLFSSL_NO_MALLOC) && defined(WOLFSSL_AES_256) + wc_PKCS7* p7 = NULL; + byte key[32]; + byte out[128]; /* smaller than 496-byte decrypted content */ + + static const byte encBlob[] = { + 0x30,0x82,0x02,0x48,0x06,0x09,0x2a,0x86,0x48,0x86,0xf7,0x0d, + 0x01,0x07,0x06,0xa0,0x82,0x02,0x39,0x30,0x82,0x02,0x35,0x02, + 0x01,0x00,0x30,0x82,0x02,0x2e,0x06,0x09,0x2a,0x86,0x48,0x86, + 0xf7,0x0d,0x01,0x07,0x01,0x30,0x1d,0x06,0x09,0x60,0x86,0x48, + 0x01,0x65,0x03,0x04,0x01,0x2a,0x04,0x10,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x80,0x82,0x02,0x00,0x7e,0x0e,0x75,0x77,0xef,0x9c,0x30,0xa6, + 0xbf,0x0b,0x25,0xe0,0x62,0x1e,0x82,0x7e,0x76,0xf7,0x57,0xef, + 0x12,0x71,0xc5,0x74,0x0e,0x60,0xc3,0x3c,0x8e,0xc3,0xce,0x70, + 0xbd,0x3c,0xb4,0x60,0x76,0xb1,0xea,0xb5,0x4b,0xc1,0xfe,0x5b, + 0x88,0xfa,0x43,0x46,0x03,0x28,0x9d,0xab,0x3d,0xb5,0x88,0x50, + 0x07,0xfc,0x3c,0xc9,0x49,0x4d,0x68,0x97,0xb1,0x59,0xb6,0x35, + 0xa1,0x68,0x80,0xb0,0x8f,0xb2,0x21,0x9b,0xfc,0xd8,0xf0,0x67, + 0xbc,0x4b,0x9b,0x28,0x1c,0x3b,0xa0,0x40,0x76,0x8f,0x1f,0x9f, + 0x87,0xe6,0xe4,0xa5,0xdc,0x9a,0x9a,0x84,0x86,0xff,0x43,0x8a, + 0x57,0x8d,0x97,0xd2,0x8f,0x67,0x90,0xd8,0x4f,0x0f,0x0d,0xac, + 0x56,0x6d,0x51,0x33,0xa3,0x37,0x9e,0xe9,0xbf,0x07,0xab,0x93, + 0xbc,0xbe,0xc1,0x64,0x07,0x30,0xf0,0xff,0x89,0x0a,0x36,0x1c, + 0xc8,0xe9,0xae,0x24,0x1f,0x95,0x5c,0xa1,0x8a,0x3e,0x15,0x86, + 0x49,0x70,0x55,0xc2,0xa5,0x90,0xb9,0xda,0x2b,0x97,0x6f,0x5f, + 0x60,0x61,0xc9,0xcf,0x4d,0x3a,0xb1,0xe4,0x9f,0x37,0x0f,0xf3, + 0xba,0x85,0x04,0x52,0x68,0x00,0x47,0x3d,0x83,0xc1,0x3f,0xc6, + 0x70,0x97,0xc1,0x0c,0xc0,0x0b,0xa2,0xcb,0x8c,0x88,0xb5,0x01, + 0x29,0x7f,0x7e,0xd2,0x46,0x24,0x82,0x92,0x28,0xdd,0x49,0x53, + 0x0f,0x76,0xad,0x4b,0x81,0x85,0x3a,0x9f,0xda,0x0d,0x69,0xe2, + 0x57,0xb9,0xe9,0xfa,0x53,0xed,0x20,0x6f,0x62,0x43,0x1d,0x21, + 0xa9,0x53,0x3d,0xd5,0xb9,0x1a,0x4b,0x3e,0xb7,0x05,0x87,0xb6, + 0xe3,0xfe,0x03,0x09,0xe1,0x74,0x34,0x42,0x84,0xb1,0x06,0xf9, + 0xfe,0x64,0xc1,0xd2,0xce,0x3d,0x29,0xf4,0x94,0xb8,0xfc,0xbe, + 0xb1,0x90,0xd6,0x38,0x61,0x4e,0x43,0x36,0x4e,0x27,0x87,0xd3, + 0x24,0xdc,0x34,0xf0,0x28,0x2d,0xc8,0xff,0x89,0x9f,0xeb,0xee, + 0x0d,0x45,0xfb,0xc5,0x53,0xd3,0xdf,0xcb,0xf8,0xeb,0x7e,0xcb, + 0x2a,0xd7,0xa2,0xd6,0x6a,0xf1,0xb8,0x24,0xa1,0x05,0x16,0x56, + 0x2e,0x03,0xfe,0x21,0x19,0x36,0x8a,0xeb,0x50,0x8d,0x42,0x31, + 0x1d,0xb3,0x0a,0x13,0x1d,0x16,0x09,0x0b,0x40,0x4e,0x90,0x78, + 0xbf,0x41,0x5f,0x4d,0xd9,0xce,0x91,0xaa,0xd0,0x38,0x5c,0xfb, + 0xc4,0x9f,0x55,0x4e,0x04,0x9d,0xd0,0xca,0x74,0x3c,0x6c,0x01, + 0x1b,0x84,0x76,0xfa,0xba,0x5d,0x2d,0x35,0x7e,0xe3,0x37,0x8b, + 0x72,0x0a,0xbb,0xa4,0x4d,0x56,0x2b,0x3b,0x9f,0x5a,0xa0,0xe3, + 0x60,0x26,0x65,0x09,0xed,0xfc,0x10,0x0c,0xa1,0x4f,0x12,0x76, + 0xe2,0x4c,0xbd,0x1b,0x67,0xb4,0xb4,0x54,0x5c,0x38,0x47,0x8b, + 0x7e,0x35,0x8e,0x4d,0x4e,0xef,0x91,0x3f,0xff,0x16,0x0a,0x42, + 0x0b,0xe5,0x28,0x26,0x24,0x9f,0x6f,0xb4,0x63,0x8a,0xa1,0x52, + 0x22,0x3a,0xdb,0xd9,0x8e,0x76,0x6e,0x6a,0xa9,0xa1,0xec,0xf2, + 0x9c,0x58,0xf8,0x6b,0xdd,0xf2,0xf8,0x2d,0xcb,0x8c,0x96,0xda, + 0xb4,0x9c,0x44,0xdc,0xab,0x43,0x2c,0x22,0xf3,0xfe,0x1a,0xb9, + 0x3b,0x82,0x30,0xa2,0xc7,0xef,0x52,0x08,0x7b,0x4f,0x3f,0x7a, + 0x7e,0x28,0xd7,0x67,0xb9,0xb1,0x69,0x9b,0x96,0x3e,0xc5,0xe4, + 0x45,0xb0,0x23,0x75,0x00,0xda,0xee,0xdb,0x6d,0xa9,0xe7,0x98 + }; + + XMEMSET(key, 0, sizeof(key)); + + p7 = wc_PKCS7_New(NULL, INVALID_DEVID); + ExpectNotNull(p7); + if (p7 != NULL) { + p7->encryptionKey = key; + p7->encryptionKeySz = sizeof(key); + + /* 496-byte content into 128-byte buffer must return BUFFER_E */ + ExpectIntLT(wc_PKCS7_DecodeEncryptedData(p7, (byte*)encBlob, + (word32)sizeof(encBlob), out, sizeof(out)), 0); + + wc_PKCS7_Free(p7); + } +#endif + return EXPECT_RESULT(); +} + +/* Dummy ORI callback for PKCS#7 ORI overflow test */ +#if defined(HAVE_PKCS7) && !defined(WOLFSSL_NO_MALLOC) +static int test_dummy_ori_cb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, + byte* oriValue, word32 oriValueSz, + byte* decryptedKey, word32* decryptedKeySz, + void* ctx) +{ + (void)pkcs7; (void)oriType; (void)oriTypeSz; + (void)oriValue; (void)oriValueSz; + (void)decryptedKey; (void)decryptedKeySz; (void)ctx; + return -1; +} +#endif + +/* Test: PKCS#7 ORI must reject OID larger than MAX_OID_SZ (32) */ +static int test_pkcs7_ori_oversized_oid(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(WOLFSSL_NO_MALLOC) + wc_PKCS7* p7 = NULL; + byte out[256]; + + /* EnvelopedData with [4] IMPLICIT ORI containing an 80-byte OID */ + static const byte poc[] = { + 0x30, 0x6b, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x03, + 0xa0, 0x5e, + 0x30, 0x5c, + 0x02, 0x01, 0x00, + 0x31, 0x57, + 0xa4, 0x55, + 0x06, 0x50, + 0x2a, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41,0x41, + 0x04, 0x01, 0x00 + }; + + p7 = wc_PKCS7_New(NULL, INVALID_DEVID); + ExpectNotNull(p7); + if (p7 != NULL) { + wc_PKCS7_SetOriDecryptCb(p7, test_dummy_ori_cb); + + /* Must return error (ASN_PARSE_E), not overflow the stack */ + ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(p7, (byte*)poc, sizeof(poc), + out, sizeof(out)), 0); + + wc_PKCS7_Free(p7); + } +#endif + return EXPECT_RESULT(); +} + +/* Dilithium verify_ctx_msg must reject absurdly large msgLen */ +static int test_dilithium_hash(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + dilithium_key key; + WC_RNG rng; + int res = 0; + byte sig[4000]; + byte msg[64]; + + XMEMSET(&key, 0, sizeof(key)); + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(sig, 0, sizeof(sig)); + XMEMSET(msg, 'A', sizeof(msg)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&key), 0); +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_65), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_44) + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_44), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(&key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_make_key(&key, &rng), 0); + + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sizeof(sig), NULL, 0, + msg, 0xFFFFFFC0, &res, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_dilithium_free(&key); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +/* PKCS7 CBC must validate all padding bytes */ +static int test_pkcs7_padding(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + PKCS7 pkcs7; + byte key[32]; + byte plaintext[27]; /* 27 bytes -> padded to 32 -> padding = 05 05 05 05 05 */ + byte encoded[4096]; + byte output[256]; + byte modified[4096]; + int encodedSz = 0; + int outSz; + int ctOff = -1; + int ctLen = 0; + int i; + + XMEMSET(key, 0xAA, sizeof(key)); + XMEMSET(plaintext, 'X', sizeof(plaintext)); + + /* Encode EncryptedData */ + XMEMSET(&pkcs7, 0, sizeof(pkcs7)); + ExpectIntEQ(wc_PKCS7_Init(&pkcs7, NULL, 0), 0); + pkcs7.content = plaintext; + pkcs7.contentSz = sizeof(plaintext); + pkcs7.contentOID = DATA; + pkcs7.encryptOID = AES256CBCb; + pkcs7.encryptionKey = key; + pkcs7.encryptionKeySz = sizeof(key); + + ExpectIntGT(encodedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encoded, + sizeof(encoded)), 0); + + /* Verify normal decrypt works */ + ExpectIntEQ(outSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encoded, + (word32)encodedSz, output, sizeof(output)), (int)sizeof(plaintext)); + wc_PKCS7_Free(&pkcs7); + + /* Find ciphertext block in encoded DER */ + if (EXPECT_SUCCESS()) { + for (i = encodedSz - 10; i > 10; i--) { + if (encoded[i] == 0x04 || encoded[i] == 0x80) { + int len, lbytes; + + if (encoded[i+1] < 0x80) { + len = encoded[i+1]; lbytes = 1; + } + else if (encoded[i+1] == 0x81) { + len = encoded[i+2]; lbytes = 2; + } + else { + continue; + } + if (len > 0 && len % 16 == 0 && + i + 1 + lbytes + len <= encodedSz) { + ctOff = i + 1 + lbytes; + ctLen = len; + break; + } + } + } + } + ExpectIntGT(ctOff, 0); + ExpectIntGE(ctLen, 32); + + /* Corrupt an interior padding byte via CBC bit-flip */ + if (EXPECT_SUCCESS()) { + XMEMCPY(modified, encoded, (size_t)encodedSz); + /* Flip byte in penultimate block to corrupt interior padding */ + modified[ctOff + ctLen - 32 + 11] ^= 0x42; + + /* Decrypt modified ciphertext - must fail, not succeed */ + XMEMSET(&pkcs7, 0, sizeof(pkcs7)); + ExpectIntEQ(wc_PKCS7_Init(&pkcs7, NULL, 0), 0); + pkcs7.encryptionKey = key; + pkcs7.encryptionKeySz = sizeof(key); + + outSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, modified, + (word32)encodedSz, output, sizeof(output)); + /* Must return an error - if it returns plaintext size, padding + * oracle vulnerability exists */ + ExpectIntLT(outSz, 0); + wc_PKCS7_Free(&pkcs7); + } +#endif + return EXPECT_RESULT(); +} + TEST_CASE testCases[] = { TEST_DECL(test_fileAccess), @@ -50752,7 +35179,7 @@ TEST_CHACHA_DECLS, /* Poly1305 */ TEST_POLY1305_DECLS, - /* Chacha20-Poly1305 */ + /* Chacha20-Poly1305 and Xchacha20-Poly1305 */ TEST_CHACHA20_POLY1305_DECLS, /* Camellia */ TEST_CAMELLIA_DECLS, @@ -50803,14 +35230,18 @@ TEST_MLKEM_DECLS, /* Dilithium */ TEST_MLDSA_DECLS, + /* SLH-DSA */ + TEST_SLHDSA_DECLS, /* Signature API */ TEST_SIGNATURE_DECLS, - /* x509 */ - TEST_X509_DECLS, /* ASN */ TEST_ASN_DECLS, + /* LMS */ + TEST_DECL_GROUP("lms", test_wc_LmsKey_sign_verify), + TEST_DECL_GROUP("lms", test_wc_LmsKey_reload_cache), + /* PEM and DER APIs. */ TEST_DECL(test_wc_PemToDer), TEST_DECL(test_wc_AllocDer), @@ -50841,6 +35272,9 @@ TEST_DECL(test_MakeCertWithPathLen), TEST_DECL(test_MakeCertWith0Ser), TEST_DECL(test_MakeCertWithCaFalse), +#ifdef WOLFSSL_CERT_SIGN_CB + TEST_DECL(test_wc_SignCert_cb), +#endif TEST_DECL(test_wc_SetKeyUsage), TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex), TEST_DECL(test_wc_SetSubjectBuffer), @@ -50864,6 +35298,9 @@ TEST_DECL(test_wolfSSL_Init), + /* x509 -- must appear after test_wolfSSL_Init(). */ + TEST_X509_DECLS, + TEST_DECL(test_dual_alg_support), TEST_DECL(test_dual_alg_crit_ext_support), @@ -50894,113 +35331,14 @@ TEST_DECL(test_wolfSSL_X509_ext_d2i), TEST_DECL(test_wolfSSL_private_keys), - TEST_DECL(test_wolfSSL_PEM_def_callback), - TEST_DECL(test_wolfSSL_PEM_read_PrivateKey), - TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY), - TEST_DECL(test_wolfSSL_PEM_read_PUBKEY), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_rsa), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_ecc), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_dsa), - TEST_DECL(test_wolfSSL_PEM_PrivateKey_dh), - TEST_DECL(test_wolfSSL_PEM_PrivateKey), - TEST_DECL(test_wolfSSL_PEM_file_RSAKey), - TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey), -#ifndef NO_BIO - TEST_DECL(test_wolfSSL_BIO), - TEST_DECL(test_wolfSSL_BIO_BIO_ring_read), - TEST_DECL(test_wolfSSL_PEM_read_bio), - TEST_DECL(test_wolfSSL_PEM_bio_RSAKey), - TEST_DECL(test_wolfSSL_PEM_bio_DSAKey), - TEST_DECL(test_wolfSSL_PEM_bio_ECKey), - TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey), - TEST_DECL(test_wolfSSL_PEM_PUBKEY), -#endif + TEST_SSL_PEM_DECLS, /* EVP API testing */ - TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new), - TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free), - TEST_DECL(test_wolfSSL_EVP_EncodeInit), - TEST_DECL(test_wolfSSL_EVP_EncodeUpdate), - TEST_DECL(test_wolfSSL_EVP_CipherUpdate_Null), - TEST_DECL(test_wolfSSL_EVP_CIPHER_type_string), - TEST_DECL(test_wolfSSL_EVP_EncodeFinal), - TEST_DECL(test_wolfSSL_EVP_DecodeInit), - TEST_DECL(test_wolfSSL_EVP_DecodeUpdate), - TEST_DECL(test_wolfSSL_EVP_DecodeFinal), - - TEST_DECL(test_wolfSSL_EVP_shake128), - TEST_DECL(test_wolfSSL_EVP_shake256), - TEST_DECL(test_wolfSSL_EVP_sm3), - TEST_DECL(test_EVP_blake2), -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_EVP_md4), - TEST_DECL(test_wolfSSL_EVP_ripemd160), - TEST_DECL(test_wolfSSL_EVP_get_digestbynid), - TEST_DECL(test_wolfSSL_EVP_MD_nid), - - TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex), - TEST_DECL(test_wolfSSL_EVP_DigestFinalXOF), -#endif - - TEST_DECL(test_EVP_MD_do_all), - TEST_DECL(test_wolfSSL_EVP_MD_size), - TEST_DECL(test_wolfSSL_EVP_MD_pkey_type), - TEST_DECL(test_wolfSSL_EVP_Digest), - TEST_DECL(test_wolfSSL_EVP_Digest_all), - TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing), - TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing), - TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing), - - TEST_DECL(test_wolfssl_EVP_aes_gcm), - TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts), - TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen), - TEST_DECL(test_wolfssl_EVP_aes_ccm), - TEST_DECL(test_wolfssl_EVP_aes_ccm_zeroLen), - TEST_DECL(test_wolfssl_EVP_chacha20), - TEST_DECL(test_wolfssl_EVP_chacha20_poly1305), - TEST_DECL(test_wolfssl_EVP_sm4_ecb), - TEST_DECL(test_wolfssl_EVP_sm4_cbc), - TEST_DECL(test_wolfssl_EVP_sm4_ctr), - TEST_DECL(test_wolfssl_EVP_sm4_gcm_zeroLen), - TEST_DECL(test_wolfssl_EVP_sm4_gcm), - TEST_DECL(test_wolfssl_EVP_sm4_ccm_zeroLen), - TEST_DECL(test_wolfssl_EVP_sm4_ccm), -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_EVP_aes_256_gcm), - TEST_DECL(test_wolfSSL_EVP_aes_192_gcm), - TEST_DECL(test_wolfSSL_EVP_aes_256_ccm), - TEST_DECL(test_wolfSSL_EVP_aes_192_ccm), - TEST_DECL(test_wolfSSL_EVP_aes_128_ccm), - TEST_DECL(test_wolfSSL_EVP_rc4), - TEST_DECL(test_wolfSSL_EVP_enc_null), - TEST_DECL(test_wolfSSL_EVP_rc2_cbc), - TEST_DECL(test_wolfSSL_EVP_mdc2), + TEST_EVP_ENC_DECLS, + TEST_EVP_DIGEST_DECLS, + TEST_EVP_CIPHER_DECLS, + TEST_EVP_PKEY_DECLS, - TEST_DECL(test_evp_cipher_aes_gcm), -#endif - TEST_DECL(test_wolfssl_EVP_aria_gcm), - TEST_DECL(test_wolfSSL_EVP_Cipher_extra), -#ifdef OPENSSL_EXTRA - TEST_DECL(test_wolfSSL_EVP_get_cipherbynid), - TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX), -#endif -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_iv_length), - TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_key_length), - TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_iv), - TEST_DECL(test_wolfSSL_EVP_CIPHER_block_size), - TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length), - TEST_DECL(test_wolfSSL_EVP_X_STATE), - TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN), - TEST_DECL(test_wolfSSL_EVP_BytesToKey), -#endif - - TEST_DECL(test_wolfSSL_EVP_PKEY_print_public), - TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key), - TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key), - TEST_DECL(test_wolfSSL_EVP_PKEY_up_ref), - TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf), - TEST_DECL(test_wolfSSL_EVP_PKEY_derive), TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey), TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc), #ifndef NO_BIO @@ -51014,42 +35352,8 @@ TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio), #endif /* !NO_BIO */ #endif -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DSA), - TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY), - TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DH), - TEST_DECL(test_wolfSSL_EVP_PKEY_assign), - TEST_DECL(test_wolfSSL_EVP_PKEY_assign_DH), - TEST_DECL(test_wolfSSL_EVP_PKEY_base_id), - TEST_DECL(test_wolfSSL_EVP_PKEY_id), - TEST_DECL(test_wolfSSL_EVP_PKEY_paramgen), - TEST_DECL(test_wolfSSL_EVP_PKEY_keygen), - TEST_DECL(test_wolfSSL_EVP_PKEY_keygen_init), - TEST_DECL(test_wolfSSL_EVP_PKEY_missing_parameters), - TEST_DECL(test_wolfSSL_EVP_PKEY_copy_parameters), - TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits), - TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_new_id), - TEST_DECL(test_wolfSSL_EVP_PKEY_get0_EC_KEY), -#endif - - TEST_DECL(test_EVP_PKEY_rsa), - TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), - TEST_DECL(test_EVP_PKEY_ec), - TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt), - TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_rsa), - TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_dsa), - TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_ec), - TEST_DECL(test_EVP_PKEY_cmp), - -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_EVP_SignInit_ex), - TEST_DECL(test_wolfSSL_EVP_PKEY_param_check), - TEST_DECL(test_wolfSSL_QT_EVP_PKEY_CTX_free), -#endif - TEST_DECL(test_wolfSSL_EVP_PBE_scrypt), - TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert), #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) TEST_DECL(test_wolfSSL_ERR_peek_last_error_line), #endif @@ -51069,156 +35373,60 @@ TEST_DECL(test_wolfSSL_OtherName), TEST_DECL(test_wolfSSL_FPKI), TEST_DECL(test_wolfSSL_URI), - TEST_DECL(test_wolfSSL_TBS), - - TEST_DECL(test_wolfSSL_X509_STORE_CTX), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), - TEST_DECL(test_X509_STORE_untrusted), -#if defined(OPENSSL_ALL) && !defined(NO_RSA) - TEST_DECL(test_X509_STORE_InvalidCa), -#endif - TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer), - TEST_DECL(test_wolfSSL_X509_STORE_set_flags), - TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), - TEST_DECL(test_wolfSSL_X509_Name_canon), - TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file), - TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), - TEST_DECL(test_wolfSSL_X509_NID), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time), - TEST_DECL(test_wolfSSL_get0_param), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host), - TEST_DECL(test_wolfSSL_set1_host), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip), - TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store), - TEST_DECL(test_wolfSSL_X509_STORE), - TEST_DECL(test_wolfSSL_X509_STORE_load_locations), - TEST_DECL(test_X509_STORE_get0_objects), - TEST_DECL(test_wolfSSL_X509_load_crl_file), - TEST_DECL(test_wolfSSL_X509_STORE_get1_certs), - TEST_DECL(test_wolfSSL_X509_STORE_set_get_crl), - TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object), - TEST_DECL(test_wolfSSL_X509_cmp_time), - TEST_DECL(test_wolfSSL_X509_time_adj), /* X509 tests */ - TEST_DECL(test_wolfSSL_X509_subject_name_hash), - TEST_DECL(test_wolfSSL_X509_issuer_name_hash), - TEST_DECL(test_wolfSSL_X509_check_host), - TEST_DECL(test_wolfSSL_X509_check_email), - TEST_DECL(test_wolfSSL_X509_check_private_key), - TEST_DECL(test_wolfSSL_X509), - TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM), - TEST_DECL(test_wolfSSL_X509_sign), - TEST_DECL(test_wolfSSL_X509_sign2), - TEST_DECL(test_wolfSSL_X509_verify), - TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg), + TEST_OSSL_X509_DECLS, + TEST_OSSL_X509_NAME_DECLS, + TEST_OSSL_X509_EXT_DECLS, + TEST_OSSL_X509_PK_DECLS, + TEST_OSSL_X509_VFY_PARAMS_DECLS, + TEST_OSSL_X509_IO_DECLS, + TEST_OSSL_X509_CRYPTO_DECLS, + TEST_OSSL_X509_ACERT_DECLS, + TEST_OSSL_X509_INFO_DECLS, + TEST_DECL(test_wolfSSL_X509_ALGOR_get0), - TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY), - TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA), - TEST_DECL(test_wolfSSL_X509_PUBKEY_EC), - TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA), - TEST_DECL(test_wolfSSL_PEM_write_bio_X509), - TEST_DECL(test_wolfSSL_X509_NAME_get_entry), - TEST_DECL(test_wolfSSL_X509_NAME), - TEST_DECL(test_wolfSSL_X509_NAME_hash), - TEST_DECL(test_wolfSSL_X509_NAME_print_ex), - TEST_DECL(test_wolfSSL_X509_NAME_ENTRY), - TEST_DECL(test_wolfSSL_X509_set_name), - TEST_DECL(test_wolfSSL_X509_set_notAfter), - TEST_DECL(test_wolfSSL_X509_set_notBefore), - TEST_DECL(test_wolfSSL_X509_set_version), - TEST_DECL(test_wolfSSL_X509_get_serialNumber), - TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID), - TEST_DECL(test_wolfSSL_X509_CRL_distribution_points), TEST_DECL(test_wolfSSL_X509_SEP), + TEST_DECL(test_wolfSSL_X509_set_extensions), TEST_DECL(test_wolfSSL_X509_CRL), - TEST_DECL(test_wolfSSL_i2d_X509), - TEST_DECL(test_wolfSSL_PEM_read_X509), - TEST_DECL(test_wolfSSL_X509_check_ca), - TEST_DECL(test_wolfSSL_X509_check_ip_asc), - TEST_DECL(test_wolfSSL_X509_bad_altname), - TEST_DECL(test_wolfSSL_X509_name_match), - TEST_DECL(test_wolfSSL_X509_name_match2), - TEST_DECL(test_wolfSSL_X509_name_match3), - TEST_DECL(test_wolfSSL_X509_max_altnames), - TEST_DECL(test_wolfSSL_X509_max_name_constraints), - TEST_DECL(test_wolfSSL_make_cert), - - /* X509 ACERT tests */ - TEST_DECL(test_wolfSSL_X509_ACERT_verify), - TEST_DECL(test_wolfSSL_X509_ACERT_misc_api), - TEST_DECL(test_wolfSSL_X509_ACERT_buffer), - TEST_DECL(test_wolfSSL_X509_ACERT_new_and_sign), - TEST_DECL(test_wolfSSL_X509_ACERT_asn), - -#ifndef NO_BIO - TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), - TEST_DECL(test_wolfSSL_X509_INFO), - TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio), - TEST_DECL(test_wolfSSL_PEM_X509_INFO_read), -#endif - -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_X509_PUBKEY_get), - TEST_DECL(test_wolfSSL_X509_set_pubkey), -#endif - - TEST_DECL(test_wolfSSL_X509_CA_num), - TEST_DECL(test_x509_get_key_id), - TEST_DECL(test_wolfSSL_X509_get_version), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_print), TEST_DECL(test_wolfSSL_X509_CRL_print), #endif - TEST_DECL(test_X509_get_signature_nid), - /* X509 extension testing. */ - TEST_DECL(test_wolfSSL_X509_get_extension_flags), - TEST_DECL(test_wolfSSL_X509_get_ext), - TEST_DECL(test_wolfSSL_X509_get_ext_by_NID), - TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name), - TEST_DECL(test_wolfSSL_X509_get_ext_count), - TEST_DECL(test_wolfSSL_X509_stack_extensions), - TEST_DECL(test_wolfSSL_X509_set_ext), - TEST_DECL(test_wolfSSL_X509_add_ext), - TEST_DECL(test_wolfSSL_X509_EXTENSION_new), - TEST_DECL(test_wolfSSL_X509_EXTENSION_dup), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data), - TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical), - TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ), - TEST_DECL(test_wolfSSL_X509V3_set_ctx), - TEST_DECL(test_wolfSSL_X509V3_EXT_get), - TEST_DECL(test_wolfSSL_X509V3_EXT_nconf), - TEST_DECL(test_wolfSSL_X509V3_EXT), - TEST_DECL(test_wolfSSL_X509V3_EXT_bc), - TEST_DECL(test_wolfSSL_X509V3_EXT_san), - TEST_DECL(test_wolfSSL_X509V3_EXT_aia), - TEST_DECL(test_wolfSSL_X509V3_EXT_print), - TEST_DECL(test_wolfSSL_X509_cmp), + + /* X509 Store tests */ + TEST_OSSL_X509_STORE_DECLS, + TEST_OSSL_X509_LOOKUP_DECLS, TEST_DECL(test_GENERAL_NAME_set0_othername), + TEST_DECL(test_RID_GENERAL_NAME_free), + TEST_DECL(test_RID_X509_get_ext_d2i), TEST_DECL(test_othername_and_SID_ext), TEST_DECL(test_wolfSSL_dup_CA_list), /* OpenSSL sk_X509 API test */ TEST_DECL(test_sk_X509), /* OpenSSL sk_X509_CRL API test */ - TEST_DECL(test_sk_X509_CRL), + TEST_DECL(test_sk_X509_CRL_decode), +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) + TEST_DECL(test_wolfSSL_X509_CRL_add_revoked_oversized_revocation_date), +#endif +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) + TEST_DECL(test_wolfSSL_X509_CRL_reason_critical_boolean), +#endif + TEST_DECL(test_sk_X509_CRL_encode), + TEST_DECL(test_wolfSSL_X509_CRL_sign_large), + TEST_DECL(test_wc_MakeCRL_max_crlnum), /* OpenSSL X509 REQ API test */ TEST_DECL(test_wolfSSL_d2i_X509_REQ), TEST_DECL(test_X509_REQ), TEST_DECL(test_wolfSSL_X509_REQ_print), - /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */ - TEST_DECL(test_X509_STORE_No_SSL_CTX), - TEST_DECL(test_X509_LOOKUP_add_dir), - /* RAND compatibility API */ - TEST_DECL(test_wolfSSL_RAND_set_rand_method), - TEST_DECL(test_wolfSSL_RAND_bytes), - TEST_DECL(test_wolfSSL_RAND), - TEST_DECL(test_wolfSSL_RAND_poll), + TEST_OSSL_RAND_DECLS, /* BN compatibility API */ TEST_OSSL_ASN1_BN_DECLS, @@ -51231,21 +35439,10 @@ TEST_DECL(test_wolfSSL_PKCS8_d2i), /* OpenSSL PKCS7 API test */ - TEST_DECL(test_wolfssl_PKCS7), - TEST_DECL(test_wolfSSL_PKCS7_certs), - TEST_DECL(test_wolfSSL_PKCS7_sign), - TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new), -#ifndef NO_BIO - TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7), - TEST_DECL(test_wolfSSL_PEM_write_bio_encryptedKey), -#ifdef HAVE_SMIME - TEST_DECL(test_wolfSSL_SMIME_read_PKCS7), - TEST_DECL(test_wolfSSL_SMIME_write_PKCS7), -#endif /* HAVE_SMIME */ -#endif /* !NO_BIO */ - + TEST_OSSL_PKCS7_DECLS, + TEST_OSSL_SMIME_DECLS, /* OpenSSL PKCS12 API test */ - TEST_DECL(test_wolfSSL_PKCS12), + TEST_OSSL_PKCS12_DECLS, /* Can't memory test as callbacks use Assert. */ TEST_DECL(test_error_queue_per_thread), @@ -51255,15 +35452,7 @@ TEST_DECL(test_wolfSSL_ERR_print_errors), #endif - TEST_DECL(test_OBJ_NAME_do_all), - TEST_DECL(test_wolfSSL_OBJ), - TEST_DECL(test_wolfSSL_OBJ_cmp), - TEST_DECL(test_wolfSSL_OBJ_txt2nid), - TEST_DECL(test_wolfSSL_OBJ_txt2obj), -#ifdef OPENSSL_ALL - TEST_DECL(test_wolfSSL_OBJ_ln), - TEST_DECL(test_wolfSSL_OBJ_sn), -#endif + TEST_OSSL_OBJ_DECLS, #ifndef NO_BIO TEST_OSSL_BIO_DECLS, @@ -51271,11 +35460,14 @@ TEST_DECL(test_wolfSSL_check_domain), TEST_DECL(test_wolfSSL_check_domain_basic), + TEST_DECL(test_wolfSSL_check_ip_param_basic), + TEST_DECL(test_wolfSSL_check_ip_address_basic), TEST_DECL(test_wolfSSL_cert_cb), TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers), TEST_DECL(test_wolfSSL_ciphersuite_auth), TEST_DECL(test_wolfSSL_sigalg_info), /* Can't memory test as tcp_connect aborts. */ + TEST_DECL(test_wolfSSL_d2i_SSL_SESSION_bounds_check), TEST_DECL(test_wolfSSL_SESSION), TEST_DECL(test_wolfSSL_SESSION_expire_downgrade), TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb), @@ -51298,6 +35490,9 @@ TEST_DECL(test_wolfSSL_OCSP_resp_get0), TEST_DECL(test_wolfSSL_OCSP_parse_url), TEST_DECL(test_wolfSSL_OCSP_REQ_CTX), + TEST_DECL(test_wolfSSL_X509_get1_ca_issuers), + TEST_DECL(test_wolfSSL_X509_get1_aia_multi), + TEST_DECL(test_wolfSSL_X509_get1_aia_overflow), TEST_DECL(test_wolfSSL_PEM_read), @@ -51325,6 +35520,7 @@ #ifdef OPENSSL_ALL TEST_DECL(test_wolfSSL_sk_CIPHER_description), TEST_DECL(test_wolfSSL_get_ciphers_compat), + TEST_DECL(test_wolfSSL_get_ciphers_compat_empty), TEST_DECL(test_wolfSSL_CTX_ctrl), #endif /* OPENSSL_ALL */ @@ -51357,26 +35553,9 @@ /********************************* * CertManager API tests *********************************/ + TEST_CERTMAN_DECLS, - TEST_DECL(test_wolfSSL_CertManagerAPI), - TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer), - TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex), - TEST_DECL(test_wolfSSL_CertManagerLoadCABufferType), - TEST_DECL(test_wolfSSL_CertManagerGetCerts), - TEST_DECL(test_wolfSSL_CertManagerSetVerify), - TEST_DECL(test_wolfSSL_CertManagerNameConstraint), - TEST_DECL(test_wolfSSL_CertManagerNameConstraint2), - TEST_DECL(test_wolfSSL_CertManagerNameConstraint3), - TEST_DECL(test_wolfSSL_CertManagerNameConstraint4), - TEST_DECL(test_wolfSSL_CertManagerNameConstraint5), - TEST_DECL(test_wolfSSL_CertManagerCRL), - TEST_DECL(test_wolfSSL_CRL_duplicate_extensions), - TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), -#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \ - defined(WOLFSSL_PEM_TO_DER) - TEST_DECL(test_various_pathlen_chains), -#endif /********************************* * SSL/TLS API tests @@ -51400,6 +35579,9 @@ TEST_DECL(test_wolfSSL_tmp_dh), TEST_DECL(test_wolfSSL_ctrl), + TEST_DECL(test_wolfSSL_get0_param), + TEST_DECL(test_wolfSSL_set1_host), + #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ @@ -51428,6 +35610,7 @@ TEST_DECL(test_EccSigFailure_cm), TEST_DECL(test_RsaSigFailure_cm), #endif + TEST_DECL(test_wc_CheckPrivateKey_RSA_pub_only), /* PKCS8 testing */ TEST_DECL(test_wolfSSL_no_password_cb), @@ -51455,6 +35638,10 @@ TEST_DECL(test_SSL_CIPHER_get_xxx), TEST_DECL(test_wolfSSL_ERR_strings), TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), + TEST_DECL(test_wolfSSL_set_cipher_list_tls12_keeps_tls13), + TEST_DECL(test_wolfSSL_set_cipher_list_tls13_keeps_tls12), + TEST_DECL(test_wolfSSL_set_cipher_list_tls12_with_version), + TEST_DECL(test_wolfSSL_set_cipher_list_tls13_with_version), TEST_DECL(test_wolfSSL_CTX_use_certificate), TEST_DECL(test_wolfSSL_CTX_use_certificate_file), TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), @@ -51466,6 +35653,7 @@ TEST_DECL(test_wolfSSL_CTX_load_verify_locations), /* Large number of memory allocations. */ TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), + TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert), #if defined(HAVE_CERT_CHAIN_VALIDATION) && \ !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) @@ -51475,11 +35663,13 @@ TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), + TEST_DECL(test_wolfSSL_add_to_chain_overflow), TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), TEST_DECL(test_wolfSSL_use_certificate_chain_file), TEST_DECL(test_wolfSSL_CTX_trust_peer_cert), TEST_DECL(test_wolfSSL_CTX_LoadCRL), + TEST_DECL(test_wolfSSL_CTX_LoadCRL_largeCRLnum), TEST_DECL(test_wolfSSL_crl_update_cb), TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file), TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer), @@ -51516,6 +35706,7 @@ TEST_DECL(test_wolfSSL_tls_export), #endif TEST_DECL(test_wolfSSL_dtls_export_peers), + TEST_DECL(test_wolfSSL_dtls_import_state_extra_window_words), TEST_DECL(test_wolfSSL_SetMinVersion), TEST_DECL(test_wolfSSL_CTX_SetMinVersion), @@ -51563,22 +35754,38 @@ #ifdef HAVE_ALPN_PROTOS_SUPPORT /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_set_alpn_protos), + TEST_DECL(test_wolfSSL_select_next_proto), #endif TEST_DECL(test_tls_ems_downgrade), TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_certificate_authorities_certificate_request), TEST_DECL(test_certificate_authorities_client_hello), + TEST_DECL(test_TLSX_TCA_Find), + TEST_DECL(test_TLSX_SNI_GetSize_overflow), TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), TEST_DECL(test_wolfSSL_SCR_Reconnect), + TEST_DECL(test_wolfSSL_SCR_check_enabled), TEST_DECL(test_tls_ext_duplicate), TEST_DECL(test_tls_bad_legacy_version), -#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \ - defined(HAVE_IO_TESTS_DEPENDENCIES) +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) +#if defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_Tls13_ECH_params), + TEST_DECL(test_wolfSSL_Tls13_ECH_params_b64), /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_Tls13_ECH), TEST_DECL(test_wolfSSL_Tls13_ECH_HRR), + TEST_DECL(test_wolfSSL_SubTls13_ECH), +#endif +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + TEST_DECL(test_wolfSSL_Tls13_ECH_all_algos), + TEST_DECL(test_wolfSSL_Tls13_ECH_no_private_name), + TEST_DECL(test_wolfSSL_Tls13_ECH_bad_configs), + TEST_DECL(test_wolfSSL_Tls13_ECH_new_config), + TEST_DECL(test_wolfSSL_Tls13_ECH_GREASE), + TEST_DECL(test_wolfSSL_Tls13_ECH_disable_conn), #endif + TEST_DECL(test_wolfSSL_Tls13_ECH_enable_disable), +#endif /* WOLFSSL_TLS13 && HAVE_ECH */ TEST_DECL(test_wolfSSL_X509_TLS_version_test_1), TEST_DECL(test_wolfSSL_X509_TLS_version_test_2), @@ -51607,6 +35814,7 @@ TEST_DECL(test_wolfSSL_dtls_bad_record), /* Uses Assert in handshake callback. */ TEST_DECL(test_wolfSSL_dtls_stateless), + TEST_DECL(test_wolfSSL_dtls_stateless_hrr_group), TEST_DECL(test_generate_cookie), #ifndef NO_BIO @@ -51654,10 +35862,12 @@ #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ && defined(WOLFSSL_TLS13) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ + && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) TEST_DECL(test_ticket_nonce_malloc), #endif TEST_DECL(test_ticket_ret_create), + TEST_DECL(test_ticket_enc_corrupted), TEST_DECL(test_wrong_cs_downgrade), TEST_DECL(test_extra_alerts_wrong_cs), TEST_DECL(test_extra_alerts_skip_hs), @@ -51695,9 +35905,12 @@ TEST_DECL(test_dtls12_missing_finished), TEST_DECL(test_dtls13_missing_finished_client), TEST_DECL(test_dtls13_missing_finished_server), + TEST_DECL(test_dtls13_finished_send_error_propagation), TEST_DTLS_DECLS, TEST_DECL(test_tls_multi_handshakes_one_record), TEST_DECL(test_write_dup), + TEST_DECL(test_write_dup_want_write), + TEST_DECL(test_write_dup_want_write_simul), TEST_DECL(test_read_write_hs), TEST_DECL(test_get_signature_nid), #ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION @@ -51710,9 +35923,26 @@ TEST_DECL(test_ocsp_basic_verify), TEST_DECL(test_ocsp_response_parsing), TEST_DECL(test_ocsp_certid_enc_dec), + TEST_DECL(test_ocsp_certid_dup), TEST_DECL(test_ocsp_tls_cert_cb), + TEST_DECL(test_ocsp_cert_unknown_crl_fallback), + TEST_DECL(test_ocsp_cert_unknown_crl_fallback_nonleaf), + TEST_DECL(test_tls13_nonblock_ocsp_low_mfl), + TEST_DECL(test_ocsp_responder), TEST_TLS_DECLS, TEST_DECL(test_wc_DhSetNamedKey), + TEST_DECL(test_DhAgree_rejects_p_minus_1), + TEST_DECL(test_ed448_rejects_identity_key), + TEST_DECL(test_pkcs7_decode_encrypted_outputsz), + TEST_DECL(test_pkcs7_ori_oversized_oid), + TEST_DECL(test_pkcs7_padding), + +#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_SNIFFER_CHAIN_INPUT) + TEST_DECL(test_sniffer_chain_input_overflow), +#endif + + TEST_DECL(test_mldsa_verify_hash), + TEST_DECL(test_dilithium_hash), /* This test needs to stay at the end to clean up any caches allocated. */ TEST_DECL(test_wolfSSL_Cleanup) }; @@ -51742,9 +35972,19 @@ void ApiTest_PrintTestCases(void) { int i; + const char* lastGroup = NULL; printf("All Test Cases:\n"); for (i = 0; i < TEST_CASE_CNT; i++) { + if ((lastGroup != NULL) && ((testCases[i].group == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf("End Group : %s\n", lastGroup); + } + if ((testCases[i].group != NULL) && ((lastGroup == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf("Begin Group: %s\n", testCases[i].group); + } + lastGroup = testCases[i].group; printf("%3d: %s\n", i + 1, testCases[i].name); } } @@ -51980,11 +36220,11 @@ if ((lastGroup != NULL) && ((testCases[i].group == NULL) || XSTRCMP(testCases[i].group, lastGroup) != 0)) { - printf(" Group %s DONE\n", lastGroup); + printf(" End Group : %s\n", lastGroup); } if ((testCases[i].group != NULL) && ((lastGroup == NULL) || XSTRCMP(testCases[i].group, lastGroup) != 0)) { - printf(" Group %s START\n", testCases[i].group); + printf(" Begin Group: %s\n", testCases[i].group); } lastGroup = testCases[i].group; @@ -52029,7 +36269,7 @@ } } if (lastGroup != NULL) { - printf(" Group %s DONE\n", lastGroup); + printf(" End Group : %s\n", lastGroup); } } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/tests/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -33,12 +33,14 @@ tests/test-tls13-down.conf \ tests/test-tls13-ecc.conf \ tests/test-tls13-psk.conf \ - tests/test-tls13-pq.conf \ + tests/test-tls13-pq-standalone.conf \ tests/test-tls13-pq-hybrid.conf \ - tests/test-dtls13-pq.conf \ - tests/test-dtls13-pq-frag.conf \ - tests/test-dtls13-pq-hybrid.conf \ + tests/test-tls13-pq-hybrid-extra.conf \ + tests/test-dtls13-pq-standalone.conf \ + tests/test-dtls13-pq-standalone-frag.conf \ tests/test-dtls13-pq-hybrid-frag.conf \ + tests/test-dtls13-pq-hybrid-extra.conf \ + tests/test-dtls13-pq-hybrid-extra-frag.conf \ tests/test-psk.conf \ tests/test-psk-no-id.conf \ tests/test-psk-no-id-sha2.conf \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/quic.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/quic.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/quic.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/quic.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* quic.c QUIC unit tests * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,6 +64,7 @@ return 1; } +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int dummy_set_encryption_secrets_fail(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, const uint8_t *read_secret, @@ -76,6 +77,7 @@ write_secret? "yes" : "no"); return 0; } +#endif static int dummy_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, @@ -115,21 +117,33 @@ static ctx_setups valids[] = { #ifdef WOLFSSL_TLS13 +#ifndef NO_WOLFSSL_SERVER { "TLSv1.3 server", wolfTLSv1_3_server_method, 1}, +#endif +#ifndef NO_WOLFSSL_CLIENT { "TLSv1.3 client", wolfTLSv1_3_client_method, 0}, #endif +#endif { NULL, NULL, 0} }; static ctx_setups invalids[] = { #ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_SERVER { "TLSv1.2 server", wolfTLSv1_2_server_method, 1}, +#endif +#ifndef NO_WOLFSSL_CLIENT { "TLSv1.2 client", wolfTLSv1_2_client_method, 0}, #endif +#endif #ifndef NO_OLD_TLS +#ifndef NO_WOLFSSL_SERVER { "TLSv1.1 server", wolfTLSv1_1_server_method, 1}, +#endif +#ifndef NO_WOLFSSL_CLIENT { "TLSv1.1 client", wolfTLSv1_1_client_method, 0}, #endif +#endif { NULL, NULL, 0} }; @@ -244,20 +258,7 @@ return EXPECT_RESULT(); } -static size_t fake_record(byte rtype, word32 rlen, uint8_t *rec) -{ - rec[0] = (uint8_t)rtype; - c32to24(rlen, rec+1); - return rlen + 4; -} - -static size_t shift_record(uint8_t *rec, size_t len, size_t written) -{ - len -= written; - XMEMMOVE(rec, rec+written, len); - return len; -} - +#if !defined(NO_WOLFSSL_CLIENT) static void dump_buffer(const char *name, const byte *p, size_t len, int indent) { size_t i = 0; @@ -276,6 +277,22 @@ } printf("\n%*s};\n", indent, " "); } +#endif + +#ifndef NO_WOLFSSL_CLIENT +static size_t fake_record(byte rtype, word32 rlen, uint8_t *rec) +{ + rec[0] = (uint8_t)rtype; + c32to24(rlen, rec+1); + return rlen + 4; +} + +static size_t shift_record(uint8_t *rec, size_t len, size_t written) +{ + len -= written; + XMEMMOVE(rec, rec+written, len); + return len; +} static void dump_ssl_buffers(WOLFSSL *ssl, FILE *fp) { @@ -505,12 +522,14 @@ ctx_send_alert, }; +#if !defined(NO_WOLFSSL_SERVER) static WOLFSSL_QUIC_METHOD ctx_method_fail = { dummy_set_encryption_secrets_fail, ctx_add_handshake_data, ctx_flush_flight, ctx_send_alert, }; +#endif static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx, const char *name, int verbose) @@ -542,6 +561,7 @@ (void)ctx_method; } +#if !defined(NO_WOLFSSL_SERVER) static void QuicTestContext_init_fail_cb(QuicTestContext *tctx, WOLFSSL_CTX *ctx, const char *name, int verbose) { @@ -571,6 +591,7 @@ } (void)ctx_method; } +#endif static void QuicTestContext_free(QuicTestContext *tctx) { @@ -703,15 +724,20 @@ *prlen = rlen + HANDSHAKE_HEADER_SZ; } +#if !defined(NO_WOLFSSL_SERVER) static void ext_dump(const byte *data, size_t data_len, int indent) { size_t idx = 0; word16 len16, etype, i; printf("%*sextensions:\n", indent, " "); - while (idx < data_len) { + while (idx + 4 <= data_len) { ato16(&data[idx], &etype); /* extension type */ ato16(&data[idx+2], &len16); /* extension length */ + if (idx + 4 + len16 > data_len) { + printf(" unexpected extension length\n"); + break; + } printf(" extension: %04x [", etype); for (i = 0; i < len16; ++i) { printf("%s0x%02x", (i? ", ": ""), data[idx+4+i]); @@ -720,6 +746,7 @@ idx += 2 + 2 + len16; } } +#endif static const byte *ext_find(const byte *data, size_t data_len, int ext_type) { @@ -742,6 +769,7 @@ return ext_find(data, data_len,ext_type) != NULL; } +#if !defined(NO_WOLFSSL_SERVER) static void ext_equals(const byte *data, size_t data_len, int ext_type, const byte *exp_data, size_t exp_len) { @@ -800,6 +828,7 @@ dump_buffer("", data, data_len, indent); } } +#endif static void check_quic_client_hello_tp(OutputBuffer *out, int tp_v1, int tp_draft) @@ -829,6 +858,7 @@ AssertTrue(!ext_has(exts, exts_len, TLSX_KEY_QUIC_TP_PARAMS_DRAFT) == !tp_draft); } +#if !defined(NO_WOLFSSL_SERVER) static void check_secrets(QuicTestContext *ctx, WOLFSSL_ENCRYPTION_LEVEL level, size_t rx_len, size_t tx_len) { @@ -1195,6 +1225,7 @@ } #endif /* HAVE_SESSION_TICKET */ +#endif static int test_quic_client_hello(int verbose) { EXPECT_DECLS; @@ -1252,7 +1283,9 @@ return EXPECT_RESULT(); } +#endif /* !NO_WOLFSSL_CLIENT */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int test_quic_server_hello(int verbose) { EXPECT_DECLS; WOLFSSL_CTX * ctx_c = NULL; @@ -1883,6 +1916,7 @@ return EXPECT_RESULT(); } #endif /* WOLFSSL_SESSION_EXPORT */ +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ #endif /* WOLFSSL_QUIC */ @@ -1891,13 +1925,24 @@ { int ret = 0; #ifdef WOLFSSL_QUIC +#ifndef NO_WOLFSSL_CLIENT int verbose = 0; +#endif + + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + printf("wolfSSL_Init() failed in QuicTest()."); + return -1; + } + printf(" Begin QUIC Tests\n"); if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave; +#ifndef NO_WOLFSSL_CLIENT if ((ret = test_provide_quic_data()) != TEST_SUCCESS) goto leave; if ((ret = test_quic_crypt()) != TEST_SUCCESS) goto leave; if ((ret = test_quic_client_hello(verbose)) != TEST_SUCCESS) goto leave; +#endif +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) if ((ret = test_quic_server_hello(verbose)) != TEST_SUCCESS) goto leave; if ((ret = test_quic_server_hello_fail(verbose)) != TEST_SUCCESS) goto leave; #ifdef REALLY_HAVE_ALPN_AND_SNI @@ -1911,12 +1956,15 @@ #endif /* WOLFSSL_EARLY_DATA */ if ((ret = test_quic_session_export(verbose)) != TEST_SUCCESS) goto leave; #endif /* HAVE_SESSION_TICKET */ +#endif leave: if (ret != TEST_SUCCESS) { printf(" FAILED: some tests did not pass.\n"); } printf(" End QUIC Tests\n"); + + (void)wolfSSL_Cleanup(); #endif return ret == TEST_SUCCESS ? 0 : -1; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/srp.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/srp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/srp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/srp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* srp.c SRP unit tests * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/suites.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/suites.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/suites.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/suites.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* suites.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -169,57 +169,161 @@ } #if defined(WOLFSSL_HAVE_MLKEM) + +#define MATCH_PQC(b, s, l) ((l) == sizeof(s) - 1 && \ + XSTRNCMP((b), (s), sizeof(s) - 1) == 0) + static int IsKyberLevelAvailable(const char* line) { int available = 0; - const char* find = "--pqc "; - const char* begin = strstr(line, find); - const char* end; + const char* begin = XSTRSTR(line, "--pqc"); + size_t len = 0; if (begin != NULL) { - begin += 6; - end = XSTRSTR(begin, " "); + begin += XSTRLEN("--pqc"); + while (*begin == ' ' || *begin == '\t') { + begin++; + } - #ifndef WOLFSSL_NO_ML_KEM - if ((size_t)end - (size_t)begin == 10) { + if (*begin != '\0') { + const char* end = begin; + while (*end != '\0' && *end != ' ' && *end != '\t') { + end++; + } + len = (size_t)(end - begin); + } + } + + if (begin != NULL && len > 0) { +#ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE #ifndef WOLFSSL_NO_ML_KEM_512 - if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) { + if (MATCH_PQC(begin, "ML_KEM_512", len)) { available = 1; } #endif #ifndef WOLFSSL_NO_ML_KEM_768 - if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) { + if (MATCH_PQC(begin, "ML_KEM_768", len)) { available = 1; } #endif - } #ifndef WOLFSSL_NO_ML_KEM_1024 - if ((size_t)end - (size_t)begin == 11) { - if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) { + if (MATCH_PQC(begin, "ML_KEM_1024", len)) { available = 1; } - } #endif - #endif - #ifdef WOLFSSL_MLKEM_KYBER - if ((size_t)end - (size_t)begin == 12) { + #endif /* WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP256r1MLKEM768", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519MLKEM768", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP384r1MLKEM1024", len)) { + available = 1; + } + #endif + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP256r1MLKEM512", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P256_ML_KEM_512_OLD", len)) { + available = 1; + } + #endif + #endif + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519MLKEM512", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP384r1MLKEM768", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P384_ML_KEM_768_OLD", len)) { + available = 1; + } + #endif + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + if (MATCH_PQC(begin, "X448MLKEM768", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) + if (MATCH_PQC(begin, "SecP521r1MLKEM1024", len)) { + available = 1; + } + #ifdef WOLFSSL_ML_KEM_USE_OLD_IDS + if (MATCH_PQC(begin, "P521_ML_KEM_1024_OLD", len)) { + available = 1; + } + #endif + #endif + #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ +#endif /* !WOLFSSL_NO_ML_KEM */ + +#ifdef WOLFSSL_MLKEM_KYBER #ifndef WOLFSSL_NO_KYBER512 - if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL1", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P256_KYBER_LEVEL1", len)) { available = 1; } #endif + #endif #ifndef WOLFSSL_NO_KYBER768 - if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL3", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P384_KYBER_LEVEL3", len)) { available = 1; } + if (MATCH_PQC(begin, "P256_KYBER_LEVEL3", len)) { + available = 1; + } + #endif #endif #ifndef WOLFSSL_NO_KYBER1024 - if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) { + if (MATCH_PQC(begin, "KYBER_LEVEL5", len)) { + available = 1; + } + #ifdef HAVE_ECC + if (MATCH_PQC(begin, "P521_KYBER_LEVEL5", len)) { available = 1; } #endif - } - #endif + #endif + #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519_KYBER_LEVEL1", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519) + if (MATCH_PQC(begin, "X25519_KYBER_LEVEL3", len)) { + available = 1; + } + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448) + if (MATCH_PQC(begin, "X448_KYBER_LEVEL3", len)) { + available = 1; + } + #endif +#endif /* WOLFSSL_MLKEM_KYBER */ } #if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \ @@ -909,6 +1013,10 @@ char argv0[3][80]; char* myArgv[3]; +#ifdef WOLFSSL_STATIC_MEMORY + byte memory[320000]; +#endif + printf(" Begin Cipher Suite Tests\n"); /* setup */ @@ -918,10 +1026,6 @@ args.argv = myArgv; XSTRLCPY(argv0[0], "SuiteTest", sizeof(argv0[0])); -#ifdef WOLFSSL_STATIC_MEMORY - byte memory[200000]; -#endif - cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (cipherSuiteCtx == NULL) { printf("can't get cipher suite ctx\n"); @@ -1024,8 +1128,9 @@ } #endif #ifdef HAVE_PQC - /* add TLSv13 pq tests */ - XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1])); + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE + /* add TLSv13 pq standalone tests */ + XSTRLCPY(argv0[1], "tests/test-tls13-pq-standalone.conf", sizeof(argv0[1])); printf("starting TLSv13 post-quantum groups tests\n"); test_harness(&args); if (args.return_code != 0) { @@ -1033,6 +1138,8 @@ args.return_code = EXIT_FAILURE; goto exit; } + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS /* add TLSv13 pq hybrid tests */ XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid.conf", sizeof(argv0[1])); printf("starting TLSv13 post-quantum groups tests\n"); @@ -1042,10 +1149,23 @@ args.return_code = EXIT_FAILURE; goto exit; } + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + /* add TLSv13 pq extra hybrid tests */ + XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid-extra.conf", sizeof(argv0[1])); + printf("starting TLSv13 post-quantum groups tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) - /* add DTLSv13 pq tests */ - XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1])); + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE + /* add DTLSv13 pq standalone tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-standalone.conf", sizeof(argv0[1])); printf("starting DTLSv13 post-quantum groups tests\n"); test_harness(&args); if (args.return_code != 0) { @@ -1053,8 +1173,10 @@ args.return_code = EXIT_FAILURE; goto exit; } - /* add DTLSv13 pq hybrid tests */ - XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid.conf", sizeof(argv0[1])); + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + /* add DTLSv13 pq extra hybrid tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-extra.conf", sizeof(argv0[1])); printf("starting DTLSv13 post-quantum 2 groups tests\n"); test_harness(&args); if (args.return_code != 0) { @@ -1062,9 +1184,11 @@ args.return_code = EXIT_FAILURE; goto exit; } + #endif #ifdef WOLFSSL_DTLS_CH_FRAG - /* add DTLSv13 pq frag tests */ - XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1])); + #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE + /* add DTLSv13 pq standalone frag tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-standalone-frag.conf", sizeof(argv0[1])); printf("starting DTLSv13 post-quantum groups tests with fragmentation\n"); test_harness(&args); if (args.return_code != 0) { @@ -1072,6 +1196,8 @@ args.return_code = EXIT_FAILURE; goto exit; } + #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ + #ifdef WOLFSSL_PQC_HYBRIDS /* add DTLSv13 pq hybrid frag tests */ XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-frag.conf", sizeof(argv0[1])); printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n"); @@ -1081,6 +1207,18 @@ args.return_code = EXIT_FAILURE; goto exit; } + #endif /* WOLFSSL_PQC_HYBRIDS */ + #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS + /* add DTLSv13 pq extra hybrid frag tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-extra-frag.conf", sizeof(argv0[1])); + printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif #endif #endif #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-frag.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-frag.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-frag.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-frag.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_768 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_768 - -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_1024 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_1024 - -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL3 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL3 - -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL5 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL5 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra-frag.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra-frag.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra-frag.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra-frag.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,95 @@ +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP384r1MLKEM768 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP384r1MLKEM768 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP521r1MLKEM1024 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP521r1MLKEM1024 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448MLKEM768 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448MLKEM768 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P384_KYBER_LEVEL3 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P384_KYBER_LEVEL3 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL3 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL3 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P521_KYBER_LEVEL5 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P521_KYBER_LEVEL5 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL3 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL3 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448_KYBER_LEVEL3 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448_KYBER_LEVEL3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-extra.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,51 @@ +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_ML_KEM_512 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_ML_KEM_512 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_ML_KEM_512 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_ML_KEM_512 + +# Hybrids with ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL1 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL1 + +# server DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL1 + +# client DTLSv1.3 with post-quantum hybrid group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL1 + +# Hybrids with KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-frag.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-frag.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-frag.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid-frag.conf 2026-05-24 09:58:33.000000000 +0000 @@ -2,18 +2,6 @@ -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc SecP384r1MLKEM768 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP384r1MLKEM768 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 --pqc SecP256r1MLKEM768 # client DTLSv1.3 with post-quantum hybrid group @@ -26,18 +14,6 @@ -u -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc SecP521r1MLKEM1024 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP521r1MLKEM1024 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 --pqc SecP384r1MLKEM1024 # client DTLSv1.3 with post-quantum hybrid group @@ -57,75 +33,3 @@ -v 4 -l TLS13-AES256-GCM-SHA384 --pqc X25519MLKEM768 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448MLKEM768 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448MLKEM768 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P384_KYBER_LEVEL3 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P384_KYBER_LEVEL3 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL3 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL3 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P521_KYBER_LEVEL5 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P521_KYBER_LEVEL5 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL3 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL3 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448_KYBER_LEVEL3 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448_KYBER_LEVEL3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-hybrid.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,51 +0,0 @@ -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_512 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_ML_KEM_512 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_512 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_ML_KEM_512 - -# Hybrids with ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL1 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL1 - -# server DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL1 - -# client DTLSv1.3 with post-quantum hybrid group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL1 - -# Hybrids with KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone-frag.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone-frag.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone-frag.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone-frag.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,47 @@ +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_768 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_768 + +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_1024 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_1024 + +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL3 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL3 + +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL5 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL5 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq-standalone.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_512 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_512 + +# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. + +# server DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL1 + +# client DTLSv1.3 with post-quantum group +-u +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL1 + +# KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-dtls13-pq.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-dtls13-pq.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,27 +0,0 @@ -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_512 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_512 - -# ML_KEM_768 and ML_KEM_1024 would fragment the ClientHello. - -# server DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL1 - -# client DTLSv1.3 with post-quantum group --u --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL1 - -# KYBER_LEVEL3 and KYBER_LEVEL5 would fragment the ClientHello. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-ecc-cust-curves.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-ecc-cust-curves.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-ecc-cust-curves.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-ecc-cust-curves.conf 2026-05-24 09:58:33.000000000 +0000 @@ -49,7 +49,7 @@ -A ./certs/ecc/client-secp256k1-cert.pem -V -# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth) +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth) -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ecc/client-secp256k1-cert.pem @@ -65,7 +65,7 @@ -A ./certs/ecc/client-secp256k1-cert.pem -V -# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth) +# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth) -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/ecc/client-secp256k1-cert.pem @@ -73,7 +73,7 @@ -A ./certs/ecc/server-secp256k1-cert.pem -C -# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth) +# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth) -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ecc/server-secp256k1-cert.pem @@ -81,7 +81,7 @@ -A ./certs/ecc/client-secp256k1-cert.pem -V -# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth) +# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth) -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ecc/client-secp256k1-cert.pem @@ -140,7 +140,7 @@ -A ./certs/ecc/client-bp256r1-cert.pem -V -# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutal auth) +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (mutual auth) -v 3 -l ECDHE-ECDSA-AES128-GCM-SHA256 -c ./certs/ecc/client-bp256r1-cert.pem @@ -156,7 +156,7 @@ -A ./certs/ecc/client-bp256r1-cert.pem -V -# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutal auth) +# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 (static - mutual auth) -v 3 -l ECDH-ECDSA-AES128-GCM-SHA256 -c ./certs/ecc/client-bp256r1-cert.pem @@ -164,7 +164,7 @@ -A ./certs/ecc/server-bp256r1-cert.pem -C -# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth) +# server TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth) -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ecc/server-bp256r1-cert.pem @@ -172,7 +172,7 @@ -A ./certs/ecc/client-bp256r1-cert.pem -V -# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutal auth) +# client TLSv1.3 TLS13-AES128-GCM-SHA256 (mutual auth) -v 4 -l TLS13-AES128-GCM-SHA256 -c ./certs/ecc/client-bp256r1-cert.pem @@ -180,6 +180,52 @@ -A ./certs/ecc/server-bp256r1-cert.pem -C +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/ecc/server-bp256r1-cert.pem +-k ./certs/ecc/bp256r1-key.pem +-d + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 (brainpool key share) +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ecc/server-bp256r1-cert.pem +-x +-C +--bpKs + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l "TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256" +-c ./certs/ecc/server-bp256r1-cert.pem +-k ./certs/ecc/bp256r1-key.pem +-d + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 (brainpool key share; downgrade) +-v d +-l "TLS13-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256" +-A ./certs/ecc/server-bp256r1-cert.pem +-x +-C +--bpKs +-7 3 + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/ecc/server-bp256r1-cert.pem +-k ./certs/ecc/bp256r1-key.pem +-d + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 (brainpool key share) +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ecc/server-bp256r1-cert.pem +-x +-C +--bpKs + # -- SECP256K1 without OID inside PKCS#8 -- # server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 -v 3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-fails.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-fails.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-fails.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-fails.conf 2026-05-24 09:58:33.000000000 +0000 @@ -183,6 +183,7 @@ -c ./certs/server-ecc.pem -k ./certs/ecc-key.pem -A ./certs/client-cert.pem +-H verifyFail -H exitWithRet # client diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-maxfrag-dtls.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag-dtls.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-maxfrag-dtls.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag-dtls.conf 2026-05-24 09:58:33.000000000 +0000 @@ -202,14 +202,3 @@ -v 3 -l ECDHE-RSA-AES256-GCM-SHA384 -F 6 - -# server DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 --u --v 3 --l DHE-RSA-AES256-GCM-SHA384 - -# client DTLSv1.2 DHE-RSA-AES256-GCM-SHA384 --u --v 3 --l DHE-RSA-AES256-GCM-SHA384 --F 6 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-maxfrag.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-maxfrag.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-maxfrag.conf 2026-05-24 09:58:33.000000000 +0000 @@ -172,15 +172,6 @@ # server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 -v 3 -l DHE-RSA-AES256-GCM-SHA384 - -# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 --v 3 --l DHE-RSA-AES256-GCM-SHA384 --F 6 - -# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 --v 3 --l DHE-RSA-AES256-GCM-SHA384 -6 # client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid-extra.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid-extra.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid-extra.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid-extra.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,119 @@ +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP256r1MLKEM512 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP256r1MLKEM512 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP384r1MLKEM768 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP384r1MLKEM768 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP521r1MLKEM1024 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc SecP521r1MLKEM1024 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519MLKEM512 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519MLKEM512 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448MLKEM768 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448MLKEM768 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL1 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL1 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P384_KYBER_LEVEL3 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P384_KYBER_LEVEL3 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL3 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P256_KYBER_LEVEL3 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P521_KYBER_LEVEL5 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc P521_KYBER_LEVEL5 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL1 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL1 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL3 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X25519_KYBER_LEVEL3 + +# server TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448_KYBER_LEVEL3 + +# client TLSv1.3 with post-quantum hybrid group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc X448_KYBER_LEVEL3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-hybrid.conf 2026-05-24 09:58:33.000000000 +0000 @@ -1,26 +1,6 @@ # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc SecP256r1MLKEM512 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP256r1MLKEM512 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP384r1MLKEM768 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP384r1MLKEM768 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 --pqc SecP256r1MLKEM768 # client TLSv1.3 with post-quantum hybrid group @@ -31,16 +11,6 @@ # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc SecP521r1MLKEM1024 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc SecP521r1MLKEM1024 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 --pqc SecP384r1MLKEM1024 # client TLSv1.3 with post-quantum hybrid group @@ -51,99 +21,9 @@ # server TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 ---pqc X25519MLKEM512 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519MLKEM512 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 --pqc X25519MLKEM768 # client TLSv1.3 with post-quantum hybrid group -v 4 -l TLS13-AES256-GCM-SHA384 --pqc X25519MLKEM768 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448MLKEM768 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448MLKEM768 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL1 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL1 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P384_KYBER_LEVEL3 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P384_KYBER_LEVEL3 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL3 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P256_KYBER_LEVEL3 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P521_KYBER_LEVEL5 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc P521_KYBER_LEVEL5 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL1 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL1 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL3 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X25519_KYBER_LEVEL3 - -# server TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448_KYBER_LEVEL3 - -# client TLSv1.3 with post-quantum hybrid group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc X448_KYBER_LEVEL3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-standalone.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-standalone.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq-standalone.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq-standalone.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,60 @@ +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_512 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_512 + +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_768 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_768 + +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_1024 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc ML_KEM_1024 + +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL1 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL1 + +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL3 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL3 + +# server TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL5 + +# client TLSv1.3 with post-quantum group +-v 4 +-l TLS13-AES256-GCM-SHA384 +--pqc KYBER_LEVEL5 + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq.conf mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/test-tls13-pq.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/test-tls13-pq.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,60 +0,0 @@ -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_512 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_512 - -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_768 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_768 - -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_1024 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc ML_KEM_1024 - -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL1 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL1 - -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL3 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL3 - -# server TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL5 - -# client TLSv1.3 with post-quantum group --v 4 --l TLS13-AES256-GCM-SHA384 ---pqc KYBER_LEVEL5 - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/unit.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/unit.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -273,6 +273,7 @@ } printf("wolfCrypt unit test completed successfully.\n\n"); + fflush(stdout); } #endif @@ -282,6 +283,7 @@ { if (apiTesting) { ret = ApiTest(); + fflush(stdout); if (ret != 0) goto exit; } @@ -291,20 +293,25 @@ } #ifdef WOLFSSL_W64_WRAPPER - if ((ret = w64wrapper_test()) != 0) { + ret = w64wrapper_test(); + fflush(stdout); + if (ret != 0) { fprintf(stderr, "w64wrapper test failed with %d\n", ret); goto exit; } #endif /* WOLFSSL_W64_WRAPPER */ #ifdef WOLFSSL_QUIC - if ((ret = QuicTest()) != 0) { + ret = QuicTest(); + fflush(stdout); + if (ret != 0) { fprintf(stderr, "quic test failed with %d\n", ret); goto exit; } #endif SrpTest(); + fflush(stdout); } #if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ @@ -324,6 +331,25 @@ err_sys("Failed to free netRandom context"); #endif /* HAVE_WNR */ +#ifdef WOLFSSL_TRACK_MEMORY + if (ret == 0) { + ret = wolfSSL_Cleanup(); /* no-op in a successful full run. */ + + if (ret == WOLFSSL_SUCCESS) + ret = 0; + else + fprintf(stderr, "wolfSSL_Cleanup() returned %d\n", ret); + + if (wc_MemStats_Ptr->currentBytes > 0) + { + fprintf(stderr, + "WOLFSSL_TRACK_MEMORY: currentBytes after cleanup is %ld\n", + wc_MemStats_Ptr->currentBytes); + ret = MEMORY_E; + } + } +#endif + if (ret == 0) { puts("\nunit_test: Success for all configured tests."); fflush(stdout); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/unit.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/unit.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/unit.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* unit.c API unit tests driver * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/utils.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/utils.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* utils.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -21,6 +21,7 @@ #include #include +#include #ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES @@ -79,12 +80,12 @@ #ifdef WOLFSSL_DUMP_MEMIO_STREAM { char dump_file_name[64]; - WOLFSSL_BIO *dump_file; + XFILE dump_file; sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName); - dump_file = wolfSSL_BIO_new_file(dump_file_name, "a"); - if (dump_file != NULL) { - (void)wolfSSL_BIO_write(dump_file, data, sz); - wolfSSL_BIO_free(dump_file); + dump_file = XFOPEN(dump_file_name, "ab"); + if (dump_file != XBADFILE) { + (void)XFWRITE(data, 1, (size_t)sz, dump_file); + XFCLOSE(dump_file); } } #endif @@ -182,9 +183,16 @@ } else { err = wolfSSL_get_error(ssl_c, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) + if (err == WC_NO_ERR_TRACE(MP_WOULDBLOCK)) { + /* retry non-blocking math */ + } + else if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "memio client error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); return -1; + } } } if (!hs_s) { @@ -196,9 +204,16 @@ } else { err = wolfSSL_get_error(ssl_s, ret); - if (err != WOLFSSL_ERROR_WANT_READ && - err != WOLFSSL_ERROR_WANT_WRITE) + if (err == WC_NO_ERR_TRACE(MP_WOULDBLOCK)) { + /* retry non-blocking math */ + } + else if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "memio server error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); return -1; + } } } handshake_complete = hs_c && hs_s; @@ -770,3 +785,25 @@ } #endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES */ + +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_UNIT_TEST_CERTS) +/* Used when debugging name constraint tests. Not static to allow use in + * multiple locations with complex define guards. */ +void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + PEM_write_bio_X509(out, x509); + BIO_free(out); + } +} +void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + BIO_write(out, der, derSz); + BIO_free(out); + } +} +#endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/utils.h mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/utils.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/utils.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* utils.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,11 @@ #ifndef TESTS_UTILS_H #define TESTS_UTILS_H +#ifdef WOLFSSL_DUMP_MEMIO_STREAM +extern char tmpDirName[16]; +extern const char* currentTestName; +#endif + #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ (!defined(NO_RSA) || defined(HAVE_RPK)) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ @@ -82,4 +87,13 @@ int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz); #endif +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_UNIT_TEST_CERTS) +void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName); +void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); +#else +#define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING +#define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING +#endif + #endif /* TESTS_UTILS_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/tests/w64wrapper.c mariadb-11.8.8/extra/wolfssl/wolfssl/tests/w64wrapper.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/tests/w64wrapper.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/tests/w64wrapper.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* w64wrapper.c w64wrapper unit tests * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -12,6 +12,7 @@ examples/echoclient/echoclient.c \ examples/echoserver/echoserver.c \ examples/server/server.c \ + examples/ocsp_responder/ocsp_responder.c \ testsuite/testsuite.c testsuite_testsuite_test_CFLAGS = -DNO_MAIN_DRIVER $(AM_CFLAGS) $(WOLFSENTRY_INCLUDE) testsuite_testsuite_test_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) $(WOLFSENTRY_LIB) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/testsuite.c mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/testsuite.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* testsuite.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -51,6 +51,10 @@ #include #include #include +#if defined(HAVE_OCSP) && defined(HAVE_OCSP_RESPONDER) && \ + !defined(NO_FILESYSTEM) +#include +#endif #include /* include source file to not change all the testsuite build systems */ @@ -73,6 +77,12 @@ defined(HAVE_CRL) && defined(HAVE_CRL_MONITOR) static int test_crl_monitor(void); #endif +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && !defined(NETOS) && defined(HAVE_OCSP) && \ + defined(HAVE_OCSP_RESPONDER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) +static int test_ocsp_responder(void); +#endif static void show_ciphers(void); static void cleanup_output(void); static int validate_cleanup_output(void); @@ -244,6 +254,17 @@ } #endif +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && !defined(NETOS) && defined(HAVE_OCSP) && \ + defined(HAVE_OCSP_RESPONDER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ret = test_ocsp_responder(); + if (ret != 0) { + cleanup_output(); + return ret; + } +#endif + #endif /* !NETOS */ show_ciphers(); @@ -341,7 +362,6 @@ for (i = 0; i < CRL_MONITOR_TEST_ROUNDS; i++) { int expectFail; if (i % 2 == 0) { - /* succeed on even rounds */ (void)XSNPRINTF(buf, sizeof(buf), "%s/%s", tmpDir, "crl.pem"); if (STAGE_FILE("certs/crl/crl.pem", buf) != 0) { @@ -384,7 +404,11 @@ fprintf(stderr, "[%d] Failed to remove file %s\n", i, buf); goto cleanup; } + #ifndef WOLFSSL_NO_CLIENT_AUTH expectFail = 1; + #else + expectFail = 0; + #endif } /* Give server a moment to register the file change */ XSLEEP_MS(100); @@ -422,6 +446,159 @@ #endif #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && !defined(NETOS) && defined(HAVE_OCSP) && \ + defined(HAVE_OCSP_RESPONDER) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + +/* Run a single OCSP-responder-backed stapling test. + * serverCert - path to the TLS server certificate (chain file) + * serverKey - path to the TLS server private key + * expectPass - non-zero if the client handshake should succeed + * Returns 0 on success, non-zero on failure. */ +static int run_ocsp_responder_test_case(const char* serverCert, + const char* serverKey, + int expectPass) +{ + func_args respArgs; + func_args svrArgs; + func_args cliArgs; + THREAD_TYPE respThread; + THREAD_TYPE svrThread; + tcp_ready respReady; + tcp_ready svrReady; + /* Buffers for runtime-built argv entries */ + char ocspUrl[64]; + char svrPortStr[8]; + /* argv arrays (non-const so they can be assigned to char**) */ + char* respArgv[12]; + char* svrArgv[15]; + char* cliArgv[12]; + int ret = -1; + + /* OCSP responder argv */ + respArgv[0] = (char*)"ocsp_responder"; + respArgv[1] = (char*)"-p"; respArgv[2] = (char*)"0"; + respArgv[3] = (char*)"-n"; respArgv[4] = (char*)"1"; + respArgv[5] = (char*)"-c"; + respArgv[6] = (char*)"certs/ocsp/intermediate1-ca-cert.pem"; + respArgv[7] = (char*)"-k"; + respArgv[8] = (char*)"certs/ocsp/intermediate1-ca-key.pem"; + respArgv[9] = (char*)"-i"; + respArgv[10] = (char*)"certs/ocsp/index-intermediate1-ca-issued-certs.txt"; + respArgv[11] = NULL; + + XMEMSET(&respArgs, 0, sizeof(respArgs)); + InitTcpReady(&respReady); + respArgs.signal = &respReady; + respArgs.argc = 11; + respArgs.argv = respArgv; + start_thread(ocsp_responder_test, &respArgs, &respThread); + wait_tcp_ready(&respArgs); + + /* Build OCSP URL override pointing at the dynamic responder port */ + (void)XSNPRINTF(ocspUrl, sizeof(ocspUrl), + "http://127.0.0.1:%d", (int)respReady.port); + + /* TLS server argv */ + svrArgv[0] = (char*)"testsuite"; + svrArgv[1] = (char*)"-c"; svrArgv[2] = (char*)serverCert; + svrArgv[3] = (char*)"-k"; svrArgv[4] = (char*)serverKey; + svrArgv[5] = (char*)"-d"; /* no client cert required */ + svrArgv[6] = (char*)"-x"; /* runWithErrors: don't exit on SSL_accept fail */ + svrArgv[7] = (char*)"-C"; svrArgv[8] = (char*)"1"; /* one connection */ + svrArgv[9] = (char*)"-O"; svrArgv[10] = ocspUrl; /* OCSP override */ + svrArgv[11] = (char*)"--quieter"; + svrArgv[12] = (char*)"-p"; svrArgv[13] = (char*)"0"; + svrArgv[14] = NULL; + + XMEMSET(&svrArgs, 0, sizeof(svrArgs)); + InitTcpReady(&svrReady); + svrArgs.signal = &svrReady; + svrArgs.argc = 14; + svrArgs.argv = svrArgv; + start_thread(server_test, &svrArgs, &svrThread); + wait_tcp_ready(&svrArgs); + + /* Build server port string now that it is bound */ + (void)XSNPRINTF(svrPortStr, sizeof(svrPortStr), "%d", + (int)svrArgs.signal->port); + + /* TLS client argv */ + cliArgv[0] = (char*)"testsuite"; + cliArgv[1] = (char*)"-A"; + cliArgv[2] = (char*)"certs/ocsp/root-ca-cert.pem"; + cliArgv[3] = (char*)"-C"; /* disable CRL */ + cliArgv[4] = (char*)"-W"; cliArgv[5] = (char*)"1"; /* OCSP stapling */ + cliArgv[6] = (char*)"-H"; cliArgv[7] = (char*)"exitWithRet"; + cliArgv[8] = (char*)"--quieter"; + cliArgv[9] = (char*)"-p"; cliArgv[10] = svrPortStr; + cliArgv[11] = NULL; + + XMEMSET(&cliArgs, 0, sizeof(cliArgs)); + cliArgs.signal = &svrReady; + cliArgs.argc = 11; + cliArgs.argv = cliArgv; + client_test(&cliArgs); + + join_thread(svrThread); + join_thread(respThread); + FreeTcpReady(&svrReady); + FreeTcpReady(&respReady); + + if (expectPass) { + if (cliArgs.return_code != 0) { + fprintf(stderr, "OCSP stapling test: expected success, " + "client returned %d\n", cliArgs.return_code); + } + else { + ret = 0; + } + } + else { + if (cliArgs.return_code == 0) { + fprintf(stderr, "OCSP stapling test: expected failure " + "(revoked cert), but client returned 0\n"); + } + else { + ret = 0; + } + } + + return ret; +} + +/* Test the OCSP responder example together with TLS OCSP stapling. + * + * Case 1: server cert is valid -> client handshake must succeed. + * Case 2: server cert is revoked -> client handshake must fail. + */ +static int test_ocsp_responder(void) +{ + int ret; + + printf("\nRunning OCSP responder test\n"); + + /* Test 1: valid certificate - connection should succeed */ + ret = run_ocsp_responder_test_case("certs/ocsp/server1-cert.pem", + "certs/ocsp/server1-key.pem", 1); + if (ret != 0) { + fprintf(stderr, "OCSP responder test (good cert) failed\n"); + return ret; + } + + /* Test 2: revoked certificate - connection should be rejected */ + ret = run_ocsp_responder_test_case("certs/ocsp/server2-cert.pem", + "certs/ocsp/server2-key.pem", 0); + if (ret != 0) { + fprintf(stderr, "OCSP responder test (revoked cert) failed\n"); + return ret; + } + + return 0; +} +#endif /* HAVE_OCSP && HAVE_OCSP_RESPONDER */ + +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_TLS) && \ (!defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)) /* Perform a basic TLS handshake. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/testsuite.vcproj mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.vcproj --- mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/testsuite.vcproj 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/testsuite.vcproj 2026-05-24 09:58:33.000000000 +0000 @@ -189,6 +189,9 @@ + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/utils.c mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/utils.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* utils.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/utils.h mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/testsuite/utils.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/testsuite/utils.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* utils.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* benchmark.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -69,9 +69,7 @@ /* Macro to disable benchmark */ #ifndef NO_CRYPT_BENCHMARK -#ifdef WOLFSSL_ASYNC_CRYPT - #define WOLFSSL_SMALL_STACK -#endif +#undef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() do { printf("out of memory at benchmark.c L %d\n", __LINE__); ret = MEMORY_E; goto exit; } while (0) #include @@ -195,6 +193,9 @@ #include #endif #endif +#if defined(WOLFSSL_HAVE_SLHDSA) + #include +#endif #ifdef WOLFCRYPT_HAVE_ECCSI #include #endif @@ -327,17 +328,18 @@ static WC_INLINE void bench_stack_checkpoint_prepare(void) { (void)StackSizeHWMReset(); + bench_last_stack_bytes = (long)StackSizeHWM_OffsetCorrected(); } static WC_INLINE long bench_stack_checkpoint_measure(void) { long used = (long)StackSizeHWM_OffsetCorrected(); + + used -= bench_last_stack_bytes; if (used < 0) used = 0; (void)StackSizeHWMReset(); -#ifdef WC_BENCH_STACK_TRACKING bench_last_stack_bytes = used; -#endif return used; } #else @@ -968,6 +970,18 @@ #else #define BENCH_XMSS_XMSSMT 0x00000000 #endif +#define BENCH_SLHDSA_SHAKE128S 0x00000020 +#define BENCH_SLHDSA_SHAKE128F 0x00000040 +#define BENCH_SLHDSA_SHAKE192S 0x00000080 +#define BENCH_SLHDSA_SHAKE192F 0x00000100 +#define BENCH_SLHDSA_SHAKE256S 0x00000200 +#define BENCH_SLHDSA_SHAKE256F 0x00000400 +#define BENCH_SLHDSA (BENCH_SLHDSA_SHAKE128S | \ + BENCH_SLHDSA_SHAKE128F | \ + BENCH_SLHDSA_SHAKE192S | \ + BENCH_SLHDSA_SHAKE192F | \ + BENCH_SLHDSA_SHAKE256S | \ + BENCH_SLHDSA_SHAKE256F) /* Other */ #define BENCH_RNG 0x00000001 @@ -990,7 +1004,8 @@ #endif #if (defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)) || \ - (defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)) + (defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)) || \ + defined(WOLFSSL_HAVE_SLHDSA) #define BENCH_PQ_STATEFUL_HBS #endif @@ -1041,7 +1056,7 @@ #ifdef HAVE_AESGCM { "-aes-gmac", BENCH_AES_GMAC }, #endif -#ifdef WOLFSSL_AES_DIRECT +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) { "-aes-ecb", BENCH_AES_ECB }, #endif #ifdef WOLFSSL_AES_XTS @@ -1153,7 +1168,7 @@ #ifdef WOLFSSL_RIPEMD { "-ripemd", BENCH_RIPEMD }, #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B { "-blake2b", BENCH_BLAKE2B }, #endif #ifdef HAVE_BLAKE2S @@ -1319,11 +1334,20 @@ { "-xmss_xmssmt_shake256", BENCH_XMSS_XMSSMT_SHAKE256}, #endif #endif +#if defined(WOLFSSL_HAVE_SLHDSA) + { "-slhdsa-shake128s", BENCH_SLHDSA_SHAKE128S}, + { "-slhdsa-shake128f", BENCH_SLHDSA_SHAKE128F}, + { "-slhdsa-shake192s", BENCH_SLHDSA_SHAKE192S}, + { "-slhdsa-shake192f", BENCH_SLHDSA_SHAKE192F}, + { "-slhdsa-shake256s", BENCH_SLHDSA_SHAKE256S}, + { "-slhdsa-shake256f", BENCH_SLHDSA_SHAKE256F}, + { "-slhdsa", BENCH_SLHDSA }, +#endif { NULL, 0} }; #endif /* BENCH_PQ_STATEFUL_HBS */ -#ifndef WOLFSSL_BENCHMARK_ALL +#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(MAIN_NO_ARGS) #if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \ defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) /* The post-quantum-specific mapping of command line option to bit values and @@ -1494,12 +1518,13 @@ #endif }; -#if !defined(NO_RSA) || \ - defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ - defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ - defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) +#if ((!defined(NO_RSA) || \ + defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ + defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ + defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM)) && !defined(WC_NO_RNG)) || \ + defined(WOLFSSL_HAVE_MLKEM) static const char* bench_desc_words[][15] = { /* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 */ @@ -1989,7 +2014,7 @@ #include #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) #include #endif @@ -2034,11 +2059,11 @@ #endif #if defined(BENCH_ASYM) -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ - defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ - defined(WOLFSSL_HAVE_LMS) +#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \ + !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM) static const char* bench_result_words2[][6] = { #ifdef BENCH_MICROSECOND { "ops took", "μsec" , "avg" , "ops/μsec", "cycles/op", @@ -2228,7 +2253,7 @@ /* maximum runtime for each benchmark */ #ifndef BENCH_MIN_RUNTIME_SEC - #define BENCH_MIN_RUNTIME_SEC 1.0F + #define BENCH_MIN_RUNTIME_SEC (double)1.0F #endif #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ @@ -2288,7 +2313,7 @@ #warning Large/Unalligned AuthSz could result in errors with /dev/crypto #endif -/* use kB instead of mB for embedded benchmarking */ +/* use kB instead of MB for embedded benchmarking */ #ifdef BENCH_EMBEDDED #ifndef BENCH_NTIMES #define BENCH_NTIMES 2 @@ -2327,8 +2352,12 @@ static word32 bench_size = BENCH_SIZE; static int base2 = 1; static int digest_stream = 1; +#ifndef NO_HMAC static int mac_stream = 1; +#endif +#ifdef HAVE_AESGCM static int aead_set_key = 0; +#endif #ifdef HAVE_CHACHA static int encrypt_only = 0; #endif @@ -2686,9 +2715,9 @@ #endif } -#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS +#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) #define bench_stats_start(count, start) do { \ - SAVE_VECTOR_REGISTERS(pr_err( \ + SAVE_VECTOR_REGISTERS(WOLFSSL_DEBUG_PRINTF( \ "ERROR: SAVE_VECTOR_REGISTERS failed for benchmark run."); \ return; ); \ bench_stats_start(count, start); \ @@ -3014,8 +3043,7 @@ #ifdef WC_BENCH_STACK_TRACKING { long stackUsed = bench_stack_checkpoint_measure(); - stackUsed += bench_stats_stack_setup_bytes; - bench_last_stack_bytes = stackUsed; + bench_last_stack_bytes = MAX(stackUsed, bench_stats_stack_setup_bytes); } bench_stats_stack_setup_bytes = 0; #else @@ -3164,7 +3192,7 @@ (void)useDeviceID; (void)ret; -#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS +#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) RESTORE_VECTOR_REGISTERS(); #elif defined(WOLFSSL_LINUXKM) kernel_fpu_end(); @@ -3175,11 +3203,11 @@ } /* bench_stats_sym_finish */ #ifdef BENCH_ASYM -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ - defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ - defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ - defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ - defined(WOLFSSL_HAVE_LMS) +#if ((defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(HAVE_DILITHIUM) || defined(WOLFSSL_HAVE_LMS)) && \ + !defined(WC_NO_RNG)) || defined(WOLFSSL_HAVE_MLKEM) static void bench_stats_asym_finish_ex(const char* algo, int strength, const char* desc, const char* desc_extra, int useDeviceID, int count, double start, int ret) @@ -3254,8 +3282,7 @@ #ifdef WC_BENCH_STACK_TRACKING { long stackUsed = bench_stack_checkpoint_measure(); - stackUsed += bench_stats_stack_setup_bytes; - bench_last_stack_bytes = stackUsed; + bench_last_stack_bytes = MAX(stackUsed, bench_stats_stack_setup_bytes); } bench_stats_stack_setup_bytes = 0; #else @@ -3562,7 +3589,7 @@ (void)useDeviceID; (void)ret; -#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS +#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) RESTORE_VECTOR_REGISTERS(); #elif defined(WOLFSSL_LINUXKM) kernel_fpu_end(); @@ -3847,7 +3874,7 @@ #endif } #endif -#ifdef HAVE_AES_ECB +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) if (bench_all || (bench_cipher_algs & BENCH_AES_ECB)) { #ifndef NO_SW_BENCH bench_aesecb(0); @@ -4106,7 +4133,7 @@ if (bench_all || (bench_digest_algs & BENCH_RIPEMD)) bench_ripemd(); #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B if (bench_all || (bench_digest_algs & BENCH_BLAKE2B)) bench_blake2b(); #endif @@ -4338,6 +4365,42 @@ #endif #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */ +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) + if (bench_all) { + bench_pq_hash_sig_algs |= BENCH_SLHDSA; + } +#ifdef WOLFSSL_SLHDSA_PARAM_128S + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE128S) { + bench_slhdsa(SLHDSA_SHAKE128S); + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_128F + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE128F) { + bench_slhdsa(SLHDSA_SHAKE128F); + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192S + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE192S) { + bench_slhdsa(SLHDSA_SHAKE192S); + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192F + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE192F) { + bench_slhdsa(SLHDSA_SHAKE192F); + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256S + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE256S) { + bench_slhdsa(SLHDSA_SHAKE256S); + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256F + if (bench_pq_hash_sig_algs & BENCH_SLHDSA_SHAKE256F) { + bench_slhdsa(SLHDSA_SHAKE256F); + } +#endif +#endif + #if defined(HAVE_ECC) && !defined(WC_NO_RNG) if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) || (bench_asym_algs & BENCH_ECC) || @@ -4428,10 +4491,22 @@ #endif #ifdef HAVE_ED25519 - if (bench_all || (bench_asym_algs & BENCH_ED25519_KEYGEN)) - bench_ed25519KeyGen(); - if (bench_all || (bench_asym_algs & BENCH_ED25519_SIGN)) - bench_ed25519KeySign(); + if (bench_all || (bench_asym_algs & BENCH_ED25519_KEYGEN)) { + #ifndef NO_SW_BENCH + bench_ed25519KeyGen(0); + #endif + #ifdef BENCH_DEVID + bench_ed25519KeyGen(1); + #endif + } + if (bench_all || (bench_asym_algs & BENCH_ED25519_SIGN)) { + #ifndef NO_SW_BENCH + bench_ed25519KeySign(0); + #endif + #ifdef BENCH_DEVID + bench_ed25519KeySign(1); + #endif + } #endif #ifdef HAVE_CURVE448 @@ -4494,7 +4569,7 @@ if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN)) bench_falconKeySign(5); #endif -#ifdef HAVE_DILITHIUM +#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG) #ifndef WOLFSSL_NO_ML_DSA_44 if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN)) bench_dilithiumKeySign(2); @@ -5607,7 +5682,7 @@ #endif /* HAVE_AESGCM */ -#ifdef HAVE_AES_ECB +#if defined(HAVE_AES_ECB) || (defined(HAVE_FIPS) && defined(WOLFSSL_AES_DIRECT)) static void bench_aesecb_internal(int useDeviceID, const byte* key, word32 keySz, const char* encLabel, const char* decLabel) @@ -5776,7 +5851,7 @@ "AES-256-ECB-enc", "AES-256-ECB-dec"); #endif } -#endif /* HAVE_AES_ECB */ +#endif /* HAVE_AES_ECB || (HAVE_FIPS && WOLFSSL_AES_DIRECT) */ #ifdef WOLFSSL_AES_CFB static void bench_aescfb_internal(const byte* key, @@ -8776,7 +8851,7 @@ #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B void bench_blake2b(void) { Blake2b b2b; @@ -9080,6 +9155,10 @@ #ifdef HAVE_SCRYPT +#ifdef WOLFSSL_KERNEL_MODE + #error wc_scrypt benchmarking with cost 14 is not kernel-compatible (requires 16 MB contiguous allocation) +#endif + void bench_scrypt(void) { byte derived[64]; @@ -9566,7 +9645,7 @@ } #endif -#ifndef NO_RSA +#if !defined(NO_RSA) && !defined(WC_NO_RNG) #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) @@ -10208,7 +10287,7 @@ } } #endif /* WOLFSSL_KEY_GEN */ -#endif /* !NO_RSA */ +#endif /* !NO_RSA && !WC_NO_RNG */ #if !defined(NO_DH) && !defined(WC_NO_RNG) @@ -10557,35 +10636,39 @@ int ret = 0, times, count, pending = 0; double start; const char**desc = bench_desc_words[lng_index]; - byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; - byte ss[WC_ML_KEM_SS_SZ]; - byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + WC_DECLARE_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT); + WC_DECLARE_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT); + WC_DECLARE_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT); word32 pubLen; word32 ctSz; DECLARE_MULTI_VALUE_STATS_VARS() bench_stats_prepare(); + WC_ALLOC_VAR(ct, byte, WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT); + WC_ALLOC_VAR(ss, byte, WC_ML_KEM_SS_SZ, HEAP_HINT); + WC_ALLOC_VAR(pub, byte, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT); + ret = wc_KyberKey_PublicKeySize(key1, &pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen); if (ret != 0) { - return; + goto exit; } ret = wc_KyberKey_CipherTextSize(key2, &ctSz); if (ret != 0) { - return; + goto exit; } #ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE @@ -10644,7 +10727,19 @@ #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif + #endif + +exit: + + WC_FREE_VAR(ct, HEAP_HINT); + WC_FREE_VAR(ss, HEAP_HINT); + WC_FREE_VAR(pub, HEAP_HINT); + + if (ret != 0) + printf("error: bench_mlkem_encap() failed with code %d.\n", ret); + + return; } #endif @@ -11931,6 +12026,129 @@ } #endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */ +#if defined(WOLFSSL_HAVE_SLHDSA) && !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) +void bench_slhdsa(enum SlhDsaParam param) +{ + int ret = 0, count = 0; + double start = 0; + WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT); + WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT); + WC_DECLARE_VAR(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT); + word32 sigLen; + byte pk[2 * 32]; + word32 outLen; + static const byte msg[] = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, + 0x72, 0x6c, 0x64, 0x21 + }; + byte ctx[1]; + char name[30]; + int len; + + WC_ALLOC_VAR_EX(key_vfy, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, goto exit); + XMEMSET(key_vfy, 0, sizeof(*key_vfy)); + + WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, goto exit); + XMEMSET(key, 0, sizeof(*key)); + + WC_ALLOC_VAR_EX(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, goto exit); + + ret = wc_SlhDsaKey_Init(key, param, NULL, INVALID_DEVID); + if (ret != 0) { + goto exit; + } + + len = wc_SlhDsaKey_PublicSize(key) / 2 * 8; + XMEMCPY(name, "SLH-DSA-S", 10); + if ((param & 1) == 1) { + name[8] = 'F'; + } + + bench_stats_start(&count, &start); + do { + ret = wc_SlhDsaKey_MakeKey(key, &gRng); + if (ret != 0) { + goto exit; + } + count++; + RECORD_MULTI_VALUE_STATS(); + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + bench_stats_asym_finish(name, len, "gen", 0, count, start, ret); + + bench_stats_start(&count, &start); + do { + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ret = wc_SlhDsaKey_Sign(key, ctx, 0, msg, (word32)sizeof(msg), + sig, &sigLen, &gRng); + if (ret != 0) { + goto exit; + } + count++; + RECORD_MULTI_VALUE_STATS(); + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + bench_stats_asym_finish(name, len, "sign", 0, count, start, ret); + + outLen = (word32)sizeof(pk); + ret = wc_SlhDsaKey_ExportPublic(key, pk, &outLen); + if (ret != 0) { + goto exit; + } + + ret = wc_SlhDsaKey_Init(key_vfy, param, NULL, INVALID_DEVID); + if (ret != 0) { + goto exit; + } + ret = wc_SlhDsaKey_ImportPublic(key_vfy, pk, outLen); + if (ret != 0) { + goto exit; + } + bench_stats_start(&count, &start); + do { + ret = wc_SlhDsaKey_Verify(key_vfy, ctx, 0, msg, (word32)sizeof(msg), + sig, sigLen); + if (ret != 0) { + goto exit; + } + count++; + RECORD_MULTI_VALUE_STATS(); + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + bench_stats_asym_finish(name, len, "verify", 0, count, start, ret); + +exit: +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key_vfy) +#endif + { + wc_SlhDsaKey_Free(key_vfy); + } +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key) +#endif + { + wc_SlhDsaKey_Free(key); + } + + WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +} +#endif + #if defined(HAVE_ECC) && !defined(WC_NO_RNG) /* Maximum ECC name plus null terminator: @@ -12043,6 +12261,7 @@ int ret = 0, i, times, count, pending = 0; int deviceID; int keySize; + int dgstSize; char name[BENCH_ECC_NAME_SZ]; WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, sizeof(ecc_key), HEAP_HINT); @@ -12071,7 +12290,7 @@ WC_DECLARE_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); WC_DECLARE_ARRAY(digest, byte, - BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); + BENCH_MAX_PENDING, WC_MAX_DIGEST_SIZE, HEAP_HINT); #endif bench_stats_prepare(); @@ -12102,6 +12321,29 @@ deviceID = useDeviceID ? devId : INVALID_DEVID; keySize = wc_ecc_get_curve_size_from_id(curveId); + if (keySize < 28) { + /* SHA-1 */ + dgstSize = 20; + } + else if (keySize < 32) { + /* SHA-224/SHA512-224/SHA3-224 */ + dgstSize = 28; + } + else if (keySize < 48) { + /* SHA-256/SHA512-256/SHA3-256 */ + dgstSize = 32; + } + else if (keySize < 64) { + /* SHA-384/SHA3-384 */ + dgstSize = 48; + } + else { + /* SHA-512/SHA3-512 */ + dgstSize = 64; + } + if (dgstSize > WC_MAX_DIGEST_SIZE) { + dgstSize = WC_MAX_DIGEST_SIZE; + } /* init keys */ for (i = 0; i < BENCH_MAX_PENDING; i++) { @@ -12190,7 +12432,7 @@ /* Init digest to sign */ for (i = 0; i < BENCH_MAX_PENDING; i++) { - for (count = 0; count < keySize; count++) { + for (count = 0; count < dgstSize; count++) { digest[i][count] = (byte)count; } } @@ -12210,7 +12452,7 @@ x[i] = ECC_MAX_SIG_SIZE; } - ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i], + ret = wc_ecc_sign_hash(digest[i], (word32)dgstSize, sig[i], &x[i], GLOBAL_RNG, genKey[i]); if (!bench_async_handle(&ret, @@ -12262,7 +12504,7 @@ } ret = wc_ecc_verify_hash(sig[i], x[i], digest[i], - (word32)keySize, &verify[i], + (word32)dgstSize, &verify[i], genKey[i]); if (!bench_async_handle(&ret, @@ -12958,12 +13200,15 @@ #endif /* HAVE_CURVE25519 */ #ifdef HAVE_ED25519 -void bench_ed25519KeyGen(void) +void bench_ed25519KeyGen(int useDeviceID) { +#ifndef HAVE_ED25519_MAKE_KEY + (void)useDeviceID; +#endif #ifdef HAVE_ED25519_MAKE_KEY ed25519_key genKey; double start; - int i, count; + int ret = 0, i, count; const char**desc = bench_desc_words[lng_index]; DECLARE_MULTI_VALUE_STATS_VARS() @@ -12973,9 +13218,19 @@ bench_stats_start(&count, &start); do { for (i = 0; i < genTimes; i++) { - wc_ed25519_init(&genKey); - (void)wc_ed25519_make_key(&gRng, 32, &genKey); + ret = wc_ed25519_init_ex(&genKey, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("wc_ed25519_init_ex failed: %d\n", ret); + break; + } + + ret = wc_ed25519_make_key(&gRng, 32, &genKey); wc_ed25519_free(&genKey); + if (ret != 0) { + printf("wc_ed25519_make_key failed: %d\n", ret); + break; + } RECORD_MULTI_VALUE_STATS(); } count += i; @@ -12985,7 +13240,8 @@ #endif ); - bench_stats_asym_finish("ED", 25519, desc[2], 0, count, start, 0); + bench_stats_asym_finish("ED", 25519, desc[2], useDeviceID, count, start, + ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif @@ -12993,11 +13249,9 @@ } -void bench_ed25519KeySign(void) +void bench_ed25519KeySign(int useDeviceID) { -#ifdef HAVE_ED25519_MAKE_KEY - int ret; -#endif + int ret = 0; ed25519_key genKey; #ifdef HAVE_ED25519_SIGN double start; @@ -13011,7 +13265,12 @@ bench_stats_prepare(); - wc_ed25519_init(&genKey); + ret = wc_ed25519_init_ex(&genKey, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("wc_ed25519_init_ex failed: %d\n", ret); + return; + } #ifdef HAVE_ED25519_MAKE_KEY ret = wc_ed25519_make_key(&gRng, ED25519_KEY_SIZE, &genKey); @@ -13045,7 +13304,8 @@ ); exit_ed_sign: - bench_stats_asym_finish("ED", 25519, desc[4], 0, count, start, ret); + bench_stats_asym_finish("ED", 25519, desc[4], useDeviceID, count, start, + ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif @@ -13073,7 +13333,8 @@ ); exit_ed_verify: - bench_stats_asym_finish("ED", 25519, desc[5], 0, count, start, ret); + bench_stats_asym_finish("ED", 25519, desc[5], useDeviceID, count, start, + ret); #ifdef MULTI_VALUE_STATISTICS bench_multi_value_stats(max, min, sum, squareSum, runs); #endif @@ -14070,7 +14331,7 @@ } #endif /* HAVE_FALCON */ -#ifdef HAVE_DILITHIUM +#if defined(HAVE_DILITHIUM) && !defined(WC_NO_RNG) #if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) @@ -15218,9 +15479,9 @@ } #endif - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, HEAP_HINT, devId); if (ret != 0) { - printf("wc_dilithium_init failed %d\n", ret); + printf("wc_dilithium_init_ex failed %d\n", ret); goto out; } @@ -15298,10 +15559,10 @@ do { for (i = 0; i < agreeTimes; i++) { if (ret == 0) { - ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, - GLOBAL_RNG); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, + DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, GLOBAL_RNG); if (ret != 0) { - printf("wc_dilithium_sign_msg failed\n"); + printf("wc_dilithium_sign_ctx_msg failed\n"); } } RECORD_MULTI_VALUE_STATS(); @@ -15372,11 +15633,11 @@ for (i = 0; i < agreeTimes; i++) { if (ret == 0) { int verify = 0; - ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE, - &verify, key); + ret = wc_dilithium_verify_ctx_msg(sig, x, NULL, 0, msg, + DILITHIUM_BENCH_MSG_SIZE, &verify, key); if (ret != 0 || verify != 1) { - printf("wc_dilithium_verify_msg failed %d, verify %d\n", + printf("wc_dilithium_verify_ctx_msg failed %d, verify %d\n", ret, verify); ret = -1; } @@ -15416,7 +15677,7 @@ #endif #endif } -#endif /* HAVE_DILITHIUM */ +#endif /* HAVE_DILITHIUM && !WC_NO_RNG */ #ifdef HAVE_SPHINCS void bench_sphincsKeySign(byte level, byte optim) @@ -15862,7 +16123,11 @@ int64_t t; (void)reset; #if defined(CONFIG_ARCH_POSIX) - k_cpu_idle(); + #if defined(CONFIG_BOARD_NATIVE_SIM) + k_msleep(1); + #else + k_cpu_idle(); + #endif #endif t = k_uptime_get(); /* returns current uptime in milliseconds */ return (double)(t / 1000); @@ -15987,6 +16252,20 @@ return (double)ns / 1000000000.0; } +#elif defined(WOLFSSL_BSDKM) + + #include + double current_time(int reset) + { + (void)reset; + struct timespec ts; + int64_t result = 0; + + getnanouptime(&ts); + result = (int64_t) ts.tv_sec + (int64_t) ts.tv_nsec / NANOSECOND; + return (double)result; + } + #elif defined(WOLFSSL_GAISLER_BCC) #include @@ -16143,8 +16422,16 @@ e += 3; #endif printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -dgst_full */ +#ifndef NO_HMAC printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -mac_final */ +#else + e++; +#endif +#ifdef HAVE_AESGCM printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -aead_set_key */ +#else + e++; +#endif #ifndef NO_RSA printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -rsa_sign */ #ifdef WOLFSSL_KEY_GEN @@ -16351,10 +16638,14 @@ #endif else if (string_matches(argv[1], "-dgst_full")) digest_stream = 0; +#ifndef NO_HMAC else if (string_matches(argv[1], "-mac_final")) mac_stream = 0; +#endif +#ifdef HAVE_AESGCM else if (string_matches(argv[1], "-aead_set_key")) aead_set_key = 1; +#endif #ifdef HAVE_CHACHA else if (string_matches(argv[1], "-enc_only")) encrypt_only = 1; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/benchmark/benchmark.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcrypt/benchmark/benchmark.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -105,6 +105,9 @@ void bench_mlkem(int type); void bench_lms(void); void bench_xmss(int hash); +#ifdef WOLFSSL_HAVE_SLHDSA +void bench_slhdsa(enum SlhDsaParam param); +#endif void bench_ecc_curve(int curveId); void bench_eccMakeKey(int useDeviceID, int curveId); void bench_ecc(int useDeviceID, int curveId); @@ -112,8 +115,8 @@ void bench_sm2(int useDeviceID); void bench_curve25519KeyGen(int useDeviceID); void bench_curve25519KeyAgree(int useDeviceID); -void bench_ed25519KeyGen(void); -void bench_ed25519KeySign(void); +void bench_ed25519KeyGen(int useDeviceID); +void bench_ed25519KeySign(int useDeviceID); void bench_curve448KeyGen(void); void bench_curve448KeyAgree(void); void bench_ed448KeyGen(void); @@ -144,4 +147,3 @@ #endif /* WOLFCRYPT_BENCHMARK_H */ - diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,87 @@ */ +/* + * AES Build Options: + * + * Core: + * NO_AES: Disable AES support entirely default: off + * WOLFSSL_AES_128: Enable AES-128 key size default: on + * WOLFSSL_AES_192: Enable AES-192 key size default: on + * WOLFSSL_AES_256: Enable AES-256 key size default: on + * AES_MAX_KEY_SIZE: Maximum AES key size in bits default: 256 + * + * Cipher Modes: + * HAVE_AES_CBC: Enable AES-CBC mode default: on + * HAVE_AES_ECB: Enable AES-ECB mode default: off + * HAVE_AES_DECRYPT: Enable AES decryption default: on + * WOLFSSL_AES_COUNTER: Enable AES-CTR mode default: off + * WOLFSSL_AES_CFB: Enable AES-CFB mode default: off + * WOLFSSL_NO_AES_CFB_1_8: Disable AES-CFB-1 and AES-CFB-8 default: off + * WOLFSSL_AES_OFB: Enable AES-OFB mode default: off + * WOLFSSL_AES_DIRECT: Enable direct AES encrypt/decrypt API default: off + * WOLFSSL_AES_XTS: Enable AES-XTS mode default: off + * WOLFSSL_AES_CTS: Enable AES-CTS (ciphertext stealing) default: off + * WOLFSSL_AES_SIV: Enable AES-SIV (synthetic IV) mode default: off + * WOLFSSL_AES_EAX: Enable AES-EAX AEAD mode default: off + * WOLFSSL_CMAC: Enable AES-CMAC (RFC 4493) default: off + * HAVE_AESCCM: Enable AES-CCM mode default: off + * HAVE_AES_KEYWRAP: Enable AES key wrap (RFC 3394) default: off + * WOLFSSL_AES_CBC_LENGTH_CHECKS: Validate CBC input length default: off + * + * AES-GCM: + * HAVE_AESGCM: Enable AES-GCM mode default: off + * HAVE_AESGCM_DECRYPT: Enable AES-GCM decryption default: on + * (when HAVE_AESGCM is enabled) + * WOLFSSL_AESGCM_STREAM: Enable streaming AES-GCM API default: off + * WC_AES_GCM_DEC_AUTH_EARLY: Authenticate tag before decryption default: off + * GCM_SMALL: Small GCM table, saves memory default: off + * GCM_TABLE: Full 4-bit GCM lookup table, faster default: off + * GCM_TABLE_4BIT: Explicit 4-bit GCM table mode default: off + * GCM_WORD32: Use 32-bit word GCM implementation default: off + * GCM_GMULT_LEN: GCM GMULT length optimization default: off + * + * AES-XTS Stream: + * WOLFSSL_AESXTS_STREAM: Enable streaming AES-XTS API default: off + * WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING: + * Disable XTS stream request accounting default: off + * WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS: + * Support both encrypt and decrypt keys default: off + * simultaneously in XTS context + * + * Performance / Side-Channel: + * WOLFSSL_AESNI: Enable Intel AES-NI instructions default: off + * WOLFSSL_AESNI_BY4: AES-NI 4-block parallel processing default: off + * WOLFSSL_AESNI_BY6: AES-NI 6-block parallel processing default: off + * USE_INTEL_SPEEDUP: Intel AVX/AVX2 for AES acceleration default: off + * WOLFSSL_AES_SMALL_TABLES: Use smaller AES S-box tables default: off + * WOLFSSL_AES_NO_UNROLL: Disable AES round loop unrolling default: off + * WOLFSSL_AES_TOUCH_LINES: Touch all cache lines for default: off + * side-channel resistance + * WC_AES_BITSLICED: Use bitsliced AES implementation default: off + * AES_GCM_GMULT_NCT: GCM GMULT non-constant-time default: off + * NO_WOLFSSL_ALLOC_ALIGN: Disable aligned memory allocation default: off + * + * Hardware Acceleration (AES-specific): + * WC_ASYNC_ENABLE_AES: Enable async AES operations default: off + * WOLFSSL_CRYPTOCELL_AES: CryptoCell AES acceleration default: off + * WOLFSSL_DEVCRYPTO_AES: /dev/crypto AES acceleration default: off + * WOLFSSL_DEVCRYPTO_CBC: /dev/crypto AES-CBC acceleration default: off + * WOLFSSL_KCAPI_AES: Linux kernel crypto API for AES default: off + * WOLFSSL_NO_KCAPI_AES_CBC: Disable KCAPI AES-CBC default: off + * WOLFSSL_NRF51_AES: nRF51 hardware AES default: off + * WOLFSSL_PSA_NO_AES: Disable PSA AES default: off + * WOLFSSL_SCE_NO_AES: Disable Renesas SCE AES default: off + * NO_IMX6_CAAM_AES: Disable i.MX6 CAAM AES default: off + * WOLFSSL_AFALG_XILINX_AES: AF_ALG Xilinx AES acceleration default: off + * NO_WOLFSSL_ESP32_CRYPT_AES: Disable ESP32 AES acceleration default: off + * STM32_CRYPTO_AES_ONLY: STM32 AES-only crypto mode default: off + * + * Debug: + * WC_DEBUG_CIPHER_LIFECYCLE: Debug cipher init/free lifecycle default: off + * WOLFSSL_HW_METRICS: Track hardware acceleration usage default: off + */ + #include #if !defined(NO_AES) @@ -70,9 +151,9 @@ #include #endif -#if defined(WOLFSSL_AES_SIV) +#ifdef WOLFSSL_CMAC #include -#endif /* WOLFSSL_AES_SIV */ +#endif #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) #include @@ -91,8 +172,18 @@ #if defined(WOLFSSL_TI_CRYPT) #include + + #define AesEncrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesEncryptDirect(aes, outBlock, inBlock) + #define AesDecrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesDecryptDirect(aes, outBlock, inBlock) #else + +#if defined(WOLFSSL_PSOC6_CRYPTO) + #include +#endif /* WOLFSSL_PSOC6_CRYPTO */ + #ifdef NO_INLINE #include #else @@ -495,72 +586,6 @@ } #endif -#elif defined(FREESCALE_MMCAU) - /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes - * through the CAU/mmCAU library. Documentation located in - * ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User - * Guide (See note in README). */ - #ifdef FREESCALE_MMCAU_CLASSIC - /* MMCAU 1.4 library used with non-KSDK / classic MQX builds */ - #include "cau_api.h" - #else - #include "fsl_mmcau.h" - #endif - - static WARN_UNUSED_RESULT int wc_AesEncrypt( - Aes* aes, const byte* inBlock, byte* outBlock) - { -#ifdef WC_DEBUG_CIPHER_LIFECYCLE - { - int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); - if (ret < 0) - return ret; - } -#endif - - if (wolfSSL_CryptHwMutexLock() == 0) { - #ifdef FREESCALE_MMCAU_CLASSIC - if ((wc_ptr_t)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { - WOLFSSL_MSG("Bad cau_aes_encrypt alignment"); - return BAD_ALIGN_E; - } - cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); - #else - MMCAU_AES_EncryptEcb(inBlock, (byte*)aes->key, aes->rounds, - outBlock); - #endif - wolfSSL_CryptHwMutexUnLock(); - } - return 0; - } - #ifdef HAVE_AES_DECRYPT - static WARN_UNUSED_RESULT int wc_AesDecrypt( - Aes* aes, const byte* inBlock, byte* outBlock) - { -#ifdef WC_DEBUG_CIPHER_LIFECYCLE - { - int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); - if (ret < 0) - return ret; - } -#endif - if (wolfSSL_CryptHwMutexLock() == 0) { - #ifdef FREESCALE_MMCAU_CLASSIC - if ((wc_ptr_t)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { - WOLFSSL_MSG("Bad cau_aes_decrypt alignment"); - return BAD_ALIGN_E; - } - cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); - #else - MMCAU_AES_DecryptEcb(inBlock, (byte*)aes->key, aes->rounds, - outBlock); - #endif - wolfSSL_CryptHwMutexUnLock(); - } - return 0; - } - #endif /* HAVE_AES_DECRYPT */ - #elif defined(WOLFSSL_PIC32MZ_CRYPT) #include @@ -867,54 +892,150 @@ } #endif /* HAVE_AES_DECRYPT */ -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - - #define NEED_AES_TABLES - - static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; - - static void Check_CPU_support_HwCrypto(Aes* aes) - { - cpuid_get_flags_ex(&cpuid_flags); - aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); - #ifdef HAVE_AESGCM - aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); - aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags); - #endif - } +#elif defined(WOLFSSL_ARMASM) +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +static void Check_CPU_support_HwCrypto(Aes* aes) +{ + cpuid_get_flags_ex(&cpuid_flags); + aes->use_aes_hw_crypto = IS_AARCH64_AES(cpuid_flags); +#ifdef HAVE_AESGCM + aes->use_pmull_hw_crypto = IS_AARCH64_PMULL(cpuid_flags); + aes->use_sha3_hw_crypto = IS_AARCH64_SHA3(cpuid_flags); +#endif +} +#endif /* __aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) +#if defined(WOLFSSL_AES_DIRECT) || defined(HAVE_AESCCM) || \ + defined(WOLFSSL_AESGCM_STREAM) static WARN_UNUSED_RESULT int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); #else - AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, - (int)aes->rounds); + if (aes->use_aes_hw_crypto) { + AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_encrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, + (int)aes->rounds); + } #endif + return 0; } #endif -#ifdef HAVE_AES_DECRYPT -#ifdef WOLFSSL_AES_DIRECT +#if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT) static WARN_UNUSED_RESULT int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); #else - AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, - (int)aes->rounds); + if (aes->use_aes_hw_crypto) { + AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_decrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (byte*)aes->key, (int)aes->rounds); + } +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, (byte*)aes->key, + (int)aes->rounds); + } #endif return 0; } +#endif /* HAVE_AES_DECRYPT && WOLFSSL_AES_DIRECT */ + +#elif defined(FREESCALE_MMCAU) + /* Freescale mmCAU hardware AES support for Direct, CBC, CCM, GCM modes + * through the CAU/mmCAU library. Documentation located in + * ColdFire/ColdFire+ CAU and Kinetis mmCAU Software Library User + * Guide (See note in README). */ + #ifdef FREESCALE_MMCAU_CLASSIC + /* MMCAU 1.4 library used with non-KSDK / classic MQX builds */ + #include "cau_api.h" + #else + #include "fsl_mmcau.h" + #endif + + static WARN_UNUSED_RESULT int wc_AesEncrypt( + Aes* aes, const byte* inBlock, byte* outBlock) + { +#ifdef WC_DEBUG_CIPHER_LIFECYCLE + { + int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); + if (ret < 0) + return ret; + } #endif + + if (wolfSSL_CryptHwMutexLock() == 0) { + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_aes_encrypt alignment"); + return BAD_ALIGN_E; + } + cau_aes_encrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); + #else + MMCAU_AES_EncryptEcb(inBlock, (byte*)aes->key, aes->rounds, + outBlock); + #endif + wolfSSL_CryptHwMutexUnLock(); + } + return 0; + } + #ifdef HAVE_AES_DECRYPT + static WARN_UNUSED_RESULT int wc_AesDecrypt( + Aes* aes, const byte* inBlock, byte* outBlock) + { +#ifdef WC_DEBUG_CIPHER_LIFECYCLE + { + int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); + if (ret < 0) + return ret; + } #endif + if (wolfSSL_CryptHwMutexLock() == 0) { + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)outBlock % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_aes_decrypt alignment"); + return BAD_ALIGN_E; + } + cau_aes_decrypt(inBlock, (byte*)aes->key, aes->rounds, outBlock); + #else + MMCAU_AES_DecryptEcb(inBlock, (byte*)aes->key, aes->rounds, + outBlock); + #endif + wolfSSL_CryptHwMutexUnLock(); + } + return 0; + } + #endif /* HAVE_AES_DECRYPT */ #elif (defined(WOLFSSL_IMX6_CAAM) && !defined(NO_IMX6_CAAM_AES) \ && !defined(WOLFSSL_QNX_CAAM)) || \ @@ -1118,6 +1239,24 @@ #elif defined(WOLFSSL_SILABS_SE_ACCEL) /* implemented in wolfcrypt/src/port/silabs/silabs_aes.c */ +#elif defined(WOLFSSL_PSOC6_CRYPTO) + + #if (defined(HAVE_AESGCM) || defined(WOLFSSL_AES_DIRECT)) + static WARN_UNUSED_RESULT int wc_AesEncrypt( + Aes* aes, const byte* inBlock, byte* outBlock) + { + return wc_Psoc6_Aes_Encrypt(aes, inBlock, outBlock); + } + #endif + + #if defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_DIRECT) + static WARN_UNUSED_RESULT int wc_AesDecrypt( + Aes* aes, const byte* inBlock, byte* outBlock) + { + return wc_Psoc6_Aes_Decrypt(aes, inBlock, outBlock); + } + + #endif #else /* using wolfCrypt software implementation */ @@ -1146,8 +1285,7 @@ #endif /* ESP32 */ #endif /* __aarch64__ || !WOLFSSL_ARMASM */ -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \ +#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) #ifndef WOLFSSL_AES_SMALL_TABLES static const FLASH_QUALIFIER word32 Te[4][256] = { @@ -1801,8 +1939,7 @@ #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) || defined(HAVE_AESGCM) -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) || defined(WOLFSSL_AES_DIRECT) || \ +#if !defined(WOLFSSL_ARMASM) || defined(WOLFSSL_AES_DIRECT) || \ defined(HAVE_AESCCM) @@ -1829,15 +1966,17 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTe(void) { #ifndef WOLFSSL_AES_TOUCH_LINES - word32 x = 0; - int i,j; + volatile word32 x = 0; + int i; + int j; for (i = 0; i < 4; i++) { /* 256 elements, each one is 4 bytes */ - for (j = 0; j < 256; j += WC_CACHE_LINE_SZ/4) { + for (j = 0; j < 256; j += WC_CACHE_LINE_SZ / 4) { x &= Te[i][j]; } } + return x; #else return 0; @@ -1848,12 +1987,13 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchSBox(void) { #ifndef WOLFSSL_AES_TOUCH_LINES - word32 x = 0; + volatile word32 x = 0; int i; for (i = 0; i < 256; i += WC_CACHE_LINE_SZ/4) { x &= Tsbox[i]; } + return x; #else return 0; @@ -2088,8 +2228,12 @@ * @param [out] outBlock Encrypted block. * @param [in] r Rounds divided by 2. */ +#define WC_AES_HAVE_PREFETCH_ARG +static int always_prefetch = 0; +WC_MAYBE_UNUSED static int never_prefetch = 1; +WC_ARGS_NOT_NULL((1, 2, 3, 5)) static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, - word32 r) + word32 r, int *prefetch_ptr) { word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0; word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0; @@ -2124,8 +2268,15 @@ s3 ^= rk[3]; #ifndef WOLFSSL_AES_SMALL_TABLES + #ifndef WC_NO_CACHE_RESISTANT - s0 |= PreFetchTe(); + if (*prefetch_ptr == 0) { + s0 |= PreFetchTe(); + if (prefetch_ptr != &always_prefetch) + *prefetch_ptr = 1; + } +#else + (void)prefetch_ptr; #endif #ifndef WOLFSSL_AES_TOUCH_LINES @@ -2266,9 +2417,17 @@ s2 ^= u2 & 0x000000ff; s3 ^= u3 & 0x000000ff; } #endif -#else + +#else /* WOLFSSL_AES_SMALL_TABLES */ + #ifndef WC_NO_CACHE_RESISTANT - s0 |= PreFetchSBox(); + if (*prefetch_ptr == 0) { + s0 |= PreFetchSBox(); + if (prefetch_ptr != &always_prefetch) + *prefetch_ptr = 1; + } +#else + (void)prefetch_ptr; #endif r *= 2; @@ -2345,7 +2504,8 @@ s1 = t1 ^ rk[1]; s2 = t2 ^ rk[2]; s3 = t3 ^ rk[3]; -#endif + +#endif /* WOLFSSL_AES_SMALL_TABLES */ /* write out */ #ifdef LITTLE_ENDIAN_ORDER @@ -2375,9 +2535,10 @@ static void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) { word32 i; + int did_prefetches = 0; for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { - AesEncrypt_C(aes, in, out, aes->rounds >> 1); + AesEncrypt_C(aes, in, out, aes->rounds >> 1, &did_prefetches); in += WC_AES_BLOCK_SIZE; out += WC_AES_BLOCK_SIZE; } @@ -2944,10 +3105,17 @@ #endif /* !WC_AES_BITSLICED */ -/* this section disabled with NO_AES_192 */ -/* calling this one when missing NO_AES_192 */ -static WARN_UNUSED_RESULT int wc_AesEncrypt( +#ifdef WC_AES_HAVE_PREFETCH_ARG +#define wc_AesEncrypt(aes, inBlock, outBlock) \ + AesEncrypt_preFetchOpt(aes, inBlock, outBlock, &always_prefetch) +WC_ALL_ARGS_NOT_NULL static WARN_UNUSED_RESULT int AesEncrypt_preFetchOpt( + Aes* aes, const byte* inBlock, byte* outBlock, int *prefetch_ptr) +#else +#define AesEncrypt_preFetchOpt(aes, inBlock, outBlock, prefetch_ptr) \ + wc_AesEncrypt(aes, inBlock, outBlock) +WC_ALL_ARGS_NOT_NULL static WARN_UNUSED_RESULT int wc_AesEncrypt( Aes* aes, const byte* inBlock, byte* outBlock) +#endif { #if defined(MAX3266X_AES) word32 keySize; @@ -3019,19 +3187,29 @@ printf("Skipping AES-NI\n"); #endif } -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(WOLFSSL_ARMASM) +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) + AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); +#else if (aes->use_aes_hw_crypto) { AES_encrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); - return 0; } -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - AES_encrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); -#else - AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_encrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } #endif return 0; #endif /* WOLFSSL_AESNI */ @@ -3089,7 +3267,11 @@ } #endif +#ifdef WC_AES_HAVE_PREFETCH_ARG + AesEncrypt_C(aes, inBlock, outBlock, r, prefetch_ptr); +#else AesEncrypt_C(aes, inBlock, outBlock, r); +#endif return 0; } /* wc_AesEncrypt */ @@ -3107,15 +3289,17 @@ /* load 4 Td Tables into cache by cache line stride */ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd(void) { - word32 x = 0; - int i,j; + volatile word32 x = 0; + int i; + int j; for (i = 0; i < 4; i++) { /* 256 elements, each one is 4 bytes */ - for (j = 0; j < 256; j += WC_CACHE_LINE_SZ/4) { + for (j = 0; j < 256; j += WC_CACHE_LINE_SZ / 4) { x &= Td[i][j]; } } + return x; } #endif /* !WOLFSSL_AES_SMALL_TABLES */ @@ -3124,12 +3308,13 @@ static WARN_UNUSED_RESULT WC_INLINE word32 PreFetchTd4(void) { #ifndef WOLFSSL_AES_TOUCH_LINES - word32 x = 0; + volatile word32 x = 0; int i; for (i = 0; i < 256; i += WC_CACHE_LINE_SZ) { x &= (word32)Td4[i]; } + return x; #else return 0; @@ -3144,8 +3329,14 @@ * @param [out] outBlock Encrypted block. * @param [in] r Rounds divided by 2. */ +#ifndef WC_AES_HAVE_PREFETCH_ARG + #define WC_AES_HAVE_PREFETCH_ARG + static int always_prefetch = 0; + WC_MAYBE_UNUSED static int never_prefetch = 1; +#endif +WC_ARGS_NOT_NULL((1, 2, 3, 5)) static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, - word32 r) + word32 r, int *prefetch_ptr) { word32 s0 = 0, s1 = 0, s2 = 0, s3 = 0; word32 t0 = 0, t1 = 0, t2 = 0, t3 = 0; @@ -3179,8 +3370,16 @@ s3 ^= rk[3]; #ifndef WOLFSSL_AES_SMALL_TABLES + #ifndef WC_NO_CACHE_RESISTANT - s0 |= PreFetchTd(); + if (*prefetch_ptr == 0) { + s0 |= PreFetchTd(); + /* don't set the prefetched flag here -- PreFetchTd4() is called + * below. + */ + } +#else + (void)prefetch_ptr; #endif #ifndef WOLFSSL_AES_TOUCH_LINES @@ -3263,7 +3462,13 @@ */ #ifndef WC_NO_CACHE_RESISTANT - t0 |= PreFetchTd4(); + if (*prefetch_ptr == 0) { + t0 |= PreFetchTd4(); + if (prefetch_ptr != &always_prefetch) + *prefetch_ptr = 1; + } +#else + (void)prefetch_ptr; #endif s0 = GetTable8_4(Td4, GETBYTE(t0, 3), GETBYTE(t3, 2), @@ -3274,9 +3479,17 @@ GETBYTE(t0, 1), GETBYTE(t3, 0)) ^ rk[2]; s3 = GetTable8_4(Td4, GETBYTE(t3, 3), GETBYTE(t2, 2), GETBYTE(t1, 1), GETBYTE(t0, 0)) ^ rk[3]; -#else + +#else /* WOLFSSL_AES_SMALL_TABLES */ + #ifndef WC_NO_CACHE_RESISTANT - s0 |= PreFetchTd4(); + if (*prefetch_ptr == 0) { + s0 |= PreFetchTd4(); + if (prefetch_ptr != &always_prefetch) + *prefetch_ptr = 1; + } +#else + (void)prefetch_ptr; #endif r *= 2; @@ -3352,7 +3565,8 @@ s1 = t1 ^ rk[1]; s2 = t2 ^ rk[2]; s3 = t3 ^ rk[3]; -#endif + +#endif /* WOLFSSL_AES_SMALL_TABLES */ /* write out */ #ifdef LITTLE_ENDIAN_ORDER @@ -3383,9 +3597,10 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) { word32 i; + int did_prefetches = 0; for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { - AesDecrypt_C(aes, in, out, aes->rounds >> 1); + AesDecrypt_C(aes, in, out, aes->rounds >> 1, &did_prefetches); in += WC_AES_BLOCK_SIZE; out += WC_AES_BLOCK_SIZE; } @@ -3741,8 +3956,18 @@ #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) #if !defined(WC_AES_BITSLICED) || defined(WOLFSSL_AES_DIRECT) /* Software AES - ECB Decrypt */ -static WARN_UNUSED_RESULT int wc_AesDecrypt( + +#ifdef WC_AES_HAVE_PREFETCH_ARG +#define wc_AesDecrypt(aes, inBlock, outBlock) \ + AesDecrypt_preFetchOpt(aes, inBlock, outBlock, &always_prefetch) +WC_ALL_ARGS_NOT_NULL static WARN_UNUSED_RESULT int AesDecrypt_preFetchOpt( + Aes* aes, const byte* inBlock, byte* outBlock, int *prefetch_ptr) +#else +#define AesDecrypt_preFetchOpt(aes, inBlock, outBlock, prefetch_ptr) \ + wc_AesDecrypt(aes, inBlock, outBlock) +WC_ALL_ARGS_NOT_NULL static WARN_UNUSED_RESULT int wc_AesDecrypt( Aes* aes, const byte* inBlock, byte* outBlock) +#endif { #if defined(MAX3266X_AES) word32 keySize; @@ -3792,19 +4017,29 @@ printf("Skipping AES-NI\n"); #endif } -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#elif defined(WOLFSSL_ARMASM) +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) + AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); +#else if (aes->use_aes_hw_crypto) { AES_decrypt_AARCH64(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); - return 0; } -#elif !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - AES_decrypt_AARCH32(inBlock, outBlock, (byte*)aes->key, (int)aes->rounds); -#else - AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_decrypt_NEON(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_decrypt(inBlock, outBlock, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } #endif return 0; #endif /* WOLFSSL_AESNI */ @@ -3858,7 +4093,11 @@ } #endif +#ifdef WC_AES_HAVE_PREFETCH_ARG + AesDecrypt_C(aes, inBlock, outBlock, r, prefetch_ptr); +#else AesDecrypt_C(aes, inBlock, outBlock, r); +#endif return 0; } /* wc_AesDecrypt[_SW]() */ @@ -3869,7 +4108,16 @@ #endif /* NEED_AES_TABLES */ - +#ifndef WC_AES_HAVE_PREFETCH_ARG + #ifndef AesEncrypt_preFetchOpt + #define AesEncrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesEncrypt(aes, inBlock, outBlock) + #endif + #ifndef AesDecrypt_preFetchOpt + #define AesDecrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesDecrypt(aes, inBlock, outBlock) + #endif +#endif /* wc_AesSetKey */ #if defined(STM32_CRYPTO) @@ -4030,97 +4278,13 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { - return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); - } - - - int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) - { - return wc_AesSetKey(aes, userKey, keylen, iv, dir); - } -#elif defined(FREESCALE_MMCAU) - int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir, int checkKeyLen) - { - int ret; - byte* rk; - byte* tmpKey = (byte*)userKey; - int tmpKeyDynamic = 0; - word32 alignOffset = 0; - - (void)dir; - - if (aes == NULL) + if (aes == NULL || userKey == NULL) { return BAD_FUNC_ARG; - -#ifdef WC_DEBUG_CIPHER_LIFECYCLE - { - int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); - if (ret < 0) - return ret; } -#endif - - if (checkKeyLen) { - if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) - return BAD_FUNC_ARG; - } - - rk = (byte*)aes->key; - if (rk == NULL) + if (keylen > sizeof(aes->key)) { return BAD_FUNC_ARG; - - #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ - defined(WOLFSSL_AES_CTS) - aes->left = 0; - #endif - - aes->rounds = keylen/4 + 6; - - #ifdef FREESCALE_MMCAU_CLASSIC - if ((wc_ptr_t)userKey % WOLFSSL_MMCAU_ALIGNMENT) { - #ifndef NO_WOLFSSL_ALLOC_ALIGN - byte* tmp = (byte*)XMALLOC(keylen + WOLFSSL_MMCAU_ALIGNMENT, - aes->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return MEMORY_E; - } - alignOffset = WOLFSSL_MMCAU_ALIGNMENT - - ((wc_ptr_t)tmp % WOLFSSL_MMCAU_ALIGNMENT); - tmpKey = tmp + alignOffset; - XMEMCPY(tmpKey, userKey, keylen); - tmpKeyDynamic = 1; - #else - WOLFSSL_MSG("Bad cau_aes_set_key alignment"); - return BAD_ALIGN_E; - #endif } - #endif - ret = wolfSSL_CryptHwMutexLock(); - if(ret == 0) { - #ifdef FREESCALE_MMCAU_CLASSIC - cau_aes_set_key(tmpKey, keylen*8, rk); - #else - MMCAU_AES_SetKey(tmpKey, keylen, rk); - #endif - wolfSSL_CryptHwMutexUnLock(); - - ret = wc_AesSetIV(aes, iv); - } - - if (tmpKeyDynamic == 1) { - XFREE(tmpKey - alignOffset, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - - return ret; - } - - int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, - const byte* iv, int dir) - { return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); } @@ -4129,7 +4293,6 @@ { return wc_AesSetKey(aes, userKey, keylen, iv, dir); } - #elif defined(WOLFSSL_NRF51_AES) int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) @@ -4379,6 +4542,24 @@ #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) { + #ifdef WOLF_CRYPTO_CB_AES_SETKEY + int ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen); + if (ret == 0) { + /* Callback succeeded - SE owns the key */ + aes->keylen = (int)keylen; + if (iv != NULL) + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); + else + XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE); + return 0; + } + else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + aes->devCtx = NULL; + return ret; + } + /* CRYPTOCB_UNAVAILABLE: continue to software setup */ + #endif + /* Standard CryptoCB path - copy key to devKey for encrypt/decrypt offload */ if (keylen > sizeof(aes->devKey)) { return BAD_FUNC_ARG; } @@ -4405,6 +4586,112 @@ return AesSetKey(aes, userKey, keylen, iv, dir); } #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#elif defined(FREESCALE_MMCAU) + int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir, int checkKeyLen) + { + int ret; + byte* rk; + byte* tmpKey = (byte*)userKey; + int tmpKeyDynamic = 0; + word32 alignOffset = 0; + + (void)dir; + + if (aes == NULL) + return BAD_FUNC_ARG; + +#ifdef WC_DEBUG_CIPHER_LIFECYCLE + { + int ret = wc_debug_CipherLifecycleCheck(aes->CipherLifecycleTag, 0); + if (ret < 0) + return ret; + } +#endif + + if (checkKeyLen) { + if (!((keylen == 16) || (keylen == 24) || (keylen == 32))) + return BAD_FUNC_ARG; + } + + rk = (byte*)aes->key; + if (rk == NULL) + return BAD_FUNC_ARG; + + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) || \ + defined(WOLFSSL_AES_CTS) + aes->left = 0; + #endif + + aes->rounds = keylen/4 + 6; + + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)userKey % WOLFSSL_MMCAU_ALIGNMENT) { + #ifndef NO_WOLFSSL_ALLOC_ALIGN + byte* tmp = (byte*)XMALLOC(keylen + WOLFSSL_MMCAU_ALIGNMENT, + aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + return MEMORY_E; + } + alignOffset = WOLFSSL_MMCAU_ALIGNMENT - + ((wc_ptr_t)tmp % WOLFSSL_MMCAU_ALIGNMENT); + tmpKey = tmp + alignOffset; + XMEMCPY(tmpKey, userKey, keylen); + tmpKeyDynamic = 1; + #else + WOLFSSL_MSG("Bad cau_aes_set_key alignment"); + return BAD_ALIGN_E; + #endif + } + #endif + + ret = wolfSSL_CryptHwMutexLock(); + if(ret == 0) { + #ifdef FREESCALE_MMCAU_CLASSIC + cau_aes_set_key(tmpKey, keylen*8, rk); + #else + MMCAU_AES_SetKey(tmpKey, keylen, rk); + #endif + wolfSSL_CryptHwMutexUnLock(); + + ret = wc_AesSetIV(aes, iv); + } + + if (tmpKeyDynamic == 1) { + XFREE(tmpKey - alignOffset, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; + } + + int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKeyLocal(aes, userKey, keylen, iv, dir, 1); + } + + int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKey(aes, userKey, keylen, iv, dir); + } + +#elif defined(WOLFSSL_PSOC6_CRYPTO) + + int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_Psoc6_Aes_SetKey(aes, userKey, keylen, iv, dir); + } + + #if defined(WOLFSSL_AES_DIRECT) + int wc_AesSetKeyDirect(Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir) + { + return wc_AesSetKey(aes, userKey, keylen, iv, dir); + } + #endif /* WOLFSSL_AES_DIRECT */ #else #define NEED_SOFTWARE_AES_SETKEY #endif @@ -4417,8 +4704,7 @@ #ifdef NEED_AES_TABLES #ifndef WC_AES_BITSLICED -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WOLFSSL_ARMASM) /* Set the AES key and expand. * * @param [in] aes AES object. @@ -4700,6 +4986,33 @@ return BAD_FUNC_ARG; } + #ifdef WOLF_CRYPTO_CB + if (aes->devId != INVALID_DEVID) { + #ifdef WOLF_CRYPTO_CB_AES_SETKEY + ret = wc_CryptoCb_AesSetKey(aes, userKey, keylen); + if (ret == 0) { + /* Callback succeeded - SE owns the key */ + aes->keylen = (int)keylen; + if (iv != NULL) + XMEMCPY(aes->reg, iv, WC_AES_BLOCK_SIZE); + else + XMEMSET(aes->reg, 0, WC_AES_BLOCK_SIZE); + return 0; + } + else if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + aes->devCtx = NULL; + return ret; + } + /* CRYPTOCB_UNAVAILABLE: continue to software setup */ + #endif + /* Standard CryptoCB path - copy key to devKey */ + if (keylen > sizeof(aes->devKey)) { + return BAD_FUNC_ARG; + } + XMEMCPY(aes->devKey, userKey, keylen); + } + #endif + #ifdef WOLFSSL_MAXQ10XX_CRYPTO if (wc_MAXQ10XX_AesSetKey(aes, userKey, keylen) != 0) { return WC_HW_E; @@ -4902,14 +5215,46 @@ } #endif /* WOLFSSL_AESNI */ - #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#ifndef WC_C_DYNAMIC_FALLBACK + +#if defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + #ifndef __aarch64__ + AES_set_key_AARCH32(userKey, keylen, (byte*)aes->key, dir); + #else Check_CPU_support_HwCrypto(aes); if (aes->use_aes_hw_crypto) { AES_set_key_AARCH64(userKey, keylen, (byte*)aes->key, dir); - return 0; + } + else + #endif /* __aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_set_encrypt_key_NEON(userKey, keylen * 8, (byte*)aes->key); + #ifdef HAVE_AES_DECRYPT + if (dir == AES_DECRYPTION) { + AES_invert_key_NEON((byte*)aes->key, aes->rounds); + } + #else + (void)dir; + #endif + } + #elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_set_encrypt_key(userKey, keylen * 8, (byte*)aes->key); + #ifdef HAVE_AES_DECRYPT + if (dir == AES_DECRYPTION) { + AES_invert_key((byte*)aes->key, aes->rounds); + } + #else + (void)dir; + #endif } #endif + return 0; +#else #ifdef WOLFSSL_KCAPI_AES XMEMCPY(aes->devKey, userKey, keylen); @@ -5001,6 +5346,10 @@ ForceZero(local, sizeof(local)); #endif return ret; +#endif + +#endif /* !WC_C_DYNAMIC_FALLBACK */ + } /* wc_AesSetKeyLocal */ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, @@ -5133,8 +5482,8 @@ #else /* !WOLFSSL_AESNI */ -#define VECTOR_REGISTERS_PUSH { WC_DO_NOTHING -#define VECTOR_REGISTERS_POP } WC_DO_NOTHING +#define VECTOR_REGISTERS_PUSH WC_DO_NOTHING +#define VECTOR_REGISTERS_POP WC_DO_NOTHING #endif /* !WOLFSSL_AESNI */ @@ -5157,11 +5506,12 @@ #else /* Allow direct access to one block encrypt */ + /* Note, the in and out args are swapped compared to wc_AesEncrypt(). */ int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in) { int ret; - if (aes == NULL) + if (aes == NULL || out == NULL || in == NULL) return BAD_FUNC_ARG; VECTOR_REGISTERS_PUSH; ret = wc_AesEncrypt(aes, in, out); @@ -5177,6 +5527,7 @@ #ifdef HAVE_AES_DECRYPT /* Allow direct access to one block decrypt */ + /* Note, the in and out args are swapped compared to wc_AesDecrypt(). */ int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in) { int ret; @@ -5848,7 +6199,7 @@ } #endif /* HAVE_AES_DECRYPT */ -#elif defined(FREESCALE_MMCAU) +#elif defined(FREESCALE_MMCAU) && !defined(WOLFSSL_ARMASM) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { int offset = 0; @@ -5919,7 +6270,6 @@ offset += WC_AES_BLOCK_SIZE; } - return 0; } #endif /* HAVE_AES_DECRYPT */ @@ -6108,6 +6458,20 @@ #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) /* implemented in wolfcrypt/src/port/psa/psa_aes.c */ +#elif defined(WOLFSSL_PSOC6_CRYPTO) + + int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + return wc_Psoc6_Aes_CbcEncrypt(aes, out, in, sz); + } + + #if defined(HAVE_AES_DECRYPT) + int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + return wc_Psoc6_Aes_CbcDecrypt(aes, out, in, sz); + } + #endif /* HAVE_AES_DECRYPT */ + #else /* Reminder: Some HW implementations may also define this as needed. * (e.g. for unsupported key length fallback) */ @@ -6119,7 +6483,7 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) word32 blocks; int ret; #endif @@ -6132,7 +6496,7 @@ return 0; } -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) blocks = sz / WC_AES_BLOCK_SIZE; #endif #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS @@ -6182,14 +6546,31 @@ } #endif /* WOLFSSL_ASYNC_CRYPT */ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_CBC_encrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (int)aes->rounds); -#else - AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, - aes->rounds, (unsigned char*)aes->reg); -#endif + #else + if (aes->use_aes_hw_crypto) { + AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); + } + else + #endif /* __aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_CBC_encrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_CBC_encrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #endif return 0; #else #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -6260,20 +6641,17 @@ } } else - #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CBC_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (int)aes->rounds); - ret = 0; - } - else #endif { +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif ret = 0; while (blocks--) { xorbuf((byte*)aes->reg, in, WC_AES_BLOCK_SIZE); - ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, + (byte*)aes->reg, + &did_prefetches); if (ret != 0) break; XMEMCPY(out, aes->reg, WC_AES_BLOCK_SIZE); @@ -6295,7 +6673,7 @@ /* Software AES - CBC Decrypt */ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) word32 blocks; int ret; #endif @@ -6323,7 +6701,7 @@ } #endif -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM) blocks = sz / WC_AES_BLOCK_SIZE; #endif if (sz % WC_AES_BLOCK_SIZE) { @@ -6382,14 +6760,39 @@ } #endif -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_CBC_decrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (int)aes->rounds); -#else - AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, - aes->rounds, (unsigned char*)aes->reg); -#endif + #else + if (aes->use_aes_hw_crypto) { + AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (int)aes->rounds); + } + else + #endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 64) + #endif + { + AES_CBC_decrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else + #endif + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_CBC_decrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds, (unsigned char*)aes->reg); + } + #endif + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #else VECTOR_REGISTERS_PUSH; @@ -6423,14 +6826,6 @@ ret = 0; } else - #elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CBC_decrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (int)aes->rounds); - ret = 0; - } - else #endif { ret = 0; @@ -6495,9 +6890,13 @@ } } #else +#ifdef WC_AES_HAVE_PREFETCH_ARG + { + int did_prefetches = 0; +#endif while (blocks--) { XMEMCPY(aes->tmp, in, WC_AES_BLOCK_SIZE); - ret = wc_AesDecrypt(aes, in, out); + ret = AesDecrypt_preFetchOpt(aes, in, out, &did_prefetches); if (ret != 0) return ret; xorbuf(out, (byte*)aes->reg, WC_AES_BLOCK_SIZE); @@ -6507,6 +6906,9 @@ out += WC_AES_BLOCK_SIZE; in += WC_AES_BLOCK_SIZE; } +#ifdef WC_AES_HAVE_PREFETCH_ARG + } +#endif #endif } @@ -6725,8 +7127,7 @@ #endif #ifdef NEED_AES_CTR_SOFT - #if !(!defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) + #ifndef WOLFSSL_ARMASM /* Increment AES counter */ static WC_INLINE void IncrementAesCounter(byte* inOutCtr) { @@ -6737,7 +7138,7 @@ return; } } - #endif + #endif /* Software AES - CTR Encrypt */ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -6746,10 +7147,13 @@ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) byte scratch[WC_AES_BLOCK_SIZE]; #endif - #if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) + #if !defined(WOLFSSL_ARMASM) int ret = 0; #endif word32 processed; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif #if !(!defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) @@ -6781,11 +7185,21 @@ aes->left -= processed; sz -= processed; - #if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) - #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if defined(WOLFSSL_ARMASM) + #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #ifndef __aarch64__ AES_CTR_encrypt_AARCH32(in, out, sz, (byte*)aes->reg, (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); - #else + #else + if (aes->use_aes_hw_crypto) { + AES_CTR_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, + (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); + return 0; + } + else + #endif /* !__aarch64__ */ + #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + #if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) { word32 numBlocks; byte* tmp = (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left; @@ -6799,8 +7213,25 @@ /* do as many block size ops as possible */ numBlocks = sz / WC_AES_BLOCK_SIZE; if (numBlocks > 0) { - AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, - (byte*)aes->key, aes->rounds, (byte*)aes->reg); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 32) + #endif + { + AES_CTR_encrypt_NEON(in, out, + numBlocks * WC_AES_BLOCK_SIZE, (byte*)aes->key, + aes->rounds, (byte*)aes->reg); + } + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else + #endif + #endif + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_CTR_encrypt(in, out, numBlocks * WC_AES_BLOCK_SIZE, + (byte*)aes->key, aes->rounds, (byte*)aes->reg); + } + #endif sz -= numBlocks * WC_AES_BLOCK_SIZE; out += numBlocks * WC_AES_BLOCK_SIZE; @@ -6812,8 +7243,21 @@ byte zeros[WC_AES_BLOCK_SIZE] = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; - AES_CTR_encrypt(zeros, (byte*)aes->tmp, WC_AES_BLOCK_SIZE, - (byte*)aes->key, aes->rounds, (byte*)aes->reg); + #if defined(__aarch64__) && \ + !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_CTR_encrypt_NEON(zeros, (byte*)aes->tmp, + WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds, + (byte*)aes->reg); + } + #else + { + AES_CTR_encrypt(zeros, (byte*)aes->tmp, + WC_AES_BLOCK_SIZE, (byte*)aes->key, aes->rounds, + (byte*)aes->reg); + } + #endif aes->left = WC_AES_BLOCK_SIZE; tmp = (byte*)aes->tmp; @@ -6824,18 +7268,9 @@ } } } - #endif + #endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ return 0; #else - #if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_CTR_encrypt_AARCH64(in, out, sz, (byte*)aes->reg, - (byte*)aes->key, (byte*)aes->tmp, &aes->left, aes->rounds); - return 0; - } - #endif - VECTOR_REGISTERS_PUSH; #if defined(HAVE_AES_ECB) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ @@ -6870,7 +7305,9 @@ #ifdef XTRANSFORM_AESCTRBLOCK XTRANSFORM_AESCTRBLOCK(aes, out, in); #else - ret = wc_AesEncrypt(aes, (byte*)aes->reg, scratch); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, + scratch, + &did_prefetches); if (ret != 0) break; xorbuf(scratch, in, WC_AES_BLOCK_SIZE); @@ -6888,7 +7325,9 @@ /* handle non block size remaining and store unused byte count in left */ if ((ret == 0) && sz) { - ret = wc_AesEncrypt(aes, (byte*)aes->reg, (byte*)aes->tmp); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, + (byte*)aes->tmp, + &did_prefetches); if (ret == 0) { IncrementAesCounter((byte*)aes->reg); aes->left = WC_AES_BLOCK_SIZE - sz; @@ -6925,8 +7364,26 @@ #endif /* NEED_AES_CTR_SOFT */ #endif /* WOLFSSL_AES_COUNTER */ -#endif /* !WOLFSSL_RISCV_ASM */ +#ifndef WC_AES_HAVE_PREFETCH_ARG + #ifndef AesEncrypt_preFetchOpt + #define AesEncrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesEncrypt(aes, inBlock, outBlock) + #endif + #ifndef AesDecrypt_preFetchOpt + #define AesDecrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesDecrypt(aes, inBlock, outBlock) + #endif +#endif + +#else /* WOLFSSL_RISCV_ASM */ + +#define AesEncrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesEncryptDirect(aes, outBlock, inBlock) +#define AesDecrypt_preFetchOpt(aes, inBlock, outBlock, do_preFetch) \ + wc_AesDecryptDirect(aes, outBlock, inBlock) + +#endif /* WOLFSSL_RISCV_ASM */ /* * The IV for AES GCM and CCM, stored in struct Aes's member reg, is comprised @@ -6989,6 +7446,8 @@ #else /* software + AESNI implementation */ #if !defined(FREESCALE_LTC_AES_GCM) +#if (!(defined(__aarch64__) && defined(WOLFSSL_ARMASM))) || \ + defined(WOLFSSL_AESGCM_STREAM) static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) { int i; @@ -6999,6 +7458,7 @@ return; } } +#endif #endif /* !FREESCALE_LTC_AES_GCM */ #if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) || \ @@ -7066,7 +7526,7 @@ #elif defined(GCM_TABLE_4BIT) -#if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) +#if !defined(WC_16BIT_CPU) static WC_INLINE void Shift4_M0(byte *r8, byte *z8) { int i; @@ -7078,7 +7538,7 @@ void GenerateM0(Gcm* gcm) { -#if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) +#if !defined(WC_16BIT_CPU) int i; #endif byte (*m)[WC_AES_BLOCK_SIZE] = gcm->M0; @@ -7125,22 +7585,28 @@ XMEMCPY(m[0xf], m[0x8], WC_AES_BLOCK_SIZE); xorbuf (m[0xf], m[0x7], WC_AES_BLOCK_SIZE); -#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WC_16BIT_CPU) for (i = 0; i < 16; i++) { + Shift4_M0(m[16+i], m[i]); + } +#endif + +#if defined(WOLFSSL_ARMASM) && defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + for (i = 0; i < 32; i++) { + #if !defined(__aarch64__) word32* m32 = (word32*)gcm->M0[i]; m32[0] = ByteReverseWord32(m32[0]); m32[1] = ByteReverseWord32(m32[1]); m32[2] = ByteReverseWord32(m32[2]); m32[3] = ByteReverseWord32(m32[3]); + #else + word64* m64 = (word64*)gcm->M0[i]; + m64[0] = ByteReverseWord64(m64[0]); + m64[1] = ByteReverseWord64(m64[1]); + #endif } #endif -#if !defined(BIG_ENDIAN_ORDER) && !defined(WC_16BIT_CPU) - for (i = 0; i < 16; i++) { - Shift4_M0(m[16+i], m[i]); - } -#endif } #endif /* GCM_TABLE */ @@ -7217,65 +7683,87 @@ return ret; #endif /* WOLFSSL_RENESAS_RSIP && WOLFSSL_RENESAS_FSPSM_CRYPTONLY*/ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) if (ret == 0) { - #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO + #if !defined(__aarch64__) AES_GCM_set_key_AARCH32(iv, (byte*)aes->key, aes->gcm.H, aes->rounds); #else - AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + AES_GCM_set_key_AARCH64(iv, (byte*)aes->key, aes->gcm.H, + aes->rounds); + } + else + #endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_encrypt_NEON(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + AES_ECB_encrypt(iv, aes->gcm.H, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) GenerateM0(&aes->gcm); #endif /* GCM_TABLE */ - #endif + } +#endif } #else -#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (ret == 0 && aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - AES_GCM_set_key_AARCH64(iv, (byte*)aes->key, aes->gcm.H, aes->rounds); +#if !defined(FREESCALE_LTC_AES_GCM) && !defined(WOLFSSL_PSOC6_CRYPTO) + + +#ifdef WOLF_CRYPTO_CB_AES_SETKEY + if ((ret == 0) && (aes->devId != INVALID_DEVID && aes->devCtx != NULL)) { + /* SE owns key - skip H and M table generation */ } else #endif -#if !defined(FREESCALE_LTC_AES_GCM) if (ret == 0) { VECTOR_REGISTERS_PUSH; - /* AES-NI code generates its own H value, but generate it here too, to - * assure pure-C fallback is always usable. - */ + + /* Generate H = AES_Encrypt(key, 0^128) */ ret = wc_AesEncrypt(aes, iv, aes->gcm.H); - VECTOR_REGISTERS_POP; - } - if (ret == 0) { + + if (ret == 0) { #if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) -#if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) - if (aes->use_aesni) { - #if defined(WC_C_DYNAMIC_FALLBACK) - #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_AVX2(intel_flags)) { - GCM_generate_m0_avx2(aes->gcm.H, (byte*)aes->gcm.M0); - } - else - #endif - #if defined(HAVE_INTEL_AVX1) - if (IS_INTEL_AVX1(intel_flags)) { - GCM_generate_m0_avx1(aes->gcm.H, (byte*)aes->gcm.M0); + #if defined(WOLFSSL_AESNI) && defined(GCM_TABLE_4BIT) + if (aes->use_aesni) { + #if defined(WC_C_DYNAMIC_FALLBACK) + #ifdef HAVE_INTEL_AVX2 + if (IS_INTEL_AVX2(intel_flags)) { + GCM_generate_m0_avx2(aes->gcm.H, + (byte*)aes->gcm.M0); + } + else + #endif + #if defined(HAVE_INTEL_AVX1) + if (IS_INTEL_AVX1(intel_flags)) { + GCM_generate_m0_avx1(aes->gcm.H, + (byte*)aes->gcm.M0); + } + else + #endif + { + GCM_generate_m0_aesni(aes->gcm.H, + (byte*)aes->gcm.M0); + } + #endif /* WC_C_DYNAMIC_FALLBACK */ } else - #endif + #endif /* AESNI */ { - GCM_generate_m0_aesni(aes->gcm.H, (byte*)aes->gcm.M0); + GenerateM0(&aes->gcm); } - #endif - } - else -#endif - { - GenerateM0(&aes->gcm); - } #endif /* GCM_TABLE || GCM_TABLE_4BIT */ + } + + VECTOR_REGISTERS_POP; } -#endif /* FREESCALE_LTC_AES_GCM */ +#endif /* !FREESCALE_LTC_AES_GCM && !WOLFSSL_PSOC6_CRYPTO */ #endif #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX_AES) @@ -7284,7 +7772,15 @@ #ifdef WOLF_CRYPTO_CB if (aes->devId != INVALID_DEVID) { - XMEMCPY(aes->devKey, key, len); + #ifdef WOLF_CRYPTO_CB_AES_SETKEY + if (aes->devCtx != NULL) { + /* SE owns key - don't copy to devKey */ + } + else + #endif + { + XMEMCPY(aes->devKey, key, len); + } } #endif @@ -7458,17 +7954,62 @@ while (0) #endif /* WOLFSSL_AESGCM_STREAM */ -#ifdef WOLFSSL_ARMASM +#if defined(WOLFSSL_ARMASM) && !defined(__aarch64__) && \ + !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static void GCM_gmult_len_armasm_C( + byte* x, const byte* h, const unsigned char* a, unsigned long len) +{ + byte Z[AES_BLOCK_SIZE]; + byte V[AES_BLOCK_SIZE]; + int i; + int j; + + while (len >= AES_BLOCK_SIZE) { + xorbuf(x, a, AES_BLOCK_SIZE); + XMEMSET(Z, 0, AES_BLOCK_SIZE); + XMEMCPY(V, x, AES_BLOCK_SIZE); + for (i = 0; i < AES_BLOCK_SIZE; i++) { + byte y = h[i]; + for (j = 0; j < 8; j++) { + if (y & 0x80) { + xorbuf(Z, V, AES_BLOCK_SIZE); + } + RIGHTSHIFTX(V); + y = y << 1; + } + } + XMEMCPY(x, Z, AES_BLOCK_SIZE); + len -= AES_BLOCK_SIZE; + a += AES_BLOCK_SIZE; + } +} + +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_armasm_C(x, (gcm)->H, a, len) +#endif /* WOLFSSL_ARMASM && !__aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ + +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#else #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) #endif +#endif #elif defined(GCM_TABLE) -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#else #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) +#endif #else ALIGN16 static const byte R[256][2] = { {0x00, 0x00}, {0x01, 0xc2}, {0x03, 0x84}, {0x02, 0x46}, @@ -7732,10 +8273,19 @@ /* end GCM_TABLE */ #elif defined(GCM_TABLE_4BIT) -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) && (defined(__aarch64__) || \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) +#if !defined(WOLFSSL_ARMASM_NO_NEON) && defined(__aarch64__) +#define GCM_GMULT_LEN(gcm, x, a, len) \ + GCM_gmult_len_NEON(x, (const byte*)((gcm)->H), a, len) +#define GMULT(x, m) \ + GCM_gmult_NEON(x, (const byte**)m) +#else #define GCM_GMULT_LEN(gcm, x, a, len) \ GCM_gmult_len(x, (const byte**)((gcm)->M0), a, len) +#define GMULT(x, m) \ + GCM_gmult(x, (const byte**)m) +#endif #else /* remainder = x^7 + x^2 + x^1 + 1 => 0xe1 * R shifts right a reverse bit pair of bytes such that: @@ -7750,13 +8300,25 @@ * * Second half is same values rotated by 4-bits. */ -#if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) +#if defined(WC_16BIT_CPU) static const byte R[16][2] = { {0x00, 0x00}, {0x1c, 0x20}, {0x38, 0x40}, {0x24, 0x60}, {0x70, 0x80}, {0x6c, 0xa0}, {0x48, 0xc0}, {0x54, 0xe0}, {0xe1, 0x00}, {0xfd, 0x20}, {0xd9, 0x40}, {0xc5, 0x60}, {0x91, 0x80}, {0x8d, 0xa0}, {0xa9, 0xc0}, {0xb5, 0xe0}, }; +#elif defined(BIG_ENDIAN_ORDER) +static const word16 R[32] = { + 0x0000, 0x1c20, 0x3840, 0x2460, + 0x7080, 0x6ca0, 0x48c0, 0x54e0, + 0xe100, 0xfd20, 0xd940, 0xc560, + 0x9180, 0x8da0, 0xa9c0, 0xb5e0, + + 0x0000, 0x01c2, 0x0384, 0x0246, + 0x0708, 0x06ca, 0x048c, 0x054e, + 0x0e10, 0x0fd2, 0x0d94, 0x0c56, + 0x0918, 0x08da, 0x0a9c, 0x0b5e, +}; #else static const word16 R[32] = { 0x0000, 0x201c, 0x4038, 0x6024, @@ -7781,7 +8343,7 @@ * m: 4-bit table * [0..15] * H */ -#if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) +#if defined(WC_16BIT_CPU) static void GMULT(byte *x, byte m[16][WC_AES_BLOCK_SIZE]) { int i, j, n; @@ -7812,6 +8374,71 @@ XMEMCPY(x, Z, WC_AES_BLOCK_SIZE); } +#elif defined(WC_32BIT_CPU) && defined(BIG_ENDIAN_ORDER) +static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) +{ + int i; + word32 z8[4] = {0, 0, 0, 0}; + byte a; + word32* x8 = (word32*)x; + word32* m8; + byte xi; + + for (i = 15; i > 0; i--) { + xi = x[i]; + + /* XOR in (msn * H) */ + m8 = (word32*)m[xi & 0xf]; + z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (byte)(z8[3] & 0xff); + + /* Rotate Z by 8-bits */ + z8[3] = (z8[2] << 24) | (z8[3] >> 8); + z8[2] = (z8[1] << 24) | (z8[2] >> 8); + z8[1] = (z8[0] << 24) | (z8[1] >> 8); + z8[0] >>= 8; + + /* XOR in (msn * remainder) [pre-rotated by 4 bits] */ + z8[0] ^= ((word32)R[16 + (a & 0xf)]) << 16; + + xi >>= 4; + /* XOR in next significant nibble (XORed with H) * remainder */ + m8 = (word32*)m[xi]; + a ^= (byte)(m8[3] >> 12) & 0xf; + a ^= (byte)((m8[3] << 4) & 0xf0); + z8[0] ^= ((word32)R[a >> 4]) << 16; + + /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */ + m8 = (word32*)m[16 + xi]; + z8[0] ^= m8[0]; z8[1] ^= m8[1]; + z8[2] ^= m8[2]; z8[3] ^= m8[3]; + } + + xi = x[0]; + + /* XOR in most significant nibble * H */ + m8 = (word32*)m[xi & 0xf]; + z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (byte)(z8[3] & 0x0f); + + z8[3] = (z8[2] << 28) | (z8[3] >> 4); + z8[2] = (z8[1] << 28) | (z8[2] >> 4); + z8[1] = (z8[0] << 28) | (z8[1] >> 4); + z8[0] >>= 4; + + /* XOR in most significant nibble * remainder */ + z8[0] ^= ((word32)R[a]) << 16; + /* XOR in next significant nibble * H */ + m8 = (word32*)m[xi >> 4]; + z8[0] ^= m8[0]; z8[1] ^= m8[1]; z8[2] ^= m8[2]; z8[3] ^= m8[3]; + + /* Write back result. */ + x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3]; +} #elif defined(WC_32BIT_CPU) static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) { @@ -7886,6 +8513,70 @@ /* Write back result. */ x8[0] = z8[0]; x8[1] = z8[1]; x8[2] = z8[2]; x8[3] = z8[3]; } +#elif defined(WC_64BIT_CPU) && defined(BIG_ENDIAN_ORDER) +static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) +{ + int i; + word64 z8[2] = {0, 0}; + byte a; + word64* x8 = (word64*)x; + word64* m8; + byte xi; + + for (i = 15; i > 0; i--) { + xi = x[i]; + + /* XOR in (msn * H) */ + m8 = (word64*)m[xi & 0xf]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (byte)(z8[1] & 0xff); + + /* Rotate Z by 8-bits */ + z8[1] = (z8[0] << 56) | (z8[1] >> 8); + z8[0] >>= 8; + + /* XOR in (next significant nibble * H) [pre-rotated by 4 bits] */ + m8 = (word64*)m[16 + (xi >> 4)]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* XOR in (msn * remainder) [pre-rotated by 4 bits] */ + z8[0] ^= ((word64)R[16 + (a & 0xf)]) << 48; + /* XOR in next significant nibble (XORed with H) * remainder */ + m8 = (word64*)m[xi >> 4]; + a ^= (byte)(m8[1] >> 12) & 0xf; + a ^= (byte)((m8[1] << 4) & 0xf0); + z8[0] ^= ((word64)R[a >> 4]) << 48; + } + + xi = x[0]; + + /* XOR in most significant nibble * H */ + m8 = (word64*)m[xi & 0xf]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + + /* Cache top byte for remainder calculations - lost in rotate. */ + a = (byte)(z8[1] & 0x0f); + + /* Rotate z by 4-bits */ + z8[1] = (z8[0] << 60) | (z8[1] >> 4); + z8[0] >>= 4; + + /* XOR in next significant nibble * H */ + m8 = (word64*)m[xi >> 4]; + z8[0] ^= m8[0]; + z8[1] ^= m8[1]; + /* XOR in most significant nibble * remainder */ + z8[0] ^= ((word64)R[a]) << 48; + + /* Write back result. */ + x8[0] = z8[0]; + x8[1] = z8[1]; +} #else static WC_INLINE void GMULT(byte *x, byte m[32][WC_AES_BLOCK_SIZE]) { @@ -8049,7 +8740,16 @@ */ #define GHASH_INIT_EXTRA(aes) WC_DO_NOTHING -/* GHASH one block of data.. +#ifdef GCM_GMULT_LEN +/* GHASH one block of data. + * + * @param [in, out] aes AES GCM object. + * @param [in] block Block of AAD or cipher text. + */ +#define GHASH_ONE_BLOCK_SW(aes, block) \ + GCM_GMULT_LEN(&(aes)->gcm, AES_TAG(aes), block, WC_AES_BLOCK_SIZE) +#else +/* GHASH one block of data. * * XOR block into tag and GMULT with H using pre-computed table. * @@ -8062,6 +8762,7 @@ GMULT(AES_TAG(aes), (aes)->gcm.M0); \ } \ while (0) +#endif #endif /* WOLFSSL_AESGCM_STREAM */ #elif defined(WORD64_AVAILABLE) && !defined(GCM_WORD32) @@ -9099,7 +9800,7 @@ #endif /* STM32_CRYPTO_AES_GCM */ -#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) #ifdef WOLFSSL_AESNI /* For performance reasons, this code needs to be not inlined. */ WARN_UNUSED_RESULT int AES_GCM_encrypt_C( @@ -9124,6 +9825,9 @@ ALIGN16 byte counter[WC_AES_BLOCK_SIZE]; ALIGN16 byte initialCounter[WC_AES_BLOCK_SIZE]; ALIGN16 byte scratch[WC_AES_BLOCK_SIZE]; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif if (ivSz == GCM_NONCE_MID_SZ) { /* Counter is IV with bottom 4 bytes set to: 0x00,0x00,0x00,0x01. */ @@ -9182,7 +9886,8 @@ while (blocks--) { IncrementGcmCounter(counter); #if !defined(WOLFSSL_PIC32MZ_CRYPT) - ret = wc_AesEncrypt(aes, counter, scratch); + ret = AesEncrypt_preFetchOpt(aes, counter, scratch, + &did_prefetches); if (ret != 0) return ret; xorbufout(c, scratch, p, WC_AES_BLOCK_SIZE); @@ -9194,14 +9899,15 @@ if (partial != 0) { IncrementGcmCounter(counter); - ret = wc_AesEncrypt(aes, counter, scratch); + ret = AesEncrypt_preFetchOpt(aes, counter, scratch, &did_prefetches); if (ret != 0) return ret; xorbufout(c, scratch, p, partial); } if (authTag) { GHASH(&aes->gcm, authIn, authInSz, out, sz, authTag, authTagSz); - ret = wc_AesEncrypt(aes, initialCounter, scratch); + ret = AesEncrypt_preFetchOpt(aes, initialCounter, scratch, + &did_prefetches); if (ret != 0) return ret; xorbuf(authTag, scratch, authTagSz); @@ -9214,8 +9920,8 @@ return ret; } -#elif defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -static int AES_GCM_encrypt_AARCH32(Aes* aes, byte* out, const byte* in, +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static int AES_GCM_encrypt_ARM(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { @@ -9256,16 +9962,42 @@ blocks = sz / WC_AES_BLOCK_SIZE; partial = sz % WC_AES_BLOCK_SIZE; if (blocks > 0) { - AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 32) + #endif + { + AES_GCM_encrypt_NEON(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else + #endif + #endif + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #endif GCM_GMULT_LEN(&aes->gcm, x, out, blocks * WC_AES_BLOCK_SIZE); in += blocks * WC_AES_BLOCK_SIZE; out += blocks * WC_AES_BLOCK_SIZE; } /* take care of partial block sizes leftover */ if (partial != 0) { - AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_GCM_encrypt_NEON(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #else + { + AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #endif XMEMCPY(out, scratch, partial); XMEMSET(scratch, 0, WC_AES_BLOCK_SIZE); @@ -9287,8 +10019,18 @@ } /* Auth tag calculation. */ - AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_encrypt_NEON(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#else + { + AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#endif xorbuf(authTag, scratch, authTagSz); return 0; @@ -9380,18 +10122,46 @@ authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ +#if defined(WOLFSSL_PSOC6_CRYPTO) + return wc_Psoc6_Aes_GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); +#endif /* WOLFSSL_PSOC6_CRYPTO */ + VECTOR_REGISTERS_PUSH; -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO +#if !defined(__aarch64__) AES_GCM_encrypt_AARCH32(in, out, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); ret = 0; #else - ret = AES_GCM_encrypt_AARCH32(aes, out, in, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz); -#endif + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + if (aes->use_sha3_hw_crypto) { + AES_GCM_encrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + else + #endif + { + AES_GCM_encrypt_AARCH64(in, out, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, + (byte*)aes->reg, aes->rounds); + } + ret = 0; + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + ret = AES_GCM_encrypt_ARM(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { @@ -9417,25 +10187,6 @@ } } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 - if (aes->use_sha3_hw_crypto) { - AES_GCM_encrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - else - #endif - { - AES_GCM_encrypt_AARCH64(in, out, sz, iv, ivSz, authTag, authTagSz, - authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, - (byte*)aes->reg, aes->rounds); - } - ret = 0; - } - else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_encrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -9466,8 +10217,9 @@ /* If the sz is non-zero, both in and out must be set. If sz is 0, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || - authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 || - ivSz == 0 || ((authInSz > 0) && (authIn == NULL))) + authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || + authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || ivSz == 0 || + ((authInSz > 0) && (authIn == NULL))) { return BAD_FUNC_ARG; } @@ -9609,6 +10361,9 @@ ret = wolfSSL_CryptHwMutexLock(); if (ret != 0) { + if (wasAlloc) { + XFREE(authInPadded, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } @@ -9751,7 +10506,7 @@ #endif /* STM32_CRYPTO_AES_GCM */ -#if !defined(WOLFSSL_ARMASM) || defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) #ifdef WOLFSSL_AESNI /* For performance reasons, this code needs to be not inlined. */ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( @@ -9895,12 +10650,13 @@ /* now use res as a mask for constant time return of ret, unless tag * mismatch, whereupon AES_GCM_AUTH_E is returned. */ - ret = (ret & ~res) | (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); + ret = (ret & ~res); + ret |= (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); #endif return ret; } -#elif defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -static int AES_GCM_decrypt_AARCH32(Aes* aes, byte* out, const byte* in, +#elif defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +static int AES_GCM_decrypt_ARM(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { @@ -9943,8 +10699,24 @@ if (blocks > 0) { GCM_GMULT_LEN(&aes->gcm, x, in, blocks * WC_AES_BLOCK_SIZE); - AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 32) + #endif + { + AES_GCM_encrypt_NEON(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else + #endif + #endif + #ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_GCM_encrypt(in, out, blocks * WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #endif in += blocks * WC_AES_BLOCK_SIZE; out += blocks * WC_AES_BLOCK_SIZE; } @@ -9953,8 +10725,18 @@ XMEMCPY(scratch, in, partial); GCM_GMULT_LEN(&aes->gcm, x, scratch, WC_AES_BLOCK_SIZE); - AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds, counter); + #if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_GCM_encrypt_NEON(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #else + { + AES_GCM_encrypt(in, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds, counter); + } + #endif XMEMCPY(out, scratch, partial); } @@ -9962,8 +10744,18 @@ FlattenSzInBits(&scratch[0], authInSz); FlattenSzInBits(&scratch[8], sz); GCM_GMULT_LEN(&aes->gcm, x, scratch, WC_AES_BLOCK_SIZE); - AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, - (const unsigned char*)aes->key, aes->rounds); +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) && \ + defined(WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP) + { + AES_ECB_encrypt_NEON(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#else + { + AES_ECB_encrypt(initialCounter, scratch, WC_AES_BLOCK_SIZE, + (const unsigned char*)aes->key, aes->rounds); + } +#endif xorbuf(x, scratch, authTagSz); if (authTag != NULL) { if (ConstantCompare(authTag, x, authTagSz) != 0) { @@ -9990,8 +10782,8 @@ /* If the sz is non-zero, both in and out must be set. If sz is 0, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || - authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || authTagSz == 0 || - ivSz == 0) { + authTag == NULL || authTagSz > WC_AES_BLOCK_SIZE || + authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ || ivSz == 0) { return BAD_FUNC_ARG; } @@ -10060,17 +10852,53 @@ authTag, authTagSz, authIn, authInSz); #endif /* STM32_CRYPTO_AES_GCM */ +#if defined(WOLFSSL_PSOC6_CRYPTO) + return wc_Psoc6_Aes_GcmDecrypt(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); +#endif /* WOLFSSL_PSOC6_CRYPTO */ + VECTOR_REGISTERS_PUSH; -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if defined(WOLFSSL_ARMASM) #ifndef WOLFSSL_ARMASM_NO_HW_CRYPTO - ret = AES_GCM_decrypt_AARCH32(in, out, sz, iv, ivSz, authTag, authTagSz, - authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, - (byte*)aes->reg, aes->rounds); +#ifndef __aarch64__ + { + #ifdef OPENSSL_EXTRA + word32 reg[WC_AES_BLOCK_SIZE / sizeof(word32)]; + XMEMCPY(reg, aes->reg, sizeof(reg)); + #endif + ret = AES_GCM_decrypt_AARCH32(in, out, sz, iv, ivSz, authTag, authTagSz, + authIn, authInSz, (byte*)aes->key, aes->gcm.H, (byte*)aes->tmp, + (byte*)aes->reg, aes->rounds); + #ifdef OPENSSL_EXTRA + XMEMCPY(aes->reg, reg, sizeof(reg)); + #endif + } #else - ret = AES_GCM_decrypt_AARCH32(aes, out, in, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz); -#endif + if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { + #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 + if (aes->use_sha3_hw_crypto) { + ret = AES_GCM_decrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + else + #endif + { + ret = AES_GCM_decrypt_AARCH64(in, out, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, + (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); + } + } + else +#endif /* !__aarch64__ */ +#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + { + ret = AES_GCM_decrypt_ARM(aes, out, in, sz, iv, ivSz, authTag, + authTagSz, authIn, authInSz); + } +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { @@ -10106,24 +10934,6 @@ } } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto && aes->use_pmull_hw_crypto) { - #ifdef WOLFSSL_ARMASM_CRYPTO_SHA3 - if (aes->use_sha3_hw_crypto) { - ret = AES_GCM_decrypt_AARCH64_EOR3(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - else - #endif - { - ret = AES_GCM_decrypt_AARCH64(in, out, sz, iv, ivSz, authTag, - authTagSz, authIn, authInSz, (byte*)aes->key, aes->gcm.H, - (byte*)aes->tmp, (byte*)aes->reg, aes->rounds); - } - } - else #endif /* WOLFSSL_AESNI */ { ret = AES_GCM_decrypt_C(aes, out, in, sz, iv, ivSz, authTag, authTagSz, @@ -11586,24 +12396,7 @@ return ret; } -/* Update the AES GCM for encryption with data and/or authentication data. - * - * All the AAD must be passed to update before the plaintext. - * Last part of AAD can be passed with first part of plaintext. - * - * Must set key and IV before calling this function. - * Must call wc_AesGcmInit() before calling this function. - * - * @param [in, out] aes AES object. - * @param [out] out Buffer to hold cipher text. - * @param [in] in Buffer holding plaintext. - * @param [in] sz Length of plaintext in bytes. - * @param [in] authIn Buffer holding authentication data. - * @param [in] authInSz Length of authentication data in bytes. - * @return 0 on success. - * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer - * is NULL. - */ +/* Update the AES GCM for encryption with data and/or authentication data. */ int wc_AesGcmEncryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, const byte* authIn, word32 authInSz) { @@ -11681,7 +12474,7 @@ /* Check validity of parameters. */ if ((aes == NULL) || (authTag == NULL) || (authTagSz > WC_AES_BLOCK_SIZE) || - (authTagSz == 0)) { + (authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ)) { ret = BAD_FUNC_ARG; } @@ -11745,24 +12538,7 @@ return wc_AesGcmInit(aes, key, len, iv, ivSz); } -/* Update the AES GCM for decryption with data and/or authentication data. - * - * All the AAD must be passed to update before the cipher text. - * Last part of AAD can be passed with first part of cipher text. - * - * Must set key and IV before calling this function. - * Must call wc_AesGcmInit() before calling this function. - * - * @param [in, out] aes AES object. - * @param [out] out Buffer to hold plaintext. - * @param [in] in Buffer holding cipher text. - * @param [in] sz Length of cipher text in bytes. - * @param [in] authIn Buffer holding authentication data. - * @param [in] authInSz Length of authentication data in bytes. - * @return 0 on success. - * @return BAD_FUNC_ARG when aes is NULL, or a length is non-zero but buffer - * is NULL. - */ +/* Update the AES GCM for decryption with data and/or authentication data. */ int wc_AesGcmDecryptUpdate(Aes* aes, byte* out, const byte* in, word32 sz, const byte* authIn, word32 authInSz) { @@ -11860,7 +12636,7 @@ { ALIGN32 byte calcTag[WC_AES_BLOCK_SIZE]; /* Calculate authentication tag. */ - ret = AesGcmFinal_C(aes, calcTag, authTagSz); + ret = AesGcmFinal_C(aes, calcTag, WC_AES_BLOCK_SIZE); if (ret == 0) { /* Check calculated tag matches the one passed in. */ if (ConstantCompare(authTag, calcTag, (int)authTagSz) != 0) { @@ -12256,7 +13032,11 @@ in += WC_AES_BLOCK_SIZE; inSz -= WC_AES_BLOCK_SIZE; - ret = wc_AesEncrypt(aes, out, out); + /* wc_AesCcmEncrypt(), wc_AesCcmDecrypt(), and roll_auth() only call + * roll_x() after the AES cache lines are already hot -- no need to + * absorb additional prefetch overhead here. + */ + ret = AesEncrypt_preFetchOpt(aes, out, out, &never_prefetch); if (ret != 0) return ret; } @@ -12264,7 +13044,11 @@ /* process remainder of the data */ if (inSz > 0) { xorbuf(out, in, inSz); - ret = wc_AesEncrypt(aes, out, out); + /* wc_AesCcmEncrypt(), wc_AesCcmDecrypt(), and roll_auth() only call + * roll_x() after the AES cache lines are already hot -- no need to + * absorb additional prefetch overhead here. + */ + ret = AesEncrypt_preFetchOpt(aes, out, out, &never_prefetch); if (ret != 0) return ret; } @@ -12312,7 +13096,11 @@ xorbuf(out + authLenSz, in, inSz); inSz = 0; } - ret = wc_AesEncrypt(aes, out, out); + /* wc_AesCcmEncrypt() and wc_AesCcmDecrypt() only call roll_auth() after the + * AES cache lines are already hot -- no need to absorb additional prefetch + * overhead here. + */ + ret = AesEncrypt_preFetchOpt(aes, out, out, &never_prefetch); if ((ret == 0) && (inSz > 0)) { ret = roll_x(aes, in, inSz, out); @@ -12438,6 +13226,9 @@ #endif VECTOR_REGISTERS_PUSH; + /* note this wc_AesEncrypt() will perform cache prefetches if needed, so + * that the later encrypt ops don't need to. + */ ret = wc_AesEncrypt(aes, B, A); #ifdef WOLFSSL_CHECK_MEM_ZERO if (ret == 0) @@ -12456,7 +13247,7 @@ B[0] = (byte)(lenSz - 1U); for (i = 0; i < lenSz; i++) B[WC_AES_BLOCK_SIZE - 1 - i] = 0; - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &never_prefetch); } if (ret == 0) { @@ -12484,7 +13275,7 @@ #endif if (ret == 0) { while (inSz >= WC_AES_BLOCK_SIZE) { - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &never_prefetch); if (ret != 0) break; xorbuf(A, in, WC_AES_BLOCK_SIZE); @@ -12497,7 +13288,7 @@ } } if ((ret == 0) && (inSz > 0)) { - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &never_prefetch); } if ((ret == 0) && (inSz > 0)) { xorbuf(A, in, inSz); @@ -12537,6 +13328,9 @@ byte mask = 0xFF; const word32 wordSz = (word32)sizeof(word32); int ret = 0; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif /* sanity check on arguments */ if (aes == NULL || (inSz != 0 && (in == NULL || out == NULL)) || @@ -12607,7 +13401,7 @@ #endif while (oSz >= WC_AES_BLOCK_SIZE) { - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &did_prefetches); if (ret != 0) break; xorbuf(A, in, WC_AES_BLOCK_SIZE); @@ -12619,14 +13413,14 @@ } if ((ret == 0) && (inSz > 0)) - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &did_prefetches); if ((ret == 0) && (inSz > 0)) { xorbuf(A, in, oSz); XMEMCPY(o, A, oSz); for (i = 0; i < lenSz; i++) B[WC_AES_BLOCK_SIZE - 1 - i] = 0; - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &did_prefetches); } if (ret == 0) { @@ -12642,7 +13436,7 @@ B[WC_AES_BLOCK_SIZE - 1 - i] = (byte)((inSz >> ((8 * i) & mask)) & mask); } - ret = wc_AesEncrypt(aes, B, A); + ret = AesEncrypt_preFetchOpt(aes, B, A, &did_prefetches); } if (ret == 0) { @@ -12656,7 +13450,7 @@ B[0] = (byte)(lenSz - 1U); for (i = 0; i < lenSz; i++) B[WC_AES_BLOCK_SIZE - 1 - i] = 0; - ret = wc_AesEncrypt(aes, B, B); + ret = AesEncrypt_preFetchOpt(aes, B, B, &did_prefetches); } if (ret == 0) @@ -12812,6 +13606,7 @@ #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK) aes->devId = devId; + aes->devCtx = NULL; #else (void)devId; #endif @@ -12897,6 +13692,24 @@ return; } +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + int ret = wc_CryptoCb_Free(aes->devId, WC_ALGO_TYPE_CIPHER, + WC_CIPHER_AES, 0, aes); + #ifdef WOLF_CRYPTO_CB_AES_SETKEY + aes->devCtx = NULL; /* Clear device context handle */ + #endif + /* If callback wants standard free, it can set devId to INVALID_DEVID. + * Otherwise assume the callback handled cleanup. */ + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return; + /* fall-through when unavailable */ + } +#endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_FREE */ + #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); #endif @@ -13100,6 +13913,30 @@ return AES_ECB_decrypt(aes, in, out, sz); } +#elif defined(WOLFSSL_PSOC6_CRYPTO) + +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + return wc_Psoc6_Aes_EcbEncrypt(aes, out, in, sz); +} + +#define _AesEcbEncrypt(aes, out, in, sz) wc_AesEcbEncrypt(aes, out, in, sz) + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + return wc_Psoc6_Aes_EcbDecrypt(aes, out, in, sz); +} + +#define _AesEcbDecrypt(aes, out, in, sz) wc_AesEcbDecrypt(aes, out, in, sz) +#endif /* HAVE_AES_DECRYPT */ + #else /* Software AES - ECB */ @@ -13133,28 +13970,50 @@ #else AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds); #endif +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_encrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif +#if !defined(WOLFSSL_ARMASM_NO_NEON) +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 32) +#endif + { + AES_ECB_encrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else +#endif +#endif +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_ECB_encrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } +#endif #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { AES_ECB_encrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_encrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, - (int)aes->rounds); - } - else #endif { #if defined(NEED_AES_TABLES) AesEncryptBlocks_C(aes, in, out, sz); #else word32 i; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) { - ret = wc_AesEncryptDirect(aes, out, in); + ret = AesEncrypt_preFetchOpt(aes, in, out, &did_prefetches); if (ret != 0) break; in += WC_AES_BLOCK_SIZE; @@ -13200,19 +14059,38 @@ #else AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, aes->rounds); #endif +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + if (aes->use_aes_hw_crypto) { + AES_decrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, + (int)aes->rounds); + } + else +#endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 64) +#endif + { + AES_ECB_decrypt_NEON(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else +#endif +#endif +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_ECB_decrypt(in, out, sz, (const unsigned char*)aes->key, + aes->rounds); + } +#endif #else #ifdef WOLFSSL_AESNI if (aes->use_aesni) { AES_ECB_decrypt_AESNI(in, out, sz, (byte*)aes->key, (int)aes->rounds); } else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) - if (aes->use_aes_hw_crypto) { - AES_decrypt_blocks_AARCH64(in, out, sz, (byte*)aes->key, - (int)aes->rounds); - } - else #endif { #if defined(NEED_AES_TABLES) @@ -13264,6 +14142,22 @@ #endif /* HAVE_AES_ECB */ #if defined(WOLFSSL_AES_CFB) + +#if defined(WOLFSSL_PSOC6_CRYPTO) + +int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + return wc_Psoc6_Aes_CfbEncrypt(aes, out, in, sz); +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + return wc_Psoc6_Aes_CfbDecrypt(aes, out, in, sz); +} +#endif /* HAVE_AES_DECRYPT */ + +#else /* Feedback AES mode * * aes structure holding key to use for encryption @@ -13281,6 +14175,9 @@ { int ret = 0; word32 processed; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif if ((aes == NULL) || (out == NULL) || (in == NULL)) { return BAD_FUNC_ARG; @@ -13305,7 +14202,8 @@ VECTOR_REGISTERS_PUSH; while (sz >= WC_AES_BLOCK_SIZE) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->reg, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->reg, + &did_prefetches); if (ret != 0) { break; } @@ -13318,7 +14216,8 @@ /* encrypt left over data */ if ((ret == 0) && sz) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret == 0) { xorbufout(out, in, aes->tmp, sz); XMEMCPY(aes->reg, out, sz); @@ -13349,6 +14248,9 @@ { int ret = 0; word32 processed; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif (void)mode; @@ -13395,7 +14297,8 @@ } #endif while (sz >= WC_AES_BLOCK_SIZE) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret != 0) { break; } @@ -13408,7 +14311,8 @@ /* decrypt left over data */ if ((ret == 0) && sz) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret == 0) { XMEMCPY(aes->reg, in, sz); xorbufout(out, in, aes->tmp, sz); @@ -13456,6 +14360,7 @@ return AesCfbDecrypt_C(aes, out, in, sz, AES_CFB_MODE); } #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_PSOC6_CRYPTO */ #ifndef WOLFSSL_NO_AES_CFB_1_8 /* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */ @@ -13488,6 +14393,9 @@ { byte *pt; int ret = 0; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -13500,7 +14408,8 @@ VECTOR_REGISTERS_PUSH; while (sz > 0) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret != 0) break; if (dir == AES_DECRYPTION) { @@ -13544,6 +14453,9 @@ byte* pt; int bit = 7; int ret = 0; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif if (aes == NULL || out == NULL || in == NULL) { return BAD_FUNC_ARG; @@ -13556,7 +14468,8 @@ VECTOR_REGISTERS_PUSH; while (sz > 0) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret != 0) break; if (dir == AES_DECRYPTION) { @@ -13695,6 +14608,9 @@ { int ret = 0; word32 processed; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif if ((aes == NULL) || (out == NULL) || (in == NULL)) { return BAD_FUNC_ARG; @@ -13717,7 +14633,8 @@ VECTOR_REGISTERS_PUSH; while (sz >= WC_AES_BLOCK_SIZE) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->reg, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->reg, + &did_prefetches); if (ret != 0) { break; } @@ -13729,7 +14646,8 @@ /* encrypt left over data */ if ((ret == 0) && sz) { - ret = wc_AesEncryptDirect(aes, (byte*)aes->tmp, (byte*)aes->reg); + ret = AesEncrypt_preFetchOpt(aes, (byte*)aes->reg, (byte*)aes->tmp, + &did_prefetches); if (ret == 0) { XMEMCPY(aes->reg, aes->tmp, WC_AES_BLOCK_SIZE); xorbufout(out, in, aes->tmp, sz); @@ -13987,7 +14905,7 @@ return ret; /* verify IV */ - if (XMEMCMP(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) + if (ConstantCompare(tmp, expIv, KEYWRAP_BLOCK_SIZE) != 0) return BAD_KEYWRAP_IV_E; return (int)(inSz - KEYWRAP_BLOCK_SIZE); @@ -14355,8 +15273,8 @@ #endif /* WOLFSSL_AESNI */ #ifdef HAVE_AES_ECB -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) || defined(WOLFSSL_AESXTS_STREAM) /* helper function for encrypting / decrypting full buffer at once */ static WARN_UNUSED_RESULT int _AesXtsHelper( Aes* aes, byte* out, const byte* in, word32 sz, int dir) @@ -14418,8 +15336,8 @@ */ /* Software AES - XTS Encrypt */ -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) static int AesXtsEncryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte *i); @@ -14435,6 +15353,7 @@ return AesXtsEncryptUpdate_sw(xaes, out, in, sz, tweak_block); } +#endif #ifdef WOLFSSL_AESXTS_STREAM @@ -14451,6 +15370,8 @@ #endif /* WOLFSSL_AESXTS_STREAM */ +#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) || defined(WOLFSSL_AESXTS_STREAM) /* Block-streaming AES-XTS. * * Supply block-aligned input data with successive calls. Final call need not @@ -14602,8 +15523,7 @@ AES_XTS_encrypt_AARCH32(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); ret = 0; -#else -#ifdef WOLFSSL_AESNI +#elif defined(WOLFSSL_AESNI) if (aes->use_aesni) { SAVE_VECTOR_REGISTERS(return _svr_ret;); #if defined(HAVE_INTEL_AVX1) @@ -14625,9 +15545,11 @@ } RESTORE_VECTOR_REGISTERS(); } - else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + else { + ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); + } +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { AES_XTS_encrypt_AARCH64(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); @@ -14635,10 +15557,29 @@ } else #endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 32) +#endif { - ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); + AES_XTS_encrypt_NEON(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else +#endif +#endif +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_XTS_encrypt(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; } #endif +#else + ret = AesXtsEncrypt_sw(xaes, out, in, sz, i); +#endif return ret; } @@ -14854,8 +15795,8 @@ */ /* Software AES - XTS Decrypt */ -#if defined(__aarch64__) || !defined(WOLFSSL_ARMASM) || \ - defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)) static int AesXtsDecryptUpdate_sw(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte *i); @@ -14871,7 +15812,10 @@ return AesXtsDecryptUpdate_sw(xaes, out, in, sz, tweak_block); } +#endif +#if (!defined(WOLFSSL_ARMASM) || (!defined(__aarch64__) && \ + defined(WOLFSSL_ARMASM_NO_HW_CRYPTO))) || defined(WOLFSSL_AESXTS_STREAM) /* Block-streaming AES-XTS. * * Same process as encryption but use decrypt key. @@ -15056,8 +16000,7 @@ AES_XTS_decrypt_AARCH32(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); ret = 0; -#else -#ifdef WOLFSSL_AESNI +#elif defined(WOLFSSL_AESNI) if (aes->use_aesni) { SAVE_VECTOR_REGISTERS(return _svr_ret;); #if defined(HAVE_INTEL_AVX1) @@ -15079,9 +16022,11 @@ } RESTORE_VECTOR_REGISTERS(); } - else -#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) + else { + ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); + } +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) if (aes->use_aes_hw_crypto) { AES_XTS_decrypt_AARCH64(in, out, sz, i, (byte*)xaes->aes.key, (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); @@ -15089,10 +16034,29 @@ } else #endif +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + if (sz >= 64) +#endif { - ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); + AES_XTS_decrypt_NEON(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; + } +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + else +#endif +#endif +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP + { + AES_XTS_decrypt(in, out, sz, i, (byte*)xaes->aes.key, + (byte*)xaes->tweak.key, (byte*)xaes->aes.tmp, xaes->aes.rounds); + ret = 0; } #endif +#else + ret = AesXtsDecrypt_sw(xaes, out, in, sz, i); +#endif return ret; } @@ -15394,6 +16358,43 @@ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_XTS */ +#ifdef WOLFSSL_CMAC + +int wc_local_CmacUpdateAes(struct Cmac *cmac, const byte* in, word32 inSz) { + int ret = 0; + Aes *aes = &cmac->aes; +#ifdef WC_AES_HAVE_PREFETCH_ARG + int did_prefetches = 0; +#endif + + VECTOR_REGISTERS_PUSH; + + while ((ret == 0) && (inSz != 0)) { + word32 add = min(inSz, WC_AES_BLOCK_SIZE - cmac->bufferSz); + XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); + + cmac->bufferSz += add; + inSz -= add; + in += add; + + if (cmac->bufferSz == WC_AES_BLOCK_SIZE && inSz != 0) { + xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); + ret = AesEncrypt_preFetchOpt(aes, cmac->buffer, + cmac->digest, &did_prefetches); + if (ret == 0) { + cmac->totalSz += WC_AES_BLOCK_SIZE; + cmac->bufferSz = 0; + } + } + } + + VECTOR_REGISTERS_POP; + + return ret; +} + +#endif /* WOLFSSL_CMAC */ + #ifdef WOLFSSL_AES_SIV /* @@ -15601,7 +16602,7 @@ WOLFSSL_MSG("S2V failed."); } - if (XMEMCMP(siv, sivTmp, WC_AES_BLOCK_SIZE) != 0) { + if (ConstantCompare(siv, sivTmp, WC_AES_BLOCK_SIZE) != 0) { WOLFSSL_MSG("Computed SIV doesn't match received SIV."); ret = AES_SIV_AUTH_E; } @@ -15613,6 +16614,8 @@ wc_AesFree(aes); #endif + ForceZero(sivTmp, sizeof(sivTmp)); + return ret; } @@ -16445,5 +17448,4 @@ #endif /* WOLFSSL_AES_CTS */ - #endif /* !NO_AES */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes_asm.S * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,25 @@ * by Intel Mobility Group, Israel Development Center, Israel Shay Gueron */ +#ifdef WOLFSSL_USER_SETTINGS +#ifdef WOLFSSL_USER_SETTINGS_ASM +/* + * user_settings_asm.h is a file generated by the script user_settings_asm.sh. + * The script takes in a user_settings.h and produces user_settings_asm.h, which + * is a stripped down version of user_settings.h containing only preprocessor + * directives. This makes the header safe to include in assembly (.S) files. + */ +#include "user_settings_asm.h" +#else +/* + * Note: if user_settings.h contains any C code (e.g. a typedef or function + * prototype), including it here in an assembly (.S) file will cause an + * assembler failure. See user_settings_asm.h above. + */ +#include "user_settings.h" +#endif /* WOLFSSL_USER_SETTINGS_ASM */ +#endif /* WOLFSSL_USER_SETTINGS */ + #ifdef WOLFSSL_X86_64_BUILD /* diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* aes_asm.asm ; * -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes_gcm_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* aes_gcm_asm.asm */ ; /* -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_gcm_x86_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes_gcm_x86_asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes_xts_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1444,7 +1444,6 @@ .p2align 4 _AES_XTS_init_avx1: #endif /* __APPLE__ */ - movl %edx, %eax vmovdqu (%rdi), %xmm0 # aes_enc_block vpxor (%rsi), %xmm0, %xmm0 @@ -1466,13 +1465,13 @@ vaesenc %xmm2, %xmm0, %xmm0 vmovdqu 144(%rsi), %xmm2 vaesenc %xmm2, %xmm0, %xmm0 - cmpl $11, %eax + cmpl $11, %edx vmovdqu 160(%rsi), %xmm2 jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last vaesenc %xmm2, %xmm0, %xmm0 vmovdqu 176(%rsi), %xmm3 vaesenc %xmm3, %xmm0, %xmm0 - cmpl $13, %eax + cmpl $13, %edx vmovdqu 192(%rsi), %xmm2 jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last vaesenc %xmm2, %xmm0, %xmm0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/aes_xts_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* aes_xts_asm.asm */ ; /* -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * @@ -1456,7 +1456,6 @@ IFDEF HAVE_INTEL_AVX1 _text SEGMENT READONLY PARA AES_XTS_init_avx1 PROC - mov eax, r8d vmovdqu xmm0, OWORD PTR [rcx] ; aes_enc_block vpxor xmm0, xmm0, [rdx] @@ -1478,13 +1477,13 @@ vaesenc xmm0, xmm0, xmm2 vmovdqu xmm2, OWORD PTR [rdx+144] vaesenc xmm0, xmm0, xmm2 - cmp eax, 11 + cmp r8d, 11 vmovdqu xmm2, OWORD PTR [rdx+160] jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last vaesenc xmm0, xmm0, xmm2 vmovdqu xmm3, OWORD PTR [rdx+176] vaesenc xmm0, xmm0, xmm3 - cmp eax, 13 + cmp r8d, 13 vmovdqu xmm2, OWORD PTR [rdx+192] jl L_AES_XTS_init_avx1_tweak_aes_enc_block_last vaesenc xmm0, xmm0, xmm2 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/arc4.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/arc4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/arc4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/arc4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ascon.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ascon.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ascon.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ascon.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ascon.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,6 +45,9 @@ #ifndef WORD64_AVAILABLE #error "Ascon implementation requires a 64-bit word" #endif +#ifdef BIG_ENDIAN_ORDER + #error "Ascon not yet supported on big-endian systems" +#endif /* Data block size in bytes */ #define ASCON_HASH256_RATE 8 @@ -491,6 +494,8 @@ int wc_AsconAEAD128_DecryptFinal(wc_AsconAEAD128* a, const byte* tag) { + int ret = 0; + if (a == NULL || tag == NULL) return BAD_FUNC_ARG; if (!a->keySet || !a->nonceSet || !a->adSet) @@ -509,13 +514,14 @@ a->state.s64[4] ^= a->key[1]; if (ConstantCompare(tag, (const byte*)&a->state.s64[3], - ASCON_AEAD128_TAG_SZ) != 0) - return ASCON_AUTH_E; + ASCON_AEAD128_TAG_SZ) != 0) { + ret = ASCON_AUTH_E; + } /* Clear state as soon as possible */ wc_AsconAEAD128_Clear(a); - return 0; + return ret; } #endif /* HAVE_ASCON */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,6 +104,109 @@ * DO NOT enable this unless required for interoperability. * WOLFSSL_ASN_EXTRA: Make more ASN.1 APIs available regardless of internal * usage. + * WOLFSSL_ALLOW_AKID_SKID_MATCH: By default cert issuer is found using hash + * of cert subject hash with signers subject hash. This option allows fallback + * to using AKID and SKID matching. + * + * Certificate Generation/Parsing: + * WOLFSSL_CERT_REQ: Enable certificate request (CSR) support + * WOLFSSL_CERT_EXT: Enable certificate extension support + * WOLFSSL_CERT_PIV: Enable PIV certificate support + * WOLFSSL_CERT_GEN_CACHE: Cache DER for cert generation + * WOLFSSL_CERT_SIGN_CB: Enable certificate signing callback + * WOLFSSL_CERT_NAME_ALL: Store all certificate name components + * WOLFSSL_MULTI_ATTRIB: Enable multi-valued RDN attributes + * WOLFSSL_DER_TO_PEM: Enable DER to PEM conversion + * WOLFSSL_PEM_TO_DER: Enable PEM to DER conversion + * WOLFSSL_PUB_PEM_TO_DER: Enable public key PEM to DER conversion + * WOLFSSL_KEY_TO_DER: Enable key to DER encoding + * WOLFSSL_ENCRYPTED_KEYS: Enable encrypted private key support (PKCS#8) + * ASN_BER_TO_DER: Enable BER to DER conversion + * WOLFSSL_DUP_CERTPOL: Allow duplicate certificate policies + * WOLFSSL_NAMES_STATIC: Use static allocation for name strings + * WOLFSSL_SIGNER_DER_CERT: Store signer DER cert in cert manager + * + * Certificate Validation: + * NO_VERIFY_OID: Skip OID verification + * NO_CHECK_PRIVATE_KEY: Skip private key pair check + * NO_SKID: Disable Subject Key Identifier + * NO_STRICT_ECDSA_LEN: Allow non-strict ECDSA signature length + * NO_WOLFSSL_CM_VERIFY: Disable cert manager verify callback + * NO_WOLFSSL_SKIP_TRAILING_PAD: Don't skip trailing padding + * ALLOW_SELFSIGNED_INVALID_CERTSIGN: Allow self-signed certs + * without keyCertSign in keyUsage + * ALLOW_V1_EXTENSIONS: Allow extensions in v1 certificates + * USE_WOLF_VALIDDATE: Use wolfSSL date validation + * WC_ASN_RUNTIME_DATE_CHECK_CONTROL: Runtime control of date checking + * WOLFSSL_AFTER_DATE_CLOCK_SKEW: Clock skew tolerance for after-date + * WOLFSSL_BEFORE_DATE_CLOCK_SKEW: Clock skew tolerance for before-date + * WOLFSSL_TRUST_PEER_CERT: Enable trusted peer certificate support + * + * Extensions: + * WOLFSSL_ALT_NAMES: Enable Subject Alternative Names + * WOLFSSL_ALT_NAMES_NO_REV: Alt names without reverse order + * WOLFSSL_IP_ALT_NAME: Enable IP address in SAN + * WOLFSSL_RID_ALT_NAME: Enable Registered ID in SAN + * WOLFSSL_SEP: Enable SubjectEntryPoint extension + * WOLFSSL_EKU_OID: Enable Extended Key Usage OID support + * WOLFSSL_ACERT: Enable attribute certificate support + * IGNORE_KEY_EXTENSIONS: Ignore key usage extensions + * IGNORE_NETSCAPE_CERT_TYPE: Ignore Netscape cert type extension + * WOLFSSL_ALLOW_CRIT_AIA: Allow critical Authority Info Access + * WOLFSSL_ALLOW_CRIT_AKID: Allow critical Auth Key Identifier + * WOLFSSL_ALLOW_CRIT_SKID: Allow critical Subject Key Identifier + * WC_ASN_UNKNOWN_EXT_CB: Callback for unknown extensions + * + * ASN.1 Parsing: + * WOLFSSL_ASN_ALL: Enable all ASN.1 features + * WOLFSSL_ASN_CA_ISSUER: Enable CA Issuer in AIA parsing + * WOLFSSL_ASN_PRINT: Enable ASN.1 structure printing + * WOLFSSL_ASN_INT_LEAD_0_ANY: Allow any leading zero in ASN integers + * WOLFSSL_ASN_PARSE_KEYUSAGE: Parse key usage extension + * WOLFSSL_ASN_TIME_STRING: Enable ASN time to string conversion + * ASN_TEMPLATE_SKIP_ISCA_CHECK: Skip isCA check in ASN template + * + * OID: + * HAVE_OID_ENCODING: Enable OID encoding support + * HAVE_OID_DECODING: Enable OID decoding support + * WOLFSSL_OLD_OID_SUM: Use old OID sum calculation + * + * CRL: + * HAVE_CRL: Enable Certificate Revocation Lists + * CRL_STATIC_REVOKED_LIST: Use static list for revoked certs + * + * OCSP: + * HAVE_OCSP: Enable OCSP support + * HAVE_OCSP_RESPONDER: Enable OCSP responder support + * WOLFSSL_OCSP_PARSE_STATUS: Parse OCSP response status + * + * PKCS: + * HAVE_PKCS8: Enable PKCS#8 support + * HAVE_PKCS12: Enable PKCS#12 support + * + * Algorithms (ASN encoding/decoding): + * HAVE_DILITHIUM: Enable Dilithium ASN support + * WOLFSSL_DILITHIUM_NO_ASN1: Disable Dilithium ASN.1 encoding + * WOLFSSL_DILITHIUM_FIPS204_DRAFT: FIPS 204 draft Dilithium + * WOLFSSL_DILITHIUM_NO_SIGN: Disable Dilithium signing + * WOLFSSL_DILITHIUM_NO_VERIFY: Disable Dilithium verify + * HAVE_FALCON: Enable Falcon ASN support + * HAVE_SPHINCS: Enable SPHINCS+ ASN support + * + * Key Import/Export: + * WC_ENABLE_ASYM_KEY_IMPORT: Enable asymmetric key import + * WC_ENABLE_ASYM_KEY_EXPORT: Enable asymmetric key export + * + * Compatibility: + * WOLFSSL_APACHE_HTTPD: Apache HTTPD compatibility + * WOLFSSL_X509_NAME_AVAILABLE: Enable X509_NAME API + * WOLFSSL_HAVE_ISSUER_NAMES: Store issuer name components + * WOLFSSL_ASN_KEY_SIZE_ENUM: Use enum for AES key size in ASN + * WOLFSSL_SM3: Enable SM3 hash ASN support + * HAVE_SMIME: Enable S/MIME support + * HAVE_LIBZ: Enable zlib compression for certs + * WC_RC2: Enable RC2 for PKCS#12 + * WOLFSSL_MD2: Enable MD2 hash (legacy) */ #ifndef NO_RSA @@ -216,6 +319,14 @@ #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } +/* Get the length of the ASN.1 encoded length. + * + * @param [in] len Length of data. + * @return Length of ASN.1 encoded length. + */ +#define ASN_LEN_ENC_LEN(len) \ + (((len) < ASN_LONG_LENGTH) ? 1 : (1 + BytePrecision((word32)(len)))) + #if !defined(NO_SKID) && (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION)) #if !defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST) && \ (!defined(HAVE_SELFTEST_VERSION) || \ @@ -484,7 +595,7 @@ #define ALLOC_ASNSETDATA(name, cnt, err, heap) \ do { \ if ((err) == 0) { \ - (name) = (ASNSetData*)XMALLOC(sizeof(ASNGetData) * (cnt), (heap), \ + (name) = (ASNSetData*)XMALLOC(sizeof(ASNSetData) * (cnt), (heap), \ DYNAMIC_TYPE_TMP_BUFFER); \ if ((name) == NULL) { \ (err) = MEMORY_E; \ @@ -537,7 +648,8 @@ * @param [in, out] err Error variable. * @param [in] heap Dynamic memory allocation hint. */ - #define ALLOC_ASNGETDATA(name, cnt, err, heap) WC_DO_NOTHING + #define ALLOC_ASNGETDATA(name, cnt, err, heap) \ + do { (void)(cnt); (void)(err); (void)(heap); } while (0) /* Clears the memory of the dynamic BER encoding data. * @@ -547,14 +659,15 @@ * @param [in] heap Dynamic memory allocation hint. */ #define CALLOC_ASNGETDATA(name, cnt, err, heap) \ - XMEMSET(name, 0, sizeof(name)) + ((void)(cnt), (void)(err), (void)(heap), XMEMSET(name, 0, sizeof(name))) /* No implementation as declaration is static. * * @param [in] name Variable name to declare. * @param [in] heap Dynamic memory allocation hint. */ - #define FREE_ASNGETDATA(name, heap) WC_DO_NOTHING + #define FREE_ASNGETDATA(name, heap) \ + do { (void)(name); (void)(heap); } while (0) /* Declare the variable that is the dynamic data for encoding DER data. * @@ -571,7 +684,8 @@ * @param [in, out] err Error variable. * @param [in] heap Dynamic memory allocation hint. */ - #define ALLOC_ASNSETDATA(name, cnt, err, heap) WC_DO_NOTHING + #define ALLOC_ASNSETDATA(name, cnt, err, heap) \ + do { (void)(cnt); (void)(err); (void)(heap); } while (0) /* Clears the memory of the dynamic BER encoding data. * @@ -581,14 +695,15 @@ * @param [in] heap Dynamic memory allocation hint. */ #define CALLOC_ASNSETDATA(name, cnt, err, heap) \ - XMEMSET(name, 0, sizeof(name)) + ((void)(cnt), (void)(err), (void)(heap), XMEMSET(name, 0, sizeof(name))) /* No implementation as declaration is static. * * @param [in] name Variable name to declare. * @param [in] heap Dynamic memory allocation hint. */ - #define FREE_ASNSETDATA(name, heap) WC_DO_NOTHING + #define FREE_ASNSETDATA(name, heap) \ + do { (void)(name); (void)(heap); } while (0) #endif @@ -628,6 +743,7 @@ #define ASNIntMSBSet(asn, data_a, i) \ (((asn)[i].tag == ASN_INTEGER) && \ ((data_a)[i].data.buffer.data != NULL && \ + ((data_a)[i].data.buffer.length > 0) && \ ((data_a)[i].data.buffer.data[0] & 0x80) == 0x80)) @@ -703,7 +819,8 @@ * @return 0 on success. * @return BAD_STATE_E when the data type is not supported. */ -int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, int* encSz) +int SizeASN_Items(const ASNItem* asn, ASNSetData *data, int count, + word32* encSz) { int i; word32 sz = 0; @@ -818,6 +935,8 @@ data[i].length = len; /* Add length to total size. */ sz += len; + if (sz < len) + return ASN_PARSE_E; /* Set the offset to the current size - used in writing DER. */ data[i].offset = sz; @@ -828,7 +947,7 @@ #endif } - *encSz = (int)sz; + *encSz = sz; return 0; } @@ -989,8 +1108,9 @@ } else { /* Dump in the DER encoded data. */ - XMEMCPY(out + idx, data[i].data.buffer.data, - data[i].data.buffer.length); + /* Allow data to come from output buffer. */ + XMEMMOVE(out + idx, data[i].data.buffer.data, + data[i].data.buffer.length); } break; @@ -1055,7 +1175,7 @@ word32 oidType, int length); /* Maximum supported depth in ASN.1 description. */ -#define GET_ASN_MAX_DEPTH 7 +#define GET_ASN_MAX_DEPTH 8 /* Maximum number of checked numbered choices. Only one of the items with the * number is allowed. */ @@ -1125,8 +1245,6 @@ */ int GetASN_BitString(const byte* input, word32 idx, int length) { -#if (!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) /* Check contents consist of one or more octets. */ if (length == 0) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE @@ -1134,7 +1252,6 @@ #endif return ASN_PARSE_E; } -#endif /* Ensure unused bits value is valid range. */ if (input[idx] > 7) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE @@ -1379,7 +1496,7 @@ } FALL_THROUGH; case ASN_DATA_TYPE_MP_INITED: - err = mp_read_unsigned_bin(data->data.mp, (byte*)input + idx, + err = mp_read_unsigned_bin(data->data.mp, (const byte*)input + idx, (word32)len); if (err != 0) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE @@ -1528,7 +1645,7 @@ * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, - const byte* input, word32* inOutIdx, word32 length) + const byte* input, word32* inOutIdx, const word32 length) { int i; int j; @@ -1570,12 +1687,12 @@ data[i].length = 0; /* Get current item depth. */ depth = asn[i].depth; + if (depth >= GET_ASN_MAX_DEPTH) { #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE - if (depth > GET_ASN_MAX_DEPTH) { WOLFSSL_MSG("Depth in template too large"); + #endif return ASN_PARSE_E; } - #endif /* Keep track of minimum depth. */ if (depth < minDepth) { minDepth = depth; @@ -1701,6 +1818,12 @@ } /* Store length of data. */ data[i].length = (word32)len; + if (depth + 1 >= GET_ASN_MAX_DEPTH) { + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + WOLFSSL_MSG("Depth in template too large"); + #endif + return ASN_PARSE_E; + } /* Note the max length of items under this one. */ endIdx[depth + 1] = idx + (word32)len; if (choice > 1) { @@ -1828,7 +1951,7 @@ * @return Size of the DER encoding in bytes. */ static int SizeASN_ItemsDebug(const char* name, const ASNItem* asn, - ASNSetData *data, int count, int* encSz) + ASNSetData *data, int count, word32* encSz) { WOLFSSL_MSG_VSNPRINTF("TEMPLATE: %s", name); return SizeASN_Items(asn, data, count, encSz); @@ -2134,9 +2257,10 @@ * @param [out] data Pointer to data of item. * @param [out] length Length of buffer in bytes. */ -void GetASN_GetRef(ASNGetData * dataASN, byte** data, word32* length) +void GetASN_GetRef(const ASNGetData * dataASN, const byte** data, + word32* length) { - *data = (byte*)dataASN->data.ref.data; + *data = (const byte*)dataASN->data.ref.data; *length = dataASN->data.ref.length; } @@ -2146,9 +2270,10 @@ * @param [out] data Pointer to . * @param [out] length Length of buffer in bytes. */ -void GetASN_OIDData(ASNGetData * dataASN, byte** data, word32* length) +void GetASN_OIDData(const ASNGetData * dataASN, const byte** data, + word32* length) { - *data = (byte*)dataASN->data.oid.data; + *data = (const byte*)dataASN->data.oid.data; *length = dataASN->data.oid.length; } @@ -2321,9 +2446,9 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check) { - int length = 0; - word32 idx = (word32)*inOutIdx; - byte b; + word32 length = 0; + word32 idx = (word32)*inOutIdx; + byte b; /* Ensure zero return length on error. */ *len = 0; @@ -2343,7 +2468,7 @@ * Note: 0 indicates indefinite length encoding *not* 0 bytes of length. */ int bytes = (int)(b & 0x7F); - int minLen; + word32 minLen; /* Calculate minimum length to be encoded with bytes. */ if (b == ASN_INDEF_LENGTH) { @@ -2359,7 +2484,7 @@ return ASN_PARSE_E; } else { - minLen = 1 << ((bytes - 1) * 8); + minLen = (word32)1 << ((bytes - 1) * 8); } /* Check the number of bytes required are available. */ @@ -2373,8 +2498,8 @@ b = input[idx++]; length = (length << 8) | b; } - /* Negative value indicates we overflowed the signed int. */ - if (length < 0) { + /* Top bit set means value too big for signed int. */ + if ((length >> 31) == 1) { return ASN_PARSE_E; } /* Don't allow lengths that are longer than strictly required. */ @@ -2388,7 +2513,7 @@ } /* When requested, check the buffer has at least length bytes left. */ - if (check && ((idx + (word32)length) > maxIdx)) { + if (check && ((idx + length) > maxIdx)) { WOLFSSL_MSG("GetLength - value exceeds buffer length"); return BUFFER_E; } @@ -2397,11 +2522,11 @@ *inOutIdx = idx; /* Return length if valid. */ if (length > 0) { - *len = length; + *len = (int)length; } /* Return length calculated or error code. */ - return length; + return (int)length; } @@ -2493,6 +2618,11 @@ WOLFSSL_MSG("OID length less than 3"); ret = ASN_PARSE_E; } + /* Check enough space for data if not checking in GetLength_ex(). */ + else if ((!check) && ((word32)length > maxIdx - idx)) { + WOLFSSL_MSG("OID length too long"); + ret = ASN_PARSE_E; + } else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { /* Last octet of a sub-identifier has bit 8 clear. Last octet must * be last of a subidentifier. Ensure last octet hasn't got top bit @@ -2535,7 +2665,7 @@ return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1); } -#ifndef WOLFSSL_ASN_TEMPLATE +#if !defined(WOLFSSL_ASN_TEMPLATE) static int GetHeader(const byte* input, byte* tag, word32* inOutIdx, int* len, word32 maxIdx, int check) { @@ -2756,7 +2886,7 @@ #endif #ifndef NO_CERTS -#ifndef WOLFSSL_ASN_TEMPLATE +#if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_CRL) /* Get the DER/BER encoding of an ASN.1 BOOLEAN. * * input Buffer holding DER/BER encoded data. @@ -2766,7 +2896,7 @@ * ASN_PARSE_E when the BOOLEAN tag is not found or length is not 1. * Otherwise, 0 to indicate the value was false and 1 to indicate true. */ -static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx) +WC_MAYBE_UNUSED static int GetBoolean(const byte* input, word32* inOutIdx, word32 maxIdx) { word32 idx = *inOutIdx; byte b; @@ -2786,7 +2916,7 @@ *inOutIdx = idx; return b; } -#endif +#endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_CRL */ #endif /* !NO_CERTS*/ @@ -2890,7 +3020,9 @@ return b; } #endif /* !NO_CERTS */ +#endif /* !WOLFSSL_ASN_TEMPLATE */ +#if !defined(WOLFSSL_ASN_TEMPLATE) #if ((defined(WC_RSA_PSS) && !defined(NO_RSA)) || !defined(NO_CERTS)) /* Get the DER/BER encoding of an ASN.1 INTEGER that has a value of no more than * 16 bits. @@ -2928,7 +3060,7 @@ return ASN_PARSE_E; } n = input[idx++]; - n = (n << 8) | input[idx++]; + n = (word16)((n << 8) | input[idx++]); } else return ASN_PARSE_E; @@ -2936,7 +3068,7 @@ *inOutIdx = idx; return n; } -#endif /* WC_RSA_PSS && !NO_RSA */ +#endif /* WC_RSA_PSS || !NO_CERTS */ #endif /* !WOLFSSL_ASN_TEMPLATE */ #if !defined(NO_DSA) && !defined(NO_SHA) @@ -3128,11 +3260,12 @@ #if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS7) || \ - defined(OPENSSL_EXTRA) + defined(OPENSSL_EXTRA) || defined(WOLFSSL_CERT_GEN) || defined(WC_RSA_PSS) #if !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_CERTS) || \ + defined(WOLFSSL_CERT_GEN) || \ (!defined(NO_RSA) && \ - (defined(WOLFSSL_CERT_GEN) || \ - ((defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))))) + (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ + (defined(WC_RSA_PSS) && !defined(NO_RSA)) /* Set the DER/BER encoding of the ASN.1 INTEGER header. * * When output is NULL, calculate the header length only. @@ -3143,7 +3276,7 @@ * @param [out] output Buffer to write into. * @return Number of bytes added to the buffer. */ -int SetASNInt(int len, byte firstByte, byte* output) +WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output) { int idx = 0; @@ -3686,7 +3819,7 @@ } /* RSA (with CertGen or KeyGen) OR ECC OR ED25519 OR ED448 (with CertGen or - * KeyGen) */ + * KeyGen) OR CRL */ #if (!defined(NO_RSA) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || \ defined(OPENSSL_EXTRA))) || \ @@ -3696,7 +3829,8 @@ defined(OPENSSL_EXTRA))) || \ (defined(WC_ENABLE_ASYM_KEY_EXPORT) && !defined(NO_CERTS)) || \ (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) || \ - (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) + (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \ + defined(HAVE_CRL) /* Set the DER/BER encoding of the ASN.1 BIT STRING header. * @@ -3734,7 +3868,7 @@ /* Return index after header. */ return idx; } -#endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 */ +#endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || HAVE_ED448 || HAVE_CRL */ #ifdef ASN_BER_TO_DER @@ -4204,6 +4338,93 @@ #endif /* WOLFSSL_CERT_EXT || WOLFSSL_CERT_GEN */ #endif /* !WOLFSSL_ASN_TEMPLATE */ + +/* Forward declarations for original ASN functions in asn_orig.c. + * Needed so shared code can call them in non-template mode. */ +#ifndef WOLFSSL_ASN_TEMPLATE +static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx, byte *absentParams); +#ifndef NO_RSA +static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, int* keySz, word32 inSz); +#endif +#ifndef NO_DSA +static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, int ints, int includeVersion); +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) +static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, int with_header, int comp); +#endif +#if !defined(NO_RSA) && !defined(NO_CERTS) +static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx, word32 maxIdx); +#endif +#if defined(HAVE_ECC) && !defined(NO_CERTS) +static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx, word32 maxIdx, const byte* pubKey, word32 pubKeyLen); +#endif +#ifndef NO_CERTS +#if !defined(NO_DSA) +static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx, void* heap); +#endif +#endif +static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, const byte* input, word32* inOutIdx, word32 maxIdx); +static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, byte* pFormat, int* pLength, word32 maxIdx); +#ifndef NO_CERTS +static int GetSigAlg(DecodedCert* cert, word32* sigOid, word32 maxIdx); +static int GetSignature(DecodedCert* cert); +#endif +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams); +#ifndef NO_CERTS +static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert); +static int DecodeCrlDist(const byte* input, word32 sz, DecodedCert* cert); +static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert); +#ifndef IGNORE_NAME_CONSTRAINTS +static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, word32 limit, void* heap); +static int DecodeNameConstraints(const byte* input, word32 sz, DecodedCert* cert); +#endif +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert); +#endif +#ifdef WOLFSSL_SUBJ_DIR_ATTR +static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert); +#endif +static int DecodeCertExtensions(DecodedCert* cert); +#if defined(WOLFSSL_SMALL_CERT_VERIFY) || defined(OPENSSL_EXTRA) +static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req); +#endif +#if !defined(NO_RSA) && \ +(defined(WOLFSSL_KEY_TO_DER) || defined(WOLFSSL_CERT_GEN)) +static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, int with_header); +#endif +#ifdef WOLFSSL_CERT_GEN +#ifdef WOLFSSL_CERT_EXT +static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input); +static int SetCertificatePolicies(byte *output, word32 outputSz, char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ], word16 nb_certpol, void* heap); +#endif +#endif +#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +static int EncodeName(EncodedName* name, const char* nameStr, byte nameTag, byte type, byte emailTag, CertName* cname); +#endif +#ifdef WOLFSSL_CERT_GEN +static int SetValidity(byte* output, int daysValid); +static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey); +#ifdef WOLFSSL_CERT_REQ +static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey); +#endif +#endif +#endif +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) +static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, OcspEntry* entry); +static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, int wrapperSz, OcspEntry* single); +static int DecodeOcspRespExtensions(byte* source, word32* ioIndex, OcspResponse* resp, word32 sz); +static int DecodeResponseData(byte* source, word32* ioIndex, OcspResponse* resp, word32 size); +static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify, int noVerifySignature); +#endif +#if defined(HAVE_CRL) && !defined(WOLFCRYPT_ONLY) +static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx, DecodedCRL* dcrl, word32 maxIdx); +#ifndef NO_SKID +static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl); +#endif +static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, word32* inOutIdx, word32 sz); +#endif +#endif /* !WOLFSSL_ASN_TEMPLATE */ + /* hashType */ #ifdef WOLFSSL_MD2 static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2}; @@ -4355,7 +4576,7 @@ /* Falcon Level 5: 1 3 9999 3 9 */ static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; -#endif /* HAVE_FACON */ +#endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ @@ -6660,6 +6881,7 @@ { int x = 0, y = 0; word32 t = 0; + int cnt = 0; /* check args */ if (in == NULL || outSz == NULL) { @@ -6668,20 +6890,27 @@ /* decode bytes */ while (inSz--) { + if (cnt == 4) + return ASN_OBJECT_ID_E; t = (t << 7) | (in[x] & 0x7F); + cnt++; if (!(in[x] & 0x80)) { - if (y >= (int)*outSz) { - return BUFFER_E; - } if (y == 0) { + if ((int)*outSz < 2) { + return BUFFER_E; + } out[0] = (word16)(t / 40); out[1] = (word16)(t % 40); y = 2; } else { + if (y >= (int)*outSz) { + return BUFFER_E; + } out[y++] = (word16)t; } t = 0; /* reset tmp */ + cnt = 0; } x++; } @@ -6774,7 +7003,7 @@ #ifdef HAVE_OID_DECODING { word16 decOid[MAX_OID_SZ]; - word32 decOidSz = sizeof(decOid); + word32 decOidSz = MAX_OID_SZ; /* Decode the OID into dotted form. */ ret = DecodeObjectId(oidData, oidSz, decOid, &decOidSz); if (ret == 0) { @@ -7140,20 +7369,10 @@ * @return ASN_PARSE_E when encoding is invalid. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ +#ifdef WOLFSSL_ASN_TEMPLATE int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret, length; - - WOLFSSL_ENTER("GetObjectId"); - - ret = GetASNObjectId(input, inOutIdx, &length, maxIdx); - if (ret != 0) - return ret; - - return GetOID(input, inOutIdx, oid, oidType, length); -#else ASNGetData dataASN[objectIdASN_Length]; int ret; @@ -7171,27 +7390,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ -} - -#ifndef WOLFSSL_ASN_TEMPLATE -static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx) -{ - word32 idx = *inOutIdx; - int length; - int ret; - - ret = GetASNObjectId(input, &idx, &length, maxIdx); - if (ret != 0) - return ret; - - idx += (word32)length; - *inOutIdx = idx; - - return 0; } -#endif - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for an algorithm identifier. */ static const ASNItem algoIdASN[] = { @@ -7209,45 +7409,10 @@ #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem)) #endif +#ifdef WOLFSSL_ASN_TEMPLATE static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx, byte *absentParams) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; - word32 idx = *inOutIdx; - int ret; - *oid = 0; - - WOLFSSL_ENTER("GetAlgoId"); - - if (GetSequence(input, &idx, &length, maxIdx) < 0) - return ASN_PARSE_E; - - if (GetObjectId(input, &idx, oid, oidType, maxIdx) < 0) - return ASN_OBJECT_ID_E; - - /* could have NULL tag and 0 terminator, but may not */ - if (idx < maxIdx) { - word32 localIdx = idx; /*use localIdx to not advance when checking tag*/ - byte tag; - - if (GetASNTag(input, &localIdx, &tag, maxIdx) == 0) { - if (tag == ASN_TAG_NULL) { - ret = GetASNNull(input, &idx, maxIdx); - if (ret != 0) - return ret; - - if (absentParams != NULL) { - *absentParams = FALSE; - } - } - } - } - - *inOutIdx = idx; - - return 0; -#else DECL_ASNGETDATA(dataASN, algoIdASN_Length); int ret = 0; @@ -7273,9 +7438,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Get the OID id/sum from the BER encoding of an algorithm identifier. * * NULL tag is skipped if present. @@ -7449,6 +7613,9 @@ } #endif +/* RSASSA-PSS-params context-specific tags. + * RFC 4055, 3.1 + */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0) @@ -7495,7 +7662,7 @@ RSAPSSPARAMSASN_IDX_TRAILERINT }; -/* Number of items in ASN.1 template for an algorithm identifier. */ +/* Number of items in ASN.1 template for RSA PSS parameters. */ #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem)) #else /* ASN tag for hashAlgorithm. */ @@ -7522,7 +7689,72 @@ static int DecodeRsaPssParams(const byte* params, word32 sz, enum wc_HashType* hash, int* mgf, int* saltLen) { -#ifndef WOLFSSL_ASN_TEMPLATE + if (params == NULL) + return BAD_FUNC_ARG; + + /* Empty or NULL-tag parameters mean all defaults per RFC 4055 */ + if (sz == 0) { + *hash = WC_HASH_TYPE_SHA; + *mgf = WC_MGF1SHA1; + *saltLen = 20; + return 0; + } + if (params[0] == ASN_TAG_NULL) { + if (sz >= 2 && params[1] == 0) { + *hash = WC_HASH_TYPE_SHA; + *mgf = WC_MGF1SHA1; + *saltLen = 20; + return 0; + } + return ASN_PARSE_E; + } + if (params[0] != (ASN_SEQUENCE | ASN_CONSTRUCTED)) + return ASN_PARSE_E; + +#ifdef WOLFSSL_ASN_TEMPLATE +{ + DECL_ASNGETDATA(dataASN, rsaPssParamsASN_Length); + int ret = 0; + word16 sLen = 20; + + /* Default values. */ + *hash = WC_HASH_TYPE_SHA; + *mgf = WC_MGF1SHA1; + + CALLOC_ASNGETDATA(dataASN, rsaPssParamsASN_Length, ret, NULL); + if (ret == 0) { + word32 inOutIdx = 0; + /* Set OID type expected. */ + GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_HASHOID], oidHashType); + GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_MGFOID], oidIgnoreType); + GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_MGFHOID], oidHashType); + /* Place the salt length into 16-bit var sLen. */ + GetASN_Int16Bit(&dataASN[RSAPSSPARAMSASN_IDX_SALTLENINT], &sLen); + /* Decode the algorithm identifier. */ + ret = GetASN_Items(rsaPssParamsASN, dataASN, rsaPssParamsASN_Length, 1, + params, &inOutIdx, sz); + } + if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_HASHOID].tag != 0)) { + word32 oid = dataASN[RSAPSSPARAMSASN_IDX_HASHOID].data.oid.sum; + ret = RsaPssHashOidToType(oid, hash); + } + if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_MGFOID].tag != 0)) { + if (dataASN[RSAPSSPARAMSASN_IDX_MGFOID].data.oid.sum != MGF1_OID) + ret = ASN_PARSE_E; + } + if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].tag != 0)) { + word32 oid = dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].data.oid.sum; + ret = RsaPssHashOidToMgf1(oid, mgf); + } + if (ret == 0) { + *saltLen = sLen; + } + + FREE_ASNGETDATA(dataASN, NULL); + return ret; +} +#else /* !WOLFSSL_ASN_TEMPLATE */ +{ int ret = 0; word32 idx = 0; int len = 0; @@ -7530,25 +7762,31 @@ byte tag; int length; - if (params == NULL) { - ret = BAD_FUNC_ARG; - } - if ((ret == 0) && (GetSequence_ex(params, &idx, &len, sz, 1) < 0)) { - ret = ASN_PARSE_E; + /* Decode RSASSA-PSS-params SEQUENCE content. */ + if (GetSequence_ex(params, &idx, &len, sz, 1) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at sequence"); + return ASN_PARSE_E; } + + /* [0] hashAlgorithm */ if (ret == 0) { if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_HASH)) { /* Hash algorithm to use on message. */ if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at hash_header"); ret = ASN_PARSE_E; } if (ret == 0) { if (GetAlgoId(params, &idx, &oid, oidHashType, sz) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at hash_algo"); ret = ASN_PARSE_E; } } if (ret == 0) { ret = RsaPssHashOidToType(oid, hash); + if (ret != 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at hash_oid"); + } } } else { @@ -7556,36 +7794,75 @@ *hash = WC_HASH_TYPE_SHA; } } + + /* [1] maskGenAlgorithm -- AlgorithmIdentifier { OID id-mgf1, hash AlgoId } + * Parse manually: read the MGF SEQUENCE + OID, then the hash AlgoId + * parameter, because GetAlgoId consumes the entire AlgorithmIdentifier + * including the hash parameter inside it. */ if (ret == 0) { if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_MGF)) { - /* MGF and hash algorithm to use with padding. */ + int mgfSeqLen = 0; + word32 mgfEnd; + if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_header"); + ret = ASN_PARSE_E; + } + /* Read MGF AlgorithmIdentifier SEQUENCE header */ + if (ret == 0) { + if (GetSequence(params, &idx, &mgfSeqLen, sz) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_seq"); + ret = ASN_PARSE_E; + } + } + /* Bound subsequent reads to the MGF SEQUENCE content */ + mgfEnd = idx + (word32)mgfSeqLen; + if (mgfEnd > sz) { + WOLFSSL_MSG("DecodeRsaPssParams: mgf_seq overflows buffer"); ret = ASN_PARSE_E; } + /* Read MGF OID (id-mgf1) directly */ if (ret == 0) { - if (GetAlgoId(params, &idx, &oid, oidIgnoreType, sz) < 0) { + if (GetObjectId(params, &idx, &oid, oidIgnoreType, + mgfEnd) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_oid"); ret = ASN_PARSE_E; } } if ((ret == 0) && (oid != MGF1_OID)) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_oid_value"); ret = ASN_PARSE_E; } + /* Read hash AlgorithmIdentifier (parameter of MGF1) */ if (ret == 0) { - ret = GetAlgoId(params, &idx, &oid, oidHashType, sz); + ret = GetAlgoId(params, &idx, &oid, oidHashType, mgfEnd); if (ret == 0) { ret = RsaPssHashOidToMgf1(oid, mgf); + if (ret != 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_hash_oid"); + } + } + else { + WOLFSSL_MSG("DecodeRsaPssParams: fail at mgf_hash_algo"); } } + if ((ret == 0) && (idx != mgfEnd)) { + WOLFSSL_MSG("DecodeRsaPssParams: extra data in mgf_seq"); + ret = ASN_PARSE_E; + } } else { /* Default MGF/Hash algorithm. */ *mgf = WC_MGF1SHA1; } } + + /* [2] saltLength */ if (ret == 0) { if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_SALTLEN)) { /* Salt length to use with padding. */ if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at saltlen_header"); ret = ASN_PARSE_E; } if (ret == 0) { @@ -7594,6 +7871,9 @@ *saltLen = ret; ret = 0; } + else { + WOLFSSL_MSG("DecodeRsaPssParams: fail at saltlen_value"); + } } } else { @@ -7601,10 +7881,13 @@ *saltLen = 20; } } + + /* [3] trailerField */ if (ret == 0) { if ((idx < sz) && (params[idx] == ASN_TAG_RSA_PSS_TRAILER)) { - /* Unused - trialerField. */ + /* Unused - trailerField. */ if (GetHeader(params, &tag, &idx, &length, sz, 0) < 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at trailer_header"); ret = ASN_PARSE_E; } if (ret == 0) { @@ -7612,60 +7895,179 @@ if (ret > 0) { ret = 0; } + else if (ret != 0) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at trailer_value"); + } } } } + if ((ret == 0) && (idx != sz)) { + WOLFSSL_MSG("DecodeRsaPssParams: fail at extra_data"); ret = ASN_PARSE_E; } return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ +} + +WOLFSSL_TEST_VIS int wc_DecodeRsaPssParams(const byte* params, word32 sz, + enum wc_HashType* hash, int* mgf, int* saltLen) +{ + return DecodeRsaPssParams(params, sz, hash, mgf, saltLen); +} + +/* Encode AlgorithmIdentifier for id-RSASSA-PSS with full RSASSA-PSS-params. + * hashOID: e.g. SHA256h; saltLen: e.g. 32; trailerField is encoded as 1. + * When out is NULL returns required length only. + * Returns encoded length on success, 0 on error. + * Note: saltLength is encoded as a single-byte INTEGER; values >255 would + * require multi-byte encoding (not implemented; CMS profiles use hash-length + * salts, e.g. 20-64 bytes). */ +/* Scratch buffer for building RSA-PSS AlgorithmIdentifier sub-encodings. + * Must hold the largest single sub-encoding (hash AlgoId, typically ~15 bytes) + * plus room for integer TLVs. 64 bytes is sufficient; 128 gives margin. */ +#define RSA_PSS_ALGOID_TMPBUF_SZ 128 + +word32 wc_EncodeRsaPssAlgoId(int hashOID, int saltLen, byte* out, word32 outSz) +{ + word32 idx = 0; + word32 hashAlgSz, mgf1ParamSz, tag0Sz, tag1Sz, tag2Sz, tag3Sz; + word32 paramsSz, outerSz; + const byte* rsapssOid = sigRsaSsaPssOid; + word32 rsapssOidSz = sizeof(sigRsaSsaPssOid); + /* MGF1 OID 1.2.840.113549.1.1.8 */ + static const byte mgf1Oid[] = { 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x08 }; + int setIntRet; +#ifdef WOLFSSL_SMALL_STACK + byte* tmpBuf; #else - DECL_ASNGETDATA(dataASN, rsaPssParamsASN_Length); - int ret = 0; - word16 sLen = 20; + byte tmpBuf[RSA_PSS_ALGOID_TMPBUF_SZ]; +#endif - if (params == NULL) { - ret = BAD_FUNC_ARG; + if (saltLen < 0 || saltLen > 255) { + WOLFSSL_MSG("Salt length must be 0-255 for single-byte encoding"); + return 0; } - CALLOC_ASNGETDATA(dataASN, rsaPssParamsASN_Length, ret, NULL); - if (ret == 0) { - word32 inOutIdx = 0; - /* Default values. */ - *hash = WC_HASH_TYPE_SHA; - *mgf = WC_MGF1SHA1; +#ifdef WOLFSSL_SMALL_STACK + tmpBuf = (byte*)XMALLOC(RSA_PSS_ALGOID_TMPBUF_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpBuf == NULL) + return 0; +#endif - /* Set OID type expected. */ - GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_HASHOID], oidHashType); - GetASN_OID(&dataASN[RSAPSSPARAMSASN_IDX_MGFHOID], oidHashType); - /* Place the salt length into 16-bit var sLen. */ - GetASN_Int16Bit(&dataASN[RSAPSSPARAMSASN_IDX_SALTLENINT], &sLen); - /* Decode the algorithm identifier. */ - ret = GetASN_Items(rsaPssParamsASN, dataASN, rsaPssParamsASN_Length, 1, - params, &inOutIdx, sz); + hashAlgSz = SetAlgoID(hashOID, out ? tmpBuf : NULL, oidHashType, 0); + if (hashAlgSz == 0) { + idx = 0; goto pss_algoid_done; } - if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_HASHOID].tag != 0)) { - word32 oid = dataASN[RSAPSSPARAMSASN_IDX_HASHOID].data.oid.sum; - ret = RsaPssHashOidToType(oid, hash); + mgf1ParamSz = hashAlgSz; + tag0Sz = SetExplicit(0, hashAlgSz, NULL, 0) + hashAlgSz; + { + /* MGF AlgorithmIdentifier: SEQUENCE { OID id-mgf1, hash AlgoId } + * The hash AlgoId (from SetAlgoID) is the parameter of MGF1. */ + word32 mgf1OidLen = (word32)SetObjectId((int)sizeof(mgf1Oid), NULL) + (word32)sizeof(mgf1Oid); + word32 mgf1SeqContent = mgf1OidLen + mgf1ParamSz; + word32 mgf1SeqSz = SetSequence(mgf1SeqContent, NULL) + mgf1SeqContent; + tag1Sz = SetExplicit(1, mgf1SeqSz, NULL, 0) + mgf1SeqSz; + } + /* SetASNInt writes only tag+length (+ optional leading 0); value byte(s) appended by caller. */ + setIntRet = SetASNInt(1, (byte)(saltLen & 0xff), NULL); + if (setIntRet <= 0) { + idx = 0; goto pss_algoid_done; } - if ((ret == 0) && (dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].tag != 0)) { - word32 oid = dataASN[RSAPSSPARAMSASN_IDX_MGFHOID].data.oid.sum; - ret = RsaPssHashOidToMgf1(oid, mgf); + { + word32 saltIntSz = (word32)setIntRet + 1; /* header + one value byte (two if high bit set) */ + tag2Sz = SetExplicit(2, saltIntSz, NULL, 0) + saltIntSz; } - if (ret == 0) { - *saltLen = sLen; + setIntRet = SetASNInt(1, 0x01, NULL); + if (setIntRet <= 0) { + idx = 0; goto pss_algoid_done; + } + { + word32 trailerIntSz = (word32)setIntRet + 1; + tag3Sz = SetExplicit(3, trailerIntSz, NULL, 0) + trailerIntSz; } - FREE_ASNGETDATA(dataASN, NULL); - return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ + paramsSz = tag0Sz + tag1Sz + tag2Sz + tag3Sz; + { + word32 idPart = (word32)SetObjectId((int)rsapssOidSz, NULL) + rsapssOidSz; + word32 seqPart = SetSequence(paramsSz, NULL) + paramsSz; + outerSz = SetSequence(idPart + seqPart, NULL) + idPart + seqPart; + } + + if (out == NULL) { + idx = outerSz; goto pss_algoid_done; + } + if (outSz < outerSz) { + idx = 0; goto pss_algoid_done; + } + if (hashAlgSz > RSA_PSS_ALGOID_TMPBUF_SZ) { + idx = 0; goto pss_algoid_done; + } + + { + word32 idPart = (word32)SetObjectId((int)rsapssOidSz, NULL) + rsapssOidSz; + word32 seqPart = SetSequence(paramsSz, NULL) + paramsSz; + idx += SetSequence(idPart + seqPart, out + idx); + } + idx += (word32)SetObjectId((int)rsapssOidSz, out + idx); + XMEMCPY(out + idx, rsapssOid, rsapssOidSz); + idx += rsapssOidSz; + idx += SetSequence(paramsSz, out + idx); + + idx += SetExplicit(0, hashAlgSz, out + idx, 0); + XMEMCPY(out + idx, tmpBuf, hashAlgSz); + idx += hashAlgSz; + + { + /* [1] EXPLICIT { SEQUENCE { OID id-mgf1, hash AlgoId } } */ + word32 mgf1OidLen = (word32)SetObjectId((int)sizeof(mgf1Oid), NULL) + (word32)sizeof(mgf1Oid); + word32 mgf1SeqContent = mgf1OidLen + mgf1ParamSz; + word32 mgf1SeqSz = SetSequence(mgf1SeqContent, NULL) + mgf1SeqContent; + idx += SetExplicit(1, mgf1SeqSz, out + idx, 0); + idx += SetSequence(mgf1SeqContent, out + idx); + idx += (word32)SetObjectId((int)sizeof(mgf1Oid), out + idx); + XMEMCPY(out + idx, mgf1Oid, sizeof(mgf1Oid)); + idx += (word32)sizeof(mgf1Oid); + XMEMCPY(out + idx, tmpBuf, hashAlgSz); + idx += hashAlgSz; + } + + /* INTEGER saltLength (single byte; see function comment for >255 limitation). */ + setIntRet = SetASNInt(1, (byte)(saltLen & 0xff), tmpBuf); + if (setIntRet > 0) { + tmpBuf[setIntRet] = (byte)(saltLen & 0xff); + } + { + word32 saltIntSz = (word32)setIntRet + 1; + idx += SetExplicit(2, saltIntSz, out + idx, 0); + XMEMCPY(out + idx, tmpBuf, saltIntSz); + idx += saltIntSz; + } + + /* INTEGER trailerField (1): same pattern. */ + setIntRet = SetASNInt(1, 0x01, tmpBuf); + if (setIntRet > 0) { + tmpBuf[setIntRet] = 0x01; + } + { + word32 trailerIntSz = (word32)setIntRet + 1; + idx += SetExplicit(3, trailerIntSz, out + idx, 0); + XMEMCPY(out + idx, tmpBuf, trailerIntSz); + idx += trailerIntSz; + } + +pss_algoid_done: +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return idx; } + #endif /* WC_RSA_PSS */ -#if defined(WOLFSSL_ASN_TEMPLATE) || (!defined(NO_CERTS) && \ - (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_KCAPI_RSA) || defined(WOLFSSL_SE050))) /* Byte offset of numbers in RSA key. */ size_t rsaIntOffset[] = { WC_OFFSETOF(RsaKey, n), @@ -7698,7 +8100,16 @@ /* Cast key to byte array to and use offset to get to mp_int field. */ return (mp_int*)(((byte*)key) + rsaIntOffset[idx]); } + +#ifdef WOLFSSL_RSA_PUBLIC_ONLY + #define RSA_INT_CNT 2 +#elif !(defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM)) + #define RSA_INT_CNT 5 +#else + #define RSA_INT_CNT 8 #endif +#define RSA_MAX_INT_CNT 8 #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for an RSA private key. @@ -7768,91 +8179,10 @@ * @return MP_INIT_E when the unable to initialize an mp_int. * @return ASN_GETINT_E when the unable to convert data to an mp_int. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, int* keySz, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int version, length; - word32 algId = 0; - - if (inOutIdx == NULL || input == NULL || (key == NULL && keySz == NULL)) { - return BAD_FUNC_ARG; - } - - /* if has pkcs8 header skip it */ - if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { - /* ignore error, did not have pkcs8 header */ - } - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; - - if (key == NULL) { - int i; - - /* Modulus */ - if (GetASNInt(input, inOutIdx, keySz, inSz) < 0) { - return ASN_PARSE_E; - } - *inOutIdx += (word32)*keySz; - for (i = 1; i < RSA_INTS; i++) { - if (SkipInt(input, inOutIdx, inSz) < 0) { - return ASN_RSA_KEY_E; - } - } - } - else { - key->type = RSA_PRIVATE; - - #ifdef WOLFSSL_CHECK_MEM_ZERO - mp_memzero_add("Decode RSA key d", &key->d); - mp_memzero_add("Decode RSA key p", &key->p); - mp_memzero_add("Decode RSA key q", &key->q); - #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ - !defined(RSA_LOW_MEM)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - mp_memzero_add("Decode RSA key dP", &key->dP); - mp_memzero_add("Decode RSA key dQ", &key->dQ); - mp_memzero_add("Decode RSA key u", &key->u); - #endif - #endif - - if (GetInt(&key->n, input, inOutIdx, inSz) < 0 || - GetInt(&key->e, input, inOutIdx, inSz) < 0 || - #ifndef WOLFSSL_RSA_PUBLIC_ONLY - GetInt(&key->d, input, inOutIdx, inSz) < 0 || - GetInt(&key->p, input, inOutIdx, inSz) < 0 || - GetInt(&key->q, input, inOutIdx, inSz) < 0 - #else - SkipInt(input, inOutIdx, inSz) < 0 || - SkipInt(input, inOutIdx, inSz) < 0 || - SkipInt(input, inOutIdx, inSz) < 0 - #endif - ) { - return ASN_RSA_KEY_E; - } - #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) \ - && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - if (GetInt(&key->dP, input, inOutIdx, inSz) < 0 || - GetInt(&key->dQ, input, inOutIdx, inSz) < 0 || - GetInt(&key->u, input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E; - #else - if (SkipInt(input, inOutIdx, inSz) < 0 || - SkipInt(input, inOutIdx, inSz) < 0 || - SkipInt(input, inOutIdx, inSz) < 0 ) return ASN_RSA_KEY_E; - #endif - - #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) - if (wc_InitRsaHw(key) != 0) { - return BAD_STATE_E; - } - #endif - } - - return 0; -#else DECL_ASNGETDATA(dataASN, rsaKeyASN_Length); int ret = 0; byte version = (byte)-1; @@ -7940,9 +8270,8 @@ FREE_ASNGETDATA(dataASN, heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode RSA private key. * * PKCS #1: RFC 8017, A.1.2 - RSAPrivateKey @@ -8058,79 +8387,10 @@ * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ +#ifdef WOLFSSL_ASN_TEMPLATE int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, word32* algId, word32* eccOid) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx; - int version, length; - int ret; - byte tag; - - if (input == NULL || inOutIdx == NULL) - return BAD_FUNC_ARG; - - idx = *inOutIdx; - - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - if (GetMyVersion(input, &idx, &version, sz) < 0) - return ASN_PARSE_E; - - if (GetAlgoId(input, &idx, algId, oidKeyType, sz) < 0) - return ASN_PARSE_E; - - if (GetASNTag(input, &idx, &tag, sz) < 0) - return ASN_PARSE_E; - idx = idx - 1; /* reset idx after finding tag */ - -#if defined(WC_RSA_PSS) && !defined(NO_RSA) - if (*algId == RSAPSSk && tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - word32 seqIdx = idx; - int seqLen; - /* Not set when -1. */ - enum wc_HashType hash = WC_HASH_TYPE_NONE; - int mgf = -1; - int saltLen = 0; - - if (GetSequence(input, &idx, &seqLen, sz) < 0) { - return ASN_PARSE_E; - } - /* Get the private key parameters. */ - ret = DecodeRsaPssParams(input + seqIdx, - seqLen + idx - seqIdx, &hash, &mgf, &saltLen); - if (ret != 0) { - return ASN_PARSE_E; - } - /* TODO: store parameters so that usage can be checked. */ - idx += seqLen; - } -#endif /* WC_RSA_PSS && !NO_RSA */ - - if (tag == ASN_OBJECT_ID) { - if ((*algId == ECDSAk) && (eccOid != NULL)) { - if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0) - return ASN_PARSE_E; - } - else { - if (SkipObjectId(input, &idx, sz) < 0) - return ASN_PARSE_E; - } - } - - ret = GetOctetString(input, &idx, &length, sz); - if (ret < 0) { - if (ret == WC_NO_ERR_TRACE(BUFFER_E)) - return ASN_PARSE_E; - /* Some private keys don't expect an octet string */ - WOLFSSL_MSG("Couldn't find Octet string"); - } - - *inOutIdx = idx; - - return length; -#else DECL_ASNGETDATA(dataASN, pkcs8KeyASN_Length); int ret = 0; word32 oid = 9; @@ -8282,9 +8542,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448. * * @param [in] input Buffer holding BER data. @@ -8363,100 +8622,14 @@ return length; } +#ifdef WOLFSSL_ASN_TEMPLATE int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, int algoID, const byte* curveOID, word32 oidSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 keyIdx = 0; - word32 tmpSz = 0; - word32 sz; - word32 tmpAlgId = 0; - - /* If out is NULL then return the max size needed - * + 2 for ASN_OBJECT_ID and ASN_OCTET_STRING tags */ - if (out == NULL && outSz != NULL) { - *outSz = keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ - + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 2; - - if (curveOID != NULL) - *outSz += oidSz + MAX_LENGTH_SZ + 1; - - WOLFSSL_MSG("Checking size of PKCS8"); - - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - WOLFSSL_ENTER("wc_CreatePKCS8Key"); - - if (key == NULL || out == NULL || outSz == NULL) { - return BAD_FUNC_ARG; - } - - /* check the buffer has enough room for largest possible size */ - if (curveOID != NULL) { - if (*outSz < (keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ - + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 3 + oidSz + MAX_LENGTH_SZ)) - return BUFFER_E; - } - else { - oidSz = 0; /* with no curveOID oid size must be 0 */ - if (*outSz < (keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ - + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 2)) - return BUFFER_E; - } - - /* sanity check: make sure the key doesn't already have a PKCS 8 header */ - if (ToTraditionalInline_ex(key, &keyIdx, keySz, &tmpAlgId) >= 0) { - (void)tmpAlgId; - return ASN_PARSE_E; - } - - /* PrivateKeyInfo ::= SEQUENCE */ - keyIdx = MAX_SEQ_SZ; /* save room for sequence */ - - /* version Version - * no header information just INTEGER */ - sz = (word32)SetMyVersion(PKCS8v0, out + keyIdx, 0); - tmpSz += sz; keyIdx += sz; - /* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier */ - sz = 0; /* set sz to 0 and get privateKey oid buffer size needed */ - if (curveOID != NULL && oidSz > 0) { - byte buf[MAX_LENGTH_SZ]; - sz = SetLength(oidSz, buf); - sz += 1; /* plus one for ASN object id */ - } - sz = (word32)SetAlgoID(algoID, out + keyIdx, oidKeyType, (int)(oidSz + sz)); - tmpSz += sz; keyIdx += sz; - - /* privateKey PrivateKey * - * pkcs8 ecc uses slightly different format. Places curve oid in - * buffer */ - if (curveOID != NULL && oidSz > 0) { - sz = (word32)SetObjectId((int)oidSz, out + keyIdx); - keyIdx += sz; tmpSz += sz; - XMEMCPY(out + keyIdx, curveOID, oidSz); - keyIdx += oidSz; tmpSz += oidSz; - } - - sz = (word32)SetOctetString(keySz, out + keyIdx); - keyIdx += sz; tmpSz += sz; - XMEMCPY(out + keyIdx, key, keySz); - tmpSz += keySz; - - /* attributes optional - * No attributes currently added */ - - /* rewind and add sequence */ - sz = SetSequence(tmpSz, out); - XMEMMOVE(out + sz, out + MAX_SEQ_SZ, tmpSz); - - *outSz = tmpSz + sz; - return (int)(tmpSz + sz); -#else /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional * set of attributes */ DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1); - int sz = 0; + word32 sz = 0; int ret = 0; word32 keyIdx = 0; word32 tmpAlgId = 0; @@ -8481,7 +8654,8 @@ (void)tmpAlgId; #endif - CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL); if (ret == 0) { /* Only support default PKCS #8 format - v0. */ @@ -8511,7 +8685,7 @@ } if ((ret == 0) || (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { /* Always return the calculated size. */ - *outSz = (word32)sz; + *outSz = sz; } /* Check for buffer to encoded into. */ if ((ret == 0) && (out == NULL)) { @@ -8521,14 +8695,13 @@ if (ret == 0) { /* Encode PKCS #8 key into buffer. */ SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out); - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* HAVE_PKCS8 */ #if defined(HAVE_PKCS12) || !defined(NO_CHECK_PRIVATE_KEY) @@ -8562,6 +8735,9 @@ || ks == RSAPSSk #endif ) { + #if defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = NOT_COMPILED_IN; + #else #ifdef WOLFSSL_SMALL_STACK RsaKey* a; RsaKey* b = NULL; @@ -8616,6 +8792,7 @@ wc_FreeRsaKey(a); WC_FREE_VAR_EX(b, NULL, DYNAMIC_TYPE_RSA); WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_RSA); + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ } else #endif /* !NO_RSA && !NO_ASN_CRYPT */ @@ -8977,8 +9154,13 @@ if (ret == 0) { if (der->sapkiOID == RSAk || der->sapkiOID == ECDSAk) { /* Simply copy the data */ - XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); - pubKeyLen = der->sapkiLen; + if ((word32)der->sapkiLen > pubKeyLen) { + ret = BUFFER_E; + } + else { + XMEMCPY(decodedPubKey, der->sapkiDer, der->sapkiLen); + pubKeyLen = der->sapkiLen; + } } else { #if defined(WC_ENABLE_ASYM_KEY_IMPORT) @@ -9203,14 +9385,15 @@ if (rsa == NULL) return MEMORY_E; - wc_InitRsaKey(rsa, heap); - if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) { - *algoID = RSAk; - } - else { - WOLFSSL_MSG("Not RSA DER key"); + if (wc_InitRsaKey(rsa, heap) == 0) { + if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) { + *algoID = RSAk; + } + else { + WOLFSSL_MSG("Not RSA DER key"); + } + wc_FreeRsaKey(rsa); } - wc_FreeRsaKey(rsa); XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* !NO_RSA && !NO_ASN_CRYPT */ @@ -9221,22 +9404,23 @@ return MEMORY_E; tmpIdx = 0; - wc_ecc_init_ex(ecc, heap, INVALID_DEVID); - if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) { - *algoID = ECDSAk; - - /* now find oid */ - if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) { - WOLFSSL_MSG("Error getting ECC curve OID"); - wc_ecc_free(ecc); - XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); - return BAD_FUNC_ARG; + if (wc_ecc_init_ex(ecc, heap, INVALID_DEVID) == 0) { + if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) { + *algoID = ECDSAk; + + /* now find oid */ + if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) { + WOLFSSL_MSG("Error getting ECC curve OID"); + wc_ecc_free(ecc); + XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); + return BAD_FUNC_ARG; + } } + else { + WOLFSSL_MSG("Not ECC DER key either"); + } + wc_ecc_free(ecc); } - else { - WOLFSSL_MSG("Not ECC DER key either"); - } - wc_ecc_free(ecc); XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ECC && !NO_ASN_CRYPT */ @@ -9293,7 +9477,7 @@ if (falcon == NULL) return MEMORY_E; - if (wc_falcon_init(falcon) != 0) { + if (wc_falcon_init(falcon) == 0) { tmpIdx = 0; if (wc_falcon_set_level(falcon, 1) == 0) { if (wc_Falcon_PrivateKeyDecode(key, &tmpIdx, falcon, keySz) @@ -9365,7 +9549,7 @@ WOLFSSL_MSG("Not Dilithium Level 5 DER key"); } } - else { + if (*algoID == 0) { WOLFSSL_MSG("GetKeyOID dilithium initialization failed"); } wc_dilithium_free(dilithium); @@ -9380,7 +9564,7 @@ if (sphincs == NULL) return MEMORY_E; - if (wc_sphincs_init(sphincs) != 0) { + if (wc_sphincs_init(sphincs) == 0) { tmpIdx = 0; if (wc_sphincs_set_level_and_optim(sphincs, 1, FAST_VARIANT) == 0) { @@ -9963,154 +10147,9 @@ * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. * @return Other when decryption fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 inOutIdx = 0, seqEnd, oid, shaOid = 0, seqPkcs5End = sz; - int ret = 0, first, second, length = 0, version, saltSz, id = 0; - int iterations = 0, keySz = 0; -#ifdef WOLFSSL_SMALL_STACK - byte* salt = NULL; - byte* cbcIv = NULL; -#else - byte salt[MAX_SALT_SIZE]; - byte cbcIv[MAX_IV_SIZE]; -#endif - byte tag; - - if (passwordSz < 0) { - WOLFSSL_MSG("Bad password size"); - return BAD_FUNC_ARG; - } - - if (GetAlgoId(input, &inOutIdx, &oid, oidIgnoreType, sz) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - first = input[inOutIdx - 2]; /* PKCS version always 2nd to last byte */ - second = input[inOutIdx - 1]; /* version.algo, algo id last byte */ - - if (CheckAlgo(first, second, &id, &version, NULL) < 0) { - ERROR_OUT(ASN_INPUT_E, exit_dc); /* Algo ID error */ - } - - if (version == PKCS5v2) { - if (GetSequence(input, &inOutIdx, &length, sz) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - seqPkcs5End = inOutIdx + length; - - if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - if (oid != PBKDF2_OID) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - } - - if (GetSequence(input, &inOutIdx, &length, sz) <= 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - /* Find the end of this SEQUENCE so we can check for the OPTIONAL and - * DEFAULT items. */ - seqEnd = inOutIdx + (word32)length; - - ret = GetOctetString(input, &inOutIdx, &saltSz, seqEnd); - if (ret < 0) - goto exit_dc; - - if (saltSz > MAX_SALT_SIZE) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - WC_ALLOC_VAR_EX(salt, byte, MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER, - ERROR_OUT(MEMORY_E,exit_dc)); - - XMEMCPY(salt, &input[inOutIdx], (size_t)saltSz); - inOutIdx += (word32)saltSz; - - if (GetShortInt(input, &inOutIdx, &iterations, seqEnd) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - /* OPTIONAL key length */ - if (seqEnd > inOutIdx) { - word32 localIdx = inOutIdx; - - if (GetASNTag(input, &localIdx, &tag, seqEnd) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - if (tag == ASN_INTEGER && - GetShortInt(input, &inOutIdx, &keySz, seqEnd) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - } - - /* DEFAULT HMAC is SHA-1 */ - if (seqEnd > inOutIdx) { - if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, seqEnd) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - shaOid = oid; - } - - WC_ALLOC_VAR_EX(cbcIv, byte, MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER, - ERROR_OUT(MEMORY_E,exit_dc)); - - if (version == PKCS5v2) { - /* get encryption algo */ - if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, seqPkcs5End) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - if (CheckAlgoV2((int)oid, &id, NULL) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); /* PKCS v2 algo id error */ - } - - if (shaOid == 0) - shaOid = oid; - - ret = GetOctetString(input, &inOutIdx, &length, seqPkcs5End); - if (ret < 0) - goto exit_dc; - - if (length > MAX_IV_SIZE) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - XMEMCPY(cbcIv, &input[inOutIdx], (size_t)length); - inOutIdx += (word32)length; - } - - if (GetASNTag(input, &inOutIdx, &tag, sz) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - if (tag != (ASN_CONTEXT_SPECIFIC | 0) && tag != ASN_OCTET_STRING) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - if (GetLength(input, &inOutIdx, &length, sz) < 0) { - ERROR_OUT(ASN_PARSE_E, exit_dc); - } - - ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, - input + inOutIdx, length, version, cbcIv, 0, (int)shaOid); - -exit_dc: - WC_FREE_VAR_EX(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - if (ret == 0) { - XMEMMOVE(input, input + inOutIdx, (size_t)length); - ret = length; - } - - return ret; -#else /* pbes2ParamsASN longer than pkcs8DecASN_Length/pbes1ParamsASN_Length. */ DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length); int ret = 0; @@ -10122,10 +10161,10 @@ word32 keySz = 0; word32 saltSz = 0; word32 shaOid = 0; - byte* salt = NULL; - byte* key = NULL; + const byte* salt = NULL; + const byte* key = NULL; byte cbcIv[MAX_IV_SIZE]; - byte* params = NULL; + const byte* params = NULL; WOLFSSL_ENTER("DecryptContent"); @@ -10140,6 +10179,12 @@ if (ret == 0) { /* Check the PBE algorithm and get the version and id. */ idx = dataASN[PKCS8DECASN_IDX_ENCALGO_OID].data.oid.length; + /* All supported PBE algorithms are 9 or 10 bytes long. */ + if ((idx != 9) && (idx != 10)) { + ret = ASN_UNKNOWN_OID_E; + } + } + if (ret == 0) { /* Second last byte: 1 (PKCS #12 PBE Id) or 5 (PKCS #5) * Last byte: Alg or PBES2 */ ret = CheckAlgo( @@ -10206,9 +10251,10 @@ if (ret == 0) { /* Decrypt the key. */ + /* safe cast -- key is actually inside the readwrite "input" buffer. */ ret = wc_CryptKey( - password, passwordSz, salt, (int)saltSz, (int)iterations, id, key, - (int)keySz, version, cbcIv, 0, (int)shaOid); + password, passwordSz, salt, (int)saltSz, (int)iterations, id, + (byte *)(wc_ptr_t)key, (int)keySz, version, cbcIv, 0, (int)shaOid); } if (ret == 0) { /* Copy the decrypted key into the input (inline). */ @@ -10218,9 +10264,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decrypt data using PBE algorithm and get key from PKCS#8 wrapping. * * PKCS #8: RFC 5958, 3 - EncryptedPrivateKeyInfo @@ -10344,7 +10389,7 @@ int blkOidSz = 0; int pbesId = -1; int blockSz = 0; - int asnSz = 0; + word32 asnSz = 0; word32 pkcs8Sz = 0; byte* cbcIv = NULL; byte* saltEnc = NULL; @@ -10369,7 +10414,8 @@ &blockSz) < 0) { ret = ASN_INPUT_E; } - CALLOC_ASNSETDATA(dataASN, p8EncPbes2ASN_Length, ret, heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, p8EncPbes2ASN_Length, ret, heap); if (ret == 0) { /* Setup data to go into encoding including PBE algorithm, salt, @@ -10417,11 +10463,11 @@ } /* Return size when no output buffer. */ if ((ret == 0) && (out == NULL)) { - *outSz = (word32)asnSz; + *outSz = asnSz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check output buffer is big enough for encoded data. */ - if ((ret == 0) && (asnSz > (int)*outSz)) { + if ((ret == 0) && (asnSz > *outSz)) { ret = BAD_FUNC_ARG; } if (ret == 0) { @@ -10431,8 +10477,10 @@ (int)(p8EncPbes2ASN_Length - P8ENCPBES2ASN_IDX_ALGO_SEQ), out); - saltEnc = (byte*) - dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT].data.buffer.data; + /* safe cast -- the pointer is actually inside the output buffer. */ + saltEnc = (byte*)(wc_ptr_t) + dataASN[P8ENCPBES2ASN_IDX_ALGO_PARAMS_PBKDF2_SALT]. + data.buffer.data; if (genSalt) { /* Generate salt into encoding. */ ret = wc_RNG_GenerateBlock(rng, saltEnc, saltSz); @@ -10442,13 +10490,15 @@ } } if (ret == 0) { - cbcIv = (byte*) + /* safe cast -- the pointer is actually inside the output buffer. */ + cbcIv = (byte*)(wc_ptr_t) dataASN[P8ENCPBES2ASN_IDX_ALGO_ENCS_PARAMS].data.buffer.data; ret = wc_RNG_GenerateBlock(rng, cbcIv, (word32)blockSz); } if (ret == 0) { /* Store PKCS#8 key in output buffer. */ - byte* pkcs8 = (byte*) + /* safe cast -- the pointer is actually inside the output buffer. */ + byte* pkcs8 = (byte*)(wc_ptr_t) dataASN[P8ENCPBES2ASN_IDX_ENCDATA].data.buffer.data; XMEMCPY(pkcs8, input, inputSz); (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz); @@ -10459,7 +10509,7 @@ } if (ret == 0) { /* Returning size on success. */ - ret = asnSz; + ret = (int)asnSz; } FREE_ASNSETDATA(dataASN, heap); @@ -10532,182 +10582,17 @@ * @return MEMORY_E when dynamic memory allocation fails. * @return Other when encryption or random number generation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, const char* password, int passwordSz, int vPKCS, int vAlgo, int encAlgId, byte* salt, word32 saltSz, int itt, int hmacOid, WC_RNG* rng, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 sz; - word32 inOutIdx = 0; - word32 tmpIdx = 0; - word32 totalSz = 0; - word32 seqSz; - word32 innerSz; - int ret; - int version, id = PBE_NONE, blockSz = 0; -#ifdef WOLFSSL_SMALL_STACK - byte* saltTmp = NULL; - byte* cbcIv = NULL; -#else - byte saltTmp[MAX_SALT_SIZE]; - byte cbcIv[MAX_IV_SIZE]; -#endif - byte seq[MAX_SEQ_SZ]; - byte shr[MAX_SHORT_SZ]; - word32 maxShr = MAX_SHORT_SZ; - word32 algoSz; - const byte* algoName; - - (void)encAlgId; - (void)hmacOid; - (void)heap; - - (void)EncryptContentPBES2; - - WOLFSSL_ENTER("EncryptContent"); - - if (CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz) < 0) - return ASN_INPUT_E; /* Algo ID error */ - - if (version == PKCS5v2) { - WOLFSSL_MSG("PKCS#5 version 2 not supported yet"); - return BAD_FUNC_ARG; - } - - if (saltSz > MAX_SALT_SIZE) - return ASN_PARSE_E; - - if (outSz == NULL) { - return BAD_FUNC_ARG; - } - - /* calculate size */ - /* size of constructed string at end */ - sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); - totalSz = ASN_TAG_SZ; - totalSz += SetLength(sz, seq); - totalSz += sz; - - /* size of sequence holding object id and sub sequence of salt and itt */ - algoName = OidFromId((word32)id, oidPBEType, &algoSz); - if (algoName == NULL) { - WOLFSSL_MSG("Unknown Algorithm"); - return 0; - } - innerSz = (word32)SetObjectId((int)algoSz, seq); - innerSz += algoSz; - - /* get subsequence of salt and itt */ - if (salt == NULL || saltSz == 0) { - sz = 8; - } - else { - sz = saltSz; - } - seqSz = SetOctetString(sz, seq); - seqSz += sz; - - tmpIdx = 0; - ret = SetShortInt(shr, &tmpIdx, (word32)itt, maxShr); - if (ret >= 0) { - seqSz += (word32)ret; - } - else { - return ret; - } - innerSz += seqSz + SetSequence(seqSz, seq); - totalSz += innerSz + SetSequence(innerSz, seq); - - if (out == NULL) { - *outSz = totalSz; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - inOutIdx = 0; - if (totalSz > *outSz) - return BUFFER_E; - - inOutIdx += SetSequence(innerSz, out + inOutIdx); - inOutIdx += (word32)SetObjectId((int)algoSz, out + inOutIdx); - XMEMCPY(out + inOutIdx, algoName, algoSz); - inOutIdx += algoSz; - inOutIdx += SetSequence(seqSz, out + inOutIdx); - - /* create random salt if one not provided */ - if (salt == NULL || saltSz == 0) { - saltSz = 8; - WC_ALLOC_VAR_EX(saltTmp, byte, saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); - salt = saltTmp; - - if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) { - WOLFSSL_MSG("Error generating random salt"); - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - } - inOutIdx += SetOctetString(saltSz, out + inOutIdx); - if (saltSz + inOutIdx > *outSz) { - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return BUFFER_E; - } - XMEMCPY(out + inOutIdx, salt, saltSz); - inOutIdx += saltSz; - - /* place iteration setting in buffer */ - ret = SetShortInt(out, &inOutIdx, (word32)itt, *outSz); - if (ret < 0) { - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; - } - - if (inOutIdx + 1 > *outSz) { - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return BUFFER_E; - } - out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; - - /* get pad size and verify buffer room */ - sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); - if (sz + inOutIdx > *outSz) { - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return BUFFER_E; - } - inOutIdx += SetLength(sz, out + inOutIdx); - - /* copy input to output buffer and pad end */ - XMEMCPY(out + inOutIdx, input, inputSz); - sz = wc_PkcsPad(out + inOutIdx, inputSz, (word32)blockSz); -#ifdef WOLFSSL_SMALL_STACK - cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (cbcIv == NULL) { - XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } -#endif - - /* encrypt */ - if ((ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id, - out + inOutIdx, (int)sz, version, cbcIv, 1, 0)) < 0) { - - WC_FREE_VAR_EX(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - return ret; /* encrypt failure */ - } - - WC_FREE_VAR_EX(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - - (void)rng; - - return (int)(inOutIdx + sz); -#else /* WOLFSSL_ASN_TEMPLATE */ /* PBES2 is only supported when enabling the ASN template */ DECL_ASNSETDATA(dataASN, p8EncPbes1ASN_Length); int ret = 0; - int sz = 0; + word32 sz = 0; int version = 0; int id = -1; int blockSz = 0; @@ -10734,8 +10619,8 @@ return EncryptContentPBES2(input, inputSz, out, outSz, password, passwordSz, encAlgId, salt, saltSz, itt, hmacOid, rng, heap); } - - CALLOC_ASNSETDATA(dataASN, p8EncPbes1ASN_Length, ret, heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, p8EncPbes1ASN_Length, ret, heap); if (ret == 0) { /* Setup data to go into encoding including PBE algorithm, salt, @@ -10762,11 +10647,11 @@ } /* Return size when no output buffer. */ if ((ret == 0) && (out == NULL)) { - *outSz = (word32)sz; + *outSz = sz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check output buffer is big enough for encoded data. */ - if ((ret == 0) && (sz > (int)*outSz)) { + if ((ret == 0) && (sz > *outSz)) { ret = BAD_FUNC_ARG; } if (ret == 0) { @@ -10778,16 +10663,19 @@ if (salt == NULL) { /* Generate salt into encoding. */ - salt = (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT]. - data.buffer.data; + /* safe cast -- the pointer is actually inside the output buffer. */ + salt = (byte*)(wc_ptr_t) + dataASN[P8ENCPBES1ASN_IDX_ENCALGO_PBEPARAM_SALT]. + data.buffer.data; ret = wc_RNG_GenerateBlock(rng, salt, saltSz); } } if (ret == 0) { byte cbcIv[MAX_IV_SIZE]; /* Store PKCS#8 key in output buffer. */ - byte* pkcs8 = - (byte*)dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; + /* safe cast -- the pointer is actually inside the output buffer. */ + byte* pkcs8 = (byte*)(wc_ptr_t) + dataASN[P8ENCPBES1ASN_IDX_ENCDATA].data.buffer.data; XMEMCPY(pkcs8, input, inputSz); (void)wc_PkcsPad(pkcs8, inputSz, (word32)blockSz); @@ -10797,14 +10685,13 @@ } if (ret == 0) { /* Returning size on success. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* HAVE_PKCS12 */ #endif /* NO_PWDBASED */ @@ -10881,79 +10768,12 @@ /* This function is to retrieve key position information in a cert.* * The information will be used to call TSIP TLS-linked API for * * certificate verification. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, word32 inSz, word32* key_n, word32* key_n_len, word32* key_e, word32* key_e_len) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0; - int length = 0; - -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - byte b; -#endif - - if (input == NULL || inOutIdx == NULL) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - if ((*inOutIdx + 1) > inSz) - return BUFFER_E; - - b = input[*inOutIdx]; - if (b != ASN_INTEGER) { - /* not from decoded cert, will have algo id, skip past */ - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (SkipObjectId(input, inOutIdx, inSz) < 0) - return ASN_PARSE_E; - - /* Option NULL ASN.1 tag */ - if (*inOutIdx >= inSz) { - return BUFFER_E; - } - if (input[*inOutIdx] == ASN_TAG_NULL) { - ret = GetASNNull(input, inOutIdx, inSz); - if (ret != 0) - return ret; - } - /* TODO: support RSA PSS */ - - /* should have bit tag length and seq next */ - ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL); - if (ret != 0) - return ret; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - } -#endif /* OPENSSL_EXTRA */ - - /* Get modulus */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - *key_n += *inOutIdx; - if (ret < 0) { - return ASN_RSA_KEY_E; - } - if (key_n_len) - *key_n_len = length; - *inOutIdx += length; - - /* Get exponent */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - *key_e += *inOutIdx; - if (ret < 0) { - return ASN_RSA_KEY_E; - } - if (key_e_len) - *key_e_len = length; - return ret; -#else int ret = 0; const byte* n = NULL; const byte* e = NULL; /* pointer to modulus/exponent */ @@ -10973,9 +10793,8 @@ } } return ret; -#endif - } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_RENESAS_TSIP */ /* Decode RSA public key. * @@ -11000,95 +10819,13 @@ * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, const byte** n, word32* nSz, const byte** e, word32* eSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0; - int length = 0; -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - word32 localIdx; - byte tag; -#endif - - if (input == NULL || inOutIdx == NULL) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - -#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) - localIdx = *inOutIdx; - if (GetASNTag(input, &localIdx, &tag, inSz) < 0) - return BUFFER_E; - - if (tag != ASN_INTEGER) { - /* not from decoded cert, will have algo id, skip past */ - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (SkipObjectId(input, inOutIdx, inSz) < 0) - return ASN_PARSE_E; - - /* Option NULL ASN.1 tag */ - if (*inOutIdx >= inSz) { - return BUFFER_E; - } - - localIdx = *inOutIdx; - if (GetASNTag(input, &localIdx, &tag, inSz) < 0) - return ASN_PARSE_E; - - if (tag == ASN_TAG_NULL) { - ret = GetASNNull(input, inOutIdx, inSz); - if (ret != 0) - return ret; - } - #ifdef WC_RSA_PSS - /* Skip RSA PSS parameters. */ - else if (tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - *inOutIdx += length; - } - #endif - - /* should have bit tag length and seq next */ - ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL); - if (ret != 0) - return ret; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - } -#endif /* OPENSSL_EXTRA */ - - /* Get modulus */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - if (ret < 0) { - return ASN_RSA_KEY_E; - } - if (nSz) - *nSz = (word32)length; - if (n) - *n = &input[*inOutIdx]; - *inOutIdx += (word32)length; - - /* Get exponent */ - ret = GetASNInt(input, inOutIdx, &length, inSz); - if (ret < 0) { - return ASN_RSA_KEY_E; - } - if (eSz) - *eSz = (word32)length; - if (e) - *e = &input[*inOutIdx]; - *inOutIdx += (word32)length; - - return ret; -#else DECL_ASNGETDATA(dataASN, rsaPublicKeyASN_Length); int ret = 0; + word32 startIdx = (inOutIdx != NULL) ? *inOutIdx : 0; #ifdef WC_RSA_PSS word32 oid = RSAk; #endif @@ -11107,7 +10844,9 @@ (int)(rsaPublicKeyASN_Length - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ), 0, input, inOutIdx, inSz); if (ret != 0) { - /* Didn't work - try whole SubjectKeyInfo instead. */ + /* Didn't work - try whole SubjectKeyInfo instead. Reset index + * to caller's start since the previous attempt advanced it. */ + *inOutIdx = startIdx; #ifdef WC_RSA_PSS /* Could be RSA or RSA PSS key. */ GetASN_OID(&dataASN[RSAPUBLICKEYASN_IDX_ALGOID_OID], oidKeyType); @@ -11155,6 +10894,21 @@ } #endif if (ret == 0) { + /* Detect if this is an RSA private key being passed as public key. + * An RSA private key has: version (small int), modulus, exponent, ... + * An RSA public key has: modulus (large int), exponent, nothing more. + * If the first integer is small (like version 0) and there's more data + * after what we consumed, this is likely a private key. */ + word32 nLen = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N].data.ref.length; + if (nLen <= MAX_VERSION_SZ && *inOutIdx < inSz) { + /* Check if next byte could be an INTEGER tag - indicating more + * fields like in a private key structure */ + if (input[*inOutIdx] == ASN_INTEGER) { + ret = ASN_RSA_KEY_E; + } + } + } + if (ret == 0) { /* Return the buffers and lengths asked for. */ if (n != NULL) { *n = dataASN[RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N].data.ref.data; @@ -11172,9 +10926,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode RSA public key. * * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo @@ -11368,106 +11121,9 @@ * @return ASN_GETINT_E when the unable to convert data to an mp_int. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0; - int length; -#ifdef WOLFSSL_DH_EXTRA - #if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - word32 oid = 0, temp = 0; - #endif -#endif - - WOLFSSL_ENTER("wc_DhKeyDecode"); - - if (inOutIdx == NULL) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - -#ifdef WOLFSSL_DH_EXTRA - #if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - temp = *inOutIdx; - #endif -#endif - /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */ - if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { - ret = ASN_DH_KEY_E; - } - if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { - mp_clear(&key->p); - ret = ASN_DH_KEY_E; - } - -#ifdef WOLFSSL_DH_EXTRA - #if !defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - /* If ASN_DH_KEY_E: Check if input started at beginning of key */ - if (ret == WC_NO_ERR_TRACE(ASN_DH_KEY_E)) { - *inOutIdx = temp; - - /* the version (0) - private only (for public skip) */ - if (GetASNInt(input, inOutIdx, &length, inSz) == 0) { - *inOutIdx += (word32)length; - } - - /* Size of dhKeyAgreement section */ - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - /* Check for dhKeyAgreement */ - ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz); - if (oid != DHk || ret < 0) - return ASN_DH_KEY_E; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { - return ASN_DH_KEY_E; - } - if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { - mp_clear(&key->p); - return ASN_DH_KEY_E; - } - } - - temp = *inOutIdx; - ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0); - if (ret > 0) { - /* Found Bit String */ - if (GetInt(&key->pub, input, inOutIdx, inSz) == 0) { - WOLFSSL_MSG("Found Public Key"); - ret = 0; - } - } else { - *inOutIdx = temp; - ret = (GetOctetString(input, inOutIdx, &length, inSz) >= 0); - if (ret > 0) { - /* Found Octet String */ - if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) { - WOLFSSL_MSG("Found Private Key"); - - /* Compute public */ - ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub); - } - } else { - /* Don't use length from failed CheckBitString/GetOctetString */ - *inOutIdx = temp; - ret = 0; - } - } - #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* WOLFSSL_DH_EXTRA */ - - WOLFSSL_LEAVE("wc_DhKeyDecode", ret); - - return ret; -#else #ifdef WOLFSSL_DH_EXTRA DECL_ASNGETDATA(dataASN, dhKeyPkcs8ASN_Length); #else @@ -11480,11 +11136,13 @@ ret = BAD_FUNC_ARG; } + if (ret == 0) { #ifdef WOLFSSL_DH_EXTRA - ALLOC_ASNGETDATA(dataASN, dhKeyPkcs8ASN_Length, ret, key->heap); + ALLOC_ASNGETDATA(dataASN, dhKeyPkcs8ASN_Length, ret, key->heap); #else - ALLOC_ASNGETDATA(dataASN, dhParamASN_Length, ret, key->heap); + ALLOC_ASNGETDATA(dataASN, dhParamASN_Length, ret, key->heap); #endif + } if (ret == 0) { /* Initialize data and set mp_ints to hold p and g. */ @@ -11529,111 +11187,19 @@ #endif } - FREE_ASNGETDATA(dataASN, key->heap); + FREE_ASNGETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_DH_EXTRA /* Export DH Key (private or public) */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret, privSz = 0, pubSz = 0; - word32 keySz, idx, len, total; - - if (key == NULL || outSz == NULL) { - return BAD_FUNC_ARG; - } - - /* determine size */ - if (exportPriv) { - /* octet string: priv */ - privSz = SetASNIntMP(&key->priv, -1, NULL); - if (privSz < 0) - return privSz; - idx = 1 + SetLength((word32)privSz, NULL) + - (word32)privSz; /* +1 for ASN_OCTET_STRING */ - } - else { - /* bit string: public */ - pubSz = SetASNIntMP(&key->pub, -1, NULL); - if (pubSz < 0) - return pubSz; - idx = SetBitString((word32)pubSz, 0, NULL) + (word32)pubSz; - } - keySz = idx; - - /* DH Parameters sequence with P and G */ - total = 0; - ret = wc_DhParamsToDer(key, NULL, &total); - if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) - return ret; - idx += total; - - /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ - idx += (word32)SetObjectId(sizeof(keyDhOid), NULL); - idx += (word32)sizeof(keyDhOid); - len = idx - keySz; - /* sequence - all but pub/priv */ - idx += SetSequence(len, NULL); - if (exportPriv) { - /* version: 0 (ASN_INTEGER, 0x01, 0x00) */ - idx += 3; - } - /* sequence */ - total = idx + SetSequence(idx, NULL); - - /* if no output, then just getting size */ - if (output == NULL) { - *outSz = total; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - - /* make sure output fits in buffer */ - if (total > *outSz) { - return BUFFER_E; - } - total = idx; - - /* sequence */ - idx = SetSequence(total, output); - if (exportPriv) { - /* version: 0 */ - idx += (word32)SetMyVersion(0, output + idx, 0); - } - /* sequence - all but pub/priv */ - idx += SetSequence(len, output + idx); - /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ - idx += (word32)SetObjectId(sizeof(keyDhOid), output + idx); - XMEMCPY(output + idx, keyDhOid, sizeof(keyDhOid)); - idx += sizeof(keyDhOid); - - /* DH Parameters sequence with P and G */ - total = *outSz - idx; - ret = wc_DhParamsToDer(key, output + idx, &total); - if (ret < 0) - return ret; - idx += total; - - /* octet string: priv */ - if (exportPriv) { - idx += (word32)SetOctetString((word32)privSz, output + idx); - idx += (word32)SetASNIntMP(&key->priv, -1, output + idx); - } - else { - /* bit string: public */ - idx += (word32)SetBitString((word32)pubSz, 0, output + idx); - idx += (word32)SetASNIntMP(&key->pub, -1, output + idx); - } - *outSz = idx; - - return (int)idx; -#else ASNSetData dataASN[dhKeyPkcs8ASN_Length]; int ret = 0; - int sz; + word32 sz = 0; WOLFSSL_ENTER("wc_DhKeyToDer"); @@ -11662,26 +11228,25 @@ /* Calculate the size of the DH parameters. */ ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz); if (output == NULL) { - *outSz = (word32)sz; + *outSz = sz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ - if ((ret == 0) && ((int)*outSz < sz)) { + if ((ret == 0) && (*outSz < sz)) { ret = BUFFER_E; } if (ret == 0) { /* Encode the DH parameters into buffer. */ SetASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, output); /* Set the actual encoding size. */ - *outSz = (word32)sz; + *outSz = sz; /* Return the actual encoding size. */ - ret = sz; + ret = (int)sz; } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz) { return wc_DhKeyToDer(key, out, outSz, 0); @@ -11700,61 +11265,12 @@ * version 2 build. * * return bytes written on success */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - word32 idx, total; - - if (key == NULL || outSz == NULL) { - return BAD_FUNC_ARG; - } - - /* determine size */ - /* integer - g */ - ret = SetASNIntMP(&key->g, -1, NULL); - if (ret < 0) - return ret; - idx = (word32)ret; - /* integer - p */ - ret = SetASNIntMP(&key->p, -1, NULL); - if (ret < 0) - return ret; - idx += (word32)ret; - total = idx; - /* sequence */ - idx += SetSequence(idx, NULL); - - if (output == NULL) { - *outSz = idx; - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - /* make sure output fits in buffer */ - if (idx > *outSz) { - return BUFFER_E; - } - - - /* write DH parameters */ - /* sequence - for P and G only */ - idx = SetSequence(total, output); - /* integer - p */ - ret = SetASNIntMP(&key->p, -1, output + idx); - if (ret < 0) - return ret; - idx += (word32)ret; - /* integer - g */ - ret = SetASNIntMP(&key->g, -1, output + idx); - if (ret < 0) - return ret; - idx += (word32)ret; - *outSz = idx; - - return (int)idx; -#else ASNSetData dataASN[dhParamASN_Length]; int ret = 0; - int sz = 0; + word32 sz = 0; WOLFSSL_ENTER("wc_DhParamsToDer"); @@ -11774,26 +11290,25 @@ ret = SizeASN_Items(dhParamASN, dataASN, dhParamASN_Length, &sz); } if ((ret == 0) && (output == NULL)) { - *outSz = (word32)sz; + *outSz = sz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ - if ((ret == 0) && (*outSz < (word32)sz)) { + if ((ret == 0) && (*outSz < sz)) { ret = BUFFER_E; } if (ret == 0) { /* Encode the DH parameters into buffer. */ SetASN_Items(dhParamASN, dataASN, dhParamASN_Length, output); /* Set the actual encoding size. */ - *outSz = (word32)sz; + *outSz = sz; /* Return count of bytes written. */ - ret = sz; + ret = (int)sz; } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_DH_EXTRA */ /* Decode DH parameters. @@ -11817,44 +11332,10 @@ * @return BUFFER_E when data in buffer is too small. * @return ASN_EXPECT_0_E when the INTEGER has the MSB set. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, byte* g, word32* gInOutSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int ret; - int length; - - if (GetSequence(input, &idx, &length, inSz) <= 0) - return ASN_PARSE_E; - - ret = GetASNInt(input, &idx, &length, inSz); - if (ret != 0) - return ret; - - if (length <= (int)*pInOutSz) { - XMEMCPY(p, &input[idx], (size_t)length); - *pInOutSz = (word32)length; - } - else { - return BUFFER_E; - } - idx += (word32)length; - - ret = GetASNInt(input, &idx, &length, inSz); - if (ret != 0) - return ret; - - if (length <= (int)*gInOutSz) { - XMEMCPY(g, &input[idx], (size_t)length); - *gInOutSz = (word32)length; - } - else { - return BUFFER_E; - } - - return 0; -#else DECL_ASNGETDATA(dataASN, dhParamASN_Length); word32 idx = 0; int ret = 0; @@ -11878,8 +11359,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_DH */ @@ -11986,68 +11467,25 @@ * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; - int ret = 0; - word32 oid; - word32 maxIdx; - - if (input == NULL || inOutIdx == NULL || key == NULL) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - maxIdx = (word32)(*inOutIdx + (word32)length); - if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 || - GetInt(&key->q, input, inOutIdx, maxIdx) < 0 || - GetInt(&key->g, input, inOutIdx, maxIdx) < 0 || - GetInt(&key->y, input, inOutIdx, maxIdx) < 0 ) - ret = ASN_DH_KEY_E; - - if (ret != 0) { - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - ret = GetObjectId(input, inOutIdx, &oid, oidIgnoreType, inSz); - if (ret != 0) - return ret; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || - GetInt(&key->q, input, inOutIdx, inSz) < 0 || - GetInt(&key->g, input, inOutIdx, inSz) < 0) - return ASN_DH_KEY_E; - - if (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) < 0) - return ASN_PARSE_E; - - if (GetInt(&key->y, input, inOutIdx, inSz) < 0 ) - return ASN_DH_KEY_E; - - ret = 0; - } - - key->type = DSA_PUBLIC; - return ret; -#else /* dsaPubKeyASN is longer than dsaPublicKeyASN. */ DECL_ASNGETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; /* Validated parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL)) { - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } ALLOC_ASNGETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap); - if (ret == 0) { + if (ret != 0) + return ret; + + { int i; /* Clear dynamic data items. */ @@ -12085,9 +11523,8 @@ FREE_ASNGETDATA(dataASN, key->heap); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ int wc_DsaParamsDecode(const byte* input, word32* inOutIdx, DsaKey* key, word32 inSz) { @@ -12152,87 +11589,10 @@ * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length, version, ret = 0, temp = 0; - word32 algId = 0; - - /* Sanity checks on input */ - if (input == NULL || inOutIdx == NULL || key == NULL) { - return BAD_FUNC_ARG; - } - - /* if has pkcs8 header skip it */ - if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { - /* ignore error, did not have pkcs8 header */ - } - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - temp = (int)*inOutIdx; - - /* Default case expects a certificate with OctetString but no version ID */ - ret = GetInt(&key->p, input, inOutIdx, inSz); - if (ret < 0) { - mp_clear(&key->p); - ret = ASN_PARSE_E; - } - else { - ret = GetInt(&key->q, input, inOutIdx, inSz); - if (ret < 0) { - mp_clear(&key->p); - mp_clear(&key->q); - ret = ASN_PARSE_E; - } - else { - ret = GetInt(&key->g, input, inOutIdx, inSz); - if (ret < 0) { - mp_clear(&key->p); - mp_clear(&key->q); - mp_clear(&key->g); - ret = ASN_PARSE_E; - } - else { - ret = GetOctetString(input, inOutIdx, &length, inSz); - if (ret < 0) { - mp_clear(&key->p); - mp_clear(&key->q); - mp_clear(&key->g); - ret = ASN_PARSE_E; - } - else { - ret = GetInt(&key->y, input, inOutIdx, inSz); - if (ret < 0) { - mp_clear(&key->p); - mp_clear(&key->q); - mp_clear(&key->g); - mp_clear(&key->y); - ret = ASN_PARSE_E; - } - } - } - } - } - /* An alternate pass if default certificate fails parsing */ - if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) { - *inOutIdx = (word32)temp; - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; - - if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || - GetInt(&key->q, input, inOutIdx, inSz) < 0 || - GetInt(&key->g, input, inOutIdx, inSz) < 0 || - GetInt(&key->y, input, inOutIdx, inSz) < 0 || - GetInt(&key->x, input, inOutIdx, inSz) < 0 ) - return ASN_DH_KEY_E; - } - - key->type = DSA_PRIVATE; - return 0; -#else /* dsaKeyASN is longer than dsaKeyOctASN. */ DECL_ASNGETDATA(dataASN, dsaKeyASN_Length); int ret = 0; @@ -12243,7 +11603,8 @@ ret = BAD_FUNC_ARG; } - CALLOC_ASNGETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNGETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); if (ret == 0) { int i; @@ -12280,24 +11641,10 @@ key->type = DSA_PRIVATE; } - FREE_ASNGETDATA(dataASN, key->heap); + FREE_ASNGETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif } - -#ifndef WOLFSSL_ASN_TEMPLATE -/* Release Tmp DSA resources */ -static WC_INLINE void FreeTmpDsas(byte** tmps, void* heap, int ints) -{ - int i; - - for (i = 0; i < ints; i++) - XFREE(tmps[i], heap, DYNAMIC_TYPE_DSA); - - (void)heap; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ - +#endif /* WOLFSSL_ASN_TEMPLATE */ #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ defined(WOLFSSL_CERT_GEN)) /* Encode a DSA public key into buffer. @@ -12312,166 +11659,13 @@ * encoding size. * @return MEMORY_E when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) { -#ifndef WOLFSSL_ASN_TEMPLATE - /* p, g, q = DSA params, y = public exponent */ -#ifdef WOLFSSL_SMALL_STACK - byte* p = NULL; - byte* g = NULL; - byte* q = NULL; - byte* y = NULL; -#else - byte p[MAX_DSA_INT_SZ]; - byte g[MAX_DSA_INT_SZ]; - byte q[MAX_DSA_INT_SZ]; - byte y[MAX_DSA_INT_SZ]; -#endif - byte innerSeq[MAX_SEQ_SZ]; - byte outerSeq[MAX_SEQ_SZ]; - byte bitString[1 + MAX_LENGTH_SZ + 1]; - int pSz, gSz, qSz, ySz; - word32 idx, innerSeqSz, outerSeqSz, bitStringSz = 0; - WOLFSSL_ENTER("wc_SetDsaPublicKey"); - - if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) { - return BAD_FUNC_ARG; - } - - /* p */ - WC_ALLOC_VAR_EX(p, byte, MAX_DSA_INT_SZ, key->heap, - DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); - if ((pSz = SetASNIntMP(&key->p, MAX_DSA_INT_SZ, p)) < 0) { - WOLFSSL_MSG("SetASNIntMP Error with p"); - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return pSz; - } - - /* q */ - WC_ALLOC_VAR_EX(q, byte, MAX_DSA_INT_SZ, key->heap, - DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); - if ((qSz = SetASNIntMP(&key->q, MAX_DSA_INT_SZ, q)) < 0) { - WOLFSSL_MSG("SetASNIntMP Error with q"); - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return qSz; - } - - /* g */ - WC_ALLOC_VAR_EX(g, byte, MAX_DSA_INT_SZ, key->heap, - DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); - if ((gSz = SetASNIntMP(&key->g, MAX_DSA_INT_SZ, g)) < 0) { - WOLFSSL_MSG("SetASNIntMP Error with g"); - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return gSz; - } - - /* y */ - WC_ALLOC_VAR_EX(y, byte, MAX_DSA_INT_SZ, key->heap, - DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); - if ((ySz = SetASNIntMP(&key->y, MAX_DSA_INT_SZ, y)) < 0) { - WOLFSSL_MSG("SetASNIntMP Error with y"); - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return ySz; - } - - if (with_header) { - word32 algoSz; -#ifdef WOLFSSL_SMALL_STACK - byte* algo = NULL; - - algo = (byte*)XMALLOC(MAX_ALGO_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (algo == NULL) { - XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } -#else - byte algo[MAX_ALGO_SZ]; -#endif - innerSeqSz = SetSequence((word32)(pSz + qSz + gSz), innerSeq); - algoSz = SetAlgoID(DSAk, algo, oidKeyType, 0); - bitStringSz = SetBitString((word32)ySz, 0, bitString); - outerSeqSz = SetSequence(algoSz + innerSeqSz + - (word32)(pSz + qSz + gSz), outerSeq); - - idx = SetSequence(algoSz + innerSeqSz + (word32)(pSz + qSz + gSz) + - bitStringSz + (word32)ySz + outerSeqSz, output); - - /* check output size */ - if ((idx + algoSz + bitStringSz + innerSeqSz + - (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) - { - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("Error, output size smaller than outlen"); - return BUFFER_E; - } - - /* outerSeq */ - XMEMCPY(output + idx, outerSeq, outerSeqSz); - idx += outerSeqSz; - /* algo */ - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - WC_FREE_VAR_EX(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } else { - innerSeqSz = SetSequence((word32)(pSz + qSz + gSz + ySz), innerSeq); - - /* check output size */ - if ((innerSeqSz + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) { - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("Error, output size smaller than outlen"); - return BUFFER_E; - } - - idx = 0; - } - - /* innerSeq */ - XMEMCPY(output + idx, innerSeq, innerSeqSz); - idx += innerSeqSz; - /* p */ - XMEMCPY(output + idx, p, (size_t)pSz); - idx += (word32)pSz; - /* q */ - XMEMCPY(output + idx, q, (size_t)qSz); - idx += (word32)qSz; - /* g */ - XMEMCPY(output + idx, g, (size_t)gSz); - idx += (word32)gSz; - /* bit string */ - if (bitStringSz > 0) { - XMEMCPY(output + idx, bitString, bitStringSz); - idx += bitStringSz; - } - /* y */ - XMEMCPY(output + idx, y, (size_t)ySz); - idx += (word32)ySz; - - WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return (int)idx; -#else DECL_ASNSETDATA(dataASN, dsaPubKeyASN_Length); int ret = 0; int i; - int sz = 0; + word32 sz = 0; const ASNItem *data = NULL; int count = 0; @@ -12481,7 +11675,8 @@ ret = BAD_FUNC_ARG; } - CALLOC_ASNSETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, dsaPubKeyASN_Length, ret, key->heap); if (ret == 0) { if (with_header) { @@ -12512,7 +11707,7 @@ ret = SizeASN_Items(data, dataASN, count, &sz); } /* Check buffer is big enough for encoding. */ - if ((ret == 0) && (sz > (int)outLen)) { + if ((ret == 0) && (sz > (word32)outLen)) { ret = BAD_FUNC_ARG; } /* Encode the DSA public key into output buffer. */ @@ -12520,11 +11715,10 @@ ret = SetASN_Items(data, dataASN, count, output); } - FREE_ASNSETDATA(dataASN, key->heap); + FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Encode a DSA public key into buffer. * * @param [out] output Buffer to hold encoded data. @@ -12543,87 +11737,13 @@ } #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, int ints, int includeVersion) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen, j; - word32 sizes[DSA_INTS]; - int i, ret = 0; - - byte seq[MAX_SEQ_SZ]; - byte ver[MAX_VERSION_SZ]; - byte* tmps[DSA_INTS]; - - if (ints > DSA_INTS || inLen == NULL) - return BAD_FUNC_ARG; - - XMEMSET(sizes, 0, sizeof(sizes)); - for (i = 0; i < ints; i++) - tmps[i] = NULL; - - /* write all big ints from key to DER tmps */ - for (i = 0; i < ints; i++) { - int mpSz; - mp_int* keyInt = GetDsaInt(key, i); - word32 rawLen = (word32)mp_unsigned_bin_size(keyInt) + 1; - - tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, - DYNAMIC_TYPE_DSA); - if (tmps[i] == NULL) { - ret = MEMORY_E; - break; - } - - mpSz = SetASNIntMP(keyInt, -1, tmps[i]); - if (mpSz < 0) { - ret = mpSz; - break; - } - sizes[i] = (word32)mpSz; - intTotalLen += (word32)mpSz; - } - - if (ret != 0) { - FreeTmpDsas(tmps, key->heap, ints); - return ret; - } - - /* make headers */ - if (includeVersion) - verSz = (word32)SetMyVersion(0, ver, FALSE); - seqSz = SetSequence(verSz + intTotalLen, seq); - - outLen = seqSz + verSz + intTotalLen; - *inLen = outLen; - if (output == NULL) { - FreeTmpDsas(tmps, key->heap, ints); - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - if (outLen > *inLen) { - FreeTmpDsas(tmps, key->heap, ints); - return BAD_FUNC_ARG; - } - - /* write to output */ - XMEMCPY(output, seq, seqSz); - j = seqSz; - if (includeVersion) { - XMEMCPY(output + j, ver, verSz); - j += verSz; - } - - for (i = 0; i < ints; i++) { - XMEMCPY(output + j, tmps[i], sizes[i]); - j += sizes[i]; - } - FreeTmpDsas(tmps, key->heap, ints); - - return (int)outLen; -#else DECL_ASNSETDATA(dataASN, dsaKeyASN_Length); int ret = 0; - int sz = 0; + word32 sz = 0; (void)ints; @@ -12633,8 +11753,8 @@ if ((ret == 0) && (ints > DSA_INTS)) { ret = BAD_FUNC_ARG; } - - CALLOC_ASNSETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, dsaKeyASN_Length, ret, key->heap); if (ret == 0) { int i; @@ -12659,25 +11779,24 @@ ret = SizeASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, &sz); } if ((ret == 0) && (output == NULL)) { - *inLen = (word32)sz; + *inLen = sz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ - if ((ret == 0) && (sz > (int)*inLen)) { + if ((ret == 0) && (sz > *inLen)) { ret = BAD_FUNC_ARG; } if (ret == 0) { /* Encode the DSA private key into output buffer. */ SetASN_Items(dsaKeyASN, dataASN, dsaKeyASN_Length, output); /* Return the size of the encoding. */ - ret = sz; + ret = (int)sz; } - FREE_ASNSETDATA(dataASN, key->heap); + FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Encode a DSA private key into buffer. * * @param [in] key DSA key object. @@ -12806,12 +11925,33 @@ while (altNames) { DNS_entry* tmp = altNames->next; - XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); + if (altNames->nameStored) { + /* safe cast -- .nameStored signifies that the pointer comes from + * our own earlier XMALLOC(). + */ + XFREE((void *)(wc_ptr_t)altNames->name, heap, + DYNAMIC_TYPE_ALTNAME); + altNames->nameStored = 0; + } #ifdef WOLFSSL_IP_ALT_NAME - XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); + if (altNames->ipStringStored) { + /* safe cast -- .ipStringStored signifies that the pointer comes + * from our own earlier XMALLOC(). + */ + XFREE((void *)(wc_ptr_t)altNames->ipString, heap, + DYNAMIC_TYPE_ALTNAME); + altNames->ipStringStored = 0; + } #endif #ifdef WOLFSSL_RID_ALT_NAME - XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME); + if (altNames->ridStringStored) { + /* safe cast -- .ridStringStored signifies that the pointer comes + * from our own earlier XMALLOC(). + */ + XFREE((void *)(wc_ptr_t)altNames->ridString, heap, + DYNAMIC_TYPE_ALTNAME); + altNames->ridStringStored = 0; + } #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); altNames = tmp; @@ -12845,11 +11985,14 @@ ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME); + ret->nameStored = 1; #ifdef WOLFSSL_IP_ALT_NAME ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME); + ret->ipStringStored = 1; #endif #ifdef WOLFSSL_RID_ALT_NAME ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME); + ret->ridStringStored = 1; #endif if (ret->name == NULL #ifdef WOLFSSL_IP_ALT_NAME @@ -12905,10 +12048,18 @@ if (cert == NULL) return; if (cert->subjectCNStored == 1) { - XFREE(cert->subjectCN, cert->heap, DYNAMIC_TYPE_SUBJECT_CN); + /* safe cast -- .subjectCNStored signifies that the pointer comes from + * our own earlier XMALLOC(). + */ + XFREE((void*)(wc_ptr_t)cert->subjectCN, cert->heap, + DYNAMIC_TYPE_SUBJECT_CN); } if (cert->pubKeyStored == 1) { - XFREE((void*)cert->publicKey, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + /* safe cast -- .pubKeyStored signifies that the pointer comes from our + * own earlier XMALLOC(). + */ + XFREE((void*)(wc_ptr_t)cert->publicKey, cert->heap, + DYNAMIC_TYPE_PUBLIC_KEY); } if (cert->weOwnAltNames && cert->altNames) FreeAltNames(cert->altNames, cert->heap); @@ -12944,39 +12095,6 @@ FreeDecodedCert(cert); } -#ifndef WOLFSSL_ASN_TEMPLATE -static int GetCertHeader(DecodedCert* cert) -{ - int ret = 0, len; - - if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) - return ASN_PARSE_E; - - /* Reset the max index for the size indicated in the outer wrapper. */ - cert->maxIdx = (word32)len + cert->srcIdx; - cert->certBegin = cert->srcIdx; - - if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) - return ASN_PARSE_E; - - cert->sigIndex = (word32)len + cert->srcIdx; - if (cert->sigIndex > cert->maxIdx) - return ASN_PARSE_E; - - if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version, - cert->sigIndex) < 0) - return ASN_PARSE_E; - - ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, - &cert->serialSz, cert->sigIndex); - if (ret < 0) { - return ret; - } - - return ret; -} -#endif - #if defined(HAVE_ED25519) || defined(HAVE_ED448) || defined(HAVE_FALCON) || \ defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) /* Store the key data under the BIT_STRING in dynamically allocated data. @@ -13013,6 +12131,11 @@ cert->pubKeyStored = 1; cert->pubKeySize = (word32)length; +#ifdef HAVE_OCSP_RESPONDER + cert->publicKeyForHash = cert->publicKey; + cert->pubKeyForHashSize = cert->pubKeySize; +#endif + *srcIdx += (word32)length; } } @@ -13124,78 +12247,12 @@ * @return BAD_FUNC_ARG when key or key's parameters is NULL. * @return MEMORY_E when dynamic memory allocation failed. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, int with_header, int comp) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - word32 idx = 0, curveSz, algoSz, pubSz, bitStringSz; - byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */ - byte algo[MAX_ALGO_SZ]; /* 20 */ - - /* public size */ - pubSz = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; - if (comp) - pubSz = 1 + pubSz; - else - pubSz = 1 + 2 * pubSz; - - /* check for buffer overflow */ - if (output != NULL && pubSz > (word32)outLen) { - return BUFFER_E; - } - - /* headers */ - if (with_header) { - ret = SetCurve(key, NULL, 0); - if (ret <= 0) { - return ret; - } - curveSz = (word32)ret; - ret = 0; - - /* calculate size */ - algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, (int)curveSz); - bitStringSz = SetBitString(pubSz, 0, bitString); - idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, NULL); - - /* check for buffer overflow */ - if (output != NULL && - curveSz + algoSz + bitStringSz + idx + pubSz > (word32)outLen) { - return BUFFER_E; - } - - idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, - output); - /* algo */ - if (output) - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - /* curve */ - if (output) - (void)SetCurve(key, output + idx, curveSz); - idx += curveSz; - /* bit string */ - if (output) - XMEMCPY(output + idx, bitString, bitStringSz); - idx += bitStringSz; - } - - /* pub */ - if (output) { - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963_ex(key, output + idx, &pubSz, comp); - PRIVATE_KEY_LOCK(); - if (ret != 0) { - return ret; - } - } - idx += pubSz; - - return (int)idx; -#else word32 pubSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; int curveIdSz = 0; byte* curveOid = NULL; @@ -13208,7 +12265,8 @@ if (ret == 0) { /* Calculate the size of the encoded public point. */ PRIVATE_KEY_UNLOCK(); - #if defined(HAVE_COMP_KEY) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + #if defined(HAVE_COMP_KEY) && \ + (defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) /* in earlier versions of FIPS the get length functionality is not * available with compressed keys */ pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES; @@ -13255,7 +12313,7 @@ } /* Check buffer, if passed in, is big enough for encoded data. */ - if ((ret == 0) && (output != NULL) && (sz > outLen)) { + if ((ret == 0) && (output != NULL) && (sz > (word32)outLen)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { @@ -13263,9 +12321,10 @@ SetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length, output); /* Skip to where public point is to be encoded. */ - output += sz - (int)pubSz; + output += sz - pubSz; /* Cache the location to place the name curve OID. */ - curveOid = (byte*) + /* safe cast -- the pointer is actually inside the output buffer. */ + curveOid = (byte*)(wc_ptr_t) dataASN[ECCPUBLICKEYASN_IDX_ALGOID_CURVEID].data.buffer.data; } @@ -13276,7 +12335,7 @@ } else { /* Total size is the public point size. */ - sz = (int)pubSz; + sz = pubSz; } if ((ret == 0) && (output != NULL)) { @@ -13294,13 +12353,12 @@ } if (ret == 0) { /* Return the size of the encoding. */ - ret = sz; + ret = (int)sz; } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Encode the public part of an ECC key in a DER. * @@ -13381,18 +12439,13 @@ * @return BAD_FUNC_ARG when key is NULL. * @return MEMORY_E when dynamic memory allocation failed. */ +#ifdef WOLFSSL_ASN_TEMPLATE int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, byte* output, word32 outLen, int keyType, int withHeader) { int ret = 0; -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 seqDataSz = 0; - word32 sz; -#else - int sz = 0; + word32 sz = 0; DECL_ASNSETDATA(dataASN, publicKeyASN_Length); -#endif /* validate parameters */ if (pubKey == NULL){ @@ -13402,46 +12455,6 @@ return BUFFER_E; } -#ifndef WOLFSSL_ASN_TEMPLATE - /* calculate size */ - if (withHeader) { - word32 algoSz = SetAlgoID(keyType, NULL, oidKeyType, 0); - word32 bitStringSz = SetBitString(pubKeyLen, 0, NULL); - - seqDataSz = algoSz + bitStringSz + pubKeyLen; - sz = SetSequence(seqDataSz, NULL) + seqDataSz; - } - else { - sz = pubKeyLen; - } - - /* checkout output size */ - if (output != NULL && sz > outLen) { - ret = BUFFER_E; - } - - /* headers */ - if (ret == 0 && output != NULL && withHeader) { - /* sequence */ - idx = SetSequence(seqDataSz, output); - /* algo */ - idx += SetAlgoID(keyType, output + idx, oidKeyType, 0); - /* bit string */ - idx += SetBitString(pubKeyLen, 0, output + idx); - } - - if (ret == 0 && output != NULL) { - /* pub */ - XMEMCPY(output + idx, pubKey, pubKeyLen); - idx += pubKeyLen; - - sz = idx; - } - - if (ret == 0) { - ret = (int)sz; - } -#else if (withHeader) { CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL); @@ -13455,14 +12468,16 @@ ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, &sz); } - if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) { + if ((ret == 0) && (output != NULL) && (sz > outLen)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { /* Encode public key. */ SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output); /* Set location to encode public point. */ - output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data; + /* safe cast -- the pointer is actually inside the output buffer. */ + output = (byte*)(wc_ptr_t) + dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data; } FREE_ASNSETDATA(dataASN, NULL); @@ -13471,7 +12486,7 @@ ret = BUFFER_E; } else if (ret == 0) { - sz = (int)pubKeyLen; + sz = pubKeyLen; } if ((ret == 0) && (output != NULL)) { @@ -13479,11 +12494,11 @@ XMEMCPY(output, pubKey, pubKeyLen); } if (ret == 0) { - ret = sz; + ret = (int)sz; } -#endif /* WOLFSSL_ASN_TEMPLATE */ return ret; } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WC_ENABLE_ASYM_KEY_EXPORT */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) @@ -13586,39 +12601,10 @@ * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx, word32 maxIdx) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; - int pubLen; - word32 pubIdx; - - if (CheckBitString(source, srcIdx, &pubLen, maxIdx, 1, NULL) != 0) - return ASN_PARSE_E; - pubIdx = *srcIdx; - - if (GetSequence(source, srcIdx, &length, pubIdx + (word32)pubLen) < 0) - return ASN_PARSE_E; - -#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - cert->sigCtx.CertAtt.pubkey_n_start = - cert->sigCtx.CertAtt.pubkey_e_start = pubIdx; -#endif - cert->pubKeySize = (word32)pubLen; - cert->publicKey = source + pubIdx; -#ifdef WOLFSSL_MAXQ10XX_TLS - cert->publicKeyIndex = pubIdx; -#endif - *srcIdx += (word32)length; - -#ifdef HAVE_OCSP - return CalcHashId_ex(cert->publicKey, cert->pubKeySize, - cert->subjectKeyHash, HashIdAlg(cert->signatureOID)); -#else - return 0; -#endif -#else ASNGetData dataASN[rsaCertKeyASN_Length]; int ret; @@ -13642,6 +12628,10 @@ cert->sigCtx.CertAtt.pubkey_n_start = cert->sigCtx.CertAtt.pubkey_e_start = dataASN[RSACERTKEYASN_IDX_SEQ].offset; #endif + #ifdef HAVE_OCSP_RESPONDER + cert->publicKeyForHash = cert->publicKey; + cert->pubKeyForHashSize = cert->pubKeySize; + #endif #ifdef HAVE_OCSP /* Calculate the hash of the public key for OCSP. */ ret = CalcHashId_ex(cert->publicKey, cert->pubKeySize, @@ -13650,8 +12640,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_RSA && !NO_CERTS */ #if defined(HAVE_ECC) && !defined(NO_CERTS) @@ -13702,73 +12692,10 @@ * non-zero length. * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx, word32 maxIdx, const byte* pubKey, word32 pubKeyLen) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - word32 localIdx; - byte* publicKey; - byte tag; - int length; - - if (pubKey == NULL) { - return BAD_FUNC_ARG; - } - - localIdx = *srcIdx; - if (GetASNTag(source, &localIdx, &tag, maxIdx) < 0) - return ASN_PARSE_E; - - if (tag != (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - if (GetObjectId(source, srcIdx, &cert->pkCurveOID, oidCurveType, - maxIdx) < 0) - return ASN_PARSE_E; - - if ((ret = CheckCurve(cert->pkCurveOID)) < 0) - return ECC_CURVE_OID_E; - - #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) - cert->sigCtx.CertAtt.curve_id = ret; - #else - (void)ret; - #endif - /* key header */ - ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL); - if (ret != 0) - return ret; - #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) - cert->sigCtx.CertAtt.pubkey_n_start = - cert->sigCtx.CertAtt.pubkey_e_start = (*srcIdx + 1); - cert->sigCtx.CertAtt.pubkey_n_len = ((length - 1) >> 1); - cert->sigCtx.CertAtt.pubkey_e_start += - cert->sigCtx.CertAtt.pubkey_n_len; - cert->sigCtx.CertAtt.pubkey_e_len = - cert->sigCtx.CertAtt.pubkey_n_len; - #endif - #ifdef WOLFSSL_MAXQ10XX_TLS - cert->publicKeyIndex = *srcIdx + 1; - #endif - - #ifdef HAVE_OCSP - ret = CalcHashId_ex(source + *srcIdx, (word32)length, - cert->subjectKeyHash, HashIdAlg(cert->signatureOID)); - if (ret != 0) - return ret; - #endif - *srcIdx += (word32)length; - } - - publicKey = (byte*)XMALLOC(pubKeyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (publicKey == NULL) - return MEMORY_E; - XMEMCPY(publicKey, pubKey, pubKeyLen); - cert->publicKey = publicKey; - cert->pubKeyStored = 1; - cert->pubKeySize = pubKeyLen; - - return 0; -#else int ret = 0; DECL_ASNGETDATA(dataASN, eccCertKeyASN_Length); byte* publicKey; @@ -13803,13 +12730,31 @@ ret = ASN_PARSE_E; #endif } - + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) + cert->sigCtx.CertAtt.pubkey_n_start = + cert->sigCtx.CertAtt.pubkey_e_start = + GetASNItem_DataIdx( + dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source) + 1; + cert->sigCtx.CertAtt.pubkey_n_len = + ((dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.length - 1) >> 1); + cert->sigCtx.CertAtt.pubkey_e_start += + cert->sigCtx.CertAtt.pubkey_n_len; + cert->sigCtx.CertAtt.pubkey_e_len = + cert->sigCtx.CertAtt.pubkey_n_len; + #endif #ifdef WOLFSSL_MAXQ10XX_TLS cert->publicKeyIndex = GetASNItem_DataIdx(dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY], source) + 1; #endif + #ifdef HAVE_OCSP_RESPONDER + cert->publicKeyForHash = + dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.data; + cert->pubKeyForHashSize = + dataASN[ECCCERTKEYASN_IDX_SUBJPUBKEY].data.ref.length; + #endif + #ifdef HAVE_OCSP if (ret == 0) { /* Calculate the hash of the subject public key for OCSP. */ @@ -13841,8 +12786,8 @@ FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* HAVE_ECC && !NO_CERTS */ #ifndef NO_CERTS @@ -13880,41 +12825,10 @@ * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - int length; - - (void)heap; - - ret = GetSequence(source, srcIdx, &length, maxIdx); - if (ret < 0) - return ret; - - ret = SkipInt(source, srcIdx, maxIdx); - if (ret != 0) - return ret; - ret = SkipInt(source, srcIdx, maxIdx); - if (ret != 0) - return ret; - ret = SkipInt(source, srcIdx, maxIdx); - if (ret != 0) - return ret; - - ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL); - if (ret != 0) - return ret; - - ret = GetASNInt(source, srcIdx, &length, maxIdx); - if (ret != 0) - return ASN_PARSE_E; - - *srcIdx += (word32)length; - - return 0; -#else DECL_ASNGETDATA(dataASN, dsaCertKeyASN_Length); int ret = 0; @@ -13929,8 +12843,8 @@ FREE_ASNGETDATA(dataASN, heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_DSA */ /* Decode the SubjectPublicKeyInfo block in a certificate. @@ -14267,7 +13181,8 @@ /* Set the string for a name component into the subject name. */ #define SetCertNameSubject(cert, id, val) \ - *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = (val) + *((const char**)(((byte *)(cert)) + certNameSubject[(id) - 3].data)) = \ + (val) /* Set the string length for a name component into the subject name. */ #define SetCertNameSubjectLen(cert, id, val) \ *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].len)) = (int)(val) @@ -14298,7 +13213,8 @@ /* Set the string for a name component into the issuer name. */ #define SetCertNameIssuer(cert, id, val) \ - *((char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = (val) + *((const char**)(((byte *)(cert)) + certNameSubject[(id) - 3].dataI)) = \ + (val) /* Set the string length for a name component into the issuer name. */ #define SetCertNameIssuerLen(cert, id, val) \ *((int*)(((byte *)(cert)) + certNameSubject[(id) - 3].lenI)) = (int)(val) @@ -14735,7 +13651,7 @@ int ret = 0; size_t nameSz = 0; char tmpName[WOLFSSL_MAX_IPSTR]; - unsigned char* ip; + const unsigned char* ip; if (entry == NULL || entry->type != ASN_IP_TYPE) { return BAD_FUNC_ARG; @@ -14746,7 +13662,7 @@ WOLFSSL_MSG("Unexpected IP size"); return BAD_FUNC_ARG; } - ip = (unsigned char*)entry->name; + ip = (const unsigned char*)entry->name; XMEMSET(tmpName, 0, sizeof(tmpName)); @@ -14781,6 +13697,9 @@ if (entry->ipString == NULL) { ret = MEMORY_E; } + else { + entry->ipStringStored = 1; + } if (ret == 0) { XMEMCPY(entry->ipString, tmpName, nameSz); @@ -14879,6 +13798,9 @@ if (entry->ridString == NULL) { ret = MEMORY_E; } + else { + entry->ridStringStored = 1; + } if (ret == 0) { XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1)); @@ -14941,6 +13863,7 @@ { DNS_entry* dnsEntry; int ret = 0; + char *dnsEntry_name = NULL; /* TODO: consider one malloc. */ /* Allocate DNS Entry object. */ @@ -14950,18 +13873,21 @@ } if (ret == 0) { /* Allocate DNS Entry name - length of string plus 1 for NUL. */ - dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap, - DYNAMIC_TYPE_ALTNAME); + dnsEntry->name = dnsEntry_name = (char*)XMALLOC((size_t)strLen + 1, + heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { ret = MEMORY_E; } + else { + dnsEntry->nameStored = 1; + } } if (ret == 0) { /* Set tag type, name length, name and NUL terminate name. */ dnsEntry->type = type; dnsEntry->len = strLen; - XMEMCPY(dnsEntry->name, str, (size_t)strLen); - dnsEntry->name[strLen] = '\0'; + XMEMCPY(dnsEntry_name, str, (size_t)strLen); + dnsEntry_name[strLen] = '\0'; #ifdef WOLFSSL_RID_ALT_NAME /* store registeredID as a string */ @@ -14980,7 +13906,7 @@ /* failure cleanup */ if (ret != 0 && dnsEntry != NULL) { - XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry_name, heap, DYNAMIC_TYPE_ALTNAME); XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME); } @@ -14997,21 +13923,21 @@ * @param [in] tag BER tag representing encoding of string. * @return 0 on success, negative values on failure. */ -static int SetSubject(DecodedCert* cert, int id, byte* str, int strLen, +static int SetSubject(DecodedCert* cert, int id, const byte* str, int strLen, byte tag) { int ret = 0; /* Put string and encoding into certificate. */ if (id == ASN_COMMON_NAME) { - cert->subjectCN = (char *)str; + cert->subjectCN = (const char *)str; cert->subjectCNLen = (int)strLen; cert->subjectCNEnc = (char)tag; } #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) { /* Use table and offsets to put data into appropriate fields. */ - SetCertNameSubject(cert, id, (char*)str); + SetCertNameSubject(cert, id, (const char*)str); SetCertNameSubjectLen(cert, id, strLen); SetCertNameSubjectEnc(cert, id, tag); } @@ -15019,19 +13945,19 @@ #if !defined(IGNORE_NAME_CONSTRAINTS) || \ defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) else if (id == ASN_EMAIL) { - cert->subjectEmail = (char*)str; + cert->subjectEmail = (const char*)str; cert->subjectEmailLen = strLen; } #endif #ifdef WOLFSSL_CERT_EXT /* TODO: consider mapping id to an index and using SetCertNameSubect*(). */ else if (id == ASN_JURIS_C) { - cert->subjectJC = (char*)str; + cert->subjectJC = (const char*)str; cert->subjectJCLen = strLen; cert->subjectJCEnc = (char)tag; } else if (id == ASN_JURIS_ST) { - cert->subjectJS = (char*)str; + cert->subjectJS = (const char*)str; cert->subjectJSLen = strLen; cert->subjectJSEnc = (char)tag; } @@ -15051,25 +13977,25 @@ * @param [in] tag BER tag representing encoding of string. * @return 0 on success, negative values on failure. */ -static int SetIssuer(DecodedCert* cert, int id, byte* str, int strLen, +static int SetIssuer(DecodedCert* cert, int id, const byte* str, int strLen, byte tag) { int ret = 0; /* Put string and encoding into certificate. */ if (id == ASN_COMMON_NAME) { - cert->issuerCN = (char *)str; + cert->issuerCN = (const char *)str; cert->issuerCNLen = (int)strLen; cert->issuerCNEnc = (char)tag; } else if (id > ASN_COMMON_NAME && id <= ASN_USER_ID) { /* Use table and offsets to put data into appropriate fields. */ - SetCertNameIssuer(cert, id, (char*)str); + SetCertNameIssuer(cert, id, (const char*)str); SetCertNameIssuerLen(cert, id, strLen); SetCertNameIssuerEnc(cert, id, tag); } else if (id == ASN_EMAIL) { - cert->issuerEmail = (char*)str; + cert->issuerEmail = (const char*)str; cert->issuerEmailLen = strLen; } @@ -15095,7 +14021,7 @@ int ret = 0; const char* typeStr = NULL; byte typeStrLen = 0; - byte* oid; + const byte* oid; word32 oidSz; int id = 0; @@ -15207,7 +14133,7 @@ if ((ret == 0) && (typeStr != NULL)) { /* OID type to store for subject name and add to full string. */ - byte* str; + const byte* str; word32 strLen; byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag; @@ -15264,698 +14190,10 @@ * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. * @return MEMORY_E when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, const byte* input, word32* inOutIdx, word32 maxIdx) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; /* length of all distinguished names */ - int dummy; - int ret; - word32 idx; - word32 srcIdx = *inOutIdx; -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - WOLFSSL_X509_NAME* dName = NULL; -#endif - - WOLFSSL_MSG("Getting Cert Name"); - - /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be - * calculated over the entire DER encoding of the Name field, including - * the tag and length. */ - if (CalcHashId_ex(input + *inOutIdx, maxIdx - *inOutIdx, hash, - HashIdAlg(cert->signatureOID)) != 0) { - return ASN_PARSE_E; - } - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - dName = wolfSSL_X509_NAME_new_ex(cert->heap); - if (dName == NULL) { - return MEMORY_E; - } -#endif /* OPENSSL_EXTRA */ - - if (GetSequence(input, &srcIdx, &length, maxIdx) < 0) { -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); -#endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - -#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) - /* store pointer to raw issuer */ - if (nameType == ASN_ISSUER) { - cert->issuerRaw = &input[srcIdx]; - cert->issuerRawLen = length; - } -#endif -#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectRaw = &input[srcIdx]; - cert->subjectRawLen = length; - } -#endif - - length += (int)srcIdx; - idx = 0; - - while (srcIdx < (word32)length) { - byte b = 0; - byte joint[3]; - byte tooBig = FALSE; - int oidSz; - const char* copy = NULL; - int copyLen = 0; - int strLen = 0; - byte id = 0; - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - int nid = WC_NID_undef; - int enc; - #endif /* OPENSSL_EXTRA */ - - if (GetSet(input, &srcIdx, &dummy, maxIdx) < 0) { - WOLFSSL_MSG("Cert name lacks set header, trying sequence"); - } - - if (GetSequence(input, &srcIdx, &dummy, maxIdx) <= 0) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - - ret = GetASNObjectId(input, &srcIdx, &oidSz, maxIdx); - if (ret != 0) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ret; - } - - /* make sure there is room for joint */ - if ((srcIdx + sizeof(joint)) > (word32)maxIdx) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - - XMEMCPY(joint, &input[srcIdx], sizeof(joint)); - - /* v1 name types */ - if (joint[0] == 0x55 && joint[1] == 0x04) { - srcIdx += 3; - id = joint[2]; - if (GetHeader(input, &b, &srcIdx, &strLen, maxIdx, 1) < 0) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - - #ifndef WOLFSSL_NO_ASN_STRICT - /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being - * 1..MAX in length */ - if (strLen < 1) { - WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" - " found"); - WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow" - " empty DirectoryString's"); - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - #endif - - if (id == ASN_COMMON_NAME) { - if (nameType == ASN_SUBJECT) { - cert->subjectCN = (char *)&input[srcIdx]; - cert->subjectCNLen = strLen; - cert->subjectCNEnc = (char)b; - } - #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ - defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerCN = (char*)&input[srcIdx]; - cert->issuerCNLen = strLen; - cert->issuerCNEnc = (char)b; - } - #endif - - copy = WOLFSSL_COMMON_NAME; - copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_commonName; - #endif /* OPENSSL_EXTRA */ - } - #ifdef WOLFSSL_CERT_NAME_ALL - else if (id == ASN_NAME) { - copy = WOLFSSL_NAME; - copyLen = sizeof(WOLFSSL_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectN = (char*)&input[srcIdx]; - cert->subjectNLen = strLen; - cert->subjectNEnc = b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_name; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_INITIALS) { - copy = WOLFSSL_INITIALS; - copyLen = sizeof(WOLFSSL_INITIALS) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectI = (char*)&input[srcIdx]; - cert->subjectILen = strLen; - cert->subjectIEnc = b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_initials; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_GIVEN_NAME) { - copy = WOLFSSL_GIVEN_NAME; - copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectGN = (char*)&input[srcIdx]; - cert->subjectGNLen = strLen; - cert->subjectGNEnc = b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_givenName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_DNQUALIFIER) { - copy = WOLFSSL_DNQUALIFIER; - copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectDNQ = (char*)&input[srcIdx]; - cert->subjectDNQLen = strLen; - cert->subjectDNQEnc = b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_dnQualifier; - #endif /* OPENSSL_EXTRA */ - } - #endif /* WOLFSSL_CERT_NAME_ALL */ - else if (id == ASN_SUR_NAME) { - copy = WOLFSSL_SUR_NAME; - copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectSN = (char*)&input[srcIdx]; - cert->subjectSNLen = strLen; - cert->subjectSNEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerSN = (char*)&input[srcIdx]; - cert->issuerSNLen = strLen; - cert->issuerSNEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_surname; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_COUNTRY_NAME) { - copy = WOLFSSL_COUNTRY_NAME; - copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectC = (char*)&input[srcIdx]; - cert->subjectCLen = strLen; - cert->subjectCEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerC = (char*)&input[srcIdx]; - cert->issuerCLen = strLen; - cert->issuerCEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_countryName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_LOCALITY_NAME) { - copy = WOLFSSL_LOCALITY_NAME; - copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectL = (char*)&input[srcIdx]; - cert->subjectLLen = strLen; - cert->subjectLEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerL = (char*)&input[srcIdx]; - cert->issuerLLen = strLen; - cert->issuerLEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_localityName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_STATE_NAME) { - copy = WOLFSSL_STATE_NAME; - copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectST = (char*)&input[srcIdx]; - cert->subjectSTLen = strLen; - cert->subjectSTEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerST = (char*)&input[srcIdx]; - cert->issuerSTLen = strLen; - cert->issuerSTEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_stateOrProvinceName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_ORG_NAME) { - copy = WOLFSSL_ORG_NAME; - copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectO = (char*)&input[srcIdx]; - cert->subjectOLen = strLen; - cert->subjectOEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerO = (char*)&input[srcIdx]; - cert->issuerOLen = strLen; - cert->issuerOEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_organizationName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_ORGUNIT_NAME) { - copy = WOLFSSL_ORGUNIT_NAME; - copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectOU = (char*)&input[srcIdx]; - cert->subjectOULen = strLen; - cert->subjectOUEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerOU = (char*)&input[srcIdx]; - cert->issuerOULen = strLen; - cert->issuerOUEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_organizationalUnitName; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_SERIAL_NUMBER) { - copy = WOLFSSL_SERIAL_NUMBER; - copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectSND = (char*)&input[srcIdx]; - cert->subjectSNDLen = strLen; - cert->subjectSNDEnc = (char)b; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ASN_ISSUER) { - cert->issuerSND = (char*)&input[srcIdx]; - cert->issuerSNDLen = strLen; - cert->issuerSNDEnc = (char)b; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_serialNumber; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_USER_ID) { - copy = WOLFSSL_USER_ID; - copyLen = sizeof(WOLFSSL_USER_ID) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectUID = (char*)&input[srcIdx]; - cert->subjectUIDLen = strLen; - cert->subjectUIDEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_userId; - #endif /* OPENSSL_EXTRA */ - } - #ifdef WOLFSSL_CERT_EXT - else if (id == ASN_STREET_ADDR) { - copy = WOLFSSL_STREET_ADDR_NAME; - copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectStreet = (char*)&input[srcIdx]; - cert->subjectStreetLen = strLen; - cert->subjectStreetEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_streetAddress; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_BUS_CAT) { - copy = WOLFSSL_BUS_CAT; - copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectBC = (char*)&input[srcIdx]; - cert->subjectBCLen = strLen; - cert->subjectBCEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_businessCategory; - #endif /* OPENSSL_EXTRA */ - } - else if (id == ASN_POSTAL_CODE) { - copy = WOLFSSL_POSTAL_NAME; - copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectPC = (char*)&input[srcIdx]; - cert->subjectPCLen = strLen; - cert->subjectPCEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_postalCode; - #endif /* OPENSSL_EXTRA */ - } - #endif /* WOLFSSL_CERT_EXT */ - } - #ifdef WOLFSSL_CERT_EXT - else if ((srcIdx + ASN_JOI_PREFIX_SZ + 2 <= (word32)maxIdx) && - (0 == XMEMCMP(&input[srcIdx], ASN_JOI_PREFIX, - ASN_JOI_PREFIX_SZ)) && - ((input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_C) || - (input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_ST))) - { - srcIdx += ASN_JOI_PREFIX_SZ; - id = input[srcIdx++]; - b = input[srcIdx++]; /* encoding */ - - if (GetLength(input, &srcIdx, &strLen, - maxIdx) < 0) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - - /* Check for jurisdiction of incorporation country name */ - if (id == ASN_JOI_C) { - copy = WOLFSSL_JOI_C; - copyLen = sizeof(WOLFSSL_JOI_C) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectJC = (char*)&input[srcIdx]; - cert->subjectJCLen = strLen; - cert->subjectJCEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_jurisdictionCountryName; - #endif /* OPENSSL_EXTRA */ - } - - /* Check for jurisdiction of incorporation state name */ - else if (id == ASN_JOI_ST) { - copy = WOLFSSL_JOI_ST; - copyLen = sizeof(WOLFSSL_JOI_ST) - 1; - #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectJS = (char*)&input[srcIdx]; - cert->subjectJSLen = strLen; - cert->subjectJSEnc = (char)b; - } - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_jurisdictionStateOrProvinceName; - #endif /* OPENSSL_EXTRA */ - } - - if ((strLen + copyLen) > (int)(WC_ASN_NAME_MAX - idx)) { - WOLFSSL_MSG("ASN Name too big, skipping"); - tooBig = TRUE; - } - } - #endif /* WOLFSSL_CERT_EXT */ - else { - /* skip */ - byte email = FALSE; - byte pilot = FALSE; - - if (joint[0] == 0x2a && joint[1] == 0x86) { /* email id hdr 42.134.* */ - id = ASN_EMAIL_NAME; - email = TRUE; - } - - if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr 9.146.* */ - /* last value of OID is the type of pilot attribute */ - id = input[srcIdx + (word32)oidSz - 1]; - if (id == 0x01) - id = ASN_USER_ID; - pilot = TRUE; - } - - srcIdx += (word32)oidSz + 1; - - if (GetLength(input, &srcIdx, &strLen, maxIdx) < 0) { - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - - if (strLen > (int)(WC_ASN_NAME_MAX - idx)) { - WOLFSSL_MSG("ASN name too big, skipping"); - tooBig = TRUE; - } - - if (email) { - copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1; - if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) { - WOLFSSL_MSG("ASN name too big, skipping"); - tooBig = TRUE; - } - else { - copy = WOLFSSL_EMAIL_ADDR; - } - - #if !defined(IGNORE_NAME_CONSTRAINTS) || \ - defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == ASN_SUBJECT) { - cert->subjectEmail = (char*)&input[srcIdx]; - cert->subjectEmailLen = strLen; - } - #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ - (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) - else if (nameType == ASN_ISSUER) { - cert->issuerEmail = (char*)&input[srcIdx]; - cert->issuerEmailLen = strLen; - } - #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ - #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_emailAddress; - #endif /* OPENSSL_EXTRA */ - } - - if (pilot) { - switch (id) { - case ASN_USER_ID: - copy = WOLFSSL_USER_ID; - copyLen = sizeof(WOLFSSL_USER_ID) - 1; - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_userId; - #endif /* OPENSSL_EXTRA */ - break; - case ASN_DOMAIN_COMPONENT: - copy = WOLFSSL_DOMAIN_COMPONENT; - copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_domainComponent; - #endif /* OPENSSL_EXTRA */ - break; - case ASN_RFC822_MAILBOX: - copy = WOLFSSL_RFC822_MAILBOX; - copyLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1; - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_rfc822Mailbox; - #endif /* OPENSSL_EXTRA */ - break; - case ASN_FAVOURITE_DRINK: - copy = WOLFSSL_FAVOURITE_DRINK; - copyLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1; - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_favouriteDrink; - #endif /* OPENSSL_EXTRA */ - break; - case ASN_CONTENT_TYPE: - copy = WOLFSSL_CONTENT_TYPE; - copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1; - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) \ - && !defined(WOLFCRYPT_ONLY) - nid = WC_NID_pkcs9_contentType; - #endif /* OPENSSL_EXTRA */ - break; - default: - WOLFSSL_MSG("Unknown pilot attribute type"); - #if (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - wolfSSL_X509_NAME_free(dName); - #endif /* OPENSSL_EXTRA */ - return ASN_PARSE_E; - } - } - } - if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) - { - WOLFSSL_MSG("ASN Name too big, skipping"); - tooBig = TRUE; - } - if ((copy != NULL) && !tooBig) { - XMEMCPY(&full[idx], copy, (size_t)copyLen); - idx += (word32)copyLen; - XMEMCPY(&full[idx], &input[srcIdx], (size_t)strLen); - idx += (word32)strLen; - } - #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - switch (b) { - case CTC_UTF8: - enc = WOLFSSL_MBSTRING_UTF8; - break; - case CTC_PRINTABLE: - enc = WOLFSSL_V_ASN1_PRINTABLESTRING; - break; - default: - WOLFSSL_MSG("Unknown encoding type, using UTF8 by default"); - enc = WOLFSSL_MBSTRING_UTF8; - } - - if (nid != WC_NID_undef) { - if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, - &input[srcIdx], strLen, -1, -1) != - WOLFSSL_SUCCESS) { - wolfSSL_X509_NAME_free(dName); - return ASN_PARSE_E; - } - } - #endif /* OPENSSL_EXTRA */ - srcIdx += (word32)strLen; - } - full[idx++] = 0; - -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ - !defined(WOLFCRYPT_ONLY) - if (nameType == ASN_ISSUER) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\ - (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) - dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); - XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); -#endif - cert->issuerName = dName; - } - else { -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) - dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX); - XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen); -#endif - cert->subjectName = dName; - } -#endif - - *inOutIdx = srcIdx; - - return 0; -#else DECL_ASNGETDATA(dataASN, rdnASN_Length); int ret = 0; word32 idx = 0; @@ -15975,6 +14213,13 @@ ret = ASN_PARSE_E; } +#ifdef HAVE_OCSP_RESPONDER + if (ret == 0 && nameType == ASN_SUBJECT) { + cert->subjectRawForHash = input + srcIdx; + cert->subjectRawForHashLen = (int)(maxIdx - srcIdx); + } +#endif + CALLOC_ASNGETDATA(dataASN, rdnASN_Length, ret, cert->heap); #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -16028,7 +14273,7 @@ * (do parsing for WOLFSSL_X509_NAME on demand) */ if (ret == 0) { int enc; - byte* str; + const byte* str; word32 strLen; byte tag = dataASN[RDNASN_IDX_ATTR_VAL].tag; @@ -16105,9 +14350,8 @@ FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for certificate name. */ static const ASNItem certNameASN[] = { @@ -16138,56 +14382,9 @@ * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. * @return MEMORY_E when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE int GetName(DecodedCert* cert, int nameType, int maxIdx) { -#ifndef WOLFSSL_ASN_TEMPLATE - char* full; - byte* hash; - int length; - word32 localIdx; - byte tag; - - WOLFSSL_MSG("Getting Name"); - - if (nameType == ASN_ISSUER) { - full = cert->issuer; - hash = cert->issuerHash; - } - else { - full = cert->subject; - hash = cert->subjectHash; - } - - if (cert->srcIdx >= (word32)maxIdx) { - return BUFFER_E; - } - - localIdx = cert->srcIdx; - if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { - return ASN_PARSE_E; - } - - if (tag == ASN_OBJECT_ID) { - WOLFSSL_MSG("Trying optional prefix..."); - - if (SkipObjectId(cert->source, &cert->srcIdx, (word32)maxIdx) < 0) - return ASN_PARSE_E; - WOLFSSL_MSG("Got optional prefix"); - } - - localIdx = cert->srcIdx; - if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { - return ASN_PARSE_E; - } - localIdx = cert->srcIdx + 1; - if (GetLength(cert->source, &localIdx, &length, (word32)maxIdx) < 0) { - return ASN_PARSE_E; - } - length += (int)(localIdx - cert->srcIdx); - - return GetCertName(cert, full, hash, nameType, cert->source, &cert->srcIdx, - cert->srcIdx + (word32)length); -#else ASNGetData dataASN[certNameASN_Length]; word32 idx = cert->srcIdx; int ret = 0; @@ -16222,9 +14419,8 @@ } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifndef NO_ASN_TIME /* two byte date/time, add to value */ @@ -16268,8 +14464,38 @@ * Reminder: idx is incremented in each call to GetTime() * Return 0 on failure, 1 for success. */ int ExtractDate(const unsigned char* date, unsigned char format, - struct tm* certTime, int* idx) + struct tm* certTime, int* idx, int len) { + int i = *idx; + + /* Validate date string length based on format. Can not assume null + * terminated strings. Must check for the 'Z'. + * Subtract 2; one for zero indexing and one to exclude null terminator + * built into macro values. */ + if (format == ASN_UTC_TIME) { + /* UTCTime format requires YYMMDDHHMMSSZ (13 chars). */ + /* Bounds check: ensure we have enough data before accessing. */ + if (len < i + ASN_UTC_TIME_SIZE - 1) { + return 0; + } + if (date[i + ASN_UTC_TIME_SIZE - 2] != 'Z') { + return 0; + } + } + else if (format == ASN_GENERALIZED_TIME) { + /* GeneralizedTime format requires YYYYMMDDHHMMSSZ (15 chars). */ + /* Bounds check: ensure we have enough data before accessing. */ + if (len < i + ASN_GENERALIZED_TIME_SIZE - 1) { + return 0; + } + if (date[ i + ASN_GENERALIZED_TIME_SIZE - 2] != 'Z') { + return 0; + } + } + else { + return 0; + } + XMEMSET(certTime, 0, sizeof(struct tm)); /* Get the first two bytes of the year (century) */ @@ -16338,12 +14564,12 @@ #ifdef WOLFSSL_ASN_TIME_STRING -int GetTimeString(byte* date, int format, char* buf, int len) +int GetTimeString(byte* date, int format, char* buf, int len, int dateLen) { struct tm t; int idx = 0; - if (!ExtractDate(date, (unsigned char)format, &t, &idx)) { + if (!ExtractDate(date, (unsigned char)format, &t, &idx, dateLen)) { return 0; } @@ -16404,7 +14630,8 @@ } #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) + !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7) || defined(HAVE_OCSP_RESPONDER)) /* Set current time string, either UTC or GeneralizedTime. * (void*) currTime should be a pointer to time_t, output is placed in buf. * @@ -16421,7 +14648,7 @@ return BAD_FUNC_ARG; XMEMSET(uf_time, 0, sizeof(uf_time)); - /* GetFormattedTime returns length with null terminator */ + /* GetFormattedTime returns length without null terminator */ data_len = GetFormattedTime(currTime, uf_time, (word32)sizeof(uf_time)); if (data_len <= 0) { return ASN_TIME_E; @@ -16461,6 +14688,13 @@ /* return just the time string as either UTC or Generalized Time*/ int GetFormattedTime(void* currTime, byte* buf, word32 len) { + WOLFSSL_ENTER("GetFormattedTime"); + + return GetFormattedTime_ex(currTime, buf, len, 0); +} + +int GetFormattedTime_ex(void* currTime, byte* buf, word32 len, byte format) +{ struct tm* ts = NULL; struct tm* tmpTime = NULL; int year, mon, day, hour, mini, sec; @@ -16472,9 +14706,10 @@ /* Needed in case XGMTIME does not use the tmpTime argument. */ (void)tmpTime; - WOLFSSL_ENTER("GetFormattedTime"); + WOLFSSL_ENTER("GetFormattedTime_ex"); - if (buf == NULL || len == 0) + if (buf == NULL || len == 0 || (format != 0 && format != ASN_UTC_TIME && + format != ASN_GENERALIZED_TIME)) return BAD_FUNC_ARG; ts = (struct tm *)XGMTIME((time_t*)currTime, tmpTime); @@ -16485,8 +14720,16 @@ /* Note ASN_UTC_TIME_SIZE and ASN_GENERALIZED_TIME_SIZE include space for * the null terminator. ASN encoded values leave off the terminator. */ + if (format == 0) { + if (ts->tm_year >= 50 && ts->tm_year < 150) { + format = ASN_UTC_TIME; + } + else { + format = ASN_GENERALIZED_TIME; + } + } - if (ts->tm_year >= 50 && ts->tm_year < 150) { + if (format == ASN_UTC_TIME) { /* UTC Time */ if (ts->tm_year >= 50 && ts->tm_year < 100) { year = ts->tm_year; @@ -16573,7 +14816,13 @@ /* date = ASN.1 raw */ /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */ /* dateType = ASN_AFTER or ASN_BEFORE */ -int wc_ValidateDate(const byte* date, byte format, int dateType) +int wc_ValidateDate(const byte* date, byte format, int dateType, int len) +{ + return wc_ValidateDateWithTime(date, format, dateType, 0, len); +} + +int wc_ValidateDateWithTime(const byte* date, byte format, int dateType, + time_t checkTime, int len) { time_t ltime; struct tm certTime; @@ -16591,7 +14840,14 @@ #endif (void)tmpTime; - ltime = wc_Time(0); + /* Use checkTime if provided (non-zero), otherwise use current time */ + if (checkTime != 0) { + ltime = checkTime; + } + else { + ltime = wc_Time(0); + } + #ifndef NO_TIME_SIGNEDNESS_CHECK if (sizeof(ltime) == sizeof(word32) && (sword32)ltime < 0){ /* A negative response here could be due to a 32-bit time_t @@ -16615,7 +14871,7 @@ } #endif - if (!ExtractDate(date, format, &certTime, &i)) { + if (!ExtractDate(date, format, &certTime, &i, len)) { WOLFSSL_MSG("Error extracting the date"); return 0; } @@ -16735,44 +14991,10 @@ * is invalid. * @return BUFFER_E when data in buffer is too small. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, byte* pFormat, int* pLength, word32 maxIdx) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; - byte format; - - if (source == NULL || idx == NULL) - return BAD_FUNC_ARG; - - /* get ASN format header */ - if (*idx+1 > maxIdx) - return BUFFER_E; - format = source[*idx]; - *idx += 1; - if (format != ASN_UTC_TIME && format != ASN_GENERALIZED_TIME) { - WOLFSSL_ERROR_VERBOSE(ASN_TIME_E); - return ASN_TIME_E; - } - - /* get length */ - if (GetLength(source, idx, &length, maxIdx) < 0) - return ASN_PARSE_E; - if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE) - return ASN_DATE_SZ_E; - - /* return format, date and length */ - if (pFormat) - *pFormat = format; - if (pDate) - *pDate = &source[*idx]; - if (pLength) - *pLength = length; - - *idx += (word32)length; - - return 0; -#else ASNGetData dataASN[dateASN_Length]; int ret = 0; @@ -16803,80 +15025,8 @@ } return ret; -#endif } - -#if !defined(NO_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE) -static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) -{ - int ret, length; - const byte *datePtr = NULL; - byte date[MAX_DATE_SIZE]; - byte format; - word32 startIdx = 0; - - if (dateType == ASN_BEFORE) - cert->beforeDate = &cert->source[cert->srcIdx]; - else - cert->afterDate = &cert->source[cert->srcIdx]; - startIdx = cert->srcIdx; - - ret = GetDateInfo(cert->source, &cert->srcIdx, &datePtr, &format, - &length, (word32)maxIdx); - if (ret < 0) - return ret; - - XMEMSET(date, 0, MAX_DATE_SIZE); - XMEMCPY(date, datePtr, (size_t)length); - - if (dateType == ASN_BEFORE) - cert->beforeDateLen = (int)(cert->srcIdx - startIdx); - else - cert->afterDateLen = (int)(cert->srcIdx - startIdx); - -#ifndef NO_ASN_TIME_CHECK - if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && - (! AsnSkipDateCheck) && - !XVALIDATE_DATE(date, format, dateType)) { - if (dateType == ASN_BEFORE) { - WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); - return ASN_BEFORE_DATE_E; - } - else { - WOLFSSL_ERROR_VERBOSE(ASN_AFTER_DATE_E); - return ASN_AFTER_DATE_E; - } - } -#else - (void)verify; -#endif - - return 0; -} - -static int GetValidity(DecodedCert* cert, int verify, int maxIdx) -{ - int length; - int badDate = 0; - - if (GetSequence(cert->source, &cert->srcIdx, &length, (word32)maxIdx) < 0) - return ASN_PARSE_E; - - maxIdx = (int)cert->srcIdx + length; - - if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0) - badDate = ASN_BEFORE_DATE_E; /* continue parsing */ - - if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0) - return ASN_AFTER_DATE_E; - - if (badDate != 0) - return badDate; - - return 0; -} -#endif /* !NO_CERTS && !WOLFSSL_ASN_TEMPLATE */ - +#endif /* WOLFSSL_ASN_TEMPLATE */ int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, byte* format, int* length) @@ -16895,7 +15045,7 @@ { int idx = 0; (void)length; - if (!ExtractDate(date, format, timearg, &idx)) + if (!ExtractDate(date, format, timearg, &idx, length)) return ASN_TIME_E; return 0; } @@ -16929,47 +15079,6 @@ #endif /* WOLFSSL_CERT_GEN && WOLFSSL_ALT_NAMES */ #endif /* !NO_ASN_TIME */ -#if !defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS) -static int GetSigAlg(DecodedCert* cert, word32* sigOid, word32 maxIdx) -{ - int length; - word32 endSeqIdx; - - if (GetSequence(cert->source, &cert->srcIdx, &length, maxIdx) < 0) - return ASN_PARSE_E; - endSeqIdx = cert->srcIdx + (word32)length; - - if (GetObjectId(cert->source, &cert->srcIdx, sigOid, oidSigType, - maxIdx) < 0) { - return ASN_OBJECT_ID_E; - } - - if (cert->srcIdx != endSeqIdx) { -#ifdef WC_RSA_PSS - if (*sigOid == CTC_RSASSAPSS) { - cert->sigParamsIndex = cert->srcIdx; - cert->sigParamsLength = endSeqIdx - cert->srcIdx; - } - else -#endif - /* Only allowed a ASN NULL header with zero length. */ - if (endSeqIdx - cert->srcIdx != 2) - return ASN_PARSE_E; - else { - byte tag; - if (GetASNTag(cert->source, &cert->srcIdx, &tag, endSeqIdx) != 0) - return ASN_PARSE_E; - if (tag != ASN_TAG_NULL) - return ASN_PARSE_E; - } - } - - cert->srcIdx = endSeqIdx; - - return 0; -} -#endif - #ifndef NO_CERTS #ifdef WOLFSSL_ASN_TEMPLATE /* TODO: move code around to not require this. */ @@ -17043,45 +15152,9 @@ * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. * @return ASN_EXPECT_0_E when the INTEGER has the MSB set. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - - if (cert == NULL || badDate == NULL) - return BAD_FUNC_ARG; - - *badDate = 0; - if ( (ret = GetCertHeader(cert)) < 0) - return ret; - - WOLFSSL_MSG("Got Cert Header"); - -#ifdef WOLFSSL_CERT_REQ - if (!cert->isCSR) { -#endif - /* Using the sigIndex as the upper bound because that's where the - * actual certificate data ends. */ - if ((ret = GetSigAlg(cert, &cert->signatureOID, cert->sigIndex)) < 0) - return ret; - - WOLFSSL_MSG("Got Algo ID"); - - if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0) - return ret; - - if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) - *badDate = ret; -#ifdef WOLFSSL_CERT_REQ - } -#endif - - if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0) - return ret; - - WOLFSSL_MSG("Got Subject Name"); - return ret; -#else /* Use common decode routine and stop at public key. */ int ret; @@ -17093,9 +15166,8 @@ cert->srcIdx = (word32)ret; } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Parse the certificate up to and including X.509 public key. * * @param [in, out] cert Decoded certificate object. @@ -17112,51 +15184,9 @@ * @return ASN_BITSTR_E when the expected BIT_STRING tag is not found. * @return ASN_EXPECT_0_E when the INTEGER has the MSB set. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeToKey(DecodedCert* cert, int verify) { -#ifndef WOLFSSL_ASN_TEMPLATE - int badDate = 0; - int ret; - -#if defined(HAVE_RPK) - - /* Raw Public Key certificate has only a SubjectPublicKeyInfo structure - * as its contents. So try to call GetCertKey to get public key from it. - * If it fails, the cert should be a X509 cert and proceed to process as - * x509 cert. */ - ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx); - if (ret == 0) { - WOLFSSL_MSG("Raw Public Key certificate found and parsed"); - cert->isRPK = 1; - return ret; - } -#endif /* HAVE_RPK */ - - if ( (ret = wc_GetPubX509(cert, verify, &badDate)) < 0) - return ret; - - /* Determine if self signed */ -#ifdef WOLFSSL_CERT_REQ - if (cert->isCSR) - cert->selfSigned = 1; - else -#endif - { - cert->selfSigned = XMEMCMP(cert->issuerHash, cert->subjectHash, - KEYID_SIZE) == 0 ? 1 : 0; - } - - ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx); - if (ret != 0) - return ret; - - WOLFSSL_MSG("Got Key"); - - if (badDate != 0) - return badDate; - - return ret; -#else int ret; int badDate = 0; @@ -17174,48 +15204,10 @@ ret = badDate; } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - -#if !defined(WOLFSSL_ASN_TEMPLATE) -static int GetSignature(DecodedCert* cert) -{ - int length; - int ret; - - ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1, - NULL); - if (ret != 0) - return ret; - - cert->sigLength = (word32)length; - cert->signature = &cert->source[cert->srcIdx]; - cert->srcIdx += cert->sigLength; - - if (cert->srcIdx != cert->maxIdx) - return ASN_PARSE_E; - - return 0; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_CERTS */ -#ifndef WOLFSSL_ASN_TEMPLATE -static word32 SetOctetString8Bit(word32 len, byte* output) -{ - output[0] = ASN_OCTET_STRING; - output[1] = (byte)len; - return 2; -} -static word32 SetDigest(const byte* digest, word32 digSz, byte* output) -{ - word32 idx = SetOctetString8Bit(digSz, output); - XMEMCPY(&output[idx], digest, digSz); - - return idx + digSz; -} -#endif - /* Encode a length for DER. * @@ -17483,7 +15475,7 @@ #ifdef HAVE_CURVE448 || (algoOID == X448k) #endif - #ifdef HAVE_FACON + #ifdef HAVE_FALCON || (algoOID == FALCON_LEVEL1k) || (algoOID == FALCON_LEVEL5k) #endif @@ -17519,51 +15511,10 @@ * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 tagSz, idSz, seqSz, algoSz = 0; - const byte* algoName = 0; - byte ID_Length[1 + MAX_LENGTH_SZ]; - byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ - word32 length = 0; - - tagSz = ((type == oidHashType || - (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || - (type == oidKeyType && algoOID == RSAk)) && - (absentParams == FALSE)) ? 2U : 0U; - algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); - if (algoName == NULL) { - WOLFSSL_MSG("Unknown Algorithm"); - return 0; - } - - idSz = (word32)SetObjectId((int)algoSz, ID_Length); - seqSz = SetSequence(idSz + algoSz + tagSz + (word32)curveSz, seqArray); - - /* Copy only algo to output for DSA keys */ - if (algoOID == DSAk && output) { - XMEMCPY(output, ID_Length, idSz); - XMEMCPY(output + idSz, algoName, algoSz); - if (tagSz == 2) - SetASNNull(&output[seqSz + idSz + algoSz]); - } - else if (output) { - XMEMCPY(output, seqArray, seqSz); - XMEMCPY(output + seqSz, ID_Length, idSz); - XMEMCPY(output + seqSz + idSz, algoName, algoSz); - if (tagSz == 2) - SetASNNull(&output[seqSz + idSz + algoSz]); - } - - if (algoOID == DSAk) - length = idSz + algoSz + tagSz; - else - length = seqSz + idSz + algoSz + tagSz; - - return length; -#else DECL_ASNSETDATA(dataASN, algoIdASN_Length); int ret = 0; const byte* algoName = 0; @@ -17571,12 +15522,19 @@ CALLOC_ASNSETDATA(dataASN, algoIdASN_Length, ret, NULL); +#ifdef WOLFSSL_SMALL_STACK + if(ret < 0) { + /* Catch MEMORY_E */ + return 0; + } +#endif + algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); } else { - int sz; + word32 sz; int o = 0; /* Set the OID and OID type to encode. */ @@ -17614,14 +15572,13 @@ (int)algoIdASN_Length - (int)o, output); if (curveSz > 0) { /* Return size excluding curve data. */ - sz = (int)(dataASN[o].offset - - dataASN[ALGOIDASN_IDX_NULL].offset); + sz = (dataASN[o].offset - dataASN[ALGOIDASN_IDX_NULL].offset); } } if (ret == 0) { /* Return encoded size. */ - ret = sz; + ret = (int)sz; } else { /* Unsigned return type so 0 indicates error. */ @@ -17631,9 +15588,8 @@ FREE_ASNSETDATA(dataASN, NULL); return (word32)ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Encode an algorithm identifier. * * [algoOID, type] is unique. @@ -17690,28 +15646,13 @@ * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, int hashOID) { -#ifndef WOLFSSL_ASN_TEMPLATE - byte digArray[MAX_ENCODED_DIG_SZ]; - byte algoArray[MAX_ALGO_SZ]; - byte seqArray[MAX_SEQ_SZ]; - word32 encDigSz, algoSz, seqSz; - - encDigSz = SetDigest(digest, digSz, digArray); - algoSz = SetAlgoID(hashOID, algoArray, oidHashType, 0); - seqSz = SetSequence(encDigSz + algoSz, seqArray); - - XMEMCPY(out, seqArray, seqSz); - XMEMCPY(out + seqSz, algoArray, algoSz); - XMEMCPY(out + seqSz + algoSz, digArray, encDigSz); - - return encDigSz + algoSz + seqSz; -#else DECL_ASNSETDATA(dataASN, digestInfoASN_Length); int ret = 0; - int sz = 0; + word32 sz = 0; unsigned char dgst[WC_MAX_DIGEST_SIZE]; CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL); @@ -17733,7 +15674,7 @@ if (ret == 0) { /* Encode PKCS#1 v1.5 RSA signature. */ SetASN_Items(digestInfoASN, dataASN, digestInfoASN_Length, out); - ret = sz; + ret = (int)sz; } else { /* Unsigned return type so 0 indicates error. */ @@ -17742,9 +15683,8 @@ FREE_ASNSETDATA(dataASN, NULL); return (word32)ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifndef NO_CERTS @@ -17834,6 +15774,7 @@ if (sigCtx->key.ecc->nb_ctx != NULL) { XFREE(sigCtx->key.ecc->nb_ctx, sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); + sigCtx->key.ecc->nb_ctx = NULL; } #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ @@ -17909,6 +15850,7 @@ #ifndef WOLFSSL_NO_MALLOC sigCtx->key.ptr = NULL; #endif + sigCtx->keyOID = 0; /* mark key as freed (guards re-entry without malloc) */ } #endif /* !NO_ASN_CRYPT */ @@ -18167,6 +16109,118 @@ } #endif +/* The certificate's signatureAlgorithm (sigOID) must match the issuer's + * key type (keyOID). sigOID picks the pre-hash; keyOID picks the + * verifier. They need to agree or the verifier gets the wrong input. */ +static int SigOidMatchesKeyOid(word32 sigOID, word32 keyOID) +{ + switch (keyOID) { + #ifndef NO_RSA + case RSAk: + switch (sigOID) { + case CTC_MD2wRSA: + case CTC_MD5wRSA: + case CTC_SHAwRSA: + case CTC_SHA224wRSA: + case CTC_SHA256wRSA: + case CTC_SHA384wRSA: + case CTC_SHA512wRSA: + case CTC_SHA3_224wRSA: + case CTC_SHA3_256wRSA: + case CTC_SHA3_384wRSA: + case CTC_SHA3_512wRSA: + case CTC_RSASSAPSS: + return 1; + } + return 0; + #ifdef WC_RSA_PSS + case RSAPSSk: + return (sigOID == CTC_RSASSAPSS); + #endif + #endif + #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) + case DSAk: + switch (sigOID) { + case CTC_SHAwDSA: + case CTC_SHA256wDSA: + return 1; + } + return 0; + #endif + #if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY) + case ECDSAk: + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case SM2k: + #endif + switch (sigOID) { + case CTC_SHAwECDSA: + case CTC_SHA224wECDSA: + case CTC_SHA256wECDSA: + case CTC_SHA384wECDSA: + case CTC_SHA512wECDSA: + case CTC_SHA3_224wECDSA: + case CTC_SHA3_256wECDSA: + case CTC_SHA3_384wECDSA: + case CTC_SHA3_512wECDSA: + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) + case CTC_SM3wSM2: + #endif + return 1; + } + return 0; + #endif + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) + case ED25519k: + return (sigOID == CTC_ED25519); + #endif + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + case ED448k: + return (sigOID == CTC_ED448); + #endif + #if defined(HAVE_FALCON) + case FALCON_LEVEL1k: + return (sigOID == CTC_FALCON_LEVEL1); + case FALCON_LEVEL5k: + return (sigOID == CTC_FALCON_LEVEL5); + #endif + #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + case DILITHIUM_LEVEL2k: + return (sigOID == CTC_DILITHIUM_LEVEL2); + case DILITHIUM_LEVEL3k: + return (sigOID == CTC_DILITHIUM_LEVEL3); + case DILITHIUM_LEVEL5k: + return (sigOID == CTC_DILITHIUM_LEVEL5); + #endif + case ML_DSA_LEVEL2k: + return (sigOID == CTC_ML_DSA_LEVEL2); + case ML_DSA_LEVEL3k: + return (sigOID == CTC_ML_DSA_LEVEL3); + case ML_DSA_LEVEL5k: + return (sigOID == CTC_ML_DSA_LEVEL5); + #endif + #if defined(HAVE_SPHINCS) + case SPHINCS_FAST_LEVEL1k: + return (sigOID == CTC_SPHINCS_FAST_LEVEL1); + case SPHINCS_FAST_LEVEL3k: + return (sigOID == CTC_SPHINCS_FAST_LEVEL3); + case SPHINCS_FAST_LEVEL5k: + return (sigOID == CTC_SPHINCS_FAST_LEVEL5); + case SPHINCS_SMALL_LEVEL1k: + return (sigOID == CTC_SPHINCS_SMALL_LEVEL1); + case SPHINCS_SMALL_LEVEL3k: + return (sigOID == CTC_SPHINCS_SMALL_LEVEL3); + case SPHINCS_SMALL_LEVEL5k: + return (sigOID == CTC_SPHINCS_SMALL_LEVEL5); + #endif + } + + /* Default to reject unknown key types */ + (void)sigOID; + return 0; +} + /* Return codes: 0=Success, Negative (see error-crypt.h), ASN_SIG_CONFIRM_E */ int ConfirmSignature(SignatureCtx* sigCtx, const byte* buf, word32 bufSz, @@ -18235,6 +16289,11 @@ case SIG_STATE_HASH: { + if (!SigOidMatchesKeyOid(sigOID, keyOID)) { + WOLFSSL_MSG("sigOID incompatible with issuer keyOID"); + ERROR_OUT(ASN_SIG_OID_E, exit_cs); + } + #if !defined(NO_RSA) && defined(WC_RSA_PSS) if (sigOID == RSAPSSk) { word32 fakeSigOID = 0; @@ -18333,6 +16392,10 @@ WOLFSSL_MSG("Verify Signature is too small"); ERROR_OUT(BUFFER_E, exit_cs); } + else if (sigSz > MAX_ENCODED_SIG_SZ) { + WOLFSSL_MSG("Verify Signature is too big"); + ERROR_OUT(BUFFER_E, exit_cs); + } #ifndef WOLFSSL_NO_MALLOC sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), sigCtx->heap, DYNAMIC_TYPE_DSA); @@ -18377,7 +16440,7 @@ word32 idx = 0; #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ defined(WC_ASYNC_ENABLE_ECC) - ecc_nb_ctx_t* nbCtx; + ecc_nb_ctx_t* nb_ctx; #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ @@ -18395,17 +16458,24 @@ } #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_ASYNC_CRYPT_SW) && \ defined(WC_ASYNC_ENABLE_ECC) - nbCtx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t), - sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (nbCtx == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); - } + /* Only set non-blocking context when async device is + * active. With INVALID_DEVID there is no async loop to + * retry on FP_WOULDBLOCK, so let the WC_ECC_NONBLOCK_ONLY + * blocking fallback handle it instead. */ + if (sigCtx->devId != INVALID_DEVID) { + nb_ctx = (ecc_nb_ctx_t*)XMALLOC(sizeof(ecc_nb_ctx_t), + sigCtx->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (nb_ctx == NULL) { + ERROR_OUT(MEMORY_E, exit_cs); + } - ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nbCtx); - if (ret != 0) { - goto exit_cs; + ret = wc_ecc_set_nonblock(sigCtx->key.ecc, nb_ctx); + if (ret != 0) { + XFREE(nb_ctx, sigCtx->heap, + DYNAMIC_TYPE_TMP_BUFFER); + goto exit_cs; + } } - #endif /* WC_ECC_NONBLOCK && WOLFSSL_ASYNC_CRYPT_SW && WC_ASYNC_ENABLE_ECC */ ret = wc_EccPublicKeyDecode(key, &idx, sigCtx->key.ecc, @@ -18866,8 +16936,9 @@ { #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (sigOID == CTC_SM3wSM2) { + /* OpenSSL creates signature without CERT_SIG_ID. */ ret = wc_ecc_sm2_create_digest(CERT_SIG_ID, - CERT_SIG_ID_SZ, buf, bufSz, WC_HASH_TYPE_SM3, + 0, buf, bufSz, WC_HASH_TYPE_SM3, sigCtx->digest, WC_SM3_DIGEST_SIZE, sigCtx->key.ecc); if (ret == 0) { @@ -19269,8 +17340,8 @@ #ifndef IGNORE_NAME_CONSTRAINTS -static int MatchBaseName(int type, const char* name, int nameSz, - const char* base, int baseSz) +int wolfssl_local_MatchBaseName(int type, const char* name, int nameSz, + const char* base, int baseSz) { if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 || name[0] == '.' || nameSz < baseSz || @@ -19287,6 +17358,8 @@ if (type == ASN_RFC822_TYPE) { const char* p = NULL; int count = 0; + int baseIsEmail = 0; + int atPos = -1; if (base[0] != '.') { p = base; @@ -19298,25 +17371,36 @@ p++; } - /* No '@' in base, reset p to NULL */ - if (count >= baseSz) - p = NULL; + if (count < baseSz) { + /* '@' found in base - validate it's not at start/end and only one */ + if (count == 0 || count == baseSz - 1) + return 0; /* '@' at start or end of base is invalid */ + baseIsEmail = 1; + } } - if (p == NULL) { - /* Base isn't an email address, it is a domain name, - * wind the name forward one character past its '@'. */ - p = name; - count = 0; - while (*p != '@' && count < baseSz) { - count++; - p++; + /* verify that name is a valid email address, store @ position */ + p = name; + count = 0; + while (count < nameSz) { + if (*p == '@') { + if (atPos >= 0) + return 0; /* Multiple '@' in name is invalid */ + atPos = count; } + count++; + p++; + } - if (count < baseSz && *p == '@') { - name = p + 1; - nameSz -= count + 1; - } + /* Validate '@' exists and is not at start or end */ + if (atPos < 0 || atPos == 0 || atPos == nameSz - 1) + return 0; + + if (!baseIsEmail) { + /* Base isn't an email address but a domain or host. + * wind the name forward one character past its '@'. */ + name = name + atPos + 1; + nameSz -= atPos + 1; } } @@ -19324,17 +17408,28 @@ * "...Any DNS name that can be constructed by simply adding zero or more * labels to the left-hand side of the name satisfies the name constraint." * i.e www.host.example.com works for host.example.com name constraint and - * host1.example.com does not. */ + * host1.example.com does not. + * + * Note: For DNS type, RFC 5280 does not allow leading dot in constraint. + * However, we accept it here for backwards compatibility. */ if (type == ASN_DNS_TYPE || (type == ASN_RFC822_TYPE && base[0] == '.')) { int szAdjust = nameSz - baseSz; + /* Check dot boundary: if there's a prefix and base doesn't start with + * '.', the character before the matched suffix must be '.'. + * When base starts with '.', the dot is included in the comparison. */ + if (szAdjust > 0 && base[0] != '.' && name[szAdjust - 1] != '.') + return 0; name += szAdjust; nameSz -= szAdjust; } + if (nameSz != baseSz) + return 0; + while (nameSz > 0) { - if (XTOLOWER((unsigned char)*name) != - XTOLOWER((unsigned char)*base)) + if (XTOLOWER((unsigned char)*name) != XTOLOWER((unsigned char)*base)) { return 0; + } name++; base++; nameSz--; @@ -19343,6 +17438,111 @@ return 1; } +static int MatchUriNameConstraint(const char* uri, int uriSz, const char* base, + int baseSz) +{ + const char* hostStart; + const char* hostEnd; + const char* p; + const char* uriEnd; + int hostSz; + + if (uri == NULL || uriSz <= 0 || base == NULL || baseSz <= 0) { + return 0; + } + + uriEnd = uri + uriSz; + hostStart = NULL; + for (p = uri; p < uriEnd - 2; p++) { + if (p[0] == ':' && p[1] == '/' && p[2] == '/') { + hostStart = p + 3; + break; + } + } + if (hostStart == NULL || hostStart >= uriEnd) { + return 0; + } + + for (p = hostStart; p < uriEnd; p++) { + if (*p == '@') { + hostStart = p + 1; + break; + } + if (*p == '/' || *p == '?' || *p == '#') { + break; + } + if (*p == '[') { + break; + } + } + if (hostStart >= uriEnd) { + return 0; + } + + if (*hostStart == '[') { + hostStart++; + hostEnd = hostStart; + while (hostEnd < uriEnd && *hostEnd != ']') { + hostEnd++; + } + if (hostEnd >= uriEnd) { + return 0; + } + hostSz = (int)(hostEnd - hostStart); + } + else { + hostEnd = hostStart; + while (hostEnd < uriEnd && *hostEnd != ':' && *hostEnd != '/' && + *hostEnd != '?' && *hostEnd != '#') { + hostEnd++; + } + hostSz = (int)(hostEnd - hostStart); + } + + if (hostSz <= 0) { + return 0; + } + + return wolfssl_local_MatchBaseName(ASN_DNS_TYPE, hostStart, hostSz, base, + baseSz); +} + +/* Check if IP address matches a name constraint. + * IP name constraints contain IP address and subnet mask. + * IPv4: ip is 4 bytes, constraint is 8 bytes (4 IP + 4 mask) + * IPv6: ip is 16 bytes, constraint is 32 bytes (16 IP + 16 mask) + * + * ip: IP address bytes + * ipSz: length of ip + * constraint: constraint bytes (IP + mask) + * constraintSz: length of constraint + * + * return 1 if IP matches constraint, otherwise 0 + */ +int wolfssl_local_MatchIpSubnet(const byte* ip, int ipSz, + const byte* constraint, int constraintSz) +{ + int i; + int match = 1; + + if (ip == NULL || constraint == NULL || ipSz <= 0 || constraintSz <= 0) { + return 0; + } + + /* Constraint should be 2x address length (IP + mask) */ + if (constraintSz != ipSz * 2) { + return 0; + } + + for (i = 0; i < ipSz; i++) { + if ((ip[i] & constraint[ipSz + i]) != + (constraint[i] & constraint[ipSz + i])) { + match = 0; + } + } + + return match; +} /* Search through the list to find if the name is permitted. * name The DNS name to search for @@ -19361,9 +17561,25 @@ while (current != NULL) { if (current->type == nameType) { need = 1; /* restriction on permitted names is set for this type */ - if (name->len >= current->nameSz && - MatchBaseName(nameType, name->name, name->len, - current->name, current->nameSz)) { + if (nameType == ASN_IP_TYPE) { + /* IP address uses subnet matching (IP + mask) */ + if (wolfssl_local_MatchIpSubnet((const byte*)name->name, + name->len, (const byte*)current->name, + current->nameSz)) { + match = 1; + break; + } + } + else if (nameType == ASN_URI_TYPE) { + if (MatchUriNameConstraint(name->name, name->len, + current->name, current->nameSz)) { + match = 1; + break; + } + } + else if (name->len >= current->nameSz && + wolfssl_local_MatchBaseName(nameType, name->name, name->len, + current->name, current->nameSz)) { match = 1; /* found the current name in the permitted list*/ break; } @@ -19392,9 +17608,25 @@ while (current != NULL) { if (current->type == nameType) { - if (name->len >= current->nameSz && - MatchBaseName(nameType, name->name, name->len, - current->name, current->nameSz)) { + if (nameType == ASN_IP_TYPE) { + /* IP address uses subnet matching (IP + mask) */ + if (wolfssl_local_MatchIpSubnet((const byte*)name->name, + name->len, (const byte*)current->name, + current->nameSz)) { + ret = 1; + break; + } + } + else if (nameType == ASN_URI_TYPE) { + if (MatchUriNameConstraint(name->name, name->len, + current->name, current->nameSz)) { + ret = 1; + break; + } + } + else if (name->len >= current->nameSz && + wolfssl_local_MatchBaseName(nameType, name->name, name->len, + current->name, current->nameSz)) { ret = 1; break; } @@ -19408,7 +17640,8 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) { - const byte nameTypes[] = {ASN_RFC822_TYPE, ASN_DNS_TYPE, ASN_DIR_TYPE}; + const byte nameTypes[] = {ASN_RFC822_TYPE, ASN_DNS_TYPE, ASN_DIR_TYPE, + ASN_IP_TYPE, ASN_URI_TYPE}; int i; if (signer == NULL || cert == NULL) @@ -19429,6 +17662,10 @@ * subjectDnsName too */ name = cert->altNames; break; + case ASN_IP_TYPE: + /* IP addresses are stored in altNames with type ASN_IP_TYPE */ + name = cert->altNames; + break; case ASN_RFC822_TYPE: /* Shouldn't it validate E= in subject as well? */ name = cert->altEmailNames; @@ -19444,7 +17681,7 @@ subjectDnsName.next = NULL; subjectDnsName.type = ASN_RFC822_TYPE; subjectDnsName.len = cert->subjectEmailLen; - subjectDnsName.name = (char *)cert->subjectEmail; + subjectDnsName.name = cert->subjectEmail; } break; case ASN_DIR_TYPE: @@ -19462,9 +17699,12 @@ subjectDnsName.next = NULL; subjectDnsName.type = ASN_DIR_TYPE; subjectDnsName.len = cert->subjectRawLen; - subjectDnsName.name = (char *)cert->subjectRaw; + subjectDnsName.name = (const char *)cert->subjectRaw; } break; + case ASN_URI_TYPE: + name = cert->altNames; + break; default: /* Other types of names are ignored for now. * Shouldn't it be rejected if it there is a altNamesByType[nameType] @@ -19473,15 +17713,20 @@ } while (name != NULL) { - if (IsInExcludedList(name, signer->excludedNames, nameType) == 1) { - WOLFSSL_MSG("Excluded name was found!"); - return 0; - } + /* Only check entries that match the current nameType. */ + if (name->type == nameType) { + if (IsInExcludedList(name, signer->excludedNames, + nameType) == 1) { + WOLFSSL_MSG("Excluded name was found!"); + return 0; + } - /* Check against the permitted list */ - if (PermittedListOk(name, signer->permittedNames, nameType) != 1) { - WOLFSSL_MSG("Permitted name was not found!"); - return 0; + /* Check against the permitted list */ + if (PermittedListOk(name, signer->permittedNames, + nameType) != 1) { + WOLFSSL_MSG("Permitted name was not found!"); + return 0; + } } name = name->next; @@ -19509,33 +17754,6 @@ #endif /* IGNORE_NAME_CONSTRAINTS */ -#ifndef WOLFSSL_ASN_TEMPLATE -static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry) -{ -#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \ - !defined(WOLFSSL_ALT_NAMES_NO_REV) - /* logic to add alt name to end of list */ - dnsEntry->next = NULL; - if (cert->altNames == NULL) { - /* First on list */ - cert->altNames = dnsEntry; - } - else { - DNS_entry* temp = cert->altNames; - - /* Find end */ - for (; (temp->next != NULL); temp = temp->next); - - /* Add to end */ - temp->next = dnsEntry; - } -#else - dnsEntry->next = cert->altNames; - cert->altNames = dnsEntry; -#endif -} -#endif - #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI) /* ASN.1 template for OtherName of an X.509 certificate. @@ -19884,179 +18102,6 @@ #define altNameASN_Length (sizeof(altNameASN) / sizeof(ASNItem)) #endif /* WOLFSSL_ASN_TEMPLATE */ -#if defined(WOLFSSL_SEP) && !defined(WOLFSSL_ASN_TEMPLATE) -/* return 0 on success */ -static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, - word32* idxIn, word32 sz) -{ - word32 idx = *idxIn; - int strLen; - int ret; - byte tag; - - /* Certificates issued with this OID in the subject alt name are for - * verifying signatures created on a module. - * RFC 4108 Section 5. */ - if (cert->hwType != NULL) { - WOLFSSL_MSG("\tAlready seen Hardware Module Name"); - return ASN_PARSE_E; - } - - if (GetASNTag(input, &idx, &tag, sz) < 0) { - return ASN_PARSE_E; - } - - if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { - WOLFSSL_MSG("\twrong type"); - return ASN_PARSE_E; - } - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str len"); - return ASN_PARSE_E; - } - - if (GetSequence(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tBad Sequence"); - return ASN_PARSE_E; - } - - ret = GetASNObjectId(input, &idx, &strLen, sz); - if (ret != 0) { - WOLFSSL_MSG("\tbad OID"); - return ret; - } - - cert->hwType = (byte*)XMALLOC((size_t)strLen, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->hwType == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - XMEMCPY(cert->hwType, &input[idx], (size_t)strLen); - cert->hwTypeSz = strLen; - idx += (word32)strLen; - - ret = GetOctetString(input, &idx, &strLen, sz); - if (ret < 0) { - XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); - cert->hwType = NULL; - return ret; - } - - cert->hwSerialNum = (byte*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->hwSerialNum == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); - cert->hwType = NULL; - return MEMORY_E; - } - - XMEMCPY(cert->hwSerialNum, &input[idx], (size_t)strLen); - cert->hwSerialNum[strLen] = '\0'; - cert->hwSerialNumSz = strLen; - idx += (word32)strLen; - - *idxIn = idx; - return 0; -} -#endif /* WOLFSSL_SEP */ - -#if !defined(WOLFSSL_ASN_TEMPLATE) -/* return 0 on success */ -static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, - word32* idx, word32 sz, int oid) -{ - int ret = 0; - int strLen = 0; - byte tag; - DNS_entry* dnsEntry = NULL; - - if (GetASNTag(input, idx, &tag, sz) < 0) { - ret = ASN_PARSE_E; - } - - if (ret == 0 && (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))) { - ret = ASN_PARSE_E; - } - - if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) { - ret = ASN_PARSE_E; - } - - if (ret == 0) { - dnsEntry = AltNameNew(cert->heap); - if (dnsEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - switch (oid) { - #ifdef WOLFSSL_FPKI - case FASCN_OID: - ret = GetOctetString(input, idx, &strLen, sz); - if (ret > 0) { - ret = 0; - } - break; - #endif /* WOLFSSL_FPKI */ - case UPN_OID: - if (GetASNTag(input, idx, &tag, sz) < 0) { - ret = ASN_PARSE_E; - } - - if (ret == 0 && - tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && - tag != ASN_IA5_STRING) { - WOLFSSL_MSG("Was expecting a string for UPN"); - ret = ASN_PARSE_E; - } - - if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) { - WOLFSSL_MSG("Was expecting a string for UPN"); - ret = ASN_PARSE_E; - } - break; - - default: - WOLFSSL_MSG("Unknown constructed other name, skipping"); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - dnsEntry = NULL; - } - } - - if (ret == 0 && dnsEntry != NULL) { - dnsEntry->type = ASN_OTHER_TYPE; - dnsEntry->len = strLen; - dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - #ifdef WOLFSSL_FPKI - dnsEntry->oidSum = oid; - #endif /* WOLFSSL_FPKI */ - if (dnsEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - ret = MEMORY_E; - } - else { - XMEMCPY(dnsEntry->name, &input[*idx], (size_t)strLen); - dnsEntry->name[strLen] = '\0'; - AddAltName(cert, dnsEntry); - } - } - - if (ret == 0) { - *idx += (word32)strLen; - } - else { - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } - - return ret; -} -#endif - /* Decode subject alternative names extension. * * RFC 5280 4.2.1.6. Subject Alternative Name @@ -20071,411 +18116,9 @@ * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. * @return MEMORY_E when dynamic memory allocation fails. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - word32 numNames = 0; - - WOLFSSL_ENTER("DecodeAltNames"); - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tBad Sequence"); - return ASN_PARSE_E; - } - - if (length == 0) { - /* RFC 5280 4.2.1.6. Subject Alternative Name - If the subjectAltName extension is present, the sequence MUST - contain at least one entry. */ - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - -#ifdef OPENSSL_ALL - cert->extSubjAltNameSrc = input; - cert->extSubjAltNameSz = sz; -#endif - - cert->weOwnAltNames = 1; - - while (length > 0) { - byte current_byte; - - /* Verify idx can't overflow input buffer */ - if (idx >= (word32)sz) { - WOLFSSL_MSG("\tBad Index"); - return BUFFER_E; - } - - numNames++; - if (numNames > WOLFSSL_MAX_ALT_NAMES) { - WOLFSSL_MSG("\tToo many subject alternative names"); - return ASN_ALT_NAME_E; - } - - current_byte = input[idx++]; - length--; - - /* Save DNS Type names in the altNames list. */ - /* Save Other Type names in the cert's OidMap */ - if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { - DNS_entry* dnsEntry; - int strLen; - word32 lenStartIdx = idx; - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - length -= (int)(idx - lenStartIdx); - - dnsEntry = AltNameNew(cert->heap); - if (dnsEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - dnsEntry->type = ASN_DNS_TYPE; - dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (dnsEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - dnsEntry->len = strLen; - XMEMCPY(dnsEntry->name, &input[idx], (size_t)strLen); - dnsEntry->name[strLen] = '\0'; - - AddAltName(cert, dnsEntry); - - length -= strLen; - idx += (word32)strLen; - } - #ifndef IGNORE_NAME_CONSTRAINTS - else if (current_byte == - (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { - DNS_entry* dirEntry; - int strLen; - word32 lenStartIdx = idx; - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - - if (GetSequence(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: seq length"); - return ASN_PARSE_E; - } - length -= (int)(idx - lenStartIdx); - - dirEntry = AltNameNew(cert->heap); - if (dirEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - dirEntry->type = ASN_DIR_TYPE; - dirEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (dirEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - dirEntry->len = strLen; - XMEMCPY(dirEntry->name, &input[idx], (size_t)strLen); - dirEntry->name[strLen] = '\0'; - dirEntry->next = cert->altDirNames; - cert->altDirNames = dirEntry; - - length -= strLen; - idx += (word32)strLen; - } - else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { - DNS_entry* emailEntry; - int strLen; - word32 lenStartIdx = idx; - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - length -= (int)(idx - lenStartIdx); - - emailEntry = AltNameNew(cert->heap); - if (emailEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - emailEntry->type = ASN_RFC822_TYPE; - emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (emailEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - emailEntry->len = strLen; - XMEMCPY(emailEntry->name, &input[idx], (size_t)strLen); - emailEntry->name[strLen] = '\0'; - - emailEntry->next = cert->altEmailNames; - cert->altEmailNames = emailEntry; - - length -= strLen; - idx += (word32)strLen; - } - else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { - DNS_entry* uriEntry; - int strLen; - word32 lenStartIdx = idx; - - WOLFSSL_MSG("\tPutting URI into list but not using"); - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - length -= (int)(idx - lenStartIdx); - - /* check that strLen at index is not past input buffer */ - if ((word32)strLen + idx > sz) { - return BUFFER_E; - } - - #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI) - /* Verify RFC 5280 Sec 4.2.1.6 rule: - "The name MUST NOT be a relative URI" - As per RFC 3986 Sec 4.3, an absolute URI is only required to contain - a scheme and hier-part. So the only strict requirement is a ':' - being present after the scheme. If a '/' is present as part of the - hier-part, it must come after the ':' (see RFC 3986 Sec 3). */ - - { - word32 i; - - /* skip past scheme (i.e http,ftp,...) finding first ':' char */ - for (i = 0; i < (word32)strLen; i++) { - if (input[idx + i] == ':') { - break; - } - if (input[idx + i] == '/') { - WOLFSSL_MSG("\tAlt Name must be absolute URI"); - WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); - return ASN_ALT_NAME_E; - } - } - - /* test hier-part is empty */ - if (i == 0 || i == (word32)strLen) { - WOLFSSL_MSG("\tEmpty or malformed URI"); - WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); - return ASN_ALT_NAME_E; - } - - /* test if scheme is missing */ - if (input[idx + i] != ':') { - WOLFSSL_MSG("\tAlt Name must be absolute URI"); - WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); - return ASN_ALT_NAME_E; - } - } - #endif - - uriEntry = AltNameNew(cert->heap); - if (uriEntry == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - uriEntry->type = ASN_URI_TYPE; - uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (uriEntry->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - uriEntry->len = strLen; - XMEMCPY(uriEntry->name, &input[idx], (size_t)strLen); - uriEntry->name[strLen] = '\0'; - - AddAltName(cert, uriEntry); - - length -= strLen; - idx += (word32)strLen; - } -#ifdef WOLFSSL_IP_ALT_NAME - else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { - DNS_entry* ipAddr; - int strLen; - word32 lenStartIdx = idx; - WOLFSSL_MSG("Decoding Subject Alt. Name: IP Address"); - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - length -= (idx - lenStartIdx); - /* check that strLen at index is not past input buffer */ - if (strLen + idx > sz) { - return BUFFER_E; - } - - ipAddr = AltNameNew(cert->heap); - if (ipAddr == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - ipAddr->type = ASN_IP_TYPE; - ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (ipAddr->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - ipAddr->len = strLen; - XMEMCPY(ipAddr->name, &input[idx], strLen); - ipAddr->name[strLen] = '\0'; - - if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { - WOLFSSL_MSG("\tOut of Memory for IP string"); - XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - AddAltName(cert, ipAddr); - - length -= strLen; - idx += (word32)strLen; - } -#endif /* WOLFSSL_IP_ALT_NAME */ -#ifdef WOLFSSL_RID_ALT_NAME - else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { - DNS_entry* rid; - int strLen; - word32 lenStartIdx = idx; - WOLFSSL_MSG("Decoding Subject Alt. Name: Registered Id"); - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: str length"); - return ASN_PARSE_E; - } - length -= (idx - lenStartIdx); - /* check that strLen at index is not past input buffer */ - if (strLen + idx > sz) { - return BUFFER_E; - } - - rid = AltNameNew(cert->heap); - if (rid == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - return MEMORY_E; - } - - rid->type = ASN_RID_TYPE; - rid->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, - DYNAMIC_TYPE_ALTNAME); - if (rid->name == NULL) { - WOLFSSL_MSG("\tOut of Memory"); - XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - rid->len = strLen; - XMEMCPY(rid->name, &input[idx], strLen); - rid->name[strLen] = '\0'; - - if (GenerateDNSEntryRIDString(rid, cert->heap) != 0) { - WOLFSSL_MSG("\tOut of Memory for registered Id string"); - XFREE(rid->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - - AddAltName(cert, rid); - - length -= strLen; - idx += (word32)strLen; - } -#endif /* WOLFSSL_RID_ALT_NAME */ -#endif /* IGNORE_NAME_CONSTRAINTS */ - else if (current_byte == - (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { - int strLen; - word32 lenStartIdx = idx; - word32 oid = 0; - int ret = 0; - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: other name length"); - return ASN_PARSE_E; - } - /* Consume the rest of this sequence. */ - length -= (int)(((word32)strLen + idx - lenStartIdx)); - - if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) { - WOLFSSL_MSG("\tbad OID"); - return ASN_PARSE_E; - } - - /* handle parsing other type alt names */ - switch (oid) { - #ifdef WOLFSSL_SEP - case HW_NAME_OID: - ret = DecodeSepHwAltName(cert, input, &idx, sz); - if (ret != 0) - return ret; - break; - #endif /* WOLFSSL_SEP */ - #ifdef WOLFSSL_FPKI - case FASCN_OID: - case UPN_OID: - ret = DecodeConstructedOtherName(cert, input, &idx, sz, - oid); - if (ret != 0) - return ret; - break; - #endif /* WOLFSSL_FPKI */ - - default: - WOLFSSL_MSG("\tUnsupported other name type, skipping"); - if (GetLength(input, &idx, &strLen, sz) < 0) { - /* check to skip constructed other names too */ - if (DecodeConstructedOtherName(cert, input, &idx, sz, - (int)oid) != 0) { - WOLFSSL_MSG("\tfail: unsupported other name length"); - return ASN_PARSE_E; - } - } - else { - idx += (word32)strLen; - } - } - (void)ret; - } - else { - int strLen; - word32 lenStartIdx = idx; - - WOLFSSL_MSG("\tUnsupported name type, skipping"); - - if (GetLength(input, &idx, &strLen, sz) < 0) { - WOLFSSL_MSG("\tfail: unsupported name length"); - return ASN_PARSE_E; - } - length -= (int)((word32)strLen + idx - lenStartIdx); - idx += (word32)strLen; - } - } - - return 0; -#else word32 idx = 0; int length = 0; int ret = 0; @@ -20533,9 +18176,8 @@ } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for BasicConstraints. * X.509: RFC 5280, 4.2.1.9 - BasicConstraints. @@ -20576,57 +18218,10 @@ * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeBasicCaConstraint(const byte* input, int sz, byte *isCa, word16 *pathLength, byte *pathLengthSet) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - int ret; - - WOLFSSL_ENTER("DecodeBasicCaConstraint"); - - if (GetSequence(input, &idx, &length, (word32)sz) < 0) { - WOLFSSL_MSG("\tfail: bad SEQUENCE"); - return ASN_PARSE_E; - } - - if (length == 0) - return 0; - - /* If the basic ca constraint is false, this extension may be named, but - * left empty. So, if the length is 0, just return. */ - - ret = GetBoolean(input, &idx, (word32)sz); - - /* Removed logic for WOLFSSL_X509_BASICCONS_INT which was mistreating the - * pathlen value as if it were the CA Boolean value 7/2/2021 - KH. - * When CA Boolean not asserted use the default value "False" */ - if (ret < 0) { - WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN, set default FALSE"); - ret = 0; - } - - *isCa = ret ? 1 : 0; - - /* If there isn't any more data, return. */ - if (idx >= (word32)sz) { - return 0; - } - - ret = GetInteger16Bit(input, &idx, (word32)sz); - if (ret < 0) - return ret; - else if (ret > WOLFSSL_MAX_PATH_LEN) { - WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E); - return ASN_PATHLEN_SIZE_E; - } - - *pathLength = (word16)ret; - *pathLengthSet = 1; - - return 0; -#else DECL_ASNGETDATA(dataASN, basicConsASN_Length); int ret = 0; word32 idx = 0; @@ -20675,10 +18270,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif - } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode basic constraints extension in a certificate. * * X.509: RFC 5280, 4.2.1.9 - BasicConstraints. @@ -20835,99 +18428,9 @@ * is invalid. * @return BUFFER_E when data in buffer is too small. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeCrlDist(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0, localIdx; - int length = 0; - byte tag = 0; - - WOLFSSL_ENTER("DecodeCrlDist"); - - cert->extCrlInfoRaw = input; - cert->extCrlInfoRawSz = (int)sz; - - /* Unwrap the list of Distribution Points*/ - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - /* Unwrap a single Distribution Point */ - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - /* The Distribution Point has three explicit optional members - * First check for a DistributionPointName - */ - localIdx = idx; - if (GetASNTag(input, &localIdx, &tag, sz) == 0 && - tag == (ASN_CONSTRUCTED | DISTRIBUTION_POINT)) - { - idx++; - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - localIdx = idx; - if (GetASNTag(input, &localIdx, &tag, sz) == 0 && - tag == (ASN_CONSTRUCTED | CRLDP_FULL_NAME)) - { - idx++; - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - localIdx = idx; - if (GetASNTag(input, &localIdx, &tag, sz) == 0 && - tag == GENERALNAME_URI) - { - idx++; - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - cert->extCrlInfoSz = length; - cert->extCrlInfo = input + idx; - idx += (word32)length; - } - else - /* This isn't a URI, skip it. */ - idx += (word32)length; - } - else { - /* This isn't a FULLNAME, skip it. */ - idx += (word32)length; - } - } - - /* Check for reasonFlags */ - localIdx = idx; - if (idx < (word32)sz && - GetASNTag(input, &localIdx, &tag, sz) == 0 && - tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) - { - idx++; - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - idx += (word32)length; - } - - /* Check for cRLIssuer */ - localIdx = idx; - if (idx < (word32)sz && - GetASNTag(input, &localIdx, &tag, sz) == 0 && - tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2)) - { - idx++; - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - idx += (word32)length; - } - - if (idx < (word32)sz) - { - WOLFSSL_MSG("\tThere are more CRL Distribution Point records, " - "but we only use the first one."); - } - - return 0; -#else DECL_ASNGETDATA(dataASN, crlDistASN_Length); word32 idx = 0; int ret = 0; @@ -20982,9 +18485,8 @@ FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for the access description. * X.509: RFC 5280, 4.2.2.1 - Authority Information Access. @@ -21021,60 +18523,13 @@ * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - byte b = 0; - word32 oid; - - WOLFSSL_ENTER("DecodeAuthInfo"); - - /* Unwrap the list of AIAs */ - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - while ((idx < (word32)sz)) { - /* Unwrap a single AIA */ - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - oid = 0; - if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0) { - return ASN_PARSE_E; - } - - /* Only supporting URIs right now. */ - if (GetASNTag(input, &idx, &b, sz) < 0) - return ASN_PARSE_E; - - if (GetLength(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - /* Set ocsp entry */ - if (b == GENERALNAME_URI && oid == AIA_OCSP_OID && - cert->extAuthInfo == NULL) { - cert->extAuthInfoSz = length; - cert->extAuthInfo = input + idx; - } - #ifdef WOLFSSL_ASN_CA_ISSUER - /* Set CaIssuers entry */ - else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID && - cert->extAuthInfoCaIssuer == NULL) - { - cert->extAuthInfoCaIssuerSz = length; - cert->extAuthInfoCaIssuer = input + idx; - } - #endif - idx += (word32)length; - } - - return 0; -#else word32 idx = 0; int length = 0; int ret = 0; + int aiaIdx; WOLFSSL_ENTER("DecodeAuthInfo"); @@ -21096,35 +18551,48 @@ if (ret == 0) { word32 sz32; - /* Check we have OCSP and URI. */ - if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_OCSP_OID) && - (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) && - (cert->extAuthInfo == NULL)) { - /* Store URI for OCSP lookup. */ - GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], - &cert->extAuthInfo, &sz32); - cert->extAuthInfoSz = (int)sz32; - } - #ifdef WOLFSSL_ASN_CA_ISSUER - /* Check we have CA Issuer and URI. */ - else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == - AIA_CA_ISSUER_OID) && - (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) && - (cert->extAuthInfoCaIssuer == NULL)) { - /* Set CaIssuers entry */ - GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], - &cert->extAuthInfoCaIssuer, &sz32); - cert->extAuthInfoCaIssuerSz = (int)sz32; + if (dataASN[ACCESSDESCASN_IDX_LOC].tag == GENERALNAME_URI) { + const byte* uri = NULL; + + GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &uri, &sz32); + + /* Add to AIA list if space. */ + aiaIdx = cert->extAuthInfoListSz; + if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) { + cert->extAuthInfoList[aiaIdx].method = + dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum; + cert->extAuthInfoList[aiaIdx].uri = uri; + cert->extAuthInfoList[aiaIdx].uriSz = sz32; + cert->extAuthInfoListSz++; + } + else { + cert->extAuthInfoListOverflow = 1; + WOLFSSL_MSG("AIA list overflow"); + } + + /* Set first OCSP entry. */ + if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == + AIA_OCSP_OID) && (cert->extAuthInfo == NULL)) { + cert->extAuthInfo = uri; + cert->extAuthInfoSz = (int)sz32; + } + #ifdef WOLFSSL_ASN_CA_ISSUER + /* Set first CA Issuer entry. */ + else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == + AIA_CA_ISSUER_OID) && + (cert->extAuthInfoCaIssuer == NULL)) { + cert->extAuthInfoCaIssuer = uri; + cert->extAuthInfoCaIssuerSz = (int)sz32; + } + #endif } - #endif /* Otherwise skip. */ } } return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for AuthorityKeyIdentifier. @@ -21174,59 +18642,12 @@ * is invalid. * @return BUFFER_E when data in buffer is too small. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeAuthKeyId(const byte* input, word32 sz, const byte **extAuthKeyId, word32 *extAuthKeyIdSz, const byte **extAuthKeyIdIssuer, word32 *extAuthKeyIdIssuerSz, const byte **extAuthKeyIdIssuerSN, word32 *extAuthKeyIdIssuerSNSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - byte tag; - - WOLFSSL_ENTER("DecodeAuthKeyId"); - - if (extAuthKeyId) - *extAuthKeyId = NULL; - if (extAuthKeyIdSz) - *extAuthKeyIdSz = 0; - - if (extAuthKeyIdIssuer) - *extAuthKeyIdIssuer = NULL; - if (extAuthKeyIdIssuerSz) - *extAuthKeyIdIssuerSz = 0; - - if (extAuthKeyIdIssuerSN) - *extAuthKeyIdIssuerSN = NULL; - if (extAuthKeyIdIssuerSNSz) - *extAuthKeyIdIssuerSNSz = 0; - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - if (GetASNTag(input, &idx, &tag, sz) < 0) { - return ASN_PARSE_E; - } - - if (tag != (ASN_CONTEXT_SPECIFIC | 0)) { - WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); - return 0; - } - - if (GetLength(input, &idx, &length, sz) <= 0) { - WOLFSSL_MSG("\tfail: extension data length"); - return ASN_PARSE_E; - } - - if (extAuthKeyIdSz) - *extAuthKeyIdSz = length; - if (extAuthKeyId) - *extAuthKeyId = &input[idx]; - return 0; - -#else DECL_ASNGETDATA(dataASN, authKeyIdASN_Length); int ret = 0; @@ -21296,9 +18717,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode authority key identifier extension in a certificate. * * X.509: RFC 5280, 4.2.1.1 - Authority Key Identifier. @@ -21326,42 +18746,28 @@ ret = DecodeAuthKeyId(input, sz, &extAuthKeyId, &extAuthKeyIdSz, &extAuthKeyIdIssuer, &extAuthKeyIdIssuerSz, &extAuthKeyIdIssuerSN, &extAuthKeyIdIssuerSNSz); - - if (ret != 0) - return ret; - -#ifndef WOLFSSL_ASN_TEMPLATE - - if (extAuthKeyIdSz == 0) - { + if (ret != 0) { cert->extAuthKeyIdSet = 0; - return 0; + return ret; } - cert->extAuthKeyIdSz = extAuthKeyIdSz; + /* Each field is optional */ + if (extAuthKeyIdSz > 0) { + cert->extAuthKeyIdSet = 1; + cert->extAuthKeyIdSz = extAuthKeyIdSz; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -#ifdef WOLFSSL_AKID_NAME - cert->extRawAuthKeyIdSrc = input; - cert->extRawAuthKeyIdSz = sz; + cert->extAuthKeyIdSrc = extAuthKeyId; #endif - cert->extAuthKeyIdSrc = extAuthKeyId; -#endif /* OPENSSL_EXTRA */ - - return GetHashId(extAuthKeyId, extAuthKeyIdSz, cert->extAuthKeyId, - HashIdAlg(cert->signatureOID)); -#else - /* Each field is optional */ - if (extAuthKeyIdSz > 0) { -#ifdef OPENSSL_EXTRA - cert->extAuthKeyIdSrc = extAuthKeyId; - cert->extAuthKeyIdSz = extAuthKeyIdSz; -#endif /* OPENSSL_EXTRA */ /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(extAuthKeyId, (int)extAuthKeyIdSz, cert->extAuthKeyId, HashIdAlg(cert->signatureOID)); } + else { + cert->extAuthKeyIdSet = 0; + } + #ifdef WOLFSSL_AKID_NAME if (ret == 0 && extAuthKeyIdIssuerSz > 0) { cert->extAuthKeyIdIssuer = extAuthKeyIdIssuer; @@ -21373,15 +18779,15 @@ } #endif /* WOLFSSL_AKID_NAME */ if (ret == 0) { -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + defined(WOLFSSL_AKID_NAME) /* Store the raw authority key id. */ cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSz = sz; -#endif /* OPENSSL_EXTRA */ +#endif } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } /* Decode subject key id extension. @@ -21479,27 +18885,9 @@ * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeKeyUsage(const byte* input, word32 sz, word16 *extKeyUsage) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length; - int ret; - WOLFSSL_ENTER("DecodeKeyUsage"); - - ret = CheckBitString(input, &idx, &length, sz, 0, NULL); - if (ret != 0) - return ret; - - if (length == 0 || length > 2) - return ASN_PARSE_E; - - *extKeyUsage = (word16)(input[idx]); - if (length == 2) - *extKeyUsage |= (word16)(input[idx+1] << 8); - - return 0; -#else ASNGetData dataASN[keyUsageASN_Length]; word32 idx = 0; byte keyUsage[2]; @@ -21521,9 +18909,8 @@ *extKeyUsage |= (word16)(keyUsage[1] << 8); } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode key usage extension in a certificate. * * X.509: RFC 5280, 4.2.1.3 - Key Usage. @@ -21575,93 +18962,12 @@ * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeExtKeyUsage(const byte* input, word32 sz, const byte **extExtKeyUsageSrc, word32 *extExtKeyUsageSz, word32 *extExtKeyUsageCount, byte *extExtKeyUsage, byte *extExtKeyUsageSsh) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0, oid; - int length, ret; - - WOLFSSL_ENTER("DecodeExtKeyUsage"); - - (void) extExtKeyUsageSrc; - (void) extExtKeyUsageSz; - (void) extExtKeyUsageCount; - (void) extExtKeyUsageSsh; - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - *extExtKeyUsageSrc = NULL; - *extExtKeyUsageSz = 0; - *extExtKeyUsageCount = 0; -#endif - *extExtKeyUsage = 0; -#ifdef WOLFSSL_WOLFSSH - *extExtKeyUsageSsh = 0; -#endif - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - *extExtKeyUsageSrc = input + idx; - *extExtKeyUsageSz = length; -#endif - - while (idx < (word32)sz) { - ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz); - if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)) - continue; - else if (ret < 0) - return ret; - - switch (oid) { - case EKU_ANY_OID: - *extExtKeyUsage |= EXTKEYUSE_ANY; - break; - case EKU_SERVER_AUTH_OID: - *extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH; - break; - case EKU_CLIENT_AUTH_OID: - *extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH; - break; - case EKU_CODESIGNING_OID: - *extExtKeyUsage |= EXTKEYUSE_CODESIGN; - break; - case EKU_EMAILPROTECT_OID: - *extExtKeyUsage |= EXTKEYUSE_EMAILPROT; - break; - case EKU_TIMESTAMP_OID: - *extExtKeyUsage |= EXTKEYUSE_TIMESTAMP; - break; - case EKU_OCSP_SIGN_OID: - *extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN; - break; - #ifdef WOLFSSL_WOLFSSH - case EKU_SSH_CLIENT_AUTH_OID: - *extExtKeyUsageSsh |= EXTKEYUSE_SSH_CLIENT_AUTH; - break; - case EKU_SSH_MSCL_OID: - *extExtKeyUsageSsh |= EXTKEYUSE_SSH_MSCL; - break; - case EKU_SSH_KP_CLIENT_AUTH_OID: - *extExtKeyUsageSsh |= EXTKEYUSE_SSH_KP_CLIENT_AUTH; - break; - #endif /* WOLFSSL_WOLFSSH */ - default: - break; - } - - #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) - (*extExtKeyUsageCount)++; - #endif - } - - return 0; -#else word32 idx = 0; int length; int ret = 0; @@ -21745,9 +19051,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Decode extended key usage extension in a certificate. * * X.509: RFC 5280, 4.2.1.12 - Extended Key Usage. @@ -21919,91 +19224,10 @@ * @return MEMORY_E when dynamic memory allocation fails. * @return ASN_PARSE_E when SEQUENCE is not found as expected. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, word32 limit, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int ret = 0; - word32 cnt = 0; - - (void)heap; - - while (idx < (word32)sz) { - int seqLength, strLength; - word32 nameIdx; - byte b, bType; - - if (limit > 0) { - cnt++; - if (cnt > limit) { - WOLFSSL_MSG("too many name constraints"); - return ASN_NAME_INVALID_E; - } - } - - if (GetSequence(input, &idx, &seqLength, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - if (idx >= (word32)sz) { - WOLFSSL_MSG("\tfail: expecting tag"); - return ASN_PARSE_E; - } - - nameIdx = idx; - b = input[nameIdx++]; - - if (GetLength(input, &nameIdx, &strLength, sz) <= 0) { - WOLFSSL_MSG("\tinvalid length"); - return ASN_PARSE_E; - } - - /* Get type, LSB 4-bits */ - bType = (byte)(b & ASN_TYPE_MASK); - - if (bType == ASN_DNS_TYPE || bType == ASN_RFC822_TYPE || - bType == ASN_DIR_TYPE) { - Base_entry* entry; - - /* if constructed has leading sequence */ - if (b & ASN_CONSTRUCTED) { - if (GetSequence(input, &nameIdx, &strLength, sz) < 0) { - WOLFSSL_MSG("\tfail: constructed be a SEQUENCE"); - return ASN_PARSE_E; - } - } - - entry = (Base_entry*)XMALLOC(sizeof(Base_entry), heap, - DYNAMIC_TYPE_ALTNAME); - if (entry == NULL) { - WOLFSSL_MSG("allocate error"); - return MEMORY_E; - } - - entry->name = (char*)XMALLOC((size_t)strLength+1, heap, - DYNAMIC_TYPE_ALTNAME); - if (entry->name == NULL) { - WOLFSSL_MSG("allocate error"); - XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME); - return MEMORY_E; - } - - XMEMCPY(entry->name, &input[nameIdx], (size_t)strLength); - entry->name[strLength] = '\0'; - entry->nameSz = strLength; - entry->type = bType; - - entry->next = *head; - *head = entry; - } - - idx += (word32)seqLength; - } - - return ret; -#else DECL_ASNGETDATA(dataASN, subTreeASN_Length); word32 idx = 0; int ret = 0; @@ -22042,7 +19266,9 @@ /* Check GeneralName tag is one of the types we can handle. */ if (t == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE) || t == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE) || - t == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { + t == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE) || + t == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE) || + t == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { /* Parse the general name and store a new entry. */ ret = DecodeSubtreeGeneralName(input + GetASNItem_DataIdx(dataASN[SUBTREEASN_IDX_BASE], input), @@ -22054,9 +19280,8 @@ FREE_ASNGETDATA(dataASN, heap); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for NameConstraints. * X.509: RFC 5280, 4.2.1.10 - Name Constraints. @@ -22090,49 +19315,10 @@ * is invalid. * @return MEMORY_E on dynamic memory allocation failure. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeNameConstraints(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - - WOLFSSL_ENTER("DecodeNameConstraints"); - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - while (idx < (word32)sz) { - byte b = input[idx++]; - Base_entry** subtree = NULL; - - if (GetLength(input, &idx, &length, sz) <= 0) { - WOLFSSL_MSG("\tinvalid length"); - return ASN_PARSE_E; - } - - if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) - subtree = &cert->permittedNames; - else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) - subtree = &cert->excludedNames; - else { - WOLFSSL_MSG("\tinvalid subtree"); - return ASN_PARSE_E; - } - - if (DecodeSubtree(input + idx, (word32)length, subtree, - WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap) < 0) { - WOLFSSL_MSG("\terror parsing subtree"); - return ASN_PARSE_E; - } - - idx += (word32)length; - } - - return 0; -#else DECL_ASNGETDATA(dataASN, nameConstraintsASN_Length); word32 idx = 0; int ret = 0; @@ -22168,8 +19354,8 @@ FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* IGNORE_NAME_CONSTRAINTS */ #if defined(WOLFSSL_CERT_EXT) || \ @@ -22181,9 +19367,12 @@ { word32 val, inIdx = 0, outIdx = 0; int w = 0; + int cnt = 0; if (out == NULL || in == NULL || outSz < 4 || inSz < 2) return BAD_FUNC_ARG; + if (inSz >= ASN_LONG_LENGTH) + return BAD_FUNC_ARG; /* The first byte expands into b/40 dot b%40. */ val = in[inIdx++]; @@ -22196,12 +19385,17 @@ outIdx += (word32)w; val = 0; - while (inIdx < inSz && outIdx < outSz) { + while ((inIdx < inSz) && (outIdx < outSz)) { /* extract the next OID digit from in to val */ /* first bit is used to set if value is coded on 1 or multiple bytes */ if (in[inIdx] & 0x80) { + if (cnt == 4) { + w = ASN_OBJECT_ID_E; + goto exit; + } val += in[inIdx] & 0x7F; - val *= 128; + val <<= 7; + cnt++; } else { /* write val as text into out */ @@ -22213,6 +19407,7 @@ } outIdx += (word32)w; val = 0; + cnt = 0; } inIdx++; } @@ -22250,113 +19445,9 @@ #endif /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 oldIdx; - int policy_length = 0; - int ret; - int total_length = 0; -#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) - int i; -#endif - - WOLFSSL_ENTER("DecodeCertPolicy"); - - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - return BAD_FUNC_ARG; - -#if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; -#endif - - if (GetSequence(input, &idx, &total_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy total seq failed"); - return ASN_PARSE_E; - } - - /* Validate total length */ - if (total_length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length mismatch"); - return ASN_PARSE_E; - } - - /* Unwrap certificatePolicies */ - do { - int length = 0; - - if (GetSequence(input, &idx, &policy_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy seq failed"); - return ASN_PARSE_E; - } - - oldIdx = idx; - ret = GetASNObjectId(input, &idx, &length, sz); - if (ret != 0) - return ret; - policy_length -= (int)(idx - oldIdx); - - if (length > 0) { - /* Verify length won't overrun buffer */ - if (length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); - return ASN_PARSE_E; - } - - #ifdef WOLFSSL_SEP - if (cert->deviceType == NULL) { - cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->deviceType == NULL) { - WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); - return MEMORY_E; - } - cert->deviceTypeSz = length; - XMEMCPY(cert->deviceType, input + idx, (size_t)length); - } - #endif - - #ifdef WOLFSSL_CERT_EXT - /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[ - cert->extCertPoliciesNb], MAX_CERTPOL_SZ, - input + idx, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; i < cert->extCertPoliciesNb; i++) { - if (XMEMCMP(cert->extCertPolicies[i], - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - return CERTPOLICIES_E; - } - } - #endif /* !WOLFSSL_DUP_CERTPOL */ - cert->extCertPoliciesNb++; - #endif - } - idx += (word32)policy_length; - } while((int)idx < total_length - #ifdef WOLFSSL_CERT_EXT - && cert->extCertPoliciesNb < MAX_CERTPOL_NB - #endif - ); - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return 0; -#else /* WOLFSSL_ASN_TEMPLATE */ word32 idx = 0; int ret = 0; int total_length = 0; @@ -22390,7 +19481,7 @@ #endif ) { ASNGetData dataASN[policyInfoASN_Length]; - byte* data = NULL; + const byte* data = NULL; word32 length = 0; /* Clear dynamic data and check OID is a cert policy type. */ @@ -22459,8 +19550,8 @@ WOLFSSL_LEAVE("DecodeCertPolicy", 0); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_SUBJ_DIR_ATTR @@ -22493,67 +19584,9 @@ * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0; - int ret = 0; - - WOLFSSL_ENTER("DecodeSubjDirAttr"); - -#ifdef OPENSSL_ALL - cert->extSubjDirAttrSrc = input; - cert->extSubjDirAttrSz = sz; -#endif /* OPENSSL_ALL */ - - /* Unwrap the list of Attributes */ - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - if (length == 0) { - /* RFC 5280 4.2.1.8. Subject Directory Attributes - If the subjectDirectoryAttributes extension is present, the - sequence MUST contain at least one entry. */ - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - - /* length is the length of the list contents */ - while (idx < (word32)sz) { - word32 oid; - - if (GetSequence(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - if (GetObjectId(input, &idx, &oid, oidSubjDirAttrType, sz) < 0) - return ASN_PARSE_E; - - if (GetSet(input, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - /* There may be more than one countryOfCitizenship, but save the - * first one for now. */ - if (oid == SDA_COC_OID) { - byte tag; - - if (GetHeader(input, &tag, &idx, &length, sz, 1) < 0) - return ASN_PARSE_E; - - if (length != COUNTRY_CODE_LEN) - return ASN_PARSE_E; - - if (tag == ASN_PRINTABLE_STRING) { - XMEMCPY(cert->countryOfCitizenship, - input + idx, COUNTRY_CODE_LEN); - cert->countryOfCitizenship[COUNTRY_CODE_LEN] = 0; - } - } - idx += length; - } - - return ret; -#else DECL_ASNGETDATA(dataASN, subjDirAttrASN_Length); int ret = 0; word32 idx = 0; @@ -22583,7 +19616,7 @@ (dataASN[SUBJDIRATTRASN_IDX_OID].data.oid.sum == SDA_COC_OID)) { int cuLen; word32 setIdx = 0; - byte* setData; + const byte* setData; word32 setLen; GetASN_GetRef(&dataASN[SUBJDIRATTRASN_IDX_SET], &setData, &setLen); @@ -22603,8 +19636,8 @@ } FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_SUBJ_DIR_ATTR */ #ifdef WOLFSSL_SUBJ_INFO_ACC @@ -23204,104 +20237,9 @@ * Processing the Certificate Extensions. This does not modify the current * index. It is works starting with the recorded extensions pointer. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int DecodeCertExtensions(DecodedCert* cert) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0; - word32 idx = 0; - word32 sz = (word32)cert->extensionsSz; - const byte* input = cert->extensions; - int length; - word32 oid; - byte critical = 0; - byte criticalFail = 0; - byte tag = 0; - - WOLFSSL_ENTER("DecodeCertExtensions"); - - if (input == NULL || sz == 0) - return BAD_FUNC_ARG; - -#ifdef WOLFSSL_CERT_REQ - if (!cert->isCSR) -#endif - { /* Not included in CSR */ - if (GetASNTag(input, &idx, &tag, sz) < 0) { - return ASN_PARSE_E; - } - - if (tag != ASN_EXTENSIONS) { - WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); - return ASN_PARSE_E; - } - - if (GetLength(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: invalid length"); - return ASN_PARSE_E; - } - } - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); - return ASN_PARSE_E; - } - - while (idx < (word32)sz) { - word32 localIdx; - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - oid = 0; - if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) { - WOLFSSL_MSG("\tfail: OBJECT ID"); - return ret; - } - - /* check for critical flag */ - critical = 0; - if ((idx + 1) > (word32)sz) { - WOLFSSL_MSG("\tfail: malformed buffer"); - return BUFFER_E; - } - - localIdx = idx; - if (GetASNTag(input, &localIdx, &tag, sz) == 0) { - if (tag == ASN_BOOLEAN) { - ret = GetBoolean(input, &idx, sz); - if (ret < 0) { - WOLFSSL_MSG("\tfail: critical boolean"); - return ret; - } - - critical = (byte)ret; - } - } - - /* process the extension based on the OID */ - ret = GetOctetString(input, &idx, &length, sz); - if (ret < 0) { - WOLFSSL_MSG("\tfail: bad OCTET STRING"); - return ret; - } - - ret = DecodeExtensionType(input + idx, (word32)length, oid, critical, - cert, NULL); - if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { - ret = 0; - criticalFail = 1; - } - if (ret < 0) - goto end; - idx += (word32)length; - } - - ret = criticalFail ? ASN_CRIT_EXT_E : 0; -end: - return ret; -#else DECL_ASNGETDATA(dataASN, certExtASN_Length); ASNGetData dataExtsASN[certExtHdrASN_Length]; int ret = 0; @@ -23356,7 +20294,7 @@ if (isUnknownExt && (cert->unknownExtCallback != NULL || cert->unknownExtCallbackEx != NULL)) { word16 decOid[MAX_OID_SZ]; - word32 decOidSz = sizeof(decOid); + word32 decOidSz = MAX_OID_SZ; ret = DecodeObjectId( dataASN[CERTEXTASN_IDX_OID].data.oid.data, dataASN[CERTEXTASN_IDX_OID].data.oid.length, @@ -23403,9 +20341,8 @@ FREE_ASNGETDATA(dataASN, cert->heap); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE #if defined(HAVE_RPK) @@ -23591,7 +20528,8 @@ #ifndef NO_ASN_TIME_CHECK /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */ if ((ret == 0) && (! AsnSkipDateCheck)) { - if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) { + if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType, + (int)dataASN->data.ref.length)) { if (dateType == ASN_BEFORE) { ret = ASN_BEFORE_DATE_E; } @@ -23871,10 +20809,17 @@ } } if (ret == 0) { - /* Store parameters for use in signature verification. */ - cert->sigParamsIndex = - dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].offset; - cert->sigParamsLength = sigAlgParamsSz; + /* Store parameters for use in signature verification. + * Use full TLV length: tag (1) + length bytes + content. + * GetASNItem_Length can be content-only when buffer.data unset. */ + word32 off = dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].offset; + word32 contentLen = + (word32)dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].length; + cert->sigParamsIndex = off; + cert->sigParamsLength = (contentLen <= 127) + ? (2 + contentLen) + : GetASNItem_Length( + dataASN[X509CERTASN_IDX_SIGALGO_PARAMS], cert->source); } } #endif @@ -23908,8 +20853,6 @@ cert->extensionsSz = (int)GetASNItem_Length( dataASN[X509CERTASN_IDX_TBS_EXT], cert->source); cert->extensionsIdx = dataASN[X509CERTASN_IDX_TBS_EXT].offset; - /* Advance past extensions. */ - cert->srcIdx = dataASN[X509CERTASN_IDX_SIGALGO_SEQ].offset; } } @@ -24068,8 +21011,8 @@ 1, input, &idx, maxIdx); if (ret == 0) { /* Store references to password data. */ - cert->contentType = - (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; + cert->contentType = (const char*) + strDataASN[STRATTRASN_IDX_STR].data.ref.data; cert->contentTypeLen = (int)strDataASN[STRATTRASN_IDX_STR].data.ref.length; } @@ -24087,8 +21030,8 @@ 1, input, &idx, maxIdx); if (ret == 0) { /* Store references to password data. */ - cert->cPwd = - (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; + cert->cPwd = (const char*) + strDataASN[STRATTRASN_IDX_STR].data.ref.data; cert->cPwdLen = (int)strDataASN[STRATTRASN_IDX_STR]. data.ref.length; } @@ -24107,8 +21050,8 @@ 1, input, &idx, maxIdx); if (ret == 0) { /* Store references to serial number. */ - cert->sNum = - (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; + cert->sNum = (const char*) + strDataASN[STRATTRASN_IDX_STR].data.ref.data; cert->sNumLen = (int)strDataASN[STRATTRASN_IDX_STR]. data.ref.length; /* Store serial number if small enough. */ @@ -24128,8 +21071,8 @@ 1, input, &idx, maxIdx); if (ret == 0) { /* Store references to unstructured name. */ - cert->unstructuredName = - (char*)strDataASN[STRATTRASN_IDX_STR].data.ref.data; + cert->unstructuredName = (const char*) + strDataASN[STRATTRASN_IDX_STR].data.ref.data; cert->unstructuredNameLen = (int)strDataASN[STRATTRASN_IDX_STR]. data.ref.length; } @@ -24418,6 +21361,71 @@ return ParseCert(cert, type, verify, cm); } +int wc_GetDecodedCertSubject(const struct DecodedCert* cert, char* buf, + word32* bufSz) +{ + word32 sz; + + if (cert == NULL || bufSz == NULL) + return BAD_FUNC_ARG; + + sz = (word32)XSTRLEN(cert->subject); + + if (buf == NULL) { + *bufSz = sz; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (*bufSz < sz) + return BUFFER_E; + + XMEMCPY(buf, cert->subject, sz); + *bufSz = sz; + return 0; +} + +int wc_GetDecodedCertIssuer(const struct DecodedCert* cert, char* buf, + word32* bufSz) +{ + word32 sz; + + if (cert == NULL || bufSz == NULL) + return BAD_FUNC_ARG; + + sz = (word32)XSTRLEN(cert->issuer); + + if (buf == NULL) { + *bufSz = sz; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (*bufSz < sz) + return BUFFER_E; + + XMEMCPY(buf, cert->issuer, sz); + *bufSz = sz; + return 0; +} + +int wc_GetDecodedCertSerial(const struct DecodedCert* cert, byte* buf, + word32* bufSz) +{ + if (cert == NULL || bufSz == NULL) + return BAD_FUNC_ARG; + + if (buf == NULL) { + *bufSz = (word32)cert->serialSz; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + if (*bufSz < (word32)cert->serialSz) + return BUFFER_E; + + XMEMCPY(buf, cert->serial, (size_t)cert->serialSz); + *bufSz = (word32)cert->serialSz; + return 0; +} + #ifdef WOLFCRYPT_ONLY /* dummy functions, not using wolfSSL so don't need actual ones */ @@ -24497,7 +21505,7 @@ int ret = 0; word32 idx = 0; word32 extEndIdx; - byte* extData; + const byte* extData; word32 extDataSz; byte critical; @@ -24562,352 +21570,10 @@ * Doesn't support: * OCSP Only: alt lookup using subject and pub key w/o sig check */ +#ifdef WOLFSSL_ASN_TEMPLATE static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req) { -#ifndef WOLFSSL_ASN_TEMPLATE -#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) - SignatureCtx sigCtx[1]; -#else - SignatureCtx* sigCtx; -#endif - byte hash[KEYID_SIZE]; - Signer* ca = NULL; - word32 idx = 0; - int len; - word32 tbsCertIdx = 0; - word32 sigIndex = 0; - word32 signatureOID = 0; - word32 oid = 0; - word32 issuerIdx = 0; - word32 issuerSz = 0; -#ifndef NO_SKID - int extLen = 0; - word32 extIdx = 0; - word32 extEndIdx = 0; - int extAuthKeyIdSet = 0; -#endif - int ret = 0; - word32 localIdx; - byte tag; - const byte* sigParams = NULL; - word32 sigParamsSz = 0; - - - if (cert == NULL) { - return BAD_FUNC_ARG; - } - -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, DYNAMIC_TYPE_SIGNATURE); - if (sigCtx == NULL) - return MEMORY_E; -#endif - - InitSignatureCtx(sigCtx, heap, INVALID_DEVID); - - /* Certificate SEQUENCE */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - if (ret == 0) { - tbsCertIdx = idx; - - /* TBSCertificate SEQUENCE */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - sigIndex = len + idx; - - if ((idx + 1) > certSz) - ret = BUFFER_E; - } - if (ret == 0) { - /* version - optional */ - localIdx = idx; - if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { - if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { - idx++; - if (GetLength(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - idx += len; - } - } - } - - if (ret == 0) { - /* serialNumber */ - if (GetASNHeader(cert, ASN_INTEGER, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - idx += len; - - /* signature */ - if (!req) { - if (GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) - ret = ASN_PARSE_E; - #ifdef WC_RSA_PSS - else if (signatureOID == CTC_RSASSAPSS) { - int start = idx; - sigParams = cert + idx; - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - if (ret == 0) { - idx += len; - sigParamsSz = idx - start; - } - } - #endif - } - } - - if (ret == 0) { - issuerIdx = idx; - /* issuer for cert or subject for csr */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - issuerSz = len + idx - issuerIdx; - } -#ifndef NO_SKID - if (!req && ret == 0) { - idx += len; - - /* validity */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (!req && ret == 0) { - idx += len; - - /* subject */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - idx += len; - - /* subjectPublicKeyInfo */ - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - } - if (req && ret == 0) { - idx += len; - - /* attributes */ - if (GetASNHeader_ex(cert, - ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, - &len, certSz, 1) < 0) - ret = ASN_PARSE_E; - } - if (!req) { - if (ret == 0) { - idx += len; - - if ((idx + 1) > certSz) - ret = BUFFER_E; - } - if (ret == 0) { - /* issuerUniqueID - optional */ - localIdx = idx; - if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { - if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { - idx++; - if (GetLength(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - idx += len; - } - } - } - if (ret == 0) { - if ((idx + 1) > certSz) - ret = BUFFER_E; - } - if (ret == 0) { - /* subjectUniqueID - optional */ - localIdx = idx; - if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { - if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { - idx++; - if (GetLength(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - idx += len; - } - } - } - - if (ret == 0) { - if ((idx + 1) > certSz) - ret = BUFFER_E; - } - /* extensions - optional */ - localIdx = idx; - if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && - tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { - idx++; - if (GetLength(cert, &idx, &extLen, certSz) < 0) - ret = ASN_PARSE_E; - if (ret == 0) { - if (GetSequence(cert, &idx, &extLen, certSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - extEndIdx = idx + extLen; - - /* Check each extension for the ones we want. */ - while (ret == 0 && idx < extEndIdx) { - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - if (ret == 0) { - extIdx = idx; - if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, - certSz) < 0) { - ret = ASN_PARSE_E; - } - - if (ret == 0) { - if ((extIdx + 1) > certSz) - ret = BUFFER_E; - } - } - - if (ret == 0) { - localIdx = extIdx; - if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && - tag == ASN_BOOLEAN) { - if (GetBoolean(cert, &extIdx, certSz) < 0) - ret = ASN_PARSE_E; - } - } - if (ret == 0) { - if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) - ret = ASN_PARSE_E; - } - - if (ret == 0) { - switch (oid) { - case AUTH_KEY_OID: - if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) - ret = ASN_PARSE_E; - - if (ret == 0 && (extIdx + 1) >= certSz) - ret = BUFFER_E; - - if (ret == 0 && - GetASNTag(cert, &extIdx, &tag, certSz) == 0 && - tag == (ASN_CONTEXT_SPECIFIC | 0)) { - if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) - ret = ASN_PARSE_E; - if (ret == 0) { - extAuthKeyIdSet = 1; - /* Get the hash or hash of the hash if wrong - * size. */ - ret = GetHashId(cert + extIdx, extLen, - hash, HashIdAlg(signatureOID)); - } - } - break; - - default: - break; - } - } - idx += len; - } - } - } - } - else if (ret == 0) { - idx += len; - } - - if (ret == 0 && pubKey == NULL) { - if (extAuthKeyIdSet) - ca = GetCA(cm, hash); - if (ca == NULL) { - ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash, - HashIdAlg(signatureOID)); - if (ret == 0) - ca = GetCAByName(cm, hash); - } - } -#else - if (ret == 0 && pubKey == NULL) { - ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash, - HashIdAlg(signatureOID)); - if (ret == 0) - ca = GetCA(cm, hash); - } -#endif /* !NO_SKID */ - if (ca == NULL && pubKey == NULL) - ret = ASN_NO_SIGNER_E; - - if (ret == 0) { - idx = sigIndex; - /* signatureAlgorithm */ - if (GetAlgoId(cert, &idx, &oid, oidSigType, certSz) < 0) - ret = ASN_PARSE_E; - #ifdef WC_RSA_PSS - else if (signatureOID == CTC_RSASSAPSS) { - word32 sz = idx; - const byte* params = cert + idx; - if (GetSequence(cert, &idx, &len, certSz) < 0) - ret = ASN_PARSE_E; - if (ret == 0) { - idx += len; - sz = idx - sz; - - if (req) { - if ((sz != sigParamsSz) || - (XMEMCMP(sigParams, params, sz) != 0)) { - ret = ASN_PARSE_E; - } - } - else { - sigParams = params; - sigParamsSz = sz; - } - } - } - #endif - /* In CSR signature data is not present in body */ - if (req) - signatureOID = oid; - } - if (ret == 0) { - if (oid != signatureOID) - ret = ASN_SIG_OID_E; - } - if (ret == 0) { - /* signatureValue */ - if (CheckBitString(cert, &idx, &len, certSz, 1, NULL) < 0) - ret = ASN_PARSE_E; - } - - if (ret == 0) { - if (pubKey != NULL) { - ret = ConfirmSignature(sigCtx, cert + tbsCertIdx, - sigIndex - tbsCertIdx, pubKey, pubKeySz, pubKeyOID, - cert + idx, len, signatureOID, sigParams, sigParamsSz, NULL); - } - else { - ret = ConfirmSignature(sigCtx, cert + tbsCertIdx, - sigIndex - tbsCertIdx, ca->publicKey, ca->pubKeySize, - ca->keyOID, cert + idx, len, signatureOID, sigParams, - sigParamsSz, NULL); - } - if (ret != 0) { - WOLFSSL_ERROR_VERBOSE(ret); - WOLFSSL_MSG("Confirm signature failed"); - } - } - - FreeSignatureCtx(sigCtx); - WC_FREE_VAR_EX(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); - return ret; -#else /* WOLFSSL_ASN_TEMPLATE */ /* X509 ASN.1 template longer than Certificate Request template. */ DECL_ASNGETDATA(dataASN, x509CertASN_Length); WC_DECLARE_VAR(sigCtx, SignatureCtx, 1, 0); @@ -24943,11 +21609,9 @@ ret = BAD_FUNC_ARG; } - ALLOC_ASNGETDATA(dataASN, x509CertASN_Length, ret, heap); + CALLOC_ASNGETDATA(dataASN, x509CertASN_Length, ret, heap); if ((ret == 0) && (!req)) { - /* Clear dynamic data for certificate items. */ - XMEMSET(dataASN, 0, sizeof(ASNGetData) * x509CertASN_Length); /* Set OID types expected for signature and public key. */ GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_ALGOID_OID], oidSigType); GetASN_OID(&dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID], @@ -25010,8 +21674,6 @@ #ifndef WOLFSSL_CERT_REQ ret = NOT_COMPILED_IN; #else - /* Clear dynamic data for certificate request items. */ - XMEMSET(dataASN, 0, sizeof(ASNGetData) * certReqASN_Length); /* Set OID types expected for signature and public key. */ GetASN_OID(&dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_ALGOID_OID], oidKeyType); @@ -25021,6 +21683,7 @@ /* Parse certificate request. */ ret = GetASN_Items(certReqASN, dataASN, certReqASN_Length, 1, cert, &idx, certSz); + if (ret == 0) { /* Store the data for verification in the certificate. */ tbs = GetASNItem_Addr(dataASN[CERTREQASN_IDX_INFO_SEQ], cert); @@ -25031,11 +21694,14 @@ dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ], cert); sigOID = dataASN[CERTREQASN_IDX_INFO_SIGALGO_OID].data.oid.sum; #ifdef WC_RSA_PSS - sigParams = GetASNItem_Addr(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS], - cert); - sigParamsSz = - GetASNItem_Length(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS], - cert); + if (GetASNItem_HaveData(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS])) { + sigParams = + GetASNItem_Addr(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS], + cert); + sigParamsSz = + GetASNItem_Length(dataASN[X509CERTASN_IDX_SIGALGO_PARAMS], + cert); + } #endif GetASN_GetConstRef(&dataASN[CERTREQASN_IDX_INFO_SIGNATURE], &sig, &sigSz); @@ -25109,9 +21775,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Call CheckCertSignature_ex using a public key buffer for verification */ int CheckCertSignaturePubKey(const byte* cert, word32 certSz, void* heap, const byte* pubKey, word32 pubKeySz, int pubKeyOID) @@ -25710,7 +22375,22 @@ } if (cert->ca != NULL && XMEMCMP(cert->issuerHash, cert->ca->subjectNameHash, KEYID_SIZE) != 0) { - cert->ca = NULL; + #ifdef WOLFSSL_ALLOW_AKID_SKID_MATCH + /* if hash of cert subject does not match hash of issuer + * then try with AKID/SKID if available */ + if (cert->extAuthKeyIdSet && cert->extAuthKeyIdSz > 0 && + cert->extAuthKeyIdSz == + (word32)sizeof(cert->ca->subjectKeyIdHash) && + XMEMCMP(cert->extAuthKeyId, cert->ca->subjectKeyIdHash, + cert->extAuthKeyIdSz) == 0) { + WOLFSSL_MSG("Cert AKID matches CA SKID"); + } + else + #endif + { + WOLFSSL_MSG("Cert subject hash does not match issuer hash"); + cert->ca = NULL; + } } if (cert->ca == NULL) { cert->ca = GetCAByName(cm, cert->issuerHash); @@ -26077,7 +22757,7 @@ #endif XMEMCPY(signer->subjectNameHash, cert->subjectHash, SIGNER_DIGEST_SIZE); - #if defined(HAVE_OCSP) || defined(HAVE_CRL) + #if defined(HAVE_OCSP) || defined(HAVE_CRL) || defined(WOLFSSL_AKID_NAME) XMEMCPY(signer->issuerNameHash, cert->issuerHash, SIGNER_DIGEST_SIZE); #endif @@ -26087,9 +22767,12 @@ #endif signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage : 0xFFFF; + signer->extKeyUsage = cert->extExtKeyUsage; signer->next = NULL; /* If Key Usage not set, all uses valid. */ cert->publicKey = 0; /* in case lock fails don't free here. */ + cert->pubKeyStored = 0; cert->subjectCN = 0; + cert->subjectCNStored = 0; #ifndef IGNORE_NAME_CONSTRAINTS cert->permittedNames = NULL; cert->excludedNames = NULL; @@ -26125,8 +22808,17 @@ { (void)signer; (void)heap; - XFREE(signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); - XFREE((void*)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + + /* this cast is safe because signer->name is only set in FillSigner() + * from cert->subjectCN, and only if cert->subjectCNStored, in which case + * cert->subjectCN is set to NULL, imparting ownership to the Signer object. + */ + XFREE((void *)(wc_ptr_t)signer->name, heap, DYNAMIC_TYPE_SUBJECT_CN); + /* this cast is safe because signer->publicKey is only set in FillSigner() + * from cert->publicKey, and only if cert->pubKeyStored, in which case + * cert->publicKey is set to NULL, imparting ownership to the Signer object. + */ + XFREE((void*)(wc_ptr_t)signer->publicKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); #ifdef WOLFSSL_DUAL_ALG_CERTS XFREE(signer->sapkiDer, heap, DYNAMIC_TYPE_PUBLIC_KEY); #endif @@ -26201,7 +22893,11 @@ return; } - XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); + /* safe cast -- when .name is set in AddTrustedPeer() from cert->subjectCN, + * it inherits the allocation from ParseCert(), and cert->subjectCN is set + * to NULL. + */ + XFREE((void *)(wc_ptr_t)tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); #ifndef IGNORE_NAME_CONSTRAINTS @@ -26312,43 +23008,6 @@ } #endif -#ifndef WOLFSSL_ASN_TEMPLATE -int wc_GetSerialNumber(const byte* input, word32* inOutIdx, - byte* serial, int* serialSz, word32 maxIdx) -{ - int result = 0; - int ret; - - WOLFSSL_ENTER("wc_GetSerialNumber"); - - if (serial == NULL || input == NULL || serialSz == NULL) { - return BAD_FUNC_ARG; - } - - /* First byte is ASN type */ - if ((*inOutIdx+1) > maxIdx) { - WOLFSSL_MSG("Bad idx first"); - return BUFFER_E; - } - - ret = GetASNInt(input, inOutIdx, serialSz, maxIdx); - if (ret != 0) - return ret; - - if (*serialSz > EXTERNAL_SERIAL_SIZE || *serialSz <= 0) { - WOLFSSL_MSG("Serial size bad"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - - /* return serial */ - XMEMCPY(serial, &input[*inOutIdx], (size_t)*serialSz); - *inOutIdx += (word32)*serialSz; - - return result; -} -#endif - #ifndef NO_CERTS /* TODO: consider moving PEM code out to a different file. */ @@ -26421,6 +23080,7 @@ } } +#ifndef WOLFSSL_API_PREFIX_MAP int wc_AllocDer(DerBuffer** pDer, word32 length, int type, void* heap) { return AllocDer(pDer, length, type, heap); @@ -26429,6 +23089,7 @@ { FreeDer(pDer); } +#endif #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) @@ -26786,6 +23447,15 @@ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) static wcchar kEncTypeAesCbc256 = "AES-256-CBC"; #endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + static wcchar kEncTypeAesCtr128 = "AES-128-CTR"; +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + static wcchar kEncTypeAesCtr192 = "AES-192-CTR"; +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + static wcchar kEncTypeAesCtr256 = "AES-256-CTR"; +#endif int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) { @@ -26842,6 +23512,30 @@ } else #endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr128) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_128_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr192) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_192_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr256) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_256_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else +#endif { ret = NOT_COMPILED_IN; } @@ -26854,7 +23548,7 @@ int err = 0; const char* bufferStart; const char* bufferEnd; - char* line; + const char* line; if (info == NULL || pBuffer == NULL || bufSz == 0) return BAD_FUNC_ARG; @@ -26867,8 +23561,8 @@ min((word32)bufSz, PEM_LINE_LEN)); if (line != NULL) { word32 lineSz; - char* finish; - char* start; + const char* finish; + const char* start; word32 startSz; const char* newline = NULL; @@ -27132,6 +23826,7 @@ #ifdef OPENSSL_EXTRA char beginBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ char endBuf[PEM_LINE_LEN + 1]; /* add 1 for null terminator */ + int origType = type; #endif #ifdef WOLFSSL_ENCRYPTED_KEYS int hashType = WC_HASH_TYPE_NONE; @@ -27151,7 +23846,7 @@ /* map header if not found for type */ for (;;) { - headerEnd = XSTRNSTR((char*)buff, header, sz); + headerEnd = XSTRNSTR((const char *)buff, header, sz); if (headerEnd) { break; } @@ -27226,6 +23921,27 @@ footer = END_X509_CRL; } #endif + else if (type == CERT_TYPE + || type == CA_TYPE + || type == CHAIN_CERT_TYPE + || type == TRUSTED_PEER_TYPE) { + if (header == BEGIN_CERT) { + header = BEGIN_TRUSTED_CERT; + footer = END_TRUSTED_CERT; + } + else { + break; + } + } + else if (type == TRUSTED_CERT_TYPE) { + if (header == BEGIN_TRUSTED_CERT) { + header = BEGIN_CERT; + footer = END_CERT; + } + else { + break; + } + } else { break; } @@ -27233,9 +23949,9 @@ if (!headerEnd) { #ifdef OPENSSL_EXTRA - if (type == PRIVATEKEY_TYPE + if (origType == PRIVATEKEY_TYPE #ifdef WOLFSSL_DUAL_ALG_CERTS - || type == ALT_PRIVATEKEY_TYPE + || origType == ALT_PRIVATEKEY_TYPE #endif ) { /* see if there is a -----BEGIN * PRIVATE KEY----- header */ @@ -27356,7 +24072,7 @@ #endif /* WOLFSSL_ENCRYPTED_KEYS */ /* find footer */ - footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((char*)buff + + footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((const char*)buff + sz - headerEnd)); if (!footerEnd) { if (info) @@ -27395,7 +24111,7 @@ case CERT_TYPE: case TRUSTED_CERT_TYPE: case CRL_TYPE: - if (Base64_Decode_nonCT((byte*)headerEnd, (word32)neededSz, + if (Base64_Decode_nonCT((const byte*)headerEnd, (word32)neededSz, der->buffer, &der->length) < 0) { WOLFSSL_ERROR(BUFFER_E); @@ -27403,7 +24119,7 @@ } break; default: - if (Base64_Decode((byte*)headerEnd, (word32)neededSz, + if (Base64_Decode((const byte*)headerEnd, (word32)neededSz, der->buffer, &der->length) < 0) { WOLFSSL_ERROR(BUFFER_E); return BUFFER_E; @@ -27424,7 +24140,7 @@ /* keep PKCS8 header */ idx = 0; ret = ToTraditionalInline_ex(der->buffer, &idx, der->length, &algId); - if (ret > 0) { + if (ret >= 0) { if (keyFormat) *keyFormat = (int)algId; } @@ -27573,7 +24289,7 @@ DerBuffer* der = *pDer; /* if a PKCS8 key header exists remove it */ ret = ToTraditional(der->buffer, der->length); - if (ret > 0) { + if (ret >= 0) { der->length = (word32)ret; } ret = 0; /* ignore error removing PKCS8 header */ @@ -27591,8 +24307,8 @@ if (userdata == NULL) return 0; - XSTRNCPY(passwd, (char*)userdata, (size_t)sz); - return (int)min((word32)sz, (word32)XSTRLEN((char*)userdata)); + XSTRLCPY(passwd, (char*)userdata, (size_t)sz); + return (int)min((word32)(sz - 1), (word32)XSTRLEN((char*)userdata)); } #endif @@ -27617,7 +24333,8 @@ XMEMSET(info, 0, sizeof(EncryptedInfo)); #ifdef WOLFSSL_ENCRYPTED_KEYS info->passwd_cb = KeyPemToDerPassCb; - info->passwd_userdata = (void*)pass; + /* if user passes readonly data, user must only access it readonly. */ + info->passwd_userdata = (void*)(wc_ptr_t)pass; #else (void)pass; #endif @@ -28085,78 +24802,12 @@ * minimum length (5 bytes). * @return MEMORY_E when dynamic memory allocation failed. */ +#ifdef WOLFSSL_ASN_TEMPLATE static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, int with_header) { -#ifndef WOLFSSL_ASN_TEMPLATE - int nSz, eSz; - word32 seqSz, algoSz = 0, headSz = 0, bitStringSz = 0, idx; - byte seq[MAX_SEQ_SZ]; - byte headSeq[MAX_SEQ_SZ]; - byte bitString[1 + MAX_LENGTH_SZ + 1]; - byte algo[MAX_ALGO_SZ]; /* 20 bytes */ - - if (key == NULL) { - return BAD_FUNC_ARG; - } - - nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL); - - if (nSz < 0) - return nSz; - - eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL); - - if (eSz < 0) - return eSz; - seqSz = SetSequence((word32)(nSz + eSz), seq); - - /* headers */ - if (with_header) { - algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0); - bitStringSz = SetBitString(seqSz + (word32)(nSz + eSz), 0, bitString); - headSz = SetSequence((word32)(nSz + eSz) + seqSz + bitStringSz + algoSz, - headSeq); - } - - /* if getting length only */ - if (output == NULL) { - return (int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz; - } - - /* check output size */ - if (((int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz) > outLen) { - return BUFFER_E; - } - - /* write output */ - idx = 0; - if (with_header) { - /* header size */ - XMEMCPY(output + idx, headSeq, headSz); - idx += headSz; - /* algo */ - XMEMCPY(output + idx, algo, algoSz); - idx += algoSz; - /* bit string */ - XMEMCPY(output + idx, bitString, bitStringSz); - idx += bitStringSz; - } - - /* seq */ - XMEMCPY(output + idx, seq, seqSz); - idx += seqSz; - /* n */ - nSz = SetASNIntMP(&key->n, nSz, output + idx); - idx += (word32)nSz; - /* e */ - eSz = SetASNIntMP(&key->e, eSz, output + idx); - idx += (word32)eSz; - - return (int)idx; -#else DECL_ASNSETDATA(dataASN, rsaPublicKeyASN_Length); - int sz = 0; + word32 sz = 0; int ret = 0; int o = 0; @@ -28165,7 +24816,8 @@ ret = BAD_FUNC_ARG; } - CALLOC_ASNSETDATA(dataASN, rsaPublicKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, rsaPublicKeyASN_Length, ret, key->heap); if (ret == 0) { if (!with_header) { @@ -28185,7 +24837,7 @@ (int)rsaPublicKeyASN_Length - o, &sz); } /* Check output buffer is big enough for encoding. */ - if ((ret == 0) && (output != NULL) && (sz > outLen)) { + if ((ret == 0) && (output != NULL) && (sz > (word32)outLen)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { @@ -28195,14 +24847,13 @@ } if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } - FREE_ASNSETDATA(dataASN, key->heap); + FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Calculate size of encoded public RSA key in bytes. * * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo @@ -28263,129 +24914,20 @@ * @return BAD_FUNC_ARG when key is NULL or not a private key. * @return MEMORY_E when dynamic memory allocation failed. */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret = 0, i; - int mpSz; - word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0; - byte seq[MAX_SEQ_SZ]; - byte ver[MAX_VERSION_SZ]; - mp_int* keyInt; -#ifndef WOLFSSL_NO_MALLOC - word32 rawLen; - byte* tmps[RSA_INTS]; - word32 sizes[RSA_INTS]; -#endif - - if (key == NULL) - return BAD_FUNC_ARG; - - if (key->type != RSA_PRIVATE) - return BAD_FUNC_ARG; - -#ifndef WOLFSSL_NO_MALLOC - for (i = 0; i < RSA_INTS; i++) - tmps[i] = NULL; -#endif - - /* write all big ints from key to DER tmps */ - for (i = 0; i < RSA_INTS; i++) { - keyInt = GetRsaInt(key, i); - ret = mp_unsigned_bin_size(keyInt); - if (ret < 0) - break; -#ifndef WOLFSSL_NO_MALLOC - rawLen = (word32)ret + 1; - ret = 0; - if (output != NULL) { - tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, - DYNAMIC_TYPE_RSA); - if (tmps[i] == NULL) { - ret = MEMORY_E; - break; - } - } - mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]); -#else - ret = 0; - mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, NULL); -#endif - if (mpSz < 0) { - ret = mpSz; - break; - } - #ifndef WOLFSSL_NO_MALLOC - sizes[i] = (word32)mpSz; - #endif - intTotalLen += (word32)mpSz; - } - - if (ret == 0) { - /* make headers */ - ret = SetMyVersion(0, ver, FALSE); - } - - if (ret >= 0) { - verSz = (word32)ret; - ret = 0; - seqSz = SetSequence(verSz + intTotalLen, seq); - outLen = seqSz + verSz + intTotalLen; - if (output != NULL && outLen > inLen) - ret = BUFFER_E; - } - if (ret == 0 && output != NULL) { - word32 j; - - /* write to output */ - XMEMCPY(output, seq, seqSz); - j = seqSz; - XMEMCPY(output + j, ver, verSz); - j += verSz; - - for (i = 0; i < RSA_INTS; i++) { -/* copy from tmps if we have malloc, otherwise re-export with buffer */ -#ifndef WOLFSSL_NO_MALLOC - XMEMCPY(output + j, tmps[i], sizes[i]); - j += sizes[i]; -#else - keyInt = GetRsaInt(key, i); - ret = mp_unsigned_bin_size(keyInt); - if (ret < 0) - break; - ret = 0; - /* This won't overrun output due to the outLen check above */ - mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, output + j); - if (mpSz < 0) { - ret = mpSz; - break; - } - j += mpSz; -#endif - } - } - -#ifndef WOLFSSL_NO_MALLOC - for (i = 0; i < RSA_INTS; i++) { - if (tmps[i]) - XFREE(tmps[i], key->heap, DYNAMIC_TYPE_RSA); - } -#endif - - if (ret == 0) - ret = (int)outLen; - return ret; -#else DECL_ASNSETDATA(dataASN, rsaKeyASN_Length); int i; - int sz = 0; + word32 sz = 0; int ret = 0; if ((key == NULL) || (key->type != RSA_PRIVATE)) { ret = BAD_FUNC_ARG; } - CALLOC_ASNSETDATA(dataASN, rsaKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, rsaKeyASN_Length, ret, key->heap); if (ret == 0) { /* Set the version. */ @@ -28399,7 +24941,7 @@ ret = SizeASN_Items(rsaKeyASN, dataASN, rsaKeyASN_Length, &sz); } /* Check output buffer has enough space for encoding. */ - if ((ret == 0) && (output != NULL) && (sz > (int)inLen)) { + if ((ret == 0) && (output != NULL) && (sz > inLen)) { ret = BAD_FUNC_ARG; } if ((ret == 0) && (output != NULL)) { @@ -28409,14 +24951,13 @@ if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } - FREE_ASNSETDATA(dataASN, key->heap); + FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */ #ifndef NO_CERTS @@ -28621,22 +25162,6 @@ #ifdef WOLFSSL_CERT_REQ -#ifndef WOLFSSL_ASN_TEMPLATE - -/* Write a set header to output */ -static word32 SetPrintableString(word32 len, byte* output) -{ - output[0] = ASN_PRINTABLE_STRING; - return SetLength(len, output + 1) + 1; -} - -static word32 SetUTF8String(word32 len, byte* output) -{ - output[0] = ASN_UTF8STRING; - return SetLength(len, output + 1) + 1; -} - -#endif #endif /* WOLFSSL_CERT_REQ */ @@ -28682,7 +25207,7 @@ ret = ParseCertRelative((DecodedCert*)cert->decodedCert, CERT_TYPE, 0, NULL, NULL); if (ret >= 0) { - cert->der = (byte*)der; + cert->der = der; } else { wc_SetCert_Free(cert); @@ -28733,28 +25258,6 @@ } #endif -#ifndef WOLFSSL_ASN_TEMPLATE - -/* Copy Dates from cert, return bytes written */ -static int CopyValidity(byte* output, Cert* cert) -{ - word32 seqSz; - - WOLFSSL_ENTER("CopyValidity"); - - /* headers and output */ - seqSz = SetSequence((word32)(cert->beforeDateSz + cert->afterDateSz), - output); - if (output) { - XMEMCPY(output + seqSz, cert->beforeDate, (size_t)cert->beforeDateSz); - XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, - (size_t)cert->afterDateSz); - } - return (int)seqSz + cert->beforeDateSz + cert->afterDateSz; -} - -#endif /* !WOLFSSL_ASN_TEMPLATE */ - /* Simple name OID size. */ #define NAME_OID_SZ 3 @@ -28904,306 +25407,8 @@ } } -#ifndef WOLFSSL_ASN_TEMPLATE -/* - Extensions ::= SEQUENCE OF Extension - - Extension ::= SEQUENCE { - extnId OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - */ - -/* encode all extensions, return total bytes written */ -static int SetExtensions(byte* out, word32 outSz, int *IdxInOut, - const byte* ext, int extSz) -{ - if (out == NULL || IdxInOut == NULL || ext == NULL) - return BAD_FUNC_ARG; - - if (outSz < (word32)(*IdxInOut+extSz)) - return BUFFER_E; - - XMEMCPY(&out[*IdxInOut], ext, (size_t)extSz); /* extensions */ - *IdxInOut += extSz; - - return *IdxInOut; -} - -/* encode extensions header, return total bytes written */ -static int SetExtensionsHeader(byte* out, word32 outSz, word32 extSz) -{ - byte sequence[MAX_SEQ_SZ]; - byte len[MAX_LENGTH_SZ]; - word32 seqSz, lenSz, idx = 0; - - if (out == NULL) - return BAD_FUNC_ARG; - - if (outSz < 3) - return BUFFER_E; - - seqSz = SetSequence(extSz, sequence); - - /* encode extensions length provided */ - lenSz = SetLength(extSz+seqSz, len); - - if (outSz < (word32)(lenSz+seqSz+1)) - return BUFFER_E; - - out[idx++] = ASN_EXTENSIONS; /* extensions id */ - XMEMCPY(&out[idx], len, lenSz); /* length */ - idx += lenSz; - - XMEMCPY(&out[idx], sequence, seqSz); /* sequence */ - idx += seqSz; - - return (int)idx; -} - - -/* encode CA basic constraints true with path length - * return total bytes written */ -static int SetCaWithPathLen(byte* out, word32 outSz, byte pathLen) -{ - /* ASN1->DER sequence for Basic Constraints True and path length */ - const byte caPathLenBasicConstASN1[] = { - 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, - 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, - 0x00 - }; - - if (out == NULL) - return BAD_FUNC_ARG; - - if (outSz < sizeof(caPathLenBasicConstASN1)) - return BUFFER_E; - - XMEMCPY(out, caPathLenBasicConstASN1, sizeof(caPathLenBasicConstASN1)); - - out[sizeof(caPathLenBasicConstASN1)-1] = pathLen; - - return (int)sizeof(caPathLenBasicConstASN1); -} - -/* encode CA basic constraints - * return total bytes written */ -static int SetCaEx(byte* out, word32 outSz, byte isCa) -{ - /* ASN1->DER sequence for Basic Constraints True */ - const byte caBasicConstASN1[] = { - 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, - 0x05, 0x30, 0x03, 0x01, 0x01, 0xff - }; - - if (out == NULL) - return BAD_FUNC_ARG; - - if (outSz < sizeof(caBasicConstASN1)) - return BUFFER_E; - - XMEMCPY(out, caBasicConstASN1, sizeof(caBasicConstASN1)); - - if (!isCa) { - out[sizeof(caBasicConstASN1)-1] = isCa; - } - - return (int)sizeof(caBasicConstASN1); -} - -/* encode CA basic constraints true - * return total bytes written */ -static int SetCa(byte* out, word32 outSz) -{ - return SetCaEx(out, outSz, 1); -} - -/* encode basic constraints without CA Boolean - * return total bytes written */ -static int SetBC(byte* out, word32 outSz) -{ - /* ASN1->DER sequence for Basic Constraint without CA Boolean */ - const byte BasicConstASN1[] = { - 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, - 0x02, 0x30, 0x00 - }; - - if (out == NULL) - return BAD_FUNC_ARG; - - if (outSz < sizeof(BasicConstASN1)) - return BUFFER_E; - - XMEMCPY(out, BasicConstASN1, sizeof(BasicConstASN1)); - - return (int)sizeof(BasicConstASN1); -} -#endif - #ifdef WOLFSSL_CERT_EXT -#ifndef WOLFSSL_ASN_TEMPLATE -/* encode OID and associated value, return total bytes written */ -static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz, - byte *in, word32 inSz) -{ - word32 idx = 0; - - if (out == NULL || oid == NULL || in == NULL) - return BAD_FUNC_ARG; - - if (outSz < 3) - return BUFFER_E; - - /* sequence, + 1 => byte to put value size */ - idx = SetSequence(inSz + oidSz + 1, out); - - if ((idx + inSz + oidSz + 1) > outSz) - return BUFFER_E; - - XMEMCPY(out+idx, oid, oidSz); - idx += oidSz; - out[idx++] = (byte)inSz; - XMEMCPY(out+idx, in, inSz); - - return (int)(idx+inSz); -} - -/* encode Subject Key Identifier, return total bytes written - * RFC5280 : non-critical */ -static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) -{ - byte skid_len[1 + MAX_LENGTH_SZ]; - byte skid_enc_len[MAX_LENGTH_SZ]; - word32 idx = 0, skid_lenSz, skid_enc_lenSz; - const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 }; - - if (output == NULL || input == NULL) - return BAD_FUNC_ARG; - - /* Octet String header */ - skid_lenSz = SetOctetString(length, skid_len); - - /* length of encoded value */ - skid_enc_lenSz = SetLength(length + skid_lenSz, skid_enc_len); - - if (outSz < 3) - return BUFFER_E; - - idx = SetSequence(length + (word32)sizeof(skid_oid) + skid_lenSz + - skid_enc_lenSz, output); - - if ((length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz) > outSz) - return BUFFER_E; - - /* put oid */ - XMEMCPY(output+idx, skid_oid, sizeof(skid_oid)); - idx += sizeof(skid_oid); - - /* put encoded len */ - XMEMCPY(output+idx, skid_enc_len, skid_enc_lenSz); - idx += skid_enc_lenSz; - - /* put octet header */ - XMEMCPY(output+idx, skid_len, skid_lenSz); - idx += skid_lenSz; - - /* put value */ - XMEMCPY(output+idx, input, length); - idx += length; - - return (int)idx; -} - -/* encode Authority Key Identifier, return total bytes written - * RFC5280 : non-critical */ -static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, - byte rawAkid) -{ - int enc_valSz; - byte enc_val_buf[MAX_KID_SZ]; - byte* enc_val; - const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; - const byte akid_cs[] = { 0x80 }; - word32 inSeqSz, idx; - - (void)rawAkid; - - if (output == NULL || input == NULL) - return BAD_FUNC_ARG; - -#ifdef WOLFSSL_AKID_NAME - if (rawAkid) { - enc_val = input; - enc_valSz = length; - } - else -#endif - { - enc_val = enc_val_buf; - enc_valSz = (int)length + 3 + (int)sizeof(akid_cs); - if (enc_valSz > (int)sizeof(enc_val_buf)) - return BAD_FUNC_ARG; - - /* sequence for ContentSpec & value */ - enc_valSz = SetOidValue(enc_val, (word32)enc_valSz, akid_cs, - sizeof(akid_cs), input, length); - if (enc_valSz <= 0) - return enc_valSz; - } - - /* The size of the extension sequence contents */ - inSeqSz = (word32)sizeof(akid_oid) + - SetOctetString((word32)enc_valSz, NULL) + (word32)enc_valSz; - - if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz) - return BAD_FUNC_ARG; - - /* Write out the sequence header */ - idx = SetSequence(inSeqSz, output); - - /* Write out OID */ - XMEMCPY(output + idx, akid_oid, sizeof(akid_oid)); - idx += sizeof(akid_oid); - - /* Write out AKID */ - idx += SetOctetString((word32)enc_valSz, output + idx); - XMEMCPY(output + idx, enc_val, (size_t)enc_valSz); - - return (int)idx + enc_valSz; -} - -/* encode Key Usage, return total bytes written - * RFC5280 : critical */ -static int SetKeyUsage(byte* output, word32 outSz, word16 input) -{ - byte ku[5]; - word32 idx; - const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f, - 0x01, 0x01, 0xff, 0x04}; - if (output == NULL) - return BAD_FUNC_ARG; - - idx = SetBitString16Bit(input, ku); - return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid), - ku, idx); -} - -static int SetOjectIdValue(byte* output, word32 outSz, word32* idx, - const byte* oid, word32 oidSz) -{ - /* verify room */ - if (*idx + 2 + oidSz >= outSz) - return ASN_PARSE_E; - - *idx += (word32)SetObjectId((int)oidSz, &output[*idx]); - XMEMCPY(&output[*idx], oid, oidSz); - *idx += oidSz; - - return 0; -} -#endif - #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for extended key usage. * X.509: RFC 5280, 4.2.12 - Extended Key Usage @@ -29236,85 +25441,9 @@ #endif /* WOLFSSL_ASN_TEMPLATE */ /* encode Extended Key Usage (RFC 5280 4.2.1.12), return total bytes written */ +#ifdef WOLFSSL_ASN_TEMPLATE static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0, oidListSz = 0, totalSz; - int ret = 0; - const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; - - if (output == NULL) - return BAD_FUNC_ARG; - - /* Skip to OID List */ - totalSz = 2 + sizeof(extkeyusage_oid) + 4; - idx = totalSz; - - /* Build OID List */ - /* If any set, then just use it */ - if (input & EXTKEYUSE_ANY) { - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageAnyOid, sizeof(extExtKeyUsageAnyOid)); - } - else { - if (input & EXTKEYUSE_SERVER_AUTH) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageServerAuthOid, sizeof(extExtKeyUsageServerAuthOid)); - if (input & EXTKEYUSE_CLIENT_AUTH) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageClientAuthOid, sizeof(extExtKeyUsageClientAuthOid)); - if (input & EXTKEYUSE_CODESIGN) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageCodeSigningOid, sizeof(extExtKeyUsageCodeSigningOid)); - if (input & EXTKEYUSE_EMAILPROT) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageEmailProtectOid, sizeof(extExtKeyUsageEmailProtectOid)); - if (input & EXTKEYUSE_TIMESTAMP) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageTimestampOid, sizeof(extExtKeyUsageTimestampOid)); - if (input & EXTKEYUSE_OCSP_SIGN) - ret |= SetOjectIdValue(output, outSz, &idx, - extExtKeyUsageOcspSignOid, sizeof(extExtKeyUsageOcspSignOid)); - #ifdef WOLFSSL_EKU_OID - /* iterate through OID values */ - if (input & EXTKEYUSE_USER) { - int i, sz; - for (i = 0; i < CTC_MAX_EKU_NB; i++) { - sz = cert->extKeyUsageOIDSz[i]; - if (sz > 0) { - ret |= SetOjectIdValue(output, outSz, &idx, - cert->extKeyUsageOID[i], sz); - } - } - } - #endif /* WOLFSSL_EKU_OID */ - } - if (ret != 0) - return ASN_PARSE_E; - - /* Calculate Sizes */ - oidListSz = idx - totalSz; - totalSz = idx - 2; /* exclude first seq/len (2) */ - - /* 1. Seq + Total Len (2) */ - idx = SetSequence(totalSz, output); - - /* 2. Object ID (2) */ - XMEMCPY(&output[idx], extkeyusage_oid, sizeof(extkeyusage_oid)); - idx += sizeof(extkeyusage_oid); - - /* 3. Octet String (2) */ - idx += SetOctetString(totalSz - idx, &output[idx]); - - /* 4. Seq + OidListLen (2) */ - idx += SetSequence(oidListSz, &output[idx]); - - /* 5. Oid List (already set in-place above) */ - idx += oidListSz; - - (void)cert; - return (int)idx; -#else /* TODO: consider calculating size of OBJECT_IDs, setting length into * SEQUENCE, encode SEQUENCE, encode OBJECT_IDs into buffer. */ ASNSetData* dataASN; @@ -29323,7 +25452,7 @@ size_t cnt = 1 + EKU_OID_HI; int i; int ret = 0; - int sz = 0; + word32 sz = 0; #ifdef WOLFSSL_EKU_OID cnt += CTC_MAX_EKU_NB; @@ -29399,7 +25528,7 @@ ret = SizeASN_Items(extKuASN, dataASN, asnIdx, &sz); } /* When buffer to write to, ensure it's big enough. */ - if ((ret == 0) && (output != NULL) && (sz > (int)outSz)) { + if ((ret == 0) && (output != NULL) && (sz > outSz)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { @@ -29408,7 +25537,7 @@ } if (ret == 0) { /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } /* Dispose of allocated data. */ @@ -29416,157 +25545,28 @@ XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifndef IGNORE_NETSCAPE_CERT_TYPE -#ifndef WOLFSSL_ASN_TEMPLATE -static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input) -{ - word32 idx; - byte unusedBits = 0; - byte nsCertType = input; - word32 totalSz; - word32 bitStrSz; - const byte nscerttype_oid[] = { 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, - 0x86, 0xF8, 0x42, 0x01, 0x01 }; - - if (cert == NULL || output == NULL || - input == 0) - return BAD_FUNC_ARG; - - totalSz = sizeof(nscerttype_oid); - - /* Get amount of lsb zero's */ - for (;(input & 1) == 0; input >>= 1) - unusedBits++; - - /* 1 byte of NS Cert Type extension */ - bitStrSz = SetBitString(1, unusedBits, NULL) + 1; - totalSz += SetOctetString(bitStrSz, NULL) + bitStrSz; - - if (SetSequence(totalSz, NULL) + totalSz > outSz) - return BAD_FUNC_ARG; - - /* 1. Seq + Total Len */ - idx = SetSequence(totalSz, output); - - /* 2. Object ID */ - XMEMCPY(&output[idx], nscerttype_oid, sizeof(nscerttype_oid)); - idx += sizeof(nscerttype_oid); - - /* 3. Octet String */ - idx += SetOctetString(bitStrSz, &output[idx]); - - /* 4. Bit String */ - idx += SetBitString(1, unusedBits, &output[idx]); - output[idx++] = nsCertType; - - return (int)idx; -} -#endif -#endif - -#ifndef WOLFSSL_ASN_TEMPLATE -static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input, - int inSz) -{ - word32 idx; - word32 totalSz; - const byte crlinfo_oid[] = { 0x06, 0x03, 0x55, 0x1D, 0x1F }; - - if (cert == NULL || output == NULL || - input == 0 || inSz <= 0) - return BAD_FUNC_ARG; - - totalSz = (word32)sizeof(crlinfo_oid) + SetOctetString((word32)inSz, NULL) + - (word32)inSz; - - if (SetSequence(totalSz, NULL) + totalSz > outSz) - return BAD_FUNC_ARG; - - /* 1. Seq + Total Len */ - idx = SetSequence(totalSz, output); - - /* 2. Object ID */ - XMEMCPY(&output[idx], crlinfo_oid, sizeof(crlinfo_oid)); - idx += sizeof(crlinfo_oid); - - /* 3. Octet String */ - idx += SetOctetString((word32)inSz, &output[idx]); - - /* 4. CRL Info */ - XMEMCPY(&output[idx], input, (size_t)inSz); - idx += (word32)inSz; - - return (int)idx; -} #endif /* encode Certificate Policies, return total bytes written * each input value must be ITU-T X.690 formatted : a.b.c... * input must be an array of values with a NULL terminated for the latest * RFC5280 : non-critical */ +#ifdef WOLFSSL_ASN_TEMPLATE static int SetCertificatePolicies(byte *output, word32 outputSz, char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ], word16 nb_certpol, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - byte oid[MAX_OID_SZ]; - byte der_oid[MAX_CERTPOL_NB][MAX_OID_SZ]; - byte out[MAX_CERTPOL_SZ]; - word32 oidSz; - word32 outSz; - word32 i = 0; - word32 der_oidSz[MAX_CERTPOL_NB]; - int ret; - - const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 }; - const byte oid_oid[] = { 0x06 }; - - if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB) - return BAD_FUNC_ARG; - - for (i = 0; i < nb_certpol; i++) { - oidSz = sizeof(oid); - XMEMSET(oid, 0, oidSz); - - ret = EncodePolicyOID(oid, &oidSz, input[i], heap); - if (ret != 0) - return ret; - - /* compute sequence value for the oid */ - ret = SetOidValue(der_oid[i], MAX_OID_SZ, oid_oid, - sizeof(oid_oid), oid, oidSz); - if (ret <= 0) - return ret; - else - der_oidSz[i] = (word32)ret; - } - - /* concatenate oid, keep two byte for sequence/size of the created value */ - for (i = 0, outSz = 2; i < nb_certpol; i++) { - XMEMCPY(out+outSz, der_oid[i], der_oidSz[i]); - outSz += der_oidSz[i]; - } - - /* add sequence */ - ret = (int)SetSequence(outSz-2, out); - if (ret <= 0) - return ret; - - /* add Policy OID to compute final value */ - return SetOidValue(output, outputSz, certpol_oid, sizeof(certpol_oid), - out, outSz); -#else int i; int ret = 0; byte oid[MAX_OID_SZ]; word32 oidSz; word32 sz = 0; - int piSz = 0; + word32 piSz = 0; if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) { ret = BAD_FUNC_ARG; @@ -29586,7 +25586,7 @@ ret = SizeASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, &piSz); } - if ((ret == 0) && (output != NULL) && (sz + (word32)piSz > outputSz)) { + if ((ret == 0) && (output != NULL) && (sz + piSz > outputSz)) { ret = BUFFER_E; } if (ret == 0) { @@ -29595,7 +25595,7 @@ output); output += piSz; } - sz += (word32)piSz; + sz += piSz; } } @@ -29603,65 +25603,13 @@ ret = (int)sz; } return ret; -#endif } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_ALT_NAMES -#ifndef WOLFSSL_ASN_TEMPLATE -/* encode Alternative Names, return total bytes written */ -static int SetAltNames(byte *output, word32 outSz, - const byte *input, word32 length, int critical) -{ - byte san_len[1 + MAX_LENGTH_SZ]; - const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; - const byte san_crit[] = { 0x01, 0x01, 0xff }; - word32 seqSz, san_lenSz, idx = 0; - - if (output == NULL || input == NULL) - return BAD_FUNC_ARG; - - if (outSz < length) - return BUFFER_E; - - /* Octet String header */ - san_lenSz = SetOctetString(length, san_len); - - if (outSz < MAX_SEQ_SZ) - return BUFFER_E; - - seqSz = length + (word32)sizeof(san_oid) + san_lenSz; - if (critical) - seqSz += sizeof(san_crit); - idx = SetSequence(seqSz, output); - - if (seqSz > outSz) - return BUFFER_E; - - /* put oid */ - XMEMCPY(output+idx, san_oid, sizeof(san_oid)); - idx += sizeof(san_oid); - - if (critical) { - XMEMCPY(output+idx, san_crit, sizeof(san_crit)); - idx += sizeof(san_crit); - } - - /* put octet header */ - XMEMCPY(output+idx, san_len, san_lenSz); - idx += san_lenSz; - - /* put value */ - XMEMCPY(output+idx, input, length); - idx += length; - - return (int)idx; -} -#endif /* WOLFSSL_ASN_TEMPLATE */ - - int FlattenAltNames(byte* output, word32 outputSz, const DNS_entry* names) { word32 idx; @@ -29679,13 +25627,17 @@ curName = names; do { - namesSz += (word32)curName->len + 2 + - ((curName->len < ASN_LONG_LENGTH) ? 0 - : BytePrecision((word32)curName->len)); + word32 nameSz = (word32)curName->len + 1 + + ASN_LEN_ENC_LEN(curName->len); + if (namesSz + nameSz < namesSz) + return BUFFER_E; + namesSz += nameSz; curName = curName->next; } while (curName != NULL); - if (outputSz < MAX_SEQ_SZ + namesSz) + if (outputSz < 1 + ASN_LEN_ENC_LEN(namesSz)) + return BUFFER_E; + if (outputSz - (1 + ASN_LEN_ENC_LEN(namesSz)) < namesSz) return BUFFER_E; idx = SetSequence(namesSz, output); @@ -29736,191 +25688,15 @@ * emailTag tag of email i.e CTC_UTF8 * returns length on success */ +#ifdef WOLFSSL_ASN_TEMPLATE static int EncodeName(EncodedName* name, const char* nameStr, byte nameTag, byte type, byte emailTag, CertName* cname) { -#if !defined(WOLFSSL_ASN_TEMPLATE) - word32 idx = 0; - /* bottom up */ - byte firstLen[1 + MAX_LENGTH_SZ]; - byte secondLen[MAX_LENGTH_SZ]; - byte sequence[MAX_SEQ_SZ]; - byte set[MAX_SET_SZ]; - - word32 strLen; - word32 thisLen; - word32 firstSz, secondSz, seqSz, setSz; - - if (nameStr == NULL) { - name->used = 0; - return 0; - } - - thisLen = strLen = (word32)XSTRLEN(nameStr); -#ifdef WOLFSSL_CUSTOM_OID - if (type == ASN_CUSTOM_NAME) { - if (cname == NULL || cname->custom.oidSz == 0) { - name->used = 0; - return 0; - } - thisLen = strLen = (word32)cname->custom.valSz; - } -#else - (void)cname; -#endif - - if (strLen == 0) { /* no user data for this item */ - name->used = 0; - return 0; - } - - /* Restrict country code size */ - if (type == ASN_COUNTRY_NAME && strLen != CTC_COUNTRY_SIZE) { - WOLFSSL_MSG("Country code size error"); - WOLFSSL_ERROR_VERBOSE(ASN_COUNTRY_SIZE_E); - return ASN_COUNTRY_SIZE_E; - } - - secondSz = SetLength(strLen, secondLen); - thisLen += secondSz; - switch (type) { - case ASN_EMAIL_NAME: /* email */ - thisLen += (int)sizeof(attrEmailOid); - firstSz = (int)sizeof(attrEmailOid); - break; - case ASN_DOMAIN_COMPONENT: - thisLen += (int)sizeof(dcOid); - firstSz = (int)sizeof(dcOid); - break; - case ASN_USER_ID: - thisLen += (int)sizeof(uidOid); - firstSz = (int)sizeof(uidOid); - break; - case ASN_RFC822_MAILBOX: - thisLen += (int)sizeof(rfc822Mlbx); - firstSz = (int)sizeof(rfc822Mlbx); - break; - case ASN_FAVOURITE_DRINK: - thisLen += (int)sizeof(fvrtDrk); - firstSz = (int)sizeof(fvrtDrk); - break; - #ifdef WOLFSSL_CUSTOM_OID - case ASN_CUSTOM_NAME: - thisLen += cname->custom.oidSz; - firstSz = cname->custom.oidSz; - break; - #endif - #ifdef WOLFSSL_CERT_REQ - case ASN_CONTENT_TYPE: - thisLen += (int)sizeof(attrPkcs9ContentTypeOid); - firstSz = (int)sizeof(attrPkcs9ContentTypeOid); - break; - #endif - default: - thisLen += DN_OID_SZ; - firstSz = DN_OID_SZ; - } - thisLen++; /* id type */ - firstSz = (word32)SetObjectId((int)firstSz, firstLen); - thisLen += firstSz; - - seqSz = SetSequence(thisLen, sequence); - thisLen += seqSz; - setSz = SetSet(thisLen, set); - thisLen += setSz; - - if (thisLen > (int)sizeof(name->encoded)) { - return BUFFER_E; - } - - /* store it */ - idx = 0; - /* set */ - XMEMCPY(name->encoded, set, setSz); - idx += setSz; - /* seq */ - XMEMCPY(name->encoded + idx, sequence, seqSz); - idx += seqSz; - /* asn object id */ - XMEMCPY(name->encoded + idx, firstLen, firstSz); - idx += firstSz; - switch (type) { - case ASN_EMAIL_NAME: - /* email joint id */ - XMEMCPY(name->encoded + idx, attrEmailOid, sizeof(attrEmailOid)); - idx += (int)sizeof(attrEmailOid); - name->encoded[idx++] = emailTag; - break; - case ASN_DOMAIN_COMPONENT: - XMEMCPY(name->encoded + idx, dcOid, sizeof(dcOid)-1); - idx += (int)sizeof(dcOid)-1; - /* id type */ - name->encoded[idx++] = type; - /* str type */ - name->encoded[idx++] = nameTag; - break; - case ASN_USER_ID: - XMEMCPY(name->encoded + idx, uidOid, sizeof(uidOid)); - idx += (int)sizeof(uidOid); - /* str type */ - name->encoded[idx++] = nameTag; - break; - case ASN_RFC822_MAILBOX: - XMEMCPY(name->encoded + idx, rfc822Mlbx, sizeof(rfc822Mlbx)); - idx += (int)sizeof(rfc822Mlbx); - /* str type */ - name->encoded[idx++] = nameTag; - break; - case ASN_FAVOURITE_DRINK: - XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk)); - idx += (int)sizeof(fvrtDrk); - /* str type */ - name->encoded[idx++] = nameTag; - break; - #ifdef WOLFSSL_CUSTOM_OID - case ASN_CUSTOM_NAME: - XMEMCPY(name->encoded + idx, cname->custom.oid, - cname->custom.oidSz); - idx += cname->custom.oidSz; - /* str type */ - name->encoded[idx++] = nameTag; - break; - #endif - #ifdef WOLFSSL_CERT_REQ - case ASN_CONTENT_TYPE: - XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid, - sizeof(attrPkcs9ContentTypeOid)); - idx += (int)sizeof(attrPkcs9ContentTypeOid); - /* str type */ - name->encoded[idx++] = nameTag; - break; - #endif - default: - name->encoded[idx++] = 0x55; - name->encoded[idx++] = 0x04; - /* id type */ - name->encoded[idx++] = type; - /* str type */ - name->encoded[idx++] = nameTag; - } - /* second length */ - XMEMCPY(name->encoded + idx, secondLen, secondSz); - idx += secondSz; - /* str value */ - XMEMCPY(name->encoded + idx, nameStr, strLen); - idx += strLen; - - name->type = type; - name->totalLen = (int)idx; - name->used = 1; - - return (int)idx; -#else DECL_ASNSETDATA(dataASN, rdnASN_Length); ASNItem namesASN[rdnASN_Length]; byte dnOid[DN_OID_SZ] = { 0x55, 0x04, 0x00 }; int ret = 0; - int sz = 0; + word32 sz = 0; const byte* oid; word32 oidSz = 0; word32 nameSz = 0; @@ -30006,7 +25782,8 @@ /* Set OID corresponding to the name type. */ SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_TYPE], oid, oidSz); /* Set name string. */ - SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_VAL], (const byte *)nameStr, nameSz); + SetASN_Buffer(&dataASN[RDNASN_IDX_ATTR_VAL], (const byte *)nameStr, + nameSz); /* Set the ASN.1 tag for the name string. */ namesASN[RDNASN_IDX_ATTR_VAL].tag = nameTag; @@ -30014,7 +25791,7 @@ ret = SizeASN_Items(namesASN, dataASN, rdnASN_Length, &sz); } /* Check if name's buffer is big enough. */ - if ((ret == 0) && (sz > (int)sizeof(name->encoded))) { + if ((ret == 0) && (sz > (word32)sizeof(name->encoded))) { ret = BUFFER_E; } if (ret == 0) { @@ -30022,19 +25799,18 @@ SetASN_Items(namesASN, dataASN, rdnASN_Length, name->encoded); /* Cache the type and size, and set that it is used. */ name->type = type; - name->totalLen = sz; + name->totalLen = (int)sz; name->used = 1; /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } (void)cname; FREE_ASNSETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* canonical encoding one attribute of the name (issuer/subject) * call EncodeName with CTC_UTF8 for email type * @@ -30361,108 +26137,16 @@ #endif /* encode CertName into output, return total bytes written */ +#ifdef WOLFSSL_ASN_TEMPLATE int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - int i; - word32 idx, totalBytes = 0; - WC_DECLARE_VAR(names, EncodedName, NAME_ENTRIES, 0); -#ifdef WOLFSSL_MULTI_ATTRIB - EncodedName addNames[CTC_MAX_ATTRIB]; - int j, type; -#endif - - if (output == NULL || name == NULL) - return BAD_FUNC_ARG; - - if (outputSz < 3) - return BUFFER_E; - - WC_ALLOC_VAR_EX(names, EncodedName, NAME_ENTRIES, NULL, - DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); - - for (i = 0; i < NAME_ENTRIES; i++) { - const char* nameStr = GetOneCertName(name, i); - - ret = EncodeName(&names[i], nameStr, (byte)GetNameType(name, i), - GetCertNameId(i), ASN_IA5_STRING, name); - if (ret < 0) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("EncodeName failed"); - return BUFFER_E; - } - totalBytes += (word32)ret; - } -#ifdef WOLFSSL_MULTI_ATTRIB - for (i = 0; i < CTC_MAX_ATTRIB; i++) { - if (name->name[i].sz > 0) { - ret = EncodeName(&addNames[i], name->name[i].value, - (byte)name->name[i].type, (byte)name->name[i].id, - ASN_IA5_STRING, NULL); - if (ret < 0) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("EncodeName on multiple attributes failed"); - return BUFFER_E; - } - totalBytes += (word32)ret; - } - else { - addNames[i].used = 0; - } - } -#endif /* WOLFSSL_MULTI_ATTRIB */ - - /* header */ - idx = SetSequence(totalBytes, output); - totalBytes += idx; - if (totalBytes > WC_ASN_NAME_MAX) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("Total Bytes is greater than WC_ASN_NAME_MAX"); - return BUFFER_E; - } - - for (i = 0; i < NAME_ENTRIES; i++) { - #ifdef WOLFSSL_MULTI_ATTRIB - type = GetCertNameId(i); - for (j = 0; j < CTC_MAX_ATTRIB; j++) { - if (name->name[j].sz > 0 && type == name->name[j].id) { - if (outputSz < idx + (word32)addNames[j].totalLen) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - WOLFSSL_MSG("Not enough space left for DC value"); - return BUFFER_E; - } - - XMEMCPY(output + idx, addNames[j].encoded, - (size_t)addNames[j].totalLen); - idx += (word32)addNames[j].totalLen; - } - } - #endif /* WOLFSSL_MULTI_ATTRIB */ - - if (names[i].used) { - if (outputSz < idx + (word32)names[i].totalLen) { - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return BUFFER_E; - } - - XMEMCPY(output + idx, names[i].encoded, (size_t)names[i].totalLen); - idx += (word32)names[i].totalLen; - } - } - - WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); - (void)heap; - - return (int)totalBytes; -#else /* TODO: consider calculating size of entries, putting length into * SEQUENCE, encode SEQUENCE, encode entries into buffer. */ ASNSetData* dataASN = NULL; /* Can't use DECL_ASNSETDATA. Always dynamic. */ ASNItem* namesASN = NULL; word32 items = 0; int ret = 0; - int sz = 0; + word32 sz = 0; /* Calculate length of name entries and size for allocating. */ ret = SetNameRdnItems(NULL, NULL, 0, name); @@ -30512,7 +26196,7 @@ ret = SizeASN_Items(namesASN, dataASN, (int)items, &sz); } /* Check buffer size if passed in. */ - if (ret == 0 && output != NULL && sz > (int)outputSz) { + if (ret == 0 && output != NULL && sz > outputSz) { ret = BUFFER_E; } if (ret == 0) { @@ -30522,7 +26206,7 @@ } else { /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } } @@ -30530,8 +26214,8 @@ XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; return ret; -#endif } +#endif /* WOLFSSL_ASN_TEMPLATE */ int SetName(byte* output, word32 outputSz, CertName* name) { return SetNameEx(output, outputSz, name, NULL); @@ -30786,7 +26470,10 @@ int forRequest) { DECL_ASNSETDATA(dataASN, certExtsASN_Length); - int sz = 0; +#ifdef WOLFSSL_CERT_EXT + int dataSz = 0; +#endif + word32 sz = 0; int ret = 0; int i = 0; static const byte bcOID[] = { 0x55, 0x1d, 0x13 }; @@ -30983,15 +26670,15 @@ #ifdef WOLFSSL_CERT_EXT if (cert->extKeyUsage != 0) { /* Calculate size of Extended Key Usage data. */ - sz = SetExtKeyUsage(cert, NULL, 0, cert->extKeyUsage); - if (sz <= 0) { + dataSz = SetExtKeyUsage(cert, NULL, 0, cert->extKeyUsage); + if (dataSz <= 0) { ret = KEYUSAGE_E; } /* Set Extended Key Usage OID and data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_OID], ekuOID, sizeof(ekuOID)); SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_EKU_STR], - NULL, (word32)sz); + NULL, (word32)dataSz); } else #endif @@ -31004,15 +26691,15 @@ #ifdef WOLFSSL_CERT_EXT if ((!forRequest) && (cert->certPoliciesNb > 0)) { /* Calculate size of certificate policies. */ - sz = SetCertificatePolicies(NULL, 0, cert->certPolicies, + dataSz = SetCertificatePolicies(NULL, 0, cert->certPolicies, cert->certPoliciesNb, cert->heap); - if (sz > 0) { + if (dataSz > 0) { /* Set Certificate Policies OID. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_POLICIES_OID], cpOID, sizeof(cpOID)); /* Make space for data. */ SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_POLICIES_INFO], - NULL, (word32)sz); + NULL, (word32)dataSz); } else { ret = CERTPOLICIES_E; @@ -31175,7 +26862,7 @@ sz = 0; } /* Check buffer is big enough. */ - else if ((output != NULL) && (sz > (int)maxSz)) { + else if ((output != NULL) && (sz > maxSz)) { ret = BUFFER_E; } } @@ -31187,8 +26874,11 @@ #ifdef WOLFSSL_CERT_EXT if (cert->extKeyUsage != 0){ /* Encode Extended Key Usage into space provided. */ - if (SetExtKeyUsage(cert, - (byte*)dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.data, + /* safe cast -- the pointer is actually inside the output buffer. */ + if (SetExtKeyUsage( + cert, + (byte*)(wc_ptr_t) + dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.data, dataASN[CERTEXTSASN_IDX_EKU_STR].data.buffer.length, cert->extKeyUsage) <= 0) { ret = KEYUSAGE_E; @@ -31196,8 +26886,10 @@ } if ((!forRequest) && (cert->certPoliciesNb > 0)) { /* Encode Certificate Policies into space provided. */ + /* safe cast -- the pointer is actually inside the output buffer. */ if (SetCertificatePolicies( - (byte*)dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.data, + (byte*)(wc_ptr_t) + dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.data, dataASN[CERTEXTSASN_IDX_POLICIES_INFO].data.buffer.length, cert->certPolicies, cert->certPoliciesNb, cert->heap) <= 0) { ret = CERTPOLICIES_E; @@ -31207,7 +26899,7 @@ } if (ret == 0) { /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, cert->heap); @@ -31222,90 +26914,7 @@ } #endif /* WOLFSSL_ASN_TEMPLATE */ -#ifndef WOLFSSL_ASN_TEMPLATE -/* Set Date validity from now until now + daysValid - * return size in bytes written to output, 0 on error */ -/* TODO https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5 - * "MUST always encode certificate validity dates through the year 2049 as - * UTCTime; certificate validity dates in 2050 or later MUST be encoded as - * GeneralizedTime." */ -static int SetValidity(byte* output, int daysValid) -{ -#ifndef NO_ASN_TIME - byte before[MAX_DATE_SIZE]; - byte after[MAX_DATE_SIZE]; - - word32 beforeSz, afterSz, seqSz; - - time_t now; - time_t then; - struct tm* tmpTime; - struct tm* expandedTime; - struct tm localTime; - -#if defined(NEED_TMP_TIME) - /* for use with gmtime_r */ - struct tm tmpTimeStorage; - tmpTime = &tmpTimeStorage; -#else - tmpTime = NULL; -#endif - (void)tmpTime; - - now = wc_Time(0); - - /* before now */ - before[0] = ASN_GENERALIZED_TIME; - beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ - - /* subtract 1 day of seconds for more compliance */ - then = now - 86400; - expandedTime = XGMTIME(&then, tmpTime); - if (ValidateGmtime(expandedTime)) { - WOLFSSL_MSG("XGMTIME failed"); - return 0; /* error */ - } - localTime = *expandedTime; - - /* adjust */ - localTime.tm_year += 1900; - localTime.tm_mon += 1; - - SetTime(&localTime, before + beforeSz); - beforeSz += ASN_GEN_TIME_SZ; - - after[0] = ASN_GENERALIZED_TIME; - afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ - - /* add daysValid of seconds */ - then = now + (daysValid * (time_t)86400); - expandedTime = XGMTIME(&then, tmpTime); - if (ValidateGmtime(expandedTime)) { - WOLFSSL_MSG("XGMTIME failed"); - return 0; /* error */ - } - localTime = *expandedTime; - - /* adjust */ - localTime.tm_year += 1900; - localTime.tm_mon += 1; - - SetTime(&localTime, after + afterSz); - afterSz += ASN_GEN_TIME_SZ; - - /* headers and output */ - seqSz = SetSequence(beforeSz + afterSz, output); - XMEMCPY(output + seqSz, before, beforeSz); - XMEMCPY(output + seqSz + beforeSz, after, afterSz); - - return (int)(seqSz + beforeSz + afterSz); -#else - (void)output; - (void)daysValid; - return NOT_COMPILED_IN; -#endif -} -#else +#ifdef WOLFSSL_ASN_TEMPLATE static int SetValidity(byte* before, byte* after, int daysValid) { #ifndef NO_ASN_TIME @@ -31371,559 +26980,121 @@ #endif /* WOLFSSL_ASN_TEMPLATE */ -#ifndef WOLFSSL_ASN_TEMPLATE -/* encode info from cert into DER encoded format */ -static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, - WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key, - ed448_key* ed448Key, falcon_key* falconKey, - dilithium_key* dilithiumKey, sphincs_key* sphincsKey) -{ - int ret; - - if (cert == NULL || der == NULL || rng == NULL) - return BAD_FUNC_ARG; - - /* make sure at least one key type is provided */ - if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && - dsaKey == NULL && ed448Key == NULL && falconKey == NULL && - dilithiumKey == NULL && sphincsKey == NULL) { - return PUBLIC_KEY_E; - } - - /* init */ - XMEMSET(der, 0, sizeof(DerCert)); - - /* version */ - der->versionSz = SetMyVersion((word32)cert->version, der->version, TRUE); - - /* serial number (must be positive) */ - if (cert->serialSz == 0) { - /* generate random serial */ - cert->serialSz = CTC_GEN_SERIAL_SZ; - ret = wc_RNG_GenerateBlock(rng, cert->serial, (word32)cert->serialSz); - if (ret != 0) - return ret; - /* Clear the top bit to avoid a negative value */ - cert->serial[0] &= 0x7f; - } - der->serialSz = SetSerialNumber(cert->serial, (word32)cert->serialSz, - der->serial, sizeof(der->serial), - CTC_SERIAL_SIZE); - if (der->serialSz < 0) - return der->serialSz; - - /* signature algo */ - der->sigAlgoSz = (int)SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); - if (der->sigAlgoSz <= 0) - return ALGO_ID_E; - - /* public key */ -#ifndef NO_RSA - if (cert->keyType == RSA_KEY) { - if (rsaKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, - sizeof(der->publicKey), 1); - } -#endif - -#ifdef HAVE_ECC - if (cert->keyType == ECC_KEY) { - if (eccKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, - sizeof(der->publicKey), 1, 0); - } -#endif - -#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) - if (cert->keyType == DSA_KEY) { - if (dsaKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, - sizeof(der->publicKey), 1); - } -#endif - -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - if (cert->keyType == ED25519_KEY) { - if (ed25519Key == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif - -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - if (cert->keyType == ED448_KEY) { - if (ed448Key == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif - -#if defined(HAVE_FALCON) - if ((cert->keyType == FALCON_LEVEL1_KEY) || - (cert->keyType == FALCON_LEVEL5_KEY)) { - if (falconKey == NULL) - return PUBLIC_KEY_E; - - der->publicKeySz = - wc_Falcon_PublicKeyToDer(falconKey, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif /* HAVE_FALCON */ -#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == ML_DSA_LEVEL2_KEY) || - (cert->keyType == ML_DSA_LEVEL3_KEY) || - (cert->keyType == ML_DSA_LEVEL5_KEY) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - || (cert->keyType == DILITHIUM_LEVEL2_KEY) - || (cert->keyType == DILITHIUM_LEVEL3_KEY) - || (cert->keyType == DILITHIUM_LEVEL5_KEY) - #endif - ) { - if (dilithiumKey == NULL) - return PUBLIC_KEY_E; - - der->publicKeySz = - wc_Dilithium_PublicKeyToDer(dilithiumKey, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif /* HAVE_DILITHIUM */ -#if defined(HAVE_SPHINCS) - if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) || - (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) || - (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) { - if (sphincsKey == NULL) - return PUBLIC_KEY_E; - - der->publicKeySz = - wc_Sphincs_PublicKeyToDer(sphincsKey, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif /* HAVE_SPHINCS */ - - if (der->publicKeySz <= 0) - return PUBLIC_KEY_E; - der->validitySz = 0; - /* copy date validity if already set in cert struct */ - if (cert->beforeDateSz && cert->afterDateSz) { - der->validitySz = CopyValidity(der->validity, cert); - if (der->validitySz <= 0) - return DATE_E; - } - - /* set date validity using daysValid if not set already */ - if (der->validitySz == 0) { - der->validitySz = SetValidity(der->validity, cert->daysValid); - if (der->validitySz <= 0) - return DATE_E; - } - - /* subject name */ -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) - if (XSTRLEN((const char*)cert->sbjRaw) > 0) { - /* Use the raw subject */ - word32 idx; - - der->subjectSz = (int)min((word32)sizeof(der->subject), - (word32)XSTRLEN((const char*)cert->sbjRaw)); - /* header */ - idx = SetSequence((word32)der->subjectSz, der->subject); - if ((word32)der->subjectSz + idx > (word32)sizeof(der->subject)) { - return SUBJECT_E; +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ) +/* Forward declaration for internal use */ +static int MakeSignatureCb(CertSignCtx* certSignCtx, const byte* buf, + word32 sz, byte* sig, word32 sigSz, int sigAlgoType, int keyType, + wc_SignCertCb signCb, void* signCtx, WC_RNG* rng, void* heap); + +/* Internal context for default signing operations (when no callback provided) */ +typedef struct { + void* key; + int keyType; + WC_RNG* rng; +} InternalSignCtx; + +/* Internal signing callback that uses wolfCrypt APIs + * This is used by MakeSignature to delegate to MakeSignatureCb internally */ +static int InternalSignCb(const byte* in, word32 inLen, + byte* out, word32* outLen, int sigAlgo, int keyType, void* ctx) +{ + InternalSignCtx* signCtx = (InternalSignCtx*)ctx; + int ret = WC_NO_ERR_TRACE(ALGO_ID_E); + + (void)sigAlgo; /* Algorithm determined by key type */ + +#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + if (keyType == RSA_TYPE && signCtx->key) { + /* For RSA, input is already encoded digest */ + ret = wc_RsaSSL_Sign(in, inLen, out, *outLen, + (RsaKey*)signCtx->key, signCtx->rng); + if (ret > 0) { + *outLen = (word32)ret; + ret = 0; } - - XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, - (size_t)der->subjectSz); - der->subjectSz += (int)idx; } else -#endif - { - /* Use the name structure */ - der->subjectSz = SetNameEx(der->subject, sizeof(der->subject), - &cert->subject, cert->heap); - } - if (der->subjectSz <= 0) - return SUBJECT_E; - - /* issuer name */ -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) - if (XSTRLEN((const char*)cert->issRaw) > 0) { - /* Use the raw issuer */ - word32 idx; - - der->issuerSz = (int)min((word32)sizeof(der->issuer), - (word32)XSTRLEN((const char*)cert->issRaw)); - - /* header */ - idx = SetSequence((word32)der->issuerSz, der->issuer); - if ((word32)der->issuerSz + idx > (word32)sizeof(der->issuer)) { - return ISSUER_E; - } - - XMEMCPY((char*)der->issuer + idx, (const char*)cert->issRaw, - (size_t)der->issuerSz); - der->issuerSz += (int)idx; +#endif /* !NO_RSA && !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ +#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) + if (keyType == ECC_TYPE && signCtx->key) { + /* For ECC, input is the raw hash */ + ret = wc_ecc_sign_hash(in, inLen, out, outLen, + signCtx->rng, (ecc_key*)signCtx->key); } else -#endif - { - /* Use the name structure */ - der->issuerSz = SetNameEx(der->issuer, sizeof(der->issuer), - cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap); - } - if (der->issuerSz <= 0) - return ISSUER_E; - - /* set the extensions */ - der->extensionsSz = 0; - - /* RFC 5280 : 4.2.1.9. Basic Constraints - * The pathLenConstraint field is meaningful only if the CA boolean is - * asserted and the key usage extension, if present, asserts the - * keyCertSign bit */ - /* Set CA and path length */ - if ((cert->isCA) && (cert->pathLenSet) -#ifdef WOLFSSL_CERT_EXT - && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage)) -#endif - ) { - der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen); - if (der->caSz <= 0) - return CA_TRUE_E; - - der->extensionsSz += der->caSz; - } -#ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - /* Set CA */ - else if (cert->isCaSet) { - der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA); - if (der->caSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->caSz; - } -#endif - /* Set CA true */ - else if (cert->isCA) { - der->caSz = SetCa(der->ca, sizeof(der->ca)); - if (der->caSz <= 0) - return CA_TRUE_E; - - der->extensionsSz += der->caSz; - } - /* Set Basic Constraint */ - else if (cert->basicConstSet) { - der->caSz = SetBC(der->ca, sizeof(der->ca)); - if (der->caSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->caSz; +#endif /* HAVE_ECC && HAVE_ECC_SIGN */ +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) + if (keyType == ED25519_TYPE && signCtx->key) { + /* Ed25519 signs messages, not hashes - cannot use callback path */ + ret = SIG_TYPE_E; } else - der->caSz = 0; - -#ifdef WOLFSSL_ALT_NAMES - /* Alternative Name */ - if (cert->altNamesSz) { - der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), - cert->altNames, (word32)cert->altNamesSz, - cert->altNamesCrit); - if (der->altNamesSz <= 0) - return ALT_NAME_E; - - der->extensionsSz += der->altNamesSz; +#endif /* HAVE_ED25519 && HAVE_ED25519_SIGN */ +#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) + if (keyType == ED448_TYPE && signCtx->key) { + /* Ed448 signs messages, not hashes - cannot use callback path */ + ret = SIG_TYPE_E; } else - der->altNamesSz = 0; -#endif - -#ifdef WOLFSSL_CERT_EXT - /* SKID */ - if (cert->skidSz) { - /* check the provided SKID size */ - if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid))) - return SKID_E; - - /* Note: different skid buffers sizes for der (MAX_KID_SZ) and - cert (CTC_MAX_SKID_SIZE). */ - der->skidSz = SetSKID(der->skid, sizeof(der->skid), - cert->skid, (word32)cert->skidSz); - if (der->skidSz <= 0) - return SKID_E; - - der->extensionsSz += der->skidSz; - } - else - der->skidSz = 0; - - /* AKID */ - if (cert->akidSz) { - /* check the provided AKID size */ - if (( -#ifdef WOLFSSL_AKID_NAME - !cert->rawAkid && -#endif - cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) -#ifdef WOLFSSL_AKID_NAME - || (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid)) -#endif - ) - return AKID_E; - - der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, - (word32)cert->akidSz, -#ifdef WOLFSSL_AKID_NAME - cert->rawAkid -#else - 0 -#endif - ); - if (der->akidSz <= 0) - return AKID_E; - - der->extensionsSz += der->akidSz; - } - else - der->akidSz = 0; - - /* Key Usage */ - if (cert->keyUsage != 0){ - der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), - cert->keyUsage); - if (der->keyUsageSz <= 0) - return KEYUSAGE_E; - - der->extensionsSz += der->keyUsageSz; - } - else - der->keyUsageSz = 0; - - /* Extended Key Usage */ - if (cert->extKeyUsage != 0){ - der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage, - sizeof(der->extKeyUsage), cert->extKeyUsage); - if (der->extKeyUsageSz <= 0) - return EXTKEYUSAGE_E; - - der->extensionsSz += der->extKeyUsageSz; - } - else - der->extKeyUsageSz = 0; - -#ifndef IGNORE_NETSCAPE_CERT_TYPE - /* Netscape Certificate Type */ - if (cert->nsCertType != 0) { - der->nsCertTypeSz = SetNsCertType(cert, der->nsCertType, - sizeof(der->nsCertType), cert->nsCertType); - if (der->nsCertTypeSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->nsCertTypeSz; +#endif /* HAVE_ED448 && HAVE_ED448_SIGN */ +#if defined(HAVE_FALCON) + if ((keyType == FALCON_LEVEL1_TYPE || keyType == FALCON_LEVEL5_TYPE) && + signCtx->key) { + /* Falcon signs messages, not hashes - cannot use callback path */ + ret = SIG_TYPE_E; } else - der->nsCertTypeSz = 0; -#endif - - if (cert->crlInfoSz > 0) { - der->crlInfoSz = SetCRLInfo(cert, der->crlInfo, sizeof(der->crlInfo), - cert->crlInfo, cert->crlInfoSz); - if (der->crlInfoSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->crlInfoSz; +#endif /* HAVE_FALCON */ +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) + if ((keyType == DILITHIUM_LEVEL2_TYPE || keyType == DILITHIUM_LEVEL3_TYPE || + keyType == DILITHIUM_LEVEL5_TYPE) && signCtx->key) { + /* Dilithium signs messages, not hashes - cannot use callback path */ + ret = SIG_TYPE_E; } else - der->crlInfoSz = 0; - - /* Certificate Policies */ - if (cert->certPoliciesNb != 0) { - der->certPoliciesSz = SetCertificatePolicies(der->certPolicies, - sizeof(der->certPolicies), - cert->certPolicies, - cert->certPoliciesNb, - cert->heap); - if (der->certPoliciesSz <= 0) - return CERTPOLICIES_E; - - der->extensionsSz += der->certPoliciesSz; +#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */ +#if defined(HAVE_SPHINCS) + if ((keyType == SPHINCS_FAST_LEVEL1_TYPE || keyType == SPHINCS_FAST_LEVEL3_TYPE || + keyType == SPHINCS_FAST_LEVEL5_TYPE || keyType == SPHINCS_SMALL_LEVEL1_TYPE || + keyType == SPHINCS_SMALL_LEVEL3_TYPE || keyType == SPHINCS_SMALL_LEVEL5_TYPE) && + signCtx->key) { + /* Sphincs signs messages, not hashes - cannot use callback path */ + ret = SIG_TYPE_E; } else - der->certPoliciesSz = 0; -#endif /* WOLFSSL_CERT_EXT */ - - /* put extensions */ - if (der->extensionsSz > 0) { - - /* put the start of extensions sequence (ID, Size) */ - der->extensionsSz = SetExtensionsHeader(der->extensions, - sizeof(der->extensions), - (word32)der->extensionsSz); - if (der->extensionsSz <= 0) - return EXTENSIONS_E; - - /* put CA */ - if (der->caSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->ca, der->caSz); - if (ret == 0) - return EXTENSIONS_E; - } - -#ifdef WOLFSSL_ALT_NAMES - /* put Alternative Names */ - if (der->altNamesSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->altNames, der->altNamesSz); - if (ret <= 0) - return EXTENSIONS_E; - } -#endif - -#ifdef WOLFSSL_CERT_EXT - /* put SKID */ - if (der->skidSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->skid, der->skidSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put AKID */ - if (der->akidSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->akid, der->akidSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put CRL Distribution Points */ - if (der->crlInfoSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->crlInfo, der->crlInfoSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put KeyUsage */ - if (der->keyUsageSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->keyUsage, der->keyUsageSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put ExtendedKeyUsage */ - if (der->extKeyUsageSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->extKeyUsage, der->extKeyUsageSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put Netscape Cert Type */ -#ifndef IGNORE_NETSCAPE_CERT_TYPE - if (der->nsCertTypeSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->nsCertType, der->nsCertTypeSz); - if (ret <= 0) - return EXTENSIONS_E; - } -#endif - - /* put Certificate Policies */ - if (der->certPoliciesSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->certPolicies, der->certPoliciesSz); - if (ret <= 0) - return EXTENSIONS_E; - } -#endif /* WOLFSSL_CERT_EXT */ - } - - der->total = der->versionSz + der->serialSz + der->sigAlgoSz + - der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz + - der->extensionsSz; - - return 0; -} - - -/* write DER encoded cert to buffer, size already checked */ -static int WriteCertBody(DerCert* der, byte* buf) -{ - word32 idx; - - /* signed part header */ - idx = SetSequence((word32)der->total, buf); - /* version */ - XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); - idx += (word32)der->versionSz; - /* serial */ - XMEMCPY(buf + idx, der->serial, (size_t)der->serialSz); - idx += (word32)der->serialSz; - /* sig algo */ - XMEMCPY(buf + idx, der->sigAlgo, (size_t)der->sigAlgoSz); - idx += (word32)der->sigAlgoSz; - /* issuer */ - XMEMCPY(buf + idx, der->issuer, (size_t)der->issuerSz); - idx += (word32)der->issuerSz; - /* validity */ - XMEMCPY(buf + idx, der->validity, (size_t)der->validitySz); - idx += (word32)der->validitySz; - /* subject */ - XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); - idx += (word32)der->subjectSz; - /* public key */ - XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); - idx += (word32)der->publicKeySz; - if (der->extensionsSz) { - /* extensions */ - XMEMCPY(buf + idx, der->extensions, - min((word32)der->extensionsSz, - (word32)sizeof(der->extensions))); - idx += (word32)der->extensionsSz; +#endif /* HAVE_SPHINCS */ + { + /* Unhandled key type */ + (void)in; + (void)inLen; + (void)out; + (void)outLen; + (void)keyType; + (void)signCtx; } - return (int)idx; + return ret; } -#endif /* !WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ */ -/* Make signature from buffer (sz), write to sig (sigSz) */ +/* Make signature from buffer (sz), write to sig (sigSz) + * This function now uses MakeSignatureCb internally for RSA and ECC, + * eliminating code duplication. Ed25519, Ed448, and post-quantum algorithms + * still use direct signing since they sign messages, not hashes. */ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, byte* sig, word32 sigSz, RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey, WC_RNG* rng, word32 sigAlgoType, void* heap) { - int digestSz = 0, typeH = 0, ret = 0; + int ret = 0; - (void)digestSz; - (void)typeH; (void)buf; (void)sz; (void)sig; (void)sigSz; - (void)rsaKey; - (void)eccKey; (void)ed25519Key; (void)ed448Key; (void)falconKey; @@ -31932,161 +27103,100 @@ (void)rng; (void)heap; - switch (certSignCtx->state) { - case CERTSIGN_STATE_BEGIN: - case CERTSIGN_STATE_DIGEST: + /* For RSA and ECC, use the callback path to eliminate duplication */ +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)) + if (rsaKey || eccKey) { + InternalSignCtx signCtx; + + /* Setup internal signing context */ + XMEMSET(&signCtx, 0, sizeof(signCtx)); + signCtx.rng = rng; - certSignCtx->state = CERTSIGN_STATE_DIGEST; - #ifndef WOLFSSL_NO_MALLOC - certSignCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (certSignCtx->digest == NULL) { - ret = MEMORY_E; goto exit_ms; - } - #endif - - ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest, - &typeH, &digestSz, 0, NULL, - INVALID_DEVID); - /* set next state, since WC_PENDING_E rentry for these are not "call again" */ - certSignCtx->state = CERTSIGN_STATE_ENCODE; - if (ret != 0) { - goto exit_ms; - } - FALL_THROUGH; - - case CERTSIGN_STATE_ENCODE: - #ifndef NO_RSA + /* Determine key type and set key pointer */ if (rsaKey) { - #ifndef WOLFSSL_NO_MALLOC - certSignCtx->encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (certSignCtx->encSig == NULL) { - ret = MEMORY_E; goto exit_ms; - } - #endif - - /* signature */ - certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig, - certSignCtx->digest, (word32)digestSz, typeH); + signCtx.key = rsaKey; + signCtx.keyType = RSA_TYPE; } - #endif /* !NO_RSA */ - FALL_THROUGH; - - case CERTSIGN_STATE_DO: - certSignCtx->state = CERTSIGN_STATE_DO; - ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ - - #if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) - if (rsaKey) { - /* signature */ - ret = wc_RsaSSL_Sign(certSignCtx->encSig, - (word32)certSignCtx->encSigSz, - sig, sigSz, rsaKey, rng); - } - #endif /* !NO_RSA */ - - #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) - if (!rsaKey && eccKey) { - word32 outSz = sigSz; - - ret = wc_ecc_sign_hash(certSignCtx->digest, (word32)digestSz, - sig, &outSz, rng, eccKey); - if (ret == 0) - ret = (int)outSz; + else { + signCtx.key = eccKey; + signCtx.keyType = ECC_TYPE; } - #endif /* HAVE_ECC && HAVE_ECC_SIGN */ - #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) - if (!rsaKey && !eccKey && ed25519Key) { - word32 outSz = sigSz; + /* Use unified callback path */ + ret = MakeSignatureCb(certSignCtx, buf, sz, sig, sigSz, + (int)sigAlgoType, signCtx.keyType, + InternalSignCb, &signCtx, rng, heap); + goto exit_ms; + } +#endif - ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key); - if (ret == 0) - ret = (int)outSz; - } - #endif /* HAVE_ED25519 && HAVE_ED25519_SIGN */ + /* Ed25519, Ed448, and post-quantum algorithms sign messages (not hashes), + * so they cannot use the callback path. Keep original implementation. */ + ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ - #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) - if (!rsaKey && !eccKey && !ed25519Key && ed448Key) { - word32 outSz = sigSz; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) + if (ed25519Key) { + word32 outSz = sigSz; + ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key); + if (ret == 0) + ret = (int)outSz; + } +#endif /* HAVE_ED25519 && HAVE_ED25519_SIGN */ - ret = wc_ed448_sign_msg(buf, sz, sig, &outSz, ed448Key, NULL, 0); - if (ret == 0) - ret = (int)outSz; - } - #endif /* HAVE_ED448 && HAVE_ED448_SIGN */ +#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) + if (ed448Key) { + word32 outSz = sigSz; + ret = wc_ed448_sign_msg(buf, sz, sig, &outSz, ed448Key, NULL, 0); + if (ret == 0) + ret = (int)outSz; + } +#endif /* HAVE_ED448 && HAVE_ED448_SIGN */ - #if defined(HAVE_FALCON) - if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && falconKey) { - word32 outSz = sigSz; - ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng); +#if defined(HAVE_FALCON) + if (falconKey) { + word32 outSz = sigSz; + ret = wc_falcon_sign_msg(buf, sz, sig, &outSz, falconKey, rng); + if (ret == 0) + ret = outSz; + } +#endif /* HAVE_FALCON */ + +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) + if (dilithiumKey) { + word32 outSz = sigSz; + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { + ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng); if (ret == 0) ret = outSz; } - #endif /* HAVE_FALCON */ - #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) - if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && - dilithiumKey) { - word32 outSz = sigSz; - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) || - (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) || - (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { - ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, - rng); - if (ret == 0) - ret = outSz; - } - else - #endif - { - ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig, - &outSz, dilithiumKey, rng); - if (ret == 0) - ret = outSz; - } - } - #endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */ - #if defined(HAVE_SPHINCS) - if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && - !dilithiumKey && sphincsKey) { - word32 outSz = sigSz; - ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng); + else + #endif + { + ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig, + &outSz, dilithiumKey, rng); if (ret == 0) ret = outSz; } - #endif /* HAVE_SPHINCS */ - - if (ret == -1) - ret = ALGO_ID_E; - - break; } +#endif /* HAVE_DILITHIUM && !WOLFSSL_DILITHIUM_NO_SIGN */ -exit_ms: - -#ifdef WOLFSSL_ASYNC_CRYPT - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { - return ret; - } -#endif - -#ifndef WOLFSSL_NO_MALLOC -#ifndef NO_RSA - if (rsaKey) { - XFREE(certSignCtx->encSig, heap, DYNAMIC_TYPE_TMP_BUFFER); - certSignCtx->encSig = NULL; +#if defined(HAVE_SPHINCS) + if (sphincsKey) { + word32 outSz = sigSz; + ret = wc_sphincs_sign_msg(buf, sz, sig, &outSz, sphincsKey, rng); + if (ret == 0) + ret = outSz; } -#endif /* !NO_RSA */ - - XFREE(certSignCtx->digest, heap, DYNAMIC_TYPE_TMP_BUFFER); - certSignCtx->digest = NULL; -#endif /* !WOLFSSL_NO_MALLOC */ +#endif /* HAVE_SPHINCS */ - /* reset state */ - certSignCtx->state = CERTSIGN_STATE_BEGIN; + if (ret == -1) + ret = ALGO_ID_E; +exit_ms: if (ret < 0) { WOLFSSL_ERROR_VERBOSE(ret); } @@ -32163,39 +27273,13 @@ /* add signature to end of buffer, size of buffer assumed checked, return new length */ +#ifdef WOLFSSL_ASN_TEMPLATE int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, int sigAlgoType) { -#ifndef WOLFSSL_ASN_TEMPLATE - byte seq[MAX_SEQ_SZ]; - word32 idx, seqSz; - - if ((bodySz < 0) || (sigSz < 0)) - return BUFFER_E; - - idx = (word32)bodySz; - - /* algo */ - idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0); - /* bit string */ - idx += SetBitString((word32)sigSz, 0, buf ? buf + idx : NULL); - /* signature */ - if (buf) - XMEMCPY(buf + idx, sig, (size_t)sigSz); - idx += (word32)sigSz; - - /* make room for overall header */ - seqSz = SetSequence(idx, seq); - if (buf) { - XMEMMOVE(buf + seqSz, buf, idx); - XMEMCPY(buf, seq, seqSz); - } - - return (int)(idx + seqSz); -#else DECL_ASNSETDATA(dataASN, sigASN_Length); word32 seqSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL); @@ -32223,7 +27307,7 @@ if (ret == 0) { /* Calculate size of outer sequence by calculating size of the encoded * length and adding 1 for tag. */ - seqSz = SizeASNHeader((word32)bodySz + (word32)sz); + seqSz = SizeASNHeader((word32)bodySz + sz); if (buf != NULL) { /* Move body to after sequence. */ XMEMMOVE(buf + seqSz, buf, (size_t)bodySz); @@ -32242,119 +27326,29 @@ if (ret == 0) { /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ +#ifdef WOLFSSL_ASN_TEMPLATE static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - WC_DECLARE_VAR(der, DerCert, 1, 0); - - if (derBuffer == NULL) - return BAD_FUNC_ARG; - - if (eccKey) - cert->keyType = ECC_KEY; - else if (rsaKey) - cert->keyType = RSA_KEY; - else if (dsaKey) - cert->keyType = DSA_KEY; - else if (ed25519Key) - cert->keyType = ED25519_KEY; - else if (ed448Key) - cert->keyType = ED448_KEY; -#ifdef HAVE_FALCON - else if ((falconKey != NULL) && (falconKey->level == 1)) - cert->keyType = FALCON_LEVEL1_KEY; - else if ((falconKey != NULL) && (falconKey->level == 5)) - cert->keyType = FALCON_LEVEL5_KEY; -#endif /* HAVE_FALCON */ -#ifdef HAVE_DILITHIUM - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL2_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL3_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL5_KEY; - } - #endif - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_44)) { - cert->keyType = ML_DSA_LEVEL2_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_65)) { - cert->keyType = ML_DSA_LEVEL3_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_87)) { - cert->keyType = ML_DSA_LEVEL5_KEY; - } -#endif /* HAVE_DILITHIUM */ -#ifdef HAVE_SPHINCS - else if ((sphincsKey != NULL) && (sphincsKey->level == 1) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL1_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 3) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL3_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 5) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL5_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 1) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL1_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 3) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL3_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 5) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; -#endif /* HAVE_SPHINCS */ - else - return BAD_FUNC_ARG; - - WC_ALLOC_VAR_EX(der, DerCert, 1, cert->heap, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); - - ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key, - ed448Key, falconKey, dilithiumKey, sphincsKey); - if (ret == 0) { - if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) - ret = BUFFER_E; - else - ret = cert->bodySz = WriteCertBody(der, derBuffer); - } - - WC_FREE_VAR_EX(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -#else /* TODO: issRaw and sbjRaw should be NUL terminated. */ DECL_ASNSETDATA(dataASN, x509CertASN_Length); word32 publicKeySz = 0; word32 issuerSz = 0; word32 subjectSz = 0; word32 extSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; word32 issRawLen = 0; word32 sbjRawLen = 0; @@ -32631,7 +27625,7 @@ ret = SizeASN_Items(x509CertASN, dataASN, x509CertASN_Length, &sz); } /* Check buffer is big enough for encoded data. */ - if ((ret == 0) && (sz > (int)derSz)) { + if ((ret == 0) && (sz > derSz)) { ret = BUFFER_E; } if (ret == 0) { @@ -32642,16 +27636,20 @@ /* Encode issuer name into buffer. Use the subject as the issuer * if it is self-signed. Size will be correct because we did the * same for size. */ + /* safe cast -- the pointer is actually inside derBuffer. */ ret = SetNameEx( - (byte*)dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.data, + (byte*)(wc_ptr_t) + dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.data, dataASN[X509CERTASN_IDX_TBS_ISSUER_SEQ].data.buffer.length, cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap); } } if ((ret >= 0) && (sbjRawLen == 0)) { /* Encode subject name into buffer. */ + /* safe cast -- the pointer is actually inside derBuffer. */ ret = SetNameEx( - (byte*)dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.data, + (byte*)(wc_ptr_t) + dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.data, dataASN[X509CERTASN_IDX_TBS_SUBJECT_SEQ].data.buffer.length, &cert->subject, cert->heap); } @@ -32659,17 +27657,19 @@ if (cert->beforeDateSz == 0 || cert->afterDateSz == 0) { /* Encode validity into buffer. */ + /* safe casts -- the pointers are actually inside derBuffer. */ ret = SetValidity( - (byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT] + (byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT] .data.buffer.data, - (byte*)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT] + (byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT] .data.buffer.data, cert->daysValid); } } if (ret >= 0) { /* Encode public key into buffer. */ + /* safe cast -- the pointer is actually inside derBuffer. */ ret = EncodePublicKey(cert->keyType, - (byte*)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] + (byte*)(wc_ptr_t)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] .data.buffer.data, (int)dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_SEQ] .data.buffer.length, @@ -32678,22 +27678,24 @@ } if ((ret >= 0) && (!dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].noOut)) { /* Encode extensions into buffer. */ - ret = EncodeExtensions(cert, - (byte*)dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.data, - dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.length, 0); + /* safe cast -- the pointer is actually inside derBuffer. */ + ret = EncodeExtensions( + cert, + (byte*)(wc_ptr_t) + dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.data, + dataASN[X509CERTASN_IDX_TBS_EXT_SEQ].data.buffer.length, 0); } if (ret >= 0) { /* Store encoded certificate body size. */ - cert->bodySz = sz; + cert->bodySz = (int)sz; /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, cert->heap); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Make an x509 Certificate v3 from cert input using any * key type, and write to buffer. * @@ -32776,549 +27778,6 @@ #ifdef WOLFSSL_CERT_REQ -#ifndef WOLFSSL_ASN_TEMPLATE -/* return size of data set on success - * if getting size only then attr and oid should be NULL - */ -static word32 SetReqAttribSingle(byte* output, word32* idx, char* attr, - word32 attrSz, const byte* oid, word32 oidSz, byte printable, - word32 extSz) -{ - word32 totalSz = 0; - word32 seqSz = 0; - word32 setSz = 0; - word32 strSz = 0; - byte seq[MAX_SEQ_SZ]; - byte set[MAX_SET_SZ]; - byte str[MAX_PRSTR_SZ]; - - totalSz = (word32)SetObjectId((int)oidSz, NULL); - totalSz += oidSz; - if (extSz > 0) { - totalSz += setSz = SetSet(extSz, set); - totalSz += seqSz = SetSequence(totalSz + extSz, seq); - totalSz += extSz; - } - else { - if (printable) { - strSz = SetPrintableString(attrSz, str); - totalSz += strSz; - } - else { - totalSz += strSz = SetUTF8String(attrSz, str); - } - totalSz += setSz = SetSet(strSz + attrSz, set); - totalSz += seqSz = SetSequence(totalSz + attrSz, seq); - totalSz += attrSz; - } - - if (oid) { - XMEMCPY(&output[*idx], seq, seqSz); - *idx += seqSz; - *idx += (word32)SetObjectId((int)oidSz, output + *idx); - XMEMCPY(&output[*idx], oid, oidSz); - *idx += oidSz; - XMEMCPY(&output[*idx], set, setSz); - *idx += setSz; - if (strSz > 0) { - XMEMCPY(&output[*idx], str, strSz); - *idx += strSz; - if (attrSz > 0) { - XMEMCPY(&output[*idx], attr, attrSz); - *idx += attrSz; - } - } - } - return totalSz; -} - - - -static int SetReqAttrib(byte* output, Cert* cert, word32 extSz) -{ - word32 sz = 0; /* overall size */ - word32 setSz = 0; - - output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; - sz++; - - if (cert->challengePw[0]) { - setSz += SetReqAttribSingle(output, &sz, NULL, - (word32)XSTRLEN(cert->challengePw), NULL, - sizeof(attrChallengePasswordOid), - (byte)cert->challengePwPrintableString, 0); - } - - if (cert->unstructuredName[0]) { - setSz += SetReqAttribSingle(output, &sz, NULL, - (word32)XSTRLEN(cert->unstructuredName), NULL, - sizeof(attrUnstructuredNameOid), 1, 0); - } - - if (extSz) { - setSz += SetReqAttribSingle(output, &sz, NULL, 0, NULL, - sizeof(attrExtensionRequestOid), 1, extSz); - } - - /* Put the pieces together. */ - sz += SetLength(setSz, &output[sz]); - if (sz + setSz - extSz > MAX_ATTRIB_SZ) { - WOLFSSL_MSG("Attribute Buffer is not big enough!"); - return REQ_ATTRIBUTE_E; - } - - if (cert->challengePw[0]) { - SetReqAttribSingle(output, &sz, cert->challengePw, - (word32)XSTRLEN(cert->challengePw), - &attrChallengePasswordOid[0], - sizeof(attrChallengePasswordOid), - (byte)cert->challengePwPrintableString, 0); - } - - if (cert->unstructuredName[0]) { - SetReqAttribSingle(output, &sz, cert->unstructuredName, - (word32)XSTRLEN(cert->unstructuredName), - &attrUnstructuredNameOid[0], - sizeof(attrUnstructuredNameOid), 1, 0); - } - - if (extSz) { - SetReqAttribSingle(output, &sz, NULL, 0, &attrExtensionRequestOid[0], - sizeof(attrExtensionRequestOid), 1, extSz); - /* The actual extension data will be tacked onto the output later. */ - } - - return (int)sz; -} - -#ifdef WOLFSSL_CUSTOM_OID -/* encode a custom oid and value */ -static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz, - CertOidField* custom) -{ - int idx = 0, cust_lenSz, cust_oidSz; - - if (cert == NULL || output == NULL || custom == NULL) { - return BAD_FUNC_ARG; - } - if (custom->oid == NULL || custom->oidSz <= 0) { - return 0; /* none set */ - } - - /* Octet String header */ - cust_lenSz = SetOctetString(custom->valSz, NULL); - cust_oidSz = SetObjectId(custom->oidSz, NULL); - - /* check for output buffer room */ - if ((word32)(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz) > - outSz) { - return BUFFER_E; - } - - /* put sequence with total */ - idx = SetSequence(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz, - output); - - /* put oid header */ - idx += SetObjectId(custom->oidSz, output+idx); - XMEMCPY(output+idx, custom->oid, custom->oidSz); - idx += custom->oidSz; - - /* put value */ - idx += SetOctetString(custom->valSz, output+idx); - XMEMCPY(output+idx, custom->val, custom->valSz); - idx += custom->valSz; - - return idx; -} -#endif /* WOLFSSL_CUSTOM_OID */ - - -/* encode info from cert into DER encoded format */ -static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, - DsaKey* dsaKey, ecc_key* eccKey, - ed25519_key* ed25519Key, ed448_key* ed448Key, - falcon_key* falconKey, dilithium_key* dilithiumKey, - sphincs_key* sphincsKey) -{ - int ret; - - (void)eccKey; - (void)ed25519Key; - (void)ed448Key; - (void)falconKey; - (void)dilithiumKey; - (void)sphincsKey; - - if (cert == NULL || der == NULL) - return BAD_FUNC_ARG; - - if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && - dsaKey == NULL && ed448Key == NULL && falconKey == NULL && - falconKey == NULL) { - return PUBLIC_KEY_E; - } - - /* init */ - XMEMSET(der, 0, sizeof(DerCert)); - - /* version */ - der->versionSz = SetMyVersion((word32)cert->version, der->version, FALSE); - - /* subject name */ -#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) - if (XSTRLEN((const char*)cert->sbjRaw) > 0) { - /* Use the raw subject */ - int idx; - - der->subjectSz = (int)min(sizeof(der->subject), - (word32)XSTRLEN((const char*)cert->sbjRaw)); - /* header */ - idx = (int)SetSequence((word32)der->subjectSz, der->subject); - if (der->subjectSz + idx > (int)sizeof(der->subject)) { - return SUBJECT_E; - } - - XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, - (size_t)der->subjectSz); - der->subjectSz += idx; - } - else -#endif - { - der->subjectSz = SetNameEx(der->subject, sizeof(der->subject), - &cert->subject, cert->heap); - } - if (der->subjectSz <= 0) - return SUBJECT_E; - - /* public key */ -#ifndef NO_RSA - if (cert->keyType == RSA_KEY) { - if (rsaKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, - sizeof(der->publicKey), 1); - } -#endif - -#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) - if (cert->keyType == DSA_KEY) { - if (dsaKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, - sizeof(der->publicKey), 1); - } -#endif - -#ifdef HAVE_ECC - if (cert->keyType == ECC_KEY) { - if (eccKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, - sizeof(der->publicKey), 1, 0); - } -#endif - -#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) - if (cert->keyType == ED25519_KEY) { - if (ed25519Key == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif - -#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) - if (cert->keyType == ED448_KEY) { - if (ed448Key == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey, - (word32)sizeof(der->publicKey), 1); - } -#endif -#if defined(HAVE_FALCON) - if ((cert->keyType == FALCON_LEVEL1_KEY) || - (cert->keyType == FALCON_LEVEL5_KEY)) { - if (falconKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Falcon_PublicKeyToDer(falconKey, - der->publicKey, (word32)sizeof(der->publicKey), 1); - } -#endif -#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == ML_DSA_LEVEL2_KEY) || - (cert->keyType == ML_DSA_LEVEL3_KEY) || - (cert->keyType == ML_DSA_LEVEL5_KEY) - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - || (cert->keyType == DILITHIUM_LEVEL2_KEY) - || (cert->keyType == DILITHIUM_LEVEL3_KEY) - || (cert->keyType == DILITHIUM_LEVEL5_KEY) - #endif - ) { - if (dilithiumKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey, - der->publicKey, (word32)sizeof(der->publicKey), 1); - } -#endif -#if defined(HAVE_SPHINCS) - if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) || - (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) || - (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) || - (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) { - if (sphincsKey == NULL) - return PUBLIC_KEY_E; - der->publicKeySz = wc_Sphincs_PublicKeyToDer(sphincsKey, - der->publicKey, (word32)sizeof(der->publicKey), 1); - } -#endif - - if (der->publicKeySz <= 0) - return PUBLIC_KEY_E; - - /* set the extensions */ - der->extensionsSz = 0; - - /* RFC 5280 : 4.2.1.9. Basic Constraints - * The pathLenConstraint field is meaningful only if the CA boolean is - * asserted and the key usage extension, if present, asserts the - * keyCertSign bit */ - /* Set CA and path length */ - if ((cert->isCA) && (cert->pathLenSet) -#ifdef WOLFSSL_CERT_EXT - && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage)) -#endif - ) { - der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen); - if (der->caSz <= 0) - return CA_TRUE_E; - - der->extensionsSz += der->caSz; - } -#ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - /* Set CA */ - else if (cert->isCaSet) { - der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA); - if (der->caSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->caSz; - } -#endif - /* Set CA true */ - else if (cert->isCA) { - der->caSz = SetCa(der->ca, sizeof(der->ca)); - if (der->caSz <= 0) - return CA_TRUE_E; - - der->extensionsSz += der->caSz; - } - /* Set Basic Constraint */ - else if (cert->basicConstSet) { - der->caSz = SetBC(der->ca, sizeof(der->ca)); - if (der->caSz <= 0) - return EXTENSIONS_E; - - der->extensionsSz += der->caSz; - } - else - der->caSz = 0; - -#ifdef WOLFSSL_ALT_NAMES - /* Alternative Name */ - if (cert->altNamesSz) { - der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), - cert->altNames, (word32)cert->altNamesSz, - cert->altNamesCrit); - if (der->altNamesSz <= 0) - return ALT_NAME_E; - - der->extensionsSz += der->altNamesSz; - } - else - der->altNamesSz = 0; -#endif - -#ifdef WOLFSSL_CERT_EXT - /* SKID */ - if (cert->skidSz) { - /* check the provided SKID size */ - if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid))) - return SKID_E; - - der->skidSz = SetSKID(der->skid, sizeof(der->skid), - cert->skid, (word32)cert->skidSz); - if (der->skidSz <= 0) - return SKID_E; - - der->extensionsSz += der->skidSz; - } - else - der->skidSz = 0; - - /* Key Usage */ - if (cert->keyUsage != 0) { - der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), - cert->keyUsage); - if (der->keyUsageSz <= 0) - return KEYUSAGE_E; - - der->extensionsSz += der->keyUsageSz; - } - else - der->keyUsageSz = 0; - - /* Extended Key Usage */ - if (cert->extKeyUsage != 0) { - der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage, - sizeof(der->extKeyUsage), cert->extKeyUsage); - if (der->extKeyUsageSz <= 0) - return EXTKEYUSAGE_E; - - der->extensionsSz += der->extKeyUsageSz; - } - else - der->extKeyUsageSz = 0; - -#endif /* WOLFSSL_CERT_EXT */ - -#ifdef WOLFSSL_CUSTOM_OID - /* encode a custom oid and value */ - /* zero returns, means none set */ - ret = SetCustomObjectId(cert, der->extCustom, - sizeof(der->extCustom), &cert->extCustom); - if (ret < 0) - return ret; - der->extCustomSz = ret; - der->extensionsSz += der->extCustomSz; -#endif - - /* put extensions */ - if (der->extensionsSz > 0) { - /* put the start of sequence (ID, Size) */ - der->extensionsSz = (int)SetSequence((word32)der->extensionsSz, - der->extensions); - if (der->extensionsSz <= 0) - return EXTENSIONS_E; - - /* put CA */ - if (der->caSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->ca, der->caSz); - if (ret <= 0) - return EXTENSIONS_E; - } - -#ifdef WOLFSSL_ALT_NAMES - /* put Alternative Names */ - if (der->altNamesSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->altNames, der->altNamesSz); - if (ret <= 0) - return EXTENSIONS_E; - } -#endif - -#ifdef WOLFSSL_CERT_EXT - /* put SKID */ - if (der->skidSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->skid, der->skidSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put AKID */ - if (der->akidSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->akid, der->akidSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put KeyUsage */ - if (der->keyUsageSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->keyUsage, der->keyUsageSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - /* put ExtendedKeyUsage */ - if (der->extKeyUsageSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->extKeyUsage, der->extKeyUsageSz); - if (ret <= 0) - return EXTENSIONS_E; - } - - #ifdef WOLFSSL_CUSTOM_OID - if (der->extCustomSz) { - ret = SetExtensions(der->extensions, sizeof(der->extensions), - &der->extensionsSz, - der->extCustom, der->extCustomSz); - if (ret <= 0) - return EXTENSIONS_E; - } - #endif -#endif /* WOLFSSL_CERT_EXT */ - } - - der->attribSz = SetReqAttrib(der->attrib, cert, (word32)der->extensionsSz); - if (der->attribSz <= 0) - return REQ_ATTRIBUTE_E; - - der->total = der->versionSz + der->subjectSz + der->publicKeySz + - der->extensionsSz + der->attribSz; - - return 0; -} - - -/* write DER encoded cert req to buffer, size already checked */ -static int WriteCertReqBody(DerCert* der, byte* buf) -{ - int idx; - - /* signed part header */ - idx = (int)SetSequence((word32)der->total, buf); - /* version */ - if (buf) - XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); - idx += der->versionSz; - /* subject */ - if (buf) - XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); - idx += der->subjectSz; - /* public key */ - if (buf) - XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); - idx += der->publicKeySz; - /* attributes */ - if (buf) - XMEMCPY(buf + idx, der->attrib, (size_t)der->attribSz); - idx += der->attribSz; - /* extensions */ - if (der->extensionsSz) { - if (buf) - XMEMCPY(buf + idx, der->extensions, min((word32)der->extensionsSz, - sizeof(der->extensions))); - idx += der->extensionsSz; - } - - return idx; -} -#endif - #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for Certificate Request body. * PKCS #10: RFC 2986, 4.1 - CertificationRequestInfo @@ -33376,105 +27835,18 @@ #define certReqBodyASN_Length (sizeof(certReqBodyASN) / sizeof(ASNItem)) #endif +#ifdef WOLFSSL_ASN_TEMPLATE static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, dilithium_key* dilithiumKey, sphincs_key* sphincsKey) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - WC_DECLARE_VAR(der, DerCert, 1, 0); - - if (eccKey) - cert->keyType = ECC_KEY; - else if (rsaKey) - cert->keyType = RSA_KEY; - else if (dsaKey) - cert->keyType = DSA_KEY; - else if (ed25519Key) - cert->keyType = ED25519_KEY; - else if (ed448Key) - cert->keyType = ED448_KEY; -#ifdef HAVE_FALCON - else if ((falconKey != NULL) && (falconKey->level == 1)) - cert->keyType = FALCON_LEVEL1_KEY; - else if ((falconKey != NULL) && (falconKey->level == 5)) - cert->keyType = FALCON_LEVEL5_KEY; -#endif /* HAVE_FALCON */ -#ifdef HAVE_DILITHIUM - #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL2_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL3_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { - cert->keyType = DILITHIUM_LEVEL5_KEY; - } - #endif - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_44)) { - cert->keyType = ML_DSA_LEVEL2_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_65)) { - cert->keyType = ML_DSA_LEVEL3_KEY; - } - else if ((dilithiumKey != NULL) && - (dilithiumKey->params->level == WC_ML_DSA_87)) { - cert->keyType = ML_DSA_LEVEL5_KEY; - } -#endif /* HAVE_DILITHIUM */ -#ifdef HAVE_SPHINCS - else if ((sphincsKey != NULL) && (sphincsKey->level == 1) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL1_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 3) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL3_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 5) - && (sphincsKey->optim == FAST_VARIANT)) - cert->keyType = SPHINCS_FAST_LEVEL5_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 1) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL1_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 3) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL3_KEY; - else if ((sphincsKey != NULL) && (sphincsKey->level == 5) - && (sphincsKey->optim == SMALL_VARIANT)) - cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; -#endif /* HAVE_SPHINCS */ - else - return BAD_FUNC_ARG; - - WC_ALLOC_VAR_EX(der, DerCert, 1, cert->heap, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); - - ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key, - falconKey, dilithiumKey, sphincsKey); - - if (ret == 0) { - if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) - ret = BUFFER_E; - else - ret = cert->bodySz = WriteCertReqBody(der, derBuffer); - } - - WC_FREE_VAR_EX(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -#else DECL_ASNSETDATA(dataASN, certReqBodyASN_Length); word32 publicKeySz = 0; word32 subjectSz = 0; word32 extSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) word32 sbjRawSz = 0; @@ -33678,7 +28050,7 @@ &sz); } /* Check buffer is big enough for encoded data. */ - if ((ret == 0) && (sz > (int)derSz)) { + if ((ret == 0) && (sz > derSz)) { ret = BUFFER_E; } if (ret == 0 && derBuffer != NULL) { @@ -33691,16 +28063,21 @@ #endif { /* Encode subject name into space in buffer. */ + /* safe cast -- the pointer is actually inside derBuffer. */ ret = SetNameEx( - (byte*)dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.data, + (byte*)(wc_ptr_t) + dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.data, dataASN[CERTREQBODYASN_IDX_SUBJ_SEQ].data.buffer.length, &cert->subject, cert->heap); } } if (ret >= 0 && derBuffer != NULL) { /* Encode public key into space in buffer. */ - ret = EncodePublicKey(cert->keyType, - (byte*)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data, + /* safe cast -- the pointer is actually inside derBuffer. */ + ret = EncodePublicKey( + cert->keyType, + (byte*)(wc_ptr_t) + dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.data, (int)dataASN[CERTREQBODYASN_IDX_SPUBKEYINFO_SEQ].data.buffer.length, rsaKey, eccKey, ed25519Key, ed448Key, dsaKey, falconKey, dilithiumKey, sphincsKey); @@ -33708,22 +28085,24 @@ if ((ret >= 0 && derBuffer != NULL) && (!dataASN[CERTREQBODYASN_IDX_EXT_BODY].noOut)) { /* Encode extensions into space in buffer. */ - ret = EncodeExtensions(cert, - (byte*)dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.data, - dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.length, 1); + /* safe cast -- the pointer is actually inside derBuffer. */ + ret = EncodeExtensions( + cert, + (byte*)(wc_ptr_t) + dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.data, + dataASN[CERTREQBODYASN_IDX_EXT_BODY].data.buffer.length, 1); } if (ret >= 0) { /* Store encoded certificate request body size. */ - cert->bodySz = sz; + cert->bodySz = (int)sz; /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, cert->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key) { @@ -33792,6 +28171,144 @@ #endif /* WOLFSSL_CERT_REQ */ + +#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_REQ) +/* Internal function to create signature using callback + * This allows external signing implementations (e.g., TPM, HSM) without + * requiring the crypto callback infrastructure. + */ +static int MakeSignatureCb(CertSignCtx* certSignCtx, const byte* buf, + word32 sz, byte* sig, word32 sigSz, int sigAlgoType, int keyType, + wc_SignCertCb signCb, void* signCtx, WC_RNG* rng, void* heap) +{ + int ret = 0; + word32 outLen; + + (void)rng; +#ifdef WOLFSSL_NO_MALLOC + (void)heap; +#endif + + /* Validate keyType - only RSA and ECC are supported for callback signing. + * Ed25519, Ed448, and post-quantum algorithms sign messages directly, + * not hashes, so they cannot use the callback path. */ +#if !defined(NO_RSA) && defined(HAVE_ECC) + if (keyType != RSA_TYPE && keyType != ECC_TYPE) { + return BAD_FUNC_ARG; + } +#elif !defined(NO_RSA) + if (keyType != RSA_TYPE) { + return BAD_FUNC_ARG; + } +#elif defined(HAVE_ECC) + if (keyType != ECC_TYPE) { + return BAD_FUNC_ARG; + } +#else + (void)keyType; + return NOT_COMPILED_IN; +#endif + + switch (certSignCtx->state) { + case CERTSIGN_STATE_BEGIN: + case CERTSIGN_STATE_DIGEST: + certSignCtx->state = CERTSIGN_STATE_DIGEST; +#ifndef WOLFSSL_NO_MALLOC + certSignCtx->digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (certSignCtx->digest == NULL) { + ret = MEMORY_E; + goto exit_ms; + } +#endif + ret = HashForSignature(buf, sz, (word32)sigAlgoType, certSignCtx->digest, + &certSignCtx->typeH, &certSignCtx->digestSz, 0, + NULL, INVALID_DEVID); + certSignCtx->state = CERTSIGN_STATE_ENCODE; + if (ret != 0) { + goto exit_ms; + } + FALL_THROUGH; + + case CERTSIGN_STATE_ENCODE: + /* For RSA, encode the digest with algorithm identifier */ +#ifndef NO_RSA + if (keyType == RSA_TYPE) { +#ifndef WOLFSSL_NO_MALLOC + certSignCtx->encSig = (byte*)XMALLOC(MAX_DER_DIGEST_SZ, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (certSignCtx->encSig == NULL) { + ret = MEMORY_E; + goto exit_ms; + } +#endif + /* typeH was stored in certSignCtx by HashForSignature */ + certSignCtx->encSigSz = (int)wc_EncodeSignature(certSignCtx->encSig, + certSignCtx->digest, (word32)certSignCtx->digestSz, + certSignCtx->typeH); + } +#endif /* !NO_RSA */ + FALL_THROUGH; + + case CERTSIGN_STATE_DO: + certSignCtx->state = CERTSIGN_STATE_DO; + outLen = sigSz; + + /* Call the user-provided signing callback */ +#ifndef NO_RSA + if (keyType == RSA_TYPE) { + /* RSA: pass encoded digest */ + ret = signCb(certSignCtx->encSig, (word32)certSignCtx->encSigSz, + sig, &outLen, sigAlgoType, keyType, signCtx); + } + else +#endif /* !NO_RSA */ + { + /* ECC: pass raw hash */ + ret = signCb(certSignCtx->digest, (word32)certSignCtx->digestSz, + sig, &outLen, sigAlgoType, keyType, signCtx); + } + + #ifdef WOLFSSL_ASYNC_CRYPT + /* If callback returns WC_PENDING_E, preserve state for re-entry */ + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + return ret; + } + #endif + + if (ret == 0) { + ret = (int)outLen; + } + break; + } + +exit_ms: +#ifndef WOLFSSL_NO_MALLOC +#ifndef NO_RSA + if (keyType == RSA_TYPE) { + XFREE(certSignCtx->encSig, heap, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->encSig = NULL; + } +#endif /* !NO_RSA */ + XFREE(certSignCtx->digest, heap, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->digest = NULL; +#endif + + /* reset state */ + certSignCtx->state = CERTSIGN_STATE_BEGIN; + certSignCtx->digestSz = 0; + certSignCtx->typeH = 0; + + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + } + + return ret; +} +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ */ + + + static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz, RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, ed448_key* ed448Key, falcon_key* falconKey, @@ -34090,6 +28607,116 @@ NULL, NULL, NULL, rng); } +/* Sign certificate/CSR using a callback function + * This allows external signing implementations (e.g., TPM, HSM) + * without requiring the crypto callback infrastructure. + * + * NOTE: This function does NOT support async crypto (WOLFSSL_ASYNC_CRYPT). + * The certSignCtx is local to this function and cannot persist across + * async re-entry. Use wc_SignCert or wc_SignCert_ex for async operations. + * + * @param [in] requestSz Size of certificate body to sign. + * @param [in] sType The signature type. + * @param [in,out] buf Der buffer to sign. + * @param [in] buffSz Der buffer size. + * @param [in] keyType The type of key (RSA_TYPE or ECC_TYPE only). + * @param [in] signCb User signing callback. + * @param [in] signCtx Context passed to callback. + * @param [in] rng Random number generator (may be NULL). + * + * @return Size of signature on success. + * @return BAD_FUNC_ARG if signCb or buf is NULL, buffSz is 0, or invalid + * keyType. + * @return < 0 on error + */ +#ifdef WOLFSSL_CERT_SIGN_CB +int wc_SignCert_cb(int requestSz, int sType, byte* buf, word32 buffSz, + int keyType, wc_SignCertCb signCb, void* signCtx, + WC_RNG* rng) +{ + int sigSz = 0; + CertSignCtx certSignCtx_lcl; + CertSignCtx* certSignCtx = &certSignCtx_lcl; + + /* Validate parameters */ + if (signCb == NULL || buf == NULL || buffSz == 0) { + return BAD_FUNC_ARG; + } + + /* Validate keyType - only RSA and ECC supported */ +#if !defined(NO_RSA) && defined(HAVE_ECC) + if (keyType != RSA_TYPE && keyType != ECC_TYPE) { + return BAD_FUNC_ARG; + } +#elif !defined(NO_RSA) + if (keyType != RSA_TYPE) { + return BAD_FUNC_ARG; + } +#elif defined(HAVE_ECC) + if (keyType != ECC_TYPE) { + return BAD_FUNC_ARG; + } +#else + (void)keyType; + return NOT_COMPILED_IN; +#endif + + XMEMSET(certSignCtx, 0, sizeof(*certSignCtx)); + + if (requestSz < 0) { + return requestSz; + } + +#ifndef WOLFSSL_NO_MALLOC + certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (certSignCtx->sig == NULL) { + return MEMORY_E; + } +#endif + + sigSz = MakeSignatureCb(certSignCtx, buf, (word32)requestSz, + certSignCtx->sig, MAX_ENCODED_SIG_SZ, sType, keyType, + signCb, signCtx, rng, NULL); + +#ifdef WOLFSSL_ASYNC_CRYPT + if (sigSz == WC_NO_ERR_TRACE(WC_PENDING_E)) { + /* Async crypto not supported with wc_SignCert_cb because certSignCtx + * is local and cannot persist across re-entry. Clean up and return + * error. */ + #ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->sig = NULL; + #endif + return NOT_COMPILED_IN; + } +#endif + + if (sigSz >= 0) { + /* Check buffer has room for signature structure. This is an estimate + * using MAX_SEQ_SZ * 2 to account for sequence headers and algorithm + * identifier overhead. For precise sizing, call AddSignature with + * NULL buffer first, but this estimate matches the existing pattern + * used in SignCert. */ + if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz) { + sigSz = BUFFER_E; + } + else { + sigSz = AddSignature(buf, requestSz, certSignCtx->sig, sigSz, sType); + } + } + +#ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + certSignCtx->sig = NULL; +#endif + + return sigSz; +} +#endif /* WOLFSSL_CERT_SIGN_CB */ + + + WOLFSSL_ABI int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, @@ -34614,9 +29241,11 @@ ext = &cert->customCertExt[cert->customCertExtCount]; - ext->oid = (char*)oid; + /* if supplied oid is readonly, user must access ext->oid readonly. */ + ext->oid = (char*)(wc_ptr_t)oid; ext->crit = (critical == 0) ? 0 : 1; - ext->val = (byte*)der; + /* if supplied der is readonly, user must access ext->der readonly. */ + ext->val = (byte*)(wc_ptr_t)der; ext->valSz = (int)derSz; cert->customCertExtCount++; @@ -35213,47 +29842,12 @@ #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) /* Helper function for wolfSSL_i2d_DHparams */ +#ifdef WOLFSSL_ASN_TEMPLATE int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 total; - - WOLFSSL_ENTER("StoreDHparams"); - - if (out == NULL) { - WOLFSSL_MSG("Null buffer error"); - return BUFFER_E; - } - - /* determine size */ - /* integer - g */ - idx = SetASNIntMP(g, -1, NULL); - /* integer - p */ - idx += SetASNIntMP(p, -1, NULL); - total = idx; - /* sequence */ - idx += SetSequence(idx, NULL); - - /* make sure output fits in buffer */ - if (idx > *outLen) { - return BUFFER_E; - } - - /* write DH parameters */ - /* sequence - for P and G only */ - idx = SetSequence(total, out); - /* integer - p */ - idx += SetASNIntMP(p, -1, out + idx); - /* integer - g */ - idx += SetASNIntMP(g, -1, out + idx); - *outLen = idx; - - return 0; -#else ASNSetData dataASN[dhParamASN_Length]; int ret = 0; - int sz = 0; + word32 sz = 0; WOLFSSL_ENTER("StoreDHparams"); if (out == NULL) { @@ -35271,19 +29865,19 @@ ret = SizeASN_Items(dhParamASN, dataASN, dhParamASN_Length, &sz); } /* Check buffer is big enough for encoding. */ - if ((ret == 0) && ((int)*outLen < sz)) { + if ((ret == 0) && (*outLen < sz)) { ret = BUFFER_E; } if (ret == 0) { /* Encode the DH parameters into buffer. */ SetASN_Items(dhParamASN, dataASN, dhParamASN_Length, out); /* Set the actual encoding size. */ - *outLen = (word32)sz; + *outLen = sz; } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ #if defined(HAVE_ECC) || !defined(NO_DSA) @@ -35309,46 +29903,12 @@ #endif /* Der Encode r & s ints into out, outLen is (in/out) size */ +#ifdef WOLFSSL_ASN_TEMPLATE int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int rSz; /* encoding size */ - int sSz; - int headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ - - /* If the leading bit on the INTEGER is a 1, add a leading zero */ - int rLeadingZero = mp_leading_bit(r); - int sLeadingZero = mp_leading_bit(s); - int rLen = mp_unsigned_bin_size(r); /* big int size */ - int sLen = mp_unsigned_bin_size(s); - - if (*outLen < (word32)((rLen + rLeadingZero + sLen + sLeadingZero + - headerSz + 2))) /* SEQ_TAG + LEN(ENUM) */ - return BUFFER_E; - - idx = SetSequence((word32)(rLen + rLeadingZero + sLen + sLeadingZero + - headerSz), out); - - /* store r */ - rSz = SetASNIntMP(r, (int)(*outLen - idx), &out[idx]); - if (rSz < 0) - return rSz; - idx += (word32)rSz; - - /* store s */ - sSz = SetASNIntMP(s, (int)(*outLen - idx), &out[idx]); - if (sSz < 0) - return sSz; - idx += (word32)sSz; - - *outLen = idx; - - return 0; -#else ASNSetData dataASN[dsaSigASN_Length]; int ret; - int sz; + word32 sz; /* Clear dynamic data and set mp_ints r and s */ XMEMSET(dataASN, 0, sizeof(dataASN)); @@ -35358,16 +29918,16 @@ /* Calculate size of encoding. */ ret = SizeASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, &sz); /* Check buffer is big enough for encoding. */ - if ((ret == 0) && ((int)*outLen < sz)) { + if ((ret == 0) && (*outLen < sz)) { ret = BUFFER_E; } if (ret == 0) { /* Encode DSA signature into buffer. */ ret = SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out); if (ret >= 0) { - if (ret == sz) { + if ((word32)ret == sz) { /* Set the actual encoding size. */ - *outLen = (word32)sz; + *outLen = sz; ret = 0; } else { ret = BAD_STATE_E; @@ -35376,89 +29936,17 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ -} - -#ifndef WOLFSSL_ASN_TEMPLATE -/* determine if leading bit is set */ -static word32 is_leading_bit_set(const byte* input, word32 sz) -{ - byte c = 0; - if (sz > 0) - c = input[0]; - return (c & 0x80) != 0; -} -static word32 trim_leading_zeros(const byte** input, word32 sz) -{ - int i; - word32 leadingZeroCount = 0; - const byte* tmp = *input; - for (i=0; i<(int)sz; i++) { - if (tmp[i] != 0) - break; - leadingZeroCount++; - } - /* catch all zero case */ - if (sz > 0 && leadingZeroCount == sz) { - leadingZeroCount--; - } - *input += leadingZeroCount; - sz -= leadingZeroCount; - return sz; } -#endif - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Der Encode r & s ints into out, outLen is (in/out) size */ /* All input/outputs are assumed to be big-endian */ +#ifdef WOLFSSL_ASN_TEMPLATE int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, const byte* s, word32 sLen) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - word32 idx; - word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ - word32 rAddLeadZero, sAddLeadZero; - - if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL)) - return BAD_FUNC_ARG; - - /* Trim leading zeros */ - rLen = trim_leading_zeros(&r, rLen); - sLen = trim_leading_zeros(&s, sLen); - /* If the leading bit on the INTEGER is a 1, add a leading zero */ - /* Add leading zero if MSB is set */ - rAddLeadZero = is_leading_bit_set(r, rLen); - sAddLeadZero = is_leading_bit_set(s, sLen); - - if (*outLen < (rLen + rAddLeadZero + sLen + sAddLeadZero + - headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ - return BUFFER_E; - - idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out); - - /* store r */ - ret = SetASNInt((int)rLen, (byte)(rAddLeadZero ? 0x80U : 0x00U), &out[idx]); - if (ret < 0) - return ret; - idx += (word32)ret; - XMEMCPY(&out[idx], r, rLen); - idx += rLen; - - /* store s */ - ret = SetASNInt((int)sLen, (byte)(sAddLeadZero ? 0x80U : 0x00U), &out[idx]); - if (ret < 0) - return ret; - idx += (word32)ret; - XMEMCPY(&out[idx], s, sLen); - idx += sLen; - - *outLen = idx; - - return 0; -#else ASNSetData dataASN[dsaSigASN_Length]; int ret; - int sz; + word32 sz; /* Clear dynamic data and set buffers for r and s */ XMEMSET(dataASN, 0, sizeof(dataASN)); @@ -35476,85 +29964,25 @@ /* Calculate size of encoding. */ ret = SizeASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, &sz); /* Check buffer is big enough for encoding. */ - if ((ret == 0) && ((int)*outLen < sz)) { + if ((ret == 0) && (*outLen < sz)) { ret = BUFFER_E; } if (ret == 0) { /* Encode DSA signature into buffer. */ SetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, out); /* Set the actual encoding size. */ - *outLen = (word32)sz; + *outLen = sz; } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Der Decode ECC-DSA Signature with R/S as unsigned bin */ /* All input/outputs are assumed to be big-endian */ +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - word32 idx = 0; - int len = 0; - - if (GetSequence(sig, &idx, &len, sigLen) < 0) { - return ASN_ECC_KEY_E; - } - -#ifndef NO_STRICT_ECDSA_LEN - /* enable strict length checking for signature */ - if (sigLen != idx + (word32)len) { - return ASN_ECC_KEY_E; - } -#else - /* allow extra signature bytes at end */ - if ((word32)len > (sigLen - idx)) { - return ASN_ECC_KEY_E; - } -#endif - - ret = GetASNInt(sig, &idx, &len, sigLen); - if (ret != 0) - return ret; - if (rLen) { - if (*rLen >= (word32)len) - *rLen = (word32)len; - else { - /* Buffer too small to hold r value */ - return BUFFER_E; - } - } - if (r) - XMEMCPY(r, (byte*)sig + idx, (size_t)len); - idx += (word32)len; - - ret = GetASNInt(sig, &idx, &len, sigLen); - if (ret != 0) - return ret; - if (sLen) { - if (*sLen >= (word32)len) - *sLen = (word32)len; - else { - /* Buffer too small to hold s value */ - return BUFFER_E; - } - } - if (s) - XMEMCPY(s, (byte*)sig + idx, (size_t)len); - -#ifndef NO_STRICT_ECDSA_LEN - /* sanity check that the index has been advanced all the way to the end of - * the buffer */ - if (idx + (word32)len != sigLen) { - ret = ASN_ECC_KEY_E; - } -#endif - - return ret; -#else ASNGetData dataASN[dsaSigASN_Length]; word32 idx = 0; @@ -35566,58 +29994,17 @@ /* Decode the DSA signature. */ return GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 1, sig, &idx, sigLen); -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) { return DecodeECC_DSA_Sig_Ex(sig, sigLen, r, s, 1); } +#ifdef WOLFSSL_ASN_TEMPLATE int DecodeECC_DSA_Sig_Ex(const byte* sig, word32 sigLen, mp_int* r, mp_int* s, int init) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int len = 0; - - if (GetSequence(sig, &idx, &len, sigLen) < 0) { - return ASN_ECC_KEY_E; - } - -#ifndef NO_STRICT_ECDSA_LEN - /* enable strict length checking for signature */ - if (sigLen != idx + (word32)len) { - return ASN_ECC_KEY_E; - } -#else - /* allow extra signature bytes at end */ - if ((word32)len > (sigLen - idx)) { - return ASN_ECC_KEY_E; - } -#endif - - if (GetIntPositive(r, sig, &idx, sigLen, init) < 0) { - return ASN_ECC_KEY_E; - } - - if (GetIntPositive(s, sig, &idx, sigLen, init) < 0) { - mp_clear(r); - return ASN_ECC_KEY_E; - } - -#ifndef NO_STRICT_ECDSA_LEN - /* sanity check that the index has been advanced all the way to the end of - * the buffer */ - if (idx != sigLen) { - mp_clear(r); - mp_clear(s); - return ASN_ECC_KEY_E; - } -#endif - - return 0; -#else ASNGetData dataASN[dsaSigASN_Length]; word32 idx = 0; int ret; @@ -35654,8 +30041,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif @@ -35860,43 +30247,55 @@ /* Allocate buffer to put hex strings into. */ if (ret == 0) { /* Base X-ordinate */ + char *curve_Gx = NULL; ret = DataToHexStringAlloc(base + 1, (word32)curve->size, - (char**)&curve->Gx, heap, + &curve_Gx, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Gx = curve_Gx; } if (ret == 0) { /* Base Y-ordinate */ + char *curve_Gy = NULL; ret = DataToHexStringAlloc(base + 1 + curve->size, (word32)curve->size, - (char**)&curve->Gy, heap, + &curve_Gy, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Gy = curve_Gy; } if (ret == 0) { /* Prime */ + char *curve_prime = NULL; ret = DataToHexStringAlloc( dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length, - (char**)&curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER); + &curve_prime, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->prime = curve_prime; } if (ret == 0) { /* Parameter A */ + char *curve_Af = NULL; ret = DataToHexStringAlloc( dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PARAM_A].data.ref.length, - (char**)&curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER); + &curve_Af, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Af = curve_Af; } if (ret == 0) { /* Parameter B */ + char *curve_Bf = NULL; ret = DataToHexStringAlloc( dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PARAM_B].data.ref.length, - (char**)&curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER); + &curve_Bf, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Bf = curve_Bf; } if (ret == 0) { /* Order of curve */ + char *curve_order = NULL; ret = DataToHexStringAlloc( dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_ORDER].data.ref.length, - (char**)&curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER); + &curve_order, heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->order = curve_order; } #else if (ret == 0) { @@ -35989,134 +30388,11 @@ #define eccKeyASN_Length (sizeof(eccKeyASN) / sizeof(ASNItem)) #endif +#ifdef WOLFSSL_ASN_TEMPLATE WOLFSSL_ABI int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 oidSum; - int version, length; - int privSz, pubSz = 0; - byte b; - int ret = 0; - int curve_id = ECC_CURVE_DEF; -#ifdef WOLFSSL_SMALL_STACK - byte* priv; - byte* pub = NULL; -#else - byte priv[ECC_MAXSIZE+1]; - byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */ -#endif - word32 algId = 0; - byte* pubData = NULL; - - if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) - return BAD_FUNC_ARG; - - /* if has pkcs8 header skip it */ - if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { - /* ignore error, did not have pkcs8 header */ - } - else { - curve_id = wc_ecc_get_oid(algId, NULL, NULL); - } - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; - - if (*inOutIdx >= inSz) - return ASN_PARSE_E; - - b = input[*inOutIdx]; - *inOutIdx += 1; - - /* priv type */ - if (b != 4 && b != 6 && b != 7) - return ASN_PARSE_E; - - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - privSz = length; - - if (privSz > ECC_MAXSIZE) - return BUFFER_E; - - WC_ALLOC_VAR_EX(priv, byte, privSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); - - /* priv key */ - XMEMCPY(priv, &input[*inOutIdx], (size_t)privSz); - *inOutIdx += (word32)length; - - if ((*inOutIdx + 1) < inSz) { - /* prefix 0, may have */ - b = input[*inOutIdx]; - if (b == ECC_PREFIX_0) { - *inOutIdx += 1; - - if (GetLength(input, inOutIdx, &length, inSz) <= 0) - ret = ASN_PARSE_E; - else { - ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, - inSz); - if (ret == 0) { - if ((ret = CheckCurve(oidSum)) < 0) - ret = ECC_CURVE_OID_E; - else { - curve_id = ret; - ret = 0; - } - } - } - } - } - - if (ret == 0 && (*inOutIdx + 1) < inSz) { - /* prefix 1 */ - b = input[*inOutIdx]; - *inOutIdx += 1; - - if (b != ECC_PREFIX_1) { - ret = ASN_ECC_KEY_E; - } - else if (GetLength(input, inOutIdx, &length, inSz) <= 0) { - ret = ASN_PARSE_E; - } - else { - /* key header */ - ret = CheckBitString(input, inOutIdx, &length, inSz, 0, NULL); - if (ret == 0) { - /* pub key */ - pubSz = length; - if (pubSz > 2*(ECC_MAXSIZE+1)) - ret = BUFFER_E; - else { - WC_ALLOC_VAR_EX(pub, byte, pubSz, key->heap, - DYNAMIC_TYPE_TMP_BUFFER, ret=MEMORY_E); - if (WC_VAR_OK(pub)) - { - XMEMCPY(pub, &input[*inOutIdx], (size_t)pubSz); - *inOutIdx += (word32)length; - pubData = pub; - } - } - } - } - } - - if (ret == 0) { - ret = wc_ecc_import_private_key_ex(priv, (word32)privSz, pubData, - (word32)pubSz, key, curve_id); - } - - WC_FREE_VAR_EX(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - WC_FREE_VAR_EX(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return ret; -#else DECL_ASNGETDATA(dataASN, eccKeyASN_Length); byte version = 0; int ret = 0; @@ -36141,7 +30417,9 @@ } #endif - CALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap); + if (ret == 0) { + CALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap); + } if (ret == 0) { /* Get the version and set the expected OID type. */ @@ -36189,355 +30467,19 @@ key, curve_id); } - FREE_ASNGETDATA(dataASN, key->heap); + FREE_ASNGETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_CUSTOM_CURVES -#ifndef WOLFSSL_ASN_TEMPLATE -/* returns 0 on success */ -static int ASNToHexString(const byte* input, word32* inOutIdx, char** out, - word32 inSz, void* heap, int heapType) -{ - int len; - int i; - char* str; - word32 localIdx; - byte tag; - - if (*inOutIdx >= inSz) { - return BUFFER_E; - } - - localIdx = *inOutIdx; - if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && tag == ASN_INTEGER) { - if (GetASNInt(input, inOutIdx, &len, inSz) < 0) - return ASN_PARSE_E; - } - else { - if (GetOctetString(input, inOutIdx, &len, inSz) < 0) - return ASN_PARSE_E; - } - - str = (char*)XMALLOC((size_t)len * 2 + 1, heap, heapType); - if (str == NULL) { - return MEMORY_E; - } - - for (i=0; i MAX_ECC_STRING) { - WOLFSSL_MSG("ECC Param too large for buffer"); - ret = BUFFER_E; - } - else { - XSTRNCPY(*dst, src, MAX_ECC_STRING); - } - XFREE(src, heap, DYNAMIC_TYPE_ECC_BUFFER); -#endif - (void)heap; - - return ret; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_CUSTOM_CURVES */ +#ifdef WOLFSSL_ASN_TEMPLATE WOLFSSL_ABI int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - int version, length; - int curve_id = ECC_CURVE_DEF; - word32 oidSum, localIdx; - byte tag, isPrivFormat = 0; - - if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - /* Check if ECC private key is being used and skip private portion */ - if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) { - isPrivFormat = 1; - - /* Type private key */ - if (*inOutIdx >= inSz) - return ASN_PARSE_E; - tag = input[*inOutIdx]; - *inOutIdx += 1; - if (tag != 4 && tag != 6 && tag != 7) - return ASN_PARSE_E; - - /* Skip Private Key */ - if (GetLength(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - if (length > ECC_MAXSIZE) - return BUFFER_E; - *inOutIdx += (word32)length; - - /* Private Curve Header */ - if (*inOutIdx >= inSz) - return ASN_PARSE_E; - tag = input[*inOutIdx]; - *inOutIdx += 1; - if (tag != ECC_PREFIX_0) - return ASN_ECC_KEY_E; - if (GetLength(input, inOutIdx, &length, inSz) <= 0) - return ASN_PARSE_E; - } - /* Standard ECC public key */ - else { - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - ret = SkipObjectId(input, inOutIdx, inSz); - if (ret != 0) - return ret; - } - - if (*inOutIdx >= inSz) { - return BUFFER_E; - } - - localIdx = *inOutIdx; - if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && - tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { -#ifdef WOLFSSL_CUSTOM_CURVES - ecc_set_type* curve; - int len; - char* point = NULL; - - ret = 0; - - curve = (ecc_set_type*)XMALLOC(sizeof(*curve), key->heap, - DYNAMIC_TYPE_ECC_BUFFER); - if (curve == NULL) - ret = MEMORY_E; - - if (ret == 0) { - static const char customName[] = "Custom"; - XMEMSET(curve, 0, sizeof(*curve)); - #ifndef WOLFSSL_ECC_CURVE_STATIC - curve->name = customName; - #else - XMEMCPY((void*)curve->name, customName, sizeof(customName)); - #endif - curve->id = ECC_CURVE_CUSTOM; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - ret = ASN_PARSE_E; - } - - if (ret == 0) { - GetInteger7Bit(input, inOutIdx, inSz); - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - char* p = NULL; - SkipObjectId(input, inOutIdx, inSz); - ret = ASNToHexString(input, inOutIdx, &p, inSz, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - if (ret == 0) { -#ifndef WOLFSSL_ECC_CURVE_STATIC - ret = EccKeyParamCopy((char**)&curve->prime, p, key->heap); -#else - const char *_tmp_ptr = &curve->prime[0]; - ret = EccKeyParamCopy((char**)&_tmp_ptr, p, key->heap); -#endif - } - } - if (ret == 0) { - curve->size = (int)XSTRLEN(curve->prime) / 2; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - ret = ASN_PARSE_E; - } - if (ret == 0) { - char* af = NULL; - ret = ASNToHexString(input, inOutIdx, &af, inSz, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - if (ret == 0) { -#ifndef WOLFSSL_ECC_CURVE_STATIC - ret = EccKeyParamCopy((char**)&curve->Af, af, key->heap); -#else - const char *_tmp_ptr = &curve->Af[0]; - ret = EccKeyParamCopy((char**)&_tmp_ptr, af, key->heap); -#endif - } - } - if (ret == 0) { - char* bf = NULL; - ret = ASNToHexString(input, inOutIdx, &bf, inSz, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - if (ret == 0) { -#ifndef WOLFSSL_ECC_CURVE_STATIC - ret = EccKeyParamCopy((char**)&curve->Bf, bf, key->heap); -#else - const char *_tmp_ptr = &curve->Bf[0]; - ret = EccKeyParamCopy((char**)&_tmp_ptr, bf, key->heap); -#endif - } - } - if (ret == 0) { - localIdx = *inOutIdx; - if (*inOutIdx < inSz && GetASNTag(input, &localIdx, &tag, inSz) - == 0 && tag == ASN_BIT_STRING) { - len = 0; - ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz); - if (ret > 0) - ret = 0; /* reset on success */ - *inOutIdx += (word32)len; - } - } - if (ret == 0) { - ret = ASNToHexString(input, inOutIdx, (char**)&point, inSz, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - - /* sanity check that point buffer is not smaller than the expected - * size to hold ( 0 4 || Gx || Gy ) - * where Gx and Gy are each the size of curve->size * 2 */ - if (ret == 0 && (int)XSTRLEN(point) < (curve->size * 4) + 2) { - XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); - ret = BUFFER_E; - } - } - if (ret == 0) { - #ifndef WOLFSSL_ECC_CURVE_STATIC - curve->Gx = (const char*)XMALLOC((size_t)curve->size * 2 + 2, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - curve->Gy = (const char*)XMALLOC((size_t)curve->size * 2 + 2, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - if (curve->Gx == NULL || curve->Gy == NULL) { - XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); - ret = MEMORY_E; - } - #else - if (curve->size * 2 + 2 > MAX_ECC_STRING) { - WOLFSSL_MSG("curve size is too large to fit in buffer"); - ret = BUFFER_E; - } - #endif - } - if (ret == 0) { - char* o = NULL; - - XMEMCPY((char*)curve->Gx, point + 2, (size_t)curve->size * 2); - XMEMCPY((char*)curve->Gy, point + curve->size * 2 + 2, - (size_t)curve->size * 2); - ((char*)curve->Gx)[curve->size * 2] = '\0'; - ((char*)curve->Gy)[curve->size * 2] = '\0'; - XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); - ret = ASNToHexString(input, inOutIdx, &o, inSz, - key->heap, DYNAMIC_TYPE_ECC_BUFFER); - if (ret == 0) { -#ifndef WOLFSSL_ECC_CURVE_STATIC - ret = EccKeyParamCopy((char**)&curve->order, o, key->heap); -#else - const char *_tmp_ptr = &curve->order[0]; - ret = EccKeyParamCopy((char**)&_tmp_ptr, o, key->heap); -#endif - } - } - if (ret == 0) { - curve->cofactor = GetInteger7Bit(input, inOutIdx, inSz); - - #ifndef WOLFSSL_ECC_CURVE_STATIC - curve->oid = NULL; - #else - XMEMSET((void*)curve->oid, 0, sizeof(curve->oid)); - #endif - curve->oidSz = 0; - curve->oidSum = 0; - - if (wc_ecc_set_custom_curve(key, curve) < 0) { - ret = ASN_PARSE_E; - } - - key->deallocSet = 1; - - curve = NULL; - } - if (curve != NULL) - wc_ecc_free_curve(curve, key->heap); - - if (ret < 0) - return ret; -#else - return ASN_PARSE_E; -#endif /* WOLFSSL_CUSTOM_CURVES */ - } - else { - /* ecc params information */ - ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz); - if (ret != 0) - return ret; - - /* get curve id */ - if ((ret = CheckCurve(oidSum)) < 0) - return ECC_CURVE_OID_E; - else { - curve_id = ret; - } - } - - if (isPrivFormat) { - /* Public Curve Header - skip */ - if (*inOutIdx >= inSz) - return ASN_PARSE_E; - tag = input[*inOutIdx]; - *inOutIdx += 1; - if (tag != ECC_PREFIX_1) - return ASN_ECC_KEY_E; - if (GetLength(input, inOutIdx, &length, inSz) <= 0) - return ASN_PARSE_E; - } - - /* key header */ - ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL); - if (ret != 0) - return ret; - - /* This is the raw point data compressed or uncompressed. */ - if (wc_ecc_import_x963_ex(input + *inOutIdx, (word32)length, key, - curve_id) != 0) { - return ASN_ECC_KEY_E; - } - - *inOutIdx += (word32)length; - - return 0; -#else /* eccKeyASN is longer than eccPublicKeyASN. */ DECL_ASNGETDATA(dataASN, eccKeyASN_Length); int ret = 0; @@ -36549,42 +30491,42 @@ int pubIdx = ECCPUBLICKEYASN_IDX_PUBKEY; if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } ALLOC_ASNGETDATA(dataASN, eccKeyASN_Length, ret, key->heap); + if (ret != 0) + return ret; - if (ret == 0) { - /* Clear dynamic data for ECC public key. */ - XMEMSET(dataASN, 0, sizeof(*dataASN) * eccPublicKeyASN_Length); + /* Clear dynamic data for ECC public key. */ + XMEMSET(dataASN, 0, sizeof(*dataASN) * eccPublicKeyASN_Length); #if !defined(WOLFSSL_SM2) || !defined(WOLFSSL_SM3) - /* Set required ECDSA OID and ignore the curve OID type. */ - GetASN_ExpBuffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], keyEcdsaOid, - sizeof(keyEcdsaOid)); -#else - GetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], oidKeyType); -#endif + /* Set required ECDSA OID and ignore the curve OID type. */ + GetASN_ExpBuffer(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], keyEcdsaOid, + sizeof(keyEcdsaOid)); +#else + GetASN_OID(&dataASN[ECCPUBLICKEYASN_IDX_ALGOID_OID], oidKeyType); +#endif + GetASN_OID(&dataASN[oidIdx], oidCurveType); + /* Decode the public ECC key. */ + ret = GetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length, 1, + input, inOutIdx, inSz); + if (ret != 0) { + oidIdx = ECCKEYASN_IDX_CURVEID; + #ifdef WOLFSSL_CUSTOM_CURVES + specIdx = ECCKEYASN_IDX_CURVEPARAMS; + #endif + pubIdx = ECCKEYASN_IDX_PUBKEY_VAL; + + /* Clear dynamic data for ECC private key. */ + XMEMSET(dataASN, 0, sizeof(*dataASN) * eccKeyASN_Length); + /* Check named curve OID type. */ GetASN_OID(&dataASN[oidIdx], oidCurveType); - /* Decode the public ECC key. */ - ret = GetASN_Items(eccPublicKeyASN, dataASN, eccPublicKeyASN_Length, 1, - input, inOutIdx, inSz); + /* Try private key format .*/ + ret = GetASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, 1, input, + inOutIdx, inSz); if (ret != 0) { - oidIdx = ECCKEYASN_IDX_CURVEID; - #ifdef WOLFSSL_CUSTOM_CURVES - specIdx = ECCKEYASN_IDX_CURVEPARAMS; - #endif - pubIdx = ECCKEYASN_IDX_PUBKEY_VAL; - - /* Clear dynamic data for ECC private key. */ - XMEMSET(dataASN, 0, sizeof(*dataASN) * eccKeyASN_Length); - /* Check named curve OID type. */ - GetASN_OID(&dataASN[oidIdx], oidCurveType); - /* Try private key format .*/ - ret = GetASN_Items(eccKeyASN, dataASN, eccKeyASN_Length, 1, input, - inOutIdx, inSz); - if (ret != 0) { - ret = ASN_PARSE_E; - } + ret = ASN_PARSE_E; } } @@ -36627,191 +30569,19 @@ FREE_ASNGETDATA(dataASN, key->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef HAVE_ECC_KEY_EXPORT /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ +#ifdef WOLFSSL_ASN_TEMPLATE int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, int pubIn, int curveIn) { -#ifndef WOLFSSL_ASN_TEMPLATE - byte curve[MAX_ALGO_SZ+2]; - byte ver[MAX_VERSION_SZ]; - byte seq[MAX_SEQ_SZ]; - int ret, curveSz, verSz; - word32 totalSz; - int privHdrSz = ASN_ECC_HEADER_SZ; - int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; -#ifdef WOLFSSL_NO_MALLOC - byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; - byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ + - ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; -#else - byte *prv = NULL, *pub = NULL; -#endif - - word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0; - word32 seqSz, privSz, pubSz = ECC_BUFSIZE; - - if (key == NULL || (output == NULL && inLen == NULL)) - return BAD_FUNC_ARG; - - if (curveIn) { - /* curve */ - curve[curveidx++] = ECC_PREFIX_0; - curveidx++ /* to put the size after computation */; - curveSz = SetCurve(key, curve+curveidx, MAX_ALGO_SZ); - if (curveSz < 0) - return curveSz; - /* set computed size */ - curve[1] = (byte)curveSz; - curveidx += (word32)curveSz; - } - - /* private */ - privSz = (word32)key->dp->size; - -#ifdef WOLFSSL_QNX_CAAM - /* check if is a black key, and add MAC size if needed */ - if (key->blackKey > 0 && key->blackKey != CAAM_BLACK_KEY_ECB) { - privSz = privSz + WC_CAAM_MAC_SZ; - } -#endif - -#ifndef WOLFSSL_NO_MALLOC - prv = (byte*)XMALLOC(privSz + (word32)privHdrSz + MAX_SEQ_SZ, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (prv == NULL) { - return MEMORY_E; - } -#else - if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) { - return BUFFER_E; - } -#endif - if (privSz < ASN_LONG_LENGTH) { - prvidx += SetOctetString8Bit(privSz, &prv[prvidx]); - } - else { - prvidx += SetOctetString(privSz, &prv[prvidx]); - } - ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); - if (ret < 0) { - #ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ret; - } - prvidx += privSz; - - /* pubIn */ - if (pubIn) { - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963(key, NULL, &pubSz); - PRIVATE_KEY_LOCK(); - if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { - #ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ret; - } - - #ifndef WOLFSSL_NO_MALLOC - pub = (byte*)XMALLOC(pubSz + (word32)pubHdrSz + MAX_SEQ_SZ, - key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pub == NULL) { - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } - #else - if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) { - return BUFFER_E; - } - #endif - - pub[pubidx++] = ECC_PREFIX_1; - if (pubSz > 128) /* leading zero + extra size byte */ - pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx); - else /* leading zero */ - pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx); - - /* SetBitString adds leading zero */ - pubidx += SetBitString(pubSz, 0, pub + pubidx); - PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); - PRIVATE_KEY_LOCK(); - if (ret != 0) { - #ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ret; - } - pubidx += pubSz; - } - - /* make headers */ - verSz = SetMyVersion(1, ver, FALSE); - seqSz = SetSequence((word32)verSz + prvidx + pubidx + curveidx, seq); - - totalSz = prvidx + pubidx + curveidx + (word32)verSz + seqSz; - if (output == NULL) { - *inLen = totalSz; - #ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pubIn) { - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - #endif - return WC_NO_ERR_TRACE(LENGTH_ONLY_E); - } - if (inLen != NULL && totalSz > *inLen) { - #ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pubIn) { - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - #endif - return BAD_FUNC_ARG; - } - - /* write out */ - /* seq */ - XMEMCPY(output + idx, seq, seqSz); - idx = seqSz; - - /* ver */ - XMEMCPY(output + idx, ver, (size_t)verSz); - idx += (word32)verSz; - - /* private */ - XMEMCPY(output + idx, prv, prvidx); - idx += prvidx; -#ifndef WOLFSSL_NO_MALLOC - XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - /* curve */ - XMEMCPY(output + idx, curve, curveidx); - idx += curveidx; - - /* pubIn */ - if (pubIn) { - XMEMCPY(output + idx, pub, pubidx); - /* idx += pubidx; not used after write, if more data remove comment */ - #ifndef WOLFSSL_NO_MALLOC - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - } - - return (int)totalSz; -#else DECL_ASNSETDATA(dataASN, eccKeyASN_Length); word32 privSz = 0; word32 pubSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; int curveIdSz = 0; @@ -36824,8 +30594,8 @@ if ((ret == 0) && curveIn && (key->dp == NULL)) { ret = BAD_FUNC_ARG; } - - CALLOC_ASNSETDATA(dataASN, eccKeyASN_Length, ret, key->heap); + if (ret == 0) + CALLOC_ASNSETDATA(dataASN, eccKeyASN_Length, ret, key->heap); if (ret == 0) { /* Private key size is the curve size. */ @@ -36876,11 +30646,11 @@ } /* Return the size if no buffer. */ if ((ret == 0) && (output == NULL)) { - *inLen = (word32)sz; + *inLen = sz; ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check the buffer is big enough. */ - if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) { + if ((ret == 0) && (inLen != NULL) && (sz > *inLen)) { ret = BAD_FUNC_ARG; } if ((ret == 0) && (output != NULL)) { @@ -36889,8 +30659,11 @@ if (curveIn) { /* Put named curve OID data into encoding. */ - curveIdSz = SetCurve(key, - (byte*)dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data, + /* safe cast -- the pointer is actually inside the output buffer. */ + curveIdSz = SetCurve( + key, + (byte *)(wc_ptr_t) + dataASN[ECCKEYASN_IDX_CURVEID].data.buffer.data, (size_t)curveIdSz); if (curveIdSz < 0) { ret = curveIdSz; @@ -36898,28 +30671,34 @@ } if (ret == 0) { /* Export the private value into the buffer. */ - ret = wc_ecc_export_private_only(key, - (byte*)dataASN[ECCKEYASN_IDX_PKEY].data.buffer.data, &privSz); + /* safe cast -- the pointer is actually inside the output buffer. */ + ret = wc_ecc_export_private_only( + key, + (byte*)(wc_ptr_t) + dataASN[ECCKEYASN_IDX_PKEY].data.buffer.data, + &privSz); } if ((ret == 0) && pubIn) { /* Export the public point into the buffer. */ PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_export_x963(key, - (byte*)dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.buffer.data, - &pubSz); + /* safe cast -- the pointer is actually inside the output buffer. */ + ret = wc_ecc_export_x963( + key, + (byte*)(wc_ptr_t) + dataASN[ECCKEYASN_IDX_PUBKEY_VAL].data.buffer.data, + &pubSz); PRIVATE_KEY_LOCK(); } } if (ret == 0) { /* Return the encoding size. */ - ret = sz; + ret = (int)sz; } - FREE_ASNSETDATA(dataASN, key->heap); + FREE_ASNSETDATA(dataASN, key != NULL ? key->heap : NULL); return ret; -#endif } - +#endif /* WOLFSSL_ASN_TEMPLATE */ /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ /* Note: use wc_EccKeyDerSize to get length only */ @@ -37649,7 +31428,7 @@ word32 idx = 0, seqSz, verSz, algoSz, tmpSz, privSz, pubSz = 0, sz; #else DECL_ASNSETDATA(dataASN, privateKeyASN_Length); - int sz = 0; + word32 sz = 0; #endif /* validate parameters */ @@ -37720,7 +31499,8 @@ SetASN_OID(&dataASN[PRIVKEYASN_IDX_PKEYALGO_OID], (word32)keyType, oidKeyType); /* Leave space for private key. */ - SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, privKeyLen); + SetASN_Buffer(&dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY], NULL, + privKeyLen); /* Don't write ML-DSA specific things. */ SetASNItem_NoOut(dataASN, PRIVKEYASN_IDX_PKEY_SEED_ONLY, PRIVKEYASN_IDX_ATTRS); @@ -37741,7 +31521,7 @@ } /* Check buffer is big enough. */ - if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) { + if ((ret == 0) && (output != NULL) && (sz > outLen)) { ret = BAD_FUNC_ARG; } if ((ret == 0) && (output != NULL)) { @@ -37749,18 +31529,24 @@ SetASN_Items(privateKeyASN, dataASN, privateKeyASN_Length, output); /* Put private value into space provided. */ - XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data, - privKey, privKeyLen); + /* safe cast -- the pointer is actually inside output buffer. */ + XMEMCPY( + (byte*)(wc_ptr_t) + dataASN[PRIVKEYASN_IDX_PKEY_CURVEPKEY].data.buffer.data, + privKey, privKeyLen); if (pubKey != NULL) { /* Put public value into space provided. */ - XMEMCPY((byte*)dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data, - pubKey, pubKeyLen); + /* safe cast -- the pointer is actually inside output buffer. */ + XMEMCPY( + (byte*)(wc_ptr_t) + dataASN[PRIVKEYASN_IDX_PUBKEY].data.buffer.data, + pubKey, pubKeyLen); } } if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, NULL); @@ -38053,68 +31839,9 @@ #endif /* HAVE_CURVE448 && HAVE_CURVE448_KEY_EXPORT */ -#ifndef WOLFSSL_ASN_TEMPLATE -#if (defined(HAVE_OCSP) || defined(HAVE_CRL)) && !defined(WOLFCRYPT_ONLY) - -/* Get raw Date only, no processing, 0 on success */ -static int GetBasicDate(const byte* source, word32* idx, byte* date, - byte* format, int maxIdx) -{ - int ret, length; - const byte *datePtr = NULL; - - WOLFSSL_ENTER("GetBasicDate"); - - ret = GetDateInfo(source, idx, &datePtr, format, &length, maxIdx); - if (ret < 0) - return ret; - - XMEMCPY(date, datePtr, length); - - return 0; -} - -#endif /* HAVE_OCSP || HAVE_CRL */ -#endif /* WOLFSSL_ASN_TEMPLATE */ - #if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) -#ifndef WOLFSSL_ASN_TEMPLATE -static int GetEnumerated(const byte* input, word32* inOutIdx, int *value, - int sz) -{ - word32 idx = *inOutIdx; - word32 len; - byte tag; - - WOLFSSL_ENTER("GetEnumerated"); - - *value = 0; - - if (GetASNTag(input, &idx, &tag, sz) < 0) - return ASN_PARSE_E; - - if (tag != ASN_ENUMERATED) - return ASN_PARSE_E; - - if ((int)idx >= sz) - return BUFFER_E; - - len = input[idx++]; - if (len > 4 || (int)(len + idx) > sz) - return ASN_PARSE_E; - - while (len--) { - *value = *value << 8 | input[idx++]; - } - - *inOutIdx = idx; - - return *value; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ - #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for OCSP single response. @@ -38189,48 +31916,67 @@ #define certidasn_Length (sizeof(certIDASNItems) / sizeof(ASNItem)) #endif -#ifndef WOLFSSL_ASN_TEMPLATE -static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, - OcspEntry* entry) +#ifdef HAVE_OCSP_RESPONDER + +#ifdef WOLFSSL_ASN_TEMPLATE +WC_MAYBE_UNUSED static int EncodeCertID(OcspEntry* entry, byte* out, + word32* outSz) { - int length; - word32 oid; - int ret; - /* Hash algorithm */ - ret = GetAlgoId(input, inOutIdx, &oid, oidHashType, inSz); - if (ret < 0) - return ret; - entry->hashAlgoOID = oid; - /* Save reference to the hash of CN */ - ret = GetOctetString(input, inOutIdx, &length, inSz); - if (ret < 0) - return ret; - if (length != OCSP_DIGEST_SIZE) - return ASN_PARSE_E; - XMEMCPY(entry->issuerHash, input + *inOutIdx, length); - *inOutIdx += length; - /* Save reference to the hash of the issuer public key */ - ret = GetOctetString(input, inOutIdx, &length, inSz); - if (ret < 0) - return ret; - if (length != OCSP_DIGEST_SIZE) - return ASN_PARSE_E; - XMEMCPY(entry->issuerKeyHash, input + *inOutIdx, length); - *inOutIdx += length; + DECL_ASNSETDATA(dataASN, certidasn_Length); + int ret = 0; + word32 sz = 0; + word32 digestSz = 0; - /* Get serial number */ - if (wc_GetSerialNumber(input, inOutIdx, entry->status->serial, - &entry->status->serialSz, inSz) < 0) - return ASN_PARSE_E; - return 0; + if (entry == NULL || entry->status == NULL || + entry->status->serialSz <= 0 || outSz == NULL) { + return BAD_FUNC_ARG; + } + + WOLFSSL_ENTER("EncodeCertID"); + + CALLOC_ASNSETDATA(dataASN, certidasn_Length, ret, NULL); + + if (ret == 0) { + digestSz = (word32)wc_HashGetDigestSize( + wc_OidGetHash((int)entry->hashAlgoOID)); + if (digestSz <= 0) + ret = ASN_SIG_HASH_E; + } + if (ret == 0) { + SetASN_OID(&dataASN[CERTIDASN_IDX_CID_HASHALGO_OID], + entry->hashAlgoOID, oidHashType); + SetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERHASH], + entry->issuerHash, digestSz); + SetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_ISSUERKEYHASH], + entry->issuerKeyHash, digestSz); + SetASN_Buffer(&dataASN[CERTIDASN_IDX_CID_SERIAL], + entry->status->serial, entry->status->serialSz); + ret = SizeASN_Items(certIDASNItems, dataASN, certidasn_Length, &sz); + } + /* Check buffer big enough for encoding if supplied. */ + if (ret == 0 && out != NULL && sz > *outSz) { + ret = BUFFER_E; + } + if (ret == 0 && out != NULL) + if (SetASN_Items(certIDASNItems, dataASN, certidasn_Length, out) != + (int)sz) + ret = ASN_PARSE_E; + if (ret == 0) + *outSz = sz; + + FREE_ASNSETDATA(dataASN, NULL); + return ret; } -#else +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ + +#ifdef WOLFSSL_ASN_TEMPLATE static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, OcspEntry* entry) { DECL_ASNGETDATA(dataASN, certidasn_Length); - word32 issuerKeyHashLen = OCSP_DIGEST_SIZE; - word32 issuerHashLen = OCSP_DIGEST_SIZE; + word32 issuerKeyHashLen = WC_MAX_DIGEST_SIZE; + word32 issuerHashLen = WC_MAX_DIGEST_SIZE; word32 serialSz = EXTERNAL_SERIAL_SIZE; word32 digestSz; int ret = 0; @@ -38264,7 +32010,7 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; } -#endif +#endif /* WOLFSSL_ASN_TEMPLATE */ int OcspDecodeCertID(const byte *input, word32 *inOutIdx, word32 inSz, OcspEntry *entry) @@ -38290,143 +32036,131 @@ return 0; } +#ifdef HAVE_OCSP_RESPONDER -static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, - int wrapperSz, OcspEntry* single) +#ifdef WOLFSSL_ASN_TEMPLATE +WC_MAYBE_UNUSED static int EncodeSingleResponse(OcspEntry* single, byte* out, + word32* outSz, void* heap) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = *ioIndex, prevIndex, localIdx, certIdIdx; - int length; - int ret; - byte tag; - - WOLFSSL_ENTER("DecodeSingleResponse"); - - prevIndex = idx; - - /* Wrapper around the Single Response */ - if (GetSequence(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - - /* Wrapper around the CertID */ - certIdIdx = idx; - if (GetSequence(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - single->rawCertId = source + certIdIdx; - ret = OcspDecodeCertIDInt(source, &idx, size, single); - if (ret < 0) - return ASN_PARSE_E; - single->rawCertIdSize = idx - certIdIdx; - - if (idx >= size) - return BUFFER_E; + DECL_ASNSETDATA(dataASN, singleResponseASN_Length); + int ret = 0; + word32 sz = 0; + word32 cidSz = 0; - /* CertStatus */ - switch (source[idx++]) - { - case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): - single->status->status = CERT_GOOD; - idx++; - break; - case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): - single->status->status = CERT_REVOKED; - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - idx += length; - break; - case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): - single->status->status = CERT_UNKNOWN; - idx++; - break; - default: - return ASN_PARSE_E; + if (single == NULL || + /* Only one status is allowed per single response */ + single->status == NULL || single->status->next != NULL || + /* thisDate has to be set */ + single->status->thisDateSz == 0 || + single->status->thisDateSz > MAX_DATE_SIZE || + single->status->thisDateFormat != ASN_GENERALIZED_TIME || + /* nextDate is optional but if set, must be valid */ + single->status->nextDateSz > MAX_DATE_SIZE || + (single->status->nextDateSz > 0 && + single->status->nextDateFormat != ASN_GENERALIZED_TIME) || + outSz == NULL) { + return BAD_FUNC_ARG; } - if (idx >= size) - return BUFFER_E; - -#ifdef WOLFSSL_OCSP_PARSE_STATUS - single->status->thisDateAsn = source + idx; - localIdx = 0; - if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, - (byte*)&single->status->thisDateParsed.type, - &single->status->thisDateParsed.length, size - idx) < 0) - return ASN_PARSE_E; - - if (idx + localIdx >= size) - return BUFFER_E; - - XMEMCPY(single->status->thisDateParsed.data, - single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length, - single->status->thisDateParsed.length); -#endif - if (GetBasicDate(source, &idx, single->status->thisDate, - &single->status->thisDateFormat, size) < 0) - return ASN_PARSE_E; - -#ifndef NO_ASN_TIME_CHECK -#ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if ((! AsnSkipDateCheck) && !XVALIDATE_DATE(single->status->thisDate, - single->status->thisDateFormat, ASN_BEFORE)) - return ASN_BEFORE_DATE_E; -#endif -#endif - - /* The following items are optional. Only check for them if there is more - * unprocessed data in the singleResponse wrapper. */ - localIdx = idx; - if (((int)(idx - prevIndex) < wrapperSz) && - GetASNTag(source, &localIdx, &tag, size) == 0 && - tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) - { - idx++; - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; -#ifdef WOLFSSL_OCSP_PARSE_STATUS - single->status->nextDateAsn = source + idx; - localIdx = 0; - if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, - (byte*)&single->status->nextDateParsed.type, - &single->status->nextDateParsed.length, size - idx) < 0) - return ASN_PARSE_E; + WOLFSSL_ENTER("EncodeSingleResponse"); - if (idx + localIdx >= size) - return BUFFER_E; + CALLOC_ASNSETDATA(dataASN, singleResponseASN_Length, ret, heap); - XMEMCPY(single->status->nextDateParsed.data, - single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length, - single->status->nextDateParsed.length); -#endif - if (GetBasicDate(source, &idx, single->status->nextDate, - &single->status->nextDateFormat, size) < 0) - return ASN_PARSE_E; + if (ret == 0) + ret = EncodeCertID(single, NULL, &cidSz); + if (ret == 0) { + SetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CID_SEQ], NULL, cidSz); -#ifndef NO_ASN_TIME_CHECK -#ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if ((! AsnSkipDateCheck) && - !XVALIDATE_DATE(single->status->nextDate, - single->status->nextDateFormat, ASN_AFTER)) - return ASN_AFTER_DATE_E; -#endif -#endif + if (single->status->status == CERT_GOOD) { + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_CS_REVOKED, + singleResponseASN_Length); + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_UNKNOWN, + singleResponseASN_Length); + } + else if (single->status->status == CERT_REVOKED) { + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_CS_GOOD, + singleResponseASN_Length); + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_UNKNOWN, + singleResponseASN_Length); + /* Set revocation time - always GeneralizedTime format */ + if (single->status->revocationDateSz == 0 || + single->status->revocationDateSz > MAX_DATE_SIZE) { + ret = BAD_FUNC_ARG; + } + else { + SetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CS_REVOKED_TIME], + single->status->revocationDate, + single->status->revocationDateSz); + /* Set revocation reason - optional field */ + SetASN_Int8Bit(&dataASN[SINGLERESPONSEASN_IDX_CS_REVOKED_REASON_VAL], + single->status->revocationReason); + } + } + else if (single->status->status == CERT_UNKNOWN) { + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_CS_GOOD, + singleResponseASN_Length); + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_CS_REVOKED, + singleResponseASN_Length); + } + else { + ret = BAD_FUNC_ARG; + } } - - /* Skip the optional extensions in singleResponse. */ - localIdx = idx; - if (((int)(idx - prevIndex) < wrapperSz) && - GetASNTag(source, &localIdx, &tag, size) == 0 && - tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) - { - idx++; - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - idx += length; + if (ret == 0) { + SetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], + single->status->thisDate, + single->status->thisDateSz); + /* Handle optional nextUpdate */ + if (single->status->nextDateSz > 0) { + SetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], + single->status->nextDate, + single->status->nextDateSz); + } + else { + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_NEXTUPDATE, + singleResponseASN_Length); + } + /* TODO add singleExtensions support */ + SetASNItem_NoOutNode(dataASN, singleResponseASN, + SINGLERESPONSEASN_IDX_EXT, + singleResponseASN_Length); + /* Calculate size of encoding. */ + ret = SizeASN_Items(singleResponseASN, dataASN, + singleResponseASN_Length, &sz); + } + /* Check buffer big enough for encoding if supplied. */ + if (ret == 0 && out != NULL && sz > *outSz) + ret = BUFFER_E; + if (ret == 0 && out != NULL) { + if (SetASN_Items(singleResponseASN, dataASN, + singleResponseASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + if (ret == 0) { + ret = EncodeCertID(single, + (byte*)dataASN[SINGLERESPONSEASN_IDX_CID_SEQ].data.buffer.data, + &cidSz); + } } + if (ret == 0) + *outSz = sz; - *ioIndex = idx; + FREE_ASNSETDATA(dataASN, heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ - return 0; -#else /* WOLFSSL_ASN_TEMPLATE */ +#ifdef WOLFSSL_ASN_TEMPLATE +static int DecodeSingleResponse(const byte* source, word32* ioIndex, + word32 size, int wrapperSz, OcspEntry* single) +{ DECL_ASNGETDATA(dataASN, singleResponseASN_Length); int ret = 0; CertStatus* cs = NULL; @@ -38451,7 +32185,11 @@ cs->thisDate, &thisDateLen); GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], cs->nextDate, &nextDateLen); - /* TODO: decode revoked time and reason. */ + cs->revocationDateSz = MAX_DATE_SIZE; + GetASN_Buffer(&dataASN[SINGLERESPONSEASN_IDX_CS_REVOKED_TIME], + cs->revocationDate, &cs->revocationDateSz); + GetASN_Int8Bit(&dataASN[SINGLERESPONSEASN_IDX_CS_REVOKED_REASON_VAL], + &cs->revocationReason); /* Decode OCSP single response. */ ret = GetASN_Items(singleResponseASN, dataASN, singleResponseASN_Length, 1, source, ioIndex, size); @@ -38479,7 +32217,8 @@ #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) /* Check date is a valid string and ASN_BEFORE now. */ if ((! AsnSkipDateCheck) && - !XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) + !XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE, + MAX_DATE_SIZE)) { ret = ASN_BEFORE_DATE_E; } @@ -38504,7 +32243,8 @@ #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) /* Check date is a valid string and ASN_AFTER now. */ if ((! AsnSkipDateCheck) && - !XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) + !XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER, + MAX_DATE_SIZE)) { ret = ASN_AFTER_DATE_E; } @@ -38531,9 +32271,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for OCSP response extension header. * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response @@ -38553,84 +32292,10 @@ #define respExtHdrASN_Length (sizeof(respExtHdrASN) / sizeof(ASNItem)) #endif -static int DecodeOcspRespExtensions(byte* source, word32* ioIndex, +#ifdef WOLFSSL_ASN_TEMPLATE +static int DecodeOcspRespExtensions(const byte* source, word32* ioIndex, OcspResponse* resp, word32 sz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = *ioIndex; - int length; - int ext_bound; /* boundary index for the sequence of extensions */ - word32 oid; - int ret; - byte tag; - - WOLFSSL_ENTER("DecodeOcspRespExtensions"); - - if ((idx + 1) > sz) - return BUFFER_E; - - if (GetASNTag(source, &idx, &tag, sz) < 0) - return ASN_PARSE_E; - - if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) - return ASN_PARSE_E; - - if (GetLength(source, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - if (GetSequence(source, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - ext_bound = idx + length; - - while (idx < (word32)ext_bound) { - word32 localIdx; - - if (GetSequence(source, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - oid = 0; - if (GetObjectId(source, &idx, &oid, oidOcspType, sz) < 0) { - WOLFSSL_MSG("\tfail: OBJECT ID"); - return ASN_PARSE_E; - } - - /* check for critical flag */ - if ((idx + 1) > (word32)sz) { - WOLFSSL_MSG("\tfail: malformed buffer"); - return BUFFER_E; - } - - localIdx = idx; - if (GetASNTag(source, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) { - WOLFSSL_MSG("\tfound optional critical flag, moving past"); - ret = GetBoolean(source, &idx, sz); - if (ret < 0) - return ret; - } - - ret = GetOctetString(source, &idx, &length, sz); - if (ret < 0) - return ret; - - if (oid == OCSP_NONCE_OID) { - /* get data inside extra OCTET_STRING */ - ret = GetOctetString(source, &idx, &length, sz); - if (ret < 0) - return ret; - - resp->nonce = source + idx; - resp->nonceSz = length; - } - - idx += length; - } - - *ioIndex = idx; - return 0; -#else /* certExtASN_Length is greater than respExtHdrASN_Length */ DECL_ASNGETDATA(dataASN, certExtASN_Length); int ret = 0; @@ -38653,10 +32318,11 @@ /* Step through all extensions. */ while ((ret == 0) && (idx < maxIdx)) { + byte isCrit = 0; /* Clear dynamic data, set OID type to expect. */ XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length); GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidOcspType); - /* TODO: check criticality. */ + GetASN_Boolean(&dataASN[CERTEXTASN_IDX_CRIT], &isCrit); /* Decode OCSP response extension. */ ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, source, &idx, sz); @@ -38674,6 +32340,9 @@ resp->nonceSz = length; } } + else if (isCrit) { + ret = ASN_PARSE_E; + } /* Ignore all other extension types. */ /* Skip over rest of extension. */ @@ -38686,9 +32355,77 @@ FREE_ASNGETDATA(dataASN, resp->heap); return ret; -#endif } +#endif /* WOLFSSL_ASN_TEMPLATE */ +#ifdef WOLFSSL_ASN_TEMPLATE +/* ASN.1 template for OCSP nonce extension. + * RFC 6960, 4.4.1 - Nonce + * X.509: RFC 5280, 4.1 - Basic Certificate Fields. (Extension) + */ +static const ASNItem ocspNonceExtASN[] = { +/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, + /* Extension */ +/* EXT */ { 1, ASN_SEQUENCE, 1, 1, 0 }, + /* extnId */ +/* EXT_OID */ {2, ASN_OBJECT_ID, 0, 0, 0 }, + /* critical not encoded. */ + /* extnValue */ +/* EXT_VAL */ {2, ASN_OCTET_STRING, 0, 1, 0 }, + /* nonce */ +/* EXT_NONCE */ {3, ASN_OCTET_STRING, 0, 0, 0 }, +}; +enum { + OCSPNONCEEXTASN_IDX_SEQ = 0, + OCSPNONCEEXTASN_IDX_EXT, + OCSPNONCEEXTASN_IDX_EXT_OID, + OCSPNONCEEXTASN_IDX_EXT_VAL, + OCSPNONCEEXTASN_IDX_EXT_NONCE, +}; + +/* Number of items in ASN.1 template for OCSP nonce extension. */ +#define ocspNonceExtASN_Length (sizeof(ocspNonceExtASN) / sizeof(ASNItem)) +#endif /* WOLFSSL_ASN_TEMPLATE */ +/* Encode OCSP response extensions (currently only nonce) */ +#ifdef WOLFSSL_ASN_TEMPLATE +WC_MAYBE_UNUSED static int EncodeOcspRespExtensions(OcspResponse* resp, + byte* out, word32* outSz) +{ + DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length); + word32 sz = 0; + int ret = 0; + + if (resp == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, resp->heap); + + if (ret == 0) { + SetASN_OID(&dataASN[OCSPNONCEEXTASN_IDX_EXT_OID], OCSP_NONCE_OID, + oidOcspType); + SetASN_Buffer(&dataASN[OCSPNONCEEXTASN_IDX_EXT_NONCE], + resp->nonce, resp->nonceSz); + /* Calculate size of encoding. */ + ret = SizeASN_Items(ocspNonceExtASN, dataASN, + ocspNonceExtASN_Length, &sz); + } + /* Check buffer big enough for encoding if supplied. */ + if (ret == 0 && out != NULL && sz > *outSz) { + ret = BUFFER_E; + } + if (ret == 0 && out != NULL) { + if (SetASN_Items(ocspNonceExtASN, dataASN, + ocspNonceExtASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + } + if (ret == 0) + *outSz = sz; + + FREE_ASNSETDATA(dataASN, resp->heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for OCSP ResponseData. * RFC 6960, 4.2.1 - ASN.1 Specification of the OCSP Response @@ -38697,7 +32434,7 @@ /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* version DEFAULT v1 */ /* VER_PRESENT */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 }, -/* VER */ { 2, ASN_INTEGER, 1, 0, 0 }, +/* VER */ { 2, ASN_INTEGER, 0, 0, 0 }, /* byName */ /* BYNAME */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 }, /* byKey */ @@ -38726,130 +32463,131 @@ #define ocspRespDataASN_Length (sizeof(ocspRespDataASN) / sizeof(ASNItem)) #endif -static int DecodeResponseData(byte* source, word32* ioIndex, - OcspResponse* resp, word32 size) +#ifdef HAVE_OCSP_RESPONDER + +#ifdef WOLFSSL_ASN_TEMPLATE +WC_MAYBE_UNUSED static int EncodeResponseData(OcspResponse* resp, byte* out, + word32* outSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = *ioIndex, prev_idx, localIdx; - int length; - int version; - int ret; - byte tag; - int wrapperSz; - OcspEntry* single; + DECL_ASNSETDATA(dataASN, ocspRespDataASN_Length); + int ret = 0; + word32 sz = 0; + word32 respListSz = 0; + word32 respExtSz = 0; + OcspEntry* single = NULL; - WOLFSSL_ENTER("DecodeResponseData"); + if (resp == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } - resp->response = source + idx; - prev_idx = idx; - if (GetSequence(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - resp->responseSz = length + idx - prev_idx; + WOLFSSL_ENTER("EncodeResponseData"); - /* Get version. It is an EXPLICIT[0] DEFAULT(0) value. If this - * item isn't an EXPLICIT[0], then set version to zero and move - * onto the next item. - */ - localIdx = idx; - if (GetASNTag(source, &localIdx, &tag, size) == 0 && - tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) - { - idx += 2; /* Eat the value and length */ - if (GetMyVersion(source, &idx, &version, size) < 0) - return ASN_PARSE_E; - } else - version = 0; + CALLOC_ASNSETDATA(dataASN, ocspRespDataASN_Length, ret, resp->heap); - localIdx = idx; - if (GetASNTag(source, &localIdx, &tag, size) != 0) - return ASN_PARSE_E; - - resp->responderIdType = OCSP_RESPONDER_ID_INVALID; - /* parse byName */ - if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) - { - idx++; /* advance past ASN tag */ - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - /* compute the hash of the name */ - resp->responderIdType = OCSP_RESPONDER_ID_NAME; - ret = CalcHashId_ex(source + idx, length, - resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE); - if (ret != 0) - return ret; - idx += length; + if (ret == 0) { + if (resp->single == NULL) + ret = BAD_FUNC_ARG; } - else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) - { - idx++; /* advance past ASN tag */ - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - - if (GetOctetString(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - - if (length != OCSP_RESPONDER_ID_KEY_SZ) - return ASN_PARSE_E; - resp->responderIdType = OCSP_RESPONDER_ID_KEY; - XMEMCPY(resp->responderId.keyHash, source + idx, length); - idx += length; + for (single = resp->single; ret == 0 && single != NULL; + single = single->next) { + word32 singleRespSz = 0; + singleRespSz = *outSz - respListSz; + ret = EncodeSingleResponse(single, NULL, &singleRespSz, resp->heap); + if (ret == 0) + respListSz += singleRespSz; } - if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID) - return ASN_PARSE_E; - - /* save pointer to the producedAt time */ - if (GetBasicDate(source, &idx, resp->producedDate, - &resp->producedDateFormat, size) < 0) - return ASN_PARSE_E; - - /* Outer wrapper of the SEQUENCE OF Single Responses. */ - if (GetSequence(source, &idx, &wrapperSz, size) < 0) - return ASN_PARSE_E; - - localIdx = idx; - single = resp->single; - while (idx - localIdx < (word32)wrapperSz) { - ret = DecodeSingleResponse(source, &idx, size, wrapperSz, single); - if (ret < 0) - return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ - if (idx - localIdx < (word32)wrapperSz) { - single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap, - DYNAMIC_TYPE_OCSP_ENTRY); - if (single->next == NULL) { - return MEMORY_E; + if (ret == 0) { + if (resp->responderIdType == OCSP_RESPONDER_ID_NAME) { + /* TODO support name-based responder ID */ + ret = NOT_COMPILED_IN; + } + else if (resp->responderIdType == OCSP_RESPONDER_ID_KEY) { + SetASNItem_NoOutNode(dataASN, ocspRespDataASN, + OCSPRESPDATAASN_IDX_BYNAME, + ocspRespDataASN_Length); + SetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT], + resp->responderId.keyHash, + OCSP_RESPONDER_ID_KEY_SZ); + } + else + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + if (resp->producedDateSz > 0 && resp->producedDateSz < MAX_DATE_SIZE) { + SetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_PA], + resp->producedDate, resp->producedDateSz); + } + else + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Encode responseExtensions if nonce is present */ + if (resp->nonceSz > 0) { + ret = EncodeOcspRespExtensions(resp, NULL, &respExtSz); + if (ret == 0 && respExtSz > 0) { + SetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_RESPEXT], + NULL, respExtSz); } - XMEMSET(single->next, 0, sizeof(OcspEntry)); - - single->next->status = (CertStatus*)XMALLOC(sizeof(CertStatus), - resp->heap, DYNAMIC_TYPE_OCSP_STATUS); - if (single->next->status == NULL) { - XFREE(single->next, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY); - single->next = NULL; - return MEMORY_E; + } + else { + SetASNItem_NoOutNode(dataASN, ocspRespDataASN, + OCSPRESPDATAASN_IDX_RESPEXT, + ocspRespDataASN_Length); + } + } + if (ret == 0) { + SetASN_Int8Bit(&dataASN[OCSPRESPDATAASN_IDX_VER], 0); + SetASN_Buffer(&dataASN[OCSPRESPDATAASN_IDX_RESP], NULL, + respListSz); + /* Calculate size of encoding. */ + ret = SizeASN_Items(ocspRespDataASN, dataASN, ocspRespDataASN_Length, + &sz); + } + /* Check buffer big enough for encoding if supplied. */ + if (ret == 0 && out != NULL && sz > *outSz) + ret = BUFFER_E; + if (ret == 0 && out != NULL) { + byte* respList = NULL; + if (SetASN_Items(ocspRespDataASN, dataASN, + ocspRespDataASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + respList = (byte*)dataASN[OCSPRESPDATAASN_IDX_RESP].data.buffer.data; + for (single = resp->single; ret == 0 && single != NULL; + single = single->next) { + word32 singleRespSz = respListSz; + ret = EncodeSingleResponse(single, respList, &singleRespSz, + resp->heap); + if (ret == 0) { + respList += singleRespSz; + respListSz -= singleRespSz; } - XMEMSET(single->next->status, 0, sizeof(CertStatus)); - - single->next->isDynamic = 1; - single->next->ownStatus = 1; - - single = single->next; + } + if (ret == 0 && respListSz != 0) + ret = ASN_PARSE_E; + /* Encode response extensions if buffer was allocated */ + if (ret == 0 && respExtSz > 0) { + ret = EncodeOcspRespExtensions(resp, + (byte*)dataASN[OCSPRESPDATAASN_IDX_RESPEXT].data.buffer.data, + &respExtSz); } } + if (ret == 0) + *outSz = sz; - /* - * Check the length of the ResponseData against the current index to - * see if there are extensions, they are optional. - */ - if (idx - prev_idx < resp->responseSz) - if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0) - return ASN_PARSE_E; + FREE_ASNSETDATA(dataASN, resp->heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ - *ioIndex = idx; - return 0; -#else +#ifdef WOLFSSL_ASN_TEMPLATE +static int DecodeResponseData(const byte* source, word32* ioIndex, + OcspResponse* resp, word32 size) +{ DECL_ASNGETDATA(dataASN, ocspRespDataASN_Length); int ret = 0; - byte version; + /* Default, not present, is v1 = 0. */ + byte version = 0; word32 dateSz = 0; word32 responderByKeySz = OCSP_RESPONDER_ID_KEY_SZ; word32 idx = *ioIndex; @@ -38861,8 +32599,6 @@ if (ret == 0) { resp->response = source + idx; - /* Default, not present, is v1 = 0. */ - version = 0; /* Max size of date supported. */ dateSz = MAX_DATE_SIZE; @@ -38887,6 +32623,7 @@ if (dateSz < MIN_DATE_SIZE) { ret = ASN_PARSE_E; } + resp->producedDateSz = (byte)dateSz; } if (ret == 0) { if (dataASN[OCSPRESPDATAASN_IDX_BYNAME].tag != 0) { @@ -38898,11 +32635,8 @@ } else { resp->responderIdType = OCSP_RESPONDER_ID_KEY; if (dataASN[OCSPRESPDATAASN_IDX_BYKEY_OCT].length - != OCSP_RESPONDER_ID_KEY_SZ) { + != OCSP_RESPONDER_ID_KEY_SZ) ret = ASN_PARSE_E; - } else { - resp->responderIdType = OCSP_RESPONDER_ID_KEY; - } } } if (ret == 0) { @@ -38949,6 +32683,7 @@ if (ret == 0) { /* Decode SingleResponse into OcspEntry. */ ret = DecodeSingleResponse(source, &idx, + /* max index is start of next item */ dataASN[OCSPRESPDATAASN_IDX_RESPEXT].offset, (int)dataASN[OCSPRESPDATAASN_IDX_RESP].length, single); /* single->used set on successful decode. */ @@ -38968,45 +32703,8 @@ FREE_ASNGETDATA(dataASN, resp->heap); return ret; -#endif } - - -#ifndef WOLFSSL_ASN_TEMPLATE -#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - -static int DecodeCerts(byte* source, - word32* ioIndex, OcspResponse* resp, word32 size) -{ - word32 idx = *ioIndex; - byte tag; - - WOLFSSL_ENTER("DecodeCerts"); - - if (GetASNTag(source, &idx, &tag, size) < 0) - return ASN_PARSE_E; - - if (tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) - { - int length; - - if (GetLength(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - - if (GetSequence(source, &idx, &length, size) < 0) - return ASN_PARSE_E; - - resp->cert = source + idx; - resp->certSz = length; - - idx += length; - } - *ioIndex = idx; - return 0; -} - -#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ -#endif /* !WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for BasicOCSPResponse. @@ -39057,25 +32755,29 @@ return XMEMCMP(NameHash, resp->responderId.nameHash, SIGNER_DIGEST_SIZE) == 0; /* OCSP_RESPONDER_ID_KEY */ - return ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) && - XMEMCMP(keyHash, resp->responderId.keyHash, KEYID_SIZE) == 0; + return (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) && + XMEMCMP(keyHash, resp->responderId.keyHash, + OCSP_RESPONDER_ID_KEY_SZ) == 0; } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK -static int OcspRespCheck(OcspResponse *resp, Signer *responder) +static int OcspRespCheck(OcspResponse *resp, Signer *responder, void* vp) { OcspEntry *s; + int ret; s = resp->single; if (s == NULL) return -1; - /* singles responses must have the same issuer */ - for (; s != NULL; s = s->next) { - if (XMEMCMP(s->issuerKeyHash, responder->subjectKeyHash, - KEYID_SIZE) != 0) - return -1; - } + if (OcspRespIdMatch(resp, responder->subjectNameHash, + responder->subjectKeyHash) == 0) + return -1; + + ret = CheckOcspResponder(resp, responder->subjectNameHash, + responder->extKeyUsage, responder->issuerNameHash, vp); + if (ret != 0) + return -1; return 0; } @@ -39097,8 +32799,15 @@ if (s) return s; } - else if ((int)KEYID_SIZE == OCSP_RESPONDER_ID_KEY_SZ) { - s = GetCAByKeyHash(cm, resp->responderId.keyHash); + else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) { + /* Responder key hash is OCSP_RESPONDER_ID_KEY_SZ bytes (SHA-1 per + * RFC 6960) but lookup functions compare KEYID_SIZE bytes. Zero-pad + * to avoid buffer over-read when KEYID_SIZE > OCSP_RESPONDER_ID_KEY_SZ + * (e.g. when SM2/SM3 is enabled). */ + byte keyHash[KEYID_SIZE]; + XMEMSET(keyHash, 0, KEYID_SIZE); + XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ); + s = GetCAByKeyHash(cm, keyHash); if (s) return s; } @@ -39111,8 +32820,11 @@ if (s) return s; } - else { - s = findSignerByKeyHash(resp->pendingCAs, resp->responderId.keyHash); + else if (KEYID_SIZE >= OCSP_RESPONDER_ID_KEY_SZ) { + byte keyHash[KEYID_SIZE]; + XMEMSET(keyHash, 0, KEYID_SIZE); + XMEMCPY(keyHash, resp->responderId.keyHash, OCSP_RESPONDER_ID_KEY_SZ); + s = findSignerByKeyHash(resp->pendingCAs, keyHash); if (s) return s; } @@ -39151,7 +32863,8 @@ #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if (ret == 0 && !noVerify) { - ret = CheckOcspResponder(resp, cert, cm); + ret = CheckOcspResponder(resp, cert->subjectHash, cert->extExtKeyUsage, + cert->issuerHash, cm); if (ret != 0) { WOLFSSL_MSG("\tOCSP Responder certificate issuer check failed"); goto err; @@ -39178,114 +32891,127 @@ return ret; } -static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, - OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify, - int noVerifySignature) +#ifdef HAVE_OCSP_RESPONDER + +#ifdef WOLFSSL_ASN_TEMPLATE +WC_MAYBE_UNUSED static int EncodeBasicOcspResponse(OcspResponse* resp, + byte* out, word32* outSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; - word32 idx = *ioIndex; - #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - word32 end_index; - #endif - int ret; - int sigLength; - int sigValid = 0; - WOLFSSL_ENTER("DecodeBasicOcspResponse"); - (void)heap; + DECL_ASNSETDATA(dataASN, ocspBasicRespASN_Length); + int ret = 0; + word32 sz = 0; + word32 respDataSz = 0; + word32 sigSz = 0; - if (GetSequence(source, &idx, &length, size) < 0) - return ASN_PARSE_E; + if (outSz == NULL) { + return BAD_FUNC_ARG; + } - if (idx + length > size) - return ASN_INPUT_E; - #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - end_index = idx + length; - #endif + WOLFSSL_ENTER("EncodeBasicOcspResponse"); - if ((ret = DecodeResponseData(source, &idx, resp, size)) < 0) - return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ + CALLOC_ASNSETDATA(dataASN, ocspBasicRespASN_Length, ret, resp->heap); - /* Get the signature algorithm */ - if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) { - return ASN_PARSE_E; + if (ret == 0) { + respDataSz = *outSz; + ret = EncodeResponseData(resp, NULL, &respDataSz); } -#ifdef WC_RSA_PSS - else if (resp->sigOID == CTC_RSASSAPSS) { - word32 sz; - int len; - byte* params; - - sz = idx; - params = source + idx; - if (GetSequence(source, &idx, &len, size) < 0) - return ASN_PARSE_E; - if (ret == 0) { - idx += len; - resp->sigParams = params; - resp->sigParamsSz = idx - sz; + if (ret == 0) { + if (resp->sigOID == CTC_SHA256wRSA) + ret = wc_RsaEncryptSize(rsaKey); + else if (resp->sigOID == CTC_SHA256wECDSA) + ret = wc_ecc_sig_size(eccKey); + else + ret = BAD_FUNC_ARG; + if (ret > 0) { + sigSz = (word32)ret; + ret = 0; } + else + ret = ret == 0 ? BAD_FUNC_ARG : ret; } -#endif - - ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL); - if (ret != 0) - return ret; - - resp->sigSz = sigLength; - resp->sig = source + idx; - idx += sigLength; - - /* - * Check the length of the BasicOcspResponse against the current index to - * see if there are certificates, they are optional. - */ -#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS - if (idx < end_index) - { - if (DecodeCerts(source, &idx, resp, size) < 0) - return ASN_PARSE_E; - - ret = OcspCheckCert(resp, noVerify, noVerifySignature, - (WOLFSSL_CERT_MANAGER*)cm, heap); - if (ret == 0) { - sigValid = 1; + if (ret == 0) { + SetASN_OID(&dataASN[OCSPBASICRESPASN_IDX_SIGALGO_OID], resp->sigOID, + oidSigType); + if (resp->sigParams != NULL && resp->sigParamsSz != 0) { + SetASN_Buffer(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS], + resp->sigParams, resp->sigParamsSz); } else { - WOLFSSL_MSG("OCSP Internal cert can't verify the response\n"); - /* try to verify the OCSP response with CA certs */ - ret = 0; + SetASNItem_NoOutNode(dataASN, ocspBasicRespASN, + OCSPBASICRESPASN_IDX_SIGNATURE_PARAMS, + ocspBasicRespASN_Length); } - } -#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ - if (!noVerifySignature && !sigValid) { - Signer* ca; - SignatureCtx sigCtx; - ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm); - if (ca == NULL) - return ASN_NO_SIGNER_E; - -#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK - if (OcspRespCheck(resp, ca) != 0) - return BAD_OCSP_RESPONDER; -#endif - InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); - - /* ConfirmSignature is blocking here */ - sigValid = ConfirmSignature(&sigCtx, resp->response, - resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, - resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, - resp->sigParamsSz, NULL); - if (sigValid != 0) { - WOLFSSL_MSG("\tOCSP Confirm signature failed"); - return ASN_OCSP_CONFIRM_E; + if (resp->cert != NULL && resp->certSz > 0) { + SetASN_Buffer(&dataASN[OCSPBASICRESPASN_IDX_CERTS_SEQ], + resp->cert, resp->certSz); + } + else { + SetASNItem_NoOutNode(dataASN, ocspBasicRespASN, + OCSPBASICRESPASN_IDX_CERTS, + ocspBasicRespASN_Length); + } + if (out == NULL) { + /* Calculate size of encoding. */ + SetASN_ReplaceBuffer(&dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], NULL, + respDataSz); + SetASN_Buffer(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], NULL, + sigSz); + ret = SizeASN_Items(ocspBasicRespASN, dataASN, + ocspBasicRespASN_Length, &sz); + } + else { + /* The real ECC signature might differ from the size returned by + * wc_ecc_sig_size. We handle this by placing the signature at + * the end of the buffer and then moving it into place. */ + byte* respData = out + (*outSz - respDataSz - sigSz); + byte* sigData = out + (*outSz - sigSz); + if (respDataSz + sigSz > *outSz) + ret = BUFFER_E; + if (ret == 0) + ret = EncodeResponseData(resp, respData, &respDataSz); + if (ret == 0) { + CertSignCtx certSignCtx; + XMEMSET(&certSignCtx, 0, sizeof(CertSignCtx)); + ret = MakeSignature(&certSignCtx, respData, respDataSz, + sigData, sigSz, rsaKey, eccKey, NULL, NULL, NULL, NULL, + NULL, rng, resp->sigOID, resp->heap); + if (ret > 0) { + sigSz = (word32)ret; + ret = 0; + } + else + ret = ret == 0 ? WC_FAILURE : ret; + } + if (ret == 0) { + SetASN_ReplaceBuffer(&dataASN[OCSPBASICRESPASN_IDX_TBS_SEQ], + respData, respDataSz); + SetASN_Buffer(&dataASN[OCSPBASICRESPASN_IDX_SIGNATURE], + sigData, sigSz); + /* Re-calculate size of encoding. */ + ret = SizeASN_Items(ocspBasicRespASN, dataASN, + ocspBasicRespASN_Length, &sz); + } + if (ret == 0) { + if (SetASN_Items(ocspBasicRespASN, dataASN, + ocspBasicRespASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + } } - (void)noVerify; } - *ioIndex = idx; - return 0; -#else + if (ret == 0) + *outSz = sz; + FREE_ASNSETDATA(dataASN, resp->heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ + +#ifdef WOLFSSL_ASN_TEMPLATE +static int DecodeBasicOcspResponse(const byte* source, word32* ioIndex, + OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify, + int noVerifySignature) +{ DECL_ASNGETDATA(dataASN, ocspBasicRespASN_Length); int ret = 0; word32 idx = *ioIndex; @@ -39357,25 +33083,29 @@ } #ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK if (ret == 0 && !noVerifySignature && !sigValid) { - if (OcspRespCheck(resp, ca) != 0) { + if (OcspRespCheck(resp, ca, cm) != 0) { ret = BAD_OCSP_RESPONDER; } } #endif if (ret == 0 && !noVerifySignature && !sigValid) { - SignatureCtx sigCtx; - /* Initialize the signature context. */ - InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); - - /* TODO: ConfirmSignature is blocking here */ - /* Check the signature of the response CA public key. */ - sigValid = ConfirmSignature(&sigCtx, resp->response, - resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, - resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, - resp->sigParamsSz, NULL); - if (sigValid != 0) { - WOLFSSL_MSG("\tOCSP Confirm signature failed"); - ret = ASN_OCSP_CONFIRM_E; + /* Extra NULL check to satisfy compiler */ + if (ca == NULL) + ret = ASN_NO_SIGNER_E; + if (ret == 0) { + SignatureCtx sigCtx; + /* Initialize the signature context. */ + InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); + /* TODO: ConfirmSignature is blocking here */ + /* Check the signature of the response CA public key. */ + sigValid = ConfirmSignature(&sigCtx, resp->response, + resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, + resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, + resp->sigParamsSz, NULL); + if (sigValid != 0) { + WOLFSSL_MSG("\tOCSP Confirm signature failed"); + ret = ASN_OCSP_CONFIRM_E; + } } } if (ret == 0) { @@ -39385,29 +33115,33 @@ FREE_ASNGETDATA(dataASN, heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, byte* source, word32 inSz, void* heap) { WOLFSSL_ENTER("InitOcspResponse"); - XMEMSET(status, 0, sizeof(CertStatus)); - XMEMSET(single, 0, sizeof(OcspEntry)); - XMEMSET(resp, 0, sizeof(OcspResponse)); - - single->status = status; - resp->responseStatus = -1; - resp->single = single; - resp->source = source; - resp->maxIdx = inSz; - resp->heap = heap; - resp->pendingCAs = NULL; - resp->sigParams = NULL; - resp->sigParamsSz = 0; - resp->responderIdType = OCSP_RESPONDER_ID_INVALID; + if (status != NULL) { + XMEMSET(status, 0, sizeof(CertStatus)); + } + if (single != NULL) { + XMEMSET(single, 0, sizeof(OcspEntry)); + single->status = status; + } + if (resp != NULL) { + XMEMSET(resp, 0, sizeof(OcspResponse)); + resp->responseStatus = -1; + resp->single = single; + resp->source = source; + resp->maxIdx = inSz; + resp->heap = heap; + resp->pendingCAs = NULL; + resp->sigParams = NULL; + resp->sigParamsSz = 0; + resp->responderIdType = OCSP_RESPONDER_ID_INVALID; + } } void FreeOcspResponse(OcspResponse* resp) @@ -39461,92 +33195,101 @@ #define ocspResponseASN_Length (sizeof(ocspResponseASN) / sizeof(ASNItem)) #endif /* WOLFSSL_ASN_TEMPLATE */ -int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, - int noVerifyCert, int noVerifySignature) -{ -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - int length = 0; - word32 idx = 0; - byte* source = resp->source; - word32 size = resp->maxIdx; - word32 oid; - byte tag; +#ifdef HAVE_OCSP_RESPONDER - WOLFSSL_ENTER("OcspResponseDecode"); +#ifdef WOLFSSL_ASN_TEMPLATE +int OcspResponseEncode(OcspResponse* resp, byte* out, word32* outSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) +{ + DECL_ASNSETDATA(dataASN, ocspResponseASN_Length); + int ret = 0; + word32 sz = 0; + word32 basicRespSz = 0; - /* peel the outer SEQUENCE wrapper */ - if (GetSequence(source, &idx, &length, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } + WOLFSSL_ENTER("OcspResponseEncode"); - /* First get the responseStatus, an ENUMERATED */ - if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; + if (resp == NULL || outSz == NULL) { + return BAD_FUNC_ARG; } - if (resp->responseStatus != OCSP_SUCCESSFUL) { - WOLFSSL_LEAVE("OcspResponseDecode", 0); - return 0; - } + CALLOC_ASNSETDATA(dataASN, ocspResponseASN_Length, ret, resp->heap); - /* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */ - if (idx >= size) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } - if (GetASNTag(source, &idx, &tag, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } - if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } - if (GetLength(source, &idx, &length, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; + if (ret == 0) { + SetASN_Int8Bit(&dataASN[OCSPRESPONSEASN_IDX_STATUS], + (byte)resp->responseStatus); } + if (ret == 0 && resp->responseStatus == OCSP_SUCCESSFUL) { + SetASN_OID(&dataASN[OCSPRESPONSEASN_IDX_BYTES_TYPE], OCSP_BASIC_OID, + oidOcspType); - /* Get the responseBytes SEQUENCE */ - if (GetSequence(source, &idx, &length, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } + basicRespSz = *outSz; + ret = EncodeBasicOcspResponse(resp, NULL, &basicRespSz, rsaKey, eccKey, + rng); + if (ret == 0 && out == NULL) { + SetASN_Buffer(&dataASN[OCSPRESPONSEASN_IDX_BYTES_VAL], NULL, + basicRespSz); + ret = SizeASN_Items(ocspResponseASN, dataASN, + ocspResponseASN_Length, &sz); + } + else if (ret == 0 && out != NULL) { + /* The size of the basic response may change because of the + * signature encoding. */ + byte* basicResp = out + (*outSz - basicRespSz); + if (basicRespSz > *outSz) + ret = BUFFER_E; + if (ret == 0) { + ret = EncodeBasicOcspResponse(resp, basicResp, + &basicRespSz, rsaKey, eccKey, rng); + } + if (ret == 0) { + SetASN_Buffer(&dataASN[OCSPRESPONSEASN_IDX_BYTES_VAL], + basicResp, basicRespSz); + ret = SizeASN_Items(ocspResponseASN, dataASN, + ocspResponseASN_Length, &sz); + } + if (ret == 0 && sz > *outSz) + ret = BUFFER_E; + if (ret == 0) { + if (SetASN_Items(ocspResponseASN, dataASN, + ocspResponseASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + } + } - /* Check ObjectID for the resposeBytes */ - if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; } - if (oid != OCSP_BASIC_OID) { - WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); - return ASN_PARSE_E; - } - ret = GetOctetString(source, &idx, &length, size); - if (ret < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ret); - return ret; + else if (ret == 0 && resp->responseStatus != OCSP_SUCCESSFUL) { + SetASNItem_NoOutNode(dataASN, ocspResponseASN, + OCSPRESPONSEASN_IDX_BYTES, + ocspResponseASN_Length); + ret = SizeASN_Items(ocspResponseASN, dataASN, ocspResponseASN_Length, + &sz); + if (ret == 0 && out != NULL && sz > *outSz) + ret = BUFFER_E; + if (ret == 0 && out != NULL) { + if (SetASN_Items(ocspResponseASN, dataASN, + ocspResponseASN_Length, out) != (int)sz) + ret = ASN_PARSE_E; + } } - ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, - noVerifyCert, noVerifySignature); - if (ret < 0) { - WOLFSSL_LEAVE("OcspResponseDecode", ret); - return ret; - } + if (ret == 0) + *outSz = sz; + FREE_ASNSETDATA(dataASN, resp->heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ - WOLFSSL_LEAVE("OcspResponseDecode", 0); - return 0; -#else +#ifdef WOLFSSL_ASN_TEMPLATE +int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, + int noVerifyCert, int noVerifySignature) +{ DECL_ASNGETDATA(dataASN, ocspResponseASN_Length); int ret = 0; word32 idx = 0, size = resp->maxIdx; byte* source = resp->source; byte status = 0; - byte* basic; + const byte* basic; word32 basicSz; WOLFSSL_ENTER("OcspResponseDecode"); @@ -39583,38 +33326,8 @@ FREE_ASNGETDATA(dataASN, resp->heap); WOLFSSL_LEAVE("OcspResponseDecode", ret); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - -#ifdef WOLFSSL_ASN_TEMPLATE -/* ASN.1 template for OCSP nonce extension. - * RFC 6960, 4.4.1 - Nonce - * X.509: RFC 5280, 4.1 - Basic Certificate Fields. (Extension) - */ -static const ASNItem ocspNonceExtASN[] = { -/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, - /* Extension */ -/* EXT */ { 1, ASN_SEQUENCE, 1, 1, 0 }, - /* extnId */ -/* EXT_OID */ {2, ASN_OBJECT_ID, 0, 0, 0 }, - /* critical not encoded. */ - /* extnValue */ -/* EXT_VAL */ {2, ASN_OCTET_STRING, 0, 1, 0 }, - /* nonce */ -/* EXT_NONCE */ {3, ASN_OCTET_STRING, 0, 0, 0 }, -}; -enum { - OCSPNONCEEXTASN_IDX_SEQ = 0, - OCSPNONCEEXTASN_IDX_EXT, - OCSPNONCEEXTASN_IDX_EXT_OID, - OCSPNONCEEXTASN_IDX_EXT_VAL, - OCSPNONCEEXTASN_IDX_EXT_NONCE, -}; - -/* Number of items in ASN.1 template for OCSP nonce extension. */ -#define ocspNonceExtASN_Length (sizeof(ocspNonceExtASN) / sizeof(ASNItem)) #endif /* WOLFSSL_ASN_TEMPLATE */ - word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size) { const byte NonceObjId[] = { 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, @@ -39670,7 +33383,7 @@ /* Check request has nonce to write in extension. */ if (req != NULL && req->nonceSz != 0) { DECL_ASNSETDATA(dataASN, ocspNonceExtASN_Length); - int sz = 0; + word32 sz = 0; CALLOC_ASNSETDATA(dataASN, ocspNonceExtASN_Length, ret, req->heap); @@ -39685,7 +33398,7 @@ ocspNonceExtASN_Length, &sz); } /* Check buffer big enough for encoding if supplied. */ - if ((ret == 0) && (output != NULL) && (sz > (int)size)) { + if ((ret == 0) && (output != NULL) && (sz > size)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { @@ -39695,7 +33408,7 @@ } if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, req->heap); @@ -39726,6 +33439,8 @@ /* hashAlgorithm */ /* TBS_REQ_HASH */ { 5, ASN_SEQUENCE, 1, 1, 0 }, /* TBS_REQ_HASH_OID */ { 6, ASN_OBJECT_ID, 0, 0, 0 }, + /* optional NULL params */ +/* TBS_REQ_HASH_NULL */ { 6, ASN_TAG_NULL, 0, 0, 1 }, /* issuerNameHash */ /* TBS_REQ_ISSUER */ { 5, ASN_OCTET_STRING, 0, 0, 0 }, /* issuerKeyHash */ @@ -39733,8 +33448,9 @@ /* serialNumber */ /* TBS_REQ_SERIAL */ { 5, ASN_INTEGER, 0, 0, 0 }, /* requestExtensions */ -/* TBS_REQEXT */ { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 0 }, - /* optionalSignature not written. */ +/* TBS_REQEXT */ { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 0, 1 }, + /* optionalSignature */ +/* OPT_SIG */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 1 } }; enum { OCSPREQUESTASN_IDX_SEQ = 0, @@ -39744,98 +33460,24 @@ OCSPREQUESTASN_IDX_TBS_REQ_CID, OCSPREQUESTASN_IDX_TBS_REQ_HASH, OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID, + OCSPREQUESTASN_IDX_TBS_REQ_HASH_NULL, OCSPREQUESTASN_IDX_TBS_REQ_ISSUER, OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY, OCSPREQUESTASN_IDX_TBS_REQ_SERIAL, OCSPREQUESTASN_IDX_TBS_REQEXT, + OCSPREQUESTASN_IDX_OPT_SIG, }; /* Number of items in ASN.1 template for OCSPRequest. */ #define ocspRequestASN_Length (sizeof(ocspRequestASN) / sizeof(ASNItem)) #endif +#ifdef WOLFSSL_ASN_TEMPLATE int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) { -#ifndef WOLFSSL_ASN_TEMPLATE - byte seqArray[5][MAX_SEQ_SZ]; - /* The ASN.1 of the OCSP Request is an onion of sequences */ - byte algoArray[MAX_ALGO_SZ]; - byte issuerArray[MAX_ENCODED_DIG_SZ]; - byte issuerKeyArray[MAX_ENCODED_DIG_SZ]; - byte snArray[MAX_SN_SZ]; - byte extArray[MAX_OCSP_EXT_SZ]; - word32 seqSz[5], algoSz, issuerSz, issuerKeySz, extSz, totalSz; - int i, snSz; - int keyIdSz; - - WOLFSSL_ENTER("EncodeOcspRequest"); - -#ifdef NO_SHA - algoSz = SetAlgoID(SHA256h, algoArray, oidHashType, 0); - keyIdSz = WC_SHA256_DIGEST_SIZE; -#else - algoSz = SetAlgoID(SHAh, algoArray, oidHashType, 0); - keyIdSz = WC_SHA_DIGEST_SIZE; -#endif - - issuerSz = SetDigest(req->issuerHash, keyIdSz, issuerArray); - issuerKeySz = SetDigest(req->issuerKeyHash, keyIdSz, issuerKeyArray); - snSz = SetSerialNumber(req->serial, req->serialSz, snArray, - MAX_SN_SZ, MAX_SN_SZ); - extSz = 0; - - if (snSz < 0) - return snSz; - - if (req->nonceSz) { - /* TLS Extensions use this function too - put extensions after - * ASN.1: Context Specific [2]. - */ - extSz = EncodeOcspRequestExtensions(req, extArray + 2, - OCSP_NONCE_EXT_SZ); - extSz += SetExplicit(2, extSz, extArray, 0); - } - - totalSz = algoSz + issuerSz + issuerKeySz + snSz; - for (i = 4; i >= 0; i--) { - seqSz[i] = SetSequence(totalSz, seqArray[i]); - totalSz += seqSz[i]; - if (i == 2) totalSz += extSz; - } - - if (output == NULL) - return totalSz; - if (totalSz > size) - return BUFFER_E; - - totalSz = 0; - for (i = 0; i < 5; i++) { - XMEMCPY(output + totalSz, seqArray[i], seqSz[i]); - totalSz += seqSz[i]; - } - - XMEMCPY(output + totalSz, algoArray, algoSz); - totalSz += algoSz; - - XMEMCPY(output + totalSz, issuerArray, issuerSz); - totalSz += issuerSz; - - XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz); - totalSz += issuerKeySz; - - XMEMCPY(output + totalSz, snArray, snSz); - totalSz += snSz; - - if (extSz != 0) { - XMEMCPY(output + totalSz, extArray, extSz); - totalSz += extSz; - } - - return totalSz; -#else DECL_ASNSETDATA(dataASN, ocspRequestASN_Length); word32 extSz = 0; - int sz = 0; + word32 sz = 0; int ret = 0; word32 keyIdSz; @@ -39844,16 +33486,16 @@ CALLOC_ASNSETDATA(dataASN, ocspRequestASN_Length, ret, req->heap); if (ret == 0) { + int digestSz = wc_HashGetDigestSize(wc_OidGetHash(req->hashAlg)); + if (digestSz <= 0) + ret = BAD_FUNC_ARG; + else + keyIdSz = (word32)digestSz; + } + if (ret == 0) { /* Set OID of hash algorithm use on issuer and key. */ - #ifdef NO_SHA - SetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], SHA256h, + SetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], req->hashAlg, oidHashType); - keyIdSz = WC_SHA256_DIGEST_SIZE; - #else - SetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], SHAh, - oidHashType); - keyIdSz = WC_SHA_DIGEST_SIZE; - #endif /* Set issuer, issuer key hash and serial number of certificate being * checked. */ SetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_ISSUER], @@ -39875,6 +33517,8 @@ /* Don't write out extensions. */ dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].noOut = 1; } + /* Don't write out signature. */ + dataASN[OCSPREQUESTASN_IDX_OPT_SIG].noOut = 1; } if (ret == 0) { /* Calculate size of encoding. */ @@ -39882,7 +33526,7 @@ &sz); } /* Check buffer big enough for encoding if supplied. */ - if ((ret == 0) && (output != NULL) && (sz > (int)size)) { + if ((ret == 0) && (output != NULL) && (sz > size)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { @@ -39901,13 +33545,180 @@ if (ret == 0) { /* Return size of encoding. */ - ret = sz; + ret = (int)sz; } FREE_ASNSETDATA(dataASN, req->heap); return ret; +} #endif /* WOLFSSL_ASN_TEMPLATE */ +#ifdef HAVE_OCSP_RESPONDER + +#ifdef WOLFSSL_ASN_TEMPLATE +/* Decode OCSP request extensions. + * RFC 6960, 4.1.1 - ASN.1 Specification of the OCSP Request + * + * @param [in] source Buffer containing encoded extensions (inside [2]). + * @param [in] sz Length of buffer in bytes. + * @param [in, out] req OCSP request object to store nonce. + * @return 0 on success. + * @return ASN_PARSE_E when data is malformed. + */ +static int DecodeOcspReqExtensions(const byte* source, word32 sz, + OcspRequest* req) +{ + DECL_ASNGETDATA(dataASN, certExtASN_Length); + int ret = 0; + word32 idx = 0; + word32 maxIdx; + int seqLen; + + WOLFSSL_ENTER("DecodeOcspReqExtensions"); + + /* Skip the outer SEQUENCE that wraps all extensions */ + if (GetSequence(source, &idx, &seqLen, sz) < 0) { + return ASN_PARSE_E; + } + maxIdx = idx + (word32)seqLen; + + CALLOC_ASNGETDATA(dataASN, certExtASN_Length, ret, req->heap); + + /* Step through all extensions. */ + while ((ret == 0) && (idx < maxIdx)) { + byte isCrit = 0; + /* Clear dynamic data, set OID type to expect. */ + XMEMSET(dataASN, 0, sizeof(*dataASN) * certExtASN_Length); + GetASN_OID(&dataASN[CERTEXTASN_IDX_OID], oidOcspType); + GetASN_Boolean(&dataASN[CERTEXTASN_IDX_CRIT], &isCrit); + /* Decode extension. */ + ret = GetASN_Items(certExtASN, dataASN, certExtASN_Length, 0, + source, &idx, sz); + if (ret == 0) { + word32 oid = dataASN[CERTEXTASN_IDX_OID].data.oid.sum; + int length = (int)dataASN[CERTEXTASN_IDX_VAL].length; + + if (oid == OCSP_NONCE_OID) { + /* Parse inner OCTET STRING from the extension value buffer + * using a local index to avoid relying on the outer idx. */ + const byte* extData = dataASN[CERTEXTASN_IDX_VAL].data.ref.data; + word32 extDataSz = dataASN[CERTEXTASN_IDX_VAL].data.ref.length; + word32 localIdx = 0; + int innerLen = (int)extDataSz; + + ret = GetOctetString(extData, &localIdx, &innerLen, extDataSz); + if (ret >= 0) { + ret = 0; + if (innerLen <= (int)sizeof(req->nonce)) { + XMEMCPY(req->nonce, extData + localIdx, (size_t)innerLen); + req->nonceSz = innerLen; + } + else { + /* Nonce too large */ + ret = BUFFER_E; + } + } + } + else if (isCrit) { + /* Unknown critical extension - fail */ + ret = ASN_PARSE_E; + } + /* Ignore all other extension types. */ + + /* Skip over rest of extension. */ + idx += (word32)length; + } + } + + /* Ensure all extension data was consumed */ + if (ret == 0 && idx != maxIdx) { + ret = ASN_PARSE_E; + } + + FREE_ASNGETDATA(dataASN, req->heap); + return ret; +} +#endif /* WOLFSSL_ASN_TEMPLATE */ + +#ifdef WOLFSSL_ASN_TEMPLATE +int DecodeOcspRequest(OcspRequest* req, const byte* input, word32 size) +{ + /* TODO: support multiple Requested in a requestList */ + DECL_ASNGETDATA(dataASN, ocspRequestASN_Length); + int ret = 0; + word32 idx = 0; + word32 issuerHashSz = sizeof(req->issuerHash); + word32 issuerKeyHashSz = sizeof(req->issuerKeyHash); + const byte* serial = NULL; + word32 serialSz = 0; + + WOLFSSL_ENTER("DecodeOcspRequest"); + + CALLOC_ASNGETDATA(dataASN, ocspRequestASN_Length, ret, req->heap); + + if (ret == 0) { + GetASN_OID(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID], oidHashType); + GetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_ISSUER], + req->issuerHash, &issuerHashSz); + GetASN_Buffer(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_ISSUERKEY], + req->issuerKeyHash, &issuerKeyHashSz); + ret = GetASN_Items(ocspRequestASN, dataASN, ocspRequestASN_Length, 1, + input, &idx, size); + } + if (ret == 0) { + /* Make sure all input was consumed */ + if (idx != size) + ret = ASN_PARSE_E; + } + if (ret == 0) { + /* Store hash algorithm from the request */ + int digestSz; + req->hashAlg = dataASN[OCSPREQUESTASN_IDX_TBS_REQ_HASH_OID].data.oid.sum; + digestSz = wc_HashGetDigestSize(wc_OidGetHash(req->hashAlg)); + if (digestSz <= 0) + ret = ASN_SIG_HASH_E; + else if ((int)issuerHashSz != digestSz || + (int)issuerKeyHashSz != digestSz) + ret = ASN_PARSE_E; + } + if (ret == 0) { + /* Parse optional extensions */ + if (dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].data.ref.data != NULL) { + ret = DecodeOcspReqExtensions( + dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].data.ref.data, + dataASN[OCSPREQUESTASN_IDX_TBS_REQEXT].data.ref.length, + req); + } + } + if (ret == 0) { + /* Optional signature not supported yet */ + if (dataASN[OCSPREQUESTASN_IDX_OPT_SIG].length > 0 || + dataASN[OCSPREQUESTASN_IDX_OPT_SIG].data.ref.data != NULL) + ret = NOT_COMPILED_IN; + } + if (ret == 0) { + GetASN_GetRef(&dataASN[OCSPREQUESTASN_IDX_TBS_REQ_SERIAL], + &serial, &serialSz); + if (serialSz == 0 || serial == NULL || serialSz > EXTERNAL_SERIAL_SIZE) + ret = ASN_PARSE_E; + } + if (ret == 0) { + /* Copy serial number */ + req->serial = (byte*)XMALLOC((size_t)serialSz, req->heap, + DYNAMIC_TYPE_OCSP_REQUEST); + if (req->serial == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(req->serial, serial, (size_t)serialSz); + req->serialSz = serialSz; + } + } + + FREE_ASNGETDATA(dataASN, req->heap); + return ret; } +#endif /* WOLFSSL_ASN_TEMPLATE */ +#endif /* HAVE_OCSP_RESPONDER */ int InitOcspRequest(OcspRequest* req, DecodedCert* cert, byte useNonce, @@ -39923,6 +33734,12 @@ XMEMSET(req, 0, sizeof(OcspRequest)); req->heap = heap; +#ifdef NO_SHA + req->hashAlg = SHA256h; +#else + req->hashAlg = SHAh; +#endif + if (cert) { XMEMCPY(req->issuerHash, cert->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cert->issuerKeyHash, KEYID_SIZE); @@ -40042,12 +33859,12 @@ /* match based on found status and return */ for (single = resp->single; single; single = next) { - #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) ocspDigestSize = wc_HashGetDigestSize( wc_OidGetHash(single->hashAlgoOID)); - #else - ocspDigestSize = OCSP_DIGEST_SIZE; - #endif + if (ocspDigestSize <= 0) { + WOLFSSL_MSG("\tinvalid hash algorithm in response"); + return -1; + } cmp = req->serialSz - single->status->serialSz; if (cmp == 0) { cmp = XMEMCMP(req->serial, single->status->serial, @@ -40106,43 +33923,10 @@ } /* store WC_SHA hash of NAME */ +#ifdef WOLFSSL_ASN_TEMPLATE int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, word32 sigOID) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length; /* length of all distinguished names */ - int ret; - word32 dummy; - byte tag; - - WOLFSSL_ENTER("GetNameHash"); - - dummy = *idx; - if (GetASNTag(source, &dummy, &tag, (word32)maxIdx) == 0 && - tag == ASN_OBJECT_ID) { - WOLFSSL_MSG("Trying optional prefix..."); - - if (GetLength(source, idx, &length, (word32)maxIdx) < 0) - return ASN_PARSE_E; - - *idx += (word32)length; - WOLFSSL_MSG("Got optional prefix"); - } - - /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be - * calculated over the entire DER encoding of the Name field, including - * the tag and length. */ - dummy = *idx; - if (GetSequence(source, idx, &length, (word32)maxIdx) < 0) - return ASN_PARSE_E; - - ret = CalcHashId_ex(source + dummy, (word32)length + *idx - dummy, hash, - HashIdAlg(sigOID)); - - *idx += (word32)length; - - return ret; -#else ASNGetData dataASN[nameHashASN_Length]; int ret; @@ -40164,9 +33948,8 @@ } return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #if defined(HAVE_CRL) && !defined(WOLFCRYPT_ONLY) #ifdef OPENSSL_EXTRA @@ -40208,6 +33991,9 @@ while(tmp) { RevokedCert* next = tmp->next; +#if defined(OPENSSL_EXTRA) + XFREE(tmp->extensions, dcrl->heap, DYNAMIC_TYPE_REVOKED); +#endif XFREE(tmp, dcrl->heap, DYNAMIC_TYPE_REVOKED); tmp = next; } @@ -40243,72 +34029,82 @@ #define revokedASN_Length (sizeof(revokedASN) / sizeof(ASNItem)) #endif -/* Get Revoked Cert list, 0 on success */ -static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx, - DecodedCRL* dcrl, word32 maxIdx) -{ -#ifndef WOLFSSL_ASN_TEMPLATE - int ret; - int len; - word32 end; - RevokedCert* rc; -#ifdef CRL_STATIC_REVOKED_LIST - int totalCerts = 0; -#endif - WOLFSSL_ENTER("GetRevoked"); - - if (GetSequence(buff, idx, &len, maxIdx) < 0) - return ASN_PARSE_E; +/* CRL Reason Code OID: 2.5.29.21 */ +static const byte crlReasonOid[] = { 0x55, 0x1d, 0x15 }; - end = *idx + len; - -#ifdef CRL_STATIC_REVOKED_LIST - totalCerts = dcrl->totalCerts; +/* Parse CRL entry extensions to extract the reason code. + * Sets *reasonCode if found, otherwise leaves it unchanged. */ +static void ParseCRL_ReasonCode(const byte* buff, word32 idx, word32 maxIdx, + int* reasonCode) +{ + while (idx < maxIdx) { + int len; + word32 end; + word32 localIdx; + byte tag; - if (totalCerts >= CRL_MAX_REVOKED_CERTS) { - return MEMORY_E; - } + /* Each extension is a SEQUENCE */ + if (GetSequence(buff, &idx, &len, maxIdx) < 0) { + break; + } + end = idx + (word32)len; - rc = &rcert[totalCerts]; - ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx); - if (ret < 0) { - WOLFSSL_MSG("wc_GetSerialNumber error"); - return ret; + /* Check for CRL Reason OID: 2.5.29.21 */ + if (end - idx >= (word32)(2 + sizeof(crlReasonOid)) && + buff[idx] == ASN_OBJECT_ID && + buff[idx + 1] == sizeof(crlReasonOid) && + XMEMCMP(buff + idx + 2, crlReasonOid, + sizeof(crlReasonOid)) == 0) { + /* Skip past the OID */ + idx += 2 + (word32)sizeof(crlReasonOid); + /* Skip optional critical BOOLEAN */ + localIdx = idx; + if (GetASNTag(buff, &localIdx, &tag, end) == 0 && + tag == ASN_BOOLEAN) { + /* Consume full BOOLEAN TLV (tag + length + value). */ + if (GetBoolean(buff, &idx, end) < 0) { + break; + } + } + /* Get OCTET STRING wrapping the ENUMERATED */ + if (GetOctetString(buff, &idx, &len, end) >= 0) { + /* Parse ENUMERATED reason value */ + localIdx = idx; + if (GetASNTag(buff, &localIdx, &tag, end) == 0 && + tag == ASN_ENUMERATED) { + int reasonLen; + idx = localIdx; + if (GetLength(buff, &idx, &reasonLen, end) >= 0 && + reasonLen == 1) { + *reasonCode = (int)buff[idx]; + } + } + } + } + idx = end; } -#else +} - rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, - DYNAMIC_TYPE_REVOKED); - if (rc == NULL) { - WOLFSSL_MSG("Alloc Revoked Cert failed"); - return MEMORY_E; - } - ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx); - if (ret < 0) { - WOLFSSL_MSG("wc_GetSerialNumber error"); - XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED); - return ret; +#ifdef HAVE_CRL +/* Test-visible helper: parse reasonCode from encoded Extension list bytes. */ +WOLFSSL_TEST_VIS int wc_ParseCRLReasonFromExtensions(const byte* ext, + word32 extSz, + int* reasonCode) +{ + if (ext == NULL || reasonCode == NULL) { + return BAD_FUNC_ARG; } - /* add to list */ - rc->next = dcrl->certs; - dcrl->certs = rc; - (void)rcert; -#endif /* CRL_STATIC_REVOKED_LIST */ - dcrl->totalCerts++; - /* get date */ -#ifndef NO_ASN_TIME - ret = GetBasicDate(buff, idx, rc->revDate, &rc->revDateFormat, maxIdx); - if (ret < 0) { - WOLFSSL_MSG("Expecting Date"); - return ret; - } + ParseCRL_ReasonCode(ext, 0, extSz, reasonCode); + return 0; +} #endif - /* skip extensions */ - *idx = end; - return 0; -#else +/* Get Revoked Cert list, 0 on success */ +#ifdef WOLFSSL_ASN_TEMPLATE +static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx, + DecodedCRL* dcrl, word32 maxIdx) +{ DECL_ASNGETDATA(dataASN, revokedASN_Length); int ret = 0; word32 serialSz = EXTERNAL_SERIAL_SIZE; @@ -40330,6 +34126,9 @@ if (rc == NULL) { ret = MEMORY_E; } + if (ret == 0) { + XMEMSET(rc, 0, sizeof(RevokedCert)); + } #endif /* CRL_STATIC_REVOKED_LIST */ CALLOC_ASNGETDATA(dataASN, revokedASN_Length, ret, dcrl->heap); @@ -40354,7 +34153,39 @@ ? dataASN[REVOKEDASN_IDX_TIME_UTC].tag : dataASN[REVOKEDASN_IDX_TIME_GT].tag; - /* TODO: use extensions, only v2 */ + /* Initialize reason code to absent */ + rc->reasonCode = -1; + + /* Parse CRL entry extensions (v2 only) */ + if (dataASN[REVOKEDASN_IDX_TIME_EXT].length > 0) { + word32 extOff = dataASN[REVOKEDASN_IDX_TIME_EXT].offset; + word32 extLen = dataASN[REVOKEDASN_IDX_TIME_EXT].length; + word32 extEnd = extOff + extLen; + word32 extIdx2 = extOff; + +#if defined(OPENSSL_EXTRA) + /* Store raw DER of extensions for OpenSSL compat API. + * Include the outer SEQUENCE tag+length. */ + { + /* Back up to include the SEQUENCE header. We know the + * content starts at extOff, so the header is just before. + * Use the raw buffer start from before GetASN_Items. */ + word32 seqHdrSz = 0; + /* The outer SEQUENCE header is at most 4 bytes before + * content. Rather than guess, store just the content. */ + rc->extensions = (byte*)XMALLOC(extLen, dcrl->heap, + DYNAMIC_TYPE_REVOKED); + if (rc->extensions != NULL) { + XMEMCPY(rc->extensions, buff + extOff, extLen); + rc->extensionsSz = extLen; + } + (void)seqHdrSz; + } +#endif + + ParseCRL_ReasonCode(buff, extIdx2, extEnd, &rc->reasonCode); + } + /* Add revoked certificate to chain. */ #ifndef CRL_STATIC_REVOKED_LIST rc->next = dcrl->certs; @@ -40366,14 +34197,16 @@ FREE_ASNGETDATA(dataASN, dcrl->heap); #ifndef CRL_STATIC_REVOKED_LIST if ((ret != 0) && (rc != NULL)) { +#if defined(OPENSSL_EXTRA) + XFREE(rc->extensions, dcrl->heap, DYNAMIC_TYPE_REVOKED); +#endif XFREE(rc, dcrl->heap, DYNAMIC_TYPE_CRL); } (void)rcert; #endif return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE /* Parse the revoked certificates of a CRL. * @@ -40401,28 +34234,6 @@ } #endif /* WOLFSSL_ASN_TEMPLATE */ -#ifndef WOLFSSL_ASN_TEMPLATE -/* Get CRL Signature, 0 on success */ -static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl, - int maxIdx) -{ - int length; - int ret; - - WOLFSSL_ENTER("GetCRL_Signature"); - - ret = CheckBitString(source, idx, &length, maxIdx, 1, NULL); - if (ret != 0) - return ret; - dcrl->sigLength = length; - - dcrl->signature = (byte*)&source[*idx]; - *idx += dcrl->sigLength; - - return 0; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ - int VerifyCRL_Signature(SignatureCtx* sigCtx, const byte* toBeSigned, word32 tbsSz, const byte* signature, word32 sigSz, word32 signatureOID, const byte* sigParams, @@ -40511,156 +34322,11 @@ } #endif -#ifndef WOLFSSL_ASN_TEMPLATE -static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, - const byte* buf,word32* inOutIdx, int sz, int verify) -{ - word32 oid, dateIdx, idx, checkIdx; - int length; -#ifdef WOLFSSL_NO_CRL_NEXT_DATE - int doNextDate = 1; -#endif - byte tag; - - if (dcrl == NULL || inOutIdx == NULL || buf == NULL) { - return BAD_FUNC_ARG; - } - - /* may have version */ - idx = *inOutIdx; - - checkIdx = idx; - if (GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag == ASN_INTEGER) { - if (GetMyVersion(buf, &idx, &dcrl->version, sz) < 0) - return ASN_PARSE_E; - dcrl->version++; - } - - if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0) { - return ASN_PARSE_E; - } -#ifdef WC_RSA_PSS - else if (oid == CTC_RSASSAPSS) { - word32 tmpSz; - int len; - - tmpSz = idx; - dcrl->sigParamsIndex = idx; - if (GetSequence(buf, &idx, &len, sz) < 0) { - dcrl->sigParamsIndex = 0; - return ASN_PARSE_E; - } - idx += len; - dcrl->sigParamsLength = idx - tmpSz; - } -#endif - - checkIdx = idx; - if (GetSequence(buf, &checkIdx, &length, sz) < 0) { - return ASN_PARSE_E; - } -#ifdef OPENSSL_EXTRA - dcrl->issuerSz = length + (checkIdx - idx); - dcrl->issuer = (byte*)GetNameFromDer(buf + idx, (int)dcrl->issuerSz); -#endif - - if (GetNameHash_ex(buf, &idx, dcrl->issuerHash, sz, oid) < 0) - return ASN_PARSE_E; - - if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0) - return ASN_PARSE_E; - - dateIdx = idx; - - if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0) - { -#ifndef WOLFSSL_NO_CRL_NEXT_DATE - (void)dateIdx; - return ASN_PARSE_E; -#else - dcrl->nextDateFormat = ASN_OTHER_TYPE; /* skip flag */ - doNextDate = 0; - idx = dateIdx; -#endif - } - -#ifdef WOLFSSL_NO_CRL_NEXT_DATE - if (doNextDate) -#endif - { -#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) - if (verify != NO_VERIFY && - (! AsnSkipDateCheck) && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { - WOLFSSL_MSG("CRL after date is no longer valid"); - WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); - return CRL_CERT_DATE_ERR; - } -#else - (void)verify; -#endif - } - - checkIdx = idx; - if (idx != dcrl->sigIndex && - GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag != CRL_EXTENSIONS) { - - int len; - - if (GetSequence(buf, &idx, &len, sz) < 0) - return ASN_PARSE_E; - len += idx; - - while (idx < (word32)len) { - if (GetRevoked(rcert, buf, &idx, dcrl, len) < 0) - return ASN_PARSE_E; - } - } - - *inOutIdx = idx; - - return 0; -} -#endif /* !WOLFSSL_ASN_TEMPLATE */ - #ifndef NO_SKID +#ifdef WOLFSSL_ASN_TEMPLATE static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) { -#ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - int length = 0, ret = 0; - byte tag; - - WOLFSSL_ENTER("ParseCRL_AuthKeyIdExt"); - - if (GetSequence(input, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - if (GetASNTag(input, &idx, &tag, sz) < 0) { - return ASN_PARSE_E; - } - - if (tag != (ASN_CONTEXT_SPECIFIC | 0)) { - WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); - return 0; - } - - if (GetLength(input, &idx, &length, sz) <= 0) { - WOLFSSL_MSG("\tfail: extension data length"); - return ASN_PARSE_E; - } - - dcrl->extAuthKeyIdSet = 1; - - /* Get the hash or hash of the hash if wrong size. */ - ret = GetHashId(input + idx, length, dcrl->extAuthKeyId, - HashIdAlg(dcrl->signatureOID)); - - return ret; -#else DECL_ASNGETDATA(dataASN, authKeyIdASN_Length); int ret = 0; word32 idx = 0; @@ -40691,145 +34357,11 @@ FREE_ASNGETDATA(dataASN, dcrl->heap); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif -#ifndef WOLFSSL_ASN_TEMPLATE -static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, - word32* inOutIdx, word32 sz) -{ - int length; - word32 idx; - word32 ext_bound; /* boundary index for the sequence of extensions */ - word32 oid; - byte tag; - - WOLFSSL_ENTER("ParseCRL_Extensions"); - (void)dcrl; - - if (inOutIdx == NULL) - return BAD_FUNC_ARG; - - idx = *inOutIdx; - - /* CRL Extensions are optional */ - if ((idx + 1) > sz) - return 0; - - /* CRL Extensions are optional */ - if (GetASNTag(buf, &idx, &tag, sz) < 0) - return 0; - - /* CRL Extensions are optional */ - if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) - return 0; - - if (GetLength(buf, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - if (GetSequence(buf, &idx, &length, sz) < 0) - return ASN_PARSE_E; - - ext_bound = idx + length; - - while (idx < (word32)ext_bound) { - word32 localIdx; - int ret; - - if (GetSequence(buf, &idx, &length, sz) < 0) { - WOLFSSL_MSG("\tfail: should be a SEQUENCE"); - return ASN_PARSE_E; - } - - oid = 0; - if (GetObjectId(buf, &idx, &oid, oidCrlExtType, sz) < 0) { - WOLFSSL_MSG("\tfail: OBJECT ID"); - return ASN_PARSE_E; - } - - /* check for critical flag */ - if ((idx + 1) > (word32)sz) { - WOLFSSL_MSG("\tfail: malformed buffer"); - return BUFFER_E; - } - - localIdx = idx; - if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) { - WOLFSSL_MSG("\tfound optional critical flag, moving past"); - ret = GetBoolean(buf, &idx, sz); - if (ret < 0) - return ret; - } - - ret = GetOctetString(buf, &idx, &length, sz); - if (ret < 0) - return ret; - - if (oid == AUTH_KEY_OID) { - #ifndef NO_SKID - ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl); - if (ret < 0) { - WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension"); - return ret; - } - #endif - } - else if (oid == CRL_NUMBER_OID) { - localIdx = idx; - if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && - tag == ASN_INTEGER) { - ret = GetASNInt(buf, &idx, &length, sz); - if (ret < 0) { - WOLFSSL_MSG("\tcouldn't parse CRL number extension"); - return ret; - } - else { - DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT, - CRL_MAX_NUM_SZ * CHAR_BIT); - NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - #ifdef MP_INT_SIZE_CHECK_NULL - if (m == NULL) { - ret = MEMORY_E; - } - #endif - - if (ret == 0 && ((ret = INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ - * CHAR_BIT)) != MP_OKAY)) { - ret = MP_INIT_E; - } - - if (ret == MP_OKAY) - ret = mp_read_unsigned_bin(m, buf + idx, length); - - if (ret != MP_OKAY) - ret = BUFFER_E; - - if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber, - MP_RADIX_HEX) != MP_OKAY) - ret = BUFFER_E; - - if (ret == MP_OKAY) { - dcrl->crlNumberSet = 1; - } - - FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); - - if (ret != MP_OKAY) - return ret; - } - } - } - - idx += length; - } - - *inOutIdx = idx; - - return 0; -} -#else +#ifdef WOLFSSL_ASN_TEMPLATE /* Parse the extensions of a CRL. * * @param [in] dcrl Decoded CRL object. @@ -40903,9 +34435,9 @@ #endif } else if (oid == CRL_NUMBER_OID) { - DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ * CHAR_BIT, - CRL_MAX_NUM_SZ * CHAR_BIT); - NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ * CHAR_BIT, NULL, + DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ_BITS, + CRL_MAX_NUM_SZ_BITS); + NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ_BITS, NULL, DYNAMIC_TYPE_TMP_BUFFER); #ifdef MP_INT_SIZE_CHECK_NULL @@ -40920,9 +34452,33 @@ } if (ret == 0) { - ret = GetInt(m, buf, &localIdx, maxIdx); + int crlNumLen = 0; + word32 rawIdx = localIdx; + word32 tmpIdx = localIdx; + ret = GetASNInt(buf, &tmpIdx, &crlNumLen, maxIdx); + if (ret == 0 && (crlNumLen > CRL_MAX_NUM_SZ)) { + WOLFSSL_MSG("CRL number exceeds limitation"); + ret = BUFFER_E; + } + /* RFC 5280 s5.2.3: CRL number must be non-negative. + * Check the raw encoding before GetASNInt strips + * the leading-zero pad: skip past the INTEGER tag + * and length, then reject if the first content byte + * has its high bit set (negative value). A leading + * 0x00 pad means the value is positive. */ + if (ret == 0) { + int rawLen = 0; + (void)GetASNHeader(buf, ASN_INTEGER, + &rawIdx, &rawLen, maxIdx); + if (rawLen > 0 && (buf[rawIdx] & 0x80) != 0) { + WOLFSSL_MSG("CRL number is negative"); + ret = ASN_PARSE_E; + } + } + if (ret == 0) { + ret = GetInt(m, buf, &localIdx, maxIdx); + } } - if (ret == 0 && mp_toradix(m, (char*)dcrl->crlNumber, MP_RADIX_HEX) != MP_OKAY) ret = BUFFER_E; @@ -40949,7 +34505,7 @@ return ret; } -#endif /* !WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_ASN_TEMPLATE @@ -41025,108 +34581,10 @@ #endif /* parse crl buffer into decoded state, 0 on success */ +#ifdef WOLFSSL_ASN_TEMPLATE int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, int verify, void* cm) { -#ifndef WOLFSSL_ASN_TEMPLATE - Signer* ca = NULL; - SignatureCtx sigCtx; - int ret = 0; - int len; - word32 idx = 0; - const byte* sigParams = NULL; - int sigParamsSz = 0; - - WOLFSSL_MSG("ParseCRL"); - - /* raw crl hash */ - /* hash here if needed for optimized comparisons - * wc_Sha sha; - * wc_InitSha(&sha); - * wc_ShaUpdate(&sha, buff, sz); - * wc_ShaFinal(&sha, dcrl->crlHash); */ - - if (GetSequence(buff, &idx, &len, sz) < 0) - return ASN_PARSE_E; - - dcrl->certBegin = idx; - /* Normalize sz for the length inside the outer sequence. */ - sz = len + idx; - - if (GetSequence(buff, &idx, &len, sz) < 0) - return ASN_PARSE_E; - dcrl->sigIndex = len + idx; - - if (ParseCRL_CertList(rcert, dcrl, buff, &idx, dcrl->sigIndex, verify) < 0) - return ASN_PARSE_E; - - if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) - return ASN_PARSE_E; - - idx = dcrl->sigIndex; - - if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) { - return ASN_PARSE_E; - } -#ifdef WC_RSA_PSS - else if (dcrl->signatureOID == CTC_RSASSAPSS) { - word32 tmpSz; - const byte* params; - - tmpSz = idx; - params = buff + idx; - if (GetSequence(buff, &idx, &len, sz) < 0) { - return ASN_PARSE_E; - } - idx += len; - sigParams = params; - sigParamsSz = idx - tmpSz; - } -#endif - - if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0) - return ASN_PARSE_E; - - /* openssl doesn't add skid by default for CRLs cause firefox chokes - if experiencing issues uncomment NO_SKID define in CRL section of - wolfssl/wolfcrypt/settings.h */ -#ifndef NO_SKID - if (dcrl->extAuthKeyIdSet) { - ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */ - } - if (ca != NULL && XMEMCMP(dcrl->issuerHash, ca->subjectNameHash, - KEYID_SIZE) != 0) { - ca = NULL; - } - if (ca == NULL) { - ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */ - /* If AKID is available then this CA doesn't have the public - * key required */ - if (ca && dcrl->extAuthKeyIdSet) { - WOLFSSL_MSG("CA SKID doesn't match AKID"); - ca = NULL; - } - } -#else - ca = GetCA(cm, dcrl->issuerHash); -#endif /* !NO_SKID */ - WOLFSSL_MSG("About to verify CRL signature"); - - if (ca == NULL) { - WOLFSSL_MSG("Did NOT find CRL issuer CA"); - ret = ASN_CRL_NO_SIGNER_E; - WOLFSSL_ERROR_VERBOSE(ret); - goto end; - } - - WOLFSSL_MSG("Found CRL issuer CA"); - ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin, - dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength, - dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap); - -end: - return ret; -#else DECL_ASNGETDATA(dataASN, crlASN_Length); int ret = 0; /* Default version - v1 = 0 */ @@ -41253,7 +34711,8 @@ /* Next date was set, so validate it. */ if (verify != NO_VERIFY && (! AsnSkipDateCheck) && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER, + MAX_DATE_SIZE)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; WOLFSSL_ERROR_VERBOSE(ret); @@ -41286,7 +34745,7 @@ GetASNItem_DataIdx(dataASN[CRLASN_IDX_TBS_REVOKEDCERTS], buff), GetASNItem_EndIdx(dataASN[CRLASN_IDX_TBS_REVOKEDCERTS], buff)); } - if (ret == 0) { + if ((ret == 0) && GetASNItem_HaveIdx(dataASN[CRLASN_IDX_TBS_EXT_SEQ])) { /* Parse the extensions - starting after SEQUENCE OF. */ ret = ParseCRL_Extensions(dcrl, buff, GetASNItem_DataIdx(dataASN[CRLASN_IDX_TBS_EXT_SEQ], buff), @@ -41299,9 +34758,428 @@ FREE_ASNGETDATA(dataASN, dcrl->heap); return ret; +} #endif /* WOLFSSL_ASN_TEMPLATE */ +#ifdef WOLFSSL_CERT_GEN +/* Encode a date as ASN.1 (UTC or GeneralizedTime). + * Returns length written to output (including tag and length bytes). + * If output is NULL, just returns the required size. + */ +static word32 EncodeCrlDate(byte* output, const byte* date, byte format) +{ + word32 idx = 0; + word32 dateLen; + + /* Determine date length based on format */ + if (format == ASN_UTC_TIME) { + dateLen = ASN_UTC_TIME_SIZE - 1; /* exclude null terminator */ + } + else if (format == ASN_GENERALIZED_TIME) { + dateLen = ASN_GENERALIZED_TIME_SIZE - 1; + } + else { + return 0; /* unsupported format */ + } + + if (output != NULL) { + output[idx] = format; + } + idx++; + + if (output != NULL) { + idx += SetLength(dateLen, output + idx); + XMEMCPY(output + idx, date, dateLen); + } + else { + idx += SetLength(dateLen, NULL); + } + idx += dateLen; + + return idx; } +/* Encode a serial number as ASN.1 INTEGER. + * Similar to SetSerialNumber but always available. + */ +static int EncodeCrlSerial(const byte* sn, word32 snSz, byte* output, + word32 outputSz) +{ + int i; + int snSzInt = (int)snSz; + const byte* snPtr = sn; + + if (sn == NULL || snSzInt < 0) + return BAD_FUNC_ARG; + + /* remove leading zeros */ + while (snSzInt > 0 && snPtr[0] == 0) { + snSzInt--; + snPtr++; + } + /* Serial numbers must be non-negative; allow zero for tolerance */ + if (snSzInt == 0) { + i = SetASNInt(1, 0x00, output); + if (1 > (int)outputSz - i) { + return BUFFER_E; + } + if (output != NULL) { + output[i] = 0x00; + } + return i + 1; + } + + i = SetASNInt(snSzInt, snPtr[0], NULL); + /* sanity check number of bytes to copy */ + if (snSzInt > (int)outputSz - i || snSzInt <= 0) { + return BUFFER_E; + } + + if (output != NULL) { + /* write out ASN.1 Integer */ + (void)SetASNInt(snSzInt, snPtr[0], output); + XMEMCPY(output + i, snPtr, (size_t)snSzInt); + } + + return i + snSzInt; +} + +/* Encode a single revoked certificate entry. + * Returns length written to output. + */ +static word32 EncodeRevokedCert(byte* output, const RevokedCert* rc) +{ + int tmpSnSz; + word32 idx = 0; + word32 snSz, dateSz, seqSz; + byte snBuf[MAX_SN_SZ]; + byte dateBuf[MAX_DATE_SIZE + 2]; /* tag + length + data */ + byte seqBuf[MAX_SEQ_SZ]; + + /* Encode serial number */ + tmpSnSz = EncodeCrlSerial(rc->serialNumber, (word32)rc->serialSz, + snBuf, sizeof(snBuf)); + if (tmpSnSz < 0) + return 0; + snSz = (word32)tmpSnSz; + + /* Encode revocation date */ + dateSz = EncodeCrlDate(dateBuf, rc->revDate, rc->revDateFormat); + if (dateSz == 0) + return 0; + + /* Wrap in SEQUENCE */ + seqSz = SetSequence(snSz + dateSz, seqBuf); + + if (output != NULL) { + XMEMCPY(output + idx, seqBuf, seqSz); + idx += seqSz; + XMEMCPY(output + idx, snBuf, snSz); + idx += snSz; + XMEMCPY(output + idx, dateBuf, dateSz); + idx += dateSz; + } + else { + idx = seqSz + snSz + dateSz; + } + + return idx; +} + +/* Encode the CRL Number extension. + * Returns length written to output. + */ +static word32 EncodeCrlNumberExt(byte* output, const byte* crlNum, + word32 crlNumSz) +{ + int tmpIntSz; + word32 idx = 0; + word32 oidSz, intSz, octetSz, seqSz; + byte seqBuf[MAX_SEQ_SZ]; + byte octetBuf[MAX_OCTET_STR_SZ]; + byte intBuf[MAX_SN_SZ]; + + /* CRL Number OID: 2.5.29.20 */ + static const byte crlNumOid[] = { 0x06, 0x03, 0x55, 0x1d, 0x14 }; + oidSz = sizeof(crlNumOid); + + /* Encode the INTEGER for CRL number */ + tmpIntSz = EncodeCrlSerial(crlNum, crlNumSz, intBuf, sizeof(intBuf)); + if (tmpIntSz < 0) + return 0; + intSz = (word32)tmpIntSz; + + /* Wrap INTEGER in OCTET STRING */ + octetSz = SetOctetString(intSz, octetBuf); + + /* Wrap in extension SEQUENCE */ + seqSz = SetSequence(oidSz + octetSz + intSz, seqBuf); + + if (output != NULL) { + XMEMCPY(output + idx, seqBuf, seqSz); + idx += seqSz; + XMEMCPY(output + idx, crlNumOid, oidSz); + idx += oidSz; + XMEMCPY(output + idx, octetBuf, octetSz); + idx += octetSz; + XMEMCPY(output + idx, intBuf, intSz); + idx += intSz; + } + else { + idx = seqSz + oidSz + octetSz + intSz; + } + + return idx; +} + +/* Build CRL TBSCertList from fields. + * issuerDer: DER-encoded issuer Name + * issuerSz: size of issuer DER + * lastDate/lastDateFmt: thisUpdate time and format + * nextDate/nextDateFmt: nextUpdate time and format + * certs: linked list of revoked certificates (may be NULL) + * crlNumber/crlNumberSz: CRL number extension data (may be NULL) + * sigType: signature algorithm type (e.g., CTC_SHA256wRSA) + * version: CRL version (1 or 2; 2 required for extensions) + * output: buffer to write TBS (NULL to calculate size) + * outputSz: size of output buffer + * + * Returns: size of TBS on success, negative error code on failure + */ +int wc_MakeCRL_ex(const byte* issuerDer, word32 issuerSz, + const byte* lastDate, byte lastDateFmt, + const byte* nextDate, byte nextDateFmt, + RevokedCert* certs, const byte* crlNumber, word32 crlNumberSz, + int sigType, int version, byte* output, word32 outputSz) +{ + word32 idx = 0; + word32 tbsContentSz = 0; + word32 versionSz = 0, algoSz = 0, lastDateSz = 0, nextDateSz = 0; + word32 revokedSz = 0, extSz = 0, extSeqSz = 0, extCtxSz = 0; + word32 tbsSeqSz; + byte tbsSeqBuf[MAX_SEQ_SZ]; + byte versionBuf[MAX_VERSION_SZ]; + byte algoBuf[MAX_ALGO_SZ]; + byte lastDateBuf[MAX_DATE_SIZE + 2]; + byte nextDateBuf[MAX_DATE_SIZE + 2]; + byte revokedSeqBuf[MAX_SEQ_SZ]; + byte extSeqBuf[MAX_SEQ_SZ]; + byte extCtxBuf[MAX_SEQ_SZ + 1]; /* context tag + length */ + RevokedCert* rc; + + if (issuerDer == NULL || issuerSz == 0 || lastDate == NULL) + return BAD_FUNC_ARG; + + /* Version: only include if v2 (version = 2 means value 1 in ASN.1) */ + if (version >= 2) { + versionSz = (word32)SetMyVersion(version - 1, versionBuf, FALSE); + } + + /* Signature AlgorithmIdentifier */ + algoSz = SetAlgoID(sigType, algoBuf, oidSigType, 0); + if (algoSz == 0 || algoSz > MAX_ALGO_SZ) + return ALGO_ID_E; + + /* thisUpdate */ + lastDateSz = EncodeCrlDate(lastDateBuf, lastDate, lastDateFmt); + if (lastDateSz == 0) + return ASN_DATE_SZ_E; + + /* nextUpdate (optional) */ + if (nextDate != NULL && nextDateFmt != 0) { + nextDateSz = EncodeCrlDate(nextDateBuf, nextDate, nextDateFmt); + } + + /* revokedCertificates (optional) */ + if (certs != NULL) { + word32 contentSz = 0; + /* First pass: calculate size */ + for (rc = certs; rc != NULL; rc = rc->next) { + word32 entrySz = EncodeRevokedCert(NULL, rc); + if (entrySz == 0) + return ASN_PARSE_E; + contentSz += entrySz; + } + revokedSz = SetSequence(contentSz, revokedSeqBuf) + contentSz; + } + + /* crlExtensions (optional) - CRL Number */ + if (crlNumber != NULL && crlNumberSz > 0 && version >= 2) { + word32 crlNumExtSz = EncodeCrlNumberExt(NULL, crlNumber, crlNumberSz); + if (crlNumExtSz > 0) { + extSeqSz = SetSequence(crlNumExtSz, extSeqBuf); + /* Context tag [0] EXPLICIT */ + extCtxBuf[0] = (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0); + extCtxSz = 1 + SetLength(extSeqSz + crlNumExtSz, extCtxBuf + 1); + extSz = extCtxSz + extSeqSz + crlNumExtSz; + } + } + + /* Calculate total TBS content size */ + tbsContentSz = versionSz + algoSz + issuerSz + lastDateSz + nextDateSz + + revokedSz + extSz; + + /* TBS SEQUENCE header */ + tbsSeqSz = SetSequence(tbsContentSz, tbsSeqBuf); + + /* Check buffer size */ + if (output != NULL && (tbsSeqSz + tbsContentSz > outputSz)) + return BUFFER_E; + + /* If output is NULL, just return required size */ + if (output == NULL) + return (int)(tbsSeqSz + tbsContentSz); + + /* Encode TBS */ + idx = 0; + + /* TBS SEQUENCE header */ + XMEMCPY(output + idx, tbsSeqBuf, tbsSeqSz); + idx += tbsSeqSz; + + /* Version (optional) */ + if (versionSz > 0) { + XMEMCPY(output + idx, versionBuf, versionSz); + idx += versionSz; + } + + /* Signature AlgorithmIdentifier */ + XMEMCPY(output + idx, algoBuf, algoSz); + idx += algoSz; + + /* Issuer Name */ + XMEMCPY(output + idx, issuerDer, issuerSz); + idx += issuerSz; + + /* thisUpdate */ + XMEMCPY(output + idx, lastDateBuf, lastDateSz); + idx += lastDateSz; + + /* nextUpdate (optional) */ + if (nextDateSz > 0) { + XMEMCPY(output + idx, nextDateBuf, nextDateSz); + idx += nextDateSz; + } + + /* revokedCertificates (optional) */ + if (revokedSz > 0) { + word32 contentSz = 0; + for (rc = certs; rc != NULL; rc = rc->next) { + contentSz += EncodeRevokedCert(NULL, rc); + } + idx += SetSequence(contentSz, output + idx); + for (rc = certs; rc != NULL; rc = rc->next) { + idx += EncodeRevokedCert(output + idx, rc); + } + } + + /* crlExtensions (optional) */ + if (extSz > 0) { + word32 crlNumExtSz = EncodeCrlNumberExt(NULL, crlNumber, crlNumberSz); + /* Context tag [0] */ + output[idx++] = (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0); + idx += SetLength(extSeqSz + crlNumExtSz, output + idx); + /* Extensions SEQUENCE */ + idx += SetSequence(crlNumExtSz, output + idx); + /* CRL Number extension */ + idx += EncodeCrlNumberExt(output + idx, crlNumber, crlNumberSz); + } + + return (int)idx; +} + +/* Sign a CRL TBS and produce complete CRL DER. + * tbsBuf: contains the TBS at the beginning + * tbsSz: size of TBS in tbsBuf + * sType: signature type (e.g., CTC_SHA256wRSA) + * buf: output buffer for complete CRL. May be the same as tbsBuf. + * bufSz: size of output buffer + * rsaKey/eccKey: signing key (one must be non-NULL) + * rng: random number generator + * + * Returns: size of complete CRL on success, negative error on failure + */ +int wc_SignCRL_ex(const byte* tbsBuf, int tbsSz, int sType, + byte* buf, word32 bufSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) +{ + int ret; + int sigSz; + CertSignCtx certSignCtx_lcl; + CertSignCtx* certSignCtx = &certSignCtx_lcl; + void* heap = NULL; + + if (tbsBuf == NULL || tbsSz <= 0 || buf == NULL || rng == NULL) + return BAD_FUNC_ARG; + if (rsaKey == NULL && eccKey == NULL) + return BAD_FUNC_ARG; + if (rsaKey != NULL && eccKey != NULL) + return BAD_FUNC_ARG; + + XMEMSET(certSignCtx, 0, sizeof(*certSignCtx)); + +#ifndef NO_RSA + if (rsaKey != NULL) { + heap = rsaKey->heap; + } +#endif +#ifdef HAVE_ECC + if (eccKey != NULL) { + heap = eccKey->heap; + } +#endif + + /* Copy TBS to output buffer first */ + if ((word32)tbsSz > bufSz) + return BUFFER_E; + XMEMCPY(buf, tbsBuf, (size_t)tbsSz); + +#ifndef WOLFSSL_NO_MALLOC + certSignCtx->sig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (certSignCtx->sig == NULL) + return MEMORY_E; + /* Initialize first byte to avoid static analysis warnings about using + * uninitialized memory if MakeSignature fails before writing sig. */ + certSignCtx->sig[0] = 0; +#endif + + /* Create signature */ + sigSz = MakeSignature(certSignCtx, buf, (word32)tbsSz, certSignCtx->sig, + MAX_ENCODED_SIG_SZ, rsaKey, eccKey, NULL, NULL, NULL, + NULL, NULL, rng, (word32)sType, heap); + if (sigSz < 0) { +#ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return sigSz; + } + + /* Ensure output buffer is large enough for signature wrapper */ + ret = AddSignature(NULL, tbsSz, certSignCtx->sig, sigSz, sType); + if (ret < 0) { +#ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; + } + if ((word32)ret > bufSz) { +#ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return BUFFER_E; + } + + /* Add signature algorithm and signature to buffer */ + ret = AddSignature(buf, tbsSz, certSignCtx->sig, sigSz, sType); + +#ifndef WOLFSSL_NO_MALLOC + XFREE(certSignCtx->sig, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* WOLFSSL_CERT_GEN */ + #endif /* HAVE_CRL */ @@ -41343,83 +35221,9 @@ #define pivCertASN_Length (sizeof(pivCertASN) / sizeof(ASNItem)) #endif +#ifdef WOLFSSL_ASN_TEMPLATE int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz) { -#ifndef WOLFSSL_ASN_TEMPLATE - int length = 0; - word32 idx = 0; - - WOLFSSL_ENTER("wc_ParseCertPIV"); - - if (piv == NULL || buf == NULL || totalSz == 0) - return BAD_FUNC_ARG; - - XMEMSET(piv, 0, sizeof(wc_CertPIV)); - - /* Detect Identiv PIV (with 0x0A, 0x0B and 0x0C sections) */ - /* Certificate (0A 82 05FA) */ - if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) { - /* Identiv Type PIV card */ - piv->isIdentiv = 1; - - piv->cert = &buf[idx]; - piv->certSz = length; - idx += length; - - /* Nonce (0B 14) */ - if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) { - piv->nonce = &buf[idx]; - piv->nonceSz = length; - idx += length; - } - - /* Signed Nonce (0C 82 0100) */ - if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) { - piv->signedNonce = &buf[idx]; - piv->signedNonceSz = length; - } - - idx = 0; - buf = piv->cert; - totalSz = piv->certSz; - } - - /* Certificate Buffer Total Size (53 82 05F6) */ - if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx, - &length, totalSz) < 0) { - return ASN_PARSE_E; - } - /* PIV Certificate (70 82 05ED) */ - if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length, - totalSz) < 0) { - return ASN_PARSE_E; - } - - /* Capture certificate buffer pointer and length */ - piv->cert = &buf[idx]; - piv->certSz = length; - idx += length; - - /* PIV Certificate Info (71 01 00) */ - if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length, - totalSz) >= 0) { - if (length >= 1) { - piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED); - piv->isX509 = ((buf[idx] & ASN_PIV_CERT_INFO_ISX509) != 0); - } - idx += length; - } - - /* PIV Error Detection (FE 00) */ - if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length, - totalSz) >= 0) { - piv->certErrDet = &buf[idx]; - piv->certErrDetSz = length; - idx += length; - } - - return 0; -#else /* pivCertASN_Length is longer than pivASN_Length */ DECL_ASNGETDATA(dataASN, pivCertASN_Length); int ret = 0; @@ -41485,9 +35289,8 @@ FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif /* WOLFSSL_ASN_TEMPLATE */ } - +#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_CERT_PIV */ @@ -41829,7 +35632,6 @@ #endif /* HAVE_SMIME */ -#undef ERROR_OUT #ifdef WOLFSSL_ASN_PRINT @@ -42671,6 +36473,14 @@ } #endif /* WOLFSSL_ASN_PRINT */ + +/* Include original (non-template) ASN implementations. + * asn_orig.c must not be compiled separately. */ +#ifndef WOLFSSL_ASN_TEMPLATE +#define WOLFSSL_ASN_ORIG_INCLUDED +#include "wolfcrypt/src/asn_orig.c" +#endif /* !WOLFSSL_ASN_TEMPLATE */ + #endif /* !NO_ASN */ /* Functions that parse, but are not using ASN.1 */ @@ -43826,7 +37636,82 @@ #endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */ +#ifdef HAVE_OCSP_RESPONDER +int AsnHashesHash(AsnHashes* hashes, const byte* data, word32 dataSz) +{ + int ret = 0; + + if (hashes == NULL || data == NULL) + ret = BAD_FUNC_ARG; +#if !defined(NO_MD5) + if (ret == 0) + ret = wc_Md5Hash(data, dataSz, hashes->md5); +#endif +#if !defined(NO_SHA) + if (ret == 0) + ret = wc_ShaHash(data, dataSz, hashes->sha); +#endif +#ifndef NO_SHA256 + if (ret == 0) + ret = wc_Sha256Hash(data, dataSz, hashes->sha256); +#endif +#ifdef WOLFSSL_SHA384 + if (ret == 0) + ret = wc_Sha384Hash(data, dataSz, hashes->sha384); +#endif +#ifdef WOLFSSL_SHA512 + if (ret == 0) + ret = wc_Sha512Hash(data, dataSz, hashes->sha512); +#endif +#ifdef WOLFSSL_SM3 + if (ret == 0) + ret = wc_Sm3Hash(data, dataSz, hashes->sm3); +#endif + + return ret; +} + +const byte* AsnHashesGetHash(const AsnHashes* hashes, int hashAlg, int* size) +{ + if (hashes == NULL || size == NULL) + return NULL; + + switch (hashAlg) { +#if !defined(NO_SHA) + case SHAh: + *size = WC_SHA_DIGEST_SIZE; + return hashes->sha; +#endif +#ifndef NO_SHA256 + case SHA256h: + *size = WC_SHA256_DIGEST_SIZE; + return hashes->sha256; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384h: + *size = WC_SHA384_DIGEST_SIZE; + return hashes->sha384; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512h: + *size = WC_SHA512_DIGEST_SIZE; + return hashes->sha512; +#endif +#ifdef WOLFSSL_SM3 + case SM3h: + *size = WC_SM3_DIGEST_SIZE; + return hashes->sm3; +#endif + default: + *size = 0; + return NULL; + } +} +#endif /* HAVE_OCSP_RESPONDER */ + #ifdef WOLFSSL_SEP #endif /* WOLFSSL_SEP */ + +#undef ERROR_OUT diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asn_orig.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn_orig.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/asn_orig.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/asn_orig.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,9623 @@ +/* asn_orig.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + * Original (non-template) ASN.1 implementations. + * This file is included from asn.c when building without WOLFSSL_ASN_TEMPLATE. + * It must not be compiled as a separate translation unit. + */ + +#ifdef HAVE_CONFIG_H + #include +#endif +#include + +#ifndef WOLFSSL_ASN_ORIG_INCLUDED + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning asn_orig.c does not need to be compiled separately from asn.c + #endif +#else + +/* Forward declarations for static functions defined later in this file. */ +static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx); +#ifndef NO_DSA +static WC_INLINE void FreeTmpDsas(byte** tmps, void* heap, int ints); +#endif +#ifndef NO_CERTS +static int GetCertHeader(DecodedCert* cert); +static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx); +static int GetValidity(DecodedCert* cert, int verify, int maxIdx); +#endif +static word32 SetOctetString8Bit(word32 len, byte* output); +static word32 SetDigest(const byte* digest, word32 digSz, byte* output); +#ifndef NO_CERTS +static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry); +#if defined(WOLFSSL_SEP) +static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, word32* idxIn, word32 sz); +#endif +static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, word32* idx, word32 sz, int oid); +#ifdef WOLFSSL_CERT_GEN +#ifdef WOLFSSL_CERT_REQ +static word32 SetPrintableString(word32 len, byte* output); +static word32 SetUTF8String(word32 len, byte* output); +#endif +static int CopyValidity(byte* output, Cert* cert); +static int SetExtensions(byte* out, word32 outSz, int *IdxInOut, const byte* ext, int extSz); +static int SetExtensionsHeader(byte* out, word32 outSz, word32 extSz); +static int SetCaWithPathLen(byte* out, word32 outSz, byte pathLen); +static int SetCaEx(byte* out, word32 outSz, byte isCa); +static int SetCa(byte* out, word32 outSz); +static int SetBC(byte* out, word32 outSz); +#ifdef WOLFSSL_CERT_EXT +static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz, byte *in, word32 inSz); +static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length); +static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, byte rawAkid); +static int SetKeyUsage(byte* output, word32 outSz, word16 input); +static int SetOjectIdValue(byte* output, word32 outSz, word32* idx, const byte* oid, word32 oidSz); +#ifndef IGNORE_NETSCAPE_CERT_TYPE +static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input); +#endif +static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input, int inSz); +#endif +#ifdef WOLFSSL_ALT_NAMES +static int SetAltNames(byte *output, word32 outSz, const byte *input, word32 length, int critical); +#endif +#ifdef WOLFSSL_CERT_REQ +static word32 SetReqAttribSingle(byte* output, word32* idx, char* attr, word32 attrSz, const byte* oid, word32 oidSz, byte printable, word32 extSz); +static int SetReqAttrib(byte* output, Cert* cert, word32 extSz); +#ifdef WOLFSSL_CUSTOM_OID +static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz, CertOidField* custom); +#endif +#endif +#endif +#endif +#if defined(HAVE_ECC) || !defined(NO_DSA) +static word32 is_leading_bit_set(const byte* input, word32 sz); +static word32 trim_leading_zeros(const byte** input, word32 sz); +#endif +#ifdef HAVE_ECC +#ifdef WOLFSSL_CUSTOM_CURVES +static int ASNToHexString(const byte* input, word32* inOutIdx, char** out, word32 inSz, void* heap, int heapType); +static int EccKeyParamCopy(char** dst, char* src, void* heap); +#endif +#endif +#if (defined(HAVE_OCSP) || defined(HAVE_CRL)) && !defined(WOLFCRYPT_ONLY) +static int GetBasicDate(const byte* source, word32* idx, byte* date, byte* format, int maxIdx); +#endif +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) +static int GetEnumerated(const byte* input, word32* inOutIdx, int *value, int sz); +#endif + +int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx) +{ + int ret, length; + + WOLFSSL_ENTER("GetObjectId"); + + ret = GetASNObjectId(input, inOutIdx, &length, maxIdx); + if (ret != 0) + return ret; + + return GetOID(input, inOutIdx, oid, oidType, length); +} + +static int SkipObjectId(const byte* input, word32* inOutIdx, word32 maxIdx) +{ + word32 idx = *inOutIdx; + int length; + int ret; + + ret = GetASNObjectId(input, &idx, &length, maxIdx); + if (ret != 0) + return ret; + + idx += (word32)length; + *inOutIdx = idx; + + return 0; +} + +static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams) +{ + int length; + word32 idx = *inOutIdx; + int ret; + *oid = 0; + + WOLFSSL_ENTER("GetAlgoId"); + + if (GetSequence(input, &idx, &length, maxIdx) < 0) + return ASN_PARSE_E; + + if (GetObjectId(input, &idx, oid, oidType, maxIdx) < 0) + return ASN_OBJECT_ID_E; + + /* could have NULL tag and 0 terminator, but may not */ + if (idx < maxIdx) { + word32 localIdx = idx; /*use localIdx to not advance when checking tag*/ + byte tag; + + if (GetASNTag(input, &localIdx, &tag, maxIdx) == 0) { + if (tag == ASN_TAG_NULL) { + ret = GetASNNull(input, &idx, maxIdx); + if (ret != 0) + return ret; + + if (absentParams != NULL) { + *absentParams = FALSE; + } + } + } + } + + *inOutIdx = idx; + + return 0; +} + +#ifndef NO_RSA +static int _RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + RsaKey* key, int* keySz, word32 inSz) +{ + int version, length; + word32 algId = 0; + int i; + + if (inOutIdx == NULL || input == NULL || (key == NULL && keySz == NULL)) { + return BAD_FUNC_ARG; + } + + /* if has pkcs8 header skip it */ + if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { + /* ignore error, did not have pkcs8 header */ + } + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + + if (key == NULL) { + /* Modulus */ + if (GetASNInt(input, inOutIdx, keySz, inSz) < 0) { + return ASN_PARSE_E; + } + *inOutIdx += (word32)*keySz; + for (i = 1; i < RSA_INTS; i++) { + if (SkipInt(input, inOutIdx, inSz) < 0) { + return ASN_RSA_KEY_E; + } + } + } + else { + key->type = RSA_PRIVATE; + + #ifdef WOLFSSL_CHECK_MEM_ZERO + mp_memzero_add("Decode RSA key d", &key->d); + mp_memzero_add("Decode RSA key p", &key->p); + mp_memzero_add("Decode RSA key q", &key->q); + #if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + mp_memzero_add("Decode RSA key dP", &key->dP); + mp_memzero_add("Decode RSA key dQ", &key->dQ); + mp_memzero_add("Decode RSA key u", &key->u); + #endif + #endif + + /* Extract all public fields. */ + for (i = 0; i < RSA_INT_CNT; i++) { + if (GetInt(GetRsaInt(key, i), input, inOutIdx, inSz) < 0) { + for (i--; i >= 0; i--) { + mp_clear(GetRsaInt(key, i)); + } + return ASN_RSA_KEY_E; + } + } + #if RSA_INT_CNT != RSA_MAX_INT_CNT + for (; i < RSA_MAX_INT_CNT; i++) { + if (SkipInt(input, inOutIdx, inSz) < 0) { + for (i = RSA_INT_CNT - 1; i >= 0; i--) { + mp_clear(GetRsaInt(key, i)); + } + return ASN_RSA_KEY_E; + } + } + #endif + + #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) + if (wc_InitRsaHw(key) != 0) { + return BAD_STATE_E; + } + #endif + } + + return 0; +} + +#endif +int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, + word32* algId, word32* eccOid) +{ + word32 idx; + int version, length; + int ret; + byte tag; + + if (input == NULL || inOutIdx == NULL) + return BAD_FUNC_ARG; + + idx = *inOutIdx; + + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, &idx, &version, sz) < 0) + return ASN_PARSE_E; + + if (GetAlgoId(input, &idx, algId, oidKeyType, sz) < 0) + return ASN_PARSE_E; + + if (GetASNTag(input, &idx, &tag, sz) < 0) + return ASN_PARSE_E; + idx = idx - 1; /* reset idx after finding tag */ + +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + if (*algId == RSAPSSk && tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + word32 seqIdx = idx; + int seqLen; + /* Not set when -1. */ + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int mgf = -1; + int saltLen = 0; + + if (GetSequence(input, &idx, &seqLen, sz) < 0) { + return ASN_PARSE_E; + } + /* Get the private key parameters. */ + ret = DecodeRsaPssParams(input + seqIdx, + seqLen + idx - seqIdx, &hash, &mgf, &saltLen); + if (ret != 0) { + return ASN_PARSE_E; + } + /* TODO: store parameters so that usage can be checked. */ + idx += seqLen; + } +#endif /* WC_RSA_PSS && !NO_RSA */ + + if (tag == ASN_OBJECT_ID) { + if ((*algId == ECDSAk) && (eccOid != NULL)) { + if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0) + return ASN_PARSE_E; + } + else { + if (SkipObjectId(input, &idx, sz) < 0) + return ASN_PARSE_E; + } + } + + ret = GetOctetString(input, &idx, &length, sz); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(BUFFER_E)) + return ASN_PARSE_E; + /* Some private keys don't expect an octet string - ignore error. */ + WOLFSSL_MSG("Couldn't find Octet string"); + length = 0; + } + + *inOutIdx = idx; + + return length; +} + +#if defined(HAVE_PKCS8) +int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, + int algoID, const byte* curveOID, word32 oidSz) +{ + word32 keyIdx = 0; + word32 tmpSz = 0; + word32 sz; + word32 tmpAlgId = 0; + + /* If out is NULL then return the max size needed + * + 2 for ASN_OBJECT_ID and ASN_OCTET_STRING tags */ + if (out == NULL && outSz != NULL) { + *outSz = keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ + + MAX_LENGTH_SZ + MAX_LENGTH_SZ + 2; + + if (curveOID != NULL) + *outSz += oidSz + MAX_LENGTH_SZ + 1; + + WOLFSSL_MSG("Checking size of PKCS8"); + + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + WOLFSSL_ENTER("wc_CreatePKCS8Key"); + + if (key == NULL || out == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* check the buffer has enough room for largest possible size */ + if (curveOID != NULL) { + sz = keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ + MAX_LENGTH_SZ + + MAX_LENGTH_SZ + 3 + oidSz + MAX_LENGTH_SZ; + if ((keySz > sz) || (oidSz > sz) || (*outSz < sz)) + return BUFFER_E; + } + else { + oidSz = 0; /* with no curveOID oid size must be 0 */ + sz= keySz + MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_ALGO_SZ + MAX_LENGTH_SZ + + MAX_LENGTH_SZ + 2; + if ((keySz > sz) || (*outSz < sz)) + return BUFFER_E; + } + + /* sanity check: make sure the key doesn't already have a PKCS 8 header */ + if (ToTraditionalInline_ex(key, &keyIdx, keySz, &tmpAlgId) >= 0) { + (void)tmpAlgId; + return ASN_PARSE_E; + } + + /* PrivateKeyInfo ::= SEQUENCE */ + keyIdx = MAX_SEQ_SZ; /* save room for sequence */ + + /* version Version + * no header information just INTEGER */ + sz = (word32)SetMyVersion(PKCS8v0, out + keyIdx, 0); + tmpSz += sz; keyIdx += sz; + /* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier */ + sz = 0; /* set sz to 0 and get privateKey oid buffer size needed */ + if (curveOID != NULL && oidSz > 0) { + byte buf[MAX_LENGTH_SZ]; + sz = SetLength(oidSz, buf); + sz += 1; /* plus one for ASN object id */ + } + sz = (word32)SetAlgoID(algoID, out + keyIdx, oidKeyType, (int)(oidSz + sz)); + tmpSz += sz; keyIdx += sz; + + /* privateKey PrivateKey * + * pkcs8 ecc uses slightly different format. Places curve oid in + * buffer */ + if (curveOID != NULL && oidSz > 0) { + sz = (word32)SetObjectId((int)oidSz, out + keyIdx); + keyIdx += sz; tmpSz += sz; + XMEMCPY(out + keyIdx, curveOID, oidSz); + keyIdx += oidSz; tmpSz += oidSz; + } + + sz = (word32)SetOctetString(keySz, out + keyIdx); + keyIdx += sz; tmpSz += sz; + XMEMCPY(out + keyIdx, key, keySz); + tmpSz += keySz; + + /* attributes optional + * No attributes currently added */ + + /* rewind and add sequence */ + sz = SetSequence(tmpSz, out); + XMEMMOVE(out + sz, out + MAX_SEQ_SZ, tmpSz); + + *outSz = tmpSz + sz; + return (int)(tmpSz + sz); +} + +#endif +#ifndef NO_PWDBASED +#ifdef HAVE_PKCS8 +int DecryptContent(byte* input, word32 sz, const char* password, int passwordSz) +{ + word32 inOutIdx = 0, seqEnd, oid, shaOid = 0, seqPkcs5End = sz; + int ret = 0, first, second, length = 0, version, saltSz, id = 0; + int iterations = 0, keySz = 0; +#ifdef WOLFSSL_SMALL_STACK + byte* salt = NULL; + byte* cbcIv = NULL; +#else + byte salt[MAX_SALT_SIZE]; + byte cbcIv[MAX_IV_SIZE]; +#endif + byte tag; + + if (passwordSz < 0) { + WOLFSSL_MSG("Bad password size"); + return BAD_FUNC_ARG; + } + + if (GetAlgoId(input, &inOutIdx, &oid, oidIgnoreType, sz) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + first = input[inOutIdx - 2]; /* PKCS version always 2nd to last byte */ + second = input[inOutIdx - 1]; /* version.algo, algo id last byte */ + + if (CheckAlgo(first, second, &id, &version, NULL) < 0) { + ERROR_OUT(ASN_INPUT_E, exit_dc); /* Algo ID error */ + } + + if (version == PKCS5v2) { + if (GetSequence(input, &inOutIdx, &length, sz) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + seqPkcs5End = inOutIdx + length; + + if (GetAlgoId(input, &inOutIdx, &oid, oidKdfType, sz) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + if (oid != PBKDF2_OID) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + } + + if (GetSequence(input, &inOutIdx, &length, sz) <= 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + /* Find the end of this SEQUENCE so we can check for the OPTIONAL and + * DEFAULT items. */ + seqEnd = inOutIdx + (word32)length; + + ret = GetOctetString(input, &inOutIdx, &saltSz, seqEnd); + if (ret < 0) + goto exit_dc; + + if (saltSz > MAX_SALT_SIZE) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + WC_ALLOC_VAR_EX(salt, byte, MAX_SALT_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER, + ERROR_OUT(MEMORY_E,exit_dc)); + + XMEMCPY(salt, &input[inOutIdx], (size_t)saltSz); + inOutIdx += (word32)saltSz; + + if (GetShortInt(input, &inOutIdx, &iterations, seqEnd) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + /* OPTIONAL key length */ + if (seqEnd > inOutIdx) { + word32 localIdx = inOutIdx; + + if (GetASNTag(input, &localIdx, &tag, seqEnd) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + if (tag == ASN_INTEGER && + GetShortInt(input, &inOutIdx, &keySz, seqEnd) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + } + + /* DEFAULT HMAC is SHA-1 */ + if (seqEnd > inOutIdx) { + if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, seqEnd) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + shaOid = oid; + } + + WC_ALLOC_VAR_EX(cbcIv, byte, MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER, + ERROR_OUT(MEMORY_E,exit_dc)); + + if (version == PKCS5v2) { + /* get encryption algo */ + if (GetAlgoId(input, &inOutIdx, &oid, oidBlkType, seqPkcs5End) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + if (CheckAlgoV2((int)oid, &id, NULL) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); /* PKCS v2 algo id error */ + } + + if (shaOid == 0) + shaOid = oid; + + ret = GetOctetString(input, &inOutIdx, &length, seqPkcs5End); + if (ret < 0) + goto exit_dc; + + if (length > MAX_IV_SIZE) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + XMEMCPY(cbcIv, &input[inOutIdx], (size_t)length); + inOutIdx += (word32)length; + } + + if (GetASNTag(input, &inOutIdx, &tag, sz) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + if (tag != (ASN_CONTEXT_SPECIFIC | 0) && tag != ASN_OCTET_STRING) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + if (GetLength(input, &inOutIdx, &length, sz) < 0) { + ERROR_OUT(ASN_PARSE_E, exit_dc); + } + + ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, + input + inOutIdx, length, version, cbcIv, 0, (int)shaOid); + +exit_dc: + WC_FREE_VAR_EX(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(cbcIv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret == 0) { + XMEMMOVE(input, input + inOutIdx, (size_t)length); + ret = length; + } + + return ret; +} + +#endif +#ifdef HAVE_PKCS12 +int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, + const char* password, int passwordSz, int vPKCS, int vAlgo, + int encAlgId, byte* salt, word32 saltSz, int itt, int hmacOid, + WC_RNG* rng, void* heap) +{ + word32 sz; + word32 inOutIdx = 0; + word32 tmpIdx = 0; + word32 totalSz = 0; + word32 seqSz; + word32 innerSz; + int ret; + int version, id = PBE_NONE, blockSz = 0; +#ifdef WOLFSSL_SMALL_STACK + byte* saltTmp = NULL; + byte* cbcIv = NULL; +#else + byte saltTmp[MAX_SALT_SIZE]; + byte cbcIv[MAX_IV_SIZE]; +#endif + byte seq[MAX_SEQ_SZ]; + byte shr[MAX_SHORT_SZ]; + word32 maxShr = MAX_SHORT_SZ; + word32 algoSz; + const byte* algoName; + + (void)encAlgId; + (void)hmacOid; + (void)heap; + + (void)EncryptContentPBES2; + + WOLFSSL_ENTER("EncryptContent"); + + if (CheckAlgo(vPKCS, vAlgo, &id, &version, &blockSz) < 0) + return ASN_INPUT_E; /* Algo ID error */ + + if (version == PKCS5v2) { + WOLFSSL_MSG("PKCS#5 version 2 not supported yet"); + return BAD_FUNC_ARG; + } + + if (saltSz > MAX_SALT_SIZE) + return ASN_PARSE_E; + + if (outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* calculate size */ + /* size of constructed string at end */ + sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); + totalSz = ASN_TAG_SZ; + totalSz += SetLength(sz, seq); + totalSz += sz; + + /* size of sequence holding object id and sub sequence of salt and itt */ + algoName = OidFromId((word32)id, oidPBEType, &algoSz); + if (algoName == NULL) { + WOLFSSL_MSG("Unknown Algorithm"); + return 0; + } + innerSz = (word32)SetObjectId((int)algoSz, seq); + innerSz += algoSz; + + /* get subsequence of salt and itt */ + if (salt == NULL || saltSz == 0) { + sz = 8; + } + else { + sz = saltSz; + } + seqSz = SetOctetString(sz, seq); + seqSz += sz; + + tmpIdx = 0; + ret = SetShortInt(shr, &tmpIdx, (word32)itt, maxShr); + if (ret >= 0) { + seqSz += (word32)ret; + } + else { + return ret; + } + innerSz += seqSz + SetSequence(seqSz, seq); + totalSz += innerSz + SetSequence(innerSz, seq); + + if (out == NULL) { + *outSz = totalSz; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + inOutIdx = 0; + if (totalSz > *outSz) + return BUFFER_E; + + inOutIdx += SetSequence(innerSz, out + inOutIdx); + inOutIdx += (word32)SetObjectId((int)algoSz, out + inOutIdx); + XMEMCPY(out + inOutIdx, algoName, algoSz); + inOutIdx += algoSz; + inOutIdx += SetSequence(seqSz, out + inOutIdx); + + /* create random salt if one not provided */ + if (salt == NULL || saltSz == 0) { + saltSz = 8; + WC_ALLOC_VAR_EX(saltTmp, byte, saltSz, heap, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + salt = saltTmp; + + if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) { + WOLFSSL_MSG("Error generating random salt"); + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + } + inOutIdx += SetOctetString(saltSz, out + inOutIdx); + if (saltSz + inOutIdx > *outSz) { + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + XMEMCPY(out + inOutIdx, salt, saltSz); + inOutIdx += saltSz; + + /* place iteration setting in buffer */ + ret = SetShortInt(out, &inOutIdx, (word32)itt, *outSz); + if (ret < 0) { + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } + + if (inOutIdx + 1 > *outSz) { + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + out[inOutIdx++] = ASN_CONTEXT_SPECIFIC | 0; + + /* get pad size and verify buffer room */ + sz = wc_PkcsPad(NULL, inputSz, (word32)blockSz); + if (sz + inOutIdx > *outSz) { + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + inOutIdx += SetLength(sz, out + inOutIdx); + + /* copy input to output buffer and pad end */ + XMEMCPY(out + inOutIdx, input, inputSz); + sz = wc_PkcsPad(out + inOutIdx, inputSz, (word32)blockSz); +#ifdef WOLFSSL_SMALL_STACK + cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (cbcIv == NULL) { + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + /* encrypt */ + if ((ret = wc_CryptKey(password, passwordSz, salt, (int)saltSz, itt, id, + out + inOutIdx, (int)sz, version, cbcIv, 1, 0)) < 0) { + + WC_FREE_VAR_EX(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; /* encrypt failure */ + } + + WC_FREE_VAR_EX(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + + (void)rng; + + return (int)(inOutIdx + sz); +} + +#endif +#endif +#ifndef NO_RSA +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) +static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, + word32 inSz, word32* key_n, + word32* key_n_len, word32* key_e, + word32* key_e_len) +{ + int ret = 0; + int length = 0; + +#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) + byte b; +#endif + + if (input == NULL || inOutIdx == NULL) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + +#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) + if ((*inOutIdx + 1) > inSz) + return BUFFER_E; + + b = input[*inOutIdx]; + if (b != ASN_INTEGER) { + /* not from decoded cert, will have algo id, skip past */ + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (SkipObjectId(input, inOutIdx, inSz) < 0) + return ASN_PARSE_E; + + /* Option NULL ASN.1 tag */ + if (*inOutIdx >= inSz) { + return BUFFER_E; + } + if (input[*inOutIdx] == ASN_TAG_NULL) { + ret = GetASNNull(input, inOutIdx, inSz); + if (ret != 0) + return ret; + } + /* TODO: support RSA PSS */ + + /* should have bit tag length and seq next */ + ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL); + if (ret != 0) + return ret; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + } +#endif /* OPENSSL_EXTRA */ + + /* Get modulus */ + ret = GetASNInt(input, inOutIdx, &length, inSz); + *key_n += *inOutIdx; + if (ret < 0) { + return ASN_RSA_KEY_E; + } + if (key_n_len) + *key_n_len = length; + *inOutIdx += length; + + /* Get exponent */ + ret = GetASNInt(input, inOutIdx, &length, inSz); + *key_e += *inOutIdx; + if (ret < 0) { + return ASN_RSA_KEY_E; + } + if (key_e_len) + *key_e_len = length; + return ret; +} + +#endif +int wc_RsaPublicKeyDecode_ex(const byte* input, word32* inOutIdx, word32 inSz, + const byte** n, word32* nSz, const byte** e, word32* eSz) +{ + int ret = 0; + int length = 0; + int firstLen = 0; + word32 seqEndIdx = inSz; +#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) + word32 localIdx; + byte tag; +#endif + + if (input == NULL || inOutIdx == NULL) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + +#if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) + localIdx = *inOutIdx; + if (GetASNTag(input, &localIdx, &tag, inSz) < 0) + return BUFFER_E; + + if (tag != ASN_INTEGER) { + /* not from decoded cert, will have algo id, skip past */ + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (SkipObjectId(input, inOutIdx, inSz) < 0) + return ASN_PARSE_E; + + /* Option NULL ASN.1 tag */ + if (*inOutIdx >= inSz) { + return BUFFER_E; + } + + localIdx = *inOutIdx; + if (GetASNTag(input, &localIdx, &tag, inSz) < 0) + return ASN_PARSE_E; + + if (tag == ASN_TAG_NULL) { + ret = GetASNNull(input, inOutIdx, inSz); + if (ret != 0) + return ret; + } + #ifdef WC_RSA_PSS + /* Skip RSA PSS parameters. */ + else if (tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + *inOutIdx += length; + } + #endif + + /* should have bit tag length and seq next */ + ret = CheckBitString(input, inOutIdx, NULL, inSz, 1, NULL); + if (ret != 0) + return ret; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + /* Calculate where the sequence should end for public key validation */ + seqEndIdx = *inOutIdx + (word32)length; + } +#endif /* OPENSSL_EXTRA */ + + /* Get modulus */ + ret = GetASNInt(input, inOutIdx, &firstLen, seqEndIdx); + if (ret < 0) { + return ASN_RSA_KEY_E; + } + if (nSz) + *nSz = (word32)firstLen; + if (n) + *n = &input[*inOutIdx]; + *inOutIdx += (word32)firstLen; + + /* Get exponent */ + ret = GetASNInt(input, inOutIdx, &length, seqEndIdx); + if (ret < 0) { + return ASN_RSA_KEY_E; + } + if (eSz) + *eSz = (word32)length; + if (e) + *e = &input[*inOutIdx]; + *inOutIdx += (word32)length; + + /* Detect if this is an RSA private key being passed as public key. + * An RSA private key has: version (small), modulus (large), exponent, + * followed by more integers (d, p, q, etc.). + * An RSA public key has: modulus (large), exponent, and nothing more. + * If the first integer is small (like version 0) AND there is more data + * remaining in the sequence, this is likely a private key. */ + if (firstLen <= MAX_VERSION_SZ && *inOutIdx < seqEndIdx) { + /* First integer is small and there's more data - looks like + * version field of a private key, not a modulus */ + return ASN_RSA_KEY_E; + } + + return ret; +} + +#endif +#ifndef NO_DH +int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) +{ + int ret = 0; + int length; +#ifdef WOLFSSL_DH_EXTRA + #if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + word32 oid = 0, temp = 0; + #endif +#endif + + WOLFSSL_ENTER("wc_DhKeyDecode"); + + if (inOutIdx == NULL) + return BAD_FUNC_ARG; + + if (key == NULL) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + +#ifdef WOLFSSL_DH_EXTRA + #if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + temp = *inOutIdx; + #endif +#endif + /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */ + if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { + ret = ASN_DH_KEY_E; + } + if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { + mp_clear(&key->p); + ret = ASN_DH_KEY_E; + } + +#ifdef WOLFSSL_DH_EXTRA + #if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + /* If ASN_DH_KEY_E: Check if input started at beginning of key */ + if (ret == WC_NO_ERR_TRACE(ASN_DH_KEY_E)) { + *inOutIdx = temp; + + /* the version (0) - private only (for public skip) */ + if (GetASNInt(input, inOutIdx, &length, inSz) == 0) { + *inOutIdx += (word32)length; + } + + /* Size of dhKeyAgreement section */ + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + /* Check for dhKeyAgreement */ + ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz); + if (oid != DHk || ret < 0) + return ASN_DH_KEY_E; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { + return ASN_DH_KEY_E; + } + if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { + mp_clear(&key->p); + return ASN_DH_KEY_E; + } + } + + temp = *inOutIdx; + ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0); + if (ret > 0) { + /* Found Bit String */ + if (GetInt(&key->pub, input, inOutIdx, inSz) == 0) { + WOLFSSL_MSG("Found Public Key"); + ret = 0; + } + } else { + *inOutIdx = temp; + ret = (GetOctetString(input, inOutIdx, &length, inSz) >= 0); + if (ret > 0) { + /* Found Octet String */ + if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) { + WOLFSSL_MSG("Found Private Key"); + + /* Compute public */ + ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub); + } + } else { + /* Don't use length from failed CheckBitString/GetOctetString */ + *inOutIdx = temp; + ret = 0; + } + } + #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* WOLFSSL_DH_EXTRA */ + + WOLFSSL_LEAVE("wc_DhKeyDecode", ret); + + return ret; +} + +#ifdef WOLFSSL_DH_EXTRA +int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) +{ + int ret, privSz = 0, pubSz = 0; + word32 keySz, idx, len, total; + + if (key == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* determine size */ + if (exportPriv) { + /* octet string: priv */ + privSz = SetASNIntMP(&key->priv, -1, NULL); + if (privSz < 0) + return privSz; + idx = 1 + SetLength((word32)privSz, NULL) + + (word32)privSz; /* +1 for ASN_OCTET_STRING */ + } + else { + /* bit string: public */ + pubSz = SetASNIntMP(&key->pub, -1, NULL); + if (pubSz < 0) + return pubSz; + idx = SetBitString((word32)pubSz, 0, NULL) + (word32)pubSz; + } + keySz = idx; + + /* DH Parameters sequence with P and G */ + total = 0; + ret = wc_DhParamsToDer(key, NULL, &total); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return ret; + idx += total; + + /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ + idx += (word32)SetObjectId(sizeof(keyDhOid), NULL); + idx += (word32)sizeof(keyDhOid); + len = idx - keySz; + /* sequence - all but pub/priv */ + idx += SetSequence(len, NULL); + if (exportPriv) { + /* version: 0 (ASN_INTEGER, 0x01, 0x00) */ + idx += 3; + } + /* sequence */ + total = idx + SetSequence(idx, NULL); + + /* if no output, then just getting size */ + if (output == NULL) { + *outSz = total; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + + /* make sure output fits in buffer */ + if (total > *outSz) { + return BUFFER_E; + } + total = idx; + + /* sequence */ + idx = SetSequence(total, output); + if (exportPriv) { + /* version: 0 */ + idx += (word32)SetMyVersion(0, output + idx, 0); + } + /* sequence - all but pub/priv */ + idx += SetSequence(len, output + idx); + /* object dhKeyAgreement 1.2.840.113549.1.3.1 */ + idx += (word32)SetObjectId(sizeof(keyDhOid), output + idx); + XMEMCPY(output + idx, keyDhOid, sizeof(keyDhOid)); + idx += sizeof(keyDhOid); + + /* DH Parameters sequence with P and G */ + total = *outSz - idx; + ret = wc_DhParamsToDer(key, output + idx, &total); + if (ret < 0) + return ret; + idx += total; + + /* octet string: priv */ + if (exportPriv) { + idx += (word32)SetOctetString((word32)privSz, output + idx); + idx += (word32)SetASNIntMP(&key->priv, -1, output + idx); + } + else { + /* bit string: public */ + idx += (word32)SetBitString((word32)pubSz, 0, output + idx); + idx += (word32)SetASNIntMP(&key->pub, -1, output + idx); + } + *outSz = idx; + + return (int)idx; +} + +int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) +{ + int ret; + word32 idx, total; + + if (key == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + /* determine size */ + /* integer - g */ + ret = SetASNIntMP(&key->g, -1, NULL); + if (ret < 0) + return ret; + idx = (word32)ret; + /* integer - p */ + ret = SetASNIntMP(&key->p, -1, NULL); + if (ret < 0) + return ret; + idx += (word32)ret; + total = idx; + /* sequence */ + idx += SetSequence(idx, NULL); + + if (output == NULL) { + *outSz = idx; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + /* make sure output fits in buffer */ + if (idx > *outSz) { + return BUFFER_E; + } + + + /* write DH parameters */ + /* sequence - for P and G only */ + idx = SetSequence(total, output); + /* integer - p */ + ret = SetASNIntMP(&key->p, -1, output + idx); + if (ret < 0) + return ret; + idx += (word32)ret; + /* integer - g */ + ret = SetASNIntMP(&key->g, -1, output + idx); + if (ret < 0) + return ret; + idx += (word32)ret; + *outSz = idx; + + return (int)idx; +} + +#endif +int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, + byte* g, word32* gInOutSz) +{ + word32 idx = 0; + int ret; + int length; + + if (GetSequence(input, &idx, &length, inSz) <= 0) + return ASN_PARSE_E; + + ret = GetASNInt(input, &idx, &length, inSz); + if (ret != 0) + return ret; + + if (length <= (int)*pInOutSz) { + XMEMCPY(p, &input[idx], (size_t)length); + *pInOutSz = (word32)length; + } + else { + return BUFFER_E; + } + idx += (word32)length; + + ret = GetASNInt(input, &idx, &length, inSz); + if (ret != 0) + return ret; + + if (length <= (int)*gInOutSz) { + XMEMCPY(g, &input[idx], (size_t)length); + *gInOutSz = (word32)length; + } + else { + return BUFFER_E; + } + + return 0; +} + +#endif +#ifndef NO_DSA +int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, + word32 inSz) +{ + int length; + int ret = 0; + word32 oid; + word32 maxIdx; + + if (input == NULL || inOutIdx == NULL || key == NULL) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + maxIdx = (word32)(*inOutIdx + (word32)length); + if (GetInt(&key->p, input, inOutIdx, maxIdx) < 0 || + GetInt(&key->q, input, inOutIdx, maxIdx) < 0 || + GetInt(&key->g, input, inOutIdx, maxIdx) < 0 || + GetInt(&key->y, input, inOutIdx, maxIdx) < 0 ) + ret = ASN_DH_KEY_E; + + if (ret != 0) { + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = GetObjectId(input, inOutIdx, &oid, oidIgnoreType, inSz); + if (ret != 0) + return ret; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->q, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0) + return ASN_DH_KEY_E; + + if (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->y, input, inOutIdx, inSz) < 0 ) + return ASN_DH_KEY_E; + + ret = 0; + } + + key->type = DSA_PUBLIC; + return ret; +} + +int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, + word32 inSz) +{ + int length, version, ret = 0, temp = 0; + word32 algId = 0; + + /* Sanity checks on input */ + if (input == NULL || inOutIdx == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + + /* if has pkcs8 header skip it */ + if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { + /* ignore error, did not have pkcs8 header */ + } + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + temp = (int)*inOutIdx; + + /* Default case expects a certificate with OctetString but no version ID */ + ret = GetInt(&key->p, input, inOutIdx, inSz); + if (ret < 0) { + mp_clear(&key->p); + ret = ASN_PARSE_E; + } + else { + ret = GetInt(&key->q, input, inOutIdx, inSz); + if (ret < 0) { + mp_clear(&key->p); + mp_clear(&key->q); + ret = ASN_PARSE_E; + } + else { + ret = GetInt(&key->g, input, inOutIdx, inSz); + if (ret < 0) { + mp_clear(&key->p); + mp_clear(&key->q); + mp_clear(&key->g); + ret = ASN_PARSE_E; + } + else { + ret = GetOctetString(input, inOutIdx, &length, inSz); + if (ret < 0) { + mp_clear(&key->p); + mp_clear(&key->q); + mp_clear(&key->g); + ret = ASN_PARSE_E; + } + else { + ret = GetInt(&key->y, input, inOutIdx, inSz); + if (ret < 0) { + mp_clear(&key->p); + mp_clear(&key->q); + mp_clear(&key->g); + mp_clear(&key->y); + ret = ASN_PARSE_E; + } + } + } + } + } + /* An alternate pass if default certificate fails parsing */ + if (ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) { + *inOutIdx = (word32)temp; + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->q, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0 || + GetInt(&key->y, input, inOutIdx, inSz) < 0 || + GetInt(&key->x, input, inOutIdx, inSz) < 0 ) + return ASN_DH_KEY_E; + } + + key->type = DSA_PRIVATE; + return 0; +} + +/* Release Tmp DSA resources */ +static WC_INLINE void FreeTmpDsas(byte** tmps, void* heap, int ints) +{ + int i; + + for (i = 0; i < ints; i++) + XFREE(tmps[i], heap, DYNAMIC_TYPE_DSA); + + (void)heap; +} + +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ +defined(WOLFSSL_CERT_GEN)) +int wc_SetDsaPublicKey(byte* output, DsaKey* key, int outLen, int with_header) +{ + /* p, g, q = DSA params, y = public exponent */ +#ifdef WOLFSSL_SMALL_STACK + byte* p = NULL; + byte* g = NULL; + byte* q = NULL; + byte* y = NULL; +#else + byte p[MAX_DSA_INT_SZ]; + byte g[MAX_DSA_INT_SZ]; + byte q[MAX_DSA_INT_SZ]; + byte y[MAX_DSA_INT_SZ]; +#endif + byte innerSeq[MAX_SEQ_SZ]; + byte outerSeq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + int pSz, gSz, qSz, ySz; + word32 idx, innerSeqSz, outerSeqSz, bitStringSz = 0; + WOLFSSL_ENTER("wc_SetDsaPublicKey"); + + if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) { + return BAD_FUNC_ARG; + } + + /* p */ + WC_ALLOC_VAR_EX(p, byte, MAX_DSA_INT_SZ, key->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + if ((pSz = SetASNIntMP(&key->p, MAX_DSA_INT_SZ, p)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with p"); + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return pSz; + } + + /* q */ + WC_ALLOC_VAR_EX(q, byte, MAX_DSA_INT_SZ, key->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + if ((qSz = SetASNIntMP(&key->q, MAX_DSA_INT_SZ, q)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with q"); + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return qSz; + } + + /* g */ + WC_ALLOC_VAR_EX(g, byte, MAX_DSA_INT_SZ, key->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + if ((gSz = SetASNIntMP(&key->g, MAX_DSA_INT_SZ, g)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with g"); + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return gSz; + } + + /* y */ + WC_ALLOC_VAR_EX(y, byte, MAX_DSA_INT_SZ, key->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + if ((ySz = SetASNIntMP(&key->y, MAX_DSA_INT_SZ, y)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with y"); + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ySz; + } + + if (with_header) { + word32 algoSz; +#ifdef WOLFSSL_SMALL_STACK + byte* algo = NULL; + + algo = (byte*)XMALLOC(MAX_ALGO_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#else + byte algo[MAX_ALGO_SZ]; +#endif + innerSeqSz = SetSequence((word32)(pSz + qSz + gSz), innerSeq); + algoSz = SetAlgoID(DSAk, algo, oidKeyType, 0); + bitStringSz = SetBitString((word32)ySz, 0, bitString); + outerSeqSz = SetSequence(algoSz + innerSeqSz + + (word32)(pSz + qSz + gSz), outerSeq); + + idx = SetSequence(algoSz + innerSeqSz + (word32)(pSz + qSz + gSz) + + bitStringSz + (word32)ySz + outerSeqSz, output); + + /* check output size */ + if ((idx + algoSz + bitStringSz + innerSeqSz + + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) + { + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Error, output size smaller than outlen"); + return BUFFER_E; + } + + /* outerSeq */ + XMEMCPY(output + idx, outerSeq, outerSeqSz); + idx += outerSeqSz; + /* algo */ + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; + WC_FREE_VAR_EX(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } else { + innerSeqSz = SetSequence((word32)(pSz + qSz + gSz + ySz), innerSeq); + + /* check output size */ + if ((innerSeqSz + (word32)(pSz + qSz + gSz + ySz)) > (word32)outLen) { + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Error, output size smaller than outlen"); + return BUFFER_E; + } + + idx = 0; + } + + /* innerSeq */ + XMEMCPY(output + idx, innerSeq, innerSeqSz); + idx += innerSeqSz; + /* p */ + XMEMCPY(output + idx, p, (size_t)pSz); + idx += (word32)pSz; + /* q */ + XMEMCPY(output + idx, q, (size_t)qSz); + idx += (word32)qSz; + /* g */ + XMEMCPY(output + idx, g, (size_t)gSz); + idx += (word32)gSz; + /* bit string */ + if (bitStringSz > 0) { + XMEMCPY(output + idx, bitString, bitStringSz); + idx += bitStringSz; + } + /* y */ + XMEMCPY(output + idx, y, (size_t)ySz); + idx += (word32)ySz; + + WC_FREE_VAR_EX(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return (int)idx; +} + +#endif +static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, + int ints, int includeVersion) +{ + word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen, j; + word32 sizes[DSA_INTS]; + int i, ret = 0; + + byte seq[MAX_SEQ_SZ]; + byte ver[MAX_VERSION_SZ]; + byte* tmps[DSA_INTS]; + + if (ints > DSA_INTS || inLen == NULL) + return BAD_FUNC_ARG; + + XMEMSET(sizes, 0, sizeof(sizes)); + for (i = 0; i < ints; i++) + tmps[i] = NULL; + + /* write all big ints from key to DER tmps */ + for (i = 0; i < ints; i++) { + int mpSz; + mp_int* keyInt = GetDsaInt(key, i); + word32 rawLen = (word32)mp_unsigned_bin_size(keyInt) + 1; + + tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, + DYNAMIC_TYPE_DSA); + if (tmps[i] == NULL) { + ret = MEMORY_E; + break; + } + + mpSz = SetASNIntMP(keyInt, -1, tmps[i]); + if (mpSz < 0) { + ret = mpSz; + break; + } + sizes[i] = (word32)mpSz; + intTotalLen += (word32)mpSz; + } + + if (ret != 0) { + FreeTmpDsas(tmps, key->heap, ints); + return ret; + } + + /* make headers */ + if (includeVersion) + verSz = (word32)SetMyVersion(0, ver, FALSE); + seqSz = SetSequence(verSz + intTotalLen, seq); + + outLen = seqSz + verSz + intTotalLen; + if (output == NULL) { + *inLen = outLen; + FreeTmpDsas(tmps, key->heap, ints); + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + if (outLen > *inLen) { + FreeTmpDsas(tmps, key->heap, ints); + return BAD_FUNC_ARG; + } + *inLen = outLen; + + /* write to output */ + XMEMCPY(output, seq, seqSz); + j = seqSz; + if (includeVersion) { + XMEMCPY(output + j, ver, verSz); + j += verSz; + } + + for (i = 0; i < ints; i++) { + XMEMCPY(output + j, tmps[i], sizes[i]); + j += sizes[i]; + } + FreeTmpDsas(tmps, key->heap, ints); + + return (int)outLen; +} + +#endif +#ifndef NO_CERTS +static int GetCertHeader(DecodedCert* cert) +{ + int ret = 0, len; + + if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) + return ASN_PARSE_E; + + /* Reset the max index for the size indicated in the outer wrapper. */ + cert->maxIdx = (word32)len + cert->srcIdx; + cert->certBegin = cert->srcIdx; + + if (GetSequence(cert->source, &cert->srcIdx, &len, cert->maxIdx) < 0) + return ASN_PARSE_E; + + cert->sigIndex = (word32)len + cert->srcIdx; + if (cert->sigIndex > cert->maxIdx) + return ASN_PARSE_E; + + if (GetExplicitVersion(cert->source, &cert->srcIdx, &cert->version, + cert->sigIndex) < 0) + return ASN_PARSE_E; + + ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->sigIndex); + if (ret < 0) { + return ret; + } + + return ret; +} + +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) +static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, + int with_header, int comp) +{ + int ret; + word32 idx = 0, curveSz, algoSz, pubSz, bitStringSz; + byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */ + byte algo[MAX_ALGO_SZ]; /* 20 */ + + /* public size */ + pubSz = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; + if (comp) + pubSz = 1 + pubSz; + else + pubSz = 1 + 2 * pubSz; + + /* check for buffer overflow */ + if (output != NULL && pubSz > (word32)outLen) { + return BUFFER_E; + } + + /* headers */ + if (with_header) { + ret = SetCurve(key, NULL, 0); + if (ret <= 0) { + return ret; + } + curveSz = (word32)ret; + ret = 0; + + /* calculate size */ + algoSz = SetAlgoID(ECDSAk, algo, oidKeyType, (int)curveSz); + bitStringSz = SetBitString(pubSz, 0, bitString); + idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, NULL); + + /* check for buffer overflow */ + if (output != NULL && + curveSz + algoSz + bitStringSz + idx + pubSz > (word32)outLen) { + return BUFFER_E; + } + + idx = SetSequence(pubSz + curveSz + bitStringSz + algoSz, + output); + /* algo */ + if (output) + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; + /* curve */ + if (output) + (void)SetCurve(key, output + idx, curveSz); + idx += curveSz; + /* bit string */ + if (output) + XMEMCPY(output + idx, bitString, bitStringSz); + idx += bitStringSz; + } + + /* pub */ + if (output) { + PRIVATE_KEY_UNLOCK(); + ret = wc_ecc_export_x963_ex(key, output + idx, &pubSz, comp); + PRIVATE_KEY_LOCK(); + if (ret != 0) { + return ret; + } + } + idx += pubSz; + + return (int)idx; +} + +#endif +#ifdef WC_ENABLE_ASYM_KEY_EXPORT +int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, + byte* output, word32 outLen, int keyType, int withHeader) +{ + int ret = 0; + word32 idx = 0; + word32 seqDataSz = 0; + word32 sz; + + /* validate parameters */ + if (pubKey == NULL){ + return BAD_FUNC_ARG; + } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } + + /* calculate size */ + if (withHeader) { + word32 algoSz = SetAlgoID(keyType, NULL, oidKeyType, 0); + word32 bitStringSz = SetBitString(pubKeyLen, 0, NULL); + + seqDataSz = algoSz + bitStringSz + pubKeyLen; + sz = SetSequence(seqDataSz, NULL) + seqDataSz; + } + else { + sz = pubKeyLen; + } + + /* checkout output size */ + if (output != NULL && sz > outLen) { + ret = BUFFER_E; + } + + /* headers */ + if (ret == 0 && output != NULL && withHeader) { + /* sequence */ + idx = SetSequence(seqDataSz, output); + /* algo */ + idx += SetAlgoID(keyType, output + idx, oidKeyType, 0); + /* bit string */ + idx += SetBitString(pubKeyLen, 0, output + idx); + } + + if (ret == 0 && output != NULL) { + /* pub */ + XMEMCPY(output + idx, pubKey, pubKeyLen); + idx += pubKeyLen; + + sz = idx; + } + + if (ret == 0) { + ret = (int)sz; + } + return ret; +} + +#endif +#if !defined(NO_RSA) && !defined(NO_CERTS) +static int StoreRsaKey(DecodedCert* cert, const byte* source, word32* srcIdx, + word32 maxIdx) +{ + int length; + int pubLen; + word32 pubIdx; + + if (CheckBitString(source, srcIdx, &pubLen, maxIdx, 1, NULL) != 0) + return ASN_PARSE_E; + pubIdx = *srcIdx; + + if (GetSequence(source, srcIdx, &length, pubIdx + (word32)pubLen) < 0) + return ASN_PARSE_E; + +#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) + cert->sigCtx.CertAtt.pubkey_n_start = + cert->sigCtx.CertAtt.pubkey_e_start = pubIdx; +#endif + cert->pubKeySize = (word32)pubLen; + cert->publicKey = source + pubIdx; +#ifdef WOLFSSL_MAXQ10XX_TLS + cert->publicKeyIndex = pubIdx; +#endif + *srcIdx += (word32)length; + +#ifdef HAVE_OCSP + return CalcHashId_ex(cert->publicKey, cert->pubKeySize, + cert->subjectKeyHash, HashIdAlg(cert->signatureOID)); +#else + return 0; +#endif +} + +#endif +#if defined(HAVE_ECC) && !defined(NO_CERTS) +static int StoreEccKey(DecodedCert* cert, const byte* source, word32* srcIdx, + word32 maxIdx, const byte* pubKey, word32 pubKeyLen) +{ + int ret; + word32 localIdx; + byte* publicKey; + byte tag; + int length; + + if (pubKey == NULL) { + return BAD_FUNC_ARG; + } + + localIdx = *srcIdx; + if (GetASNTag(source, &localIdx, &tag, maxIdx) < 0) + return ASN_PARSE_E; + + if (tag != (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + if (GetObjectId(source, srcIdx, &cert->pkCurveOID, oidCurveType, + maxIdx) < 0) + return ASN_PARSE_E; + + if ((ret = CheckCurve(cert->pkCurveOID)) < 0) + return ECC_CURVE_OID_E; + + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) + cert->sigCtx.CertAtt.curve_id = ret; + #else + (void)ret; + #endif + /* key header */ + ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL); + if (ret != 0) + return ret; + #if defined(WOLFSSL_RENESAS_FSPSM_TLS) || defined(WOLFSSL_RENESAS_TSIP_TLS) + cert->sigCtx.CertAtt.pubkey_n_start = + cert->sigCtx.CertAtt.pubkey_e_start = (*srcIdx + 1); + cert->sigCtx.CertAtt.pubkey_n_len = ((length - 1) >> 1); + cert->sigCtx.CertAtt.pubkey_e_start += + cert->sigCtx.CertAtt.pubkey_n_len; + cert->sigCtx.CertAtt.pubkey_e_len = + cert->sigCtx.CertAtt.pubkey_n_len; + #endif + #ifdef WOLFSSL_MAXQ10XX_TLS + cert->publicKeyIndex = *srcIdx + 1; + #endif + + #ifdef HAVE_OCSP + ret = CalcHashId_ex(source + *srcIdx, (word32)length, + cert->subjectKeyHash, HashIdAlg(cert->signatureOID)); + if (ret != 0) + return ret; + #endif + *srcIdx += (word32)length; + } + + publicKey = (byte*)XMALLOC(pubKeyLen, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); + if (publicKey == NULL) + return MEMORY_E; + XMEMCPY(publicKey, pubKey, pubKeyLen); + cert->publicKey = publicKey; + cert->pubKeyStored = 1; + cert->pubKeySize = pubKeyLen; + + return 0; +} + +#endif +#ifndef NO_CERTS +#if !defined(NO_DSA) +static int ParseDsaKey(const byte* source, word32* srcIdx, word32 maxIdx, + void* heap) +{ + int ret; + int length; + + (void)heap; + + ret = GetSequence(source, srcIdx, &length, maxIdx); + if (ret < 0) + return ret; + + ret = SkipInt(source, srcIdx, maxIdx); + if (ret != 0) + return ret; + ret = SkipInt(source, srcIdx, maxIdx); + if (ret != 0) + return ret; + ret = SkipInt(source, srcIdx, maxIdx); + if (ret != 0) + return ret; + + ret = CheckBitString(source, srcIdx, &length, maxIdx, 1, NULL); + if (ret != 0) + return ret; + + ret = GetASNInt(source, srcIdx, &length, maxIdx); + if (ret != 0) + return ASN_PARSE_E; + + *srcIdx += (word32)length; + + return 0; +} + +#endif +#endif +static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, + const byte* input, word32* inOutIdx, word32 maxIdx) +{ + int length; /* length of all distinguished names */ + int dummy; + int ret; + word32 idx; + word32 srcIdx = *inOutIdx; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + WOLFSSL_X509_NAME* dName = NULL; +#endif + + WOLFSSL_MSG("Getting Cert Name"); + + /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be + * calculated over the entire DER encoding of the Name field, including + * the tag and length. */ + if (CalcHashId_ex(input + *inOutIdx, maxIdx - *inOutIdx, hash, + HashIdAlg(cert->signatureOID)) != 0) { + return ASN_PARSE_E; + } + +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + dName = wolfSSL_X509_NAME_new_ex(cert->heap); + if (dName == NULL) { + return MEMORY_E; + } +#endif /* OPENSSL_EXTRA */ + + if (GetSequence(input, &srcIdx, &length, maxIdx) < 0) { +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); +#endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + +#if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) + /* store pointer to raw issuer */ + if (nameType == ASN_ISSUER) { + cert->issuerRaw = &input[srcIdx]; + cert->issuerRawLen = length; + } +#endif +#if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectRaw = &input[srcIdx]; + cert->subjectRawLen = length; + } +#endif + + length += (int)srcIdx; + idx = 0; + + while (srcIdx < (word32)length) { + byte b = 0; + byte joint[3]; + byte tooBig = FALSE; + int oidSz; + const char* copy = NULL; + int copyLen = 0; + int strLen = 0; + byte id = 0; + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + int nid = WC_NID_undef; + int enc; + #endif /* OPENSSL_EXTRA */ + + if (GetSet(input, &srcIdx, &dummy, maxIdx) < 0) { + WOLFSSL_MSG("Cert name lacks set header, trying sequence"); + } + + if (GetSequence(input, &srcIdx, &dummy, maxIdx) <= 0) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + + ret = GetASNObjectId(input, &srcIdx, &oidSz, maxIdx); + if (ret != 0) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ret; + } + + /* make sure there is room for joint */ + if ((srcIdx + sizeof(joint)) > (word32)maxIdx) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + + XMEMCPY(joint, &input[srcIdx], sizeof(joint)); + + /* v1 name types */ + if (joint[0] == 0x55 && joint[1] == 0x04) { + srcIdx += 3; + id = joint[2]; + if (GetHeader(input, &b, &srcIdx, &strLen, maxIdx, 1) < 0) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + + #ifndef WOLFSSL_NO_ASN_STRICT + /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being + * 1..MAX in length */ + if (strLen < 1) { + WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" + " found"); + WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow" + " empty DirectoryString's"); + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + #endif + + if (id == ASN_COMMON_NAME) { + if (nameType == ASN_SUBJECT) { + cert->subjectCN = (char *)&input[srcIdx]; + cert->subjectCNLen = strLen; + cert->subjectCNEnc = (char)b; + } + #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ + defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerCN = (char*)&input[srcIdx]; + cert->issuerCNLen = strLen; + cert->issuerCNEnc = (char)b; + } + #endif + + copy = WOLFSSL_COMMON_NAME; + copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_commonName; + #endif /* OPENSSL_EXTRA */ + } + #ifdef WOLFSSL_CERT_NAME_ALL + else if (id == ASN_NAME) { + copy = WOLFSSL_NAME; + copyLen = sizeof(WOLFSSL_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectN = (char*)&input[srcIdx]; + cert->subjectNLen = strLen; + cert->subjectNEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_name; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_INITIALS) { + copy = WOLFSSL_INITIALS; + copyLen = sizeof(WOLFSSL_INITIALS) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectI = (char*)&input[srcIdx]; + cert->subjectILen = strLen; + cert->subjectIEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_initials; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_GIVEN_NAME) { + copy = WOLFSSL_GIVEN_NAME; + copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectGN = (char*)&input[srcIdx]; + cert->subjectGNLen = strLen; + cert->subjectGNEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_givenName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_DNQUALIFIER) { + copy = WOLFSSL_DNQUALIFIER; + copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectDNQ = (char*)&input[srcIdx]; + cert->subjectDNQLen = strLen; + cert->subjectDNQEnc = b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_dnQualifier; + #endif /* OPENSSL_EXTRA */ + } + #endif /* WOLFSSL_CERT_NAME_ALL */ + else if (id == ASN_SUR_NAME) { + copy = WOLFSSL_SUR_NAME; + copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectSN = (char*)&input[srcIdx]; + cert->subjectSNLen = strLen; + cert->subjectSNEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerSN = (char*)&input[srcIdx]; + cert->issuerSNLen = strLen; + cert->issuerSNEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_surname; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_COUNTRY_NAME) { + copy = WOLFSSL_COUNTRY_NAME; + copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectC = (char*)&input[srcIdx]; + cert->subjectCLen = strLen; + cert->subjectCEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerC = (char*)&input[srcIdx]; + cert->issuerCLen = strLen; + cert->issuerCEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_countryName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_LOCALITY_NAME) { + copy = WOLFSSL_LOCALITY_NAME; + copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectL = (char*)&input[srcIdx]; + cert->subjectLLen = strLen; + cert->subjectLEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerL = (char*)&input[srcIdx]; + cert->issuerLLen = strLen; + cert->issuerLEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_localityName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_STATE_NAME) { + copy = WOLFSSL_STATE_NAME; + copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectST = (char*)&input[srcIdx]; + cert->subjectSTLen = strLen; + cert->subjectSTEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerST = (char*)&input[srcIdx]; + cert->issuerSTLen = strLen; + cert->issuerSTEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_stateOrProvinceName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_ORG_NAME) { + copy = WOLFSSL_ORG_NAME; + copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectO = (char*)&input[srcIdx]; + cert->subjectOLen = strLen; + cert->subjectOEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerO = (char*)&input[srcIdx]; + cert->issuerOLen = strLen; + cert->issuerOEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_organizationName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_ORGUNIT_NAME) { + copy = WOLFSSL_ORGUNIT_NAME; + copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectOU = (char*)&input[srcIdx]; + cert->subjectOULen = strLen; + cert->subjectOUEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerOU = (char*)&input[srcIdx]; + cert->issuerOULen = strLen; + cert->issuerOUEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_organizationalUnitName; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_SERIAL_NUMBER) { + copy = WOLFSSL_SERIAL_NUMBER; + copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectSND = (char*)&input[srcIdx]; + cert->subjectSNDLen = strLen; + cert->subjectSNDEnc = (char)b; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) + else if (nameType == ASN_ISSUER) { + cert->issuerSND = (char*)&input[srcIdx]; + cert->issuerSNDLen = strLen; + cert->issuerSNDEnc = (char)b; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_serialNumber; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_USER_ID) { + copy = WOLFSSL_USER_ID; + copyLen = sizeof(WOLFSSL_USER_ID) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectUID = (char*)&input[srcIdx]; + cert->subjectUIDLen = strLen; + cert->subjectUIDEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_userId; + #endif /* OPENSSL_EXTRA */ + } + #ifdef WOLFSSL_CERT_EXT + else if (id == ASN_STREET_ADDR) { + copy = WOLFSSL_STREET_ADDR_NAME; + copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectStreet = (char*)&input[srcIdx]; + cert->subjectStreetLen = strLen; + cert->subjectStreetEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_streetAddress; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_BUS_CAT) { + copy = WOLFSSL_BUS_CAT; + copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectBC = (char*)&input[srcIdx]; + cert->subjectBCLen = strLen; + cert->subjectBCEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_businessCategory; + #endif /* OPENSSL_EXTRA */ + } + else if (id == ASN_POSTAL_CODE) { + copy = WOLFSSL_POSTAL_NAME; + copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectPC = (char*)&input[srcIdx]; + cert->subjectPCLen = strLen; + cert->subjectPCEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT*/ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_postalCode; + #endif /* OPENSSL_EXTRA */ + } + #endif /* WOLFSSL_CERT_EXT */ + } + #ifdef WOLFSSL_CERT_EXT + else if ((srcIdx + ASN_JOI_PREFIX_SZ + 2 <= (word32)maxIdx) && + (0 == XMEMCMP(&input[srcIdx], ASN_JOI_PREFIX, + ASN_JOI_PREFIX_SZ)) && + ((input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_C) || + (input[srcIdx+ASN_JOI_PREFIX_SZ] == ASN_JOI_ST))) + { + srcIdx += ASN_JOI_PREFIX_SZ; + id = input[srcIdx++]; + b = input[srcIdx++]; /* encoding */ + + if (GetLength(input, &srcIdx, &strLen, + maxIdx) < 0) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + + /* Check for jurisdiction of incorporation country name */ + if (id == ASN_JOI_C) { + copy = WOLFSSL_JOI_C; + copyLen = sizeof(WOLFSSL_JOI_C) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectJC = (char*)&input[srcIdx]; + cert->subjectJCLen = strLen; + cert->subjectJCEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_jurisdictionCountryName; + #endif /* OPENSSL_EXTRA */ + } + + /* Check for jurisdiction of incorporation state name */ + else if (id == ASN_JOI_ST) { + copy = WOLFSSL_JOI_ST; + copyLen = sizeof(WOLFSSL_JOI_ST) - 1; + #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectJS = (char*)&input[srcIdx]; + cert->subjectJSLen = strLen; + cert->subjectJSEnc = (char)b; + } + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_jurisdictionStateOrProvinceName; + #endif /* OPENSSL_EXTRA */ + } + + if ((strLen + copyLen) > (int)(WC_ASN_NAME_MAX - idx)) { + WOLFSSL_MSG("ASN Name too big, skipping"); + tooBig = TRUE; + } + } + #endif /* WOLFSSL_CERT_EXT */ + else { + /* skip */ + byte email = FALSE; + byte pilot = FALSE; + + if (joint[0] == 0x2a && joint[1] == 0x86) { /* email id hdr 42.134.* */ + id = ASN_EMAIL_NAME; + email = TRUE; + } + + if (joint[0] == 0x9 && joint[1] == 0x92) { /* uid id hdr 9.146.* */ + /* last value of OID is the type of pilot attribute */ + id = input[srcIdx + (word32)oidSz - 1]; + if (id == 0x01) + id = ASN_USER_ID; + pilot = TRUE; + } + + srcIdx += (word32)oidSz + 1; + + if (GetLength(input, &srcIdx, &strLen, maxIdx) < 0) { + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + + if (strLen > (int)(WC_ASN_NAME_MAX - idx)) { + WOLFSSL_MSG("ASN name too big, skipping"); + tooBig = TRUE; + } + + if (email) { + copyLen = sizeof(WOLFSSL_EMAIL_ADDR) - 1; + if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) { + WOLFSSL_MSG("ASN name too big, skipping"); + tooBig = TRUE; + } + else { + copy = WOLFSSL_EMAIL_ADDR; + } + + #if !defined(IGNORE_NAME_CONSTRAINTS) || \ + defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) + if (nameType == ASN_SUBJECT) { + cert->subjectEmail = (char*)&input[srcIdx]; + cert->subjectEmailLen = strLen; + } + #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) + else if (nameType == ASN_ISSUER) { + cert->issuerEmail = (char*)&input[srcIdx]; + cert->issuerEmailLen = strLen; + } + #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ + #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_emailAddress; + #endif /* OPENSSL_EXTRA */ + } + + if (pilot) { + switch (id) { + case ASN_USER_ID: + copy = WOLFSSL_USER_ID; + copyLen = sizeof(WOLFSSL_USER_ID) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_userId; + #endif /* OPENSSL_EXTRA */ + break; + case ASN_DOMAIN_COMPONENT: + copy = WOLFSSL_DOMAIN_COMPONENT; + copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_domainComponent; + #endif /* OPENSSL_EXTRA */ + break; + case ASN_RFC822_MAILBOX: + copy = WOLFSSL_RFC822_MAILBOX; + copyLen = sizeof(WOLFSSL_RFC822_MAILBOX) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_rfc822Mailbox; + #endif /* OPENSSL_EXTRA */ + break; + case ASN_FAVOURITE_DRINK: + copy = WOLFSSL_FAVOURITE_DRINK; + copyLen = sizeof(WOLFSSL_FAVOURITE_DRINK) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_favouriteDrink; + #endif /* OPENSSL_EXTRA */ + break; + case ASN_CONTENT_TYPE: + copy = WOLFSSL_CONTENT_TYPE; + copyLen = sizeof(WOLFSSL_CONTENT_TYPE) - 1; + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) \ + && !defined(WOLFCRYPT_ONLY) + nid = WC_NID_pkcs9_contentType; + #endif /* OPENSSL_EXTRA */ + break; + default: + WOLFSSL_MSG("Unknown pilot attribute type"); + #if (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ + return ASN_PARSE_E; + } + } + } + if ((copyLen + strLen) > (int)(WC_ASN_NAME_MAX - idx)) + { + WOLFSSL_MSG("ASN Name too big, skipping"); + tooBig = TRUE; + } + if ((copy != NULL) && !tooBig) { + XMEMCPY(&full[idx], copy, (size_t)copyLen); + idx += (word32)copyLen; + XMEMCPY(&full[idx], &input[srcIdx], (size_t)strLen); + idx += (word32)strLen; + } + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + switch (b) { + case CTC_UTF8: + enc = WOLFSSL_MBSTRING_UTF8; + break; + case CTC_PRINTABLE: + enc = WOLFSSL_V_ASN1_PRINTABLESTRING; + break; + default: + WOLFSSL_MSG("Unknown encoding type, using UTF8 by default"); + enc = WOLFSSL_MBSTRING_UTF8; + } + + if (nid != WC_NID_undef) { + if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, + &input[srcIdx], strLen, -1, -1) != + WOLFSSL_SUCCESS) { + wolfSSL_X509_NAME_free(dName); + return ASN_PARSE_E; + } + } + #endif /* OPENSSL_EXTRA */ + srcIdx += (word32)strLen; + } + full[idx++] = 0; + +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + if (nameType == ASN_ISSUER) { +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\ + (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) + dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); + XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); +#endif + cert->issuerName = dName; + } + else { +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) + dName->rawLen = min(cert->subjectRawLen, WC_ASN_NAME_MAX); + XMEMCPY(dName->raw, cert->subjectRaw, dName->rawLen); +#endif + cert->subjectName = dName; + } +#endif + + *inOutIdx = srcIdx; + + return 0; +} + +int GetName(DecodedCert* cert, int nameType, int maxIdx) +{ + char* full; + byte* hash; + int length; + word32 localIdx; + byte tag; + + WOLFSSL_MSG("Getting Name"); + + if (nameType == ASN_ISSUER) { + full = cert->issuer; + hash = cert->issuerHash; + } + else { + full = cert->subject; + hash = cert->subjectHash; + } + + if (cert->srcIdx >= (word32)maxIdx) { + return BUFFER_E; + } + + localIdx = cert->srcIdx; + if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { + return ASN_PARSE_E; + } + + if (tag == ASN_OBJECT_ID) { + WOLFSSL_MSG("Trying optional prefix..."); + + if (SkipObjectId(cert->source, &cert->srcIdx, (word32)maxIdx) < 0) + return ASN_PARSE_E; + WOLFSSL_MSG("Got optional prefix"); + } + + localIdx = cert->srcIdx; + if (GetASNTag(cert->source, &localIdx, &tag, (word32)maxIdx) < 0) { + return ASN_PARSE_E; + } + localIdx = cert->srcIdx + 1; + if (GetLength(cert->source, &localIdx, &length, (word32)maxIdx) < 0) { + return ASN_PARSE_E; + } + length += (int)(localIdx - cert->srcIdx); + + return GetCertName(cert, full, hash, nameType, cert->source, &cert->srcIdx, + cert->srcIdx + (word32)length); +} + +static int GetDateInfo(const byte* source, word32* idx, const byte** pDate, + byte* pFormat, int* pLength, word32 maxIdx) +{ + int length; + byte format; + + if (source == NULL || idx == NULL) + return BAD_FUNC_ARG; + + /* get ASN format header */ + if (*idx+1 > maxIdx) + return BUFFER_E; + format = source[*idx]; + *idx += 1; + if (format != ASN_UTC_TIME && format != ASN_GENERALIZED_TIME) { + WOLFSSL_ERROR_VERBOSE(ASN_TIME_E); + return ASN_TIME_E; + } + + /* get length */ + if (GetLength(source, idx, &length, maxIdx) < 0) + return ASN_PARSE_E; + if (length > MAX_DATE_SIZE || length < MIN_DATE_SIZE) + return ASN_DATE_SZ_E; + + /* return format, date and length */ + if (pFormat) + *pFormat = format; + if (pDate) + *pDate = &source[*idx]; + if (pLength) + *pLength = length; + + *idx += (word32)length; + + return 0; +} + +#ifndef NO_CERTS +static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) +{ + int ret, length; + const byte *datePtr = NULL; + byte date[MAX_DATE_SIZE]; + byte format; + word32 startIdx = 0; + + if (dateType == ASN_BEFORE) + cert->beforeDate = &cert->source[cert->srcIdx]; + else + cert->afterDate = &cert->source[cert->srcIdx]; + startIdx = cert->srcIdx; + + ret = GetDateInfo(cert->source, &cert->srcIdx, &datePtr, &format, + &length, (word32)maxIdx); + if (ret < 0) + return ret; + + XMEMSET(date, 0, MAX_DATE_SIZE); + XMEMCPY(date, datePtr, (size_t)length); + + if (dateType == ASN_BEFORE) + cert->beforeDateLen = (int)(cert->srcIdx - startIdx); + else + cert->afterDateLen = (int)(cert->srcIdx - startIdx); + +#ifndef NO_ASN_TIME_CHECK + if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && + (! AsnSkipDateCheck) && + !XVALIDATE_DATE(date, format, dateType, length)) { + if (dateType == ASN_BEFORE) { + WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); + return ASN_BEFORE_DATE_E; + } + else { + WOLFSSL_ERROR_VERBOSE(ASN_AFTER_DATE_E); + return ASN_AFTER_DATE_E; + } + } +#else + (void)verify; +#endif + + return 0; +} + +static int GetValidity(DecodedCert* cert, int verify, int maxIdx) +{ + int length; + int badDate = 0; + + if (GetSequence(cert->source, &cert->srcIdx, &length, (word32)maxIdx) < 0) + return ASN_PARSE_E; + + maxIdx = (int)cert->srcIdx + length; + + if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0) + badDate = ASN_BEFORE_DATE_E; /* continue parsing */ + + if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0) + return ASN_AFTER_DATE_E; + + if (badDate != 0) + return badDate; + + return 0; +} +#endif + +#ifndef NO_CERTS +static int GetSigAlg(DecodedCert* cert, word32* sigOid, word32 maxIdx) +{ + int length; + word32 endSeqIdx; + + if (GetSequence(cert->source, &cert->srcIdx, &length, maxIdx) < 0) + return ASN_PARSE_E; + endSeqIdx = cert->srcIdx + (word32)length; + + if (GetObjectId(cert->source, &cert->srcIdx, sigOid, oidSigType, + maxIdx) < 0) { + return ASN_OBJECT_ID_E; + } + + if (cert->srcIdx != endSeqIdx) { +#ifdef WC_RSA_PSS + if (*sigOid == CTC_RSASSAPSS) { + /* cert->srcIdx is at start of parameters TLV (NULL or SEQUENCE) */ + word32 tmpIdx = cert->srcIdx; + byte tag; + int len; + + WOLFSSL_MSG("Cert sigAlg is RSASSA-PSS; decoding params"); + if (GetHeader(cert->source, &tag, &tmpIdx, &len, endSeqIdx, 0) < 0) { + return ASN_PARSE_E; + } + cert->sigParamsIndex = cert->srcIdx; + cert->sigParamsLength = (word32)((tmpIdx - cert->srcIdx) + len); + } + else +#endif + /* Only allowed a ASN NULL header with zero length. */ + if (endSeqIdx - cert->srcIdx != 2) + return ASN_PARSE_E; + else { + byte tag; + if (GetASNTag(cert->source, &cert->srcIdx, &tag, endSeqIdx) != 0) + return ASN_PARSE_E; + if (tag != ASN_TAG_NULL) + return ASN_PARSE_E; + } + } + + cert->srcIdx = endSeqIdx; + + return 0; +} +#endif + +#ifndef NO_CERTS +int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) +{ + int ret; + + if (cert == NULL || badDate == NULL) + return BAD_FUNC_ARG; + + *badDate = 0; + if ( (ret = GetCertHeader(cert)) < 0) + return ret; + + WOLFSSL_MSG("Got Cert Header"); + +#ifdef WOLFSSL_CERT_REQ + if (!cert->isCSR) { +#endif + /* Using the sigIndex as the upper bound because that's where the + * actual certificate data ends. */ + if ((ret = GetSigAlg(cert, &cert->signatureOID, cert->sigIndex)) < 0) + return ret; + + WOLFSSL_MSG("Got Algo ID"); + + if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0) + return ret; + + if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) + *badDate = ret; +#ifdef WOLFSSL_CERT_REQ + } +#endif + + if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0) + return ret; + + WOLFSSL_MSG("Got Subject Name"); + return ret; +} + +int DecodeToKey(DecodedCert* cert, int verify) +{ + int badDate = 0; + int ret; + +#if defined(HAVE_RPK) + + /* Raw Public Key certificate has only a SubjectPublicKeyInfo structure + * as its contents. So try to call GetCertKey to get public key from it. + * If it fails, the cert should be a X509 cert and proceed to process as + * x509 cert. */ + ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx); + if (ret == 0) { + WOLFSSL_MSG("Raw Public Key certificate found and parsed"); + cert->isRPK = 1; + return ret; + } +#endif /* HAVE_RPK */ + + if ( (ret = wc_GetPubX509(cert, verify, &badDate)) < 0) + return ret; + + /* Determine if self signed */ +#ifdef WOLFSSL_CERT_REQ + if (cert->isCSR) + cert->selfSigned = 1; + else +#endif + { + cert->selfSigned = XMEMCMP(cert->issuerHash, cert->subjectHash, + KEYID_SIZE) == 0 ? 1 : 0; + } + + ret = GetCertKey(cert, cert->source, &cert->srcIdx, cert->maxIdx); + if (ret != 0) + return ret; + + WOLFSSL_MSG("Got Key"); + + if (badDate != 0) + return badDate; + + return ret; +} + +static int GetSignature(DecodedCert* cert) +{ + int length; + int ret; + + ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1, + NULL); + if (ret != 0) + return ret; + + cert->sigLength = (word32)length; + cert->signature = &cert->source[cert->srcIdx]; + cert->srcIdx += cert->sigLength; + + if (cert->srcIdx != cert->maxIdx) + return ASN_PARSE_E; + + return 0; +} + +#endif +/* Set an octet header when length is only 7-bit. + * + * @param [in] len Length of data in OCTET_STRING. Value must be <= 127. + * @param [in] output Buffer to encode ASN.1 header. + * @return Length of ASN.1 header. + */ +static word32 SetOctetString8Bit(word32 len, byte* output) +{ + output[0] = ASN_OCTET_STRING; + output[1] = (byte)len; + return 2; +} +static word32 SetDigest(const byte* digest, word32 digSz, byte* output) +{ + word32 idx = SetOctetString8Bit(digSz, output); + XMEMCPY(&output[idx], digest, digSz); + + return idx + digSz; +} + +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, + byte absentParams) +{ + word32 tagSz, idSz, seqSz, algoSz = 0; + const byte* algoName = 0; + byte ID_Length[1 + MAX_LENGTH_SZ]; + byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ + word32 length = 0; + + tagSz = ((type == oidHashType || + (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || + (type == oidKeyType && algoOID == RSAk)) && + (absentParams == FALSE)) ? 2U : 0U; + algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); + if (algoName == NULL) { + WOLFSSL_MSG("Unknown Algorithm"); + return 0; + } + + idSz = (word32)SetObjectId((int)algoSz, ID_Length); + seqSz = SetSequence(idSz + algoSz + tagSz + (word32)curveSz, seqArray); + + /* Copy only algo to output for DSA keys */ + if (algoOID == DSAk && output) { + XMEMCPY(output, ID_Length, idSz); + XMEMCPY(output + idSz, algoName, algoSz); + if (tagSz == 2) + SetASNNull(&output[seqSz + idSz + algoSz]); + } + else if (output) { + XMEMCPY(output, seqArray, seqSz); + XMEMCPY(output + seqSz, ID_Length, idSz); + XMEMCPY(output + seqSz + idSz, algoName, algoSz); + if (tagSz == 2) + SetASNNull(&output[seqSz + idSz + algoSz]); + } + + if (algoOID == DSAk) + length = idSz + algoSz + tagSz; + else + length = seqSz + idSz + algoSz + tagSz; + + return length; +} + +word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, + int hashOID) +{ + byte digArray[MAX_ENCODED_DIG_SZ]; + byte algoArray[MAX_ALGO_SZ]; + byte seqArray[MAX_SEQ_SZ]; + word32 encDigSz, algoSz, seqSz; + + encDigSz = SetDigest(digest, digSz, digArray); + algoSz = SetAlgoID(hashOID, algoArray, oidHashType, 0); + seqSz = SetSequence(encDigSz + algoSz, seqArray); + + XMEMCPY(out, seqArray, seqSz); + XMEMCPY(out + seqSz, algoArray, algoSz); + XMEMCPY(out + seqSz + algoSz, digArray, encDigSz); + + return encDigSz + algoSz + seqSz; +} + +#ifndef NO_CERTS +static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry) +{ +#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_ALT_NAMES_NO_REV) + /* logic to add alt name to end of list */ + dnsEntry->next = NULL; + if (cert->altNames == NULL) { + /* First on list */ + cert->altNames = dnsEntry; + } + else { + DNS_entry* temp = cert->altNames; + + /* Find end */ + for (; (temp->next != NULL); temp = temp->next); + + /* Add to end */ + temp->next = dnsEntry; + } +#else + dnsEntry->next = cert->altNames; + cert->altNames = dnsEntry; +#endif +} + +#if defined(WOLFSSL_SEP) +/* return 0 on success */ +static int DecodeSepHwAltName(DecodedCert* cert, const byte* input, + word32* idxIn, word32 sz) +{ + word32 idx = *idxIn; + int strLen; + int ret; + byte tag; + + /* Certificates issued with this OID in the subject alt name are for + * verifying signatures created on a module. + * RFC 4108 Section 5. */ + if (cert->hwType != NULL) { + WOLFSSL_MSG("\tAlready seen Hardware Module Name"); + return ASN_PARSE_E; + } + + if (GetASNTag(input, &idx, &tag, sz) < 0) { + return ASN_PARSE_E; + } + + if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { + WOLFSSL_MSG("\twrong type"); + return ASN_PARSE_E; + } + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str len"); + return ASN_PARSE_E; + } + + if (GetSequence(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tBad Sequence"); + return ASN_PARSE_E; + } + + ret = GetASNObjectId(input, &idx, &strLen, sz); + if (ret != 0) { + WOLFSSL_MSG("\tbad OID"); + return ret; + } + + cert->hwType = (byte*)XMALLOC((size_t)strLen, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->hwType == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + XMEMCPY(cert->hwType, &input[idx], (size_t)strLen); + cert->hwTypeSz = strLen; + idx += (word32)strLen; + + ret = GetOctetString(input, &idx, &strLen, sz); + if (ret < 0) { + XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); + cert->hwType = NULL; + return ret; + } + + cert->hwSerialNum = (byte*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->hwSerialNum == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); + cert->hwType = NULL; + return MEMORY_E; + } + + XMEMCPY(cert->hwSerialNum, &input[idx], (size_t)strLen); + cert->hwSerialNum[strLen] = '\0'; + cert->hwSerialNumSz = strLen; + idx += (word32)strLen; + + *idxIn = idx; + return 0; +} +#endif + +/* return 0 on success */ +static int DecodeConstructedOtherName(DecodedCert* cert, const byte* input, + word32* idx, word32 sz, int oid) +{ + int ret = 0; + int strLen = 0; + byte tag; + DNS_entry* dnsEntry = NULL; + + if (GetASNTag(input, idx, &tag, sz) < 0) { + ret = ASN_PARSE_E; + } + + if (ret == 0 && (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED))) { + ret = ASN_PARSE_E; + } + + if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) { + ret = ASN_PARSE_E; + } + + if (ret == 0) { + dnsEntry = AltNameNew(cert->heap); + if (dnsEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + switch (oid) { + #ifdef WOLFSSL_FPKI + case FASCN_OID: + ret = GetOctetString(input, idx, &strLen, sz); + if (ret > 0) { + ret = 0; + } + break; + #endif /* WOLFSSL_FPKI */ + case UPN_OID: + if (GetASNTag(input, idx, &tag, sz) < 0) { + ret = ASN_PARSE_E; + } + + if (ret == 0 && + tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && + tag != ASN_IA5_STRING) { + WOLFSSL_MSG("Was expecting a string for UPN"); + ret = ASN_PARSE_E; + } + + if (ret == 0 && (GetLength(input, idx, &strLen, sz) < 0)) { + WOLFSSL_MSG("Was expecting a string for UPN"); + ret = ASN_PARSE_E; + } + break; + + default: + WOLFSSL_MSG("Unknown constructed other name, skipping"); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + dnsEntry = NULL; + } + } + + if (ret == 0 && dnsEntry != NULL) { + dnsEntry->type = ASN_OTHER_TYPE; + dnsEntry->len = strLen; + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + #ifdef WOLFSSL_FPKI + dnsEntry->oidSum = oid; + #endif /* WOLFSSL_FPKI */ + if (dnsEntry->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + ret = MEMORY_E; + } + else { + dnsEntry->nameStored = 1; + XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[*idx], + (size_t)strLen); + ((char *)(wc_ptr_t)dnsEntry->name)[strLen] = '\0'; + AddAltName(cert, dnsEntry); + } + } + + if (ret == 0) { + *idx += (word32)strLen; + } + else { + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + } + + return ret; +} + +static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) +{ + word32 idx = 0; + int length = 0; + word32 numNames = 0; + + WOLFSSL_ENTER("DecodeAltNames"); + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tBad Sequence"); + return ASN_PARSE_E; + } + + if (length == 0) { + /* RFC 5280 4.2.1.6. Subject Alternative Name + If the subjectAltName extension is present, the sequence MUST + contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + +#ifdef OPENSSL_ALL + cert->extSubjAltNameSrc = input; + cert->extSubjAltNameSz = sz; +#endif + + cert->weOwnAltNames = 1; + + while (length > 0) { + byte current_byte; + + /* Verify idx can't overflow input buffer */ + if (idx >= (word32)sz) { + WOLFSSL_MSG("\tBad Index"); + return BUFFER_E; + } + + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + return ASN_ALT_NAME_E; + } + + current_byte = input[idx++]; + length--; + + /* Save DNS Type names in the altNames list. */ + /* Save Other Type names in the cert's OidMap */ + if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { + DNS_entry* dnsEntry; + int strLen; + word32 lenStartIdx = idx; + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (int)(idx - lenStartIdx); + + dnsEntry = AltNameNew(cert->heap); + if (dnsEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + dnsEntry->type = ASN_DNS_TYPE; + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (dnsEntry->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + dnsEntry->nameStored = 1; + dnsEntry->len = strLen; + XMEMCPY((void *)(wc_ptr_t)dnsEntry->name, &input[idx], + (size_t)strLen); + ((char *)(wc_ptr_t)dnsEntry->name)[strLen] = '\0'; + + AddAltName(cert, dnsEntry); + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } + #ifndef IGNORE_NAME_CONSTRAINTS + else if (current_byte == + (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { + DNS_entry* dirEntry; + int strLen; + word32 lenStartIdx = idx; + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + + if (GetSequence(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: seq length"); + return ASN_PARSE_E; + } + length -= (int)(idx - lenStartIdx); + + dirEntry = AltNameNew(cert->heap); + if (dirEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + dirEntry->type = ASN_DIR_TYPE; + dirEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (dirEntry->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + dirEntry->nameStored = 1; + dirEntry->len = strLen; + XMEMCPY((void *)(wc_ptr_t)dirEntry->name, &input[idx], + (size_t)strLen); + ((char *)(wc_ptr_t)dirEntry->name)[strLen] = '\0'; + dirEntry->next = cert->altDirNames; + cert->altDirNames = dirEntry; + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } + else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { + DNS_entry* emailEntry; + int strLen; + word32 lenStartIdx = idx; + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (int)(idx - lenStartIdx); + + emailEntry = AltNameNew(cert->heap); + if (emailEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + emailEntry->nameStored = 1; + emailEntry->type = ASN_RFC822_TYPE; + emailEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (emailEntry->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(emailEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + emailEntry->len = strLen; + XMEMCPY((void *)(wc_ptr_t)emailEntry->name, &input[idx], + (size_t)strLen); + ((char *)(wc_ptr_t)emailEntry->name)[strLen] = '\0'; + + emailEntry->next = cert->altEmailNames; + cert->altEmailNames = emailEntry; + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } + else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { + DNS_entry* uriEntry; + int strLen; + word32 lenStartIdx = idx; + + WOLFSSL_MSG("\tPutting URI into list but not using"); + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (int)(idx - lenStartIdx); + + /* check that strLen at index is not past input buffer */ + if ((word32)strLen + idx > sz) { + return BUFFER_E; + } + + #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI) + /* Verify RFC 5280 Sec 4.2.1.6 rule: + "The name MUST NOT be a relative URI" + As per RFC 3986 Sec 4.3, an absolute URI is only required to contain + a scheme and hier-part. So the only strict requirement is a ':' + being present after the scheme. If a '/' is present as part of the + hier-part, it must come after the ':' (see RFC 3986 Sec 3). */ + + { + word32 i; + + /* skip past scheme (i.e http,ftp,...) finding first ':' char */ + for (i = 0; i < (word32)strLen; i++) { + if (input[idx + i] == ':') { + break; + } + if (input[idx + i] == '/') { + WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); + return ASN_ALT_NAME_E; + } + } + + /* test hier-part is empty */ + if (i == 0 || i == (word32)strLen) { + WOLFSSL_MSG("\tEmpty or malformed URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); + return ASN_ALT_NAME_E; + } + + /* test if scheme is missing */ + if (input[idx + i] != ':') { + WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); + return ASN_ALT_NAME_E; + } + } + #endif + + uriEntry = AltNameNew(cert->heap); + if (uriEntry == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + uriEntry->nameStored = 1; + uriEntry->type = ASN_URI_TYPE; + uriEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (uriEntry->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(uriEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + uriEntry->len = strLen; + XMEMCPY((void *)(wc_ptr_t)uriEntry->name, &input[idx], + (size_t)strLen); + ((char *)(wc_ptr_t)uriEntry->name)[strLen] = '\0'; + + AddAltName(cert, uriEntry); + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } +#ifdef WOLFSSL_IP_ALT_NAME + else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { + DNS_entry* ipAddr; + int strLen; + word32 lenStartIdx = idx; + WOLFSSL_MSG("Decoding Subject Alt. Name: IP Address"); + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + idx > sz) { + return BUFFER_E; + } + + ipAddr = AltNameNew(cert->heap); + if (ipAddr == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + ipAddr->nameStored = 1; + ipAddr->type = ASN_IP_TYPE; + ipAddr->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (ipAddr->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + ipAddr->len = strLen; + XMEMCPY((void *)(wc_ptr_t)ipAddr->name, &input[idx], strLen); + ((char *)(wc_ptr_t)ipAddr->name)[strLen] = '\0'; + + if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { + WOLFSSL_MSG("\tOut of Memory for IP string"); + XFREE((void *)(wc_ptr_t)ipAddr->name, cert->heap, + DYNAMIC_TYPE_ALTNAME); + XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + AddAltName(cert, ipAddr); + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } +#endif /* WOLFSSL_IP_ALT_NAME */ +#ifdef WOLFSSL_RID_ALT_NAME + else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { + DNS_entry* rid; + int strLen; + word32 lenStartIdx = idx; + WOLFSSL_MSG("Decoding Subject Alt. Name: Registered Id"); + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + idx > sz) { + return BUFFER_E; + } + + rid = AltNameNew(cert->heap); + if (rid == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + rid->type = ASN_RID_TYPE; + rid->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (rid->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + rid->nameStored = 1; + rid->len = strLen; + XMEMCPY((void *)(wc_ptr_t)rid->name, &input[idx], strLen); + ((char *)(wc_ptr_t)rid->name)[strLen] = '\0'; + + if (GenerateDNSEntryRIDString(rid, cert->heap) != 0) { + WOLFSSL_MSG("\tOut of Memory for registered Id string"); + XFREE((void *)(wc_ptr_t)rid->name, cert->heap, + DYNAMIC_TYPE_ALTNAME); + XFREE(rid, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + + AddAltName(cert, rid); + + if (strLen > length) { + return ASN_PARSE_E; + } + length -= strLen; + idx += (word32)strLen; + } +#endif /* WOLFSSL_RID_ALT_NAME */ +#endif /* IGNORE_NAME_CONSTRAINTS */ + else if (current_byte == + (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { + int strLen; + word32 lenStartIdx = idx; + word32 oid = 0; + int ret = 0; + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: other name length"); + return ASN_PARSE_E; + } + /* Consume the rest of this sequence. */ + if ((int)((word32)strLen + idx - lenStartIdx) > length) { + return ASN_PARSE_E; + } + length -= (int)(((word32)strLen + idx - lenStartIdx)); + + if (GetObjectId(input, &idx, &oid, oidCertAltNameType, sz) < 0) { + WOLFSSL_MSG("\tbad OID"); + return ASN_PARSE_E; + } + + /* handle parsing other type alt names */ + switch (oid) { + #ifdef WOLFSSL_SEP + case HW_NAME_OID: + ret = DecodeSepHwAltName(cert, input, &idx, sz); + if (ret != 0) + return ret; + break; + #endif /* WOLFSSL_SEP */ + #ifdef WOLFSSL_FPKI + case FASCN_OID: + case UPN_OID: + ret = DecodeConstructedOtherName(cert, input, &idx, sz, + oid); + if (ret != 0) + return ret; + break; + #endif /* WOLFSSL_FPKI */ + + default: + WOLFSSL_MSG("\tUnsupported other name type, skipping"); + if (GetLength(input, &idx, &strLen, sz) < 0) { + /* check to skip constructed other names too */ + if (DecodeConstructedOtherName(cert, input, &idx, sz, + (int)oid) != 0) { + WOLFSSL_MSG("\tfail: unsupported other name length"); + return ASN_PARSE_E; + } + } + else { + idx += (word32)strLen; + } + } + (void)ret; + } + else { + int strLen; + word32 lenStartIdx = idx; + + WOLFSSL_MSG("\tUnsupported name type, skipping"); + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: unsupported name length"); + return ASN_PARSE_E; + } + if ((int)((word32)strLen + idx - lenStartIdx) > length) { + return ASN_PARSE_E; + } + length -= (int)((word32)strLen + idx - lenStartIdx); + idx += (word32)strLen; + } + } + + return 0; +} + +int DecodeBasicCaConstraint(const byte* input, int sz, byte *isCa, + word16 *pathLength, byte *pathLengthSet) +{ + word32 idx = 0; + int length = 0; + int ret; + + WOLFSSL_ENTER("DecodeBasicCaConstraint"); + + if (GetSequence(input, &idx, &length, (word32)sz) < 0) { + WOLFSSL_MSG("\tfail: bad SEQUENCE"); + return ASN_PARSE_E; + } + + if (length == 0) + return 0; + + /* If the basic ca constraint is false, this extension may be named, but + * left empty. So, if the length is 0, just return. */ + + ret = GetBoolean(input, &idx, (word32)sz); + + /* Removed logic for WOLFSSL_X509_BASICCONS_INT which was mistreating the + * pathlen value as if it were the CA Boolean value 7/2/2021 - KH. + * When CA Boolean not asserted use the default value "False" */ + if (ret < 0) { + WOLFSSL_MSG("\tfail: constraint not valid BOOLEAN, set default FALSE"); + ret = 0; + } + + *isCa = ret ? 1 : 0; + + /* If there isn't any more data, return. */ + if (idx >= (word32)sz) { + return 0; + } + + ret = GetInteger16Bit(input, &idx, (word32)sz); + if (ret < 0) + return ret; + else if (ret > WOLFSSL_MAX_PATH_LEN) { + WOLFSSL_ERROR_VERBOSE(ASN_PATHLEN_SIZE_E); + return ASN_PATHLEN_SIZE_E; + } + + *pathLength = (word16)ret; + *pathLengthSet = 1; + + return 0; +} + +static int DecodeCrlDist(const byte* input, word32 sz, DecodedCert* cert) +{ + word32 idx = 0, localIdx; + int length = 0; + byte tag = 0; + + WOLFSSL_ENTER("DecodeCrlDist"); + + cert->extCrlInfoRaw = input; + cert->extCrlInfoRawSz = (int)sz; + + /* Unwrap the list of Distribution Points*/ + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + /* Unwrap a single Distribution Point */ + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + /* The Distribution Point has three explicit optional members + * First check for a DistributionPointName + */ + localIdx = idx; + if (GetASNTag(input, &localIdx, &tag, sz) == 0 && + tag == (ASN_CONSTRUCTED | DISTRIBUTION_POINT)) + { + idx++; + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + localIdx = idx; + if (GetASNTag(input, &localIdx, &tag, sz) == 0 && + tag == (ASN_CONSTRUCTED | CRLDP_FULL_NAME)) + { + idx++; + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + localIdx = idx; + if (GetASNTag(input, &localIdx, &tag, sz) == 0 && + tag == GENERALNAME_URI) + { + idx++; + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + cert->extCrlInfoSz = length; + cert->extCrlInfo = input + idx; + idx += (word32)length; + } + else + /* This isn't a URI, skip it. */ + idx += (word32)length; + } + else { + /* This isn't a FULLNAME, skip it. */ + idx += (word32)length; + } + } + + /* Check for reasonFlags */ + localIdx = idx; + if (idx < (word32)sz && + GetASNTag(input, &localIdx, &tag, sz) == 0 && + tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) + { + idx++; + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + idx += (word32)length; + } + + /* Check for cRLIssuer */ + localIdx = idx; + if (idx < (word32)sz && + GetASNTag(input, &localIdx, &tag, sz) == 0 && + tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 2)) + { + idx++; + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + idx += (word32)length; + } + + if (idx < (word32)sz) + { + WOLFSSL_MSG("\tThere are more CRL Distribution Point records, " + "but we only use the first one."); + } + + return 0; +} + +static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) +{ + word32 idx = 0; + int length = 0; + byte b = 0; + word32 oid; + int aiaIdx; + + WOLFSSL_ENTER("DecodeAuthInfo"); + + /* Unwrap the list of AIAs */ + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + while ((idx < (word32)sz)) { + /* Unwrap a single AIA */ + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + oid = 0; + if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0) { + return ASN_PARSE_E; + } + + /* Only supporting URIs right now. */ + if (GetASNTag(input, &idx, &b, sz) < 0) + return ASN_PARSE_E; + + if (GetLength(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (b == GENERALNAME_URI) { + /* Add to AIA list if space. */ + aiaIdx = cert->extAuthInfoListSz; + if (aiaIdx < WOLFSSL_MAX_AIA_ENTRIES) { + cert->extAuthInfoList[aiaIdx].method = oid; + cert->extAuthInfoList[aiaIdx].uri = input + idx; + cert->extAuthInfoList[aiaIdx].uriSz = (word32)length; + cert->extAuthInfoListSz++; + } + else { + cert->extAuthInfoListOverflow = 1; + WOLFSSL_MSG("AIA list overflow"); + } + } + + /* Set first ocsp entry */ + if (b == GENERALNAME_URI && oid == AIA_OCSP_OID && + cert->extAuthInfo == NULL) { + cert->extAuthInfoSz = length; + cert->extAuthInfo = input + idx; + } + #ifdef WOLFSSL_ASN_CA_ISSUER + /* Set first CaIssuers entry */ + else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID && + cert->extAuthInfoCaIssuer == NULL) + { + cert->extAuthInfoCaIssuerSz = length; + cert->extAuthInfoCaIssuer = input + idx; + } + #endif + idx += (word32)length; + } + + return 0; +} + +int DecodeAuthKeyId(const byte* input, word32 sz, const byte **extAuthKeyId, + word32 *extAuthKeyIdSz, const byte **extAuthKeyIdIssuer, + word32 *extAuthKeyIdIssuerSz, const byte **extAuthKeyIdIssuerSN, + word32 *extAuthKeyIdIssuerSNSz) +{ + word32 idx = 0; + int length = 0; + byte tag; + + WOLFSSL_ENTER("DecodeAuthKeyId"); + + if (extAuthKeyId) + *extAuthKeyId = NULL; + if (extAuthKeyIdSz) + *extAuthKeyIdSz = 0; + + if (extAuthKeyIdIssuer) + *extAuthKeyIdIssuer = NULL; + if (extAuthKeyIdIssuerSz) + *extAuthKeyIdIssuerSz = 0; + + if (extAuthKeyIdIssuerSN) + *extAuthKeyIdIssuerSN = NULL; + if (extAuthKeyIdIssuerSNSz) + *extAuthKeyIdIssuerSNSz = 0; + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + if (GetASNTag(input, &idx, &tag, sz) < 0) { + return ASN_PARSE_E; + } + + if (tag != (ASN_CONTEXT_SPECIFIC | 0)) { + WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); + return 0; + } + + if (GetLength(input, &idx, &length, sz) <= 0) { + WOLFSSL_MSG("\tfail: extension data length"); + return ASN_PARSE_E; + } + + if (extAuthKeyIdSz) + *extAuthKeyIdSz = length; + if (extAuthKeyId) + *extAuthKeyId = &input[idx]; + return 0; + +} + +int DecodeKeyUsage(const byte* input, word32 sz, word16 *extKeyUsage) +{ + word32 idx = 0; + int length; + int ret; + WOLFSSL_ENTER("DecodeKeyUsage"); + + ret = CheckBitString(input, &idx, &length, sz, 0, NULL); + if (ret != 0) + return ret; + + if (length == 0 || length > 2) + return ASN_PARSE_E; + + *extKeyUsage = (word16)(input[idx]); + if (length == 2) + *extKeyUsage |= (word16)(input[idx+1] << 8); + + return 0; +} + +int DecodeExtKeyUsage(const byte* input, word32 sz, + const byte **extExtKeyUsageSrc, word32 *extExtKeyUsageSz, + word32 *extExtKeyUsageCount, byte *extExtKeyUsage, + byte *extExtKeyUsageSsh) +{ + word32 idx = 0, oid; + int length, ret; + + WOLFSSL_ENTER("DecodeExtKeyUsage"); + + (void) extExtKeyUsageSrc; + (void) extExtKeyUsageSz; + (void) extExtKeyUsageCount; + (void) extExtKeyUsageSsh; + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + *extExtKeyUsageSrc = NULL; + *extExtKeyUsageSz = 0; + *extExtKeyUsageCount = 0; +#endif + *extExtKeyUsage = 0; +#ifdef WOLFSSL_WOLFSSH + *extExtKeyUsageSsh = 0; +#endif + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + *extExtKeyUsageSrc = input + idx; + *extExtKeyUsageSz = length; +#endif + + while (idx < (word32)sz) { + ret = GetObjectId(input, &idx, &oid, oidCertKeyUseType, sz); + if (ret == WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)) + continue; + else if (ret < 0) + return ret; + + switch (oid) { + case EKU_ANY_OID: + *extExtKeyUsage |= EXTKEYUSE_ANY; + break; + case EKU_SERVER_AUTH_OID: + *extExtKeyUsage |= EXTKEYUSE_SERVER_AUTH; + break; + case EKU_CLIENT_AUTH_OID: + *extExtKeyUsage |= EXTKEYUSE_CLIENT_AUTH; + break; + case EKU_CODESIGNING_OID: + *extExtKeyUsage |= EXTKEYUSE_CODESIGN; + break; + case EKU_EMAILPROTECT_OID: + *extExtKeyUsage |= EXTKEYUSE_EMAILPROT; + break; + case EKU_TIMESTAMP_OID: + *extExtKeyUsage |= EXTKEYUSE_TIMESTAMP; + break; + case EKU_OCSP_SIGN_OID: + *extExtKeyUsage |= EXTKEYUSE_OCSP_SIGN; + break; + #ifdef WOLFSSL_WOLFSSH + case EKU_SSH_CLIENT_AUTH_OID: + *extExtKeyUsageSsh |= EXTKEYUSE_SSH_CLIENT_AUTH; + break; + case EKU_SSH_MSCL_OID: + *extExtKeyUsageSsh |= EXTKEYUSE_SSH_MSCL; + break; + case EKU_SSH_KP_CLIENT_AUTH_OID: + *extExtKeyUsageSsh |= EXTKEYUSE_SSH_KP_CLIENT_AUTH; + break; + #endif /* WOLFSSL_WOLFSSH */ + default: + break; + } + + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + (*extExtKeyUsageCount)++; + #endif + } + + return 0; +} + +#ifndef IGNORE_NAME_CONSTRAINTS +static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, + word32 limit, void* heap) +{ + word32 idx = 0; + int ret = 0; + word32 cnt = 0; + + (void)heap; + + while (idx < (word32)sz) { + int seqLength, strLength; + word32 nameIdx; + byte b, bType; + + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + return ASN_NAME_INVALID_E; + } + } + + if (GetSequence(input, &idx, &seqLength, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + if (idx >= (word32)sz) { + WOLFSSL_MSG("\tfail: expecting tag"); + return ASN_PARSE_E; + } + + nameIdx = idx; + b = input[nameIdx++]; + + if (GetLength(input, &nameIdx, &strLength, sz) <= 0) { + WOLFSSL_MSG("\tinvalid length"); + return ASN_PARSE_E; + } + + /* Get type, LSB 4-bits */ + bType = (byte)(b & ASN_TYPE_MASK); + + if (bType == ASN_DNS_TYPE || bType == ASN_RFC822_TYPE || + bType == ASN_DIR_TYPE || bType == ASN_IP_TYPE || + bType == ASN_URI_TYPE) { + Base_entry* entry; + + /* if constructed has leading sequence */ + if (b & ASN_CONSTRUCTED) { + if (GetSequence(input, &nameIdx, &strLength, sz) < 0) { + WOLFSSL_MSG("\tfail: constructed be a SEQUENCE"); + return ASN_PARSE_E; + } + } + + entry = (Base_entry*)XMALLOC(sizeof(Base_entry), heap, + DYNAMIC_TYPE_ALTNAME); + if (entry == NULL) { + WOLFSSL_MSG("allocate error"); + return MEMORY_E; + } + + entry->name = (char*)XMALLOC((size_t)strLength+1, heap, + DYNAMIC_TYPE_ALTNAME); + if (entry->name == NULL) { + WOLFSSL_MSG("allocate error"); + XFREE(entry, heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + + XMEMCPY(entry->name, &input[nameIdx], (size_t)strLength); + entry->name[strLength] = '\0'; + entry->nameSz = strLength; + entry->type = bType; + + entry->next = *head; + *head = entry; + } + + idx += (word32)seqLength; + } + + return ret; +} + +static int DecodeNameConstraints(const byte* input, word32 sz, + DecodedCert* cert) +{ + word32 idx = 0; + int length = 0; + + WOLFSSL_ENTER("DecodeNameConstraints"); + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + while (idx < (word32)sz) { + byte b = input[idx++]; + Base_entry** subtree = NULL; + + if (GetLength(input, &idx, &length, sz) <= 0) { + WOLFSSL_MSG("\tinvalid length"); + return ASN_PARSE_E; + } + + if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) + subtree = &cert->permittedNames; + else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) + subtree = &cert->excludedNames; + else { + WOLFSSL_MSG("\tinvalid subtree"); + return ASN_PARSE_E; + } + + if (DecodeSubtree(input + idx, (word32)length, subtree, + WOLFSSL_MAX_NAME_CONSTRAINTS, cert->heap) < 0) { + WOLFSSL_MSG("\terror parsing subtree"); + return ASN_PARSE_E; + } + + idx += (word32)length; + } + + return 0; +} + +#endif +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) +{ + word32 idx = 0; + word32 oldIdx; + int policy_length = 0; + int ret; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif + + WOLFSSL_ENTER("DecodeCertPolicy"); + + /* Check if cert is null before dereferencing below */ + if (cert == NULL) + return BAD_FUNC_ARG; + +#if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; +#endif + + if (GetSequence(input, &idx, &total_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy total seq failed"); + return ASN_PARSE_E; + } + + /* Validate total length */ + if (total_length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length mismatch"); + return ASN_PARSE_E; + } + + /* Unwrap certificatePolicies */ + do { + int length = 0; + + if (GetSequence(input, &idx, &policy_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy seq failed"); + return ASN_PARSE_E; + } + + oldIdx = idx; + ret = GetASNObjectId(input, &idx, &length, sz); + if (ret != 0) + return ret; + policy_length -= (int)(idx - oldIdx); + + if (length > 0) { + /* Verify length won't overrun buffer */ + if (length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); + return ASN_PARSE_E; + } + + #ifdef WOLFSSL_SEP + if (cert->deviceType == NULL) { + cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->deviceType == NULL) { + WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); + return MEMORY_E; + } + cert->deviceTypeSz = length; + XMEMCPY(cert->deviceType, input + idx, (size_t)length); + } + #endif + + #ifdef WOLFSSL_CERT_EXT + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[ + cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; i < cert->extCertPoliciesNb; i++) { + if (XMEMCMP(cert->extCertPolicies[i], + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ) == 0) { + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + return CERTPOLICIES_E; + } + } + #endif /* !WOLFSSL_DUP_CERTPOL */ + cert->extCertPoliciesNb++; + #endif + } + idx += (word32)policy_length; + } while((int)idx < total_length + #ifdef WOLFSSL_CERT_EXT + && cert->extCertPoliciesNb < MAX_CERTPOL_NB + #endif + ); + + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return 0; +} + +#endif +#ifdef WOLFSSL_SUBJ_DIR_ATTR +static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert) +{ + word32 idx = 0; + int length = 0; + int ret = 0; + + WOLFSSL_ENTER("DecodeSubjDirAttr"); + +#ifdef OPENSSL_ALL + cert->extSubjDirAttrSrc = input; + cert->extSubjDirAttrSz = sz; +#endif /* OPENSSL_ALL */ + + /* Unwrap the list of Attributes */ + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (length == 0) { + /* RFC 5280 4.2.1.8. Subject Directory Attributes + If the subjectDirectoryAttributes extension is present, the + sequence MUST contain at least one entry. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* length is the length of the list contents */ + while (idx < (word32)sz) { + word32 oid; + + if (GetSequence(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (GetObjectId(input, &idx, &oid, oidSubjDirAttrType, sz) < 0) + return ASN_PARSE_E; + + if (GetSet(input, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + /* There may be more than one countryOfCitizenship, but save the + * first one for now. */ + if (oid == SDA_COC_OID) { + byte tag; + + if (GetHeader(input, &tag, &idx, &length, sz, 1) < 0) + return ASN_PARSE_E; + + if (length != COUNTRY_CODE_LEN) + return ASN_PARSE_E; + + if (tag == ASN_PRINTABLE_STRING) { + XMEMCPY(cert->countryOfCitizenship, + input + idx, COUNTRY_CODE_LEN); + cert->countryOfCitizenship[COUNTRY_CODE_LEN] = 0; + } + } + idx += length; + } + + return ret; +} + +#endif +static int DecodeCertExtensions(DecodedCert* cert) +{ + int ret = 0; + word32 idx = 0; + word32 sz = (word32)cert->extensionsSz; + const byte* input = cert->extensions; + int length; + word32 oid; + byte critical = 0; + byte criticalFail = 0; + byte tag = 0; + + WOLFSSL_ENTER("DecodeCertExtensions"); + + if (input == NULL || sz == 0) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_CERT_REQ + if (!cert->isCSR) +#endif + { /* Not included in CSR */ + if (GetASNTag(input, &idx, &tag, sz) < 0) { + return ASN_PARSE_E; + } + + if (tag != ASN_EXTENSIONS) { + WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); + return ASN_PARSE_E; + } + + if (GetLength(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: invalid length"); + return ASN_PARSE_E; + } + } + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)"); + return ASN_PARSE_E; + } + + while (idx < (word32)sz) { + word32 localIdx; + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + oid = 0; + if ((ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz)) < 0) { + WOLFSSL_MSG("\tfail: OBJECT ID"); + return ret; + } + + /* check for critical flag */ + critical = 0; + if ((idx + 1) > (word32)sz) { + WOLFSSL_MSG("\tfail: malformed buffer"); + return BUFFER_E; + } + + localIdx = idx; + if (GetASNTag(input, &localIdx, &tag, sz) == 0) { + if (tag == ASN_BOOLEAN) { + ret = GetBoolean(input, &idx, sz); + if (ret < 0) { + WOLFSSL_MSG("\tfail: critical boolean"); + return ret; + } + + critical = (byte)ret; + } + } + + /* process the extension based on the OID */ + ret = GetOctetString(input, &idx, &length, sz); + if (ret < 0) { + WOLFSSL_MSG("\tfail: bad OCTET STRING"); + return ret; + } + + ret = DecodeExtensionType(input + idx, (word32)length, oid, critical, + cert, NULL); + if (ret == WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { + ret = 0; + criticalFail = 1; + } + if (ret < 0) + goto end; + idx += (word32)length; + } + + ret = criticalFail ? ASN_CRIT_EXT_E : 0; +end: + return ret; +} + +#if defined(WOLFSSL_SMALL_CERT_VERIFY) || defined(OPENSSL_EXTRA) +static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, + void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req) +{ +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + SignatureCtx sigCtx[1]; +#else + SignatureCtx* sigCtx; +#endif + byte hash[KEYID_SIZE]; + Signer* ca = NULL; + word32 idx = 0; + int len; + word32 tbsCertIdx = 0; + word32 sigIndex = 0; + word32 signatureOID = 0; + word32 oid = 0; + word32 issuerIdx = 0; + word32 issuerSz = 0; +#ifndef NO_SKID + int extLen = 0; + word32 extIdx = 0; + word32 extEndIdx = 0; + int extAuthKeyIdSet = 0; +#endif + int ret = 0; + word32 localIdx; + byte tag; + const byte* sigParams = NULL; + word32 sigParamsSz = 0; + + + if (cert == NULL) { + return BAD_FUNC_ARG; + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, DYNAMIC_TYPE_SIGNATURE); + if (sigCtx == NULL) + return MEMORY_E; +#endif + + InitSignatureCtx(sigCtx, heap, INVALID_DEVID); + + /* Certificate SEQUENCE */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + if (ret == 0) { + tbsCertIdx = idx; + + /* TBSCertificate SEQUENCE */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + sigIndex = len + idx; + + if ((idx + 1) > certSz) + ret = BUFFER_E; + } + if (ret == 0) { + /* version - optional */ + localIdx = idx; + if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { + idx++; + if (GetLength(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + idx += len; + } + } + } + + if (ret == 0) { + /* serialNumber */ + if (GetASNHeader(cert, ASN_INTEGER, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + idx += len; + + /* signature */ + if (!req) { + if (GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) + ret = ASN_PARSE_E; + #ifdef WC_RSA_PSS + else if (signatureOID == CTC_RSASSAPSS) { + int start = idx; + sigParams = cert + idx; + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + if (ret == 0) { + idx += len; + sigParamsSz = idx - start; + } + } + #endif + } + } + + if (ret == 0) { + issuerIdx = idx; + /* issuer for cert or subject for csr */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + issuerSz = len + idx - issuerIdx; + } +#ifndef NO_SKID + if (!req && ret == 0) { + idx += len; + + /* validity */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (!req && ret == 0) { + idx += len; + + /* subject */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + idx += len; + + /* subjectPublicKeyInfo */ + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + } + if (req && ret == 0) { + idx += len; + + /* attributes */ + if (GetASNHeader_ex(cert, + ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, + &len, certSz, 1) < 0) + ret = ASN_PARSE_E; + } + if (!req) { + if (ret == 0) { + idx += len; + + if ((idx + 1) > certSz) + ret = BUFFER_E; + } + if (ret == 0) { + /* issuerUniqueID - optional */ + localIdx = idx; + if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { + idx++; + if (GetLength(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + idx += len; + } + } + } + if (ret == 0) { + if ((idx + 1) > certSz) + ret = BUFFER_E; + } + if (ret == 0) { + /* subjectUniqueID - optional */ + localIdx = idx; + if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { + idx++; + if (GetLength(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + idx += len; + } + } + } + + if (ret == 0) { + if ((idx + 1) > certSz) + ret = BUFFER_E; + } + /* extensions - optional */ + localIdx = idx; + if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && + tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { + idx++; + if (GetLength(cert, &idx, &extLen, certSz) < 0) + ret = ASN_PARSE_E; + if (ret == 0) { + if (GetSequence(cert, &idx, &extLen, certSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + extEndIdx = idx + extLen; + + /* Check each extension for the ones we want. */ + while (ret == 0 && idx < extEndIdx) { + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + if (ret == 0) { + extIdx = idx; + if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, + certSz) < 0) { + ret = ASN_PARSE_E; + } + + if (ret == 0) { + if ((extIdx + 1) > certSz) + ret = BUFFER_E; + } + } + + if (ret == 0) { + localIdx = extIdx; + if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && + tag == ASN_BOOLEAN) { + if (GetBoolean(cert, &extIdx, certSz) < 0) + ret = ASN_PARSE_E; + } + } + if (ret == 0) { + if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) + ret = ASN_PARSE_E; + } + + if (ret == 0) { + switch (oid) { + case AUTH_KEY_OID: + if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) + ret = ASN_PARSE_E; + + if (ret == 0 && (extIdx + 1) >= certSz) + ret = BUFFER_E; + + if (ret == 0 && + GetASNTag(cert, &extIdx, &tag, certSz) == 0 && + tag == (ASN_CONTEXT_SPECIFIC | 0)) { + if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) + ret = ASN_PARSE_E; + if (ret == 0) { + extAuthKeyIdSet = 1; + /* Get the hash or hash of the hash if wrong + * size. */ + ret = GetHashId(cert + extIdx, extLen, + hash, HashIdAlg(signatureOID)); + } + } + break; + + default: + break; + } + } + idx += len; + } + } + } + } + else if (ret == 0) { + idx += len; + } + + if (ret == 0 && pubKey == NULL) { + if (extAuthKeyIdSet) + ca = GetCA(cm, hash); + if (ca == NULL) { + ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash, + HashIdAlg(signatureOID)); + if (ret == 0) + ca = GetCAByName(cm, hash); + } + } +#else + if (ret == 0 && pubKey == NULL) { + ret = CalcHashId_ex(cert + issuerIdx, issuerSz, hash, + HashIdAlg(signatureOID)); + if (ret == 0) + ca = GetCA(cm, hash); + } +#endif /* !NO_SKID */ + if (ca == NULL && pubKey == NULL) + ret = ASN_NO_SIGNER_E; + + if (ret == 0) { + idx = sigIndex; + /* signatureAlgorithm */ + if (GetAlgoId(cert, &idx, &oid, oidSigType, certSz) < 0) + ret = ASN_PARSE_E; + #ifdef WC_RSA_PSS + else if (signatureOID == CTC_RSASSAPSS) { + word32 sz = idx; + const byte* params = cert + idx; + if (GetSequence(cert, &idx, &len, certSz) < 0) + ret = ASN_PARSE_E; + if (ret == 0) { + idx += len; + sz = idx - sz; + + if (req) { + if ((sz != sigParamsSz) || + (XMEMCMP(sigParams, params, sz) != 0)) { + ret = ASN_PARSE_E; + } + } + else { + sigParams = params; + sigParamsSz = sz; + } + } + } + #endif + /* In CSR signature data is not present in body */ + if (req) + signatureOID = oid; + } + if (ret == 0) { + if (oid != signatureOID) + ret = ASN_SIG_OID_E; + } + if (ret == 0) { + /* signatureValue */ + if (CheckBitString(cert, &idx, &len, certSz, 1, NULL) < 0) + ret = ASN_PARSE_E; + } + + if (ret == 0) { + if (pubKey != NULL) { + ret = ConfirmSignature(sigCtx, cert + tbsCertIdx, + sigIndex - tbsCertIdx, pubKey, pubKeySz, pubKeyOID, + cert + idx, len, signatureOID, sigParams, sigParamsSz, NULL); + } + else { + ret = ConfirmSignature(sigCtx, cert + tbsCertIdx, + sigIndex - tbsCertIdx, ca->publicKey, ca->pubKeySize, + ca->keyOID, cert + idx, len, signatureOID, sigParams, + sigParamsSz, NULL); + } + if (ret != 0) { + WOLFSSL_ERROR_VERBOSE(ret); + WOLFSSL_MSG("Confirm signature failed"); + } + } + + FreeSignatureCtx(sigCtx); + WC_FREE_VAR_EX(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + return ret; +} + +#endif +#endif +int wc_GetSerialNumber(const byte* input, word32* inOutIdx, + byte* serial, int* serialSz, word32 maxIdx) +{ + int result = 0; + int ret; + + WOLFSSL_ENTER("wc_GetSerialNumber"); + + if (serial == NULL || input == NULL || serialSz == NULL) { + return BAD_FUNC_ARG; + } + + /* First byte is ASN type */ + if ((*inOutIdx+1) > maxIdx) { + WOLFSSL_MSG("Bad idx first"); + return BUFFER_E; + } + + ret = GetASNInt(input, inOutIdx, serialSz, maxIdx); + if (ret != 0) + return ret; + + if (*serialSz > EXTERNAL_SERIAL_SIZE || *serialSz <= 0) { + WOLFSSL_MSG("Serial size bad"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* return serial */ + XMEMCPY(serial, &input[*inOutIdx], (size_t)*serialSz); + *inOutIdx += (word32)*serialSz; + + return result; +} + +#ifndef NO_CERTS +#if !defined(NO_RSA) && \ +(defined(WOLFSSL_KEY_TO_DER) || defined(WOLFSSL_CERT_GEN)) +static int SetRsaPublicKey(byte* output, RsaKey* key, int outLen, + int with_header) +{ + int nSz, eSz; + word32 seqSz, algoSz = 0, headSz = 0, bitStringSz = 0, idx; + byte seq[MAX_SEQ_SZ]; + byte headSeq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + byte algo[MAX_ALGO_SZ]; /* 20 bytes */ + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + nSz = SetASNIntMP(&key->n, MAX_RSA_INT_SZ, NULL); + + if (nSz < 0) + return nSz; + + eSz = SetASNIntMP(&key->e, MAX_RSA_INT_SZ, NULL); + + if (eSz < 0) + return eSz; + seqSz = SetSequence((word32)(nSz + eSz), seq); + + /* headers */ + if (with_header) { + algoSz = SetAlgoID(RSAk, algo, oidKeyType, 0); + bitStringSz = SetBitString(seqSz + (word32)(nSz + eSz), 0, bitString); + headSz = SetSequence((word32)(nSz + eSz) + seqSz + bitStringSz + algoSz, + headSeq); + } + + /* if getting length only */ + if (output == NULL) { + return (int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz; + } + + /* check output size */ + if (((int)(headSz + algoSz + bitStringSz + seqSz) + nSz + eSz) > outLen) { + return BUFFER_E; + } + + /* write output */ + idx = 0; + if (with_header) { + /* header size */ + XMEMCPY(output + idx, headSeq, headSz); + idx += headSz; + /* algo */ + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; + /* bit string */ + XMEMCPY(output + idx, bitString, bitStringSz); + idx += bitStringSz; + } + + /* seq */ + XMEMCPY(output + idx, seq, seqSz); + idx += seqSz; + /* n */ + nSz = SetASNIntMP(&key->n, nSz, output + idx); + idx += (word32)nSz; + /* e */ + eSz = SetASNIntMP(&key->e, eSz, output + idx); + idx += (word32)eSz; + + return (int)idx; +} + +#endif +#endif +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER) +int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen) +{ + int ret = 0, i; + int mpSz; + word32 seqSz = 0, verSz = 0, intTotalLen = 0, outLen = 0; + byte seq[MAX_SEQ_SZ]; + byte ver[MAX_VERSION_SZ]; + mp_int* keyInt; +#ifndef WOLFSSL_NO_MALLOC + word32 rawLen; + byte* tmps[RSA_INTS]; + word32 sizes[RSA_INTS]; +#endif + + if (key == NULL) + return BAD_FUNC_ARG; + + if (key->type != RSA_PRIVATE) + return BAD_FUNC_ARG; + +#ifndef WOLFSSL_NO_MALLOC + for (i = 0; i < RSA_INTS; i++) + tmps[i] = NULL; +#endif + + /* write all big ints from key to DER tmps */ + for (i = 0; i < RSA_INTS; i++) { + keyInt = GetRsaInt(key, i); + ret = mp_unsigned_bin_size(keyInt); + if (ret < 0) + break; +#ifndef WOLFSSL_NO_MALLOC + rawLen = (word32)ret + 1; + ret = 0; + if (output != NULL) { + tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, key->heap, + DYNAMIC_TYPE_RSA); + if (tmps[i] == NULL) { + ret = MEMORY_E; + break; + } + } + mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, tmps[i]); +#else + ret = 0; + mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, NULL); +#endif + if (mpSz < 0) { + ret = mpSz; + break; + } + #ifndef WOLFSSL_NO_MALLOC + sizes[i] = (word32)mpSz; + #endif + intTotalLen += (word32)mpSz; + } + + if (ret == 0) { + /* make headers */ + ret = SetMyVersion(0, ver, FALSE); + } + + if (ret >= 0) { + verSz = (word32)ret; + ret = 0; + seqSz = SetSequence(verSz + intTotalLen, seq); + outLen = seqSz + verSz + intTotalLen; + if (output != NULL && outLen > inLen) + ret = BUFFER_E; + } + if (ret == 0 && output != NULL) { + word32 j; + + /* write to output */ + XMEMCPY(output, seq, seqSz); + j = seqSz; + XMEMCPY(output + j, ver, verSz); + j += verSz; + + for (i = 0; i < RSA_INTS; i++) { +/* copy from tmps if we have malloc, otherwise re-export with buffer */ +#ifndef WOLFSSL_NO_MALLOC + XMEMCPY(output + j, tmps[i], sizes[i]); + j += sizes[i]; +#else + keyInt = GetRsaInt(key, i); + ret = mp_unsigned_bin_size(keyInt); + if (ret < 0) + break; + ret = 0; + /* This won't overrun output due to the outLen check above */ + mpSz = SetASNIntMP(keyInt, MAX_RSA_INT_SZ, output + j); + if (mpSz < 0) { + ret = mpSz; + break; + } + j += mpSz; +#endif + } + } + +#ifndef WOLFSSL_NO_MALLOC + for (i = 0; i < RSA_INTS; i++) { + if (tmps[i]) + XFREE(tmps[i], key->heap, DYNAMIC_TYPE_RSA); + } +#endif + + if (ret == 0) + ret = (int)outLen; + return ret; +} + +#endif +#ifndef NO_CERTS +#ifdef WOLFSSL_CERT_GEN +#ifdef WOLFSSL_CERT_REQ + +/* Write a set header to output */ +static word32 SetPrintableString(word32 len, byte* output) +{ + output[0] = ASN_PRINTABLE_STRING; + return SetLength(len, output + 1) + 1; +} + +static word32 SetUTF8String(word32 len, byte* output) +{ + output[0] = ASN_UTF8STRING; + return SetLength(len, output + 1) + 1; +} + + +#endif + +/* Copy Dates from cert, return bytes written */ +static int CopyValidity(byte* output, Cert* cert) +{ + word32 seqSz; + + WOLFSSL_ENTER("CopyValidity"); + + /* headers and output */ + seqSz = SetSequence((word32)(cert->beforeDateSz + cert->afterDateSz), + output); + if (output) { + XMEMCPY(output + seqSz, cert->beforeDate, (size_t)cert->beforeDateSz); + XMEMCPY(output + seqSz + cert->beforeDateSz, cert->afterDate, + (size_t)cert->afterDateSz); + } + return (int)seqSz + cert->beforeDateSz + cert->afterDateSz; +} + + +/* + Extensions ::= SEQUENCE OF Extension + + Extension ::= SEQUENCE { + extnId OBJECT IDENTIFIER, + critical BOOLEAN DEFAULT FALSE, + extnValue OCTET STRING } + */ + +/* encode all extensions, return total bytes written */ +static int SetExtensions(byte* out, word32 outSz, int *IdxInOut, + const byte* ext, int extSz) +{ + if (out == NULL || IdxInOut == NULL || ext == NULL) + return BAD_FUNC_ARG; + + if (outSz < (word32)(*IdxInOut+extSz)) + return BUFFER_E; + + XMEMCPY(&out[*IdxInOut], ext, (size_t)extSz); /* extensions */ + *IdxInOut += extSz; + + return *IdxInOut; +} + +/* encode extensions header, return total bytes written */ +static int SetExtensionsHeader(byte* out, word32 outSz, word32 extSz) +{ + byte sequence[MAX_SEQ_SZ]; + byte len[MAX_LENGTH_SZ]; + word32 seqSz, lenSz, idx = 0; + + if (out == NULL) + return BAD_FUNC_ARG; + + if (outSz < 3) + return BUFFER_E; + + seqSz = SetSequence(extSz, sequence); + + /* encode extensions length provided */ + lenSz = SetLength(extSz+seqSz, len); + + if (outSz < (word32)(lenSz+seqSz+1)) + return BUFFER_E; + + out[idx++] = ASN_EXTENSIONS; /* extensions id */ + XMEMCPY(&out[idx], len, lenSz); /* length */ + idx += lenSz; + + XMEMCPY(&out[idx], sequence, seqSz); /* sequence */ + idx += seqSz; + + return (int)idx; +} + + +/* encode CA basic constraints true with path length + * return total bytes written */ +static int SetCaWithPathLen(byte* out, word32 outSz, byte pathLen) +{ + /* ASN1->DER sequence for Basic Constraints True and path length */ + const byte caPathLenBasicConstASN1[] = { + 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, + 0x08, 0x30, 0x06, 0x01, 0x01, 0xFF, 0x02, 0x01, + 0x00 + }; + + if (out == NULL) + return BAD_FUNC_ARG; + + if (outSz < sizeof(caPathLenBasicConstASN1)) + return BUFFER_E; + + XMEMCPY(out, caPathLenBasicConstASN1, sizeof(caPathLenBasicConstASN1)); + + out[sizeof(caPathLenBasicConstASN1)-1] = pathLen; + + return (int)sizeof(caPathLenBasicConstASN1); +} + +/* encode CA basic constraints + * return total bytes written */ +static int SetCaEx(byte* out, word32 outSz, byte isCa) +{ + /* ASN1->DER sequence for Basic Constraints True */ + const byte caBasicConstASN1[] = { + 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, + 0x05, 0x30, 0x03, 0x01, 0x01, 0xff + }; + + if (out == NULL) + return BAD_FUNC_ARG; + + if (outSz < sizeof(caBasicConstASN1)) + return BUFFER_E; + + XMEMCPY(out, caBasicConstASN1, sizeof(caBasicConstASN1)); + + if (!isCa) { + out[sizeof(caBasicConstASN1)-1] = isCa; + } + + return (int)sizeof(caBasicConstASN1); +} + +/* encode CA basic constraints true + * return total bytes written */ +static int SetCa(byte* out, word32 outSz) +{ + return SetCaEx(out, outSz, 1); +} + +/* encode basic constraints without CA Boolean + * return total bytes written */ +static int SetBC(byte* out, word32 outSz) +{ + /* ASN1->DER sequence for Basic Constraint without CA Boolean */ + const byte BasicConstASN1[] = { + 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, + 0x02, 0x30, 0x00 + }; + + if (out == NULL) + return BAD_FUNC_ARG; + + if (outSz < sizeof(BasicConstASN1)) + return BUFFER_E; + + XMEMCPY(out, BasicConstASN1, sizeof(BasicConstASN1)); + + return (int)sizeof(BasicConstASN1); +} + +#ifdef WOLFSSL_CERT_EXT +/* encode OID and associated value, return total bytes written */ +static int SetOidValue(byte* out, word32 outSz, const byte *oid, word32 oidSz, + byte *in, word32 inSz) +{ + word32 idx = 0; + + if (out == NULL || oid == NULL || in == NULL) + return BAD_FUNC_ARG; + if (inSz >= ASN_LONG_LENGTH) + return BAD_FUNC_ARG; + if (oidSz >= ASN_LONG_LENGTH) + return BAD_FUNC_ARG; + if (inSz + oidSz + 1 >= ASN_LONG_LENGTH) + return BAD_FUNC_ARG; + + if (outSz < 3) + return BUFFER_E; + + /* sequence, + 1 => byte to put value size */ + idx = SetSequence(inSz + oidSz + 1, out); + + if ((idx + inSz + oidSz + 1) > outSz) + return BUFFER_E; + + XMEMCPY(out+idx, oid, oidSz); + idx += oidSz; + out[idx++] = (byte)inSz; + XMEMCPY(out+idx, in, inSz); + + return (int)(idx+inSz); +} + +/* encode Subject Key Identifier, return total bytes written + * RFC5280 : non-critical */ +static int SetSKID(byte* output, word32 outSz, const byte *input, word32 length) +{ + byte skid_len[1 + MAX_LENGTH_SZ]; + byte skid_enc_len[MAX_LENGTH_SZ]; + word32 idx = 0, skid_lenSz, skid_enc_lenSz; + const byte skid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04 }; + + if (output == NULL || input == NULL) + return BAD_FUNC_ARG; + + /* Octet String header */ + skid_lenSz = SetOctetString(length, skid_len); + + /* length of encoded value */ + skid_enc_lenSz = SetLength(length + skid_lenSz, skid_enc_len); + + if (outSz < 3) + return BUFFER_E; + + idx = SetSequence(length + (word32)sizeof(skid_oid) + skid_lenSz + + skid_enc_lenSz, output); + + if ((length + sizeof(skid_oid) + skid_lenSz + skid_enc_lenSz) > outSz) + return BUFFER_E; + + /* put oid */ + XMEMCPY(output+idx, skid_oid, sizeof(skid_oid)); + idx += sizeof(skid_oid); + + /* put encoded len */ + XMEMCPY(output+idx, skid_enc_len, skid_enc_lenSz); + idx += skid_enc_lenSz; + + /* put octet header */ + XMEMCPY(output+idx, skid_len, skid_lenSz); + idx += skid_lenSz; + + /* put value */ + XMEMCPY(output+idx, input, length); + idx += length; + + return (int)idx; +} + +/* encode Authority Key Identifier, return total bytes written + * RFC5280 : non-critical */ +static int SetAKID(byte* output, word32 outSz, byte *input, word32 length, + byte rawAkid) +{ + int enc_valSz; + byte enc_val_buf[MAX_KID_SZ]; + byte* enc_val; + const byte akid_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; + const byte akid_cs[] = { 0x80 }; + word32 inSeqSz, idx; + + (void)rawAkid; + + if (output == NULL || input == NULL) + return BAD_FUNC_ARG; + +#ifdef WOLFSSL_AKID_NAME + if (rawAkid) { + enc_val = input; + enc_valSz = length; + } + else +#endif + { + enc_val = enc_val_buf; + enc_valSz = (int)length + 3 + (int)sizeof(akid_cs); + if (enc_valSz > (int)sizeof(enc_val_buf)) + return BAD_FUNC_ARG; + + /* sequence for ContentSpec & value */ + enc_valSz = SetOidValue(enc_val, (word32)enc_valSz, akid_cs, + sizeof(akid_cs), input, length); + if (enc_valSz <= 0) + return enc_valSz; + } + + /* The size of the extension sequence contents */ + inSeqSz = (word32)sizeof(akid_oid) + + SetOctetString((word32)enc_valSz, NULL) + (word32)enc_valSz; + + if (SetSequence(inSeqSz, NULL) + inSeqSz > outSz) + return BAD_FUNC_ARG; + + /* Write out the sequence header */ + idx = SetSequence(inSeqSz, output); + + /* Write out OID */ + XMEMCPY(output + idx, akid_oid, sizeof(akid_oid)); + idx += sizeof(akid_oid); + + /* Write out AKID */ + idx += SetOctetString((word32)enc_valSz, output + idx); + XMEMCPY(output + idx, enc_val, (size_t)enc_valSz); + + return (int)idx + enc_valSz; +} + +/* encode Key Usage, return total bytes written + * RFC5280 : critical */ +static int SetKeyUsage(byte* output, word32 outSz, word16 input) +{ + byte ku[5]; + word32 idx; + const byte keyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f, + 0x01, 0x01, 0xff, 0x04}; + if (output == NULL) + return BAD_FUNC_ARG; + + idx = SetBitString16Bit(input, ku); + return SetOidValue(output, outSz, keyusage_oid, sizeof(keyusage_oid), + ku, idx); +} + +static int SetOjectIdValue(byte* output, word32 outSz, word32* idx, + const byte* oid, word32 oidSz) +{ + /* verify room */ + if (*idx + 2 + oidSz >= outSz) + return ASN_PARSE_E; + + *idx += (word32)SetObjectId((int)oidSz, &output[*idx]); + XMEMCPY(&output[*idx], oid, oidSz); + *idx += oidSz; + + return 0; +} + +static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) +{ + word32 idx = 0, oidListSz = 0, totalSz; + int ret = 0; + const byte extkeyusage_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; + + if (output == NULL) + return BAD_FUNC_ARG; + + /* Skip to OID List */ + totalSz = 2 + sizeof(extkeyusage_oid) + 4; + idx = totalSz; + + /* Build OID List */ + /* If any set, then just use it */ + if (input & EXTKEYUSE_ANY) { + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageAnyOid, sizeof(extExtKeyUsageAnyOid)); + } + else { + if (input & EXTKEYUSE_SERVER_AUTH) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageServerAuthOid, sizeof(extExtKeyUsageServerAuthOid)); + if (input & EXTKEYUSE_CLIENT_AUTH) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageClientAuthOid, sizeof(extExtKeyUsageClientAuthOid)); + if (input & EXTKEYUSE_CODESIGN) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageCodeSigningOid, sizeof(extExtKeyUsageCodeSigningOid)); + if (input & EXTKEYUSE_EMAILPROT) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageEmailProtectOid, sizeof(extExtKeyUsageEmailProtectOid)); + if (input & EXTKEYUSE_TIMESTAMP) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageTimestampOid, sizeof(extExtKeyUsageTimestampOid)); + if (input & EXTKEYUSE_OCSP_SIGN) + ret |= SetOjectIdValue(output, outSz, &idx, + extExtKeyUsageOcspSignOid, sizeof(extExtKeyUsageOcspSignOid)); + #ifdef WOLFSSL_EKU_OID + /* iterate through OID values */ + if (input & EXTKEYUSE_USER) { + int i, sz; + for (i = 0; i < CTC_MAX_EKU_NB; i++) { + sz = cert->extKeyUsageOIDSz[i]; + if (sz > 0) { + ret |= SetOjectIdValue(output, outSz, &idx, + cert->extKeyUsageOID[i], sz); + } + } + } + #endif /* WOLFSSL_EKU_OID */ + } + if (ret != 0) + return ASN_PARSE_E; + + /* Calculate Sizes */ + oidListSz = idx - totalSz; + totalSz = idx - 2; /* exclude first seq/len (2) */ + + /* 1. Seq + Total Len (2) */ + idx = SetSequence(totalSz, output); + + /* 2. Object ID (2) */ + XMEMCPY(&output[idx], extkeyusage_oid, sizeof(extkeyusage_oid)); + idx += sizeof(extkeyusage_oid); + + /* 3. Octet String (2) */ + idx += SetOctetString(totalSz - idx, &output[idx]); + + /* 4. Seq + OidListLen (2) */ + idx += SetSequence(oidListSz, &output[idx]); + + /* 5. Oid List (already set in-place above) */ + idx += oidListSz; + + (void)cert; + return (int)idx; +} + +#ifndef IGNORE_NETSCAPE_CERT_TYPE +static int SetNsCertType(Cert* cert, byte* output, word32 outSz, byte input) +{ + word32 idx; + byte unusedBits = 0; + byte nsCertType = input; + word32 totalSz; + word32 bitStrSz; + const byte nscerttype_oid[] = { 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, + 0x86, 0xF8, 0x42, 0x01, 0x01 }; + + if (cert == NULL || output == NULL || + input == 0) + return BAD_FUNC_ARG; + + totalSz = sizeof(nscerttype_oid); + + /* Get amount of lsb zero's */ + for (;(input & 1) == 0; input >>= 1) + unusedBits++; + + /* 1 byte of NS Cert Type extension */ + bitStrSz = SetBitString(1, unusedBits, NULL) + 1; + totalSz += SetOctetString(bitStrSz, NULL) + bitStrSz; + + if (SetSequence(totalSz, NULL) + totalSz > outSz) + return BAD_FUNC_ARG; + + /* 1. Seq + Total Len */ + idx = SetSequence(totalSz, output); + + /* 2. Object ID */ + XMEMCPY(&output[idx], nscerttype_oid, sizeof(nscerttype_oid)); + idx += sizeof(nscerttype_oid); + + /* 3. Octet String */ + idx += SetOctetString(bitStrSz, &output[idx]); + + /* 4. Bit String */ + idx += SetBitString(1, unusedBits, &output[idx]); + output[idx++] = nsCertType; + + return (int)idx; +} + +#endif +static int SetCRLInfo(Cert* cert, byte* output, word32 outSz, byte* input, + int inSz) +{ + word32 idx; + word32 totalSz; + const byte crlinfo_oid[] = { 0x06, 0x03, 0x55, 0x1D, 0x1F }; + + if (cert == NULL || output == NULL || + input == 0 || inSz <= 0) + return BAD_FUNC_ARG; + + totalSz = (word32)sizeof(crlinfo_oid) + SetOctetString((word32)inSz, NULL) + + (word32)inSz; + + if (SetSequence(totalSz, NULL) + totalSz > outSz) + return BAD_FUNC_ARG; + + /* 1. Seq + Total Len */ + idx = SetSequence(totalSz, output); + + /* 2. Object ID */ + XMEMCPY(&output[idx], crlinfo_oid, sizeof(crlinfo_oid)); + idx += sizeof(crlinfo_oid); + + /* 3. Octet String */ + idx += SetOctetString((word32)inSz, &output[idx]); + + /* 4. CRL Info */ + XMEMCPY(&output[idx], input, (size_t)inSz); + idx += (word32)inSz; + + return (int)idx; +} + +static int SetCertificatePolicies(byte *output, + word32 outputSz, + char input[MAX_CERTPOL_NB][MAX_CERTPOL_SZ], + word16 nb_certpol, + void* heap) +{ + byte oid[MAX_OID_SZ]; + byte der_oid[MAX_CERTPOL_NB][MAX_OID_SZ]; + byte out[MAX_CERTPOL_SZ]; + word32 oidSz; + word32 outSz; + word32 i = 0; + word32 der_oidSz[MAX_CERTPOL_NB]; + int ret; + + const byte certpol_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x20, 0x04 }; + const byte oid_oid[] = { 0x06 }; + + if (output == NULL || input == NULL || nb_certpol > MAX_CERTPOL_NB) + return BAD_FUNC_ARG; + + for (i = 0; i < nb_certpol; i++) { + oidSz = sizeof(oid); + XMEMSET(oid, 0, oidSz); + + ret = EncodePolicyOID(oid, &oidSz, input[i], heap); + if (ret != 0) + return ret; + + /* compute sequence value for the oid */ + ret = SetOidValue(der_oid[i], MAX_OID_SZ, oid_oid, + sizeof(oid_oid), oid, oidSz); + if (ret <= 0) + return ret; + else + der_oidSz[i] = (word32)ret; + } + + /* concatenate oid, keep two byte for sequence/size of the created value */ + for (i = 0, outSz = 2; i < nb_certpol; i++) { + XMEMCPY(out+outSz, der_oid[i], der_oidSz[i]); + outSz += der_oidSz[i]; + } + + /* add sequence */ + ret = (int)SetSequence(outSz-2, out); + if (ret <= 0) + return ret; + + /* add Policy OID to compute final value */ + return SetOidValue(output, outputSz, certpol_oid, sizeof(certpol_oid), + out, outSz); +} + +#endif +#ifdef WOLFSSL_ALT_NAMES +/* encode Alternative Names, return total bytes written */ +static int SetAltNames(byte *output, word32 outSz, + const byte *input, word32 length, int critical) +{ + byte san_len[1 + MAX_LENGTH_SZ]; + const byte san_oid[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; + const byte san_crit[] = { 0x01, 0x01, 0xff }; + word32 seqSz, san_lenSz, idx = 0; + + if (output == NULL || input == NULL) + return BAD_FUNC_ARG; + + if (outSz < length) + return BUFFER_E; + + /* Octet String header */ + san_lenSz = SetOctetString(length, san_len); + + seqSz = length + (word32)sizeof(san_oid) + san_lenSz; + if (critical) + seqSz += sizeof(san_crit); + /* Tag plus encoded length. */ + if (outSz < 1 + ASN_LEN_ENC_LEN(seqSz)) + return BUFFER_E; + idx = SetSequence(seqSz, output); + + if (idx + seqSz > outSz) + return BUFFER_E; + + /* put oid */ + XMEMCPY(output+idx, san_oid, sizeof(san_oid)); + idx += sizeof(san_oid); + + if (critical) { + XMEMCPY(output+idx, san_crit, sizeof(san_crit)); + idx += sizeof(san_crit); + } + + /* put octet header */ + XMEMCPY(output+idx, san_len, san_lenSz); + idx += san_lenSz; + + /* put value */ + XMEMCPY(output+idx, input, length); + idx += length; + + return (int)idx; +} + +#endif +#endif +#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +static int EncodeName(EncodedName* name, const char* nameStr, + byte nameTag, byte type, byte emailTag, CertName* cname) +{ + word32 idx = 0; + /* bottom up */ + byte firstLen[1 + MAX_LENGTH_SZ]; + byte secondLen[MAX_LENGTH_SZ]; + byte sequence[MAX_SEQ_SZ]; + byte set[MAX_SET_SZ]; + + word32 strLen; + word32 thisLen; + word32 firstSz, secondSz, seqSz, setSz; + + if (nameStr == NULL) { + name->used = 0; + return 0; + } + + thisLen = strLen = (word32)XSTRLEN(nameStr); +#ifdef WOLFSSL_CUSTOM_OID + if (type == ASN_CUSTOM_NAME) { + if (cname == NULL || cname->custom.oidSz == 0) { + name->used = 0; + return 0; + } + thisLen = strLen = (word32)cname->custom.valSz; + } +#else + (void)cname; +#endif + + if (strLen == 0) { /* no user data for this item */ + name->used = 0; + return 0; + } + + /* Restrict country code size */ + if (type == ASN_COUNTRY_NAME && strLen != CTC_COUNTRY_SIZE) { + WOLFSSL_MSG("Country code size error"); + WOLFSSL_ERROR_VERBOSE(ASN_COUNTRY_SIZE_E); + return ASN_COUNTRY_SIZE_E; + } + + secondSz = SetLength(strLen, secondLen); + thisLen += secondSz; + switch (type) { + case ASN_EMAIL_NAME: /* email */ + thisLen += (int)sizeof(attrEmailOid); + firstSz = (int)sizeof(attrEmailOid); + break; + case ASN_DOMAIN_COMPONENT: + thisLen += (int)sizeof(dcOid); + firstSz = (int)sizeof(dcOid); + break; + case ASN_USER_ID: + thisLen += (int)sizeof(uidOid); + firstSz = (int)sizeof(uidOid); + break; + case ASN_RFC822_MAILBOX: + thisLen += (int)sizeof(rfc822Mlbx); + firstSz = (int)sizeof(rfc822Mlbx); + break; + case ASN_FAVOURITE_DRINK: + thisLen += (int)sizeof(fvrtDrk); + firstSz = (int)sizeof(fvrtDrk); + break; + #ifdef WOLFSSL_CUSTOM_OID + case ASN_CUSTOM_NAME: + thisLen += cname->custom.oidSz; + firstSz = cname->custom.oidSz; + break; + #endif + #ifdef WOLFSSL_CERT_REQ + case ASN_CONTENT_TYPE: + thisLen += (int)sizeof(attrPkcs9ContentTypeOid); + firstSz = (int)sizeof(attrPkcs9ContentTypeOid); + break; + #endif + default: + thisLen += DN_OID_SZ; + firstSz = DN_OID_SZ; + } + thisLen++; /* id type */ + firstSz = (word32)SetObjectId((int)firstSz, firstLen); + thisLen += firstSz; + + seqSz = SetSequence(thisLen, sequence); + thisLen += seqSz; + setSz = SetSet(thisLen, set); + thisLen += setSz; + + if (thisLen > (int)sizeof(name->encoded)) { + return BUFFER_E; + } + + /* store it */ + idx = 0; + /* set */ + XMEMCPY(name->encoded, set, setSz); + idx += setSz; + /* seq */ + XMEMCPY(name->encoded + idx, sequence, seqSz); + idx += seqSz; + /* asn object id */ + XMEMCPY(name->encoded + idx, firstLen, firstSz); + idx += firstSz; + switch (type) { + case ASN_EMAIL_NAME: + /* email joint id */ + XMEMCPY(name->encoded + idx, attrEmailOid, sizeof(attrEmailOid)); + idx += (int)sizeof(attrEmailOid); + name->encoded[idx++] = emailTag; + break; + case ASN_DOMAIN_COMPONENT: + XMEMCPY(name->encoded + idx, dcOid, sizeof(dcOid)-1); + idx += (int)sizeof(dcOid)-1; + /* id type */ + name->encoded[idx++] = type; + /* str type */ + name->encoded[idx++] = nameTag; + break; + case ASN_USER_ID: + XMEMCPY(name->encoded + idx, uidOid, sizeof(uidOid)); + idx += (int)sizeof(uidOid); + /* str type */ + name->encoded[idx++] = nameTag; + break; + case ASN_RFC822_MAILBOX: + XMEMCPY(name->encoded + idx, rfc822Mlbx, sizeof(rfc822Mlbx)); + idx += (int)sizeof(rfc822Mlbx); + /* str type */ + name->encoded[idx++] = nameTag; + break; + case ASN_FAVOURITE_DRINK: + XMEMCPY(name->encoded + idx, fvrtDrk, sizeof(fvrtDrk)); + idx += (int)sizeof(fvrtDrk); + /* str type */ + name->encoded[idx++] = nameTag; + break; + #ifdef WOLFSSL_CUSTOM_OID + case ASN_CUSTOM_NAME: + XMEMCPY(name->encoded + idx, cname->custom.oid, + cname->custom.oidSz); + idx += cname->custom.oidSz; + /* str type */ + name->encoded[idx++] = nameTag; + break; + #endif + #ifdef WOLFSSL_CERT_REQ + case ASN_CONTENT_TYPE: + XMEMCPY(name->encoded + idx, attrPkcs9ContentTypeOid, + sizeof(attrPkcs9ContentTypeOid)); + idx += (int)sizeof(attrPkcs9ContentTypeOid); + /* str type */ + name->encoded[idx++] = nameTag; + break; + #endif + default: + name->encoded[idx++] = 0x55; + name->encoded[idx++] = 0x04; + /* id type */ + name->encoded[idx++] = type; + /* str type */ + name->encoded[idx++] = nameTag; + } + /* second length */ + XMEMCPY(name->encoded + idx, secondLen, secondSz); + idx += secondSz; + /* str value */ + XMEMCPY(name->encoded + idx, nameStr, strLen); + idx += strLen; + + name->type = type; + name->totalLen = (int)idx; + name->used = 1; + + return (int)idx; +} + +#endif +#ifdef WOLFSSL_CERT_GEN +int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) +{ + int ret; + int i; + word32 idx, totalBytes = 0; + WC_DECLARE_VAR(names, EncodedName, NAME_ENTRIES, 0); +#ifdef WOLFSSL_MULTI_ATTRIB + EncodedName addNames[CTC_MAX_ATTRIB]; + int j, type; +#endif + + if (output == NULL || name == NULL) + return BAD_FUNC_ARG; + + if (outputSz < 3) + return BUFFER_E; + + WC_ALLOC_VAR_EX(names, EncodedName, NAME_ENTRIES, NULL, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + + for (i = 0; i < NAME_ENTRIES; i++) { + const char* nameStr = GetOneCertName(name, i); + + ret = EncodeName(&names[i], nameStr, (byte)GetNameType(name, i), + GetCertNameId(i), ASN_IA5_STRING, name); + if (ret < 0) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("EncodeName failed"); + return BUFFER_E; + } + totalBytes += (word32)ret; + } +#ifdef WOLFSSL_MULTI_ATTRIB + for (i = 0; i < CTC_MAX_ATTRIB; i++) { + if (name->name[i].sz > 0) { + ret = EncodeName(&addNames[i], name->name[i].value, + (byte)name->name[i].type, (byte)name->name[i].id, + ASN_IA5_STRING, NULL); + if (ret < 0) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("EncodeName on multiple attributes failed"); + return BUFFER_E; + } + totalBytes += (word32)ret; + } + else { + addNames[i].used = 0; + } + } +#endif /* WOLFSSL_MULTI_ATTRIB */ + + /* header */ + idx = SetSequence(totalBytes, output); + totalBytes += idx; + if (totalBytes > WC_ASN_NAME_MAX) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Total Bytes is greater than WC_ASN_NAME_MAX"); + return BUFFER_E; + } + + for (i = 0; i < NAME_ENTRIES; i++) { + #ifdef WOLFSSL_MULTI_ATTRIB + type = GetCertNameId(i); + for (j = 0; j < CTC_MAX_ATTRIB; j++) { + if (name->name[j].sz > 0 && type == name->name[j].id) { + if (outputSz < idx + (word32)addNames[j].totalLen) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_MSG("Not enough space left for DC value"); + return BUFFER_E; + } + + XMEMCPY(output + idx, addNames[j].encoded, + (size_t)addNames[j].totalLen); + idx += (word32)addNames[j].totalLen; + } + } + #endif /* WOLFSSL_MULTI_ATTRIB */ + + if (names[i].used) { + if (outputSz < idx + (word32)names[i].totalLen) { + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return BUFFER_E; + } + + XMEMCPY(output + idx, names[i].encoded, (size_t)names[i].totalLen); + idx += (word32)names[i].totalLen; + } + } + + WC_FREE_VAR_EX(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); + (void)heap; + + return (int)totalBytes; +} + +/* Set Date validity from now until now + daysValid + * return size in bytes written to output, 0 on error */ +/* TODO https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5 + * "MUST always encode certificate validity dates through the year 2049 as + * UTCTime; certificate validity dates in 2050 or later MUST be encoded as + * GeneralizedTime." */ +static int SetValidity(byte* output, int daysValid) +{ +#ifndef NO_ASN_TIME + byte before[MAX_DATE_SIZE]; + byte after[MAX_DATE_SIZE]; + + word32 beforeSz, afterSz, seqSz; + + time_t now; + time_t then; + struct tm* tmpTime; + struct tm* expandedTime; + struct tm localTime; + +#if defined(NEED_TMP_TIME) + /* for use with gmtime_r */ + struct tm tmpTimeStorage; + tmpTime = &tmpTimeStorage; +#else + tmpTime = NULL; +#endif + (void)tmpTime; + + now = wc_Time(0); + + /* before now */ + before[0] = ASN_GENERALIZED_TIME; + beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ + + /* subtract 1 day of seconds for more compliance */ + then = now - 86400; + expandedTime = XGMTIME(&then, tmpTime); + if (ValidateGmtime(expandedTime)) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; /* error */ + } + localTime = *expandedTime; + + /* adjust */ + localTime.tm_year += 1900; + localTime.tm_mon += 1; + + SetTime(&localTime, before + beforeSz); + beforeSz += ASN_GEN_TIME_SZ; + + after[0] = ASN_GENERALIZED_TIME; + afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ + + /* add daysValid of seconds */ + then = now + (daysValid * (time_t)86400); + expandedTime = XGMTIME(&then, tmpTime); + if (ValidateGmtime(expandedTime)) { + WOLFSSL_MSG("XGMTIME failed"); + return 0; /* error */ + } + localTime = *expandedTime; + + /* adjust */ + localTime.tm_year += 1900; + localTime.tm_mon += 1; + + SetTime(&localTime, after + afterSz); + afterSz += ASN_GEN_TIME_SZ; + + /* headers and output */ + seqSz = SetSequence(beforeSz + afterSz, output); + XMEMCPY(output + seqSz, before, beforeSz); + XMEMCPY(output + seqSz + beforeSz, after, afterSz); + + return (int)(seqSz + beforeSz + afterSz); +#else + (void)output; + (void)daysValid; + return NOT_COMPILED_IN; +#endif +} + +/* encode info from cert into DER encoded format */ +static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, + WC_RNG* rng, DsaKey* dsaKey, ed25519_key* ed25519Key, + ed448_key* ed448Key, falcon_key* falconKey, + dilithium_key* dilithiumKey, sphincs_key* sphincsKey) +{ + int ret; + + if (cert == NULL || der == NULL || rng == NULL) + return BAD_FUNC_ARG; + + /* make sure at least one key type is provided */ + if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && + dsaKey == NULL && ed448Key == NULL && falconKey == NULL && + dilithiumKey == NULL && sphincsKey == NULL) { + return PUBLIC_KEY_E; + } + + /* init */ + XMEMSET(der, 0, sizeof(DerCert)); + + /* version */ + der->versionSz = SetMyVersion((word32)cert->version, der->version, TRUE); + + /* serial number (must be positive) */ + if (cert->serialSz == 0) { + /* generate random serial */ + cert->serialSz = CTC_GEN_SERIAL_SZ; + ret = wc_RNG_GenerateBlock(rng, cert->serial, (word32)cert->serialSz); + if (ret != 0) + return ret; + /* Clear the top bit to avoid a negative value */ + cert->serial[0] &= 0x7f; + } + der->serialSz = SetSerialNumber(cert->serial, (word32)cert->serialSz, + der->serial, sizeof(der->serial), + CTC_SERIAL_SIZE); + if (der->serialSz < 0) + return der->serialSz; + + /* signature algo */ + der->sigAlgoSz = (int)SetAlgoID(cert->sigType, der->sigAlgo, oidSigType, 0); + if (der->sigAlgoSz <= 0) + return ALGO_ID_E; + + /* public key */ +#ifndef NO_RSA + if (cert->keyType == RSA_KEY) { + if (rsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, + sizeof(der->publicKey), 1); + } +#endif + +#ifdef HAVE_ECC + if (cert->keyType == ECC_KEY) { + if (eccKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, + sizeof(der->publicKey), 1, 0); + } +#endif + +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) + if (cert->keyType == DSA_KEY) { + if (dsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, + sizeof(der->publicKey), 1); + } +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + if (cert->keyType == ED25519_KEY) { + if (ed25519Key == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + if (cert->keyType == ED448_KEY) { + if (ed448Key == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif + +#if defined(HAVE_FALCON) + if ((cert->keyType == FALCON_LEVEL1_KEY) || + (cert->keyType == FALCON_LEVEL5_KEY)) { + if (falconKey == NULL) + return PUBLIC_KEY_E; + + der->publicKeySz = + wc_Falcon_PublicKeyToDer(falconKey, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif /* HAVE_FALCON */ +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { + if (dilithiumKey == NULL) + return PUBLIC_KEY_E; + + der->publicKeySz = + wc_Dilithium_PublicKeyToDer(dilithiumKey, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif /* HAVE_DILITHIUM */ +#if defined(HAVE_SPHINCS) + if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) || + (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) || + (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) { + if (sphincsKey == NULL) + return PUBLIC_KEY_E; + + der->publicKeySz = + wc_Sphincs_PublicKeyToDer(sphincsKey, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif /* HAVE_SPHINCS */ + + if (der->publicKeySz <= 0) + return PUBLIC_KEY_E; + + der->validitySz = 0; + /* copy date validity if already set in cert struct */ + if (cert->beforeDateSz && cert->afterDateSz) { + der->validitySz = CopyValidity(der->validity, cert); + if (der->validitySz <= 0) + return DATE_E; + } + + /* set date validity using daysValid if not set already */ + if (der->validitySz == 0) { + der->validitySz = SetValidity(der->validity, cert->daysValid); + if (der->validitySz <= 0) + return DATE_E; + } + + /* subject name */ +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) + if (XSTRLEN((const char*)cert->sbjRaw) > 0) { + /* Use the raw subject */ + word32 idx; + + der->subjectSz = (int)min((word32)sizeof(der->subject), + (word32)XSTRLEN((const char*)cert->sbjRaw)); + /* header */ + idx = SetSequence((word32)der->subjectSz, der->subject); + if ((word32)der->subjectSz + idx > (word32)sizeof(der->subject)) { + return SUBJECT_E; + } + + XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, + (size_t)der->subjectSz); + der->subjectSz += (int)idx; + } + else +#endif + { + /* Use the name structure */ + der->subjectSz = SetNameEx(der->subject, sizeof(der->subject), + &cert->subject, cert->heap); + } + if (der->subjectSz <= 0) + return SUBJECT_E; + + /* issuer name */ +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) + if (XSTRLEN((const char*)cert->issRaw) > 0) { + /* Use the raw issuer */ + word32 idx; + + der->issuerSz = (int)min((word32)sizeof(der->issuer), + (word32)XSTRLEN((const char*)cert->issRaw)); + + /* header */ + idx = SetSequence((word32)der->issuerSz, der->issuer); + if ((word32)der->issuerSz + idx > (word32)sizeof(der->issuer)) { + return ISSUER_E; + } + + XMEMCPY((char*)der->issuer + idx, (const char*)cert->issRaw, + (size_t)der->issuerSz); + der->issuerSz += (int)idx; + } + else +#endif + { + /* Use the name structure */ + der->issuerSz = SetNameEx(der->issuer, sizeof(der->issuer), + cert->selfSigned ? &cert->subject : &cert->issuer, cert->heap); + } + if (der->issuerSz <= 0) + return ISSUER_E; + + /* set the extensions */ + der->extensionsSz = 0; + + /* RFC 5280 : 4.2.1.9. Basic Constraints + * The pathLenConstraint field is meaningful only if the CA boolean is + * asserted and the key usage extension, if present, asserts the + * keyCertSign bit */ + /* Set CA and path length */ + if ((cert->isCA) && (cert->pathLenSet) +#ifdef WOLFSSL_CERT_EXT + && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage)) +#endif + ) { + der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen); + if (der->caSz <= 0) + return CA_TRUE_E; + + der->extensionsSz += der->caSz; + } +#ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE + /* Set CA */ + else if (cert->isCaSet) { + der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA); + if (der->caSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->caSz; + } +#endif + /* Set CA true */ + else if (cert->isCA) { + der->caSz = SetCa(der->ca, sizeof(der->ca)); + if (der->caSz <= 0) + return CA_TRUE_E; + + der->extensionsSz += der->caSz; + } + /* Set Basic Constraint */ + else if (cert->basicConstSet) { + der->caSz = SetBC(der->ca, sizeof(der->ca)); + if (der->caSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->caSz; + } + else + der->caSz = 0; + +#ifdef WOLFSSL_ALT_NAMES + /* Alternative Name */ + if (cert->altNamesSz) { + der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), + cert->altNames, (word32)cert->altNamesSz, + cert->altNamesCrit); + if (der->altNamesSz <= 0) + return ALT_NAME_E; + + der->extensionsSz += der->altNamesSz; + } + else + der->altNamesSz = 0; +#endif + +#ifdef WOLFSSL_CERT_EXT + /* SKID */ + if (cert->skidSz) { + /* check the provided SKID size */ + if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid))) + return SKID_E; + + /* Note: different skid buffers sizes for der (MAX_KID_SZ) and + cert (CTC_MAX_SKID_SIZE). */ + der->skidSz = SetSKID(der->skid, sizeof(der->skid), + cert->skid, (word32)cert->skidSz); + if (der->skidSz <= 0) + return SKID_E; + + der->extensionsSz += der->skidSz; + } + else + der->skidSz = 0; + + /* AKID */ + if (cert->akidSz) { + /* check the provided AKID size */ + if (( +#ifdef WOLFSSL_AKID_NAME + !cert->rawAkid && +#endif + cert->akidSz > (int)min(CTC_MAX_AKID_SIZE, sizeof(der->akid))) +#ifdef WOLFSSL_AKID_NAME + || (cert->rawAkid && cert->akidSz > (int)sizeof(der->akid)) +#endif + ) + return AKID_E; + + der->akidSz = SetAKID(der->akid, sizeof(der->akid), cert->akid, + (word32)cert->akidSz, +#ifdef WOLFSSL_AKID_NAME + cert->rawAkid +#else + 0 +#endif + ); + if (der->akidSz <= 0) + return AKID_E; + + der->extensionsSz += der->akidSz; + } + else + der->akidSz = 0; + + /* Key Usage */ + if (cert->keyUsage != 0){ + der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), + cert->keyUsage); + if (der->keyUsageSz <= 0) + return KEYUSAGE_E; + + der->extensionsSz += der->keyUsageSz; + } + else + der->keyUsageSz = 0; + + /* Extended Key Usage */ + if (cert->extKeyUsage != 0){ + der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage, + sizeof(der->extKeyUsage), cert->extKeyUsage); + if (der->extKeyUsageSz <= 0) + return EXTKEYUSAGE_E; + + der->extensionsSz += der->extKeyUsageSz; + } + else + der->extKeyUsageSz = 0; + +#ifndef IGNORE_NETSCAPE_CERT_TYPE + /* Netscape Certificate Type */ + if (cert->nsCertType != 0) { + der->nsCertTypeSz = SetNsCertType(cert, der->nsCertType, + sizeof(der->nsCertType), cert->nsCertType); + if (der->nsCertTypeSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->nsCertTypeSz; + } + else + der->nsCertTypeSz = 0; +#endif + + if (cert->crlInfoSz > 0) { + der->crlInfoSz = SetCRLInfo(cert, der->crlInfo, sizeof(der->crlInfo), + cert->crlInfo, cert->crlInfoSz); + if (der->crlInfoSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->crlInfoSz; + } + else + der->crlInfoSz = 0; + + /* Certificate Policies */ + if (cert->certPoliciesNb != 0) { + der->certPoliciesSz = SetCertificatePolicies(der->certPolicies, + sizeof(der->certPolicies), + cert->certPolicies, + cert->certPoliciesNb, + cert->heap); + if (der->certPoliciesSz <= 0) + return CERTPOLICIES_E; + + der->extensionsSz += der->certPoliciesSz; + } + else + der->certPoliciesSz = 0; +#endif /* WOLFSSL_CERT_EXT */ + + /* put extensions */ + if (der->extensionsSz > 0) { + + /* put the start of extensions sequence (ID, Size) */ + der->extensionsSz = SetExtensionsHeader(der->extensions, + sizeof(der->extensions), + (word32)der->extensionsSz); + if (der->extensionsSz <= 0) + return EXTENSIONS_E; + + /* put CA */ + if (der->caSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->ca, der->caSz); + if (ret == 0) + return EXTENSIONS_E; + } + +#ifdef WOLFSSL_ALT_NAMES + /* put Alternative Names */ + if (der->altNamesSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->altNames, der->altNamesSz); + if (ret <= 0) + return EXTENSIONS_E; + } +#endif + +#ifdef WOLFSSL_CERT_EXT + /* put SKID */ + if (der->skidSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->skid, der->skidSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put AKID */ + if (der->akidSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->akid, der->akidSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put CRL Distribution Points */ + if (der->crlInfoSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->crlInfo, der->crlInfoSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put KeyUsage */ + if (der->keyUsageSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->keyUsage, der->keyUsageSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put ExtendedKeyUsage */ + if (der->extKeyUsageSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->extKeyUsage, der->extKeyUsageSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put Netscape Cert Type */ +#ifndef IGNORE_NETSCAPE_CERT_TYPE + if (der->nsCertTypeSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->nsCertType, der->nsCertTypeSz); + if (ret <= 0) + return EXTENSIONS_E; + } +#endif + + /* put Certificate Policies */ + if (der->certPoliciesSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->certPolicies, der->certPoliciesSz); + if (ret <= 0) + return EXTENSIONS_E; + } +#endif /* WOLFSSL_CERT_EXT */ + } + + der->total = der->versionSz + der->serialSz + der->sigAlgoSz + + der->publicKeySz + der->validitySz + der->subjectSz + der->issuerSz + + der->extensionsSz; + + return 0; +} + + +/* write DER encoded cert to buffer, size already checked */ +static int WriteCertBody(DerCert* der, byte* buf) +{ + word32 idx; + + /* signed part header */ + idx = SetSequence((word32)der->total, buf); + /* version */ + XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); + idx += (word32)der->versionSz; + /* serial */ + XMEMCPY(buf + idx, der->serial, (size_t)der->serialSz); + idx += (word32)der->serialSz; + /* sig algo */ + XMEMCPY(buf + idx, der->sigAlgo, (size_t)der->sigAlgoSz); + idx += (word32)der->sigAlgoSz; + /* issuer */ + XMEMCPY(buf + idx, der->issuer, (size_t)der->issuerSz); + idx += (word32)der->issuerSz; + /* validity */ + XMEMCPY(buf + idx, der->validity, (size_t)der->validitySz); + idx += (word32)der->validitySz; + /* subject */ + XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); + idx += (word32)der->subjectSz; + /* public key */ + XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); + idx += (word32)der->publicKeySz; + if (der->extensionsSz) { + /* extensions */ + XMEMCPY(buf + idx, der->extensions, + min((word32)der->extensionsSz, + (word32)sizeof(der->extensions))); + idx += (word32)der->extensionsSz; + } + + return (int)idx; +} + +int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, + int sigAlgoType) +{ + byte seq[MAX_SEQ_SZ]; + word32 idx, seqSz; + + if ((bodySz < 0) || (sigSz < 0)) + return BUFFER_E; + + idx = (word32)bodySz; + + /* algo */ + idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0); + /* bit string */ + idx += SetBitString((word32)sigSz, 0, buf ? buf + idx : NULL); + /* signature */ + if (buf) + XMEMCPY(buf + idx, sig, (size_t)sigSz); + idx += (word32)sigSz; + + /* make room for overall header */ + seqSz = SetSequence(idx, seq); + if (buf) { + XMEMMOVE(buf + seqSz, buf, idx); + XMEMCPY(buf, seq, seqSz); + } + + return (int)(idx + seqSz); +} + +static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, + DsaKey* dsaKey, ed25519_key* ed25519Key, + ed448_key* ed448Key, falcon_key* falconKey, + dilithium_key* dilithiumKey, sphincs_key* sphincsKey) +{ + int ret; + WC_DECLARE_VAR(der, DerCert, 1, 0); + + if (derBuffer == NULL) + return BAD_FUNC_ARG; + + if (eccKey) + cert->keyType = ECC_KEY; + else if (rsaKey) + cert->keyType = RSA_KEY; + else if (dsaKey) + cert->keyType = DSA_KEY; + else if (ed25519Key) + cert->keyType = ED25519_KEY; + else if (ed448Key) + cert->keyType = ED448_KEY; +#ifdef HAVE_FALCON + else if ((falconKey != NULL) && (falconKey->level == 1)) + cert->keyType = FALCON_LEVEL1_KEY; + else if ((falconKey != NULL) && (falconKey->level == 5)) + cert->keyType = FALCON_LEVEL5_KEY; +#endif /* HAVE_FALCON */ +#ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } +#endif /* HAVE_DILITHIUM */ +#ifdef HAVE_SPHINCS + else if ((sphincsKey != NULL) && (sphincsKey->level == 1) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL1_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 3) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL3_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 5) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL5_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 1) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL1_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 3) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL3_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 5) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; +#endif /* HAVE_SPHINCS */ + else + return BAD_FUNC_ARG; + + WC_ALLOC_VAR_EX(der, DerCert, 1, cert->heap, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + + ret = EncodeCert(cert, der, rsaKey, eccKey, rng, dsaKey, ed25519Key, + ed448Key, falconKey, dilithiumKey, sphincsKey); + if (ret == 0) { + if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) + ret = BUFFER_E; + else + ret = cert->bodySz = WriteCertBody(der, derBuffer); + } + + WC_FREE_VAR_EX(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#ifdef WOLFSSL_CERT_REQ +/* return size of data set on success + * if getting size only then attr and oid should be NULL + */ +static word32 SetReqAttribSingle(byte* output, word32* idx, char* attr, + word32 attrSz, const byte* oid, word32 oidSz, byte printable, + word32 extSz) +{ + word32 totalSz = 0; + word32 seqSz = 0; + word32 setSz = 0; + word32 strSz = 0; + byte seq[MAX_SEQ_SZ]; + byte set[MAX_SET_SZ]; + byte str[MAX_PRSTR_SZ]; + + totalSz = (word32)SetObjectId((int)oidSz, NULL); + totalSz += oidSz; + if (extSz > 0) { + totalSz += setSz = SetSet(extSz, set); + totalSz += seqSz = SetSequence(totalSz + extSz, seq); + totalSz += extSz; + } + else { + if (printable) { + strSz = SetPrintableString(attrSz, str); + totalSz += strSz; + } + else { + totalSz += strSz = SetUTF8String(attrSz, str); + } + totalSz += setSz = SetSet(strSz + attrSz, set); + totalSz += seqSz = SetSequence(totalSz + attrSz, seq); + totalSz += attrSz; + } + + if (oid) { + XMEMCPY(&output[*idx], seq, seqSz); + *idx += seqSz; + *idx += (word32)SetObjectId((int)oidSz, output + *idx); + XMEMCPY(&output[*idx], oid, oidSz); + *idx += oidSz; + XMEMCPY(&output[*idx], set, setSz); + *idx += setSz; + if (strSz > 0) { + XMEMCPY(&output[*idx], str, strSz); + *idx += strSz; + if (attrSz > 0) { + XMEMCPY(&output[*idx], attr, attrSz); + *idx += attrSz; + } + } + } + return totalSz; +} + + + +static int SetReqAttrib(byte* output, Cert* cert, word32 extSz) +{ + word32 sz = 0; /* overall size */ + word32 setSz = 0; + + output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; + sz++; + + if (cert->challengePw[0]) { + setSz += SetReqAttribSingle(output, &sz, NULL, + (word32)XSTRLEN(cert->challengePw), NULL, + sizeof(attrChallengePasswordOid), + (byte)cert->challengePwPrintableString, 0); + } + + if (cert->unstructuredName[0]) { + setSz += SetReqAttribSingle(output, &sz, NULL, + (word32)XSTRLEN(cert->unstructuredName), NULL, + sizeof(attrUnstructuredNameOid), 1, 0); + } + + if (extSz) { + setSz += SetReqAttribSingle(output, &sz, NULL, 0, NULL, + sizeof(attrExtensionRequestOid), 1, extSz); + } + + /* Put the pieces together. */ + sz += SetLength(setSz, &output[sz]); + if (sz + setSz - extSz > MAX_ATTRIB_SZ) { + WOLFSSL_MSG("Attribute Buffer is not big enough!"); + return REQ_ATTRIBUTE_E; + } + + if (cert->challengePw[0]) { + SetReqAttribSingle(output, &sz, cert->challengePw, + (word32)XSTRLEN(cert->challengePw), + &attrChallengePasswordOid[0], + sizeof(attrChallengePasswordOid), + (byte)cert->challengePwPrintableString, 0); + } + + if (cert->unstructuredName[0]) { + SetReqAttribSingle(output, &sz, cert->unstructuredName, + (word32)XSTRLEN(cert->unstructuredName), + &attrUnstructuredNameOid[0], + sizeof(attrUnstructuredNameOid), 1, 0); + } + + if (extSz) { + SetReqAttribSingle(output, &sz, NULL, 0, &attrExtensionRequestOid[0], + sizeof(attrExtensionRequestOid), 1, extSz); + /* The actual extension data will be tacked onto the output later. */ + } + + return (int)sz; +} + +#ifdef WOLFSSL_CUSTOM_OID +/* encode a custom oid and value */ +static int SetCustomObjectId(Cert* cert, byte* output, word32 outSz, + CertOidField* custom) +{ + int idx = 0, cust_lenSz, cust_oidSz; + + if (cert == NULL || output == NULL || custom == NULL) { + return BAD_FUNC_ARG; + } + if (custom->oid == NULL || custom->oidSz <= 0) { + return 0; /* none set */ + } + + /* Octet String header */ + cust_lenSz = SetOctetString(custom->valSz, NULL); + cust_oidSz = SetObjectId(custom->oidSz, NULL); + + /* check for output buffer room */ + if ((word32)(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz) > + outSz) { + return BUFFER_E; + } + + /* put sequence with total */ + idx = SetSequence(custom->valSz + custom->oidSz + cust_lenSz + cust_oidSz, + output); + + /* put oid header */ + idx += SetObjectId(custom->oidSz, output+idx); + XMEMCPY(output+idx, custom->oid, custom->oidSz); + idx += custom->oidSz; + + /* put value */ + idx += SetOctetString(custom->valSz, output+idx); + XMEMCPY(output+idx, custom->val, custom->valSz); + idx += custom->valSz; + + return idx; +} +#endif /* WOLFSSL_CUSTOM_OID */ + + +/* encode info from cert into DER encoded format */ +static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, + DsaKey* dsaKey, ecc_key* eccKey, + ed25519_key* ed25519Key, ed448_key* ed448Key, + falcon_key* falconKey, dilithium_key* dilithiumKey, + sphincs_key* sphincsKey) +{ + int ret; + + (void)eccKey; + (void)ed25519Key; + (void)ed448Key; + (void)falconKey; + (void)dilithiumKey; + (void)sphincsKey; + + if (cert == NULL || der == NULL) + return BAD_FUNC_ARG; + + if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && + dsaKey == NULL && ed448Key == NULL && falconKey == NULL && + dilithiumKey == NULL && sphincsKey == NULL) { + return PUBLIC_KEY_E; + } + + /* init */ + XMEMSET(der, 0, sizeof(DerCert)); + + /* version */ + der->versionSz = SetMyVersion((word32)cert->version, der->version, FALSE); + + /* subject name */ +#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) + if (XSTRLEN((const char*)cert->sbjRaw) > 0) { + /* Use the raw subject */ + int idx; + + der->subjectSz = (int)min(sizeof(der->subject), + (word32)XSTRLEN((const char*)cert->sbjRaw)); + /* header */ + idx = (int)SetSequence((word32)der->subjectSz, der->subject); + if (der->subjectSz + idx > (int)sizeof(der->subject)) { + return SUBJECT_E; + } + + XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, + (size_t)der->subjectSz); + der->subjectSz += idx; + } + else +#endif + { + der->subjectSz = SetNameEx(der->subject, sizeof(der->subject), + &cert->subject, cert->heap); + } + if (der->subjectSz <= 0) + return SUBJECT_E; + + /* public key */ +#ifndef NO_RSA + if (cert->keyType == RSA_KEY) { + if (rsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = SetRsaPublicKey(der->publicKey, rsaKey, + sizeof(der->publicKey), 1); + } +#endif + +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) + if (cert->keyType == DSA_KEY) { + if (dsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, + sizeof(der->publicKey), 1); + } +#endif + +#ifdef HAVE_ECC + if (cert->keyType == ECC_KEY) { + if (eccKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, + sizeof(der->publicKey), 1, 0); + } +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + if (cert->keyType == ED25519_KEY) { + if (ed25519Key == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Ed25519PublicKeyToDer(ed25519Key, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + if (cert->keyType == ED448_KEY) { + if (ed448Key == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Ed448PublicKeyToDer(ed448Key, der->publicKey, + (word32)sizeof(der->publicKey), 1); + } +#endif +#if defined(HAVE_FALCON) + if ((cert->keyType == FALCON_LEVEL1_KEY) || + (cert->keyType == FALCON_LEVEL5_KEY)) { + if (falconKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Falcon_PublicKeyToDer(falconKey, + der->publicKey, (word32)sizeof(der->publicKey), 1); + } +#endif +#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { + if (dilithiumKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey, + der->publicKey, (word32)sizeof(der->publicKey), 1); + } +#endif +#if defined(HAVE_SPHINCS) + if ((cert->keyType == SPHINCS_FAST_LEVEL1_KEY) || + (cert->keyType == SPHINCS_FAST_LEVEL3_KEY) || + (cert->keyType == SPHINCS_FAST_LEVEL5_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL1_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL3_KEY) || + (cert->keyType == SPHINCS_SMALL_LEVEL5_KEY)) { + if (sphincsKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_Sphincs_PublicKeyToDer(sphincsKey, + der->publicKey, (word32)sizeof(der->publicKey), 1); + } +#endif + + if (der->publicKeySz <= 0) + return PUBLIC_KEY_E; + + /* set the extensions */ + der->extensionsSz = 0; + + /* RFC 5280 : 4.2.1.9. Basic Constraints + * The pathLenConstraint field is meaningful only if the CA boolean is + * asserted and the key usage extension, if present, asserts the + * keyCertSign bit */ + /* Set CA and path length */ + if ((cert->isCA) && (cert->pathLenSet) +#ifdef WOLFSSL_CERT_EXT + && ((cert->keyUsage & KEYUSE_KEY_CERT_SIGN) || (!cert->keyUsage)) +#endif + ) { + der->caSz = SetCaWithPathLen(der->ca, sizeof(der->ca), cert->pathLen); + if (der->caSz <= 0) + return CA_TRUE_E; + + der->extensionsSz += der->caSz; + } +#ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE + /* Set CA */ + else if (cert->isCaSet) { + der->caSz = SetCaEx(der->ca, sizeof(der->ca), cert->isCA); + if (der->caSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->caSz; + } +#endif + /* Set CA true */ + else if (cert->isCA) { + der->caSz = SetCa(der->ca, sizeof(der->ca)); + if (der->caSz <= 0) + return CA_TRUE_E; + + der->extensionsSz += der->caSz; + } + /* Set Basic Constraint */ + else if (cert->basicConstSet) { + der->caSz = SetBC(der->ca, sizeof(der->ca)); + if (der->caSz <= 0) + return EXTENSIONS_E; + + der->extensionsSz += der->caSz; + } + else + der->caSz = 0; + +#ifdef WOLFSSL_ALT_NAMES + /* Alternative Name */ + if (cert->altNamesSz) { + der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), + cert->altNames, (word32)cert->altNamesSz, + cert->altNamesCrit); + if (der->altNamesSz <= 0) + return ALT_NAME_E; + + der->extensionsSz += der->altNamesSz; + } + else + der->altNamesSz = 0; +#endif + +#ifdef WOLFSSL_CERT_EXT + /* SKID */ + if (cert->skidSz) { + /* check the provided SKID size */ + if (cert->skidSz > (int)min(CTC_MAX_SKID_SIZE, sizeof(der->skid))) + return SKID_E; + + der->skidSz = SetSKID(der->skid, sizeof(der->skid), + cert->skid, (word32)cert->skidSz); + if (der->skidSz <= 0) + return SKID_E; + + der->extensionsSz += der->skidSz; + } + else + der->skidSz = 0; + + /* Key Usage */ + if (cert->keyUsage != 0) { + der->keyUsageSz = SetKeyUsage(der->keyUsage, sizeof(der->keyUsage), + cert->keyUsage); + if (der->keyUsageSz <= 0) + return KEYUSAGE_E; + + der->extensionsSz += der->keyUsageSz; + } + else + der->keyUsageSz = 0; + + /* Extended Key Usage */ + if (cert->extKeyUsage != 0) { + der->extKeyUsageSz = SetExtKeyUsage(cert, der->extKeyUsage, + sizeof(der->extKeyUsage), cert->extKeyUsage); + if (der->extKeyUsageSz <= 0) + return EXTKEYUSAGE_E; + + der->extensionsSz += der->extKeyUsageSz; + } + else + der->extKeyUsageSz = 0; + +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_CUSTOM_OID + /* encode a custom oid and value */ + /* zero returns, means none set */ + ret = SetCustomObjectId(cert, der->extCustom, + sizeof(der->extCustom), &cert->extCustom); + if (ret < 0) + return ret; + der->extCustomSz = ret; + der->extensionsSz += der->extCustomSz; +#endif + + /* put extensions */ + if (der->extensionsSz > 0) { + /* put the start of sequence (ID, Size) */ + der->extensionsSz = (int)SetSequence((word32)der->extensionsSz, + der->extensions); + if (der->extensionsSz <= 0) + return EXTENSIONS_E; + + /* put CA */ + if (der->caSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->ca, der->caSz); + if (ret <= 0) + return EXTENSIONS_E; + } + +#ifdef WOLFSSL_ALT_NAMES + /* put Alternative Names */ + if (der->altNamesSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->altNames, der->altNamesSz); + if (ret <= 0) + return EXTENSIONS_E; + } +#endif + +#ifdef WOLFSSL_CERT_EXT + /* put SKID */ + if (der->skidSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->skid, der->skidSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put AKID */ + if (der->akidSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->akid, der->akidSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put KeyUsage */ + if (der->keyUsageSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->keyUsage, der->keyUsageSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + /* put ExtendedKeyUsage */ + if (der->extKeyUsageSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->extKeyUsage, der->extKeyUsageSz); + if (ret <= 0) + return EXTENSIONS_E; + } + + #ifdef WOLFSSL_CUSTOM_OID + if (der->extCustomSz) { + ret = SetExtensions(der->extensions, sizeof(der->extensions), + &der->extensionsSz, + der->extCustom, der->extCustomSz); + if (ret <= 0) + return EXTENSIONS_E; + } + #endif +#endif /* WOLFSSL_CERT_EXT */ + } + + der->attribSz = SetReqAttrib(der->attrib, cert, (word32)der->extensionsSz); + if (der->attribSz <= 0) + return REQ_ATTRIBUTE_E; + + der->total = der->versionSz + der->subjectSz + der->publicKeySz + + der->extensionsSz + der->attribSz; + + return 0; +} + + +/* write DER encoded cert req to buffer, size already checked */ +static int WriteCertReqBody(DerCert* der, byte* buf) +{ + int idx; + + /* signed part header */ + idx = (int)SetSequence((word32)der->total, buf); + /* version */ + if (buf) + XMEMCPY(buf + idx, der->version, (size_t)der->versionSz); + idx += der->versionSz; + /* subject */ + if (buf) + XMEMCPY(buf + idx, der->subject, (size_t)der->subjectSz); + idx += der->subjectSz; + /* public key */ + if (buf) + XMEMCPY(buf + idx, der->publicKey, (size_t)der->publicKeySz); + idx += der->publicKeySz; + /* attributes */ + if (buf) + XMEMCPY(buf + idx, der->attrib, (size_t)der->attribSz); + idx += der->attribSz; + /* extensions */ + if (der->extensionsSz) { + if (buf) + XMEMCPY(buf + idx, der->extensions, min((word32)der->extensionsSz, + sizeof(der->extensions))); + idx += der->extensionsSz; + } + + return idx; +} + +static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, + RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, + ed25519_key* ed25519Key, ed448_key* ed448Key, + falcon_key* falconKey, dilithium_key* dilithiumKey, + sphincs_key* sphincsKey) +{ + int ret; + WC_DECLARE_VAR(der, DerCert, 1, 0); + + if (eccKey) + cert->keyType = ECC_KEY; + else if (rsaKey) + cert->keyType = RSA_KEY; + else if (dsaKey) + cert->keyType = DSA_KEY; + else if (ed25519Key) + cert->keyType = ED25519_KEY; + else if (ed448Key) + cert->keyType = ED448_KEY; +#ifdef HAVE_FALCON + else if ((falconKey != NULL) && (falconKey->level == 1)) + cert->keyType = FALCON_LEVEL1_KEY; + else if ((falconKey != NULL) && (falconKey->level == 5)) + cert->keyType = FALCON_LEVEL5_KEY; +#endif /* HAVE_FALCON */ +#ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { + cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } +#endif /* HAVE_DILITHIUM */ +#ifdef HAVE_SPHINCS + else if ((sphincsKey != NULL) && (sphincsKey->level == 1) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL1_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 3) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL3_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 5) + && (sphincsKey->optim == FAST_VARIANT)) + cert->keyType = SPHINCS_FAST_LEVEL5_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 1) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL1_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 3) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL3_KEY; + else if ((sphincsKey != NULL) && (sphincsKey->level == 5) + && (sphincsKey->optim == SMALL_VARIANT)) + cert->keyType = SPHINCS_SMALL_LEVEL5_KEY; +#endif /* HAVE_SPHINCS */ + else + return BAD_FUNC_ARG; + + WC_ALLOC_VAR_EX(der, DerCert, 1, cert->heap, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + + ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key, + falconKey, dilithiumKey, sphincsKey); + + if (ret == 0) { + if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) + ret = BUFFER_E; + else + ret = cert->bodySz = WriteCertReqBody(der, derBuffer); + } + + WC_FREE_VAR_EX(der, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif +#endif +#endif +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g) +{ + word32 idx = 0; + word32 total; + + WOLFSSL_ENTER("StoreDHparams"); + + if (out == NULL) { + WOLFSSL_MSG("Null buffer error"); + return BUFFER_E; + } + + /* determine size */ + /* integer - g */ + idx = SetASNIntMP(g, -1, NULL); + /* integer - p */ + idx += SetASNIntMP(p, -1, NULL); + total = idx; + /* sequence */ + idx += SetSequence(idx, NULL); + + /* make sure output fits in buffer */ + if (idx > *outLen) { + return BUFFER_E; + } + + /* write DH parameters */ + /* sequence - for P and G only */ + idx = SetSequence(total, out); + /* integer - p */ + idx += SetASNIntMP(p, -1, out + idx); + /* integer - g */ + idx += SetASNIntMP(g, -1, out + idx); + *outLen = idx; + + return 0; +} + +#endif +#if defined(HAVE_ECC) || !defined(NO_DSA) +int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) +{ + word32 idx = 0; + int rSz; /* encoding size */ + int sSz; + int headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ + + /* If the leading bit on the INTEGER is a 1, add a leading zero */ + int rLeadingZero = mp_leading_bit(r); + int sLeadingZero = mp_leading_bit(s); + int rLen = mp_unsigned_bin_size(r); /* big int size */ + int sLen = mp_unsigned_bin_size(s); + + if (*outLen < (word32)((rLen + rLeadingZero + sLen + sLeadingZero + + headerSz + 2))) /* SEQ_TAG + LEN(ENUM) */ + return BUFFER_E; + + idx = SetSequence((word32)(rLen + rLeadingZero + sLen + sLeadingZero + + headerSz), out); + + /* store r */ + rSz = SetASNIntMP(r, (int)(*outLen - idx), &out[idx]); + if (rSz < 0) + return rSz; + idx += (word32)rSz; + + /* store s */ + sSz = SetASNIntMP(s, (int)(*outLen - idx), &out[idx]); + if (sSz < 0) + return sSz; + idx += (word32)sSz; + + *outLen = idx; + + return 0; +} + +/* determine if leading bit is set */ +static word32 is_leading_bit_set(const byte* input, word32 sz) +{ + byte c = 0; + if (sz > 0) + c = input[0]; + return (c & 0x80) != 0; +} +static word32 trim_leading_zeros(const byte** input, word32 sz) +{ + int i; + word32 leadingZeroCount = 0; + const byte* tmp = *input; + for (i=0; i<(int)sz; i++) { + if (tmp[i] != 0) + break; + leadingZeroCount++; + } + /* catch all zero case */ + if (sz > 0 && leadingZeroCount == sz) { + leadingZeroCount--; + } + *input += leadingZeroCount; + sz -= leadingZeroCount; + return sz; +} + +int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, + const byte* s, word32 sLen) +{ + int ret; + word32 idx; + word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ + word32 rAddLeadZero, sAddLeadZero; + + if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL)) + return BAD_FUNC_ARG; + + /* Trim leading zeros */ + rLen = trim_leading_zeros(&r, rLen); + sLen = trim_leading_zeros(&s, sLen); + /* If the leading bit on the INTEGER is a 1, add a leading zero */ + /* Add leading zero if MSB is set */ + rAddLeadZero = is_leading_bit_set(r, rLen); + sAddLeadZero = is_leading_bit_set(s, sLen); + + if (*outLen < (rLen + rAddLeadZero + sLen + sAddLeadZero + + headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ + return BUFFER_E; + + idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out); + + /* store r */ + ret = SetASNInt((int)rLen, (byte)(rAddLeadZero ? 0x80U : 0x00U), &out[idx]); + if (ret < 0) + return ret; + idx += (word32)ret; + XMEMCPY(&out[idx], r, rLen); + idx += rLen; + + /* store s */ + ret = SetASNInt((int)sLen, (byte)(sAddLeadZero ? 0x80U : 0x00U), &out[idx]); + if (ret < 0) + return ret; + idx += (word32)ret; + XMEMCPY(&out[idx], s, sLen); + idx += sLen; + + *outLen = idx; + + return 0; +} + +int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, + byte* s, word32* sLen) +{ + int ret; + word32 idx = 0; + int len = 0; + + if (GetSequence(sig, &idx, &len, sigLen) < 0) { + return ASN_ECC_KEY_E; + } + +#ifndef NO_STRICT_ECDSA_LEN + /* enable strict length checking for signature */ + if (sigLen != idx + (word32)len) { + return ASN_ECC_KEY_E; + } +#else + /* allow extra signature bytes at end */ + if ((word32)len > (sigLen - idx)) { + return ASN_ECC_KEY_E; + } +#endif + + ret = GetASNInt(sig, &idx, &len, sigLen); + if (ret != 0) + return ret; + if (rLen) { + if (*rLen >= (word32)len) + *rLen = (word32)len; + else { + /* Buffer too small to hold r value */ + return BUFFER_E; + } + } + if (r) + XMEMCPY(r, (byte*)sig + idx, (size_t)len); + idx += (word32)len; + + ret = GetASNInt(sig, &idx, &len, sigLen); + if (ret != 0) + return ret; + if (sLen) { + if (*sLen >= (word32)len) + *sLen = (word32)len; + else { + /* Buffer too small to hold s value */ + return BUFFER_E; + } + } + if (s) + XMEMCPY(s, (byte*)sig + idx, (size_t)len); + +#ifndef NO_STRICT_ECDSA_LEN + /* sanity check that the index has been advanced all the way to the end of + * the buffer */ + if (idx + (word32)len != sigLen) { + ret = ASN_ECC_KEY_E; + } +#endif + + return ret; +} + +int DecodeECC_DSA_Sig_Ex(const byte* sig, word32 sigLen, mp_int* r, mp_int* s, + int init) +{ + word32 idx = 0; + int len = 0; + + if (GetSequence(sig, &idx, &len, sigLen) < 0) { + return ASN_ECC_KEY_E; + } + +#ifndef NO_STRICT_ECDSA_LEN + /* enable strict length checking for signature */ + if (sigLen != idx + (word32)len) { + return ASN_ECC_KEY_E; + } +#else + /* allow extra signature bytes at end */ + if ((word32)len > (sigLen - idx)) { + return ASN_ECC_KEY_E; + } +#endif + + if (GetIntPositive(r, sig, &idx, sigLen, init) < 0) { + return ASN_ECC_KEY_E; + } + + if (GetIntPositive(s, sig, &idx, sigLen, init) < 0) { + mp_clear(r); + return ASN_ECC_KEY_E; + } + +#ifndef NO_STRICT_ECDSA_LEN + /* sanity check that the index has been advanced all the way to the end of + * the buffer */ + if (idx != sigLen) { + mp_clear(r); + mp_clear(s); + return ASN_ECC_KEY_E; + } +#endif + + return 0; +} + +#endif +#ifdef HAVE_ECC +WOLFSSL_ABI +int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, + word32 inSz) +{ + word32 oidSum; + int version, length; + int privSz, pubSz = 0; + byte b; + int ret = 0; + int curve_id = ECC_CURVE_DEF; +#ifdef WOLFSSL_SMALL_STACK + byte* priv; + byte* pub = NULL; +#else + byte priv[ECC_MAXSIZE+1]; + byte pub[2*(ECC_MAXSIZE+1)]; /* public key has two parts plus header */ +#endif + word32 algId = 0; + byte* pubData = NULL; + + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) + return BAD_FUNC_ARG; + + /* if has pkcs8 header skip it */ + if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { + /* ignore error, did not have pkcs8 header */ + } + else { + curve_id = wc_ecc_get_oid(algId, NULL, NULL); + } + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + + b = input[*inOutIdx]; + *inOutIdx += 1; + + /* priv type */ + if (b != 4 && b != 6 && b != 7) + return ASN_PARSE_E; + + if (GetLength(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + privSz = length; + + if (privSz > ECC_MAXSIZE) + return BUFFER_E; + + WC_ALLOC_VAR_EX(priv, byte, privSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + + /* priv key */ + XMEMCPY(priv, &input[*inOutIdx], (size_t)privSz); + *inOutIdx += (word32)length; + + if ((*inOutIdx + 1) < inSz) { + /* prefix 0, may have */ + b = input[*inOutIdx]; + if (b == ECC_PREFIX_0) { + *inOutIdx += 1; + + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + ret = ASN_PARSE_E; + else { + ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, + inSz); + if (ret == 0) { + if ((ret = CheckCurve(oidSum)) < 0) + ret = ECC_CURVE_OID_E; + else { + curve_id = ret; + ret = 0; + } + } + } + } + } + + if (ret == 0 && (*inOutIdx + 1) < inSz) { + /* prefix 1 */ + b = input[*inOutIdx]; + *inOutIdx += 1; + + if (b != ECC_PREFIX_1) { + ret = ASN_ECC_KEY_E; + } + else if (GetLength(input, inOutIdx, &length, inSz) <= 0) { + ret = ASN_PARSE_E; + } + else { + /* key header */ + ret = CheckBitString(input, inOutIdx, &length, inSz, 0, NULL); + if (ret == 0) { + /* pub key */ + pubSz = length; + if (pubSz > 2*(ECC_MAXSIZE+1)) + ret = BUFFER_E; + else { + WC_ALLOC_VAR_EX(pub, byte, pubSz, key->heap, + DYNAMIC_TYPE_TMP_BUFFER, ret=MEMORY_E); + if (WC_VAR_OK(pub)) + { + XMEMCPY(pub, &input[*inOutIdx], (size_t)pubSz); + *inOutIdx += (word32)length; + pubData = pub; + } + } + } + } + } + + if (ret == 0) { + ret = wc_ecc_import_private_key_ex(priv, (word32)privSz, pubData, + (word32)pubSz, key, curve_id); + } + + WC_FREE_VAR_EX(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#ifdef WOLFSSL_CUSTOM_CURVES +/* returns 0 on success */ +static int ASNToHexString(const byte* input, word32* inOutIdx, char** out, + word32 inSz, void* heap, int heapType) +{ + int len; + int i; + char* str; + word32 localIdx; + byte tag; + + if (*inOutIdx >= inSz) { + return BUFFER_E; + } + + localIdx = *inOutIdx; + if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && tag == ASN_INTEGER) { + if (GetASNInt(input, inOutIdx, &len, inSz) < 0) + return ASN_PARSE_E; + } + else { + if (GetOctetString(input, inOutIdx, &len, inSz) < 0) + return ASN_PARSE_E; + } + + str = (char*)XMALLOC((size_t)len * 2 + 1, heap, heapType); + if (str == NULL) { + return MEMORY_E; + } + + for (i=0; i MAX_ECC_STRING) { + WOLFSSL_MSG("ECC Param too large for buffer"); + ret = BUFFER_E; + } + else { + XSTRNCPY(*dst, src, MAX_ECC_STRING); + } + XFREE(src, heap, DYNAMIC_TYPE_ECC_BUFFER); +#endif + (void)heap; + + return ret; +} + +#endif +WOLFSSL_ABI +int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, + ecc_key* key, word32 inSz) +{ + int ret; + int version, length; + int curve_id = ECC_CURVE_DEF; + word32 oidSum, localIdx; + byte tag, isPrivFormat = 0; + + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + /* Check if ECC private key is being used and skip private portion */ + if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) { + isPrivFormat = 1; + + /* Type private key */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != 4 && tag != 6 && tag != 7) + return ASN_PARSE_E; + + /* Skip Private Key */ + if (GetLength(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + if (length > ECC_MAXSIZE) + return BUFFER_E; + *inOutIdx += (word32)length; + + /* Private Curve Header */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != ECC_PREFIX_0) + return ASN_ECC_KEY_E; + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + return ASN_PARSE_E; + } + /* Standard ECC public key */ + else { + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = SkipObjectId(input, inOutIdx, inSz); + if (ret != 0) + return ret; + } + + if (*inOutIdx >= inSz) { + return BUFFER_E; + } + + localIdx = *inOutIdx; + if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && + tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { +#ifdef WOLFSSL_CUSTOM_CURVES + ecc_set_type* curve; + int len; + char* point = NULL; + + ret = 0; + + curve = (ecc_set_type*)XMALLOC(sizeof(*curve), key->heap, + DYNAMIC_TYPE_ECC_BUFFER); + if (curve == NULL) + ret = MEMORY_E; + + if (ret == 0) { + static const char customName[] = "Custom"; + XMEMSET(curve, 0, sizeof(*curve)); + #ifndef WOLFSSL_ECC_CURVE_STATIC + curve->name = customName; + #else + XMEMCPY((void*)curve->name, customName, sizeof(customName)); + #endif + curve->id = ECC_CURVE_CUSTOM; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + ret = ASN_PARSE_E; + } + + if (ret == 0) { + GetInteger7Bit(input, inOutIdx, inSz); + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + char* p = NULL; + SkipObjectId(input, inOutIdx, inSz); + ret = ASNToHexString(input, inOutIdx, &p, inSz, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + if (ret == 0) { +#ifndef WOLFSSL_ECC_CURVE_STATIC + ret = EccKeyParamCopy((char**)&curve->prime, p, key->heap); +#else + const char *_tmp_ptr = &curve->prime[0]; + ret = EccKeyParamCopy((char**)&_tmp_ptr, p, key->heap); +#endif + } + } + if (ret == 0) { + curve->size = (int)XSTRLEN(curve->prime) / 2; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + ret = ASN_PARSE_E; + } + if (ret == 0) { + char* af = NULL; + ret = ASNToHexString(input, inOutIdx, &af, inSz, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + if (ret == 0) { +#ifndef WOLFSSL_ECC_CURVE_STATIC + ret = EccKeyParamCopy((char**)&curve->Af, af, key->heap); +#else + const char *_tmp_ptr = &curve->Af[0]; + ret = EccKeyParamCopy((char**)&_tmp_ptr, af, key->heap); +#endif + } + } + if (ret == 0) { + char* bf = NULL; + ret = ASNToHexString(input, inOutIdx, &bf, inSz, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + if (ret == 0) { +#ifndef WOLFSSL_ECC_CURVE_STATIC + ret = EccKeyParamCopy((char**)&curve->Bf, bf, key->heap); +#else + const char *_tmp_ptr = &curve->Bf[0]; + ret = EccKeyParamCopy((char**)&_tmp_ptr, bf, key->heap); +#endif + } + } + if (ret == 0) { + localIdx = *inOutIdx; + if (*inOutIdx < inSz && GetASNTag(input, &localIdx, &tag, inSz) + == 0 && tag == ASN_BIT_STRING) { + len = 0; + ret = GetASNHeader(input, ASN_BIT_STRING, inOutIdx, &len, inSz); + if (ret > 0) + ret = 0; /* reset on success */ + *inOutIdx += (word32)len; + } + } + if (ret == 0) { + ret = ASNToHexString(input, inOutIdx, (char**)&point, inSz, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + + /* sanity check that point buffer is not smaller than the expected + * size to hold ( 0 4 || Gx || Gy ) + * where Gx and Gy are each the size of curve->size * 2 */ + if (ret == 0 && (int)XSTRLEN(point) < (curve->size * 4) + 2) { + XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); + ret = BUFFER_E; + } + } + if (ret == 0) { + #ifndef WOLFSSL_ECC_CURVE_STATIC + curve->Gx = (const char*)XMALLOC((size_t)curve->size * 2 + 2, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + curve->Gy = (const char*)XMALLOC((size_t)curve->size * 2 + 2, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + if (curve->Gx == NULL || curve->Gy == NULL) { + XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); + ret = MEMORY_E; + } + #else + if (curve->size * 2 + 2 > MAX_ECC_STRING) { + WOLFSSL_MSG("curve size is too large to fit in buffer"); + ret = BUFFER_E; + } + #endif + } + if (ret == 0) { + char* o = NULL; + + XMEMCPY((char*)curve->Gx, point + 2, (size_t)curve->size * 2); + XMEMCPY((char*)curve->Gy, point + curve->size * 2 + 2, + (size_t)curve->size * 2); + ((char*)curve->Gx)[curve->size * 2] = '\0'; + ((char*)curve->Gy)[curve->size * 2] = '\0'; + XFREE(point, key->heap, DYNAMIC_TYPE_ECC_BUFFER); + ret = ASNToHexString(input, inOutIdx, &o, inSz, + key->heap, DYNAMIC_TYPE_ECC_BUFFER); + if (ret == 0) { +#ifndef WOLFSSL_ECC_CURVE_STATIC + ret = EccKeyParamCopy((char**)&curve->order, o, key->heap); +#else + const char *_tmp_ptr = &curve->order[0]; + ret = EccKeyParamCopy((char**)&_tmp_ptr, o, key->heap); +#endif + } + } + if (ret == 0) { + curve->cofactor = GetInteger7Bit(input, inOutIdx, inSz); + + #ifndef WOLFSSL_ECC_CURVE_STATIC + curve->oid = NULL; + #else + XMEMSET((void*)curve->oid, 0, sizeof(curve->oid)); + #endif + curve->oidSz = 0; + curve->oidSum = 0; + + if (wc_ecc_set_custom_curve(key, curve) < 0) { + ret = ASN_PARSE_E; + } + + key->deallocSet = 1; + + curve = NULL; + } + if (curve != NULL) + wc_ecc_free_curve(curve, key->heap); + + if (ret < 0) + return ret; +#else + return ASN_PARSE_E; +#endif /* WOLFSSL_CUSTOM_CURVES */ + } + else { + /* ecc params information */ + ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz); + if (ret != 0) + return ret; + + /* get curve id */ + if ((ret = CheckCurve(oidSum)) < 0) + return ECC_CURVE_OID_E; + else { + curve_id = ret; + } + } + + if (isPrivFormat) { + /* Public Curve Header - skip */ + if (*inOutIdx >= inSz) + return ASN_PARSE_E; + tag = input[*inOutIdx]; + *inOutIdx += 1; + if (tag != ECC_PREFIX_1) + return ASN_ECC_KEY_E; + if (GetLength(input, inOutIdx, &length, inSz) <= 0) + return ASN_PARSE_E; + } + + /* key header */ + ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL); + if (ret != 0) + return ret; + + /* This is the raw point data compressed or uncompressed. */ + if (wc_ecc_import_x963_ex(input + *inOutIdx, (word32)length, key, + curve_id) != 0) { + return ASN_ECC_KEY_E; + } + + *inOutIdx += (word32)length; + + return 0; +} + +#ifdef HAVE_ECC_KEY_EXPORT +int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, + int pubIn, int curveIn) +{ + byte curve[MAX_ALGO_SZ+2]; + byte ver[MAX_VERSION_SZ]; + byte seq[MAX_SEQ_SZ]; + int ret, curveSz, verSz; + word32 totalSz; + int privHdrSz = ASN_ECC_HEADER_SZ; + int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; +#ifdef WOLFSSL_NO_MALLOC + byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; + byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ + + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; +#else + byte *prv = NULL, *pub = NULL; +#endif + + word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0; + word32 seqSz, privSz, pubSz = ECC_BUFSIZE; + + if (key == NULL || (output == NULL && inLen == NULL)) + return BAD_FUNC_ARG; + + if (curveIn) { + /* curve */ + curve[curveidx++] = ECC_PREFIX_0; + curveidx++ /* to put the size after computation */; + curveSz = SetCurve(key, curve+curveidx, MAX_ALGO_SZ); + if (curveSz < 0) + return curveSz; + /* set computed size */ + curve[1] = (byte)curveSz; + curveidx += (word32)curveSz; + } + + /* private */ + privSz = (word32)key->dp->size; + +#ifdef WOLFSSL_QNX_CAAM + /* check if is a black key, and add MAC size if needed */ + if (key->blackKey > 0 && key->blackKey != CAAM_BLACK_KEY_ECB) { + privSz = privSz + WC_CAAM_MAC_SZ; + } +#endif + +#ifndef WOLFSSL_NO_MALLOC + prv = (byte*)XMALLOC(privSz + (word32)privHdrSz + MAX_SEQ_SZ, + key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (prv == NULL) { + return MEMORY_E; + } +#else + if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) { + return BUFFER_E; + } +#endif + if (privSz < ASN_LONG_LENGTH) { + prvidx += SetOctetString8Bit(privSz, &prv[prvidx]); + } + else { + prvidx += SetOctetString(privSz, &prv[prvidx]); + } + ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); + if (ret < 0) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } + prvidx += privSz; + + /* pubIn */ + if (pubIn) { + PRIVATE_KEY_UNLOCK(); + ret = wc_ecc_export_x963(key, NULL, &pubSz); + PRIVATE_KEY_LOCK(); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } + + #ifndef WOLFSSL_NO_MALLOC + pub = (byte*)XMALLOC(pubSz + (word32)pubHdrSz + MAX_SEQ_SZ, + key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) { + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + #else + if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) { + return BUFFER_E; + } + #endif + + pub[pubidx++] = ECC_PREFIX_1; + if (pubSz > 128) /* leading zero + extra size byte */ + pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 2, pub+pubidx); + else /* leading zero */ + pubidx += SetLength(pubSz + ASN_ECC_CONTEXT_SZ + 1, pub+pubidx); + + /* SetBitString adds leading zero */ + pubidx += SetBitString(pubSz, 0, pub + pubidx); + PRIVATE_KEY_UNLOCK(); + ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); + PRIVATE_KEY_LOCK(); + if (ret != 0) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return ret; + } + pubidx += pubSz; + } + + /* make headers */ + verSz = SetMyVersion(1, ver, FALSE); + seqSz = SetSequence((word32)verSz + prvidx + pubidx + curveidx, seq); + + totalSz = prvidx + pubidx + curveidx + (word32)verSz + seqSz; + if (output == NULL) { + *inLen = totalSz; + #ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pubIn) { + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); + } + if (inLen != NULL && totalSz > *inLen) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pubIn) { + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif + return BAD_FUNC_ARG; + } + + /* write out */ + /* seq */ + XMEMCPY(output + idx, seq, seqSz); + idx = seqSz; + + /* ver */ + XMEMCPY(output + idx, ver, (size_t)verSz); + idx += (word32)verSz; + + /* private */ + XMEMCPY(output + idx, prv, prvidx); + idx += prvidx; +#ifndef WOLFSSL_NO_MALLOC + XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + /* curve */ + XMEMCPY(output + idx, curve, curveidx); + idx += curveidx; + + /* pubIn */ + if (pubIn) { + XMEMCPY(output + idx, pub, pubidx); + /* idx += pubidx; not used after write, if more data remove comment */ + #ifndef WOLFSSL_NO_MALLOC + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + + return (int)totalSz; +} + +#endif +#endif +#if (defined(HAVE_OCSP) || defined(HAVE_CRL)) && !defined(WOLFCRYPT_ONLY) + +/* Get raw Date only, no processing, 0 on success */ +static int GetBasicDate(const byte* source, word32* idx, byte* date, + byte* format, int maxIdx) +{ + int ret, length; + const byte *datePtr = NULL; + + WOLFSSL_ENTER("GetBasicDate"); + + ret = GetDateInfo(source, idx, &datePtr, format, &length, maxIdx); + if (ret < 0) + return ret; + + XMEMCPY(date, datePtr, length); + + return 0; +} + +#endif /* HAVE_OCSP || HAVE_CRL */ + +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) +static int GetEnumerated(const byte* input, word32* inOutIdx, int *value, + int sz) +{ + word32 idx = *inOutIdx; + word32 len; + byte tag; + + WOLFSSL_ENTER("GetEnumerated"); + + *value = 0; + + if (GetASNTag(input, &idx, &tag, sz) < 0) + return ASN_PARSE_E; + + if (tag != ASN_ENUMERATED) + return ASN_PARSE_E; + + if ((int)idx >= sz) + return BUFFER_E; + + len = input[idx++]; + if (len > 4 || (int)(len + idx) > sz) + return ASN_PARSE_E; + + while (len--) { + *value = *value << 8 | input[idx++]; + } + + *inOutIdx = idx; + + return *value; +} + +#ifdef HAVE_OCSP_RESPONDER +WC_MAYBE_UNUSED static int EncodeCertID(OcspEntry* entry, byte* out, + word32* outSz) +{ + (void)entry; + (void)out; + (void)outSz; + /* Encoding ocsp CertID not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +static int OcspDecodeCertIDInt(const byte* input, word32* inOutIdx, word32 inSz, + OcspEntry* entry) +{ + int length; + word32 oid; + int ret; + int expectedDigestSz; + + /* Hash algorithm */ + ret = GetAlgoId(input, inOutIdx, &oid, oidHashType, inSz); + if (ret < 0) + return ret; + entry->hashAlgoOID = oid; + + /* Validate hash algorithm and get expected digest size */ + expectedDigestSz = wc_HashGetDigestSize(wc_OidGetHash((int)oid)); + if (expectedDigestSz <= 0) + return ASN_SIG_HASH_E; + + /* Save reference to the hash of CN */ + ret = GetOctetString(input, inOutIdx, &length, inSz); + if (ret < 0) + return ret; + if (length != expectedDigestSz || length > (int)sizeof(entry->issuerHash)) + return ASN_PARSE_E; + XMEMCPY(entry->issuerHash, input + *inOutIdx, length); + *inOutIdx += length; + /* Save reference to the hash of the issuer public key */ + ret = GetOctetString(input, inOutIdx, &length, inSz); + if (ret < 0) + return ret; + if (length != expectedDigestSz || length > (int)sizeof(entry->issuerKeyHash)) + return ASN_PARSE_E; + XMEMCPY(entry->issuerKeyHash, input + *inOutIdx, length); + *inOutIdx += length; + + /* Get serial number */ + if (wc_GetSerialNumber(input, inOutIdx, entry->status->serial, + &entry->status->serialSz, inSz) < 0) + return ASN_PARSE_E; + return 0; +} + +#ifdef HAVE_OCSP_RESPONDER +WC_MAYBE_UNUSED static int EncodeSingleResponse(OcspEntry* single, byte* out, + word32* outSz, void* heap) +{ + (void)single; + (void)out; + (void)outSz; + (void)heap; + /* Encoding ocsp responses not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, + int wrapperSz, OcspEntry* single) +{ + word32 idx = *ioIndex, prevIndex, localIdx, certIdIdx; + int length; + int ret; + byte tag; + + WOLFSSL_ENTER("DecodeSingleResponse"); + + prevIndex = idx; + + /* Wrapper around the Single Response */ + if (GetSequence(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + /* Wrapper around the CertID */ + certIdIdx = idx; + if (GetSequence(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + single->rawCertId = source + certIdIdx; + ret = OcspDecodeCertIDInt(source, &idx, size, single); + if (ret < 0) + return ASN_PARSE_E; + single->rawCertIdSize = idx - certIdIdx; + + if (idx >= size) + return BUFFER_E; + + /* CertStatus */ + switch (source[idx++]) + { + case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): + single->status->status = CERT_GOOD; + idx++; + break; + case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): + single->status->status = CERT_REVOKED; + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + idx += length; + break; + case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): + single->status->status = CERT_UNKNOWN; + idx++; + break; + default: + return ASN_PARSE_E; + } + + if (idx >= size) + return BUFFER_E; + +#ifdef WOLFSSL_OCSP_PARSE_STATUS + single->status->thisDateAsn = source + idx; + localIdx = 0; + if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, + (byte*)&single->status->thisDateParsed.type, + &single->status->thisDateParsed.length, size - idx) < 0) + return ASN_PARSE_E; + + if (idx + localIdx >= size) + return BUFFER_E; + + XMEMCPY(single->status->thisDateParsed.data, + single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length, + single->status->thisDateParsed.length); +#endif + if (GetBasicDate(source, &idx, single->status->thisDate, + &single->status->thisDateFormat, size) < 0) + return ASN_PARSE_E; + +#ifndef NO_ASN_TIME_CHECK +#ifndef WOLFSSL_NO_OCSP_DATE_CHECK + if ((! AsnSkipDateCheck) && !XVALIDATE_DATE(single->status->thisDate, + single->status->thisDateFormat, ASN_BEFORE, MAX_DATE_SIZE)) + return ASN_BEFORE_DATE_E; +#endif +#endif + + /* The following items are optional. Only check for them if there is more + * unprocessed data in the singleResponse wrapper. */ + localIdx = idx; + if (((int)(idx - prevIndex) < wrapperSz) && + GetASNTag(source, &localIdx, &tag, size) == 0 && + tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) + { + idx++; + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; +#ifdef WOLFSSL_OCSP_PARSE_STATUS + single->status->nextDateAsn = source + idx; + localIdx = 0; + if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, + (byte*)&single->status->nextDateParsed.type, + &single->status->nextDateParsed.length, size - idx) < 0) + return ASN_PARSE_E; + + if (idx + localIdx >= size) + return BUFFER_E; + + XMEMCPY(single->status->nextDateParsed.data, + single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length, + single->status->nextDateParsed.length); +#endif + if (GetBasicDate(source, &idx, single->status->nextDate, + &single->status->nextDateFormat, size) < 0) + return ASN_PARSE_E; + +#ifndef NO_ASN_TIME_CHECK +#ifndef WOLFSSL_NO_OCSP_DATE_CHECK + if ((! AsnSkipDateCheck) && + !XVALIDATE_DATE(single->status->nextDate, + single->status->nextDateFormat, ASN_AFTER, MAX_DATE_SIZE)) + return ASN_AFTER_DATE_E; +#endif +#endif + } + + /* Skip the optional extensions in singleResponse. */ + localIdx = idx; + if (((int)(idx - prevIndex) < wrapperSz) && + GetASNTag(source, &localIdx, &tag, size) == 0 && + tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) + { + idx++; + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + idx += length; + } + + *ioIndex = idx; + + return 0; +} + +static int DecodeOcspRespExtensions(byte* source, word32* ioIndex, + OcspResponse* resp, word32 sz) +{ + word32 idx = *ioIndex; + int length; + int ext_bound; /* boundary index for the sequence of extensions */ + word32 oid; + int ret; + byte tag; + + WOLFSSL_ENTER("DecodeOcspRespExtensions"); + + if ((idx + 1) > sz) + return BUFFER_E; + + if (GetASNTag(source, &idx, &tag, sz) < 0) + return ASN_PARSE_E; + + if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 1)) + return ASN_PARSE_E; + + if (GetLength(source, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (GetSequence(source, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + ext_bound = idx + length; + + while (idx < (word32)ext_bound) { + word32 localIdx; + + if (GetSequence(source, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + oid = 0; + if (GetObjectId(source, &idx, &oid, oidOcspType, sz) < 0) { + WOLFSSL_MSG("\tfail: OBJECT ID"); + return ASN_PARSE_E; + } + + /* check for critical flag */ + if ((idx + 1) > (word32)sz) { + WOLFSSL_MSG("\tfail: malformed buffer"); + return BUFFER_E; + } + + localIdx = idx; + if (GetASNTag(source, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) { + WOLFSSL_MSG("\tfound optional critical flag, moving past"); + ret = GetBoolean(source, &idx, sz); + if (ret < 0) + return ret; + } + + ret = GetOctetString(source, &idx, &length, sz); + if (ret < 0) + return ret; + + if (oid == OCSP_NONCE_OID) { + /* get data inside extra OCTET_STRING */ + ret = GetOctetString(source, &idx, &length, sz); + if (ret < 0) + return ret; + + resp->nonce = source + idx; + resp->nonceSz = length; + } + + idx += length; + } + + *ioIndex = idx; + return 0; +} + +WC_MAYBE_UNUSED static int EncodeOcspRespExtensions(OcspResponse* resp, + byte* out, word32* outSz) +{ + (void)resp; + (void)out; + (void)outSz; + /* Encoding ocsp responses not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#ifdef HAVE_OCSP_RESPONDER +WC_MAYBE_UNUSED static int EncodeResponseData(OcspResponse* resp, byte* out, + word32* outSz) +{ + (void)resp; + (void)out; + (void)outSz; + /* Encoding ocsp responses not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +static int DecodeResponseData(byte* source, word32* ioIndex, + OcspResponse* resp, word32 size) +{ + word32 idx = *ioIndex, prev_idx, localIdx; + int length; + int version; + int ret; + byte tag; + int wrapperSz; + OcspEntry* single; + + WOLFSSL_ENTER("DecodeResponseData"); + + resp->response = source + idx; + prev_idx = idx; + if (GetSequence(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + resp->responseSz = length + idx - prev_idx; + + /* Get version. It is an EXPLICIT[0] DEFAULT(0) value. If this + * item isn't an EXPLICIT[0], then set version to zero and move + * onto the next item. + */ + localIdx = idx; + if (GetASNTag(source, &localIdx, &tag, size) == 0 && + tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) + { + idx += 2; /* Eat the value and length */ + if (GetMyVersion(source, &idx, &version, size) < 0) + return ASN_PARSE_E; + } else + version = 0; + + localIdx = idx; + if (GetASNTag(source, &localIdx, &tag, size) != 0) + return ASN_PARSE_E; + + resp->responderIdType = OCSP_RESPONDER_ID_INVALID; + /* parse byName */ + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) + { + idx++; /* advance past ASN tag */ + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + /* compute the hash of the name */ + resp->responderIdType = OCSP_RESPONDER_ID_NAME; + ret = CalcHashId_ex(source + idx, length, + resp->responderId.nameHash, OCSP_RESPONDER_ID_HASH_TYPE); + if (ret != 0) + return ret; + idx += length; + } + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) + { + idx++; /* advance past ASN tag */ + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (GetOctetString(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (length != OCSP_RESPONDER_ID_KEY_SZ) + return ASN_PARSE_E; + resp->responderIdType = OCSP_RESPONDER_ID_KEY; + XMEMCPY(resp->responderId.keyHash, source + idx, length); + idx += length; + } + if (resp->responderIdType == OCSP_RESPONDER_ID_INVALID) + return ASN_PARSE_E; + + /* save pointer to the producedAt time */ + if (GetBasicDate(source, &idx, resp->producedDate, + &resp->producedDateFormat, size) < 0) + return ASN_PARSE_E; + + /* Outer wrapper of the SEQUENCE OF Single Responses. */ + if (GetSequence(source, &idx, &wrapperSz, size) < 0) + return ASN_PARSE_E; + + localIdx = idx; + single = resp->single; + while (idx - localIdx < (word32)wrapperSz) { + ret = DecodeSingleResponse(source, &idx, size, wrapperSz, single); + if (ret < 0) + return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ + if (idx - localIdx < (word32)wrapperSz) { + single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap, + DYNAMIC_TYPE_OCSP_ENTRY); + if (single->next == NULL) { + return MEMORY_E; + } + XMEMSET(single->next, 0, sizeof(OcspEntry)); + + single->next->status = (CertStatus*)XMALLOC(sizeof(CertStatus), + resp->heap, DYNAMIC_TYPE_OCSP_STATUS); + if (single->next->status == NULL) { + XFREE(single->next, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY); + single->next = NULL; + return MEMORY_E; + } + XMEMSET(single->next->status, 0, sizeof(CertStatus)); + + single->next->isDynamic = 1; + single->next->ownStatus = 1; + + single = single->next; + } + } + + /* + * Check the length of the ResponseData against the current index to + * see if there are extensions, they are optional. + */ + if (idx - prev_idx < resp->responseSz) + if (DecodeOcspRespExtensions(source, &idx, resp, size) < 0) + return ASN_PARSE_E; + + *ioIndex = idx; + return 0; +} + +#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS + +static int DecodeCerts(byte* source, + word32* ioIndex, OcspResponse* resp, word32 size) +{ + word32 idx = *ioIndex; + byte tag; + + WOLFSSL_ENTER("DecodeCerts"); + + if (GetASNTag(source, &idx, &tag, size) < 0) + return ASN_PARSE_E; + + if (tag == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) + { + int length; + + if (GetLength(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (GetSequence(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + resp->cert = source + idx; + resp->certSz = length; + + idx += length; + } + *ioIndex = idx; + return 0; +} + +#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ + +#ifdef HAVE_OCSP_RESPONDER +WC_MAYBE_UNUSED static int EncodeBasicOcspResponse(OcspResponse* resp, + byte* out, word32* outSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) +{ + (void)resp; + (void)out; + (void)outSz; + (void)rsaKey; + (void)eccKey; + (void)rng; + /* Encoding ocsp responses not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, + OcspResponse* resp, word32 size, void* cm, void* heap, int noVerify, + int noVerifySignature) +{ + int length; + word32 idx = *ioIndex; + #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS + word32 end_index; + #endif + int ret; + int sigLength; + int sigValid = 0; + WOLFSSL_ENTER("DecodeBasicOcspResponse"); + (void)heap; + + if (GetSequence(source, &idx, &length, size) < 0) + return ASN_PARSE_E; + + if (idx + length > size) + return ASN_INPUT_E; + #ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS + end_index = idx + length; + #endif + + if ((ret = DecodeResponseData(source, &idx, resp, size)) < 0) + return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ + + /* Get the signature algorithm */ + if (GetAlgoId(source, &idx, &resp->sigOID, oidSigType, size) < 0) { + return ASN_PARSE_E; + } +#ifdef WC_RSA_PSS + else if (resp->sigOID == CTC_RSASSAPSS) { + word32 sz; + int len; + byte* params; + + sz = idx; + params = source + idx; + if (GetSequence(source, &idx, &len, size) < 0) + return ASN_PARSE_E; + if (ret == 0) { + idx += len; + resp->sigParams = params; + resp->sigParamsSz = idx - sz; + } + } +#endif + + ret = CheckBitString(source, &idx, &sigLength, size, 1, NULL); + if (ret != 0) + return ret; + + resp->sigSz = sigLength; + resp->sig = source + idx; + idx += sigLength; + + /* + * Check the length of the BasicOcspResponse against the current index to + * see if there are certificates, they are optional. + */ +#ifndef WOLFSSL_NO_OCSP_OPTIONAL_CERTS + if (idx < end_index) + { + if (DecodeCerts(source, &idx, resp, size) < 0) + return ASN_PARSE_E; + + ret = OcspCheckCert(resp, noVerify, noVerifySignature, + (WOLFSSL_CERT_MANAGER*)cm, heap); + if (ret == 0) { + sigValid = 1; + } + else { + WOLFSSL_MSG("OCSP Internal cert can't verify the response\n"); + /* try to verify the OCSP response with CA certs */ + ret = 0; + } + } +#endif /* WOLFSSL_NO_OCSP_OPTIONAL_CERTS */ + if (!noVerifySignature && !sigValid) { + Signer* ca; + SignatureCtx sigCtx; + ca = OcspFindSigner(resp, (WOLFSSL_CERT_MANAGER*)cm); + if (ca == NULL) + return ASN_NO_SIGNER_E; + +#ifndef WOLFSSL_NO_OCSP_ISSUER_CHECK + if (OcspRespCheck(resp, ca, cm) != 0) + return BAD_OCSP_RESPONDER; +#endif + InitSignatureCtx(&sigCtx, heap, INVALID_DEVID); + + /* ConfirmSignature is blocking here */ + sigValid = ConfirmSignature(&sigCtx, resp->response, + resp->responseSz, ca->publicKey, ca->pubKeySize, ca->keyOID, + resp->sig, resp->sigSz, resp->sigOID, resp->sigParams, + resp->sigParamsSz, NULL); + if (sigValid != 0) { + WOLFSSL_MSG("\tOCSP Confirm signature failed"); + return ASN_OCSP_CONFIRM_E; + } + (void)noVerify; + } + + *ioIndex = idx; + return 0; +} + +#ifdef HAVE_OCSP_RESPONDER +int OcspResponseEncode(OcspResponse* resp, byte* out, word32* outSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) +{ + (void)resp; + (void)out; + (void)outSz; + (void)rsaKey; + (void)eccKey; + (void)rng; + /* Encoding ocsp responses not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, + int noVerifyCert, int noVerifySignature) +{ + int ret; + int length = 0; + word32 idx = 0; + byte* source = resp->source; + word32 size = resp->maxIdx; + word32 oid; + byte tag; + + WOLFSSL_ENTER("OcspResponseDecode"); + + /* peel the outer SEQUENCE wrapper */ + if (GetSequence(source, &idx, &length, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* First get the responseStatus, an ENUMERATED */ + if (GetEnumerated(source, &idx, &resp->responseStatus, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + + if (resp->responseStatus != OCSP_SUCCESSFUL) { + WOLFSSL_LEAVE("OcspResponseDecode", 0); + return 0; + } + + /* Next is an EXPLICIT record called ResponseBytes, OPTIONAL */ + if (idx >= size) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + if (GetASNTag(source, &idx, &tag, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC)) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + if (GetLength(source, &idx, &length, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* Get the responseBytes SEQUENCE */ + if (GetSequence(source, &idx, &length, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* Check ObjectID for the resposeBytes */ + if (GetObjectId(source, &idx, &oid, oidOcspType, size) < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + if (oid != OCSP_BASIC_OID) { + WOLFSSL_LEAVE("OcspResponseDecode", ASN_PARSE_E); + return ASN_PARSE_E; + } + ret = GetOctetString(source, &idx, &length, size); + if (ret < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ret); + return ret; + } + + ret = DecodeBasicOcspResponse(source, &idx, resp, size, cm, heap, + noVerifyCert, noVerifySignature); + if (ret < 0) { + WOLFSSL_LEAVE("OcspResponseDecode", ret); + return ret; + } + + WOLFSSL_LEAVE("OcspResponseDecode", 0); + return 0; +} + +int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size) +{ + byte seqArray[5][MAX_SEQ_SZ]; + /* The ASN.1 of the OCSP Request is an onion of sequences */ + byte algoArray[MAX_ALGO_SZ]; + byte issuerArray[MAX_ENCODED_DIG_SZ]; + byte issuerKeyArray[MAX_ENCODED_DIG_SZ]; + byte snArray[MAX_SN_SZ]; + byte extArray[MAX_OCSP_EXT_SZ]; + word32 seqSz[5], algoSz, issuerSz, issuerKeySz, extSz, totalSz; + int i, snSz; + int keyIdSz; + + WOLFSSL_ENTER("EncodeOcspRequest"); + + algoSz = SetAlgoID(req->hashAlg, algoArray, oidHashType, 0); + keyIdSz = wc_HashGetDigestSize(wc_OidGetHash(req->hashAlg)); + if (keyIdSz <= 0 || keyIdSz > WC_MAX_DIGEST_SIZE) + return BAD_FUNC_ARG; + + issuerSz = SetDigest(req->issuerHash, keyIdSz, issuerArray); + issuerKeySz = SetDigest(req->issuerKeyHash, keyIdSz, issuerKeyArray); + snSz = SetSerialNumber(req->serial, req->serialSz, snArray, + MAX_SN_SZ, MAX_SN_SZ); + extSz = 0; + + if (snSz < 0) + return snSz; + + if (req->nonceSz) { + /* TLS Extensions use this function too - put extensions after + * ASN.1: Context Specific [2]. + */ + extSz = EncodeOcspRequestExtensions(req, extArray + 2, + OCSP_NONCE_EXT_SZ); + extSz += SetExplicit(2, extSz, extArray, 0); + } + + totalSz = algoSz + issuerSz + issuerKeySz + snSz; + for (i = 4; i >= 0; i--) { + seqSz[i] = SetSequence(totalSz, seqArray[i]); + totalSz += seqSz[i]; + if (i == 2) totalSz += extSz; + } + + if (output == NULL) + return totalSz; + if (totalSz > size) + return BUFFER_E; + + totalSz = 0; + for (i = 0; i < 5; i++) { + XMEMCPY(output + totalSz, seqArray[i], seqSz[i]); + totalSz += seqSz[i]; + } + + XMEMCPY(output + totalSz, algoArray, algoSz); + totalSz += algoSz; + + XMEMCPY(output + totalSz, issuerArray, issuerSz); + totalSz += issuerSz; + + XMEMCPY(output + totalSz, issuerKeyArray, issuerKeySz); + totalSz += issuerKeySz; + + XMEMCPY(output + totalSz, snArray, snSz); + totalSz += snSz; + + if (extSz != 0) { + XMEMCPY(output + totalSz, extArray, extSz); + totalSz += extSz; + } + + return totalSz; +} + +#ifdef HAVE_OCSP_RESPONDER +int DecodeOcspRequest(OcspRequest* req, const byte* input, word32 size) +{ + (void)req; + (void)input; + (void)size; + /* Decoding ocsp requests not supported in legacy ASN parsing */ + return NOT_COMPILED_IN; +} + +#endif +#endif +int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, + word32 sigOID) +{ + int length; /* length of all distinguished names */ + int ret; + word32 dummy; + byte tag; + + WOLFSSL_ENTER("GetNameHash"); + + dummy = *idx; + if (GetASNTag(source, &dummy, &tag, (word32)maxIdx) == 0 && + tag == ASN_OBJECT_ID) { + WOLFSSL_MSG("Trying optional prefix..."); + + if (GetLength(source, idx, &length, (word32)maxIdx) < 0) + return ASN_PARSE_E; + + *idx += (word32)length; + WOLFSSL_MSG("Got optional prefix"); + } + + /* For OCSP, RFC2560 section 4.1.1 states the issuer hash should be + * calculated over the entire DER encoding of the Name field, including + * the tag and length. */ + dummy = *idx; + if (GetSequence(source, idx, &length, (word32)maxIdx) < 0) + return ASN_PARSE_E; + + ret = CalcHashId_ex(source + dummy, (word32)length + *idx - dummy, hash, + HashIdAlg(sigOID)); + + *idx += (word32)length; + + return ret; +} + +#if defined(HAVE_CRL) && !defined(WOLFCRYPT_ONLY) +static int GetRevoked(RevokedCert* rcert, const byte* buff, word32* idx, + DecodedCRL* dcrl, word32 maxIdx) +{ + int ret; + int len; + word32 end; + RevokedCert* rc; +#ifdef CRL_STATIC_REVOKED_LIST + int totalCerts = 0; +#endif + WOLFSSL_ENTER("GetRevoked"); + + if (GetSequence(buff, idx, &len, maxIdx) < 0) + return ASN_PARSE_E; + + end = *idx + len; + +#ifdef CRL_STATIC_REVOKED_LIST + totalCerts = dcrl->totalCerts; + + if (totalCerts >= CRL_MAX_REVOKED_CERTS) { + return MEMORY_E; + } + + rc = &rcert[totalCerts]; + ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx); + if (ret < 0) { + WOLFSSL_MSG("wc_GetSerialNumber error"); + return ret; + } +#else + + rc = (RevokedCert*)XMALLOC(sizeof(RevokedCert), dcrl->heap, + DYNAMIC_TYPE_REVOKED); + if (rc == NULL) { + WOLFSSL_MSG("Alloc Revoked Cert failed"); + return MEMORY_E; + } + XMEMSET(rc, 0, sizeof(RevokedCert)); + ret = wc_GetSerialNumber(buff, idx, rc->serialNumber, &rc->serialSz,maxIdx); + if (ret < 0) { + WOLFSSL_MSG("wc_GetSerialNumber error"); + XFREE(rc, dcrl->heap, DYNAMIC_TYPE_REVOKED); + return ret; + } + /* add to list */ + rc->next = dcrl->certs; + dcrl->certs = rc; + + (void)rcert; +#endif /* CRL_STATIC_REVOKED_LIST */ + dcrl->totalCerts++; + /* get date */ +#ifndef NO_ASN_TIME + ret = GetBasicDate(buff, idx, rc->revDate, &rc->revDateFormat, maxIdx); + if (ret < 0) { + WOLFSSL_MSG("Expecting Date"); + return ret; + } +#endif + /* Initialize reason code to absent */ + rc->reasonCode = -1; + + /* Parse CRL entry extensions if present */ + if (*idx < end) { + word32 extIdx = *idx; + int extLen; + byte tag; + + /* Check for SEQUENCE tag (extensions wrapper) */ + if (GetASNTag(buff, &extIdx, &tag, end) == 0 && + tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + word32 seqIdx = extIdx - 1; /* back up to re-read tag */ + if (GetSequence(buff, &seqIdx, &extLen, end) >= 0) { + word32 extEnd = seqIdx + (word32)extLen; + +#if defined(OPENSSL_EXTRA) + /* Store raw DER of extensions for OpenSSL compat API */ + { + word32 rawStart = *idx; + word32 rawLen = end - rawStart; + rc->extensions = (byte*)XMALLOC(rawLen, dcrl->heap, + DYNAMIC_TYPE_REVOKED); + if (rc->extensions != NULL) { + XMEMCPY(rc->extensions, buff + rawStart, rawLen); + rc->extensionsSz = rawLen; + } + } +#endif + + ParseCRL_ReasonCode(buff, seqIdx, extEnd, &rc->reasonCode); + } + } + } + + *idx = end; + + return 0; +} + +/* Get CRL Signature, 0 on success */ +static int GetCRL_Signature(const byte* source, word32* idx, DecodedCRL* dcrl, + int maxIdx) +{ + int length; + int ret; + + WOLFSSL_ENTER("GetCRL_Signature"); + + ret = CheckBitString(source, idx, &length, maxIdx, 1, NULL); + if (ret != 0) + return ret; + dcrl->sigLength = length; + + dcrl->signature = (byte*)&source[*idx]; + *idx += dcrl->sigLength; + + return 0; +} + +static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, + const byte* buf,word32* inOutIdx, int sz, int verify) +{ + word32 oid, dateIdx, idx, checkIdx; + int length; +#ifdef WOLFSSL_NO_CRL_NEXT_DATE + int doNextDate = 1; +#endif + byte tag; + + if (dcrl == NULL || inOutIdx == NULL || buf == NULL) { + return BAD_FUNC_ARG; + } + + /* may have version */ + idx = *inOutIdx; + + checkIdx = idx; + if (GetASNTag(buf, &checkIdx, &tag, sz) == 0 && tag == ASN_INTEGER) { + if (GetMyVersion(buf, &idx, &dcrl->version, sz) < 0) + return ASN_PARSE_E; + dcrl->version++; + } + + if (GetAlgoId(buf, &idx, &oid, oidIgnoreType, sz) < 0) { + return ASN_PARSE_E; + } +#ifdef WC_RSA_PSS + else if (oid == CTC_RSASSAPSS) { + word32 tmpSz; + int len; + + tmpSz = idx; + dcrl->sigParamsIndex = idx; + if (GetSequence(buf, &idx, &len, sz) < 0) { + dcrl->sigParamsIndex = 0; + return ASN_PARSE_E; + } + idx += len; + dcrl->sigParamsLength = idx - tmpSz; + } +#endif + + checkIdx = idx; + if (GetSequence(buf, &checkIdx, &length, sz) < 0) { + return ASN_PARSE_E; + } +#ifdef OPENSSL_EXTRA + dcrl->issuerSz = length + (checkIdx - idx); + dcrl->issuer = (byte*)GetNameFromDer(buf + idx, (int)dcrl->issuerSz); +#endif + + if (GetNameHash_ex(buf, &idx, dcrl->issuerHash, sz, oid) < 0) + return ASN_PARSE_E; + + if (GetBasicDate(buf, &idx, dcrl->lastDate, &dcrl->lastDateFormat, sz) < 0) + return ASN_PARSE_E; + + dateIdx = idx; + + if (GetBasicDate(buf, &idx, dcrl->nextDate, &dcrl->nextDateFormat, sz) < 0) + { +#ifndef WOLFSSL_NO_CRL_NEXT_DATE + (void)dateIdx; + return ASN_PARSE_E; +#else + dcrl->nextDateFormat = ASN_OTHER_TYPE; /* skip flag */ + doNextDate = 0; + idx = dateIdx; +#endif + } + +#ifdef WOLFSSL_NO_CRL_NEXT_DATE + if (doNextDate) +#endif + { +#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) + if (verify != NO_VERIFY && + (! AsnSkipDateCheck) && + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER, + MAX_DATE_SIZE)) { + WOLFSSL_MSG("CRL after date is no longer valid"); + WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); + return CRL_CERT_DATE_ERR; + } +#else + (void)verify; +#endif + } + + checkIdx = idx; + if ((idx != dcrl->sigIndex) && (GetASNTag(buf, &checkIdx, &tag, sz) == 0) && + (tag != CRL_EXTENSIONS)) { + int len; + word32 tlen; + + if (GetSequence(buf, &idx, &len, sz) < 0) + return ASN_PARSE_E; + tlen = (word32)len + idx; + if (tlen < idx) + return ASN_PARSE_E; + + while (idx < tlen) { + if (GetRevoked(rcert, buf, &idx, dcrl, tlen) < 0) + return ASN_PARSE_E; + } + } + + *inOutIdx = idx; + + return 0; +} + +#ifndef NO_SKID +static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) +{ + word32 idx = 0; + int length = 0, ret = 0; + byte tag; + + WOLFSSL_ENTER("ParseCRL_AuthKeyIdExt"); + + if (GetSequence(input, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + if (GetASNTag(input, &idx, &tag, sz) < 0) { + return ASN_PARSE_E; + } + + if (tag != (ASN_CONTEXT_SPECIFIC | 0)) { + WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); + return 0; + } + + if (GetLength(input, &idx, &length, sz) <= 0) { + WOLFSSL_MSG("\tfail: extension data length"); + return ASN_PARSE_E; + } + + dcrl->extAuthKeyIdSet = 1; + + /* Get the hash or hash of the hash if wrong size. */ + ret = GetHashId(input + idx, length, dcrl->extAuthKeyId, + HashIdAlg(dcrl->signatureOID)); + + return ret; +} + +#endif +static int ParseCRL_Extensions(DecodedCRL* dcrl, const byte* buf, + word32* inOutIdx, word32 sz) +{ + int length; + word32 idx; + word32 ext_bound; /* boundary index for the sequence of extensions */ + word32 oid; + byte tag; + + WOLFSSL_ENTER("ParseCRL_Extensions"); + (void)dcrl; + + if (inOutIdx == NULL) + return BAD_FUNC_ARG; + + idx = *inOutIdx; + + /* CRL Extensions are optional */ + if ((idx + 1) > sz) + return 0; + + /* CRL Extensions are optional */ + if (GetASNTag(buf, &idx, &tag, sz) < 0) + return 0; + + /* CRL Extensions are optional */ + if (tag != (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0)) + return 0; + + if (GetLength(buf, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + if (GetSequence(buf, &idx, &length, sz) < 0) + return ASN_PARSE_E; + + ext_bound = idx + length; + + while (idx < (word32)ext_bound) { + word32 localIdx; + int ret; + + if (GetSequence(buf, &idx, &length, sz) < 0) { + WOLFSSL_MSG("\tfail: should be a SEQUENCE"); + return ASN_PARSE_E; + } + + oid = 0; + if (GetObjectId(buf, &idx, &oid, oidCrlExtType, sz) < 0) { + WOLFSSL_MSG("\tfail: OBJECT ID"); + return ASN_PARSE_E; + } + + /* check for critical flag */ + if ((idx + 1) > (word32)sz) { + WOLFSSL_MSG("\tfail: malformed buffer"); + return BUFFER_E; + } + + localIdx = idx; + if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && tag == ASN_BOOLEAN) { + WOLFSSL_MSG("\tfound optional critical flag, moving past"); + ret = GetBoolean(buf, &idx, sz); + if (ret < 0) + return ret; + } + + ret = GetOctetString(buf, &idx, &length, sz); + if (ret < 0) + return ret; + + if (oid == AUTH_KEY_OID) { + #ifndef NO_SKID + ret = ParseCRL_AuthKeyIdExt(buf + idx, length, dcrl); + if (ret < 0) { + WOLFSSL_MSG("\tcouldn't parse AuthKeyId extension"); + return ret; + } + #endif + } + else if (oid == CRL_NUMBER_OID) { + localIdx = idx; + if (GetASNTag(buf, &localIdx, &tag, sz) == 0 && + tag == ASN_INTEGER) { + word32 rawIdx = idx; + int rawLen = 0; + ret = GetASNInt(buf, &idx, &length, sz); + if (ret < 0) { + WOLFSSL_MSG("\tcouldn't parse CRL number extension"); + return ret; + } + /* RFC 5280 s5.2.3: CRL number must be non-negative. + * Check the raw encoding before GetASNInt strips + * the leading-zero pad: skip past the INTEGER tag + * and length, then reject if the first content byte + * has its high bit set (negative value). */ + (void)GetASNHeader(buf, ASN_INTEGER, + &rawIdx, &rawLen, sz); + if (rawLen > 0 && (buf[rawIdx] & 0x80) != 0) { + WOLFSSL_MSG("CRL number is negative"); + return ASN_PARSE_E; + } + if (length <= CRL_MAX_NUM_SZ) { + DECL_MP_INT_SIZE_DYN(m, CRL_MAX_NUM_SZ_BITS, + CRL_MAX_NUM_SZ_BITS); + NEW_MP_INT_SIZE(m, CRL_MAX_NUM_SZ_BITS, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + #ifdef MP_INT_SIZE_CHECK_NULL + if (m == NULL) { + ret = MEMORY_E; + } + #endif + + if (ret == 0 && ((ret = INIT_MP_INT_SIZE(m, CRL_MAX_NUM_SZ + * CHAR_BIT)) != MP_OKAY)) { + ret = MP_INIT_E; + } + + if (ret == MP_OKAY) + ret = mp_read_unsigned_bin(m, buf + idx, length); + + if (ret != MP_OKAY) + ret = BUFFER_E; + + if (ret == MP_OKAY && mp_toradix(m, (char*)dcrl->crlNumber, + MP_RADIX_HEX) != MP_OKAY) + ret = BUFFER_E; + + if (ret == MP_OKAY) { + dcrl->crlNumberSet = 1; + } + + FREE_MP_INT_SIZE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (ret != MP_OKAY) + return ret; + } else { + WOLFSSL_MSG("CRL number exceeds limitation"); + ret = BUFFER_E; + } + } + } + + idx += length; + } + + *inOutIdx = idx; + + return 0; +} + +int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, + int verify, void* cm) +{ + Signer* ca = NULL; + SignatureCtx sigCtx; + int ret = 0; + int len; + word32 idx = 0; + const byte* sigParams = NULL; + int sigParamsSz = 0; + + WOLFSSL_MSG("ParseCRL"); + + /* raw crl hash */ + /* hash here if needed for optimized comparisons + * wc_Sha sha; + * wc_InitSha(&sha); + * wc_ShaUpdate(&sha, buff, sz); + * wc_ShaFinal(&sha, dcrl->crlHash); */ + + if (GetSequence(buff, &idx, &len, sz) < 0) + return ASN_PARSE_E; + + dcrl->certBegin = idx; + /* Normalize sz for the length inside the outer sequence. */ + sz = len + idx; + + if (GetSequence(buff, &idx, &len, sz) < 0) + return ASN_PARSE_E; + dcrl->sigIndex = len + idx; + + if (ParseCRL_CertList(rcert, dcrl, buff, &idx, dcrl->sigIndex, verify) < 0) + return ASN_PARSE_E; + + if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) + return ASN_PARSE_E; + + idx = dcrl->sigIndex; + + if (GetAlgoId(buff, &idx, &dcrl->signatureOID, oidSigType, sz) < 0) { + return ASN_PARSE_E; + } +#ifdef WC_RSA_PSS + else if (dcrl->signatureOID == CTC_RSASSAPSS) { + word32 tmpSz; + const byte* params; + + tmpSz = idx; + params = buff + idx; + if (GetSequence(buff, &idx, &len, sz) < 0) { + return ASN_PARSE_E; + } + idx += len; + sigParams = params; + sigParamsSz = idx - tmpSz; + } +#endif + + if (GetCRL_Signature(buff, &idx, dcrl, sz) < 0) + return ASN_PARSE_E; + + /* openssl doesn't add skid by default for CRLs cause firefox chokes + if experiencing issues uncomment NO_SKID define in CRL section of + wolfssl/wolfcrypt/settings.h */ +#ifndef NO_SKID + if (dcrl->extAuthKeyIdSet) { + ca = GetCA(cm, dcrl->extAuthKeyId); /* more unique than issuerHash */ + } + if (ca != NULL && XMEMCMP(dcrl->issuerHash, ca->subjectNameHash, + KEYID_SIZE) != 0) { + ca = NULL; + } + if (ca == NULL) { + ca = GetCAByName(cm, dcrl->issuerHash); /* last resort */ + /* If AKID is available then this CA doesn't have the public + * key required */ + if (ca && dcrl->extAuthKeyIdSet) { + WOLFSSL_MSG("CA SKID doesn't match AKID"); + ca = NULL; + } + } +#else + ca = GetCA(cm, dcrl->issuerHash); +#endif /* !NO_SKID */ + WOLFSSL_MSG("About to verify CRL signature"); + + if (ca == NULL) { + WOLFSSL_MSG("Did NOT find CRL issuer CA"); + ret = ASN_CRL_NO_SIGNER_E; + WOLFSSL_ERROR_VERBOSE(ret); + goto end; + } + + WOLFSSL_MSG("Found CRL issuer CA"); + ret = VerifyCRL_Signature(&sigCtx, buff + dcrl->certBegin, + dcrl->sigIndex - dcrl->certBegin, dcrl->signature, dcrl->sigLength, + dcrl->signatureOID, sigParams, sigParamsSz, ca, dcrl->heap); + +end: + return ret; +} + +#endif +#ifdef WOLFSSL_CERT_PIV +int wc_ParseCertPIV(wc_CertPIV* piv, const byte* buf, word32 totalSz) +{ + int length = 0; + word32 idx = 0; + + WOLFSSL_ENTER("wc_ParseCertPIV"); + + if (piv == NULL || buf == NULL || totalSz == 0) + return BAD_FUNC_ARG; + + XMEMSET(piv, 0, sizeof(wc_CertPIV)); + + /* Detect Identiv PIV (with 0x0A, 0x0B and 0x0C sections) */ + /* Certificate (0A 82 05FA) */ + if (GetASNHeader(buf, ASN_PIV_CERT, &idx, &length, totalSz) >= 0) { + /* Identiv Type PIV card */ + piv->isIdentiv = 1; + + piv->cert = &buf[idx]; + piv->certSz = length; + idx += length; + + /* Nonce (0B 14) */ + if (GetASNHeader(buf, ASN_PIV_NONCE, &idx, &length, totalSz) >= 0) { + piv->nonce = &buf[idx]; + piv->nonceSz = length; + idx += length; + } + + /* Signed Nonce (0C 82 0100) */ + if (GetASNHeader(buf, ASN_PIV_SIGNED_NONCE, &idx, &length, totalSz) >= 0) { + piv->signedNonce = &buf[idx]; + piv->signedNonceSz = length; + } + + idx = 0; + buf = piv->cert; + totalSz = piv->certSz; + } + + /* Certificate Buffer Total Size (53 82 05F6) */ + if (GetASNHeader(buf, ASN_APPLICATION | ASN_PRINTABLE_STRING, &idx, + &length, totalSz) < 0) { + return ASN_PARSE_E; + } + /* PIV Certificate (70 82 05ED) */ + if (GetASNHeader(buf, ASN_PIV_TAG_CERT, &idx, &length, + totalSz) < 0) { + return ASN_PARSE_E; + } + + /* Capture certificate buffer pointer and length */ + piv->cert = &buf[idx]; + piv->certSz = length; + idx += length; + + /* PIV Certificate Info (71 01 00) */ + if (GetASNHeader(buf, ASN_PIV_TAG_CERT_INFO, &idx, &length, + totalSz) >= 0) { + if (length >= 1) { + piv->compression = (buf[idx] & ASN_PIV_CERT_INFO_COMPRESSED); + piv->isX509 = ((buf[idx] & ASN_PIV_CERT_INFO_ISX509) != 0); + } + idx += length; + } + + /* PIV Error Detection (FE 00) */ + if (GetASNHeader(buf, ASN_PIV_TAG_ERR_DET, &idx, &length, + totalSz) >= 0) { + piv->certErrDet = &buf[idx]; + piv->certErrDetSz = length; + idx += length; + } + + return 0; +} + +#endif + +#endif /* WOLFSSL_ASN_ORIG_INCLUDED */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/async.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/async.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/async.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/async.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1184 @@ +/* async.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WOLFSSL_ASYNC_CRYPT + +#include +#include + +#include + + +static WC_ASYNC_DEV* wolfAsync_GetDev(WOLF_EVENT* event) +{ + WC_ASYNC_DEV* dev = NULL; + + if (event && event->context) { + switch (event->type) { + /* context is WOLFSSL* */ + case WOLF_EVENT_TYPE_ASYNC_WOLFSSL: + { + WOLFSSL* ssl = (WOLFSSL*)event->context; + dev = ssl->asyncDev; + break; + } + + /* context is WC_ASYNC_DEV */ + case WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT: + { + dev = (WC_ASYNC_DEV*)event->context; + break; + } + + case WOLF_EVENT_TYPE_NONE: + default: + WOLFSSL_MSG("Unhandled event->type context!"); + dev = NULL; + break; + } + } + + return dev; +} + + +#if defined(WOLFSSL_ASYNC_CRYPT_SW) + +/* Allow way to have async SW code included, and disabled at run-time */ +static int wolfAsyncSwDisabled = 0; /* default off */ + + +static int wolfAsync_DoSw(WC_ASYNC_DEV* asyncDev) +{ + int ret = 0; + WC_ASYNC_SW* sw; + + if (asyncDev == NULL) { + return BAD_FUNC_ARG; + } + sw = &asyncDev->sw; + + switch (sw->type) { +#ifdef HAVE_ECC + case ASYNC_SW_ECC_MAKE: + { + ret = wc_ecc_make_key_ex( + (WC_RNG*)sw->eccMake.rng, + sw->eccMake.size, + (ecc_key*)sw->eccMake.key, + sw->eccMake.curve_id + ); + break; + } + #ifdef HAVE_ECC_SIGN + case ASYNC_SW_ECC_SIGN: + { + ret = wc_ecc_sign_hash_ex( + sw->eccSign.in, + sw->eccSign.inSz, + (WC_RNG*)sw->eccSign.rng, + (ecc_key*)sw->eccSign.key, + (mp_int*)sw->eccSign.r, + (mp_int*)sw->eccSign.s + ); + break; + } + #endif /* HAVE_ECC_SIGN */ + #ifdef HAVE_ECC_VERIFY + case ASYNC_SW_ECC_VERIFY: + { + ret = wc_ecc_verify_hash_ex( + (mp_int*)sw->eccVerify.r, + (mp_int*)sw->eccVerify.s, + sw->eccVerify.hash, + sw->eccVerify.hashlen, + sw->eccVerify.stat, + (ecc_key*)sw->eccVerify.key + ); + break; + } + #endif /* HAVE_ECC_VERIFY */ + #ifdef HAVE_ECC_DHE + case ASYNC_SW_ECC_SHARED_SEC: + { + ret = wc_ecc_shared_secret_gen_sync( + (ecc_key*)sw->eccSharedSec.private_key, + (ecc_point*)sw->eccSharedSec.public_point, + sw->eccSharedSec.out, + sw->eccSharedSec.outLen + ); + break; + } + #endif /* HAVE_ECC_DHE */ +#endif /* HAVE_ECC */ +#ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + case ASYNC_SW_RSA_MAKE: + { + ret = wc_MakeRsaKey( + (RsaKey*)sw->rsaMake.key, + sw->rsaMake.size, + sw->rsaMake.e, + (WC_RNG*)sw->rsaMake.rng + ); + break; + } + #endif /* WOLFSSL_KEY_GEN */ + case ASYNC_SW_RSA_FUNC: + { + ret = wc_RsaFunction( + sw->rsaFunc.in, + sw->rsaFunc.inSz, + sw->rsaFunc.out, + sw->rsaFunc.outSz, + sw->rsaFunc.type, + (RsaKey*)sw->rsaFunc.key, + (WC_RNG*)sw->rsaFunc.rng + ); + break; + } +#endif /* !NO_RSA */ +#ifndef NO_DH + case ASYNC_SW_DH_AGREE: + { + ret = wc_DhAgree( + (DhKey*)sw->dhAgree.key, + sw->dhAgree.agree, + sw->dhAgree.agreeSz, + sw->dhAgree.priv, + sw->dhAgree.privSz, + sw->dhAgree.otherPub, + sw->dhAgree.pubSz + ); + break; + } + case ASYNC_SW_DH_GEN: + { + ret = wc_DhGenerateKeyPair( + (DhKey*)sw->dhGen.key, + (WC_RNG*)sw->dhGen.rng, + sw->dhGen.priv, + sw->dhGen.privSz, + sw->dhGen.pub, + sw->dhGen.pubSz + ); + break; + } +#endif /* !NO_DH */ +#ifndef NO_AES + case ASYNC_SW_AES_CBC_ENCRYPT: + { + ret = wc_AesCbcEncrypt( + (Aes*)sw->aes.aes, + sw->aes.out, + sw->aes.in, + sw->aes.sz + ); + break; + } + #ifdef HAVE_AES_DECRYPT + case ASYNC_SW_AES_CBC_DECRYPT: + { + ret = wc_AesCbcDecrypt( + (Aes*)sw->aes.aes, + sw->aes.out, + sw->aes.in, + sw->aes.sz + ); + break; + } + #endif /* HAVE_AES_DECRYPT */ + + #ifdef HAVE_AESGCM + case ASYNC_SW_AES_GCM_ENCRYPT: + { + ret = wc_AesGcmEncrypt( + (Aes*)sw->aes.aes, + sw->aes.out, + sw->aes.in, + sw->aes.sz, + sw->aes.iv, + sw->aes.ivSz, + sw->aes.authTag, + sw->aes.authTagSz, + sw->aes.authIn, + sw->aes.authInSz + ); + break; + } + #ifdef HAVE_AES_DECRYPT + case ASYNC_SW_AES_GCM_DECRYPT: + { + ret = wc_AesGcmDecrypt( + (Aes*)sw->aes.aes, + sw->aes.out, + sw->aes.in, + sw->aes.sz, + sw->aes.iv, + sw->aes.ivSz, + sw->aes.authTag, + sw->aes.authTagSz, + sw->aes.authIn, + sw->aes.authInSz + ); + break; + } + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AESGCM */ +#endif /* !NO_AES */ +#ifndef NO_DES3 + case ASYNC_SW_DES3_CBC_ENCRYPT: + { + ret = wc_Des3_CbcEncrypt( + (Des3*)sw->des.des, + sw->des.out, + sw->des.in, + sw->des.sz + ); + break; + } + case ASYNC_SW_DES3_CBC_DECRYPT: + { + ret = wc_Des3_CbcDecrypt( + (Des3*)sw->des.des, + sw->des.out, + sw->des.in, + sw->des.sz + ); + break; + } +#endif /* !NO_DES3 */ +#ifdef HAVE_CURVE25519 + case ASYNC_SW_X25519_MAKE: + { + ret = wc_curve25519_make_key( + (WC_RNG*)sw->x25519Make.rng, + sw->x25519Make.size, + (curve25519_key*)sw->x25519Make.key + ); + break; + } + case ASYNC_SW_X25519_SHARED_SEC: + { + ret = wc_curve25519_shared_secret_ex( + (curve25519_key*)sw->x25519SharedSec.priv, + (curve25519_key*)sw->x25519SharedSec.pub, + sw->x25519SharedSec.out, + sw->x25519SharedSec.outLen, + sw->x25519SharedSec.endian + ); + break; + } +#endif /* HAVE_CURVE25519 */ + default: + WOLFSSL_MSG("Invalid async crypt SW type!"); + ret = BAD_FUNC_ARG; + break; + }; + + /* Reset test type */ + if (ret == FP_WOULDBLOCK) { + ret = WC_PENDING_E; + } + else if (ret == 0) { + sw->type = ASYNC_SW_NONE; + } + + return ret; +} + +int wc_AsyncSwInit(WC_ASYNC_DEV* dev, int type) +{ + if (dev) { + WC_ASYNC_SW* sw = &dev->sw; + if (sw->type == ASYNC_SW_NONE) { + sw->type = type; + return 1; + } + } + return 0; +} + +#endif /* WOLFSSL_ASYNC_CRYPT_SW */ + +int wolfAsync_DevOpenThread(int *pDevId, void* threadId) +{ + int ret = 0; + int devId = INVALID_DEVID; + +#ifdef HAVE_CAVIUM + ret = NitroxOpenDeviceDefault(); + if (ret >= 0) + devId = ret; + else + ret = ASYNC_INIT_E; +#elif defined(HAVE_INTEL_QA) + ret = IntelQaInit(threadId); + if (ret >= 0) + devId = ret; + else + ret = ASYNC_INIT_E; +#elif defined(WOLFSSL_ASYNC_CRYPT_SW) + if (!wolfAsyncSwDisabled) { + /* For SW use any value 0 or greater */ + devId = 0; + } +#endif + + (void)threadId; + + /* return devId if requested */ + if (*pDevId) + *pDevId = devId; + + return ret; +} + +int wolfAsync_HardwareStart(void) +{ + int ret = 0; + + #ifdef HAVE_CAVIUM + /* nothing to do */ + #elif defined(HAVE_INTEL_QA) + ret = IntelQaHardwareStart(QAT_PROCESS_NAME, QAT_LIMIT_DEV_ACCESS); + #endif + + return ret; +} + +void wolfAsync_HardwareStop(void) +{ + #ifdef HAVE_CAVIUM + /* nothing to do */ + #elif defined(HAVE_INTEL_QA) + IntelQaHardwareStop(); + #endif +} + +int wolfAsync_DevOpen(int *devId) +{ + return wolfAsync_DevOpenThread(devId, NULL); +} + +void wolfAsync_DevClose(int *devId) +{ + if (devId && *devId != INVALID_DEVID) { + #ifdef HAVE_CAVIUM + NitroxCloseDevice(*devId); + #elif defined(HAVE_INTEL_QA) + IntelQaDeInit(*devId); + #endif + *devId = INVALID_DEVID; + } +} + +int wolfAsync_DevCtxInit(WC_ASYNC_DEV* asyncDev, word32 marker, void* heap, + int devId) +{ + int ret = 0; + + if (asyncDev == NULL) { + return BAD_FUNC_ARG; + } + + /* always clear async device context */ + XMEMSET(asyncDev, 0, sizeof(WC_ASYNC_DEV)); + + /* negative device Id's are invalid */ + if (devId >= 0) { + asyncDev->marker = marker; + asyncDev->heap = heap; + + #ifdef HAVE_CAVIUM + ret = NitroxAllocContext(asyncDev, devId, CONTEXT_SSL); + #elif defined(HAVE_INTEL_QA) + ret = IntelQaOpen(asyncDev, devId); + #endif + } + + return ret; +} + +void wolfAsync_DevCtxFree(WC_ASYNC_DEV* asyncDev, word32 marker) +{ + if (asyncDev && asyncDev->marker == marker) { + #ifdef HAVE_CAVIUM + NitroxFreeContext(asyncDev); + #elif defined(HAVE_INTEL_QA) + IntelQaClose(asyncDev); + #endif + asyncDev->marker = WOLFSSL_ASYNC_MARKER_INVALID; + } +} + +int wolfAsync_DevCopy(WC_ASYNC_DEV* src, WC_ASYNC_DEV* dst) +{ + int ret = 0; + + if (src == NULL || dst == NULL) + return BAD_FUNC_ARG; + + /* make sure we aren't copying to self */ + if (src == dst) + return ret; + +#ifdef HAVE_CAVIUM + /* nothing to do here */ +#elif defined(HAVE_INTEL_QA) + ret = IntelQaDevCopy(src, dst); +#endif + + return ret; +} + +/* called from `wolfSSL_AsyncPop` to check if event is done and deliver + * async return code */ +int wolfAsync_EventPop(WOLF_EVENT* event, enum WOLF_EVENT_TYPE event_type) +{ + int ret; + + if (event == NULL) { + return BAD_FUNC_ARG; + } + + if (event->type == event_type) { + /* Trap the scenario where event is not done */ + if (event->state == WOLF_EVENT_STATE_PENDING) { + return WC_PENDING_E; + } + + /* Get async return code */ + ret = event->ret; + + /* Reset state */ + event->state = WOLF_EVENT_STATE_READY; + } + else { + ret = WC_NO_PENDING_E; + } + + return ret; +} + +int wolfAsync_EventQueuePush(WOLF_EVENT_QUEUE* queue, WOLF_EVENT* event) +{ + if (queue == NULL) { + return BAD_FUNC_ARG; + } + + /* Setup event and push to event queue */ + event->dev.async = wolfAsync_GetDev(event); + return wolfEventQueue_Push(queue, event); +} + +#ifdef HAVE_CAVIUM +static int wolfAsync_NitroxCheckReq(WC_ASYNC_DEV* asyncDev, WOLF_EVENT* event) +{ + int ret; + + /* populate event requestId */ + event->reqId = asyncDev->nitrox.reqId; + if (event->reqId == 0) + return WC_INIT_E; + + /* poll specific request */ + ret = NitroxCheckRequest(asyncDev, event); + +#ifdef WOLFSSL_NITROX_DEBUG + if (event->ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + event->pendCount++; + else + printf("NitroxCheckRequest: ret %x, req %lx, count %u\n", + ret, + event->reqId, + event->pendCount); +#else + (void)ret; +#endif + + /* if not pending then clear requestId */ + if (event->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { + event->reqId = 0; + } + + return 0; +} +#endif /* HAVE_CAVIUM */ + +int wolfAsync_EventPoll(WOLF_EVENT* event, WOLF_EVENT_FLAG flags) +{ + int ret = 0; + WC_ASYNC_DEV* asyncDev; + + (void)flags; + + if (event == NULL) { + return BAD_FUNC_ARG; + } + asyncDev = event->dev.async; + if (asyncDev == NULL) { + return WC_INIT_E; + } + + if (flags & WOLF_POLL_FLAG_CHECK_HW) { + #if defined(HAVE_CAVIUM) + ret = wolfAsync_NitroxCheckReq(asyncDev, event); + #elif defined(HAVE_INTEL_QA) + /* poll QAT hardware, callback returns data, IntelQaPoll sets event */ + ret = IntelQaPoll(asyncDev); + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + event->ret = wolfAsync_DoSw(asyncDev); + #endif + + /* If not pending then mark as done */ + if (event->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { + event->state = WOLF_EVENT_STATE_DONE; + } + } + + return ret; +} + + +#ifdef HAVE_CAVIUM +static int wolfAsync_NitroxCheckMultiReqBuf(WC_ASYNC_DEV* asyncDev, + WOLF_EVENT_QUEUE* queue, void* context_filter, + CspMultiRequestStatusBuffer* multi_req, int req_count) +{ + WOLF_EVENT* event; + int ret = 0, i; + + if (asyncDev == NULL || queue == NULL || multi_req == NULL) { + return BAD_FUNC_ARG; + } + + /* Perform multi hardware poll */ + ret = NitroxCheckRequests(asyncDev, multi_req); + if (ret != 0) { + return ret; + } + + /* Iterate event queue */ + for (event = queue->head; event != NULL; event = event->next) { + if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && + event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) + { + /* optional filter based on context */ + if (context_filter == NULL || event->context == context_filter) { + /* find request */ + for (i = 0; i < req_count; i++) { + if (event->reqId == multi_req->req[i].request_id) { + + event->ret = NitroxTranslateResponseCode( + multi_req->req[i].status); + + #ifdef WOLFSSL_NITROX_DEBUG + if (event->ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + event->pendCount++; + else + printf("NitroxCheckRequests: " + "ret %x, req %lx, count %u\n", + multi_req->req[i].status, + multi_req->req[i].request_id, + event->pendCount); + #endif + + /* If not pending then mark as done */ + if (event->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { + event->state = WOLF_EVENT_STATE_DONE; + event->reqId = 0; + } + break; + } + } + } + } + } + + /* reset multi request buffer */ + XMEMSET(multi_req, 0, sizeof(CspMultiRequestStatusBuffer)); + multi_req->count = CAVIUM_MAX_POLL; + + return ret; +} +#endif /* HAVE_CAVIUM */ + +int wolfAsync_EventQueuePoll(WOLF_EVENT_QUEUE* queue, void* context_filter, + WOLF_EVENT** events, int maxEvents, WOLF_EVENT_FLAG flags, int* eventCount) +{ + WOLF_EVENT* event; + int ret = 0, count = 0; + WC_ASYNC_DEV* asyncDev = NULL; +#if defined(HAVE_CAVIUM) + CspMultiRequestStatusBuffer multi_req; + int req_count = 0; + + /* reset multi request buffer */ + XMEMSET(&multi_req, 0, sizeof(CspMultiRequestStatusBuffer)); + multi_req.count = CAVIUM_MAX_POLL; +#endif + + /* possible un-used variable */ + (void)asyncDev; + + if (queue == NULL) { + return BAD_FUNC_ARG; + } + +#ifndef SINGLE_THREADED + /* In single threaded mode "event_queue.lock" doesn't exist */ + if ((ret = wc_LockMutex(&queue->lock)) != 0) { + return ret; + } +#endif + + if (flags & WOLF_POLL_FLAG_CHECK_HW) { + /* check event queue */ + for (event = queue->head; event != NULL; event = event->next) { + if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && + event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) + { + /* optional filter based on context */ + if (context_filter == NULL || + event->context == context_filter) { + asyncDev = event->dev.async; + + if (asyncDev == NULL) { + ret = WC_INIT_E; + break; + } + + count++; + + #if defined(HAVE_CAVIUM) + /* populate event requestId */ + event->reqId = asyncDev->nitrox.reqId; + + /* add entry to multi-request buffer for polling */ + if (event->reqId > 0) { + multi_req.req[req_count++].request_id = event->reqId; + } + /* submit filled multi-request query */ + if (req_count == CAVIUM_MAX_POLL) { + ret = wolfAsync_NitroxCheckMultiReqBuf(asyncDev, + queue, context_filter, &multi_req, req_count); + if (ret != 0) { + break; + } + } + #else + #if defined(HAVE_INTEL_QA) + /* poll QAT hardware, callback returns data, + * IntelQaPoll sets event */ + ret = IntelQaPoll(asyncDev); + if (ret != 0) { + break; + } + + #elif defined(WOLFSSL_ASYNC_CRYPT_SW) + #ifdef WOLF_ASYNC_SW_SKIP_MOD + /* Simulate random hardware not done */ + if (count % WOLF_ASYNC_SW_SKIP_MOD) + #endif + { + event->ret = wolfAsync_DoSw(asyncDev); + } + #elif defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS) + /* Crypto/PK callbacks manage their own retry state. + * Leave event->ret as WC_PENDING_E so that + * wolfSSL_AsyncPop can detect the pending state and + * remove the event, allowing the operation to be + * retried with a fresh callback invocation. */ + + #else + #warning No async crypt device defined! + #endif + + /* If not pending then mark as done */ + if (event->ret != WC_NO_ERR_TRACE(WC_PENDING_E)) { + event->state = WOLF_EVENT_STATE_DONE; + } + #endif + } + } + } /* for */ + + #if defined(HAVE_CAVIUM) + /* submit partial multi-request query (if no prev errors) */ + if (ret == 0 && req_count > 0) { + ret = wolfAsync_NitroxCheckMultiReqBuf(asyncDev, + queue, context_filter, &multi_req, req_count); + } + #endif + } /* flag WOLF_POLL_FLAG_CHECK_HW */ + + /* process event queue */ + count = 0; + for (event = queue->head; event != NULL; event = event->next) { + if (event->type >= WOLF_EVENT_TYPE_ASYNC_FIRST && + event->type <= WOLF_EVENT_TYPE_ASYNC_LAST) + { + /* optional filter based on context */ + if (context_filter == NULL || event->context == context_filter) { + /* If event is done then process */ + if (event->state == WOLF_EVENT_STATE_DONE) { + /* remove from queue */ + ret = wolfEventQueue_Remove(queue, event); + if (ret < 0) break; /* exit for */ + + /* return pointer in 'events' arg */ + if (events) { + events[count] = event; /* return pointer */ + } + count++; + + /* check to make sure our event list isn't full */ + if (events && count >= maxEvents) { + break; /* exit for */ + } + } + } + } + } + +#ifndef SINGLE_THREADED + wc_UnLockMutex(&queue->lock); +#endif + + /* Return number of properly populated events */ + if (eventCount) { + *eventCount = count; + } + + return ret; +} + +int wolfAsync_EventInit(WOLF_EVENT* event, WOLF_EVENT_TYPE type, void* context, + word32 flags) +{ + int ret = 0; + WC_ASYNC_DEV* asyncDev; + + if (event == NULL) { + return BAD_FUNC_ARG; + } + + event->type = type; + event->context = context; +#ifndef WC_NO_ASYNC_THREADING + event->threadId = wc_AsyncThreadId(); +#endif + event->ret = WC_PENDING_E; + event->state = WOLF_EVENT_STATE_PENDING; + + asyncDev = wolfAsync_GetDev(event); + event->dev.async = asyncDev; + event->flags = flags; +#ifdef HAVE_CAVIUM + event->reqId = 0; +#endif + + return ret; +} + +int wolfAsync_EventWait(WOLF_EVENT* event) +{ + int ret = 0; + + if (event == NULL) { + return BAD_FUNC_ARG; + } + + /* wait for completion */ + while (ret == 0 && event->ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfAsync_EventPoll(event, WOLF_POLL_FLAG_CHECK_HW); + } + + return ret; +} + +int wc_AsyncHandle(WC_ASYNC_DEV* asyncDev, WOLF_EVENT_QUEUE* queue, + word32 event_flags) +{ + int ret; + WOLF_EVENT* event; + + if (asyncDev == NULL || queue == NULL) { + return BAD_FUNC_ARG; + } + + /* setup the event and push to queue */ + event = &asyncDev->event; + ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, + asyncDev, event_flags); + if (ret == 0) { + ret = wolfEventQueue_Push(queue, event); + } + + /* check for error (helps with debugging) */ + if (ret != 0) { + WOLFSSL_MSG("wc_AsyncHandle failed"); + } + + return ret; +} + +int wc_AsyncWait(int ret, WC_ASYNC_DEV* asyncDev, word32 event_flags) +{ + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + WOLF_EVENT* event; + + if (asyncDev == NULL) + return BAD_FUNC_ARG; + + event = &asyncDev->event; + ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFCRYPT, + asyncDev, event_flags); + if (ret == 0) { + ret = wolfAsync_EventWait(event); + if (ret == 0) { + ret = event->ret; + + /* clear event */ + event->state = WOLF_EVENT_STATE_READY; + } + } + } + return ret; +} + +#ifndef WC_NO_ASYNC_SLEEP +int wc_AsyncSleep(word32 ms) +{ + int ret = 0; + struct timespec resTime, remTime; + resTime.tv_sec = ms/1000; + resTime.tv_nsec = (ms%1000)*1000000; + do { + ret = nanosleep(&resTime, &remTime); + resTime = remTime; + } while ((ret!=0) && (errno == EINTR)); + + if (ret != 0) { + fprintf(stderr, "nanoSleep failed with code %d\n", ret); + return BAD_FUNC_ARG; + } + + return ret; +} +#endif + +/* Pthread Helpers */ +#ifndef WC_NO_ASYNC_THREADING + +int wc_AsyncGetNumberOfCpus(void) +{ + int numCpus; + + numCpus = (int)sysconf(_SC_NPROCESSORS_ONLN); + + return numCpus; +} + +int wc_AsyncThreadCreate_ex(pthread_t *thread, + word32 priority, int policy, + AsyncThreadFunc_t function, void* params) +{ + int status = 1; + pthread_attr_t attr; + struct sched_param param; + + status = pthread_attr_init(&attr); + if (status !=0) { + fprintf(stderr, "pthread_attr_init error: %d\n", status); + return ASYNC_OP_E; + } + + /* Setting scheduling parameter will fail for non root user, + * as the default value of inheritsched is PTHREAD_EXPLICIT_SCHED in + * POSIX. It is not required to set it explicitly before setting the + * scheduling policy */ + + /* Set scheduling policy based on values provided */ + if ((policy != SCHED_RR) && + (policy != SCHED_FIFO) && + (policy != SCHED_OTHER)) + { + policy = SCHED_OTHER; + } + + status = pthread_attr_setinheritsched(&attr, PTHREAD_EXPLICIT_SCHED); + if (status != 0) { + goto exit_fail; + } + + status = pthread_attr_setschedpolicy(&attr, policy); + if (status != 0) { + goto exit_fail; + } + + /* Set priority based on value in threadAttr */ + memset(¶m, 0, sizeof(param)); + param.sched_priority = priority; + if (policy != SCHED_OTHER) { + status = pthread_attr_setschedparam(&attr, ¶m); + if (status != 0) { + goto exit_fail; + } + } + + status = pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_JOINABLE); + if (status != 0) { + goto exit_fail; + } + + status = pthread_attr_setscope(&attr, PTHREAD_SCOPE_SYSTEM); + if (status != 0) { + goto exit_fail; + } + + status = pthread_create(thread, &attr, function, params); + if (status != 0) { + goto exit_fail; + } + + /*destroy the thread attributes as they are no longer required, this does + * not affect the created thread*/ + status = pthread_attr_destroy(&attr); + if (status != 0) { + fprintf(stderr, "AsyncThreadCreate error: %d\n", status); + return ASYNC_OP_E; + } else { + return 0; + } + +exit_fail: + + fprintf(stderr, "AsyncThreadCreate error: %d\n", status); + status = pthread_attr_destroy(&attr); + if (status != 0) + fprintf(stderr, "AsyncThreadCreate cleanup error: %d\n", status); + return ASYNC_OP_E; +} + +int wc_AsyncThreadCreate(pthread_t *thread, + AsyncThreadFunc_t function, void* params) +{ + return wc_AsyncThreadCreate_ex(thread, THREAD_DEFAULT_PRIORITY, + THREAD_DEFAULT_POLICY, function, params); +} + +#ifdef __MACH__ + #include + #include + + /* native MACH API wrappers */ + #define SYSCTL_CORE_COUNT "machdep.cpu.core_count" + + typedef struct cpu_set { + uint32_t count; + } cpu_set_t; + + static WC_INLINE void CPU_ZERO(cpu_set_t *cs) { + cs->count = 0; + } + static WC_INLINE void CPU_SET(int num, cpu_set_t *cs) { + cs->count |= (1 << num); + } + static WC_INLINE int CPU_ISSET(int num, cpu_set_t *cs) { + return (cs->count & (1 << num)); + } + + static int pthread_setaffinity_np(pthread_t thread, size_t cpu_size, + cpu_set_t *cpu_set) + { + thread_port_t mach_thread; + thread_affinity_policy_data_t policy; + int core = 0; + + for (core = 0; core < 8 * (int)cpu_size; core++) { + if (CPU_ISSET(core, cpu_set)) + break; + } + + policy.affinity_tag = core; + mach_thread = pthread_mach_thread_np(thread); + thread_policy_set(mach_thread, THREAD_AFFINITY_POLICY, + (thread_policy_t)&policy, 1); + + return 0; + } +#endif /* __MACH__ */ + +int wc_AsyncThreadBind(pthread_t *thread, word32 logicalCore) +{ + int status = 0; + cpu_set_t cpuset; + + if (!thread) return BAD_FUNC_ARG; + + CPU_ZERO(&cpuset); + CPU_SET(logicalCore, &cpuset); + + status = pthread_setaffinity_np(*thread, sizeof(cpu_set_t), &cpuset); + if (status != 0) { + fprintf(stderr, "pthread_setaffinity_np error: %d\n", status); + } + + return status; +} + +int wc_AsyncThreadStart(pthread_t *thread) +{ + (void)thread; + return 0; +} + +__attribute__((noreturn)) +void wc_AsyncThreadExit(void *retval) +{ + pthread_exit(retval); +} + +int wc_AsyncThreadKill(pthread_t *thread) +{ + int status; + + if (!thread) return BAD_FUNC_ARG; + + status = pthread_cancel(*thread); + if (status != 0) { + fprintf(stderr, "pthread_cancel fail with status %d\n", status); + } + + return status; +} + + +int wc_AsyncThreadPrioritySet(pthread_t *thread, word32 priority) +{ + int status; + struct sched_param param; + int policy; + word32 minPrio; + word32 maxPrio; + + if (!thread) return BAD_FUNC_ARG; + + status = pthread_getschedparam(*thread, &policy, ¶m); + if (status != 0) { + fprintf(stderr, "pthread_getschedparam, failed with status %d\n", + status); + return status; + } + + minPrio = sched_get_priority_min(policy); + maxPrio = sched_get_priority_max(policy); + + if ((priority < minPrio) || (priority > maxPrio)) { + fprintf(stderr, "priority %u outside valid range\n", priority); + return BAD_FUNC_ARG; + } + + param.sched_priority = priority; + + status = pthread_setschedparam(*thread, policy, ¶m); + if (status != 0) { + fprintf(stderr, "pthread_setschedparam, failed with status %d\n", + status); + return status; + } + + return status; +} + +int wc_AsyncThreadSetPolicyAndPriority(pthread_t *thread, word32 policy, + word32 priority) +{ + int status; + struct sched_param param; + word32 minPrio, maxPrio; + int policy1; + + if (!thread) return BAD_FUNC_ARG; + + /* check for a valid value for 'policy' */ + if ((policy != SCHED_RR) && + (policy != SCHED_FIFO) && + (policy != SCHED_OTHER)) + { + fprintf(stderr, "wc_AsyncThreadSetPolicyAndPriority: " + "invalid policy %u\n", policy); + return BAD_FUNC_ARG; + } + + memset(¶m, 0, sizeof(param)); + + status = pthread_getschedparam(*thread, &policy1, ¶m); + if (status != 0) { + fprintf(stderr, "pthread_getschedparam error: %d\n", status); + return status; + } + + minPrio = sched_get_priority_min(policy); + maxPrio = sched_get_priority_max(policy); + + if ((priority < minPrio) || (priority > maxPrio)) { + return BAD_FUNC_ARG; + } + + param.sched_priority = priority; + + status = pthread_setschedparam(*thread, policy, ¶m); + if (status != 0) { + fprintf(stderr, "pthread_setschedparam error: %d\n", status); + return status; + } + + return 0; +} + +int wc_AsyncThreadJoin(pthread_t *thread) +{ + int status; + status = pthread_join(*thread, NULL); + if (status != 0) { + fprintf(stderr, "pthread_join failed, status: %d\n", status); + } + return status; +} + +void wc_AsyncThreadYield(void) +{ + sched_yield(); +} + +pthread_t wc_AsyncThreadId(void) +{ + return pthread_self(); +} + +#endif /* WC_NO_ASYNC_THREADING */ + +#endif /* WOLFSSL_ASYNC_CRYPT */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/blake2b.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2b.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/blake2b.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2b.c 2026-05-24 09:58:33.000000000 +0000 @@ -12,7 +12,7 @@ */ /* blake2b.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,10 +33,16 @@ #include -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif static const word64 blake2b_IV[8] = { @@ -100,9 +106,9 @@ int blake2b_init_param( blake2b_state *S, const blake2b_param *P ) { word32 i; - byte *p ; + const byte *p ; blake2b_init0( S ); - p = ( byte * )( P ); + p = ( const byte * )( P ); /* IV XOR ParamBlock */ for( i = 0; i < 8; ++i ) @@ -114,71 +120,37 @@ int blake2b_init( blake2b_state *S, const byte outlen ) { -#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD - blake2b_param P[1]; -#else - volatile blake2b_param P[1]; -#endif + volatile blake2b_param P; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG; -#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD - P->digest_length = outlen; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; - store32( &P->leaf_length, 0 ); - store64( &P->node_offset, 0 ); - P->node_depth = 0; - P->inner_length = 0; - XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); - XMEMSET( P->salt, 0, sizeof( P->salt ) ); - XMEMSET( P->personal, 0, sizeof( P->personal ) ); -#else - XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) ); - P->digest_length = outlen; - P->fanout = 1; - P->depth = 1; -#endif - return blake2b_init_param( S, (blake2b_param *)P ); -} + XMEMSET((void *)(wc_ptr_t)&P, 0, sizeof(P)); + WC_BARRIER(); + P.digest_length = outlen; + P.fanout = 1; + P.depth = 1; + return blake2b_init_param(S, (const blake2b_param *)(wc_ptr_t)&P); +} int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen ) { int ret = 0; -#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD - blake2b_param P[1]; -#else - volatile blake2b_param P[1]; -#endif + volatile blake2b_param P; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG; if ( !key || !keylen || keylen > BLAKE2B_KEYBYTES ) return BAD_FUNC_ARG; -#ifdef WOLFSSL_BLAKE2B_INIT_EACH_FIELD - P->digest_length = outlen; - P->key_length = keylen; - P->fanout = 1; - P->depth = 1; - store32( &P->leaf_length, 0 ); - store64( &P->node_offset, 0 ); - P->node_depth = 0; - P->inner_length = 0; - XMEMSET( P->reserved, 0, sizeof( P->reserved ) ); - XMEMSET( P->salt, 0, sizeof( P->salt ) ); - XMEMSET( P->personal, 0, sizeof( P->personal ) ); -#else - XMEMSET( (blake2b_param *)P, 0, sizeof( *P ) ); - P->digest_length = outlen; - P->key_length = keylen; - P->fanout = 1; - P->depth = 1; -#endif + XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) ); + WC_BARRIER(); + P.digest_length = outlen; + P.key_length = keylen; + P.fanout = 1; + P.depth = 1; - ret = blake2b_init_param( S, (blake2b_param *)P ); + ret = blake2b_init_param(S, (const blake2b_param *)(wc_ptr_t)&P); if ( ret < 0 ) return ret; { @@ -403,7 +375,7 @@ } { - int ret = blake2b_update( S, ( byte * )in, inlen ); + int ret = blake2b_update( S, ( const byte * )in, inlen ); if (ret < 0) return ret; } @@ -454,6 +426,9 @@ if (b2b == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } b2b->digestSz = digestSz; return blake2b_init(b2b->S, (byte)digestSz); @@ -465,6 +440,9 @@ if (b2b == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } b2b->digestSz = digestSz; if (keylen >= 256) @@ -506,12 +484,123 @@ } sz = requestSz ? requestSz : b2b->digestSz; + if (sz == 0 || sz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } return blake2b_final(b2b->S, final, (byte)sz); } -/* end CTaoCrypt API */ +int wc_Blake2bHmacInit(Blake2b* b2b, const byte* key, size_t key_len) +{ + byte x_key[BLAKE2B_BLOCKBYTES]; + int i; + int ret = 0; + + if (key == NULL) + return BAD_FUNC_ARG; + + if (key_len > BLAKE2B_BLOCKBYTES) { + ret = wc_InitBlake2b(b2b, BLAKE2B_OUTBYTES); + if (ret == 0) + ret = wc_Blake2bUpdate(b2b, key, (word32)key_len); + if (ret == 0) + ret = wc_Blake2bFinal(b2b, x_key, 0); + } else { + XMEMCPY(x_key, key, key_len); + if (key_len < BLAKE2B_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + } + } + + if (ret == 0) { + for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i) + x_key[i] ^= 0x36U; + } + + if (ret == 0) + ret = wc_InitBlake2b(b2b, BLAKE2B_OUTBYTES); + if (ret == 0) + ret = wc_Blake2bUpdate(b2b, x_key, BLAKE2B_BLOCKBYTES); + + ForceZero(x_key, sizeof(x_key)); + + return ret; +} + +int wc_Blake2bHmacUpdate(Blake2b* b2b, const byte* in, size_t in_len) +{ + if (in == NULL) + return BAD_FUNC_ARG; + + return wc_Blake2bUpdate(b2b, in, (word32)in_len); +} + +int wc_Blake2bHmacFinal(Blake2b* b2b, const byte* key, size_t key_len, + byte* out, size_t out_len) +{ + byte x_key[BLAKE2B_BLOCKBYTES]; + int i; + int ret = 0; + + if (key == NULL) + return BAD_FUNC_ARG; + + if (out_len != BLAKE2B_OUTBYTES) + return BUFFER_E; + + if (key_len > BLAKE2B_BLOCKBYTES) { + ret = wc_InitBlake2b(b2b, BLAKE2B_OUTBYTES); + if (ret == 0) + ret = wc_Blake2bUpdate(b2b, key, (word32)key_len); + if (ret == 0) + ret = wc_Blake2bFinal(b2b, x_key, 0); + } else { + XMEMCPY(x_key, key, key_len); + if (key_len < BLAKE2B_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2B_BLOCKBYTES - key_len); + } + } + + if (ret == 0) { + for (i = 0; i < BLAKE2B_BLOCKBYTES; ++i) + x_key[i] ^= 0x5CU; + } + + if (ret == 0) + ret = wc_Blake2bFinal(b2b, out, 0); + + if (ret == 0) + ret = wc_InitBlake2b(b2b, BLAKE2B_OUTBYTES); + if (ret == 0) + ret = wc_Blake2bUpdate(b2b, x_key, BLAKE2B_BLOCKBYTES); + if (ret == 0) + ret = wc_Blake2bUpdate(b2b, out, BLAKE2B_OUTBYTES); + if (ret == 0) + ret = wc_Blake2bFinal(b2b, out, 0); + + ForceZero(x_key, sizeof(x_key)); + + return ret; +} + +int wc_Blake2bHmac(const byte* in, size_t in_len, + const byte* key, size_t key_len, + byte* out, size_t out_len) +{ + Blake2b state; + int ret; + + ret = wc_Blake2bHmacInit(&state, key, key_len); + if (ret == 0) + ret = wc_Blake2bHmacUpdate(&state, in, in_len); + if (ret == 0) + ret = wc_Blake2bHmacFinal(&state, key, key_len, out, out_len); + + return ret; +} -#endif /* HAVE_BLAKE2 */ +/* end wolfCrypt API */ +#endif /* HAVE_BLAKE2B */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/blake2s.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2s.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/blake2s.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/blake2s.c 2026-05-24 09:58:33.000000000 +0000 @@ -12,7 +12,7 @@ */ /* blake2s.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,6 +37,12 @@ #include #include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif static const word32 blake2s_IV[8] = { @@ -96,9 +102,9 @@ int blake2s_init_param( blake2s_state *S, const blake2s_param *P ) { word32 i; - byte *p ; + const byte *p ; blake2s_init0( S ); - p = ( byte * )( P ); + p = ( const byte * )( P ); /* IV XOR ParamBlock */ for( i = 0; i < 8; ++i ) @@ -111,32 +117,17 @@ int blake2s_init( blake2s_state *S, const byte outlen ) { -#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD - blake2s_param P[1]; -#else - volatile blake2s_param P[1]; -#endif + volatile blake2s_param P; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return BAD_FUNC_ARG; -#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD - P->digest_length = outlen; - P->key_length = 0; - P->fanout = 1; - P->depth = 1; - store32( &P->leaf_length, 0 ); - store32( &P->node_offset, 0 ); - P->node_depth = 0; - P->inner_length = 0; - XMEMSET( P->salt, 0, sizeof( P->salt ) ); - XMEMSET( P->personal, 0, sizeof( P->personal ) ); -#else - XMEMSET( (blake2s_param *)P, 0, sizeof( *P ) ); - P->digest_length = outlen; - P->fanout = 1; - P->depth = 1; -#endif - return blake2s_init_param( S, (blake2s_param *)P ); + XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) ); + WC_BARRIER(); + P.digest_length = outlen; + P.fanout = 1; + P.depth = 1; + + return blake2s_init_param( S, (const blake2s_param *)(wc_ptr_t)&P ); } @@ -144,36 +135,20 @@ const byte keylen ) { int ret = 0; -#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD - blake2s_param P[1]; -#else - volatile blake2s_param P[1]; -#endif + volatile blake2s_param P; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return BAD_FUNC_ARG; if ( !key || !keylen || keylen > BLAKE2S_KEYBYTES ) return BAD_FUNC_ARG; -#ifdef WOLFSSL_BLAKE2S_INIT_EACH_FIELD - P->digest_length = outlen; - P->key_length = keylen; - P->fanout = 1; - P->depth = 1; - store32( &P->leaf_length, 0 ); - store64( &P->node_offset, 0 ); - P->node_depth = 0; - P->inner_length = 0; - XMEMSET( P->salt, 0, sizeof( P->salt ) ); - XMEMSET( P->personal, 0, sizeof( P->personal ) ); -#else - XMEMSET( (blake2s_param *)P, 0, sizeof( *P ) ); - P->digest_length = outlen; - P->key_length = keylen; - P->fanout = 1; - P->depth = 1; -#endif + XMEMSET( (void *)(wc_ptr_t)&P, 0, sizeof( P ) ); + WC_BARRIER(); + P.digest_length = outlen; + P.key_length = keylen; + P.fanout = 1; + P.depth = 1; - ret = blake2s_init_param( S, (blake2s_param *)P ); + ret = blake2s_init_param( S, (const blake2s_param *)(wc_ptr_t)&P ); if (ret < 0) return ret; @@ -359,7 +334,7 @@ } for( i = 0; i < 8; ++i ) /* Output full hash to temp buffer */ - store64( buffer + sizeof( S->h[i] ) * i, S->h[i] ); + store32( buffer + sizeof( S->h[i] ) * i, S->h[i] ); XMEMCPY( out, buffer, outlen ); @@ -395,7 +370,7 @@ } { - int ret = blake2s_update( S, ( byte * )in, inlen ); + int ret = blake2s_update( S, ( const byte * )in, inlen ); if (ret < 0) return ret; } @@ -446,6 +421,9 @@ if (b2s == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } b2s->digestSz = digestSz; return blake2s_init(b2s->S, (byte)digestSz); @@ -458,6 +436,9 @@ if (b2s == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } b2s->digestSz = digestSz; if (keylen >= 256) @@ -500,12 +481,123 @@ } sz = requestSz ? requestSz : b2s->digestSz; + if (sz == 0 || sz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } return blake2s_final(b2s->S, final, (byte)sz); } -/* end CTaoCrypt API */ +int wc_Blake2sHmacInit(Blake2s* b2s, const byte* key, size_t key_len) +{ + byte x_key[BLAKE2S_BLOCKBYTES]; + int i; + int ret = 0; -#endif /* HAVE_BLAKE2S */ + if (key == NULL) + return BAD_FUNC_ARG; + + if (key_len > BLAKE2S_BLOCKBYTES) { + ret = wc_InitBlake2s(b2s, BLAKE2S_OUTBYTES); + if (ret == 0) + ret = wc_Blake2sUpdate(b2s, key, (word32)key_len); + if (ret == 0) + ret = wc_Blake2sFinal(b2s, x_key, 0); + } else { + XMEMCPY(x_key, key, key_len); + if (key_len < BLAKE2S_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + } + } + + if (ret == 0) { + for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i) + x_key[i] ^= 0x36U; + } + + if (ret == 0) + ret = wc_InitBlake2s(b2s, BLAKE2S_OUTBYTES); + if (ret == 0) + ret = wc_Blake2sUpdate(b2s, x_key, BLAKE2S_BLOCKBYTES); + + ForceZero(x_key, sizeof(x_key)); + + return ret; +} + +int wc_Blake2sHmacUpdate(Blake2s* b2s, const byte* in, size_t in_len) +{ + if (in == NULL) + return BAD_FUNC_ARG; + + return wc_Blake2sUpdate(b2s, in, (word32)in_len); +} + +int wc_Blake2sHmacFinal(Blake2s* b2s, const byte* key, size_t key_len, + byte* out, size_t out_len) +{ + byte x_key[BLAKE2S_BLOCKBYTES]; + int i; + int ret = 0; + + if (key == NULL) + return BAD_FUNC_ARG; + + if (out_len != BLAKE2S_OUTBYTES) + return BUFFER_E; + if (key_len > BLAKE2S_BLOCKBYTES) { + ret = wc_InitBlake2s(b2s, BLAKE2S_OUTBYTES); + if (ret == 0) + ret = wc_Blake2sUpdate(b2s, key, (word32)key_len); + if (ret == 0) + ret = wc_Blake2sFinal(b2s, x_key, 0); + } else { + XMEMCPY(x_key, key, key_len); + if (key_len < BLAKE2S_BLOCKBYTES) { + XMEMSET(x_key + key_len, 0, BLAKE2S_BLOCKBYTES - key_len); + } + } + + if (ret == 0) { + for (i = 0; i < BLAKE2S_BLOCKBYTES; ++i) + x_key[i] ^= 0x5CU; + } + + if (ret == 0) + ret = wc_Blake2sFinal(b2s, out, 0); + + if (ret == 0) + ret = wc_InitBlake2s(b2s, BLAKE2S_OUTBYTES); + if (ret == 0) + ret = wc_Blake2sUpdate(b2s, x_key, BLAKE2S_BLOCKBYTES); + if (ret == 0) + ret = wc_Blake2sUpdate(b2s, out, BLAKE2S_OUTBYTES); + if (ret == 0) + ret = wc_Blake2sFinal(b2s, out, 0); + + ForceZero(x_key, sizeof(x_key)); + + return ret; +} + +int wc_Blake2sHmac(const byte* in, size_t in_len, + const byte* key, size_t key_len, + byte* out, size_t out_len) +{ + Blake2s state; + int ret; + + ret = wc_Blake2sHmacInit(&state, key, key_len); + if (ret == 0) + ret = wc_Blake2sHmacUpdate(&state, in, in_len); + if (ret == 0) + ret = wc_Blake2sHmacFinal(&state, key, key_len, out, out_len); + + return ret; +} + +/* end wolfCrypt API */ + +#endif /* HAVE_BLAKE2S */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/camellia.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/camellia.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/camellia.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/camellia.c 2026-05-24 09:58:33.000000000 +0000 @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,7 +52,7 @@ #define U32C(v) (v##U) #define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) - #define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0]) + #define U8TO32_LITTLE(p) LITTLE32(((const word32*)(p))[0]) #define ROTATE(v,c) rotlFixed(v, c) #define XOR(v,w) ((v) ^ (w)) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha20_poly1305.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -119,6 +119,10 @@ if (ret == 0) ret = wc_ChaCha20Poly1305_CheckTag(inAuthTag, calculatedAuthTag); + if (ret != 0) { + /* zero plaintext on error */ + ForceZero(outPlaintext, inCiphertextLen); + } WC_FREE_VAR_EX(aead, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -187,6 +191,8 @@ aead->state = CHACHA20_POLY1305_STATE_READY; } + ForceZero(authKey, sizeof(authKey)); + return ret; } @@ -313,7 +319,8 @@ byte authKey[CHACHA20_POLY1305_AEAD_KEYSIZE]; int ret; - if ((ad == NULL) || (nonce == NULL) || (key == NULL)) + if ((aead == NULL) || (ad == NULL && ad_len > 0) || (nonce == NULL) || + (key == NULL)) return BAD_FUNC_ARG; if ((key_len != CHACHA20_POLY1305_AEAD_KEYSIZE) || @@ -331,25 +338,30 @@ /* Create the Poly1305 key */ if ((ret = wc_Chacha_Process(&aead->chacha, authKey, authKey, (word32)sizeof authKey)) < 0) - return ret; + goto out; /* advance to start of the next ChaCha block. */ wc_Chacha_purge_current_block(&aead->chacha); /* Initialize Poly1305 context */ if ((ret = wc_Poly1305SetKey(&aead->poly, authKey, (word32)sizeof authKey)) < 0) - return ret; + goto out; if ((ret = wc_Poly1305Update(&aead->poly, ad, (word32)ad_len)) < 0) - return ret; + goto out; if ((ret = wc_Poly1305_Pad(&aead->poly, (word32)ad_len)) < 0) - return ret; + goto out; aead->isEncrypt = isEncrypt ? 1 : 0; aead->state = CHACHA20_POLY1305_STATE_AAD; - return 0; + ret = 0; + +out: + ForceZero(authKey, sizeof(authKey)); + + return ret; } static WC_INLINE int wc_XChaCha20Poly1305_crypt_oneshot( @@ -361,9 +373,7 @@ int isEncrypt) { int ret; - long int dst_len = isEncrypt ? - (long int)src_len + POLY1305_DIGEST_SIZE : - (long int)src_len - POLY1305_DIGEST_SIZE; + size_t dst_len; const byte *src_i; byte *dst_i; size_t src_len_rem; @@ -376,12 +386,27 @@ ChaChaPoly_Aead aead_buf, *aead = &aead_buf; #endif + if (isEncrypt) { + if (src_len > (size_t)(CHACHA20_POLY1305_MAX - POLY1305_DIGEST_SIZE)) { + ret = BAD_FUNC_ARG; + goto out; + } + dst_len = src_len + (size_t)POLY1305_DIGEST_SIZE; + } + else { + if (src_len < POLY1305_DIGEST_SIZE) { + ret = BAD_FUNC_ARG; + goto out; + } + dst_len = src_len - (size_t)POLY1305_DIGEST_SIZE; + } + if ((dst == NULL) || (src == NULL)) { ret = BAD_FUNC_ARG; goto out; } - if (dst_len < 0 || (long int)dst_space < dst_len) { + if (dst_space < dst_len) { ret = BUFFER_E; goto out; } @@ -400,7 +425,7 @@ * and to exploit hot cache for the input data. */ src_i = src; - src_len_rem = isEncrypt ? src_len : (size_t)dst_len; + src_len_rem = isEncrypt ? src_len : dst_len; dst_i = dst; while (src_len_rem > 0) { word32 this_src_len = @@ -421,13 +446,13 @@ if (aead->poly.leftover) { if ((ret = wc_Poly1305_Pad(&aead->poly, (word32)aead->poly.leftover)) < 0) - return ret; + goto out; } #ifdef WORD64_AVAILABLE - ret = wc_Poly1305_EncodeSizes64(&aead->poly, ad_len, isEncrypt ? src_len : (size_t)dst_len); + ret = wc_Poly1305_EncodeSizes64(&aead->poly, ad_len, isEncrypt ? src_len : dst_len); #else - ret = wc_Poly1305_EncodeSizes(&aead->poly, ad_len, isEncrypt ? src_len : (size_t)dst_len); + ret = wc_Poly1305_EncodeSizes(&aead->poly, ad_len, isEncrypt ? src_len : dst_len); #endif if (ret < 0) goto out; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* chacha_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/chacha_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* chacha_asm.asm */ ; /* -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,7 +71,7 @@ */ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz) { - return _wc_Hash_Grow(&cmac->msg, &cmac->used, &cmac->len, in, inSz, NULL); + return _wc_Hash_Grow(&cmac->msg, &cmac->used, &cmac->len, in, inSz, cmac->aes.heap); } #endif /* WOLFSSL_HASH_KEEP */ @@ -163,12 +163,19 @@ byte l[WC_AES_BLOCK_SIZE]; XMEMSET(l, 0, WC_AES_BLOCK_SIZE); +#ifndef HAVE_SELFTEST ret = wc_AesEncryptDirect(&cmac->aes, l, l); if (ret == 0) { ShiftAndXorRb(cmac->k1, l); ShiftAndXorRb(cmac->k2, cmac->k1); ForceZero(l, WC_AES_BLOCK_SIZE); } +#else + wc_AesEncryptDirect(&cmac->aes, l, l); + ShiftAndXorRb(cmac->k1, l); + ShiftAndXorRb(cmac->k2, cmac->k1); + ForceZero(l, WC_AES_BLOCK_SIZE); +#endif } break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ @@ -221,6 +228,7 @@ #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) case WC_CMAC_AES: { +#ifdef HAVE_SELFTEST while ((ret == 0) && (inSz != 0)) { word32 add = min(inSz, WC_AES_BLOCK_SIZE - cmac->bufferSz); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); @@ -230,17 +238,17 @@ inSz -= add; if (cmac->bufferSz == WC_AES_BLOCK_SIZE && inSz != 0) { - if (cmac->totalSz != 0) { - xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); - } - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, + xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); + wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - cmac->totalSz += WC_AES_BLOCK_SIZE; - cmac->bufferSz = 0; - } + cmac->totalSz += WC_AES_BLOCK_SIZE; + cmac->bufferSz = 0; } } +#else + (void)ret; + ret = wc_local_CmacUpdateAes(cmac, in, inSz); +#endif }; break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ default: @@ -257,7 +265,7 @@ /* TODO: msg is leaked if wc_CmacFinal() is not called * e.g. when multiple calls to wc_CmacUpdate() and one fails but * wc_CmacFinal() not called. */ - XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cmac->msg, cmac->aes.heap, DYNAMIC_TYPE_TMP_BUFFER); #endif switch (cmac->type) { #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) @@ -332,10 +340,15 @@ } xorbuf(cmac->buffer, cmac->digest, WC_AES_BLOCK_SIZE); xorbuf(cmac->buffer, subKey, WC_AES_BLOCK_SIZE); +#ifndef HAVE_SELFTEST ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); if (ret == 0) { XMEMCPY(out, cmac->digest, *outSz); } +#else + wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + XMEMCPY(out, cmac->digest, *outSz); +#endif }; break; #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ default: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/coding.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/coding.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/coding.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/coding.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/compress.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/compress.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/compress.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/compress.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* compress.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -230,7 +230,10 @@ stream.next_out = tmp; stream.avail_out = (uInt)tmpSz; - if ((uLong)stream.avail_out != tmpSz) return DECOMPRESS_INIT_E; + if ((uLong)stream.avail_out != tmpSz) { + XFREE(tmp, heap, memoryType); + return DECOMPRESS_INIT_E; + } stream.zalloc = (alloc_func)myAlloc; stream.zfree = (free_func)myFree; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cpuid.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cpuid.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -113,7 +113,11 @@ static WC_INLINE void cpuid_set_flags(void) { + #ifdef WOLFSSL_BSDKM + if (WOLFSSL_ATOMIC_LOAD_UINT(cpuid_flags) == WC_CPUID_INITIALIZER) { + #else if (WOLFSSL_ATOMIC_LOAD(cpuid_flags) == WC_CPUID_INITIALIZER) { + #endif cpuid_flags_t new_cpuid_flags = 0, old_cpuid_flags = WC_CPUID_INITIALIZER; if (cpuid_flag(1, 0, ECX, 28)) { new_cpuid_flags |= CPUID_AVX1 ; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/cryptocb.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryptocb.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,18 +22,36 @@ /* This framework provides a central place for crypto hardware integration using the devId scheme. If not supported return `CRYPTOCB_UNAVAILABLE`. */ -/* Some common, optional build settings: - * these can also be set in wolfssl/options.h or user_settings.h - * ------------------------------------------------------------- - * enable the find device callback functions - * WOLF_CRYPTO_CB_FIND +/* +Crypto Callback Build Options: + * WOLF_CRYPTO_CB: Master enable for crypto callback default: off + * framework. Required for all options below. + * WOLF_CRYPTO_CB_FIND: Enable find device callback functions default: off + * Allows lookup of registered crypto devices. + * WOLF_CRYPTO_CB_CMD: Enable command callbacks invoked during default: off + * register and unregister of crypto devices. + * WOLF_CRYPTO_CB_COPY: Enable copy callback for algorithm default: off + * structures (hash, cipher state copying). + * WOLF_CRYPTO_CB_FREE: Enable free callback for algorithm default: off + * structures (cleanup of crypto objects). + * WOLF_CRYPTO_CB_AES_SETKEY: Enable callback for AES key setup default: off + * WOLF_CRYPTO_CB_RSA_PAD: Enable callback for RSA padding default: off + * operations (custom padding handling). + * DEBUG_CRYPTOCB: Enable debug InfoString functions default: off * - * enable the command callback functions to invoke the callback during - * register and unregister - * WOLF_CRYPTO_CB_CMD + * Device ID options: + * WC_USE_DEVID: Specify a default device ID to use default: off + * when no hardware device is detected. + * WC_NO_DEFAULT_DEVID: Disable automatic default device ID default: off + * selection. Requires explicit devId passing. + * WOLFSSL_CAAM_DEVID: Device ID constant (value 7) for NXP default: off + * CAAM hardware crypto. * - * enable debug InfoString functions - * DEBUG_CRYPTOCB + * Algorithm-specific callback options: + * NO_SHA2_CRYPTO_CB: Disable crypto callbacks for SHA-384 default: off + * and SHA-512 operations. + * WOLF_CRYPTO_CB_ONLY_ECC: Use only callbacks for ECC default: off + * WOLF_CRYPTO_CB_ONLY_RSA: Use only callbacks for RSA default: off */ #include @@ -219,7 +237,7 @@ printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), GetCipherTypeStr(info->cipher.type), - info->cipher.type, info->cipher.ctx); + info->cipher.type, (void*)info->cipher.ctx); } #endif /* !NO_AES || !NO_DES3 */ #if !defined(NO_SHA) || !defined(NO_SHA256) || \ @@ -228,7 +246,7 @@ printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), GetHashTypeStr(info->hash.type), - info->hash.type, info->hash.ctx, + info->hash.type, (void*)info->hash.ctx, (info->hash.in != NULL) ? "Update" : "Final"); } #endif @@ -237,7 +255,7 @@ printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), GetHashTypeStr(info->hmac.macType), - info->hmac.macType, info->hmac.hmac, + info->hmac.macType, (void*)info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } #endif @@ -246,7 +264,7 @@ printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n", GetAlgoTypeStr(info->algo_type), GetCmacTypeStr(info->cmac.type), - info->cmac.type, info->cmac.cmac, + info->cmac.type, (void*)info->cmac.cmac, (info->cmac.key != NULL) ? "Init " : "", (info->cmac.in != NULL) ? "Update " : "", (info->cmac.out != NULL) ? "Final" : ""); @@ -1537,6 +1555,36 @@ return wc_CryptoCb_TranslateErrorCode(ret); } #endif /* HAVE_AES_ECB */ + +#ifdef WOLF_CRYPTO_CB_AES_SETKEY +int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + + if (aes == NULL || key == NULL) + return BAD_FUNC_ARG; + + if (aes->devId == INVALID_DEVID) + return CRYPTOCB_UNAVAILABLE; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(aes->devId, WC_ALGO_TYPE_CIPHER); + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_CIPHER; + cryptoInfo.cipher.type = WC_CIPHER_AES; + cryptoInfo.cipher.aessetkey.aes = aes; + cryptoInfo.cipher.aessetkey.key = key; + cryptoInfo.cipher.aessetkey.keySz = keySz; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif /* WOLF_CRYPTO_CB_AES_SETKEY */ #endif /* !NO_AES */ #ifndef NO_DES3 @@ -2090,11 +2138,13 @@ * WC_ALGO_TYPE_CIPHER, etc * type: Specific type - for HASH: enum wc_HashType, for CIPHER: * enum wc_CipherType + * subType: Specific subtype - for PQC: enum wc_PqcKemType, + * enum wc_PqcSignatureType * obj: Pointer to object structure to free * Returns: 0 on success, negative on error, CRYPTOCB_UNAVAILABLE if not * handled */ -int wc_CryptoCb_Free(int devId, int algo, int type, void* obj) +int wc_CryptoCb_Free(int devId, int algo, int type, int subType, void* obj) { int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); CryptoCb* dev; @@ -2107,6 +2157,7 @@ cryptoInfo.algo_type = WC_ALGO_TYPE_FREE; cryptoInfo.free.algo = algo; cryptoInfo.free.type = type; + cryptoInfo.free.subType = subType; cryptoInfo.free.obj = obj; ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* curve25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,7 +22,14 @@ /* Based On Daniel J Bernstein's curve25519 Public Domain ref10 work. */ -#include +/* + * X25519 configuration macros: + * + * WC_X25519_NONBLOCK: Enable non-blocking support for key gen and shared + * secret. Requires CURVE25519_SMALL. Default: off. + */ + + #include #ifdef NO_CURVED25519_X64 #undef USE_INTEL_SPEEDUP @@ -31,6 +38,9 @@ #ifdef HAVE_CURVE25519 #include +#include +#include +#include #ifdef NO_INLINE #include #else @@ -54,6 +64,8 @@ #error "Blinding not needed nor available for small implementation" #elif defined(USE_INTEL_SPEEDUP) || defined(WOLFSSL_ARMASM) #error "Blinding not needed nor available for assembly implementation" + #elif defined(WOLFSSL_CURVE25519_USE_ED25519) + #error "Ed25519 base scalar mult cannot be used with blinding " #endif #endif @@ -72,6 +84,10 @@ } }; +#if (!defined(WOLFSSL_CURVE25519_USE_ED25519) && \ + !(defined(CURVED25519_X64) || (defined(WOLFSSL_ARMASM) && \ + defined(__aarch64__)))) || defined(WOLFSSL_CURVE25519_BLINDING) || \ + defined(WC_X25519_NONBLOCK) static const word32 kCurve25519BasePoint[CURVE25519_KEYSIZE/sizeof(word32)] = { #ifdef BIG_ENDIAN_ORDER 0x09000000 @@ -79,6 +95,7 @@ 9 #endif }; +#endif /* !WOLFSSL_CURVE25519_USE_ED25519 || WOLFSSL_CURVE25519_BLINDING */ /* Curve25519 private key must be less than order */ /* These functions clamp private k and check it */ @@ -154,7 +171,31 @@ SAVE_VECTOR_REGISTERS(return _svr_ret;); +#if defined(WOLFSSL_CURVE25519_USE_ED25519) + { + ge_p3 A; + + ge_scalarmult_base(&A, priv); + #ifndef CURVE25519_SMALL + fe_add(A.X, A.Z, A.Y); + fe_sub(A.T, A.Z, A.Y); + fe_invert(A.T, A.T); + fe_mul(A.T, A.X, A.T); + fe_tobytes(pub, A.T); + #else + lm_add(A.X, A.Z, A.Y); + lm_sub(A.T, A.Z, A.Y); + lm_invert(A.T, A.T); + lm_mul(pub, A.X, A.T); + #endif + ret = 0; + } +#elif defined(CURVED25519_X64) || (defined(WOLFSSL_ARMASM) && \ + defined(__aarch64__)) + ret = curve25519_base(pub, priv); +#else ret = curve25519(pub, priv, (byte*)kCurve25519BasePoint); +#endif RESTORE_VECTOR_REGISTERS(); #else @@ -172,6 +213,15 @@ #endif /* !WOLFSSL_CURVE25519_BLINDING */ #endif /* FREESCALE_LTC_ECC */ +/* If WOLFSSL_CURVE25519_BLINDING is defined, this check is run in + * wc_curve25519_make_pub_blind since it could be called directly. */ +#if !defined(WOLFSSL_CURVE25519_BLINDING) || defined(FREESCALE_LTC_ECC) + if (ret == 0) { + ret = wc_curve25519_check_public(pub, (word32)public_size, + EC25519_LITTLE_ENDIAN); + } +#endif + return ret; } @@ -264,9 +314,15 @@ #else fe_init(); - ret = curve25519_smul_blind(pub, priv, (byte*)kCurve25519BasePoint, rng); + ret = curve25519_smul_blind(pub, priv, (const byte*)kCurve25519BasePoint, + rng); #endif + if (ret == 0) { + ret = wc_curve25519_check_public(pub, (word32)public_size, + EC25519_LITTLE_ENDIAN); + } + return ret; } #endif @@ -395,6 +451,85 @@ return ret; } +#ifdef WC_X25519_NONBLOCK + +static int wc_curve25519_make_pub_nb(curve25519_key* key) +{ + int ret = 0; + + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->nb_ctx == NULL) { + WOLFSSL_MSG("wc_curve25519_make_pub_nb called with NULL non-blocking " + "context."); + ret = BAD_FUNC_ARG; + } + + if (ret == 0 && key->nb_ctx->state == 0) { + /* check clamping */ + ret = curve25519_priv_clamp_check(key->k); + if (ret == 0) { + fe_init(); + } + } + if (ret == 0) { + ret = curve25519_nb(key->p.point, key->k, (byte*)kCurve25519BasePoint, + key->nb_ctx); + } + + return ret; +} + +static int wc_curve25519_make_key_nb(WC_RNG* rng, int keysize, + curve25519_key* key) +{ + int ret = 0; + + if (key == NULL || rng == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->nb_ctx == NULL) { + WOLFSSL_MSG("wc_curve25519_make_key_nb called with NULL non-blocking " + "context."); + ret = BAD_FUNC_ARG; + } + + if (ret == 0 && key->nb_ctx->state == 0) { + ret = wc_curve25519_make_priv(rng, keysize, key->k); + if (ret == 0) { + key->privSet = 1; + } + } + if (ret == 0) { + ret = wc_curve25519_make_pub_nb(key); + if (ret == 0) { + key->pubSet = 1; + } + } + + return ret; +} + +int wc_curve25519_set_nonblock(curve25519_key* key, x25519_nb_ctx_t* ctx) +{ + if (key == NULL) { + return BAD_FUNC_ARG; + } + /* If a different context is already set, clear it before replacing. + * The caller is responsible for freeing any heap-allocated context. */ + if (key->nb_ctx != NULL && key->nb_ctx != ctx) { + XMEMSET(key->nb_ctx, 0, sizeof(x25519_nb_ctx_t)); + } + if (ctx != NULL) { + XMEMSET(ctx, 0, sizeof(x25519_nb_ctx_t)); + } + key->nb_ctx = ctx; + return 0; +} + +#endif /* WC_X25519_NONBLOCK */ + /* generate a new keypair. * * return value is propagated from wc_curve25519_make_private() or @@ -416,26 +551,48 @@ } #endif +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_X25519) && \ + defined(WOLFSSL_ASYNC_CRYPT_SW) + if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_X25519) { + if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_X25519_MAKE)) { + WC_ASYNC_SW* sw = &key->asyncDev.sw; + sw->x25519Make.rng = rng; + sw->x25519Make.size = keysize; + sw->x25519Make.key = key; + return WC_PENDING_E; + } + } +#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_X25519 && + * WOLFSSL_ASYNC_CRYPT_SW */ + #ifdef WOLFSSL_SE050 ret = se050_curve25519_create_key(key, keysize); -#else - ret = wc_curve25519_make_priv(rng, keysize, key->k); - if (ret == 0) { - key->privSet = 1; -#ifdef WOLFSSL_CURVE25519_BLINDING - ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point), - key->p.point, (int)sizeof(key->k), - key->k, rng); +#elif defined(WC_X25519_NONBLOCK) + if (key->nb_ctx != NULL) { + ret = wc_curve25519_make_key_nb(rng, keysize, key); + } + else +#endif +#if !defined(WOLFSSL_SE050) + { + ret = wc_curve25519_make_priv(rng, keysize, key->k); if (ret == 0) { - ret = wc_curve25519_set_rng(key, rng); - } + key->privSet = 1; +#ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_make_pub_blind((int)sizeof(key->p.point), + key->p.point, (int)sizeof(key->k), key->k, rng); + if (ret == 0) { + ret = wc_curve25519_set_rng(key, rng); + } #else - ret = wc_curve25519_make_pub((int)sizeof(key->p.point), key->p.point, - (int)sizeof(key->k), key->k); + ret = wc_curve25519_make_pub((int)sizeof(key->p.point), + key->p.point, (int)sizeof(key->k), key->k); #endif - key->pubSet = (ret == 0); + key->pubSet = (ret == 0); + } } -#endif +#endif /* !WOLFSSL_SE050 */ + return ret; } @@ -449,12 +606,65 @@ out, outlen, EC25519_BIG_ENDIAN); } +#ifdef WC_X25519_NONBLOCK + +static int wc_curve25519_shared_secret_nb(curve25519_key* privKey, + curve25519_key* pubKey, byte* out, word32* outlen, int endian) +{ + int ret = FP_WOULDBLOCK; + + switch (privKey->nb_ctx->ssState) { + case 0: + XMEMSET(&privKey->nb_ctx->o, 0, sizeof(privKey->nb_ctx->o)); + privKey->nb_ctx->ssState = 1; + break; + case 1: + ret = curve25519_nb(privKey->nb_ctx->o.point, privKey->k, + pubKey->p.point, privKey->nb_ctx); + if (ret == 0) { + ret = FP_WOULDBLOCK; + privKey->nb_ctx->ssState = 2; + } + break; + case 2: + #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO + { + int i; + byte t = 0; + + for (i = 0; i < CURVE25519_KEYSIZE; i++) { + t |= privKey->nb_ctx->o.point[i]; + } + if (t == 0) { + ret = ECC_OUT_OF_RANGE_E; + } + else + #endif /* WOLFSSL_ECDHX_SHARED_NOT_ZERO */ + { + curve25519_copy_point(out, privKey->nb_ctx->o.point, endian); + *outlen = CURVE25519_KEYSIZE; + ret = 0; + } + #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO + } + #endif + break; + } + + if (ret != FP_WOULDBLOCK) { + XMEMSET(privKey->nb_ctx, 0, sizeof(x25519_nb_ctx_t)); + } + + return ret; +} + +#endif /* WC_X25519_NONBLOCK */ + int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian) { - int ret; - ECPoint o; + int ret = 0; /* sanity check */ if (private_key == NULL || public_key == NULL || @@ -486,51 +696,80 @@ } #endif - XMEMSET(&o, 0, sizeof(o)); +#ifdef WC_X25519_NONBLOCK -#ifdef FREESCALE_LTC_ECC - /* input point P on Curve25519 */ - ret = nxp_ltc_curve25519(&o, private_key->k, &public_key->p, - kLTC_Curve25519); -#else - #ifdef WOLFSSL_SE050 - if (!private_key->privSet) { - /* use NXP SE050: "privSet" is not set */ - ret = se050_curve25519_shared_secret(private_key, public_key, &o); +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_X25519) && \ + defined(WOLFSSL_ASYNC_CRYPT_SW) + if (private_key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_X25519) { + if (wc_AsyncSwInit(&private_key->asyncDev, + ASYNC_SW_X25519_SHARED_SEC)) { + WC_ASYNC_SW* sw = &private_key->asyncDev.sw; + sw->x25519SharedSec.priv = private_key; + sw->x25519SharedSec.pub = public_key; + sw->x25519SharedSec.out = out; + sw->x25519SharedSec.outLen = outlen; + sw->x25519SharedSec.endian = endian; + return WC_PENDING_E; + } + } +#endif /* WOLFSSL_ASYNC_CRYPT && WC_ASYNC_ENABLE_X25519 && + * WOLFSSL_ASYNC_CRYPT_SW */ + + if (private_key->nb_ctx != NULL) { + ret = wc_curve25519_shared_secret_nb(private_key, public_key, out, + outlen, endian); } else - #endif +#endif /* WC_X25519_NONBLOCK */ { + ECPoint o; + + XMEMSET(&o, 0, sizeof(o)); + +#ifdef FREESCALE_LTC_ECC + /* input point P on Curve25519 */ + ret = nxp_ltc_curve25519(&o, private_key->k, &public_key->p, + kLTC_Curve25519); +#else + #ifdef WOLFSSL_SE050 + if (!private_key->privSet) { + /* use NXP SE050: "privSet" is not set */ + ret = se050_curve25519_shared_secret(private_key, public_key, &o); + } + else + #endif /* WOLFSSL_SE050 */ + { #ifndef WOLFSSL_CURVE25519_BLINDING - SAVE_VECTOR_REGISTERS(return _svr_ret;); + SAVE_VECTOR_REGISTERS(return _svr_ret;); - ret = curve25519(o.point, private_key->k, public_key->p.point); + ret = curve25519(o.point, private_key->k, public_key->p.point); - RESTORE_VECTOR_REGISTERS(); + RESTORE_VECTOR_REGISTERS(); #else - ret = curve25519_smul_blind(o.point, private_key->k, public_key->p.point, - private_key->rng); -#endif - } + ret = curve25519_smul_blind(o.point, private_key->k, + public_key->p.point, private_key->rng); #endif + } +#endif /* FREESCALE_LTC_ECC */ #ifdef WOLFSSL_ECDHX_SHARED_NOT_ZERO - if (ret == 0) { - int i; - byte t = 0; - for (i = 0; i < CURVE25519_KEYSIZE; i++) { - t |= o.point[i]; + if (ret == 0) { + int i; + byte t = 0; + for (i = 0; i < CURVE25519_KEYSIZE; i++) { + t |= o.point[i]; + } + if (t == 0) { + ret = ECC_OUT_OF_RANGE_E; + } } - if (t == 0) { - ret = ECC_OUT_OF_RANGE_E; +#endif /* WOLFSSL_ECDHX_SHARED_NOT_ZERO */ + if (ret == 0) { + curve25519_copy_point(out, o.point, endian); + *outlen = CURVE25519_KEYSIZE; } - } -#endif - if (ret == 0) { - curve25519_copy_point(out, o.point, endian); - *outlen = CURVE25519_KEYSIZE; - } - ForceZero(&o, sizeof(o)); + ForceZero(&o, sizeof(o)); + } return ret; } @@ -874,10 +1113,12 @@ } int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) { + void* heap; if (key == NULL) return BAD_FUNC_ARG; + heap = key->heap; wc_curve25519_free(key); - XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519); + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); if (key_p != NULL) *key_p = NULL; return 0; @@ -886,30 +1127,40 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { - if (key == NULL) - return BAD_FUNC_ARG; + int ret = 0; - XMEMSET(key, 0, sizeof(*key)); + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + else { + XMEMSET(key, 0, sizeof(*key)); - /* currently the format for curve25519 */ - key->dp = &curve25519_sets[0]; + /* currently the format for curve25519 */ + key->dp = &curve25519_sets[0]; -#ifdef WOLF_CRYPTO_CB - key->devId = devId; -#else - (void)devId; -#endif - (void)heap; /* if needed for XMALLOC/XFREE in future */ + #ifdef WOLF_CRYPTO_CB + key->devId = devId; + #else + (void)devId; + #endif + (void)heap; /* if needed for XMALLOC/XFREE in future */ -#ifndef FREESCALE_LTC_ECC - fe_init(); -#endif + #ifndef FREESCALE_LTC_ECC + fe_init(); + #endif -#ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("wc_curve25519_init_ex key->k", key->k, CURVE25519_KEYSIZE); -#endif + #ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wc_curve25519_init_ex key->k", key->k, + CURVE25519_KEYSIZE); + #endif - return 0; + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_X25519) + ret = wolfAsync_DevCtxInit(&key->asyncDev, WOLFSSL_ASYNC_MARKER_X25519, + heap, devId); + #endif + } + + return ret; } int wc_curve25519_init(curve25519_key* key) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/curve448.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/curve448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/curve448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* curve448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,6 +25,17 @@ * Reworked for curve448 by Sean Parkinson. */ +/* + * Curve448 Build Options: + * + * HAVE_CURVE448: Enable Curve448 support default: off + * HAVE_CURVE448_SHARED_SECRET: Enable Curve448 shared secret default: on + * (when HAVE_CURVE448 is enabled) + * HAVE_CURVE448_KEY_EXPORT: Enable Curve448 key export default: on + * HAVE_CURVE448_KEY_IMPORT: Enable Curve448 key import default: on + * WOLFSSL_ECDHX_SHARED_NOT_ZERO: Check ECDH shared secret != 0 default: off + */ + #include #ifdef HAVE_CURVE448 @@ -409,12 +420,12 @@ return ECC_BAD_ARG_E; } if ((i == 27) && (pub[i] == 0xfe)) { - for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i--) { + for (++i; i < CURVE448_PUB_KEY_SIZE - 1; i++) { if (pub[i] != 0xff) { break; } } - if ((i == CURVE448_PUB_KEY_SIZE) && (pub[i] >= 0xfe)) { + if ((i == CURVE448_PUB_KEY_SIZE - 1) && (pub[i] >= 0xfe)) { return ECC_BAD_ARG_E; } } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/des3.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/des3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/des3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/des3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,17 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * DES3 Build Options: + * + * NO_DES3: Disable 3DES support entirely default: off + * WOLFSSL_DES_ECB: Enable DES-ECB mode default: off + * + * Hardware Acceleration (DES3-specific): + * WC_ASYNC_ENABLE_3DES: Enable async 3DES operations default: off + * FREESCALE_LTC_DES: Freescale LTC DES acceleration default: off + */ + #include #ifndef NO_DES3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dh.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1032,13 +1032,13 @@ #ifndef WOLFSSL_DH_CONST #define WOLFSSL_DH_ROUND(x) WC_DO_NOTHING #else - #define WOLFSSL_DH_ROUND(x) \ - do { \ - if (x % 128) { \ - x &= 0xffffff80;\ - x += 128; \ - } \ - } \ + #define WOLFSSL_DH_ROUND(x) \ + do { \ + if ((x) % 128) { \ + (x) &= 0xffffff80;\ + (x) += 128; \ + } \ + } \ while (0) #endif @@ -1157,8 +1157,9 @@ if (err == MP_OKAY) err = mp_read_unsigned_bin(tmpX, cBuf, cSz); if (err != MP_OKAY) { - mp_clear(tmpX); + mp_forcezero(tmpX); mp_clear(tmpQ); + ForceZero(cBuf, cSz); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(cBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(tmpQ, key->heap, DYNAMIC_TYPE_DH); @@ -1464,7 +1465,7 @@ if (ret == MP_OKAY) ret = IntelQaDhKeyGen(&key->asyncDev, &key->p.raw, &key->g.raw, &x.raw, pub, pubSz); - mp_clear(&x); + mp_forcezero(&x); return ret; } @@ -2029,12 +2030,13 @@ WOLFSSL_MSG("wc_DhAgree wc_DhCheckPrivKey failed"); return DH_CHECK_PRIV_E; } +#endif + /* Always validate peer public key (2 <= y <= p-2) per SP 800-56A */ if (wc_DhCheckPubKey(key, otherPub, pubSz) != 0) { WOLFSSL_MSG("wc_DhAgree wc_DhCheckPubKey failed"); return DH_CHECK_PUB_E; } -#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) y = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_DH); @@ -2226,9 +2228,11 @@ #endif XFREE(y, key->heap, DYNAMIC_TYPE_DH); #elif defined(WOLFSSL_CHECK_MEM_ZERO) +#if !defined(WOLFSSL_SP_MATH) mp_memzero_check(x); mp_memzero_check(z); #endif +#endif return ret; } @@ -2403,7 +2407,7 @@ } if (havePriv) { if (mp_read_unsigned_bin(&key->priv, priv, privSz) != MP_OKAY) { - mp_clear(&key->priv); + mp_forcezero(&key->priv); havePriv = 0; } else { WOLFSSL_MSG("DH Private Key Set"); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dilithium.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dilithium.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -503,6 +503,9 @@ word64* state = shake256->s; word8 *state8 = (word8*)state; + if (data2Len > (WOLFSSL_MAX_32BIT - data1Len)) { + return BAD_FUNC_ARG; + } if (data1Len + data2Len >= WC_SHA3_256_COUNT * 8) { XMEMCPY(state8, data1, data1Len); XMEMCPY(state8 + data1Len, data2, WC_SHA3_256_COUNT * 8 - data1Len); @@ -1884,17 +1887,17 @@ #endif #else z[i+0] = DILITHIUM_GAMMA1_17 - - ( s[ 0] | ((sword32)(s[ 1] << 8) | + ( (sword32)s[ 0] | (((sword32)s[ 1] << 8) | (sword32)(s[ 2] & 0x03) << 16)); z[i+1] = DILITHIUM_GAMMA1_17 - - ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | + (((sword32)s[ 2] >> 2) | (((sword32)s[ 3] << 6) | (sword32)(s[ 4] & 0x0f) << 14)); z[i+2] = DILITHIUM_GAMMA1_17 - - ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | + (((sword32)s[ 4] >> 4) | (((sword32)s[ 5] << 4) | (sword32)(s[ 6] & 0x3f) << 12)); z[i+3] = DILITHIUM_GAMMA1_17 - - ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | - (sword32)(s[ 8] ) << 10)); + (((sword32)s[ 6] >> 6) | (((sword32)s[ 7] << 2) | + ((sword32)s[ 8] ) << 10)); #endif /* Move to next place to decode from. */ s += DILITHIUM_GAMMA1_17_ENC_BITS / 2; @@ -1948,29 +1951,29 @@ #endif #else z[i+0] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ( s[ 0] | ((sword32)(s[ 1] << 8) | - (sword32)(s[ 2] & 0x03) << 16))); + ( (sword32)s[ 0] | (((sword32)s[ 1] << 8) | + ((sword32)s[ 2] & 0x03) << 16))); z[i+1] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[ 2] >> 2) | ((sword32)(s[ 3] << 6) | - (sword32)(s[ 4] & 0x0f) << 14))); + (((sword32)s[ 2] >> 2) | (((sword32)s[ 3] << 6) | + ((sword32)s[ 4] & 0x0f) << 14))); z[i+2] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[ 4] >> 4) | ((sword32)(s[ 5] << 4) | - (sword32)(s[ 6] & 0x3f) << 12))); + (((sword32)s[ 4] >> 4) | (((sword32)s[ 5] << 4) | + ((sword32)s[ 6] & 0x3f) << 12))); z[i+3] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[ 6] >> 6) | ((sword32)(s[ 7] << 2) | - (sword32)(s[ 8] ) << 10))); + (((sword32)s[ 6] >> 6) | (((sword32)s[ 7] << 2) | + ((sword32)s[ 8] ) << 10))); z[i+4] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ( s[ 9] | ((sword32)(s[10] << 8) | - (sword32)(s[11] & 0x03) << 16))); + ( (sword32)s[ 9] | (((sword32)s[10] << 8) | + ((sword32)s[11] & 0x03) << 16))); z[i+5] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[11] >> 2) | ((sword32)(s[12] << 6) | - (sword32)(s[13] & 0x0f) << 14))); + (((sword32)s[11] >> 2) | (((sword32)s[12] << 6) | + ((sword32)s[13] & 0x0f) << 14))); z[i+6] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[13] >> 4) | ((sword32)(s[14] << 4) | - (sword32)(s[15] & 0x3f) << 12))); + (((sword32)s[13] >> 4) | (((sword32)s[14] << 4) | + ((sword32)s[15] & 0x3f) << 12))); z[i+7] = (sword32)((word32)DILITHIUM_GAMMA1_17 - - ((s[15] >> 6) | ((sword32)(s[16] << 2) | - (sword32)(s[17] ) << 10))); + (((sword32)s[15] >> 6) | (((sword32)s[16] << 2) | + ((sword32)s[17] ) << 10))); #endif /* Move to next place to decode from. */ s += DILITHIUM_GAMMA1_17_ENC_BITS; @@ -2005,14 +2008,18 @@ ((sword32)s16_0 << 4)); #endif #else - z[i+0] = DILITHIUM_GAMMA1_19 - ( s[0] | ((sword32)s[1] << 8) | - ((sword32)(s[2] & 0x0f) << 16)); - z[i+1] = DILITHIUM_GAMMA1_19 - ((s[2] >> 4) | ((sword32)s[3] << 4) | - ((sword32)(s[4] ) << 12)); - z[i+2] = DILITHIUM_GAMMA1_19 - ( s[5] | ((sword32)s[6] << 8) | - ((sword32)(s[7] & 0x0f) << 16)); - z[i+3] = DILITHIUM_GAMMA1_19 - ((s[7] >> 4) | ((sword32)s[8] << 4) | - ((sword32)(s[9] ) << 12)); + z[i+0] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[0] | ((sword32)s[1] << 8) | + (((sword32)s[2] & 0x0f) << 16)); + z[i+1] = DILITHIUM_GAMMA1_19 - + (((sword32)s[2] >> 4) | ((sword32)s[3] << 4) | + (((sword32)s[4] ) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[5] | ((sword32)s[6] << 8) | + (((sword32)s[7] & 0x0f) << 16)); + z[i+3] = DILITHIUM_GAMMA1_19 - + (((sword32)s[7] >> 4) | ((sword32)s[8] << 4) | + (((sword32)s[9] ) << 12)); #endif /* Move to next place to decode from. */ s += DILITHIUM_GAMMA1_19_ENC_BITS / 2; @@ -2065,30 +2072,38 @@ ((sword32)s16_1 << 4)); #endif #else - z[i+0] = DILITHIUM_GAMMA1_19 - ( s[ 0] | - ((sword32)s[ 1] << 8) | - ((sword32)(s[ 2] & 0x0f) << 16)); - z[i+1] = DILITHIUM_GAMMA1_19 - ((s[ 2] >> 4) | - ((sword32) s[ 3] << 4) | - ((sword32)(s[ 4] ) << 12)); - z[i+2] = DILITHIUM_GAMMA1_19 - ( s[ 5] | - ((sword32) s[ 6] << 8) | - ((sword32)(s[ 7] & 0x0f) << 16)); - z[i+3] = DILITHIUM_GAMMA1_19 - ((s[ 7] >> 4) | - ((sword32) s[ 8] << 4) | - ((sword32)(s[ 9] ) << 12)); - z[i+4] = DILITHIUM_GAMMA1_19 - ( s[10] | - ((sword32) s[11] << 8) | - ((sword32)(s[12] & 0x0f) << 16)); - z[i+5] = DILITHIUM_GAMMA1_19 - ((s[12] >> 4) | - ((sword32) s[13] << 4) | - ((sword32)(s[14] ) << 12)); - z[i+6] = DILITHIUM_GAMMA1_19 - ( s[15] | - ((sword32) s[16] << 8) | - ((sword32)(s[17] & 0x0f) << 16)); - z[i+7] = DILITHIUM_GAMMA1_19 - ((s[17] >> 4) | - ((sword32) s[18] << 4) | - ((sword32)(s[19] ) << 12)); + z[i+0] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[ 0] | + ( (sword32)s[ 1] << 8) | + (((sword32)s[ 2] & 0x0f) << 16)); + z[i+1] = DILITHIUM_GAMMA1_19 - + (((sword32)s[ 2] >> 4) | + ( (sword32)s[ 3] << 4) | + (((sword32)s[ 4] ) << 12)); + z[i+2] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[ 5] | + ( (sword32)s[ 6] << 8) | + (((sword32)s[ 7] & 0x0f) << 16)); + z[i+3] = DILITHIUM_GAMMA1_19 - + ( ((sword32)s[ 7] >> 4) | + ( (sword32)s[ 8] << 4) | + (((sword32)s[ 9] ) << 12)); + z[i+4] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[10] | + ( (sword32)s[11] << 8) | + (((sword32)s[12] & 0x0f) << 16)); + z[i+5] = DILITHIUM_GAMMA1_19 - + ( ((sword32)s[12] >> 4) | + ( (sword32)s[13] << 4) | + (((sword32)s[14] ) << 12)); + z[i+6] = DILITHIUM_GAMMA1_19 - + ( (sword32)s[15] | + ( (sword32)s[16] << 8) | + (((sword32)s[17] & 0x0f) << 16)); + z[i+7] = DILITHIUM_GAMMA1_19 - + ( ((sword32)s[17] >> 4) | + ( (sword32)s[18] << 4) | + (((sword32)s[19] ) << 12)); #endif /* Move to next place to decode from. */ s += DILITHIUM_GAMMA1_19_ENC_BITS; @@ -2179,15 +2194,24 @@ * 16 numbers in 12 bytes. (16 * 6 bits = 12 * 8 bits) */ #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 4) word32* w1e32 = (word32*)w1e; - w1e32[0] = (word32)( w1[j+ 0] | (w1[j+ 1] << 6) | - (w1[j+ 2] << 12) | (w1[j+ 3] << 18) | - (w1[j+ 4] << 24) | (w1[j+ 5] << 30)); - w1e32[1] = (word32)((w1[j+ 5] >> 2) | (w1[j+ 6] << 4) | - (w1[j+ 7] << 10) | (w1[j+ 8] << 16) | - (w1[j+ 9] << 22) | (w1[j+10] << 28)); - w1e32[2] = (word32)((w1[j+10] >> 4) | (w1[j+11] << 2) | - (w1[j+12] << 8) | (w1[j+13] << 14) | - (w1[j+14] << 20) | (w1[j+15] << 26)); + w1e32[0] = (word32)( (word32)w1[j+ 0] | + ((word32)w1[j+ 1] << 6) | + ((word32)w1[j+ 2] << 12) | + ((word32)w1[j+ 3] << 18) | + ((word32)w1[j+ 4] << 24) | + ((word32)w1[j+ 5] << 30)); + w1e32[1] = (word32)(((word32)w1[j+ 5] >> 2) | + ((word32)w1[j+ 6] << 4) | + ((word32)w1[j+ 7] << 10) | + ((word32)w1[j+ 8] << 16) | + ((word32)w1[j+ 9] << 22) | + ((word32)w1[j+10] << 28)); + w1e32[2] = (word32)(((word32)w1[j+10] >> 4) | + ((word32)w1[j+11] << 2) | + ((word32)w1[j+12] << 8) | + ((word32)w1[j+13] << 14) | + ((word32)w1[j+14] << 20) | + ((word32)w1[j+15] << 26)); #else w1e[ 0] = (byte)( w1[j+ 0] | (w1[j+ 1] << 6)); w1e[ 1] = (byte)((w1[j+ 1] >> 2) | (w1[j+ 2] << 4)); @@ -2226,6 +2250,11 @@ dilithium_encode_w1_88_c(w1, w1e); } } + +WOLFSSL_TEST_VIS void wc_dilithium_encode_w1_88(const sword32* w1, byte* w1e) +{ + dilithium_encode_w1_88(w1, w1e); +} #endif /* !WOLFSSL_NO_ML_DSA_44 */ #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) @@ -2251,14 +2280,22 @@ * 16 numbers in 8 bytes. (16 * 4 bits = 8 * 8 bits) */ #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT <= 8) word32* w1e32 = (word32*)w1e; - w1e32[0] = (word32)((w1[j + 0] << 0) | (w1[j + 1] << 4) | - (w1[j + 2] << 8) | (w1[j + 3] << 12) | - (w1[j + 4] << 16) | (w1[j + 5] << 20) | - (w1[j + 6] << 24) | (w1[j + 7] << 28)); - w1e32[1] = (word32)((w1[j + 8] << 0) | (w1[j + 9] << 4) | - (w1[j + 10] << 8) | (w1[j + 11] << 12) | - (w1[j + 12] << 16) | (w1[j + 13] << 20) | - (w1[j + 14] << 24) | (w1[j + 15] << 28)); + w1e32[0] = (word32)(((word32)w1[j + 0] << 0) | + ((word32)w1[j + 1] << 4) | + ((word32)w1[j + 2] << 8) | + ((word32)w1[j + 3] << 12) | + ((word32)w1[j + 4] << 16) | + ((word32)w1[j + 5] << 20) | + ((word32)w1[j + 6] << 24) | + ((word32)w1[j + 7] << 28)); + w1e32[1] = (word32)(((word32)w1[j + 8] << 0) | + ((word32)w1[j + 9] << 4) | + ((word32)w1[j + 10] << 8) | + ((word32)w1[j + 11] << 12) | + ((word32)w1[j + 12] << 16) | + ((word32)w1[j + 13] << 20) | + ((word32)w1[j + 14] << 24) | + ((word32)w1[j + 15] << 28)); #else w1e[0] = (byte)(w1[j + 0] | (w1[j + 1] << 4)); w1e[1] = (byte)(w1[j + 2] | (w1[j + 3] << 4)); @@ -2293,6 +2330,11 @@ dilithium_encode_w1_32_c(w1, w1e); } } + +WOLFSSL_TEST_VIS void wc_dilithium_encode_w1_32(const sword32* w1, byte* w1e) +{ + dilithium_encode_w1_32(w1, w1e); +} #endif #endif @@ -2868,7 +2910,7 @@ } for (l = 0; l < 2; l++) { - state[4*4 + l] = 0x1f0000 + (5 << 8) + (l + 3); + state[4*4 + l] = 0x1f0000 + ((word32)5 << 8) + (l + 3); } sha3_128_blocksx4_seed_avx2(state, seed); @@ -5440,8 +5482,13 @@ #endif } -#if !defined(WOLFSSL_DILITHIUM_SMALL) || !defined(WOLFSSL_DILITHIUM_NO_SIGN) - +#if !defined(WOLFSSL_DILITHIUM_SMALL) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (defined(WOLFSSL_DILITHIUM_SMALL) && \ + (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY)))) /* Reduce 32-bit a modulo q. r = a mod q. * * Barrett reduction. @@ -5451,15 +5498,14 @@ */ static sword32 dilithium_red(sword32 a) { - sword32 t = (sword32)((a + (1 << 22)) >> 23); + sword32 t = (sword32)((a + ((sword32)1 << 22)) >> 23); #ifndef DILITHIUM_MUL_Q_SLOW return (sword32)(a - (t * DILITHIUM_Q)); #else return (sword32)(a - (t << 23) + (t << 13) - t); #endif } - -#endif /* !WOLFSSL_DILITHIUM_SMALL || !WOLFSSL_DILITHIUM_NO_SIGN */ +#endif /* Zetas for NTT. */ static const sword32 zetas[DILITHIUM_N] = { @@ -7275,7 +7321,12 @@ #endif #endif -#ifndef WOLFSSL_DILITHIUM_NO_SIGN +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + (defined(WOLFSSL_DILITHIUM_SMALL) && \ + (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY))) /* Modulo reduce values in polynomial. Range (-2^31)..(2^31-1). * * @param [in, out] a Polynomial. @@ -7319,7 +7370,13 @@ } } -#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#if (defined(WOLFSSL_DILITHIUM_SMALL) && \ + (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY))) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) /* Modulo reduce values in polynomials of vector. Range (-2^31)..(2^31-1). * * @param [in, out] a Vector of polynomials. @@ -7334,8 +7391,8 @@ a += DILITHIUM_N; } } -#endif /* WOLFSSL_DILITHIUM_SIGN_SMALL_MEM*/ -#endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ +#endif +#endif #if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ @@ -7712,6 +7769,9 @@ /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ dilithium_vec_ntt_small_full(s1, params->l); dilithium_matrix_mul(t, a, s1, params->k, params->l); + #ifdef WOLFSSL_DILITHIUM_SMALL + dilithium_vec_red(t, params->k); + #endif dilithium_vec_invntt_full(t, params->k); dilithium_vec_add(t, s2, params->k); @@ -7996,6 +8056,7 @@ ret = wc_dilithium_make_key_from_seed(key, seed); } + ForceZero(seed, sizeof(seed)); return ret; } #endif /* !WOLFSSL_DILITHIUM_NO_MAKE_KEY */ @@ -8126,6 +8187,10 @@ sword32* ct0 = NULL; byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; byte* h = sig + params->lambda / 4 + params->zEncSz; + unsigned int allocSz = 0; +#ifdef WC_MLDSA_FAULT_HARDEN + sword32* y_check; +#endif /* Check the signature buffer isn't too small. */ if (*sigLen < params->sigSz) { @@ -8172,8 +8237,6 @@ } #endif if (ret == 0) { - unsigned int allocSz; - /* y-l, w0-k, w1-k, c-1, z-l, ct0-k */ allocSz = params->s1Sz + params->s2Sz + params->s2Sz + DILITHIUM_POLY_SIZE + params->s1Sz + params->s2Sz; @@ -8190,6 +8253,9 @@ ret = MEMORY_E; } else { + #ifdef WC_MLDSA_FAULT_HARDEN + y_check = y; + #endif w0 = y + params->s1Sz / sizeof(*y); w1 = w0 + params->s2Sz / sizeof(*w0); c = w1 + params->s2Sz / sizeof(*w1); @@ -8252,14 +8318,25 @@ params->gamma1_bits, y, params->l); #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y valid = dilithium_vec_check_low(y, params->l, - (1 << params->gamma1_bits) - params->beta); + ((sword32)1 << params->gamma1_bits) - params->beta); if (valid) #endif { /* Step 13: NTT-1(A o NTT(y)) */ XMEMCPY(y_ntt, y, params->s1Sz); + #ifdef WC_MLDSA_FAULT_HARDEN + if (y_check != y) { + valid = 0; + ret = BAD_COND_E; + } + } + if (ret == 0) { + #endif dilithium_vec_ntt_full(y_ntt, params->l); dilithium_matrix_mul(w, a, y_ntt, params->k, params->l); + #ifdef WOLFSSL_DILITHIUM_SMALL + dilithium_vec_red(w, params->k); + #endif dilithium_vec_invntt_full(w, params->k); /* Step 14, Step 22: Make values positive and decompose. */ dilithium_vec_make_pos(w, params->k); @@ -8306,7 +8383,7 @@ valid = dilithium_vec_check_low(w0 + i * DILITHIUM_N, 1, hi); } - hi = (1 << params->gamma1_bits) - params->beta; + hi = ((sword32)1 << params->gamma1_bits) - params->beta; for (i = 0; valid && i < params->l; i++) { /* Step 19: cs1 = NTT-1(c o s1) */ dilithium_mul(z + i * DILITHIUM_N, c, @@ -8366,6 +8443,10 @@ dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze); } + ForceZero(priv_rand_seed, sizeof(priv_rand_seed)); + if (y != NULL) { + ForceZero(y, allocSz); + } XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; #else @@ -8395,10 +8476,14 @@ byte* blocks = NULL; byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; byte* h = sig + params->lambda / 4 + params->zEncSz; + unsigned int allocSz = 0; #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A, params->k); #endif +#ifdef WC_MLDSA_FAULT_HARDEN + sword32* y_check; +#endif /* Check the signature buffer isn't too small. */ if ((ret == 0) && (*sigLen < params->sigSz)) { @@ -8411,8 +8496,6 @@ /* Allocate memory for large intermediates. */ if (ret == 0) { - unsigned int allocSz; - /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */ allocSz = params->s1Sz + params->s2Sz + params->s2Sz + DILITHIUM_REJ_NTT_POLY_H_SIZE + @@ -8430,6 +8513,9 @@ ret = MEMORY_E; } else { + #ifdef WC_MLDSA_FAULT_HARDEN + y_check = y; + #endif w0 = y + params->s1Sz / sizeof(*y_ntt); w1 = w0 + params->s2Sz / sizeof(*w0); blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1)); @@ -8515,7 +8601,7 @@ params->gamma1_bits, y, params->l); #ifdef WOLFSSL_DILITHIUM_SIGN_CHECK_Y valid = dilithium_vec_check_low(y, params->l, - (1 << params->gamma1_bits) - params->beta); + ((sword32)1 << params->gamma1_bits) - params->beta); #endif #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A @@ -8523,6 +8609,9 @@ XMEMCPY(y_ntt, y, params->s1Sz); dilithium_vec_ntt_full(y_ntt, params->l); dilithium_matrix_mul(w, a, y_ntt, maxK, params->l); + #ifdef WOLFSSL_DILITHIUM_SMALL + dilithium_vec_red(w, params->k); + #endif dilithium_vec_invntt_full(w, maxK); /* Step 14, Step 22: Make values positive and decompose. */ dilithium_vec_make_pos(w, maxK); @@ -8545,6 +8634,16 @@ #else sword32* y_ntt_t = y_ntt; #endif + #ifdef WC_MLDSA_FAULT_HARDEN + sword32* yt_check = yt; + #endif + #ifdef WC_MLDSA_FAULT_HARDEN + if (y_check != y) { + valid = 0; + ret = BAD_COND_E; + break; + } + #endif /* Put r/i into buffer to be hashed. */ aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; @@ -8559,6 +8658,12 @@ break; } XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE); + #ifdef WC_MLDSA_FAULT_HARDEN + if (yt_check + s * DILITHIUM_N != yt) { + ret = BAD_COND_E; + break; + } + #endif dilithium_ntt_full(y_ntt_t); /* Matrix multiply. */ #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 @@ -8657,6 +8762,9 @@ /* Next polynomial. */ yt += DILITHIUM_N; } + if (ret != 0) { + break; + } #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 for (e = 0; e < DILITHIUM_N; e++) { wt[e] = dilithium_mont_red(t64[e]); @@ -8743,7 +8851,7 @@ dilithium_add(z, yt); dilithium_poly_red(z); /* Step 23: Check z has low enough values. */ - hi = (1 << params->gamma1_bits) - params->beta; + hi = ((sword32)1 << params->gamma1_bits) - params->beta; valid = dilithium_check_low(z, hi); if (valid) { /* Step 32: Encode z into signature. @@ -8776,9 +8884,9 @@ const byte* s2pt = s2p; #endif sword32* cs2 = ct0; + byte idx = 0; w0t = w0; w1t = w1; - byte idx = 0; for (r = 0; valid && (r < params->k); r++) { #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC @@ -8879,6 +8987,10 @@ while ((ret == 0) && (!valid)); } + ForceZero(priv_rand_seed, sizeof(priv_rand_seed)); + if (y != NULL) { + ForceZero(y, allocSz); + } XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; #endif @@ -8932,6 +9044,7 @@ ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } + ForceZero(seedMu, sizeof(seedMu)); return ret; } @@ -8962,6 +9075,7 @@ * @return MEMORY_E when memory allocation fails. * @return Other negative when an error occurs. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) { @@ -8980,8 +9094,10 @@ ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } + ForceZero(seedMu, sizeof(seedMu)); return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Sign a message with the key and a random number generator. * @@ -9044,6 +9160,7 @@ ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } + ForceZero(seedMu, sizeof(seedMu)); return ret; } @@ -9077,6 +9194,7 @@ * @return MEMORY_E when memory allocation fails. * @return Other negative when an error occurs. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) { @@ -9105,8 +9223,10 @@ ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } + ForceZero(seedMu, sizeof(seedMu)); return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Sign a pre-hashed message with the key and a seed. * @@ -9156,8 +9276,9 @@ byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE]; word32 oidMsgHashLen = 0; - if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) { - ret = BUFFER_E; + /* Check that the input hash length is valid. */ + if ((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg)) { + ret = BAD_LENGTH_E; } if (ret == 0) { @@ -9177,6 +9298,7 @@ ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } + ForceZero(seedMu, sizeof(seedMu)); return ret; } @@ -9226,6 +9348,7 @@ hash, hashLen, sig, sigLen); } + ForceZero(seed, sizeof(seed)); return ret; } @@ -9385,7 +9508,7 @@ /* Step 2: Decode z from signature. */ dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z); /* Step 13: Check z is valid - values are low enough. */ - hi = (1 << params->gamma1_bits) - params->beta; + hi = ((sword32)1 << params->gamma1_bits) - params->beta; valid = dilithium_vec_check_low(z, params->l, hi); } if ((ret == 0) && valid) { @@ -9421,6 +9544,9 @@ /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ dilithium_vec_ntt_full(z, params->l); dilithium_matrix_mul(w, a, z, params->k, params->l); + #ifdef WOLFSSL_DILITHIUM_SMALL + dilithium_vec_red(w, params->k); + #endif dilithium_ntt_small_full(c); dilithium_vec_mul(t1c, c, t1, params->k); dilithium_vec_sub(w, t1c, params->k); @@ -9524,7 +9650,7 @@ /* Step 2: Decode z from signature. */ dilithium_vec_decode_gamma1(ze, params->l, params->gamma1_bits, z); /* Step 13: Check z is valid - values are low enough. */ - hi = (1 << params->gamma1_bits) - params->beta; + hi = ((sword32)1 << params->gamma1_bits) - params->beta; valid = dilithium_vec_check_low(z, params->l, hi); } if ((ret == 0) && valid) { @@ -9718,8 +9844,8 @@ * @return Other negative when an error occurs. */ static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx, - word32 ctxLen, const byte* msg, word32 msgLen, const byte* sig, - word32 sigLen, int* res) + byte ctxLen, const byte* msg, word32 msgLen, const byte* sig, word32 sigLen, + int* res) { int ret = 0; byte tr[DILITHIUM_TR_SZ]; @@ -9746,6 +9872,7 @@ return ret; } +#ifdef WOLFSSL_DILITHIUM_NO_CTX /* Verify signature of message using public key. * * @param [in, out] key Dilithium key. @@ -9788,6 +9915,7 @@ return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Verify signature of message using public key. * @@ -9808,8 +9936,8 @@ * @return Other negative when an error occurs. */ static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, - word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen, - const byte* sig, word32 sigLen, int* res) + byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, const byte* sig, + word32 sigLen, int* res) { int ret = 0; byte tr[DILITHIUM_TR_SZ]; @@ -9820,6 +9948,12 @@ if (key == NULL) { ret = BAD_FUNC_ARG; } + /* Check that the input hash length is valid. */ + if ((ret == 0) && + ((int)hashLen != wc_HashGetDigestSize((enum wc_HashType)hashAlg))) + { + ret = BAD_LENGTH_E; + } if (ret == 0) { /* Step 6: Hash public key. */ @@ -9941,20 +10075,18 @@ if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *sigLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, sig, &localOutLen, msg, msgLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *sigLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); } @@ -10007,7 +10139,7 @@ } return ret; } -#endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ #else #error "No dilithium implementation chosen." @@ -10115,6 +10247,9 @@ if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { ret = BAD_FUNC_ARG; } + if ((ret == 0) && (!key->prvKeySet)) { + ret = BAD_FUNC_ARG; + } #ifdef WOLF_CRYPTO_CB if (ret == 0) { @@ -10145,6 +10280,7 @@ return ret; } +#ifdef WOLFSSL_DILITHIUM_NO_CTX /* Sign the message using the dilithium private key. * * msg [in] Message to sign. @@ -10156,6 +10292,8 @@ * returns BAD_FUNC_ARG when a parameter is NULL or public key not set, * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, * 0 otherwise. + * NOTE: This is a pre-FIPS 204 API without context support. New code should + * use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0 instead. */ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, WC_RNG* rng) @@ -10194,6 +10332,7 @@ return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Sign the message hash using the dilithium private key. * @@ -10302,6 +10441,7 @@ return ret; } +#ifdef WOLFSSL_DILITHIUM_NO_CTX /* Sign the message using the dilithium private key. * * msg [in] Message to sign. @@ -10313,6 +10453,8 @@ * returns BAD_FUNC_ARG when a parameter is NULL or public key not set, * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, * 0 otherwise. + * NOTE: This is a pre-FIPS 204 API without context support. New code should + * use wc_dilithium_sign_ctx_msg_with_seed() instead. */ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, const byte* seed) @@ -10337,6 +10479,7 @@ return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Sign the message using the dilithium private key. * @@ -10403,7 +10546,7 @@ * 0 otherwise. */ int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, - word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key) + byte ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key) { int ret = 0; @@ -10414,6 +10557,10 @@ if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { ret = BAD_FUNC_ARG; } + /* Reject msgLen that would cause integer overflow in hash computations */ + if ((ret == 0) && (msgLen > WOLFSSL_MAX_32BIT / 2)) { + ret = BAD_FUNC_ARG; + } #ifdef WOLF_CRYPTO_CB if (ret == 0) { @@ -10437,16 +10584,14 @@ ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig, sigLen, res); #elif defined(HAVE_LIBOQS) - ret = NOT_COMPILED_IN; - (void)sigLen; - (void)msgLen; - (void)res; + ret = oqs_dilithium_verify_msg(sig, sigLen, msg, msgLen, res, key); #endif } return ret; } +#ifdef WOLFSSL_DILITHIUM_NO_CTX /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -10458,6 +10603,8 @@ * returns BAD_FUNC_ARG when a parameter is NULL or contextLen is zero when and * BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE, * 0 otherwise. + * NOTE: This is a pre-FIPS 204 API without context support. New code should + * use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0 instead. */ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key) @@ -10496,6 +10643,7 @@ return ret; } +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ /* Verify the message using the dilithium public key. * @@ -10514,8 +10662,8 @@ * 0 otherwise. */ int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, - const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash, - word32 hashLen, int* res, dilithium_key* key) + const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, + int* res, dilithium_key* key) { int ret = 0; @@ -10596,10 +10744,12 @@ int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p) { + void* heap; if (key == NULL) return BAD_FUNC_ARG; + heap = key->heap; wc_dilithium_free(key); - XFREE(key, key->heap, DYNAMIC_TYPE_DILITHIUM); + XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); if (key_p != NULL) *key_p = NULL; @@ -10813,7 +10963,23 @@ */ void wc_dilithium_free(dilithium_key* key) { +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) + int ret = 0; +#endif + if (key != NULL) { +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK, + WC_PK_TYPE_PQC_SIG_KEYGEN, + WC_PQC_SIG_TYPE_DILITHIUM, + (void*)key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return; + /* fall-through to software cleanup */ + } + (void)ret; +#endif #ifdef WOLFSSL_WC_DILITHIUM #ifndef WC_DILITHIUM_FIXED_ARRAY /* Dispose of cached items. */ @@ -11168,6 +11334,9 @@ /* Calcaluate t = NTT-1(A o NTT(s1)) + s2 */ dilithium_vec_ntt_small_full(s1, params->l); dilithium_matrix_mul(t, a, s1, params->k, params->l); + #ifdef WOLFSSL_DILITHIUM_SMALL + dilithium_vec_red(t, params->k); + #endif dilithium_vec_invntt_full(t, params->k); dilithium_vec_add(t, s2, params->k); /* Subtract t0 from t. */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/dsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,6 +27,7 @@ #include #include #include +#include #ifdef NO_INLINE #include @@ -85,10 +86,7 @@ if (key == NULL) return; - if (key->type == DSA_PRIVATE) - mp_forcezero(&key->x); - - mp_clear(&key->x); + mp_forcezero(&key->x); mp_clear(&key->y); mp_clear(&key->g); mp_clear(&key->q); @@ -227,10 +225,11 @@ dsa->type = DSA_PRIVATE; if (err != MP_OKAY) { - mp_clear(&dsa->x); + mp_forcezero(&dsa->x); mp_clear(&dsa->y); } + ForceZero(cBuf, (word32)cSz); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(cBuf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmpQ != NULL) { @@ -323,7 +322,7 @@ if (err == MP_OKAY) #endif - err = mp_init_multi(tmp, tmp2, &dsa->p, &dsa->q, 0, 0); + err = mp_init_multi(tmp, tmp2, &dsa->p, &dsa->q, &dsa->g, 0); if (err == MP_OKAY) err = mp_read_unsigned_bin(tmp2, buf, (word32)(msize - qsize)); @@ -368,9 +367,6 @@ err = mp_add_d(tmp2, 2 * (mp_digit)loop_check_prime, tmp2); } - if (err == MP_OKAY) - err = mp_init(&dsa->g); - /* find a value g for which g^tmp2 != 1 */ if (err == MP_OKAY) err = mp_set(&dsa->g, 1); @@ -399,18 +395,24 @@ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(buf, dsa->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp != NULL) { - mp_clear(tmp); + if ((err != WC_NO_ERR_TRACE(MP_INIT_E)) && + (err != WC_NO_ERR_TRACE(MEMORY_E))) + mp_clear(tmp); XFREE(tmp, NULL, DYNAMIC_TYPE_WOLF_BIGINT); } if (tmp2 != NULL) { - mp_clear(tmp2); + if ((err != WC_NO_ERR_TRACE(MP_INIT_E)) && + (err != WC_NO_ERR_TRACE(MEMORY_E))) + mp_clear(tmp2); XFREE(tmp2, NULL, DYNAMIC_TYPE_WOLF_BIGINT); } #else - mp_clear(tmp); - mp_clear(tmp2); + if (err != WC_NO_ERR_TRACE(MP_INIT_E)) { + mp_clear(tmp); + mp_clear(tmp2); + } #endif - if (err != MP_OKAY) { + if ((err != MP_OKAY) && (err != WC_NO_ERR_TRACE(MP_INIT_E))) { mp_clear(&dsa->q); mp_clear(&dsa->p); mp_clear(&dsa->g); @@ -688,6 +690,12 @@ if (digest == NULL || out == NULL || key == NULL || rng == NULL) return BAD_FUNC_ARG; + if ((digestSz > WC_MAX_DIGEST_SIZE) || + (digestSz < WC_MIN_DIGEST_SIZE)) + { + return BAD_LENGTH_E; + } + SAVE_VECTOR_REGISTERS(return _svr_ret;); do { @@ -1021,6 +1029,16 @@ if (digest == NULL || sig == NULL || key == NULL || answer == NULL) return BAD_FUNC_ARG; + /* Note the min allowed digestSz here is WC_SHA_DIGEST_SIZE, not + * WC_MIN_DIGEST_SIZE, to allow verify-only legacy DSA operations, as + * expressly allowed under FIPS 186-5, FIPS 140-3, and SP 800-131A. + */ + if ((digestSz > WC_MAX_DIGEST_SIZE) || + (digestSz < WC_SHA_DIGEST_SIZE)) + { + return BAD_LENGTH_E; + } + do { #ifdef WOLFSSL_SMALL_STACK w = (mp_int *)XMALLOC(sizeof *w, key->heap, DYNAMIC_TYPE_TMP_BUFFER); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ecc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,12 +50,10 @@ * SECP160K1 and SECP224K1. These do not work with scalars * that are the length of the order when the order is * longer than the prime. Use wc_ecc_fp_free to free cache. - * USE_ECC_B_PARAM: Enable ECC curve B param default: off - * (on for HAVE_COMP_KEY) * WOLFSSL_ECC_CURVE_STATIC: default off (on for windows) * For the ECC curve parameters `ecc_set_type` use fixed * array for hex string - * WC_ECC_NONBLOCK: Enable non-blocking support for sign/verify. + * WC_ECC_NONBLOCK: Enable non-blocking support for sign/verify/keygen/secret. * Requires SP with WOLFSSL_SP_NONBLOCK * WC_ECC_NONBLOCK_ONLY Enable the non-blocking function only, no fall-back to * normal blocking API's @@ -100,6 +98,65 @@ * WOLFSSL_CHECK_VER_FAULTS * Sanity check on verification steps in case of faults. * default: off + * ECC_TIMING_RESISTANT: Enables constant-time ECC operations default: on + * to prevent timing side-channel attacks. + * Auto-enabled for FIPS and some embedded builds. + * WC_NO_CACHE_RESISTANT: Disables cache-resistant operations default: off + * (conditional swaps) in ECC scalar multiply to + * reduce overhead. Not recommended for secure use. + * ALT_ECC_SIZE: Uses alternate smaller fixed-size arrays default: off + * for ECC points instead of full mp_int arrays, + * reducing memory. Requires USE_FAST_MATH. + * WOLFSSL_ECC_NO_SMALL_STACK: Disables WOLFSSL_SMALL_STACK default: off + * optimizations for ECC, using stack instead of heap. + * HAVE_ECC_CHECK_PUBKEY_ORDER: Validates ECC public key order default: on + * during import. Auto-enabled unless + * NO_ECC_CHECK_PUBKEY_ORDER is defined. + * NO_ECC_CHECK_PUBKEY_ORDER: Disables public key order check default: off + * during ECC key import. Not recommended. + * HAVE_ECC_MAKE_PUB: Enables computing public key from default: on + * private key via wc_ecc_make_pub. + * HAVE_ECC_VERIFY_HELPER: Enables ECC verify helper functions default: on + * Auto-enabled unless using hardware accelerators. + * WOLFSSL_PUBLIC_ECC_ADD_DBL: Makes ecc_projective_add_point default: off + * and ecc_projective_dbl_point public APIs. + * SQRTMOD_USE_MOD_EXP: Computes square root mod prime using default: off + * modular exponentiation instead of Jacobi method + * for compressed key decompression. + * + * ECIES options: + * WOLFSSL_ECIES_OLD: Uses original wolfSSL ECIES format default: off + * (public key not in shared secret material). + * WOLFSSL_ECIES_ISO18033: Uses ISO 18033 ECIES standard default: off + * (includes public key in shared secret). + * WOLFSSL_ECIES_GEN_IV: Generates random IV for ECIES default: off + * encryption instead of deriving from KDF. + * + * Fixed Point Cache options (requires FP_ECC): + * FP_ENTRIES: Number of FP cache entries default: 15 + * FP_LUT: FP lookup table bit size (2-12). Larger default: 8 + * values use more memory but faster verify. + * FP_ECC_CONTROL: Auto-selects cached FP ECC verify with default: on + * SP when WOLFSSL_HAVE_SP_ECC is available. + * + * SP Math ECC options: + * WOLFSSL_HAVE_SP_ECC: Enables SP math optimizations for ECC default: on + * Provides significant performance improvement. + * WOLFSSL_SP_NO_256: Disables SP P-256 support default: off + * WOLFSSL_SP_384: Enables SP P-384 support default: off + * WOLFSSL_SP_521: Enables SP P-521 support default: off + * WOLFSSL_SP_1024: Enables SP 1024-bit support for SAKKE default: off + * WOLFSSL_SP_SM2: Enables SP SM2 curve support default: off + * Auto-enabled with WOLFSSL_SM2. + * + * Hardware/Offload options: + * WOLFSSL_KCAPI_ECC: Offload ECC to Linux Kernel Crypto API default: off + * WC_ASYNC_ENABLE_ECC: Enables async ECC with crypto callbacks default: off + * Requires WOLFSSL_ASYNC_CRYPT. + * WC_ASYNC_ENABLE_ECC_KEYGEN: Enables async ECC key gen default: off + * PLUTON_CRYPTO_ECC: Uses ARM Pluton TEE for ECC operations default: off + * WOLFSSL_CAAM_BLACK_KEY_SM: Uses NXP CAAM secure memory for default: off + * encrypted black key storage. */ /* @@ -154,6 +211,7 @@ #include #include +#include #ifdef WOLFSSL_HAVE_SP_ECC #include @@ -164,10 +222,6 @@ #include #endif -#ifdef HAVE_X963_KDF - #include -#endif - #ifdef WOLF_CRYPTO_CB #include #endif @@ -1463,9 +1517,7 @@ mp_int* prime; mp_int* Af; - #ifdef USE_ECC_B_PARAM - mp_int* Bf; - #endif + mp_int* Bf; mp_int* order; mp_int* Gx; mp_int* Gy; @@ -1473,9 +1525,7 @@ #ifdef ECC_CACHE_CURVE mp_int prime_lcl; mp_int Af_lcl; - #ifdef USE_ECC_B_PARAM - mp_int Bf_lcl; - #endif + mp_int Bf_lcl; mp_int order_lcl; mp_int Gx_lcl; mp_int Gy_lcl; @@ -1495,19 +1545,12 @@ #define ECC_CURVE_FIELD_NONE 0x00 #define ECC_CURVE_FIELD_PRIME 0x01 #define ECC_CURVE_FIELD_AF 0x02 -#ifdef USE_ECC_B_PARAM #define ECC_CURVE_FIELD_BF 0x04 -#endif #define ECC_CURVE_FIELD_ORDER 0x08 #define ECC_CURVE_FIELD_GX 0x10 #define ECC_CURVE_FIELD_GY 0x20 -#ifdef USE_ECC_B_PARAM #define ECC_CURVE_FIELD_ALL 0x3F #define ECC_CURVE_FIELD_COUNT 6 -#else - #define ECC_CURVE_FIELD_ALL 0x3B - #define ECC_CURVE_FIELD_COUNT 5 -#endif #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) static const u32 xil_curve_type[ECC_CURVE_MAX] = { @@ -1651,10 +1694,8 @@ wc_ecc_curve_cache_free_spec_item(curve, curve->prime, ECC_CURVE_FIELD_PRIME); if (curve->load_mask & ECC_CURVE_FIELD_AF) wc_ecc_curve_cache_free_spec_item(curve, curve->Af, ECC_CURVE_FIELD_AF); -#ifdef USE_ECC_B_PARAM if (curve->load_mask & ECC_CURVE_FIELD_BF) wc_ecc_curve_cache_free_spec_item(curve, curve->Bf, ECC_CURVE_FIELD_BF); -#endif if (curve->load_mask & ECC_CURVE_FIELD_ORDER) wc_ecc_curve_cache_free_spec_item(curve, curve->order, ECC_CURVE_FIELD_ORDER); if (curve->load_mask & ECC_CURVE_FIELD_GX) @@ -1788,9 +1829,7 @@ #ifdef ECC_CACHE_CURVE curve->prime = &curve->prime_lcl; curve->Af = &curve->Af_lcl; - #ifdef USE_ECC_B_PARAM - curve->Bf = &curve->Bf_lcl; - #endif + curve->Bf = &curve->Bf_lcl; curve->order = &curve->order_lcl; curve->Gx = &curve->Gx_lcl; curve->Gy = &curve->Gy_lcl; @@ -1809,11 +1848,9 @@ if (load_items & ECC_CURVE_FIELD_AF) ret += wc_ecc_curve_cache_load_item(curve, dp->Af, &curve->Af, ECC_CURVE_FIELD_AF); -#ifdef USE_ECC_B_PARAM if (load_items & ECC_CURVE_FIELD_BF) ret += wc_ecc_curve_cache_load_item(curve, dp->Bf, &curve->Bf, ECC_CURVE_FIELD_BF); -#endif if (load_items & ECC_CURVE_FIELD_ORDER) ret += wc_ecc_curve_cache_load_item(curve, dp->order, &curve->order, ECC_CURVE_FIELD_ORDER); @@ -1851,7 +1888,6 @@ void wc_ecc_curve_cache_free(void) { int x; - /* free all ECC curve caches */ for (x = 0; x < (int)ECC_SET_COUNT; x++) { #ifdef WOLFSSL_NO_MALLOC @@ -2703,236 +2739,239 @@ */ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) { - int err = MP_OKAY; -#if !defined(WOLFSSL_SP_MATH) - DECL_MP_INT_SIZE_DYN(t1, mp_bitsused(modulus), MAX_ECC_BITS_USE); - DECL_MP_INT_SIZE_DYN(t2, mp_bitsused(modulus), MAX_ECC_BITS_USE); -#ifdef ALT_ECC_SIZE - DECL_MP_INT_SIZE_DYN(rx, mp_bitsused(modulus), MAX_ECC_BITS_USE); - DECL_MP_INT_SIZE_DYN(ry, mp_bitsused(modulus), MAX_ECC_BITS_USE); - DECL_MP_INT_SIZE_DYN(rz, mp_bitsused(modulus), MAX_ECC_BITS_USE); -#endif - mp_int *x, *y, *z; - - (void)ct; - - if (P == NULL || modulus == NULL) - return ECC_BAD_ARG_E; + int err = MP_OKAY; + (void)ct; - /* special case for point at infinity */ - if (mp_cmp_d(P->z, 0) == MP_EQ) { - err = mp_set(P->x, 0); - if (err == MP_OKAY) - err = mp_set(P->y, 0); - if (err == MP_OKAY) - err = mp_set(P->z, 1); - return err; - } + if (P == NULL || modulus == NULL){ + return ECC_BAD_ARG_E; + } + { + #if !defined(WOLFSSL_SP_MATH) + DECL_MP_INT_SIZE_DYN(t1, mp_bitsused(modulus), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(t2, mp_bitsused(modulus), MAX_ECC_BITS_USE); + #ifdef ALT_ECC_SIZE + DECL_MP_INT_SIZE_DYN(rx, mp_bitsused(modulus), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(ry, mp_bitsused(modulus), MAX_ECC_BITS_USE); + DECL_MP_INT_SIZE_DYN(rz, mp_bitsused(modulus), MAX_ECC_BITS_USE); + #endif + mp_int *x, *y, *z; + + /* special case for point at infinity */ + if (mp_cmp_d(P->z, 0) == MP_EQ) { + err = mp_set(P->x, 0); + if (err == MP_OKAY) + err = mp_set(P->y, 0); + if (err == MP_OKAY) + err = mp_set(P->z, 1); + return err; + } -#ifdef WOLFSSL_SMALL_STACK -#ifdef WOLFSSL_SMALL_STACK_CACHE - if (P->key != NULL) { - t1 = P->key->t1; - t2 = P->key->t2; - #ifdef ALT_ECC_SIZE - rx = P->key->x; - ry = P->key->y; - rz = P->key->z; - #endif - } - else -#endif /* WOLFSSL_SMALL_STACK_CACHE */ -#endif - { - NEW_MP_INT_SIZE(t1, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(t2, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); - #ifdef MP_INT_SIZE_CHECK_NULL - if (t1 == NULL || t2 == NULL) { - FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); - return MEMORY_E; - } - #endif - #ifdef ALT_ECC_SIZE - NEW_MP_INT_SIZE(rx, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(ry, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); - NEW_MP_INT_SIZE(rz, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); - #ifdef MP_INT_SIZE_CHECK_NULL - if (rx == NULL || ry == NULL || rz == NULL) { - FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); - return MEMORY_E; - } - #endif - #endif - } + #ifdef WOLFSSL_SMALL_STACK + #ifdef WOLFSSL_SMALL_STACK_CACHE + if (P->key != NULL) { + t1 = P->key->t1; + t2 = P->key->t2; + #ifdef ALT_ECC_SIZE + rx = P->key->x; + ry = P->key->y; + rz = P->key->z; + #endif + } + else + #endif /* WOLFSSL_SMALL_STACK_CACHE */ + #endif + { + NEW_MP_INT_SIZE(t1, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(t2, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL + if (t1 == NULL || t2 == NULL) { + FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); + return MEMORY_E; + } + #endif + #ifdef ALT_ECC_SIZE + NEW_MP_INT_SIZE(rx, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(ry, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); + NEW_MP_INT_SIZE(rz, mp_bitsused(modulus), NULL, DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL + if (rx == NULL || ry == NULL || rz == NULL) { + FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); + return MEMORY_E; + } + #endif + #endif + } - err = INIT_MP_INT_SIZE(t1, mp_bitsused(modulus)); - if (err == MP_OKAY) { - err = INIT_MP_INT_SIZE(t2, mp_bitsused(modulus)); - } - if (err != MP_OKAY) { -#ifdef WOLFSSL_SMALL_STACK - #ifdef WOLFSSL_SMALL_STACK_CACHE - if (P->key == NULL) - #endif -#endif - { - #ifdef ALT_ECC_SIZE - FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); - #endif - FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); - } - return MEMORY_E; - } + err = INIT_MP_INT_SIZE(t1, mp_bitsused(modulus)); + if (err == MP_OKAY) { + err = INIT_MP_INT_SIZE(t2, mp_bitsused(modulus)); + } + if (err != MP_OKAY) { + #ifdef WOLFSSL_SMALL_STACK + #ifdef WOLFSSL_SMALL_STACK_CACHE + if (P->key == NULL) + #endif + #endif + { + #ifdef ALT_ECC_SIZE + FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); + #endif + FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); + } + return MEMORY_E; + } -#ifdef ALT_ECC_SIZE - /* Use local stack variable */ - x = rx; - y = ry; - z = rz; + #ifdef ALT_ECC_SIZE + /* Use local stack variable */ + x = rx; + y = ry; + z = rz; - err = INIT_MP_INT_SIZE(x, mp_bitsused(modulus)); - if (err == MP_OKAY) { - err = INIT_MP_INT_SIZE(y, mp_bitsused(modulus)); - } - if (err == MP_OKAY) { - err = INIT_MP_INT_SIZE(z, mp_bitsused(modulus)); - } - if (err != MP_OKAY) { - goto done; - } + err = INIT_MP_INT_SIZE(x, mp_bitsused(modulus)); + if (err == MP_OKAY) { + err = INIT_MP_INT_SIZE(y, mp_bitsused(modulus)); + } + if (err == MP_OKAY) { + err = INIT_MP_INT_SIZE(z, mp_bitsused(modulus)); + } + if (err != MP_OKAY) { + goto done; + } - if (err == MP_OKAY) - err = mp_copy(P->x, x); - if (err == MP_OKAY) - err = mp_copy(P->y, y); - if (err == MP_OKAY) - err = mp_copy(P->z, z); + if (err == MP_OKAY) + err = mp_copy(P->x, x); + if (err == MP_OKAY) + err = mp_copy(P->y, y); + if (err == MP_OKAY) + err = mp_copy(P->z, z); - if (err != MP_OKAY) { - goto done; - } -#else - /* Use destination directly */ - x = P->x; - y = P->y; - z = P->z; -#endif + if (err != MP_OKAY) { + goto done; + } + #else + /* Use destination directly */ + x = P->x; + y = P->y; + z = P->z; + #endif - /* get 1/z */ - if (err == MP_OKAY) { -#if defined(ECC_TIMING_RESISTANT) && (defined(USE_FAST_MATH) || \ - defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) - if (ct) { - err = mp_invmod_mont_ct(z, modulus, t1, mp); - if (err == MP_OKAY) - err = mp_montgomery_reduce(t1, modulus, mp); - } - else -#endif - { - /* first map z back to normal */ - err = mp_montgomery_reduce(z, modulus, mp); - if (err == MP_OKAY) - err = mp_invmod(z, modulus, t1); - } - } + /* get 1/z */ + if (err == MP_OKAY) { + #if defined(ECC_TIMING_RESISTANT) && (defined(USE_FAST_MATH) || \ + defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) + if (ct) { + err = mp_invmod_mont_ct(z, modulus, t1, mp); + if (err == MP_OKAY) + err = mp_montgomery_reduce(t1, modulus, mp); + } + else + #endif + { + /* first map z back to normal */ + err = mp_montgomery_reduce(z, modulus, mp); + if (err == MP_OKAY) + err = mp_invmod(z, modulus, t1); + } + } - /* get 1/z^2 and 1/z^3 */ - if (err == MP_OKAY) - err = mp_sqr(t1, t2); - if (err == MP_OKAY) - err = mp_mod(t2, modulus, t2); - if (err == MP_OKAY) - err = mp_mul(t1, t2, t1); - if (err == MP_OKAY) - err = mp_mod(t1, modulus, t1); + /* get 1/z^2 and 1/z^3 */ + if (err == MP_OKAY) + err = mp_sqr(t1, t2); + if (err == MP_OKAY) + err = mp_mod(t2, modulus, t2); + if (err == MP_OKAY) + err = mp_mul(t1, t2, t1); + if (err == MP_OKAY) + err = mp_mod(t1, modulus, t1); - /* multiply against x/y */ - if (err == MP_OKAY) - err = mp_mul(x, t2, x); - if (err == MP_OKAY) - err = mp_montgomery_reduce(x, modulus, mp); - if (err == MP_OKAY) - err = mp_mul(y, t1, y); - if (err == MP_OKAY) - err = mp_montgomery_reduce(y, modulus, mp); + /* multiply against x/y */ + if (err == MP_OKAY) + err = mp_mul(x, t2, x); + if (err == MP_OKAY) + err = mp_montgomery_reduce(x, modulus, mp); + if (err == MP_OKAY) + err = mp_mul(y, t1, y); + if (err == MP_OKAY) + err = mp_montgomery_reduce(y, modulus, mp); - if (err == MP_OKAY) - err = mp_set(z, 1); + if (err == MP_OKAY) + err = mp_set(z, 1); -#ifdef ALT_ECC_SIZE - /* return result */ - if (err == MP_OKAY) - err = mp_copy(x, P->x); - if (err == MP_OKAY) - err = mp_copy(y, P->y); - if (err == MP_OKAY) - err = mp_copy(z, P->z); + #ifdef ALT_ECC_SIZE + /* return result */ + if (err == MP_OKAY) + err = mp_copy(x, P->x); + if (err == MP_OKAY) + err = mp_copy(y, P->y); + if (err == MP_OKAY) + err = mp_copy(z, P->z); -done: -#endif + done: + #endif - /* clean up */ - mp_clear(t1); - mp_clear(t2); + /* clean up */ + mp_clear(t1); + mp_clear(t2); -#ifdef WOLFSSL_SMALL_STACK -#ifdef WOLFSSL_SMALL_STACK_CACHE - if (P->key == NULL) -#endif -#endif - { - #ifdef ALT_ECC_SIZE - FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); - #endif - FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); - FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); - } + #ifdef WOLFSSL_SMALL_STACK + #ifdef WOLFSSL_SMALL_STACK_CACHE + if (P->key == NULL) + #endif + #endif + { + #ifdef ALT_ECC_SIZE + FREE_MP_INT_SIZE(rz, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(ry, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(rx, NULL, DYNAMIC_TYPE_ECC); + #endif + FREE_MP_INT_SIZE(t2, NULL, DYNAMIC_TYPE_ECC); + FREE_MP_INT_SIZE(t1, NULL, DYNAMIC_TYPE_ECC); + } - return err; - /* end !defined(WOLFSSL_SP_MATH) */ + return err; + /* end !defined(WOLFSSL_SP_MATH) */ -#else - /* begin defined(WOLFSSL_SP_MATH) */ - if (P == NULL || modulus == NULL) - return ECC_BAD_ARG_E; + #else + /* begin defined(WOLFSSL_SP_MATH) */ + if (P == NULL || modulus == NULL) + return ECC_BAD_ARG_E; - (void)mp; - (void)ct; + (void)mp; + (void)ct; -#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) - if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) { - err = sp_ecc_map_sm2_256(P->x, P->y, P->z); - } -#elif !defined(WOLFSSL_SP_NO_256) - if (mp_count_bits(modulus) == 256) { - err = sp_ecc_map_256(P->x, P->y, P->z); - } -#elif defined(WOLFSSL_SP_384) - if (mp_count_bits(modulus) == 384) { - err = sp_ecc_map_384(P->x, P->y, P->z); - } -#elif defined(WOLFSSL_SP_521) - if (mp_count_bits(modulus) == 521) { - err = sp_ecc_map_521(P->x, P->y, P->z); - } -#else - err = ECC_BAD_ARG_E; -#endif + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) + if ((mp_count_bits(modulus) == 256) && + (!mp_is_bit_set(modulus, 224))) { + err = sp_ecc_map_sm2_256(P->x, P->y, P->z); + } + #elif !defined(WOLFSSL_SP_NO_256) + if (mp_count_bits(modulus) == 256) { + err = sp_ecc_map_256(P->x, P->y, P->z); + } + #elif defined(WOLFSSL_SP_384) + if (mp_count_bits(modulus) == 384) { + err = sp_ecc_map_384(P->x, P->y, P->z); + } + #elif defined(WOLFSSL_SP_521) + if (mp_count_bits(modulus) == 521) { + err = sp_ecc_map_521(P->x, P->y, P->z); + } + #else + err = ECC_BAD_ARG_E; + #endif - WOLFSSL_LEAVE("ecc_map_ex (SP Math)", err); - return err; + WOLFSSL_LEAVE("ecc_map_ex (SP Math)", err); + return err; #endif /* WOLFSSL_SP_MATH */ + } } #endif /* !FREESCALE_LTC_ECC && !WOLFSSL_STM32_PKA */ @@ -3858,7 +3897,7 @@ */ err = mp_sub_d(order, 1, t); if (err == MP_OKAY) { - int kIsMinusOne = (mp_cmp((mp_int*)k, t) == MP_EQ); + int kIsMinusOne = (mp_cmp((const mp_int*)k, t) == MP_EQ); err = mp_cond_copy(tG->x, kIsMinusOne, R->x); if (err == MP_OKAY) { err = mp_sub(modulus, tG->y, t); @@ -4363,7 +4402,8 @@ if (encType == WC_TYPE_HEX_STR) { if ((word32)XSTRLEN(curveParam) != paramSz) return -1; - return (XSTRNCMP(curveParam, (char*) param, paramSz) == 0) ? 0 : -1; + return (XSTRNCMP(curveParam, (const char*) param, paramSz) == 0) + ? 0 : -1; } #ifdef WOLFSSL_SMALL_STACK @@ -4700,6 +4740,7 @@ return ECC_BAD_ARG_E; } + #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) /* For SECP256R1 use hardware */ if (private_key->dp->id == ECC_SECP256R1) { @@ -4968,7 +5009,7 @@ #ifdef HAVE_ECC_CDH if (k == k_lcl) - mp_clear(k); + mp_forcezero(k); WC_FREE_VAR_EX(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); #endif @@ -5212,7 +5253,6 @@ #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_CRYPTOCELL && !WOLFSSL_KCAPI_ECC */ #endif /* HAVE_ECC_DHE */ -#ifdef USE_ECC_B_PARAM /* Checks if a point p lies on the curve with index curve_idx */ int wc_ecc_point_is_on_curve(ecc_point *p, int curve_idx) { @@ -5247,7 +5287,6 @@ return err; } -#endif /* USE_ECC_B_PARAM */ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_CRYPTOCELL) && \ @@ -6716,7 +6755,9 @@ if (in == NULL || out == NULL || outlen == NULL || key == NULL) { return ECC_BAD_ARG_E; } - if (inlen > WC_MAX_DIGEST_SIZE) { + if ((inlen > WC_MAX_DIGEST_SIZE) || + (inlen < WC_MIN_DIGEST_SIZE)) + { return BAD_LENGTH_E; } @@ -7237,6 +7278,11 @@ if (in == NULL || r == NULL || s == NULL || key == NULL || rng == NULL) { return ECC_BAD_ARG_E; } + if ((inlen > WC_MAX_DIGEST_SIZE) || + (inlen < WC_MIN_DIGEST_SIZE)) + { + return BAD_LENGTH_E; + } /* is this a private key? */ if (key->type != ECC_PRIVATEKEY && key->type != ECC_PRIVATEKEY_ONLY) { @@ -7434,7 +7480,7 @@ #ifndef HAVE_CAVIUM_V mp_clear(e); - mp_clear(k); + mp_forcezero(k); #endif wc_ecc_curve_free(curve); FREE_CURVE_SPECS(); @@ -7854,21 +7900,21 @@ #endif /* !HAVE_ECC_SIGN */ #ifdef WOLFSSL_CUSTOM_CURVES -void wc_ecc_free_curve(const ecc_set_type* curve, void* heap) +void wc_ecc_free_curve(ecc_set_type* curve, void* heap) { #ifndef WOLFSSL_ECC_CURVE_STATIC if (curve->prime != NULL) - XFREE((void*)curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->prime, heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->Af != NULL) - XFREE((void*)curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->Af, heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->Bf != NULL) - XFREE((void*)curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->Bf, heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->order != NULL) - XFREE((void*)curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->order, heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->Gx != NULL) - XFREE((void*)curve->Gx, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->Gx, heap, DYNAMIC_TYPE_ECC_BUFFER); if (curve->Gy != NULL) - XFREE((void*)curve->Gy, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE((void*)(wc_ptr_t)curve->Gy, heap, DYNAMIC_TYPE_ECC_BUFFER); #endif XFREE((void*)curve, heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -7884,10 +7930,25 @@ WOLFSSL_ABI int wc_ecc_free(ecc_key* key) { +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) + int ret = 0; +#endif + if (key == NULL) { return 0; } +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_FREE) + if (key->devId != INVALID_DEVID) { + ret = wc_CryptoCb_Free(key->devId, WC_ALGO_TYPE_PK, + WC_PK_TYPE_EC_KEYGEN, 0, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through to software cleanup */ + } + (void)ret; +#endif + #if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) @@ -7965,7 +8026,7 @@ #ifdef WOLFSSL_CUSTOM_CURVES if (key->deallocSet && key->dp != NULL) - wc_ecc_free_curve(key->dp, key->heap); + wc_ecc_free_curve((ecc_set_type *)(wc_ptr_t)key->dp, key->heap); #endif #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -8499,7 +8560,10 @@ if (sig == NULL || hash == NULL || res == NULL || key == NULL) { return ECC_BAD_ARG_E; } - if (hashlen > WC_MAX_DIGEST_SIZE) { + + /* Check hash length */ + if ((hashlen > WC_MAX_DIGEST_SIZE) || + (hashlen < WC_MIN_DIGEST_SIZE)) { return BAD_LENGTH_E; } @@ -9207,6 +9271,12 @@ if (r == NULL || s == NULL || hash == NULL || res == NULL || key == NULL) return ECC_BAD_ARG_E; + /* Check hash length */ + if ((hashlen > WC_MAX_DIGEST_SIZE) || + (hashlen < WC_MIN_DIGEST_SIZE)) { + return BAD_LENGTH_E; + } + /* default to invalid signature */ *res = 0; @@ -9470,6 +9540,13 @@ keysize = (int)(inLen>>1); #endif + /* sanity check that x coordinate is expected size */ + if (err == MP_OKAY) { + if (keysize != ecc_sets[curve_idx].size) { + err = ECC_BAD_ARG_E; + } + } + /* read data */ if (err == MP_OKAY) err = mp_read_unsigned_bin(point->x, in, (word32)keysize); @@ -9487,7 +9564,7 @@ #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) if (curve_idx != ECC_CUSTOM_IDX && ecc_sets[curve_idx].id == ECC_SM2P256V1) { - sp_ecc_uncompress_sm2_256(point->x, pointType, point->y); + err = sp_ecc_uncompress_sm2_256(point->x, pointType, point->y); } else #endif @@ -9885,8 +9962,6 @@ #endif /* HAVE_ECC_KEY_EXPORT */ -#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER - /* is ecc point on curve described by dp ? */ static int _ecc_is_point(ecc_point* ecp, mp_int* a, mp_int* b, mp_int* prime) { @@ -10063,6 +10138,8 @@ return err; } +#ifdef HAVE_ECC_CHECK_PUBKEY_ORDER + #if (FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_ECC_KEYGEN) || \ (defined(WOLFSSL_VALIDATE_ECC_IMPORT) && !defined(WOLFSSL_SP_MATH))) && \ !defined(WOLFSSL_KCAPI_ECC) || defined(WOLFSSL_CAAM) @@ -10430,14 +10507,7 @@ int err = MP_OKAY; #if defined(HAVE_ECC_CHECK_PUBKEY_ORDER) && !defined(WOLFSSL_SP_MATH) mp_int* b = NULL; - #ifdef USE_ECC_B_PARAM - DECLARE_CURVE_SPECS(4); - #else - #ifndef WOLFSSL_SMALL_STACK - mp_int b_lcl; - #endif - DECLARE_CURVE_SPECS(3); - #endif /* USE_ECC_B_PARAM */ + DECLARE_CURVE_SPECS(4); #endif ASSERT_SAVED_VECTOR_REGISTERS(); @@ -10489,21 +10559,7 @@ #endif #ifndef WOLFSSL_SP_MATH - #ifdef USE_ECC_B_PARAM - ALLOC_CURVE_SPECS(4, err); - #else - ALLOC_CURVE_SPECS(3, err); - #ifndef WOLFSSL_SMALL_STACK - b = &b_lcl; - #else - b = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); - if (b == NULL) { - FREE_CURVE_SPECS(); - return MEMORY_E; - } - #endif - XMEMSET(b, 0, sizeof(mp_int)); - #endif + ALLOC_CURVE_SPECS(4, err); #ifdef WOLFSSL_CAAM /* keys can be black encrypted ones which can not be checked like plain text @@ -10528,22 +10584,10 @@ /* load curve info */ if (err == MP_OKAY) err = wc_ecc_curve_load(key->dp, &curve, (ECC_CURVE_FIELD_PRIME | - ECC_CURVE_FIELD_AF | ECC_CURVE_FIELD_ORDER -#ifdef USE_ECC_B_PARAM - | ECC_CURVE_FIELD_BF -#endif - )); + ECC_CURVE_FIELD_AF | ECC_CURVE_FIELD_ORDER | ECC_CURVE_FIELD_BF)); -#ifndef USE_ECC_B_PARAM - /* load curve b parameter */ - if (err == MP_OKAY) - err = mp_init(b); - if (err == MP_OKAY) - err = mp_read_radix(b, key->dp->Bf, MP_RADIX_HEX); -#else if (err == MP_OKAY) b = curve->Bf; -#endif /* SP 800-56Ar3, section 5.6.2.3.3, process step 2 */ /* SP 800-56Ar3, section 5.6.2.3.4, process step 2 */ @@ -10600,11 +10644,6 @@ wc_ecc_curve_free(curve); -#ifndef USE_ECC_B_PARAM - mp_clear(b); - WC_FREE_VAR_EX(b, key->heap, DYNAMIC_TYPE_ECC); -#endif - FREE_CURVE_SPECS(); #else @@ -10633,8 +10672,8 @@ #ifdef HAVE_ECC_KEY_IMPORT /* import public ECC key in ANSI X9.63 format */ -int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, - int curve_id) +int wc_ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key, + int curve_id, int untrusted) { int err = MP_OKAY; #ifdef HAVE_COMP_KEY @@ -10718,7 +10757,10 @@ XMEMCPY(key->pubkey_raw, (byte*)in, inLen); } #elif defined(WOLFSSL_KCAPI_ECC) - XMEMCPY(key->pubkey_raw, (byte*)in, inLen); + if (inLen <= (word32)sizeof(key->pubkey_raw)) + XMEMCPY(key->pubkey_raw, (byte*)in, inLen); + else + err = BAD_FUNC_ARG; #endif if (err == MP_OKAY) { @@ -10844,7 +10886,7 @@ #endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) if (key->dp->id == ECC_SM2P256V1) { - sp_ecc_uncompress_sm2_256(key->pubkey.x, pointType, key->pubkey.y); + err = sp_ecc_uncompress_sm2_256(key->pubkey.x, pointType, key->pubkey.y); } else #endif @@ -10919,6 +10961,84 @@ if (err == MP_OKAY) err = wc_ecc_check_key(key); #endif +#if (!defined(WOLFSSL_VALIDATE_ECC_IMPORT) || \ + !defined(HAVE_ECC_CHECK_PUBKEY_ORDER)) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_CRYPTOCELL) && \ + (!defined(WOLF_CRYPTO_CB_ONLY_ECC) || defined(WOLFSSL_QNX_CAAM) || \ + defined(WOLFSSL_IMXRT1170_CAAM)) + if ((err == MP_OKAY) && untrusted) { + /* Reject point at infinity. */ + if (wc_ecc_point_is_at_infinity(&key->pubkey)) { + err = ECC_INF_E; + } + /* Verify the point lies on the curve (y^2 = x^3 + ax + b mod p) */ + if ((err == MP_OKAY) && (key->idx != ECC_CUSTOM_IDX)) { + #ifdef WOLFSSL_HAVE_SP_ECC + #ifndef WOLFSSL_SP_NO_256 + if (ecc_sets[key->idx].id == ECC_SECP256R1) { + err = sp_ecc_is_point_256(key->pubkey.x, key->pubkey.y); + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) + if (err != MP_OKAY && curve_id < 0) { + /* Retry with SM2 curve when P-256 returns invalid. + * Only when no explicit curve was requested (curve_id < 0). + * Needed because SM2 keys can be mis-identified as + * SECP256R1 during parsing. */ + err = sp_ecc_is_point_sm2_256(key->pubkey.x, + key->pubkey.y); + if (err == MP_OKAY) { + err = wc_ecc_set_curve(key, key->dp->size, + ECC_SM2P256V1); + } + } + #endif + } + else + #endif + #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SP_SM2) + if (ecc_sets[key->idx].id == ECC_SM2P256V1) { + err = sp_ecc_is_point_sm2_256(key->pubkey.x, key->pubkey.y); + } + else + #endif + #ifdef WOLFSSL_SP_384 + if (ecc_sets[key->idx].id == ECC_SECP384R1) { + err = sp_ecc_is_point_384(key->pubkey.x, key->pubkey.y); + } + else + #endif + #ifdef WOLFSSL_SP_521 + if (ecc_sets[key->idx].id == ECC_SECP521R1) { + err = sp_ecc_is_point_521(key->pubkey.x, key->pubkey.y); + } + else + #endif + { + err = wc_ecc_point_is_on_curve(&key->pubkey, key->idx); + } + #else + err = wc_ecc_point_is_on_curve(&key->pubkey, key->idx); + #if defined(WOLFSSL_SM2) + if (err != MP_OKAY && curve_id < 0) { + /* Retry with SM2 curve when P-256 returns invalid. + * Only when no explicit curve was requested (curve_id < 0). + * Needed because SM2 keys can be mis-identified as + * SECP256R1 during parsing. */ + int sm2_idx = wc_ecc_get_curve_idx(ECC_SM2P256V1); + if (sm2_idx != ECC_CURVE_INVALID) { + err = wc_ecc_point_is_on_curve(&key->pubkey, sm2_idx); + if (err == MP_OKAY) { + err = wc_ecc_set_curve(key, WOLFSSL_SM2_KEY_BITS / 8, + ECC_SM2P256V1); + } + } + } + #endif + #endif /* WOLFSSL_HAVE_SP_ECC */ + } + } +#endif + (void)untrusted; #ifdef WOLFSSL_MAXQ10XX_CRYPTO if (err == MP_OKAY) { @@ -10930,7 +11050,7 @@ mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(key->k); + mp_forcezero(key->k); } RESTORE_VECTOR_REGISTERS(); @@ -10938,6 +11058,14 @@ return err; } +/* import public ECC key in ANSI X9.63 format */ +int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, + int curve_id) +{ + /* treat as untrusted: validate the point is on the curve */ + return wc_ecc_import_x963_ex2(in, inLen, key, curve_id, 1); +} + WOLFSSL_ABI int wc_ecc_import_x963(const byte* in, word32 inLen, ecc_key* key) { @@ -11706,7 +11834,7 @@ mp_clear(key->pubkey.x); mp_clear(key->pubkey.y); mp_clear(key->pubkey.z); - mp_clear(key->k); + mp_forcezero(key->k); #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) ForceZero(key->keyRaw, sizeof(key->keyRaw)); #endif @@ -13211,7 +13339,7 @@ err = add_entry(idx1, A); } } - if (err == MP_OKAY && idx1 != -1) { + if (err == MP_OKAY && idx1 != -1 && fp_cache[idx1].lru_count < (INT_MAX-1)) { /* increment LRU */ ++(fp_cache[idx1].lru_count); } @@ -13228,7 +13356,7 @@ } } - if (err == MP_OKAY && idx2 != -1) { + if (err == MP_OKAY && idx2 != -1 && fp_cache[idx2].lru_count < (INT_MAX-1)) { /* increment LRU */ ++(fp_cache[idx2].lru_count); } @@ -13365,7 +13493,7 @@ if (idx >= 0) err = add_entry(idx, G); } - if (err == MP_OKAY && idx >= 0) { + if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) { /* increment LRU */ ++(fp_cache[idx].lru_count); } @@ -13536,7 +13664,7 @@ if (idx >= 0) err = add_entry(idx, G); } - if (err == MP_OKAY && idx >= 0) { + if (err == MP_OKAY && idx >= 0 && fp_cache[idx].lru_count < (INT_MAX-1)) { /* increment LRU */ ++(fp_cache[idx].lru_count); } @@ -13755,7 +13883,7 @@ struct ecEncCtx { - const byte* kdfSalt; /* optional salt for kdf */ + byte* kdfSalt; /* optional salt for kdf */ const byte* kdfInfo; /* optional info for kdf */ const byte* macSalt; /* optional salt for mac */ word32 kdfSaltSz; /* size of kdfSalt */ @@ -14448,6 +14576,8 @@ RESTORE_VECTOR_REGISTERS(); + ForceZero(sharedSecret, sharedSz); + ForceZero(keys, (word32)keysLen); WC_FREE_VAR_EX(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); WC_FREE_VAR_EX(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -14742,8 +14872,8 @@ if (ret == 0) ret = wc_HmacFinal(hmac, verify); - if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz, - digestSz) != 0)) { + if ((ret == 0) && (ConstantCompare(verify, msg + msgSz - digestSz, + (int)digestSz) != 0)) { ret = HASH_TYPE_E; WOLFSSL_MSG("ECC Decrypt HMAC Check failed!"); } @@ -14846,6 +14976,8 @@ if (pubKey == peerKey) wc_ecc_free(peerKey); #endif + ForceZero(sharedSecret, sharedSz); + ForceZero(keys, (word32)keysLen); #ifdef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_ECIES_OLD XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -15624,12 +15756,18 @@ /* Enable ECC support for non-blocking operations */ int wc_ecc_set_nonblock(ecc_key *key, ecc_nb_ctx_t* ctx) { - if (key) { - if (ctx) { - XMEMSET(ctx, 0, sizeof(ecc_nb_ctx_t)); - } - key->nb_ctx = ctx; + if (key == NULL) { + return BAD_FUNC_ARG; + } + /* If a different context is already set, clear it before replacing. + * The caller is responsible for freeing any heap-allocated context. */ + if (key->nb_ctx != NULL && key->nb_ctx != ctx) { + XMEMSET(key->nb_ctx, 0, sizeof(ecc_nb_ctx_t)); + } + if (ctx != NULL) { + XMEMSET(ctx, 0, sizeof(ecc_nb_ctx_t)); } + key->nb_ctx = ctx; return 0; } #endif /* WC_ECC_NONBLOCK */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/eccsi.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* eccsi.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -68,8 +68,6 @@ int devId) { int err = 0; - ecc_key* ecc = NULL; - ecc_key* pubkey = NULL; EccsiKeyParams* params = NULL; if (key == NULL) { @@ -84,7 +82,6 @@ err = wc_ecc_init_ex(&key->ecc, heap, devId); } if (err == 0) { - ecc = &key->ecc; err = wc_ecc_init_ex(&key->pubkey, heap, devId); } if (err == 0) { @@ -94,7 +91,6 @@ } } if (err == 0) { - pubkey = &key->pubkey; err = mp_init_multi(¶ms->order, #ifdef WOLFCRYPT_ECCSI_CLIENT ¶ms->a, ¶ms->b, ¶ms->prime, &key->tmp, &key->ssk @@ -111,8 +107,7 @@ } if (err != 0) { - wc_ecc_free(pubkey); - wc_ecc_free(ecc); + wc_FreeEccsiKey(key); } return err; @@ -2164,6 +2159,18 @@ if (err == 0) { err = eccsi_decode_sig_s(key, sig, sigSz, s); } + /* Validate s is in [1, q-1]: reject zero or out-of-range second signature + * component. With s=0, [s](...) yields the point at infinity whose + * affine x-coordinate is 0, making the final mp_cmp(0,0) accept any + * forged signature. */ + if (err == 0) { + if (mp_iszero(s)) { + err = MP_ZERO_E; + } + else if (mp_cmp(s, &key->params.order) != MP_LT) { + err = ECC_OUT_OF_RANGE_E; + } + } /* [s]( [HE]G + [r]Y ) */ if (err == 0) { err = eccsi_mulmod_point(key, s, j, j, 1); @@ -2243,6 +2250,19 @@ err = mp_montgomery_setup(¶ms->prime, &mp); } + /* Validate r is in [1, q-1]: reject zero or out-of-range first signature + * component before any scalar multiplication takes place. + * Without this check, r=0 causes J_x=0 and the final mp_cmp(0,0)==MP_EQ + * comparison accepts the forged signature unconditionally. */ + if (err == 0) { + if (mp_iszero(r)) { + err = MP_ZERO_E; + } + else if (mp_cmp(r, ¶ms->order) != MP_LT) { + err = ECC_OUT_OF_RANGE_E; + } + } + /* Step 1: Validate PVT is on curve */ if (err == 0) { err = wc_ecc_is_point(pvt, ¶ms->a, ¶ms->b, ¶ms->prime); @@ -2278,6 +2298,16 @@ key->params.haveBase = 0; } + /* Defense-in-depth: reject J = point at infinity before the final + * comparison. Catches any future path that might reach this point + * with a neutral-element result (e.g. s = 0 mod q for a non-zero + * encoded s). */ + if (err == 0) { + if (wc_ecc_point_is_at_infinity(j)) { + err = ECC_INF_E; + } + } + /* Step 6: Jx fitting, compare with r */ if (err == 0) { jx = &key->tmp; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -88,13 +88,7 @@ { int ret; -#ifndef WOLFSSL_ED25519_PERSISTENT_SHA - /* when not using persistent SHA, we'll zero the sha param */ - XMEMSET(sha, 0, sizeof(wc_Sha512)); -#endif - ret = wc_InitSha512_ex(sha, key->heap, - #if defined(WOLF_CRYPTO_CB) key->devId #else @@ -103,8 +97,9 @@ ); #ifdef WOLFSSL_ED25519_PERSISTENT_SHA - if (ret == 0) + if (ret == 0) { key->sha_clean_flag = 1; + } #endif return ret; @@ -114,8 +109,10 @@ static int ed25519_hash_reset(ed25519_key* key) { int ret; - if (key->sha_clean_flag) + + if (key->sha_clean_flag) { ret = 0; + } else { wc_Sha512Free(&key->sha); ret = wc_InitSha512_ex(&key->sha, key->heap, @@ -128,6 +125,7 @@ if (ret == 0) key->sha_clean_flag = 1; } + return ret; } #endif /* WOLFSSL_ED25519_PERSISTENT_SHA */ @@ -136,8 +134,9 @@ const byte* data, word32 len) { #ifdef WOLFSSL_ED25519_PERSISTENT_SHA - if (key->sha_clean_flag) + if (key->sha_clean_flag) { key->sha_clean_flag = 0; + } #else (void)key; #endif @@ -148,8 +147,9 @@ { int ret = wc_Sha512Final(sha, hash); #ifdef WOLFSSL_ED25519_PERSISTENT_SHA - if (ret == 0) + if (ret == 0) { key->sha_clean_flag = 1; + } #else (void)key; #endif @@ -187,16 +187,15 @@ #else ret = ed25519_hash_init(key, sha); #endif - if (ret < 0) - return ret; - - ret = ed25519_hash_update(key, sha, in, inLen); - if (ret == 0) - ret = ed25519_hash_final(key, sha, hash); + if (ret == 0) { + ret = ed25519_hash_update(key, sha, in, inLen); + if (ret == 0) + ret = ed25519_hash_final(key, sha, hash); -#ifndef WOLFSSL_ED25519_PERSISTENT_SHA - ed25519_hash_free(key, sha); -#endif + #ifndef WOLFSSL_ED25519_PERSISTENT_SHA + ed25519_hash_free(key, sha); + #endif + } return ret; } @@ -390,6 +389,12 @@ return BAD_FUNC_ARG; } + if ((type == Ed25519ph) && + (inLen != WC_SHA512_DIGEST_SIZE)) + { + return BAD_LENGTH_E; + } + #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Sign(in, inLen, out, outLen, key, type, @@ -402,6 +407,8 @@ if (!key->pubKeySet) return BAD_FUNC_ARG; + if (!key->privKeySet) + return BAD_FUNC_ARG; /* check and set up out length */ if (*outLen < ED25519_SIG_SIZE) { @@ -417,26 +424,21 @@ /* step 1: create nonce to use where nonce is r in r = H(h_b, ... ,h_2b-1,M) */ ret = ed25519_hash(key, key->k, ED25519_KEY_SIZE, az); - if (ret != 0) - return ret; - - /* apply clamp */ - az[0] &= 248; - az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ - az[31] |= 64; - { + if (ret == 0) { #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 *sha = &key->sha; #else wc_Sha512 sha[1]; ret = ed25519_hash_init(key, sha); - if (ret < 0) { - return ret; - } #endif - if (type == Ed25519ctx || type == Ed25519ph) { + /* apply clamp */ + az[0] &= 248; + az[31] &= 63; /* same than az[31] &= 127 because of az[31] |= 64 */ + az[31] |= 64; + + if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) { ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE); if (ret == 0) ret = ed25519_hash_update(key, sha, &type, sizeof(type)); @@ -458,39 +460,36 @@ #endif } - if (ret != 0) - return ret; - + if (ret == 0) { #ifdef FREESCALE_LTC_ECC - ltcPoint.X = &tempBuf[0]; - ltcPoint.Y = &tempBuf[32]; - LTC_PKHA_sc_reduce(nonce); - LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce, - ED25519_KEY_SIZE, <cPoint, kLTC_Ed25519 /* result on Ed25519 */); - LTC_PKHA_Ed25519_Compress(<cPoint, out); -#else - sc_reduce(nonce); - - /* step 2: computing R = rB where rB is the scalar multiplication of - r and B */ - ge_scalarmult_base(&R,nonce); - ge_p3_tobytes(out,&R); + ltcPoint.X = &tempBuf[0]; + ltcPoint.Y = &tempBuf[32]; + LTC_PKHA_sc_reduce(nonce); + LTC_PKHA_Ed25519_PointMul(LTC_PKHA_Ed25519_BasePoint(), nonce, + ED25519_KEY_SIZE, <cPoint, + kLTC_Ed25519 /* result on Ed25519 */); + LTC_PKHA_Ed25519_Compress(<cPoint, out); +#else + sc_reduce(nonce); + + /* step 2: computing R = rB where rB is the scalar multiplication of + r and B */ + ge_scalarmult_base(&R,nonce); + ge_p3_tobytes(out,&R); #endif + } /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ - { + if (ret == 0) { #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 *sha = &key->sha; #else wc_Sha512 sha[1]; - ret = ed25519_hash_init(key, sha); - if (ret < 0) - return ret; #endif - if (type == Ed25519ctx || type == Ed25519ph) { + if (ret == 0 && (type == Ed25519ctx || type == Ed25519ph)) { ret = ed25519_hash_update(key, sha, ed25519Ctx, ED25519CTX_SIZE); if (ret == 0) ret = ed25519_hash_update(key, sha, &type, sizeof(type)); @@ -513,20 +512,22 @@ #endif } - if (ret != 0) - return ret; - + if (ret == 0) { #ifdef FREESCALE_LTC_ECC - LTC_PKHA_sc_reduce(hram); - LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); + LTC_PKHA_sc_reduce(hram); + LTC_PKHA_sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); #else - sc_reduce(hram); - sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); + sc_reduce(hram); + sc_muladd(out + (ED25519_SIG_SIZE/2), hram, az, nonce); #endif + } + + ForceZero(az, sizeof(az)); + ForceZero(nonce, sizeof(nonce)); #endif /* WOLFSSL_SE050 */ #ifdef WOLFSSL_EDDSA_CHECK_PRIV_ON_SIGN - { + if (ret == 0) { int i; byte c = 0; for (i = 0; i < ED25519_KEY_SIZE; i++) { @@ -823,7 +824,7 @@ if (ret != 0) return ret; - ge_tobytes(rcheck, &R); + ge_tobytes_nct(rcheck, &R); #endif /* FREESCALE_LTC_ECC */ /* comparison of R created to R in sig */ @@ -902,6 +903,12 @@ (context == NULL && contextLen != 0)) return BAD_FUNC_ARG; + if ((type == Ed25519ph) && + (msgLen != WC_SHA512_DIGEST_SIZE)) + { + return BAD_LENGTH_E; + } + #ifdef WOLF_CRYPTO_CB if (key->devId != INVALID_DEVID) { ret = wc_CryptoCb_Ed25519Verify(sig, sigLen, msg, msgLen, res, key, @@ -1040,10 +1047,12 @@ } int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) { + void* heap; if (key == NULL) return BAD_FUNC_ARG; + heap = key->heap; wc_ed25519_free(key); - XFREE(key, key->heap, DYNAMIC_TYPE_ED25519); + XFREE(key, heap, DYNAMIC_TYPE_ED25519); if (key_p != NULL) *key_p = NULL; return 0; @@ -1128,6 +1137,9 @@ return BUFFER_E; } + if (!key->pubKeySet) + return PUBLIC_KEY_E; + *outLen = ED25519_PUB_KEY_SIZE; XMEMCPY(out, key->p, ED25519_PUB_KEY_SIZE); @@ -1369,7 +1381,7 @@ int wc_ed25519_export_private(const ed25519_key* key, byte* out, word32* outLen) { /* sanity checks on arguments */ - if (key == NULL || out == NULL || outLen == NULL) + if (key == NULL || !key->privKeySet || out == NULL || outLen == NULL) return BAD_FUNC_ARG; if (*outLen < ED25519_PRV_KEY_SIZE) { @@ -1399,6 +1411,8 @@ /* export public part */ ret = wc_ed25519_export_public(key, pub, pubSz); + if (ret == WC_NO_ERR_TRACE(PUBLIC_KEY_E)) + ret = 0; /* ignore no public key */ return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ed448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -367,6 +367,14 @@ if ((ret == 0) && (!key->pubKeySet)) { ret = BAD_FUNC_ARG; } + if ((ret == 0) && (!key->privKeySet)) { + ret = BAD_FUNC_ARG; + } + + if ((ret == 0) && (type == Ed448ph) && (inLen != ED448_PREHASH_SIZE)) + { + ret = BAD_LENGTH_E; + } /* check and set up out length */ if ((ret == 0) && (*outLen < ED448_SIG_SIZE)) { @@ -391,16 +399,15 @@ #else wc_Shake sha[1]; ret = ed448_hash_init(key, sha); - if (ret < 0) - return ret; #endif /* apply clamp */ az[0] &= 0xfc; az[55] |= 0x80; az[56] = 0x00; - ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE); - + if (ret == 0) { + ret = ed448_hash_update(key, sha, ed448Ctx, ED448CTX_SIZE); + } if (ret == 0) { ret = ed448_hash_update(key, sha, &type, sizeof(type)); } @@ -429,15 +436,14 @@ #else wc_Shake sha[1]; ret = ed448_hash_init(key, sha); - if (ret < 0) - return ret; #endif - sc448_reduce(nonce); - + if (ret == 0) + sc448_reduce(nonce); /* step 2: computing R = rB where rB is the scalar multiplication of r and B */ - ret = ge448_scalarmult_base(&R,nonce); - + if (ret == 0) { + ret = ge448_scalarmult_base(&R,nonce); + } /* step 3: hash R + public key + message getting H(R,A,M) then creating S = (r + H(R,A,M)a) mod l */ if (ret == 0) { @@ -487,6 +493,8 @@ } #endif + ForceZero(az, sizeof(az)); + ForceZero(nonce, sizeof(nonce)); return ret; } @@ -708,6 +716,18 @@ if (i == -1) return BAD_FUNC_ARG; + /* Reject identity public key (0,1): 0x01 followed by 56 zero bytes. */ + { + int isIdentity = (key->p[0] == 0x01); + int j; + for (j = 1; j < ED448_PUB_KEY_SIZE && isIdentity; j++) { + if (key->p[j] != 0x00) + isIdentity = 0; + } + if (isIdentity) + return BAD_FUNC_ARG; + } + /* uncompress A (public key), test if valid, and negate it */ if (ge448_from_bytes_negate_vartime(&A, key->p) != 0) return BAD_FUNC_ARG; @@ -793,6 +813,12 @@ if (key == NULL) return BAD_FUNC_ARG; + if ((type == Ed448ph) && + (msgLen != ED448_PREHASH_SIZE)) + { + return BAD_LENGTH_E; + } + #ifdef WOLFSSL_ED448_PERSISTENT_SHA sha = &key->sha; #else @@ -1332,14 +1358,28 @@ } /* No private key, check Y is valid. */ else if ((ret == 0) && (!key->privKeySet)) { - /* Verify that Q is not identity element 0. - * 0 has no representation for Ed448. */ + /* Reject the identity element (0, 1). + * Encoding: 0x01 followed by 56 zero bytes. */ + { + int isIdentity = 1; + int i; + if (key->p[0] != 0x01) + isIdentity = 0; + for (i = 1; i < ED448_PUB_KEY_SIZE && isIdentity; i++) { + if (key->p[i] != 0x00) + isIdentity = 0; + } + if (isIdentity) { + WOLFSSL_MSG("Ed448 public key is the identity element"); + ret = PUBLIC_KEY_E; + } + } /* Verify that xQ and yQ are integers in the interval [0, p - 1]. * Only have yQ so check that ordinate. * p = 2^448-2^224-1 = 0xff..fe..ff */ - { + if (ret == 0) { int i; ret = PUBLIC_KEY_E; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/error.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/error.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/error.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/error.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,6 +37,9 @@ { switch ((enum wolfCrypt_ErrorCodes)error) { + case WC_SUCCESS: + return "wolfCrypt generic success"; + case WC_FAILURE: return "wolfCrypt generic failure"; @@ -315,7 +318,7 @@ return "Random Number Generator failed"; case HMAC_MIN_KEYLEN_E: - return "FIPS Mode HMAC Minimum Key Length error"; + return "FIPS Mode HMAC Minimum Key or Salt Length error"; case RSA_PAD_E: return "Rsa Padding error"; @@ -656,6 +659,18 @@ case INTERRUPTED_E: return "Process interrupted"; + case MLKEM_PUB_HASH_E: + return "ML-KEM priv key's stored hash doesn't match encoded pub key"; + + case BUSY_E: + return "Object is busy"; + + case ALREADY_E: + return "Operation was redundant or preempted"; + + case SEQ_OVERFLOW_E: + return "Sequence counter would overflow"; + case MAX_CODE_E: case WC_SPAN1_MIN_CODE_E: case MIN_CODE_E: diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,8 @@ #elif defined(WOLFCRYPT_ONLY) #else -#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_CURL) #if !defined(HAVE_PKCS7) && \ ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ @@ -97,7 +98,7 @@ #ifdef WOLFSSL_SM3 {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3}, #endif /* WOLFSSL_SHA512 */ -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512}, #endif #ifdef HAVE_BLAKE2S @@ -317,6 +318,7 @@ #define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 #define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15 +#define WOLFSSL_EVP_EXPONENT_PRINT_MAX 24 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -694,10 +696,16 @@ break; #if defined(WOLFSSL_DES_ECB) case WC_DES_ECB_TYPE: - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + if (ctx->enc) + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + else + ret = wc_Des_EcbDecrypt(&ctx->cipher.des, out, in, inl); break; case WC_DES_EDE3_ECB_TYPE: - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + if (ctx->enc) + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + else + ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl); break; #endif #endif @@ -745,6 +753,10 @@ const unsigned char *in, int inl) { if (in && inl > 0) { byte* tmp; + if (inl > INT_MAX - ctx->authInSz) { + WOLFSSL_MSG("AuthIn overflow"); + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_NO_REALLOC tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); @@ -789,6 +801,9 @@ /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; + if ((int)inl > INT_MAX - ctx->authBufferLen) { + return MEMORY_E; + } #ifdef WOLFSSL_NO_REALLOC tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL, DYNAMIC_TYPE_OPENSSL); @@ -872,6 +887,10 @@ const unsigned char *in, int inl) { if (in && inl > 0) { byte* tmp; + if (inl > INT_MAX - ctx->authInSz) { + WOLFSSL_MSG("AuthIn overflow"); + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_NO_REALLOC tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); @@ -908,6 +927,9 @@ /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; + if (inl > INT_MAX - ctx->authBufferLen) { + return MEMORY_E; + } #ifdef WOLFSSL_NO_REALLOC tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL, DYNAMIC_TYPE_OPENSSL); @@ -951,8 +973,12 @@ { if (in && inl > 0) { byte* tmp; + if (inl > INT_MAX - ctx->authInSz) { + WOLFSSL_MSG("AuthIn overflow"); + return BAD_FUNC_ARG; + } #ifdef WOLFSSL_NO_REALLOC - tmp = (byte*)XMALLOC((size_t)ctx->authInSz + inl, NULL, + tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); if (tmp != NULL) { XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz); @@ -961,7 +987,7 @@ } #else tmp = (byte*)XREALLOC(ctx->authIn, - (size_t)ctx->authInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); + (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL); #endif if (tmp) { ctx->authIn = tmp; @@ -1244,13 +1270,17 @@ { int i; int n; + byte mask = 0; n = buff[ctx->block_size-1]; - if (n > ctx->block_size) return -1; - for (i = 0; i < n; i++) { - if (buff[ctx->block_size-i-1] != n) - return -1; + /* Encode invalid n into mask constant-time instead of early-returning, + * so the loop always runs and timing does not reveal padding length. */ + mask |= ctMaskEq(n, 0) | ctMaskGT(n, ctx->block_size); + for (i = 0; i < ctx->block_size; i++) { + byte in_padding = ctMaskLT(i, n); + mask |= ctMaskSel(in_padding, + ctMaskNotEq(buff[ctx->block_size - 1 - i], n), 0); } - return ctx->block_size - n; + return ctMaskSelInt(ctMaskEq(mask, 0), ctx->block_size - n, -1); } #if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ @@ -1476,16 +1506,33 @@ * HAVE_FIPS_VERSION >= 2 */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case WC_CHACHA20_POLY1305_TYPE: + { + byte computedTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + if (!ctx->enc) { + /* Save the expected tag before _Final() overwrites + * ctx->authTag */ + XMEMCPY(computedTag, ctx->authTag, sizeof(computedTag)); + } if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly, ctx->authTag) != 0) { WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed"); return WOLFSSL_FAILURE; } - else { - *outl = 0; - return WOLFSSL_SUCCESS; + if (!ctx->enc) { + /* ctx->authTag now holds computed tag; computedTag holds + * expected */ + int tagErr = wc_ChaCha20Poly1305_CheckTag(computedTag, + ctx->authTag); + ForceZero(computedTag, sizeof(computedTag)); + if (tagErr != 0) { + WOLFSSL_MSG("ChaCha20-Poly1305 tag mismatch"); + return WOLFSSL_FAILURE; + } } - break; + *outl = 0; + return WOLFSSL_SUCCESS; + } + break; #endif #ifdef WOLFSSL_SM4_GCM case WC_SM4_GCM_TYPE: @@ -3077,6 +3124,12 @@ return 0; } + if (ctx->op != WC_EVP_PKEY_OP_DECRYPT) { + WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_DECRYPT. Use " + "wolfSSL_EVP_PKEY_decrypt_init."); + return WOLFSSL_FAILURE; + } + (void)out; (void)outLen; (void)in; @@ -3133,8 +3186,8 @@ */ int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) { - if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init"); + if (ctx == NULL || ctx->pkey == NULL) return WOLFSSL_FAILURE; switch (ctx->pkey->type) { case WC_EVP_PKEY_RSA: ctx->op = WC_EVP_PKEY_OP_DECRYPT; @@ -3237,8 +3290,8 @@ */ int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) { - if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init"); + if (ctx == NULL || ctx->pkey == NULL) return WOLFSSL_FAILURE; switch (ctx->pkey->type) { case WC_EVP_PKEY_RSA: @@ -3669,6 +3722,10 @@ return WOLFSSL_SUCCESS; } +#ifdef HAVE_ECC +static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key); +#endif + int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY **ppkey) { @@ -3723,6 +3780,8 @@ ret = wolfSSL_EC_KEY_generate_key(pkey->ecc); if (ret == WOLFSSL_SUCCESS) { pkey->ownEcc = 1; + if (ECC_populate_EVP_PKEY(pkey, pkey->ecc) != WOLFSSL_SUCCESS) + ret = WOLFSSL_FAILURE; } } break; @@ -4722,11 +4781,11 @@ break; #endif /* WOLFSSL_SHA512 */ - #ifdef HAVE_BLAKE2 + #ifdef HAVE_BLAKE2B case BLAKE2B_ID: hashLen = BLAKE2B_OUTBYTES; break; - #endif /* HAVE_BLAKE2 */ + #endif /* HAVE_BLAKE2B */ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 @@ -4933,7 +4992,7 @@ hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); - if (siglen > hashLen) + if (siglen > hashLen || siglen > INT_MAX) return WOLFSSL_FAILURE; /* May be a truncated signature. */ } @@ -4943,7 +5002,7 @@ if (ctx->isHMAC) { /* Check HMAC result matches the signature. */ - if (XMEMCMP(sig, digest, (size_t)siglen) == 0) + if (ConstantCompare(sig, digest, (int)siglen) == 0) return WOLFSSL_SUCCESS; return WOLFSSL_FAILURE; } @@ -5464,7 +5523,7 @@ {EVP_ARIA_256_GCM, "aria-256-gcm"}, {EVP_ARIA_256_GCM, "id-aria256-GCM"}, #endif -#ifdef WOLFSSL_SM4_EBC +#ifdef WOLFSSL_SM4_ECB {EVP_SM4_ECB, "sm4-ecb"}, #endif #ifdef WOLFSSL_SM4_CBC @@ -5733,28 +5792,24 @@ ret = NOT_COMPILED_IN; #endif /* WOLFSSL_SHA512 */ break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Copy((wc_Sha512*)&src->hash.digest, (wc_Sha512*)&des->hash.digest); #else ret = NOT_COMPILED_IN; #endif break; - #endif /* !WOLFSSL_NOSHA512_224 */ - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512_256Copy((wc_Sha512*)&src->hash.digest, (wc_Sha512*)&des->hash.digest); #else ret = NOT_COMPILED_IN; #endif break; - #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, @@ -5787,24 +5842,36 @@ ret = NOT_COMPILED_IN; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 ret = wc_Sm3Copy(&src->hash.digest.sm3, &des->hash.digest.sm3); + #else + ret = NOT_COMPILED_IN; + #endif break; + case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = wc_Shake128_Copy((wc_Shake*)&src->hash.digest.shake, + (wc_Shake*)&des->hash.digest.shake); + #else + ret = NOT_COMPILED_IN; + #endif + break; + case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = wc_Shake256_Copy((wc_Shake*)&src->hash.digest.shake, + (wc_Shake*)&des->hash.digest.shake); + #else + ret = NOT_COMPILED_IN; #endif + break; case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) - case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) - case WC_HASH_TYPE_SHAKE256: - #endif default: ret = BAD_FUNC_ARG; break; @@ -5827,6 +5894,9 @@ if (out->pctx == NULL) return WOLFSSL_FAILURE; } + /* Zero hash context after shallow copy to prevent shared sub-pointers + * with src. The hash Copy function will perform the proper deep copy. */ + XMEMSET(&out->hash, 0, sizeof(out->hash)); return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); } #ifndef NO_AES @@ -8427,10 +8497,15 @@ int ivLen) { WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) - ctx->ivSz= ivLen; - else + if (ctx == NULL) { + return WOLFSSL_FAILURE; + } + + if (ivLen < 0 || ivLen > (int) sizeof(ctx->iv)) { return WOLFSSL_FAILURE; + } + + ctx->ivSz = ivLen; return WOLFSSL_SUCCESS; } @@ -8704,13 +8779,19 @@ #ifdef WOLFSSL_DES_ECB case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + if (ctx->enc) + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + else + ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + if (ctx->enc) + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + else + ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; @@ -9459,7 +9540,15 @@ else #endif /* HAVE_PKCS8 */ { - if (ecc->type == ECC_PRIVATEKEY_ONLY) { + if (ecc->type == ECC_PRIVATEKEY_ONLY || + (ecc->type == ECC_PRIVATEKEY && + mp_iszero(ecc->pubkey.x))) { + /* Reconstruct public key from private scalar. This covers + * both ECC_PRIVATEKEY_ONLY keys and ECC_PRIVATEKEY keys whose + * public-key point was never populated (e.g. when only + * EC_KEY_set_private_key was called, SetECKeyInternal copies + * the zero-initialized pub_key point and marks the type as + * ECC_PRIVATEKEY, leaving pubkey.x == 0). */ if (wc_ecc_make_pub(ecc, NULL) != MP_OKAY) { return WOLFSSL_FAILURE; } @@ -10251,7 +10340,7 @@ #endif /* !NO_MD5 */ -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B /* return EVP_MD * @param none * @return "blake2b512" @@ -10655,22 +10744,18 @@ wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); #endif /* WOLFSSL_SHA512 */ break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512_224Free((wc_Sha512*)&ctx->hash.digest); #endif break; - #endif /* !WOLFSSL_NOSHA512_224 */ - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: - #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512_256Free((wc_Sha512*)&ctx->hash.digest); #endif break; - #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); @@ -10691,25 +10776,25 @@ wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 wc_Sm3Free(&ctx->hash.digest.sm3); - break; #endif + break; case WC_HASH_TYPE_NONE: /* Not an error since an unused struct could be free'd or * reset. */ break; - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) wc_Shake128_Free(&ctx->hash.digest.shake); - break; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + break; case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) wc_Shake256_Free(&ctx->hash.digest.shake); - break; #endif + break; case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD5_SHA: @@ -10843,6 +10928,22 @@ } } else #endif + #ifdef HAVE_BLAKE2B + if (XSTRCMP(md, WC_SN_blake2b512) == 0) { + if (wc_InitBlake2b(&ctx->hash.digest.blake2b, + WC_BLAKE2B_DIGEST_SIZE) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif + #ifdef HAVE_BLAKE2S + if (XSTRCMP(md, WC_SN_blake2s256) == 0) { + if (wc_InitBlake2s(&ctx->hash.digest.blake2s, + WC_BLAKE2S_DIGEST_SIZE) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif { ctx->macType = WC_HASH_TYPE_NONE; return WOLFSSL_FAILURE; @@ -10906,25 +11007,25 @@ #endif /* WOLFSSL_SHA512 */ break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); + #else + ret = NOT_COMPILED_IN; #endif break; - #endif /* !WOLFSSL_NOSHA512_224 */ - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data, (unsigned long)sz); + #else + ret = NOT_COMPILED_IN; #endif /* WOLFSSL_SHA512 */ break; - #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) @@ -10950,8 +11051,8 @@ (unsigned long)sz); #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 ret = wc_Sm3Update(&ctx->hash.digest.sm3, data, (word32)sz); if (ret == 0) { ret = WOLFSSL_SUCCESS; @@ -10959,30 +11060,56 @@ else { ret = WOLFSSL_FAILURE; } - break; + #else + ret = NOT_COMPILED_IN; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + break; case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) if (wc_Shake128_Update(&ctx->hash.digest.shake, (const byte*)data, (word32)sz) == 0) { ret = WOLFSSL_SUCCESS; } - break; + #else + ret = NOT_COMPILED_IN; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + break; case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) if (wc_Shake256_Update(&ctx->hash.digest.shake, (const byte*)data, (word32)sz) == 0) { ret = WOLFSSL_SUCCESS; } + #else + ret = NOT_COMPILED_IN; + #endif + break; + #ifdef HAVE_BLAKE2B + case WC_HASH_TYPE_BLAKE2B: + if (wc_Blake2bUpdate(&ctx->hash.digest.blake2b, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; + #endif + #ifdef HAVE_BLAKE2S + case WC_HASH_TYPE_BLAKE2S: + if (wc_Blake2sUpdate(&ctx->hash.digest.blake2s, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: + #ifndef HAVE_BLAKE2B case WC_HASH_TYPE_BLAKE2B: + #endif + #ifndef HAVE_BLAKE2S case WC_HASH_TYPE_BLAKE2S: + #endif default: return WOLFSSL_FAILURE; } @@ -11040,24 +11167,24 @@ if (s) *s = WC_SHA512_DIGEST_SIZE; #endif /* WOLFSSL_SHA512 */ break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_224_DIGEST_SIZE; + #else + ret = NOT_COMPILED_IN; #endif break; - #endif /* !WOLFSSL_NOSHA512_224 */ - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ - defined(WOLFSSL_SHA512) + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash); if (s) *s = WC_SHA512_256_DIGEST_SIZE; + #else + ret = NOT_COMPILED_IN; #endif break; - #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash); @@ -11082,8 +11209,8 @@ if (s) *s = WC_SHA3_512_DIGEST_SIZE; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 ret = wc_Sm3Final(&ctx->hash.digest.sm3, md); if (ret == 0) { ret = WOLFSSL_SUCCESS; @@ -11092,27 +11219,53 @@ ret = WOLFSSL_FAILURE; } if (s) *s = WC_SM3_DIGEST_SIZE; - break; + #else + ret = NOT_COMPILED_IN; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + break; case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) { ret = WOLFSSL_SUCCESS; } - break; + #else + ret = NOT_COMPILED_IN; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + break; case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) { ret = WOLFSSL_SUCCESS; } + #else + ret = NOT_COMPILED_IN; + #endif + break; + case WC_HASH_TYPE_BLAKE2B: + #ifdef HAVE_BLAKE2B + if (wc_Blake2bFinal(&ctx->hash.digest.blake2b, md, + WC_BLAKE2B_DIGEST_SIZE) == 0) { + if (s) *s = WC_BLAKE2B_DIGEST_SIZE; + ret = WOLFSSL_SUCCESS; + } + #else + ret = NOT_COMPILED_IN; + #endif break; + case WC_HASH_TYPE_BLAKE2S: + #ifdef HAVE_BLAKE2S + if (wc_Blake2sFinal(&ctx->hash.digest.blake2s, md, + WC_BLAKE2S_DIGEST_SIZE) == 0) { + if (s) *s = WC_BLAKE2S_DIGEST_SIZE; + ret = WOLFSSL_SUCCESS; + } + #else + ret = NOT_COMPILED_IN; #endif + break; case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: default: return WOLFSSL_FAILURE; } @@ -11135,38 +11288,36 @@ case WC_HASH_TYPE_SHA256: case WC_HASH_TYPE_SHA384: case WC_HASH_TYPE_SHA512: - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: - #endif /* !WOLFSSL_NOSHA512_224 */ - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: - #endif /* !WOLFSSL_NOSHA512_256 */ case WC_HASH_TYPE_SHA3_224: case WC_HASH_TYPE_SHA3_256: case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - #endif + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: break; - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) *s = 16; /* if mixing up XOF with plain digest 128 bit is * default for SHAKE128 */ - break; + #else + return WOLFSSL_FAILURE; #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + break; case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) *s = 32; /* if mixing up XOF with plain digest 256 bit is * default for SHAKE256 */ - break; + #else + return WOLFSSL_FAILURE; #endif + break; default: return WOLFSSL_FAILURE; } @@ -11263,6 +11414,14 @@ case WC_NID_sm3: return wolfSSL_EVP_sm3(); #endif +#ifdef WOLFSSL_SHAKE128 + case WC_NID_shake128: + return wolfSSL_EVP_shake128(); +#endif +#ifdef WOLFSSL_SHAKE256 + case WC_NID_shake256: + return wolfSSL_EVP_shake256(); +#endif default: WOLFSSL_MSG("Bad digest id value"); } @@ -11334,6 +11493,16 @@ return WC_SHA3_512_BLOCK_SIZE; } else #endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + if (XSTRCMP(type, WC_SN_shake128) == 0) { + return WC_SHA3_128_BLOCK_SIZE; + } else +#endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + if (XSTRCMP(type, WC_SN_shake256) == 0) { + return WC_SHA3_256_BLOCK_SIZE; + } else +#endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 if (XSTRCMP(type, WC_SN_sm3) == 0) { @@ -11709,7 +11878,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { - byte buff[8] = { 0 }; + byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 }; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; word32 nSz; /* size of modulus */ @@ -11853,7 +12022,7 @@ { byte* pub = NULL; word32 pubSz = 0; - byte buff[8] = { 0 }; + byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 }; int res = WOLFSSL_SUCCESS; word32 inOutIdx = 0; int curveId = 0; @@ -12042,7 +12211,7 @@ int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { - byte buff[8] = { 0 }; + byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 }; int length; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; @@ -12249,7 +12418,7 @@ int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx) { - byte buff[8] = { 0 }; + byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 }; int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 length; word32 inOutIdx; @@ -13062,20 +13231,26 @@ return 1; } - /* if the last data is '\n', remove it */ - c = in[j - 1]; - if (c == '\n') { - c = (in[j - 2]); + /* If the last data is '\n', remove it */ + if (j > 0) { + c = in[j - 1]; + if (c == '\n' && (j > 1)) { + c = (in[j - 2]); + if (c == '=') + return 0; + else + return 1; + } else if (c == '\n') { + return 1; + } if (c == '=') return 0; else return 1; } - if (c == '=') - return 0; - else - return 1; + /* j == 0 */ + return 1; } /* wolfSSL_EVP_DecodeFinal decode remaining data in ctx * to outputs to out. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/evp_pk.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp_pk.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/evp_pk.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/evp_pk.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1914 @@ +/* evp_pk.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#if !defined(WOLFSSL_EVP_PK_INCLUDED) + #ifndef WOLFSSL_IGNORE_FILE_WARN + #warning evp_pk.c does not need to be compiled separately from ssl.c + #endif +#elif defined(WOLFCRYPT_ONLY) +#else + +/******************************************************************************* + * START OF d2i APIs + ******************************************************************************/ + +#ifndef NO_CERTS + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +/** + * Make an EVP PKEY and put data and type in. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @param [in] type The type of public/private key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2i_make_pkey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + word32 memSz, int priv, int type) +{ + WOLFSSL_EVP_PKEY* pkey; + int ret = 1; + + /* Get or create the EVP PKEY object. */ + if (*out != NULL) { + pkey = *out; + } + else { + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new error"); + return 0; + } + } + + /* Set the size and allocate memory for key data to be copied into. */ + pkey->pkey_sz = (int)memSz; + if (memSz > 0) { + pkey->pkey.ptr = (char*)XMALLOC((size_t)memSz, NULL, + priv ? DYNAMIC_TYPE_PRIVATE_KEY : DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + ret = 0; + } + if (ret == 1) { + /* Copy in key data. */ + XMEMCPY(pkey->pkey.ptr, mem, memSz); + } + } + if (ret == 1) { + /* Set key type passed in and return object. */ + pkey->type = type; + *out = pkey; + } + if ((ret == 0) && (*out == NULL)) { + /* Dispose of object allocated in this function. */ + wolfSSL_EVP_PKEY_free(pkey); + } + + return ret; +} + +#if !defined(NO_RSA) +/** + * Try to make an RSA EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + WOLFSSL_RSA* rsaObj = NULL; + word32 keyIdx = 0; + int isRsaKey; + int ret = 1; + WC_DECLARE_VAR(rsa, RsaKey, 1, NULL); + + WC_ALLOC_VAR_EX(rsa, RsaKey, 1, NULL, DYNAMIC_TYPE_RSA, return 0); + + XMEMSET(rsa, 0, sizeof(RsaKey)); + + if (wc_InitRsaKey(rsa, NULL) != 0) { + WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA); + return 0; + } + /* Try decoding data as an RSA private/public key. */ + if (priv) { + isRsaKey = + (wc_RsaPrivateKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); + } + else { + isRsaKey = + (wc_RsaPublicKeyDecode(mem, &keyIdx, rsa, (word32)memSz) == 0); + } + wc_FreeRsaKey(rsa); + WC_FREE_VAR_EX(rsa, NULL, DYNAMIC_TYPE_RSA); + + if (!isRsaKey) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create RSA key object from data. */ + rsaObj = wolfssl_rsa_d2i(NULL, mem, keyIdx, + priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC); + if (rsaObj == NULL) { + ret = 0; + } + if (ret == 1) { + /* Create an EVP PKEY object. */ + ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_RSA); + } + if (ret == 1) { + /* Put RSA key object into EVP PKEY object. */ + (*out)->ownRsa = 1; + (*out)->rsa = rsaObj; + } + if (ret == 0) { + wolfSSL_RSA_free(rsaObj); + } + + return ret; +} +#endif /* !NO_RSA */ + +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) +/** + * Try to make an ECC EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + WOLFSSL_EC_KEY* ec = NULL; + word32 keyIdx = 0; + int isEccKey; + int ret = 1; + WC_DECLARE_VAR(ecc, ecc_key, 1, NULL); + + WC_ALLOC_VAR_EX(ecc, ecc_key, 1, NULL, DYNAMIC_TYPE_ECC, return 0); + + XMEMSET(ecc, 0, sizeof(ecc_key)); + + if (wc_ecc_init(ecc) != 0) { + WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC); + return 0; + } + + /* Try decoding data as an ECC private/public key. */ + if (priv) { + isEccKey = + (wc_EccPrivateKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); + } + else { + isEccKey = + (wc_EccPublicKeyDecode(mem, &keyIdx, ecc, (word32)memSz) == 0); + } + wc_ecc_free(ecc); + WC_FREE_VAR_EX(ecc, NULL, DYNAMIC_TYPE_ECC); + + if (!isEccKey) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create EC key object from data. */ + ec = wolfSSL_EC_KEY_new(); + if (ec == NULL) { + ret = 0; + } + if ((ret == 1) && (wolfSSL_EC_KEY_LoadDer_ex(ec, mem, keyIdx, + priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { + ret = 0; + } + if (ret == 1) { + /* Create an EVP PKEY object. */ + ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_EC); + } + if (ret == 1) { + /* Put RSA key object into EVP PKEY object. */ + (*out)->ownEcc = 1; + (*out)->ecc = ec; + } + if (ret == 0) { + wolfSSL_EC_KEY_free(ec); + } + + return ret; +} +#endif /* HAVE_ECC && OPENSSL_EXTRA */ + +#if !defined(NO_DSA) +/** + * Try to make a DSA EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + WOLFSSL_DSA* dsaObj; + word32 keyIdx = 0; + int isDsaKey; + int ret = 1; + WC_DECLARE_VAR(dsa, DsaKey, 1, NULL); + + WC_ALLOC_VAR_EX(dsa, DsaKey, 1, NULL, DYNAMIC_TYPE_DSA, return 0); + + XMEMSET(dsa, 0, sizeof(DsaKey)); + + if (wc_InitDsaKey(dsa) != 0) { + WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA); + return 0; + } + + /* Try decoding data as a DSA private/public key. */ + if (priv) { + isDsaKey = + (wc_DsaPrivateKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); + } + else { + isDsaKey = + (wc_DsaPublicKeyDecode(mem, &keyIdx, dsa, (word32)memSz) == 0); + } + wc_FreeDsaKey(dsa); + WC_FREE_VAR_EX(dsa, NULL, DYNAMIC_TYPE_DSA); + + /* test if DSA key */ + if (!isDsaKey) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create DSA key object from data. */ + dsaObj = wolfSSL_DSA_new(); + if (dsaObj == NULL) { + ret = 0; + } + if ((ret == 1) && (wolfSSL_DSA_LoadDer_ex(dsaObj, mem, keyIdx, + priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC) != 1)) { + ret = 0; + } + if (ret == 1) { + /* Create an EVP PKEY object. */ + ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DSA); + } + if (ret == 1) { + /* Put RSA key object into EVP PKEY object. */ + (*out)->ownDsa = 1; + (*out)->dsa = dsaObj; + } + if (ret == 0) { + wolfSSL_DSA_free(dsaObj); + } + + return ret; +} +#endif /* NO_DSA */ + +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) +/** + * Try to make a DH EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + WOLFSSL_DH* dhObj; + int isDhKey; + word32 keyIdx = 0; + int ret = 1; + WC_DECLARE_VAR(dh, DhKey, 1, NULL); + + WC_ALLOC_VAR_EX(dh, DhKey, 1, NULL, DYNAMIC_TYPE_DH, return 0); + + XMEMSET(dh, 0, sizeof(DhKey)); + + if (wc_InitDhKey(dh) != 0) { + WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); + return 0; + } + + /* Try decoding data as a DH public key. */ + isDhKey = (wc_DhKeyDecode(mem, &keyIdx, dh, (word32)memSz) == 0); + wc_FreeDhKey(dh); + WC_FREE_VAR_EX(dh, NULL, DYNAMIC_TYPE_DH); + + /* test if DH key */ + if (!isDhKey) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create DH key object from data. */ + dhObj = wolfSSL_DH_new(); + if (dhObj == NULL) { + ret = 0; + } + if ((ret == 1) && (wolfSSL_DH_LoadDer(dhObj, mem, keyIdx) != 1)) { + ret = 0; + } + if (ret == 1) { + /* Create an EVP PKEY object. */ + ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DH); + } + if (ret == 1) { + /* Put RSA key object into EVP PKEY object. */ + (*out)->ownDh = 1; + (*out)->dh = dhObj; + } + if (ret == 0) { + wolfSSL_DH_free(dhObj); + } + + return ret; +} +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + +#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) +/** + * Try to make a DH EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + WOLFSSL_DH* dhObj; + word32 keyIdx = 0; + DhKey* key = NULL; + int elements; + int ret = 1; + + /* Create DH key object from data. */ + dhObj = wolfSSL_DH_new(); + if (dhObj == NULL) { + return 0; + } + + key = (DhKey*)dhObj->internal; + /* Try decoding data as a DH public key. */ + if (wc_DhKeyDecode(mem, &keyIdx, key, (word32)memSz) != 0) { + ret = 0; + } + if (ret == 1) { + /* DH key has data and is external to DH object. */ + elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; + if (priv) { + elements |= ELEMENT_PRV; + } + if (SetDhExternal_ex(dhObj, elements) != WOLFSSL_SUCCESS ) { + ret = 0; + } + } + if (ret == 1) { + /* Create an EVP PKEY object. */ + ret = d2i_make_pkey(out, mem, keyIdx, priv, WC_EVP_PKEY_DH); + } + if (ret == 1) { + /* Put RSA key object into EVP PKEY object. */ + (*out)->ownDh = 1; + (*out)->dh = dhObj; + } + if (ret == 0) { + wolfSSL_DH_free(dhObj); + } + + return ret; +} +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ + +#ifdef HAVE_FALCON +/** + * Attempt to import a private Falcon key at a specified level. + * + * @param [in] falcon Falcon key object. + * @param [in] level Level of Falcon key. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2i_falcon_priv_key_level(falcon_key* falcon, byte level, + const unsigned char* mem, long memSz) +{ + return (wc_falcon_set_level(falcon, level) == 0) && + (wc_falcon_import_private_only(mem, (word32)memSz, falcon) == 0); +} + +/** + * Attempt to import a public Falcon key at a specified level. + * + * @param [in] falcon Falcon key object. + * @param [in] level Level of Falcon key. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2i_falcon_pub_key_level(falcon_key* falcon, byte level, + const unsigned char* mem, long memSz) +{ + return (wc_falcon_set_level(falcon, level) == 0) && + (wc_falcon_import_public(mem, (word32)memSz, falcon) == 0); +} + +/** + * Try to make a Falcon EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + int isFalcon = 0; + WC_DECLARE_VAR(falcon, falcon_key, 1, NULL); + + WC_ALLOC_VAR_EX(falcon, falcon_key, 1, NULL, DYNAMIC_TYPE_FALCON, + return 0); + + if (wc_falcon_init(falcon) != 0) { + WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON); + return 0; + } + + /* Try decoding data as a Falcon private/public key. */ + if (priv) { + /* Try level 1 */ + isFalcon = d2i_falcon_priv_key_level(falcon, 1, mem, memSz); + if (!isFalcon) { + /* Try level 5 */ + isFalcon = d2i_falcon_priv_key_level(falcon, 5, mem, memSz); + } + } + else { + /* Try level 1 */ + isFalcon = d2i_falcon_pub_key_level(falcon, 1, mem, memSz); + if (!isFalcon) { + /* Try level 5 */ + isFalcon = d2i_falcon_pub_key_level(falcon, 5, mem, memSz); + } + } + /* Dispose of any Falcon key created. */ + wc_falcon_free(falcon); + WC_FREE_VAR_EX(falcon, NULL, DYNAMIC_TYPE_FALCON); + + if (!isFalcon) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create an EVP PKEY object. */ + return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_FALCON); +} +#endif /* HAVE_FALCON */ + +#ifdef HAVE_DILITHIUM +/** + * Attempt to import a private Dilithium key at a specified level. + * + * @param [in] dilithium Dilithium key object. + * @param [in] level Level of Dilithium key. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2i_dilithium_priv_key_level(dilithium_key* dilithium, byte level, + const unsigned char* mem, long memSz) +{ + return (wc_dilithium_set_level(dilithium, level) == 0) && + (wc_dilithium_import_private(mem, (word32)memSz, dilithium) == 0); +} + +/** + * Attempt to import a public Dilithium key at a specified level. + * + * @param [in] dilithium Dilithium key object. + * @param [in] level Level of Dilithium key. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2i_dilithium_pub_key_level(dilithium_key* dilithium, byte level, + const unsigned char* mem, long memSz) +{ + return (wc_dilithium_set_level(dilithium, level) == 0) && + (wc_dilithium_import_public(mem, (word32)memSz, dilithium) == 0); +} + +/** + * Try to make a Dilithium EVP PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, + long memSz, int priv) +{ + int isDilithium = 0; + WC_DECLARE_VAR(dilithium, dilithium_key, 1, NULL); + + WC_ALLOC_VAR_EX(dilithium, dilithium_key, 1, NULL, DYNAMIC_TYPE_DILITHIUM, + return 0); + + if (wc_dilithium_init(dilithium) != 0) { + WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); + return 0; + } + + /* Try decoding data as a Dilithium private/public key. */ + if (priv) { + isDilithium = d2i_dilithium_priv_key_level(dilithium, WC_ML_DSA_44, + mem, memSz); + if (!isDilithium) { + isDilithium = d2i_dilithium_priv_key_level(dilithium, WC_ML_DSA_65, + mem, memSz); + } + if (!isDilithium) { + isDilithium = d2i_dilithium_priv_key_level(dilithium, WC_ML_DSA_87, + mem, memSz); + } + } + else { + isDilithium = d2i_dilithium_pub_key_level(dilithium, WC_ML_DSA_44, + mem, memSz); + if (!isDilithium) { + isDilithium = d2i_dilithium_pub_key_level(dilithium, WC_ML_DSA_65, + mem, memSz); + } + if (!isDilithium) { + isDilithium = d2i_dilithium_pub_key_level(dilithium, WC_ML_DSA_87, + mem, memSz); + } + } + /* Dispose of any Dilithium key created. */ + wc_dilithium_free(dilithium); + WC_FREE_VAR_EX(dilithium, NULL, DYNAMIC_TYPE_DILITHIUM); + + if (!isDilithium) { + return WOLFSSL_FATAL_ERROR; + } + + /* Create an EVP PKEY object. */ + return d2i_make_pkey(out, NULL, 0, priv, WC_EVP_PKEY_DILITHIUM); +} +#endif /* HAVE_DILITHIUM */ + +/** + * Try to make a WOLFSSL_EVP_PKEY from data. + * + * @param [in, out] out On in, an EVP PKEY or NULL. + * On out, an EVP PKEY or NULL. + * @param [in] mem Memory containing key data. + * @param [in] memSz Size of key data in bytes. + * @param [in] priv 1 means private key, 0 means public key. + * @return 1 on success. + * @return 0 otherwise. + */ +static WOLFSSL_EVP_PKEY* d2i_evp_pkey_try(WOLFSSL_EVP_PKEY** out, + const unsigned char** in, long inSz, int priv) +{ + WOLFSSL_EVP_PKEY* pkey = NULL; + + WOLFSSL_ENTER("d2i_evp_pkey_try"); + + if (in == NULL || *in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + if ((out != NULL) && (*out != NULL)) { + pkey = *out; + } + +#if !defined(NO_RSA) + if (d2iTryRsaKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* NO_RSA */ +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) + if (d2iTryEccKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_ECC && OPENSSL_EXTRA */ +#if !defined(NO_DSA) + if (d2iTryDsaKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* NO_DSA */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + if (d2iTryDhKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + +#if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + if (d2iTryAltDhKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ + +#ifdef HAVE_FALCON + if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_FALCON */ +#ifdef HAVE_DILITHIUM + if (d2iTryDilithiumKey(&pkey, *in, inSz, priv) >= 0) { + ; + } + else +#endif /* HAVE_DILITHIUM */ + { + WOLFSSL_MSG("d2i_evp_pkey_try couldn't determine key type"); + } + + if ((pkey != NULL) && (out != NULL)) { + *out = pkey; + } + return pkey; +} +#endif /* OPENSSL_EXTRA || WPA_SMALL */ + +#ifdef OPENSSL_EXTRA +/* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. + * + * @param [in, out] out Pointer to new WOLFSSL_EVP_PKEY structure. + * Can be NULL. + * @param [in, out] in DER buffer to convert. + * @param [in] inSz Size of in buffer. + * @return Pointer to a new WOLFSSL_EVP_PKEY structure on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, + const unsigned char** in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); + return d2i_evp_pkey_try(out, in, inSz, 0); +} + +#ifndef NO_BIO +/* Converts a DER encoded public key in a BIO to a WOLFSSL_EVP_PKEY structure. + * + * @param [in] bio BIO to read DER from. + * @param [out] out New WOLFSSL_EVP_PKEY pointer when not NULL. + * @return Pointer to a new WOLFSSL_EVP_PKEY structure on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) +{ + unsigned char* mem; + long memSz; + WOLFSSL_EVP_PKEY* pkey = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio"); + + /* Validate parameters. */ + if (bio == NULL) { + return NULL; + } + + /* Get length of data in BIO. */ + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + return NULL; + } + /* Allocate memory to read all of BIO data into. */ + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + return NULL; + } + /* Read all data into allocated buffer. */ + if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { + /* Create a WOLFSSL_EVP_PKEY from data. */ + pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz); + if (out != NULL && pkey != NULL) { + /* Return new WOLFSSL_EVP_PKEY through parameter. */ + *out = pkey; + } + } + + /* Dispose of memory holding BIO data. */ + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return pkey; +} +#endif /* !NO_BIO */ +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL) +/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. + * + * @param [in, out] out Pointer to new WOLFSSL_EVP_PKEY structure. + * Can be NULL. + * @param [in, out] in DER buffer to convert. + * @param [in] inSz Size of in buffer. + * @return Pointer to a new WOLFSSL_EVP_PKEY structure on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, + unsigned char** in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); + return d2i_evp_pkey_try(out, (const unsigned char**)in, inSz, 1); +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || + * WOLFSSL_WPAS_SMALL*/ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) + +#ifndef NO_BIO +/* Converts a DER encoded private key in a BIO to a WOLFSSL_EVP_PKEY structure. + * + * @param [in] bio BIO to read DER from. + * @param [out] out New WOLFSSL_EVP_PKEY pointer when not NULL. + * @return Pointer to a new WOLFSSL_EVP_PKEY structure on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) +{ + unsigned char* mem = NULL; + int memSz = 0; + WOLFSSL_EVP_PKEY* key = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio"); + + /* Validate parameters. */ + if (bio == NULL) { + return NULL; + } + + /* Get length of data in BIO. */ + memSz = wolfSSL_BIO_get_len(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_get_len() failure"); + return NULL; + } + /* Allocate memory to read all of BIO data into. */ + mem = (unsigned char*)XMALLOC((size_t)memSz, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } + + /* Read all of data. */ + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { + /* Determines key type and returns the new private EVP_PKEY object */ + if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == + NULL) { + WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + /* Write extra data back into bio object if necessary. */ + if (memSz > key->pkey_sz) { + wolfSSL_BIO_write(bio, mem + key->pkey_sz, memSz - key->pkey_sz); + if (wolfSSL_BIO_get_len(bio) <= 0) { + WOLFSSL_MSG("Failed to write memory to bio"); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + } + + /* Return key through parameter if required. */ + if (out != NULL) { + *out = key; + } + } + + /* Dispose of memory holding BIO data. */ + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif /* !NO_BIO */ + +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_NGINX || + * WOLFSSL_QT */ + +#ifdef OPENSSL_EXTRA +/* Reads in a DER format key. If PKCS8 headers are found they are stripped off. + * + * @param [in] type Type of key. + * @param [in, out] out Newly created WOLFSSL_EVP_PKEY structure. + * @param [in, out] in Pointer to input key DER. + * Pointer is advanced the same number of bytes read on + * success. + * @param [in] inSz Size of in buffer. + * @return A non null pointer on success. + * @return NULL on failure. + */ +static WOLFSSL_EVP_PKEY* d2i_evp_pkey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz, int priv) +{ + int ret = 0; + word32 idx = 0, algId; + word16 pkcs8HeaderSz = 0; + WOLFSSL_EVP_PKEY* local; + const unsigned char* p; + int opt; + + (void)opt; + + /* Validate parameters. */ + if (in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + + if (priv == 1) { + /* Check if input buffer has PKCS8 header. In the case that it does not + * have a PKCS8 header then do not error out. */ + if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, + (word32)inSz, &algId)) >= 0) { + WOLFSSL_MSG("Found PKCS8 header"); + pkcs8HeaderSz = (word16)idx; + + /* Check header algorithm id matches algorithm type passed in. */ + if ((type == WC_EVP_PKEY_RSA && algId != RSAk + #ifdef WC_RSA_PSS + && algId != RSAPSSk + #endif + ) || + (type == WC_EVP_PKEY_EC && algId != ECDSAk) || + (type == WC_EVP_PKEY_DSA && algId != DSAk) || + (type == WC_EVP_PKEY_DH && algId != DHk)) { + WOLFSSL_MSG("PKCS8 does not match EVP key type"); + return NULL; + } + + (void)idx; /* not used */ + } + /* Ensure no error occurred try to remove any PKCS#8 header. */ + else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); + return NULL; + } + } + + /* Dispose of any WOLFSSL_EVP_PKEY passed in. */ + if (out != NULL && *out != NULL) { + wolfSSL_EVP_PKEY_free(*out); + *out = NULL; + } + /* Create a new WOLFSSL_EVP_PKEY and populate. */ + local = wolfSSL_EVP_PKEY_new(); + if (local == NULL) { + return NULL; + } + local->type = type; + local->pkey_sz = (int)inSz; + local->pkcs8HeaderSz = pkcs8HeaderSz; + local->pkey.ptr = (char*)XMALLOC((size_t)inSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (local->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + XMEMCPY(local->pkey.ptr, *in, (size_t)inSz); + p = (const unsigned char*)local->pkey.ptr; + + /* Create an algorithm specific object into WOLFSSL_EVP_PKEY. */ + switch (type) { +#ifndef NO_RSA + case WC_EVP_PKEY_RSA: + /* Create a WOLFSSL_RSA object. */ + local->ownRsa = 1; + opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC; + local->rsa = wolfssl_rsa_d2i(NULL, p, local->pkey_sz, opt); + if (local->rsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* NO_RSA */ +#ifdef HAVE_ECC + case WC_EVP_PKEY_EC: + /* Create a WOLFSSL_EC object. */ + local->ownEcc = 1; + local->ecc = wolfSSL_EC_KEY_new(); + if (local->ecc == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + opt = priv ? WOLFSSL_EC_KEY_LOAD_PRIVATE : + WOLFSSL_EC_KEY_LOAD_PUBLIC; + if (wolfSSL_EC_KEY_LoadDer_ex(local->ecc, p, local->pkey_sz, opt) != + WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* HAVE_ECC */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) +#ifndef NO_DSA + case WC_EVP_PKEY_DSA: + /* Create a WOLFSSL_DSA object. */ + local->ownDsa = 1; + local->dsa = wolfSSL_DSA_new(); + if (local->dsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + opt = priv ? WOLFSSL_DSA_LOAD_PRIVATE : WOLFSSL_DSA_LOAD_PUBLIC; + if (wolfSSL_DSA_LoadDer_ex(local->dsa, p, local->pkey_sz, opt) != + WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* NO_DSA */ +#ifndef NO_DH +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + case WC_EVP_PKEY_DH: + /* Create a WOLFSSL_DH object. */ + local->ownDh = 1; + local->dh = wolfSSL_DH_new(); + if (local->dh == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + if (wolfSSL_DH_LoadDer(local->dh, p, local->pkey_sz) != + WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* HAVE_DH */ +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ + default: + WOLFSSL_MSG("Unsupported key type"); + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + + /* Advance pointer and return through parameter when required on success. */ + if (local != NULL) { + if (local->pkey_sz <= (int)inSz) { + *in += local->pkey_sz; + } + if (out != NULL) { + *out = local; + } + } + + /* Return newly allocated WOLFSSL_EVP_PKEY structure. */ + return local; +} + +/* Reads in a DER format key. + * + * @param [in] type Type of key. + * @param [in, out] out Newly created WOLFSSL_EVP_PKEY structure. + * @param [in, out] in Pointer to input key DER. + * Pointer is advanced the same number of bytes read on + * success. + * @param [in] inSz Size of in buffer. + * @return A non null pointer on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PublicKey"); + + return d2i_evp_pkey(type, out, in, inSz, 0); +} + +/* Reads in a DER format key. If PKCS8 headers are found they are stripped off. + * + * @param [in] type Type of key. + * @param [in, out] out Newly created WOLFSSL_EVP_PKEY structure. + * @param [in, out] in Pointer to input key DER. + * Pointer is advanced the same number of bytes read on + * success. + * @param [in] inSz Size of in buffer. + * @return A non null pointer on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, + const unsigned char **in, long inSz) +{ + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); + + return d2i_evp_pkey(type, out, in, inSz, 1); +} +#endif /* OPENSSL_EXTRA */ + +#ifdef OPENSSL_ALL +/* Detect RSA or EC key and decode private key DER. + * + * @param [in, out] pkey Newly created WOLFSSL_EVP_PKEY structure. + * @param [in, out] pp Pointer to private key DER data. + * @param [in] length Length in bytes of DER data. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, + const unsigned char** pp, long length) +{ + int ret; + WOLFSSL_EVP_PKEY* key = NULL; + const byte* der = *pp; + word32 idx = 0; + int len = 0; + int cnt = 0; + word32 algId; + word32 keyLen = (word32)length; + + /* Take off PKCS#8 wrapper if found. */ + if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) { + der += idx; + keyLen = (word32)len; + } + + idx = 0; + len = 0; + /* Use the number of elements in the outer sequence to determine key type. + */ + ret = GetSequence(der, &idx, &len, keyLen); + if (ret >= 0) { + word32 end = idx + (word32)len; + while (ret >= 0 && idx < end) { + /* Skip type */ + idx++; + /* Get length and skip over - keeping count */ + len = 0; + ret = GetLength(der, &idx, &len, keyLen); + if (ret >= 0) { + if (idx + (word32)len > end) { + ret = ASN_PARSE_E; + } + else { + idx += (word32)len; + cnt++; + } + } + } + } + + if (ret >= 0) { + int type; + /* ECC includes version, private[, curve][, public key] */ + if (cnt >= 2 && cnt <= 4) { + type = WC_EVP_PKEY_EC; + } + else { + type = WC_EVP_PKEY_RSA; + } + + /* Decode the detected type of private key. */ + key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); + /* Update the pointer to after the DER data. */ + *pp = der; + } + + return key; +} + +#if !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +/* Read all of the BIO data into a newly allocated buffer. + * + * @param [in] bio BIO to read from. + * @param [out] data Allocated buffer holding all BIO data. + * @return Number of bytes allocated and read. + * @return MEMORY_E on dynamic memory allocation failure. + * @return Other negative on error. + */ +static int bio_get_data(WOLFSSL_BIO* bio, byte** data) +{ + int ret = 0; + byte* mem = NULL; + + /* Get length of data in BIO. */ + ret = wolfSSL_BIO_get_len(bio); + if (ret > 0) { + /* Allocate memory big enough to hold data in BIO. */ + mem = (byte*)XMALLOC((size_t)ret, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (mem == NULL) { + WOLFSSL_MSG("Memory error"); + ret = MEMORY_E; + } + if (ret >= 0) { + /* Read data from BIO. */ + if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { + XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); + ret = MEMORY_E; + mem = NULL; + } + } + } + + /* Return allocated buffer with data from BIO. */ + *data = mem; + return ret; +} + +/* Convert the algorithm id to a key type. + * + * @param [in] algId Algorithm Id. + * @return Key type on success. + * @return WC_EVP_PKEY_NONE when algorithm id not supported. + */ +static int wolfssl_i_alg_id_to_key_type(word32 algId) +{ + int type; + + /* Convert algorithm id into EVP PKEY id. */ + switch (algId) { +#ifndef NO_RSA + case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif + type = WC_EVP_PKEY_RSA; + break; +#endif + #ifdef HAVE_ECC + case ECDSAk: + type = WC_EVP_PKEY_EC; + break; + #endif + #ifndef NO_DSA + case DSAk: + type = WC_EVP_PKEY_DSA; + break; + #endif + #ifndef NO_DH + case DHk: + type = WC_EVP_PKEY_DH; + break; + #endif + default: + WOLFSSL_MSG("PKEY algorithm, from PKCS#8 header, not supported"); + type = WC_EVP_PKEY_NONE; + break; + } + + return type; +} + +/* Creates an WOLFSSL_EVP_PKEY from PKCS#8 encrypted private DER in a BIO. + * + * Uses the PEM default password callback when cb is NULL. + * + * @param [in] bio BIO to read DER from. + * @param [in, out] pkey Newly created WOLFSSL_EVP_PKEY structure. + * @param [in] cb Password callback. May be NULL. + * @param [in] ctx Password callback context. May be NULL. + * @return A non null pointer on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** pkey, wc_pem_password_cb* cb, void* ctx) +{ + int ret; + const byte* p; + byte* der = NULL; + int len; + word32 algId; + WOLFSSL_EVP_PKEY* key; + int type; + char password[NAME_SZ]; + int passwordSz; + + /* Get the data from the BIO into a newly allocated buffer. */ + if ((len = bio_get_data(bio, &der)) < 0) + return NULL; + + /* Use the PEM default callback if none supplied. */ + if (cb == NULL) { + cb = wolfSSL_PEM_def_callback; + } + /* Get the password. */ + passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); + if (passwordSz < 0) { + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Add("wolfSSL_d2i_PKCS8PrivateKey_bio password", password, + passwordSz); +#endif + + /* Decrypt the PKCS#8 encrypted private key and get algorithm. */ + ret = ToTraditionalEnc(der, (word32)len, password, passwordSz, &algId); + ForceZero(password, (word32)passwordSz); +#ifdef WOLFSSL_CHECK_MEM_ZERO + wc_MemZero_Check(password, passwordSz); +#endif + if (ret < 0) { + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + + /* Get the key type from the algorithm id of the PKCS#8 header. */ + if ((type = wolfssl_i_alg_id_to_key_type(algId)) == WC_EVP_PKEY_NONE) { + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + + /* Decode private key with the known type. */ + p = der; + key = d2i_evp_pkey(type, pkey, &p, len, 1); + + /* Dispose of memory holding BIO data. */ + XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); + return key; +} +#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* OPENSSL_ALL */ + +#ifdef OPENSSL_EXTRA +/* Reads in a PKCS#8 DER format key. + * + * @param [in, out] pkey Newly created WOLFSSL_PKCS8_PRIV_KEY_INFO structure. + * @param [in, out] keyBuf Pointer to input key DER. + * Pointer is advanced the same number of bytes read on + * success. + * @param [in] keyLen Number of bytes in keyBuf. + * @return A non null pointer on success. + * @return NULL on failure. + */ +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, + long keyLen) +{ + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + int ret; + DerBuffer* pkcs8Der = NULL; + DerBuffer rawDer; + EncryptedInfo info; + int advanceLen = 0; + + /* Clear the encryption information and DER buffer. */ + XMEMSET(&info, 0, sizeof(info)); + XMEMSET(&rawDer, 0, sizeof(rawDer)); + + /* Validate parameters. */ + if ((keyBuf == NULL) || (*keyBuf == NULL) || (keyLen <= 0)) { + WOLFSSL_MSG("Bad key PEM/DER args"); + return NULL; + } + + /* Try to decode the PEM into DER. */ + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, + NULL); + if (ret >= 0) { + /* Cache the amount of data in PEM formatted private key. */ + advanceLen = (int)info.consumed; + } + else { + /* Not PEM - create a DerBuffer with the PKCS#8 DER data. */ + WOLFSSL_MSG("Not PEM format"); + ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + if (ret == 0) { + XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen); + } + } + + if (ret == 0) { + /* Verify this is PKCS8 Key */ + word32 inOutIdx = 0; + word32 algId; + + ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, + pkcs8Der->length, &algId); + if (ret >= 0) { + if (advanceLen == 0) { + /* Set only if not PEM */ + advanceLen = (int)inOutIdx + ret; + } + if (algId == DHk) { + /* Special case for DH as we expect the DER buffer to be always + * be in PKCS8 format */ + rawDer.buffer = pkcs8Der->buffer; + rawDer.length = inOutIdx + (word32)ret; + } + else { + rawDer.buffer = pkcs8Der->buffer + inOutIdx; + rawDer.length = (word32)ret; + } + ret = 0; /* good DER */ + } + } + + if (ret == 0) { + /* Create a WOLFSSL_EVP_PKEY for a WOLFSSL_PKCS8_PRIV_KEY_INFO. */ + pkcs8 = wolfSSL_EVP_PKEY_new(); + if (pkcs8 == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + /* Allocate memory to hold DER. */ + pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkcs8->pkey.ptr == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + /* Copy in DER data and size. */ + XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); + pkcs8->pkey_sz = (int)rawDer.length; + } + + /* Dispose of PKCS#8 DER data - raw DER reference data in pkcs8Der. */ + FreeDer(&pkcs8Der); + if (ret != 0) { + /* Dispose of WOLFSSL_PKCS8_PRIV_KEY_INFO object on error. */ + wolfSSL_EVP_PKEY_free(pkcs8); + pkcs8 = NULL; + } + else { + /* Advance the buffer past the key on success. */ + *keyBuf += advanceLen; + } + if (pkey != NULL) { + /* Return the WOLFSSL_PKCS8_PRIV_KEY_INFO object through parameter. */ + *pkey = pkcs8; + } +#else + (void)pkey; + (void)keyBuf; + (void)keyLen; +#endif /* WOLFSSL_PEM_TO_DER */ + + /* Return new WOLFSSL_PKCS8_PRIV_KEY_INFO object. */ + return pkcs8; +} + +#ifndef NO_BIO +/* Converts a DER format key read from BIO to a PKCS#8 structure. + * + * @param [in] bio Input BIO to read DER from. + * @param [out] pkey If not NULL then this pointer will be overwritten with a + * new PKCS8 structure. + * @return A WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success + * @return NULL on failure. + */ +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) +{ + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + unsigned char* mem = NULL; + int memSz; + + WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); + + /* Validate parameters. */ + if (bio == NULL) { + return NULL; + } + + /* Get the memory buffer from the BIO. */ + if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { + return NULL; + } + + /* Decode the PKCS#8 key into a WOLFSSL_PKCS8_PRIV_KEY_INFO object. */ + pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ + + /* Return new WOLFSSL_PKCS8_PRIV_KEY_INFO object. */ + return pkcs8; +} +#endif /* !NO_BIO */ + +#ifdef WOLF_PRIVATE_KEY_ID +/* Create an EVP structure for use with crypto callbacks. + * + * @param [in] type Type of private key. + * @param [out] out WOLFSSL_EVP_PKEY object created. + * @param [in] heap Heap hint for dynamic memory allocation. + * @param [in] devId Device id. + * @return A new WOLFSSL_EVP_PKEY object on success. + * @return NULL on failure. + */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, + void* heap, int devId) +{ + WOLFSSL_EVP_PKEY* local; + + /* Dispose of any object passed in through out. */ + if (out != NULL && *out != NULL) { + wolfSSL_EVP_PKEY_free(*out); + *out = NULL; + } + + /* Create a local WOLFSSL_EVP_PKEY to be decoded into. */ + local = wolfSSL_EVP_PKEY_new_ex(heap); + if (local == NULL) { + return NULL; + } + local->type = type; + local->pkey_sz = 0; + local->pkcs8HeaderSz = 0; + + switch (type) { +#ifndef NO_RSA + case WC_EVP_PKEY_RSA: + { + /* Create a WOLFSSL_RSA object into WOLFSSL_EVP_PKEY. */ + local->rsa = wolfSSL_RSA_new_ex(heap, devId); + if (local->rsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + local->ownRsa = 1; + /* Algorithm specific object set into WOLFSL_EVP_PKEY. */ + local->rsa->inSet = 1; + #ifdef WOLF_CRYPTO_CB + ((RsaKey*)local->rsa->internal)->devId = devId; + #endif + break; + } +#endif /* !NO_RSA */ +#ifdef HAVE_ECC + case WC_EVP_PKEY_EC: + { + ecc_key* key; + + /* Create a WOLFSSL_EC object into WOLFSSL_EVP_PKEY. */ + local->ecc = wolfSSL_EC_KEY_new_ex(heap, devId); + if (local->ecc == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + local->ownEcc = 1; + /* Algorithm specific object set into WOLFSL_EVP_PKEY. */ + local->ecc->inSet = 1; + + /* Get wolfSSL EC key and set fields. */ + key = (ecc_key*)local->ecc->internal; + #ifdef WOLF_CRYPTO_CB + key->devId = devId; + #endif + key->type = ECC_PRIVATEKEY; + /* key is required to have a key size / curve set, although + * actual one used is determined by devId callback function. */ + wc_ecc_set_curve(key, ECDHE_SIZE, ECC_CURVE_DEF); + break; + } +#endif /* HAVE_ECC */ + default: + WOLFSSL_MSG("Unsupported private key id type"); + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + + /* Return new WOLFSSL_EVP_PKEY through parameter if required. */ + if (local != NULL && out != NULL) { + *out = local; + } + /* Return new WOLFSSL_EVP_PKEY. */ + return local; +} +#endif /* WOLF_PRIVATE_KEY_ID */ +#endif /* OPENSSL_EXTRA */ + +/******************************************************************************* + * END OF d2i APIs + ******************************************************************************/ + +/******************************************************************************* + * START OF i2d APIs + ******************************************************************************/ + +#ifdef OPENSSL_ALL +/* Encode PKCS#8 key as DER data. + * + * @param [in] key PKCS#8 private key to encode. + * @param [out] pp Pointer to buffer of encoded data. + * @return Length of DER encoded data on success. + * @return Less than zero on failure. + */ +int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) +{ + word32 keySz = 0; + unsigned char* out; + int len; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); + + /* Validate parameters. */ + if (key == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + /* Get the length of DER encoding. */ + if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + return WOLFSSL_FATAL_ERROR; + } + len = (int)keySz; + + /* Return the length when output parameter is NULL. */ + if ((pp == NULL) || (len == 0)) { + return len; + } + + /* Allocate memory for DER encoding if NULL passed in for output buffer. */ + if (*pp == NULL) { + out = (unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) { + return WOLFSSL_FATAL_ERROR; + } + } + else { + /* Use buffer passed in - assume it is big enough. */ + out = *pp; + } + + /* Encode the PKCS#8 key into the output buffer. */ + if (pkcs8_encode(key, out, &keySz) != len) { + if (*pp == NULL) { + XFREE(out, NULL, DYNAMIC_TYPE_ASN1); + } + return WOLFSSL_FATAL_ERROR; + } + + /* Return new output buffer or move pointer passed encoded data. */ + if (*pp == NULL) { + *pp = out; + } + else { + *pp += len; + } + + return len; +} +#endif + +#ifdef OPENSSL_EXTRA + +#if !defined(NO_ASN) && !defined(NO_PWDBASED) +/* Get raw pointer to DER buffer from WOLFSSL_EVP_PKEY. + * + * Assumes der is large enough if passed in. + * + * @param [in] key WOLFSSL_EVP_PKEY to get DER buffer for. + * @param [out] der Buffer holding DER encoding. May be NULL. + * @return Size of DER encoding on success. + * @return Less than 0 on failure. + */ +static int wolfssl_i_evp_pkey_get_der(const WOLFSSL_EVP_PKEY* key, + unsigned char** der) +{ + int sz; + word16 pkcs8HeaderSz; + + /* Validate parameters. */ + if ((key == NULL) || (key->pkey_sz == 0)) { + return WOLFSSL_FATAL_ERROR; + } + + /* If pkcs8HeaderSz is invalid, return all of the DER encoding. */ + pkcs8HeaderSz = 0; + if (key->pkey_sz > key->pkcs8HeaderSz) { + pkcs8HeaderSz = key->pkcs8HeaderSz; + } + /* Calculate the size of the DER encoding to return. */ + sz = key->pkey_sz - pkcs8HeaderSz; + /* Returning encoding when DER is not NULL. */ + if (der != NULL) { + unsigned char* pt = (unsigned char*)key->pkey.ptr; + int bufferPassedIn = ((*der) != NULL); + + if (!bufferPassedIn) { + /* Allocate buffer to hold DER encoding. */ + *der = (unsigned char*)XMALLOC((size_t)sz, NULL, + DYNAMIC_TYPE_OPENSSL); + if (*der == NULL) { + return WOLFSSL_FATAL_ERROR; + } + } + /* Copy in non-PKCS#8 DER encoding. */ + XMEMCPY(*der, pt + pkcs8HeaderSz, (size_t)sz); + /* Step past encoded key when buffer provided. */ + if (bufferPassedIn) { + *der += sz; + } + } + + /* Return size of DER encoded data. */ + return sz; +} + +/* Encode key as unencrypted DER data. + * + * @param [in] key PKCS#8 private key to encode. + * @param [out] der Pointer to buffer of encoded data. + * @return Length of DER encoded data on success. + * @return Less than zero on failure. + */ +int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der) +{ + return wolfssl_i_evp_pkey_get_der(key, der); +} + +#ifndef NO_BIO +/* Encode key as unencrypted DER data and write to BIO. + * + * @param [in] bio BIO to write data to. + * @param [in] key PKCS#8 private key to encode. + * @return Length of DER encoded data on success. + * @return Less than zero on failure. + */ +int wolfSSL_i2d_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int derSz = 0; + byte* der = NULL; + + if (bio == NULL || key == NULL) { + return WOLFSSL_FAILURE; + } + + derSz = wolfSSL_i2d_PrivateKey(key, &der); + if (derSz <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_PrivateKey (for getting size) failed"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, der, derSz) != derSz) { + goto cleanup; + } + + ret = WOLFSSL_SUCCESS; + +cleanup: + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + return ret; +} +#endif + +#ifdef HAVE_ECC +/* Encode EC key as public key DER. + * + * @param [in] key WOLFSSL_EVP_KEY object to encode. + * @param [in] ec WOLFSSL_EC_KEY object to encode. + * @param [out] der Buffer with DER encoding of EC public key. + * @return Public key DER encoding size on success. + * @return WOLFSSL_FATAL_ERROR when dynamic memory allocation fails. + * @return WOLFSSL_FATAL_ERROR when encoding fails. + */ +static int wolfssl_i_i2d_ecpublickey(const WOLFSSL_EVP_PKEY* key, + const WOLFSSL_EC_KEY *ec, unsigned char **der) +{ + word32 pub_derSz = 0; + int ret; + unsigned char *local_der = NULL; + word32 local_derSz = 0; + unsigned char *pub_der = NULL; + ecc_key *eccKey = NULL; + word32 inOutIdx = 0; + + /* We need to get the DER, then convert it to a public key. But what we get + * might be a buffered private key so we need to decode it and then encode + * the public part. */ + ret = wolfssl_i_evp_pkey_get_der(key, &local_der); + if (ret <= 0) { + /* In this case, there was no buffered DER at all. This could be the + * case where the key that was passed in was generated. So now we + * have to create the local DER. */ + local_derSz = (word32)wolfSSL_i2d_ECPrivateKey(ec, &local_der); + if (local_derSz == 0) { + ret = WOLFSSL_FATAL_ERROR; + } + } else { + local_derSz = (word32)ret; + ret = 0; + } + + if (ret == 0) { + eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, DYNAMIC_TYPE_ECC); + if (eccKey == NULL) { + WOLFSSL_MSG("Failed to allocate key buffer."); + ret = WOLFSSL_FATAL_ERROR; + } + } + + /* Initialize a wolfCrypt ECC key. */ + if (ret == 0) { + ret = wc_ecc_init(eccKey); + } + if (ret == 0) { + /* Decode the DER data with wolfCrypt ECC key. */ + ret = wc_EccPublicKeyDecode(local_der, &inOutIdx, eccKey, local_derSz); + if (ret < 0) { + /* We now try again as x.963 [point type][x][opt y]. */ + ret = wc_ecc_import_x963(local_der, local_derSz, eccKey); + } + } + + if (ret == 0) { + /* Get the size of the encoding of the public key DER. */ + pub_derSz = (word32)wc_EccPublicKeyDerSize(eccKey, 1); + if ((int)pub_derSz <= 0) { + ret = WOLFSSL_FAILURE; + } + } + + if (ret == 0) { + /* Allocate memory for public key DER encoding. */ + pub_der = (unsigned char*)XMALLOC(pub_derSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pub_der == NULL) { + WOLFSSL_MSG("Failed to allocate output buffer."); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (ret == 0) { + /* Encode public key as DER. */ + pub_derSz = (word32)wc_EccPublicKeyToDer(eccKey, pub_der, pub_derSz, 1); + if ((int)pub_derSz <= 0) { + ret = WOLFSSL_FATAL_ERROR; + } + } + + /* This block is for actually returning the DER of the public key */ + if ((ret == 0) && (der != NULL)) { + int bufferPassedIn = ((*der) != NULL); + if (!bufferPassedIn) { + *der = (unsigned char*)XMALLOC(pub_derSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (*der == NULL) { + WOLFSSL_MSG("Failed to allocate output buffer."); + ret = WOLFSSL_FATAL_ERROR; + } + } + if (ret == 0) { + XMEMCPY(*der, pub_der, pub_derSz); + if (bufferPassedIn) { + *der += pub_derSz; + } + } + } + + /* Dispose of allocated objects. */ + XFREE(pub_der, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(local_der, NULL, DYNAMIC_TYPE_OPENSSL); + wc_ecc_free(eccKey); + XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC); + + /* Return error or the size of the DER encoded public key. */ + if (ret == 0) { + ret = (int)pub_derSz; + } + return ret; +} +#endif + +/* Encode the WOLFSSL_EVP_PKEY object as public key DER. + * + * @param [in] key WOLFSLS_EVP_PKEY object to encode. + * @param [out] der Buffer with DER encoding of public key. + * @return Public key DER encoding size on success. + * @return WOLFSSL_FATAL_ERROR when key is NULL. + * @return WOLFSSL_FATAL_ERROR when key type not supported. + * @return WOLFSSL_FATAL_ERROR when dynamic memory allocation fails. + */ +int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY *key, unsigned char **der) +{ + int ret; + + /* Validate parameters. */ + if (key == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + /* Encode based on key type. */ + switch (key->type) { + #ifndef NO_RSA + case WC_EVP_PKEY_RSA: + return wolfSSL_i2d_RSAPublicKey(key->rsa, der); + #endif + #ifdef HAVE_ECC + case WC_EVP_PKEY_EC: + return wolfssl_i_i2d_ecpublickey(key, key->ecc, der); + #endif + default: + ret = WOLFSSL_FATAL_ERROR; + break; + } + + return ret; +} + +/* Encode the WOLFSSL_EVP_PKEY object as public key DER. + * + * @param [in] key WOLFSLS_EVP_PKEY object to encode. + * @param [out] der Buffer with DER encoding of public key. + * @return Public key DER encoding size on success. + * @return WOLFSSL_FATAL_ERROR when key is NULL. + * @return WOLFSSL_FATAL_ERROR when key type not supported. + * @return WOLFSSL_FATAL_ERROR when dynamic memory allocation fails. + */ +int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der) +{ + return wolfSSL_i2d_PublicKey(key, der); +} +#endif /* !NO_ASN && !NO_PWDBASED */ + +#endif /* OPENSSL_EXTRA */ + +#endif /* !NO_CERTS */ + +/******************************************************************************* + * END OF i2d APIs + ******************************************************************************/ + +#endif /* !WOLFSSL_EVP_PK_INCLUDED */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_lms.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_lms.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_lms.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_lms.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_lms.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -840,6 +840,22 @@ return -1; } + if ((size_t)*sigSz < len) { + /* Signature buffer too small. */ + WOLFSSL_MSG("error: LMS sig buffer too small"); + return BUFFER_E; + } + + if (key->write_private_key == NULL) { + WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); + return BAD_FUNC_ARG; + } + + if (key->context == NULL) { + WOLFSSL_MSG("error: LmsKey context is not set"); + return BAD_FUNC_ARG; + } + result = hss_generate_signature(key->working_key, LmsWritePrivKey, key, (const void *) msg, msgSz, sig, len, &key->info); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_mlkem.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_mlkem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_mlkem.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_mlkem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_mlkem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ext_xmss.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_xmss.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/falcon.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* falcon.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,10 +98,6 @@ } } - if ((ret == 0) && (oqssig == NULL)) { - ret = BUFFER_E; - } - /* check and set up out length */ if (ret == 0) { if ((key->level == 1) && (*outLen < FALCON_LEVEL1_SIG_SIZE)) { @@ -117,20 +113,18 @@ if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *outLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *outLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); } @@ -196,10 +190,6 @@ } } - if ((ret == 0) && (oqssig == NULL)) { - ret = BUFFER_E; - } - if ((ret == 0) && (OQS_SIG_verify(oqssig, msg, msgLen, sig, sigLen, key->p) == OQS_ERROR)) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_448.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_low_mem.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_low_mem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_low_mem.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_low_mem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_low_mem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -179,6 +179,256 @@ fe_normalize(result); return 0; } + +#ifdef WC_X25519_NONBLOCK + +int fe_inv__distinct_nb(byte *r, const byte *x, fe_inv__distinct_nb_ctx_t* ctx) +{ + int ret = FP_WOULDBLOCK; + + switch (ctx->state) { + case 0: + fe_mul__distinct(ctx->s, x, x); + fe_mul__distinct(r, ctx->s, x); + ctx->i = 0; + ctx->subState = 0; + ctx->state = 1; + break; + case 1: + if (ctx->i < 248) { + if (ctx->subState == 0) { + fe_mul__distinct(ctx->s, r, r); + ctx->subState = 1; + } + else { + fe_mul__distinct(r, ctx->s, x); + ctx->subState = 0; + ++(ctx->i); + } + } + else { + ctx->state = 2; + ctx->subState = 0; + } + break; + case 2: + switch (ctx->subState) { + case 0: + fe_mul__distinct(ctx->s, r, r); + ctx->subState = 1; + break; + case 1: + fe_mul__distinct(r, ctx->s, ctx->s); + ctx->subState = 2; + break; + case 2: + fe_mul__distinct(ctx->s, r, x); + ctx->subState = 3; + break; + case 3: + fe_mul__distinct(r, ctx->s, ctx->s); + ctx->subState = 4; + break; + case 4: + fe_mul__distinct(ctx->s, r, r); + ctx->subState = 5; + break; + case 5: + fe_mul__distinct(r, ctx->s, x); + ctx->subState = 6; + break; + case 6: + fe_mul__distinct(ctx->s, r, r); + ctx->subState = 7; + break; + case 7: + fe_mul__distinct(r, ctx->s, x); + ret = 0; + break; + default: + ctx->subState = 0; + break; + } + break; + } + + if (ret == 0) { + XMEMSET(ctx, 0, sizeof(fe_inv__distinct_nb_ctx_t)); + } + + return ret; +} + + +int curve25519_nb(byte *result, const byte *n, const byte *p, + struct x25519_nb_ctx_t* ctx) +{ + int ret = FP_WOULDBLOCK; + + switch (ctx->state) { + case 0: + XMEMSET(ctx->zm, 0, sizeof(ctx->zm)); + ctx->zm[0] = 1; + XMEMSET(ctx->xm1, 0, sizeof(ctx->xm1)); + ctx->xm1[0] = 1; + XMEMSET(ctx->zm1, 0, sizeof(ctx->zm1)); + lm_copy(ctx->xm, p); + ctx->i = 253; + ctx->subState = 0; + ctx->state = 1; + break; + case 1: + if (ctx->i >= 0) { + switch (ctx->subState) { + case 0: + ctx->bit = (n[ctx->i >> 3] >> (ctx->i & 7)) & 1; + /* Diffadd step 1 */ + lm_add(ctx->a, ctx->xm, ctx->zm); + lm_sub(ctx->b, ctx->xm1, ctx->zm1); + fe_mul__distinct(ctx->da, ctx->a, ctx->b); + ctx->subState = 1; + break; + case 1: + /* Diffadd step 2 */ + lm_sub(ctx->b, ctx->xm, ctx->zm); + lm_add(ctx->a, ctx->xm1, ctx->zm1); + fe_mul__distinct(ctx->cb, ctx->a, ctx->b); + ctx->subState = 2; + break; + case 2: + /* Diffadd step 3 */ + lm_add(ctx->a, ctx->da, ctx->cb); + fe_mul__distinct(ctx->b, ctx->a, ctx->a); + ctx->subState = 3; + break; + case 3: + /* Diffadd step 4 */ + fe_mul__distinct(ctx->xm1, f25519_one, ctx->b); + ctx->subState = 4; + break; + case 4: + /* Diffadd step 5 */ + lm_sub(ctx->a, ctx->da, ctx->cb); + fe_mul__distinct(ctx->b, ctx->a, ctx->a); + ctx->subState = 5; + break; + case 5: + /* Diffadd step 6 */ + fe_mul__distinct(ctx->zm1, p, ctx->b); + ctx->subState = 6; + break; + case 6: + /* Double step 1 */ + fe_mul__distinct(ctx->x1sq, ctx->xm, ctx->xm); + ctx->subState = 7; + break; + case 7: + /* Double step 2 */ + fe_mul__distinct(ctx->z1sq, ctx->zm, ctx->zm); + ctx->subState = 8; + break; + case 8: + /* Double step 3 */ + fe_mul__distinct(ctx->x1z1, ctx->xm, ctx->zm); + ctx->subState = 9; + break; + case 9: + /* Double step 4 */ + lm_sub(ctx->a, ctx->x1sq, ctx->z1sq); + fe_mul__distinct(ctx->xm, ctx->a, ctx->a); + ctx->subState = 10; + break; + case 10: + /* Double step 5 */ + fe_mul_c(ctx->a, ctx->x1z1, 486662); + lm_add(ctx->a, ctx->x1sq, ctx->a); + lm_add(ctx->a, ctx->z1sq, ctx->a); + fe_mul__distinct(ctx->x1sq, ctx->x1z1, ctx->a); + ctx->subState = 11; + break; + case 11: + fe_mul_c(ctx->zm, ctx->x1sq, 4); + ctx->subState = 12; + break; + case 12: + /* Diffadd2 step 1 */ + lm_add(ctx->a, ctx->xm, ctx->zm); + lm_sub(ctx->b, p, f25519_one); + fe_mul__distinct(ctx->da, ctx->a, ctx->b); + ctx->subState = 13; + break; + case 13: + /* Diffadd2 step 2 */ + lm_sub(ctx->b, ctx->xm, ctx->zm); + lm_add(ctx->a, p, f25519_one); + fe_mul__distinct(ctx->cb, ctx->a, ctx->b); + ctx->subState = 14; + break; + case 14: + /* Diffadd2 step 3 */ + lm_add(ctx->a, ctx->da, ctx->cb); + fe_mul__distinct(ctx->b, ctx->a, ctx->a); + ctx->subState = 15; + break; + case 15: + /* Diffadd2 step 4 */ + fe_mul__distinct(ctx->xms, ctx->zm1, ctx->b); + ctx->subState = 16; + break; + case 16: + /* Diffadd2 step 5 */ + lm_sub(ctx->a, ctx->da, ctx->cb); + fe_mul__distinct(ctx->b, ctx->a, ctx->a); + ctx->subState = 17; + break; + case 17: + /* Diffadd2 step 6 */ + fe_mul__distinct(ctx->zms, ctx->xm1, ctx->b); + ctx->subState = 18; + break; + case 18: + /* Select: + * bit = 1 --> (P_(2m+1), P_(2m)) + * bit = 0 --> (P_(2m), P_(2m-1)) + */ + fe_select(ctx->xm1, ctx->xm1, ctx->xm, ctx->bit); + fe_select(ctx->zm1, ctx->zm1, ctx->zm, ctx->bit); + fe_select(ctx->xm, ctx->xm, ctx->xms, ctx->bit); + fe_select(ctx->zm, ctx->zm, ctx->zms, ctx->bit); + --(ctx->i); + ctx->subState = 0; + break; + default: + ctx->subState = 0; + break; + } + } + else { + ctx->state = 2; + } + break; + case 2: + /* Freeze out of projective coordinates */ + if (fe_inv__distinct_nb(ctx->zm1, ctx->zm, + &ctx->inv_distinct_nb_ctx) == 0) { + ctx->state = 3; + } + break; + case 3: + fe_mul__distinct(result, ctx->zm1, ctx->xm); + fe_normalize(result); + ret = 0; + break; + } + + if (ret == 0) { + XMEMSET(ctx, 0, sizeof(x25519_nb_ctx_t)); + } + + return ret; +} +#endif /* WC_X25519_NONBLOCK */ + #endif /* !FREESCALE_LTC_ECC */ #endif /* CURVE25519_SMALL */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_operations.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_operations.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_operations.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_operations.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_operations.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_128.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_128.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_128.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_128.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_x25519_128.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fe_x25519_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_x25519_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -85,6 +85,17 @@ cmpl $0x50, %eax jne L_fe_init_flags_done #ifndef __APPLE__ + movq fe_cmov_table_avx2@GOTPCREL(%rip), %rax +#else + leaq _fe_cmov_table_avx2(%rip), %rax +#endif /* __APPLE__ */ +#ifndef __APPLE__ + movq fe_cmov_table_p@GOTPCREL(%rip), %rdx + movq %rax, (%rdx) +#else + movq %rax, _fe_cmov_table_p(%rip) +#endif /* __APPLE__ */ +#ifndef __APPLE__ movq fe_mul_avx2@GOTPCREL(%rip), %rax #else leaq _fe_mul_avx2(%rip), %rax @@ -139,18 +150,6 @@ #else movq %rax, _curve25519_p(%rip) #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 -#ifndef __APPLE__ - movq fe_sq2_avx2@GOTPCREL(%rip), %rax -#else - leaq _fe_sq2_avx2(%rip), %rax -#endif /* __APPLE__ */ -#ifndef __APPLE__ - movq fe_sq2_p@GOTPCREL(%rip), %rdx - movq %rax, (%rdx) -#else - movq %rax, _fe_sq2_p(%rip) -#endif /* __APPLE__ */ #ifndef __APPLE__ movq fe_pow22523_avx2@GOTPCREL(%rip), %rax #else @@ -239,6 +238,42 @@ #else movq %rax, _ge_sub_p(%rip) #endif /* __APPLE__ */ +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#ifndef __APPLE__ + movq curve25519_base_avx2@GOTPCREL(%rip), %rax +#else + leaq _curve25519_base_avx2(%rip), %rax +#endif /* __APPLE__ */ +#ifndef __APPLE__ + movq curve25519_base_p@GOTPCREL(%rip), %rdx + movq %rax, (%rdx) +#else + movq %rax, _curve25519_base_p(%rip) +#endif /* __APPLE__ */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ +#ifdef HAVE_ED25519 +#ifndef __APPLE__ + movq fe_sq2_avx2@GOTPCREL(%rip), %rax +#else + leaq _fe_sq2_avx2(%rip), %rax +#endif /* __APPLE__ */ +#ifndef __APPLE__ + movq fe_sq2_p@GOTPCREL(%rip), %rdx + movq %rax, (%rdx) +#else + movq %rax, _fe_sq2_p(%rip) +#endif /* __APPLE__ */ +#ifndef __APPLE__ + movq fe_invert_nct_avx2@GOTPCREL(%rip), %rax +#else + leaq _fe_invert_nct_avx2(%rip), %rax +#endif /* __APPLE__ */ +#ifndef __APPLE__ + movq fe_invert_nct_p@GOTPCREL(%rip), %rdx + movq %rax, (%rdx) +#else + movq %rax, _fe_invert_nct_p(%rip) +#endif /* __APPLE__ */ #ifndef __APPLE__ movq sc_reduce_avx2@GOTPCREL(%rip), %rax #else @@ -419,7 +454,6 @@ .p2align 4 _fe_sub: #endif /* __APPLE__ */ - pushq %r12 # Sub movq (%rsi), %rax movq 8(%rsi), %rcx @@ -429,13 +463,12 @@ sbbq 8(%rdx), %rcx sbbq 16(%rdx), %r8 sbbq 24(%rdx), %r9 - sbbq %r11, %r11 - shldq $0x01, %r9, %r11 - movq $0x7fffffffffffffff, %r12 - imulq $-19, %r11 - andq %r12, %r9 + sbbq %r10, %r10 + shldq $0x01, %r9, %r10 + imulq $-19, %r10 + btr $63, %r9 # Add modulus (if underflow) - subq %r11, %rax + subq %r10, %rax sbbq $0x00, %rcx sbbq $0x00, %r8 sbbq $0x00, %r9 @@ -443,7 +476,6 @@ movq %rcx, 8(%rdi) movq %r8, 16(%rdi) movq %r9, 24(%rdi) - popq %r12 repz retq #ifndef __APPLE__ .size fe_sub,.-fe_sub @@ -460,7 +492,6 @@ .p2align 4 _fe_add: #endif /* __APPLE__ */ - pushq %r12 # Add movq (%rsi), %rax movq 8(%rsi), %rcx @@ -470,14 +501,13 @@ movq 24(%rsi), %r9 adcq 16(%rdx), %r8 adcq 24(%rdx), %r9 - movq $0x00, %r11 - adcq $0x00, %r11 - shldq $0x01, %r9, %r11 - movq $0x7fffffffffffffff, %r12 - imulq $19, %r11 - andq %r12, %r9 + movq $0x00, %r10 + adcq $0x00, %r10 + shldq $0x01, %r9, %r10 + imulq $19, %r10 + btr $63, %r9 # Sub modulus (if overflow) - addq %r11, %rax + addq %r10, %rax adcq $0x00, %rcx adcq $0x00, %r8 adcq $0x00, %r9 @@ -485,7 +515,6 @@ movq %rcx, 8(%rdi) movq %r8, 16(%rdi) movq %r9, 24(%rdi) - popq %r12 repz retq #ifndef __APPLE__ .size fe_add,.-fe_add @@ -628,279 +657,11 @@ .p2align 4 _fe_cmov_table: #endif /* __APPLE__ */ - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - movq %rdx, %rcx - movsbq %cl, %rax - cdq - xorb %dl, %al - subb %dl, %al - movb %al, %r15b - movq $0x01, %rax - xorq %rdx, %rdx - xorq %r8, %r8 - xorq %r9, %r9 - movq $0x01, %r10 - xorq %r11, %r11 - xorq %r12, %r12 - xorq %r13, %r13 - cmpb $0x01, %r15b - movq (%rsi), %r14 - cmoveq %r14, %rax - movq 8(%rsi), %r14 - cmoveq %r14, %rdx - movq 16(%rsi), %r14 - cmoveq %r14, %r8 - movq 24(%rsi), %r14 - cmoveq %r14, %r9 - movq 32(%rsi), %r14 - cmoveq %r14, %r10 - movq 40(%rsi), %r14 - cmoveq %r14, %r11 - movq 48(%rsi), %r14 - cmoveq %r14, %r12 - movq 56(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $2, %r15b - movq 96(%rsi), %r14 - cmoveq %r14, %rax - movq 104(%rsi), %r14 - cmoveq %r14, %rdx - movq 112(%rsi), %r14 - cmoveq %r14, %r8 - movq 120(%rsi), %r14 - cmoveq %r14, %r9 - movq 128(%rsi), %r14 - cmoveq %r14, %r10 - movq 136(%rsi), %r14 - cmoveq %r14, %r11 - movq 144(%rsi), %r14 - cmoveq %r14, %r12 - movq 152(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $3, %r15b - movq 192(%rsi), %r14 - cmoveq %r14, %rax - movq 200(%rsi), %r14 - cmoveq %r14, %rdx - movq 208(%rsi), %r14 - cmoveq %r14, %r8 - movq 216(%rsi), %r14 - cmoveq %r14, %r9 - movq 224(%rsi), %r14 - cmoveq %r14, %r10 - movq 232(%rsi), %r14 - cmoveq %r14, %r11 - movq 240(%rsi), %r14 - cmoveq %r14, %r12 - movq 248(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $4, %r15b - movq 288(%rsi), %r14 - cmoveq %r14, %rax - movq 296(%rsi), %r14 - cmoveq %r14, %rdx - movq 304(%rsi), %r14 - cmoveq %r14, %r8 - movq 312(%rsi), %r14 - cmoveq %r14, %r9 - movq 320(%rsi), %r14 - cmoveq %r14, %r10 - movq 328(%rsi), %r14 - cmoveq %r14, %r11 - movq 336(%rsi), %r14 - cmoveq %r14, %r12 - movq 344(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $5, %r15b - movq 384(%rsi), %r14 - cmoveq %r14, %rax - movq 392(%rsi), %r14 - cmoveq %r14, %rdx - movq 400(%rsi), %r14 - cmoveq %r14, %r8 - movq 408(%rsi), %r14 - cmoveq %r14, %r9 - movq 416(%rsi), %r14 - cmoveq %r14, %r10 - movq 424(%rsi), %r14 - cmoveq %r14, %r11 - movq 432(%rsi), %r14 - cmoveq %r14, %r12 - movq 440(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $6, %r15b - movq 480(%rsi), %r14 - cmoveq %r14, %rax - movq 488(%rsi), %r14 - cmoveq %r14, %rdx - movq 496(%rsi), %r14 - cmoveq %r14, %r8 - movq 504(%rsi), %r14 - cmoveq %r14, %r9 - movq 512(%rsi), %r14 - cmoveq %r14, %r10 - movq 520(%rsi), %r14 - cmoveq %r14, %r11 - movq 528(%rsi), %r14 - cmoveq %r14, %r12 - movq 536(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $7, %r15b - movq 576(%rsi), %r14 - cmoveq %r14, %rax - movq 584(%rsi), %r14 - cmoveq %r14, %rdx - movq 592(%rsi), %r14 - cmoveq %r14, %r8 - movq 600(%rsi), %r14 - cmoveq %r14, %r9 - movq 608(%rsi), %r14 - cmoveq %r14, %r10 - movq 616(%rsi), %r14 - cmoveq %r14, %r11 - movq 624(%rsi), %r14 - cmoveq %r14, %r12 - movq 632(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $8, %r15b - movq 672(%rsi), %r14 - cmoveq %r14, %rax - movq 680(%rsi), %r14 - cmoveq %r14, %rdx - movq 688(%rsi), %r14 - cmoveq %r14, %r8 - movq 696(%rsi), %r14 - cmoveq %r14, %r9 - movq 704(%rsi), %r14 - cmoveq %r14, %r10 - movq 712(%rsi), %r14 - cmoveq %r14, %r11 - movq 720(%rsi), %r14 - cmoveq %r14, %r12 - movq 728(%rsi), %r14 - cmoveq %r14, %r13 - cmpb $0x00, %cl - movq %rax, %r14 - cmovlq %r10, %rax - cmovlq %r14, %r10 - movq %rdx, %r14 - cmovlq %r11, %rdx - cmovlq %r14, %r11 - movq %r8, %r14 - cmovlq %r12, %r8 - cmovlq %r14, %r12 - movq %r9, %r14 - cmovlq %r13, %r9 - cmovlq %r14, %r13 - movq %rax, (%rdi) - movq %rdx, 8(%rdi) - movq %r8, 16(%rdi) - movq %r9, 24(%rdi) - movq %r10, 32(%rdi) - movq %r11, 40(%rdi) - movq %r12, 48(%rdi) - movq %r13, 56(%rdi) - xorq %rax, %rax - xorq %rdx, %rdx - xorq %r8, %r8 - xorq %r9, %r9 - cmpb $0x01, %r15b - movq 64(%rsi), %r14 - cmoveq %r14, %rax - movq 72(%rsi), %r14 - cmoveq %r14, %rdx - movq 80(%rsi), %r14 - cmoveq %r14, %r8 - movq 88(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $2, %r15b - movq 160(%rsi), %r14 - cmoveq %r14, %rax - movq 168(%rsi), %r14 - cmoveq %r14, %rdx - movq 176(%rsi), %r14 - cmoveq %r14, %r8 - movq 184(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $3, %r15b - movq 256(%rsi), %r14 - cmoveq %r14, %rax - movq 264(%rsi), %r14 - cmoveq %r14, %rdx - movq 272(%rsi), %r14 - cmoveq %r14, %r8 - movq 280(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $4, %r15b - movq 352(%rsi), %r14 - cmoveq %r14, %rax - movq 360(%rsi), %r14 - cmoveq %r14, %rdx - movq 368(%rsi), %r14 - cmoveq %r14, %r8 - movq 376(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $5, %r15b - movq 448(%rsi), %r14 - cmoveq %r14, %rax - movq 456(%rsi), %r14 - cmoveq %r14, %rdx - movq 464(%rsi), %r14 - cmoveq %r14, %r8 - movq 472(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $6, %r15b - movq 544(%rsi), %r14 - cmoveq %r14, %rax - movq 552(%rsi), %r14 - cmoveq %r14, %rdx - movq 560(%rsi), %r14 - cmoveq %r14, %r8 - movq 568(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $7, %r15b - movq 640(%rsi), %r14 - cmoveq %r14, %rax - movq 648(%rsi), %r14 - cmoveq %r14, %rdx - movq 656(%rsi), %r14 - cmoveq %r14, %r8 - movq 664(%rsi), %r14 - cmoveq %r14, %r9 - cmpb $8, %r15b - movq 736(%rsi), %r14 - cmoveq %r14, %rax - movq 744(%rsi), %r14 - cmoveq %r14, %rdx - movq 752(%rsi), %r14 - cmoveq %r14, %r8 - movq 760(%rsi), %r14 - cmoveq %r14, %r9 - movq $-19, %r10 - movq $-1, %r11 - movq $-1, %r12 - movq $0x7fffffffffffffff, %r13 - subq %rax, %r10 - sbbq %rdx, %r11 - sbbq %r8, %r12 - sbbq %r9, %r13 - cmpb $0x00, %cl - cmovlq %r10, %rax - cmovlq %r11, %rdx - cmovlq %r12, %r8 - cmovlq %r13, %r9 - movq %rax, 64(%rdi) - movq %rdx, 72(%rdi) - movq %r8, 80(%rdi) - movq %r9, 88(%rdi) - popq %r15 - popq %r14 - popq %r13 - popq %r12 - repz retq +#ifndef __APPLE__ + jmpq *fe_cmov_table_p(%rip) +#else + jmpq *_fe_cmov_table_p(%rip) +#endif /* __APPLE__ */ #ifndef __APPLE__ .size fe_cmov_table,.-fe_cmov_table #endif /* __APPLE__ */ @@ -1004,30 +765,6 @@ #ifndef __APPLE__ .size curve25519,.-curve25519 #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 -#ifdef HAVE_ED25519 -#ifndef __APPLE__ -.text -.globl fe_sq2 -.type fe_sq2,@function -.align 16 -fe_sq2: -#else -.section __TEXT,__text -.globl _fe_sq2 -.p2align 4 -_fe_sq2: -#endif /* __APPLE__ */ -#ifndef __APPLE__ - jmpq *fe_sq2_p(%rip) -#else - jmpq *_fe_sq2_p(%rip) -#endif /* __APPLE__ */ -#ifndef __APPLE__ -.size fe_sq2,.-fe_sq2 -#endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl fe_pow22523 @@ -1048,8 +785,6 @@ #ifndef __APPLE__ .size fe_pow22523,.-fe_pow22523 #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_p1p1_to_p2 @@ -1070,8 +805,6 @@ #ifndef __APPLE__ .size ge_p1p1_to_p2,.-ge_p1p1_to_p2 #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_p1p1_to_p3 @@ -1092,8 +825,6 @@ #ifndef __APPLE__ .size ge_p1p1_to_p3,.-ge_p1p1_to_p3 #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_p2_dbl @@ -1114,8 +845,6 @@ #ifndef __APPLE__ .size ge_p2_dbl,.-ge_p2_dbl #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_madd @@ -1136,8 +865,6 @@ #ifndef __APPLE__ .size ge_madd,.-ge_madd #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_msub @@ -1158,8 +885,6 @@ #ifndef __APPLE__ .size ge_msub,.-ge_msub #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_add @@ -1180,8 +905,6 @@ #ifndef __APPLE__ .size ge_add,.-ge_add #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl ge_sub @@ -1202,6 +925,74 @@ #ifndef __APPLE__ .size ge_sub,.-ge_sub #endif /* __APPLE__ */ +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#ifndef __APPLE__ +.text +.globl curve25519_base +.type curve25519_base,@function +.align 16 +curve25519_base: +#else +.section __TEXT,__text +.globl _curve25519_base +.p2align 4 +_curve25519_base: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + jmpq *curve25519_base_p(%rip) +#else + jmpq *_curve25519_base_p(%rip) +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.size curve25519_base,.-curve25519_base +#endif /* __APPLE__ */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ +#ifdef HAVE_ED25519 +#ifdef HAVE_ED25519 +#ifndef __APPLE__ +.text +.globl fe_sq2 +.type fe_sq2,@function +.align 16 +fe_sq2: +#else +.section __TEXT,__text +.globl _fe_sq2 +.p2align 4 +_fe_sq2: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + jmpq *fe_sq2_p(%rip) +#else + jmpq *_fe_sq2_p(%rip) +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.size fe_sq2,.-fe_sq2 +#endif /* __APPLE__ */ +#endif /* HAVE_ED25519 */ +#ifdef HAVE_ED25519 +#ifndef __APPLE__ +.text +.globl fe_invert_nct +.type fe_invert_nct,@function +.align 16 +fe_invert_nct: +#else +.section __TEXT,__text +.globl _fe_invert_nct +.p2align 4 +_fe_invert_nct: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + jmpq *fe_invert_nct_p(%rip) +#else + jmpq *_fe_invert_nct_p(%rip) +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.size fe_invert_nct,.-fe_invert_nct +#endif /* __APPLE__ */ #endif /* HAVE_ED25519 */ #ifdef HAVE_ED25519 #ifndef __APPLE__ @@ -1274,6 +1065,18 @@ #endif /* __APPLE__ */ #ifndef __APPLE__ .data +.type fe_cmov_table_p, @object +.size fe_cmov_table_p,8 +fe_cmov_table_p: + .quad fe_cmov_table_x64 +#else +.section __DATA,__data +.p2align 3 +_fe_cmov_table_p: + .quad _fe_cmov_table_x64 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.data .type fe_mul_p, @object .size fe_mul_p,8 fe_mul_p: @@ -1332,19 +1135,6 @@ _curve25519_p: .quad _curve25519_x64 #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 -#ifndef __APPLE__ -.data -.type fe_sq2_p, @object -.size fe_sq2_p,8 -fe_sq2_p: - .quad fe_sq2_x64 -#else -.section __DATA,__data -.p2align 3 -_fe_sq2_p: - .quad _fe_sq2_x64 -#endif /* __APPLE__ */ #ifndef __APPLE__ .data .type fe_pow22523_p, @object @@ -1441,6 +1231,45 @@ _ge_sub_p: .quad _ge_sub_x64 #endif /* __APPLE__ */ +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#ifndef __APPLE__ +.data +.type curve25519_base_p, @object +.size curve25519_base_p,8 +curve25519_base_p: + .quad curve25519_base_x64 +#else +.section __DATA,__data +.p2align 3 +_curve25519_base_p: + .quad _curve25519_base_x64 +#endif /* __APPLE__ */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ +#ifdef HAVE_ED25519 +#ifndef __APPLE__ +.data +.type fe_sq2_p, @object +.size fe_sq2_p,8 +fe_sq2_p: + .quad fe_sq2_x64 +#else +.section __DATA,__data +.p2align 3 +_fe_sq2_p: + .quad _fe_sq2_x64 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.data +.type fe_invert_nct_p, @object +.size fe_invert_nct_p,8 +fe_invert_nct_p: + .quad fe_invert_nct_x64 +#else +.section __DATA,__data +.p2align 3 +_fe_invert_nct_p: + .quad _fe_invert_nct_x64 +#endif /* __APPLE__ */ #ifndef __APPLE__ .data .type sc_reduce_p, @object @@ -1468,6 +1297,294 @@ #endif /* HAVE_ED25519 */ #ifndef __APPLE__ .text +.globl fe_cmov_table_x64 +.type fe_cmov_table_x64,@function +.align 16 +fe_cmov_table_x64: +#else +.section __TEXT,__text +.globl _fe_cmov_table_x64 +.p2align 4 +_fe_cmov_table_x64: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + movq %rdx, %rcx + movsbq %cl, %rax + cdq + xorb %dl, %al + subb %dl, %al + movb %al, %r15b + movq $0x01, %rax + xorq %rdx, %rdx + xorq %r8, %r8 + xorq %r9, %r9 + movq $0x01, %r10 + xorq %r11, %r11 + xorq %r12, %r12 + xorq %r13, %r13 + cmpb $0x01, %r15b + movq (%rsi), %r14 + cmoveq %r14, %rax + movq 8(%rsi), %r14 + cmoveq %r14, %rdx + movq 16(%rsi), %r14 + cmoveq %r14, %r8 + movq 24(%rsi), %r14 + cmoveq %r14, %r9 + movq 32(%rsi), %r14 + cmoveq %r14, %r10 + movq 40(%rsi), %r14 + cmoveq %r14, %r11 + movq 48(%rsi), %r14 + cmoveq %r14, %r12 + movq 56(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $2, %r15b + movq 96(%rsi), %r14 + cmoveq %r14, %rax + movq 104(%rsi), %r14 + cmoveq %r14, %rdx + movq 112(%rsi), %r14 + cmoveq %r14, %r8 + movq 120(%rsi), %r14 + cmoveq %r14, %r9 + movq 128(%rsi), %r14 + cmoveq %r14, %r10 + movq 136(%rsi), %r14 + cmoveq %r14, %r11 + movq 144(%rsi), %r14 + cmoveq %r14, %r12 + movq 152(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $3, %r15b + movq 192(%rsi), %r14 + cmoveq %r14, %rax + movq 200(%rsi), %r14 + cmoveq %r14, %rdx + movq 208(%rsi), %r14 + cmoveq %r14, %r8 + movq 216(%rsi), %r14 + cmoveq %r14, %r9 + movq 224(%rsi), %r14 + cmoveq %r14, %r10 + movq 232(%rsi), %r14 + cmoveq %r14, %r11 + movq 240(%rsi), %r14 + cmoveq %r14, %r12 + movq 248(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $4, %r15b + movq 288(%rsi), %r14 + cmoveq %r14, %rax + movq 296(%rsi), %r14 + cmoveq %r14, %rdx + movq 304(%rsi), %r14 + cmoveq %r14, %r8 + movq 312(%rsi), %r14 + cmoveq %r14, %r9 + movq 320(%rsi), %r14 + cmoveq %r14, %r10 + movq 328(%rsi), %r14 + cmoveq %r14, %r11 + movq 336(%rsi), %r14 + cmoveq %r14, %r12 + movq 344(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $5, %r15b + movq 384(%rsi), %r14 + cmoveq %r14, %rax + movq 392(%rsi), %r14 + cmoveq %r14, %rdx + movq 400(%rsi), %r14 + cmoveq %r14, %r8 + movq 408(%rsi), %r14 + cmoveq %r14, %r9 + movq 416(%rsi), %r14 + cmoveq %r14, %r10 + movq 424(%rsi), %r14 + cmoveq %r14, %r11 + movq 432(%rsi), %r14 + cmoveq %r14, %r12 + movq 440(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $6, %r15b + movq 480(%rsi), %r14 + cmoveq %r14, %rax + movq 488(%rsi), %r14 + cmoveq %r14, %rdx + movq 496(%rsi), %r14 + cmoveq %r14, %r8 + movq 504(%rsi), %r14 + cmoveq %r14, %r9 + movq 512(%rsi), %r14 + cmoveq %r14, %r10 + movq 520(%rsi), %r14 + cmoveq %r14, %r11 + movq 528(%rsi), %r14 + cmoveq %r14, %r12 + movq 536(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $7, %r15b + movq 576(%rsi), %r14 + cmoveq %r14, %rax + movq 584(%rsi), %r14 + cmoveq %r14, %rdx + movq 592(%rsi), %r14 + cmoveq %r14, %r8 + movq 600(%rsi), %r14 + cmoveq %r14, %r9 + movq 608(%rsi), %r14 + cmoveq %r14, %r10 + movq 616(%rsi), %r14 + cmoveq %r14, %r11 + movq 624(%rsi), %r14 + cmoveq %r14, %r12 + movq 632(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $8, %r15b + movq 672(%rsi), %r14 + cmoveq %r14, %rax + movq 680(%rsi), %r14 + cmoveq %r14, %rdx + movq 688(%rsi), %r14 + cmoveq %r14, %r8 + movq 696(%rsi), %r14 + cmoveq %r14, %r9 + movq 704(%rsi), %r14 + cmoveq %r14, %r10 + movq 712(%rsi), %r14 + cmoveq %r14, %r11 + movq 720(%rsi), %r14 + cmoveq %r14, %r12 + movq 728(%rsi), %r14 + cmoveq %r14, %r13 + cmpb $0x00, %cl + movq %rax, %r14 + cmovlq %r10, %rax + cmovlq %r14, %r10 + movq %rdx, %r14 + cmovlq %r11, %rdx + cmovlq %r14, %r11 + movq %r8, %r14 + cmovlq %r12, %r8 + cmovlq %r14, %r12 + movq %r9, %r14 + cmovlq %r13, %r9 + cmovlq %r14, %r13 + movq %rax, (%rdi) + movq %rdx, 8(%rdi) + movq %r8, 16(%rdi) + movq %r9, 24(%rdi) + movq %r10, 32(%rdi) + movq %r11, 40(%rdi) + movq %r12, 48(%rdi) + movq %r13, 56(%rdi) + xorq %rax, %rax + xorq %rdx, %rdx + xorq %r8, %r8 + xorq %r9, %r9 + cmpb $0x01, %r15b + movq 64(%rsi), %r14 + cmoveq %r14, %rax + movq 72(%rsi), %r14 + cmoveq %r14, %rdx + movq 80(%rsi), %r14 + cmoveq %r14, %r8 + movq 88(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $2, %r15b + movq 160(%rsi), %r14 + cmoveq %r14, %rax + movq 168(%rsi), %r14 + cmoveq %r14, %rdx + movq 176(%rsi), %r14 + cmoveq %r14, %r8 + movq 184(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $3, %r15b + movq 256(%rsi), %r14 + cmoveq %r14, %rax + movq 264(%rsi), %r14 + cmoveq %r14, %rdx + movq 272(%rsi), %r14 + cmoveq %r14, %r8 + movq 280(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $4, %r15b + movq 352(%rsi), %r14 + cmoveq %r14, %rax + movq 360(%rsi), %r14 + cmoveq %r14, %rdx + movq 368(%rsi), %r14 + cmoveq %r14, %r8 + movq 376(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $5, %r15b + movq 448(%rsi), %r14 + cmoveq %r14, %rax + movq 456(%rsi), %r14 + cmoveq %r14, %rdx + movq 464(%rsi), %r14 + cmoveq %r14, %r8 + movq 472(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $6, %r15b + movq 544(%rsi), %r14 + cmoveq %r14, %rax + movq 552(%rsi), %r14 + cmoveq %r14, %rdx + movq 560(%rsi), %r14 + cmoveq %r14, %r8 + movq 568(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $7, %r15b + movq 640(%rsi), %r14 + cmoveq %r14, %rax + movq 648(%rsi), %r14 + cmoveq %r14, %rdx + movq 656(%rsi), %r14 + cmoveq %r14, %r8 + movq 664(%rsi), %r14 + cmoveq %r14, %r9 + cmpb $8, %r15b + movq 736(%rsi), %r14 + cmoveq %r14, %rax + movq 744(%rsi), %r14 + cmoveq %r14, %rdx + movq 752(%rsi), %r14 + cmoveq %r14, %r8 + movq 760(%rsi), %r14 + cmoveq %r14, %r9 + movq $-19, %r10 + movq $-1, %r11 + movq $-1, %r12 + movq $0x7fffffffffffffff, %r13 + subq %rax, %r10 + sbbq %rdx, %r11 + sbbq %r8, %r12 + sbbq %r9, %r13 + cmpb $0x00, %cl + cmovlq %r10, %rax + cmovlq %r11, %rdx + cmovlq %r12, %r8 + cmovlq %r13, %r9 + movq %rax, 64(%rdi) + movq %rdx, 72(%rdi) + movq %r8, 80(%rdi) + movq %r9, 88(%rdi) + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size fe_cmov_table_x64,.-fe_cmov_table_x64 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text .globl fe_mul_x64 .type fe_mul_x64,@function .align 16 @@ -2214,6 +2331,2332 @@ movq 128(%rsp), %rdi addq $0x90, %rsp repz retq +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.align 32 +#else +.p2align 5 +#endif /* __APPLE__ */ +L_curve25519_base_x64_x2: +.quad 0x5cae469cdd684efb, 0x8f3f5ced1e350b5c +.quad 0xd9750c687d157114, 0x20d342d51873f1b7 +#ifndef __APPLE__ +.text +.globl curve25519_base_x64 +.type curve25519_base_x64,@function +.align 16 +curve25519_base_x64: +#else +.section __TEXT,__text +.globl _curve25519_base_x64 +.p2align 4 +_curve25519_base_x64: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + pushq %rbx + pushq %rbp + subq $0xa8, %rsp + xorq %r15, %r15 + movq %rdi, 160(%rsp) + # Set base point x + movq $9, (%rdi) + movq $0x00, 8(%rdi) + movq $0x00, 16(%rdi) + movq $0x00, 24(%rdi) + # Set one + movq $0x01, (%rsp) + movq $0x00, 8(%rsp) + movq $0x00, 16(%rsp) + movq $0x00, 24(%rsp) + movq 0+L_curve25519_base_x64_x2(%rip), %rcx + movq 8+L_curve25519_base_x64_x2(%rip), %r8 + movq 16+L_curve25519_base_x64_x2(%rip), %r9 + movq 24+L_curve25519_base_x64_x2(%rip), %r10 + # Set one + movq $0x01, 32(%rsp) + movq $0x00, 40(%rsp) + movq $0x00, 48(%rsp) + movq $0x00, 56(%rsp) + movq %rcx, 64(%rsp) + movq %r8, 72(%rsp) + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + movq $0xfd, %rbp +L_curve25519_base_x64_bits: + movq %rbp, %r8 + movq %rbp, %rcx + andq $63, %rcx + shrq $6, %r8 + movq (%rsi,%r8,8), %rbx + shrq %cl, %rbx + andq $0x01, %rbx + xorq %rbx, %r15 + negq %r15 + # Conditional Swap + movq (%rdi), %rcx + movq 8(%rdi), %r8 + movq 16(%rdi), %r9 + movq 24(%rdi), %r10 + movq (%rsp), %r11 + movq 8(%rsp), %r12 + movq 16(%rsp), %r13 + movq 24(%rsp), %r14 + xorq 64(%rsp), %rcx + xorq 72(%rsp), %r8 + xorq 80(%rsp), %r9 + xorq 88(%rsp), %r10 + xorq 32(%rsp), %r11 + xorq 40(%rsp), %r12 + xorq 48(%rsp), %r13 + xorq 56(%rsp), %r14 + andq %r15, %rcx + andq %r15, %r8 + andq %r15, %r9 + andq %r15, %r10 + andq %r15, %r11 + andq %r15, %r12 + andq %r15, %r13 + andq %r15, %r14 + xorq %rcx, (%rdi) + xorq %r8, 8(%rdi) + xorq %r9, 16(%rdi) + xorq %r10, 24(%rdi) + xorq %r11, (%rsp) + xorq %r12, 8(%rsp) + xorq %r13, 16(%rsp) + xorq %r14, 24(%rsp) + xorq %rcx, 64(%rsp) + xorq %r8, 72(%rsp) + xorq %r9, 80(%rsp) + xorq %r10, 88(%rsp) + xorq %r11, 32(%rsp) + xorq %r12, 40(%rsp) + xorq %r13, 48(%rsp) + xorq %r14, 56(%rsp) + movq %rbx, %r15 + # Add-Sub + # Add + movq (%rdi), %rcx + movq 8(%rdi), %r8 + movq 16(%rdi), %r9 + movq 24(%rdi), %r10 + movq %rcx, %r11 + addq (%rsp), %rcx + movq %r8, %r12 + adcq 8(%rsp), %r8 + movq %r9, %r13 + adcq 16(%rsp), %r9 + movq %r10, %r14 + adcq 24(%rsp), %r10 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r10, %rbx + imulq $19, %rbx + btr $63, %r10 + # Sub modulus (if overflow) + addq %rbx, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Sub + subq (%rsp), %r11 + sbbq 8(%rsp), %r12 + sbbq 16(%rsp), %r13 + sbbq 24(%rsp), %r14 + sbbq %rbx, %rbx + shldq $0x01, %r14, %rbx + imulq $-19, %rbx + btr $63, %r14 + # Add modulus (if underflow) + subq %rbx, %r11 + sbbq $0x00, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + movq %r11, 128(%rsp) + movq %r12, 136(%rsp) + movq %r13, 144(%rsp) + movq %r14, 152(%rsp) + # Add-Sub + # Add + movq 64(%rsp), %rcx + movq 72(%rsp), %r8 + movq 80(%rsp), %r9 + movq 88(%rsp), %r10 + movq %rcx, %r11 + addq 32(%rsp), %rcx + movq %r8, %r12 + adcq 40(%rsp), %r8 + movq %r9, %r13 + adcq 48(%rsp), %r9 + movq %r10, %r14 + adcq 56(%rsp), %r10 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r10, %rbx + imulq $19, %rbx + btr $63, %r10 + # Sub modulus (if overflow) + addq %rbx, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Sub + subq 32(%rsp), %r11 + sbbq 40(%rsp), %r12 + sbbq 48(%rsp), %r13 + sbbq 56(%rsp), %r14 + sbbq %rbx, %rbx + shldq $0x01, %r14, %rbx + imulq $-19, %rbx + btr $63, %r14 + # Add modulus (if underflow) + subq %rbx, %r11 + sbbq $0x00, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + movq %rcx, 32(%rsp) + movq %r8, 40(%rsp) + movq %r9, 48(%rsp) + movq %r10, 56(%rsp) + movq %r11, 96(%rsp) + movq %r12, 104(%rsp) + movq %r13, 112(%rsp) + movq %r14, 120(%rsp) + # Multiply + # A[0] * B[0] + movq 128(%rsp), %rax + mulq 32(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 136(%rsp), %rax + mulq 32(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq 128(%rsp), %rax + mulq 40(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 144(%rsp), %rax + mulq 32(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 136(%rsp), %rax + mulq 40(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq 128(%rsp), %rax + mulq 48(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 152(%rsp), %rax + mulq 32(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 144(%rsp), %rax + mulq 40(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 136(%rsp), %rax + mulq 48(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq 128(%rsp), %rax + mulq 56(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 152(%rsp), %rax + mulq 40(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 144(%rsp), %rax + mulq 48(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 136(%rsp), %rax + mulq 56(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 152(%rsp), %rax + mulq 48(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 144(%rsp), %rax + mulq 56(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 152(%rsp), %rax + mulq 56(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 32(%rsp) + movq %r8, 40(%rsp) + movq %r9, 48(%rsp) + movq %r10, 56(%rsp) + # Multiply + # A[0] * B[0] + movq (%rdi), %rax + mulq 96(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 8(%rdi), %rax + mulq 96(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq (%rdi), %rax + mulq 104(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 16(%rdi), %rax + mulq 96(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 8(%rdi), %rax + mulq 104(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq (%rdi), %rax + mulq 112(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 24(%rdi), %rax + mulq 96(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 16(%rdi), %rax + mulq 104(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 8(%rdi), %rax + mulq 112(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq (%rdi), %rax + mulq 120(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 24(%rdi), %rax + mulq 104(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 16(%rdi), %rax + mulq 112(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 8(%rdi), %rax + mulq 120(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 24(%rdi), %rax + mulq 112(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 16(%rdi), %rax + mulq 120(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 24(%rdi), %rax + mulq 120(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, (%rsp) + movq %r8, 8(%rsp) + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) + # Square + # A[0] * A[1] + movq 128(%rsp), %rax + mulq 136(%rsp) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq 128(%rsp), %rax + mulq 144(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq 128(%rsp), %rax + mulq 152(%rsp) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 136(%rsp), %rax + mulq 144(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 136(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 144(%rsp), %rax + mulq 152(%rsp) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq 128(%rsp), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 136(%rsp), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 144(%rsp), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 152(%rsp), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 96(%rsp) + movq %r8, 104(%rsp) + movq %r9, 112(%rsp) + movq %r10, 120(%rsp) + # Square + # A[0] * A[1] + movq (%rdi), %rax + mulq 8(%rdi) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq (%rdi), %rax + mulq 16(%rdi) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq (%rdi), %rax + mulq 24(%rdi) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 8(%rdi), %rax + mulq 16(%rdi) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 8(%rdi), %rax + mulq 24(%rdi) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 16(%rdi), %rax + mulq 24(%rdi) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq (%rdi), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 8(%rdi), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 16(%rdi), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 24(%rdi), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 128(%rsp) + movq %r8, 136(%rsp) + movq %r9, 144(%rsp) + movq %r10, 152(%rsp) + # Add-Sub + # Add + movq (%rsp), %rcx + movq 8(%rsp), %r8 + movq 16(%rsp), %r9 + movq 24(%rsp), %r10 + movq %rcx, %r11 + addq 32(%rsp), %rcx + movq %r8, %r12 + adcq 40(%rsp), %r8 + movq %r9, %r13 + adcq 48(%rsp), %r9 + movq %r10, %r14 + adcq 56(%rsp), %r10 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r10, %rbx + imulq $19, %rbx + btr $63, %r10 + # Sub modulus (if overflow) + addq %rbx, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Sub + subq 32(%rsp), %r11 + sbbq 40(%rsp), %r12 + sbbq 48(%rsp), %r13 + sbbq 56(%rsp), %r14 + sbbq %rbx, %rbx + shldq $0x01, %r14, %rbx + imulq $-19, %rbx + btr $63, %r14 + # Add modulus (if underflow) + subq %rbx, %r11 + sbbq $0x00, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + movq %rcx, 64(%rsp) + movq %r8, 72(%rsp) + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + movq %r11, 32(%rsp) + movq %r12, 40(%rsp) + movq %r13, 48(%rsp) + movq %r14, 56(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + # Sub + movq 128(%rsp), %rcx + movq 136(%rsp), %r8 + movq 144(%rsp), %r9 + movq 152(%rsp), %r10 + subq 96(%rsp), %rcx + sbbq 104(%rsp), %r8 + sbbq 112(%rsp), %r9 + sbbq 120(%rsp), %r10 + sbbq %rbx, %rbx + shldq $0x01, %r10, %rbx + imulq $-19, %rbx + btr $63, %r10 + # Add modulus (if underflow) + subq %rbx, %rcx + sbbq $0x00, %r8 + sbbq $0x00, %r9 + sbbq $0x00, %r10 + movq %rcx, 128(%rsp) + movq %r8, 136(%rsp) + movq %r9, 144(%rsp) + movq %r10, 152(%rsp) + # Square + # A[0] * A[1] + movq 32(%rsp), %rax + mulq 40(%rsp) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq 32(%rsp), %rax + mulq 48(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq 32(%rsp), %rax + mulq 56(%rsp) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 40(%rsp), %rax + mulq 48(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 40(%rsp), %rax + mulq 56(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 48(%rsp), %rax + mulq 56(%rsp) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq 32(%rsp), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 40(%rsp), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 48(%rsp), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 56(%rsp), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 32(%rsp) + movq %r8, 40(%rsp) + movq %r9, 48(%rsp) + movq %r10, 56(%rsp) + # Square + # A[0] * A[1] + movq 64(%rsp), %rax + mulq 72(%rsp) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq 64(%rsp), %rax + mulq 80(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq 64(%rsp), %rax + mulq 88(%rsp) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 72(%rsp), %rax + mulq 80(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 72(%rsp), %rax + mulq 88(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 80(%rsp), %rax + mulq 88(%rsp) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq 64(%rsp), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 72(%rsp), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 80(%rsp), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 88(%rsp), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 64(%rsp) + movq %r8, 72(%rsp) + movq %r9, 80(%rsp) + movq %r10, 88(%rsp) + # Multiply by 121666 + movq $0x1db42, %rax + mulq 128(%rsp) + xorq %r9, %r9 + movq %rax, %rcx + movq %rdx, %r8 + movq $0x1db42, %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + movq $0x1db42, %rax + mulq 144(%rsp) + xorq %r12, %r12 + addq %rax, %r9 + adcq %rdx, %r10 + movq $0x1db42, %rax + mulq 152(%rsp) + movq $0x7fffffffffffffff, %r11 + addq %rax, %r10 + adcq %rdx, %r12 + addq 96(%rsp), %rcx + adcq 104(%rsp), %r8 + adcq 112(%rsp), %r9 + adcq 120(%rsp), %r10 + adcq $0x00, %r12 + shldq $0x01, %r10, %r12 + andq %r11, %r10 + movq $19, %rax + mulq %r12 + addq %rax, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + movq %rcx, 96(%rsp) + movq %r8, 104(%rsp) + movq %r9, 112(%rsp) + movq %r10, 120(%rsp) + # Multiply by 9 + movq $9, %rax + mulq 32(%rsp) + xorq %r9, %r9 + movq %rax, %rcx + movq %rdx, %r8 + movq $9, %rax + mulq 40(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + movq $9, %rax + mulq 48(%rsp) + xorq %r12, %r12 + addq %rax, %r9 + adcq %rdx, %r10 + movq $9, %rax + mulq 56(%rsp) + movq $0x7fffffffffffffff, %r11 + addq %rax, %r10 + adcq %rdx, %r12 + shldq $0x01, %r10, %r12 + andq %r11, %r10 + movq $19, %rax + mulq %r12 + addq %rax, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + movq %rcx, 32(%rsp) + movq %r8, 40(%rsp) + movq %r9, 48(%rsp) + movq %r10, 56(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, (%rsp) + movq %r8, 8(%rsp) + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) + decq %rbp + cmpq $3, %rbp + jge L_curve25519_base_x64_bits + negq %r15 + # Conditional Swap + movq (%rdi), %rcx + movq 8(%rdi), %r8 + movq 16(%rdi), %r9 + movq 24(%rdi), %r10 + movq (%rsp), %r11 + movq 8(%rsp), %r12 + movq 16(%rsp), %r13 + movq 24(%rsp), %r14 + xorq 64(%rsp), %rcx + xorq 72(%rsp), %r8 + xorq 80(%rsp), %r9 + xorq 88(%rsp), %r10 + xorq 32(%rsp), %r11 + xorq 40(%rsp), %r12 + xorq 48(%rsp), %r13 + xorq 56(%rsp), %r14 + andq %r15, %rcx + andq %r15, %r8 + andq %r15, %r9 + andq %r15, %r10 + andq %r15, %r11 + andq %r15, %r12 + andq %r15, %r13 + andq %r15, %r14 + xorq %rcx, (%rdi) + xorq %r8, 8(%rdi) + xorq %r9, 16(%rdi) + xorq %r10, 24(%rdi) + xorq %r11, (%rsp) + xorq %r12, 8(%rsp) + xorq %r13, 16(%rsp) + xorq %r14, 24(%rsp) + xorq %rcx, 64(%rsp) + xorq %r8, 72(%rsp) + xorq %r9, 80(%rsp) + xorq %r10, 88(%rsp) + xorq %r11, 32(%rsp) + xorq %r12, 40(%rsp) + xorq %r13, 48(%rsp) + xorq %r14, 56(%rsp) +L_curve25519_base_x64_3: + # Add-Sub + # Add + movq (%rdi), %rcx + movq 8(%rdi), %r8 + movq 16(%rdi), %r9 + movq 24(%rdi), %r10 + movq %rcx, %r11 + addq (%rsp), %rcx + movq %r8, %r12 + adcq 8(%rsp), %r8 + movq %r9, %r13 + adcq 16(%rsp), %r9 + movq %r10, %r14 + adcq 24(%rsp), %r10 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r10, %rbx + imulq $19, %rbx + btr $63, %r10 + # Sub modulus (if overflow) + addq %rbx, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Sub + subq (%rsp), %r11 + sbbq 8(%rsp), %r12 + sbbq 16(%rsp), %r13 + sbbq 24(%rsp), %r14 + sbbq %rbx, %rbx + shldq $0x01, %r14, %rbx + imulq $-19, %rbx + btr $63, %r14 + # Add modulus (if underflow) + subq %rbx, %r11 + sbbq $0x00, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + movq %r11, 128(%rsp) + movq %r12, 136(%rsp) + movq %r13, 144(%rsp) + movq %r14, 152(%rsp) + # Square + # A[0] * A[1] + movq 128(%rsp), %rax + mulq 136(%rsp) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq 128(%rsp), %rax + mulq 144(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq 128(%rsp), %rax + mulq 152(%rsp) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 136(%rsp), %rax + mulq 144(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 136(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 144(%rsp), %rax + mulq 152(%rsp) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq 128(%rsp), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 136(%rsp), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 144(%rsp), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 152(%rsp), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 96(%rsp) + movq %r8, 104(%rsp) + movq %r9, 112(%rsp) + movq %r10, 120(%rsp) + # Square + # A[0] * A[1] + movq (%rdi), %rax + mulq 8(%rdi) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq (%rdi), %rax + mulq 16(%rdi) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq (%rdi), %rax + mulq 24(%rdi) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 8(%rdi), %rax + mulq 16(%rdi) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 8(%rdi), %rax + mulq 24(%rdi) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 16(%rdi), %rax + mulq 24(%rdi) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq (%rdi), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbx + # A[1] * A[1] + movq 8(%rdi), %rax + mulq %rax + addq %rbx, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[2] * A[2] + movq 16(%rdi), %rax + mulq %rax + addq %rbx, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %rbx + # A[3] * A[3] + movq 24(%rdi), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %rbx, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, 128(%rsp) + movq %r8, 136(%rsp) + movq %r9, 144(%rsp) + movq %r10, 152(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + # Sub + movq 128(%rsp), %rcx + movq 136(%rsp), %r8 + movq 144(%rsp), %r9 + movq 152(%rsp), %r10 + subq 96(%rsp), %rcx + sbbq 104(%rsp), %r8 + sbbq 112(%rsp), %r9 + sbbq 120(%rsp), %r10 + sbbq %rbx, %rbx + shldq $0x01, %r10, %rbx + imulq $-19, %rbx + btr $63, %r10 + # Add modulus (if underflow) + subq %rbx, %rcx + sbbq $0x00, %r8 + sbbq $0x00, %r9 + sbbq $0x00, %r10 + movq %rcx, 128(%rsp) + movq %r8, 136(%rsp) + movq %r9, 144(%rsp) + movq %r10, 152(%rsp) + # Multiply by 121666 + movq $0x1db42, %rax + mulq 128(%rsp) + xorq %r9, %r9 + movq %rax, %rcx + movq %rdx, %r8 + movq $0x1db42, %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + movq $0x1db42, %rax + mulq 144(%rsp) + xorq %r12, %r12 + addq %rax, %r9 + adcq %rdx, %r10 + movq $0x1db42, %rax + mulq 152(%rsp) + movq $0x7fffffffffffffff, %r11 + addq %rax, %r10 + adcq %rdx, %r12 + addq 96(%rsp), %rcx + adcq 104(%rsp), %r8 + adcq 112(%rsp), %r9 + adcq 120(%rsp), %r10 + adcq $0x00, %r12 + shldq $0x01, %r10, %r12 + andq %r11, %r10 + movq $19, %rax + mulq %r12 + addq %rax, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + movq %rcx, 96(%rsp) + movq %r8, 104(%rsp) + movq %r9, 112(%rsp) + movq %r10, 120(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + # Store + movq %rcx, (%rsp) + movq %r8, 8(%rsp) + movq %r9, 16(%rsp) + movq %r10, 24(%rsp) + decq %rbp + jge L_curve25519_base_x64_3 + # Invert + leaq 32(%rsp), %rdi + movq %rsp, %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 32(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + movq %rsp, %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 32(%rsp), %rdi + leaq 32(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 32(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $4, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $9, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 128(%rsp), %rsi + movq $19, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 128(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $9, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $49, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 128(%rsp), %rsi + movq $0x63, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 128(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $49, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_x64@plt +#else + callq _fe_sq_x64 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi + movq $4, %rdx +#ifndef __APPLE__ + callq fe_sq_n_x64@plt +#else + callq _fe_sq_n_x64 +#endif /* __APPLE__ */ + movq %rsp, %rdi + leaq 64(%rsp), %rsi + leaq 32(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_x64@plt +#else + callq _fe_mul_x64 +#endif /* __APPLE__ */ + movq 160(%rsp), %rdi + # Multiply + # A[0] * B[0] + movq (%rsp), %rax + mulq (%rdi) + movq %rax, %rcx + movq %rdx, %r8 + # A[0] * B[1] + movq 8(%rsp), %rax + mulq (%rdi) + xorq %r9, %r9 + addq %rax, %r8 + adcq %rdx, %r9 + # A[1] * B[0] + movq (%rsp), %rax + mulq 8(%rdi) + xorq %r10, %r10 + addq %rax, %r8 + adcq %rdx, %r9 + adcq $0x00, %r10 + # A[0] * B[2] + movq 16(%rsp), %rax + mulq (%rdi) + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[1] + movq 8(%rsp), %rax + mulq 8(%rdi) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[2] * B[0] + movq (%rsp), %rax + mulq 16(%rdi) + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[3] + movq 24(%rsp), %rax + mulq (%rdi) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[2] + movq 16(%rsp), %rax + mulq 8(%rdi) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[1] + movq 8(%rsp), %rax + mulq 16(%rdi) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[3] * B[0] + movq (%rsp), %rax + mulq 24(%rdi) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * B[3] + movq 24(%rsp), %rax + mulq 8(%rdi) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[2] + movq 16(%rsp), %rax + mulq 16(%rdi) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[1] + movq 8(%rsp), %rax + mulq 24(%rdi) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[3] + movq 24(%rsp), %rax + mulq 16(%rdi) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[2] + movq 16(%rsp), %rax + mulq 24(%rdi) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[3] + movq 24(%rsp), %rax + mulq 24(%rdi) + addq %rax, %r13 + adcq %rdx, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %rbx, %r10 + movq %rdx, %rbx + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %rbx, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + movq $0x7fffffffffffffff, %rbx + movq %r10, %rax + sarq $63, %rax + andq $19, %rax + andq %rbx, %r10 + addq %rax, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + movq $0x7fffffffffffffff, %rax + movq %rcx, %rdx + addq $19, %rdx + movq %r8, %rdx + adcq $0x00, %rdx + movq %r9, %rdx + adcq $0x00, %rdx + movq %r10, %rdx + adcq $0x00, %rdx + sarq $63, %rdx + andq $19, %rdx + andq %rax, %r10 + addq %rdx, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Store + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + xorq %rax, %rax + addq $0xa8, %rsp + popq %rbp + popq %rbx + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size curve25519_base_x64,.-curve25519_base_x64 +#endif /* __APPLE__ */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ #ifndef __APPLE__ .text .globl curve25519_x64 @@ -2276,43 +4719,42 @@ movq 8(%rdi), %r9 movq 16(%rdi), %r10 movq 24(%rdi), %r11 + movq (%rsp), %r12 + movq 8(%rsp), %r13 + movq 16(%rsp), %r14 + movq 24(%rsp), %r15 xorq 64(%rsp), %rcx xorq 72(%rsp), %r9 xorq 80(%rsp), %r10 xorq 88(%rsp), %r11 + xorq 32(%rsp), %r12 + xorq 40(%rsp), %r13 + xorq 48(%rsp), %r14 + xorq 56(%rsp), %r15 andq %rbx, %rcx andq %rbx, %r9 andq %rbx, %r10 andq %rbx, %r11 + andq %rbx, %r12 + andq %rbx, %r13 + andq %rbx, %r14 + andq %rbx, %r15 xorq %rcx, (%rdi) xorq %r9, 8(%rdi) xorq %r10, 16(%rdi) xorq %r11, 24(%rdi) + xorq %r12, (%rsp) + xorq %r13, 8(%rsp) + xorq %r14, 16(%rsp) + xorq %r15, 24(%rsp) xorq %rcx, 64(%rsp) xorq %r9, 72(%rsp) xorq %r10, 80(%rsp) xorq %r11, 88(%rsp) - # Conditional Swap - movq (%rsp), %rcx - movq 8(%rsp), %r9 - movq 16(%rsp), %r10 - movq 24(%rsp), %r11 - xorq 32(%rsp), %rcx - xorq 40(%rsp), %r9 - xorq 48(%rsp), %r10 - xorq 56(%rsp), %r11 - andq %rbx, %rcx - andq %rbx, %r9 - andq %rbx, %r10 - andq %rbx, %r11 - xorq %rcx, (%rsp) - xorq %r9, 8(%rsp) - xorq %r10, 16(%rsp) - xorq %r11, 24(%rsp) - xorq %rcx, 32(%rsp) - xorq %r9, 40(%rsp) - xorq %r10, 48(%rsp) - xorq %r11, 56(%rsp) + xorq %r12, 32(%rsp) + xorq %r13, 40(%rsp) + xorq %r14, 48(%rsp) + xorq %r15, 56(%rsp) movq %rbp, %rbx # Add-Sub # Add @@ -2328,14 +4770,13 @@ adcq 16(%rsp), %r10 movq %r11, %r15 adcq 24(%rsp), %r11 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r11, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r11 + movq $0x00, %rbp + adcq $0x00, %rbp + shldq $0x01, %r11, %rbp + imulq $19, %rbp + btr $63, %r11 # Sub modulus (if overflow) - addq %rax, %rcx + addq %rbp, %rcx adcq $0x00, %r9 adcq $0x00, %r10 adcq $0x00, %r11 @@ -2344,12 +4785,12 @@ sbbq 8(%rsp), %r13 sbbq 16(%rsp), %r14 sbbq 24(%rsp), %r15 - sbbq %rax, %rax - shldq $0x01, %r15, %rax - imulq $-19, %rax - andq %rdx, %r15 + sbbq %rbp, %rbp + shldq $0x01, %r15, %rbp + imulq $-19, %rbp + btr $63, %r15 # Add modulus (if underflow) - subq %rax, %r12 + subq %rbp, %r12 sbbq $0x00, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 @@ -2375,14 +4816,13 @@ adcq 48(%rsp), %r10 movq %r11, %r15 adcq 56(%rsp), %r11 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r11, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r11 + movq $0x00, %rbp + adcq $0x00, %rbp + shldq $0x01, %r11, %rbp + imulq $19, %rbp + btr $63, %r11 # Sub modulus (if overflow) - addq %rax, %rcx + addq %rbp, %rcx adcq $0x00, %r9 adcq $0x00, %r10 adcq $0x00, %r11 @@ -2391,12 +4831,12 @@ sbbq 40(%rsp), %r13 sbbq 48(%rsp), %r14 sbbq 56(%rsp), %r15 - sbbq %rax, %rax - shldq $0x01, %r15, %rax - imulq $-19, %rax - andq %rdx, %r15 + sbbq %rbp, %rbp + shldq $0x01, %r15, %rbp + imulq $-19, %rbp + btr $63, %r15 # Add modulus (if underflow) - subq %rax, %r12 + subq %rbp, %r12 sbbq $0x00, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 @@ -2896,14 +5336,13 @@ adcq 48(%rsp), %r10 movq %r11, %r15 adcq 56(%rsp), %r11 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r11, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r11 + movq $0x00, %rbp + adcq $0x00, %rbp + shldq $0x01, %r11, %rbp + imulq $19, %rbp + btr $63, %r11 # Sub modulus (if overflow) - addq %rax, %rcx + addq %rbp, %rcx adcq $0x00, %r9 adcq $0x00, %r10 adcq $0x00, %r11 @@ -2912,12 +5351,12 @@ sbbq 40(%rsp), %r13 sbbq 48(%rsp), %r14 sbbq 56(%rsp), %r15 - sbbq %rax, %rax - shldq $0x01, %r15, %rax - imulq $-19, %rax - andq %rdx, %r15 + sbbq %rbp, %rbp + shldq $0x01, %r15, %rbp + imulq $-19, %rbp + btr $63, %r15 # Add modulus (if underflow) - subq %rax, %r12 + subq %rbp, %r12 sbbq $0x00, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 @@ -3070,13 +5509,12 @@ sbbq 104(%rsp), %r9 sbbq 112(%rsp), %r10 sbbq 120(%rsp), %r11 - sbbq %rax, %rax - shldq $0x01, %r11, %rax - movq $0x7fffffffffffffff, %rdx - imulq $-19, %rax - andq %rdx, %r11 + sbbq %rbp, %rbp + shldq $0x01, %r11, %rbp + imulq $-19, %rbp + btr $63, %r11 # Add modulus (if underflow) - subq %rax, %rcx + subq %rbp, %rcx sbbq $0x00, %r9 sbbq $0x00, %r10 sbbq $0x00, %r11 @@ -3189,39 +5627,6 @@ movq %r9, 40(%rsp) movq %r10, 48(%rsp) movq %r11, 56(%rsp) - # Multiply by 121666 - movq $0x1db42, %rax - mulq 128(%rsp) - xorq %r10, %r10 - movq %rax, %rcx - movq %rdx, %r9 - movq $0x1db42, %rax - mulq 136(%rsp) - xorq %r11, %r11 - addq %rax, %r9 - adcq %rdx, %r10 - movq $0x1db42, %rax - mulq 144(%rsp) - xorq %r13, %r13 - addq %rax, %r10 - adcq %rdx, %r11 - movq $0x1db42, %rax - mulq 152(%rsp) - movq $0x7fffffffffffffff, %r12 - addq %rax, %r11 - adcq %rdx, %r13 - shldq $0x01, %r11, %r13 - andq %r12, %r11 - movq $19, %rax - mulq %r13 - addq %rax, %rcx - adcq $0x00, %r9 - adcq $0x00, %r10 - adcq $0x00, %r11 - movq %rcx, (%rsp) - movq %r9, 8(%rsp) - movq %r10, 16(%rsp) - movq %r11, 24(%rsp) # Square # A[0] * A[1] movq 64(%rsp), %rax @@ -3327,22 +5732,36 @@ movq %r9, 72(%rsp) movq %r10, 80(%rsp) movq %r11, 88(%rsp) - # Add - movq 96(%rsp), %rcx - movq 104(%rsp), %r9 - addq (%rsp), %rcx - movq 112(%rsp), %r10 - adcq 8(%rsp), %r9 - movq 120(%rsp), %r11 - adcq 16(%rsp), %r10 - adcq 24(%rsp), %r11 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r11, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r11 - # Sub modulus (if overflow) + # Multiply by 121666 + movq $0x1db42, %rax + mulq 128(%rsp) + xorq %r10, %r10 + movq %rax, %rcx + movq %rdx, %r9 + movq $0x1db42, %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + movq $0x1db42, %rax + mulq 144(%rsp) + xorq %r13, %r13 + addq %rax, %r10 + adcq %rdx, %r11 + movq $0x1db42, %rax + mulq 152(%rsp) + movq $0x7fffffffffffffff, %r12 + addq %rax, %r11 + adcq %rdx, %r13 + addq 96(%rsp), %rcx + adcq 104(%rsp), %r9 + adcq 112(%rsp), %r10 + adcq 120(%rsp), %r11 + adcq $0x00, %r13 + shldq $0x01, %r11, %r13 + andq %r12, %r11 + movq $19, %rax + mulq %r13 addq %rax, %rcx adcq $0x00, %r9 adcq $0x00, %r10 @@ -3617,7 +6036,634 @@ movq %r11, 24(%rsp) movq 160(%rsp), %r9 decq %r9 + cmpq $3, %r9 jge L_curve25519_x64_bits + movq $2, 160(%rsp) + negq %rbx + # Conditional Swap + movq (%rdi), %rcx + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq (%rsp), %r12 + movq 8(%rsp), %r13 + movq 16(%rsp), %r14 + movq 24(%rsp), %r15 + xorq 64(%rsp), %rcx + xorq 72(%rsp), %r9 + xorq 80(%rsp), %r10 + xorq 88(%rsp), %r11 + xorq 32(%rsp), %r12 + xorq 40(%rsp), %r13 + xorq 48(%rsp), %r14 + xorq 56(%rsp), %r15 + andq %rbx, %rcx + andq %rbx, %r9 + andq %rbx, %r10 + andq %rbx, %r11 + andq %rbx, %r12 + andq %rbx, %r13 + andq %rbx, %r14 + andq %rbx, %r15 + xorq %rcx, (%rdi) + xorq %r9, 8(%rdi) + xorq %r10, 16(%rdi) + xorq %r11, 24(%rdi) + xorq %r12, (%rsp) + xorq %r13, 8(%rsp) + xorq %r14, 16(%rsp) + xorq %r15, 24(%rsp) + xorq %rcx, 64(%rsp) + xorq %r9, 72(%rsp) + xorq %r10, 80(%rsp) + xorq %r11, 88(%rsp) + xorq %r12, 32(%rsp) + xorq %r13, 40(%rsp) + xorq %r14, 48(%rsp) + xorq %r15, 56(%rsp) +L_curve25519_x64_3: + # Add-Sub + # Add + movq (%rdi), %rcx + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq %rcx, %r12 + addq (%rsp), %rcx + movq %r9, %r13 + adcq 8(%rsp), %r9 + movq %r10, %r14 + adcq 16(%rsp), %r10 + movq %r11, %r15 + adcq 24(%rsp), %r11 + movq $0x00, %rbp + adcq $0x00, %rbp + shldq $0x01, %r11, %rbp + imulq $19, %rbp + btr $63, %r11 + # Sub modulus (if overflow) + addq %rbp, %rcx + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Sub + subq (%rsp), %r12 + sbbq 8(%rsp), %r13 + sbbq 16(%rsp), %r14 + sbbq 24(%rsp), %r15 + sbbq %rbp, %rbp + shldq $0x01, %r15, %rbp + imulq $-19, %rbp + btr $63, %r15 + # Add modulus (if underflow) + subq %rbp, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + movq %rcx, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + movq %r12, 128(%rsp) + movq %r13, 136(%rsp) + movq %r14, 144(%rsp) + movq %r15, 152(%rsp) + # Square + # A[0] * A[1] + movq 128(%rsp), %rax + mulq 136(%rsp) + movq %rax, %r9 + movq %rdx, %r10 + # A[0] * A[2] + movq 128(%rsp), %rax + mulq 144(%rsp) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[0] * A[3] + movq 128(%rsp), %rax + mulq 152(%rsp) + xorq %r12, %r12 + addq %rax, %r11 + adcq %rdx, %r12 + # A[1] * A[2] + movq 136(%rsp), %rax + mulq 144(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * A[3] + movq 136(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + # A[2] * A[3] + movq 144(%rsp), %rax + mulq 152(%rsp) + xorq %r14, %r14 + addq %rax, %r13 + adcq %rdx, %r14 + # Double + xorq %r15, %r15 + addq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq %r14, %r14 + adcq $0x00, %r15 + # A[0] * A[0] + movq 128(%rsp), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbp + # A[1] * A[1] + movq 136(%rsp), %rax + mulq %rax + addq %rbp, %r9 + adcq %rax, %r10 + adcq $0x00, %rdx + movq %rdx, %rbp + # A[2] * A[2] + movq 144(%rsp), %rax + mulq %rax + addq %rbp, %r11 + adcq %rax, %r12 + adcq $0x00, %rdx + movq %rdx, %rbp + # A[3] * A[3] + movq 152(%rsp), %rax + mulq %rax + addq %rax, %r14 + adcq %rdx, %r15 + addq %rbp, %r13 + adcq $0x00, %r14 + adcq $0x00, %r15 + movq $38, %rax + mulq %r15 + addq %rax, %r11 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbp + shldq $0x01, %r11, %rdx + imulq $19, %rdx, %rdx + andq %rbp, %r11 + movq %rdx, %rbp + movq $38, %rax + mulq %r12 + xorq %r12, %r12 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + movq $38, %rax + adcq %rdx, %r13 + mulq %r14 + xorq %r14, %r14 + addq %rax, %r10 + adcq %rdx, %r14 + addq %rbp, %rcx + adcq %r12, %r9 + adcq %r13, %r10 + adcq %r14, %r11 + # Store + movq %rcx, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + # Square + # A[0] * A[1] + movq (%rdi), %rax + mulq 8(%rdi) + movq %rax, %r9 + movq %rdx, %r10 + # A[0] * A[2] + movq (%rdi), %rax + mulq 16(%rdi) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[0] * A[3] + movq (%rdi), %rax + mulq 24(%rdi) + xorq %r12, %r12 + addq %rax, %r11 + adcq %rdx, %r12 + # A[1] * A[2] + movq 8(%rdi), %rax + mulq 16(%rdi) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * A[3] + movq 8(%rdi), %rax + mulq 24(%rdi) + addq %rax, %r12 + adcq %rdx, %r13 + # A[2] * A[3] + movq 16(%rdi), %rax + mulq 24(%rdi) + xorq %r14, %r14 + addq %rax, %r13 + adcq %rdx, %r14 + # Double + xorq %r15, %r15 + addq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq %r14, %r14 + adcq $0x00, %r15 + # A[0] * A[0] + movq (%rdi), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %rbp + # A[1] * A[1] + movq 8(%rdi), %rax + mulq %rax + addq %rbp, %r9 + adcq %rax, %r10 + adcq $0x00, %rdx + movq %rdx, %rbp + # A[2] * A[2] + movq 16(%rdi), %rax + mulq %rax + addq %rbp, %r11 + adcq %rax, %r12 + adcq $0x00, %rdx + movq %rdx, %rbp + # A[3] * A[3] + movq 24(%rdi), %rax + mulq %rax + addq %rax, %r14 + adcq %rdx, %r15 + addq %rbp, %r13 + adcq $0x00, %r14 + adcq $0x00, %r15 + movq $38, %rax + mulq %r15 + addq %rax, %r11 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbp + shldq $0x01, %r11, %rdx + imulq $19, %rdx, %rdx + andq %rbp, %r11 + movq %rdx, %rbp + movq $38, %rax + mulq %r12 + xorq %r12, %r12 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + movq $38, %rax + adcq %rdx, %r13 + mulq %r14 + xorq %r14, %r14 + addq %rax, %r10 + adcq %rdx, %r14 + addq %rbp, %rcx + adcq %r12, %r9 + adcq %r13, %r10 + adcq %r14, %r11 + # Store + movq %rcx, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r9 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r15, %r15 + addq %rax, %r13 + adcq %rdx, %r14 + adcq $0x00, %r15 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + adcq $0x00, %r15 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r14 + adcq %rdx, %r15 + movq $38, %rax + mulq %r15 + addq %rax, %r11 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbp + shldq $0x01, %r11, %rdx + imulq $19, %rdx, %rdx + andq %rbp, %r11 + movq %rdx, %rbp + movq $38, %rax + mulq %r12 + xorq %r12, %r12 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + movq $38, %rax + adcq %rdx, %r13 + mulq %r14 + xorq %r14, %r14 + addq %rax, %r10 + adcq %rdx, %r14 + addq %rbp, %rcx + adcq %r12, %r9 + adcq %r13, %r10 + adcq %r14, %r11 + # Store + movq %rcx, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + # Sub + movq 128(%rsp), %rcx + movq 136(%rsp), %r9 + movq 144(%rsp), %r10 + movq 152(%rsp), %r11 + subq 96(%rsp), %rcx + sbbq 104(%rsp), %r9 + sbbq 112(%rsp), %r10 + sbbq 120(%rsp), %r11 + sbbq %rbp, %rbp + shldq $0x01, %r11, %rbp + imulq $-19, %rbp + btr $63, %r11 + # Add modulus (if underflow) + subq %rbp, %rcx + sbbq $0x00, %r9 + sbbq $0x00, %r10 + sbbq $0x00, %r11 + movq %rcx, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + # Multiply by 121666 + movq $0x1db42, %rax + mulq 128(%rsp) + xorq %r10, %r10 + movq %rax, %rcx + movq %rdx, %r9 + movq $0x1db42, %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + movq $0x1db42, %rax + mulq 144(%rsp) + xorq %r13, %r13 + addq %rax, %r10 + adcq %rdx, %r11 + movq $0x1db42, %rax + mulq 152(%rsp) + movq $0x7fffffffffffffff, %r12 + addq %rax, %r11 + adcq %rdx, %r13 + addq 96(%rsp), %rcx + adcq 104(%rsp), %r9 + adcq 112(%rsp), %r10 + adcq 120(%rsp), %r11 + adcq $0x00, %r13 + shldq $0x01, %r11, %r13 + andq %r12, %r11 + movq $19, %rax + mulq %r13 + addq %rax, %rcx + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + movq %rcx, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rax + mulq 128(%rsp) + movq %rax, %rcx + movq %rdx, %r9 + # A[0] * B[1] + movq 104(%rsp), %rax + mulq 128(%rsp) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[1] * B[0] + movq 96(%rsp), %rax + mulq 136(%rsp) + xorq %r11, %r11 + addq %rax, %r9 + adcq %rdx, %r10 + adcq $0x00, %r11 + # A[0] * B[2] + movq 112(%rsp), %rax + mulq 128(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * B[1] + movq 104(%rsp), %rax + mulq 136(%rsp) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[2] * B[0] + movq 96(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[0] * B[3] + movq 120(%rsp), %rax + mulq 128(%rsp) + xorq %r13, %r13 + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * B[2] + movq 112(%rsp), %rax + mulq 136(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[2] * B[1] + movq 104(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[3] * B[0] + movq 96(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r11 + adcq %rdx, %r12 + adcq $0x00, %r13 + # A[1] * B[3] + movq 120(%rsp), %rax + mulq 136(%rsp) + xorq %r14, %r14 + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[2] * B[2] + movq 112(%rsp), %rax + mulq 144(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[3] * B[1] + movq 104(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r12 + adcq %rdx, %r13 + adcq $0x00, %r14 + # A[2] * B[3] + movq 120(%rsp), %rax + mulq 144(%rsp) + xorq %r15, %r15 + addq %rax, %r13 + adcq %rdx, %r14 + adcq $0x00, %r15 + # A[3] * B[2] + movq 112(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r13 + adcq %rdx, %r14 + adcq $0x00, %r15 + # A[3] * B[3] + movq 120(%rsp), %rax + mulq 152(%rsp) + addq %rax, %r14 + adcq %rdx, %r15 + movq $38, %rax + mulq %r15 + addq %rax, %r11 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %rbp + shldq $0x01, %r11, %rdx + imulq $19, %rdx, %rdx + andq %rbp, %r11 + movq %rdx, %rbp + movq $38, %rax + mulq %r12 + xorq %r12, %r12 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + movq $38, %rax + adcq %rdx, %r13 + mulq %r14 + xorq %r14, %r14 + addq %rax, %r10 + adcq %rdx, %r14 + addq %rbp, %rcx + adcq %r12, %r9 + adcq %r13, %r10 + adcq %r14, %r11 + # Store + movq %rcx, (%rsp) + movq %r9, 8(%rsp) + movq %r10, 16(%rsp) + movq %r11, 24(%rsp) + decq 160(%rsp) + jge L_curve25519_x64_3 # Invert leaq 32(%rsp), %rdi movq %rsp, %rsi @@ -4025,149 +7071,6 @@ #ifndef __APPLE__ .size curve25519_x64,.-curve25519_x64 #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 -#ifndef __APPLE__ -.text -.globl fe_sq2_x64 -.type fe_sq2_x64,@function -.align 16 -fe_sq2_x64: -#else -.section __TEXT,__text -.globl _fe_sq2_x64 -.p2align 4 -_fe_sq2_x64: -#endif /* __APPLE__ */ - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - # Square * 2 - # A[0] * A[1] - movq (%rsi), %rax - mulq 8(%rsi) - movq %rax, %r8 - movq %rdx, %r9 - # A[0] * A[2] - movq (%rsi), %rax - mulq 16(%rsi) - xorq %r10, %r10 - addq %rax, %r9 - adcq %rdx, %r10 - # A[0] * A[3] - movq (%rsi), %rax - mulq 24(%rsi) - xorq %r11, %r11 - addq %rax, %r10 - adcq %rdx, %r11 - # A[1] * A[2] - movq 8(%rsi), %rax - mulq 16(%rsi) - xorq %r12, %r12 - addq %rax, %r10 - adcq %rdx, %r11 - adcq $0x00, %r12 - # A[1] * A[3] - movq 8(%rsi), %rax - mulq 24(%rsi) - addq %rax, %r11 - adcq %rdx, %r12 - # A[2] * A[3] - movq 16(%rsi), %rax - mulq 24(%rsi) - xorq %r13, %r13 - addq %rax, %r12 - adcq %rdx, %r13 - # Double - xorq %r14, %r14 - addq %r8, %r8 - adcq %r9, %r9 - adcq %r10, %r10 - adcq %r11, %r11 - adcq %r12, %r12 - adcq %r13, %r13 - adcq $0x00, %r14 - # A[0] * A[0] - movq (%rsi), %rax - mulq %rax - movq %rax, %rcx - movq %rdx, %r15 - # A[1] * A[1] - movq 8(%rsi), %rax - mulq %rax - addq %r15, %r8 - adcq %rax, %r9 - adcq $0x00, %rdx - movq %rdx, %r15 - # A[2] * A[2] - movq 16(%rsi), %rax - mulq %rax - addq %r15, %r10 - adcq %rax, %r11 - adcq $0x00, %rdx - movq %rdx, %r15 - # A[3] * A[3] - movq 24(%rsi), %rax - mulq %rax - addq %rax, %r13 - adcq %rdx, %r14 - addq %r15, %r12 - adcq $0x00, %r13 - adcq $0x00, %r14 - movq $38, %rax - mulq %r14 - addq %rax, %r10 - adcq $0x00, %rdx - movq $0x7fffffffffffffff, %r15 - shldq $0x01, %r10, %rdx - imulq $19, %rdx, %rdx - andq %r15, %r10 - movq %rdx, %r15 - movq $38, %rax - mulq %r11 - xorq %r11, %r11 - addq %rax, %rcx - movq $38, %rax - adcq %rdx, %r11 - mulq %r12 - xorq %r12, %r12 - addq %rax, %r8 - movq $38, %rax - adcq %rdx, %r12 - mulq %r13 - xorq %r13, %r13 - addq %rax, %r9 - adcq %rdx, %r13 - addq %r15, %rcx - adcq %r11, %r8 - adcq %r12, %r9 - adcq %r13, %r10 - movq %r10, %rax - shldq $0x01, %r9, %r10 - shldq $0x01, %r8, %r9 - shldq $0x01, %rcx, %r8 - shlq $0x01, %rcx - movq $0x7fffffffffffffff, %r15 - shrq $62, %rax - andq %r15, %r10 - imulq $19, %rax, %rax - addq %rax, %rcx - adcq $0x00, %r8 - adcq $0x00, %r9 - adcq $0x00, %r10 - # Store - movq %rcx, (%rdi) - movq %r8, 8(%rdi) - movq %r9, 16(%rdi) - movq %r10, 24(%rdi) - popq %r15 - popq %r14 - popq %r13 - popq %r12 - repz retq -#ifndef __APPLE__ -.size fe_sq2_x64,.-fe_sq2_x64 -#endif /* __APPLE__ */ #ifndef __APPLE__ .text .globl fe_pow22523_x64 @@ -5664,14 +8567,13 @@ adcq 16(%rsi), %r11 movq %r12, %rbx adcq 24(%rsi), %r12 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r12, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r12 + movq $0x00, %r8 + adcq $0x00, %r8 + shldq $0x01, %r12, %r8 + imulq $19, %r8 + btr $63, %r12 # Sub modulus (if overflow) - addq %rax, %r9 + addq %r8, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -5680,12 +8582,12 @@ sbbq 8(%rsi), %r14 sbbq 16(%rsi), %r15 sbbq 24(%rsi), %rbx - sbbq %rax, %rax - shldq $0x01, %rbx, %rax - imulq $-19, %rax - andq %rdx, %rbx + sbbq %r8, %r8 + shldq $0x01, %rbx, %r8 + imulq $-19, %r8 + btr $63, %rbx # Add modulus (if underflow) - subq %rax, %r13 + subq %r8, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx @@ -5710,14 +8612,13 @@ movq 24(%rsi), %r12 adcq 16(%rcx), %r11 adcq 24(%rcx), %r12 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r12, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r12 + movq $0x00, %r8 + adcq $0x00, %r8 + shldq $0x01, %r12, %r8 + imulq $19, %r8 + btr $63, %r12 # Sub modulus (if overflow) - addq %rax, %r9 + addq %r8, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -5833,13 +8734,12 @@ sbbq 8(%rsi), %r10 sbbq 16(%rsi), %r11 sbbq 24(%rsi), %r12 - sbbq %rax, %rax - shldq $0x01, %r12, %rax - movq $0x7fffffffffffffff, %rdx - imulq $-19, %rax - andq %rdx, %r12 + sbbq %r8, %r8 + shldq $0x01, %r12, %r8 + imulq $-19, %r8 + btr $63, %r12 # Add modulus (if underflow) - subq %rax, %r9 + subq %r8, %r9 sbbq $0x00, %r10 sbbq $0x00, %r11 sbbq $0x00, %r12 @@ -5970,13 +8870,12 @@ sbbq 8(%rsi), %r10 sbbq 16(%rsi), %r11 sbbq 24(%rsi), %r12 - sbbq %rax, %rax - shldq $0x01, %r12, %rax - movq $0x7fffffffffffffff, %rdx - imulq $-19, %rax - andq %rdx, %r12 + sbbq %r8, %r8 + shldq $0x01, %r12, %r8 + imulq $-19, %r8 + btr $63, %r12 # Add modulus (if underflow) - subq %rax, %r9 + subq %r8, %r9 sbbq $0x00, %r10 sbbq $0x00, %r11 sbbq $0x00, %r12 @@ -6036,14 +8935,13 @@ adcq 16(%r8), %r12 movq %r13, %rbp adcq 24(%r8), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -6052,12 +8950,12 @@ sbbq 8(%r8), %r15 sbbq 16(%r8), %rbx sbbq 24(%r8), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -6478,14 +9376,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -6494,12 +9391,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -6521,14 +9418,13 @@ movq 24(%r8), %r13 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -6545,14 +9441,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -6561,12 +9456,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -6631,14 +9526,13 @@ adcq 16(%r8), %r12 movq %r13, %rbp adcq 24(%r8), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -6647,12 +9541,12 @@ sbbq 8(%r8), %r15 sbbq 16(%r8), %rbx sbbq 24(%r8), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7073,14 +9967,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7089,12 +9982,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7117,14 +10010,13 @@ movq 24(%r8), %r13 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7140,14 +10032,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7156,12 +10047,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7226,14 +10117,13 @@ adcq 16(%r8), %r12 movq %r13, %rbp adcq 24(%r8), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7242,12 +10132,12 @@ sbbq 8(%r8), %r15 sbbq 16(%r8), %rbx sbbq 24(%r8), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7669,14 +10559,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7685,12 +10574,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7838,14 +10727,13 @@ adcq %r11, %r11 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7861,14 +10749,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7877,12 +10764,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -7947,14 +10834,13 @@ adcq 16(%r8), %r12 movq %r13, %rbp adcq 24(%r8), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -7963,12 +10849,12 @@ sbbq 8(%r8), %r15 sbbq 16(%r8), %rbx sbbq 24(%r8), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -8389,14 +11275,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -8405,12 +11290,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -8557,14 +11442,13 @@ adcq %r11, %r11 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -8581,14 +11465,13 @@ adcq 16(%rdi), %r12 movq %r13, %rbp adcq 24(%rdi), %r13 - movq $0x00, %rax - adcq $0x00, %rax - shldq $0x01, %r13, %rax - movq $0x7fffffffffffffff, %rdx - imulq $19, %rax - andq %rdx, %r13 + movq $0x00, %r9 + adcq $0x00, %r9 + shldq $0x01, %r13, %r9 + imulq $19, %r9 + btr $63, %r13 # Sub modulus (if overflow) - addq %rax, %r10 + addq %r9, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -8597,12 +11480,12 @@ sbbq 8(%rdi), %r15 sbbq 16(%rdi), %rbx sbbq 24(%rdi), %rbp - sbbq %rax, %rax - shldq $0x01, %rbp, %rax - imulq $-19, %rax - andq %rdx, %rbp + sbbq %r9, %r9 + shldq $0x01, %rbp, %r9 + imulq $-19, %r9 + btr $63, %rbp # Add modulus (if underflow) - subq %rax, %r14 + subq %r9, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -8625,6 +11508,149 @@ #ifndef __APPLE__ .size ge_sub_x64,.-ge_sub_x64 #endif /* __APPLE__ */ +#ifdef HAVE_ED25519 +#ifndef __APPLE__ +.text +.globl fe_sq2_x64 +.type fe_sq2_x64,@function +.align 16 +fe_sq2_x64: +#else +.section __TEXT,__text +.globl _fe_sq2_x64 +.p2align 4 +_fe_sq2_x64: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + # Square * 2 + # A[0] * A[1] + movq (%rsi), %rax + mulq 8(%rsi) + movq %rax, %r8 + movq %rdx, %r9 + # A[0] * A[2] + movq (%rsi), %rax + mulq 16(%rsi) + xorq %r10, %r10 + addq %rax, %r9 + adcq %rdx, %r10 + # A[0] * A[3] + movq (%rsi), %rax + mulq 24(%rsi) + xorq %r11, %r11 + addq %rax, %r10 + adcq %rdx, %r11 + # A[1] * A[2] + movq 8(%rsi), %rax + mulq 16(%rsi) + xorq %r12, %r12 + addq %rax, %r10 + adcq %rdx, %r11 + adcq $0x00, %r12 + # A[1] * A[3] + movq 8(%rsi), %rax + mulq 24(%rsi) + addq %rax, %r11 + adcq %rdx, %r12 + # A[2] * A[3] + movq 16(%rsi), %rax + mulq 24(%rsi) + xorq %r13, %r13 + addq %rax, %r12 + adcq %rdx, %r13 + # Double + xorq %r14, %r14 + addq %r8, %r8 + adcq %r9, %r9 + adcq %r10, %r10 + adcq %r11, %r11 + adcq %r12, %r12 + adcq %r13, %r13 + adcq $0x00, %r14 + # A[0] * A[0] + movq (%rsi), %rax + mulq %rax + movq %rax, %rcx + movq %rdx, %r15 + # A[1] * A[1] + movq 8(%rsi), %rax + mulq %rax + addq %r15, %r8 + adcq %rax, %r9 + adcq $0x00, %rdx + movq %rdx, %r15 + # A[2] * A[2] + movq 16(%rsi), %rax + mulq %rax + addq %r15, %r10 + adcq %rax, %r11 + adcq $0x00, %rdx + movq %rdx, %r15 + # A[3] * A[3] + movq 24(%rsi), %rax + mulq %rax + addq %rax, %r13 + adcq %rdx, %r14 + addq %r15, %r12 + adcq $0x00, %r13 + adcq $0x00, %r14 + movq $38, %rax + mulq %r14 + addq %rax, %r10 + adcq $0x00, %rdx + movq $0x7fffffffffffffff, %r15 + shldq $0x01, %r10, %rdx + imulq $19, %rdx, %rdx + andq %r15, %r10 + movq %rdx, %r15 + movq $38, %rax + mulq %r11 + xorq %r11, %r11 + addq %rax, %rcx + movq $38, %rax + adcq %rdx, %r11 + mulq %r12 + xorq %r12, %r12 + addq %rax, %r8 + movq $38, %rax + adcq %rdx, %r12 + mulq %r13 + xorq %r13, %r13 + addq %rax, %r9 + adcq %rdx, %r13 + addq %r15, %rcx + adcq %r11, %r8 + adcq %r12, %r9 + adcq %r13, %r10 + movq %r10, %rax + shldq $0x01, %r9, %r10 + shldq $0x01, %r8, %r9 + shldq $0x01, %rcx, %r8 + shlq $0x01, %rcx + movq $0x7fffffffffffffff, %r15 + shrq $62, %rax + andq %r15, %r10 + imulq $19, %rax, %rax + addq %rax, %rcx + adcq $0x00, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + # Store + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size fe_sq2_x64,.-fe_sq2_x64 +#endif /* __APPLE__ */ #ifndef __APPLE__ .text .globl sc_reduce_x64 @@ -9096,10 +12122,411 @@ #ifndef __APPLE__ .size sc_muladd_x64,.-sc_muladd_x64 #endif /* __APPLE__ */ +/* Non-constant time modular inversion. + * + * @param [out] r Resulting number. + * @param [in] a Number to invert. + * @return MP_OKAY on success. + */ +#ifndef __APPLE__ +.text +.globl fe_invert_nct_x64 +.type fe_invert_nct_x64,@function +.align 16 +fe_invert_nct_x64: +#else +.section __TEXT,__text +.globl _fe_invert_nct_x64 +.p2align 4 +_fe_invert_nct_x64: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + subq $0x201, %rsp + movq $-19, %rcx + movq $-1, %r8 + movq $-1, %r9 + movq $0x7fffffffffffffff, %r10 + movq (%rsi), %r11 + movq 8(%rsi), %r12 + movq 16(%rsi), %r13 + movq 24(%rsi), %r14 + movq $0x00, %r15 + testb $0x01, %r11b + jnz fe_invert_nct_v_even_end +fe_invert_nct_v_even_start: + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrdq $0x01, %r14, %r13 + shrq $0x01, %r14 + movb $0x01, (%rsp,%r15,1) + incq %r15 + testb $0x01, %r11b + jz fe_invert_nct_v_even_start +fe_invert_nct_v_even_end: +L_fe_invert_nct_uv_start: + cmpq %r14, %r10 + jb L_fe_invert_nct_uv_v + ja L_fe_invert_nct_uv_u + cmpq %r13, %r9 + jb L_fe_invert_nct_uv_v + ja L_fe_invert_nct_uv_u + cmpq %r12, %r8 + jb L_fe_invert_nct_uv_v + ja L_fe_invert_nct_uv_u + cmpq %r11, %rcx + jb L_fe_invert_nct_uv_v +L_fe_invert_nct_uv_u: + movb $2, (%rsp,%r15,1) + incq %r15 + subq %r11, %rcx + sbbq %r12, %r8 + sbbq %r13, %r9 + sbbq %r14, %r10 + shrdq $0x01, %r8, %rcx + shrdq $0x01, %r9, %r8 + shrdq $0x01, %r10, %r9 + shrq $0x01, %r10 + testb $0x01, %cl + jnz fe_invert_nct_usubv_even_end +fe_invert_nct_usubv_even_start: + shrdq $0x01, %r8, %rcx + shrdq $0x01, %r9, %r8 + shrdq $0x01, %r10, %r9 + shrq $0x01, %r10 + movb $0x00, (%rsp,%r15,1) + incq %r15 + testb $0x01, %cl + jz fe_invert_nct_usubv_even_start +fe_invert_nct_usubv_even_end: + cmpq $0x01, %rcx + jne L_fe_invert_nct_uv_start + movq %r8, %rdx + orq %r9, %rdx + jne L_fe_invert_nct_uv_start + orq %r10, %rdx + jne L_fe_invert_nct_uv_start + movb $0x01, %al + jmp L_fe_invert_nct_uv_end +L_fe_invert_nct_uv_v: + movb $3, (%rsp,%r15,1) + incq %r15 + subq %rcx, %r11 + sbbq %r8, %r12 + sbbq %r9, %r13 + sbbq %r10, %r14 + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrdq $0x01, %r14, %r13 + shrq $0x01, %r14 + testb $0x01, %r11b + jnz fe_invert_nct_vsubu_even_end +fe_invert_nct_vsubu_even_start: + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrdq $0x01, %r14, %r13 + shrq $0x01, %r14 + movb $0x01, (%rsp,%r15,1) + incq %r15 + testb $0x01, %r11b + jz fe_invert_nct_vsubu_even_start +fe_invert_nct_vsubu_even_end: + cmpq $0x01, %r11 + jne L_fe_invert_nct_uv_start + movq %r12, %rdx + orq %r13, %rdx + jne L_fe_invert_nct_uv_start + orq %r14, %rdx + jne L_fe_invert_nct_uv_start + movb $0x00, %al +L_fe_invert_nct_uv_end: + movq $-19, %rcx + movq $-1, %r8 + movq $-1, %r9 + movq $0x7fffffffffffffff, %r10 + movq $0x01, %r11 + xorq %r12, %r12 + xorq %r13, %r13 + xorq %r14, %r14 + movb $7, (%rsp,%r15,1) + movb (%rsp), %dl + movq $0x01, %r15 + cmpb $0x01, %dl + je L_fe_invert_nct_op_div2_d + jl L_fe_invert_nct_op_div2_b + cmpb $3, %dl + je L_fe_invert_nct_op_d_sub_b + jl L_fe_invert_nct_op_b_sub_d + jmp L_fe_invert_nct_op_end +L_fe_invert_nct_op_b_sub_d: + subq %r11, %rcx + sbbq %r12, %r8 + sbbq %r13, %r9 + sbbq %r14, %r10 + jnc L_fe_invert_nct_op_div2_b + movq $-1, %rdx + addq $-19, %rcx + adcq %rdx, %r8 + adcq %rdx, %r9 + movq $0x7fffffffffffffff, %rdx + adcq %rdx, %r10 +L_fe_invert_nct_op_div2_b: + testb $0x01, %cl + jz L_fe_invert_nct_op_div2_b_mod + addq $-19, %rcx + movq $-1, %rdx + adcq %rdx, %r8 + adcq %rdx, %r9 + movq $0x7fffffffffffffff, %rdx + adcq %rdx, %r10 +L_fe_invert_nct_op_div2_b_mod: + shrdq $0x01, %r8, %rcx + shrdq $0x01, %r9, %r8 + shrdq $0x01, %r10, %r9 + shrq $0x01, %r10 + movb (%rsp,%r15,1), %dl + incq %r15 + cmpb $0x01, %dl + je L_fe_invert_nct_op_div2_d + jl L_fe_invert_nct_op_div2_b + cmpb $3, %dl + je L_fe_invert_nct_op_d_sub_b + jl L_fe_invert_nct_op_b_sub_d + jmp L_fe_invert_nct_op_end +L_fe_invert_nct_op_d_sub_b: + subq %rcx, %r11 + sbbq %r8, %r12 + sbbq %r9, %r13 + sbbq %r10, %r14 + jnc L_fe_invert_nct_op_div2_d + movq $-1, %rdx + addq $-19, %r11 + adcq %rdx, %r12 + adcq %rdx, %r13 + movq $0x7fffffffffffffff, %rdx + adcq %rdx, %r14 +L_fe_invert_nct_op_div2_d: + testb $0x01, %r11b + jz L_fe_invert_nct_op_div2_d_mod + addq $-19, %r11 + movq $-1, %rdx + adcq %rdx, %r12 + adcq %rdx, %r13 + movq $0x7fffffffffffffff, %rdx + adcq %rdx, %r14 +L_fe_invert_nct_op_div2_d_mod: + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrdq $0x01, %r14, %r13 + shrq $0x01, %r14 + movb (%rsp,%r15,1), %dl + incq %r15 + cmpb $0x01, %dl + je L_fe_invert_nct_op_div2_d + jl L_fe_invert_nct_op_div2_b + cmpb $3, %dl + je L_fe_invert_nct_op_d_sub_b + jl L_fe_invert_nct_op_b_sub_d +L_fe_invert_nct_op_end: + cmpb $0x01, %al + jne L_fe_invert_nct_store_d + movq %rcx, (%rdi) + movq %r8, 8(%rdi) + movq %r9, 16(%rdi) + movq %r10, 24(%rdi) + jmp L_fe_invert_nct_store_end +L_fe_invert_nct_store_d: + movq %r11, (%rdi) + movq %r12, 8(%rdi) + movq %r13, 16(%rdi) + movq %r14, 24(%rdi) +L_fe_invert_nct_store_end: + addq $0x201, %rsp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size fe_invert_nct_x64,.-fe_invert_nct_x64 +#endif /* __APPLE__ */ #endif /* HAVE_ED25519 */ #ifdef HAVE_INTEL_AVX2 #ifndef __APPLE__ .text +.globl fe_cmov_table_avx2 +.type fe_cmov_table_avx2,@function +.align 16 +fe_cmov_table_avx2: +#else +.section __TEXT,__text +.globl _fe_cmov_table_avx2 +.p2align 4 +_fe_cmov_table_avx2: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + pushq %rbx + movq %rdx, %rcx + xorq %rbx, %rbx + movsbq %cl, %rax + cdq + xorb %dl, %al + subb %dl, %al + movb %al, %bl + movd %ebx, %xmm7 + movq $0x01, %rbx + movd %rbx, %xmm9 + vmovdqa %ymm9, %ymm3 + vmovdqa %ymm9, %ymm4 + vpxor %ymm8, %ymm8, %ymm8 + vpermd %ymm7, %ymm8, %ymm7 + vpermd %ymm9, %ymm8, %ymm9 + vpxor %ymm0, %ymm0, %ymm0 + vpxor %ymm1, %ymm1, %ymm1 + vpxor %ymm2, %ymm2, %ymm2 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpxor %ymm5, %ymm5, %ymm5 + vpand %ymm6, %ymm3, %ymm3 + vpand %ymm6, %ymm4, %ymm4 + vmovdqa %ymm9, %ymm8 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd (%rsi), %ymm0 + vmovupd 32(%rsi), %ymm1 + vmovupd 64(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 96(%rsi), %ymm0 + vmovupd 128(%rsi), %ymm1 + vmovupd 160(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 192(%rsi), %ymm0 + vmovupd 224(%rsi), %ymm1 + vmovupd 256(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 288(%rsi), %ymm0 + vmovupd 320(%rsi), %ymm1 + vmovupd 352(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 384(%rsi), %ymm0 + vmovupd 416(%rsi), %ymm1 + vmovupd 448(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 480(%rsi), %ymm0 + vmovupd 512(%rsi), %ymm1 + vmovupd 544(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 576(%rsi), %ymm0 + vmovupd 608(%rsi), %ymm1 + vmovupd 640(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + vpcmpeqd %ymm7, %ymm8, %ymm6 + vpaddd %ymm9, %ymm8, %ymm8 + vmovupd 672(%rsi), %ymm0 + vmovupd 704(%rsi), %ymm1 + vmovupd 736(%rsi), %ymm2 + vpand %ymm6, %ymm0, %ymm0 + vpand %ymm6, %ymm1, %ymm1 + vpand %ymm6, %ymm2, %ymm2 + vpor %ymm0, %ymm3, %ymm3 + vpor %ymm1, %ymm4, %ymm4 + vpor %ymm2, %ymm5, %ymm5 + movsbq %cl, %rax + sarq $63, %rax + vmovd %eax, %xmm6 + vpxor %ymm8, %ymm8, %ymm8 + vpermd %ymm6, %ymm8, %ymm6 + vpxor %ymm4, %ymm3, %ymm8 + vpand %ymm6, %ymm8, %ymm8 + vpxor %ymm8, %ymm3, %ymm3 + vpxor %ymm8, %ymm4, %ymm4 + vmovupd %ymm3, (%rdi) + vmovupd %ymm4, 32(%rdi) + vmovupd %ymm5, 64(%rdi) + movq 64(%rdi), %r8 + movq 72(%rdi), %r9 + movq 80(%rdi), %r10 + movq 88(%rdi), %r11 + movq $-19, %r12 + movq $-1, %r13 + movq $-1, %r14 + movq $0x7fffffffffffffff, %r15 + subq %r8, %r12 + sbbq %r9, %r13 + sbbq %r10, %r14 + sbbq %r11, %r15 + cmpb $0x00, %cl + cmovlq %r12, %r8 + cmovlq %r13, %r9 + cmovlq %r14, %r10 + cmovlq %r15, %r11 + movq %r8, 64(%rdi) + movq %r9, 72(%rdi) + movq %r10, 80(%rdi) + movq %r11, 88(%rdi) + vzeroupper + popq %rbx + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size fe_cmov_table_avx2,.-fe_cmov_table_avx2 +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text .globl fe_mul_avx2 .type fe_mul_avx2,@function .align 16 @@ -9110,16 +12537,18 @@ .p2align 4 _fe_mul_avx2: #endif /* __APPLE__ */ + pushq %rbx pushq %r12 pushq %r13 pushq %r14 pushq %r15 - pushq %rbx - movq %rdx, %rbx + pushq %rbp + movq %rdx, %rbp + movq (%rsi), %rbx # Multiply # A[0] * B[0] - movq (%rbx), %rdx - mulxq (%rsi), %r8, %r9 + movq (%rbp), %rdx + mulxq %rbx, %r8, %r9 # A[2] * B[0] mulxq 16(%rsi), %r10, %r11 # A[1] * B[0] @@ -9127,66 +12556,66 @@ xorq %r15, %r15 adcxq %rax, %r9 # A[3] * B[1] - movq 8(%rbx), %rdx + movq 8(%rbp), %rdx mulxq 24(%rsi), %r12, %r13 adcxq %rcx, %r10 # A[0] * B[1] - mulxq (%rsi), %rax, %rcx + mulxq %rbx, %rax, %rcx adoxq %rax, %r9 # A[2] * B[1] mulxq 16(%rsi), %rax, %r14 adoxq %rcx, %r10 adcxq %rax, %r11 # A[1] * B[2] - movq 16(%rbx), %rdx + movq 16(%rbp), %rdx mulxq 8(%rsi), %rax, %rcx adcxq %r14, %r12 adoxq %rax, %r11 adcxq %r15, %r13 adoxq %rcx, %r12 # A[0] * B[2] - mulxq (%rsi), %rax, %rcx + mulxq %rbx, %rax, %rcx adoxq %r15, %r13 xorq %r14, %r14 adcxq %rax, %r10 # A[1] * B[1] - movq 8(%rbx), %rdx + movq 8(%rbp), %rdx mulxq 8(%rsi), %rdx, %rax adcxq %rcx, %r11 adoxq %rdx, %r10 # A[1] * B[3] - movq 24(%rbx), %rdx + movq 24(%rbp), %rdx adoxq %rax, %r11 mulxq 8(%rsi), %rax, %rcx adcxq %rax, %r12 # A[2] * B[2] - movq 16(%rbx), %rdx + movq 16(%rbp), %rdx mulxq 16(%rsi), %rdx, %rax adcxq %rcx, %r13 adoxq %rdx, %r12 # A[3] * B[3] - movq 24(%rbx), %rdx + movq 24(%rbp), %rdx adoxq %rax, %r13 mulxq 24(%rsi), %rax, %rcx adoxq %r15, %r14 adcxq %rax, %r14 # A[0] * B[3] - mulxq (%rsi), %rdx, %rax + mulxq %rbx, %rdx, %rax adcxq %rcx, %r15 xorq %rcx, %rcx adcxq %rdx, %r11 # A[3] * B[0] movq 24(%rsi), %rdx adcxq %rax, %r12 - mulxq (%rbx), %rdx, %rax + mulxq (%rbp), %rdx, %rax adoxq %rdx, %r11 adoxq %rax, %r12 # A[3] * B[2] movq 24(%rsi), %rdx - mulxq 16(%rbx), %rdx, %rax + mulxq 16(%rbp), %rdx, %rax adcxq %rdx, %r13 # A[2] * B[3] - movq 24(%rbx), %rdx + movq 24(%rbp), %rdx adcxq %rax, %r14 mulxq 16(%rsi), %rax, %rdx adcxq %rcx, %r15 @@ -9227,11 +12656,12 @@ movq %r9, 8(%rdi) movq %r10, 16(%rdi) movq %r11, 24(%rdi) - popq %rbx + popq %rbp popq %r15 popq %r14 popq %r13 popq %r12 + popq %rbx repz retq #ifndef __APPLE__ .size fe_mul_avx2,.-fe_mul_avx2 @@ -9481,14 +12911,13 @@ mulxq (%rsi), %rax, %r13 mulxq 8(%rsi), %rcx, %r12 mulxq 16(%rsi), %r8, %r11 - mulxq 24(%rsi), %r9, %r10 addq %r13, %rcx + mulxq 24(%rsi), %r9, %r10 adcq %r12, %r8 adcq %r11, %r9 adcq $0x00, %r10 - movq $0x7fffffffffffffff, %r13 shldq $0x01, %r9, %r10 - andq %r13, %r9 + btr $63, %r9 imulq $19, %r10, %r10 addq %r10, %rax adcq $0x00, %rcx @@ -9760,6 +13189,1942 @@ movq 128(%rsp), %rdi addq $0x90, %rsp repz retq +#if defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.align 32 +#else +.p2align 5 +#endif /* __APPLE__ */ +L_curve25519_base_avx2_x2: +.quad 0x5cae469cdd684efb, 0x8f3f5ced1e350b5c +.quad 0xd9750c687d157114, 0x20d342d51873f1b7 +#ifndef __APPLE__ +.text +.globl curve25519_base_avx2 +.type curve25519_base_avx2,@function +.align 16 +curve25519_base_avx2: +#else +.section __TEXT,__text +.globl _curve25519_base_avx2 +.p2align 4 +_curve25519_base_avx2: +#endif /* __APPLE__ */ + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + pushq %rbp + subq $0xb0, %rsp + movq $0x00, 168(%rsp) + movq %rdi, 160(%rsp) + # Set base point x + movq $9, (%rdi) + movq $0x00, 8(%rdi) + movq $0x00, 16(%rdi) + movq $0x00, 24(%rdi) + # Set one + movq $0x01, (%rsp) + movq $0x00, 8(%rsp) + movq $0x00, 16(%rsp) + movq $0x00, 24(%rsp) + movq 0+L_curve25519_base_avx2_x2(%rip), %r8 + movq 8+L_curve25519_base_avx2_x2(%rip), %r9 + movq 16+L_curve25519_base_avx2_x2(%rip), %r10 + movq 24+L_curve25519_base_avx2_x2(%rip), %r11 + # Set one + movq $0x01, 32(%rsp) + movq $0x00, 40(%rsp) + movq $0x00, 48(%rsp) + movq $0x00, 56(%rsp) + movq %r8, 64(%rsp) + movq %r9, 72(%rsp) + movq %r10, 80(%rsp) + movq %r11, 88(%rsp) + movq $0xfd, %rbp +L_curve25519_base_avx2_bits: + movq 168(%rsp), %rax + movq %rbp, %rbx + movq %rbp, %rcx + shrq $6, %rbx + andq $63, %rcx + movq (%rsi,%rbx,8), %rbx + shrq %cl, %rbx + andq $0x01, %rbx + xorq %rbx, %rax + negq %rax + # Conditional Swap + movq (%rdi), %r8 + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq (%rsp), %r12 + movq 8(%rsp), %r13 + movq 16(%rsp), %r14 + movq 24(%rsp), %r15 + xorq 64(%rsp), %r8 + xorq 72(%rsp), %r9 + xorq 80(%rsp), %r10 + xorq 88(%rsp), %r11 + xorq 32(%rsp), %r12 + xorq 40(%rsp), %r13 + xorq 48(%rsp), %r14 + xorq 56(%rsp), %r15 + andq %rax, %r8 + andq %rax, %r9 + andq %rax, %r10 + andq %rax, %r11 + andq %rax, %r12 + andq %rax, %r13 + andq %rax, %r14 + andq %rax, %r15 + xorq %r8, (%rdi) + xorq %r9, 8(%rdi) + xorq %r10, 16(%rdi) + xorq %r11, 24(%rdi) + xorq %r12, (%rsp) + xorq %r13, 8(%rsp) + xorq %r14, 16(%rsp) + xorq %r15, 24(%rsp) + xorq %r8, 64(%rsp) + xorq %r9, 72(%rsp) + xorq %r10, 80(%rsp) + xorq %r11, 88(%rsp) + xorq %r12, 32(%rsp) + xorq %r13, 40(%rsp) + xorq %r14, 48(%rsp) + xorq %r15, 56(%rsp) + movq %rbx, 168(%rsp) + # Add-Sub + # Add + movq (%rdi), %r8 + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq %r8, %r12 + addq (%rsp), %r8 + movq %r9, %r13 + adcq 8(%rsp), %r9 + movq %r10, %r14 + adcq 16(%rsp), %r10 + movq %r11, %r15 + adcq 24(%rsp), %r11 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r11, %rbx + imulq $19, %rbx + btr $63, %r11 + # Sub modulus (if overflow) + addq %rbx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Sub + subq (%rsp), %r12 + sbbq 8(%rsp), %r13 + sbbq 16(%rsp), %r14 + sbbq 24(%rsp), %r15 + sbbq %rbx, %rbx + shldq $0x01, %r15, %rbx + imulq $-19, %rbx + btr $63, %r15 + # Add modulus (if underflow) + subq %rbx, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + movq %r12, 128(%rsp) + movq %r13, 136(%rsp) + movq %r14, 144(%rsp) + movq %r15, 152(%rsp) + # Add-Sub + # Add + movq 64(%rsp), %r8 + movq 72(%rsp), %r9 + movq 80(%rsp), %r10 + movq 88(%rsp), %r11 + movq %r8, %r12 + addq 32(%rsp), %r8 + movq %r9, %r13 + adcq 40(%rsp), %r9 + movq %r10, %r14 + adcq 48(%rsp), %r10 + movq %r11, %r15 + adcq 56(%rsp), %r11 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r11, %rbx + imulq $19, %rbx + btr $63, %r11 + # Sub modulus (if overflow) + addq %rbx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Sub + subq 32(%rsp), %r12 + sbbq 40(%rsp), %r13 + sbbq 48(%rsp), %r14 + sbbq 56(%rsp), %r15 + sbbq %rbx, %rbx + shldq $0x01, %r15, %rbx + imulq $-19, %rbx + btr $63, %r15 + # Add modulus (if underflow) + subq %rbx, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + movq %r8, 32(%rsp) + movq %r9, 40(%rsp) + movq %r10, 48(%rsp) + movq %r11, 56(%rsp) + movq %r12, 96(%rsp) + movq %r13, 104(%rsp) + movq %r14, 112(%rsp) + movq %r15, 120(%rsp) + movq 32(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 128(%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 48(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 40(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 136(%rsp), %rdx + mulxq 56(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 48(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 144(%rsp), %rdx + mulxq 40(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 136(%rsp), %rdx + mulxq 40(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 40(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 144(%rsp), %rdx + mulxq 48(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 56(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 56(%rsp), %rdx + adcxq %rcx, %r12 + mulxq 128(%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 56(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 152(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 48(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, 32(%rsp) + movq %r9, 40(%rsp) + movq %r10, 48(%rsp) + movq %r11, 56(%rsp) + movq 96(%rsp), %rax + # Multiply + # A[0] * B[0] + movq (%rdi), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 112(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 104(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 8(%rdi), %rdx + mulxq 120(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 112(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 16(%rdi), %rdx + mulxq 104(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 8(%rdi), %rdx + mulxq 104(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 24(%rdi), %rdx + adoxq %rcx, %r11 + mulxq 104(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 16(%rdi), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 24(%rdi), %rdx + adoxq %rcx, %r13 + mulxq 120(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 120(%rsp), %rdx + adcxq %rcx, %r12 + mulxq (%rdi), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 120(%rsp), %rdx + mulxq 16(%rdi), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 24(%rdi), %rdx + adcxq %rcx, %r14 + mulxq 112(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, (%rsp) + movq %r9, 8(%rsp) + movq %r10, 16(%rsp) + movq %r11, 24(%rsp) + # Square + movq 128(%rsp), %rdx + movq 136(%rsp), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 152(%rsp), %r11, %r12 + # A[2] * A[1] + movq 144(%rsp), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 152(%rsp), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 152(%rsp), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 144(%rsp), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + # Square + movq (%rdi), %rdx + movq 8(%rdi), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 24(%rdi), %r11, %r12 + # A[2] * A[1] + movq 16(%rdi), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 24(%rdi), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 24(%rdi), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 16(%rdi), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 24(%rdi), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + # Add-Sub + # Add + movq (%rsp), %r8 + movq 8(%rsp), %r9 + movq 16(%rsp), %r10 + movq 24(%rsp), %r11 + movq %r8, %r12 + addq 32(%rsp), %r8 + movq %r9, %r13 + adcq 40(%rsp), %r9 + movq %r10, %r14 + adcq 48(%rsp), %r10 + movq %r11, %r15 + adcq 56(%rsp), %r11 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r11, %rbx + imulq $19, %rbx + btr $63, %r11 + # Sub modulus (if overflow) + addq %rbx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Sub + subq 32(%rsp), %r12 + sbbq 40(%rsp), %r13 + sbbq 48(%rsp), %r14 + sbbq 56(%rsp), %r15 + sbbq %rbx, %rbx + shldq $0x01, %r15, %rbx + imulq $-19, %rbx + btr $63, %r15 + # Add modulus (if underflow) + subq %rbx, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + movq %r8, 64(%rsp) + movq %r9, 72(%rsp) + movq %r10, 80(%rsp) + movq %r11, 88(%rsp) + movq %r12, 32(%rsp) + movq %r13, 40(%rsp) + movq %r14, 48(%rsp) + movq %r15, 56(%rsp) + movq 128(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 144(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 136(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 104(%rsp), %rdx + mulxq 152(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 144(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 112(%rsp), %rdx + mulxq 136(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rdx + mulxq 136(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 136(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 112(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 152(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 152(%rsp), %rdx + adcxq %rcx, %r12 + mulxq 96(%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 152(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 120(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 144(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + # Sub + movq 128(%rsp), %r8 + movq 136(%rsp), %r9 + movq 144(%rsp), %r10 + movq 152(%rsp), %r11 + subq 96(%rsp), %r8 + sbbq 104(%rsp), %r9 + sbbq 112(%rsp), %r10 + sbbq 120(%rsp), %r11 + sbbq %rbx, %rbx + shldq $0x01, %r11, %rbx + imulq $-19, %rbx + btr $63, %r11 + # Add modulus (if underflow) + subq %rbx, %r8 + sbbq $0x00, %r9 + sbbq $0x00, %r10 + sbbq $0x00, %r11 + movq %r8, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + # Square + movq 32(%rsp), %rdx + movq 40(%rsp), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 56(%rsp), %r11, %r12 + # A[2] * A[1] + movq 48(%rsp), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 56(%rsp), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 56(%rsp), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 48(%rsp), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 56(%rsp), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 32(%rsp) + movq %r9, 40(%rsp) + movq %r10, 48(%rsp) + movq %r11, 56(%rsp) + # Square + movq 64(%rsp), %rdx + movq 72(%rsp), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 88(%rsp), %r11, %r12 + # A[2] * A[1] + movq 80(%rsp), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 88(%rsp), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 88(%rsp), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 80(%rsp), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 88(%rsp), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 64(%rsp) + movq %r9, 72(%rsp) + movq %r10, 80(%rsp) + movq %r11, 88(%rsp) + movq $0x1db42, %rdx + mulxq 128(%rsp), %r8, %r15 + mulxq 136(%rsp), %r9, %r14 + mulxq 144(%rsp), %r10, %r13 + addq %r15, %r9 + mulxq 152(%rsp), %r11, %r12 + adcq %r14, %r10 + adcq %r13, %r11 + adcq $0x00, %r12 + addq 96(%rsp), %r8 + adcq 104(%rsp), %r9 + adcq 112(%rsp), %r10 + adcq 120(%rsp), %r11 + adcq $0x00, %r12 + shldq $0x01, %r11, %r12 + btr $63, %r11 + imulq $19, %r12, %r12 + addq %r12, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + movq %r8, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + movq $9, %rdx + mulxq 32(%rsp), %r8, %r15 + mulxq 40(%rsp), %r9, %r14 + mulxq 48(%rsp), %r10, %r13 + addq %r15, %r9 + mulxq 56(%rsp), %r11, %r12 + adcq %r14, %r10 + adcq %r13, %r11 + adcq $0x00, %r12 + shldq $0x01, %r11, %r12 + btr $63, %r11 + imulq $19, %r12, %r12 + addq %r12, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + movq %r8, 32(%rsp) + movq %r9, 40(%rsp) + movq %r10, 48(%rsp) + movq %r11, 56(%rsp) + movq 128(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 144(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 136(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 104(%rsp), %rdx + mulxq 152(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 144(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 112(%rsp), %rdx + mulxq 136(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rdx + mulxq 136(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 136(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 112(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 152(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 152(%rsp), %rdx + adcxq %rcx, %r12 + mulxq 96(%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 152(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 120(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 144(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, (%rsp) + movq %r9, 8(%rsp) + movq %r10, 16(%rsp) + movq %r11, 24(%rsp) + decq %rbp + cmpq $3, %rbp + jge L_curve25519_base_avx2_bits + movq 168(%rsp), %rax + negq %rax + # Conditional Swap + movq (%rdi), %r8 + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq (%rsp), %r12 + movq 8(%rsp), %r13 + movq 16(%rsp), %r14 + movq 24(%rsp), %r15 + xorq 64(%rsp), %r8 + xorq 72(%rsp), %r9 + xorq 80(%rsp), %r10 + xorq 88(%rsp), %r11 + xorq 32(%rsp), %r12 + xorq 40(%rsp), %r13 + xorq 48(%rsp), %r14 + xorq 56(%rsp), %r15 + andq %rax, %r8 + andq %rax, %r9 + andq %rax, %r10 + andq %rax, %r11 + andq %rax, %r12 + andq %rax, %r13 + andq %rax, %r14 + andq %rax, %r15 + xorq %r8, (%rdi) + xorq %r9, 8(%rdi) + xorq %r10, 16(%rdi) + xorq %r11, 24(%rdi) + xorq %r12, (%rsp) + xorq %r13, 8(%rsp) + xorq %r14, 16(%rsp) + xorq %r15, 24(%rsp) + xorq %r8, 64(%rsp) + xorq %r9, 72(%rsp) + xorq %r10, 80(%rsp) + xorq %r11, 88(%rsp) + xorq %r12, 32(%rsp) + xorq %r13, 40(%rsp) + xorq %r14, 48(%rsp) + xorq %r15, 56(%rsp) +L_curve25519_base_avx2_last_3: + # Add-Sub + # Add + movq (%rdi), %r8 + movq 8(%rdi), %r9 + movq 16(%rdi), %r10 + movq 24(%rdi), %r11 + movq %r8, %r12 + addq (%rsp), %r8 + movq %r9, %r13 + adcq 8(%rsp), %r9 + movq %r10, %r14 + adcq 16(%rsp), %r10 + movq %r11, %r15 + adcq 24(%rsp), %r11 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r11, %rbx + imulq $19, %rbx + btr $63, %r11 + # Sub modulus (if overflow) + addq %rbx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Sub + subq (%rsp), %r12 + sbbq 8(%rsp), %r13 + sbbq 16(%rsp), %r14 + sbbq 24(%rsp), %r15 + sbbq %rbx, %rbx + shldq $0x01, %r15, %rbx + imulq $-19, %rbx + btr $63, %r15 + # Add modulus (if underflow) + subq %rbx, %r12 + sbbq $0x00, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + movq %r12, 128(%rsp) + movq %r13, 136(%rsp) + movq %r14, 144(%rsp) + movq %r15, 152(%rsp) + # Square + movq 128(%rsp), %rdx + movq 136(%rsp), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 152(%rsp), %r11, %r12 + # A[2] * A[1] + movq 144(%rsp), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 152(%rsp), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 152(%rsp), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 144(%rsp), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + # Square + movq (%rdi), %rdx + movq 8(%rdi), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 24(%rdi), %r11, %r12 + # A[2] * A[1] + movq 16(%rdi), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 24(%rdi), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 24(%rdi), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 16(%rdi), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 24(%rdi), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rbx + addq %r15, %r11 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rbx, %r8 + mulxq %r12, %rbx, %r12 + adcxq %rbx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + # Store + movq %r8, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + movq 128(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 144(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 136(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 104(%rsp), %rdx + mulxq 152(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 144(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 112(%rsp), %rdx + mulxq 136(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rdx + mulxq 136(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 136(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 112(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 152(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 152(%rsp), %rdx + adcxq %rcx, %r12 + mulxq 96(%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 152(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 120(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 144(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + # Sub + movq 128(%rsp), %r8 + movq 136(%rsp), %r9 + movq 144(%rsp), %r10 + movq 152(%rsp), %r11 + subq 96(%rsp), %r8 + sbbq 104(%rsp), %r9 + sbbq 112(%rsp), %r10 + sbbq 120(%rsp), %r11 + sbbq %rbx, %rbx + shldq $0x01, %r11, %rbx + imulq $-19, %rbx + btr $63, %r11 + # Add modulus (if underflow) + subq %rbx, %r8 + sbbq $0x00, %r9 + sbbq $0x00, %r10 + sbbq $0x00, %r11 + movq %r8, 128(%rsp) + movq %r9, 136(%rsp) + movq %r10, 144(%rsp) + movq %r11, 152(%rsp) + movq $0x1db42, %rdx + mulxq 128(%rsp), %r8, %r15 + mulxq 136(%rsp), %r9, %r14 + mulxq 144(%rsp), %r10, %r13 + addq %r15, %r9 + mulxq 152(%rsp), %r11, %r12 + adcq %r14, %r10 + adcq %r13, %r11 + adcq $0x00, %r12 + addq 96(%rsp), %r8 + adcq 104(%rsp), %r9 + adcq 112(%rsp), %r10 + adcq 120(%rsp), %r11 + adcq $0x00, %r12 + shldq $0x01, %r11, %r12 + btr $63, %r11 + imulq $19, %r12, %r12 + addq %r12, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + movq %r8, 96(%rsp) + movq %r9, 104(%rsp) + movq %r10, 112(%rsp) + movq %r11, 120(%rsp) + movq 128(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 96(%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 144(%rsp), %r10, %r11 + # A[1] * B[0] + mulxq 136(%rsp), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 104(%rsp), %rdx + mulxq 152(%rsp), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 144(%rsp), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 112(%rsp), %rdx + mulxq 136(%rsp), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 104(%rsp), %rdx + mulxq 136(%rsp), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 136(%rsp), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 112(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 120(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 152(%rsp), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 152(%rsp), %rdx + adcxq %rcx, %r12 + mulxq 96(%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 152(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 120(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 144(%rsp), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + # Store + movq %r8, (%rsp) + movq %r9, 8(%rsp) + movq %r10, 16(%rsp) + movq %r11, 24(%rsp) + decq %rbp + jge L_curve25519_base_avx2_last_3 + # Invert + leaq 32(%rsp), %rdi + movq %rsp, %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 32(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + movq %rsp, %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 32(%rsp), %rdi + leaq 32(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 32(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $4, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $9, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 128(%rsp), %rsi + movq $19, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 128(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $9, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $49, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 128(%rsp), %rdi + leaq 128(%rsp), %rsi + movq $0x63, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 128(%rsp), %rsi + leaq 96(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 96(%rsp), %rdi + leaq 96(%rsp), %rsi + movq $49, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 96(%rsp), %rsi + leaq 64(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi +#ifndef __APPLE__ + callq fe_sq_avx2@plt +#else + callq _fe_sq_avx2 +#endif /* __APPLE__ */ + leaq 64(%rsp), %rdi + leaq 64(%rsp), %rsi + movq $4, %rdx +#ifndef __APPLE__ + callq fe_sq_n_avx2@plt +#else + callq _fe_sq_n_avx2 +#endif /* __APPLE__ */ + movq %rsp, %rdi + leaq 64(%rsp), %rsi + leaq 32(%rsp), %rdx +#ifndef __APPLE__ + callq fe_mul_avx2@plt +#else + callq _fe_mul_avx2 +#endif /* __APPLE__ */ + movq 160(%rsp), %rdi + movq (%rdi), %rax + # Multiply + # A[0] * B[0] + movq (%rsp), %rdx + mulxq %rax, %r8, %r9 + # A[2] * B[0] + mulxq 16(%rdi), %r10, %r11 + # A[1] * B[0] + mulxq 8(%rdi), %rcx, %rbx + xorq %r15, %r15 + adcxq %rcx, %r9 + # A[3] * B[1] + movq 8(%rsp), %rdx + mulxq 24(%rdi), %r12, %r13 + adcxq %rbx, %r10 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r9 + # A[2] * B[1] + mulxq 16(%rdi), %rcx, %r14 + adoxq %rbx, %r10 + adcxq %rcx, %r11 + # A[1] * B[2] + movq 16(%rsp), %rdx + mulxq 8(%rdi), %rcx, %rbx + adcxq %r14, %r12 + adoxq %rcx, %r11 + adcxq %r15, %r13 + adoxq %rbx, %r12 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %r15, %r13 + xorq %r14, %r14 + adcxq %rcx, %r10 + # A[1] * B[1] + movq 8(%rsp), %rdx + mulxq 8(%rdi), %rdx, %rcx + adcxq %rbx, %r11 + adoxq %rdx, %r10 + # A[1] * B[3] + movq 24(%rsp), %rdx + adoxq %rcx, %r11 + mulxq 8(%rdi), %rcx, %rbx + adcxq %rcx, %r12 + # A[2] * B[2] + movq 16(%rsp), %rdx + mulxq 16(%rdi), %rdx, %rcx + adcxq %rbx, %r13 + adoxq %rdx, %r12 + # A[3] * B[3] + movq 24(%rsp), %rdx + adoxq %rcx, %r13 + mulxq 24(%rdi), %rcx, %rbx + adoxq %r15, %r14 + adcxq %rcx, %r14 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %r15 + xorq %rbx, %rbx + adcxq %rdx, %r11 + # A[3] * B[0] + movq 24(%rdi), %rdx + adcxq %rcx, %r12 + mulxq (%rsp), %rdx, %rcx + adoxq %rdx, %r11 + adoxq %rcx, %r12 + # A[3] * B[2] + movq 24(%rdi), %rdx + mulxq 16(%rsp), %rdx, %rcx + adcxq %rdx, %r13 + # A[2] * B[3] + movq 24(%rsp), %rdx + adcxq %rcx, %r14 + mulxq 16(%rdi), %rcx, %rdx + adcxq %rbx, %r15 + adoxq %rcx, %r13 + adoxq %rdx, %r14 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rcx + addq %r15, %r11 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r11, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r11 + xorq %rbx, %rbx + adoxq %rcx, %r8 + mulxq %r12, %rcx, %r12 + adcxq %rcx, %r8 + adoxq %r12, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + adcxq %rbx, %r11 + movq $0x7fffffffffffffff, %rbx + movq %r11, %rdx + sarq $63, %rdx + andq $19, %rdx + andq %rbx, %r11 + addq %rdx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + movq $0x7fffffffffffffff, %rcx + movq %r8, %rdx + addq $19, %rdx + movq %r9, %rdx + adcq $0x00, %rdx + movq %r10, %rdx + adcq $0x00, %rdx + movq %r11, %rdx + adcq $0x00, %rdx + sarq $63, %rdx + andq $19, %rdx + andq %rcx, %r11 + addq %rdx, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Store + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + xorq %rax, %rax + addq $0xb0, %rsp + popq %rbp + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + repz retq +#ifndef __APPLE__ +.size curve25519_base_avx2,.-curve25519_base_avx2 +#endif /* __APPLE__ */ +#endif /* WOLFSSL_CURVE25519_NOT_USE_ED25519 */ #ifndef __APPLE__ .text .globl curve25519_avx2 @@ -9808,59 +15173,58 @@ movq %r12, 88(%rsp) movq $0xfe, %rbx L_curve25519_avx2_bits: - movq 176(%rsp), %rax movq %rbx, 160(%rsp) movq %rbx, %rcx + movq 176(%rsp), %rax andq $63, %rcx shrq $6, %rbx movq (%rsi,%rbx,8), %rbx shrq %cl, %rbx andq $0x01, %rbx xorq %rbx, %rax + movq %rbx, 176(%rsp) negq %rax # Conditional Swap movq (%rdi), %r9 movq 8(%rdi), %r10 movq 16(%rdi), %r11 movq 24(%rdi), %r12 + movq (%rsp), %r13 + movq 8(%rsp), %r14 + movq 16(%rsp), %r15 + movq 24(%rsp), %rbp xorq 64(%rsp), %r9 xorq 72(%rsp), %r10 xorq 80(%rsp), %r11 xorq 88(%rsp), %r12 + xorq 32(%rsp), %r13 + xorq 40(%rsp), %r14 + xorq 48(%rsp), %r15 + xorq 56(%rsp), %rbp andq %rax, %r9 andq %rax, %r10 andq %rax, %r11 andq %rax, %r12 + andq %rax, %r13 + andq %rax, %r14 + andq %rax, %r15 + andq %rax, %rbp xorq %r9, (%rdi) xorq %r10, 8(%rdi) xorq %r11, 16(%rdi) xorq %r12, 24(%rdi) + xorq %r13, (%rsp) + xorq %r14, 8(%rsp) + xorq %r15, 16(%rsp) + xorq %rbp, 24(%rsp) xorq %r9, 64(%rsp) xorq %r10, 72(%rsp) xorq %r11, 80(%rsp) xorq %r12, 88(%rsp) - # Conditional Swap - movq (%rsp), %r9 - movq 8(%rsp), %r10 - movq 16(%rsp), %r11 - movq 24(%rsp), %r12 - xorq 32(%rsp), %r9 - xorq 40(%rsp), %r10 - xorq 48(%rsp), %r11 - xorq 56(%rsp), %r12 - andq %rax, %r9 - andq %rax, %r10 - andq %rax, %r11 - andq %rax, %r12 - xorq %r9, (%rsp) - xorq %r10, 8(%rsp) - xorq %r11, 16(%rsp) - xorq %r12, 24(%rsp) - xorq %r9, 32(%rsp) - xorq %r10, 40(%rsp) - xorq %r11, 48(%rsp) - xorq %r12, 56(%rsp) - movq %rbx, 176(%rsp) + xorq %r13, 32(%rsp) + xorq %r14, 40(%rsp) + xorq %r15, 48(%rsp) + xorq %rbp, 56(%rsp) # Add-Sub # Add movq (%rdi), %r9 @@ -9875,14 +15239,13 @@ adcq 16(%rsp), %r11 movq %r12, %rbp adcq 24(%rsp), %r12 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r12, %rcx - movq $0x7fffffffffffffff, %rbx - imulq $19, %rcx - andq %rbx, %r12 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r12, %rbx + imulq $19, %rbx + btr $63, %r12 # Sub modulus (if overflow) - addq %rcx, %r9 + addq %rbx, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -9891,12 +15254,12 @@ sbbq 8(%rsp), %r14 sbbq 16(%rsp), %r15 sbbq 24(%rsp), %rbp - sbbq %rcx, %rcx - shldq $0x01, %rbp, %rcx - imulq $-19, %rcx - andq %rbx, %rbp + sbbq %rbx, %rbx + shldq $0x01, %rbp, %rbx + imulq $-19, %rbx + btr $63, %rbp # Add modulus (if underflow) - subq %rcx, %r13 + subq %rbx, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbp @@ -9922,14 +15285,13 @@ adcq 48(%rsp), %r11 movq %r12, %rbp adcq 56(%rsp), %r12 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r12, %rcx - movq $0x7fffffffffffffff, %rbx - imulq $19, %rcx - andq %rbx, %r12 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r12, %rbx + imulq $19, %rbx + btr $63, %r12 # Sub modulus (if overflow) - addq %rcx, %r9 + addq %rbx, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -9938,12 +15300,12 @@ sbbq 40(%rsp), %r14 sbbq 48(%rsp), %r15 sbbq 56(%rsp), %rbp - sbbq %rcx, %rcx - shldq $0x01, %rbp, %rcx - imulq $-19, %rcx - andq %rbx, %rbp + sbbq %rbx, %rbx + shldq $0x01, %rbp, %rbx + imulq $-19, %rbx + btr $63, %rbp # Add modulus (if underflow) - subq %rcx, %r13 + subq %rbx, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbp @@ -9955,10 +15317,11 @@ movq %r14, 104(%rsp) movq %r15, 112(%rsp) movq %rbp, 120(%rsp) + movq 32(%rsp), %rax # Multiply # A[0] * B[0] movq 128(%rsp), %rdx - mulxq 32(%rsp), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 48(%rsp), %r11, %r12 # A[1] * B[0] @@ -9970,7 +15333,7 @@ mulxq 56(%rsp), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq 32(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 48(%rsp), %rcx, %r15 @@ -9984,7 +15347,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq 32(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -10010,7 +15373,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq 32(%rsp), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -10057,10 +15420,11 @@ movq %r10, 40(%rsp) movq %r11, 48(%rsp) movq %r12, 56(%rsp) + movq 96(%rsp), %rax # Multiply # A[0] * B[0] movq (%rdi), %rdx - mulxq 96(%rsp), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 112(%rsp), %r11, %r12 # A[1] * B[0] @@ -10072,7 +15436,7 @@ mulxq 120(%rsp), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq 96(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 112(%rsp), %rcx, %r15 @@ -10086,7 +15450,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq 96(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -10112,7 +15476,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq 96(%rsp), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -10333,14 +15697,13 @@ adcq 48(%rsp), %r11 movq %r12, %rbp adcq 56(%rsp), %r12 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r12, %rcx - movq $0x7fffffffffffffff, %rbx - imulq $19, %rcx - andq %rbx, %r12 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r12, %rbx + imulq $19, %rbx + btr $63, %r12 # Sub modulus (if overflow) - addq %rcx, %r9 + addq %rbx, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -10349,12 +15712,12 @@ sbbq 40(%rsp), %r14 sbbq 48(%rsp), %r15 sbbq 56(%rsp), %rbp - sbbq %rcx, %rcx - shldq $0x01, %rbp, %rcx - imulq $-19, %rcx - andq %rbx, %rbp + sbbq %rbx, %rbx + shldq $0x01, %rbp, %rbx + imulq $-19, %rbx + btr $63, %rbp # Add modulus (if underflow) - subq %rcx, %r13 + subq %rbx, %r13 sbbq $0x00, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbp @@ -10366,10 +15729,11 @@ movq %r14, 40(%rsp) movq %r15, 48(%rsp) movq %rbp, 56(%rsp) + movq 128(%rsp), %rax # Multiply # A[0] * B[0] movq 96(%rsp), %rdx - mulxq 128(%rsp), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 144(%rsp), %r11, %r12 # A[1] * B[0] @@ -10381,7 +15745,7 @@ mulxq 152(%rsp), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq 128(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 144(%rsp), %rcx, %r15 @@ -10395,7 +15759,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq 128(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -10421,7 +15785,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq 128(%rsp), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -10477,13 +15841,12 @@ sbbq 104(%rsp), %r10 sbbq 112(%rsp), %r11 sbbq 120(%rsp), %r12 - sbbq %rcx, %rcx - shldq $0x01, %r12, %rcx - movq $0x7fffffffffffffff, %rbx - imulq $-19, %rcx - andq %rbx, %r12 + sbbq %rbx, %rbx + shldq $0x01, %r12, %rbx + imulq $-19, %rbx + btr $63, %r12 # Add modulus (if underflow) - subq %rcx, %r9 + subq %rbx, %r9 sbbq $0x00, %r10 sbbq $0x00, %r11 sbbq $0x00, %r12 @@ -10571,27 +15934,6 @@ movq %r10, 40(%rsp) movq %r11, 48(%rsp) movq %r12, 56(%rsp) - movq $0x1db42, %rdx - mulxq 128(%rsp), %r9, %rbp - mulxq 136(%rsp), %r10, %r15 - mulxq 144(%rsp), %r11, %r14 - mulxq 152(%rsp), %r12, %r13 - addq %rbp, %r10 - adcq %r15, %r11 - adcq %r14, %r12 - adcq $0x00, %r13 - movq $0x7fffffffffffffff, %rbp - shldq $0x01, %r12, %r13 - andq %rbp, %r12 - imulq $19, %r13, %r13 - addq %r13, %r9 - adcq $0x00, %r10 - adcq $0x00, %r11 - adcq $0x00, %r12 - movq %r9, (%rsp) - movq %r10, 8(%rsp) - movq %r11, 16(%rsp) - movq %r12, 24(%rsp) # Square movq 64(%rsp), %rdx movq 72(%rsp), %rax @@ -10672,23 +16014,24 @@ movq %r10, 72(%rsp) movq %r11, 80(%rsp) movq %r12, 88(%rsp) - # Add - movq 96(%rsp), %r9 - movq 104(%rsp), %r10 - addq (%rsp), %r9 - movq 112(%rsp), %r11 - adcq 8(%rsp), %r10 - movq 120(%rsp), %r12 - adcq 16(%rsp), %r11 - adcq 24(%rsp), %r12 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r12, %rcx - movq $0x7fffffffffffffff, %rbx - imulq $19, %rcx - andq %rbx, %r12 - # Sub modulus (if overflow) - addq %rcx, %r9 + movq $0x1db42, %rdx + mulxq 128(%rsp), %r9, %rbp + mulxq 136(%rsp), %r10, %r15 + mulxq 144(%rsp), %r11, %r14 + addq %rbp, %r10 + mulxq 152(%rsp), %r12, %r13 + adcq %r15, %r11 + adcq %r14, %r12 + adcq $0x00, %r13 + addq 96(%rsp), %r9 + adcq 104(%rsp), %r10 + adcq 112(%rsp), %r11 + adcq 120(%rsp), %r12 + adcq $0x00, %r13 + shldq $0x01, %r12, %r13 + btr $63, %r12 + imulq $19, %r13, %r13 + addq %r13, %r9 adcq $0x00, %r10 adcq $0x00, %r11 adcq $0x00, %r12 @@ -10696,10 +16039,11 @@ movq %r10, 104(%rsp) movq %r11, 112(%rsp) movq %r12, 120(%rsp) + movq (%r8), %rax # Multiply # A[0] * B[0] movq 32(%rsp), %rdx - mulxq (%r8), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 16(%r8), %r11, %r12 # A[1] * B[0] @@ -10711,7 +16055,7 @@ mulxq 24(%r8), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq (%r8), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 16(%r8), %rcx, %r15 @@ -10725,7 +16069,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq (%r8), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -10751,7 +16095,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq (%r8), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -10798,10 +16142,369 @@ movq %r10, 40(%rsp) movq %r11, 48(%rsp) movq %r12, 56(%rsp) + movq 96(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 128(%rsp), %rdx + mulxq %rax, %r9, %r10 + # A[2] * B[0] + mulxq 112(%rsp), %r11, %r12 + # A[1] * B[0] + mulxq 104(%rsp), %rcx, %rbx + xorq %rbp, %rbp + adcxq %rcx, %r10 + # A[3] * B[1] + movq 136(%rsp), %rdx + mulxq 120(%rsp), %r13, %r14 + adcxq %rbx, %r11 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r10 + # A[2] * B[1] + mulxq 112(%rsp), %rcx, %r15 + adoxq %rbx, %r11 + adcxq %rcx, %r12 + # A[1] * B[2] + movq 144(%rsp), %rdx + mulxq 104(%rsp), %rcx, %rbx + adcxq %r15, %r13 + adoxq %rcx, %r12 + adcxq %rbp, %r14 + adoxq %rbx, %r13 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %rbp, %r14 + xorq %r15, %r15 + adcxq %rcx, %r11 + # A[1] * B[1] + movq 136(%rsp), %rdx + mulxq 104(%rsp), %rdx, %rcx + adcxq %rbx, %r12 + adoxq %rdx, %r11 + # A[1] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r12 + mulxq 104(%rsp), %rcx, %rbx + adcxq %rcx, %r13 + # A[2] * B[2] + movq 144(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rbx, %r14 + adoxq %rdx, %r13 + # A[3] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r14 + mulxq 120(%rsp), %rcx, %rbx + adoxq %rbp, %r15 + adcxq %rcx, %r15 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %rbp + xorq %rbx, %rbx + adcxq %rdx, %r12 + # A[3] * B[0] + movq 120(%rsp), %rdx + adcxq %rcx, %r13 + mulxq 128(%rsp), %rdx, %rcx + adoxq %rdx, %r12 + adoxq %rcx, %r13 + # A[3] * B[2] + movq 120(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rdx, %r14 + # A[2] * B[3] + movq 152(%rsp), %rdx + adcxq %rcx, %r15 + mulxq 112(%rsp), %rcx, %rdx + adcxq %rbx, %rbp + adoxq %rcx, %r14 + adoxq %rdx, %r15 + adoxq %rbx, %rbp + movq $38, %rdx + mulxq %rbp, %rbp, %rcx + addq %rbp, %r12 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r12, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r12 + xorq %rbx, %rbx + adoxq %rcx, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + mulxq %r15, %rcx, %r15 + adcxq %rcx, %r11 + adoxq %r15, %r12 + adcxq %rbx, %r12 + # Store + movq %r9, (%rsp) + movq %r10, 8(%rsp) + movq %r11, 16(%rsp) + movq %r12, 24(%rsp) + movq 160(%rsp), %rbx + decq %rbx + cmpq $3, %rbx + jge L_curve25519_avx2_bits + movq $2, 160(%rsp) + movq 176(%rsp), %rax + negq %rax + # Conditional Swap + movq (%rdi), %r9 + movq 8(%rdi), %r10 + movq 16(%rdi), %r11 + movq 24(%rdi), %r12 + movq (%rsp), %r13 + movq 8(%rsp), %r14 + movq 16(%rsp), %r15 + movq 24(%rsp), %rbp + xorq 64(%rsp), %r9 + xorq 72(%rsp), %r10 + xorq 80(%rsp), %r11 + xorq 88(%rsp), %r12 + xorq 32(%rsp), %r13 + xorq 40(%rsp), %r14 + xorq 48(%rsp), %r15 + xorq 56(%rsp), %rbp + andq %rax, %r9 + andq %rax, %r10 + andq %rax, %r11 + andq %rax, %r12 + andq %rax, %r13 + andq %rax, %r14 + andq %rax, %r15 + andq %rax, %rbp + xorq %r9, (%rdi) + xorq %r10, 8(%rdi) + xorq %r11, 16(%rdi) + xorq %r12, 24(%rdi) + xorq %r13, (%rsp) + xorq %r14, 8(%rsp) + xorq %r15, 16(%rsp) + xorq %rbp, 24(%rsp) + xorq %r9, 64(%rsp) + xorq %r10, 72(%rsp) + xorq %r11, 80(%rsp) + xorq %r12, 88(%rsp) + xorq %r13, 32(%rsp) + xorq %r14, 40(%rsp) + xorq %r15, 48(%rsp) + xorq %rbp, 56(%rsp) +L_curve25519_avx2_last_3: + # Add-Sub + # Add + movq (%rdi), %r9 + movq 8(%rdi), %r10 + movq 16(%rdi), %r11 + movq 24(%rdi), %r12 + movq %r9, %r13 + addq (%rsp), %r9 + movq %r10, %r14 + adcq 8(%rsp), %r10 + movq %r11, %r15 + adcq 16(%rsp), %r11 + movq %r12, %rbp + adcq 24(%rsp), %r12 + movq $0x00, %rbx + adcq $0x00, %rbx + shldq $0x01, %r12, %rbx + imulq $19, %rbx + btr $63, %r12 + # Sub modulus (if overflow) + addq %rbx, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + adcq $0x00, %r12 + # Sub + subq (%rsp), %r13 + sbbq 8(%rsp), %r14 + sbbq 16(%rsp), %r15 + sbbq 24(%rsp), %rbp + sbbq %rbx, %rbx + shldq $0x01, %rbp, %rbx + imulq $-19, %rbx + btr $63, %rbp + # Add modulus (if underflow) + subq %rbx, %r13 + sbbq $0x00, %r14 + sbbq $0x00, %r15 + sbbq $0x00, %rbp + movq %r9, (%rdi) + movq %r10, 8(%rdi) + movq %r11, 16(%rdi) + movq %r12, 24(%rdi) + movq %r13, 128(%rsp) + movq %r14, 136(%rsp) + movq %r15, 144(%rsp) + movq %rbp, 152(%rsp) + # Square + movq 128(%rsp), %rdx + movq 136(%rsp), %rax + # A[0] * A[1] + movq %rdx, %rbp + mulxq %rax, %r10, %r11 + # A[0] * A[3] + mulxq 152(%rsp), %r12, %r13 + # A[2] * A[1] + movq 144(%rsp), %rdx + mulxq %rax, %rcx, %rbx + xorq %r9, %r9 + adoxq %rcx, %r12 + # A[2] * A[3] + mulxq 152(%rsp), %r14, %r15 + adoxq %rbx, %r13 + # A[2] * A[0] + mulxq %rbp, %rcx, %rbx + adoxq %r9, %r14 + adcxq %rcx, %r11 + adoxq %r9, %r15 + # A[1] * A[3] + movq %rax, %rdx + mulxq 152(%rsp), %rcx, %rdx + adcxq %rbx, %r12 + adcxq %rcx, %r13 + adcxq %rdx, %r14 + adcxq %r9, %r15 + # A[0] * A[0] + movq %rbp, %rdx + mulxq %rdx, %r9, %rcx + xorq %rbp, %rbp + adcxq %r10, %r10 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r10 + mulxq %rdx, %rcx, %rbx + adcxq %r11, %r11 + adoxq %rcx, %r11 + adcxq %r12, %r12 + # A[2] * A[2] + movq 144(%rsp), %rdx + adoxq %rbx, %r12 + mulxq %rdx, %rbx, %rcx + adcxq %r13, %r13 + adoxq %rbx, %r13 + adcxq %r14, %r14 + # A[3] * A[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r14 + mulxq %rdx, %rcx, %rbx + adcxq %r15, %r15 + adoxq %rcx, %r15 + adcxq %rbp, %rbp + adoxq %rbx, %rbp + movq $38, %rdx + mulxq %rbp, %rbp, %rbx + addq %rbp, %r12 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r12, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r12 + xorq %rcx, %rcx + adoxq %rbx, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + mulxq %r15, %rbx, %r15 + adcxq %rbx, %r11 + adoxq %r15, %r12 + adcxq %rcx, %r12 + # Store + movq %r9, 96(%rsp) + movq %r10, 104(%rsp) + movq %r11, 112(%rsp) + movq %r12, 120(%rsp) + # Square + movq (%rdi), %rdx + movq 8(%rdi), %rax + # A[0] * A[1] + movq %rdx, %rbp + mulxq %rax, %r10, %r11 + # A[0] * A[3] + mulxq 24(%rdi), %r12, %r13 + # A[2] * A[1] + movq 16(%rdi), %rdx + mulxq %rax, %rcx, %rbx + xorq %r9, %r9 + adoxq %rcx, %r12 + # A[2] * A[3] + mulxq 24(%rdi), %r14, %r15 + adoxq %rbx, %r13 + # A[2] * A[0] + mulxq %rbp, %rcx, %rbx + adoxq %r9, %r14 + adcxq %rcx, %r11 + adoxq %r9, %r15 + # A[1] * A[3] + movq %rax, %rdx + mulxq 24(%rdi), %rcx, %rdx + adcxq %rbx, %r12 + adcxq %rcx, %r13 + adcxq %rdx, %r14 + adcxq %r9, %r15 + # A[0] * A[0] + movq %rbp, %rdx + mulxq %rdx, %r9, %rcx + xorq %rbp, %rbp + adcxq %r10, %r10 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r10 + mulxq %rdx, %rcx, %rbx + adcxq %r11, %r11 + adoxq %rcx, %r11 + adcxq %r12, %r12 + # A[2] * A[2] + movq 16(%rdi), %rdx + adoxq %rbx, %r12 + mulxq %rdx, %rbx, %rcx + adcxq %r13, %r13 + adoxq %rbx, %r13 + adcxq %r14, %r14 + # A[3] * A[3] + movq 24(%rdi), %rdx + adoxq %rcx, %r14 + mulxq %rdx, %rcx, %rbx + adcxq %r15, %r15 + adoxq %rcx, %r15 + adcxq %rbp, %rbp + adoxq %rbx, %rbp + movq $38, %rdx + mulxq %rbp, %rbp, %rbx + addq %rbp, %r12 + adcq $0x00, %rbx + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r12, %rbx + imulq $19, %rbx, %rbx + andq %rcx, %r12 + xorq %rcx, %rcx + adoxq %rbx, %r9 + mulxq %r13, %rbx, %r13 + adcxq %rbx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rbx, %r14 + adcxq %rbx, %r10 + adoxq %r14, %r11 + mulxq %r15, %rbx, %r15 + adcxq %rbx, %r11 + adoxq %r15, %r12 + adcxq %rcx, %r12 + # Store + movq %r9, 128(%rsp) + movq %r10, 136(%rsp) + movq %r11, 144(%rsp) + movq %r12, 152(%rsp) + movq 128(%rsp), %rax # Multiply # A[0] * B[0] movq 96(%rsp), %rdx - mulxq 128(%rsp), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 144(%rsp), %r11, %r12 # A[1] * B[0] @@ -10813,7 +16516,7 @@ mulxq 152(%rsp), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq 128(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 144(%rsp), %rcx, %r15 @@ -10827,7 +16530,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq 128(%rsp), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -10853,7 +16556,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq 128(%rsp), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -10896,13 +16599,162 @@ adoxq %r15, %r12 adcxq %rbx, %r12 # Store + movq %r9, (%rdi) + movq %r10, 8(%rdi) + movq %r11, 16(%rdi) + movq %r12, 24(%rdi) + # Sub + movq 128(%rsp), %r9 + movq 136(%rsp), %r10 + movq 144(%rsp), %r11 + movq 152(%rsp), %r12 + subq 96(%rsp), %r9 + sbbq 104(%rsp), %r10 + sbbq 112(%rsp), %r11 + sbbq 120(%rsp), %r12 + sbbq %rbx, %rbx + shldq $0x01, %r12, %rbx + imulq $-19, %rbx + btr $63, %r12 + # Add modulus (if underflow) + subq %rbx, %r9 + sbbq $0x00, %r10 + sbbq $0x00, %r11 + sbbq $0x00, %r12 + movq %r9, 128(%rsp) + movq %r10, 136(%rsp) + movq %r11, 144(%rsp) + movq %r12, 152(%rsp) + movq $0x1db42, %rdx + mulxq 128(%rsp), %r9, %rbp + mulxq 136(%rsp), %r10, %r15 + mulxq 144(%rsp), %r11, %r14 + addq %rbp, %r10 + mulxq 152(%rsp), %r12, %r13 + adcq %r15, %r11 + adcq %r14, %r12 + adcq $0x00, %r13 + addq 96(%rsp), %r9 + adcq 104(%rsp), %r10 + adcq 112(%rsp), %r11 + adcq 120(%rsp), %r12 + adcq $0x00, %r13 + shldq $0x01, %r12, %r13 + btr $63, %r12 + imulq $19, %r13, %r13 + addq %r13, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + adcq $0x00, %r12 + movq %r9, 96(%rsp) + movq %r10, 104(%rsp) + movq %r11, 112(%rsp) + movq %r12, 120(%rsp) + movq 96(%rsp), %rax + # Multiply + # A[0] * B[0] + movq 128(%rsp), %rdx + mulxq %rax, %r9, %r10 + # A[2] * B[0] + mulxq 112(%rsp), %r11, %r12 + # A[1] * B[0] + mulxq 104(%rsp), %rcx, %rbx + xorq %rbp, %rbp + adcxq %rcx, %r10 + # A[3] * B[1] + movq 136(%rsp), %rdx + mulxq 120(%rsp), %r13, %r14 + adcxq %rbx, %r11 + # A[0] * B[1] + mulxq %rax, %rcx, %rbx + adoxq %rcx, %r10 + # A[2] * B[1] + mulxq 112(%rsp), %rcx, %r15 + adoxq %rbx, %r11 + adcxq %rcx, %r12 + # A[1] * B[2] + movq 144(%rsp), %rdx + mulxq 104(%rsp), %rcx, %rbx + adcxq %r15, %r13 + adoxq %rcx, %r12 + adcxq %rbp, %r14 + adoxq %rbx, %r13 + # A[0] * B[2] + mulxq %rax, %rcx, %rbx + adoxq %rbp, %r14 + xorq %r15, %r15 + adcxq %rcx, %r11 + # A[1] * B[1] + movq 136(%rsp), %rdx + mulxq 104(%rsp), %rdx, %rcx + adcxq %rbx, %r12 + adoxq %rdx, %r11 + # A[1] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r12 + mulxq 104(%rsp), %rcx, %rbx + adcxq %rcx, %r13 + # A[2] * B[2] + movq 144(%rsp), %rdx + mulxq 112(%rsp), %rdx, %rcx + adcxq %rbx, %r14 + adoxq %rdx, %r13 + # A[3] * B[3] + movq 152(%rsp), %rdx + adoxq %rcx, %r14 + mulxq 120(%rsp), %rcx, %rbx + adoxq %rbp, %r15 + adcxq %rcx, %r15 + # A[0] * B[3] + mulxq %rax, %rdx, %rcx + adcxq %rbx, %rbp + xorq %rbx, %rbx + adcxq %rdx, %r12 + # A[3] * B[0] + movq 120(%rsp), %rdx + adcxq %rcx, %r13 + mulxq 128(%rsp), %rdx, %rcx + adoxq %rdx, %r12 + adoxq %rcx, %r13 + # A[3] * B[2] + movq 120(%rsp), %rdx + mulxq 144(%rsp), %rdx, %rcx + adcxq %rdx, %r14 + # A[2] * B[3] + movq 152(%rsp), %rdx + adcxq %rcx, %r15 + mulxq 112(%rsp), %rcx, %rdx + adcxq %rbx, %rbp + adoxq %rcx, %r14 + adoxq %rdx, %r15 + adoxq %rbx, %rbp + movq $38, %rdx + mulxq %rbp, %rbp, %rcx + addq %rbp, %r12 + adcq $0x00, %rcx + movq $0x7fffffffffffffff, %rbx + shldq $0x01, %r12, %rcx + imulq $19, %rcx, %rcx + andq %rbx, %r12 + xorq %rbx, %rbx + adoxq %rcx, %r9 + mulxq %r13, %rcx, %r13 + adcxq %rcx, %r9 + adoxq %r13, %r10 + mulxq %r14, %rcx, %r14 + adcxq %rcx, %r10 + adoxq %r14, %r11 + mulxq %r15, %rcx, %r15 + adcxq %rcx, %r11 + adoxq %r15, %r12 + adcxq %rbx, %r12 + # Store movq %r9, (%rsp) movq %r10, 8(%rsp) movq %r11, 16(%rsp) movq %r12, 24(%rsp) - movq 160(%rsp), %rbx - decq %rbx - jge L_curve25519_avx2_bits + decq 160(%rsp) + jge L_curve25519_avx2_last_3 # Invert leaq 32(%rsp), %rdi movq %rsp, %rsi @@ -11141,10 +16993,11 @@ callq _fe_mul_avx2 #endif /* __APPLE__ */ movq 168(%rsp), %rdi + movq (%rdi), %rax # Multiply # A[0] * B[0] movq (%rsp), %rdx - mulxq (%rdi), %r9, %r10 + mulxq %rax, %r9, %r10 # A[2] * B[0] mulxq 16(%rdi), %r11, %r12 # A[1] * B[0] @@ -11156,7 +17009,7 @@ mulxq 24(%rdi), %r13, %r14 adcxq %rbx, %r11 # A[0] * B[1] - mulxq (%rdi), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rcx, %r10 # A[2] * B[1] mulxq 16(%rdi), %rcx, %r15 @@ -11170,7 +17023,7 @@ adcxq %rbp, %r14 adoxq %rbx, %r13 # A[0] * B[2] - mulxq (%rdi), %rcx, %rbx + mulxq %rax, %rcx, %rbx adoxq %rbp, %r14 xorq %r15, %r15 adcxq %rcx, %r11 @@ -11196,7 +17049,7 @@ adoxq %rbp, %r15 adcxq %rcx, %r15 # A[0] * B[3] - mulxq (%rdi), %rdx, %rcx + mulxq %rax, %rdx, %rcx adcxq %rbx, %rbp xorq %rbx, %rbx adcxq %rdx, %r12 @@ -11280,126 +17133,6 @@ #ifndef __APPLE__ .size curve25519_avx2,.-curve25519_avx2 #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 -#ifndef __APPLE__ -.text -.globl fe_sq2_avx2 -.type fe_sq2_avx2,@function -.align 16 -fe_sq2_avx2: -#else -.section __TEXT,__text -.globl _fe_sq2_avx2 -.p2align 4 -_fe_sq2_avx2: -#endif /* __APPLE__ */ - pushq %rbx - pushq %r12 - pushq %r13 - pushq %r14 - pushq %r15 - # Square * 2 - movq (%rsi), %rdx - movq 8(%rsi), %rax - # A[0] * A[1] - movq %rdx, %r15 - mulxq %rax, %r9, %r10 - # A[0] * A[3] - mulxq 24(%rsi), %r11, %r12 - # A[2] * A[1] - movq 16(%rsi), %rdx - mulxq %rax, %rcx, %rbx - xorq %r8, %r8 - adoxq %rcx, %r11 - # A[2] * A[3] - mulxq 24(%rsi), %r13, %r14 - adoxq %rbx, %r12 - # A[2] * A[0] - mulxq %r15, %rcx, %rbx - adoxq %r8, %r13 - adcxq %rcx, %r10 - adoxq %r8, %r14 - # A[1] * A[3] - movq %rax, %rdx - mulxq 24(%rsi), %rcx, %rdx - adcxq %rbx, %r11 - adcxq %rcx, %r12 - adcxq %rdx, %r13 - adcxq %r8, %r14 - # A[0] * A[0] - movq %r15, %rdx - mulxq %rdx, %r8, %rcx - xorq %r15, %r15 - adcxq %r9, %r9 - # A[1] * A[1] - movq %rax, %rdx - adoxq %rcx, %r9 - mulxq %rdx, %rcx, %rbx - adcxq %r10, %r10 - adoxq %rcx, %r10 - adcxq %r11, %r11 - # A[2] * A[2] - movq 16(%rsi), %rdx - adoxq %rbx, %r11 - mulxq %rdx, %rbx, %rcx - adcxq %r12, %r12 - adoxq %rbx, %r12 - adcxq %r13, %r13 - # A[3] * A[3] - movq 24(%rsi), %rdx - adoxq %rcx, %r13 - mulxq %rdx, %rcx, %rbx - adcxq %r14, %r14 - adoxq %rcx, %r14 - adcxq %r15, %r15 - adoxq %rbx, %r15 - movq $38, %rdx - mulxq %r15, %r15, %rax - addq %r15, %r11 - adcq $0x00, %rax - movq $0x7fffffffffffffff, %rcx - shldq $0x01, %r11, %rax - imulq $19, %rax, %rax - andq %rcx, %r11 - xorq %rcx, %rcx - adoxq %rax, %r8 - mulxq %r12, %rax, %r12 - adcxq %rax, %r8 - adoxq %r12, %r9 - mulxq %r13, %rax, %r13 - adcxq %rax, %r9 - adoxq %r13, %r10 - mulxq %r14, %rax, %r14 - adcxq %rax, %r10 - adoxq %r14, %r11 - adcxq %rcx, %r11 - movq %r11, %rax - shldq $0x01, %r10, %r11 - shldq $0x01, %r9, %r10 - shldq $0x01, %r8, %r9 - shlq $0x01, %r8 - movq $0x7fffffffffffffff, %rcx - shrq $62, %rax - andq %rcx, %r11 - imulq $19, %rax, %rax - addq %rax, %r8 - adcq $0x00, %r9 - adcq $0x00, %r10 - adcq $0x00, %r11 - # Store - movq %r8, (%rdi) - movq %r9, 8(%rdi) - movq %r10, 16(%rdi) - movq %r11, 24(%rdi) - popq %r15 - popq %r14 - popq %r13 - popq %r12 - popq %rbx - repz retq -#ifndef __APPLE__ -.size fe_sq2_avx2,.-fe_sq2_avx2 -#endif /* __APPLE__ */ #ifndef __APPLE__ .text .globl fe_pow22523_avx2 @@ -11672,321 +17405,326 @@ pushq %r14 pushq %r15 pushq %rbx + pushq %rbp subq $16, %rsp movq %rdi, (%rsp) movq %rsi, 8(%rsp) leaq 96(%rsi), %rax + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) leaq 64(%rsi), %rsi leaq 64(%rdi), %rdi + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) leaq -32(%rsi), %rax leaq -32(%rdi), %rdi + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) addq $16, %rsp + popq %rbp popq %rbx popq %r15 popq %r14 @@ -12013,425 +17751,431 @@ pushq %r14 pushq %r15 pushq %rbx + pushq %rbp subq $16, %rsp movq %rdi, (%rsp) movq %rsi, 8(%rsp) leaq 96(%rsi), %rax + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) leaq 32(%rsi), %rax leaq 96(%rdi), %rdi + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) leaq 64(%rsi), %rsi leaq -64(%rdi), %rdi + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) leaq 32(%rsi), %rax leaq 32(%rdi), %rdi + movq (%rsi), %r9 # Multiply # A[0] * B[0] movq (%rax), %rdx - mulxq (%rsi), %r9, %r10 + mulxq %r9, %r10, %r11 # A[2] * B[0] - mulxq 16(%rsi), %r11, %r12 + mulxq 16(%rsi), %r12, %r13 # A[1] * B[0] mulxq 8(%rsi), %rcx, %r8 - xorq %rbx, %rbx - adcxq %rcx, %r10 + xorq %rbp, %rbp + adcxq %rcx, %r11 # A[3] * B[1] movq 8(%rax), %rdx - mulxq 24(%rsi), %r13, %r14 - adcxq %r8, %r11 + mulxq 24(%rsi), %r14, %r15 + adcxq %r8, %r12 # A[0] * B[1] - mulxq (%rsi), %rcx, %r8 - adoxq %rcx, %r10 + mulxq %r9, %rcx, %r8 + adoxq %rcx, %r11 # A[2] * B[1] - mulxq 16(%rsi), %rcx, %r15 - adoxq %r8, %r11 - adcxq %rcx, %r12 + mulxq 16(%rsi), %rcx, %rbx + adoxq %r8, %r12 + adcxq %rcx, %r13 # A[1] * B[2] movq 16(%rax), %rdx mulxq 8(%rsi), %rcx, %r8 - adcxq %r15, %r13 - adoxq %rcx, %r12 adcxq %rbx, %r14 - adoxq %r8, %r13 + adoxq %rcx, %r13 + adcxq %rbp, %r15 + adoxq %r8, %r14 # A[0] * B[2] - mulxq (%rsi), %rcx, %r8 - adoxq %rbx, %r14 - xorq %r15, %r15 - adcxq %rcx, %r11 + mulxq %r9, %rcx, %r8 + adoxq %rbp, %r15 + xorq %rbx, %rbx + adcxq %rcx, %r12 # A[1] * B[1] movq 8(%rax), %rdx mulxq 8(%rsi), %rdx, %rcx - adcxq %r8, %r12 - adoxq %rdx, %r11 + adcxq %r8, %r13 + adoxq %rdx, %r12 # A[1] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r12 + adoxq %rcx, %r13 mulxq 8(%rsi), %rcx, %r8 - adcxq %rcx, %r13 + adcxq %rcx, %r14 # A[2] * B[2] movq 16(%rax), %rdx mulxq 16(%rsi), %rdx, %rcx - adcxq %r8, %r14 - adoxq %rdx, %r13 + adcxq %r8, %r15 + adoxq %rdx, %r14 # A[3] * B[3] movq 24(%rax), %rdx - adoxq %rcx, %r14 + adoxq %rcx, %r15 mulxq 24(%rsi), %rcx, %r8 - adoxq %rbx, %r15 - adcxq %rcx, %r15 + adoxq %rbp, %rbx + adcxq %rcx, %rbx # A[0] * B[3] - mulxq (%rsi), %rdx, %rcx - adcxq %r8, %rbx + mulxq %r9, %rdx, %rcx + adcxq %r8, %rbp xorq %r8, %r8 - adcxq %rdx, %r12 + adcxq %rdx, %r13 # A[3] * B[0] movq 24(%rsi), %rdx - adcxq %rcx, %r13 + adcxq %rcx, %r14 mulxq (%rax), %rdx, %rcx - adoxq %rdx, %r12 - adoxq %rcx, %r13 + adoxq %rdx, %r13 + adoxq %rcx, %r14 # A[3] * B[2] movq 24(%rsi), %rdx mulxq 16(%rax), %rdx, %rcx - adcxq %rdx, %r14 + adcxq %rdx, %r15 # A[2] * B[3] movq 24(%rax), %rdx - adcxq %rcx, %r15 + adcxq %rcx, %rbx mulxq 16(%rsi), %rcx, %rdx - adcxq %r8, %rbx - adoxq %rcx, %r14 - adoxq %rdx, %r15 - adoxq %r8, %rbx + adcxq %r8, %rbp + adoxq %rcx, %r15 + adoxq %rdx, %rbx + adoxq %r8, %rbp movq $38, %rdx - mulxq %rbx, %rbx, %rcx - addq %rbx, %r12 + mulxq %rbp, %rbp, %rcx + addq %rbp, %r13 adcq $0x00, %rcx movq $0x7fffffffffffffff, %r8 - shldq $0x01, %r12, %rcx + shldq $0x01, %r13, %rcx imulq $19, %rcx, %rcx - andq %r8, %r12 + andq %r8, %r13 xorq %r8, %r8 - adoxq %rcx, %r9 - mulxq %r13, %rcx, %r13 - adcxq %rcx, %r9 - adoxq %r13, %r10 + adoxq %rcx, %r10 mulxq %r14, %rcx, %r14 adcxq %rcx, %r10 adoxq %r14, %r11 mulxq %r15, %rcx, %r15 adcxq %rcx, %r11 adoxq %r15, %r12 - adcxq %r8, %r12 + mulxq %rbx, %rcx, %rbx + adcxq %rcx, %r12 + adoxq %rbx, %r13 + adcxq %r8, %r13 # Store - movq %r9, (%rdi) - movq %r10, 8(%rdi) - movq %r11, 16(%rdi) - movq %r12, 24(%rdi) + movq %r10, (%rdi) + movq %r11, 8(%rdi) + movq %r12, 16(%rdi) + movq %r13, 24(%rdi) addq $16, %rsp + popq %rbp popq %rbx popq %r15 popq %r14 @@ -12632,14 +18376,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r13, %rcx - movq $0x7fffffffffffffff, %r8 - imulq $19, %rcx - andq %r8, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %rcx, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -12648,12 +18391,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %rcx, %rcx - shldq $0x01, %rbp, %rcx - imulq $-19, %rcx - andq %r8, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %rcx, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -12677,14 +18420,13 @@ movq 24(%rsi), %r13 adcq 16(%rax), %r12 adcq 24(%rax), %r13 - movq $0x00, %rcx - adcq $0x00, %rcx - shldq $0x01, %r13, %rcx - movq $0x7fffffffffffffff, %r8 - imulq $19, %rcx - andq %r8, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %rcx, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -12774,13 +18516,12 @@ sbbq 8(%rsi), %r11 sbbq 16(%rsi), %r12 sbbq 24(%rsi), %r13 - sbbq %rcx, %rcx - shldq $0x01, %r13, %rcx - movq $0x7fffffffffffffff, %r8 - imulq $-19, %rcx - andq %r8, %r13 + sbbq %rdx, %rdx + shldq $0x01, %r13, %rdx + imulq $-19, %rdx + btr $63, %r13 # Add modulus (if underflow) - subq %rcx, %r10 + subq %rdx, %r10 sbbq $0x00, %r11 sbbq $0x00, %r12 sbbq $0x00, %r13 @@ -12885,13 +18626,12 @@ sbbq 8(%rsi), %r11 sbbq 16(%rsi), %r12 sbbq 24(%rsi), %r13 - sbbq %rcx, %rcx - shldq $0x01, %r13, %rcx - movq $0x7fffffffffffffff, %r8 - imulq $-19, %rcx - andq %r8, %r13 + sbbq %rdx, %rdx + shldq $0x01, %r13, %rdx + imulq $-19, %rdx + btr $63, %r13 # Add modulus (if underflow) - subq %rcx, %r10 + subq %rdx, %r10 sbbq $0x00, %r11 sbbq $0x00, %r12 sbbq $0x00, %r13 @@ -13056,14 +18796,13 @@ adcq 16(%rcx), %r12 movq %r13, %rbp adcq 24(%rcx), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13072,12 +18811,12 @@ sbbq 8(%rcx), %r15 sbbq 16(%rcx), %rbx sbbq 24(%rcx), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -13309,14 +19048,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13325,12 +19063,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -13352,14 +19090,13 @@ movq 24(%rcx), %r13 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13375,14 +19112,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13391,12 +19127,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -13565,14 +19301,13 @@ adcq 16(%rcx), %r12 movq %r13, %rbp adcq 24(%rcx), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13581,12 +19316,12 @@ sbbq 8(%rcx), %r15 sbbq 16(%rcx), %rbx sbbq 24(%rcx), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -13819,14 +19554,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13835,12 +19569,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -13862,14 +19596,13 @@ movq 24(%rcx), %r13 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13885,14 +19618,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -13901,12 +19633,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -14075,14 +19807,13 @@ adcq 16(%rcx), %r12 movq %r13, %rbp adcq 24(%rcx), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -14091,12 +19822,12 @@ sbbq 8(%rcx), %r15 sbbq 16(%rcx), %rbx sbbq 24(%rcx), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -14420,14 +20151,13 @@ adcq %r11, %r11 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -14450,14 +20180,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -14466,12 +20195,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -14499,14 +20228,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -14515,12 +20243,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -14689,14 +20417,13 @@ adcq 16(%rcx), %r12 movq %r13, %rbp adcq 24(%rcx), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -14705,12 +20432,12 @@ sbbq 8(%rcx), %r15 sbbq 16(%rcx), %rbx sbbq 24(%rcx), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -15035,14 +20762,13 @@ adcq %r11, %r11 adcq %r12, %r12 adcq %r13, %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -15065,14 +20791,13 @@ adcq 16(%rsi), %r12 movq %r13, %rbp adcq 24(%rsi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -15081,12 +20806,12 @@ sbbq 8(%rsi), %r15 sbbq 16(%rsi), %rbx sbbq 24(%rsi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -15114,14 +20839,13 @@ adcq 16(%rdi), %r12 movq %r13, %rbp adcq 24(%rdi), %r13 - movq $0x00, %r8 - adcq $0x00, %r8 - shldq $0x01, %r13, %r8 - movq $0x7fffffffffffffff, %r9 - imulq $19, %r8 - andq %r9, %r13 + movq $0x00, %rdx + adcq $0x00, %rdx + shldq $0x01, %r13, %rdx + imulq $19, %rdx + btr $63, %r13 # Sub modulus (if overflow) - addq %r8, %r10 + addq %rdx, %r10 adcq $0x00, %r11 adcq $0x00, %r12 adcq $0x00, %r13 @@ -15130,12 +20854,12 @@ sbbq 8(%rdi), %r15 sbbq 16(%rdi), %rbx sbbq 24(%rdi), %rbp - sbbq %r8, %r8 - shldq $0x01, %rbp, %r8 - imulq $-19, %r8 - andq %r9, %rbp + sbbq %rdx, %rdx + shldq $0x01, %rbp, %rdx + imulq $-19, %rdx + btr $63, %rbp # Add modulus (if underflow) - subq %r8, %r14 + subq %rdx, %r14 sbbq $0x00, %r15 sbbq $0x00, %rbx sbbq $0x00, %rbp @@ -15158,6 +20882,126 @@ #ifndef __APPLE__ .size ge_sub_avx2,.-ge_sub_avx2 #endif /* __APPLE__ */ +#ifdef HAVE_ED25519 +#ifndef __APPLE__ +.text +.globl fe_sq2_avx2 +.type fe_sq2_avx2,@function +.align 16 +fe_sq2_avx2: +#else +.section __TEXT,__text +.globl _fe_sq2_avx2 +.p2align 4 +_fe_sq2_avx2: +#endif /* __APPLE__ */ + pushq %rbx + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + # Square * 2 + movq (%rsi), %rdx + movq 8(%rsi), %rax + # A[0] * A[1] + movq %rdx, %r15 + mulxq %rax, %r9, %r10 + # A[0] * A[3] + mulxq 24(%rsi), %r11, %r12 + # A[2] * A[1] + movq 16(%rsi), %rdx + mulxq %rax, %rcx, %rbx + xorq %r8, %r8 + adoxq %rcx, %r11 + # A[2] * A[3] + mulxq 24(%rsi), %r13, %r14 + adoxq %rbx, %r12 + # A[2] * A[0] + mulxq %r15, %rcx, %rbx + adoxq %r8, %r13 + adcxq %rcx, %r10 + adoxq %r8, %r14 + # A[1] * A[3] + movq %rax, %rdx + mulxq 24(%rsi), %rcx, %rdx + adcxq %rbx, %r11 + adcxq %rcx, %r12 + adcxq %rdx, %r13 + adcxq %r8, %r14 + # A[0] * A[0] + movq %r15, %rdx + mulxq %rdx, %r8, %rcx + xorq %r15, %r15 + adcxq %r9, %r9 + # A[1] * A[1] + movq %rax, %rdx + adoxq %rcx, %r9 + mulxq %rdx, %rcx, %rbx + adcxq %r10, %r10 + adoxq %rcx, %r10 + adcxq %r11, %r11 + # A[2] * A[2] + movq 16(%rsi), %rdx + adoxq %rbx, %r11 + mulxq %rdx, %rbx, %rcx + adcxq %r12, %r12 + adoxq %rbx, %r12 + adcxq %r13, %r13 + # A[3] * A[3] + movq 24(%rsi), %rdx + adoxq %rcx, %r13 + mulxq %rdx, %rcx, %rbx + adcxq %r14, %r14 + adoxq %rcx, %r14 + adcxq %r15, %r15 + adoxq %rbx, %r15 + movq $38, %rdx + mulxq %r15, %r15, %rax + addq %r15, %r11 + adcq $0x00, %rax + movq $0x7fffffffffffffff, %rcx + shldq $0x01, %r11, %rax + imulq $19, %rax, %rax + andq %rcx, %r11 + xorq %rcx, %rcx + adoxq %rax, %r8 + mulxq %r12, %rax, %r12 + adcxq %rax, %r8 + adoxq %r12, %r9 + mulxq %r13, %rax, %r13 + adcxq %rax, %r9 + adoxq %r13, %r10 + mulxq %r14, %rax, %r14 + adcxq %rax, %r10 + adoxq %r14, %r11 + adcxq %rcx, %r11 + movq %r11, %rax + shldq $0x01, %r10, %r11 + shldq $0x01, %r9, %r10 + shldq $0x01, %r8, %r9 + shlq $0x01, %r8 + movq $0x7fffffffffffffff, %rcx + shrq $62, %rax + andq %rcx, %r11 + imulq $19, %rax, %rax + addq %rax, %r8 + adcq $0x00, %r9 + adcq $0x00, %r10 + adcq $0x00, %r11 + # Store + movq %r8, (%rdi) + movq %r9, 8(%rdi) + movq %r10, 16(%rdi) + movq %r11, 24(%rdi) + popq %r15 + popq %r14 + popq %r13 + popq %r12 + popq %rbx + repz retq +#ifndef __APPLE__ +.size fe_sq2_avx2,.-fe_sq2_avx2 +#endif /* __APPLE__ */ #ifndef __APPLE__ .text .globl sc_reduce_avx2 @@ -15566,6 +21410,385 @@ #ifndef __APPLE__ .size sc_muladd_avx2,.-sc_muladd_avx2 #endif /* __APPLE__ */ +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__prime: +.long 0x03ffffed,0x03ffffff,0x03ffffff,0x03ffffff +.long 0x03ffffff,0x00000000,0x00000000,0x00000000 +.long 0x03ffffff,0x03ffffff,0x03ffffff,0x03ffffff +.long 0x001fffff,0x00000000,0x00000000,0x00000000 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.align 32 +#else +.p2align 5 +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__one: +.quad 0x1, 0x0 +.quad 0x0, 0x0 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__all_one: +.long 0x00000001,0x00000001,0x00000001,0x00000001 +.long 0x00000001,0x00000001,0x00000001,0x00000001 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__mask01111: +.long 0x00000000,0x00000001,0x00000001,0x00000001 +.long 0x00000001,0x00000000,0x00000000,0x00000000 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__down_one_dword: +.long 0x00000001,0x00000002,0x00000003,0x00000004 +.long 0x00000005,0x00000006,0x00000007,0x00000007 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__neg: +.long 0x00000000,0x00000000,0x00000000,0x00000000 +.long 0x80000000,0x00000000,0x00000000,0x00000000 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__up_one_dword: +.long 0x00000007,0x00000000,0x00000001,0x00000002 +.long 0x00000003,0x00000007,0x00000007,0x00000007 +#ifndef __APPLE__ +.data +#else +.section __DATA,__data +#endif /* __APPLE__ */ +L_sp_mod_inv_avx2__mask26: +.long 0x03ffffff,0x03ffffff,0x03ffffff,0x03ffffff +.long 0x03ffffff,0x00000000,0x00000000,0x00000000 +/* Non-constant time modular inversion. + * + * @param [out] r Resulting number. + * @param [in] a Number to invert. + * @param [in] m Modulus. + * @return MP_OKAY on success. + */ +#ifndef __APPLE__ +.text +.globl fe_invert_nct_avx2 +.type fe_invert_nct_avx2,@function +.align 16 +fe_invert_nct_avx2: +#else +.section __TEXT,__text +.globl _fe_invert_nct_avx2 +.p2align 4 +_fe_invert_nct_avx2: +#endif /* __APPLE__ */ + pushq %r12 + pushq %r13 + pushq %r14 + pushq %r15 + pushq %rbx + movq $-19, %rax + movq $-1, %rcx + movq $-1, %r8 + movq $0x7fffffffffffffff, %r9 + movq (%rsi), %r10 + movq 8(%rsi), %r11 + movq 16(%rsi), %r12 + movq 24(%rsi), %r13 + leaq L_sp_mod_inv_avx2__prime(%rip), %rbx + vmovupd (%rbx), %ymm6 + vmovupd 32(%rbx), %ymm7 + leaq L_sp_mod_inv_avx2__one(%rip), %rbx + vmovupd (%rbx), %ymm8 + leaq L_sp_mod_inv_avx2__mask01111(%rip), %rbx + vmovupd (%rbx), %ymm9 + leaq L_sp_mod_inv_avx2__all_one(%rip), %rbx + vmovupd (%rbx), %ymm10 + leaq L_sp_mod_inv_avx2__down_one_dword(%rip), %rbx + vmovupd (%rbx), %ymm11 + leaq L_sp_mod_inv_avx2__neg(%rip), %rbx + vmovupd (%rbx), %ymm12 + leaq L_sp_mod_inv_avx2__up_one_dword(%rip), %rbx + vmovupd (%rbx), %ymm13 + leaq L_sp_mod_inv_avx2__mask26(%rip), %rbx + vmovupd (%rbx), %ymm14 + vpxor %xmm0, %xmm0, %xmm0 + vpxor %xmm1, %xmm1, %xmm1 + vmovdqu %ymm8, %ymm2 + vpxor %xmm3, %xmm3, %xmm3 + testb $0x01, %r10b + jnz L__mod_inv_avx2__v_even_end +L__mod_inv_avx2__v_even_start: + shrdq $0x01, %r11, %r10 + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrq $0x01, %r13 + vptest %ymm8, %ymm2 + jz L__mod_inv_avx2__v_even_shr1 + vpaddd %ymm6, %ymm2, %ymm2 + vpaddd %ymm7, %ymm3, %ymm3 +L__mod_inv_avx2__v_even_shr1: + vpand %ymm9, %ymm2, %ymm4 + vpand %ymm10, %ymm3, %ymm5 + vpermd %ymm4, %ymm11, %ymm4 + vpsrad $0x01, %ymm2, %ymm2 + vpsrad $0x01, %ymm3, %ymm3 + vpslld $25, %ymm5, %ymm5 + vpslld $25, %xmm4, %xmm4 + vpaddd %ymm5, %ymm2, %ymm2 + vpaddd %ymm4, %ymm3, %ymm3 + testb $0x01, %r10b + jz L__mod_inv_avx2__v_even_start +L__mod_inv_avx2__v_even_end: +L__mod_inv_avx2__uv_start: + cmpq %r13, %r9 + jb L__mod_inv_avx2__uv_v + ja L__mod_inv_avx2__uv_u + cmpq %r12, %r8 + jb L__mod_inv_avx2__uv_v + ja L__mod_inv_avx2__uv_u + cmpq %r11, %rcx + jb L__mod_inv_avx2__uv_v + ja L__mod_inv_avx2__uv_u + cmpq %r10, %rax + jb L__mod_inv_avx2__uv_v +L__mod_inv_avx2__uv_u: + subq %r10, %rax + sbbq %r11, %rcx + vpsubd %ymm2, %ymm0, %ymm0 + sbbq %r12, %r8 + vpsubd %ymm3, %ymm1, %ymm1 + sbbq %r13, %r9 + vptest %ymm12, %ymm1 + jz L__mod_inv_avx2__usubv_done_neg + vpaddd %ymm6, %ymm0, %ymm0 + vpaddd %ymm7, %ymm1, %ymm1 +L__mod_inv_avx2__usubv_done_neg: +L__mod_inv_avx2__usubv_shr1: + shrdq $0x01, %rcx, %rax + shrdq $0x01, %r8, %rcx + shrdq $0x01, %r9, %r8 + shrq $0x01, %r9 + vptest %ymm8, %ymm0 + jz L__mod_inv_avx2__usubv_sub_shr1 + vpaddd %ymm6, %ymm0, %ymm0 + vpaddd %ymm7, %ymm1, %ymm1 +L__mod_inv_avx2__usubv_sub_shr1: + vpand %ymm9, %ymm0, %ymm4 + vpand %ymm10, %ymm1, %ymm5 + vpermd %ymm4, %ymm11, %ymm4 + vpsrad $0x01, %ymm0, %ymm0 + vpsrad $0x01, %ymm1, %ymm1 + vpslld $25, %ymm5, %ymm5 + vpslld $25, %xmm4, %xmm4 + vpaddd %ymm5, %ymm0, %ymm0 + vpaddd %ymm4, %ymm1, %ymm1 + testb $0x01, %al + jz L__mod_inv_avx2__usubv_shr1 + cmpq $0x01, %rax + jne L__mod_inv_avx2__uv_start + movq %rcx, %rdx + orq %r8, %rdx + jne L__mod_inv_avx2__uv_start + orq %r9, %rdx + jne L__mod_inv_avx2__uv_start + vpextrd $0x00, %xmm0, %eax + vpextrd $0x01, %xmm0, %r8d + vpextrd $2, %xmm0, %r10d + vpextrd $3, %xmm0, %r12d + vpextrd $0x00, %xmm1, %ecx + vpextrd $0x01, %xmm1, %r9d + vpextrd $2, %xmm1, %r11d + vpextrd $3, %xmm1, %r13d + vextracti128 $0x01, %ymm0, %xmm0 + vextracti128 $0x01, %ymm1, %xmm1 + vpextrd $0x00, %xmm0, %r14d + vpextrd $0x00, %xmm1, %r15d + jmp L__mod_inv_avx2__store_done +L__mod_inv_avx2__uv_v: + subq %rax, %r10 + sbbq %rcx, %r11 + vpsubd %ymm0, %ymm2, %ymm2 + sbbq %r8, %r12 + vpsubd %ymm1, %ymm3, %ymm3 + sbbq %r9, %r13 + vptest %ymm12, %ymm3 + jz L__mod_inv_avx2__vsubu_done_neg + vpaddd %ymm6, %ymm2, %ymm2 + vpaddd %ymm7, %ymm3, %ymm3 +L__mod_inv_avx2__vsubu_done_neg: +L__mod_inv_avx2__vsubu_shr1: + shrdq $0x01, %r11, %r10 + shrdq $0x01, %r12, %r11 + shrdq $0x01, %r13, %r12 + shrq $0x01, %r13 + vptest %ymm8, %ymm2 + jz L__mod_inv_avx2__vsubu_sub_shr1 + vpaddd %ymm6, %ymm2, %ymm2 + vpaddd %ymm7, %ymm3, %ymm3 +L__mod_inv_avx2__vsubu_sub_shr1: + vpand %ymm9, %ymm2, %ymm4 + vpand %ymm10, %ymm3, %ymm5 + vpermd %ymm4, %ymm11, %ymm4 + vpsrad $0x01, %ymm2, %ymm2 + vpsrad $0x01, %ymm3, %ymm3 + vpslld $25, %ymm5, %ymm5 + vpslld $25, %xmm4, %xmm4 + vpaddd %ymm5, %ymm2, %ymm2 + vpaddd %ymm4, %ymm3, %ymm3 + testb $0x01, %r10b + jz L__mod_inv_avx2__vsubu_shr1 + cmpq $0x01, %r10 + jne L__mod_inv_avx2__uv_start + movq %r11, %rdx + orq %r12, %rdx + jne L__mod_inv_avx2__uv_start + orq %r13, %rdx + jne L__mod_inv_avx2__uv_start + vpextrd $0x00, %xmm2, %eax + vpextrd $0x01, %xmm2, %r8d + vpextrd $2, %xmm2, %r10d + vpextrd $3, %xmm2, %r12d + vpextrd $0x00, %xmm3, %ecx + vpextrd $0x01, %xmm3, %r9d + vpextrd $2, %xmm3, %r11d + vpextrd $3, %xmm3, %r13d + vextracti128 $0x01, %ymm2, %xmm2 + vextracti128 $0x01, %ymm3, %xmm3 + vpextrd $0x00, %xmm2, %r14d + vpextrd $0x00, %xmm3, %r15d +L__mod_inv_avx2__store_done: + movl %eax, %edx + andl $0x3ffffff, %eax + sarl $26, %edx + addl %edx, %ecx + movl %ecx, %edx + andl $0x3ffffff, %ecx + sarl $26, %edx + addl %edx, %r8d + movl %r8d, %edx + andl $0x3ffffff, %r8d + sarl $26, %edx + addl %edx, %r9d + movl %r9d, %edx + andl $0x3ffffff, %r9d + sarl $26, %edx + addl %edx, %r10d + movl %r10d, %edx + andl $0x3ffffff, %r10d + sarl $26, %edx + addl %edx, %r11d + movl %r11d, %edx + andl $0x3ffffff, %r11d + sarl $26, %edx + addl %edx, %r12d + movl %r12d, %edx + andl $0x3ffffff, %r12d + sarl $26, %edx + addl %edx, %r13d + movl %r13d, %edx + andl $0x3ffffff, %r13d + sarl $26, %edx + addl %edx, %r14d + movl %r14d, %edx + andl $0x3ffffff, %r14d + sarl $26, %edx + addl %edx, %r15d + movslq %ecx, %rcx + movslq %r9d, %r9 + movslq %r11d, %r11 + movslq %r13d, %r13 + movslq %r15d, %r15 + shlq $26, %rcx + shlq $26, %r9 + shlq $26, %r11 + shlq $26, %r13 + shlq $26, %r15 + movslq %eax, %rax + addq %rcx, %rax + movslq %r8d, %r8 + adcq %r9, %r8 + movslq %r10d, %r10 + adcq %r11, %r10 + movslq %r12d, %r12 + adcq %r13, %r12 + movslq %r14d, %r14 + adcq %r15, %r14 + jge L__mod_inv_avx2__3_no_add_prime + movq $0xfffffffffffed, %rcx + movq $0xfffffffffffff, %r9 + movq $0xfffffffffffff, %r11 + movq $0xfffffffffffff, %r13 + movq $0x7fffffffffff, %r15 + addq %rcx, %rax + addq %r9, %r8 + addq %r11, %r10 + addq %r13, %r12 + addq %r15, %r14 + movq $0xfffffffffffff, %rdx + movq %rax, %rcx + andq %rdx, %rax + sarq $52, %rcx + addq %rcx, %r8 + movq %r8, %r9 + andq %rdx, %r8 + sarq $52, %r9 + addq %r9, %r10 + movq %r10, %r11 + andq %rdx, %r10 + sarq $52, %r11 + addq %r11, %r12 + movq %r12, %r13 + andq %rdx, %r12 + sarq $52, %r13 + addq %r13, %r14 +L__mod_inv_avx2__3_no_add_prime: + movq %r8, %rcx + movq %r10, %r9 + movq %r12, %r11 + shlq $52, %rcx + sarq $12, %r8 + shlq $40, %r9 + sarq $24, %r10 + shlq $28, %r11 + sarq $36, %r12 + shlq $16, %r14 + addq %rcx, %rax + adcq %r9, %r8 + adcq %r11, %r10 + adcq %r14, %r12 + movq %rax, (%rdi) + movq %r8, 8(%rdi) + movq %r10, 16(%rdi) + movq %r12, 24(%rdi) + vzeroupper + popq %rbx + popq %r15 + popq %r14 + popq %r13 + popq %r12 + repz retq +#ifndef __APPLE__ +.size fe_invert_nct_avx2,.-fe_invert_nct_avx2 +#endif /* __APPLE__ */ #endif /* HAVE_ED25519 */ #endif /* HAVE_INTEL_AVX2 */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mont_small.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mont_small.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mont_small.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mont_small.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mont_small.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_12.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_12.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_12.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_12.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_12.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_17.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_17.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_17.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_17.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_17.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_20.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_20.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_20.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_20.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_20.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_24.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_24.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_24.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_24.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_24.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_28.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_28.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_28.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_28.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_28.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_3.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_3.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_3.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_3.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_3.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_32.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_32.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_32.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_32.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_32.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_4.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_4.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_4.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_4.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_4.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_48.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_48.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_48.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_48.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_48.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_6.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_6.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_6.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_6.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_6.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_64.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_64.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_64.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_64.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_64.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_7.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_7.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_7.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_7.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_7.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_8.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_8.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_8.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_8.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_8.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_9.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_9.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_9.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_9.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_9.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_small_set.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_small_set.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_small_set.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_mul_comba_small_set.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_mul_comba_small_set.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_12.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_12.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_12.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_12.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_12.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_17.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_17.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_17.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_17.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_17.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_20.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_20.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_20.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_20.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_20.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_24.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_24.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_24.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_24.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_24.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_28.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_28.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_28.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_28.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_28.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_3.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_3.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_3.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_3.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_3.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_32.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_32.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_32.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_32.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_32.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_4.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_4.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_4.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_4.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_4.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_48.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_48.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_48.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_48.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_48.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_6.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_6.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_6.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_6.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_6.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_64.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_64.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_64.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_64.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_64.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_7.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_7.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_7.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_7.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_7.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_8.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_8.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_8.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_8.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_8.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_9.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_9.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_9.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_9.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_9.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_small_set.i mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_small_set.i --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_small_set.i 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/fp_sqr_comba_small_set.i 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fp_sqr_comba_small_set.i * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_448.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ge_448.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_low_mem.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_low_mem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_low_mem.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_low_mem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ge_low_mem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_operations.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_operations.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ge_operations.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ge_operations.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ge_operations.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,10 +24,11 @@ #include -#ifdef HAVE_ED25519 +#include + +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef ED25519_SMALL /* run when not defined to use small memory math */ -#include #include #ifdef NO_INLINE #include @@ -52,7 +53,8 @@ static void ge_p2_0(ge_p2 *h); #ifndef CURVED25519_ASM -#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) +#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) static void ge_precomp_0(ge_precomp *h); #endif static void ge_p3_to_p2(ge_p2 *r,const ge_p3 *p); @@ -968,7 +970,8 @@ return (unsigned char)y; } -#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) +#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) static unsigned char negative(signed char b) { return ((unsigned char)b) >> 7; @@ -986,7 +989,8 @@ } #endif -#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) +#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) #ifdef CURVED25519_ASM_64BIT static const ge_precomp base[64][8] = { { @@ -9066,7 +9070,6 @@ } ; #endif - static void ge_select(ge_precomp *t,int pos,signed char b) { #ifndef CURVED25519_ASM @@ -9088,7 +9091,8 @@ fe_neg(minust.xy2d,t->xy2d); fe_cmov(t->xy2d,minust.xy2d,bnegative); #else - fe_cmov_table((fe*)t, (fe*)base[pos], b); + /* (wc_ptr_t) needed to work around C array casting semantics. */ + fe_cmov_table((fe*)t, (const fe*)(wc_ptr_t)base[pos], b); #endif } @@ -9165,30 +9169,32 @@ } #endif } -#endif /* HAVE_ED25519_SIGN || HAVE_ED25519_MAKE_KEY */ +#endif /* HAVE_ED25519_SIGN || HAVE_ED25519_MAKE_KEY || + * WOLFSSL_CURVE25519_USE_ED25519 */ #define SLIDE_SIZE 256 /* ge double scalar mult */ -static void slide(signed char *r,const unsigned char *a) +static void slide(signed char *r,const unsigned char *a, int max) { int i; int b; int k; - for (i = 0;i < SLIDE_SIZE;++i) + for (i = 0;i < SLIDE_SIZE;++i) { r[i] = 1 & (a[i >> 3] >> (i & 7)); + } - for (i = 0;i < SLIDE_SIZE;++i) + for (i = 0;i < SLIDE_SIZE;++i) { if (r[i]) { for (b = 1;b <= 6 && i + b < SLIDE_SIZE;++b) { if (r[i + b]) { signed char rb = (signed char)((unsigned char)r[i + b] << b); - if (r[i] + rb <= 15) { + if (r[i] + rb <= max) { r[i] = (signed char)(r[i] + rb); r[i + b] = 0; - } else if (r[i] - rb >= -15) { + } else if (r[i] - rb >= -max) { r[i] = (signed char)(r[i] - rb); for (k = i + b;k < SLIDE_SIZE;++k) { if (!r[k]) { @@ -9202,180 +9208,470 @@ } } } + } } +/* Generated using command: ruby ../scripts/x25519/ed25519.rb */ #ifdef CURVED25519_ASM_64BIT -static const ge_precomp Bi[8] = { - { - { 0x2fbc93c6f58c3b85, -0x306cd2390473f1e7, 0x270b4898643d42c2, 0x07cf9d3a33d4ba65, }, - { -0x62efc6fa28bf6ec2, -0x02c660fa2ebf414d, -0x5a3e7bcb977075f7, 0x44fd2f9298f81267, }, - { -0x5436edfa78855598, 0x26d9e823ccaac49e, 0x5a1b7dcbdd43598c, 0x6f117b689f0c65a8, }, - }, - { - { -0x50da4f57b31168d0, 0x025a8430e8864b8a, -0x3ee4affd60fe98ce, 0x7a164e1b9a80f8f4, }, - { 0x56611fe8a4fcd265, 0x3bd353fde5c1ba7d, -0x7ece0ce5deb42943, 0x2ab91587555bda62, }, - { 0x14ae933f0dd0d889, 0x589423221c35da62, -0x2e8f1aba730d24b4, 0x5a2826af12b9b4c6, }, - }, - { - { -0x5ded43bbf75a44cd, -0x72afb73c38a112fe, -0x22e414f3a54013bc, 0x2945ccf146e206eb, }, - { 0x7f9182c3a447d6ba, -0x2affeb2eb4d8d649, -0x1cc30ee3479b5f79, 0x154a7e73eb1b55f3, }, - { -0x4344240e7ed57d7b, 0x270e0807d0bdd1fc, -0x4be498f4e44258d3, 0x43aabe696b3bb69a, }, - }, - { - { 0x6b1a5cd0944ea3bf, 0x7470353ab39dc0d2, 0x71b2528228542e49, 0x461bea69283c927e, }, - { -0x4590d36555cdde4f, 0x6ca021533bba23a7, -0x621589b06de6d3c6, 0x1d6edd5d2e5317e0, }, - { -0x0e7c9237fe474c5e, -0x4cfca0b8fac15b66, 0x529c41ba5877adf3, 0x7a9fbb1c6a0f90a7, }, - }, +static const ge_precomp Bi[32] = { { - { -0x64d1987559579cd1, -0x59af6190ae43b93b, -0x314dcc3639790a4b, 0x34b9ed338add7f59, }, - { -0x0c91de81fc627f9c, -0x675f7e490adfbe65, -0x693439f718a14fbc, 0x49c05a51fadc9c8f, }, - { 0x06b4e8bf9045af1b, -0x1d007c1758e62dd1, -0x550903d66c2b30ea, 0x73c172021b008b06, }, - }, - { - { 0x2fbf00848a802ade, -0x1a260130fdcfd1d9, 0x113e847117703406, 0x4275aae2546d8faf, }, - { 0x315f5b0249864348, 0x3ed6b36977088381, -0x5c5f8aaa9572146b, 0x18ab598029d5c77f, }, - { -0x27d4d33a029f7617, 0x031eb4a13282e4a4, 0x44311199b51a8622, 0x3dc65522b53df948, }, - }, - { - { -0x408f3ddd5dff8093, -0x407b4c654a432125, 0x537a0e12fb07ba07, 0x234fd7eec346f241, }, - { 0x506f013b327fbf93, -0x5103143664889095, -0x62ed4dcd5552a698, 0x0267882d176024a7, }, - { 0x5360a119732ea378, 0x2437e6b1df8dd471, -0x5d10c8076e581acd, 0x497ba6fdaa097863, }, - }, - { - { 0x24cecc0313cfeaa0, -0x79b73d72e763db93, 0x2dbdbdfac1f2d4d0, 0x61e22917f12de72b, }, - { 0x040bcd86468ccf0b, -0x2c7d645bd566ef2a, 0x7508300807b25192, 0x43b5cd4218d05ebf, }, - { 0x5d9a762f9bd0b516, -0x14c750b1c8c02112, 0x032e5a7d93d64270, 0x511d61210ae4d842, }, + { 0x2fbc93c6f58c3b85, -0x306cd2390473f1e7, 0x270b4898643d42c2, + 0x07cf9d3a33d4ba65 }, + { -0x62efc6fa28bf6ec2, -0x02c660fa2ebf414d, -0x5a3e7bcb977075f7, + 0x44fd2f9298f81267 }, + { -0x5436edfa78855598, 0x26d9e823ccaac49e, 0x5a1b7dcbdd43598c, + 0x6f117b689f0c65a8 }, + }, + { + { -0x50da4f57b31168d0, 0x025a8430e8864b8a, -0x3ee4affd60fe98ce, + 0x7a164e1b9a80f8f4 }, + { 0x56611fe8a4fcd265, 0x3bd353fde5c1ba7d, -0x7ece0ce5deb42943, + 0x2ab91587555bda62 }, + { 0x14ae933f0dd0d889, 0x589423221c35da62, -0x2e8f1aba730d24b4, + 0x5a2826af12b9b4c6 }, + }, + { + { -0x5ded43bbf75a44cd, -0x72afb73c38a112fe, -0x22e414f3a54013bc, + 0x2945ccf146e206eb }, + { 0x7f9182c3a447d6ba, -0x2affeb2eb4d8d649, -0x1cc30ee3479b5f79, + 0x154a7e73eb1b55f3 }, + { -0x4344240e7ed57d7b, 0x270e0807d0bdd1fc, -0x4be498f4e44258d3, + 0x43aabe696b3bb69a }, + }, + { + { 0x6b1a5cd0944ea3bf, 0x7470353ab39dc0d2, 0x71b2528228542e49, + 0x461bea69283c927e }, + { -0x4590d36555cdde4f, 0x6ca021533bba23a7, -0x621589b06de6d3c6, + 0x1d6edd5d2e5317e0 }, + { -0x0e7c9237fe474c5e, -0x4cfca0b8fac15b66, 0x529c41ba5877adf3, + 0x7a9fbb1c6a0f90a7 }, + }, + { + { -0x64d1987559579cd1, -0x59af6190ae43b93b, -0x314dcc3639790a4b, + 0x34b9ed338add7f59 }, + { -0x0c91de81fc627f9c, -0x675f7e490adfbe65, -0x693439f718a14fbc, + 0x49c05a51fadc9c8f }, + { 0x06b4e8bf9045af1b, -0x1d007c1758e62dd1, -0x550903d66c2b30ea, + 0x73c172021b008b06 }, + }, + { + { 0x2fbf00848a802ade, -0x1a260130fdcfd1d9, 0x113e847117703406, + 0x4275aae2546d8faf }, + { 0x315f5b0249864348, 0x3ed6b36977088381, -0x5c5f8aaa9572146b, + 0x18ab598029d5c77f }, + { -0x27d4d33a029f7617, 0x031eb4a13282e4a4, 0x44311199b51a8622, + 0x3dc65522b53df948 }, + }, + { + { -0x408f3ddd5dff8093, -0x407b4c654a432125, 0x537a0e12fb07ba07, + 0x234fd7eec346f241 }, + { 0x506f013b327fbf93, -0x5103143664889095, -0x62ed4dcd5552a698, + 0x0267882d176024a7 }, + { 0x5360a119732ea378, 0x2437e6b1df8dd471, -0x5d10c8076e581acd, + 0x497ba6fdaa097863 }, + }, + { + { 0x24cecc0313cfeaa0, -0x79b73d72e763db93, 0x2dbdbdfac1f2d4d0, + 0x61e22917f12de72b }, + { 0x040bcd86468ccf0b, -0x2c7d645bd566ef2a, 0x7508300807b25192, + 0x43b5cd4218d05ebf }, + { 0x5d9a762f9bd0b516, -0x14c750b1c8c02112, 0x032e5a7d93d64270, + 0x511d61210ae4d842 }, + }, + { + { -0x6d3989106af1627f, -0x5ab9df323f28fbb1, -0x5564c99b9070edb8, + 0x6d325924ddb855e3 }, + { 0x081386484420de87, -0x75e30fe94a6d124c, 0x39fa4e2729942d25, + 0x71a7fe6fe2482810 }, + { 0x6c7182b8a5c8c854, 0x33fd1479fe5f2a03, 0x72cf591883778d0c, + 0x4746c4b6559eeaa9 }, + }, + { + { -0x2c8884c3923965d5, -0x21054dd8907609e9, 0x45651cf7b53a16b5, + 0x5c9a51de34fe9fb7 }, + { 0x348546c864741147, 0x7d35aedd0efcc849, -0x006c6589f98d5cce, + 0x219663497db5e6d6 }, + { -0x0aef0e30860ef199, -0x0022255e19a7aea5, 0x09c3a71710142277, + 0x4804503c608223bb }, + }, + { + { -0x3bdb612fd35c8039, -0x5fa65f1c59ea5355, -0x775691283691f1dd, + 0x553398a51650696d }, + { 0x3b6821d23a36d175, -0x444bf558166461ce, 0x5d9e5ce420838a47, + 0x771e098858de4c5e }, + { -0x65ed0a2d87bae121, 0x3ada5d7985899ccb, 0x477f4a2d9fa59508, + 0x5a5ed1d68ff5a611 }, + }, + { + { 0x1195122afe150e83, -0x30df65da81b4ca28, 0x7387f8291e711e20, + 0x44acb897d8bf92f0 }, + { -0x451a1f3aa7ad8ca7, 0x392e5c19cadb9d7e, 0x28653c1eda1cabe9, + 0x019b60135fefdc44 }, + { 0x1e6068145e134b83, -0x3b0a19b0dbcfb3ea, 0x506e88a8fc1a3ed7, + 0x150c49fde6ad2f92 }, + }, + { + { -0x71840d6af6b8eec8, 0x5d6fef394f75a651, 0x10af79c425a708ad, + 0x6b2b5a075bb99922 }, + { -0x47b679c363235798, -0x37c0bb24478eb530, -0x01c11ca9f3c9e973, + 0x78a6d7791e05fbc1 }, + { 0x58bf704b47a0b976, -0x59fe4caa8be8b72b, -0x55d4e04e2abd0a70, + 0x725c7ffc4ad55d00 }, + }, + { + { -0x1bbd98ea2e30664e, 0x7352d51102a20d34, 0x23d1157b8b12109f, + 0x794cc9277cb1f3a3 }, + { -0x6e7fd408e32f6740, -0x01be935b12a19c9a, -0x20a7a28eb6fd66b4, + 0x4cd54625f855fae7 }, + { 0x4af6c426c2ac5053, -0x43651252cd098da8, 0x2ad032f10a311021, + 0x7008357b6fcc8e85 }, + }, + { + { 0x0b88672738773f01, -0x473337056a043305, -0x72d22a5c4652d64a, + 0x06ef7e9851ad0f6a }, + { -0x2fe460447da7b5cc, 0x47ab6463d2b4792b, -0x49ce9c63b7ac9dfe, + 0x13a92a3669d6d428 }, + { -0x356c88e33fa8821b, 0x7540e41e5035dc5c, 0x24680f01d802e071, + 0x3c296ddf8a2af86a }, + }, + { + { -0x5152ea0626eb58ed, -0x56d08406737006ee, -0x5007dce860ac28d0, + 0x7a99d393490c77ba }, + { -0x0314b2d144e0dabf, -0x476aef38bf5246e1, -0x038e5c822f5e52fb, + 0x0a892c700747717b }, + { -0x70ad12dbc9425c18, 0x77a8c84157e80794, -0x5a569a9cd9d06320, + 0x286762d28302f7d2 }, + }, + { + { 0x4e7836093ce35b25, -0x7d1ee7e24d945569, 0x0cc192d3cbc7b83f, + 0x32f1da046a9d9d3a }, + { 0x7c558e2bce2ef5bd, -0x1b67934b98b8439d, 0x154a179f3bbb89b8, + 0x7686f2a3d6f1767a }, + { -0x5572ed5992a68396, -0x70ee6cfcfb2c7ad5, 0x3f91dc73c209b022, + 0x561305f8a9ad28a6 }, + }, + { + { 0x100c978dec92aed1, -0x35bc2abcb2928c1b, -0x7cece4dd27b845b8, + 0x00aaec53e35d4d2c }, + { 0x6722cc28e7b0c0d5, 0x709de9bbdb075c53, -0x3509725828fef59f, + 0x030a1aef2c57cc6c }, + { 0x7bb1f773003ad2aa, 0x0b3f29802b216608, 0x7821dc86520ed23e, + 0x20be9c1c24065480 }, + }, + { + { -0x1eac7827db698c5a, 0x5943bc2df546e493, 0x1c7f9a81c36f63b5, + 0x750ab3361f0ac1de }, + { 0x20e0e44ae2025e60, -0x4fc4c4d0342346c8, 0x105d639cf95a0d1c, + 0x69764c545067e311 }, + { 0x1e8a3283a2f81037, 0x6f2eda23bd7fcbf1, -0x48d02ea453d1da9d, + 0x54f96b3fb7075040 }, + }, + { + { 0x0fadf20429669279, 0x3adda2047d7d724a, 0x6f3d94828c5760f1, + 0x3d7fe9c52bb7539e }, + { 0x177dafc616b11ecd, -0x7689b46305a89b87, -0x48575eef1913187b, + 0x78e6839fbe85dbf0 }, + { 0x70332df737b8856b, 0x75d05d43041a178a, 0x320ff74aa0e59e22, + 0x70f268f350088242 }, + }, + { + { 0x66864583b1805f47, -0x0aca3a2e9f2283e7, -0x1678b148e1b34ffa, + 0x7c0d345cfad889d9 }, + { 0x2324112070dcf355, 0x380cc97ee7fce117, -0x4ce22112caad4968, + 0x404e56c039b8c4b9 }, + { 0x591f1f4b8c78338a, -0x5fc9954e981f4a1f, 0x5cbc4152b45f3d44, + 0x20d754762aaec777 }, + }, + { + { 0x5e8fc36fc73bb758, -0x531abc5ac9c34466, -0x566cb5826fc436de, + 0x2b8f1e46f3ceec62 }, + { -0x628b014eca460abd, -0x7b4c820e21736a94, -0x16cdd4f8a8ec7457, + 0x38b8ada8790b4ce1 }, + { -0x4a3fb56320ae06a3, 0x2b3952aecb1fdeac, 0x1d106d8b328b66da, + 0x049aeb32ceba1953 }, + }, + { + { -0x55af82f48a0386cf, 0x0fef924b7a6725d3, 0x1d82542b396b3930, + 0x795ee17530f674fc }, + { -0x288982c39c230182, 0x209c594897856e40, -0x4998979e1eb083ed, + 0x51c665e0c8d625fc }, + { 0x254a5b0a52ecbd81, 0x5d411f6ee034afe7, -0x195db2f23511b5cf, + 0x6cd19bf49dc54477 }, + }, + { + { 0x1ffe612165afc386, 0x082a2a88b8d51b10, 0x76f6627e20990baa, + 0x5e01b3a7429e43e7 }, + { 0x7e87619052179ca3, 0x571d0a060b2c9f85, -0x7f5d45577b668ee2, + 0x7520f3db40b2e638 }, + { 0x3db50be3d39357a1, -0x69849322a6616b5b, 0x1a309a64df311e6e, + 0x71092c9ccef3c986 }, + }, + { + { -0x7a9427538bfae231, 0x03f6a40855b7aa1e, 0x3a4ae7cbc9743ceb, + 0x4173a5bb7137abde }, + { 0x53d8523f0364918c, -0x5d4bfb0bc05494e4, 0x080b4a9e6681e5a4, + 0x0ea15b03d0257ba7 }, + { 0x17c56e31f0f9218a, 0x5a696e2b1afc4708, -0x086ce9970b4d0e8a, + 0x5fc565614a4e3a67 }, + }, + { + { 0x4892e1e67790988e, 0x01d5950f1c5cd722, -0x1c4f7e651a6dc113, + 0x3214c7409d46651b }, + { 0x136e570dc46d7ae5, 0x0fd0aacc54f8dc8f, 0x59549f03310dad86, + 0x62711c414c454aa1 }, + { 0x1329827406651770, 0x3ba4a0668a279436, -0x26494713e7a2ddc4, + 0x5bea94073ecb833c }, + }, + { + { -0x4b8f319c0cbc2d08, 0x0067ba8f0543e8f1, 0x35da51a1a2117b6f, + 0x4ad0785944f1bd2f }, + { 0x641dbf0912c89be4, -0x530c74ce8291a864, -0x540161fd09684f9b, + 0x3aacd5c148f61eec }, + { -0x7a71c4cb3cce7cff, -0x23663fb8f8ce97da, 0x34085b2ed39da88c, + 0x3aff0cb1d902853d }, + }, + { + { -0x6dd9bcf40b3acafb, 0x68e49c13261f2283, 0x09ef33788fd327c6, + 0x2ccf9f732bd99e7f }, + { -0x783a3814c5dfbfa2, -0x711cee101252a937, 0x29252e48ad29d5f9, + 0x110e7e86f4cd251d }, + { 0x57c0d89ed603f5e4, 0x12888628f0b0200c, 0x53172709a02e3bb7, + 0x05c557e0b9693a37 }, + }, + { + { -0x0889444f763df150, 0x61f85bf6fa0fd85c, -0x4946c0b19cbbde05, + 0x289fef0841861205 }, + { -0x270631cee0368191, 0x7a3f263011f9fdae, -0x1ea4815f7412da23, + 0x6e154c178fe9875a }, + { -0x309e9cc901296541, -0x64e91b187cca36b1, 0x13789765753a7fe7, + 0x6afbf642a95ca319 }, + }, + { + { 0x5de55070f913a8cc, 0x7d1d167b2b0cf561, -0x25d6a9496f152b77, + 0x12c093cedb801ed9 }, + { 0x7da8de0c62f5d2c1, -0x6703c25b4ff18466, 0x7deb6ada0dad70e0, + 0x0db4b851b95038c4 }, + { -0x03eb806cf747e6f1, 0x06969da0a11ae310, -0x3118aa8d25382803, + 0x33aa8799c6635ce6 }, + }, + { + { -0x7cb70a7703ea934f, 0x6da2ba9b1a0a6d27, -0x1dd9d2a37835a54a, + 0x212cd0c1c8d589a6 }, + { -0x50f00ae142f7a30e, 0x78f51a8967d33f1f, 0x6ec2bfe15060033c, + 0x233c6f29e8e21a86 }, + { -0x2d0b2aef80e7387f, 0x122ecdf2527e9d28, -0x58f579d5c2c2ccbf, + 0x1db7778911914ce3 }, + }, + { + { -0x4cc6b896228fe54a, -0x1d47212be630725b, 0x15df4161fd2ac852, + 0x7ae2ca8a017d24be }, + { -0x220cadc683943d91, 0x7a97e2cc53d50113, 0x7c74f43abf79a330, + 0x31ad97ad26e2adfc }, + { -0x4817e812f6df469e, 0x1e8518cc3f19da9d, -0x1b6e3eb0daa9f59c, + 0x1ed1fc53a6622c83 }, }, }; #elif defined(CURVED25519_ASM_32BIT) static const ge_precomp Bi[8] = { { - { -0x0a73c47b, 0x2fbc93c6, -0x0473f1e7, -0x306cd23a, 0x643d42c2, 0x270b4898, 0x33d4ba65, 0x07cf9d3a, }, - { -0x28bf6ec2, -0x62efc6fb, -0x2ebf414d, -0x02c660fb, 0x688f8a09, -0x5a3e7bcc, -0x6707ed99, 0x44fd2f92, }, - { -0x78855598, -0x5436edfb, -0x33553b62, 0x26d9e823, -0x22bca674, 0x5a1b7dcb, -0x60f39a58, 0x6f117b68, }, - }, - { - { 0x4cee9730, -0x50da4f58, -0x1779b476, 0x025a8430, -0x60fe98ce, -0x3ee4affe, -0x657f070c, 0x7a164e1b, }, - { -0x5b032d9b, 0x56611fe8, -0x1a3e4583, 0x3bd353fd, 0x214bd6bd, -0x7ece0ce6, 0x555bda62, 0x2ab91587, }, - { 0x0dd0d889, 0x14ae933f, 0x1c35da62, 0x58942322, -0x730d24b4, -0x2e8f1abb, 0x12b9b4c6, 0x5a2826af, }, - }, - { - { 0x08a5bb33, -0x5ded43bc, -0x38a112fe, -0x72afb73d, 0x5abfec44, -0x22e414f4, 0x46e206eb, 0x2945ccf1, }, - { -0x5bb82946, 0x7f9182c3, 0x4b2729b7, -0x2affeb2f, -0x479b5f79, -0x1cc30ee4, -0x14e4aa0d, 0x154a7e73, }, - { -0x7ed57d7b, -0x4344240f, -0x2f422e04, 0x270e0807, 0x1bbda72d, -0x4be498f5, 0x6b3bb69a, 0x43aabe69, }, - }, - { - { -0x6bb15c41, 0x6b1a5cd0, -0x4c623f2e, 0x7470353a, 0x28542e49, 0x71b25282, 0x283c927e, 0x461bea69, }, - { -0x55cdde4f, -0x4590d366, 0x3bba23a7, 0x6ca02153, -0x6de6d3c6, -0x621589b1, 0x2e5317e0, 0x1d6edd5d, }, - { 0x01b8b3a2, -0x0e7c9238, 0x053ea49a, -0x4cfca0b9, 0x5877adf3, 0x529c41ba, 0x6a0f90a7, 0x7a9fbb1c, }, - }, - { - { -0x59579cd1, -0x64d19876, 0x51bc46c5, -0x59af6191, -0x39790a4b, -0x314dcc37, -0x752280a7, 0x34b9ed33, }, - { 0x039d8064, -0x0c91de82, -0x0adfbe65, -0x675f7e4a, -0x18a14fbc, -0x693439f8, -0x05236371, 0x49c05a51, }, - { -0x6fba50e5, 0x06b4e8bf, -0x58e62dd1, -0x1d007c18, -0x6c2b30ea, -0x550903d7, 0x1b008b06, 0x73c17202, }, - }, - { - { -0x757fd522, 0x2fbf0084, 0x02302e27, -0x1a260131, 0x17703406, 0x113e8471, 0x546d8faf, 0x4275aae2, }, - { 0x49864348, 0x315f5b02, 0x77088381, 0x3ed6b369, 0x6a8deb95, -0x5c5f8aab, 0x29d5c77f, 0x18ab5980, }, - { -0x029f7617, -0x27d4d33b, 0x3282e4a4, 0x031eb4a1, -0x4ae579de, 0x44311199, -0x4ac206b8, 0x3dc65522, }, - }, - { - { -0x5dff8093, -0x408f3dde, -0x4a432125, -0x407b4c66, -0x04f845f9, 0x537a0e12, -0x3cb90dbf, 0x234fd7ee, }, - { 0x327fbf93, 0x506f013b, -0x64889095, -0x51031437, -0x5552a698, -0x62ed4dce, 0x176024a7, 0x0267882d, }, - { 0x732ea378, 0x5360a119, -0x20722b8f, 0x2437e6b1, -0x6e581acd, -0x5d10c808, -0x55f6879d, 0x497ba6fd, }, - }, - { - { 0x13cfeaa0, 0x24cecc03, 0x189c246d, -0x79b73d73, -0x3e0d2b30, 0x2dbdbdfa, -0x0ed218d5, 0x61e22917, }, - { 0x468ccf0b, 0x040bcd86, 0x2a9910d6, -0x2c7d645c, 0x07b25192, 0x75083008, 0x18d05ebf, 0x43b5cd42, }, - { -0x642f4aea, 0x5d9a762f, 0x373fdeee, -0x14c750b2, -0x6c29bd90, 0x032e5a7d, 0x0ae4d842, 0x511d6121, }, + { -0x0a73c47b, 0x2fbc93c6, -0x0473f1e7, -0x306cd23a, 0x643d42c2, + 0x270b4898, 0x33d4ba65, 0x07cf9d3a }, + { -0x28bf6ec2, -0x62efc6fb, -0x2ebf414d, -0x02c660fb, 0x688f8a09, + -0x5a3e7bcc, -0x6707ed99, 0x44fd2f92 }, + { -0x78855598, -0x5436edfb, -0x33553b62, 0x26d9e823, -0x22bca674, + 0x5a1b7dcb, -0x60f39a58, 0x6f117b68 }, + }, + { + { 0x4cee9730, -0x50da4f58, -0x1779b476, 0x025a8430, -0x60fe98ce, + -0x3ee4affe, -0x657f070c, 0x7a164e1b }, + { -0x5b032d9b, 0x56611fe8, -0x1a3e4583, 0x3bd353fd, 0x214bd6bd, + -0x7ece0ce6, 0x555bda62, 0x2ab91587 }, + { 0x0dd0d889, 0x14ae933f, 0x1c35da62, 0x58942322, -0x730d24b4, + -0x2e8f1abb, 0x12b9b4c6, 0x5a2826af }, + }, + { + { 0x08a5bb33, -0x5ded43bc, -0x38a112fe, -0x72afb73d, 0x5abfec44, + -0x22e414f4, 0x46e206eb, 0x2945ccf1 }, + { -0x5bb82946, 0x7f9182c3, 0x4b2729b7, -0x2affeb2f, -0x479b5f79, + -0x1cc30ee4, -0x14e4aa0d, 0x154a7e73 }, + { -0x7ed57d7b, -0x4344240f, -0x2f422e04, 0x270e0807, 0x1bbda72d, + -0x4be498f5, 0x6b3bb69a, 0x43aabe69 }, + }, + { + { -0x6bb15c41, 0x6b1a5cd0, -0x4c623f2e, 0x7470353a, 0x28542e49, + 0x71b25282, 0x283c927e, 0x461bea69 }, + { -0x55cdde4f, -0x4590d366, 0x3bba23a7, 0x6ca02153, -0x6de6d3c6, + -0x621589b1, 0x2e5317e0, 0x1d6edd5d }, + { 0x01b8b3a2, -0x0e7c9238, 0x053ea49a, -0x4cfca0b9, 0x5877adf3, + 0x529c41ba, 0x6a0f90a7, 0x7a9fbb1c }, + }, + { + { -0x59579cd1, -0x64d19876, 0x51bc46c5, -0x59af6191, -0x39790a4b, + -0x314dcc37, -0x752280a7, 0x34b9ed33 }, + { 0x039d8064, -0x0c91de82, -0x0adfbe65, -0x675f7e4a, -0x18a14fbc, + -0x693439f8, -0x05236371, 0x49c05a51 }, + { -0x6fba50e5, 0x06b4e8bf, -0x58e62dd1, -0x1d007c18, -0x6c2b30ea, + -0x550903d7, 0x1b008b06, 0x73c17202 }, + }, + { + { -0x757fd522, 0x2fbf0084, 0x02302e27, -0x1a260131, 0x17703406, + 0x113e8471, 0x546d8faf, 0x4275aae2 }, + { 0x49864348, 0x315f5b02, 0x77088381, 0x3ed6b369, 0x6a8deb95, + -0x5c5f8aab, 0x29d5c77f, 0x18ab5980 }, + { -0x029f7617, -0x27d4d33b, 0x3282e4a4, 0x031eb4a1, -0x4ae579de, + 0x44311199, -0x4ac206b8, 0x3dc65522 }, + }, + { + { -0x5dff8093, -0x408f3dde, -0x4a432125, -0x407b4c66, -0x04f845f9, + 0x537a0e12, -0x3cb90dbf, 0x234fd7ee }, + { 0x327fbf93, 0x506f013b, -0x64889095, -0x51031437, -0x5552a698, + -0x62ed4dce, 0x176024a7, 0x0267882d }, + { 0x732ea378, 0x5360a119, -0x20722b8f, 0x2437e6b1, -0x6e581acd, + -0x5d10c808, -0x55f6879d, 0x497ba6fd }, + }, + { + { 0x13cfeaa0, 0x24cecc03, 0x189c246d, -0x79b73d73, -0x3e0d2b30, + 0x2dbdbdfa, -0x0ed218d5, 0x61e22917 }, + { 0x468ccf0b, 0x040bcd86, 0x2a9910d6, -0x2c7d645c, 0x07b25192, + 0x75083008, 0x18d05ebf, 0x43b5cd42 }, + { -0x642f4aea, 0x5d9a762f, 0x373fdeee, -0x14c750b2, -0x6c29bd90, + 0x032e5a7d, 0x0ae4d842, 0x511d6121 }, }, }; #elif defined(CURVED25519_128BIT) static const ge_precomp Bi[8] = { { - { 0x493c6f58c3b85, 0x0df7181c325f7, 0x0f50b0b3e4cb7, 0x5329385a44c32, 0x07cf9d3a33d4b }, - { 0x03905d740913e, 0x0ba2817d673a2, 0x23e2827f4e67c, 0x133d2e0c21a34, 0x44fd2f9298f81 }, - { 0x11205877aaa68, 0x479955893d579, 0x50d66309b67a0, 0x2d42d0dbee5ee, 0x6f117b689f0c6 }, - }, - { - { 0x5b0a84cee9730, 0x61d10c97155e4, 0x4059cc8096a10, 0x47a608da8014f, 0x7a164e1b9a80f }, - { 0x11fe8a4fcd265, 0x7bcb8374faacc, 0x52f5af4ef4d4f, 0x5314098f98d10, 0x2ab91587555bd }, - { 0x6933f0dd0d889, 0x44386bb4c4295, 0x3cb6d3162508c, 0x26368b872a2c6, 0x5a2826af12b9b }, - }, - { - { 0x2bc4408a5bb33, 0x078ebdda05442, 0x2ffb112354123, 0x375ee8df5862d, 0x2945ccf146e20 }, - { 0x182c3a447d6ba, 0x22964e536eff2, 0x192821f540053, 0x2f9f19e788e5c, 0x154a7e73eb1b5 }, - { 0x3dbf1812a8285, 0x0fa17ba3f9797, 0x6f69cb49c3820, 0x34d5a0db3858d, 0x43aabe696b3bb }, - }, - { - { 0x25cd0944ea3bf, 0x75673b81a4d63, 0x150b925d1c0d4, 0x13f38d9294114, 0x461bea69283c9 }, - { 0x72c9aaa3221b1, 0x267774474f74d, 0x064b0e9b28085, 0x3f04ef53b27c9, 0x1d6edd5d2e531 }, - { 0x36dc801b8b3a2, 0x0e0a7d4935e30, 0x1deb7cecc0d7d, 0x053a94e20dd2c, 0x7a9fbb1c6a0f9 }, - }, - { - { 0x6678aa6a8632f, 0x5ea3788d8b365, 0x21bd6d6994279, 0x7ace75919e4e3, 0x34b9ed338add7 }, - { 0x6217e039d8064, 0x6dea408337e6d, 0x57ac112628206, 0x647cb65e30473, 0x49c05a51fadc9 }, - { 0x4e8bf9045af1b, 0x514e33a45e0d6, 0x7533c5b8bfe0f, 0x583557b7e14c9, 0x73c172021b008 }, - }, - { - { 0x700848a802ade, 0x1e04605c4e5f7, 0x5c0d01b9767fb, 0x7d7889f42388b, 0x4275aae2546d8 }, - { 0x75b0249864348, 0x52ee11070262b, 0x237ae54fb5acd, 0x3bfd1d03aaab5, 0x18ab598029d5c }, - { 0x32cc5fd6089e9, 0x426505c949b05, 0x46a18880c7ad2, 0x4a4221888ccda, 0x3dc65522b53df }, - }, - { - { 0x0c222a2007f6d, 0x356b79bdb77ee, 0x41ee81efe12ce, 0x120a9bd07097d, 0x234fd7eec346f }, - { 0x7013b327fbf93, 0x1336eeded6a0d, 0x2b565a2bbf3af, 0x253ce89591955, 0x0267882d17602 }, - { 0x0a119732ea378, 0x63bf1ba8e2a6c, 0x69f94cc90df9a, 0x431d1779bfc48, 0x497ba6fdaa097 }, - }, - { - { 0x6cc0313cfeaa0, 0x1a313848da499, 0x7cb534219230a, 0x39596dedefd60, 0x61e22917f12de }, - { 0x3cd86468ccf0b, 0x48553221ac081, 0x6c9464b4e0a6e, 0x75fba84180403, 0x43b5cd4218d05 }, - { 0x2762f9bd0b516, 0x1c6e7fbddcbb3, 0x75909c3ace2bd, 0x42101972d3ec9, 0x511d61210ae4d }, + { 0x493c6f58c3b85, 0x0df7181c325f7, 0x0f50b0b3e4cb7, 0x5329385a44c32, + 0x07cf9d3a33d4b }, + { 0x03905d740913e, 0x0ba2817d673a2, 0x23e2827f4e67c, 0x133d2e0c21a34, + 0x44fd2f9298f81 }, + { 0x11205877aaa68, 0x479955893d579, 0x50d66309b67a0, 0x2d42d0dbee5ee, + 0x6f117b689f0c6 }, + }, + { + { 0x5b0a84cee9730, 0x61d10c97155e4, 0x4059cc8096a10, 0x47a608da8014f, + 0x7a164e1b9a80f }, + { 0x11fe8a4fcd265, 0x7bcb8374faacc, 0x52f5af4ef4d4f, 0x5314098f98d10, + 0x2ab91587555bd }, + { 0x6933f0dd0d889, 0x44386bb4c4295, 0x3cb6d3162508c, 0x26368b872a2c6, + 0x5a2826af12b9b }, + }, + { + { 0x2bc4408a5bb33, 0x078ebdda05442, 0x2ffb112354123, 0x375ee8df5862d, + 0x2945ccf146e20 }, + { 0x182c3a447d6ba, 0x22964e536eff2, 0x192821f540053, 0x2f9f19e788e5c, + 0x154a7e73eb1b5 }, + { 0x3dbf1812a8285, 0x0fa17ba3f9797, 0x6f69cb49c3820, 0x34d5a0db3858d, + 0x43aabe696b3bb }, + }, + { + { 0x25cd0944ea3bf, 0x75673b81a4d63, 0x150b925d1c0d4, 0x13f38d9294114, + 0x461bea69283c9 }, + { 0x72c9aaa3221b1, 0x267774474f74d, 0x064b0e9b28085, 0x3f04ef53b27c9, + 0x1d6edd5d2e531 }, + { 0x36dc801b8b3a2, 0x0e0a7d4935e30, 0x1deb7cecc0d7d, 0x053a94e20dd2c, + 0x7a9fbb1c6a0f9 }, + }, + { + { 0x6678aa6a8632f, 0x5ea3788d8b365, 0x21bd6d6994279, 0x7ace75919e4e3, + 0x34b9ed338add7 }, + { 0x6217e039d8064, 0x6dea408337e6d, 0x57ac112628206, 0x647cb65e30473, + 0x49c05a51fadc9 }, + { 0x4e8bf9045af1b, 0x514e33a45e0d6, 0x7533c5b8bfe0f, 0x583557b7e14c9, + 0x73c172021b008 }, + }, + { + { 0x700848a802ade, 0x1e04605c4e5f7, 0x5c0d01b9767fb, 0x7d7889f42388b, + 0x4275aae2546d8 }, + { 0x75b0249864348, 0x52ee11070262b, 0x237ae54fb5acd, 0x3bfd1d03aaab5, + 0x18ab598029d5c }, + { 0x32cc5fd6089e9, 0x426505c949b05, 0x46a18880c7ad2, 0x4a4221888ccda, + 0x3dc65522b53df }, + }, + { + { 0x0c222a2007f6d, 0x356b79bdb77ee, 0x41ee81efe12ce, 0x120a9bd07097d, + 0x234fd7eec346f }, + { 0x7013b327fbf93, 0x1336eeded6a0d, 0x2b565a2bbf3af, 0x253ce89591955, + 0x0267882d17602 }, + { 0x0a119732ea378, 0x63bf1ba8e2a6c, 0x69f94cc90df9a, 0x431d1779bfc48, + 0x497ba6fdaa097 }, + }, + { + { 0x6cc0313cfeaa0, 0x1a313848da499, 0x7cb534219230a, 0x39596dedefd60, + 0x61e22917f12de }, + { 0x3cd86468ccf0b, 0x48553221ac081, 0x6c9464b4e0a6e, 0x75fba84180403, + 0x43b5cd4218d05 }, + { 0x2762f9bd0b516, 0x1c6e7fbddcbb3, 0x75909c3ace2bd, 0x42101972d3ec9, + 0x511d61210ae4d }, }, }; #else static const ge_precomp Bi[8] = { - { - { 25967493,-14356035,29566456,3660896,-12694345,4014787,27544626,-11754271,-6079156,2047605 }, - { -12545711,934262,-2722910,3049990,-727428,9406986,12720692,5043384,19500929,-15469378 }, - { -8738181,4489570,9688441,-14785194,10184609,-12363380,29287919,11864899,-24514362,-4438546 }, - }, - { - { 15636291,-9688557,24204773,-7912398,616977,-16685262,27787600,-14772189,28944400,-1550024 }, - { 16568933,4717097,-11556148,-1102322,15682896,-11807043,16354577,-11775962,7689662,11199574 }, - { 30464156,-5976125,-11779434,-15670865,23220365,15915852,7512774,10017326,-17749093,-9920357 }, - }, - { - { 10861363,11473154,27284546,1981175,-30064349,12577861,32867885,14515107,-15438304,10819380 }, - { 4708026,6336745,20377586,9066809,-11272109,6594696,-25653668,12483688,-12668491,5581306 }, - { 19563160,16186464,-29386857,4097519,10237984,-4348115,28542350,13850243,-23678021,-15815942 }, - }, - { - { 5153746,9909285,1723747,-2777874,30523605,5516873,19480852,5230134,-23952439,-15175766 }, - { -30269007,-3463509,7665486,10083793,28475525,1649722,20654025,16520125,30598449,7715701 }, - { 28881845,14381568,9657904,3680757,-20181635,7843316,-31400660,1370708,29794553,-1409300 }, - }, - { - { -22518993,-6692182,14201702,-8745502,-23510406,8844726,18474211,-1361450,-13062696,13821877 }, - { -6455177,-7839871,3374702,-4740862,-27098617,-10571707,31655028,-7212327,18853322,-14220951 }, - { 4566830,-12963868,-28974889,-12240689,-7602672,-2830569,-8514358,-10431137,2207753,-3209784 }, - }, - { - { -25154831,-4185821,29681144,7868801,-6854661,-9423865,-12437364,-663000,-31111463,-16132436 }, - { 25576264,-2703214,7349804,-11814844,16472782,9300885,3844789,15725684,171356,6466918 }, - { 23103977,13316479,9739013,-16149481,817875,-15038942,8965339,-14088058,-30714912,16193877 }, - }, - { - { -33521811,3180713,-2394130,14003687,-16903474,-16270840,17238398,4729455,-18074513,9256800 }, - { -25182317,-4174131,32336398,5036987,-21236817,11360617,22616405,9761698,-19827198,630305 }, - { -13720693,2639453,-24237460,-7406481,9494427,-5774029,-6554551,-15960994,-2449256,-14291300 }, - }, - { - { -3151181,-5046075,9282714,6866145,-31907062,-863023,-18940575,15033784,25105118,-7894876 }, - { -24326370,15950226,-31801215,-14592823,-11662737,-5090925,1573892,-2625887,2198790,-15804619 }, - { -3099351,10324967,-2241613,7453183,-5446979,-2735503,-13812022,-16236442,-32461234,-12290683 }, - }, -} ; + { + { 0x18c3b85, -0x0db0e43, 0x1c325f8, 0x037dc60, -0x0c1b349, + 0x03d42c3, 0x1a44c32, -0x0b35b1f, -0x05cc2b4, 0x01f3e75 }, + { -0x0bf6eaf, 0x00e4176, -0x0298c5e, 0x02e8a06, -0x00b1984, + 0x08f8a0a, 0x0c21a34, 0x04cf4b8, 0x1298f81, -0x0ec0b42 }, + { -0x0855585, 0x0448162, 0x093d579, -0x0e19aaa, 0x09b67a1, + -0x0bca674, 0x1bee5ef, 0x0b50b43, -0x1760f3a, -0x043ba12 }, + }, + { + { 0x0ee9743, -0x093d5ed, 0x17155e5, -0x078bbce, 0x0096a11, + -0x0fe98ce, 0x1a80150, -0x0e167dd, 0x1b9a810, -0x017a6c8 }, + { 0x0fcd265, 0x047fa29, -0x0b05534, -0x010d1f2, 0x0ef4d50, + -0x0b42943, 0x0f98d11, -0x0b3afda, 0x07555be, 0x0aae456 }, + { 0x1d0d89c, -0x05b303d, -0x0b3bd6a, -0x0ef1e51, 0x162508d, + 0x0f2db4c, 0x072a2c6, 0x098da2e, -0x10ed465, -0x0975f65 }, + }, + { + { 0x0a5bb33, 0x0af1102, 0x1a05442, 0x01e3af7, -0x1cabedd, + 0x0bfec45, 0x1f5862d, 0x0dd7ba3, -0x0eb91e0, 0x0a51734 }, + { 0x047d6ba, 0x060b0e9, 0x136eff2, 0x08a5939, -0x0abffad, + 0x064a088, -0x18771a4, 0x0be7c68, -0x0c14e4b, 0x05529fa }, + { 0x12a8298, 0x0f6fc60, -0x1c06869, 0x03e85ef, 0x09c3820, + -0x04258d3, 0x1b3858e, 0x0d35683, -0x1694c45, -0x0f15506 }, + }, + { + { 0x04ea3d2, 0x0973425, 0x01a4d63, -0x02a6312, 0x1d1c0d5, + 0x0542e49, 0x1294114, 0x04fce36, -0x16d7c37, -0x0e79056 }, + { -0x1cdde4f, -0x034d955, 0x074f74e, 0x099ddd1, 0x1b28085, + 0x0192c3a, 0x13b27c9, 0x0fc13bd, 0x1d2e531, 0x075bb75 }, + { 0x1b8b3b5, 0x0db7200, 0x0935e30, 0x03829f5, -0x133f283, + 0x077adf4, -0x1df22d4, 0x014ea54, 0x1c6a0f9, -0x0158114 }, + }, + { + { -0x1579cd1, -0x0661d56, 0x0d8b366, -0x085721e, -0x166bd86, + 0x086f5b6, 0x119e4e3, -0x014c62a, -0x0c75228, 0x0d2e7b5 }, + { -0x0627f89, -0x077a07f, 0x0337e6e, -0x04856fe, -0x19d7df9, + -0x0a14fbb, 0x1e30474, -0x06e0d27, 0x11fadca, -0x0d8fe97 }, + { 0x045af2e, -0x0c5d01c, -0x1ba1f29, -0x0bac731, -0x07401f0, + -0x02b30e9, -0x081eb36, -0x09f2aa1, 0x021b009, -0x030fa38 }, + }, + { + { -0x17fd50f, -0x03fdedd, 0x1c4e5f8, 0x0781181, -0x0689805, + -0x08fcbf9, -0x0bdc774, -0x00a1dd8, -0x1dab927, -0x0f62954 }, + { 0x1864348, -0x0293f6e, 0x070262c, -0x0b447bc, 0x0fb5ace, + 0x08deb95, 0x03aaab5, 0x0eff474, 0x0029d5c, 0x062ad66 }, + { 0x16089e9, 0x0cb317f, 0x0949b05, -0x0f66be9, 0x00c7ad3, + -0x0e579de, 0x088ccdb, -0x0d6f77a, -0x1d4ac20, 0x0f71955 }, + }, + { + { -0x1ff8093, 0x03088a9, -0x0248812, 0x0d5ade7, -0x101ed32, + -0x0f845f8, 0x107097e, 0x0482a6f, -0x113cb91, 0x08d3f60 }, + { -0x180406d, -0x03fb133, 0x1ed6a0e, 0x04cdbbb, -0x1440c51, + 0x0ad5969, 0x1591955, 0x094f3a2, -0x12e89fe, 0x0099e21 }, + { -0x0d15c75, 0x028465d, -0x171d594, -0x0710391, 0x090df9b, + -0x0581acd, -0x06403b7, -0x0f38ba2, -0x0255f68, -0x0da1164 }, + }, + { + { -0x030154d, -0x04cff3b, 0x08da49a, 0x068c4e1, -0x1e6dcf6, + -0x00d2b2f, -0x121029f, 0x0e565b8, 0x17f12de, -0x078775c }, + { -0x17330e2, 0x0f36192, -0x1e53f7f, -0x0deab37, -0x0b1f591, + -0x04dae6d, 0x0180404, -0x028115f, 0x0218d06, -0x0f128cb }, + { -0x02f4ad7, 0x09d8be7, -0x022344d, 0x071b9ff, -0x0531d43, + -0x029bd8f, -0x0d2c136, -0x0f7bf9a, -0x1ef51b2, -0x0bb8a7b }, + }, +}; #endif @@ -9401,7 +9697,7 @@ #else signed char aslide[SLIDE_SIZE]; signed char bslide[SLIDE_SIZE]; - ge_cached Ai[8]; /* A,3A,5A,7A,9A,11A,13A,15A */ + ge_cached Ai[16]; /* A,3A,5A,7A,9A,11A,13A,15A */ ge_p1p1 t[1]; ge_p3 u[1]; @@ -9412,7 +9708,7 @@ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (((aslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((bslide = (signed char *)XMALLOC(SLIDE_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || - ((Ai = (ge_cached *)XMALLOC(8 * sizeof(*Ai), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || + ((Ai = (ge_cached *)XMALLOC(16 * sizeof(*Ai), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((t = (ge_p1p1 *)XMALLOC(sizeof(*t), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((u = (ge_p3 *)XMALLOC(sizeof(*u), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL) || ((A2 = (ge_p3 *)XMALLOC(sizeof(*A2), NULL, DYNAMIC_TYPE_TMP_BUFFER))== NULL)) @@ -9423,8 +9719,12 @@ ret = 0; #endif - slide(aslide,a); - slide(bslide,b); + slide(aslide,a,15); +#ifdef CURVED25519_ASM_64BIT + slide(bslide,b,63); +#else + slide(bslide,b,15); +#endif ge_p3_to_cached(&Ai[0],A); ge_p3_dbl(t,A); ge_p1p1_to_p3(A2,t); @@ -9438,8 +9738,60 @@ ge_p2_0(r); - for (i = 255;i >= 0;--i) { - if (aslide[i] || bslide[i]) break; + for (i = SLIDE_SIZE-1;i >= 0;--i) { + if (aslide[i] || bslide[i]) { +#ifdef CURVED25519_ASM_64BIT + if (aslide[i] > 0) { + fe_copy(t->Z, Ai[aslide[i]/2].YplusX); + fe_copy(t->Y, Ai[aslide[i]/2].YminusX); + fe_sub(t->X,t->Z,t->Y); + fe_add(t->Y,t->Z,t->Y); + fe_add(t->T,Ai[aslide[i]/2].Z, Ai[aslide[i]/2].Z); + fe_copy(t->Z,t->T); + } else if (aslide[i] < 0) { + fe_copy(t->Z, Ai[aslide[i]/2].YminusX); + fe_copy(t->Y, Ai[aslide[i]/2].YplusX); + fe_sub(t->X,t->Z,t->Y); + fe_add(t->Y,t->Z,t->Y); + fe_add(t->T,Ai[aslide[i]/2].Z, Ai[aslide[i]/2].Z); + fe_copy(t->Z,t->T); + } + + if (bslide[i] > 0) { + if (aslide[i] != 0) { + ge_p1p1_to_p3(u,t); + ge_madd(t,u,&Bi[bslide[i]/2]); + } else { + fe_copy(t->Z,Bi[bslide[i]/2].yplusx); + fe_copy(t->Y,Bi[bslide[i]/2].yminusx); + fe_sub(t->X,t->Z,t->Y); + fe_add(t->Y,t->Z,t->Y); + fe_0(t->T); + t->T[0] = 0x2; + fe_0(t->Z); + t->Z[0] = 0x2; + } + } else if (bslide[i] < 0) { + if (aslide[i] != 0) { + ge_p1p1_to_p3(u,t); + ge_msub(t,u,&Bi[(-bslide[i])/2]); + } else { + fe_copy(t->Z,Bi[bslide[i]/2].yminusx); + fe_copy(t->Y,Bi[bslide[i]/2].yplusx); + fe_sub(t->X,t->Z,t->Y); + fe_add(t->Y,t->Z,t->Y); + fe_0(t->T); + t->T[0] = 0x2; + fe_0(t->Z); + t->Z[0] = 0x2; + } + } + + ge_p1p1_to_p2(r,t); + --i; +#endif + break; + } } for (;i >= 0;--i) { @@ -9552,6 +9904,11 @@ fe_mul(h->X,h->X,u); /* x = uv^7 */ fe_pow22523(h->X,h->X); /* x = (uv^7)^((q-5)/8) */ + /* Alternative if inversion very fast. + * x^2^252 * invert(x^3) + * = x^2^252 * x^-3 + * = x^(2^252 - 3) + */ fe_mul(h->X,h->X,v3); fe_mul(h->X,h->X,u); /* x = uv^3(uv^7)^((q-5)/8) */ @@ -9769,7 +10126,8 @@ #ifndef CURVED25519_ASM -#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) +#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) /* ge_precomp_0 */ static void ge_precomp_0(ge_precomp *h) { @@ -9818,6 +10176,26 @@ s[31] ^= (unsigned char)((unsigned char)fe_isnegative(x) << 7); } +#ifdef HAVE_ED25519_VERIFY +#ifndef CURVED25519_ASM_64BIT + #define fe_invert_nct fe_invert +#endif + +/* ge tobytes */ +void ge_tobytes_nct(unsigned char *s,const ge_p2 *h) +{ + ge recip; + ge x; + ge y; + + fe_invert_nct(recip,h->Z); + fe_mul(x,h->X,recip); + fe_mul(y,h->Y,recip); + fe_tobytes(s,y); + s[31] ^= (unsigned char)((unsigned char)fe_isnegative(x) << 7); +} +#endif + #endif /* !ED25519_SMALL */ /* if HAVE_ED25519 but not HAVE_CURVE25519, and an asm implementation is built, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -118,100 +118,143 @@ int wc_HashGetOID(enum wc_HashType hash_type) { - int oid = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int oid; switch(hash_type) { case WC_HASH_TYPE_MD2: #ifdef WOLFSSL_MD2 oid = MD2h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_MD5_SHA: + #if !defined(NO_MD5) && !defined(NO_SHA) + oid = MD5h; + #else + oid = HASH_TYPE_E; + #endif + break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 oid = MD5h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA oid = SHAh; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 oid = SHA224h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 oid = SHA256h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 oid = SHA384h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 oid = SHA512h; + #else + oid = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) oid = SHA512_224h; + #else + oid = HASH_TYPE_E; #endif break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) oid = SHA512_256h; + #else + oid = HASH_TYPE_E; #endif break; - #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) oid = SHA3_224h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) oid = SHA3_256h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) oid = SHA3_384h; + #else + oid = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) oid = SHA3_512h; + #else + oid = HASH_TYPE_E; #endif break; - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) oid = SHAKE128h; + #else + oid = HASH_TYPE_E; + #endif break; - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) oid = SHAKE256h; + #else + oid = HASH_TYPE_E; + #endif break; - #endif - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 oid = SM3h; + #else + oid = HASH_TYPE_E; + #endif break; - #endif /* Not Supported */ case WC_HASH_TYPE_MD4: + oid = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + oid = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: + oid = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + oid = BAD_FUNC_ARG; + break; default: oid = BAD_FUNC_ARG; break; @@ -221,64 +264,95 @@ enum wc_HashType wc_OidGetHash(int oid) { - enum wc_HashType hash_type = WC_HASH_TYPE_NONE; + enum wc_HashType hash_type; switch (oid) { - #ifdef WOLFSSL_MD2 case MD2h: + #ifdef WOLFSSL_MD2 hash_type = WC_HASH_TYPE_MD2; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; - #endif case MD5h: #ifndef NO_MD5 hash_type = WC_HASH_TYPE_MD5; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; case SHAh: #ifndef NO_SHA hash_type = WC_HASH_TYPE_SHA; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; case SHA224h: #ifdef WOLFSSL_SHA224 hash_type = WC_HASH_TYPE_SHA224; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; case SHA256h: #ifndef NO_SHA256 hash_type = WC_HASH_TYPE_SHA256; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; case SHA384h: #ifdef WOLFSSL_SHA384 hash_type = WC_HASH_TYPE_SHA384; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; case SHA512h: #ifdef WOLFSSL_SHA512 hash_type = WC_HASH_TYPE_SHA512; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); #endif break; - #ifdef WOLFSSL_SHA3 case SHA3_224h: + #ifdef WOLFSSL_SHA3 hash_type = WC_HASH_TYPE_SHA3_224; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; case SHA3_256h: + #ifdef WOLFSSL_SHA3 hash_type = WC_HASH_TYPE_SHA3_256; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; case SHA3_384h: + #ifdef WOLFSSL_SHA3 hash_type = WC_HASH_TYPE_SHA3_384; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; case SHA3_512h: + #ifdef WOLFSSL_SHA3 hash_type = WC_HASH_TYPE_SHA3_512; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; - #endif /* WOLFSSL_SHA3 */ - #ifdef WOLFSSL_SM3 case SM3h: + #ifdef WOLFSSL_SM3 hash_type = WC_HASH_TYPE_SM3; + #else + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); + #endif break; - #endif default: + hash_type = WC_ERR_TRACE(WC_HASH_TYPE_NONE); break; } return hash_type; @@ -290,114 +364,151 @@ /* Get Hash digest size */ int wc_HashGetDigestSize(enum wc_HashType hash_type) { - int dig_size = WC_NO_ERR_TRACE(HASH_TYPE_E); + int dig_size; switch(hash_type) { case WC_HASH_TYPE_MD2: #ifdef WOLFSSL_MD2 dig_size = WC_MD2_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_MD4: #ifndef NO_MD4 dig_size = WC_MD4_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 dig_size = WC_MD5_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA dig_size = WC_SHA_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 dig_size = WC_SHA224_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 dig_size = WC_SHA256_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 dig_size = WC_SHA384_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 dig_size = WC_SHA512_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) dig_size = WC_SHA512_224_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) dig_size = WC_SHA512_256_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_MD5_SHA: /* Old TLS Specific */ #if !defined(NO_MD5) && !defined(NO_SHA) dig_size = (int)WC_MD5_DIGEST_SIZE + (int)WC_SHA_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) dig_size = WC_SHA3_224_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) dig_size = WC_SHA3_256_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) dig_size = WC_SHA3_384_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) dig_size = WC_SHA3_512_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_BLAKE2B: + #if defined(HAVE_BLAKE2B) + dig_size = BLAKE2B_OUTBYTES; + #else + dig_size = HASH_TYPE_E; + #endif + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #if defined(HAVE_BLAKE2S) dig_size = BLAKE2S_OUTBYTES; + #else + dig_size = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 dig_size = WC_SM3_DIGEST_SIZE; + #else + dig_size = HASH_TYPE_E; + #endif break; - #endif /* Not Supported */ - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + dig_size = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + dig_size = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + dig_size = BAD_FUNC_ARG; + break; default: dig_size = BAD_FUNC_ARG; break; @@ -409,114 +520,151 @@ /* Get Hash block size */ int wc_HashGetBlockSize(enum wc_HashType hash_type) { - int block_size = WC_NO_ERR_TRACE(HASH_TYPE_E); + int block_size; switch (hash_type) { case WC_HASH_TYPE_MD2: #ifdef WOLFSSL_MD2 block_size = WC_MD2_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_MD4: #ifndef NO_MD4 block_size = WC_MD4_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_MD5: #ifndef NO_MD5 block_size = WC_MD5_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA block_size = WC_SHA_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 block_size = WC_SHA224_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 block_size = WC_SHA256_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 block_size = WC_SHA384_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 block_size = WC_SHA512_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) block_size = WC_SHA512_224_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) block_size = WC_SHA512_256_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_MD5_SHA: /* Old TLS Specific */ #if !defined(NO_MD5) && !defined(NO_SHA) block_size = (int)WC_MD5_BLOCK_SIZE + (int)WC_SHA_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) block_size = WC_SHA3_224_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) block_size = WC_SHA3_256_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) block_size = WC_SHA3_384_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) block_size = WC_SHA3_512_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_BLAKE2B: + #if defined(HAVE_BLAKE2B) + block_size = BLAKE2B_BLOCKBYTES; + #else + block_size = HASH_TYPE_E; + #endif + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #if defined(HAVE_BLAKE2S) block_size = BLAKE2S_BLOCKBYTES; + #else + block_size = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #ifdef WOLFSSL_SM3 block_size = WC_SM3_BLOCK_SIZE; + #else + block_size = HASH_TYPE_E; + #endif break; - #endif /* Not Supported */ - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + block_size = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + block_size = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + block_size = BAD_FUNC_ARG; + break; default: block_size = BAD_FUNC_ARG; break; @@ -528,7 +676,7 @@ int wc_Hash_ex(enum wc_HashType hash_type, const byte* data, word32 data_len, byte* hash, word32 hash_len, void* heap, int devId) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; int dig_size; /* Validate hash buffer size */ @@ -552,51 +700,61 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_Md5Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_ShaHash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_Sha224Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_Sha256Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_Sha384Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_Sha512Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_256Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_MD5_SHA: #if !defined(NO_MD5) && !defined(NO_SHA) ret = wc_Md5Hash_ex(data, data_len, hash, heap, devId); @@ -604,48 +762,71 @@ ret = wc_ShaHash_ex(data, data_len, &hash[WC_MD5_DIGEST_SIZE], heap, devId); } +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) ret = wc_Sha3_256Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) ret = wc_Sha3_384Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) ret = wc_Sha3_512Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_Sm3Hash_ex(data, data_len, hash, heap, devId); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* Not Supported */ case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; break; @@ -700,7 +881,7 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL) return BAD_FUNC_ARG; @@ -717,91 +898,124 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_InitSha_ex(&hash->alg.sha, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_InitSm3(&hash->alg.sm3, heap, devId); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -819,7 +1033,7 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, word32 dataSz) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; @@ -835,91 +1049,124 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_Md5Update(&hash->alg.md5, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -929,7 +1176,7 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL || out == NULL) return BAD_FUNC_ARG; @@ -945,91 +1192,124 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_Md5Final(&hash->alg.md5, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_ShaFinal(&hash->alg.sha, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_Sha224Final(&hash->alg.sha224, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_Sha256Final(&hash->alg.sha256, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_Sha384Final(&hash->alg.sha384, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 ret = wc_Sha512Final(&hash->alg.sha512, out); +#else + ret = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) ret = wc_Sha512_224Final(&hash->alg.sha512, out); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512_256Final(&hash->alg.sha512, out); +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) ret = wc_Sha3_224_Final(&hash->alg.sha3, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) ret = wc_Sha3_256_Final(&hash->alg.sha3, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) ret = wc_Sha3_384_Final(&hash->alg.sha3, out); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) ret = wc_Sha3_512_Final(&hash->alg.sha3, out); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_Sm3Final(&hash->alg.sm3, out); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -1039,7 +1319,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL) return BAD_FUNC_ARG; @@ -1056,103 +1336,136 @@ #ifndef NO_MD5 wc_Md5Free(&hash->alg.md5); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA wc_ShaFree(&hash->alg.sha); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 wc_Sha224Free(&hash->alg.sha224); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 wc_Sha256Free(&hash->alg.sha256); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 wc_Sha384Free(&hash->alg.sha384); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 wc_Sha512Free(&hash->alg.sha512); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; - #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512_224Free(&hash->alg.sha512); ret = 0; +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif - #ifndef WOLFSSL_NOSHA512_256 case WC_HASH_TYPE_SHA512_256: -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512_256Free(&hash->alg.sha512); ret = 0; +#else + ret = HASH_TYPE_E; #endif -#endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; - #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wc_Sha3_256_Free(&hash->alg.sha3); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) wc_Sha3_384_Free(&hash->alg.sha3); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) wc_Sha3_512_Free(&hash->alg.sha3); ret = 0; +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 wc_Sm3Free(&hash->alg.sm3); ret = 0; +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -1163,7 +1476,7 @@ #ifdef WOLFSSL_HASH_FLAGS int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL) return BAD_FUNC_ARG; @@ -1172,37 +1485,59 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_Md5SetFlags(&hash->alg.md5, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_ShaSetFlags(&hash->alg.sha, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_Sha224SetFlags(&hash->alg.sha224, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_Sha256SetFlags(&hash->alg.sha256, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_Sha384SetFlags(&hash->alg.sha384, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: - #ifndef WOLFSSL_NOSHA512_224 +#ifdef WOLFSSL_SHA512 + ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; +#endif + break; + case WC_HASH_TYPE_SHA512_224: - #endif - #ifndef WOLFSSL_NOSHA512_256 +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; +#endif + break; + case WC_HASH_TYPE_SHA512_256: - #endif -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; #endif break; @@ -1212,28 +1547,45 @@ case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_Sm3SetFlags(&hash->alg.sm3, flags); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - case WC_HASH_TYPE_NONE: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -1242,7 +1594,7 @@ } int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) { - int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ + int ret; if (hash == NULL) return BAD_FUNC_ARG; @@ -1251,37 +1603,57 @@ case WC_HASH_TYPE_MD5: #ifndef NO_MD5 ret = wc_Md5GetFlags(&hash->alg.md5, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA ret = wc_ShaGetFlags(&hash->alg.sha, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 ret = wc_Sha224GetFlags(&hash->alg.sha224, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 ret = wc_Sha256GetFlags(&hash->alg.sha256, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 ret = wc_Sha384GetFlags(&hash->alg.sha384, flags); +#else + ret = HASH_TYPE_E; #endif break; case WC_HASH_TYPE_SHA512: - #ifndef WOLFSSL_NOSHA512_224 +#ifdef WOLFSSL_SHA512 + ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; +#endif + break; case WC_HASH_TYPE_SHA512_224: - #endif - #ifndef WOLFSSL_NOSHA512_256 +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; +#endif + break; case WC_HASH_TYPE_SHA512_256: - #endif -#ifdef WOLFSSL_SHA512 +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); +#else + ret = HASH_TYPE_E; #endif break; @@ -1291,28 +1663,45 @@ case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags); +#else + ret = HASH_TYPE_E; #endif break; - #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: +#ifdef WOLFSSL_SM3 ret = wc_Sm3GetFlags(&hash->alg.sm3, flags); +#else + ret = HASH_TYPE_E; +#endif break; - #endif /* not supported */ case WC_HASH_TYPE_MD5_SHA: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD2: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_MD4: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2B: + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_BLAKE2S: - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE128: - #endif - #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + ret = HASH_TYPE_E; + break; case WC_HASH_TYPE_SHAKE256: - #endif + ret = HASH_TYPE_E; + break; + case WC_HASH_TYPE_NONE: + ret = BAD_FUNC_ARG; + break; default: ret = BAD_FUNC_ARG; }; @@ -1954,12 +2343,22 @@ int _wc_Hash_Grow(byte** msg, word32* used, word32* len, const byte* in, int inSz, void* heap) { - if (*len < *used + inSz) { + word32 usedSz = 0; + + if (inSz < 0 || !WC_SAFE_SUM_WORD32(*used, (word32)inSz, usedSz)) + return BAD_FUNC_ARG; + + /* Allow zero-length input as a no-op. Some callers may pass zero-length + * data during hash operations and this should not be treated as an error. */ + if (inSz == 0) + return 0; + + if (*len < usedSz) { if (*msg == NULL) { - *msg = (byte*)XMALLOC(*used + inSz, heap, DYNAMIC_TYPE_TMP_BUFFER); + *msg = (byte*)XMALLOC(usedSz, heap, DYNAMIC_TYPE_TMP_BUFFER); } else { - byte* pt = (byte*)XREALLOC(*msg, *used + inSz, heap, + byte* pt = (byte*)XREALLOC(*msg, usedSz, heap, DYNAMIC_TYPE_TMP_BUFFER); if (pt == NULL) { return MEMORY_E; @@ -1969,7 +2368,7 @@ if (*msg == NULL) { return MEMORY_E; } - *len = *used + inSz; + *len = usedSz; } XMEMCPY(*msg + *used, in, inSz); *used += inSz; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -20,6 +20,21 @@ */ +/* + * HMAC Build Options: + * + * NO_HMAC: Disable HMAC support entirely default: off + * HAVE_HKDF: Enable HKDF (RFC 5869) key derivation default: off + * WOLFSSL_HMAC_COPY_HASH: Copy hash state instead of re-init default: off + * for HMAC operations (performance) + * STM32_HMAC: STM32 hardware HMAC acceleration default: off + * + * Hardware Acceleration (HMAC-specific): + * WC_ASYNC_ENABLE_HMAC: Enable async HMAC operations default: off + * WOLFSSL_DEVCRYPTO_HMAC: /dev/crypto HMAC acceleration default: off + * WOLFSSL_KCAPI_HMAC: Linux kernel crypto API for HMAC default: off + */ + #include #ifndef NO_HMAC @@ -248,7 +263,6 @@ return ret; } -#ifdef WOLFSSL_HMAC_COPY_HASH static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst) { int ret = 0; @@ -323,7 +337,26 @@ return ret; } -#endif + +int wc_HmacCopy(Hmac* src, Hmac* dst) { + int ret; + + if ((src == NULL) || (dst == NULL)) + return BAD_FUNC_ARG; + + XMEMCPY(dst, src, sizeof(*dst)); + + /* Zero hash context after shallow copy to prevent shared sub-pointers + * (e.g., msg, W buffers) with src. The hash Copy function will perform + * the proper deep copy. */ + XMEMSET(&dst->hash, 0, sizeof(wc_HmacHash)); + + ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash); + + if (ret != 0) + XMEMSET(dst, 0, sizeof(*dst)); + return ret; +} static int HmacKeyHashUpdate(byte macType, wc_HmacHash* hash, byte* pad) { @@ -520,6 +553,59 @@ return 0; #else +#if defined(STM32_HASH) && defined(STM32_HMAC) + { + word32 stmAlgo, stmBlockSize, stmDigestSize; + /* Check if this hash type is supported by STM32 HMAC hardware */ + if (wc_Stm32_Hmac_GetAlgoInfo(type, &stmAlgo, &stmBlockSize, + &stmDigestSize) == 0) { + /* Cache algo info for Update/Final */ + hmac->stmAlgo = stmAlgo; + hmac->stmBlockSize = stmBlockSize; + hmac->stmDigestSize = stmDigestSize; + + /* Store raw key in ipad (unused in HW HMAC mode). + * Pre-hash if longer than hash block size. */ + if (length <= stmBlockSize) { + if (key != NULL) { + XMEMCPY(hmac->ipad, key, length); + } + hmac->stmKeyLen = length; + } + else { + /* Pre-hash long key using stmCtx (re-initialized below) */ + wc_Stm32_Hash_Init(&hmac->stmCtx); + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&hmac->stmCtx, stmAlgo, + key, length, stmBlockSize); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&hmac->stmCtx, stmAlgo, + (byte*)hmac->ipad, stmDigestSize); + } + wolfSSL_CryptHwMutexUnLock(); + } + if (ret != 0) + return ret; + hmac->stmKeyLen = stmDigestSize; + } + + /* HW HMAC Phase 1: feed key */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hmac_SetKey(&hmac->stmCtx, type, + (const byte*)hmac->ipad, hmac->stmKeyLen); + wolfSSL_CryptHwMutexUnLock(); + } + if (ret == 0) { + hmac->innerHashKeyed = WC_HMAC_INNER_HASH_KEYED_DEV; + } + return ret; + } + /* Unsupported algo falls through to software */ + } +#endif /* STM32_HASH && STM32_HMAC */ + ip = (byte*)hmac->ipad; op = (byte*)hmac->opad; @@ -840,6 +926,18 @@ } #endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(STM32_HASH) && defined(STM32_HMAC) + if (hmac->innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV) { + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hmac_Update(&hmac->stmCtx, hmac->stmAlgo, + msg, length, hmac->stmBlockSize); + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } +#endif /* STM32_HASH && STM32_HMAC */ + if (!hmac->innerHashKeyed) { #ifndef WOLFSSL_HMAC_COPY_HASH ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad); @@ -957,6 +1055,25 @@ } #endif /* WOLFSSL_ASYNC_CRYPT */ +#if defined(STM32_HASH) && defined(STM32_HMAC) + if (hmac->innerHashKeyed == WC_HMAC_INNER_HASH_KEYED_DEV) { + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hmac_Final(&hmac->stmCtx, hmac->stmAlgo, + (const byte*)hmac->ipad, hmac->stmKeyLen, hash, + hmac->stmDigestSize); + /* Re-run Phase 1 so HMAC is ready for next Update/Final cycle + * (needed for PRF/HKDF loops that reuse the same key) */ + if (ret == 0) { + ret = wc_Stm32_Hmac_SetKey(&hmac->stmCtx, hmac->macType, + (const byte*)hmac->ipad, hmac->stmKeyLen); + } + wolfSSL_CryptHwMutexUnLock(); + } + return ret; + } +#endif /* STM32_HASH && STM32_HMAC */ + if (!hmac->innerHashKeyed) { #ifndef WOLFSSL_HMAC_COPY_HASH ret = HmacKeyHashUpdate(hmac->macType, &hmac->hash, (byte*)hmac->ipad); @@ -1577,6 +1694,7 @@ n++; } + ForceZero(tmp, WC_MAX_DIGEST_SIZE); wc_HmacFree(myHmac); WC_FREE_VAR_EX(myHmac, NULL, DYNAMIC_TYPE_HMAC); @@ -1632,11 +1750,12 @@ ret = wc_HKDF_Extract_ex(type, salt, saltSz, inKey, inKeySz, prk, heap, devId); - if (ret != 0) - return ret; - - return wc_HKDF_Expand_ex(type, prk, hashSz, info, infoSz, out, outSz, - heap, devId); + if (ret == 0) { + ret = wc_HKDF_Expand_ex(type, prk, hashSz, info, infoSz, + out, outSz, heap, devId); + } + ForceZero(prk, WC_MAX_DIGEST_SIZE); + return ret; } int wc_HKDF(int type, const byte* inKey, word32 inKeySz, const byte* salt, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hpke.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hpke.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/hpke.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/hpke.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hpke.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,24 +45,6 @@ #include #endif -const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN] = { - DHKEM_P256_HKDF_SHA256, - DHKEM_P384_HKDF_SHA384, - DHKEM_P521_HKDF_SHA512, - DHKEM_X25519_HKDF_SHA256, -}; - -const int hpkeSupportedKdf[HPKE_SUPPORTED_KDF_LEN] = { - HKDF_SHA256, - HKDF_SHA384, - HKDF_SHA512, -}; - -const int hpkeSupportedAead[HPKE_SUPPORTED_AEAD_LEN] = { - HPKE_AES_128_GCM, - HPKE_AES_256_GCM, -}; - static const char* KEM_STR = "KEM"; static const int KEM_STR_LEN = 3; @@ -101,13 +83,12 @@ { int i; - if (w <= 0 || w > 32) { + if (w <= 0 || w > 32 || n < 0) { return MP_VAL; } /* if width is less than int max check that n is less than w bytes max */ - /* if width is greater than int max check that n is less than int max */ - if ((w < 4 && n > ((1 << (w * 8)) - 1)) || (w >= 4 && n > 0x7fffffff)) { + if (w < 4 && n > ((1 << (w * 8)) - 1)) { return MP_VAL; } @@ -133,9 +114,9 @@ } XMEMSET(hpke, 0, sizeof(*hpke)); - hpke->kem = (word32)kem; - hpke->kdf = (word32)kdf; - hpke->aead = (word32)aead; + hpke->kem = (word16)kem; + hpke->kdf = (word16)kdf; + hpke->aead = (word16)aead; hpke->heap = heap; /* set kem_suite_id */ @@ -167,52 +148,67 @@ if (ret == 0) { switch (kem) { #if defined(HAVE_ECC) -#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: - hpke->curve_id = ECC_SECP256R1; + hpke->curveId = ECC_SECP256R1; hpke->Nsecret = WC_SHA256_DIGEST_SIZE; - hpke->Nh = WC_SHA256_DIGEST_SIZE; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curve_id); + hpke->kemDigest = WC_SHA256; + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif -#ifdef WOLFSSL_SHA384 +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: - hpke->curve_id = ECC_SECP384R1; + hpke->curveId = ECC_SECP384R1; hpke->Nsecret = WC_SHA384_DIGEST_SIZE; - hpke->Nh = WC_SHA384_DIGEST_SIZE; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curve_id); + hpke->kemDigest = WC_SHA384; + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif -#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: - hpke->curve_id = ECC_SECP521R1; + hpke->curveId = ECC_SECP521R1; hpke->Nsecret = WC_SHA512_DIGEST_SIZE; - hpke->Nh = WC_SHA512_DIGEST_SIZE; - hpke->Ndh = (word32)wc_ecc_get_curve_size_from_id(hpke->curve_id); + hpke->kemDigest = WC_SHA512; + ret = wc_ecc_get_curve_size_from_id(hpke->curveId); + if (ret < 0) { + break; + } + hpke->Ndh = (word32)ret; + ret = 0; hpke->Npk = 1 + hpke->Ndh * 2; break; #endif -#endif +#endif /* HAVE_ECC */ -#if defined(HAVE_CURVE25519) &&\ - (defined(WOLFSSL_SHA224) || !defined(NO_SHA256)) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: hpke->Nsecret = WC_SHA256_DIGEST_SIZE; - hpke->Nh = WC_SHA256_DIGEST_SIZE; + hpke->kemDigest = WC_SHA256; hpke->Ndh = CURVE25519_KEYSIZE; hpke->Npk = CURVE25519_PUB_KEY_SIZE; break; #endif -#if defined(HAVE_CURVE448) &&\ - (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: hpke->Nsecret = WC_SHA512_DIGEST_SIZE; - hpke->Nh = WC_SHA512_DIGEST_SIZE; + hpke->kemDigest = WC_SHA512; /* size of x448 shared secret */ hpke->Ndh = 64; hpke->Npk = CURVE448_PUB_KEY_SIZE; @@ -228,17 +224,26 @@ if (ret == 0) { switch (kdf) { +#if !defined(NO_SHA256) case HKDF_SHA256: - hpke->kdf_digest = WC_SHA256; + hpke->Nh = WC_SHA256_DIGEST_SIZE; + hpke->kdfDigest = WC_SHA256; break; +#endif +#ifdef WOLFSSL_SHA384 case HKDF_SHA384: - hpke->kdf_digest = WC_SHA384; + hpke->Nh = WC_SHA384_DIGEST_SIZE; + hpke->kdfDigest = WC_SHA384; break; +#endif +#ifdef WOLFSSL_SHA512 case HKDF_SHA512: - hpke->kdf_digest = WC_SHA512; + hpke->Nh = WC_SHA512_DIGEST_SIZE; + hpke->kdfDigest = WC_SHA512; break; +#endif default: ret = BAD_FUNC_ARG; @@ -248,17 +253,21 @@ if (ret == 0) { switch (aead) { +#ifdef WOLFSSL_AES_128 case HPKE_AES_128_GCM: hpke->Nk = AES_128_KEY_SIZE; hpke->Nn = GCM_NONCE_MID_SZ; hpke->Nt = WC_AES_BLOCK_SIZE; break; +#endif +#ifdef WOLFSSL_AES_256 case HPKE_AES_256_GCM: hpke->Nk = AES_256_KEY_SIZE; hpke->Nn = GCM_NONCE_MID_SZ; hpke->Nt = WC_AES_BLOCK_SIZE; break; +#endif default: ret = BAD_FUNC_ARG; @@ -266,10 +275,6 @@ } } - if ((int)hpke->Ndh < 0) { - return (int)hpke->Ndh; - } - return ret; } @@ -284,26 +289,34 @@ switch (hpke->kem) { #if defined(HAVE_ECC) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) case DHKEM_P256_HKDF_SHA256: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 32, (ecc_key*)*keypair, ECC_SECP256R1); break; +#endif + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) case DHKEM_P384_HKDF_SHA384: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 48, (ecc_key*)*keypair, ECC_SECP384R1); break; + #endif + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) case DHKEM_P521_HKDF_SHA512: *keypair = wc_ecc_key_new(hpke->heap); if (*keypair != NULL) ret = wc_ecc_make_key_ex(rng, 66, (ecc_key*)*keypair, ECC_SECP521R1); break; + #endif #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: *keypair = XMALLOC(sizeof(curve25519_key), hpke->heap, DYNAMIC_TYPE_CURVE25519); @@ -316,8 +329,10 @@ } break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = BAD_FUNC_ARG; break; @@ -327,7 +342,7 @@ ret = MEMORY_E; if (ret != 0 && *keypair != NULL) { - wc_HpkeFreeKey(hpke, (word16)hpke->kem, *keypair, hpke->heap); + wc_HpkeFreeKey(hpke, hpke->kem, *keypair, hpke->heap); *keypair = NULL; } @@ -356,13 +371,16 @@ ret = wc_ecc_export_x963_ex((ecc_key*)key, out, &tmpOutSz, 0); break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: ret = wc_curve25519_export_public_ex((curve25519_key*)key, out, &tmpOutSz, EC25519_LITTLE_ENDIAN); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: + /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -398,11 +416,11 @@ if (*key != NULL) { /* import the x963 key */ ret = wc_ecc_import_x963_ex(in, inSz, (ecc_key*)*key, - hpke->curve_id); + hpke->curveId); } break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: *key = XMALLOC(sizeof(curve25519_key), hpke->heap, DYNAMIC_TYPE_CURVE25519); @@ -415,7 +433,10 @@ } break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: + /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -425,7 +446,7 @@ ret = MEMORY_E; if (ret != 0 && *key != NULL) { - wc_HpkeFreeKey(hpke, (word16)hpke->kem, *key, hpke->heap); + wc_HpkeFreeKey(hpke, hpke->kem, *key, hpke->heap); *key = NULL; } @@ -444,14 +465,16 @@ wc_ecc_key_free((ecc_key*)keypair); break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: wc_curve25519_free((curve25519_key*)keypair); XFREE(keypair, heap, DYNAMIC_TYPE_CURVE25519); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: break; } @@ -460,17 +483,39 @@ } static int wc_HpkeLabeledExtract(Hpke* hpke, byte* suite_id, - word32 suite_id_len, byte* salt, word32 salt_len, byte* label, + word32 suite_id_len, int digest, byte* salt, word32 salt_len, byte* label, word32 label_len, byte* ikm, word32 ikm_len, byte* out) { int ret; byte* labeled_ikm_p; + word32 remaining; WC_DECLARE_VAR(labeled_ikm, byte, MAX_HPKE_LABEL_SZ, 0); if (hpke == NULL) { return BAD_FUNC_ARG; } + /* check that sum of len's will not overflow */ + remaining = (word32)MAX_HPKE_LABEL_SZ; + if ((word32)HPKE_VERSION_STR_LEN > remaining) { + return BUFFER_E; + } + remaining -= (word32)HPKE_VERSION_STR_LEN; + + if (suite_id_len > remaining) { + return BUFFER_E; + } + remaining -= suite_id_len; + + if (label_len > remaining) { + return BUFFER_E; + } + remaining -= label_len; + + if (ikm_len > remaining) { + return BUFFER_E; + } + WC_ALLOC_VAR_EX(labeled_ikm, byte, MAX_HPKE_LABEL_SZ, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); @@ -495,7 +540,7 @@ /* call extract */ PRIVATE_KEY_UNLOCK(); - ret = wc_HKDF_Extract(hpke->kdf_digest, salt, salt_len, labeled_ikm, + ret = wc_HKDF_Extract(digest, salt, salt_len, labeled_ikm, (word32)(size_t)(labeled_ikm_p - labeled_ikm), out); PRIVATE_KEY_LOCK(); @@ -507,17 +552,39 @@ /* do hkdf expand with the format specified in the hpke rfc, return 0 or * error */ static int wc_HpkeLabeledExpand(Hpke* hpke, byte* suite_id, word32 suite_id_len, - byte* prk, word32 prk_len, byte* label, word32 label_len, byte* info, - word32 infoSz, word32 L, byte* out) + int digest, byte* prk, word32 prk_len, byte* label, word32 label_len, + byte* info, word32 infoSz, word32 L, byte* out) { int ret; byte* labeled_info_p; + word32 remaining; WC_DECLARE_VAR(labeled_info, byte, MAX_HPKE_LABEL_SZ, 0); if (hpke == NULL) { return BAD_FUNC_ARG; } + /* check that sum of len's will not overflow */ + remaining = (word32)MAX_HPKE_LABEL_SZ; + if (2U + (word32)HPKE_VERSION_STR_LEN > remaining) { + return BUFFER_E; + } + remaining -= 2U + (word32)HPKE_VERSION_STR_LEN; + + if (suite_id_len > remaining) { + return BUFFER_E; + } + remaining -= suite_id_len; + + if (label_len > remaining) { + return BUFFER_E; + } + remaining -= label_len; + + if (infoSz > remaining) { + return BUFFER_E; + } + WC_ALLOC_VAR_EX(labeled_info, byte, MAX_HPKE_LABEL_SZ, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); @@ -544,10 +611,8 @@ /* call expand */ PRIVATE_KEY_UNLOCK(); - ret = wc_HKDF_Expand(hpke->kdf_digest, - prk, prk_len, - labeled_info, (word32)(size_t)(labeled_info_p - labeled_info), - out, L); + ret = wc_HKDF_Expand(digest, prk, prk_len, labeled_info, + (word32)(size_t)(labeled_info_p - labeled_info), out, L); PRIVATE_KEY_LOCK(); } @@ -595,16 +660,19 @@ /* extract */ ret = wc_HpkeLabeledExtract(hpke, hpke->kem_suite_id, - sizeof( hpke->kem_suite_id ), NULL, 0, (byte*)EAE_PRK_LABEL_STR, - EAE_PRK_LABEL_STR_LEN, dh, dh_len, eae_prk); + sizeof( hpke->kem_suite_id ), hpke->kemDigest, NULL, 0, + (byte*)EAE_PRK_LABEL_STR, EAE_PRK_LABEL_STR_LEN, dh, dh_len, eae_prk); /* expand */ - if ( ret == 0 ) + if ( ret == 0 ) { ret = wc_HpkeLabeledExpand(hpke, hpke->kem_suite_id, - sizeof( hpke->kem_suite_id ), eae_prk, hpke->Nh, - (byte*)SHARED_SECRET_LABEL_STR, SHARED_SECRET_LABEL_STR_LEN, - kemContext, kem_context_length, hpke->Nsecret, sharedSecret); + sizeof( hpke->kem_suite_id ), hpke->kemDigest, eae_prk, + hpke->Nsecret, (byte*)SHARED_SECRET_LABEL_STR, + SHARED_SECRET_LABEL_STR_LEN, kemContext, kem_context_length, + hpke->Nsecret, sharedSecret); + } + ForceZero(eae_prk, WC_MAX_DIGEST_SIZE); WC_FREE_VAR_EX(eae_prk, hpke->heap, DYNAMIC_TYPE_DIGEST); return ret; @@ -651,35 +719,37 @@ /* extract psk_id, which for base is null */ ret = wc_HpkeLabeledExtract(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), NULL, 0, (byte*)PSK_ID_HASH_LABEL_STR, - PSK_ID_HASH_LABEL_STR_LEN, NULL, 0, key_schedule_context + 1); + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, NULL, 0, + (byte*)PSK_ID_HASH_LABEL_STR, PSK_ID_HASH_LABEL_STR_LEN, NULL, 0, + key_schedule_context + 1); /* extract info */ if (ret == 0) { ret = wc_HpkeLabeledExtract(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), NULL, 0, (byte*)INFO_HASH_LABEL_STR, - INFO_HASH_LABEL_STR_LEN, info, infoSz, + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, NULL, 0, + (byte*)INFO_HASH_LABEL_STR, INFO_HASH_LABEL_STR_LEN, info, infoSz, key_schedule_context + 1 + hpke->Nh); } /* extract secret */ if (ret == 0) { ret = wc_HpkeLabeledExtract(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), sharedSecret, hpke->Nsecret, - (byte*)SECRET_LABEL_STR, SECRET_LABEL_STR_LEN, NULL, 0, secret); + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, sharedSecret, + hpke->Nsecret, (byte*)SECRET_LABEL_STR, SECRET_LABEL_STR_LEN, + NULL, 0, secret); } /* expand key */ if (ret == 0) ret = wc_HpkeLabeledExpand(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), secret, hpke->Nh, + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, secret, hpke->Nh, (byte*)KEY_LABEL_STR, KEY_LABEL_STR_LEN, key_schedule_context, 1 + 2 * hpke->Nh, hpke->Nk, context->key); /* expand nonce */ if (ret == 0) { ret = wc_HpkeLabeledExpand(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), secret, hpke->Nh, + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, secret, hpke->Nh, (byte*)BASE_NONCE_LABEL_STR, BASE_NONCE_LABEL_STR_LEN, key_schedule_context, 1 + 2 * hpke->Nh, hpke->Nn, context->base_nonce); @@ -688,11 +758,13 @@ /* expand exporter_secret */ if (ret == 0) { ret = wc_HpkeLabeledExpand(hpke, hpke->hpke_suite_id, - sizeof( hpke->hpke_suite_id ), secret, hpke->Nh, + sizeof( hpke->hpke_suite_id ), hpke->kdfDigest, secret, hpke->Nh, (byte*)EXP_LABEL_STR, EXP_LABEL_STR_LEN, key_schedule_context, 1 + 2 * hpke->Nh, hpke->Nh, context->exporter_secret); } + ForceZero(key_schedule_context, 1 + 2 * WC_MAX_DIGEST_SIZE); + ForceZero(secret, WC_MAX_DIGEST_SIZE); WC_FREE_VAR_EX(key_schedule_context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(secret, hpke->heap, DYNAMIC_TYPE_DIGEST); @@ -705,7 +777,7 @@ byte* sharedSecret) { int ret; -#ifdef ECC_TIMING_RESISTANT +#if defined(ECC_TIMING_RESISTANT) && defined(HAVE_ECC) WC_RNG* rng; #endif word32 dh_len; @@ -766,15 +838,17 @@ #endif break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: ret = wc_curve25519_shared_secret_ex((curve25519_key*)ephemeralKey, (curve25519_key*)receiverKey, dh, &dh_len, EC25519_LITTLE_ENDIAN); break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = -1; break; @@ -796,6 +870,8 @@ hpke->Npk * 2, sharedSecret); } + ForceZero(dh, hpke->Ndh); + ForceZero(kemContext, hpke->Npk * 2); WC_FREE_VAR_EX(dh, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(kemContext, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -816,6 +892,9 @@ #ifdef WOLFSSL_SMALL_STACK sharedSecret = (byte*)XMALLOC(hpke->Nsecret, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (sharedSecret == NULL) { + return MEMORY_E; + } #endif /* encap */ @@ -827,6 +906,7 @@ infoSz); } + ForceZero(sharedSecret, hpke->Nsecret); WC_FREE_VAR_EX(sharedSecret, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -859,6 +939,11 @@ plaintext == NULL || out == NULL) { return BAD_FUNC_ARG; } + + /* RFC 9180 requires error on sequence overflow. */ + if (context->seq == WC_MAX_SINT_OF(int)) + return SEQ_OVERFLOW_E; + WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES, return MEMORY_E); ret = wc_AesInit(aes, hpke->heap, INVALID_DEVID); @@ -914,6 +999,7 @@ PRIVATE_KEY_LOCK(); + ForceZero(context, sizeof(HpkeBaseContext)); WC_FREE_VAR_EX(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -987,7 +1073,7 @@ #endif break; #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) case DHKEM_X25519_HKDF_SHA256: #ifdef WOLFSSL_CURVE25519_BLINDING rng = wc_rng_new(NULL, 0, hpke->heap); @@ -1007,15 +1093,17 @@ #endif break; #endif +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) case DHKEM_X448_HKDF_SHA512: /* TODO: Add X448 */ +#endif default: ret = -1; break; } if (ephemeralKey != NULL) - wc_HpkeFreeKey(hpke, (word16)hpke->kem, ephemeralKey, hpke->heap); + wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap); if (ret == 0) { /* copy pubKey into kemContext */ @@ -1032,6 +1120,8 @@ hpke->Npk * 2, sharedSecret); } + ForceZero(dh, hpke->Ndh); + ForceZero(kemContext, hpke->Npk * 2); WC_FREE_VAR_EX(dh, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(kemContext, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1058,6 +1148,7 @@ infoSz); } + ForceZero(sharedSecret, hpke->Nsecret); WC_FREE_VAR_EX(sharedSecret, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -1084,9 +1175,14 @@ int ret; byte nonce[HPKE_Nn_MAX]; WC_DECLARE_VAR(aes, Aes, 1, 0); - if (hpke == NULL) { + if (hpke == NULL || context == NULL || ciphertext == NULL || out == NULL) { return BAD_FUNC_ARG; } + + /* RFC 9180 requires error on sequence overflow. */ + if (context->seq == WC_MAX_SINT_OF(int)) + return SEQ_OVERFLOW_E; + XMEMSET(nonce, 0, sizeof(nonce)); WC_ALLOC_VAR_EX(aes, Aes, 1, hpke->heap, DYNAMIC_TYPE_AES, return MEMORY_E); @@ -1144,9 +1240,108 @@ PRIVATE_KEY_LOCK(); + ForceZero(context, sizeof(HpkeBaseContext)); WC_FREE_VAR_EX(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } +/* return the encrypted length of the KEM + * return 0 otherwise */ +WOLFSSL_LOCAL word16 wc_HpkeKemGetEncLen(word16 kemId) +{ + switch (kemId) + { +#if defined(HAVE_ECC) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) + case DHKEM_P256_HKDF_SHA256: + return DHKEM_P256_ENC_LEN; +#endif +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) + case DHKEM_P384_HKDF_SHA384: + return DHKEM_P384_ENC_LEN; +#endif +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) + case DHKEM_P521_HKDF_SHA512: + return DHKEM_P521_ENC_LEN; +#endif +#endif /* HAVE_ECC */ +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) + case DHKEM_X25519_HKDF_SHA256: + return DHKEM_X25519_ENC_LEN; +#endif + default: + return 0; + } +} + +/* return true if hpke is compiled with support for the given KEM + * return false otherwise */ +WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId) +{ + switch (kemId) { +#if defined(HAVE_ECC) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) + case DHKEM_P256_HKDF_SHA256: +#endif +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) + case DHKEM_P384_HKDF_SHA384: +#endif +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) + case DHKEM_P521_HKDF_SHA512: +#endif +#endif /* HAVE_ECC */ +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) + case DHKEM_X25519_HKDF_SHA256: +#endif + return 1; + + default: + return 0; + } +} + +/* return true if hpke is compiled with support for the given KDF + * return false otherwise */ +WOLFSSL_LOCAL int wc_HpkeKdfIsSupported(word16 kdfId) +{ + switch (kdfId) { +#if !defined(NO_SHA256) + case HKDF_SHA256: +#endif +#ifdef WOLFSSL_SHA384 + case HKDF_SHA384: +#endif +#ifdef WOLFSSL_SHA512 + case HKDF_SHA512: +#endif + return 1; + + default: + return 0; + } +} + +/* return true if hpke is compiled with support for the given AEAD + * return false otherwise */ +WOLFSSL_LOCAL int wc_HpkeAeadIsSupported(word16 aeadId) +{ + switch (aeadId) { +#ifdef WOLFSSL_AES_128 + case HPKE_AES_128_GCM: +#endif +#ifdef WOLFSSL_AES_256 + case HPKE_AES_256_GCM: +#endif + return 1; + + default: + return 0; + } +} + #endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519) && HAVE_AESGCM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -11,7 +11,9 @@ MAINTAINERCLEANFILES+= $(ASYNC_FILES) EXTRA_DIST += wolfcrypt/src/misc.c +EXTRA_DIST += wolfcrypt/src/asn_orig.c EXTRA_DIST += wolfcrypt/src/evp.c +EXTRA_DIST += wolfcrypt/src/evp_pk.c EXTRA_DIST += wolfcrypt/src/asm.c EXTRA_DIST += wolfcrypt/src/aes_asm.asm EXTRA_DIST += wolfcrypt/src/aes_gcm_asm.asm diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/integer.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1392,10 +1392,10 @@ /* compare magnitude of two ints (unsigned) */ -int mp_cmp_mag (mp_int * a, mp_int * b) +int mp_cmp_mag (const mp_int * a, const mp_int * b) { int n; - mp_digit *tmpa, *tmpb; + const mp_digit *tmpa, *tmpb; /* compare based on # of non-zero digits */ if (a->used > b->used) { @@ -1430,7 +1430,7 @@ /* compare two ints (signed)*/ -int mp_cmp (mp_int * a, mp_int * b) +int mp_cmp (const mp_int * a, const mp_int * b) { /* compare based on sign */ if (a->sign != b->sign) { @@ -3278,8 +3278,10 @@ q.sign = a->sign; w = 0; - if (a->used == 0) + if (a->used == 0) { + mp_clear(&q); return MP_VAL; + } for (ix = a->used - 1; ix >= 0; ix--) { w = (w << ((mp_word)DIGIT_BIT)) | ((mp_word)a->dp[ix]); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/kdf.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kdf.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -896,8 +896,7 @@ block[i] = 0; } XMEMCPY(block + WC_SRTP_MAX_SALT - saltSz, salt, saltSz); - block[WC_SRTP_MAX_SALT] = 0; - /* block[15] is counter. */ + /* block[14-15] are counter. */ /* When kdrIdx is -1, don't XOR in index. */ if (kdrIdx >= 0) { @@ -947,6 +946,7 @@ block[WC_SRTP_MAX_SALT - idxSz - 1] ^= label; for (i = 0; (ret == 0) && (i < blocks); i++) { /* Set counter. */ + block[14] = (byte)(i >> 8); block[15] = (byte)i; /* Encrypt block into key buffer. */ ret = wc_AesEcbEncrypt(aes, key, block, WC_AES_BLOCK_SIZE); @@ -959,6 +959,7 @@ if ((ret == 0) && (keySz > 0)) { byte enc[WC_AES_BLOCK_SIZE]; /* Set counter. */ + block[14] = (byte)(i >> 8); block[15] = (byte)i; /* Encrypt block into temporary. */ ret = wc_AesEcbEncrypt(aes, enc, block, WC_AES_BLOCK_SIZE); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/logging.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -430,7 +430,11 @@ #endif /* (!WOLFSSL_DEBUG_CERTS && !DEBUG_WOLFSSL) || NO_WOLFSSL_DEBUG_CERTS */ #if defined(XVSNPRINTF) && !defined(NO_WOLFSSL_MSG_EX) -#include /* for var args */ +#if defined(WOLFSSL_BSDKM) + #include /* for var args */ +#else + #include /* for var args */ +#endif /* WOLFSSL_BSDKM */ #ifndef WOLFSSL_MSG_EX_BUF_SZ #define WOLFSSL_MSG_EX_BUF_SZ 100 @@ -1818,12 +1822,38 @@ #endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + +#ifndef WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE + #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE 1 +#endif + +#ifdef WOLFSSL_ATOMIC_OPS +static wolfSSL_Atomic_Int wc_debug_trace_error_codes_state = + WOLFSSL_ATOMIC_INITIALIZER(WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE); +#else +static int wc_debug_trace_error_codes_state = + WOLFSSL_DEBUG_TRACE_ERROR_CODES_INIT_STATE; +#endif + +int wc_debug_trace_error_codes_enabled(void) { + return WOLFSSL_ATOMIC_LOAD(wc_debug_trace_error_codes_state); +} + +int wc_debug_trace_error_codes_set(int state) { + return wolfSSL_Atomic_Int_Exchange(&wc_debug_trace_error_codes_state, + state); +} + +#endif /* WOLFSSL_DEBUG_TRACE_ERROR_CODES */ + #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES #ifdef WOLFSSL_LINUXKM -void wc_backtrace_render(void) { +int wc_backtrace_render(void) { dump_stack(); + return 0; } #else /* !WOLFSSL_LINUXKM */ @@ -1896,11 +1926,12 @@ return 0; } -void wc_backtrace_render(void) { +int wc_backtrace_render(void) { static wolfSSL_Mutex backtrace_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex); static struct backtrace_state *backtrace_state = NULL; int depth = 0; + int ret; #ifndef WOLFSSL_MUTEX_INITIALIZER static wolfSSL_Atomic_Int init_count = 0; @@ -1908,10 +1939,11 @@ int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1); if (cur_init_count != 0) { (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1); - return; + return WC_NO_ERR_TRACE(DEADLOCK_AVERTED_E); } - if (wc_InitMutex(&backtrace_mutex) != 0) - return; + ret = wc_InitMutex(&backtrace_mutex); + if (ret != 0) + return ret; /* set init_count to 1, race-free: (-1) - (0-2) = 1 */ (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2); } @@ -1921,13 +1953,14 @@ * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op. this * helpfully mutexes the initialization too. */ - if (wc_LockMutex(&backtrace_mutex) != 0) - return; + ret = wc_LockMutex(&backtrace_mutex); + if (ret != 0) + return ret; if (backtrace_state == NULL) { if (backtrace_init(&backtrace_state) < 0) { wc_UnLockMutex(&backtrace_mutex); - return; + return WC_NO_ERR_TRACE(BAD_STATE_E); } } @@ -1939,6 +1972,8 @@ (void *)&depth); wc_UnLockMutex(&backtrace_mutex); + + return 0; } #endif /* !WOLFSSL_LINUXKM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md2.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md4.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/md5.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,17 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * MD5 Build Options: + * + * NO_MD5: Disable MD5 support entirely default: off + * HAVE_MD5_CUST_API: Enable custom MD5 API default: off + * STM32_NOMD5: Disable STM32 hardware MD5 default: off + * + * Hardware Acceleration (MD5-specific): + * WC_ASYNC_ENABLE_MD5: Enable async MD5 operations default: off + */ + #include #if !defined(NO_MD5) @@ -522,6 +533,7 @@ if (md5 == NULL || hash == NULL) return BAD_FUNC_ARG; + XMEMSET(&tmpMd5, 0, sizeof(tmpMd5)); ret = wc_Md5Copy(md5, &tmpMd5); if (ret == 0) { ret = wc_Md5Final(&tmpMd5, hash); @@ -537,6 +549,9 @@ if (src == NULL || dst == NULL) return BAD_FUNC_ARG; + /* Free dst resources before copy to prevent memory leaks (e.g., + * hardware contexts). XMEMCPY overwrites dst. */ + wc_Md5Free(dst); XMEMCPY(dst, src, sizeof(wc_Md5)); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_MD5) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/memory.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -313,7 +313,7 @@ nextIdx--; if (nextIdx > 0) { /* Remove entry. */ - XMEMCPY(memZero + i, memZero + i + 1, + XMEMMOVE(memZero + i, memZero + i + 1, sizeof(MemZero) * (nextIdx - i)); /* Clear out top to make it easier to see what is to be checked. */ XMEMSET(&memZero[nextIdx], 0, sizeof(MemZero)); @@ -521,6 +521,11 @@ } #endif /* WOLFSSL_STATIC_MEMORY */ +#ifdef WOLFSSL_TRACK_MEMORY +#include +WOLFSSL_API memoryStats *wc_MemStats_Ptr; +#endif + #ifdef WOLFSSL_STATIC_MEMORY struct wc_Memory { @@ -1822,6 +1827,7 @@ #endif /* DEBUG_VECTOR_REGISTER_ACCESS_FUZZING */ -#ifdef WOLFSSL_LINUXKM - #include "../../linuxkm/linuxkm_memory.c" +#if defined(WOLFSSL_LINUXKM) || defined(WC_SYM_RELOC_TABLES) || \ + defined(WC_SYM_RELOC_TABLES_SUPPORT) + #include "linuxkm/linuxkm_memory.c" #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/misc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -205,7 +205,7 @@ } } else if (((size_t)out & 0x3) == 0) { - byte *in_bytes = (byte *)in; + const byte *in_bytes = (const byte *)in; word32 scratch; byteCount &= ~0x3U; @@ -216,7 +216,7 @@ } } else { - byte *in_bytes = (byte *)in; + const byte *in_bytes = (const byte *)in; byte *out_bytes = (byte *)out; word32 scratch; @@ -234,7 +234,7 @@ WC_MISC_STATIC WC_INLINE word32 readUnalignedWord32(const byte *in) { if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word32) - 1U)) == (wc_ptr_t)0) - return *(word32 *)in; + return *(const word32 *)in; else { word32 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ XMEMCPY(&out, in, sizeof(out)); @@ -283,7 +283,7 @@ WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) { if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) - return *(word64 *)in; + return *(const word64 *)in; else { word64 out = 0; /* else CONFIG_FORTIFY_SOURCE -Wmaybe-uninitialized */ XMEMCPY(&out, in, sizeof(out)); @@ -382,7 +382,7 @@ } } else if (((size_t)out & 0x7) == 0) { - byte *in_bytes = (byte *)in; + const byte *in_bytes = (const byte *)in; word64 scratch; byteCount &= ~0x7U; @@ -393,7 +393,7 @@ } } else { - byte *in_bytes = (byte *)in; + const byte *in_bytes = (const byte *)in; byte *out_bytes = (byte *)out; word64 scratch; @@ -415,7 +415,7 @@ /* Leave no doubt that WOLFSSL_WORD_SIZE is a power of 2. */ wc_static_assert((WOLFSSL_WORD_SIZE & (WOLFSSL_WORD_SIZE - 1)) == 0); -/* This routine performs a bitwise XOR operation of <*r> and <*a> for number +/* This routine performs a bitwise XOR operation of <*a> and <*b> for number of wolfssl_words, placing the result in <*r>. */ WC_MISC_STATIC WC_INLINE void XorWordsOut(wolfssl_word** r, const wolfssl_word** a, const wolfssl_word** b, word32 n) @@ -427,7 +427,7 @@ } /* This routine performs a bitwise XOR operation of <*buf> and <*mask> of n -counts, placing the result in <*buf>. */ +counts, placing the result in <*out>. */ WC_MISC_STATIC WC_INLINE void xorbufout(void* out, const void* buf, const void* mask, word32 count) @@ -775,7 +775,9 @@ #if !defined(WOLFSSL_NO_CT_OPS) && !defined(WOLFSSL_NO_CT_MAX_MIN) && \ defined(WORD64_AVAILABLE) volatile word32 gte_mask = (word32)ctMaskWord32GTE(a, b); - return (a & ~gte_mask) | (b & gte_mask); + word32 r = (a & ~gte_mask); + r |= (b & gte_mask); + return r; #else /* WOLFSSL_NO_CT_OPS */ return a > b ? b : a; #endif /* WOLFSSL_NO_CT_OPS */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs12.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs12.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -63,7 +63,7 @@ typedef struct ContentInfo { - byte* data; + const byte* data; struct ContentInfo* next; word32 encC; /* encryptedContent */ word32 dataSz; @@ -334,6 +334,12 @@ return ret; } + /* Check that OID did not consume more than the sequence length */ + if (localIdx > curIdx + (word32)curSz) { + freeSafe(safe, pkcs12->heap); + return ASN_PARSE_E; + } + /* create new content info struct ... possible OID sanity check? */ ci = (ContentInfo*)XMALLOC(sizeof(ContentInfo), pkcs12->heap, DYNAMIC_TYPE_PKCS); @@ -344,7 +350,7 @@ ci->type = (int)oid; ci->dataSz = (word32)curSz - (localIdx-curIdx); - ci->data = (byte*)input + localIdx; + ci->data = input + localIdx; localIdx += ci->dataSz; #ifdef WOLFSSL_DEBUG_PKCS12 @@ -509,6 +515,7 @@ if (ret != 0) { if (mac) { XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); + XFREE(mac->salt, pkcs12->heap, DYNAMIC_TYPE_SALT); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); } } @@ -636,7 +643,13 @@ } #endif - return XMEMCMP(digest, mac->digest, mac->digestSz); + if (ConstantCompare(digest, mac->digest, (int)mac->digestSz) != 0) { + ForceZero(digest, sizeof(digest)); + return MAC_CMP_FAILED_E; + } + + ForceZero(digest, sizeof(digest)); + return 0; } int wc_PKCS12_verify_ex(WC_PKCS12* pkcs12, const byte* psw, word32 pswSz) @@ -1134,6 +1147,7 @@ { byte* oldContent; word32 oldContentSz; + word32 newSz = 0; (void)pkcs12; @@ -1145,14 +1159,19 @@ oldContentSz = *mergedSz; /* re-allocate new buffer to fit appended data */ - mergedData = (byte*)XMALLOC(oldContentSz + inSz, pkcs12->heap, + if (WC_SAFE_SUM_WORD32(oldContentSz, inSz, newSz) == 0) { + XFREE(oldContent, pkcs12->heap, DYNAMIC_TYPE_PKCS); + return NULL; + } + + mergedData = (byte*)XMALLOC(newSz, pkcs12->heap, DYNAMIC_TYPE_PKCS); if (mergedData != NULL) { if (oldContent != NULL) { XMEMCPY(mergedData, oldContent, oldContentSz); } XMEMCPY(mergedData + oldContentSz, in, inSz); - *mergedSz += inSz; + *mergedSz = newSz; } XFREE(oldContent, pkcs12->heap, DYNAMIC_TYPE_PKCS); @@ -1161,7 +1180,8 @@ /* Check if constructed [0] is seen after wc_BerToDer() or not. * returns 1 if seen, 0 if not, ASN_PARSE_E on error */ -static int PKCS12_CheckConstructedZero(byte* data, word32 dataSz, word32* idx) +static int PKCS12_CheckConstructedZero(const byte* data, word32 dataSz, + word32* idx) { word32 oid; int ret = 0; @@ -1336,7 +1356,7 @@ /* if there is sign data then verify the MAC */ if (pkcs12->signData != NULL ) { if ((ret = wc_PKCS12_verify(pkcs12, pkcs12->safe->data, - pkcs12->safe->dataSz, (byte*)psw, (word32)pswSz)) != 0) { + pkcs12->safe->dataSz, (const byte*)psw, (word32)pswSz)) != 0) { WOLFSSL_MSG("PKCS12 Bad MAC on verify"); WOLFSSL_LEAVE("wc_PKCS12_parse verify ", ret); (void)ret; @@ -1352,7 +1372,7 @@ /* Decode content infos */ ci = pkcs12->safe->CI; for (i = 0; i < pkcs12->safe->numCI; i++) { - byte* data; + const byte* data; word32 idx = 0; int size, totalSz; byte tag; @@ -1403,9 +1423,13 @@ * the DecryptContent() expects */ if (pkcs12->indefinite && PKCS12_CheckConstructedZero(data, ci->dataSz, &idx) == 1) { - data[idx-1] = ASN_LONG_LENGTH; - ret = PKCS12_CoalesceOctetStrings(pkcs12, data, ci->dataSz, - &idx, &curIdx); + /* safe casts -- pkcs12->indefinite signals that data is inside + * the earlier allocation of der by wc_d2i_PKCS12((). + */ + ((byte *)(wc_ptr_t)data)[idx-1] = ASN_LONG_LENGTH; + ret = PKCS12_CoalesceOctetStrings( + pkcs12, ((byte *)(wc_ptr_t)data), ci->dataSz, + &idx, &curIdx); if (ret < 0) { goto exit_pk12par; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pkcs7.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs7.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * PKCS#7 Build Options: + * + * Core: + * HAVE_PKCS7: Enable PKCS#7 support default: off + * NO_PKCS7_STREAM: Disable PKCS#7 streaming mode default: off + * NO_PKCS7_ENCRYPTED_DATA: Disable PKCS#7 EncryptedData type default: off + * NO_PKCS7_COMPRESSED_DATA: Disable PKCS#7 CompressedData type default: off + * WC_PKCS7_STREAM_DEBUG: Enable PKCS#7 stream debug output default: off + * WOLFSSL_PKCS7_MAX_DECOMPRESSION: Max decompression size default: off + * + * Callbacks: + * HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK: Custom RSA raw sign callback default: off + * HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK: Custom ECC raw sign callback default: off + * + * Key Derivation: + * HAVE_X963_KDF: Enable ANSI X9.63 KDF default: off + */ + #include #ifdef HAVE_PKCS7 @@ -28,6 +47,26 @@ #ifndef NO_RSA #include #endif +#ifndef RSA_PSS_SALT_LEN_DEFAULT + #define RSA_PSS_SALT_LEN_DEFAULT (-1) +#endif +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + #if (defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) || \ + (defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))) + #ifndef WC_MGF1NONE + #define WC_MGF1NONE 0 + #define WC_MGF1SHA1 26 + #define WC_MGF1SHA224 4 + #define WC_MGF1SHA256 1 + #define WC_MGF1SHA384 2 + #define WC_MGF1SHA512 3 + #define WC_MGF1SHA512_224 5 + #define WC_MGF1SHA512_256 6 + #endif + #endif +#endif #ifdef HAVE_ECC #include #endif @@ -101,6 +140,7 @@ word32 nonceSz; /* size of nonce stored */ word32 aadSz; /* size of additional AEAD data */ word32 tagSz; /* size of tag for AEAD */ + word32 icvSz; /* expected ICV/MAC size from AlgoID parameter */ word32 contentSz; word32 currContIdx; /* index of current content */ word32 currContSz; /* size of current content */ @@ -1019,6 +1059,11 @@ switch (keyOID) { #ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + /* RSA-PSS cert: public key is same RSA format as RSAk */ + FALL_THROUGH; + #endif case RSAk: ret = wc_InitRsaKey_ex(rsa, pkcs7->heap, pkcs7->devId); if (ret != 0) { @@ -1173,6 +1218,10 @@ XMEMCPY(pkcs7->publicKey, dCert->publicKey, dCert->pubKeySize); pkcs7->publicKeySz = dCert->pubKeySize; pkcs7->publicKeyOID = dCert->keyOID; + /* Do not derive publicKeyOID from cert signatureOID: the cert's + * signature is how the cert was signed by its issuer; the signer + * chooses digestEncryptionAlgorithm (e.g. RSASSA-PSS vs PKCS#1 v1.5) + * via API / pkcs7->publicKeyOID set by the application. */ XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE); pkcs7->issuer = dCert->issuerRaw; pkcs7->issuerSz = (word32)dCert->issuerRawLen; @@ -1533,7 +1582,11 @@ byte issuerSKIDSeq[MAX_SEQ_SZ]; byte issuerSKID[MAX_OCTET_STR_SZ]; byte signerDigAlgoId[MAX_ALGO_SZ]; +#if defined(WC_RSA_PSS) + byte digEncAlgoId[128]; /* RSASSA-PSS needs full params */ +#else byte digEncAlgoId[MAX_ALGO_SZ]; +#endif byte signedAttribSet[MAX_SET_SZ]; EncodedAttrib signedAttribs[7]; byte signerDigest[MAX_OCTET_STR_SZ]; @@ -1794,6 +1847,16 @@ } #endif } + #ifdef HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK + else if (pkcs7->rsaSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) { + /* When using raw sign callback (e.g., HSM/secure element), private + * key may not be available. Use public key from signer certificate + * for signature size calculation. */ + idx = 0; + ret = wc_RsaPublicKeyDecode(pkcs7->publicKey, &idx, privKey, + pkcs7->publicKeySz); + } + #endif else if (pkcs7->devId == INVALID_DEVID) { ret = BAD_FUNC_ARG; } @@ -1874,6 +1937,16 @@ } #endif } + #ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK + else if (pkcs7->eccSignRawDigestCb != NULL && pkcs7->publicKeySz > 0) { + /* When using raw sign callback (e.g., HSM/secure element), private + * key may not be available. Use public key from signer certificate + * for signature size calculation. */ + idx = 0; + ret = wc_EccPublicKeyDecode(pkcs7->publicKey, &idx, privKey, + pkcs7->publicKeySz); + } + #endif else if (pkcs7->devId == INVALID_DEVID) { ret = BAD_FUNC_ARG; } @@ -1925,6 +1998,121 @@ #endif /* HAVE_ECC */ +#if defined(WC_RSA_PSS) && !defined(NO_RSA) +/* Map hash type to MGF1 identifier; local copy so PKCS7 does not depend on + * rsa.c when RSA is in a separate FIPS module (e.g. CAVP build). */ +static int pkcs7_hash2mgf(enum wc_HashType hType) +{ + switch (hType) { + case WC_HASH_TYPE_NONE: + return WC_MGF1NONE; + case WC_HASH_TYPE_SHA: +#ifndef NO_SHA + return WC_MGF1SHA1; +#else + break; +#endif + case WC_HASH_TYPE_SHA224: +#ifdef WOLFSSL_SHA224 + return WC_MGF1SHA224; +#else + break; +#endif + case WC_HASH_TYPE_SHA256: +#ifndef NO_SHA256 + return WC_MGF1SHA256; +#else + break; +#endif + case WC_HASH_TYPE_SHA384: +#ifdef WOLFSSL_SHA384 + return WC_MGF1SHA384; +#else + break; +#endif + case WC_HASH_TYPE_SHA512: +#ifdef WOLFSSL_SHA512 + return WC_MGF1SHA512; +#else + break; +#endif + /* MGF1 only supports SHA-1 and SHA-2; other hashes fall through to WC_MGF1NONE */ + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_SHA3_224: + case WC_HASH_TYPE_SHA3_256: + case WC_HASH_TYPE_SHA3_384: + case WC_HASH_TYPE_SHA3_512: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + case WC_HASH_TYPE_SHA512_224: + case WC_HASH_TYPE_SHA512_256: + case WC_HASH_TYPE_SHAKE128: + case WC_HASH_TYPE_SHAKE256: + case WC_HASH_TYPE_SM3: + default: + break; + } + return WC_MGF1NONE; +} + +/* returns size of signature put into esd->encContentDigest, negative on error. + * Signs the digest (contentAttribsDigest) with RSA-PSS padding, like ECDSA. */ +static int wc_PKCS7_RsaPssSign(wc_PKCS7* pkcs7, byte* digest, word32 digestSz, + ESD* esd) +{ + int ret; + word32 outSz; + WC_DECLARE_VAR(privKey, RsaKey, 1, 0); + + if (pkcs7 == NULL || pkcs7->rng == NULL || digest == NULL || esd == NULL) { + return BAD_FUNC_ARG; + } + + WC_ALLOC_VAR_EX(privKey, RsaKey, 1, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + + ret = wc_PKCS7_ImportRSA(pkcs7, privKey); + if (ret == 0) { + outSz = sizeof(esd->encContentDigest); +#ifdef WOLFSSL_ASYNC_CRYPT + do { + ret = wc_AsyncWait(ret, &privKey->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + if (ret >= 0) +#endif + { + /* Salt length policy: use hash digest length (RFC 4055 typical). + * RFC 3447 allows arbitrary salt lengths, but hash-length is the + * most interoperable choice and matches OpenSSL's default. + * Must agree with the saltLen encoded in + * SignerInfo.signatureAlgorithm params above. */ + int saltLen = wc_HashGetDigestSize(wc_OidGetHash(pkcs7->hashOID)); + if (saltLen < 0) { + ret = saltLen; + } + else { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, + esd->encContentDigest, outSz, + esd->hashType, pkcs7_hash2mgf(esd->hashType), + saltLen, privKey, pkcs7->rng); + } + } +#ifdef WOLFSSL_ASYNC_CRYPT + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); +#endif + /* wc_RsaPSS_Sign_ex returns signature length on success */ + } + + wc_FreeRsaKey(privKey); + WC_FREE_VAR_EX(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* WC_RSA_PSS && !NO_RSA */ + /* returns encContentDigestSz based on the signature set to be used */ static int wc_PKCS7_GetSignSize(wc_PKCS7* pkcs7) { @@ -1934,6 +2122,9 @@ #ifndef NO_RSA case RSAk: + #ifdef WC_RSA_PSS + case RSAPSSk: + #endif { #ifndef WOLFSSL_SMALL_STACK RsaKey privKey[1]; @@ -2074,6 +2265,11 @@ /* add custom signed attributes if set */ if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) { + word32 availableSpace = MAX_SIGNED_ATTRIBS_SZ - atrIdx; + + if (pkcs7->signedAttribsSz > availableSpace) + return BUFFER_E; + esd->signedAttribsCount += pkcs7->signedAttribsSz; esd->signedAttribsSz += (word32)EncodeAttributes( &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount, @@ -2219,6 +2415,20 @@ } #endif /* HAVE_ECC */ +#ifdef WC_RSA_PSS + else if (pkcs7->publicKeyOID == RSAPSSk) { + algoType = oidSigType; + algoId = CTC_RSASSAPSS; + /* Hash/MGF/salt conveyed via PSS params in AlgorithmIdentifier */ + } +#endif +#ifndef WC_RSA_PSS + else if (pkcs7->publicKeyOID == RSAPSSk) { + WOLFSSL_MSG("RSA-PSS requested but WC_RSA_PSS not compiled in"); + return NOT_COMPILED_IN; + } +#endif + if (algoId == 0) { WOLFSSL_MSG("Invalid signature algorithm type"); return BAD_FUNC_ARG; @@ -2334,7 +2544,8 @@ { int ret = 0; #if defined(HAVE_ECC) || \ - (defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)) + (defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)) || \ + (defined(WC_RSA_PSS) && !defined(NO_RSA)) int hashSz = 0; #endif #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) @@ -2359,7 +2570,8 @@ } #if defined(HAVE_ECC) || \ - (defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)) + (defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA)) || \ + (defined(WC_RSA_PSS) && !defined(NO_RSA)) /* get digest size from hash type */ hashSz = wc_HashGetDigestSize(esd->hashType); if (hashSz < 0) { @@ -2393,6 +2605,28 @@ #ifdef HAVE_ECC case ECDSAk: + #ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK + if (pkcs7->eccSignRawDigestCb != NULL) { + /* get hash OID */ + int eccHashOID = wc_HashGetOID(esd->hashType); + if (eccHashOID < 0) { + ret = eccHashOID; + break; + } + + /* user signing plain digest */ + ret = pkcs7->eccSignRawDigestCb(pkcs7, + esd->contentAttribsDigest, hashSz, + esd->encContentDigest, sizeof(esd->encContentDigest), + pkcs7->privateKey, pkcs7->privateKeySz, pkcs7->devId, + eccHashOID); + /* validate return value doesn't exceed buffer size */ + if (ret > 0 && (word32)ret > sizeof(esd->encContentDigest)) { + ret = BUFFER_E; + } + break; + } + #endif /* CMS with ECDSA does not sign DigestInfo structure * like PKCS#7 with RSA does */ ret = wc_PKCS7_EcdsaSign(pkcs7, esd->contentAttribsDigest, @@ -2400,6 +2634,14 @@ break; #endif +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + case RSAPSSk: + /* RSA-PSS signs the digest directly (no DigestInfo), like ECDSA */ + ret = wc_PKCS7_RsaPssSign(pkcs7, esd->contentAttribsDigest, + (word32)hashSz, esd); + break; +#endif + default: WOLFSSL_MSG("Unsupported public key type"); ret = BAD_FUNC_ARG; @@ -2499,10 +2741,10 @@ * Returns 0 on success */ #ifndef NO_AES static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, Aes* aes, - byte* in, int inSz, byte* out, int cipherType) + const byte* in, int inSz, byte* out, int cipherType) #else static int wc_PKCS7_EncodeContentStream(wc_PKCS7* pkcs7, ESD* esd, void* aes, - byte* in, int inSz, byte* out, int cipherType) + const byte* in, int inSz, byte* out, int cipherType) #endif { int ret = 0; @@ -2512,7 +2754,7 @@ if (pkcs7->encodeStream) { int sz; word32 totalSz = 0; - byte* buf; + const byte* buf; byte* encContentOut; byte* contentData; word32 idx = 0, outIdx = 0; @@ -2549,8 +2791,9 @@ #ifdef ASN_BER_TO_DER if (pkcs7->getContentCb) { - contentDataRead = pkcs7->getContentCb(pkcs7, - &buf, pkcs7->streamCtx); + contentDataRead = + pkcs7->getContentCb(pkcs7, (byte **)(wc_ptr_t)&buf, + pkcs7->streamCtx); if (buf == NULL) { WOLFSSL_MSG("Get content callback returned null " @@ -2754,14 +2997,19 @@ return BAD_FUNC_ARG; } - /* signature size varies with ECDSA, with a varying sign size the content - * hash must be known in order to create the surrounding ASN1 syntax - * properly before writing out the content and generating the hash on the - * fly and then creating the signature */ - if (hashBuf == NULL && pkcs7->publicKeyOID == ECDSAk) { + /* signature size varies with ECDSA; RSA-PSS signs digest directly like + * ECDSA. For both, content hash must be known to build ASN.1 before signing */ +#if defined(HAVE_ECC) || defined(WC_RSA_PSS) + if (hashBuf == NULL && + (pkcs7->publicKeyOID == ECDSAk +#ifdef WC_RSA_PSS + || pkcs7->publicKeyOID == RSAPSSk +#endif + )) { WOLFSSL_MSG("Pre-calculated content hash is needed in this case"); return BAD_FUNC_ARG; } +#endif #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) keyIdSize = wc_HashGetDigestSize(wc_HashTypeConvert(HashIdAlg( @@ -2918,8 +3166,31 @@ idx = ret; goto out; } - esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId, - digEncAlgoType, 0, pkcs7->hashParamsAbsent); +#if !defined(NO_RSA) && defined(WC_RSA_PSS) + if (digEncAlgoId == CTC_RSASSAPSS) { + /* Salt length policy: always encode as hash digest length. + * This is the common CMS/RFC 4055 profile and matches OpenSSL + * defaults. The decoder (pssSaltLen) handles arbitrary values + * from external blobs. A future pkcs7->pssSaltLen override for + * encode could be added here if custom salt lengths are needed. */ + int saltLen = wc_HashGetDigestSize(wc_OidGetHash(pkcs7->hashOID)); + if (saltLen < 0) { + idx = saltLen; + goto out; + } + esd->digEncAlgoIdSz = wc_EncodeRsaPssAlgoId(pkcs7->hashOID, + (int)(word32)saltLen, esd->digEncAlgoId, + (word32)sizeof(esd->digEncAlgoId)); + if (esd->digEncAlgoIdSz == 0) { + idx = ASN_PARSE_E; + goto out; + } + } else +#endif + { + esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId, + digEncAlgoType, 0, pkcs7->hashParamsAbsent); + } signerInfoSz += esd->digEncAlgoIdSz; /* build up signed attributes, include contentType, signingTime, and @@ -3520,8 +3791,12 @@ return BAD_FUNC_ARG; } - /* pre-calculate hash for ECC signatures */ - if (pkcs7->publicKeyOID == ECDSAk) { + /* pre-calculate content hash for ECDSA and RSA-PSS (both sign digest directly) */ + if (pkcs7->publicKeyOID == ECDSAk +#ifdef WC_RSA_PSS + || pkcs7->publicKeyOID == RSAPSSk +#endif + ) { int hashSz; enum wc_HashType hashType; byte hashBuf[WC_MAX_DIGEST_SIZE]; @@ -3981,6 +4256,30 @@ } #endif +#endif /* NO_RSA */ + + +#ifdef HAVE_ECC + +#ifdef HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK +/* register raw ECC sign digest callback */ +int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7, CallbackEccSignRawDigest cb) +{ + if (pkcs7 == NULL || cb == NULL) { + return BAD_FUNC_ARG; + } + + pkcs7->eccSignRawDigestCb = cb; + + return 0; +} +#endif + +#endif /* HAVE_ECC */ + + +#ifndef NO_RSA + /* returns size of signature put into out, negative on error */ static int wc_PKCS7_RsaVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz, byte* hash, word32 hashSz) @@ -4000,8 +4299,7 @@ byte digest[MAX_PKCS7_DIGEST_SZ]; #endif RsaKey key[1]; - DecodedCert stack_dCert; - DecodedCert* dCert = &stack_dCert; + DecodedCert dCert[1]; #endif if (pkcs7 == NULL || sig == NULL || hash == NULL) { @@ -4104,6 +4402,144 @@ return ret; } +#if defined(WC_RSA_PSS) +/* returns 0 when signature verifies, negative on error */ +static int wc_PKCS7_RsaPssVerify(wc_PKCS7* pkcs7, byte* sig, int sigSz, + byte* hash, word32 hashSz) +{ + int ret = 0, i; + word32 scratch = 0, verified = 0; + word32 pkSz; + int saltLen, verify; + enum wc_HashType hashType; + int hashDigSz, mgf; + /* wc_RsaPSS_Verify_ex output is PSS-encoded message (RSA_PSS_PAD_SZ + + * saltLen + 2*hLen bytes), which can exceed MAX_PKCS7_DIGEST_SZ. + * Use MAX_ENCRYPTED_KEY_SZ (512) to cover RSA keys up to 4096-bit. */ + WC_DECLARE_VAR(digest, byte, MAX_ENCRYPTED_KEY_SZ, 0); + WC_DECLARE_VAR(key, RsaKey, 1, 0); + WC_DECLARE_VAR(dCert, DecodedCert, 1, 0); + + if (pkcs7 == NULL || sig == NULL || hash == NULL) + return BAD_FUNC_ARG; + + /* Use SignerInfo.signatureAlgorithm params when decoded; else digestAlgo */ + if (pkcs7->pssParamsPresent) + hashType = (enum wc_HashType)pkcs7->pssHashType; + else + hashType = wc_OidGetHash(pkcs7->hashOID); + hashDigSz = wc_HashGetDigestSize(hashType); + if (hashDigSz < 0) + return ASN_PARSE_E; + if (hashSz != (word32)hashDigSz) + return ASN_PARSE_E; + mgf = pkcs7->pssParamsPresent + ? pkcs7->pssMgf : pkcs7_hash2mgf(hashType); + if (mgf == WC_MGF1NONE) + return ASN_PARSE_E; + + WC_ALLOC_VAR_EX(digest, byte, MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + WC_ALLOC_VAR_EX(key, RsaKey, 1, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER, + { WC_FREE_VAR_EX(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; }); + WC_ALLOC_VAR_EX(dCert, DecodedCert, 1, pkcs7->heap, DYNAMIC_TYPE_DCERT, + { WC_FREE_VAR_EX(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; }); + + XMEMSET(digest, 0, MAX_ENCRYPTED_KEY_SZ); + + for (i = 0; i < MAX_PKCS7_CERTS; i++) { + if (pkcs7->certSz[i] == 0) + continue; + + scratch = 0; + ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); + if (ret != 0) + break; + + InitDecodedCert(dCert, pkcs7->cert[i], pkcs7->certSz[i], pkcs7->heap); + ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); + if (ret < 0) { + FreeDecodedCert(dCert); + wc_FreeRsaKey(key); + continue; + } + + pkSz = dCert->pubKeySize; + if (pkSz > (MAX_RSA_INT_SZ + MAX_RSA_E_SZ)) + pkSz = (MAX_RSA_INT_SZ + MAX_RSA_E_SZ); + + if (wc_RsaPublicKeyDecode(dCert->publicKey, &scratch, key, + pkSz) < 0) { + FreeDecodedCert(dCert); + wc_FreeRsaKey(key); + continue; + } + + saltLen = pkcs7->pssParamsPresent + ? pkcs7->pssSaltLen : RSA_PSS_SALT_LEN_DEFAULT; + + /* wc_RsaPSS_Verify_ex returns PSS encoded message length, not + * the recovered hash. Must then call wc_RsaPSS_CheckPadding_ex + * to verify the PSS padding against the expected hash. */ + verify = wc_RsaPSS_Verify_ex(sig, (word32)sigSz, digest, + MAX_ENCRYPTED_KEY_SZ, + hashType, mgf, saltLen, key); + if (verify > 0) { + /* wc_RsaPSS_CheckPadding_ex signature varies across + * FIPS / selftest versions; match the pattern in asn.c */ + #if (defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || \ + (HAVE_SELFTEST_VERSION < 2))) || \ + (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(hash, hashSz, digest, + (word32)verify, hashType, + saltLen); + #elif (defined(HAVE_SELFTEST) && \ + (HAVE_SELFTEST_VERSION == 2)) || \ + (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2)) + ret = wc_RsaPSS_CheckPadding_ex(hash, hashSz, digest, + (word32)verify, hashType, + saltLen, 0); + #else + ret = wc_RsaPSS_CheckPadding_ex2(hash, hashSz, digest, + (word32)verify, hashType, + saltLen, + mp_count_bits(&key->n), + pkcs7->heap); + #endif + } + else { + ret = verify; + } + + FreeDecodedCert(dCert); + wc_FreeRsaKey(key); + + if (ret == 0) { + verified = 1; + pkcs7->verifyCert = pkcs7->cert[i]; + pkcs7->verifyCertSz = pkcs7->certSz[i]; + break; + } + ret = 0; + } + + if (verified == 0) + ret = SIG_VERIFY_E; + + WC_FREE_VAR_EX(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT); + + return ret; +} +#endif /* WC_RSA_PSS */ + #endif /* NO_RSA */ @@ -4123,14 +4559,19 @@ #else byte digest[MAX_PKCS7_DIGEST_SZ]; ecc_key key[1]; - DecodedCert stack_dCert; - DecodedCert* dCert = &stack_dCert; + DecodedCert dCert[1]; #endif word32 idx = 0; if (pkcs7 == NULL || sig == NULL) return BAD_FUNC_ARG; + /* Check hash length */ + if ((hashSz > WC_MAX_DIGEST_SIZE) || + (hashSz < WC_MIN_DIGEST_SIZE)) { + return BAD_LENGTH_E; + } + #ifdef WOLFSSL_SMALL_STACK digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -4174,6 +4615,14 @@ } InitDecodedCert(dCert, pkcs7->cert[i], pkcs7->certSz[i], pkcs7->heap); + + /* This allows the user to not error out in the case of extensions that + * we are not aware of. */ +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (pkcs7->unknownExtCallback != NULL) + wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback); +#endif + /* not verifying, only using this to extract public key */ ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { @@ -4379,7 +4828,7 @@ word32 idx = 0; word32 contentIdx = 0; byte* content = NULL; - byte* digestBuf = NULL; + const byte* digestBuf = NULL; WC_DECLARE_VAR(digest, byte, MAX_PKCS7_DIGEST_SZ, 0); PKCS7DecodedAttrib* attrib; enum wc_HashType hashType; @@ -4468,7 +4917,7 @@ } else { /* user passed in pre-computed hash */ - digestBuf = (byte*)hashBuf; + digestBuf = (const byte*)hashBuf; digestSz = (int)hashSz; } @@ -4616,6 +5065,14 @@ plainDigestSz); } break; + + #ifdef WC_RSA_PSS + /* RSA-PSS signs the raw hash (plainDigest), not DigestInfo */ + case RSAPSSk: + ret = wc_PKCS7_RsaPssVerify(pkcs7, sig, (int)sigSz, plainDigest, + plainDigestSz); + break; + #endif #endif #ifdef HAVE_ECC @@ -4662,6 +5119,13 @@ pkcs7->publicKeyOID = RSAk; break; + #ifdef WC_RSA_PSS + /* CTC_RSASSAPSS and RSAPSSk are the same OID value */ + case CTC_RSASSAPSS: + pkcs7->publicKeyOID = RSAPSSk; + break; + #endif + /* if sigOID is already RSAk */ case RSAk: pkcs7->publicKeyOID = (word32)sigOID; @@ -4971,9 +5435,64 @@ idx += (word32)length; } - /* Get digestEncryptionAlgorithm - key type or signature type */ - if (ret == 0 && GetAlgoId(in, &idx, &sigOID, oidIgnoreType, inSz) < 0) { - ret = ASN_PARSE_E; + /* Get digestEncryptionAlgorithm (signatureAlgorithm) - parse manually + * so we can decode id-RSASSA-PSS parameters in all builds. */ +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + pkcs7->pssParamsPresent = 0; +#endif + if (ret == 0) { + int algoSeqLen = 0; + word32 algoContentStart = 0; + if (GetSequence(in, &idx, &algoSeqLen, (word32)inSz) < 0) { + ret = ASN_PARSE_E; + } + else { + algoContentStart = idx; /* first byte of AlgorithmIdentifier content */ + if (GetObjectId(in, &idx, &sigOID, oidSigType, inSz) < 0) { + ret = ASN_PARSE_E; + } + /* Only parse params when still inside the AlgorithmIdentifier; + * when optional params are absent, idx is already past the sequence. */ + else if (algoContentStart + (word32)algoSeqLen > idx) { +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + word32 paramsStart = idx; +#endif + byte paramTag; + int paramLen = 0; + if (GetASNTag(in, &idx, ¶mTag, inSz) != 0 || + GetLength(in, &idx, ¶mLen, inSz) < 0) { + ret = ASN_PARSE_E; + } + else { +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + if ((word32)sigOID == (word32)CTC_RSASSAPSS && + paramTag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + word32 tlvLen = (idx - paramsStart) + + (word32)paramLen; + enum wc_HashType pssHash = WC_HASH_TYPE_SHA; + int pssMgfVal = 0, pssSalt = 0; + if (paramsStart + tlvLen > (word32)inSz) { + return ASN_PARSE_E; + } + ret = wc_DecodeRsaPssParams(in + paramsStart, tlvLen, + &pssHash, &pssMgfVal, + &pssSalt); + if (ret == 0) { + pkcs7->pssSaltLen = pssSalt; + pkcs7->pssHashType = (int)pssHash; + pkcs7->pssMgf = pssMgfVal; + pkcs7->pssParamsPresent = 1; + } + else { + WOLFSSL_MSG("RSASSA-PSS parameters invalid - failing parse"); + return ASN_PARSE_E; + } + } +#endif + idx += (word32)paramLen; + } + } + } } /* store public key type based on digestEncryptionAlgorithm */ @@ -5191,7 +5710,6 @@ WOLFSSL_MSG("failed to grow content buffer."); if (tempBuf != NULL) { XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; } ret = MEMORY_E; break; @@ -5205,7 +5723,6 @@ pkcs7->stream->expected); if (tempBuf != NULL) { XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; } } } @@ -5447,7 +5964,6 @@ if (ret == 0 && GetMyVersion(pkiMsg, &idx, &version, pkiMsgSz) < 0) ret = ASN_PARSE_E; - /* version 1 follows RFC 2315 */ /* version 3 follows RFC 4108 */ if (ret == 0 && (version != 1 && version != 3)) { @@ -5665,6 +6181,15 @@ * this as start of content. */ localIdx = start; pkcs7->contentIsPkcs7Type = 1; + + #ifndef NO_PKCS7_STREAM + /* Set streaming variables for PKCS#7 type content. + * length contains the size from [0] EXPLICIT wrapper */ + pkcs7->stream->multi = 0; + pkcs7->stream->currContIdx = localIdx; + pkcs7->stream->currContSz = (word32)length; + pkcs7->stream->currContRmnSz = (word32)length; + #endif } else { /* CMS eContent OCTET_STRING */ @@ -5754,7 +6279,6 @@ idx = localIdx; } else { - /* If either pkcs7->content and pkcs7->contentSz are set * (detached signature where user has set content explicitly * into pkcs7->content/contentSz) OR pkcs7->hashBuf and @@ -5854,7 +6378,7 @@ /* copy content to pkcs7->contentDynamic */ if (keepContent && pkcs7->stream->content && - pkcs7->stream->contentSz >0) { + pkcs7->stream->contentSz > 0) { pkcs7->contentDynamic = (byte*)XMALLOC(pkcs7->stream->contentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->contentDynamic == NULL) { @@ -6371,6 +6895,10 @@ word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; localIdx = idx; for (i = 0; i < sz; i++) { + if (localIdx + i >= pkiMsg2Sz) { + ret = ASN_PARSE_E; + break; + } if (pkiMsg2[localIdx + i] == 0) continue; else { @@ -6404,6 +6932,17 @@ NO_USER_CHECK) < 0) ret = ASN_PARSE_E; + /* Update degenerate flag based on if signerInfos SET is empty. + * The earlier degenerate check at digestAlgorithms is an early + * optimization, but depending on degenerate case may not be + * detected until here. */ + if (ret == 0) { + degenerate = (length == 0) ? 1 : 0; + #ifndef NO_PKCS7_STREAM + pkcs7->stream->degenerate = (degenerate != 0); + #endif + } + if (ret != 0) break; #ifndef NO_PKCS7_STREAM @@ -6931,7 +7470,7 @@ /* decode certificate */ if (cert != NULL) { - InitDecodedCert(kari->decoded, (byte*)cert, certSz, kari->heap); + InitDecodedCert(kari->decoded, cert, certSz, kari->heap); kari->decodedInit = 1; ret = ParseCert(kari->decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) @@ -7738,7 +8277,7 @@ return ret; } - InitDecodedCert(decoded, (byte*)cert, certSz, pkcs7->heap); + InitDecodedCert(decoded, cert, certSz, pkcs7->heap); ret = ParseCert(decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { FreeDecodedCert(decoded); @@ -7824,7 +8363,11 @@ pkcs7->publicKeyOID = decoded->keyOID; /* KeyEncryptionAlgorithmIdentifier, only support RSA now */ - if (pkcs7->publicKeyOID != RSAk) { + if (pkcs7->publicKeyOID != RSAk +#ifdef WC_RSA_PSS + && pkcs7->publicKeyOID != RSAPSSk +#endif + ) { FreeDecodedCert(decoded); WC_FREE_VAR_EX(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(keyAlgArray, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -7834,8 +8377,7 @@ return ALGO_ID_E; } - keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray, - oidKeyType, 0); + keyEncAlgSz = (int)SetAlgoID(RSAk, keyAlgArray, oidKeyType, 0); if (keyEncAlgSz == 0) { FreeDecodedCert(decoded); WC_FREE_VAR_EX(serial, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8066,11 +8608,13 @@ /* encrypt content using encryptOID algo */ -static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, byte* key, - int keySz, - byte* iv, int ivSz, byte* aad, word32 aadSz, - byte* authTag, word32 authTagSz, byte* in, - int inSz, byte* out) +static int wc_PKCS7_EncryptContent(wc_PKCS7* pkcs7, int encryptOID, + const byte* key, int keySz, + const byte* iv, int ivSz, + const byte* aad, word32 aadSz, + byte* authTag, word32 authTagSz, + const byte* in, int inSz, + byte* out) { int ret; #ifndef NO_AES @@ -8300,7 +8844,8 @@ static int wc_PKCS7_DecryptContentInit(wc_PKCS7* pkcs7, word32 encryptOID, - byte* key, word32 keySz, byte* iv, int ivSz, int devId, void* heap) + const byte* key, word32 keySz, const byte* iv, int ivSz, + int devId, void* heap) { int ret; #ifndef NO_AES @@ -8445,8 +8990,8 @@ /* Only does decryption of content using encryptOID algo and already set keys * returns 0 on success */ static int wc_PKCS7_DecryptContentEx(wc_PKCS7* pkcs7, word32 encryptOID, - byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, - word32 authTagSz, byte* in, int inSz, byte* out) + const byte* iv, int ivSz, const byte* aad, word32 aadSz, + const byte* authTag, word32 authTagSz, const byte* in, int inSz, byte* out) { int ret; @@ -8629,16 +9174,21 @@ * returns 0 on success */ static int wc_PKCS7_DecryptContent(wc_PKCS7* pkcs7, word32 encryptOID, - byte* key, word32 keySz, byte* iv, int ivSz, byte* aad, word32 aadSz, - byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, - int devId, void* heap) + const byte* key, word32 keySz, const byte* iv, int ivSz, + const byte* aad, word32 aadSz, const byte* authTag, word32 authTagSz, + const byte* in, int inSz, byte* out, int devId, void* heap) { int ret; if (pkcs7->decryptionCb != NULL) { - return pkcs7->decryptionCb(pkcs7, (int)encryptOID, iv, ivSz, - aad, aadSz, authTag, authTagSz, in, - inSz, out, pkcs7->decryptionCtx); + /* unsafe casts needed for backward compatibility of + * CallbackDecryptContent. + */ + return pkcs7->decryptionCb(pkcs7, (int)encryptOID, (byte *)(wc_ptr_t)iv, + ivSz, (byte *)(wc_ptr_t)aad, aadSz, + (byte *)(wc_ptr_t)authTag, authTagSz, + (byte *)(wc_ptr_t)in, inSz, out, + pkcs7->decryptionCtx); } ret = wc_PKCS7_DecryptContentInit(pkcs7, encryptOID, key, keySz, iv, ivSz, @@ -8960,15 +9510,15 @@ if (ret == 0) { /* encrypt, normal */ - ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, out, + ret = wc_PKCS7_EncryptContent(pkcs7, algID, kek, (int)kekSz, + iv, (int)ivSz, NULL, 0, NULL, 0, out, outLen, out); } if (ret == 0) { /* encrypt again, using last ciphertext block as IV */ lastBlock = out + (((outLen / blockSz) - 1) * blockSz); - ret = wc_PKCS7_EncryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, + ret = wc_PKCS7_EncryptContent(pkcs7, algID, kek, (int)kekSz, lastBlock, blockSz, NULL, 0, NULL, 0, out, outLen, out); } @@ -8994,9 +9544,10 @@ word32 ivSz, word32 algID) { int blockSz, cekLen, ret; - byte* tmpIv = NULL; - byte* lastBlock = NULL; + const byte* tmpIv = NULL; + const byte* lastBlock = NULL; byte* outTmp = NULL; + byte fail = 0; if (pkcs7 == NULL || kek == NULL || in == NULL || out == NULL || iv == NULL) { @@ -9026,26 +9577,26 @@ } /* use block out[n-1] as IV to decrypt block out[n] */ - lastBlock = (byte*)in + inSz - blockSz; + lastBlock = in + inSz - blockSz; tmpIv = lastBlock - blockSz; /* decrypt last block */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, tmpIv, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz, tmpIv, blockSz, NULL, 0, NULL, 0, lastBlock, blockSz, outTmp + inSz - blockSz, pkcs7->devId, pkcs7->heap); if (ret == 0) { /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, - lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz, + lastBlock, blockSz, NULL, 0, NULL, 0, in, (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ - ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, kekSz, - (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz, + ret = wc_PKCS7_DecryptContent(pkcs7, algID, kek, kekSz, + iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz, outTmp, pkcs7->devId, pkcs7->heap); } @@ -9058,25 +9609,18 @@ cekLen = outTmp[0]; /* verify length */ - if ((word32)cekLen > inSz) { - ForceZero(outTmp, inSz); - XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - return BAD_FUNC_ARG; - } - + fail |= ctMaskGT(cekLen, (int)inSz); /* verify check bytes */ - if ((outTmp[1] ^ outTmp[4]) != 0xFF || - (outTmp[2] ^ outTmp[5]) != 0xFF || - (outTmp[3] ^ outTmp[6]) != 0xFF) { - ForceZero(outTmp, inSz); - XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - return BAD_FUNC_ARG; - } + fail |= ctMaskNotEq((int)(outTmp[1] ^ outTmp[4]), 0xFF); + fail |= ctMaskNotEq((int)(outTmp[2] ^ outTmp[5]), 0xFF); + fail |= ctMaskNotEq((int)(outTmp[3] ^ outTmp[6]), 0xFF); + /* verify length */ + fail |= ctMaskGT(cekLen, (int)outSz); - if (outSz < (word32)cekLen) { + if (fail) { ForceZero(outTmp, inSz); XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - return BUFFER_E; + return BAD_FUNC_ARG; } XMEMCPY(out, outTmp + 4, outTmp[0]); @@ -9710,6 +10254,10 @@ if (pkcs7->singleCert != NULL && pkcs7->singleCertSz > 0) { switch (pkcs7->publicKeyOID) { #ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + FALL_THROUGH; + #endif case RSAk: ret = wc_PKCS7_AddRecipient_KTRI(pkcs7, pkcs7->singleCert, pkcs7->singleCertSz, 0); @@ -10397,7 +10945,7 @@ DYNAMIC_TYPE_TMP_BUFFER); #ifndef WC_NO_RSA_OAEP if (encOID == RSAESOAEPk) { - if (!outKey) { + if (outKey) { XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } } @@ -10413,7 +10961,7 @@ WC_FREE_VAR_EX(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifndef WC_NO_RSA_OAEP if (encOID == RSAESOAEPk) { - if (!outKey) { + if (outKey) { XFREE(outKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); } } @@ -10966,6 +11514,11 @@ if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0) return ASN_PARSE_E; + if (oriOIDSz <= 0 || (word32)oriOIDSz > MAX_OID_SZ) { + WOLFSSL_MSG("ORI oriType OID too large"); + return ASN_PARSE_E; + } + XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz); *idx += (word32)oriOIDSz; @@ -12206,7 +12759,9 @@ byte* encryptedContent = NULL; int explicitOctet = 0; word32 localIdx = 0; - byte tag = 0; + byte tag = 0; + byte padCheck = 0; + int padIndex; if (pkcs7 == NULL) return BAD_FUNC_ARG; @@ -12700,10 +13255,27 @@ /* use cached content */ encryptedContent = pkcs7->cachedEncryptedContent; encryptedContentSz = (int)pkcs7->cachedEncryptedContentSz; + + if (encryptedContentSz <= 0) { + ret = BUFFER_E; + break; + } + padLen = encryptedContent[encryptedContentSz-1]; - /* copy plaintext to output */ - if (padLen > encryptedContentSz) { + /* Constant-time padding check */ + padCheck |= ctMaskEq(padLen, 0); + padCheck |= ctMaskGT(padLen, expBlockSz); + padCheck |= ctMaskGT(padLen, encryptedContentSz); + padCheck |= ctMaskGT(expBlockSz, encryptedContentSz); + for (padIndex = encryptedContentSz < expBlockSz ? 0 : + encryptedContentSz - expBlockSz; + padIndex < encryptedContentSz; padIndex++) { + byte inPad = ctMaskGTE(padIndex, + encryptedContentSz - (int)padLen); + padCheck |= inPad & (encryptedContent[padIndex] ^ padLen); + } + if (padCheck != 0) { ret = BUFFER_E; break; } @@ -13027,6 +13599,10 @@ if (pkcs7->singleCert != NULL && pkcs7->singleCertSz > 0) { switch (pkcs7->publicKeyOID) { #ifndef NO_RSA + #ifdef WC_RSA_PSS + case RSAPSSk: + FALL_THROUGH; + #endif case RSAk: ret = wc_PKCS7_AddRecipient_KTRI(pkcs7, pkcs7->singleCert, pkcs7->singleCertSz, 0); @@ -13684,6 +14260,10 @@ if (ret == 0 && GetMyVersion(pkiMsg, &idx, &macSz, pkiMsgSz) < 0) { ret = ASN_PARSE_E; } + if (ret == 0 && (macSz <= 0 || macSz > WC_AES_BLOCK_SIZE)) { + WOLFSSL_MSG("AuthEnvelopedData invalid MAC length"); + ret = ASN_PARSE_E; + } if (ret == 0) { explicitOctet = 0; @@ -13729,7 +14309,8 @@ break; } - /* store nonce for later */ + /* store nonce and macSz for later */ + pkcs7->stream->icvSz = (word32)macSz; if (nonceSz > 0) { pkcs7->stream->nonceSz = (word32)nonceSz; pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz, @@ -13920,6 +14501,7 @@ encodedAttribSz = pkcs7->stream->aadSz; encodedAttribs = pkcs7->stream->aad; } + macSz = (int)pkcs7->stream->icvSz; #endif @@ -13936,6 +14518,17 @@ ret = ASN_PARSE_E; } authTagSz = (word32)length; + if (ret == 0 && authTagSz != (word32)macSz) { + WOLFSSL_MSG("AuthEnvelopedData authTag size mismatch"); + ret = ASN_PARSE_E; + } + if (ret == 0 && + (encOID == AES128GCMb || encOID == AES192GCMb || + encOID == AES256GCMb) && + authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { + WOLFSSL_MSG("AuthEnvelopedData GCM authTag too small"); + ret = ASN_PARSE_E; + } #ifndef NO_PKCS7_STREAM /* there might not be enough data for the auth tag too */ @@ -14055,6 +14648,10 @@ } /* copy plaintext to output */ + if ((word32)encryptedContentSz > outputSz) { + ret = BUFFER_E; + break; + } XMEMCPY(output, encryptedContent, (word32)encryptedContentSz); /* free memory, zero out keys */ @@ -14454,6 +15051,8 @@ byte* pkiMsg = in; word32 pkiMsgSz = inSz; byte tag = 0; + byte padCheck = 0; + int padIndex; if (pkcs7 == NULL || ((pkcs7->encryptionKey == NULL || pkcs7->encryptionKeySz == 0) && @@ -14731,14 +15330,31 @@ if (ret == 0) { padLen = encryptedContent[encryptedContentSz-1]; - if (padLen > encryptedContentSz) { - WOLFSSL_MSG("Bad padding size found"); + /* Constant-time padding check */ + padCheck |= ctMaskEq(padLen, 0); + padCheck |= ctMaskGT(padLen, expBlockSz); + padCheck |= ctMaskGT(padLen, encryptedContentSz); + padCheck |= ctMaskGT(expBlockSz, encryptedContentSz); + for (padIndex = encryptedContentSz < expBlockSz ? 0 : + encryptedContentSz - expBlockSz; + padIndex < encryptedContentSz; padIndex++) { + byte inPad = ctMaskGTE(padIndex, + encryptedContentSz - (int)padLen); + padCheck |= inPad & (encryptedContent[padIndex] ^ padLen); + } + if (padCheck != 0) { + WOLFSSL_MSG("Bad padding bytes found"); ret = BUFFER_E; XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); break; } /* copy plaintext to output */ + if ((word32)(encryptedContentSz - padLen) > outputSz) { + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + ret = BUFFER_E; + break; + } XMEMCPY(output, encryptedContent, (unsigned int)(encryptedContentSz - padLen)); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* poly1305.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,6 +38,14 @@ #include +/* + * Poly1305 Build Options: + * + * HAVE_POLY1305: Enable Poly1305 authenticator default: off + * POLY130564: Use 64-bit Poly1305 implementation default: auto + * USE_INTEL_POLY1305_SPEEDUP: Intel AVX/AVX2 Poly1305 accel default: off + */ + #ifdef HAVE_POLY1305 #include #include @@ -100,10 +108,10 @@ #if defined(_MSC_VER) && !(__WATCOMC__) #include - typedef struct word128 { + typedef struct poly1305_word128 { word64 lo; word64 hi; - } word128; + } poly1305_word128; #define MUL(out, x, y) out.lo = _umul128((x), (y), &out.hi) #define ADD(out, in) { word64 t = out.lo; out.lo += in.lo; \ @@ -115,12 +123,12 @@ #elif defined(__GNUC__) #if defined(__SIZEOF_INT128__) - PEDANTIC_EXTENSION typedef unsigned __int128 word128; + PEDANTIC_EXTENSION typedef unsigned __int128 poly1305_word128; #else - typedef unsigned word128 __attribute__((mode(TI))); + typedef unsigned poly1305_word128 __attribute__((mode(TI))); #endif - #define MUL(out, x, y) out = ((word128)(x) * (y)) + #define MUL(out, x, y) out = ((poly1305_word128)(x) * (y)) #define ADD(out, in) (out) += (in) #define ADDLO(out, in) (out) += (in) #define SHR(in, shift) (word64)((in) >> (shift)) @@ -298,7 +306,7 @@ word64 s1,s2; word64 h0,h1,h2; word64 c; - word128 d0,d1,d2,d; + poly1305_word128 d0,d1,d2,d; r0 = ctx->r[0]; r1 = ctx->r[1]; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* poly1305_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/poly1305_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* poly1305_asm.asm */ ; /* -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp32_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -475,15 +475,17 @@ ESP_LOGV(TAG, "enter wc_esp32AesDecrypt"); /* lock the hw engine */ - esp_aes_hw_InUse(); - /* load the key into the register */ - ret = esp_aes_hw_Set_KeyMode(aes, ESP32_AES_UPDATEKEY_DECRYPT); - if (ret != ESP_OK) { - ESP_LOGE(TAG, "wc_esp32AesDecrypt failed " - "during esp_aes_hw_Set_KeyMode"); - /* release hw */ - esp_aes_hw_Leave(); - ret = BAD_FUNC_ARG; + ret = esp_aes_hw_InUse(); + if (ret == ESP_OK) { + /* load the key into the register */ + ret = esp_aes_hw_Set_KeyMode(aes, ESP32_AES_UPDATEKEY_DECRYPT); + if (ret != ESP_OK) { + ESP_LOGE(TAG, "wc_esp32AesDecrypt failed " + "during esp_aes_hw_Set_KeyMode"); + /* release hw */ + esp_aes_hw_Leave(); + ret = BAD_FUNC_ARG; + } } if (ret == ESP_OK) { @@ -606,9 +608,9 @@ offset += WC_AES_BLOCK_SIZE; } /* while (blocks--) */ - esp_aes_hw_Leave(); } /* if Set Mode was successful (ret == ESP_OK) */ + esp_aes_hw_Leave(); ESP_LOGV(TAG, "leave wc_esp32AesCbcDecrypt"); return ret; } /* wc_esp32AesCbcDecrypt */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_mp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp32_mp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2249,6 +2249,9 @@ #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS ESP_LOGW(TAG, "result exceeds max bit length"); #endif + if (mulmod_lock_called) { + esp_mp_hw_unlock(); + } return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); @@ -2343,7 +2346,7 @@ OperandBits, ESP_HW_MOD_RSAMAX_BITS); #endif if (mulmod_lock_called) { - ret = esp_mp_hw_unlock(); + esp_mp_hw_unlock(); } return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } @@ -2440,6 +2443,9 @@ ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.", OperandBits, ESP_HW_MOD_RSAMAX_BITS); #endif + if (mulmod_lock_called) { + esp_mp_hw_unlock(); + } return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp32_sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp32_util.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp32_util.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1007,6 +1007,7 @@ return 0; } +/* Assume toVar is big enough. */ int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) { int ret = 0; /* Calculate the actual binary length of the hex string */ @@ -1018,6 +1019,7 @@ } if ((szHexString % 2 != 0)) { ESP_LOGE("ssh", "fromHexString length not even!"); + return -1; } ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp_crt_bundle.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/gen_crt_bundle.py 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ # # gen_crt_bundle.py # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_crt_bundle/pio_install_cryptography.py 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ # # pio_install_cryptography.py # -# Copyright (C) 2006-2025 wolfSSL Inc. +# Copyright (C) 2006-2026 wolfSSL Inc. # # This file is part of wolfSSL. # diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp_sdk_mem_lib.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp_sdk_time_lib.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -189,7 +189,7 @@ struct tm timeinfo = { .tm_year = YEAR - 1900, /* years since 1900 */ .tm_mon = MONTH - 1, /* Month, where 0 = Jan */ - .tm_mday = DAY - 1, /* Numeric decimal day of the month */ + .tm_mday = DAY, /* Numeric decimal day of the month */ .tm_hour = 13, .tm_min = 1, .tm_sec = 5 @@ -276,7 +276,7 @@ char offset[28]; /* large arrays, just in case there's still bad data */ char day_str[28]; char month_str[28]; - const char *format = "%3s %3s %d %d:%d:%d %d %s"; + const char *format = "%3s %3s %d %d:%d:%d %d %27s"; struct tm this_timeinfo; struct timeval now; time_t interim_time; @@ -304,18 +304,23 @@ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - for (int i = 0; i < 12; i++) { + int i; + for (i = 0; i < 12; i++) { if (strcmp(month_str, months[i]) == 0) { this_timeinfo.tm_mon = i; break; } } + if (i == 12) { + return ESP_FAIL; + } this_timeinfo.tm_mday = day; this_timeinfo.tm_hour = hour; this_timeinfo.tm_min = minute; this_timeinfo.tm_sec = second; this_timeinfo.tm_year = year - 1900; /* Years since 1900 */ + this_timeinfo.tm_isdst = -1; interim_time = mktime(&this_timeinfo); now = (struct timeval){ .tv_sec = interim_time }; @@ -397,11 +402,11 @@ } ESP_LOGI(TAG, "sntp_setservername:"); for (i = 0; i < CONFIG_LWIP_SNTP_MAX_SERVERS; i++) { - const char* thisServer = ntpServerList[i]; - if (strncmp(thisServer, "\x00", 1) == 0) { - /* just in case we run out of NTP servers */ - break; + const char* thisServer; + if (i >= NTP_SERVER_COUNT) { + break; } + thisServer = ntpServerList[i]; ESP_LOGI(TAG, "%s", thisServer); sntp_setservername(i, thisServer); ret = ESP_OK; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp_sdk_wifi_lib.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -324,6 +324,7 @@ static int s_retry_num = 0; +/* TODO: use event in wc_wifi_show_ip - logging the IP string causes a panic. */ ip_event_got_ip_t* event; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_common.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_common.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -440,12 +440,12 @@ if (cbInfo->internal == NULL) { return MEMORY_E; } + ForceZero(cbInfo->internal, internal_sz); #if defined(WOLFSSL_RENESAS_FSPSM_TLS) ||\ defined(WOLFSSL_RENESAS_TSIP_TLS) if (ssl) cbInfo->internal->heap = ssl->heap; #endif - ForceZero(cbInfo->internal, internal_sz); } /* need exclusive control because of static variable */ if ((cmn_hw_lock()) == 0) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_fspsm_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_fspsm_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -248,7 +248,7 @@ message_hash.data_type = info->keyflgs_crypt.bits.message_type;/* message 0, hash 1 */ signature.pdata = out; - signature.data_length = (word32*)outLen; + signature.data_length = *outLen; #if defined(WOLFSSL_RENESAS_RSIP) message_hash.hash_type = signature.hash_type = diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_fspsm_sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -785,7 +785,7 @@ } int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash) { - return FSPSM_HashGet(sha, hash, WC_SHA512_224_DIGEST_SIZE); + return FSPSM_HashGet(sha, hash, WC_SHA512_256_DIGEST_SIZE); } int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_fspsm_util.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_fspsm_util.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -195,7 +195,7 @@ uint32_t fspbuf[RANDGEN_WORDS]; while (sz > 0) { - word32 len = sizeof(buffer); + word32 len = sizeof(fspbuf); if (sz < len) { len = sz; @@ -853,8 +853,8 @@ SCE_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || cbInfo->internal->cipher == SCE_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { - enc->aes->nonceSz = AEAD_MAX_IMP_SZ; - dec->aes->nonceSz = AEAD_MAX_IMP_SZ; + enc->aes->nonceSz = AEAD_NONCE_SZ; + dec->aes->nonceSz = AEAD_NONCE_SZ; } enc->aes->devId = devId; dec->aes->devId = devId; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_rx64_hw_util.c 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_tsip_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -261,8 +261,8 @@ WOLFSSL_ENTER("tsip_Tls13AesDecrypt"); - if ((ssl == NULL) || (input == NULL) || (output == NULL) || (sz == 0) || - (ssl->RenesasUserCtx == NULL)) { + if ((ssl == NULL) || (input == NULL) || (output == NULL) || + (sz < TSIP_AES_GCM_AUTH_TAG_SIZE) || (ssl->RenesasUserCtx == NULL)) { return BAD_FUNC_ARG; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_tsip_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_tsip_sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -398,6 +398,7 @@ if (ret == TSIP_SUCCESS) { ret = Final(&handle, out, (uint32_t*)&sz); if (ret != TSIP_SUCCESS || sz != outSz) { + tsip_hw_unlock(); return ret; } } @@ -442,6 +443,7 @@ if (ret == TSIP_SUCCESS) { ret = Final(&handle, out, &sz); if (ret != TSIP_SUCCESS || sz != outSz) { + tsip_hw_unlock(); return ret; } } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/Renesas/renesas_tsip_util.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_tsip_util.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -3276,8 +3276,8 @@ R_TSIP_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 || ctx->internal->tsip_cipher == R_TSIP_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) { - enc->aes->nonceSz = AEAD_MAX_IMP_SZ; - dec->aes->nonceSz = AEAD_MAX_IMP_SZ; + enc->aes->nonceSz = AEAD_NONCE_SZ; + dec->aes->nonceSz = AEAD_NONCE_SZ; } enc->aes->devId = devId; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* afalg_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,7 +50,7 @@ byte* key = (byte*)aes->key; #endif - if (aes->alFd <= 0) { + if (aes->alFd == WC_SOCK_NOTSET) { aes->alFd = wc_Afalg_Socket(); if (aes->alFd < 0) { WOLFSSL_MSG("Unable to open an AF_ALG socket"); @@ -133,11 +133,11 @@ aes->left = 0; #endif - if (aes->rdFd > 0) { + if (aes->rdFd > WC_SOCK_NOTSET) { (void)close(aes->rdFd); } aes->rdFd = WC_SOCK_NOTSET; - if (aes->alFd <= 0) { + if (aes->alFd == WC_SOCK_NOTSET) { aes->alFd = wc_Afalg_Socket(); } @@ -527,11 +527,11 @@ aes->keylen = len; aes->rounds = len/4 + 6; - if (aes->rdFd > 0) { + if (aes->rdFd > WC_SOCK_NOTSET) { (void)close(aes->rdFd); } aes->rdFd = WC_SOCK_NOTSET; - if (aes->alFd <= 0) { + if (aes->alFd == WC_SOCK_NOTSET) { aes->alFd = wc_Afalg_Socket(); } @@ -594,7 +594,7 @@ return BAD_FUNC_ARG; } - if (aes->alFd <= 0) { + if (aes->alFd == WC_SOCK_NOTSET) { WOLFSSL_MSG("AF_ALG GcmEncrypt called with alFd unset"); return BAD_FUNC_ARG; } @@ -726,14 +726,18 @@ } { - byte* tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return MEMORY_E; + byte* tmp = NULL; + + if (authInSz > 0) { + tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + return MEMORY_E; + } + /* first 16 bytes was all 0's */ + iov[0].iov_base = tmp; + (void)scratch; + iov[0].iov_len = authInSz; } - /* first 16 bytes was all 0's */ - iov[0].iov_base = tmp; - (void)scratch; - iov[0].iov_len = authInSz; iov[1].iov_base = out; iov[1].iov_len = sz; @@ -743,9 +747,9 @@ ret = (int)readv(aes->rdFd, iov, 3); XFREE(tmp, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (ret < 0) { - return WC_AFALG_SOCK_E; + if (ret < 0) { + return WC_AFALG_SOCK_E; + } } #endif @@ -758,7 +762,8 @@ * * Warning: If using Xilinx hardware acceleration it is assumed that the in * buffer is large enough to hold both cipher text and tag. That is - * sz | 16 bytes + * sz | 16 bytes. The in buffer has tag appended even though it is + * const for this wolfSSL API. */ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -851,9 +856,6 @@ if (ret < 0) return ret; xorbuf(tag, scratch, WC_AES_BLOCK_SIZE); - if (ret != 0) { - return AES_GCM_AUTH_E; - } } /* it is assumed that in buffer size is large enough to hold TAG */ @@ -933,12 +935,16 @@ } { - byte* tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - return MEMORY_E; + byte* tmp = NULL; + + if (authInSz > 0) { + tmp = (byte*)XMALLOC(authInSz, aes->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + return MEMORY_E; + } + iov[0].iov_base = tmp; + iov[0].iov_len = authInSz; } - iov[0].iov_base = tmp; - iov[0].iov_len = authInSz; iov[1].iov_base = out; iov[1].iov_len = sz; ret = (int)readv(aes->rdFd, iov, 2); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/afalg_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* afalg_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,13 +36,13 @@ if (hash == NULL) return; - if (hash->alFd > 0) { + if (hash->alFd > WC_SOCK_NOTSET) { (void)close(hash->alFd); - hash->alFd = -1; /* avoid possible double close on socket */ + hash->alFd = WC_SOCK_NOTSET; /* avoid possible double close on socket */ } - if (hash->rdFd > 0) { + if (hash->rdFd > WC_SOCK_NOTSET) { (void)close(hash->rdFd); - hash->rdFd = -1; /* avoid possible double close on socket */ + hash->rdFd = WC_SOCK_NOTSET; /* avoid possible double close on socket */ } #if defined(WOLFSSL_AFALG_HASH_KEEP) @@ -67,8 +67,8 @@ hash->len = 0; hash->used = 0; hash->msg = NULL; - hash->alFd = -1; - hash->rdFd = -1; + hash->alFd = WC_SOCK_NOTSET; + hash->rdFd = WC_SOCK_NOTSET; hash->alFd = wc_Afalg_Socket(); if (hash->alFd < 0) { @@ -78,6 +78,7 @@ hash->rdFd = wc_Afalg_CreateRead(hash->alFd, WC_TYPE_HASH, type); if (hash->rdFd < 0) { (void)close(hash->alFd); + hash->alFd = WC_SOCK_NOTSET; return WC_AFALG_SOCK_E; } @@ -186,7 +187,7 @@ } if ((ret = (int)read(hash->rdFd, out, outSz)) != (int)outSz) { - return ret; + return WC_AFALG_SOCK_E; } return 0; #else @@ -210,20 +211,24 @@ XMEMCPY(dst, src, sizeof(wolfssl_AFALG_Hash)); #ifdef WOLFSSL_AFALG_HASH_KEEP - dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dst->msg == NULL) { - return MEMORY_E; - } - if (src->len > 0) + if (src->len > 0) { + dst->msg = (byte*)XMALLOC(src->len, dst->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (dst->msg == NULL) { + return MEMORY_E; + } XMEMCPY(dst->msg, src->msg, src->len); + } + else { + dst->msg = NULL; + } #endif dst->rdFd = accept(src->rdFd, NULL, 0); dst->alFd = accept(src->alFd, NULL, 0); - if (dst->rdFd == -1 || dst->alFd == -1) { + if (dst->rdFd == WC_SOCK_NOTSET || dst->alFd == WC_SOCK_NOTSET) { AfalgHashFree(dst); - return -1; + return WC_AFALG_SOCK_E; } return 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/wc_afalg.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/wc_afalg.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/wc_afalg.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/af_alg/wc_afalg.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_afalg.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-crypt.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aria-crypt.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/aria/aria-cryptocb.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aria-cryptocb.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -3914,7 +3914,8 @@ AES_GCM_set_key_AARCH32: vpush {d8, d9} vld1.8 {q0}, [r0] - vldm r1!, {q1-q4} + vld1.8 {q1, q2}, [r1]! + vld1.8 {q3, q4}, [r1]! aese.8 q0, q1 aesmc.8 q0, q0 aese.8 q0, q2 @@ -3923,7 +3924,8 @@ aesmc.8 q0, q0 aese.8 q0, q4 aesmc.8 q0, q0 - vldm r1!, {q1-q4} + vld1.8 {q1, q2}, [r1]! + vld1.8 {q3, q4}, [r1]! aese.8 q0, q1 aesmc.8 q0, q0 aese.8 q0, q2 @@ -3933,25 +3935,25 @@ aese.8 q0, q4 aesmc.8 q0, q0 subs r3, r3, #10 - vld1.32 {q1, q2}, [r1]! + vld1.8 {q1, q2}, [r1]! aese.8 q0, q1 aesmc.8 q0, q0 aese.8 q0, q2 beq L_aes_gcm_set_key_arm32_crypto_round_done - vld1.32 {q1, q2}, [r1]! + vld1.8 {q1, q2}, [r1]! subs r3, r3, #2 aesmc.8 q0, q0 aese.8 q0, q1 aesmc.8 q0, q0 aese.8 q0, q2 beq L_aes_gcm_set_key_arm32_crypto_round_done - vld1.32 {q1, q2}, [r1]! + vld1.8 {q1, q2}, [r1]! aesmc.8 q0, q0 aese.8 q0, q1 aesmc.8 q0, q0 aese.8 q0, q2 L_aes_gcm_set_key_arm32_crypto_round_done: - vld1.32 {q1}, [r1] + vld1.8 {q1}, [r1] veor q0, q0, q1 vmov.i8 q1, #0x55 vshl.u8 q2, q0, #1 @@ -9048,6 +9050,7 @@ L_AES_set_encrypt_key_end: pop {r4, r5, r6, r7, r8, pc} .size AES_set_encrypt_key,.-AES_set_encrypt_key +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE .text .align 4 .globl AES_encrypt_block @@ -9691,6 +9694,7 @@ eor r7, r7, r11 pop {pc} .size AES_encrypt_block,.-AES_encrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_ECB) @@ -9751,7 +9755,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_256: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_encrypt_block_nr_256 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -9823,7 +10465,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_192: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_encrypt_block_nr_192 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -9895,7 +11175,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_128: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_encrypt_block_nr_128 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -9999,7 +11917,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_256: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_encrypt_block_nr_256 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10075,7 +12631,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_192: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_encrypt_block_nr_192 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10151,7 +13345,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_128: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_encrypt_block_nr_128 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10254,70 +14086,7609 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block - pop {r1, r2, lr} - ldr r3, [sp] +#else +L_AES_CTR_encrypt_block_nr_256: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CTR_encrypt_block_nr_256 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r2, lr} + ldr r3, [sp] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldr r8, [lr] + ldr r9, [lr, #4] + ldr r10, [lr, #8] + ldr r11, [lr, #12] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + ldr r8, [sp, #4] + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + ldm r8, {r4, r5, r6, r7} + subs r2, r2, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_CTR_encrypt_loop_block_256 + b L_AES_CTR_encrypt_end +L_AES_CTR_encrypt_start_block_192: +L_AES_CTR_encrypt_loop_block_192: + push {r1, r2, lr} + ldr lr, [sp, #16] + adds r11, r7, #1 + adcs r10, r6, #0 + adcs r9, r5, #0 + adc r8, r4, #0 + stm lr, {r8, r9, r10, r11} + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_encrypt_block +#else +L_AES_CTR_encrypt_block_nr_192: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CTR_encrypt_block_nr_192 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r2, lr} + ldr r3, [sp] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldr r8, [lr] + ldr r9, [lr, #4] + ldr r10, [lr, #8] + ldr r11, [lr, #12] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + ldr r8, [sp, #4] + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + ldm r8, {r4, r5, r6, r7} + subs r2, r2, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_CTR_encrypt_loop_block_192 + b L_AES_CTR_encrypt_end +L_AES_CTR_encrypt_start_block_128: +L_AES_CTR_encrypt_loop_block_128: + push {r1, r2, lr} + ldr lr, [sp, #16] + adds r11, r7, #1 + adcs r10, r6, #0 + adcs r9, r5, #0 + adc r8, r4, #0 + stm lr, {r8, r9, r10, r11} + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_encrypt_block +#else +L_AES_CTR_encrypt_block_nr_128: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CTR_encrypt_block_nr_128 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r2, lr} + ldr r3, [sp] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldr r8, [lr] + ldr r9, [lr, #4] + ldr r10, [lr, #8] + ldr r11, [lr, #12] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + ldr r8, [sp, #4] + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + ldm r8, {r4, r5, r6, r7} + subs r2, r2, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_CTR_encrypt_loop_block_128 +L_AES_CTR_encrypt_end: + pop {r3, r8} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r10, r4, r4, ror #16 + eor r11, r5, r5, ror #16 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + eor r4, r4, r10, lsr #8 + eor r5, r5, r11, lsr #8 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r6, r6, #8 + ror r7, r7, #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + stm r8, {r4, r5, r6, r7} + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size AES_CTR_encrypt,.-AES_CTR_encrypt +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + .text + .align 4 + .globl AES_decrypt_block + .type AES_decrypt_block, %function +AES_decrypt_block: + push {lr} +L_AES_decrypt_block_nr: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_decrypt_block_nr +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + pop {pc} + .size AES_decrypt_block,.-AES_decrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + .text + .type L_AES_ARM32_td_ecb, %object + .size L_AES_ARM32_td_ecb, 12 + .align 4 +L_AES_ARM32_td_ecb: + .word L_AES_ARM32_td_data +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) + .text + .type L_AES_ARM32_ecb_td4, %object + .size L_AES_ARM32_ecb_td4, 256 + .align 4 +L_AES_ARM32_ecb_td4: + .byte 0x52 + .byte 0x9 + .byte 0x6a + .byte 0xd5 + .byte 0x30 + .byte 0x36 + .byte 0xa5 + .byte 0x38 + .byte 0xbf + .byte 0x40 + .byte 0xa3 + .byte 0x9e + .byte 0x81 + .byte 0xf3 + .byte 0xd7 + .byte 0xfb + .byte 0x7c + .byte 0xe3 + .byte 0x39 + .byte 0x82 + .byte 0x9b + .byte 0x2f + .byte 0xff + .byte 0x87 + .byte 0x34 + .byte 0x8e + .byte 0x43 + .byte 0x44 + .byte 0xc4 + .byte 0xde + .byte 0xe9 + .byte 0xcb + .byte 0x54 + .byte 0x7b + .byte 0x94 + .byte 0x32 + .byte 0xa6 + .byte 0xc2 + .byte 0x23 + .byte 0x3d + .byte 0xee + .byte 0x4c + .byte 0x95 + .byte 0xb + .byte 0x42 + .byte 0xfa + .byte 0xc3 + .byte 0x4e + .byte 0x8 + .byte 0x2e + .byte 0xa1 + .byte 0x66 + .byte 0x28 + .byte 0xd9 + .byte 0x24 + .byte 0xb2 + .byte 0x76 + .byte 0x5b + .byte 0xa2 + .byte 0x49 + .byte 0x6d + .byte 0x8b + .byte 0xd1 + .byte 0x25 + .byte 0x72 + .byte 0xf8 + .byte 0xf6 + .byte 0x64 + .byte 0x86 + .byte 0x68 + .byte 0x98 + .byte 0x16 + .byte 0xd4 + .byte 0xa4 + .byte 0x5c + .byte 0xcc + .byte 0x5d + .byte 0x65 + .byte 0xb6 + .byte 0x92 + .byte 0x6c + .byte 0x70 + .byte 0x48 + .byte 0x50 + .byte 0xfd + .byte 0xed + .byte 0xb9 + .byte 0xda + .byte 0x5e + .byte 0x15 + .byte 0x46 + .byte 0x57 + .byte 0xa7 + .byte 0x8d + .byte 0x9d + .byte 0x84 + .byte 0x90 + .byte 0xd8 + .byte 0xab + .byte 0x0 + .byte 0x8c + .byte 0xbc + .byte 0xd3 + .byte 0xa + .byte 0xf7 + .byte 0xe4 + .byte 0x58 + .byte 0x5 + .byte 0xb8 + .byte 0xb3 + .byte 0x45 + .byte 0x6 + .byte 0xd0 + .byte 0x2c + .byte 0x1e + .byte 0x8f + .byte 0xca + .byte 0x3f + .byte 0xf + .byte 0x2 + .byte 0xc1 + .byte 0xaf + .byte 0xbd + .byte 0x3 + .byte 0x1 + .byte 0x13 + .byte 0x8a + .byte 0x6b + .byte 0x3a + .byte 0x91 + .byte 0x11 + .byte 0x41 + .byte 0x4f + .byte 0x67 + .byte 0xdc + .byte 0xea + .byte 0x97 + .byte 0xf2 + .byte 0xcf + .byte 0xce + .byte 0xf0 + .byte 0xb4 + .byte 0xe6 + .byte 0x73 + .byte 0x96 + .byte 0xac + .byte 0x74 + .byte 0x22 + .byte 0xe7 + .byte 0xad + .byte 0x35 + .byte 0x85 + .byte 0xe2 + .byte 0xf9 + .byte 0x37 + .byte 0xe8 + .byte 0x1c + .byte 0x75 + .byte 0xdf + .byte 0x6e + .byte 0x47 + .byte 0xf1 + .byte 0x1a + .byte 0x71 + .byte 0x1d + .byte 0x29 + .byte 0xc5 + .byte 0x89 + .byte 0x6f + .byte 0xb7 + .byte 0x62 + .byte 0xe + .byte 0xaa + .byte 0x18 + .byte 0xbe + .byte 0x1b + .byte 0xfc + .byte 0x56 + .byte 0x3e + .byte 0x4b + .byte 0xc6 + .byte 0xd2 + .byte 0x79 + .byte 0x20 + .byte 0x9a + .byte 0xdb + .byte 0xc0 + .byte 0xfe + .byte 0x78 + .byte 0xcd + .byte 0x5a + .byte 0xf4 + .byte 0x1f + .byte 0xdd + .byte 0xa8 + .byte 0x33 + .byte 0x88 + .byte 0x7 + .byte 0xc7 + .byte 0x31 + .byte 0xb1 + .byte 0x12 + .byte 0x10 + .byte 0x59 + .byte 0x27 + .byte 0x80 + .byte 0xec + .byte 0x5f + .byte 0x60 + .byte 0x51 + .byte 0x7f + .byte 0xa9 + .byte 0x19 + .byte 0xb5 + .byte 0x4a + .byte 0xd + .byte 0x2d + .byte 0xe5 + .byte 0x7a + .byte 0x9f + .byte 0x93 + .byte 0xc9 + .byte 0x9c + .byte 0xef + .byte 0xa0 + .byte 0xe0 + .byte 0x3b + .byte 0x4d + .byte 0xae + .byte 0x2a + .byte 0xf5 + .byte 0xb0 + .byte 0xc8 + .byte 0xeb + .byte 0xbb + .byte 0x3c + .byte 0x83 + .byte 0x53 + .byte 0x99 + .byte 0x61 + .byte 0x17 + .byte 0x2b + .byte 0x4 + .byte 0x7e + .byte 0xba + .byte 0x77 + .byte 0xd6 + .byte 0x26 + .byte 0xe1 + .byte 0x69 + .byte 0x14 + .byte 0x63 + .byte 0x55 + .byte 0x21 + .byte 0xc + .byte 0x7d + .text + .align 4 + .globl AES_ECB_decrypt + .type AES_ECB_decrypt, %function +AES_ECB_decrypt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + ldr r8, [sp, #36] + mov lr, r0 + adr r0, L_AES_ARM32_td_ecb + ldr r0, [r0] + mov r12, r2 + adr r2, L_AES_ARM32_ecb_td4 + cmp r8, #10 + beq L_AES_ECB_decrypt_start_block_128 + cmp r8, #12 + beq L_AES_ECB_decrypt_start_block_192 +L_AES_ECB_decrypt_loop_block_256: + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + push {r1, r3, r12, lr} + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_256: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_decrypt_block_nr_256 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r3, r12, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + subs r12, r12, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_ECB_decrypt_loop_block_256 + b L_AES_ECB_decrypt_end +L_AES_ECB_decrypt_start_block_192: +L_AES_ECB_decrypt_loop_block_192: + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + push {r1, r3, r12, lr} + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_192: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_decrypt_block_nr_192 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r3, r12, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + subs r12, r12, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_ECB_decrypt_loop_block_192 + b L_AES_ECB_decrypt_end +L_AES_ECB_decrypt_start_block_128: +L_AES_ECB_decrypt_loop_block_128: + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + push {r1, r3, r12, lr} + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_128: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_ECB_decrypt_block_nr_128 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + pop {r1, r3, r12, lr} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + subs r12, r12, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_ECB_decrypt_loop_block_128 +L_AES_ECB_decrypt_end: + pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} + .size AES_ECB_decrypt,.-AES_ECB_decrypt +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC + .text + .type L_AES_ARM32_cbc_td4, %object + .size L_AES_ARM32_cbc_td4, 256 + .align 4 +L_AES_ARM32_cbc_td4: + .byte 0x52 + .byte 0x9 + .byte 0x6a + .byte 0xd5 + .byte 0x30 + .byte 0x36 + .byte 0xa5 + .byte 0x38 + .byte 0xbf + .byte 0x40 + .byte 0xa3 + .byte 0x9e + .byte 0x81 + .byte 0xf3 + .byte 0xd7 + .byte 0xfb + .byte 0x7c + .byte 0xe3 + .byte 0x39 + .byte 0x82 + .byte 0x9b + .byte 0x2f + .byte 0xff + .byte 0x87 + .byte 0x34 + .byte 0x8e + .byte 0x43 + .byte 0x44 + .byte 0xc4 + .byte 0xde + .byte 0xe9 + .byte 0xcb + .byte 0x54 + .byte 0x7b + .byte 0x94 + .byte 0x32 + .byte 0xa6 + .byte 0xc2 + .byte 0x23 + .byte 0x3d + .byte 0xee + .byte 0x4c + .byte 0x95 + .byte 0xb + .byte 0x42 + .byte 0xfa + .byte 0xc3 + .byte 0x4e + .byte 0x8 + .byte 0x2e + .byte 0xa1 + .byte 0x66 + .byte 0x28 + .byte 0xd9 + .byte 0x24 + .byte 0xb2 + .byte 0x76 + .byte 0x5b + .byte 0xa2 + .byte 0x49 + .byte 0x6d + .byte 0x8b + .byte 0xd1 + .byte 0x25 + .byte 0x72 + .byte 0xf8 + .byte 0xf6 + .byte 0x64 + .byte 0x86 + .byte 0x68 + .byte 0x98 + .byte 0x16 + .byte 0xd4 + .byte 0xa4 + .byte 0x5c + .byte 0xcc + .byte 0x5d + .byte 0x65 + .byte 0xb6 + .byte 0x92 + .byte 0x6c + .byte 0x70 + .byte 0x48 + .byte 0x50 + .byte 0xfd + .byte 0xed + .byte 0xb9 + .byte 0xda + .byte 0x5e + .byte 0x15 + .byte 0x46 + .byte 0x57 + .byte 0xa7 + .byte 0x8d + .byte 0x9d + .byte 0x84 + .byte 0x90 + .byte 0xd8 + .byte 0xab + .byte 0x0 + .byte 0x8c + .byte 0xbc + .byte 0xd3 + .byte 0xa + .byte 0xf7 + .byte 0xe4 + .byte 0x58 + .byte 0x5 + .byte 0xb8 + .byte 0xb3 + .byte 0x45 + .byte 0x6 + .byte 0xd0 + .byte 0x2c + .byte 0x1e + .byte 0x8f + .byte 0xca + .byte 0x3f + .byte 0xf + .byte 0x2 + .byte 0xc1 + .byte 0xaf + .byte 0xbd + .byte 0x3 + .byte 0x1 + .byte 0x13 + .byte 0x8a + .byte 0x6b + .byte 0x3a + .byte 0x91 + .byte 0x11 + .byte 0x41 + .byte 0x4f + .byte 0x67 + .byte 0xdc + .byte 0xea + .byte 0x97 + .byte 0xf2 + .byte 0xcf + .byte 0xce + .byte 0xf0 + .byte 0xb4 + .byte 0xe6 + .byte 0x73 + .byte 0x96 + .byte 0xac + .byte 0x74 + .byte 0x22 + .byte 0xe7 + .byte 0xad + .byte 0x35 + .byte 0x85 + .byte 0xe2 + .byte 0xf9 + .byte 0x37 + .byte 0xe8 + .byte 0x1c + .byte 0x75 + .byte 0xdf + .byte 0x6e + .byte 0x47 + .byte 0xf1 + .byte 0x1a + .byte 0x71 + .byte 0x1d + .byte 0x29 + .byte 0xc5 + .byte 0x89 + .byte 0x6f + .byte 0xb7 + .byte 0x62 + .byte 0xe + .byte 0xaa + .byte 0x18 + .byte 0xbe + .byte 0x1b + .byte 0xfc + .byte 0x56 + .byte 0x3e + .byte 0x4b + .byte 0xc6 + .byte 0xd2 + .byte 0x79 + .byte 0x20 + .byte 0x9a + .byte 0xdb + .byte 0xc0 + .byte 0xfe + .byte 0x78 + .byte 0xcd + .byte 0x5a + .byte 0xf4 + .byte 0x1f + .byte 0xdd + .byte 0xa8 + .byte 0x33 + .byte 0x88 + .byte 0x7 + .byte 0xc7 + .byte 0x31 + .byte 0xb1 + .byte 0x12 + .byte 0x10 + .byte 0x59 + .byte 0x27 + .byte 0x80 + .byte 0xec + .byte 0x5f + .byte 0x60 + .byte 0x51 + .byte 0x7f + .byte 0xa9 + .byte 0x19 + .byte 0xb5 + .byte 0x4a + .byte 0xd + .byte 0x2d + .byte 0xe5 + .byte 0x7a + .byte 0x9f + .byte 0x93 + .byte 0xc9 + .byte 0x9c + .byte 0xef + .byte 0xa0 + .byte 0xe0 + .byte 0x3b + .byte 0x4d + .byte 0xae + .byte 0x2a + .byte 0xf5 + .byte 0xb0 + .byte 0xc8 + .byte 0xeb + .byte 0xbb + .byte 0x3c + .byte 0x83 + .byte 0x53 + .byte 0x99 + .byte 0x61 + .byte 0x17 + .byte 0x2b + .byte 0x4 + .byte 0x7e + .byte 0xba + .byte 0x77 + .byte 0xd6 + .byte 0x26 + .byte 0xe1 + .byte 0x69 + .byte 0x14 + .byte 0x63 + .byte 0x55 + .byte 0x21 + .byte 0xc + .byte 0x7d + .text + .align 4 + .globl AES_CBC_decrypt + .type AES_CBC_decrypt, %function +AES_CBC_decrypt: + push {r4, r5, r6, r7, r8, r9, r10, r11, lr} + mov lr, r0 + adr r0, L_AES_ARM32_td_ecb + ldr r0, [r0] + mov r12, r2 + adr r2, L_AES_ARM32_cbc_td4 + ldr r8, [sp, #36] + ldr r4, [sp, #40] + push {r3, r4} + cmp r8, #10 + beq L_AES_CBC_decrypt_loop_block_128 + cmp r8, #12 + beq L_AES_CBC_decrypt_loop_block_192 +L_AES_CBC_decrypt_loop_block_256: + push {r1, r12, lr} + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] + ldr lr, [sp, #16] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [lr, #16] + str r5, [lr, #20] +#else + strd r4, r5, [lr, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [lr, #24] + str r7, [lr, #28] +#else + strd r6, r7, [lr, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_256_odd: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_decrypt_block_nr_256_odd +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + ldr lr, [sp, #16] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldm lr, {r8, r9, r10, r11} + pop {r1, r12, lr} + ldr r3, [sp] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + subs r12, r12, #16 + add lr, lr, #16 + add r1, r1, #16 + beq L_AES_CBC_decrypt_end_odd + push {r1, r12, lr} + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] + ldr lr, [sp, #16] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + stm lr, {r4, r5} +#else + strd r4, r5, [lr] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [lr, #8] + str r7, [lr, #12] +#else + strd r6, r7, [lr, #8] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_256_even: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_decrypt_block_nr_256_even +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + ldr lr, [sp, #16] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [lr, #16] + ldr r9, [lr, #20] +#else + ldrd r8, r9, [lr, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [lr, #24] + ldr r11, [lr, #28] +#else + ldrd r10, r11, [lr, #24] +#endif + pop {r1, r12, lr} + ldr r3, [sp] + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + str r4, [r1] + str r5, [r1, #4] + str r6, [r1, #8] + str r7, [r1, #12] + subs r12, r12, #16 + add lr, lr, #16 + add r1, r1, #16 + bne L_AES_CBC_decrypt_loop_block_256 + b L_AES_CBC_decrypt_end +L_AES_CBC_decrypt_loop_block_192: + push {r1, r12, lr} + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] + ldr lr, [sp, #16] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r4, [lr, #16] + str r5, [lr, #20] +#else + strd r4, r5, [lr, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [lr, #24] + str r7, [lr, #28] +#else + strd r6, r7, [lr, #24] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + eor r8, r4, r4, ror #16 + eor r9, r5, r5, ror #16 + eor r10, r6, r6, ror #16 + eor r11, r7, r7, ror #16 + bic r8, r8, #0xff0000 + bic r9, r9, #0xff0000 + bic r10, r10, #0xff0000 + bic r11, r11, #0xff0000 + ror r4, r4, #8 + ror r5, r5, #8 + ror r6, r6, #8 + ror r7, r7, #8 + eor r4, r4, r8, lsr #8 + eor r5, r5, r9, lsr #8 + eor r6, r6, r10, lsr #8 + eor r7, r7, r11, lsr #8 +#else + rev r4, r4 + rev r5, r5 + rev r6, r6 + rev r7, r7 +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_192_odd: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_CBC_decrypt_block_nr_192_odd +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r7, #8 + lsr r8, r8, #24 +#else + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 +#else + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 +#else + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 +#else + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r12, r9, #16 + lsr r12, r12, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldr r8, [lr] - ldr r9, [lr, #4] - ldr r10, [lr, #8] - ldr r11, [lr, #12] + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - ldr r8, [sp, #4] - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - ldm r8, {r4, r5, r6, r7} - subs r2, r2, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_CTR_encrypt_loop_block_256 - b L_AES_CTR_encrypt_end -L_AES_CTR_encrypt_start_block_192: -L_AES_CTR_encrypt_loop_block_192: - push {r1, r2, lr} +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ ldr lr, [sp, #16] - adds r11, r7, #1 - adcs r10, r6, #0 - adcs r9, r5, #0 - adc r8, r4, #0 - stm lr, {r8, r9, r10, r11} - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - mov r1, #5 - bl AES_encrypt_block - pop {r1, r2, lr} - ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) eor r8, r4, r4, ror #16 eor r9, r5, r5, ror #16 @@ -10341,44 +21712,38 @@ rev r6, r6 rev r7, r7 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldr r8, [lr] - ldr r9, [lr, #4] - ldr r10, [lr, #8] - ldr r11, [lr, #12] + ldm lr, {r8, r9, r10, r11} + pop {r1, r12, lr} + ldr r3, [sp] eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - ldr r8, [sp, #4] str r4, [r1] str r5, [r1, #4] str r6, [r1, #8] str r7, [r1, #12] - ldm r8, {r4, r5, r6, r7} - subs r2, r2, #16 + subs r12, r12, #16 add lr, lr, #16 add r1, r1, #16 - bne L_AES_CTR_encrypt_loop_block_192 - b L_AES_CTR_encrypt_end -L_AES_CTR_encrypt_start_block_128: -L_AES_CTR_encrypt_loop_block_128: - push {r1, r2, lr} + beq L_AES_CBC_decrypt_end_odd + push {r1, r12, lr} + ldr r4, [lr] + ldr r5, [lr, #4] + ldr r6, [lr, #8] + ldr r7, [lr, #12] ldr lr, [sp, #16] - adds r11, r7, #1 - adcs r10, r6, #0 - adcs r9, r5, #0 - adc r8, r4, #0 - stm lr, {r8, r9, r10, r11} - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - mov r1, #4 - bl AES_encrypt_block - pop {r1, r2, lr} - ldr r3, [sp] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + stm lr, {r4, r5} +#else + strd r4, r5, [lr] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + str r6, [lr, #8] + str r7, [lr, #12] +#else + strd r6, r7, [lr, #8] +#endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) eor r8, r4, r4, ror #16 eor r9, r5, r5, ror #16 @@ -10402,63 +21767,17 @@ rev r6, r6 rev r7, r7 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldr r8, [lr] - ldr r9, [lr, #4] - ldr r10, [lr, #8] - ldr r11, [lr, #12] + ldm r3!, {r8, r9, r10, r11} + # Round: 0 - XOR in key schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - ldr r8, [sp, #4] - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - ldm r8, {r4, r5, r6, r7} - subs r2, r2, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_CTR_encrypt_loop_block_128 -L_AES_CTR_encrypt_end: - pop {r3, r8} -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r10, r4, r4, ror #16 - eor r11, r5, r5, ror #16 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - eor r4, r4, r10, lsr #8 - eor r5, r5, r11, lsr #8 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r6, r6, #8 - ror r7, r7, #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + bl AES_decrypt_block #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - stm r8, {r4, r5, r6, r7} - pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size AES_CTR_encrypt,.-AES_CTR_encrypt -#endif /* WOLFSSL_AES_COUNTER */ -#ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ - defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) - .text - .align 4 - .globl AES_decrypt_block - .type AES_decrypt_block, %function -AES_decrypt_block: - push {lr} -L_AES_decrypt_block_nr: +L_AES_CBC_decrypt_block_nr_192_even: #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) lsl r8, r7, #8 @@ -10776,7 +22095,7 @@ eor r6, r6, r10 eor r7, r7, r11 subs r1, r1, #1 - bne L_AES_decrypt_block_nr + bne L_AES_CBC_decrypt_block_nr_192_even #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) lsl r8, r7, #8 @@ -11093,368 +22412,8 @@ eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - pop {pc} - .size AES_decrypt_block,.-AES_decrypt_block - .text - .type L_AES_ARM32_td_ecb, %object - .size L_AES_ARM32_td_ecb, 12 - .align 4 -L_AES_ARM32_td_ecb: - .word L_AES_ARM32_td_data - .text - .type L_AES_ARM32_td4, %object - .size L_AES_ARM32_td4, 256 - .align 4 -L_AES_ARM32_td4: - .byte 0x52 - .byte 0x9 - .byte 0x6a - .byte 0xd5 - .byte 0x30 - .byte 0x36 - .byte 0xa5 - .byte 0x38 - .byte 0xbf - .byte 0x40 - .byte 0xa3 - .byte 0x9e - .byte 0x81 - .byte 0xf3 - .byte 0xd7 - .byte 0xfb - .byte 0x7c - .byte 0xe3 - .byte 0x39 - .byte 0x82 - .byte 0x9b - .byte 0x2f - .byte 0xff - .byte 0x87 - .byte 0x34 - .byte 0x8e - .byte 0x43 - .byte 0x44 - .byte 0xc4 - .byte 0xde - .byte 0xe9 - .byte 0xcb - .byte 0x54 - .byte 0x7b - .byte 0x94 - .byte 0x32 - .byte 0xa6 - .byte 0xc2 - .byte 0x23 - .byte 0x3d - .byte 0xee - .byte 0x4c - .byte 0x95 - .byte 0xb - .byte 0x42 - .byte 0xfa - .byte 0xc3 - .byte 0x4e - .byte 0x8 - .byte 0x2e - .byte 0xa1 - .byte 0x66 - .byte 0x28 - .byte 0xd9 - .byte 0x24 - .byte 0xb2 - .byte 0x76 - .byte 0x5b - .byte 0xa2 - .byte 0x49 - .byte 0x6d - .byte 0x8b - .byte 0xd1 - .byte 0x25 - .byte 0x72 - .byte 0xf8 - .byte 0xf6 - .byte 0x64 - .byte 0x86 - .byte 0x68 - .byte 0x98 - .byte 0x16 - .byte 0xd4 - .byte 0xa4 - .byte 0x5c - .byte 0xcc - .byte 0x5d - .byte 0x65 - .byte 0xb6 - .byte 0x92 - .byte 0x6c - .byte 0x70 - .byte 0x48 - .byte 0x50 - .byte 0xfd - .byte 0xed - .byte 0xb9 - .byte 0xda - .byte 0x5e - .byte 0x15 - .byte 0x46 - .byte 0x57 - .byte 0xa7 - .byte 0x8d - .byte 0x9d - .byte 0x84 - .byte 0x90 - .byte 0xd8 - .byte 0xab - .byte 0x0 - .byte 0x8c - .byte 0xbc - .byte 0xd3 - .byte 0xa - .byte 0xf7 - .byte 0xe4 - .byte 0x58 - .byte 0x5 - .byte 0xb8 - .byte 0xb3 - .byte 0x45 - .byte 0x6 - .byte 0xd0 - .byte 0x2c - .byte 0x1e - .byte 0x8f - .byte 0xca - .byte 0x3f - .byte 0xf - .byte 0x2 - .byte 0xc1 - .byte 0xaf - .byte 0xbd - .byte 0x3 - .byte 0x1 - .byte 0x13 - .byte 0x8a - .byte 0x6b - .byte 0x3a - .byte 0x91 - .byte 0x11 - .byte 0x41 - .byte 0x4f - .byte 0x67 - .byte 0xdc - .byte 0xea - .byte 0x97 - .byte 0xf2 - .byte 0xcf - .byte 0xce - .byte 0xf0 - .byte 0xb4 - .byte 0xe6 - .byte 0x73 - .byte 0x96 - .byte 0xac - .byte 0x74 - .byte 0x22 - .byte 0xe7 - .byte 0xad - .byte 0x35 - .byte 0x85 - .byte 0xe2 - .byte 0xf9 - .byte 0x37 - .byte 0xe8 - .byte 0x1c - .byte 0x75 - .byte 0xdf - .byte 0x6e - .byte 0x47 - .byte 0xf1 - .byte 0x1a - .byte 0x71 - .byte 0x1d - .byte 0x29 - .byte 0xc5 - .byte 0x89 - .byte 0x6f - .byte 0xb7 - .byte 0x62 - .byte 0xe - .byte 0xaa - .byte 0x18 - .byte 0xbe - .byte 0x1b - .byte 0xfc - .byte 0x56 - .byte 0x3e - .byte 0x4b - .byte 0xc6 - .byte 0xd2 - .byte 0x79 - .byte 0x20 - .byte 0x9a - .byte 0xdb - .byte 0xc0 - .byte 0xfe - .byte 0x78 - .byte 0xcd - .byte 0x5a - .byte 0xf4 - .byte 0x1f - .byte 0xdd - .byte 0xa8 - .byte 0x33 - .byte 0x88 - .byte 0x7 - .byte 0xc7 - .byte 0x31 - .byte 0xb1 - .byte 0x12 - .byte 0x10 - .byte 0x59 - .byte 0x27 - .byte 0x80 - .byte 0xec - .byte 0x5f - .byte 0x60 - .byte 0x51 - .byte 0x7f - .byte 0xa9 - .byte 0x19 - .byte 0xb5 - .byte 0x4a - .byte 0xd - .byte 0x2d - .byte 0xe5 - .byte 0x7a - .byte 0x9f - .byte 0x93 - .byte 0xc9 - .byte 0x9c - .byte 0xef - .byte 0xa0 - .byte 0xe0 - .byte 0x3b - .byte 0x4d - .byte 0xae - .byte 0x2a - .byte 0xf5 - .byte 0xb0 - .byte 0xc8 - .byte 0xeb - .byte 0xbb - .byte 0x3c - .byte 0x83 - .byte 0x53 - .byte 0x99 - .byte 0x61 - .byte 0x17 - .byte 0x2b - .byte 0x4 - .byte 0x7e - .byte 0xba - .byte 0x77 - .byte 0xd6 - .byte 0x26 - .byte 0xe1 - .byte 0x69 - .byte 0x14 - .byte 0x63 - .byte 0x55 - .byte 0x21 - .byte 0xc - .byte 0x7d -#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) - .text - .align 4 - .globl AES_ECB_decrypt - .type AES_ECB_decrypt, %function -AES_ECB_decrypt: - push {r4, r5, r6, r7, r8, r9, r10, r11, lr} - ldr r8, [sp, #36] - mov lr, r0 - adr r0, L_AES_ARM32_td_ecb - ldr r0, [r0] - mov r12, r2 - adr r2, L_AES_ARM32_td4 - cmp r8, #10 - beq L_AES_ECB_decrypt_start_block_128 - cmp r8, #12 - beq L_AES_ECB_decrypt_start_block_192 -L_AES_ECB_decrypt_loop_block_256: - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 -#else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - push {r1, r3, r12, lr} - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - mov r1, #6 - bl AES_decrypt_block - pop {r1, r3, r12, lr} -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 -#else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_ECB_decrypt_loop_block_256 - b L_AES_ECB_decrypt_end -L_AES_ECB_decrypt_start_block_192: -L_AES_ECB_decrypt_loop_block_192: - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + ldr lr, [sp, #16] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) eor r8, r4, r4, ror #16 eor r9, r5, r5, ror #16 @@ -11478,110 +22437,24 @@ rev r6, r6 rev r7, r7 #endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - push {r1, r3, r12, lr} - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - mov r1, #5 - bl AES_decrypt_block - pop {r1, r3, r12, lr} -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r8, [lr, #16] + ldr r9, [lr, #20] #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_ECB_decrypt_loop_block_192 - b L_AES_ECB_decrypt_end -L_AES_ECB_decrypt_start_block_128: -L_AES_ECB_decrypt_loop_block_128: - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + ldrd r8, r9, [lr, #16] +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + ldr r10, [lr, #24] + ldr r11, [lr, #28] #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - push {r1, r3, r12, lr} - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule + ldrd r10, r11, [lr, #24] +#endif + pop {r1, r12, lr} + ldr r3, [sp] eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #4 - bl AES_decrypt_block - pop {r1, r3, r12, lr} -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 -#else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ str r4, [r1] str r5, [r1, #4] str r6, [r1, #8] @@ -11589,31 +22462,9 @@ subs r12, r12, #16 add lr, lr, #16 add r1, r1, #16 - bne L_AES_ECB_decrypt_loop_block_128 -L_AES_ECB_decrypt_end: - pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} - .size AES_ECB_decrypt,.-AES_ECB_decrypt -#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ -#ifdef HAVE_AES_CBC - .text - .align 4 - .globl AES_CBC_decrypt - .type AES_CBC_decrypt, %function -AES_CBC_decrypt: - push {r4, r5, r6, r7, r8, r9, r10, r11, lr} - mov lr, r0 - adr r0, L_AES_ARM32_td_ecb - ldr r0, [r0] - mov r12, r2 - adr r2, L_AES_ARM32_td4 - ldr r8, [sp, #36] - ldr r4, [sp, #40] - push {r3, r4} - cmp r8, #10 - beq L_AES_CBC_decrypt_loop_block_128 - cmp r8, #12 - beq L_AES_CBC_decrypt_loop_block_192 -L_AES_CBC_decrypt_loop_block_256: + bne L_AES_CBC_decrypt_loop_block_192 + b L_AES_CBC_decrypt_end +L_AES_CBC_decrypt_loop_block_128: push {r1, r12, lr} ldr r4, [lr] ldr r5, [lr, #4] @@ -11661,196 +22512,646 @@ eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #6 + mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_decrypt_block - ldr lr, [sp, #16] +#else +L_AES_CBC_decrypt_block_nr_128_odd: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r8, r7, #8 + lsr r8, r8, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldm lr, {r8, r9, r10, r11} - pop {r1, r12, lr} - ldr r3, [sp] - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - beq L_AES_CBC_decrypt_end_odd - push {r1, r12, lr} - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] - ldr lr, [sp, #16] + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - stm lr, {r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 #else - strd r4, r5, [lr] + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r6, [lr, #8] - str r7, [lr, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 #else - strd r6, r7, [lr, #8] + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 #endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r9, r4, #8 + lsr r9, r9, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #6 - bl AES_decrypt_block - ldr lr, [sp, #16] + subs r1, r1, #1 + bne L_AES_CBC_decrypt_block_nr_128_odd +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r8, r7, #8 + lsr r8, r8, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - ldr r8, [lr, #16] - ldr r9, [lr, #20] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 #else - ldrd r8, r9, [lr, #16] + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - ldr r10, [lr, #24] - ldr r11, [lr, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 #else - ldrd r10, r11, [lr, #24] + uxtb lr, r5 #endif - pop {r1, r12, lr} - ldr r3, [sp] - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_CBC_decrypt_loop_block_256 - b L_AES_CBC_decrypt_end -L_AES_CBC_decrypt_loop_block_192: - push {r1, r12, lr} - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] - ldr lr, [sp, #16] +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r4, [lr, #16] - str r5, [lr, #20] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 #else - strd r4, r5, [lr, #16] + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 #endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r6, [lr, #24] - str r7, [lr, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 #else - strd r6, r7, [lr, #24] + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 #endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r10, r5, #8 + lsr r10, r10, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #5 - bl AES_decrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ ldr lr, [sp, #16] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) eor r8, r4, r4, ror #16 @@ -11936,196 +23237,646 @@ eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #5 + mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_decrypt_block - ldr lr, [sp, #16] +#else +L_AES_CBC_decrypt_block_nr_128_even: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r8, r7, #8 + lsr r8, r8, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - ldr r8, [lr, #16] - ldr r9, [lr, #20] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 #else - ldrd r8, r9, [lr, #16] + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - ldr r10, [lr, #24] - ldr r11, [lr, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 #else - ldrd r10, r11, [lr, #24] + uxtb lr, r5 #endif - pop {r1, r12, lr} - ldr r3, [sp] - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - bne L_AES_CBC_decrypt_loop_block_192 - b L_AES_CBC_decrypt_end -L_AES_CBC_decrypt_loop_block_128: - push {r1, r12, lr} - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] - ldr lr, [sp, #16] +#else + ubfx lr, r5, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r4, [lr, #16] - str r5, [lr, #20] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r4, #8 + lsr r9, r9, #24 #else - strd r4, r5, [lr, #16] + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 #endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r6, [lr, #24] - str r7, [lr, #28] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 #else - strd r6, r7, [lr, #24] + uxtb r12, r7, ror #8 #endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl lr, r6, #24 + lsr lr, lr, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #8 + lsr r4, r4, #24 +#else + uxtb r4, r11, ror #16 +#endif +#else + ubfx r4, r11, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r10, #16 + lsr r12, r12, #24 +#else + uxtb r12, r10, ror #8 +#endif +#else + ubfx r12, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #24 + lsr lr, lr, #24 +#else + uxtb lr, r9 +#endif +#else + ubfx lr, r9, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #8 + lsr r5, r5, #24 +#else + uxtb r5, r8, ror #16 +#endif +#else + ubfx r5, r8, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #16 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #8 +#endif +#else + ubfx r12, r11, #8, #8 +#endif + eor r4, r4, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #24 + lsr lr, lr, #24 +#else + uxtb lr, r10 +#endif +#else + ubfx lr, r10, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #8 + lsr r6, r6, #24 +#else + uxtb r6, r9, ror #16 +#endif +#else + ubfx r6, r9, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #16 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #8 +#endif +#else + ubfx r12, r8, #8, #8 +#endif + eor r5, r5, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #24 + lsr lr, lr, #24 +#else + uxtb lr, r11 +#endif +#else + ubfx lr, r11, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r8, #24 + lsr r8, r8, #24 +#else + uxtb r8, r8 +#endif +#else + ubfx r8, r8, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #8 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #16 +#endif +#else + ubfx r7, r10, #16, #8 +#endif + eor r6, r6, r12, ror #8 + lsr r12, r11, #24 + eor r6, r6, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r8, ror #24 ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule + eor r7, r7, lr, ror #8 + eor r7, r7, r12, ror #24 + # XOR in Key Schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #4 - bl AES_decrypt_block - ldr lr, [sp, #16] + subs r1, r1, #1 + bne L_AES_CBC_decrypt_block_nr_128_even +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r8, r7, #8 + lsr r8, r8, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldm lr, {r8, r9, r10, r11} - pop {r1, r12, lr} - ldr r3, [sp] - eor r4, r4, r8 - eor r5, r5, r9 - eor r6, r6, r10 - eor r7, r7, r11 - str r4, [r1] - str r5, [r1, #4] - str r6, [r1, #8] - str r7, [r1, #12] - subs r12, r12, #16 - add lr, lr, #16 - add r1, r1, #16 - beq L_AES_CBC_decrypt_end_odd - push {r1, r12, lr} - ldr r4, [lr] - ldr r5, [lr, #4] - ldr r6, [lr, #8] - ldr r7, [lr, #12] - ldr lr, [sp, #16] + uxtb r8, r7, ror #16 +#endif +#else + ubfx r8, r7, #16, #8 +#endif + lsr r11, r4, #24 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - stm lr, {r4, r5} +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r6, #16 + lsr r12, r12, #24 #else - strd r4, r5, [lr] + uxtb r12, r6, ror #8 +#endif +#else + ubfx r12, r6, #8, #8 #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - str r6, [lr, #8] - str r7, [lr, #12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #24 + lsr lr, lr, #24 #else - strd r6, r7, [lr, #8] + uxtb lr, r5 +#endif +#else + ubfx lr, r5, #0, #8 #endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - eor r8, r4, r4, ror #16 - eor r9, r5, r5, ror #16 - eor r10, r6, r6, ror #16 - eor r11, r7, r7, ror #16 - bic r8, r8, #0xff0000 - bic r9, r9, #0xff0000 - bic r10, r10, #0xff0000 - bic r11, r11, #0xff0000 - ror r4, r4, #8 - ror r5, r5, #8 - ror r6, r6, #8 - ror r7, r7, #8 - eor r4, r4, r8, lsr #8 - eor r5, r5, r9, lsr #8 - eor r6, r6, r10, lsr #8 - eor r7, r7, r11, lsr #8 + lsl r9, r4, #8 + lsr r9, r9, #24 #else - rev r4, r4 - rev r5, r5 - rev r6, r6 - rev r7, r7 -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - ldm r3!, {r8, r9, r10, r11} - # Round: 0 - XOR in key schedule + uxtb r9, r4, ror #16 +#endif +#else + ubfx r9, r4, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r7, #16 + lsr r12, r12, #24 +#else + uxtb r12, r7, ror #8 +#endif +#else + ubfx r12, r7, #8, #8 +#endif + eor r8, r8, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #24 + lsr lr, lr, #24 +#else + uxtb lr, r6 +#endif +#else + ubfx lr, r6, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r5, #8 + lsr r10, r10, #24 +#else + uxtb r10, r5, ror #16 +#endif +#else + ubfx r10, r5, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, r12, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r4, #16 + lsr r12, r12, #24 +#else + uxtb r12, r4, ror #8 +#endif +#else + ubfx r12, r4, #8, #8 +#endif + eor r9, r9, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #24 + lsr lr, lr, #24 +#else + uxtb lr, r7 +#endif +#else + ubfx lr, r7, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr lr, [r0, lr, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r4, #24 + lsr r4, r4, #24 +#else + uxtb r4, r4 +#endif +#else + ubfx r4, r4, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r6, #8 + lsr r11, r11, #24 +#else + uxtb r11, r6, ror #16 +#endif +#else + ubfx r11, r6, #16, #8 +#endif + eor r10, r10, r12, ror #8 + lsr r12, r7, #24 + eor r10, r10, lr, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r5, #16 + lsr lr, lr, #24 +#else + uxtb lr, r5, ror #8 +#endif +#else + ubfx lr, r5, #8, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r12, [r0, r12, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + eor r12, r12, r4, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #8 + eor r11, r11, r12, ror #24 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #24 + lsr r4, r4, #24 +#else + uxtb r4, r9 +#endif +#else + ubfx r4, r9, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r11, #8 + lsr r12, r12, #24 +#else + uxtb r12, r11, ror #16 +#endif +#else + ubfx r12, r11, #16, #8 +#endif + lsr lr, r8, #24 + ldrb r4, [r2, r4] + ldrb r7, [r2, r7] + ldrb r12, [r2, r12] + ldrb lr, [r2, lr] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #24 + lsr r5, r5, #24 +#else + uxtb r5, r10 +#endif +#else + ubfx r5, r10, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r8, #8 + lsr r12, r12, #24 +#else + uxtb r12, r8, ror #16 +#endif +#else + ubfx r12, r8, #16, #8 +#endif + eor r4, r4, lr, lsl #24 + lsr lr, r9, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r5, [r2, r5] + ldrb r12, [r2, r12] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #24 + lsr r6, r6, #24 +#else + uxtb r6, r11 +#endif +#else + ubfx r6, r11, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #8 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #16 +#endif +#else + ubfx r12, r9, #16, #8 +#endif + eor r5, r5, lr, lsl #24 + lsr lr, r10, #24 + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + ldrb r6, [r2, r6] + ldrb r12, [r2, r12] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #24 + lsr r7, r7, #24 +#else + uxtb r7, r8 +#endif +#else + ubfx r7, r8, #0, #8 +#endif + eor r6, r6, r12, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r12, r9, #16 + lsr r12, r12, #24 +#else + uxtb r12, r9, ror #8 +#endif +#else + ubfx r12, r9, #8, #8 +#endif + eor r6, r6, lr, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + ldrb r11, [r2, r11] + ldrb r12, [r2, r12] + ldrb r7, [r2, r7] + ldrb lr, [r2, lr] + eor r12, r12, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, r12, lsl #8 + eor r7, r7, lr, lsl #16 + # XOR in Key Schedule eor r4, r4, r8 eor r5, r5, r9 eor r6, r6, r10 eor r7, r7, r11 - mov r1, #4 - bl AES_decrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ ldr lr, [sp, #16] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) eor r8, r4, r4, ror #16 @@ -12869,7 +24620,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_256: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_GCM_encrypt_block_nr_256 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -12927,7 +25316,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_192: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_GCM_encrypt_block_nr_192 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -12985,7 +26012,645 @@ eor r6, r6, r10 eor r7, r7, r11 mov r1, #4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE bl AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_128: +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r9, #8 + lsr r4, r4, #24 +#else + uxtb r4, r9, ror #16 +#endif +#else + ubfx r4, r9, #16, #8 +#endif + lsr r7, r8, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #16 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #8 +#endif +#else + ubfx lr, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r11, #24 + lsr r2, r2, #24 +#else + uxtb r2, r11 +#endif +#else + ubfx r2, r11, #0, #8 +#endif + ldr r4, [r0, r4, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r10, #8 + lsr r5, r5, #24 +#else + uxtb r5, r10, ror #16 +#endif +#else + ubfx r5, r10, #16, #8 +#endif + eor r4, r4, r7, ror #24 + lsr r7, r9, #24 + eor r4, r4, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #16 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #8 +#endif +#else + ubfx lr, r11, #8, #8 +#endif + eor r4, r4, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #24 + lsr r2, r2, #24 +#else + uxtb r2, r8 +#endif +#else + ubfx r2, r8, #0, #8 +#endif + ldr r5, [r0, r5, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r11, #8 + lsr r6, r6, #24 +#else + uxtb r6, r11, ror #16 +#endif +#else + ubfx r6, r11, #16, #8 +#endif + eor r5, r5, r7, ror #24 + lsr r7, r10, #24 + eor r5, r5, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r8, #16 + lsr lr, lr, #24 +#else + uxtb lr, r8, ror #8 +#endif +#else + ubfx lr, r8, #8, #8 +#endif + eor r5, r5, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #24 + lsr r2, r2, #24 +#else + uxtb r2, r9 +#endif +#else + ubfx r2, r9, #0, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r10, #24 + lsr r10, r10, #24 +#else + uxtb r10, r10 +#endif +#else + ubfx r10, r10, #0, #8 +#endif + eor r6, r6, r7, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #8 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #16 +#endif +#else + ubfx r7, r8, #16, #8 +#endif + eor r6, r6, lr, ror #8 + lsr lr, r11, #24 + eor r6, r6, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r9, #16 + lsr r2, r2, #24 +#else + uxtb r2, r9, ror #8 +#endif +#else + ubfx r2, r9, #8, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r7, [r0, r7, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r10, ror #24 + ldm r3!, {r8, r9, r10, r11} + eor r7, r7, lr, ror #24 + eor r7, r7, r2, ror #8 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 + subs r1, r1, #1 + bne L_AES_GCM_encrypt_block_nr_128 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r8, r5, #8 + lsr r8, r8, #24 +#else + uxtb r8, r5, ror #16 +#endif +#else + ubfx r8, r5, #16, #8 +#endif + lsr r11, r4, #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r6, #16 + lsr lr, lr, #24 +#else + uxtb lr, r6, ror #8 +#endif +#else + ubfx lr, r6, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r7, #24 + lsr r2, r2, #24 +#else + uxtb r2, r7 +#endif +#else + ubfx r2, r7, #0, #8 +#endif + ldr r8, [r0, r8, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r9, r6, #8 + lsr r9, r9, #24 +#else + uxtb r9, r6, ror #16 +#endif +#else + ubfx r9, r6, #16, #8 +#endif + eor r8, r8, r11, ror #24 + lsr r11, r5, #24 + eor r8, r8, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r7, #16 + lsr lr, lr, #24 +#else + uxtb lr, r7, ror #8 +#endif +#else + ubfx lr, r7, #8, #8 +#endif + eor r8, r8, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r4, #24 + lsr r2, r2, #24 +#else + uxtb r2, r4 +#endif +#else + ubfx r2, r4, #0, #8 +#endif + ldr r9, [r0, r9, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r10, r7, #8 + lsr r10, r10, #24 +#else + uxtb r10, r7, ror #16 +#endif +#else + ubfx r10, r7, #16, #8 +#endif + eor r9, r9, r11, ror #24 + lsr r11, r6, #24 + eor r9, r9, lr, ror #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r4, #16 + lsr lr, lr, #24 +#else + uxtb lr, r4, ror #8 +#endif +#else + ubfx lr, r4, #8, #8 +#endif + eor r9, r9, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #24 + lsr r2, r2, #24 +#else + uxtb r2, r5 +#endif +#else + ubfx r2, r5, #0, #8 +#endif + ldr r10, [r0, r10, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r6, #24 + lsr r6, r6, #24 +#else + uxtb r6, r6 +#endif +#else + ubfx r6, r6, #0, #8 +#endif + eor r10, r10, r11, ror #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r11, r4, #8 + lsr r11, r11, #24 +#else + uxtb r11, r4, ror #16 +#endif +#else + ubfx r11, r4, #16, #8 +#endif + eor r10, r10, lr, ror #8 + lsr lr, r7, #24 + eor r10, r10, r2, ror #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r5, #16 + lsr r2, r2, #24 +#else + uxtb r2, r5, ror #8 +#endif +#else + ubfx r2, r5, #8, #8 +#endif + ldr r6, [r0, r6, lsl #2] + ldr lr, [r0, lr, lsl #2] + ldr r11, [r0, r11, lsl #2] + ldr r2, [r0, r2, lsl #2] + eor lr, lr, r6, ror #24 + ldm r3!, {r4, r5, r6, r7} + eor r11, r11, lr, ror #24 + eor r11, r11, r2, ror #8 + # XOR in Key Schedule + eor r8, r8, r4 + eor r9, r9, r5 + eor r10, r10, r6 + eor r11, r11, r7 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r4, r11, #24 + lsr r4, r4, #24 +#else + uxtb r4, r11 +#endif +#else + ubfx r4, r11, #0, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #16 + lsr r7, r7, #24 +#else + uxtb r7, r10, ror #8 +#endif +#else + ubfx r7, r10, #8, #8 +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #8 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #16 +#endif +#else + ubfx lr, r9, #16, #8 +#endif + lsr r2, r8, #24 + ldrb r4, [r0, r4, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r5, r8, #24 + lsr r5, r5, #24 +#else + uxtb r5, r8 +#endif +#else + ubfx r5, r8, #0, #8 +#endif + eor r4, r4, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r11, #16 + lsr r7, r7, #24 +#else + uxtb r7, r11, ror #8 +#endif +#else + ubfx r7, r11, #8, #8 +#endif + eor r4, r4, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r10, #8 + lsr lr, lr, #24 +#else + uxtb lr, r10, ror #16 +#endif +#else + ubfx lr, r10, #16, #8 +#endif + eor r4, r4, r2, lsl #24 + lsr r2, r9, #24 + ldrb r5, [r0, r5, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r6, r9, #24 + lsr r6, r6, #24 +#else + uxtb r6, r9 +#endif +#else + ubfx r6, r9, #0, #8 +#endif + eor r5, r5, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r8, #16 + lsr r7, r7, #24 +#else + uxtb r7, r8, ror #8 +#endif +#else + ubfx r7, r8, #8, #8 +#endif + eor r5, r5, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r11, #8 + lsr lr, lr, #24 +#else + uxtb lr, r11, ror #16 +#endif +#else + ubfx lr, r11, #16, #8 +#endif + eor r5, r5, r2, lsl #24 + lsr r2, r10, #24 + ldrb r6, [r0, r6, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + lsr r11, r11, #24 + eor r6, r6, r7, lsl #8 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r7, r10, #24 + lsr r7, r7, #24 +#else + uxtb r7, r10 +#endif +#else + ubfx r7, r10, #0, #8 +#endif + eor r6, r6, lr, lsl #16 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl lr, r9, #16 + lsr lr, lr, #24 +#else + uxtb lr, r9, ror #8 +#endif +#else + ubfx lr, r9, #8, #8 +#endif + eor r6, r6, r2, lsl #24 +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + lsl r2, r8, #8 + lsr r2, r2, #24 +#else + uxtb r2, r8, ror #16 +#endif +#else + ubfx r2, r8, #16, #8 +#endif + ldrb r11, [r0, r11, lsl #2] + ldrb r7, [r0, r7, lsl #2] + ldrb lr, [r0, lr, lsl #2] + ldrb r2, [r0, r2, lsl #2] + eor lr, lr, r11, lsl #16 + ldm r3, {r8, r9, r10, r11} + eor r7, r7, lr, lsl #8 + eor r7, r7, r2, lsl #16 + # XOR in Key Schedule + eor r4, r4, r8 + eor r5, r5, r9 + eor r6, r6, r10 + eor r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ pop {r1, r2, lr} ldr r3, [sp] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-aes-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -4219,7 +4219,8 @@ __asm__ __volatile__ ( "vld1.8 {q0}, [%[nonce]]\n\t" - "vldm %[key]!, {q1-q4}\n\t" + "vld1.8 {q1-q2}, [%[key]]!\n\t" + "vld1.8 {q3-q4}, [%[key]]!\n\t" "aese.8 q0, q1\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q2\n\t" @@ -4228,7 +4229,8 @@ "aesmc.8 q0, q0\n\t" "aese.8 q0, q4\n\t" "aesmc.8 q0, q0\n\t" - "vldm %[key]!, {q1-q4}\n\t" + "vld1.8 {q1-q2}, [%[key]]!\n\t" + "vld1.8 {q3-q4}, [%[key]]!\n\t" "aese.8 q0, q1\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q2\n\t" @@ -4238,26 +4240,26 @@ "aese.8 q0, q4\n\t" "aesmc.8 q0, q0\n\t" "subs %[nr], %[nr], #10\n\t" - "vld1.32 {q1-q2}, [%[key]]!\n\t" + "vld1.8 {q1-q2}, [%[key]]!\n\t" "aese.8 q0, q1\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q2\n\t" "beq L_aes_gcm_set_key_arm32_crypto_round_done_%=\n\t" - "vld1.32 {q1-q2}, [%[key]]!\n\t" + "vld1.8 {q1-q2}, [%[key]]!\n\t" "subs %[nr], %[nr], #2\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q1\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q2\n\t" "beq L_aes_gcm_set_key_arm32_crypto_round_done_%=\n\t" - "vld1.32 {q1-q2}, [%[key]]!\n\t" + "vld1.8 {q1-q2}, [%[key]]!\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q1\n\t" "aesmc.8 q0, q0\n\t" "aese.8 q0, q2\n\t" "\n" "L_aes_gcm_set_key_arm32_crypto_round_done_%=: \n\t" - "vld1.32 {q1}, [%[key]]\n\t" + "vld1.8 {q1}, [%[key]]\n\t" "veor q0, q0, q1\n\t" "vmov.i8 q1, #0x55\n\t" "vshl.u8 q2, q0, #1\n\t" @@ -9348,6 +9350,7 @@ ); } +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE void AES_encrypt_block(const word32* te_p, int nr_p, int len_p, const word32* ks_p); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -10013,6 +10016,7 @@ ); } +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ #if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_ECB) @@ -10087,7 +10091,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_ECB_encrypt_block_nr_256_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_encrypt_block_nr_256_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10161,7 +10804,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_ECB_encrypt_block_nr_192_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_encrypt_block_nr_192_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10235,7 +11517,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_ECB_encrypt_block_nr_128_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_encrypt_block_nr_128_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10370,7 +12291,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_CBC_encrypt_block_nr_256_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_encrypt_block_nr_256_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10448,7 +13008,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_CBC_encrypt_block_nr_192_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_encrypt_block_nr_192_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10526,7 +13725,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_CBC_encrypt_block_nr_128_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_encrypt_block_nr_128_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -10663,395 +14501,164 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" - "pop {r1, %[len], lr}\n\t" - "ldr %[ks], [sp]\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "eor r8, r4, r4, ror #16\n\t" - "eor r9, r5, r5, ror #16\n\t" - "eor r10, r6, r6, ror #16\n\t" - "eor r11, r7, r7, ror #16\n\t" - "bic r8, r8, #0xff0000\n\t" - "bic r9, r9, #0xff0000\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r4, r4, #8\n\t" - "ror r5, r5, #8\n\t" - "ror r6, r6, #8\n\t" - "ror r7, r7, #8\n\t" - "eor r4, r4, r8, lsr #8\n\t" - "eor r5, r5, r9, lsr #8\n\t" - "eor r6, r6, r10, lsr #8\n\t" - "eor r7, r7, r11, lsr #8\n\t" -#else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "ldr r8, [lr]\n\t" - "ldr r9, [lr, #4]\n\t" - "ldr r10, [lr, #8]\n\t" - "ldr r11, [lr, #12]\n\t" - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "ldr r8, [sp, #4]\n\t" - "str r4, [%[out]]\n\t" - "str r5, [%[out], #4]\n\t" - "str r6, [%[out], #8]\n\t" - "str r7, [%[out], #12]\n\t" - "ldm r8, {r4, r5, r6, r7}\n\t" - "subs %[len], %[len], #16\n\t" - "add lr, lr, #16\n\t" - "add %[out], %[out], #16\n\t" - "bne L_AES_CTR_encrypt_loop_block_256_%=\n\t" - "b L_AES_CTR_encrypt_end_%=\n\t" - "\n" - "L_AES_CTR_encrypt_start_block_192_%=: \n\t" - "\n" - "L_AES_CTR_encrypt_loop_block_192_%=: \n\t" - "push {r1, %[len], lr}\n\t" - "ldr lr, [sp, #16]\n\t" - "adds r11, r7, #1\n\t" - "adcs r10, r6, #0\n\t" - "adcs r9, r5, #0\n\t" - "adc r8, r4, #0\n\t" - "stm lr, {r8, r9, r10, r11}\n\t" - "ldm %[ks]!, {r8, r9, r10, r11}\n\t" - /* Round: 0 - XOR in key schedule */ - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "mov r1, #5\n\t" - "bl AES_encrypt_block\n\t" - "pop {r1, %[len], lr}\n\t" - "ldr %[ks], [sp]\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "eor r8, r4, r4, ror #16\n\t" - "eor r9, r5, r5, ror #16\n\t" - "eor r10, r6, r6, ror #16\n\t" - "eor r11, r7, r7, ror #16\n\t" - "bic r8, r8, #0xff0000\n\t" - "bic r9, r9, #0xff0000\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r4, r4, #8\n\t" - "ror r5, r5, #8\n\t" - "ror r6, r6, #8\n\t" - "ror r7, r7, #8\n\t" - "eor r4, r4, r8, lsr #8\n\t" - "eor r5, r5, r9, lsr #8\n\t" - "eor r6, r6, r10, lsr #8\n\t" - "eor r7, r7, r11, lsr #8\n\t" -#else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "ldr r8, [lr]\n\t" - "ldr r9, [lr, #4]\n\t" - "ldr r10, [lr, #8]\n\t" - "ldr r11, [lr, #12]\n\t" - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "ldr r8, [sp, #4]\n\t" - "str r4, [%[out]]\n\t" - "str r5, [%[out], #4]\n\t" - "str r6, [%[out], #8]\n\t" - "str r7, [%[out], #12]\n\t" - "ldm r8, {r4, r5, r6, r7}\n\t" - "subs %[len], %[len], #16\n\t" - "add lr, lr, #16\n\t" - "add %[out], %[out], #16\n\t" - "bne L_AES_CTR_encrypt_loop_block_192_%=\n\t" - "b L_AES_CTR_encrypt_end_%=\n\t" - "\n" - "L_AES_CTR_encrypt_start_block_128_%=: \n\t" - "\n" - "L_AES_CTR_encrypt_loop_block_128_%=: \n\t" - "push {r1, %[len], lr}\n\t" - "ldr lr, [sp, #16]\n\t" - "adds r11, r7, #1\n\t" - "adcs r10, r6, #0\n\t" - "adcs r9, r5, #0\n\t" - "adc r8, r4, #0\n\t" - "stm lr, {r8, r9, r10, r11}\n\t" - "ldm %[ks]!, {r8, r9, r10, r11}\n\t" - /* Round: 0 - XOR in key schedule */ - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "mov r1, #4\n\t" - "bl AES_encrypt_block\n\t" - "pop {r1, %[len], lr}\n\t" - "ldr %[ks], [sp]\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "eor r8, r4, r4, ror #16\n\t" - "eor r9, r5, r5, ror #16\n\t" - "eor r10, r6, r6, ror #16\n\t" - "eor r11, r7, r7, ror #16\n\t" - "bic r8, r8, #0xff0000\n\t" - "bic r9, r9, #0xff0000\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r4, r4, #8\n\t" - "ror r5, r5, #8\n\t" - "ror r6, r6, #8\n\t" - "ror r7, r7, #8\n\t" - "eor r4, r4, r8, lsr #8\n\t" - "eor r5, r5, r9, lsr #8\n\t" - "eor r6, r6, r10, lsr #8\n\t" - "eor r7, r7, r11, lsr #8\n\t" -#else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "ldr r8, [lr]\n\t" - "ldr r9, [lr, #4]\n\t" - "ldr r10, [lr, #8]\n\t" - "ldr r11, [lr, #12]\n\t" - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "ldr r8, [sp, #4]\n\t" - "str r4, [%[out]]\n\t" - "str r5, [%[out], #4]\n\t" - "str r6, [%[out], #8]\n\t" - "str r7, [%[out], #12]\n\t" - "ldm r8, {r4, r5, r6, r7}\n\t" - "subs %[len], %[len], #16\n\t" - "add lr, lr, #16\n\t" - "add %[out], %[out], #16\n\t" - "bne L_AES_CTR_encrypt_loop_block_128_%=\n\t" - "\n" - "L_AES_CTR_encrypt_end_%=: \n\t" - "pop {%[ks], r8}\n\t" -#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "eor r10, r4, r4, ror #16\n\t" - "eor r11, r5, r5, ror #16\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r4, r4, #8\n\t" - "ror r5, r5, #8\n\t" - "eor r4, r4, r10, lsr #8\n\t" - "eor r5, r5, r11, lsr #8\n\t" - "eor r10, r6, r6, ror #16\n\t" - "eor r11, r7, r7, ror #16\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r6, r6, #8\n\t" - "ror r7, r7, #8\n\t" - "eor r6, r6, r10, lsr #8\n\t" - "eor r7, r7, r11, lsr #8\n\t" -#else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "stm r8, {r4, r5, r6, r7}\n\t" - "pop {%[nr], %[ctr]}\n\t" - "pop {%[L_AES_ARM32_te_ctr]}\n\t" -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), - [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) - : -#else - : - : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks), - [nr] "r" (nr), [ctr] "r" (ctr), - [L_AES_ARM32_te_ctr] "r" (L_AES_ARM32_te_ctr_c) -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - : "memory", "cc", "r5", "r6", "r7", "r8", "r9", "r10", "r11" - ); -} - -#endif /* WOLFSSL_AES_COUNTER */ -#ifdef HAVE_AES_DECRYPT -#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ - defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) -void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p); -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER void AES_decrypt_block(const word32* td_p, int nr_p, - const byte* td4_p) #else -WC_OMIT_FRAME_POINTER void AES_decrypt_block(const word32* td, int nr, - const byte* td4) -#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ -{ -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register const word32* td asm ("r0") = (const word32*)td_p; - register int nr asm ("r1") = (int)nr_p; - register const byte* td4 asm ("r2") = (const byte*)td4_p; -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - - __asm__ __volatile__ ( "\n" - "L_AES_decrypt_block_nr_%=: \n\t" + "L_AES_CTR_encrypt_block_nr_256_%=: \n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r8, r7, #8\n\t" + "lsl r8, r5, #8\n\t" "lsr r8, r8, #24\n\t" #else - "uxtb r8, r7, ror #16\n\t" + "uxtb r8, r5, ror #16\n\t" #endif #else - "ubfx r8, r7, #16, #8\n\t" + "ubfx r8, r5, #16, #8\n\t" #endif "lsr r11, r4, #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r6, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r6, ror #8\n\t" + "uxtb lr, r6, ror #8\n\t" #endif #else - "ubfx r12, r6, #8, #8\n\t" + "ubfx lr, r6, #8, #8\n\t" #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r5, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r5\n\t" + "uxtb r2, r7\n\t" #endif #else - "ubfx lr, r5, #0, #8\n\t" + "ubfx r2, r7, #0, #8\n\t" #endif - "ldr r8, [%[td], r8, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r9, r4, #8\n\t" + "lsl r9, r6, #8\n\t" "lsr r9, r9, #24\n\t" #else - "uxtb r9, r4, ror #16\n\t" + "uxtb r9, r6, ror #16\n\t" #endif #else - "ubfx r9, r4, #16, #8\n\t" + "ubfx r9, r6, #16, #8\n\t" #endif "eor r8, r8, r11, ror #24\n\t" "lsr r11, r5, #24\n\t" - "eor r8, r8, r12, ror #8\n\t" + "eor r8, r8, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r7, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r7, ror #8\n\t" + "uxtb lr, r7, ror #8\n\t" #endif #else - "ubfx r12, r7, #8, #8\n\t" + "ubfx lr, r7, #8, #8\n\t" #endif - "eor r8, r8, lr, ror #16\n\t" + "eor r8, r8, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r6, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r6\n\t" + "uxtb r2, r4\n\t" #endif #else - "ubfx lr, r6, #0, #8\n\t" + "ubfx r2, r4, #0, #8\n\t" #endif - "ldr r9, [%[td], r9, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r10, r5, #8\n\t" + "lsl r10, r7, #8\n\t" "lsr r10, r10, #24\n\t" #else - "uxtb r10, r5, ror #16\n\t" + "uxtb r10, r7, ror #16\n\t" #endif #else - "ubfx r10, r5, #16, #8\n\t" + "ubfx r10, r7, #16, #8\n\t" #endif "eor r9, r9, r11, ror #24\n\t" "lsr r11, r6, #24\n\t" - "eor r9, r9, r12, ror #8\n\t" + "eor r9, r9, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r4, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r4, ror #8\n\t" + "uxtb lr, r4, ror #8\n\t" #endif #else - "ubfx r12, r4, #8, #8\n\t" + "ubfx lr, r4, #8, #8\n\t" #endif - "eor r9, r9, lr, ror #16\n\t" + "eor r9, r9, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r7, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r7\n\t" + "uxtb r2, r5\n\t" #endif #else - "ubfx lr, r7, #0, #8\n\t" + "ubfx r2, r5, #0, #8\n\t" #endif - "ldr r10, [%[td], r10, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r4, r4, #24\n\t" - "lsr r4, r4, #24\n\t" + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" #else - "uxtb r4, r4\n\t" + "uxtb r6, r6\n\t" #endif #else - "ubfx r4, r4, #0, #8\n\t" + "ubfx r6, r6, #0, #8\n\t" #endif "eor r10, r10, r11, ror #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r11, r6, #8\n\t" + "lsl r11, r4, #8\n\t" "lsr r11, r11, #24\n\t" #else - "uxtb r11, r6, ror #16\n\t" + "uxtb r11, r4, ror #16\n\t" #endif #else - "ubfx r11, r6, #16, #8\n\t" + "ubfx r11, r4, #16, #8\n\t" #endif - "eor r10, r10, r12, ror #8\n\t" - "lsr r12, r7, #24\n\t" - "eor r10, r10, lr, ror #16\n\t" + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r5, #16\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r5, ror #8\n\t" + "uxtb r2, r5, ror #8\n\t" #endif #else - "ubfx lr, r5, #8, #8\n\t" + "ubfx r2, r5, #8, #8\n\t" #endif - "ldr r4, [%[td], r4, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" - "eor r12, r12, r4, ror #24\n\t" - "ldm r3!, {r4, r5, r6, r7}\n\t" - "eor r11, r11, lr, ror #8\n\t" - "eor r11, r11, r12, ror #24\n\t" + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" /* XOR in Key Schedule */ "eor r8, r8, r4\n\t" "eor r9, r9, r5\n\t" @@ -11059,317 +14666,317 @@ "eor r11, r11, r7\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r4, r11, #8\n\t" + "lsl r4, r9, #8\n\t" "lsr r4, r4, #24\n\t" #else - "uxtb r4, r11, ror #16\n\t" + "uxtb r4, r9, ror #16\n\t" #endif #else - "ubfx r4, r11, #16, #8\n\t" + "ubfx r4, r9, #16, #8\n\t" #endif "lsr r7, r8, #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r10, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r10, ror #8\n\t" + "uxtb lr, r10, ror #8\n\t" #endif #else - "ubfx r12, r10, #8, #8\n\t" + "ubfx lr, r10, #8, #8\n\t" #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r9, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r9\n\t" + "uxtb r2, r11\n\t" #endif #else - "ubfx lr, r9, #0, #8\n\t" + "ubfx r2, r11, #0, #8\n\t" #endif - "ldr r4, [%[td], r4, lsl #2]\n\t" - "ldr r7, [%[td], r7, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r5, r8, #8\n\t" + "lsl r5, r10, #8\n\t" "lsr r5, r5, #24\n\t" #else - "uxtb r5, r8, ror #16\n\t" + "uxtb r5, r10, ror #16\n\t" #endif #else - "ubfx r5, r8, #16, #8\n\t" + "ubfx r5, r10, #16, #8\n\t" #endif "eor r4, r4, r7, ror #24\n\t" "lsr r7, r9, #24\n\t" - "eor r4, r4, r12, ror #8\n\t" + "eor r4, r4, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r11, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r11, ror #8\n\t" + "uxtb lr, r11, ror #8\n\t" #endif #else - "ubfx r12, r11, #8, #8\n\t" + "ubfx lr, r11, #8, #8\n\t" #endif - "eor r4, r4, lr, ror #16\n\t" + "eor r4, r4, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r10, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r10\n\t" + "uxtb r2, r8\n\t" #endif #else - "ubfx lr, r10, #0, #8\n\t" + "ubfx r2, r8, #0, #8\n\t" #endif - "ldr r5, [%[td], r5, lsl #2]\n\t" - "ldr r7, [%[td], r7, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r6, r9, #8\n\t" + "lsl r6, r11, #8\n\t" "lsr r6, r6, #24\n\t" #else - "uxtb r6, r9, ror #16\n\t" + "uxtb r6, r11, ror #16\n\t" #endif #else - "ubfx r6, r9, #16, #8\n\t" + "ubfx r6, r11, #16, #8\n\t" #endif "eor r5, r5, r7, ror #24\n\t" "lsr r7, r10, #24\n\t" - "eor r5, r5, r12, ror #8\n\t" + "eor r5, r5, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r8, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r8, ror #8\n\t" + "uxtb lr, r8, ror #8\n\t" #endif #else - "ubfx r12, r8, #8, #8\n\t" + "ubfx lr, r8, #8, #8\n\t" #endif - "eor r5, r5, lr, ror #16\n\t" + "eor r5, r5, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r11, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r11\n\t" + "uxtb r2, r9\n\t" #endif #else - "ubfx lr, r11, #0, #8\n\t" + "ubfx r2, r9, #0, #8\n\t" #endif - "ldr r6, [%[td], r6, lsl #2]\n\t" - "ldr r7, [%[td], r7, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r8, r8, #24\n\t" - "lsr r8, r8, #24\n\t" + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" #else - "uxtb r8, r8\n\t" + "uxtb r10, r10\n\t" #endif #else - "ubfx r8, r8, #0, #8\n\t" + "ubfx r10, r10, #0, #8\n\t" #endif "eor r6, r6, r7, ror #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r7, r10, #8\n\t" + "lsl r7, r8, #8\n\t" "lsr r7, r7, #24\n\t" #else - "uxtb r7, r10, ror #16\n\t" + "uxtb r7, r8, ror #16\n\t" #endif #else - "ubfx r7, r10, #16, #8\n\t" + "ubfx r7, r8, #16, #8\n\t" #endif - "eor r6, r6, r12, ror #8\n\t" - "lsr r12, r11, #24\n\t" - "eor r6, r6, lr, ror #16\n\t" + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r9, #16\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r9, ror #8\n\t" + "uxtb r2, r9, ror #8\n\t" #endif #else - "ubfx lr, r9, #8, #8\n\t" + "ubfx r2, r9, #8, #8\n\t" #endif - "ldr r8, [%[td], r8, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr r7, [%[td], r7, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" - "eor r12, r12, r8, ror #24\n\t" - "ldm r3!, {r8, r9, r10, r11}\n\t" - "eor r7, r7, lr, ror #8\n\t" - "eor r7, r7, r12, ror #24\n\t" + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" /* XOR in Key Schedule */ "eor r4, r4, r8\n\t" "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - "subs %[nr], %[nr], #1\n\t" - "bne L_AES_decrypt_block_nr_%=\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CTR_encrypt_block_nr_256_%=\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r8, r7, #8\n\t" + "lsl r8, r5, #8\n\t" "lsr r8, r8, #24\n\t" #else - "uxtb r8, r7, ror #16\n\t" + "uxtb r8, r5, ror #16\n\t" #endif #else - "ubfx r8, r7, #16, #8\n\t" + "ubfx r8, r5, #16, #8\n\t" #endif "lsr r11, r4, #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r6, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r6, ror #8\n\t" + "uxtb lr, r6, ror #8\n\t" #endif #else - "ubfx r12, r6, #8, #8\n\t" + "ubfx lr, r6, #8, #8\n\t" #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r5, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r5\n\t" + "uxtb r2, r7\n\t" #endif #else - "ubfx lr, r5, #0, #8\n\t" + "ubfx r2, r7, #0, #8\n\t" #endif - "ldr r8, [%[td], r8, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r9, r4, #8\n\t" + "lsl r9, r6, #8\n\t" "lsr r9, r9, #24\n\t" #else - "uxtb r9, r4, ror #16\n\t" + "uxtb r9, r6, ror #16\n\t" #endif #else - "ubfx r9, r4, #16, #8\n\t" + "ubfx r9, r6, #16, #8\n\t" #endif "eor r8, r8, r11, ror #24\n\t" "lsr r11, r5, #24\n\t" - "eor r8, r8, r12, ror #8\n\t" + "eor r8, r8, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r7, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r7, ror #8\n\t" + "uxtb lr, r7, ror #8\n\t" #endif #else - "ubfx r12, r7, #8, #8\n\t" + "ubfx lr, r7, #8, #8\n\t" #endif - "eor r8, r8, lr, ror #16\n\t" + "eor r8, r8, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r6, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r6\n\t" + "uxtb r2, r4\n\t" #endif #else - "ubfx lr, r6, #0, #8\n\t" + "ubfx r2, r4, #0, #8\n\t" #endif - "ldr r9, [%[td], r9, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r10, r5, #8\n\t" + "lsl r10, r7, #8\n\t" "lsr r10, r10, #24\n\t" #else - "uxtb r10, r5, ror #16\n\t" + "uxtb r10, r7, ror #16\n\t" #endif #else - "ubfx r10, r5, #16, #8\n\t" + "ubfx r10, r7, #16, #8\n\t" #endif "eor r9, r9, r11, ror #24\n\t" "lsr r11, r6, #24\n\t" - "eor r9, r9, r12, ror #8\n\t" + "eor r9, r9, lr, ror #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r4, #16\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r4, ror #8\n\t" + "uxtb lr, r4, ror #8\n\t" #endif #else - "ubfx r12, r4, #8, #8\n\t" + "ubfx lr, r4, #8, #8\n\t" #endif - "eor r9, r9, lr, ror #16\n\t" + "eor r9, r9, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r7, #24\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r7\n\t" + "uxtb r2, r5\n\t" #endif #else - "ubfx lr, r7, #0, #8\n\t" + "ubfx r2, r5, #0, #8\n\t" #endif - "ldr r10, [%[td], r10, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r4, r4, #24\n\t" - "lsr r4, r4, #24\n\t" + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" #else - "uxtb r4, r4\n\t" + "uxtb r6, r6\n\t" #endif #else - "ubfx r4, r4, #0, #8\n\t" + "ubfx r6, r6, #0, #8\n\t" #endif "eor r10, r10, r11, ror #24\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r11, r6, #8\n\t" + "lsl r11, r4, #8\n\t" "lsr r11, r11, #24\n\t" #else - "uxtb r11, r6, ror #16\n\t" + "uxtb r11, r4, ror #16\n\t" #endif #else - "ubfx r11, r6, #16, #8\n\t" + "ubfx r11, r4, #16, #8\n\t" #endif - "eor r10, r10, r12, ror #8\n\t" - "lsr r12, r7, #24\n\t" - "eor r10, r10, lr, ror #16\n\t" + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl lr, r5, #16\n\t" - "lsr lr, lr, #24\n\t" + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" #else - "uxtb lr, r5, ror #8\n\t" + "uxtb r2, r5, ror #8\n\t" #endif #else - "ubfx lr, r5, #8, #8\n\t" + "ubfx r2, r5, #8, #8\n\t" #endif - "ldr r4, [%[td], r4, lsl #2]\n\t" - "ldr r12, [%[td], r12, lsl #2]\n\t" - "ldr r11, [%[td], r11, lsl #2]\n\t" - "ldr lr, [%[td], lr, lsl #2]\n\t" - "eor r12, r12, r4, ror #24\n\t" - "ldm r3!, {r4, r5, r6, r7}\n\t" - "eor r11, r11, lr, ror #8\n\t" - "eor r11, r11, r12, ror #24\n\t" + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" /* XOR in Key Schedule */ "eor r8, r8, r4\n\t" "eor r9, r9, r5\n\t" @@ -11377,13 +14984,13 @@ "eor r11, r11, r7\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r4, r9, #24\n\t" + "lsl r4, r11, #24\n\t" "lsr r4, r4, #24\n\t" #else - "uxtb r4, r9\n\t" + "uxtb r4, r11\n\t" #endif #else - "ubfx r4, r9, #0, #8\n\t" + "ubfx r4, r11, #0, #8\n\t" #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -11397,28 +15004,28 @@ #endif #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r11, #8\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r11, ror #16\n\t" + "uxtb lr, r9, ror #16\n\t" #endif #else - "ubfx r12, r11, #16, #8\n\t" + "ubfx lr, r9, #16, #8\n\t" #endif - "lsr lr, r8, #24\n\t" - "ldrb r4, [%[td4], r4]\n\t" - "ldrb r7, [%[td4], r7]\n\t" - "ldrb r12, [%[td4], r12]\n\t" - "ldrb lr, [%[td4], lr]\n\t" + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r5, r10, #24\n\t" + "lsl r5, r8, #24\n\t" "lsr r5, r5, #24\n\t" #else - "uxtb r5, r10\n\t" + "uxtb r5, r8\n\t" #endif #else - "ubfx r5, r10, #0, #8\n\t" + "ubfx r5, r8, #0, #8\n\t" #endif "eor r4, r4, r7, lsl #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) @@ -11431,32 +15038,32 @@ #else "ubfx r7, r11, #8, #8\n\t" #endif - "eor r4, r4, r12, lsl #16\n\t" + "eor r4, r4, lr, lsl #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r8, #8\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r8, ror #16\n\t" + "uxtb lr, r10, ror #16\n\t" #endif #else - "ubfx r12, r8, #16, #8\n\t" + "ubfx lr, r10, #16, #8\n\t" #endif - "eor r4, r4, lr, lsl #24\n\t" - "lsr lr, r9, #24\n\t" - "ldrb r7, [%[td4], r7]\n\t" - "ldrb lr, [%[td4], lr]\n\t" - "ldrb r5, [%[td4], r5]\n\t" - "ldrb r12, [%[td4], r12]\n\t" + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r6, r11, #24\n\t" + "lsl r6, r9, #24\n\t" "lsr r6, r6, #24\n\t" #else - "uxtb r6, r11\n\t" + "uxtb r6, r9\n\t" #endif #else - "ubfx r6, r11, #0, #8\n\t" + "ubfx r6, r9, #0, #8\n\t" #endif "eor r5, r5, r7, lsl #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) @@ -11469,13 +15076,2162 @@ #else "ubfx r7, r8, #8, #8\n\t" #endif - "eor r5, r5, r12, lsl #16\n\t" + "eor r5, r5, lr, lsl #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "lsl r12, r9, #8\n\t" - "lsr r12, r12, #24\n\t" + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" #else - "uxtb r12, r9, ror #16\n\t" + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + "pop {r1, %[len], lr}\n\t" + "ldr %[ks], [sp]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "eor r8, r4, r4, ror #16\n\t" + "eor r9, r5, r5, ror #16\n\t" + "eor r10, r6, r6, ror #16\n\t" + "eor r11, r7, r7, ror #16\n\t" + "bic r8, r8, #0xff0000\n\t" + "bic r9, r9, #0xff0000\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r4, r4, #8\n\t" + "ror r5, r5, #8\n\t" + "ror r6, r6, #8\n\t" + "ror r7, r7, #8\n\t" + "eor r4, r4, r8, lsr #8\n\t" + "eor r5, r5, r9, lsr #8\n\t" + "eor r6, r6, r10, lsr #8\n\t" + "eor r7, r7, r11, lsr #8\n\t" +#else + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "ldr r8, [lr]\n\t" + "ldr r9, [lr, #4]\n\t" + "ldr r10, [lr, #8]\n\t" + "ldr r11, [lr, #12]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "ldr r8, [sp, #4]\n\t" + "str r4, [%[out]]\n\t" + "str r5, [%[out], #4]\n\t" + "str r6, [%[out], #8]\n\t" + "str r7, [%[out], #12]\n\t" + "ldm r8, {r4, r5, r6, r7}\n\t" + "subs %[len], %[len], #16\n\t" + "add lr, lr, #16\n\t" + "add %[out], %[out], #16\n\t" + "bne L_AES_CTR_encrypt_loop_block_256_%=\n\t" + "b L_AES_CTR_encrypt_end_%=\n\t" + "\n" + "L_AES_CTR_encrypt_start_block_192_%=: \n\t" + "\n" + "L_AES_CTR_encrypt_loop_block_192_%=: \n\t" + "push {r1, %[len], lr}\n\t" + "ldr lr, [sp, #16]\n\t" + "adds r11, r7, #1\n\t" + "adcs r10, r6, #0\n\t" + "adcs r9, r5, #0\n\t" + "adc r8, r4, #0\n\t" + "stm lr, {r8, r9, r10, r11}\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + /* Round: 0 - XOR in key schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_CTR_encrypt_block_nr_192_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CTR_encrypt_block_nr_192_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + "pop {r1, %[len], lr}\n\t" + "ldr %[ks], [sp]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "eor r8, r4, r4, ror #16\n\t" + "eor r9, r5, r5, ror #16\n\t" + "eor r10, r6, r6, ror #16\n\t" + "eor r11, r7, r7, ror #16\n\t" + "bic r8, r8, #0xff0000\n\t" + "bic r9, r9, #0xff0000\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r4, r4, #8\n\t" + "ror r5, r5, #8\n\t" + "ror r6, r6, #8\n\t" + "ror r7, r7, #8\n\t" + "eor r4, r4, r8, lsr #8\n\t" + "eor r5, r5, r9, lsr #8\n\t" + "eor r6, r6, r10, lsr #8\n\t" + "eor r7, r7, r11, lsr #8\n\t" +#else + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "ldr r8, [lr]\n\t" + "ldr r9, [lr, #4]\n\t" + "ldr r10, [lr, #8]\n\t" + "ldr r11, [lr, #12]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "ldr r8, [sp, #4]\n\t" + "str r4, [%[out]]\n\t" + "str r5, [%[out], #4]\n\t" + "str r6, [%[out], #8]\n\t" + "str r7, [%[out], #12]\n\t" + "ldm r8, {r4, r5, r6, r7}\n\t" + "subs %[len], %[len], #16\n\t" + "add lr, lr, #16\n\t" + "add %[out], %[out], #16\n\t" + "bne L_AES_CTR_encrypt_loop_block_192_%=\n\t" + "b L_AES_CTR_encrypt_end_%=\n\t" + "\n" + "L_AES_CTR_encrypt_start_block_128_%=: \n\t" + "\n" + "L_AES_CTR_encrypt_loop_block_128_%=: \n\t" + "push {r1, %[len], lr}\n\t" + "ldr lr, [sp, #16]\n\t" + "adds r11, r7, #1\n\t" + "adcs r10, r6, #0\n\t" + "adcs r9, r5, #0\n\t" + "adc r8, r4, #0\n\t" + "stm lr, {r8, r9, r10, r11}\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + /* Round: 0 - XOR in key schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_CTR_encrypt_block_nr_128_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CTR_encrypt_block_nr_128_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ + "pop {r1, %[len], lr}\n\t" + "ldr %[ks], [sp]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "eor r8, r4, r4, ror #16\n\t" + "eor r9, r5, r5, ror #16\n\t" + "eor r10, r6, r6, ror #16\n\t" + "eor r11, r7, r7, ror #16\n\t" + "bic r8, r8, #0xff0000\n\t" + "bic r9, r9, #0xff0000\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r4, r4, #8\n\t" + "ror r5, r5, #8\n\t" + "ror r6, r6, #8\n\t" + "ror r7, r7, #8\n\t" + "eor r4, r4, r8, lsr #8\n\t" + "eor r5, r5, r9, lsr #8\n\t" + "eor r6, r6, r10, lsr #8\n\t" + "eor r7, r7, r11, lsr #8\n\t" +#else + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "ldr r8, [lr]\n\t" + "ldr r9, [lr, #4]\n\t" + "ldr r10, [lr, #8]\n\t" + "ldr r11, [lr, #12]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "ldr r8, [sp, #4]\n\t" + "str r4, [%[out]]\n\t" + "str r5, [%[out], #4]\n\t" + "str r6, [%[out], #8]\n\t" + "str r7, [%[out], #12]\n\t" + "ldm r8, {r4, r5, r6, r7}\n\t" + "subs %[len], %[len], #16\n\t" + "add lr, lr, #16\n\t" + "add %[out], %[out], #16\n\t" + "bne L_AES_CTR_encrypt_loop_block_128_%=\n\t" + "\n" + "L_AES_CTR_encrypt_end_%=: \n\t" + "pop {%[ks], r8}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "eor r10, r4, r4, ror #16\n\t" + "eor r11, r5, r5, ror #16\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r4, r4, #8\n\t" + "ror r5, r5, #8\n\t" + "eor r4, r4, r10, lsr #8\n\t" + "eor r5, r5, r11, lsr #8\n\t" + "eor r10, r6, r6, ror #16\n\t" + "eor r11, r7, r7, ror #16\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r6, r6, #8\n\t" + "ror r7, r7, #8\n\t" + "eor r6, r6, r10, lsr #8\n\t" + "eor r7, r7, r11, lsr #8\n\t" +#else + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "stm r8, {r4, r5, r6, r7}\n\t" + "pop {%[nr], %[ctr]}\n\t" + "pop {%[L_AES_ARM32_te_ctr]}\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), + [nr] "+r" (nr), [ctr] "+r" (ctr), + [L_AES_ARM32_te_ctr] "+r" (L_AES_ARM32_te_ctr_c) + : +#else + : + : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks), + [nr] "r" (nr), [ctr] "r" (ctr), + [L_AES_ARM32_te_ctr] "r" (L_AES_ARM32_te_ctr_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + : "memory", "cc", "r5", "r6", "r7", "r8", "r9", "r10", "r11" + ); +} + +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE +void AES_decrypt_block(const word32* td_p, int nr_p, const byte* td4_p); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +WC_OMIT_FRAME_POINTER void AES_decrypt_block(const word32* td_p, int nr_p, + const byte* td4_p) +#else +WC_OMIT_FRAME_POINTER void AES_decrypt_block(const word32* td, int nr, + const byte* td4) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register const word32* td asm ("r0") = (const word32*)td_p; + register int nr asm ("r1") = (int)nr_p; + register const byte* td4 asm ("r2") = (const byte*)td4_p; +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "\n" + "L_AES_decrypt_block_nr_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [%[td], r8, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [%[td], r9, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [%[td], r10, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [%[td], r4, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm r3!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [%[td], r4, lsl #2]\n\t" + "ldr r7, [%[td], r7, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [%[td], r5, lsl #2]\n\t" + "ldr r7, [%[td], r7, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [%[td], r6, lsl #2]\n\t" + "ldr r7, [%[td], r7, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [%[td], r8, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr r7, [%[td], r7, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm r3!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs %[nr], %[nr], #1\n\t" + "bne L_AES_decrypt_block_nr_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [%[td], r8, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [%[td], r9, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [%[td], r10, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [%[td], r4, lsl #2]\n\t" + "ldr r12, [%[td], r12, lsl #2]\n\t" + "ldr r11, [%[td], r11, lsl #2]\n\t" + "ldr lr, [%[td], lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm r3!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [%[td4], r4]\n\t" + "ldrb r7, [%[td4], r7]\n\t" + "ldrb r12, [%[td4], r12]\n\t" + "ldrb lr, [%[td4], lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [%[td4], r7]\n\t" + "ldrb lr, [%[td4], lr]\n\t" + "ldrb r5, [%[td4], r5]\n\t" + "ldrb r12, [%[td4], r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" #endif #else "ubfx r12, r9, #16, #8\n\t" @@ -11544,8 +17300,11 @@ ); } +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ static const word32* L_AES_ARM32_td_ecb = L_AES_ARM32_td_data; -static const byte L_AES_ARM32_td4[] = { +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +static const byte L_AES_ARM32_ecb_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, @@ -11580,8 +17339,6 @@ 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, }; -#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ - defined(HAVE_AES_ECB) void AES_ECB_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -11601,20 +17358,21 @@ register int nr asm ("r12") = (int)nr_p; register word32* L_AES_ARM32_td_ecb_c asm ("lr") = (word32*)L_AES_ARM32_td_ecb; - register byte* L_AES_ARM32_td4_c asm ("r4") = (byte*)&L_AES_ARM32_td4; + register byte* L_AES_ARM32_ecb_td4_c asm ("r4") = + (byte*)&L_AES_ARM32_ecb_td4; #else register word32* L_AES_ARM32_td_ecb_c = (word32*)L_AES_ARM32_td_ecb; - register byte* L_AES_ARM32_td4_c = (byte*)&L_AES_ARM32_td4; + register byte* L_AES_ARM32_ecb_td4_c = (byte*)&L_AES_ARM32_ecb_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( - "push {%[L_AES_ARM32_td4]}\n\t" + "push {%[L_AES_ARM32_ecb_td4]}\n\t" "push {%[nr], %[L_AES_ARM32_td_ecb]}\n\t" "ldr r8, [sp]\n\t" "mov lr, %[in]\n\t" "ldr r0, [sp, #4]\n\t" "mov r12, %[len]\n\t" - "mov r2, %[L_AES_ARM32_td4]\n\t" + "mov r2, %[L_AES_ARM32_ecb_td4]\n\t" "cmp r8, #10\n\t" "beq L_AES_ECB_decrypt_start_block_128_%=\n\t" "cmp r8, #12\n\t" @@ -11656,7 +17414,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_ECB_decrypt_block_nr_256_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_decrypt_block_nr_256_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[ks], r12, lr}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -11729,7 +18126,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_ECB_decrypt_block_nr_192_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_decrypt_block_nr_192_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[ks], r12, lr}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -11802,7 +18838,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_ECB_decrypt_block_nr_128_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_ECB_decrypt_block_nr_128_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[ks], r12, lr}\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -11838,17 +19513,17 @@ "\n" "L_AES_ECB_decrypt_end_%=: \n\t" "pop {%[nr], %[L_AES_ARM32_td_ecb]}\n\t" - "pop {%[L_AES_ARM32_td4]}\n\t" + "pop {%[L_AES_ARM32_ecb_td4]}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + [L_AES_ARM32_ecb_td4] "+r" (L_AES_ARM32_ecb_td4_c) : #else : : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks), [nr] "r" (nr), [L_AES_ARM32_td_ecb] "r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "r" (L_AES_ARM32_td4_c) + [L_AES_ARM32_ecb_td4] "r" (L_AES_ARM32_ecb_td4_c) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r5", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -11856,6 +19531,41 @@ #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ #ifdef HAVE_AES_CBC +static const byte L_AES_ARM32_cbc_td4[] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, +}; + void AES_CBC_decrypt(const unsigned char* in_p, unsigned char* out_p, unsigned long len_p, const unsigned char* ks_p, int nr_p, unsigned char* iv_p); @@ -11878,19 +19588,20 @@ register unsigned char* iv asm ("lr") = (unsigned char*)iv_p; register word32* L_AES_ARM32_td_ecb_c asm ("r4") = (word32*)L_AES_ARM32_td_ecb; - register byte* L_AES_ARM32_td4_c asm ("r5") = (byte*)&L_AES_ARM32_td4; + register byte* L_AES_ARM32_cbc_td4_c asm ("r5") = + (byte*)&L_AES_ARM32_cbc_td4; #else register word32* L_AES_ARM32_td_ecb_c = (word32*)L_AES_ARM32_td_ecb; - register byte* L_AES_ARM32_td4_c = (byte*)&L_AES_ARM32_td4; + register byte* L_AES_ARM32_cbc_td4_c = (byte*)&L_AES_ARM32_cbc_td4; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( - "push {%[L_AES_ARM32_td_ecb], %[L_AES_ARM32_td4]}\n\t" + "push {%[L_AES_ARM32_td_ecb], %[L_AES_ARM32_cbc_td4]}\n\t" "push {%[nr], %[iv]}\n\t" "mov lr, %[in]\n\t" "ldr r0, [sp, #8]\n\t" "mov r12, %[len]\n\t" - "mov r2, %[L_AES_ARM32_td4]\n\t" + "mov r2, %[L_AES_ARM32_cbc_td4]\n\t" "ldr r8, [sp]\n\t" "ldr r4, [sp, #4]\n\t" "push {%[ks]-r4}\n\t" @@ -11948,7 +19659,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_256_odd_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_256_odd_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -11968,74 +20318,713 @@ "eor r6, r6, r10, lsr #8\n\t" "eor r7, r7, r11, lsr #8\n\t" #else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "ldm lr, {r8, r9, r10, r11}\n\t" - "pop {r1, r12, lr}\n\t" - "ldr %[ks], [sp]\n\t" - "eor r4, r4, r8\n\t" - "eor r5, r5, r9\n\t" - "eor r6, r6, r10\n\t" - "eor r7, r7, r11\n\t" - "str r4, [%[out]]\n\t" - "str r5, [%[out], #4]\n\t" - "str r6, [%[out], #8]\n\t" - "str r7, [%[out], #12]\n\t" - "subs r12, r12, #16\n\t" - "add lr, lr, #16\n\t" - "add %[out], %[out], #16\n\t" - "beq L_AES_CBC_decrypt_end_odd_%=\n\t" - "push {r1, r12, lr}\n\t" - "ldr r4, [lr]\n\t" - "ldr r5, [lr, #4]\n\t" - "ldr r6, [lr, #8]\n\t" - "ldr r7, [lr, #12]\n\t" - "ldr lr, [sp, #16]\n\t" + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "ldm lr, {r8, r9, r10, r11}\n\t" + "pop {r1, r12, lr}\n\t" + "ldr %[ks], [sp]\n\t" + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "str r4, [%[out]]\n\t" + "str r5, [%[out], #4]\n\t" + "str r6, [%[out], #8]\n\t" + "str r7, [%[out], #12]\n\t" + "subs r12, r12, #16\n\t" + "add lr, lr, #16\n\t" + "add %[out], %[out], #16\n\t" + "beq L_AES_CBC_decrypt_end_odd_%=\n\t" + "push {r1, r12, lr}\n\t" + "ldr r4, [lr]\n\t" + "ldr r5, [lr, #4]\n\t" + "ldr r6, [lr, #8]\n\t" + "ldr r7, [lr, #12]\n\t" + "ldr lr, [sp, #16]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "stm lr, {r4, r5}\n\t" +#else + "strd r4, r5, [lr]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) + "str r6, [lr, #8]\n\t" + "str r7, [lr, #12]\n\t" +#else + "strd r6, r7, [lr, #8]\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "eor r8, r4, r4, ror #16\n\t" + "eor r9, r5, r5, ror #16\n\t" + "eor r10, r6, r6, ror #16\n\t" + "eor r11, r7, r7, ror #16\n\t" + "bic r8, r8, #0xff0000\n\t" + "bic r9, r9, #0xff0000\n\t" + "bic r10, r10, #0xff0000\n\t" + "bic r11, r11, #0xff0000\n\t" + "ror r4, r4, #8\n\t" + "ror r5, r5, #8\n\t" + "ror r6, r6, #8\n\t" + "ror r7, r7, #8\n\t" + "eor r4, r4, r8, lsr #8\n\t" + "eor r5, r5, r9, lsr #8\n\t" + "eor r6, r6, r10, lsr #8\n\t" + "eor r7, r7, r11, lsr #8\n\t" +#else + "rev r4, r4\n\t" + "rev r5, r5\n\t" + "rev r6, r6\n\t" + "rev r7, r7\n\t" +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + /* Round: 0 - XOR in key schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE + "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_256_even_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_256_even_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "stm lr, {r4, r5}\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" #else - "strd r4, r5, [lr]\n\t" + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" #endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) - "str r6, [lr, #8]\n\t" - "str r7, [lr, #12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" #else - "strd r6, r7, [lr, #8]\n\t" + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" #endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) - "eor r8, r4, r4, ror #16\n\t" - "eor r9, r5, r5, ror #16\n\t" - "eor r10, r6, r6, ror #16\n\t" - "eor r11, r7, r7, ror #16\n\t" - "bic r8, r8, #0xff0000\n\t" - "bic r9, r9, #0xff0000\n\t" - "bic r10, r10, #0xff0000\n\t" - "bic r11, r11, #0xff0000\n\t" - "ror r4, r4, #8\n\t" - "ror r5, r5, #8\n\t" - "ror r6, r6, #8\n\t" - "ror r7, r7, #8\n\t" - "eor r4, r4, r8, lsr #8\n\t" - "eor r5, r5, r9, lsr #8\n\t" - "eor r6, r6, r10, lsr #8\n\t" - "eor r7, r7, r11, lsr #8\n\t" + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" #else - "rev r4, r4\n\t" - "rev r5, r5\n\t" - "rev r6, r6\n\t" - "rev r7, r7\n\t" -#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH < 6 */ - "ldm %[ks]!, {r8, r9, r10, r11}\n\t" - /* Round: 0 - XOR in key schedule */ + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ "eor r4, r4, r8\n\t" "eor r5, r5, r9\n\t" "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" - "mov r1, #6\n\t" - "bl AES_decrypt_block\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -12137,7 +21126,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_192_odd_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_192_odd_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -12224,7 +21852,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_192_even_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_192_even_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -12326,7 +22593,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_128_odd_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_128_odd_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -12413,7 +23319,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_decrypt_block\n\t" +#else + "\n" + "L_AES_CBC_decrypt_block_nr_128_even_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11, ror #16\n\t" +#endif +#else + "ubfx r4, r11, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r10, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r10, ror #8\n\t" +#endif +#else + "ubfx r12, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9\n\t" +#endif +#else + "ubfx lr, r9, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8, ror #16\n\t" +#endif +#else + "ubfx r5, r8, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #8\n\t" +#endif +#else + "ubfx r12, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10\n\t" +#endif +#else + "ubfx lr, r10, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9, ror #16\n\t" +#endif +#else + "ubfx r6, r9, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #8\n\t" +#endif +#else + "ubfx r12, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11\n\t" +#endif +#else + "ubfx lr, r11, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r8, #24\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r8\n\t" +#endif +#else + "ubfx r8, r8, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #16\n\t" +#endif +#else + "ubfx r7, r10, #16, #8\n\t" +#endif + "eor r6, r6, r12, ror #8\n\t" + "lsr r12, r11, #24\n\t" + "eor r6, r6, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r8, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #8\n\t" + "eor r7, r7, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_CBC_decrypt_block_nr_128_even_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r7, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r7, ror #16\n\t" +#endif +#else + "ubfx r8, r7, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r6, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r6, ror #8\n\t" +#endif +#else + "ubfx r12, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5\n\t" +#endif +#else + "ubfx lr, r5, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r4, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r4, ror #16\n\t" +#endif +#else + "ubfx r9, r4, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r7, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r7, ror #8\n\t" +#endif +#else + "ubfx r12, r7, #8, #8\n\t" +#endif + "eor r8, r8, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6\n\t" +#endif +#else + "ubfx lr, r6, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r5, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r5, ror #16\n\t" +#endif +#else + "ubfx r10, r5, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, r12, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r4, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r4, ror #8\n\t" +#endif +#else + "ubfx r12, r4, #8, #8\n\t" +#endif + "eor r9, r9, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #24\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7\n\t" +#endif +#else + "ubfx lr, r7, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r4, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r4\n\t" +#endif +#else + "ubfx r4, r4, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r6, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r6, ror #16\n\t" +#endif +#else + "ubfx r11, r6, #16, #8\n\t" +#endif + "eor r10, r10, r12, ror #8\n\t" + "lsr r12, r7, #24\n\t" + "eor r10, r10, lr, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r5, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r5, ror #8\n\t" +#endif +#else + "ubfx lr, r5, #8, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r12, [r0, r12, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "eor r12, r12, r4, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #8\n\t" + "eor r11, r11, r12, ror #24\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9\n\t" +#endif +#else + "ubfx r4, r9, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r11, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r11, ror #16\n\t" +#endif +#else + "ubfx r12, r11, #16, #8\n\t" +#endif + "lsr lr, r8, #24\n\t" + "ldrb r4, [r2, r4]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb lr, [r2, lr]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10\n\t" +#endif +#else + "ubfx r5, r10, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r8, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r8, ror #16\n\t" +#endif +#else + "ubfx r12, r8, #16, #8\n\t" +#endif + "eor r4, r4, lr, lsl #24\n\t" + "lsr lr, r9, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r5, [r2, r5]\n\t" + "ldrb r12, [r2, r12]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11\n\t" +#endif +#else + "ubfx r6, r11, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #8\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #16\n\t" +#endif +#else + "ubfx r12, r9, #16, #8\n\t" +#endif + "eor r5, r5, lr, lsl #24\n\t" + "lsr lr, r10, #24\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "ldrb r6, [r2, r6]\n\t" + "ldrb r12, [r2, r12]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8\n\t" +#endif +#else + "ubfx r7, r8, #0, #8\n\t" +#endif + "eor r6, r6, r12, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r12, r9, #16\n\t" + "lsr r12, r12, #24\n\t" +#else + "uxtb r12, r9, ror #8\n\t" +#endif +#else + "ubfx r12, r9, #8, #8\n\t" +#endif + "eor r6, r6, lr, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "ldrb r11, [r2, r11]\n\t" + "ldrb r12, [r2, r12]\n\t" + "ldrb r7, [r2, r7]\n\t" + "ldrb lr, [r2, lr]\n\t" + "eor r12, r12, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, r12, lsl #8\n\t" + "eor r7, r7, lr, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "ldr lr, [sp, #16]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) "eor r8, r4, r4, ror #16\n\t" @@ -12495,19 +24040,19 @@ "L_AES_CBC_decrypt_end_%=: \n\t" "pop {%[ks]-r4}\n\t" "pop {%[nr], %[iv]}\n\t" - "pop {%[L_AES_ARM32_td_ecb], %[L_AES_ARM32_td4]}\n\t" + "pop {%[L_AES_ARM32_td_ecb], %[L_AES_ARM32_cbc_td4]}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [iv] "+r" (iv), [L_AES_ARM32_td_ecb] "+r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "+r" (L_AES_ARM32_td4_c) + [L_AES_ARM32_cbc_td4] "+r" (L_AES_ARM32_cbc_td4_c) : #else : : [in] "r" (in), [out] "r" (out), [len] "r" (len), [ks] "r" (ks), [nr] "r" (nr), [iv] "r" (iv), [L_AES_ARM32_td_ecb] "r" (L_AES_ARM32_td_ecb_c), - [L_AES_ARM32_td4] "r" (L_AES_ARM32_td4_c) + [L_AES_ARM32_cbc_td4] "r" (L_AES_ARM32_cbc_td4_c) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r6", "r7", "r8", "r9", "r10", "r11" ); @@ -13212,7 +24757,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_GCM_encrypt_block_nr_256_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_GCM_encrypt_block_nr_256_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -13272,7 +25456,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_GCM_encrypt_block_nr_192_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_GCM_encrypt_block_nr_192_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) @@ -13332,7 +26155,646 @@ "eor r6, r6, r10\n\t" "eor r7, r7, r11\n\t" "mov r1, #4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "bl AES_encrypt_block\n\t" +#else + "\n" + "L_AES_GCM_encrypt_block_nr_128_%=: \n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r9, #8\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r9, ror #16\n\t" +#endif +#else + "ubfx r4, r9, #16, #8\n\t" +#endif + "lsr r7, r8, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #8\n\t" +#endif +#else + "ubfx lr, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r11, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r11\n\t" +#endif +#else + "ubfx r2, r11, #0, #8\n\t" +#endif + "ldr r4, [r0, r4, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r10, #8\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r10, ror #16\n\t" +#endif +#else + "ubfx r5, r10, #16, #8\n\t" +#endif + "eor r4, r4, r7, ror #24\n\t" + "lsr r7, r9, #24\n\t" + "eor r4, r4, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #8\n\t" +#endif +#else + "ubfx lr, r11, #8, #8\n\t" +#endif + "eor r4, r4, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8\n\t" +#endif +#else + "ubfx r2, r8, #0, #8\n\t" +#endif + "ldr r5, [r0, r5, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r11, #8\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r11, ror #16\n\t" +#endif +#else + "ubfx r6, r11, #16, #8\n\t" +#endif + "eor r5, r5, r7, ror #24\n\t" + "lsr r7, r10, #24\n\t" + "eor r5, r5, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r8, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r8, ror #8\n\t" +#endif +#else + "ubfx lr, r8, #8, #8\n\t" +#endif + "eor r5, r5, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9\n\t" +#endif +#else + "ubfx r2, r9, #0, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r10, #24\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r10\n\t" +#endif +#else + "ubfx r10, r10, #0, #8\n\t" +#endif + "eor r6, r6, r7, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #8\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #16\n\t" +#endif +#else + "ubfx r7, r8, #16, #8\n\t" +#endif + "eor r6, r6, lr, ror #8\n\t" + "lsr lr, r11, #24\n\t" + "eor r6, r6, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r9, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r9, ror #8\n\t" +#endif +#else + "ubfx r2, r9, #8, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r7, [r0, r7, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r10, ror #24\n\t" + "ldm %[ks]!, {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, ror #24\n\t" + "eor r7, r7, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" + "subs r1, r1, #1\n\t" + "bne L_AES_GCM_encrypt_block_nr_128_%=\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r8, r5, #8\n\t" + "lsr r8, r8, #24\n\t" +#else + "uxtb r8, r5, ror #16\n\t" +#endif +#else + "ubfx r8, r5, #16, #8\n\t" +#endif + "lsr r11, r4, #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r6, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r6, ror #8\n\t" +#endif +#else + "ubfx lr, r6, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r7, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r7\n\t" +#endif +#else + "ubfx r2, r7, #0, #8\n\t" +#endif + "ldr r8, [r0, r8, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r9, r6, #8\n\t" + "lsr r9, r9, #24\n\t" +#else + "uxtb r9, r6, ror #16\n\t" +#endif +#else + "ubfx r9, r6, #16, #8\n\t" +#endif + "eor r8, r8, r11, ror #24\n\t" + "lsr r11, r5, #24\n\t" + "eor r8, r8, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r7, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r7, ror #8\n\t" +#endif +#else + "ubfx lr, r7, #8, #8\n\t" +#endif + "eor r8, r8, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r4, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r4\n\t" +#endif +#else + "ubfx r2, r4, #0, #8\n\t" +#endif + "ldr r9, [r0, r9, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r10, r7, #8\n\t" + "lsr r10, r10, #24\n\t" +#else + "uxtb r10, r7, ror #16\n\t" +#endif +#else + "ubfx r10, r7, #16, #8\n\t" +#endif + "eor r9, r9, r11, ror #24\n\t" + "lsr r11, r6, #24\n\t" + "eor r9, r9, lr, ror #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r4, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r4, ror #8\n\t" +#endif +#else + "ubfx lr, r4, #8, #8\n\t" +#endif + "eor r9, r9, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #24\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5\n\t" +#endif +#else + "ubfx r2, r5, #0, #8\n\t" +#endif + "ldr r10, [r0, r10, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r6, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r6\n\t" +#endif +#else + "ubfx r6, r6, #0, #8\n\t" +#endif + "eor r10, r10, r11, ror #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r11, r4, #8\n\t" + "lsr r11, r11, #24\n\t" +#else + "uxtb r11, r4, ror #16\n\t" +#endif +#else + "ubfx r11, r4, #16, #8\n\t" +#endif + "eor r10, r10, lr, ror #8\n\t" + "lsr lr, r7, #24\n\t" + "eor r10, r10, r2, ror #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r5, #16\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r5, ror #8\n\t" +#endif +#else + "ubfx r2, r5, #8, #8\n\t" +#endif + "ldr r6, [r0, r6, lsl #2]\n\t" + "ldr lr, [r0, lr, lsl #2]\n\t" + "ldr r11, [r0, r11, lsl #2]\n\t" + "ldr r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r6, ror #24\n\t" + "ldm %[ks]!, {r4, r5, r6, r7}\n\t" + "eor r11, r11, lr, ror #24\n\t" + "eor r11, r11, r2, ror #8\n\t" + /* XOR in Key Schedule */ + "eor r8, r8, r4\n\t" + "eor r9, r9, r5\n\t" + "eor r10, r10, r6\n\t" + "eor r11, r11, r7\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r4, r11, #24\n\t" + "lsr r4, r4, #24\n\t" +#else + "uxtb r4, r11\n\t" +#endif +#else + "ubfx r4, r11, #0, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10, ror #8\n\t" +#endif +#else + "ubfx r7, r10, #8, #8\n\t" +#endif +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #16\n\t" +#endif +#else + "ubfx lr, r9, #16, #8\n\t" +#endif + "lsr r2, r8, #24\n\t" + "ldrb r4, [r0, r4, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r5, r8, #24\n\t" + "lsr r5, r5, #24\n\t" +#else + "uxtb r5, r8\n\t" +#endif +#else + "ubfx r5, r8, #0, #8\n\t" +#endif + "eor r4, r4, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r11, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r11, ror #8\n\t" +#endif +#else + "ubfx r7, r11, #8, #8\n\t" +#endif + "eor r4, r4, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r10, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r10, ror #16\n\t" +#endif +#else + "ubfx lr, r10, #16, #8\n\t" +#endif + "eor r4, r4, r2, lsl #24\n\t" + "lsr r2, r9, #24\n\t" + "ldrb r5, [r0, r5, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r6, r9, #24\n\t" + "lsr r6, r6, #24\n\t" +#else + "uxtb r6, r9\n\t" +#endif +#else + "ubfx r6, r9, #0, #8\n\t" +#endif + "eor r5, r5, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r8, #16\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r8, ror #8\n\t" +#endif +#else + "ubfx r7, r8, #8, #8\n\t" +#endif + "eor r5, r5, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r11, #8\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r11, ror #16\n\t" +#endif +#else + "ubfx lr, r11, #16, #8\n\t" +#endif + "eor r5, r5, r2, lsl #24\n\t" + "lsr r2, r10, #24\n\t" + "ldrb r6, [r0, r6, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "lsr r11, r11, #24\n\t" + "eor r6, r6, r7, lsl #8\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r7, r10, #24\n\t" + "lsr r7, r7, #24\n\t" +#else + "uxtb r7, r10\n\t" +#endif +#else + "ubfx r7, r10, #0, #8\n\t" +#endif + "eor r6, r6, lr, lsl #16\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl lr, r9, #16\n\t" + "lsr lr, lr, #24\n\t" +#else + "uxtb lr, r9, ror #8\n\t" +#endif +#else + "ubfx lr, r9, #8, #8\n\t" +#endif + "eor r6, r6, r2, lsl #24\n\t" +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) +#if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) + "lsl r2, r8, #8\n\t" + "lsr r2, r2, #24\n\t" +#else + "uxtb r2, r8, ror #16\n\t" +#endif +#else + "ubfx r2, r8, #16, #8\n\t" +#endif + "ldrb r11, [r0, r11, lsl #2]\n\t" + "ldrb r7, [r0, r7, lsl #2]\n\t" + "ldrb lr, [r0, lr, lsl #2]\n\t" + "ldrb r2, [r0, r2, lsl #2]\n\t" + "eor lr, lr, r11, lsl #16\n\t" + "ldm %[ks], {r8, r9, r10, r11}\n\t" + "eor r7, r7, lr, lsl #8\n\t" + "eor r7, r7, r2, lsl #16\n\t" + /* XOR in Key Schedule */ + "eor r4, r4, r8\n\t" + "eor r5, r5, r9\n\t" + "eor r6, r6, r10\n\t" + "eor r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "pop {r1, %[len], lr}\n\t" "ldr %[ks], [sp]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -89,14 +89,14 @@ #endif /* BIG_ENDIAN_ORDER */ stm r0!, {r4, r5, r12, lr} # Next 16 bytes of key. - beq L_chacha_arm32_setkey_same_keyb_ytes + beq L_chacha_arm32_setkey_same_key_bytes # Update key pointer for next 16 bytes. add r1, r1, r2 ldr r4, [r1] ldr r5, [r1, #4] ldr r12, [r1, #8] ldr lr, [r1, #12] -L_chacha_arm32_setkey_same_keyb_ytes: +L_chacha_arm32_setkey_same_key_bytes: stm r0, {r4, r5, r12, lr} pop {r4, r5, pc} .size wc_chacha_setkey,.-wc_chacha_setkey @@ -572,11 +572,11 @@ ror r11, r11, #16 veor q7, q7, q4 add r8, r8, r10 - vrev32.i16 q15, q15 + vrev32.16 q15, q15 add r9, r9, r11 - vrev32.i16 q3, q3 + vrev32.16 q3, q3 eor r4, r4, r8 - vrev32.i16 q7, q7 + vrev32.16 q7, q7 eor r5, r5, r9 # c += d; b ^= c; b <<<= 12; vadd.i32 q14, q14, q15 @@ -685,11 +685,11 @@ ror r10, r10, #16 veor q7, q7, q4 add r8, r8, r11 - vrev32.i16 q15, q15 + vrev32.16 q15, q15 add r9, r9, r10 - vrev32.i16 q3, q3 + vrev32.16 q3, q3 eor r5, r5, r8 - vrev32.i16 q7, q7 + vrev32.16 q7, q7 eor r6, r6, r9 # c += d; b ^= c; b <<<= 12; vadd.i32 q14, q14, q15 @@ -891,8 +891,8 @@ vadd.i32 q4, q4, q5 veor q3, q3, q0 veor q7, q7, q4 - vrev32.i16 q3, q3 - vrev32.i16 q7, q7 + vrev32.16 q3, q3 + vrev32.16 q7, q7 # c += d; b ^= c; b <<<= 12; vadd.i32 q2, q2, q3 vadd.i32 q6, q6, q7 @@ -932,8 +932,8 @@ vadd.i32 q4, q4, q5 veor q3, q3, q0 veor q7, q7, q4 - vrev32.i16 q3, q3 - vrev32.i16 q7, q7 + vrev32.16 q3, q3 + vrev32.16 q7, q7 # c += d; b ^= c; b <<<= 12; vadd.i32 q2, q2, q3 vadd.i32 q6, q6, q7 @@ -1178,13 +1178,13 @@ vldm r3, {q0} vld1.8 {q1}, [r1]! #ifdef BIG_ENDIAN_ORDER - vrev32.i16 q1, q1 + vrev32.16 q1, q1 #endif /* BIG_ENDIAN_ORDER */ vstm r0!, {q0, q1} beq L_chacha_setkey_arm32_done vld1.8 {q1}, [r1] #ifdef BIG_ENDIAN_ORDER - vrev32.i16 q1, q1 + vrev32.16 q1, q1 #endif /* BIG_ENDIAN_ORDER */ L_chacha_setkey_arm32_done: vstm r0, {q1} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-chacha-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -134,7 +134,7 @@ #endif /* BIG_ENDIAN_ORDER */ "stm %[x]!, {r4, r5, r12, lr}\n\t" /* Next 16 bytes of key. */ - "beq L_chacha_arm32_setkey_same_keyb_ytes_%=\n\t" + "beq L_chacha_arm32_setkey_same_key_bytes_%=\n\t" /* Update key pointer for next 16 bytes. */ "add %[key], %[key], %[keySz]\n\t" "ldr r4, [%[key]]\n\t" @@ -142,7 +142,7 @@ "ldr r12, [%[key], #8]\n\t" "ldr lr, [%[key], #12]\n\t" "\n" - "L_chacha_arm32_setkey_same_keyb_ytes_%=: \n\t" + "L_chacha_arm32_setkey_same_key_bytes_%=: \n\t" "stm %[x], {r4, r5, r12, lr}\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), @@ -693,11 +693,11 @@ "ror r11, r11, #16\n\t" "veor q7, q7, q4\n\t" "add r8, r8, r10\n\t" - "vrev32.i16 q15, q15\n\t" + "vrev32.16 q15, q15\n\t" "add r9, r9, r11\n\t" - "vrev32.i16 q3, q3\n\t" + "vrev32.16 q3, q3\n\t" "eor r4, r4, r8\n\t" - "vrev32.i16 q7, q7\n\t" + "vrev32.16 q7, q7\n\t" "eor r5, r5, r9\n\t" /* c += d; b ^= c; b <<<= 12; */ "vadd.i32 q14, q14, q15\n\t" @@ -806,11 +806,11 @@ "ror r10, r10, #16\n\t" "veor q7, q7, q4\n\t" "add r8, r8, r11\n\t" - "vrev32.i16 q15, q15\n\t" + "vrev32.16 q15, q15\n\t" "add r9, r9, r10\n\t" - "vrev32.i16 q3, q3\n\t" + "vrev32.16 q3, q3\n\t" "eor r5, r5, r8\n\t" - "vrev32.i16 q7, q7\n\t" + "vrev32.16 q7, q7\n\t" "eor r6, r6, r9\n\t" /* c += d; b ^= c; b <<<= 12; */ "vadd.i32 q14, q14, q15\n\t" @@ -1014,8 +1014,8 @@ "vadd.i32 q4, q4, q5\n\t" "veor q3, q3, q0\n\t" "veor q7, q7, q4\n\t" - "vrev32.i16 q3, q3\n\t" - "vrev32.i16 q7, q7\n\t" + "vrev32.16 q3, q3\n\t" + "vrev32.16 q7, q7\n\t" /* c += d; b ^= c; b <<<= 12; */ "vadd.i32 q2, q2, q3\n\t" "vadd.i32 q6, q6, q7\n\t" @@ -1055,8 +1055,8 @@ "vadd.i32 q4, q4, q5\n\t" "veor q3, q3, q0\n\t" "veor q7, q7, q4\n\t" - "vrev32.i16 q3, q3\n\t" - "vrev32.i16 q7, q7\n\t" + "vrev32.16 q3, q3\n\t" + "vrev32.16 q7, q7\n\t" /* c += d; b ^= c; b <<<= 12; */ "vadd.i32 q2, q2, q3\n\t" "vadd.i32 q6, q6, q7\n\t" @@ -1329,13 +1329,13 @@ "vldm r3, {q0}\n\t" "vld1.8 {q1}, [%[key]]!\n\t" #ifdef BIG_ENDIAN_ORDER - "vrev32.i16 q1, q1\n\t" + "vrev32.16 q1, q1\n\t" #endif /* BIG_ENDIAN_ORDER */ "vstm %[x]!, {q0-q1}\n\t" "beq L_chacha_setkey_arm32_done_%=\n\t" "vld1.8 {q1}, [%[key]]\n\t" #ifdef BIG_ENDIAN_ORDER - "vrev32.i16 q1, q1\n\t" + "vrev32.16 q1, q1\n\t" #endif /* BIG_ENDIAN_ORDER */ "\n" "L_chacha_setkey_arm32_done_%=: \n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -345,7 +345,7 @@ bl fe_add_op pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} .size fe_add,.-fe_add -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) .text .align 4 .globl fe_frombytes @@ -590,7 +590,7 @@ eor r0, r0, r1 pop {r4, r5, pc} .size fe_isnegative,.-fe_isnegative -#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) +#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WC_NO_CACHE_RESISTANT .text .align 4 @@ -2235,8 +2235,8 @@ pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} .size fe_cmov_table,.-fe_cmov_table #endif /* WC_NO_CACHE_RESISTANT */ -#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN || WOLFSSL_CURVE25519_USE_ED25519 */ +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) .text .align 4 @@ -3981,7 +3981,7 @@ .size curve25519,.-curve25519 #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_CURVE25519 */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) .text .align 4 .globl fe_invert @@ -5217,6 +5217,8 @@ add sp, sp, #44 pop {r4, r5, r6, r7, r8, r9, r10, r11, pc} .size ge_sub,.-ge_sub +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ +#ifdef HAVE_ED25519 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) .text .align 4 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-curve25519_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -459,7 +459,7 @@ ); } -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void fe_frombytes(fe out_p, const unsigned char* in_p) #else @@ -823,17 +823,19 @@ return (word32)(size_t)a; } -#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) +#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WC_NO_CACHE_RESISTANT #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, const fe* base_p, + signed char b_p) #else -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, fe* base, signed char b) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register fe* r asm ("r0") = (fe*)r_p; - register fe* base asm ("r1") = (fe*)base_p; + register const fe* base asm ("r1") = (const fe*)base_p; register signed char b asm ("r2") = (signed char)b_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -2371,14 +2373,15 @@ #else #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, const fe* base_p, + signed char b_p) #else -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, fe* base, signed char b) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b) #endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register fe* r asm ("r0") = (fe*)r_p; - register fe* base asm ("r1") = (fe*)base_p; + register const fe* base asm ("r1") = (const fe*)base_p; register signed char b asm ("r2") = (signed char)b_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -2502,8 +2505,9 @@ } #endif /* WC_NO_CACHE_RESISTANT */ -#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN || + * WOLFSSL_CURVE25519_USE_ED25519 */ +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) void fe_mul_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4422,7 +4426,7 @@ #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_CURVE25519 */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void fe_invert(fe r_p, const fe a_p) #else @@ -5860,6 +5864,8 @@ ); } +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ +#ifdef HAVE_ED25519 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 6) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void sc_reduce(byte* s_p) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -185,7 +185,7 @@ #else movt r10, #0xcff #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ mov r2, #16 L_mlkem_arm32_ntt_loop_123: str r2, [sp] @@ -288,7 +288,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r7 smulbt r7, r11, r7 @@ -379,7 +379,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r8 smulbt r8, r11, r8 @@ -470,7 +470,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r9 smulbt r9, r11, r9 @@ -561,7 +561,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #4] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r4 @@ -653,7 +653,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r5 smulbt r5, r11, r5 @@ -744,7 +744,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r8 smultt r8, r11, r8 @@ -834,7 +834,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r9 smultt r9, r11, r9 @@ -924,7 +924,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #8] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r3 @@ -1016,7 +1016,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r5 smultt r5, r11, r5 @@ -1106,7 +1106,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #12] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r7 @@ -1198,7 +1198,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r9 smultt r9, r11, r9 @@ -1288,7 +1288,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #64] str r4, [r0, #128] @@ -1408,7 +1408,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r5 smulbt r5, r11, r5 @@ -1499,7 +1499,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r8 smultt r8, r11, r8 @@ -1589,7 +1589,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r9 smultt r9, r11, r9 @@ -1679,7 +1679,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #16] str r4, [r0, #32] @@ -1804,7 +1804,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r7 smulbt r7, r11, r7 @@ -1895,7 +1895,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r8 smulbt r8, r11, r8 @@ -1986,7 +1986,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r9 smulbt r9, r11, r9 @@ -2077,7 +2077,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #2 ldr r11, [r11, #64] @@ -2171,7 +2171,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r5 smulbt r5, r11, r5 @@ -2262,7 +2262,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r8 smultt r8, r11, r8 @@ -2352,7 +2352,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r9 smultt r9, r11, r9 @@ -2442,7 +2442,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #1 ldr r11, [r11, #128] @@ -2536,7 +2536,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r5 smultt r5, r11, r5 @@ -2626,7 +2626,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #1 ldr r11, [r11, #132] @@ -2720,7 +2720,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smultb r12, r11, r9 smultt r9, r11, r9 @@ -2810,7 +2810,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xc0 @@ -2836,7 +2836,7 @@ #else mov r10, #0xd01 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r2 smulwt lr, r11, r2 @@ -2872,7 +2872,7 @@ #else bfi r2, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r3 smulwt lr, r11, r3 @@ -2908,7 +2908,7 @@ #else bfi r3, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r4 smulwt lr, r11, r4 @@ -2944,7 +2944,7 @@ #else bfi r4, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r5 smulwt lr, r11, r5 @@ -2980,7 +2980,7 @@ #else bfi r5, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r6 smulwt lr, r11, r6 @@ -3016,7 +3016,7 @@ #else bfi r6, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r7 smulwt lr, r11, r7 @@ -3052,7 +3052,7 @@ #else bfi r7, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r8 smulwt lr, r11, r8 @@ -3088,7 +3088,7 @@ #else bfi r8, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r9 smulwt lr, r11, r9 @@ -3124,7 +3124,7 @@ #else bfi r9, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r10, #0x1 @@ -3138,7 +3138,7 @@ #else movt r10, #0xcff #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #4] str r4, [r0, #8] @@ -3309,7 +3309,7 @@ #else movt r10, #0xcff #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ mov r3, #0 L_mlkem_invntt_loop_765: add r11, r1, r3, lsr #1 @@ -3439,7 +3439,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r4, r5 sadd16 r4, r4, r5 @@ -3555,7 +3555,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #1 ldr r11, [r11, #4] @@ -3675,7 +3675,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r8, r9 sadd16 r8, r8, r9 @@ -3791,7 +3791,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #2 ldr r11, [r11, #128] @@ -3911,7 +3911,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r3, r5 sadd16 r3, r3, r5 @@ -4028,7 +4028,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r6, r8 sadd16 r6, r6, r8 @@ -4144,7 +4144,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r7, r9 sadd16 r7, r7, r9 @@ -4260,7 +4260,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [sp, #4] add r11, r1, r11, lsr #3 ldr r11, [r11, #192] @@ -4380,7 +4380,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r3, r7 sadd16 r3, r3, r7 @@ -4497,7 +4497,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r4, r8 sadd16 r4, r4, r8 @@ -4614,7 +4614,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r5, r9 sadd16 r5, r5, r9 @@ -4731,7 +4731,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xc0 @@ -4751,7 +4751,7 @@ #else mov r11, #0x4ebf #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r2 smulwt lr, r11, r2 @@ -4787,7 +4787,7 @@ #else bfi r2, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r3 smulwt lr, r11, r3 @@ -4823,7 +4823,7 @@ #else bfi r3, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r4 smulwt lr, r11, r4 @@ -4859,7 +4859,7 @@ #else bfi r4, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r5 smulwt lr, r11, r5 @@ -4895,7 +4895,7 @@ #else bfi r5, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #4] str r4, [r0, #8] @@ -5042,7 +5042,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r3, r5 sadd16 r3, r3, r5 @@ -5159,7 +5159,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r6, r8 sadd16 r6, r6, r8 @@ -5275,7 +5275,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r7, r9 sadd16 r7, r7, r9 @@ -5391,7 +5391,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #16] str r4, [r0, #32] @@ -5542,7 +5542,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r4, r5 sadd16 r4, r4, r5 @@ -5658,7 +5658,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #244] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r6, r7 @@ -5776,7 +5776,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r8, r9 sadd16 r8, r8, r9 @@ -5892,7 +5892,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #248] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r2, r4 @@ -6010,7 +6010,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r3, r5 sadd16 r3, r3, r5 @@ -6127,7 +6127,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r6, r8 sadd16 r6, r6, r8 @@ -6243,7 +6243,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r7, r9 sadd16 r7, r7, r9 @@ -6359,7 +6359,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) mov r11, #0xc0 @@ -6379,7 +6379,7 @@ #else mov r11, #0x4ebf #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r2 smulwt lr, r11, r2 @@ -6415,7 +6415,7 @@ #else bfi r2, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r3 smulwt lr, r11, r3 @@ -6451,7 +6451,7 @@ #else bfi r3, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r4 smulwt lr, r11, r4 @@ -6487,7 +6487,7 @@ #else bfi r4, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulwb r12, r11, r5 smulwt lr, r11, r5 @@ -6523,7 +6523,7 @@ #else bfi r5, lr, #16, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #252] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r2, r6 @@ -6641,7 +6641,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r3, r7 sadd16 r3, r3, r7 @@ -6758,7 +6758,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r4, r8 sadd16 r4, r4, r8 @@ -6875,7 +6875,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) ssub16 r12, r5, r9 sadd16 r5, r5, r9 @@ -6992,7 +6992,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ ldr r11, [r1, #254] #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r2 @@ -7076,7 +7076,7 @@ #else bfi r2, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r3 smulbt r3, r11, r3 @@ -7159,7 +7159,7 @@ #else bfi r3, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r4 smulbt r4, r11, r4 @@ -7242,7 +7242,7 @@ #else bfi r4, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r5 smulbt r5, r11, r5 @@ -7325,7 +7325,7 @@ #else bfi r5, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r6 smulbt r6, r11, r6 @@ -7408,7 +7408,7 @@ #else bfi r6, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r7 smulbt r7, r11, r7 @@ -7491,7 +7491,7 @@ #else bfi r7, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r8 smulbt r8, r11, r8 @@ -7574,7 +7574,7 @@ #else bfi r8, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) smulbb r12, r11, r9 smulbt r9, r11, r9 @@ -7657,7 +7657,7 @@ #else bfi r9, r12, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ str r2, [r0] str r3, [r0, #64] str r4, [r0, #128] @@ -7827,7 +7827,7 @@ #else movt r12, #0xcff #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ mov r8, #0 L_mlkem_basemul_mont_loop: ldm r1!, {r4, r5} @@ -8078,7 +8078,7 @@ #endif orr r4, r9, r8, lsr #16 orr r5, r11, r10, lsr #16 -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ stm r0!, {r4, r5} pop {r8} bne L_mlkem_basemul_mont_loop @@ -8105,7 +8105,7 @@ #else movt r12, #0xcff #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ mov r8, #0 L_mlkem_arm32_basemul_mont_add_loop: ldm r1!, {r4, r5} @@ -8390,7 +8390,7 @@ #else bfi r5, r10, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ stm r0!, {r4, r5} pop {r8} bne L_mlkem_arm32_basemul_mont_add_loop @@ -8421,7 +8421,7 @@ #else movt lr, #0xd01 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ mov r11, #0x8000 #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) orr r11, r11, #0x80000000 @@ -8561,7 +8561,7 @@ #else bfi r5, r10, #0, #16 #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ stm r0!, {r2, r3, r4, r5} subs r1, r1, #8 bne L_mlkem_arm32_csubq_loop diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-mlkem-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -118,7 +118,7 @@ #else "movt r10, #0xcff\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "mov r2, #16\n\t" "\n" "L_mlkem_arm32_ntt_loop_123_%=: \n\t" @@ -222,7 +222,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r7\n\t" "smulbt r7, r11, r7\n\t" @@ -313,7 +313,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r8\n\t" "smulbt r8, r11, r8\n\t" @@ -404,7 +404,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r9\n\t" "smulbt r9, r11, r9\n\t" @@ -495,7 +495,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #4]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r4\n\t" @@ -587,7 +587,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r5\n\t" "smulbt r5, r11, r5\n\t" @@ -678,7 +678,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r8\n\t" "smultt r8, r11, r8\n\t" @@ -768,7 +768,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r9\n\t" "smultt r9, r11, r9\n\t" @@ -858,7 +858,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #8]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r3\n\t" @@ -950,7 +950,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r5\n\t" "smultt r5, r11, r5\n\t" @@ -1040,7 +1040,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #12]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r7\n\t" @@ -1132,7 +1132,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r9\n\t" "smultt r9, r11, r9\n\t" @@ -1222,7 +1222,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #64]\n\t" "str r4, [%[r], #128]\n\t" @@ -1344,7 +1344,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r5\n\t" "smulbt r5, r11, r5\n\t" @@ -1435,7 +1435,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r8\n\t" "smultt r8, r11, r8\n\t" @@ -1525,7 +1525,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r9\n\t" "smultt r9, r11, r9\n\t" @@ -1615,7 +1615,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #16]\n\t" "str r4, [%[r], #32]\n\t" @@ -1741,7 +1741,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r7\n\t" "smulbt r7, r11, r7\n\t" @@ -1832,7 +1832,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r8\n\t" "smulbt r8, r11, r8\n\t" @@ -1923,7 +1923,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r9\n\t" "smulbt r9, r11, r9\n\t" @@ -2014,7 +2014,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #2\n\t" "ldr r11, [r11, #64]\n\t" @@ -2108,7 +2108,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r5\n\t" "smulbt r5, r11, r5\n\t" @@ -2199,7 +2199,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r8\n\t" "smultt r8, r11, r8\n\t" @@ -2289,7 +2289,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r9\n\t" "smultt r9, r11, r9\n\t" @@ -2379,7 +2379,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #1\n\t" "ldr r11, [r11, #128]\n\t" @@ -2473,7 +2473,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r5\n\t" "smultt r5, r11, r5\n\t" @@ -2563,7 +2563,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #1\n\t" "ldr r11, [r11, #132]\n\t" @@ -2657,7 +2657,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smultb r12, r11, r9\n\t" "smultt r9, r11, r9\n\t" @@ -2747,7 +2747,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xc0\n\t" @@ -2773,7 +2773,7 @@ #else "mov r10, #0xd01\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r2\n\t" "smulwt lr, r11, r2\n\t" @@ -2809,7 +2809,7 @@ #else "bfi r2, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r3\n\t" "smulwt lr, r11, r3\n\t" @@ -2845,7 +2845,7 @@ #else "bfi r3, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r4\n\t" "smulwt lr, r11, r4\n\t" @@ -2881,7 +2881,7 @@ #else "bfi r4, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r5\n\t" "smulwt lr, r11, r5\n\t" @@ -2917,7 +2917,7 @@ #else "bfi r5, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r6\n\t" "smulwt lr, r11, r6\n\t" @@ -2953,7 +2953,7 @@ #else "bfi r6, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r7\n\t" "smulwt lr, r11, r7\n\t" @@ -2989,7 +2989,7 @@ #else "bfi r7, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r8\n\t" "smulwt lr, r11, r8\n\t" @@ -3025,7 +3025,7 @@ #else "bfi r8, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r9\n\t" "smulwt lr, r11, r9\n\t" @@ -3061,7 +3061,7 @@ #else "bfi r9, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r10, #0x1\n\t" @@ -3075,7 +3075,7 @@ #else "movt r10, #0xcff\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #4]\n\t" "str r4, [%[r], #8]\n\t" @@ -3170,7 +3170,7 @@ #else "movt r10, #0xcff\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "mov r3, #0\n\t" "\n" "L_mlkem_invntt_loop_765_%=: \n\t" @@ -3301,7 +3301,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r4, r5\n\t" "sadd16 r4, r4, r5\n\t" @@ -3417,7 +3417,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #1\n\t" "ldr r11, [r11, #4]\n\t" @@ -3537,7 +3537,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r8, r9\n\t" "sadd16 r8, r8, r9\n\t" @@ -3653,7 +3653,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #2\n\t" "ldr r11, [r11, #128]\n\t" @@ -3773,7 +3773,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r3, r5\n\t" "sadd16 r3, r3, r5\n\t" @@ -3890,7 +3890,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r6, r8\n\t" "sadd16 r6, r6, r8\n\t" @@ -4006,7 +4006,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r7, r9\n\t" "sadd16 r7, r7, r9\n\t" @@ -4122,7 +4122,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [sp, #4]\n\t" "add r11, r1, r11, lsr #3\n\t" "ldr r11, [r11, #192]\n\t" @@ -4242,7 +4242,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r3, r7\n\t" "sadd16 r3, r3, r7\n\t" @@ -4359,7 +4359,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r4, r8\n\t" "sadd16 r4, r4, r8\n\t" @@ -4476,7 +4476,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r5, r9\n\t" "sadd16 r5, r5, r9\n\t" @@ -4593,7 +4593,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xc0\n\t" @@ -4613,7 +4613,7 @@ #else "mov r11, #0x4ebf\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r2\n\t" "smulwt lr, r11, r2\n\t" @@ -4649,7 +4649,7 @@ #else "bfi r2, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r3\n\t" "smulwt lr, r11, r3\n\t" @@ -4685,7 +4685,7 @@ #else "bfi r3, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r4\n\t" "smulwt lr, r11, r4\n\t" @@ -4721,7 +4721,7 @@ #else "bfi r4, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r5\n\t" "smulwt lr, r11, r5\n\t" @@ -4757,7 +4757,7 @@ #else "bfi r5, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #4]\n\t" "str r4, [%[r], #8]\n\t" @@ -4906,7 +4906,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r3, r5\n\t" "sadd16 r3, r3, r5\n\t" @@ -5023,7 +5023,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r6, r8\n\t" "sadd16 r6, r6, r8\n\t" @@ -5139,7 +5139,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r7, r9\n\t" "sadd16 r7, r7, r9\n\t" @@ -5255,7 +5255,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #16]\n\t" "str r4, [%[r], #32]\n\t" @@ -5407,7 +5407,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r4, r5\n\t" "sadd16 r4, r4, r5\n\t" @@ -5523,7 +5523,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #244]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r6, r7\n\t" @@ -5641,7 +5641,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r8, r9\n\t" "sadd16 r8, r8, r9\n\t" @@ -5757,7 +5757,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #248]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r2, r4\n\t" @@ -5875,7 +5875,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r3, r5\n\t" "sadd16 r3, r3, r5\n\t" @@ -5992,7 +5992,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r6, r8\n\t" "sadd16 r6, r6, r8\n\t" @@ -6108,7 +6108,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r7, r9\n\t" "sadd16 r7, r7, r9\n\t" @@ -6224,7 +6224,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "mov r11, #0xc0\n\t" @@ -6244,7 +6244,7 @@ #else "mov r11, #0x4ebf\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r2\n\t" "smulwt lr, r11, r2\n\t" @@ -6280,7 +6280,7 @@ #else "bfi r2, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r3\n\t" "smulwt lr, r11, r3\n\t" @@ -6316,7 +6316,7 @@ #else "bfi r3, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r4\n\t" "smulwt lr, r11, r4\n\t" @@ -6352,7 +6352,7 @@ #else "bfi r4, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulwb r12, r11, r5\n\t" "smulwt lr, r11, r5\n\t" @@ -6388,7 +6388,7 @@ #else "bfi r5, lr, #16, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #252]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r2, r6\n\t" @@ -6506,7 +6506,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r3, r7\n\t" "sadd16 r3, r3, r7\n\t" @@ -6623,7 +6623,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r4, r8\n\t" "sadd16 r4, r4, r8\n\t" @@ -6740,7 +6740,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "ssub16 r12, r5, r9\n\t" "sadd16 r5, r5, r9\n\t" @@ -6857,7 +6857,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "ldr r11, [r1, #254]\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r2\n\t" @@ -6941,7 +6941,7 @@ #else "bfi r2, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r3\n\t" "smulbt r3, r11, r3\n\t" @@ -7024,7 +7024,7 @@ #else "bfi r3, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r4\n\t" "smulbt r4, r11, r4\n\t" @@ -7107,7 +7107,7 @@ #else "bfi r4, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r5\n\t" "smulbt r5, r11, r5\n\t" @@ -7190,7 +7190,7 @@ #else "bfi r5, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r6\n\t" "smulbt r6, r11, r6\n\t" @@ -7273,7 +7273,7 @@ #else "bfi r6, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r7\n\t" "smulbt r7, r11, r7\n\t" @@ -7356,7 +7356,7 @@ #else "bfi r7, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r8\n\t" "smulbt r8, r11, r8\n\t" @@ -7439,7 +7439,7 @@ #else "bfi r8, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH >= 6) "smulbb r12, r11, r9\n\t" "smulbt r9, r11, r9\n\t" @@ -7522,7 +7522,7 @@ #else "bfi r9, r12, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "str r2, [%[r]]\n\t" "str r3, [%[r], #64]\n\t" "str r4, [%[r], #128]\n\t" @@ -7620,7 +7620,7 @@ #else "movt r12, #0xcff\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "mov r8, #0\n\t" "\n" "L_mlkem_basemul_mont_loop_%=: \n\t" @@ -7872,7 +7872,7 @@ #endif "orr r4, r9, r8, lsr #16\n\t" "orr r5, r11, r10, lsr #16\n\t" -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "stm %[r]!, {r4, r5}\n\t" "pop {r8}\n\t" "bne L_mlkem_basemul_mont_loop_%=\n\t" @@ -7925,7 +7925,7 @@ #else "movt r12, #0xcff\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "mov r8, #0\n\t" "\n" "L_mlkem_arm32_basemul_mont_add_loop_%=: \n\t" @@ -8211,7 +8211,7 @@ #else "bfi r5, r10, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "stm %[r]!, {r4, r5}\n\t" "pop {r8}\n\t" "bne L_mlkem_arm32_basemul_mont_add_loop_%=\n\t" @@ -8264,7 +8264,7 @@ #else "movt lr, #0xd01\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "mov r11, #0x8000\n\t" #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "orr r11, r11, #0x80000000\n\t" @@ -8405,7 +8405,7 @@ #else "bfi r5, r10, #0, #16\n\t" #endif -#endif /* WOLFSLS_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ +#endif /* WOLFSSL_ARM_ARCH && WOLFSSL_ARM_ARCH >= 6 */ "stm %[p]!, {r2, r3, r4, r5}\n\t" "subs r1, r1, #8\n\t" "bne L_mlkem_arm32_csubq_loop_%=\n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-poly1305-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -108,7 +108,7 @@ Transform_Sha256_Len_base: push {r4, r5, r6, r7, r8, r9, r10, r11, lr} sub sp, sp, #0xc0 - adr r3, L_SHA256_transform_len_k + adr r12, L_SHA256_transform_len_k # Copy digest to add in at end #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) ldm r0, {r4, r5} @@ -372,9 +372,10 @@ ldr r11, [r0, #4] ldr r4, [r0, #8] eor r11, r11, r4 - mov r12, #3 +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + mov r3, #3 # Start of 16 rounds -L_SHA256_transform_len_start: +L_SHA256_transform_len_start_fast: # Round 0 ldr r5, [r0, #16] ldr r6, [r0, #20] @@ -389,7 +390,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp] - ldr r6, [r3] + ldr r6, [r12] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0] @@ -436,7 +437,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #4] - ldr r6, [r3, #4] + ldr r6, [r12, #4] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #28] @@ -483,7 +484,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #8] - ldr r6, [r3, #8] + ldr r6, [r12, #8] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #24] @@ -530,7 +531,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #12] - ldr r6, [r3, #12] + ldr r6, [r12, #12] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #20] @@ -577,7 +578,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #16] - ldr r6, [r3, #16] + ldr r6, [r12, #16] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #16] @@ -624,7 +625,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #20] - ldr r6, [r3, #20] + ldr r6, [r12, #20] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #12] @@ -671,7 +672,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #24] - ldr r6, [r3, #24] + ldr r6, [r12, #24] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #8] @@ -718,7 +719,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #28] - ldr r6, [r3, #28] + ldr r6, [r12, #28] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #4] @@ -765,7 +766,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #32] - ldr r6, [r3, #32] + ldr r6, [r12, #32] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0] @@ -812,7 +813,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #36] - ldr r6, [r3, #36] + ldr r6, [r12, #36] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #28] @@ -859,7 +860,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #40] - ldr r6, [r3, #40] + ldr r6, [r12, #40] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #24] @@ -906,7 +907,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #44] - ldr r6, [r3, #44] + ldr r6, [r12, #44] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #20] @@ -953,7 +954,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #48] - ldr r6, [r3, #48] + ldr r6, [r12, #48] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #16] @@ -1000,7 +1001,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #52] - ldr r6, [r3, #52] + ldr r6, [r12, #52] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #12] @@ -1047,7 +1048,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #56] - ldr r6, [r3, #56] + ldr r6, [r12, #56] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #8] @@ -1094,7 +1095,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #60] - ldr r6, [r3, #60] + ldr r6, [r12, #60] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #4] @@ -1127,9 +1128,9 @@ add r4, r4, r5 add r9, r9, r4 str r9, [sp, #60] - add r3, r3, #0x40 - subs r12, r12, #1 - bne L_SHA256_transform_len_start + add r12, r12, #0x40 + subs r3, r3, #1 + bne L_SHA256_transform_len_start_fast # Round 0 ldr r5, [r0, #16] ldr r6, [r0, #20] @@ -1144,7 +1145,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp] - ldr r6, [r3] + ldr r6, [r12] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0] @@ -1176,7 +1177,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #4] - ldr r6, [r3, #4] + ldr r6, [r12, #4] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #28] @@ -1208,7 +1209,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #8] - ldr r6, [r3, #8] + ldr r6, [r12, #8] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #24] @@ -1240,7 +1241,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #12] - ldr r6, [r3, #12] + ldr r6, [r12, #12] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #20] @@ -1272,7 +1273,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #16] - ldr r6, [r3, #16] + ldr r6, [r12, #16] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #16] @@ -1304,7 +1305,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #20] - ldr r6, [r3, #20] + ldr r6, [r12, #20] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #12] @@ -1336,7 +1337,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #24] - ldr r6, [r3, #24] + ldr r6, [r12, #24] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #8] @@ -1368,7 +1369,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #28] - ldr r6, [r3, #28] + ldr r6, [r12, #28] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #4] @@ -1400,7 +1401,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #32] - ldr r6, [r3, #32] + ldr r6, [r12, #32] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0] @@ -1432,7 +1433,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #36] - ldr r6, [r3, #36] + ldr r6, [r12, #36] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #28] @@ -1464,7 +1465,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #40] - ldr r6, [r3, #40] + ldr r6, [r12, #40] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #24] @@ -1496,7 +1497,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #44] - ldr r6, [r3, #44] + ldr r6, [r12, #44] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #20] @@ -1528,7 +1529,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #48] - ldr r6, [r3, #48] + ldr r6, [r12, #48] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #16] @@ -1560,7 +1561,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #52] - ldr r6, [r3, #52] + ldr r6, [r12, #52] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #12] @@ -1592,7 +1593,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #56] - ldr r6, [r3, #56] + ldr r6, [r12, #56] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #8] @@ -1624,7 +1625,7 @@ add r9, r9, r4 add r9, r9, r6 ldr r5, [sp, #60] - ldr r6, [r3, #60] + ldr r6, [r12, #60] add r9, r9, r5 add r9, r9, r6 ldr r5, [r0, #4] @@ -1642,6 +1643,815 @@ add r9, r9, r10 str r8, [r0, #16] str r9, [r0] +#else + mov r3, #4 + # Start of 16 rounds +L_SHA256_transform_len_start_small: + sub r3, r3, #1 + # Round 0 + ldr r5, [r0, #16] + ldr r6, [r0, #20] + ldr r7, [r0, #24] + ldr r9, [r0, #28] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp] + ldr r6, [r12] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0] + ldr r6, [r0, #4] + ldr r7, [r0, #8] + ldr r8, [r0, #12] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #12] + str r9, [r0, #28] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_0 + # Calc new W[0] + ldr r6, [sp, #56] + ldr r7, [sp, #36] + ldr r8, [sp, #4] + ldr r9, [sp] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp] +L_SHA256_transform_len_blk_end_0: + # Round 1 + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r9, [r0, #24] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #4] + ldr r6, [r12, #4] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #28] + ldr r6, [r0] + ldr r7, [r0, #4] + ldr r8, [r0, #8] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #8] + str r9, [r0, #24] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_1 + # Calc new W[1] + ldr r6, [sp, #60] + ldr r7, [sp, #40] + ldr r8, [sp, #8] + ldr r9, [sp, #4] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #4] +L_SHA256_transform_len_blk_end_1: + # Round 2 + ldr r5, [r0, #8] + ldr r6, [r0, #12] + ldr r7, [r0, #16] + ldr r9, [r0, #20] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #8] + ldr r6, [r12, #8] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #24] + ldr r6, [r0, #28] + ldr r7, [r0] + ldr r8, [r0, #4] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #4] + str r9, [r0, #20] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_2 + # Calc new W[2] + ldr r6, [sp] + ldr r7, [sp, #44] + ldr r8, [sp, #12] + ldr r9, [sp, #8] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #8] +L_SHA256_transform_len_blk_end_2: + # Round 3 + ldr r5, [r0, #4] + ldr r6, [r0, #8] + ldr r7, [r0, #12] + ldr r9, [r0, #16] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #12] + ldr r6, [r12, #12] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #20] + ldr r6, [r0, #24] + ldr r7, [r0, #28] + ldr r8, [r0] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0] + str r9, [r0, #16] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_3 + # Calc new W[3] + ldr r6, [sp, #4] + ldr r7, [sp, #48] + ldr r8, [sp, #16] + ldr r9, [sp, #12] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #12] +L_SHA256_transform_len_blk_end_3: + # Round 4 + ldr r5, [r0] + ldr r6, [r0, #4] + ldr r7, [r0, #8] + ldr r9, [r0, #12] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #16] + ldr r6, [r12, #16] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #16] + ldr r6, [r0, #20] + ldr r7, [r0, #24] + ldr r8, [r0, #28] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #28] + str r9, [r0, #12] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_4 + # Calc new W[4] + ldr r6, [sp, #8] + ldr r7, [sp, #52] + ldr r8, [sp, #20] + ldr r9, [sp, #16] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #16] +L_SHA256_transform_len_blk_end_4: + # Round 5 + ldr r5, [r0, #28] + ldr r6, [r0] + ldr r7, [r0, #4] + ldr r9, [r0, #8] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #20] + ldr r6, [r12, #20] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #24] + str r9, [r0, #8] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_5 + # Calc new W[5] + ldr r6, [sp, #12] + ldr r7, [sp, #56] + ldr r8, [sp, #24] + ldr r9, [sp, #20] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #20] +L_SHA256_transform_len_blk_end_5: + # Round 6 + ldr r5, [r0, #24] + ldr r6, [r0, #28] + ldr r7, [r0] + ldr r9, [r0, #4] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #24] + ldr r6, [r12, #24] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #8] + ldr r6, [r0, #12] + ldr r7, [r0, #16] + ldr r8, [r0, #20] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #20] + str r9, [r0, #4] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_6 + # Calc new W[6] + ldr r6, [sp, #16] + ldr r7, [sp, #60] + ldr r8, [sp, #28] + ldr r9, [sp, #24] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #24] +L_SHA256_transform_len_blk_end_6: + # Round 7 + ldr r5, [r0, #20] + ldr r6, [r0, #24] + ldr r7, [r0, #28] + ldr r9, [r0] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #28] + ldr r6, [r12, #28] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #4] + ldr r6, [r0, #8] + ldr r7, [r0, #12] + ldr r8, [r0, #16] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #16] + str r9, [r0] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_7 + # Calc new W[7] + ldr r6, [sp, #20] + ldr r7, [sp] + ldr r8, [sp, #32] + ldr r9, [sp, #28] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #28] +L_SHA256_transform_len_blk_end_7: + # Round 8 + ldr r5, [r0, #16] + ldr r6, [r0, #20] + ldr r7, [r0, #24] + ldr r9, [r0, #28] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #32] + ldr r6, [r12, #32] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0] + ldr r6, [r0, #4] + ldr r7, [r0, #8] + ldr r8, [r0, #12] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #12] + str r9, [r0, #28] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_8 + # Calc new W[8] + ldr r6, [sp, #24] + ldr r7, [sp, #4] + ldr r8, [sp, #36] + ldr r9, [sp, #32] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #32] +L_SHA256_transform_len_blk_end_8: + # Round 9 + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r9, [r0, #24] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #36] + ldr r6, [r12, #36] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #28] + ldr r6, [r0] + ldr r7, [r0, #4] + ldr r8, [r0, #8] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #8] + str r9, [r0, #24] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_9 + # Calc new W[9] + ldr r6, [sp, #28] + ldr r7, [sp, #8] + ldr r8, [sp, #40] + ldr r9, [sp, #36] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #36] +L_SHA256_transform_len_blk_end_9: + # Round 10 + ldr r5, [r0, #8] + ldr r6, [r0, #12] + ldr r7, [r0, #16] + ldr r9, [r0, #20] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #40] + ldr r6, [r12, #40] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #24] + ldr r6, [r0, #28] + ldr r7, [r0] + ldr r8, [r0, #4] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #4] + str r9, [r0, #20] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_10 + # Calc new W[10] + ldr r6, [sp, #32] + ldr r7, [sp, #12] + ldr r8, [sp, #44] + ldr r9, [sp, #40] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #40] +L_SHA256_transform_len_blk_end_10: + # Round 11 + ldr r5, [r0, #4] + ldr r6, [r0, #8] + ldr r7, [r0, #12] + ldr r9, [r0, #16] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #44] + ldr r6, [r12, #44] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #20] + ldr r6, [r0, #24] + ldr r7, [r0, #28] + ldr r8, [r0] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0] + str r9, [r0, #16] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_11 + # Calc new W[11] + ldr r6, [sp, #36] + ldr r7, [sp, #16] + ldr r8, [sp, #48] + ldr r9, [sp, #44] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #44] +L_SHA256_transform_len_blk_end_11: + # Round 12 + ldr r5, [r0] + ldr r6, [r0, #4] + ldr r7, [r0, #8] + ldr r9, [r0, #12] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #48] + ldr r6, [r12, #48] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #16] + ldr r6, [r0, #20] + ldr r7, [r0, #24] + ldr r8, [r0, #28] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #28] + str r9, [r0, #12] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_12 + # Calc new W[12] + ldr r6, [sp, #40] + ldr r7, [sp, #20] + ldr r8, [sp, #52] + ldr r9, [sp, #48] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #48] +L_SHA256_transform_len_blk_end_12: + # Round 13 + ldr r5, [r0, #28] + ldr r6, [r0] + ldr r7, [r0, #4] + ldr r9, [r0, #8] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #52] + ldr r6, [r12, #52] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #12] + ldr r6, [r0, #16] + ldr r7, [r0, #20] + ldr r8, [r0, #24] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #24] + str r9, [r0, #8] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_13 + # Calc new W[13] + ldr r6, [sp, #44] + ldr r7, [sp, #24] + ldr r8, [sp, #56] + ldr r9, [sp, #52] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #52] +L_SHA256_transform_len_blk_end_13: + # Round 14 + ldr r5, [r0, #24] + ldr r6, [r0, #28] + ldr r7, [r0] + ldr r9, [r0, #4] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #56] + ldr r6, [r12, #56] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #8] + ldr r6, [r0, #12] + ldr r7, [r0, #16] + ldr r8, [r0, #20] + ror r4, r5, #2 + eor r10, r5, r6 + eor r4, r4, r5, ror #13 + and r11, r11, r10 + eor r4, r4, r5, ror #22 + eor r11, r11, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r11 + str r8, [r0, #20] + str r9, [r0, #4] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_14 + # Calc new W[14] + ldr r6, [sp, #48] + ldr r7, [sp, #28] + ldr r8, [sp, #60] + ldr r9, [sp, #56] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #56] +L_SHA256_transform_len_blk_end_14: + # Round 15 + ldr r5, [r0, #20] + ldr r6, [r0, #24] + ldr r7, [r0, #28] + ldr r9, [r0] + ror r4, r5, #6 + eor r6, r6, r7 + eor r4, r4, r5, ror #11 + and r6, r6, r5 + eor r4, r4, r5, ror #25 + eor r6, r6, r7 + add r9, r9, r4 + add r9, r9, r6 + ldr r5, [sp, #60] + ldr r6, [r12, #60] + add r9, r9, r5 + add r9, r9, r6 + ldr r5, [r0, #4] + ldr r6, [r0, #8] + ldr r7, [r0, #12] + ldr r8, [r0, #16] + ror r4, r5, #2 + eor r11, r5, r6 + eor r4, r4, r5, ror #13 + and r10, r10, r11 + eor r4, r4, r5, ror #22 + eor r10, r10, r6 + add r8, r8, r9 + add r9, r9, r4 + add r9, r9, r10 + str r8, [r0, #16] + str r9, [r0] + cmp r3, #0 + beq L_SHA256_transform_len_blk_end_15 + # Calc new W[15] + ldr r6, [sp, #52] + ldr r7, [sp, #32] + ldr r8, [sp] + ldr r9, [sp, #60] + ror r4, r6, #17 + ror r5, r8, #7 + eor r4, r4, r6, ror #19 + eor r5, r5, r8, ror #18 + eor r4, r4, r6, lsr #10 + eor r5, r5, r8, lsr #3 + add r9, r9, r7 + add r4, r4, r5 + add r9, r9, r4 + str r9, [sp, #60] +L_SHA256_transform_len_blk_end_15: + cmp r3, #0 + add r12, r12, #0x40 + bne L_SHA256_transform_len_start_small +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ # Add in digest from start #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) ldm r0, {r4, r5} @@ -1746,7 +2556,11 @@ strd r6, r7, [sp, #88] #endif subs r2, r2, #0x40 - sub r3, r3, #0xc0 +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + sub r12, r12, #0xc0 +#else + sub r12, r12, #0x100 +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ add r1, r1, #0x40 bne L_SHA256_transform_len_begin add sp, sp, #0xc0 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha256-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,7 +95,7 @@ __asm__ __volatile__ ( "sub sp, sp, #0xc0\n\t" - "mov r3, %[L_SHA256_transform_len_k]\n\t" + "mov r12, %[L_SHA256_transform_len_k]\n\t" /* Copy digest to add in at end */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "ldm r0, {r4, r5}\n\t" @@ -360,10 +360,11 @@ "ldr r11, [%[sha256], #4]\n\t" "ldr r4, [%[sha256], #8]\n\t" "eor r11, r11, r4\n\t" - "mov r12, #3\n\t" +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + "mov r3, #3\n\t" /* Start of 16 rounds */ "\n" - "L_SHA256_transform_len_start_%=: \n\t" + "L_SHA256_transform_len_start_fast_%=: \n\t" /* Round 0 */ "ldr r5, [%[sha256], #16]\n\t" "ldr r6, [%[sha256], #20]\n\t" @@ -378,7 +379,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp]\n\t" - "ldr r6, [r3]\n\t" + "ldr r6, [r12]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256]]\n\t" @@ -425,7 +426,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #4]\n\t" - "ldr r6, [r3, #4]\n\t" + "ldr r6, [r12, #4]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #28]\n\t" @@ -472,7 +473,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #8]\n\t" - "ldr r6, [r3, #8]\n\t" + "ldr r6, [r12, #8]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #24]\n\t" @@ -519,7 +520,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #12]\n\t" - "ldr r6, [r3, #12]\n\t" + "ldr r6, [r12, #12]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #20]\n\t" @@ -566,7 +567,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #16]\n\t" - "ldr r6, [r3, #16]\n\t" + "ldr r6, [r12, #16]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #16]\n\t" @@ -613,7 +614,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #20]\n\t" - "ldr r6, [r3, #20]\n\t" + "ldr r6, [r12, #20]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #12]\n\t" @@ -660,7 +661,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #24]\n\t" - "ldr r6, [r3, #24]\n\t" + "ldr r6, [r12, #24]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #8]\n\t" @@ -707,7 +708,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #28]\n\t" - "ldr r6, [r3, #28]\n\t" + "ldr r6, [r12, #28]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #4]\n\t" @@ -754,7 +755,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #32]\n\t" - "ldr r6, [r3, #32]\n\t" + "ldr r6, [r12, #32]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256]]\n\t" @@ -801,7 +802,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #36]\n\t" - "ldr r6, [r3, #36]\n\t" + "ldr r6, [r12, #36]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #28]\n\t" @@ -848,7 +849,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #40]\n\t" - "ldr r6, [r3, #40]\n\t" + "ldr r6, [r12, #40]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #24]\n\t" @@ -895,7 +896,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #44]\n\t" - "ldr r6, [r3, #44]\n\t" + "ldr r6, [r12, #44]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #20]\n\t" @@ -942,7 +943,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #48]\n\t" - "ldr r6, [r3, #48]\n\t" + "ldr r6, [r12, #48]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #16]\n\t" @@ -989,7 +990,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #52]\n\t" - "ldr r6, [r3, #52]\n\t" + "ldr r6, [r12, #52]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #12]\n\t" @@ -1036,7 +1037,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #56]\n\t" - "ldr r6, [r3, #56]\n\t" + "ldr r6, [r12, #56]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #8]\n\t" @@ -1083,7 +1084,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #60]\n\t" - "ldr r6, [r3, #60]\n\t" + "ldr r6, [r12, #60]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #4]\n\t" @@ -1116,9 +1117,9 @@ "add r4, r4, r5\n\t" "add r9, r9, r4\n\t" "str r9, [sp, #60]\n\t" - "add r3, r3, #0x40\n\t" - "subs r12, r12, #1\n\t" - "bne L_SHA256_transform_len_start_%=\n\t" + "add r12, r12, #0x40\n\t" + "subs r3, r3, #1\n\t" + "bne L_SHA256_transform_len_start_fast_%=\n\t" /* Round 0 */ "ldr r5, [%[sha256], #16]\n\t" "ldr r6, [%[sha256], #20]\n\t" @@ -1133,7 +1134,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp]\n\t" - "ldr r6, [r3]\n\t" + "ldr r6, [r12]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256]]\n\t" @@ -1165,7 +1166,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #4]\n\t" - "ldr r6, [r3, #4]\n\t" + "ldr r6, [r12, #4]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #28]\n\t" @@ -1197,7 +1198,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #8]\n\t" - "ldr r6, [r3, #8]\n\t" + "ldr r6, [r12, #8]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #24]\n\t" @@ -1229,7 +1230,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #12]\n\t" - "ldr r6, [r3, #12]\n\t" + "ldr r6, [r12, #12]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #20]\n\t" @@ -1261,7 +1262,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #16]\n\t" - "ldr r6, [r3, #16]\n\t" + "ldr r6, [r12, #16]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #16]\n\t" @@ -1293,7 +1294,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #20]\n\t" - "ldr r6, [r3, #20]\n\t" + "ldr r6, [r12, #20]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #12]\n\t" @@ -1325,7 +1326,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #24]\n\t" - "ldr r6, [r3, #24]\n\t" + "ldr r6, [r12, #24]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #8]\n\t" @@ -1357,7 +1358,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #28]\n\t" - "ldr r6, [r3, #28]\n\t" + "ldr r6, [r12, #28]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #4]\n\t" @@ -1389,7 +1390,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #32]\n\t" - "ldr r6, [r3, #32]\n\t" + "ldr r6, [r12, #32]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256]]\n\t" @@ -1421,7 +1422,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #36]\n\t" - "ldr r6, [r3, #36]\n\t" + "ldr r6, [r12, #36]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #28]\n\t" @@ -1453,7 +1454,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #40]\n\t" - "ldr r6, [r3, #40]\n\t" + "ldr r6, [r12, #40]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #24]\n\t" @@ -1485,7 +1486,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #44]\n\t" - "ldr r6, [r3, #44]\n\t" + "ldr r6, [r12, #44]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #20]\n\t" @@ -1517,7 +1518,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #48]\n\t" - "ldr r6, [r3, #48]\n\t" + "ldr r6, [r12, #48]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #16]\n\t" @@ -1549,7 +1550,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #52]\n\t" - "ldr r6, [r3, #52]\n\t" + "ldr r6, [r12, #52]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #12]\n\t" @@ -1581,7 +1582,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #56]\n\t" - "ldr r6, [r3, #56]\n\t" + "ldr r6, [r12, #56]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #8]\n\t" @@ -1613,7 +1614,7 @@ "add r9, r9, r4\n\t" "add r9, r9, r6\n\t" "ldr r5, [sp, #60]\n\t" - "ldr r6, [r3, #60]\n\t" + "ldr r6, [r12, #60]\n\t" "add r9, r9, r5\n\t" "add r9, r9, r6\n\t" "ldr r5, [%[sha256], #4]\n\t" @@ -1631,6 +1632,832 @@ "add r9, r9, r10\n\t" "str r8, [%[sha256], #16]\n\t" "str r9, [%[sha256]]\n\t" +#else + "mov r3, #4\n\t" + /* Start of 16 rounds */ + "\n" + "L_SHA256_transform_len_start_small_%=: \n\t" + "sub r3, r3, #1\n\t" + /* Round 0 */ + "ldr r5, [%[sha256], #16]\n\t" + "ldr r6, [%[sha256], #20]\n\t" + "ldr r7, [%[sha256], #24]\n\t" + "ldr r9, [%[sha256], #28]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp]\n\t" + "ldr r6, [r12]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256]]\n\t" + "ldr r6, [%[sha256], #4]\n\t" + "ldr r7, [%[sha256], #8]\n\t" + "ldr r8, [%[sha256], #12]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #12]\n\t" + "str r9, [%[sha256], #28]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_0_%=\n\t" + /* Calc new W[0] */ + "ldr r6, [sp, #56]\n\t" + "ldr r7, [sp, #36]\n\t" + "ldr r8, [sp, #4]\n\t" + "ldr r9, [sp]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_0_%=: \n\t" + /* Round 1 */ + "ldr r5, [%[sha256], #12]\n\t" + "ldr r6, [%[sha256], #16]\n\t" + "ldr r7, [%[sha256], #20]\n\t" + "ldr r9, [%[sha256], #24]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #4]\n\t" + "ldr r6, [r12, #4]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #28]\n\t" + "ldr r6, [%[sha256]]\n\t" + "ldr r7, [%[sha256], #4]\n\t" + "ldr r8, [%[sha256], #8]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #8]\n\t" + "str r9, [%[sha256], #24]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_1_%=\n\t" + /* Calc new W[1] */ + "ldr r6, [sp, #60]\n\t" + "ldr r7, [sp, #40]\n\t" + "ldr r8, [sp, #8]\n\t" + "ldr r9, [sp, #4]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #4]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_1_%=: \n\t" + /* Round 2 */ + "ldr r5, [%[sha256], #8]\n\t" + "ldr r6, [%[sha256], #12]\n\t" + "ldr r7, [%[sha256], #16]\n\t" + "ldr r9, [%[sha256], #20]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #8]\n\t" + "ldr r6, [r12, #8]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #24]\n\t" + "ldr r6, [%[sha256], #28]\n\t" + "ldr r7, [%[sha256]]\n\t" + "ldr r8, [%[sha256], #4]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #4]\n\t" + "str r9, [%[sha256], #20]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_2_%=\n\t" + /* Calc new W[2] */ + "ldr r6, [sp]\n\t" + "ldr r7, [sp, #44]\n\t" + "ldr r8, [sp, #12]\n\t" + "ldr r9, [sp, #8]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #8]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_2_%=: \n\t" + /* Round 3 */ + "ldr r5, [%[sha256], #4]\n\t" + "ldr r6, [%[sha256], #8]\n\t" + "ldr r7, [%[sha256], #12]\n\t" + "ldr r9, [%[sha256], #16]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #12]\n\t" + "ldr r6, [r12, #12]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #20]\n\t" + "ldr r6, [%[sha256], #24]\n\t" + "ldr r7, [%[sha256], #28]\n\t" + "ldr r8, [%[sha256]]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256]]\n\t" + "str r9, [%[sha256], #16]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_3_%=\n\t" + /* Calc new W[3] */ + "ldr r6, [sp, #4]\n\t" + "ldr r7, [sp, #48]\n\t" + "ldr r8, [sp, #16]\n\t" + "ldr r9, [sp, #12]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #12]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_3_%=: \n\t" + /* Round 4 */ + "ldr r5, [%[sha256]]\n\t" + "ldr r6, [%[sha256], #4]\n\t" + "ldr r7, [%[sha256], #8]\n\t" + "ldr r9, [%[sha256], #12]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #16]\n\t" + "ldr r6, [r12, #16]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #16]\n\t" + "ldr r6, [%[sha256], #20]\n\t" + "ldr r7, [%[sha256], #24]\n\t" + "ldr r8, [%[sha256], #28]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #28]\n\t" + "str r9, [%[sha256], #12]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_4_%=\n\t" + /* Calc new W[4] */ + "ldr r6, [sp, #8]\n\t" + "ldr r7, [sp, #52]\n\t" + "ldr r8, [sp, #20]\n\t" + "ldr r9, [sp, #16]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #16]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_4_%=: \n\t" + /* Round 5 */ + "ldr r5, [%[sha256], #28]\n\t" + "ldr r6, [%[sha256]]\n\t" + "ldr r7, [%[sha256], #4]\n\t" + "ldr r9, [%[sha256], #8]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #20]\n\t" + "ldr r6, [r12, #20]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #12]\n\t" + "ldr r6, [%[sha256], #16]\n\t" + "ldr r7, [%[sha256], #20]\n\t" + "ldr r8, [%[sha256], #24]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #24]\n\t" + "str r9, [%[sha256], #8]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_5_%=\n\t" + /* Calc new W[5] */ + "ldr r6, [sp, #12]\n\t" + "ldr r7, [sp, #56]\n\t" + "ldr r8, [sp, #24]\n\t" + "ldr r9, [sp, #20]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #20]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_5_%=: \n\t" + /* Round 6 */ + "ldr r5, [%[sha256], #24]\n\t" + "ldr r6, [%[sha256], #28]\n\t" + "ldr r7, [%[sha256]]\n\t" + "ldr r9, [%[sha256], #4]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #24]\n\t" + "ldr r6, [r12, #24]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #8]\n\t" + "ldr r6, [%[sha256], #12]\n\t" + "ldr r7, [%[sha256], #16]\n\t" + "ldr r8, [%[sha256], #20]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #20]\n\t" + "str r9, [%[sha256], #4]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_6_%=\n\t" + /* Calc new W[6] */ + "ldr r6, [sp, #16]\n\t" + "ldr r7, [sp, #60]\n\t" + "ldr r8, [sp, #28]\n\t" + "ldr r9, [sp, #24]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #24]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_6_%=: \n\t" + /* Round 7 */ + "ldr r5, [%[sha256], #20]\n\t" + "ldr r6, [%[sha256], #24]\n\t" + "ldr r7, [%[sha256], #28]\n\t" + "ldr r9, [%[sha256]]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #28]\n\t" + "ldr r6, [r12, #28]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #4]\n\t" + "ldr r6, [%[sha256], #8]\n\t" + "ldr r7, [%[sha256], #12]\n\t" + "ldr r8, [%[sha256], #16]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #16]\n\t" + "str r9, [%[sha256]]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_7_%=\n\t" + /* Calc new W[7] */ + "ldr r6, [sp, #20]\n\t" + "ldr r7, [sp]\n\t" + "ldr r8, [sp, #32]\n\t" + "ldr r9, [sp, #28]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #28]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_7_%=: \n\t" + /* Round 8 */ + "ldr r5, [%[sha256], #16]\n\t" + "ldr r6, [%[sha256], #20]\n\t" + "ldr r7, [%[sha256], #24]\n\t" + "ldr r9, [%[sha256], #28]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #32]\n\t" + "ldr r6, [r12, #32]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256]]\n\t" + "ldr r6, [%[sha256], #4]\n\t" + "ldr r7, [%[sha256], #8]\n\t" + "ldr r8, [%[sha256], #12]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #12]\n\t" + "str r9, [%[sha256], #28]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_8_%=\n\t" + /* Calc new W[8] */ + "ldr r6, [sp, #24]\n\t" + "ldr r7, [sp, #4]\n\t" + "ldr r8, [sp, #36]\n\t" + "ldr r9, [sp, #32]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #32]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_8_%=: \n\t" + /* Round 9 */ + "ldr r5, [%[sha256], #12]\n\t" + "ldr r6, [%[sha256], #16]\n\t" + "ldr r7, [%[sha256], #20]\n\t" + "ldr r9, [%[sha256], #24]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #36]\n\t" + "ldr r6, [r12, #36]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #28]\n\t" + "ldr r6, [%[sha256]]\n\t" + "ldr r7, [%[sha256], #4]\n\t" + "ldr r8, [%[sha256], #8]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #8]\n\t" + "str r9, [%[sha256], #24]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_9_%=\n\t" + /* Calc new W[9] */ + "ldr r6, [sp, #28]\n\t" + "ldr r7, [sp, #8]\n\t" + "ldr r8, [sp, #40]\n\t" + "ldr r9, [sp, #36]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #36]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_9_%=: \n\t" + /* Round 10 */ + "ldr r5, [%[sha256], #8]\n\t" + "ldr r6, [%[sha256], #12]\n\t" + "ldr r7, [%[sha256], #16]\n\t" + "ldr r9, [%[sha256], #20]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #40]\n\t" + "ldr r6, [r12, #40]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #24]\n\t" + "ldr r6, [%[sha256], #28]\n\t" + "ldr r7, [%[sha256]]\n\t" + "ldr r8, [%[sha256], #4]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #4]\n\t" + "str r9, [%[sha256], #20]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_10_%=\n\t" + /* Calc new W[10] */ + "ldr r6, [sp, #32]\n\t" + "ldr r7, [sp, #12]\n\t" + "ldr r8, [sp, #44]\n\t" + "ldr r9, [sp, #40]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #40]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_10_%=: \n\t" + /* Round 11 */ + "ldr r5, [%[sha256], #4]\n\t" + "ldr r6, [%[sha256], #8]\n\t" + "ldr r7, [%[sha256], #12]\n\t" + "ldr r9, [%[sha256], #16]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #44]\n\t" + "ldr r6, [r12, #44]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #20]\n\t" + "ldr r6, [%[sha256], #24]\n\t" + "ldr r7, [%[sha256], #28]\n\t" + "ldr r8, [%[sha256]]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256]]\n\t" + "str r9, [%[sha256], #16]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_11_%=\n\t" + /* Calc new W[11] */ + "ldr r6, [sp, #36]\n\t" + "ldr r7, [sp, #16]\n\t" + "ldr r8, [sp, #48]\n\t" + "ldr r9, [sp, #44]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #44]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_11_%=: \n\t" + /* Round 12 */ + "ldr r5, [%[sha256]]\n\t" + "ldr r6, [%[sha256], #4]\n\t" + "ldr r7, [%[sha256], #8]\n\t" + "ldr r9, [%[sha256], #12]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #48]\n\t" + "ldr r6, [r12, #48]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #16]\n\t" + "ldr r6, [%[sha256], #20]\n\t" + "ldr r7, [%[sha256], #24]\n\t" + "ldr r8, [%[sha256], #28]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #28]\n\t" + "str r9, [%[sha256], #12]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_12_%=\n\t" + /* Calc new W[12] */ + "ldr r6, [sp, #40]\n\t" + "ldr r7, [sp, #20]\n\t" + "ldr r8, [sp, #52]\n\t" + "ldr r9, [sp, #48]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #48]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_12_%=: \n\t" + /* Round 13 */ + "ldr r5, [%[sha256], #28]\n\t" + "ldr r6, [%[sha256]]\n\t" + "ldr r7, [%[sha256], #4]\n\t" + "ldr r9, [%[sha256], #8]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #52]\n\t" + "ldr r6, [r12, #52]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #12]\n\t" + "ldr r6, [%[sha256], #16]\n\t" + "ldr r7, [%[sha256], #20]\n\t" + "ldr r8, [%[sha256], #24]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #24]\n\t" + "str r9, [%[sha256], #8]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_13_%=\n\t" + /* Calc new W[13] */ + "ldr r6, [sp, #44]\n\t" + "ldr r7, [sp, #24]\n\t" + "ldr r8, [sp, #56]\n\t" + "ldr r9, [sp, #52]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #52]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_13_%=: \n\t" + /* Round 14 */ + "ldr r5, [%[sha256], #24]\n\t" + "ldr r6, [%[sha256], #28]\n\t" + "ldr r7, [%[sha256]]\n\t" + "ldr r9, [%[sha256], #4]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #56]\n\t" + "ldr r6, [r12, #56]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #8]\n\t" + "ldr r6, [%[sha256], #12]\n\t" + "ldr r7, [%[sha256], #16]\n\t" + "ldr r8, [%[sha256], #20]\n\t" + "ror r4, r5, #2\n\t" + "eor r10, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r11, r11, r10\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r11, r11, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r11\n\t" + "str r8, [%[sha256], #20]\n\t" + "str r9, [%[sha256], #4]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_14_%=\n\t" + /* Calc new W[14] */ + "ldr r6, [sp, #48]\n\t" + "ldr r7, [sp, #28]\n\t" + "ldr r8, [sp, #60]\n\t" + "ldr r9, [sp, #56]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #56]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_14_%=: \n\t" + /* Round 15 */ + "ldr r5, [%[sha256], #20]\n\t" + "ldr r6, [%[sha256], #24]\n\t" + "ldr r7, [%[sha256], #28]\n\t" + "ldr r9, [%[sha256]]\n\t" + "ror r4, r5, #6\n\t" + "eor r6, r6, r7\n\t" + "eor r4, r4, r5, ror #11\n\t" + "and r6, r6, r5\n\t" + "eor r4, r4, r5, ror #25\n\t" + "eor r6, r6, r7\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [sp, #60]\n\t" + "ldr r6, [r12, #60]\n\t" + "add r9, r9, r5\n\t" + "add r9, r9, r6\n\t" + "ldr r5, [%[sha256], #4]\n\t" + "ldr r6, [%[sha256], #8]\n\t" + "ldr r7, [%[sha256], #12]\n\t" + "ldr r8, [%[sha256], #16]\n\t" + "ror r4, r5, #2\n\t" + "eor r11, r5, r6\n\t" + "eor r4, r4, r5, ror #13\n\t" + "and r10, r10, r11\n\t" + "eor r4, r4, r5, ror #22\n\t" + "eor r10, r10, r6\n\t" + "add r8, r8, r9\n\t" + "add r9, r9, r4\n\t" + "add r9, r9, r10\n\t" + "str r8, [%[sha256], #16]\n\t" + "str r9, [%[sha256]]\n\t" + "cmp r3, #0\n\t" + "beq L_SHA256_transform_len_blk_end_15_%=\n\t" + /* Calc new W[15] */ + "ldr r6, [sp, #52]\n\t" + "ldr r7, [sp, #32]\n\t" + "ldr r8, [sp]\n\t" + "ldr r9, [sp, #60]\n\t" + "ror r4, r6, #17\n\t" + "ror r5, r8, #7\n\t" + "eor r4, r4, r6, ror #19\n\t" + "eor r5, r5, r8, ror #18\n\t" + "eor r4, r4, r6, lsr #10\n\t" + "eor r5, r5, r8, lsr #3\n\t" + "add r9, r9, r7\n\t" + "add r4, r4, r5\n\t" + "add r9, r9, r4\n\t" + "str r9, [sp, #60]\n\t" + "\n" + "L_SHA256_transform_len_blk_end_15_%=: \n\t" + "cmp r3, #0\n\t" + "add r12, r12, #0x40\n\t" + "bne L_SHA256_transform_len_start_small_%=\n\t" +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ /* Add in digest from start */ #if defined(WOLFSSL_ARM_ARCH) && (WOLFSSL_ARM_ARCH < 7) "ldm r0, {r4, r5}\n\t" @@ -1735,7 +2562,11 @@ "strd r6, r7, [sp, #88]\n\t" #endif "subs %[len], %[len], #0x40\n\t" - "sub r3, r3, #0xc0\n\t" +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + "sub r12, r12, #0xc0\n\t" +#else + "sub r12, r12, #0x100\n\t" +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ "add %[data], %[data], #0x40\n\t" "bne L_SHA256_transform_len_begin_%=\n\t" "add sp, sp, #0xc0\n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,10 +33,10 @@ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON .text - .type L_sha3_arm2_neon_rt, %object - .size L_sha3_arm2_neon_rt, 192 + .type L_sha3_arm32_neon_rt, %object + .size L_sha3_arm32_neon_rt, 192 .align 4 -L_sha3_arm2_neon_rt: +L_sha3_arm32_neon_rt: .word 0x1 .word 0x0 .word 0x8082 @@ -92,7 +92,7 @@ BlockSha3: vpush {d8-d15} sub sp, sp, #16 - adr r1, L_sha3_arm2_neon_rt + adr r1, L_sha3_arm32_neon_rt mov r2, #24 mov r3, sp vld1.8 {d0-d3}, [r0]! @@ -354,10 +354,10 @@ #endif /* WOLFSSL_ARMASM_NO_NEON */ #ifdef WOLFSSL_ARMASM_NO_NEON .text - .type L_sha3_arm2_rt, %object - .size L_sha3_arm2_rt, 192 + .type L_sha3_arm32_rt, %object + .size L_sha3_arm32_rt, 192 .align 4 -L_sha3_arm2_rt: +L_sha3_arm32_rt: .word 0x1 .word 0x0 .word 0x8082 @@ -413,7 +413,7 @@ BlockSha3: push {r4, r5, r6, r7, r8, r9, r10, r11, lr} sub sp, sp, #0xcc - adr r1, L_sha3_arm2_rt + adr r1, L_sha3_arm32_rt mov r2, #12 L_sha3_arm32_begin: str r2, [sp, #200] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha3-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -51,7 +51,7 @@ #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_ARMASM_NO_NEON -static const word64 L_sha3_arm2_neon_rt[] = { +static const word64 L_sha3_arm32_neon_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -76,15 +76,15 @@ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register word64* state asm ("r0") = (word64*)state_p; - register word64* L_sha3_arm2_neon_rt_c asm ("r1") = - (word64*)&L_sha3_arm2_neon_rt; + register word64* L_sha3_arm32_neon_rt_c asm ("r1") = + (word64*)&L_sha3_arm32_neon_rt; #else - register word64* L_sha3_arm2_neon_rt_c = (word64*)&L_sha3_arm2_neon_rt; + register word64* L_sha3_arm32_neon_rt_c = (word64*)&L_sha3_arm32_neon_rt; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #16\n\t" - "mov r1, %[L_sha3_arm2_neon_rt]\n\t" + "mov r1, %[L_sha3_arm32_neon_rt]\n\t" "mov r2, #24\n\t" "mov r3, sp\n\t" "vld1.8 {d0-d3}, [%[state]]!\n\t" @@ -343,12 +343,12 @@ "add sp, sp, #16\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [state] "+r" (state), - [L_sha3_arm2_neon_rt] "+r" (L_sha3_arm2_neon_rt_c) + [L_sha3_arm32_neon_rt] "+r" (L_sha3_arm32_neon_rt_c) : #else : : [state] "r" (state), - [L_sha3_arm2_neon_rt] "r" (L_sha3_arm2_neon_rt_c) + [L_sha3_arm32_neon_rt] "r" (L_sha3_arm32_neon_rt_c) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "d0", "d1", "d2", "d3", "d4", "d5", "d6", "d7", "d8", "d9", "d10", "d11", "d12", "d13", "d14", "d15", "d16", @@ -359,7 +359,7 @@ #endif /* WOLFSSL_ARMASM_NO_NEON */ #ifdef WOLFSSL_ARMASM_NO_NEON -static const word64 L_sha3_arm2_rt[] = { +static const word64 L_sha3_arm32_rt[] = { 0x0000000000000001UL, 0x0000000000008082UL, 0x800000000000808aUL, 0x8000000080008000UL, 0x000000000000808bUL, 0x0000000080000001UL, @@ -384,14 +384,14 @@ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register word64* state asm ("r0") = (word64*)state_p; - register word64* L_sha3_arm2_rt_c asm ("r1") = (word64*)&L_sha3_arm2_rt; + register word64* L_sha3_arm32_rt_c asm ("r1") = (word64*)&L_sha3_arm32_rt; #else - register word64* L_sha3_arm2_rt_c = (word64*)&L_sha3_arm2_rt; + register word64* L_sha3_arm32_rt_c = (word64*)&L_sha3_arm32_rt; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "sub sp, sp, #0xcc\n\t" - "mov r1, %[L_sha3_arm2_rt]\n\t" + "mov r1, %[L_sha3_arm32_rt]\n\t" "mov r2, #12\n\t" "\n" "L_sha3_arm32_begin_%=: \n\t" @@ -2355,11 +2355,11 @@ "bne L_sha3_arm32_begin_%=\n\t" "add sp, sp, #0xcc\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG - : [state] "+r" (state), [L_sha3_arm2_rt] "+r" (L_sha3_arm2_rt_c) + : [state] "+r" (state), [L_sha3_arm32_rt] "+r" (L_sha3_arm32_rt_c) : #else : - : [state] "r" (state), [L_sha3_arm2_rt] "r" (L_sha3_arm2_rt_c) + : [state] "r" (state), [L_sha3_arm32_rt] "r" (L_sha3_arm32_rt_c) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-32-sha512-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-32-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43117,6 +43117,14080 @@ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_XTS */ #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#ifndef WOLFSSL_ARMASM_NO_NEON +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_te, %object + .section .rodata + .size L_AES_ARM64_NEON_te, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_te: + .byte 0x63,0x7c,0x77,0x7b,0xf2,0x6b,0x6f,0xc5 + .byte 0x30,0x01,0x67,0x2b,0xfe,0xd7,0xab,0x76 + .byte 0xca,0x82,0xc9,0x7d,0xfa,0x59,0x47,0xf0 + .byte 0xad,0xd4,0xa2,0xaf,0x9c,0xa4,0x72,0xc0 + .byte 0xb7,0xfd,0x93,0x26,0x36,0x3f,0xf7,0xcc + .byte 0x34,0xa5,0xe5,0xf1,0x71,0xd8,0x31,0x15 + .byte 0x04,0xc7,0x23,0xc3,0x18,0x96,0x05,0x9a + .byte 0x07,0x12,0x80,0xe2,0xeb,0x27,0xb2,0x75 + .byte 0x09,0x83,0x2c,0x1a,0x1b,0x6e,0x5a,0xa0 + .byte 0x52,0x3b,0xd6,0xb3,0x29,0xe3,0x2f,0x84 + .byte 0x53,0xd1,0x00,0xed,0x20,0xfc,0xb1,0x5b + .byte 0x6a,0xcb,0xbe,0x39,0x4a,0x4c,0x58,0xcf + .byte 0xd0,0xef,0xaa,0xfb,0x43,0x4d,0x33,0x85 + .byte 0x45,0xf9,0x02,0x7f,0x50,0x3c,0x9f,0xa8 + .byte 0x51,0xa3,0x40,0x8f,0x92,0x9d,0x38,0xf5 + .byte 0xbc,0xb6,0xda,0x21,0x10,0xff,0xf3,0xd2 + .byte 0xcd,0x0c,0x13,0xec,0x5f,0x97,0x44,0x17 + .byte 0xc4,0xa7,0x7e,0x3d,0x64,0x5d,0x19,0x73 + .byte 0x60,0x81,0x4f,0xdc,0x22,0x2a,0x90,0x88 + .byte 0x46,0xee,0xb8,0x14,0xde,0x5e,0x0b,0xdb + .byte 0xe0,0x32,0x3a,0x0a,0x49,0x06,0x24,0x5c + .byte 0xc2,0xd3,0xac,0x62,0x91,0x95,0xe4,0x79 + .byte 0xe7,0xc8,0x37,0x6d,0x8d,0xd5,0x4e,0xa9 + .byte 0x6c,0x56,0xf4,0xea,0x65,0x7a,0xae,0x08 + .byte 0xba,0x78,0x25,0x2e,0x1c,0xa6,0xb4,0xc6 + .byte 0xe8,0xdd,0x74,0x1f,0x4b,0xbd,0x8b,0x8a + .byte 0x70,0x3e,0xb5,0x66,0x48,0x03,0xf6,0x0e + .byte 0x61,0x35,0x57,0xb9,0x86,0xc1,0x1d,0x9e + .byte 0xe1,0xf8,0x98,0x11,0x69,0xd9,0x8e,0x94 + .byte 0x9b,0x1e,0x87,0xe9,0xce,0x55,0x28,0xdf + .byte 0x8c,0xa1,0x89,0x0d,0xbf,0xe6,0x42,0x68 + .byte 0x41,0x99,0x2d,0x0f,0xb0,0x54,0xbb,0x16 +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_shift_rows_shuffle, %object + .section .rodata + .size L_AES_ARM64_NEON_shift_rows_shuffle, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_shift_rows_shuffle: + .byte 0x0c,0x09,0x06,0x03,0x00,0x0d,0x0a,0x07 + .byte 0x04,0x01,0x0e,0x0b,0x08,0x05,0x02,0x0f +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_invert_key_NEON +.type AES_invert_key_NEON,@function +.align 2 +AES_invert_key_NEON: +#else +.section __TEXT,__text +.globl _AES_invert_key_NEON +.p2align 2 +_AES_invert_key_NEON: +#endif /* __APPLE__ */ + add x3, x0, x1, lsl 4 + mov x2, x0 + mov w4, w1 +L_AES_invert_key_NEON_loop: + ld1 {v0.2d}, [x2] + ld1 {v1.2d}, [x3] + st1 {v0.2d}, [x3] + st1 {v1.2d}, [x2], #16 + subs w4, w4, #2 + sub x3, x3, #16 + bne L_AES_invert_key_NEON_loop + movi v2.16b, #27 + add x2, x0, #16 + sub w4, w1, #1 +L_AES_invert_key_NEON_mix_loop: + ld1 {v0.2d}, [x2] + sshr v5.16b, v0.16b, #7 + ushr v6.16b, v0.16b, #6 + ushr v3.16b, v0.16b, #5 + and v5.16b, v5.16b, v2.16b + pmul v6.16b, v6.16b, v2.16b + pmul v3.16b, v3.16b, v2.16b + shl v4.16b, v0.16b, #1 + eor v5.16b, v5.16b, v4.16b + shl v4.16b, v0.16b, #3 + eor v3.16b, v3.16b, v4.16b + shl v4.16b, v0.16b, #2 + eor v6.16b, v6.16b, v4.16b + eor v4.16b, v5.16b, v3.16b + eor v3.16b, v3.16b, v0.16b + eor v5.16b, v6.16b, v3.16b + eor v6.16b, v6.16b, v4.16b + eor v4.16b, v4.16b, v0.16b + shl v0.4s, v4.4s, #8 + rev32 v5.8h, v5.8h + sri v0.4s, v4.4s, #24 + eor v0.16b, v0.16b, v6.16b + shl v4.4s, v3.4s, #24 + eor v0.16b, v0.16b, v5.16b + sri v4.4s, v3.4s, #8 + eor v0.16b, v0.16b, v4.16b + st1 {v0.2d}, [x2], #16 + subs w4, w4, #1 + bne L_AES_invert_key_NEON_mix_loop + ret +#ifndef __APPLE__ + .size AES_invert_key_NEON,.-AES_invert_key_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_rcon, %object + .section .rodata + .size L_AES_ARM64_NEON_rcon, 40 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_rcon: + .word 0x01000000 + .word 0x02000000 + .word 0x04000000 + .word 0x08000000 + .word 0x10000000 + .word 0x20000000 + .word 0x40000000 + .word 0x80000000 + .word 0x1b000000 + .word 0x36000000 +#ifndef __APPLE__ +.text +.globl AES_set_encrypt_key_NEON +.type AES_set_encrypt_key_NEON,@function +.align 2 +AES_set_encrypt_key_NEON: +#else +.section __TEXT,__text +.globl _AES_set_encrypt_key_NEON +.p2align 2 +_AES_set_encrypt_key_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x4, L_AES_ARM64_NEON_rcon + add x4, x4, :lo12:L_AES_ARM64_NEON_rcon +#else + adrp x4, L_AES_ARM64_NEON_rcon@PAGE + add x4, x4, L_AES_ARM64_NEON_rcon@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_te + add x5, x5, :lo12:L_AES_ARM64_NEON_te +#else + adrp x5, L_AES_ARM64_NEON_te@PAGE + add x5, x5, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v6.16b, v7.16b, v8.16b, v9.16b}, [x5], #0x40 + ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [x5], #0x40 + ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [x5], #0x40 + ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [x5] + movi v2.16b, #0x40 + movi v3.16b, #0x80 + movi v4.16b, #0xc0 + movi v5.16b, #27 + eor v26.16b, v26.16b, v26.16b + cmp x1, #0x80 + beq L_AES_set_encrypt_key_NEON_start_128 + cmp x1, #0xc0 + beq L_AES_set_encrypt_key_NEON_start_192 + ld1 {v0.16b}, [x0], #16 + ld1 {v1.16b}, [x0] + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.2d}, [x2], #16 + st1 {v1.2d}, [x2], #16 + mov x3, #6 +L_AES_set_encrypt_key_NEON_loop_256: + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + eor v22.16b, v0.16b, v2.16b + eor v23.16b, v0.16b, v3.16b + eor v24.16b, v0.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + eor v1.16b, v1.16b, v25.16b + dup v22.4s, v1.s[0] + dup v23.2s, v1.s[1] + dup v24.2s, v1.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v1.16b, v1.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v1.16b, v1.16b, v23.16b + eor v1.16b, v1.16b, v24.16b + st1 {v1.2d}, [x2], #16 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_256 + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + b L_AES_set_encrypt_key_NEON_end +L_AES_set_encrypt_key_NEON_start_192: + ld1 {v0.16b}, [x0], #16 + ld1 {v1.8b}, [x0] + rev32 v0.16b, v0.16b + rev32 v1.8b, v1.8b + st1 {v0.16b}, [x2], #16 + st1 {v1.8b}, [x2], #8 + ext v1.16b, v1.16b, v1.16b, #8 + mov x3, #7 +L_AES_set_encrypt_key_NEON_loop_192: + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + mov v23.16b, v26.16b + mov v23.s[2], v0.s[3] + eor v1.16b, v1.16b, v23.16b + mov v23.16b, v26.16b + mov v23.s[3], v1.s[2] + eor v1.16b, v1.16b, v23.16b + st1 {v1.d}[1], [x2], #8 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_192 + eor v22.16b, v1.16b, v2.16b + eor v23.16b, v1.16b, v3.16b + eor v24.16b, v1.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + b L_AES_set_encrypt_key_NEON_end +L_AES_set_encrypt_key_NEON_start_128: + ld1 {v0.16b}, [x0] + rev32 v0.16b, v0.16b + st1 {v0.2d}, [x2], #16 + mov x3, #10 +L_AES_set_encrypt_key_NEON_loop_128: + eor v22.16b, v0.16b, v2.16b + eor v23.16b, v0.16b, v3.16b + eor v24.16b, v0.16b, v4.16b + tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b + tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b + tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b + tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b + orr v25.16b, v25.16b, v22.16b + orr v23.16b, v23.16b, v24.16b + orr v25.16b, v25.16b, v23.16b + ext v25.16b, v25.16b, v26.16b, #12 + shl v22.4s, v25.4s, #8 + sri v22.4s, v25.4s, #24 + eor v0.16b, v0.16b, v22.16b + ld1r {v25.4s}, [x4], #4 + dup v22.4s, v0.s[0] + dup v23.2s, v0.s[1] + dup v24.2s, v0.s[2] + ext v22.16b, v26.16b, v22.16b, #12 + ext v23.16b, v26.16b, v23.16b, #8 + eor v0.16b, v0.16b, v22.16b + ext v24.16b, v26.16b, v24.16b, #4 + eor v0.16b, v0.16b, v23.16b + eor v0.16b, v0.16b, v24.16b + eor v0.16b, v0.16b, v25.16b + st1 {v0.2d}, [x2], #16 + subs x3, x3, #1 + bne L_AES_set_encrypt_key_NEON_loop_128 +L_AES_set_encrypt_key_NEON_end: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_set_encrypt_key_NEON,.-AES_set_encrypt_key_NEON +#endif /* __APPLE__ */ +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_encrypt_NEON +.type AES_ECB_encrypt_NEON,@function +.align 2 +AES_ECB_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_ECB_encrypt_NEON +.p2align 2 +_AES_ECB_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_te + add x5, x5, :lo12:L_AES_ARM64_NEON_te +#else + adrp x5, L_AES_ARM64_NEON_te@PAGE + add x5, x5, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_shift_rows_shuffle + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x6, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x6, x6, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x5], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x5], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x5], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + cmp x2, #0x40 + blt L_AES_ECB_encrypt_NEON_start_2 +L_AES_ECB_encrypt_NEON_loop_4: + mov x8, x3 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_ECB_encrypt_NEON_loop_4 +L_AES_ECB_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_ECB_encrypt_NEON_start_1 + blt L_AES_ECB_encrypt_NEON_data_done +L_AES_ECB_encrypt_NEON_loop_2: + mov x8, x3 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_ECB_encrypt_NEON_data_done +L_AES_ECB_encrypt_NEON_start_1: + ld1 {v3.2d}, [x6] + mov x8, x3 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x8], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w7, w7, #2 + bne L_AES_ECB_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x8], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 +L_AES_ECB_encrypt_NEON_data_done: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_ECB_encrypt_NEON,.-AES_ECB_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_encrypt_NEON +.type AES_CBC_encrypt_NEON,@function +.align 2 +AES_CBC_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CBC_encrypt_NEON +.p2align 2 +_AES_CBC_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_te + add x6, x6, :lo12:L_AES_ARM64_NEON_te +#else + adrp x6, L_AES_ARM64_NEON_te@PAGE + add x6, x6, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x7, x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [x6], #0x40 + ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [x6], #0x40 + ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [x6], #0x40 + ld1 {v22.16b, v23.16b, v24.16b, v25.16b}, [x6] + movi v6.16b, #0x40 + movi v7.16b, #0x80 + movi v8.16b, #0xc0 + movi v9.16b, #27 + ld1 {v0.2d}, [x5] + ld1 {v26.2d}, [x7] +L_AES_CBC_encrypt_NEON_loop_block: + add x9, x3, #16 + ld1 {v1.16b}, [x0], #16 + ld1 {v2.16b}, [x3] + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v2.16b + sub w8, w4, #2 +L_AES_CBC_encrypt_NEON_loop_nr: + eor v2.16b, v0.16b, v6.16b + eor v3.16b, v0.16b, v7.16b + eor v4.16b, v0.16b, v8.16b + tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v1.16b, v1.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v1.16b, v1.16b, v3.16b + tbl v1.16b, {v1.16b}, v26.16b + ld1 {v0.2d}, [x9], #16 + sshr v4.16b, v1.16b, #7 + shl v3.16b, v1.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v1.8h + eor v5.16b, v4.16b, v1.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v1.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + sri v3.4s, v1.4s, #8 + sri v2.4s, v5.4s, #24 + eor v1.16b, v4.16b, v3.16b + eor v1.16b, v1.16b, v2.16b + eor v2.16b, v1.16b, v6.16b + eor v3.16b, v1.16b, v7.16b + eor v4.16b, v1.16b, v8.16b + tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v0.16b, v0.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v0.16b, v0.16b, v3.16b + tbl v0.16b, {v0.16b}, v26.16b + ld1 {v1.2d}, [x9], #16 + sshr v4.16b, v0.16b, #7 + shl v3.16b, v0.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v0.8h + eor v5.16b, v4.16b, v0.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v0.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v1.16b + sri v3.4s, v0.4s, #8 + sri v2.4s, v5.4s, #24 + eor v0.16b, v4.16b, v3.16b + eor v0.16b, v0.16b, v2.16b + subs w8, w8, #2 + bne L_AES_CBC_encrypt_NEON_loop_nr + eor v2.16b, v0.16b, v6.16b + eor v3.16b, v0.16b, v7.16b + eor v4.16b, v0.16b, v8.16b + tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v1.16b, v1.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v1.16b, v1.16b, v3.16b + tbl v1.16b, {v1.16b}, v26.16b + ld1 {v0.2d}, [x9], #16 + sshr v4.16b, v1.16b, #7 + shl v3.16b, v1.16b, #1 + and v4.16b, v4.16b, v9.16b + eor v4.16b, v4.16b, v3.16b + rev32 v2.8h, v1.8h + eor v5.16b, v4.16b, v1.16b + eor v4.16b, v4.16b, v2.16b + shl v3.4s, v1.4s, #24 + shl v2.4s, v5.4s, #8 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + sri v3.4s, v1.4s, #8 + sri v2.4s, v5.4s, #24 + eor v1.16b, v4.16b, v3.16b + eor v1.16b, v1.16b, v2.16b + eor v2.16b, v1.16b, v6.16b + eor v3.16b, v1.16b, v7.16b + eor v4.16b, v1.16b, v8.16b + tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b + tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b + tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b + tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b + orr v0.16b, v0.16b, v2.16b + orr v3.16b, v3.16b, v4.16b + orr v0.16b, v0.16b, v3.16b + tbl v0.16b, {v0.16b}, v26.16b + ld1 {v1.2d}, [x9], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 + subs x2, x2, #16 + bne L_AES_CBC_encrypt_NEON_loop_block + st1 {v0.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_CBC_encrypt_NEON,.-AES_CBC_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +#ifndef __APPLE__ +.text +.globl AES_CTR_encrypt_NEON +.type AES_CTR_encrypt_NEON,@function +.align 2 +AES_CTR_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CTR_encrypt_NEON +.p2align 2 +_AES_CTR_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_te + add x6, x6, :lo12:L_AES_ARM64_NEON_te +#else + adrp x6, L_AES_ARM64_NEON_te@PAGE + add x6, x6, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x7, x7, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x6], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x6], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x6], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + ld1 {v2.2d}, [x5] + rev64 v8.16b, v2.16b + rev32 v2.16b, v2.16b + mov x10, v8.d[1] + mov x11, v8.d[0] + cmp x2, #0x40 + blt L_AES_CTR_encrypt_NEON_start_2 +L_AES_CTR_encrypt_NEON_loop_4: + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v1.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v2.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + eor v3.16b, v8.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v8.d[1], x10 + mov v8.d[0], x11 + rev64 v8.16b, v8.16b + rev32 v8.16b, v8.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_CTR_encrypt_NEON_loop_4 + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b +L_AES_CTR_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_CTR_encrypt_NEON_start_1 + blt L_AES_CTR_encrypt_NEON_data_done +L_AES_CTR_encrypt_NEON_loop_2: + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b + eor v1.16b, v2.16b, v4.16b + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x7] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x7] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + ld1 {v4.16b, v5.16b}, [x0], #32 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_CTR_encrypt_NEON_data_done +L_AES_CTR_encrypt_NEON_start_1: + ld1 {v3.2d}, [x7] + mov x9, x3 + ld1 {v4.2d}, [x9], #16 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + sub w8, w4, #2 +L_AES_CTR_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x9], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x9], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w8, w8, #2 + bne L_AES_CTR_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x9], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + ld1 {v4.16b}, [x0], #16 + eor v0.16b, v0.16b, v4.16b + st1 {v0.16b}, [x1], #16 + adds x10, x10, #1 + adc x11, x11, xzr + mov v2.d[1], x10 + mov v2.d[0], x11 + rev64 v2.16b, v2.16b + rev32 v2.16b, v2.16b +L_AES_CTR_encrypt_NEON_data_done: + rev32 v2.16b, v2.16b + st1 {v2.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_CTR_encrypt_NEON,.-AES_CTR_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_td, %object + .section .rodata + .size L_AES_ARM64_NEON_td, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_td: + .byte 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 + .byte 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb + .byte 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 + .byte 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb + .byte 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d + .byte 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e + .byte 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 + .byte 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 + .byte 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 + .byte 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 + .byte 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda + .byte 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 + .byte 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a + .byte 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 + .byte 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 + .byte 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b + .byte 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea + .byte 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 + .byte 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 + .byte 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e + .byte 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 + .byte 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b + .byte 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 + .byte 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 + .byte 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 + .byte 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f + .byte 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d + .byte 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef + .byte 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 + .byte 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 + .byte 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 + .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +#ifndef __APPLE__ + .text + .type L_AES_ARM64_NEON_shift_rows_invshuffle, %object + .section .rodata + .size L_AES_ARM64_NEON_shift_rows_invshuffle, 16 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_NEON_shift_rows_invshuffle: + .byte 0x04,0x09,0x0e,0x03,0x08,0x0d,0x02,0x07 + .byte 0x0c,0x01,0x06,0x0b,0x00,0x05,0x0a,0x0f +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_decrypt_NEON +.type AES_ECB_decrypt_NEON,@function +.align 2 +AES_ECB_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_ECB_decrypt_NEON +.p2align 2 +_AES_ECB_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_NEON_td + add x5, x5, :lo12:L_AES_ARM64_NEON_td +#else + adrp x5, L_AES_ARM64_NEON_td@PAGE + add x5, x5, L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_shift_rows_invshuffle + add x6, x6, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x6, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x6, x6, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x5], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x5], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x5], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + cmp x2, #0x40 + blt L_AES_ECB_decrypt_NEON_start_2 +L_AES_ECB_decrypt_NEON_loop_4: + mov x8, x3 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + movi v28.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + ushr v14.16b, v2.16b, #6 + ushr v15.16b, v3.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + shl v6.16b, v2.16b, #2 + shl v7.16b, v3.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + ushr v6.16b, v2.16b, #5 + ushr v7.16b, v3.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v0.16b, #3 + shl v29.16b, v1.16b, #3 + shl v30.16b, v2.16b, #3 + shl v31.16b, v3.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v8.16b, v4.16b + eor v29.16b, v9.16b, v5.16b + eor v30.16b, v10.16b, v6.16b + eor v31.16b, v11.16b, v7.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v10.16b, v14.16b, v6.16b + eor v11.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v0.16b + eor v29.16b, v29.16b, v1.16b + eor v30.16b, v30.16b, v2.16b + eor v31.16b, v31.16b, v3.16b + shl v0.4s, v28.4s, #8 + shl v1.4s, v29.4s, #8 + shl v2.4s, v30.4s, #8 + shl v3.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v0.4s, v28.4s, #24 + sri v1.4s, v29.4s, #24 + sri v2.4s, v30.4s, #24 + sri v3.4s, v31.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x5] + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_ECB_decrypt_NEON_loop_4 +L_AES_ECB_decrypt_NEON_start_2: + cmp x2, #16 + beq L_AES_ECB_decrypt_NEON_start_1 + blt L_AES_ECB_decrypt_NEON_data_done +L_AES_ECB_decrypt_NEON_loop_2: + mov x8, x3 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + movi v10.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + pmul v4.16b, v4.16b, v10.16b + pmul v5.16b, v5.16b, v10.16b + shl v10.16b, v0.16b, #3 + shl v11.16b, v1.16b, #3 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + eor v10.16b, v8.16b, v4.16b + eor v11.16b, v9.16b, v5.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v0.16b + eor v11.16b, v11.16b, v1.16b + shl v0.4s, v10.4s, #8 + shl v1.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v0.4s, v10.4s, #24 + sri v1.4s, v11.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + shl v10.4s, v4.4s, #24 + shl v11.4s, v5.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + sri v10.4s, v4.4s, #8 + sri v11.4s, v5.4s, #8 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x6] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x8], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x6] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x8], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_ECB_decrypt_NEON_data_done +L_AES_ECB_decrypt_NEON_start_1: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x6] + mov x8, x3 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x8], #16 + rev32 v0.16b, v0.16b + # Round: 0 - XOR in key schedule + eor v0.16b, v0.16b, v4.16b + sub w7, w4, #2 +L_AES_ECB_decrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x8], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w7, w7, #2 + bne L_AES_ECB_decrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x8], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x8], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + st1 {v0.16b}, [x1], #16 +L_AES_ECB_decrypt_NEON_data_done: + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_ECB_decrypt_NEON,.-AES_ECB_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_decrypt_NEON +.type AES_CBC_decrypt_NEON,@function +.align 2 +AES_CBC_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_CBC_decrypt_NEON +.p2align 2 +_AES_CBC_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-160]! + add x29, sp, #0 + stp d8, d9, [x29, #96] + stp d10, d11, [x29, #112] + stp d12, d13, [x29, #128] + stp d14, d15, [x29, #144] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_NEON_td + add x6, x6, :lo12:L_AES_ARM64_NEON_td +#else + adrp x6, L_AES_ARM64_NEON_td@PAGE + add x6, x6, L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_NEON_shift_rows_invshuffle + add x7, x7, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x7, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x7, x7, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x6], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x6], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x6], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + ld1 {v3.2d}, [x5] + add x10, x29, #16 + cmp x2, #0x40 + blt L_AES_CBC_decrypt_NEON_start_2 +L_AES_CBC_decrypt_NEON_loop_4: + mov x9, x3 + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + st1 {v3.2d, v4.2d, v5.2d, v6.2d}, [x10] + str q7, [x10, #64] + ld1 {v8.2d}, [x9], #16 + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + rev32 v6.16b, v6.16b + rev32 v7.16b, v7.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_4: + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + eor v2.16b, v6.16b, v12.16b + eor v3.16b, v7.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v13.16b + eor v1.16b, v5.16b, v13.16b + eor v2.16b, v6.16b, v13.16b + eor v3.16b, v7.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + eor v2.16b, v6.16b, v14.16b + eor v3.16b, v7.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + tbl v10.16b, {v10.16b}, v4.16b + tbl v11.16b, {v11.16b}, v4.16b + movi v28.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + sshr v2.16b, v10.16b, #7 + sshr v3.16b, v11.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + shl v14.16b, v10.16b, #1 + shl v15.16b, v11.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + ushr v14.16b, v10.16b, #6 + ushr v15.16b, v11.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + shl v6.16b, v10.16b, #2 + shl v7.16b, v11.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + ushr v6.16b, v10.16b, #5 + ushr v7.16b, v11.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v8.16b, #3 + shl v29.16b, v9.16b, #3 + shl v30.16b, v10.16b, #3 + shl v31.16b, v11.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v0.16b, v4.16b + eor v29.16b, v1.16b, v5.16b + eor v30.16b, v2.16b, v6.16b + eor v31.16b, v3.16b, v7.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v2.16b, v14.16b, v6.16b + eor v3.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v8.16b + eor v29.16b, v29.16b, v9.16b + eor v30.16b, v30.16b, v10.16b + eor v31.16b, v31.16b, v11.16b + shl v8.4s, v28.4s, #8 + shl v9.4s, v29.4s, #8 + shl v10.4s, v30.4s, #8 + shl v11.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v8.4s, v28.4s, #24 + sri v9.4s, v29.4s, #24 + sri v10.4s, v30.4s, #24 + sri v11.4s, v31.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + eor v10.16b, v10.16b, v2.16b + eor v11.16b, v11.16b, v3.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v4.16b + # Round Done + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + eor v2.16b, v10.16b, v12.16b + eor v3.16b, v11.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v13.16b + eor v1.16b, v9.16b, v13.16b + eor v2.16b, v10.16b, v13.16b + eor v3.16b, v11.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + eor v2.16b, v10.16b, v14.16b + eor v3.16b, v11.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + tbl v6.16b, {v6.16b}, v8.16b + tbl v7.16b, {v7.16b}, v8.16b + movi v28.16b, #27 + sshr v0.16b, v4.16b, #7 + sshr v1.16b, v5.16b, #7 + sshr v2.16b, v6.16b, #7 + sshr v3.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v8.16b, v4.16b, #2 + shl v9.16b, v5.16b, #2 + shl v10.16b, v6.16b, #2 + shl v11.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v8.16b + eor v13.16b, v13.16b, v9.16b + eor v14.16b, v14.16b, v10.16b + eor v15.16b, v15.16b, v11.16b + ushr v8.16b, v4.16b, #5 + ushr v9.16b, v5.16b, #5 + ushr v10.16b, v6.16b, #5 + ushr v11.16b, v7.16b, #5 + pmul v8.16b, v8.16b, v28.16b + pmul v9.16b, v9.16b, v28.16b + pmul v10.16b, v10.16b, v28.16b + pmul v11.16b, v11.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + eor v28.16b, v0.16b, v8.16b + eor v29.16b, v1.16b, v9.16b + eor v30.16b, v2.16b, v10.16b + eor v31.16b, v3.16b, v11.16b + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v5.16b + eor v10.16b, v10.16b, v6.16b + eor v11.16b, v11.16b, v7.16b + eor v0.16b, v12.16b, v8.16b + eor v1.16b, v13.16b, v9.16b + eor v2.16b, v14.16b, v10.16b + eor v3.16b, v15.16b, v11.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v8.4s, #24 + shl v29.4s, v9.4s, #24 + shl v30.4s, v10.4s, #24 + shl v31.4s, v11.4s, #24 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + sri v28.4s, v8.4s, #8 + sri v29.4s, v9.4s, #8 + sri v30.4s, v10.4s, #8 + sri v31.4s, v11.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_4 + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + eor v2.16b, v6.16b, v12.16b + eor v3.16b, v7.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v13.16b + eor v1.16b, v5.16b, v13.16b + eor v2.16b, v6.16b, v13.16b + eor v3.16b, v7.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + eor v2.16b, v6.16b, v14.16b + eor v3.16b, v7.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + orr v10.16b, v10.16b, v2.16b + orr v11.16b, v11.16b, v3.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + tbl v10.16b, {v10.16b}, v4.16b + tbl v11.16b, {v11.16b}, v4.16b + movi v28.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + sshr v2.16b, v10.16b, #7 + sshr v3.16b, v11.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + shl v14.16b, v10.16b, #1 + shl v15.16b, v11.16b, #1 + and v0.16b, v0.16b, v28.16b + and v1.16b, v1.16b, v28.16b + and v2.16b, v2.16b, v28.16b + and v3.16b, v3.16b, v28.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + ushr v14.16b, v10.16b, #6 + ushr v15.16b, v11.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + shl v6.16b, v10.16b, #2 + shl v7.16b, v11.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + ushr v6.16b, v10.16b, #5 + ushr v7.16b, v11.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v8.16b, #3 + shl v29.16b, v9.16b, #3 + shl v30.16b, v10.16b, #3 + shl v31.16b, v11.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v0.16b, v4.16b + eor v29.16b, v1.16b, v5.16b + eor v30.16b, v2.16b, v6.16b + eor v31.16b, v3.16b, v7.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v2.16b, v14.16b, v6.16b + eor v3.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v8.16b + eor v29.16b, v29.16b, v9.16b + eor v30.16b, v30.16b, v10.16b + eor v31.16b, v31.16b, v11.16b + shl v8.4s, v28.4s, #8 + shl v9.4s, v29.4s, #8 + shl v10.4s, v30.4s, #8 + shl v11.4s, v31.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + sri v8.4s, v28.4s, #24 + sri v9.4s, v29.4s, #24 + sri v10.4s, v30.4s, #24 + sri v11.4s, v31.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + eor v10.16b, v10.16b, v2.16b + eor v11.16b, v11.16b, v3.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v8.16b, v8.16b, v28.16b + eor v9.16b, v9.16b, v29.16b + eor v10.16b, v10.16b, v30.16b + eor v11.16b, v11.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x6] + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v4.16b + # Round Done + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + eor v2.16b, v10.16b, v12.16b + eor v3.16b, v11.16b, v12.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b + tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v13.16b + eor v1.16b, v9.16b, v13.16b + eor v2.16b, v10.16b, v13.16b + eor v3.16b, v11.16b, v13.16b + tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + eor v2.16b, v10.16b, v14.16b + eor v3.16b, v11.16b, v14.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + orr v6.16b, v6.16b, v2.16b + orr v7.16b, v7.16b, v3.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + tbl v6.16b, {v6.16b}, v8.16b + tbl v7.16b, {v7.16b}, v8.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + eor v6.16b, v6.16b, v8.16b + eor v7.16b, v7.16b, v8.16b + # Round Done + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + rev32 v6.16b, v6.16b + rev32 v7.16b, v7.16b + ld1 {v8.2d, v9.2d, v10.2d, v11.2d}, [x10] + ldr q3, [x10, #64] + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + st1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_CBC_decrypt_NEON_loop_4 +L_AES_CBC_decrypt_NEON_start_2: + cmp x2, #16 + beq L_AES_CBC_decrypt_NEON_start_1 + blt L_AES_CBC_decrypt_NEON_data_done +L_AES_CBC_decrypt_NEON_loop_2: + mov x9, x3 + ld1 {v4.16b, v5.16b}, [x0], #32 + st1 {v3.2d, v4.2d, v5.2d}, [x10] + ld1 {v8.2d}, [x9], #16 + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v4.16b, v13.16b + eor v3.16b, v5.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + orr v8.16b, v8.16b, v2.16b + orr v9.16b, v9.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + movi v2.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + pmul v4.16b, v4.16b, v2.16b + pmul v5.16b, v5.16b, v2.16b + shl v2.16b, v8.16b, #3 + shl v3.16b, v9.16b, #3 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + eor v2.16b, v0.16b, v4.16b + eor v3.16b, v1.16b, v5.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v8.16b + eor v3.16b, v3.16b, v9.16b + shl v8.4s, v2.4s, #8 + shl v9.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v8.4s, v2.4s, #24 + sri v9.4s, v3.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + shl v2.4s, v4.4s, #24 + shl v3.4s, v5.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + sri v2.4s, v4.4s, #8 + sri v3.4s, v5.4s, #8 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v8.16b, v13.16b + eor v3.16b, v9.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + orr v4.16b, v4.16b, v2.16b + orr v5.16b, v5.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + movi v2.16b, #27 + sshr v0.16b, v4.16b, #7 + sshr v1.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v8.16b, v4.16b, #2 + shl v9.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v8.16b + eor v13.16b, v13.16b, v9.16b + ushr v8.16b, v4.16b, #5 + ushr v9.16b, v5.16b, #5 + pmul v8.16b, v8.16b, v2.16b + pmul v9.16b, v9.16b, v2.16b + shl v2.16b, v4.16b, #3 + shl v3.16b, v5.16b, #3 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + eor v2.16b, v0.16b, v8.16b + eor v3.16b, v1.16b, v9.16b + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v5.16b + eor v0.16b, v12.16b, v8.16b + eor v1.16b, v13.16b, v9.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v5.16b + shl v4.4s, v2.4s, #8 + shl v5.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v4.4s, v2.4s, #24 + sri v5.4s, v3.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v2.4s, v8.4s, #24 + shl v3.4s, v9.4s, #24 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + sri v2.4s, v8.4s, #8 + sri v3.4s, v9.4s, #8 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + # Round Done + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v5.16b, v12.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v4.16b, v13.16b + eor v3.16b, v5.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + eor v0.16b, v4.16b, v14.16b + eor v1.16b, v5.16b, v14.16b + orr v8.16b, v8.16b, v2.16b + orr v9.16b, v9.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v8.16b, v8.16b, v0.16b + orr v9.16b, v9.16b, v1.16b + ld1 {v4.16b}, [x7] + tbl v8.16b, {v8.16b}, v4.16b + tbl v9.16b, {v9.16b}, v4.16b + movi v2.16b, #27 + sshr v0.16b, v8.16b, #7 + sshr v1.16b, v9.16b, #7 + shl v12.16b, v8.16b, #1 + shl v13.16b, v9.16b, #1 + and v0.16b, v0.16b, v2.16b + and v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + ushr v12.16b, v8.16b, #6 + ushr v13.16b, v9.16b, #6 + shl v4.16b, v8.16b, #2 + shl v5.16b, v9.16b, #2 + pmul v12.16b, v12.16b, v2.16b + pmul v13.16b, v13.16b, v2.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v8.16b, #5 + ushr v5.16b, v9.16b, #5 + pmul v4.16b, v4.16b, v2.16b + pmul v5.16b, v5.16b, v2.16b + shl v2.16b, v8.16b, #3 + shl v3.16b, v9.16b, #3 + eor v4.16b, v4.16b, v2.16b + eor v5.16b, v5.16b, v3.16b + eor v2.16b, v0.16b, v4.16b + eor v3.16b, v1.16b, v5.16b + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v0.16b, v12.16b, v4.16b + eor v1.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v2.16b + eor v13.16b, v13.16b, v3.16b + eor v2.16b, v2.16b, v8.16b + eor v3.16b, v3.16b, v9.16b + shl v8.4s, v2.4s, #8 + shl v9.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + sri v8.4s, v2.4s, #24 + sri v9.4s, v3.4s, #24 + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + shl v2.4s, v4.4s, #24 + shl v3.4s, v5.4s, #24 + eor v8.16b, v8.16b, v0.16b + eor v9.16b, v9.16b, v1.16b + sri v2.4s, v4.4s, #8 + sri v3.4s, v5.4s, #8 + eor v8.16b, v8.16b, v2.16b + eor v9.16b, v9.16b, v3.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x9], #16 + eor v8.16b, v8.16b, v4.16b + eor v9.16b, v9.16b, v4.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v9.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b + eor v2.16b, v8.16b, v13.16b + eor v3.16b, v9.16b, v13.16b + tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b + tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + eor v0.16b, v8.16b, v14.16b + eor v1.16b, v9.16b, v14.16b + orr v4.16b, v4.16b, v2.16b + orr v5.16b, v5.16b, v3.16b + tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b + tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b + orr v4.16b, v4.16b, v0.16b + orr v5.16b, v5.16b, v1.16b + ld1 {v8.16b}, [x7] + tbl v4.16b, {v4.16b}, v8.16b + tbl v5.16b, {v5.16b}, v8.16b + # XOR in Key Schedule + ld1 {v8.2d}, [x9], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v8.16b + # Round Done + rev32 v4.16b, v4.16b + rev32 v5.16b, v5.16b + ld1 {v1.16b, v2.16b, v3.16b}, [x10] + eor v4.16b, v4.16b, v1.16b + eor v5.16b, v5.16b, v2.16b + st1 {v4.16b, v5.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #32 + bge L_AES_CBC_decrypt_NEON_loop_2 + cmp x2, #0 + beq L_AES_CBC_decrypt_NEON_data_done +L_AES_CBC_decrypt_NEON_start_1: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v7.2d}, [x7] + mov x9, x3 + ld1 {v4.16b}, [x0], #16 + mov v10.16b, v3.16b + mov v11.16b, v4.16b + ld1 {v8.16b}, [x9], #16 + rev32 v4.16b, v4.16b + # Round: 0 - XOR in key schedule + eor v4.16b, v4.16b, v8.16b + sub w8, w4, #2 +L_AES_CBC_decrypt_NEON_loop_nr_1: + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v4.16b, v13.16b + eor v2.16b, v4.16b, v14.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v8.16b, v8.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v8.16b, v8.16b, v1.16b + tbl v8.16b, {v8.16b}, v7.16b + sshr v2.16b, v8.16b, #7 + ushr v3.16b, v8.16b, #6 + ushr v0.16b, v8.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v8.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v8.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v8.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v8.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v8.16b + shl v8.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v8.4s, v1.4s, #24 + eor v8.16b, v8.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v8.16b, v8.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v8.16b, v8.16b, v1.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v8.16b, v8.16b, v4.16b + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v8.16b, v13.16b + eor v2.16b, v8.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v4.16b, v4.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v4.16b, v4.16b, v1.16b + tbl v4.16b, {v4.16b}, v7.16b + sshr v2.16b, v4.16b, #7 + ushr v3.16b, v4.16b, #6 + ushr v0.16b, v4.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v4.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v4.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v4.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v4.16b + shl v4.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v4.4s, v1.4s, #24 + eor v4.16b, v4.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v4.16b, v4.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v4.16b, v4.16b, v1.16b + ld1 {v8.2d}, [x9], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v8.16b + subs w8, w8, #2 + bne L_AES_CBC_decrypt_NEON_loop_nr_1 + eor v0.16b, v4.16b, v12.16b + eor v1.16b, v4.16b, v13.16b + eor v2.16b, v4.16b, v14.16b + tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v8.16b, v8.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v8.16b, v8.16b, v1.16b + tbl v8.16b, {v8.16b}, v7.16b + sshr v2.16b, v8.16b, #7 + ushr v3.16b, v8.16b, #6 + ushr v0.16b, v8.16b, #5 + and v2.16b, v2.16b, v15.16b + pmul v3.16b, v3.16b, v15.16b + pmul v0.16b, v0.16b, v15.16b + shl v1.16b, v8.16b, #1 + eor v2.16b, v2.16b, v1.16b + shl v1.16b, v8.16b, #3 + eor v0.16b, v0.16b, v1.16b + shl v1.16b, v8.16b, #2 + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v2.16b, v0.16b + eor v0.16b, v0.16b, v8.16b + eor v2.16b, v3.16b, v0.16b + eor v3.16b, v3.16b, v1.16b + eor v1.16b, v1.16b, v8.16b + shl v8.4s, v1.4s, #8 + rev32 v2.8h, v2.8h + sri v8.4s, v1.4s, #24 + eor v8.16b, v8.16b, v3.16b + shl v1.4s, v0.4s, #24 + eor v8.16b, v8.16b, v2.16b + sri v1.4s, v0.4s, #8 + eor v8.16b, v8.16b, v1.16b + ld1 {v4.2d}, [x9], #16 + # XOR in Key Schedule + eor v8.16b, v8.16b, v4.16b + eor v0.16b, v8.16b, v12.16b + eor v1.16b, v8.16b, v13.16b + eor v2.16b, v8.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b + tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b + tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b + tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b + orr v4.16b, v4.16b, v0.16b + orr v1.16b, v1.16b, v2.16b + orr v4.16b, v4.16b, v1.16b + tbl v4.16b, {v4.16b}, v7.16b + ld1 {v8.2d}, [x9], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v8.16b + rev32 v4.16b, v4.16b + mov v3.16b, v11.16b + eor v4.16b, v4.16b, v10.16b + st1 {v4.16b}, [x1], #16 +L_AES_CBC_decrypt_NEON_data_done: + st1 {v3.2d}, [x5] + ldp d8, d9, [x29, #96] + ldp d10, d11, [x29, #112] + ldp d12, d13, [x29, #128] + ldp d14, d15, [x29, #144] + ldp x29, x30, [sp], #0xa0 + ret +#ifndef __APPLE__ + .size AES_CBC_decrypt_NEON,.-AES_CBC_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +#ifndef __APPLE__ +.text +.globl GCM_gmult_len_NEON +.type GCM_gmult_len_NEON,@function +.align 2 +GCM_gmult_len_NEON: +#else +.section __TEXT,__text +.globl _GCM_gmult_len_NEON +.p2align 2 +_GCM_gmult_len_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] + ld1 {v18.2d}, [x0] + ld1 {v10.2d}, [x1] + movi v19.16b, #15 + eor v20.16b, v20.16b, v20.16b + rbit v18.16b, v18.16b + rbit v10.16b, v10.16b + and v12.16b, v10.16b, v19.16b + ushr v13.16b, v10.16b, #4 + eor v14.16b, v12.16b, v13.16b +L_GCM_gmult_len_NEON_start_block: + ld1 {v0.16b}, [x2], #16 + rbit v0.16b, v0.16b + eor v18.16b, v18.16b, v0.16b + # Mul 128x128 + and v15.16b, v18.16b, v19.16b + ushr v16.16b, v18.16b, #4 + eor v17.16b, v15.16b, v16.16b + dup v0.16b, v12.b[0] + dup v2.16b, v14.b[0] + dup v1.16b, v13.b[0] + pmul v8.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v8.16b + eor v5.16b, v5.16b, v4.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v8.16b, v8.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + dup v0.16b, v12.b[1] + dup v2.16b, v14.b[1] + dup v1.16b, v13.b[1] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v6.16b, v20.16b, v3.16b, #15 + ext v9.16b, v3.16b, v20.16b, #15 + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[2] + dup v2.16b, v14.b[2] + dup v1.16b, v13.b[2] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #14 + ext v6.16b, v20.16b, v3.16b, #14 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[3] + dup v2.16b, v14.b[3] + dup v1.16b, v13.b[3] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #13 + ext v6.16b, v20.16b, v3.16b, #13 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[4] + dup v2.16b, v14.b[4] + dup v1.16b, v13.b[4] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #12 + ext v6.16b, v20.16b, v3.16b, #12 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[5] + dup v2.16b, v14.b[5] + dup v1.16b, v13.b[5] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #11 + ext v6.16b, v20.16b, v3.16b, #11 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[6] + dup v2.16b, v14.b[6] + dup v1.16b, v13.b[6] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #10 + ext v6.16b, v20.16b, v3.16b, #10 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[7] + dup v2.16b, v14.b[7] + dup v1.16b, v13.b[7] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #9 + ext v6.16b, v20.16b, v3.16b, #9 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[8] + dup v2.16b, v14.b[8] + dup v1.16b, v13.b[8] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #8 + ext v6.16b, v20.16b, v3.16b, #8 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[9] + dup v2.16b, v14.b[9] + dup v1.16b, v13.b[9] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #7 + ext v6.16b, v20.16b, v3.16b, #7 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[10] + dup v2.16b, v14.b[10] + dup v1.16b, v13.b[10] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #6 + ext v6.16b, v20.16b, v3.16b, #6 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[11] + dup v2.16b, v14.b[11] + dup v1.16b, v13.b[11] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #5 + ext v6.16b, v20.16b, v3.16b, #5 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[12] + dup v2.16b, v14.b[12] + dup v1.16b, v13.b[12] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #4 + ext v6.16b, v20.16b, v3.16b, #4 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[13] + dup v2.16b, v14.b[13] + dup v1.16b, v13.b[13] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #3 + ext v6.16b, v20.16b, v3.16b, #3 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[14] + dup v2.16b, v14.b[14] + dup v1.16b, v13.b[14] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #2 + ext v6.16b, v20.16b, v3.16b, #2 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + dup v0.16b, v12.b[15] + dup v2.16b, v14.b[15] + dup v1.16b, v13.b[15] + pmul v3.16b, v15.16b, v0.16b + pmul v5.16b, v17.16b, v2.16b + pmul v4.16b, v16.16b, v1.16b + eor v5.16b, v5.16b, v3.16b + eor v5.16b, v5.16b, v4.16b + eor v3.16b, v3.16b, v11.16b + shl v6.16b, v5.16b, #4 + ushr v7.16b, v5.16b, #4 + eor v3.16b, v3.16b, v6.16b + eor v11.16b, v4.16b, v7.16b + ext v7.16b, v3.16b, v20.16b, #1 + ext v6.16b, v20.16b, v3.16b, #1 + eor v9.16b, v9.16b, v7.16b + eor v8.16b, v8.16b, v6.16b + eor v9.16b, v9.16b, v11.16b + # Reduce 254-bit number + shl v0.16b, v9.16b, #1 + shl v1.16b, v9.16b, #2 + shl v2.16b, v9.16b, #7 + ushr v3.16b, v9.16b, #7 + ushr v4.16b, v9.16b, #6 + ushr v5.16b, v9.16b, #1 + eor v0.16b, v0.16b, v9.16b + eor v1.16b, v1.16b, v2.16b + eor v0.16b, v0.16b, v1.16b + eor v8.16b, v8.16b, v0.16b + ext v0.16b, v20.16b, v3.16b, #15 + ext v1.16b, v20.16b, v4.16b, #15 + ext v2.16b, v20.16b, v5.16b, #15 + ext v4.16b, v4.16b, v20.16b, #15 + ext v5.16b, v5.16b, v20.16b, #15 + eor v0.16b, v0.16b, v1.16b + eor v8.16b, v8.16b, v2.16b + eor v8.16b, v8.16b, v0.16b + eor v3.16b, v4.16b, v5.16b + shl v0.2d, v3.2d, #1 + shl v1.2d, v3.2d, #2 + shl v2.2d, v3.2d, #7 + eor v3.16b, v3.16b, v0.16b + eor v1.16b, v1.16b, v2.16b + eor v8.16b, v8.16b, v3.16b + eor v18.16b, v8.16b, v1.16b + subs x3, x3, #16 + bne L_GCM_gmult_len_NEON_start_block + rbit v18.16b, v18.16b + st1 {v18.2d}, [x0] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size GCM_gmult_len_NEON,.-GCM_gmult_len_NEON +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt_NEON +.type AES_GCM_encrypt_NEON,@function +.align 2 +AES_GCM_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt_NEON +.p2align 2 +_AES_GCM_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp d8, d9, [x29, #16] + stp d10, d11, [x29, #32] + stp d12, d13, [x29, #48] + stp d14, d15, [x29, #64] +#ifndef __APPLE__ + adrp x9, L_AES_ARM64_NEON_te + add x9, x9, :lo12:L_AES_ARM64_NEON_te +#else + adrp x9, L_AES_ARM64_NEON_te@PAGE + add x9, x9, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_AES_ARM64_NEON_shift_rows_shuffle + add x10, x10, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x10, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x10, x10, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x9], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x9], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x9], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x9] + ld1 {v2.2d}, [x5] + rev32 v2.16b, v2.16b + mov w6, v2.s[3] + cmp x2, #0x40 + blt L_AES_GCM_encrypt_NEON_start_2 + mov x7, v2.d[0] + mov x8, v2.d[1] +L_AES_GCM_encrypt_NEON_loop_4: + mov x12, x3 + ld1 {v4.2d}, [x12], #16 + mov v8.d[0], x7 + mov v8.d[1], x8 + # Round: 0 - XOR in key schedule + add w6, w6, #1 + mov v8.s[3], w6 + eor v0.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v1.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v2.16b, v8.16b, v4.16b + add w6, w6, #1 + mov v8.s[3], w6 + eor v3.16b, v8.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [x0], #0x40 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + sub x2, x2, #0x40 + cmp x2, #0x40 + bge L_AES_GCM_encrypt_NEON_loop_4 + mov v2.d[0], x7 + mov v2.d[1], x8 + mov v2.s[3], w6 +L_AES_GCM_encrypt_NEON_start_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + cmp x2, #16 + beq L_AES_GCM_encrypt_NEON_start_1 + blt L_AES_GCM_encrypt_NEON_data_done +L_AES_GCM_encrypt_NEON_loop_2: + mov x12, x3 + ld1 {v4.2d}, [x12], #16 + # Round: 0 - XOR in key schedule + add w6, w6, #1 + mov v2.s[3], w6 + eor v0.16b, v2.16b, v4.16b + add w6, w6, #1 + mov v2.s[3], w6 + eor v1.16b, v2.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x10] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x12], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x10] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x12], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + ld1 {v4.16b, v5.16b}, [x0], #32 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + st1 {v0.16b, v1.16b}, [x1], #32 + sub x2, x2, #32 + cmp x2, #0 + beq L_AES_GCM_encrypt_NEON_data_done +L_AES_GCM_encrypt_NEON_start_1: + ld1 {v3.2d}, [x10] + mov x12, x3 + add w6, w6, #1 + ld1 {v4.2d}, [x12], #16 + mov v2.s[3], w6 + # Round: 0 - XOR in key schedule + eor v0.16b, v2.16b, v4.16b + sub w11, w4, #2 +L_AES_GCM_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x12], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x12], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w11, w11, #2 + bne L_AES_GCM_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x12], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x12], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + ld1 {v4.16b}, [x0], #16 + eor v0.16b, v0.16b, v4.16b + st1 {v0.16b}, [x1], #16 +L_AES_GCM_encrypt_NEON_data_done: + rev32 v2.16b, v2.16b + st1 {v2.2d}, [x5] + ldp d8, d9, [x29, #16] + ldp d10, d11, [x29, #32] + ldp d12, d13, [x29, #48] + ldp d14, d15, [x29, #64] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size AES_GCM_encrypt_NEON,.-AES_GCM_encrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt_NEON +.type AES_XTS_encrypt_NEON,@function +.align 2 +AES_XTS_encrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt_NEON +.p2align 2 +_AES_XTS_encrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-128]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + str x22, [x29, #56] + stp d8, d9, [x29, #64] + stp d10, d11, [x29, #80] + stp d12, d13, [x29, #96] + stp d14, d15, [x29, #112] +#ifndef __APPLE__ + adrp x19, L_AES_ARM64_NEON_te + add x19, x19, :lo12:L_AES_ARM64_NEON_te +#else + adrp x19, L_AES_ARM64_NEON_te@PAGE + add x19, x19, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x20, L_AES_ARM64_NEON_shift_rows_shuffle + add x20, x20, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x20, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x20, x20, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x19], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x19], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x19], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x19] + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x20] + mov x17, #0x87 + ld1 {v2.2d}, [x3] + ld1 {v4.2d}, [x5] + rev32 v2.16b, v2.16b + add x22, x5, #16 + # Round: 0 - XOR in key schedule + eor v2.16b, v2.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_tweak: + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v2.16b, #7 + shl v9.16b, v2.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v2.8h + eor v11.16b, v10.16b, v2.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v2.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v2.4s, #8 + sri v8.4s, v11.4s, #24 + eor v2.16b, v10.16b, v9.16b + eor v2.16b, v2.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_tweak + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v2.16b, v2.16b, v4.16b + rev32 v2.16b, v2.16b + mov x8, v2.d[0] + mov x9, v2.d[1] + cmp w2, #0x40 + blt L_AES_XTS_encrypt_NEON_start_2 +L_AES_XTS_encrypt_NEON_loop_4: + mov x22, x4 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.16b}, [x22], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + and x16, x17, x13, asr 63 + extr x15, x13, x12, #63 + eor x14, x16, x12, lsl 1 + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + movi v4.16b, #27 + and v8.16b, v8.16b, v4.16b + and v9.16b, v9.16b, v4.16b + and v10.16b, v10.16b, v4.16b + and v11.16b, v11.16b, v4.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + eor v6.16b, v10.16b, v2.16b + eor v7.16b, v11.16b, v3.16b + shl v12.4s, v4.4s, #8 + shl v13.4s, v5.4s, #8 + shl v14.4s, v6.4s, #8 + shl v15.4s, v7.4s, #8 + sri v12.4s, v4.4s, #24 + sri v13.4s, v5.4s, #24 + sri v14.4s, v6.4s, #24 + sri v15.4s, v7.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + shl v6.4s, v2.4s, #24 + shl v7.4s, v3.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + sri v6.4s, v2.4s, #8 + sri v7.4s, v3.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + rev32 v2.8h, v2.8h + rev32 v3.8h, v3.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + # Round Done + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + movi v0.16b, #27 + and v8.16b, v8.16b, v0.16b + and v9.16b, v9.16b, v0.16b + and v10.16b, v10.16b, v0.16b + and v11.16b, v11.16b, v0.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + eor v2.16b, v10.16b, v6.16b + eor v3.16b, v11.16b, v7.16b + shl v12.4s, v0.4s, #8 + shl v13.4s, v1.4s, #8 + shl v14.4s, v2.4s, #8 + shl v15.4s, v3.4s, #8 + sri v12.4s, v0.4s, #24 + sri v13.4s, v1.4s, #24 + sri v14.4s, v2.4s, #24 + sri v15.4s, v3.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + shl v2.4s, v6.4s, #24 + shl v3.4s, v7.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + sri v2.4s, v6.4s, #8 + sri v3.4s, v7.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + rev32 v6.8h, v6.8h + rev32 v7.8h, v7.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + and x16, x17, x15, asr 63 + extr x9, x15, x14, #63 + eor x8, x16, x14, lsl 1 + sub w2, w2, #0x40 + cmp w2, #0x40 + bge L_AES_XTS_encrypt_NEON_loop_4 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 +L_AES_XTS_encrypt_NEON_start_2: + cmp w2, #32 + blt L_AES_XTS_encrypt_NEON_start_1 + mov x22, x4 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.16b}, [x22], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + mov v2.d[0], x8 + mov v2.d[1], x9 + mov v3.d[0], x10 + mov v3.d[1], x11 + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v10.16b, v0.16b, #1 + shl v11.16b, v1.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v4.16b, v8.16b, v0.16b + eor v5.16b, v9.16b, v1.16b + shl v10.4s, v4.4s, #8 + shl v11.4s, v5.4s, #8 + sri v10.4s, v4.4s, #24 + sri v11.4s, v5.4s, #24 + shl v4.4s, v0.4s, #24 + shl v5.4s, v1.4s, #24 + sri v4.4s, v0.4s, #8 + sri v5.4s, v1.4s, #8 + rev32 v0.8h, v0.8h + rev32 v1.8h, v1.8h + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # Round Done + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x20] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v10.16b, v4.16b, #1 + shl v11.16b, v5.16b, #1 + and v8.16b, v8.16b, v15.16b + and v9.16b, v9.16b, v15.16b + eor v8.16b, v8.16b, v10.16b + eor v9.16b, v9.16b, v11.16b + eor v0.16b, v8.16b, v4.16b + eor v1.16b, v9.16b, v5.16b + shl v10.4s, v0.4s, #8 + shl v11.4s, v1.4s, #8 + sri v10.4s, v0.4s, #24 + sri v11.4s, v1.4s, #24 + shl v0.4s, v4.4s, #24 + shl v1.4s, v5.4s, #24 + sri v0.4s, v4.4s, #8 + sri v1.4s, v5.4s, #8 + rev32 v4.8h, v4.8h + rev32 v5.8h, v5.8h + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x22], #16 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # Round Done + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x20] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + st1 {v0.16b, v1.16b}, [x1], #32 + and x16, x17, x11, asr 63 + extr x9, x11, x10, #63 + eor x8, x16, x10, lsl 1 + sub w2, w2, #32 +L_AES_XTS_encrypt_NEON_start_1: + ld1 {v3.2d}, [x20] + mov v2.d[0], x8 + mov v2.d[1], x9 + cmp w2, #16 + blt L_AES_XTS_encrypt_NEON_start_partial + mov x22, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1], #16 + subs w2, w2, #16 + beq L_AES_XTS_encrypt_NEON_data_done + and x16, x17, x9, asr 63 + extr x9, x9, x8, #63 + eor x8, x16, x8, lsl 1 +L_AES_XTS_encrypt_NEON_start_partial: + cbz w2, L_AES_XTS_encrypt_NEON_data_done + mov v2.d[0], x8 + mov v2.d[1], x9 + mov x22, x4 + sub x1, x1, #16 + ld1 {v0.16b}, [x1], #16 + st1 {v0.2d}, [x6] + mov w16, w2 +L_AES_XTS_encrypt_NEON_start_byte: + ldrb w10, [x6] + ldrb w11, [x0], #1 + strb w10, [x1], #1 + strb w11, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_encrypt_NEON_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + ld1 {v0.2d}, [x6] + ld1 {v4.2d}, [x22], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w21, w7, #2 +L_AES_XTS_encrypt_NEON_loop_nr_partial: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + sshr v10.16b, v0.16b, #7 + shl v9.16b, v0.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v0.8h + eor v11.16b, v10.16b, v0.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v0.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v0.4s, #8 + sri v8.4s, v11.4s, #24 + eor v0.16b, v10.16b, v9.16b + eor v0.16b, v0.16b, v8.16b + subs w21, w21, #2 + bne L_AES_XTS_encrypt_NEON_loop_nr_partial + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v0.2d}, [x22], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v0.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x22], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1] +L_AES_XTS_encrypt_NEON_data_done: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldr x22, [x29, #56] + ldp d8, d9, [x29, #64] + ldp d10, d11, [x29, #80] + ldp d12, d13, [x29, #96] + ldp d14, d15, [x29, #112] + ldp x29, x30, [sp], #0x80 + ret +#ifndef __APPLE__ + .size AES_XTS_encrypt_NEON,.-AES_XTS_encrypt_NEON +#endif /* __APPLE__ */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_XTS_decrypt_NEON +.type AES_XTS_decrypt_NEON,@function +.align 2 +AES_XTS_decrypt_NEON: +#else +.section __TEXT,__text +.globl _AES_XTS_decrypt_NEON +.p2align 2 +_AES_XTS_decrypt_NEON: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-144]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] + stp x22, x23, [x29, #48] + stp x24, x25, [x29, #64] + stp d8, d9, [x29, #80] + stp d10, d11, [x29, #96] + stp d12, d13, [x29, #112] + stp d14, d15, [x29, #128] +#ifndef __APPLE__ + adrp x20, L_AES_ARM64_NEON_te + add x20, x20, :lo12:L_AES_ARM64_NEON_te +#else + adrp x20, L_AES_ARM64_NEON_te@PAGE + add x20, x20, L_AES_ARM64_NEON_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x21, L_AES_ARM64_NEON_td + add x21, x21, :lo12:L_AES_ARM64_NEON_td +#else + adrp x21, L_AES_ARM64_NEON_td@PAGE + add x21, x21, L_AES_ARM64_NEON_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x22, L_AES_ARM64_NEON_shift_rows_shuffle + add x22, x22, :lo12:L_AES_ARM64_NEON_shift_rows_shuffle +#else + adrp x22, L_AES_ARM64_NEON_shift_rows_shuffle@PAGE + add x22, x22, L_AES_ARM64_NEON_shift_rows_shuffle@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x23, L_AES_ARM64_NEON_shift_rows_invshuffle + add x23, x23, :lo12:L_AES_ARM64_NEON_shift_rows_invshuffle +#else + adrp x23, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGE + add x23, x23, L_AES_ARM64_NEON_shift_rows_invshuffle@PAGEOFF +#endif /* __APPLE__ */ + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x20], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x20], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x20], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x20] + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 + ld1 {v3.2d}, [x22] + mov x17, #0x87 + ands w19, w2, #15 + cset w16, ne + lsl w16, w16, #4 + sub w2, w2, w16 + ld1 {v2.2d}, [x3] + ld1 {v4.2d}, [x5] + rev32 v2.16b, v2.16b + add x25, x5, #16 + # Round: 0 - XOR in key schedule + eor v2.16b, v2.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_tweak: + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x25], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + sshr v10.16b, v2.16b, #7 + shl v9.16b, v2.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v2.8h + eor v11.16b, v10.16b, v2.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v2.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v4.16b + sri v9.4s, v2.4s, #8 + sri v8.4s, v11.4s, #24 + eor v2.16b, v10.16b, v9.16b + eor v2.16b, v2.16b, v8.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_tweak + eor v8.16b, v2.16b, v12.16b + eor v9.16b, v2.16b, v13.16b + eor v10.16b, v2.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + ld1 {v2.2d}, [x25], #16 + sshr v10.16b, v4.16b, #7 + shl v9.16b, v4.16b, #1 + and v10.16b, v10.16b, v15.16b + eor v10.16b, v10.16b, v9.16b + rev32 v8.8h, v4.8h + eor v11.16b, v10.16b, v4.16b + eor v10.16b, v10.16b, v8.16b + shl v9.4s, v4.4s, #24 + shl v8.4s, v11.4s, #8 + # XOR in Key Schedule + eor v10.16b, v10.16b, v2.16b + sri v9.4s, v4.4s, #8 + sri v8.4s, v11.4s, #24 + eor v4.16b, v10.16b, v9.16b + eor v4.16b, v4.16b, v8.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v2.16b, v2.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v2.16b, v2.16b, v9.16b + tbl v2.16b, {v2.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v2.16b, v2.16b, v4.16b + rev32 v2.16b, v2.16b + mov x8, v2.d[0] + mov x9, v2.d[1] + ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [x21], #0x40 + ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x21], #0x40 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x21], #0x40 + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + ld1 {v3.2d}, [x23] + cmp w2, #0x40 + blt L_AES_XTS_decrypt_NEON_start_2 +L_AES_XTS_decrypt_NEON_loop_4: + mov x25, x4 + ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x0], #0x40 + ld1 {v4.16b}, [x25], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + and x16, x17, x13, asr 63 + extr x15, x13, x12, #63 + eor x14, x16, x12, lsl 1 + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_4: + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + movi v28.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + sshr v10.16b, v2.16b, #7 + sshr v11.16b, v3.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + shl v14.16b, v2.16b, #1 + shl v15.16b, v3.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + ushr v14.16b, v2.16b, #6 + ushr v15.16b, v3.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + shl v6.16b, v2.16b, #2 + shl v7.16b, v3.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + eor v14.16b, v14.16b, v6.16b + eor v15.16b, v15.16b, v7.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + ushr v6.16b, v2.16b, #5 + ushr v7.16b, v3.16b, #5 + pmul v4.16b, v4.16b, v28.16b + pmul v5.16b, v5.16b, v28.16b + pmul v6.16b, v6.16b, v28.16b + pmul v7.16b, v7.16b, v28.16b + shl v28.16b, v0.16b, #3 + shl v29.16b, v1.16b, #3 + shl v30.16b, v2.16b, #3 + shl v31.16b, v3.16b, #3 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + eor v28.16b, v8.16b, v4.16b + eor v29.16b, v9.16b, v5.16b + eor v30.16b, v10.16b, v6.16b + eor v31.16b, v11.16b, v7.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v6.16b, v6.16b, v2.16b + eor v7.16b, v7.16b, v3.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v10.16b, v14.16b, v6.16b + eor v11.16b, v15.16b, v7.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v0.16b + eor v29.16b, v29.16b, v1.16b + eor v30.16b, v30.16b, v2.16b + eor v31.16b, v31.16b, v3.16b + shl v0.4s, v28.4s, #8 + shl v1.4s, v29.4s, #8 + shl v2.4s, v30.4s, #8 + shl v3.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v0.4s, v28.4s, #24 + sri v1.4s, v29.4s, #24 + sri v2.4s, v30.4s, #24 + sri v3.4s, v31.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + eor v2.16b, v2.16b, v14.16b + eor v3.16b, v3.16b, v15.16b + shl v28.4s, v4.4s, #24 + shl v29.4s, v5.4s, #24 + shl v30.4s, v6.4s, #24 + shl v31.4s, v7.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + sri v28.4s, v4.4s, #8 + sri v29.4s, v5.4s, #8 + sri v30.4s, v6.4s, #8 + sri v31.4s, v7.4s, #8 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_4 + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b + tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + eor v10.16b, v2.16b, v12.16b + eor v11.16b, v3.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v13.16b + eor v9.16b, v1.16b, v13.16b + eor v10.16b, v2.16b, v13.16b + eor v11.16b, v3.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + eor v10.16b, v2.16b, v14.16b + eor v11.16b, v3.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + orr v6.16b, v6.16b, v10.16b + orr v7.16b, v7.16b, v11.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + tbl v6.16b, {v6.16b}, v0.16b + tbl v7.16b, {v7.16b}, v0.16b + movi v28.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + sshr v10.16b, v6.16b, #7 + sshr v11.16b, v7.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + shl v14.16b, v6.16b, #1 + shl v15.16b, v7.16b, #1 + and v8.16b, v8.16b, v28.16b + and v9.16b, v9.16b, v28.16b + and v10.16b, v10.16b, v28.16b + and v11.16b, v11.16b, v28.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + eor v10.16b, v10.16b, v14.16b + eor v11.16b, v11.16b, v15.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + ushr v14.16b, v6.16b, #6 + ushr v15.16b, v7.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + shl v2.16b, v6.16b, #2 + shl v3.16b, v7.16b, #2 + pmul v12.16b, v12.16b, v28.16b + pmul v13.16b, v13.16b, v28.16b + pmul v14.16b, v14.16b, v28.16b + pmul v15.16b, v15.16b, v28.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + ushr v2.16b, v6.16b, #5 + ushr v3.16b, v7.16b, #5 + pmul v0.16b, v0.16b, v28.16b + pmul v1.16b, v1.16b, v28.16b + pmul v2.16b, v2.16b, v28.16b + pmul v3.16b, v3.16b, v28.16b + shl v28.16b, v4.16b, #3 + shl v29.16b, v5.16b, #3 + shl v30.16b, v6.16b, #3 + shl v31.16b, v7.16b, #3 + eor v0.16b, v0.16b, v28.16b + eor v1.16b, v1.16b, v29.16b + eor v2.16b, v2.16b, v30.16b + eor v3.16b, v3.16b, v31.16b + eor v28.16b, v8.16b, v0.16b + eor v29.16b, v9.16b, v1.16b + eor v30.16b, v10.16b, v2.16b + eor v31.16b, v11.16b, v3.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v2.16b, v2.16b, v6.16b + eor v3.16b, v3.16b, v7.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v10.16b, v14.16b, v2.16b + eor v11.16b, v15.16b, v3.16b + eor v12.16b, v12.16b, v28.16b + eor v13.16b, v13.16b, v29.16b + eor v14.16b, v14.16b, v30.16b + eor v15.16b, v15.16b, v31.16b + eor v28.16b, v28.16b, v4.16b + eor v29.16b, v29.16b, v5.16b + eor v30.16b, v30.16b, v6.16b + eor v31.16b, v31.16b, v7.16b + shl v4.4s, v28.4s, #8 + shl v5.4s, v29.4s, #8 + shl v6.4s, v30.4s, #8 + shl v7.4s, v31.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + rev32 v10.8h, v10.8h + rev32 v11.8h, v11.8h + sri v4.4s, v28.4s, #24 + sri v5.4s, v29.4s, #24 + sri v6.4s, v30.4s, #24 + sri v7.4s, v31.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + eor v6.16b, v6.16b, v14.16b + eor v7.16b, v7.16b, v15.16b + shl v28.4s, v0.4s, #24 + shl v29.4s, v1.4s, #24 + shl v30.4s, v2.4s, #24 + shl v31.4s, v3.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + eor v6.16b, v6.16b, v10.16b + eor v7.16b, v7.16b, v11.16b + sri v28.4s, v0.4s, #8 + sri v29.4s, v1.4s, #8 + sri v30.4s, v2.4s, #8 + sri v31.4s, v3.4s, #8 + eor v4.16b, v4.16b, v28.16b + eor v5.16b, v5.16b, v29.16b + eor v6.16b, v6.16b, v30.16b + eor v7.16b, v7.16b, v31.16b + ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [x21] + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + eor v6.16b, v6.16b, v0.16b + eor v7.16b, v7.16b, v0.16b + # Round Done + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b + tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + eor v10.16b, v6.16b, v12.16b + eor v11.16b, v7.16b, v12.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b + tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v13.16b + eor v9.16b, v5.16b, v13.16b + eor v10.16b, v6.16b, v13.16b + eor v11.16b, v7.16b, v13.16b + tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + eor v10.16b, v6.16b, v14.16b + eor v11.16b, v7.16b, v14.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + orr v2.16b, v2.16b, v10.16b + orr v3.16b, v3.16b, v11.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + tbl v2.16b, {v2.16b}, v4.16b + tbl v3.16b, {v3.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + eor v2.16b, v2.16b, v4.16b + eor v3.16b, v3.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + rev32 v2.16b, v2.16b + rev32 v3.16b, v3.16b + mov v8.d[0], x8 + mov v8.d[1], x9 + mov v9.d[0], x10 + mov v9.d[1], x11 + mov v10.d[0], x12 + mov v10.d[1], x13 + mov v11.d[0], x14 + mov v11.d[1], x15 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + eor v2.16b, v2.16b, v10.16b + eor v3.16b, v3.16b, v11.16b + st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [x1], #0x40 + and x16, x17, x15, asr 63 + extr x9, x15, x14, #63 + eor x8, x16, x14, lsl 1 + sub w2, w2, #0x40 + cmp w2, #0x40 + bge L_AES_XTS_decrypt_NEON_loop_4 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + movi v15.16b, #27 +L_AES_XTS_decrypt_NEON_start_2: + cmp w2, #32 + blt L_AES_XTS_decrypt_NEON_start_1 + mov x25, x4 + ld1 {v0.16b, v1.16b}, [x0], #32 + ld1 {v4.16b}, [x25], #16 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + and x16, x17, x11, asr 63 + extr x13, x11, x10, #63 + eor x12, x16, x10, lsl 1 + mov v2.d[0], x8 + mov v2.d[1], x9 + mov v3.d[0], x10 + mov v3.d[1], x11 + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_2: + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + movi v10.16b, #27 + sshr v8.16b, v0.16b, #7 + sshr v9.16b, v1.16b, #7 + shl v12.16b, v0.16b, #1 + shl v13.16b, v1.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v0.16b, #6 + ushr v13.16b, v1.16b, #6 + shl v4.16b, v0.16b, #2 + shl v5.16b, v1.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v4.16b + eor v13.16b, v13.16b, v5.16b + ushr v4.16b, v0.16b, #5 + ushr v5.16b, v1.16b, #5 + pmul v4.16b, v4.16b, v10.16b + pmul v5.16b, v5.16b, v10.16b + shl v10.16b, v0.16b, #3 + shl v11.16b, v1.16b, #3 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + eor v10.16b, v8.16b, v4.16b + eor v11.16b, v9.16b, v5.16b + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v1.16b + eor v8.16b, v12.16b, v4.16b + eor v9.16b, v13.16b, v5.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v0.16b + eor v11.16b, v11.16b, v1.16b + shl v0.4s, v10.4s, #8 + shl v1.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v0.4s, v10.4s, #24 + sri v1.4s, v11.4s, #24 + eor v0.16b, v0.16b, v12.16b + eor v1.16b, v1.16b, v13.16b + shl v10.4s, v4.4s, #24 + shl v11.4s, v5.4s, #24 + eor v0.16b, v0.16b, v8.16b + eor v1.16b, v1.16b, v9.16b + sri v10.4s, v4.4s, #8 + sri v11.4s, v5.4s, #8 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_2 + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v1.16b, v12.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v0.16b, v13.16b + eor v11.16b, v1.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + eor v8.16b, v0.16b, v14.16b + eor v9.16b, v1.16b, v14.16b + orr v4.16b, v4.16b, v10.16b + orr v5.16b, v5.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v4.16b, v4.16b, v8.16b + orr v5.16b, v5.16b, v9.16b + ld1 {v0.16b}, [x23] + tbl v4.16b, {v4.16b}, v0.16b + tbl v5.16b, {v5.16b}, v0.16b + movi v10.16b, #27 + sshr v8.16b, v4.16b, #7 + sshr v9.16b, v5.16b, #7 + shl v12.16b, v4.16b, #1 + shl v13.16b, v5.16b, #1 + and v8.16b, v8.16b, v10.16b + and v9.16b, v9.16b, v10.16b + eor v8.16b, v8.16b, v12.16b + eor v9.16b, v9.16b, v13.16b + ushr v12.16b, v4.16b, #6 + ushr v13.16b, v5.16b, #6 + shl v0.16b, v4.16b, #2 + shl v1.16b, v5.16b, #2 + pmul v12.16b, v12.16b, v10.16b + pmul v13.16b, v13.16b, v10.16b + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + ushr v0.16b, v4.16b, #5 + ushr v1.16b, v5.16b, #5 + pmul v0.16b, v0.16b, v10.16b + pmul v1.16b, v1.16b, v10.16b + shl v10.16b, v4.16b, #3 + shl v11.16b, v5.16b, #3 + eor v0.16b, v0.16b, v10.16b + eor v1.16b, v1.16b, v11.16b + eor v10.16b, v8.16b, v0.16b + eor v11.16b, v9.16b, v1.16b + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v5.16b + eor v8.16b, v12.16b, v0.16b + eor v9.16b, v13.16b, v1.16b + eor v12.16b, v12.16b, v10.16b + eor v13.16b, v13.16b, v11.16b + eor v10.16b, v10.16b, v4.16b + eor v11.16b, v11.16b, v5.16b + shl v4.4s, v10.4s, #8 + shl v5.4s, v11.4s, #8 + rev32 v8.8h, v8.8h + rev32 v9.8h, v9.8h + sri v4.4s, v10.4s, #24 + sri v5.4s, v11.4s, #24 + eor v4.16b, v4.16b, v12.16b + eor v5.16b, v5.16b, v13.16b + shl v10.4s, v0.4s, #24 + shl v11.4s, v1.4s, #24 + eor v4.16b, v4.16b, v8.16b + eor v5.16b, v5.16b, v9.16b + sri v10.4s, v0.4s, #8 + sri v11.4s, v1.4s, #8 + eor v4.16b, v4.16b, v10.16b + eor v5.16b, v5.16b, v11.16b + # XOR in Key Schedule + ld1 {v0.2d}, [x25], #16 + eor v4.16b, v4.16b, v0.16b + eor v5.16b, v5.16b, v0.16b + # Round Done + movi v12.16b, #0x40 + movi v13.16b, #0x80 + movi v14.16b, #0xc0 + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v5.16b, v12.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b + eor v10.16b, v4.16b, v13.16b + eor v11.16b, v5.16b, v13.16b + tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b + tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + eor v8.16b, v4.16b, v14.16b + eor v9.16b, v5.16b, v14.16b + orr v0.16b, v0.16b, v10.16b + orr v1.16b, v1.16b, v11.16b + tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b + tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b + orr v0.16b, v0.16b, v8.16b + orr v1.16b, v1.16b, v9.16b + ld1 {v4.16b}, [x23] + tbl v0.16b, {v0.16b}, v4.16b + tbl v1.16b, {v1.16b}, v4.16b + # XOR in Key Schedule + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v4.16b + eor v1.16b, v1.16b, v4.16b + # Round Done + rev32 v0.16b, v0.16b + rev32 v1.16b, v1.16b + eor v0.16b, v0.16b, v2.16b + eor v1.16b, v1.16b, v3.16b + st1 {v0.16b, v1.16b}, [x1], #32 + and x16, x17, x11, asr 63 + extr x9, x11, x10, #63 + eor x8, x16, x10, lsl 1 + sub w2, w2, #32 +L_AES_XTS_decrypt_NEON_start_1: + ld1 {v3.2d}, [x23] + mov v2.d[0], x8 + mov v2.d[1], x9 + cmp w2, #16 + blt L_AES_XTS_decrypt_NEON_start_partial + mov x25, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1], #16 + sub w2, w2, #16 + cbz w19, L_AES_XTS_decrypt_NEON_data_done + and x16, x17, x9, asr 63 + extr x9, x9, x8, #63 + eor x8, x16, x8, lsl 1 +L_AES_XTS_decrypt_NEON_start_partial: + mov w2, w19 + cbz w2, L_AES_XTS_decrypt_NEON_data_done + mov v2.d[0], x8 + mov v2.d[1], x9 + and x16, x17, x9, asr 63 + extr x11, x9, x8, #63 + eor x10, x16, x8, lsl 1 + mov v1.d[0], x10 + mov v1.d[1], x11 + mov x25, x4 + ld1 {v0.16b}, [x0], #16 + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v1.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_partial_1: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_partial_1 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v1.16b + st1 {v0.2d}, [x6] + add x1, x1, #16 + mov w16, w2 +L_AES_XTS_decrypt_NEON_start_byte: + ldrb w10, [x6] + ldrb w11, [x0], #1 + strb w10, [x1], #1 + strb w11, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_decrypt_NEON_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + mov x25, x4 + ld1 {v0.2d}, [x6] + ld1 {v4.2d}, [x25], #16 + eor v0.16b, v0.16b, v2.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v4.16b + sub w24, w7, #2 +L_AES_XTS_decrypt_NEON_loop_nr_partial_2: + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + sshr v10.16b, v0.16b, #7 + ushr v11.16b, v0.16b, #6 + ushr v8.16b, v0.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v0.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v0.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v0.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v0.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v0.16b + shl v0.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v0.4s, v9.4s, #24 + eor v0.16b, v0.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v0.16b, v0.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v0.16b, v0.16b, v9.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + subs w24, w24, #2 + bne L_AES_XTS_decrypt_NEON_loop_nr_partial_2 + eor v8.16b, v0.16b, v12.16b + eor v9.16b, v0.16b, v13.16b + eor v10.16b, v0.16b, v14.16b + tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v4.16b, v4.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v4.16b, v4.16b, v9.16b + tbl v4.16b, {v4.16b}, v3.16b + sshr v10.16b, v4.16b, #7 + ushr v11.16b, v4.16b, #6 + ushr v8.16b, v4.16b, #5 + and v10.16b, v10.16b, v15.16b + pmul v11.16b, v11.16b, v15.16b + pmul v8.16b, v8.16b, v15.16b + shl v9.16b, v4.16b, #1 + eor v10.16b, v10.16b, v9.16b + shl v9.16b, v4.16b, #3 + eor v8.16b, v8.16b, v9.16b + shl v9.16b, v4.16b, #2 + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v10.16b, v8.16b + eor v8.16b, v8.16b, v4.16b + eor v10.16b, v11.16b, v8.16b + eor v11.16b, v11.16b, v9.16b + eor v9.16b, v9.16b, v4.16b + shl v4.4s, v9.4s, #8 + rev32 v10.8h, v10.8h + sri v4.4s, v9.4s, #24 + eor v4.16b, v4.16b, v11.16b + shl v9.4s, v8.4s, #24 + eor v4.16b, v4.16b, v10.16b + sri v9.4s, v8.4s, #8 + eor v4.16b, v4.16b, v9.16b + ld1 {v0.2d}, [x25], #16 + # XOR in Key Schedule + eor v4.16b, v4.16b, v0.16b + eor v8.16b, v4.16b, v12.16b + eor v9.16b, v4.16b, v13.16b + eor v10.16b, v4.16b, v14.16b + tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b + tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b + tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b + tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b + orr v0.16b, v0.16b, v8.16b + orr v9.16b, v9.16b, v10.16b + orr v0.16b, v0.16b, v9.16b + tbl v0.16b, {v0.16b}, v3.16b + ld1 {v4.2d}, [x25], #16 + # XOR in Key Schedule + eor v0.16b, v0.16b, v4.16b + rev32 v0.16b, v0.16b + eor v0.16b, v0.16b, v2.16b + st1 {v0.16b}, [x1] +L_AES_XTS_decrypt_NEON_data_done: + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x22, x23, [x29, #48] + ldp x24, x25, [x29, #64] + ldp d8, d9, [x29, #80] + ldp d10, d11, [x29, #96] + ldp d12, d13, [x29, #112] + ldp d14, d15, [x29, #128] + ldp x29, x30, [sp], #0x90 + ret +#ifndef __APPLE__ + .size AES_XTS_decrypt_NEON,.-AES_XTS_decrypt_NEON +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NO_NEON */ +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ + .text + .type L_AES_ARM64_td, %object + .section .rodata + .size L_AES_ARM64_td, 1024 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_td: + .word 0x5051f4a7 + .word 0x537e4165 + .word 0xc31a17a4 + .word 0x963a275e + .word 0xcb3bab6b + .word 0xf11f9d45 + .word 0xabacfa58 + .word 0x934be303 + .word 0x552030fa + .word 0xf6ad766d + .word 0x9188cc76 + .word 0x25f5024c + .word 0xfc4fe5d7 + .word 0xd7c52acb + .word 0x80263544 + .word 0x8fb562a3 + .word 0x49deb15a + .word 0x6725ba1b + .word 0x9845ea0e + .word 0xe15dfec0 + .word 0x02c32f75 + .word 0x12814cf0 + .word 0xa38d4697 + .word 0xc66bd3f9 + .word 0xe7038f5f + .word 0x9515929c + .word 0xebbf6d7a + .word 0xda955259 + .word 0x2dd4be83 + .word 0xd3587421 + .word 0x2949e069 + .word 0x448ec9c8 + .word 0x6a75c289 + .word 0x78f48e79 + .word 0x6b99583e + .word 0xdd27b971 + .word 0xb6bee14f + .word 0x17f088ad + .word 0x66c920ac + .word 0xb47dce3a + .word 0x1863df4a + .word 0x82e51a31 + .word 0x60975133 + .word 0x4562537f + .word 0xe0b16477 + .word 0x84bb6bae + .word 0x1cfe81a0 + .word 0x94f9082b + .word 0x58704868 + .word 0x198f45fd + .word 0x8794de6c + .word 0xb7527bf8 + .word 0x23ab73d3 + .word 0xe2724b02 + .word 0x57e31f8f + .word 0x2a6655ab + .word 0x07b2eb28 + .word 0x032fb5c2 + .word 0x9a86c57b + .word 0xa5d33708 + .word 0xf2302887 + .word 0xb223bfa5 + .word 0xba02036a + .word 0x5ced1682 + .word 0x2b8acf1c + .word 0x92a779b4 + .word 0xf0f307f2 + .word 0xa14e69e2 + .word 0xcd65daf4 + .word 0xd50605be + .word 0x1fd13462 + .word 0x8ac4a6fe + .word 0x9d342e53 + .word 0xa0a2f355 + .word 0x32058ae1 + .word 0x75a4f6eb + .word 0x390b83ec + .word 0xaa4060ef + .word 0x065e719f + .word 0x51bd6e10 + .word 0xf93e218a + .word 0x3d96dd06 + .word 0xaedd3e05 + .word 0x464de6bd + .word 0xb591548d + .word 0x0571c45d + .word 0x6f0406d4 + .word 0xff605015 + .word 0x241998fb + .word 0x97d6bde9 + .word 0xcc894043 + .word 0x7767d99e + .word 0xbdb0e842 + .word 0x8807898b + .word 0x38e7195b + .word 0xdb79c8ee + .word 0x47a17c0a + .word 0xe97c420f + .word 0xc9f8841e + .word 0x00000000 + .word 0x83098086 + .word 0x48322bed + .word 0xac1e1170 + .word 0x4e6c5a72 + .word 0xfbfd0eff + .word 0x560f8538 + .word 0x1e3daed5 + .word 0x27362d39 + .word 0x640a0fd9 + .word 0x21685ca6 + .word 0xd19b5b54 + .word 0x3a24362e + .word 0xb10c0a67 + .word 0x0f9357e7 + .word 0xd2b4ee96 + .word 0x9e1b9b91 + .word 0x4f80c0c5 + .word 0xa261dc20 + .word 0x695a774b + .word 0x161c121a + .word 0x0ae293ba + .word 0xe5c0a02a + .word 0x433c22e0 + .word 0x1d121b17 + .word 0x0b0e090d + .word 0xadf28bc7 + .word 0xb92db6a8 + .word 0xc8141ea9 + .word 0x8557f119 + .word 0x4caf7507 + .word 0xbbee99dd + .word 0xfda37f60 + .word 0x9ff70126 + .word 0xbc5c72f5 + .word 0xc544663b + .word 0x345bfb7e + .word 0x768b4329 + .word 0xdccb23c6 + .word 0x68b6edfc + .word 0x63b8e4f1 + .word 0xcad731dc + .word 0x10426385 + .word 0x40139722 + .word 0x2084c611 + .word 0x7d854a24 + .word 0xf8d2bb3d + .word 0x11aef932 + .word 0x6dc729a1 + .word 0x4b1d9e2f + .word 0xf3dcb230 + .word 0xec0d8652 + .word 0xd077c1e3 + .word 0x6c2bb316 + .word 0x99a970b9 + .word 0xfa119448 + .word 0x2247e964 + .word 0xc4a8fc8c + .word 0x1aa0f03f + .word 0xd8567d2c + .word 0xef223390 + .word 0xc787494e + .word 0xc1d938d1 + .word 0xfe8ccaa2 + .word 0x3698d40b + .word 0xcfa6f581 + .word 0x28a57ade + .word 0x26dab78e + .word 0xa43fadbf + .word 0xe42c3a9d + .word 0x0d507892 + .word 0x9b6a5fcc + .word 0x62547e46 + .word 0xc2f68d13 + .word 0xe890d8b8 + .word 0x5e2e39f7 + .word 0xf582c3af + .word 0xbe9f5d80 + .word 0x7c69d093 + .word 0xa96fd52d + .word 0xb3cf2512 + .word 0x3bc8ac99 + .word 0xa710187d + .word 0x6ee89c63 + .word 0x7bdb3bbb + .word 0x09cd2678 + .word 0xf46e5918 + .word 0x01ec9ab7 + .word 0xa8834f9a + .word 0x65e6956e + .word 0x7eaaffe6 + .word 0x0821bccf + .word 0xe6ef15e8 + .word 0xd9bae79b + .word 0xce4a6f36 + .word 0xd4ea9f09 + .word 0xd629b07c + .word 0xaf31a4b2 + .word 0x312a3f23 + .word 0x30c6a594 + .word 0xc035a266 + .word 0x37744ebc + .word 0xa6fc82ca + .word 0xb0e090d0 + .word 0x1533a7d8 + .word 0x4af10498 + .word 0xf741ecda + .word 0x0e7fcd50 + .word 0x2f1791f6 + .word 0x8d764dd6 + .word 0x4d43efb0 + .word 0x54ccaa4d + .word 0xdfe49604 + .word 0xe39ed1b5 + .word 0x1b4c6a88 + .word 0xb8c12c1f + .word 0x7f466551 + .word 0x049d5eea + .word 0x5d018c35 + .word 0x73fa8774 + .word 0x2efb0b41 + .word 0x5ab3671d + .word 0x5292dbd2 + .word 0x33e91056 + .word 0x136dd647 + .word 0x8c9ad761 + .word 0x7a37a10c + .word 0x8e59f814 + .word 0x89eb133c + .word 0xeecea927 + .word 0x35b761c9 + .word 0xede11ce5 + .word 0x3c7a47b1 + .word 0x599cd2df + .word 0x3f55f273 + .word 0x791814ce + .word 0xbf73c737 + .word 0xea53f7cd + .word 0x5b5ffdaa + .word 0x14df3d6f + .word 0x867844db + .word 0x81caaff3 + .word 0x3eb968c4 + .word 0x2c382434 + .word 0x5fc2a340 + .word 0x72161dc3 + .word 0x0cbce225 + .word 0x8b283c49 + .word 0x41ff0d95 + .word 0x7139a801 + .word 0xde080cb3 + .word 0x9cd8b4e4 + .word 0x906456c1 + .word 0x617bcb84 + .word 0x70d532b6 + .word 0x74486c5c + .word 0x42d0b857 +#endif /* HAVE_AES_DECRYPT */ +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_te, %object + .section .rodata + .size L_AES_ARM64_te, 1024 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_te: + .word 0xa5c66363 + .word 0x84f87c7c + .word 0x99ee7777 + .word 0x8df67b7b + .word 0x0dfff2f2 + .word 0xbdd66b6b + .word 0xb1de6f6f + .word 0x5491c5c5 + .word 0x50603030 + .word 0x03020101 + .word 0xa9ce6767 + .word 0x7d562b2b + .word 0x19e7fefe + .word 0x62b5d7d7 + .word 0xe64dabab + .word 0x9aec7676 + .word 0x458fcaca + .word 0x9d1f8282 + .word 0x4089c9c9 + .word 0x87fa7d7d + .word 0x15effafa + .word 0xebb25959 + .word 0xc98e4747 + .word 0x0bfbf0f0 + .word 0xec41adad + .word 0x67b3d4d4 + .word 0xfd5fa2a2 + .word 0xea45afaf + .word 0xbf239c9c + .word 0xf753a4a4 + .word 0x96e47272 + .word 0x5b9bc0c0 + .word 0xc275b7b7 + .word 0x1ce1fdfd + .word 0xae3d9393 + .word 0x6a4c2626 + .word 0x5a6c3636 + .word 0x417e3f3f + .word 0x02f5f7f7 + .word 0x4f83cccc + .word 0x5c683434 + .word 0xf451a5a5 + .word 0x34d1e5e5 + .word 0x08f9f1f1 + .word 0x93e27171 + .word 0x73abd8d8 + .word 0x53623131 + .word 0x3f2a1515 + .word 0x0c080404 + .word 0x5295c7c7 + .word 0x65462323 + .word 0x5e9dc3c3 + .word 0x28301818 + .word 0xa1379696 + .word 0x0f0a0505 + .word 0xb52f9a9a + .word 0x090e0707 + .word 0x36241212 + .word 0x9b1b8080 + .word 0x3ddfe2e2 + .word 0x26cdebeb + .word 0x694e2727 + .word 0xcd7fb2b2 + .word 0x9fea7575 + .word 0x1b120909 + .word 0x9e1d8383 + .word 0x74582c2c + .word 0x2e341a1a + .word 0x2d361b1b + .word 0xb2dc6e6e + .word 0xeeb45a5a + .word 0xfb5ba0a0 + .word 0xf6a45252 + .word 0x4d763b3b + .word 0x61b7d6d6 + .word 0xce7db3b3 + .word 0x7b522929 + .word 0x3edde3e3 + .word 0x715e2f2f + .word 0x97138484 + .word 0xf5a65353 + .word 0x68b9d1d1 + .word 0x00000000 + .word 0x2cc1eded + .word 0x60402020 + .word 0x1fe3fcfc + .word 0xc879b1b1 + .word 0xedb65b5b + .word 0xbed46a6a + .word 0x468dcbcb + .word 0xd967bebe + .word 0x4b723939 + .word 0xde944a4a + .word 0xd4984c4c + .word 0xe8b05858 + .word 0x4a85cfcf + .word 0x6bbbd0d0 + .word 0x2ac5efef + .word 0xe54faaaa + .word 0x16edfbfb + .word 0xc5864343 + .word 0xd79a4d4d + .word 0x55663333 + .word 0x94118585 + .word 0xcf8a4545 + .word 0x10e9f9f9 + .word 0x06040202 + .word 0x81fe7f7f + .word 0xf0a05050 + .word 0x44783c3c + .word 0xba259f9f + .word 0xe34ba8a8 + .word 0xf3a25151 + .word 0xfe5da3a3 + .word 0xc0804040 + .word 0x8a058f8f + .word 0xad3f9292 + .word 0xbc219d9d + .word 0x48703838 + .word 0x04f1f5f5 + .word 0xdf63bcbc + .word 0xc177b6b6 + .word 0x75afdada + .word 0x63422121 + .word 0x30201010 + .word 0x1ae5ffff + .word 0x0efdf3f3 + .word 0x6dbfd2d2 + .word 0x4c81cdcd + .word 0x14180c0c + .word 0x35261313 + .word 0x2fc3ecec + .word 0xe1be5f5f + .word 0xa2359797 + .word 0xcc884444 + .word 0x392e1717 + .word 0x5793c4c4 + .word 0xf255a7a7 + .word 0x82fc7e7e + .word 0x477a3d3d + .word 0xacc86464 + .word 0xe7ba5d5d + .word 0x2b321919 + .word 0x95e67373 + .word 0xa0c06060 + .word 0x98198181 + .word 0xd19e4f4f + .word 0x7fa3dcdc + .word 0x66442222 + .word 0x7e542a2a + .word 0xab3b9090 + .word 0x830b8888 + .word 0xca8c4646 + .word 0x29c7eeee + .word 0xd36bb8b8 + .word 0x3c281414 + .word 0x79a7dede + .word 0xe2bc5e5e + .word 0x1d160b0b + .word 0x76addbdb + .word 0x3bdbe0e0 + .word 0x56643232 + .word 0x4e743a3a + .word 0x1e140a0a + .word 0xdb924949 + .word 0x0a0c0606 + .word 0x6c482424 + .word 0xe4b85c5c + .word 0x5d9fc2c2 + .word 0x6ebdd3d3 + .word 0xef43acac + .word 0xa6c46262 + .word 0xa8399191 + .word 0xa4319595 + .word 0x37d3e4e4 + .word 0x8bf27979 + .word 0x32d5e7e7 + .word 0x438bc8c8 + .word 0x596e3737 + .word 0xb7da6d6d + .word 0x8c018d8d + .word 0x64b1d5d5 + .word 0xd29c4e4e + .word 0xe049a9a9 + .word 0xb4d86c6c + .word 0xfaac5656 + .word 0x07f3f4f4 + .word 0x25cfeaea + .word 0xafca6565 + .word 0x8ef47a7a + .word 0xe947aeae + .word 0x18100808 + .word 0xd56fbaba + .word 0x88f07878 + .word 0x6f4a2525 + .word 0x725c2e2e + .word 0x24381c1c + .word 0xf157a6a6 + .word 0xc773b4b4 + .word 0x5197c6c6 + .word 0x23cbe8e8 + .word 0x7ca1dddd + .word 0x9ce87474 + .word 0x213e1f1f + .word 0xdd964b4b + .word 0xdc61bdbd + .word 0x860d8b8b + .word 0x850f8a8a + .word 0x90e07070 + .word 0x427c3e3e + .word 0xc471b5b5 + .word 0xaacc6666 + .word 0xd8904848 + .word 0x05060303 + .word 0x01f7f6f6 + .word 0x121c0e0e + .word 0xa3c26161 + .word 0x5f6a3535 + .word 0xf9ae5757 + .word 0xd069b9b9 + .word 0x91178686 + .word 0x5899c1c1 + .word 0x273a1d1d + .word 0xb9279e9e + .word 0x38d9e1e1 + .word 0x13ebf8f8 + .word 0xb32b9898 + .word 0x33221111 + .word 0xbbd26969 + .word 0x70a9d9d9 + .word 0x89078e8e + .word 0xa7339494 + .word 0xb62d9b9b + .word 0x223c1e1e + .word 0x92158787 + .word 0x20c9e9e9 + .word 0x4987cece + .word 0xffaa5555 + .word 0x78502828 + .word 0x7aa5dfdf + .word 0x8f038c8c + .word 0xf859a1a1 + .word 0x80098989 + .word 0x171a0d0d + .word 0xda65bfbf + .word 0x31d7e6e6 + .word 0xc6844242 + .word 0xb8d06868 + .word 0xc3824141 + .word 0xb0299999 + .word 0x775a2d2d + .word 0x111e0f0f + .word 0xcb7bb0b0 + .word 0xfca85454 + .word 0xd66dbbbb + .word 0x3a2c1616 +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_invert_key +.type AES_invert_key,@function +.align 2 +AES_invert_key: +#else +.section __TEXT,__text +.globl _AES_invert_key +.p2align 2 +_AES_invert_key: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x2, L_AES_ARM64_te + add x2, x2, :lo12:L_AES_ARM64_te +#else + adrp x2, L_AES_ARM64_te@PAGE + add x2, x2, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x3, L_AES_ARM64_td + add x3, x3, :lo12:L_AES_ARM64_td +#else + adrp x3, L_AES_ARM64_td@PAGE + add x3, x3, L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ + add x12, x0, x1, lsl 4 + mov w13, w1 +L_AES_invert_key_loop: + ldp w4, w5, [x0] + ldnp w6, w7, [x0, #8] + ldp w8, w9, [x12] + ldnp w10, w11, [x12, #8] + stp w4, w5, [x12] + stnp w6, w7, [x12, #8] + stp w8, w9, [x0], #8 + stp w10, w11, [x0], #8 + subs w13, w13, #2 + sub x12, x12, #16 + bne L_AES_invert_key_loop + sub x0, x0, x1, lsl 3 + add x0, x0, #16 + sub w13, w1, #1 +L_AES_invert_key_mix_loop: + ldp w4, w5, [x0] + ldnp w6, w7, [x0, #8] + ubfx w8, w4, #0, #8 + ubfx w9, w4, #8, #8 + ubfx w10, w4, #16, #8 + ubfx w11, w4, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w5, #0, #8 + ubfx w9, w5, #8, #8 + ubfx w10, w5, #16, #8 + ubfx w11, w5, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w6, #0, #8 + ubfx w9, w6, #8, #8 + ubfx w10, w6, #16, #8 + ubfx w11, w6, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + ubfx w8, w7, #0, #8 + ubfx w9, w7, #8, #8 + ubfx w10, w7, #16, #8 + ubfx w11, w7, #24, #8 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w11, w11, #2 + ldrb w8, [x2, x8, LSL 0] + ldrb w9, [x2, x9, LSL 0] + ldrb w10, [x2, x10, LSL 0] + ldrb w11, [x2, x11, LSL 0] + ldr w8, [x3, x8, LSL 2] + ldr w9, [x3, x9, LSL 2] + ldr w10, [x3, x10, LSL 2] + ldr w11, [x3, x11, LSL 2] + eor w10, w10, w8, ror 16 + eor w10, w10, w9, ror 8 + eor w10, w10, w11, ror 24 + str w10, [x0], #4 + subs w13, w13, #1 + bne L_AES_invert_key_mix_loop + ret +#ifndef __APPLE__ + .size AES_invert_key,.-AES_invert_key +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#ifndef __APPLE__ + .text + .type L_AES_ARM64_rcon, %object + .section .rodata + .size L_AES_ARM64_rcon, 40 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_AES_ARM64_rcon: + .word 0x01000000 + .word 0x02000000 + .word 0x04000000 + .word 0x08000000 + .word 0x10000000 + .word 0x20000000 + .word 0x40000000 + .word 0x80000000 + .word 0x1b000000 + .word 0x36000000 +#ifndef __APPLE__ +.text +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,@function +.align 2 +AES_set_encrypt_key: +#else +.section __TEXT,__text +.globl _AES_set_encrypt_key +.p2align 2 +_AES_set_encrypt_key: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_rcon + add x5, x5, :lo12:L_AES_ARM64_rcon +#else + adrp x5, L_AES_ARM64_rcon@PAGE + add x5, x5, L_AES_ARM64_rcon@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x12, L_AES_ARM64_te + add x12, x12, :lo12:L_AES_ARM64_te +#else + adrp x12, L_AES_ARM64_te@PAGE + add x12, x12, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + cmp x1, #0x80 + beq L_AES_set_encrypt_key_start_128 + cmp x1, #0xc0 + beq L_AES_set_encrypt_key_start_192 + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2], #8 + stp w8, w9, [x2], #8 + ldr w6, [x0, #16] + ldr w7, [x0, #20] + ldr w8, [x0, #24] + ldr w9, [x0, #28] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + mov x4, #6 +L_AES_set_encrypt_key_loop_256: + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + mov w3, w9 + ubfx w6, w3, #8, #8 + ubfx w7, w3, #16, #8 + ubfx w8, w3, #24, #8 + ubfx w3, w3, #0, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w3, w3, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w3, [x12, x3, LSL 0] + eor w3, w3, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_256 + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + add x2, x2, #16 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + sub x2, x2, #16 + b L_AES_set_encrypt_key_end +L_AES_set_encrypt_key_start_192: + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + ldr w10, [x0, #16] + ldr w11, [x0, #20] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + rev w10, w10 + rev w11, w11 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + stnp w10, w11, [x2, #16] + mov x4, #7 +L_AES_set_encrypt_key_loop_192: + ubfx w6, w11, #0, #8 + ubfx w7, w11, #8, #8 + ubfx w8, w11, #16, #8 + ubfx w11, w11, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w11, w11, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w11, [x12, x11, LSL 0] + eor w3, w11, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + ldp w10, w11, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + eor w10, w10, w9 + eor w11, w11, w10 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + stnp w10, w11, [x2, #16] + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_192 + ubfx w6, w11, #0, #8 + ubfx w7, w11, #8, #8 + ubfx w8, w11, #16, #8 + ubfx w11, w11, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w11, w11, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w11, [x12, x11, LSL 0] + eor w3, w11, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + ldp w10, w11, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + b L_AES_set_encrypt_key_end +L_AES_set_encrypt_key_start_128: + ldr w6, [x0] + ldr w7, [x0, #4] + ldr w8, [x0, #8] + ldr w9, [x0, #12] + rev w6, w6 + rev w7, w7 + rev w8, w8 + rev w9, w9 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + mov x4, #10 +L_AES_set_encrypt_key_loop_128: + ubfx w6, w9, #0, #8 + ubfx w7, w9, #8, #8 + ubfx w8, w9, #16, #8 + ubfx w9, w9, #24, #8 + lsl w6, w6, #2 + lsl w7, w7, #2 + lsl w8, w8, #2 + lsl w9, w9, #2 + ldrb w6, [x12, x6, LSL 0] + ldrb w7, [x12, x7, LSL 0] + ldrb w8, [x12, x8, LSL 0] + ldrb w9, [x12, x9, LSL 0] + eor w3, w9, w6, lsl 8 + eor w3, w3, w7, lsl 16 + eor w3, w3, w8, lsl 24 + ldp w6, w7, [x2], #8 + ldp w8, w9, [x2], #8 + eor w6, w6, w3 + ldr w3, [x5], #4 + eor w6, w6, w3 + eor w7, w7, w6 + eor w8, w8, w7 + eor w9, w9, w8 + stp w6, w7, [x2] + stnp w8, w9, [x2, #8] + subs x4, x4, #1 + bne L_AES_set_encrypt_key_loop_128 +L_AES_set_encrypt_key_end: + ret +#ifndef __APPLE__ + .size AES_set_encrypt_key,.-AES_set_encrypt_key +#endif /* __APPLE__ */ +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_encrypt +.type AES_ECB_encrypt,@function +.align 2 +AES_ECB_encrypt: +#else +.section __TEXT,__text +.globl _AES_ECB_encrypt +.p2align 2 +_AES_ECB_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + str x17, [x29, #24] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_te + add x5, x5, :lo12:L_AES_ARM64_te +#else + adrp x5, L_AES_ARM64_te@PAGE + add x5, x5, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ +L_AES_ECB_encrypt_loop_block_128: + mov x17, x3 + ldr x6, [x0] + ldr x7, [x0, #8] + rev32 x6, x6 + rev32 x7, x7 + ldp x10, x11, [x17], #16 + # Round: 0 - XOR in key schedule + eor x6, x6, x10 + eor x7, x7, x11 + sub w16, w4, #2 +L_AES_ECB_encrypt_loop_nr: + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x5] + ldr x8, [x5, #64] + ldr x8, [x5, #128] + ldr x8, [x5, #192] + ldr x8, [x5, #256] + ldr x8, [x5, #320] + ldr x8, [x5, #384] + ldr x8, [x5, #448] + ldr x8, [x5, #512] + ldr x8, [x5, #576] + ldr x8, [x5, #640] + ldr x8, [x5, #704] + ldr x8, [x5, #768] + ldr x8, [x5, #832] + ldr x8, [x5, #896] + ldr x8, [x5, #960] + ldr w10, [x5, x10, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x5, x11, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x5, x12, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x5, x8, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x17], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x10, #48, #8 + ubfx x9, x10, #24, #8 + ubfx x14, x11, #8, #8 + ubfx x15, x11, #32, #8 + ldr x12, [x5] + ldr x12, [x5, #64] + ldr x12, [x5, #128] + ldr x12, [x5, #192] + ldr x12, [x5, #256] + ldr x12, [x5, #320] + ldr x12, [x5, #384] + ldr x12, [x5, #448] + ldr x12, [x5, #512] + ldr x12, [x5, #576] + ldr x12, [x5, #640] + ldr x12, [x5, #704] + ldr x12, [x5, #768] + ldr x12, [x5, #832] + ldr x12, [x5, #896] + ldr x12, [x5, #960] + ldr w6, [x5, x6, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x7, x11, #16, #8 + eor w6, w6, w9, ror 24 + ubfx x9, x10, #56, #8 + eor w6, w6, w14, ror 8 + ubfx x14, x11, #40, #8 + eor w6, w6, w15, ror 16 + ubfx x15, x10, #0, #8 + ldr w7, [x5, x7, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x11, #48, #8 + eor w7, w7, w9, ror 24 + ubfx x9, x11, #24, #8 + eor w7, w7, w14, ror 8 + ubfx x14, x10, #8, #8 + eor w7, w7, w15, ror 16 + ubfx x15, x10, #32, #8 + bfi x6, x7, #32, #32 + ldr w8, [x5, x8, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x11, #0, #8 + eor w8, w8, w9, ror 24 + ubfx x9, x10, #16, #8 + eor w8, w8, w14, ror 8 + ubfx x14, x11, #56, #8 + eor w7, w8, w15, ror 16 + ubfx x15, x10, #40, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w12, ror 24 + ldp x10, x11, [x17], #16 + eor w9, w9, w14, ror 24 + eor w9, w9, w15, ror 8 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + subs w16, w16, #2 + bne L_AES_ECB_encrypt_loop_nr + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x5] + ldr x8, [x5, #64] + ldr x8, [x5, #128] + ldr x8, [x5, #192] + ldr x8, [x5, #256] + ldr x8, [x5, #320] + ldr x8, [x5, #384] + ldr x8, [x5, #448] + ldr x8, [x5, #512] + ldr x8, [x5, #576] + ldr x8, [x5, #640] + ldr x8, [x5, #704] + ldr x8, [x5, #768] + ldr x8, [x5, #832] + ldr x8, [x5, #896] + ldr x8, [x5, #960] + ldr w10, [x5, x10, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x5, x11, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x5, x12, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x5, x8, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x17], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x11, #32, #8 + ubfx x9, x11, #8, #8 + ubfx x14, x10, #48, #8 + ubfx x15, x10, #24, #8 + lsl w6, w6, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldr x13, [x5] + ldr x13, [x5, #64] + ldr x13, [x5, #128] + ldr x13, [x5, #192] + ldr x13, [x5, #256] + ldr x13, [x5, #320] + ldr x13, [x5, #384] + ldr x13, [x5, #448] + ldr x13, [x5, #512] + ldr x13, [x5, #576] + ldr x13, [x5, #640] + ldr x13, [x5, #704] + ldr x13, [x5, #768] + ldr x13, [x5, #832] + ldr x13, [x5, #896] + ldr x13, [x5, #960] + ldrb w6, [x5, x6, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x7, x10, #0, #8 + eor w6, w6, w9, lsl 8 + ubfx x9, x11, #40, #8 + eor w6, w6, w14, lsl 16 + ubfx x14, x11, #16, #8 + eor w6, w6, w15, lsl 24 + ubfx x15, x10, #56, #8 + lsl w7, w7, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w7, [x5, x7, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x8, x10, #32, #8 + eor w7, w7, w9, lsl 8 + ubfx x9, x10, #8, #8 + eor w7, w7, w14, lsl 16 + ubfx x14, x11, #48, #8 + eor w7, w7, w15, lsl 24 + ubfx x15, x11, #24, #8 + bfi x6, x7, #32, #32 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w8, [x5, x8, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + ubfx x13, x11, #56, #8 + eor w8, w8, w9, lsl 8 + ubfx x9, x11, #0, #8 + eor w8, w8, w14, lsl 16 + ubfx x14, x10, #40, #8 + eor w7, w8, w15, lsl 24 + ubfx x15, x10, #16, #8 + lsl w13, w13, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w13, [x5, x13, LSL 0] + ldrb w9, [x5, x9, LSL 0] + ldrb w14, [x5, x14, LSL 0] + ldrb w15, [x5, x15, LSL 0] + eor w14, w14, w13, lsl 16 + ldp x10, x11, [x17] + eor w9, w9, w14, lsl 8 + eor w9, w9, w15, lsl 16 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + rev32 x6, x6 + rev32 x7, x7 + str x6, [x1] + str x7, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_ECB_encrypt_loop_block_128 + ldr x17, [x29, #24] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_ECB_encrypt,.-AES_ECB_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_encrypt +.type AES_CBC_encrypt,@function +.align 2 +AES_CBC_encrypt: +#else +.section __TEXT,__text +.globl _AES_CBC_encrypt +.p2align 2 +_AES_CBC_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + stp x17, x19, [x29, #16] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_te + add x6, x6, :lo12:L_AES_ARM64_te +#else + adrp x6, L_AES_ARM64_te@PAGE + add x6, x6, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x7, x8, [x5] +L_AES_CBC_encrypt_loop_block: + mov x19, x3 + ldr x11, [x0] + ldr x12, [x0, #8] + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + ldp x11, x12, [x19], #16 + # Round: 0 - XOR in key schedule + eor x7, x7, x11 + eor x8, x8, x12 + sub w17, w4, #2 +L_AES_CBC_encrypt_loop_nr: + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w15, ror 24 + eor w14, w14, w16, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x15, x12, #8, #8 + ubfx x16, x12, #32, #8 + ldr x13, [x6] + ldr x13, [x6, #64] + ldr x13, [x6, #128] + ldr x13, [x6, #192] + ldr x13, [x6, #256] + ldr x13, [x6, #320] + ldr x13, [x6, #384] + ldr x13, [x6, #448] + ldr x13, [x6, #512] + ldr x13, [x6, #576] + ldr x13, [x6, #640] + ldr x13, [x6, #704] + ldr x13, [x6, #768] + ldr x13, [x6, #832] + ldr x13, [x6, #896] + ldr x13, [x6, #960] + ldr w7, [x6, x7, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x8, x12, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w15, ror 8 + ubfx x15, x12, #40, #8 + eor w7, w7, w16, ror 16 + ubfx x16, x11, #0, #8 + ldr w8, [x6, x8, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x12, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w15, ror 8 + ubfx x15, x11, #8, #8 + eor w8, w8, w16, ror 16 + ubfx x16, x11, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x6, x9, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x12, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x11, #16, #8 + eor w9, w9, w15, ror 8 + ubfx x15, x12, #56, #8 + eor w8, w9, w16, ror 16 + ubfx x16, x11, #40, #8 + ldr w13, [x6, x13, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w13, ror 24 + ldp x11, x12, [x19], #16 + eor w10, w10, w15, ror 24 + eor w10, w10, w16, ror 8 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w17, w17, #2 + bne L_AES_CBC_encrypt_loop_nr + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w16, [x6, x16, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w15, [x6, x15, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w16, [x6, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w15, ror 24 + eor w14, w14, w16, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x15, x11, #48, #8 + ubfx x16, x11, #24, #8 + lsl w7, w7, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldr x14, [x6, #256] + ldr x14, [x6, #320] + ldr x14, [x6, #384] + ldr x14, [x6, #448] + ldr x14, [x6, #512] + ldr x14, [x6, #576] + ldr x14, [x6, #640] + ldr x14, [x6, #704] + ldr x14, [x6, #768] + ldr x14, [x6, #832] + ldr x14, [x6, #896] + ldr x14, [x6, #960] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x8, x11, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w15, lsl 16 + ubfx x15, x12, #16, #8 + eor w7, w7, w16, lsl 24 + ubfx x16, x11, #56, #8 + lsl w8, w8, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w8, [x6, x8, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x9, x11, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w15, lsl 16 + ubfx x15, x12, #48, #8 + eor w8, w8, w16, lsl 24 + ubfx x16, x12, #24, #8 + bfi x7, x8, #32, #32 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w9, [x6, x9, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x12, #0, #8 + eor w9, w9, w15, lsl 16 + ubfx x15, x11, #40, #8 + eor w8, w9, w16, lsl 24 + ubfx x16, x11, #16, #8 + lsl w14, w14, #2 + lsl w10, w10, #2 + lsl w15, w15, #2 + lsl w16, w16, #2 + ldrb w14, [x6, x14, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + eor w15, w15, w14, lsl 16 + ldp x11, x12, [x19] + eor w10, w10, w15, lsl 8 + eor w10, w10, w16, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + str x7, [x1] + str x8, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CBC_encrypt_loop_block + stp x7, x8, [x5] + ldp x17, x19, [x29, #16] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_CBC_encrypt,.-AES_CBC_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +#ifndef __APPLE__ +.text +.globl AES_CTR_encrypt +.type AES_CTR_encrypt,@function +.align 2 +AES_CTR_encrypt: +#else +.section __TEXT,__text +.globl _AES_CTR_encrypt +.p2align 2 +_AES_CTR_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_te + add x6, x6, :lo12:L_AES_ARM64_te +#else + adrp x6, L_AES_ARM64_te@PAGE + add x6, x6, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x15, x16, [x5] + rev32 x15, x15 + rev32 x16, x16 +L_AES_CTR_encrypt_loop_block_128: + mov x21, x3 + ldp x11, x12, [x21], #16 + # Round: 0 - XOR in key schedule + eor x7, x15, x11 + eor x8, x16, x12 + sub w20, w4, #2 +L_AES_CTR_encrypt_loop_nr: + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x17, x8, #8, #8 + ubfx x19, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w17, ror 8 + ubfx x17, x8, #40, #8 + eor w11, w11, w19, ror 16 + ubfx x19, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w17, ror 8 + ubfx x17, x7, #8, #8 + eor w12, w12, w19, ror 16 + ubfx x19, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w17, ror 8 + ubfx x17, x8, #56, #8 + eor w12, w13, w19, ror 16 + ubfx x19, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w9, ror 24 + ldp x7, x8, [x21], #16 + eor w14, w14, w17, ror 24 + eor w14, w14, w19, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x17, x12, #8, #8 + ubfx x19, x12, #32, #8 + ldr x13, [x6] + ldr x13, [x6, #64] + ldr x13, [x6, #128] + ldr x13, [x6, #192] + ldr x13, [x6, #256] + ldr x13, [x6, #320] + ldr x13, [x6, #384] + ldr x13, [x6, #448] + ldr x13, [x6, #512] + ldr x13, [x6, #576] + ldr x13, [x6, #640] + ldr x13, [x6, #704] + ldr x13, [x6, #768] + ldr x13, [x6, #832] + ldr x13, [x6, #896] + ldr x13, [x6, #960] + ldr w7, [x6, x7, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x8, x12, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w17, ror 8 + ubfx x17, x12, #40, #8 + eor w7, w7, w19, ror 16 + ubfx x19, x11, #0, #8 + ldr w8, [x6, x8, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x12, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w17, ror 8 + ubfx x17, x11, #8, #8 + eor w8, w8, w19, ror 16 + ubfx x19, x11, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x6, x9, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x12, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x11, #16, #8 + eor w9, w9, w17, ror 8 + ubfx x17, x12, #56, #8 + eor w8, w9, w19, ror 16 + ubfx x19, x11, #40, #8 + ldr w13, [x6, x13, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w10, [x6, x10, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w13, ror 24 + ldp x11, x12, [x21], #16 + eor w10, w10, w17, ror 24 + eor w10, w10, w19, ror 8 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w20, w20, #2 + bne L_AES_CTR_encrypt_loop_nr + ubfx x11, x7, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x17, x8, #8, #8 + ubfx x19, x8, #32, #8 + ldr x9, [x6] + ldr x9, [x6, #64] + ldr x9, [x6, #128] + ldr x9, [x6, #192] + ldr x9, [x6, #256] + ldr x9, [x6, #320] + ldr x9, [x6, #384] + ldr x9, [x6, #448] + ldr x9, [x6, #512] + ldr x9, [x6, #576] + ldr x9, [x6, #640] + ldr x9, [x6, #704] + ldr x9, [x6, #768] + ldr x9, [x6, #832] + ldr x9, [x6, #896] + ldr x9, [x6, #960] + ldr w11, [x6, x11, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x12, x8, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w17, ror 8 + ubfx x17, x8, #40, #8 + eor w11, w11, w19, ror 16 + ubfx x19, x7, #0, #8 + ldr w12, [x6, x12, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x13, x8, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w17, ror 8 + ubfx x17, x7, #8, #8 + eor w12, w12, w19, ror 16 + ubfx x19, x7, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x6, x13, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w19, [x6, x19, LSL 2] + ubfx x9, x8, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x7, #16, #8 + eor w13, w13, w17, ror 8 + ubfx x17, x8, #56, #8 + eor w12, w13, w19, ror 16 + ubfx x19, x7, #40, #8 + ldr w9, [x6, x9, LSL 2] + ldr w17, [x6, x17, LSL 2] + ldr w14, [x6, x14, LSL 2] + ldr w19, [x6, x19, LSL 2] + eor w17, w17, w9, ror 24 + ldp x7, x8, [x21], #16 + eor w14, w14, w17, ror 24 + eor w14, w14, w19, ror 8 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x17, x11, #48, #8 + ubfx x19, x11, #24, #8 + lsl w7, w7, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldr x14, [x6, #256] + ldr x14, [x6, #320] + ldr x14, [x6, #384] + ldr x14, [x6, #448] + ldr x14, [x6, #512] + ldr x14, [x6, #576] + ldr x14, [x6, #640] + ldr x14, [x6, #704] + ldr x14, [x6, #768] + ldr x14, [x6, #832] + ldr x14, [x6, #896] + ldr x14, [x6, #960] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x8, x11, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w17, lsl 16 + ubfx x17, x12, #16, #8 + eor w7, w7, w19, lsl 24 + ubfx x19, x11, #56, #8 + lsl w8, w8, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w8, [x6, x8, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x9, x11, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w17, lsl 16 + ubfx x17, x12, #48, #8 + eor w8, w8, w19, lsl 24 + ubfx x19, x12, #24, #8 + bfi x7, x8, #32, #32 + lsl w9, w9, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w9, [x6, x9, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x12, #0, #8 + eor w9, w9, w17, lsl 16 + ubfx x17, x11, #40, #8 + eor w8, w9, w19, lsl 24 + ubfx x19, x11, #16, #8 + lsl w14, w14, #2 + lsl w10, w10, #2 + lsl w17, w17, #2 + lsl w19, w19, #2 + ldrb w14, [x6, x14, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w19, [x6, x19, LSL 0] + eor w17, w17, w14, lsl 16 + ldp x11, x12, [x21] + eor w10, w10, w17, lsl 8 + eor w10, w10, w19, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + ldr x11, [x0] + ldr x12, [x0, #8] + eor x7, x7, x11 + eor x8, x8, x12 + str x7, [x1] + str x8, [x1, #8] + ror x16, x16, #32 + ror x15, x15, #32 + adds x16, x16, #1 + adc x15, x15, xzr + ror x16, x16, #32 + ror x15, x15, #32 + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CTR_encrypt_loop_block_128 + rev32 x15, x15 + rev32 x16, x16 + stp x15, x16, [x5] + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_CTR_encrypt,.-AES_CTR_encrypt +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ + .text + .type L_AES_ARM64_td4, %object + .section .rodata + .size L_AES_ARM64_td4, 256 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 1 +#else + .p2align 1 +#endif /* __APPLE__ */ +L_AES_ARM64_td4: + .byte 0x52,0x09,0x6a,0xd5,0x30,0x36,0xa5,0x38 + .byte 0xbf,0x40,0xa3,0x9e,0x81,0xf3,0xd7,0xfb + .byte 0x7c,0xe3,0x39,0x82,0x9b,0x2f,0xff,0x87 + .byte 0x34,0x8e,0x43,0x44,0xc4,0xde,0xe9,0xcb + .byte 0x54,0x7b,0x94,0x32,0xa6,0xc2,0x23,0x3d + .byte 0xee,0x4c,0x95,0x0b,0x42,0xfa,0xc3,0x4e + .byte 0x08,0x2e,0xa1,0x66,0x28,0xd9,0x24,0xb2 + .byte 0x76,0x5b,0xa2,0x49,0x6d,0x8b,0xd1,0x25 + .byte 0x72,0xf8,0xf6,0x64,0x86,0x68,0x98,0x16 + .byte 0xd4,0xa4,0x5c,0xcc,0x5d,0x65,0xb6,0x92 + .byte 0x6c,0x70,0x48,0x50,0xfd,0xed,0xb9,0xda + .byte 0x5e,0x15,0x46,0x57,0xa7,0x8d,0x9d,0x84 + .byte 0x90,0xd8,0xab,0x00,0x8c,0xbc,0xd3,0x0a + .byte 0xf7,0xe4,0x58,0x05,0xb8,0xb3,0x45,0x06 + .byte 0xd0,0x2c,0x1e,0x8f,0xca,0x3f,0x0f,0x02 + .byte 0xc1,0xaf,0xbd,0x03,0x01,0x13,0x8a,0x6b + .byte 0x3a,0x91,0x11,0x41,0x4f,0x67,0xdc,0xea + .byte 0x97,0xf2,0xcf,0xce,0xf0,0xb4,0xe6,0x73 + .byte 0x96,0xac,0x74,0x22,0xe7,0xad,0x35,0x85 + .byte 0xe2,0xf9,0x37,0xe8,0x1c,0x75,0xdf,0x6e + .byte 0x47,0xf1,0x1a,0x71,0x1d,0x29,0xc5,0x89 + .byte 0x6f,0xb7,0x62,0x0e,0xaa,0x18,0xbe,0x1b + .byte 0xfc,0x56,0x3e,0x4b,0xc6,0xd2,0x79,0x20 + .byte 0x9a,0xdb,0xc0,0xfe,0x78,0xcd,0x5a,0xf4 + .byte 0x1f,0xdd,0xa8,0x33,0x88,0x07,0xc7,0x31 + .byte 0xb1,0x12,0x10,0x59,0x27,0x80,0xec,0x5f + .byte 0x60,0x51,0x7f,0xa9,0x19,0xb5,0x4a,0x0d + .byte 0x2d,0xe5,0x7a,0x9f,0x93,0xc9,0x9c,0xef + .byte 0xa0,0xe0,0x3b,0x4d,0xae,0x2a,0xf5,0xb0 + .byte 0xc8,0xeb,0xbb,0x3c,0x83,0x53,0x99,0x61 + .byte 0x17,0x2b,0x04,0x7e,0xba,0x77,0xd6,0x26 + .byte 0xe1,0x69,0x14,0x63,0x55,0x21,0x0c,0x7d +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +#ifndef __APPLE__ +.text +.globl AES_ECB_decrypt +.type AES_ECB_decrypt,@function +.align 2 +AES_ECB_decrypt: +#else +.section __TEXT,__text +.globl _AES_ECB_decrypt +.p2align 2 +_AES_ECB_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-32]! + add x29, sp, #0 + stp x17, x19, [x29, #16] +#ifndef __APPLE__ + adrp x5, L_AES_ARM64_td + add x5, x5, :lo12:L_AES_ARM64_td +#else + adrp x5, L_AES_ARM64_td@PAGE + add x5, x5, L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_td4 + add x6, x6, :lo12:L_AES_ARM64_td4 +#else + adrp x6, L_AES_ARM64_td4@PAGE + add x6, x6, L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +L_AES_ECB_decrypt_loop_block: + mov x19, x3 + ldr x7, [x0] + ldr x8, [x0, #8] + rev32 x7, x7 + rev32 x8, x8 + ldp x11, x12, [x19], #16 + # Round: 0 - XOR in key schedule + eor x7, x7, x11 + eor x8, x8, x12 + sub w17, w4, #2 +L_AES_ECB_decrypt_loop_nr: + ubfx x11, x8, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x7, #32, #8 + ldr x9, [x5] + ldr x9, [x5, #64] + ldr x9, [x5, #128] + ldr x9, [x5, #192] + ldr x9, [x5, #256] + ldr x9, [x5, #320] + ldr x9, [x5, #384] + ldr x9, [x5, #448] + ldr x9, [x5, #512] + ldr x9, [x5, #576] + ldr x9, [x5, #640] + ldr x9, [x5, #704] + ldr x9, [x5, #768] + ldr x9, [x5, #832] + ldr x9, [x5, #896] + ldr x9, [x5, #960] + ldr w11, [x5, x11, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x12, x7, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x8, #0, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x7, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x8, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x7, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x8, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w16, ror 8 + eor w14, w14, w15, ror 24 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x12, #48, #8 + ubfx x10, x11, #24, #8 + ubfx x15, x12, #8, #8 + ubfx x16, x11, #32, #8 + ldr x13, [x5] + ldr x13, [x5, #64] + ldr x13, [x5, #128] + ldr x13, [x5, #192] + ldr x13, [x5, #256] + ldr x13, [x5, #320] + ldr x13, [x5, #384] + ldr x13, [x5, #448] + ldr x13, [x5, #512] + ldr x13, [x5, #576] + ldr x13, [x5, #640] + ldr x13, [x5, #704] + ldr x13, [x5, #768] + ldr x13, [x5, #832] + ldr x13, [x5, #896] + ldr x13, [x5, #960] + ldr w7, [x5, x7, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x8, x11, #16, #8 + eor w7, w7, w10, ror 24 + ubfx x10, x11, #56, #8 + eor w7, w7, w15, ror 8 + ubfx x15, x12, #40, #8 + eor w7, w7, w16, ror 16 + ubfx x16, x12, #0, #8 + ldr w8, [x5, x8, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x11, #48, #8 + eor w8, w8, w10, ror 24 + ubfx x10, x12, #24, #8 + eor w8, w8, w15, ror 8 + ubfx x15, x11, #8, #8 + eor w8, w8, w16, ror 16 + ubfx x16, x12, #32, #8 + bfi x7, x8, #32, #32 + ldr w9, [x5, x9, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x11, #0, #8 + eor w9, w9, w10, ror 24 + ubfx x10, x12, #16, #8 + eor w9, w9, w15, ror 8 + ubfx x15, x12, #56, #8 + eor w8, w9, w16, ror 16 + ubfx x16, x11, #40, #8 + ldr w13, [x5, x13, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w10, [x5, x10, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w13, ror 24 + ldp x11, x12, [x19], #16 + eor w10, w10, w16, ror 8 + eor w10, w10, w15, ror 24 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + subs w17, w17, #2 + bne L_AES_ECB_decrypt_loop_nr + ubfx x11, x8, #48, #8 + ubfx x14, x7, #24, #8 + ubfx x15, x8, #8, #8 + ubfx x16, x7, #32, #8 + ldr x9, [x5] + ldr x9, [x5, #64] + ldr x9, [x5, #128] + ldr x9, [x5, #192] + ldr x9, [x5, #256] + ldr x9, [x5, #320] + ldr x9, [x5, #384] + ldr x9, [x5, #448] + ldr x9, [x5, #512] + ldr x9, [x5, #576] + ldr x9, [x5, #640] + ldr x9, [x5, #704] + ldr x9, [x5, #768] + ldr x9, [x5, #832] + ldr x9, [x5, #896] + ldr x9, [x5, #960] + ldr w11, [x5, x11, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x12, x7, #16, #8 + eor w11, w11, w14, ror 24 + ubfx x14, x7, #56, #8 + eor w11, w11, w15, ror 8 + ubfx x15, x8, #40, #8 + eor w11, w11, w16, ror 16 + ubfx x16, x8, #0, #8 + ldr w12, [x5, x12, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x13, x7, #48, #8 + eor w12, w12, w14, ror 24 + ubfx x14, x8, #24, #8 + eor w12, w12, w15, ror 8 + ubfx x15, x7, #8, #8 + eor w12, w12, w16, ror 16 + ubfx x16, x8, #32, #8 + bfi x11, x12, #32, #32 + ldr w13, [x5, x13, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w16, [x5, x16, LSL 2] + ubfx x9, x7, #0, #8 + eor w13, w13, w14, ror 24 + ubfx x14, x8, #16, #8 + eor w13, w13, w15, ror 8 + ubfx x15, x8, #56, #8 + eor w12, w13, w16, ror 16 + ubfx x16, x7, #40, #8 + ldr w9, [x5, x9, LSL 2] + ldr w15, [x5, x15, LSL 2] + ldr w14, [x5, x14, LSL 2] + ldr w16, [x5, x16, LSL 2] + eor w15, w15, w9, ror 24 + ldp x7, x8, [x19], #16 + eor w14, w14, w16, ror 8 + eor w14, w14, w15, ror 24 + bfi x12, x14, #32, #32 + # XOR in Key Schedule + eor x11, x11, x7 + eor x12, x12, x8 + ubfx x7, x11, #32, #8 + ubfx x10, x12, #8, #8 + ubfx x15, x12, #48, #8 + ubfx x16, x11, #24, #8 + ldr x14, [x6] + ldr x14, [x6, #64] + ldr x14, [x6, #128] + ldr x14, [x6, #192] + ldrb w7, [x6, x7, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x8, x12, #0, #8 + eor w7, w7, w10, lsl 8 + ubfx x10, x12, #40, #8 + eor w7, w7, w15, lsl 16 + ubfx x15, x11, #16, #8 + eor w7, w7, w16, lsl 24 + ubfx x16, x11, #56, #8 + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w8, [x6, x8, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ubfx x9, x12, #32, #8 + eor w8, w8, w10, lsl 8 + ubfx x10, x11, #8, #8 + eor w8, w8, w15, lsl 16 + ubfx x15, x11, #48, #8 + eor w8, w8, w16, lsl 24 + ubfx x16, x12, #24, #8 + bfi x7, x8, #32, #32 + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ubfx x14, x12, #56, #8 + eor w9, w9, w10, lsl 8 + ubfx x10, x11, #0, #8 + eor w9, w9, w15, lsl 16 + ubfx x15, x11, #40, #8 + eor w8, w9, w16, lsl 24 + ubfx x16, x12, #16, #8 + ldrb w14, [x6, x14, LSL 0] + ldrb w15, [x6, x15, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + eor w15, w15, w14, lsl 16 + ldp x11, x12, [x19] + eor w10, w10, w15, lsl 8 + eor w10, w10, w16, lsl 16 + bfi x8, x10, #32, #32 + # XOR in Key Schedule + eor x7, x7, x11 + eor x8, x8, x12 + rev32 x7, x7 + rev32 x8, x8 + str x7, [x1] + str x8, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_ECB_decrypt_loop_block + ldp x17, x19, [x29, #16] + ldp x29, x30, [sp], #32 + ret +#ifndef __APPLE__ + .size AES_ECB_decrypt,.-AES_ECB_decrypt +#endif /* __APPLE__ */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +#ifndef __APPLE__ +.text +.globl AES_CBC_decrypt +.type AES_CBC_decrypt,@function +.align 2 +AES_CBC_decrypt: +#else +.section __TEXT,__text +.globl _AES_CBC_decrypt +.p2align 2 +_AES_CBC_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + str x20, [x29, #40] +#ifndef __APPLE__ + adrp x6, L_AES_ARM64_td4 + add x6, x6, :lo12:L_AES_ARM64_td4 +#else + adrp x6, L_AES_ARM64_td4@PAGE + add x6, x6, L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x7, L_AES_ARM64_td + add x7, x7, :lo12:L_AES_ARM64_td +#else + adrp x7, L_AES_ARM64_td@PAGE + add x7, x7, L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +L_AES_CBC_decrypt_loop_block: + mov x20, x3 + ldr x8, [x0] + ldr x9, [x0, #8] + stnp x8, x9, [x5, #16] + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x20], #16 + # Round: 0 - XOR in key schedule + eor x8, x8, x12 + eor x9, x9, x13 + sub w19, w4, #2 +L_AES_CBC_decrypt_loop_nr_even: + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x13, #48, #8 + ubfx x11, x12, #24, #8 + ubfx x16, x13, #8, #8 + ubfx x17, x12, #32, #8 + ldr x14, [x7] + ldr x14, [x7, #64] + ldr x14, [x7, #128] + ldr x14, [x7, #192] + ldr x14, [x7, #256] + ldr x14, [x7, #320] + ldr x14, [x7, #384] + ldr x14, [x7, #448] + ldr x14, [x7, #512] + ldr x14, [x7, #576] + ldr x14, [x7, #640] + ldr x14, [x7, #704] + ldr x14, [x7, #768] + ldr x14, [x7, #832] + ldr x14, [x7, #896] + ldr x14, [x7, #960] + ldr w8, [x7, x8, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x9, x12, #16, #8 + eor w8, w8, w11, ror 24 + ubfx x11, x12, #56, #8 + eor w8, w8, w16, ror 8 + ubfx x16, x13, #40, #8 + eor w8, w8, w17, ror 16 + ubfx x17, x13, #0, #8 + ldr w9, [x7, x9, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x12, #48, #8 + eor w9, w9, w11, ror 24 + ubfx x11, x13, #24, #8 + eor w9, w9, w16, ror 8 + ubfx x16, x12, #8, #8 + eor w9, w9, w17, ror 16 + ubfx x17, x13, #32, #8 + bfi x8, x9, #32, #32 + ldr w10, [x7, x10, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x12, #0, #8 + eor w10, w10, w11, ror 24 + ubfx x11, x13, #16, #8 + eor w10, w10, w16, ror 8 + ubfx x16, x13, #56, #8 + eor w9, w10, w17, ror 16 + ubfx x17, x12, #40, #8 + ldr w14, [x7, x14, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w14, ror 24 + ldp x12, x13, [x20], #16 + eor w11, w11, w17, ror 8 + eor w11, w11, w16, ror 24 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + subs w19, w19, #2 + bne L_AES_CBC_decrypt_loop_nr_even + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x12, #32, #8 + ubfx x11, x13, #8, #8 + ubfx x16, x13, #48, #8 + ubfx x17, x12, #24, #8 + ldr x15, [x6] + ldr x15, [x6, #64] + ldr x15, [x6, #128] + ldr x15, [x6, #192] + ldrb w8, [x6, x8, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ubfx x9, x13, #0, #8 + eor w8, w8, w11, lsl 8 + ubfx x11, x13, #40, #8 + eor w8, w8, w16, lsl 16 + ubfx x16, x12, #16, #8 + eor w8, w8, w17, lsl 24 + ubfx x17, x12, #56, #8 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x10, x13, #32, #8 + eor w9, w9, w11, lsl 8 + ubfx x11, x12, #8, #8 + eor w9, w9, w16, lsl 16 + ubfx x16, x12, #48, #8 + eor w9, w9, w17, lsl 24 + ubfx x17, x13, #24, #8 + bfi x8, x9, #32, #32 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x15, x13, #56, #8 + eor w10, w10, w11, lsl 8 + ubfx x11, x12, #0, #8 + eor w10, w10, w16, lsl 16 + ubfx x16, x12, #40, #8 + eor w9, w10, w17, lsl 24 + ubfx x17, x13, #16, #8 + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + eor w16, w16, w15, lsl 16 + ldp x12, x13, [x20] + eor w11, w11, w16, lsl 8 + eor w11, w11, w17, lsl 16 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x5] + eor x8, x8, x12 + eor x9, x9, x13 + str x8, [x1] + str x9, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + beq L_AES_CBC_decrypt_end_dec_odd + mov x20, x3 + ldr x8, [x0] + ldr x9, [x0, #8] + stp x8, x9, [x5] + rev32 x8, x8 + rev32 x9, x9 + ldp x12, x13, [x20], #16 + # Round: 0 - XOR in key schedule + eor x8, x8, x12 + eor x9, x9, x13 + sub w19, w4, #2 +L_AES_CBC_decrypt_loop_nr_odd: + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x13, #48, #8 + ubfx x11, x12, #24, #8 + ubfx x16, x13, #8, #8 + ubfx x17, x12, #32, #8 + ldr x14, [x7] + ldr x14, [x7, #64] + ldr x14, [x7, #128] + ldr x14, [x7, #192] + ldr x14, [x7, #256] + ldr x14, [x7, #320] + ldr x14, [x7, #384] + ldr x14, [x7, #448] + ldr x14, [x7, #512] + ldr x14, [x7, #576] + ldr x14, [x7, #640] + ldr x14, [x7, #704] + ldr x14, [x7, #768] + ldr x14, [x7, #832] + ldr x14, [x7, #896] + ldr x14, [x7, #960] + ldr w8, [x7, x8, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x9, x12, #16, #8 + eor w8, w8, w11, ror 24 + ubfx x11, x12, #56, #8 + eor w8, w8, w16, ror 8 + ubfx x16, x13, #40, #8 + eor w8, w8, w17, ror 16 + ubfx x17, x13, #0, #8 + ldr w9, [x7, x9, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x12, #48, #8 + eor w9, w9, w11, ror 24 + ubfx x11, x13, #24, #8 + eor w9, w9, w16, ror 8 + ubfx x16, x12, #8, #8 + eor w9, w9, w17, ror 16 + ubfx x17, x13, #32, #8 + bfi x8, x9, #32, #32 + ldr w10, [x7, x10, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x12, #0, #8 + eor w10, w10, w11, ror 24 + ubfx x11, x13, #16, #8 + eor w10, w10, w16, ror 8 + ubfx x16, x13, #56, #8 + eor w9, w10, w17, ror 16 + ubfx x17, x12, #40, #8 + ldr w14, [x7, x14, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w11, [x7, x11, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w14, ror 24 + ldp x12, x13, [x20], #16 + eor w11, w11, w17, ror 8 + eor w11, w11, w16, ror 24 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + subs w19, w19, #2 + bne L_AES_CBC_decrypt_loop_nr_odd + ubfx x12, x9, #48, #8 + ubfx x15, x8, #24, #8 + ubfx x16, x9, #8, #8 + ubfx x17, x8, #32, #8 + ldr x10, [x7] + ldr x10, [x7, #64] + ldr x10, [x7, #128] + ldr x10, [x7, #192] + ldr x10, [x7, #256] + ldr x10, [x7, #320] + ldr x10, [x7, #384] + ldr x10, [x7, #448] + ldr x10, [x7, #512] + ldr x10, [x7, #576] + ldr x10, [x7, #640] + ldr x10, [x7, #704] + ldr x10, [x7, #768] + ldr x10, [x7, #832] + ldr x10, [x7, #896] + ldr x10, [x7, #960] + ldr w12, [x7, x12, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x13, x8, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x8, #56, #8 + eor w12, w12, w16, ror 8 + ubfx x16, x9, #40, #8 + eor w12, w12, w17, ror 16 + ubfx x17, x9, #0, #8 + ldr w13, [x7, x13, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x14, x8, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x9, #24, #8 + eor w13, w13, w16, ror 8 + ubfx x16, x8, #8, #8 + eor w13, w13, w17, ror 16 + ubfx x17, x9, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x7, x14, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w17, [x7, x17, LSL 2] + ubfx x10, x8, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x9, #16, #8 + eor w14, w14, w16, ror 8 + ubfx x16, x9, #56, #8 + eor w13, w14, w17, ror 16 + ubfx x17, x8, #40, #8 + ldr w10, [x7, x10, LSL 2] + ldr w16, [x7, x16, LSL 2] + ldr w15, [x7, x15, LSL 2] + ldr w17, [x7, x17, LSL 2] + eor w16, w16, w10, ror 24 + ldp x8, x9, [x20], #16 + eor w15, w15, w17, ror 8 + eor w15, w15, w16, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x8 + eor x13, x13, x9 + ubfx x8, x12, #32, #8 + ubfx x11, x13, #8, #8 + ubfx x16, x13, #48, #8 + ubfx x17, x12, #24, #8 + ldr x15, [x6] + ldr x15, [x6, #64] + ldr x15, [x6, #128] + ldr x15, [x6, #192] + ldrb w8, [x6, x8, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ubfx x9, x13, #0, #8 + eor w8, w8, w11, lsl 8 + ubfx x11, x13, #40, #8 + eor w8, w8, w16, lsl 16 + ubfx x16, x12, #16, #8 + eor w8, w8, w17, lsl 24 + ubfx x17, x12, #56, #8 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w9, [x6, x9, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x10, x13, #32, #8 + eor w9, w9, w11, lsl 8 + ubfx x11, x12, #8, #8 + eor w9, w9, w16, lsl 16 + ubfx x16, x12, #48, #8 + eor w9, w9, w17, lsl 24 + ubfx x17, x13, #24, #8 + bfi x8, x9, #32, #32 + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + ldrb w10, [x6, x10, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ubfx x15, x13, #56, #8 + eor w10, w10, w11, lsl 8 + ubfx x11, x12, #0, #8 + eor w10, w10, w16, lsl 16 + ubfx x16, x12, #40, #8 + eor w9, w10, w17, lsl 24 + ubfx x17, x13, #16, #8 + ldrb w15, [x6, x15, LSL 0] + ldrb w16, [x6, x16, LSL 0] + ldrb w11, [x6, x11, LSL 0] + ldrb w17, [x6, x17, LSL 0] + eor w16, w16, w15, lsl 16 + ldp x12, x13, [x20] + eor w11, w11, w16, lsl 8 + eor w11, w11, w17, lsl 16 + bfi x9, x11, #32, #32 + # XOR in Key Schedule + eor x8, x8, x12 + eor x9, x9, x13 + rev32 x8, x8 + rev32 x9, x9 + ldnp x12, x13, [x5, #16] + eor x8, x8, x12 + eor x9, x9, x13 + str x8, [x1] + str x9, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_CBC_decrypt_loop_block + b L_AES_CBC_decrypt_end_dec +L_AES_CBC_decrypt_end_dec_odd: + ldnp x12, x13, [x5, #16] + stp x12, x13, [x5] +L_AES_CBC_decrypt_end_dec: + ldp x17, x19, [x29, #24] + ldr x20, [x29, #40] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_CBC_decrypt,.-AES_CBC_decrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +#ifndef __APPLE__ + .text + .type L_GCM_gmult_len_r, %object + .section .rodata + .size L_GCM_gmult_len_r, 128 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 3 +#else + .p2align 3 +#endif /* __APPLE__ */ +L_GCM_gmult_len_r: + .word 0x00000000 + .word 0x1c200000 + .word 0x38400000 + .word 0x24600000 + .word 0x70800000 + .word 0x6ca00000 + .word 0x48c00000 + .word 0x54e00000 + .word 0xe1000000 + .word 0xfd200000 + .word 0xd9400000 + .word 0xc5600000 + .word 0x91800000 + .word 0x8da00000 + .word 0xa9c00000 + .word 0xb5e00000 + .word 0x00000000 + .word 0x01c20000 + .word 0x03840000 + .word 0x02460000 + .word 0x07080000 + .word 0x06ca0000 + .word 0x048c0000 + .word 0x054e0000 + .word 0x0e100000 + .word 0x0fd20000 + .word 0x0d940000 + .word 0x0c560000 + .word 0x09180000 + .word 0x08da0000 + .word 0x0a9c0000 + .word 0x0b5e0000 +#ifndef __APPLE__ +.text +.globl GCM_gmult_len +.type GCM_gmult_len,@function +.align 2 +GCM_gmult_len: +#else +.section __TEXT,__text +.globl _GCM_gmult_len +.p2align 2 +_GCM_gmult_len: +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_GCM_gmult_len_r + add x10, x10, :lo12:L_GCM_gmult_len_r +#else + adrp x10, L_GCM_gmult_len_r@PAGE + add x10, x10, L_GCM_gmult_len_r@PAGEOFF +#endif /* __APPLE__ */ +L_GCM_gmult_len_start_block: + ldp x4, x5, [x0] + ldp x6, x7, [x2] + eor x4, x4, x6 + eor x5, x5, x7 + ubfx x12, x5, #56, #4 + add x12, x1, x12, lsl 4 + ldp x8, x9, [x12] + ubfx x12, x5, #60, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #48, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #52, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #40, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #44, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #32, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #36, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #24, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #28, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #16, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #20, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #8, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #12, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x5, #0, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x5, #4, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #56, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #60, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #48, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #52, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #40, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #44, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #32, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #36, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #24, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #28, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #16, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #20, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfx x12, x4, #8, #4 + add x12, x1, x12, lsl 4 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x12, x4, #12, #4 + mov x11, x9 + add x12, x12, #16 + lsr x9, x9, #8 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 56 + ldp x6, x7, [x12] + lsr x8, x8, #8 + eor x8, x8, x6 + sub x12, x12, #0x100 + eor x9, x9, x7 + ldr x7, [x12, #8] + ubfx w6, w11, #0, #4 + eor x11, x11, x7, lsl 4 + add w6, w6, #16 + ubfx w11, w11, #4, #4 + ldr w6, [x10, x6, LSL 2] + ldr w7, [x10, x11, LSL 2] + eor x8, x8, x6, lsl 32 + eor x8, x8, x7, lsl 32 + ubfiz x12, x4, #4, #4 + add x12, x12, x1 + ldp x6, x7, [x12] + eor x8, x8, x6 + eor x9, x9, x7 + ubfx x11, x9, #0, #4 + ubfx x12, x4, #4, #4 + lsr x9, x9, #4 + add x12, x1, x12, lsl 4 + orr x9, x9, x8, lsl 60 + ldp x6, x7, [x12] + lsr x8, x8, #4 + eor x8, x8, x6 + ldr w6, [x10, x11, LSL 2] + eor x9, x9, x7 + eor x8, x8, x6, lsl 32 + rev x8, x8 + rev x9, x9 + stp x8, x9, [x0] + subs x3, x3, #16 + add x2, x2, #16 + bne L_GCM_gmult_len_start_block + ret +#ifndef __APPLE__ + .size GCM_gmult_len,.-GCM_gmult_len +#endif /* __APPLE__ */ +#ifndef __APPLE__ +.text +.globl AES_GCM_encrypt +.type AES_GCM_encrypt,@function +.align 2 +AES_GCM_encrypt: +#else +.section __TEXT,__text +.globl _AES_GCM_encrypt +.p2align 2 +_AES_GCM_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-48]! + add x29, sp, #0 + stp x17, x19, [x29, #16] + stp x20, x21, [x29, #32] +#ifndef __APPLE__ + adrp x19, L_AES_ARM64_te + add x19, x19, :lo12:L_AES_ARM64_te +#else + adrp x19, L_AES_ARM64_te@PAGE + add x19, x19, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ldp x16, x17, [x5] + rev32 x16, x16 + rev32 x17, x17 +L_AES_GCM_encrypt_loop_block: + mov x21, x3 + lsr x9, x17, #32 + ldp x10, x11, [x21], #16 + add w9, w9, #1 + bfi x17, x9, #32, #32 + # Round: 0 - XOR in key schedule + eor x6, x16, x10 + eor x7, x17, x11 + sub w20, w4, #2 +L_AES_GCM_encrypt_loop_nr: + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x19] + ldr x8, [x19, #64] + ldr x8, [x19, #128] + ldr x8, [x19, #192] + ldr x8, [x19, #256] + ldr x8, [x19, #320] + ldr x8, [x19, #384] + ldr x8, [x19, #448] + ldr x8, [x19, #512] + ldr x8, [x19, #576] + ldr x8, [x19, #640] + ldr x8, [x19, #704] + ldr x8, [x19, #768] + ldr x8, [x19, #832] + ldr x8, [x19, #896] + ldr x8, [x19, #960] + ldr w10, [x19, x10, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x19, x11, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x19, x12, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x19, x8, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x21], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x10, #48, #8 + ubfx x9, x10, #24, #8 + ubfx x14, x11, #8, #8 + ubfx x15, x11, #32, #8 + ldr x12, [x19] + ldr x12, [x19, #64] + ldr x12, [x19, #128] + ldr x12, [x19, #192] + ldr x12, [x19, #256] + ldr x12, [x19, #320] + ldr x12, [x19, #384] + ldr x12, [x19, #448] + ldr x12, [x19, #512] + ldr x12, [x19, #576] + ldr x12, [x19, #640] + ldr x12, [x19, #704] + ldr x12, [x19, #768] + ldr x12, [x19, #832] + ldr x12, [x19, #896] + ldr x12, [x19, #960] + ldr w6, [x19, x6, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x7, x11, #16, #8 + eor w6, w6, w9, ror 24 + ubfx x9, x10, #56, #8 + eor w6, w6, w14, ror 8 + ubfx x14, x11, #40, #8 + eor w6, w6, w15, ror 16 + ubfx x15, x10, #0, #8 + ldr w7, [x19, x7, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x11, #48, #8 + eor w7, w7, w9, ror 24 + ubfx x9, x11, #24, #8 + eor w7, w7, w14, ror 8 + ubfx x14, x10, #8, #8 + eor w7, w7, w15, ror 16 + ubfx x15, x10, #32, #8 + bfi x6, x7, #32, #32 + ldr w8, [x19, x8, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x11, #0, #8 + eor w8, w8, w9, ror 24 + ubfx x9, x10, #16, #8 + eor w8, w8, w14, ror 8 + ubfx x14, x11, #56, #8 + eor w7, w8, w15, ror 16 + ubfx x15, x10, #40, #8 + ldr w12, [x19, x12, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w9, [x19, x9, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w12, ror 24 + ldp x10, x11, [x21], #16 + eor w9, w9, w14, ror 24 + eor w9, w9, w15, ror 8 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + subs w20, w20, #2 + bne L_AES_GCM_encrypt_loop_nr + ubfx x10, x6, #48, #8 + ubfx x13, x6, #24, #8 + ubfx x14, x7, #8, #8 + ubfx x15, x7, #32, #8 + ldr x8, [x19] + ldr x8, [x19, #64] + ldr x8, [x19, #128] + ldr x8, [x19, #192] + ldr x8, [x19, #256] + ldr x8, [x19, #320] + ldr x8, [x19, #384] + ldr x8, [x19, #448] + ldr x8, [x19, #512] + ldr x8, [x19, #576] + ldr x8, [x19, #640] + ldr x8, [x19, #704] + ldr x8, [x19, #768] + ldr x8, [x19, #832] + ldr x8, [x19, #896] + ldr x8, [x19, #960] + ldr w10, [x19, x10, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x11, x7, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x6, #56, #8 + eor w10, w10, w14, ror 8 + ubfx x14, x7, #40, #8 + eor w10, w10, w15, ror 16 + ubfx x15, x6, #0, #8 + ldr w11, [x19, x11, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x12, x7, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x7, #24, #8 + eor w11, w11, w14, ror 8 + ubfx x14, x6, #8, #8 + eor w11, w11, w15, ror 16 + ubfx x15, x6, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x19, x12, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w15, [x19, x15, LSL 2] + ubfx x8, x7, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x6, #16, #8 + eor w12, w12, w14, ror 8 + ubfx x14, x7, #56, #8 + eor w11, w12, w15, ror 16 + ubfx x15, x6, #40, #8 + ldr w8, [x19, x8, LSL 2] + ldr w14, [x19, x14, LSL 2] + ldr w13, [x19, x13, LSL 2] + ldr w15, [x19, x15, LSL 2] + eor w14, w14, w8, ror 24 + ldp x6, x7, [x21], #16 + eor w13, w13, w14, ror 24 + eor w13, w13, w15, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x6 + eor x11, x11, x7 + ubfx x6, x11, #32, #8 + ubfx x9, x11, #8, #8 + ubfx x14, x10, #48, #8 + ubfx x15, x10, #24, #8 + lsl w6, w6, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldr x13, [x19] + ldr x13, [x19, #64] + ldr x13, [x19, #128] + ldr x13, [x19, #192] + ldr x13, [x19, #256] + ldr x13, [x19, #320] + ldr x13, [x19, #384] + ldr x13, [x19, #448] + ldr x13, [x19, #512] + ldr x13, [x19, #576] + ldr x13, [x19, #640] + ldr x13, [x19, #704] + ldr x13, [x19, #768] + ldr x13, [x19, #832] + ldr x13, [x19, #896] + ldr x13, [x19, #960] + ldrb w6, [x19, x6, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x7, x10, #0, #8 + eor w6, w6, w9, lsl 8 + ubfx x9, x11, #40, #8 + eor w6, w6, w14, lsl 16 + ubfx x14, x11, #16, #8 + eor w6, w6, w15, lsl 24 + ubfx x15, x10, #56, #8 + lsl w7, w7, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w7, [x19, x7, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x8, x10, #32, #8 + eor w7, w7, w9, lsl 8 + ubfx x9, x10, #8, #8 + eor w7, w7, w14, lsl 16 + ubfx x14, x11, #48, #8 + eor w7, w7, w15, lsl 24 + ubfx x15, x11, #24, #8 + bfi x6, x7, #32, #32 + lsl w8, w8, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w8, [x19, x8, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + ubfx x13, x11, #56, #8 + eor w8, w8, w9, lsl 8 + ubfx x9, x11, #0, #8 + eor w8, w8, w14, lsl 16 + ubfx x14, x10, #40, #8 + eor w7, w8, w15, lsl 24 + ubfx x15, x10, #16, #8 + lsl w13, w13, #2 + lsl w9, w9, #2 + lsl w14, w14, #2 + lsl w15, w15, #2 + ldrb w13, [x19, x13, LSL 0] + ldrb w9, [x19, x9, LSL 0] + ldrb w14, [x19, x14, LSL 0] + ldrb w15, [x19, x15, LSL 0] + eor w14, w14, w13, lsl 16 + ldp x10, x11, [x21] + eor w9, w9, w14, lsl 8 + eor w9, w9, w15, lsl 16 + bfi x7, x9, #32, #32 + # XOR in Key Schedule + eor x6, x6, x10 + eor x7, x7, x11 + rev32 x6, x6 + rev32 x7, x7 + ldr x10, [x0] + ldr x11, [x0, #8] + eor x6, x6, x10 + eor x7, x7, x11 + str x6, [x1] + str x7, [x1, #8] + subs x2, x2, #16 + add x0, x0, #16 + add x1, x1, #16 + bne L_AES_GCM_encrypt_loop_block + rev32 x16, x16 + rev32 x17, x17 + stp x16, x17, [x5] + ldp x17, x19, [x29, #16] + ldp x20, x21, [x29, #32] + ldp x29, x30, [sp], #48 + ret +#ifndef __APPLE__ + .size AES_GCM_encrypt,.-AES_GCM_encrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +#ifndef __APPLE__ +.text +.globl AES_XTS_encrypt +.type AES_XTS_encrypt,@function +.align 2 +AES_XTS_encrypt: +#else +.section __TEXT,__text +.globl _AES_XTS_encrypt +.p2align 2 +_AES_XTS_encrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-96]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + stp x22, x23, [x29, #56] + stp x24, x25, [x29, #72] + str x26, [x29, #88] +#ifndef __APPLE__ + adrp x8, L_AES_ARM64_te + add x8, x8, :lo12:L_AES_ARM64_te +#else + adrp x8, L_AES_ARM64_te@PAGE + add x8, x8, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + mov x9, #0x87 + mov x26, x5 + ldp x21, x22, [x3] + ldp x14, x15, [x26], #16 + rev32 x21, x21 + rev32 x22, x22 + # Round: 0 - XOR in key schedule + eor x21, x21, x14 + eor x22, x22, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr_tweak: + ubfx x14, x21, #48, #8 + ubfx x17, x21, #24, #8 + ubfx x19, x22, #8, #8 + ubfx x20, x22, #32, #8 + ldr x23, [x8] + ldr x23, [x8, #64] + ldr x23, [x8, #128] + ldr x23, [x8, #192] + ldr x23, [x8, #256] + ldr x23, [x8, #320] + ldr x23, [x8, #384] + ldr x23, [x8, #448] + ldr x23, [x8, #512] + ldr x23, [x8, #576] + ldr x23, [x8, #640] + ldr x23, [x8, #704] + ldr x23, [x8, #768] + ldr x23, [x8, #832] + ldr x23, [x8, #896] + ldr x23, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x22, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x21, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x22, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x21, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x22, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x22, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x21, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x21, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x22, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x21, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x22, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x21, #40, #8 + ldr w23, [x8, x23, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w23, ror 24 + ldp x21, x22, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x21 + eor x15, x15, x22 + ubfx x21, x14, #48, #8 + ubfx x24, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w21, [x8, x21, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x22, x15, #16, #8 + eor w21, w21, w24, ror 24 + ubfx x24, x14, #56, #8 + eor w21, w21, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w21, w21, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w22, [x8, x22, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x15, #48, #8 + eor w22, w22, w24, ror 24 + ubfx x24, x15, #24, #8 + eor w22, w22, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w22, w22, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x21, x22, #32, #32 + ldr w23, [x8, x23, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w23, w23, w24, ror 24 + ubfx x24, x14, #16, #8 + eor w23, w23, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w22, w23, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w24, [x8, x24, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w24, w24, w19, ror 24 + eor w24, w24, w20, ror 8 + bfi x22, x24, #32, #32 + # XOR in Key Schedule + eor x21, x21, x14 + eor x22, x22, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr_tweak + ubfx x14, x21, #48, #8 + ubfx x17, x21, #24, #8 + ubfx x19, x22, #8, #8 + ubfx x20, x22, #32, #8 + ldr x23, [x8] + ldr x23, [x8, #64] + ldr x23, [x8, #128] + ldr x23, [x8, #192] + ldr x23, [x8, #256] + ldr x23, [x8, #320] + ldr x23, [x8, #384] + ldr x23, [x8, #448] + ldr x23, [x8, #512] + ldr x23, [x8, #576] + ldr x23, [x8, #640] + ldr x23, [x8, #704] + ldr x23, [x8, #768] + ldr x23, [x8, #832] + ldr x23, [x8, #896] + ldr x23, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x22, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x21, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x22, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x21, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x22, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x22, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x21, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x21, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x23, x22, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x21, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x22, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x21, #40, #8 + ldr w23, [x8, x23, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w23, ror 24 + ldp x21, x22, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x21 + eor x15, x15, x22 + ubfx x21, x15, #32, #8 + ubfx x24, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w21, w21, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w21, [x8, x21, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x22, x14, #0, #8 + eor w21, w21, w24, lsl 8 + ubfx x24, x15, #40, #8 + eor w21, w21, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w21, w21, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w22, w22, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w22, [x8, x22, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x23, x14, #32, #8 + eor w22, w22, w24, lsl 8 + ubfx x24, x14, #8, #8 + eor w22, w22, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w22, w22, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x21, x22, #32, #32 + lsl w23, w23, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w23, [x8, x23, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w23, w23, w24, lsl 8 + ubfx x24, x15, #0, #8 + eor w23, w23, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w22, w23, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w24, w24, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w24, [x8, x24, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w24, w24, w19, lsl 8 + eor w24, w24, w20, lsl 16 + bfi x22, x24, #32, #32 + # XOR in Key Schedule + eor x21, x21, x14 + eor x22, x22, x15 + rev32 x21, x21 + rev32 x22, x22 +L_AES_XTS_encrypt_loop_block: + mov x26, x4 + ldp x10, x11, [x0] + ldp x14, x15, [x26], #16 + eor x10, x10, x21 + eor x11, x11, x22 + rev32 x10, x10 + rev32 x11, x11 + # Round: 0 - XOR in key schedule + eor x10, x10, x14 + eor x11, x11, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr: + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x14, #48, #8 + ubfx x13, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w10, [x8, x10, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x11, x15, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x14, #56, #8 + eor w10, w10, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w10, w10, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w11, [x8, x11, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x15, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x15, #24, #8 + eor w11, w11, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w11, w11, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x8, x12, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x14, #16, #8 + eor w12, w12, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w11, w12, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w13, w13, w19, ror 24 + eor w13, w13, w20, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x15, #32, #8 + ubfx x13, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w10, w10, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w10, [x8, x10, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x11, x14, #0, #8 + eor w10, w10, w13, lsl 8 + ubfx x13, x15, #40, #8 + eor w10, w10, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w10, w10, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w11, w11, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w11, [x8, x11, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x12, x14, #32, #8 + eor w11, w11, w13, lsl 8 + ubfx x13, x14, #8, #8 + eor w11, w11, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w11, w11, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x10, x11, #32, #32 + lsl w12, w12, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w12, [x8, x12, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w12, w12, w13, lsl 8 + ubfx x13, x15, #0, #8 + eor w12, w12, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w11, w12, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w13, w13, w19, lsl 8 + eor w13, w13, w20, lsl 16 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + rev32 x10, x10 + rev32 x11, x11 + eor x10, x10, x21 + eor x11, x11, x22 + stp x10, x11, [x1] + and x19, x9, x22, asr 63 + extr x22, x22, x21, #63 + eor x21, x19, x21, lsl 1 + sub w2, w2, #16 + add x0, x0, #16 + add x1, x1, #16 + cmp w2, #16 + bge L_AES_XTS_encrypt_loop_block + cbz w2, L_AES_XTS_encrypt_done_data + mov x26, x4 + sub x1, x1, #16 + ldp x10, x11, [x1], #16 + stp x10, x11, [x6] + mov w14, w2 +L_AES_XTS_encrypt_start_byte: + ldrb w19, [x6] + ldrb w20, [x0], #1 + strb w19, [x1], #1 + strb w20, [x6], #1 + subs w14, w14, #1 + bgt L_AES_XTS_encrypt_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + ldp x10, x11, [x6] + ldp x14, x15, [x26], #16 + eor x10, x10, x21 + eor x11, x11, x22 + rev32 x10, x10 + rev32 x11, x11 + # Round: 0 - XOR in key schedule + eor x10, x10, x14 + eor x11, x11, x15 + sub w25, w7, #2 +L_AES_XTS_encrypt_loop_nr_partial: + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x14, #48, #8 + ubfx x13, x14, #24, #8 + ubfx x19, x15, #8, #8 + ubfx x20, x15, #32, #8 + ldr x16, [x8] + ldr x16, [x8, #64] + ldr x16, [x8, #128] + ldr x16, [x8, #192] + ldr x16, [x8, #256] + ldr x16, [x8, #320] + ldr x16, [x8, #384] + ldr x16, [x8, #448] + ldr x16, [x8, #512] + ldr x16, [x8, #576] + ldr x16, [x8, #640] + ldr x16, [x8, #704] + ldr x16, [x8, #768] + ldr x16, [x8, #832] + ldr x16, [x8, #896] + ldr x16, [x8, #960] + ldr w10, [x8, x10, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x11, x15, #16, #8 + eor w10, w10, w13, ror 24 + ubfx x13, x14, #56, #8 + eor w10, w10, w19, ror 8 + ubfx x19, x15, #40, #8 + eor w10, w10, w20, ror 16 + ubfx x20, x14, #0, #8 + ldr w11, [x8, x11, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x15, #48, #8 + eor w11, w11, w13, ror 24 + ubfx x13, x15, #24, #8 + eor w11, w11, w19, ror 8 + ubfx x19, x14, #8, #8 + eor w11, w11, w20, ror 16 + ubfx x20, x14, #32, #8 + bfi x10, x11, #32, #32 + ldr w12, [x8, x12, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x15, #0, #8 + eor w12, w12, w13, ror 24 + ubfx x13, x14, #16, #8 + eor w12, w12, w19, ror 8 + ubfx x19, x15, #56, #8 + eor w11, w12, w20, ror 16 + ubfx x20, x14, #40, #8 + ldr w16, [x8, x16, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w13, [x8, x13, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w16, ror 24 + ldp x14, x15, [x26], #16 + eor w13, w13, w19, ror 24 + eor w13, w13, w20, ror 8 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + subs w25, w25, #2 + bne L_AES_XTS_encrypt_loop_nr_partial + ubfx x14, x10, #48, #8 + ubfx x17, x10, #24, #8 + ubfx x19, x11, #8, #8 + ubfx x20, x11, #32, #8 + ldr x12, [x8] + ldr x12, [x8, #64] + ldr x12, [x8, #128] + ldr x12, [x8, #192] + ldr x12, [x8, #256] + ldr x12, [x8, #320] + ldr x12, [x8, #384] + ldr x12, [x8, #448] + ldr x12, [x8, #512] + ldr x12, [x8, #576] + ldr x12, [x8, #640] + ldr x12, [x8, #704] + ldr x12, [x8, #768] + ldr x12, [x8, #832] + ldr x12, [x8, #896] + ldr x12, [x8, #960] + ldr w14, [x8, x14, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x15, x11, #16, #8 + eor w14, w14, w17, ror 24 + ubfx x17, x10, #56, #8 + eor w14, w14, w19, ror 8 + ubfx x19, x11, #40, #8 + eor w14, w14, w20, ror 16 + ubfx x20, x10, #0, #8 + ldr w15, [x8, x15, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x16, x11, #48, #8 + eor w15, w15, w17, ror 24 + ubfx x17, x11, #24, #8 + eor w15, w15, w19, ror 8 + ubfx x19, x10, #8, #8 + eor w15, w15, w20, ror 16 + ubfx x20, x10, #32, #8 + bfi x14, x15, #32, #32 + ldr w16, [x8, x16, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ubfx x12, x11, #0, #8 + eor w16, w16, w17, ror 24 + ubfx x17, x10, #16, #8 + eor w16, w16, w19, ror 8 + ubfx x19, x11, #56, #8 + eor w15, w16, w20, ror 16 + ubfx x20, x10, #40, #8 + ldr w12, [x8, x12, LSL 2] + ldr w19, [x8, x19, LSL 2] + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + eor w19, w19, w12, ror 24 + ldp x10, x11, [x26], #16 + eor w17, w17, w19, ror 24 + eor w17, w17, w20, ror 8 + bfi x15, x17, #32, #32 + # XOR in Key Schedule + eor x14, x14, x10 + eor x15, x15, x11 + ubfx x10, x15, #32, #8 + ubfx x13, x15, #8, #8 + ubfx x19, x14, #48, #8 + ubfx x20, x14, #24, #8 + lsl w10, w10, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldr x17, [x8] + ldr x17, [x8, #64] + ldr x17, [x8, #128] + ldr x17, [x8, #192] + ldr x17, [x8, #256] + ldr x17, [x8, #320] + ldr x17, [x8, #384] + ldr x17, [x8, #448] + ldr x17, [x8, #512] + ldr x17, [x8, #576] + ldr x17, [x8, #640] + ldr x17, [x8, #704] + ldr x17, [x8, #768] + ldr x17, [x8, #832] + ldr x17, [x8, #896] + ldr x17, [x8, #960] + ldrb w10, [x8, x10, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x11, x14, #0, #8 + eor w10, w10, w13, lsl 8 + ubfx x13, x15, #40, #8 + eor w10, w10, w19, lsl 16 + ubfx x19, x15, #16, #8 + eor w10, w10, w20, lsl 24 + ubfx x20, x14, #56, #8 + lsl w11, w11, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w11, [x8, x11, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x12, x14, #32, #8 + eor w11, w11, w13, lsl 8 + ubfx x13, x14, #8, #8 + eor w11, w11, w19, lsl 16 + ubfx x19, x15, #48, #8 + eor w11, w11, w20, lsl 24 + ubfx x20, x15, #24, #8 + bfi x10, x11, #32, #32 + lsl w12, w12, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w12, [x8, x12, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + ubfx x17, x15, #56, #8 + eor w12, w12, w13, lsl 8 + ubfx x13, x15, #0, #8 + eor w12, w12, w19, lsl 16 + ubfx x19, x14, #40, #8 + eor w11, w12, w20, lsl 24 + ubfx x20, x14, #16, #8 + lsl w17, w17, #2 + lsl w13, w13, #2 + lsl w19, w19, #2 + lsl w20, w20, #2 + ldrb w17, [x8, x17, LSL 0] + ldrb w13, [x8, x13, LSL 0] + ldrb w19, [x8, x19, LSL 0] + ldrb w20, [x8, x20, LSL 0] + eor w19, w19, w17, lsl 16 + ldp x14, x15, [x26] + eor w13, w13, w19, lsl 8 + eor w13, w13, w20, lsl 16 + bfi x11, x13, #32, #32 + # XOR in Key Schedule + eor x10, x10, x14 + eor x11, x11, x15 + rev32 x10, x10 + rev32 x11, x11 + eor x10, x10, x21 + eor x11, x11, x22 + stp x10, x11, [x1] +L_AES_XTS_encrypt_done_data: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldp x22, x23, [x29, #56] + ldp x24, x25, [x29, #72] + ldr x26, [x29, #88] + ldp x29, x30, [sp], #0x60 + ret +#ifndef __APPLE__ + .size AES_XTS_encrypt,.-AES_XTS_encrypt +#endif /* __APPLE__ */ +#ifdef HAVE_AES_DECRYPT +#ifndef __APPLE__ +.text +.globl AES_XTS_decrypt +.type AES_XTS_decrypt,@function +.align 2 +AES_XTS_decrypt: +#else +.section __TEXT,__text +.globl _AES_XTS_decrypt +.p2align 2 +_AES_XTS_decrypt: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-112]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + stp x22, x23, [x29, #56] + stp x24, x25, [x29, #72] + stp x26, x27, [x29, #88] + str x28, [x29, #104] +#ifndef __APPLE__ + adrp x8, L_AES_ARM64_td + add x8, x8, :lo12:L_AES_ARM64_td +#else + adrp x8, L_AES_ARM64_td@PAGE + add x8, x8, L_AES_ARM64_td@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x9, L_AES_ARM64_td4 + add x9, x9, :lo12:L_AES_ARM64_td4 +#else + adrp x9, L_AES_ARM64_td4@PAGE + add x9, x9, L_AES_ARM64_td4@PAGEOFF +#endif /* __APPLE__ */ +#ifndef __APPLE__ + adrp x10, L_AES_ARM64_te + add x10, x10, :lo12:L_AES_ARM64_te +#else + adrp x10, L_AES_ARM64_te@PAGE + add x10, x10, L_AES_ARM64_te@PAGEOFF +#endif /* __APPLE__ */ + ands w11, w2, #15 + cset w11, ne + lsl w11, w11, #4 + sub w2, w2, w11 + mov x11, #0x87 + mov x28, x5 + ldp x23, x24, [x3] + ldp x16, x17, [x28], #16 + rev32 x23, x23 + rev32 x24, x24 + # Round: 0 - XOR in key schedule + eor x23, x23, x16 + eor x24, x24, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_tweak: + ubfx x16, x23, #48, #8 + ubfx x20, x23, #24, #8 + ubfx x21, x24, #8, #8 + ubfx x22, x24, #32, #8 + ldr x25, [x10] + ldr x25, [x10, #64] + ldr x25, [x10, #128] + ldr x25, [x10, #192] + ldr x25, [x10, #256] + ldr x25, [x10, #320] + ldr x25, [x10, #384] + ldr x25, [x10, #448] + ldr x25, [x10, #512] + ldr x25, [x10, #576] + ldr x25, [x10, #640] + ldr x25, [x10, #704] + ldr x25, [x10, #768] + ldr x25, [x10, #832] + ldr x25, [x10, #896] + ldr x25, [x10, #960] + ldr w16, [x10, x16, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x17, x24, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x23, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x24, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x23, #0, #8 + ldr w17, [x10, x17, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x24, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x24, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x23, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x23, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x10, x19, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x24, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x23, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x24, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x23, #40, #8 + ldr w25, [x10, x25, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w25, ror 24 + ldp x23, x24, [x28], #16 + eor w20, w20, w21, ror 24 + eor w20, w20, w22, ror 8 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x23 + eor x17, x17, x24 + ubfx x23, x16, #48, #8 + ubfx x26, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x17, #32, #8 + ldr x19, [x10] + ldr x19, [x10, #64] + ldr x19, [x10, #128] + ldr x19, [x10, #192] + ldr x19, [x10, #256] + ldr x19, [x10, #320] + ldr x19, [x10, #384] + ldr x19, [x10, #448] + ldr x19, [x10, #512] + ldr x19, [x10, #576] + ldr x19, [x10, #640] + ldr x19, [x10, #704] + ldr x19, [x10, #768] + ldr x19, [x10, #832] + ldr x19, [x10, #896] + ldr x19, [x10, #960] + ldr w23, [x10, x23, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x24, x17, #16, #8 + eor w23, w23, w26, ror 24 + ubfx x26, x16, #56, #8 + eor w23, w23, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w23, w23, w22, ror 16 + ubfx x22, x16, #0, #8 + ldr w24, [x10, x24, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x17, #48, #8 + eor w24, w24, w26, ror 24 + ubfx x26, x17, #24, #8 + eor w24, w24, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w24, w24, w22, ror 16 + ubfx x22, x16, #32, #8 + bfi x23, x24, #32, #32 + ldr w25, [x10, x25, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x17, #0, #8 + eor w25, w25, w26, ror 24 + ubfx x26, x16, #16, #8 + eor w25, w25, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w24, w25, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x10, x19, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w26, [x10, x26, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w26, w26, w21, ror 24 + eor w26, w26, w22, ror 8 + bfi x24, x26, #32, #32 + # XOR in Key Schedule + eor x23, x23, x16 + eor x24, x24, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_tweak + ubfx x16, x23, #48, #8 + ubfx x20, x23, #24, #8 + ubfx x21, x24, #8, #8 + ubfx x22, x24, #32, #8 + ldr x25, [x10] + ldr x25, [x10, #64] + ldr x25, [x10, #128] + ldr x25, [x10, #192] + ldr x25, [x10, #256] + ldr x25, [x10, #320] + ldr x25, [x10, #384] + ldr x25, [x10, #448] + ldr x25, [x10, #512] + ldr x25, [x10, #576] + ldr x25, [x10, #640] + ldr x25, [x10, #704] + ldr x25, [x10, #768] + ldr x25, [x10, #832] + ldr x25, [x10, #896] + ldr x25, [x10, #960] + ldr w16, [x10, x16, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x17, x24, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x23, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x24, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x23, #0, #8 + ldr w17, [x10, x17, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x19, x24, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x24, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x23, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x23, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x10, x19, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w22, [x10, x22, LSL 2] + ubfx x25, x24, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x23, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x24, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x23, #40, #8 + ldr w25, [x10, x25, LSL 2] + ldr w21, [x10, x21, LSL 2] + ldr w20, [x10, x20, LSL 2] + ldr w22, [x10, x22, LSL 2] + eor w21, w21, w25, ror 24 + ldp x23, x24, [x28], #16 + eor w20, w20, w21, ror 24 + eor w20, w20, w22, ror 8 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x23 + eor x17, x17, x24 + ubfx x23, x17, #32, #8 + ubfx x26, x17, #8, #8 + ubfx x21, x16, #48, #8 + ubfx x22, x16, #24, #8 + lsl w23, w23, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldr x20, [x10] + ldr x20, [x10, #64] + ldr x20, [x10, #128] + ldr x20, [x10, #192] + ldr x20, [x10, #256] + ldr x20, [x10, #320] + ldr x20, [x10, #384] + ldr x20, [x10, #448] + ldr x20, [x10, #512] + ldr x20, [x10, #576] + ldr x20, [x10, #640] + ldr x20, [x10, #704] + ldr x20, [x10, #768] + ldr x20, [x10, #832] + ldr x20, [x10, #896] + ldr x20, [x10, #960] + ldrb w23, [x10, x23, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x24, x16, #0, #8 + eor w23, w23, w26, lsl 8 + ubfx x26, x17, #40, #8 + eor w23, w23, w21, lsl 16 + ubfx x21, x17, #16, #8 + eor w23, w23, w22, lsl 24 + ubfx x22, x16, #56, #8 + lsl w24, w24, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w24, [x10, x24, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x25, x16, #32, #8 + eor w24, w24, w26, lsl 8 + ubfx x26, x16, #8, #8 + eor w24, w24, w21, lsl 16 + ubfx x21, x17, #48, #8 + eor w24, w24, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x23, x24, #32, #32 + lsl w25, w25, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w25, [x10, x25, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + ubfx x20, x17, #56, #8 + eor w25, w25, w26, lsl 8 + ubfx x26, x17, #0, #8 + eor w25, w25, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w24, w25, w22, lsl 24 + ubfx x22, x16, #16, #8 + lsl w20, w20, #2 + lsl w26, w26, #2 + lsl w21, w21, #2 + lsl w22, w22, #2 + ldrb w20, [x10, x20, LSL 0] + ldrb w26, [x10, x26, LSL 0] + ldrb w21, [x10, x21, LSL 0] + ldrb w22, [x10, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w26, w26, w21, lsl 8 + eor w26, w26, w22, lsl 16 + bfi x24, x26, #32, #32 + # XOR in Key Schedule + eor x23, x23, x16 + eor x24, x24, x17 + rev32 x23, x23 + rev32 x24, x24 + cmp w2, #16 + blt L_AES_XTS_decrypt_start_partail +L_AES_XTS_decrypt_loop_block: + mov x28, x4 + ldp x12, x13, [x0] + ldp x16, x17, [x28], #16 + eor x12, x12, x23 + eor x13, x13, x24 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x23 + eor x13, x13, x24 + stp x12, x13, [x1] + and x21, x11, x24, asr 63 + extr x24, x24, x23, #63 + eor x23, x21, x23, lsl 1 + sub w2, w2, #16 + add x0, x0, #16 + add x1, x1, #16 + cmp w2, #16 + bge L_AES_XTS_decrypt_loop_block + cbz w2, L_AES_XTS_decrypt_done_data +L_AES_XTS_decrypt_start_partail: + and x21, x11, x24, asr 63 + extr x26, x24, x23, #63 + eor x25, x21, x23, lsl 1 + mov x28, x4 + ldp x12, x13, [x0], #16 + ldp x16, x17, [x28], #16 + eor x12, x12, x25 + eor x13, x13, x26 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_partial_1: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_partial_1 + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x25 + eor x13, x13, x26 + stp x12, x13, [x6] + add x1, x1, #16 + mov w16, w2 +L_AES_XTS_decrypt_start_byte: + ldrb w21, [x6] + ldrb w22, [x0], #1 + strb w21, [x1], #1 + strb w22, [x6], #1 + subs w16, w16, #1 + bgt L_AES_XTS_decrypt_start_byte + sub x1, x1, x2 + sub x6, x6, x2 + sub x1, x1, #16 + mov x28, x4 + ldp x12, x13, [x6] + ldp x16, x17, [x28], #16 + eor x12, x12, x23 + eor x13, x13, x24 + rev32 x12, x12 + rev32 x13, x13 + # Round: 0 - XOR in key schedule + eor x12, x12, x16 + eor x13, x13, x17 + sub w27, w7, #2 +L_AES_XTS_decrypt_loop_nr_partial_2: + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x17, #48, #8 + ubfx x15, x16, #24, #8 + ubfx x21, x17, #8, #8 + ubfx x22, x16, #32, #8 + ldr x19, [x8] + ldr x19, [x8, #64] + ldr x19, [x8, #128] + ldr x19, [x8, #192] + ldr x19, [x8, #256] + ldr x19, [x8, #320] + ldr x19, [x8, #384] + ldr x19, [x8, #448] + ldr x19, [x8, #512] + ldr x19, [x8, #576] + ldr x19, [x8, #640] + ldr x19, [x8, #704] + ldr x19, [x8, #768] + ldr x19, [x8, #832] + ldr x19, [x8, #896] + ldr x19, [x8, #960] + ldr w12, [x8, x12, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x13, x16, #16, #8 + eor w12, w12, w15, ror 24 + ubfx x15, x16, #56, #8 + eor w12, w12, w21, ror 8 + ubfx x21, x17, #40, #8 + eor w12, w12, w22, ror 16 + ubfx x22, x17, #0, #8 + ldr w13, [x8, x13, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x16, #48, #8 + eor w13, w13, w15, ror 24 + ubfx x15, x17, #24, #8 + eor w13, w13, w21, ror 8 + ubfx x21, x16, #8, #8 + eor w13, w13, w22, ror 16 + ubfx x22, x17, #32, #8 + bfi x12, x13, #32, #32 + ldr w14, [x8, x14, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x16, #0, #8 + eor w14, w14, w15, ror 24 + ubfx x15, x17, #16, #8 + eor w14, w14, w21, ror 8 + ubfx x21, x17, #56, #8 + eor w13, w14, w22, ror 16 + ubfx x22, x16, #40, #8 + ldr w19, [x8, x19, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w15, [x8, x15, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w19, ror 24 + ldp x16, x17, [x28], #16 + eor w15, w15, w22, ror 8 + eor w15, w15, w21, ror 24 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + subs w27, w27, #2 + bne L_AES_XTS_decrypt_loop_nr_partial_2 + ubfx x16, x13, #48, #8 + ubfx x20, x12, #24, #8 + ubfx x21, x13, #8, #8 + ubfx x22, x12, #32, #8 + ldr x14, [x8] + ldr x14, [x8, #64] + ldr x14, [x8, #128] + ldr x14, [x8, #192] + ldr x14, [x8, #256] + ldr x14, [x8, #320] + ldr x14, [x8, #384] + ldr x14, [x8, #448] + ldr x14, [x8, #512] + ldr x14, [x8, #576] + ldr x14, [x8, #640] + ldr x14, [x8, #704] + ldr x14, [x8, #768] + ldr x14, [x8, #832] + ldr x14, [x8, #896] + ldr x14, [x8, #960] + ldr w16, [x8, x16, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x17, x12, #16, #8 + eor w16, w16, w20, ror 24 + ubfx x20, x12, #56, #8 + eor w16, w16, w21, ror 8 + ubfx x21, x13, #40, #8 + eor w16, w16, w22, ror 16 + ubfx x22, x13, #0, #8 + ldr w17, [x8, x17, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x19, x12, #48, #8 + eor w17, w17, w20, ror 24 + ubfx x20, x13, #24, #8 + eor w17, w17, w21, ror 8 + ubfx x21, x12, #8, #8 + eor w17, w17, w22, ror 16 + ubfx x22, x13, #32, #8 + bfi x16, x17, #32, #32 + ldr w19, [x8, x19, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w22, [x8, x22, LSL 2] + ubfx x14, x12, #0, #8 + eor w19, w19, w20, ror 24 + ubfx x20, x13, #16, #8 + eor w19, w19, w21, ror 8 + ubfx x21, x13, #56, #8 + eor w17, w19, w22, ror 16 + ubfx x22, x12, #40, #8 + ldr w14, [x8, x14, LSL 2] + ldr w21, [x8, x21, LSL 2] + ldr w20, [x8, x20, LSL 2] + ldr w22, [x8, x22, LSL 2] + eor w21, w21, w14, ror 24 + ldp x12, x13, [x28], #16 + eor w20, w20, w22, ror 8 + eor w20, w20, w21, ror 24 + bfi x17, x20, #32, #32 + # XOR in Key Schedule + eor x16, x16, x12 + eor x17, x17, x13 + ubfx x12, x16, #32, #8 + ubfx x15, x17, #8, #8 + ubfx x21, x17, #48, #8 + ubfx x22, x16, #24, #8 + ldr x20, [x9] + ldr x20, [x9, #64] + ldr x20, [x9, #128] + ldr x20, [x9, #192] + ldrb w12, [x9, x12, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ubfx x13, x17, #0, #8 + eor w12, w12, w15, lsl 8 + ubfx x15, x17, #40, #8 + eor w12, w12, w21, lsl 16 + ubfx x21, x16, #16, #8 + eor w12, w12, w22, lsl 24 + ubfx x22, x16, #56, #8 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w13, [x9, x13, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x14, x17, #32, #8 + eor w13, w13, w15, lsl 8 + ubfx x15, x16, #8, #8 + eor w13, w13, w21, lsl 16 + ubfx x21, x16, #48, #8 + eor w13, w13, w22, lsl 24 + ubfx x22, x17, #24, #8 + bfi x12, x13, #32, #32 + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + ldrb w14, [x9, x14, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ubfx x20, x17, #56, #8 + eor w14, w14, w15, lsl 8 + ubfx x15, x16, #0, #8 + eor w14, w14, w21, lsl 16 + ubfx x21, x16, #40, #8 + eor w13, w14, w22, lsl 24 + ubfx x22, x17, #16, #8 + ldrb w20, [x9, x20, LSL 0] + ldrb w21, [x9, x21, LSL 0] + ldrb w15, [x9, x15, LSL 0] + ldrb w22, [x9, x22, LSL 0] + eor w21, w21, w20, lsl 16 + ldp x16, x17, [x28] + eor w15, w15, w21, lsl 8 + eor w15, w15, w22, lsl 16 + bfi x13, x15, #32, #32 + # XOR in Key Schedule + eor x12, x12, x16 + eor x13, x13, x17 + rev32 x12, x12 + rev32 x13, x13 + eor x12, x12, x23 + eor x13, x13, x24 + stp x12, x13, [x1] +L_AES_XTS_decrypt_done_data: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldp x22, x23, [x29, #56] + ldp x24, x25, [x29, #72] + ldp x26, x27, [x29, #88] + ldr x28, [x29, #104] + ldp x29, x30, [sp], #0x70 + ret +#ifndef __APPLE__ + .size AES_XTS_decrypt,.-AES_XTS_decrypt +#endif /* __APPLE__ */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP */ #endif /* !defined(NO_AES) && defined(WOLFSSL_ARMASM) */ #endif /* __aarch64__ */ #endif /* WOLFSSL_ARMASM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-aes-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43562,6 +43562,13215 @@ #endif /* HAVE_AES_DECRYPT */ #endif /* WOLFSSL_AES_XTS */ #endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#ifndef WOLFSSL_ARMASM_NO_NEON +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +static const word8 L_AES_ARM64_NEON_te[] = { + 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, + 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76, + 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, + 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0, + 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, + 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15, + 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, + 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75, + 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, + 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84, + 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, + 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf, + 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, + 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8, + 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, + 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2, + 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, + 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73, + 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, + 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb, + 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, + 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79, + 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, + 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08, + 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, + 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a, + 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, + 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e, + 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, + 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf, + 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, + 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16, +}; + +static const word8 L_AES_ARM64_NEON_shift_rows_shuffle[] = { + 0x0c, 0x09, 0x06, 0x03, 0x00, 0x0d, 0x0a, 0x07, + 0x04, 0x01, 0x0e, 0x0b, 0x08, 0x05, 0x02, 0x0f, +}; + +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +void AES_invert_key_NEON(unsigned char* ks, word32 rounds); +void AES_invert_key_NEON(unsigned char* ks, word32 rounds) +{ + __asm__ __volatile__ ( + "add x3, %x[ks], %x[rounds], lsl 4\n\t" + "mov x2, %x[ks]\n\t" + "mov w4, %w[rounds]\n\t" + "\n" + "L_AES_invert_key_NEON_loop_%=: \n\t" + "ld1 {v0.2d}, [x2]\n\t" + "ld1 {v1.2d}, [x3]\n\t" + "st1 {v0.2d}, [x3]\n\t" + "st1 {v1.2d}, [x2], #16\n\t" + "subs w4, w4, #2\n\t" + "sub x3, x3, #16\n\t" + "b.ne L_AES_invert_key_NEON_loop_%=\n\t" + "movi v2.16b, #27\n\t" + "add x2, %x[ks], #16\n\t" + "sub w4, %w[rounds], #1\n\t" + "\n" + "L_AES_invert_key_NEON_mix_loop_%=: \n\t" + "ld1 {v0.2d}, [x2]\n\t" + "sshr v5.16b, v0.16b, #7\n\t" + "ushr v6.16b, v0.16b, #6\n\t" + "ushr v3.16b, v0.16b, #5\n\t" + "and v5.16b, v5.16b, v2.16b\n\t" + "pmul v6.16b, v6.16b, v2.16b\n\t" + "pmul v3.16b, v3.16b, v2.16b\n\t" + "shl v4.16b, v0.16b, #1\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "shl v4.16b, v0.16b, #3\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "eor v6.16b, v6.16b, v4.16b\n\t" + "eor v4.16b, v5.16b, v3.16b\n\t" + "eor v3.16b, v3.16b, v0.16b\n\t" + "eor v5.16b, v6.16b, v3.16b\n\t" + "eor v6.16b, v6.16b, v4.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "shl v0.4s, v4.4s, #8\n\t" + "rev32 v5.8h, v5.8h\n\t" + "sri v0.4s, v4.4s, #24\n\t" + "eor v0.16b, v0.16b, v6.16b\n\t" + "shl v4.4s, v3.4s, #24\n\t" + "eor v0.16b, v0.16b, v5.16b\n\t" + "sri v4.4s, v3.4s, #8\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.2d}, [x2], #16\n\t" + "subs w4, w4, #1\n\t" + "b.ne L_AES_invert_key_NEON_mix_loop_%=\n\t" + : [ks] "+r" (ks), [rounds] "+r" (rounds) + : + : "memory", "cc", "x2", "x3", "x4", "v0", "v1", "v2", "v3", "v4", "v5", + "v6" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +static const word32 L_AES_ARM64_NEON_rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1b000000, 0x36000000, +}; + +void AES_set_encrypt_key_NEON(const unsigned char* key, word32 len, + unsigned char* ks); +void AES_set_encrypt_key_NEON(const unsigned char* key, word32 len, + unsigned char* ks) +{ + const word32* rcon = L_AES_ARM64_NEON_rcon; + const word8* te = L_AES_ARM64_NEON_te; + __asm__ __volatile__ ( + "ld1 {v6.16b, v7.16b, v8.16b, v9.16b}, [%[te]], #0x40\n\t" + "ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [%[te]], #0x40\n\t" + "ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [%[te]], #0x40\n\t" + "ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [%[te]]\n\t" + "movi v2.16b, #0x40\n\t" + "movi v3.16b, #0x80\n\t" + "movi v4.16b, #0xc0\n\t" + "movi v5.16b, #27\n\t" + "eor v26.16b, v26.16b, v26.16b\n\t" + "cmp %w[len], #0x80\n\t" + "b.eq L_AES_set_encrypt_key_NEON_start_128_%=\n\t" + "cmp %w[len], #0xc0\n\t" + "b.eq L_AES_set_encrypt_key_NEON_start_192_%=\n\t" + "ld1 {v0.16b}, [%x[key]], #16\n\t" + "ld1 {v1.16b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "st1 {v1.2d}, [%x[ks]], #16\n\t" + "mov x3, #6\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_256_%=: \n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "eor v22.16b, v0.16b, v2.16b\n\t" + "eor v23.16b, v0.16b, v3.16b\n\t" + "eor v24.16b, v0.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "eor v1.16b, v1.16b, v25.16b\n\t" + "dup v22.4s, v1.s[0]\n\t" + "dup v23.2s, v1.s[1]\n\t" + "dup v24.2s, v1.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v1.16b, v1.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "eor v1.16b, v1.16b, v24.16b\n\t" + "st1 {v1.2d}, [%x[ks]], #16\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_256_%=\n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "b L_AES_set_encrypt_key_NEON_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_start_192_%=: \n\t" + "ld1 {v0.16b}, [%x[key]], #16\n\t" + "ld1 {v1.8b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.8b, v1.8b\n\t" + "st1 {v0.16b}, [%x[ks]], #16\n\t" + "st1 {v1.8b}, [%x[ks]], #8\n\t" + "ext v1.16b, v1.16b, v1.16b, #8\n\t" + "mov x3, #7\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_192_%=: \n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "mov v23.16b, v26.16b\n\t" + "mov v23.s[2], v0.s[3]\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "mov v23.16b, v26.16b\n\t" + "mov v23.s[3], v1.s[2]\n\t" + "eor v1.16b, v1.16b, v23.16b\n\t" + "st1 {v1.d}[1], [%x[ks]], #8\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_192_%=\n\t" + "eor v22.16b, v1.16b, v2.16b\n\t" + "eor v23.16b, v1.16b, v3.16b\n\t" + "eor v24.16b, v1.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v1.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "b L_AES_set_encrypt_key_NEON_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_start_128_%=: \n\t" + "ld1 {v0.16b}, [%x[key]]\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "mov x3, #10\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_loop_128_%=: \n\t" + "eor v22.16b, v0.16b, v2.16b\n\t" + "eor v23.16b, v0.16b, v3.16b\n\t" + "eor v24.16b, v0.16b, v4.16b\n\t" + "tbl v25.16b, {v6.16b, v7.16b, v8.16b, v9.16b}, v0.16b\n\t" + "tbl v22.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v22.16b\n\t" + "tbl v23.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v23.16b\n\t" + "tbl v24.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v24.16b\n\t" + "orr v25.16b, v25.16b, v22.16b\n\t" + "orr v23.16b, v23.16b, v24.16b\n\t" + "orr v25.16b, v25.16b, v23.16b\n\t" + "ext v25.16b, v25.16b, v26.16b, #12\n\t" + "shl v22.4s, v25.4s, #8\n\t" + "sri v22.4s, v25.4s, #24\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ld1r {v25.4s}, [%[rcon]], #4\n\t" + "dup v22.4s, v0.s[0]\n\t" + "dup v23.2s, v0.s[1]\n\t" + "dup v24.2s, v0.s[2]\n\t" + "ext v22.16b, v26.16b, v22.16b, #12\n\t" + "ext v23.16b, v26.16b, v23.16b, #8\n\t" + "eor v0.16b, v0.16b, v22.16b\n\t" + "ext v24.16b, v26.16b, v24.16b, #4\n\t" + "eor v0.16b, v0.16b, v23.16b\n\t" + "eor v0.16b, v0.16b, v24.16b\n\t" + "eor v0.16b, v0.16b, v25.16b\n\t" + "st1 {v0.2d}, [%x[ks]], #16\n\t" + "subs x3, x3, #1\n\t" + "b.ne L_AES_set_encrypt_key_NEON_loop_128_%=\n\t" + "\n" + "L_AES_set_encrypt_key_NEON_end_%=: \n\t" + : [len] "+r" (len), [ks] "+r" (ks) + : [key] "r" (key), [rcon] "r" (rcon), [te] "r" (te) + : "memory", "cc", "x3", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", + "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", + "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", "v26" + ); +} + +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +void AES_ECB_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_ECB_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_4_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_ECB_encrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_ECB_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_ECB_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_2_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_ECB_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_ECB_encrypt_NEON_data_done_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x7", "x8", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +void AES_CBC_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v10.16b, v11.16b, v12.16b, v13.16b}, [%[te]], #0x40\n\t" + "ld1 {v14.16b, v15.16b, v16.16b, v17.16b}, [%[te]], #0x40\n\t" + "ld1 {v18.16b, v19.16b, v20.16b, v21.16b}, [%[te]], #0x40\n\t" + "ld1 {v22.16b, v23.16b, v24.16b, v25.16b}, [%[te]]\n\t" + "movi v6.16b, #0x40\n\t" + "movi v7.16b, #0x80\n\t" + "movi v8.16b, #0xc0\n\t" + "movi v9.16b, #27\n\t" + "ld1 {v0.2d}, [%x[iv]]\n\t" + "ld1 {v26.2d}, [%[shuffle]]\n\t" + "\n" + "L_AES_CBC_encrypt_NEON_loop_block_%=: \n\t" + "add x9, %x[ks], #16\n\t" + "ld1 {v1.16b}, [%x[in]], #16\n\t" + "ld1 {v2.16b}, [%x[ks]]\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v2.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_encrypt_NEON_loop_nr_%=: \n\t" + "eor v2.16b, v0.16b, v6.16b\n\t" + "eor v3.16b, v0.16b, v7.16b\n\t" + "eor v4.16b, v0.16b, v8.16b\n\t" + "tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v1.16b, v1.16b, v3.16b\n\t" + "tbl v1.16b, {v1.16b}, v26.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v4.16b, v1.16b, #7\n\t" + "shl v3.16b, v1.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v1.8h\n\t" + "eor v5.16b, v4.16b, v1.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v1.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "sri v3.4s, v1.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v1.16b, v4.16b, v3.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v2.16b, v1.16b, v6.16b\n\t" + "eor v3.16b, v1.16b, v7.16b\n\t" + "eor v4.16b, v1.16b, v8.16b\n\t" + "tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v0.16b, v0.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v0.16b, v0.16b, v3.16b\n\t" + "tbl v0.16b, {v0.16b}, v26.16b\n\t" + "ld1 {v1.2d}, [x9], #16\n\t" + "sshr v4.16b, v0.16b, #7\n\t" + "shl v3.16b, v0.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v0.8h\n\t" + "eor v5.16b, v4.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v0.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v1.16b\n\t" + "sri v3.4s, v0.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v0.16b, v4.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_encrypt_NEON_loop_nr_%=\n\t" + "eor v2.16b, v0.16b, v6.16b\n\t" + "eor v3.16b, v0.16b, v7.16b\n\t" + "eor v4.16b, v0.16b, v8.16b\n\t" + "tbl v1.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v0.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v1.16b, v1.16b, v3.16b\n\t" + "tbl v1.16b, {v1.16b}, v26.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v4.16b, v1.16b, #7\n\t" + "shl v3.16b, v1.16b, #1\n\t" + "and v4.16b, v4.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "rev32 v2.8h, v1.8h\n\t" + "eor v5.16b, v4.16b, v1.16b\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "shl v3.4s, v1.4s, #24\n\t" + "shl v2.4s, v5.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "sri v3.4s, v1.4s, #8\n\t" + "sri v2.4s, v5.4s, #24\n\t" + "eor v1.16b, v4.16b, v3.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v2.16b, v1.16b, v6.16b\n\t" + "eor v3.16b, v1.16b, v7.16b\n\t" + "eor v4.16b, v1.16b, v8.16b\n\t" + "tbl v0.16b, {v10.16b, v11.16b, v12.16b, v13.16b}, v1.16b\n\t" + "tbl v2.16b, {v14.16b, v15.16b, v16.16b, v17.16b}, v2.16b\n\t" + "tbl v3.16b, {v18.16b, v19.16b, v20.16b, v21.16b}, v3.16b\n\t" + "tbl v4.16b, {v22.16b, v23.16b, v24.16b, v25.16b}, v4.16b\n\t" + "orr v0.16b, v0.16b, v2.16b\n\t" + "orr v3.16b, v3.16b, v4.16b\n\t" + "orr v0.16b, v0.16b, v3.16b\n\t" + "tbl v0.16b, {v0.16b}, v26.16b\n\t" + "ld1 {v1.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "subs %x[len], %x[len], #16\n\t" + "b.ne L_AES_CBC_encrypt_NEON_loop_block_%=\n\t" + "st1 {v0.2d}, [%x[iv]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26" + ); +} + +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +void AES_CTR_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_CTR_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "ld1 {v2.2d}, [%x[ctr]]\n\t" + "rev64 v8.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x10, v8.d[1]\n\t" + "mov x11, v8.d[0]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_CTR_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_4_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v1.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v2.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "eor v3.16b, v8.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v8.d[1], x10\n\t" + "mov v8.d[0], x11\n\t" + "rev64 v8.16b, v8.16b\n\t" + "rev32 v8.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_CTR_encrypt_NEON_loop_4_%=\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_CTR_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_CTR_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_2_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "eor v1.16b, v2.16b, v4.16b\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_CTR_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CTR_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x9], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "adds x10, x10, #1\n\t" + "adc x11, x11, xzr\n\t" + "mov v2.d[1], x10\n\t" + "mov v2.d[0], x11\n\t" + "rev64 v2.16b, v2.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "\n" + "L_AES_CTR_encrypt_NEON_data_done_%=: \n\t" + "rev32 v2.16b, v2.16b\n\t" + "st1 {v2.2d}, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "v0", "v1", "v2", "v3", + "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", + "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", + "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +static const word8 L_AES_ARM64_NEON_td[] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, +}; + +static const word8 L_AES_ARM64_NEON_shift_rows_invshuffle[] = { + 0x04, 0x09, 0x0e, 0x03, 0x08, 0x0d, 0x02, 0x07, + 0x0c, 0x01, 0x06, 0x0b, 0x00, 0x05, 0x0a, 0x0f, +}; + +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +void AES_ECB_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word8* td = L_AES_ARM64_NEON_td; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_ECB_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_4_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "ushr v14.16b, v2.16b, #6\n\t" + "ushr v15.16b, v3.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "shl v6.16b, v2.16b, #2\n\t" + "shl v7.16b, v3.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "ushr v6.16b, v2.16b, #5\n\t" + "ushr v7.16b, v3.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v0.16b, #3\n\t" + "shl v29.16b, v1.16b, #3\n\t" + "shl v30.16b, v2.16b, #3\n\t" + "shl v31.16b, v3.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v4.16b\n\t" + "eor v29.16b, v9.16b, v5.16b\n\t" + "eor v30.16b, v10.16b, v6.16b\n\t" + "eor v31.16b, v11.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v10.16b, v14.16b, v6.16b\n\t" + "eor v11.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v0.16b\n\t" + "eor v29.16b, v29.16b, v1.16b\n\t" + "eor v30.16b, v30.16b, v2.16b\n\t" + "eor v31.16b, v31.16b, v3.16b\n\t" + "shl v0.4s, v28.4s, #8\n\t" + "shl v1.4s, v29.4s, #8\n\t" + "shl v2.4s, v30.4s, #8\n\t" + "shl v3.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v0.4s, v28.4s, #24\n\t" + "sri v1.4s, v29.4s, #24\n\t" + "sri v2.4s, v30.4s, #24\n\t" + "sri v3.4s, v31.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_ECB_decrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_start_2_%=: \n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_ECB_decrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_ECB_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_2_%=: \n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "pmul v4.16b, v4.16b, v10.16b\n\t" + "pmul v5.16b, v5.16b, v10.16b\n\t" + "shl v10.16b, v0.16b, #3\n\t" + "shl v11.16b, v1.16b, #3\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v4.16b\n\t" + "eor v11.16b, v9.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v0.16b\n\t" + "eor v11.16b, v11.16b, v1.16b\n\t" + "shl v0.4s, v10.4s, #8\n\t" + "shl v1.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v0.4s, v10.4s, #24\n\t" + "sri v1.4s, v11.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "shl v10.4s, v4.4s, #24\n\t" + "shl v11.4s, v5.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "sri v10.4s, v4.4s, #8\n\t" + "sri v11.4s, v5.4s, #8\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x8], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x8], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_ECB_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_start_1_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "mov x8, %x[ks]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + "rev32 v0.16b, v0.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w7, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w7, w7, #2\n\t" + "b.ne L_AES_ECB_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x8], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_ECB_decrypt_NEON_data_done_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), + [invshuffle] "r" (invshuffle) + : "memory", "cc", "x7", "x8", "v0", "v1", "v2", "v3", "v4", "v5", "v6", + "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", + "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", "v25", + "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +void AES_CBC_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_decrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* td = L_AES_ARM64_NEON_td; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-96]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "ld1 {v3.2d}, [%x[iv]]\n\t" + "add x10, x29, #16\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_CBC_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_4_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "st1 {v3.2d, v4.2d, v5.2d, v6.2d}, [x10]\n\t" + "str q7, [x10, #64]\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "rev32 v6.16b, v6.16b\n\t" + "rev32 v7.16b, v7.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "eor v2.16b, v6.16b, v12.16b\n\t" + "eor v3.16b, v7.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v13.16b\n\t" + "eor v1.16b, v5.16b, v13.16b\n\t" + "eor v2.16b, v6.16b, v13.16b\n\t" + "eor v3.16b, v7.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "eor v2.16b, v6.16b, v14.16b\n\t" + "eor v3.16b, v7.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "tbl v10.16b, {v10.16b}, v4.16b\n\t" + "tbl v11.16b, {v11.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "sshr v2.16b, v10.16b, #7\n\t" + "sshr v3.16b, v11.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "shl v14.16b, v10.16b, #1\n\t" + "shl v15.16b, v11.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "ushr v14.16b, v10.16b, #6\n\t" + "ushr v15.16b, v11.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "shl v6.16b, v10.16b, #2\n\t" + "shl v7.16b, v11.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "ushr v6.16b, v10.16b, #5\n\t" + "ushr v7.16b, v11.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v8.16b, #3\n\t" + "shl v29.16b, v9.16b, #3\n\t" + "shl v30.16b, v10.16b, #3\n\t" + "shl v31.16b, v11.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v4.16b\n\t" + "eor v29.16b, v1.16b, v5.16b\n\t" + "eor v30.16b, v2.16b, v6.16b\n\t" + "eor v31.16b, v3.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v2.16b, v14.16b, v6.16b\n\t" + "eor v3.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v8.16b\n\t" + "eor v29.16b, v29.16b, v9.16b\n\t" + "eor v30.16b, v30.16b, v10.16b\n\t" + "eor v31.16b, v31.16b, v11.16b\n\t" + "shl v8.4s, v28.4s, #8\n\t" + "shl v9.4s, v29.4s, #8\n\t" + "shl v10.4s, v30.4s, #8\n\t" + "shl v11.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v8.4s, v28.4s, #24\n\t" + "sri v9.4s, v29.4s, #24\n\t" + "sri v10.4s, v30.4s, #24\n\t" + "sri v11.4s, v31.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "eor v10.16b, v10.16b, v2.16b\n\t" + "eor v11.16b, v11.16b, v3.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v4.16b\n\t" + /* Round Done */ + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "eor v2.16b, v10.16b, v12.16b\n\t" + "eor v3.16b, v11.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v13.16b\n\t" + "eor v1.16b, v9.16b, v13.16b\n\t" + "eor v2.16b, v10.16b, v13.16b\n\t" + "eor v3.16b, v11.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "eor v2.16b, v10.16b, v14.16b\n\t" + "eor v3.16b, v11.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "tbl v6.16b, {v6.16b}, v8.16b\n\t" + "tbl v7.16b, {v7.16b}, v8.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v4.16b, #7\n\t" + "sshr v1.16b, v5.16b, #7\n\t" + "sshr v2.16b, v6.16b, #7\n\t" + "sshr v3.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v8.16b, v4.16b, #2\n\t" + "shl v9.16b, v5.16b, #2\n\t" + "shl v10.16b, v6.16b, #2\n\t" + "shl v11.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v8.16b\n\t" + "eor v13.16b, v13.16b, v9.16b\n\t" + "eor v14.16b, v14.16b, v10.16b\n\t" + "eor v15.16b, v15.16b, v11.16b\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "ushr v9.16b, v5.16b, #5\n\t" + "ushr v10.16b, v6.16b, #5\n\t" + "ushr v11.16b, v7.16b, #5\n\t" + "pmul v8.16b, v8.16b, v28.16b\n\t" + "pmul v9.16b, v9.16b, v28.16b\n\t" + "pmul v10.16b, v10.16b, v28.16b\n\t" + "pmul v11.16b, v11.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v8.16b\n\t" + "eor v29.16b, v1.16b, v9.16b\n\t" + "eor v30.16b, v2.16b, v10.16b\n\t" + "eor v31.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v5.16b\n\t" + "eor v10.16b, v10.16b, v6.16b\n\t" + "eor v11.16b, v11.16b, v7.16b\n\t" + "eor v0.16b, v12.16b, v8.16b\n\t" + "eor v1.16b, v13.16b, v9.16b\n\t" + "eor v2.16b, v14.16b, v10.16b\n\t" + "eor v3.16b, v15.16b, v11.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v8.4s, #24\n\t" + "shl v29.4s, v9.4s, #24\n\t" + "shl v30.4s, v10.4s, #24\n\t" + "shl v31.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "sri v28.4s, v8.4s, #8\n\t" + "sri v29.4s, v9.4s, #8\n\t" + "sri v30.4s, v10.4s, #8\n\t" + "sri v31.4s, v11.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v10.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v11.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "eor v2.16b, v6.16b, v12.16b\n\t" + "eor v3.16b, v7.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v13.16b\n\t" + "eor v1.16b, v5.16b, v13.16b\n\t" + "eor v2.16b, v6.16b, v13.16b\n\t" + "eor v3.16b, v7.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "eor v2.16b, v6.16b, v14.16b\n\t" + "eor v3.16b, v7.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "orr v10.16b, v10.16b, v2.16b\n\t" + "orr v11.16b, v11.16b, v3.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "tbl v10.16b, {v10.16b}, v4.16b\n\t" + "tbl v11.16b, {v11.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "sshr v2.16b, v10.16b, #7\n\t" + "sshr v3.16b, v11.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "shl v14.16b, v10.16b, #1\n\t" + "shl v15.16b, v11.16b, #1\n\t" + "and v0.16b, v0.16b, v28.16b\n\t" + "and v1.16b, v1.16b, v28.16b\n\t" + "and v2.16b, v2.16b, v28.16b\n\t" + "and v3.16b, v3.16b, v28.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "ushr v14.16b, v10.16b, #6\n\t" + "ushr v15.16b, v11.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "shl v6.16b, v10.16b, #2\n\t" + "shl v7.16b, v11.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "ushr v6.16b, v10.16b, #5\n\t" + "ushr v7.16b, v11.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v8.16b, #3\n\t" + "shl v29.16b, v9.16b, #3\n\t" + "shl v30.16b, v10.16b, #3\n\t" + "shl v31.16b, v11.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v0.16b, v4.16b\n\t" + "eor v29.16b, v1.16b, v5.16b\n\t" + "eor v30.16b, v2.16b, v6.16b\n\t" + "eor v31.16b, v3.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v2.16b, v14.16b, v6.16b\n\t" + "eor v3.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v8.16b\n\t" + "eor v29.16b, v29.16b, v9.16b\n\t" + "eor v30.16b, v30.16b, v10.16b\n\t" + "eor v31.16b, v31.16b, v11.16b\n\t" + "shl v8.4s, v28.4s, #8\n\t" + "shl v9.4s, v29.4s, #8\n\t" + "shl v10.4s, v30.4s, #8\n\t" + "shl v11.4s, v31.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "sri v8.4s, v28.4s, #24\n\t" + "sri v9.4s, v29.4s, #24\n\t" + "sri v10.4s, v30.4s, #24\n\t" + "sri v11.4s, v31.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "eor v10.16b, v10.16b, v2.16b\n\t" + "eor v11.16b, v11.16b, v3.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v8.16b, v8.16b, v28.16b\n\t" + "eor v9.16b, v9.16b, v29.16b\n\t" + "eor v10.16b, v10.16b, v30.16b\n\t" + "eor v11.16b, v11.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v4.16b\n\t" + /* Round Done */ + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v10.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v11.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "eor v2.16b, v10.16b, v12.16b\n\t" + "eor v3.16b, v11.16b, v12.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "tbl v2.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v2.16b\n\t" + "tbl v3.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v13.16b\n\t" + "eor v1.16b, v9.16b, v13.16b\n\t" + "eor v2.16b, v10.16b, v13.16b\n\t" + "eor v3.16b, v11.16b, v13.16b\n\t" + "tbl v0.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "eor v2.16b, v10.16b, v14.16b\n\t" + "eor v3.16b, v11.16b, v14.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "tbl v3.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "orr v6.16b, v6.16b, v2.16b\n\t" + "orr v7.16b, v7.16b, v3.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "tbl v6.16b, {v6.16b}, v8.16b\n\t" + "tbl v7.16b, {v7.16b}, v8.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v6.16b, v6.16b, v8.16b\n\t" + "eor v7.16b, v7.16b, v8.16b\n\t" + /* Round Done */ + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "rev32 v6.16b, v6.16b\n\t" + "rev32 v7.16b, v7.16b\n\t" + "ld1 {v8.2d, v9.2d, v10.2d, v11.2d}, [x10]\n\t" + "ldr q3, [x10, #64]\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "st1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_CBC_decrypt_NEON_loop_4_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_start_2_%=: \n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_CBC_decrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_CBC_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_2_%=: \n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "st1 {v3.2d, v4.2d, v5.2d}, [x10]\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v4.16b, v13.16b\n\t" + "eor v3.16b, v5.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "orr v8.16b, v8.16b, v2.16b\n\t" + "orr v9.16b, v9.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "pmul v4.16b, v4.16b, v2.16b\n\t" + "pmul v5.16b, v5.16b, v2.16b\n\t" + "shl v2.16b, v8.16b, #3\n\t" + "shl v3.16b, v9.16b, #3\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v4.16b\n\t" + "eor v3.16b, v1.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "eor v3.16b, v3.16b, v9.16b\n\t" + "shl v8.4s, v2.4s, #8\n\t" + "shl v9.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v8.4s, v2.4s, #24\n\t" + "sri v9.4s, v3.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "shl v2.4s, v4.4s, #24\n\t" + "shl v3.4s, v5.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "sri v2.4s, v4.4s, #8\n\t" + "sri v3.4s, v5.4s, #8\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v8.16b, v13.16b\n\t" + "eor v3.16b, v9.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v2.16b\n\t" + "orr v5.16b, v5.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v4.16b, #7\n\t" + "sshr v1.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v8.16b, v4.16b, #2\n\t" + "shl v9.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v8.16b\n\t" + "eor v13.16b, v13.16b, v9.16b\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "ushr v9.16b, v5.16b, #5\n\t" + "pmul v8.16b, v8.16b, v2.16b\n\t" + "pmul v9.16b, v9.16b, v2.16b\n\t" + "shl v2.16b, v4.16b, #3\n\t" + "shl v3.16b, v5.16b, #3\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v8.16b\n\t" + "eor v3.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v5.16b\n\t" + "eor v0.16b, v12.16b, v8.16b\n\t" + "eor v1.16b, v13.16b, v9.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v5.16b\n\t" + "shl v4.4s, v2.4s, #8\n\t" + "shl v5.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v4.4s, v2.4s, #24\n\t" + "sri v5.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v2.4s, v8.4s, #24\n\t" + "shl v3.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "sri v2.4s, v8.4s, #8\n\t" + "sri v3.4s, v9.4s, #8\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + /* Round Done */ + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v5.16b, v12.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v9.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v4.16b, v13.16b\n\t" + "eor v3.16b, v5.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v4.16b, v14.16b\n\t" + "eor v1.16b, v5.16b, v14.16b\n\t" + "orr v8.16b, v8.16b, v2.16b\n\t" + "orr v9.16b, v9.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v9.16b, v9.16b, v1.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v8.16b, {v8.16b}, v4.16b\n\t" + "tbl v9.16b, {v9.16b}, v4.16b\n\t" + "movi v2.16b, #27\n\t" + "sshr v0.16b, v8.16b, #7\n\t" + "sshr v1.16b, v9.16b, #7\n\t" + "shl v12.16b, v8.16b, #1\n\t" + "shl v13.16b, v9.16b, #1\n\t" + "and v0.16b, v0.16b, v2.16b\n\t" + "and v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "ushr v12.16b, v8.16b, #6\n\t" + "ushr v13.16b, v9.16b, #6\n\t" + "shl v4.16b, v8.16b, #2\n\t" + "shl v5.16b, v9.16b, #2\n\t" + "pmul v12.16b, v12.16b, v2.16b\n\t" + "pmul v13.16b, v13.16b, v2.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v8.16b, #5\n\t" + "ushr v5.16b, v9.16b, #5\n\t" + "pmul v4.16b, v4.16b, v2.16b\n\t" + "pmul v5.16b, v5.16b, v2.16b\n\t" + "shl v2.16b, v8.16b, #3\n\t" + "shl v3.16b, v9.16b, #3\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v2.16b, v0.16b, v4.16b\n\t" + "eor v3.16b, v1.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v0.16b, v12.16b, v4.16b\n\t" + "eor v1.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v2.16b\n\t" + "eor v13.16b, v13.16b, v3.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "eor v3.16b, v3.16b, v9.16b\n\t" + "shl v8.4s, v2.4s, #8\n\t" + "shl v9.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "sri v8.4s, v2.4s, #24\n\t" + "sri v9.4s, v3.4s, #24\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "shl v2.4s, v4.4s, #24\n\t" + "shl v3.4s, v5.4s, #24\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v9.16b, v9.16b, v1.16b\n\t" + "sri v2.4s, v4.4s, #8\n\t" + "sri v3.4s, v5.4s, #8\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v9.16b, v9.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x9], #16\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v9.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v9.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v1.16b\n\t" + "eor v2.16b, v8.16b, v13.16b\n\t" + "eor v3.16b, v9.16b, v13.16b\n\t" + "tbl v2.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v2.16b\n\t" + "tbl v3.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v3.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "eor v0.16b, v8.16b, v14.16b\n\t" + "eor v1.16b, v9.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v2.16b\n\t" + "orr v5.16b, v5.16b, v3.16b\n\t" + "tbl v0.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v0.16b\n\t" + "tbl v1.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v1.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v5.16b, v5.16b, v1.16b\n\t" + "ld1 {v8.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v8.16b\n\t" + "tbl v5.16b, {v5.16b}, v8.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v8.2d}, [x9], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + /* Round Done */ + "rev32 v4.16b, v4.16b\n\t" + "rev32 v5.16b, v5.16b\n\t" + "ld1 {v1.16b, v2.16b, v3.16b}, [x10]\n\t" + "eor v4.16b, v4.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v2.16b\n\t" + "st1 {v4.16b, v5.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #32\n\t" + "b.ge L_AES_CBC_decrypt_NEON_loop_2_%=\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_CBC_decrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_start_1_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v7.2d}, [%[invshuffle]]\n\t" + "mov x9, %x[ks]\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "mov v10.16b, v3.16b\n\t" + "mov v11.16b, v4.16b\n\t" + "ld1 {v8.16b}, [x9], #16\n\t" + "rev32 v4.16b, v4.16b\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "sub w8, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v4.16b, v13.16b\n\t" + "eor v2.16b, v4.16b, v14.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v8.16b, v8.16b, v1.16b\n\t" + "tbl v8.16b, {v8.16b}, v7.16b\n\t" + "sshr v2.16b, v8.16b, #7\n\t" + "ushr v3.16b, v8.16b, #6\n\t" + "ushr v0.16b, v8.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v8.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v8.16b\n\t" + "shl v8.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v8.4s, v1.4s, #24\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v8.16b, v8.16b, v1.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v8.16b, v13.16b\n\t" + "eor v2.16b, v8.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v4.16b, v4.16b, v1.16b\n\t" + "tbl v4.16b, {v4.16b}, v7.16b\n\t" + "sshr v2.16b, v4.16b, #7\n\t" + "ushr v3.16b, v4.16b, #6\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v4.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v4.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v4.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "shl v4.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v4.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v4.16b, v4.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v4.16b, v4.16b, v1.16b\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "subs w8, w8, #2\n\t" + "b.ne L_AES_CBC_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v0.16b, v4.16b, v12.16b\n\t" + "eor v1.16b, v4.16b, v13.16b\n\t" + "eor v2.16b, v4.16b, v14.16b\n\t" + "tbl v8.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v8.16b, v8.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v8.16b, v8.16b, v1.16b\n\t" + "tbl v8.16b, {v8.16b}, v7.16b\n\t" + "sshr v2.16b, v8.16b, #7\n\t" + "ushr v3.16b, v8.16b, #6\n\t" + "ushr v0.16b, v8.16b, #5\n\t" + "and v2.16b, v2.16b, v15.16b\n\t" + "pmul v3.16b, v3.16b, v15.16b\n\t" + "pmul v0.16b, v0.16b, v15.16b\n\t" + "shl v1.16b, v8.16b, #1\n\t" + "eor v2.16b, v2.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #3\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "shl v1.16b, v8.16b, #2\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v2.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v2.16b, v3.16b, v0.16b\n\t" + "eor v3.16b, v3.16b, v1.16b\n\t" + "eor v1.16b, v1.16b, v8.16b\n\t" + "shl v8.4s, v1.4s, #8\n\t" + "rev32 v2.8h, v2.8h\n\t" + "sri v8.4s, v1.4s, #24\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "shl v1.4s, v0.4s, #24\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "sri v1.4s, v0.4s, #8\n\t" + "eor v8.16b, v8.16b, v1.16b\n\t" + "ld1 {v4.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v0.16b, v8.16b, v12.16b\n\t" + "eor v1.16b, v8.16b, v13.16b\n\t" + "eor v2.16b, v8.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v8.16b\n\t" + "tbl v0.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v0.16b\n\t" + "tbl v1.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v1.16b\n\t" + "tbl v2.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v2.16b\n\t" + "orr v4.16b, v4.16b, v0.16b\n\t" + "orr v1.16b, v1.16b, v2.16b\n\t" + "orr v4.16b, v4.16b, v1.16b\n\t" + "tbl v4.16b, {v4.16b}, v7.16b\n\t" + "ld1 {v8.2d}, [x9], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v8.16b\n\t" + "rev32 v4.16b, v4.16b\n\t" + "mov v3.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "st1 {v4.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_CBC_decrypt_NEON_data_done_%=: \n\t" + "st1 {v3.2d}, [%x[iv]]\n\t" + "ldp x29, x30, [sp], #0x60\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), + [invshuffle] "r" (invshuffle) + : "memory", "cc", "x8", "x9", "x10", "v0", "v1", "v2", "v3", "v4", "v5", + "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", + "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", + "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +void GCM_gmult_len_NEON(unsigned char* x, const unsigned char* h, + const unsigned char* data, unsigned long len); +void GCM_gmult_len_NEON(unsigned char* x, const unsigned char* h, + const unsigned char* data, unsigned long len) +{ + __asm__ __volatile__ ( + "ld1 {v18.2d}, [%x[x]]\n\t" + "ld1 {v10.2d}, [%x[h]]\n\t" + "movi v19.16b, #15\n\t" + "eor v20.16b, v20.16b, v20.16b\n\t" + "rbit v18.16b, v18.16b\n\t" + "rbit v10.16b, v10.16b\n\t" + "and v12.16b, v10.16b, v19.16b\n\t" + "ushr v13.16b, v10.16b, #4\n\t" + "eor v14.16b, v12.16b, v13.16b\n\t" + "\n" + "L_GCM_gmult_len_NEON_start_block_%=: \n\t" + "ld1 {v0.16b}, [%x[data]], #16\n\t" + "rbit v0.16b, v0.16b\n\t" + "eor v18.16b, v18.16b, v0.16b\n\t" + /* Mul 128x128 */ + "and v15.16b, v18.16b, v19.16b\n\t" + "ushr v16.16b, v18.16b, #4\n\t" + "eor v17.16b, v15.16b, v16.16b\n\t" + "dup v0.16b, v12.b[0]\n\t" + "dup v2.16b, v14.b[0]\n\t" + "dup v1.16b, v13.b[0]\n\t" + "pmul v8.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "dup v0.16b, v12.b[1]\n\t" + "dup v2.16b, v14.b[1]\n\t" + "dup v1.16b, v13.b[1]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v6.16b, v20.16b, v3.16b, #15\n\t" + "ext v9.16b, v3.16b, v20.16b, #15\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[2]\n\t" + "dup v2.16b, v14.b[2]\n\t" + "dup v1.16b, v13.b[2]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #14\n\t" + "ext v6.16b, v20.16b, v3.16b, #14\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[3]\n\t" + "dup v2.16b, v14.b[3]\n\t" + "dup v1.16b, v13.b[3]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #13\n\t" + "ext v6.16b, v20.16b, v3.16b, #13\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[4]\n\t" + "dup v2.16b, v14.b[4]\n\t" + "dup v1.16b, v13.b[4]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #12\n\t" + "ext v6.16b, v20.16b, v3.16b, #12\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[5]\n\t" + "dup v2.16b, v14.b[5]\n\t" + "dup v1.16b, v13.b[5]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #11\n\t" + "ext v6.16b, v20.16b, v3.16b, #11\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[6]\n\t" + "dup v2.16b, v14.b[6]\n\t" + "dup v1.16b, v13.b[6]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #10\n\t" + "ext v6.16b, v20.16b, v3.16b, #10\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[7]\n\t" + "dup v2.16b, v14.b[7]\n\t" + "dup v1.16b, v13.b[7]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #9\n\t" + "ext v6.16b, v20.16b, v3.16b, #9\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[8]\n\t" + "dup v2.16b, v14.b[8]\n\t" + "dup v1.16b, v13.b[8]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #8\n\t" + "ext v6.16b, v20.16b, v3.16b, #8\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[9]\n\t" + "dup v2.16b, v14.b[9]\n\t" + "dup v1.16b, v13.b[9]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #7\n\t" + "ext v6.16b, v20.16b, v3.16b, #7\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[10]\n\t" + "dup v2.16b, v14.b[10]\n\t" + "dup v1.16b, v13.b[10]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #6\n\t" + "ext v6.16b, v20.16b, v3.16b, #6\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[11]\n\t" + "dup v2.16b, v14.b[11]\n\t" + "dup v1.16b, v13.b[11]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #5\n\t" + "ext v6.16b, v20.16b, v3.16b, #5\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[12]\n\t" + "dup v2.16b, v14.b[12]\n\t" + "dup v1.16b, v13.b[12]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #4\n\t" + "ext v6.16b, v20.16b, v3.16b, #4\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[13]\n\t" + "dup v2.16b, v14.b[13]\n\t" + "dup v1.16b, v13.b[13]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #3\n\t" + "ext v6.16b, v20.16b, v3.16b, #3\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[14]\n\t" + "dup v2.16b, v14.b[14]\n\t" + "dup v1.16b, v13.b[14]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #2\n\t" + "ext v6.16b, v20.16b, v3.16b, #2\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "dup v0.16b, v12.b[15]\n\t" + "dup v2.16b, v14.b[15]\n\t" + "dup v1.16b, v13.b[15]\n\t" + "pmul v3.16b, v15.16b, v0.16b\n\t" + "pmul v5.16b, v17.16b, v2.16b\n\t" + "pmul v4.16b, v16.16b, v1.16b\n\t" + "eor v5.16b, v5.16b, v3.16b\n\t" + "eor v5.16b, v5.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "shl v6.16b, v5.16b, #4\n\t" + "ushr v7.16b, v5.16b, #4\n\t" + "eor v3.16b, v3.16b, v6.16b\n\t" + "eor v11.16b, v4.16b, v7.16b\n\t" + "ext v7.16b, v3.16b, v20.16b, #1\n\t" + "ext v6.16b, v20.16b, v3.16b, #1\n\t" + "eor v9.16b, v9.16b, v7.16b\n\t" + "eor v8.16b, v8.16b, v6.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + /* Reduce 254-bit number */ + "shl v0.16b, v9.16b, #1\n\t" + "shl v1.16b, v9.16b, #2\n\t" + "shl v2.16b, v9.16b, #7\n\t" + "ushr v3.16b, v9.16b, #7\n\t" + "ushr v4.16b, v9.16b, #6\n\t" + "ushr v5.16b, v9.16b, #1\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "ext v0.16b, v20.16b, v3.16b, #15\n\t" + "ext v1.16b, v20.16b, v4.16b, #15\n\t" + "ext v2.16b, v20.16b, v5.16b, #15\n\t" + "ext v4.16b, v4.16b, v20.16b, #15\n\t" + "ext v5.16b, v5.16b, v20.16b, #15\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "eor v8.16b, v8.16b, v2.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v3.16b, v4.16b, v5.16b\n\t" + "shl v0.2d, v3.2d, #1\n\t" + "shl v1.2d, v3.2d, #2\n\t" + "shl v2.2d, v3.2d, #7\n\t" + "eor v3.16b, v3.16b, v0.16b\n\t" + "eor v1.16b, v1.16b, v2.16b\n\t" + "eor v8.16b, v8.16b, v3.16b\n\t" + "eor v18.16b, v8.16b, v1.16b\n\t" + "subs %x[len], %x[len], #16\n\t" + "b.ne L_GCM_gmult_len_NEON_start_block_%=\n\t" + "rbit v18.16b, v18.16b\n\t" + "st1 {v18.2d}, [%x[x]]\n\t" + : [x] "+r" (x), [len] "+r" (len) + : [h] "r" (h), [data] "r" (data) + : "memory", "cc", "v0", "v1", "v2", "v3", "v4", "v5", "v6", "v7", "v8", + "v9", "v10", "v11", "v12", "v13", "v14", "v15", "v16", "v17", "v18", + "v19", "v20" + ); +} + +void AES_GCM_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_GCM_encrypt_NEON(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "ld1 {v2.2d}, [%x[ctr]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov w6, v2.s[3]\n\t" + "cmp %x[len], #0x40\n\t" + "b.lt L_AES_GCM_encrypt_NEON_start_2_%=\n\t" + "mov x7, v2.d[0]\n\t" + "mov x8, v2.d[1]\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_4_%=: \n\t" + "mov x12, %x[ks]\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "mov v8.d[0], x7\n\t" + "mov v8.d[1], x8\n\t" + /* Round: 0 - XOR in key schedule */ + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v1.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v2.16b, v8.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v8.s[3], w6\n\t" + "eor v3.16b, v8.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "ld1 {v4.16b, v5.16b, v6.16b, v7.16b}, [%x[in]], #0x40\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "sub %x[len], %x[len], #0x40\n\t" + "cmp %x[len], #0x40\n\t" + "b.ge L_AES_GCM_encrypt_NEON_loop_4_%=\n\t" + "mov v2.d[0], x7\n\t" + "mov v2.d[1], x8\n\t" + "mov v2.s[3], w6\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_start_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "cmp %x[len], #16\n\t" + "b.eq L_AES_GCM_encrypt_NEON_start_1_%=\n\t" + "b.lt L_AES_GCM_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_2_%=: \n\t" + "mov x12, %x[ks]\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "add w6, w6, #1\n\t" + "mov v2.s[3], w6\n\t" + "eor v0.16b, v2.16b, v4.16b\n\t" + "add w6, w6, #1\n\t" + "mov v2.s[3], w6\n\t" + "eor v1.16b, v2.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x12], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x12], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "ld1 {v4.16b, v5.16b}, [%x[in]], #32\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "sub %x[len], %x[len], #32\n\t" + "cmp %x[len], #0\n\t" + "b.eq L_AES_GCM_encrypt_NEON_data_done_%=\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x12, %x[ks]\n\t" + "add w6, w6, #1\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "mov v2.s[3], w6\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v0.16b, v2.16b, v4.16b\n\t" + "sub w11, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x12], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w11, w11, #2\n\t" + "b.ne L_AES_GCM_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x12], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x12], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "ld1 {v4.16b}, [%x[in]], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "\n" + "L_AES_GCM_encrypt_NEON_data_done_%=: \n\t" + "rev32 v2.16b, v2.16b\n\t" + "st1 {v2.2d}, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x6", "x7", "x8", "x11", "x12", "v0", "v1", "v2", + "v3", "v4", "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", + "v13", "v14", "v15", "v16", "v17", "v18", "v19", "v20", "v21", + "v22", "v23", "v24", "v25", "v26", "v27", "v28", "v29", "v30", + "v31" + ); +} + +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +void AES_XTS_encrypt_NEON(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x17, #0x87\n\t" + "ld1 {v2.2d}, [%x[i]]\n\t" + "ld1 {v4.2d}, [%x[key2]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "add x22, %x[key2], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_tweak_%=: \n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "shl v9.16b, v2.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v2.8h\n\t" + "eor v11.16b, v10.16b, v2.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v2.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v2.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v2.16b, v10.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_tweak_%=\n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x8, v2.d[0]\n\t" + "mov x9, v2.d[1]\n\t" + "cmp %w[sz], #0x40\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_4_%=: \n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.16b}, [x22], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "and x16, x17, x13, asr 63\n\t" + "extr x15, x13, x12, #63\n\t" + "eor x14, x16, x12, lsl 1\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "movi v4.16b, #27\n\t" + "and v8.16b, v8.16b, v4.16b\n\t" + "and v9.16b, v9.16b, v4.16b\n\t" + "and v10.16b, v10.16b, v4.16b\n\t" + "and v11.16b, v11.16b, v4.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "eor v6.16b, v10.16b, v2.16b\n\t" + "eor v7.16b, v11.16b, v3.16b\n\t" + "shl v12.4s, v4.4s, #8\n\t" + "shl v13.4s, v5.4s, #8\n\t" + "shl v14.4s, v6.4s, #8\n\t" + "shl v15.4s, v7.4s, #8\n\t" + "sri v12.4s, v4.4s, #24\n\t" + "sri v13.4s, v5.4s, #24\n\t" + "sri v14.4s, v6.4s, #24\n\t" + "sri v15.4s, v7.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "shl v6.4s, v2.4s, #24\n\t" + "shl v7.4s, v3.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "sri v6.4s, v2.4s, #8\n\t" + "sri v7.4s, v3.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "rev32 v2.8h, v2.8h\n\t" + "rev32 v3.8h, v3.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + /* Round Done */ + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "movi v0.16b, #27\n\t" + "and v8.16b, v8.16b, v0.16b\n\t" + "and v9.16b, v9.16b, v0.16b\n\t" + "and v10.16b, v10.16b, v0.16b\n\t" + "and v11.16b, v11.16b, v0.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "eor v2.16b, v10.16b, v6.16b\n\t" + "eor v3.16b, v11.16b, v7.16b\n\t" + "shl v12.4s, v0.4s, #8\n\t" + "shl v13.4s, v1.4s, #8\n\t" + "shl v14.4s, v2.4s, #8\n\t" + "shl v15.4s, v3.4s, #8\n\t" + "sri v12.4s, v0.4s, #24\n\t" + "sri v13.4s, v1.4s, #24\n\t" + "sri v14.4s, v2.4s, #24\n\t" + "sri v15.4s, v3.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "shl v2.4s, v6.4s, #24\n\t" + "shl v3.4s, v7.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "sri v2.4s, v6.4s, #8\n\t" + "sri v3.4s, v7.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "rev32 v6.8h, v6.8h\n\t" + "rev32 v7.8h, v7.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "and x16, x17, x15, asr 63\n\t" + "extr x9, x15, x14, #63\n\t" + "eor x8, x16, x14, lsl 1\n\t" + "sub %w[sz], %w[sz], #0x40\n\t" + "cmp %w[sz], #0x40\n\t" + "b.ge L_AES_XTS_encrypt_NEON_loop_4_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_2_%=: \n\t" + "cmp %w[sz], #32\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_1_%=\n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.16b}, [x22], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov v3.d[0], x10\n\t" + "mov v3.d[1], x11\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v10.16b, v0.16b, #1\n\t" + "shl v11.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v4.16b, v8.16b, v0.16b\n\t" + "eor v5.16b, v9.16b, v1.16b\n\t" + "shl v10.4s, v4.4s, #8\n\t" + "shl v11.4s, v5.4s, #8\n\t" + "sri v10.4s, v4.4s, #24\n\t" + "sri v11.4s, v5.4s, #24\n\t" + "shl v4.4s, v0.4s, #24\n\t" + "shl v5.4s, v1.4s, #24\n\t" + "sri v4.4s, v0.4s, #8\n\t" + "sri v5.4s, v1.4s, #8\n\t" + "rev32 v0.8h, v0.8h\n\t" + "rev32 v1.8h, v1.8h\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* Round Done */ + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[shuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v10.16b, v4.16b, #1\n\t" + "shl v11.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v15.16b\n\t" + "and v9.16b, v9.16b, v15.16b\n\t" + "eor v8.16b, v8.16b, v10.16b\n\t" + "eor v9.16b, v9.16b, v11.16b\n\t" + "eor v0.16b, v8.16b, v4.16b\n\t" + "eor v1.16b, v9.16b, v5.16b\n\t" + "shl v10.4s, v0.4s, #8\n\t" + "shl v11.4s, v1.4s, #8\n\t" + "sri v10.4s, v0.4s, #24\n\t" + "sri v11.4s, v1.4s, #24\n\t" + "shl v0.4s, v4.4s, #24\n\t" + "shl v1.4s, v5.4s, #24\n\t" + "sri v0.4s, v4.4s, #8\n\t" + "sri v1.4s, v5.4s, #8\n\t" + "rev32 v4.8h, v4.8h\n\t" + "rev32 v5.8h, v5.8h\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x22], #16\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* Round Done */ + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[shuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x9, x11, x10, #63\n\t" + "eor x8, x16, x10, lsl 1\n\t" + "sub %w[sz], %w[sz], #32\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_encrypt_NEON_start_partial_%=\n\t" + "mov x22, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "subs %w[sz], %w[sz], #16\n\t" + "b.eq L_AES_XTS_encrypt_NEON_data_done_%=\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x9, x9, x8, #63\n\t" + "eor x8, x16, x8, lsl 1\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_partial_%=: \n\t" + "cbz %w[sz], L_AES_XTS_encrypt_NEON_data_done_%=\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov x22, %x[key]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ld1 {v0.16b}, [%x[out]], #16\n\t" + "st1 {v0.2d}, [%x[tmp]]\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_start_byte_%=: \n\t" + "ldrb w10, [%x[tmp]]\n\t" + "ldrb w11, [%x[in]], #1\n\t" + "strb w10, [%x[out]], #1\n\t" + "strb w11, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_encrypt_NEON_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ld1 {v0.2d}, [%x[tmp]]\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w21, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_loop_nr_partial_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v0.8h\n\t" + "eor v11.16b, v10.16b, v0.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v0.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v0.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v0.16b, v10.16b, v9.16b\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "subs w21, w21, #2\n\t" + "b.ne L_AES_XTS_encrypt_NEON_loop_nr_partial_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v0.2d}, [x22], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v0.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x22], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]]\n\t" + "\n" + "L_AES_XTS_encrypt_NEON_data_done_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te), [shuffle] "r" (shuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x21", "x22", "v0", "v1", "v2", "v3", "v4", "v5", + "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15", + "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", "v24", + "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#ifdef HAVE_AES_DECRYPT +void AES_XTS_decrypt_NEON(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word8* te = L_AES_ARM64_NEON_te; + const word8* td = L_AES_ARM64_NEON_td; + const word8* shuffle = L_AES_ARM64_NEON_shift_rows_shuffle; + const word8* invshuffle = L_AES_ARM64_NEON_shift_rows_invshuffle; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[te]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[te]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[te]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[te]]\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "ld1 {v3.2d}, [%[shuffle]]\n\t" + "mov x17, #0x87\n\t" + "ands w19, %w[sz], #15\n\t" + "cset w16, ne\n\t" + "lsl w16, w16, #4\n\t" + "sub %w[sz], %w[sz], w16\n\t" + "ld1 {v2.2d}, [%x[i]]\n\t" + "ld1 {v4.2d}, [%x[key2]]\n\t" + "rev32 v2.16b, v2.16b\n\t" + "add x25, %x[key2], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_tweak_%=: \n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x25], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "shl v9.16b, v2.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v2.8h\n\t" + "eor v11.16b, v10.16b, v2.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v2.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v4.16b\n\t" + "sri v9.4s, v2.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v2.16b, v10.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v8.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_tweak_%=\n\t" + "eor v8.16b, v2.16b, v12.16b\n\t" + "eor v9.16b, v2.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "ld1 {v2.2d}, [x25], #16\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "rev32 v8.8h, v4.8h\n\t" + "eor v11.16b, v10.16b, v4.16b\n\t" + "eor v10.16b, v10.16b, v8.16b\n\t" + "shl v9.4s, v4.4s, #24\n\t" + "shl v8.4s, v11.4s, #8\n\t" + /* XOR in Key Schedule */ + "eor v10.16b, v10.16b, v2.16b\n\t" + "sri v9.4s, v4.4s, #8\n\t" + "sri v8.4s, v11.4s, #24\n\t" + "eor v4.16b, v10.16b, v9.16b\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v2.16b, v2.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v2.16b, v2.16b, v9.16b\n\t" + "tbl v2.16b, {v2.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v2.16b, v2.16b, v4.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "mov x8, v2.d[0]\n\t" + "mov x9, v2.d[1]\n\t" + "ld1 {v16.16b, v17.16b, v18.16b, v19.16b}, [%[td]], #0x40\n\t" + "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%[td]], #0x40\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%[td]], #0x40\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "cmp %w[sz], #0x40\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_2_%=\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_4_%=: \n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[in]], #0x40\n\t" + "ld1 {v4.16b}, [x25], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "and x16, x17, x13, asr 63\n\t" + "extr x15, x13, x12, #63\n\t" + "eor x14, x16, x12, lsl 1\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_4_%=: \n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "sshr v10.16b, v2.16b, #7\n\t" + "sshr v11.16b, v3.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "shl v14.16b, v2.16b, #1\n\t" + "shl v15.16b, v3.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "ushr v14.16b, v2.16b, #6\n\t" + "ushr v15.16b, v3.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "shl v6.16b, v2.16b, #2\n\t" + "shl v7.16b, v3.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "eor v14.16b, v14.16b, v6.16b\n\t" + "eor v15.16b, v15.16b, v7.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "ushr v6.16b, v2.16b, #5\n\t" + "ushr v7.16b, v3.16b, #5\n\t" + "pmul v4.16b, v4.16b, v28.16b\n\t" + "pmul v5.16b, v5.16b, v28.16b\n\t" + "pmul v6.16b, v6.16b, v28.16b\n\t" + "pmul v7.16b, v7.16b, v28.16b\n\t" + "shl v28.16b, v0.16b, #3\n\t" + "shl v29.16b, v1.16b, #3\n\t" + "shl v30.16b, v2.16b, #3\n\t" + "shl v31.16b, v3.16b, #3\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v4.16b\n\t" + "eor v29.16b, v9.16b, v5.16b\n\t" + "eor v30.16b, v10.16b, v6.16b\n\t" + "eor v31.16b, v11.16b, v7.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v6.16b, v6.16b, v2.16b\n\t" + "eor v7.16b, v7.16b, v3.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v10.16b, v14.16b, v6.16b\n\t" + "eor v11.16b, v15.16b, v7.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v0.16b\n\t" + "eor v29.16b, v29.16b, v1.16b\n\t" + "eor v30.16b, v30.16b, v2.16b\n\t" + "eor v31.16b, v31.16b, v3.16b\n\t" + "shl v0.4s, v28.4s, #8\n\t" + "shl v1.4s, v29.4s, #8\n\t" + "shl v2.4s, v30.4s, #8\n\t" + "shl v3.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v0.4s, v28.4s, #24\n\t" + "sri v1.4s, v29.4s, #24\n\t" + "sri v2.4s, v30.4s, #24\n\t" + "sri v3.4s, v31.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "eor v2.16b, v2.16b, v14.16b\n\t" + "eor v3.16b, v3.16b, v15.16b\n\t" + "shl v28.4s, v4.4s, #24\n\t" + "shl v29.4s, v5.4s, #24\n\t" + "shl v30.4s, v6.4s, #24\n\t" + "shl v31.4s, v7.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "sri v28.4s, v4.4s, #8\n\t" + "sri v29.4s, v5.4s, #8\n\t" + "sri v30.4s, v6.4s, #8\n\t" + "sri v31.4s, v7.4s, #8\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_4_%=\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v6.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v2.16b\n\t" + "tbl v7.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v3.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "eor v10.16b, v2.16b, v12.16b\n\t" + "eor v11.16b, v3.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v13.16b\n\t" + "eor v9.16b, v1.16b, v13.16b\n\t" + "eor v10.16b, v2.16b, v13.16b\n\t" + "eor v11.16b, v3.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "eor v10.16b, v2.16b, v14.16b\n\t" + "eor v11.16b, v3.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "orr v6.16b, v6.16b, v10.16b\n\t" + "orr v7.16b, v7.16b, v11.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "tbl v6.16b, {v6.16b}, v0.16b\n\t" + "tbl v7.16b, {v7.16b}, v0.16b\n\t" + "movi v28.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "sshr v10.16b, v6.16b, #7\n\t" + "sshr v11.16b, v7.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "shl v14.16b, v6.16b, #1\n\t" + "shl v15.16b, v7.16b, #1\n\t" + "and v8.16b, v8.16b, v28.16b\n\t" + "and v9.16b, v9.16b, v28.16b\n\t" + "and v10.16b, v10.16b, v28.16b\n\t" + "and v11.16b, v11.16b, v28.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "eor v10.16b, v10.16b, v14.16b\n\t" + "eor v11.16b, v11.16b, v15.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "ushr v14.16b, v6.16b, #6\n\t" + "ushr v15.16b, v7.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "shl v2.16b, v6.16b, #2\n\t" + "shl v3.16b, v7.16b, #2\n\t" + "pmul v12.16b, v12.16b, v28.16b\n\t" + "pmul v13.16b, v13.16b, v28.16b\n\t" + "pmul v14.16b, v14.16b, v28.16b\n\t" + "pmul v15.16b, v15.16b, v28.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "ushr v2.16b, v6.16b, #5\n\t" + "ushr v3.16b, v7.16b, #5\n\t" + "pmul v0.16b, v0.16b, v28.16b\n\t" + "pmul v1.16b, v1.16b, v28.16b\n\t" + "pmul v2.16b, v2.16b, v28.16b\n\t" + "pmul v3.16b, v3.16b, v28.16b\n\t" + "shl v28.16b, v4.16b, #3\n\t" + "shl v29.16b, v5.16b, #3\n\t" + "shl v30.16b, v6.16b, #3\n\t" + "shl v31.16b, v7.16b, #3\n\t" + "eor v0.16b, v0.16b, v28.16b\n\t" + "eor v1.16b, v1.16b, v29.16b\n\t" + "eor v2.16b, v2.16b, v30.16b\n\t" + "eor v3.16b, v3.16b, v31.16b\n\t" + "eor v28.16b, v8.16b, v0.16b\n\t" + "eor v29.16b, v9.16b, v1.16b\n\t" + "eor v30.16b, v10.16b, v2.16b\n\t" + "eor v31.16b, v11.16b, v3.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v2.16b, v2.16b, v6.16b\n\t" + "eor v3.16b, v3.16b, v7.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v10.16b, v14.16b, v2.16b\n\t" + "eor v11.16b, v15.16b, v3.16b\n\t" + "eor v12.16b, v12.16b, v28.16b\n\t" + "eor v13.16b, v13.16b, v29.16b\n\t" + "eor v14.16b, v14.16b, v30.16b\n\t" + "eor v15.16b, v15.16b, v31.16b\n\t" + "eor v28.16b, v28.16b, v4.16b\n\t" + "eor v29.16b, v29.16b, v5.16b\n\t" + "eor v30.16b, v30.16b, v6.16b\n\t" + "eor v31.16b, v31.16b, v7.16b\n\t" + "shl v4.4s, v28.4s, #8\n\t" + "shl v5.4s, v29.4s, #8\n\t" + "shl v6.4s, v30.4s, #8\n\t" + "shl v7.4s, v31.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "rev32 v10.8h, v10.8h\n\t" + "rev32 v11.8h, v11.8h\n\t" + "sri v4.4s, v28.4s, #24\n\t" + "sri v5.4s, v29.4s, #24\n\t" + "sri v6.4s, v30.4s, #24\n\t" + "sri v7.4s, v31.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "eor v6.16b, v6.16b, v14.16b\n\t" + "eor v7.16b, v7.16b, v15.16b\n\t" + "shl v28.4s, v0.4s, #24\n\t" + "shl v29.4s, v1.4s, #24\n\t" + "shl v30.4s, v2.4s, #24\n\t" + "shl v31.4s, v3.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "eor v6.16b, v6.16b, v10.16b\n\t" + "eor v7.16b, v7.16b, v11.16b\n\t" + "sri v28.4s, v0.4s, #8\n\t" + "sri v29.4s, v1.4s, #8\n\t" + "sri v30.4s, v2.4s, #8\n\t" + "sri v31.4s, v3.4s, #8\n\t" + "eor v4.16b, v4.16b, v28.16b\n\t" + "eor v5.16b, v5.16b, v29.16b\n\t" + "eor v6.16b, v6.16b, v30.16b\n\t" + "eor v7.16b, v7.16b, v31.16b\n\t" + "ld1 {v28.16b, v29.16b, v30.16b, v31.16b}, [%[td]]\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + "eor v6.16b, v6.16b, v0.16b\n\t" + "eor v7.16b, v7.16b, v0.16b\n\t" + /* Round Done */ + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v2.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v6.16b\n\t" + "tbl v3.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v7.16b\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "eor v10.16b, v6.16b, v12.16b\n\t" + "eor v11.16b, v7.16b, v12.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "tbl v10.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v10.16b\n\t" + "tbl v11.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v13.16b\n\t" + "eor v9.16b, v5.16b, v13.16b\n\t" + "eor v10.16b, v6.16b, v13.16b\n\t" + "eor v11.16b, v7.16b, v13.16b\n\t" + "tbl v8.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "eor v10.16b, v6.16b, v14.16b\n\t" + "eor v11.16b, v7.16b, v14.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "tbl v11.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "orr v2.16b, v2.16b, v10.16b\n\t" + "orr v3.16b, v3.16b, v11.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "tbl v2.16b, {v2.16b}, v4.16b\n\t" + "tbl v3.16b, {v3.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "eor v2.16b, v2.16b, v4.16b\n\t" + "eor v3.16b, v3.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "rev32 v2.16b, v2.16b\n\t" + "rev32 v3.16b, v3.16b\n\t" + "mov v8.d[0], x8\n\t" + "mov v8.d[1], x9\n\t" + "mov v9.d[0], x10\n\t" + "mov v9.d[1], x11\n\t" + "mov v10.d[0], x12\n\t" + "mov v10.d[1], x13\n\t" + "mov v11.d[0], x14\n\t" + "mov v11.d[1], x15\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "eor v2.16b, v2.16b, v10.16b\n\t" + "eor v3.16b, v3.16b, v11.16b\n\t" + "st1 {v0.16b, v1.16b, v2.16b, v3.16b}, [%x[out]], #0x40\n\t" + "and x16, x17, x15, asr 63\n\t" + "extr x9, x15, x14, #63\n\t" + "eor x8, x16, x14, lsl 1\n\t" + "sub %w[sz], %w[sz], #0x40\n\t" + "cmp %w[sz], #0x40\n\t" + "b.ge L_AES_XTS_decrypt_NEON_loop_4_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "movi v15.16b, #27\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_2_%=: \n\t" + "cmp %w[sz], #32\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_1_%=\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b, v1.16b}, [%x[in]], #32\n\t" + "ld1 {v4.16b}, [x25], #16\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x13, x11, x10, #63\n\t" + "eor x12, x16, x10, lsl 1\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "mov v3.d[0], x10\n\t" + "mov v3.d[1], x11\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_2_%=: \n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v0.16b, #7\n\t" + "sshr v9.16b, v1.16b, #7\n\t" + "shl v12.16b, v0.16b, #1\n\t" + "shl v13.16b, v1.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v0.16b, #6\n\t" + "ushr v13.16b, v1.16b, #6\n\t" + "shl v4.16b, v0.16b, #2\n\t" + "shl v5.16b, v1.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v4.16b\n\t" + "eor v13.16b, v13.16b, v5.16b\n\t" + "ushr v4.16b, v0.16b, #5\n\t" + "ushr v5.16b, v1.16b, #5\n\t" + "pmul v4.16b, v4.16b, v10.16b\n\t" + "pmul v5.16b, v5.16b, v10.16b\n\t" + "shl v10.16b, v0.16b, #3\n\t" + "shl v11.16b, v1.16b, #3\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v4.16b\n\t" + "eor v11.16b, v9.16b, v5.16b\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v1.16b\n\t" + "eor v8.16b, v12.16b, v4.16b\n\t" + "eor v9.16b, v13.16b, v5.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v0.16b\n\t" + "eor v11.16b, v11.16b, v1.16b\n\t" + "shl v0.4s, v10.4s, #8\n\t" + "shl v1.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v0.4s, v10.4s, #24\n\t" + "sri v1.4s, v11.4s, #24\n\t" + "eor v0.16b, v0.16b, v12.16b\n\t" + "eor v1.16b, v1.16b, v13.16b\n\t" + "shl v10.4s, v4.4s, #24\n\t" + "shl v11.4s, v5.4s, #24\n\t" + "eor v0.16b, v0.16b, v8.16b\n\t" + "eor v1.16b, v1.16b, v9.16b\n\t" + "sri v10.4s, v4.4s, #8\n\t" + "sri v11.4s, v5.4s, #8\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_2_%=\n\t" + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v1.16b, v12.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v5.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v1.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v0.16b, v13.16b\n\t" + "eor v11.16b, v1.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "eor v8.16b, v0.16b, v14.16b\n\t" + "eor v9.16b, v1.16b, v14.16b\n\t" + "orr v4.16b, v4.16b, v10.16b\n\t" + "orr v5.16b, v5.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v5.16b, v5.16b, v9.16b\n\t" + "ld1 {v0.16b}, [%[invshuffle]]\n\t" + "tbl v4.16b, {v4.16b}, v0.16b\n\t" + "tbl v5.16b, {v5.16b}, v0.16b\n\t" + "movi v10.16b, #27\n\t" + "sshr v8.16b, v4.16b, #7\n\t" + "sshr v9.16b, v5.16b, #7\n\t" + "shl v12.16b, v4.16b, #1\n\t" + "shl v13.16b, v5.16b, #1\n\t" + "and v8.16b, v8.16b, v10.16b\n\t" + "and v9.16b, v9.16b, v10.16b\n\t" + "eor v8.16b, v8.16b, v12.16b\n\t" + "eor v9.16b, v9.16b, v13.16b\n\t" + "ushr v12.16b, v4.16b, #6\n\t" + "ushr v13.16b, v5.16b, #6\n\t" + "shl v0.16b, v4.16b, #2\n\t" + "shl v1.16b, v5.16b, #2\n\t" + "pmul v12.16b, v12.16b, v10.16b\n\t" + "pmul v13.16b, v13.16b, v10.16b\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "ushr v0.16b, v4.16b, #5\n\t" + "ushr v1.16b, v5.16b, #5\n\t" + "pmul v0.16b, v0.16b, v10.16b\n\t" + "pmul v1.16b, v1.16b, v10.16b\n\t" + "shl v10.16b, v4.16b, #3\n\t" + "shl v11.16b, v5.16b, #3\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "eor v1.16b, v1.16b, v11.16b\n\t" + "eor v10.16b, v8.16b, v0.16b\n\t" + "eor v11.16b, v9.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v5.16b\n\t" + "eor v8.16b, v12.16b, v0.16b\n\t" + "eor v9.16b, v13.16b, v1.16b\n\t" + "eor v12.16b, v12.16b, v10.16b\n\t" + "eor v13.16b, v13.16b, v11.16b\n\t" + "eor v10.16b, v10.16b, v4.16b\n\t" + "eor v11.16b, v11.16b, v5.16b\n\t" + "shl v4.4s, v10.4s, #8\n\t" + "shl v5.4s, v11.4s, #8\n\t" + "rev32 v8.8h, v8.8h\n\t" + "rev32 v9.8h, v9.8h\n\t" + "sri v4.4s, v10.4s, #24\n\t" + "sri v5.4s, v11.4s, #24\n\t" + "eor v4.16b, v4.16b, v12.16b\n\t" + "eor v5.16b, v5.16b, v13.16b\n\t" + "shl v10.4s, v0.4s, #24\n\t" + "shl v11.4s, v1.4s, #24\n\t" + "eor v4.16b, v4.16b, v8.16b\n\t" + "eor v5.16b, v5.16b, v9.16b\n\t" + "sri v10.4s, v0.4s, #8\n\t" + "sri v11.4s, v1.4s, #8\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "eor v5.16b, v5.16b, v11.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v0.2d}, [x25], #16\n\t" + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v5.16b, v5.16b, v0.16b\n\t" + /* Round Done */ + "movi v12.16b, #0x40\n\t" + "movi v13.16b, #0x80\n\t" + "movi v14.16b, #0xc0\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v5.16b, v12.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v1.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v5.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v9.16b\n\t" + "eor v10.16b, v4.16b, v13.16b\n\t" + "eor v11.16b, v5.16b, v13.16b\n\t" + "tbl v10.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v10.16b\n\t" + "tbl v11.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v11.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "eor v8.16b, v4.16b, v14.16b\n\t" + "eor v9.16b, v5.16b, v14.16b\n\t" + "orr v0.16b, v0.16b, v10.16b\n\t" + "orr v1.16b, v1.16b, v11.16b\n\t" + "tbl v8.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v8.16b\n\t" + "tbl v9.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v9.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v1.16b, v1.16b, v9.16b\n\t" + "ld1 {v4.16b}, [%[invshuffle]]\n\t" + "tbl v0.16b, {v0.16b}, v4.16b\n\t" + "tbl v1.16b, {v1.16b}, v4.16b\n\t" + /* XOR in Key Schedule */ + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "eor v1.16b, v1.16b, v4.16b\n\t" + /* Round Done */ + "rev32 v0.16b, v0.16b\n\t" + "rev32 v1.16b, v1.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "eor v1.16b, v1.16b, v3.16b\n\t" + "st1 {v0.16b, v1.16b}, [%x[out]], #32\n\t" + "and x16, x17, x11, asr 63\n\t" + "extr x9, x11, x10, #63\n\t" + "eor x8, x16, x10, lsl 1\n\t" + "sub %w[sz], %w[sz], #32\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_1_%=: \n\t" + "ld1 {v3.2d}, [%[invshuffle]]\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_decrypt_NEON_start_partial_%=\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]], #16\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "cbz w19, L_AES_XTS_decrypt_NEON_data_done_%=\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x9, x9, x8, #63\n\t" + "eor x8, x16, x8, lsl 1\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_partial_%=: \n\t" + "mov %w[sz], w19\n\t" + "cbz %w[sz], L_AES_XTS_decrypt_NEON_data_done_%=\n\t" + "mov v2.d[0], x8\n\t" + "mov v2.d[1], x9\n\t" + "and x16, x17, x9, asr 63\n\t" + "extr x11, x9, x8, #63\n\t" + "eor x10, x16, x8, lsl 1\n\t" + "mov v1.d[0], x10\n\t" + "mov v1.d[1], x11\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.16b}, [%x[in]], #16\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_partial_1_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_partial_1_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v1.16b\n\t" + "st1 {v0.2d}, [%x[tmp]]\n\t" + "add %x[out], %x[out], #16\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_start_byte_%=: \n\t" + "ldrb w10, [%x[tmp]]\n\t" + "ldrb w11, [%x[in]], #1\n\t" + "strb w10, [%x[out]], #1\n\t" + "strb w11, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_decrypt_NEON_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "mov x25, %x[key]\n\t" + "ld1 {v0.2d}, [%x[tmp]]\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v4.16b\n\t" + "sub w24, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_loop_nr_partial_2_%=: \n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "sshr v10.16b, v0.16b, #7\n\t" + "ushr v11.16b, v0.16b, #6\n\t" + "ushr v8.16b, v0.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v0.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v0.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v0.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v0.16b\n\t" + "shl v0.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v0.4s, v9.4s, #24\n\t" + "eor v0.16b, v0.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v0.16b, v0.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v0.16b, v0.16b, v9.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "subs w24, w24, #2\n\t" + "b.ne L_AES_XTS_decrypt_NEON_loop_nr_partial_2_%=\n\t" + "eor v8.16b, v0.16b, v12.16b\n\t" + "eor v9.16b, v0.16b, v13.16b\n\t" + "eor v10.16b, v0.16b, v14.16b\n\t" + "tbl v4.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v0.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v4.16b, v4.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v4.16b, v4.16b, v9.16b\n\t" + "tbl v4.16b, {v4.16b}, v3.16b\n\t" + "sshr v10.16b, v4.16b, #7\n\t" + "ushr v11.16b, v4.16b, #6\n\t" + "ushr v8.16b, v4.16b, #5\n\t" + "and v10.16b, v10.16b, v15.16b\n\t" + "pmul v11.16b, v11.16b, v15.16b\n\t" + "pmul v8.16b, v8.16b, v15.16b\n\t" + "shl v9.16b, v4.16b, #1\n\t" + "eor v10.16b, v10.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #3\n\t" + "eor v8.16b, v8.16b, v9.16b\n\t" + "shl v9.16b, v4.16b, #2\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v10.16b, v8.16b\n\t" + "eor v8.16b, v8.16b, v4.16b\n\t" + "eor v10.16b, v11.16b, v8.16b\n\t" + "eor v11.16b, v11.16b, v9.16b\n\t" + "eor v9.16b, v9.16b, v4.16b\n\t" + "shl v4.4s, v9.4s, #8\n\t" + "rev32 v10.8h, v10.8h\n\t" + "sri v4.4s, v9.4s, #24\n\t" + "eor v4.16b, v4.16b, v11.16b\n\t" + "shl v9.4s, v8.4s, #24\n\t" + "eor v4.16b, v4.16b, v10.16b\n\t" + "sri v9.4s, v8.4s, #8\n\t" + "eor v4.16b, v4.16b, v9.16b\n\t" + "ld1 {v0.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v4.16b, v4.16b, v0.16b\n\t" + "eor v8.16b, v4.16b, v12.16b\n\t" + "eor v9.16b, v4.16b, v13.16b\n\t" + "eor v10.16b, v4.16b, v14.16b\n\t" + "tbl v0.16b, {v16.16b, v17.16b, v18.16b, v19.16b}, v4.16b\n\t" + "tbl v8.16b, {v20.16b, v21.16b, v22.16b, v23.16b}, v8.16b\n\t" + "tbl v9.16b, {v24.16b, v25.16b, v26.16b, v27.16b}, v9.16b\n\t" + "tbl v10.16b, {v28.16b, v29.16b, v30.16b, v31.16b}, v10.16b\n\t" + "orr v0.16b, v0.16b, v8.16b\n\t" + "orr v9.16b, v9.16b, v10.16b\n\t" + "orr v0.16b, v0.16b, v9.16b\n\t" + "tbl v0.16b, {v0.16b}, v3.16b\n\t" + "ld1 {v4.2d}, [x25], #16\n\t" + /* XOR in Key Schedule */ + "eor v0.16b, v0.16b, v4.16b\n\t" + "rev32 v0.16b, v0.16b\n\t" + "eor v0.16b, v0.16b, v2.16b\n\t" + "st1 {v0.16b}, [%x[out]]\n\t" + "\n" + "L_AES_XTS_decrypt_NEON_data_done_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te), [td] "r" (td), + [shuffle] "r" (shuffle), [invshuffle] "r" (invshuffle) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x19", "x24", "x25", "v0", "v1", "v2", "v3", "v4", + "v5", "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", + "v15", "v16", "v17", "v18", "v19", "v20", "v21", "v22", "v23", + "v24", "v25", "v26", "v27", "v28", "v29", "v30", "v31" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NO_NEON */ +#ifndef WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP +#ifdef HAVE_AES_DECRYPT +static const word32 L_AES_ARM64_td[] = { + 0x5051f4a7, 0x537e4165, 0xc31a17a4, 0x963a275e, + 0xcb3bab6b, 0xf11f9d45, 0xabacfa58, 0x934be303, + 0x552030fa, 0xf6ad766d, 0x9188cc76, 0x25f5024c, + 0xfc4fe5d7, 0xd7c52acb, 0x80263544, 0x8fb562a3, + 0x49deb15a, 0x6725ba1b, 0x9845ea0e, 0xe15dfec0, + 0x02c32f75, 0x12814cf0, 0xa38d4697, 0xc66bd3f9, + 0xe7038f5f, 0x9515929c, 0xebbf6d7a, 0xda955259, + 0x2dd4be83, 0xd3587421, 0x2949e069, 0x448ec9c8, + 0x6a75c289, 0x78f48e79, 0x6b99583e, 0xdd27b971, + 0xb6bee14f, 0x17f088ad, 0x66c920ac, 0xb47dce3a, + 0x1863df4a, 0x82e51a31, 0x60975133, 0x4562537f, + 0xe0b16477, 0x84bb6bae, 0x1cfe81a0, 0x94f9082b, + 0x58704868, 0x198f45fd, 0x8794de6c, 0xb7527bf8, + 0x23ab73d3, 0xe2724b02, 0x57e31f8f, 0x2a6655ab, + 0x07b2eb28, 0x032fb5c2, 0x9a86c57b, 0xa5d33708, + 0xf2302887, 0xb223bfa5, 0xba02036a, 0x5ced1682, + 0x2b8acf1c, 0x92a779b4, 0xf0f307f2, 0xa14e69e2, + 0xcd65daf4, 0xd50605be, 0x1fd13462, 0x8ac4a6fe, + 0x9d342e53, 0xa0a2f355, 0x32058ae1, 0x75a4f6eb, + 0x390b83ec, 0xaa4060ef, 0x065e719f, 0x51bd6e10, + 0xf93e218a, 0x3d96dd06, 0xaedd3e05, 0x464de6bd, + 0xb591548d, 0x0571c45d, 0x6f0406d4, 0xff605015, + 0x241998fb, 0x97d6bde9, 0xcc894043, 0x7767d99e, + 0xbdb0e842, 0x8807898b, 0x38e7195b, 0xdb79c8ee, + 0x47a17c0a, 0xe97c420f, 0xc9f8841e, 0x00000000, + 0x83098086, 0x48322bed, 0xac1e1170, 0x4e6c5a72, + 0xfbfd0eff, 0x560f8538, 0x1e3daed5, 0x27362d39, + 0x640a0fd9, 0x21685ca6, 0xd19b5b54, 0x3a24362e, + 0xb10c0a67, 0x0f9357e7, 0xd2b4ee96, 0x9e1b9b91, + 0x4f80c0c5, 0xa261dc20, 0x695a774b, 0x161c121a, + 0x0ae293ba, 0xe5c0a02a, 0x433c22e0, 0x1d121b17, + 0x0b0e090d, 0xadf28bc7, 0xb92db6a8, 0xc8141ea9, + 0x8557f119, 0x4caf7507, 0xbbee99dd, 0xfda37f60, + 0x9ff70126, 0xbc5c72f5, 0xc544663b, 0x345bfb7e, + 0x768b4329, 0xdccb23c6, 0x68b6edfc, 0x63b8e4f1, + 0xcad731dc, 0x10426385, 0x40139722, 0x2084c611, + 0x7d854a24, 0xf8d2bb3d, 0x11aef932, 0x6dc729a1, + 0x4b1d9e2f, 0xf3dcb230, 0xec0d8652, 0xd077c1e3, + 0x6c2bb316, 0x99a970b9, 0xfa119448, 0x2247e964, + 0xc4a8fc8c, 0x1aa0f03f, 0xd8567d2c, 0xef223390, + 0xc787494e, 0xc1d938d1, 0xfe8ccaa2, 0x3698d40b, + 0xcfa6f581, 0x28a57ade, 0x26dab78e, 0xa43fadbf, + 0xe42c3a9d, 0x0d507892, 0x9b6a5fcc, 0x62547e46, + 0xc2f68d13, 0xe890d8b8, 0x5e2e39f7, 0xf582c3af, + 0xbe9f5d80, 0x7c69d093, 0xa96fd52d, 0xb3cf2512, + 0x3bc8ac99, 0xa710187d, 0x6ee89c63, 0x7bdb3bbb, + 0x09cd2678, 0xf46e5918, 0x01ec9ab7, 0xa8834f9a, + 0x65e6956e, 0x7eaaffe6, 0x0821bccf, 0xe6ef15e8, + 0xd9bae79b, 0xce4a6f36, 0xd4ea9f09, 0xd629b07c, + 0xaf31a4b2, 0x312a3f23, 0x30c6a594, 0xc035a266, + 0x37744ebc, 0xa6fc82ca, 0xb0e090d0, 0x1533a7d8, + 0x4af10498, 0xf741ecda, 0x0e7fcd50, 0x2f1791f6, + 0x8d764dd6, 0x4d43efb0, 0x54ccaa4d, 0xdfe49604, + 0xe39ed1b5, 0x1b4c6a88, 0xb8c12c1f, 0x7f466551, + 0x049d5eea, 0x5d018c35, 0x73fa8774, 0x2efb0b41, + 0x5ab3671d, 0x5292dbd2, 0x33e91056, 0x136dd647, + 0x8c9ad761, 0x7a37a10c, 0x8e59f814, 0x89eb133c, + 0xeecea927, 0x35b761c9, 0xede11ce5, 0x3c7a47b1, + 0x599cd2df, 0x3f55f273, 0x791814ce, 0xbf73c737, + 0xea53f7cd, 0x5b5ffdaa, 0x14df3d6f, 0x867844db, + 0x81caaff3, 0x3eb968c4, 0x2c382434, 0x5fc2a340, + 0x72161dc3, 0x0cbce225, 0x8b283c49, 0x41ff0d95, + 0x7139a801, 0xde080cb3, 0x9cd8b4e4, 0x906456c1, + 0x617bcb84, 0x70d532b6, 0x74486c5c, 0x42d0b857, +}; + +#endif /* HAVE_AES_DECRYPT */ +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AES_CBC) || \ + defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) +static const word32 L_AES_ARM64_te[] = { + 0xa5c66363, 0x84f87c7c, 0x99ee7777, 0x8df67b7b, + 0x0dfff2f2, 0xbdd66b6b, 0xb1de6f6f, 0x5491c5c5, + 0x50603030, 0x03020101, 0xa9ce6767, 0x7d562b2b, + 0x19e7fefe, 0x62b5d7d7, 0xe64dabab, 0x9aec7676, + 0x458fcaca, 0x9d1f8282, 0x4089c9c9, 0x87fa7d7d, + 0x15effafa, 0xebb25959, 0xc98e4747, 0x0bfbf0f0, + 0xec41adad, 0x67b3d4d4, 0xfd5fa2a2, 0xea45afaf, + 0xbf239c9c, 0xf753a4a4, 0x96e47272, 0x5b9bc0c0, + 0xc275b7b7, 0x1ce1fdfd, 0xae3d9393, 0x6a4c2626, + 0x5a6c3636, 0x417e3f3f, 0x02f5f7f7, 0x4f83cccc, + 0x5c683434, 0xf451a5a5, 0x34d1e5e5, 0x08f9f1f1, + 0x93e27171, 0x73abd8d8, 0x53623131, 0x3f2a1515, + 0x0c080404, 0x5295c7c7, 0x65462323, 0x5e9dc3c3, + 0x28301818, 0xa1379696, 0x0f0a0505, 0xb52f9a9a, + 0x090e0707, 0x36241212, 0x9b1b8080, 0x3ddfe2e2, + 0x26cdebeb, 0x694e2727, 0xcd7fb2b2, 0x9fea7575, + 0x1b120909, 0x9e1d8383, 0x74582c2c, 0x2e341a1a, + 0x2d361b1b, 0xb2dc6e6e, 0xeeb45a5a, 0xfb5ba0a0, + 0xf6a45252, 0x4d763b3b, 0x61b7d6d6, 0xce7db3b3, + 0x7b522929, 0x3edde3e3, 0x715e2f2f, 0x97138484, + 0xf5a65353, 0x68b9d1d1, 0x00000000, 0x2cc1eded, + 0x60402020, 0x1fe3fcfc, 0xc879b1b1, 0xedb65b5b, + 0xbed46a6a, 0x468dcbcb, 0xd967bebe, 0x4b723939, + 0xde944a4a, 0xd4984c4c, 0xe8b05858, 0x4a85cfcf, + 0x6bbbd0d0, 0x2ac5efef, 0xe54faaaa, 0x16edfbfb, + 0xc5864343, 0xd79a4d4d, 0x55663333, 0x94118585, + 0xcf8a4545, 0x10e9f9f9, 0x06040202, 0x81fe7f7f, + 0xf0a05050, 0x44783c3c, 0xba259f9f, 0xe34ba8a8, + 0xf3a25151, 0xfe5da3a3, 0xc0804040, 0x8a058f8f, + 0xad3f9292, 0xbc219d9d, 0x48703838, 0x04f1f5f5, + 0xdf63bcbc, 0xc177b6b6, 0x75afdada, 0x63422121, + 0x30201010, 0x1ae5ffff, 0x0efdf3f3, 0x6dbfd2d2, + 0x4c81cdcd, 0x14180c0c, 0x35261313, 0x2fc3ecec, + 0xe1be5f5f, 0xa2359797, 0xcc884444, 0x392e1717, + 0x5793c4c4, 0xf255a7a7, 0x82fc7e7e, 0x477a3d3d, + 0xacc86464, 0xe7ba5d5d, 0x2b321919, 0x95e67373, + 0xa0c06060, 0x98198181, 0xd19e4f4f, 0x7fa3dcdc, + 0x66442222, 0x7e542a2a, 0xab3b9090, 0x830b8888, + 0xca8c4646, 0x29c7eeee, 0xd36bb8b8, 0x3c281414, + 0x79a7dede, 0xe2bc5e5e, 0x1d160b0b, 0x76addbdb, + 0x3bdbe0e0, 0x56643232, 0x4e743a3a, 0x1e140a0a, + 0xdb924949, 0x0a0c0606, 0x6c482424, 0xe4b85c5c, + 0x5d9fc2c2, 0x6ebdd3d3, 0xef43acac, 0xa6c46262, + 0xa8399191, 0xa4319595, 0x37d3e4e4, 0x8bf27979, + 0x32d5e7e7, 0x438bc8c8, 0x596e3737, 0xb7da6d6d, + 0x8c018d8d, 0x64b1d5d5, 0xd29c4e4e, 0xe049a9a9, + 0xb4d86c6c, 0xfaac5656, 0x07f3f4f4, 0x25cfeaea, + 0xafca6565, 0x8ef47a7a, 0xe947aeae, 0x18100808, + 0xd56fbaba, 0x88f07878, 0x6f4a2525, 0x725c2e2e, + 0x24381c1c, 0xf157a6a6, 0xc773b4b4, 0x5197c6c6, + 0x23cbe8e8, 0x7ca1dddd, 0x9ce87474, 0x213e1f1f, + 0xdd964b4b, 0xdc61bdbd, 0x860d8b8b, 0x850f8a8a, + 0x90e07070, 0x427c3e3e, 0xc471b5b5, 0xaacc6666, + 0xd8904848, 0x05060303, 0x01f7f6f6, 0x121c0e0e, + 0xa3c26161, 0x5f6a3535, 0xf9ae5757, 0xd069b9b9, + 0x91178686, 0x5899c1c1, 0x273a1d1d, 0xb9279e9e, + 0x38d9e1e1, 0x13ebf8f8, 0xb32b9898, 0x33221111, + 0xbbd26969, 0x70a9d9d9, 0x89078e8e, 0xa7339494, + 0xb62d9b9b, 0x223c1e1e, 0x92158787, 0x20c9e9e9, + 0x4987cece, 0xffaa5555, 0x78502828, 0x7aa5dfdf, + 0x8f038c8c, 0xf859a1a1, 0x80098989, 0x171a0d0d, + 0xda65bfbf, 0x31d7e6e6, 0xc6844242, 0xb8d06868, + 0xc3824141, 0xb0299999, 0x775a2d2d, 0x111e0f0f, + 0xcb7bb0b0, 0xfca85454, 0xd66dbbbb, 0x3a2c1616, +}; + +#endif /* HAVE_AES_DECRYPT || HAVE_AES_CBC || HAVE_AESCCM || HAVE_AESGCM || + * WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +void AES_invert_key(unsigned char* ks, word32 rounds); +void AES_invert_key(unsigned char* ks, word32 rounds) +{ + const word32* te = L_AES_ARM64_te; + const word32* td = L_AES_ARM64_td; + __asm__ __volatile__ ( + "add x12, %x[ks], %x[rounds], lsl 4\n\t" + "mov w13, %w[rounds]\n\t" + "\n" + "L_AES_invert_key_loop_%=: \n\t" + "ldp w4, w5, [%x[ks]]\n\t" + "ldnp w6, w7, [%x[ks], #8]\n\t" + "ldp w8, w9, [x12]\n\t" + "ldnp w10, w11, [x12, #8]\n\t" + "stp w4, w5, [x12]\n\t" + "stnp w6, w7, [x12, #8]\n\t" + "stp w8, w9, [%x[ks]], #8\n\t" + "stp w10, w11, [%x[ks]], #8\n\t" + "subs w13, w13, #2\n\t" + "sub x12, x12, #16\n\t" + "b.ne L_AES_invert_key_loop_%=\n\t" + "sub %x[ks], %x[ks], %x[rounds], lsl 3\n\t" + "add %x[ks], %x[ks], #16\n\t" + "sub w13, %w[rounds], #1\n\t" + "\n" + "L_AES_invert_key_mix_loop_%=: \n\t" + "ldp w4, w5, [%x[ks]]\n\t" + "ldnp w6, w7, [%x[ks], #8]\n\t" + "ubfx w8, w4, #0, #8\n\t" + "ubfx w9, w4, #8, #8\n\t" + "ubfx w10, w4, #16, #8\n\t" + "ubfx w11, w4, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w5, #0, #8\n\t" + "ubfx w9, w5, #8, #8\n\t" + "ubfx w10, w5, #16, #8\n\t" + "ubfx w11, w5, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w6, #0, #8\n\t" + "ubfx w9, w6, #8, #8\n\t" + "ubfx w10, w6, #16, #8\n\t" + "ubfx w11, w6, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "ubfx w8, w7, #0, #8\n\t" + "ubfx w9, w7, #8, #8\n\t" + "ubfx w10, w7, #16, #8\n\t" + "ubfx w11, w7, #24, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "eor w10, w10, w8, ror 16\n\t" + "eor w10, w10, w9, ror 8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "str w10, [%x[ks]], #4\n\t" + "subs w13, w13, #1\n\t" + "b.ne L_AES_invert_key_mix_loop_%=\n\t" + : [ks] "+r" (ks), [rounds] "+r" (rounds) + : [te] "r" (te), [td] "r" (td) + : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", + "x12", "x13" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +static const word32 L_AES_ARM64_rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1b000000, 0x36000000, +}; + +void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks); +void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks) +{ + const word32* rcon = L_AES_ARM64_rcon; + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "cmp %w[len], #0x80\n\t" + "b.eq L_AES_set_encrypt_key_start_128_%=\n\t" + "cmp %w[len], #0xc0\n\t" + "b.eq L_AES_set_encrypt_key_start_192_%=\n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]], #8\n\t" + "stp w8, w9, [%x[ks]], #8\n\t" + "ldr w6, [%x[key], #16]\n\t" + "ldr w7, [%x[key], #20]\n\t" + "ldr w8, [%x[key], #24]\n\t" + "ldr w9, [%x[key], #28]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "mov x4, #6\n\t" + "\n" + "L_AES_set_encrypt_key_loop_256_%=: \n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "mov w3, w9\n\t" + "ubfx w6, w3, #8, #8\n\t" + "ubfx w7, w3, #16, #8\n\t" + "ubfx w8, w3, #24, #8\n\t" + "ubfx w3, w3, #0, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w3, w3, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w3, [%[te], x3, LSL 0]\n\t" + "eor w3, w3, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_256_%=\n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "add %x[ks], %x[ks], #16\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "sub %x[ks], %x[ks], #16\n\t" + "b L_AES_set_encrypt_key_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_start_192_%=: \n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "ldr w10, [%x[key], #16]\n\t" + "ldr w11, [%x[key], #20]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "rev w10, w10\n\t" + "rev w11, w11\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "stnp w10, w11, [%x[ks], #16]\n\t" + "mov x4, #7\n\t" + "\n" + "L_AES_set_encrypt_key_loop_192_%=: \n\t" + "ubfx w6, w11, #0, #8\n\t" + "ubfx w7, w11, #8, #8\n\t" + "ubfx w8, w11, #16, #8\n\t" + "ubfx w11, w11, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "eor w3, w11, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "ldp w10, w11, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "eor w10, w10, w9\n\t" + "eor w11, w11, w10\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "stnp w10, w11, [%x[ks], #16]\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_192_%=\n\t" + "ubfx w6, w11, #0, #8\n\t" + "ubfx w7, w11, #8, #8\n\t" + "ubfx w8, w11, #16, #8\n\t" + "ubfx w11, w11, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w11, w11, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "eor w3, w11, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "ldp w10, w11, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "b L_AES_set_encrypt_key_end_%=\n\t" + "\n" + "L_AES_set_encrypt_key_start_128_%=: \n\t" + "ldr w6, [%x[key]]\n\t" + "ldr w7, [%x[key], #4]\n\t" + "ldr w8, [%x[key], #8]\n\t" + "ldr w9, [%x[key], #12]\n\t" + "rev w6, w6\n\t" + "rev w7, w7\n\t" + "rev w8, w8\n\t" + "rev w9, w9\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "mov x4, #10\n\t" + "\n" + "L_AES_set_encrypt_key_loop_128_%=: \n\t" + "ubfx w6, w9, #0, #8\n\t" + "ubfx w7, w9, #8, #8\n\t" + "ubfx w8, w9, #16, #8\n\t" + "ubfx w9, w9, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w7, w7, #2\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "eor w3, w9, w6, lsl 8\n\t" + "eor w3, w3, w7, lsl 16\n\t" + "eor w3, w3, w8, lsl 24\n\t" + "ldp w6, w7, [%x[ks]], #8\n\t" + "ldp w8, w9, [%x[ks]], #8\n\t" + "eor w6, w6, w3\n\t" + "ldr w3, [%[rcon]], #4\n\t" + "eor w6, w6, w3\n\t" + "eor w7, w7, w6\n\t" + "eor w8, w8, w7\n\t" + "eor w9, w9, w8\n\t" + "stp w6, w7, [%x[ks]]\n\t" + "stnp w8, w9, [%x[ks], #8]\n\t" + "subs x4, x4, #1\n\t" + "b.ne L_AES_set_encrypt_key_loop_128_%=\n\t" + "\n" + "L_AES_set_encrypt_key_end_%=: \n\t" + : [len] "+r" (len), [ks] "+r" (ks) + : [key] "r" (key), [rcon] "r" (rcon), [te] "r" (te) + : "memory", "cc", "x3", "x4", "x6", "x7", "x8", "x9", "x10", "x11" + ); +} + +#if defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_ECB) +void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "\n" + "L_AES_ECB_encrypt_loop_block_128_%=: \n\t" + "mov x17, %x[ks]\n\t" + "ldr x6, [%x[in]]\n\t" + "ldr x7, [%x[in], #8]\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "ldp x10, x11, [x17], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "sub w16, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_encrypt_loop_nr_%=: \n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x17], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x10, #48, #8\n\t" + "ubfx x9, x10, #24, #8\n\t" + "ubfx x14, x11, #8, #8\n\t" + "ubfx x15, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w6, [%[te], x6, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x7, x11, #16, #8\n\t" + "eor w6, w6, w9, ror 24\n\t" + "ubfx x9, x10, #56, #8\n\t" + "eor w6, w6, w14, ror 8\n\t" + "ubfx x14, x11, #40, #8\n\t" + "eor w6, w6, w15, ror 16\n\t" + "ubfx x15, x10, #0, #8\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x11, #48, #8\n\t" + "eor w7, w7, w9, ror 24\n\t" + "ubfx x9, x11, #24, #8\n\t" + "eor w7, w7, w14, ror 8\n\t" + "ubfx x14, x10, #8, #8\n\t" + "eor w7, w7, w15, ror 16\n\t" + "ubfx x15, x10, #32, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w8, w8, w9, ror 24\n\t" + "ubfx x9, x10, #16, #8\n\t" + "eor w8, w8, w14, ror 8\n\t" + "ubfx x14, x11, #56, #8\n\t" + "eor w7, w8, w15, ror 16\n\t" + "ubfx x15, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w12, ror 24\n\t" + "ldp x10, x11, [x17], #16\n\t" + "eor w9, w9, w14, ror 24\n\t" + "eor w9, w9, w15, ror 8\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "subs w16, w16, #2\n\t" + "b.ne L_AES_ECB_encrypt_loop_nr_%=\n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x17], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x11, #32, #8\n\t" + "ubfx x9, x11, #8, #8\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x15, x10, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x7, x10, #0, #8\n\t" + "eor w6, w6, w9, lsl 8\n\t" + "ubfx x9, x11, #40, #8\n\t" + "eor w6, w6, w14, lsl 16\n\t" + "ubfx x14, x11, #16, #8\n\t" + "eor w6, w6, w15, lsl 24\n\t" + "ubfx x15, x10, #56, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x8, x10, #32, #8\n\t" + "eor w7, w7, w9, lsl 8\n\t" + "ubfx x9, x10, #8, #8\n\t" + "eor w7, w7, w14, lsl 16\n\t" + "ubfx x14, x11, #48, #8\n\t" + "eor w7, w7, w15, lsl 24\n\t" + "ubfx x15, x11, #24, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x13, x11, #56, #8\n\t" + "eor w8, w8, w9, lsl 8\n\t" + "ubfx x9, x11, #0, #8\n\t" + "eor w8, w8, w14, lsl 16\n\t" + "ubfx x14, x10, #40, #8\n\t" + "eor w7, w8, w15, lsl 24\n\t" + "ubfx x15, x10, #16, #8\n\t" + "lsl w13, w13, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "eor w14, w14, w13, lsl 16\n\t" + "ldp x10, x11, [x17]\n\t" + "eor w9, w9, w14, lsl 8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "str x6, [%x[out]]\n\t" + "str x7, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_ECB_encrypt_loop_block_128_%=\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", + "x14", "x15", "x16", "x17" + ); +} + +#endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || + * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ +#ifdef HAVE_AES_CBC +void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x7, x8, [%x[iv]]\n\t" + "\n" + "L_AES_CBC_encrypt_loop_block_%=: \n\t" + "mov x19, %x[ks]\n\t" + "ldr x11, [%x[in]]\n\t" + "ldr x12, [%x[in], #8]\n\t" + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldp x11, x12, [x19], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "sub w17, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_encrypt_loop_nr_%=: \n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w15, ror 24\n\t" + "eor w14, w14, w16, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x15, x12, #8, #8\n\t" + "ubfx x16, x12, #32, #8\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x8, x12, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w15, ror 8\n\t" + "ubfx x15, x12, #40, #8\n\t" + "eor w7, w7, w16, ror 16\n\t" + "ubfx x16, x11, #0, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x12, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w15, ror 8\n\t" + "ubfx x15, x11, #8, #8\n\t" + "eor w8, w8, w16, ror 16\n\t" + "ubfx x16, x11, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x12, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x11, #16, #8\n\t" + "eor w9, w9, w15, ror 8\n\t" + "ubfx x15, x12, #56, #8\n\t" + "eor w8, w9, w16, ror 16\n\t" + "ubfx x16, x11, #40, #8\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w13, ror 24\n\t" + "ldp x11, x12, [x19], #16\n\t" + "eor w10, w10, w15, ror 24\n\t" + "eor w10, w10, w16, ror 8\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w17, w17, #2\n\t" + "b.ne L_AES_CBC_encrypt_loop_nr_%=\n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w15, ror 24\n\t" + "eor w14, w14, w16, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x15, x11, #48, #8\n\t" + "ubfx x16, x11, #24, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldr x14, [%[te]]\n\t" + "ldr x14, [%[te], #64]\n\t" + "ldr x14, [%[te], #128]\n\t" + "ldr x14, [%[te], #192]\n\t" + "ldr x14, [%[te], #256]\n\t" + "ldr x14, [%[te], #320]\n\t" + "ldr x14, [%[te], #384]\n\t" + "ldr x14, [%[te], #448]\n\t" + "ldr x14, [%[te], #512]\n\t" + "ldr x14, [%[te], #576]\n\t" + "ldr x14, [%[te], #640]\n\t" + "ldr x14, [%[te], #704]\n\t" + "ldr x14, [%[te], #768]\n\t" + "ldr x14, [%[te], #832]\n\t" + "ldr x14, [%[te], #896]\n\t" + "ldr x14, [%[te], #960]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x8, x11, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w15, lsl 16\n\t" + "ubfx x15, x12, #16, #8\n\t" + "eor w7, w7, w16, lsl 24\n\t" + "ubfx x16, x11, #56, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x9, x11, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w15, lsl 16\n\t" + "ubfx x15, x12, #48, #8\n\t" + "eor w8, w8, w16, lsl 24\n\t" + "ubfx x16, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x12, #0, #8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "ubfx x15, x11, #40, #8\n\t" + "eor w8, w9, w16, lsl 24\n\t" + "ubfx x16, x11, #16, #8\n\t" + "lsl w14, w14, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w15, w15, #2\n\t" + "lsl w16, w16, #2\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ldrb w16, [%[te], x16, LSL 0]\n\t" + "eor w15, w15, w14, lsl 16\n\t" + "ldp x11, x12, [x19]\n\t" + "eor w10, w10, w15, lsl 8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CBC_encrypt_loop_block_%=\n\t" + "stp x7, x8, [%x[iv]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19" + ); +} + +#endif /* HAVE_AES_CBC */ +#ifdef WOLFSSL_AES_COUNTER +void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x15, x16, [%x[ctr]]\n\t" + "rev32 x15, x15\n\t" + "rev32 x16, x16\n\t" + "\n" + "L_AES_CTR_encrypt_loop_block_128_%=: \n\t" + "mov x21, %x[ks]\n\t" + "ldp x11, x12, [x21], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x15, x11\n\t" + "eor x8, x16, x12\n\t" + "sub w20, %w[nr], #2\n\t" + "\n" + "L_AES_CTR_encrypt_loop_nr_%=: \n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x17, x8, #8, #8\n\t" + "ubfx x19, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w17, ror 8\n\t" + "ubfx x17, x8, #40, #8\n\t" + "eor w11, w11, w19, ror 16\n\t" + "ubfx x19, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w17, ror 8\n\t" + "ubfx x17, x7, #8, #8\n\t" + "eor w12, w12, w19, ror 16\n\t" + "ubfx x19, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w17, ror 8\n\t" + "ubfx x17, x8, #56, #8\n\t" + "eor w12, w13, w19, ror 16\n\t" + "ubfx x19, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w9, ror 24\n\t" + "ldp x7, x8, [x21], #16\n\t" + "eor w14, w14, w17, ror 24\n\t" + "eor w14, w14, w19, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x17, x12, #8, #8\n\t" + "ubfx x19, x12, #32, #8\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x8, x12, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w17, ror 8\n\t" + "ubfx x17, x12, #40, #8\n\t" + "eor w7, w7, w19, ror 16\n\t" + "ubfx x19, x11, #0, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x12, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w17, ror 8\n\t" + "ubfx x17, x11, #8, #8\n\t" + "eor w8, w8, w19, ror 16\n\t" + "ubfx x19, x11, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x12, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x11, #16, #8\n\t" + "eor w9, w9, w17, ror 8\n\t" + "ubfx x17, x12, #56, #8\n\t" + "eor w8, w9, w19, ror 16\n\t" + "ubfx x19, x11, #40, #8\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w13, ror 24\n\t" + "ldp x11, x12, [x21], #16\n\t" + "eor w10, w10, w17, ror 24\n\t" + "eor w10, w10, w19, ror 8\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w20, w20, #2\n\t" + "b.ne L_AES_CTR_encrypt_loop_nr_%=\n\t" + "ubfx x11, x7, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x17, x8, #8, #8\n\t" + "ubfx x19, x8, #32, #8\n\t" + "ldr x9, [%[te]]\n\t" + "ldr x9, [%[te], #64]\n\t" + "ldr x9, [%[te], #128]\n\t" + "ldr x9, [%[te], #192]\n\t" + "ldr x9, [%[te], #256]\n\t" + "ldr x9, [%[te], #320]\n\t" + "ldr x9, [%[te], #384]\n\t" + "ldr x9, [%[te], #448]\n\t" + "ldr x9, [%[te], #512]\n\t" + "ldr x9, [%[te], #576]\n\t" + "ldr x9, [%[te], #640]\n\t" + "ldr x9, [%[te], #704]\n\t" + "ldr x9, [%[te], #768]\n\t" + "ldr x9, [%[te], #832]\n\t" + "ldr x9, [%[te], #896]\n\t" + "ldr x9, [%[te], #960]\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x12, x8, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w17, ror 8\n\t" + "ubfx x17, x8, #40, #8\n\t" + "eor w11, w11, w19, ror 16\n\t" + "ubfx x19, x7, #0, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x13, x8, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w17, ror 8\n\t" + "ubfx x17, x7, #8, #8\n\t" + "eor w12, w12, w19, ror 16\n\t" + "ubfx x19, x7, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ubfx x9, x8, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x7, #16, #8\n\t" + "eor w13, w13, w17, ror 8\n\t" + "ubfx x17, x8, #56, #8\n\t" + "eor w12, w13, w19, ror 16\n\t" + "ubfx x19, x7, #40, #8\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "eor w17, w17, w9, ror 24\n\t" + "ldp x7, x8, [x21], #16\n\t" + "eor w14, w14, w17, ror 24\n\t" + "eor w14, w14, w19, ror 8\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x17, x11, #48, #8\n\t" + "ubfx x19, x11, #24, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldr x14, [%[te]]\n\t" + "ldr x14, [%[te], #64]\n\t" + "ldr x14, [%[te], #128]\n\t" + "ldr x14, [%[te], #192]\n\t" + "ldr x14, [%[te], #256]\n\t" + "ldr x14, [%[te], #320]\n\t" + "ldr x14, [%[te], #384]\n\t" + "ldr x14, [%[te], #448]\n\t" + "ldr x14, [%[te], #512]\n\t" + "ldr x14, [%[te], #576]\n\t" + "ldr x14, [%[te], #640]\n\t" + "ldr x14, [%[te], #704]\n\t" + "ldr x14, [%[te], #768]\n\t" + "ldr x14, [%[te], #832]\n\t" + "ldr x14, [%[te], #896]\n\t" + "ldr x14, [%[te], #960]\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x8, x11, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w17, lsl 16\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w7, w7, w19, lsl 24\n\t" + "ubfx x19, x11, #56, #8\n\t" + "lsl w8, w8, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x9, x11, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w17, lsl 16\n\t" + "ubfx x17, x12, #48, #8\n\t" + "eor w8, w8, w19, lsl 24\n\t" + "ubfx x19, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "lsl w9, w9, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x12, #0, #8\n\t" + "eor w9, w9, w17, lsl 16\n\t" + "ubfx x17, x11, #40, #8\n\t" + "eor w8, w9, w19, lsl 24\n\t" + "ubfx x19, x11, #16, #8\n\t" + "lsl w14, w14, #2\n\t" + "lsl w10, w10, #2\n\t" + "lsl w17, w17, #2\n\t" + "lsl w19, w19, #2\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "eor w17, w17, w14, lsl 16\n\t" + "ldp x11, x12, [x21]\n\t" + "eor w10, w10, w17, lsl 8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldr x11, [%x[in]]\n\t" + "ldr x12, [%x[in], #8]\n\t" + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "ror x16, x16, #32\n\t" + "ror x15, x15, #32\n\t" + "adds x16, x16, #1\n\t" + "adc x15, x15, xzr\n\t" + "ror x16, x16, #32\n\t" + "ror x15, x15, #32\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CTR_encrypt_loop_block_128_%=\n\t" + "rev32 x15, x15\n\t" + "rev32 x16, x16\n\t" + "stp x15, x16, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19", "x20", "x21" + ); +} + +#endif /* WOLFSSL_AES_COUNTER */ +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +static const word8 L_AES_ARM64_td4[] = { + 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, + 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, + 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, + 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, + 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, + 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, + 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, + 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, + 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, + 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, + 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, + 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, + 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, + 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, + 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, + 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, + 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, + 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, + 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, + 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, + 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, + 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, + 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, + 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, + 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, + 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, + 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, + 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, + 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, + 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, +}; + +#if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) +void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr) +{ + const word32* td = L_AES_ARM64_td; + const word8* td4 = L_AES_ARM64_td4; + __asm__ __volatile__ ( + "\n" + "L_AES_ECB_decrypt_loop_block_%=: \n\t" + "mov x19, %x[ks]\n\t" + "ldr x7, [%x[in]]\n\t" + "ldr x8, [%x[in], #8]\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "ldp x11, x12, [x19], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "sub w17, %w[nr], #2\n\t" + "\n" + "L_AES_ECB_decrypt_loop_nr_%=: \n\t" + "ubfx x11, x8, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x7, #32, #8\n\t" + "ldr x9, [%[td]]\n\t" + "ldr x9, [%[td], #64]\n\t" + "ldr x9, [%[td], #128]\n\t" + "ldr x9, [%[td], #192]\n\t" + "ldr x9, [%[td], #256]\n\t" + "ldr x9, [%[td], #320]\n\t" + "ldr x9, [%[td], #384]\n\t" + "ldr x9, [%[td], #448]\n\t" + "ldr x9, [%[td], #512]\n\t" + "ldr x9, [%[td], #576]\n\t" + "ldr x9, [%[td], #640]\n\t" + "ldr x9, [%[td], #704]\n\t" + "ldr x9, [%[td], #768]\n\t" + "ldr x9, [%[td], #832]\n\t" + "ldr x9, [%[td], #896]\n\t" + "ldr x9, [%[td], #960]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x12, x7, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x8, #0, #8\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x7, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x8, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x7, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x8, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w16, ror 8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x12, #48, #8\n\t" + "ubfx x10, x11, #24, #8\n\t" + "ubfx x15, x12, #8, #8\n\t" + "ubfx x16, x11, #32, #8\n\t" + "ldr x13, [%[td]]\n\t" + "ldr x13, [%[td], #64]\n\t" + "ldr x13, [%[td], #128]\n\t" + "ldr x13, [%[td], #192]\n\t" + "ldr x13, [%[td], #256]\n\t" + "ldr x13, [%[td], #320]\n\t" + "ldr x13, [%[td], #384]\n\t" + "ldr x13, [%[td], #448]\n\t" + "ldr x13, [%[td], #512]\n\t" + "ldr x13, [%[td], #576]\n\t" + "ldr x13, [%[td], #640]\n\t" + "ldr x13, [%[td], #704]\n\t" + "ldr x13, [%[td], #768]\n\t" + "ldr x13, [%[td], #832]\n\t" + "ldr x13, [%[td], #896]\n\t" + "ldr x13, [%[td], #960]\n\t" + "ldr w7, [%[td], x7, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x8, x11, #16, #8\n\t" + "eor w7, w7, w10, ror 24\n\t" + "ubfx x10, x11, #56, #8\n\t" + "eor w7, w7, w15, ror 8\n\t" + "ubfx x15, x12, #40, #8\n\t" + "eor w7, w7, w16, ror 16\n\t" + "ubfx x16, x12, #0, #8\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x11, #48, #8\n\t" + "eor w8, w8, w10, ror 24\n\t" + "ubfx x10, x12, #24, #8\n\t" + "eor w8, w8, w15, ror 8\n\t" + "ubfx x15, x11, #8, #8\n\t" + "eor w8, w8, w16, ror 16\n\t" + "ubfx x16, x12, #32, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x11, #0, #8\n\t" + "eor w9, w9, w10, ror 24\n\t" + "ubfx x10, x12, #16, #8\n\t" + "eor w9, w9, w15, ror 8\n\t" + "ubfx x15, x12, #56, #8\n\t" + "eor w8, w9, w16, ror 16\n\t" + "ubfx x16, x11, #40, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w13, ror 24\n\t" + "ldp x11, x12, [x19], #16\n\t" + "eor w10, w10, w16, ror 8\n\t" + "eor w10, w10, w15, ror 24\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "subs w17, w17, #2\n\t" + "b.ne L_AES_ECB_decrypt_loop_nr_%=\n\t" + "ubfx x11, x8, #48, #8\n\t" + "ubfx x14, x7, #24, #8\n\t" + "ubfx x15, x8, #8, #8\n\t" + "ubfx x16, x7, #32, #8\n\t" + "ldr x9, [%[td]]\n\t" + "ldr x9, [%[td], #64]\n\t" + "ldr x9, [%[td], #128]\n\t" + "ldr x9, [%[td], #192]\n\t" + "ldr x9, [%[td], #256]\n\t" + "ldr x9, [%[td], #320]\n\t" + "ldr x9, [%[td], #384]\n\t" + "ldr x9, [%[td], #448]\n\t" + "ldr x9, [%[td], #512]\n\t" + "ldr x9, [%[td], #576]\n\t" + "ldr x9, [%[td], #640]\n\t" + "ldr x9, [%[td], #704]\n\t" + "ldr x9, [%[td], #768]\n\t" + "ldr x9, [%[td], #832]\n\t" + "ldr x9, [%[td], #896]\n\t" + "ldr x9, [%[td], #960]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x12, x7, #16, #8\n\t" + "eor w11, w11, w14, ror 24\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w11, w15, ror 8\n\t" + "ubfx x15, x8, #40, #8\n\t" + "eor w11, w11, w16, ror 16\n\t" + "ubfx x16, x8, #0, #8\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x13, x7, #48, #8\n\t" + "eor w12, w12, w14, ror 24\n\t" + "ubfx x14, x8, #24, #8\n\t" + "eor w12, w12, w15, ror 8\n\t" + "ubfx x15, x7, #8, #8\n\t" + "eor w12, w12, w16, ror 16\n\t" + "ubfx x16, x8, #32, #8\n\t" + "bfi x11, x12, #32, #32\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ubfx x9, x7, #0, #8\n\t" + "eor w13, w13, w14, ror 24\n\t" + "ubfx x14, x8, #16, #8\n\t" + "eor w13, w13, w15, ror 8\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w13, w16, ror 16\n\t" + "ubfx x16, x7, #40, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "eor w15, w15, w9, ror 24\n\t" + "ldp x7, x8, [x19], #16\n\t" + "eor w14, w14, w16, ror 8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "bfi x12, x14, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x11, x11, x7\n\t" + "eor x12, x12, x8\n\t" + "ubfx x7, x11, #32, #8\n\t" + "ubfx x10, x12, #8, #8\n\t" + "ubfx x15, x12, #48, #8\n\t" + "ubfx x16, x11, #24, #8\n\t" + "ldr x14, [%[td4]]\n\t" + "ldr x14, [%[td4], #64]\n\t" + "ldr x14, [%[td4], #128]\n\t" + "ldr x14, [%[td4], #192]\n\t" + "ldrb w7, [%[td4], x7, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x8, x12, #0, #8\n\t" + "eor w7, w7, w10, lsl 8\n\t" + "ubfx x10, x12, #40, #8\n\t" + "eor w7, w7, w15, lsl 16\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w7, w7, w16, lsl 24\n\t" + "ubfx x16, x11, #56, #8\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ubfx x9, x12, #32, #8\n\t" + "eor w8, w8, w10, lsl 8\n\t" + "ubfx x10, x11, #8, #8\n\t" + "eor w8, w8, w15, lsl 16\n\t" + "ubfx x15, x11, #48, #8\n\t" + "eor w8, w8, w16, lsl 24\n\t" + "ubfx x16, x12, #24, #8\n\t" + "bfi x7, x8, #32, #32\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ubfx x14, x12, #56, #8\n\t" + "eor w9, w9, w10, lsl 8\n\t" + "ubfx x10, x11, #0, #8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "ubfx x15, x11, #40, #8\n\t" + "eor w8, w9, w16, lsl 24\n\t" + "ubfx x16, x12, #16, #8\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "eor w15, w15, w14, lsl 16\n\t" + "ldp x11, x12, [x19]\n\t" + "eor w10, w10, w15, lsl 8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "bfi x8, x10, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x7, x7, x11\n\t" + "eor x8, x8, x12\n\t" + "rev32 x7, x7\n\t" + "rev32 x8, x8\n\t" + "str x7, [%x[out]]\n\t" + "str x8, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_ECB_decrypt_loop_block_%=\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr) + : [in] "r" (in), [ks] "r" (ks), [td] "r" (td), [td4] "r" (td4) + : "memory", "cc", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", + "x15", "x16", "x17", "x19" + ); +} + +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ +#ifdef HAVE_AES_CBC +void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv) +{ + const word8* td4 = L_AES_ARM64_td4; + const word32* td = L_AES_ARM64_td; + __asm__ __volatile__ ( + "\n" + "L_AES_CBC_decrypt_loop_block_%=: \n\t" + "mov x20, %x[ks]\n\t" + "ldr x8, [%x[in]]\n\t" + "ldr x9, [%x[in], #8]\n\t" + "stnp x8, x9, [%x[iv], #16]\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [x20], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "sub w19, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_loop_nr_even_%=: \n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x13, #48, #8\n\t" + "ubfx x11, x12, #24, #8\n\t" + "ubfx x16, x13, #8, #8\n\t" + "ubfx x17, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x9, x12, #16, #8\n\t" + "eor w8, w8, w11, ror 24\n\t" + "ubfx x11, x12, #56, #8\n\t" + "eor w8, w8, w16, ror 8\n\t" + "ubfx x16, x13, #40, #8\n\t" + "eor w8, w8, w17, ror 16\n\t" + "ubfx x17, x13, #0, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x12, #48, #8\n\t" + "eor w9, w9, w11, ror 24\n\t" + "ubfx x11, x13, #24, #8\n\t" + "eor w9, w9, w16, ror 8\n\t" + "ubfx x16, x12, #8, #8\n\t" + "eor w9, w9, w17, ror 16\n\t" + "ubfx x17, x13, #32, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "ubfx x11, x13, #16, #8\n\t" + "eor w10, w10, w16, ror 8\n\t" + "ubfx x16, x13, #56, #8\n\t" + "eor w9, w10, w17, ror 16\n\t" + "ubfx x17, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w14, ror 24\n\t" + "ldp x12, x13, [x20], #16\n\t" + "eor w11, w11, w17, ror 8\n\t" + "eor w11, w11, w16, ror 24\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "subs w19, w19, #2\n\t" + "b.ne L_AES_CBC_decrypt_loop_nr_even_%=\n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x12, #32, #8\n\t" + "ubfx x11, x13, #8, #8\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x17, x12, #24, #8\n\t" + "ldr x15, [%[td4]]\n\t" + "ldr x15, [%[td4], #64]\n\t" + "ldr x15, [%[td4], #128]\n\t" + "ldr x15, [%[td4], #192]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ubfx x9, x13, #0, #8\n\t" + "eor w8, w8, w11, lsl 8\n\t" + "ubfx x11, x13, #40, #8\n\t" + "eor w8, w8, w16, lsl 16\n\t" + "ubfx x16, x12, #16, #8\n\t" + "eor w8, w8, w17, lsl 24\n\t" + "ubfx x17, x12, #56, #8\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x10, x13, #32, #8\n\t" + "eor w9, w9, w11, lsl 8\n\t" + "ubfx x11, x12, #8, #8\n\t" + "eor w9, w9, w16, lsl 16\n\t" + "ubfx x16, x12, #48, #8\n\t" + "eor w9, w9, w17, lsl 24\n\t" + "ubfx x17, x13, #24, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x15, x13, #56, #8\n\t" + "eor w10, w10, w11, lsl 8\n\t" + "ubfx x11, x12, #0, #8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "ubfx x16, x12, #40, #8\n\t" + "eor w9, w10, w17, lsl 24\n\t" + "ubfx x17, x13, #16, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "eor w16, w16, w15, lsl 16\n\t" + "ldp x12, x13, [x20]\n\t" + "eor w11, w11, w16, lsl 8\n\t" + "eor w11, w11, w17, lsl 16\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [%x[iv]]\n\t" + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "str x8, [%x[out]]\n\t" + "str x9, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.eq L_AES_CBC_decrypt_end_dec_odd_%=\n\t" + "mov x20, %x[ks]\n\t" + "ldr x8, [%x[in]]\n\t" + "ldr x9, [%x[in], #8]\n\t" + "stp x8, x9, [%x[iv]]\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldp x12, x13, [x20], #16\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "sub w19, %w[nr], #2\n\t" + "\n" + "L_AES_CBC_decrypt_loop_nr_odd_%=: \n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x13, #48, #8\n\t" + "ubfx x11, x12, #24, #8\n\t" + "ubfx x16, x13, #8, #8\n\t" + "ubfx x17, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w8, [%[td], x8, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x9, x12, #16, #8\n\t" + "eor w8, w8, w11, ror 24\n\t" + "ubfx x11, x12, #56, #8\n\t" + "eor w8, w8, w16, ror 8\n\t" + "ubfx x16, x13, #40, #8\n\t" + "eor w8, w8, w17, ror 16\n\t" + "ubfx x17, x13, #0, #8\n\t" + "ldr w9, [%[td], x9, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x12, #48, #8\n\t" + "eor w9, w9, w11, ror 24\n\t" + "ubfx x11, x13, #24, #8\n\t" + "eor w9, w9, w16, ror 8\n\t" + "ubfx x16, x12, #8, #8\n\t" + "eor w9, w9, w17, ror 16\n\t" + "ubfx x17, x13, #32, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w10, w10, w11, ror 24\n\t" + "ubfx x11, x13, #16, #8\n\t" + "eor w10, w10, w16, ror 8\n\t" + "ubfx x16, x13, #56, #8\n\t" + "eor w9, w10, w17, ror 16\n\t" + "ubfx x17, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w11, [%[td], x11, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w14, ror 24\n\t" + "ldp x12, x13, [x20], #16\n\t" + "eor w11, w11, w17, ror 8\n\t" + "eor w11, w11, w16, ror 24\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "subs w19, w19, #2\n\t" + "b.ne L_AES_CBC_decrypt_loop_nr_odd_%=\n\t" + "ubfx x12, x9, #48, #8\n\t" + "ubfx x15, x8, #24, #8\n\t" + "ubfx x16, x9, #8, #8\n\t" + "ubfx x17, x8, #32, #8\n\t" + "ldr x10, [%[td]]\n\t" + "ldr x10, [%[td], #64]\n\t" + "ldr x10, [%[td], #128]\n\t" + "ldr x10, [%[td], #192]\n\t" + "ldr x10, [%[td], #256]\n\t" + "ldr x10, [%[td], #320]\n\t" + "ldr x10, [%[td], #384]\n\t" + "ldr x10, [%[td], #448]\n\t" + "ldr x10, [%[td], #512]\n\t" + "ldr x10, [%[td], #576]\n\t" + "ldr x10, [%[td], #640]\n\t" + "ldr x10, [%[td], #704]\n\t" + "ldr x10, [%[td], #768]\n\t" + "ldr x10, [%[td], #832]\n\t" + "ldr x10, [%[td], #896]\n\t" + "ldr x10, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x13, x8, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x8, #56, #8\n\t" + "eor w12, w12, w16, ror 8\n\t" + "ubfx x16, x9, #40, #8\n\t" + "eor w12, w12, w17, ror 16\n\t" + "ubfx x17, x9, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x14, x8, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x9, #24, #8\n\t" + "eor w13, w13, w16, ror 8\n\t" + "ubfx x16, x8, #8, #8\n\t" + "eor w13, w13, w17, ror 16\n\t" + "ubfx x17, x9, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ubfx x10, x8, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x9, #16, #8\n\t" + "eor w14, w14, w16, ror 8\n\t" + "ubfx x16, x9, #56, #8\n\t" + "eor w13, w14, w17, ror 16\n\t" + "ubfx x17, x8, #40, #8\n\t" + "ldr w10, [%[td], x10, LSL 2]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "eor w16, w16, w10, ror 24\n\t" + "ldp x8, x9, [x20], #16\n\t" + "eor w15, w15, w17, ror 8\n\t" + "eor w15, w15, w16, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x8\n\t" + "eor x13, x13, x9\n\t" + "ubfx x8, x12, #32, #8\n\t" + "ubfx x11, x13, #8, #8\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x17, x12, #24, #8\n\t" + "ldr x15, [%[td4]]\n\t" + "ldr x15, [%[td4], #64]\n\t" + "ldr x15, [%[td4], #128]\n\t" + "ldr x15, [%[td4], #192]\n\t" + "ldrb w8, [%[td4], x8, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ubfx x9, x13, #0, #8\n\t" + "eor w8, w8, w11, lsl 8\n\t" + "ubfx x11, x13, #40, #8\n\t" + "eor w8, w8, w16, lsl 16\n\t" + "ubfx x16, x12, #16, #8\n\t" + "eor w8, w8, w17, lsl 24\n\t" + "ubfx x17, x12, #56, #8\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w9, [%[td4], x9, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x10, x13, #32, #8\n\t" + "eor w9, w9, w11, lsl 8\n\t" + "ubfx x11, x12, #8, #8\n\t" + "eor w9, w9, w16, lsl 16\n\t" + "ubfx x16, x12, #48, #8\n\t" + "eor w9, w9, w17, lsl 24\n\t" + "ubfx x17, x13, #24, #8\n\t" + "bfi x8, x9, #32, #32\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "ldrb w10, [%[td4], x10, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ubfx x15, x13, #56, #8\n\t" + "eor w10, w10, w11, lsl 8\n\t" + "ubfx x11, x12, #0, #8\n\t" + "eor w10, w10, w16, lsl 16\n\t" + "ubfx x16, x12, #40, #8\n\t" + "eor w9, w10, w17, lsl 24\n\t" + "ubfx x17, x13, #16, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w16, [%[td4], x16, LSL 0]\n\t" + "ldrb w11, [%[td4], x11, LSL 0]\n\t" + "ldrb w17, [%[td4], x17, LSL 0]\n\t" + "eor w16, w16, w15, lsl 16\n\t" + "ldp x12, x13, [x20]\n\t" + "eor w11, w11, w16, lsl 8\n\t" + "eor w11, w11, w17, lsl 16\n\t" + "bfi x9, x11, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "rev32 x8, x8\n\t" + "rev32 x9, x9\n\t" + "ldnp x12, x13, [%x[iv], #16]\n\t" + "eor x8, x8, x12\n\t" + "eor x9, x9, x13\n\t" + "str x8, [%x[out]]\n\t" + "str x9, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_CBC_decrypt_loop_block_%=\n\t" + "b L_AES_CBC_decrypt_end_dec_%=\n\t" + "\n" + "L_AES_CBC_decrypt_end_dec_odd_%=: \n\t" + "ldnp x12, x13, [%x[iv], #16]\n\t" + "stp x12, x13, [%x[iv]]\n\t" + "\n" + "L_AES_CBC_decrypt_end_dec_%=: \n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [iv] "+r" (iv) + : [in] "r" (in), [ks] "r" (ks), [td4] "r" (td4), [td] "r" (td) + : "memory", "cc", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", + "x16", "x17", "x19", "x20" + ); +} + +#endif /* HAVE_AES_CBC */ +#endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC + * HAVE_AES_ECB */ +#endif /* HAVE_AES_DECRYPT */ +#ifdef HAVE_AESGCM +static const word32 L_GCM_gmult_len_r[] = { + 0x00000000, 0x1c200000, 0x38400000, 0x24600000, + 0x70800000, 0x6ca00000, 0x48c00000, 0x54e00000, + 0xe1000000, 0xfd200000, 0xd9400000, 0xc5600000, + 0x91800000, 0x8da00000, 0xa9c00000, 0xb5e00000, + 0x00000000, 0x01c20000, 0x03840000, 0x02460000, + 0x07080000, 0x06ca0000, 0x048c0000, 0x054e0000, + 0x0e100000, 0x0fd20000, 0x0d940000, 0x0c560000, + 0x09180000, 0x08da0000, 0x0a9c0000, 0x0b5e0000, +}; + +void GCM_gmult_len(unsigned char* x, const unsigned char** m, + const unsigned char* data, unsigned long len); +void GCM_gmult_len(unsigned char* x, const unsigned char** m, + const unsigned char* data, unsigned long len) +{ + const word32* r = L_GCM_gmult_len_r; + __asm__ __volatile__ ( + "\n" + "L_GCM_gmult_len_start_block_%=: \n\t" + "ldp x4, x5, [%x[x]]\n\t" + "ldp x6, x7, [%x[data]]\n\t" + "eor x4, x4, x6\n\t" + "eor x5, x5, x7\n\t" + "ubfx x12, x5, #56, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x8, x9, [x12]\n\t" + "ubfx x12, x5, #60, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #48, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #52, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #40, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #44, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #32, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #36, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #24, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #28, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #16, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #20, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #8, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #12, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x5, #0, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x5, #4, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #56, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #60, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #48, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #52, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #40, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #44, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #32, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #36, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #24, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #28, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #16, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #20, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfx x12, x4, #8, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x12, x4, #12, #4\n\t" + "mov x11, x9\n\t" + "add x12, x12, #16\n\t" + "lsr x9, x9, #8\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 56\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #8\n\t" + "eor x8, x8, x6\n\t" + "sub x12, x12, #0x100\n\t" + "eor x9, x9, x7\n\t" + "ldr x7, [x12, #8]\n\t" + "ubfx w6, w11, #0, #4\n\t" + "eor x11, x11, x7, lsl 4\n\t" + "add w6, w6, #16\n\t" + "ubfx w11, w11, #4, #4\n\t" + "ldr w6, [%[r], x6, LSL 2]\n\t" + "ldr w7, [%[r], x11, LSL 2]\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "eor x8, x8, x7, lsl 32\n\t" + "ubfiz x12, x4, #4, #4\n\t" + "add x12, x12, %x[m]\n\t" + "ldp x6, x7, [x12]\n\t" + "eor x8, x8, x6\n\t" + "eor x9, x9, x7\n\t" + "ubfx x11, x9, #0, #4\n\t" + "ubfx x12, x4, #4, #4\n\t" + "lsr x9, x9, #4\n\t" + "add x12, %x[m], x12, lsl 4\n\t" + "orr x9, x9, x8, lsl 60\n\t" + "ldp x6, x7, [x12]\n\t" + "lsr x8, x8, #4\n\t" + "eor x8, x8, x6\n\t" + "ldr w6, [%[r], x11, LSL 2]\n\t" + "eor x9, x9, x7\n\t" + "eor x8, x8, x6, lsl 32\n\t" + "rev x8, x8\n\t" + "rev x9, x9\n\t" + "stp x8, x9, [%x[x]]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[data], %x[data], #16\n\t" + "b.ne L_GCM_gmult_len_start_block_%=\n\t" + : [x] "+r" (x), [len] "+r" (len) + : [m] "r" (m), [data] "r" (data), [r] "r" (r) + : "memory", "cc", "x4", "x5", "x6", "x7", "x8", "x9", "x11", "x12" + ); +} + +void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "ldp x16, x17, [%x[ctr]]\n\t" + "rev32 x16, x16\n\t" + "rev32 x17, x17\n\t" + "\n" + "L_AES_GCM_encrypt_loop_block_%=: \n\t" + "mov x21, %x[ks]\n\t" + "lsr x9, x17, #32\n\t" + "ldp x10, x11, [x21], #16\n\t" + "add w9, w9, #1\n\t" + "bfi x17, x9, #32, #32\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x6, x16, x10\n\t" + "eor x7, x17, x11\n\t" + "sub w20, %w[nr], #2\n\t" + "\n" + "L_AES_GCM_encrypt_loop_nr_%=: \n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x21], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x10, #48, #8\n\t" + "ubfx x9, x10, #24, #8\n\t" + "ubfx x14, x11, #8, #8\n\t" + "ubfx x15, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w6, [%[te], x6, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x7, x11, #16, #8\n\t" + "eor w6, w6, w9, ror 24\n\t" + "ubfx x9, x10, #56, #8\n\t" + "eor w6, w6, w14, ror 8\n\t" + "ubfx x14, x11, #40, #8\n\t" + "eor w6, w6, w15, ror 16\n\t" + "ubfx x15, x10, #0, #8\n\t" + "ldr w7, [%[te], x7, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x11, #48, #8\n\t" + "eor w7, w7, w9, ror 24\n\t" + "ubfx x9, x11, #24, #8\n\t" + "eor w7, w7, w14, ror 8\n\t" + "ubfx x14, x10, #8, #8\n\t" + "eor w7, w7, w15, ror 16\n\t" + "ubfx x15, x10, #32, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w8, w8, w9, ror 24\n\t" + "ubfx x9, x10, #16, #8\n\t" + "eor w8, w8, w14, ror 8\n\t" + "ubfx x14, x11, #56, #8\n\t" + "eor w7, w8, w15, ror 16\n\t" + "ubfx x15, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w9, [%[te], x9, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w12, ror 24\n\t" + "ldp x10, x11, [x21], #16\n\t" + "eor w9, w9, w14, ror 24\n\t" + "eor w9, w9, w15, ror 8\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "subs w20, w20, #2\n\t" + "b.ne L_AES_GCM_encrypt_loop_nr_%=\n\t" + "ubfx x10, x6, #48, #8\n\t" + "ubfx x13, x6, #24, #8\n\t" + "ubfx x14, x7, #8, #8\n\t" + "ubfx x15, x7, #32, #8\n\t" + "ldr x8, [%[te]]\n\t" + "ldr x8, [%[te], #64]\n\t" + "ldr x8, [%[te], #128]\n\t" + "ldr x8, [%[te], #192]\n\t" + "ldr x8, [%[te], #256]\n\t" + "ldr x8, [%[te], #320]\n\t" + "ldr x8, [%[te], #384]\n\t" + "ldr x8, [%[te], #448]\n\t" + "ldr x8, [%[te], #512]\n\t" + "ldr x8, [%[te], #576]\n\t" + "ldr x8, [%[te], #640]\n\t" + "ldr x8, [%[te], #704]\n\t" + "ldr x8, [%[te], #768]\n\t" + "ldr x8, [%[te], #832]\n\t" + "ldr x8, [%[te], #896]\n\t" + "ldr x8, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x11, x7, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x6, #56, #8\n\t" + "eor w10, w10, w14, ror 8\n\t" + "ubfx x14, x7, #40, #8\n\t" + "eor w10, w10, w15, ror 16\n\t" + "ubfx x15, x6, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x12, x7, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x7, #24, #8\n\t" + "eor w11, w11, w14, ror 8\n\t" + "ubfx x14, x6, #8, #8\n\t" + "eor w11, w11, w15, ror 16\n\t" + "ubfx x15, x6, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ubfx x8, x7, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x6, #16, #8\n\t" + "eor w12, w12, w14, ror 8\n\t" + "ubfx x14, x7, #56, #8\n\t" + "eor w11, w12, w15, ror 16\n\t" + "ubfx x15, x6, #40, #8\n\t" + "ldr w8, [%[te], x8, LSL 2]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "eor w14, w14, w8, ror 24\n\t" + "ldp x6, x7, [x21], #16\n\t" + "eor w13, w13, w14, ror 24\n\t" + "eor w13, w13, w15, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x6\n\t" + "eor x11, x11, x7\n\t" + "ubfx x6, x11, #32, #8\n\t" + "ubfx x9, x11, #8, #8\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x15, x10, #24, #8\n\t" + "lsl w6, w6, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldr x13, [%[te]]\n\t" + "ldr x13, [%[te], #64]\n\t" + "ldr x13, [%[te], #128]\n\t" + "ldr x13, [%[te], #192]\n\t" + "ldr x13, [%[te], #256]\n\t" + "ldr x13, [%[te], #320]\n\t" + "ldr x13, [%[te], #384]\n\t" + "ldr x13, [%[te], #448]\n\t" + "ldr x13, [%[te], #512]\n\t" + "ldr x13, [%[te], #576]\n\t" + "ldr x13, [%[te], #640]\n\t" + "ldr x13, [%[te], #704]\n\t" + "ldr x13, [%[te], #768]\n\t" + "ldr x13, [%[te], #832]\n\t" + "ldr x13, [%[te], #896]\n\t" + "ldr x13, [%[te], #960]\n\t" + "ldrb w6, [%[te], x6, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x7, x10, #0, #8\n\t" + "eor w6, w6, w9, lsl 8\n\t" + "ubfx x9, x11, #40, #8\n\t" + "eor w6, w6, w14, lsl 16\n\t" + "ubfx x14, x11, #16, #8\n\t" + "eor w6, w6, w15, lsl 24\n\t" + "ubfx x15, x10, #56, #8\n\t" + "lsl w7, w7, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w7, [%[te], x7, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x8, x10, #32, #8\n\t" + "eor w7, w7, w9, lsl 8\n\t" + "ubfx x9, x10, #8, #8\n\t" + "eor w7, w7, w14, lsl 16\n\t" + "ubfx x14, x11, #48, #8\n\t" + "eor w7, w7, w15, lsl 24\n\t" + "ubfx x15, x11, #24, #8\n\t" + "bfi x6, x7, #32, #32\n\t" + "lsl w8, w8, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w8, [%[te], x8, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "ubfx x13, x11, #56, #8\n\t" + "eor w8, w8, w9, lsl 8\n\t" + "ubfx x9, x11, #0, #8\n\t" + "eor w8, w8, w14, lsl 16\n\t" + "ubfx x14, x10, #40, #8\n\t" + "eor w7, w8, w15, lsl 24\n\t" + "ubfx x15, x10, #16, #8\n\t" + "lsl w13, w13, #2\n\t" + "lsl w9, w9, #2\n\t" + "lsl w14, w14, #2\n\t" + "lsl w15, w15, #2\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w9, [%[te], x9, LSL 0]\n\t" + "ldrb w14, [%[te], x14, LSL 0]\n\t" + "ldrb w15, [%[te], x15, LSL 0]\n\t" + "eor w14, w14, w13, lsl 16\n\t" + "ldp x10, x11, [x21]\n\t" + "eor w9, w9, w14, lsl 8\n\t" + "eor w9, w9, w15, lsl 16\n\t" + "bfi x7, x9, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "rev32 x6, x6\n\t" + "rev32 x7, x7\n\t" + "ldr x10, [%x[in]]\n\t" + "ldr x11, [%x[in], #8]\n\t" + "eor x6, x6, x10\n\t" + "eor x7, x7, x11\n\t" + "str x6, [%x[out]]\n\t" + "str x7, [%x[out], #8]\n\t" + "subs %x[len], %x[len], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "b.ne L_AES_GCM_encrypt_loop_block_%=\n\t" + "rev32 x16, x16\n\t" + "rev32 x17, x17\n\t" + "stp x16, x17, [%x[ctr]]\n\t" + : [out] "+r" (out), [len] "+r" (len), [nr] "+r" (nr), [ctr] "+r" (ctr) + : [in] "r" (in), [ks] "r" (ks), [te] "r" (te) + : "memory", "cc", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", + "x14", "x15", "x16", "x17", "x20", "x21" + ); +} + +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_XTS +void AES_XTS_encrypt(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "mov x9, #0x87\n\t" + "mov x26, %x[key2]\n\t" + "ldp x21, x22, [%x[i]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "rev32 x21, x21\n\t" + "rev32 x22, x22\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_tweak_%=: \n\t" + "ubfx x14, x21, #48, #8\n\t" + "ubfx x17, x21, #24, #8\n\t" + "ubfx x19, x22, #8, #8\n\t" + "ubfx x20, x22, #32, #8\n\t" + "ldr x23, [%[te]]\n\t" + "ldr x23, [%[te], #64]\n\t" + "ldr x23, [%[te], #128]\n\t" + "ldr x23, [%[te], #192]\n\t" + "ldr x23, [%[te], #256]\n\t" + "ldr x23, [%[te], #320]\n\t" + "ldr x23, [%[te], #384]\n\t" + "ldr x23, [%[te], #448]\n\t" + "ldr x23, [%[te], #512]\n\t" + "ldr x23, [%[te], #576]\n\t" + "ldr x23, [%[te], #640]\n\t" + "ldr x23, [%[te], #704]\n\t" + "ldr x23, [%[te], #768]\n\t" + "ldr x23, [%[te], #832]\n\t" + "ldr x23, [%[te], #896]\n\t" + "ldr x23, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x22, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x21, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x22, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x21, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x22, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x22, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x21, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x21, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x22, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x21, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x22, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x21, #40, #8\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w23, ror 24\n\t" + "ldp x21, x22, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x21\n\t" + "eor x15, x15, x22\n\t" + "ubfx x21, x14, #48, #8\n\t" + "ubfx x24, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x22, x15, #16, #8\n\t" + "eor w21, w21, w24, ror 24\n\t" + "ubfx x24, x14, #56, #8\n\t" + "eor w21, w21, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w21, w21, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x15, #48, #8\n\t" + "eor w22, w22, w24, ror 24\n\t" + "ubfx x24, x15, #24, #8\n\t" + "eor w22, w22, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w22, w22, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x21, x22, #32, #32\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w23, w23, w24, ror 24\n\t" + "ubfx x24, x14, #16, #8\n\t" + "eor w23, w23, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w22, w23, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w24, w24, w19, ror 24\n\t" + "eor w24, w24, w20, ror 8\n\t" + "bfi x22, x24, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_tweak_%=\n\t" + "ubfx x14, x21, #48, #8\n\t" + "ubfx x17, x21, #24, #8\n\t" + "ubfx x19, x22, #8, #8\n\t" + "ubfx x20, x22, #32, #8\n\t" + "ldr x23, [%[te]]\n\t" + "ldr x23, [%[te], #64]\n\t" + "ldr x23, [%[te], #128]\n\t" + "ldr x23, [%[te], #192]\n\t" + "ldr x23, [%[te], #256]\n\t" + "ldr x23, [%[te], #320]\n\t" + "ldr x23, [%[te], #384]\n\t" + "ldr x23, [%[te], #448]\n\t" + "ldr x23, [%[te], #512]\n\t" + "ldr x23, [%[te], #576]\n\t" + "ldr x23, [%[te], #640]\n\t" + "ldr x23, [%[te], #704]\n\t" + "ldr x23, [%[te], #768]\n\t" + "ldr x23, [%[te], #832]\n\t" + "ldr x23, [%[te], #896]\n\t" + "ldr x23, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x22, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x21, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x22, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x21, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x22, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x22, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x21, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x21, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x23, x22, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x21, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x22, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x21, #40, #8\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w23, ror 24\n\t" + "ldp x21, x22, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x21\n\t" + "eor x15, x15, x22\n\t" + "ubfx x21, x15, #32, #8\n\t" + "ubfx x24, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w21, w21, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x22, x14, #0, #8\n\t" + "eor w21, w21, w24, lsl 8\n\t" + "ubfx x24, x15, #40, #8\n\t" + "eor w21, w21, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w21, w21, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w22, w22, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x23, x14, #32, #8\n\t" + "eor w22, w22, w24, lsl 8\n\t" + "ubfx x24, x14, #8, #8\n\t" + "eor w22, w22, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w22, w22, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x21, x22, #32, #32\n\t" + "lsl w23, w23, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w23, [%[te], x23, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w23, w23, w24, lsl 8\n\t" + "ubfx x24, x15, #0, #8\n\t" + "eor w23, w23, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w22, w23, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w24, w24, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w24, w24, w19, lsl 8\n\t" + "eor w24, w24, w20, lsl 16\n\t" + "bfi x22, x24, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x21, x21, x14\n\t" + "eor x22, x22, x15\n\t" + "rev32 x21, x21\n\t" + "rev32 x22, x22\n\t" + "\n" + "L_AES_XTS_encrypt_loop_block_%=: \n\t" + "mov x26, %x[key]\n\t" + "ldp x10, x11, [%x[in]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_%=: \n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x14, #48, #8\n\t" + "ubfx x13, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x11, x15, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x14, #56, #8\n\t" + "eor w10, w10, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w10, w10, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x15, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x15, #24, #8\n\t" + "eor w11, w11, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w11, w11, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x14, #16, #8\n\t" + "eor w12, w12, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w11, w12, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w13, w13, w19, ror 24\n\t" + "eor w13, w13, w20, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_%=\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x15, #32, #8\n\t" + "ubfx x13, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w10, w10, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x11, x14, #0, #8\n\t" + "eor w10, w10, w13, lsl 8\n\t" + "ubfx x13, x15, #40, #8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w10, w10, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w11, w11, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x12, x14, #32, #8\n\t" + "eor w11, w11, w13, lsl 8\n\t" + "ubfx x13, x14, #8, #8\n\t" + "eor w11, w11, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w11, w11, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "lsl w12, w12, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w12, [%[te], x12, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w12, w12, w13, lsl 8\n\t" + "ubfx x13, x15, #0, #8\n\t" + "eor w12, w12, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w11, w12, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w13, w13, w19, lsl 8\n\t" + "eor w13, w13, w20, lsl 16\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "stp x10, x11, [%x[out]]\n\t" + "and x19, x9, x22, asr 63\n\t" + "extr x22, x22, x21, #63\n\t" + "eor x21, x19, x21, lsl 1\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "cmp %w[sz], #16\n\t" + "b.ge L_AES_XTS_encrypt_loop_block_%=\n\t" + "cbz %w[sz], L_AES_XTS_encrypt_done_data_%=\n\t" + "mov x26, %x[key]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ldp x10, x11, [%x[out]], #16\n\t" + "stp x10, x11, [%x[tmp]]\n\t" + "mov w14, %w[sz]\n\t" + "\n" + "L_AES_XTS_encrypt_start_byte_%=: \n\t" + "ldrb w19, [%x[tmp]]\n\t" + "ldrb w20, [%x[in]], #1\n\t" + "strb w19, [%x[out]], #1\n\t" + "strb w20, [%x[tmp]], #1\n\t" + "subs w14, w14, #1\n\t" + "b.gt L_AES_XTS_encrypt_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "ldp x10, x11, [%x[tmp]]\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "sub w25, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_encrypt_loop_nr_partial_%=: \n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x14, #48, #8\n\t" + "ubfx x13, x14, #24, #8\n\t" + "ubfx x19, x15, #8, #8\n\t" + "ubfx x20, x15, #32, #8\n\t" + "ldr x16, [%[te]]\n\t" + "ldr x16, [%[te], #64]\n\t" + "ldr x16, [%[te], #128]\n\t" + "ldr x16, [%[te], #192]\n\t" + "ldr x16, [%[te], #256]\n\t" + "ldr x16, [%[te], #320]\n\t" + "ldr x16, [%[te], #384]\n\t" + "ldr x16, [%[te], #448]\n\t" + "ldr x16, [%[te], #512]\n\t" + "ldr x16, [%[te], #576]\n\t" + "ldr x16, [%[te], #640]\n\t" + "ldr x16, [%[te], #704]\n\t" + "ldr x16, [%[te], #768]\n\t" + "ldr x16, [%[te], #832]\n\t" + "ldr x16, [%[te], #896]\n\t" + "ldr x16, [%[te], #960]\n\t" + "ldr w10, [%[te], x10, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x11, x15, #16, #8\n\t" + "eor w10, w10, w13, ror 24\n\t" + "ubfx x13, x14, #56, #8\n\t" + "eor w10, w10, w19, ror 8\n\t" + "ubfx x19, x15, #40, #8\n\t" + "eor w10, w10, w20, ror 16\n\t" + "ubfx x20, x14, #0, #8\n\t" + "ldr w11, [%[te], x11, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x15, #48, #8\n\t" + "eor w11, w11, w13, ror 24\n\t" + "ubfx x13, x15, #24, #8\n\t" + "eor w11, w11, w19, ror 8\n\t" + "ubfx x19, x14, #8, #8\n\t" + "eor w11, w11, w20, ror 16\n\t" + "ubfx x20, x14, #32, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x15, #0, #8\n\t" + "eor w12, w12, w13, ror 24\n\t" + "ubfx x13, x14, #16, #8\n\t" + "eor w12, w12, w19, ror 8\n\t" + "ubfx x19, x15, #56, #8\n\t" + "eor w11, w12, w20, ror 16\n\t" + "ubfx x20, x14, #40, #8\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w13, [%[te], x13, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w16, ror 24\n\t" + "ldp x14, x15, [x26], #16\n\t" + "eor w13, w13, w19, ror 24\n\t" + "eor w13, w13, w20, ror 8\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "subs w25, w25, #2\n\t" + "b.ne L_AES_XTS_encrypt_loop_nr_partial_%=\n\t" + "ubfx x14, x10, #48, #8\n\t" + "ubfx x17, x10, #24, #8\n\t" + "ubfx x19, x11, #8, #8\n\t" + "ubfx x20, x11, #32, #8\n\t" + "ldr x12, [%[te]]\n\t" + "ldr x12, [%[te], #64]\n\t" + "ldr x12, [%[te], #128]\n\t" + "ldr x12, [%[te], #192]\n\t" + "ldr x12, [%[te], #256]\n\t" + "ldr x12, [%[te], #320]\n\t" + "ldr x12, [%[te], #384]\n\t" + "ldr x12, [%[te], #448]\n\t" + "ldr x12, [%[te], #512]\n\t" + "ldr x12, [%[te], #576]\n\t" + "ldr x12, [%[te], #640]\n\t" + "ldr x12, [%[te], #704]\n\t" + "ldr x12, [%[te], #768]\n\t" + "ldr x12, [%[te], #832]\n\t" + "ldr x12, [%[te], #896]\n\t" + "ldr x12, [%[te], #960]\n\t" + "ldr w14, [%[te], x14, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x15, x11, #16, #8\n\t" + "eor w14, w14, w17, ror 24\n\t" + "ubfx x17, x10, #56, #8\n\t" + "eor w14, w14, w19, ror 8\n\t" + "ubfx x19, x11, #40, #8\n\t" + "eor w14, w14, w20, ror 16\n\t" + "ubfx x20, x10, #0, #8\n\t" + "ldr w15, [%[te], x15, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x16, x11, #48, #8\n\t" + "eor w15, w15, w17, ror 24\n\t" + "ubfx x17, x11, #24, #8\n\t" + "eor w15, w15, w19, ror 8\n\t" + "ubfx x19, x10, #8, #8\n\t" + "eor w15, w15, w20, ror 16\n\t" + "ubfx x20, x10, #32, #8\n\t" + "bfi x14, x15, #32, #32\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ubfx x12, x11, #0, #8\n\t" + "eor w16, w16, w17, ror 24\n\t" + "ubfx x17, x10, #16, #8\n\t" + "eor w16, w16, w19, ror 8\n\t" + "ubfx x19, x11, #56, #8\n\t" + "eor w15, w16, w20, ror 16\n\t" + "ubfx x20, x10, #40, #8\n\t" + "ldr w12, [%[te], x12, LSL 2]\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "eor w19, w19, w12, ror 24\n\t" + "ldp x10, x11, [x26], #16\n\t" + "eor w17, w17, w19, ror 24\n\t" + "eor w17, w17, w20, ror 8\n\t" + "bfi x15, x17, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x14, x14, x10\n\t" + "eor x15, x15, x11\n\t" + "ubfx x10, x15, #32, #8\n\t" + "ubfx x13, x15, #8, #8\n\t" + "ubfx x19, x14, #48, #8\n\t" + "ubfx x20, x14, #24, #8\n\t" + "lsl w10, w10, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldr x17, [%[te]]\n\t" + "ldr x17, [%[te], #64]\n\t" + "ldr x17, [%[te], #128]\n\t" + "ldr x17, [%[te], #192]\n\t" + "ldr x17, [%[te], #256]\n\t" + "ldr x17, [%[te], #320]\n\t" + "ldr x17, [%[te], #384]\n\t" + "ldr x17, [%[te], #448]\n\t" + "ldr x17, [%[te], #512]\n\t" + "ldr x17, [%[te], #576]\n\t" + "ldr x17, [%[te], #640]\n\t" + "ldr x17, [%[te], #704]\n\t" + "ldr x17, [%[te], #768]\n\t" + "ldr x17, [%[te], #832]\n\t" + "ldr x17, [%[te], #896]\n\t" + "ldr x17, [%[te], #960]\n\t" + "ldrb w10, [%[te], x10, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x11, x14, #0, #8\n\t" + "eor w10, w10, w13, lsl 8\n\t" + "ubfx x13, x15, #40, #8\n\t" + "eor w10, w10, w19, lsl 16\n\t" + "ubfx x19, x15, #16, #8\n\t" + "eor w10, w10, w20, lsl 24\n\t" + "ubfx x20, x14, #56, #8\n\t" + "lsl w11, w11, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w11, [%[te], x11, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x12, x14, #32, #8\n\t" + "eor w11, w11, w13, lsl 8\n\t" + "ubfx x13, x14, #8, #8\n\t" + "eor w11, w11, w19, lsl 16\n\t" + "ubfx x19, x15, #48, #8\n\t" + "eor w11, w11, w20, lsl 24\n\t" + "ubfx x20, x15, #24, #8\n\t" + "bfi x10, x11, #32, #32\n\t" + "lsl w12, w12, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w12, [%[te], x12, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ubfx x17, x15, #56, #8\n\t" + "eor w12, w12, w13, lsl 8\n\t" + "ubfx x13, x15, #0, #8\n\t" + "eor w12, w12, w19, lsl 16\n\t" + "ubfx x19, x14, #40, #8\n\t" + "eor w11, w12, w20, lsl 24\n\t" + "ubfx x20, x14, #16, #8\n\t" + "lsl w17, w17, #2\n\t" + "lsl w13, w13, #2\n\t" + "lsl w19, w19, #2\n\t" + "lsl w20, w20, #2\n\t" + "ldrb w17, [%[te], x17, LSL 0]\n\t" + "ldrb w13, [%[te], x13, LSL 0]\n\t" + "ldrb w19, [%[te], x19, LSL 0]\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "eor w19, w19, w17, lsl 16\n\t" + "ldp x14, x15, [x26]\n\t" + "eor w13, w13, w19, lsl 8\n\t" + "eor w13, w13, w20, lsl 16\n\t" + "bfi x11, x13, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x10, x10, x14\n\t" + "eor x11, x11, x15\n\t" + "rev32 x10, x10\n\t" + "rev32 x11, x11\n\t" + "eor x10, x10, x21\n\t" + "eor x11, x11, x22\n\t" + "stp x10, x11, [%x[out]]\n\t" + "\n" + "L_AES_XTS_encrypt_done_data_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [te] "r" (te) + : "memory", "cc", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", + "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26" + ); +} + +#ifdef HAVE_AES_DECRYPT +void AES_XTS_decrypt(const byte* in, byte* out, word32 sz, const byte* i, + byte* key, byte* key2, byte* tmp, int nr) +{ + const word32* td = L_AES_ARM64_td; + const word8* td4 = L_AES_ARM64_td4; + const word32* te = L_AES_ARM64_te; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-32]!\n\t" + "add x29, sp, #0\n\t" + "ands w11, %w[sz], #15\n\t" + "cset w11, ne\n\t" + "lsl w11, w11, #4\n\t" + "sub %w[sz], %w[sz], w11\n\t" + "mov x11, #0x87\n\t" + "mov x28, %x[key2]\n\t" + "ldp x23, x24, [%x[i]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "rev32 x23, x23\n\t" + "rev32 x24, x24\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_tweak_%=: \n\t" + "ubfx x16, x23, #48, #8\n\t" + "ubfx x20, x23, #24, #8\n\t" + "ubfx x21, x24, #8, #8\n\t" + "ubfx x22, x24, #32, #8\n\t" + "ldr x25, [%[te]]\n\t" + "ldr x25, [%[te], #64]\n\t" + "ldr x25, [%[te], #128]\n\t" + "ldr x25, [%[te], #192]\n\t" + "ldr x25, [%[te], #256]\n\t" + "ldr x25, [%[te], #320]\n\t" + "ldr x25, [%[te], #384]\n\t" + "ldr x25, [%[te], #448]\n\t" + "ldr x25, [%[te], #512]\n\t" + "ldr x25, [%[te], #576]\n\t" + "ldr x25, [%[te], #640]\n\t" + "ldr x25, [%[te], #704]\n\t" + "ldr x25, [%[te], #768]\n\t" + "ldr x25, [%[te], #832]\n\t" + "ldr x25, [%[te], #896]\n\t" + "ldr x25, [%[te], #960]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x17, x24, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x23, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x24, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x23, #0, #8\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x24, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x24, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x23, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x23, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x24, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x23, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x24, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x23, #40, #8\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w25, ror 24\n\t" + "ldp x23, x24, [x28], #16\n\t" + "eor w20, w20, w21, ror 24\n\t" + "eor w20, w20, w22, ror 8\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x23\n\t" + "eor x17, x17, x24\n\t" + "ubfx x23, x16, #48, #8\n\t" + "ubfx x26, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x17, #32, #8\n\t" + "ldr x19, [%[te]]\n\t" + "ldr x19, [%[te], #64]\n\t" + "ldr x19, [%[te], #128]\n\t" + "ldr x19, [%[te], #192]\n\t" + "ldr x19, [%[te], #256]\n\t" + "ldr x19, [%[te], #320]\n\t" + "ldr x19, [%[te], #384]\n\t" + "ldr x19, [%[te], #448]\n\t" + "ldr x19, [%[te], #512]\n\t" + "ldr x19, [%[te], #576]\n\t" + "ldr x19, [%[te], #640]\n\t" + "ldr x19, [%[te], #704]\n\t" + "ldr x19, [%[te], #768]\n\t" + "ldr x19, [%[te], #832]\n\t" + "ldr x19, [%[te], #896]\n\t" + "ldr x19, [%[te], #960]\n\t" + "ldr w23, [%[te], x23, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x24, x17, #16, #8\n\t" + "eor w23, w23, w26, ror 24\n\t" + "ubfx x26, x16, #56, #8\n\t" + "eor w23, w23, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w23, w23, w22, ror 16\n\t" + "ubfx x22, x16, #0, #8\n\t" + "ldr w24, [%[te], x24, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x17, #48, #8\n\t" + "eor w24, w24, w26, ror 24\n\t" + "ubfx x26, x17, #24, #8\n\t" + "eor w24, w24, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w24, w24, w22, ror 16\n\t" + "ubfx x22, x16, #32, #8\n\t" + "bfi x23, x24, #32, #32\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x17, #0, #8\n\t" + "eor w25, w25, w26, ror 24\n\t" + "ubfx x26, x16, #16, #8\n\t" + "eor w25, w25, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w24, w25, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w26, [%[te], x26, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w26, w26, w21, ror 24\n\t" + "eor w26, w26, w22, ror 8\n\t" + "bfi x24, x26, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_tweak_%=\n\t" + "ubfx x16, x23, #48, #8\n\t" + "ubfx x20, x23, #24, #8\n\t" + "ubfx x21, x24, #8, #8\n\t" + "ubfx x22, x24, #32, #8\n\t" + "ldr x25, [%[te]]\n\t" + "ldr x25, [%[te], #64]\n\t" + "ldr x25, [%[te], #128]\n\t" + "ldr x25, [%[te], #192]\n\t" + "ldr x25, [%[te], #256]\n\t" + "ldr x25, [%[te], #320]\n\t" + "ldr x25, [%[te], #384]\n\t" + "ldr x25, [%[te], #448]\n\t" + "ldr x25, [%[te], #512]\n\t" + "ldr x25, [%[te], #576]\n\t" + "ldr x25, [%[te], #640]\n\t" + "ldr x25, [%[te], #704]\n\t" + "ldr x25, [%[te], #768]\n\t" + "ldr x25, [%[te], #832]\n\t" + "ldr x25, [%[te], #896]\n\t" + "ldr x25, [%[te], #960]\n\t" + "ldr w16, [%[te], x16, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x17, x24, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x23, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x24, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x23, #0, #8\n\t" + "ldr w17, [%[te], x17, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x19, x24, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x24, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x23, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x23, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[te], x19, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "ubfx x25, x24, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x23, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x24, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x23, #40, #8\n\t" + "ldr w25, [%[te], x25, LSL 2]\n\t" + "ldr w21, [%[te], x21, LSL 2]\n\t" + "ldr w20, [%[te], x20, LSL 2]\n\t" + "ldr w22, [%[te], x22, LSL 2]\n\t" + "eor w21, w21, w25, ror 24\n\t" + "ldp x23, x24, [x28], #16\n\t" + "eor w20, w20, w21, ror 24\n\t" + "eor w20, w20, w22, ror 8\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x23\n\t" + "eor x17, x17, x24\n\t" + "ubfx x23, x17, #32, #8\n\t" + "ubfx x26, x17, #8, #8\n\t" + "ubfx x21, x16, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "lsl w23, w23, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldr x20, [%[te]]\n\t" + "ldr x20, [%[te], #64]\n\t" + "ldr x20, [%[te], #128]\n\t" + "ldr x20, [%[te], #192]\n\t" + "ldr x20, [%[te], #256]\n\t" + "ldr x20, [%[te], #320]\n\t" + "ldr x20, [%[te], #384]\n\t" + "ldr x20, [%[te], #448]\n\t" + "ldr x20, [%[te], #512]\n\t" + "ldr x20, [%[te], #576]\n\t" + "ldr x20, [%[te], #640]\n\t" + "ldr x20, [%[te], #704]\n\t" + "ldr x20, [%[te], #768]\n\t" + "ldr x20, [%[te], #832]\n\t" + "ldr x20, [%[te], #896]\n\t" + "ldr x20, [%[te], #960]\n\t" + "ldrb w23, [%[te], x23, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x24, x16, #0, #8\n\t" + "eor w23, w23, w26, lsl 8\n\t" + "ubfx x26, x17, #40, #8\n\t" + "eor w23, w23, w21, lsl 16\n\t" + "ubfx x21, x17, #16, #8\n\t" + "eor w23, w23, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "lsl w24, w24, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w24, [%[te], x24, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x25, x16, #32, #8\n\t" + "eor w24, w24, w26, lsl 8\n\t" + "ubfx x26, x16, #8, #8\n\t" + "eor w24, w24, w21, lsl 16\n\t" + "ubfx x21, x17, #48, #8\n\t" + "eor w24, w24, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x23, x24, #32, #32\n\t" + "lsl w25, w25, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w25, [%[te], x25, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w25, w25, w26, lsl 8\n\t" + "ubfx x26, x17, #0, #8\n\t" + "eor w25, w25, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w24, w25, w22, lsl 24\n\t" + "ubfx x22, x16, #16, #8\n\t" + "lsl w20, w20, #2\n\t" + "lsl w26, w26, #2\n\t" + "lsl w21, w21, #2\n\t" + "lsl w22, w22, #2\n\t" + "ldrb w20, [%[te], x20, LSL 0]\n\t" + "ldrb w26, [%[te], x26, LSL 0]\n\t" + "ldrb w21, [%[te], x21, LSL 0]\n\t" + "ldrb w22, [%[te], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w26, w26, w21, lsl 8\n\t" + "eor w26, w26, w22, lsl 16\n\t" + "bfi x24, x26, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x23, x23, x16\n\t" + "eor x24, x24, x17\n\t" + "rev32 x23, x23\n\t" + "rev32 x24, x24\n\t" + "cmp %w[sz], #16\n\t" + "b.lt L_AES_XTS_decrypt_start_partail_%=\n\t" + "\n" + "L_AES_XTS_decrypt_loop_block_%=: \n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[in]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "stp x12, x13, [%x[out]]\n\t" + "and x21, x11, x24, asr 63\n\t" + "extr x24, x24, x23, #63\n\t" + "eor x23, x21, x23, lsl 1\n\t" + "sub %w[sz], %w[sz], #16\n\t" + "add %x[in], %x[in], #16\n\t" + "add %x[out], %x[out], #16\n\t" + "cmp %w[sz], #16\n\t" + "b.ge L_AES_XTS_decrypt_loop_block_%=\n\t" + "cbz %w[sz], L_AES_XTS_decrypt_done_data_%=\n\t" + "\n" + "L_AES_XTS_decrypt_start_partail_%=: \n\t" + "and x21, x11, x24, asr 63\n\t" + "extr x26, x24, x23, #63\n\t" + "eor x25, x21, x23, lsl 1\n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[in]], #16\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x25\n\t" + "eor x13, x13, x26\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_partial_1_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_partial_1_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x25\n\t" + "eor x13, x13, x26\n\t" + "stp x12, x13, [%x[tmp]]\n\t" + "add %x[out], %x[out], #16\n\t" + "mov w16, %w[sz]\n\t" + "\n" + "L_AES_XTS_decrypt_start_byte_%=: \n\t" + "ldrb w21, [%x[tmp]]\n\t" + "ldrb w22, [%x[in]], #1\n\t" + "strb w21, [%x[out]], #1\n\t" + "strb w22, [%x[tmp]], #1\n\t" + "subs w16, w16, #1\n\t" + "b.gt L_AES_XTS_decrypt_start_byte_%=\n\t" + "sub %x[out], %x[out], %x[sz]\n\t" + "sub %x[tmp], %x[tmp], %x[sz]\n\t" + "sub %x[out], %x[out], #16\n\t" + "mov x28, %x[key]\n\t" + "ldp x12, x13, [%x[tmp]]\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + /* Round: 0 - XOR in key schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "sub w27, %w[nr], #2\n\t" + "\n" + "L_AES_XTS_decrypt_loop_nr_partial_2_%=: \n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x17, #48, #8\n\t" + "ubfx x15, x16, #24, #8\n\t" + "ubfx x21, x17, #8, #8\n\t" + "ubfx x22, x16, #32, #8\n\t" + "ldr x19, [%[td]]\n\t" + "ldr x19, [%[td], #64]\n\t" + "ldr x19, [%[td], #128]\n\t" + "ldr x19, [%[td], #192]\n\t" + "ldr x19, [%[td], #256]\n\t" + "ldr x19, [%[td], #320]\n\t" + "ldr x19, [%[td], #384]\n\t" + "ldr x19, [%[td], #448]\n\t" + "ldr x19, [%[td], #512]\n\t" + "ldr x19, [%[td], #576]\n\t" + "ldr x19, [%[td], #640]\n\t" + "ldr x19, [%[td], #704]\n\t" + "ldr x19, [%[td], #768]\n\t" + "ldr x19, [%[td], #832]\n\t" + "ldr x19, [%[td], #896]\n\t" + "ldr x19, [%[td], #960]\n\t" + "ldr w12, [%[td], x12, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x13, x16, #16, #8\n\t" + "eor w12, w12, w15, ror 24\n\t" + "ubfx x15, x16, #56, #8\n\t" + "eor w12, w12, w21, ror 8\n\t" + "ubfx x21, x17, #40, #8\n\t" + "eor w12, w12, w22, ror 16\n\t" + "ubfx x22, x17, #0, #8\n\t" + "ldr w13, [%[td], x13, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x16, #48, #8\n\t" + "eor w13, w13, w15, ror 24\n\t" + "ubfx x15, x17, #24, #8\n\t" + "eor w13, w13, w21, ror 8\n\t" + "ubfx x21, x16, #8, #8\n\t" + "eor w13, w13, w22, ror 16\n\t" + "ubfx x22, x17, #32, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x16, #0, #8\n\t" + "eor w14, w14, w15, ror 24\n\t" + "ubfx x15, x17, #16, #8\n\t" + "eor w14, w14, w21, ror 8\n\t" + "ubfx x21, x17, #56, #8\n\t" + "eor w13, w14, w22, ror 16\n\t" + "ubfx x22, x16, #40, #8\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w15, [%[td], x15, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w19, ror 24\n\t" + "ldp x16, x17, [x28], #16\n\t" + "eor w15, w15, w22, ror 8\n\t" + "eor w15, w15, w21, ror 24\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "subs w27, w27, #2\n\t" + "b.ne L_AES_XTS_decrypt_loop_nr_partial_2_%=\n\t" + "ubfx x16, x13, #48, #8\n\t" + "ubfx x20, x12, #24, #8\n\t" + "ubfx x21, x13, #8, #8\n\t" + "ubfx x22, x12, #32, #8\n\t" + "ldr x14, [%[td]]\n\t" + "ldr x14, [%[td], #64]\n\t" + "ldr x14, [%[td], #128]\n\t" + "ldr x14, [%[td], #192]\n\t" + "ldr x14, [%[td], #256]\n\t" + "ldr x14, [%[td], #320]\n\t" + "ldr x14, [%[td], #384]\n\t" + "ldr x14, [%[td], #448]\n\t" + "ldr x14, [%[td], #512]\n\t" + "ldr x14, [%[td], #576]\n\t" + "ldr x14, [%[td], #640]\n\t" + "ldr x14, [%[td], #704]\n\t" + "ldr x14, [%[td], #768]\n\t" + "ldr x14, [%[td], #832]\n\t" + "ldr x14, [%[td], #896]\n\t" + "ldr x14, [%[td], #960]\n\t" + "ldr w16, [%[td], x16, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x17, x12, #16, #8\n\t" + "eor w16, w16, w20, ror 24\n\t" + "ubfx x20, x12, #56, #8\n\t" + "eor w16, w16, w21, ror 8\n\t" + "ubfx x21, x13, #40, #8\n\t" + "eor w16, w16, w22, ror 16\n\t" + "ubfx x22, x13, #0, #8\n\t" + "ldr w17, [%[td], x17, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x19, x12, #48, #8\n\t" + "eor w17, w17, w20, ror 24\n\t" + "ubfx x20, x13, #24, #8\n\t" + "eor w17, w17, w21, ror 8\n\t" + "ubfx x21, x12, #8, #8\n\t" + "eor w17, w17, w22, ror 16\n\t" + "ubfx x22, x13, #32, #8\n\t" + "bfi x16, x17, #32, #32\n\t" + "ldr w19, [%[td], x19, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "ubfx x14, x12, #0, #8\n\t" + "eor w19, w19, w20, ror 24\n\t" + "ubfx x20, x13, #16, #8\n\t" + "eor w19, w19, w21, ror 8\n\t" + "ubfx x21, x13, #56, #8\n\t" + "eor w17, w19, w22, ror 16\n\t" + "ubfx x22, x12, #40, #8\n\t" + "ldr w14, [%[td], x14, LSL 2]\n\t" + "ldr w21, [%[td], x21, LSL 2]\n\t" + "ldr w20, [%[td], x20, LSL 2]\n\t" + "ldr w22, [%[td], x22, LSL 2]\n\t" + "eor w21, w21, w14, ror 24\n\t" + "ldp x12, x13, [x28], #16\n\t" + "eor w20, w20, w22, ror 8\n\t" + "eor w20, w20, w21, ror 24\n\t" + "bfi x17, x20, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x16, x16, x12\n\t" + "eor x17, x17, x13\n\t" + "ubfx x12, x16, #32, #8\n\t" + "ubfx x15, x17, #8, #8\n\t" + "ubfx x21, x17, #48, #8\n\t" + "ubfx x22, x16, #24, #8\n\t" + "ldr x20, [%[td4]]\n\t" + "ldr x20, [%[td4], #64]\n\t" + "ldr x20, [%[td4], #128]\n\t" + "ldr x20, [%[td4], #192]\n\t" + "ldrb w12, [%[td4], x12, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ubfx x13, x17, #0, #8\n\t" + "eor w12, w12, w15, lsl 8\n\t" + "ubfx x15, x17, #40, #8\n\t" + "eor w12, w12, w21, lsl 16\n\t" + "ubfx x21, x16, #16, #8\n\t" + "eor w12, w12, w22, lsl 24\n\t" + "ubfx x22, x16, #56, #8\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w13, [%[td4], x13, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x14, x17, #32, #8\n\t" + "eor w13, w13, w15, lsl 8\n\t" + "ubfx x15, x16, #8, #8\n\t" + "eor w13, w13, w21, lsl 16\n\t" + "ubfx x21, x16, #48, #8\n\t" + "eor w13, w13, w22, lsl 24\n\t" + "ubfx x22, x17, #24, #8\n\t" + "bfi x12, x13, #32, #32\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "ldrb w14, [%[td4], x14, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ubfx x20, x17, #56, #8\n\t" + "eor w14, w14, w15, lsl 8\n\t" + "ubfx x15, x16, #0, #8\n\t" + "eor w14, w14, w21, lsl 16\n\t" + "ubfx x21, x16, #40, #8\n\t" + "eor w13, w14, w22, lsl 24\n\t" + "ubfx x22, x17, #16, #8\n\t" + "ldrb w20, [%[td4], x20, LSL 0]\n\t" + "ldrb w21, [%[td4], x21, LSL 0]\n\t" + "ldrb w15, [%[td4], x15, LSL 0]\n\t" + "ldrb w22, [%[td4], x22, LSL 0]\n\t" + "eor w21, w21, w20, lsl 16\n\t" + "ldp x16, x17, [x28]\n\t" + "eor w15, w15, w21, lsl 8\n\t" + "eor w15, w15, w22, lsl 16\n\t" + "bfi x13, x15, #32, #32\n\t" + /* XOR in Key Schedule */ + "eor x12, x12, x16\n\t" + "eor x13, x13, x17\n\t" + "rev32 x12, x12\n\t" + "rev32 x13, x13\n\t" + "eor x12, x12, x23\n\t" + "eor x13, x13, x24\n\t" + "stp x12, x13, [%x[out]]\n\t" + "\n" + "L_AES_XTS_decrypt_done_data_%=: \n\t" + "ldp x29, x30, [sp], #32\n\t" + : [out] "+r" (out), [sz] "+r" (sz), [key] "+r" (key), + [key2] "+r" (key2), [tmp] "+r" (tmp), [nr] "+r" (nr) + : [in] "r" (in), [i] "r" (i), [td] "r" (td), [td4] "r" (td4), + [te] "r" (te) + : "memory", "cc", "x11", "x12", "x13", "x14", "x15", "x16", "x17", + "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", + "x28" + ); +} + +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_XTS */ +#endif /* !WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP */ #endif /* !defined(NO_AES) && defined(WOLFSSL_ARMASM) */ #endif /* __aarch64__ */ #endif /* WOLFSSL_ARMASM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,14 +95,14 @@ add x5, x5, :lo12:L_chacha20_arm64_rol8 #else adrp x5, L_chacha20_arm64_rol8@PAGE - add x5, x5, :lo12:L_chacha20_arm64_rol8@PAGEOFF + add x5, x5, L_chacha20_arm64_rol8@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x6, L_chacha20_arm64_ctr add x6, x6, :lo12:L_chacha20_arm64_ctr #else adrp x6, L_chacha20_arm64_ctr@PAGE - add x6, x6, :lo12:L_chacha20_arm64_ctr@PAGEOFF + add x6, x6, L_chacha20_arm64_ctr@PAGEOFF #endif /* __APPLE__ */ eor v29.16b, v29.16b, v29.16b mov x26, #5 @@ -493,321 +493,233 @@ L_chacha_crypt_bytes_arm64_lt_320: cmp x3, #0x100 blt L_chacha_crypt_bytes_arm64_lt_256 - # Move state into regular register - mov x8, v16.d[0] - mov x10, v16.d[1] - mov x12, v17.d[0] - mov x14, v17.d[1] - mov x16, v18.d[0] - mov x19, v18.d[1] - mov x21, v19.d[0] - mov x23, v19.d[1] # Move state into vector registers - mov v0.16b, v16.16b - mov v1.16b, v17.16b - lsr x9, x8, #32 - mov v2.16b, v18.16b - add w5, w21, #1 - mov v3.16b, v19.16b - lsr x11, x10, #32 - mov v4.16b, v16.16b - mov v5.16b, v17.16b - lsr x13, x12, #32 - mov v6.16b, v18.16b - add w6, w21, #2 - mov v7.16b, v19.16b - lsr x15, x14, #32 - mov v8.16b, v16.16b - mov v9.16b, v17.16b - lsr x17, x16, #32 - mov v10.16b, v18.16b - add w21, w21, #3 - mov v11.16b, v19.16b - lsr x20, x19, #32 - mov v7.s[0], w5 - lsr x22, x21, #32 - mov v11.s[0], w6 - lsr x24, x23, #32 - add w7, w21, #1 + dup v0.4s, v16.s[0] + dup v1.4s, v16.s[1] + dup v2.4s, v16.s[2] + dup v3.4s, v16.s[3] + dup v4.4s, v17.s[0] + dup v5.4s, v17.s[1] + dup v6.4s, v17.s[2] + dup v7.4s, v17.s[3] + dup v8.4s, v18.s[0] + dup v9.4s, v18.s[1] + dup v10.4s, v18.s[2] + dup v11.4s, v18.s[3] + dup v12.4s, v19.s[0] + dup v13.4s, v19.s[1] + dup v14.4s, v19.s[2] + dup v15.4s, v19.s[3] + # Add to counter word + add v12.4s, v12.4s, v28.4s # Set number of odd+even rounds to perform mov x26, #10 L_chacha_crypt_bytes_arm64_round_start_256: subs x26, x26, #1 # Round odd # a += b; d ^= a; d <<<= 16; - add v0.4s, v0.4s, v1.4s - add w8, w8, w12 - add v4.4s, v4.4s, v5.4s - add w9, w9, w13 - add v8.4s, v8.4s, v9.4s - add w10, w10, w14 - eor v3.16b, v3.16b, v0.16b - add w11, w11, w15 - eor v7.16b, v7.16b, v4.16b - eor w21, w21, w8 - eor v11.16b, v11.16b, v8.16b - eor w22, w22, w9 - rev32 v3.8h, v3.8h - eor w23, w23, w10 - rev32 v7.8h, v7.8h - eor w24, w24, w11 - rev32 v11.8h, v11.8h - ror w21, w21, #16 + add v0.4s, v0.4s, v4.4s + add v1.4s, v1.4s, v5.4s + add v2.4s, v2.4s, v6.4s + add v3.4s, v3.4s, v7.4s + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + rev32 v12.8h, v12.8h + rev32 v13.8h, v13.8h + rev32 v14.8h, v14.8h + rev32 v15.8h, v15.8h # c += d; b ^= c; b <<<= 12; - add v2.4s, v2.4s, v3.4s - ror w22, w22, #16 - add v6.4s, v6.4s, v7.4s - ror w23, w23, #16 - add v10.4s, v10.4s, v11.4s - ror w24, w24, #16 - eor v20.16b, v1.16b, v2.16b - add w16, w16, w21 - eor v21.16b, v5.16b, v6.16b - add w17, w17, w22 - eor v22.16b, v9.16b, v10.16b - add w19, w19, w23 - shl v1.4s, v20.4s, #12 - add w20, w20, w24 + add v8.4s, v8.4s, v12.4s + add v9.4s, v9.4s, v13.4s + add v10.4s, v10.4s, v14.4s + add v11.4s, v11.4s, v15.4s + eor v20.16b, v4.16b, v8.16b + eor v21.16b, v5.16b, v9.16b + eor v22.16b, v6.16b, v10.16b + eor v23.16b, v7.16b, v11.16b + shl v4.4s, v20.4s, #12 shl v5.4s, v21.4s, #12 - eor w12, w12, w16 - shl v9.4s, v22.4s, #12 - eor w13, w13, w17 - sri v1.4s, v20.4s, #20 - eor w14, w14, w19 + shl v6.4s, v22.4s, #12 + shl v7.4s, v23.4s, #12 + sri v4.4s, v20.4s, #20 sri v5.4s, v21.4s, #20 - eor w15, w15, w20 - sri v9.4s, v22.4s, #20 - ror w12, w12, #20 + sri v6.4s, v22.4s, #20 + sri v7.4s, v23.4s, #20 # a += b; d ^= a; d <<<= 8; - add v0.4s, v0.4s, v1.4s - ror w13, w13, #20 - add v4.4s, v4.4s, v5.4s - ror w14, w14, #20 - add v8.4s, v8.4s, v9.4s - ror w15, w15, #20 - eor v3.16b, v3.16b, v0.16b - add w8, w8, w12 - eor v7.16b, v7.16b, v4.16b - add w9, w9, w13 - eor v11.16b, v11.16b, v8.16b - add w10, w10, w14 - tbl v3.16b, {v3.16b}, v30.16b - add w11, w11, w15 - tbl v7.16b, {v7.16b}, v30.16b - eor w21, w21, w8 - tbl v11.16b, {v11.16b}, v30.16b - eor w22, w22, w9 + add v0.4s, v0.4s, v4.4s + add v1.4s, v1.4s, v5.4s + add v2.4s, v2.4s, v6.4s + add v3.4s, v3.4s, v7.4s + eor v12.16b, v12.16b, v0.16b + eor v13.16b, v13.16b, v1.16b + eor v14.16b, v14.16b, v2.16b + eor v15.16b, v15.16b, v3.16b + tbl v12.16b, {v12.16b}, v30.16b + tbl v13.16b, {v13.16b}, v30.16b + tbl v14.16b, {v14.16b}, v30.16b + tbl v15.16b, {v15.16b}, v30.16b # c += d; b ^= c; b <<<= 7; - add v2.4s, v2.4s, v3.4s - eor w23, w23, w10 - add v6.4s, v6.4s, v7.4s - eor w24, w24, w11 - add v10.4s, v10.4s, v11.4s - ror w21, w21, #24 - eor v20.16b, v1.16b, v2.16b - ror w22, w22, #24 - eor v21.16b, v5.16b, v6.16b - ror w23, w23, #24 - eor v22.16b, v9.16b, v10.16b - ror w24, w24, #24 - shl v1.4s, v20.4s, #7 - add w16, w16, w21 + add v8.4s, v8.4s, v12.4s + add v9.4s, v9.4s, v13.4s + add v10.4s, v10.4s, v14.4s + add v11.4s, v11.4s, v15.4s + eor v20.16b, v4.16b, v8.16b + eor v21.16b, v5.16b, v9.16b + eor v22.16b, v6.16b, v10.16b + eor v23.16b, v7.16b, v11.16b + shl v4.4s, v20.4s, #7 shl v5.4s, v21.4s, #7 - add w17, w17, w22 - shl v9.4s, v22.4s, #7 - add w19, w19, w23 - sri v1.4s, v20.4s, #25 - add w20, w20, w24 + shl v6.4s, v22.4s, #7 + shl v7.4s, v23.4s, #7 + sri v4.4s, v20.4s, #25 sri v5.4s, v21.4s, #25 - eor w12, w12, w16 - sri v9.4s, v22.4s, #25 - eor w13, w13, w17 - ext v3.16b, v3.16b, v3.16b, #12 - eor w14, w14, w19 - ext v7.16b, v7.16b, v7.16b, #12 - eor w15, w15, w20 - ext v11.16b, v11.16b, v11.16b, #12 - ror w12, w12, #25 - ext v1.16b, v1.16b, v1.16b, #4 - ror w13, w13, #25 - ext v5.16b, v5.16b, v5.16b, #4 - ror w14, w14, #25 - ext v9.16b, v9.16b, v9.16b, #4 - ror w15, w15, #25 - ext v2.16b, v2.16b, v2.16b, #8 - ext v6.16b, v6.16b, v6.16b, #8 - ext v10.16b, v10.16b, v10.16b, #8 + sri v6.4s, v22.4s, #25 + sri v7.4s, v23.4s, #25 # Round even # a += b; d ^= a; d <<<= 16; - add v0.4s, v0.4s, v1.4s - add w8, w8, w13 - add v4.4s, v4.4s, v5.4s - add w9, w9, w14 - add v8.4s, v8.4s, v9.4s - add w10, w10, w15 - eor v3.16b, v3.16b, v0.16b - add w11, w11, w12 - eor v7.16b, v7.16b, v4.16b - eor w24, w24, w8 - eor v11.16b, v11.16b, v8.16b - eor w21, w21, w9 - rev32 v3.8h, v3.8h - eor w22, w22, w10 - rev32 v7.8h, v7.8h - eor w23, w23, w11 - rev32 v11.8h, v11.8h - ror w24, w24, #16 + add v0.4s, v0.4s, v5.4s + add v1.4s, v1.4s, v6.4s + add v2.4s, v2.4s, v7.4s + add v3.4s, v3.4s, v4.4s + eor v15.16b, v15.16b, v0.16b + eor v12.16b, v12.16b, v1.16b + eor v13.16b, v13.16b, v2.16b + eor v14.16b, v14.16b, v3.16b + rev32 v15.8h, v15.8h + rev32 v12.8h, v12.8h + rev32 v13.8h, v13.8h + rev32 v14.8h, v14.8h # c += d; b ^= c; b <<<= 12; - add v2.4s, v2.4s, v3.4s - ror w21, w21, #16 - add v6.4s, v6.4s, v7.4s - ror w22, w22, #16 - add v10.4s, v10.4s, v11.4s - ror w23, w23, #16 - eor v20.16b, v1.16b, v2.16b - add w19, w19, w24 - eor v21.16b, v5.16b, v6.16b - add w20, w20, w21 - eor v22.16b, v9.16b, v10.16b - add w16, w16, w22 - shl v1.4s, v20.4s, #12 - add w17, w17, w23 - shl v5.4s, v21.4s, #12 - eor w13, w13, w19 - shl v9.4s, v22.4s, #12 - eor w14, w14, w20 - sri v1.4s, v20.4s, #20 - eor w15, w15, w16 - sri v5.4s, v21.4s, #20 - eor w12, w12, w17 - sri v9.4s, v22.4s, #20 - ror w13, w13, #20 + add v10.4s, v10.4s, v15.4s + add v11.4s, v11.4s, v12.4s + add v8.4s, v8.4s, v13.4s + add v9.4s, v9.4s, v14.4s + eor v20.16b, v5.16b, v10.16b + eor v21.16b, v6.16b, v11.16b + eor v22.16b, v7.16b, v8.16b + eor v23.16b, v4.16b, v9.16b + shl v5.4s, v20.4s, #12 + shl v6.4s, v21.4s, #12 + shl v7.4s, v22.4s, #12 + shl v4.4s, v23.4s, #12 + sri v5.4s, v20.4s, #20 + sri v6.4s, v21.4s, #20 + sri v7.4s, v22.4s, #20 + sri v4.4s, v23.4s, #20 # a += b; d ^= a; d <<<= 8; - add v0.4s, v0.4s, v1.4s - ror w14, w14, #20 - add v4.4s, v4.4s, v5.4s - ror w15, w15, #20 - add v8.4s, v8.4s, v9.4s - ror w12, w12, #20 - eor v3.16b, v3.16b, v0.16b - add w8, w8, w13 - eor v7.16b, v7.16b, v4.16b - add w9, w9, w14 - eor v11.16b, v11.16b, v8.16b - add w10, w10, w15 - tbl v3.16b, {v3.16b}, v30.16b - add w11, w11, w12 - tbl v7.16b, {v7.16b}, v30.16b - eor w24, w24, w8 - tbl v11.16b, {v11.16b}, v30.16b - eor w21, w21, w9 + add v0.4s, v0.4s, v5.4s + add v1.4s, v1.4s, v6.4s + add v2.4s, v2.4s, v7.4s + add v3.4s, v3.4s, v4.4s + eor v15.16b, v15.16b, v0.16b + eor v12.16b, v12.16b, v1.16b + eor v13.16b, v13.16b, v2.16b + eor v14.16b, v14.16b, v3.16b + tbl v15.16b, {v15.16b}, v30.16b + tbl v12.16b, {v12.16b}, v30.16b + tbl v13.16b, {v13.16b}, v30.16b + tbl v14.16b, {v14.16b}, v30.16b # c += d; b ^= c; b <<<= 7; - add v2.4s, v2.4s, v3.4s - eor w22, w22, w10 - add v6.4s, v6.4s, v7.4s - eor w23, w23, w11 - add v10.4s, v10.4s, v11.4s - ror w24, w24, #24 - eor v20.16b, v1.16b, v2.16b - ror w21, w21, #24 - eor v21.16b, v5.16b, v6.16b - ror w22, w22, #24 - eor v22.16b, v9.16b, v10.16b - ror w23, w23, #24 - shl v1.4s, v20.4s, #7 - add w19, w19, w24 - shl v5.4s, v21.4s, #7 - add w20, w20, w21 - shl v9.4s, v22.4s, #7 - add w16, w16, w22 - sri v1.4s, v20.4s, #25 - add w17, w17, w23 - sri v5.4s, v21.4s, #25 - eor w13, w13, w19 - sri v9.4s, v22.4s, #25 - eor w14, w14, w20 - ext v3.16b, v3.16b, v3.16b, #4 - eor w15, w15, w16 - ext v7.16b, v7.16b, v7.16b, #4 - eor w12, w12, w17 - ext v11.16b, v11.16b, v11.16b, #4 - ror w13, w13, #25 - ext v1.16b, v1.16b, v1.16b, #12 - ror w14, w14, #25 - ext v5.16b, v5.16b, v5.16b, #12 - ror w15, w15, #25 - ext v9.16b, v9.16b, v9.16b, #12 - ror w12, w12, #25 - ext v2.16b, v2.16b, v2.16b, #8 - ext v6.16b, v6.16b, v6.16b, #8 - ext v10.16b, v10.16b, v10.16b, #8 + add v10.4s, v10.4s, v15.4s + add v11.4s, v11.4s, v12.4s + add v8.4s, v8.4s, v13.4s + add v9.4s, v9.4s, v14.4s + eor v20.16b, v5.16b, v10.16b + eor v21.16b, v6.16b, v11.16b + eor v22.16b, v7.16b, v8.16b + eor v23.16b, v4.16b, v9.16b + shl v5.4s, v20.4s, #7 + shl v6.4s, v21.4s, #7 + shl v7.4s, v22.4s, #7 + shl v4.4s, v23.4s, #7 + sri v5.4s, v20.4s, #25 + sri v6.4s, v21.4s, #25 + sri v7.4s, v22.4s, #25 + sri v4.4s, v23.4s, #25 bne L_chacha_crypt_bytes_arm64_round_start_256 + mov x26, #4 + # Add counter now rather than after transposed + add v12.4s, v12.4s, v28.4s # Load message - ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x2], #0x40 - # Add one (2 added during calculating vector results) - add w21, w21, #1 - # Add back state, XOR msg, store (load next block) - add v0.4s, v0.4s, v16.4s - add v1.4s, v1.4s, v17.4s - add v2.4s, v2.4s, v18.4s - add v3.4s, v3.4s, v19.4s - eor v0.16b, v0.16b, v20.16b - eor v1.16b, v1.16b, v21.16b - eor v2.16b, v2.16b, v22.16b - eor v3.16b, v3.16b, v23.16b - ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x2], #0x40 - st1 {v0.4s, v1.4s, v2.4s, v3.4s}, [x1], #0x40 - mov v19.s[0], w5 - add v4.4s, v4.4s, v16.4s - add v5.4s, v5.4s, v17.4s - add v6.4s, v6.4s, v18.4s - add v7.4s, v7.4s, v19.4s - eor v4.16b, v4.16b, v20.16b - eor v5.16b, v5.16b, v21.16b - eor v6.16b, v6.16b, v22.16b - eor v7.16b, v7.16b, v23.16b - ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x2], #0x40 - st1 {v4.4s, v5.4s, v6.4s, v7.4s}, [x1], #0x40 - mov v19.s[0], w6 - add v8.4s, v8.4s, v16.4s - add v9.4s, v9.4s, v17.4s - add v10.4s, v10.4s, v18.4s - add v11.4s, v11.4s, v19.4s - eor v8.16b, v8.16b, v20.16b - eor v9.16b, v9.16b, v21.16b - eor v10.16b, v10.16b, v22.16b - eor v11.16b, v11.16b, v23.16b - ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x2], #0x40 - st1 {v8.4s, v9.4s, v10.4s, v11.4s}, [x1], #0x40 - # Move regular registers into vector registers for adding and xor - orr x8, x8, x9, lsl 32 - orr x10, x10, x11, lsl 32 - orr x12, x12, x13, lsl 32 - mov v0.d[0], x8 - orr x14, x14, x15, lsl 32 - mov v0.d[1], x10 - orr x16, x16, x17, lsl 32 - mov v1.d[0], x12 - orr x19, x19, x20, lsl 32 - mov v1.d[1], x14 - orr x21, x21, x22, lsl 32 - mov v2.d[0], x16 - orr x23, x23, x24, lsl 32 - mov v2.d[1], x19 - mov v3.d[0], x21 - mov v3.d[1], x23 - # Add back state, XOR in message and store - add v0.4s, v0.4s, v16.4s - add v1.4s, v1.4s, v17.4s - add v2.4s, v2.4s, v18.4s - add v3.4s, v3.4s, v19.4s - eor v0.16b, v0.16b, v20.16b - eor v1.16b, v1.16b, v21.16b - eor v2.16b, v2.16b, v22.16b - eor v3.16b, v3.16b, v23.16b - st1 {v0.4s, v1.4s, v2.4s, v3.4s}, [x1], #0x40 - mov v19.d[0], x7 + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x2], #0x40 + # Transpose vectors + trn1 v20.4s, v0.4s, v1.4s + trn1 v22.4s, v2.4s, v3.4s + trn2 v21.4s, v0.4s, v1.4s + trn2 v23.4s, v2.4s, v3.4s + trn1 v0.2d, v20.2d, v22.2d + trn1 v1.2d, v21.2d, v23.2d + trn2 v2.2d, v20.2d, v22.2d + trn2 v3.2d, v21.2d, v23.2d + trn1 v20.4s, v4.4s, v5.4s + trn1 v22.4s, v6.4s, v7.4s + trn2 v21.4s, v4.4s, v5.4s + trn2 v23.4s, v6.4s, v7.4s + trn1 v4.2d, v20.2d, v22.2d + trn1 v5.2d, v21.2d, v23.2d + trn2 v6.2d, v20.2d, v22.2d + trn2 v7.2d, v21.2d, v23.2d + trn1 v20.4s, v8.4s, v9.4s + trn1 v22.4s, v10.4s, v11.4s + trn2 v21.4s, v8.4s, v9.4s + trn2 v23.4s, v10.4s, v11.4s + trn1 v8.2d, v20.2d, v22.2d + trn1 v9.2d, v21.2d, v23.2d + trn2 v10.2d, v20.2d, v22.2d + trn2 v11.2d, v21.2d, v23.2d + trn1 v20.4s, v12.4s, v13.4s + trn1 v22.4s, v14.4s, v15.4s + trn2 v21.4s, v12.4s, v13.4s + trn2 v23.4s, v14.4s, v15.4s + trn1 v12.2d, v20.2d, v22.2d + trn1 v13.2d, v21.2d, v23.2d + trn2 v14.2d, v20.2d, v22.2d + trn2 v15.2d, v21.2d, v23.2d + # Add back state, XOR in message and store (load next block) + add v20.4s, v0.4s, v16.4s + add v21.4s, v4.4s, v17.4s + add v22.4s, v8.4s, v18.4s + add v23.4s, v12.4s, v19.4s + eor v20.16b, v20.16b, v24.16b + eor v21.16b, v21.16b, v25.16b + eor v22.16b, v22.16b, v26.16b + eor v23.16b, v23.16b, v27.16b + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x2], #0x40 + st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x1], #0x40 + add v20.4s, v1.4s, v16.4s + add v21.4s, v5.4s, v17.4s + add v22.4s, v9.4s, v18.4s + add v23.4s, v13.4s, v19.4s + eor v20.16b, v20.16b, v24.16b + eor v21.16b, v21.16b, v25.16b + eor v22.16b, v22.16b, v26.16b + eor v23.16b, v23.16b, v27.16b + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x2], #0x40 + st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x1], #0x40 + add v20.4s, v2.4s, v16.4s + add v21.4s, v6.4s, v17.4s + add v22.4s, v10.4s, v18.4s + add v23.4s, v14.4s, v19.4s + eor v20.16b, v20.16b, v24.16b + eor v21.16b, v21.16b, v25.16b + eor v22.16b, v22.16b, v26.16b + eor v23.16b, v23.16b, v27.16b + ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [x2], #0x40 + st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x1], #0x40 + add v20.4s, v3.4s, v16.4s + add v21.4s, v7.4s, v17.4s + add v22.4s, v11.4s, v18.4s + add v23.4s, v15.4s, v19.4s + eor v20.16b, v20.16b, v24.16b + eor v21.16b, v21.16b, v25.16b + eor v22.16b, v22.16b, v26.16b + eor v23.16b, v23.16b, v27.16b + st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [x1], #0x40 + mov v29.s[0], w26 sub x3, x3, #0x100 + add v19.4s, v19.4s, v29.4s # Done 256-byte block L_chacha_crypt_bytes_arm64_lt_256: cmp x3, #0x80 @@ -1049,14 +961,14 @@ beq L_chacha_crypt_bytes_arm64_done L_chacha_crypt_bytes_arm64_lt_8: mov x5, v0.d[0] -L_chacha_crypt_bytes_arm64loop_lt_8: +L_chacha_crypt_bytes_arm64_loop_lt_8: # Encipher 1 byte at a time ldrb w6, [x2], #1 eor w6, w6, w5 strb w6, [x1], #1 subs x3, x3, #1 lsr x5, x5, #8 - bgt L_chacha_crypt_bytes_arm64loop_lt_8 + bgt L_chacha_crypt_bytes_arm64_loop_lt_8 L_chacha_crypt_bytes_arm64_done: L_chacha_crypt_bytes_arm64_done_all: st1 {v16.4s, v17.4s, v18.4s, v19.4s}, [x0] @@ -1134,7 +1046,7 @@ add x3, x3, :lo12:L_chacha_setkey_arm64_constant #else adrp x3, L_chacha_setkey_arm64_constant@PAGE - add x3, x3, :lo12:L_chacha_setkey_arm64_constant@PAGEOFF + add x3, x3, L_chacha_setkey_arm64_constant@PAGEOFF #endif /* __APPLE__ */ subs x2, x2, #16 add x3, x3, x2 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-chacha-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -439,42 +439,25 @@ "L_chacha_crypt_bytes_arm64_lt_320_%=: \n\t" "cmp %w[len], #0x100\n\t" "b.lt L_chacha_crypt_bytes_arm64_lt_256_%=\n\t" - /* Move state into regular register */ - "mov x8, v16.d[0]\n\t" - "mov x10, v16.d[1]\n\t" - "mov x12, v17.d[0]\n\t" - "mov x14, v17.d[1]\n\t" - "mov x16, v18.d[0]\n\t" - "mov x19, v18.d[1]\n\t" - "mov x21, v19.d[0]\n\t" - "mov x23, v19.d[1]\n\t" /* Move state into vector registers */ - "mov v0.16b, v16.16b\n\t" - "mov v1.16b, v17.16b\n\t" - "lsr x9, x8, #32\n\t" - "mov v2.16b, v18.16b\n\t" - "add %w[rol8], w21, #1\n\t" - "mov v3.16b, v19.16b\n\t" - "lsr x11, x10, #32\n\t" - "mov v4.16b, v16.16b\n\t" - "mov v5.16b, v17.16b\n\t" - "lsr x13, x12, #32\n\t" - "mov v6.16b, v18.16b\n\t" - "add %w[ctr], w21, #2\n\t" - "mov v7.16b, v19.16b\n\t" - "lsr x15, x14, #32\n\t" - "mov v8.16b, v16.16b\n\t" - "mov v9.16b, v17.16b\n\t" - "lsr x17, x16, #32\n\t" - "mov v10.16b, v18.16b\n\t" - "add w21, w21, #3\n\t" - "mov v11.16b, v19.16b\n\t" - "lsr x20, x19, #32\n\t" - "mov v7.s[0], %w[rol8]\n\t" - "lsr x22, x21, #32\n\t" - "mov v11.s[0], %w[ctr]\n\t" - "lsr x24, x23, #32\n\t" - "add w7, w21, #1\n\t" + "dup v0.4s, v16.s[0]\n\t" + "dup v1.4s, v16.s[1]\n\t" + "dup v2.4s, v16.s[2]\n\t" + "dup v3.4s, v16.s[3]\n\t" + "dup v4.4s, v17.s[0]\n\t" + "dup v5.4s, v17.s[1]\n\t" + "dup v6.4s, v17.s[2]\n\t" + "dup v7.4s, v17.s[3]\n\t" + "dup v8.4s, v18.s[0]\n\t" + "dup v9.4s, v18.s[1]\n\t" + "dup v10.4s, v18.s[2]\n\t" + "dup v11.4s, v18.s[3]\n\t" + "dup v12.4s, v19.s[0]\n\t" + "dup v13.4s, v19.s[1]\n\t" + "dup v14.4s, v19.s[2]\n\t" + "dup v15.4s, v19.s[3]\n\t" + /* Add to counter word */ + "add v12.4s, v12.4s, v28.4s\n\t" /* Set number of odd+even rounds to perform */ "mov x26, #10\n\t" "\n" @@ -482,279 +465,208 @@ "subs x26, x26, #1\n\t" /* Round odd */ /* a += b; d ^= a; d <<<= 16; */ - "add v0.4s, v0.4s, v1.4s\n\t" - "add w8, w8, w12\n\t" - "add v4.4s, v4.4s, v5.4s\n\t" - "add w9, w9, w13\n\t" - "add v8.4s, v8.4s, v9.4s\n\t" - "add w10, w10, w14\n\t" - "eor v3.16b, v3.16b, v0.16b\n\t" - "add w11, w11, w15\n\t" - "eor v7.16b, v7.16b, v4.16b\n\t" - "eor w21, w21, w8\n\t" - "eor v11.16b, v11.16b, v8.16b\n\t" - "eor w22, w22, w9\n\t" - "rev32 v3.8h, v3.8h\n\t" - "eor w23, w23, w10\n\t" - "rev32 v7.8h, v7.8h\n\t" - "eor w24, w24, w11\n\t" - "rev32 v11.8h, v11.8h\n\t" - "ror w21, w21, #16\n\t" + "add v0.4s, v0.4s, v4.4s\n\t" + "add v1.4s, v1.4s, v5.4s\n\t" + "add v2.4s, v2.4s, v6.4s\n\t" + "add v3.4s, v3.4s, v7.4s\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "rev32 v12.8h, v12.8h\n\t" + "rev32 v13.8h, v13.8h\n\t" + "rev32 v14.8h, v14.8h\n\t" + "rev32 v15.8h, v15.8h\n\t" /* c += d; b ^= c; b <<<= 12; */ - "add v2.4s, v2.4s, v3.4s\n\t" - "ror w22, w22, #16\n\t" - "add v6.4s, v6.4s, v7.4s\n\t" - "ror w23, w23, #16\n\t" - "add v10.4s, v10.4s, v11.4s\n\t" - "ror w24, w24, #16\n\t" - "eor v20.16b, v1.16b, v2.16b\n\t" - "add w16, w16, w21\n\t" - "eor v21.16b, v5.16b, v6.16b\n\t" - "add w17, w17, w22\n\t" - "eor v22.16b, v9.16b, v10.16b\n\t" - "add w19, w19, w23\n\t" - "shl v1.4s, v20.4s, #12\n\t" - "add w20, w20, w24\n\t" + "add v8.4s, v8.4s, v12.4s\n\t" + "add v9.4s, v9.4s, v13.4s\n\t" + "add v10.4s, v10.4s, v14.4s\n\t" + "add v11.4s, v11.4s, v15.4s\n\t" + "eor v20.16b, v4.16b, v8.16b\n\t" + "eor v21.16b, v5.16b, v9.16b\n\t" + "eor v22.16b, v6.16b, v10.16b\n\t" + "eor v23.16b, v7.16b, v11.16b\n\t" + "shl v4.4s, v20.4s, #12\n\t" "shl v5.4s, v21.4s, #12\n\t" - "eor w12, w12, w16\n\t" - "shl v9.4s, v22.4s, #12\n\t" - "eor w13, w13, w17\n\t" - "sri v1.4s, v20.4s, #20\n\t" - "eor w14, w14, w19\n\t" + "shl v6.4s, v22.4s, #12\n\t" + "shl v7.4s, v23.4s, #12\n\t" + "sri v4.4s, v20.4s, #20\n\t" "sri v5.4s, v21.4s, #20\n\t" - "eor w15, w15, w20\n\t" - "sri v9.4s, v22.4s, #20\n\t" - "ror w12, w12, #20\n\t" + "sri v6.4s, v22.4s, #20\n\t" + "sri v7.4s, v23.4s, #20\n\t" /* a += b; d ^= a; d <<<= 8; */ - "add v0.4s, v0.4s, v1.4s\n\t" - "ror w13, w13, #20\n\t" - "add v4.4s, v4.4s, v5.4s\n\t" - "ror w14, w14, #20\n\t" - "add v8.4s, v8.4s, v9.4s\n\t" - "ror w15, w15, #20\n\t" - "eor v3.16b, v3.16b, v0.16b\n\t" - "add w8, w8, w12\n\t" - "eor v7.16b, v7.16b, v4.16b\n\t" - "add w9, w9, w13\n\t" - "eor v11.16b, v11.16b, v8.16b\n\t" - "add w10, w10, w14\n\t" - "tbl v3.16b, {v3.16b}, v30.16b\n\t" - "add w11, w11, w15\n\t" - "tbl v7.16b, {v7.16b}, v30.16b\n\t" - "eor w21, w21, w8\n\t" - "tbl v11.16b, {v11.16b}, v30.16b\n\t" - "eor w22, w22, w9\n\t" + "add v0.4s, v0.4s, v4.4s\n\t" + "add v1.4s, v1.4s, v5.4s\n\t" + "add v2.4s, v2.4s, v6.4s\n\t" + "add v3.4s, v3.4s, v7.4s\n\t" + "eor v12.16b, v12.16b, v0.16b\n\t" + "eor v13.16b, v13.16b, v1.16b\n\t" + "eor v14.16b, v14.16b, v2.16b\n\t" + "eor v15.16b, v15.16b, v3.16b\n\t" + "tbl v12.16b, {v12.16b}, v30.16b\n\t" + "tbl v13.16b, {v13.16b}, v30.16b\n\t" + "tbl v14.16b, {v14.16b}, v30.16b\n\t" + "tbl v15.16b, {v15.16b}, v30.16b\n\t" /* c += d; b ^= c; b <<<= 7; */ - "add v2.4s, v2.4s, v3.4s\n\t" - "eor w23, w23, w10\n\t" - "add v6.4s, v6.4s, v7.4s\n\t" - "eor w24, w24, w11\n\t" - "add v10.4s, v10.4s, v11.4s\n\t" - "ror w21, w21, #24\n\t" - "eor v20.16b, v1.16b, v2.16b\n\t" - "ror w22, w22, #24\n\t" - "eor v21.16b, v5.16b, v6.16b\n\t" - "ror w23, w23, #24\n\t" - "eor v22.16b, v9.16b, v10.16b\n\t" - "ror w24, w24, #24\n\t" - "shl v1.4s, v20.4s, #7\n\t" - "add w16, w16, w21\n\t" + "add v8.4s, v8.4s, v12.4s\n\t" + "add v9.4s, v9.4s, v13.4s\n\t" + "add v10.4s, v10.4s, v14.4s\n\t" + "add v11.4s, v11.4s, v15.4s\n\t" + "eor v20.16b, v4.16b, v8.16b\n\t" + "eor v21.16b, v5.16b, v9.16b\n\t" + "eor v22.16b, v6.16b, v10.16b\n\t" + "eor v23.16b, v7.16b, v11.16b\n\t" + "shl v4.4s, v20.4s, #7\n\t" "shl v5.4s, v21.4s, #7\n\t" - "add w17, w17, w22\n\t" - "shl v9.4s, v22.4s, #7\n\t" - "add w19, w19, w23\n\t" - "sri v1.4s, v20.4s, #25\n\t" - "add w20, w20, w24\n\t" + "shl v6.4s, v22.4s, #7\n\t" + "shl v7.4s, v23.4s, #7\n\t" + "sri v4.4s, v20.4s, #25\n\t" "sri v5.4s, v21.4s, #25\n\t" - "eor w12, w12, w16\n\t" - "sri v9.4s, v22.4s, #25\n\t" - "eor w13, w13, w17\n\t" - "ext v3.16b, v3.16b, v3.16b, #12\n\t" - "eor w14, w14, w19\n\t" - "ext v7.16b, v7.16b, v7.16b, #12\n\t" - "eor w15, w15, w20\n\t" - "ext v11.16b, v11.16b, v11.16b, #12\n\t" - "ror w12, w12, #25\n\t" - "ext v1.16b, v1.16b, v1.16b, #4\n\t" - "ror w13, w13, #25\n\t" - "ext v5.16b, v5.16b, v5.16b, #4\n\t" - "ror w14, w14, #25\n\t" - "ext v9.16b, v9.16b, v9.16b, #4\n\t" - "ror w15, w15, #25\n\t" - "ext v2.16b, v2.16b, v2.16b, #8\n\t" - "ext v6.16b, v6.16b, v6.16b, #8\n\t" - "ext v10.16b, v10.16b, v10.16b, #8\n\t" + "sri v6.4s, v22.4s, #25\n\t" + "sri v7.4s, v23.4s, #25\n\t" /* Round even */ /* a += b; d ^= a; d <<<= 16; */ - "add v0.4s, v0.4s, v1.4s\n\t" - "add w8, w8, w13\n\t" - "add v4.4s, v4.4s, v5.4s\n\t" - "add w9, w9, w14\n\t" - "add v8.4s, v8.4s, v9.4s\n\t" - "add w10, w10, w15\n\t" - "eor v3.16b, v3.16b, v0.16b\n\t" - "add w11, w11, w12\n\t" - "eor v7.16b, v7.16b, v4.16b\n\t" - "eor w24, w24, w8\n\t" - "eor v11.16b, v11.16b, v8.16b\n\t" - "eor w21, w21, w9\n\t" - "rev32 v3.8h, v3.8h\n\t" - "eor w22, w22, w10\n\t" - "rev32 v7.8h, v7.8h\n\t" - "eor w23, w23, w11\n\t" - "rev32 v11.8h, v11.8h\n\t" - "ror w24, w24, #16\n\t" + "add v0.4s, v0.4s, v5.4s\n\t" + "add v1.4s, v1.4s, v6.4s\n\t" + "add v2.4s, v2.4s, v7.4s\n\t" + "add v3.4s, v3.4s, v4.4s\n\t" + "eor v15.16b, v15.16b, v0.16b\n\t" + "eor v12.16b, v12.16b, v1.16b\n\t" + "eor v13.16b, v13.16b, v2.16b\n\t" + "eor v14.16b, v14.16b, v3.16b\n\t" + "rev32 v15.8h, v15.8h\n\t" + "rev32 v12.8h, v12.8h\n\t" + "rev32 v13.8h, v13.8h\n\t" + "rev32 v14.8h, v14.8h\n\t" /* c += d; b ^= c; b <<<= 12; */ - "add v2.4s, v2.4s, v3.4s\n\t" - "ror w21, w21, #16\n\t" - "add v6.4s, v6.4s, v7.4s\n\t" - "ror w22, w22, #16\n\t" - "add v10.4s, v10.4s, v11.4s\n\t" - "ror w23, w23, #16\n\t" - "eor v20.16b, v1.16b, v2.16b\n\t" - "add w19, w19, w24\n\t" - "eor v21.16b, v5.16b, v6.16b\n\t" - "add w20, w20, w21\n\t" - "eor v22.16b, v9.16b, v10.16b\n\t" - "add w16, w16, w22\n\t" - "shl v1.4s, v20.4s, #12\n\t" - "add w17, w17, w23\n\t" - "shl v5.4s, v21.4s, #12\n\t" - "eor w13, w13, w19\n\t" - "shl v9.4s, v22.4s, #12\n\t" - "eor w14, w14, w20\n\t" - "sri v1.4s, v20.4s, #20\n\t" - "eor w15, w15, w16\n\t" - "sri v5.4s, v21.4s, #20\n\t" - "eor w12, w12, w17\n\t" - "sri v9.4s, v22.4s, #20\n\t" - "ror w13, w13, #20\n\t" + "add v10.4s, v10.4s, v15.4s\n\t" + "add v11.4s, v11.4s, v12.4s\n\t" + "add v8.4s, v8.4s, v13.4s\n\t" + "add v9.4s, v9.4s, v14.4s\n\t" + "eor v20.16b, v5.16b, v10.16b\n\t" + "eor v21.16b, v6.16b, v11.16b\n\t" + "eor v22.16b, v7.16b, v8.16b\n\t" + "eor v23.16b, v4.16b, v9.16b\n\t" + "shl v5.4s, v20.4s, #12\n\t" + "shl v6.4s, v21.4s, #12\n\t" + "shl v7.4s, v22.4s, #12\n\t" + "shl v4.4s, v23.4s, #12\n\t" + "sri v5.4s, v20.4s, #20\n\t" + "sri v6.4s, v21.4s, #20\n\t" + "sri v7.4s, v22.4s, #20\n\t" + "sri v4.4s, v23.4s, #20\n\t" /* a += b; d ^= a; d <<<= 8; */ - "add v0.4s, v0.4s, v1.4s\n\t" - "ror w14, w14, #20\n\t" - "add v4.4s, v4.4s, v5.4s\n\t" - "ror w15, w15, #20\n\t" - "add v8.4s, v8.4s, v9.4s\n\t" - "ror w12, w12, #20\n\t" - "eor v3.16b, v3.16b, v0.16b\n\t" - "add w8, w8, w13\n\t" - "eor v7.16b, v7.16b, v4.16b\n\t" - "add w9, w9, w14\n\t" - "eor v11.16b, v11.16b, v8.16b\n\t" - "add w10, w10, w15\n\t" - "tbl v3.16b, {v3.16b}, v30.16b\n\t" - "add w11, w11, w12\n\t" - "tbl v7.16b, {v7.16b}, v30.16b\n\t" - "eor w24, w24, w8\n\t" - "tbl v11.16b, {v11.16b}, v30.16b\n\t" - "eor w21, w21, w9\n\t" + "add v0.4s, v0.4s, v5.4s\n\t" + "add v1.4s, v1.4s, v6.4s\n\t" + "add v2.4s, v2.4s, v7.4s\n\t" + "add v3.4s, v3.4s, v4.4s\n\t" + "eor v15.16b, v15.16b, v0.16b\n\t" + "eor v12.16b, v12.16b, v1.16b\n\t" + "eor v13.16b, v13.16b, v2.16b\n\t" + "eor v14.16b, v14.16b, v3.16b\n\t" + "tbl v15.16b, {v15.16b}, v30.16b\n\t" + "tbl v12.16b, {v12.16b}, v30.16b\n\t" + "tbl v13.16b, {v13.16b}, v30.16b\n\t" + "tbl v14.16b, {v14.16b}, v30.16b\n\t" /* c += d; b ^= c; b <<<= 7; */ - "add v2.4s, v2.4s, v3.4s\n\t" - "eor w22, w22, w10\n\t" - "add v6.4s, v6.4s, v7.4s\n\t" - "eor w23, w23, w11\n\t" - "add v10.4s, v10.4s, v11.4s\n\t" - "ror w24, w24, #24\n\t" - "eor v20.16b, v1.16b, v2.16b\n\t" - "ror w21, w21, #24\n\t" - "eor v21.16b, v5.16b, v6.16b\n\t" - "ror w22, w22, #24\n\t" - "eor v22.16b, v9.16b, v10.16b\n\t" - "ror w23, w23, #24\n\t" - "shl v1.4s, v20.4s, #7\n\t" - "add w19, w19, w24\n\t" - "shl v5.4s, v21.4s, #7\n\t" - "add w20, w20, w21\n\t" - "shl v9.4s, v22.4s, #7\n\t" - "add w16, w16, w22\n\t" - "sri v1.4s, v20.4s, #25\n\t" - "add w17, w17, w23\n\t" - "sri v5.4s, v21.4s, #25\n\t" - "eor w13, w13, w19\n\t" - "sri v9.4s, v22.4s, #25\n\t" - "eor w14, w14, w20\n\t" - "ext v3.16b, v3.16b, v3.16b, #4\n\t" - "eor w15, w15, w16\n\t" - "ext v7.16b, v7.16b, v7.16b, #4\n\t" - "eor w12, w12, w17\n\t" - "ext v11.16b, v11.16b, v11.16b, #4\n\t" - "ror w13, w13, #25\n\t" - "ext v1.16b, v1.16b, v1.16b, #12\n\t" - "ror w14, w14, #25\n\t" - "ext v5.16b, v5.16b, v5.16b, #12\n\t" - "ror w15, w15, #25\n\t" - "ext v9.16b, v9.16b, v9.16b, #12\n\t" - "ror w12, w12, #25\n\t" - "ext v2.16b, v2.16b, v2.16b, #8\n\t" - "ext v6.16b, v6.16b, v6.16b, #8\n\t" - "ext v10.16b, v10.16b, v10.16b, #8\n\t" + "add v10.4s, v10.4s, v15.4s\n\t" + "add v11.4s, v11.4s, v12.4s\n\t" + "add v8.4s, v8.4s, v13.4s\n\t" + "add v9.4s, v9.4s, v14.4s\n\t" + "eor v20.16b, v5.16b, v10.16b\n\t" + "eor v21.16b, v6.16b, v11.16b\n\t" + "eor v22.16b, v7.16b, v8.16b\n\t" + "eor v23.16b, v4.16b, v9.16b\n\t" + "shl v5.4s, v20.4s, #7\n\t" + "shl v6.4s, v21.4s, #7\n\t" + "shl v7.4s, v22.4s, #7\n\t" + "shl v4.4s, v23.4s, #7\n\t" + "sri v5.4s, v20.4s, #25\n\t" + "sri v6.4s, v21.4s, #25\n\t" + "sri v7.4s, v22.4s, #25\n\t" + "sri v4.4s, v23.4s, #25\n\t" "b.ne L_chacha_crypt_bytes_arm64_round_start_256_%=\n\t" + "mov x26, #4\n\t" + /* Add counter now rather than after transposed */ + "add v12.4s, v12.4s, v28.4s\n\t" /* Load message */ - "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[m]], #0x40\n\t" - /* Add one (2 added during calculating vector results) */ - "add w21, w21, #1\n\t" - /* Add back state, XOR msg, store (load next block) */ - "add v0.4s, v0.4s, v16.4s\n\t" - "add v1.4s, v1.4s, v17.4s\n\t" - "add v2.4s, v2.4s, v18.4s\n\t" - "add v3.4s, v3.4s, v19.4s\n\t" - "eor v0.16b, v0.16b, v20.16b\n\t" - "eor v1.16b, v1.16b, v21.16b\n\t" - "eor v2.16b, v2.16b, v22.16b\n\t" - "eor v3.16b, v3.16b, v23.16b\n\t" - "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[m]], #0x40\n\t" - "st1 {v0.4s, v1.4s, v2.4s, v3.4s}, [%x[c]], #0x40\n\t" - "mov v19.s[0], %w[rol8]\n\t" - "add v4.4s, v4.4s, v16.4s\n\t" - "add v5.4s, v5.4s, v17.4s\n\t" - "add v6.4s, v6.4s, v18.4s\n\t" - "add v7.4s, v7.4s, v19.4s\n\t" - "eor v4.16b, v4.16b, v20.16b\n\t" - "eor v5.16b, v5.16b, v21.16b\n\t" - "eor v6.16b, v6.16b, v22.16b\n\t" - "eor v7.16b, v7.16b, v23.16b\n\t" - "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[m]], #0x40\n\t" - "st1 {v4.4s, v5.4s, v6.4s, v7.4s}, [%x[c]], #0x40\n\t" - "mov v19.s[0], %w[ctr]\n\t" - "add v8.4s, v8.4s, v16.4s\n\t" - "add v9.4s, v9.4s, v17.4s\n\t" - "add v10.4s, v10.4s, v18.4s\n\t" - "add v11.4s, v11.4s, v19.4s\n\t" - "eor v8.16b, v8.16b, v20.16b\n\t" - "eor v9.16b, v9.16b, v21.16b\n\t" - "eor v10.16b, v10.16b, v22.16b\n\t" - "eor v11.16b, v11.16b, v23.16b\n\t" - "ld1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[m]], #0x40\n\t" - "st1 {v8.4s, v9.4s, v10.4s, v11.4s}, [%x[c]], #0x40\n\t" - /* Move regular registers into vector registers for adding and xor */ - "orr x8, x8, x9, lsl 32\n\t" - "orr x10, x10, x11, lsl 32\n\t" - "orr x12, x12, x13, lsl 32\n\t" - "mov v0.d[0], x8\n\t" - "orr x14, x14, x15, lsl 32\n\t" - "mov v0.d[1], x10\n\t" - "orr x16, x16, x17, lsl 32\n\t" - "mov v1.d[0], x12\n\t" - "orr x19, x19, x20, lsl 32\n\t" - "mov v1.d[1], x14\n\t" - "orr x21, x21, x22, lsl 32\n\t" - "mov v2.d[0], x16\n\t" - "orr x23, x23, x24, lsl 32\n\t" - "mov v2.d[1], x19\n\t" - "mov v3.d[0], x21\n\t" - "mov v3.d[1], x23\n\t" - /* Add back state, XOR in message and store */ - "add v0.4s, v0.4s, v16.4s\n\t" - "add v1.4s, v1.4s, v17.4s\n\t" - "add v2.4s, v2.4s, v18.4s\n\t" - "add v3.4s, v3.4s, v19.4s\n\t" - "eor v0.16b, v0.16b, v20.16b\n\t" - "eor v1.16b, v1.16b, v21.16b\n\t" - "eor v2.16b, v2.16b, v22.16b\n\t" - "eor v3.16b, v3.16b, v23.16b\n\t" - "st1 {v0.4s, v1.4s, v2.4s, v3.4s}, [%x[c]], #0x40\n\t" - "mov v19.d[0], x7\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%x[m]], #0x40\n\t" + /* Transpose vectors */ + "trn1 v20.4s, v0.4s, v1.4s\n\t" + "trn1 v22.4s, v2.4s, v3.4s\n\t" + "trn2 v21.4s, v0.4s, v1.4s\n\t" + "trn2 v23.4s, v2.4s, v3.4s\n\t" + "trn1 v0.2d, v20.2d, v22.2d\n\t" + "trn1 v1.2d, v21.2d, v23.2d\n\t" + "trn2 v2.2d, v20.2d, v22.2d\n\t" + "trn2 v3.2d, v21.2d, v23.2d\n\t" + "trn1 v20.4s, v4.4s, v5.4s\n\t" + "trn1 v22.4s, v6.4s, v7.4s\n\t" + "trn2 v21.4s, v4.4s, v5.4s\n\t" + "trn2 v23.4s, v6.4s, v7.4s\n\t" + "trn1 v4.2d, v20.2d, v22.2d\n\t" + "trn1 v5.2d, v21.2d, v23.2d\n\t" + "trn2 v6.2d, v20.2d, v22.2d\n\t" + "trn2 v7.2d, v21.2d, v23.2d\n\t" + "trn1 v20.4s, v8.4s, v9.4s\n\t" + "trn1 v22.4s, v10.4s, v11.4s\n\t" + "trn2 v21.4s, v8.4s, v9.4s\n\t" + "trn2 v23.4s, v10.4s, v11.4s\n\t" + "trn1 v8.2d, v20.2d, v22.2d\n\t" + "trn1 v9.2d, v21.2d, v23.2d\n\t" + "trn2 v10.2d, v20.2d, v22.2d\n\t" + "trn2 v11.2d, v21.2d, v23.2d\n\t" + "trn1 v20.4s, v12.4s, v13.4s\n\t" + "trn1 v22.4s, v14.4s, v15.4s\n\t" + "trn2 v21.4s, v12.4s, v13.4s\n\t" + "trn2 v23.4s, v14.4s, v15.4s\n\t" + "trn1 v12.2d, v20.2d, v22.2d\n\t" + "trn1 v13.2d, v21.2d, v23.2d\n\t" + "trn2 v14.2d, v20.2d, v22.2d\n\t" + "trn2 v15.2d, v21.2d, v23.2d\n\t" + /* Add back state, XOR in message and store (load next block) */ + "add v20.4s, v0.4s, v16.4s\n\t" + "add v21.4s, v4.4s, v17.4s\n\t" + "add v22.4s, v8.4s, v18.4s\n\t" + "add v23.4s, v12.4s, v19.4s\n\t" + "eor v20.16b, v20.16b, v24.16b\n\t" + "eor v21.16b, v21.16b, v25.16b\n\t" + "eor v22.16b, v22.16b, v26.16b\n\t" + "eor v23.16b, v23.16b, v27.16b\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%x[m]], #0x40\n\t" + "st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[c]], #0x40\n\t" + "add v20.4s, v1.4s, v16.4s\n\t" + "add v21.4s, v5.4s, v17.4s\n\t" + "add v22.4s, v9.4s, v18.4s\n\t" + "add v23.4s, v13.4s, v19.4s\n\t" + "eor v20.16b, v20.16b, v24.16b\n\t" + "eor v21.16b, v21.16b, v25.16b\n\t" + "eor v22.16b, v22.16b, v26.16b\n\t" + "eor v23.16b, v23.16b, v27.16b\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%x[m]], #0x40\n\t" + "st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[c]], #0x40\n\t" + "add v20.4s, v2.4s, v16.4s\n\t" + "add v21.4s, v6.4s, v17.4s\n\t" + "add v22.4s, v10.4s, v18.4s\n\t" + "add v23.4s, v14.4s, v19.4s\n\t" + "eor v20.16b, v20.16b, v24.16b\n\t" + "eor v21.16b, v21.16b, v25.16b\n\t" + "eor v22.16b, v22.16b, v26.16b\n\t" + "eor v23.16b, v23.16b, v27.16b\n\t" + "ld1 {v24.16b, v25.16b, v26.16b, v27.16b}, [%x[m]], #0x40\n\t" + "st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[c]], #0x40\n\t" + "add v20.4s, v3.4s, v16.4s\n\t" + "add v21.4s, v7.4s, v17.4s\n\t" + "add v22.4s, v11.4s, v18.4s\n\t" + "add v23.4s, v15.4s, v19.4s\n\t" + "eor v20.16b, v20.16b, v24.16b\n\t" + "eor v21.16b, v21.16b, v25.16b\n\t" + "eor v22.16b, v22.16b, v26.16b\n\t" + "eor v23.16b, v23.16b, v27.16b\n\t" + "st1 {v20.16b, v21.16b, v22.16b, v23.16b}, [%x[c]], #0x40\n\t" + "mov v29.s[0], w26\n\t" "sub %w[len], %w[len], #0x100\n\t" + "add v19.4s, v19.4s, v29.4s\n\t" /* Done 256-byte block */ "\n" "L_chacha_crypt_bytes_arm64_lt_256_%=: \n\t" @@ -1006,14 +918,14 @@ "L_chacha_crypt_bytes_arm64_lt_8_%=: \n\t" "mov %[rol8], v0.d[0]\n\t" "\n" - "L_chacha_crypt_bytes_arm64loop_lt_8_%=: \n\t" + "L_chacha_crypt_bytes_arm64_loop_lt_8_%=: \n\t" /* Encipher 1 byte at a time */ "ldrb %w[ctr], [%x[m]], #1\n\t" "eor %w[ctr], %w[ctr], %w[rol8]\n\t" "strb %w[ctr], [%x[c]], #1\n\t" "subs %w[len], %w[len], #1\n\t" "lsr %[rol8], %[rol8], #8\n\t" - "b.gt L_chacha_crypt_bytes_arm64loop_lt_8_%=\n\t" + "b.gt L_chacha_crypt_bytes_arm64_loop_lt_8_%=\n\t" "\n" "L_chacha_crypt_bytes_arm64_done_%=: \n\t" "\n" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -47,7 +47,6 @@ #ifndef __APPLE__ .size fe_init,.-fe_init #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl fe_frombytes @@ -554,7 +553,253 @@ #ifndef __APPLE__ .size fe_cmov_table,.-fe_cmov_table #endif /* __APPLE__ */ -#endif /* HAVE_ED25519 */ +#ifndef __APPLE__ +.text +.globl fe_invert_nct +.type fe_invert_nct,@function +.align 2 +fe_invert_nct: +#else +.section __TEXT,__text +.globl _fe_invert_nct +.p2align 2 +_fe_invert_nct: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-80]! + add x29, sp, #0 + stp x17, x19, [x29, #24] + stp x20, x21, [x29, #40] + stp x22, x23, [x29, #56] + str x24, [x29, #72] + mov x19, #-19 + mov x20, #-1 + mov x21, #0x7fffffffffffffff + ldr x6, [x1] + ldr x7, [x1, #8] + ldr x8, [x1, #16] + ldr x9, [x1, #24] + mov x2, x19 + mov x3, x20 + mov x4, x20 + mov x5, x21 + mov x10, xzr + mov x11, xzr + mov x12, xzr + mov x13, xzr + mov x14, #1 + mov x15, xzr + mov x16, xzr + mov x17, xzr + mov x22, #0xff + cmp x9, #0 + beq L_fe_invert_nct_num_bits_init_v_0 + mov x24, #0x100 + clz x23, x9 + sub x23, x24, x23 + b L_fe_invert_nct_num_bits_init_v_3 +L_fe_invert_nct_num_bits_init_v_0: + cmp x8, #0 + beq L_fe_invert_nct_num_bits_init_v_1 + mov x24, #0xc0 + clz x23, x8 + sub x23, x24, x23 + b L_fe_invert_nct_num_bits_init_v_3 +L_fe_invert_nct_num_bits_init_v_1: + cmp x7, #0 + beq L_fe_invert_nct_num_bits_init_v_2 + mov x24, #0x80 + clz x23, x7 + sub x23, x24, x23 + b L_fe_invert_nct_num_bits_init_v_3 +L_fe_invert_nct_num_bits_init_v_2: + mov x24, #0x40 + clz x23, x6 + sub x23, x24, x23 +L_fe_invert_nct_num_bits_init_v_3: + tst x6, #1 + bne L_fe_invert_nct_loop +L_fe_invert_nct_even_init_v_0: + extr x6, x7, x6, #1 + extr x7, x8, x7, #1 + extr x8, x9, x8, #1 + lsr x9, x9, #1 + sub x23, x23, #1 + ands x24, x14, #1 + beq L_fe_invert_nct_even_init_v_1 + adds x14, x14, x19 + adcs x15, x15, x20 + adcs x16, x16, x20 + adcs x17, x17, x21 + cset x24, cs +L_fe_invert_nct_even_init_v_1: + extr x14, x15, x14, #1 + extr x15, x16, x15, #1 + extr x16, x17, x16, #1 + extr x17, x24, x17, #1 + tst x6, #1 + beq L_fe_invert_nct_even_init_v_0 +L_fe_invert_nct_loop: + cmp x22, #1 + beq L_fe_invert_nct_u_done + cmp x23, #1 + beq L_fe_invert_nct_v_done + cmp x22, x23 + bhi L_fe_invert_nct_u_larger + bcc L_fe_invert_nct_v_larger + cmp x5, x9 + bhi L_fe_invert_nct_u_larger + bcc L_fe_invert_nct_v_larger + cmp x4, x8 + bhi L_fe_invert_nct_u_larger + bcc L_fe_invert_nct_v_larger + cmp x3, x7 + bhi L_fe_invert_nct_u_larger + bcc L_fe_invert_nct_v_larger + cmp x2, x6 + bcc L_fe_invert_nct_v_larger +L_fe_invert_nct_u_larger: + subs x2, x2, x6 + sbcs x3, x3, x7 + sbcs x4, x4, x8 + sbc x5, x5, x9 + subs x10, x10, x14 + sbcs x11, x11, x15 + sbcs x12, x12, x16 + sbcs x13, x13, x17 + bcs L_fe_invert_nct_sub_uv + adds x10, x10, x19 + adcs x11, x11, x20 + adcs x12, x12, x20 + adc x13, x13, x21 +L_fe_invert_nct_sub_uv: + cmp x5, #0 + beq L_fe_invert_nct_nct_num_bits_u_0 + mov x24, #0x100 + clz x22, x5 + sub x22, x24, x22 + b L_fe_invert_nct_nct_num_bits_u_3 +L_fe_invert_nct_nct_num_bits_u_0: + cmp x4, #0 + beq L_fe_invert_nct_nct_num_bits_u_1 + mov x24, #0xc0 + clz x22, x4 + sub x22, x24, x22 + b L_fe_invert_nct_nct_num_bits_u_3 +L_fe_invert_nct_nct_num_bits_u_1: + cmp x3, #0 + beq L_fe_invert_nct_nct_num_bits_u_2 + mov x24, #0x80 + clz x22, x3 + sub x22, x24, x22 + b L_fe_invert_nct_nct_num_bits_u_3 +L_fe_invert_nct_nct_num_bits_u_2: + mov x24, #0x40 + clz x22, x2 + sub x22, x24, x22 +L_fe_invert_nct_nct_num_bits_u_3: +L_fe_invert_nct_even_u_0: + extr x2, x3, x2, #1 + extr x3, x4, x3, #1 + extr x4, x5, x4, #1 + lsr x5, x5, #1 + sub x22, x22, #1 + ands x24, x10, #1 + beq L_fe_invert_nct_even_u_1 + adds x10, x10, x19 + adcs x11, x11, x20 + adcs x12, x12, x20 + adcs x13, x13, x21 + cset x24, cs +L_fe_invert_nct_even_u_1: + extr x10, x11, x10, #1 + extr x11, x12, x11, #1 + extr x12, x13, x12, #1 + extr x13, x24, x13, #1 + tst x2, #1 + beq L_fe_invert_nct_even_u_0 + b L_fe_invert_nct_loop +L_fe_invert_nct_v_larger: + subs x6, x6, x2 + sbcs x7, x7, x3 + sbcs x8, x8, x4 + sbc x9, x9, x5 + subs x14, x14, x10 + sbcs x15, x15, x11 + sbcs x16, x16, x12 + sbcs x17, x17, x13 + bcs L_fe_invert_nct_sub_vu + adds x14, x14, x19 + adcs x15, x15, x20 + adcs x16, x16, x20 + adc x17, x17, x21 +L_fe_invert_nct_sub_vu: + cmp x9, #0 + beq L_fe_invert_nct_nct_num_bits_v_0 + mov x24, #0x100 + clz x23, x9 + sub x23, x24, x23 + b L_fe_invert_nct_nct_num_bits_v_3 +L_fe_invert_nct_nct_num_bits_v_0: + cmp x8, #0 + beq L_fe_invert_nct_nct_num_bits_v_1 + mov x24, #0xc0 + clz x23, x8 + sub x23, x24, x23 + b L_fe_invert_nct_nct_num_bits_v_3 +L_fe_invert_nct_nct_num_bits_v_1: + cmp x7, #0 + beq L_fe_invert_nct_nct_num_bits_v_2 + mov x24, #0x80 + clz x23, x7 + sub x23, x24, x23 + b L_fe_invert_nct_nct_num_bits_v_3 +L_fe_invert_nct_nct_num_bits_v_2: + mov x24, #0x40 + clz x23, x6 + sub x23, x24, x23 +L_fe_invert_nct_nct_num_bits_v_3: +L_fe_invert_nct_even_v_0: + extr x6, x7, x6, #1 + extr x7, x8, x7, #1 + extr x8, x9, x8, #1 + lsr x9, x9, #1 + sub x23, x23, #1 + ands x24, x14, #1 + beq L_fe_invert_nct_even_v_1 + adds x14, x14, x19 + adcs x15, x15, x20 + adcs x16, x16, x20 + adcs x17, x17, x21 + cset x24, cs +L_fe_invert_nct_even_v_1: + extr x14, x15, x14, #1 + extr x15, x16, x15, #1 + extr x16, x17, x16, #1 + extr x17, x24, x17, #1 + tst x6, #1 + beq L_fe_invert_nct_even_v_0 + b L_fe_invert_nct_loop +L_fe_invert_nct_u_done: + str x10, [x0] + str x11, [x0, #8] + str x12, [x0, #16] + str x13, [x0, #24] + b L_fe_invert_nct_done +L_fe_invert_nct_v_done: + str x14, [x0] + str x15, [x0, #8] + str x16, [x0, #16] + str x17, [x0, #24] +L_fe_invert_nct_done: + ldp x17, x19, [x29, #24] + ldp x20, x21, [x29, #40] + ldp x22, x23, [x29, #56] + ldr x24, [x29, #72] + ldp x29, x30, [sp], #0x50 + ret +#ifndef __APPLE__ + .size fe_invert_nct,.-fe_invert_nct +#endif /* __APPLE__ */ #ifndef __APPLE__ .text .globl fe_mul @@ -1693,6 +1938,2557 @@ #ifndef __APPLE__ .size fe_invert,.-fe_invert #endif /* __APPLE__ */ +#if !defined(HAVE_ED25519) && !defined(WOLFSSL_CURVE25519_USE_ED25519) +#ifndef __APPLE__ + .text + .type L_curve25519_base_x2, %object + .section .rodata + .size L_curve25519_base_x2, 32 +#else + .section __DATA,__data +#endif /* __APPLE__ */ +#ifndef __APPLE__ + .align 5 +#else + .p2align 5 +#endif /* __APPLE__ */ +L_curve25519_base_x2: +.xword 0x5cae469cdd684efb, 0x8f3f5ced1e350b5c +.xword 0xd9750c687d157114, 0x20d342d51873f1b7 +#ifndef __APPLE__ +.text +.globl curve25519_base +.type curve25519_base,@function +.align 2 +curve25519_base: +#else +.section __TEXT,__text +.globl _curve25519_base +.p2align 2 +_curve25519_base: +#endif /* __APPLE__ */ + stp x29, x30, [sp, #-272]! + add x29, sp, #0 + stp x17, x19, [x29, #184] + stp x20, x21, [x29, #200] + stp x22, x23, [x29, #216] + stp x24, x25, [x29, #232] + stp x26, x27, [x29, #248] + str x28, [x29, #264] +#ifndef __APPLE__ + adrp x2, L_curve25519_base_x2 + add x2, x2, :lo12:L_curve25519_base_x2 +#else + adrp x2, L_curve25519_base_x2@PAGE + add x2, x2, L_curve25519_base_x2@PAGEOFF +#endif /* __APPLE__ */ + ldp x6, x7, [x2] + ldp x8, x9, [x2, #16] + mov x10, #1 + mov x11, xzr + mov x12, xzr + mov x13, xzr + # Set base point x-ordinate + mov x24, #9 + stp x24, xzr, [x0] + stp xzr, xzr, [x0, #16] + # Set one + mov x24, #1 + stp x24, xzr, [x29, #16] + stp xzr, xzr, [x29, #32] + mov x2, xzr + mov x23, x0 + mov x24, #0xfd +L_curve25519_base_bits: + lsr x3, x24, #6 + and x4, x24, #63 + ldr x5, [x1, x3, LSL 3] + lsr x5, x5, x4 + eor x2, x2, x5 + # Conditional Swap + subs xzr, xzr, x2, lsl 63 + ldp x25, x26, [x29, #16] + ldp x27, x28, [x29, #32] + csel x19, x25, x10, ne + csel x25, x10, x25, ne + csel x20, x26, x11, ne + csel x26, x11, x26, ne + csel x21, x27, x12, ne + csel x27, x12, x27, ne + csel x22, x28, x13, ne + csel x28, x13, x28, ne + # Conditional Swap + subs xzr, xzr, x2, lsl 63 + ldp x10, x11, [x0] + ldp x12, x13, [x0, #16] + csel x14, x10, x6, ne + csel x10, x6, x10, ne + csel x15, x11, x7, ne + csel x11, x7, x11, ne + csel x16, x12, x8, ne + csel x12, x8, x12, ne + csel x17, x13, x9, ne + csel x13, x9, x13, ne + mov x2, x5 + # Add + adds x6, x10, x25 + adcs x7, x11, x26 + adcs x8, x12, x27 + adcs x9, x13, x28 + cset x5, cs + mov x3, #19 + extr x5, x5, x9, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x6, x6, x3 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Sub + subs x25, x10, x25 + sbcs x26, x11, x26 + sbcs x27, x12, x27 + sbcs x28, x13, x28 + csetm x5, cc + mov x3, #-19 + extr x5, x5, x28, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x25, x25, x3 + sbcs x26, x26, xzr + and x28, x28, #0x7fffffffffffffff + sbcs x27, x27, xzr + sbc x28, x28, xzr + stp x25, x26, [x29, #80] + stp x27, x28, [x29, #96] + # Add + adds x10, x14, x19 + adcs x11, x15, x20 + adcs x12, x16, x21 + adcs x13, x17, x22 + cset x5, cs + mov x3, #19 + extr x5, x5, x13, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x10, x10, x3 + adcs x11, x11, xzr + and x13, x13, #0x7fffffffffffffff + adcs x12, x12, xzr + adc x13, x13, xzr + # Sub + subs x14, x14, x19 + sbcs x15, x15, x20 + sbcs x16, x16, x21 + sbcs x17, x17, x22 + csetm x5, cc + mov x3, #-19 + extr x5, x5, x17, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x14, x14, x3 + sbcs x15, x15, xzr + and x17, x17, #0x7fffffffffffffff + sbcs x16, x16, xzr + sbc x17, x17, xzr + # Multiply + # A[0] * B[0] + umulh x20, x14, x6 + mul x19, x14, x6 + # A[2] * B[0] + umulh x22, x16, x6 + mul x21, x16, x6 + # A[1] * B[0] + mul x3, x15, x6 + adds x20, x20, x3 + umulh x4, x15, x6 + adcs x21, x21, x4 + # A[1] * B[3] + umulh x26, x15, x9 + adc x22, x22, xzr + mul x25, x15, x9 + # A[0] * B[1] + mul x3, x14, x7 + adds x20, x20, x3 + umulh x4, x14, x7 + adcs x21, x21, x4 + # A[2] * B[1] + mul x3, x16, x7 + adcs x22, x22, x3 + umulh x4, x16, x7 + adcs x25, x25, x4 + adc x26, x26, xzr + # A[1] * B[2] + mul x3, x15, x8 + adds x22, x22, x3 + umulh x4, x15, x8 + adcs x25, x25, x4 + adcs x26, x26, xzr + adc x27, xzr, xzr + # A[0] * B[2] + mul x3, x14, x8 + adds x21, x21, x3 + umulh x4, x14, x8 + adcs x22, x22, x4 + adcs x25, x25, xzr + adcs x26, x26, xzr + adc x27, x27, xzr + # A[1] * B[1] + mul x3, x15, x7 + adds x21, x21, x3 + umulh x4, x15, x7 + adcs x22, x22, x4 + # A[3] * B[1] + mul x3, x17, x7 + adcs x25, x25, x3 + umulh x4, x17, x7 + adcs x26, x26, x4 + adc x27, x27, xzr + # A[2] * B[2] + mul x3, x16, x8 + adds x25, x25, x3 + umulh x4, x16, x8 + adcs x26, x26, x4 + # A[3] * B[3] + mul x3, x17, x9 + adcs x27, x27, x3 + umulh x28, x17, x9 + adc x28, x28, xzr + # A[0] * B[3] + mul x3, x14, x9 + adds x22, x22, x3 + umulh x4, x14, x9 + adcs x25, x25, x4 + # A[2] * B[3] + mul x3, x16, x9 + adcs x26, x26, x3 + umulh x4, x16, x9 + adcs x27, x27, x4 + adc x28, x28, xzr + # A[3] * B[0] + mul x3, x17, x6 + adds x22, x22, x3 + umulh x4, x17, x6 + adcs x25, x25, x4 + # A[3] * B[2] + mul x3, x17, x8 + adcs x26, x26, x3 + umulh x4, x17, x8 + adcs x27, x27, x4 + adc x28, x28, xzr + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x22, x22, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x22, #63 + mul x5, x5, x3 + and x22, x22, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x19, x19, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x20, x20, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x21, x21, x4 + umulh x27, x3, x27 + adc x22, x22, xzr + # Add high product results in + adds x19, x19, x5 + adcs x20, x20, x25 + adcs x21, x21, x26 + adc x22, x22, x27 + # Store + stp x19, x20, [x29, #48] + stp x21, x22, [x29, #64] + # Multiply + ldp x25, x26, [x29, #80] + ldp x27, x28, [x29, #96] + # A[0] * B[0] + umulh x20, x10, x25 + mul x19, x10, x25 + # A[2] * B[0] + umulh x22, x12, x25 + mul x21, x12, x25 + # A[1] * B[0] + mul x3, x11, x25 + adds x20, x20, x3 + umulh x4, x11, x25 + adcs x21, x21, x4 + # A[1] * B[3] + umulh x15, x11, x28 + adc x22, x22, xzr + mul x14, x11, x28 + # A[0] * B[1] + mul x3, x10, x26 + adds x20, x20, x3 + umulh x4, x10, x26 + adcs x21, x21, x4 + # A[2] * B[1] + mul x3, x12, x26 + adcs x22, x22, x3 + umulh x4, x12, x26 + adcs x14, x14, x4 + adc x15, x15, xzr + # A[1] * B[2] + mul x3, x11, x27 + adds x22, x22, x3 + umulh x4, x11, x27 + adcs x14, x14, x4 + adcs x15, x15, xzr + adc x16, xzr, xzr + # A[0] * B[2] + mul x3, x10, x27 + adds x21, x21, x3 + umulh x4, x10, x27 + adcs x22, x22, x4 + adcs x14, x14, xzr + adcs x15, x15, xzr + adc x16, x16, xzr + # A[1] * B[1] + mul x3, x11, x26 + adds x21, x21, x3 + umulh x4, x11, x26 + adcs x22, x22, x4 + # A[3] * B[1] + mul x3, x13, x26 + adcs x14, x14, x3 + umulh x4, x13, x26 + adcs x15, x15, x4 + adc x16, x16, xzr + # A[2] * B[2] + mul x3, x12, x27 + adds x14, x14, x3 + umulh x4, x12, x27 + adcs x15, x15, x4 + # A[3] * B[3] + mul x3, x13, x28 + adcs x16, x16, x3 + umulh x17, x13, x28 + adc x17, x17, xzr + # A[0] * B[3] + mul x3, x10, x28 + adds x22, x22, x3 + umulh x4, x10, x28 + adcs x14, x14, x4 + # A[2] * B[3] + mul x3, x12, x28 + adcs x15, x15, x3 + umulh x4, x12, x28 + adcs x16, x16, x4 + adc x17, x17, xzr + # A[3] * B[0] + mul x3, x13, x25 + adds x22, x22, x3 + umulh x4, x13, x25 + adcs x14, x14, x4 + # A[3] * B[2] + mul x3, x13, x27 + adcs x15, x15, x3 + umulh x4, x13, x27 + adcs x16, x16, x4 + adc x17, x17, xzr + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x22, x22, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x22, #63 + mul x5, x5, x3 + and x22, x22, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x19, x19, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x20, x20, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x21, x21, x4 + umulh x16, x3, x16 + adc x22, x22, xzr + # Add high product results in + adds x19, x19, x5 + adcs x20, x20, x14 + adcs x21, x21, x15 + adc x22, x22, x16 + # Square + # A[0] * A[1] + umulh x12, x25, x26 + mul x11, x25, x26 + # A[0] * A[3] + umulh x14, x25, x28 + mul x13, x25, x28 + # A[0] * A[2] + mul x3, x25, x27 + adds x12, x12, x3 + umulh x4, x25, x27 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x26, x28 + adcs x14, x14, x3 + umulh x15, x26, x28 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x26, x27 + adds x13, x13, x3 + umulh x4, x26, x27 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x27, x28 + adcs x15, x15, x3 + umulh x16, x27, x28 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x25, x25 + mul x10, x25, x25 + # A[1] * A[1] + mul x3, x26, x26 + adds x11, x11, x4 + umulh x4, x26, x26 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x27, x27 + adcs x13, x13, x4 + umulh x4, x27, x27 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x28, x28 + adcs x15, x15, x4 + umulh x4, x28, x28 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x10, x10, x5 + adcs x11, x11, x14 + adcs x12, x12, x15 + adc x13, x13, x16 + # Square + # A[0] * A[1] + umulh x16, x6, x7 + mul x15, x6, x7 + # A[0] * A[3] + umulh x25, x6, x9 + mul x17, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x16, x16, x3 + umulh x4, x6, x8 + adcs x17, x17, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x25, x25, x3 + umulh x26, x7, x9 + adc x26, x26, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x17, x17, x3 + umulh x4, x7, x8 + adcs x25, x25, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x26, x26, x3 + umulh x27, x8, x9 + adc x27, x27, xzr + # Double + adds x15, x15, x15 + adcs x16, x16, x16 + adcs x17, x17, x17 + adcs x25, x25, x25 + adcs x26, x26, x26 + adcs x27, x27, x27 + adc x28, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x14, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x15, x15, x4 + umulh x4, x7, x7 + adcs x16, x16, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x17, x17, x4 + umulh x4, x8, x8 + adcs x25, x25, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x26, x26, x4 + umulh x4, x9, x9 + adcs x27, x27, x3 + adc x28, x28, x4 + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x17, x17, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x17, #63 + mul x5, x5, x3 + and x17, x17, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x14, x14, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x15, x15, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x16, x16, x4 + umulh x27, x3, x27 + adc x17, x17, xzr + # Add high product results in + adds x14, x14, x5 + adcs x15, x15, x25 + adcs x16, x16, x26 + adc x17, x17, x27 + # Multiply + # A[0] * B[0] + umulh x7, x14, x10 + mul x6, x14, x10 + # A[2] * B[0] + umulh x9, x16, x10 + mul x8, x16, x10 + # A[1] * B[0] + mul x3, x15, x10 + adds x7, x7, x3 + umulh x4, x15, x10 + adcs x8, x8, x4 + # A[1] * B[3] + umulh x26, x15, x13 + adc x9, x9, xzr + mul x25, x15, x13 + # A[0] * B[1] + mul x3, x14, x11 + adds x7, x7, x3 + umulh x4, x14, x11 + adcs x8, x8, x4 + # A[2] * B[1] + mul x3, x16, x11 + adcs x9, x9, x3 + umulh x4, x16, x11 + adcs x25, x25, x4 + adc x26, x26, xzr + # A[1] * B[2] + mul x3, x15, x12 + adds x9, x9, x3 + umulh x4, x15, x12 + adcs x25, x25, x4 + adcs x26, x26, xzr + adc x27, xzr, xzr + # A[0] * B[2] + mul x3, x14, x12 + adds x8, x8, x3 + umulh x4, x14, x12 + adcs x9, x9, x4 + adcs x25, x25, xzr + adcs x26, x26, xzr + adc x27, x27, xzr + # A[1] * B[1] + mul x3, x15, x11 + adds x8, x8, x3 + umulh x4, x15, x11 + adcs x9, x9, x4 + # A[3] * B[1] + mul x3, x17, x11 + adcs x25, x25, x3 + umulh x4, x17, x11 + adcs x26, x26, x4 + adc x27, x27, xzr + # A[2] * B[2] + mul x3, x16, x12 + adds x25, x25, x3 + umulh x4, x16, x12 + adcs x26, x26, x4 + # A[3] * B[3] + mul x3, x17, x13 + adcs x27, x27, x3 + umulh x28, x17, x13 + adc x28, x28, xzr + # A[0] * B[3] + mul x3, x14, x13 + adds x9, x9, x3 + umulh x4, x14, x13 + adcs x25, x25, x4 + # A[2] * B[3] + mul x3, x16, x13 + adcs x26, x26, x3 + umulh x4, x16, x13 + adcs x27, x27, x4 + adc x28, x28, xzr + # A[3] * B[0] + mul x3, x17, x10 + adds x9, x9, x3 + umulh x4, x17, x10 + adcs x25, x25, x4 + # A[3] * B[2] + mul x3, x17, x12 + adcs x26, x26, x3 + umulh x4, x17, x12 + adcs x27, x27, x4 + adc x28, x28, xzr + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x9, x9, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x9, #63 + mul x5, x5, x3 + and x9, x9, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x6, x6, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x7, x7, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x8, x8, x4 + umulh x27, x3, x27 + adc x9, x9, xzr + # Add high product results in + adds x6, x6, x5 + adcs x7, x7, x25 + adcs x8, x8, x26 + adc x9, x9, x27 + # Store + stp x6, x7, [x0] + stp x8, x9, [x0, #16] + # Sub + subs x14, x14, x10 + sbcs x15, x15, x11 + sbcs x16, x16, x12 + sbcs x17, x17, x13 + csetm x5, cc + mov x3, #-19 + # Mask the modulus + extr x5, x5, x17, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x14, x14, x3 + sbcs x15, x15, xzr + and x17, x17, #0x7fffffffffffffff + sbcs x16, x16, xzr + sbc x17, x17, xzr + # Multiply by 121666 + mov x5, #0xdb42 + movk x5, #1, lsl 16 + mul x6, x14, x5 + umulh x7, x14, x5 + mul x3, x15, x5 + umulh x8, x15, x5 + adds x7, x7, x3 + adc x8, x8, xzr + mul x3, x16, x5 + umulh x9, x16, x5 + adds x8, x8, x3 + adc x9, x9, xzr + mul x3, x17, x5 + umulh x4, x17, x5 + adds x9, x9, x3 + adc x4, x4, xzr + mov x5, #19 + extr x4, x4, x9, #63 + mul x4, x4, x5 + adds x6, x6, x4 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Add + adds x10, x10, x6 + adcs x11, x11, x7 + adcs x12, x12, x8 + adcs x13, x13, x9 + cset x5, cs + mov x3, #19 + # Mask the modulus + extr x5, x5, x13, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x10, x10, x3 + adcs x11, x11, xzr + and x13, x13, #0x7fffffffffffffff + adcs x12, x12, xzr + adc x13, x13, xzr + # Multiply + # A[0] * B[0] + umulh x7, x14, x10 + mul x6, x14, x10 + # A[2] * B[0] + umulh x9, x16, x10 + mul x8, x16, x10 + # A[1] * B[0] + mul x3, x15, x10 + adds x7, x7, x3 + umulh x4, x15, x10 + adcs x8, x8, x4 + # A[1] * B[3] + umulh x26, x15, x13 + adc x9, x9, xzr + mul x25, x15, x13 + # A[0] * B[1] + mul x3, x14, x11 + adds x7, x7, x3 + umulh x4, x14, x11 + adcs x8, x8, x4 + # A[2] * B[1] + mul x3, x16, x11 + adcs x9, x9, x3 + umulh x4, x16, x11 + adcs x25, x25, x4 + adc x26, x26, xzr + # A[1] * B[2] + mul x3, x15, x12 + adds x9, x9, x3 + umulh x4, x15, x12 + adcs x25, x25, x4 + adcs x26, x26, xzr + adc x27, xzr, xzr + # A[0] * B[2] + mul x3, x14, x12 + adds x8, x8, x3 + umulh x4, x14, x12 + adcs x9, x9, x4 + adcs x25, x25, xzr + adcs x26, x26, xzr + adc x27, x27, xzr + # A[1] * B[1] + mul x3, x15, x11 + adds x8, x8, x3 + umulh x4, x15, x11 + adcs x9, x9, x4 + # A[3] * B[1] + mul x3, x17, x11 + adcs x25, x25, x3 + umulh x4, x17, x11 + adcs x26, x26, x4 + adc x27, x27, xzr + # A[2] * B[2] + mul x3, x16, x12 + adds x25, x25, x3 + umulh x4, x16, x12 + adcs x26, x26, x4 + # A[3] * B[3] + mul x3, x17, x13 + adcs x27, x27, x3 + umulh x28, x17, x13 + adc x28, x28, xzr + # A[0] * B[3] + mul x3, x14, x13 + adds x9, x9, x3 + umulh x4, x14, x13 + adcs x25, x25, x4 + # A[2] * B[3] + mul x3, x16, x13 + adcs x26, x26, x3 + umulh x4, x16, x13 + adcs x27, x27, x4 + adc x28, x28, xzr + # A[3] * B[0] + mul x3, x17, x10 + adds x9, x9, x3 + umulh x4, x17, x10 + adcs x25, x25, x4 + # A[3] * B[2] + mul x3, x17, x12 + adcs x26, x26, x3 + umulh x4, x17, x12 + adcs x27, x27, x4 + adc x28, x28, xzr + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x9, x9, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x9, #63 + mul x5, x5, x3 + and x9, x9, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x6, x6, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x7, x7, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x8, x8, x4 + umulh x27, x3, x27 + adc x9, x9, xzr + # Add high product results in + adds x6, x6, x5 + adcs x7, x7, x25 + adcs x8, x8, x26 + adc x9, x9, x27 + # Store + stp x6, x7, [x29, #16] + stp x8, x9, [x29, #32] + # Add + ldp x25, x26, [x29, #48] + ldp x27, x28, [x29, #64] + adds x10, x25, x19 + adcs x11, x26, x20 + adcs x12, x27, x21 + adcs x13, x28, x22 + cset x5, cs + mov x3, #19 + extr x5, x5, x13, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x10, x10, x3 + adcs x11, x11, xzr + and x13, x13, #0x7fffffffffffffff + adcs x12, x12, xzr + adc x13, x13, xzr + # Sub + subs x19, x25, x19 + sbcs x20, x26, x20 + sbcs x21, x27, x21 + sbcs x22, x28, x22 + csetm x5, cc + mov x3, #-19 + extr x5, x5, x22, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x19, x19, x3 + sbcs x20, x20, xzr + and x22, x22, #0x7fffffffffffffff + sbcs x21, x21, xzr + sbc x22, x22, xzr + # Square + # A[0] * A[1] + umulh x8, x10, x11 + mul x7, x10, x11 + # A[0] * A[3] + umulh x25, x10, x13 + mul x9, x10, x13 + # A[0] * A[2] + mul x3, x10, x12 + adds x8, x8, x3 + umulh x4, x10, x12 + adcs x9, x9, x4 + # A[1] * A[3] + mul x3, x11, x13 + adcs x25, x25, x3 + umulh x26, x11, x13 + adc x26, x26, xzr + # A[1] * A[2] + mul x3, x11, x12 + adds x9, x9, x3 + umulh x4, x11, x12 + adcs x25, x25, x4 + # A[2] * A[3] + mul x3, x12, x13 + adcs x26, x26, x3 + umulh x27, x12, x13 + adc x27, x27, xzr + # Double + adds x7, x7, x7 + adcs x8, x8, x8 + adcs x9, x9, x9 + adcs x25, x25, x25 + adcs x26, x26, x26 + adcs x27, x27, x27 + adc x28, xzr, xzr + # A[0] * A[0] + umulh x4, x10, x10 + mul x6, x10, x10 + # A[1] * A[1] + mul x3, x11, x11 + adds x7, x7, x4 + umulh x4, x11, x11 + adcs x8, x8, x3 + # A[2] * A[2] + mul x3, x12, x12 + adcs x9, x9, x4 + umulh x4, x12, x12 + adcs x25, x25, x3 + # A[3] * A[3] + mul x3, x13, x13 + adcs x26, x26, x4 + umulh x4, x13, x13 + adcs x27, x27, x3 + adc x28, x28, x4 + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x9, x9, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x9, #63 + mul x5, x5, x3 + and x9, x9, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x6, x6, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x7, x7, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x8, x8, x4 + umulh x27, x3, x27 + adc x9, x9, xzr + # Add high product results in + adds x6, x6, x5 + adcs x7, x7, x25 + adcs x8, x8, x26 + adc x9, x9, x27 + # Square + # A[0] * A[1] + umulh x16, x19, x20 + mul x15, x19, x20 + # A[0] * A[3] + umulh x25, x19, x22 + mul x17, x19, x22 + # A[0] * A[2] + mul x3, x19, x21 + adds x16, x16, x3 + umulh x4, x19, x21 + adcs x17, x17, x4 + # A[1] * A[3] + mul x3, x20, x22 + adcs x25, x25, x3 + umulh x26, x20, x22 + adc x26, x26, xzr + # A[1] * A[2] + mul x3, x20, x21 + adds x17, x17, x3 + umulh x4, x20, x21 + adcs x25, x25, x4 + # A[2] * A[3] + mul x3, x21, x22 + adcs x26, x26, x3 + umulh x27, x21, x22 + adc x27, x27, xzr + # Double + adds x15, x15, x15 + adcs x16, x16, x16 + adcs x17, x17, x17 + adcs x25, x25, x25 + adcs x26, x26, x26 + adcs x27, x27, x27 + adc x28, xzr, xzr + # A[0] * A[0] + umulh x4, x19, x19 + mul x14, x19, x19 + # A[1] * A[1] + mul x3, x20, x20 + adds x15, x15, x4 + umulh x4, x20, x20 + adcs x16, x16, x3 + # A[2] * A[2] + mul x3, x21, x21 + adcs x17, x17, x4 + umulh x4, x21, x21 + adcs x25, x25, x3 + # A[3] * A[3] + mul x3, x22, x22 + adcs x26, x26, x4 + umulh x4, x22, x22 + adcs x27, x27, x3 + adc x28, x28, x4 + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x17, x17, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x17, #63 + mul x5, x5, x3 + and x17, x17, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x14, x14, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x15, x15, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x16, x16, x4 + umulh x27, x3, x27 + adc x17, x17, xzr + # Add high product results in + adds x14, x14, x5 + adcs x15, x15, x25 + adcs x16, x16, x26 + adc x17, x17, x27 + # Multiply by 9 + mov x5, #9 + mul x10, x14, x5 + umulh x11, x14, x5 + mul x3, x15, x5 + umulh x12, x15, x5 + adds x11, x11, x3 + adc x12, x12, xzr + mul x3, x16, x5 + umulh x13, x16, x5 + adds x12, x12, x3 + adc x13, x13, xzr + mul x3, x17, x5 + umulh x4, x17, x5 + adds x13, x13, x3 + adc x4, x4, xzr + mov x5, #19 + extr x4, x4, x13, #63 + mul x4, x4, x5 + adds x10, x10, x4 + adcs x11, x11, xzr + and x13, x13, #0x7fffffffffffffff + adcs x12, x12, xzr + adc x13, x13, xzr + subs x24, x24, #1 + cmp x24, #3 + bge L_curve25519_base_bits + # Conditional Swap + subs xzr, xzr, x2, lsl 63 + ldp x25, x26, [x29, #16] + ldp x27, x28, [x29, #32] + csel x19, x25, x10, ne + csel x25, x10, x25, ne + csel x20, x26, x11, ne + csel x26, x11, x26, ne + csel x21, x27, x12, ne + csel x27, x12, x27, ne + csel x22, x28, x13, ne + csel x28, x13, x28, ne + # Conditional Swap + subs xzr, xzr, x2, lsl 63 + ldp x10, x11, [x0] + ldp x12, x13, [x0, #16] + csel x14, x10, x6, ne + csel x10, x6, x10, ne + csel x15, x11, x7, ne + csel x11, x7, x11, ne + csel x16, x12, x8, ne + csel x12, x8, x12, ne + csel x17, x13, x9, ne + csel x13, x9, x13, ne +L_curve25519_base_3: + # Add + adds x6, x10, x25 + adcs x7, x11, x26 + adcs x8, x12, x27 + adcs x9, x13, x28 + cset x5, cs + mov x3, #19 + extr x5, x5, x9, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x6, x6, x3 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Sub + subs x25, x10, x25 + sbcs x26, x11, x26 + sbcs x27, x12, x27 + sbcs x28, x13, x28 + csetm x5, cc + mov x3, #-19 + extr x5, x5, x28, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x25, x25, x3 + sbcs x26, x26, xzr + and x28, x28, #0x7fffffffffffffff + sbcs x27, x27, xzr + sbc x28, x28, xzr + # Square + # A[0] * A[1] + umulh x21, x25, x26 + mul x20, x25, x26 + # A[0] * A[3] + umulh x14, x25, x28 + mul x22, x25, x28 + # A[0] * A[2] + mul x3, x25, x27 + adds x21, x21, x3 + umulh x4, x25, x27 + adcs x22, x22, x4 + # A[1] * A[3] + mul x3, x26, x28 + adcs x14, x14, x3 + umulh x15, x26, x28 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x26, x27 + adds x22, x22, x3 + umulh x4, x26, x27 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x27, x28 + adcs x15, x15, x3 + umulh x16, x27, x28 + adc x16, x16, xzr + # Double + adds x20, x20, x20 + adcs x21, x21, x21 + adcs x22, x22, x22 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x25, x25 + mul x19, x25, x25 + # A[1] * A[1] + mul x3, x26, x26 + adds x20, x20, x4 + umulh x4, x26, x26 + adcs x21, x21, x3 + # A[2] * A[2] + mul x3, x27, x27 + adcs x22, x22, x4 + umulh x4, x27, x27 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x28, x28 + adcs x15, x15, x4 + umulh x4, x28, x28 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x22, x22, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x22, #63 + mul x5, x5, x3 + and x22, x22, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x19, x19, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x20, x20, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x21, x21, x4 + umulh x16, x3, x16 + adc x22, x22, xzr + # Add high product results in + adds x19, x19, x5 + adcs x20, x20, x14 + adcs x21, x21, x15 + adc x22, x22, x16 + # Square + # A[0] * A[1] + umulh x16, x6, x7 + mul x15, x6, x7 + # A[0] * A[3] + umulh x25, x6, x9 + mul x17, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x16, x16, x3 + umulh x4, x6, x8 + adcs x17, x17, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x25, x25, x3 + umulh x26, x7, x9 + adc x26, x26, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x17, x17, x3 + umulh x4, x7, x8 + adcs x25, x25, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x26, x26, x3 + umulh x27, x8, x9 + adc x27, x27, xzr + # Double + adds x15, x15, x15 + adcs x16, x16, x16 + adcs x17, x17, x17 + adcs x25, x25, x25 + adcs x26, x26, x26 + adcs x27, x27, x27 + adc x28, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x14, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x15, x15, x4 + umulh x4, x7, x7 + adcs x16, x16, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x17, x17, x4 + umulh x4, x8, x8 + adcs x25, x25, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x26, x26, x4 + umulh x4, x9, x9 + adcs x27, x27, x3 + adc x28, x28, x4 + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x17, x17, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x17, #63 + mul x5, x5, x3 + and x17, x17, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x14, x14, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x15, x15, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x16, x16, x4 + umulh x27, x3, x27 + adc x17, x17, xzr + # Add high product results in + adds x14, x14, x5 + adcs x15, x15, x25 + adcs x16, x16, x26 + adc x17, x17, x27 + # Multiply + # A[0] * B[0] + umulh x11, x14, x19 + mul x10, x14, x19 + # A[2] * B[0] + umulh x13, x16, x19 + mul x12, x16, x19 + # A[1] * B[0] + mul x3, x15, x19 + adds x11, x11, x3 + umulh x4, x15, x19 + adcs x12, x12, x4 + # A[1] * B[3] + umulh x26, x15, x22 + adc x13, x13, xzr + mul x25, x15, x22 + # A[0] * B[1] + mul x3, x14, x20 + adds x11, x11, x3 + umulh x4, x14, x20 + adcs x12, x12, x4 + # A[2] * B[1] + mul x3, x16, x20 + adcs x13, x13, x3 + umulh x4, x16, x20 + adcs x25, x25, x4 + adc x26, x26, xzr + # A[1] * B[2] + mul x3, x15, x21 + adds x13, x13, x3 + umulh x4, x15, x21 + adcs x25, x25, x4 + adcs x26, x26, xzr + adc x27, xzr, xzr + # A[0] * B[2] + mul x3, x14, x21 + adds x12, x12, x3 + umulh x4, x14, x21 + adcs x13, x13, x4 + adcs x25, x25, xzr + adcs x26, x26, xzr + adc x27, x27, xzr + # A[1] * B[1] + mul x3, x15, x20 + adds x12, x12, x3 + umulh x4, x15, x20 + adcs x13, x13, x4 + # A[3] * B[1] + mul x3, x17, x20 + adcs x25, x25, x3 + umulh x4, x17, x20 + adcs x26, x26, x4 + adc x27, x27, xzr + # A[2] * B[2] + mul x3, x16, x21 + adds x25, x25, x3 + umulh x4, x16, x21 + adcs x26, x26, x4 + # A[3] * B[3] + mul x3, x17, x22 + adcs x27, x27, x3 + umulh x28, x17, x22 + adc x28, x28, xzr + # A[0] * B[3] + mul x3, x14, x22 + adds x13, x13, x3 + umulh x4, x14, x22 + adcs x25, x25, x4 + # A[2] * B[3] + mul x3, x16, x22 + adcs x26, x26, x3 + umulh x4, x16, x22 + adcs x27, x27, x4 + adc x28, x28, xzr + # A[3] * B[0] + mul x3, x17, x19 + adds x13, x13, x3 + umulh x4, x17, x19 + adcs x25, x25, x4 + # A[3] * B[2] + mul x3, x17, x21 + adcs x26, x26, x3 + umulh x4, x17, x21 + adcs x27, x27, x4 + adc x28, x28, xzr + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x13, x13, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x10, x10, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x11, x11, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x12, x12, x4 + umulh x27, x3, x27 + adc x13, x13, xzr + # Add high product results in + adds x10, x10, x5 + adcs x11, x11, x25 + adcs x12, x12, x26 + adc x13, x13, x27 + # Store + stp x10, x11, [x0] + stp x12, x13, [x0, #16] + # Sub + subs x14, x14, x19 + sbcs x15, x15, x20 + sbcs x16, x16, x21 + sbcs x17, x17, x22 + csetm x5, cc + mov x3, #-19 + # Mask the modulus + extr x5, x5, x17, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x14, x14, x3 + sbcs x15, x15, xzr + and x17, x17, #0x7fffffffffffffff + sbcs x16, x16, xzr + sbc x17, x17, xzr + # Multiply by 121666 + mov x5, #0xdb42 + movk x5, #1, lsl 16 + mul x6, x14, x5 + umulh x7, x14, x5 + mul x3, x15, x5 + umulh x8, x15, x5 + adds x7, x7, x3 + adc x8, x8, xzr + mul x3, x16, x5 + umulh x9, x16, x5 + adds x8, x8, x3 + adc x9, x9, xzr + mul x3, x17, x5 + umulh x4, x17, x5 + adds x9, x9, x3 + adc x4, x4, xzr + mov x5, #19 + extr x4, x4, x9, #63 + mul x4, x4, x5 + adds x6, x6, x4 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Add + adds x19, x19, x6 + adcs x20, x20, x7 + adcs x21, x21, x8 + adcs x22, x22, x9 + cset x5, cs + mov x3, #19 + # Mask the modulus + extr x5, x5, x22, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x19, x19, x3 + adcs x20, x20, xzr + and x22, x22, #0x7fffffffffffffff + adcs x21, x21, xzr + adc x22, x22, xzr + # Multiply + # A[0] * B[0] + umulh x26, x14, x19 + mul x25, x14, x19 + # A[2] * B[0] + umulh x28, x16, x19 + mul x27, x16, x19 + # A[1] * B[0] + mul x3, x15, x19 + adds x26, x26, x3 + umulh x4, x15, x19 + adcs x27, x27, x4 + # A[1] * B[3] + umulh x7, x15, x22 + adc x28, x28, xzr + mul x6, x15, x22 + # A[0] * B[1] + mul x3, x14, x20 + adds x26, x26, x3 + umulh x4, x14, x20 + adcs x27, x27, x4 + # A[2] * B[1] + mul x3, x16, x20 + adcs x28, x28, x3 + umulh x4, x16, x20 + adcs x6, x6, x4 + adc x7, x7, xzr + # A[1] * B[2] + mul x3, x15, x21 + adds x28, x28, x3 + umulh x4, x15, x21 + adcs x6, x6, x4 + adcs x7, x7, xzr + adc x8, xzr, xzr + # A[0] * B[2] + mul x3, x14, x21 + adds x27, x27, x3 + umulh x4, x14, x21 + adcs x28, x28, x4 + adcs x6, x6, xzr + adcs x7, x7, xzr + adc x8, x8, xzr + # A[1] * B[1] + mul x3, x15, x20 + adds x27, x27, x3 + umulh x4, x15, x20 + adcs x28, x28, x4 + # A[3] * B[1] + mul x3, x17, x20 + adcs x6, x6, x3 + umulh x4, x17, x20 + adcs x7, x7, x4 + adc x8, x8, xzr + # A[2] * B[2] + mul x3, x16, x21 + adds x6, x6, x3 + umulh x4, x16, x21 + adcs x7, x7, x4 + # A[3] * B[3] + mul x3, x17, x22 + adcs x8, x8, x3 + umulh x9, x17, x22 + adc x9, x9, xzr + # A[0] * B[3] + mul x3, x14, x22 + adds x28, x28, x3 + umulh x4, x14, x22 + adcs x6, x6, x4 + # A[2] * B[3] + mul x3, x16, x22 + adcs x7, x7, x3 + umulh x4, x16, x22 + adcs x8, x8, x4 + adc x9, x9, xzr + # A[3] * B[0] + mul x3, x17, x19 + adds x28, x28, x3 + umulh x4, x17, x19 + adcs x6, x6, x4 + # A[3] * B[2] + mul x3, x17, x21 + adcs x7, x7, x3 + umulh x4, x17, x21 + adcs x8, x8, x4 + adc x9, x9, xzr + # Reduce + mov x3, #38 + mul x4, x3, x9 + adds x28, x28, x4 + umulh x5, x3, x9 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x28, #63 + mul x5, x5, x3 + and x28, x28, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x6 + adds x25, x25, x4 + umulh x6, x3, x6 + mul x4, x3, x7 + adcs x26, x26, x4 + umulh x7, x3, x7 + mul x4, x3, x8 + adcs x27, x27, x4 + umulh x8, x3, x8 + adc x28, x28, xzr + # Add high product results in + adds x25, x25, x5 + adcs x26, x26, x6 + adcs x27, x27, x7 + adc x28, x28, x8 + # Store + stp x25, x26, [x29, #16] + stp x27, x28, [x29, #32] + subs x24, x24, #1 + bge L_curve25519_base_3 + # Invert + add x0, x29, #48 + add x1, x29, #16 +#ifndef __APPLE__ + bl fe_sq +#else + bl _fe_sq +#endif /* __APPLE__ */ + add x0, x29, #0x50 + add x1, x29, #48 +#ifndef __APPLE__ + bl fe_sq +#else + bl _fe_sq +#endif /* __APPLE__ */ +#ifndef NDEBUG + add x0, x29, #0x50 +#endif /* !NDEBUG */ + add x1, x29, #0x50 +#ifndef __APPLE__ + bl fe_sq +#else + bl _fe_sq +#endif /* __APPLE__ */ +#ifndef NDEBUG + add x0, x29, #0x50 +#endif /* !NDEBUG */ + add x1, x29, #16 + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + add x0, x29, #48 + add x1, x29, #48 + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + add x0, x29, #0x70 +#ifndef NDEBUG + add x1, x29, #48 +#endif /* !NDEBUG */ +#ifndef __APPLE__ + bl fe_sq +#else + bl _fe_sq +#endif /* __APPLE__ */ + add x0, x29, #0x50 + add x1, x29, #0x50 + add x2, x29, #0x70 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 5 times + mov x24, #5 + ldp x6, x7, [x29, #80] + ldp x8, x9, [x29, #96] +L_curve25519_base_inv_1: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_1 + # Store + stp x6, x7, [x29, #112] + stp x8, x9, [x29, #128] +#ifndef NDEBUG + add x0, x29, #0x50 +#endif /* !NDEBUG */ + add x1, x29, #0x70 + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 10 times + mov x24, #10 + ldp x6, x7, [x29, #80] + ldp x8, x9, [x29, #96] +L_curve25519_base_inv_2: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_2 + # Store + stp x6, x7, [x29, #112] + stp x8, x9, [x29, #128] + add x0, x29, #0x70 +#ifndef NDEBUG + add x1, x29, #0x70 +#endif /* !NDEBUG */ + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 20 times + mov x24, #20 + ldp x6, x7, [x29, #112] + ldp x8, x9, [x29, #128] +L_curve25519_base_inv_3: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_3 + # Store + stp x6, x7, [x29, #144] + stp x8, x9, [x29, #160] +#ifndef NDEBUG + add x0, x29, #0x70 +#endif /* !NDEBUG */ + add x1, x29, #0x90 + add x2, x29, #0x70 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 10 times + mov x24, #10 + ldp x6, x7, [x29, #112] + ldp x8, x9, [x29, #128] +L_curve25519_base_inv_4: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_4 + # Store + stp x6, x7, [x29, #112] + stp x8, x9, [x29, #128] + add x0, x29, #0x50 + add x1, x29, #0x70 + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 50 times + mov x24, #50 + ldp x6, x7, [x29, #80] + ldp x8, x9, [x29, #96] +L_curve25519_base_inv_5: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_5 + # Store + stp x6, x7, [x29, #112] + stp x8, x9, [x29, #128] + add x0, x29, #0x70 +#ifndef NDEBUG + add x1, x29, #0x70 +#endif /* !NDEBUG */ + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 100 times + mov x24, #0x64 + ldp x6, x7, [x29, #112] + ldp x8, x9, [x29, #128] +L_curve25519_base_inv_6: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_6 + # Store + stp x6, x7, [x29, #144] + stp x8, x9, [x29, #160] +#ifndef NDEBUG + add x0, x29, #0x70 +#endif /* !NDEBUG */ + add x1, x29, #0x90 + add x2, x29, #0x70 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 50 times + mov x24, #50 + ldp x6, x7, [x29, #112] + ldp x8, x9, [x29, #128] +L_curve25519_base_inv_7: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_7 + # Store + stp x6, x7, [x29, #112] + stp x8, x9, [x29, #128] + add x0, x29, #0x50 + add x1, x29, #0x70 + add x2, x29, #0x50 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + # Loop: 5 times + mov x24, #5 + ldp x6, x7, [x29, #80] + ldp x8, x9, [x29, #96] +L_curve25519_base_inv_8: + # Square + # A[0] * A[1] + umulh x12, x6, x7 + mul x11, x6, x7 + # A[0] * A[3] + umulh x14, x6, x9 + mul x13, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x12, x12, x3 + umulh x4, x6, x8 + adcs x13, x13, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x14, x14, x3 + umulh x15, x7, x9 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x13, x13, x3 + umulh x4, x7, x8 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x15, x15, x3 + umulh x16, x8, x9 + adc x16, x16, xzr + # Double + adds x11, x11, x11 + adcs x12, x12, x12 + adcs x13, x13, x13 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x10, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x11, x11, x4 + umulh x4, x7, x7 + adcs x12, x12, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x13, x13, x4 + umulh x4, x8, x8 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x15, x15, x4 + umulh x4, x9, x9 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x13, x13, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x10, x10, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x11, x11, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x12, x12, x4 + umulh x16, x3, x16 + adc x13, x13, xzr + # Add high product results in + adds x6, x10, x5 + adcs x7, x11, x14 + adcs x8, x12, x15 + adc x9, x13, x16 + subs x24, x24, #1 + bne L_curve25519_base_inv_8 + # Store + stp x6, x7, [x29, #80] + stp x8, x9, [x29, #96] + add x0, x29, #16 + add x1, x29, #0x50 + add x2, x29, #48 +#ifndef __APPLE__ + bl fe_mul +#else + bl _fe_mul +#endif /* __APPLE__ */ + mov x0, x23 + # Multiply + ldp x6, x7, [x0] + ldp x8, x9, [x0, #16] + ldp x10, x11, [x29, #16] + ldp x12, x13, [x29, #32] + # A[0] * B[0] + umulh x15, x6, x10 + mul x14, x6, x10 + # A[2] * B[0] + umulh x17, x8, x10 + mul x16, x8, x10 + # A[1] * B[0] + mul x3, x7, x10 + adds x15, x15, x3 + umulh x4, x7, x10 + adcs x16, x16, x4 + # A[1] * B[3] + umulh x20, x7, x13 + adc x17, x17, xzr + mul x19, x7, x13 + # A[0] * B[1] + mul x3, x6, x11 + adds x15, x15, x3 + umulh x4, x6, x11 + adcs x16, x16, x4 + # A[2] * B[1] + mul x3, x8, x11 + adcs x17, x17, x3 + umulh x4, x8, x11 + adcs x19, x19, x4 + adc x20, x20, xzr + # A[1] * B[2] + mul x3, x7, x12 + adds x17, x17, x3 + umulh x4, x7, x12 + adcs x19, x19, x4 + adcs x20, x20, xzr + adc x21, xzr, xzr + # A[0] * B[2] + mul x3, x6, x12 + adds x16, x16, x3 + umulh x4, x6, x12 + adcs x17, x17, x4 + adcs x19, x19, xzr + adcs x20, x20, xzr + adc x21, x21, xzr + # A[1] * B[1] + mul x3, x7, x11 + adds x16, x16, x3 + umulh x4, x7, x11 + adcs x17, x17, x4 + # A[3] * B[1] + mul x3, x9, x11 + adcs x19, x19, x3 + umulh x4, x9, x11 + adcs x20, x20, x4 + adc x21, x21, xzr + # A[2] * B[2] + mul x3, x8, x12 + adds x19, x19, x3 + umulh x4, x8, x12 + adcs x20, x20, x4 + # A[3] * B[3] + mul x3, x9, x13 + adcs x21, x21, x3 + umulh x22, x9, x13 + adc x22, x22, xzr + # A[0] * B[3] + mul x3, x6, x13 + adds x17, x17, x3 + umulh x4, x6, x13 + adcs x19, x19, x4 + # A[2] * B[3] + mul x3, x8, x13 + adcs x20, x20, x3 + umulh x4, x8, x13 + adcs x21, x21, x4 + adc x22, x22, xzr + # A[3] * B[0] + mul x3, x9, x10 + adds x17, x17, x3 + umulh x4, x9, x10 + adcs x19, x19, x4 + # A[3] * B[2] + mul x3, x9, x12 + adcs x20, x20, x3 + umulh x4, x9, x12 + adcs x21, x21, x4 + adc x22, x22, xzr + # Reduce + mov x3, #38 + mul x4, x3, x22 + adds x17, x17, x4 + umulh x5, x3, x22 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x17, #63 + mul x5, x5, x3 + and x17, x17, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x19 + adds x14, x14, x4 + umulh x19, x3, x19 + mul x4, x3, x20 + adcs x15, x15, x4 + umulh x20, x3, x20 + mul x4, x3, x21 + adcs x16, x16, x4 + umulh x21, x3, x21 + adc x17, x17, xzr + # Add high product results in + adds x14, x14, x5 + adcs x15, x15, x19 + adcs x16, x16, x20 + adc x17, x17, x21 + # Reduce if top bit set + mov x3, #19 + and x4, x3, x17, asr 63 + adds x14, x14, x4 + adcs x15, x15, xzr + and x17, x17, #0x7fffffffffffffff + adcs x16, x16, xzr + adc x17, x17, xzr + adds x4, x14, x3 + adcs x4, x15, xzr + adcs x4, x16, xzr + adc x4, x17, xzr + and x4, x3, x4, asr 63 + adds x14, x14, x4 + adcs x15, x15, xzr + mov x4, #0x7fffffffffffffff + adcs x16, x16, xzr + adc x17, x17, xzr + and x17, x17, x4 + # Store + stp x14, x15, [x0] + stp x16, x17, [x0, #16] + mov x0, xzr + ldp x17, x19, [x29, #184] + ldp x20, x21, [x29, #200] + ldp x22, x23, [x29, #216] + ldp x24, x25, [x29, #232] + ldp x26, x27, [x29, #248] + ldr x28, [x29, #264] + ldp x29, x30, [sp], #0x110 + ret +#ifndef __APPLE__ + .size curve25519_base,.-curve25519_base +#endif /* __APPLE__ */ +#endif /* !HAVE_ED25519 && !WOLFSSL_CURVE25519_USE_ED25519 */ #ifndef __APPLE__ .text .globl curve25519 @@ -1715,7 +4511,6 @@ str x28, [x29, #280] mov x23, xzr str x0, [x29, #176] - str x2, [x29, #184] ldp x6, x7, [x2] ldp x8, x9, [x2, #16] mov x10, #1 @@ -2799,7 +5594,510 @@ adcs x12, x12, x26 adc x13, x13, x27 subs x24, x24, #1 + cmp x24, #3 bge L_curve25519_bits + # Conditional Swap + subs xzr, xzr, x23, lsl 63 + ldp x25, x26, [x29, #16] + ldp x27, x28, [x29, #32] + csel x19, x25, x10, ne + csel x25, x10, x25, ne + csel x20, x26, x11, ne + csel x26, x11, x26, ne + csel x21, x27, x12, ne + csel x27, x12, x27, ne + csel x22, x28, x13, ne + csel x28, x13, x28, ne + # Conditional Swap + subs xzr, xzr, x23, lsl 63 + ldp x10, x11, [x0] + ldp x12, x13, [x0, #16] + csel x14, x10, x6, ne + csel x10, x6, x10, ne + csel x15, x11, x7, ne + csel x11, x7, x11, ne + csel x16, x12, x8, ne + csel x12, x8, x12, ne + csel x17, x13, x9, ne + csel x13, x9, x13, ne +L_curve25519_3: + # Add + adds x6, x10, x25 + adcs x7, x11, x26 + adcs x8, x12, x27 + adcs x9, x13, x28 + cset x5, cs + mov x3, #19 + extr x5, x5, x9, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x6, x6, x3 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Sub + subs x25, x10, x25 + sbcs x26, x11, x26 + sbcs x27, x12, x27 + sbcs x28, x13, x28 + csetm x5, cc + mov x3, #-19 + extr x5, x5, x28, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x25, x25, x3 + sbcs x26, x26, xzr + and x28, x28, #0x7fffffffffffffff + sbcs x27, x27, xzr + sbc x28, x28, xzr + # Square + # A[0] * A[1] + umulh x21, x25, x26 + mul x20, x25, x26 + # A[0] * A[3] + umulh x14, x25, x28 + mul x22, x25, x28 + # A[0] * A[2] + mul x3, x25, x27 + adds x21, x21, x3 + umulh x4, x25, x27 + adcs x22, x22, x4 + # A[1] * A[3] + mul x3, x26, x28 + adcs x14, x14, x3 + umulh x15, x26, x28 + adc x15, x15, xzr + # A[1] * A[2] + mul x3, x26, x27 + adds x22, x22, x3 + umulh x4, x26, x27 + adcs x14, x14, x4 + # A[2] * A[3] + mul x3, x27, x28 + adcs x15, x15, x3 + umulh x16, x27, x28 + adc x16, x16, xzr + # Double + adds x20, x20, x20 + adcs x21, x21, x21 + adcs x22, x22, x22 + adcs x14, x14, x14 + adcs x15, x15, x15 + adcs x16, x16, x16 + adc x17, xzr, xzr + # A[0] * A[0] + umulh x4, x25, x25 + mul x19, x25, x25 + # A[1] * A[1] + mul x3, x26, x26 + adds x20, x20, x4 + umulh x4, x26, x26 + adcs x21, x21, x3 + # A[2] * A[2] + mul x3, x27, x27 + adcs x22, x22, x4 + umulh x4, x27, x27 + adcs x14, x14, x3 + # A[3] * A[3] + mul x3, x28, x28 + adcs x15, x15, x4 + umulh x4, x28, x28 + adcs x16, x16, x3 + adc x17, x17, x4 + # Reduce + mov x3, #38 + mul x4, x3, x17 + adds x22, x22, x4 + umulh x5, x3, x17 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x22, #63 + mul x5, x5, x3 + and x22, x22, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x14 + adds x19, x19, x4 + umulh x14, x3, x14 + mul x4, x3, x15 + adcs x20, x20, x4 + umulh x15, x3, x15 + mul x4, x3, x16 + adcs x21, x21, x4 + umulh x16, x3, x16 + adc x22, x22, xzr + # Add high product results in + adds x19, x19, x5 + adcs x20, x20, x14 + adcs x21, x21, x15 + adc x22, x22, x16 + # Square + # A[0] * A[1] + umulh x16, x6, x7 + mul x15, x6, x7 + # A[0] * A[3] + umulh x25, x6, x9 + mul x17, x6, x9 + # A[0] * A[2] + mul x3, x6, x8 + adds x16, x16, x3 + umulh x4, x6, x8 + adcs x17, x17, x4 + # A[1] * A[3] + mul x3, x7, x9 + adcs x25, x25, x3 + umulh x26, x7, x9 + adc x26, x26, xzr + # A[1] * A[2] + mul x3, x7, x8 + adds x17, x17, x3 + umulh x4, x7, x8 + adcs x25, x25, x4 + # A[2] * A[3] + mul x3, x8, x9 + adcs x26, x26, x3 + umulh x27, x8, x9 + adc x27, x27, xzr + # Double + adds x15, x15, x15 + adcs x16, x16, x16 + adcs x17, x17, x17 + adcs x25, x25, x25 + adcs x26, x26, x26 + adcs x27, x27, x27 + adc x28, xzr, xzr + # A[0] * A[0] + umulh x4, x6, x6 + mul x14, x6, x6 + # A[1] * A[1] + mul x3, x7, x7 + adds x15, x15, x4 + umulh x4, x7, x7 + adcs x16, x16, x3 + # A[2] * A[2] + mul x3, x8, x8 + adcs x17, x17, x4 + umulh x4, x8, x8 + adcs x25, x25, x3 + # A[3] * A[3] + mul x3, x9, x9 + adcs x26, x26, x4 + umulh x4, x9, x9 + adcs x27, x27, x3 + adc x28, x28, x4 + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x17, x17, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x17, #63 + mul x5, x5, x3 + and x17, x17, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x14, x14, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x15, x15, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x16, x16, x4 + umulh x27, x3, x27 + adc x17, x17, xzr + # Add high product results in + adds x14, x14, x5 + adcs x15, x15, x25 + adcs x16, x16, x26 + adc x17, x17, x27 + # Multiply + # A[0] * B[0] + umulh x11, x14, x19 + mul x10, x14, x19 + # A[2] * B[0] + umulh x13, x16, x19 + mul x12, x16, x19 + # A[1] * B[0] + mul x3, x15, x19 + adds x11, x11, x3 + umulh x4, x15, x19 + adcs x12, x12, x4 + # A[1] * B[3] + umulh x26, x15, x22 + adc x13, x13, xzr + mul x25, x15, x22 + # A[0] * B[1] + mul x3, x14, x20 + adds x11, x11, x3 + umulh x4, x14, x20 + adcs x12, x12, x4 + # A[2] * B[1] + mul x3, x16, x20 + adcs x13, x13, x3 + umulh x4, x16, x20 + adcs x25, x25, x4 + adc x26, x26, xzr + # A[1] * B[2] + mul x3, x15, x21 + adds x13, x13, x3 + umulh x4, x15, x21 + adcs x25, x25, x4 + adcs x26, x26, xzr + adc x27, xzr, xzr + # A[0] * B[2] + mul x3, x14, x21 + adds x12, x12, x3 + umulh x4, x14, x21 + adcs x13, x13, x4 + adcs x25, x25, xzr + adcs x26, x26, xzr + adc x27, x27, xzr + # A[1] * B[1] + mul x3, x15, x20 + adds x12, x12, x3 + umulh x4, x15, x20 + adcs x13, x13, x4 + # A[3] * B[1] + mul x3, x17, x20 + adcs x25, x25, x3 + umulh x4, x17, x20 + adcs x26, x26, x4 + adc x27, x27, xzr + # A[2] * B[2] + mul x3, x16, x21 + adds x25, x25, x3 + umulh x4, x16, x21 + adcs x26, x26, x4 + # A[3] * B[3] + mul x3, x17, x22 + adcs x27, x27, x3 + umulh x28, x17, x22 + adc x28, x28, xzr + # A[0] * B[3] + mul x3, x14, x22 + adds x13, x13, x3 + umulh x4, x14, x22 + adcs x25, x25, x4 + # A[2] * B[3] + mul x3, x16, x22 + adcs x26, x26, x3 + umulh x4, x16, x22 + adcs x27, x27, x4 + adc x28, x28, xzr + # A[3] * B[0] + mul x3, x17, x19 + adds x13, x13, x3 + umulh x4, x17, x19 + adcs x25, x25, x4 + # A[3] * B[2] + mul x3, x17, x21 + adcs x26, x26, x3 + umulh x4, x17, x21 + adcs x27, x27, x4 + adc x28, x28, xzr + # Reduce + mov x3, #38 + mul x4, x3, x28 + adds x13, x13, x4 + umulh x5, x3, x28 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x13, #63 + mul x5, x5, x3 + and x13, x13, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x25 + adds x10, x10, x4 + umulh x25, x3, x25 + mul x4, x3, x26 + adcs x11, x11, x4 + umulh x26, x3, x26 + mul x4, x3, x27 + adcs x12, x12, x4 + umulh x27, x3, x27 + adc x13, x13, xzr + # Add high product results in + adds x10, x10, x5 + adcs x11, x11, x25 + adcs x12, x12, x26 + adc x13, x13, x27 + # Store + stp x10, x11, [x0] + stp x12, x13, [x0, #16] + # Sub + subs x14, x14, x19 + sbcs x15, x15, x20 + sbcs x16, x16, x21 + sbcs x17, x17, x22 + csetm x5, cc + mov x3, #-19 + # Mask the modulus + extr x5, x5, x17, #63 + mul x3, x5, x3 + # Add modulus (if underflow) + subs x14, x14, x3 + sbcs x15, x15, xzr + and x17, x17, #0x7fffffffffffffff + sbcs x16, x16, xzr + sbc x17, x17, xzr + # Multiply by 121666 + mov x5, #0xdb42 + movk x5, #1, lsl 16 + mul x6, x14, x5 + umulh x7, x14, x5 + mul x3, x15, x5 + umulh x8, x15, x5 + adds x7, x7, x3 + adc x8, x8, xzr + mul x3, x16, x5 + umulh x9, x16, x5 + adds x8, x8, x3 + adc x9, x9, xzr + mul x3, x17, x5 + umulh x4, x17, x5 + adds x9, x9, x3 + adc x4, x4, xzr + mov x5, #19 + extr x4, x4, x9, #63 + mul x4, x4, x5 + adds x6, x6, x4 + adcs x7, x7, xzr + and x9, x9, #0x7fffffffffffffff + adcs x8, x8, xzr + adc x9, x9, xzr + # Add + adds x19, x19, x6 + adcs x20, x20, x7 + adcs x21, x21, x8 + adcs x22, x22, x9 + cset x5, cs + mov x3, #19 + # Mask the modulus + extr x5, x5, x22, #63 + mul x3, x5, x3 + # Sub modulus (if overflow) + adds x19, x19, x3 + adcs x20, x20, xzr + and x22, x22, #0x7fffffffffffffff + adcs x21, x21, xzr + adc x22, x22, xzr + # Multiply + # A[0] * B[0] + umulh x26, x14, x19 + mul x25, x14, x19 + # A[2] * B[0] + umulh x28, x16, x19 + mul x27, x16, x19 + # A[1] * B[0] + mul x3, x15, x19 + adds x26, x26, x3 + umulh x4, x15, x19 + adcs x27, x27, x4 + # A[1] * B[3] + umulh x7, x15, x22 + adc x28, x28, xzr + mul x6, x15, x22 + # A[0] * B[1] + mul x3, x14, x20 + adds x26, x26, x3 + umulh x4, x14, x20 + adcs x27, x27, x4 + # A[2] * B[1] + mul x3, x16, x20 + adcs x28, x28, x3 + umulh x4, x16, x20 + adcs x6, x6, x4 + adc x7, x7, xzr + # A[1] * B[2] + mul x3, x15, x21 + adds x28, x28, x3 + umulh x4, x15, x21 + adcs x6, x6, x4 + adcs x7, x7, xzr + adc x8, xzr, xzr + # A[0] * B[2] + mul x3, x14, x21 + adds x27, x27, x3 + umulh x4, x14, x21 + adcs x28, x28, x4 + adcs x6, x6, xzr + adcs x7, x7, xzr + adc x8, x8, xzr + # A[1] * B[1] + mul x3, x15, x20 + adds x27, x27, x3 + umulh x4, x15, x20 + adcs x28, x28, x4 + # A[3] * B[1] + mul x3, x17, x20 + adcs x6, x6, x3 + umulh x4, x17, x20 + adcs x7, x7, x4 + adc x8, x8, xzr + # A[2] * B[2] + mul x3, x16, x21 + adds x6, x6, x3 + umulh x4, x16, x21 + adcs x7, x7, x4 + # A[3] * B[3] + mul x3, x17, x22 + adcs x8, x8, x3 + umulh x9, x17, x22 + adc x9, x9, xzr + # A[0] * B[3] + mul x3, x14, x22 + adds x28, x28, x3 + umulh x4, x14, x22 + adcs x6, x6, x4 + # A[2] * B[3] + mul x3, x16, x22 + adcs x7, x7, x3 + umulh x4, x16, x22 + adcs x8, x8, x4 + adc x9, x9, xzr + # A[3] * B[0] + mul x3, x17, x19 + adds x28, x28, x3 + umulh x4, x17, x19 + adcs x6, x6, x4 + # A[3] * B[2] + mul x3, x17, x21 + adcs x7, x7, x3 + umulh x4, x17, x21 + adcs x8, x8, x4 + adc x9, x9, xzr + # Reduce + mov x3, #38 + mul x4, x3, x9 + adds x28, x28, x4 + umulh x5, x3, x9 + adc x5, x5, xzr + mov x3, #19 + extr x5, x5, x28, #63 + mul x5, x5, x3 + and x28, x28, #0x7fffffffffffffff + mov x3, #38 + mul x4, x3, x6 + adds x25, x25, x4 + umulh x6, x3, x6 + mul x4, x3, x7 + adcs x26, x26, x4 + umulh x7, x3, x7 + mul x4, x3, x8 + adcs x27, x27, x4 + umulh x8, x3, x8 + adc x28, x28, xzr + # Add high product results in + adds x25, x25, x5 + adcs x26, x26, x6 + adcs x27, x27, x7 + adc x28, x28, x8 + # Store + stp x25, x26, [x29, #16] + stp x27, x28, [x29, #32] + subs x24, x24, #1 + bge L_curve25519_3 # Invert add x0, x29, #48 add x1, x29, #16 @@ -3803,7 +7101,6 @@ #ifndef __APPLE__ .size curve25519,.-curve25519 #endif /* __APPLE__ */ -#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl fe_pow22523 @@ -8307,6 +11604,7 @@ #ifndef __APPLE__ .size ge_sub,.-ge_sub #endif /* __APPLE__ */ +#ifdef HAVE_ED25519 #ifndef __APPLE__ .text .globl sc_reduce diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-curve25519_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,7 +48,6 @@ ); } -#ifdef HAVE_ED25519 void fe_frombytes(fe out, const unsigned char* in) { __asm__ __volatile__ ( @@ -256,7 +255,7 @@ return (word32)(size_t)a; } -void fe_cmov_table(fe* r, fe* base, signed char b) +void fe_cmov_table(fe* r, const fe* base, signed char b) { __asm__ __volatile__ ( "stp x29, x30, [sp, #-32]!\n\t" @@ -464,15 +463,271 @@ "stp x12, x13, [%x[r], #64]\n\t" "stp x14, x15, [%x[r], #80]\n\t" "ldp x29, x30, [sp], #32\n\t" - : [r] "+r" (r), [base] "+r" (base), [b] "+r" (b) - : + : [r] "+r" (r), [b] "+r" (b) + : [base] "r" (base) : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28" ); } -#endif /* HAVE_ED25519 */ +void fe_invert_nct(fe r, const fe a) +{ + __asm__ __volatile__ ( + "mov x19, #-19\n\t" + "mov x20, #-1\n\t" + "mov x21, #0x7fffffffffffffff\n\t" + "ldr x6, [%x[a]]\n\t" + "ldr x7, [%x[a], #8]\n\t" + "ldr x8, [%x[a], #16]\n\t" + "ldr x9, [%x[a], #24]\n\t" + "mov x2, x19\n\t" + "mov x3, x20\n\t" + "mov x4, x20\n\t" + "mov x5, x21\n\t" + "mov x10, xzr\n\t" + "mov x11, xzr\n\t" + "mov x12, xzr\n\t" + "mov x13, xzr\n\t" + "mov x14, #1\n\t" + "mov x15, xzr\n\t" + "mov x16, xzr\n\t" + "mov x17, xzr\n\t" + "mov x22, #0xff\n\t" + "cmp x9, #0\n\t" + "b.eq L_fe_invert_nct_num_bits_init_v_0_%=\n\t" + "mov x24, #0x100\n\t" + "clz x23, x9\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_num_bits_init_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_num_bits_init_v_0_%=: \n\t" + "cmp x8, #0\n\t" + "b.eq L_fe_invert_nct_num_bits_init_v_1_%=\n\t" + "mov x24, #0xc0\n\t" + "clz x23, x8\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_num_bits_init_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_num_bits_init_v_1_%=: \n\t" + "cmp x7, #0\n\t" + "b.eq L_fe_invert_nct_num_bits_init_v_2_%=\n\t" + "mov x24, #0x80\n\t" + "clz x23, x7\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_num_bits_init_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_num_bits_init_v_2_%=: \n\t" + "mov x24, #0x40\n\t" + "clz x23, x6\n\t" + "sub x23, x24, x23\n\t" + "\n" + "L_fe_invert_nct_num_bits_init_v_3_%=: \n\t" + "tst x6, #1\n\t" + "b.ne L_fe_invert_nct_loop_%=\n\t" + "\n" + "L_fe_invert_nct_even_init_v_0_%=: \n\t" + "extr x6, x7, x6, #1\n\t" + "extr x7, x8, x7, #1\n\t" + "extr x8, x9, x8, #1\n\t" + "lsr x9, x9, #1\n\t" + "sub x23, x23, #1\n\t" + "ands x24, x14, #1\n\t" + "b.eq L_fe_invert_nct_even_init_v_1_%=\n\t" + "adds x14, x14, x19\n\t" + "adcs x15, x15, x20\n\t" + "adcs x16, x16, x20\n\t" + "adcs x17, x17, x21\n\t" + "cset x24, cs\n\t" + "\n" + "L_fe_invert_nct_even_init_v_1_%=: \n\t" + "extr x14, x15, x14, #1\n\t" + "extr x15, x16, x15, #1\n\t" + "extr x16, x17, x16, #1\n\t" + "extr x17, x24, x17, #1\n\t" + "tst x6, #1\n\t" + "b.eq L_fe_invert_nct_even_init_v_0_%=\n\t" + "\n" + "L_fe_invert_nct_loop_%=: \n\t" + "cmp x22, #1\n\t" + "b.eq L_fe_invert_nct_u_done_%=\n\t" + "cmp x23, #1\n\t" + "b.eq L_fe_invert_nct_v_done_%=\n\t" + "cmp x22, x23\n\t" + "bhi L_fe_invert_nct_u_larger_%=\n\t" + "bcc L_fe_invert_nct_v_larger_%=\n\t" + "cmp x5, x9\n\t" + "bhi L_fe_invert_nct_u_larger_%=\n\t" + "bcc L_fe_invert_nct_v_larger_%=\n\t" + "cmp x4, x8\n\t" + "bhi L_fe_invert_nct_u_larger_%=\n\t" + "bcc L_fe_invert_nct_v_larger_%=\n\t" + "cmp x3, x7\n\t" + "bhi L_fe_invert_nct_u_larger_%=\n\t" + "bcc L_fe_invert_nct_v_larger_%=\n\t" + "cmp x2, x6\n\t" + "bcc L_fe_invert_nct_v_larger_%=\n\t" + "\n" + "L_fe_invert_nct_u_larger_%=: \n\t" + "subs x2, x2, x6\n\t" + "sbcs x3, x3, x7\n\t" + "sbcs x4, x4, x8\n\t" + "sbc x5, x5, x9\n\t" + "subs x10, x10, x14\n\t" + "sbcs x11, x11, x15\n\t" + "sbcs x12, x12, x16\n\t" + "sbcs x13, x13, x17\n\t" + "bcs L_fe_invert_nct_sub_uv_%=\n\t" + "adds x10, x10, x19\n\t" + "adcs x11, x11, x20\n\t" + "adcs x12, x12, x20\n\t" + "adc x13, x13, x21\n\t" + "\n" + "L_fe_invert_nct_sub_uv_%=: \n\t" + "cmp x5, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_u_0_%=\n\t" + "mov x24, #0x100\n\t" + "clz x22, x5\n\t" + "sub x22, x24, x22\n\t" + "b L_fe_invert_nct_nct_num_bits_u_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_u_0_%=: \n\t" + "cmp x4, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_u_1_%=\n\t" + "mov x24, #0xc0\n\t" + "clz x22, x4\n\t" + "sub x22, x24, x22\n\t" + "b L_fe_invert_nct_nct_num_bits_u_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_u_1_%=: \n\t" + "cmp x3, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_u_2_%=\n\t" + "mov x24, #0x80\n\t" + "clz x22, x3\n\t" + "sub x22, x24, x22\n\t" + "b L_fe_invert_nct_nct_num_bits_u_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_u_2_%=: \n\t" + "mov x24, #0x40\n\t" + "clz x22, x2\n\t" + "sub x22, x24, x22\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_u_3_%=: \n\t" + "\n" + "L_fe_invert_nct_even_u_0_%=: \n\t" + "extr x2, x3, x2, #1\n\t" + "extr x3, x4, x3, #1\n\t" + "extr x4, x5, x4, #1\n\t" + "lsr x5, x5, #1\n\t" + "sub x22, x22, #1\n\t" + "ands x24, x10, #1\n\t" + "b.eq L_fe_invert_nct_even_u_1_%=\n\t" + "adds x10, x10, x19\n\t" + "adcs x11, x11, x20\n\t" + "adcs x12, x12, x20\n\t" + "adcs x13, x13, x21\n\t" + "cset x24, cs\n\t" + "\n" + "L_fe_invert_nct_even_u_1_%=: \n\t" + "extr x10, x11, x10, #1\n\t" + "extr x11, x12, x11, #1\n\t" + "extr x12, x13, x12, #1\n\t" + "extr x13, x24, x13, #1\n\t" + "tst x2, #1\n\t" + "b.eq L_fe_invert_nct_even_u_0_%=\n\t" + "b L_fe_invert_nct_loop_%=\n\t" + "\n" + "L_fe_invert_nct_v_larger_%=: \n\t" + "subs x6, x6, x2\n\t" + "sbcs x7, x7, x3\n\t" + "sbcs x8, x8, x4\n\t" + "sbc x9, x9, x5\n\t" + "subs x14, x14, x10\n\t" + "sbcs x15, x15, x11\n\t" + "sbcs x16, x16, x12\n\t" + "sbcs x17, x17, x13\n\t" + "bcs L_fe_invert_nct_sub_vu_%=\n\t" + "adds x14, x14, x19\n\t" + "adcs x15, x15, x20\n\t" + "adcs x16, x16, x20\n\t" + "adc x17, x17, x21\n\t" + "\n" + "L_fe_invert_nct_sub_vu_%=: \n\t" + "cmp x9, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_v_0_%=\n\t" + "mov x24, #0x100\n\t" + "clz x23, x9\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_nct_num_bits_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_v_0_%=: \n\t" + "cmp x8, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_v_1_%=\n\t" + "mov x24, #0xc0\n\t" + "clz x23, x8\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_nct_num_bits_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_v_1_%=: \n\t" + "cmp x7, #0\n\t" + "b.eq L_fe_invert_nct_nct_num_bits_v_2_%=\n\t" + "mov x24, #0x80\n\t" + "clz x23, x7\n\t" + "sub x23, x24, x23\n\t" + "b L_fe_invert_nct_nct_num_bits_v_3_%=\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_v_2_%=: \n\t" + "mov x24, #0x40\n\t" + "clz x23, x6\n\t" + "sub x23, x24, x23\n\t" + "\n" + "L_fe_invert_nct_nct_num_bits_v_3_%=: \n\t" + "\n" + "L_fe_invert_nct_even_v_0_%=: \n\t" + "extr x6, x7, x6, #1\n\t" + "extr x7, x8, x7, #1\n\t" + "extr x8, x9, x8, #1\n\t" + "lsr x9, x9, #1\n\t" + "sub x23, x23, #1\n\t" + "ands x24, x14, #1\n\t" + "b.eq L_fe_invert_nct_even_v_1_%=\n\t" + "adds x14, x14, x19\n\t" + "adcs x15, x15, x20\n\t" + "adcs x16, x16, x20\n\t" + "adcs x17, x17, x21\n\t" + "cset x24, cs\n\t" + "\n" + "L_fe_invert_nct_even_v_1_%=: \n\t" + "extr x14, x15, x14, #1\n\t" + "extr x15, x16, x15, #1\n\t" + "extr x16, x17, x16, #1\n\t" + "extr x17, x24, x17, #1\n\t" + "tst x6, #1\n\t" + "b.eq L_fe_invert_nct_even_v_0_%=\n\t" + "b L_fe_invert_nct_loop_%=\n\t" + "\n" + "L_fe_invert_nct_u_done_%=: \n\t" + "str x10, [%x[r]]\n\t" + "str x11, [%x[r], #8]\n\t" + "str x12, [%x[r], #16]\n\t" + "str x13, [%x[r], #24]\n\t" + "b L_fe_invert_nct_done_%=\n\t" + "\n" + "L_fe_invert_nct_v_done_%=: \n\t" + "str x14, [%x[r]]\n\t" + "str x15, [%x[r], #8]\n\t" + "str x16, [%x[r], #16]\n\t" + "str x17, [%x[r], #24]\n\t" + "\n" + "L_fe_invert_nct_done_%=: \n\t" + : [r] "+r" (r) + : [a] "r" (a) + : "memory", "cc", "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", + "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", + "x21", "x22", "x23", "x24" + ); +} + void fe_mul(fe r, const fe a, const fe b) { __asm__ __volatile__ ( @@ -1591,6 +1846,2534 @@ ); } +#if !defined(HAVE_ED25519) && !defined(WOLFSSL_CURVE25519_USE_ED25519) +static const word64 L_curve25519_base_x2[] = { + 0x5cae469cdd684efb, 0x8f3f5ced1e350b5c, + 0xd9750c687d157114, 0x20d342d51873f1b7, +}; + +int curve25519_base(byte* r, const byte* n) +{ + const word64* x2 = L_curve25519_base_x2; + __asm__ __volatile__ ( + "stp x29, x30, [sp, #-176]!\n\t" + "add x29, sp, #0\n\t" + "ldp x6, x7, [%[x2]]\n\t" + "ldp x8, x9, [%[x2], #16]\n\t" + "mov x10, #1\n\t" + "mov x11, xzr\n\t" + "mov x12, xzr\n\t" + "mov x13, xzr\n\t" + /* Set base point x-ordinate */ + "mov x24, #9\n\t" + "stp x24, xzr, [%x[r]]\n\t" + "stp xzr, xzr, [%x[r], #16]\n\t" + /* Set one */ + "mov x24, #1\n\t" + "stp x24, xzr, [x29, #16]\n\t" + "stp xzr, xzr, [x29, #32]\n\t" + "mov %[x2], xzr\n\t" + "mov x23, %x[r]\n\t" + "mov x24, #0xfd\n\t" + "\n" + "L_curve25519_base_bits_%=: \n\t" + "lsr x3, x24, #6\n\t" + "and x4, x24, #63\n\t" + "ldr x5, [%x[n], x3, LSL 3]\n\t" + "lsr x5, x5, x4\n\t" + "eor %[x2], %[x2], x5\n\t" + /* Conditional Swap */ + "subs xzr, xzr, %[x2], lsl 63\n\t" + "ldp x25, x26, [x29, #16]\n\t" + "ldp x27, x28, [x29, #32]\n\t" + "csel x19, x25, x10, ne\n\t" + "csel x25, x10, x25, ne\n\t" + "csel x20, x26, x11, ne\n\t" + "csel x26, x11, x26, ne\n\t" + "csel x21, x27, x12, ne\n\t" + "csel x27, x12, x27, ne\n\t" + "csel x22, x28, x13, ne\n\t" + "csel x28, x13, x28, ne\n\t" + /* Conditional Swap */ + "subs xzr, xzr, %[x2], lsl 63\n\t" + "ldp x10, x11, [%x[r]]\n\t" + "ldp x12, x13, [%x[r], #16]\n\t" + "csel x14, x10, x6, ne\n\t" + "csel x10, x6, x10, ne\n\t" + "csel x15, x11, x7, ne\n\t" + "csel x11, x7, x11, ne\n\t" + "csel x16, x12, x8, ne\n\t" + "csel x12, x8, x12, ne\n\t" + "csel x17, x13, x9, ne\n\t" + "csel x13, x9, x13, ne\n\t" + "mov %[x2], x5\n\t" + /* Add */ + "adds x6, x10, x25\n\t" + "adcs x7, x11, x26\n\t" + "adcs x8, x12, x27\n\t" + "adcs x9, x13, x28\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x6, x6, x3\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Sub */ + "subs x25, x10, x25\n\t" + "sbcs x26, x11, x26\n\t" + "sbcs x27, x12, x27\n\t" + "sbcs x28, x13, x28\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + "extr x5, x5, x28, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x25, x25, x3\n\t" + "sbcs x26, x26, xzr\n\t" + "and x28, x28, #0x7fffffffffffffff\n\t" + "sbcs x27, x27, xzr\n\t" + "sbc x28, x28, xzr\n\t" + "stp x25, x26, [x29, #80]\n\t" + "stp x27, x28, [x29, #96]\n\t" + /* Add */ + "adds x10, x14, x19\n\t" + "adcs x11, x15, x20\n\t" + "adcs x12, x16, x21\n\t" + "adcs x13, x17, x22\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x10, x10, x3\n\t" + "adcs x11, x11, xzr\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "adcs x12, x12, xzr\n\t" + "adc x13, x13, xzr\n\t" + /* Sub */ + "subs x14, x14, x19\n\t" + "sbcs x15, x15, x20\n\t" + "sbcs x16, x16, x21\n\t" + "sbcs x17, x17, x22\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x14, x14, x3\n\t" + "sbcs x15, x15, xzr\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "sbcs x16, x16, xzr\n\t" + "sbc x17, x17, xzr\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x20, x14, x6\n\t" + "mul x19, x14, x6\n\t" + /* A[2] * B[0] */ + "umulh x22, x16, x6\n\t" + "mul x21, x16, x6\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x6\n\t" + "adds x20, x20, x3\n\t" + "umulh x4, x15, x6\n\t" + "adcs x21, x21, x4\n\t" + /* A[1] * B[3] */ + "umulh x26, x15, x9\n\t" + "adc x22, x22, xzr\n\t" + "mul x25, x15, x9\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x7\n\t" + "adds x20, x20, x3\n\t" + "umulh x4, x14, x7\n\t" + "adcs x21, x21, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x7\n\t" + "adcs x22, x22, x3\n\t" + "umulh x4, x16, x7\n\t" + "adcs x25, x25, x4\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x8\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x15, x8\n\t" + "adcs x25, x25, x4\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x8\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x14, x8\n\t" + "adcs x22, x22, x4\n\t" + "adcs x25, x25, xzr\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, x27, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x7\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x15, x7\n\t" + "adcs x22, x22, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x7\n\t" + "adcs x25, x25, x3\n\t" + "umulh x4, x17, x7\n\t" + "adcs x26, x26, x4\n\t" + "adc x27, x27, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x8\n\t" + "adds x25, x25, x3\n\t" + "umulh x4, x16, x8\n\t" + "adcs x26, x26, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x9\n\t" + "adcs x27, x27, x3\n\t" + "umulh x28, x17, x9\n\t" + "adc x28, x28, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x9\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x14, x9\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x9\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x16, x9\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x6\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x17, x6\n\t" + "adcs x25, x25, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x8\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x17, x8\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x22, x22, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x22, #63\n\t" + "mul x5, x5, x3\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x19, x19, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x20, x20, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x21, x21, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x22, x22, xzr\n\t" + /* Add high product results in */ + "adds x19, x19, x5\n\t" + "adcs x20, x20, x25\n\t" + "adcs x21, x21, x26\n\t" + "adc x22, x22, x27\n\t" + /* Store */ + "stp x19, x20, [x29, #48]\n\t" + "stp x21, x22, [x29, #64]\n\t" + /* Multiply */ + "ldp x25, x26, [x29, #80]\n\t" + "ldp x27, x28, [x29, #96]\n\t" + /* A[0] * B[0] */ + "umulh x20, x10, x25\n\t" + "mul x19, x10, x25\n\t" + /* A[2] * B[0] */ + "umulh x22, x12, x25\n\t" + "mul x21, x12, x25\n\t" + /* A[1] * B[0] */ + "mul x3, x11, x25\n\t" + "adds x20, x20, x3\n\t" + "umulh x4, x11, x25\n\t" + "adcs x21, x21, x4\n\t" + /* A[1] * B[3] */ + "umulh x15, x11, x28\n\t" + "adc x22, x22, xzr\n\t" + "mul x14, x11, x28\n\t" + /* A[0] * B[1] */ + "mul x3, x10, x26\n\t" + "adds x20, x20, x3\n\t" + "umulh x4, x10, x26\n\t" + "adcs x21, x21, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x12, x26\n\t" + "adcs x22, x22, x3\n\t" + "umulh x4, x12, x26\n\t" + "adcs x14, x14, x4\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x11, x27\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x11, x27\n\t" + "adcs x14, x14, x4\n\t" + "adcs x15, x15, xzr\n\t" + "adc x16, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x10, x27\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x10, x27\n\t" + "adcs x22, x22, x4\n\t" + "adcs x14, x14, xzr\n\t" + "adcs x15, x15, xzr\n\t" + "adc x16, x16, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x11, x26\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x11, x26\n\t" + "adcs x22, x22, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x13, x26\n\t" + "adcs x14, x14, x3\n\t" + "umulh x4, x13, x26\n\t" + "adcs x15, x15, x4\n\t" + "adc x16, x16, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x12, x27\n\t" + "adds x14, x14, x3\n\t" + "umulh x4, x12, x27\n\t" + "adcs x15, x15, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x13, x28\n\t" + "adcs x16, x16, x3\n\t" + "umulh x17, x13, x28\n\t" + "adc x17, x17, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x10, x28\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x10, x28\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x12, x28\n\t" + "adcs x15, x15, x3\n\t" + "umulh x4, x12, x28\n\t" + "adcs x16, x16, x4\n\t" + "adc x17, x17, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x13, x25\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x13, x25\n\t" + "adcs x14, x14, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x13, x27\n\t" + "adcs x15, x15, x3\n\t" + "umulh x4, x13, x27\n\t" + "adcs x16, x16, x4\n\t" + "adc x17, x17, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x22, x22, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x22, #63\n\t" + "mul x5, x5, x3\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x19, x19, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x20, x20, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x21, x21, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x22, x22, xzr\n\t" + /* Add high product results in */ + "adds x19, x19, x5\n\t" + "adcs x20, x20, x14\n\t" + "adcs x21, x21, x15\n\t" + "adc x22, x22, x16\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x25, x26\n\t" + "mul x11, x25, x26\n\t" + /* A[0] * A[3] */ + "umulh x14, x25, x28\n\t" + "mul x13, x25, x28\n\t" + /* A[0] * A[2] */ + "mul x3, x25, x27\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x25, x27\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x26, x28\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x26, x28\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x26, x27\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x26, x27\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x27, x28\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x27, x28\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x25, x25\n\t" + "mul x10, x25, x25\n\t" + /* A[1] * A[1] */ + "mul x3, x26, x26\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x26, x26\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x27, x27\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x27, x27\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x28, x28\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x28, x28\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x10, x10, x5\n\t" + "adcs x11, x11, x14\n\t" + "adcs x12, x12, x15\n\t" + "adc x13, x13, x16\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x16, x6, x7\n\t" + "mul x15, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x25, x6, x9\n\t" + "mul x17, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x17, x17, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x25, x25, x3\n\t" + "umulh x26, x7, x9\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x26, x26, x3\n\t" + "umulh x27, x8, x9\n\t" + "adc x27, x27, xzr\n\t" + /* Double */ + "adds x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adcs x17, x17, x17\n\t" + "adcs x25, x25, x25\n\t" + "adcs x26, x26, x26\n\t" + "adcs x27, x27, x27\n\t" + "adc x28, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x14, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x15, x15, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x16, x16, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x17, x17, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x25, x25, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x26, x26, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x27, x27, x3\n\t" + "adc x28, x28, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x17, x17, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x5, x5, x3\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x14, x14, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x15, x15, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x16, x16, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x17, x17, xzr\n\t" + /* Add high product results in */ + "adds x14, x14, x5\n\t" + "adcs x15, x15, x25\n\t" + "adcs x16, x16, x26\n\t" + "adc x17, x17, x27\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x7, x14, x10\n\t" + "mul x6, x14, x10\n\t" + /* A[2] * B[0] */ + "umulh x9, x16, x10\n\t" + "mul x8, x16, x10\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x10\n\t" + "adds x7, x7, x3\n\t" + "umulh x4, x15, x10\n\t" + "adcs x8, x8, x4\n\t" + /* A[1] * B[3] */ + "umulh x26, x15, x13\n\t" + "adc x9, x9, xzr\n\t" + "mul x25, x15, x13\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x11\n\t" + "adds x7, x7, x3\n\t" + "umulh x4, x14, x11\n\t" + "adcs x8, x8, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x11\n\t" + "adcs x9, x9, x3\n\t" + "umulh x4, x16, x11\n\t" + "adcs x25, x25, x4\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x12\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x15, x12\n\t" + "adcs x25, x25, x4\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x12\n\t" + "adds x8, x8, x3\n\t" + "umulh x4, x14, x12\n\t" + "adcs x9, x9, x4\n\t" + "adcs x25, x25, xzr\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, x27, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x11\n\t" + "adds x8, x8, x3\n\t" + "umulh x4, x15, x11\n\t" + "adcs x9, x9, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x11\n\t" + "adcs x25, x25, x3\n\t" + "umulh x4, x17, x11\n\t" + "adcs x26, x26, x4\n\t" + "adc x27, x27, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x12\n\t" + "adds x25, x25, x3\n\t" + "umulh x4, x16, x12\n\t" + "adcs x26, x26, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x13\n\t" + "adcs x27, x27, x3\n\t" + "umulh x28, x17, x13\n\t" + "adc x28, x28, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x13\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x14, x13\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x13\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x16, x13\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x10\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x17, x10\n\t" + "adcs x25, x25, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x12\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x17, x12\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x9, x9, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x5, x5, x3\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x6, x6, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x7, x7, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x8, x8, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x9, x9, xzr\n\t" + /* Add high product results in */ + "adds x6, x6, x5\n\t" + "adcs x7, x7, x25\n\t" + "adcs x8, x8, x26\n\t" + "adc x9, x9, x27\n\t" + /* Store */ + "stp x6, x7, [%x[r]]\n\t" + "stp x8, x9, [%x[r], #16]\n\t" + /* Sub */ + "subs x14, x14, x10\n\t" + "sbcs x15, x15, x11\n\t" + "sbcs x16, x16, x12\n\t" + "sbcs x17, x17, x13\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + /* Mask the modulus */ + "extr x5, x5, x17, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x14, x14, x3\n\t" + "sbcs x15, x15, xzr\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "sbcs x16, x16, xzr\n\t" + "sbc x17, x17, xzr\n\t" + /* Multiply by 121666 */ + "mov x5, #0xdb42\n\t" + "movk x5, #1, lsl 16\n\t" + "mul x6, x14, x5\n\t" + "umulh x7, x14, x5\n\t" + "mul x3, x15, x5\n\t" + "umulh x8, x15, x5\n\t" + "adds x7, x7, x3\n\t" + "adc x8, x8, xzr\n\t" + "mul x3, x16, x5\n\t" + "umulh x9, x16, x5\n\t" + "adds x8, x8, x3\n\t" + "adc x9, x9, xzr\n\t" + "mul x3, x17, x5\n\t" + "umulh x4, x17, x5\n\t" + "adds x9, x9, x3\n\t" + "adc x4, x4, xzr\n\t" + "mov x5, #19\n\t" + "extr x4, x4, x9, #63\n\t" + "mul x4, x4, x5\n\t" + "adds x6, x6, x4\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Add */ + "adds x10, x10, x6\n\t" + "adcs x11, x11, x7\n\t" + "adcs x12, x12, x8\n\t" + "adcs x13, x13, x9\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + /* Mask the modulus */ + "extr x5, x5, x13, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x10, x10, x3\n\t" + "adcs x11, x11, xzr\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "adcs x12, x12, xzr\n\t" + "adc x13, x13, xzr\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x7, x14, x10\n\t" + "mul x6, x14, x10\n\t" + /* A[2] * B[0] */ + "umulh x9, x16, x10\n\t" + "mul x8, x16, x10\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x10\n\t" + "adds x7, x7, x3\n\t" + "umulh x4, x15, x10\n\t" + "adcs x8, x8, x4\n\t" + /* A[1] * B[3] */ + "umulh x26, x15, x13\n\t" + "adc x9, x9, xzr\n\t" + "mul x25, x15, x13\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x11\n\t" + "adds x7, x7, x3\n\t" + "umulh x4, x14, x11\n\t" + "adcs x8, x8, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x11\n\t" + "adcs x9, x9, x3\n\t" + "umulh x4, x16, x11\n\t" + "adcs x25, x25, x4\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x12\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x15, x12\n\t" + "adcs x25, x25, x4\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x12\n\t" + "adds x8, x8, x3\n\t" + "umulh x4, x14, x12\n\t" + "adcs x9, x9, x4\n\t" + "adcs x25, x25, xzr\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, x27, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x11\n\t" + "adds x8, x8, x3\n\t" + "umulh x4, x15, x11\n\t" + "adcs x9, x9, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x11\n\t" + "adcs x25, x25, x3\n\t" + "umulh x4, x17, x11\n\t" + "adcs x26, x26, x4\n\t" + "adc x27, x27, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x12\n\t" + "adds x25, x25, x3\n\t" + "umulh x4, x16, x12\n\t" + "adcs x26, x26, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x13\n\t" + "adcs x27, x27, x3\n\t" + "umulh x28, x17, x13\n\t" + "adc x28, x28, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x13\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x14, x13\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x13\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x16, x13\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x10\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x17, x10\n\t" + "adcs x25, x25, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x12\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x17, x12\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x9, x9, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x5, x5, x3\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x6, x6, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x7, x7, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x8, x8, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x9, x9, xzr\n\t" + /* Add high product results in */ + "adds x6, x6, x5\n\t" + "adcs x7, x7, x25\n\t" + "adcs x8, x8, x26\n\t" + "adc x9, x9, x27\n\t" + /* Store */ + "stp x6, x7, [x29, #16]\n\t" + "stp x8, x9, [x29, #32]\n\t" + /* Add */ + "ldp x25, x26, [x29, #48]\n\t" + "ldp x27, x28, [x29, #64]\n\t" + "adds x10, x25, x19\n\t" + "adcs x11, x26, x20\n\t" + "adcs x12, x27, x21\n\t" + "adcs x13, x28, x22\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x10, x10, x3\n\t" + "adcs x11, x11, xzr\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "adcs x12, x12, xzr\n\t" + "adc x13, x13, xzr\n\t" + /* Sub */ + "subs x19, x25, x19\n\t" + "sbcs x20, x26, x20\n\t" + "sbcs x21, x27, x21\n\t" + "sbcs x22, x28, x22\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + "extr x5, x5, x22, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x19, x19, x3\n\t" + "sbcs x20, x20, xzr\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "sbcs x21, x21, xzr\n\t" + "sbc x22, x22, xzr\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x8, x10, x11\n\t" + "mul x7, x10, x11\n\t" + /* A[0] * A[3] */ + "umulh x25, x10, x13\n\t" + "mul x9, x10, x13\n\t" + /* A[0] * A[2] */ + "mul x3, x10, x12\n\t" + "adds x8, x8, x3\n\t" + "umulh x4, x10, x12\n\t" + "adcs x9, x9, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x11, x13\n\t" + "adcs x25, x25, x3\n\t" + "umulh x26, x11, x13\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x11, x12\n\t" + "adds x9, x9, x3\n\t" + "umulh x4, x11, x12\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x12, x13\n\t" + "adcs x26, x26, x3\n\t" + "umulh x27, x12, x13\n\t" + "adc x27, x27, xzr\n\t" + /* Double */ + "adds x7, x7, x7\n\t" + "adcs x8, x8, x8\n\t" + "adcs x9, x9, x9\n\t" + "adcs x25, x25, x25\n\t" + "adcs x26, x26, x26\n\t" + "adcs x27, x27, x27\n\t" + "adc x28, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x10, x10\n\t" + "mul x6, x10, x10\n\t" + /* A[1] * A[1] */ + "mul x3, x11, x11\n\t" + "adds x7, x7, x4\n\t" + "umulh x4, x11, x11\n\t" + "adcs x8, x8, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x12, x12\n\t" + "adcs x9, x9, x4\n\t" + "umulh x4, x12, x12\n\t" + "adcs x25, x25, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x13, x13\n\t" + "adcs x26, x26, x4\n\t" + "umulh x4, x13, x13\n\t" + "adcs x27, x27, x3\n\t" + "adc x28, x28, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x9, x9, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x5, x5, x3\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x6, x6, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x7, x7, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x8, x8, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x9, x9, xzr\n\t" + /* Add high product results in */ + "adds x6, x6, x5\n\t" + "adcs x7, x7, x25\n\t" + "adcs x8, x8, x26\n\t" + "adc x9, x9, x27\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x16, x19, x20\n\t" + "mul x15, x19, x20\n\t" + /* A[0] * A[3] */ + "umulh x25, x19, x22\n\t" + "mul x17, x19, x22\n\t" + /* A[0] * A[2] */ + "mul x3, x19, x21\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x19, x21\n\t" + "adcs x17, x17, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x20, x22\n\t" + "adcs x25, x25, x3\n\t" + "umulh x26, x20, x22\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x20, x21\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x20, x21\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x21, x22\n\t" + "adcs x26, x26, x3\n\t" + "umulh x27, x21, x22\n\t" + "adc x27, x27, xzr\n\t" + /* Double */ + "adds x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adcs x17, x17, x17\n\t" + "adcs x25, x25, x25\n\t" + "adcs x26, x26, x26\n\t" + "adcs x27, x27, x27\n\t" + "adc x28, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x19, x19\n\t" + "mul x14, x19, x19\n\t" + /* A[1] * A[1] */ + "mul x3, x20, x20\n\t" + "adds x15, x15, x4\n\t" + "umulh x4, x20, x20\n\t" + "adcs x16, x16, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x21, x21\n\t" + "adcs x17, x17, x4\n\t" + "umulh x4, x21, x21\n\t" + "adcs x25, x25, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x22, x22\n\t" + "adcs x26, x26, x4\n\t" + "umulh x4, x22, x22\n\t" + "adcs x27, x27, x3\n\t" + "adc x28, x28, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x17, x17, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x5, x5, x3\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x14, x14, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x15, x15, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x16, x16, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x17, x17, xzr\n\t" + /* Add high product results in */ + "adds x14, x14, x5\n\t" + "adcs x15, x15, x25\n\t" + "adcs x16, x16, x26\n\t" + "adc x17, x17, x27\n\t" + /* Multiply by 9 */ + "mov x5, #9\n\t" + "mul x10, x14, x5\n\t" + "umulh x11, x14, x5\n\t" + "mul x3, x15, x5\n\t" + "umulh x12, x15, x5\n\t" + "adds x11, x11, x3\n\t" + "adc x12, x12, xzr\n\t" + "mul x3, x16, x5\n\t" + "umulh x13, x16, x5\n\t" + "adds x12, x12, x3\n\t" + "adc x13, x13, xzr\n\t" + "mul x3, x17, x5\n\t" + "umulh x4, x17, x5\n\t" + "adds x13, x13, x3\n\t" + "adc x4, x4, xzr\n\t" + "mov x5, #19\n\t" + "extr x4, x4, x13, #63\n\t" + "mul x4, x4, x5\n\t" + "adds x10, x10, x4\n\t" + "adcs x11, x11, xzr\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "adcs x12, x12, xzr\n\t" + "adc x13, x13, xzr\n\t" + "subs x24, x24, #1\n\t" + "cmp x24, #3\n\t" + "b.ge L_curve25519_base_bits_%=\n\t" + /* Conditional Swap */ + "subs xzr, xzr, %[x2], lsl 63\n\t" + "ldp x25, x26, [x29, #16]\n\t" + "ldp x27, x28, [x29, #32]\n\t" + "csel x19, x25, x10, ne\n\t" + "csel x25, x10, x25, ne\n\t" + "csel x20, x26, x11, ne\n\t" + "csel x26, x11, x26, ne\n\t" + "csel x21, x27, x12, ne\n\t" + "csel x27, x12, x27, ne\n\t" + "csel x22, x28, x13, ne\n\t" + "csel x28, x13, x28, ne\n\t" + /* Conditional Swap */ + "subs xzr, xzr, %[x2], lsl 63\n\t" + "ldp x10, x11, [%x[r]]\n\t" + "ldp x12, x13, [%x[r], #16]\n\t" + "csel x14, x10, x6, ne\n\t" + "csel x10, x6, x10, ne\n\t" + "csel x15, x11, x7, ne\n\t" + "csel x11, x7, x11, ne\n\t" + "csel x16, x12, x8, ne\n\t" + "csel x12, x8, x12, ne\n\t" + "csel x17, x13, x9, ne\n\t" + "csel x13, x9, x13, ne\n\t" + "\n" + "L_curve25519_base_3_%=: \n\t" + /* Add */ + "adds x6, x10, x25\n\t" + "adcs x7, x11, x26\n\t" + "adcs x8, x12, x27\n\t" + "adcs x9, x13, x28\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x6, x6, x3\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Sub */ + "subs x25, x10, x25\n\t" + "sbcs x26, x11, x26\n\t" + "sbcs x27, x12, x27\n\t" + "sbcs x28, x13, x28\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + "extr x5, x5, x28, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x25, x25, x3\n\t" + "sbcs x26, x26, xzr\n\t" + "and x28, x28, #0x7fffffffffffffff\n\t" + "sbcs x27, x27, xzr\n\t" + "sbc x28, x28, xzr\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x21, x25, x26\n\t" + "mul x20, x25, x26\n\t" + /* A[0] * A[3] */ + "umulh x14, x25, x28\n\t" + "mul x22, x25, x28\n\t" + /* A[0] * A[2] */ + "mul x3, x25, x27\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x25, x27\n\t" + "adcs x22, x22, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x26, x28\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x26, x28\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x26, x27\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x26, x27\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x27, x28\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x27, x28\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x20, x20, x20\n\t" + "adcs x21, x21, x21\n\t" + "adcs x22, x22, x22\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x25, x25\n\t" + "mul x19, x25, x25\n\t" + /* A[1] * A[1] */ + "mul x3, x26, x26\n\t" + "adds x20, x20, x4\n\t" + "umulh x4, x26, x26\n\t" + "adcs x21, x21, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x27, x27\n\t" + "adcs x22, x22, x4\n\t" + "umulh x4, x27, x27\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x28, x28\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x28, x28\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x22, x22, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x22, #63\n\t" + "mul x5, x5, x3\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x19, x19, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x20, x20, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x21, x21, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x22, x22, xzr\n\t" + /* Add high product results in */ + "adds x19, x19, x5\n\t" + "adcs x20, x20, x14\n\t" + "adcs x21, x21, x15\n\t" + "adc x22, x22, x16\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x16, x6, x7\n\t" + "mul x15, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x25, x6, x9\n\t" + "mul x17, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x17, x17, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x25, x25, x3\n\t" + "umulh x26, x7, x9\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x26, x26, x3\n\t" + "umulh x27, x8, x9\n\t" + "adc x27, x27, xzr\n\t" + /* Double */ + "adds x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adcs x17, x17, x17\n\t" + "adcs x25, x25, x25\n\t" + "adcs x26, x26, x26\n\t" + "adcs x27, x27, x27\n\t" + "adc x28, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x14, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x15, x15, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x16, x16, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x17, x17, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x25, x25, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x26, x26, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x27, x27, x3\n\t" + "adc x28, x28, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x17, x17, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x5, x5, x3\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x14, x14, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x15, x15, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x16, x16, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x17, x17, xzr\n\t" + /* Add high product results in */ + "adds x14, x14, x5\n\t" + "adcs x15, x15, x25\n\t" + "adcs x16, x16, x26\n\t" + "adc x17, x17, x27\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x11, x14, x19\n\t" + "mul x10, x14, x19\n\t" + /* A[2] * B[0] */ + "umulh x13, x16, x19\n\t" + "mul x12, x16, x19\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x19\n\t" + "adds x11, x11, x3\n\t" + "umulh x4, x15, x19\n\t" + "adcs x12, x12, x4\n\t" + /* A[1] * B[3] */ + "umulh x26, x15, x22\n\t" + "adc x13, x13, xzr\n\t" + "mul x25, x15, x22\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x20\n\t" + "adds x11, x11, x3\n\t" + "umulh x4, x14, x20\n\t" + "adcs x12, x12, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x20\n\t" + "adcs x13, x13, x3\n\t" + "umulh x4, x16, x20\n\t" + "adcs x25, x25, x4\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x21\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x15, x21\n\t" + "adcs x25, x25, x4\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x21\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x14, x21\n\t" + "adcs x13, x13, x4\n\t" + "adcs x25, x25, xzr\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, x27, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x20\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x15, x20\n\t" + "adcs x13, x13, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x20\n\t" + "adcs x25, x25, x3\n\t" + "umulh x4, x17, x20\n\t" + "adcs x26, x26, x4\n\t" + "adc x27, x27, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x21\n\t" + "adds x25, x25, x3\n\t" + "umulh x4, x16, x21\n\t" + "adcs x26, x26, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x22\n\t" + "adcs x27, x27, x3\n\t" + "umulh x28, x17, x22\n\t" + "adc x28, x28, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x22\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x14, x22\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x22\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x16, x22\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x19\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x17, x19\n\t" + "adcs x25, x25, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x21\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x17, x21\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x10, x10, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x11, x11, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x12, x12, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x10, x10, x5\n\t" + "adcs x11, x11, x25\n\t" + "adcs x12, x12, x26\n\t" + "adc x13, x13, x27\n\t" + /* Store */ + "stp x10, x11, [%x[r]]\n\t" + "stp x12, x13, [%x[r], #16]\n\t" + /* Sub */ + "subs x14, x14, x19\n\t" + "sbcs x15, x15, x20\n\t" + "sbcs x16, x16, x21\n\t" + "sbcs x17, x17, x22\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + /* Mask the modulus */ + "extr x5, x5, x17, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x14, x14, x3\n\t" + "sbcs x15, x15, xzr\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "sbcs x16, x16, xzr\n\t" + "sbc x17, x17, xzr\n\t" + /* Multiply by 121666 */ + "mov x5, #0xdb42\n\t" + "movk x5, #1, lsl 16\n\t" + "mul x6, x14, x5\n\t" + "umulh x7, x14, x5\n\t" + "mul x3, x15, x5\n\t" + "umulh x8, x15, x5\n\t" + "adds x7, x7, x3\n\t" + "adc x8, x8, xzr\n\t" + "mul x3, x16, x5\n\t" + "umulh x9, x16, x5\n\t" + "adds x8, x8, x3\n\t" + "adc x9, x9, xzr\n\t" + "mul x3, x17, x5\n\t" + "umulh x4, x17, x5\n\t" + "adds x9, x9, x3\n\t" + "adc x4, x4, xzr\n\t" + "mov x5, #19\n\t" + "extr x4, x4, x9, #63\n\t" + "mul x4, x4, x5\n\t" + "adds x6, x6, x4\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Add */ + "adds x19, x19, x6\n\t" + "adcs x20, x20, x7\n\t" + "adcs x21, x21, x8\n\t" + "adcs x22, x22, x9\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + /* Mask the modulus */ + "extr x5, x5, x22, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x19, x19, x3\n\t" + "adcs x20, x20, xzr\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "adcs x21, x21, xzr\n\t" + "adc x22, x22, xzr\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x26, x14, x19\n\t" + "mul x25, x14, x19\n\t" + /* A[2] * B[0] */ + "umulh x28, x16, x19\n\t" + "mul x27, x16, x19\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x19\n\t" + "adds x26, x26, x3\n\t" + "umulh x4, x15, x19\n\t" + "adcs x27, x27, x4\n\t" + /* A[1] * B[3] */ + "umulh x7, x15, x22\n\t" + "adc x28, x28, xzr\n\t" + "mul x6, x15, x22\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x20\n\t" + "adds x26, x26, x3\n\t" + "umulh x4, x14, x20\n\t" + "adcs x27, x27, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x20\n\t" + "adcs x28, x28, x3\n\t" + "umulh x4, x16, x20\n\t" + "adcs x6, x6, x4\n\t" + "adc x7, x7, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x21\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x15, x21\n\t" + "adcs x6, x6, x4\n\t" + "adcs x7, x7, xzr\n\t" + "adc x8, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x21\n\t" + "adds x27, x27, x3\n\t" + "umulh x4, x14, x21\n\t" + "adcs x28, x28, x4\n\t" + "adcs x6, x6, xzr\n\t" + "adcs x7, x7, xzr\n\t" + "adc x8, x8, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x20\n\t" + "adds x27, x27, x3\n\t" + "umulh x4, x15, x20\n\t" + "adcs x28, x28, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x20\n\t" + "adcs x6, x6, x3\n\t" + "umulh x4, x17, x20\n\t" + "adcs x7, x7, x4\n\t" + "adc x8, x8, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x21\n\t" + "adds x6, x6, x3\n\t" + "umulh x4, x16, x21\n\t" + "adcs x7, x7, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x22\n\t" + "adcs x8, x8, x3\n\t" + "umulh x9, x17, x22\n\t" + "adc x9, x9, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x22\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x14, x22\n\t" + "adcs x6, x6, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x22\n\t" + "adcs x7, x7, x3\n\t" + "umulh x4, x16, x22\n\t" + "adcs x8, x8, x4\n\t" + "adc x9, x9, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x19\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x17, x19\n\t" + "adcs x6, x6, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x21\n\t" + "adcs x7, x7, x3\n\t" + "umulh x4, x17, x21\n\t" + "adcs x8, x8, x4\n\t" + "adc x9, x9, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x9\n\t" + "adds x28, x28, x4\n\t" + "umulh x5, x3, x9\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x28, #63\n\t" + "mul x5, x5, x3\n\t" + "and x28, x28, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x6\n\t" + "adds x25, x25, x4\n\t" + "umulh x6, x3, x6\n\t" + "mul x4, x3, x7\n\t" + "adcs x26, x26, x4\n\t" + "umulh x7, x3, x7\n\t" + "mul x4, x3, x8\n\t" + "adcs x27, x27, x4\n\t" + "umulh x8, x3, x8\n\t" + "adc x28, x28, xzr\n\t" + /* Add high product results in */ + "adds x25, x25, x5\n\t" + "adcs x26, x26, x6\n\t" + "adcs x27, x27, x7\n\t" + "adc x28, x28, x8\n\t" + /* Store */ + "stp x25, x26, [x29, #16]\n\t" + "stp x27, x28, [x29, #32]\n\t" + "subs x24, x24, #1\n\t" + "b.ge L_curve25519_base_3_%=\n\t" + /* Invert */ + "add x0, x29, #48\n\t" + "add x1, x29, #16\n\t" +#ifndef __APPLE__ + "bl fe_sq\n\t" +#else + "bl _fe_sq\n\t" +#endif /* __APPLE__ */ + "add x0, x29, #0x50\n\t" + "add x1, x29, #48\n\t" +#ifndef __APPLE__ + "bl fe_sq\n\t" +#else + "bl _fe_sq\n\t" +#endif /* __APPLE__ */ +#ifndef NDEBUG + "add x0, x29, #0x50\n\t" +#endif /* !NDEBUG */ + "add x1, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_sq\n\t" +#else + "bl _fe_sq\n\t" +#endif /* __APPLE__ */ +#ifndef NDEBUG + "add x0, x29, #0x50\n\t" +#endif /* !NDEBUG */ + "add x1, x29, #16\n\t" + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + "add x0, x29, #48\n\t" + "add x1, x29, #48\n\t" + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + "add x0, x29, #0x70\n\t" +#ifndef NDEBUG + "add x1, x29, #48\n\t" +#endif /* !NDEBUG */ +#ifndef __APPLE__ + "bl fe_sq\n\t" +#else + "bl _fe_sq\n\t" +#endif /* __APPLE__ */ + "add x0, x29, #0x50\n\t" + "add x1, x29, #0x50\n\t" + "add x2, x29, #0x70\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 5 times */ + "mov x24, #5\n\t" + "ldp x6, x7, [x29, #80]\n\t" + "ldp x8, x9, [x29, #96]\n\t" + "\n" + "L_curve25519_base_inv_1_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_1_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #112]\n\t" + "stp x8, x9, [x29, #128]\n\t" +#ifndef NDEBUG + "add x0, x29, #0x50\n\t" +#endif /* !NDEBUG */ + "add x1, x29, #0x70\n\t" + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 10 times */ + "mov x24, #10\n\t" + "ldp x6, x7, [x29, #80]\n\t" + "ldp x8, x9, [x29, #96]\n\t" + "\n" + "L_curve25519_base_inv_2_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_2_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #112]\n\t" + "stp x8, x9, [x29, #128]\n\t" + "add x0, x29, #0x70\n\t" +#ifndef NDEBUG + "add x1, x29, #0x70\n\t" +#endif /* !NDEBUG */ + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 20 times */ + "mov x24, #20\n\t" + "ldp x6, x7, [x29, #112]\n\t" + "ldp x8, x9, [x29, #128]\n\t" + "\n" + "L_curve25519_base_inv_3_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_3_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #144]\n\t" + "stp x8, x9, [x29, #160]\n\t" +#ifndef NDEBUG + "add x0, x29, #0x70\n\t" +#endif /* !NDEBUG */ + "add x1, x29, #0x90\n\t" + "add x2, x29, #0x70\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 10 times */ + "mov x24, #10\n\t" + "ldp x6, x7, [x29, #112]\n\t" + "ldp x8, x9, [x29, #128]\n\t" + "\n" + "L_curve25519_base_inv_4_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_4_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #112]\n\t" + "stp x8, x9, [x29, #128]\n\t" + "add x0, x29, #0x50\n\t" + "add x1, x29, #0x70\n\t" + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 50 times */ + "mov x24, #50\n\t" + "ldp x6, x7, [x29, #80]\n\t" + "ldp x8, x9, [x29, #96]\n\t" + "\n" + "L_curve25519_base_inv_5_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_5_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #112]\n\t" + "stp x8, x9, [x29, #128]\n\t" + "add x0, x29, #0x70\n\t" +#ifndef NDEBUG + "add x1, x29, #0x70\n\t" +#endif /* !NDEBUG */ + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 100 times */ + "mov x24, #0x64\n\t" + "ldp x6, x7, [x29, #112]\n\t" + "ldp x8, x9, [x29, #128]\n\t" + "\n" + "L_curve25519_base_inv_6_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_6_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #144]\n\t" + "stp x8, x9, [x29, #160]\n\t" +#ifndef NDEBUG + "add x0, x29, #0x70\n\t" +#endif /* !NDEBUG */ + "add x1, x29, #0x90\n\t" + "add x2, x29, #0x70\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 50 times */ + "mov x24, #50\n\t" + "ldp x6, x7, [x29, #112]\n\t" + "ldp x8, x9, [x29, #128]\n\t" + "\n" + "L_curve25519_base_inv_7_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_7_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #112]\n\t" + "stp x8, x9, [x29, #128]\n\t" + "add x0, x29, #0x50\n\t" + "add x1, x29, #0x70\n\t" + "add x2, x29, #0x50\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + /* Loop: 5 times */ + "mov x24, #5\n\t" + "ldp x6, x7, [x29, #80]\n\t" + "ldp x8, x9, [x29, #96]\n\t" + "\n" + "L_curve25519_base_inv_8_%=: \n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x12, x6, x7\n\t" + "mul x11, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x14, x6, x9\n\t" + "mul x13, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x13, x13, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x7, x9\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x8, x9\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x11, x11, x11\n\t" + "adcs x12, x12, x12\n\t" + "adcs x13, x13, x13\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x10, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x11, x11, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x12, x12, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x13, x13, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x10, x10, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x11, x11, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x12, x12, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x6, x10, x5\n\t" + "adcs x7, x11, x14\n\t" + "adcs x8, x12, x15\n\t" + "adc x9, x13, x16\n\t" + "subs x24, x24, #1\n\t" + "b.ne L_curve25519_base_inv_8_%=\n\t" + /* Store */ + "stp x6, x7, [x29, #80]\n\t" + "stp x8, x9, [x29, #96]\n\t" + "add x0, x29, #16\n\t" + "add x1, x29, #0x50\n\t" + "add x2, x29, #48\n\t" +#ifndef __APPLE__ + "bl fe_mul\n\t" +#else + "bl _fe_mul\n\t" +#endif /* __APPLE__ */ + "mov %x[r], x23\n\t" + /* Multiply */ + "ldp x6, x7, [%x[r]]\n\t" + "ldp x8, x9, [%x[r], #16]\n\t" + "ldp x10, x11, [x29, #16]\n\t" + "ldp x12, x13, [x29, #32]\n\t" + /* A[0] * B[0] */ + "umulh x15, x6, x10\n\t" + "mul x14, x6, x10\n\t" + /* A[2] * B[0] */ + "umulh x17, x8, x10\n\t" + "mul x16, x8, x10\n\t" + /* A[1] * B[0] */ + "mul x3, x7, x10\n\t" + "adds x15, x15, x3\n\t" + "umulh x4, x7, x10\n\t" + "adcs x16, x16, x4\n\t" + /* A[1] * B[3] */ + "umulh x20, x7, x13\n\t" + "adc x17, x17, xzr\n\t" + "mul x19, x7, x13\n\t" + /* A[0] * B[1] */ + "mul x3, x6, x11\n\t" + "adds x15, x15, x3\n\t" + "umulh x4, x6, x11\n\t" + "adcs x16, x16, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x8, x11\n\t" + "adcs x17, x17, x3\n\t" + "umulh x4, x8, x11\n\t" + "adcs x19, x19, x4\n\t" + "adc x20, x20, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x7, x12\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x7, x12\n\t" + "adcs x19, x19, x4\n\t" + "adcs x20, x20, xzr\n\t" + "adc x21, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x6, x12\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x6, x12\n\t" + "adcs x17, x17, x4\n\t" + "adcs x19, x19, xzr\n\t" + "adcs x20, x20, xzr\n\t" + "adc x21, x21, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x7, x11\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x7, x11\n\t" + "adcs x17, x17, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x9, x11\n\t" + "adcs x19, x19, x3\n\t" + "umulh x4, x9, x11\n\t" + "adcs x20, x20, x4\n\t" + "adc x21, x21, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x8, x12\n\t" + "adds x19, x19, x3\n\t" + "umulh x4, x8, x12\n\t" + "adcs x20, x20, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x9, x13\n\t" + "adcs x21, x21, x3\n\t" + "umulh x22, x9, x13\n\t" + "adc x22, x22, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x6, x13\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x6, x13\n\t" + "adcs x19, x19, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x8, x13\n\t" + "adcs x20, x20, x3\n\t" + "umulh x4, x8, x13\n\t" + "adcs x21, x21, x4\n\t" + "adc x22, x22, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x9, x10\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x9, x10\n\t" + "adcs x19, x19, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x9, x12\n\t" + "adcs x20, x20, x3\n\t" + "umulh x4, x9, x12\n\t" + "adcs x21, x21, x4\n\t" + "adc x22, x22, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x22\n\t" + "adds x17, x17, x4\n\t" + "umulh x5, x3, x22\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x5, x5, x3\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x19\n\t" + "adds x14, x14, x4\n\t" + "umulh x19, x3, x19\n\t" + "mul x4, x3, x20\n\t" + "adcs x15, x15, x4\n\t" + "umulh x20, x3, x20\n\t" + "mul x4, x3, x21\n\t" + "adcs x16, x16, x4\n\t" + "umulh x21, x3, x21\n\t" + "adc x17, x17, xzr\n\t" + /* Add high product results in */ + "adds x14, x14, x5\n\t" + "adcs x15, x15, x19\n\t" + "adcs x16, x16, x20\n\t" + "adc x17, x17, x21\n\t" + /* Reduce if top bit set */ + "mov x3, #19\n\t" + "and x4, x3, x17, asr 63\n\t" + "adds x14, x14, x4\n\t" + "adcs x15, x15, xzr\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "adcs x16, x16, xzr\n\t" + "adc x17, x17, xzr\n\t" + "adds x4, x14, x3\n\t" + "adcs x4, x15, xzr\n\t" + "adcs x4, x16, xzr\n\t" + "adc x4, x17, xzr\n\t" + "and x4, x3, x4, asr 63\n\t" + "adds x14, x14, x4\n\t" + "adcs x15, x15, xzr\n\t" + "mov x4, #0x7fffffffffffffff\n\t" + "adcs x16, x16, xzr\n\t" + "adc x17, x17, xzr\n\t" + "and x17, x17, x4\n\t" + /* Store */ + "stp x14, x15, [%x[r]]\n\t" + "stp x16, x17, [%x[r], #16]\n\t" + "mov x0, xzr\n\t" + "ldp x29, x30, [sp], #0xb0\n\t" + : [r] "+r" (r) + : [n] "r" (n), [x2] "r" (x2) + : "memory", "cc", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", + "x11", "x12", "x13", "x14", "x15", "x16", "x17", "x19", "x20", + "x21", "x22", "x23", "x24", "x25", "x26", "x27", "x28" + ); + return (word32)(size_t)r; +} + +#endif /* !HAVE_ED25519 && !WOLFSSL_CURVE25519_USE_ED25519 */ int curve25519(byte* r, const byte* n, const byte* a) { __asm__ __volatile__ ( @@ -1598,7 +4381,6 @@ "add x29, sp, #0\n\t" "mov x23, xzr\n\t" "str %x[r], [x29, #176]\n\t" - "str %x[a], [x29, #184]\n\t" "ldp x6, x7, [%x[a]]\n\t" "ldp x8, x9, [%x[a], #16]\n\t" "mov x10, #1\n\t" @@ -2683,7 +5465,511 @@ "adcs x12, x12, x26\n\t" "adc x13, x13, x27\n\t" "subs x24, x24, #1\n\t" + "cmp x24, #3\n\t" "b.ge L_curve25519_bits_%=\n\t" + /* Conditional Swap */ + "subs xzr, xzr, x23, lsl 63\n\t" + "ldp x25, x26, [x29, #16]\n\t" + "ldp x27, x28, [x29, #32]\n\t" + "csel x19, x25, x10, ne\n\t" + "csel x25, x10, x25, ne\n\t" + "csel x20, x26, x11, ne\n\t" + "csel x26, x11, x26, ne\n\t" + "csel x21, x27, x12, ne\n\t" + "csel x27, x12, x27, ne\n\t" + "csel x22, x28, x13, ne\n\t" + "csel x28, x13, x28, ne\n\t" + /* Conditional Swap */ + "subs xzr, xzr, x23, lsl 63\n\t" + "ldp x10, x11, [%x[r]]\n\t" + "ldp x12, x13, [%x[r], #16]\n\t" + "csel x14, x10, x6, ne\n\t" + "csel x10, x6, x10, ne\n\t" + "csel x15, x11, x7, ne\n\t" + "csel x11, x7, x11, ne\n\t" + "csel x16, x12, x8, ne\n\t" + "csel x12, x8, x12, ne\n\t" + "csel x17, x13, x9, ne\n\t" + "csel x13, x9, x13, ne\n\t" + "\n" + "L_curve25519_3_%=: \n\t" + /* Add */ + "adds x6, x10, x25\n\t" + "adcs x7, x11, x26\n\t" + "adcs x8, x12, x27\n\t" + "adcs x9, x13, x28\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x9, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x6, x6, x3\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Sub */ + "subs x25, x10, x25\n\t" + "sbcs x26, x11, x26\n\t" + "sbcs x27, x12, x27\n\t" + "sbcs x28, x13, x28\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + "extr x5, x5, x28, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x25, x25, x3\n\t" + "sbcs x26, x26, xzr\n\t" + "and x28, x28, #0x7fffffffffffffff\n\t" + "sbcs x27, x27, xzr\n\t" + "sbc x28, x28, xzr\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x21, x25, x26\n\t" + "mul x20, x25, x26\n\t" + /* A[0] * A[3] */ + "umulh x14, x25, x28\n\t" + "mul x22, x25, x28\n\t" + /* A[0] * A[2] */ + "mul x3, x25, x27\n\t" + "adds x21, x21, x3\n\t" + "umulh x4, x25, x27\n\t" + "adcs x22, x22, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x26, x28\n\t" + "adcs x14, x14, x3\n\t" + "umulh x15, x26, x28\n\t" + "adc x15, x15, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x26, x27\n\t" + "adds x22, x22, x3\n\t" + "umulh x4, x26, x27\n\t" + "adcs x14, x14, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x27, x28\n\t" + "adcs x15, x15, x3\n\t" + "umulh x16, x27, x28\n\t" + "adc x16, x16, xzr\n\t" + /* Double */ + "adds x20, x20, x20\n\t" + "adcs x21, x21, x21\n\t" + "adcs x22, x22, x22\n\t" + "adcs x14, x14, x14\n\t" + "adcs x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adc x17, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x25, x25\n\t" + "mul x19, x25, x25\n\t" + /* A[1] * A[1] */ + "mul x3, x26, x26\n\t" + "adds x20, x20, x4\n\t" + "umulh x4, x26, x26\n\t" + "adcs x21, x21, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x27, x27\n\t" + "adcs x22, x22, x4\n\t" + "umulh x4, x27, x27\n\t" + "adcs x14, x14, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x28, x28\n\t" + "adcs x15, x15, x4\n\t" + "umulh x4, x28, x28\n\t" + "adcs x16, x16, x3\n\t" + "adc x17, x17, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x17\n\t" + "adds x22, x22, x4\n\t" + "umulh x5, x3, x17\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x22, #63\n\t" + "mul x5, x5, x3\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x14\n\t" + "adds x19, x19, x4\n\t" + "umulh x14, x3, x14\n\t" + "mul x4, x3, x15\n\t" + "adcs x20, x20, x4\n\t" + "umulh x15, x3, x15\n\t" + "mul x4, x3, x16\n\t" + "adcs x21, x21, x4\n\t" + "umulh x16, x3, x16\n\t" + "adc x22, x22, xzr\n\t" + /* Add high product results in */ + "adds x19, x19, x5\n\t" + "adcs x20, x20, x14\n\t" + "adcs x21, x21, x15\n\t" + "adc x22, x22, x16\n\t" + /* Square */ + /* A[0] * A[1] */ + "umulh x16, x6, x7\n\t" + "mul x15, x6, x7\n\t" + /* A[0] * A[3] */ + "umulh x25, x6, x9\n\t" + "mul x17, x6, x9\n\t" + /* A[0] * A[2] */ + "mul x3, x6, x8\n\t" + "adds x16, x16, x3\n\t" + "umulh x4, x6, x8\n\t" + "adcs x17, x17, x4\n\t" + /* A[1] * A[3] */ + "mul x3, x7, x9\n\t" + "adcs x25, x25, x3\n\t" + "umulh x26, x7, x9\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * A[2] */ + "mul x3, x7, x8\n\t" + "adds x17, x17, x3\n\t" + "umulh x4, x7, x8\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * A[3] */ + "mul x3, x8, x9\n\t" + "adcs x26, x26, x3\n\t" + "umulh x27, x8, x9\n\t" + "adc x27, x27, xzr\n\t" + /* Double */ + "adds x15, x15, x15\n\t" + "adcs x16, x16, x16\n\t" + "adcs x17, x17, x17\n\t" + "adcs x25, x25, x25\n\t" + "adcs x26, x26, x26\n\t" + "adcs x27, x27, x27\n\t" + "adc x28, xzr, xzr\n\t" + /* A[0] * A[0] */ + "umulh x4, x6, x6\n\t" + "mul x14, x6, x6\n\t" + /* A[1] * A[1] */ + "mul x3, x7, x7\n\t" + "adds x15, x15, x4\n\t" + "umulh x4, x7, x7\n\t" + "adcs x16, x16, x3\n\t" + /* A[2] * A[2] */ + "mul x3, x8, x8\n\t" + "adcs x17, x17, x4\n\t" + "umulh x4, x8, x8\n\t" + "adcs x25, x25, x3\n\t" + /* A[3] * A[3] */ + "mul x3, x9, x9\n\t" + "adcs x26, x26, x4\n\t" + "umulh x4, x9, x9\n\t" + "adcs x27, x27, x3\n\t" + "adc x28, x28, x4\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x17, x17, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x17, #63\n\t" + "mul x5, x5, x3\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x14, x14, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x15, x15, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x16, x16, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x17, x17, xzr\n\t" + /* Add high product results in */ + "adds x14, x14, x5\n\t" + "adcs x15, x15, x25\n\t" + "adcs x16, x16, x26\n\t" + "adc x17, x17, x27\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x11, x14, x19\n\t" + "mul x10, x14, x19\n\t" + /* A[2] * B[0] */ + "umulh x13, x16, x19\n\t" + "mul x12, x16, x19\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x19\n\t" + "adds x11, x11, x3\n\t" + "umulh x4, x15, x19\n\t" + "adcs x12, x12, x4\n\t" + /* A[1] * B[3] */ + "umulh x26, x15, x22\n\t" + "adc x13, x13, xzr\n\t" + "mul x25, x15, x22\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x20\n\t" + "adds x11, x11, x3\n\t" + "umulh x4, x14, x20\n\t" + "adcs x12, x12, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x20\n\t" + "adcs x13, x13, x3\n\t" + "umulh x4, x16, x20\n\t" + "adcs x25, x25, x4\n\t" + "adc x26, x26, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x21\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x15, x21\n\t" + "adcs x25, x25, x4\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x21\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x14, x21\n\t" + "adcs x13, x13, x4\n\t" + "adcs x25, x25, xzr\n\t" + "adcs x26, x26, xzr\n\t" + "adc x27, x27, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x20\n\t" + "adds x12, x12, x3\n\t" + "umulh x4, x15, x20\n\t" + "adcs x13, x13, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x20\n\t" + "adcs x25, x25, x3\n\t" + "umulh x4, x17, x20\n\t" + "adcs x26, x26, x4\n\t" + "adc x27, x27, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x21\n\t" + "adds x25, x25, x3\n\t" + "umulh x4, x16, x21\n\t" + "adcs x26, x26, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x22\n\t" + "adcs x27, x27, x3\n\t" + "umulh x28, x17, x22\n\t" + "adc x28, x28, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x22\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x14, x22\n\t" + "adcs x25, x25, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x22\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x16, x22\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x19\n\t" + "adds x13, x13, x3\n\t" + "umulh x4, x17, x19\n\t" + "adcs x25, x25, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x21\n\t" + "adcs x26, x26, x3\n\t" + "umulh x4, x17, x21\n\t" + "adcs x27, x27, x4\n\t" + "adc x28, x28, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x28\n\t" + "adds x13, x13, x4\n\t" + "umulh x5, x3, x28\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x13, #63\n\t" + "mul x5, x5, x3\n\t" + "and x13, x13, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x25\n\t" + "adds x10, x10, x4\n\t" + "umulh x25, x3, x25\n\t" + "mul x4, x3, x26\n\t" + "adcs x11, x11, x4\n\t" + "umulh x26, x3, x26\n\t" + "mul x4, x3, x27\n\t" + "adcs x12, x12, x4\n\t" + "umulh x27, x3, x27\n\t" + "adc x13, x13, xzr\n\t" + /* Add high product results in */ + "adds x10, x10, x5\n\t" + "adcs x11, x11, x25\n\t" + "adcs x12, x12, x26\n\t" + "adc x13, x13, x27\n\t" + /* Store */ + "stp x10, x11, [%x[r]]\n\t" + "stp x12, x13, [%x[r], #16]\n\t" + /* Sub */ + "subs x14, x14, x19\n\t" + "sbcs x15, x15, x20\n\t" + "sbcs x16, x16, x21\n\t" + "sbcs x17, x17, x22\n\t" + "csetm x5, cc\n\t" + "mov x3, #-19\n\t" + /* Mask the modulus */ + "extr x5, x5, x17, #63\n\t" + "mul x3, x5, x3\n\t" + /* Add modulus (if underflow) */ + "subs x14, x14, x3\n\t" + "sbcs x15, x15, xzr\n\t" + "and x17, x17, #0x7fffffffffffffff\n\t" + "sbcs x16, x16, xzr\n\t" + "sbc x17, x17, xzr\n\t" + /* Multiply by 121666 */ + "mov x5, #0xdb42\n\t" + "movk x5, #1, lsl 16\n\t" + "mul x6, x14, x5\n\t" + "umulh x7, x14, x5\n\t" + "mul x3, x15, x5\n\t" + "umulh x8, x15, x5\n\t" + "adds x7, x7, x3\n\t" + "adc x8, x8, xzr\n\t" + "mul x3, x16, x5\n\t" + "umulh x9, x16, x5\n\t" + "adds x8, x8, x3\n\t" + "adc x9, x9, xzr\n\t" + "mul x3, x17, x5\n\t" + "umulh x4, x17, x5\n\t" + "adds x9, x9, x3\n\t" + "adc x4, x4, xzr\n\t" + "mov x5, #19\n\t" + "extr x4, x4, x9, #63\n\t" + "mul x4, x4, x5\n\t" + "adds x6, x6, x4\n\t" + "adcs x7, x7, xzr\n\t" + "and x9, x9, #0x7fffffffffffffff\n\t" + "adcs x8, x8, xzr\n\t" + "adc x9, x9, xzr\n\t" + /* Add */ + "adds x19, x19, x6\n\t" + "adcs x20, x20, x7\n\t" + "adcs x21, x21, x8\n\t" + "adcs x22, x22, x9\n\t" + "cset x5, cs\n\t" + "mov x3, #19\n\t" + /* Mask the modulus */ + "extr x5, x5, x22, #63\n\t" + "mul x3, x5, x3\n\t" + /* Sub modulus (if overflow) */ + "adds x19, x19, x3\n\t" + "adcs x20, x20, xzr\n\t" + "and x22, x22, #0x7fffffffffffffff\n\t" + "adcs x21, x21, xzr\n\t" + "adc x22, x22, xzr\n\t" + /* Multiply */ + /* A[0] * B[0] */ + "umulh x26, x14, x19\n\t" + "mul x25, x14, x19\n\t" + /* A[2] * B[0] */ + "umulh x28, x16, x19\n\t" + "mul x27, x16, x19\n\t" + /* A[1] * B[0] */ + "mul x3, x15, x19\n\t" + "adds x26, x26, x3\n\t" + "umulh x4, x15, x19\n\t" + "adcs x27, x27, x4\n\t" + /* A[1] * B[3] */ + "umulh x7, x15, x22\n\t" + "adc x28, x28, xzr\n\t" + "mul x6, x15, x22\n\t" + /* A[0] * B[1] */ + "mul x3, x14, x20\n\t" + "adds x26, x26, x3\n\t" + "umulh x4, x14, x20\n\t" + "adcs x27, x27, x4\n\t" + /* A[2] * B[1] */ + "mul x3, x16, x20\n\t" + "adcs x28, x28, x3\n\t" + "umulh x4, x16, x20\n\t" + "adcs x6, x6, x4\n\t" + "adc x7, x7, xzr\n\t" + /* A[1] * B[2] */ + "mul x3, x15, x21\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x15, x21\n\t" + "adcs x6, x6, x4\n\t" + "adcs x7, x7, xzr\n\t" + "adc x8, xzr, xzr\n\t" + /* A[0] * B[2] */ + "mul x3, x14, x21\n\t" + "adds x27, x27, x3\n\t" + "umulh x4, x14, x21\n\t" + "adcs x28, x28, x4\n\t" + "adcs x6, x6, xzr\n\t" + "adcs x7, x7, xzr\n\t" + "adc x8, x8, xzr\n\t" + /* A[1] * B[1] */ + "mul x3, x15, x20\n\t" + "adds x27, x27, x3\n\t" + "umulh x4, x15, x20\n\t" + "adcs x28, x28, x4\n\t" + /* A[3] * B[1] */ + "mul x3, x17, x20\n\t" + "adcs x6, x6, x3\n\t" + "umulh x4, x17, x20\n\t" + "adcs x7, x7, x4\n\t" + "adc x8, x8, xzr\n\t" + /* A[2] * B[2] */ + "mul x3, x16, x21\n\t" + "adds x6, x6, x3\n\t" + "umulh x4, x16, x21\n\t" + "adcs x7, x7, x4\n\t" + /* A[3] * B[3] */ + "mul x3, x17, x22\n\t" + "adcs x8, x8, x3\n\t" + "umulh x9, x17, x22\n\t" + "adc x9, x9, xzr\n\t" + /* A[0] * B[3] */ + "mul x3, x14, x22\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x14, x22\n\t" + "adcs x6, x6, x4\n\t" + /* A[2] * B[3] */ + "mul x3, x16, x22\n\t" + "adcs x7, x7, x3\n\t" + "umulh x4, x16, x22\n\t" + "adcs x8, x8, x4\n\t" + "adc x9, x9, xzr\n\t" + /* A[3] * B[0] */ + "mul x3, x17, x19\n\t" + "adds x28, x28, x3\n\t" + "umulh x4, x17, x19\n\t" + "adcs x6, x6, x4\n\t" + /* A[3] * B[2] */ + "mul x3, x17, x21\n\t" + "adcs x7, x7, x3\n\t" + "umulh x4, x17, x21\n\t" + "adcs x8, x8, x4\n\t" + "adc x9, x9, xzr\n\t" + /* Reduce */ + "mov x3, #38\n\t" + "mul x4, x3, x9\n\t" + "adds x28, x28, x4\n\t" + "umulh x5, x3, x9\n\t" + "adc x5, x5, xzr\n\t" + "mov x3, #19\n\t" + "extr x5, x5, x28, #63\n\t" + "mul x5, x5, x3\n\t" + "and x28, x28, #0x7fffffffffffffff\n\t" + "mov x3, #38\n\t" + "mul x4, x3, x6\n\t" + "adds x25, x25, x4\n\t" + "umulh x6, x3, x6\n\t" + "mul x4, x3, x7\n\t" + "adcs x26, x26, x4\n\t" + "umulh x7, x3, x7\n\t" + "mul x4, x3, x8\n\t" + "adcs x27, x27, x4\n\t" + "umulh x8, x3, x8\n\t" + "adc x28, x28, xzr\n\t" + /* Add high product results in */ + "adds x25, x25, x5\n\t" + "adcs x26, x26, x6\n\t" + "adcs x27, x27, x7\n\t" + "adc x28, x28, x8\n\t" + /* Store */ + "stp x25, x26, [x29, #16]\n\t" + "stp x27, x28, [x29, #32]\n\t" + "subs x24, x24, #1\n\t" + "b.ge L_curve25519_3_%=\n\t" /* Invert */ "add x0, x29, #48\n\t" "add x1, x29, #16\n\t" @@ -3694,7 +6980,6 @@ return (word32)(size_t)r; } -#ifdef HAVE_ED25519 void fe_pow22523(fe r, const fe a) { __asm__ __volatile__ ( @@ -8086,6 +11371,7 @@ ); } +#ifdef HAVE_ED25519 void sc_reduce(byte* s) { __asm__ __volatile__ ( diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -168,21 +168,21 @@ add x2, x2, :lo12:L_mlkem_aarch64_zetas #else adrp x2, L_mlkem_aarch64_zetas@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_zetas@PAGEOFF + add x2, x2, L_mlkem_aarch64_zetas@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_aarch64_zetas_qinv add x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv #else adrp x3, L_mlkem_aarch64_zetas_qinv@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_qinv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ add x1, x0, #0x100 ldr q4, [x4] @@ -1562,21 +1562,21 @@ add x2, x2, :lo12:L_mlkem_aarch64_zetas_inv #else adrp x2, L_mlkem_aarch64_zetas_inv@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_zetas_inv@PAGEOFF + add x2, x2, L_mlkem_aarch64_zetas_inv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_aarch64_zetas_inv_qinv add x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv #else adrp x3, L_mlkem_aarch64_zetas_inv_qinv@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ add x1, x0, #0x100 ldr q8, [x4] @@ -3013,21 +3013,21 @@ add x2, x2, :lo12:L_mlkem_aarch64_zetas #else adrp x2, L_mlkem_aarch64_zetas@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_zetas@PAGEOFF + add x2, x2, L_mlkem_aarch64_zetas@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_aarch64_zetas_qinv add x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv #else adrp x3, L_mlkem_aarch64_zetas_qinv@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_qinv@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_qinv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ add x1, x0, #0x100 ldr q4, [x4] @@ -4195,21 +4195,21 @@ add x2, x2, :lo12:L_mlkem_aarch64_zetas_inv #else adrp x2, L_mlkem_aarch64_zetas_inv@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_zetas_inv@PAGEOFF + add x2, x2, L_mlkem_aarch64_zetas_inv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_aarch64_zetas_inv_qinv add x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv #else adrp x3, L_mlkem_aarch64_zetas_inv_qinv@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_inv_qinv@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ add x1, x0, #0x100 ldr q8, [x4] @@ -5532,14 +5532,14 @@ add x3, x3, :lo12:L_mlkem_aarch64_zetas_mul #else adrp x3, L_mlkem_aarch64_zetas_mul@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_mul@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_mul@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q1, [x4] ldp q2, q3, [x1] @@ -6230,14 +6230,14 @@ add x3, x3, :lo12:L_mlkem_aarch64_zetas_mul #else adrp x3, L_mlkem_aarch64_zetas_mul@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_zetas_mul@PAGEOFF + add x3, x3, L_mlkem_aarch64_zetas_mul@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_aarch64_consts add x4, x4, :lo12:L_mlkem_aarch64_consts #else adrp x4, L_mlkem_aarch64_consts@PAGE - add x4, x4, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x4, x4, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q1, [x4] ldp q2, q3, [x1] @@ -6991,7 +6991,7 @@ add x1, x1, :lo12:L_mlkem_aarch64_q #else adrp x1, L_mlkem_aarch64_q@PAGE - add x1, x1, :lo12:L_mlkem_aarch64_q@PAGEOFF + add x1, x1, L_mlkem_aarch64_q@PAGEOFF #endif /* __APPLE__ */ ldr q20, [x1] ld4 {v0.8h, v1.8h, v2.8h, v3.8h}, [x0], #0x40 @@ -7172,7 +7172,7 @@ add x2, x2, :lo12:L_mlkem_aarch64_consts #else adrp x2, L_mlkem_aarch64_consts@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x2, x2, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x2] ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 @@ -7363,7 +7363,7 @@ add x3, x3, :lo12:L_mlkem_aarch64_consts #else adrp x3, L_mlkem_aarch64_consts@PAGE - add x3, x3, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x3, x3, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x3] ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 @@ -7594,7 +7594,7 @@ add x2, x2, :lo12:L_mlkem_aarch64_consts #else adrp x2, L_mlkem_aarch64_consts@PAGE - add x2, x2, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x2, x2, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x2] ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 @@ -7785,7 +7785,7 @@ add x1, x1, :lo12:L_mlkem_aarch64_consts #else adrp x1, L_mlkem_aarch64_consts@PAGE - add x1, x1, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x1, x1, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x1] ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 @@ -7999,7 +7999,7 @@ add x1, x1, :lo12:L_mlkem_aarch64_consts #else adrp x1, L_mlkem_aarch64_consts@PAGE - add x1, x1, :lo12:L_mlkem_aarch64_consts@PAGEOFF + add x1, x1, L_mlkem_aarch64_consts@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x1] ld4 {v1.8h, v2.8h, v3.8h, v4.8h}, [x0], #0x40 @@ -8226,21 +8226,21 @@ add x2, x2, :lo12:L_mlkem_to_msg_low #else adrp x2, L_mlkem_to_msg_low@PAGE - add x2, x2, :lo12:L_mlkem_to_msg_low@PAGEOFF + add x2, x2, L_mlkem_to_msg_low@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_to_msg_high add x3, x3, :lo12:L_mlkem_to_msg_high #else adrp x3, L_mlkem_to_msg_high@PAGE - add x3, x3, :lo12:L_mlkem_to_msg_high@PAGEOFF + add x3, x3, L_mlkem_to_msg_high@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x4, L_mlkem_to_msg_bits add x4, x4, :lo12:L_mlkem_to_msg_bits #else adrp x4, L_mlkem_to_msg_bits@PAGE - add x4, x4, :lo12:L_mlkem_to_msg_bits@PAGEOFF + add x4, x4, L_mlkem_to_msg_bits@PAGEOFF #endif /* __APPLE__ */ ldr q0, [x2] ldr q1, [x3] @@ -8506,14 +8506,14 @@ add x2, x2, :lo12:L_mlkem_from_msg_q1half #else adrp x2, L_mlkem_from_msg_q1half@PAGE - add x2, x2, :lo12:L_mlkem_from_msg_q1half@PAGEOFF + add x2, x2, L_mlkem_from_msg_q1half@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x3, L_mlkem_from_msg_bits add x3, x3, :lo12:L_mlkem_from_msg_bits #else adrp x3, L_mlkem_from_msg_bits@PAGE - add x3, x3, :lo12:L_mlkem_from_msg_bits@PAGEOFF + add x3, x3, L_mlkem_from_msg_bits@PAGEOFF #endif /* __APPLE__ */ ld1 {v2.16b, v3.16b}, [x1] ldr q1, [x2] @@ -9517,28 +9517,28 @@ add x4, x4, :lo12:L_mlkem_rej_uniform_mask #else adrp x4, L_mlkem_rej_uniform_mask@PAGE - add x4, x4, :lo12:L_mlkem_rej_uniform_mask@PAGEOFF + add x4, x4, L_mlkem_rej_uniform_mask@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x5, L_mlkem_aarch64_q add x5, x5, :lo12:L_mlkem_aarch64_q #else adrp x5, L_mlkem_aarch64_q@PAGE - add x5, x5, :lo12:L_mlkem_aarch64_q@PAGEOFF + add x5, x5, L_mlkem_aarch64_q@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x6, L_mlkem_rej_uniform_bits add x6, x6, :lo12:L_mlkem_rej_uniform_bits #else adrp x6, L_mlkem_rej_uniform_bits@PAGE - add x6, x6, :lo12:L_mlkem_rej_uniform_bits@PAGEOFF + add x6, x6, L_mlkem_rej_uniform_bits@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x7, L_mlkem_rej_uniform_indices add x7, x7, :lo12:L_mlkem_rej_uniform_indices #else adrp x7, L_mlkem_rej_uniform_indices@PAGE - add x7, x7, :lo12:L_mlkem_rej_uniform_indices@PAGEOFF + add x7, x7, L_mlkem_rej_uniform_indices@PAGEOFF #endif /* __APPLE__ */ eor v1.16b, v1.16b, v1.16b eor v12.16b, v12.16b, v12.16b @@ -9754,7 +9754,7 @@ add x27, x27, :lo12:L_sha3_aarch64_r #else adrp x27, L_sha3_aarch64_r@PAGE - add x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF + add x27, x27, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] ld4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 @@ -10079,7 +10079,7 @@ add x28, x28, :lo12:L_sha3_aarch64_r #else adrp x28, L_sha3_aarch64_r@PAGE - add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF + add x28, x28, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] add x0, x0, #32 @@ -10426,7 +10426,7 @@ add x28, x28, :lo12:L_sha3_aarch64_r #else adrp x28, L_sha3_aarch64_r@PAGE - add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF + add x28, x28, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] add x0, x0, #32 @@ -10774,7 +10774,7 @@ add x27, x27, :lo12:L_sha3_aarch64_r #else adrp x27, L_sha3_aarch64_r@PAGE - add x27, x27, :lo12:L_sha3_aarch64_r@PAGEOFF + add x27, x27, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] ld4 {v0.d, v1.d, v2.d, v3.d}[0], [x0], #32 @@ -11184,7 +11184,7 @@ add x28, x28, :lo12:L_sha3_aarch64_r #else adrp x28, L_sha3_aarch64_r@PAGE - add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF + add x28, x28, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] add x0, x0, #32 @@ -11616,7 +11616,7 @@ add x28, x28, :lo12:L_sha3_aarch64_r #else adrp x28, L_sha3_aarch64_r@PAGE - add x28, x28, :lo12:L_sha3_aarch64_r@PAGEOFF + add x28, x28, L_sha3_aarch64_r@PAGEOFF #endif /* __APPLE__ */ str x0, [x29, #40] add x0, x0, #32 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-mlkem-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -474,7 +474,7 @@ add x2, x2, :lo12:L_poly1305_set_key_arm64_clamp #else adrp x2, L_poly1305_set_key_arm64_clamp@PAGE - add x2, x2, :lo12:L_poly1305_set_key_arm64_clamp@PAGEOFF + add x2, x2, L_poly1305_set_key_arm64_clamp@PAGEOFF #endif /* __APPLE__ */ # Load key and pad. ldp x11, x12, [x1] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-poly1305-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -133,7 +133,7 @@ add x3, x3, :lo12:L_SHA256_transform_neon_len_k #else adrp x3, L_SHA256_transform_neon_len_k@PAGE - add x3, x3, :lo12:L_SHA256_transform_neon_len_k@PAGEOFF + add x3, x3, L_SHA256_transform_neon_len_k@PAGEOFF #endif /* __APPLE__ */ # Load digest into working vars ldr w4, [x0] @@ -1200,7 +1200,7 @@ add x3, x3, :lo12:L_SHA256_trans_crypto_len_k #else adrp x3, L_SHA256_trans_crypto_len_k@PAGE - add x3, x3, :lo12:L_SHA256_trans_crypto_len_k@PAGEOFF + add x3, x3, L_SHA256_trans_crypto_len_k@PAGEOFF #endif /* __APPLE__ */ # Load K into vector registers ld1 {v8.4s, v9.4s, v10.4s, v11.4s}, [x3], #0x40 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha256-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -92,7 +92,7 @@ add x1, x1, :lo12:L_SHA3_transform_crypto_r #else adrp x1, L_SHA3_transform_crypto_r@PAGE - add x1, x1, :lo12:L_SHA3_transform_crypto_r@PAGEOFF + add x1, x1, L_SHA3_transform_crypto_r@PAGEOFF #endif /* __APPLE__ */ #ifdef __APPLE__ .arch_extension sha3 @@ -268,7 +268,7 @@ add x27, x27, :lo12:L_SHA3_transform_base_r #else adrp x27, L_SHA3_transform_base_r@PAGE - add x27, x27, :lo12:L_SHA3_transform_base_r@PAGEOFF + add x27, x27, L_SHA3_transform_base_r@PAGEOFF #endif /* __APPLE__ */ ldp x1, x2, [x0] ldp x3, x4, [x0, #16] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha3-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -165,14 +165,14 @@ add x3, x3, :lo12:L_SHA512_transform_neon_len_k #else adrp x3, L_SHA512_transform_neon_len_k@PAGE - add x3, x3, :lo12:L_SHA512_transform_neon_len_k@PAGEOFF + add x3, x3, L_SHA512_transform_neon_len_k@PAGEOFF #endif /* __APPLE__ */ #ifndef __APPLE__ adrp x27, L_SHA512_transform_neon_len_r8 add x27, x27, :lo12:L_SHA512_transform_neon_len_r8 #else adrp x27, L_SHA512_transform_neon_len_r8@PAGE - add x27, x27, :lo12:L_SHA512_transform_neon_len_r8@PAGEOFF + add x27, x27, L_SHA512_transform_neon_len_r8@PAGEOFF #endif /* __APPLE__ */ ld1 {v11.16b}, [x27] # Load digest into working vars @@ -1202,7 +1202,7 @@ add x4, x4, :lo12:L_SHA512_trans_crypto_len_k #else adrp x4, L_SHA512_trans_crypto_len_k@PAGE - add x4, x4, :lo12:L_SHA512_trans_crypto_len_k@PAGEOFF + add x4, x4, L_SHA512_trans_crypto_len_k@PAGEOFF #endif /* __APPLE__ */ #ifdef __APPLE__ .arch_extension sha3 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/armv8-sha512-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* armv8-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCell.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCell.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCell.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCell.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryptoCell.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCellHash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCellHash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCellHash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/cryptoCellHash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryptoCellHash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -922,6 +922,7 @@ POP {r4, r5, r6, r7, r8, r9, r10, pc} /* Cycle Count = 340 */ .size AES_set_encrypt_key,.-AES_set_encrypt_key +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE .text .align 4 .globl AES_encrypt_block @@ -1138,6 +1139,7 @@ POP {pc} /* Cycle Count = 285 */ .size AES_encrypt_block,.-AES_encrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) .text @@ -1190,7 +1192,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_256: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_encrypt_block_nr_256 +#else + BNE.W L_AES_ECB_encrypt_block_nr_256 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1232,7 +1444,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_192: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_encrypt_block_nr_192 +#else + BNE.W L_AES_ECB_encrypt_block_nr_192 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1274,7 +1696,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_ECB_encrypt_block_nr_128: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_encrypt_block_nr_128 +#else + BNE.W L_AES_ECB_encrypt_block_nr_128 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1296,7 +1928,7 @@ L_AES_ECB_encrypt_end: POP {r3} POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 212 */ + /* Cycle Count = 1055 */ .size AES_ECB_encrypt,.-AES_ECB_encrypt #endif /* HAVE_AESCCM || HAVE_AESGCM || WOLFSSL_AES_DIRECT || * WOLFSSL_AES_COUNTER || HAVE_AES_ECB */ @@ -1346,7 +1978,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_256: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_encrypt_block_nr_256 +#else + BNE.W L_AES_CBC_encrypt_block_nr_256 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1392,7 +2234,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_192: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_encrypt_block_nr_192 +#else + BNE.W L_AES_CBC_encrypt_block_nr_192 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1438,7 +2490,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CBC_encrypt_block_nr_128: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_encrypt_block_nr_128 +#else + BNE.W L_AES_CBC_encrypt_block_nr_128 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1461,11 +2723,17 @@ POP {r3, r9} STM r9, {r4, r5, r6, r7} POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 238 */ + /* Cycle Count = 1081 */ .size AES_CBC_encrypt,.-AES_CBC_encrypt #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER .text + .type L_AES_Thumb2_te_ctr, %object + .size L_AES_Thumb2_te_ctr, 12 + .align 4 +L_AES_Thumb2_te_ctr: + .word L_AES_Thumb2_te_data + .text .align 4 .globl AES_CTR_encrypt .type AES_CTR_encrypt, %function @@ -1474,7 +2742,7 @@ LDR r12, [sp, #36] LDR r8, [sp, #40] MOV lr, r0 - LDR r0, L_AES_Thumb2_te_ecb + LDR r0, L_AES_Thumb2_te_ctr LDM r8, {r4, r5, r6, r7} REV r4, r4 REV r5, r5 @@ -1509,7 +2777,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CTR_encrypt_block_nr_256: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CTR_encrypt_block_nr_256 +#else + BNE.W L_AES_CTR_encrypt_block_nr_256 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1559,7 +3037,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CTR_encrypt_block_nr_192: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CTR_encrypt_block_nr_192 +#else + BNE.W L_AES_CTR_encrypt_block_nr_192 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1609,7 +3297,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_CTR_encrypt_block_nr_128: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CTR_encrypt_block_nr_128 +#else + BNE.W L_AES_CTR_encrypt_block_nr_128 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -1646,12 +3544,13 @@ REV r7, r7 STM r8, {r4, r5, r6, r7} POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 293 */ + /* Cycle Count = 1136 */ .size AES_CTR_encrypt,.-AES_CTR_encrypt #endif /* WOLFSSL_AES_COUNTER */ #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE .text .align 4 .globl AES_decrypt_block @@ -1868,6 +3767,7 @@ POP {pc} /* Cycle Count = 285 */ .size AES_decrypt_block,.-AES_decrypt_block +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ .text .type L_AES_Thumb2_td_ecb, %object .size L_AES_Thumb2_td_ecb, 12 @@ -2176,7 +4076,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_256: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_decrypt_block_nr_256 +#else + BNE.W L_AES_ECB_decrypt_block_nr_256 +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r3, r12, lr} REV r4, r4 REV r5, r5 @@ -2217,7 +4327,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_192: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_decrypt_block_nr_192 +#else + BNE.W L_AES_ECB_decrypt_block_nr_192 +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r3, r12, lr} REV r4, r4 REV r5, r5 @@ -2258,7 +4578,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_ECB_decrypt_block_nr_128: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_ECB_decrypt_block_nr_128 +#else + BNE.W L_AES_ECB_decrypt_block_nr_128 +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r3, r12, lr} REV r4, r4 REV r5, r5 @@ -2278,7 +4808,7 @@ #endif L_AES_ECB_decrypt_end: POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 210 */ + /* Cycle Count = 1053 */ .size AES_ECB_decrypt,.-AES_ECB_decrypt #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || defined(HAVE_AES_ECB) */ #ifdef HAVE_AES_CBC @@ -2327,7 +4857,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_256_odd: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_256_odd +#else + BNE.W L_AES_CBC_decrypt_block_nr_256_odd +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2371,7 +5111,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_256_even: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_256_even +#else + BNE.W L_AES_CBC_decrypt_block_nr_256_even +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2422,7 +5372,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_192_odd: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_192_odd +#else + BNE.W L_AES_CBC_decrypt_block_nr_192_odd +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2466,7 +5626,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_192_even: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_192_even +#else + BNE.W L_AES_CBC_decrypt_block_nr_192_even +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2517,7 +5887,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_128_odd: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_128_odd +#else + BNE.W L_AES_CBC_decrypt_block_nr_128_odd +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2561,7 +6141,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_decrypt_block +#else +L_AES_CBC_decrypt_block_nr_128_even: + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #16, #8 + LSR r7, r8, #24 + UBFX r12, r10, #8, #8 + UBFX lr, r9, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r5, r8, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, r12, ROR #8 + UBFX r12, r11, #8, #8 + EOR r4, r4, lr, ROR #16 + UBFX lr, r10, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r6, r9, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, r12, ROR #8 + UBFX r12, r8, #8, #8 + EOR r5, r5, lr, ROR #16 + UBFX lr, r11, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r8, r8, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r10, #16, #8 + EOR r6, r6, r12, ROR #8 + LSR r12, r11, #24 + EOR r6, r6, lr, ROR #16 + UBFX lr, r9, #8, #8 + LDR r8, [r0, r8, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r8, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #8 + EOR r7, r7, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_CBC_decrypt_block_nr_128_even +#else + BNE.W L_AES_CBC_decrypt_block_nr_128_even +#endif + UBFX r8, r7, #16, #8 + LSR r11, r4, #24 + UBFX r12, r6, #8, #8 + UBFX lr, r5, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r9, r4, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, r12, ROR #8 + UBFX r12, r7, #8, #8 + EOR r8, r8, lr, ROR #16 + UBFX lr, r6, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r10, r5, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, r12, ROR #8 + UBFX r12, r4, #8, #8 + EOR r9, r9, lr, ROR #16 + UBFX lr, r7, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR lr, [r0, lr, LSL #2] + UBFX r4, r4, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r6, #16, #8 + EOR r10, r10, r12, ROR #8 + LSR r12, r7, #24 + EOR r10, r10, lr, ROR #16 + UBFX lr, r5, #8, #8 + LDR r4, [r0, r4, LSL #2] + LDR r12, [r0, r12, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + EOR r12, r12, r4, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #8 + EOR r11, r11, r12, ROR #24 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #0, #8 + UBFX r7, r10, #8, #8 + UBFX r12, r11, #16, #8 + LSR lr, r8, #24 + LDRB r4, [r2, r4] + LDRB r7, [r2, r7] + LDRB r12, [r2, r12] + LDRB lr, [r2, lr] + UBFX r5, r10, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, r12, LSL #16 + UBFX r12, r8, #16, #8 + EOR r4, r4, lr, LSL #24 + LSR lr, r9, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r5, [r2, r5] + LDRB r12, [r2, r12] + UBFX r6, r11, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, r12, LSL #16 + UBFX r12, r9, #16, #8 + EOR r5, r5, lr, LSL #24 + LSR lr, r10, #24 + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + LDRB r6, [r2, r6] + LDRB r12, [r2, r12] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r8, #0, #8 + EOR r6, r6, r12, LSL #16 + UBFX r12, r9, #8, #8 + EOR r6, r6, lr, LSL #24 + UBFX lr, r10, #16, #8 + LDRB r11, [r2, r11] + LDRB r12, [r2, r12] + LDRB r7, [r2, r7] + LDRB lr, [r2, lr] + EOR r12, r12, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, r12, LSL #8 + EOR r7, r7, lr, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ LDR lr, [sp, #16] REV r4, r4 REV r5, r5 @@ -2601,7 +6391,7 @@ L_AES_CBC_decrypt_end: POP {r3, r4} POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 518 */ + /* Cycle Count = 2204 */ .size AES_CBC_decrypt,.-AES_CBC_decrypt #endif /* HAVE_AES_CBC */ #endif /* WOLFSSL_AES_DIRECT || WOLFSSL_AES_COUNTER || HAVE_AES_CBC @@ -3236,7 +7026,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x6 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_256: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_GCM_encrypt_block_nr_256 +#else + BNE.W L_AES_GCM_encrypt_block_nr_256 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -3283,7 +7283,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x5 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_192: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_GCM_encrypt_block_nr_192 +#else + BNE.W L_AES_GCM_encrypt_block_nr_192 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -3330,7 +7540,217 @@ EOR r6, r6, r10 EOR r7, r7, r11 MOV r1, #0x4 +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE BL AES_encrypt_block +#else +L_AES_GCM_encrypt_block_nr_128: + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r9, #16, #8 + LSR r7, r8, #24 + UBFX lr, r10, #8, #8 + UBFX r2, r11, #0, #8 + LDR r4, [r0, r4, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r5, r10, #16, #8 + EOR r4, r4, r7, ROR #24 + LSR r7, r9, #24 + EOR r4, r4, lr, ROR #8 + UBFX lr, r11, #8, #8 + EOR r4, r4, r2, ROR #16 + UBFX r2, r8, #0, #8 + LDR r5, [r0, r5, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r11, #16, #8 + EOR r5, r5, r7, ROR #24 + LSR r7, r10, #24 + EOR r5, r5, lr, ROR #8 + UBFX lr, r8, #8, #8 + EOR r5, r5, r2, ROR #16 + UBFX r2, r9, #0, #8 + LDR r6, [r0, r6, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r10, #0, #8 + EOR r6, r6, r7, ROR #24 + UBFX r7, r8, #16, #8 + EOR r6, r6, lr, ROR #8 + LSR lr, r11, #24 + EOR r6, r6, r2, ROR #16 + UBFX r2, r9, #8, #8 + LDR r10, [r0, r10, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r7, [r0, r7, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r10, ROR #24 + LDM r3!, {r8, r9, r10, r11} + EOR r7, r7, lr, ROR #24 + EOR r7, r7, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 + SUBS r1, r1, #0x1 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_AES_GCM_encrypt_block_nr_128 +#else + BNE.W L_AES_GCM_encrypt_block_nr_128 +#endif + UBFX r8, r5, #16, #8 + LSR r11, r4, #24 + UBFX lr, r6, #8, #8 + UBFX r2, r7, #0, #8 + LDR r8, [r0, r8, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r9, r6, #16, #8 + EOR r8, r8, r11, ROR #24 + LSR r11, r5, #24 + EOR r8, r8, lr, ROR #8 + UBFX lr, r7, #8, #8 + EOR r8, r8, r2, ROR #16 + UBFX r2, r4, #0, #8 + LDR r9, [r0, r9, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r10, r7, #16, #8 + EOR r9, r9, r11, ROR #24 + LSR r11, r6, #24 + EOR r9, r9, lr, ROR #8 + UBFX lr, r4, #8, #8 + EOR r9, r9, r2, ROR #16 + UBFX r2, r5, #0, #8 + LDR r10, [r0, r10, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r2, [r0, r2, LSL #2] + UBFX r6, r6, #0, #8 + EOR r10, r10, r11, ROR #24 + UBFX r11, r4, #16, #8 + EOR r10, r10, lr, ROR #8 + LSR lr, r7, #24 + EOR r10, r10, r2, ROR #16 + UBFX r2, r5, #8, #8 + LDR r6, [r0, r6, LSL #2] + LDR lr, [r0, lr, LSL #2] + LDR r11, [r0, r11, LSL #2] + LDR r2, [r0, r2, LSL #2] + EOR lr, lr, r6, ROR #24 + LDM r3!, {r4, r5, r6, r7} + EOR r11, r11, lr, ROR #24 + EOR r11, r11, r2, ROR #8 + /* XOR in Key Schedule */ + EOR r8, r8, r4 + EOR r9, r9, r5 + EOR r10, r10, r6 + EOR r11, r11, r7 + UBFX r4, r11, #0, #8 + UBFX r7, r10, #8, #8 + UBFX lr, r9, #16, #8 + LSR r2, r8, #24 + LDRB r4, [r0, r4, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r5, r8, #0, #8 + EOR r4, r4, r7, LSL #8 + UBFX r7, r11, #8, #8 + EOR r4, r4, lr, LSL #16 + UBFX lr, r10, #16, #8 + EOR r4, r4, r2, LSL #24 + LSR r2, r9, #24 + LDRB r5, [r0, r5, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + UBFX r6, r9, #0, #8 + EOR r5, r5, r7, LSL #8 + UBFX r7, r8, #8, #8 + EOR r5, r5, lr, LSL #16 + UBFX lr, r11, #16, #8 + EOR r5, r5, r2, LSL #24 + LSR r2, r10, #24 + LDRB r6, [r0, r6, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + LSR r11, r11, #24 + EOR r6, r6, r7, LSL #8 + UBFX r7, r10, #0, #8 + EOR r6, r6, lr, LSL #16 + UBFX lr, r9, #8, #8 + EOR r6, r6, r2, LSL #24 + UBFX r2, r8, #16, #8 + LDRB r11, [r0, r11, LSL #2] + LDRB r7, [r0, r7, LSL #2] + LDRB lr, [r0, lr, LSL #2] + LDRB r2, [r0, r2, LSL #2] + EOR lr, lr, r11, LSL #16 + LDM r3, {r8, r9, r10, r11} + EOR r7, r7, lr, LSL #8 + EOR r7, r7, r2, LSL #16 + /* XOR in Key Schedule */ + EOR r4, r4, r8 + EOR r5, r5, r9 + EOR r6, r6, r10 + EOR r7, r7, r11 +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ POP {r1, r2, lr} LDR r3, [sp] REV r4, r4 @@ -3367,7 +7787,7 @@ REV r7, r7 STM r8, {r4, r5, r6, r7} POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 275 */ + /* Cycle Count = 1118 */ .size AES_GCM_encrypt,.-AES_GCM_encrypt #endif /* HAVE_AESGCM */ #endif /* !NO_AES */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-aes-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-aes-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -637,6 +637,7 @@ ); } +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE void AES_encrypt_block(const word32* te, int nr, int len, const word32* ks); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void AES_encrypt_block(const word32* te_p, int nr_p, @@ -874,6 +875,7 @@ ); } +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ #if defined(HAVE_AES_CBC) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM) || \ defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) static const word32* L_AES_Thumb2_te_ecb = L_AES_Thumb2_te_data; @@ -956,7 +958,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_block_nr_256:\n\t" +#else + "L_AES_ECB_encrypt_block_nr_256_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_block_nr_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_block_nr_256\n\t" +#else + "BNE.W L_AES_ECB_encrypt_block_nr_256_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1012,7 +1231,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_block_nr_192:\n\t" +#else + "L_AES_ECB_encrypt_block_nr_192_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_block_nr_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_block_nr_192\n\t" +#else + "BNE.W L_AES_ECB_encrypt_block_nr_192_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1068,7 +1504,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_encrypt_block_nr_128:\n\t" +#else + "L_AES_ECB_encrypt_block_nr_128_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_encrypt_block_nr_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_encrypt_block_nr_128\n\t" +#else + "BNE.W L_AES_ECB_encrypt_block_nr_128_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1192,7 +1845,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_block_nr_256:\n\t" +#else + "L_AES_CBC_encrypt_block_nr_256_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_block_nr_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_block_nr_256\n\t" +#else + "BNE.W L_AES_CBC_encrypt_block_nr_256_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1252,7 +2122,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_block_nr_192:\n\t" +#else + "L_AES_CBC_encrypt_block_nr_192_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_block_nr_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_block_nr_192\n\t" +#else + "BNE.W L_AES_CBC_encrypt_block_nr_192_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1312,7 +2399,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_encrypt_block_nr_128:\n\t" +#else + "L_AES_CBC_encrypt_block_nr_128_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_encrypt_block_nr_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_encrypt_block_nr_128\n\t" +#else + "BNE.W L_AES_CBC_encrypt_block_nr_128_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1351,6 +2655,7 @@ #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER +static const word32* L_AES_Thumb2_te_ctr = L_AES_Thumb2_te_data; void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -1372,11 +2677,11 @@ (const unsigned char*)ks_p; register int nr __asm__ ("r4") = (int)nr_p; register unsigned char* ctr __asm__ ("r5") = (unsigned char*)ctr_p; - register word32* L_AES_Thumb2_te_ecb_c __asm__ ("r6") = - (word32*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ctr_c __asm__ ("r6") = + (word32*)L_AES_Thumb2_te_ctr; #else - register word32* L_AES_Thumb2_te_ecb_c = (word32*)L_AES_Thumb2_te_ecb; + register word32* L_AES_Thumb2_te_ctr_c = (word32*)L_AES_Thumb2_te_ctr; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -1392,7 +2697,7 @@ "MOV r8, %[ctr]\n\t" #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ "MOV lr, %[in]\n\t" - "MOV r0, %[L_AES_Thumb2_te_ecb]\n\t" + "MOV r0, %[L_AES_Thumb2_te_ctr]\n\t" "LDM r8, {r4, r5, r6, r7}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -1436,7 +2741,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_block_nr_256:\n\t" +#else + "L_AES_CTR_encrypt_block_nr_256_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_block_nr_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_block_nr_256\n\t" +#else + "BNE.W L_AES_CTR_encrypt_block_nr_256_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1500,7 +3022,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_block_nr_192:\n\t" +#else + "L_AES_CTR_encrypt_block_nr_192_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_block_nr_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_block_nr_192\n\t" +#else + "BNE.W L_AES_CTR_encrypt_block_nr_192_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1564,7 +3303,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CTR_encrypt_block_nr_128:\n\t" +#else + "L_AES_CTR_encrypt_block_nr_128_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CTR_encrypt_block_nr_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CTR_encrypt_block_nr_128\n\t" +#else + "BNE.W L_AES_CTR_encrypt_block_nr_128_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -1609,7 +3565,7 @@ "STM r8, {r4, r5, r6, r7}\n\t" : [in] "+r" (in), [out] "+r" (out), [len] "+r" (len), [ks] "+r" (ks), [nr] "+r" (nr), [ctr] "+r" (ctr), - [L_AES_Thumb2_te_ecb] "+r" (L_AES_Thumb2_te_ecb_c) + [L_AES_Thumb2_te_ctr] "+r" (L_AES_Thumb2_te_ctr_c) : : "memory", "cc", "r12", "lr", "r7", "r8", "r9", "r10", "r11" ); @@ -1619,6 +3575,7 @@ #ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_COUNTER) || \ defined(HAVE_AES_CBC) || defined(HAVE_AES_ECB) +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE void AES_decrypt_block(const word32* td, int nr, const byte* td4); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void AES_decrypt_block(const word32* td_p, int nr_p, @@ -1855,6 +3812,7 @@ ); } +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ static const word32* L_AES_Thumb2_td_ecb = L_AES_Thumb2_td_data; static const byte L_AES_Thumb2_td4[] = { 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, @@ -1972,7 +3930,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_block_nr_256:\n\t" +#else + "L_AES_ECB_decrypt_block_nr_256_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_block_nr_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_block_nr_256\n\t" +#else + "BNE.W L_AES_ECB_decrypt_block_nr_256_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[ks], r12, lr}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2027,7 +4202,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_block_nr_192:\n\t" +#else + "L_AES_ECB_decrypt_block_nr_192_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_block_nr_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_block_nr_192\n\t" +#else + "BNE.W L_AES_ECB_decrypt_block_nr_192_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[ks], r12, lr}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2082,7 +4474,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_ECB_decrypt_block_nr_128:\n\t" +#else + "L_AES_ECB_decrypt_block_nr_128_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_ECB_decrypt_block_nr_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_ECB_decrypt_block_nr_128\n\t" +#else + "BNE.W L_AES_ECB_decrypt_block_nr_128_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[ks], r12, lr}\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2209,7 +4818,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_256_odd:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_256_odd_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_256_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_256_odd\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_256_odd_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2255,7 +5081,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_256_even:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_256_even_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_256_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_256_even\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_256_even_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2315,7 +5358,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_192_odd:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_192_odd_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_192_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_192_odd\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_192_odd_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2361,7 +5621,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_192_even:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_192_even_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_192_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_192_even\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_192_even_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2421,7 +5898,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_128_odd:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_128_odd_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_128_odd_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_128_odd\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_128_odd_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -2467,7 +6161,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_decrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_CBC_decrypt_block_nr_128_even:\n\t" +#else + "L_AES_CBC_decrypt_block_nr_128_even_%=:\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX r12, r10, #8, #8\n\t" + "UBFX lr, r9, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r5, r8, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, r12, ROR #8\n\t" + "UBFX r12, r11, #8, #8\n\t" + "EOR r4, r4, lr, ROR #16\n\t" + "UBFX lr, r10, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r6, r9, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, r12, ROR #8\n\t" + "UBFX r12, r8, #8, #8\n\t" + "EOR r5, r5, lr, ROR #16\n\t" + "UBFX lr, r11, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r8, r8, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r10, #16, #8\n\t" + "EOR r6, r6, r12, ROR #8\n\t" + "LSR r12, r11, #24\n\t" + "EOR r6, r6, lr, ROR #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r8, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #8\n\t" + "EOR r7, r7, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_CBC_decrypt_block_nr_128_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_CBC_decrypt_block_nr_128_even\n\t" +#else + "BNE.W L_AES_CBC_decrypt_block_nr_128_even_%=\n\t" +#endif + "UBFX r8, r7, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX r12, r6, #8, #8\n\t" + "UBFX lr, r5, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r9, r4, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, r12, ROR #8\n\t" + "UBFX r12, r7, #8, #8\n\t" + "EOR r8, r8, lr, ROR #16\n\t" + "UBFX lr, r6, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r10, r5, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, r12, ROR #8\n\t" + "UBFX r12, r4, #8, #8\n\t" + "EOR r9, r9, lr, ROR #16\n\t" + "UBFX lr, r7, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "UBFX r4, r4, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r6, #16, #8\n\t" + "EOR r10, r10, r12, ROR #8\n\t" + "LSR r12, r7, #24\n\t" + "EOR r10, r10, lr, ROR #16\n\t" + "UBFX lr, r5, #8, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r12, [r0, r12, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "EOR r12, r12, r4, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #8\n\t" + "EOR r11, r11, r12, ROR #24\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX r12, r11, #16, #8\n\t" + "LSR lr, r8, #24\n\t" + "LDRB r4, [r2, r4]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB lr, [r2, lr]\n\t" + "UBFX r5, r10, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, r12, LSL #16\n\t" + "UBFX r12, r8, #16, #8\n\t" + "EOR r4, r4, lr, LSL #24\n\t" + "LSR lr, r9, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r5, [r2, r5]\n\t" + "LDRB r12, [r2, r12]\n\t" + "UBFX r6, r11, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, r12, LSL #16\n\t" + "UBFX r12, r9, #16, #8\n\t" + "EOR r5, r5, lr, LSL #24\n\t" + "LSR lr, r10, #24\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "LDRB r6, [r2, r6]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r8, #0, #8\n\t" + "EOR r6, r6, r12, LSL #16\n\t" + "UBFX r12, r9, #8, #8\n\t" + "EOR r6, r6, lr, LSL #24\n\t" + "UBFX lr, r10, #16, #8\n\t" + "LDRB r11, [r2, r11]\n\t" + "LDRB r12, [r2, r12]\n\t" + "LDRB r7, [r2, r7]\n\t" + "LDRB lr, [r2, lr]\n\t" + "EOR r12, r12, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, r12, LSL #8\n\t" + "EOR r7, r7, lr, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "LDR lr, [sp, #16]\n\t" "REV r4, r4\n\t" "REV r5, r5\n\t" @@ -3216,7 +7127,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x6\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_block_nr_256:\n\t" +#else + "L_AES_GCM_encrypt_block_nr_256_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_block_nr_256_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_block_nr_256\n\t" +#else + "BNE.W L_AES_GCM_encrypt_block_nr_256_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -3277,7 +7405,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x5\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_block_nr_192:\n\t" +#else + "L_AES_GCM_encrypt_block_nr_192_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_block_nr_192_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_block_nr_192\n\t" +#else + "BNE.W L_AES_GCM_encrypt_block_nr_192_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" @@ -3338,7 +7683,224 @@ "EOR r6, r6, r10\n\t" "EOR r7, r7, r11\n\t" "MOV r1, #0x4\n\t" +#ifndef WOLFSSL_ARMASM_AES_BLOCK_INLINE "BL AES_encrypt_block\n\t" +#else + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_AES_GCM_encrypt_block_nr_128:\n\t" +#else + "L_AES_GCM_encrypt_block_nr_128_%=:\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r9, #16, #8\n\t" + "LSR r7, r8, #24\n\t" + "UBFX lr, r10, #8, #8\n\t" + "UBFX r2, r11, #0, #8\n\t" + "LDR r4, [r0, r4, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r10, #16, #8\n\t" + "EOR r4, r4, r7, ROR #24\n\t" + "LSR r7, r9, #24\n\t" + "EOR r4, r4, lr, ROR #8\n\t" + "UBFX lr, r11, #8, #8\n\t" + "EOR r4, r4, r2, ROR #16\n\t" + "UBFX r2, r8, #0, #8\n\t" + "LDR r5, [r0, r5, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r11, #16, #8\n\t" + "EOR r5, r5, r7, ROR #24\n\t" + "LSR r7, r10, #24\n\t" + "EOR r5, r5, lr, ROR #8\n\t" + "UBFX lr, r8, #8, #8\n\t" + "EOR r5, r5, r2, ROR #16\n\t" + "UBFX r2, r9, #0, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r10, #0, #8\n\t" + "EOR r6, r6, r7, ROR #24\n\t" + "UBFX r7, r8, #16, #8\n\t" + "EOR r6, r6, lr, ROR #8\n\t" + "LSR lr, r11, #24\n\t" + "EOR r6, r6, r2, ROR #16\n\t" + "UBFX r2, r9, #8, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r7, [r0, r7, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r10, ROR #24\n\t" + "LDM %[ks]!, {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, ROR #24\n\t" + "EOR r7, r7, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" + "SUBS r1, r1, #0x1\n\t" +#if defined(__GNUC__) + "BNE L_AES_GCM_encrypt_block_nr_128_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_AES_GCM_encrypt_block_nr_128\n\t" +#else + "BNE.W L_AES_GCM_encrypt_block_nr_128_%=\n\t" +#endif + "UBFX r8, r5, #16, #8\n\t" + "LSR r11, r4, #24\n\t" + "UBFX lr, r6, #8, #8\n\t" + "UBFX r2, r7, #0, #8\n\t" + "LDR r8, [r0, r8, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r9, r6, #16, #8\n\t" + "EOR r8, r8, r11, ROR #24\n\t" + "LSR r11, r5, #24\n\t" + "EOR r8, r8, lr, ROR #8\n\t" + "UBFX lr, r7, #8, #8\n\t" + "EOR r8, r8, r2, ROR #16\n\t" + "UBFX r2, r4, #0, #8\n\t" + "LDR r9, [r0, r9, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r10, r7, #16, #8\n\t" + "EOR r9, r9, r11, ROR #24\n\t" + "LSR r11, r6, #24\n\t" + "EOR r9, r9, lr, ROR #8\n\t" + "UBFX lr, r4, #8, #8\n\t" + "EOR r9, r9, r2, ROR #16\n\t" + "UBFX r2, r5, #0, #8\n\t" + "LDR r10, [r0, r10, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r6, #0, #8\n\t" + "EOR r10, r10, r11, ROR #24\n\t" + "UBFX r11, r4, #16, #8\n\t" + "EOR r10, r10, lr, ROR #8\n\t" + "LSR lr, r7, #24\n\t" + "EOR r10, r10, r2, ROR #16\n\t" + "UBFX r2, r5, #8, #8\n\t" + "LDR r6, [r0, r6, LSL #2]\n\t" + "LDR lr, [r0, lr, LSL #2]\n\t" + "LDR r11, [r0, r11, LSL #2]\n\t" + "LDR r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r6, ROR #24\n\t" + "LDM %[ks]!, {r4, r5, r6, r7}\n\t" + "EOR r11, r11, lr, ROR #24\n\t" + "EOR r11, r11, r2, ROR #8\n\t" + /* XOR in Key Schedule */ + "EOR r8, r8, r4\n\t" + "EOR r9, r9, r5\n\t" + "EOR r10, r10, r6\n\t" + "EOR r11, r11, r7\n\t" + "UBFX r4, r11, #0, #8\n\t" + "UBFX r7, r10, #8, #8\n\t" + "UBFX lr, r9, #16, #8\n\t" + "LSR r2, r8, #24\n\t" + "LDRB r4, [r0, r4, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r5, r8, #0, #8\n\t" + "EOR r4, r4, r7, LSL #8\n\t" + "UBFX r7, r11, #8, #8\n\t" + "EOR r4, r4, lr, LSL #16\n\t" + "UBFX lr, r10, #16, #8\n\t" + "EOR r4, r4, r2, LSL #24\n\t" + "LSR r2, r9, #24\n\t" + "LDRB r5, [r0, r5, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "UBFX r6, r9, #0, #8\n\t" + "EOR r5, r5, r7, LSL #8\n\t" + "UBFX r7, r8, #8, #8\n\t" + "EOR r5, r5, lr, LSL #16\n\t" + "UBFX lr, r11, #16, #8\n\t" + "EOR r5, r5, r2, LSL #24\n\t" + "LSR r2, r10, #24\n\t" + "LDRB r6, [r0, r6, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "LSR r11, r11, #24\n\t" + "EOR r6, r6, r7, LSL #8\n\t" + "UBFX r7, r10, #0, #8\n\t" + "EOR r6, r6, lr, LSL #16\n\t" + "UBFX lr, r9, #8, #8\n\t" + "EOR r6, r6, r2, LSL #24\n\t" + "UBFX r2, r8, #16, #8\n\t" + "LDRB r11, [r0, r11, LSL #2]\n\t" + "LDRB r7, [r0, r7, LSL #2]\n\t" + "LDRB lr, [r0, lr, LSL #2]\n\t" + "LDRB r2, [r0, r2, LSL #2]\n\t" + "EOR lr, lr, r11, LSL #16\n\t" + "LDM %[ks], {r8, r9, r10, r11}\n\t" + "EOR r7, r7, lr, LSL #8\n\t" + "EOR r7, r7, r2, LSL #16\n\t" + /* XOR in Key Schedule */ + "EOR r4, r4, r8\n\t" + "EOR r5, r5, r9\n\t" + "EOR r6, r6, r10\n\t" + "EOR r7, r7, r11\n\t" +#endif /* !WOLFSSL_ARMASM_AES_BLOCK_INLINE */ "POP {r1, %[len], lr}\n\t" "LDR %[ks], [sp]\n\t" "REV r4, r4\n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -92,9 +92,9 @@ STM r0!, {r3, r4, r5, r6} /* Next 16 bytes of key. */ #if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - BEQ L_chacha_thumb2_setkey_same_keyb_ytes + BEQ L_chacha_thumb2_setkey_same_key_bytes #else - BEQ.N L_chacha_thumb2_setkey_same_keyb_ytes + BEQ.N L_chacha_thumb2_setkey_same_key_bytes #endif /* Update key pointer for next 16 bytes. */ ADD r1, r1, r2 @@ -102,7 +102,7 @@ LDR r4, [r1, #4] LDR r5, [r1, #8] LDR r6, [r1, #12] -L_chacha_thumb2_setkey_same_keyb_ytes: +L_chacha_thumb2_setkey_same_key_bytes: STM r0, {r3, r4, r5, r6} POP {r4, r5, r6, r7, pc} /* Cycle Count = 60 */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-chacha-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-chacha-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -124,11 +124,11 @@ "STM %[x]!, {r3, r4, r5, r6}\n\t" /* Next 16 bytes of key. */ #if defined(__GNUC__) - "BEQ L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t" + "BEQ L_chacha_thumb2_setkey_same_key_bytes_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BEQ.N L_chacha_thumb2_setkey_same_keyb_ytes\n\t" + "BEQ.N L_chacha_thumb2_setkey_same_key_bytes\n\t" #else - "BEQ.N L_chacha_thumb2_setkey_same_keyb_ytes_%=\n\t" + "BEQ.N L_chacha_thumb2_setkey_same_key_bytes_%=\n\t" #endif /* Update key pointer for next 16 bytes. */ "ADD %[key], %[key], %[keySz]\n\t" @@ -138,9 +138,9 @@ "LDR r6, [%[key], #12]\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_chacha_thumb2_setkey_same_keyb_ytes:\n\t" + "L_chacha_thumb2_setkey_same_key_bytes:\n\t" #else - "L_chacha_thumb2_setkey_same_keyb_ytes_%=:\n\t" + "L_chacha_thumb2_setkey_same_key_bytes_%=:\n\t" #endif "STM %[x], {r3, r4, r5, r6}\n\t" : [x] "+r" (x), [key] "+r" (key), [keySz] "+r" (keySz), diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -227,7 +227,7 @@ POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 24 */ .size fe_add,.-fe_add -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) .text .align 4 .globl fe_frombytes @@ -430,7 +430,7 @@ POP {r4, r5, pc} /* Cycle Count = 31 */ .size fe_isnegative,.-fe_isnegative -#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) +#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WC_NO_CACHE_RESISTANT .text .align 4 @@ -1507,8 +1507,8 @@ /* Cycle Count = 160 */ .size fe_cmov_table,.-fe_cmov_table #endif /* WC_NO_CACHE_RESISTANT */ -#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN || WOLFSSL_CURVE25519_USE_ED25519 */ +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ #ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 @@ -3272,7 +3272,7 @@ .size curve25519,.-curve25519 #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_CURVE25519 */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) .text .align 4 .globl fe_invert @@ -4533,6 +4533,8 @@ POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} /* Cycle Count = 138 */ .size ge_sub,.-ge_sub +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ +#ifdef HAVE_ED25519 #ifdef WOLFSSL_ARM_ARCH_7M .text .align 4 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-curve25519_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-curve25519 * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -296,7 +296,7 @@ ); } -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void fe_frombytes(fe out_p, const unsigned char* in_p) #else @@ -571,17 +571,18 @@ return (word32)(size_t)a; } -#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) +#if defined(HAVE_ED25519_MAKE_KEY) || defined(HAVE_ED25519_SIGN) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WC_NO_CACHE_RESISTANT #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, const fe* base_p, + signed char b_p) #else -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, fe* base, signed char b) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register fe* r __asm__ ("r0") = (fe*)r_p; - register fe* base __asm__ ("r1") = (fe*)base_p; + register const fe* base __asm__ ("r1") = (const fe*)base_p; register signed char b __asm__ ("r2") = (signed char)b_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -1558,14 +1559,15 @@ #else #ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, fe* base_p, signed char b_p) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r_p, const fe* base_p, + signed char b_p) #else -WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, fe* base, signed char b) +WC_OMIT_FRAME_POINTER void fe_cmov_table(fe* r, const fe* base, signed char b) #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ { #ifndef WOLFSSL_NO_VAR_ASSIGN_REG register fe* r __asm__ ("r0") = (fe*)r_p; - register fe* base __asm__ ("r1") = (fe*)base_p; + register const fe* base __asm__ ("r1") = (const fe*)base_p; register signed char b __asm__ ("r2") = (signed char)b_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ @@ -1670,8 +1672,8 @@ } #endif /* WC_NO_CACHE_RESISTANT */ -#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN */ -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519_MAKE_KEY || HAVE_ED25519_SIGN || WOLFSSL_CURVE25519_USE_ED25519 */ +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ #ifdef WOLFSSL_ARM_ARCH_7M void fe_mul_op(void); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -3663,7 +3665,7 @@ #endif /* WC_NO_CACHE_RESISTANT */ #endif /* HAVE_CURVE25519 */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void fe_invert(fe r_p, const fe a_p) #else @@ -5156,6 +5158,8 @@ ); } +#endif /* HAVE_ED25519 || WOLFSSL_CURVE25519_USE_ED25519 */ +#ifdef HAVE_ED25519 #ifdef WOLFSSL_ARM_ARCH_7M #ifndef WOLFSSL_NO_VAR_ASSIGN_REG WC_OMIT_FRAME_POINTER void sc_reduce(byte* s_p) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-mlkem-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-mlkem-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-poly1305-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-poly1305-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -110,7 +110,7 @@ Transform_Sha256_Len_base: PUSH {r4, r5, r6, r7, r8, r9, r10, r11, lr} SUB sp, sp, #0xc0 - ADR r3, L_SHA256_transform_len_k + ADR r12, L_SHA256_transform_len_k /* Copy digest to add in at end */ LDRD r4, r5, [r0] LDRD r6, r7, [r0, #8] @@ -166,9 +166,10 @@ LDR r11, [r0, #4] LDR r4, [r0, #8] EOR r11, r11, r4 - MOV r12, #0x3 +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + MOV r3, #0x3 /* Start of 16 rounds */ -L_SHA256_transform_len_start: +L_SHA256_transform_len_start_fast: /* Round 0 */ LDR r5, [r0, #16] LDR r6, [r0, #20] @@ -183,7 +184,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp] - LDR r6, [r3] + LDR r6, [r12] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0] @@ -230,7 +231,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #4] - LDR r6, [r3, #4] + LDR r6, [r12, #4] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #28] @@ -277,7 +278,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #8] - LDR r6, [r3, #8] + LDR r6, [r12, #8] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #24] @@ -324,7 +325,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #12] - LDR r6, [r3, #12] + LDR r6, [r12, #12] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #20] @@ -371,7 +372,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #16] - LDR r6, [r3, #16] + LDR r6, [r12, #16] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #16] @@ -418,7 +419,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #20] - LDR r6, [r3, #20] + LDR r6, [r12, #20] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #12] @@ -465,7 +466,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #24] - LDR r6, [r3, #24] + LDR r6, [r12, #24] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #8] @@ -512,7 +513,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #28] - LDR r6, [r3, #28] + LDR r6, [r12, #28] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #4] @@ -559,7 +560,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #32] - LDR r6, [r3, #32] + LDR r6, [r12, #32] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0] @@ -606,7 +607,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #36] - LDR r6, [r3, #36] + LDR r6, [r12, #36] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #28] @@ -653,7 +654,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #40] - LDR r6, [r3, #40] + LDR r6, [r12, #40] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #24] @@ -700,7 +701,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #44] - LDR r6, [r3, #44] + LDR r6, [r12, #44] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #20] @@ -747,7 +748,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #48] - LDR r6, [r3, #48] + LDR r6, [r12, #48] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #16] @@ -794,7 +795,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #52] - LDR r6, [r3, #52] + LDR r6, [r12, #52] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #12] @@ -841,7 +842,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #56] - LDR r6, [r3, #56] + LDR r6, [r12, #56] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #8] @@ -888,7 +889,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #60] - LDR r6, [r3, #60] + LDR r6, [r12, #60] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #4] @@ -921,12 +922,12 @@ ADD r4, r4, r5 ADD r9, r9, r4 STR r9, [sp, #60] - ADD r3, r3, #0x40 - SUBS r12, r12, #0x1 + ADD r12, r12, #0x40 + SUBS r3, r3, #0x1 #if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - BNE L_SHA256_transform_len_start + BNE L_SHA256_transform_len_start_fast #else - BNE.W L_SHA256_transform_len_start + BNE.W L_SHA256_transform_len_start_fast #endif /* Round 0 */ LDR r5, [r0, #16] @@ -942,7 +943,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp] - LDR r6, [r3] + LDR r6, [r12] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0] @@ -974,7 +975,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #4] - LDR r6, [r3, #4] + LDR r6, [r12, #4] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #28] @@ -1006,7 +1007,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #8] - LDR r6, [r3, #8] + LDR r6, [r12, #8] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #24] @@ -1038,7 +1039,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #12] - LDR r6, [r3, #12] + LDR r6, [r12, #12] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #20] @@ -1070,7 +1071,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #16] - LDR r6, [r3, #16] + LDR r6, [r12, #16] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #16] @@ -1102,7 +1103,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #20] - LDR r6, [r3, #20] + LDR r6, [r12, #20] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #12] @@ -1134,7 +1135,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #24] - LDR r6, [r3, #24] + LDR r6, [r12, #24] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #8] @@ -1166,7 +1167,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #28] - LDR r6, [r3, #28] + LDR r6, [r12, #28] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #4] @@ -1198,7 +1199,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #32] - LDR r6, [r3, #32] + LDR r6, [r12, #32] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0] @@ -1230,7 +1231,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #36] - LDR r6, [r3, #36] + LDR r6, [r12, #36] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #28] @@ -1262,7 +1263,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #40] - LDR r6, [r3, #40] + LDR r6, [r12, #40] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #24] @@ -1294,7 +1295,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #44] - LDR r6, [r3, #44] + LDR r6, [r12, #44] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #20] @@ -1326,7 +1327,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #48] - LDR r6, [r3, #48] + LDR r6, [r12, #48] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #16] @@ -1358,7 +1359,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #52] - LDR r6, [r3, #52] + LDR r6, [r12, #52] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #12] @@ -1390,7 +1391,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #56] - LDR r6, [r3, #56] + LDR r6, [r12, #56] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #8] @@ -1422,7 +1423,7 @@ ADD r9, r9, r4 ADD r9, r9, r6 LDR r5, [sp, #60] - LDR r6, [r3, #60] + LDR r6, [r12, #60] ADD r9, r9, r5 ADD r9, r9, r6 LDR r5, [r0, #4] @@ -1440,6 +1441,883 @@ ADD r9, r9, r10 STR r8, [r0, #16] STR r9, [r0] +#else + MOV r3, #0x4 + /* Start of 16 rounds */ +L_SHA256_transform_len_start_small: + SUB r3, r3, #0x1 + /* Round 0 */ + LDR r5, [r0, #16] + LDR r6, [r0, #20] + LDR r7, [r0, #24] + LDR r9, [r0, #28] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp] + LDR r6, [r12] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0] + LDR r6, [r0, #4] + LDR r7, [r0, #8] + LDR r8, [r0, #12] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #12] + STR r9, [r0, #28] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_0 +#else + BEQ.N L_SHA256_transform_len_blk_end_0 +#endif + /* Calc new W[0] */ + LDR r6, [sp, #56] + LDR r7, [sp, #36] + LDR r8, [sp, #4] + LDR r9, [sp] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp] +L_SHA256_transform_len_blk_end_0: + /* Round 1 */ + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r9, [r0, #24] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #4] + LDR r6, [r12, #4] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #28] + LDR r6, [r0] + LDR r7, [r0, #4] + LDR r8, [r0, #8] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #8] + STR r9, [r0, #24] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_1 +#else + BEQ.N L_SHA256_transform_len_blk_end_1 +#endif + /* Calc new W[1] */ + LDR r6, [sp, #60] + LDR r7, [sp, #40] + LDR r8, [sp, #8] + LDR r9, [sp, #4] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #4] +L_SHA256_transform_len_blk_end_1: + /* Round 2 */ + LDR r5, [r0, #8] + LDR r6, [r0, #12] + LDR r7, [r0, #16] + LDR r9, [r0, #20] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #8] + LDR r6, [r12, #8] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #24] + LDR r6, [r0, #28] + LDR r7, [r0] + LDR r8, [r0, #4] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #4] + STR r9, [r0, #20] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_2 +#else + BEQ.N L_SHA256_transform_len_blk_end_2 +#endif + /* Calc new W[2] */ + LDR r6, [sp] + LDR r7, [sp, #44] + LDR r8, [sp, #12] + LDR r9, [sp, #8] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #8] +L_SHA256_transform_len_blk_end_2: + /* Round 3 */ + LDR r5, [r0, #4] + LDR r6, [r0, #8] + LDR r7, [r0, #12] + LDR r9, [r0, #16] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #12] + LDR r6, [r12, #12] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #20] + LDR r6, [r0, #24] + LDR r7, [r0, #28] + LDR r8, [r0] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0] + STR r9, [r0, #16] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_3 +#else + BEQ.N L_SHA256_transform_len_blk_end_3 +#endif + /* Calc new W[3] */ + LDR r6, [sp, #4] + LDR r7, [sp, #48] + LDR r8, [sp, #16] + LDR r9, [sp, #12] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #12] +L_SHA256_transform_len_blk_end_3: + /* Round 4 */ + LDR r5, [r0] + LDR r6, [r0, #4] + LDR r7, [r0, #8] + LDR r9, [r0, #12] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #16] + LDR r6, [r12, #16] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #16] + LDR r6, [r0, #20] + LDR r7, [r0, #24] + LDR r8, [r0, #28] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #28] + STR r9, [r0, #12] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_4 +#else + BEQ.N L_SHA256_transform_len_blk_end_4 +#endif + /* Calc new W[4] */ + LDR r6, [sp, #8] + LDR r7, [sp, #52] + LDR r8, [sp, #20] + LDR r9, [sp, #16] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #16] +L_SHA256_transform_len_blk_end_4: + /* Round 5 */ + LDR r5, [r0, #28] + LDR r6, [r0] + LDR r7, [r0, #4] + LDR r9, [r0, #8] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #20] + LDR r6, [r12, #20] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #24] + STR r9, [r0, #8] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_5 +#else + BEQ.N L_SHA256_transform_len_blk_end_5 +#endif + /* Calc new W[5] */ + LDR r6, [sp, #12] + LDR r7, [sp, #56] + LDR r8, [sp, #24] + LDR r9, [sp, #20] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #20] +L_SHA256_transform_len_blk_end_5: + /* Round 6 */ + LDR r5, [r0, #24] + LDR r6, [r0, #28] + LDR r7, [r0] + LDR r9, [r0, #4] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #24] + LDR r6, [r12, #24] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #8] + LDR r6, [r0, #12] + LDR r7, [r0, #16] + LDR r8, [r0, #20] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #20] + STR r9, [r0, #4] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_6 +#else + BEQ.N L_SHA256_transform_len_blk_end_6 +#endif + /* Calc new W[6] */ + LDR r6, [sp, #16] + LDR r7, [sp, #60] + LDR r8, [sp, #28] + LDR r9, [sp, #24] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #24] +L_SHA256_transform_len_blk_end_6: + /* Round 7 */ + LDR r5, [r0, #20] + LDR r6, [r0, #24] + LDR r7, [r0, #28] + LDR r9, [r0] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #28] + LDR r6, [r12, #28] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #4] + LDR r6, [r0, #8] + LDR r7, [r0, #12] + LDR r8, [r0, #16] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #16] + STR r9, [r0] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_7 +#else + BEQ.N L_SHA256_transform_len_blk_end_7 +#endif + /* Calc new W[7] */ + LDR r6, [sp, #20] + LDR r7, [sp] + LDR r8, [sp, #32] + LDR r9, [sp, #28] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #28] +L_SHA256_transform_len_blk_end_7: + /* Round 8 */ + LDR r5, [r0, #16] + LDR r6, [r0, #20] + LDR r7, [r0, #24] + LDR r9, [r0, #28] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #32] + LDR r6, [r12, #32] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0] + LDR r6, [r0, #4] + LDR r7, [r0, #8] + LDR r8, [r0, #12] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #12] + STR r9, [r0, #28] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_8 +#else + BEQ.N L_SHA256_transform_len_blk_end_8 +#endif + /* Calc new W[8] */ + LDR r6, [sp, #24] + LDR r7, [sp, #4] + LDR r8, [sp, #36] + LDR r9, [sp, #32] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #32] +L_SHA256_transform_len_blk_end_8: + /* Round 9 */ + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r9, [r0, #24] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #36] + LDR r6, [r12, #36] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #28] + LDR r6, [r0] + LDR r7, [r0, #4] + LDR r8, [r0, #8] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #8] + STR r9, [r0, #24] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_9 +#else + BEQ.N L_SHA256_transform_len_blk_end_9 +#endif + /* Calc new W[9] */ + LDR r6, [sp, #28] + LDR r7, [sp, #8] + LDR r8, [sp, #40] + LDR r9, [sp, #36] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #36] +L_SHA256_transform_len_blk_end_9: + /* Round 10 */ + LDR r5, [r0, #8] + LDR r6, [r0, #12] + LDR r7, [r0, #16] + LDR r9, [r0, #20] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #40] + LDR r6, [r12, #40] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #24] + LDR r6, [r0, #28] + LDR r7, [r0] + LDR r8, [r0, #4] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #4] + STR r9, [r0, #20] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_10 +#else + BEQ.N L_SHA256_transform_len_blk_end_10 +#endif + /* Calc new W[10] */ + LDR r6, [sp, #32] + LDR r7, [sp, #12] + LDR r8, [sp, #44] + LDR r9, [sp, #40] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #40] +L_SHA256_transform_len_blk_end_10: + /* Round 11 */ + LDR r5, [r0, #4] + LDR r6, [r0, #8] + LDR r7, [r0, #12] + LDR r9, [r0, #16] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #44] + LDR r6, [r12, #44] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #20] + LDR r6, [r0, #24] + LDR r7, [r0, #28] + LDR r8, [r0] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0] + STR r9, [r0, #16] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_11 +#else + BEQ.N L_SHA256_transform_len_blk_end_11 +#endif + /* Calc new W[11] */ + LDR r6, [sp, #36] + LDR r7, [sp, #16] + LDR r8, [sp, #48] + LDR r9, [sp, #44] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #44] +L_SHA256_transform_len_blk_end_11: + /* Round 12 */ + LDR r5, [r0] + LDR r6, [r0, #4] + LDR r7, [r0, #8] + LDR r9, [r0, #12] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #48] + LDR r6, [r12, #48] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #16] + LDR r6, [r0, #20] + LDR r7, [r0, #24] + LDR r8, [r0, #28] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #28] + STR r9, [r0, #12] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_12 +#else + BEQ.N L_SHA256_transform_len_blk_end_12 +#endif + /* Calc new W[12] */ + LDR r6, [sp, #40] + LDR r7, [sp, #20] + LDR r8, [sp, #52] + LDR r9, [sp, #48] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #48] +L_SHA256_transform_len_blk_end_12: + /* Round 13 */ + LDR r5, [r0, #28] + LDR r6, [r0] + LDR r7, [r0, #4] + LDR r9, [r0, #8] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #52] + LDR r6, [r12, #52] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #12] + LDR r6, [r0, #16] + LDR r7, [r0, #20] + LDR r8, [r0, #24] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #24] + STR r9, [r0, #8] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_13 +#else + BEQ.N L_SHA256_transform_len_blk_end_13 +#endif + /* Calc new W[13] */ + LDR r6, [sp, #44] + LDR r7, [sp, #24] + LDR r8, [sp, #56] + LDR r9, [sp, #52] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #52] +L_SHA256_transform_len_blk_end_13: + /* Round 14 */ + LDR r5, [r0, #24] + LDR r6, [r0, #28] + LDR r7, [r0] + LDR r9, [r0, #4] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #56] + LDR r6, [r12, #56] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #8] + LDR r6, [r0, #12] + LDR r7, [r0, #16] + LDR r8, [r0, #20] + ROR r4, r5, #2 + EOR r10, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r11, r11, r10 + EOR r4, r4, r5, ROR #22 + EOR r11, r11, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r11 + STR r8, [r0, #20] + STR r9, [r0, #4] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_14 +#else + BEQ.N L_SHA256_transform_len_blk_end_14 +#endif + /* Calc new W[14] */ + LDR r6, [sp, #48] + LDR r7, [sp, #28] + LDR r8, [sp, #60] + LDR r9, [sp, #56] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #56] +L_SHA256_transform_len_blk_end_14: + /* Round 15 */ + LDR r5, [r0, #20] + LDR r6, [r0, #24] + LDR r7, [r0, #28] + LDR r9, [r0] + ROR r4, r5, #6 + EOR r6, r6, r7 + EOR r4, r4, r5, ROR #11 + AND r6, r6, r5 + EOR r4, r4, r5, ROR #25 + EOR r6, r6, r7 + ADD r9, r9, r4 + ADD r9, r9, r6 + LDR r5, [sp, #60] + LDR r6, [r12, #60] + ADD r9, r9, r5 + ADD r9, r9, r6 + LDR r5, [r0, #4] + LDR r6, [r0, #8] + LDR r7, [r0, #12] + LDR r8, [r0, #16] + ROR r4, r5, #2 + EOR r11, r5, r6 + EOR r4, r4, r5, ROR #13 + AND r10, r10, r11 + EOR r4, r4, r5, ROR #22 + EOR r10, r10, r6 + ADD r8, r8, r9 + ADD r9, r9, r4 + ADD r9, r9, r10 + STR r8, [r0, #16] + STR r9, [r0] + CMP r3, #0x0 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BEQ L_SHA256_transform_len_blk_end_15 +#else + BEQ.N L_SHA256_transform_len_blk_end_15 +#endif + /* Calc new W[15] */ + LDR r6, [sp, #52] + LDR r7, [sp, #32] + LDR r8, [sp] + LDR r9, [sp, #60] + ROR r4, r6, #17 + ROR r5, r8, #7 + EOR r4, r4, r6, ROR #19 + EOR r5, r5, r8, ROR #18 + EOR r4, r4, r6, LSR #10 + EOR r5, r5, r8, LSR #3 + ADD r9, r9, r7 + ADD r4, r4, r5 + ADD r9, r9, r4 + STR r9, [sp, #60] +L_SHA256_transform_len_blk_end_15: + CMP r3, #0x0 + ADD r12, r12, #0x40 +#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + BNE L_SHA256_transform_len_start_small +#else + BNE.W L_SHA256_transform_len_start_small +#endif +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ /* Add in digest from start */ LDRD r4, r5, [r0] LDRD r6, r7, [r0, #8] @@ -1466,7 +2344,11 @@ STRD r4, r5, [sp, #80] STRD r6, r7, [sp, #88] SUBS r2, r2, #0x40 - SUB r3, r3, #0xc0 +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + SUB r12, r12, #0xc0 +#else + SUB r12, r12, #0x100 +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ ADD r1, r1, #0x40 #if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) BNE L_SHA256_transform_len_begin @@ -1475,7 +2357,7 @@ #endif ADD sp, sp, #0xc0 POP {r4, r5, r6, r7, r8, r9, r10, r11, pc} - /* Cycle Count = 1874 */ + /* Cycle Count = 2954 */ .size Transform_Sha256_Len_base,.-Transform_Sha256_Len_base #endif /* WOLFSSL_ARMASM_NO_NEON */ #endif /* !NO_SHA256 */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha256-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -89,7 +89,7 @@ __asm__ __volatile__ ( "SUB sp, sp, #0xc0\n\t" - "MOV r3, %[L_SHA256_transform_len_k]\n\t" + "MOV r12, %[L_SHA256_transform_len_k]\n\t" /* Copy digest to add in at end */ "LDRD r4, r5, [%[sha256]]\n\t" "LDRD r6, r7, [%[sha256], #8]\n\t" @@ -150,13 +150,14 @@ "LDR r11, [%[sha256], #4]\n\t" "LDR r4, [%[sha256], #8]\n\t" "EOR r11, r11, r4\n\t" - "MOV r12, #0x3\n\t" +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + "MOV r3, #0x3\n\t" /* Start of 16 rounds */ "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_SHA256_transform_len_start:\n\t" + "L_SHA256_transform_len_start_fast:\n\t" #else - "L_SHA256_transform_len_start_%=:\n\t" + "L_SHA256_transform_len_start_fast_%=:\n\t" #endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" @@ -172,7 +173,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp]\n\t" - "LDR r6, [r3]\n\t" + "LDR r6, [r12]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256]]\n\t" @@ -219,7 +220,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #4]\n\t" - "LDR r6, [r3, #4]\n\t" + "LDR r6, [r12, #4]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #28]\n\t" @@ -266,7 +267,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #8]\n\t" - "LDR r6, [r3, #8]\n\t" + "LDR r6, [r12, #8]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #24]\n\t" @@ -313,7 +314,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #12]\n\t" - "LDR r6, [r3, #12]\n\t" + "LDR r6, [r12, #12]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #20]\n\t" @@ -360,7 +361,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #16]\n\t" - "LDR r6, [r3, #16]\n\t" + "LDR r6, [r12, #16]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #16]\n\t" @@ -407,7 +408,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #20]\n\t" - "LDR r6, [r3, #20]\n\t" + "LDR r6, [r12, #20]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #12]\n\t" @@ -454,7 +455,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #24]\n\t" - "LDR r6, [r3, #24]\n\t" + "LDR r6, [r12, #24]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #8]\n\t" @@ -501,7 +502,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #28]\n\t" - "LDR r6, [r3, #28]\n\t" + "LDR r6, [r12, #28]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #4]\n\t" @@ -548,7 +549,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #32]\n\t" - "LDR r6, [r3, #32]\n\t" + "LDR r6, [r12, #32]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256]]\n\t" @@ -595,7 +596,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #36]\n\t" - "LDR r6, [r3, #36]\n\t" + "LDR r6, [r12, #36]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #28]\n\t" @@ -642,7 +643,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #40]\n\t" - "LDR r6, [r3, #40]\n\t" + "LDR r6, [r12, #40]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #24]\n\t" @@ -689,7 +690,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #44]\n\t" - "LDR r6, [r3, #44]\n\t" + "LDR r6, [r12, #44]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #20]\n\t" @@ -736,7 +737,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #48]\n\t" - "LDR r6, [r3, #48]\n\t" + "LDR r6, [r12, #48]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #16]\n\t" @@ -783,7 +784,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #52]\n\t" - "LDR r6, [r3, #52]\n\t" + "LDR r6, [r12, #52]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #12]\n\t" @@ -830,7 +831,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #56]\n\t" - "LDR r6, [r3, #56]\n\t" + "LDR r6, [r12, #56]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #8]\n\t" @@ -877,7 +878,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #60]\n\t" - "LDR r6, [r3, #60]\n\t" + "LDR r6, [r12, #60]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #4]\n\t" @@ -910,14 +911,14 @@ "ADD r4, r4, r5\n\t" "ADD r9, r9, r4\n\t" "STR r9, [sp, #60]\n\t" - "ADD r3, r3, #0x40\n\t" - "SUBS r12, r12, #0x1\n\t" + "ADD r12, r12, #0x40\n\t" + "SUBS r3, r3, #0x1\n\t" #if defined(__GNUC__) - "BNE L_SHA256_transform_len_start_%=\n\t" + "BNE L_SHA256_transform_len_start_fast_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.W L_SHA256_transform_len_start\n\t" + "BNE.W L_SHA256_transform_len_start_fast\n\t" #else - "BNE.W L_SHA256_transform_len_start_%=\n\t" + "BNE.W L_SHA256_transform_len_start_fast_%=\n\t" #endif /* Round 0 */ "LDR r5, [%[sha256], #16]\n\t" @@ -933,7 +934,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp]\n\t" - "LDR r6, [r3]\n\t" + "LDR r6, [r12]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256]]\n\t" @@ -965,7 +966,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #4]\n\t" - "LDR r6, [r3, #4]\n\t" + "LDR r6, [r12, #4]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #28]\n\t" @@ -997,7 +998,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #8]\n\t" - "LDR r6, [r3, #8]\n\t" + "LDR r6, [r12, #8]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #24]\n\t" @@ -1029,7 +1030,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #12]\n\t" - "LDR r6, [r3, #12]\n\t" + "LDR r6, [r12, #12]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #20]\n\t" @@ -1061,7 +1062,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #16]\n\t" - "LDR r6, [r3, #16]\n\t" + "LDR r6, [r12, #16]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #16]\n\t" @@ -1093,7 +1094,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #20]\n\t" - "LDR r6, [r3, #20]\n\t" + "LDR r6, [r12, #20]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #12]\n\t" @@ -1125,7 +1126,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #24]\n\t" - "LDR r6, [r3, #24]\n\t" + "LDR r6, [r12, #24]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #8]\n\t" @@ -1157,7 +1158,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #28]\n\t" - "LDR r6, [r3, #28]\n\t" + "LDR r6, [r12, #28]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #4]\n\t" @@ -1189,7 +1190,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #32]\n\t" - "LDR r6, [r3, #32]\n\t" + "LDR r6, [r12, #32]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256]]\n\t" @@ -1221,7 +1222,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #36]\n\t" - "LDR r6, [r3, #36]\n\t" + "LDR r6, [r12, #36]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #28]\n\t" @@ -1253,7 +1254,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #40]\n\t" - "LDR r6, [r3, #40]\n\t" + "LDR r6, [r12, #40]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #24]\n\t" @@ -1285,7 +1286,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #44]\n\t" - "LDR r6, [r3, #44]\n\t" + "LDR r6, [r12, #44]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #20]\n\t" @@ -1317,7 +1318,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #48]\n\t" - "LDR r6, [r3, #48]\n\t" + "LDR r6, [r12, #48]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #16]\n\t" @@ -1349,7 +1350,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #52]\n\t" - "LDR r6, [r3, #52]\n\t" + "LDR r6, [r12, #52]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #12]\n\t" @@ -1381,7 +1382,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #56]\n\t" - "LDR r6, [r3, #56]\n\t" + "LDR r6, [r12, #56]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #8]\n\t" @@ -1413,7 +1414,7 @@ "ADD r9, r9, r4\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [sp, #60]\n\t" - "LDR r6, [r3, #60]\n\t" + "LDR r6, [r12, #60]\n\t" "ADD r9, r9, r5\n\t" "ADD r9, r9, r6\n\t" "LDR r5, [%[sha256], #4]\n\t" @@ -1431,6 +1432,1002 @@ "ADD r9, r9, r10\n\t" "STR r8, [%[sha256], #16]\n\t" "STR r9, [%[sha256]]\n\t" +#else + "MOV r3, #0x4\n\t" + /* Start of 16 rounds */ + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_start_small:\n\t" +#else + "L_SHA256_transform_len_start_small_%=:\n\t" +#endif + "SUB r3, r3, #0x1\n\t" + /* Round 0 */ + "LDR r5, [%[sha256], #16]\n\t" + "LDR r6, [%[sha256], #20]\n\t" + "LDR r7, [%[sha256], #24]\n\t" + "LDR r9, [%[sha256], #28]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp]\n\t" + "LDR r6, [r12]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256]]\n\t" + "LDR r6, [%[sha256], #4]\n\t" + "LDR r7, [%[sha256], #8]\n\t" + "LDR r8, [%[sha256], #12]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #12]\n\t" + "STR r9, [%[sha256], #28]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_0_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_0\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_0_%=\n\t" +#endif + /* Calc new W[0] */ + "LDR r6, [sp, #56]\n\t" + "LDR r7, [sp, #36]\n\t" + "LDR r8, [sp, #4]\n\t" + "LDR r9, [sp]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_0:\n\t" +#else + "L_SHA256_transform_len_blk_end_0_%=:\n\t" +#endif + /* Round 1 */ + "LDR r5, [%[sha256], #12]\n\t" + "LDR r6, [%[sha256], #16]\n\t" + "LDR r7, [%[sha256], #20]\n\t" + "LDR r9, [%[sha256], #24]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #4]\n\t" + "LDR r6, [r12, #4]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #28]\n\t" + "LDR r6, [%[sha256]]\n\t" + "LDR r7, [%[sha256], #4]\n\t" + "LDR r8, [%[sha256], #8]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #8]\n\t" + "STR r9, [%[sha256], #24]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_1\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_1_%=\n\t" +#endif + /* Calc new W[1] */ + "LDR r6, [sp, #60]\n\t" + "LDR r7, [sp, #40]\n\t" + "LDR r8, [sp, #8]\n\t" + "LDR r9, [sp, #4]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #4]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_1:\n\t" +#else + "L_SHA256_transform_len_blk_end_1_%=:\n\t" +#endif + /* Round 2 */ + "LDR r5, [%[sha256], #8]\n\t" + "LDR r6, [%[sha256], #12]\n\t" + "LDR r7, [%[sha256], #16]\n\t" + "LDR r9, [%[sha256], #20]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #8]\n\t" + "LDR r6, [r12, #8]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #24]\n\t" + "LDR r6, [%[sha256], #28]\n\t" + "LDR r7, [%[sha256]]\n\t" + "LDR r8, [%[sha256], #4]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #4]\n\t" + "STR r9, [%[sha256], #20]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_2\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_2_%=\n\t" +#endif + /* Calc new W[2] */ + "LDR r6, [sp]\n\t" + "LDR r7, [sp, #44]\n\t" + "LDR r8, [sp, #12]\n\t" + "LDR r9, [sp, #8]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #8]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_2:\n\t" +#else + "L_SHA256_transform_len_blk_end_2_%=:\n\t" +#endif + /* Round 3 */ + "LDR r5, [%[sha256], #4]\n\t" + "LDR r6, [%[sha256], #8]\n\t" + "LDR r7, [%[sha256], #12]\n\t" + "LDR r9, [%[sha256], #16]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #12]\n\t" + "LDR r6, [r12, #12]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #20]\n\t" + "LDR r6, [%[sha256], #24]\n\t" + "LDR r7, [%[sha256], #28]\n\t" + "LDR r8, [%[sha256]]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256]]\n\t" + "STR r9, [%[sha256], #16]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_3\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_3_%=\n\t" +#endif + /* Calc new W[3] */ + "LDR r6, [sp, #4]\n\t" + "LDR r7, [sp, #48]\n\t" + "LDR r8, [sp, #16]\n\t" + "LDR r9, [sp, #12]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #12]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_3:\n\t" +#else + "L_SHA256_transform_len_blk_end_3_%=:\n\t" +#endif + /* Round 4 */ + "LDR r5, [%[sha256]]\n\t" + "LDR r6, [%[sha256], #4]\n\t" + "LDR r7, [%[sha256], #8]\n\t" + "LDR r9, [%[sha256], #12]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #16]\n\t" + "LDR r6, [r12, #16]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #16]\n\t" + "LDR r6, [%[sha256], #20]\n\t" + "LDR r7, [%[sha256], #24]\n\t" + "LDR r8, [%[sha256], #28]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #28]\n\t" + "STR r9, [%[sha256], #12]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_4\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_4_%=\n\t" +#endif + /* Calc new W[4] */ + "LDR r6, [sp, #8]\n\t" + "LDR r7, [sp, #52]\n\t" + "LDR r8, [sp, #20]\n\t" + "LDR r9, [sp, #16]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #16]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_4:\n\t" +#else + "L_SHA256_transform_len_blk_end_4_%=:\n\t" +#endif + /* Round 5 */ + "LDR r5, [%[sha256], #28]\n\t" + "LDR r6, [%[sha256]]\n\t" + "LDR r7, [%[sha256], #4]\n\t" + "LDR r9, [%[sha256], #8]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #20]\n\t" + "LDR r6, [r12, #20]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #12]\n\t" + "LDR r6, [%[sha256], #16]\n\t" + "LDR r7, [%[sha256], #20]\n\t" + "LDR r8, [%[sha256], #24]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #24]\n\t" + "STR r9, [%[sha256], #8]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_5\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_5_%=\n\t" +#endif + /* Calc new W[5] */ + "LDR r6, [sp, #12]\n\t" + "LDR r7, [sp, #56]\n\t" + "LDR r8, [sp, #24]\n\t" + "LDR r9, [sp, #20]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #20]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_5:\n\t" +#else + "L_SHA256_transform_len_blk_end_5_%=:\n\t" +#endif + /* Round 6 */ + "LDR r5, [%[sha256], #24]\n\t" + "LDR r6, [%[sha256], #28]\n\t" + "LDR r7, [%[sha256]]\n\t" + "LDR r9, [%[sha256], #4]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #24]\n\t" + "LDR r6, [r12, #24]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #8]\n\t" + "LDR r6, [%[sha256], #12]\n\t" + "LDR r7, [%[sha256], #16]\n\t" + "LDR r8, [%[sha256], #20]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #20]\n\t" + "STR r9, [%[sha256], #4]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_6\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_6_%=\n\t" +#endif + /* Calc new W[6] */ + "LDR r6, [sp, #16]\n\t" + "LDR r7, [sp, #60]\n\t" + "LDR r8, [sp, #28]\n\t" + "LDR r9, [sp, #24]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #24]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_6:\n\t" +#else + "L_SHA256_transform_len_blk_end_6_%=:\n\t" +#endif + /* Round 7 */ + "LDR r5, [%[sha256], #20]\n\t" + "LDR r6, [%[sha256], #24]\n\t" + "LDR r7, [%[sha256], #28]\n\t" + "LDR r9, [%[sha256]]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #28]\n\t" + "LDR r6, [r12, #28]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #4]\n\t" + "LDR r6, [%[sha256], #8]\n\t" + "LDR r7, [%[sha256], #12]\n\t" + "LDR r8, [%[sha256], #16]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #16]\n\t" + "STR r9, [%[sha256]]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_7\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_7_%=\n\t" +#endif + /* Calc new W[7] */ + "LDR r6, [sp, #20]\n\t" + "LDR r7, [sp]\n\t" + "LDR r8, [sp, #32]\n\t" + "LDR r9, [sp, #28]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #28]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_7:\n\t" +#else + "L_SHA256_transform_len_blk_end_7_%=:\n\t" +#endif + /* Round 8 */ + "LDR r5, [%[sha256], #16]\n\t" + "LDR r6, [%[sha256], #20]\n\t" + "LDR r7, [%[sha256], #24]\n\t" + "LDR r9, [%[sha256], #28]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #32]\n\t" + "LDR r6, [r12, #32]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256]]\n\t" + "LDR r6, [%[sha256], #4]\n\t" + "LDR r7, [%[sha256], #8]\n\t" + "LDR r8, [%[sha256], #12]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #12]\n\t" + "STR r9, [%[sha256], #28]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_8\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_8_%=\n\t" +#endif + /* Calc new W[8] */ + "LDR r6, [sp, #24]\n\t" + "LDR r7, [sp, #4]\n\t" + "LDR r8, [sp, #36]\n\t" + "LDR r9, [sp, #32]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #32]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_8:\n\t" +#else + "L_SHA256_transform_len_blk_end_8_%=:\n\t" +#endif + /* Round 9 */ + "LDR r5, [%[sha256], #12]\n\t" + "LDR r6, [%[sha256], #16]\n\t" + "LDR r7, [%[sha256], #20]\n\t" + "LDR r9, [%[sha256], #24]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #36]\n\t" + "LDR r6, [r12, #36]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #28]\n\t" + "LDR r6, [%[sha256]]\n\t" + "LDR r7, [%[sha256], #4]\n\t" + "LDR r8, [%[sha256], #8]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #8]\n\t" + "STR r9, [%[sha256], #24]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_9\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_9_%=\n\t" +#endif + /* Calc new W[9] */ + "LDR r6, [sp, #28]\n\t" + "LDR r7, [sp, #8]\n\t" + "LDR r8, [sp, #40]\n\t" + "LDR r9, [sp, #36]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #36]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_9:\n\t" +#else + "L_SHA256_transform_len_blk_end_9_%=:\n\t" +#endif + /* Round 10 */ + "LDR r5, [%[sha256], #8]\n\t" + "LDR r6, [%[sha256], #12]\n\t" + "LDR r7, [%[sha256], #16]\n\t" + "LDR r9, [%[sha256], #20]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #40]\n\t" + "LDR r6, [r12, #40]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #24]\n\t" + "LDR r6, [%[sha256], #28]\n\t" + "LDR r7, [%[sha256]]\n\t" + "LDR r8, [%[sha256], #4]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #4]\n\t" + "STR r9, [%[sha256], #20]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_10\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_10_%=\n\t" +#endif + /* Calc new W[10] */ + "LDR r6, [sp, #32]\n\t" + "LDR r7, [sp, #12]\n\t" + "LDR r8, [sp, #44]\n\t" + "LDR r9, [sp, #40]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #40]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_10:\n\t" +#else + "L_SHA256_transform_len_blk_end_10_%=:\n\t" +#endif + /* Round 11 */ + "LDR r5, [%[sha256], #4]\n\t" + "LDR r6, [%[sha256], #8]\n\t" + "LDR r7, [%[sha256], #12]\n\t" + "LDR r9, [%[sha256], #16]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #44]\n\t" + "LDR r6, [r12, #44]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #20]\n\t" + "LDR r6, [%[sha256], #24]\n\t" + "LDR r7, [%[sha256], #28]\n\t" + "LDR r8, [%[sha256]]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256]]\n\t" + "STR r9, [%[sha256], #16]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_11\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_11_%=\n\t" +#endif + /* Calc new W[11] */ + "LDR r6, [sp, #36]\n\t" + "LDR r7, [sp, #16]\n\t" + "LDR r8, [sp, #48]\n\t" + "LDR r9, [sp, #44]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #44]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_11:\n\t" +#else + "L_SHA256_transform_len_blk_end_11_%=:\n\t" +#endif + /* Round 12 */ + "LDR r5, [%[sha256]]\n\t" + "LDR r6, [%[sha256], #4]\n\t" + "LDR r7, [%[sha256], #8]\n\t" + "LDR r9, [%[sha256], #12]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #48]\n\t" + "LDR r6, [r12, #48]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #16]\n\t" + "LDR r6, [%[sha256], #20]\n\t" + "LDR r7, [%[sha256], #24]\n\t" + "LDR r8, [%[sha256], #28]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #28]\n\t" + "STR r9, [%[sha256], #12]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_12_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_12\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_12_%=\n\t" +#endif + /* Calc new W[12] */ + "LDR r6, [sp, #40]\n\t" + "LDR r7, [sp, #20]\n\t" + "LDR r8, [sp, #52]\n\t" + "LDR r9, [sp, #48]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #48]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_12:\n\t" +#else + "L_SHA256_transform_len_blk_end_12_%=:\n\t" +#endif + /* Round 13 */ + "LDR r5, [%[sha256], #28]\n\t" + "LDR r6, [%[sha256]]\n\t" + "LDR r7, [%[sha256], #4]\n\t" + "LDR r9, [%[sha256], #8]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #52]\n\t" + "LDR r6, [r12, #52]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #12]\n\t" + "LDR r6, [%[sha256], #16]\n\t" + "LDR r7, [%[sha256], #20]\n\t" + "LDR r8, [%[sha256], #24]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #24]\n\t" + "STR r9, [%[sha256], #8]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_13\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_13_%=\n\t" +#endif + /* Calc new W[13] */ + "LDR r6, [sp, #44]\n\t" + "LDR r7, [sp, #24]\n\t" + "LDR r8, [sp, #56]\n\t" + "LDR r9, [sp, #52]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #52]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_13:\n\t" +#else + "L_SHA256_transform_len_blk_end_13_%=:\n\t" +#endif + /* Round 14 */ + "LDR r5, [%[sha256], #24]\n\t" + "LDR r6, [%[sha256], #28]\n\t" + "LDR r7, [%[sha256]]\n\t" + "LDR r9, [%[sha256], #4]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #56]\n\t" + "LDR r6, [r12, #56]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #8]\n\t" + "LDR r6, [%[sha256], #12]\n\t" + "LDR r7, [%[sha256], #16]\n\t" + "LDR r8, [%[sha256], #20]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r10, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r11, r11, r10\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r11, r11, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r11\n\t" + "STR r8, [%[sha256], #20]\n\t" + "STR r9, [%[sha256], #4]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_14_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_14\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_14_%=\n\t" +#endif + /* Calc new W[14] */ + "LDR r6, [sp, #48]\n\t" + "LDR r7, [sp, #28]\n\t" + "LDR r8, [sp, #60]\n\t" + "LDR r9, [sp, #56]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #56]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_14:\n\t" +#else + "L_SHA256_transform_len_blk_end_14_%=:\n\t" +#endif + /* Round 15 */ + "LDR r5, [%[sha256], #20]\n\t" + "LDR r6, [%[sha256], #24]\n\t" + "LDR r7, [%[sha256], #28]\n\t" + "LDR r9, [%[sha256]]\n\t" + "ROR r4, r5, #6\n\t" + "EOR r6, r6, r7\n\t" + "EOR r4, r4, r5, ROR #11\n\t" + "AND r6, r6, r5\n\t" + "EOR r4, r4, r5, ROR #25\n\t" + "EOR r6, r6, r7\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [sp, #60]\n\t" + "LDR r6, [r12, #60]\n\t" + "ADD r9, r9, r5\n\t" + "ADD r9, r9, r6\n\t" + "LDR r5, [%[sha256], #4]\n\t" + "LDR r6, [%[sha256], #8]\n\t" + "LDR r7, [%[sha256], #12]\n\t" + "LDR r8, [%[sha256], #16]\n\t" + "ROR r4, r5, #2\n\t" + "EOR r11, r5, r6\n\t" + "EOR r4, r4, r5, ROR #13\n\t" + "AND r10, r10, r11\n\t" + "EOR r4, r4, r5, ROR #22\n\t" + "EOR r10, r10, r6\n\t" + "ADD r8, r8, r9\n\t" + "ADD r9, r9, r4\n\t" + "ADD r9, r9, r10\n\t" + "STR r8, [%[sha256], #16]\n\t" + "STR r9, [%[sha256]]\n\t" + "CMP r3, #0x0\n\t" +#if defined(__GNUC__) + "BEQ L_SHA256_transform_len_blk_end_15_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_SHA256_transform_len_blk_end_15\n\t" +#else + "BEQ.N L_SHA256_transform_len_blk_end_15_%=\n\t" +#endif + /* Calc new W[15] */ + "LDR r6, [sp, #52]\n\t" + "LDR r7, [sp, #32]\n\t" + "LDR r8, [sp]\n\t" + "LDR r9, [sp, #60]\n\t" + "ROR r4, r6, #17\n\t" + "ROR r5, r8, #7\n\t" + "EOR r4, r4, r6, ROR #19\n\t" + "EOR r5, r5, r8, ROR #18\n\t" + "EOR r4, r4, r6, LSR #10\n\t" + "EOR r5, r5, r8, LSR #3\n\t" + "ADD r9, r9, r7\n\t" + "ADD r4, r4, r5\n\t" + "ADD r9, r9, r4\n\t" + "STR r9, [sp, #60]\n\t" + "\n" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_SHA256_transform_len_blk_end_15:\n\t" +#else + "L_SHA256_transform_len_blk_end_15_%=:\n\t" +#endif + "CMP r3, #0x0\n\t" + "ADD r12, r12, #0x40\n\t" +#if defined(__GNUC__) + "BNE L_SHA256_transform_len_start_small_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.W L_SHA256_transform_len_start_small\n\t" +#else + "BNE.W L_SHA256_transform_len_start_small_%=\n\t" +#endif +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ /* Add in digest from start */ "LDRD r4, r5, [%[sha256]]\n\t" "LDRD r6, r7, [%[sha256], #8]\n\t" @@ -1457,7 +2454,11 @@ "STRD r4, r5, [sp, #80]\n\t" "STRD r6, r7, [sp, #88]\n\t" "SUBS %[len], %[len], #0x40\n\t" - "SUB r3, r3, #0xc0\n\t" +#ifndef WOLFSSL_ARMASM_SHA256_SMALL + "SUB r12, r12, #0xc0\n\t" +#else + "SUB r12, r12, #0x100\n\t" +#endif /* !WOLFSSL_ARMASM_SHA256_SMALL */ "ADD %[data], %[data], #0x40\n\t" #if defined(__GNUC__) "BNE L_SHA256_transform_len_begin_%=\n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha3-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha3-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/arm/thumb2-sha512-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* thumb2-sha512-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/atmel/atmel.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/atmel/atmel.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/atmel/atmel.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/atmel/atmel.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* atmel.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -106,7 +106,7 @@ { int ret = 0; #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) - uint8_t i = 0; + uint32_t i = 0; uint32_t copy_count = 0; uint8_t rng_buffer[RANDOM_NUM_SIZE]; @@ -292,7 +292,12 @@ break; } } + if (slotId == ATECC_INVALID_SLOT) { + goto exit; + } break; + default: + goto exit; } /* is slot available */ @@ -686,13 +691,16 @@ /* for client: create and export public key */ if (side == WOLFSSL_CLIENT_END) { int slotId = atmel_ecc_alloc(ATMEL_SLOT_ECDHE); - if (slotId == ATECC_INVALID_SLOT) - return WC_HW_WAIT_E; + if (slotId == ATECC_INVALID_SLOT) { + ret = WC_HW_WAIT_E; + goto exit; + } tmpKey.slot = slotId; /* generate new ephemeral key on device */ ret = atmel_ecc_create_key(slotId, peerKey); if (ret != ATCA_SUCCESS) { + atmel_ecc_free(slotId); goto exit; } @@ -885,6 +893,7 @@ ret = wc_EccPublicKeyDecode(key, &idx, &tmpKey, keySz); } if (ret != 0) { + wc_ecc_free(&tmpKey); goto exit; } @@ -920,6 +929,8 @@ #else ret = NOT_COMPILED_IN; #endif /* !WOLFSSL_ATECC508A_NOSOFTECC */ + wc_ecc_free(&tmpKey); + goto exit; } (void)rSz; @@ -1049,6 +1060,13 @@ #endif return (int)status; } + else if (deviceCertSize > ATCATLS_DEVICE_CERT_MAX_SIZE) { + #ifdef WOLFSSL_ATECC_DEBUG + printf("Device cert buffer too small, need to increase at least" + " to %d\r\n", deviceCertSize); + #endif + return -1; + } #endif /* Prepare the full buffer adding the signer certificate */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/cryif.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryif.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/crypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crypto.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -101,7 +101,7 @@ } /* @TODO sanity checks on setup... uint8 redirectionConfig; */ - switch (eid) { + switch (eId) { case job->jobRedirectionInfoRef->inputKeyElementId: if (job->jobRedirectionInfoRef->inputKeyId >= MAX_KEYSTORE) { WOLFSSL_MSG("Bogus input key ID redirection (too large)"); @@ -148,6 +148,7 @@ /* found matching key available, use it */ *key = keyStore[i].key; *keySz = keyStore[i].keyLen; + break; } } #endif @@ -193,6 +194,8 @@ ret = wc_AesInit(&activeJobs[i].aes, NULL, INVALID_DEVID); if (ret != 0) { WOLFSSL_MSG("Error initializing AES structure"); + activeJobs[i].inUse = 0; + activeJobs[i].jobId = 0; return NULL; } return &activeJobs[i].aes; @@ -262,10 +265,10 @@ } if (wc_AesSetKey(aes, key, keySz, iv, encrypt) != 0) { + FreeAesStruct(job); WOLFSSL_MSG("Crypto error setting up AES key"); return E_NOT_OK; } - ForceZero(key, keySz); } if ((job->jobPrimitiveInputOutput.mode & CRYPTO_OPERATIONMODE_UPDATE) @@ -348,24 +351,12 @@ return E_NOT_OK; } - if (rngInit == 1) { - if (wc_LockMutex(&rngMutex) != 0) { - WOLFSSL_MSG("Error locking RNG mutex"); - return E_NOT_OK; - } + if (wc_LockMutex(&rngMutex) != 0) { + WOLFSSL_MSG("Error locking RNG mutex"); + return E_NOT_OK; } if (rngInit == 0) { - if (wc_InitMutex(&rngMutex) != 0) { - WOLFSSL_MSG("Error initializing RNG mutex"); - return E_NOT_OK; - } - - if (wc_LockMutex(&rngMutex) != 0) { - WOLFSSL_MSG("Error locking RNG mutex"); - return E_NOT_OK; - } - ret = wc_InitRng_ex(&rng, NULL, 0); if (ret != 0) { WOLFSSL_MSG("Error initializing RNG"); @@ -449,6 +440,10 @@ if (wc_InitMutex(&crypto_mutex) != 0) { WOLFSSL_MSG("Issues setting up crypto mutex"); } + if (wc_InitMutex(&rngMutex) != 0) { + WOLFSSL_MSG("Error initializing RNG mutex"); + } + XMEMSET(&keyStore, 0, MAX_KEYSTORE * sizeof(Keys)); XMEMSET(&activeJobs, 0, MAX_JOBS * sizeof(Jobs)); (void)config; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/csm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* csm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/autosar/test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -271,6 +271,8 @@ #ifndef MAX_KEYSTORE /* default max key slots from crypto.c */ #define MAX_KEYSTORE 15 +#elif MAX_KEYSTORE > 255 + #error "Too many entries" #endif static int key_test(void) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_driver.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_driver.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_driver.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_driver.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_driver.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_error.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_error.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_error.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_error.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_error.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_integrity.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_integrity.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_integrity.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_integrity.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_integrity.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -759,6 +759,9 @@ ctx[ctxIdx] = buf; sz += buf->dataSz; + if (ctx[ctxIdx]->dataSz + offset > (MAX_CTX * sizeof(UINT4))) { + return SizeIsTooLarge; + } memcpy((unsigned char*)&local[offset], (unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz); offset += ctx[ctxIdx]->dataSz; @@ -958,6 +961,9 @@ ctx[ctxIdx] = buf; sz += buf->dataSz; + if (ctx[ctxIdx]->dataSz + offset > (MAX_CTX * sizeof(UINT4))) { + return SizeIsTooLarge; + } memcpy((unsigned char*)&local[offset], (unsigned char*)ctx[ctxIdx]->data, ctx[ctxIdx]->dataSz); offset += ctx[ctxIdx]->dataSz; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_qnx.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_qnx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_qnx.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_qnx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_qnx.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/caam_sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_cmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_cmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_cmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_cmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_cmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_ecdsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_ecdsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -87,6 +87,7 @@ /* private key */ if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY) { + ForceZero(pk, sizeof(pk)); return MP_TO_E; } @@ -108,10 +109,12 @@ mp_free(&mps); if (ret != 0) { WOLFSSL_MSG("Issue converting to signature\n"); + ForceZero(pk, sizeof(pk)); return -1; } } + ForceZero(pk, sizeof(pk)); return ret; } @@ -201,6 +204,7 @@ if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) != MP_OKAY) { WOLFSSL_MSG("error getting private key buffer"); + ForceZero(pk, sizeof(pk)); return MP_TO_E; } @@ -209,6 +213,7 @@ if (ret == 0) { *outlen = keySz; } + ForceZero(pk, sizeof(pk)); return ret; } @@ -237,10 +242,12 @@ ret = wc_DevCryptoEccKeyGen(curveId, blackKey, s, keySize, xy, keySize*2); if (wc_ecc_import_unsigned(key, xy, xy + keySize, s, curveId) != 0) { WOLFSSL_MSG("issue importing key"); + ForceZero(s, sizeof(s)); return -1; } key->blackKey = blackKey; + ForceZero(s, sizeof(s)); (void)rng; return ret; } @@ -340,6 +347,7 @@ if (key->blackKey == CAAM_BLACK_KEY_CCM) { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { + ForceZero(pk, sizeof(pk)); return MP_TO_E; } buf[idx].Length = keySz + WC_CAAM_MAC_SZ; @@ -347,6 +355,7 @@ else { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), pk, keySz) != MP_OKAY) { + ForceZero(pk, sizeof(pk)); return MP_TO_E; } buf[idx].Length = keySz; @@ -376,8 +385,10 @@ args[3] = keySz; ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_SIGN); - if (ret != 0) + if (ret != 0) { + ForceZero(pk, sizeof(pk)); return -1; + } /* convert signature from raw bytes to signature format */ { @@ -394,10 +405,12 @@ mp_free(&mps); if (ret != 0) { WOLFSSL_MSG("Issue converting to signature"); + ForceZero(pk, sizeof(pk)); return -1; } } + ForceZero(pk, sizeof(pk)); (void)devId; return MP_OKAY; } @@ -610,6 +623,7 @@ if (private_key->blackKey == CAAM_BLACK_KEY_CCM) { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { + ForceZero(pk, sizeof(pk)); return MP_TO_E; } buf[idx].Length = keySz + WC_CAAM_MAC_SZ; @@ -617,6 +631,7 @@ else { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), pk, keySz) != MP_OKAY) { + ForceZero(pk, sizeof(pk)); return MP_TO_E; } buf[idx].Length = keySz; @@ -646,6 +661,7 @@ args[2] = ecdsel; args[3] = keySz; ret = wc_caamAddAndWait(buf, idx, args, CAAM_ECDSA_ECDH); + ForceZero(pk, sizeof(pk)); (void)devId; if (ret == 0) { *outlen = keySz; @@ -737,20 +753,25 @@ key->blackKey = (pt[0] << 24) | (pt[1] << 16) | (pt[2] << 8) | pt[3]; if (wc_ecc_import_unsigned(key, xy, xy + keySize, NULL, curveId) != 0) { WOLFSSL_MSG("issue importing public key"); + ForceZero(s, sizeof(s)); return -1; } key->partNum = args[2]; + ForceZero(s, sizeof(s)); return MP_OKAY; } else if (ret == 0) { if (wc_ecc_import_unsigned(key, xy, xy + keySize, s, curveId) != 0) { WOLFSSL_MSG("issue importing key"); + ForceZero(s, sizeof(s)); return -1; } key->blackKey = args[0]; + ForceZero(s, sizeof(s)); return MP_OKAY; } + ForceZero(s, sizeof(s)); return -1; } #endif /* WOLFSSL_KEY_GEN */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_fsl_nxp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_fsl_nxp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -443,12 +443,14 @@ if (key->blackKey == CAAM_BLACK_KEY_CCM) { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz + WC_CAAM_MAC_SZ) != MP_OKAY) { + ForceZero(k, sizeof(k)); return MP_TO_E; } } else { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(key), k, kSz) != MP_OKAY) { + ForceZero(k, sizeof(k)); return MP_TO_E; } } @@ -457,6 +459,7 @@ ecdsel = GetECDSEL(dp->id); if (ecdsel == 0) { WOLFSSL_MSG("unknown key type or size"); + ForceZero(k, sizeof(k)); return CRYPTOCB_UNAVAILABLE; } @@ -469,6 +472,7 @@ break; default: WOLFSSL_MSG("unknown/unsupported key type"); + ForceZero(k, sizeof(k)); return BAD_FUNC_ARG; } @@ -508,10 +512,12 @@ mp_free(&mps); if (ret != 0) { WOLFSSL_MSG("Issue converting to signature"); + ForceZero(k, sizeof(k)); return -1; } } + ForceZero(k, sizeof(k)); return ret; } @@ -697,22 +703,26 @@ if (private_key->blackKey == CAAM_BLACK_KEY_CCM) { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz + WC_CAAM_MAC_SZ) != MP_OKAY) { + ForceZero(k, sizeof(k)); return MP_TO_E; } } else { if (mp_to_unsigned_bin_len(wc_ecc_key_get_priv(private_key), k, keySz) != MP_OKAY) { + ForceZero(k, sizeof(k)); return MP_TO_E; } } if (*outlen < (word32)keySz) { + ForceZero(k, sizeof(k)); return -1; } status = CAAM_ECC_ECDH(CAAM, &hndl, k, keySz, qxy, keySz*2, out, keySz, ecdsel, enc); + ForceZero(k, sizeof(k)); if (status == kStatus_Success) { *outlen = keySz; return MP_OKAY; @@ -762,17 +772,22 @@ return CRYPTOCB_UNAVAILABLE; } - if (key->blackKey == CAAM_BLACK_KEY_ECB) { + switch (key->blackKey) { + case CAAM_BLACK_KEY_ECB: enc = CAAM_PKHA_ENC_PRI_AESECB; - } - - if (key->blackKey == 0) { + break; + case 0: #ifdef WOLFSSL_CAAM_NO_BLACK_KEY enc = 0; #else key->blackKey = CAAM_BLACK_KEY_ECB; enc = CAAM_PKHA_ENC_PRI_AESECB; #endif + break; + default: + WOLFSSL_MSG("unknown/unsupported key type"); + ForceZero(k, sizeof(k)); + return BAD_FUNC_ARG; } status = CAAM_ECC_Keygen(CAAM, &hndl, k, &kSz, xy, &xySz, ecdsel, @@ -787,6 +802,7 @@ ret = -1; } + ForceZero(k, sizeof(k)); return ret; } #endif /* WOLFSSL_KEY_GEN */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,6 +72,7 @@ CAAM_BUFFER buf[2]; word32 arg[4]; int ret; + int idx = 0; if (buffer == NULL || ctx == NULL || (data == NULL && len > 0)) { return BAD_FUNC_ARG; @@ -262,7 +263,7 @@ ret = wc_Sha224_Grow(sha224, in, inSz); #else ret = _ShaUpdate(sha224->buffer, &sha224->bufferLen, - (byte*)sha224->digest, data, len, SHA224_DIGEST_SIZE, CAAM_SHA224); + (byte*)sha224->digest, in, inSz, SHA224_DIGEST_SIZE, CAAM_SHA224); #endif } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_hmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_hmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_init.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_init.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_init.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_init.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_qnx.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_qnx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_qnx.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_qnx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_qnx.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_seco.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_seco.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_seco.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_seco.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_seco.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1075,7 +1075,7 @@ } XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); (void)sz; - return HSM_NO_ERROR; + return err; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_x25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_x25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_x25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/caam/wolfcaam_x25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_x25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,3 +1,264 @@ -# Cavium Nitrox III/V Support +# Cavium Nitrox V Support -Please contact wolfSSL at info@wolfssl.com to request an evaluation. +## Directory Structure: +`/` + `/CNN55XX-SDK` + `/wolfssl` + +## Building Cavium Driver + +Tested using `CNN55XX-Driver-Linux-KVM-XEN-PF-SDK-1.4.14.tar` + +### Installation + +```sh +$ cd CN55XX-SDK +$ make clean +$ make +$ cd bin +$ sudo perl ./init_nitrox.pl + +NITROX-V devices found: 1 +NITROX-V driver(nitrox_drv.ko) load: SUCCESS +NITROX-V Device-0 part: CNN5560-900BG676-C45-G + +Reading config file: ../microcode/ssl.conf +Device count: 1 Config file device count: 2 + + NITROX Model: 0x1200 [ CNN55XX PASS 1.0 ] + + Microcode Details: + Version : CNN5x-MC-AE-MAIN-0001 + Core Count : 80 + Code length : 9514 + Block number: 0 + + Microcode Details: + Version : CNN5x-MC-SE-SSL-0004 + Core Count : 64 + Code length : 23738 + Block number: 1 + + Microcode Load Succeed on device: 0 + + [ AE ] Microcode: CNN5x-MC-AE-MAIN-0001 + Group : 0 + Core Mask [Hi Low]: ffff ffffffffffffffff [ 80 ] + + [ SE ] Microcode: CNN5x-MC-SE-SSL-0004 + Group : 0 + Core Mask : ffffffffffffffff [ 64 ] + +Microcode Load success +``` + +```sh +$ lspci | grep Cavium +09:00.0 Network and computing encryption device: Cavium, Inc. Nitrox XL NPX (rev 01) +81:00.0 Network and computing encryption device: Cavium, Inc. Device 0012 +``` + +#### Issues + +1. Fixes to Nitrox Driver for includes into wolfSSL + +a. Modify `include/vf_defs.h:120` -> `vf_config_mode_str()` function to: + +```c +static inline const char *vf_config_mode_str(vf_config_type_t vf_mode) +{ + const char *vf_mode_str; +``` + +b. Add `case PF:` to `include/vf_defs.h:82` above `default:` in `vf_config_mode_to_num_vfs()`. + +c. In `include/linux/sysdep.h:46` rename `__BYTED_ORDER` to `__BYTE_ORDER`. + + +2. If the CNN55XX driver is not extracted on the Linux box it can cause issues with the symbolic links in the microcode folder. Fix was to resolve the symbolic links in `./microcode`. + +```sh +NITROX Model: 0x1200 [ CNN55XX PASS 1.0 ] +Invalid microcode +ucode_dload: failed to initialize +``` + +Resolve Links: +```sh +cd microcode +rm main_asym.out +ln -s ./build/main_ae.out ./main_asym.out +rm main_ipsec.out +ln -s ./build/main_ipsec.out ./main_ipsec.out +rm main_ssl.out +ls -s ./build/main_ssl.out ./main_ssl.out +``` + + +## Building wolfSSL + +```sh +./configure --with-cavium-v=../CNN55XX-SDK --enable-asynccrypt --enable-aesni --enable-intelasm +make +sudo make install +``` + +### CFLAGS + +`CFLAGS+= -DHAVE_CAVIUM -DHAVE_CAVIUM_V -DWOLFSSL_ASYNC_CRYPT -DHAVE_WOLF_EVENT -DHAVE_WOLF_BIGINT` +`CFLAGS+= -I../CNN55XX-SDK/include -lrt -lcrypto` + +* `HAVE_CAVIUM`: The Cavium define +* `HAVE_CAVIUM_V`: Nitrox V +* `WOLFSSL_ASYNC_CRYPT`: Enable asynchronous wolfCrypt. +* `HAVE_WOLF_EVENT`: Enable wolf event support (required for async) +* `HAVE_WOLF_BIGINT`: Enable wolf big integer support (required for async) + + +### LDFLAGS + +Include the libnitrox static library: +`LDFLAGS+= ../CNN55XX-SDK/lib/libnitrox.a` + + +### wolfSSL Build Issues + +a. If building with debug `-g` and using an older binutils LD version 2.23 or less you may see a linker crash. Example of error: `BFD (GNU Binutils) 2.23.2 internal error, aborting at merge.c line 873 in _bfd_merged_section_offset`. Resolution is to use this in the CFLAGS `-g -fno-merge-debug-strings -fdebug-types-section`. + + +## Usage + +Note: Must run applications with `sudo` to access device. + +``` +sudo ./wolfcrypt/benchmark/benchmark +sudo ./wolfcrypt/test/testwolfcrypt +``` + + +## TLS Code Template + +```c +/* GLOBAL DEVICE IDENTIFIER */ +#ifdef WOLFSSL_ASYNC_CRYPT + static int devId = INVALID_DEVID; +#endif + + +/* DONE AT INIT */ +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfAsync_DevOpen(&devId) != 0) { + fprintf(stderr, "Async device open failed\nRunning without async\n"); + } + + wolfSSL_CTX_UseAsync(ctx, devId); +#endif + +/* DONE IN YOUR WORKER LOOP IN WC_PENDING_E CASES AGAINST YOUR WOLFSSL_CTX */ +#ifdef WOLFSSL_ASYNC_CRYPT + int ret; + WOLF_EVENT* wolfEvents[MAX_WOLF_EVENTS]; + int eventCount, i; + + /* get list of events that are done (not pending) */ + ret = wolfSSL_CTX_AsyncPoll(ctx, wolfEvents, MAX_WOLF_EVENTS, WOLF_POLL_FLAG_CHECK_HW, &eventCount); + if (ret != 0) + goto error; + + for (i = 0; i < eventCount; i++) { + WOLFSSL* ssl = (WOLFSSL*)wolfEvents[i]->context; + if (ssl) { + /* your SSL object is ready to be called again */ + } + } +#endif + +/* DONE AT CLEANUP */ +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif +``` + +## Benchmarks + +Nitrox V: CNN5560-900-C45 +Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz +CentOS: Kernel 3.10.0-514.16.1.el7.x86_64 +Single Thread + +``` +./configure --with-cavium-v=../CNN55XX-SDK --enable-asynccrypt --enable-aesni --enable-intelasm --enable-sp --enable-sp-asm CFLAGS="-DWC_NO_ASYNC_THREADING" && make + +sudo ./wolfcrypt/benchmark/benchmark + +wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) +RNG SW 135 MB took 1.012 seconds, 133.356 MB/s Cycles per byte = 25.69 +RNG HW 85 MB took 1.049 seconds, 81.039 MB/s Cycles per byte = 42.27 +AES-128-CBC-enc SW 845 MB took 1.001 seconds, 844.293 MB/s Cycles per byte = 4.06 +AES-128-CBC-dec SW 6060 MB took 1.001 seconds, 6055.102 MB/s Cycles per byte = 0.57 +AES-192-CBC-enc SW 710 MB took 1.004 seconds, 707.248 MB/s Cycles per byte = 4.84 +AES-192-CBC-dec SW 5055 MB took 1.001 seconds, 5050.086 MB/s Cycles per byte = 0.68 +AES-256-CBC-enc SW 610 MB took 1.003 seconds, 608.296 MB/s Cycles per byte = 5.63 +AES-256-CBC-dec SW 4330 MB took 1.001 seconds, 4326.604 MB/s Cycles per byte = 0.79 +AES-128-CBC-enc HW 240 MB took 1.018 seconds, 235.801 MB/s Cycles per byte = 14.53 +AES-128-CBC-dec HW 240 MB took 1.011 seconds, 237.312 MB/s Cycles per byte = 14.43 +AES-192-CBC-enc HW 220 MB took 1.021 seconds, 215.411 MB/s Cycles per byte = 15.90 +AES-192-CBC-dec HW 215 MB took 1.002 seconds, 214.516 MB/s Cycles per byte = 15.97 +AES-256-CBC-enc HW 200 MB took 1.016 seconds, 196.910 MB/s Cycles per byte = 17.40 +AES-256-CBC-dec HW 200 MB took 1.016 seconds, 196.758 MB/s Cycles per byte = 17.41 +AES-128-GCM-enc SW 3095 MB took 1.000 seconds, 3093.571 MB/s Cycles per byte = 1.11 +AES-128-GCM-dec SW 3090 MB took 1.001 seconds, 3087.702 MB/s Cycles per byte = 1.11 +AES-192-GCM-enc SW 2825 MB took 1.002 seconds, 2820.654 MB/s Cycles per byte = 1.21 +AES-192-GCM-dec SW 2815 MB took 1.000 seconds, 2814.153 MB/s Cycles per byte = 1.22 +AES-256-GCM-enc SW 2550 MB took 1.001 seconds, 2548.379 MB/s Cycles per byte = 1.34 +AES-256-GCM-dec SW 2555 MB took 1.002 seconds, 2550.183 MB/s Cycles per byte = 1.34 +AES-128-GCM-enc HW 135 MB took 1.018 seconds, 132.618 MB/s Cycles per byte = 25.83 +AES-128-GCM-dec HW 130 MB took 1.022 seconds, 127.202 MB/s Cycles per byte = 26.93 +AES-192-GCM-enc HW 135 MB took 1.019 seconds, 132.435 MB/s Cycles per byte = 25.86 +AES-192-GCM-dec HW 130 MB took 1.025 seconds, 126.789 MB/s Cycles per byte = 27.02 +AES-256-GCM-enc HW 135 MB took 1.019 seconds, 132.418 MB/s Cycles per byte = 25.87 +AES-256-GCM-dec HW 130 MB took 1.023 seconds, 127.071 MB/s Cycles per byte = 26.96 +CHACHA SW 3245 MB took 1.001 seconds, 3241.680 MB/s Cycles per byte = 1.06 +CHA-POLY SW 1930 MB took 1.000 seconds, 1929.817 MB/s Cycles per byte = 1.77 +MD5 SW 710 MB took 1.005 seconds, 706.678 MB/s Cycles per byte = 4.85 +POLY1305 SW 4850 MB took 1.000 seconds, 4849.127 MB/s Cycles per byte = 0.71 +SHA SW 560 MB took 1.008 seconds, 555.558 MB/s Cycles per byte = 6.17 +SHA-224 SW 460 MB took 1.002 seconds, 459.021 MB/s Cycles per byte = 7.46 +SHA-256 SW 460 MB took 1.002 seconds, 459.013 MB/s Cycles per byte = 7.46 +SHA-384 SW 690 MB took 1.002 seconds, 688.368 MB/s Cycles per byte = 4.98 +SHA-512 SW 690 MB took 1.002 seconds, 688.414 MB/s Cycles per byte = 4.98 +SHA3-224 SW 330 MB took 1.007 seconds, 327.713 MB/s Cycles per byte = 10.45 +SHA3-256 SW 310 MB took 1.000 seconds, 309.909 MB/s Cycles per byte = 11.05 +SHA3-384 SW 235 MB took 1.007 seconds, 233.355 MB/s Cycles per byte = 14.68 +SHA3-512 SW 170 MB took 1.027 seconds, 165.547 MB/s Cycles per byte = 20.69 +HMAC-MD5 SW 705 MB took 1.002 seconds, 703.344 MB/s Cycles per byte = 4.87 +HMAC-MD5 HW 62670 MB took 1.000 seconds,62666.115 MB/s Cycles per byte = 0.05 +HMAC-SHA SW 555 MB took 1.000 seconds, 554.964 MB/s Cycles per byte = 6.17 +HMAC-SHA HW 62745 MB took 1.000 seconds,62744.312 MB/s Cycles per byte = 0.05 +HMAC-SHA224 SW 475 MB took 1.005 seconds, 472.870 MB/s Cycles per byte = 7.24 +HMAC-SHA224 HW 62415 MB took 1.000 seconds,62412.262 MB/s Cycles per byte = 0.05 +HMAC-SHA256 SW 475 MB took 1.005 seconds, 472.710 MB/s Cycles per byte = 7.25 +HMAC-SHA256 HW 63185 MB took 1.000 seconds,63180.255 MB/s Cycles per byte = 0.05 +HMAC-SHA384 SW 690 MB took 1.005 seconds, 686.794 MB/s Cycles per byte = 4.99 +HMAC-SHA384 HW 62575 MB took 1.000 seconds,62573.195 MB/s Cycles per byte = 0.05 +HMAC-SHA512 SW 690 MB took 1.004 seconds, 687.563 MB/s Cycles per byte = 4.98 +HMAC-SHA512 HW 62430 MB took 1.000 seconds,62428.497 MB/s Cycles per byte = 0.05 +RSA 2048 public SW 3900 ops took 1.026 sec, avg 0.263 ms, 3801.211 ops/sec +RSA 2048 private SW 300 ops took 1.035 sec, avg 3.452 ms, 289.722 ops/sec +RSA 2048 public HW 140900 ops took 1.001 sec, avg 0.007 ms, 140825.228 ops/sec +RSA 2048 private HW 8300 ops took 1.004 sec, avg 0.121 ms, 8267.789 ops/sec +DH 2048 key gen SW 1010 ops took 1.004 sec, avg 0.994 ms, 1005.939 ops/sec +DH 2048 agree SW 1000 ops took 1.005 sec, avg 1.005 ms, 995.404 ops/sec +ECC 256 key gen SW 1090 ops took 1.001 sec, avg 0.918 ms, 1089.153 ops/sec +ECDHE 256 agree SW 1400 ops took 1.038 sec, avg 0.742 ms, 1348.211 ops/sec +ECDSA 256 sign SW 1400 ops took 1.076 sec, avg 0.769 ms, 1300.595 ops/sec +ECDSA 256 verify SW 1900 ops took 1.016 sec, avg 0.535 ms, 1870.353 ops/sec +ECDHE 256 agree HW 10500 ops took 1.001 sec, avg 0.095 ms, 10485.383 ops/sec +ECDSA 256 sign HW 22200 ops took 1.001 sec, avg 0.045 ms, 22169.233 ops/sec +ECDSA 256 verify HW 7500 ops took 1.012 sec, avg 0.135 ms, 7408.213 ops/sec +``` + + +## Support + +For questions or issues email us at support@wolfssl.com. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README_Octeon.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README_Octeon.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README_Octeon.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/README_Octeon.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,3 +1,235 @@ -# Cavium Octeon III CN7300 +# Octeon III -Please contact wolfSSL at info@wolfssl.com to request an evaluation. +Guide for setting up wolfSSL on the Octeon III CN7300 + +## Octeon SDK + +```sh +sudo yum install libuuid-devel +sudo yum install perl-Env + +sudo rpm -i OCTEON-SDK-5.1.0-609.x86_64.rpm +``` + +The OCTEON-SDK package has been successfully installed under the +/usr/local/Cavium_Networks directory. + +The installation requires the OCTEON_MODEL environment variable +to be set. To set this environment variable, cd to the +/usr/local/Cavium_Networks/OCTEON-SDK directory, and invoke + + source env-setup + +script. Valid OCTEON_MODELs are listed in octeon-models.txt file +under OCTEON-SDK directory. + +You may want to copy the OCTEON-SDK package to your home directory to allow +modification without root privileges. + +For more information please refer to the online SDK documentation: +file:///usr/local/Cavium_Networks/OCTEON-SDK/docs/html/index.html + +```sh +sudo rpm -i OCTEON-CRYPTO-CORE-5.1.0-01.x86_64.rpm +``` + +The OCTEON-CRYPTO-CORE is installed under +/usr/local/Cavium_Networks/OCTEON-SDK/components/crypto-api/core directory. +This package installs the following sources. + * Crypto-Core API Sources + * Sample Crypto-Core Test Applications + +Please refer to following documentation under +/usr/local/Cavium_Networks/OCTEON-SDK/components/crypto-api/core directory + * README.txt - contains build instructions and other details + * Release_Notes.txt - contains change history + +```sh +sudo rpm -i OCTEON-LINUX-5.1.0-609.x86_64.rpm +``` + +The Linux Kernel has been successfully installed under the directory +/usr/local/Cavium_Networks/OCTEON-SDK/linux + +Please refer to file:///usr/local/Cavium_Networks/OCTEON-SDK/docs/html/linux.html +on how to use Linux on the OCTEON. + + +Final Setup: + +```sh +cp -r /usr/local/Cavium_Networks/OCTEON-SDK/ ~ +cd OCTEON-SDK +source env-setup OCTEON_CN73XX + +cd examples +make +``` + +Setup for CN73XX board EVB7304 + +```sh +setenv qlm2_mode pcie +setenv pcie2_mode ep +setenv pcie2_gen 2 +setenv pcie2_lanes 4 +setenv qlm2_mode sgmii + +setenv qlm4_mode sata + +#setenv ethact octeth0 +#setenv ethprime octeth0 +dhcp + +saveenv +``` + +## Building bootloader + +```sh +# On Host +cd OCTEON-SDK/bootloader/u-boot +make distclean +make octeon_ebb7304 +make + +cp *.bin /mnt/cf1 + +# On Target +fatls mmc 1 +fatload mmc 1 $(loadaddr) u-boot-octeon_ebb7304.bin + +bootloadervalidate +bootloaderupdate +``` + +Note: You must run `source env-setup OCTEON_CN73XX` anytime a new shell is opened to setup the build environment. + +## Building Linux Kernel (Busybox) + +```sh +# On Host +su root +cd OCTEON-SDK +source env-setup OCTEON_CN73XX +cd linux +make clean +cd embedded_rootfs +make menuconfig +cd .. +make kernel +make strip + +cp ./kernel/linux/vmlinux.64 /mnt/cf1 +``` + +```sh +# On Target +telnet 192.168.0.114 9761 + +fatls mmc 1 +fatload mmc 1 $(loadaddr) vmlinux.64 +bootoctlinux $(loadaddr) coremask=0xffff root=/dev/sda2 mem=0 +``` + +Shortcut macro from U-Boot: + +```sh +# On Target +setenv linux_mmc 'fatload mmc 1 $(loadaddr) vmlinux.64;bootoctlinux $(loadaddr) coremask=0xffff root=/dev/sda2 mem=0' +run linux_mmc +saveenv +``` + +## Building Linux Debian + +```sh +su root +cd OCTEON-SDK +source env-setup OCTEON_CN73XX + +cd linux +make kernel-deb + +# Identify external /dev/sd* +fdisk -l + +# Edit /etc/fstab. Replace "sda" with the device name determined from above. +/dev/sdb1 /mnt/cf1 auto noauto,noatime,user 0 0 +/dev/sdb2 /mnt/cf2 ext3 noauto,noatime,user 0 0 + +mkdir -p /mnt/cf1 +mkdir -p /mnt/cf2 + +cd debian +make DISK=/dev/sdb compact-flash +cd .. +make kernel-deb flash + +usb start +fatls usb 0 +fatload usb 0 $(loadaddr) vmlinux.64 + +fatls mmc 0 +fatload mmc 0 $(loadaddr) vmlinux.64 +bootoctlinux $(loadaddr) coremask=0xffff root=/dev/mmcblk0p2 mem=0 rootdelay=5 +``` + +### Setting up default boot + +```sh +setenv bootcmd 'fatload mmc 0 $(loadaddr) vmlinux.64; bootoctlinux $(loadaddr) coremask=0xffff root=/dev/mmcblk0p2 mem=0 rootdelay=5' +saveenv +reset +``` + +### Debian Packages + +```sh +vi /etc/sources.list +deb http://archive.debian.org/debian/ jessie main contrib non-free +deb-src http://archive.debian.org/debian/ jessie main contrib non-free +#deb-src http://archive.debian.org/ jessie/updates main contrib non-free +#deb http://archive.debian.org/ jessie/updates main contrib non-free +``` + +## wolfSSL Building for Octeon + +```sh +cd examples +ln -s ../../wolfssl wolfssl +cd wolfssl +./autogen.sh +./configure --host=mips64 CC="mips64-octeon-linux-gnu-gcc -mabi=64" \ + --with-octeon-sync=../OCTEON-SDK OCTEON_OBJ=obj-octeon3 \ + --enable-cryptocb --enable-des3 CPPFLAGS="-DWOLFSSL_AES_DIRECT" \ + CFLAGS="-Wno-error=redundant-decls" +make + +``` + +Installing to USB media for use on Octeon Board: + +```sh +cp -r src /run/media/dgarske/OCTEON/ +cp -r wolfcrypt/ /run/media/dgarske/OCTEON/ +cp -r wolfssl /run/media/dgarske/OCTEON/ +cp -r certs /run/media/dgarske/OCTEON/ +``` + + +## Remote Access + +### UART and Telnet + +EBB7304_DEFAULT D8-80-39-7D-6D-0B + +telnet 192.168.0.114 9760 +telnet 192.168.0.114 9761 + +date 070216502019 + + +## Support + +For questions please email wolfSSL at support@wolfssl.com diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_nitrox.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_nitrox.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_nitrox.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_nitrox.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1234 @@ +/* cavium_nitrox.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_CAVIUM + +#include +#include +#include +#include +#ifndef NO_RSA + #include +#endif +#ifndef NO_AES + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#include + +#include +#ifndef HAVE_CAVIUM_V + #include "cavium_ioctl.h" +#else + #include "cavium_sym_crypto.h" + #include "cavium_asym_crypto.h" +#endif +#include +#include /* For ntohs */ + +static CspHandle mLastDevHandle = INVALID_DEVID; + +#ifndef NITROX_MAX_BUF_LEN + /* max buffer pool size is 32768, but need to leave room for request */ + #define NITROX_MAX_BUF_LEN (32768U / 2) +#endif + +int NitroxTranslateResponseCode(int ret) +{ + switch (ret) { + case EAGAIN: + case ERR_REQ_PENDING: + case REQUEST_PENDING: + ret = WC_PENDING_E; + break; + case ERR_REQ_TIMEOUT: + ret = WC_TIMEOUT_E; + break; + case ERR_DATA_LEN_INVALID: + ret = BAD_FUNC_ARG; + break; + case ERR_ECC_SIGNATURE_MISMATCH: + ret = SIG_VERIFY_E; + break; + case ERR_PKCS_DECRYPT_INCORRECT: + ret = ASN_SIG_CONFIRM_E; /* RSA_PAD_E */ + break; + case ERR_GC_ICV_MISCOMPARE: + ret = AES_GCM_AUTH_E; + break; + case 0: + case 1: + ret = 0; /* treat as success */ + break; + default: + printf("NitroxTranslateResponseCode Unknown ret=0x%x\n", ret); + ret = ASYNC_INIT_E; + } + return ret; +} + +static WC_INLINE void NitroxDevClear(WC_ASYNC_DEV* dev) +{ + /* values that must be reset prior to calling algo */ + /* this is because operation may complete before added to event list */ + dev->event.ret = WC_PENDING_E; + dev->event.state = WOLF_EVENT_STATE_PENDING; + dev->event.reqId = 0; +} + +CspHandle NitroxGetDeviceHandle(void) +{ + return mLastDevHandle; +} + +CspHandle NitroxOpenDevice(int dma_mode, int dev_id) +{ + mLastDevHandle = INVALID_DEVID; + +#ifdef HAVE_CAVIUM_V + (void)dma_mode; + + if (CspInitialize(dev_id, &mLastDevHandle)) { + return -1; + } + +#else + Csp1CoreAssignment core_assign; + Uint32 device; + + if (CspInitialize(CAVIUM_DIRECT, CAVIUM_DEV_ID)) { + return -1; + } + if (Csp1GetDevType(&device)) { + return -1; + } + if (device != NPX_DEVICE) { + if (ioctl(gpkpdev_hdlr[CAVIUM_DEV_ID], IOCTL_CSP1_GET_CORE_ASSIGNMENT, + (Uint32 *)&core_assign)!= 0) { + return -1; + } + } + CspShutdown(CAVIUM_DEV_ID); + + mLastDevHandle = CspInitialize(dma_mode, dev_id); + if (mLastDevHandle == 0) { + mLastDevHandle = dev_id; + } + +#endif /* HAVE_CAVIUM_V */ + + return mLastDevHandle; +} + +CspHandle NitroxOpenDeviceDefault(void) +{ + return NitroxOpenDevice(CAVIUM_DIRECT, CAVIUM_DEV_ID); +} + + +int NitroxAllocContext(WC_ASYNC_DEV* dev, CspHandle devId, + context_type_t type) +{ + int ret; + + if (dev == NULL) { + return -1; + } + + /* If invalid handle provided, use last open one */ + if (devId == INVALID_DEVID) { + devId = NitroxGetDeviceHandle(); + } + +#ifdef HAVE_CAVIUM_V + ret = CspAllocContext(devId, type, &dev->nitrox.contextHandle); +#else + ret = CspAllocContext(type, &dev->nitrox.contextHandle, devId); +#endif + if (ret != 0) { + return -1; + } + + dev->nitrox.type = type; + dev->nitrox.devId = devId; + + return 0; +} + +void NitroxFreeContext(WC_ASYNC_DEV* dev) +{ + if (dev == NULL) { + return; + } + +#ifdef HAVE_CAVIUM_V + CspFreeContext(dev->nitrox.devId, dev->nitrox.type, + dev->nitrox.contextHandle); +#else + CspFreeContext(dev->nitrox.type, dev->nitrox.contextHandle, + dev->nitrox.devId); +#endif +} + +void NitroxCloseDevice(CspHandle devId) +{ + if (devId >= 0) { + CspShutdown(devId); + } +} + +#if defined(WOLFSSL_ASYNC_CRYPT) + +int NitroxCheckRequest(WC_ASYNC_DEV* dev, WOLF_EVENT* event) +{ + int ret = BAD_FUNC_ARG; + if (dev && event) { + ret = CspCheckForCompletion(dev->nitrox.devId, event->reqId); + event->ret = NitroxTranslateResponseCode(ret); + } + return ret; +} + +int NitroxCheckRequests(WC_ASYNC_DEV* dev, + CspMultiRequestStatusBuffer* req_stat_buf) +{ + int ret; + + if (dev == NULL || req_stat_buf == NULL) + return BAD_FUNC_ARG; + +#ifdef HAVE_CAVIUM_V + ret = CspGetAllResults(req_stat_buf, dev->nitrox.devId); +#else + word32 res_count = 0; + word32 buf_size = sizeof(req_stat_buf->req); + ret = CspGetAllResults(req_stat_buf->req, buf_size, &res_count, + dev->nitrox.devId); + multi_req->count = res_count; +#endif + + return NitroxTranslateResponseCode(ret); +} + + +#ifndef NO_RSA + +int NitroxRsaExptMod(const byte* in, word32 inLen, + byte* exponent, word32 expLen, + byte* modulus, word32 modLen, + byte* out, word32* outLen, RsaKey* key) +{ + int ret; + + if (key == NULL || in == NULL || inLen == 0 || exponent == NULL || + modulus == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + (void)outLen; + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspMe(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, CAVIUM_SSL_GRP, + CAVIUM_DPORT, modLen, expLen, inLen, modulus, exponent, (Uint8*)in, + out, &key->asyncDev.nitrox.reqId); + #if 0 + /* TODO: Try MeCRT */ + ret = CspMeCRT(); + #endif +#else + /* Not implemented/supported */ + ret = NOT_COMPILED_IN; +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRsaExptMod: ret %x, req %lx in %p (%d), out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, in, inLen, out, *outLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return ret; +} + +int NitroxRsaPublicEncrypt(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + int ret; + + if (key == NULL || in == NULL || out == NULL || + outLen < (word32)key->n.raw.len) { + return BAD_FUNC_ARG; + } + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspPkcs1v15Enc(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, BT2, key->n.raw.len, key->e.raw.len, + (word16)inLen, key->n.raw.buf, key->e.raw.buf, (byte*)in, out, + &key->asyncDev.nitrox.reqId); +#else + ret = CspPkcs1v15Enc(CAVIUM_REQ_MODE, BT2, key->n.raw.len, key->e.raw.len, + (word16)inLen, key->n.raw.buf, key->e.raw.buf, (byte*)in, out, + &key->asyncDev.nitrox.reqId, key->asyncDev.nitrox.devId); +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRsaPublicEncrypt: ret %x, req %lx in %p (%d), out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, in, inLen, out, outLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return key->n.raw.len; +} + + +int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, + word32* outLen, RsaKey* key) +{ + int ret; + + if (key == NULL || in == NULL || out == NULL || + inLen != (word32)key->n.raw.len) { + return BAD_FUNC_ARG; + } + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspPkcs1v15CrtDec(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, BT2, key->n.raw.len, key->q.raw.buf, + key->dQ.raw.buf, key->p.raw.buf, key->dP.raw.buf, key->u.raw.buf, + (byte*)in, (Uint16*)outLen, out, &key->asyncDev.nitrox.reqId); +#else + ret = CspPkcs1v15CrtDec(CAVIUM_REQ_MODE, BT2, key->n.raw.len, + key->q.raw.buf, key->dQ.raw.buf, key->p.raw.buf, key->dP.raw.buf, + key->u.raw.buf, (byte*)in, &outLen, out, &key->asyncDev.nitrox.reqId, + key->asyncDev.nitrox.devId); +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRsaPrivateDecrypt: ret %x, req %lx in %p (%d), out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, in, inLen, out, *outLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + *outLen = ntohs(*outLen); + + return *outLen; +} + + +int NitroxRsaSSL_Sign(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key) +{ + int ret; + + if (key == NULL || in == NULL || out == NULL || inLen == 0 || outLen < + (word32)key->n.raw.len) { + return BAD_FUNC_ARG; + } + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspPkcs1v15CrtEnc(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, BT1, key->n.raw.len, (word16)inLen, + key->q.raw.buf, key->dQ.raw.buf, key->p.raw.buf, key->dP.raw.buf, + key->u.raw.buf, (byte*)in, out, &key->asyncDev.nitrox.reqId); +#else + ret = CspPkcs1v15CrtEnc(CAVIUM_REQ_MODE, BT1, key->n.raw.len, (word16)inLen, + key->q.raw.buf, key->dQ.raw.buf, key->p.raw.buf, key->dP.raw.buf, + key->u.raw.buf, (byte*)in, out, &key->asyncDev.nitrox.reqId, + key->asyncDev.nitrox.devId); +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRsaSSL_Sign: ret %x, req %lx in %p (%d), out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, in, inLen, out, outLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return key->n.raw.len; +} + + +int NitroxRsaSSL_Verify(const byte* in, word32 inLen, byte* out, + word32* outLen, RsaKey* key) +{ + int ret; + + if (key == NULL || in == NULL || out == NULL || + inLen != (word32)key->n.raw.len) { + return BAD_FUNC_ARG; + } + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspPkcs1v15Dec(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, BT1, key->n.raw.len, key->e.raw.len, + key->n.raw.buf, key->e.raw.buf, (byte*)in, (Uint16*)outLen, out, + &key->asyncDev.nitrox.reqId); +#else + ret = CspPkcs1v15Dec(CAVIUM_REQ_MODE, BT1, key->n.raw.len, key->e.raw.len, + key->n.raw.buf, key->e.raw.buf, (byte*)in, &outLen, out, + &key->asyncDev.nitrox.reqId, key->asyncDev.nitrox.devId); +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRsaSSL_Verify: ret %x, req %lx in %p (%d), out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, in, inLen, out, *outLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + *outLen = ntohs(*outLen); + + return *outLen; +} +#endif /* !NO_RSA */ + + + +#if defined(HAVE_ECC) && defined(HAVE_CAVIUM_V) + + +static int NitroxEccGetCid(ecc_key* key, CurveId* cid) +{ + int ret = 0; + + if (key == NULL || key->dp == NULL) + return BAD_FUNC_ARG; + + switch (key->dp->id) { + #if 0 /* ECDH P521 appears to be broken on Nitrox V v1.4 SDK */ + case ECC_SECP521R1: + *cid = P521; + break; + #endif + case ECC_SECP384R1: + *cid = P384; + break; + case ECC_SECP256R1: + *cid = P256; + break; + case ECC_SECP224R1: + *cid = P224; + break; + case ECC_SECP192R1: + *cid = P192; + break; + default: + ret = BAD_FUNC_ARG; + break; + } + + return ret; +} +int NitroxEccIsCurveSupported(ecc_key* key) +{ + CurveId cid; + return NitroxEccGetCid(key, &cid) == 0 ? 1 : 0; +} + +int NitroxEccGetSize(ecc_key* key) +{ + return ROUNDUP8(key->dp->size); +} + +int NitroxEccPad(WC_BIGINT* bi, word32 padTo) +{ + if (bi->len < padTo) { + int x = padTo - bi->len; + XMEMCPY(bi->buf + x, bi->buf, bi->len); + XMEMSET(bi->buf, 0, x); + bi->len = padTo; + } + return 0; +} + +int NitroxEccRsSplit(ecc_key* key, WC_BIGINT* r, WC_BIGINT* s) +{ + if (NitroxEccIsCurveSupported(key)) { + int rSz = NitroxEccGetSize(key); + + /* split r and s */ + XMEMCPY(s->buf, r->buf + rSz, key->dp->size); + XMEMSET(r->buf + key->dp->size, 0, key->dp->size); + r->len = key->dp->size; + s->len = key->dp->size; + } + return 0; +} + +#ifdef HAVE_ECC_DHE +int NitroxEcdh(ecc_key* key, + WC_BIGINT* k, WC_BIGINT* xG, WC_BIGINT* yG, + byte* out, word32* outlen, WC_BIGINT* q) +{ + int ret; + CurveId cid; + word32 curveSz; + + ret = NitroxEccGetCid(key, &cid); + if (ret < 0) + return ret; + + /* out buffer requires spaces for X and Y even though only X is used */ + curveSz = NitroxEccGetSize(key); + if (*outlen < curveSz * 2) + return BUFFER_E; + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + + ret = CspECPointMul(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, cid, + xG->buf, yG->buf, q->buf, k->len, k->buf, out, out + curveSz, + &key->asyncDev.nitrox.reqId); + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxEcdh: ret %x, req %lx out %p (%d)\n", + ret, key->asyncDev.nitrox.reqId, out, *outlen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return ret; +} +#endif /* HAVE_ECC_DHE */ + +#ifdef HAVE_ECC_SIGN +int NitroxEcdsaSign(ecc_key* key, + WC_BIGINT* m, WC_BIGINT* d, WC_BIGINT* k, + WC_BIGINT* r, WC_BIGINT* s, WC_BIGINT* q, WC_BIGINT* n) +{ + int ret; + CurveId cid; + + ret = NitroxEccGetCid(key, &cid); + if (ret < 0) + return ret; + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + + (void)s; /* placed at end of R */ + + ret = CspECDSASign(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, cid, q->buf, n->buf, k->len, k->buf, + m->len, m->buf, d->buf, r->buf, &key->asyncDev.nitrox.reqId); + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxEcdsaSign: ret %x, req %lx msg %p (%d), r %p\n", + ret, key->asyncDev.nitrox.reqId, m->buf, m->len, r->buf); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return ret; +} +#endif /* HAVE_ECC_SIGN */ + +#ifdef HAVE_ECC_VERIFY +int NitroxEcdsaVerify(ecc_key* key, + WC_BIGINT* m, WC_BIGINT* xp, WC_BIGINT* yp, + WC_BIGINT* r, WC_BIGINT* s, + WC_BIGINT* q, WC_BIGINT* n, int* stat) +{ + int ret; + CurveId cid; + int curveSz = key->dp->size; + + ret = NitroxEccGetCid(key, &cid); + if (ret < 0) + return ret; + + /* init return codes */ + NitroxDevClear(&key->asyncDev); + + /* adjust r and s for leading zero pad */ + NitroxEccPad(r, curveSz); + NitroxEccPad(s, curveSz); + + ret = CspECDSAVerify(key->asyncDev.nitrox.devId, CAVIUM_REQ_MODE, + CAVIUM_SSL_GRP, CAVIUM_DPORT, cid, r->buf, s->buf, m->len, m->buf, + n->buf, q->buf, xp->buf, yp->buf, &key->asyncDev.nitrox.reqId); + + /* hardware will ret failure if verify fails */ + *stat = 1; + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxEcdsaVerify: ret %x, req %lx msg %p (%d), r %p, s%p\n", + ret, key->asyncDev.nitrox.reqId, m->buf, m->len, r->buf, s->buf); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return ret; +} +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC */ + + +#ifndef NO_AES + +#if defined(HAVE_AES_CBC) || defined(HAVE_AESGCM) + +static int NitroxAesGetType(Aes* aes, AesType* type) +{ + int ret = 0; + switch (aes->keylen) { + case 16: + *type = AES_128_BIT; + break; + case 24: + *type = AES_192_BIT; + break; + case 32: + *type = AES_256_BIT; + break; + default: + ret = BAD_FUNC_ARG; + break; + } + return ret; +} + +static int NitroxAesEncrypt(Aes* aes, int aes_algo, + const byte* key, const byte* iv, + byte* out, const byte* in, word32 length, + word32 aad_len, const byte* aad, byte* tag) +{ + int ret = 0, cav_ret = 0; + int offset = 0; + AesType aes_type; + const int blockMode = CAVIUM_BLOCKING; + + ret = NitroxAesGetType(aes, &aes_type); + if (ret != 0) { + return ret; + } + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&aes->asyncDev); + + while (length > 0) { + word32 slen = length; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + #ifdef HAVE_CAVIUM_V + cav_ret = CspEncryptAes(aes->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + aes->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, aes_algo, + aes_type, (byte*)key, (byte*)iv, aad_len, (byte*)aad, (byte*)tag, + (word16)slen, (byte*)in + offset, out + offset, + &aes->asyncDev.nitrox.reqId); + #else + if (aes_type != AES_CBC) { + ret = NOT_COMPILED_IN; + break; + } + + (void)aad_len; + (void)aad; + (void)tag; + + cav_ret = CspEncryptAes(blockMode, aes->asyncDev.nitrox.contextHandle, + CAVIUM_NO_UPDATE, aes_type, + (word16)slen, (byte*)in + offset, out + offset, + (byte*)iv, (byte*)key, + &aes->asyncDev.nitrox.reqId, aes->asyncDev.nitrox.devId); + #endif + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + + length -= slen; + offset += slen; + + XMEMCPY(aes->reg, out + offset - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxAesEncrypt: ret %x (%d), algo %d, in %p, out %p, sz %d, " + "iv %p, aad %p (%d), tag %p\n", + cav_ret, ret, aes_algo, in, out, offset, iv, aad, aad_len, tag); +#endif + + return ret; +} + +#ifdef HAVE_AES_DECRYPT +static int NitroxAesDecrypt(Aes* aes, int aes_algo, + const byte* key, const byte* iv, + byte* out, const byte* in, word32 length, + word32 aad_len, const byte* aad, const byte* tag) +{ + int ret = 0, cav_ret = 0; + int offset = 0; + AesType aes_type; + const int blockMode = CAVIUM_BLOCKING; + + ret = NitroxAesGetType(aes, &aes_type); + if (ret != 0) { + return ret; + } + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&aes->asyncDev); + + while (length > 0) { + word32 slen = length; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + XMEMCPY(aes->tmp, in + offset + slen - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + + #ifdef HAVE_CAVIUM_V + cav_ret = CspDecryptAes(aes->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + aes->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, aes_algo, + aes_type, (byte*)key, (byte*)iv, aad_len, (byte*)aad, (byte*)tag, + (word16)slen, (byte*)in + offset, out + offset, + &aes->asyncDev.nitrox.reqId); + #else + if (aes_type != AES_CBC) { + ret = NOT_COMPILED_IN; + break; + } + + (void)aad_len; + (void)aad; + (void)tag; + + cav_ret = CspDecryptAes(blockMode, aes->asyncDev.nitrox.contextHandle, + CAVIUM_NO_UPDATE, aes_sz_type, (word16)slen, (byte*)in + offset, + out + offset, (byte*)iv, (byte*)key, + &aes->asyncDev.nitrox.reqId, aes->asyncDev.nitrox.devId); + #endif + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + length -= slen; + offset += slen; + + XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxAesDecrypt: ret %x (%d), algo %d, in %p, out %p, sz %d, " + "iv %p, aad %p (%d), tag %p\n", + cav_ret, ret, aes_algo, in, out, offset, iv, aad, aad_len, tag); +#endif + + return ret; +} +#endif /* HAVE_AES_DECRYPT */ + +#ifdef HAVE_AES_CBC +int NitroxAesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length) +{ + return NitroxAesEncrypt(aes, AES_CBC, + (byte*)aes->devKey, (byte*)aes->reg, + out, in, length, 0, NULL, NULL); +} + +#ifdef HAVE_AES_DECRYPT +int NitroxAesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length) +{ + return NitroxAesDecrypt(aes, AES_CBC, + (byte*)aes->devKey, (byte*)aes->reg, + out, in, length, 0, NULL, NULL); +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ + +#ifdef HAVE_AESGCM +int NitroxAesGcmEncrypt(Aes* aes, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + const byte* ivTmp = iv; + byte ivLcl[AES_BLOCK_SIZE]; + + (void)keySz; + (void)authTagSz; + + /* Nitrox HW requires IV buffer to be 16-bytes */ + if (ivSz < AES_BLOCK_SIZE) { + ivTmp = ivLcl; + XMEMCPY(ivLcl, iv, ivSz); + } + + return NitroxAesEncrypt(aes, AES_GCM, key, ivTmp, out, in, sz, + authInSz, authIn, authTag); +} + +#ifdef HAVE_AES_DECRYPT +int NitroxAesGcmDecrypt(Aes* aes, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + const byte* ivTmp = iv; + byte ivLcl[AES_BLOCK_SIZE]; + + (void)keySz; + (void)authTagSz; + + /* Nitrox HW requires IV buffer to be 16-bytes */ + if (ivSz < AES_BLOCK_SIZE) { + ivTmp = ivLcl; + XMEMCPY(ivLcl, iv, ivSz); + } + + return NitroxAesDecrypt(aes, AES_GCM, key, ivTmp, out, in, sz, + authInSz, authIn, authTag); +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AESGCM */ + +#endif /* HAVE_AES_CBC || HAVE_AESGCM */ +#endif /* !NO_AES */ + + +#if !defined(NO_RC4) && !defined(HAVE_CAVIUM_V) +int NitroxArc4SetKey(Arc4* arc4, const byte* key, word32 length) +{ + if (CspInitializeRc4(CAVIUM_BLOCKING, arc4->asyncDev.nitrox.contextHandle, + length, (byte*)key, &arc4->asyncDev.nitrox.reqId, arc4->devId) != 0) { + WOLFSSL_MSG("Bad Cavium Arc4 Init"); + return ASYNC_INIT_E; + } + return 0; +} + +int NitroxArc4Process(Arc4* arc4, byte* out, const byte* in, word32 length) +{ + int ret = 0, cav_ret = 0; + int offset = 0; + const int blockMode = CAVIUM_BLOCKING; + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&arc4->asyncDev); + + while (length > 0) { + word32 slen = length; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + cav_ret = CspEncryptRc4(blockMode, + arc4->asyncDev.nitrox.contextHandle, CAVIUM_UPDATE, (word16)slen, + (byte*)in + offset, out + offset, + &arc4->asyncDev.nitrox.reqId, arc4->devId); + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + + length -= slen; + offset += slen; + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxArc4Process: ret %x (%d), in %p, output %p, sz %d\n", + cav_ret, ret, in, output, offset); +#endif + + return ret; +} +#endif /* !NO_RC4 && !HAVE_CAVIUM_V */ + + +#ifndef NO_DES3 +int NitroxDes3CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length) +{ + int ret = 0, cav_ret = 0; + int offset = 0; + const int blockMode = CAVIUM_BLOCKING; + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&des3->asyncDev); + + while (length > 0) { + word32 slen = length; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + #ifdef HAVE_CAVIUM_V + cav_ret = CspEncrypt3Des(des3->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC, + (byte*)des3->devKey, (byte*)des3->reg, (word16)slen, + (byte*)in + offset, out + offset, &des3->asyncDev.nitrox.reqId); + #else + cav_ret = CspEncrypt3Des(blockMode, + des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen, + (byte*)in + offset, out + offset, (byte*)des3->reg, + (byte*)des3->devKey, &des3->asyncDev.nitrox.reqId, + des3->asyncDev.nitrox.devId); + #endif + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + length -= slen; + offset += slen; + + XMEMCPY(des3->reg, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxDes3CbcEncrypt: ret %x (%d), in %p, out %p, sz %d\n", + cav_ret, ret, in, out, offset); +#endif + + return ret; +} + +int NitroxDes3CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length) +{ + int ret = 0, cav_ret = 0; + int offset = 0; + const int blockMode = CAVIUM_BLOCKING; + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&des3->asyncDev); + + while (length > 0) { + word32 slen = length; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + XMEMCPY(des3->tmp, in + offset + slen - DES_BLOCK_SIZE, DES_BLOCK_SIZE); + + #ifdef HAVE_CAVIUM_V + cav_ret = CspDecrypt3Des(des3->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + des3->asyncDev.nitrox.contextHandle, FROM_DPTR, FROM_CTX, DES3_CBC, + (byte*)des3->devKey, (byte*)des3->reg, (word16)slen, + (byte*)in + offset, out + offset, &des3->asyncDev.nitrox.reqId); + #else + cav_ret = CspDecrypt3Des(blockMode, + des3->asyncDev.nitrox.contextHandle, CAVIUM_NO_UPDATE, (word16)slen, + (byte*)in + offset, out + offset, (byte*)des3->reg, + (byte*)des3->devKey, &des3->asyncDev.nitrox.reqId, + des3->asyncDev.nitrox.devId); + #endif + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + length -= slen; + offset += slen; + + XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxDes3CbcDecrypt: ret %x (%d), in %p, out %p, sz %d\n", + cav_ret, ret, in, out, offset); +#endif + + return ret; +} +#endif /* !NO_DES3 */ + + +#ifndef NO_HMAC +static int NitroxHmacGetType(int type) +{ + int cav_type = -1; + + /* Determine Cavium HashType */ + switch(type) { + #ifndef NO_MD5 + case WC_MD5: + cav_type = MD5_TYPE; + break; + #endif + #ifndef NO_SHA + case WC_SHA: + cav_type = SHA1_TYPE; + break; + #endif + #ifndef NO_SHA256 + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + #ifdef HAVE_CAVIUM_V + cav_type = SHA2_SHA224; + #else + cav_type = SHA224_TYPE; + #endif + break; + #endif /* WOLFSSL_SHA224 */ + case WC_SHA256: + #ifdef HAVE_CAVIUM_V + cav_type = SHA2_SHA256; + #else + cav_type = SHA256_TYPE; + #endif + break; + #endif +#ifdef HAVE_CAVIUM_V + #ifdef WOLFSSL_SHA512 + case WC_SHA512: + #ifdef HAVE_CAVIUM_V + cav_type = SHA2_SHA512; + #else + cav_type = SHA512_TYPE; + #endif + break; + #endif + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + #ifdef HAVE_CAVIUM_V + cav_type = SHA2_SHA384; + #else + cav_type = SHA384_TYPE; + #endif + break; + #endif + #ifdef WOLFSSL_SHA3 + case WC_SHA3_224: + cav_type = SHA3_SHA224; + break; + case WC_SHA3_256: + cav_type = SHA3_SHA256; + break; + case WC_SHA3_384: + cav_type = SHA3_SHA384; + break; + case WC_SHA3_512: + cav_type = SHA3_SHA512; + break; + #endif /* WOLFSSL_SHA3 */ +#endif /* HAVE_CAVIUM_V */ + default: + WOLFSSL_MSG("unsupported cavium hmac type"); + cav_type = -1; + break; + } + + return cav_type; +} + +int NitroxHmacUpdate(Hmac* hmac, const byte* msg, word32 length) +{ + int ret; + int cav_type = NitroxHmacGetType(hmac->macType); + const int blockMode = CAVIUM_BLOCKING; + + if (cav_type == -1) { + return NOT_COMPILED_IN; + } + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&hmac->asyncDev); + + if (hmac->innerHashKeyed == 0) { /* starting new */ + #ifdef HAVE_CAVIUM_V + int digest_sz = wc_HmacSizeByType(hmac->macType); + ret = CspHmacStart(hmac->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + hmac->asyncDev.nitrox.contextHandle, cav_type, + hmac->keyLen, (byte*)hmac->ipad, length, (Uint8*)msg, + digest_sz, &hmac->asyncDev.nitrox.reqId); + #else + ret = CspHmacStart(blockMode, hmac->asyncDev.nitrox.contextHandle, + cav_type, hmac->keyLen, (byte*)hmac->ipad, length, msg, + &hmac->asyncDev.nitrox.reqId, hmac->asyncDev.nitrox.devId); + #endif + + hmac->innerHashKeyed = 1; + } + else { + /* do update */ + + #ifdef HAVE_CAVIUM_V + ret = CspHmacUpdate(hmac->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + hmac->asyncDev.nitrox.contextHandle, cav_type, + length, (Uint8*)msg, &hmac->asyncDev.nitrox.reqId); + #else + ret = CspHmacUpdate(blockMode, hmac->asyncDev.nitrox.contextHandle, + cav_type, length, msg, + &hmac->asyncDev.nitrox.reqId, hmac->asyncDev.nitrox.devId); + #endif + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxHmacUpdate: ret %x, msg %p, length %d\n", ret, msg, length); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + return 0; +} + +int NitroxHmacFinal(Hmac* hmac, byte* hash, word16 hashLen) +{ + int ret; + int cav_type = NitroxHmacGetType(hmac->macType); + const int blockMode = CAVIUM_BLOCKING; + + if (cav_type == -1) { + return NOT_COMPILED_IN; + } + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&hmac->asyncDev); + +#ifdef HAVE_CAVIUM_V + ret = CspHmacFinish(hmac->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, + hmac->asyncDev.nitrox.contextHandle, cav_type, + 0, NULL, hashLen, hash, + &hmac->asyncDev.nitrox.reqId); +#else + (void)hashLen; + ret = CspHmacFinish(blockMode, hmac->asyncDev.nitrox.contextHandle, + cav_type, 0, NULL, hash, + &hmac->asyncDev.nitrox.reqId, hmac->asyncDev.nitrox.devId); +#endif + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxHmacFinal: ret %x, hash %p, hashLen %d\n", + ret, hash, hashLen); +#endif + + ret = NitroxTranslateResponseCode(ret); + if (ret != 0) { + return ret; + } + + hmac->innerHashKeyed = 0; /* tell update to start over if used again */ + + return ret; +} +#endif /* !NO_HMAC */ + +int NitroxRngGenerateBlock(WC_RNG* rng, byte* output, word32 sz) +{ + int ret = 0, cav_ret = 0; + word32 offset = 0; + CavReqId requestId; + const int blockMode = CAVIUM_BLOCKING; + + /* init return codes */ + if (blockMode == CAVIUM_REQ_MODE) + NitroxDevClear(&rng->asyncDev); + + while (sz > 0) { + word32 slen = sz; + if (slen > NITROX_MAX_BUF_LEN) + slen = NITROX_MAX_BUF_LEN; + + #ifdef HAVE_CAVIUM_V + cav_ret = CspTrueRandom(rng->asyncDev.nitrox.devId, blockMode, + DMA_DIRECT_DIRECT, CAVIUM_SSL_GRP, CAVIUM_DPORT, (word16)slen, + output + offset, &requestId); + #else + cav_ret = CspRandom(blockMode, (word16)slen, output + offset, + &requestId, rng->asyncDev.nitrox.devId); + #endif + ret = NitroxTranslateResponseCode(cav_ret); + if (ret != 0) { + break; + } + + sz -= slen; + offset += slen; + } + +#ifdef WOLFSSL_NITROX_DEBUG + printf("NitroxRngGenerateBlock: ret %x (%d), output %p, sz %d\n", + cav_ret, ret, output, offset); +#endif + + return ret; +} + +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#endif /* HAVE_CAVIUM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_octeon_sync.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_octeon_sync.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_octeon_sync.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cavium/cavium_octeon_sync.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cavium_octeon_sync.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cuda/aes-cuda.cu mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cuda/aes-cuda.cu --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cuda/aes-cuda.cu 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cuda/aes-cuda.cu 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes.cu * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ # PSoC6 Hardware Crypto Port for wolfSSL -This directory provides a hardware-accelerated cryptography port for Cypress PSoC6 devices, integrating the PSoC6 hardware crypto block with the wolfSSL cryptography library. The implementation leverages the PSoC6 hardware to accelerate various cryptographic hash and ECC operations, improving performance and reducing CPU load. +This directory provides a hardware-accelerated cryptography port for Cypress PSoC6 devices, integrating the PSoC6 hardware crypto block with the wolfSSL cryptography library. The implementation leverages the PSoC6 hardware to accelerate various cryptographic operations including hash functions, AES encryption/decryption, and ECC verification, improving performance and reducing CPU load. ## Implemented Features @@ -21,68 +21,126 @@ All hash operations are offloaded to the PSoC6 hardware, with mutex protection for thread safety. -### 2. Hardware-Accelerated ECDSA Verification +### 2. Hardware-Accelerated AES Functions + +The following AES cipher modes are implemented using the PSoC6 hardware crypto block: + +- **AES Block Operations** + - Single-block encryption/decryption: `wc_Psoc6_Aes_Encrypt`, `wc_Psoc6_Aes_Decrypt` + - Direct AES operations: `wc_Psoc6_Aes_EncryptDirect`, `wc_Psoc6_Aes_DecryptDirect` (enabled with `WOLFSSL_AES_DIRECT`) + - Supports AES-128, AES-192, and AES-256 key sizes + +- **AES-ECB (Electronic Codebook) Mode** + - Multi-block encryption: `wc_Psoc6_Aes_EcbEncrypt` + - Multi-block decryption: `wc_Psoc6_Aes_EcbDecrypt` + - Enabled with `HAVE_AES_ECB` + +- **AES-CBC (Cipher Block Chaining) Mode** + - Multi-block encryption with IV chaining: `wc_Psoc6_Aes_CbcEncrypt` + - Multi-block decryption with IV chaining: `wc_Psoc6_Aes_CbcDecrypt` + - Automatically enabled with `HAVE_AES_CBC` + +- **AES-CFB (Cipher Feedback) Mode** + - Stream encryption: `wc_Psoc6_Aes_CfbEncrypt` + - Stream decryption: `wc_Psoc6_Aes_CfbDecrypt` + - Enabled with `WOLFSSL_AES_CFB` + +- **AES-GCM (Galois/Counter Mode)** + - Authenticated encryption: `wc_Psoc6_Aes_GcmEncrypt` + - Authenticated decryption with tag verification: `wc_Psoc6_Aes_GcmDecrypt` + - Provides both confidentiality and authenticity + - Enabled with `HAVE_AESGCM` + +All AES operations are offloaded to the PSoC6 hardware with mutex protection for thread safety. +### 3. Hardware-Accelerated ECDSA Verification - **ECDSA Signature Verification** - Function: `psoc6_ecc_verify_hash_ex` - Uses PSoC6 hardware to verify ECDSA signatures for supported curves (up to secp521r1). - Enabled when `HAVE_ECC` is defined. -### 3. Crypto Block Initialization and Resource Management +### 4. Crypto Block Initialization and Resource Management - **Initialization** - Function: `psoc6_crypto_port_init` - Enables the PSoC6 crypto hardware block. - **Resource Cleanup** - - Function: `wc_Psoc6_Sha_Free` - - Clears and synchronizes the hardware register buffer. + - Hash functions: `wc_Psoc6_Sha_Free` — Clears and synchronizes the hardware register buffer + - AES functions: `wc_Psoc6_Aes_Free` — Frees internal AES buffers and state ## Enable Hardware Acceleration -To enable PSoC6 hardware crypto acceleration for hash and ECC algorithms, ensure the following macros are defined: +To enable PSoC6 hardware crypto acceleration, ensure the following macros are defined: + +### Core Macro +- `WOLFSSL_PSOC6_CRYPTO` — Enables the PSoC6 hardware crypto port (required for all features) -- `WOLFSSL_PSOC6_CRYPTO` — Enables the PSoC6 hardware crypto port. +### Hash Function Macros - The following are defined in `psoc6_crypto.h` and control which hardware hash accelerations are available: - - `PSOC6_HASH_SHA1` — Enables SHA-1 hardware acceleration. - - `PSOC6_HASH_SHA2` — Enables SHA-2 family (SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256) hardware acceleration. - - `PSOC6_HASH_SHA3` — Enables SHA-3 family hardware acceleration. -- To enable the corresponding algorithms in wolfSSL, define the following macros as needed (typically in your `wolfssl/wolfcrypt/settings.h` or build system): - - `WOLFSSL_SHA224` — Enable SHA-224 support. - - `WOLFSSL_SHA384` — Enable SHA-384 support. - - `WOLFSSL_SHA512` — Enable SHA-512, SHA-512/224, SHA-512/256 support. - - `WOLFSSL_SHA3` — Enable SHA-3 support. - - `WOLFSSL_SHAKE128`, `WOLFSSL_SHAKE256` — Enable SHAKE support. - - `HAVE_ECC` — Enable ECC and ECDSA support. + - `PSOC6_HASH_SHA1` — Enables SHA-1 hardware acceleration + - `PSOC6_HASH_SHA2` — Enables SHA-2 family hardware acceleration + - `PSOC6_HASH_SHA3` — Enables SHA-3 family hardware acceleration +- To enable the corresponding algorithms in wolfSSL, define these macros (typically in your `wolfssl/wolfcrypt/settings.h` or build system): + - `WOLFSSL_SHA224` — Enable SHA-224 support + - `WOLFSSL_SHA384` — Enable SHA-384 support + - `WOLFSSL_SHA512` — Enable SHA-512, SHA-512/224, SHA-512/256 support + - `WOLFSSL_SHA3` — Enable SHA-3 support + - `WOLFSSL_SHAKE128`, `WOLFSSL_SHAKE256` — Enable SHAKE support + +### AES Function Macros +- AES hardware acceleration is automatically enabled when `NO_AES` is not defined +- To enable specific AES modes, define: + - `HAVE_AES_ECB` — Enable AES-ECB mode + - `HAVE_AES_CBC` — Enable AES-CBC mode (typically enabled by default) + - `HAVE_AES_DECRYPT` — Enable AES decryption functions + - `WOLFSSL_AES_DIRECT` — Enable direct AES block operations + - `WOLFSSL_AES_CFB` — Enable AES-CFB mode + - `HAVE_AESGCM` — Enable AES-GCM authenticated encryption -**Example: Enabling SHA-1, SHA-2, and SHA-3 Hardware Acceleration** +### ECC Function Macros +- `HAVE_ECC` — Enable ECC and ECDSA support + +**Example: Enabling Full Hardware Acceleration** In your build configuration or `wolfssl/wolfcrypt/settings.h`: ```c #define WOLFSSL_PSOC6_CRYPTO + +/* Hash functions */ #define WOLFSSL_SHA224 #define WOLFSSL_SHA384 #define WOLFSSL_SHA512 #define WOLFSSL_SHA3 #define WOLFSSL_SHAKE128 #define WOLFSSL_SHAKE256 + +/* AES cipher modes */ +#define HAVE_AES_ECB +#define HAVE_AES_CBC +#define HAVE_AES_DECRYPT +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_CFB +#define HAVE_AESGCM + +/* ECC */ #define HAVE_ECC ``` -- No need to define `PSOC6_HASH_SHA1`, `PSOC6_HASH_SHA2`, or `PSOC6_HASH_SHA3` yourself; they are defined in `psoc6_crypto.h`. +- Note: `PSOC6_HASH_SHA1`, `PSOC6_HASH_SHA2`, and `PSOC6_HASH_SHA3` are automatically defined in `psoc6_crypto.h`; you don't need to define them explicitly. ## File Overview - `psoc6_crypto.h` Header file declaring the hardware crypto interface and configuration macros. - `psoc6_crypto.c` - Implementation of the hardware-accelerated hash and ECC functions for PSoC6. + Implementation of the hardware-accelerated hash, AES, and ECC functions for PSoC6. ## Integration Notes - The port expects the PSoC6 PDL (Peripheral Driver Library) to be available and included in your project. - The hardware crypto block is initialized on first use; no manual initialization is required unless you wish to call `psoc6_crypto_port_init` directly. -- Hash operations are mutex-protected for thread safety. +- Hash and AES operations are mutex-protected for thread safety. - ECC hardware operations are not mutex-protected; if you use ECC functions from multiple threads, you must provide your own synchronization. -- The implementation is designed to be compatible with the wolfSSL API, so existing code using wolfSSL hash/ECC functions will automatically benefit from hardware acceleration when enabled. +- The implementation is designed to be compatible with the wolfSSL API, so existing code using wolfSSL hash/AES/ECC functions will automatically benefit from hardware acceleration when enabled. --- diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/psoc6_crypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/psoc6_crypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/psoc6_crypto.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/cypress/psoc6_crypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psoc6_crypto.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,16 +36,36 @@ #include #include -#include -#include #include #include +#include +#include #include "cy_crypto_core_hw_v2.h" #include "cy_crypto_core_mem.h" #ifdef HAVE_ECC #include +#endif /* HAVE_ECC */ + +#ifndef NO_AES +#include + +#include "cy_crypto_common.h" +#include "cy_crypto_core_aes.h" +#include "cy_crypto_core_aes_v2.h" +#endif /* NO_AES */ + +#ifndef NO_SHA256 +#include "wolfssl/wolfcrypt/sha256.h" +#endif + +#ifdef WOLFSSL_SHA3 +#include "wolfssl/wolfcrypt/sha3.h" +#endif + +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) +#include "wolfssl/wolfcrypt/sha512.h" #endif #if defined(PSOC6_HASH_SHA3) @@ -188,15 +208,26 @@ * engine. * * No parameters. - * No return value. + * returns 0 on success, error code if mutex lock fails. */ -void wc_Psoc6_Sha_Free(void) +int wc_Psoc6_Sha_Free(void) { - /* Clear the register buffer */ - Cy_Crypto_Core_V2_RBClear(crypto_base); + int ret; - /* Wait until the instruction is complete */ - Cy_Crypto_Core_V2_Sync(crypto_base); + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + /* Clear the register buffer */ + Cy_Crypto_Core_V2_RBClear(crypto_base); + + /* Wait until the instruction is complete */ + Cy_Crypto_Core_V2_Sync(crypto_base); + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + } + + return ret; } /* SHA */ @@ -413,8 +444,8 @@ return wc_InitSha224(sha); } -#endif /* #if !NO_SHA224 */ -#endif /* #if !NO_SHA256 */ +#endif /* WOLFSSL_SHA224 */ +#endif /* !NO_SHA256 */ /* SHA-384 */ #if defined(WOLFSSL_SHA384) @@ -1015,6 +1046,994 @@ #endif /* WOLFSSL_SHA3 && PSOC6_HASH_SHA3 */ +#if defined(PSOC6_CRYPTO_AES) + +/* Convert wolfSSL AES key length to PSoC6 crypto key length enumeration. + * + * This helper function maps standard AES key sizes to the corresponding + * PSoC6 hardware crypto enumeration values. + * + * keyLen AES key length in bytes (16, 24, or 32) + * returns Corresponding PSoC6 key length enumeration value + * - CY_CRYPTO_KEY_AES_128 for 16-byte keys (AES-128) + * - CY_CRYPTO_KEY_AES_192 for 24-byte keys (AES-192) + * - CY_CRYPTO_KEY_AES_256 for 32-byte keys (AES-256) + * - CY_CRYPTO_KEY_AES_128 as safe default (key validation done + * earlier) + */ +static cy_en_crypto_aes_key_length_t psoc6_get_aes_key_length(word32 keyLen) +{ + switch (keyLen) { + case 16: + return CY_CRYPTO_KEY_AES_128; + case 24: + return CY_CRYPTO_KEY_AES_192; + case 32: + return CY_CRYPTO_KEY_AES_256; + default: + /* Safe default - validation done in wc_Psoc6_Aes_SetKey */ + return CY_CRYPTO_KEY_AES_128; + } +} + +/* Initialize AES context with key and optional IV for PSoC6 hardware + * acceleration. + * + * Sets up the AES context structure with the provided key and optional + * initialization vector. This function validates key length, stores key + * information, and prepares the context for subsequent crypto operations. + * The actual hardware key scheduling is performed during encrypt/decrypt calls. + * + * aes Pointer to AES context structure to initialize + * userKey Pointer to AES key buffer (16, 24, or 32 bytes) + * len Key length in bytes (must be 16, 24, or 32) + * iv Pointer to initialization vector (AES_BLOCK_SIZE bytes, optional) + * dir Encryption direction (currently unused, direction handled + * per-operation) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters + * + * Note: This function only stores the key and IV in the wolfSSL context. + * Hardware initialization occurs during actual crypto operations. + */ +int wc_Psoc6_Aes_SetKey(Aes* aes, const byte* userKey, word32 len, + const byte* iv, int dir) +{ + int ret = 0; + + if (aes == NULL || userKey == NULL) { + return BAD_FUNC_ARG; + } + + /* Validate key length */ + if (len != 16 && len != 24 && len != 32) { + return BAD_FUNC_ARG; + } + + /* Store key information in wolfSSL structure */ + aes->keylen = len; + aes->rounds = len / 4 + 6; + +#if defined(WOLFSSL_AES_CFB) + aes->left = 0; +#endif + + XMEMCPY(aes->key, userKey, len); + + /* Store IV if provided */ + if (iv != NULL) { + XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); + } + + (void)dir; /* Direction is handled per-operation */ + + return ret; +} + +/* Free the internal AES buffers used by PSOC6 CRYPTO block. + * + * This function clears the internal AES buffers allocated + * in the AES context. It is called after encryption/decryption operations + * to ensure sensitive data is not left in memory. + * + * aes Pointer to initialized AES context + * + * Note: Thread safety is implemented in the functions it is called, so no + * need to lock the mutex again here. + */ +void wc_Psoc6_Aes_Free(Aes* aes) +{ + /* Only aes_buffers are cleared here. aes_state is cleared in wc_AesFree() + */ + if (aes->aes_state.buffers != NULL) { + Cy_Crypto_Core_V2_MemSet( + crypto_base, (void*)aes->aes_state.buffers, 0u, + ((uint16_t)sizeof(cy_stc_crypto_aes_buffers_t))); + } + +#ifdef HAVE_AESGCM + /* No need to clear the buffers again if internal buffers are not + * initialized */ + if (aes->aes_gcm_state.aes_buffer != NULL) { + Cy_Crypto_Core_Aes_GCM_Free(crypto_base, &aes->aes_gcm_state); + } +#endif /* HAVE_AESGCM */ +} + +/* Encrypt a single AES block using PSoC6 hardware acceleration. + * + * Performs AES encryption on exactly one block (16 bytes) of data using + * the PSoC6 crypto hardware in ECB mode. The function initializes the + * hardware with the key from the AES context, performs the encryption, + * and cleans up resources. + * + * aes Pointer to initialized AES context containing key + * in Pointer to input plaintext block (exactly AES_BLOCK_SIZE bytes) + * out Pointer to output ciphertext buffer (exactly AES_BLOCK_SIZE bytes) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters, WC_HW_E for + * hardware errors, or mutex error codes + */ +int wc_Psoc6_Aes_Encrypt(Aes* aes, const byte* in, byte* out) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Encrypt single block using ECB mode */ + status = Cy_Crypto_Core_Aes_Ecb(crypto_base, CY_CRYPTO_ENCRYPT, out, in, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#ifdef WOLFSSL_AES_DIRECT +/* Direct AES encryption wrapper with parameter order compatibility. + * + * Provides parameter order compatibility with wolfSSL's direct AES interface. + * This is a simple wrapper around wc_Psoc6_Aes_Encrypt that reorders parameters + * to match the expected direct encryption API. + * + * aes Pointer to initialized AES context containing key + * out Pointer to output ciphertext buffer (exactly AES_BLOCK_SIZE bytes) + * in Pointer to input plaintext block (exactly AES_BLOCK_SIZE bytes) + * + * returns 0 on success, or error codes from wc_Psoc6_Aes_Encrypt + */ +int wc_Psoc6_Aes_EncryptDirect(Aes* aes, byte* out, const byte* in) +{ + return wc_Psoc6_Aes_Encrypt(aes, in, out); +} +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef HAVE_AES_DECRYPT +/* Decrypt a single AES block using PSoC6 hardware acceleration. + * + * Performs AES decryption on exactly one block (16 bytes) of data using + * the PSoC6 crypto hardware in ECB mode. The function initializes the + * hardware with the key from the AES context, performs the decryption, + * and cleans up resources. + * + * aes Pointer to initialized AES context containing key + * in Pointer to input ciphertext block (exactly AES_BLOCK_SIZE bytes) + * out Pointer to output plaintext buffer (exactly AES_BLOCK_SIZE bytes) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters, WC_HW_E for + * hardware errors, or mutex error codes + */ +int wc_Psoc6_Aes_Decrypt(Aes* aes, const byte* in, byte* out) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Decrypt single block using ECB mode */ + status = Cy_Crypto_Core_Aes_Ecb(crypto_base, CY_CRYPTO_DECRYPT, out, in, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#ifdef WOLFSSL_AES_DIRECT +/* Direct AES decryption wrapper with parameter order compatibility. + * + * Provides parameter order compatibility with wolfSSL's direct AES interface. + * This is a simple wrapper around wc_Psoc6_Aes_Decrypt that reorders parameters + * to match the expected direct decryption API. + * + * aes Pointer to initialized AES context containing key + * out Pointer to output plaintext buffer (exactly AES_BLOCK_SIZE bytes) + * in Pointer to input ciphertext block (exactly AES_BLOCK_SIZE bytes) + * + * returns 0 on success, or error codes from wc_Psoc6_Aes_Decrypt + */ +int wc_Psoc6_Aes_DecryptDirect(Aes* aes, byte* out, const byte* in) +{ + return wc_Psoc6_Aes_Decrypt(aes, in, out); +} +#endif /* WOLFSSL_AES_DIRECT */ +#endif /* HAVE_AES_DECRYPT */ + +#if defined(HAVE_AES_ECB) +/* Encrypt multiple blocks using AES-ECB mode with PSoC6 hardware. + * + * Performs AES encryption on multiple blocks of data using Electronic + * Codebook (ECB) mode. Each block is encrypted independently using the + * same key. The input size must be a multiple of AES_BLOCK_SIZE. + * + * aes Pointer to initialized AES context containing key + * out Pointer to output ciphertext buffer (sz bytes) + * in Pointer to input plaintext buffer (sz bytes) + * sz Size of data in bytes (must be multiple of AES_BLOCK_SIZE) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters (including + * non-block-aligned sizes), WC_HW_E for hardware errors, or + * mutex error codes + */ +int wc_Psoc6_Aes_EcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + if (sz % AES_BLOCK_SIZE != 0) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state once for all blocks */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + Cy_Crypto_Core_V2_Aes_LoadEncKey(crypto_base, &aes->aes_state); + Cy_Crypto_Core_V2_FFContinue(crypto_base, CY_CRYPTO_V2_RB_FF_LOAD0, in, sz); + Cy_Crypto_Core_V2_FFStart(crypto_base, CY_CRYPTO_V2_RB_FF_STORE, out, sz); + + for (; sz > 0; sz -= CY_CRYPTO_AES_BLOCK_SIZE) { + Cy_Crypto_Core_V2_BlockMov(crypto_base, CY_CRYPTO_V2_RB_BLOCK0, + CY_CRYPTO_V2_RB_FF_LOAD0, + CY_CRYPTO_AES_BLOCK_SIZE); + Cy_Crypto_Core_V2_RunAes(crypto_base); + + Cy_Crypto_Core_V2_BlockMov(crypto_base, CY_CRYPTO_V2_RB_FF_STORE, + CY_CRYPTO_V2_RB_BLOCK1, + CY_CRYPTO_AES_BLOCK_SIZE); + } + + Cy_Crypto_Core_WaitForReady(crypto_base); + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt multiple blocks using AES-ECB mode with PSoC6 hardware. + * + * Performs AES decryption on multiple blocks of data using Electronic + * Codebook (ECB) mode. Each block is decrypted independently using the + * same key. The input size must be a multiple of AES_BLOCK_SIZE. + * + * aes Pointer to initialized AES context containing key + * out Pointer to output plaintext buffer (sz bytes) + * in Pointer to input ciphertext buffer (sz bytes) + * sz Size of data in bytes (must be multiple of AES_BLOCK_SIZE) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters (including + * non-block-aligned sizes), WC_HW_E for hardware errors, or + * mutex error codes + */ +int wc_Psoc6_Aes_EcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + if (sz % AES_BLOCK_SIZE != 0) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state once for all blocks */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + Cy_Crypto_Core_V2_Aes_LoadDecKey(crypto_base, &aes->aes_state); + Cy_Crypto_Core_V2_FFContinue(crypto_base, CY_CRYPTO_V2_RB_FF_LOAD0, in, sz); + Cy_Crypto_Core_V2_FFStart(crypto_base, CY_CRYPTO_V2_RB_FF_STORE, out, sz); + + for (; sz > 0; sz -= CY_CRYPTO_AES_BLOCK_SIZE) { + Cy_Crypto_Core_V2_BlockMov(crypto_base, CY_CRYPTO_V2_RB_BLOCK0, + CY_CRYPTO_V2_RB_FF_LOAD0, + CY_CRYPTO_AES_BLOCK_SIZE); + Cy_Crypto_Core_V2_RunAesInv(crypto_base); + + Cy_Crypto_Core_V2_BlockMov(crypto_base, CY_CRYPTO_V2_RB_FF_STORE, + CY_CRYPTO_V2_RB_BLOCK1, + CY_CRYPTO_AES_BLOCK_SIZE); + } + + Cy_Crypto_Core_WaitForReady(crypto_base); + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_ECB */ + +/* AES CBC */ +#ifdef HAVE_AES_CBC +/* Encrypt multiple blocks using AES-CBC mode with PSoC6 hardware. + * + * Performs AES encryption using Cipher Block Chaining (CBC) mode where + * each plaintext block is XORed with the previous ciphertext block before + * encryption. The initialization vector (IV) from the AES context is used + * for the first block and updated during the operation. + * + * aes Pointer to initialized AES context containing key and IV + * out Pointer to output ciphertext buffer (sz bytes) + * in Pointer to input plaintext buffer (sz bytes) + * sz Size of data in bytes (must be multiple of AES_BLOCK_SIZE) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters (including + * non-block-aligned sizes), WC_HW_E for hardware errors, or + * mutex error codes + */ +int wc_Psoc6_Aes_CbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + if (sz % AES_BLOCK_SIZE != 0) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + status = + Cy_Crypto_Core_Aes_Cbc(crypto_base, CY_CRYPTO_ENCRYPT, sz, + (uint8_t*)aes->reg, out, in, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt multiple blocks using AES-CBC mode with PSoC6 hardware. + * + * Performs AES decryption using Cipher Block Chaining (CBC) mode where + * each ciphertext block is decrypted and XORed with the previous ciphertext + * block. The initialization vector (IV) from the AES context is used for + * the first block and updated during the operation. + * + * aes Pointer to initialized AES context containing key and IV + * out Pointer to output plaintext buffer (sz bytes) + * in Pointer to input ciphertext buffer (sz bytes) + * sz Size of data in bytes (must be multiple of AES_BLOCK_SIZE) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters (including + * non-block-aligned sizes), WC_HW_E for hardware errors, or + * mutex error codes + */ +int wc_Psoc6_Aes_CbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + if (sz % AES_BLOCK_SIZE != 0) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + status = + Cy_Crypto_Core_Aes_Cbc(crypto_base, CY_CRYPTO_DECRYPT, sz, + (uint8_t*)aes->reg, out, in, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ + +/* AES CFB */ +#ifdef WOLFSSL_AES_CFB +/* Encrypt data using AES-CFB mode with PSoC6 hardware acceleration. + * + * Performs AES encryption using Cipher Feedback (CFB) mode, which operates + * as a stream cipher. CFB can handle data that is not block-aligned and + * maintains state between calls for streaming operations. The IV and + * partial block state are managed automatically. + * + * aes Pointer to initialized AES context containing key, IV, and state + * out Pointer to output ciphertext buffer (sz bytes) + * in Pointer to input plaintext buffer (sz bytes) + * sz Size of data in bytes (can be any length, not limited to block size) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters, WC_HW_E for + * hardware errors, or mutex error codes + */ +int wc_Psoc6_Aes_CfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Setup CFB mode */ + status = Cy_Crypto_Core_Aes_Cfb_Setup(crypto_base, CY_CRYPTO_ENCRYPT, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Set IV */ + status = Cy_Crypto_Core_Aes_Cfb_Set_IV(crypto_base, (uint8_t*)aes->reg, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Copy the unprocessed bytes */ + aes->aes_state.unProcessedBytes = aes->left; + XMEMCPY(aes->aes_state.buffers->unProcessedData, aes->tmp, AES_BLOCK_SIZE); + + /* Update operation */ + status = Cy_Crypto_Core_Aes_Cfb_Update(crypto_base, sz, out, in, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Finish operation */ + status = Cy_Crypto_Core_Aes_Cfb_Finish(crypto_base, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Copy the updated IV into the AES context */ + XMEMCPY(aes->reg, aes->aes_state.buffers->iv, AES_BLOCK_SIZE); + + /* Copy the number of bytes processed in the current block */ + aes->left = aes->aes_state.unProcessedBytes; + XMEMCPY(aes->tmp, aes->aes_state.buffers->unProcessedData, AES_BLOCK_SIZE); + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#ifdef HAVE_AES_DECRYPT +/* Decrypt data using AES-CFB mode with PSoC6 hardware acceleration. + * + * Performs AES decryption using Cipher Feedback (CFB) mode, which operates + * as a stream cipher. CFB can handle data that is not block-aligned and + * maintains state between calls for streaming operations. The IV and + * partial block state are managed automatically. + * + * aes Pointer to initialized AES context containing key, IV, and state + * out Pointer to output plaintext buffer (sz bytes) + * in Pointer to input ciphertext buffer (sz bytes) + * sz Size of data in bytes (can be any length, not limited to block size) + * + * returns 0 on success, BAD_FUNC_ARG for invalid parameters, WC_HW_E for + * hardware errors, or mutex error codes + */ +int wc_Psoc6_Aes_CfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + if (aes == NULL || in == NULL || out == NULL) { + return BAD_FUNC_ARG; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + /* Initialize AES state with key */ + status = Cy_Crypto_Core_Aes_Init(crypto_base, (const uint8_t*)aes->key, + keyLength, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Setup CFB mode */ + status = Cy_Crypto_Core_Aes_Cfb_Setup(crypto_base, CY_CRYPTO_DECRYPT, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Set IV */ + status = Cy_Crypto_Core_Aes_Cfb_Set_IV(crypto_base, (uint8_t*)aes->reg, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Copy the unprocessed bytes */ + aes->aes_state.unProcessedBytes = aes->left; + XMEMCPY(aes->aes_state.buffers->unProcessedData, aes->tmp, AES_BLOCK_SIZE); + + /* Update operation */ + status = Cy_Crypto_Core_Aes_Cfb_Update(crypto_base, sz, out, in, + &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Finish operation */ + status = Cy_Crypto_Core_Aes_Cfb_Finish(crypto_base, &aes->aes_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Copy the updated IV into the AES context */ + XMEMCPY(aes->reg, aes->aes_state.buffers->iv, AES_BLOCK_SIZE); + + /* Copy the number of bytes processed in the current block */ + aes->left = aes->aes_state.unProcessedBytes; + XMEMCPY(aes->tmp, aes->aes_state.buffers->unProcessedData, AES_BLOCK_SIZE); + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_CFB */ + +/* AES GCM */ +#ifdef HAVE_AESGCM + +/* Perform authenticated AES-GCM encryption using PSoC6 hardware. + * + * Encrypts plaintext data and generates an authentication tag using + * AES-GCM (Galois/Counter Mode). This mode provides both confidentiality + * and authenticity in a single operation, making it ideal for secure + * communications. + * + * aes Pointer to initialized AES-GCM context (key must be set) + * out Pointer to output ciphertext buffer (sz bytes, can be NULL if + * sz=0) in Pointer to input plaintext buffer (sz bytes, can be NULL if + * sz=0) sz Size of plaintext/ciphertext data in bytes iv Pointer to + * initialization vector/nonce buffer ivSz Size of IV in bytes + * (recommended: 12 bytes for GCM) authTag Pointer to output authentication + * tag buffer (authTagSz bytes) authTagSz Size of authentication tag (typically + * 12 or 16 bytes) authIn Pointer to additional authenticated data (AAD), + * can be NULL authInSz Size of AAD in bytes (0 if no AAD) + * + * returns 0 on success WC_HW_E for hardware errors, or mutex error codes + */ +int wc_Psoc6_Aes_GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, byte* authTag, + word32 authTagSz, const byte* authIn, + word32 authInSz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + int aesInited = 0; + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Initialize AES GCM state */ + cy_stc_crypto_aes_gcm_buffers_t* aesBuffers = + (cy_stc_crypto_aes_gcm_buffers_t*)(( + void*)Cy_Crypto_Core_GetVuMemoryAddress(crypto_base)); + status = Cy_Crypto_Core_Aes_GCM_Init(crypto_base, aesBuffers, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Set the key */ + status = Cy_Crypto_Core_Aes_GCM_SetKey(crypto_base, (uint8_t*)aes->key, + keyLength, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Start GCM operation */ + status = Cy_Crypto_Core_Aes_GCM_Start(crypto_base, CY_CRYPTO_ENCRYPT, iv, + ivSz, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Process AAD if present */ + if (authIn != NULL && authInSz > 0) { + status = Cy_Crypto_Core_Aes_GCM_AAD_Update( + crypto_base, (uint8_t*)authIn, authInSz, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + } + + /* Encrypt data if present */ + if (sz > 0) { + status = Cy_Crypto_Core_Aes_GCM_Update(crypto_base, in, sz, out, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + } + + /* Finalize and get tag */ + status = Cy_Crypto_Core_Aes_GCM_Finish(crypto_base, authTag, authTagSz, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} + +#if defined(HAVE_AES_DECRYPT) || defined(HAVE_AESGCM_DECRYPT) +/* Perform authenticated AES-GCM decryption using PSoC6 hardware. + * + * Decrypts ciphertext data and verifies the authentication tag using + * AES-GCM (Galois/Counter Mode). The authentication tag is verified + * before returning the plaintext to ensure data authenticity and integrity. + * + * aes Pointer to initialized AES-GCM context (key must be set) + * out Pointer to output plaintext buffer (sz bytes, can be NULL if sz=0) + * in Pointer to input ciphertext buffer (sz bytes, can be NULL if sz=0) + * sz Size of ciphertext/plaintext data in bytes + * iv Pointer to initialization vector/nonce buffer (same as encryption) + * ivSz Size of IV in bytes (must match encryption) + * authTag Pointer to authentication tag from encryption (authTagSz bytes) + * authTagSz Size of authentication tag (must match encryption) + * authIn Pointer to additional authenticated data (AAD), can be NULL + * authInSz Size of AAD in bytes (must match encryption, 0 if no AAD) + * + * returns 0 on success and valid authentication, AES_GCM_AUTH_E for + * authentication failure (tag mismatch), WC_HW_E for hardware errors, or mutex + * error codes + */ +int wc_Psoc6_Aes_GcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, + const byte* iv, word32 ivSz, const byte* authTag, + word32 authTagSz, const byte* authIn, + word32 authInSz) +{ + int ret = 0; + cy_en_crypto_status_t status; + cy_en_crypto_aes_key_length_t keyLength; + byte computedTag[AES_BLOCK_SIZE]; + int aesInited = 0; + + /* Lock the mutex to perform crypto operations */ + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + keyLength = psoc6_get_aes_key_length(aes->keylen); + + /* Initialize AES GCM state */ + cy_stc_crypto_aes_gcm_buffers_t* aesBuffers = + (cy_stc_crypto_aes_gcm_buffers_t*)(( + void*)Cy_Crypto_Core_GetVuMemoryAddress(crypto_base)); + status = Cy_Crypto_Core_Aes_GCM_Init(crypto_base, aesBuffers, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + aesInited = 1; + + /* Set the key */ + status = Cy_Crypto_Core_Aes_GCM_SetKey(crypto_base, (uint8_t*)aes->key, + keyLength, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Start GCM operation */ + status = Cy_Crypto_Core_Aes_GCM_Start(crypto_base, CY_CRYPTO_DECRYPT, iv, + ivSz, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Process AAD if present */ + if (authIn != NULL && authInSz > 0) { + status = Cy_Crypto_Core_Aes_GCM_AAD_Update( + crypto_base, (uint8_t*)authIn, authInSz, &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + } + + /* Decrypt data if present */ + if (sz > 0) { + status = Cy_Crypto_Core_Aes_GCM_Update(crypto_base, in, sz, out, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + } + + /* Finalize and get computed tag */ + status = Cy_Crypto_Core_Aes_GCM_Finish(crypto_base, computedTag, authTagSz, + &aes->aes_gcm_state); + if (status != CY_CRYPTO_SUCCESS) { + ret = WC_HW_E; + goto cleanup; + } + + /* Verify tag */ + if (ConstantCompare(computedTag, authTag, authTagSz) != 0) { + ret = AES_GCM_AUTH_E; + goto cleanup; + } + +cleanup: + if (aesInited) { + wc_Psoc6_Aes_Free(aes); + } + + /* Release the lock */ + wolfSSL_CryptHwMutexUnLock(); + return ret; +} +#endif /* HAVE_AES_DECRYPT || HAVE_AESGCM_DECRYPT */ +#endif /* HAVE_AESGCM */ +#endif /* PSOC6_CRYPTO_AES */ + /* ECDSA */ #ifdef HAVE_ECC @@ -1162,4 +2181,4 @@ } #endif /* HAVE_ECC */ -#endif /* defined(WOLFSSL_PSOC6_CRYPTO) */ +#endif /* WOLFSSL_PSOC6_CRYPTO */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,8 +44,11 @@ return BAD_FUNC_ARG; } - /* encrypt only up to AES block size of date */ + /* encrypt only up to AES block size of data */ sz = sz - (sz % WC_AES_BLOCK_SIZE); + if (sz == 0) { + return 0; + } if (aes->ctx.cfd == -1) { ret = wc_DevCryptoCreate(&aes->ctx, CRYPTO_AES_CBC, (byte*)aes->devKey, aes->keylen); @@ -74,6 +77,9 @@ if (aes == NULL || out == NULL || in == NULL || sz % WC_AES_BLOCK_SIZE != 0) { return BAD_FUNC_ARG; } + if (sz == 0) { + return 0; + } XMEMCPY(aes->tmp, in + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); if (aes->ctx.cfd == -1) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_ecdsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_ecdsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -228,6 +228,7 @@ ret = wc_DevCryptoCreate(&ctx, CRYPTO_ASYM_ECDSA_VERIFY, NULL, 0); } if (ret == 0) { + XMEMSET(&kop, 0, sizeof(kop)); kop.crk_op = CRK_ECDSA_VERIFY; kop.ses = ctx.sess.ses; kop.crk_flags = CurveIDToFlag(curveId); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_hmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_hmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,14 +66,15 @@ WC_CRYPTODEV* dev; struct crypt_op crt; + if (hmac == NULL) { + return BAD_FUNC_ARG; + } + if (inputSz == 0) { return 0; } - if ((dev = &hmac->ctx) == NULL) { - WOLFSSL_MSG("Unsupported hash type"); - return BAD_FUNC_ARG; - } + dev = &hmac->ctx; wc_SetupCrypt(&crt, dev, (byte*)input, inputSz, NULL, NULL, COP_FLAG_UPDATE, COP_ENCRYPT); @@ -91,11 +92,12 @@ WC_CRYPTODEV* dev; struct crypt_op crt; - if ((dev = &hmac->ctx) == NULL) { - WOLFSSL_MSG("Unsupported hash type"); + if (hmac == NULL || out == NULL) { return BAD_FUNC_ARG; } + dev = &hmac->ctx; + wc_SetupCrypt(&crt, dev, NULL, 0, NULL, out, COP_FLAG_FINAL, COP_ENCRYPT); if (ioctl(dev->cfd, CIOCCRYPT, &crt)) { WOLFSSL_MSG("Error with call to ioctl"); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -156,9 +156,10 @@ byte* u = NULL; byte* n = NULL; word32 dSz, pSz, qSz, dpSz = 0, dqSz = 0, uSz = 0, nSz; + word32 dAllocSz; dev = &key->ctx; - dSz = nSz = wc_RsaEncryptSize(key); + dAllocSz = dSz = nSz = wc_RsaEncryptSize(key); pSz = qSz = nSz / 2; if (outlen < dSz) { WOLFSSL_MSG("Output buffer is too small"); @@ -196,7 +197,7 @@ if (!key->blackKey) { /* @TODO unexpected results with black key CRT form */ if (ret == 0 && dpSz > 0) { dSz = 0; nSz = 0; - dq = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + dq = (byte*)XMALLOC(dqSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); dp = (byte*)XMALLOC(dpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); u = (byte*)XMALLOC(uSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (dq == NULL || dp == NULL || u == NULL) { @@ -237,12 +238,12 @@ } } - XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (d) { ForceZero(d, dAllocSz); XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (p) { ForceZero(p, pSz); XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (q) { ForceZero(q, qSz); XFREE(q, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (dp) { ForceZero(dp, dpSz); XFREE(dp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (dq) { ForceZero(dq, dqSz); XFREE(dq, NULL, DYNAMIC_TYPE_TMP_BUFFER); } + if (u) { ForceZero(u, uSz); XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); } XFREE(n, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_DevCryptoFree(dev); @@ -540,13 +541,13 @@ #endif } - XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (p) { ForceZero(p, pSz); XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } + if (q) { ForceZero(q, qSz); XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } + if (dp) { ForceZero(dp, dpSz); XFREE(dp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } + if (dq) { ForceZero(dq, dqSz); XFREE(dq, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } + if (c) { ForceZero(c, cSz); XFREE(c, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } XFREE(n, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (d) { ForceZero(d, dSz); XFREE(d, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } (void)rng; return ret; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/devcrypto_x25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* devcrypto_x25519.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/wc_devcrypto.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/wc_devcrypto.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/wc_devcrypto.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/devcrypto/wc_devcrypto.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_devcrypto.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,3 +1,411 @@ # Intel QuickAssist Adapter Asynchronous Support -Please contact wolfSSL at info@wolfssl.com to request an evaluation. +The wolfSSL / wolfCrypt libraries support hardware crypto acceleration using the Intel QuickAssist adapter. This software has been tested using the Intel DH8970 and DH8950 QuickAssist adapters. + +## Overview + +Support has been added for wolfCrypt for RSA public/private (CRT/non-CRT), AES CBC/GCM, ECDH/ECDSA, DH, DES3, SHA, SHA224, SHA256, SHA384, SHA512, MD5 and HMAC. RSA padding is done via software. The wolfCrypt tests and benchmarks have asynchronous support. The wolfCrypt benchmark tool support multi-threading. The wolfSSL SSL/TLS async support has been extended to include all PKI, Encryption/Decryption and hashing/HMAC. An async hardware simulator has been added to test the asynchronous support without hardware. + +The Intel QuickAssist port files are located in `wolfcrypt/src/port/intel/quickassist.c` and `wolfssl/wolfcrypt/port/intel/quickassist.h`. The QuickAssist memory handling for NUMA and normal malloc is in `wolfcrypt/src/port/intel/quickassist_mem.c`. + +The asynchronous crypto files are located at `wolfcrypt/src/async.c` and `wolfssl/wolfcrypt/async.h`. These files are not in the public repository. Please contact info@wolfssl.com if interested in our asynchronous support to request an evaluation. + + +## Building + +1. Download Driver: The latest driver for QAT can be found here: https://www.intel.com/content/www/us/en/download/19734 + +2. Notes: + +* If you have the older driver installed you may need to remove it or unload the module and reboot. +* If you are using the QAT hardware hashing, you may need to disable the params checking, which doesn't support a last partial with 0 length source input. Code runs and works, but parameter checking will fail. +Use `./configure --disable-param-check && sudo make install` +* If you want to use legacy algorithms like RSA 1024 bit then Use `./configure --enable-legacy-algorithms` +* Recommend not using `make -j` due to synchronization issues on dependencies. + +3. Setup `QAT` and `wolfssl` next to each other in the same folder. + +4. Build QAT Driver + +Prerequisites Ubuntu: +`sudo apt-get install libudev-dev pciutils-dev g++ pkg-config libssl-dev` +OR +Prerequisites CentOS: +`sudo yum install pciutils libudev-devel kernel-devel-$(uname -r) gcc openssl-devel` + +```sh +mkdir QAT +cd QAT +tar -zxof QAT.L.4.23.0-00001.tar.gz +./configure +sudo make install +... +There is 3 QAT acceleration device(s) in the system: + qat_dev0 - type: c6xx, inst_id: 0, node_id: 1, bsf: 0000:84:00.0, #accel: 5 #engines: 10 state: up + qat_dev1 - type: c6xx, inst_id: 1, node_id: 1, bsf: 0000:85:00.0, #accel: 5 #engines: 10 state: up + qat_dev2 - type: c6xx, inst_id: 2, node_id: 1, bsf: 0000:86:00.0, #accel: 5 #engines: 10 state: up +``` + +```sh +$ lspci -d 8086: | grep QuickAssist +84:00.0 Co-processor: Intel Corporation C62x Chipset QuickAssist Technology (rev 04) +85:00.0 Co-processor: Intel Corporation C62x Chipset QuickAssist Technology (rev 04) +86:00.0 Co-processor: Intel Corporation C62x Chipset QuickAssist Technology (rev 04) +``` + +5. Build wolfSSL: + +```sh +cd ../wolfssl +./configure --with-intelqa=../QAT --enable-asynccrypt +make +``` + + +## Usage + +Running wolfCrypt test and benchmark must be done with `sudo` to allow hardware access. By default the QuickAssist code uses the "SSL" process name via `QAT_PROCESS_NAME` in quickassist.h to match up to the hardware configuration. + +Note: `sudo make check` will fail since default QAT configuration doesn't allow multiple concurrent processes to use hardware. You can run each of the make check scripts individually with sudo. The hardware configuration can be customized by editing the `QAT/build/dh895xcc_qa_dev0.conf` file to allow multiple processes. + +Here are some build options for tuning your use: + +1. `QAT_USE_POLLING_CHECK`: Enables polling check to ensure only one poll per crypto instance. +2. `WC_ASYNC_THREAD_BIND`: Enables binding of thread to crypto hardware instance. +3. `WOLFSSL_DEBUG_MEMORY_PRINT`: Enables verbose malloc/free printing. This option is used along with `WOLFSSL_DEBUG_MEMORY` and `WOLFSSL_TRACK_MEMORY`. +4. `WC_ASYNC_THRESH_NONE`: Disables the default thresholds for determining if software AES/DES3 is used. Otherwise you can define `WC_ASYNC_THRESH_AES_CBC`, `WC_ASYNC_THRESH_AES_GCM` and `WC_ASYNC_THRESH_DES3_CBC` with your own values. The defaults are AES CBC: 1024, AES GCM 128, DES3 1024. If the symmetric operation is over this size it will use QAT hardware. Otherwise software. +5. `WC_ASYNC_NO_CRYPT`: When defined with disable QAT use for AES/DES3. +6. `WC_ASYNC_NO_HASH`: When defined disables the QAT for hashing (MD5,SHA,SHA256,SHA512). +7. `WC_ASYNC_NO_RNG`: When defined disables the QAT DRBG (default for QAT v1.7) +8. `WC_NO_ASYNC_THREADING`: Disables the thread affinity code for optionally linking a thread to a specific QAT instance. To use this feature you must also define `WC_ASYNC_THREAD_BIND`. +9. `WC_ASYNC_BENCH_THREAD_COUNT`: Use specific number of threads for benchmarking. +10. `QAT_HASH_ENABLE_PARTIAL`: Enables partial hashing support, which allows sending blocks to hardware prior to final. Otherwise all hash updates are cached. + +The QuickAssist v1.6 driver uses its own memory management system in `quickassist_mem.c`. This can be tuned using the following defines: + +1. `USE_QAE_STATIC_MEM`: Uses a global pool for the list of allocations. This improves performance, but consumes extra up front memory. The pre-allocation size can be tuned using `QAE_USER_MEM_MAX_COUNT`. +2. `USE_QAE_THREAD_LS` : Uses thread-local-storage and removes the mutex. Can improve performance in multi-threaded environment, but does use extra memory. + +For QuickAssist v1.7 or later the newer usdm memory driver is used directly. + +### Recommended wolfSSL Build Options + +```sh +$ ./configure --with-intelqa=../QAT --enable-asynccrypt \ + --enable-aesni --enable-intelasm \ + --enable-sp --enable-sp-asm \ + CFLAGS="-DWC_ASYNC_NO_HASH" +``` + +* `--with-intelqa=../QAT`: Enables the Intel QuickAssist mode. +* `--enable-asynccrypt`: Enables asynchronous cryptography mode. +* `--enable-aesni`: Enables the Intel AES-NI assembly speedups. +* `--enable-intelasm`: Enables the Intel ASM (AVX/AVX2) speedups. +* `--enable-sp`: Enable Single Precision math to speedup standard key sizes and curves. +* `--enable-sp-asm`: Enable Single Precision assembly speedups. +* `WC_ASYNC_NO_HASH`: Disable the QAT hashing and use Intel AVX accelerated software hashing. Overhead for using QAT hashing is not yet well tuned. + + +### wolfCrypt Test with QAT +``` +sudo ./wolfcrypt/test/testwolfcrypt +IntelQA: Instances 2 +... +RSA test passed! +``` + +### wolfCrypt Benchmark with QAT 8970 (multi-threaded) + +Multiple concurrent threads will be started based on the number of CPU's available. If you want to exclude the software benchmarks use `./configure CFLAGS="-DNO_SW_BENCH"`. + +``` +Intel QuickAssist DH8950 on Intel(R) Xeon(R) CPU E5-2678 v3 @ 2.50GHz: + +Recommended wolfSSL build options when benchmarking. +$ ./configure --enable-sp --enable-sp-asm --enable-aesni --enable-intelasm --enable-intelrand --enable-keygen --enable-sha3 --enable-asynccrypt --with-intelqa=../QAT CFLAGS="-DWC_ASYNC_THRESH_NONE -DQAT_MAX_PENDING=40 -DWC_ASYNC_BENCH_THREAD_COUNT=2" +$ make + +$ sudo ./wolfcrypt/benchmark/benchmark -rsa_sign -base10 -threads 2 -print +------------------------------------------------------------------------------ + wolfSSL version 4.5.0 +------------------------------------------------------------------------------ +IntelQA: Instances 18 +wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) +CPUs: 2 +RNG SW 79 mB took 1.030 seconds, 76.388 mB/s Cycles per byte = 32.65 +RNG SW 79 mB took 1.042 seconds, 75.456 mB/s Cycles per byte = 33.05 +AES-128-CBC-enc SW 729 mB took 1.006 seconds, 724.266 mB/s Cycles per byte = 3.44 +AES-128-CBC-enc SW 729 mB took 1.007 seconds, 723.825 mB/s Cycles per byte = 3.45 +AES-128-CBC-dec SW 5185 mB took 1.000 seconds, 5184.260 mB/s Cycles per byte = 0.48 +AES-128-CBC-dec SW 5190 mB took 1.000 seconds, 5189.351 mB/s Cycles per byte = 0.48 +AES-192-CBC-enc SW 608 mB took 1.003 seconds, 606.175 mB/s Cycles per byte = 4.11 +AES-192-CBC-enc SW 608 mB took 1.004 seconds, 605.855 mB/s Cycles per byte = 4.12 +AES-192-CBC-dec SW 4325 mB took 1.000 seconds, 4325.333 mB/s Cycles per byte = 0.58 +AES-192-CBC-dec SW 4331 mB took 1.001 seconds, 4325.809 mB/s Cycles per byte = 0.58 +AES-256-CBC-enc SW 524 mB took 1.005 seconds, 521.465 mB/s Cycles per byte = 4.78 +AES-256-CBC-enc SW 524 mB took 1.006 seconds, 521.190 mB/s Cycles per byte = 4.79 +AES-256-CBC-dec SW 3707 mB took 1.000 seconds, 3705.767 mB/s Cycles per byte = 0.67 +AES-256-CBC-dec SW 3707 mB took 1.001 seconds, 3703.024 mB/s Cycles per byte = 0.67 +AES-128-CBC-enc HW 2443 mB took 1.000 seconds, 2442.819 mB/s Cycles per byte = 1.02 +AES-128-CBC-enc HW 2443 mB took 1.000 seconds, 2442.770 mB/s Cycles per byte = 1.02 +AES-128-CBC-dec HW 2380 mB took 1.001 seconds, 2378.716 mB/s Cycles per byte = 1.05 +AES-128-CBC-dec HW 2380 mB took 1.001 seconds, 2378.657 mB/s Cycles per byte = 1.05 +AES-192-CBC-enc HW 2365 mB took 1.002 seconds, 2359.520 mB/s Cycles per byte = 1.06 +AES-192-CBC-enc HW 2365 mB took 1.002 seconds, 2359.471 mB/s Cycles per byte = 1.06 +AES-192-CBC-dec HW 2417 mB took 1.002 seconds, 2411.874 mB/s Cycles per byte = 1.03 +AES-192-CBC-dec HW 2417 mB took 1.002 seconds, 2411.831 mB/s Cycles per byte = 1.03 +AES-256-CBC-enc HW 2223 mB took 1.001 seconds, 2221.082 mB/s Cycles per byte = 1.12 +AES-256-CBC-enc HW 2218 mB took 1.001 seconds, 2215.793 mB/s Cycles per byte = 1.13 +AES-256-CBC-dec HW 2113 mB took 1.002 seconds, 2108.506 mB/s Cycles per byte = 1.18 +AES-256-CBC-dec HW 2113 mB took 1.002 seconds, 2108.354 mB/s Cycles per byte = 1.18 +AES-128-GCM-enc SW 1919 mB took 1.001 seconds, 1916.366 mB/s Cycles per byte = 1.30 +AES-128-GCM-enc SW 2595 mB took 1.001 seconds, 2591.465 mB/s Cycles per byte = 0.96 +AES-128-GCM-dec SW 2611 mB took 1.000 seconds, 2610.093 mB/s Cycles per byte = 0.96 +AES-128-GCM-dec SW 2218 mB took 1.002 seconds, 2213.073 mB/s Cycles per byte = 1.13 +AES-192-GCM-enc SW 2317 mB took 1.001 seconds, 2315.896 mB/s Cycles per byte = 1.08 +AES-192-GCM-enc SW 2286 mB took 1.002 seconds, 2281.953 mB/s Cycles per byte = 1.09 +AES-192-GCM-dec SW 2207 mB took 1.001 seconds, 2206.098 mB/s Cycles per byte = 1.13 +AES-192-GCM-dec SW 1589 mB took 1.002 seconds, 1586.020 mB/s Cycles per byte = 1.57 +AES-256-GCM-enc SW 2071 mB took 1.001 seconds, 2069.342 mB/s Cycles per byte = 1.21 +AES-256-GCM-enc SW 2108 mB took 1.002 seconds, 2103.268 mB/s Cycles per byte = 1.19 +AES-256-GCM-dec SW 2108 mB took 1.001 seconds, 2105.715 mB/s Cycles per byte = 1.18 +AES-256-GCM-dec SW 2108 mB took 1.002 seconds, 2103.563 mB/s Cycles per byte = 1.19 +AES-128-GCM-enc HW 2427 mB took 1.002 seconds, 2422.522 mB/s Cycles per byte = 1.03 +AES-128-GCM-enc HW 2433 mB took 1.002 seconds, 2427.722 mB/s Cycles per byte = 1.03 +AES-128-GCM-dec HW 1861 mB took 1.001 seconds, 1860.039 mB/s Cycles per byte = 1.34 +AES-128-GCM-dec HW 1861 mB took 1.001 seconds, 1860.019 mB/s Cycles per byte = 1.34 +AES-192-GCM-enc HW 2380 mB took 1.000 seconds, 2379.218 mB/s Cycles per byte = 1.05 +AES-192-GCM-enc HW 2386 mB took 1.000 seconds, 2384.418 mB/s Cycles per byte = 1.05 +AES-192-GCM-dec HW 1971 mB took 1.002 seconds, 1966.480 mB/s Cycles per byte = 1.27 +AES-192-GCM-dec HW 1971 mB took 1.002 seconds, 1966.458 mB/s Cycles per byte = 1.27 +AES-256-GCM-enc HW 2254 mB took 1.002 seconds, 2249.535 mB/s Cycles per byte = 1.11 +AES-256-GCM-enc HW 2254 mB took 1.002 seconds, 2249.487 mB/s Cycles per byte = 1.11 +AES-256-GCM-dec HW 1746 mB took 1.001 seconds, 1744.049 mB/s Cycles per byte = 1.43 +AES-256-GCM-dec HW 1746 mB took 1.001 seconds, 1744.018 mB/s Cycles per byte = 1.43 +CHACHA SW 1478 mB took 1.000 seconds, 1478.220 mB/s Cycles per byte = 1.69 +CHACHA SW 1347 mB took 1.003 seconds, 1342.833 mB/s Cycles per byte = 1.86 +CHA-POLY SW 949 mB took 1.002 seconds, 946.915 mB/s Cycles per byte = 2.63 +CHA-POLY SW 949 mB took 1.005 seconds, 944.670 mB/s Cycles per byte = 2.64 +MD5 SW 603 mB took 1.003 seconds, 601.383 mB/s Cycles per byte = 4.15 +MD5 SW 613 mB took 1.005 seconds, 610.413 mB/s Cycles per byte = 4.09 +MD5 HW 409 mB took 1.002 seconds, 408.088 mB/s Cycles per byte = 6.11 +MD5 HW 409 mB took 1.003 seconds, 407.845 mB/s Cycles per byte = 6.12 +POLY1305 SW 2621 mB took 1.000 seconds, 2620.709 mB/s Cycles per byte = 0.95 +POLY1305 SW 2616 mB took 1.001 seconds, 2613.824 mB/s Cycles per byte = 0.95 +SHA SW 377 mB took 1.003 seconds, 376.342 mB/s Cycles per byte = 6.63 +SHA SW 383 mB took 1.011 seconds, 378.592 mB/s Cycles per byte = 6.59 +SHA HW 535 mB took 1.005 seconds, 531.941 mB/s Cycles per byte = 4.69 +SHA HW 535 mB took 1.006 seconds, 531.644 mB/s Cycles per byte = 4.69 +SHA-224 SW 351 mB took 1.010 seconds, 347.715 mB/s Cycles per byte = 7.17 +SHA-224 SW 351 mB took 1.014 seconds, 346.285 mB/s Cycles per byte = 7.20 +SHA-224 HW 414 mB took 1.012 seconds, 409.434 mB/s Cycles per byte = 6.09 +SHA-224 HW 419 mB took 1.012 seconds, 414.387 mB/s Cycles per byte = 6.02 +SHA-256 SW 351 mB took 1.011 seconds, 347.292 mB/s Cycles per byte = 7.18 +SHA-256 SW 315 mB took 1.013 seconds, 310.424 mB/s Cycles per byte = 8.03 +SHA-256 HW 419 mB took 1.004 seconds, 417.688 mB/s Cycles per byte = 5.97 +SHA-256 HW 419 mB took 1.005 seconds, 417.427 mB/s Cycles per byte = 5.98 +SHA-384 SW 530 mB took 1.001 seconds, 529.040 mB/s Cycles per byte = 4.71 +SHA-384 SW 530 mB took 1.003 seconds, 528.139 mB/s Cycles per byte = 4.72 +SHA-384 HW 357 mB took 1.001 seconds, 356.156 mB/s Cycles per byte = 7.00 +SHA-384 HW 367 mB took 1.010 seconds, 363.498 mB/s Cycles per byte = 6.86 +SHA-512 SW 530 mB took 1.002 seconds, 528.589 mB/s Cycles per byte = 4.72 +SHA-512 SW 446 mB took 1.009 seconds, 441.540 mB/s Cycles per byte = 5.65 +SHA-512 HW 367 mB took 1.004 seconds, 365.434 mB/s Cycles per byte = 6.83 +SHA-512 HW 367 mB took 1.005 seconds, 365.224 mB/s Cycles per byte = 6.83 +SHA3-224 SW 236 mB took 1.014 seconds, 232.784 mB/s Cycles per byte = 10.71 +SHA3-224 SW 236 mB took 1.018 seconds, 231.794 mB/s Cycles per byte = 10.76 +SHA3-224 HW 220 mB took 1.006 seconds, 218.860 mB/s Cycles per byte = 11.40 +SHA3-224 HW 236 mB took 1.015 seconds, 232.538 mB/s Cycles per byte = 10.73 +SHA3-256 SW 163 mB took 1.000 seconds, 162.463 mB/s Cycles per byte = 15.35 +SHA3-256 SW 225 mB took 1.023 seconds, 220.278 mB/s Cycles per byte = 11.32 +SHA3-256 HW 692 mB took 1.004 seconds, 689.291 mB/s Cycles per byte = 3.62 +SHA3-256 HW 692 mB took 1.007 seconds, 687.092 mB/s Cycles per byte = 3.63 +SHA3-384 SW 173 mB took 1.022 seconds, 169.214 mB/s Cycles per byte = 14.74 +SHA3-384 SW 173 mB took 1.024 seconds, 168.878 mB/s Cycles per byte = 14.77 +SHA3-384 HW 173 mB took 1.023 seconds, 169.202 mB/s Cycles per byte = 14.74 +SHA3-384 HW 173 mB took 1.024 seconds, 168.948 mB/s Cycles per byte = 14.76 +SHA3-512 SW 121 mB took 1.026 seconds, 117.548 mB/s Cycles per byte = 21.22 +SHA3-512 SW 121 mB took 1.027 seconds, 117.375 mB/s Cycles per byte = 21.25 +SHA3-512 HW 121 mB took 1.026 seconds, 117.585 mB/s Cycles per byte = 21.21 +SHA3-512 HW 121 mB took 1.028 seconds, 117.335 mB/s Cycles per byte = 21.26 +HMAC-MD5 SW 608 mB took 1.000 seconds, 608.096 mB/s Cycles per byte = 4.10 +HMAC-MD5 SW 613 mB took 1.004 seconds, 611.102 mB/s Cycles per byte = 4.08 +HMAC-MD5 HW 414 mB took 1.001 seconds, 413.762 mB/s Cycles per byte = 6.03 +HMAC-MD5 HW 414 mB took 1.004 seconds, 412.554 mB/s Cycles per byte = 6.05 +HMAC-SHA SW 383 mB took 1.011 seconds, 378.446 mB/s Cycles per byte = 6.59 +HMAC-SHA SW 383 mB took 1.013 seconds, 377.729 mB/s Cycles per byte = 6.60 +HMAC-SHA HW 535 mB took 1.008 seconds, 530.760 mB/s Cycles per byte = 4.70 +HMAC-SHA HW 514 mB took 1.009 seconds, 509.292 mB/s Cycles per byte = 4.90 +HMAC-SHA224 SW 267 mB took 1.008 seconds, 265.316 mB/s Cycles per byte = 9.40 +HMAC-SHA224 SW 351 mB took 1.012 seconds, 346.982 mB/s Cycles per byte = 7.19 +HMAC-SHA224 HW 404 mB took 1.003 seconds, 402.579 mB/s Cycles per byte = 6.20 +HMAC-SHA224 HW 393 mB took 1.011 seconds, 388.951 mB/s Cycles per byte = 6.41 +HMAC-SHA256 SW 294 mB took 1.007 seconds, 291.426 mB/s Cycles per byte = 8.56 +HMAC-SHA256 SW 351 mB took 1.012 seconds, 347.205 mB/s Cycles per byte = 7.18 +HMAC-SHA256 HW 419 mB took 1.004 seconds, 417.677 mB/s Cycles per byte = 5.97 +HMAC-SHA256 HW 419 mB took 1.009 seconds, 415.514 mB/s Cycles per byte = 6.00 +HMAC-SHA384 SW 530 mB took 1.002 seconds, 528.479 mB/s Cycles per byte = 4.72 +HMAC-SHA384 SW 530 mB took 1.007 seconds, 526.093 mB/s Cycles per byte = 4.74 +HMAC-SHA384 HW 367 mB took 1.004 seconds, 365.498 mB/s Cycles per byte = 6.82 +HMAC-SHA384 HW 367 mB took 1.006 seconds, 364.878 mB/s Cycles per byte = 6.84 +HMAC-SHA512 SW 530 mB took 1.002 seconds, 528.616 mB/s Cycles per byte = 4.72 +HMAC-SHA512 SW 530 mB took 1.006 seconds, 526.513 mB/s Cycles per byte = 4.74 +HMAC-SHA512 HW 367 mB took 1.003 seconds, 365.816 mB/s Cycles per byte = 6.82 +HMAC-SHA512 HW 367 mB took 1.007 seconds, 364.560 mB/s Cycles per byte = 6.84 +RSA 1024 key gen SW 40 ops took 1.191 sec, avg 29.780 ms, 33.580 ops/sec +RSA 1024 key gen SW 40 ops took 1.428 sec, avg 35.694 ms, 28.016 ops/sec +RSA 2048 key gen SW 40 ops took 4.154 sec, avg 103.853 ms, 9.629 ops/sec +RSA 2048 key gen SW 40 ops took 5.687 sec, avg 142.172 ms, 7.034 ops/sec +RSA 1024 key gen HW 120 ops took 1.064 sec, avg 8.866 ms, 112.790 ops/sec +RSA 1024 key gen HW 120 ops took 1.072 sec, avg 8.932 ms, 111.953 ops/sec +RSA 2048 key gen HW 40 ops took 1.389 sec, avg 34.717 ms, 28.804 ops/sec +RSA 2048 key gen HW 40 ops took 1.437 sec, avg 35.935 ms, 27.828 ops/sec +RSA 2048 sign SW 1000 ops took 1.046 sec, avg 1.046 ms, 956.197 ops/sec +RSA 2048 sign SW 1000 ops took 1.052 sec, avg 1.052 ms, 950.320 ops/sec +RSA 2048 verify SW 32300 ops took 1.001 sec, avg 0.031 ms, 32271.670 ops/sec +RSA 2048 verify SW 32200 ops took 1.003 sec, avg 0.031 ms, 32117.110 ops/sec +RSA 2048 sign HW 12300 ops took 1.001 sec, avg 0.081 ms, 12288.056 ops/sec +RSA 2048 sign HW 19600 ops took 1.003 sec, avg 0.051 ms, 19537.967 ops/sec +RSA 2048 verify HW 116000 ops took 1.000 sec, avg 0.009 ms, 115971.935 ops/sec +RSA 2048 verify HW 118000 ops took 1.000 sec, avg 0.008 ms, 117962.707 ops/sec +DH 2048 key gen SW 2080 ops took 1.000 sec, avg 0.481 ms, 2079.830 ops/sec +DH 2048 key gen SW 2120 ops took 1.016 sec, avg 0.479 ms, 2086.548 ops/sec +DH 2048 agree SW 2100 ops took 1.023 sec, avg 0.487 ms, 2053.478 ops/sec +DH 2048 agree SW 2100 ops took 1.026 sec, avg 0.489 ms, 2046.644 ops/sec +DH 2048 key gen HW 43720 ops took 1.000 sec, avg 0.023 ms, 43712.257 ops/sec +DH 2048 key gen HW 43320 ops took 1.000 sec, avg 0.023 ms, 43299.560 ops/sec +DH 2048 agree HW 32500 ops took 1.001 sec, avg 0.031 ms, 32471.874 ops/sec +DH 2048 agree HW 39400 ops took 1.001 sec, avg 0.025 ms, 39351.757 ops/sec +ECC 256 key gen SW 41320 ops took 1.001 sec, avg 0.024 ms, 41298.692 ops/sec +ECC 256 key gen SW 41280 ops took 1.001 sec, avg 0.024 ms, 41258.674 ops/sec +ECC 256 key gen HW 41320 ops took 1.000 sec, avg 0.024 ms, 41309.127 ops/sec +ECC 256 key gen HW 41280 ops took 1.001 sec, avg 0.024 ms, 41244.118 ops/sec +ECDHE 256 agree SW 13400 ops took 1.005 sec, avg 0.075 ms, 13328.731 ops/sec +ECDHE 256 agree SW 13300 ops took 1.006 sec, avg 0.076 ms, 13221.465 ops/sec +ECDSA 256 sign SW 29900 ops took 1.002 sec, avg 0.034 ms, 29841.744 ops/sec +ECDSA 256 sign SW 30000 ops took 1.003 sec, avg 0.033 ms, 29910.091 ops/sec +ECDSA 256 verify SW 10700 ops took 1.006 sec, avg 0.094 ms, 10641.471 ops/sec +ECDSA 256 verify SW 10700 ops took 1.009 sec, avg 0.094 ms, 10604.105 ops/sec +ECDHE 256 agree HW 26600 ops took 1.000 sec, avg 0.038 ms, 26594.522 ops/sec +ECDHE 256 agree HW 19000 ops took 1.002 sec, avg 0.053 ms, 18964.479 ops/sec +ECDSA 256 sign HW 22300 ops took 1.001 sec, avg 0.045 ms, 22286.137 ops/sec +ECDSA 256 sign HW 22000 ops took 1.002 sec, avg 0.046 ms, 21963.146 ops/sec +ECDSA 256 verify HW 12600 ops took 1.002 sec, avg 0.080 ms, 12569.531 ops/sec +ECDSA 256 verify HW 12600 ops took 1.005 sec, avg 0.080 ms, 12542.829 ops/sec +Benchmark complete +RNG SW 151.844 mB/s +AES-128-CBC-enc SW 1448.090 mB/s +AES-128-CBC-dec SW 10373.612 mB/s +AES-192-CBC-enc SW 1212.030 mB/s +AES-192-CBC-dec SW 8651.141 mB/s +AES-256-CBC-enc SW 1042.655 mB/s +AES-256-CBC-dec SW 7408.791 mB/s +AES-128-CBC-enc HW 4885.588 mB/s +AES-128-CBC-dec HW 4757.373 mB/s +AES-192-CBC-enc HW 4718.991 mB/s +AES-192-CBC-dec HW 4823.705 mB/s +AES-256-CBC-enc HW 4436.875 mB/s +AES-256-CBC-dec HW 4216.860 mB/s +AES-128-GCM-enc SW 4507.831 mB/s +AES-128-GCM-dec SW 4823.166 mB/s +AES-192-GCM-enc SW 4597.849 mB/s +AES-192-GCM-dec SW 3792.119 mB/s +AES-256-GCM-enc SW 4172.610 mB/s +AES-256-GCM-dec SW 4209.278 mB/s +AES-128-GCM-enc HW 4850.244 mB/s +AES-128-GCM-dec HW 3720.058 mB/s +AES-192-GCM-enc HW 4763.636 mB/s +AES-192-GCM-dec HW 3932.937 mB/s +AES-256-GCM-enc HW 4499.022 mB/s +AES-256-GCM-dec HW 3488.068 mB/s +CHACHA SW 2821.053 mB/s +CHA-POLY SW 1891.585 mB/s +MD5 SW 1211.796 mB/s +MD5 HW 815.933 mB/s +POLY1305 SW 5234.533 mB/s +SHA SW 754.934 mB/s +SHA HW 1063.586 mB/s +SHA-224 SW 694.001 mB/s +SHA-224 HW 823.821 mB/s +SHA-256 SW 657.716 mB/s +SHA-256 HW 835.115 mB/s +SHA-384 SW 1057.178 mB/s +SHA-384 HW 719.655 mB/s +SHA-512 SW 970.129 mB/s +SHA-512 HW 730.657 mB/s +SHA3-224 SW 464.579 mB/s +SHA3-224 HW 451.398 mB/s +SHA3-256 SW 382.741 mB/s +SHA3-256 HW 1376.382 mB/s +SHA3-384 SW 338.092 mB/s +SHA3-384 HW 338.150 mB/s +SHA3-512 SW 234.923 mB/s +SHA3-512 HW 234.921 mB/s +HMAC-MD5 SW 1219.198 mB/s +HMAC-MD5 HW 826.316 mB/s +HMAC-SHA SW 756.175 mB/s +HMAC-SHA HW 1040.052 mB/s +HMAC-SHA224 SW 612.297 mB/s +HMAC-SHA224 HW 791.530 mB/s +HMAC-SHA256 SW 638.631 mB/s +HMAC-SHA256 HW 833.191 mB/s +HMAC-SHA384 SW 1054.571 mB/s +HMAC-SHA384 HW 730.376 mB/s +HMAC-SHA512 SW 1055.130 mB/s +HMAC-SHA512 HW 730.377 mB/s +RSA 1024 key gen SW 61.596 ops/sec +RSA 2048 key gen SW 16.663 ops/sec +RSA 1024 key gen HW 224.743 ops/sec +RSA 2048 key gen HW 56.632 ops/sec +RSA 2048 sign SW 1906.517 ops/sec +RSA 2048 verify SW 64388.780 ops/sec +RSA 2048 sign HW 31826.022 ops/sec +RSA 2048 verify HW 233934.642 ops/sec +DH 2048 key gen SW 4166.378 ops/sec +DH 2048 agree SW 4100.122 ops/sec +DH 2048 key gen HW 87011.816 ops/sec +DH 2048 agree HW 71823.630 ops/sec +ECC 256 key gen SW 82557.366 ops/sec +ECC 256 key gen HW 82553.245 ops/sec +ECDHE 256 agree SW 26550.196 ops/sec +ECDSA 256 sign SW 59751.835 ops/sec +ECDSA 256 verify SW 21245.576 ops/sec +ECDHE 256 agree HW 45559.001 ops/sec +ECDSA 256 sign HW 44249.283 ops/sec +ECDSA 256 verify HW 25112.360 ops/sec +IntelQA: Stop +``` + +### wolfCrypt Benchmark with QAT (single-threaded) + +To use the benchmark tool against hardware in single threaded mode build the library with `CFLAGS="-DWC_NO_ASYNC_THREADING"`. + +``` +sudo ./wolfcrypt/benchmark/benchmark -rsa_sign -dh -ecc +IntelQA: Instances 2 +wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) +RSA 2048 public HW 161000 ops took 1.000 sec, avg 0.006 ms, 160989.829 ops/sec +RSA 2048 private HW 18600 ops took 1.002 sec, avg 0.054 ms, 18566.416 ops/sec +DH 2048 key gen HW 48945 ops took 1.000 sec, avg 0.020 ms, 48931.782 ops/sec +DH 2048 agree HW 43300 ops took 1.001 sec, avg 0.023 ms, 43248.876 ops/sec +ECDHE 256 agree HW 26400 ops took 1.001 sec, avg 0.038 ms, 26382.639 ops/sec +ECDSA 256 sign HW 23900 ops took 1.004 sec, avg 0.042 ms, 23810.849 ops/sec +ECDSA 256 verify HW 13800 ops took 1.000 sec, avg 0.072 ms, 13799.878 ops/sec +IntelQA: Stop +``` + +### wolfSSL Asynchronous Test Mode + +Enable asynccrypt alone to use async simulator. +`./configure --enable-asynccrypt` + + +## Debugging + +To enable debug messages: +`./configure --enable-asynccrypt --with-intelqa=../QAT --enable-debug --disable-shared CFLAGS="-DQAT_DEBUG" && make` + + +## Support + +For questions or issues email us at support@wolfssl.com. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,5108 @@ +/* quickassist.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_INTEL_QA + +#ifdef QAT_DEMO_MAIN + #define QAT_USE_POLLING_THREAD +#endif + + +#include +#include +#include +#include +#ifndef NO_RSA + #include +#endif +#ifndef NO_AES + #include +#endif +#ifndef NO_HMAC + #include +#endif +#ifndef NO_DH + #include +#endif + +#include + +#include "icp_sal_user.h" +#include "icp_sal_poll.h" +#ifndef QAT_V2 +#include "icp_sal_drbg_impl.h" +#endif + +#ifdef QAT_HASH_ENABLE_PARTIAL +#ifdef USE_LAC_SESSION_FOR_STRUCT_OFFSET + #include "lac_session.h" +#endif +#endif + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include + +/* Async enables (1=non-block, 0=block) */ +#ifndef QAT_RSA_ASYNC +#define QAT_RSA_ASYNC 1 +#endif +#ifndef QAT_EXPTMOD_ASYNC +#define QAT_EXPTMOD_ASYNC 1 +#endif +#ifndef QAT_CIPHER_ASYNC +#define QAT_CIPHER_ASYNC 1 +#endif +#ifndef QAT_ECDSA_ASYNC +#define QAT_ECDSA_ASYNC 1 +#endif +#ifndef QAT_ECDHE_ASYNC +#define QAT_ECDHE_ASYNC 1 +#endif +#ifndef QAT_ECMUL_ASYNC +#define QAT_ECMUL_ASYNC 1 +#endif +#ifndef QAT_DH_ASYNC +#define QAT_DH_ASYNC 1 +#endif + +/* Hash and Drbg do not support async in wolfSSL/wolfCrypt */ +#ifndef QAT_HASH_ASYNC +#define QAT_HASH_ASYNC 0 +#endif +#ifndef QAT_DRBG_ASYNC +#define QAT_DRBG_ASYNC 0 +#endif + +#define OS_HOST_TO_NW_32(uData) ByteReverseWord32(uData) + +static CpaInstanceHandle* g_cyInstances = NULL; +static CpaInstanceInfo2* g_cyInstanceInfo = NULL; +static Cpa32U* g_cyInstMap = NULL; +static Cpa16U g_numInstances = 0; +static Cpa16U g_instCounter = 0; +static CpaBoolean g_cyServiceStarted = CPA_FALSE; +#ifdef QAT_USE_POLLING_CHECK + static CpaBoolean* g_cyPolling = NULL; + static pthread_mutex_t* g_PollLock; +#endif +static volatile int g_initCount = 0; +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) + static Cpa8U* g_qatEcdhY = NULL; + static Cpa8U* g_qatEcdhCofactor1 = NULL; +#endif +static pthread_mutex_t g_Hwlock = PTHREAD_MUTEX_INITIALIZER; + +typedef struct qatCapabilities { + /* capabilities */ + word32 supPartial:1; +#ifdef QAT_V2 + word32 supSha3:1; +#endif +} qatCapabilities_t; +static qatCapabilities_t g_qatCapabilities = { + 0 + #ifdef QAT_V2 + , 0 + #endif +}; + + +#if defined(QAT_ENABLE_CRYPTO) || defined(QAT_ENABLE_HASH) + static int IntelQaSymClose(WC_ASYNC_DEV* dev, int doFree); +#endif +#if defined(QAT_ENABLE_RNG) +static int IntelQaDrbgClose(WC_ASYNC_DEV* dev); +#endif + +extern Cpa32U osalLogLevelSet(Cpa32U level); + + +/* -------------------------------------------------------------------------- */ +/* Polling */ +/* -------------------------------------------------------------------------- */ + +#ifdef QAT_USE_POLLING_THREAD +static void* IntelQaPollingThread(void* context) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)context; +#ifdef QAT_DEBUG + printf("Polling Thread Start\n"); +#endif + while (dev->qat.pollingCy) { + icp_sal_CyPollInstance(dev->qat.handle, QAT_POLL_RESP_QUOTA); + wc_AsyncSleep(10); + } +#ifdef QAT_DEBUG + printf("Polling Thread Exit\n"); +#endif + pthread_exit(NULL); +} + +static CpaStatus IntelQaStartPollingThread(WC_ASYNC_DEV* dev) +{ + if (dev->qat.pollingCy == 0) { + dev->qat.pollingCy = 1; + #ifdef QAT_DEBUG + printf("Polling Thread Created\n"); + #endif + if (pthread_create(&dev->qat.pollingThread, NULL, IntelQaPollingThread, + (void*)dev) != 0) { + printf("Failed create polling thread!\n"); + return CPA_STATUS_FAIL; + } + } + return CPA_STATUS_SUCCESS; +} + +static void IntelQaStopPollingThread(WC_ASYNC_DEV* dev) +{ + dev->qat.pollingCy = 0; + pthread_join(dev->qat.pollingThread, 0); +} +#endif /* QAT_USE_POLLING_THREAD */ + + + +/* -------------------------------------------------------------------------- */ +/* Buffer Helpers */ +/* -------------------------------------------------------------------------- */ +#if defined(HAVE_ECC) || !defined(NO_DH) || !defined(NO_RSA) +static WC_INLINE int IntelQaAllocFlatBuffer(CpaFlatBuffer* buf, int size, + void* heap) +{ + if (buf == NULL || size <= 0) + return BAD_FUNC_ARG; + buf->pData = (byte*)XMALLOC(size, heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (buf->pData == NULL) + return MEMORY_E; + buf->dataLenInBytes = size; + return 0; +} +#if !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) +static WC_INLINE void IntelQaFreeFlatBuffer(CpaFlatBuffer* buf, void* heap) +{ + if (buf && buf->pData) { + XFREE(buf->pData, heap, DYNAMIC_TYPE_ASYNC_NUMA); + buf->pData = NULL; + buf->dataLenInBytes = 0; + } +} +#endif +static WC_INLINE int IntelQaBigIntToFlatBuffer(WC_BIGINT* src, + CpaFlatBuffer* dst) +{ + if (src == NULL || src->buf == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + + dst->pData = src->buf; + dst->dataLenInBytes = src->len; + + return 0; +} + +static WC_INLINE int IntelQaFlatBufferToBigInt(CpaFlatBuffer* src, + WC_BIGINT* dst) +{ + if (src == NULL || src->pData == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + + dst->buf = src->pData; + dst->len = src->dataLenInBytes; + + return 0; +} +#endif + + +/* -------------------------------------------------------------------------- */ +/* Device */ +/* -------------------------------------------------------------------------- */ +void IntelQaHardwareStop(void) +{ + int i; + CpaStatus status; + + g_initCount--; /* track de-init count */ + if (g_initCount != 0) { + return; + } + +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) + if (g_qatEcdhY) { + XFREE(g_qatEcdhY, NULL, DYNAMIC_TYPE_ASYNC_NUMA); + g_qatEcdhY = NULL; + } + if (g_qatEcdhCofactor1) { + XFREE(g_qatEcdhCofactor1, NULL, DYNAMIC_TYPE_ASYNC_NUMA); + g_qatEcdhCofactor1 = NULL; + } +#endif + + if (g_cyServiceStarted == CPA_TRUE) { + g_cyServiceStarted = CPA_FALSE; + for (i=0; i 1) { + return 0; + } + + status = qaeMemInit(); + if (status != CPA_STATUS_SUCCESS) { + printf("IntelQA: Could not start qae mem for user space (status %d)\n", + status); + printf("\tHas the qaeMemDrv.ko module been loaded?\n"); + return ASYNC_INIT_E; + } + + status = icp_sal_userStartMultiProcess(process_name, + limitDevAccess ? CPA_TRUE : CPA_FALSE); + if (status != CPA_STATUS_SUCCESS) { + printf("IntelQA: Could not start sal for user space! status %d\n", + status); + ret = ASYNC_INIT_E; goto error; + } + +#ifdef QAT_DEBUG + /* optionally enable debugging */ + /* osalLogLevelSet(8); */ +#endif + + status = cpaCyGetNumInstances(&g_numInstances); + if (status != CPA_STATUS_SUCCESS || g_numInstances == 0) { + printf("IntelQA: Failed to get num of instances! status %d\n", + status); + ret = INVALID_DEVID; goto error; + } + + /* Get handles / info */ + g_cyInstances = (CpaInstanceHandle*)XMALLOC( + sizeof(CpaInstanceHandle) * g_numInstances, NULL, DYNAMIC_TYPE_ASYNC); + if (g_cyInstances == NULL) { + printf("IntelQA: Failed to allocate instances\n"); + ret = INVALID_DEVID; goto error; + } + +#ifdef QAT_USE_POLLING_CHECK + g_cyPolling = (CpaBoolean*)XMALLOC(sizeof(CpaBoolean) * g_numInstances, + NULL, DYNAMIC_TYPE_ASYNC); + if (g_cyPolling == NULL) { + printf("IntelQA: Failed to allocate polling status\n"); + ret = INVALID_DEVID; goto error; + } + g_PollLock = (pthread_mutex_t*)XMALLOC(sizeof(pthread_mutex_t) * + g_numInstances, NULL, DYNAMIC_TYPE_ASYNC); + if (g_PollLock == NULL) { + printf("IntelQA: Failed to allocate polling locks\n"); + ret = INVALID_DEVID; goto error; + } + for (i=0; i> 8), + (Cpa8U)((g_cyInstanceInfo[i].physInstId.busAddress) + & 0xFF) >> 3, + (Cpa8U)((g_cyInstanceInfo[i].physInstId.busAddress) & 3), + g_cyInstanceInfo[i].isPolled); + #endif + + status = cpaCySetAddressTranslation(g_cyInstances[i], + qaeVirtToPhysNUMA); + if (status != CPA_STATUS_SUCCESS) { + printf("IntelQA: Error setting memory config for inst %d\n", i); + ret = INVALID_DEVID; goto error; + } + + status = cpaCyStartInstance(g_cyInstances[i]); + if (status != CPA_STATUS_SUCCESS) { + printf("IntelQA: Error starting crypto instance %d\n", i); + ret = INVALID_DEVID; goto error; + } + } + +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) + g_qatEcdhY = (Cpa8U*)XMALLOC(MAX_ECC_BYTES, NULL, DYNAMIC_TYPE_ASYNC_NUMA); + if (g_qatEcdhY == NULL) { + ret = MEMORY_E; goto error; + } + g_qatEcdhCofactor1 = (Cpa8U*)XMALLOC(MAX_ECC_BYTES, NULL, DYNAMIC_TYPE_ASYNC_NUMA); + if (g_qatEcdhCofactor1 == NULL) { + ret = MEMORY_E; goto error; + } + *((word32*)g_qatEcdhCofactor1) = OS_HOST_TO_NW_32(1); +#endif + + printf("IntelQA: Instances %d\n", g_numInstances); + return ret; + +error: + IntelQaHardwareStop(); + return ret; +} + + +int IntelQaInit(void* threadId) +{ + int ret; + int devId; +#if !defined(WC_NO_ASYNC_THREADING) && defined(WC_ASYNC_THREAD_BIND) + pthread_t* thread = (pthread_t*)threadId; +#else + (void)threadId; +#endif + + ret = pthread_mutex_lock(&g_Hwlock); + if (ret != 0) { + printf("IntelQaInit: mutex lock failed! %d\n", ret); + return BAD_MUTEX_E; + } + + ret = IntelQaHardwareStart(QAT_PROCESS_NAME, QAT_LIMIT_DEV_ACCESS); + if (ret != 0) { + pthread_mutex_unlock(&g_Hwlock); + return ret; + } + + if (g_numInstances <= 0) { + pthread_mutex_unlock(&g_Hwlock); + return ASYNC_INIT_E; + } + + /* assign device id */ + devId = (g_instCounter % g_numInstances); + g_instCounter++; + + pthread_mutex_unlock(&g_Hwlock); + +#if !defined(WC_NO_ASYNC_THREADING) && defined(WC_ASYNC_THREAD_BIND) + /* if no thread provided then just return instance and don't bind */ + if (thread) { + ret = wc_AsyncThreadBind(thread, g_cyInstMap[devId]); + if (ret != 0) { + printf("IntelQA: Thread bind failed! %d\n", ret); + } + } +#endif /* !WC_NO_ASYNC_THREADING && !WC_NO_ASYNC_THREAD_BIND */ + + return devId; +} + +int IntelQaNumInstances(void) +{ + return g_numInstances; +} + +int IntelQaOpen(WC_ASYNC_DEV* dev, int devId) +{ + if (dev == NULL) { + return BAD_FUNC_ARG; + } + + (void)devId; + + /* clear device info */ + XMEMSET(&dev->qat, 0, sizeof(IntelQaDev)); + + if (g_cyInstances == NULL) { + printf("IntelQA not initialized\n"); + return ASYNC_INIT_E; + } + + if (devId >= g_numInstances) { + fprintf(stderr, "IntelQA: devId %d exceeds number of instances %u\n", + devId, g_numInstances); + return NO_VALID_DEVID; + } + + dev->qat.devId = devId; + dev->qat.handle = g_cyInstances[devId]; + +#ifdef QAT_DEBUG + printf("IntelQaOpen %p\n", dev); +#endif + +#ifdef QAT_USE_POLLING_THREAD + /* start polling thread */ + IntelQaStartPollingThread(dev); +#endif + + return 0; +} + +#if defined(QAT_ENABLE_CRYPTO) || defined(QAT_ENABLE_HASH) +static int IntelQaDevIsHash(WC_ASYNC_DEV* dev) +{ + int isHash = 0; + + switch (dev->marker) { + case WOLFSSL_ASYNC_MARKER_ARC4: + case WOLFSSL_ASYNC_MARKER_AES: + case WOLFSSL_ASYNC_MARKER_3DES: + case WOLFSSL_ASYNC_MARKER_RNG: + case WOLFSSL_ASYNC_MARKER_RSA: + case WOLFSSL_ASYNC_MARKER_ECC: + case WOLFSSL_ASYNC_MARKER_DH: + isHash = 0; + break; + case WOLFSSL_ASYNC_MARKER_HMAC: + case WOLFSSL_ASYNC_MARKER_SHA512: + case WOLFSSL_ASYNC_MARKER_SHA384: + case WOLFSSL_ASYNC_MARKER_SHA256: + case WOLFSSL_ASYNC_MARKER_SHA224: + case WOLFSSL_ASYNC_MARKER_SHA: + case WOLFSSL_ASYNC_MARKER_MD5: + case WOLFSSL_ASYNC_MARKER_SHA3: + isHash = 1; + break; + } + + return isHash; +} + +static IntelQaSymCtx* IntelQaGetSymCtx(WC_ASYNC_DEV* dev) +{ +#if defined(QAT_ENABLE_CRYPTO) && defined(QAT_ENABLE_HASH) + return IntelQaDevIsHash(dev) ? &dev->qat.op.hash.ctx : + &dev->qat.op.cipher.ctx; +#elif defined(QAT_ENABLE_CRYPTO) + return IntelQaDevIsHash(dev) ? NULL : &dev->qat.op.cipher.ctx; +#elif defined(QAT_ENABLE_HASH) + return IntelQaDevIsHash(dev) ? &dev->qat.op.hash.ctx : NULL; +#else + return NULL; +#endif +} + +static int IntelQaDevIsSym(WC_ASYNC_DEV* dev) +{ + int isSym = 0; + + switch (dev->marker) { + case WOLFSSL_ASYNC_MARKER_RNG: + case WOLFSSL_ASYNC_MARKER_RSA: + case WOLFSSL_ASYNC_MARKER_ECC: + case WOLFSSL_ASYNC_MARKER_DH: + isSym = 0; + break; + case WOLFSSL_ASYNC_MARKER_ARC4: + case WOLFSSL_ASYNC_MARKER_AES: + case WOLFSSL_ASYNC_MARKER_3DES: + case WOLFSSL_ASYNC_MARKER_HMAC: + case WOLFSSL_ASYNC_MARKER_SHA512: + case WOLFSSL_ASYNC_MARKER_SHA384: + case WOLFSSL_ASYNC_MARKER_SHA256: + case WOLFSSL_ASYNC_MARKER_SHA224: + case WOLFSSL_ASYNC_MARKER_SHA: + case WOLFSSL_ASYNC_MARKER_MD5: + case WOLFSSL_ASYNC_MARKER_SHA3: + isSym = 1; + break; + } + + return isSym; +} +#endif + +void IntelQaClose(WC_ASYNC_DEV* dev) +{ + if (dev) { + #ifdef QAT_DEBUG + printf("IntelQaClose %p\n", dev); + #endif + + #if defined(QAT_ENABLE_CRYPTO) || defined(QAT_ENABLE_HASH) + if (IntelQaDevIsSym(dev)) { + /* close any active session */ + IntelQaSymClose(dev, 1); + } + #endif + #if defined(QAT_ENABLE_RNG) + if (dev->marker == WOLFSSL_ASYNC_MARKER_RNG) { + IntelQaDrbgClose(dev); + } + #endif + + #ifdef QAT_USE_POLLING_THREAD + IntelQaStopPollingThread(dev); + #endif + + dev->qat.handle = NULL; + } +} + +void IntelQaDeInit(int devId) +{ + (void)devId; + + if (pthread_mutex_lock(&g_Hwlock) == 0) { + IntelQaHardwareStop(); + pthread_mutex_unlock(&g_Hwlock); + } +} + +int IntelQaDevCopy(WC_ASYNC_DEV* src, WC_ASYNC_DEV* dst) +{ + int ret = 0; +#if defined(QAT_ENABLE_HASH) || defined(QAT_ENABLE_CRYPTO) + IntelQaSymCtx *ctxSrc, *ctxDst; +#ifdef QAT_ENABLE_HASH + int isHash; +#endif +#endif + + if (src == NULL || dst == NULL) + return BAD_FUNC_ARG; + +#if defined(QAT_ENABLE_HASH) || defined(QAT_ENABLE_CRYPTO) + ctxDst = IntelQaGetSymCtx(dst); + ctxSrc = IntelQaGetSymCtx(src); + + if (ctxDst == NULL || ctxSrc == NULL) { + return ret; + } + +#ifdef QAT_DEBUG + printf("IntelQaDevCopy: dev %p->%p, symCtx %p (src %p), symCtxSize %d\n", + src, dst, ctxSrc->symCtx, ctxSrc->symCtxSrc, ctxSrc->symCtxSize); +#endif + + ctxDst->isCopy = 1; + /* force alloc/init on open for copy */ + ctxDst->symCtx = NULL; + ctxDst->isOpen = 0; + /* if src is not open, then don't set source ctx */ + if (!ctxSrc->isOpen) + ctxDst->symCtxSrc = NULL; + +#ifdef QAT_ENABLE_HASH + isHash = IntelQaDevIsHash(src); + if (isHash) { + /* need to duplicate tmpIn */ + if (src->qat.op.hash.tmpIn) { + dst->qat.op.hash.tmpIn = (byte*)XMALLOC(src->qat.op.hash.tmpInBufSz, + src->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (dst->qat.op.hash.tmpIn == NULL) { + return MEMORY_E; + } + XMEMCPY(dst->qat.op.hash.tmpIn, src->qat.op.hash.tmpIn, + src->qat.op.hash.tmpInSz); + dst->qat.op.hash.tmpInSz = src->qat.op.hash.tmpInSz; + dst->qat.op.hash.tmpInBufSz = src->qat.op.hash.tmpInBufSz; + } + } +#endif /* QAT_ENABLE_HASH */ +#endif /* QAT_ENABLE_HASH || QAT_ENABLE_CRYPTO */ + + return ret; +} + +int IntelQaPoll(WC_ASYNC_DEV* dev) +{ + int ret = 0; + +#ifndef QAT_USE_POLLING_THREAD + CpaStatus status; + WOLF_EVENT* event = &dev->event; + +#ifdef QAT_USE_POLLING_CHECK + pthread_mutex_t* lock = &g_PollLock[dev->qat.devId]; + if (pthread_mutex_lock(lock) == 0) { + /* test if any other threads are polling */ + if (g_cyPolling[dev->qat.devId]) { + pthread_mutex_unlock(lock); + + /* return success even though its busy, caller will treat as + * WC_PENDING_E */ + return 0; + } + + g_cyPolling[dev->qat.devId] = 1; + pthread_mutex_unlock(lock); + } +#endif + + status = icp_sal_CyPollInstance(dev->qat.handle, QAT_POLL_RESP_QUOTA); + if (status != CPA_STATUS_SUCCESS && status != CPA_STATUS_RETRY) { + printf("IntelQa: Poll failure %d\n", status); + ret = -1; + } + +#ifndef WC_NO_ASYNC_THREADING + if (event->threadId == 0 || event->threadId == wc_AsyncThreadId()) +#endif + { + /* if event is done */ + if (dev->qat.ret != WC_PENDING_E) { + /* perform cleanup */ + IntelQaFreeFunc freeFunc = dev->qat.freeFunc; + #ifdef QAT_DEBUG + printf("IntelQaOpFree: Dev %p, FreeFunc %p\n", dev, freeFunc); + #endif + if (freeFunc) { + dev->qat.freeFunc = NULL; + freeFunc(dev); + } + + /* return response code */ + event->ret = dev->qat.ret; + } + } + +#ifdef QAT_USE_POLLING_CHECK + /* indicate we are done polling */ + if (pthread_mutex_lock(lock) == 0) { + g_cyPolling[dev->qat.devId] = 0; + pthread_mutex_unlock(lock); + } +#endif + +#else + (void)dev; +#endif + + return ret; +} + +static int IntelQaPollBlockRet(WC_ASYNC_DEV* dev, int ret_wait) +{ + int ret; + + do { + ret = IntelQaPoll(dev); + (void)ret; /* not used */ + + if (dev->qat.ret != ret_wait) { + break; + } + #ifndef WC_NO_ASYNC_THREADING + wc_AsyncThreadYield(); + #endif + } while (1); + ret = dev->qat.ret; + + return ret; +} + +int IntelQaGetCyInstanceCount(void) +{ + return g_numInstances; +} + +static WC_INLINE int IntelQaHandleCpaStatus(WC_ASYNC_DEV* dev, CpaStatus status, + int* ret, byte isAsync, void* callback, int* retryCount) +{ + int retry = 0; + + if (status == CPA_STATUS_SUCCESS) { + if (isAsync && callback) { + *ret = WC_PENDING_E; + } + else { + *ret = IntelQaPollBlockRet(dev, WC_PENDING_E); + } + } + else if (status == CPA_STATUS_RETRY) { + (*retryCount)++; + if ((*retryCount % (QAT_RETRY_LIMIT + 1)) == QAT_RETRY_LIMIT) { + #ifndef WC_NO_ASYNC_THREADING + wc_AsyncThreadYield(); + #else + wc_AsyncSleep(10); + #endif + } + retry = 1; + } + else { + *ret = ASYNC_OP_E; + } + + return retry; +} + +static WC_INLINE void IntelQaOpInit(WC_ASYNC_DEV* dev, IntelQaFreeFunc freeFunc) +{ + dev->qat.ret = WC_PENDING_E; + dev->qat.freeFunc = freeFunc; +} + + +/* -------------------------------------------------------------------------- */ +/* RSA Algo */ +/* -------------------------------------------------------------------------- */ + +#ifndef NO_RSA + +#ifdef WOLFSSL_KEY_GEN +static void IntelQaGenPrimeFree(WC_ASYNC_DEV* dev) +{ + CpaCyPrimeTestOpData* opData = dev->qat.op.prime_gen.opData; + CpaFlatBuffer* primeCandidates = dev->qat.op.prime_gen.primeCandidates; + byte* pMillerRabinData = dev->qat.op.prime_gen.pMillerRabinData; + + if (opData) { + XFREE(opData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.opData = NULL; + } + if (primeCandidates) { + int i; + for (i = 0; i < QAT_PRIME_GEN_TRIES; i++) { + if (primeCandidates[i].pData) { + XFREE(primeCandidates[i].pData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + primeCandidates[i].pData = NULL; + primeCandidates[i].dataLenInBytes = 0; + } + } + XFREE(primeCandidates, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.primeCandidates = NULL; + } + if (pMillerRabinData) { + XFREE(pMillerRabinData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.pMillerRabinData = NULL; + } +} + +static void IntelQaGenPrimeCallback(void *pCallbackTag, + CpaStatus status, void *pOpData, CpaBoolean testPassed) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyPrimeTestOpData* opData = (CpaCyPrimeTestOpData*)pOpData; + int opIndex = 0; + int testStatus = QAT_PRIME_CHK_STATUS_FAILED; + + /* calculate index based on opDate pointer offset */ + if (dev->qat.op.prime_gen.opData && opData) { + byte* srcop = (byte*)dev->qat.op.prime_gen.opData; + byte* curop = (byte*)opData; + size_t offset; + if (srcop <= curop) { + offset = (size_t)curop - (size_t)srcop; + offset /= sizeof(CpaCyPrimeTestOpData); + if (offset < QAT_PRIME_GEN_TRIES) + opIndex = (int)offset; + } + } + +#ifdef QAT_DEBUG + printf("IntelQaGenPrimeCallback: dev %p, opIndex %d, status %d, " + "testPassed %d\n", dev, opIndex, status, testPassed); +#endif + + if (status == CPA_STATUS_SUCCESS) { + testStatus = (testPassed == CPA_TRUE) ? + QAT_PRIME_CHK_STATUS_PASSED : + QAT_PRIME_CHK_STATUS_FAILED; + } + + dev->qat.op.prime_gen.testStatus[opIndex] = testStatus; +} + +#ifndef QAT_PRIME_CHECK_TIMEOUT + /* times to wait in retry for operations */ + #define QAT_PRIME_CHECK_TIMEOUT 100000 +#endif +int IntelQaGenPrime(WC_ASYNC_DEV* dev, WC_RNG* rng, byte* primeBuf, + word32 primeSz) +{ + int ret = 0, retryCount = 0, i, attempt; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyPrimeTestOpData* opData = NULL; + CpaFlatBuffer* primeCandidates = NULL; + byte* pMillerRabinData = NULL; + CpaFlatBuffer millerRabins; + CpaCyPrimeTestCbFunc callback = IntelQaGenPrimeCallback; + CpaBoolean testPassed = CPA_FALSE; + + if (dev == NULL || rng == NULL || primeBuf == NULL || primeSz < 64) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaGenPrime: dev %p, sz %d\n", dev, primeSz); +#endif + + /* generate operation data and prime candidates */ + opData = (CpaCyPrimeTestOpData*)XMALLOC( + sizeof(CpaCyPrimeTestOpData) * QAT_PRIME_GEN_TRIES, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.opData = opData; + primeCandidates = (CpaFlatBuffer*)XMALLOC( + sizeof(CpaFlatBuffer) * QAT_PRIME_GEN_TRIES, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.primeCandidates = primeCandidates; + if (opData == NULL || primeCandidates == NULL) { + ret = MEMORY_E; goto exit; + } + XMEMSET(opData, 0, sizeof(CpaCyPrimeTestOpData) * QAT_PRIME_GEN_TRIES); + XMEMSET(primeCandidates, 0, sizeof(CpaFlatBuffer) * QAT_PRIME_GEN_TRIES); + for (i = 0; i < QAT_PRIME_GEN_TRIES; i++) { + primeCandidates[i].pData = (byte*)XMALLOC(primeSz, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (primeCandidates[i].pData == NULL) { + ret = MEMORY_E; goto exit; + } + primeCandidates[i].dataLenInBytes = primeSz; + } + + /* generate miller rabbin data */ + pMillerRabinData = (byte*)XMALLOC(primeSz * QAT_PRIME_GEN_MR_ROUNDS, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dev->qat.op.prime_gen.pMillerRabinData = pMillerRabinData; + if (pMillerRabinData == NULL) { + ret = MEMORY_E; goto exit; + } + + ret = wc_RNG_GenerateBlock(rng, pMillerRabinData, + primeSz * QAT_PRIME_GEN_MR_ROUNDS); + if (ret != 0) + goto exit; + + /* make sure each miller rabbin number is greater than 1 */ + for (i = 0; i < QAT_PRIME_GEN_MR_ROUNDS; i++) { + word32 byteCheck = primeSz - 1; + byte* round = &pMillerRabinData[i * primeSz]; + if (round[byteCheck] <= 1) { + ret = wc_RNG_GenerateBlock(rng, &round[byteCheck], 1); + if (ret != 0) + goto exit; + if (round[byteCheck] <= 1) + round[byteCheck] += 2; + } + } + millerRabins.pData = pMillerRabinData; + millerRabins.dataLenInBytes = primeSz * QAT_PRIME_GEN_MR_ROUNDS; + + /* populate operation data */ + for (i = 0; i < QAT_PRIME_GEN_TRIES; i++) { + opData[i].primeCandidate = primeCandidates[i]; + opData[i].performGcdTest = CPA_TRUE; + opData[i].performFermatTest = CPA_TRUE; + opData[i].numMillerRabinRounds = QAT_PRIME_GEN_MR_ROUNDS; + opData[i].millerRabinRandomInput = millerRabins; + opData[i].performLucasTest = CPA_TRUE; + } + + /* store info needed for output */ + dev->qat.out = primeBuf; + dev->qat.outLen = primeSz; + IntelQaOpInit(dev, IntelQaGenPrimeFree); + + for (attempt = 0; attempt < QAT_PRIME_GEN_RETRIES; attempt++) { + int expectedDone, doneCount, primePassIndex, errorCount; + byte* primeData = primeCandidates[0].pData; + /* Generate primeCandidates */ + ret = wc_RNG_GenerateBlock(rng, primeData, primeSz); + if (ret != 0) + goto exit; + /* prime lower bound has the MSB set, set it in candidate */ + primeData[0] |= 0x80; + /* make candidate odd */ + primeData[primeSz-1] |= 0x01; + + /* create candidates that are incremented by two */ + for (i = 1; i < QAT_PRIME_GEN_TRIES; i++) { + word32 byteCheck = primeSz - 1; + primeData = primeCandidates[i].pData; + XMEMCPY(primeData, + primeCandidates[i-1].pData, + primeCandidates[i-1].dataLenInBytes); + + if (primeData[byteCheck] != 0xFF) { + primeData[byteCheck] += 2; + } + else { + /* if rollover occurred increment high order bytes */ + /* increment by 1 does not affect odd/even */ + int j; + for (j = primeSz - 2; j >= 0; j--) { + if (primeData[i] != 0xFF) { + primeData[i] += 1; + break; + } + else { + primeData[i] = 0; + } + } + } + } + + /* make sure miller rabbin must be less than prime candidate */ + for (i = 0; i < QAT_PRIME_GEN_MR_ROUNDS; i++) { + byte* mrData = pMillerRabinData + (i * primeSz); + int j; + for (j = 0; j < (int)primeSz; j++) { + /* if primeData is less then mrData, and primeData is not 0, + * then make mrData to be smaller than primeData, + * and we are done */ + if ((primeData[j] <= mrData[j]) && primeData[j] != 0) { + mrData[j] = primeData[j] - 1; + break; + } + /* if primeData is 0 then mrData needs to be zero and we check + * the next index */ + else if (primeData[j] == 0) { + mrData[j] = 0; + } + /* primeData is smaller than mrData so we are done */ + else { + break; + } + } + } + + /* setup and run prime tests */ + XMEMSET(dev->qat.op.prime_gen.testStatus, 0, + sizeof(dev->qat.op.prime_gen.testStatus)); + retryCount = 0; + expectedDone = 0; + errorCount = 0; + for (i = 0; i < QAT_PRIME_GEN_TRIES; i++) { + /* perform prime test */ + do { + status = cpaCyPrimeTest(dev->qat.handle, + callback, + dev, + &opData[i], + &testPassed); + if (status == CPA_STATUS_RETRY) { + IntelQaPoll(dev); + } + } while (status == CPA_STATUS_RETRY && + retryCount++ < QAT_PRIME_CHECK_TIMEOUT); + + /* handle error */ + if (status != CPA_STATUS_SUCCESS) { + errorCount++; + break; + } + expectedDone++; + } + + /* use blocking polling, till all have completed */ + retryCount = 0; + primePassIndex = -1; + do { + IntelQaPoll(dev); + + /* tally results */ + doneCount = 0; + for (i = 0; i < expectedDone; i++) { + byte* testStatus = &dev->qat.op.prime_gen.testStatus[i]; + if (*testStatus != QAT_PRIME_CHK_STATUS_INIT) { + doneCount++; + /* Track index of first passed operation */ + if (primePassIndex == -1 && + *testStatus == QAT_PRIME_CHK_STATUS_PASSED) + primePassIndex = i; + else if (*testStatus == QAT_PRIME_CHK_STATUS_ERROR) + errorCount++; + } + } + + /* determine if all prime tests are done */ + if (doneCount == expectedDone) { + break; + } + + #ifndef WC_NO_ASYNC_THREADING + wc_AsyncThreadYield(); + #endif + } while (retryCount++ < QAT_PRIME_CHECK_TIMEOUT); + if (retryCount == QAT_PRIME_CHECK_TIMEOUT) { + #ifdef QAT_DEBUG + printf("cpaCyPrimeTest wait timeout! dev %p\n", dev); + #endif + errorCount++; + } + + /* check if we found a prime */ + if (primePassIndex != -1 && primePassIndex < QAT_PRIME_GEN_TRIES) { + ret = 0; + XMEMCPY(primeBuf, primeCandidates[primePassIndex].pData, primeSz); + break; /* done with success */ + } + + /* handle failure */ + if (errorCount != 0) { + ret = ASYNC_OP_E; + break; /* done with failure */ + } + + #ifdef QAT_DEBUG + printf("cpaCyPrimeTest attempt %d\n", attempt); + #endif + } /* for (attempt) */ + +exit: + + if (ret != 0) { + printf("cpaCyPrimeTest failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + IntelQaGenPrimeFree(dev); + + return ret; +} + + +static void IntelQaRsaKeyGenFree(WC_ASYNC_DEV* dev) +{ + CpaCyRsaPrivateKey* privateKey = &dev->qat.op.rsa_keygen.privateKey; + + /* This one is not owned by RsaKey */ + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep1.modulusN, dev->heap); + + /* free remaining on failures only */ + /* ownership of these buffers goes to RsaKey */ + if (dev->qat.ret != 0) { + CpaCyRsaKeyGenOpData* opData = &dev->qat.op.rsa_keygen.opData; + CpaCyRsaPublicKey* publicKey = &dev->qat.op.rsa_keygen.publicKey; + + IntelQaFreeFlatBuffer(&publicKey->modulusN, dev->heap); + IntelQaFreeFlatBuffer(&publicKey->publicExponentE, dev->heap); + + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep1.privateExponentD, + dev->heap); + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep2.prime1P, dev->heap); + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep2.prime2Q, dev->heap); + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep2.exponent1Dp, + dev->heap); + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep2.exponent2Dq, + dev->heap); + IntelQaFreeFlatBuffer(&privateKey->privateKeyRep2.coefficientQInv, + dev->heap); + + (void)opData; + } +} + +static void IntelQaRsaKeyGenCallback(void *pCallbackTag, + CpaStatus status, void *pKeyGenOpData, CpaCyRsaPrivateKey *pPrivateKey, + CpaCyRsaPublicKey *pPublicKey) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyRsaKeyGenOpData* opData = (CpaCyRsaKeyGenOpData*)pKeyGenOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaRsaKeyGenCallback: dev %p, status %d\n", dev, status); +#endif + + if (status == CPA_STATUS_SUCCESS) { + RsaKey* key = dev->qat.op.rsa_keygen.rsakey; + if (key) { + /* Populate RsaKey Parameters */ + /* raw BigInt buffer ownership is transferred to RsaKey */ + /* cleanup is handled in wc_FreeRsaKey */ + + /* modulusN */ + ret = IntelQaFlatBufferToBigInt( + &pPublicKey->modulusN, &key->n.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->n, + key->n.raw.buf, key->n.raw.len); + + /* publicExponentE */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPublicKey->publicExponentE, &key->e.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->e, + key->e.raw.buf, key->e.raw.len); + + /* privateExponentD */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep1.privateExponentD, &key->d.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->d, + key->d.raw.buf, key->d.raw.len); + + /* prime1P */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep2.prime1P, &key->p.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->p, + key->p.raw.buf, key->p.raw.len); + + /* prime2Q */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep2.prime2Q, &key->q.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->q, + key->q.raw.buf, key->q.raw.len); + + /* exponent1Dp */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep2.exponent1Dp, &key->dP.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->dP, + key->dP.raw.buf, key->dP.raw.len); + + /* exponent2Dq */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep2.exponent2Dq, &key->dQ.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->dQ, + key->dQ.raw.buf, key->dQ.raw.len); + + /* coefficientQInv */ + if (ret == 0) + ret = IntelQaFlatBufferToBigInt( + &pPrivateKey->privateKeyRep2.coefficientQInv, &key->u.raw); + if (ret == 0) + ret = mp_read_unsigned_bin(&key->u, + key->u.raw.buf, key->u.raw.len); + + /* mark as private key */ + if (ret == 0) + key->type = RSA_PRIVATE; + } + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaRsaKeyGen(WC_ASYNC_DEV* dev, RsaKey* key, int keyBits, long e, + WC_RNG* rng) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaFlatBuffer prime1P; + CpaFlatBuffer prime2Q; + CpaCyRsaKeyGenOpData* opData = NULL; + CpaCyRsaPrivateKey* privateKey = NULL; + CpaCyRsaPublicKey* publicKey = NULL; + CpaCyRsaKeyGenCbFunc callback = IntelQaRsaKeyGenCallback; + int keySz = keyBits/8; + int primeSz = keySz/2; /* P & Q */ + + if (dev == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaRsaKeyGen: dev %p, keyBits %d\n", dev, keyBits); +#endif + + /* allocate and generate 2 primes (P/Q) */ + XMEMSET(&prime1P, 0, sizeof(prime1P)); + XMEMSET(&prime2Q, 0, sizeof(prime2Q)); + ret = IntelQaAllocFlatBuffer(&prime1P, primeSz, dev->heap); + if (ret == 0) + ret = IntelQaGenPrime(dev, rng, prime1P.pData, prime1P.dataLenInBytes); + if (ret == 0) + ret = IntelQaAllocFlatBuffer(&prime2Q, primeSz, dev->heap); + if (ret == 0) + ret = IntelQaGenPrime(dev, rng, prime2Q.pData, prime2Q.dataLenInBytes); + if (ret != 0) { + IntelQaFreeFlatBuffer(&prime1P, dev->heap); + IntelQaFreeFlatBuffer(&prime2Q, dev->heap); + return ret; + } + + /* setup key generation operation */ + opData = &dev->qat.op.rsa_keygen.opData; + publicKey = &dev->qat.op.rsa_keygen.publicKey; + privateKey = &dev->qat.op.rsa_keygen.privateKey; + + /* init variables */ + XMEMSET(opData, 0, sizeof(CpaCyRsaDecryptOpData)); + XMEMSET(publicKey, 0, sizeof(CpaCyRsaPublicKey)); + XMEMSET(privateKey, 0, sizeof(CpaCyRsaPrivateKey)); + + /* setup private key */ + privateKey->version = CPA_CY_RSA_VERSION_TWO_PRIME; + privateKey->privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; + ret = IntelQaAllocFlatBuffer(&privateKey->privateKeyRep1.modulusN, + keySz, dev->heap); + ret += IntelQaAllocFlatBuffer(&privateKey->privateKeyRep1.privateExponentD, + keySz, dev->heap); + ret += IntelQaAllocFlatBuffer(&privateKey->privateKeyRep2.exponent1Dp, + primeSz, dev->heap); + ret += IntelQaAllocFlatBuffer(&privateKey->privateKeyRep2.exponent2Dq, + primeSz, dev->heap); + ret += IntelQaAllocFlatBuffer(&privateKey->privateKeyRep2.coefficientQInv, + primeSz, dev->heap); + if (ret != 0) { + ret = MEMORY_E; goto exit; + } + + /* setup public key */ + ret = IntelQaAllocFlatBuffer(&publicKey->modulusN, keySz, dev->heap); + ret += IntelQaAllocFlatBuffer(&publicKey->publicExponentE, sizeof(long), + dev->heap); + if (ret != 0) { + ret = MEMORY_E; goto exit; + } + + /* populate exponent */ + publicKey->publicExponentE.pData[3] = (e >> 24) & 0xFF; + publicKey->publicExponentE.pData[2] = (e >> 16) & 0xFF; + publicKey->publicExponentE.pData[1] = (e >> 8) & 0xFF; + publicKey->publicExponentE.pData[0] = e & 0xFF; + publicKey->publicExponentE.dataLenInBytes = + publicKey->publicExponentE.pData[3] ? 4 : + publicKey->publicExponentE.pData[2] ? 3 : + publicKey->publicExponentE.pData[1] ? 2 : + publicKey->publicExponentE.pData[0] ? 1 : 0; + + /* populate primes P and Q */ + privateKey->privateKeyRep2.prime1P = prime1P; + privateKey->privateKeyRep2.prime2Q = prime2Q; + + /* setup operation data */ + opData->version = CPA_CY_RSA_VERSION_TWO_PRIME; + opData->privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; + opData->modulusLenInBytes = keySz; + opData->prime1P = privateKey->privateKeyRep2.prime1P; + opData->prime2Q = privateKey->privateKeyRep2.prime2Q; + opData->publicExponentE = publicKey->publicExponentE; + + /* parameters required for output callback */ + dev->qat.op.rsa_keygen.rsakey = key; + IntelQaOpInit(dev, IntelQaRsaKeyGenFree); + + /* perform RSA key generation */ + do { + status = cpaCyRsaGenKey(dev->qat.handle, + callback, + dev, + opData, + privateKey, + publicKey); + } while (IntelQaHandleCpaStatus(dev, status, &ret, 0, + (void*)callback, &retryCount)); + +exit: + + if (ret != 0) { + printf("cpaCyRsaGenKey failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + IntelQaRsaKeyGenFree(dev); + + return ret; +} +#endif /* WOLFSSL_KEY_GEN */ + +static void IntelQaRsaPrivateFree(WC_ASYNC_DEV* dev) +{ + CpaCyRsaDecryptOpData* opData = &dev->qat.op.rsa_priv.opData; + CpaFlatBuffer *outBuf = &dev->qat.op.rsa_priv.outBuf; + + if (opData) { + if (opData->inputData.pData) { + XFREE(opData->inputData.pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->inputData.pData = NULL; + } + if (opData->pRecipientPrivateKey) { + XMEMSET(opData->pRecipientPrivateKey, 0, + sizeof(CpaCyRsaPrivateKey)); + } + XMEMSET(opData, 0, sizeof(CpaCyRsaDecryptOpData)); + } + if (outBuf) { + if (outBuf->pData) { + XFREE(outBuf->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + outBuf->pData = NULL; + } + XMEMSET(outBuf, 0, sizeof(CpaFlatBuffer)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaRsaPrivateCallback(void *pCallbackTag, + CpaStatus status, void *pOpdata, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyRsaDecryptOpData* opData = (CpaCyRsaDecryptOpData*)pOpdata; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaRsaPrivateCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + + if (dev->qat.outLenPtr) { + if (pOut->dataLenInBytes > *dev->qat.outLenPtr) { + pOut->dataLenInBytes = *dev->qat.outLenPtr; + } + *dev->qat.outLenPtr = pOut->dataLenInBytes; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pOut->pData) { + XMEMCPY(dev->qat.out, pOut->pData, pOut->dataLenInBytes); + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaRsaPrivate(WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + WC_BIGINT* d, WC_BIGINT* n, + byte* out, word32* outLen) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyRsaPrivateKey* privateKey = NULL; + CpaCyRsaDecryptOpData* opData = NULL; + CpaFlatBuffer* outBuf = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaRsaPrivateCallback; + + if (dev == NULL || in == NULL || inLen == 0 || out == NULL || + outLen == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaRsaPrivate: dev %p, in %p (%d), out %p\n", + dev, in, inLen, out); +#endif + + /* setup operation */ + opData = &dev->qat.op.rsa_priv.opData; + outBuf = &dev->qat.op.rsa_priv.outBuf; + privateKey = &dev->qat.op.rsa_priv.privateKey; + + /* init variables */ + XMEMSET(opData, 0, sizeof(CpaCyRsaDecryptOpData)); + XMEMSET(outBuf, 0, sizeof(CpaFlatBuffer)); + XMEMSET(privateKey, 0, sizeof(CpaCyRsaPrivateKey)); + + /* assign buffers */ + ret = IntelQaBigIntToFlatBuffer(d, + &privateKey->privateKeyRep1.privateExponentD); + ret += IntelQaBigIntToFlatBuffer(n, &privateKey->privateKeyRep1.modulusN); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* make sure output length is at least modulus len */ + if (*outLen < n->len) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* make sure outLen is not more than inLen */ + if (*outLen > inLen) { + *outLen = inLen; + } + + opData->inputData.dataLenInBytes = inLen; + opData->inputData.pData = (Cpa8U*)XREALLOC((byte*)in, inLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + outBuf->dataLenInBytes = *outLen; + outBuf->pData = (Cpa8U*)XREALLOC(out, *outLen, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + + /* check allocations */ + if (opData->inputData.pData == NULL || outBuf->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* setup private key */ + privateKey->version = CPA_CY_RSA_VERSION_TWO_PRIME; + privateKey->privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_1; + + /* assign private key to private op data */ + opData->pRecipientPrivateKey = privateKey; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLenPtr = outLen; + IntelQaOpInit(dev, IntelQaRsaPrivateFree); + + /* perform RSA decrypt */ + do { + status = cpaCyRsaDecrypt(dev->qat.handle, + callback, + dev, + opData, + outBuf); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_RSA_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyRsaDecrypt failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaRsaPrivateFree(dev); + + return ret; +} + +int IntelQaRsaCrtPrivate(WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + WC_BIGINT* p, WC_BIGINT* q, + WC_BIGINT* dP, WC_BIGINT* dQ, + WC_BIGINT* qInv, + byte* out, word32* outLen) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyRsaPrivateKey* privateKey = NULL; + CpaCyRsaDecryptOpData* opData = NULL; + CpaFlatBuffer* outBuf = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaRsaPrivateCallback; + + if (dev == NULL || in == NULL || inLen == 0 || out == NULL || + outLen == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaRsaCrtPrivate: dev %p, in %p (%d), out %p\n", + dev, in, inLen, out); +#endif + + /* setup operation */ + opData = &dev->qat.op.rsa_priv.opData; + outBuf = &dev->qat.op.rsa_priv.outBuf; + privateKey = &dev->qat.op.rsa_priv.privateKey; + + /* init variables */ + XMEMSET(opData, 0, sizeof(CpaCyRsaDecryptOpData)); + XMEMSET(outBuf, 0, sizeof(CpaFlatBuffer)); + XMEMSET(privateKey, 0, sizeof(CpaCyRsaPrivateKey)); + + /* assign buffers */ + ret = IntelQaBigIntToFlatBuffer(p, &privateKey->privateKeyRep2.prime1P); + ret += IntelQaBigIntToFlatBuffer(q, &privateKey->privateKeyRep2.prime2Q); + ret += IntelQaBigIntToFlatBuffer(dP, + &privateKey->privateKeyRep2.exponent1Dp); + ret += IntelQaBigIntToFlatBuffer(dQ, + &privateKey->privateKeyRep2.exponent2Dq); + ret += IntelQaBigIntToFlatBuffer(qInv, + &privateKey->privateKeyRep2.coefficientQInv); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* make sure output length is at least p len */ + if (*outLen < p->len) + return BAD_FUNC_ARG; + + /* make sure outLen is not more than inLen */ + if (*outLen > inLen) + *outLen = inLen; + + opData->inputData.dataLenInBytes = inLen; + opData->inputData.pData = (Cpa8U*)XREALLOC((byte*)in, inLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + outBuf->dataLenInBytes = *outLen; + outBuf->pData = (Cpa8U*)XREALLOC(out, *outLen, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + + /* check allocations */ + if (opData->inputData.pData == NULL || outBuf->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* setup private key */ + privateKey->version = CPA_CY_RSA_VERSION_TWO_PRIME; + privateKey->privateKeyRepType = CPA_CY_RSA_PRIVATE_KEY_REP_TYPE_2; + + /* assign private key to private op data */ + opData->pRecipientPrivateKey = privateKey; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLenPtr = outLen; + IntelQaOpInit(dev, IntelQaRsaPrivateFree); + + /* perform RSA CRT decrypt */ + do { + status = cpaCyRsaDecrypt(dev->qat.handle, + callback, + dev, + opData, + outBuf); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_RSA_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyRsaDecrypt CRT failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaRsaPrivateFree(dev); + + return ret; +} + +static void IntelQaRsaPublicFree(WC_ASYNC_DEV* dev) +{ + CpaCyRsaEncryptOpData* opData = &dev->qat.op.rsa_pub.opData; + CpaFlatBuffer* outBuf = &dev->qat.op.rsa_pub.outBuf; + + if (opData) { + if (opData->inputData.pData) { + XFREE(opData->inputData.pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->inputData.pData = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCyRsaEncryptOpData)); + } + if (outBuf) { + if (outBuf->pData) { + XFREE(outBuf->pData, dev, DYNAMIC_TYPE_ASYNC_NUMA64); + outBuf->pData = NULL; + } + XMEMSET(outBuf, 0, sizeof(CpaFlatBuffer)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaRsaPublicCallback(void *pCallbackTag, + CpaStatus status, void *pOpdata, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyRsaEncryptOpData* opData = (CpaCyRsaEncryptOpData*)pOpdata; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaRsaPublicCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + if (dev->qat.outLenPtr) { + if (pOut->dataLenInBytes > *dev->qat.outLenPtr) { + pOut->dataLenInBytes = *dev->qat.outLenPtr; + } + *dev->qat.outLenPtr = pOut->dataLenInBytes; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pOut->pData) { + XMEMCPY(dev->qat.out, pOut->pData, pOut->dataLenInBytes); + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaRsaPublic(WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + WC_BIGINT* e, WC_BIGINT* n, + byte* out, word32* outLen) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyRsaPublicKey* publicKey = NULL; + CpaCyRsaEncryptOpData* opData = NULL; + CpaFlatBuffer* outBuf = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaRsaPublicCallback; + + if (dev == NULL || in == NULL || inLen == 0 || out == NULL || + outLen == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaRsaPublic: dev %p, in %p (%d), out %p\n", + dev, in, inLen, out); +#endif + + /* setup operation */ + opData = &dev->qat.op.rsa_pub.opData; + outBuf = &dev->qat.op.rsa_pub.outBuf; + publicKey = &dev->qat.op.rsa_pub.publicKey; + + /* init variables */ + XMEMSET(opData, 0, sizeof(CpaCyRsaEncryptOpData)); + XMEMSET(outBuf, 0, sizeof(CpaFlatBuffer)); + XMEMSET(publicKey, 0, sizeof(CpaCyRsaPublicKey)); + + /* assign buffers */ + ret = IntelQaBigIntToFlatBuffer(e, &publicKey->publicExponentE); + ret += IntelQaBigIntToFlatBuffer(n, &publicKey->modulusN); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* make sure output length is at least modulus len */ + if (*outLen < n->len) + return BAD_FUNC_ARG; + + /* make sure output len is set to modulus size */ + *outLen = n->len; + + opData->inputData.dataLenInBytes = inLen; + opData->inputData.pData = (Cpa8U*)XREALLOC((byte*)in, inLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + outBuf->dataLenInBytes = *outLen; + outBuf->pData = (Cpa8U*)XREALLOC(out, *outLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA64); + + /* check allocations */ + if (opData->inputData.pData == NULL || outBuf->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* assign public key to public op data */ + opData->pPublicKey = publicKey; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLenPtr = outLen; + IntelQaOpInit(dev, IntelQaRsaPublicFree); + + /* perform RSA encrypt */ + do { + status = cpaCyRsaEncrypt(dev->qat.handle, + callback, + dev, + opData, + outBuf); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_RSA_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyRsaEncrypt failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaRsaPublicFree(dev); + + return ret; +} + +static void IntelQaRsaModExpFree(WC_ASYNC_DEV* dev) +{ + CpaCyLnModExpOpData* opData = &dev->qat.op.rsa_modexp.opData; + CpaFlatBuffer* target = &dev->qat.op.rsa_modexp.target; + + if (opData) { + if (opData->base.pData) { + XFREE(opData->base.pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->base.pData = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCyLnModExpOpData)); + } + if (target) { + if (target->pData) + XFREE(target->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + XMEMSET(target, 0, sizeof(CpaFlatBuffer)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaRsaModExpCallback(void *pCallbackTag, + CpaStatus status, void *pOpdata, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyLnModExpOpData* opData = (CpaCyLnModExpOpData*)pOpdata; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaRsaModExpCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + if (dev->qat.outLenPtr) { + if (pOut->dataLenInBytes > *dev->qat.outLenPtr) { + pOut->dataLenInBytes = *dev->qat.outLenPtr; + } + *dev->qat.outLenPtr = pOut->dataLenInBytes; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pOut->pData) { + XMEMCPY(dev->qat.out, pOut->pData, pOut->dataLenInBytes); + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaRsaExptMod(WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + WC_BIGINT* e, WC_BIGINT* n, + byte* out, word32* outLen) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyLnModExpOpData* opData = NULL; + CpaFlatBuffer* target = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaRsaModExpCallback; + + if (dev == NULL || in == NULL || inLen == 0 || out == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaRsaExptMod: dev %p, in %p (%d), out %p\n", + dev, in, inLen, out); +#endif + + /* setup operation */ + opData = &dev->qat.op.rsa_modexp.opData; + target = &dev->qat.op.rsa_modexp.target; + + /* init variables */ + XMEMSET(opData, 0, sizeof(CpaCyLnModExpOpData)); + XMEMSET(target, 0, sizeof(CpaFlatBuffer)); + + /* assign buffers */ + ret = IntelQaBigIntToFlatBuffer(e, &opData->exponent); + ret += IntelQaBigIntToFlatBuffer(n, &opData->modulus); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + opData->base.dataLenInBytes = inLen; + opData->base.pData = (Cpa8U*)XREALLOC((byte*)in, inLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + target->dataLenInBytes = *outLen; + target->pData = (Cpa8U*)XREALLOC(out, *outLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + /* check allocations */ + if (opData->base.pData == NULL || target->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLenPtr = outLen; + IntelQaOpInit(dev, IntelQaRsaModExpFree); + + /* make modexp call async */ + do { + status = cpaCyLnModExp(dev->qat.handle, + callback, + dev, + opData, + target); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_EXPTMOD_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyLnModExp failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaRsaModExpFree(dev); + + return ret; +} +#endif /* !NO_RSA */ + + +/* -------------------------------------------------------------------------- */ +/* Symmetric Algos */ +/* -------------------------------------------------------------------------- */ + +#if defined(QAT_ENABLE_CRYPTO) || defined(QAT_ENABLE_HASH) + +static int IntelQaSymOpen(WC_ASYNC_DEV* dev, CpaCySymSessionSetupData* setup, + CpaCySymCbFunc callback) +{ + int ret = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + Cpa32U sessionCtxSize = 0; + IntelQaSymCtx* ctx; + + /* arg check */ + if (dev == NULL || setup == NULL) { + return BAD_FUNC_ARG; + } + + ctx = IntelQaGetSymCtx(dev); + + /* Determine size of session context to allocate - use max size */ + status = cpaCySymSessionCtxGetSize(dev->qat.handle, setup, &sessionCtxSize); + + if (status != CPA_STATUS_SUCCESS || (ctx->symCtxSize > 0 && + ctx->symCtxSize > sessionCtxSize)) { + printf("Symmetric context size error %d! Buf %d, Exp %d\n", + status, ctx->symCtxSize, sessionCtxSize); + return ASYNC_OP_E; + } + + /* make sure session context is allocated */ + if (ctx->symCtx == NULL) { + /* Allocate session context */ + ctx->symCtx = XMALLOC(sessionCtxSize, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA64); + if (ctx->symCtx == NULL) { + return MEMORY_E; + } + } + ctx->symCtxSize = sessionCtxSize; + + if (!ctx->isOpen) { + ctx->isOpen = 1; + + #ifdef QAT_DEBUG + printf("IntelQaSymOpen: InitSession dev %p, symCtx %p\n", + dev, ctx->symCtx); + #endif + + /* open symmetric session */ + status = cpaCySymInitSession(dev->qat.handle, callback, setup, + ctx->symCtx); + if (status != CPA_STATUS_SUCCESS) { + printf("cpaCySymInitSession failed! dev %p, status %d\n", + dev, status); + XFREE(ctx->symCtx, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA64); + ctx->symCtx = NULL; + return ASYNC_INIT_E; + } + } + + if (ctx->symCtxSrc == NULL) { + ctx->symCtxSrc = ctx->symCtx; + } + +#ifdef QAT_DEBUG + printf("IntelQaSymOpen: dev %p, symCtx %p (src %p), symCtxSize %d, " + "isCopy %d, isOpen %d\n", + dev, ctx->symCtx, ctx->symCtxSrc, ctx->symCtxSize, ctx->isCopy, + ctx->isOpen); +#endif + + return ret; +} + +static int IntelQaSymClose(WC_ASYNC_DEV* dev, int doFree) +{ + int ret = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + IntelQaSymCtx* ctx; +#ifdef QAT_ENABLE_HASH + int isHash; +#endif + + if (dev == NULL) { + return BAD_FUNC_ARG; + } + + ctx = IntelQaGetSymCtx(dev); + +#ifdef QAT_ENABLE_HASH + isHash = IntelQaDevIsHash(dev); +#endif + +#ifdef QAT_DEBUG + printf("IntelQaSymClose: dev %p, ctx %p, symCtx %p (src %p), " + "symCtxSize %d, isCopy %d, isOpen %d, doFree %d\n", + dev, ctx, ctx->symCtx, ctx->symCtxSrc, ctx->symCtxSize, ctx->isCopy, + ctx->isOpen, doFree); +#endif + + if (ctx->symCtx == ctx->symCtxSrc && ctx->symCtx != NULL) { + if (ctx->isOpen) { + ctx->isOpen = 0; + #ifdef QAT_DEBUG + printf("IntelQaSymClose: RemoveSession dev %p, symCtx %p\n", + dev, ctx->symCtx); + #endif + status = cpaCySymRemoveSession(dev->qat.handle, ctx->symCtx); + if (status == CPA_STATUS_RETRY) { + printf("cpaCySymRemoveSession retry!\n"); + /* treat this as error, since session should not be active */ + ret = ASYNC_OP_E; + } + else if (status != CPA_STATUS_SUCCESS) { + printf("cpaCySymRemoveSession failed! status %d\n", status); + ret = ASYNC_OP_E; + } + } + } + + if (doFree) { + XFREE(ctx->symCtx, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA64); + ctx->symCtx = NULL; + ctx->symCtxSrc = NULL; + ctx->symCtxSize = 0; + } + +#ifdef QAT_ENABLE_HASH + /* make sure hash temp buffer is cleared */ + + if (isHash) { + if (dev->qat.op.hash.tmpIn) { + XFREE(dev->qat.op.hash.tmpIn, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + } +#endif + + return ret; +} + +#endif /* QAT_ENABLE_CRYPTO || QAT_ENABLE_HASH */ + + +/* -------------------------------------------------------------------------- */ +/* AES/DES Algo */ +/* -------------------------------------------------------------------------- */ + +#ifdef QAT_ENABLE_CRYPTO +static void IntelQaSymCipherFree(WC_ASYNC_DEV* dev) +{ + IntelQaSymCtx* ctx = &dev->qat.op.cipher.ctx; + CpaCySymOpData* opData = &ctx->opData; + CpaBufferList* pDstBuffer = &dev->qat.op.cipher.bufferList; + + if (opData) { + if (opData->pAdditionalAuthData) { + XFREE(opData->pAdditionalAuthData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + opData->pAdditionalAuthData = NULL; + } + if (opData->pIv) { + XFREE(opData->pIv, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->pIv = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCySymOpData)); + } + if (pDstBuffer) { + if (pDstBuffer->pBuffers) { + if (pDstBuffer->pBuffers->pData) { + XFREE(pDstBuffer->pBuffers->pData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + pDstBuffer->pBuffers->pData = NULL; + } + XMEMSET(pDstBuffer->pBuffers, 0, sizeof(CpaFlatBuffer)); + } + if (pDstBuffer->pPrivateMetaData) { + XFREE(pDstBuffer->pPrivateMetaData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + pDstBuffer->pPrivateMetaData = NULL; + } + XMEMSET(pDstBuffer, 0, sizeof(CpaBufferList)); + } + + /* close and free sym context */ + IntelQaSymClose(dev, 1); + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLen = 0; +#ifndef NO_AES + dev->qat.op.cipher.authTag = NULL; + dev->qat.op.cipher.authTagSz = 0; +#endif +} + +static void IntelQaSymCipherCallback(void *pCallbackTag, CpaStatus status, + const CpaCySymOp operationType, void *pOpData, CpaBufferList *pDstBuffer, + CpaBoolean verifyResult) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCySymOpData* opData = (CpaCySymOpData*)pOpData; + int ret = ASYNC_OP_E; + + (void)opData; + (void)verifyResult; + (void)pDstBuffer; + (void)operationType; + +#ifdef QAT_DEBUG + printf("IntelQaSymCipherCallback: dev %p, type %d, status %d, " + "verifyResult %d, num %d\n", + dev, operationType, status, verifyResult, pDstBuffer->numBuffers); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + if (pDstBuffer && pDstBuffer->numBuffers >= 1) { + /* check length */ + word32 outLen = pDstBuffer->pBuffers->dataLenInBytes; + + if (outLen > dev->qat.outLen) { + outLen = dev->qat.outLen; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pDstBuffer->pBuffers->pData) { + XMEMCPY(dev->qat.out, pDstBuffer->pBuffers->pData, outLen); + } + + /* capture IV for next call */ + if (dev->qat.op.cipher.iv && dev->qat.op.cipher.ivSz > 0) { + word32 ivSz = dev->qat.op.cipher.ivSz; + if (ivSz > outLen) + ivSz = outLen; + /* copy last block */ + XMEMCPY(dev->qat.op.cipher.iv, + &pDstBuffer->pBuffers->pData[outLen - ivSz], + ivSz); + } + + #ifndef NO_AES + /* return authTag */ + if (dev->qat.op.cipher.authTag && + dev->qat.op.cipher.authTagSz > 0) { + word32 authTagLen = dev->qat.op.cipher.authTagSz; + + /* check authtag length */ + if (authTagLen + outLen > pDstBuffer->pBuffers->dataLenInBytes) + authTagLen = pDstBuffer->pBuffers->dataLenInBytes - outLen; + + XMEMCPY(dev->qat.op.cipher.authTag, + pDstBuffer->pBuffers->pData + outLen, authTagLen); + } + #endif + + /* return length */ + dev->qat.outLen = outLen; + + /* mark event result */ + ret = 0; /* success */ + } + } + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +static int IntelQaSymCipher(WC_ASYNC_DEV* dev, byte* out, const byte* in, + word32 inOutSz, const byte* key, word32 keySz, byte* iv, word32 ivSz, + CpaCySymOp symOperation, CpaCySymCipherAlgorithm cipherAlgorithm, + CpaCySymCipherDirection cipherDirection, + + /* for auth ciphers (CCM or GCM) */ + CpaCySymHashAlgorithm hashAlgorithm, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCySymOpData* opData = NULL; + CpaCySymSessionSetupData setup; + const Cpa32U numBuffers = 1; + CpaBufferList* bufferList = NULL; + CpaFlatBuffer* flatBuffer = NULL; + CpaCySymCbFunc callback = IntelQaSymCipherCallback; + Cpa8U* ivBuf = NULL; + Cpa8U* dataBuf = NULL; + Cpa32U dataLen = inOutSz; + Cpa8U* metaBuf = NULL; + Cpa32U metaSize = 0; + Cpa8U* authInBuf = NULL; + Cpa32U authInSzAligned = authInSz; + IntelQaSymCtx* ctx; + +#ifdef QAT_DEBUG + printf("IntelQaSymCipher: dev %p, out %p, in %p, inOutSz %d, op %d, " + "algo %d, dir %d, hash %d\n", + dev, out, in, inOutSz, symOperation, cipherAlgorithm, cipherDirection, + hashAlgorithm); +#endif + + /* check args */ + if (out == NULL || in == NULL || inOutSz == 0 || + key == NULL || keySz == 0 || iv == NULL || ivSz == 0) { + return BAD_FUNC_ARG; + } + if (hashAlgorithm != CPA_CY_SYM_HASH_NONE && + (authTag == NULL || authTagSz == 0)) { + return BAD_FUNC_ARG; + } + + /* get meta size */ + status = cpaCyBufferListGetMetaSize(dev->qat.handle, numBuffers, &metaSize); + if (status != CPA_STATUS_SUCCESS && metaSize <= 0) { + ret = BUFFER_E; goto exit; + } + + /* if authtag provided then it will be appended to end of input */ + if (authTag && authTagSz > 0) { + dataLen += authTagSz; + } + + /* allocate buffers */ + ctx = &dev->qat.op.cipher.ctx; + opData = &ctx->opData; + bufferList = &dev->qat.op.cipher.bufferList; + flatBuffer = &dev->qat.op.cipher.flatBuffer; + metaBuf = (Cpa8U*)XMALLOC(metaSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + dataBuf = (Cpa8U*)XREALLOC((byte*)in, dataLen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + ivBuf = (Cpa8U*)XREALLOC((byte*)iv, AES_BLOCK_SIZE, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + /* check allocations */ + if (ivBuf == NULL || metaBuf == NULL || dataBuf == NULL) { + ret = MEMORY_E; goto exit; + } + + /* AAD */ + if (authIn && authInSz > 0) { + /* make sure AAD is block aligned */ + if (authInSzAligned % AES_BLOCK_SIZE) { + authInSzAligned += AES_BLOCK_SIZE - + (authInSzAligned % AES_BLOCK_SIZE); + } + + authInBuf = (Cpa8U*)XREALLOC((byte*)authIn, authInSzAligned, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (authInBuf == NULL) { + ret = MEMORY_E; goto exit; + } + /* clear remainder */ + XMEMSET(authInBuf + authInSz, 0, authInSzAligned - authInSz); + } + + /* init buffers */ + XMEMSET(&setup, 0, sizeof(CpaCySymSessionSetupData)); + XMEMSET(opData, 0, sizeof(CpaCySymOpData)); + XMEMSET(bufferList, 0, sizeof(CpaBufferList)); + XMEMSET(flatBuffer, 0, sizeof(CpaFlatBuffer)); + XMEMSET(metaBuf, 0, metaSize); + + bufferList->pBuffers = flatBuffer; + bufferList->numBuffers = numBuffers; + bufferList->pPrivateMetaData = metaBuf; + flatBuffer->dataLenInBytes = dataLen; + flatBuffer->pData = dataBuf; + + /* setup */ + setup.sessionPriority = CPA_CY_PRIORITY_NORMAL; + setup.symOperation = symOperation; + setup.cipherSetupData.cipherAlgorithm = cipherAlgorithm; + setup.cipherSetupData.cipherKeyLenInBytes = keySz; + setup.cipherSetupData.pCipherKey = (byte*)key; + setup.cipherSetupData.cipherDirection = cipherDirection; + + /* setup auth ciphers */ + if (hashAlgorithm != CPA_CY_SYM_HASH_NONE) { + setup.algChainOrder = + (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) ? + CPA_CY_SYM_ALG_CHAIN_ORDER_CIPHER_THEN_HASH : + CPA_CY_SYM_ALG_CHAIN_ORDER_HASH_THEN_CIPHER; + + setup.hashSetupData.hashAlgorithm = hashAlgorithm; + setup.hashSetupData.hashMode = CPA_CY_SYM_HASH_MODE_AUTH; + setup.hashSetupData.digestResultLenInBytes = authTagSz; + setup.hashSetupData.authModeSetupData.aadLenInBytes = authInSz; + + setup.digestIsAppended = CPA_TRUE; + } + + /* open session */ + ret = IntelQaSymOpen(dev, &setup, callback); + if (ret != 0) { + goto exit; + } + + /* operation data */ + opData->sessionCtx = ctx->symCtx; + opData->packetType = CPA_CY_SYM_PACKET_TYPE_FULL; + opData->pIv = ivBuf; + opData->ivLenInBytes = ivSz; + opData->cryptoStartSrcOffsetInBytes = 0; + opData->messageLenToCipherInBytes = inOutSz; + if (authIn && authInSz > 0) { + opData->pAdditionalAuthData = authInBuf; + } + if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT) { + if (authTag && authTagSz > 0) { + /* append digest to end of data buffer */ + XMEMCPY(flatBuffer->pData + inOutSz, authTag, authTagSz); + } + } + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLen = inOutSz; + /* optional return of next IV */ + if (cipherAlgorithm != CPA_CY_SYM_CIPHER_AES_GCM && iv) { + if (ivSz > inOutSz) + ivSz = inOutSz; + if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) { + /* capture this on the callback */ + dev->qat.op.cipher.iv = iv; + dev->qat.op.cipher.ivSz = ivSz; + } + else { + /* capture last block of input as next IV */ + XMEMCPY(iv, &in[inOutSz - ivSz], ivSz); + } + } + if (cipherDirection == CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT) { + dev->qat.op.cipher.authTag = authTag; + dev->qat.op.cipher.authTagSz = authTagSz; + } + else { + dev->qat.op.cipher.authTag = NULL; + dev->qat.op.cipher.authTagSz = 0; + } + IntelQaOpInit(dev, IntelQaSymCipherFree); + + /* perform symmetric AES operation async */ + /* use same buffer list for in-place operation */ + do { + status = cpaCySymPerformOp(dev->qat.handle, + dev, + opData, + bufferList, + bufferList, + NULL); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_CIPHER_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCySymPerformOp Cipher failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaSymCipherFree(dev); + + return ret; +} + +#ifdef HAVE_AES_CBC +int IntelQaSymAesCbcEncrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, iv, ivSz, + CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_AES_CBC, + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT, + CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0); +} + +#ifdef HAVE_AES_DECRYPT +int IntelQaSymAesCbcDecrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, iv, ivSz, + CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_AES_CBC, + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT, + CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0); +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ + + +#ifdef HAVE_AESGCM +int IntelQaSymAesGcmEncrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, (byte*)iv, ivSz, + CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM, + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT, + CPA_CY_SYM_HASH_AES_GCM, authTag, authTagSz, authIn, authInSz); +} +#ifdef HAVE_AES_DECRYPT +int IntelQaSymAesGcmDecrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, (byte*)iv, ivSz, + CPA_CY_SYM_OP_ALGORITHM_CHAINING, CPA_CY_SYM_CIPHER_AES_GCM, + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT, + CPA_CY_SYM_HASH_AES_GCM, (byte*)authTag, authTagSz, authIn, authInSz); +} +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AESGCM */ + +#ifndef NO_DES3 +int IntelQaSymDes3CbcEncrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, iv, ivSz, + CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_3DES_CBC, + CPA_CY_SYM_CIPHER_DIRECTION_ENCRYPT, + CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0); +} + +int IntelQaSymDes3CbcDecrypt(WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz) +{ + return IntelQaSymCipher(dev, out, in, sz, + key, keySz, iv, ivSz, + CPA_CY_SYM_OP_CIPHER, CPA_CY_SYM_CIPHER_3DES_CBC, + CPA_CY_SYM_CIPHER_DIRECTION_DECRYPT, + CPA_CY_SYM_HASH_NONE, NULL, 0, NULL, 0); +} +#endif /* !NO_DES3 */ + +#endif /* QAT_ENABLE_CRYPTO */ + + +/* -------------------------------------------------------------------------- */ +/* Hashing Algo */ +/* -------------------------------------------------------------------------- */ + +#ifdef QAT_ENABLE_HASH +static int IntelQaSymHashGetInfo(CpaCySymHashAlgorithm hashAlgorithm, + Cpa32U* pBlockSize, Cpa32U* pDigestSize) +{ + Cpa32U blockSize = 0; + Cpa32U digestSize = 0; + + switch(hashAlgorithm) { + case CPA_CY_SYM_HASH_MD5: + #ifndef NO_MD5 + blockSize = WC_MD5_BLOCK_SIZE; + digestSize = WC_MD5_DIGEST_SIZE; + #endif + break; + case CPA_CY_SYM_HASH_SHA1: + #ifndef NO_SHA + blockSize = WC_SHA_BLOCK_SIZE; + digestSize = WC_SHA_DIGEST_SIZE; + #endif + break; + case CPA_CY_SYM_HASH_SHA224: + #ifdef WOLFSSL_SHA224 + blockSize = WC_SHA224_BLOCK_SIZE; + digestSize = WC_SHA224_DIGEST_SIZE; + #endif + break; + case CPA_CY_SYM_HASH_SHA256: + #ifndef NO_SHA256 + blockSize = WC_SHA256_BLOCK_SIZE; + digestSize = WC_SHA256_DIGEST_SIZE; + #endif + break; + case CPA_CY_SYM_HASH_SHA384: + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_SHA384) + blockSize = WC_SHA384_BLOCK_SIZE; + digestSize = WC_SHA384_DIGEST_SIZE; + #endif + break; + case CPA_CY_SYM_HASH_SHA512: + #ifdef WOLFSSL_SHA512 + blockSize = WC_SHA512_BLOCK_SIZE; + digestSize = WC_SHA512_DIGEST_SIZE; + #endif + break; + #ifdef QAT_V2 + case CPA_CY_SYM_HASH_SHA3_256: + #ifdef WOLFSSL_SHA3 + blockSize = WC_SHA3_256_BLOCK_SIZE; + digestSize = WC_SHA3_256_DIGEST_SIZE; + #endif + break; + #endif + + /* not supported */ + case CPA_CY_SYM_HASH_NONE: + case CPA_CY_SYM_HASH_AES_XCBC: + case CPA_CY_SYM_HASH_AES_CCM: + case CPA_CY_SYM_HASH_AES_GCM: + case CPA_CY_SYM_HASH_KASUMI_F9: + case CPA_CY_SYM_HASH_SNOW3G_UIA2: + case CPA_CY_SYM_HASH_AES_CMAC: + case CPA_CY_SYM_HASH_AES_GMAC: + case CPA_CY_SYM_HASH_AES_CBC_MAC: + #ifdef QAT_V2 + case CPA_CY_SYM_HASH_ZUC_EIA3: + #ifdef QAT_V2_4_PLUS + case CPA_CY_SYM_HASH_SHA3_224: + case CPA_CY_SYM_HASH_SHA3_384: + case CPA_CY_SYM_HASH_SHA3_512: + case CPA_CY_SYM_HASH_SHAKE_128: + case CPA_CY_SYM_HASH_SHAKE_256: + case CPA_CY_SYM_HASH_POLY: + case CPA_CY_SYM_HASH_SM3: + #endif /* QAT_V2_4_PLUS */ + #endif /* QAT_V2 */ + default: + return -1; + } + + if (pBlockSize) + *pBlockSize = blockSize; + if (pDigestSize) + *pDigestSize = digestSize; + + return 0; +} + +static void IntelQaSymHashFree(WC_ASYNC_DEV* dev) +{ + IntelQaSymCtx* ctx = &dev->qat.op.hash.ctx; + CpaCySymOpData* opData = &ctx->opData; + CpaBufferList* pDstBuffer = dev->qat.op.hash.srcList; + int idx; + + if (opData) { + if (opData->pDigestResult) { + XFREE(opData->pDigestResult, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->pDigestResult = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCySymOpData)); + } + + if (pDstBuffer) { + idx = pDstBuffer->numBuffers; + while (--idx >= 0) { + if (pDstBuffer->pBuffers[idx].pData) { + XFREE(pDstBuffer->pBuffers[idx].pData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + pDstBuffer->pBuffers[idx].pData = NULL; + } + } + + XFREE(pDstBuffer, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + + /* if final */ + if (dev->qat.out) { + int doFree = 0; + + /* free any tmp input */ + if (dev->qat.op.hash.tmpIn) { + XFREE(dev->qat.op.hash.tmpIn, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + dev->qat.op.hash.tmpIn = NULL; + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpInBufSz = 0; + + if (ctx->isCopy || ctx->symCtx != ctx->symCtxSrc) { + doFree = 1; + } + + #ifdef QAT_DEBUG + printf("IntelQaSymHashFree: dev %p, doFree %d\n", dev, doFree); + #endif + + /* close session */ + IntelQaSymClose(dev, doFree); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLen = 0; +} + +static void IntelQaSymHashCallback(void *pCallbackTag, CpaStatus status, + const CpaCySymOp operationType, void *pOpData, CpaBufferList *pDstBuffer, + CpaBoolean verifyResult) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCySymOpData* opData = (CpaCySymOpData*)pOpData; + int ret = ASYNC_OP_E; + + (void)opData; + (void)verifyResult; + (void)pDstBuffer; + (void)operationType; + +#ifdef QAT_DEBUG + printf("IntelQaSymHashCallback: dev %p, type %d, status %d, " + "verifyResult %d, num %d\n", + dev, operationType, status, verifyResult, pDstBuffer->numBuffers); +#endif + + if (status == CPA_STATUS_SUCCESS) { + if (dev->qat.out) { + /* is final */ + + /* return digest */ + if (dev->qat.outLen > 0 && dev->qat.out != opData->pDigestResult) { + XMEMCPY(dev->qat.out, opData->pDigestResult, dev->qat.outLen); + } + } + + /* mark event result */ + ret = 0; /* success */ + } + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +/* For hash update call with out == NULL */ +/* For hash final call with out != NULL */ +/* All input is cached in memory or only sent to hardware on final */ +#ifndef QAT_HASH_ALLOC_BLOCK_SZ + #define QAT_HASH_ALLOC_BLOCK_SZ 1024 +#endif +static int IntelQaSymHashCache(WC_ASYNC_DEV* dev, byte* out, const byte* in, + word32 inOutSz, CpaCySymHashMode hashMode, + CpaCySymHashAlgorithm hashAlgorithm, + + /* For HMAC auth mode only */ + Cpa8U* authKey, Cpa32U authKeyLenInBytes) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCySymOpData* opData = NULL; + CpaCySymCbFunc callback = IntelQaSymHashCallback; + CpaBufferList* srcList = NULL; + Cpa32U bufferListSize = 0; + Cpa8U* digestBuf = NULL; + Cpa32U metaSize = 0; + Cpa32U totalMsgSz = 0; + Cpa32U blockSize; + Cpa32U digestSize; + CpaCySymPacketType packetType; + IntelQaSymCtx* ctx; + CpaCySymSessionSetupData setup; + const int bufferCount = 1; + + ret = IntelQaSymHashGetInfo(hashAlgorithm, &blockSize, &digestSize); + if (ret != 0) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaSymHashCache: dev %p, out %p, in %p, inOutSz %d, mode %d" + ", algo %d, digSz %d, blkSz %d\n", + dev, out, in, inOutSz, hashMode, hashAlgorithm, digestSize, blockSize); +#endif + + ctx = &dev->qat.op.hash.ctx; + + /* handle input processing */ + if (in) { + if (dev->qat.op.hash.tmpIn == NULL) { + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpInBufSz = + (inOutSz + QAT_HASH_ALLOC_BLOCK_SZ - 1) + & ~(QAT_HASH_ALLOC_BLOCK_SZ - 1); + if (dev->qat.op.hash.tmpInBufSz == 0) + dev->qat.op.hash.tmpInBufSz = QAT_HASH_ALLOC_BLOCK_SZ; + dev->qat.op.hash.tmpIn = (byte*)XMALLOC(dev->qat.op.hash.tmpInBufSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (dev->qat.op.hash.tmpIn == NULL) { + ret = MEMORY_E; goto exit; + } + } + /* determine if we need to grow buffer */ + else if ((dev->qat.op.hash.tmpInSz + inOutSz) > + dev->qat.op.hash.tmpInBufSz) { + byte* oldIn = dev->qat.op.hash.tmpIn; + dev->qat.op.hash.tmpInBufSz = (dev->qat.op.hash.tmpInSz + inOutSz + + QAT_HASH_ALLOC_BLOCK_SZ - 1) & ~(QAT_HASH_ALLOC_BLOCK_SZ - 1); + + dev->qat.op.hash.tmpIn = (byte*)XMALLOC( + dev->qat.op.hash.tmpInBufSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (dev->qat.op.hash.tmpIn == NULL) { + ret = MEMORY_E; goto exit; + } + XMEMCPY(dev->qat.op.hash.tmpIn, oldIn, dev->qat.op.hash.tmpInSz); + XFREE(oldIn, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + + /* copy input to new buffer */ + XMEMCPY(&dev->qat.op.hash.tmpIn[dev->qat.op.hash.tmpInSz], in, inOutSz); + dev->qat.op.hash.tmpInSz += inOutSz; + + ret = 0; /* success */ + goto exit; + } + else if (out != NULL && dev->qat.op.hash.tmpIn == NULL) { + /* QAT requires an input buffer even for an empty hash */ + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpInBufSz = 16; /* use minimum alignment (16 bytes) */ + dev->qat.op.hash.tmpIn = (byte*)XMALLOC(dev->qat.op.hash.tmpInBufSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (dev->qat.op.hash.tmpIn == NULL) { + ret = MEMORY_E; goto exit; + } + } + + /* handle output processing */ + packetType = CPA_CY_SYM_PACKET_TYPE_FULL; + + /* get meta size */ + status = cpaCyBufferListGetMetaSize(dev->qat.handle, bufferCount, + &metaSize); + if (status != CPA_STATUS_SUCCESS && metaSize <= 0) { + ret = BUFFER_E; goto exit; + } + + /* allocate buffer list */ + bufferListSize = sizeof(CpaBufferList) + + (bufferCount * sizeof(CpaFlatBuffer)) + metaSize; + srcList = (CpaBufferList*)XMALLOC(bufferListSize, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (srcList == NULL) { + ret = MEMORY_E; goto exit; + } + dev->qat.op.hash.srcList = srcList; + XMEMSET(srcList, 0, bufferListSize); + srcList->pBuffers = (CpaFlatBuffer*)( + (byte*)srcList + sizeof(CpaBufferList)); + srcList->pPrivateMetaData = (byte*)srcList + sizeof(CpaBufferList) + + (bufferCount * sizeof(CpaFlatBuffer)); + + srcList->numBuffers = bufferCount; + srcList->pBuffers[0].dataLenInBytes = dev->qat.op.hash.tmpInSz; + srcList->pBuffers[0].pData = dev->qat.op.hash.tmpIn; + totalMsgSz = dev->qat.op.hash.tmpInSz; + + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpInBufSz = 0; + dev->qat.op.hash.tmpIn = NULL; + + /* build output */ + if (out) { + /* use blockSize for alloc, but we are only returning digestSize */ + digestBuf = (Cpa8U*)XMALLOC(blockSize, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (digestBuf == NULL) { + ret = MEMORY_E; goto exit; + } + } + + /* setup */ + XMEMSET(&setup, 0, sizeof(CpaCySymSessionSetupData)); + setup.sessionPriority = CPA_CY_PRIORITY_NORMAL; + setup.symOperation = CPA_CY_SYM_OP_HASH; + setup.partialsNotRequired = CPA_TRUE; + setup.hashSetupData.hashMode = hashMode; + setup.hashSetupData.hashAlgorithm = hashAlgorithm; + setup.hashSetupData.digestResultLenInBytes = digestSize; + setup.hashSetupData.authModeSetupData.authKey = authKey; + setup.hashSetupData.authModeSetupData.authKeyLenInBytes = authKeyLenInBytes; + + /* open session */ + ret = IntelQaSymOpen(dev, &setup, callback); + if (ret != 0) { + goto exit; + } + + /* operation data */ + opData = &ctx->opData; + XMEMSET(opData, 0, sizeof(CpaCySymOpData)); + opData->sessionCtx = ctx->symCtx; + opData->packetType = packetType; + opData->messageLenToHashInBytes = totalMsgSz; + opData->pDigestResult = digestBuf; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLen = inOutSz; + IntelQaOpInit(dev, IntelQaSymHashFree); + + /* perform symmetric hash operation async */ + /* use same buffer list for in-place operation */ + do { + status = cpaCySymPerformOp(dev->qat.handle, + dev, + opData, + srcList, + srcList, + NULL); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_HASH_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCySymPerformOp Hash failed! dev %p, status %d, ret %d\n", + dev, status, ret); + + /* handle cleanup */ + IntelQaSymHashFree(dev); + } + + return ret; +} + +#ifdef QAT_HASH_ENABLE_PARTIAL + +/* For hash update call with out == NULL */ +/* For hash final call with out != NULL */ +static int IntelQaSymHashPartial(WC_ASYNC_DEV* dev, byte* out, const byte* in, + word32 inOutSz, CpaCySymHashMode hashMode, + CpaCySymHashAlgorithm hashAlgorithm, + + /* For HMAC auth mode only */ + Cpa8U* authKey, Cpa32U authKeyLenInBytes) +{ + int ret, retryCount = 0, i; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCySymOpData* opData = NULL; + CpaCySymCbFunc callback = IntelQaSymHashCallback; + CpaBufferList* srcList = NULL; + Cpa32U bufferListSize = 0; + Cpa8U* digestBuf = NULL; + Cpa32U metaSize = 0; + Cpa32U totalMsgSz = 0; + Cpa32U blockSize; + Cpa32U digestSize; + CpaCySymPacketType packetType; + IntelQaSymCtx* ctx; + CpaCySymSessionSetupData setup; + + int* bufferCount; + byte** buffers; + word32* buffersSz; + + ret = IntelQaSymHashGetInfo(hashAlgorithm, &blockSize, &digestSize); + if (ret != 0) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaSymHashPartial: dev %p, out %p, in %p, inOutSz %d, mode %d, " + "algo %d, digSz %d, blkSz %d\n", + dev, out, in, inOutSz, hashMode, hashAlgorithm, digestSize, blockSize); +#endif + + ctx = &dev->qat.op.hash.ctx; + + bufferCount = &dev->qat.op.hash.bufferCount; + buffers = dev->qat.op.hash.buffers; + buffersSz = dev->qat.op.hash.buffersSz; + + /* handle input processing */ + if (in) { + /* if tmp has data or input is not block aligned */ + if (dev->qat.op.hash.tmpInSz > 0 || inOutSz == 0 || + (inOutSz % blockSize) != 0) { + /* need to handle unaligned hashing, using local tmp */ + + /* make sure we have tmpIn allocated */ + if (dev->qat.op.hash.tmpIn == NULL) { + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpIn = XMALLOC(blockSize, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (dev->qat.op.hash.tmpIn == NULL) { + ret = MEMORY_E; goto exit; + } + dev->qat.op.hash.tmpInBufSz = blockSize; + } + + /* setup processing for block aligned part of input or use tmpIn */ + if (dev->qat.op.hash.tmpInSz > 0) { + word32 remainSz = blockSize - dev->qat.op.hash.tmpInSz; + + /* attempt to fill tmpIn and process block */ + if (inOutSz < remainSz) { + /* not enough to fill buffer */ + XMEMCPY(&dev->qat.op.hash.tmpIn[dev->qat.op.hash.tmpInSz], + in, inOutSz); + dev->qat.op.hash.tmpInSz += inOutSz; + } + else { + /* fill tmp buffer and add */ + XMEMCPY(&dev->qat.op.hash.tmpIn[dev->qat.op.hash.tmpInSz], + in, remainSz); + dev->qat.op.hash.tmpInSz += remainSz; + buffers[*bufferCount] = dev->qat.op.hash.tmpIn; + buffersSz[*bufferCount] = dev->qat.op.hash.tmpInSz; + (*bufferCount)++; + inOutSz -= remainSz; + in += remainSz; + dev->qat.op.hash.tmpIn = NULL; + dev->qat.op.hash.tmpInSz = 0; + + /* use remainder of block aligned */ + if (inOutSz >= blockSize) { + word32 unalignedSz = (inOutSz % blockSize); + word32 inSz = inOutSz - unalignedSz; + + buffersSz[*bufferCount] = inSz; + buffers[*bufferCount] = (byte*)XMALLOC(inSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (buffers[*bufferCount] == NULL) { + ret = MEMORY_E; goto exit; + } + XMEMCPY(buffers[*bufferCount], (byte*)in, inSz); + + (*bufferCount)++; + inOutSz -= inSz; + in += inSz; + } + + /* save remainder to tmpIn */ + if (inOutSz > 0) { + dev->qat.op.hash.tmpInSz = 0; + dev->qat.op.hash.tmpIn = XMALLOC(blockSize, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (dev->qat.op.hash.tmpIn == NULL) { + ret = MEMORY_E; goto exit; + } + dev->qat.op.hash.tmpInBufSz = blockSize; + + XMEMCPY(dev->qat.op.hash.tmpIn, in, inOutSz); + dev->qat.op.hash.tmpInSz = inOutSz; + } + } + } + else { + /* if not enough to fit into blockSize store into tmpIn */ + if (inOutSz < blockSize) { + dev->qat.op.hash.tmpInSz = inOutSz; + XMEMCPY(dev->qat.op.hash.tmpIn, in, inOutSz); + } + else { + word32 unalignedSz = (inOutSz % blockSize); + word32 inSz = inOutSz - unalignedSz; + + buffersSz[*bufferCount] = inSz; + buffers[*bufferCount] = (byte*)XREALLOC((byte*)in, + inSz, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (buffers[*bufferCount] == NULL) { + ret = MEMORY_E; goto exit; + } + (*bufferCount)++; + + /* store remainder */ + dev->qat.op.hash.tmpInSz = unalignedSz; + XMEMCPY(dev->qat.op.hash.tmpIn, &in[inSz], unalignedSz); + } + } + + } + else { + /* use input directly */ + buffersSz[*bufferCount] = inOutSz; + buffers[*bufferCount] = (byte*)XREALLOC((byte*)in, + buffersSz[*bufferCount], dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (buffers[*bufferCount] == NULL) { + ret = MEMORY_E; goto exit; + } + (*bufferCount)++; + } + } + + /* determine if early exit is okay */ + if (out == NULL) { + /* if not final and no in buffers then exit with success */ + if (*bufferCount == 0) { + ret = 0; /* return success */ + goto exit; + } + + /* for auth must pass in buffer, so leave one in buffer cache */ + else if (hashMode == CPA_CY_SYM_HASH_MODE_AUTH && *bufferCount <= 1) { + ret = 0; /* return success */ + goto exit; + } + } + + /* determine packet type and add any remainder to input processing */ + packetType = CPA_CY_SYM_PACKET_TYPE_PARTIAL; + if (out) { + /* if remainder then add it */ + if (dev->qat.op.hash.tmpIn) { + /* add buffer and use final hash type */ + buffers[*bufferCount] = dev->qat.op.hash.tmpIn; + buffersSz[*bufferCount] = dev->qat.op.hash.tmpInSz; + (*bufferCount)++; + dev->qat.op.hash.tmpIn = NULL; + dev->qat.op.hash.tmpInSz = 0; + } + + /* determine if this is full or partial */ + if (ctx->symCtxSrc == NULL || (!ctx->isOpen && !ctx->isCopy)) { + packetType = CPA_CY_SYM_PACKET_TYPE_FULL; + } + else { + packetType = CPA_CY_SYM_PACKET_TYPE_LAST_PARTIAL; + } + } + + /* get meta size */ + status = cpaCyBufferListGetMetaSize(dev->qat.handle, *bufferCount, + &metaSize); + if (status != CPA_STATUS_SUCCESS && metaSize <= 0) { + ret = BUFFER_E; goto exit; + } + + /* allocate buffer list */ + bufferListSize = sizeof(CpaBufferList) + + (*bufferCount * sizeof(CpaFlatBuffer)) + metaSize; + srcList = XMALLOC(bufferListSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (srcList == NULL) { + ret = MEMORY_E; goto exit; + } + dev->qat.op.hash.srcList = srcList; + XMEMSET(srcList, 0, bufferListSize); + srcList->pBuffers = (CpaFlatBuffer*)( + (byte*)srcList + sizeof(CpaBufferList)); + srcList->pPrivateMetaData = (byte*)srcList + sizeof(CpaBufferList) + + (*bufferCount * sizeof(CpaFlatBuffer)); + for (i = 0; i < *bufferCount; i++) { + srcList->pBuffers[i].dataLenInBytes = buffersSz[i]; + srcList->pBuffers[i].pData = buffers[i]; + totalMsgSz += buffersSz[i]; + } + srcList->numBuffers = *bufferCount; + + /* clear buffer cache */ + dev->qat.op.hash.bufferCount = 0; + for (i=0; iqat.op.hash.buffers[i] = NULL; + dev->qat.op.hash.buffersSz[i] = 0; + } + + /* build output */ + if (out) { + /* use blockSize for alloc, but we are only returning digestSize */ + digestBuf = XMALLOC(blockSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + if (digestBuf == NULL) { + ret = MEMORY_E; goto exit; + } + } + + /* setup */ + XMEMSET(&setup, 0, sizeof(CpaCySymSessionSetupData)); + setup.sessionPriority = CPA_CY_PRIORITY_NORMAL; + setup.symOperation = CPA_CY_SYM_OP_HASH; + setup.partialsNotRequired = (packetType == CPA_CY_SYM_PACKET_TYPE_FULL) ? + CPA_TRUE : CPA_FALSE; + setup.hashSetupData.hashMode = hashMode; + setup.hashSetupData.hashAlgorithm = hashAlgorithm; + setup.hashSetupData.digestResultLenInBytes = digestSize; + setup.hashSetupData.authModeSetupData.authKey = authKey; + setup.hashSetupData.authModeSetupData.authKeyLenInBytes = authKeyLenInBytes; + + /* open session */ + ret = IntelQaSymOpen(dev, &setup, callback); + if (ret != 0) { + goto exit; + } + + /* workarounds for handling symmetric context copies */ + if (packetType == CPA_CY_SYM_PACKET_TYPE_LAST_PARTIAL) { + /* set the partialState for partial */ + #ifdef USE_LAC_SESSION_FOR_STRUCT_OFFSET + word32 parStaOffset = (word32)offsetof(lac_session_desc_t, + partialState); + #else + word32 parStaOffset = (28 * 16); + #endif + + /* make sure partialState is partial, try + 16 alignments as well */ + for (i = 0; i < 4; i++) { + word32* priorVal = (word32*)((byte*)ctx->symCtx + parStaOffset + + (i * 16)); + if (*priorVal == CPA_CY_SYM_PACKET_TYPE_FULL) { + *priorVal = CPA_CY_SYM_PACKET_TYPE_PARTIAL; + break; + } + } + } + if (ctx->symCtx != ctx->symCtxSrc) { + /* copy hash state (digest into new symmetric context) */ + byte* symCtxDst = (byte*)ctx->symCtx; + byte* symCtxSrc = (byte*)ctx->symCtxSrc; + /* copy from hashStatePrefixBuffer to end */ + #ifdef USE_LAC_SESSION_FOR_STRUCT_OFFSET + const word32 copyRegion = (word32)offsetof(lac_session_desc_t, + hashStatePrefixBuffer); + #else + const word32 copyRegion = (41 * 16); + #endif + XMEMCPY(&symCtxDst[copyRegion], &symCtxSrc[copyRegion], + ctx->symCtxSize - copyRegion); + } + + /* operation data */ + opData = &ctx->opData; + XMEMSET(opData, 0, sizeof(CpaCySymOpData)); + opData->sessionCtx = ctx->symCtx; + opData->packetType = packetType; + opData->messageLenToHashInBytes = totalMsgSz; + opData->pDigestResult = digestBuf; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLen = inOutSz; + IntelQaOpInit(dev, IntelQaSymHashFree); + + /* perform symmetric hash operation async */ + /* use same buffer list for in-place operation */ + do { + status = cpaCySymPerformOp(dev->qat.handle, + dev, + opData, + srcList, + srcList, + NULL); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_HASH_ASYNC, callback, + &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCySymPerformOp Hash partial failed! dev %p, status %d, " + "ret %d\n", dev, status, ret); + + /* handle cleanup */ + IntelQaSymHashFree(dev); + } + + return ret; +} +#endif /* QAT_HASH_ENABLE_PARTIAL */ + + +/* For hash update call with out == NULL */ +/* For hash final call with out != NULL */ +static int IntelQaSymHash(WC_ASYNC_DEV* dev, byte* out, const byte* in, + word32 inOutSz, CpaCySymHashMode hashMode, + CpaCySymHashAlgorithm hashAlgorithm, + + /* For HMAC auth mode only */ + Cpa8U* authKey, Cpa32U authKeyLenInBytes) +{ + /* check args */ + if (dev == NULL || (out == NULL && in == NULL) || + hashAlgorithm == CPA_CY_SYM_HASH_NONE) { + return BAD_FUNC_ARG; + } + + /* trap call with both in and out set */ + if (in != NULL && out != NULL) { + printf("IntelQaSymHash: Cannot call with in and out both set\n"); + return BAD_FUNC_ARG; + } + + if (inOutSz == 0) { + return 0; /* nothing to do, return success */ + } + +#ifdef QAT_HASH_ENABLE_PARTIAL + if (g_qatCapabilities.supPartial + #ifdef QAT_V2 + && hashAlgorithm != CPA_CY_SYM_HASH_SHA3_256 + #endif + ) { + return IntelQaSymHashPartial(dev, out, in, inOutSz, hashMode, + hashAlgorithm, authKey, authKeyLenInBytes); + } + else +#endif + return IntelQaSymHashCache(dev, out, in, inOutSz, hashMode, + hashAlgorithm, authKey, authKeyLenInBytes); +} + +#ifdef WOLFSSL_SHA512 +int IntelQaSymSha512(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA512, NULL, 0); +} + +#ifdef WOLFSSL_SHA384 +int IntelQaSymSha384(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA384, NULL, 0); +} +#endif /* WOLFSSL_SHA384 */ +#endif /* WOLFSSL_SHA512 */ + +#ifndef NO_SHA256 +int IntelQaSymSha256(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA256, NULL, 0); +} +#ifdef WOLFSSL_SHA224 +int IntelQaSymSha224(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA224, NULL, 0); +} +#endif /* WOLFSSL_SHA224 */ +#endif /* !NO_SHA256 */ + +#ifndef NO_SHA +int IntelQaSymSha(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA1, NULL, 0); +} +#endif /* !NO_SHA */ + +#ifndef NO_MD5 +int IntelQaSymMd5(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_MD5, NULL, 0); +} +#endif /* !NO_MD5 */ + +#if defined(WOLFSSL_SHA3) && defined(QAT_V2) +int IntelQaSymSha3(WC_ASYNC_DEV* dev, byte* out, const byte* in, word32 sz) +{ + if (g_qatCapabilities.supSha3) { + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_PLAIN, CPA_CY_SYM_HASH_SHA3_256, NULL, 0); + } + return NOT_COMPILED_IN; +} +#endif + +#ifndef NO_HMAC + int IntelQaHmacGetType(int macType, word32* hashAlgorithm) + { + int ret = NOT_COMPILED_IN; + + switch (macType) { + #ifndef NO_MD5 + case WC_MD5: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_MD5; + ret = 0; + break; + #endif + #ifndef NO_SHA + case WC_SHA: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_SHA1; + ret = 0; + break; + #endif + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_SHA224; + ret = 0; + break; + #endif + #ifndef NO_SHA256 + case WC_SHA256: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_SHA256; + ret = 0; + break; + #endif + #ifdef WOLFSSL_SHA512 + #ifdef WOLFSSL_SHA384 + case WC_SHA384: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_SHA384; + ret = 0; + break; + #endif + case WC_SHA512: + if (hashAlgorithm) *hashAlgorithm = CPA_CY_SYM_HASH_SHA512; + ret = 0; + break; + #endif + #if defined(WOLFSSL_SHA3) && defined(QAT_V2) + case WC_SHA3_256: + if (g_qatCapabilities.supSha3) { + if (hashAlgorithm) + *hashAlgorithm = CPA_CY_SYM_HASH_SHA3_256; + ret = 0; + } + break; + #endif + #ifdef HAVE_BLAKE2B + case BLAKE2B_ID: + #endif + #ifdef WOLFSSL_SHA3 + case WC_SHA3_224: + case WC_SHA3_384: + case WC_SHA3_512: + #endif + default: + ret = NOT_COMPILED_IN; + } + return ret; + } + + int IntelQaHmac(struct WC_ASYNC_DEV* dev, + int macType, byte* keyRaw, word16 keyLen, + byte* out, const byte* in, word32 sz) + { + int ret; + CpaCySymHashAlgorithm hashAlgorithm; + + ret = IntelQaHmacGetType(macType, (word32*)&hashAlgorithm); + if (ret != 0) + return ret; + + return IntelQaSymHash(dev, out, in, sz, + CPA_CY_SYM_HASH_MODE_AUTH, hashAlgorithm, keyRaw, keyLen); + } +#endif /* !NO_HMAC */ + +#endif /* QAT_ENABLE_HASH */ + + + +/* -------------------------------------------------------------------------- */ +/* ECC Algo */ +/* -------------------------------------------------------------------------- */ + +#ifdef HAVE_ECC + +#ifdef HAVE_ECC_DHE + +/* ECC Point Multiple Used for Public Key computation Key Gen */ +static void IntelQaEccPointMulFree(WC_ASYNC_DEV* dev) +{ + CpaCyEcPointMultiplyOpData* opData = &dev->qat.op.ecc_mul.opData; + CpaFlatBuffer* pXk = &dev->qat.op.ecc_mul.pXk; + CpaFlatBuffer* pYk = &dev->qat.op.ecc_mul.pYk; + + if (pXk) { + if (pXk->pData != NULL) { + XFREE(pXk->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + XMEMSET(pXk, 0, sizeof(CpaFlatBuffer)); + } + if (pYk) { + if (pYk->pData != NULL) { + XFREE(pYk->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + XMEMSET(pYk, 0, sizeof(CpaFlatBuffer)); + } + + if (opData) { + if (opData->h.pData) { + if (opData->h.pData != g_qatEcdhCofactor1) { + XFREE(opData->h.pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + opData->h.pData = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCyEcPointMultiplyOpData)); + } + + /* clear temp pointers */ + dev->qat.op.ecc_mul.pubX = NULL; + dev->qat.op.ecc_mul.pubY = NULL; + dev->qat.op.ecc_mul.pubZ = NULL; +} + +static void IntelQaEccPointMulCallback(void *pCallbackTag, CpaStatus status, + void* pOpData, CpaBoolean multiplyStatus, CpaFlatBuffer* pXk, + CpaFlatBuffer* pYk) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyEcPointMultiplyOpData* opData = (CpaCyEcPointMultiplyOpData*)pOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaEccPointMulCallback: dev %p, status %d, multiplyStatus %d, " + "xLen %d, yLen %d\n", + dev, status, multiplyStatus, pXk->dataLenInBytes, pYk->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* check multiply status */ + if (multiplyStatus == 0) { + /* fail */ + WOLFSSL_MSG("IntelQaEccPointMulCallback: multiply failed"); + ret = ECC_CURVE_OID_E; + } + else { + ret = mp_read_unsigned_bin(dev->qat.op.ecc_mul.pubX, + pXk->pData, pXk->dataLenInBytes); + if (ret == 0) + ret = mp_read_unsigned_bin(dev->qat.op.ecc_mul.pubY, + pYk->pData, pYk->dataLenInBytes); + if (ret == 0) + ret = mp_set(dev->qat.op.ecc_mul.pubZ, 1); /* always 1 */ + } + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaEccPointMul(WC_ASYNC_DEV* dev, WC_BIGINT* k, + MATH_INT_T* pubX, MATH_INT_T* pubY, MATH_INT_T* pubZ, + WC_BIGINT* xG, WC_BIGINT* yG, WC_BIGINT* a, WC_BIGINT* b, WC_BIGINT* q, + word32 cofactor) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyEcPointMultiplyOpData* opData = NULL; + CpaFlatBuffer* pXk = NULL; + CpaFlatBuffer* pYk = NULL; + CpaCyEcPointMultiplyCbFunc callback = IntelQaEccPointMulCallback; + CpaBoolean* multiplyStatus; + + /* check arguments */ + if (dev == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaEccPointMul dev %p\n", dev); +#endif + + /* setup operation */ + opData = &dev->qat.op.ecc_mul.opData; + pXk = &dev->qat.op.ecc_mul.pXk; + pYk = &dev->qat.op.ecc_mul.pYk; + multiplyStatus = &dev->qat.op.ecc_mul.multiplyStatus; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyEcPointMultiplyOpData)); + XMEMSET(pXk, 0, sizeof(CpaFlatBuffer)); + XMEMSET(pYk, 0, sizeof(CpaFlatBuffer)); + XMEMSET(multiplyStatus, 0, sizeof(CpaBoolean)); + + /* setup operation data */ + opData->fieldType = CPA_CY_EC_FIELD_TYPE_PRIME; + ret = IntelQaBigIntToFlatBuffer(k, &opData->k); + ret += IntelQaBigIntToFlatBuffer(xG, &opData->xg); + ret += IntelQaBigIntToFlatBuffer(yG, &opData->yg); + if (a != NULL && a->buf == NULL) { + /* The Koblitz curves can have a zero param "a" */ + ret += IntelQaAllocFlatBuffer(&opData->a, k->len, dev->heap); + XMEMSET(opData->a.pData, 0, k->len); + } + else { + ret += IntelQaBigIntToFlatBuffer(a, &opData->a); + } + ret += IntelQaBigIntToFlatBuffer(b, &opData->b); + ret += IntelQaBigIntToFlatBuffer(q, &opData->q); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* setup cofactor */ + /* for this point multiply the cofactor should not be used, + * so always pass 1 */ + /* if using default value 1 then use shared global */ + opData->h.dataLenInBytes = 4; + opData->h.pData = g_qatEcdhCofactor1; + (void)cofactor; + + ret = IntelQaAllocFlatBuffer(pXk, q->len, dev->heap); + ret += IntelQaAllocFlatBuffer(pYk, q->len, dev->heap); + if (ret != 0) { + ret = MEMORY_E; goto exit; + } + + /* store info needed for output */ + dev->qat.op.ecc_mul.pubX = pubX; + dev->qat.op.ecc_mul.pubY = pubY; + dev->qat.op.ecc_mul.pubZ = pubZ; + IntelQaOpInit(dev, IntelQaEccPointMulFree); + + /* perform point multiply */ + do { + status = cpaCyEcPointMultiply(dev->qat.handle, + callback, + dev, + opData, + multiplyStatus, + pXk, + pYk); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_ECMUL_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyEcPointMultiply failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaEccPointMulFree(dev); + + return ret; +} + +static void IntelQaEcdhFree(WC_ASYNC_DEV* dev) +{ + CpaCyEcdhPointMultiplyOpData* opData = &dev->qat.op.ecc_ecdh.opData; + CpaFlatBuffer* resultX = &dev->qat.op.ecc_ecdh.pXk; + CpaFlatBuffer* resultY = &dev->qat.op.ecc_ecdh.pYk; + + if (resultX) { + if (resultX->pData) { + XFREE(resultX->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + resultX->pData = NULL; + } + if (resultY->pData) { + /* Don't free, since isn't used, persist global */ + /* XFREE(resultY->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); */ + resultY->pData = NULL; + } + XMEMSET(resultX, 0, sizeof(CpaFlatBuffer)); + XMEMSET(resultY, 0, sizeof(CpaFlatBuffer)); + } + + if (opData) { + if (opData->h.pData) { + if (opData->h.pData != g_qatEcdhCofactor1) { + XFREE(opData->h.pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + } + opData->h.pData = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCyEcdhPointMultiplyOpData)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaEcdhCallback(void *pCallbackTag, CpaStatus status, + void* pOpData, CpaBoolean multiplyStatus, CpaFlatBuffer* pXk, + CpaFlatBuffer* pYk) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyEcdhPointMultiplyOpData* opData = + (CpaCyEcdhPointMultiplyOpData*)pOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaEcdhCallback: dev %p, status %d, multiplyStatus %d, " + "xLen %d, yLen %d\n", + dev, status, multiplyStatus, pXk->dataLenInBytes, pYk->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + if (dev->qat.outLenPtr) { + if (pXk->dataLenInBytes > *dev->qat.outLenPtr) { + pXk->dataLenInBytes = *dev->qat.outLenPtr; + } + *dev->qat.outLenPtr = pXk->dataLenInBytes; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pXk->pData) { + XMEMCPY(dev->qat.out, pXk->pData, pXk->dataLenInBytes); + } + + /* check multiply status */ + if (multiplyStatus == 0) { + /* fail */ + WOLFSSL_MSG("IntelQaEcdhCallback: multiply failed"); + ret = ECC_CURVE_OID_E; + } + else { + /* mark event result */ + ret = 0; /* success */ + } + } + (void)opData; + (void)pYk; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaEcdh(WC_ASYNC_DEV* dev, WC_BIGINT* k, WC_BIGINT* xG, + WC_BIGINT* yG, byte* out, word32* outlen, + WC_BIGINT* a, WC_BIGINT* b, WC_BIGINT* q, + word32 cofactor) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyEcdhPointMultiplyOpData* opData = NULL; + CpaFlatBuffer* pXk = NULL; + CpaFlatBuffer* pYk = NULL; + CpaCyEcdhPointMultiplyCbFunc callback = IntelQaEcdhCallback; + CpaBoolean* multiplyStatus; + + /* check arguments */ + if (dev == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaEcdh dev %p\n", dev); +#endif + + /* setup operation */ + opData = &dev->qat.op.ecc_ecdh.opData; + pXk = &dev->qat.op.ecc_ecdh.pXk; + pYk = &dev->qat.op.ecc_ecdh.pYk; + multiplyStatus = &dev->qat.op.ecc_ecdh.multiplyStatus; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyEcdhPointMultiplyOpData)); + XMEMSET(pXk, 0, sizeof(CpaFlatBuffer)); + XMEMSET(pYk, 0, sizeof(CpaFlatBuffer)); + XMEMSET(multiplyStatus, 0, sizeof(CpaBoolean)); + + /* setup operation data */ + opData->fieldType = CPA_CY_EC_FIELD_TYPE_PRIME; + ret = IntelQaBigIntToFlatBuffer(k, &opData->k); + ret += IntelQaBigIntToFlatBuffer(xG, &opData->xg); + ret += IntelQaBigIntToFlatBuffer(yG, &opData->yg); + if (a != NULL && a->buf == NULL) { + /* The Koblitz curves can have a zero param "a" */ + ret += IntelQaAllocFlatBuffer(&opData->a, k->len, dev->heap); + XMEMSET(opData->a.pData, 0, k->len); + } + else { + ret += IntelQaBigIntToFlatBuffer(a, &opData->a); + } + ret += IntelQaBigIntToFlatBuffer(b, &opData->b); + ret += IntelQaBigIntToFlatBuffer(q, &opData->q); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* setup cofactor */ + /* for this point multiply the cofactor should not be used, + * so always pass 1 */ + /* if using default value 1 then use shared global */ + opData->h.dataLenInBytes = 4; + opData->h.pData = g_qatEcdhCofactor1; + (void)cofactor; + + pXk->dataLenInBytes = q->len; /* bytes key size / 8 (aligned) */ + pXk->pData = (Cpa8U*)XREALLOC(out, pXk->dataLenInBytes, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + pYk->dataLenInBytes = q->len; + pYk->pData = g_qatEcdhY; + + /* store info needed for output */ + dev->qat.out = out; + dev->qat.outLenPtr = outlen; + IntelQaOpInit(dev, IntelQaEcdhFree); + + /* perform point multiply */ + do { + status = cpaCyEcdhPointMultiply(dev->qat.handle, + callback, + dev, + opData, + multiplyStatus, + pXk, + pYk); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_ECDHE_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyEcdhPointMultiply failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaEcdhFree(dev); + + return ret; +} +#endif /* HAVE_ECC_DHE */ + + +#ifdef HAVE_ECC_SIGN + +static void IntelQaEcdsaSignFree(WC_ASYNC_DEV* dev) +{ + CpaCyEcdsaSignRSOpData* opData = &dev->qat.op.ecc_sign.opData; + CpaFlatBuffer *pR = &dev->qat.op.ecc_sign.R; + CpaFlatBuffer *pS = &dev->qat.op.ecc_sign.S; + + if (opData) { + XMEMSET(opData, 0, sizeof(CpaCyEcdsaSignRSOpData)); + } + + if (pR) { + if (pR->pData) + XFREE(pR->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + XMEMSET(pR, 0, sizeof(CpaFlatBuffer)); + } + if (pS) { + if (pS->pData) + XFREE(pS->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + XMEMSET(pS, 0, sizeof(CpaFlatBuffer)); + } + + /* clear temp pointers */ + dev->qat.op.ecc_sign.pR = NULL; + dev->qat.op.ecc_sign.pS = NULL; +} + +static void IntelQaEcdsaSignCallback(void *pCallbackTag, + CpaStatus status, void *pOpData, CpaBoolean signStatus, + CpaFlatBuffer *pR, CpaFlatBuffer *pS) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyEcdsaSignRSOpData* opData = (CpaCyEcdsaSignRSOpData*)pOpData; + int ret = ASYNC_OP_E; + + (void)signStatus; + +#ifdef QAT_DEBUG + printf("IntelQaEcdsaSignCallback: dev %p, status %d, signStatus %d, " + "rLen %d, sLen %d\n", + dev, status, signStatus, pR->dataLenInBytes, pS->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* check sign status */ + if (signStatus == 0) { + /* fail */ + WOLFSSL_MSG("IntelQaEcdsaSignCallback: sign failed"); + ret = ECC_CURVE_OID_E; + } + else { + /* success - populate result */ + ret = IntelQaFlatBufferToBigInt(pR, dev->qat.op.ecc_sign.pR); + if (ret == 0) { + ret = IntelQaFlatBufferToBigInt(pS, dev->qat.op.ecc_sign.pS); + } + } + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaEcdsaSign(WC_ASYNC_DEV* dev, + WC_BIGINT* m, WC_BIGINT* d, + WC_BIGINT* k, + WC_BIGINT* r, WC_BIGINT* s, + WC_BIGINT* a, WC_BIGINT* b, + WC_BIGINT* q, WC_BIGINT* n, + WC_BIGINT* xg, WC_BIGINT* yg) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyEcdsaSignRSOpData* opData = NULL; + CpaCyEcdsaSignRSCbFunc callback = IntelQaEcdsaSignCallback; + CpaBoolean* signStatus; + CpaFlatBuffer* pR = NULL; + CpaFlatBuffer* pS = NULL; + + if (dev == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaEcdsaSign dev %p\n", dev); +#endif + + /* setup operation */ + opData = &dev->qat.op.ecc_sign.opData; + pR = &dev->qat.op.ecc_sign.R; + pS = &dev->qat.op.ecc_sign.S; + signStatus = &dev->qat.op.ecc_sign.signStatus; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyEcdsaSignRSOpData)); + XMEMSET(pR, 0, sizeof(CpaFlatBuffer)); + XMEMSET(pS, 0, sizeof(CpaFlatBuffer)); + XMEMSET(signStatus, 0, sizeof(CpaBoolean)); + + /* setup operation data */ + opData->fieldType = CPA_CY_EC_FIELD_TYPE_PRIME; + ret = IntelQaBigIntToFlatBuffer(m, &opData->m); + ret += IntelQaBigIntToFlatBuffer(d, &opData->d); + ret += IntelQaBigIntToFlatBuffer(k, &opData->k); + ret += IntelQaBigIntToFlatBuffer(a, &opData->a); + ret += IntelQaBigIntToFlatBuffer(b, &opData->b); + ret += IntelQaBigIntToFlatBuffer(q, &opData->q); + ret += IntelQaBigIntToFlatBuffer(n, &opData->n); + ret += IntelQaBigIntToFlatBuffer(xg, &opData->xg); + ret += IntelQaBigIntToFlatBuffer(yg, &opData->yg); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + pR->dataLenInBytes = n->len; /* bytes key size / 8 (aligned) */ + pS->dataLenInBytes = n->len; + pR->pData = (Cpa8U*)XREALLOC(r->buf, pR->dataLenInBytes, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + pS->pData = (Cpa8U*)XREALLOC(s->buf, pS->dataLenInBytes, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + if (pR->pData == NULL || pS->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* store info needed for output */ + dev->qat.op.ecc_sign.pR = r; + dev->qat.op.ecc_sign.pS = s; + IntelQaOpInit(dev, IntelQaEcdsaSignFree); + + /* Perform ECDSA sign */ + do { + status = cpaCyEcdsaSignRS(dev->qat.handle, + callback, + dev, + opData, + signStatus, + pR, + pS); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_ECDSA_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyEcdsaSignRS failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaEcdsaSignFree(dev); + + return ret; +} + +#endif /* HAVE_ECC_SIGN */ + + +#ifdef HAVE_ECC_VERIFY +static void IntelQaEcdsaVerifyFree(WC_ASYNC_DEV* dev) +{ + CpaCyEcdsaVerifyOpData* opData = &dev->qat.op.ecc_verify.opData; + + if (opData) { + XMEMSET(opData, 0, sizeof(CpaCyEcdsaVerifyOpData)); + } + + /* clear temp pointers */ + dev->qat.op.ecc_verify.stat = NULL; +} + +static void IntelQaEcdsaVerifyCallback(void *pCallbackTag, + CpaStatus status, void *pOpData, CpaBoolean verifyStatus) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyEcdsaVerifyOpData* opData = (CpaCyEcdsaVerifyOpData*)pOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaEcdsaVerifyCallback: dev %p, status %d, verifyStatus %d\n", + dev, status, verifyStatus); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* populate result */ + *dev->qat.op.ecc_verify.stat = verifyStatus; + + /* check verify status */ + if (verifyStatus == 0) { + /* fail */ + WOLFSSL_MSG("IntelQaEcdsaVerifyCallback: verify failed"); + ret = ECC_CURVE_OID_E; + } + else { + /* mark event result */ + ret = 0; /* success */ + } + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaEcdsaVerify(WC_ASYNC_DEV* dev, WC_BIGINT* m, + WC_BIGINT* xp, WC_BIGINT* yp, + WC_BIGINT* r, WC_BIGINT* s, + WC_BIGINT* a, WC_BIGINT* b, + WC_BIGINT* q, WC_BIGINT* n, + WC_BIGINT* xg, WC_BIGINT* yg, int* pVerifyStatus) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyEcdsaVerifyOpData* opData = NULL; + CpaCyEcdsaVerifyCbFunc callback = IntelQaEcdsaVerifyCallback; + CpaBoolean* verifyStatus; + + if (dev == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaEcdsaVerify dev %p\n", dev); +#endif + + /* setup operation */ + opData = &dev->qat.op.ecc_verify.opData; + verifyStatus = &dev->qat.op.ecc_verify.verifyStatus; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyEcdsaVerifyOpData)); + XMEMSET(verifyStatus, 0, sizeof(CpaBoolean)); + + /* setup operation data */ + opData->fieldType = CPA_CY_EC_FIELD_TYPE_PRIME; + ret = IntelQaBigIntToFlatBuffer(m, &opData->m); + ret += IntelQaBigIntToFlatBuffer(r, &opData->r); + ret += IntelQaBigIntToFlatBuffer(s, &opData->s); + ret += IntelQaBigIntToFlatBuffer(xp, &opData->xp); + ret += IntelQaBigIntToFlatBuffer(yp, &opData->yp); + ret += IntelQaBigIntToFlatBuffer(a, &opData->a); + ret += IntelQaBigIntToFlatBuffer(b, &opData->b); + ret += IntelQaBigIntToFlatBuffer(q, &opData->q); + ret += IntelQaBigIntToFlatBuffer(n, &opData->n); + ret += IntelQaBigIntToFlatBuffer(xg, &opData->xg); + ret += IntelQaBigIntToFlatBuffer(yg, &opData->yg); + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + + /* store info needed for output */ + dev->qat.op.ecc_verify.stat = pVerifyStatus; + IntelQaOpInit(dev, IntelQaEcdsaVerifyFree); + + /* Perform ECDSA verify */ + do { + status = cpaCyEcdsaVerify(dev->qat.handle, + callback, + dev, + opData, + verifyStatus); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_ECDSA_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyEcdsaVerify failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaEcdsaVerifyFree(dev); + + return ret; +} +#endif /* HAVE_ECC_VERIFY */ + +#endif /* HAVE_ECC */ + + +#ifndef NO_DH + +static void IntelQaDhKeyGenFree(WC_ASYNC_DEV* dev) +{ + CpaCyDhPhase1KeyGenOpData* opData = &dev->qat.op.dh_gen.opData; + CpaFlatBuffer* pOut = &dev->qat.op.dh_gen.pOut; + + if (opData) { + IntelQaFreeFlatBuffer(&opData->privateValueX, dev->heap); + + XMEMSET(opData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); + } + + if (pOut) { + if (pOut->pData) { + XFREE(pOut->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pOut->pData = NULL; + } + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaDhKeyGenCallback(void *pCallbackTag, CpaStatus status, + void *pOpData, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyDhPhase1KeyGenOpData* opData = (CpaCyDhPhase1KeyGenOpData*)pOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaDhKeyGenCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* validate returned output */ + if (dev->qat.outLenPtr) { + if (pOut->dataLenInBytes > *dev->qat.outLenPtr) { + pOut->dataLenInBytes = *dev->qat.outLenPtr; + } + *dev->qat.outLenPtr = pOut->dataLenInBytes; + } + + /* return data */ + if (dev->qat.out && dev->qat.out != pOut->pData) { + XMEMCPY(dev->qat.out, pOut->pData, pOut->dataLenInBytes); + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaDhKeyGen(WC_ASYNC_DEV* dev, WC_BIGINT* p, WC_BIGINT* g, + WC_BIGINT* x, byte* pub, word32* pubSz) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyDhPhase1KeyGenOpData* opData = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaDhKeyGenCallback; + CpaFlatBuffer* pOut = NULL; + + if (dev == NULL || p == NULL || p->buf == NULL || g == NULL || x == NULL || + pub == NULL || pubSz == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaDhKeyGen dev %p\n", dev); +#endif + + /* setup operation */ + opData = &dev->qat.op.dh_gen.opData; + pOut = &dev->qat.op.dh_gen.pOut; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyDhPhase1KeyGenOpData)); + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + + /* setup operation data */ + ret = IntelQaBigIntToFlatBuffer(p, &opData->primeP); + ret += IntelQaBigIntToFlatBuffer(g, &opData->baseG); + /* transfer control of big int buffer to opData structure */ + ret += IntelQaBigIntToFlatBuffer(x, &opData->privateValueX); + /* don't let caller free x, do it in IntelQaDhKeyGenFree */ + x->buf = NULL; + x->len = 0; + if (ret != 0) { + ret = BAD_FUNC_ARG; goto exit; + } + pOut->dataLenInBytes = p->len; + pOut->pData = (Cpa8U*)XREALLOC(pub, p->len, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (pOut->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* store info needed for output */ + *pubSz = p->len; + dev->qat.out = pub; + dev->qat.outLenPtr = pubSz; + IntelQaOpInit(dev, IntelQaDhKeyGenFree); + + /* Perform DhKeyGen */ + do { + status = cpaCyDhKeyGenPhase1(dev->qat.handle, + callback, + dev, + opData, + pOut); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_DH_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyDhKeyGenPhase1 failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaDhKeyGenFree(dev); + + return ret; +} + +static void IntelQaDhAgreeFree(WC_ASYNC_DEV* dev) +{ + CpaCyDhPhase2SecretKeyGenOpData* opData = &dev->qat.op.dh_agree.opData; + CpaFlatBuffer* pOut = &dev->qat.op.dh_agree.pOut; + + if (pOut) { + if (pOut->pData) { + XFREE(pOut->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pOut->pData = NULL; + } + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + } + if (opData) { + if (opData->remoteOctetStringPV.pData) { + XFREE(opData->remoteOctetStringPV.pData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + opData->remoteOctetStringPV.pData = NULL; + } + if (opData->privateValueX.pData) { + XFREE(opData->privateValueX.pData, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + opData->privateValueX.pData = NULL; + } + XMEMSET(opData, 0, sizeof(CpaCyDhPhase2SecretKeyGenOpData)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; + dev->qat.outLenPtr = NULL; +} + +static void IntelQaDhAgreeCallback(void *pCallbackTag, CpaStatus status, + void *pOpData, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyDhPhase2SecretKeyGenOpData* opData = + (CpaCyDhPhase2SecretKeyGenOpData*)pOpData; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaDhAgreeCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + word32 idxTrim = 0; + byte* out = (byte*)pOut->pData; + + /* check output size */ + if (dev->qat.outLenPtr) { + if (pOut->dataLenInBytes > *dev->qat.outLenPtr) { + pOut->dataLenInBytes = *dev->qat.outLenPtr; + } + } + + /* count leading zeros */ + while (out[idxTrim] == 0 && idxTrim < pOut->dataLenInBytes) { + idxTrim++; + } + pOut->dataLenInBytes -= idxTrim; + + /* return data and trim leading zeros */ + if (dev->qat.out && (dev->qat.out != pOut->pData || idxTrim > 0)) { + XMEMMOVE(dev->qat.out, &out[idxTrim], pOut->dataLenInBytes); + } + + /* return final length */ + if (dev->qat.outLenPtr) { + *dev->qat.outLenPtr = pOut->dataLenInBytes; + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaDhAgree(WC_ASYNC_DEV* dev, WC_BIGINT* p, + byte* agree, word32* agreeSz, const byte* priv, word32 privSz, + const byte* otherPub, word32 pubSz) +{ + int ret, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyDhPhase2SecretKeyGenOpData* opData = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaDhAgreeCallback; + CpaFlatBuffer* pOut = NULL; + + if (dev == NULL || agree == NULL || agreeSz == NULL || + priv == NULL || privSz == 0 || otherPub == NULL || pubSz == 0) { + return BAD_FUNC_ARG; + } + +#ifdef QAT_DEBUG + printf("IntelQaDhAgree dev %p, agreeSz %d\n", dev, *agreeSz); +#endif + + /* setup operation */ + opData = &dev->qat.op.dh_agree.opData; + pOut = &dev->qat.op.dh_agree.pOut; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyDhPhase2SecretKeyGenOpData)); + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + + /* setup operation data */ + ret = IntelQaBigIntToFlatBuffer(p, &opData->primeP); + if (ret != 0) { + goto exit; + } + + opData->remoteOctetStringPV.dataLenInBytes = pubSz; + opData->remoteOctetStringPV.pData = (Cpa8U*)XREALLOC((byte*)otherPub, pubSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + opData->privateValueX.dataLenInBytes = privSz; + opData->privateValueX.pData = (Cpa8U*)XREALLOC((byte*)priv, privSz, + dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pOut->dataLenInBytes = p->len; + pOut->pData = (Cpa8U*)XREALLOC(agree, p->len, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + + if (opData->remoteOctetStringPV.pData == NULL || + opData->privateValueX.pData == NULL || pOut->pData == NULL) { + ret = MEMORY_E; goto exit; + } + + /* store info needed for output */ + dev->qat.out = agree; + dev->qat.outLenPtr = agreeSz; + IntelQaOpInit(dev, IntelQaDhAgreeFree); + + /* Perform DhKeyGen */ + do { + status = cpaCyDhKeyGenPhase2Secret(dev->qat.handle, + callback, + dev, + opData, + pOut); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_DH_ASYNC, + (void*)callback, &retryCount)); + + if (ret == WC_PENDING_E) + return ret; + +exit: + + if (ret != 0) { + printf("cpaCyDhKeyGenPhase2Secret failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaDhAgreeFree(dev); + + return ret; +} + +#endif /* !NO_DH */ + + +#if defined(QAT_ENABLE_RNG) +/* -------------------------------------------------------------------------- */ +/* Random NRBG/DRBG */ +/* -------------------------------------------------------------------------- */ +int IntelQaNrbg(CpaFlatBuffer* pBuffer, Cpa32U length) +{ + CpaStatus status; + CpaCyNrbgOpData opData; + CpaInstanceHandle instanceHandle = CPA_INSTANCE_HANDLE_SINGLE; + + if (pBuffer == NULL || length == 0) { + return BAD_FUNC_ARG; + } + + if (pBuffer->dataLenInBytes < length) { + return BAD_FUNC_ARG; + } + + /* For now use the first crypto instance - assumed to be started already */ + status = cpaCyGetInstances(1, &instanceHandle); + if (instanceHandle == NULL || status != CPA_STATUS_SUCCESS) { + return ASYNC_INIT_E; + } + + /* init buffers */ + XMEMSET(&opData, 0, sizeof(CpaCyNrbgOpData)); + opData.lengthInBytes = length; + + /* Perform NRBG generation */ + status = cpaCyNrbgGetEntropy(instanceHandle, NULL, NULL, &opData, pBuffer); + if (status != CPA_STATUS_SUCCESS) { + printf("cpaCyNrbgGetEntropy failed! status %d\n", status); + } + + return status; +} + +static CpaStatus IntelQaGetEntropyInputFunc( + IcpSalDrbgGetEntropyInputCbFunc pCb, + void* pCallbackTag, + icp_sal_drbg_get_entropy_op_data_t *pOpData, + CpaFlatBuffer *pBuffer, + Cpa32U *pLengthReturned) +{ + CpaStatus status = CPA_STATUS_SUCCESS; + + *pLengthReturned = pOpData->maxLength; + + status = IntelQaNrbg(pBuffer, pOpData->maxLength); + if (status != CPA_STATUS_SUCCESS) { + return CPA_STATUS_FAIL; + } + + if (pCb != NULL) { + pCb(pCallbackTag, CPA_STATUS_SUCCESS, pOpData, + pOpData->maxLength, pBuffer); + } + + return CPA_STATUS_SUCCESS; +} + +static CpaStatus IntelQaGetNonceFunc( + icp_sal_drbg_get_entropy_op_data_t *pOpData, + CpaFlatBuffer *pBuffer, + Cpa32U *pLengthReturned) +{ + + CpaStatus status = CPA_STATUS_SUCCESS; + + status = IntelQaNrbg(pBuffer, pOpData->maxLength); + if (status != CPA_STATUS_SUCCESS) { + return CPA_STATUS_FAIL; + } + *pLengthReturned = pOpData->maxLength; + + return CPA_STATUS_SUCCESS; +} + +static CpaBoolean IntelQaNotDFRequired(void) +{ + return CPA_FALSE; +} + +static int IntelQaDrbgClose(WC_ASYNC_DEV* dev) +{ + CpaStatus status; + + if (dev == NULL) + return BAD_FUNC_ARG; + +#ifdef QAT_DEBUG + printf("cpaCyDrbgRemoveSession dev %p\n", dev); +#endif + + if (dev->qat.op.drbg.handle) { + CpaCyDrbgSessionHandle handle = dev->qat.op.drbg.handle; + dev->qat.op.drbg.handle = NULL; + + status = cpaCyDrbgRemoveSession(dev->qat.handle, handle); + if (status != CPA_STATUS_SUCCESS) { + printf("cpaCyDrbgRemoveSession failed! status %d\n", status); + } + + XFREE(handle, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA64); + } + + return 0; +} + +static void IntelQaDrbgFree(WC_ASYNC_DEV* dev) +{ + CpaCyDrbgGenOpData* opData = &dev->qat.op.drbg.opData; + CpaFlatBuffer* pOut = &dev->qat.op.drbg.pOut; + + if (pOut) { + if (pOut->pData) { + XFREE(pOut->pData, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA); + pOut->pData = NULL; + } + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + } + + if (opData) { + XMEMSET(opData, 0, sizeof(CpaCyDrbgGenOpData)); + } + + /* clear temp pointers */ + dev->qat.out = NULL; +} + +static void IntelQaDrbgCallback(void *pCallbackTag, CpaStatus status, + void *pOpdata, CpaFlatBuffer *pOut) +{ + WC_ASYNC_DEV* dev = (WC_ASYNC_DEV*)pCallbackTag; + CpaCyDrbgGenOpData* opData = (CpaCyDrbgGenOpData*)pOpdata; + int ret = ASYNC_OP_E; + +#ifdef QAT_DEBUG + printf("IntelQaDrbgCallback: dev %p, status %d, len %d\n", + dev, status, pOut->dataLenInBytes); +#endif + + if (status == CPA_STATUS_SUCCESS) { + /* return data */ + if (dev->qat.out && dev->qat.out != pOut->pData) { + XMEMCPY(dev->qat.out, pOut->pData, pOut->dataLenInBytes); + } + + /* mark event result */ + ret = 0; /* success */ + } + (void)opData; + + /* set return code to mark complete */ + dev->qat.ret = ret; +} + +int IntelQaDrbg(WC_ASYNC_DEV* dev, byte* rngBuf, word32 rngSz) +{ + int ret = 0, retryCount = 0; + CpaStatus status = CPA_STATUS_SUCCESS; + CpaCyDrbgGenOpData* opData = NULL; + CpaCyGenFlatBufCbFunc callback = IntelQaDrbgCallback; + CpaFlatBuffer* pOut = NULL; + word32 idx = 0, gen = 0; + + if (dev == NULL || rngBuf == NULL) { + return BAD_FUNC_ARG; + } + + /* This function can be called with rngSz == 0 */ + if (rngSz == 0) { + return 0; /* no data to get */ + } + +#ifdef QAT_DEBUG + printf("IntelQaDrbg: dev %p, buf %p, sz %d\n", dev, rngBuf, rngSz); +#endif + + /* setup operation */ + opData = &dev->qat.op.drbg.opData; + pOut = &dev->qat.op.drbg.pOut; + + /* init buffers */ + XMEMSET(opData, 0, sizeof(CpaCyDrbgGenOpData)); + XMEMSET(pOut, 0, sizeof(CpaFlatBuffer)); + + if (dev->qat.op.drbg.handle == NULL) { + CpaCyDrbgSessionSetupData setup; + Cpa32U seedLen = 0; + Cpa32U handleSize; + + #ifdef QAT_DEBUG + printf("cpaCyDrbgInitSession dev %p\n", dev); + #endif + + /* register required DRBG callback functions */ + icp_sal_drbgIsDFReqFuncRegister(IntelQaNotDFRequired); + icp_sal_drbgGetEntropyInputFuncRegister(IntelQaGetEntropyInputFunc); + icp_sal_drbgGetNonceFuncRegister(IntelQaGetNonceFunc); + + setup.predictionResistanceRequired = CPA_FALSE; + setup.secStrength = CPA_CY_RBG_SEC_STRENGTH_128; + setup.personalizationString.dataLenInBytes = 0; + setup.personalizationString.pData = NULL; + + status = cpaCyDrbgSessionGetSize(dev->qat.handle, &setup, &handleSize); + if (status != CPA_STATUS_SUCCESS) { + ret = ASYNC_INIT_E; goto exit; + } + + dev->qat.op.drbg.handle = (CpaCyDrbgSessionHandle)XMALLOC( + handleSize, dev->heap, DYNAMIC_TYPE_ASYNC_NUMA64); + if (dev->qat.op.drbg.handle == NULL) { + ret = MEMORY_E; goto exit; + } + + status = cpaCyDrbgInitSession(dev->qat.handle, + callback, /* callback function for generate */ + NULL, /* callback function for reseed */ + &setup, /* session setup data */ + dev->qat.op.drbg.handle, + &seedLen); + } + + /* chunk into LAC_DRBG_MAX_NUM_OF_BYTES (0xFFFF) */ + while (ret == 0 && idx < rngSz) { + /* setup operation data */ + gen = rngSz - gen; + if (gen > 0xFFFF) + gen = 0xFFFF; + + pOut->dataLenInBytes = gen; + if (idx == 0 && pOut->pData == NULL) { + pOut->pData = XREALLOC(rngBuf, gen, dev->heap, + DYNAMIC_TYPE_ASYNC_NUMA); + if (pOut->pData == NULL) { + ret = MEMORY_E; goto exit; + } + } + else { + XMEMCPY(pOut->pData, &rngBuf[idx], gen); + } + + opData->sessionHandle = dev->qat.op.drbg.handle; + opData->lengthInBytes = gen; + opData->secStrength = CPA_CY_RBG_SEC_STRENGTH_128; + opData->predictionResistanceRequired = CPA_FALSE; + opData->additionalInput.dataLenInBytes = 0; + opData->additionalInput.pData = NULL; + + /* store info needed for output */ + dev->qat.out = &rngBuf[idx]; + IntelQaOpInit(dev, IntelQaDrbgFree); + + /* Perform DRBG generation */ + do { + status = cpaCyDrbgGen(dev->qat.handle, + dev, + opData, + pOut); + } while (IntelQaHandleCpaStatus(dev, status, &ret, QAT_DRBG_ASYNC, + callback, &retryCount)); + + idx += gen; + }; + +exit: + + if (ret != 0) { + printf("cpaCyDrbgGen failed! dev %p, status %d, ret %d\n", + dev, status, ret); + } + + /* handle cleanup */ + IntelQaDrbgFree(dev); + + return ret; +} +#endif /* QAT_ENABLE_RNG */ + +#ifdef QAT_DEMO_MAIN + + /* RSA */ +static const byte rsa_in[256] = { + 0x7e, 0xf5, 0x69, 0x11, 0x6f, 0x67, 0x81, 0x71, 0xa2, 0x3e, 0xe7, 0x0e, + 0xad, 0xb9, 0x5f, 0x20, 0xc8, 0x2d, 0x8b, 0xd3, 0xb1, 0x65, 0x27, 0x34, + 0x7a, 0x10, 0x2e, 0xf4, 0xe9, 0x6a, 0x69, 0x93, 0xc0, 0x3e, 0xad, 0xbe, + 0x2e, 0x35, 0x34, 0xeb, 0x64, 0x45, 0x09, 0xf4, 0x07, 0x33, 0x6f, 0xac, + 0x2f, 0xc8, 0x59, 0xca, 0x72, 0x99, 0x0b, 0x99, 0xb1, 0xf3, 0xda, 0x42, + 0xdb, 0x7b, 0xed, 0x4c, 0x22, 0x48, 0x08, 0x8a, 0x30, 0xd7, 0xdc, 0x99, + 0x0b, 0xb9, 0x1a, 0xc5, 0x40, 0xe5, 0x7d, 0xe9, 0xbf, 0x0a, 0x05, 0xea, + 0x07, 0x24, 0x7a, 0x1f, 0x54, 0xbf, 0x77, 0x71, 0x09, 0xec, 0x6d, 0xdf, + 0x87, 0xc2, 0x11, 0xda, 0x8c, 0x66, 0x46, 0x1d, 0x5a, 0x45, 0x23, 0x35, + 0x96, 0x48, 0xa7, 0x0e, 0x03, 0xe1, 0x02, 0x43, 0x76, 0x56, 0xae, 0xc3, + 0x6e, 0x61, 0x73, 0xba, 0x48, 0x6e, 0x8a, 0x58, 0x60, 0xdd, 0x0a, 0x81, + 0x46, 0xe4, 0xb4, 0x03, 0xf1, 0x63, 0xf4, 0xc1, 0xad, 0xd5, 0x4a, 0xda, + 0x25, 0xd9, 0x9d, 0x56, 0x1f, 0xb4, 0x7b, 0x2b, 0xdd, 0x90, 0x4e, 0xfd, + 0xa1, 0xd4, 0x5b, 0xd9, 0x17, 0x1a, 0x68, 0xd0, 0x3c, 0x95, 0x94, 0x64, + 0x6a, 0x4a, 0xad, 0x39, 0xe5, 0x5f, 0xd1, 0xe2, 0xb1, 0x1b, 0xad, 0x1d, + 0x2a, 0xc2, 0x12, 0xed, 0x47, 0xa1, 0xac, 0x0f, 0x3e, 0x3b, 0x44, 0x2f, + 0x61, 0xa5, 0xab, 0xa1, 0x03, 0xe9, 0x40, 0x62, 0x82, 0xc6, 0x33, 0xcf, + 0x12, 0xeb, 0x76, 0x73, 0x13, 0x61, 0xe5, 0x3b, 0xf9, 0x38, 0x24, 0xc0, + 0x24, 0xc7, 0x88, 0x2b, 0x4a, 0x3c, 0x42, 0x26, 0xd0, 0xe6, 0x4d, 0xc8, + 0x41, 0x58, 0x94, 0x77, 0x91, 0x1d, 0xfa, 0xbb, 0x9f, 0xa8, 0x43, 0xe0, + 0x33, 0x46, 0x7e, 0x8e, 0xcf, 0xfc, 0x3e, 0xd4, 0x72, 0x7b, 0xf9, 0xee, + 0xca, 0xfd, 0x96, 0xd4, +}; +static const byte rsa_d[256] = { + 0xa2, 0xe6, 0xd8, 0x5f, 0x10, 0x71, 0x64, 0x08, 0x9e, 0x2e, 0x6d, 0xd1, + 0x6d, 0x1e, 0x85, 0xd2, 0x0a, 0xb1, 0x8c, 0x47, 0xce, 0x2c, 0x51, 0x6a, + 0xa0, 0x12, 0x9e, 0x53, 0xde, 0x91, 0x4c, 0x1d, 0x6d, 0xea, 0x59, 0x7b, + 0xf2, 0x77, 0xaa, 0xd9, 0xc6, 0xd9, 0x8a, 0xab, 0xd8, 0xe1, 0x16, 0xe4, + 0x63, 0x26, 0xff, 0xb5, 0x6c, 0x13, 0x59, 0xb8, 0xe3, 0xa5, 0xc8, 0x72, + 0x17, 0x2e, 0x0c, 0x9f, 0x6f, 0xe5, 0x59, 0x3f, 0x76, 0x6f, 0x49, 0xb1, + 0x11, 0xc2, 0x5a, 0x2e, 0x16, 0x29, 0x0d, 0xde, 0xb7, 0x8e, 0xdc, 0x40, + 0xd5, 0xa2, 0xee, 0xe0, 0x1e, 0xa1, 0xf4, 0xbe, 0x97, 0xdb, 0x86, 0x63, + 0x96, 0x14, 0xcd, 0x98, 0x09, 0x60, 0x2d, 0x30, 0x76, 0x9c, 0x3c, 0xcd, + 0xe6, 0x88, 0xee, 0x47, 0x92, 0x79, 0x0b, 0x5a, 0x00, 0xe2, 0x5e, 0x5f, + 0x11, 0x7c, 0x7d, 0xf9, 0x08, 0xb7, 0x20, 0x06, 0x89, 0x2a, 0x5d, 0xfd, + 0x00, 0xab, 0x22, 0xe1, 0xf0, 0xb3, 0xbc, 0x24, 0xa9, 0x5e, 0x26, 0x0e, + 0x1f, 0x00, 0x2d, 0xfe, 0x21, 0x9a, 0x53, 0x5b, 0x6d, 0xd3, 0x2b, 0xab, + 0x94, 0x82, 0x68, 0x43, 0x36, 0xd8, 0xf6, 0x2f, 0xc6, 0x22, 0xfc, 0xb5, + 0x41, 0x5d, 0x0d, 0x33, 0x60, 0xea, 0xa4, 0x7d, 0x7e, 0xe8, 0x4b, 0x55, + 0x91, 0x56, 0xd3, 0x5c, 0x57, 0x8f, 0x1f, 0x94, 0x17, 0x2f, 0xaa, 0xde, + 0xe9, 0x9e, 0xa8, 0xf4, 0xcf, 0x8a, 0x4c, 0x8e, 0xa0, 0xe4, 0x56, 0x73, + 0xb2, 0xcf, 0x4f, 0x86, 0xc5, 0x69, 0x3c, 0xf3, 0x24, 0x20, 0x8b, 0x5c, + 0x96, 0x0c, 0xfa, 0x6b, 0x12, 0x3b, 0x9a, 0x67, 0xc1, 0xdf, 0xc6, 0x96, + 0xb2, 0xa5, 0xd5, 0x92, 0x0d, 0x9b, 0x09, 0x42, 0x68, 0x24, 0x10, 0x45, + 0xd4, 0x50, 0xe4, 0x17, 0x39, 0x48, 0xd0, 0x35, 0x8b, 0x94, 0x6d, 0x11, + 0xde, 0x8f, 0xca, 0x59, +}; +static const byte rsa_n[256] = { + 0xc3, 0x03, 0xd1, 0x2b, 0xfe, 0x39, 0xa4, 0x32, 0x45, 0x3b, 0x53, 0xc8, + 0x84, 0x2b, 0x2a, 0x7c, 0x74, 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, + 0xd6, 0xa6, 0x36, 0xb2, 0x07, 0x32, 0x8e, 0xd0, 0xba, 0x69, 0x7b, 0xc6, + 0xc3, 0x44, 0x9e, 0xd4, 0x81, 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, + 0xbb, 0xa1, 0x75, 0xc8, 0x36, 0x2c, 0x4a, 0xd2, 0x1b, 0xf7, 0x8b, 0xba, + 0xcf, 0x0d, 0xf9, 0xef, 0xec, 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, + 0x9a, 0xbf, 0x65, 0xcc, 0x7f, 0x65, 0x24, 0x69, 0xa6, 0xe8, 0x14, 0x89, + 0x5b, 0xe4, 0x34, 0xf7, 0xc5, 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, + 0x7a, 0x78, 0xe1, 0x01, 0x56, 0x56, 0x91, 0xa6, 0x13, 0x42, 0x8d, 0xd2, + 0x3c, 0x40, 0x9c, 0x4c, 0xef, 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, + 0xa1, 0x3b, 0xf5, 0xf1, 0xa3, 0x4a, 0x35, 0xe4, 0xe1, 0xce, 0x96, 0xdf, + 0x1b, 0x7e, 0xbf, 0x4e, 0x97, 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, + 0xaf, 0x20, 0x0b, 0x43, 0x14, 0xc5, 0x74, 0x67, 0xb4, 0x32, 0x82, 0x6f, + 0x8d, 0x86, 0xc2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, + 0x22, 0x17, 0xd7, 0x52, 0x65, 0x24, 0x73, 0xb0, 0xce, 0xef, 0x19, 0xcd, + 0xae, 0xff, 0x78, 0x6c, 0x7b, 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, + 0x50, 0x6d, 0x3b, 0xa3, 0x3b, 0xa3, 0x99, 0x5e, 0x9d, 0xc8, 0xd9, 0x0c, + 0x85, 0xb3, 0xd9, 0x8a, 0xd9, 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, + 0xff, 0x25, 0x4c, 0xc4, 0xd1, 0x79, 0xf4, 0x71, 0xd3, 0x86, 0x40, 0x18, + 0x13, 0xb0, 0x63, 0xb5, 0x72, 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, + 0x56, 0x2f, 0xd7, 0x15, 0xf7, 0x7f, 0xc0, 0xae, 0xf5, 0xfc, 0x5b, 0xe5, + 0xfb, 0xa1, 0xba, 0xd3, +}; + + +/* AES GCM */ +static const byte aesgcm_k[] = { + 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, + 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, + 0x77, 0x88, 0x99, 0x00, 0x11, 0x22, 0x33, 0x44, + 0x55, 0x66, 0x77, 0x88, 0x99, 0x00, 0x11, 0x22 +}; + +static const byte aesgcm_iv[] = { + 0xca, 0xfe, 0xca, 0xfe, 0xca, 0xfe, 0xca, 0xfe, + 0xca, 0xfe, 0xca, 0xfe +}; + +static const byte aesgcm_a[] = { + 0xde, 0xad, 0xde, 0xad, 0xde, 0xad, 0xde, 0xad, + 0xde, 0xad, 0xde, 0xad, 0xde, 0xad, 0xde, 0xad, + 0xde, 0xad, 0xde, 0xad +}; + +static const byte aesgcm_p[] = { + 0x79, 0x84, 0x86, 0x44, 0x68, 0x45, 0x15, 0x61, + 0x86, 0x54, 0x66, 0x56, 0x54, 0x54, 0x31, 0x54, + 0x64, 0x64, 0x68, 0x45, 0x15, 0x15, 0x61, 0x61, + 0x51, 0x51, 0x51, 0x51, 0x51, 0x56, 0x14, 0x11, + 0x72, 0x13, 0x51, 0x82, 0x84, 0x56, 0x74, 0x53, + 0x45, 0x34, 0x65, 0x15, 0x46, 0x14, 0x67, 0x55, + 0x16, 0x14, 0x67, 0x54, 0x65, 0x47, 0x14, 0x67, + 0x46, 0x74, 0x65, 0x46 +}; + +static const byte aesgcm_c[] = { + 0x59, 0x85, 0x02, 0x97, 0xE0, 0x4D, 0xFC, 0x5C, + 0x03, 0xCC, 0x83, 0x64, 0xCE, 0x28, 0x0B, 0x95, + 0x78, 0xEC, 0x93, 0x40, 0xA1, 0x8D, 0x21, 0xC5, + 0x48, 0x6A, 0x39, 0xBA, 0x4F, 0x4B, 0x8C, 0x95, + 0x6F, 0x8C, 0xF6, 0x9C, 0xD0, 0xA5, 0x8D, 0x67, + 0xA1, 0x32, 0x11, 0xE7, 0x2E, 0xF6, 0x63, 0xAF, + 0xDE, 0xD4, 0x7D, 0xEC, 0x15, 0x01, 0x58, 0xCB, + 0xE3, 0x7B, 0xC6, 0x94, +}; + +static byte aesgcm_t[] = { + 0x5D, 0x10, 0x3F, 0xC7, 0x22, 0xC7, 0x21, 0x29 +}; + + +/* ecc curve */ +static byte ecc_a[] = { + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfc +}; +static byte ecc_b[] = { + 0x5a, 0xc6, 0x35, 0xd8, 0xaa, 0x3a, 0x93, 0xe7, + 0xb3, 0xeb, 0xbd, 0x55, 0x76, 0x98, 0x86, 0xbc, + 0x65, 0x1d, 0x06, 0xb0, 0xcc, 0x53, 0xb0, 0xf6, + 0x3b, 0xce, 0x3c, 0x3e, 0x27, 0xd2, 0x60, 0x4b +}; +static byte ecc_q[] = { + 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff +}; +/* private key */ +static byte ecc_k[] = { + 0x52, 0x2f, 0x27, 0xe3, 0x44, 0x3c, 0xa7, 0x92, + 0x9b, 0xdc, 0xe3, 0x00, 0x8a, 0x47, 0x0f, 0x28, + 0x5c, 0x0e, 0x2d, 0x87, 0xfd, 0x89, 0x56, 0xdd, + 0x83, 0x94, 0x6c, 0x48, 0x6c, 0x15, 0x59, 0xb7, + 0xf1, 0xc8, 0x13, 0x27, 0xe5, 0x80, 0xbd, 0x9c +}; +/* public key */ +static byte ecc_xg[] = { + 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, + 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, + 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, + 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96 +}; +static byte ecc_yg[] = { + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, + 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, + 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, + 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5 +}; + + +/* DH */ +static byte dh_priv1[] = { + 0xbd, 0x64, 0xf6, 0xd2, 0xe9, 0xca, 0xd0, 0xda, + 0x41, 0x48, 0x95, 0x5d, 0xd3, 0xa7, 0x36, 0x47, + 0xb6, 0x28, 0xdf, 0x05, 0x7b, 0x9c, 0xcd, 0x34, + 0x79, 0x09, 0x7a, 0x06, 0x43, +}; + +static byte dh_pub1[] = { + 0xaa, 0x43, 0x2e, 0xfd, 0xc6, 0xbe, 0x40, 0xdc, 0xac, 0x64, 0xf2, 0x65, + 0x91, 0xae, 0x88, 0xa0, 0x7b, 0x71, 0x3d, 0x9f, 0xa7, 0x00, 0xbe, 0x82, + 0xbb, 0xb5, 0x27, 0x2a, 0x58, 0xce, 0xb5, 0xf9, 0x18, 0x6e, 0x0b, 0xaa, + 0x75, 0x91, 0x59, 0x30, 0x2b, 0x1e, 0xf3, 0x26, 0xa5, 0x6a, 0x22, 0x91, + 0x65, 0xad, 0x5f, 0xef, 0x53, 0x57, 0x76, 0x53, 0xe8, 0xc2, 0x93, 0x9d, + 0x21, 0x7e, 0x91, 0x27, 0x79, 0xe4, 0xa5, 0xa1, 0x8b, 0x20, 0x52, 0xa2, + 0xd6, 0x22, 0xef, 0x15, 0x2c, 0xa7, 0xf3, 0xfc, 0xce, 0xc7, 0x1b, 0x90, + 0xaa, 0x9b, 0xb3, 0x83, 0xff, 0x21, 0xa0, 0x20, 0xc7, 0x21, 0x93, 0xbd, + 0x1a, 0xf3, 0xae, 0xd9, 0x16, 0x02, 0xf0, 0x62, 0x07, 0x68, 0xea, 0x1a, + 0xe7, 0xa6, 0xb9, 0xa6, 0x3b, 0x9a, 0x23, 0x4c, 0x21, 0xec, 0xa1, 0xe0, + 0x8f, 0x16, 0x2a, 0x99, 0x36, 0xbf, 0x57, 0x89, 0xf0, 0x3d, 0x84, 0xca, + 0x99, 0xe8, 0xea, 0x79, 0x24, 0xc0, 0x93, 0x96, 0x70, 0x9a, 0xbb, 0x16, + 0xa3, 0xe9, 0x06, 0x59, 0xb4, 0x6c, 0xe7, 0x48, 0x59, 0xde, 0x75, 0x83, + 0xbb, 0xc2, 0xa7, 0xd7, 0x84, 0x1d, 0xf4, 0x27, 0xf1, 0x72, 0x04, 0x64, + 0x01, 0x6b, 0x7b, 0xac, 0xf2, 0xaf, 0x12, 0x4c, 0x22, 0x83, 0xae, 0x8f, + 0x6d, 0x50, 0xe8, 0x16, 0xdc, 0x4c, 0x25, 0xe4, 0x54, 0x5a, 0xf0, 0xb7, + 0x82, 0x4f, 0xdc, 0x2e, 0xb5, 0xfd, 0x24, 0x26, 0x22, 0x26, 0x4f, 0x20, + 0x76, 0xb4, 0x36, 0x9e, 0x62, 0xb8, 0xb9, 0x2c, 0x52, 0xaf, 0x58, 0xa8, + 0x90, 0xcd, 0x62, 0x06, 0x30, 0xcc, 0x93, 0x8b, 0x3d, 0xd4, 0xd1, 0x5f, + 0x60, 0x3b, 0x28, 0x15, 0xcc, 0x92, 0xc1, 0x70, 0xb7, 0x39, 0x8c, 0x73, + 0x01, 0x65, 0x2f, 0x19, 0xeb, 0xd0, 0xce, 0x3f, 0x84, 0x36, 0xea, 0x11, + 0x34, 0x0e, 0xce, 0x0b, +}; + +static byte dh_priv2[] = { + 0x5e, 0x49, 0x52, 0xb3, 0xc4, 0x8f, 0x3f, 0xde, 0x55, 0x9d, 0x87, 0xb3, + 0x21, 0xb8, 0x24, 0xb1, 0xb0, 0x35, 0x5e, 0xc7, 0xbb, 0x5a, 0x86, 0x9e, + 0xfb, 0xd3, 0x8f, 0x5b, 0x7e, +}; + +static byte dh_pub2[] = { + 0x9b, 0xc4, 0xdb, 0x33, 0xc4, 0x96, 0xf4, 0x43, 0xa0, 0x3b, 0x9d, 0x7c, + 0x7d, 0x81, 0x97, 0xf6, 0xb9, 0x94, 0x0f, 0x0f, 0x2e, 0xc1, 0x16, 0xdc, + 0xf6, 0xe3, 0xaf, 0xa1, 0xcd, 0x32, 0xdf, 0xd5, 0xdc, 0x12, 0x93, 0x99, + 0x1d, 0xfb, 0xff, 0x54, 0xdf, 0xf6, 0x24, 0x6a, 0xc2, 0x9e, 0xd0, 0x41, + 0xed, 0x28, 0x23, 0x8d, 0x68, 0x06, 0x57, 0xd6, 0xb6, 0xf1, 0x9a, 0x5d, + 0x41, 0xc7, 0x96, 0xf8, 0xc4, 0x7f, 0xd6, 0x92, 0x97, 0x56, 0x05, 0xd9, + 0x17, 0x46, 0x07, 0x19, 0x0b, 0x08, 0xd5, 0xba, 0x90, 0xd8, 0x40, 0x94, + 0x2d, 0x90, 0x75, 0x01, 0x77, 0xa7, 0x12, 0x82, 0x5b, 0x82, 0x9e, 0x7b, + 0x75, 0x46, 0xce, 0x07, 0x40, 0x9b, 0xbb, 0x10, 0x3d, 0xf7, 0x80, 0xaa, + 0x39, 0xa3, 0x67, 0xfa, 0xd8, 0x07, 0xda, 0x09, 0x92, 0x68, 0x6d, 0xa4, + 0xe2, 0xda, 0xde, 0x6e, 0x98, 0xcd, 0x1e, 0x6d, 0x68, 0x72, 0x0e, 0x68, + 0x1e, 0xaa, 0x72, 0x12, 0x92, 0xe6, 0x96, 0x3d, 0x6c, 0x57, 0xb8, 0x77, + 0x61, 0x6d, 0xb8, 0x6f, 0x1e, 0xbe, 0xd8, 0x2c, 0xdd, 0xc4, 0xe9, 0x38, + 0x77, 0xde, 0x5f, 0x2f, 0xb6, 0x40, 0xf0, 0x30, 0x5b, 0x33, 0x16, 0xd4, + 0xef, 0x74, 0x9f, 0x38, 0xbc, 0x4d, 0x2d, 0xf3, 0x14, 0x8f, 0x38, 0xcc, + 0x6c, 0x8b, 0xad, 0xef, 0x30, 0xee, 0xc0, 0x36, 0x31, 0x6b, 0xc8, 0xb0, + 0x55, 0x44, 0x62, 0xb0, 0x24, 0x70, 0x9f, 0x64, 0x5c, 0xb1, 0x70, 0x19, + 0xfa, 0xd4, 0x8d, 0x23, 0xa8, 0x24, 0x72, 0x49, 0xfd, 0x23, 0x90, 0x18, + 0x99, 0xc1, 0xd0, 0x96, 0x91, 0x5f, 0x62, 0xf9, 0xd7, 0x14, 0xfa, 0x8b, + 0xeb, 0x05, 0x97, 0x03, 0xe1, 0x51, 0xc9, 0x3b, 0x8d, 0x41, 0x86, 0x53, + 0x45, 0xdc, 0x6d, 0xe1, 0xc7, 0x94, 0xfd, 0xdd, 0x57, 0xed, 0xc6, 0xe7, + 0x38, 0x84, 0xf7, 0xeb, +}; + +/* dh1024 p */ +static const byte dh_p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, 0x59, 0x06, 0x3c, 0xbc, + 0x30, 0xd5, 0xf5, 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, 0x5c, 0x91, 0xdd, 0xa2, + 0xc2, 0x94, 0x84, 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, 0xd4, 0x9f, 0x73, 0x07, + 0x85, 0x5b, 0x66, 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, 0x69, 0xd1, 0x17, 0x46, + 0x07, 0xa3, 0x4d, 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, 0xf2, 0x92, 0x1f, 0x1a, + 0x70, 0x05, 0xaa, 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, 0xb7, 0xc8, 0x09, 0xae, + 0x6f, 0x50, 0x35, 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, 0x16, 0x30, 0xdb, 0x0c, + 0xfc, 0xc5, 0x62, 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, 0x00, 0x2b, 0x1b, 0xaa, + 0x6c, 0xe3, 0x1a, 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, 0xd6, 0x30, 0x07, 0x48, + 0xd6, 0x8c, 0x90, 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, 0x4b, 0x63, 0x86, 0x2f, + 0x5c, 0x6b, 0xd6, 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, + 0xaf, 0x00, 0x3f, 0x93, +}; + + +/* simple example of using RSA encrypt with Intel QA */ +int main(int argc, char** argv) +{ + int ret; + WC_ASYNC_DEV dev; + byte out[256]; + word32 outLen = sizeof(out); + byte tmp[256]; + word32 tmpLen = sizeof(tmp); +#ifndef NO_RSA + WC_BIGINT d, n; +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) + WC_BIGINT k, xG, yG, xR, yR, a, b, q; +#endif +#ifndef NO_DH + WC_BIGINT p; +#endif + +#ifdef QAT_DEBUG + wolfSSL_Debugging_ON(); +#endif + + IntelQaInit(NULL); + +#ifdef QAT_ENABLE_RNG + /* DRBG Test */ + IntelQaOpen(&dev, 0); + ret = IntelQaDrbg(&dev, out, sizeof(out)); + printf("RNG1: Ret=%d\n", ret); + + /* call again using same session */ + ret = IntelQaDrbg(&dev, out, sizeof(out)); + printf("RNG2: Ret=%d\n", ret); + IntelQaClose(&dev); +#endif + +#ifndef NO_RSA + IntelQaOpen(&dev, 0); + /* RSA Test */ + dev.event.ret = WC_PENDING_E; + XMEMSET(out, 0, sizeof(out)); + wc_bigint_init(&d); + wc_bigint_init(&n); + wc_bigint_from_unsigned_bin(&d, rsa_d, sizeof(rsa_d)); + wc_bigint_from_unsigned_bin(&n, rsa_n, sizeof(rsa_n)); + ret = IntelQaRsaPrivate(&dev, (byte*)rsa_in, sizeof(rsa_in), &d, &n, out, + &outLen); + if (ret == 0 || ret == WC_PENDING_E) { + ret = IntelQaPollBlockRet(&dev, WC_PENDING_E); + } + printf("RSA Private: Ret=%d, Out Len=%d\n", ret, outLen); + IntelQaClose(&dev); +#endif /* !NO_RSA */ + +#ifndef NO_AES +#ifdef HAVE_AESGCM + /* AES Test */ + IntelQaOpen(&dev, 0); + dev.event.ret = WC_PENDING_E; + tmpLen = sizeof(aesgcm_t); + XMEMSET(out, 0, sizeof(out)); + XMEMSET(tmp, 0, sizeof(tmp)); + + ret = IntelQaSymAesGcmEncrypt(&dev, out, aesgcm_p, sizeof(aesgcm_p), + aesgcm_k, sizeof(aesgcm_k), aesgcm_iv, sizeof(aesgcm_iv), + tmp, tmpLen, aesgcm_a, sizeof(aesgcm_a)); + if (ret == 0 || ret == WC_PENDING_E) { + ret = IntelQaPollBlockRet(&dev, WC_PENDING_E); + } + printf("AES GCM Encrypt: Ret=%d, Tag Len=%d\n", ret, tmpLen); + IntelQaClose(&dev); +#endif /* HAVE_AESGCM */ +#endif /* NO_AES */ + +#ifdef HAVE_ECC +#ifdef HAVE_ECC_DHE + /* ECDHE Test */ + IntelQaOpen(&dev, 0); + dev.event.ret = WC_PENDING_E; + XMEMSET(out, 0, sizeof(out)); + XMEMSET(tmp, 0, sizeof(tmp)); + wc_bigint_init(&xG); + wc_bigint_init(&yG); + wc_bigint_init(&k); + wc_bigint_init(&a); + wc_bigint_init(&b); + wc_bigint_init(&q); + wc_bigint_from_unsigned_bin(&xG, ecc_xg, sizeof(ecc_xg)); + wc_bigint_from_unsigned_bin(&yG, ecc_yg, sizeof(ecc_yg)); + wc_bigint_from_unsigned_bin(&k, ecc_k, sizeof(ecc_k)); + wc_bigint_from_unsigned_bin(&a, ecc_a, sizeof(ecc_a)); + wc_bigint_from_unsigned_bin(&b, ecc_b, sizeof(ecc_b)); + wc_bigint_from_unsigned_bin(&q, ecc_q, sizeof(ecc_q)); + + ret = IntelQaEcdh(&dev, &k, &xG, &yG, out, &outLen, &a, &b, &q, 1); + if (ret == 0 || ret == WC_PENDING_E) { + ret = IntelQaPollBlockRet(&dev, WC_PENDING_E); + } + printf("ECDH: Ret=%d, Result: X Len=%d, Y Len=%d\n", ret, xR.len, yR.len); + IntelQaClose(&dev); +#endif /* HAVE_ECC_DHE */ +#endif /* HAVE_ECC */ + +#ifndef NO_DH + /* DH Test */ + IntelQaOpen(&dev, 0); + dev.event.ret = WC_PENDING_E; + XMEMSET(out, 0, sizeof(out)); + XMEMSET(tmp, 0, sizeof(tmp)); + wc_bigint_init(&p); + wc_bigint_from_unsigned_bin(&p, dh_p, sizeof(dh_p)); + + outLen = 0; + ret = IntelQaDhAgree(&dev, &p, out, &outLen, dh_priv1, sizeof(dh_priv1), + dh_pub2, sizeof(dh_pub2)); + if (ret == 0 || ret == WC_PENDING_E) { + ret = IntelQaPollBlockRet(&dev, WC_PENDING_E); + } + printf("DH Agree1: Ret=%d, Out Len=%d\n", ret, outLen); + + tmpLen = 0; + ret = IntelQaDhAgree(&dev, &p, tmp, &tmpLen, dh_priv2, sizeof(dh_priv2), + dh_pub1, sizeof(dh_pub1)); + if (ret == 0 || ret == WC_PENDING_E) { + ret = IntelQaPollBlockRet(&dev, WC_PENDING_E); + } + printf("DH Agree2: Ret=%d, Out Len=%d\n", ret, tmpLen); + + /* compare results */ + if (ret != 0 || outLen != tmpLen || memcmp(out, tmp, outLen) != 0) { + printf("DH Agree Failed!\n"); + } + else { + printf("DH Agree Match\n"); + } + IntelQaClose(&dev); +#endif /* !NO_DH */ + + (void)tmp; + (void)tmpLen; + + IntelQaDeInit(0); + + return 0; +} + +#endif + +#endif /* HAVE_INTEL_QA */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_mem.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_mem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_mem.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_mem.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1131 @@ +/* quickassist_mem.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#ifdef HAVE_INTEL_QA +#include + +#include +#include + +#include +#include +#include + +/* use thread local for QAE variables (removing mutex requirement) */ +#include /* for threadId tracking */ +#ifdef USE_QAE_THREAD_LS + #define QAE_THREAD_LS THREAD_LS_T +#else + #define QAE_THREAD_LS +#endif + +/* these are used to align memory to a byte boundary */ +#define ALIGNMENT_BASE (16ul) +#define ALIGNMENT_HW (64ul) +#define WOLF_MAGIC_NUM 0xA576F6C6641736EBUL /* (0xA)WolfAsyn(0xB) */ +#define WOLF_HEADER_ALIGN ALIGNMENT_BASE + +#ifndef QAT_V2 +#include +#include +#include +#include +#include +#include +#include + +#ifdef SAL_IOMMU_CODE + #include +#endif + +/* enable fixed static memory instead of dynamic list */ +#ifdef USE_QAE_STATIC_MEM + /* adjustable parameter for the maximum memory allocations */ + #ifndef QAE_USER_MEM_MAX_COUNT + #define QAE_USER_MEM_MAX_COUNT 16000 + #endif + #define MEM_INVALID_IDX -1 +#endif + +#define QAE_MEM "/dev/qae_mem" +#define PAGE_SHIFT 13 +#define PAGE_SIZE (1UL << PAGE_SHIFT) +#define PAGE_MASK (~(PAGE_SIZE-1)) +#define SYSTEM_PAGE_SHIFT 12 +#define SYSTEM_PAGE_SIZE (1UL << SYSTEM_PAGE_SHIFT) +#define SYSTEM_PAGE_MASK (~(SYSTEM_PAGE_SIZE-1)) +#define USER_MEM_OFFSET (128) +#define QAEM_MAGIC_NUM 0xABCD12345678ECDFUL + +/* define types which need to vary between 32 and 64 bit */ +#ifdef __x86_64__ + #define QAE_UINT Cpa64U + #define QAE_INT Cpa64S +#else + #define QAE_UINT Cpa32U + #define QAE_INT Cpa32S +#endif + +/* IOCTL number for use between the kernel and the user space application */ +#define DEV_MEM_MAGIC 'q' +#define DEV_MEM_CMD_MEMALLOC (0) +#define DEV_MEM_CMD_MEMFREE (1) + +/* IOCTL commands for requesting kernel memory */ +#define DEV_MEM_IOC_MEMALLOC \ + _IOWR(DEV_MEM_MAGIC, DEV_MEM_CMD_MEMALLOC, qae_dev_mem_info_t) + +#define DEV_MEM_IOC_MEMFREE \ + _IOWR(DEV_MEM_MAGIC, DEV_MEM_CMD_MEMFREE, qae_dev_mem_info_t) + + +/* local structures */ +#pragma pack(push) +#pragma pack(1) +typedef struct qae_dev_mem_info_s { + union { + struct qae_dev_mem_info_s *pPrev; + uint64_t padding_pPrev; + }; + union { + struct qae_dev_mem_info_s *pNext; + uint64_t padding_pNext; + }; + uint32_t id; + /* Id of this block */ + uint32_t nodeId; + /* Node id for NUMA */ + uint32_t size; + /* Size of this block (bytes) */ + uint32_t available_size; + /* Available size remained on the page */ + uint16_t allocations; + /* Counter keeping track of number of allocations */ + union { + void *kmalloc_ptr; + uint64_t padding_kmalloc_ptr; + }; + /* Pointer to mem originally returned by kmalloc */ + union { + int32_t *kmalloc_area; + uint64_t padding_kamalloc_area; + }; + /* Pointer to kmalloc'd area rounded up to a page boundary */ + uint64_t phy_addr; + /* Physical address of the kmalloc area */ + union { + void *virt_addr; + uint64_t padding_virt_addr; + }; + /* Base address in user space - i.e. virtual address */ +} qae_dev_mem_info_t; + +#ifdef USE_QAE_STATIC_MEM + typedef struct qae_dev_mem_info_ex_s { + qae_dev_mem_info_t mem_info; + int index; /* Index into g_pUserMemList */ + } qae_dev_mem_info_ex_t; +#else + typedef qae_dev_mem_info_t qae_dev_mem_info_ex_t; +#endif + +#pragma pack(pop) + +#endif /* QAT_V2 */ + + +#define QAE_NOT_NUMA_PAGE 0xFFFF +typedef struct qaeMemHeader { +#ifdef WOLFSSL_TRACK_MEMORY + struct qaeMemHeader* next; + struct qaeMemHeader* prev; + #ifdef WOLFSSL_DEBUG_MEMORY + const char* func; + unsigned int line; + #endif +#endif + uint64_t magic; + void* heap; +#ifdef USE_QAE_THREAD_LS + pthread_t threadId; +#endif + size_t size; + word16 count; + word16 isNuma:1; + word16 reservedBits:15; /* use for future bits */ + word16 type; + word16 numa_page_offset; /* use QAE_NOT_NUMA_PAGE if not NUMA */ +} ALIGN16 qaeMemHeader; + +#ifdef WOLFSSL_TRACK_MEMORY + typedef struct qaeMemStats { + long totalAllocs; /* number of allocations */ + long totalDeallocs; /* number of deallocations */ + long totalBytes; /* total number of bytes allocated */ + long peakBytes; /* concurrent max bytes */ + long currentBytes; /* total current bytes in use */ + } qaeMemStats; + + /* track allocations and report at end */ + typedef struct qaeMemList { + qaeMemHeader* head; + qaeMemHeader* tail; + uint32_t count; + } qaeMemList; +#endif /* WOLFSSL_TRACK_MEMORY */ + + +/* local variables */ +#ifndef USE_QAE_THREAD_LS + static pthread_mutex_t g_memLock = PTHREAD_MUTEX_INITIALIZER; +#endif + +#ifndef QAT_V2 +#ifdef USE_QAE_STATIC_MEM + /* Use an array instead of a list */ + static QAE_THREAD_LS qae_dev_mem_info_ex_t* + g_pUserMemList[QAE_USER_MEM_MAX_COUNT]; + /* cache the available sizes to improve userMemLookupBySize performance */ + static QAE_THREAD_LS uint16_t g_avail_size[QAE_USER_MEM_MAX_COUNT]; + /* Count of items in g_pUserMemList and g_avail_size */ + static QAE_THREAD_LS int g_userMemListCount = 0; + static QAE_THREAD_LS int g_lastIndexBySize = 0; +#else + static QAE_THREAD_LS qae_dev_mem_info_t *g_pUserMemList = NULL; + static QAE_THREAD_LS qae_dev_mem_info_t *g_pUserMemListHead = NULL; +#endif + +static int g_qaeMemFd = -1; +#endif /* !QAT_V2 */ + +#ifdef WOLFSSL_TRACK_MEMORY + static qaeMemStats g_memStats; + static qaeMemList g_memList; + static pthread_mutex_t g_memStatLock = PTHREAD_MUTEX_INITIALIZER; +#endif + +/* forward declarations */ +#ifndef QAT_V2 +static void* qaeMemAllocNUMA(Cpa32U size, Cpa32U node, Cpa32U alignment, + word16* p_page_offset); +static void qaeMemFreeNUMA(void** ptr, word16 page_offset); +#endif + +static WC_INLINE int qaeMemTypeIsNuma(int type) +{ + int isNuma = 0; + + switch (type) { + case DYNAMIC_TYPE_ASYNC_NUMA: + case DYNAMIC_TYPE_ASYNC_NUMA64: + case DYNAMIC_TYPE_WOLF_BIGINT: + case DYNAMIC_TYPE_PRIVATE_KEY: + case DYNAMIC_TYPE_PUBLIC_KEY: + case DYNAMIC_TYPE_AES_BUFFER: + case DYNAMIC_TYPE_RSA_BUFFER: + case DYNAMIC_TYPE_ECC_BUFFER: + case DYNAMIC_TYPE_SIGNATURE: + case DYNAMIC_TYPE_DIGEST: + case DYNAMIC_TYPE_SECRET: + case DYNAMIC_TYPE_SEED: + case DYNAMIC_TYPE_SALT: + { + isNuma = 1; + break; + } + case DYNAMIC_TYPE_OUT_BUFFER: + case DYNAMIC_TYPE_IN_BUFFER: + { + #if !defined(WC_ASYNC_NO_CRYPT) && !defined(WC_ASYNC_NO_HASH) + isNuma = 1; + #else + isNuma = 0; + #endif + break; + } + default: + isNuma = 0; + break; + } + return isNuma; +} + + +static void _qaeMemFree(void *ptr, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +) +{ + qaeMemHeader* header = NULL; + size_t size; + void* origPtr = ptr; + + if (ptr == NULL) + return; + + /* adjust for header and align */ + ptr = (byte*)(((size_t)ptr - ((size_t)ptr % WOLF_HEADER_ALIGN)) - + sizeof(qaeMemHeader)); + header = (qaeMemHeader*)ptr; + + /* check for header magic */ + if (header->magic != WOLF_MAGIC_NUM) { + printf("Free: Header magic not found! %p\n", ptr); + return; + } + + /* cache values for later */ + size = header->size; + +#ifdef WOLFSSL_DEBUG_MEMORY +#ifdef WOLFSSL_DEBUG_MEMORY_PRINT + printf("Free: %p (%u) at %s:%d, heap %p, type %d, count %d\n", + origPtr, (unsigned int)size, func, line, heap, type, header->count); +#else + (void)func; + (void)line; +#endif +#endif + (void)type; + + /* adjust free count */ + header->count--; + + /* check header count */ + if (header->count > 0) { + /* go ahead and return if still in use */ + return; + } + +#ifdef WOLFSSL_TRACK_MEMORY + if (pthread_mutex_lock(&g_memStatLock) == 0) { + g_memStats.currentBytes -= size; + g_memStats.totalDeallocs++; + + if (header == g_memList.head && header == g_memList.tail) { + g_memList.head = NULL; + g_memList.tail = NULL; + } + else if (header == g_memList.head) { + g_memList.head = header->next; + g_memList.head->prev = NULL; + } + else if (header == g_memList.tail) { + g_memList.tail = header->prev; + g_memList.tail->next = NULL; + } + else { + qaeMemHeader* next = header->next; + qaeMemHeader* prev = header->prev; + if (next) + next->prev = prev; + if (prev) + prev->next = next; + } + g_memList.count--; + + pthread_mutex_unlock(&g_memStatLock); + } +#endif + + (void)heap; + (void)size; + (void)origPtr; + +#ifdef WOLFSSL_DEBUG_MEMORY + /* make sure magic is gone */ + header->magic = 0; +#endif + + /* free type */ + if (header->isNuma && header->numa_page_offset != QAE_NOT_NUMA_PAGE) { + #ifdef QAT_V2 + qaeMemFreeNUMA(&ptr); + #else + qaeMemFreeNUMA(&ptr, header->numa_page_offset); + #endif + } + else { + free(ptr); + } +} + + +static void* _qaeMemAlloc(size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +) +{ + void* ptr = NULL; + qaeMemHeader* header = NULL; + int isNuma; + int alignment = ALIGNMENT_BASE; + word16 page_offset = QAE_NOT_NUMA_PAGE; + + /* make sure all allocations are aligned */ + if ((size % WOLF_HEADER_ALIGN) != 0) { + size += (WOLF_HEADER_ALIGN - (size % WOLF_HEADER_ALIGN)); + } + + isNuma = qaeMemTypeIsNuma(type); + if (type == DYNAMIC_TYPE_ASYNC_NUMA64) + alignment = ALIGNMENT_HW; + + /* allocate type */ + if (isNuma) { + /* Node is typically 0 */ + #ifdef QAT_V2 + page_offset = 0; + ptr = qaeMemAllocNUMA((Cpa32U)(size + sizeof(qaeMemHeader)), 0, + alignment); + #else + ptr = qaeMemAllocNUMA((Cpa32U)(size + sizeof(qaeMemHeader)), 0, + alignment, &page_offset); + #endif + } + else { + isNuma = 0; + ptr = malloc(size + sizeof(qaeMemHeader)); + } + + /* add header */ + if (ptr) { + header = (qaeMemHeader*)ptr; + ptr = (byte*)ptr + sizeof(qaeMemHeader); + header->magic = WOLF_MAGIC_NUM; + header->heap = heap; + header->size = size; + header->type = type; + header->count = 1; + header->isNuma = isNuma; + header->numa_page_offset = page_offset; + #ifdef USE_QAE_THREAD_LS + header->threadId = pthread_self(); + #endif + + #ifdef WOLFSSL_TRACK_MEMORY + if (pthread_mutex_lock(&g_memStatLock) == 0) { + g_memStats.totalAllocs++; + g_memStats.totalBytes += size; + g_memStats.currentBytes += size; + if (g_memStats.currentBytes > g_memStats.peakBytes) + g_memStats.peakBytes = g_memStats.currentBytes; + + #ifdef WOLFSSL_DEBUG_MEMORY + header->func = func; + header->line = line; + #endif + + /* Setup event */ + header->next = NULL; + if (g_memList.tail == NULL) { + g_memList.head = header; + } + else { + g_memList.tail->next = header; + header->prev = g_memList.tail; + } + g_memList.tail = header; /* add to the end either way */ + g_memList.count++; + + pthread_mutex_unlock(&g_memStatLock); + } + #endif + } + +#ifdef WOLFSSL_DEBUG_MEMORY +#ifdef WOLFSSL_DEBUG_MEMORY_PRINT + printf("Alloc: %p (%u) at %s:%d, heap %p, type %d\n", + ptr, (unsigned int)size, func, line, heap, type); +#else + (void)func; + (void)line; +#endif +#endif + + (void)heap; + + return ptr; +} + +/* Public Functions */ +void* IntelQaMalloc(size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +) +{ + void* ptr; + +#ifndef USE_QAE_THREAD_LS + int ret = pthread_mutex_lock(&g_memLock); + if (ret != 0) { + printf("Alloc: Error(%d) on mutex lock\n", ret); + return NULL; + } +#endif + + ptr = _qaeMemAlloc(size, heap, type + #ifdef WOLFSSL_DEBUG_MEMORY + , func, line + #endif + ); + +#ifndef USE_QAE_THREAD_LS + pthread_mutex_unlock(&g_memLock); +#endif + + return ptr; +} + +void IntelQaFree(void *ptr, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +) +{ +#ifndef USE_QAE_THREAD_LS + int ret = pthread_mutex_lock(&g_memLock); + if (ret != 0) { + printf("Free: Error(%d) on mutex lock\n", ret); + return; + } +#endif + + _qaeMemFree(ptr, heap, type + #ifdef WOLFSSL_DEBUG_MEMORY + , func, line + #endif + ); + +#ifndef USE_QAE_THREAD_LS + pthread_mutex_unlock(&g_memLock); +#endif +} + +void* IntelQaRealloc(void *ptr, size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +) +{ + void* newPtr = NULL; + void* origPtr = ptr; + qaeMemHeader* header = NULL; + byte allocNew = 1; + int newIsNuma = -1, ptrIsNuma = -1; + size_t copySize = 0; + +#ifndef USE_QAE_THREAD_LS + int ret = pthread_mutex_lock(&g_memLock); + if (ret != 0) { + printf("Realloc: Error(%d) on mutex lock\n", ret); + return NULL; + } +#endif + + (void)heap; + + if (ptr) { + /* get header pointer and align */ + header = (qaeMemHeader*)(((size_t)ptr - + ((size_t)ptr % WOLF_HEADER_ALIGN)) - sizeof(qaeMemHeader)); + if (header->magic == WOLF_MAGIC_NUM) { + newIsNuma = qaeMemTypeIsNuma(type); + ptrIsNuma = (header->numa_page_offset != QAE_NOT_NUMA_PAGE) ? 1 : 0; + + /* for non-NUMA, treat as normal REALLOC */ + if (newIsNuma == 0 && ptrIsNuma == 0) { + allocNew = 1; + } + /* confirm input is aligned, otherwise allocate new */ + else if (((size_t)ptr % WOLF_HEADER_ALIGN) != 0) { + allocNew = 1; + } + /* if matching NUMA type and size fits, use existing */ + else if (newIsNuma == ptrIsNuma && header->size >= size) { + + #ifdef USE_QAE_THREAD_LS + if (header->threadId != pthread_self()) { + allocNew = 1; + #if 0 + printf("Realloc %p from different thread! " + "orig %lx this %lx\n", + origPtr, header->threadId, pthread_self()); + #endif + } + else + #endif + { + /* use existing pointer and increment counter */ + header->count++; + newPtr = origPtr; + allocNew = 0; + } + } + + copySize = header->size; + } + else { + copySize = size; + } + } + + if (allocNew) { + newPtr = _qaeMemAlloc(size, heap, type + #ifdef WOLFSSL_DEBUG_MEMORY + , func, line + #endif + ); + if (newPtr && ptr) { + /* only copy min of new and old size to new pointer */ + if (copySize > size) + copySize = size; + XMEMCPY(newPtr, ptr, copySize); + + if (newIsNuma == 0 && ptrIsNuma == 0) { + /* for non-NUMA, treat as normal REALLOC and free old pointer */ + _qaeMemFree(ptr, heap, type + #ifdef WOLFSSL_DEBUG_MEMORY + , func, line + #endif + ); + } + } + } + +#ifndef USE_QAE_THREAD_LS + pthread_mutex_unlock(&g_memLock); +#endif + +#ifdef WOLFSSL_DEBUG_MEMORY +#ifdef WOLFSSL_DEBUG_MEMORY_PRINT + if (allocNew) { + printf("Realloc: New %p -> %p (%u) at %s:%d, heap %p, type %d\n", + origPtr, newPtr, (unsigned int)size, func, line, heap, type); + } + else { + printf("Realloc: Reuse %p (%u) at %s:%d, heap %p, type %d, count %d\n", + origPtr, (unsigned int)size, func, line, + header->heap, header->type, header->count); + } +#else + (void)func; + (void)line; +#endif +#endif + + return newPtr; +} + + +#ifdef WOLFSSL_TRACK_MEMORY +int InitMemoryTracker(void) +{ + if (pthread_mutex_lock(&g_memStatLock) == 0) { + g_memStats.totalAllocs = 0; + g_memStats.totalDeallocs= 0; + g_memStats.totalBytes = 0; + g_memStats.peakBytes = 0; + g_memStats.currentBytes = 0; + + XMEMSET(&g_memList, 0, sizeof(g_memList)); + + pthread_mutex_unlock(&g_memStatLock); + } + + return 0; +} + +void ShowMemoryTracker(void) +{ + if (pthread_mutex_lock(&g_memStatLock) == 0) { + printf("total Allocs = %9ld\n", g_memStats.totalAllocs); + printf("total Deallocs = %9ld\n", g_memStats.totalDeallocs); + printf("total Bytes = %9ld\n", g_memStats.totalBytes); + printf("peak Bytes = %9ld\n", g_memStats.peakBytes); + printf("current Bytes = %9ld\n", g_memStats.currentBytes); + + if (g_memList.count > 0) { + + /* print list of allocations */ + qaeMemHeader* header; + for (header = g_memList.head; + header != NULL; + header = header->next) { + printf("Leak: Ptr %p, Size %u, Type %d, Heap %p" + #ifdef WOLFSSL_DEBUG_MEMORY + ", Func %s, Line %d" + #endif + "\n", + (byte*)header + sizeof(qaeMemHeader), + (unsigned int)header->size, + header->type, header->heap + #ifdef WOLFSSL_DEBUG_MEMORY + , header->func, header->line + #endif + ); + } + } + + pthread_mutex_unlock(&g_memStatLock); + + /* cleanup lock */ + pthread_mutex_destroy(&g_memStatLock); + } +} +#endif /* WOLFSSL_TRACK_MEMORY */ + + + +/************************************** + * Memory functions + *************************************/ + +#ifndef QAT_V2 + +CpaStatus qaeMemInit(void) +{ + if (g_qaeMemFd < 0) { + #ifndef QAT_V2 + g_qaeMemFd = open(QAE_MEM, O_RDWR); + if (g_qaeMemFd < 0) { + printf("unable to open %s %d\n", QAE_MEM, g_qaeMemFd); + return CPA_STATUS_FAIL; + } + #endif + } + + return CPA_STATUS_SUCCESS; +} + +void qaeMemDestroy(void) +{ + close(g_qaeMemFd); + g_qaeMemFd = -1; +} + +#ifdef USE_QAE_STATIC_MEM + +static CpaStatus userMemListAdd(qae_dev_mem_info_t *pMemInfo) +{ + qae_dev_mem_info_ex_t* pMemInfoEx = + (qae_dev_mem_info_ex_t*)pMemInfo->virt_addr; + + if (g_userMemListCount >= QAE_USER_MEM_MAX_COUNT) { + return MEM_INVALID_IDX; + } + g_pUserMemList[g_userMemListCount] = pMemInfoEx; + g_avail_size[g_userMemListCount] = pMemInfoEx->mem_info.available_size; + g_lastIndexBySize = g_userMemListCount; + g_userMemListCount++; + return CPA_STATUS_SUCCESS; +} + +static void userMemListFree(qae_dev_mem_info_t *pMemInfo, int memIdx) +{ + if (memIdx < 0 || memIdx >= g_userMemListCount || + g_userMemListCount >= QAE_USER_MEM_MAX_COUNT) { + return; + } + + if (memIdx < g_userMemListCount - 1) { + /* Replace the deleted index with the last one */ + g_pUserMemList[memIdx] = g_pUserMemList[g_userMemListCount - 1]; + g_avail_size[memIdx] = g_avail_size[g_userMemListCount - 1]; + + g_pUserMemList[memIdx]->index = memIdx; + } + g_userMemListCount--; + (void)pMemInfo; +} + +static qae_dev_mem_info_t* userMemLookupBySize(Cpa32U size, int* pMemIdx) +{ + int memIdx; + int count = g_userMemListCount; + int lastIndex = g_lastIndexBySize; + uint16_t *available_size = g_avail_size; + + for (memIdx = lastIndex; memIdx < count; memIdx++) { + if (available_size[memIdx] >= size) { + g_lastIndexBySize = memIdx; + if (pMemIdx) + *pMemIdx = memIdx; + return (qae_dev_mem_info_t *)g_pUserMemList[memIdx]; + } + } + for (memIdx = 0; memIdx < lastIndex && memIdx < count; memIdx++) { + if (available_size[memIdx] >= size) { + g_lastIndexBySize = memIdx; + if (pMemIdx) + *pMemIdx = memIdx; + return (qae_dev_mem_info_t *)g_pUserMemList[memIdx]; + } + } + + return NULL; +} + +static qae_dev_mem_info_t* userMemLookupByVirtAddr(void* virt_addr, + uint32_t page_offset, int* pMemIdx) +{ + qae_dev_mem_info_ex_t *pMemInfoEx = NULL; + void *pageVirtAddr; + int memIdx; + + /* Find the base page virtual address */ + pageVirtAddr = (void *)(((QAE_UINT)virt_addr & SYSTEM_PAGE_MASK) - + (page_offset << SYSTEM_PAGE_SHIFT)); + pMemInfoEx = (qae_dev_mem_info_ex_t*)pageVirtAddr; + + /* Find the index in g_pUserMemList stored directly in + * qae_dev_mem_info_ex_t */ + memIdx = pMemInfoEx->index; + if (memIdx < 0 || memIdx >= g_userMemListCount) { + printf("userMemIndex out of bounds: %d\n", memIdx); + return NULL; + } + + if (g_pUserMemList[memIdx] != pMemInfoEx) { + printf("userMemIndex virtual address mismatch (memIdx = %d, %p)\n", + memIdx, pageVirtAddr); + return NULL; + } + + if (pMemIdx) + *pMemIdx = memIdx; + + return (qae_dev_mem_info_t*)pMemInfoEx; +} + +#else + +static CpaStatus userMemListAdd(qae_dev_mem_info_t *pMemInfo) +{ + if (g_pUserMemList == NULL) { + g_pUserMemList = pMemInfo; + pMemInfo->pNext = NULL; + pMemInfo->pPrev = NULL; + g_pUserMemListHead = g_pUserMemList; + } + else { + pMemInfo->pPrev = g_pUserMemList; + g_pUserMemList->pNext = pMemInfo; + pMemInfo->pNext = NULL; + g_pUserMemList = pMemInfo; + } + + return CPA_STATUS_SUCCESS; +} + +static void userMemListFree(qae_dev_mem_info_t *pMemInfo) +{ + qae_dev_mem_info_t *pCurr = NULL; + for (pCurr = g_pUserMemListHead; pCurr != NULL; pCurr = pCurr->pNext) { + if (pCurr == pMemInfo) { + /* If the previous pointer is not NULL */ + if (pCurr->pPrev != NULL) { + pCurr->pPrev->pNext = pCurr->pNext; + if (pCurr->pNext) { + pCurr->pNext->pPrev = pCurr->pPrev; + } else { + g_pUserMemList = pCurr->pPrev; + } + } else if (pCurr->pNext != NULL) { + pCurr->pNext->pPrev = NULL; + g_pUserMemListHead = pCurr->pNext; + } else { + g_pUserMemList = NULL; + g_pUserMemListHead = NULL; + } + break; + } + } +} + + +static qae_dev_mem_info_t* userMemLookupBySize(Cpa32U size) +{ + qae_dev_mem_info_t *pCurr = NULL; + for (pCurr = g_pUserMemListHead; pCurr != NULL; pCurr = pCurr->pNext) { + if (pCurr->available_size >= size) { + return pCurr; + } + } + return NULL; +} + +static qae_dev_mem_info_t* userMemLookupByVirtAddr(void* virt_addr, + uint32_t page_offset) +{ + qae_dev_mem_info_t *pCurr = NULL; + for (pCurr = g_pUserMemListHead; pCurr != NULL; pCurr = pCurr->pNext) { + if ((QAE_UINT)pCurr->virt_addr <= (QAE_UINT)virt_addr && + ((QAE_UINT)pCurr->virt_addr + pCurr->size) > (QAE_UINT)virt_addr) { + return pCurr; + } + } + (void)page_offset; + return NULL; +} + +#endif + + +static void* qaeMemAllocNUMA(Cpa32U size, Cpa32U node, Cpa32U alignment, + word16* p_page_offset) +{ + int ret = 0; + qae_dev_mem_info_t* pMemInfo = NULL; + void* pVirtAddress = NULL; + void* pOriginalAddress = NULL; + QAE_UINT padding = 0; + QAE_UINT aligned_address = 0; + const uint64_t magic = QAEM_MAGIC_NUM; +#ifdef USE_QAE_STATIC_MEM + int memIdx; + qae_dev_mem_info_t memInfo; + qae_dev_mem_info_ex_t* pMemInfoEx; +#endif + + if (size == 0 || alignment == 0) { + printf("Invalid size or alignment parameter\n"); + return NULL; + } + if (g_qaeMemFd < 0) { + qaeMemInit(); + } + + if ( (pMemInfo = userMemLookupBySize(size + alignment + #ifdef USE_QAE_STATIC_MEM + , &memIdx + #endif + )) != NULL) + { + /* calculate address */ + pOriginalAddress = (void*)((QAE_UINT)pMemInfo->virt_addr + + (QAE_UINT)(pMemInfo->size - pMemInfo->available_size)); + /* calculate aligned address */ + padding = (QAE_UINT)pOriginalAddress % alignment; + aligned_address = ((QAE_UINT)pOriginalAddress) - padding + alignment; + + /* reduce available size */ + pMemInfo->available_size -= (size + (aligned_address - + (QAE_UINT)pOriginalAddress)); + pMemInfo->allocations += 1; + + #ifdef USE_QAE_STATIC_MEM + /* cache index's available size */ + g_avail_size[memIdx] = pMemInfo->available_size; + #endif + + *p_page_offset = (word16)( + (QAE_UINT)aligned_address >> SYSTEM_PAGE_SHIFT) - + ((QAE_UINT)pMemInfo->virt_addr >> SYSTEM_PAGE_SHIFT); + + return (void*)aligned_address; + } + +#ifdef USE_QAE_STATIC_MEM + pMemInfo = &memInfo; +#else + pMemInfo = malloc(sizeof(qae_dev_mem_info_t)); + if (pMemInfo == NULL) { + printf("unable to allocate pMemInfo buffer\n"); + return NULL; + } +#endif + + pMemInfo->allocations = 0; + pMemInfo->size = USER_MEM_OFFSET + size; + pMemInfo->size = pMemInfo->size % PAGE_SIZE ? + ((pMemInfo->size / PAGE_SIZE) + 1) * PAGE_SIZE : + pMemInfo->size; +#ifdef SAL_IOMMU_CODE + pMemInfo->size = icp_sal_iommu_get_remap_size(pMemInfo->size); +#endif + pMemInfo->nodeId = node; + + ret = ioctl(g_qaeMemFd, DEV_MEM_IOC_MEMALLOC, pMemInfo); + if (ret != 0) { + printf("ioctl call failed: ret %d, errno %d (%s)\n", + ret, errno, strerror(errno)); + return NULL; + } + + pMemInfo->virt_addr = mmap((caddr_t)0, pMemInfo->size, + PROT_READ|PROT_WRITE, MAP_SHARED, g_qaeMemFd, + (pMemInfo->id * getpagesize())); + + if (pMemInfo->virt_addr == (caddr_t)MAP_FAILED) { + printf("mmap failed\n"); + ret = ioctl(g_qaeMemFd, DEV_MEM_IOC_MEMFREE, pMemInfo); + if (ret != 0) { + printf("ioctl call failed: ret %d, errno %d (%s)\n", + ret, errno, strerror(errno)); + } + #ifndef USE_QAE_STATIC_MEM + free(pMemInfo); + #endif + return NULL; + } + + pMemInfo->available_size = pMemInfo->size - size - USER_MEM_OFFSET; + pMemInfo->allocations = 1; + memcpy(pMemInfo->virt_addr, pMemInfo, sizeof(qae_dev_mem_info_t)); +#ifdef USE_QAE_STATIC_MEM + pMemInfoEx = (qae_dev_mem_info_ex_t *)pMemInfo->virt_addr; + pMemInfoEx->index = g_userMemListCount; +#endif + memcpy(pMemInfo->virt_addr, &magic, sizeof(uint64_t)); + pVirtAddress = (void *)((QAE_UINT)pMemInfo->virt_addr + + USER_MEM_OFFSET); + + if (userMemListAdd(pMemInfo) != CPA_STATUS_SUCCESS) { + printf("Error on mem list add\n"); + #ifndef USE_QAE_STATIC_MEM + free(pMemInfo); + #endif + return NULL; + } + + *p_page_offset = 0; + return pVirtAddress; +} + +static void qaeMemFreeNUMA(void** ptr, word16 page_offset) +{ + int ret = 0; + qae_dev_mem_info_t *pMemInfo = NULL; + void* pVirtAddress = NULL; +#ifdef USE_QAE_STATIC_MEM + qae_dev_mem_info_t memInfo; /* temp buffer */ + int memIdx; +#endif + + if (ptr == NULL) + return; + + pVirtAddress = *ptr; + if (pVirtAddress == NULL) { + printf("qaeMemFreeNUMA: Invalid virtual address\n"); + return; + } + + if ((pMemInfo = userMemLookupByVirtAddr(pVirtAddress, page_offset + #ifdef USE_QAE_STATIC_MEM + , &memIdx + #endif + )) != NULL) + { + pMemInfo->allocations -= 1; + + #ifdef USE_QAE_STATIC_MEM + if (memIdx < QAE_USER_MEM_MAX_COUNT && pMemInfo->allocations == 0) { + pMemInfo->available_size = pMemInfo->size - USER_MEM_OFFSET; + g_avail_size[memIdx] = pMemInfo->available_size; + } + #endif + + if (pMemInfo->allocations != 0 + #ifdef USE_QAE_STATIC_MEM + || memIdx < QAE_USER_MEM_MAX_COUNT + #endif + ) { + *ptr = NULL; + return; + } + } + else { + printf("userMemLookupByVirtAddr failed\n"); + return; + } + +#ifdef USE_QAE_STATIC_MEM + /* use a temp copy of memory info */ + memInfo = *pMemInfo; + userMemListFree(pMemInfo->virt_addr, memIdx); + pMemInfo = &memInfo; +#endif + + ret = munmap(pMemInfo->virt_addr, pMemInfo->size); + if (ret != 0) { + printf("munmap failed, ret = %d\n",ret); + } + + ret = ioctl(g_qaeMemFd, DEV_MEM_IOC_MEMFREE, pMemInfo); + if (ret != 0) { + printf("ioctl call failed, ret = %d\n",ret); + } + +#ifndef USE_QAE_STATIC_MEM + userMemListFree(pMemInfo); + free(pMemInfo); +#endif + + *ptr = NULL; + + return; +} + +QAE_PHYS_ADDR qaeVirtToPhysNUMA(void* pVirtAddress) +{ + qae_dev_mem_info_t *pMemInfo = NULL; + void *pVirtPageAddress = NULL; + QAE_UINT offset = 0; + uint64_t *magic; + + if (pVirtAddress == NULL) { + printf("qaeVirtToPhysNUMA: Null virtual address pointer\n"); + return (QAE_PHYS_ADDR)0; + } + + pVirtPageAddress = ((int *)((( + (QAE_UINT)pVirtAddress)) & (SYSTEM_PAGE_MASK))); + + offset = (QAE_UINT)pVirtAddress - (QAE_UINT)pVirtPageAddress; + do { + pMemInfo = (qae_dev_mem_info_t *)pVirtPageAddress; + magic = (uint64_t *)pMemInfo; + if ((QAEM_MAGIC_NUM == *magic) && + (pMemInfo->virt_addr == pVirtPageAddress)) { + break; + } + pVirtPageAddress = (void*)( + (QAE_UINT)pVirtPageAddress - SYSTEM_PAGE_SIZE); + + offset += SYSTEM_PAGE_SIZE; + } while (pMemInfo->virt_addr != pVirtPageAddress); + + return (QAE_PHYS_ADDR)(pMemInfo->phy_addr + offset); +} +#endif /* !QAT_V2 */ + +#endif /* HAVE_INTEL_QA */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_sync.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_sync.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_sync.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/intel/quickassist_sync.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* quickassist_sync.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/iotsafe/iotsafe.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* iotsafe.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -198,7 +198,7 @@ int i = 0; uint8_t t; uint8_t l; - while (i < size) { + while (i <= size - 4) { if (hex_to_bytes(&haystack[i], &t, 1) < 0) return NULL; if (hex_to_bytes(&haystack[i + 2], &l, 1) < 0) @@ -277,6 +277,9 @@ return BAD_FUNC_ARG; } + if ((int)cur_lc + 1 + taglen_size + len > 0xFF) { + return BAD_FUNC_ARG; + } /* Increase Lc and CSIM length according to the TLV len */ cur_lc += 1 + taglen_size + len; cur_csim_len += 2 + (2 * taglen_size) + 2*len; @@ -457,7 +460,7 @@ return ret; } - filesz_s = search_tlv(resp + 4, ret, 0x20); + filesz_s = search_tlv(resp + 4, ret - 4, 0x20); if ((filesz_s) && (XSTRLEN(filesz_s)) >= 8) { uint8_t fs_msb, fs_lsb; if (hex_to_bytes(filesz_s + 4, &fs_msb, 1) < 0) @@ -486,7 +489,7 @@ iotsafe_cmd_add_tlv(csim_cmd, IOTSAFE_TAG_FILE_ID, file_id_sz, file_id); iotsafe_cmd_complete(csim_cmd); ret = expect_csim_response(csim_cmd, (word32)XSTRLEN(csim_cmd), &resp); - if (ret > 0) { + if (ret >= 2) { if (ret > 2 * (file_sz - off)) ret = 2 * (file_sz - off); if (hex_to_bytes(resp, content + off, (ret / 2)) < 0) { @@ -494,7 +497,7 @@ } off += ret/2; #ifdef IOTSAFE_NO_GETDATA - if (XSTRNCMP(&resp[ret-4], "0000", 4) == 0) { + if (ret >= 4 && XSTRNCMP(&resp[ret-4], "0000", 4) == 0) { /* Strip trailing zeros */ int idx = 0; for (idx = 0; idx < off-1; idx+=2) { @@ -525,7 +528,8 @@ int ret; int i; byte len = (byte)sz; - if (sz == 0) { + + if (sz == 0 || sz > 255) { return BAD_FUNC_ARG; } if (!wolfIoT_initialized) { @@ -553,9 +557,7 @@ /* Send an empty command until the applet is responsive again */ for (i = 0; i < IOTSAFE_MAX_RETRIES; i++) { - if (expect_tok(NULL, 0, NULL, NULL) < 0) { - ret = WC_HW_E; - } + (void)expect_tok(NULL, 0, NULL, NULL); } return ret; } @@ -597,6 +599,11 @@ WOLFSSL_MSG("Cannot initialize ecc key to store IoTSafe public key"); return -1; } + if ((int)(payload_str - resp) + 6 + (int)(IOTSAFE_ECC_KSIZE * 4) > len) { + WOLFSSL_MSG("IoT safe: response too short for key data"); + wc_ecc_free(key); + return BAD_STATE_E; + } XSTRNCPY(Qx, payload_str + 6, IOTSAFE_ECC_KSIZE * 2); XSTRNCPY(Qy, payload_str + 6 + IOTSAFE_ECC_KSIZE * 2, IOTSAFE_ECC_KSIZE * 2); @@ -878,19 +885,27 @@ #ifdef IOTSAFE_SIG_8BIT_LENGTH else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && (sig_hdr[1] == 2 * IOTSAFE_ECC_KSIZE)) { - XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2); - XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2, - IOTSAFE_ECC_KSIZE * 2); - ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); + if (ret < 4 + (int)(IOTSAFE_ECC_KSIZE * 4)) { + ret = WC_HW_E; + } else { + XSTRNCPY(R, resp + 4, IOTSAFE_ECC_KSIZE * 2); + XSTRNCPY(S, resp + 4 + IOTSAFE_ECC_KSIZE * 2, + IOTSAFE_ECC_KSIZE * 2); + ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); + } } #endif else if ((sig_hdr[0] == IOTSAFE_TAG_SIGNATURE_FIELD) && (sig_hdr[1] == 0) && (sig_hdr[2] == 2 * IOTSAFE_ECC_KSIZE)) { - XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2); - XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2, - IOTSAFE_ECC_KSIZE * 2); - ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); + if (ret < 6 + (int)(IOTSAFE_ECC_KSIZE * 4)) { + ret = WC_HW_E; + } else { + XSTRNCPY(R, resp + 6, IOTSAFE_ECC_KSIZE * 2); + XSTRNCPY(S, resp + 6 + IOTSAFE_ECC_KSIZE * 2, + IOTSAFE_ECC_KSIZE * 2); + ret = wc_ecc_rs_to_sig(R, S, signature, sigLen); + } } else { ret = WC_HW_E; WOLFSSL_MSG("Invalid response from EC sign update"); @@ -1068,6 +1083,7 @@ } #ifdef HAVE_HKDF +/* ikm will not be NULL. */ static int wolfIoT_hkdf_extract(byte* prk, const byte* salt, word32 saltLen, byte* ikm, word32 ikmLen, int digest, void* ctx) { @@ -1351,6 +1367,8 @@ if (ret <= 0) { WOLFSSL_MSG("Unexpected reply in ECDH command"); ret = WC_HW_E; + } else if ((word32)(ret / 2) > *outlen) { + ret = BUFFER_E; } else { int out_len = hex_to_bytes(resp, out, ret / 2); if (out_len < 0) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,7 +57,8 @@ int ret = 0; struct iovec iov; - if (aes == NULL || out == NULL || in == NULL) { + if (aes == NULL || out == NULL || in == NULL || + sz % WC_AES_BLOCK_SIZE != 0) { ret = BAD_FUNC_ARG; } @@ -270,13 +271,13 @@ } #else ret = posix_memalign((void*)&data, pageSz, dataSz); - if (ret < 0) { + if (ret != 0) { ret = MEMORY_E; } #endif } - if (ret >= 0) { + if (ret == 0) { ret = kcapi_aead_setkey(aes->handle, (byte*)aes->devKey, aes->keylen); if (ret != 0) { WOLFSSL_MSG("GcmEncrypt set key failed"); @@ -292,8 +293,10 @@ if (ret == 0) { kcapi_aead_setassoclen(aes->handle, authInSz); - XMEMCPY(data, authIn, authInSz); - XMEMCPY(data + authInSz, in, sz); + if (authInSz > 0) + XMEMCPY(data, authIn, authInSz); + if (sz > 0) + XMEMCPY(data + authInSz, in, sz); ret = (int)kcapi_aead_encrypt(aes->handle, data, inbuflen, iv, data, outbuflen, KCAPI_ACCESS_HEURISTIC); @@ -383,13 +386,13 @@ } #else ret = posix_memalign((void*)&data, pageSz, dataSz); - if (ret < 0) { + if (ret != 0) { ret = MEMORY_E; } #endif } - if (ret >= 0) { + if (ret == 0) { ret = kcapi_aead_setkey(aes->handle, (byte*)aes->devKey, aes->keylen); if (ret != 0) { WOLFSSL_MSG("GcmDecrypt set key failed"); @@ -402,8 +405,10 @@ if (ret == 0) { kcapi_aead_setassoclen(aes->handle, authInSz); - XMEMCPY(data, authIn, authInSz); - XMEMCPY(data + authInSz, in, sz); + if (authInSz > 0) + XMEMCPY(data, authIn, authInSz); + if (sz > 0) + XMEMCPY(data + authInSz, in, sz); XMEMCPY(data + authInSz + sz, authTag, authTagSz); ret = (int)kcapi_aead_decrypt(aes->handle, data, inbuflen, iv, data, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_dh.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_dh.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_dh.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_dh.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_dh.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -94,6 +94,10 @@ if (ret == 0) { ret = (int)kcapi_kpp_keygen(key->handle, pub, *pubSz, KCAPI_ACCESS_HEURISTIC); + if (ret >= 0) { + *pubSz = ret; + ret = 0; + } } return ret; @@ -103,7 +107,7 @@ static int KcapiDh_SetPrivKey(DhKey* key) { int ret; - unsigned char* priv; + unsigned char* priv = NULL; int len; len = ret = mp_unsigned_bin_size(&key->priv); @@ -123,6 +127,10 @@ } } + if (priv != NULL) { + ForceZero(priv, len); + XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } #endif @@ -143,7 +151,7 @@ } #ifdef WOLFSSL_DH_EXTRA - if (!mp_iszero(&private_key->priv)) { + if (ret == 0 && !mp_iszero(&private_key->priv)) { ret = KcapiDh_SetPrivKey(private_key); } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_ecc.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_ecc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_ecc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_ecc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_ecc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -120,6 +120,7 @@ if (ret == 0) { ret = kcapi_kpp_setkey(key->handle, priv, keySz); } + ForceZero(priv, sizeof(priv)); } else { /* generate new ephemeral key */ @@ -166,7 +167,7 @@ /* check arguments */ if (key == NULL || key->dp == NULL) { - ret = BAD_FUNC_ARG; + return BAD_FUNC_ARG; } ret = KcapiEcc_LoadKey(key, key->pubkey_raw, &pubkey_sz, 0); @@ -241,6 +242,7 @@ ret = 0; } } + ForceZero(priv, sizeof(priv)); } if (ret == 0) { #ifdef KCAPI_USE_XMALLOC @@ -317,6 +319,7 @@ } } + ForceZero(priv, sizeof(priv)); return ret; } @@ -389,7 +392,7 @@ } if (handleInit) { - kcapi_kpp_destroy(key->handle); + kcapi_akcipher_destroy(key->handle); key->handle = NULL; } @@ -489,7 +492,7 @@ } if (handleInit) { - kcapi_kpp_destroy(key->handle); + kcapi_akcipher_destroy(key->handle); key->handle = NULL; } return ret; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -92,7 +92,10 @@ #ifdef WOLFSSL_KCAPI_HASH_KEEP if (ret == 0) { /* keep full message to hash at end instead of incremental updates */ - if (hash->len < hash->used + sz) { + if (hash->used + sz < sz) { + ret = MEMORY_E; + } + else if (hash->len < hash->used + sz) { if (hash->msg == NULL) { hash->msg = (byte*)XMALLOC(hash->used + sz, hash->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -156,7 +159,12 @@ heap = hash->heap; /* keep because KcapiHashInit clears the pointer */ #ifdef WOLFSSL_KCAPI_HASH_KEEP /* keep full message to out at end instead of incremental updates */ - ret = (int)kcapi_md_update(hash->handle, hash->msg, hash->used); + if (hash->used > 0) { + ret = (int)kcapi_md_update(hash->handle, hash->msg, hash->used); + if (ret > 0) { + ret = 0; + } + } XFREE(hash->msg, heap, DYNAMIC_TYPE_TMP_BUFFER); hash->msg = NULL; if (ret == 0) @@ -190,8 +198,13 @@ ret = kcapi_md_init(&hash->handle, hash->type, 0); } if (ret == 0) { - ret = (int)kcapi_md_update(hash->handle, hash->msg, hash->used); - if (ret >= 0) { + if (hash->used > 0) { + ret = (int)kcapi_md_update(hash->handle, hash->msg, hash->used); + if (ret > 0) { + ret = 0; + } + } + if (ret == 0) { ret = (int)kcapi_md_final(hash->handle, out, outSz); if (ret >= 0) { ret = 0; @@ -475,7 +488,7 @@ if (sha == NULL) { return BAD_FUNC_ARG; } - return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE, + return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_224_DIGEST_SIZE, WC_NAME_SHA512_224); } int wc_Sha512_224GetHash(wc_Sha512* sha, byte* hash) @@ -483,7 +496,7 @@ if (sha == NULL) { return BAD_FUNC_ARG; } - return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE); + return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_224_DIGEST_SIZE); } @@ -514,7 +527,7 @@ if (sha == NULL) { return BAD_FUNC_ARG; } - return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE, + return KcapiHashFinal(&sha->kcapi, hash, WC_SHA512_256_DIGEST_SIZE, WC_NAME_SHA512_256); } int wc_Sha512_256GetHash(wc_Sha512* sha, byte* hash) @@ -522,7 +535,7 @@ if (sha == NULL) { return BAD_FUNC_ARG; } - return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_DIGEST_SIZE); + return KcapiHashGet(&sha->kcapi, hash, WC_SHA512_256_DIGEST_SIZE); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hmac.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hmac.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hmac.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_hmac.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_hmac.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -158,18 +158,24 @@ ret = BAD_FUNC_ARG; break; } - hmac->macType = type; } - if (hmac->handle != NULL) { - kcapi_md_destroy(hmac->handle); - hmac->handle = NULL; - } if (ret == 0) { + if (hmac->handle != NULL) { + kcapi_md_destroy(hmac->handle); + hmac->handle = NULL; + } ret = kcapi_md_init(&hmac->handle, ciphername, 0); } if (ret == 0) { ret = kcapi_md_setkey(hmac->handle, key, length); + if (ret != 0) { + kcapi_md_destroy(hmac->handle); + hmac->handle = NULL; + } + } + if (ret == 0) { + hmac->macType = type; } return ret; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/kcapi/kcapi_rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,12 +44,14 @@ int ret = 0; unsigned char* priv = NULL; int len; + int allocSz = 0; len = wc_RsaKeyToDer(key, NULL, 0); if (len < 0) { ret = len; } if (ret == 0) { + allocSz = len; priv = (unsigned char*)XMALLOC(len, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { ret = MEMORY_E; @@ -69,7 +71,10 @@ } } - XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (priv != NULL) { + ForceZero(priv, allocSz); + XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/liboqs/liboqs.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* liboqs.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/max3266x.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/max3266x.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/max3266x.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/max3266x.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* max3266x.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,7 +34,7 @@ #include #include #include - +#include #ifdef NO_INLINE #include #else @@ -136,116 +136,207 @@ #ifdef MAX3266X_SHA_CB +/* Shared callback handler: Update grows buffer, Final computes hash. */ +static int wc_MxcShaCbDispatch(byte** msg, word32* used, word32* len, + void* heap, const byte* in, word32 inSz, + byte* digest, MXC_TPU_HASH_TYPE algo) +{ + if (in != NULL && digest == NULL) { + MAX3266X_MSG("Update CB"); + return _wc_Hash_Grow(msg, used, len, in, (int)inSz, heap); + } + if (in == NULL && digest != NULL) { + MAX3266X_MSG("Final CB"); + return wc_MXC_TPU_SHA_Final(msg, used, len, heap, digest, algo); + } + if (inSz == 0) { + return 0; /* Don't need to Update when Size is Zero */ + } + return BAD_FUNC_ARG; +} + int wc_MxcShaCryptoCb(wc_CryptoInfo* info) { switch (info->hash.type) { #ifndef NO_SHA case WC_HASH_TYPE_SHA: - MAX3266X_MSG("SHA-1 CB:"); - /* Update Case */ - if (info->hash.in != NULL && info->hash.digest == NULL) { - MAX3266X_MSG("Update CB"); - return wc_MXC_TPU_SHA_Update(&(info->hash.sha1->mxcCtx), - info->hash.in, info->hash.inSz); - } - /* Sha 1 Final Case */ - if (info->hash.in == NULL && info->hash.digest != NULL) { - MAX3266X_MSG("Final CB"); - return wc_MXC_TPU_SHA_Final(&(info->hash.sha1->mxcCtx), - info->hash.digest, - MXC_TPU_HASH_SHA1); - } - break; /* Break Out and Return Error */ + return wc_MxcShaCbDispatch(&info->hash.sha1->msg, + &info->hash.sha1->used, &info->hash.sha1->len, + info->hash.sha1->heap, info->hash.in, + info->hash.inSz, info->hash.digest, + MXC_TPU_HASH_SHA1); #endif #ifdef WOLFSSL_SHA224 case WC_HASH_TYPE_SHA224: - MAX3266X_MSG("SHA-224 CB:"); - /* Update Case */ - if (info->hash.in != NULL && info->hash.digest == NULL) { - MAX3266X_MSG("Update CB"); - return wc_MXC_TPU_SHA_Update(&(info->hash.sha224->mxcCtx), - info->hash.in, info->hash.inSz); - } - /* Sha 256 Final Case */ - if (info->hash.in == NULL && info->hash.digest != NULL) { - MAX3266X_MSG("Final CB"); - return wc_MXC_TPU_SHA_Final(&(info->hash.sha224->mxcCtx), - info->hash.digest, - MXC_TPU_HASH_SHA224); - } - break; /* Break Out and Return Error */ + return wc_MxcShaCbDispatch(&info->hash.sha224->msg, + &info->hash.sha224->used, &info->hash.sha224->len, + info->hash.sha224->heap, info->hash.in, + info->hash.inSz, info->hash.digest, + MXC_TPU_HASH_SHA224); #endif #ifndef NO_SHA256 case WC_HASH_TYPE_SHA256: - MAX3266X_MSG("SHA-256 CB:"); - /* Update Case */ - if (info->hash.in != NULL && info->hash.digest == NULL) { - MAX3266X_MSG("Update CB"); - return wc_MXC_TPU_SHA_Update(&(info->hash.sha256->mxcCtx), - info->hash.in, info->hash.inSz); - } - /* Sha 256 Final Case */ - if (info->hash.in == NULL && info->hash.digest != NULL) { - MAX3266X_MSG("Final CB"); - return wc_MXC_TPU_SHA_Final(&(info->hash.sha256->mxcCtx), - info->hash.digest, - MXC_TPU_HASH_SHA256); - } - break; /* Break Out and Return Error */ + return wc_MxcShaCbDispatch(&info->hash.sha256->msg, + &info->hash.sha256->used, &info->hash.sha256->len, + info->hash.sha256->heap, info->hash.in, + info->hash.inSz, info->hash.digest, + MXC_TPU_HASH_SHA256); #endif #ifdef WOLFSSL_SHA384 case WC_HASH_TYPE_SHA384: - MAX3266X_MSG("SHA-384 CB:"); - /* Update Case */ - if (info->hash.in != NULL && info->hash.digest == NULL) { - MAX3266X_MSG("Update CB"); - return wc_MXC_TPU_SHA_Update(&(info->hash.sha384->mxcCtx), - info->hash.in, info->hash.inSz); - } - /* Sha 384 Final Case */ - if (info->hash.in == NULL && info->hash.digest != NULL) { - MAX3266X_MSG("Final CB"); - return wc_MXC_TPU_SHA_Final(&(info->hash.sha384->mxcCtx), - info->hash.digest, - MXC_TPU_HASH_SHA384); - } - break; /* Break Out and Return Error */ + return wc_MxcShaCbDispatch(&info->hash.sha384->msg, + &info->hash.sha384->used, &info->hash.sha384->len, + info->hash.sha384->heap, info->hash.in, + info->hash.inSz, info->hash.digest, + MXC_TPU_HASH_SHA384); #endif #ifdef WOLFSSL_SHA512 case WC_HASH_TYPE_SHA512: - MAX3266X_MSG("SHA-512 CB:"); - /* Update Case */ - if (info->hash.in != NULL && info->hash.digest == NULL) { - MAX3266X_MSG("Update CB"); - return wc_MXC_TPU_SHA_Update(&(info->hash.sha512->mxcCtx), - info->hash.in, info->hash.inSz); - } - /* Sha 512 Final Case */ - if (info->hash.in == NULL && info->hash.digest != NULL) { - MAX3266X_MSG("Final CB"); - return wc_MXC_TPU_SHA_Final(&(info->hash.sha512->mxcCtx), - info->hash.digest, - MXC_TPU_HASH_SHA512); - } - break; /* Break Out and Return Error */ + return wc_MxcShaCbDispatch(&info->hash.sha512->msg, + &info->hash.sha512->used, &info->hash.sha512->len, + info->hash.sha512->heap, info->hash.in, + info->hash.inSz, info->hash.digest, + MXC_TPU_HASH_SHA512); #endif default: - /* Hash type not supported */ return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); } - if (info->hash.inSz == 0) { - return 0; /* Dont need to Update when Size is Zero */ +} +#endif /* MAX3266X_SHA_CB */ + +#ifdef WOLF_CRYPTO_CB_COPY +static int wc_MxcCopyCb(wc_CryptoInfo* info) +{ + if (info == NULL || info->copy.src == NULL || info->copy.dst == NULL) { + return BAD_FUNC_ARG; + } + + switch (info->copy.type) { +#ifdef MAX3266X_SHA_CB + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + return wc_MXC_TPU_SHA_Copy(info->copy.src, info->copy.dst, + sizeof(wc_Sha), + &((wc_Sha*)info->copy.dst)->msg, + &((wc_Sha*)info->copy.dst)->used, + &((wc_Sha*)info->copy.dst)->len, + ((wc_Sha*)info->copy.dst)->heap, + ((wc_Sha*)info->copy.src)->heap); + #endif + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + return wc_MXC_TPU_SHA_Copy(info->copy.src, info->copy.dst, + sizeof(wc_Sha224), + &((wc_Sha224*)info->copy.dst)->msg, + &((wc_Sha224*)info->copy.dst)->used, + &((wc_Sha224*)info->copy.dst)->len, + ((wc_Sha224*)info->copy.dst)->heap, + ((wc_Sha224*)info->copy.src)->heap); + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + return wc_MXC_TPU_SHA_Copy(info->copy.src, info->copy.dst, + sizeof(wc_Sha256), + &((wc_Sha256*)info->copy.dst)->msg, + &((wc_Sha256*)info->copy.dst)->used, + &((wc_Sha256*)info->copy.dst)->len, + ((wc_Sha256*)info->copy.dst)->heap, + ((wc_Sha256*)info->copy.src)->heap); + #endif + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + return wc_MXC_TPU_SHA_Copy(info->copy.src, info->copy.dst, + sizeof(wc_Sha384), + &((wc_Sha384*)info->copy.dst)->msg, + &((wc_Sha384*)info->copy.dst)->used, + &((wc_Sha384*)info->copy.dst)->len, + ((wc_Sha384*)info->copy.dst)->heap, + ((wc_Sha384*)info->copy.src)->heap); + #endif + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + return wc_MXC_TPU_SHA_Copy(info->copy.src, info->copy.dst, + sizeof(wc_Sha512), + &((wc_Sha512*)info->copy.dst)->msg, + &((wc_Sha512*)info->copy.dst)->used, + &((wc_Sha512*)info->copy.dst)->len, + ((wc_Sha512*)info->copy.dst)->heap, + ((wc_Sha512*)info->copy.src)->heap); + #endif +#endif /* MAX3266X_SHA_CB */ + default: + return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); } - return BAD_FUNC_ARG; } +#endif /* WOLF_CRYPTO_CB_COPY */ + +#ifdef WOLF_CRYPTO_CB_FREE +static int wc_MxcFreeCb(wc_CryptoInfo* info) +{ + if (info == NULL || info->free.obj == NULL) { + return BAD_FUNC_ARG; + } + + switch (info->free.type) { +#ifdef MAX3266X_SHA_CB + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + wc_MXC_TPU_SHA_FreeCtx(info->free.obj, sizeof(wc_Sha), + &((wc_Sha*)info->free.obj)->msg, + &((wc_Sha*)info->free.obj)->used, + &((wc_Sha*)info->free.obj)->len, + ((wc_Sha*)info->free.obj)->heap); + return 0; + #endif + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + wc_MXC_TPU_SHA_FreeCtx(info->free.obj, sizeof(wc_Sha224), + &((wc_Sha224*)info->free.obj)->msg, + &((wc_Sha224*)info->free.obj)->used, + &((wc_Sha224*)info->free.obj)->len, + ((wc_Sha224*)info->free.obj)->heap); + return 0; + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + wc_MXC_TPU_SHA_FreeCtx(info->free.obj, sizeof(wc_Sha256), + &((wc_Sha256*)info->free.obj)->msg, + &((wc_Sha256*)info->free.obj)->used, + &((wc_Sha256*)info->free.obj)->len, + ((wc_Sha256*)info->free.obj)->heap); + return 0; + #endif + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + wc_MXC_TPU_SHA_FreeCtx(info->free.obj, sizeof(wc_Sha384), + &((wc_Sha384*)info->free.obj)->msg, + &((wc_Sha384*)info->free.obj)->used, + &((wc_Sha384*)info->free.obj)->len, + ((wc_Sha384*)info->free.obj)->heap); + return 0; + #endif + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + wc_MXC_TPU_SHA_FreeCtx(info->free.obj, sizeof(wc_Sha512), + &((wc_Sha512*)info->free.obj)->msg, + &((wc_Sha512*)info->free.obj)->used, + &((wc_Sha512*)info->free.obj)->len, + ((wc_Sha512*)info->free.obj)->heap); + return 0; + #endif #endif /* MAX3266X_SHA_CB */ + default: + return WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + } +} +#endif /* WOLF_CRYPTO_CB_FREE */ -/* Determines AES Type for Callback */ /* General Callback Function to determine ALGO Type */ int wc_MxcCryptoCb(int devIdArg, wc_CryptoInfo* info, void* ctx) { int ret; (void)ctx; + (void)devIdArg; if (info == NULL) { return BAD_FUNC_ARG; @@ -266,6 +357,18 @@ ret = wc_MxcShaCryptoCb(info); /* Determine SHA HW or SW */ break; #endif /* MAX3266X_SHA_CB */ +#ifdef WOLF_CRYPTO_CB_COPY + case WC_ALGO_TYPE_COPY: + MAX3266X_MSG("Using MXC Copy Callback:"); + ret = wc_MxcCopyCb(info); + break; +#endif /* WOLF_CRYPTO_CB_COPY */ +#ifdef WOLF_CRYPTO_CB_FREE + case WC_ALGO_TYPE_FREE: + MAX3266X_MSG("Using MXC Free Callback:"); + ret = wc_MxcFreeCb(info); + break; +#endif /* WOLF_CRYPTO_CB_FREE */ default: MAX3266X_MSG("Callback not support with MXC, using SW"); /* return this to bypass HW and use SW */ @@ -459,7 +562,7 @@ if (status == 0) { XMEMCPY(iv, out + sz - WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); } - return (status == 0) ? 0 : -1; + return status; } #endif /* HAVE_AES_CBC */ #endif /* WOLF_CRYPTO_CB */ @@ -579,7 +682,7 @@ if (status == 0) { XMEMCPY(iv, temp_block, WC_AES_BLOCK_SIZE); } - return (status == 0) ? 0 : -1; + return status; } #endif /* HAVE_AES_CBC */ #endif /* WOLF_CRYPTO_CB */ @@ -588,71 +691,60 @@ #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) -int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash) +/* Check for empty message and provide pre-computed digest if so */ +/* Returns 1 if empty (digest filled), 0 if needs hardware processing */ +int wc_MXC_TPU_SHA_GetDigest(const unsigned char* msg, unsigned int msgSz, + unsigned char* digest, + MXC_TPU_HASH_TYPE algo) { - if (hash == NULL) { - return BAD_FUNC_ARG; /* Appropriate error handling for null argument */ - } - hash->msg = NULL; - hash->used = 0; - hash->size = 0; - return 0; -} - -/* Used to update the msg. Currently the SDK only supports 1 shots, so the */ -/* hash->msg buffer needs to be updated and resized. hash->msg will keep the */ -/* unhashed msg and produce a digest when wc_MXC_TPU_SHA_Final or */ -/* wc_MXC_TPU_SHA_GetHash is called */ -int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, const unsigned char* data, - unsigned int size) -{ - void *p; - /* Only update if size is not 0 */ - if (size == 0) { - return 0; - } - /* Check for NULL pointers After Size Check */ - if (hash == NULL || data == NULL) { + if (digest == NULL) { return BAD_FUNC_ARG; } - if (hash->size < hash->used+size) { - if (hash->msg == NULL) { - p = XMALLOC(hash->used+size, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - else { - #ifdef WOLFSSL_NO_REALLOC - p = XMALLOC(hash->used + size, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (p != NULL) { - XMEMCPY(p, hash->msg, hash->used); - XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - #else - p = XREALLOC(hash->msg, hash->used+size, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - #endif - } - if (p == NULL) { - return MEMORY_E; + if (msg == NULL && msgSz == 0) { + switch (algo) { + #ifndef NO_SHA + case MXC_TPU_HASH_SHA1: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE); + break; + #endif /* NO_SHA */ + #ifdef WOLFSSL_SHA224 + case MXC_TPU_HASH_SHA224: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA224 */ + #ifndef NO_SHA256 + case MXC_TPU_HASH_SHA256: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); + break; + #endif /* NO_SHA256 */ + #ifdef WOLFSSL_SHA384 + case MXC_TPU_HASH_SHA384: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case MXC_TPU_HASH_SHA512: + XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE); + break; + #endif /* WOLFSSL_SHA512 */ + default: + return BAD_FUNC_ARG; } - hash->msg = p; - hash->size = hash->used+size; + return 1; /* True: empty digest provided */ } - XMEMCPY(hash->msg+hash->used, data, size); - hash->used += size; - if (hash->msg == NULL) { - return BAD_FUNC_ARG; - } - return 0; + return 0; /* False: needs hardware processing */ } -int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, unsigned char* digest, +/* Compute hash from accumulated message using TPU hardware */ +int wc_MXC_TPU_SHA_GetHash(const unsigned char* msg, unsigned int msgSz, + unsigned char* digest, MXC_TPU_HASH_TYPE algo) { int status; - if (hash == NULL || digest == NULL) { + if (digest == NULL || (msg == NULL && msgSz != 0)) { return BAD_FUNC_ARG; } - status = wc_MXC_TPU_SHA_GetDigest(hash, digest, algo); + status = wc_MXC_TPU_SHA_GetDigest(msg, msgSz, digest, algo); /* True Case that msg is an empty string */ if (status == 1) { /* Hardware cannot handle the case of an empty string */ @@ -667,7 +759,7 @@ } MXC_TPU_Init(MXC_SYS_PERIPH_CLOCK_TPU); MXC_TPU_Hash_Config(algo); - status = MXC_TPU_Hash_SHA((const char *)hash->msg, algo, hash->size, + status = MXC_TPU_Hash_SHA((const char *)msg, algo, msgSz, (char *)digest); MAX3266X_MSG("SHA HW Acceleration Used"); wolfSSL_HwHashMutexUnLock(); /* Release Mutex */ @@ -680,103 +772,85 @@ return status; } -/* Calls GetHash to determine the digest and then reinitialize the hash */ -/* struct */ -int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, unsigned char* digest, - MXC_TPU_HASH_TYPE algo) +/* Free HASH_KEEP message buffer and reset fields */ +void wc_MXC_TPU_SHA_Free(byte** msg, word32* used, word32* len, void* heap) { - int status; - if (hash == NULL || digest == NULL) { - return BAD_FUNC_ARG; + if (msg == NULL) { + return; } - status = wc_MXC_TPU_SHA_GetHash(hash, digest, algo); - /* Free hash->msg no matter result */ - XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (status != 0) { - return status; + if (*msg != NULL) { + XFREE(*msg, heap, DYNAMIC_TYPE_TMP_BUFFER); + *msg = NULL; } - status = wc_MXC_TPU_SHA_Init(hash); - if (status != 0) { - return status; + if (used != NULL) { + *used = 0; + } + if (len != NULL) { + *len = 0; } - return status; } -/* Copies Struct values from SRC struct to DST struct */ -int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst) +/* Free HASH_KEEP message buffer and zero the full SHA context struct */ +void wc_MXC_TPU_SHA_FreeCtx(void* ctx, word32 ctxSz, byte** msg, word32* used, + word32* len, void* heap) { - if (src == NULL || dst == NULL) { + if (ctx == NULL) { + return; + } + wc_MXC_TPU_SHA_Free(msg, used, len, heap); + XMEMSET(ctx, 0, ctxSz); +} + +/* Copy SHA context struct and deep copy the HASH_KEEP message buffer. + * Frees any existing dst msg buffer to prevent memory leaks when copying + * into an already-used context. */ +int wc_MXC_TPU_SHA_Copy(void* src, void* dst, word32 ctxSz, + byte** dstMsg, word32* dstUsed, word32* dstLen, + void* dstHeap, void* srcHeap) +{ + byte* srcBuf = NULL; + + if (src == NULL || dst == NULL || dstMsg == NULL || + dstUsed == NULL || dstLen == NULL || ctxSz == 0) { return BAD_FUNC_ARG; } - dst->used = src->used; - dst->size = src->size; - if (dst->msg == src->msg && src->msg != 0) { - /* Allocate new memory for dst->msg if it points to the same location */ - /* as src->msg */ - dst->msg = (unsigned char*)XMALLOC(src->size, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (dst->msg == NULL) { - return MEMORY_E; /* Handle memory allocation failure */ + + /* Free existing dst msg buffer using dst's original heap */ + wc_MXC_TPU_SHA_Free(dstMsg, dstUsed, dstLen, dstHeap); + + /* Shallow copy the full context struct */ + XMEMCPY(dst, src, ctxSz); + + /* Deep copy src msg buffer if present. Since dstMsg points into the dst + * struct, the XMEMCPY above overwrites it with the src's msg pointer. + * Save that pointer, allocate a new buffer for dst, and copy the data. + * Do NOT move srcBuf assignment before XMEMCPY - it must capture the + * src msg pointer that lands in *dstMsg after the shallow copy. */ + if (*dstMsg != NULL) { + srcBuf = *dstMsg; + *dstMsg = (byte*)XMALLOC(*dstLen, srcHeap, DYNAMIC_TYPE_TMP_BUFFER); + if (*dstMsg == NULL) { + return MEMORY_E; } + XMEMCPY(*dstMsg, srcBuf, *dstUsed); } - XMEMCPY(dst->msg, src->msg, src->size); + return 0; } -/* Free the given struct's msg buffer and then reinitialize the struct to 0 */ -/* returns void to match other wc_Sha*Free api */ -void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash) -{ - if (hash == NULL) { - return; /* Hash Struct is Null already, dont edit potentially */ - /* undefined memory */ - } - XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wc_MXC_TPU_SHA_Init(hash); /* sets hash->msg to null + zero's attributes */ - return; -} - -/* Acts as a True/False if true it will provide the stored digest */ -/* for the edge case of an empty string */ -int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, unsigned char* digest, - MXC_TPU_HASH_TYPE algo) +/* Compute hash, free message buffer, and reset HASH_KEEP fields */ +int wc_MXC_TPU_SHA_Final(unsigned char** msg, unsigned int* used, + unsigned int* len, void* heap, + unsigned char* digest, + MXC_TPU_HASH_TYPE algo) { - if (hash == NULL || digest == NULL) { + int status; + if (msg == NULL || used == NULL || len == NULL || digest == NULL) { return BAD_FUNC_ARG; } - if (hash->msg == 0 && hash->size == 0) { - switch (algo) { - #ifndef NO_SHA - case MXC_TPU_HASH_SHA1: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA1, WC_SHA_DIGEST_SIZE); - break; - #endif /* NO_SHA */ - #ifdef WOLFSSL_SHA224 - case MXC_TPU_HASH_SHA224: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA224, WC_SHA224_DIGEST_SIZE); - break; - #endif /* WOLFSSL_SHA224 */ - #ifndef NO_SHA256 - case MXC_TPU_HASH_SHA256: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA256, WC_SHA256_DIGEST_SIZE); - break; - #endif /* NO_SHA256 */ - #ifdef WOLFSSL_SHA384 - case MXC_TPU_HASH_SHA384: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA384, WC_SHA384_DIGEST_SIZE); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case MXC_TPU_HASH_SHA512: - XMEMCPY(digest, MXC_EMPTY_DIGEST_SHA512, WC_SHA512_DIGEST_SIZE); - break; - #endif /* WOLFSSL_SHA512 */ - default: - return BAD_FUNC_ARG; - } - return 1; /* True */ - } - return 0; /* False */ + status = wc_MXC_TPU_SHA_GetHash(*msg, *used, digest, algo); + wc_MXC_TPU_SHA_Free(msg, used, len, heap); + return status; } #ifndef MAX3266X_SHA_CB @@ -787,38 +861,57 @@ if (sha == NULL) { return BAD_FUNC_ARG; } - (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); + XMEMSET(sha, 0, sizeof(*sha)); + sha->heap = heap; + return 0; } WOLFSSL_API int wc_ShaUpdate(wc_Sha* sha, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(&(sha->mxcCtx), data, len); + if (sha == NULL || (data == NULL && len > 0)) { + return BAD_FUNC_ARG; + } + return _wc_Hash_Grow(&sha->msg, &sha->used, &sha->len, + data, (int)len, sha->heap); } WOLFSSL_API int wc_ShaFinal(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final(&(sha->mxcCtx), hash, - MXC_TPU_HASH_SHA1); + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Final(&sha->msg, &sha->used, &sha->len, + sha->heap, hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaGetHash(wc_Sha* sha, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash(&(sha->mxcCtx), hash, - MXC_TPU_HASH_SHA1); + if (sha == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_GetHash((const unsigned char*)sha->msg, + sha->used, hash, MXC_TPU_HASH_SHA1); } WOLFSSL_API int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) { - return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Copy(src, dst, sizeof(wc_Sha), + &dst->msg, &dst->used, &dst->len, + dst->heap, src->heap); } WOLFSSL_API void wc_ShaFree(wc_Sha* sha) { - wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); - return; + if (sha == NULL) { + return; + } + wc_MXC_TPU_SHA_FreeCtx(sha, sizeof(wc_Sha), &sha->msg, &sha->used, + &sha->len, sha->heap); } #endif /* NO_SHA */ @@ -830,9 +923,10 @@ if (sha224 == NULL) { return BAD_FUNC_ARG; } - (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init(&(sha224->mxcCtx)); + XMEMSET(sha224, 0, sizeof(*sha224)); + sha224->heap = heap; + return 0; } WOLFSSL_API int wc_InitSha224(wc_Sha224* sha224) @@ -843,30 +937,51 @@ WOLFSSL_API int wc_Sha224Update(wc_Sha224* sha224, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(&(sha224->mxcCtx), data, len); + if (sha224 == NULL || (data == NULL && len > 0)) { + return BAD_FUNC_ARG; + } + return _wc_Hash_Grow(&sha224->msg, &sha224->used, &sha224->len, + data, (int)len, sha224->heap); } WOLFSSL_API int wc_Sha224Final(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final(&(sha224->mxcCtx), hash, + if (sha224 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Final(&sha224->msg, &sha224->used, &sha224->len, + sha224->heap, hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224GetHash(wc_Sha224* sha224, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash(&(sha224->mxcCtx), hash, + if (sha224 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_GetHash((const unsigned char*)sha224->msg, + sha224->used, hash, MXC_TPU_HASH_SHA224); } WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) { - return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Copy(src, dst, sizeof(wc_Sha224), + &dst->msg, &dst->used, &dst->len, + dst->heap, src->heap); } WOLFSSL_API void wc_Sha224Free(wc_Sha224* sha224) { - wc_MXC_TPU_SHA_Free(&(sha224->mxcCtx)); - return; + if (sha224 == NULL) { + return; + } + wc_MXC_TPU_SHA_FreeCtx(sha224, sizeof(wc_Sha224), &sha224->msg, + &sha224->used, &sha224->len, + sha224->heap); } #endif /* WOLFSSL_SHA224 */ @@ -878,9 +993,10 @@ if (sha256 == NULL) { return BAD_FUNC_ARG; } - (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); + XMEMSET(sha256, 0, sizeof(*sha256)); + sha256->heap = heap; + return 0; } WOLFSSL_API int wc_InitSha256(wc_Sha256* sha256) @@ -891,30 +1007,51 @@ WOLFSSL_API int wc_Sha256Update(wc_Sha256* sha256, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(&(sha256->mxcCtx), data, len); + if (sha256 == NULL || (data == NULL && len > 0)) { + return BAD_FUNC_ARG; + } + return _wc_Hash_Grow(&sha256->msg, &sha256->used, &sha256->len, + data, (int)len, sha256->heap); } WOLFSSL_API int wc_Sha256Final(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final(&(sha256->mxcCtx), hash, + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Final(&sha256->msg, &sha256->used, &sha256->len, + sha256->heap, hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256GetHash(wc_Sha256* sha256, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash(&(sha256->mxcCtx), hash, + if (sha256 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_GetHash((const unsigned char*)sha256->msg, + sha256->used, hash, MXC_TPU_HASH_SHA256); } WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) { - return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Copy(src, dst, sizeof(wc_Sha256), + &dst->msg, &dst->used, &dst->len, + dst->heap, src->heap); } WOLFSSL_API void wc_Sha256Free(wc_Sha256* sha256) { - wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); - return; + if (sha256 == NULL) { + return; + } + wc_MXC_TPU_SHA_FreeCtx(sha256, sizeof(wc_Sha256), &sha256->msg, + &sha256->used, &sha256->len, + sha256->heap); } #endif /* NO_SHA256 */ @@ -926,9 +1063,10 @@ if (sha384 == NULL) { return BAD_FUNC_ARG; } - (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); + XMEMSET(sha384, 0, sizeof(*sha384)); + sha384->heap = heap; + return 0; } WOLFSSL_API int wc_InitSha384(wc_Sha384* sha384) @@ -939,30 +1077,51 @@ WOLFSSL_API int wc_Sha384Update(wc_Sha384* sha384, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(&(sha384->mxcCtx), data, len); + if (sha384 == NULL || (data == NULL && len > 0)) { + return BAD_FUNC_ARG; + } + return _wc_Hash_Grow(&sha384->msg, &sha384->used, &sha384->len, + data, (int)len, sha384->heap); } WOLFSSL_API int wc_Sha384Final(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final(&(sha384->mxcCtx), hash, + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Final(&sha384->msg, &sha384->used, &sha384->len, + sha384->heap, hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384GetHash(wc_Sha384* sha384, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash(&(sha384->mxcCtx), hash, + if (sha384 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_GetHash((const unsigned char*)sha384->msg, + sha384->used, hash, MXC_TPU_HASH_SHA384); } WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) { - return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Copy(src, dst, sizeof(wc_Sha384), + &dst->msg, &dst->used, &dst->len, + dst->heap, src->heap); } WOLFSSL_API void wc_Sha384Free(wc_Sha384* sha384) { - wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); - return; + if (sha384 == NULL) { + return; + } + wc_MXC_TPU_SHA_FreeCtx(sha384, sizeof(wc_Sha384), &sha384->msg, + &sha384->used, &sha384->len, + sha384->heap); } #endif /* WOLFSSL_SHA384 */ @@ -974,9 +1133,10 @@ if (sha512 == NULL) { return BAD_FUNC_ARG; } - (void)heap; (void)devId; - return wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)); + XMEMSET(sha512, 0, sizeof(*sha512)); + sha512->heap = heap; + return 0; } WOLFSSL_API int wc_InitSha512(wc_Sha512* sha512) @@ -987,30 +1147,51 @@ WOLFSSL_API int wc_Sha512Update(wc_Sha512* sha512, const unsigned char* data, unsigned int len) { - return wc_MXC_TPU_SHA_Update(&(sha512->mxcCtx), data, len); + if (sha512 == NULL || (data == NULL && len > 0)) { + return BAD_FUNC_ARG; + } + return _wc_Hash_Grow(&sha512->msg, &sha512->used, &sha512->len, + data, (int)len, sha512->heap); } WOLFSSL_API int wc_Sha512Final(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_Final(&(sha512->mxcCtx), hash, + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Final(&sha512->msg, &sha512->used, &sha512->len, + sha512->heap, hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512GetHash(wc_Sha512* sha512, unsigned char* hash) { - return wc_MXC_TPU_SHA_GetHash(&(sha512->mxcCtx), hash, + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_GetHash((const unsigned char*)sha512->msg, + sha512->used, hash, MXC_TPU_HASH_SHA512); } WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) { - return wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (src == NULL || dst == NULL) { + return BAD_FUNC_ARG; + } + return wc_MXC_TPU_SHA_Copy(src, dst, sizeof(wc_Sha512), + &dst->msg, &dst->used, &dst->len, + dst->heap, src->heap); } WOLFSSL_API void wc_Sha512Free(wc_Sha512* sha512) { - wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); - return; + if (sha512 == NULL) { + return; + } + wc_MXC_TPU_SHA_FreeCtx(sha512, sizeof(wc_Sha512), &sha512->msg, + &sha512->used, &sha512->len, + sha512->heap); } #endif /* WOLFSSL_SHA512 */ @@ -1184,9 +1365,6 @@ ForceZero(result->dp, sizeof(int)*(length)); result->used = length; } - else if (result == NULL) { - return BAD_FUNC_ARG; /* Cannot be null */ - } return 0; } @@ -1249,7 +1427,8 @@ MAX3266X_MSG("Starting Computation in MAA"); ret = MXC_TPU_MAA_Compute(clc, (char *)(multiplier->dp), (char *)(multiplicand->dp), - (char *)(exp->dp), (char *)(mod->dp), + (char *)((exp == NULL) ? NULL: exp->dp), + (char *)(mod->dp), (int *)(result_tmp_ptr->dp), (length*sizeof(mp_digit))); MAX3266X_MSG("MAA Finished Computation"); @@ -1271,7 +1450,7 @@ if ((multiplier == result) || (multiplicand == result) || (exp == result) || (mod == result)) { mp_copy(result_tmp_ptr, result); - ForceZero(result_tmp_ptr, sizeof(result_tmp_ptr)); /* force zero */ + ForceZero(result_tmp_ptr, sizeof(mp_int)); /* force zero */ } result->used = wc_MXC_MAA_adjustUsed(result->dp, length); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/maxq10xx.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/maxq10xx.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/maxq10xx.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/maxim/maxq10xx.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* maxq10xx.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -945,13 +945,13 @@ mxq_length output_len = ESTABLISH_OUT_MAX; byte output[ESTABLISH_OUT_MAX]; - word32 peerKeySz = peer->dp->size; + word32 peerKeySz; uint8_t peerKeyBuf[MAX_EC_KEY_SIZE]; uint8_t* peerKey = peerKeyBuf; - uint8_t* qx = peerKey; - uint8_t* qy = &peerKey[peerKeySz]; - word32 qxLen = peerKeySz; - word32 qyLen = peerKeySz; + uint8_t* qx; + uint8_t* qy; + word32 qxLen; + word32 qyLen; /* ECC P256 shared secret is 32 bytes. */ if (*ss_len != 32) { @@ -966,6 +966,12 @@ return BAD_FUNC_ARG; } + peerKeySz = peer->dp->size; + qx = peerKey; + qy = &peerKey[peerKeySz]; + qxLen = peerKeySz; + qyLen = peerKeySz; + if (key->maxq_ctx.hw_ecc != 1) { /* The key was not generated. Lets import it. */ if (key->maxq_ctx.hw_ecc == 0) { @@ -990,7 +996,7 @@ return WC_HW_E; } - wc_ecc_export_public_raw(peer, qx, &qxLen, qy, &qyLen); + rc = wc_ecc_export_public_raw(peer, qx, &qxLen, qy, &qyLen); if (rc != 0) { return rc; } @@ -2589,8 +2595,10 @@ } if (tls13_server_finish_obj_id != -1) { - free_temp_key_id(*tls13_server_key_id); - *tls13_server_key_id = -1; + if (tls13_server_key_id != NULL) { + free_temp_key_id(*tls13_server_key_id); + *tls13_server_key_id = -1; + } mac_key_obj_id = &tls13_server_finish_obj_id; } else if (tls13_client_finish_obj_id != -1) { @@ -2666,9 +2674,11 @@ rc = WC_HW_E; } - free_temp_key_id(*mac_key_obj_id); - *mac_key_obj_id = -1; - mac_key_obj_id = NULL; + if (mac_key_obj_id != NULL) { + free_temp_key_id(*mac_key_obj_id); + *mac_key_obj_id = -1; + mac_key_obj_id = NULL; + } mac_comp_active = 0; return rc; @@ -2886,6 +2896,9 @@ WOLFSSL_ENTER("maxq10xx_ecc_shared_secret"); rc = wc_ecc_export_public_raw(otherKey, qx, &qxLen, qy, &qyLen); + if (rc != 0) { + return rc; + } if (tls13_ecc_obj_id == -1) { WOLFSSL_ERROR_MSG("MAXQ: ECDHE key is not created before"); @@ -3488,14 +3501,14 @@ int tls13_client_iv_obj_id = -1; if (is_hs_key) { if (tls13_client_hs_key_obj_id == -1) { - WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed"); + WOLFSSL_ERROR_MSG("MAXQ: client hs key not set"); return NOT_COMPILED_IN; } tls13_client_iv_obj_id = tls13_client_hs_key_obj_id; } else { if (tls13_client_app_key_obj_id == -1) { - WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed"); + WOLFSSL_ERROR_MSG("MAXQ: client app key not set"); return NOT_COMPILED_IN; } tls13_client_iv_obj_id = tls13_client_app_key_obj_id; @@ -3514,14 +3527,14 @@ int tls13_server_iv_obj_id = -1; if (is_hs_key) { if (tls13_server_hs_key_obj_id == -1) { - WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed"); + WOLFSSL_ERROR_MSG("MAXQ: server hs key not set"); return NOT_COMPILED_IN; } tls13_server_iv_obj_id = tls13_server_hs_key_obj_id; } else { if (tls13_server_app_key_obj_id == -1) { - WOLFSSL_ERROR_MSG("MAXQ: alloc_temp_key_id() failed"); + WOLFSSL_ERROR_MSG("MAXQ: server app key not set"); return NOT_COMPILED_IN; } tls13_server_iv_obj_id = tls13_server_app_key_obj_id; @@ -3636,8 +3649,10 @@ ret_kid = tls13_res_master_obj_id; ret_keytype = MXQ_KEYTYPE_IKM; ret_isiv = 0; - free_temp_key_id(*tls13_client_key_id); - *tls13_client_key_id = -1; + if (tls13_client_key_id != NULL) { + free_temp_key_id(*tls13_client_key_id); + *tls13_client_key_id = -1; + } } else if (strstr_with_size((char *)info, appTrafUpdLabel, infoSz) != NULL) { if (side == WOLFSSL_CLIENT_END) { @@ -3656,7 +3671,7 @@ /* updated_server_secret = HKDF-Expand-Label(key: server_secret, * label: "traffic upd", ctx: "") */ if (tls13_server_app_key_obj_id == -1) { - WOLFSSL_ERROR_MSG("MAXQ: Client Application Key was not set"); + WOLFSSL_ERROR_MSG("MAXQ: Server Application Key was not set"); return NOT_COMPILED_IN; } prk_kid = tls13_server_secret_obj_id; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/mynewt/mynewt_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/mynewt/mynewt_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/mynewt/mynewt_port.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/mynewt/mynewt_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mynewt_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,39 +35,34 @@ FILE *file; uint8_t access_flags = 0; const char *p = mode; - while(*p != '\0') { + + while (*p != '\0') { switch(*p) { case 'r': - { access_flags |= FS_ACCESS_READ; if(*(p+1) == '+') { access_flags |= FS_ACCESS_WRITE; } - } - break; + break; case 'w': - { access_flags |= (FS_ACCESS_WRITE | FS_ACCESS_TRUNCATE); if(*(p+1) == '+') { access_flags |= FS_ACCESS_READ; } - } - break; + break; case 'a': - { access_flags |= (FS_ACCESS_WRITE | FS_ACCESS_APPEND); if(*(p+1) == '+') { access_flags |= FS_ACCESS_READ; } - } - break; + break; } p++; } - /* Open the file for reading. */ + /* Open the file for reading/writing/appending. */ int rc = fs_open(path, access_flags, &file); if (rc != 0) { return NULL; @@ -78,40 +73,50 @@ int mynewt_fseek(FILE *stream, long offset, int whence) { uint32_t fs_offset; + long signed_pos; - switch(whence) { + switch (whence) { case 0: /* SEEK_SET */ - { - fs_offset += offset; - } - break; + if (offset < 0) + return -1; + fs_offset = (uint32_t)offset; + break; case 1: /* SEEK_CUR */ - { fs_offset = fs_getpos(stream); - fs_offset += offset; - } - break; + if ((int32_t)fs_offset < 0) { + return -1; + } + signed_pos = (long)fs_offset + offset; + if (signed_pos < 0) + return -1; + fs_offset = (uint32_t)signed_pos; + break; case 2: /* SEEK_END */ - { - fs_filelen(stream, &fs_offset); - fs_offset += offset; - } - break; + if (fs_filelen(stream, &fs_offset) != 0) { + return -1; + } + signed_pos = (long)fs_offset + offset; + if (signed_pos < 0) + return -1; + fs_offset = (uint32_t)signed_pos; + break; + + default: + return -1; } - fs_seek(stream, fs_offset); + if (fs_seek(stream, fs_offset) != 0) { + return -1; + } return 0; } long mynewt_ftell(FILE *stream) { - uint32_t fs_offset; - fs_filelen(stream, &fs_offset); - fs_seek(stream, fs_offset); - return (long)fs_offset; + return (long)fs_getpos(stream); } void mynewt_rewind(FILE *stream) @@ -119,32 +124,48 @@ fs_seek(stream, 0); } -size_t mynewt_fread(void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream) +size_t mynewt_fread(void *restrict ptr, size_t size, size_t nitems, + FILE *restrict stream) { - size_t to_read = size * nitems; + size_t to_read; uint32_t read_size; - int rc = fs_read(stream, to_read, ptr, &read_size); - if(rc != 0) { + int rc; + + if (size == 0 || nitems == 0 || nitems > SIZE_MAX / size) + return 0; + + to_read = size * nitems; + rc = fs_read(stream, to_read, ptr, &read_size); + if (rc != 0) { return 0; } - return (size_t)read_size; + return (size_t)(read_size / size); } -size_t mynewt_fwrite(const void *restrict ptr, size_t size, size_t nitems, FILE *restrict stream) +size_t mynewt_fwrite(const void *restrict ptr, size_t size, size_t nitems, + FILE *restrict stream) { - size_t to_write = size * nitems; - int rc = fs_write(stream, ptr, to_write); - if(rc != 0) { + size_t to_write; + int rc; + + if (size == 0 || nitems == 0 || nitems > SIZE_MAX / size) + return 0; + + to_write = size * nitems; + rc = fs_write(stream, ptr, to_write); + if (rc != 0) { return 0; } - return to_write; + return nitems; } int mynewt_fclose(FILE *stream) { - fs_close(stream); + if (fs_close(stream) != 0) { + return EOF; + } return 0; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nrf51.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nrf51.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nrf51.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nrf51.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* nrf51.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,26 +45,28 @@ /* RTC */ #ifndef NO_CRYPT_BENCHMARK -static byte mRtcInitDone = 0; -static int mRtcSec = 0; +static volatile byte mRtcInitDone = 0; +static volatile int mRtcSec = 0; const nrf_drv_rtc_t rtc = NRF_DRV_RTC_INSTANCE(0); /**< Declaring an instance of nrf_drv_rtc for RTC0. */ #endif /* !NO_CRYPT_BENCHMARK */ /* AES */ #if !defined(NO_AES) && defined(WOLFSSL_NRF51_AES) && !defined(SOFTDEVICE_PRESENT) - static byte mAesInitDone = 0; + static volatile byte mAesInitDone = 0; #endif /** @brief Function for getting vector of random numbers. * - * @param[out] p_buff Pointer to unit8_t buffer for storing the bytes. - * @param[in] length Number of bytes to take from pool and place in p_buff. + * @param[out] p_buff Pointer to uint8_t buffer for storing the bytes. + * @param[in] size Number of bytes to take from pool and place in p_buff. * * @retval 0 = Success, else error */ int nrf51_random_generate(byte* output, word32 size) { - int remaining = size, length, pos = 0; + word32 remaining = size; + word32 pos = 0; + uint8_t length; uint8_t available; uint32_t err_code; @@ -73,18 +75,23 @@ if (err_code != NRF_SUCCESS && err_code != NRF_ERROR_INVALID_STATE) { return -1; } + err_code = NRF_SUCCESS; while (remaining > 0) { available = 0; nrf_drv_rng_bytes_available(&available); /* is void */ - length = (remaining < available) ? remaining : available; + length = (remaining < (word32)available) ? (uint8_t)remaining : + available; if (length > 0) { err_code = nrf_drv_rng_rand(&output[pos], length); + if (err_code != NRF_SUCCESS) { + break; + } remaining -= length; pos += length; } - if (err_code != NRF_SUCCESS) { - break; + else { + nrf_delay_us(100); } } @@ -110,15 +117,17 @@ return 0; } - +/* returns 0 on success and -1 on failure. */ int nrf51_aes_encrypt(const byte* in, const byte* key, word32 rounds, byte* out) { int ret; - uint32_t err_code = 0; #ifdef SOFTDEVICE_PRESENT + uint32_t err_code = 0; nrf_ecb_hal_data_t ecb_hal_data; #endif + (void)rounds; + /* Set key */ ret = nrf51_aes_set_key(key); if (ret != 0) { @@ -140,11 +149,14 @@ /* Grab result */ XMEMCPY(out, ecb_hal_data.ciphertext, SOC_ECB_CIPHERTEXT_LENGTH); #else - err_code = nrf_ecb_crypt(out, in); - err_code = err_code ? 0 : -1; + /* Returns true or false depending on operation success. */ + if (nrf_ecb_crypt(out, in)) + ret = 0; + else + ret = -1; #endif - return err_code; + return ret; } #endif /* !NO_AES && WOLFSSL_NRF51_AES */ @@ -153,8 +165,7 @@ #ifndef NO_CRYPT_BENCHMARK static void rtc_handler(nrf_drv_rtc_int_type_t int_type) { - if (int_type == NRF_DRV_RTC_INT_COMPARE0) - { + if (int_type == NRF_DRV_RTC_INT_COMPARE0) { mRtcSec++; nrf_drv_rtc_counter_clear(&rtc); nrf_drv_rtc_int_enable(&rtc, RTC_CHANNEL_INT_MASK(0)); @@ -202,24 +213,30 @@ static int rtc_get_ms(void) { /* Prescaler is 12-bit for COUNTER: frequency = (32768/(PRESCALER+1)) */ - int frequency = (32768 / (rtc_prescaler_get(rtc.p_reg) + 1)); - int counter = nrf_drv_rtc_counter_get(&rtc); + uint32_t frequency = (32768 / (rtc_prescaler_get(rtc.p_reg) + 1)); + /* Only 24-bits returned by call. */ + uint32_t counter = nrf_drv_rtc_counter_get(&rtc); /* Convert with rounding frequency to milliseconds */ - return ((counter * 1000) + (frequency / 2) ) / frequency; + return (int)((((uint64_t)counter * 1000) + (frequency / 2)) / frequency); } double current_time(int reset) { double time; + int sec; + + (void)reset; if (!mRtcInitDone) { rtc_config(); mRtcInitDone = 1; } - time = mRtcSec; - time += (double)rtc_get_ms() / 1000; + do { + sec = mRtcSec; + time = sec + ((double)rtc_get_ms() / 1000); + } while (sec != mRtcSec); return time; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/dcp_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/dcp_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/dcp_port.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/dcp_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dcp_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -366,7 +366,7 @@ else XMEMCPY(&sha256->ctx, &saved_ctx, sizeof(dcp_hash_ctx_t)); dcp_unlock(); - return 0; + return ret; } int wc_Sha256Final(wc_Sha256* sha256, byte* hash) @@ -379,7 +379,7 @@ ret = WC_HW_E; else { ret = DCP_HASH_Init(DCP, &sha256->handle, &sha256->ctx, kDCP_Sha256); - if (ret < 0) + if (ret != kStatus_Success) ret = WC_HW_E; } dcp_unlock(); @@ -478,7 +478,7 @@ else XMEMCPY(&sha->ctx, &saved_ctx, sizeof(dcp_hash_ctx_t)); dcp_unlock(); - return 0; + return ret; } int wc_ShaFinal(wc_Sha* sha, byte* hash) @@ -491,7 +491,7 @@ ret = WC_HW_E; } else { ret = DCP_HASH_Init(DCP, &sha->handle, &sha->ctx, kDCP_Sha1); - if (ret < 0) + if (ret != kStatus_Success) ret = WC_HW_E; } dcp_unlock(); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/ksdk_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/ksdk_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/ksdk_port.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/ksdk_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ksdk_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -185,6 +185,9 @@ } } } + else { + res = MP_MEM; + } XFREE(ptrA, NULL, DYNAMIC_TYPE_BIGINT); XFREE(ptrB, NULL, DYNAMIC_TYPE_BIGINT); @@ -547,7 +550,7 @@ res = LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, /* integer input */ ptrP, sizeP, /* modulus */ - ptrX, sizeX, /* expenoent */ + ptrX, sizeX, /* exponent */ ptrY, &sizeY, /* out */ kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, useConstTime ? kLTC_PKHA_TimingEqualized : diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/se050_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/se050_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/se050_port.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/nxp/se050_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* se050_port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,7 +72,7 @@ /* Global variables */ static sss_session_t *cfg_se050_i2c_pi; static sss_key_store_t *gHostKeyStore; -static sss_key_store_t *gHeyStore; +static sss_key_store_t *gKeyStore; int wc_se050_set_config(sss_session_t *pSession, sss_key_store_t *pHostKeyStore, sss_key_store_t *pKeyStore) @@ -81,7 +81,7 @@ cfg_se050_i2c_pi = pSession; gHostKeyStore = pHostKeyStore; - gHeyStore = pKeyStore; + gKeyStore = pKeyStore; return 0; } @@ -266,33 +266,35 @@ int se050_hash_update(SE050_HASH_Context* se050Ctx, const byte* data, word32 len) { - byte* tmp = NULL; + byte* tmp = NULL; + word32 usedSz = 0; - if (se050Ctx == NULL || (len > 0 && data == NULL)) { + if (se050Ctx == NULL || (len > 0 && data == NULL) || (len == 0) || + !WC_SAFE_SUM_WORD32(se050Ctx->used, len, usedSz)) { return BAD_FUNC_ARG; } - if (se050Ctx->len < se050Ctx->used + len) { + if (se050Ctx->len < usedSz) { if (se050Ctx->msg == NULL) { - se050Ctx->msg = (byte*)XMALLOC(se050Ctx->used + len, + se050Ctx->msg = (byte*)XMALLOC(usedSz, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); - XMEMSET(se050Ctx->msg, 0, se050Ctx->used + len); + if (se050Ctx->msg == NULL) { + return MEMORY_E; + } + XMEMSET(se050Ctx->msg, 0, usedSz); } else { - tmp = (byte*)XMALLOC(se050Ctx->used + len, se050Ctx->heap, + tmp = (byte*)XMALLOC(usedSz, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { return MEMORY_E; } - XMEMSET(tmp, 0, se050Ctx->used + len); + XMEMSET(tmp, 0, usedSz); XMEMCPY(tmp, se050Ctx->msg, se050Ctx->used); XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); se050Ctx->msg = tmp; } - if (se050Ctx->msg == NULL) { - return MEMORY_E; - } - se050Ctx->len = se050Ctx->used + len; + se050Ctx->len = usedSz; } XMEMCPY(se050Ctx->msg + se050Ctx->used, data, len); @@ -342,6 +344,7 @@ if (status == kStatus_SSS_Success) { /* reset state */ + XFREE(se050Ctx->msg, se050Ctx->heap, DYNAMIC_TYPE_TMP_BUFFER); ret = se050_hash_init(se050Ctx, se050Ctx->heap); } else { ret = WC_HW_E; @@ -390,6 +393,7 @@ /* free existing key in slot first before storing new one */ ret = wc_se050_erase_object(aes->keyId); if (ret != 0) { + wolfSSL_CryptHwMutexUnLock(); return ret; } aes->keyIdSet = 0; @@ -569,6 +573,7 @@ /* Avoid key ID conflicts with temporary key storage */ if (keyId >= SE050_KEYID_START) { + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -633,10 +638,12 @@ else { if (out == NULL) { *outSz = ret; + wolfSSL_CryptHwMutexUnLock(); return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((word32)ret > *outSz) { WOLFSSL_MSG("Output buffer not large enough for object"); + wolfSSL_CryptHwMutexUnLock(); return BAD_LENGTH_E; } ret = 0; @@ -928,6 +935,7 @@ /* Avoid key ID conflicts with temporary key storage */ if (keyId >= SE050_KEYID_START) { + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -1017,8 +1025,59 @@ } /** - * Return sss_algorithm_t type for RSA sign/verify based on wolfCrypt pad type, - * hash value, and mask generation function (mgf). + * Free an RSA key object from the SE050. Erases key from persistent storage + * if it was allocated by wolfSSL (not pre-provisioned). + * + * key Pointer to initialized RsaKey structure + */ +void se050_rsa_free_key(struct RsaKey* key) +{ + sss_status_t status = kStatus_SSS_Success; + sss_object_t keyObject; + sss_key_store_t host_keystore; + +#ifdef SE050_DEBUG + printf("se050_rsa_free_key: key %p, keyId %d\n", key, key->keyId); +#endif + + if (cfg_se050_i2c_pi == NULL) { + return; + } + if (key->keyIdSet == 0) { + return; + } + + if (wolfSSL_CryptHwMutexLock() != 0) { + return; + } + + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_init(&keyObject, &host_keystore); + } + if (status == kStatus_SSS_Success) { + status = sss_key_object_get_handle(&keyObject, key->keyId); + } + + if (status == kStatus_SSS_Success) { + /* Erase key from SE050 persistent storage if it was allocated + * by wolfSSL (not a pre-provisioned key). Without this, persistent + * key objects leak on the SE050 and can exhaust secure storage. */ + if (key->keyId >= SE050_KEYID_START) { + sss_key_store_erase_key(&host_keystore, &keyObject); + } + sss_key_object_free(&keyObject); + key->keyId = 0; + key->keyIdSet = 0; + } + wolfSSL_CryptHwMutexUnLock(); +} + +/** + * Get SSS algorithm type for RSA signature operations. * * padType padding type * hash hash function @@ -1172,15 +1231,29 @@ algorithm = se050_get_rsa_signature_type(pad_type, hash, mgf); if (algorithm == kAlgorithm_None) { WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050"); + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } +#ifdef SE050_DEBUG + printf("se050_rsa_sign: algorithm = %d, keySz = %d, keyIdSet = %d\n", + algorithm, keySz, key->keyIdSet); +#endif status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_store_context_init status = %d\n", status); +#endif if (status == kStatus_SSS_Success) { status = sss_key_store_allocate(&host_keystore, SE050_KEYSTOREID_RSA); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_store_allocate status = %d\n", status); +#endif } if (status == kStatus_SSS_Success) { status = sss_key_object_init(&newKey, &host_keystore); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_object_init status = %d\n", status); +#endif } if (status == kStatus_SSS_Success) { keyId = key->keyId; @@ -1188,6 +1261,9 @@ /* key was not generated in SE050, export RsaKey to DER * and use that to store into SE050 keystore */ derSz = wc_RsaKeyToDer(key, NULL, 0); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: wc_RsaKeyToDer size query = %d\n", derSz); +#endif if (derSz < 0) { status = kStatus_SSS_Fail; ret = derSz; @@ -1203,6 +1279,9 @@ } if (status == kStatus_SSS_Success) { derSz = wc_RsaKeyToDer(key, derBuf, derSz); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: wc_RsaKeyToDer export = %d\n", derSz); +#endif if (derSz < 0) { status = kStatus_SSS_Fail; ret = derSz; @@ -1213,31 +1292,60 @@ status = sss_key_object_allocate_handle(&newKey, keyId, kSSS_KeyPart_Pair, kSSS_CipherType_RSA, keySz, kKeyObject_Mode_Persistent); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_object_allocate_handle " + "status = %d, keyId = %d\n", status, keyId); +#endif } if (status == kStatus_SSS_Success) { /* Try to delete existing key first, ignore return since will * fail if no key exists yet */ - sss_key_store_erase_key(&host_keystore, &newKey); + status = sss_key_store_erase_key(&host_keystore, &newKey); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_store_erase_key " + "status = %d\n", status); +#endif + /* Reset status - erase failing is expected if key doesn't + * exist yet */ + status = kStatus_SSS_Success; keyCreated = 1; status = sss_key_store_set_key(&host_keystore, &newKey, derBuf, derSz, (keySz * 8), NULL, 0); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_store_set_key " + "status = %d, derSz = %d, keyBits = %d\n", + status, derSz, (keySz * 8)); +#endif } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } else { status = sss_key_object_get_handle(&newKey, keyId); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_key_object_get_handle " + "status = %d, keyId = %d\n", status, keyId); +#endif } } if (status == kStatus_SSS_Success) { status = sss_asymmetric_context_init(&ctx_asymm, cfg_se050_i2c_pi, &newKey, algorithm, kMode_SSS_Sign); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_asymmetric_context_init " + "status = %d, algorithm = %d\n", status, algorithm); +#endif if (status == kStatus_SSS_Success) { sigSz = outLen; - status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in, inLen, - out, &sigSz); + status = sss_asymmetric_sign_digest(&ctx_asymm, (uint8_t*)in, + inLen, out, &sigSz); +#ifdef SE050_DEBUG + printf("se050_rsa_sign: sss_asymmetric_sign_digest " + "status = %d, inLen = %d, sigSz = %d\n", + status, inLen, (int)sigSz); +#endif } sss_asymmetric_context_free(&ctx_asymm); } @@ -1327,6 +1435,7 @@ algorithm = se050_get_rsa_signature_type(pad_type, hash, mgf); if (algorithm == kAlgorithm_None) { WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050"); + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -1386,7 +1495,7 @@ derSz, (keySz * 8), NULL, 0); } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } else { status = sss_key_object_get_handle(&newKey, keyId); @@ -1515,6 +1624,7 @@ algorithm = se050_get_rsa_encrypt_type(pad_type, hash); if (algorithm == kAlgorithm_None) { WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050"); + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -1571,7 +1681,7 @@ status = sss_key_object_get_handle(&newKey, keyId); } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (status == kStatus_SSS_Success) { @@ -1673,6 +1783,7 @@ algorithm = se050_get_rsa_encrypt_type(pad_type, hash); if (algorithm == kAlgorithm_None) { WOLFSSL_MSG("Unsupported padding/hash/mgf combination for SE050"); + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -1736,7 +1847,7 @@ status = sss_key_object_get_handle(&newKey, keyId); } - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } if (status == kStatus_SSS_Success) { @@ -1871,6 +1982,7 @@ /* Avoid key ID conflicts with temporary key storage */ if (keyId >= SE050_KEYID_START) { + wolfSSL_CryptHwMutexUnLock(); return BAD_FUNC_ARG; } @@ -1902,7 +2014,9 @@ status = kStatus_SSS_Fail; } } - status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + if (status == kStatus_SSS_Success) { + status = sss_key_store_context_init(&host_keystore, cfg_se050_i2c_pi); + } if (status == kStatus_SSS_Success) { status = sss_key_object_init(&newKey, &host_keystore); } @@ -2334,6 +2448,12 @@ } if (status == kStatus_SSS_Success) { + /* Erase key from SE050 persistent storage if it was allocated + * by wolfSSL (not a pre-provisioned key). Without this, persistent + * key objects leak on the SE050 and can exhaust secure storage. */ + if (key->keyId >= SE050_KEYID_START) { + sss_key_store_erase_key(&host_keystore, &keyObject); + } sss_key_object_free(&keyObject); key->keyId = 0; key->keyIdSet = 0; @@ -2795,6 +2915,9 @@ status = sss_key_object_get_handle(&newKey, key->keyId); } if (status == kStatus_SSS_Success) { + if (key->keyId >= SE050_KEYID_START) { + sss_key_store_erase_key(&host_keystore, &newKey); + } sss_key_object_free(&newKey); key->keyId = 0; key->keyIdSet = 0; @@ -3268,6 +3391,9 @@ status = sss_key_object_get_handle(&newKey, key->keyId); } if (status == kStatus_SSS_Success) { + if (key->keyId >= SE050_KEYID_START) { + sss_key_store_erase_key(&host_keystore, &newKey); + } sss_key_object_free(&newKey); key->keyId = 0; key->keyIdSet = 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/pic32/pic32mz-crypt.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/pic32/pic32mz-crypt.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/pic32/pic32mz-crypt.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/pic32/pic32mz-crypt.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pic32mz-crypt.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -245,22 +245,26 @@ wolfSSL_CryptHwMutexUnLock(); - /* copy result to output */ - #if PIC32_NO_OUT_SWAP - /* swap bytes */ - ByteReverseWords(out, (word32*)out_p, outLen); - #elif defined(_SYS_DEVCON_LOCAL_H) - /* sync cache */ - SYS_DEVCON_DataCacheInvalidate((word32)out, outLen); - #else - XMEMCPY(out, out_p, outLen); - #endif + if (ret == 0) { + /* copy result to output */ + #if PIC32_NO_OUT_SWAP + /* swap bytes */ + ByteReverseWords(out, (word32*)out_p, outLen); + #elif defined(_SYS_DEVCON_LOCAL_H) + /* sync cache */ + SYS_DEVCON_DataCacheInvalidate((word32)out, outLen); + #else + XMEMCPY(out, out_p, outLen); + #endif + } } /* handle unaligned */ if (isDynamic) { - /* return result */ - XMEMCPY(pOut, out, outLen); + if (ret == 0) { + /* return result */ + XMEMCPY(pOut, out, outLen); + } /* free dynamic buffers */ XFREE(in, NULL, DYNAMIC_TYPE_AES_BUFFER); @@ -308,11 +312,14 @@ static pic32mz_desc gLHDesc __attribute__((coherent)); static uint8_t gLHDataBuf[PIC32MZ_MAX_BD][PIC32_BLOCK_SIZE] __attribute__((aligned (4), coherent)); -static void reset_engine(int algo) +static int reset_engine(int algo) { int i; + int ret; - wolfSSL_CryptHwMutexLock(); + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) + return ret; /* Software reset */ CECON = 1 << 6; @@ -360,11 +367,16 @@ #else CECON = 0xa7; #endif + + return 0; } -static void update_engine(const byte *input, word32 len, word32 *hash) +#define ENGINE_MAX_CHECKS 0xffffff + +static int update_engine(const byte *input, word32 len, word32 *hash) { int total; + int checks; gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash); @@ -386,7 +398,11 @@ if (gLHDesc.currBd >= PIC32MZ_MAX_BD) gLHDesc.currBd = 0; /* Wait until the engine has processed the new BD. */ - while (gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN); + checks = 0; + while (gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN && + ++checks < ENGINE_MAX_CHECKS) ; + if (checks == ENGINE_MAX_CHECKS) + return -1; gLHDesc.bd[gLHDesc.currBd].UPDPTR = KVA_TO_PA(hash); gLHDesc.dbPtr = 0; } @@ -416,6 +432,8 @@ } } } + + return 0; } static void start_engine(void) @@ -435,27 +453,34 @@ gLHDesc.bd[gLHDesc.currBd].BD_CTRL.DESC_EN = 1; } -void wait_engine(char *hash, int hash_sz) +static int wait_engine(word32 *hash, word32 hash_sz) { int i; unsigned int engineRunning; + int checks = 0; do { engineRunning = 0; for (i = 0; i < PIC32MZ_MAX_BD; i++) { engineRunning = engineRunning || gLHDesc.bd[i].BD_CTRL.DESC_EN; } - } while (engineRunning); + } while (engineRunning && (++checks < ENGINE_MAX_CHECKS)); -#if PIC32_NO_OUT_SWAP - /* swap bytes */ - ByteReverseWords(hash, KVA0_TO_KVA1(hash), hash_sz); -#else - /* copy output - hardware already swapped */ - XMEMCPY(hash, KVA0_TO_KVA1(hash), hash_sz); -#endif + if (!engineRunning) { + #if PIC32_NO_OUT_SWAP + /* swap bytes */ + ByteReverseWords(hash, KVA0_TO_KVA1(hash), hash_sz); + #else + /* copy output - hardware already swapped */ + XMEMCPY(hash, KVA0_TO_KVA1(hash), hash_sz); + #endif + } wolfSSL_CryptHwMutexUnLock(); + + if (engineRunning) + return -1; + return 0; } #endif /* WOLFSSL_PIC32MZ_LARGE_HASH */ @@ -487,10 +512,15 @@ /* if final length is set then pass straight to hardware */ if (cache->finalLen) { if (cache->bufLen == 0) { - reset_engine(algo); + ret = reset_engine(algo); + if (ret != 0) + return ret; gLHDesc.msgSize = cache->finalLen; } - update_engine(data, len, digest); + if (update_engine(data, len, digest) != 0) { + wolfSSL_CryptHwMutexUnLock(); + return ASYNC_OP_E; + } cache->bufLen += len; /* track progress for blockType */ return 0; } @@ -498,7 +528,9 @@ /* cache updates */ /* calculate new len */ - newLenUpd = cache->updLen + len; + newLenUpd = (word32)cache->updLen + (word32)len; + if (newLenUpd < (word32)cache->updLen) + return MEMORY_E; /* calculate padded len - pad buffer at 64-bytes for hardware */ newLenPad = newLenUpd; @@ -561,7 +593,13 @@ /* Only submit to hardware if update data provided matches expected */ if (cache->bufLen == cache->finalLen) { start_engine(); - wait_engine((char*)digest, digestSz); + if (wait_engine(digest, (word32)digestSz) != 0) { + if (cache->buf && cache->buf != stdBuf && !cache->isCopy) { + XFREE(cache->buf, heap, DYNAMIC_TYPE_HASH_TMP); + cache->buf = NULL; + } + return ASYNC_OP_E; + } XMEMCPY(hash, digest, digestSz); } else { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ppc32-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1287,6 +1287,7 @@ .long 0xa4506ceb .long 0xbef9a3f7 .long 0xc67178f2 +#ifndef __PIC__ .section ".text" .align 4 .globl Transform_Sha256_Len @@ -4503,6 +4504,3244 @@ addi 1, 1, 0x4c blr .size Transform_Sha256_Len,.-Transform_Sha256_Len +#else +/* PIC version not using register 30 or 31 */ + .section ".text" + .align 4 + .globl Transform_Sha256_Len + .type Transform_Sha256_Len, @function +Transform_Sha256_Len: + stwu 1, -68(1) + mflr 0 + stw 0, 64(1) + stw 14, 0(1) + stw 15, 4(1) + stw 16, 8(1) + stw 17, 12(1) + stw 18, 16(1) + stw 19, 20(1) + stw 20, 24(1) + stw 21, 28(1) + stw 22, 32(1) + stw 23, 36(1) + stw 24, 40(1) + stw 25, 44(1) + stw 26, 48(1) + stw 27, 52(1) + stw 28, 56(1) + stw 29, 60(1) + srwi 5, 5, 6 + lis 6, L_SHA256_transform_len_k@ha + la 6, L_SHA256_transform_len_k@l(6) +#ifndef WOLFSSL_PPC32_ASM_SMALL + subi 1, 1, 8 + stw 3, 0(1) + stw 4, 4(1) + mtctr 5 + # Copy digest to add in at end + lwz 0, 0(3) + lwz 4, 4(3) + lwz 7, 8(3) + lwz 8, 12(3) + lwz 9, 16(3) + lwz 10, 20(3) + lwz 11, 24(3) + lwz 12, 28(3) + lwz 3, 4(1) + # Start of loop processing a block +L_SHA256_transform_len_begin: + # Load W - 64 bytes + lwz 14, 0(3) + lwz 15, 4(3) + lwz 16, 8(3) + lwz 17, 12(3) + lwz 18, 16(3) + lwz 19, 20(3) + lwz 20, 24(3) + lwz 21, 28(3) + lwz 22, 32(3) + lwz 23, 36(3) + lwz 24, 40(3) + lwz 25, 44(3) + lwz 26, 48(3) + lwz 27, 52(3) + lwz 28, 56(3) + lwz 29, 60(3) + # Start of 16 rounds + # Round 0 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 0(6) + add 12, 12, 14 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[0] + rotlwi 3, 15, 25 + rotlwi 5, 15, 14 + xor 3, 3, 5 + srwi 5, 15, 3 + xor 3, 3, 5 + add 14, 14, 3 + rotlwi 3, 28, 15 + rotlwi 5, 28, 13 + xor 3, 3, 5 + srwi 5, 28, 10 + xor 3, 3, 5 + add 14, 14, 3 + add 14, 14, 23 + # Round 1 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 4(6) + add 11, 11, 15 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[1] + rotlwi 3, 16, 25 + rotlwi 5, 16, 14 + xor 3, 3, 5 + srwi 5, 16, 3 + xor 3, 3, 5 + add 15, 15, 3 + rotlwi 3, 29, 15 + rotlwi 5, 29, 13 + xor 3, 3, 5 + srwi 5, 29, 10 + xor 3, 3, 5 + add 15, 15, 3 + add 15, 15, 24 + # Round 2 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 8(6) + add 10, 10, 16 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[2] + rotlwi 3, 17, 25 + rotlwi 5, 17, 14 + xor 3, 3, 5 + srwi 5, 17, 3 + xor 3, 3, 5 + add 16, 16, 3 + rotlwi 3, 14, 15 + rotlwi 5, 14, 13 + xor 3, 3, 5 + srwi 5, 14, 10 + xor 3, 3, 5 + add 16, 16, 3 + add 16, 16, 25 + # Round 3 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 12(6) + add 9, 9, 17 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[3] + rotlwi 3, 18, 25 + rotlwi 5, 18, 14 + xor 3, 3, 5 + srwi 5, 18, 3 + xor 3, 3, 5 + add 17, 17, 3 + rotlwi 3, 15, 15 + rotlwi 5, 15, 13 + xor 3, 3, 5 + srwi 5, 15, 10 + xor 3, 3, 5 + add 17, 17, 3 + add 17, 17, 26 + # Round 4 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 16(6) + add 8, 8, 18 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[4] + rotlwi 3, 19, 25 + rotlwi 5, 19, 14 + xor 3, 3, 5 + srwi 5, 19, 3 + xor 3, 3, 5 + add 18, 18, 3 + rotlwi 3, 16, 15 + rotlwi 5, 16, 13 + xor 3, 3, 5 + srwi 5, 16, 10 + xor 3, 3, 5 + add 18, 18, 3 + add 18, 18, 27 + # Round 5 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 20(6) + add 7, 7, 19 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[5] + rotlwi 3, 20, 25 + rotlwi 5, 20, 14 + xor 3, 3, 5 + srwi 5, 20, 3 + xor 3, 3, 5 + add 19, 19, 3 + rotlwi 3, 17, 15 + rotlwi 5, 17, 13 + xor 3, 3, 5 + srwi 5, 17, 10 + xor 3, 3, 5 + add 19, 19, 3 + add 19, 19, 28 + # Round 6 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 24(6) + add 4, 4, 20 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[6] + rotlwi 3, 21, 25 + rotlwi 5, 21, 14 + xor 3, 3, 5 + srwi 5, 21, 3 + xor 3, 3, 5 + add 20, 20, 3 + rotlwi 3, 18, 15 + rotlwi 5, 18, 13 + xor 3, 3, 5 + srwi 5, 18, 10 + xor 3, 3, 5 + add 20, 20, 3 + add 20, 20, 29 + # Round 7 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 28(6) + add 0, 0, 21 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[7] + rotlwi 3, 22, 25 + rotlwi 5, 22, 14 + xor 3, 3, 5 + srwi 5, 22, 3 + xor 3, 3, 5 + add 21, 21, 3 + rotlwi 3, 19, 15 + rotlwi 5, 19, 13 + xor 3, 3, 5 + srwi 5, 19, 10 + xor 3, 3, 5 + add 21, 21, 3 + add 21, 21, 14 + # Round 8 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 32(6) + add 12, 12, 22 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[8] + rotlwi 3, 23, 25 + rotlwi 5, 23, 14 + xor 3, 3, 5 + srwi 5, 23, 3 + xor 3, 3, 5 + add 22, 22, 3 + rotlwi 3, 20, 15 + rotlwi 5, 20, 13 + xor 3, 3, 5 + srwi 5, 20, 10 + xor 3, 3, 5 + add 22, 22, 3 + add 22, 22, 15 + # Round 9 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 36(6) + add 11, 11, 23 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[9] + rotlwi 3, 24, 25 + rotlwi 5, 24, 14 + xor 3, 3, 5 + srwi 5, 24, 3 + xor 3, 3, 5 + add 23, 23, 3 + rotlwi 3, 21, 15 + rotlwi 5, 21, 13 + xor 3, 3, 5 + srwi 5, 21, 10 + xor 3, 3, 5 + add 23, 23, 3 + add 23, 23, 16 + # Round 10 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 40(6) + add 10, 10, 24 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[10] + rotlwi 3, 25, 25 + rotlwi 5, 25, 14 + xor 3, 3, 5 + srwi 5, 25, 3 + xor 3, 3, 5 + add 24, 24, 3 + rotlwi 3, 22, 15 + rotlwi 5, 22, 13 + xor 3, 3, 5 + srwi 5, 22, 10 + xor 3, 3, 5 + add 24, 24, 3 + add 24, 24, 17 + # Round 11 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 44(6) + add 9, 9, 25 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[11] + rotlwi 3, 26, 25 + rotlwi 5, 26, 14 + xor 3, 3, 5 + srwi 5, 26, 3 + xor 3, 3, 5 + add 25, 25, 3 + rotlwi 3, 23, 15 + rotlwi 5, 23, 13 + xor 3, 3, 5 + srwi 5, 23, 10 + xor 3, 3, 5 + add 25, 25, 3 + add 25, 25, 18 + # Round 12 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 48(6) + add 8, 8, 26 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[12] + rotlwi 3, 27, 25 + rotlwi 5, 27, 14 + xor 3, 3, 5 + srwi 5, 27, 3 + xor 3, 3, 5 + add 26, 26, 3 + rotlwi 3, 24, 15 + rotlwi 5, 24, 13 + xor 3, 3, 5 + srwi 5, 24, 10 + xor 3, 3, 5 + add 26, 26, 3 + add 26, 26, 19 + # Round 13 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 52(6) + add 7, 7, 27 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[13] + rotlwi 3, 28, 25 + rotlwi 5, 28, 14 + xor 3, 3, 5 + srwi 5, 28, 3 + xor 3, 3, 5 + add 27, 27, 3 + rotlwi 3, 25, 15 + rotlwi 5, 25, 13 + xor 3, 3, 5 + srwi 5, 25, 10 + xor 3, 3, 5 + add 27, 27, 3 + add 27, 27, 20 + # Round 14 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 56(6) + add 4, 4, 28 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[14] + rotlwi 3, 29, 25 + rotlwi 5, 29, 14 + xor 3, 3, 5 + srwi 5, 29, 3 + xor 3, 3, 5 + add 28, 28, 3 + rotlwi 3, 26, 15 + rotlwi 5, 26, 13 + xor 3, 3, 5 + srwi 5, 26, 10 + xor 3, 3, 5 + add 28, 28, 3 + add 28, 28, 21 + # Round 15 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 60(6) + add 0, 0, 29 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[15] + rotlwi 3, 14, 25 + rotlwi 5, 14, 14 + xor 3, 3, 5 + srwi 5, 14, 3 + xor 3, 3, 5 + add 29, 29, 3 + rotlwi 3, 27, 15 + rotlwi 5, 27, 13 + xor 3, 3, 5 + srwi 5, 27, 10 + xor 3, 3, 5 + add 29, 29, 3 + add 29, 29, 22 + addi 6, 6, 0x40 + # Round 0 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 0(6) + add 12, 12, 14 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[0] + rotlwi 3, 15, 25 + rotlwi 5, 15, 14 + xor 3, 3, 5 + srwi 5, 15, 3 + xor 3, 3, 5 + add 14, 14, 3 + rotlwi 3, 28, 15 + rotlwi 5, 28, 13 + xor 3, 3, 5 + srwi 5, 28, 10 + xor 3, 3, 5 + add 14, 14, 3 + add 14, 14, 23 + # Round 1 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 4(6) + add 11, 11, 15 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[1] + rotlwi 3, 16, 25 + rotlwi 5, 16, 14 + xor 3, 3, 5 + srwi 5, 16, 3 + xor 3, 3, 5 + add 15, 15, 3 + rotlwi 3, 29, 15 + rotlwi 5, 29, 13 + xor 3, 3, 5 + srwi 5, 29, 10 + xor 3, 3, 5 + add 15, 15, 3 + add 15, 15, 24 + # Round 2 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 8(6) + add 10, 10, 16 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[2] + rotlwi 3, 17, 25 + rotlwi 5, 17, 14 + xor 3, 3, 5 + srwi 5, 17, 3 + xor 3, 3, 5 + add 16, 16, 3 + rotlwi 3, 14, 15 + rotlwi 5, 14, 13 + xor 3, 3, 5 + srwi 5, 14, 10 + xor 3, 3, 5 + add 16, 16, 3 + add 16, 16, 25 + # Round 3 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 12(6) + add 9, 9, 17 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[3] + rotlwi 3, 18, 25 + rotlwi 5, 18, 14 + xor 3, 3, 5 + srwi 5, 18, 3 + xor 3, 3, 5 + add 17, 17, 3 + rotlwi 3, 15, 15 + rotlwi 5, 15, 13 + xor 3, 3, 5 + srwi 5, 15, 10 + xor 3, 3, 5 + add 17, 17, 3 + add 17, 17, 26 + # Round 4 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 16(6) + add 8, 8, 18 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[4] + rotlwi 3, 19, 25 + rotlwi 5, 19, 14 + xor 3, 3, 5 + srwi 5, 19, 3 + xor 3, 3, 5 + add 18, 18, 3 + rotlwi 3, 16, 15 + rotlwi 5, 16, 13 + xor 3, 3, 5 + srwi 5, 16, 10 + xor 3, 3, 5 + add 18, 18, 3 + add 18, 18, 27 + # Round 5 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 20(6) + add 7, 7, 19 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[5] + rotlwi 3, 20, 25 + rotlwi 5, 20, 14 + xor 3, 3, 5 + srwi 5, 20, 3 + xor 3, 3, 5 + add 19, 19, 3 + rotlwi 3, 17, 15 + rotlwi 5, 17, 13 + xor 3, 3, 5 + srwi 5, 17, 10 + xor 3, 3, 5 + add 19, 19, 3 + add 19, 19, 28 + # Round 6 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 24(6) + add 4, 4, 20 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[6] + rotlwi 3, 21, 25 + rotlwi 5, 21, 14 + xor 3, 3, 5 + srwi 5, 21, 3 + xor 3, 3, 5 + add 20, 20, 3 + rotlwi 3, 18, 15 + rotlwi 5, 18, 13 + xor 3, 3, 5 + srwi 5, 18, 10 + xor 3, 3, 5 + add 20, 20, 3 + add 20, 20, 29 + # Round 7 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 28(6) + add 0, 0, 21 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[7] + rotlwi 3, 22, 25 + rotlwi 5, 22, 14 + xor 3, 3, 5 + srwi 5, 22, 3 + xor 3, 3, 5 + add 21, 21, 3 + rotlwi 3, 19, 15 + rotlwi 5, 19, 13 + xor 3, 3, 5 + srwi 5, 19, 10 + xor 3, 3, 5 + add 21, 21, 3 + add 21, 21, 14 + # Round 8 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 32(6) + add 12, 12, 22 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[8] + rotlwi 3, 23, 25 + rotlwi 5, 23, 14 + xor 3, 3, 5 + srwi 5, 23, 3 + xor 3, 3, 5 + add 22, 22, 3 + rotlwi 3, 20, 15 + rotlwi 5, 20, 13 + xor 3, 3, 5 + srwi 5, 20, 10 + xor 3, 3, 5 + add 22, 22, 3 + add 22, 22, 15 + # Round 9 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 36(6) + add 11, 11, 23 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[9] + rotlwi 3, 24, 25 + rotlwi 5, 24, 14 + xor 3, 3, 5 + srwi 5, 24, 3 + xor 3, 3, 5 + add 23, 23, 3 + rotlwi 3, 21, 15 + rotlwi 5, 21, 13 + xor 3, 3, 5 + srwi 5, 21, 10 + xor 3, 3, 5 + add 23, 23, 3 + add 23, 23, 16 + # Round 10 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 40(6) + add 10, 10, 24 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[10] + rotlwi 3, 25, 25 + rotlwi 5, 25, 14 + xor 3, 3, 5 + srwi 5, 25, 3 + xor 3, 3, 5 + add 24, 24, 3 + rotlwi 3, 22, 15 + rotlwi 5, 22, 13 + xor 3, 3, 5 + srwi 5, 22, 10 + xor 3, 3, 5 + add 24, 24, 3 + add 24, 24, 17 + # Round 11 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 44(6) + add 9, 9, 25 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[11] + rotlwi 3, 26, 25 + rotlwi 5, 26, 14 + xor 3, 3, 5 + srwi 5, 26, 3 + xor 3, 3, 5 + add 25, 25, 3 + rotlwi 3, 23, 15 + rotlwi 5, 23, 13 + xor 3, 3, 5 + srwi 5, 23, 10 + xor 3, 3, 5 + add 25, 25, 3 + add 25, 25, 18 + # Round 12 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 48(6) + add 8, 8, 26 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[12] + rotlwi 3, 27, 25 + rotlwi 5, 27, 14 + xor 3, 3, 5 + srwi 5, 27, 3 + xor 3, 3, 5 + add 26, 26, 3 + rotlwi 3, 24, 15 + rotlwi 5, 24, 13 + xor 3, 3, 5 + srwi 5, 24, 10 + xor 3, 3, 5 + add 26, 26, 3 + add 26, 26, 19 + # Round 13 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 52(6) + add 7, 7, 27 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[13] + rotlwi 3, 28, 25 + rotlwi 5, 28, 14 + xor 3, 3, 5 + srwi 5, 28, 3 + xor 3, 3, 5 + add 27, 27, 3 + rotlwi 3, 25, 15 + rotlwi 5, 25, 13 + xor 3, 3, 5 + srwi 5, 25, 10 + xor 3, 3, 5 + add 27, 27, 3 + add 27, 27, 20 + # Round 14 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 56(6) + add 4, 4, 28 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[14] + rotlwi 3, 29, 25 + rotlwi 5, 29, 14 + xor 3, 3, 5 + srwi 5, 29, 3 + xor 3, 3, 5 + add 28, 28, 3 + rotlwi 3, 26, 15 + rotlwi 5, 26, 13 + xor 3, 3, 5 + srwi 5, 26, 10 + xor 3, 3, 5 + add 28, 28, 3 + add 28, 28, 21 + # Round 15 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 60(6) + add 0, 0, 29 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[15] + rotlwi 3, 14, 25 + rotlwi 5, 14, 14 + xor 3, 3, 5 + srwi 5, 14, 3 + xor 3, 3, 5 + add 29, 29, 3 + rotlwi 3, 27, 15 + rotlwi 5, 27, 13 + xor 3, 3, 5 + srwi 5, 27, 10 + xor 3, 3, 5 + add 29, 29, 3 + add 29, 29, 22 + addi 6, 6, 0x40 + # Round 0 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 0(6) + add 12, 12, 14 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[0] + rotlwi 3, 15, 25 + rotlwi 5, 15, 14 + xor 3, 3, 5 + srwi 5, 15, 3 + xor 3, 3, 5 + add 14, 14, 3 + rotlwi 3, 28, 15 + rotlwi 5, 28, 13 + xor 3, 3, 5 + srwi 5, 28, 10 + xor 3, 3, 5 + add 14, 14, 3 + add 14, 14, 23 + # Round 1 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 4(6) + add 11, 11, 15 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[1] + rotlwi 3, 16, 25 + rotlwi 5, 16, 14 + xor 3, 3, 5 + srwi 5, 16, 3 + xor 3, 3, 5 + add 15, 15, 3 + rotlwi 3, 29, 15 + rotlwi 5, 29, 13 + xor 3, 3, 5 + srwi 5, 29, 10 + xor 3, 3, 5 + add 15, 15, 3 + add 15, 15, 24 + # Round 2 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 8(6) + add 10, 10, 16 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[2] + rotlwi 3, 17, 25 + rotlwi 5, 17, 14 + xor 3, 3, 5 + srwi 5, 17, 3 + xor 3, 3, 5 + add 16, 16, 3 + rotlwi 3, 14, 15 + rotlwi 5, 14, 13 + xor 3, 3, 5 + srwi 5, 14, 10 + xor 3, 3, 5 + add 16, 16, 3 + add 16, 16, 25 + # Round 3 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 12(6) + add 9, 9, 17 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[3] + rotlwi 3, 18, 25 + rotlwi 5, 18, 14 + xor 3, 3, 5 + srwi 5, 18, 3 + xor 3, 3, 5 + add 17, 17, 3 + rotlwi 3, 15, 15 + rotlwi 5, 15, 13 + xor 3, 3, 5 + srwi 5, 15, 10 + xor 3, 3, 5 + add 17, 17, 3 + add 17, 17, 26 + # Round 4 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 16(6) + add 8, 8, 18 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[4] + rotlwi 3, 19, 25 + rotlwi 5, 19, 14 + xor 3, 3, 5 + srwi 5, 19, 3 + xor 3, 3, 5 + add 18, 18, 3 + rotlwi 3, 16, 15 + rotlwi 5, 16, 13 + xor 3, 3, 5 + srwi 5, 16, 10 + xor 3, 3, 5 + add 18, 18, 3 + add 18, 18, 27 + # Round 5 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 20(6) + add 7, 7, 19 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[5] + rotlwi 3, 20, 25 + rotlwi 5, 20, 14 + xor 3, 3, 5 + srwi 5, 20, 3 + xor 3, 3, 5 + add 19, 19, 3 + rotlwi 3, 17, 15 + rotlwi 5, 17, 13 + xor 3, 3, 5 + srwi 5, 17, 10 + xor 3, 3, 5 + add 19, 19, 3 + add 19, 19, 28 + # Round 6 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 24(6) + add 4, 4, 20 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[6] + rotlwi 3, 21, 25 + rotlwi 5, 21, 14 + xor 3, 3, 5 + srwi 5, 21, 3 + xor 3, 3, 5 + add 20, 20, 3 + rotlwi 3, 18, 15 + rotlwi 5, 18, 13 + xor 3, 3, 5 + srwi 5, 18, 10 + xor 3, 3, 5 + add 20, 20, 3 + add 20, 20, 29 + # Round 7 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 28(6) + add 0, 0, 21 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[7] + rotlwi 3, 22, 25 + rotlwi 5, 22, 14 + xor 3, 3, 5 + srwi 5, 22, 3 + xor 3, 3, 5 + add 21, 21, 3 + rotlwi 3, 19, 15 + rotlwi 5, 19, 13 + xor 3, 3, 5 + srwi 5, 19, 10 + xor 3, 3, 5 + add 21, 21, 3 + add 21, 21, 14 + # Round 8 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 32(6) + add 12, 12, 22 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Calc new W[8] + rotlwi 3, 23, 25 + rotlwi 5, 23, 14 + xor 3, 3, 5 + srwi 5, 23, 3 + xor 3, 3, 5 + add 22, 22, 3 + rotlwi 3, 20, 15 + rotlwi 5, 20, 13 + xor 3, 3, 5 + srwi 5, 20, 10 + xor 3, 3, 5 + add 22, 22, 3 + add 22, 22, 15 + # Round 9 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 36(6) + add 11, 11, 23 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Calc new W[9] + rotlwi 3, 24, 25 + rotlwi 5, 24, 14 + xor 3, 3, 5 + srwi 5, 24, 3 + xor 3, 3, 5 + add 23, 23, 3 + rotlwi 3, 21, 15 + rotlwi 5, 21, 13 + xor 3, 3, 5 + srwi 5, 21, 10 + xor 3, 3, 5 + add 23, 23, 3 + add 23, 23, 16 + # Round 10 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 40(6) + add 10, 10, 24 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Calc new W[10] + rotlwi 3, 25, 25 + rotlwi 5, 25, 14 + xor 3, 3, 5 + srwi 5, 25, 3 + xor 3, 3, 5 + add 24, 24, 3 + rotlwi 3, 22, 15 + rotlwi 5, 22, 13 + xor 3, 3, 5 + srwi 5, 22, 10 + xor 3, 3, 5 + add 24, 24, 3 + add 24, 24, 17 + # Round 11 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 44(6) + add 9, 9, 25 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Calc new W[11] + rotlwi 3, 26, 25 + rotlwi 5, 26, 14 + xor 3, 3, 5 + srwi 5, 26, 3 + xor 3, 3, 5 + add 25, 25, 3 + rotlwi 3, 23, 15 + rotlwi 5, 23, 13 + xor 3, 3, 5 + srwi 5, 23, 10 + xor 3, 3, 5 + add 25, 25, 3 + add 25, 25, 18 + # Round 12 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 48(6) + add 8, 8, 26 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Calc new W[12] + rotlwi 3, 27, 25 + rotlwi 5, 27, 14 + xor 3, 3, 5 + srwi 5, 27, 3 + xor 3, 3, 5 + add 26, 26, 3 + rotlwi 3, 24, 15 + rotlwi 5, 24, 13 + xor 3, 3, 5 + srwi 5, 24, 10 + xor 3, 3, 5 + add 26, 26, 3 + add 26, 26, 19 + # Round 13 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 52(6) + add 7, 7, 27 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Calc new W[13] + rotlwi 3, 28, 25 + rotlwi 5, 28, 14 + xor 3, 3, 5 + srwi 5, 28, 3 + xor 3, 3, 5 + add 27, 27, 3 + rotlwi 3, 25, 15 + rotlwi 5, 25, 13 + xor 3, 3, 5 + srwi 5, 25, 10 + xor 3, 3, 5 + add 27, 27, 3 + add 27, 27, 20 + # Round 14 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 56(6) + add 4, 4, 28 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Calc new W[14] + rotlwi 3, 29, 25 + rotlwi 5, 29, 14 + xor 3, 3, 5 + srwi 5, 29, 3 + xor 3, 3, 5 + add 28, 28, 3 + rotlwi 3, 26, 15 + rotlwi 5, 26, 13 + xor 3, 3, 5 + srwi 5, 26, 10 + xor 3, 3, 5 + add 28, 28, 3 + add 28, 28, 21 + # Round 15 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 60(6) + add 0, 0, 29 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Calc new W[15] + rotlwi 3, 14, 25 + rotlwi 5, 14, 14 + xor 3, 3, 5 + srwi 5, 14, 3 + xor 3, 3, 5 + add 29, 29, 3 + rotlwi 3, 27, 15 + rotlwi 5, 27, 13 + xor 3, 3, 5 + srwi 5, 27, 10 + xor 3, 3, 5 + add 29, 29, 3 + add 29, 29, 22 + addi 6, 6, 0x40 + # Round 0 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 0(6) + add 12, 12, 14 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Round 1 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 4(6) + add 11, 11, 15 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Round 2 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 8(6) + add 10, 10, 16 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Round 3 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 12(6) + add 9, 9, 17 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Round 4 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 16(6) + add 8, 8, 18 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Round 5 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 20(6) + add 7, 7, 19 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Round 6 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 24(6) + add 4, 4, 20 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Round 7 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 28(6) + add 0, 0, 21 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + # Round 8 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 32(6) + add 12, 12, 22 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + # Round 9 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 36(6) + add 11, 11, 23 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + # Round 10 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 40(6) + add 10, 10, 24 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + # Round 11 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 44(6) + add 9, 9, 25 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + # Round 12 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 48(6) + add 8, 8, 26 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + # Round 13 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 52(6) + add 7, 7, 27 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + # Round 14 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 56(6) + add 4, 4, 28 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + # Round 15 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 60(6) + add 0, 0, 29 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + subi 6, 6, 0xc0 + lwz 3, 0(1) + # Add in digest from start + lwz 5, 0(3) + add 0, 0, 5 + lwz 5, 4(3) + add 4, 4, 5 + lwz 5, 8(3) + add 7, 7, 5 + lwz 5, 12(3) + add 8, 8, 5 + lwz 5, 16(3) + add 9, 9, 5 + lwz 5, 20(3) + add 10, 10, 5 + lwz 5, 24(3) + add 11, 11, 5 + lwz 5, 28(3) + add 12, 12, 5 + stw 0, 0(3) + stw 4, 4(3) + stw 7, 8(3) + stw 8, 12(3) + stw 9, 16(3) + stw 10, 20(3) + stw 11, 24(3) + stw 12, 28(3) + lwz 3, 4(1) + addi 3, 3, 0x40 + stw 3, 4(1) + bdnz L_SHA256_transform_len_begin + addi 1, 1, 8 +#else + subi 1, 1, 12 + stw 3, 0(1) + stw 4, 4(1) + stw 5, 8(1) + # Copy digest to add in at end + lwz 0, 0(3) + lwz 4, 4(3) + lwz 7, 8(3) + lwz 8, 12(3) + lwz 9, 16(3) + lwz 10, 20(3) + lwz 11, 24(3) + lwz 12, 28(3) + lwz 3, 4(1) + # Start of loop processing a block +L_SHA256_transform_len_begin: + # Load W - 64 bytes + lwz 14, 0(3) + lwz 15, 4(3) + lwz 16, 8(3) + lwz 17, 12(3) + lwz 18, 16(3) + lwz 19, 20(3) + lwz 20, 24(3) + lwz 21, 28(3) + lwz 22, 32(3) + lwz 23, 36(3) + lwz 24, 40(3) + lwz 25, 44(3) + lwz 26, 48(3) + lwz 27, 52(3) + lwz 28, 56(3) + lwz 29, 60(3) + li 3, 4 + mtctr 3 + # Start of 16 rounds +L_SHA256_transform_len_start: + # Round 0 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 0(6) + add 12, 12, 14 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_0 + # Calc new W[0] + rotlwi 3, 15, 25 + rotlwi 5, 15, 14 + xor 3, 3, 5 + srwi 5, 15, 3 + xor 3, 3, 5 + add 14, 14, 3 + rotlwi 3, 28, 15 + rotlwi 5, 28, 13 + xor 3, 3, 5 + srwi 5, 28, 10 + xor 3, 3, 5 + add 14, 14, 3 + add 14, 14, 23 +L_SHA256_transform_len_after_blk_0: + # Round 1 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 4(6) + add 11, 11, 15 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_1 + # Calc new W[1] + rotlwi 3, 16, 25 + rotlwi 5, 16, 14 + xor 3, 3, 5 + srwi 5, 16, 3 + xor 3, 3, 5 + add 15, 15, 3 + rotlwi 3, 29, 15 + rotlwi 5, 29, 13 + xor 3, 3, 5 + srwi 5, 29, 10 + xor 3, 3, 5 + add 15, 15, 3 + add 15, 15, 24 +L_SHA256_transform_len_after_blk_1: + # Round 2 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 8(6) + add 10, 10, 16 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_2 + # Calc new W[2] + rotlwi 3, 17, 25 + rotlwi 5, 17, 14 + xor 3, 3, 5 + srwi 5, 17, 3 + xor 3, 3, 5 + add 16, 16, 3 + rotlwi 3, 14, 15 + rotlwi 5, 14, 13 + xor 3, 3, 5 + srwi 5, 14, 10 + xor 3, 3, 5 + add 16, 16, 3 + add 16, 16, 25 +L_SHA256_transform_len_after_blk_2: + # Round 3 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 12(6) + add 9, 9, 17 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_3 + # Calc new W[3] + rotlwi 3, 18, 25 + rotlwi 5, 18, 14 + xor 3, 3, 5 + srwi 5, 18, 3 + xor 3, 3, 5 + add 17, 17, 3 + rotlwi 3, 15, 15 + rotlwi 5, 15, 13 + xor 3, 3, 5 + srwi 5, 15, 10 + xor 3, 3, 5 + add 17, 17, 3 + add 17, 17, 26 +L_SHA256_transform_len_after_blk_3: + # Round 4 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 16(6) + add 8, 8, 18 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_4 + # Calc new W[4] + rotlwi 3, 19, 25 + rotlwi 5, 19, 14 + xor 3, 3, 5 + srwi 5, 19, 3 + xor 3, 3, 5 + add 18, 18, 3 + rotlwi 3, 16, 15 + rotlwi 5, 16, 13 + xor 3, 3, 5 + srwi 5, 16, 10 + xor 3, 3, 5 + add 18, 18, 3 + add 18, 18, 27 +L_SHA256_transform_len_after_blk_4: + # Round 5 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 20(6) + add 7, 7, 19 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_5 + # Calc new W[5] + rotlwi 3, 20, 25 + rotlwi 5, 20, 14 + xor 3, 3, 5 + srwi 5, 20, 3 + xor 3, 3, 5 + add 19, 19, 3 + rotlwi 3, 17, 15 + rotlwi 5, 17, 13 + xor 3, 3, 5 + srwi 5, 17, 10 + xor 3, 3, 5 + add 19, 19, 3 + add 19, 19, 28 +L_SHA256_transform_len_after_blk_5: + # Round 6 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 24(6) + add 4, 4, 20 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_6 + # Calc new W[6] + rotlwi 3, 21, 25 + rotlwi 5, 21, 14 + xor 3, 3, 5 + srwi 5, 21, 3 + xor 3, 3, 5 + add 20, 20, 3 + rotlwi 3, 18, 15 + rotlwi 5, 18, 13 + xor 3, 3, 5 + srwi 5, 18, 10 + xor 3, 3, 5 + add 20, 20, 3 + add 20, 20, 29 +L_SHA256_transform_len_after_blk_6: + # Round 7 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 28(6) + add 0, 0, 21 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_7 + # Calc new W[7] + rotlwi 3, 22, 25 + rotlwi 5, 22, 14 + xor 3, 3, 5 + srwi 5, 22, 3 + xor 3, 3, 5 + add 21, 21, 3 + rotlwi 3, 19, 15 + rotlwi 5, 19, 13 + xor 3, 3, 5 + srwi 5, 19, 10 + xor 3, 3, 5 + add 21, 21, 3 + add 21, 21, 14 +L_SHA256_transform_len_after_blk_7: + # Round 8 + rotlwi 3, 9, 26 + rotlwi 5, 9, 21 + xor 3, 3, 5 + rotlwi 5, 9, 7 + xor 3, 3, 5 + add 12, 12, 3 + xor 3, 10, 11 + and 3, 3, 9 + xor 3, 3, 11 + add 12, 12, 3 + lwz 3, 32(6) + add 12, 12, 22 + add 12, 12, 3 + add 8, 8, 12 + rotlwi 3, 0, 30 + rotlwi 5, 0, 19 + xor 3, 3, 5 + rotlwi 5, 0, 10 + xor 3, 3, 5 + add 12, 12, 3 + xor 5, 0, 4 + xor 3, 4, 7 + and 3, 3, 5 + xor 3, 3, 4 + add 12, 12, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_8 + # Calc new W[8] + rotlwi 3, 23, 25 + rotlwi 5, 23, 14 + xor 3, 3, 5 + srwi 5, 23, 3 + xor 3, 3, 5 + add 22, 22, 3 + rotlwi 3, 20, 15 + rotlwi 5, 20, 13 + xor 3, 3, 5 + srwi 5, 20, 10 + xor 3, 3, 5 + add 22, 22, 3 + add 22, 22, 15 +L_SHA256_transform_len_after_blk_8: + # Round 9 + rotlwi 3, 8, 26 + rotlwi 5, 8, 21 + xor 3, 3, 5 + rotlwi 5, 8, 7 + xor 3, 3, 5 + add 11, 11, 3 + xor 3, 9, 10 + and 3, 3, 8 + xor 3, 3, 10 + add 11, 11, 3 + lwz 3, 36(6) + add 11, 11, 23 + add 11, 11, 3 + add 7, 7, 11 + rotlwi 3, 12, 30 + rotlwi 5, 12, 19 + xor 3, 3, 5 + rotlwi 5, 12, 10 + xor 3, 3, 5 + add 11, 11, 3 + xor 5, 12, 0 + xor 3, 0, 4 + and 3, 3, 5 + xor 3, 3, 0 + add 11, 11, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_9 + # Calc new W[9] + rotlwi 3, 24, 25 + rotlwi 5, 24, 14 + xor 3, 3, 5 + srwi 5, 24, 3 + xor 3, 3, 5 + add 23, 23, 3 + rotlwi 3, 21, 15 + rotlwi 5, 21, 13 + xor 3, 3, 5 + srwi 5, 21, 10 + xor 3, 3, 5 + add 23, 23, 3 + add 23, 23, 16 +L_SHA256_transform_len_after_blk_9: + # Round 10 + rotlwi 3, 7, 26 + rotlwi 5, 7, 21 + xor 3, 3, 5 + rotlwi 5, 7, 7 + xor 3, 3, 5 + add 10, 10, 3 + xor 3, 8, 9 + and 3, 3, 7 + xor 3, 3, 9 + add 10, 10, 3 + lwz 3, 40(6) + add 10, 10, 24 + add 10, 10, 3 + add 4, 4, 10 + rotlwi 3, 11, 30 + rotlwi 5, 11, 19 + xor 3, 3, 5 + rotlwi 5, 11, 10 + xor 3, 3, 5 + add 10, 10, 3 + xor 5, 11, 12 + xor 3, 12, 0 + and 3, 3, 5 + xor 3, 3, 12 + add 10, 10, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_10 + # Calc new W[10] + rotlwi 3, 25, 25 + rotlwi 5, 25, 14 + xor 3, 3, 5 + srwi 5, 25, 3 + xor 3, 3, 5 + add 24, 24, 3 + rotlwi 3, 22, 15 + rotlwi 5, 22, 13 + xor 3, 3, 5 + srwi 5, 22, 10 + xor 3, 3, 5 + add 24, 24, 3 + add 24, 24, 17 +L_SHA256_transform_len_after_blk_10: + # Round 11 + rotlwi 3, 4, 26 + rotlwi 5, 4, 21 + xor 3, 3, 5 + rotlwi 5, 4, 7 + xor 3, 3, 5 + add 9, 9, 3 + xor 3, 7, 8 + and 3, 3, 4 + xor 3, 3, 8 + add 9, 9, 3 + lwz 3, 44(6) + add 9, 9, 25 + add 9, 9, 3 + add 0, 0, 9 + rotlwi 3, 10, 30 + rotlwi 5, 10, 19 + xor 3, 3, 5 + rotlwi 5, 10, 10 + xor 3, 3, 5 + add 9, 9, 3 + xor 5, 10, 11 + xor 3, 11, 12 + and 3, 3, 5 + xor 3, 3, 11 + add 9, 9, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_11 + # Calc new W[11] + rotlwi 3, 26, 25 + rotlwi 5, 26, 14 + xor 3, 3, 5 + srwi 5, 26, 3 + xor 3, 3, 5 + add 25, 25, 3 + rotlwi 3, 23, 15 + rotlwi 5, 23, 13 + xor 3, 3, 5 + srwi 5, 23, 10 + xor 3, 3, 5 + add 25, 25, 3 + add 25, 25, 18 +L_SHA256_transform_len_after_blk_11: + # Round 12 + rotlwi 3, 0, 26 + rotlwi 5, 0, 21 + xor 3, 3, 5 + rotlwi 5, 0, 7 + xor 3, 3, 5 + add 8, 8, 3 + xor 3, 4, 7 + and 3, 3, 0 + xor 3, 3, 7 + add 8, 8, 3 + lwz 3, 48(6) + add 8, 8, 26 + add 8, 8, 3 + add 12, 12, 8 + rotlwi 3, 9, 30 + rotlwi 5, 9, 19 + xor 3, 3, 5 + rotlwi 5, 9, 10 + xor 3, 3, 5 + add 8, 8, 3 + xor 5, 9, 10 + xor 3, 10, 11 + and 3, 3, 5 + xor 3, 3, 10 + add 8, 8, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_12 + # Calc new W[12] + rotlwi 3, 27, 25 + rotlwi 5, 27, 14 + xor 3, 3, 5 + srwi 5, 27, 3 + xor 3, 3, 5 + add 26, 26, 3 + rotlwi 3, 24, 15 + rotlwi 5, 24, 13 + xor 3, 3, 5 + srwi 5, 24, 10 + xor 3, 3, 5 + add 26, 26, 3 + add 26, 26, 19 +L_SHA256_transform_len_after_blk_12: + # Round 13 + rotlwi 3, 12, 26 + rotlwi 5, 12, 21 + xor 3, 3, 5 + rotlwi 5, 12, 7 + xor 3, 3, 5 + add 7, 7, 3 + xor 3, 0, 4 + and 3, 3, 12 + xor 3, 3, 4 + add 7, 7, 3 + lwz 3, 52(6) + add 7, 7, 27 + add 7, 7, 3 + add 11, 11, 7 + rotlwi 3, 8, 30 + rotlwi 5, 8, 19 + xor 3, 3, 5 + rotlwi 5, 8, 10 + xor 3, 3, 5 + add 7, 7, 3 + xor 5, 8, 9 + xor 3, 9, 10 + and 3, 3, 5 + xor 3, 3, 9 + add 7, 7, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_13 + # Calc new W[13] + rotlwi 3, 28, 25 + rotlwi 5, 28, 14 + xor 3, 3, 5 + srwi 5, 28, 3 + xor 3, 3, 5 + add 27, 27, 3 + rotlwi 3, 25, 15 + rotlwi 5, 25, 13 + xor 3, 3, 5 + srwi 5, 25, 10 + xor 3, 3, 5 + add 27, 27, 3 + add 27, 27, 20 +L_SHA256_transform_len_after_blk_13: + # Round 14 + rotlwi 3, 11, 26 + rotlwi 5, 11, 21 + xor 3, 3, 5 + rotlwi 5, 11, 7 + xor 3, 3, 5 + add 4, 4, 3 + xor 3, 12, 0 + and 3, 3, 11 + xor 3, 3, 0 + add 4, 4, 3 + lwz 3, 56(6) + add 4, 4, 28 + add 4, 4, 3 + add 10, 10, 4 + rotlwi 3, 7, 30 + rotlwi 5, 7, 19 + xor 3, 3, 5 + rotlwi 5, 7, 10 + xor 3, 3, 5 + add 4, 4, 3 + xor 5, 7, 8 + xor 3, 8, 9 + and 3, 3, 5 + xor 3, 3, 8 + add 4, 4, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_14 + # Calc new W[14] + rotlwi 3, 29, 25 + rotlwi 5, 29, 14 + xor 3, 3, 5 + srwi 5, 29, 3 + xor 3, 3, 5 + add 28, 28, 3 + rotlwi 3, 26, 15 + rotlwi 5, 26, 13 + xor 3, 3, 5 + srwi 5, 26, 10 + xor 3, 3, 5 + add 28, 28, 3 + add 28, 28, 21 +L_SHA256_transform_len_after_blk_14: + # Round 15 + rotlwi 3, 10, 26 + rotlwi 5, 10, 21 + xor 3, 3, 5 + rotlwi 5, 10, 7 + xor 3, 3, 5 + add 0, 0, 3 + xor 3, 11, 12 + and 3, 3, 10 + xor 3, 3, 12 + add 0, 0, 3 + lwz 3, 60(6) + add 0, 0, 29 + add 0, 0, 3 + add 9, 9, 0 + rotlwi 3, 4, 30 + rotlwi 5, 4, 19 + xor 3, 3, 5 + rotlwi 5, 4, 10 + xor 3, 3, 5 + add 0, 0, 3 + xor 5, 4, 7 + xor 3, 7, 8 + and 3, 3, 5 + xor 3, 3, 7 + add 0, 0, 3 + mfctr 5 + cmpwi 3, 5, 1 + beq 3, L_SHA256_transform_len_after_blk_15 + # Calc new W[15] + rotlwi 3, 14, 25 + rotlwi 5, 14, 14 + xor 3, 3, 5 + srwi 5, 14, 3 + xor 3, 3, 5 + add 29, 29, 3 + rotlwi 3, 27, 15 + rotlwi 5, 27, 13 + xor 3, 3, 5 + srwi 5, 27, 10 + xor 3, 3, 5 + add 29, 29, 3 + add 29, 29, 22 +L_SHA256_transform_len_after_blk_15: + addi 6, 6, 0x40 + bdnz L_SHA256_transform_len_start + subi 6, 6, 0x100 + lwz 3, 0(1) + # Add in digest from start + lwz 5, 0(3) + add 0, 0, 5 + lwz 5, 4(3) + add 4, 4, 5 + lwz 5, 8(3) + add 7, 7, 5 + lwz 5, 12(3) + add 8, 8, 5 + lwz 5, 16(3) + add 9, 9, 5 + lwz 5, 20(3) + add 10, 10, 5 + lwz 5, 24(3) + add 11, 11, 5 + lwz 5, 28(3) + add 12, 12, 5 + stw 0, 0(3) + stw 4, 4(3) + stw 7, 8(3) + stw 8, 12(3) + stw 9, 16(3) + stw 10, 20(3) + stw 11, 24(3) + stw 12, 28(3) + lwz 3, 4(1) + lwz 5, 8(1) + mtctr 5 + subi 5, 5, 1 + addi 3, 3, 0x40 + stw 3, 4(1) + stw 5, 8(1) + bdnz L_SHA256_transform_len_begin + addi 1, 1, 12 +#endif /* WOLFSSL_PPC32_ASM_SMALL */ + lwz 0, 64(1) + mtlr 0 + lwz 14, 0(1) + lwz 15, 4(1) + lwz 16, 8(1) + lwz 17, 12(1) + lwz 18, 16(1) + lwz 19, 20(1) + lwz 20, 24(1) + lwz 21, 28(1) + lwz 22, 32(1) + lwz 23, 36(1) + lwz 24, 40(1) + lwz 25, 44(1) + lwz 26, 48(1) + lwz 27, 52(1) + lwz 28, 56(1) + lwz 29, 60(1) + addi 1, 1, 0x44 + blr + .size Transform_Sha256_Len,.-Transform_Sha256_Len +#endif /* __PIC__ */ #endif /* !WOLFSSL_PPC32_ASM_SPE */ #endif /* !NO_SHA256 */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_c.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ppc32-sha256-asm * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1197,6 +1197,7 @@ 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, }; +#ifndef __PIC__ void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p); #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -4418,6 +4419,3253 @@ ); } +#else +/* PIC version not using register 30 or 31 */ +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, + word32 len_p); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) +#else +void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register wc_Sha256* sha256 asm ("3") = (wc_Sha256*)sha256_p; + register const byte* data asm ("4") = (const byte*)data_p; + register word32 len asm ("5") = (word32)len_p; + register word32* L_SHA256_transform_len_k_c asm ("6") = + (word32*)&L_SHA256_transform_len_k; +#else + register word32* L_SHA256_transform_len_k_c = + (word32*)&L_SHA256_transform_len_k; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "srwi %[len], %[len], 6\n\t" + "mr 6, %[L_SHA256_transform_len_k]\n\t" +#ifndef WOLFSSL_PPC32_ASM_SMALL + "subi 1, 1, 8\n\t" + "stw %[sha256], 0(1)\n\t" + "stw %[data], 4(1)\n\t" + "mtctr %[len]\n\t" + /* Copy digest to add in at end */ + "lwz 0, 0(%[sha256])\n\t" + "lwz %[data], 4(%[sha256])\n\t" + "lwz 7, 8(%[sha256])\n\t" + "lwz 8, 12(%[sha256])\n\t" + "lwz 9, 16(%[sha256])\n\t" + "lwz 10, 20(%[sha256])\n\t" + "lwz 11, 24(%[sha256])\n\t" + "lwz 12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(1)\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz 14, 0(%[sha256])\n\t" + "lwz 15, 4(%[sha256])\n\t" + "lwz 16, 8(%[sha256])\n\t" + "lwz 17, 12(%[sha256])\n\t" + "lwz 18, 16(%[sha256])\n\t" + "lwz 19, 20(%[sha256])\n\t" + "lwz 20, 24(%[sha256])\n\t" + "lwz 21, 28(%[sha256])\n\t" + "lwz 22, 32(%[sha256])\n\t" + "lwz 23, 36(%[sha256])\n\t" + "lwz 24, 40(%[sha256])\n\t" + "lwz 25, 44(%[sha256])\n\t" + "lwz 26, 48(%[sha256])\n\t" + "lwz 27, 52(%[sha256])\n\t" + "lwz 28, 56(%[sha256])\n\t" + "lwz 29, 60(%[sha256])\n\t" + /* Start of 16 rounds */ + /* Round 0 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 0(6)\n\t" + "add 12, 12, 14\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], 15, 25\n\t" + "rotlwi %[len], 15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "rotlwi %[sha256], 28, 15\n\t" + "rotlwi %[len], 28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "add 14, 14, 23\n\t" + /* Round 1 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 4(6)\n\t" + "add 11, 11, 15\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], 16, 25\n\t" + "rotlwi %[len], 16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "rotlwi %[sha256], 29, 15\n\t" + "rotlwi %[len], 29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "add 15, 15, 24\n\t" + /* Round 2 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 8(6)\n\t" + "add 10, 10, 16\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], 17, 25\n\t" + "rotlwi %[len], 17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "rotlwi %[sha256], 14, 15\n\t" + "rotlwi %[len], 14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "add 16, 16, 25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 12(6)\n\t" + "add 9, 9, 17\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], 18, 25\n\t" + "rotlwi %[len], 18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "rotlwi %[sha256], 15, 15\n\t" + "rotlwi %[len], 15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "add 17, 17, 26\n\t" + /* Round 4 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 16(6)\n\t" + "add 8, 8, 18\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], 19, 25\n\t" + "rotlwi %[len], 19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "rotlwi %[sha256], 16, 15\n\t" + "rotlwi %[len], 16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "add 18, 18, 27\n\t" + /* Round 5 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 20(6)\n\t" + "add 7, 7, 19\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], 20, 25\n\t" + "rotlwi %[len], 20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "rotlwi %[sha256], 17, 15\n\t" + "rotlwi %[len], 17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "add 19, 19, 28\n\t" + /* Round 6 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(6)\n\t" + "add %[data], %[data], 20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], 21, 25\n\t" + "rotlwi %[len], 21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "rotlwi %[sha256], 18, 15\n\t" + "rotlwi %[len], 18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "add 20, 20, 29\n\t" + /* Round 7 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 28(6)\n\t" + "add 0, 0, 21\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], 22, 25\n\t" + "rotlwi %[len], 22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "rotlwi %[sha256], 19, 15\n\t" + "rotlwi %[len], 19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "add 21, 21, 14\n\t" + /* Round 8 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 32(6)\n\t" + "add 12, 12, 22\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], 23, 25\n\t" + "rotlwi %[len], 23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "rotlwi %[sha256], 20, 15\n\t" + "rotlwi %[len], 20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "add 22, 22, 15\n\t" + /* Round 9 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 36(6)\n\t" + "add 11, 11, 23\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], 24, 25\n\t" + "rotlwi %[len], 24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "rotlwi %[sha256], 21, 15\n\t" + "rotlwi %[len], 21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "add 23, 23, 16\n\t" + /* Round 10 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 40(6)\n\t" + "add 10, 10, 24\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], 25, 25\n\t" + "rotlwi %[len], 25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "rotlwi %[sha256], 22, 15\n\t" + "rotlwi %[len], 22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "add 24, 24, 17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 44(6)\n\t" + "add 9, 9, 25\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], 26, 25\n\t" + "rotlwi %[len], 26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "rotlwi %[sha256], 23, 15\n\t" + "rotlwi %[len], 23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "add 25, 25, 18\n\t" + /* Round 12 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 48(6)\n\t" + "add 8, 8, 26\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], 27, 25\n\t" + "rotlwi %[len], 27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "rotlwi %[sha256], 24, 15\n\t" + "rotlwi %[len], 24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "add 26, 26, 19\n\t" + /* Round 13 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 52(6)\n\t" + "add 7, 7, 27\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], 28, 25\n\t" + "rotlwi %[len], 28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "rotlwi %[sha256], 25, 15\n\t" + "rotlwi %[len], 25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "add 27, 27, 20\n\t" + /* Round 14 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(6)\n\t" + "add %[data], %[data], 28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], 29, 25\n\t" + "rotlwi %[len], 29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "rotlwi %[sha256], 26, 15\n\t" + "rotlwi %[len], 26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "add 28, 28, 21\n\t" + /* Round 15 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 60(6)\n\t" + "add 0, 0, 29\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], 14, 25\n\t" + "rotlwi %[len], 14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "rotlwi %[sha256], 27, 15\n\t" + "rotlwi %[len], 27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "add 29, 29, 22\n\t" + "addi 6, 6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 0(6)\n\t" + "add 12, 12, 14\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], 15, 25\n\t" + "rotlwi %[len], 15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "rotlwi %[sha256], 28, 15\n\t" + "rotlwi %[len], 28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "add 14, 14, 23\n\t" + /* Round 1 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 4(6)\n\t" + "add 11, 11, 15\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], 16, 25\n\t" + "rotlwi %[len], 16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "rotlwi %[sha256], 29, 15\n\t" + "rotlwi %[len], 29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "add 15, 15, 24\n\t" + /* Round 2 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 8(6)\n\t" + "add 10, 10, 16\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], 17, 25\n\t" + "rotlwi %[len], 17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "rotlwi %[sha256], 14, 15\n\t" + "rotlwi %[len], 14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "add 16, 16, 25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 12(6)\n\t" + "add 9, 9, 17\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], 18, 25\n\t" + "rotlwi %[len], 18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "rotlwi %[sha256], 15, 15\n\t" + "rotlwi %[len], 15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "add 17, 17, 26\n\t" + /* Round 4 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 16(6)\n\t" + "add 8, 8, 18\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], 19, 25\n\t" + "rotlwi %[len], 19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "rotlwi %[sha256], 16, 15\n\t" + "rotlwi %[len], 16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "add 18, 18, 27\n\t" + /* Round 5 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 20(6)\n\t" + "add 7, 7, 19\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], 20, 25\n\t" + "rotlwi %[len], 20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "rotlwi %[sha256], 17, 15\n\t" + "rotlwi %[len], 17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "add 19, 19, 28\n\t" + /* Round 6 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(6)\n\t" + "add %[data], %[data], 20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], 21, 25\n\t" + "rotlwi %[len], 21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "rotlwi %[sha256], 18, 15\n\t" + "rotlwi %[len], 18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "add 20, 20, 29\n\t" + /* Round 7 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 28(6)\n\t" + "add 0, 0, 21\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], 22, 25\n\t" + "rotlwi %[len], 22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "rotlwi %[sha256], 19, 15\n\t" + "rotlwi %[len], 19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "add 21, 21, 14\n\t" + /* Round 8 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 32(6)\n\t" + "add 12, 12, 22\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], 23, 25\n\t" + "rotlwi %[len], 23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "rotlwi %[sha256], 20, 15\n\t" + "rotlwi %[len], 20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "add 22, 22, 15\n\t" + /* Round 9 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 36(6)\n\t" + "add 11, 11, 23\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], 24, 25\n\t" + "rotlwi %[len], 24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "rotlwi %[sha256], 21, 15\n\t" + "rotlwi %[len], 21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "add 23, 23, 16\n\t" + /* Round 10 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 40(6)\n\t" + "add 10, 10, 24\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], 25, 25\n\t" + "rotlwi %[len], 25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "rotlwi %[sha256], 22, 15\n\t" + "rotlwi %[len], 22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "add 24, 24, 17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 44(6)\n\t" + "add 9, 9, 25\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], 26, 25\n\t" + "rotlwi %[len], 26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "rotlwi %[sha256], 23, 15\n\t" + "rotlwi %[len], 23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "add 25, 25, 18\n\t" + /* Round 12 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 48(6)\n\t" + "add 8, 8, 26\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], 27, 25\n\t" + "rotlwi %[len], 27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "rotlwi %[sha256], 24, 15\n\t" + "rotlwi %[len], 24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "add 26, 26, 19\n\t" + /* Round 13 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 52(6)\n\t" + "add 7, 7, 27\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], 28, 25\n\t" + "rotlwi %[len], 28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "rotlwi %[sha256], 25, 15\n\t" + "rotlwi %[len], 25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "add 27, 27, 20\n\t" + /* Round 14 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(6)\n\t" + "add %[data], %[data], 28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], 29, 25\n\t" + "rotlwi %[len], 29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "rotlwi %[sha256], 26, 15\n\t" + "rotlwi %[len], 26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "add 28, 28, 21\n\t" + /* Round 15 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 60(6)\n\t" + "add 0, 0, 29\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], 14, 25\n\t" + "rotlwi %[len], 14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "rotlwi %[sha256], 27, 15\n\t" + "rotlwi %[len], 27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "add 29, 29, 22\n\t" + "addi 6, 6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 0(6)\n\t" + "add 12, 12, 14\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], 15, 25\n\t" + "rotlwi %[len], 15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "rotlwi %[sha256], 28, 15\n\t" + "rotlwi %[len], 28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "add 14, 14, 23\n\t" + /* Round 1 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 4(6)\n\t" + "add 11, 11, 15\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], 16, 25\n\t" + "rotlwi %[len], 16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "rotlwi %[sha256], 29, 15\n\t" + "rotlwi %[len], 29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "add 15, 15, 24\n\t" + /* Round 2 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 8(6)\n\t" + "add 10, 10, 16\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], 17, 25\n\t" + "rotlwi %[len], 17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "rotlwi %[sha256], 14, 15\n\t" + "rotlwi %[len], 14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "add 16, 16, 25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 12(6)\n\t" + "add 9, 9, 17\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], 18, 25\n\t" + "rotlwi %[len], 18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "rotlwi %[sha256], 15, 15\n\t" + "rotlwi %[len], 15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "add 17, 17, 26\n\t" + /* Round 4 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 16(6)\n\t" + "add 8, 8, 18\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], 19, 25\n\t" + "rotlwi %[len], 19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "rotlwi %[sha256], 16, 15\n\t" + "rotlwi %[len], 16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "add 18, 18, 27\n\t" + /* Round 5 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 20(6)\n\t" + "add 7, 7, 19\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], 20, 25\n\t" + "rotlwi %[len], 20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "rotlwi %[sha256], 17, 15\n\t" + "rotlwi %[len], 17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "add 19, 19, 28\n\t" + /* Round 6 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(6)\n\t" + "add %[data], %[data], 20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], 21, 25\n\t" + "rotlwi %[len], 21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "rotlwi %[sha256], 18, 15\n\t" + "rotlwi %[len], 18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "add 20, 20, 29\n\t" + /* Round 7 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 28(6)\n\t" + "add 0, 0, 21\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], 22, 25\n\t" + "rotlwi %[len], 22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "rotlwi %[sha256], 19, 15\n\t" + "rotlwi %[len], 19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "add 21, 21, 14\n\t" + /* Round 8 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 32(6)\n\t" + "add 12, 12, 22\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], 23, 25\n\t" + "rotlwi %[len], 23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "rotlwi %[sha256], 20, 15\n\t" + "rotlwi %[len], 20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "add 22, 22, 15\n\t" + /* Round 9 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 36(6)\n\t" + "add 11, 11, 23\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], 24, 25\n\t" + "rotlwi %[len], 24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "rotlwi %[sha256], 21, 15\n\t" + "rotlwi %[len], 21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "add 23, 23, 16\n\t" + /* Round 10 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 40(6)\n\t" + "add 10, 10, 24\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], 25, 25\n\t" + "rotlwi %[len], 25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "rotlwi %[sha256], 22, 15\n\t" + "rotlwi %[len], 22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "add 24, 24, 17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 44(6)\n\t" + "add 9, 9, 25\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], 26, 25\n\t" + "rotlwi %[len], 26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "rotlwi %[sha256], 23, 15\n\t" + "rotlwi %[len], 23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "add 25, 25, 18\n\t" + /* Round 12 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 48(6)\n\t" + "add 8, 8, 26\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], 27, 25\n\t" + "rotlwi %[len], 27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "rotlwi %[sha256], 24, 15\n\t" + "rotlwi %[len], 24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "add 26, 26, 19\n\t" + /* Round 13 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 52(6)\n\t" + "add 7, 7, 27\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], 28, 25\n\t" + "rotlwi %[len], 28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "rotlwi %[sha256], 25, 15\n\t" + "rotlwi %[len], 25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "add 27, 27, 20\n\t" + /* Round 14 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(6)\n\t" + "add %[data], %[data], 28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], 29, 25\n\t" + "rotlwi %[len], 29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "rotlwi %[sha256], 26, 15\n\t" + "rotlwi %[len], 26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "add 28, 28, 21\n\t" + /* Round 15 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 60(6)\n\t" + "add 0, 0, 29\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], 14, 25\n\t" + "rotlwi %[len], 14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "rotlwi %[sha256], 27, 15\n\t" + "rotlwi %[len], 27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "add 29, 29, 22\n\t" + "addi 6, 6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 0(6)\n\t" + "add 12, 12, 14\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Round 1 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 4(6)\n\t" + "add 11, 11, 15\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Round 2 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 8(6)\n\t" + "add 10, 10, 16\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 12(6)\n\t" + "add 9, 9, 17\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Round 4 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 16(6)\n\t" + "add 8, 8, 18\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Round 5 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 20(6)\n\t" + "add 7, 7, 19\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Round 6 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(6)\n\t" + "add %[data], %[data], 20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Round 7 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 28(6)\n\t" + "add 0, 0, 21\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + /* Round 8 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 32(6)\n\t" + "add 12, 12, 22\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + /* Round 9 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 36(6)\n\t" + "add 11, 11, 23\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + /* Round 10 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 40(6)\n\t" + "add 10, 10, 24\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 44(6)\n\t" + "add 9, 9, 25\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + /* Round 12 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 48(6)\n\t" + "add 8, 8, 26\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + /* Round 13 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 52(6)\n\t" + "add 7, 7, 27\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + /* Round 14 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(6)\n\t" + "add %[data], %[data], 28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Round 15 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 60(6)\n\t" + "add 0, 0, 29\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + "subi 6, 6, 0xc0\n\t" + "lwz %[sha256], 0(1)\n\t" + /* Add in digest from start */ + "lwz %[len], 0(%[sha256])\n\t" + "add 0, 0, %[len]\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add %[data], %[data], %[len]\n\t" + "lwz %[len], 8(%[sha256])\n\t" + "add 7, 7, %[len]\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add 8, 8, %[len]\n\t" + "lwz %[len], 16(%[sha256])\n\t" + "add 9, 9, %[len]\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add 10, 10, %[len]\n\t" + "lwz %[len], 24(%[sha256])\n\t" + "add 11, 11, %[len]\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add 12, 12, %[len]\n\t" + "stw 0, 0(%[sha256])\n\t" + "stw %[data], 4(%[sha256])\n\t" + "stw 7, 8(%[sha256])\n\t" + "stw 8, 12(%[sha256])\n\t" + "stw 9, 16(%[sha256])\n\t" + "stw 10, 20(%[sha256])\n\t" + "stw 11, 24(%[sha256])\n\t" + "stw 12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(1)\n\t" + "addi %[sha256], %[sha256], 0x40\n\t" + "stw %[sha256], 4(1)\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" + "addi 1, 1, 8\n\t" +#else + "subi 1, 1, 12\n\t" + "stw %[sha256], 0(1)\n\t" + "stw %[data], 4(1)\n\t" + "stw %[len], 8(1)\n\t" + /* Copy digest to add in at end */ + "lwz 0, 0(%[sha256])\n\t" + "lwz %[data], 4(%[sha256])\n\t" + "lwz 7, 8(%[sha256])\n\t" + "lwz 8, 12(%[sha256])\n\t" + "lwz 9, 16(%[sha256])\n\t" + "lwz 10, 20(%[sha256])\n\t" + "lwz 11, 24(%[sha256])\n\t" + "lwz 12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(1)\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz 14, 0(%[sha256])\n\t" + "lwz 15, 4(%[sha256])\n\t" + "lwz 16, 8(%[sha256])\n\t" + "lwz 17, 12(%[sha256])\n\t" + "lwz 18, 16(%[sha256])\n\t" + "lwz 19, 20(%[sha256])\n\t" + "lwz 20, 24(%[sha256])\n\t" + "lwz 21, 28(%[sha256])\n\t" + "lwz 22, 32(%[sha256])\n\t" + "lwz 23, 36(%[sha256])\n\t" + "lwz 24, 40(%[sha256])\n\t" + "lwz 25, 44(%[sha256])\n\t" + "lwz 26, 48(%[sha256])\n\t" + "lwz 27, 52(%[sha256])\n\t" + "lwz 28, 56(%[sha256])\n\t" + "lwz 29, 60(%[sha256])\n\t" + "li %[sha256], 4\n\t" + "mtctr %[sha256]\n\t" + /* Start of 16 rounds */ + "\n" + "L_SHA256_transform_len_start_%=: \n\t" + /* Round 0 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 0(6)\n\t" + "add 12, 12, 14\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_0_%=\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], 15, 25\n\t" + "rotlwi %[len], 15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "rotlwi %[sha256], 28, 15\n\t" + "rotlwi %[len], 28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 14, 14, %[sha256]\n\t" + "add 14, 14, 23\n\t" + "\n" + "L_SHA256_transform_len_after_blk_0_%=: \n\t" + /* Round 1 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 4(6)\n\t" + "add 11, 11, 15\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_1_%=\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], 16, 25\n\t" + "rotlwi %[len], 16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "rotlwi %[sha256], 29, 15\n\t" + "rotlwi %[len], 29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 15, 15, %[sha256]\n\t" + "add 15, 15, 24\n\t" + "\n" + "L_SHA256_transform_len_after_blk_1_%=: \n\t" + /* Round 2 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 8(6)\n\t" + "add 10, 10, 16\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_2_%=\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], 17, 25\n\t" + "rotlwi %[len], 17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "rotlwi %[sha256], 14, 15\n\t" + "rotlwi %[len], 14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 16, 16, %[sha256]\n\t" + "add 16, 16, 25\n\t" + "\n" + "L_SHA256_transform_len_after_blk_2_%=: \n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 12(6)\n\t" + "add 9, 9, 17\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_3_%=\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], 18, 25\n\t" + "rotlwi %[len], 18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "rotlwi %[sha256], 15, 15\n\t" + "rotlwi %[len], 15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 17, 17, %[sha256]\n\t" + "add 17, 17, 26\n\t" + "\n" + "L_SHA256_transform_len_after_blk_3_%=: \n\t" + /* Round 4 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 16(6)\n\t" + "add 8, 8, 18\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_4_%=\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], 19, 25\n\t" + "rotlwi %[len], 19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "rotlwi %[sha256], 16, 15\n\t" + "rotlwi %[len], 16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 18, 18, %[sha256]\n\t" + "add 18, 18, 27\n\t" + "\n" + "L_SHA256_transform_len_after_blk_4_%=: \n\t" + /* Round 5 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 20(6)\n\t" + "add 7, 7, 19\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_5_%=\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], 20, 25\n\t" + "rotlwi %[len], 20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "rotlwi %[sha256], 17, 15\n\t" + "rotlwi %[len], 17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 19, 19, %[sha256]\n\t" + "add 19, 19, 28\n\t" + "\n" + "L_SHA256_transform_len_after_blk_5_%=: \n\t" + /* Round 6 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(6)\n\t" + "add %[data], %[data], 20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_6_%=\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], 21, 25\n\t" + "rotlwi %[len], 21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "rotlwi %[sha256], 18, 15\n\t" + "rotlwi %[len], 18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 20, 20, %[sha256]\n\t" + "add 20, 20, 29\n\t" + "\n" + "L_SHA256_transform_len_after_blk_6_%=: \n\t" + /* Round 7 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 28(6)\n\t" + "add 0, 0, 21\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_7_%=\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], 22, 25\n\t" + "rotlwi %[len], 22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "rotlwi %[sha256], 19, 15\n\t" + "rotlwi %[len], 19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 21, 21, %[sha256]\n\t" + "add 21, 21, 14\n\t" + "\n" + "L_SHA256_transform_len_after_blk_7_%=: \n\t" + /* Round 8 */ + "rotlwi %[sha256], 9, 26\n\t" + "rotlwi %[len], 9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], 9\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 12, 12, %[sha256]\n\t" + "lwz %[sha256], 32(6)\n\t" + "add 12, 12, 22\n\t" + "add 12, 12, %[sha256]\n\t" + "add 8, 8, 12\n\t" + "rotlwi %[sha256], 0, 30\n\t" + "rotlwi %[len], 0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 12, 12, %[sha256]\n\t" + "xor %[len], 0, %[data]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 12, 12, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_8_%=\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], 23, 25\n\t" + "rotlwi %[len], 23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "rotlwi %[sha256], 20, 15\n\t" + "rotlwi %[len], 20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 22, 22, %[sha256]\n\t" + "add 22, 22, 15\n\t" + "\n" + "L_SHA256_transform_len_after_blk_8_%=: \n\t" + /* Round 9 */ + "rotlwi %[sha256], 8, 26\n\t" + "rotlwi %[len], 8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], 8\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 11, 11, %[sha256]\n\t" + "lwz %[sha256], 36(6)\n\t" + "add 11, 11, 23\n\t" + "add 11, 11, %[sha256]\n\t" + "add 7, 7, 11\n\t" + "rotlwi %[sha256], 12, 30\n\t" + "rotlwi %[len], 12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 11, 11, %[sha256]\n\t" + "xor %[len], 12, 0\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add 11, 11, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_9_%=\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], 24, 25\n\t" + "rotlwi %[len], 24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "rotlwi %[sha256], 21, 15\n\t" + "rotlwi %[len], 21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 23, 23, %[sha256]\n\t" + "add 23, 23, 16\n\t" + "\n" + "L_SHA256_transform_len_after_blk_9_%=: \n\t" + /* Round 10 */ + "rotlwi %[sha256], 7, 26\n\t" + "rotlwi %[len], 7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], 7\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 10, 10, %[sha256]\n\t" + "lwz %[sha256], 40(6)\n\t" + "add 10, 10, 24\n\t" + "add 10, 10, %[sha256]\n\t" + "add %[data], %[data], 10\n\t" + "rotlwi %[sha256], 11, 30\n\t" + "rotlwi %[len], 11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 10, 10, %[sha256]\n\t" + "xor %[len], 11, 12\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 10, 10, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_10_%=\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], 25, 25\n\t" + "rotlwi %[len], 25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "rotlwi %[sha256], 22, 15\n\t" + "rotlwi %[len], 22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 24, 24, %[sha256]\n\t" + "add 24, 24, 17\n\t" + "\n" + "L_SHA256_transform_len_after_blk_10_%=: \n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add 9, 9, %[sha256]\n\t" + "lwz %[sha256], 44(6)\n\t" + "add 9, 9, 25\n\t" + "add 9, 9, %[sha256]\n\t" + "add 0, 0, 9\n\t" + "rotlwi %[sha256], 10, 30\n\t" + "rotlwi %[len], 10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 9, 9, %[sha256]\n\t" + "xor %[len], 10, 11\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 11\n\t" + "add 9, 9, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_11_%=\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], 26, 25\n\t" + "rotlwi %[len], 26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "rotlwi %[sha256], 23, 15\n\t" + "rotlwi %[len], 23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 25, 25, %[sha256]\n\t" + "add 25, 25, 18\n\t" + "\n" + "L_SHA256_transform_len_after_blk_11_%=: \n\t" + /* Round 12 */ + "rotlwi %[sha256], 0, 26\n\t" + "rotlwi %[len], 0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[sha256], %[data], 7\n\t" + "and %[sha256], %[sha256], 0\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 8, 8, %[sha256]\n\t" + "lwz %[sha256], 48(6)\n\t" + "add 8, 8, 26\n\t" + "add 8, 8, %[sha256]\n\t" + "add 12, 12, 8\n\t" + "rotlwi %[sha256], 9, 30\n\t" + "rotlwi %[len], 9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 8, 8, %[sha256]\n\t" + "xor %[len], 9, 10\n\t" + "xor %[sha256], 10, 11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 10\n\t" + "add 8, 8, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_12_%=\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], 27, 25\n\t" + "rotlwi %[len], 27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "rotlwi %[sha256], 24, 15\n\t" + "rotlwi %[len], 24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 26, 26, %[sha256]\n\t" + "add 26, 26, 19\n\t" + "\n" + "L_SHA256_transform_len_after_blk_12_%=: \n\t" + /* Round 13 */ + "rotlwi %[sha256], 12, 26\n\t" + "rotlwi %[len], 12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[sha256], 0, %[data]\n\t" + "and %[sha256], %[sha256], 12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add 7, 7, %[sha256]\n\t" + "lwz %[sha256], 52(6)\n\t" + "add 7, 7, 27\n\t" + "add 7, 7, %[sha256]\n\t" + "add 11, 11, 7\n\t" + "rotlwi %[sha256], 8, 30\n\t" + "rotlwi %[len], 8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 7, 7, %[sha256]\n\t" + "xor %[len], 8, 9\n\t" + "xor %[sha256], 9, 10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 9\n\t" + "add 7, 7, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_13_%=\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], 28, 25\n\t" + "rotlwi %[len], 28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "rotlwi %[sha256], 25, 15\n\t" + "rotlwi %[len], 25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 27, 27, %[sha256]\n\t" + "add 27, 27, 20\n\t" + "\n" + "L_SHA256_transform_len_after_blk_13_%=: \n\t" + /* Round 14 */ + "rotlwi %[sha256], 11, 26\n\t" + "rotlwi %[len], 11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], 12, 0\n\t" + "and %[sha256], %[sha256], 11\n\t" + "xor %[sha256], %[sha256], 0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(6)\n\t" + "add %[data], %[data], 28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add 10, 10, %[data]\n\t" + "rotlwi %[sha256], 7, 30\n\t" + "rotlwi %[len], 7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], 7, 8\n\t" + "xor %[sha256], 8, 9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 8\n\t" + "add %[data], %[data], %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_14_%=\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], 29, 25\n\t" + "rotlwi %[len], 29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "rotlwi %[sha256], 26, 15\n\t" + "rotlwi %[len], 26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 28, 28, %[sha256]\n\t" + "add 28, 28, 21\n\t" + "\n" + "L_SHA256_transform_len_after_blk_14_%=: \n\t" + /* Round 15 */ + "rotlwi %[sha256], 10, 26\n\t" + "rotlwi %[len], 10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], 10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[sha256], 11, 12\n\t" + "and %[sha256], %[sha256], 10\n\t" + "xor %[sha256], %[sha256], 12\n\t" + "add 0, 0, %[sha256]\n\t" + "lwz %[sha256], 60(6)\n\t" + "add 0, 0, 29\n\t" + "add 0, 0, %[sha256]\n\t" + "add 9, 9, 0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 0, 0, %[sha256]\n\t" + "xor %[len], %[data], 7\n\t" + "xor %[sha256], 7, 8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], 7\n\t" + "add 0, 0, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_15_%=\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], 14, 25\n\t" + "rotlwi %[len], 14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "rotlwi %[sha256], 27, 15\n\t" + "rotlwi %[len], 27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], 27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add 29, 29, %[sha256]\n\t" + "add 29, 29, 22\n\t" + "\n" + "L_SHA256_transform_len_after_blk_15_%=: \n\t" + "addi 6, 6, 0x40\n\t" + "bdnz L_SHA256_transform_len_start_%=\n\t" + "subi 6, 6, 0x100\n\t" + "lwz %[sha256], 0(1)\n\t" + /* Add in digest from start */ + "lwz %[len], 0(%[sha256])\n\t" + "add 0, 0, %[len]\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add %[data], %[data], %[len]\n\t" + "lwz %[len], 8(%[sha256])\n\t" + "add 7, 7, %[len]\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add 8, 8, %[len]\n\t" + "lwz %[len], 16(%[sha256])\n\t" + "add 9, 9, %[len]\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add 10, 10, %[len]\n\t" + "lwz %[len], 24(%[sha256])\n\t" + "add 11, 11, %[len]\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add 12, 12, %[len]\n\t" + "stw 0, 0(%[sha256])\n\t" + "stw %[data], 4(%[sha256])\n\t" + "stw 7, 8(%[sha256])\n\t" + "stw 8, 12(%[sha256])\n\t" + "stw 9, 16(%[sha256])\n\t" + "stw 10, 20(%[sha256])\n\t" + "stw 11, 24(%[sha256])\n\t" + "stw 12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(1)\n\t" + "lwz %[len], 8(1)\n\t" + "mtctr %[len]\n\t" + "subi %[len], %[len], 1\n\t" + "addi %[sha256], %[sha256], 0x40\n\t" + "stw %[sha256], 4(1)\n\t" + "stw %[len], 8(1)\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" + "addi 1, 1, 12\n\t" +#endif /* WOLFSSL_PPC32_ASM_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : +#else + : + : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len), + [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + : "memory", "cc", "0", "7", "8", "9", "10", "11", "12", "14", "15", + "16", "17", "18", "19", "20", "21", "22", "23", "24", "25", "26", + "27", "28", "29" + ); +} + +#endif /* __PIC__ */ #endif /* !WOLFSSL_PPC32_ASM_SPE */ #endif /* !NO_SHA256 */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm_cr.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,7673 @@ +/* ppc32-sha256-asm + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* Generated using (from wolfssl): + * cd ../scripts + * ruby ./sha2/sha256.rb ppc32 \ + * ../wolfssl/wolfcrypt/src/port/ppc32/ppc32-sha256-asm.c + */ + +#include +#include + +#ifdef WOLFSSL_PPC32_ASM +#include +#include +#ifdef WOLFSSL_PPC32_ASM_INLINE + +#ifdef __IAR_SYSTEMS_ICC__ +#define __asm__ asm +#define __volatile__ volatile +#define WOLFSSL_NO_VAR_ASSIGN_REG +#endif /* __IAR_SYSTEMS_ICC__ */ +#ifdef __KEIL__ +#define __asm__ __asm +#define __volatile__ volatile +#endif /* __KEIL__ */ +#ifdef __ghs__ +#define __asm__ __asm +#define __volatile__ +#define WOLFSSL_NO_VAR_ASSIGN_REG +#endif /* __ghs__ */ +#ifndef NO_SHA256 +#include + +#ifdef WOLFSSL_PPC32_ASM_SPE +static const word32 L_SHA256_transform_spe_len_k[] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, + word32 len_p); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) +#else +void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register wc_Sha256* sha256 asm ("3") = (wc_Sha256*)sha256_p; + register const byte* data asm ("4") = (const byte*)data_p; + register word32 len asm ("5") = (word32)len_p; + register word32* L_SHA256_transform_spe_len_k_c asm ("6") = + (word32*)&L_SHA256_transform_spe_len_k; +#else + register word32* L_SHA256_transform_spe_len_k_c = + (word32*)&L_SHA256_transform_spe_len_k; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "srwi %[len], %[len], 6\n\t" + "mr r30, %[L_SHA256_transform_spe_len_k]\n\t" + /* Load digest into registers */ + "lwz r14, 0(%[sha256])\n\t" + "lwz r15, 4(%[sha256])\n\t" + "lwz r16, 8(%[sha256])\n\t" + "lwz r17, 12(%[sha256])\n\t" + "lwz r18, 16(%[sha256])\n\t" + "lwz r19, 20(%[sha256])\n\t" + "lwz r20, 24(%[sha256])\n\t" + "lwz r21, 28(%[sha256])\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_spe_len_begin_%=: \n\t" + /* Load W */ + "lwz r22, 0(%[data])\n\t" + "lwz r0, 4(%[data])\n\t" + "evmergelo r22, r0, r22\n\t" + "lwz r23, 8(%[data])\n\t" + "lwz r0, 12(%[data])\n\t" + "evmergelo r23, r0, r23\n\t" + "lwz r24, 16(%[data])\n\t" + "lwz r0, 20(%[data])\n\t" + "evmergelo r24, r0, r24\n\t" + "lwz r25, 24(%[data])\n\t" + "lwz r0, 28(%[data])\n\t" + "evmergelo r25, r0, r25\n\t" + "lwz r26, 32(%[data])\n\t" + "lwz r0, 36(%[data])\n\t" + "evmergelo r26, r0, r26\n\t" + "lwz r27, 40(%[data])\n\t" + "lwz r0, 44(%[data])\n\t" + "evmergelo r27, r0, r27\n\t" + "lwz r28, 48(%[data])\n\t" + "lwz r0, 52(%[data])\n\t" + "evmergelo r28, r0, r28\n\t" + "lwz r29, 56(%[data])\n\t" + "lwz r0, 60(%[data])\n\t" + "evmergelo r29, r0, r29\n\t" + "li r0, 3\n\t" + "mtctr r0\n\t" + /* Start of 16 rounds */ + "\n" + "L_SHA256_transform_spe_len_start_%=: \n\t" + /* Round 0 */ + "mr r9, r22\n\t" + "rotlwi r6, r18, 26\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r18, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r18\n\t" + "rotlwi r8, r18, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + "lwz r6, 0(r30)\n\t" + "add r21, r21, r9\n\t" + "add r21, r21, r6\n\t" + "add r17, r17, r21\n\t" + "rotlwi r6, r14, 30\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r14, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r15, r16\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r14, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + /* Round 1 */ + "evmergehi r9, r22, r22\n\t" + /* Calc new W[0]-W[1] */ + "evmergelohi r12, r23, r22\n\t" + "rotlwi r6, r17, 26\n\t" + "evrlwi r10, r29, 15\n\t" + "xor r7, r18, r19\n\t" + "evrlwi r11, r29, 13\n\t" + "rotlwi r8, r17, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r29, 10\n\t" + "and r7, r7, r17\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r17, 7\n\t" + "evaddw r22, r22, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r27, r26\n\t" + "xor r7, r7, r19\n\t" + "evaddw r22, r22, r10\n\t" + "add r20, r20, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r20, r20, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 4(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r20, r20, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r20, r20, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r16, r16, r20\n\t" + "evaddw r22, r22, r11\n\t" + "rotlwi r6, r21, 30\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r21, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r14, r15\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r21, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + /* Round 2 */ + "mr r9, r23\n\t" + "rotlwi r6, r16, 26\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r16, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r16\n\t" + "rotlwi r8, r16, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + "lwz r6, 8(r30)\n\t" + "add r19, r19, r9\n\t" + "add r19, r19, r6\n\t" + "add r15, r15, r19\n\t" + "rotlwi r6, r20, 30\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r20, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r21, r14\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r20, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + /* Round 3 */ + "evmergehi r9, r23, r23\n\t" + /* Calc new W[2]-W[3] */ + "evmergelohi r12, r24, r23\n\t" + "rotlwi r6, r15, 26\n\t" + "evrlwi r10, r22, 15\n\t" + "xor r7, r16, r17\n\t" + "evrlwi r11, r22, 13\n\t" + "rotlwi r8, r15, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r22, 10\n\t" + "and r7, r7, r15\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r15, 7\n\t" + "evaddw r23, r23, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r28, r27\n\t" + "xor r7, r7, r17\n\t" + "evaddw r23, r23, r10\n\t" + "add r18, r18, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r18, r18, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 12(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r18, r18, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r18, r18, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r14, r14, r18\n\t" + "evaddw r23, r23, r11\n\t" + "rotlwi r6, r19, 30\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r19, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r20, r21\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r19, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + /* Round 4 */ + "mr r9, r24\n\t" + "rotlwi r6, r14, 26\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r14, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r14\n\t" + "rotlwi r8, r14, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + "lwz r6, 16(r30)\n\t" + "add r17, r17, r9\n\t" + "add r17, r17, r6\n\t" + "add r21, r21, r17\n\t" + "rotlwi r6, r18, 30\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r18, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r19, r20\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r18, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + /* Round 5 */ + "evmergehi r9, r24, r24\n\t" + /* Calc new W[4]-W[5] */ + "evmergelohi r12, r25, r24\n\t" + "rotlwi r6, r21, 26\n\t" + "evrlwi r10, r23, 15\n\t" + "xor r7, r14, r15\n\t" + "evrlwi r11, r23, 13\n\t" + "rotlwi r8, r21, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r23, 10\n\t" + "and r7, r7, r21\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r21, 7\n\t" + "evaddw r24, r24, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r29, r28\n\t" + "xor r7, r7, r15\n\t" + "evaddw r24, r24, r10\n\t" + "add r16, r16, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r16, r16, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 20(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r16, r16, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r16, r16, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r20, r20, r16\n\t" + "evaddw r24, r24, r11\n\t" + "rotlwi r6, r17, 30\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r17, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r18, r19\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r17, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + /* Round 6 */ + "mr r9, r25\n\t" + "rotlwi r6, r20, 26\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r20, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r20\n\t" + "rotlwi r8, r20, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + "lwz r6, 24(r30)\n\t" + "add r15, r15, r9\n\t" + "add r15, r15, r6\n\t" + "add r19, r19, r15\n\t" + "rotlwi r6, r16, 30\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r16, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r17, r18\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r16, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + /* Round 7 */ + "evmergehi r9, r25, r25\n\t" + /* Calc new W[6]-W[7] */ + "evmergelohi r12, r26, r25\n\t" + "rotlwi r6, r19, 26\n\t" + "evrlwi r10, r24, 15\n\t" + "xor r7, r20, r21\n\t" + "evrlwi r11, r24, 13\n\t" + "rotlwi r8, r19, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r24, 10\n\t" + "and r7, r7, r19\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r19, 7\n\t" + "evaddw r25, r25, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r22, r29\n\t" + "xor r7, r7, r21\n\t" + "evaddw r25, r25, r10\n\t" + "add r14, r14, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r14, r14, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 28(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r14, r14, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r14, r14, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r18, r18, r14\n\t" + "evaddw r25, r25, r11\n\t" + "rotlwi r6, r15, 30\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r15, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r16, r17\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r15, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + /* Round 8 */ + "mr r9, r26\n\t" + "rotlwi r6, r18, 26\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r18, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r18\n\t" + "rotlwi r8, r18, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + "lwz r6, 32(r30)\n\t" + "add r21, r21, r9\n\t" + "add r21, r21, r6\n\t" + "add r17, r17, r21\n\t" + "rotlwi r6, r14, 30\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r14, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r15, r16\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r14, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + /* Round 9 */ + "evmergehi r9, r26, r26\n\t" + /* Calc new W[8]-W[9] */ + "evmergelohi r12, r27, r26\n\t" + "rotlwi r6, r17, 26\n\t" + "evrlwi r10, r25, 15\n\t" + "xor r7, r18, r19\n\t" + "evrlwi r11, r25, 13\n\t" + "rotlwi r8, r17, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r25, 10\n\t" + "and r7, r7, r17\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r17, 7\n\t" + "evaddw r26, r26, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r23, r22\n\t" + "xor r7, r7, r19\n\t" + "evaddw r26, r26, r10\n\t" + "add r20, r20, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r20, r20, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 36(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r20, r20, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r20, r20, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r16, r16, r20\n\t" + "evaddw r26, r26, r11\n\t" + "rotlwi r6, r21, 30\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r21, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r14, r15\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r21, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + /* Round 10 */ + "mr r9, r27\n\t" + "rotlwi r6, r16, 26\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r16, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r16\n\t" + "rotlwi r8, r16, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + "lwz r6, 40(r30)\n\t" + "add r19, r19, r9\n\t" + "add r19, r19, r6\n\t" + "add r15, r15, r19\n\t" + "rotlwi r6, r20, 30\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r20, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r21, r14\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r20, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + /* Round 11 */ + "evmergehi r9, r27, r27\n\t" + /* Calc new W[10]-W[11] */ + "evmergelohi r12, r28, r27\n\t" + "rotlwi r6, r15, 26\n\t" + "evrlwi r10, r26, 15\n\t" + "xor r7, r16, r17\n\t" + "evrlwi r11, r26, 13\n\t" + "rotlwi r8, r15, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r26, 10\n\t" + "and r7, r7, r15\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r15, 7\n\t" + "evaddw r27, r27, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r24, r23\n\t" + "xor r7, r7, r17\n\t" + "evaddw r27, r27, r10\n\t" + "add r18, r18, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r18, r18, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 44(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r18, r18, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r18, r18, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r14, r14, r18\n\t" + "evaddw r27, r27, r11\n\t" + "rotlwi r6, r19, 30\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r19, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r20, r21\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r19, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + /* Round 12 */ + "mr r9, r28\n\t" + "rotlwi r6, r14, 26\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r14, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r14\n\t" + "rotlwi r8, r14, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + "lwz r6, 48(r30)\n\t" + "add r17, r17, r9\n\t" + "add r17, r17, r6\n\t" + "add r21, r21, r17\n\t" + "rotlwi r6, r18, 30\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r18, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r19, r20\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r18, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + /* Round 13 */ + "evmergehi r9, r28, r28\n\t" + /* Calc new W[12]-W[13] */ + "evmergelohi r12, r29, r28\n\t" + "rotlwi r6, r21, 26\n\t" + "evrlwi r10, r27, 15\n\t" + "xor r7, r14, r15\n\t" + "evrlwi r11, r27, 13\n\t" + "rotlwi r8, r21, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r27, 10\n\t" + "and r7, r7, r21\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r21, 7\n\t" + "evaddw r28, r28, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r25, r24\n\t" + "xor r7, r7, r15\n\t" + "evaddw r28, r28, r10\n\t" + "add r16, r16, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r16, r16, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 52(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r16, r16, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r16, r16, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r20, r20, r16\n\t" + "evaddw r28, r28, r11\n\t" + "rotlwi r6, r17, 30\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r17, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r18, r19\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r17, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + /* Round 14 */ + "mr r9, r29\n\t" + "rotlwi r6, r20, 26\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r20, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r20\n\t" + "rotlwi r8, r20, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + "lwz r6, 56(r30)\n\t" + "add r15, r15, r9\n\t" + "add r15, r15, r6\n\t" + "add r19, r19, r15\n\t" + "rotlwi r6, r16, 30\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r16, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r17, r18\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r16, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + /* Round 15 */ + "evmergehi r9, r29, r29\n\t" + /* Calc new W[14]-W[15] */ + "evmergelohi r12, r22, r29\n\t" + "rotlwi r6, r19, 26\n\t" + "evrlwi r10, r28, 15\n\t" + "xor r7, r20, r21\n\t" + "evrlwi r11, r28, 13\n\t" + "rotlwi r8, r19, 21\n\t" + "evxor r11, r11, r10\n\t" + "xor r6, r6, r8\n\t" + "evsrwiu r10, r28, 10\n\t" + "and r7, r7, r19\n\t" + "evxor r11, r11, r10\n\t" + "rotlwi r8, r19, 7\n\t" + "evaddw r29, r29, r11\n\t" + "xor r6, r6, r8\n\t" + "evmergelohi r10, r26, r25\n\t" + "xor r7, r7, r21\n\t" + "evaddw r29, r29, r10\n\t" + "add r14, r14, r6\n\t" + "evrlwi r10, r12, 25\n\t" + "add r14, r14, r7\n\t" + "evrlwi r11, r12, 14\n\t" + "lwz r6, 60(r30)\n\t" + "evxor r11, r11, r10\n\t" + "add r14, r14, r9\n\t" + "evsrwiu r12, r12, 3\n\t" + "add r14, r14, r6\n\t" + "evxor r11, r11, r12\n\t" + "add r18, r18, r14\n\t" + "evaddw r29, r29, r11\n\t" + "rotlwi r6, r15, 30\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r15, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r16, r17\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r15, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + "addi r30, r30, 0x40\n\t" + "bdnz L_SHA256_transform_spe_len_start_%=\n\t" + /* Round 0 */ + "mr r9, r22\n\t" + "rotlwi r6, r18, 26\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r18, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r18\n\t" + "rotlwi r8, r18, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + "lwz r6, 0(r30)\n\t" + "add r21, r21, r9\n\t" + "add r21, r21, r6\n\t" + "add r17, r17, r21\n\t" + "rotlwi r6, r14, 30\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r14, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r15, r16\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r14, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + /* Round 1 */ + "evmergehi r9, r22, r22\n\t" + "rotlwi r6, r17, 26\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r17, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r17\n\t" + "rotlwi r8, r17, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + "lwz r6, 4(r30)\n\t" + "add r20, r20, r9\n\t" + "add r20, r20, r6\n\t" + "add r16, r16, r20\n\t" + "rotlwi r6, r21, 30\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r21, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r14, r15\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r21, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + /* Round 2 */ + "mr r9, r23\n\t" + "rotlwi r6, r16, 26\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r16, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r16\n\t" + "rotlwi r8, r16, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + "lwz r6, 8(r30)\n\t" + "add r19, r19, r9\n\t" + "add r19, r19, r6\n\t" + "add r15, r15, r19\n\t" + "rotlwi r6, r20, 30\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r20, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r21, r14\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r20, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + /* Round 3 */ + "evmergehi r9, r23, r23\n\t" + "rotlwi r6, r15, 26\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r15, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r15\n\t" + "rotlwi r8, r15, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + "lwz r6, 12(r30)\n\t" + "add r18, r18, r9\n\t" + "add r18, r18, r6\n\t" + "add r14, r14, r18\n\t" + "rotlwi r6, r19, 30\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r19, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r20, r21\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r19, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + /* Round 4 */ + "mr r9, r24\n\t" + "rotlwi r6, r14, 26\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r14, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r14\n\t" + "rotlwi r8, r14, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + "lwz r6, 16(r30)\n\t" + "add r17, r17, r9\n\t" + "add r17, r17, r6\n\t" + "add r21, r21, r17\n\t" + "rotlwi r6, r18, 30\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r18, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r19, r20\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r18, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + /* Round 5 */ + "evmergehi r9, r24, r24\n\t" + "rotlwi r6, r21, 26\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r21, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r21\n\t" + "rotlwi r8, r21, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + "lwz r6, 20(r30)\n\t" + "add r16, r16, r9\n\t" + "add r16, r16, r6\n\t" + "add r20, r20, r16\n\t" + "rotlwi r6, r17, 30\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r17, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r18, r19\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r17, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + /* Round 6 */ + "mr r9, r25\n\t" + "rotlwi r6, r20, 26\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r20, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r20\n\t" + "rotlwi r8, r20, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + "lwz r6, 24(r30)\n\t" + "add r15, r15, r9\n\t" + "add r15, r15, r6\n\t" + "add r19, r19, r15\n\t" + "rotlwi r6, r16, 30\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r16, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r17, r18\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r16, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + /* Round 7 */ + "evmergehi r9, r25, r25\n\t" + "rotlwi r6, r19, 26\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r19, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r19\n\t" + "rotlwi r8, r19, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + "lwz r6, 28(r30)\n\t" + "add r14, r14, r9\n\t" + "add r14, r14, r6\n\t" + "add r18, r18, r14\n\t" + "rotlwi r6, r15, 30\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r15, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r16, r17\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r15, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + /* Round 8 */ + "mr r9, r26\n\t" + "rotlwi r6, r18, 26\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r18, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r18\n\t" + "rotlwi r8, r18, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + "lwz r6, 32(r30)\n\t" + "add r21, r21, r9\n\t" + "add r21, r21, r6\n\t" + "add r17, r17, r21\n\t" + "rotlwi r6, r14, 30\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r14, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r15, r16\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r14, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r21, r21, r6\n\t" + "add r21, r21, r7\n\t" + /* Round 9 */ + "evmergehi r9, r26, r26\n\t" + "rotlwi r6, r17, 26\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r17, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r17\n\t" + "rotlwi r8, r17, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + "lwz r6, 36(r30)\n\t" + "add r20, r20, r9\n\t" + "add r20, r20, r6\n\t" + "add r16, r16, r20\n\t" + "rotlwi r6, r21, 30\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r21, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r14, r15\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r21, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r20, r20, r6\n\t" + "add r20, r20, r7\n\t" + /* Round 10 */ + "mr r9, r27\n\t" + "rotlwi r6, r16, 26\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r16, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r16\n\t" + "rotlwi r8, r16, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + "lwz r6, 40(r30)\n\t" + "add r19, r19, r9\n\t" + "add r19, r19, r6\n\t" + "add r15, r15, r19\n\t" + "rotlwi r6, r20, 30\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r20, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r21, r14\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r20, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r19, r19, r6\n\t" + "add r19, r19, r7\n\t" + /* Round 11 */ + "evmergehi r9, r27, r27\n\t" + "rotlwi r6, r15, 26\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r15, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r15\n\t" + "rotlwi r8, r15, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + "lwz r6, 44(r30)\n\t" + "add r18, r18, r9\n\t" + "add r18, r18, r6\n\t" + "add r14, r14, r18\n\t" + "rotlwi r6, r19, 30\n\t" + "xor r7, r19, r20\n\t" + "rotlwi r8, r19, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r20, r21\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r19, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r20\n\t" + "add r18, r18, r6\n\t" + "add r18, r18, r7\n\t" + /* Round 12 */ + "mr r9, r28\n\t" + "rotlwi r6, r14, 26\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r14, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r14\n\t" + "rotlwi r8, r14, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + "lwz r6, 48(r30)\n\t" + "add r17, r17, r9\n\t" + "add r17, r17, r6\n\t" + "add r21, r21, r17\n\t" + "rotlwi r6, r18, 30\n\t" + "xor r7, r18, r19\n\t" + "rotlwi r8, r18, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r19, r20\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r18, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r19\n\t" + "add r17, r17, r6\n\t" + "add r17, r17, r7\n\t" + /* Round 13 */ + "evmergehi r9, r28, r28\n\t" + "rotlwi r6, r21, 26\n\t" + "xor r7, r14, r15\n\t" + "rotlwi r8, r21, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r21\n\t" + "rotlwi r8, r21, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r15\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + "lwz r6, 52(r30)\n\t" + "add r16, r16, r9\n\t" + "add r16, r16, r6\n\t" + "add r20, r20, r16\n\t" + "rotlwi r6, r17, 30\n\t" + "xor r7, r17, r18\n\t" + "rotlwi r8, r17, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r18, r19\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r17, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r18\n\t" + "add r16, r16, r6\n\t" + "add r16, r16, r7\n\t" + /* Round 14 */ + "mr r9, r29\n\t" + "rotlwi r6, r20, 26\n\t" + "xor r7, r21, r14\n\t" + "rotlwi r8, r20, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r20\n\t" + "rotlwi r8, r20, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r14\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + "lwz r6, 56(r30)\n\t" + "add r15, r15, r9\n\t" + "add r15, r15, r6\n\t" + "add r19, r19, r15\n\t" + "rotlwi r6, r16, 30\n\t" + "xor r7, r16, r17\n\t" + "rotlwi r8, r16, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r17, r18\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r16, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r17\n\t" + "add r15, r15, r6\n\t" + "add r15, r15, r7\n\t" + /* Round 15 */ + "evmergehi r9, r29, r29\n\t" + "rotlwi r6, r19, 26\n\t" + "xor r7, r20, r21\n\t" + "rotlwi r8, r19, 21\n\t" + "xor r6, r6, r8\n\t" + "and r7, r7, r19\n\t" + "rotlwi r8, r19, 7\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r21\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + "lwz r6, 60(r30)\n\t" + "add r14, r14, r9\n\t" + "add r14, r14, r6\n\t" + "add r18, r18, r14\n\t" + "rotlwi r6, r15, 30\n\t" + "xor r7, r15, r16\n\t" + "rotlwi r8, r15, 19\n\t" + "xor r6, r6, r8\n\t" + "xor r8, r16, r17\n\t" + "and r7, r7, r8\n\t" + "rotlwi r8, r15, 10\n\t" + "xor r6, r6, r8\n\t" + "xor r7, r7, r16\n\t" + "add r14, r14, r6\n\t" + "add r14, r14, r7\n\t" + /* Add in digest from start */ + "lwz r6, 0(%[sha256])\n\t" + "lwz r7, 4(%[sha256])\n\t" + "add r14, r14, r6\n\t" + "add r15, r15, r7\n\t" + "lwz r6, 8(%[sha256])\n\t" + "lwz r7, 12(%[sha256])\n\t" + "add r16, r16, r6\n\t" + "add r17, r17, r7\n\t" + "lwz r6, 16(%[sha256])\n\t" + "lwz r7, 20(%[sha256])\n\t" + "add r18, r18, r6\n\t" + "add r19, r19, r7\n\t" + "lwz r6, 24(%[sha256])\n\t" + "lwz r7, 28(%[sha256])\n\t" + "add r20, r20, r6\n\t" + "add r21, r21, r7\n\t" + "stw r14, 0(%[sha256])\n\t" + "stw r15, 4(%[sha256])\n\t" + "stw r16, 8(%[sha256])\n\t" + "stw r17, 12(%[sha256])\n\t" + "stw r18, 16(%[sha256])\n\t" + "stw r19, 20(%[sha256])\n\t" + "stw r20, 24(%[sha256])\n\t" + "stw r21, 28(%[sha256])\n\t" + "subi r30, r30, 0xc0\n\t" + "mtctr %[len]\n\t" + "addi %[data], %[data], 0x40\n\t" + "subi %[len], %[len], 1\n\t" + "bdnz L_SHA256_transform_spe_len_begin_%=\n\t" +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_spe_len_k] "+r" (L_SHA256_transform_spe_len_k_c) + : +#else + : + : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len), + [L_SHA256_transform_spe_len_k] "r" (L_SHA256_transform_spe_len_k_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + : "memory", "cc", "r0", "r7", "r8", "r9", "r10", "r11", "r12", "r14", + "r15", "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", + "r24", "r25", "r26", "r27", "r28", "r29", "r30" + ); +} + +#endif /* WOLFSSL_PPC32_ASM_SPE */ +#ifndef WOLFSSL_PPC32_ASM_SPE +#include + +static const word32 L_SHA256_transform_len_k[] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2, +}; + +#ifndef __PIC__ +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, + word32 len_p); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) +#else +void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register wc_Sha256* sha256 asm ("3") = (wc_Sha256*)sha256_p; + register const byte* data asm ("4") = (const byte*)data_p; + register word32 len asm ("5") = (word32)len_p; + register word32* L_SHA256_transform_len_k_c asm ("6") = + (word32*)&L_SHA256_transform_len_k; +#else + register word32* L_SHA256_transform_len_k_c = + (word32*)&L_SHA256_transform_len_k; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "srwi %[len], %[len], 6\n\t" + "mr r6, %[L_SHA256_transform_len_k]\n\t" + /* Copy digest to add in at end */ + "lwz r7, 0(%[sha256])\n\t" + "lwz r8, 4(%[sha256])\n\t" + "lwz r9, 8(%[sha256])\n\t" + "lwz r10, 12(%[sha256])\n\t" + "lwz r11, 16(%[sha256])\n\t" + "lwz r12, 20(%[sha256])\n\t" + "lwz r14, 24(%[sha256])\n\t" + "lwz r15, 28(%[sha256])\n\t" +#ifndef WOLFSSL_PPC32_ASM_SMALL + "mtctr %[len]\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz r16, 0(%[data])\n\t" + "lwz r17, 4(%[data])\n\t" + "lwz r18, 8(%[data])\n\t" + "lwz r19, 12(%[data])\n\t" + "lwz r20, 16(%[data])\n\t" + "lwz r21, 20(%[data])\n\t" + "lwz r22, 24(%[data])\n\t" + "lwz r23, 28(%[data])\n\t" + "lwz r24, 32(%[data])\n\t" + "lwz r25, 36(%[data])\n\t" + "lwz r26, 40(%[data])\n\t" + "lwz r27, 44(%[data])\n\t" + "lwz r28, 48(%[data])\n\t" + "lwz r29, 52(%[data])\n\t" + "lwz r30, 56(%[data])\n\t" + "lwz r31, 60(%[data])\n\t" + /* Start of 16 rounds */ + /* Round 0 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 0(r6)\n\t" + "add r15, r15, r16\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[0] */ + "rotlwi r0, r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "rotlwi r0, r30, 15\n\t" + "rotlwi %[len], r30, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "add r16, r16, r25\n\t" + /* Round 1 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 4(r6)\n\t" + "add r14, r14, r17\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[1] */ + "rotlwi r0, r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "rotlwi r0, r31, 15\n\t" + "rotlwi %[len], r31, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "add r17, r17, r26\n\t" + /* Round 2 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 8(r6)\n\t" + "add r12, r12, r18\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[2] */ + "rotlwi r0, r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "rotlwi r0, r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "add r18, r18, r27\n\t" + /* Round 3 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 12(r6)\n\t" + "add r11, r11, r19\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[3] */ + "rotlwi r0, r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "rotlwi r0, r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "add r19, r19, r28\n\t" + /* Round 4 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 16(r6)\n\t" + "add r10, r10, r20\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[4] */ + "rotlwi r0, r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "rotlwi r0, r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "add r20, r20, r29\n\t" + /* Round 5 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 20(r6)\n\t" + "add r9, r9, r21\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[5] */ + "rotlwi r0, r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "rotlwi r0, r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "add r21, r21, r30\n\t" + /* Round 6 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 24(r6)\n\t" + "add r8, r8, r22\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[6] */ + "rotlwi r0, r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "rotlwi r0, r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "add r22, r22, r31\n\t" + /* Round 7 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 28(r6)\n\t" + "add r7, r7, r23\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[7] */ + "rotlwi r0, r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "rotlwi r0, r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "add r23, r23, r16\n\t" + /* Round 8 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 32(r6)\n\t" + "add r15, r15, r24\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[8] */ + "rotlwi r0, r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "rotlwi r0, r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "add r24, r24, r17\n\t" + /* Round 9 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 36(r6)\n\t" + "add r14, r14, r25\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[9] */ + "rotlwi r0, r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "rotlwi r0, r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "add r25, r25, r18\n\t" + /* Round 10 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 40(r6)\n\t" + "add r12, r12, r26\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[10] */ + "rotlwi r0, r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "rotlwi r0, r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "add r26, r26, r19\n\t" + /* Round 11 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 44(r6)\n\t" + "add r11, r11, r27\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[11] */ + "rotlwi r0, r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "rotlwi r0, r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "add r27, r27, r20\n\t" + /* Round 12 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 48(r6)\n\t" + "add r10, r10, r28\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[12] */ + "rotlwi r0, r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "rotlwi r0, r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "add r28, r28, r21\n\t" + /* Round 13 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 52(r6)\n\t" + "add r9, r9, r29\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[13] */ + "rotlwi r0, r30, 25\n\t" + "rotlwi %[len], r30, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "rotlwi r0, r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "add r29, r29, r22\n\t" + /* Round 14 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 56(r6)\n\t" + "add r8, r8, r30\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[14] */ + "rotlwi r0, r31, 25\n\t" + "rotlwi %[len], r31, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "rotlwi r0, r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "add r30, r30, r23\n\t" + /* Round 15 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 60(r6)\n\t" + "add r7, r7, r31\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[15] */ + "rotlwi r0, r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "rotlwi r0, r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "add r31, r31, r24\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 0(r6)\n\t" + "add r15, r15, r16\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[0] */ + "rotlwi r0, r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "rotlwi r0, r30, 15\n\t" + "rotlwi %[len], r30, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "add r16, r16, r25\n\t" + /* Round 1 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 4(r6)\n\t" + "add r14, r14, r17\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[1] */ + "rotlwi r0, r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "rotlwi r0, r31, 15\n\t" + "rotlwi %[len], r31, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "add r17, r17, r26\n\t" + /* Round 2 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 8(r6)\n\t" + "add r12, r12, r18\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[2] */ + "rotlwi r0, r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "rotlwi r0, r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "add r18, r18, r27\n\t" + /* Round 3 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 12(r6)\n\t" + "add r11, r11, r19\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[3] */ + "rotlwi r0, r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "rotlwi r0, r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "add r19, r19, r28\n\t" + /* Round 4 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 16(r6)\n\t" + "add r10, r10, r20\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[4] */ + "rotlwi r0, r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "rotlwi r0, r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "add r20, r20, r29\n\t" + /* Round 5 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 20(r6)\n\t" + "add r9, r9, r21\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[5] */ + "rotlwi r0, r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "rotlwi r0, r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "add r21, r21, r30\n\t" + /* Round 6 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 24(r6)\n\t" + "add r8, r8, r22\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[6] */ + "rotlwi r0, r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "rotlwi r0, r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "add r22, r22, r31\n\t" + /* Round 7 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 28(r6)\n\t" + "add r7, r7, r23\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[7] */ + "rotlwi r0, r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "rotlwi r0, r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "add r23, r23, r16\n\t" + /* Round 8 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 32(r6)\n\t" + "add r15, r15, r24\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[8] */ + "rotlwi r0, r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "rotlwi r0, r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "add r24, r24, r17\n\t" + /* Round 9 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 36(r6)\n\t" + "add r14, r14, r25\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[9] */ + "rotlwi r0, r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "rotlwi r0, r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "add r25, r25, r18\n\t" + /* Round 10 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 40(r6)\n\t" + "add r12, r12, r26\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[10] */ + "rotlwi r0, r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "rotlwi r0, r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "add r26, r26, r19\n\t" + /* Round 11 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 44(r6)\n\t" + "add r11, r11, r27\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[11] */ + "rotlwi r0, r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "rotlwi r0, r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "add r27, r27, r20\n\t" + /* Round 12 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 48(r6)\n\t" + "add r10, r10, r28\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[12] */ + "rotlwi r0, r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "rotlwi r0, r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "add r28, r28, r21\n\t" + /* Round 13 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 52(r6)\n\t" + "add r9, r9, r29\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[13] */ + "rotlwi r0, r30, 25\n\t" + "rotlwi %[len], r30, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "rotlwi r0, r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "add r29, r29, r22\n\t" + /* Round 14 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 56(r6)\n\t" + "add r8, r8, r30\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[14] */ + "rotlwi r0, r31, 25\n\t" + "rotlwi %[len], r31, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "rotlwi r0, r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "add r30, r30, r23\n\t" + /* Round 15 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 60(r6)\n\t" + "add r7, r7, r31\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[15] */ + "rotlwi r0, r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "rotlwi r0, r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "add r31, r31, r24\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 0(r6)\n\t" + "add r15, r15, r16\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[0] */ + "rotlwi r0, r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "rotlwi r0, r30, 15\n\t" + "rotlwi %[len], r30, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "add r16, r16, r25\n\t" + /* Round 1 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 4(r6)\n\t" + "add r14, r14, r17\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[1] */ + "rotlwi r0, r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "rotlwi r0, r31, 15\n\t" + "rotlwi %[len], r31, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "add r17, r17, r26\n\t" + /* Round 2 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 8(r6)\n\t" + "add r12, r12, r18\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[2] */ + "rotlwi r0, r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "rotlwi r0, r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "add r18, r18, r27\n\t" + /* Round 3 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 12(r6)\n\t" + "add r11, r11, r19\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[3] */ + "rotlwi r0, r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "rotlwi r0, r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "add r19, r19, r28\n\t" + /* Round 4 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 16(r6)\n\t" + "add r10, r10, r20\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[4] */ + "rotlwi r0, r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "rotlwi r0, r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "add r20, r20, r29\n\t" + /* Round 5 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 20(r6)\n\t" + "add r9, r9, r21\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[5] */ + "rotlwi r0, r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "rotlwi r0, r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "add r21, r21, r30\n\t" + /* Round 6 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 24(r6)\n\t" + "add r8, r8, r22\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[6] */ + "rotlwi r0, r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "rotlwi r0, r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "add r22, r22, r31\n\t" + /* Round 7 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 28(r6)\n\t" + "add r7, r7, r23\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[7] */ + "rotlwi r0, r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "rotlwi r0, r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "add r23, r23, r16\n\t" + /* Round 8 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 32(r6)\n\t" + "add r15, r15, r24\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Calc new W[8] */ + "rotlwi r0, r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "rotlwi r0, r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "add r24, r24, r17\n\t" + /* Round 9 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 36(r6)\n\t" + "add r14, r14, r25\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Calc new W[9] */ + "rotlwi r0, r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "rotlwi r0, r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "add r25, r25, r18\n\t" + /* Round 10 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 40(r6)\n\t" + "add r12, r12, r26\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Calc new W[10] */ + "rotlwi r0, r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "rotlwi r0, r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "add r26, r26, r19\n\t" + /* Round 11 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 44(r6)\n\t" + "add r11, r11, r27\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Calc new W[11] */ + "rotlwi r0, r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "rotlwi r0, r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "add r27, r27, r20\n\t" + /* Round 12 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 48(r6)\n\t" + "add r10, r10, r28\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Calc new W[12] */ + "rotlwi r0, r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "rotlwi r0, r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "add r28, r28, r21\n\t" + /* Round 13 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 52(r6)\n\t" + "add r9, r9, r29\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Calc new W[13] */ + "rotlwi r0, r30, 25\n\t" + "rotlwi %[len], r30, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "rotlwi r0, r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "add r29, r29, r22\n\t" + /* Round 14 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 56(r6)\n\t" + "add r8, r8, r30\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Calc new W[14] */ + "rotlwi r0, r31, 25\n\t" + "rotlwi %[len], r31, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "rotlwi r0, r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "add r30, r30, r23\n\t" + /* Round 15 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 60(r6)\n\t" + "add r7, r7, r31\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Calc new W[15] */ + "rotlwi r0, r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "rotlwi r0, r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "add r31, r31, r24\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 0(r6)\n\t" + "add r15, r15, r16\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Round 1 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 4(r6)\n\t" + "add r14, r14, r17\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Round 2 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 8(r6)\n\t" + "add r12, r12, r18\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Round 3 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 12(r6)\n\t" + "add r11, r11, r19\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Round 4 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 16(r6)\n\t" + "add r10, r10, r20\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Round 5 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 20(r6)\n\t" + "add r9, r9, r21\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Round 6 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 24(r6)\n\t" + "add r8, r8, r22\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Round 7 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 28(r6)\n\t" + "add r7, r7, r23\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + /* Round 8 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 32(r6)\n\t" + "add r15, r15, r24\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + /* Round 9 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 36(r6)\n\t" + "add r14, r14, r25\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + /* Round 10 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 40(r6)\n\t" + "add r12, r12, r26\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + /* Round 11 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 44(r6)\n\t" + "add r11, r11, r27\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + /* Round 12 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 48(r6)\n\t" + "add r10, r10, r28\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + /* Round 13 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 52(r6)\n\t" + "add r9, r9, r29\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + /* Round 14 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 56(r6)\n\t" + "add r8, r8, r30\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + /* Round 15 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 60(r6)\n\t" + "add r7, r7, r31\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + "subi r6, r6, 0xc0\n\t" + /* Add in digest from start */ + "lwz r0, 0(%[sha256])\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add r7, r7, r0\n\t" + "add r8, r8, %[len]\n\t" + "lwz r0, 8(%[sha256])\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add r9, r9, r0\n\t" + "add r10, r10, %[len]\n\t" + "lwz r0, 16(%[sha256])\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add r11, r11, r0\n\t" + "add r12, r12, %[len]\n\t" + "lwz r0, 24(%[sha256])\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add r14, r14, r0\n\t" + "add r15, r15, %[len]\n\t" + "stw r7, 0(%[sha256])\n\t" + "stw r8, 4(%[sha256])\n\t" + "stw r9, 8(%[sha256])\n\t" + "stw r10, 12(%[sha256])\n\t" + "stw r11, 16(%[sha256])\n\t" + "stw r12, 20(%[sha256])\n\t" + "stw r14, 24(%[sha256])\n\t" + "stw r15, 28(%[sha256])\n\t" + "addi %[data], %[data], 0x40\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" +#else + "subi r1, r1, 4\n\t" + "stw %[len], 0(r1)\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz r16, 0(%[data])\n\t" + "lwz r17, 4(%[data])\n\t" + "lwz r18, 8(%[data])\n\t" + "lwz r19, 12(%[data])\n\t" + "lwz r20, 16(%[data])\n\t" + "lwz r21, 20(%[data])\n\t" + "lwz r22, 24(%[data])\n\t" + "lwz r23, 28(%[data])\n\t" + "lwz r24, 32(%[data])\n\t" + "lwz r25, 36(%[data])\n\t" + "lwz r26, 40(%[data])\n\t" + "lwz r27, 44(%[data])\n\t" + "lwz r28, 48(%[data])\n\t" + "lwz r29, 52(%[data])\n\t" + "lwz r30, 56(%[data])\n\t" + "lwz r31, 60(%[data])\n\t" + "li r0, 4\n\t" + "mtctr r0\n\t" + /* Start of 16 rounds */ + "\n" + "L_SHA256_transform_len_start_%=: \n\t" + /* Round 0 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 0(r6)\n\t" + "add r15, r15, r16\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_0_%=\n\t" + /* Calc new W[0] */ + "rotlwi r0, r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "rotlwi r0, r30, 15\n\t" + "rotlwi %[len], r30, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r16, r16, r0\n\t" + "add r16, r16, r25\n\t" + "\n" + "L_SHA256_transform_len_after_blk_0_%=: \n\t" + /* Round 1 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 4(r6)\n\t" + "add r14, r14, r17\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_1_%=\n\t" + /* Calc new W[1] */ + "rotlwi r0, r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "rotlwi r0, r31, 15\n\t" + "rotlwi %[len], r31, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r17, r17, r0\n\t" + "add r17, r17, r26\n\t" + "\n" + "L_SHA256_transform_len_after_blk_1_%=: \n\t" + /* Round 2 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 8(r6)\n\t" + "add r12, r12, r18\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_2_%=\n\t" + /* Calc new W[2] */ + "rotlwi r0, r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "rotlwi r0, r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r18, r18, r0\n\t" + "add r18, r18, r27\n\t" + "\n" + "L_SHA256_transform_len_after_blk_2_%=: \n\t" + /* Round 3 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 12(r6)\n\t" + "add r11, r11, r19\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_3_%=\n\t" + /* Calc new W[3] */ + "rotlwi r0, r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "rotlwi r0, r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r19, r19, r0\n\t" + "add r19, r19, r28\n\t" + "\n" + "L_SHA256_transform_len_after_blk_3_%=: \n\t" + /* Round 4 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 16(r6)\n\t" + "add r10, r10, r20\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_4_%=\n\t" + /* Calc new W[4] */ + "rotlwi r0, r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "rotlwi r0, r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r20, r20, r0\n\t" + "add r20, r20, r29\n\t" + "\n" + "L_SHA256_transform_len_after_blk_4_%=: \n\t" + /* Round 5 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 20(r6)\n\t" + "add r9, r9, r21\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_5_%=\n\t" + /* Calc new W[5] */ + "rotlwi r0, r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "rotlwi r0, r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r21, r21, r0\n\t" + "add r21, r21, r30\n\t" + "\n" + "L_SHA256_transform_len_after_blk_5_%=: \n\t" + /* Round 6 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 24(r6)\n\t" + "add r8, r8, r22\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_6_%=\n\t" + /* Calc new W[6] */ + "rotlwi r0, r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "rotlwi r0, r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r22, r22, r0\n\t" + "add r22, r22, r31\n\t" + "\n" + "L_SHA256_transform_len_after_blk_6_%=: \n\t" + /* Round 7 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 28(r6)\n\t" + "add r7, r7, r23\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_7_%=\n\t" + /* Calc new W[7] */ + "rotlwi r0, r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "rotlwi r0, r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r23, r23, r0\n\t" + "add r23, r23, r16\n\t" + "\n" + "L_SHA256_transform_len_after_blk_7_%=: \n\t" + /* Round 8 */ + "rotlwi r0, r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, r11\n\t" + "xor r0, r0, r14\n\t" + "add r15, r15, r0\n\t" + "lwz r0, 32(r6)\n\t" + "add r15, r15, r24\n\t" + "add r15, r15, r0\n\t" + "add r10, r10, r15\n\t" + "rotlwi r0, r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r15, r15, r0\n\t" + "xor %[len], r7, r8\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r8\n\t" + "add r15, r15, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_8_%=\n\t" + /* Calc new W[8] */ + "rotlwi r0, r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "rotlwi r0, r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r24, r24, r0\n\t" + "add r24, r24, r17\n\t" + "\n" + "L_SHA256_transform_len_after_blk_8_%=: \n\t" + /* Round 9 */ + "rotlwi r0, r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, r10\n\t" + "xor r0, r0, r12\n\t" + "add r14, r14, r0\n\t" + "lwz r0, 36(r6)\n\t" + "add r14, r14, r25\n\t" + "add r14, r14, r0\n\t" + "add r9, r9, r14\n\t" + "rotlwi r0, r15, 30\n\t" + "rotlwi %[len], r15, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r14, r14, r0\n\t" + "xor %[len], r15, r7\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r7\n\t" + "add r14, r14, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_9_%=\n\t" + /* Calc new W[9] */ + "rotlwi r0, r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "rotlwi r0, r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r25, r25, r0\n\t" + "add r25, r25, r18\n\t" + "\n" + "L_SHA256_transform_len_after_blk_9_%=: \n\t" + /* Round 10 */ + "rotlwi r0, r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, r9\n\t" + "xor r0, r0, r11\n\t" + "add r12, r12, r0\n\t" + "lwz r0, 40(r6)\n\t" + "add r12, r12, r26\n\t" + "add r12, r12, r0\n\t" + "add r8, r8, r12\n\t" + "rotlwi r0, r14, 30\n\t" + "rotlwi %[len], r14, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r12, r12, r0\n\t" + "xor %[len], r14, r15\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r15\n\t" + "add r12, r12, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_10_%=\n\t" + /* Calc new W[10] */ + "rotlwi r0, r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "rotlwi r0, r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r26, r26, r0\n\t" + "add r26, r26, r19\n\t" + "\n" + "L_SHA256_transform_len_after_blk_10_%=: \n\t" + /* Round 11 */ + "rotlwi r0, r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, r8\n\t" + "xor r0, r0, r10\n\t" + "add r11, r11, r0\n\t" + "lwz r0, 44(r6)\n\t" + "add r11, r11, r27\n\t" + "add r11, r11, r0\n\t" + "add r7, r7, r11\n\t" + "rotlwi r0, r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r11, r11, r0\n\t" + "xor %[len], r12, r14\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r14\n\t" + "add r11, r11, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_11_%=\n\t" + /* Calc new W[11] */ + "rotlwi r0, r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "rotlwi r0, r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r27, r27, r0\n\t" + "add r27, r27, r20\n\t" + "\n" + "L_SHA256_transform_len_after_blk_11_%=: \n\t" + /* Round 12 */ + "rotlwi r0, r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor r0, r8, r9\n\t" + "and r0, r0, r7\n\t" + "xor r0, r0, r9\n\t" + "add r10, r10, r0\n\t" + "lwz r0, 48(r6)\n\t" + "add r10, r10, r28\n\t" + "add r10, r10, r0\n\t" + "add r15, r15, r10\n\t" + "rotlwi r0, r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r10, r10, r0\n\t" + "xor %[len], r11, r12\n\t" + "xor r0, r12, r14\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r12\n\t" + "add r10, r10, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_12_%=\n\t" + /* Calc new W[12] */ + "rotlwi r0, r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "rotlwi r0, r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r28, r28, r0\n\t" + "add r28, r28, r21\n\t" + "\n" + "L_SHA256_transform_len_after_blk_12_%=: \n\t" + /* Round 13 */ + "rotlwi r0, r15, 26\n\t" + "rotlwi %[len], r15, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r15, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor r0, r7, r8\n\t" + "and r0, r0, r15\n\t" + "xor r0, r0, r8\n\t" + "add r9, r9, r0\n\t" + "lwz r0, 52(r6)\n\t" + "add r9, r9, r29\n\t" + "add r9, r9, r0\n\t" + "add r14, r14, r9\n\t" + "rotlwi r0, r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r9, r9, r0\n\t" + "xor %[len], r10, r11\n\t" + "xor r0, r11, r12\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r11\n\t" + "add r9, r9, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_13_%=\n\t" + /* Calc new W[13] */ + "rotlwi r0, r30, 25\n\t" + "rotlwi %[len], r30, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r30, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "rotlwi r0, r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r29, r29, r0\n\t" + "add r29, r29, r22\n\t" + "\n" + "L_SHA256_transform_len_after_blk_13_%=: \n\t" + /* Round 14 */ + "rotlwi r0, r14, 26\n\t" + "rotlwi %[len], r14, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r14, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor r0, r15, r7\n\t" + "and r0, r0, r14\n\t" + "xor r0, r0, r7\n\t" + "add r8, r8, r0\n\t" + "lwz r0, 56(r6)\n\t" + "add r8, r8, r30\n\t" + "add r8, r8, r0\n\t" + "add r12, r12, r8\n\t" + "rotlwi r0, r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r8, r8, r0\n\t" + "xor %[len], r9, r10\n\t" + "xor r0, r10, r11\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r10\n\t" + "add r8, r8, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_14_%=\n\t" + /* Calc new W[14] */ + "rotlwi r0, r31, 25\n\t" + "rotlwi %[len], r31, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r31, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "rotlwi r0, r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r30, r30, r0\n\t" + "add r30, r30, r23\n\t" + "\n" + "L_SHA256_transform_len_after_blk_14_%=: \n\t" + /* Round 15 */ + "rotlwi r0, r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor r0, r14, r15\n\t" + "and r0, r0, r12\n\t" + "xor r0, r0, r15\n\t" + "add r7, r7, r0\n\t" + "lwz r0, 60(r6)\n\t" + "add r7, r7, r31\n\t" + "add r7, r7, r0\n\t" + "add r11, r11, r7\n\t" + "rotlwi r0, r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor r0, r0, %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r7, r7, r0\n\t" + "xor %[len], r8, r9\n\t" + "xor r0, r9, r10\n\t" + "and r0, r0, %[len]\n\t" + "xor r0, r0, r9\n\t" + "add r7, r7, r0\n\t" + "mfctr %[len]\n\t" + "cmpwi r0, %[len], 1\n\t" + "beq r0, L_SHA256_transform_len_after_blk_15_%=\n\t" + /* Calc new W[15] */ + "rotlwi r0, r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "rotlwi r0, r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor r0, r0, %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor r0, r0, %[len]\n\t" + "add r31, r31, r0\n\t" + "add r31, r31, r24\n\t" + "\n" + "L_SHA256_transform_len_after_blk_15_%=: \n\t" + "addi r6, r6, 0x40\n\t" + "bdnz L_SHA256_transform_len_start_%=\n\t" + "subi r6, r6, 0x100\n\t" + /* Add in digest from start */ + "lwz r0, 0(%[sha256])\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add r7, r7, r0\n\t" + "add r8, r8, %[len]\n\t" + "lwz r0, 8(%[sha256])\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add r9, r9, r0\n\t" + "add r10, r10, %[len]\n\t" + "lwz r0, 16(%[sha256])\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add r11, r11, r0\n\t" + "add r12, r12, %[len]\n\t" + "lwz r0, 24(%[sha256])\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add r14, r14, r0\n\t" + "add r15, r15, %[len]\n\t" + "stw r7, 0(%[sha256])\n\t" + "stw r8, 4(%[sha256])\n\t" + "stw r9, 8(%[sha256])\n\t" + "stw r10, 12(%[sha256])\n\t" + "stw r11, 16(%[sha256])\n\t" + "stw r12, 20(%[sha256])\n\t" + "stw r14, 24(%[sha256])\n\t" + "stw r15, 28(%[sha256])\n\t" + "lwz %[len], 0(r1)\n\t" + "mtctr %[len]\n\t" + "subi %[len], %[len], 1\n\t" + "addi %[data], %[data], 0x40\n\t" + "stw %[len], 0(r1)\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" + "addi r1, r1, 4\n\t" +#endif /* WOLFSSL_PPC32_ASM_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : +#else + : + : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len), + [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + : "memory", "cc", "r0", "r7", "r8", "r9", "r10", "r11", "r12", "r14", + "r15", "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", + "r24", "r25", "r26", "r27", "r28", "r29", "r30", "r31" + ); +} + +#else +/* PIC version not using register 30 or 31 */ +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, + word32 len_p); +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG +void Transform_Sha256_Len(wc_Sha256* sha256_p, const byte* data_p, word32 len_p) +#else +void Transform_Sha256_Len(wc_Sha256* sha256, const byte* data, word32 len) +#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ +{ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + register wc_Sha256* sha256 asm ("3") = (wc_Sha256*)sha256_p; + register const byte* data asm ("4") = (const byte*)data_p; + register word32 len asm ("5") = (word32)len_p; + register word32* L_SHA256_transform_len_k_c asm ("6") = + (word32*)&L_SHA256_transform_len_k; +#else + register word32* L_SHA256_transform_len_k_c = + (word32*)&L_SHA256_transform_len_k; + +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + + __asm__ __volatile__ ( + "srwi %[len], %[len], 6\n\t" + "mr r6, %[L_SHA256_transform_len_k]\n\t" +#ifndef WOLFSSL_PPC32_ASM_SMALL + "subi r1, r1, 8\n\t" + "stw %[sha256], 0(r1)\n\t" + "stw %[data], 4(r1)\n\t" + "mtctr %[len]\n\t" + /* Copy digest to add in at end */ + "lwz r0, 0(%[sha256])\n\t" + "lwz %[data], 4(%[sha256])\n\t" + "lwz r7, 8(%[sha256])\n\t" + "lwz r8, 12(%[sha256])\n\t" + "lwz r9, 16(%[sha256])\n\t" + "lwz r10, 20(%[sha256])\n\t" + "lwz r11, 24(%[sha256])\n\t" + "lwz r12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(r1)\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz r14, 0(%[sha256])\n\t" + "lwz r15, 4(%[sha256])\n\t" + "lwz r16, 8(%[sha256])\n\t" + "lwz r17, 12(%[sha256])\n\t" + "lwz r18, 16(%[sha256])\n\t" + "lwz r19, 20(%[sha256])\n\t" + "lwz r20, 24(%[sha256])\n\t" + "lwz r21, 28(%[sha256])\n\t" + "lwz r22, 32(%[sha256])\n\t" + "lwz r23, 36(%[sha256])\n\t" + "lwz r24, 40(%[sha256])\n\t" + "lwz r25, 44(%[sha256])\n\t" + "lwz r26, 48(%[sha256])\n\t" + "lwz r27, 52(%[sha256])\n\t" + "lwz r28, 56(%[sha256])\n\t" + "lwz r29, 60(%[sha256])\n\t" + /* Start of 16 rounds */ + /* Round 0 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 0(r6)\n\t" + "add r12, r12, r14\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], r15, 25\n\t" + "rotlwi %[len], r15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "rotlwi %[sha256], r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "add r14, r14, r23\n\t" + /* Round 1 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 4(r6)\n\t" + "add r11, r11, r15\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "rotlwi %[sha256], r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "add r15, r15, r24\n\t" + /* Round 2 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 8(r6)\n\t" + "add r10, r10, r16\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "rotlwi %[sha256], r14, 15\n\t" + "rotlwi %[len], r14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "add r16, r16, r25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 12(r6)\n\t" + "add r9, r9, r17\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "rotlwi %[sha256], r15, 15\n\t" + "rotlwi %[len], r15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "add r17, r17, r26\n\t" + /* Round 4 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 16(r6)\n\t" + "add r8, r8, r18\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "rotlwi %[sha256], r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "add r18, r18, r27\n\t" + /* Round 5 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 20(r6)\n\t" + "add r7, r7, r19\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "rotlwi %[sha256], r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "add r19, r19, r28\n\t" + /* Round 6 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(r6)\n\t" + "add %[data], %[data], r20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "rotlwi %[sha256], r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "add r20, r20, r29\n\t" + /* Round 7 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 28(r6)\n\t" + "add r0, r0, r21\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "rotlwi %[sha256], r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "add r21, r21, r14\n\t" + /* Round 8 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 32(r6)\n\t" + "add r12, r12, r22\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "rotlwi %[sha256], r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "add r22, r22, r15\n\t" + /* Round 9 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 36(r6)\n\t" + "add r11, r11, r23\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "rotlwi %[sha256], r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "add r23, r23, r16\n\t" + /* Round 10 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 40(r6)\n\t" + "add r10, r10, r24\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "rotlwi %[sha256], r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "add r24, r24, r17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 44(r6)\n\t" + "add r9, r9, r25\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "rotlwi %[sha256], r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "add r25, r25, r18\n\t" + /* Round 12 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 48(r6)\n\t" + "add r8, r8, r26\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "rotlwi %[sha256], r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "add r26, r26, r19\n\t" + /* Round 13 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 52(r6)\n\t" + "add r7, r7, r27\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "rotlwi %[sha256], r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "add r27, r27, r20\n\t" + /* Round 14 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(r6)\n\t" + "add %[data], %[data], r28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "rotlwi %[sha256], r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "add r28, r28, r21\n\t" + /* Round 15 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 60(r6)\n\t" + "add r0, r0, r29\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], r14, 25\n\t" + "rotlwi %[len], r14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "rotlwi %[sha256], r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "add r29, r29, r22\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 0(r6)\n\t" + "add r12, r12, r14\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], r15, 25\n\t" + "rotlwi %[len], r15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "rotlwi %[sha256], r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "add r14, r14, r23\n\t" + /* Round 1 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 4(r6)\n\t" + "add r11, r11, r15\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "rotlwi %[sha256], r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "add r15, r15, r24\n\t" + /* Round 2 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 8(r6)\n\t" + "add r10, r10, r16\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "rotlwi %[sha256], r14, 15\n\t" + "rotlwi %[len], r14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "add r16, r16, r25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 12(r6)\n\t" + "add r9, r9, r17\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "rotlwi %[sha256], r15, 15\n\t" + "rotlwi %[len], r15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "add r17, r17, r26\n\t" + /* Round 4 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 16(r6)\n\t" + "add r8, r8, r18\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "rotlwi %[sha256], r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "add r18, r18, r27\n\t" + /* Round 5 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 20(r6)\n\t" + "add r7, r7, r19\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "rotlwi %[sha256], r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "add r19, r19, r28\n\t" + /* Round 6 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(r6)\n\t" + "add %[data], %[data], r20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "rotlwi %[sha256], r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "add r20, r20, r29\n\t" + /* Round 7 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 28(r6)\n\t" + "add r0, r0, r21\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "rotlwi %[sha256], r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "add r21, r21, r14\n\t" + /* Round 8 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 32(r6)\n\t" + "add r12, r12, r22\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "rotlwi %[sha256], r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "add r22, r22, r15\n\t" + /* Round 9 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 36(r6)\n\t" + "add r11, r11, r23\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "rotlwi %[sha256], r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "add r23, r23, r16\n\t" + /* Round 10 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 40(r6)\n\t" + "add r10, r10, r24\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "rotlwi %[sha256], r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "add r24, r24, r17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 44(r6)\n\t" + "add r9, r9, r25\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "rotlwi %[sha256], r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "add r25, r25, r18\n\t" + /* Round 12 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 48(r6)\n\t" + "add r8, r8, r26\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "rotlwi %[sha256], r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "add r26, r26, r19\n\t" + /* Round 13 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 52(r6)\n\t" + "add r7, r7, r27\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "rotlwi %[sha256], r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "add r27, r27, r20\n\t" + /* Round 14 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(r6)\n\t" + "add %[data], %[data], r28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "rotlwi %[sha256], r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "add r28, r28, r21\n\t" + /* Round 15 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 60(r6)\n\t" + "add r0, r0, r29\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], r14, 25\n\t" + "rotlwi %[len], r14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "rotlwi %[sha256], r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "add r29, r29, r22\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 0(r6)\n\t" + "add r12, r12, r14\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], r15, 25\n\t" + "rotlwi %[len], r15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "rotlwi %[sha256], r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "add r14, r14, r23\n\t" + /* Round 1 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 4(r6)\n\t" + "add r11, r11, r15\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "rotlwi %[sha256], r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "add r15, r15, r24\n\t" + /* Round 2 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 8(r6)\n\t" + "add r10, r10, r16\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "rotlwi %[sha256], r14, 15\n\t" + "rotlwi %[len], r14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "add r16, r16, r25\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 12(r6)\n\t" + "add r9, r9, r17\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "rotlwi %[sha256], r15, 15\n\t" + "rotlwi %[len], r15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "add r17, r17, r26\n\t" + /* Round 4 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 16(r6)\n\t" + "add r8, r8, r18\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "rotlwi %[sha256], r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "add r18, r18, r27\n\t" + /* Round 5 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 20(r6)\n\t" + "add r7, r7, r19\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "rotlwi %[sha256], r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "add r19, r19, r28\n\t" + /* Round 6 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(r6)\n\t" + "add %[data], %[data], r20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "rotlwi %[sha256], r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "add r20, r20, r29\n\t" + /* Round 7 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 28(r6)\n\t" + "add r0, r0, r21\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "rotlwi %[sha256], r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "add r21, r21, r14\n\t" + /* Round 8 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 32(r6)\n\t" + "add r12, r12, r22\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "rotlwi %[sha256], r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "add r22, r22, r15\n\t" + /* Round 9 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 36(r6)\n\t" + "add r11, r11, r23\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "rotlwi %[sha256], r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "add r23, r23, r16\n\t" + /* Round 10 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 40(r6)\n\t" + "add r10, r10, r24\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "rotlwi %[sha256], r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "add r24, r24, r17\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 44(r6)\n\t" + "add r9, r9, r25\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "rotlwi %[sha256], r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "add r25, r25, r18\n\t" + /* Round 12 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 48(r6)\n\t" + "add r8, r8, r26\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "rotlwi %[sha256], r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "add r26, r26, r19\n\t" + /* Round 13 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 52(r6)\n\t" + "add r7, r7, r27\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "rotlwi %[sha256], r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "add r27, r27, r20\n\t" + /* Round 14 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(r6)\n\t" + "add %[data], %[data], r28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "rotlwi %[sha256], r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "add r28, r28, r21\n\t" + /* Round 15 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 60(r6)\n\t" + "add r0, r0, r29\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], r14, 25\n\t" + "rotlwi %[len], r14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "rotlwi %[sha256], r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "add r29, r29, r22\n\t" + "addi r6, r6, 0x40\n\t" + /* Round 0 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 0(r6)\n\t" + "add r12, r12, r14\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Round 1 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 4(r6)\n\t" + "add r11, r11, r15\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Round 2 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 8(r6)\n\t" + "add r10, r10, r16\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 12(r6)\n\t" + "add r9, r9, r17\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Round 4 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 16(r6)\n\t" + "add r8, r8, r18\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Round 5 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 20(r6)\n\t" + "add r7, r7, r19\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Round 6 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(r6)\n\t" + "add %[data], %[data], r20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Round 7 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 28(r6)\n\t" + "add r0, r0, r21\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + /* Round 8 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 32(r6)\n\t" + "add r12, r12, r22\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + /* Round 9 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 36(r6)\n\t" + "add r11, r11, r23\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + /* Round 10 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 40(r6)\n\t" + "add r10, r10, r24\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 44(r6)\n\t" + "add r9, r9, r25\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + /* Round 12 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 48(r6)\n\t" + "add r8, r8, r26\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + /* Round 13 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 52(r6)\n\t" + "add r7, r7, r27\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + /* Round 14 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(r6)\n\t" + "add %[data], %[data], r28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + /* Round 15 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 60(r6)\n\t" + "add r0, r0, r29\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + "subi r6, r6, 0xc0\n\t" + "lwz %[sha256], 0(r1)\n\t" + /* Add in digest from start */ + "lwz %[len], 0(%[sha256])\n\t" + "add r0, r0, %[len]\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add %[data], %[data], %[len]\n\t" + "lwz %[len], 8(%[sha256])\n\t" + "add r7, r7, %[len]\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add r8, r8, %[len]\n\t" + "lwz %[len], 16(%[sha256])\n\t" + "add r9, r9, %[len]\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add r10, r10, %[len]\n\t" + "lwz %[len], 24(%[sha256])\n\t" + "add r11, r11, %[len]\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add r12, r12, %[len]\n\t" + "stw r0, 0(%[sha256])\n\t" + "stw %[data], 4(%[sha256])\n\t" + "stw r7, 8(%[sha256])\n\t" + "stw r8, 12(%[sha256])\n\t" + "stw r9, 16(%[sha256])\n\t" + "stw r10, 20(%[sha256])\n\t" + "stw r11, 24(%[sha256])\n\t" + "stw r12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(r1)\n\t" + "addi %[sha256], %[sha256], 0x40\n\t" + "stw %[sha256], 4(r1)\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" + "addi r1, r1, 8\n\t" +#else + "subi r1, r1, 12\n\t" + "stw %[sha256], 0(r1)\n\t" + "stw %[data], 4(r1)\n\t" + "stw %[len], 8(r1)\n\t" + /* Copy digest to add in at end */ + "lwz r0, 0(%[sha256])\n\t" + "lwz %[data], 4(%[sha256])\n\t" + "lwz r7, 8(%[sha256])\n\t" + "lwz r8, 12(%[sha256])\n\t" + "lwz r9, 16(%[sha256])\n\t" + "lwz r10, 20(%[sha256])\n\t" + "lwz r11, 24(%[sha256])\n\t" + "lwz r12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(r1)\n\t" + /* Start of loop processing a block */ + "\n" + "L_SHA256_transform_len_begin_%=: \n\t" + /* Load W - 64 bytes */ + "lwz r14, 0(%[sha256])\n\t" + "lwz r15, 4(%[sha256])\n\t" + "lwz r16, 8(%[sha256])\n\t" + "lwz r17, 12(%[sha256])\n\t" + "lwz r18, 16(%[sha256])\n\t" + "lwz r19, 20(%[sha256])\n\t" + "lwz r20, 24(%[sha256])\n\t" + "lwz r21, 28(%[sha256])\n\t" + "lwz r22, 32(%[sha256])\n\t" + "lwz r23, 36(%[sha256])\n\t" + "lwz r24, 40(%[sha256])\n\t" + "lwz r25, 44(%[sha256])\n\t" + "lwz r26, 48(%[sha256])\n\t" + "lwz r27, 52(%[sha256])\n\t" + "lwz r28, 56(%[sha256])\n\t" + "lwz r29, 60(%[sha256])\n\t" + "li %[sha256], 4\n\t" + "mtctr %[sha256]\n\t" + /* Start of 16 rounds */ + "\n" + "L_SHA256_transform_len_start_%=: \n\t" + /* Round 0 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 0(r6)\n\t" + "add r12, r12, r14\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_0_%=\n\t" + /* Calc new W[0] */ + "rotlwi %[sha256], r15, 25\n\t" + "rotlwi %[len], r15, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "rotlwi %[sha256], r28, 15\n\t" + "rotlwi %[len], r28, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r14, r14, %[sha256]\n\t" + "add r14, r14, r23\n\t" + "\n" + "L_SHA256_transform_len_after_blk_0_%=: \n\t" + /* Round 1 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 4(r6)\n\t" + "add r11, r11, r15\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_1_%=\n\t" + /* Calc new W[1] */ + "rotlwi %[sha256], r16, 25\n\t" + "rotlwi %[len], r16, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "rotlwi %[sha256], r29, 15\n\t" + "rotlwi %[len], r29, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r15, r15, %[sha256]\n\t" + "add r15, r15, r24\n\t" + "\n" + "L_SHA256_transform_len_after_blk_1_%=: \n\t" + /* Round 2 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 8(r6)\n\t" + "add r10, r10, r16\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_2_%=\n\t" + /* Calc new W[2] */ + "rotlwi %[sha256], r17, 25\n\t" + "rotlwi %[len], r17, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "rotlwi %[sha256], r14, 15\n\t" + "rotlwi %[len], r14, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r16, r16, %[sha256]\n\t" + "add r16, r16, r25\n\t" + "\n" + "L_SHA256_transform_len_after_blk_2_%=: \n\t" + /* Round 3 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 12(r6)\n\t" + "add r9, r9, r17\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_3_%=\n\t" + /* Calc new W[3] */ + "rotlwi %[sha256], r18, 25\n\t" + "rotlwi %[len], r18, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "rotlwi %[sha256], r15, 15\n\t" + "rotlwi %[len], r15, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r15, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r17, r17, %[sha256]\n\t" + "add r17, r17, r26\n\t" + "\n" + "L_SHA256_transform_len_after_blk_3_%=: \n\t" + /* Round 4 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 16(r6)\n\t" + "add r8, r8, r18\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_4_%=\n\t" + /* Calc new W[4] */ + "rotlwi %[sha256], r19, 25\n\t" + "rotlwi %[len], r19, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "rotlwi %[sha256], r16, 15\n\t" + "rotlwi %[len], r16, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r16, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r18, r18, %[sha256]\n\t" + "add r18, r18, r27\n\t" + "\n" + "L_SHA256_transform_len_after_blk_4_%=: \n\t" + /* Round 5 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 20(r6)\n\t" + "add r7, r7, r19\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_5_%=\n\t" + /* Calc new W[5] */ + "rotlwi %[sha256], r20, 25\n\t" + "rotlwi %[len], r20, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "rotlwi %[sha256], r17, 15\n\t" + "rotlwi %[len], r17, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r17, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r19, r19, %[sha256]\n\t" + "add r19, r19, r28\n\t" + "\n" + "L_SHA256_transform_len_after_blk_5_%=: \n\t" + /* Round 6 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 24(r6)\n\t" + "add %[data], %[data], r20\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_6_%=\n\t" + /* Calc new W[6] */ + "rotlwi %[sha256], r21, 25\n\t" + "rotlwi %[len], r21, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "rotlwi %[sha256], r18, 15\n\t" + "rotlwi %[len], r18, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r18, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r20, r20, %[sha256]\n\t" + "add r20, r20, r29\n\t" + "\n" + "L_SHA256_transform_len_after_blk_6_%=: \n\t" + /* Round 7 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 28(r6)\n\t" + "add r0, r0, r21\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_7_%=\n\t" + /* Calc new W[7] */ + "rotlwi %[sha256], r22, 25\n\t" + "rotlwi %[len], r22, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "rotlwi %[sha256], r19, 15\n\t" + "rotlwi %[len], r19, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r19, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r21, r21, %[sha256]\n\t" + "add r21, r21, r14\n\t" + "\n" + "L_SHA256_transform_len_after_blk_7_%=: \n\t" + /* Round 8 */ + "rotlwi %[sha256], r9, 26\n\t" + "rotlwi %[len], r9, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], r9\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r12, r12, %[sha256]\n\t" + "lwz %[sha256], 32(r6)\n\t" + "add r12, r12, r22\n\t" + "add r12, r12, %[sha256]\n\t" + "add r8, r8, r12\n\t" + "rotlwi %[sha256], r0, 30\n\t" + "rotlwi %[len], r0, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r12, r12, %[sha256]\n\t" + "xor %[len], r0, %[data]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r12, r12, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_8_%=\n\t" + /* Calc new W[8] */ + "rotlwi %[sha256], r23, 25\n\t" + "rotlwi %[len], r23, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "rotlwi %[sha256], r20, 15\n\t" + "rotlwi %[len], r20, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r20, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r22, r22, %[sha256]\n\t" + "add r22, r22, r15\n\t" + "\n" + "L_SHA256_transform_len_after_blk_8_%=: \n\t" + /* Round 9 */ + "rotlwi %[sha256], r8, 26\n\t" + "rotlwi %[len], r8, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], r8\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r11, r11, %[sha256]\n\t" + "lwz %[sha256], 36(r6)\n\t" + "add r11, r11, r23\n\t" + "add r11, r11, %[sha256]\n\t" + "add r7, r7, r11\n\t" + "rotlwi %[sha256], r12, 30\n\t" + "rotlwi %[len], r12, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r11, r11, %[sha256]\n\t" + "xor %[len], r12, r0\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add r11, r11, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_9_%=\n\t" + /* Calc new W[9] */ + "rotlwi %[sha256], r24, 25\n\t" + "rotlwi %[len], r24, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "rotlwi %[sha256], r21, 15\n\t" + "rotlwi %[len], r21, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r21, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r23, r23, %[sha256]\n\t" + "add r23, r23, r16\n\t" + "\n" + "L_SHA256_transform_len_after_blk_9_%=: \n\t" + /* Round 10 */ + "rotlwi %[sha256], r7, 26\n\t" + "rotlwi %[len], r7, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], r7\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r10, r10, %[sha256]\n\t" + "lwz %[sha256], 40(r6)\n\t" + "add r10, r10, r24\n\t" + "add r10, r10, %[sha256]\n\t" + "add %[data], %[data], r10\n\t" + "rotlwi %[sha256], r11, 30\n\t" + "rotlwi %[len], r11, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r10, r10, %[sha256]\n\t" + "xor %[len], r11, r12\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r10, r10, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_10_%=\n\t" + /* Calc new W[10] */ + "rotlwi %[sha256], r25, 25\n\t" + "rotlwi %[len], r25, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "rotlwi %[sha256], r22, 15\n\t" + "rotlwi %[len], r22, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r22, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r24, r24, %[sha256]\n\t" + "add r24, r24, r17\n\t" + "\n" + "L_SHA256_transform_len_after_blk_10_%=: \n\t" + /* Round 11 */ + "rotlwi %[sha256], %[data], 26\n\t" + "rotlwi %[len], %[data], 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[data]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add r9, r9, %[sha256]\n\t" + "lwz %[sha256], 44(r6)\n\t" + "add r9, r9, r25\n\t" + "add r9, r9, %[sha256]\n\t" + "add r0, r0, r9\n\t" + "rotlwi %[sha256], r10, 30\n\t" + "rotlwi %[len], r10, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r9, r9, %[sha256]\n\t" + "xor %[len], r10, r11\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r11\n\t" + "add r9, r9, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_11_%=\n\t" + /* Calc new W[11] */ + "rotlwi %[sha256], r26, 25\n\t" + "rotlwi %[len], r26, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "rotlwi %[sha256], r23, 15\n\t" + "rotlwi %[len], r23, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r23, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r25, r25, %[sha256]\n\t" + "add r25, r25, r18\n\t" + "\n" + "L_SHA256_transform_len_after_blk_11_%=: \n\t" + /* Round 12 */ + "rotlwi %[sha256], r0, 26\n\t" + "rotlwi %[len], r0, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r0, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[sha256], %[data], r7\n\t" + "and %[sha256], %[sha256], r0\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r8, r8, %[sha256]\n\t" + "lwz %[sha256], 48(r6)\n\t" + "add r8, r8, r26\n\t" + "add r8, r8, %[sha256]\n\t" + "add r12, r12, r8\n\t" + "rotlwi %[sha256], r9, 30\n\t" + "rotlwi %[len], r9, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r9, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r8, r8, %[sha256]\n\t" + "xor %[len], r9, r10\n\t" + "xor %[sha256], r10, r11\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r10\n\t" + "add r8, r8, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_12_%=\n\t" + /* Calc new W[12] */ + "rotlwi %[sha256], r27, 25\n\t" + "rotlwi %[len], r27, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "rotlwi %[sha256], r24, 15\n\t" + "rotlwi %[len], r24, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r24, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r26, r26, %[sha256]\n\t" + "add r26, r26, r19\n\t" + "\n" + "L_SHA256_transform_len_after_blk_12_%=: \n\t" + /* Round 13 */ + "rotlwi %[sha256], r12, 26\n\t" + "rotlwi %[len], r12, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r12, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[sha256], r0, %[data]\n\t" + "and %[sha256], %[sha256], r12\n\t" + "xor %[sha256], %[sha256], %[data]\n\t" + "add r7, r7, %[sha256]\n\t" + "lwz %[sha256], 52(r6)\n\t" + "add r7, r7, r27\n\t" + "add r7, r7, %[sha256]\n\t" + "add r11, r11, r7\n\t" + "rotlwi %[sha256], r8, 30\n\t" + "rotlwi %[len], r8, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r8, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r7, r7, %[sha256]\n\t" + "xor %[len], r8, r9\n\t" + "xor %[sha256], r9, r10\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r9\n\t" + "add r7, r7, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_13_%=\n\t" + /* Calc new W[13] */ + "rotlwi %[sha256], r28, 25\n\t" + "rotlwi %[len], r28, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r28, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "rotlwi %[sha256], r25, 15\n\t" + "rotlwi %[len], r25, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r25, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r27, r27, %[sha256]\n\t" + "add r27, r27, r20\n\t" + "\n" + "L_SHA256_transform_len_after_blk_13_%=: \n\t" + /* Round 14 */ + "rotlwi %[sha256], r11, 26\n\t" + "rotlwi %[len], r11, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r11, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[sha256], r12, r0\n\t" + "and %[sha256], %[sha256], r11\n\t" + "xor %[sha256], %[sha256], r0\n\t" + "add %[data], %[data], %[sha256]\n\t" + "lwz %[sha256], 56(r6)\n\t" + "add %[data], %[data], r28\n\t" + "add %[data], %[data], %[sha256]\n\t" + "add r10, r10, %[data]\n\t" + "rotlwi %[sha256], r7, 30\n\t" + "rotlwi %[len], r7, 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r7, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add %[data], %[data], %[sha256]\n\t" + "xor %[len], r7, r8\n\t" + "xor %[sha256], r8, r9\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r8\n\t" + "add %[data], %[data], %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_14_%=\n\t" + /* Calc new W[14] */ + "rotlwi %[sha256], r29, 25\n\t" + "rotlwi %[len], r29, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r29, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "rotlwi %[sha256], r26, 15\n\t" + "rotlwi %[len], r26, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r26, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r28, r28, %[sha256]\n\t" + "add r28, r28, r21\n\t" + "\n" + "L_SHA256_transform_len_after_blk_14_%=: \n\t" + /* Round 15 */ + "rotlwi %[sha256], r10, 26\n\t" + "rotlwi %[len], r10, 21\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], r10, 7\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[sha256], r11, r12\n\t" + "and %[sha256], %[sha256], r10\n\t" + "xor %[sha256], %[sha256], r12\n\t" + "add r0, r0, %[sha256]\n\t" + "lwz %[sha256], 60(r6)\n\t" + "add r0, r0, r29\n\t" + "add r0, r0, %[sha256]\n\t" + "add r9, r9, r0\n\t" + "rotlwi %[sha256], %[data], 30\n\t" + "rotlwi %[len], %[data], 19\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "rotlwi %[len], %[data], 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r0, r0, %[sha256]\n\t" + "xor %[len], %[data], r7\n\t" + "xor %[sha256], r7, r8\n\t" + "and %[sha256], %[sha256], %[len]\n\t" + "xor %[sha256], %[sha256], r7\n\t" + "add r0, r0, %[sha256]\n\t" + "mfctr %[len]\n\t" + "cmpwi %[sha256], %[len], 1\n\t" + "beq %[sha256], L_SHA256_transform_len_after_blk_15_%=\n\t" + /* Calc new W[15] */ + "rotlwi %[sha256], r14, 25\n\t" + "rotlwi %[len], r14, 14\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r14, 3\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "rotlwi %[sha256], r27, 15\n\t" + "rotlwi %[len], r27, 13\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "srwi %[len], r27, 10\n\t" + "xor %[sha256], %[sha256], %[len]\n\t" + "add r29, r29, %[sha256]\n\t" + "add r29, r29, r22\n\t" + "\n" + "L_SHA256_transform_len_after_blk_15_%=: \n\t" + "addi r6, r6, 0x40\n\t" + "bdnz L_SHA256_transform_len_start_%=\n\t" + "subi r6, r6, 0x100\n\t" + "lwz %[sha256], 0(r1)\n\t" + /* Add in digest from start */ + "lwz %[len], 0(%[sha256])\n\t" + "add r0, r0, %[len]\n\t" + "lwz %[len], 4(%[sha256])\n\t" + "add %[data], %[data], %[len]\n\t" + "lwz %[len], 8(%[sha256])\n\t" + "add r7, r7, %[len]\n\t" + "lwz %[len], 12(%[sha256])\n\t" + "add r8, r8, %[len]\n\t" + "lwz %[len], 16(%[sha256])\n\t" + "add r9, r9, %[len]\n\t" + "lwz %[len], 20(%[sha256])\n\t" + "add r10, r10, %[len]\n\t" + "lwz %[len], 24(%[sha256])\n\t" + "add r11, r11, %[len]\n\t" + "lwz %[len], 28(%[sha256])\n\t" + "add r12, r12, %[len]\n\t" + "stw r0, 0(%[sha256])\n\t" + "stw %[data], 4(%[sha256])\n\t" + "stw r7, 8(%[sha256])\n\t" + "stw r8, 12(%[sha256])\n\t" + "stw r9, 16(%[sha256])\n\t" + "stw r10, 20(%[sha256])\n\t" + "stw r11, 24(%[sha256])\n\t" + "stw r12, 28(%[sha256])\n\t" + "lwz %[sha256], 4(r1)\n\t" + "lwz %[len], 8(r1)\n\t" + "mtctr %[len]\n\t" + "subi %[len], %[len], 1\n\t" + "addi %[sha256], %[sha256], 0x40\n\t" + "stw %[sha256], 4(r1)\n\t" + "stw %[len], 8(r1)\n\t" + "bdnz L_SHA256_transform_len_begin_%=\n\t" + "addi r1, r1, 12\n\t" +#endif /* WOLFSSL_PPC32_ASM_SMALL */ +#ifndef WOLFSSL_NO_VAR_ASSIGN_REG + : [sha256] "+r" (sha256), [data] "+r" (data), [len] "+r" (len), + [L_SHA256_transform_len_k] "+r" (L_SHA256_transform_len_k_c) + : +#else + : + : [sha256] "r" (sha256), [data] "r" (data), [len] "r" (len), + [L_SHA256_transform_len_k] "r" (L_SHA256_transform_len_k_c) +#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ + : "memory", "cc", "r0", "r7", "r8", "r9", "r10", "r11", "r12", "r14", + "r15", "r16", "r17", "r18", "r19", "r20", "r21", "r22", "r23", + "r24", "r25", "r26", "r27", "r28", "r29" + ); +} + +#endif /* __PIC__ */ +#endif /* !WOLFSSL_PPC32_ASM_SPE */ +#endif /* !NO_SHA256 */ + +#endif /* WOLFSSL_PPC32_ASM_INLINE */ +#endif /* WOLFSSL_PPC32_ASM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,7 +58,11 @@ psa_status_t s; #if defined(WOLFSSL_PSA_GLOBAL_LOCK) - wc_InitMutex(&psa_global_mutex); + int ret; + + ret = wc_InitMutex(&psa_global_mutex); + if (ret != 0) + return ret; #endif PSA_LOCK(); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psa_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,7 +48,7 @@ psa_status_t s; XMEMSET(&key_attr, 0, sizeof(key_attr)); - aes->key_id = 0; + aes->key_id = PSA_KEY_ID_NULL; aes->ctx_initialized = 0; psa_set_key_type(&key_attr, PSA_KEY_TYPE_AES); @@ -76,7 +76,7 @@ */ int wc_psa_aes_init(Aes *aes) { - aes->key_id = 0; + aes->key_id = PSA_KEY_ID_NULL; aes->ctx_initialized = 0; aes->key_need_importing = 0; XMEMSET(&aes->psa_ctx, 0, sizeof(aes->psa_ctx)); @@ -167,9 +167,7 @@ XMEMCPY(aes->key, key, key_length); aes->key_need_importing = 1; } else { - PSA_LOCK(); ret = wc_psa_aes_import_key(aes, key, key_length, alg, dir); - PSA_UNLOCK(); if (ret != 0) return ret; } @@ -227,11 +225,10 @@ PSA_UNLOCK(); } + aes->ctx_initialized = 1; /* mark before error check so err: path aborts it */ if (s != PSA_SUCCESS) goto err; - aes->ctx_initialized = 1; - /* ECB doesn't use IV */ if (alg != PSA_ALG_ECB_NO_PADDING) { @@ -284,7 +281,6 @@ aes->ctx_initialized = 0; } - aes->ctx_initialized = 0; aes->key_need_importing = 0; return 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psa_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -127,9 +127,12 @@ return BAD_FUNC_ARG; PSA_LOCK(); - psa_hash_abort(dst); + s = psa_hash_abort(dst); PSA_UNLOCK(); + if (s != PSA_SUCCESS) + return WC_HW_E; + PSA_LOCK(); s = psa_hash_clone(src, dst); PSA_UNLOCK(); @@ -173,7 +176,9 @@ s = psa_hash_clone(ctx, &tmp); PSA_UNLOCK(); if (s != PSA_SUCCESS) { + PSA_LOCK(); psa_hash_abort(&tmp); + PSA_UNLOCK(); return WC_HW_E; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_pkcbs.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_pkcbs.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_pkcbs.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/psa/psa_pkcbs.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psa_pkcbs.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -138,7 +138,7 @@ ret = psa_ecc_keygen(ecc_curve, key_size, &psa_key_id); if (ret != 0) - return WC_HW_E; + return ret; ret = psa_ecc_export_to_wc_key(key, psa_key_id, ecc_curve); if (ret != 0) { @@ -148,6 +148,11 @@ return WC_HW_E; } + if (psa_ctx->dh_key != PSA_KEY_ID_NULL) { + PSA_LOCK(); + psa_destroy_key(psa_ctx->dh_key); + PSA_UNLOCK(); + } psa_ctx->dh_key = psa_key_id; return 0; @@ -239,6 +244,12 @@ &output_length); PSA_UNLOCK(); + PSA_LOCK(); + psa_destroy_key(psa_ctx->dh_key); + PSA_UNLOCK(); + + psa_ctx->dh_key = PSA_KEY_ID_NULL; + if (status != PSA_SUCCESS) { WOLFSSL_MSG("PSA: error raw_key_agreement"); return WC_HW_E; @@ -246,12 +257,6 @@ *output_size = (word32)output_length; - PSA_LOCK(); - psa_destroy_key(psa_ctx->dh_key); - PSA_UNLOCK(); - - psa_ctx->dh_key = PSA_KEY_ID_NULL; - return 0; } @@ -305,11 +310,15 @@ /* Get correct hash algorithm that matches input hash length */ hash_algo = psa_map_hash_alg(input_length); + if (hash_algo == PSA_ALG_NONE) + return BAD_FUNC_ARG; + PSA_LOCK(); status = psa_sign_hash(psa_ctx->private_key, PSA_ALG_ECDSA(hash_algo), input, input_length, rs, sizeof(rs), &rs_length); + PSA_UNLOCK(); if (status != PSA_SUCCESS) return WC_HW_E; @@ -317,7 +326,7 @@ ret = wc_ecc_rs_raw_to_sig(rs, point_len, rs + point_len, point_len, signature, signature_size); if (ret != 0) - return -1; + return ret; return 0; } @@ -391,8 +400,12 @@ (void)ctx; WOLFSSL_ENTER("psa_ecc_verify_cb"); + *result = 0; + /* Get correct hash algorithm that matches input hash length */ hash_algo = psa_map_hash_alg(hash_length); + if (hash_algo == PSA_ALG_NONE) + return BAD_FUNC_ARG; ret = psa_ecc_decode_public_key(key, key_length, &tmp_key, hash_algo); if (ret != 0) @@ -406,7 +419,7 @@ goto exit; /* coalescence of r and s in the buffer */ - XMEMCPY(raw_signature + r_len, s, s_len); + XMEMMOVE(raw_signature + r_len, s, s_len); PSA_LOCK(); status = psa_verify_hash(tmp_key, PSA_ALG_ECDSA(hash_algo), hash, @@ -416,8 +429,6 @@ if (status == PSA_SUCCESS) { *result = 1; } else { - *result = 0; - if (status != PSA_ERROR_INVALID_SIGNATURE) { WOLFSSL_MSG("psa_ecc_verify_cb: can't verify hash"); ret = WC_HW_E; @@ -436,6 +447,7 @@ #endif /* HAVE_ECC */ #ifdef HAVE_HKDF +/* ikm will always be not NULL. */ static int psa_hkdf_extract_cb(byte* prk, const byte* salt, word32 salt_length, byte* ikm, word32 ikm_length, int digest, @@ -532,7 +544,7 @@ void wolfSSL_free_psa_ctx(struct psa_ssl_ctx *ctx) { - if (ctx->dh_key != PSA_KEY_ID_NULL) { + if (ctx != NULL && ctx->dh_key != PSA_KEY_ID_NULL) { PSA_LOCK(); psa_destroy_key(ctx->dh_key); PSA_UNLOCK(); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-64-aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-chacha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-chacha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-chacha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-chacha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-64-chacha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-poly1305.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-poly1305.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-poly1305.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-poly1305.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-64-poly1305.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha256.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha256.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha256.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha256.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-sha256.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1031,6 +1031,7 @@ } else { wc_Sha256 tmpSha256; + XMEMSET(&tmpSha256, 0, sizeof(tmpSha256)); /* Create a copy of the hash to finalize. */ ret = wc_Sha256Copy(sha256, &tmpSha256); if (ret == 0) { @@ -1350,6 +1351,7 @@ } else { wc_Sha224 tmpSha224; + XMEMSET(&tmpSha224, 0, sizeof(tmpSha224)); /* Create a copy of the hash to finalize. */ ret = wc_Sha224Copy(sha224, &tmpSha224); if (ret == 0) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha3.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-64-sha3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha512.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha512.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha512.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/riscv/riscv-64-sha512.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-sha512.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,7 +22,7 @@ #include #ifdef WOLFSSL_RISCV_ASM -#if !defined(NO_SHA512) || defined(WOLFSSL_SHA384) +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) #if FIPS_VERSION3_LT(6,0,0) && defined(HAVE_FIPS) #undef HAVE_FIPS @@ -984,7 +984,7 @@ } -#ifndef NO_SHA512 +#ifdef WOLFSSL_SHA512 /* Initialize SHA-512 object for hashing. * @@ -1140,6 +1140,7 @@ } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1357,6 +1358,7 @@ } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1456,6 +1458,7 @@ } else { wc_Sha512 tmpSha512; + XMEMSET(&tmpSha512, 0, sizeof(tmpSha512)); /* Create a copy of the hash to finalize. */ ret = wc_Sha512Copy(sha512, &tmpSha512); if (ret == 0) { @@ -1494,7 +1497,7 @@ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ -#endif /* !NO_SHA512 */ +#endif /* WOLFSSL_SHA512 */ #ifdef WOLFSSL_SHA384 @@ -1671,6 +1674,7 @@ } else { wc_Sha384 tmpSha384; + XMEMSET(&tmpSha384, 0, sizeof(tmpSha384)); /* Create a copy of the hash to finalize. */ ret = wc_Sha384Copy(sha384, &tmpSha384); if (ret == 0) { @@ -1737,5 +1741,5 @@ #endif /* WOLFSSL_SHA384 */ -#endif /* !NO_SHA512 || WOLFSSL_SHA384 */ +#endif /* WOLFSSL_SHA512 || WOLFSSL_SHA384 */ #endif /* WOLFSSL_RISCV_ASM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/rpi_pico/pico.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/rpi_pico/pico.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/rpi_pico/pico.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/rpi_pico/pico.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pico.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,9 @@ { uint32_t i = 0; + if (output == NULL || sz == 0) + return BAD_FUNC_ARG; + while (i < sz) { uint64_t rnd = get_rand_64(); @@ -52,6 +55,7 @@ XMEMCPY(output + i, &rnd, sz - i); i = sz; } + rnd = 0; } return 0; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,18 +43,20 @@ int ret = 0; (void)dir; - ret = sl_se_init(); - if (ret != SL_STATUS_OK) { - return BUFFER_E; + if (aes == NULL || userKey == NULL || keylen > sizeof(aes->key)) { + return BAD_FUNC_ARG; } - if (aes == NULL || keylen > sizeof(aes->key)) { - return BAD_FUNC_ARG; + ret = sl_se_init(); + if (ret != SL_STATUS_OK) { + return WC_HW_E; } XMEMSET(aes, 0, sizeof(*aes)); ret = wc_AesSetIV(aes, iv); + if (ret != 0) + return ret; aes->rounds = keylen/4 + 6; aes->ctx.cmd_ctx = cc; @@ -80,11 +82,12 @@ break; } - - XMEMCPY(aes->key, userKey, keylen); - aes->ctx.key.storage.location.buffer.pointer = (void*)aes->key; - aes->ctx.key.storage.location.buffer.size = keylen; - aes->ctx.key.size = keylen; + if (ret == 0) { + XMEMCPY(aes->key, userKey, keylen); + aes->ctx.key.storage.location.buffer.pointer = (void*)aes->key; + aes->ctx.key.storage.location.buffer.size = keylen; + aes->ctx.key.size = keylen; + } return ret; } @@ -134,7 +137,12 @@ #ifdef WOLFSSL_AES_DIRECT int wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { - sl_status_t status = sl_se_aes_crypt_ecb( + sl_status_t status; + if ((inBlock == NULL) || (outBlock == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_aes_crypt_ecb( &(aes->ctx.cmd_ctx), &(aes->ctx.key), SL_SE_ENCRYPT, @@ -146,7 +154,12 @@ int wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { - sl_status_t status = sl_se_aes_crypt_ecb( + sl_status_t status; + if ((inBlock == NULL) || (outBlock == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_aes_crypt_ecb( &(aes->ctx.cmd_ctx), &(aes->ctx.key), SL_SE_DECRYPT, @@ -159,7 +172,12 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - sl_status_t status = sl_se_aes_crypt_cbc( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_aes_crypt_cbc( &(aes->ctx.cmd_ctx), &(aes->ctx.key), SL_SE_ENCRYPT, @@ -172,7 +190,12 @@ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { - sl_status_t status = sl_se_aes_crypt_cbc( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_aes_crypt_cbc( &(aes->ctx.cmd_ctx), &(aes->ctx.key), SL_SE_DECRYPT, @@ -189,7 +212,13 @@ byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - sl_status_t status = sl_se_gcm_crypt_and_tag( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (iv == NULL) || (authTag == NULL) || + (authIn == NULL && authInSz != 0) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_gcm_crypt_and_tag( &(aes->ctx.cmd_ctx), &(aes->ctx.key), SL_SE_ENCRYPT, @@ -211,7 +240,13 @@ const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - sl_status_t status = sl_se_gcm_auth_decrypt( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (iv == NULL) || (authTag == NULL) || + (authIn == NULL && authInSz != 0) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_gcm_auth_decrypt( &(aes->ctx.cmd_ctx), &(aes->ctx.key), sz, @@ -236,7 +271,13 @@ byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - sl_status_t status = sl_se_ccm_encrypt_and_tag( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (iv == NULL) || (authTag == NULL) || + (authIn == NULL && authInSz != 0) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_ccm_encrypt_and_tag( &(aes->ctx.cmd_ctx), &(aes->ctx.key), sz, @@ -258,7 +299,13 @@ const byte* authTag, word32 authTagSz, const byte* authIn, word32 authInSz) { - sl_status_t status = sl_se_ccm_auth_decrypt( + sl_status_t status; + if ((in == NULL) || (out == NULL) || (iv == NULL) || (authTag == NULL) || + (authIn == NULL && authInSz != 0) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + status = sl_se_ccm_auth_decrypt( &(aes->ctx.cmd_ctx), &(aes->ctx.key), sz, @@ -274,6 +321,6 @@ return (status != SL_STATUS_OK) ? AES_GCM_AUTH_E : 0; } -#endif /* HAVE_AESGCM */ +#endif /* HAVE_AESCCM */ #endif /* WOLFSSL_SILABS_SE_ACCEL */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_ecc.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_ecc.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_ecc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_ecc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_ecc.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -100,11 +100,18 @@ word32 *outlen, ecc_key* key) { sl_status_t sl_stat; - sl_se_key_descriptor_t* slkey = &key->key; - word32 siglen = *outlen; + sl_se_key_descriptor_t* slkey; + word32 siglen; - if ((int)siglen >= key->dp->size * 2) { - siglen = key->dp->size * 2; + if (in == NULL || out == NULL || outlen == NULL || key == NULL || + key->dp == NULL) + return BAD_FUNC_ARG; + + slkey = &key->key; + siglen = key->dp->size * 2; + + if (*outlen < siglen) { + return BUFFER_E; } #if (_SILICON_LABS_SECURITY_FEATURE == _SILICON_LABS_SECURITY_FEATURE_VAULT) @@ -131,7 +138,11 @@ siglen ); } - return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E; + if (sl_stat == SL_STATUS_OK) { + *outlen = siglen; + return 0; + } + return WC_HW_E; } #ifdef HAVE_ECC_VERIFY @@ -140,7 +151,12 @@ const byte* hash, word32 hashlen, int* stat, ecc_key* key) { - sl_status_t sl_stat = sl_se_init_command_context(&key->cmd_ctx); + sl_status_t sl_stat; + + if (sig == NULL || hash == NULL || stat == NULL || key == NULL) + return BAD_FUNC_ARG; + + sl_stat = sl_se_init_command_context(&key->cmd_ctx); if (sl_stat == SL_STATUS_OK) { sl_stat = sl_se_ecc_verify( &key->cmd_ctx, @@ -167,6 +183,9 @@ { sl_status_t sl_stat; + if (key == NULL || key->dp == NULL) + return BAD_FUNC_ARG; + key->key.type = silabs_map_key_type(key->dp->id); if (key->key.type == SILABS_UNSUPPORTED_KEY_TYPE) return WC_HW_E; @@ -177,12 +196,14 @@ SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, - &key->key.storage.location.buffer.size); + sl_stat = sl_se_init_command_context(&key->cmd_ctx); + if (sl_stat == SL_STATUS_OK) { + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); + } if (sl_stat == SL_STATUS_OK) { key->key.storage.location.buffer.pointer = key->key_raw; - sl_stat = sl_se_generate_key(&key->cmd_ctx, - &key->key); + sl_stat = sl_se_generate_key(&key->cmd_ctx, &key->key); } if (sl_stat == SL_STATUS_OK) { key->type = ECC_PRIVATEKEY; @@ -205,6 +226,9 @@ int err = MP_OKAY; word32 used; + if (key == NULL || key->dp == NULL) + return BAD_FUNC_ARG; + key->key.type = silabs_map_key_type(key->dp->id); if (key->key.type == SILABS_UNSUPPORTED_KEY_TYPE || keysize == 0) return WC_HW_E; @@ -260,6 +284,11 @@ uint32_t pub_sz = 0; sl_status_t sl_stat; + if ((private_key == NULL) || (public_key == NULL) || (out == NULL) || + (outlen == NULL)) { + return BAD_FUNC_ARG; + } + /* `sl_se_ecdh_compute_shared_secret` returns the full coordinate * point, but `wc_ecc_shared_secret` should only return the x * coordinate. This buffer is used to hold the output of the @@ -284,17 +313,20 @@ key_out.size = pub_sz; key_out.storage.location.buffer.size = pub_sz; - sl_stat = sl_se_ecdh_compute_shared_secret( - &cmd, - &private_key->key, - &pub_key, - &key_out); - + sl_stat = sl_se_init_command_context(&cmd); + if (sl_stat == SL_STATUS_OK) { + sl_stat = sl_se_ecdh_compute_shared_secret( + &cmd, + &private_key->key, + &pub_key, + &key_out); + } if (sl_stat == SL_STATUS_OK) { *outlen = pub_key.size; XMEMCPY(out, fullpoint, *outlen); } + ForceZero(fullpoint, sizeof(fullpoint)); return (sl_stat == SL_STATUS_OK) ? 0 : WC_HW_E; } @@ -304,7 +336,7 @@ sl_status_t sl_stat; sl_se_command_context_t cmd; - if (key == NULL || seKey == NULL) + if (key == NULL || key->dp == NULL || seKey == NULL) return BAD_FUNC_ARG; if (seKey->type == SL_SE_KEY_TYPE_ECC_P192) @@ -324,16 +356,19 @@ if (ret != 0) return ret; - key->type = ECC_PUBLICKEY; - key->key.type = seKey->type; - key->key.size = key->dp->size; - key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; - key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | - SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); + sl_stat = sl_se_init_command_context(&cmd); + if (sl_stat == SL_STATUS_OK) { + key->type = ECC_PUBLICKEY; + key->key.type = seKey->type; + key->key.size = key->dp->size; + key->key.storage.method = SL_SE_KEY_STORAGE_EXTERNAL_PLAINTEXT; + key->key.flags = (SL_SE_KEY_FLAG_ASYMMETRIC_BUFFER_HAS_PUBLIC_KEY | + SL_SE_KEY_FLAG_ASYMMETRIC_SIGNING_ONLY); - sl_stat = sl_se_get_storage_size(&key->key, - &key->key.storage.location.buffer.size); - key->key.storage.location.buffer.pointer = key->key_raw; + sl_stat = sl_se_get_storage_size(&key->key, + &key->key.storage.location.buffer.size); + key->key.storage.location.buffer.pointer = key->key_raw; + } if (sl_stat == SL_STATUS_OK) { sl_stat = sl_se_export_public_key(&cmd, seKey, &key->key); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_hash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_hash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_hash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_hash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_hash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_random.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_random.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_random.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/silabs/silabs_random.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_random.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,12 +37,16 @@ int silabs_GenerateRand(byte* output, word32 sz) { sl_se_command_context_t cmd_ctx = SL_SE_COMMAND_CONTEXT_INIT; - sl_status_t status = sl_se_init(); + sl_status_t status; + if (output == NULL) + return BAD_FUNC_ARG; + + status = sl_se_init(); if (status == SL_STATUS_OK) status = sl_se_get_random(&cmd_ctx, output, sz); - return (status != SL_STATUS_OK); + return (status != SL_STATUS_OK) ? WC_HW_E : 0; } #endif /* WOLFSSL_SILABS_SE_ACCEL */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -9,7 +9,9 @@ public-key acceleration: - ECC192/ECC224/ECC256/ECC384 -Support for the STSAFE-A100 crypto hardware accelerator co-processor via I2C for ECC supporting NIST or Brainpool 256-bit and 384-bit curves. It requires the ST-Safe SDK including wolfSSL's `stsafe_interface.c/.h` files. Please contact us at support@wolfssl.com to get this code. +Support for the STSAFE-A secure element family via I2C for ECC supporting NIST P-256/P-384 and Brainpool 256/384-bit curves: + - **STSAFE-A100/A110**: Uses ST's proprietary STSAFE-A1xx middleware. Contact us at support@wolfssl.com for integration assistance. + - **STSAFE-A120**: Uses ST's open-source [STSELib](https://github.com/STMicroelectronics/STSELib) (BSD-3 license). For details see our [wolfSSL ST](https://www.wolfssl.com/docs/stm32/) page. @@ -39,6 +41,7 @@ #define NO_STM32_RNG #define NO_STM32_CRYPTO #define NO_STM32_HASH +#define NO_STM32_HMAC ``` ### Coding @@ -65,29 +68,69 @@ When the support is enabled, the ECC operations will be accelerated using the PKA crypto co-processor. -## STSAFE-A100 ECC Acceleration +## STSAFE-A ECC Acceleration -Using the wolfSSL PK callbacks and the reference ST Safe reference API's we support an ECC only cipher suite such as ECDHE-ECDSA-AES128-SHA256 for TLS client or server. +Using the wolfSSL PK callbacks or Crypto callbacks with the ST-Safe reference API's we support ECC operations for TLS client/server: + - **ECDSA Sign/Verify**: P-256 and P-384 (NIST and Brainpool curves) + - **ECDH Key Agreement**: For TLS key exchange + - **ECC Key Generation**: Ephemeral keys for TLS -At the wolfCrypt level we also support ECC native API's for `wc_ecc_*` using the ST-Safe. +At the wolfCrypt level we also support ECC native API's for `wc_ecc_*` using the ST-Safe via Crypto Callbacks. + +### Supported Hardware + +| Model | Macro | SDK | +|-------|-------|-----| +| STSAFE-A100/A110 | `WOLFSSL_STSAFEA100` | ST STSAFE-A1xx Middleware (proprietary) | +| STSAFE-A120 | `WOLFSSL_STSAFEA120` | [STSELib](https://github.com/STMicroelectronics/STSELib) (BSD-3, open source) | ### Building -`./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100"` +For STSAFE-A100/A110 (legacy): + +``` +./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA100" +``` + +or in `user_settings.h`: + +```c +#define HAVE_PK_CALLBACKS +#define WOLFSSL_STSAFEA100 +``` + +For STSAFE-A120 with STSELib: -or +``` +./configure --enable-pkcallbacks CFLAGS="-DWOLFSSL_STSAFEA120" +``` -`#define HAVE_PK_CALLBACKS` -`#define WOLFSSL_STSAFEA100` +or in `user_settings.h`: +```c +#define HAVE_PK_CALLBACKS +#define WOLFSSL_STSAFEA120 +``` + +To use Crypto Callbacks (recommended for wolfCrypt-level ECC operations): + +```c +#define WOLF_CRYPTO_CB +#define WOLFSSL_STSAFEA120 /* or WOLFSSL_STSAFEA100 */ +``` ### Coding +#### Using PK Callbacks (TLS) + Setup the PK callbacks for TLS using: -``` -/* Setup PK Callbacks for STSAFE-A100 */ +```c +/* Setup PK Callbacks for STSAFE */ WOLFSSL_CTX* ctx; +SSL_STSAFE_SetupPkCallbacks(ctx); + +/* Or manually: */ wolfSSL_CTX_SetEccKeyGenCb(ctx, SSL_STSAFE_CreateKeyCb); wolfSSL_CTX_SetEccSignCb(ctx, SSL_STSAFE_SignCertificateCb); wolfSSL_CTX_SetEccVerifyCb(ctx, SSL_STSAFE_VerifyPeerCertCb); @@ -95,20 +138,141 @@ wolfSSL_CTX_SetDevId(ctx, 0); /* enables wolfCrypt `wc_ecc_*` ST-Safe use */ ``` -The reference STSAFE-A100 PK callback functions are located in the `wolfcrypt/src/port/st/stsafe.c` file. +The reference STSAFE PK callback functions are located in the `wolfcrypt/src/port/st/stsafe.c` file. Adding a custom context to the callbacks: -``` +```c /* Setup PK Callbacks context */ WOLFSSL* ssl; void* myOwnCtx; -wolfSSL_SetEccKeyGenCtx(ssl, myOwnCtx); -wolfSSL_SetEccVerifyCtx(ssl, myOwnCtx); -wolfSSL_SetEccSignCtx(ssl, myOwnCtx); -wolfSSL_SetEccSharedSecretCtx(ssl, myOwnCtx); +SSL_STSAFE_SetupPkCallbackCtx(ssl, myOwnCtx); ``` +#### Using Crypto Callbacks (wolfCrypt) + +For direct wolfCrypt ECC operations using the hardware: + +```c +#include + +/* Register the crypto callback */ +wolfSTSAFE_CryptoCb_Ctx stsafeCtx; +stsafeCtx.devId = WOLF_STSAFE_DEVID; +wc_CryptoCb_RegisterDevice(WOLF_STSAFE_DEVID, wolfSSL_STSAFE_CryptoDevCb, &stsafeCtx); + +/* For ECDSA signing operations (uses persistent slot 1) */ +ecc_key key; +wc_ecc_init_ex(&key, NULL, WOLF_STSAFE_DEVID); +wc_ecc_make_key_ex(&rng, 32, &key, ECC_SECP256R1); +/* Sign operations will use STSAFE hardware */ + +/* For ECDH operations (uses ephemeral slot 0xFF) */ +ecc_key ecdh_key; +wc_ecc_init_ex(&ecdh_key, NULL, WOLF_STSAFE_DEVID); +ecdh_key.devCtx = (void*)(uintptr_t)STSAFE_KEY_SLOT_EPHEMERAL; /* Configure for ECDH */ +wc_ecc_make_key_ex(&rng, 32, &ecdh_key, ECC_SECP256R1); +/* ECDH shared secret computation will use STSAFE hardware */ +``` + +**Note for STSAFE-A120**: ECDH operations require keys generated in the ephemeral slot (0xFF) which has key establishment enabled by default. Set `key.devCtx = (void*)(uintptr_t)STSAFE_KEY_SLOT_EPHEMERAL;` to configure keys for ECDH before generation. Persistent slots (0-4) require explicit configuration via `put_attribute` command to enable key establishment. + +### Implementation Details + +The STSAFE support is self-contained in `wolfcrypt/src/port/st/stsafe.c` with SDK-specific implementations selected at compile time: + +| Macro | SDK | Description | +|-------|-----|-------------| +| `WOLFSSL_STSAFEA100` | STSAFE-A1xx Middleware | ST's proprietary SDK for A100/A110 | +| `WOLFSSL_STSAFEA120` | [STSELib](https://github.com/STMicroelectronics/STSELib) | ST's open-source SDK for A120 (BSD-3) | + +#### External Interface (Backwards Compatibility) + +For customers with existing custom implementations, define `WOLFSSL_STSAFE_INTERFACE_EXTERNAL` to use an external `stsafe_interface.h` file instead of the built-in implementation: + +```c +#define WOLFSSL_STSAFEA100 /* or WOLFSSL_STSAFEA120 */ +#define WOLFSSL_STSAFE_INTERFACE_EXTERNAL +``` + +When `WOLFSSL_STSAFE_INTERFACE_EXTERNAL` is defined, the customer must provide a `stsafe_interface.h` header that defines: + +| Item | Type | Description | +|------|------|-------------| +| `stsafe_curve_id_t` | typedef | Curve identifier type | +| `stsafe_slot_t` | typedef | Key slot identifier type | +| `STSAFE_ECC_CURVE_P256` | macro | P-256 curve ID value | +| `STSAFE_ECC_CURVE_P384` | macro | P-384 curve ID value | +| `STSAFE_KEY_SLOT_0/1/EPHEMERAL` | macros | Key slot values | +| `STSAFE_A_OK` | macro | Success return code | +| `STSAFE_MAX_KEY_LEN` | macro | Max key size in bytes (48) | +| `STSAFE_MAX_PUBKEY_RAW_LEN` | macro | Max public key size (96) | +| `STSAFE_MAX_SIG_LEN` | macro | Max signature size (96) | + +And provide implementations for these internal interface functions: +- `int stsafe_interface_init(void)` +- `int stsafe_create_key(stsafe_slot_t*, stsafe_curve_id_t, uint8_t*)` +- `int stsafe_sign(stsafe_slot_t, stsafe_curve_id_t, uint8_t*, uint8_t*)` +- `int stsafe_verify(stsafe_curve_id_t, uint8_t*, uint8_t*, uint8_t*, uint8_t*, int32_t*)` +- `int stsafe_shared_secret(stsafe_slot_t, stsafe_curve_id_t, uint8_t*, uint8_t*, uint8_t*, int32_t*)` +- `int stsafe_read_certificate(uint8_t**, uint32_t*)` +- `int stsafe_get_random(uint8_t*, uint32_t)` (if `USE_STSAFE_RNG_SEED` defined) + +When **NOT** defined (default behavior): All code is self-contained in `stsafe.c` using the appropriate SDK automatically. + +The implementation provides these internal operations: + +| Operation | Description | +|-----------|-------------| +| `stsafe_interface_init()` | Initialize the STSAFE device (called by `wolfCrypt_Init()`) | +| `stsafe_sign()` | ECDSA signature generation (P-256/P-384) | +| `stsafe_verify()` | ECDSA signature verification (P-256/P-384) | +| `stsafe_create_key()` | Generate ECC key pair on device | +| `stsafe_shared_secret()` | ECDH shared secret computation | +| `stsafe_read_certificate()` | Read device certificate from secure storage | + +### STSELib Setup (A120) + +For STSAFE-A120, you need to include the STSELib library: + +1. Clone STSELib as a submodule or add to your project: + ```bash + git submodule add https://github.com/STMicroelectronics/STSELib.git lib/stselib + ``` + +2. Add STSELib headers to your include path + +3. Implement the platform abstraction files required by STSELib: + - `stse_conf.h` - Configuration (target device, features) + - `stse_platform_generic.h` - Platform callbacks (I2C, timing) + +4. See STSELib documentation for platform-specific integration details + +### Raspberry Pi with STSAFE-A120 + +For testing on a Raspberry Pi with an STSAFE-A120 connected via I2C: + +1. **Enable I2C** on the Raspberry Pi: + ```bash + sudo raspi-config + # Navigate to: Interface Options -> I2C -> Enable + ``` + +2. **Verify the STSAFE device is detected** (default I2C address is 0x20): + ```bash + sudo i2cdetect -y 1 + ``` + +3. **Build wolfSSL with STSAFE-A120 support**: + ```bash + ./configure --enable-pkcallbacks --enable-cryptocb \ + CFLAGS="-DWOLFSSL_STSAFEA120 -I/path/to/STSELib" + make + sudo make install + ``` + +4. **Platform abstraction**: Implement the STSELib I2C callbacks using the Linux I2C driver (`/dev/i2c-1`). + ### Benchmarks and Memory Use Software only implementation (STM32L4 120Mhz, Cortex-M4, Fast Math): diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stm32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* stm32.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -162,12 +162,13 @@ #endif } -static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, int algo) +static void wc_Stm32_Hash_RestoreContext(STM32_HASH_Context* ctx, word32 algo, + word32 mode) { int i; if (ctx->HASH_CR == 0) { - /* init content */ + /* init context */ #if defined(HASH_IMR_DINIE) && defined(HASH_IMR_DCIE) /* Disable IRQ's - wolfSSL does not use the HASH/RNG IRQ @@ -175,37 +176,31 @@ HASH->IMR &= ~(HASH_IMR_DINIE | HASH_IMR_DCIE); #endif - /* reset the control register */ - HASH->CR &= ~(HASH_CR_ALGO | HASH_CR_MODE | HASH_CR_DATATYPE - #ifdef HASH_CR_LKEY - | HASH_CR_LKEY - #endif - ); - - /* configure algorithm, mode and data type */ - HASH->CR |= (algo | HASH_ALGOMODE_HASH | HASH_DATATYPE_8B); - - /* reset HASH processor */ - HASH->CR |= HASH_CR_INIT; + /* Configure algorithm, mode, data type and initialize HASH processor. + * INIT must be written in the same register write as ALGO because + * setting INIT resets ALGO bits to their default value (MD5). */ + HASH->CR = (algo | mode | HASH_DATATYPE_8B | HASH_CR_INIT); /* by default mark all bits valid */ wc_Stm32_Hash_NumValidBits(0); #ifdef DEBUG_STM32_HASH - printf("STM Init algo %x\n", algo); + printf("STM Init algo %x, mode %x, CR %lx, SR %lx\n", + (unsigned int)algo, (unsigned int)mode, + HASH->CR, HASH->SR); #endif } else { /* restore context registers */ HASH->IMR = ctx->HASH_IMR; HASH->STR = ctx->HASH_STR; - HASH->CR = ctx->HASH_CR; #ifdef STM32_HASH_SHA3 HASH->SHA3CFGR = ctx->SHA3CFGR; #endif - /* Initialize the hash processor */ - HASH->CR |= HASH_CR_INIT; + /* Restore CR with INIT in a single write - setting INIT resets ALGO + * bits, so we must include the saved CR value in the same write. */ + HASH->CR = ctx->HASH_CR | HASH_CR_INIT; /* continue restoring context registers */ for (i=0; ibuffLen > 0) { @@ -444,6 +439,204 @@ return ret; } +#if defined(STM32_HMAC) && !defined(NO_HMAC) + +/* STM32 Port HMAC Functions */ +#include + +int wc_Stm32_Hmac_GetAlgoInfo(int macType, word32* algo, word32* blockSize, + word32* digestSize) +{ + int ret = 0; + + switch (macType) { + #if !defined(NO_MD5) && !defined(STM32_NOMD5) + case WC_MD5: + if (algo) *algo = HASH_AlgoSelection_MD5; + if (blockSize) *blockSize = WC_MD5_BLOCK_SIZE; + if (digestSize) *digestSize = WC_MD5_DIGEST_SIZE; + break; + #endif + #ifndef NO_SHA + case WC_SHA: + if (algo) *algo = HASH_AlgoSelection_SHA1; + if (blockSize) *blockSize = WC_SHA_BLOCK_SIZE; + if (digestSize) *digestSize = WC_SHA_DIGEST_SIZE; + break; + #endif + #ifdef WOLFSSL_SHA224 + case WC_SHA224: + if (algo) *algo = HASH_AlgoSelection_SHA224; + if (blockSize) *blockSize = WC_SHA224_BLOCK_SIZE; + if (digestSize) *digestSize = WC_SHA224_DIGEST_SIZE; + break; + #endif + #ifndef NO_SHA256 + case WC_SHA256: + if (algo) *algo = HASH_AlgoSelection_SHA256; + if (blockSize) *blockSize = WC_SHA256_BLOCK_SIZE; + if (digestSize) *digestSize = WC_SHA256_DIGEST_SIZE; + break; + #endif + #if defined(STM32_HASH_SHA384) && defined(WOLFSSL_SHA384) + case WC_SHA384: + if (algo) *algo = HASH_ALGOSELECTION_SHA384; + if (blockSize) *blockSize = WC_SHA384_BLOCK_SIZE; + if (digestSize) *digestSize = WC_SHA384_DIGEST_SIZE; + break; + #endif + #if defined(STM32_HASH_SHA512) && defined(WOLFSSL_SHA512) + case WC_SHA512: + if (algo) *algo = HASH_ALGOSELECTION_SHA512; + if (blockSize) *blockSize = WC_SHA512_BLOCK_SIZE; + if (digestSize) *digestSize = WC_SHA512_DIGEST_SIZE; + break; + #endif + default: + ret = BAD_FUNC_ARG; + break; + } + + return ret; +} + +static void wc_Stm32_Hmac_FeedKey(const byte* key, word32 keySz) +{ + word32 i, blocks; + word32 tmp; + + /* feed key words into HASH->DIN */ + blocks = keySz / STM32_HASH_REG_SIZE; + for (i = 0; i < blocks; i++) { + XMEMCPY(&tmp, key + (i * STM32_HASH_REG_SIZE), STM32_HASH_REG_SIZE); + HASH->DIN = tmp; + } + /* handle remaining bytes in last partial word */ + if (keySz % STM32_HASH_REG_SIZE) { + tmp = 0; + XMEMCPY(&tmp, key + (blocks * STM32_HASH_REG_SIZE), + keySz % STM32_HASH_REG_SIZE); + HASH->DIN = tmp; + } + ForceZero(&tmp, sizeof(tmp)); + +#ifdef DEBUG_STM32_HASH + printf("STM HMAC FeedKey %d bytes\n", (int)keySz); +#endif +} + + +/* STM32 HMAC Exposed Functions */ + +int wc_Stm32_Hmac_SetKey(STM32_HASH_Context* stmCtx, int macType, + const byte* key, word32 keySz) +{ + int ret; + word32 algo, blockSize, digestSize; + word32 mode; + + if (stmCtx == NULL || key == NULL) + return BAD_FUNC_ARG; + + ret = wc_Stm32_Hmac_GetAlgoInfo(macType, &algo, &blockSize, &digestSize); + if (ret != 0) + return ret; + +#ifdef DEBUG_STM32_HASH + printf("STM HMAC SetKey: macType %d, keySz %d\n", macType, (int)keySz); +#endif + + /* clear context for fresh HMAC */ + wc_Stm32_Hash_Init(stmCtx); + + /* turn on hash clock */ + STM32_HASH_CLOCK_ENABLE(stmCtx); + + /* initialize hardware for HMAC mode. + * Keys are always pre-hashed in software before reaching this point + * (see hmac.c), so keySz will always be <= blockSize here. */ + mode = HASH_ALGOMODE_HMAC; + wc_Stm32_Hash_RestoreContext(stmCtx, algo, mode); + + /* Phase 1: Feed key into HASH->DIN */ + wc_Stm32_Hmac_FeedKey(key, keySz); + + /* set number of valid bits in last word and trigger DCAL */ + wc_Stm32_Hash_NumValidBits(keySz); + HASH->STR |= HASH_STR_DCAL; + + /* wait for data input ready (phase 1 complete) */ + ret = wc_Stm32_Hash_WaitDataReady(stmCtx); + + if (ret == 0) { + /* save context for context switching */ + wc_Stm32_Hash_SaveContext(stmCtx); + } + + /* turn off hash clock */ + STM32_HASH_CLOCK_DISABLE(stmCtx); + + return ret; +} + +int wc_Stm32_Hmac_Final(STM32_HASH_Context* stmCtx, word32 algo, + const byte* key, word32 keySz, byte* hash, word32 digestSize) +{ + int ret; + + if (stmCtx == NULL || key == NULL || hash == NULL) + return BAD_FUNC_ARG; + +#ifdef DEBUG_STM32_HASH + printf("STM HMAC Final: algo %x, keySz %d, buffLen %d, fifoBytes %d\n", + (unsigned int)algo, (int)keySz, (int)stmCtx->buffLen, + (int)stmCtx->fifoBytes); +#endif + + /* turn on hash clock */ + STM32_HASH_CLOCK_ENABLE(stmCtx); + + /* restore HMAC context */ + wc_Stm32_Hash_RestoreContext(stmCtx, algo, HASH_ALGOMODE_HMAC); + + /* finish reading any trailing bytes into FIFO */ + if (stmCtx->buffLen > 0) { + wc_Stm32_Hash_Data(stmCtx, stmCtx->buffLen); + } + + /* Phase 2 complete: set valid bits and trigger DCAL */ + wc_Stm32_Hash_NumValidBits(stmCtx->loLen + stmCtx->buffLen); + HASH->STR |= HASH_STR_DCAL; + + /* wait for data input ready (phase 2 complete, ready for phase 3) */ + ret = wc_Stm32_Hash_WaitDataReady(stmCtx); + if (ret != 0) { + STM32_HASH_CLOCK_DISABLE(stmCtx); + return ret; + } + + /* Phase 3: Feed key again into HASH->DIN */ + wc_Stm32_Hmac_FeedKey(key, keySz); + + /* set valid bits for key and trigger DCAL */ + wc_Stm32_Hash_NumValidBits(keySz); + HASH->STR |= HASH_STR_DCAL; + + /* wait for hash done (digest computation complete) */ + ret = wc_Stm32_Hash_WaitCalcComp(stmCtx); + if (ret == 0) { + /* read message digest */ + wc_Stm32_Hash_GetDigest(hash, digestSize); + } + + /* turn off hash clock */ + STM32_HASH_CLOCK_DISABLE(stmCtx); + + return ret; +} + +#endif /* STM32_HMAC && !NO_HMAC */ + #endif /* STM32_HASH */ @@ -500,6 +693,7 @@ ret = HAL_CRYPEx_WrapKey(&hcryp, (uint32_t*)key, (uint32_t*)out, 100); HAL_CRYP_DeInit(&hcryp); } + ForceZero(key, sizeof(key)); ByteReverseWords((word32*)out, (word32*)out, inSz); *outSz = inSz; @@ -903,8 +1097,10 @@ } } #endif - if (res != MP_OKAY) + if (res != MP_OKAY) { + ForceZero(kbin, sizeof(kbin)); return res; + } pka_mul.modulusSize = szModulus; pka_mul.coefSign = coefA_sign; @@ -921,12 +1117,14 @@ status = HAL_PKA_ECCMul(&hpka, &pka_mul, HAL_MAX_DELAY); if (status != HAL_OK) { + ForceZero(kbin, sizeof(kbin)); HAL_PKA_RAMReset(&hpka); return WC_HW_E; } pka_mul_res.ptX = Gxbin; pka_mul_res.ptY = Gybin; HAL_PKA_ECCMul_GetResult(&hpka, &pka_mul_res); + ForceZero(kbin, sizeof(kbin)); res = mp_read_unsigned_bin(R->x, Gxbin, szModulus); if (res == MP_OKAY) { res = mp_read_unsigned_bin(R->y, Gybin, szModulus); @@ -1034,7 +1232,7 @@ if (hashlen > STM32_MAX_ECC_SIZE) { return ECC_BAD_ARG_E; } - else if (hashlen > size) { + else if ((int)hashlen > size) { /* in the case that hashlen is larger than key size place hash at * beginning of buffer */ XMEMCPY(Hashbin, hash, size); @@ -1117,13 +1315,18 @@ status = stm32_get_from_mp_int(Intbin, &gen_k, size); mp_clear(&gen_k); mp_clear(&order_mp); - if (status != MP_OKAY) + if (status != MP_OKAY) { + ForceZero(Intbin, sizeof(Intbin)); return status; + } /* get private part of "k" */ status = stm32_get_from_mp_int(Keybin, wc_ecc_key_get_priv(key), size); - if (status != MP_OKAY) + if (status != MP_OKAY) { + ForceZero(Keybin, sizeof(Keybin)); + ForceZero(Intbin, sizeof(Intbin)); return status; + } pka_ecc.primeOrderSize = size; pka_ecc.modulusSize = size; @@ -1139,9 +1342,11 @@ XMEMSET(Hashbin, 0, STM32_MAX_ECC_SIZE); if (hashlen > STM32_MAX_ECC_SIZE) { + ForceZero(Keybin, sizeof(Keybin)); + ForceZero(Intbin, sizeof(Intbin)); return ECC_BAD_ARG_E; } - else if (hashlen > size) { + else if ((int)hashlen > size) { /* in the case that hashlen is larger than key size place hash at * beginning of buffer */ XMEMCPY(Hashbin, hash, size); @@ -1161,10 +1366,14 @@ status = HAL_PKA_ECDSASign(&hpka, &pka_ecc, HAL_MAX_DELAY); if (status != HAL_OK) { + ForceZero(Keybin, sizeof(Keybin)); + ForceZero(Intbin, sizeof(Intbin)); HAL_PKA_RAMReset(&hpka); return WC_HW_E; } HAL_PKA_ECDSASign_GetResult(&hpka, &pka_ecc_out, NULL); + ForceZero(Keybin, sizeof(Keybin)); + ForceZero(Intbin, sizeof(Intbin)); status = mp_read_unsigned_bin(r, pka_ecc_out.RSign, size); if (status == MP_OKAY) status = mp_read_unsigned_bin(s, pka_ecc_out.SSign, size); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stsafe.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stsafe.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stsafe.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/st/stsafe.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* stsafe.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,91 +26,1163 @@ #include #include #include +#ifndef NO_ASN + #include +#endif #ifndef STSAFE_INTERFACE_PRINTF -#define STSAFE_INTERFACE_PRINTF(...) WC_DO_NOTHING + #define STSAFE_INTERFACE_PRINTF(...) WC_DO_NOTHING #endif -#ifdef WOLFSSL_STSAFEA100 +/* Combined STSAFE macro - set in stsafe.h when either A100/A120 is defined */ +#ifdef WOLFSSL_STSAFE -int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, - word32* pRawCertificateLen) +/* ========================================================================== */ +/* Internal Implementation (when NOT using external stsafe_interface.h) */ +/* ========================================================================== */ + +/* When WOLFSSL_STSAFE_INTERFACE_EXTERNAL is defined, all internal + * implementation is skipped and the customer provides their own + * stsafe_interface.h with custom implementations. This maintains + * backwards compatibility with older integration approaches. */ +#ifndef WOLFSSL_STSAFE_INTERFACE_EXTERNAL + +/* ========================================================================== */ +/* SDK-Specific Includes */ +/* ========================================================================== */ + +#ifdef WOLFSSL_STSAFEA120 + /* STSELib includes for A120 */ + #include "stselib.h" +#else /* WOLFSSL_STSAFEA100 */ + /* Legacy STSAFE-A1xx SDK includes */ + #include + #include + #include + #include + #include + #include + #include + #include +#endif + +/* ========================================================================== */ +/* Global State */ +/* ========================================================================== */ + +#ifdef WOLFSSL_STSAFEA120 + /* STSELib handler */ + static stse_Handler_t g_stse_handler; + static int g_stse_initialized = 0; +#else /* WOLFSSL_STSAFEA100 */ + /* Legacy SDK handle */ + static void* g_stsafe_handle = NULL; + + /* Host MAC and Cipher Keys for secure communication */ + /* NOTE: These are example keys + * - real implementations should store securely */ + #ifndef STSAFE_HOST_KEY_MAC + static const uint8_t g_host_mac_key[16] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + #endif + #ifndef STSAFE_HOST_KEY_CIPHER + static const uint8_t g_host_cipher_key[16] = { + 0x11, 0x11, 0x22, 0x22, 0x33, 0x33, 0x44, 0x44, + 0x55, 0x55, 0x66, 0x66, 0x77, 0x77, 0x88, 0x88 + }; + #endif +#endif + +/* Current curve mode for signing operations */ +static stsafe_curve_id_t g_stsafe_curve_mode = STSAFE_DEFAULT_CURVE; + + +/* ========================================================================== */ +/* Internal Helper Functions */ +/* ========================================================================== */ + +/** + * \brief Helper macros to store/retrieve slot number in devCtx + * \details Slot number is stored directly in devCtx as void* to avoid + * dynamic memory allocation. Slot values are small (0, 1, 0xFF) + * so safe to cast to/from void*. + */ +#define STSAFE_SLOT_TO_DEVCXT(slot) ((void*)(uintptr_t)(slot)) +#define STSAFE_DEVCXT_TO_SLOT(devCtx) ((stsafe_slot_t)(uintptr_t)(devCtx)) + + +/** + * \brief Get key size in bytes for a given curve + */ +static int stsafe_get_key_size(stsafe_curve_id_t curve_id) { - int err; + switch (curve_id) { + case STSAFE_ECC_CURVE_P256: + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256) + case STSAFE_ECC_CURVE_BP256: + #endif + return 32; + case STSAFE_ECC_CURVE_P384: + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384) + case STSAFE_ECC_CURVE_BP384: + #endif + return 48; + default: + break; + } + return 0; +} - if (pRawCertificate == NULL || pRawCertificateLen == NULL) { +/** + * \brief Convert wolfSSL ECC curve ID to STSAFE curve ID + */ +static stsafe_curve_id_t stsafe_get_ecc_curve_id(int ecc_curve) +{ + switch (ecc_curve) { + case ECC_SECP256R1: + return STSAFE_ECC_CURVE_P256; + case ECC_SECP384R1: + return STSAFE_ECC_CURVE_P384; + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256) + case ECC_BRAINPOOLP256R1: + return STSAFE_ECC_CURVE_BP256; + #endif + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384) + case ECC_BRAINPOOLP384R1: + return STSAFE_ECC_CURVE_BP384; + #endif + default: + break; + } + return STSAFE_DEFAULT_CURVE; +} + +/** + * \brief Convert STSAFE curve ID to wolfSSL ECC curve ID + */ +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_PK_CALLBACKS) +static int stsafe_get_ecc_curve(stsafe_curve_id_t curve_id) +{ + switch (curve_id) { + case STSAFE_ECC_CURVE_P256: + return ECC_SECP256R1; + case STSAFE_ECC_CURVE_P384: + return ECC_SECP384R1; + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256) + case STSAFE_ECC_CURVE_BP256: + return ECC_BRAINPOOLP256R1; + #endif + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384) + case STSAFE_ECC_CURVE_BP384: + return ECC_BRAINPOOLP384R1; + #endif + default: + break; + } + return ECC_SECP256R1; +} +#endif + +/** + * \brief Get current curve mode for signing + */ +static stsafe_curve_id_t stsafe_get_curve_mode(void) +{ + return g_stsafe_curve_mode; +} + +/** + * \brief Set current curve mode for signing + */ +static int stsafe_set_curve_mode(stsafe_curve_id_t curve_id) +{ + g_stsafe_curve_mode = curve_id; + return 0; +} + +/* Unused function workaround for some compilers */ +#ifdef __GNUC__ +__attribute__((unused)) +#endif +static void stsafe_unused_funcs(void) +{ +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_PK_CALLBACKS) + (void)stsafe_get_ecc_curve; +#endif + (void)stsafe_set_curve_mode; +} + +/* ========================================================================== */ +/* Internal Interface Functions - SDK Specific Implementations */ +/* ========================================================================== */ + +#ifdef WOLFSSL_STSAFEA120 +/* -------------------------------------------------------------------------- */ +/* STSELib (A120) Implementation */ +/* -------------------------------------------------------------------------- */ + +/** + * \brief Initialize STSAFE-A120 device using STSELib + */ +int stsafe_interface_init(void) +{ + int rc = 0; + stse_ReturnCode_t ret; + + if (g_stse_initialized) { + return 0; /* Already initialized */ + } + + /* Set default handler values */ + ret = stse_set_default_handler_value(&g_stse_handler); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_set_default_handler_value error: %d\n", + ret); + rc = -1; + } + + if (rc == 0) { + /* Configure for STSAFE-A120 on I2C bus 1 */ + g_stse_handler.device_type = STSAFE_A120; + #ifdef STSAFE_I2C_BUS + g_stse_handler.io.busID = STSAFE_I2C_BUS; + #else + g_stse_handler.io.busID = 1; + #endif + g_stse_handler.io.BusSpeed = 400; /* 400 kHz */ + + /* Initialize STSELib - this sets up I2C communication */ + ret = stse_init(&g_stse_handler); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_init error: %d\n", ret); + rc = -1; + } + } + + if (rc == 0) { + g_stse_initialized = 1; + #ifdef USE_STSAFE_VERBOSE + WOLFSSL_MSG("STSAFE-A120 (STSELib) initialized"); + #endif + } + + return rc; +} + +/** + * \brief Generate ECC key pair on STSAFE-A120 + * \details Uses dedicated key slot for persistent keys (typically slot 0 or 1). + * For ephemeral ECDHE keys, use stsafe_create_ecdhe_key() instead. + * + * Note: For ECDH operations on persistent slots, the key must be generated + * with appropriate usage settings. Per ST FAE: slot 0xFF with usage_limit=1 + * is recommended for ephemeral ECDH (key establishment mode). + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_create_key(stsafe_slot_t slot, stsafe_curve_id_t curve_id, + uint8_t* pPubKeyRaw) +{ + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + + if (pPubKeyRaw == NULL) { + return BAD_FUNC_ARG; + } + + /* Generate key pair - public key is X||Y concatenated + * Note: stse_generate_ecc_key_pair expects stse_ecc_key_type_t, + * but stsafe_curve_id_t values match stse_ecc_key_type_t enum values. + * + * For persistent keys: usage_limit=255 allows multiple operations (signing) + * For ephemeral keys (slot 0xFF): usage_limit=1 for key establishment mode + */ + ret = stse_generate_ecc_key_pair(&g_stse_handler, slot, + (stse_ecc_key_type_t)curve_id, + STSAFE_PERSISTENT_KEY_USAGE_LIMIT, + pPubKeyRaw); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_generate_ecc_key_pair error: %d\n", ret); + rc = (int)ret; + } + + return rc; +} + +/** + * \brief Generate ECDHE ephemeral key pair on STSAFE-A120 + * \details Uses stse_generate_ecc_key_pair() with slot 0xFF (ephemeral slot) + * and usage_limit=1 for key establishment mode. + * Per ST FAE recommendation: slot 0xFF must be used with mode of + * operation = key establishment and usage limit = 1 for ECDH operations. + * Public key is returned in X||Y format. + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_create_ecdhe_key(stsafe_curve_id_t curve_id, + uint8_t* pPubKeyRaw) +{ + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + + if (pPubKeyRaw == NULL) { return BAD_FUNC_ARG; } + /* Generate ephemeral key pair in slot 0xFF with usage_limit=1 + * This configures the key for key establishment mode */ + ret = stse_generate_ecc_key_pair(&g_stse_handler, + STSAFE_KEY_SLOT_EPHEMERAL, /* slot 0xFF */ + (stse_ecc_key_type_t)curve_id, + STSAFE_EPHEMERAL_KEY_USAGE_LIMIT, /* usage_limit = 1 */ + pPubKeyRaw); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_generate_ecc_key_pair (ephemeral) error: %d\n", ret); + rc = (int)ret; + } + + return rc; +} + +/** + * \brief ECDSA sign using STSAFE-A120 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_sign(stsafe_slot_t slot, stsafe_curve_id_t curve_id, + uint8_t* pHash, uint8_t* pSigRS) +{ + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + int key_sz = stsafe_get_key_size(curve_id); + + if (pHash == NULL || pSigRS == NULL) { + return BAD_FUNC_ARG; + } + + /* Sign hash - output is R || S concatenated */ + ret = stse_ecc_generate_signature(&g_stse_handler, slot, curve_id, + pHash, (uint16_t)key_sz, pSigRS); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_ecc_generate_signature error: %d\n", ret); + rc = (int)ret; + } + + return rc; +} + +/** + * \brief ECDSA verify using STSAFE-A120 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_verify(stsafe_curve_id_t curve_id, uint8_t* pHash, + uint8_t* pSigRS, uint8_t* pPubKeyX, uint8_t* pPubKeyY, + int32_t* pResult) +{ + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + int key_sz = stsafe_get_key_size(curve_id); + uint8_t pubKey[STSAFE_MAX_PUBKEY_RAW_LEN]; + uint8_t validity = 0; + + if (pHash == NULL || pSigRS == NULL || pPubKeyX == NULL || + pPubKeyY == NULL || pResult == NULL) { + return BAD_FUNC_ARG; + } + + /* Combine X and Y into single buffer (X||Y) */ + XMEMCPY(pubKey, pPubKeyX, key_sz); + XMEMCPY(pubKey + key_sz, pPubKeyY, key_sz); + + /* Verify signature - pMessage is the hash, pSignature is R||S */ + ret = stse_ecc_verify_signature(&g_stse_handler, curve_id, + pubKey, /* public key X||Y */ + pSigRS, /* signature R||S */ + pHash, /* message (hash) */ + (uint16_t)key_sz, /* message length */ + 0, /* eddsa_variant (0 for non-EdDSA) */ + &validity); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_ecc_verify_signature error: %d\n", ret); + *pResult = 0; + rc = (int)ret; + } + + if (rc == STSAFE_A_OK) { + *pResult = (validity != 0) ? 1 : 0; + } + + return rc; +} + +/** + * \brief ECDH shared secret using STSAFE-A120 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id, + uint8_t* pPubKeyX, uint8_t* pPubKeyY, + uint8_t* pSharedSecret, + int32_t* pSharedSecretLen) +{ + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + int key_sz = stsafe_get_key_size(curve_id); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + uint8_t* peerPubKey = NULL; +#else + uint8_t peerPubKey[STSAFE_MAX_PUBKEY_RAW_LEN]; +#endif + + if (pPubKeyX == NULL || pPubKeyY == NULL || pSharedSecret == NULL || + pSharedSecretLen == NULL) { + return BAD_FUNC_ARG; + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + peerPubKey = (uint8_t*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (peerPubKey == NULL) { + return MEMORY_E; + } +#endif + + /* Combine peer X and Y (X||Y format) */ + XMEMCPY(peerPubKey, pPubKeyX, key_sz); + XMEMCPY(peerPubKey + key_sz, pPubKeyY, key_sz); + + /* Compute shared secret + * Note: stse_ecc_establish_shared_secret expects stse_ecc_key_type_t. + * For STSAFE-A120, stsafe_curve_id_t values match stse_ecc_key_type_t enum values: + * STSAFE_ECC_CURVE_P256 (0) = STSE_ECC_KT_NIST_P_256 (0) + * STSAFE_ECC_CURVE_P384 (1) = STSE_ECC_KT_NIST_P_384 (1) */ + ret = stse_ecc_establish_shared_secret(&g_stse_handler, slot, + (stse_ecc_key_type_t)curve_id, peerPubKey, pSharedSecret); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_ecc_establish_shared_secret error: %d (slot: %d, curve_id: %d)\n", + ret, slot, curve_id); + rc = (int)ret; + } + + if (rc == STSAFE_A_OK) { + *pSharedSecretLen = (int32_t)key_sz; + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(peerPubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return rc; +} + +/** + * \brief Read device certificate from STSAFE-A120 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen) +{ +#ifdef WOLFSSL_NO_MALLOC + /* Certificate reading requires dynamic allocation */ + (void)ppCert; + (void)pCertLen; + return NOT_COMPILED_IN; +#else + int rc = STSAFE_A_OK; + stse_ReturnCode_t ret; + uint16_t certLen = 0; + uint8_t certZone = 0; /* Certificate zone 0 */ + + /* First, get certificate size */ + ret = stse_get_device_certificate_size(&g_stse_handler, certZone, &certLen); + if (ret != STSE_OK) { + STSAFE_INTERFACE_PRINTF("stse_get_device_certificate_size error: %d\n", + ret); + rc = (int)ret; + } + else if (certLen == 0) { + /* Certificate size is 0 - invalid certificate data */ + STSAFE_INTERFACE_PRINTF("stse_get_device_certificate_size returned zero length\n"); + rc = ASN_PARSE_E; + } + + /* Allocate buffer */ + if (rc == STSAFE_A_OK) { + *ppCert = (uint8_t*)XMALLOC(certLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*ppCert == NULL) { + rc = MEMORY_E; + } + } + + /* Read certificate */ + if (rc == STSAFE_A_OK) { + ret = stse_get_device_certificate(&g_stse_handler, certZone, certLen, + *ppCert); + if (ret != STSE_OK) { + XFREE(*ppCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + *ppCert = NULL; + STSAFE_INTERFACE_PRINTF("stse_get_device_certificate error: %d\n", + ret); + rc = (int)ret; + } + } + + if (rc == STSAFE_A_OK) { + *pCertLen = certLen; + } + + return rc; +#endif /* WOLFSSL_NO_MALLOC */ +} + +#if !defined(WC_NO_RNG) && defined(USE_STSAFE_RNG_SEED) +/** + * \brief Get random bytes from STSAFE-A120 + */ +static int stsafe_get_random(uint8_t* pRandom, uint32_t size) +{ + int rc; + stse_ReturnCode_t ret; + uint16_t len = (size > 0xFFFF) ? 0xFFFF : (uint16_t)size; + + ret = stse_generate_random(&g_stse_handler, pRandom, len); + if (ret != STSE_OK) { + rc = -1; + } + else { + rc = (int)len; + } + + return rc; +} +#endif + +#else /* WOLFSSL_STSAFEA100 */ +/* -------------------------------------------------------------------------- */ +/* Legacy STSAFE-A1xx SDK (A100/A110) Implementation */ +/* -------------------------------------------------------------------------- */ + +/** + * \brief Set host keys for secure communication + */ +static void stsafe_set_host_keys(void* handle) +{ + StSafeA_SetHostMacKey(handle, g_host_mac_key); + StSafeA_SetHostCipherKey(handle, g_host_cipher_key); +} + +/** + * \brief Check and initialize host keys + */ +static int stsafe_check_host_keys(void* handle) +{ + uint8_t status_code; + StSafeA_HostKeySlotBuffer* pHostKeySlot; + + status_code = StSafeA_HostKeySlotQuery(handle, &pHostKeySlot, + STSAFE_A_NO_MAC); + + if (status_code == STSAFE_A_OK && !pHostKeySlot->HostKeyPresenceFlag) { + /* Host keys not set, initialize them */ + uint8_t hostKeys[32]; + XMEMCPY(hostKeys, g_host_mac_key, 16); + XMEMCPY(hostKeys + 16, g_host_cipher_key, 16); + + status_code = StSafeA_PutAttribute(handle, STSAFE_A_HOST_KEY_SLOT_TAG, + hostKeys, sizeof(hostKeys), STSAFE_A_NO_MAC); + } + + return status_code; +} + +/** + * \brief Initialize STSAFE-A100/A110 device + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +int stsafe_interface_init(void) +{ + int rc = 0; + uint8_t status_code; + const uint8_t echo_data[3] = {0x01, 0x02, 0x03}; + StSafeA_EchoBuffer* echo_resp = NULL; + + if (g_stsafe_handle != NULL) { + return 0; /* Already initialized */ + } + + /* Create handle */ + status_code = StSafeA_CreateHandle(&g_stsafe_handle, STSAFE_I2C_ADDR); + if (status_code != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("StSafeA_CreateHandle error: %d\n", + status_code); + rc = -1; + } + + /* Echo test to verify communication */ + if (rc == 0) { + status_code = StSafeA_Echo(g_stsafe_handle, (uint8_t*)echo_data, 3, + &echo_resp, STSAFE_A_NO_MAC); + if (status_code != STSAFE_A_OK || + XMEMCMP(echo_data, echo_resp->Data, 3) != 0) { + STSAFE_INTERFACE_PRINTF("StSafeA_Echo error: %d\n", status_code); + rc = -1; + } + XFREE(echo_resp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + /* Check/initialize host keys */ + if (rc == 0) { + status_code = stsafe_check_host_keys(g_stsafe_handle); + if (status_code != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_check_host_keys error: %d\n", + status_code); + rc = -1; + } + } + #ifdef USE_STSAFE_VERBOSE - WOLFSSL_MSG("SSL_STSAFE_LoadDeviceCertificate"); + if (rc == 0) { + WOLFSSL_MSG("STSAFE-A100/A110 initialized"); + } #endif - /* Try reading device certificate from ST-SAFE Zone 0 */ - err = stsafe_interface_read_device_certificate_raw( - pRawCertificate, (uint32_t*)pRawCertificateLen); - if (err == STSAFE_A_OK) { - #if 0 - /* example for loading into WOLFSSL_CTX */ - err = wolfSSL_CTX_use_certificate_buffer(ctx, - *pRawCertificate, *pRawCertificateLen, SSL_FILETYPE_ASN1); - if (err != WOLFSSL_SUCCESS) { - /* failed */ - } - /* can free now */ - XFREE(*pRawCertificate, NULL, DYNAMIC_TEMP_BUFFER); - *pRawCertificate = NULL; - #endif + return rc; +} + +/** + * \brief Generate ECC key pair on STSAFE-A100/A110 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_create_key(stsafe_slot_t* pSlot, stsafe_curve_id_t curve_id, + uint8_t* pPubKeyRaw) +{ + int rc; + uint8_t status_code; + int key_sz = stsafe_get_key_size(curve_id); + stsafe_slot_t slot = STSAFE_KEY_SLOT_1; + StSafeA_CoordinateBuffer* pubX = NULL; + StSafeA_CoordinateBuffer* pubY = NULL; + uint8_t* pointRepId = NULL; + + stsafe_set_host_keys(g_stsafe_handle); + + status_code = StSafeA_GenerateKeyPair(g_stsafe_handle, slot, 0xFFFF, 1, + (StSafeA_KeyUsageAuthorizationFlags)( + STSAFE_A_COMMAND_RESPONSE_SIGNATURE | + STSAFE_A_MESSAGE_DIGEST_SIGNATURE | + STSAFE_A_KEY_ESTABLISHMENT), + curve_id, &pointRepId, &pubX, &pubY, STSAFE_A_HOST_C_MAC); + + if (status_code == STSAFE_A_OK && pointRepId != NULL && + *pointRepId == STSAFE_A_POINT_REPRESENTATION_ID && + pubX != NULL && pubY != NULL) { + XMEMCPY(pPubKeyRaw, pubX->Data, pubX->Length); + XMEMCPY(pPubKeyRaw + key_sz, pubY->Data, pubY->Length); + rc = STSAFE_A_OK; } else { - err = WC_HW_E; + rc = (int)(uint8_t)-1; + } + + /* Free SDK-allocated buffers */ + XFREE(pubX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubY, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (rc == STSAFE_A_OK && pSlot != NULL) { + *pSlot = slot; + } + + return rc; +} + +/** + * \brief ECDSA sign using STSAFE-A100/A110 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_sign(stsafe_slot_t slot, stsafe_curve_id_t curve_id, + uint8_t* pHash, uint8_t* pSigRS) +{ + int rc; + uint8_t status_code; + int key_sz = stsafe_get_key_size(curve_id); + StSafeA_SignatureBuffer* signature = NULL; + StSafeA_HashTypes hashType; + size_t r_length, s_length; + + hashType = (curve_id == STSAFE_ECC_CURVE_P384 || + curve_id == STSAFE_ECC_CURVE_BP384) ? + STSAFE_HASH_SHA384 : STSAFE_HASH_SHA256; + + status_code = StSafeA_GenerateSignature(g_stsafe_handle, slot, pHash, + hashType, &signature, STSAFE_A_NO_MAC); + + if (status_code == STSAFE_A_OK && signature != NULL) { + /* Parse signature - format is: len(2) || R || len(2) || S */ + r_length = ((uint16_t)signature->Data[0] << 8) | signature->Data[1]; + + /* Bounds check: r_length must be valid and fit within signature buffer */ + if (r_length > key_sz || r_length == 0 || + (size_t)(2 + r_length + 2) > signature->Length) { + rc = ASN_PARSE_E; + } + else { + s_length = ((uint16_t)signature->Data[2 + r_length] << 8) | + signature->Data[3 + r_length]; + + /* Bounds check: s_length must be valid and fit within signature buffer */ + if (s_length > key_sz || s_length == 0 || + (size_t)(4 + r_length + s_length) > signature->Length) { + rc = ASN_PARSE_E; + } + else { + /* Copy R and S to output (zero-padded) */ + XMEMSET(pSigRS, 0, key_sz * 2); + XMEMCPY(pSigRS + (key_sz - r_length), &signature->Data[2], r_length); + XMEMCPY(pSigRS + key_sz + (key_sz - s_length), + &signature->Data[4 + r_length], s_length); + rc = STSAFE_A_OK; + } + } + } + else { + rc = (int)status_code; + } + + /* Free SDK-allocated buffer */ + XFREE(signature, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return rc; +} + +/** + * \brief ECDSA verify using STSAFE-A100/A110 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_verify(stsafe_curve_id_t curve_id, uint8_t* pHash, + uint8_t* pSigRS, uint8_t* pPubKeyX, uint8_t* pPubKeyY, + int32_t* pResult) +{ + int rc = (int)(uint8_t)-1; + uint8_t status_code; + int key_sz = stsafe_get_key_size(curve_id); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + StSafeA_CoordinateBuffer* X = NULL; + StSafeA_CoordinateBuffer* Y = NULL; + StSafeA_SignatureBuffer* R = NULL; + StSafeA_SignatureBuffer* S = NULL; + StSafeA_SignatureBuffer* Hash = NULL; +#else + /* Stack buffers: 2 bytes for Length + STSAFE_MAX_KEY_LEN for Data */ + byte R_buf[2 + STSAFE_MAX_KEY_LEN]; + byte S_buf[2 + STSAFE_MAX_KEY_LEN]; + byte Hash_buf[2 + STSAFE_MAX_KEY_LEN]; + byte X_buf[2 + STSAFE_MAX_KEY_LEN]; + byte Y_buf[2 + STSAFE_MAX_KEY_LEN]; + StSafeA_SignatureBuffer* R = (StSafeA_SignatureBuffer*)R_buf; + StSafeA_SignatureBuffer* S = (StSafeA_SignatureBuffer*)S_buf; + StSafeA_SignatureBuffer* Hash = (StSafeA_SignatureBuffer*)Hash_buf; + StSafeA_CoordinateBuffer* X = (StSafeA_CoordinateBuffer*)X_buf; + StSafeA_CoordinateBuffer* Y = (StSafeA_CoordinateBuffer*)Y_buf; +#endif + StSafeA_VerifySignatureBuffer* Verif = NULL; + + *pResult = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Allocate buffers */ + R = (StSafeA_SignatureBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + S = (StSafeA_SignatureBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + Hash = (StSafeA_SignatureBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + X = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + Y = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (X == NULL || Y == NULL || R == NULL || S == NULL || Hash == NULL) { + XFREE(R, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(S, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(X, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Y, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + R->Length = key_sz; + S->Length = key_sz; + Hash->Length = key_sz; + X->Length = key_sz; + Y->Length = key_sz; + + XMEMCPY(R->Data, pSigRS, key_sz); + XMEMCPY(S->Data, pSigRS + key_sz, key_sz); + XMEMCPY(Hash->Data, pHash, key_sz); + XMEMCPY(X->Data, pPubKeyX, key_sz); + XMEMCPY(Y->Data, pPubKeyY, key_sz); + + status_code = StSafeA_VerifyMessageSignature(g_stsafe_handle, + curve_id, X, Y, R, S, Hash, &Verif, STSAFE_A_NO_MAC); + + if (status_code == STSAFE_A_OK && Verif != NULL) { + *pResult = Verif->SignatureValidity ? 1 : 0; + if (Verif->SignatureValidity) { + rc = STSAFE_A_OK; + } + } +#ifndef WOLFSSL_NO_MALLOC + /* Free SDK-allocated buffer */ + XFREE(Verif, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(R, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(S, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Hash, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(X, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Y, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return rc; +} + +/** + * \brief ECDH shared secret using STSAFE-A100/A110 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_shared_secret(stsafe_slot_t slot, stsafe_curve_id_t curve_id, + uint8_t* pPubKeyX, uint8_t* pPubKeyY, + uint8_t* pSharedSecret, + int32_t* pSharedSecretLen) +{ + int rc = (int)(uint8_t)-1; + uint8_t status_code; + int key_sz = stsafe_get_key_size(curve_id); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + StSafeA_CoordinateBuffer* peerX = NULL; + StSafeA_CoordinateBuffer* peerY = NULL; +#else + /* Stack buffers: 2 bytes for Length + STSAFE_MAX_KEY_LEN for Data */ + byte peerX_buf[2 + STSAFE_MAX_KEY_LEN]; + byte peerY_buf[2 + STSAFE_MAX_KEY_LEN]; + StSafeA_CoordinateBuffer* peerX = (StSafeA_CoordinateBuffer*)peerX_buf; + StSafeA_CoordinateBuffer* peerY = (StSafeA_CoordinateBuffer*)peerY_buf; +#endif + StSafeA_SharedSecretBuffer* sharedSecret = NULL; + + stsafe_set_host_keys(g_stsafe_handle); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + peerX = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + peerY = (StSafeA_CoordinateBuffer*)XMALLOC(key_sz + 2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + + if (peerX == NULL || peerY == NULL) { + XFREE(peerX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(peerY, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + peerX->Length = key_sz; + peerY->Length = key_sz; + XMEMCPY(peerX->Data, pPubKeyX, key_sz); + XMEMCPY(peerY->Data, pPubKeyY, key_sz); + + status_code = StSafeA_EstablishKey(g_stsafe_handle, slot, + peerX, peerY, &sharedSecret, STSAFE_A_HOST_C_MAC); + + if (status_code == STSAFE_A_OK && sharedSecret != NULL) { + *pSharedSecretLen = sharedSecret->SharedSecret.Length; + XMEMCPY(pSharedSecret, sharedSecret->SharedSecret.Data, + sharedSecret->SharedSecret.Length); + rc = STSAFE_A_OK; + } +#ifndef WOLFSSL_NO_MALLOC + /* Free SDK-allocated buffer */ + XFREE(sharedSecret, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(peerX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(peerY, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return rc; +} + +/** + * \brief Read device certificate from STSAFE-A100/A110 + * + * \return STSAFE_A_OK on success. + * \return Other value on failure. + */ +static int stsafe_read_certificate(uint8_t** ppCert, uint32_t* pCertLen) +{ +#ifdef WOLFSSL_NO_MALLOC + /* Certificate reading requires dynamic allocation */ + (void)ppCert; + (void)pCertLen; + return NOT_COMPILED_IN; +#else + int rc = STSAFE_A_OK; + uint8_t status_code; + StSafeA_ReadBuffer* readBuf = NULL; + struct stsafe_a* stsafe_a = (struct stsafe_a*)g_stsafe_handle; + uint8_t step; + uint16_t i; + + *pCertLen = 0; + + /* Read first 4 bytes to determine certificate length */ + status_code = StSafeA_Read(g_stsafe_handle, 0, 0, STSAFE_A_ALWAYS, + 0, 0, 4, &readBuf, STSAFE_A_NO_MAC); + + if (status_code == STSAFE_A_OK && readBuf != NULL && readBuf->Length == 4) { + /* Parse ASN.1 DER certificate header */ + /* 0x30 = ASN_SEQUENCE | ASN_CONSTRUCTED (certificate is a SEQUENCE) */ + if (readBuf->Data[0] == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + /* Parse ASN.1 length encoding */ + switch (readBuf->Data[1]) { + case (ASN_LONG_LENGTH | 0x01): /* Length encoded in 1 byte */ + *pCertLen = readBuf->Data[2] + 3; + break; + case (ASN_LONG_LENGTH | 0x02): /* Length encoded in 2 bytes */ + *pCertLen = ((uint16_t)readBuf->Data[2] << 8) + + readBuf->Data[3] + 4; + break; + default: + /* Short form: length < 128, encoded directly */ + if (readBuf->Data[1] < ASN_LONG_LENGTH) { + *pCertLen = readBuf->Data[1] + 2; + } + break; + } + /* Check if length parsing succeeded */ + if (*pCertLen == 0) { + rc = ASN_PARSE_E; + } + } + else { + /* Invalid ASN.1 header - expected SEQUENCE tag */ + rc = ASN_PARSE_E; + } + } + else { + rc = (int)status_code; + } + XFREE(readBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + readBuf = NULL; + + if (rc == STSAFE_A_OK && *pCertLen > 0) { + *ppCert = (uint8_t*)XMALLOC(*pCertLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (*ppCert == NULL) { + rc = MEMORY_E; + } + } + + if (rc == STSAFE_A_OK && *pCertLen > 0) { + /* STSAFE-A100/A110 maximum read size is 225 bytes per command. + * When CRC is supported, 2 bytes are used for CRC, leaving 223 bytes + * for data. Without CRC, we can read up to 225 bytes, but use 223 + * for consistency and to leave room for protocol overhead. */ + step = 223 - (stsafe_a->CrcSupport ? 2 : 0); + + for (i = 0; rc == STSAFE_A_OK && i < *pCertLen / step; i++) { + status_code = StSafeA_Read(g_stsafe_handle, 0, 0, + STSAFE_A_ALWAYS, 0, i * step, step, &readBuf, + STSAFE_A_NO_MAC); + if (status_code == STSAFE_A_OK) { + XMEMCPY(*ppCert + (i * step), readBuf->Data, readBuf->Length); + } + else { + rc = (int)status_code; + } + XFREE(readBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + readBuf = NULL; + } + + if (rc == STSAFE_A_OK && (*pCertLen % step)) { + status_code = StSafeA_Read(g_stsafe_handle, 0, 0, + STSAFE_A_ALWAYS, 0, i * step, *pCertLen % step, + &readBuf, STSAFE_A_NO_MAC); + if (status_code == STSAFE_A_OK) { + XMEMCPY(*ppCert + (i * step), readBuf->Data, readBuf->Length); + } + else { + rc = (int)status_code; + } + XFREE(readBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + readBuf = NULL; + } + } + + return rc; +#endif /* WOLFSSL_NO_MALLOC */ +} + +#if !defined(WC_NO_RNG) && defined(USE_STSAFE_RNG_SEED) +/** + * \brief Get random bytes from STSAFE-A100/A110 + */ +static int stsafe_get_random(uint8_t* pRandom, uint32_t size) +{ + int rc; + uint8_t status_code; + StSafeA_GenerateRandomBuffer* rndBuf = NULL; + uint8_t reqSize = (size > 255) ? 255 : (uint8_t)size; + + status_code = StSafeA_GenerateRandom(g_stsafe_handle, STSAFE_A_EPHEMERAL, + reqSize, &rndBuf, STSAFE_A_NO_MAC); + + if (status_code == STSAFE_A_OK && rndBuf != NULL) { + rc = (int)rndBuf->Length; + XMEMCPY(pRandom, rndBuf->Data, rndBuf->Length); + } + else { + rc = -1; + } + + XFREE(rndBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return rc; +} +#endif + +#endif /* WOLFSSL_STSAFEA120 */ + +#endif /* !WOLFSSL_STSAFE_INTERFACE_EXTERNAL */ + + +/* ========================================================================== */ +/* Public API Functions */ +/* ========================================================================== */ + +/** + * \brief Load device certificate from STSAFE + */ +int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, + word32* pRawCertificateLen) +{ + int err = 0; + + if (pRawCertificate == NULL || pRawCertificateLen == NULL) { + err = BAD_FUNC_ARG; + } + +#ifdef USE_STSAFE_VERBOSE + if (err == 0) { + WOLFSSL_MSG("SSL_STSAFE_LoadDeviceCertificate"); + } +#endif + + if (err == 0) { + err = stsafe_read_certificate(pRawCertificate, pRawCertificateLen); + if (err != STSAFE_A_OK) { + err = WC_HW_E; + } } return err; } -#ifdef HAVE_PK_CALLBACKS + +/* ========================================================================== */ +/* PK Callbacks */ +/* ========================================================================== */ + +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_PK_CALLBACKS) /** - * \brief Key Gen Callback (used by TLS server) + * \brief Key Gen Callback (used by TLS server for ECDHE) */ int SSL_STSAFE_CreateKeyCb(WOLFSSL* ssl, ecc_key* key, word32 keySz, int ecc_curve, void* ctx) { - int err; + int err = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* pubKeyRaw = NULL; +#else byte pubKeyRaw[STSAFE_MAX_PUBKEY_RAW_LEN]; - StSafeA_KeySlotNumber slot; - StSafeA_CurveId curve_id; +#endif + stsafe_slot_t slot; + stsafe_curve_id_t curve_id; (void)ssl; (void)ctx; #ifdef USE_STSAFE_VERBOSE - WOLFSSL_MSG("CreateKeyCb: STSAFE"); + WOLFSSL_MSG("CreateKeyCb: STSAFE (ECDHE)"); #endif - /* get curve */ - curve_id = stsafe_get_ecc_curve_id(ecc_curve); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + pubKeyRaw = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKeyRaw == NULL) { + err = MEMORY_E; + } +#endif - /* generate new ephemeral key on device */ - err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]); - if (err != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err); - #endif - err = WC_HW_E; - return err; + if (err == 0) { + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + +#ifdef WOLFSSL_STSAFEA120 + /* Use ECDHE ephemeral key generation for A120 */ + err = stsafe_create_ecdhe_key(curve_id, pubKeyRaw); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_create_ecdhe_key error: %d\n", err); + err = WC_HW_E; + } + /* For ECDHE, slot is not used (ephemeral key stored internally) */ + slot = STSAFE_KEY_SLOT_EPHEMERAL; +#else + /* Legacy A100/A110 uses slot-based key generation */ + err = stsafe_create_key(&slot, curve_id, pubKeyRaw); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_create_key error: %d\n", err); + err = WC_HW_E; + } +#endif } - /* load generated public key into key, used by wolfSSL */ - err = wc_ecc_import_unsigned(key, &pubKeyRaw[0], &pubKeyRaw[keySz], - NULL, ecc_curve); + if (err == 0) { + err = wc_ecc_import_unsigned(key, pubKeyRaw, &pubKeyRaw[keySz], + NULL, ecc_curve); + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(pubKeyRaw, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + (void)slot; /* May be unused for A120 ECDHE */ return err; } /** - * \brief Verify Peer Cert Callback. + * \brief Verify Peer Cert Callback */ int SSL_STSAFE_VerifyPeerCertCb(WOLFSSL* ssl, const unsigned char* sig, unsigned int sigSz, @@ -118,42 +1190,63 @@ const unsigned char* keyDer, unsigned int keySz, int* result, void* ctx) { - int err; + int err = 0; + int eccKeyInit = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* sigRS = NULL; + byte* pubKeyX = NULL; + byte* pubKeyY = NULL; +#else byte sigRS[STSAFE_MAX_SIG_LEN]; - byte *r = NULL, *s = NULL; - word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2; byte pubKeyX[STSAFE_MAX_PUBKEY_RAW_LEN/2]; byte pubKeyY[STSAFE_MAX_PUBKEY_RAW_LEN/2]; - word32 pubKeyX_len = sizeof(pubKeyX); - word32 pubKeyY_len = sizeof(pubKeyY); - ecc_key key; +#endif + byte* r = NULL; + byte* s = NULL; + word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2; + word32 pubKeyX_len = STSAFE_MAX_PUBKEY_RAW_LEN/2; + word32 pubKeyY_len = STSAFE_MAX_PUBKEY_RAW_LEN/2; + ecc_key eccKey; word32 inOutIdx = 0; - StSafeA_CurveId curve_id = STSAFE_A_NIST_P_256; + stsafe_curve_id_t curve_id = STSAFE_ECC_CURVE_P256; int ecc_curve; int key_sz = 0; (void)ssl; (void)ctx; + (void)hashSz; #ifdef USE_STSAFE_VERBOSE WOLFSSL_MSG("VerifyPeerCertCB: STSAFE"); #endif - err = wc_ecc_init(&key); - if (err != 0) { - return err; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + sigRS = (byte*)XMALLOC(STSAFE_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pubKeyX = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN/2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + pubKeyY = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN/2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (sigRS == NULL || pubKeyX == NULL || pubKeyY == NULL) { + err = MEMORY_E; + } +#endif + + if (err == 0) { + err = wc_ecc_init(&eccKey); + if (err == 0) { + eccKeyInit = 1; + } } - /* Decode the public key */ - err = wc_EccPublicKeyDecode(keyDer, &inOutIdx, &key, keySz); if (err == 0) { - /* Extract Raw X and Y coordinates of the public key */ - err = wc_ecc_export_public_raw(&key, pubKeyX, &pubKeyX_len, + err = wc_EccPublicKeyDecode(keyDer, &inOutIdx, &eccKey, keySz); + } + if (err == 0) { + err = wc_ecc_export_public_raw(&eccKey, pubKeyX, &pubKeyX_len, pubKeyY, &pubKeyY_len); } if (err == 0) { - /* determine curve */ - ecc_curve = key.dp->id; + ecc_curve = eccKey.dp->id; curve_id = stsafe_get_ecc_curve_id(ecc_curve); key_sz = stsafe_get_key_size(curve_id); if (key_sz <= 0 || key_sz > STSAFE_MAX_KEY_LEN) { @@ -161,113 +1254,139 @@ } } if (err == 0) { - /* Extract R and S from signature */ - XMEMSET(sigRS, 0, sizeof(sigRS)); + XMEMSET(sigRS, 0, STSAFE_MAX_SIG_LEN); r = &sigRS[0]; s = &sigRS[key_sz]; err = wc_ecc_sig_to_rs(sig, sigSz, r, &r_len, s, &s_len); } if (err == 0) { - /* make sure R and S are not too large */ - if (r_len > key_sz || s_len > key_sz) { + if ((int)r_len > key_sz || (int)s_len > key_sz) { err = BAD_FUNC_ARG; } } if (err == 0) { - /* make sure R and S are zero padded on front */ - XMEMMOVE(&sigRS[key_sz-r_len], r, r_len); - XMEMSET(&sigRS[0], 0, key_sz-r_len); - XMEMMOVE(&sigRS[key_sz + (key_sz-s_len)], s, s_len); - XMEMSET(&sigRS[key_sz], 0, key_sz-s_len); + /* Zero-pad R and S */ + XMEMMOVE(&sigRS[key_sz - r_len], r, r_len); + XMEMSET(&sigRS[0], 0, key_sz - r_len); + XMEMMOVE(&sigRS[key_sz + (key_sz - s_len)], s, s_len); + XMEMSET(&sigRS[key_sz], 0, key_sz - s_len); - /* Verify signature */ - err = stsafe_interface_verify(curve_id, (uint8_t*)hash, sigRS, + err = stsafe_verify(curve_id, (uint8_t*)hash, sigRS, pubKeyX, pubKeyY, (int32_t*)result); if (err != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", err); - #endif - err = -err; + STSAFE_INTERFACE_PRINTF("stsafe_verify error: %d\n", err); + err = WC_HW_E; } } - wc_ecc_free(&key); + if (eccKeyInit) { + wc_ecc_free(&eccKey); + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(sigRS, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKeyX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKeyY, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return err; } /** - * \brief Sign Certificate Callback. + * \brief Sign Certificate Callback */ int SSL_STSAFE_SignCertificateCb(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, const byte* key, word32 keySz, void* ctx) { - int err; + int err = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* digest = NULL; + byte* sigRS = NULL; +#else byte digest[STSAFE_MAX_KEY_LEN]; byte sigRS[STSAFE_MAX_SIG_LEN]; - byte *r, *s; - StSafeA_CurveId curve_id; +#endif + byte* r; + byte* s; + stsafe_curve_id_t curve_id; int key_sz; (void)ssl; (void)ctx; + (void)key; + (void)keySz; #ifdef USE_STSAFE_VERBOSE WOLFSSL_MSG("SignCertificateCb: STSAFE"); #endif - curve_id = stsafe_get_curve_mode(); - key_sz = stsafe_get_key_size(curve_id); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + digest = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + sigRS = (byte*)XMALLOC(STSAFE_MAX_SIG_LEN, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (digest == NULL || sigRS == NULL) { + err = MEMORY_E; + } +#endif - /* Build input digest */ - if (inSz > key_sz) - inSz = key_sz; - XMEMSET(&digest[0], 0, sizeof(digest)); - XMEMCPY(&digest[key_sz - inSz], in, inSz); - - /* Sign using slot 0: Result is R then S */ - /* Sign will always use the curve type in slot 0 (the TLS curve needs to match) */ - XMEMSET(sigRS, 0, sizeof(sigRS)); - err = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, digest, sigRS); - if (err != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", err); - #endif - err = WC_HW_E; - return err; + if (err == 0) { + curve_id = stsafe_get_curve_mode(); + key_sz = stsafe_get_key_size(curve_id); + + if ((int)inSz > key_sz) + inSz = key_sz; + + XMEMSET(digest, 0, STSAFE_MAX_KEY_LEN); + XMEMCPY(&digest[key_sz - inSz], in, inSz); + + XMEMSET(sigRS, 0, STSAFE_MAX_SIG_LEN); + err = stsafe_sign(STSAFE_KEY_SLOT_0, curve_id, digest, sigRS); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_sign error: %d\n", err); + err = WC_HW_E; + } } - /* Convert R and S to signature */ - r = &sigRS[0]; - s = &sigRS[key_sz]; - err = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, key_sz, - out, outSz); - if (err != 0) { - #ifdef USE_STSAFE_VERBOSE - WOLFSSL_MSG("Error converting RS to Signature"); - #endif + if (err == 0) { + r = &sigRS[0]; + s = &sigRS[key_sz]; + err = wc_ecc_rs_raw_to_sig(r, key_sz, s, key_sz, out, outSz); + if (err != 0) { + WOLFSSL_MSG("Error converting RS to Signature"); + } } +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigRS, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return err; } - /** - * \brief Create pre master secret using peer's public key and self private key. + * \brief Shared Secret Callback (ECDHE) */ int SSL_STSAFE_SharedSecretCb(WOLFSSL* ssl, ecc_key* otherKey, unsigned char* pubKeyDer, unsigned int* pubKeySz, unsigned char* out, unsigned int* outlen, int side, void* ctx) { - int err; + int err = 0; + int tmpKeyInit = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* otherKeyX = NULL; + byte* otherKeyY = NULL; + byte* pubKeyRaw = NULL; +#else byte otherKeyX[STSAFE_MAX_KEY_LEN]; byte otherKeyY[STSAFE_MAX_KEY_LEN]; - word32 otherKeyX_len = sizeof(otherKeyX); - word32 otherKeyY_len = sizeof(otherKeyY); byte pubKeyRaw[STSAFE_MAX_PUBKEY_RAW_LEN]; - StSafeA_KeySlotNumber slot = STSAFE_A_SLOT_0; - StSafeA_CurveId curve_id; +#endif + word32 otherKeyX_len = STSAFE_MAX_KEY_LEN; + word32 otherKeyY_len = STSAFE_MAX_KEY_LEN; + stsafe_slot_t slot = STSAFE_KEY_SLOT_0; + stsafe_curve_id_t curve_id; ecc_key tmpKey; int ecc_curve; int key_sz; @@ -276,95 +1395,117 @@ (void)ctx; #ifdef USE_STSAFE_VERBOSE - WOLFSSL_MSG("SharedSecretCb: STSAFE"); + WOLFSSL_MSG("SharedSecretCb: STSAFE (ECDHE)"); #endif - err = wc_ecc_init(&tmpKey); - if (err != 0) { - return err; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + otherKeyX = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + otherKeyY = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + pubKeyRaw = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (otherKeyX == NULL || otherKeyY == NULL || pubKeyRaw == NULL) { + err = MEMORY_E; } +#endif - /* set curve */ - ecc_curve = otherKey->dp->id; - curve_id = stsafe_get_ecc_curve_id(ecc_curve); - key_sz = stsafe_get_key_size(curve_id); - - /* for client: create and export public key */ - if (side == WOLFSSL_CLIENT_END) { - /* Export otherKey raw X and Y */ - err = wc_ecc_export_public_raw(otherKey, - &otherKeyX[0], (word32*)&otherKeyX_len, - &otherKeyY[0], (word32*)&otherKeyY_len); - if (err != 0) { - return err; + if (err == 0) { + err = wc_ecc_init(&tmpKey); + if (err == 0) { + tmpKeyInit = 1; } + } - err = stsafe_interface_create_key(&slot, curve_id, (uint8_t*)&pubKeyRaw[0]); - if (err != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", err); - #endif - err = WC_HW_E; - return err; - } + if (err == 0) { + ecc_curve = otherKey->dp->id; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + key_sz = stsafe_get_key_size(curve_id); - /* convert raw unsigned public key to X.963 format for TLS */ - err = wc_ecc_init(&tmpKey); - if (err == 0) { - err = wc_ecc_import_unsigned(&tmpKey, &pubKeyRaw[0], &pubKeyRaw[key_sz], - NULL, ecc_curve); + if (side == WOLFSSL_CLIENT_END) { + err = wc_ecc_export_public_raw(otherKey, otherKeyX, &otherKeyX_len, + otherKeyY, &otherKeyY_len); + + if (err == 0) { +#ifdef WOLFSSL_STSAFEA120 + /* Use ECDHE ephemeral key generation for A120 */ + err = stsafe_create_ecdhe_key(curve_id, pubKeyRaw); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_create_ecdhe_key error: %d\n", + err); + err = WC_HW_E; + } + slot = STSAFE_KEY_SLOT_EPHEMERAL; +#else + /* Legacy A100/A110 uses slot-based key generation */ + err = stsafe_create_key(&slot, curve_id, pubKeyRaw); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_create_key error: %d\n", + err); + err = WC_HW_E; + } +#endif + } + + if (err == 0) { + err = wc_ecc_import_unsigned(&tmpKey, pubKeyRaw, + &pubKeyRaw[key_sz], NULL, ecc_curve); + } if (err == 0) { err = wc_ecc_export_x963(&tmpKey, pubKeyDer, pubKeySz); } - wc_ecc_free(&tmpKey); } - } - /* for server: import public key */ - else if (side == WOLFSSL_SERVER_END) { - /* import peer's key and export as raw unsigned for hardware */ - err = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &tmpKey, ecc_curve); - if (err == 0) { - err = wc_ecc_export_public_raw(&tmpKey, otherKeyX, &otherKeyX_len, - otherKeyY, &otherKeyY_len); + else if (side == WOLFSSL_SERVER_END) { + err = wc_ecc_import_x963_ex(pubKeyDer, *pubKeySz, &tmpKey, + ecc_curve); + if (err == 0) { + err = wc_ecc_export_public_raw(&tmpKey, otherKeyX, + &otherKeyX_len, otherKeyY, &otherKeyY_len); + } + } + else { + err = BAD_FUNC_ARG; } - } - else { - err = BAD_FUNC_ARG; } - wc_ecc_free(&tmpKey); + if (err == 0) { + err = stsafe_shared_secret(slot, curve_id, otherKeyX, otherKeyY, + out, (int32_t*)outlen); + if (err != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_shared_secret error: %d\n", err); + err = WC_HW_E; + } + } - if (err != 0) { - return err; + if (tmpKeyInit) { + wc_ecc_free(&tmpKey); } - /* Compute shared secret */ - err = stsafe_interface_shared_secret( -#ifdef WOLFSSL_STSAFE_TAKES_SLOT - slot, +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(otherKeyX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(otherKeyY, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKeyRaw, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - curve_id, &otherKeyX[0], &otherKeyY[0], - out, (int32_t*)outlen); - if (err != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", err); - #endif - err = WC_HW_E; - } return err; } +/** + * \brief Setup PK callbacks for STSAFE + */ int SSL_STSAFE_SetupPkCallbacks(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetEccKeyGenCb(ctx, SSL_STSAFE_CreateKeyCb); wolfSSL_CTX_SetEccSignCb(ctx, SSL_STSAFE_SignCertificateCb); wolfSSL_CTX_SetEccVerifyCb(ctx, SSL_STSAFE_VerifyPeerCertCb); wolfSSL_CTX_SetEccSharedSecretCb(ctx, SSL_STSAFE_SharedSecretCb); - wolfSSL_CTX_SetDevId(ctx, 0); /* enables wolfCrypt `wc_ecc_*` ST-Safe use */ + wolfSSL_CTX_SetDevId(ctx, 0); return 0; } +/** + * \brief Setup PK callback context + */ int SSL_STSAFE_SetupPkCallbackCtx(WOLFSSL* ssl, void* user_ctx) { wolfSSL_SetEccKeyGenCtx(ssl, user_ctx); @@ -374,9 +1515,13 @@ return 0; } - #endif /* HAVE_PK_CALLBACKS */ + +/* ========================================================================== */ +/* Crypto Callbacks */ +/* ========================================================================== */ + #ifdef WOLF_CRYPTO_CB int wolfSSL_STSAFE_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) @@ -384,212 +1529,381 @@ int rc = CRYPTOCB_UNAVAILABLE; wolfSTSAFE_CryptoCb_Ctx* stsCtx = (wolfSTSAFE_CryptoCb_Ctx*)ctx; - if (info == NULL || ctx == NULL) - return BAD_FUNC_ARG; + if (info == NULL || ctx == NULL) { + rc = BAD_FUNC_ARG; + } (void)devId; (void)stsCtx; - if (info->algo_type == WC_ALGO_TYPE_SEED) { - /* use the STSAFE hardware for RNG seed */ + if (rc != BAD_FUNC_ARG && info->algo_type == WC_ALGO_TYPE_SEED) { #if !defined(WC_NO_RNG) && defined(USE_STSAFE_RNG_SEED) - while (info->seed.sz > 0) { - rc = stsafe_interface_getrandom(info->seed.seed, info->seed.sz); - if (rc < 0) { - return rc; + rc = 0; + while (rc == 0 && info->seed.sz > 0) { + int len = stsafe_get_random(info->seed.seed, info->seed.sz); + if (len < 0) { + rc = len; + } + else { + info->seed.seed += len; + info->seed.sz -= len; } - info->seed.seed += rc; - info->seed.sz -= rc; } - rc = 0; #else rc = CRYPTOCB_UNAVAILABLE; #endif } #ifdef HAVE_ECC - else if (info->algo_type == WC_ALGO_TYPE_PK) { + else if (rc != BAD_FUNC_ARG && info->algo_type == WC_ALGO_TYPE_PK) { #ifdef USE_STSAFE_VERBOSE STSAFE_INTERFACE_PRINTF("STSAFE Pk: Type %d\n", info->pk.type); #endif if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* pubKeyRaw = NULL; + #else byte pubKeyRaw[STSAFE_MAX_PUBKEY_RAW_LEN]; - StSafeA_KeySlotNumber slot; - StSafeA_CurveId curve_id; + #endif + stsafe_slot_t slot; + stsafe_curve_id_t curve_id; int ecc_curve, key_sz; WOLFSSL_MSG("STSAFE: ECC KeyGen"); - /* get curve */ - ecc_curve = info->pk.eckg.curveId; - curve_id = stsafe_get_ecc_curve_id(ecc_curve); - key_sz = stsafe_get_key_size(curve_id); - - /* generate new ephemeral key on device */ - rc = stsafe_interface_create_key(&slot, curve_id, - (uint8_t*)pubKeyRaw); - if (rc != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_create_key error: %d\n", rc); - #endif - rc = WC_HW_E; - return rc; - } - - /* load generated public key into key, used by wolfSSL */ - rc = wc_ecc_import_unsigned(info->pk.eckg.key, pubKeyRaw, - &pubKeyRaw[key_sz], NULL, ecc_curve); + rc = 0; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + pubKeyRaw = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKeyRaw == NULL) { + rc = MEMORY_E; + } + #endif + + if (rc == 0) { + ecc_curve = info->pk.eckg.curveId; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + key_sz = stsafe_get_key_size(curve_id); + + /* For A120: Use ephemeral slot (0xFF) for ECDH/ECDHE operations. + * Use persistent slots (0-4) for ECDSA signing operations. + * Note: Persistent slots require key establishment to be enabled + * in their mode of operation flags via put_attribute command. */ +#ifdef WOLFSSL_STSAFEA120 + /* Check if this is for ECDH by looking at devCtx hint */ + if (info->pk.eckg.key != NULL && info->pk.eckg.key->devCtx != NULL) { + slot = STSAFE_DEVCXT_TO_SLOT(info->pk.eckg.key->devCtx); + } else { + /* Default: Use slot 1 for ECDSA signing */ + slot = STSAFE_KEY_SLOT_1; + } + + STSAFE_INTERFACE_PRINTF("STSAFE: KeyGen slot %d, curve_id %d\n", + slot, curve_id); + + /* Always use ephemeral slot (0xFF) for ECDH operations */ + if (slot == STSAFE_KEY_SLOT_EPHEMERAL) { + rc = stsafe_create_ecdhe_key(curve_id, pubKeyRaw); + } else { + /* Persistent slot for signing */ + rc = stsafe_create_key(slot, curve_id, pubKeyRaw); + } + if (rc != STSE_OK) { + STSAFE_INTERFACE_PRINTF("STSAFE: KeyGen (slot %d) error: %d\n", slot, rc); + rc = WC_HW_E; + } else { + rc = STSAFE_A_OK; + } +#else + /* Legacy A100/A110 uses slot-based key generation */ + rc = stsafe_create_key(&slot, curve_id, pubKeyRaw); + if (rc != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_create_key error: %d\n", + rc); + rc = WC_HW_E; + } +#endif + } + + if (rc == 0) { + /* Import public key */ + rc = wc_ecc_import_unsigned(info->pk.eckg.key, pubKeyRaw, + &pubKeyRaw[key_sz], NULL, ecc_curve); + } + + if (rc == 0) { + /* Store slot number directly in devCtx */ + info->pk.eckg.key->devCtx = STSAFE_SLOT_TO_DEVCXT(slot); + } + + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(pubKeyRaw, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* digest = NULL; + byte* sigRS = NULL; + #else byte digest[STSAFE_MAX_KEY_LEN]; byte sigRS[STSAFE_MAX_SIG_LEN]; - byte *r, *s; - StSafeA_CurveId curve_id; + #endif + byte* r; + byte* s; + stsafe_slot_t slot; + stsafe_curve_id_t curve_id; + int ecc_curve; word32 inSz = info->pk.eccsign.inlen; int key_sz; WOLFSSL_MSG("STSAFE: ECC Sign"); - curve_id = stsafe_get_curve_mode(); - key_sz = stsafe_get_key_size(curve_id); + rc = 0; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + digest = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + sigRS = (byte*)XMALLOC(STSAFE_MAX_SIG_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (digest == NULL || sigRS == NULL) { + rc = MEMORY_E; + } + #endif + + if (rc == 0) { + /* Get curve from signing key */ + if (info->pk.eccsign.key != NULL && + info->pk.eccsign.key->dp != NULL) { + ecc_curve = info->pk.eccsign.key->dp->id; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + } else { + curve_id = stsafe_get_curve_mode(); + } + key_sz = stsafe_get_key_size(curve_id); - /* truncate input to match key size */ - if (inSz > key_sz) - inSz = key_sz; - - /* Build input digest */ - XMEMSET(&digest[0], 0, sizeof(digest)); - XMEMCPY(&digest[key_sz - inSz], info->pk.eccsign.in, inSz); - - /* Sign using slot 0: Result is R then S */ - /* Sign will always use the curve type in slot 0 - (the TLS curve needs to match) */ - XMEMSET(sigRS, 0, sizeof(sigRS)); - rc = stsafe_interface_sign(STSAFE_A_SLOT_0, curve_id, - (uint8_t*)info->pk.eccsign.in, sigRS); - if (rc != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_sign error: %d\n", rc); - #endif - rc = WC_HW_E; - return rc; - } - - /* Convert R and S to signature */ - r = &sigRS[0]; - s = &sigRS[key_sz]; - rc = wc_ecc_rs_raw_to_sig((const byte*)r, key_sz, (const byte*)s, - key_sz, info->pk.eccsign.out, info->pk.eccsign.outlen); - if (rc != 0) { - WOLFSSL_MSG("Error converting RS to Signature"); + if ((int)inSz > key_sz) + inSz = key_sz; + + XMEMSET(digest, 0, STSAFE_MAX_KEY_LEN); + XMEMCPY(&digest[key_sz - inSz], info->pk.eccsign.in, inSz); + + XMEMSET(sigRS, 0, STSAFE_MAX_SIG_LEN); + /* Retrieve slot from devCtx if available, otherwise use default */ + slot = STSAFE_KEY_SLOT_1; /* Default fallback */ + if (info->pk.eccsign.key != NULL && info->pk.eccsign.key->devCtx != NULL) { + slot = STSAFE_DEVCXT_TO_SLOT(info->pk.eccsign.key->devCtx); + STSAFE_INTERFACE_PRINTF("STSAFE: Sign using slot %d\n", slot); + } else { + WOLFSSL_MSG("STSAFE: Sign using default slot 1"); + } + rc = stsafe_sign(slot, curve_id, digest, sigRS); + if (rc != STSAFE_A_OK) { + STSAFE_INTERFACE_PRINTF("stsafe_sign error: %d\n", rc); + rc = WC_HW_E; + } + } + + if (rc == 0) { + r = &sigRS[0]; + s = &sigRS[key_sz]; + rc = wc_ecc_rs_raw_to_sig(r, key_sz, s, key_sz, + info->pk.eccsign.out, info->pk.eccsign.outlen); + if (rc != 0) { + WOLFSSL_MSG("Error converting RS to Signature"); + } } + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigRS, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* sigRS = NULL; + byte* pubKeyX = NULL; + byte* pubKeyY = NULL; + #else byte sigRS[STSAFE_MAX_SIG_LEN]; - byte *r = NULL, *s = NULL; - word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2; byte pubKeyX[STSAFE_MAX_PUBKEY_RAW_LEN/2]; byte pubKeyY[STSAFE_MAX_PUBKEY_RAW_LEN/2]; - word32 pubKeyX_len = sizeof(pubKeyX); - word32 pubKeyY_len = sizeof(pubKeyY); - StSafeA_CurveId curve_id; + #endif + byte* r = NULL; + byte* s = NULL; + word32 r_len = STSAFE_MAX_SIG_LEN/2, s_len = STSAFE_MAX_SIG_LEN/2; + word32 pubKeyX_len = STSAFE_MAX_PUBKEY_RAW_LEN/2; + word32 pubKeyY_len = STSAFE_MAX_PUBKEY_RAW_LEN/2; + stsafe_curve_id_t curve_id; int ecc_curve, key_sz; WOLFSSL_MSG("STSAFE: ECC Verify"); + rc = 0; if (info->pk.eccverify.key == NULL || info->pk.eccverify.key->dp == NULL) { - return BAD_FUNC_ARG; + rc = BAD_FUNC_ARG; } - /* determine curve */ - ecc_curve = info->pk.eccverify.key->dp->id; - curve_id = stsafe_get_ecc_curve_id(ecc_curve); - key_sz = stsafe_get_key_size(curve_id); - if (key_sz <= 0 || key_sz > STSAFE_MAX_KEY_LEN) { - return BAD_FUNC_ARG; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (rc == 0) { + sigRS = (byte*)XMALLOC(STSAFE_MAX_SIG_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + pubKeyX = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN/2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + pubKeyY = (byte*)XMALLOC(STSAFE_MAX_PUBKEY_RAW_LEN/2, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (sigRS == NULL || pubKeyX == NULL || pubKeyY == NULL) { + rc = MEMORY_E; + } + } + #endif + + if (rc == 0) { + ecc_curve = info->pk.eccverify.key->dp->id; + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + key_sz = stsafe_get_key_size(curve_id); + if (key_sz <= 0 || key_sz > STSAFE_MAX_KEY_LEN) { + rc = BAD_FUNC_ARG; + } } - /* Extract Raw X and Y coordinates of the public key */ - rc = wc_ecc_export_public_raw(info->pk.eccverify.key, - pubKeyX, &pubKeyX_len, - pubKeyY, &pubKeyY_len); if (rc == 0) { - /* Extract R and S from signature */ - XMEMSET(sigRS, 0, sizeof(sigRS)); + rc = wc_ecc_export_public_raw(info->pk.eccverify.key, + pubKeyX, &pubKeyX_len, pubKeyY, &pubKeyY_len); + } + if (rc == 0) { + XMEMSET(sigRS, 0, STSAFE_MAX_SIG_LEN); r = &sigRS[0]; s = &sigRS[key_sz]; rc = wc_ecc_sig_to_rs(info->pk.eccverify.sig, info->pk.eccverify.siglen, r, &r_len, s, &s_len); } if (rc == 0) { - /* make sure R and S are not too large */ - if (r_len > key_sz || s_len > key_sz) { + if ((int)r_len > key_sz || (int)s_len > key_sz) { rc = BAD_FUNC_ARG; } } if (rc == 0) { - /* make sure R and S are zero padded on front */ - XMEMMOVE(&sigRS[key_sz-r_len], r, r_len); - XMEMSET(&sigRS[0], 0, key_sz-r_len); - XMEMMOVE(&sigRS[key_sz + (key_sz-s_len)], s, s_len); - XMEMSET(&sigRS[key_sz], 0, key_sz-s_len); - - /* Verify signature */ - rc = stsafe_interface_verify(curve_id, - (uint8_t*)info->pk.eccverify.hash, sigRS, pubKeyX, pubKeyY, - (int32_t*)info->pk.eccverify.res); + XMEMMOVE(&sigRS[key_sz - r_len], r, r_len); + XMEMSET(&sigRS[0], 0, key_sz - r_len); + XMEMMOVE(&sigRS[key_sz + (key_sz - s_len)], s, s_len); + XMEMSET(&sigRS[key_sz], 0, key_sz - s_len); + + rc = stsafe_verify(curve_id, (uint8_t*)info->pk.eccverify.hash, + sigRS, pubKeyX, pubKeyY, (int32_t*)info->pk.eccverify.res); if (rc != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_verify error: %d\n", rc); - #endif - rc = -rc; + STSAFE_INTERFACE_PRINTF("stsafe_verify error: %d\n", rc); + rc = WC_HW_E; } } + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(sigRS, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKeyX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKeyY, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } else if (info->pk.type == WC_PK_TYPE_ECDH) { + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* otherKeyX = NULL; + byte* otherKeyY = NULL; + #else byte otherKeyX[STSAFE_MAX_KEY_LEN]; byte otherKeyY[STSAFE_MAX_KEY_LEN]; - word32 otherKeyX_len = sizeof(otherKeyX); - word32 otherKeyY_len = sizeof(otherKeyY); - StSafeA_CurveId curve_id; + #endif + word32 otherKeyX_len = STSAFE_MAX_KEY_LEN; + word32 otherKeyY_len = STSAFE_MAX_KEY_LEN; + stsafe_curve_id_t curve_id; + stsafe_slot_t slot; int ecc_curve; - WOLFSSL_MSG("STSAFE: PMS"); + WOLFSSL_MSG("STSAFE: ECDH"); - if (info->pk.ecdh.public_key == NULL) - return BAD_FUNC_ARG; + rc = 0; + if (info->pk.ecdh.public_key == NULL) { + rc = BAD_FUNC_ARG; + } - /* get curve */ - ecc_curve = info->pk.ecdh.public_key->dp->id; - curve_id = stsafe_get_ecc_curve_id(ecc_curve); + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (rc == 0) { + otherKeyX = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + otherKeyY = (byte*)XMALLOC(STSAFE_MAX_KEY_LEN, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (otherKeyX == NULL || otherKeyY == NULL) { + rc = MEMORY_E; + } + } + #endif + + if (rc == 0) { + /* Get curve from private_key (hardware key), not public_key (peer key) */ + if (info->pk.ecdh.private_key != NULL && + info->pk.ecdh.private_key->dp != NULL) { + ecc_curve = info->pk.ecdh.private_key->dp->id; + } else if (info->pk.ecdh.public_key != NULL && + info->pk.ecdh.public_key->dp != NULL) { + /* Fallback to public_key if private_key not available */ + ecc_curve = info->pk.ecdh.public_key->dp->id; + } else { + rc = BAD_FUNC_ARG; + } + if (rc == 0) { + curve_id = stsafe_get_ecc_curve_id(ecc_curve); + /* Note: STSAFE_ECC_CURVE_P256 is 0, so we can't use STSAFE_DEFAULT_CURVE check. + * Instead, verify the curve_id is valid by checking it's one of the supported curves */ + if (curve_id != STSAFE_ECC_CURVE_P256 && curve_id != STSAFE_ECC_CURVE_P384 + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_256) + && curve_id != STSAFE_ECC_CURVE_BP256 + #endif + #if defined(HAVE_ECC_BRAINPOOL) && defined(STSE_CONF_ECC_BRAINPOOL_P_384) + && curve_id != STSAFE_ECC_CURVE_BP384 + #endif + ) { + rc = BAD_FUNC_ARG; + } + } - /* Export otherKey raw X and Y */ - rc = wc_ecc_export_public_raw(info->pk.ecdh.public_key, - &otherKeyX[0], (word32*)&otherKeyX_len, - &otherKeyY[0], (word32*)&otherKeyY_len); + if (rc == 0) { + rc = wc_ecc_export_public_raw(info->pk.ecdh.public_key, + otherKeyX, &otherKeyX_len, otherKeyY, &otherKeyY_len); + } + } if (rc == 0) { - /* Compute shared secret */ *info->pk.ecdh.outlen = 0; - rc = stsafe_interface_shared_secret( - #ifdef WOLFSSL_STSAFE_TAKES_SLOT - STSAFE_A_SLOT_0, - #endif - curve_id, - otherKeyX, otherKeyY, - info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen); - if (rc != STSAFE_A_OK) { - #ifdef USE_STSAFE_VERBOSE - STSAFE_INTERFACE_PRINTF("stsafe_interface_shared_secret error: %d\n", rc); - #endif - rc = WC_HW_E; + + if (rc == 0) { + /* For ECDH operations, use the slot from devCtx. */ + slot = STSAFE_KEY_SLOT_EPHEMERAL; + if (info->pk.ecdh.private_key != NULL && + info->pk.ecdh.private_key->devCtx != NULL) { + slot = STSAFE_DEVCXT_TO_SLOT(info->pk.ecdh.private_key->devCtx); + } + + STSAFE_INTERFACE_PRINTF("STSAFE: ECDH with slot %d, curve_id %d\n", + slot, curve_id); + + rc = stsafe_shared_secret(slot, curve_id, + otherKeyX, otherKeyY, + info->pk.ecdh.out, (int32_t*)info->pk.ecdh.outlen); + if (rc != STSAFE_A_OK) { + WOLFSSL_MSG("STSAFE: stsafe_shared_secret failed"); + STSAFE_INTERFACE_PRINTF("stsafe_shared_secret " + "error: %d (slot: %d, curve_id: %d)\n", + rc, slot, curve_id); + rc = WC_HW_E; + } } } + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(otherKeyX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(otherKeyY, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif } } #endif /* HAVE_ECC */ - /* need to return negative here for error */ if (rc != 0 && rc != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { WOLFSSL_MSG("STSAFE: CryptoCb failed"); #ifdef USE_STSAFE_VERBOSE @@ -603,4 +1917,4 @@ #endif /* WOLF_CRYPTO_CB */ -#endif /* WOLFSSL_STSAFEA100 */ +#endif /* WOLFSSL_STSAFE */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-aes.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* port/ti/ti-aes.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -73,7 +73,7 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { if (!wolfSSL_TI_CCMInit()) - return 1; + return WC_HW_E; if ((aes == NULL) || (key == NULL)) return BAD_FUNC_ARG; if (!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION))) @@ -231,6 +231,9 @@ char *tmp; /* (char *)aes->tmp, for short */ int ret; + if ((aes == NULL) || (out == NULL) || (in == NULL)) + return BAD_FUNC_ARG; + tmp = (char *)aes->tmp; if (aes->left) { if ((aes->left + sz) >= WC_AES_BLOCK_SIZE) { @@ -350,7 +353,7 @@ case 16: *M = AES_CFG_CCM_M_16; break; default: - return 1; + return BAD_FUNC_ARG; } switch (nonceSz) { @@ -371,7 +374,7 @@ case 14: *L = AES_CFG_CCM_L_1; break; default: - return 1; + return BAD_FUNC_ARG; } return 0; } @@ -469,6 +472,9 @@ if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { return ret; } + if ((authIn == NULL) && (authInSz > 0)) { + return BAD_FUNC_ARG; + } AesAuthSetIv(aes, nonce, nonceSz, L, mode); @@ -569,6 +575,9 @@ if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { return ret; } + if ((authIn == NULL) && (authInSz > 0)) { + return BAD_FUNC_ARG; + } AesAuthSetIv(aes, nonce, nonceSz, L, mode); @@ -583,7 +592,7 @@ ROM_AESDataProcess(AES_BASE, aes->reg, tmpTag, WC_AES_BLOCK_SIZE); wolfSSL_TI_unlockCCM(); - if (XMEMCMP(authTag, tmpTag, authTagSz) != 0) { + if (ConstantCompare(authTag, tmpTag, authTagSz) != 0) { ret = AES_GCM_AUTH_E; } return ret; @@ -636,7 +645,7 @@ (unsigned int*)tmpTag); wolfSSL_TI_unlockCCM(); - if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)) { + if ((ret == false) || (ConstantCompare(authTag, tmpTag, authTagSz) != 0)) { XMEMSET(out, 0, inSz); ret = AES_GCM_AUTH_E; } @@ -685,6 +694,9 @@ int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len) { + if (gmac == NULL) { + return BAD_FUNC_ARG; + } return AesAuthSetKey(&gmac->aes, key, len); } @@ -692,6 +704,9 @@ const byte* authIn, word32 authInSz, byte* authTag, word32 authTagSz) { + if (gmac == NULL) { + return BAD_FUNC_ARG; + } return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-ccm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-ccm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-ccm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/ti/ti-ccm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,7 +44,7 @@ #endif /* TI_DUMMY_BUILD */ #define TIMEOUT 500000 -#define WAIT(stat) { volatile int i; for(i=0; iused = 0; hash->msg = 0; hash->len = 0; @@ -75,18 +75,22 @@ static int hashUpdate(wolfssl_TI_Hash *hash, const byte* data, word32 len) { void *p; + word32 usedSz = 0; - if ((hash== NULL) || (data == NULL))return BAD_FUNC_ARG; + if ((hash == NULL) || (data == NULL) || (len == 0) || + !WC_SAFE_SUM_WORD32(hash->used, len, usedSz)) + return BAD_FUNC_ARG; - if (hash->len < hash->used+len) { + if (hash->len < usedSz) { if (hash->msg == NULL) { - p = XMALLOC(hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = XMALLOC(usedSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); } else { - p = XREALLOC(hash->msg, hash->used+len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = XREALLOC(hash->msg, usedSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (p == 0)return 1; + if (p == 0) + return MEMORY_E; hash->msg = p; - hash->len = hash->used+len; + hash->len = usedSz; } XMEMCPY(hash->msg+hash->used, data, len); hash->used += len; @@ -96,6 +100,11 @@ static int hashGetHash(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize) { uint32_t h[16]; + + if (hash == NULL || result == NULL) { + return BAD_FUNC_ARG; + } + #ifndef TI_DUMMY_BUILD wolfSSL_TI_lockCCM(); ROM_SHAMD5Reset(SHAMD5_BASE); @@ -109,9 +118,6 @@ XMEMSET(h, 0, sizeof(h)); #endif - if (result == NULL) { - return BAD_FUNC_ARG; - } XMEMCPY(result, h, hsize); return 0; @@ -119,6 +125,8 @@ static int hashCopy(wolfssl_TI_Hash *src, wolfssl_TI_Hash *dst) { + if (src == NULL || dst == NULL) + return BAD_FUNC_ARG; /* only copy hash, zero the rest of the struct to avoid double-free */ dst->msg = NULL; dst->used = 0; @@ -129,10 +137,17 @@ static int hashFinal(wolfssl_TI_Hash *hash, byte* result, word32 algo, word32 hsize) { - hashGetHash(hash, result, algo, hsize); + int ret; + + if (hash == NULL || result == NULL) { + return BAD_FUNC_ARG; + } + + ret = hashGetHash(hash, result, algo, hsize); XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); hashInit(hash); - return 0; + + return ret; } static int hashHash(const byte* data, word32 len, byte* hash, word32 algo, word32 hsize) @@ -147,8 +162,10 @@ WOLFSSL_MSG("Hash Init failed"); } else { - hashUpdate(hash_desc, data, len); - hashFinal(hash_desc, hash, algo, hsize); + ret = hashUpdate(hash_desc, data, len); + if (ret == 0) { + ret = hashFinal(hash_desc, hash, algo, hsize); + } } WC_FREE_VAR_EX(hash_desc, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -158,6 +175,8 @@ static int hashFree(wolfssl_TI_Hash *hash) { + if (hash == NULL) + return BAD_FUNC_ARG; XFREE(hash->msg, NULL, DYNAMIC_TYPE_TMP_BUFFER); hashInit(hash); return 0; @@ -167,7 +186,7 @@ WOLFSSL_API int wc_InitMd5_ex(Md5* md5, void* heap, int devId) { if (md5 == NULL) - return 1; + return BAD_FUNC_ARG; (void)heap; (void)devId; return hashInit((wolfssl_TI_Hash *)md5); @@ -213,7 +232,7 @@ WOLFSSL_API int wc_InitSha_ex(Md5* sha, void* heap, int devId) { if (sha == NULL) - return 1; + return BAD_FUNC_ARG; (void)heap; (void)devId; return hashInit((wolfssl_TI_Hash *)sha); @@ -259,7 +278,7 @@ WOLFSSL_API int wc_InitSha224_ex(Sha224* sha224, void* heap, int devId) { if (sha224 == NULL) - return 1; + return BAD_FUNC_ARG; (void)heap; (void)devId; return hashInit((wolfssl_TI_Hash *)sha224); @@ -305,7 +324,7 @@ WOLFSSL_API int wc_InitSha256_ex(Sha256* sha256, void* heap, int devId) { if (sha256 == NULL) - return 1; + return BAD_FUNC_ARG; (void)heap; (void)devId; return hashInit((wolfssl_TI_Hash *)sha256); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/tropicsquare/tropic01.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/tropicsquare/tropic01.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/tropicsquare/tropic01.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/tropicsquare/tropic01.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tropic01.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -163,8 +163,8 @@ return BAD_FUNC_ARG; - /* Check key size */ - if (keySz != 16 && keySz != 24 && keySz != 32) { + /* Check key size: 256-bit */ + if (keySz != 32) { WOLFSSL_MSG_EX( "TROPIC01: Get ECC Key: Unsupported key size %u", keySz @@ -244,6 +244,7 @@ WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get ED25519 PRIVkey,ret=%d", ret); + ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE); return ret; } ret = Tropic01_GetKeyECC( @@ -254,6 +255,7 @@ WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get ED25519 PUBkey,ret=%d", ret); + ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE); return ret; } /* set devId to invalid, so software is used */ @@ -264,6 +266,7 @@ info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, info->pk.ed25519sign.key); + ForceZero(info->pk.ed25519sign.key->k, ED25519_PRV_KEY_SIZE); /* reset devId */ info->pk.ed25519sign.key->devId = devId; @@ -312,6 +315,7 @@ WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES key,ret=%d", ret); + ForceZero(lt_key, sizeof(lt_key)); return ret; } ret = Tropic01_GetKeyAES( @@ -322,12 +326,16 @@ WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES IV, ret=%d", ret); + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); return ret; } if (info->cipher.enc) { ret = wc_AesSetKey(info->cipher.aesgcm_enc.aes, lt_key, WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION); - if (ret != 0) { + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); + if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to set AES key, ret=%d", ret); @@ -351,9 +359,10 @@ info->cipher.aesgcm_enc.aes->devId = devId; } else { - ret = wc_AesSetKey(info->cipher.aesgcm_dec.aes, lt_key, WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION); + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to set AES key, ret=%d", @@ -388,6 +397,7 @@ if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES key,ret=%d", ret); + ForceZero(lt_key, sizeof(lt_key)); return ret; } ret = Tropic01_GetKeyAES( @@ -397,11 +407,15 @@ if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to get AES IV, ret=%d", ret); - return ret; - } + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); + return ret; + } if (info->cipher.enc) { ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key, WC_AES_BLOCK_SIZE, lt_iv, AES_ENCRYPTION); + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to set AES key, ret=%d", @@ -423,6 +437,8 @@ ret = wc_AesSetKey(info->cipher.aescbc.aes, lt_key, WC_AES_BLOCK_SIZE, lt_iv, AES_DECRYPTION); + ForceZero(lt_key, sizeof(lt_key)); + ForceZero(lt_iv, sizeof(lt_iv)); if (ret != 0) { WOLFSSL_MSG_EX( "TROPIC01: CryptoCB: Failed to set AES key, ret=%d", @@ -466,19 +482,21 @@ "TROPIC01: SetPairingKeys: Setting pairing key in slot %d", kIndex); + pk_index = kIndex; for (i = 0; i < TROPIC01_PAIRING_KEY_SIZE; i++) { - sh0priv[i] = kPriv[i]; sh0pub[i] = kPub[i]; } WOLFSSL_MSG("TROPIC01: SetPairingKeys: Pairing key set successfully"); +#if 0 WOLFSSL_MSG_EX( "TROPIC01: sh0priv: %02X %02X %02X %02X ...", kPriv[0], kPriv[1], kPriv[2], kPriv[3]); WOLFSSL_MSG_EX( "TROPIC01: sh0pub: %02X %02X %02X %02X ...", kPub[0], kPub[1], kPub[2], kPub[3]); +#endif return 0; } @@ -486,20 +504,23 @@ { lt_ret_t ret; - g_ctx.initialized = 0; - ret = lt_init(&g_h); - if (ret != LT_OK) { - WOLFSSL_MSG_EX("TROPIC01: lt_init failed with a code %d", ret); - return WC_HW_E; - } - ret = verify_chip_and_start_secure_session(&g_h, sh0priv, sh0pub, pk_index); - if (ret != LT_OK) { - WOLFSSL_MSG_EX("TROPIC01: secure session failed with a code %d", ret); - lt_deinit(&g_h); - return WC_HW_E; + if (g_ctx.initialized == 0) { + ret = lt_init(&g_h); + if (ret != LT_OK) { + WOLFSSL_MSG_EX("TROPIC01: lt_init failed with a code %d", ret); + return WC_HW_E; + } + ret = verify_chip_and_start_secure_session(&g_h, sh0priv, sh0pub, + pk_index); + if (ret != LT_OK) { + WOLFSSL_MSG_EX("TROPIC01: secure session failed with a code %d", + ret); + lt_deinit(&g_h); + return WC_HW_E; + } + g_ctx.initialized = 1; + WOLFSSL_MSG("TROPIC01: Crypto device initialized successfully"); } - g_ctx.initialized = 1; - WOLFSSL_MSG("TROPIC01: Crypto device initialized successfully"); return 0; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-aesgcm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-aesgcm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -199,8 +199,7 @@ WOLFSSL_XIL_DCACHE_FLUSH_RANGE((UINTPTR)aad, authInSz); - if (XSecure_AesUpdateAad(&(aes->xSec.cinst), XIL_CAST_U64(authIn), - authInSz)) { + if (XSecure_AesUpdateAad(&(aes->xSec.cinst), XIL_CAST_U64(aad), authInSz)) { WOLFSSL_XIL_MSG("Failed to set AAD"); err = 1; } else { @@ -272,7 +271,7 @@ if (ret) { WOLFSSL_MSG( "Failed to alloc memory for AESGCM Encrypt alignment (in)"); - return 1; + return ret; } XMEMCPY(in_aligned, in, sz); } @@ -290,7 +289,7 @@ aligned_xfree(in_buf, aes->heap); WOLFSSL_MSG( "Failed to alloc memory for AESGCM Encrypt alignment (out)"); - return 1; + return ret; } XMEMCPY(out_aligned, out, sz); } @@ -387,7 +386,7 @@ if (ret) { WOLFSSL_MSG( "Failed to alloc memory for AESGCM Decrypt alignment (in)"); - return 1; + return ret; } XMEMCPY(in_aligned, in, sz); } @@ -405,7 +404,7 @@ aligned_xfree(in_buf, aes->heap); WOLFSSL_MSG( "Failed to alloc memory for AESGCM Decrypt alignment (out)"); - return 1; + return ret; } XMEMCPY(out_aligned, out, sz); } @@ -528,8 +527,8 @@ byte initalCounter[WC_AES_BLOCK_SIZE]; int ret; - if ((in == NULL && sz > 0) || iv == NULL || authTag == NULL || - authTagSz > AES_GCM_AUTH_SZ) { + if (aes == NULL || (in == NULL && sz > 0) || (out == NULL) || iv == NULL || + authTag == NULL || authTagSz > AES_GCM_AUTH_SZ) { return BAD_FUNC_ARG; } @@ -598,8 +597,8 @@ byte initalCounter[WC_AES_BLOCK_SIZE]; int ret; - if (in == NULL || iv == NULL || authTag == NULL || - authTagSz < AES_GCM_AUTH_SZ) { + if (aes == NULL || in == NULL || out == NULL || iv == NULL || + authTag == NULL || authTagSz < AES_GCM_AUTH_SZ) { return BAD_FUNC_ARG; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-sha3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-sha3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -239,7 +239,7 @@ return 0; #else WOLFSSL_MSG("Copy of SHA3 struct not supported with this build"); - return -1; + return NOT_COMPILED_IN; #endif } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-glue.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-glue.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-glue.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-glue.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-versal-glue.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-trng.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-trng.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-trng.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/port/xilinx/xil-versal-trng.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-versal-trng.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -197,7 +197,7 @@ */ int wc_VersalTrngSelftest(void) { - return versal_trng_selftest() == XTRNGPSV_SUCCESS ? 0 : -1; + return versal_trng_selftest() == XTRNGPSV_SUCCESS ? 0 : WC_HW_E; } /** @@ -213,6 +213,10 @@ /* The TRNG always generates exactly 32bytes of output */ byte buf[XTRNGPSV_SEC_STRENGTH_BYTES]; word32 bytes_generated = 0; + + if (output == NULL) + return BAD_FUNC_ARG; + do { word32 bytes_left = sz - bytes_generated; word32 bytes_required = @@ -223,11 +227,13 @@ XTRNGPSV_FALSE); if (xret) { WOLFSSL_MSG_EX("XTrngpsv_Generate() returned 0x%08x", xret); + ForceZero(buf, sizeof(buf)); return WC_HW_E; } XMEMCPY(&output[bytes_generated], buf, bytes_required); bytes_generated += bytes_required; } while (bytes_generated < sz); + ForceZero(buf, sizeof(buf)); return 0; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pwdbased.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pwdbased.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/pwdbased.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/pwdbased.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -152,6 +152,8 @@ WC_FREE_VAR_EX(hash, heap, DYNAMIC_TYPE_HASHCTX); + ForceZero(digest, sizeof(digest)); + if (err != 0) return err; @@ -294,6 +296,7 @@ wc_HmacFree(hmac); } + ForceZero(buffer, (word32)hLen); WC_FREE_VAR_EX(buffer, heap, DYNAMIC_TYPE_TMP_BUFFER); WC_FREE_VAR_EX(hmac, heap, DYNAMIC_TYPE_HMAC); @@ -312,46 +315,38 @@ #ifdef HAVE_PKCS12 /* helper for PKCS12_PBKDF(), does hash operation */ -static int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, - byte* Ai, word32 u, int iterations) +static int DoPKCS12Hash(enum wc_HashType hashT, byte* buffer, word32 totalLen, + byte* Ai, word32 u, int iterations) { int i; int ret = 0; WC_DECLARE_VAR(hash, wc_HashAlg, 1, 0); - enum wc_HashType hashT; - if (buffer == NULL || Ai == NULL) { + if ((buffer == NULL) || (Ai == NULL)) { return BAD_FUNC_ARG; } - hashT = wc_HashTypeConvert(hashType); - /* initialize hash */ WC_ALLOC_VAR_EX(hash, wc_HashAlg, 1, NULL, DYNAMIC_TYPE_HASHCTX, return MEMORY_E); ret = wc_HashInit(hash, hashT); - if (ret != 0) { - WC_FREE_VAR_EX(hash, NULL, DYNAMIC_TYPE_HASHCTX); - return ret; - } - - ret = wc_HashUpdate(hash, hashT, buffer, totalLen); - - if (ret == 0) - ret = wc_HashFinal(hash, hashT, Ai); - - for (i = 1; i < iterations; i++) { - if (ret == 0) - ret = wc_HashUpdate(hash, hashT, Ai, u); + if (ret == 0) { + ret = wc_HashUpdate(hash, hashT, buffer, totalLen); if (ret == 0) ret = wc_HashFinal(hash, hashT, Ai); - } - wc_HashFree(hash, hashT); + for (i = 1; i < iterations; i++) { + if (ret == 0) + ret = wc_HashUpdate(hash, hashT, Ai, u); + if (ret == 0) + ret = wc_HashFinal(hash, hashT, Ai); + } - WC_FREE_VAR_EX(hash, NULL, DYNAMIC_TYPE_HASHCTX); + wc_HashFree(hash, hashT); + } + WC_FREE_VAR_EX(hash, NULL, DYNAMIC_TYPE_HASHCTX); return ret; } @@ -365,6 +360,7 @@ } +#ifdef WC_PKCS12_PBKDF_USING_MP_API /* extended API that allows a heap hint to be used */ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, const byte* salt, int saltLen, int iterations, int kLen, @@ -484,8 +480,8 @@ while (kLen > 0) { word32 currentLen; - ret = DoPKCS12Hash(hashType, buffer, totalLen, Ai, u, iterations); - if (ret < 0) + ret = DoPKCS12Hash(hashT, buffer, totalLen, Ai, u, iterations); + if (ret != 0) break; for (i = 0; i < v; i++) @@ -563,6 +559,173 @@ return ret; } +#else + +#if defined(WC_64BIT_CPU) && defined(HAVE___UINT128_T) && \ + !defined(NO_INT128) + #define PKCS12_DWORD word128 + #define PKCS12_WORD word64 + #define PKCS12_ByteReverseWords ByteReverseWords64 +#elif defined(WC_32BIT_CPU) || defined(WC_64BIT_CPU) + #define PKCS12_DWORD word64 + #define PKCS12_WORD word32 + #define PKCS12_ByteReverseWords ByteReverseWords +#else + #define PKCS12_DWORD word16 + #define PKCS12_WORD word8 + /* No need to byte reverse when handling 1 byte at a time. */ + #define PKCS12_ByteReverseWords(r, a, n) WC_DO_NOTHING +#endif + +/* extended API that allows a heap hint to be used */ +int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, + const byte* salt, int saltLen, int iterations, int kLen, + int hashType, int id, void* heap) +{ + word32 u, v, pLen, iLen, sLen, totalLen; + /* nwc: v / sizeof(PKCS12_WORD) - words per v-byte block + * (v is always a multiple of sizeof(PKCS12_WORD)) + * nBlocks: iLen / v - number of v-byte blocks in I */ + word32 nwc, nBlocks; + int ret = 0; + word32 i, k, blk; + byte* I; + PKCS12_WORD* Bw; +#ifdef WOLFSSL_SMALL_STACK + byte staticBuffer[1]; /* force dynamic usage */ + byte* B = NULL; +#else + ALIGN8 byte staticBuffer[1024]; + ALIGN8 byte B[WC_MAX_BLOCK_SIZE]; +#endif + byte* buffer = staticBuffer; + enum wc_HashType hashT; + + (void)heap; + + if ((output == NULL) || (passLen <= 0) || (saltLen <= 0) || (kLen < 0)) { + return BAD_FUNC_ARG; + } + + if (iterations <= 0) { + iterations = 1; + } + + /* u = hash output size. */ + hashT = wc_HashTypeConvert(hashType); + ret = wc_HashGetDigestSize(hashT); + if (ret < 0) + return ret; + if (ret == 0) + return BAD_STATE_E; + u = (word32)ret; + + /* v = hash block size. */ + ret = wc_HashGetBlockSize(hashT); + if (ret < 0) + return ret; + if (ret == 0) + return BAD_STATE_E; + v = (word32)ret; + + /* RFC 7292 B.2 step 2: S = salt repeated to ceil(saltLen/v)*v bytes */ + sLen = v * (((word32)saltLen + v - 1) / v); + /* RFC 7292 B.2 step 3: P = password repeated to ceil(passLen/v)*v bytes */ + pLen = v * (((word32)passLen + v - 1) / v); + /* RFC 7292 B.2 step 4: I = S || P */ + iLen = sLen + pLen; + totalLen = v + iLen; + + nwc = v / (word32)sizeof(PKCS12_WORD); + nBlocks = iLen / v; + +#ifdef WOLFSSL_SMALL_STACK + B = (byte*)XMALLOC(WC_MAX_BLOCK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (B == NULL) + return MEMORY_E; +#endif + Bw = (PKCS12_WORD*)B; + + if (totalLen > sizeof(staticBuffer)) { + buffer = (byte*)XMALLOC(totalLen, heap, DYNAMIC_TYPE_KEY); + if (buffer == NULL) { + WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + } + + /* RFC 7292 B.2 step 1: D = v bytes each set to ID */ + /* RFC 7292 B.2 step 4: I = S || P; buffer = D || I */ + I = buffer + v; + XMEMSET(buffer, id, v); + for (i = 0; i < sLen; i++) + I[i] = salt[i % (word32)saltLen]; + for (i = 0; i < pLen; i++) + I[sLen + i] = passwd[i % (word32)passLen]; + + ret = 0; + while ((ret == 0) && (kLen > 0)) { + /* RFC 7292 B.2 step 6a: A_i = H^r(D || I) */ + ret = DoPKCS12Hash(hashT, buffer, totalLen, B, u, iterations); + if (ret != 0) + break; + + /* RFC 7292 B.2 step 7: output A_i bytes (up to kLen) */ + i = min((word32)kLen, u); + XMEMCPY(output, B, i); + output += i; + kLen -= (int)i; + if (kLen == 0) + break; + + /* RFC 7292 B.2 step 6b: B = A_i repeated to length v */ + for (i = u; i < v; i++) + B[i] = B[i % u]; + + /* RFC 7292 B.2 step 6c: I_j = (I_j + B + 1) mod 2^(8v). */ +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords(Bw, Bw, v); +#endif + /* Increment B by 1. */ + for (k = nwc; k > 0; ) { + --k; + ++Bw[k]; + if (Bw[k] != 0) + break; + } + +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords((PKCS12_WORD*)I, (PKCS12_WORD*)I, nBlocks * v); +#endif + /* Add B+1 to each I_j block. */ + for (blk = 0; blk < nBlocks; blk++) { + PKCS12_DWORD c = 0; + PKCS12_WORD* Iw = (PKCS12_WORD*)(I + blk * v); + for (k = nwc; k-- > 0; ) { + c += (PKCS12_DWORD)Iw[k]; + c += (PKCS12_DWORD)Bw[k]; + Iw[k] = (PKCS12_WORD)c; + c >>= 8 * sizeof(PKCS12_WORD); + } + } +#ifndef BIG_ENDIAN_ORDER + PKCS12_ByteReverseWords((PKCS12_WORD*)I, (PKCS12_WORD*)I, nBlocks * v); +#endif + } + + WC_FREE_VAR_EX(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (buffer != staticBuffer) { + XFREE(buffer, heap, DYNAMIC_TYPE_KEY); + } + + return ret; +} + +#undef PKCS12_DWORD +#undef PKCS12_WORD +#undef PKCS12_ByteReverseWords + +#endif #endif /* HAVE_PKCS12 */ @@ -827,6 +990,16 @@ ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen, WC_SHA256); end: + if (blocks != NULL) { + ForceZero(blocks, blocksSz); + } + if (v != NULL) { + ForceZero(v, ((size_t)1 << cost) * (size_t)bSz); + } + if (y != NULL) { + ForceZero(y, (size_t)blockSize * 128); + } + XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/random.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/random.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/random.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/random.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,22 +26,80 @@ */ -/* Possible defines: - * ENTROPY_NUM_UPDATE default: 18 - * Number of updates to perform. A hash is created and memory accessed - * based on the hash values in each update of a sample. - * More updates will result in better entropy quality but longer sample - * times. - * ENTROPY_NUM_UPDATES_BITS default: 5 - * Number of bits needed to represent ENTROPY_NUM_UPDATE. - * = upper(log2(ENTROPY_NUM_UPDATE)) - * ENTROPY_NUM_WORDS_BITS default: 14 - * State has 2^ENTROPY_NUMN_WORDS_BITS entries. Range: 8-30 - * The value should be based on the cache sizes. - * Use a value that is at least as large as the L1 cache if possible. - * The higher the value, the more likely there will be cache misses and - * better the entropy quality. - * A larger value will use more static memory. +/* + * Random Number Generator Build Options: + * + * Core RNG: + * WC_NO_RNG: Disable RNG support entirely default: off + * HAVE_HASHDRBG: Enable Hash-based DRBG (SP 800-90A) default: on + * WC_RNG_BLOCKING: Make RNG operations blocking default: off + * WC_VERBOSE_RNG: Enable verbose RNG debug output default: off + * WC_RNG_SEED_CB: Use custom seed callback function default: off + * WC_RNG_BANK_SUPPORT: Enable RNG bank (pre-generated) default: off + * random data support + * WOLFSSL_RNG_USE_FULL_SEED: Use full-length seed for DRBG default: off + * WOLFSSL_GENSEED_FORTEST: Use deterministic seed for testing default: off + * WARNING: not for production use + * WOLFSSL_KEEP_RNG_SEED_FD_OPEN: Keep /dev/random fd open default: off + * between seed operations + * + * Custom RNG Sources: + * CUSTOM_RAND_GENERATE: Custom random word generator func default: off + * CUSTOM_RAND_GENERATE_BLOCK: Custom block random generator default: off + * CUSTOM_RAND_GENERATE_SEED: Custom seed generator function default: off + * CUSTOM_RAND_GENERATE_SEED_OS: Custom OS-level seed generator default: off + * + * Entropy Sources: + * HAVE_ENTROPY_MEMUSE: Enable memory-use based entropy default: off + * source for DRBG seeding + * ENTROPY_MEMUSE_FORCE_FAILURE: Force entropy failure (testing) default: off + * HAVE_GETRANDOM: Use Linux getrandom() syscall default: auto + * WOLFSSL_GETRANDOM: Use getrandom() for seed source default: auto + * FORCE_FAILURE_GETRANDOM: Force getrandom failure (testing) default: off + * NO_DEV_RANDOM: Don't use /dev/random for seeding default: off + * NO_DEV_URANDOM: Don't use /dev/urandom for seeding default: off + * HAVE_INTEL_RDRAND: Use Intel RDRAND instruction default: off + * HAVE_INTEL_RDSEED: Use Intel RDSEED instruction default: off + * HAVE_AMD_RDSEED: Use AMD RDSEED instruction default: off + * IDIRECT_DEV_RANDOM: iDirect custom /dev/random path default: off + * WIN_REUSE_CRYPT_HANDLE: Reuse Windows CryptContext handle default: off + * + * Entropy Tuning (for HAVE_ENTROPY_MEMUSE): + * ENTROPY_NUM_UPDATE: Number of updates per sample default: 18 + * More updates = better entropy but slower + * ENTROPY_NUM_UPDATES_BITS: Bits to represent ENTROPY_NUM_UPDATE default: 5 + * = upper(log2(ENTROPY_NUM_UPDATE)) + * ENTROPY_NUM_WORDS_BITS: State size as 2^N entries default: 14 + * Range: 8-30. Base on cache sizes. + * Larger = more cache misses = better entropy + * but more static memory usage. + * + * DRBG Health Tests: + * WC_RNG_SEED_APT_CUTOFF: Adaptive proportion test cutoff default: auto + * WC_RNG_SEED_APT_WINDOW: Adaptive proportion test window size default: auto + * WC_RNG_SEED_RCT_CUTOFF: Repetition count test cutoff default: auto + * + * Hardware RNG: + * STM32_RNG: STM32 hardware RNG default: off + * STM32_NUTTX_RNG: STM32 RNG via NuttX default: off + * WOLFSSL_STM32F427_RNG: STM32F427 hardware RNG default: off + * WOLFSSL_STM32_RNG_NOLIB: STM32 RNG without HAL library default: off + * WOLFSSL_PIC32MZ_RNG: PIC32MZ hardware RNG default: off + * FREESCALE_RNGA: Freescale RNGA default: off + * FREESCALE_K70_RNGA: Freescale K70 RNGA default: off + * FREESCALE_RNGB: Freescale RNGB default: off + * FREESCALE_KSDK_2_0_RNGA: Freescale KSDK 2.0 RNGA default: off + * FREESCALE_KSDK_2_0_TRNG: Freescale KSDK 2.0 TRNG default: off + * MAX3266X_RNG: MAX3266X hardware RNG default: off + * QAT_ENABLE_RNG: Intel QAT hardware RNG default: off + * WOLFSSL_ATECC_RNG: ATECC508/608 hardware RNG default: off + * WOLFSSL_SILABS_TRNG: Silicon Labs TRNG default: off + * WOLFSSL_SCE_NO_TRNG: Disable Renesas SCE TRNG default: off + * WOLFSSL_SCE_TRNG_HANDLE: Renesas SCE TRNG handle default: off + * WOLFSSL_SE050_NO_TRNG: Disable SE050 TRNG default: off + * WOLFSSL_PSA_NO_RNG: Disable PSA RNG default: off + * HAVE_IOTSAFE_HWRNG: IoT-Safe hardware RNG default: off + * WOLFSSL_XILINX_CRYPT_VERSAL: Xilinx Versal crypto RNG default: off */ #include @@ -68,14 +126,10 @@ #include -#include -#ifdef HAVE_ENTROPY_MEMUSE -#include -#if defined(__APPLE__) || defined(__MACH__) -#include +#ifdef WC_RNG_BANK_SUPPORT + #include #endif -#endif - +#include #ifndef WC_NO_RNG /* if not FIPS and RNG is disabled then do not compile */ @@ -232,82 +286,6 @@ #define OUTPUT_BLOCK_LEN (WC_SHA256_DIGEST_SIZE) #define MAX_REQUEST_LEN (0x10000) - -/* The security strength for the RNG is the target number of bits of - * entropy you are looking for in a seed. */ -#ifndef RNG_SECURITY_STRENGTH - /* SHA-256 requires a minimum of 256-bits of entropy. */ - #define RNG_SECURITY_STRENGTH (256) -#endif - -#ifndef ENTROPY_SCALE_FACTOR - /* The entropy scale factor should be the whole number inverse of the - * minimum bits of entropy per bit of NDRNG output. */ - #if defined(HAVE_ENTROPY_MEMUSE) - /* Full strength, conditioned entropy is requested of MemUse Entropy. */ - #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2) - #define ENTROPY_SCALE_FACTOR (4) - #else - #define ENTROPY_SCALE_FACTOR (1) - #endif - #elif defined(HAVE_AMD_RDSEED) - /* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0, - * we'll add an additional 8kb on top. - * - * See "AMD RNG ESV Public Use Document". Version 0.7 of October 24, - * 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of - * RDSEED output, depending on CPU family. - */ - #define ENTROPY_SCALE_FACTOR (512) - #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) - /* The value of 2 applies to Intel's RDSEED which provides about - * 0.5 bits minimum of entropy per bit. The value of 4 gives a - * conservative margin for FIPS. */ - #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2) - #define ENTROPY_SCALE_FACTOR (2*4) - #else - /* Not FIPS, but Intel RDSEED, only double. */ - #define ENTROPY_SCALE_FACTOR (2) - #endif - #elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION >= 2) - /* If doing a FIPS build without a specific scale factor, default - * to 4. This will give 1024 bits of entropy. More is better, but - * more is also slower. */ - #define ENTROPY_SCALE_FACTOR (4) - #else - /* Setting the default to 1. */ - #define ENTROPY_SCALE_FACTOR (1) - #endif -#endif - -#ifndef SEED_BLOCK_SZ - /* The seed block size, is the size of the output of the underlying NDRNG. - * This value is used for testing the output of the NDRNG. */ - #if defined(HAVE_AMD_RDSEED) - /* AMD's RDSEED instruction works in 128-bit blocks read 64-bits - * at a time. */ - #define SEED_BLOCK_SZ (sizeof(word64)*2) - #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) - /* RDSEED outputs in blocks of 64-bits. */ - #define SEED_BLOCK_SZ sizeof(word64) - #else - /* Setting the default to 4. */ - #define SEED_BLOCK_SZ 4 - #endif -#endif - -#define SEED_SZ (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8) - -/* The maximum seed size will be the seed size plus a seed block for the - * test, and an additional half of the seed size. This additional half - * is in case the user does not supply a nonce. A nonce will be obtained - * from the NDRNG. */ -#define MAX_SEED_SZ (SEED_SZ + SEED_SZ/2 + SEED_BLOCK_SZ) - - #ifdef WC_RNG_SEED_CB #ifndef HAVE_FIPS @@ -333,12 +311,13 @@ #define DRBG_NO_SEED_CB 4 /* RNG health states */ -#define DRBG_NOT_INIT 0 -#define DRBG_OK 1 -#define DRBG_FAILED 2 -#define DRBG_CONT_FAILED 3 +#define DRBG_NOT_INIT WC_DRBG_NOT_INIT +#define DRBG_OK WC_DRBG_OK +#define DRBG_FAILED WC_DRBG_FAILED +#define DRBG_CONT_FAILED WC_DRBG_CONT_FAILED -#define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4) +#define SEED_SZ WC_DRBG_SEED_SZ +#define MAX_SEED_SZ WC_DRBG_MAX_SEED_SZ /* Verify max gen block len */ #if RNG_MAX_BLOCK_LEN > MAX_REQUEST_LEN @@ -355,7 +334,8 @@ typedef struct DRBG_internal DRBG_internal; -static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId); +static int wc_RNG_HealthTestLocal(WC_RNG* rng, int reseed, void* heap, + int devId); /* Hash Derivation Function */ /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ @@ -373,7 +353,9 @@ #else wc_Sha256 sha[1]; #endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE) +#if defined(WOLFSSL_SMALL_STACK_CACHE) + byte* digest = drbg->digest_scratch; +#elif defined(WOLFSSL_SMALL_STACK) byte* digest; #else byte digest[WC_SHA256_DIGEST_SIZE]; @@ -383,7 +365,7 @@ return DRBG_FAILURE; } -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap, DYNAMIC_TYPE_DIGEST); if (digest == NULL) @@ -444,10 +426,16 @@ ForceZero(digest, WC_SHA256_DIGEST_SIZE); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST); #endif +#ifdef WC_VERBOSE_RNG + if (ret != 0) + WOLFSSL_DEBUG_PRINTF("ERROR: %s failed with err = %d", __FUNCTION__, + ret); +#endif + return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; } @@ -461,8 +449,12 @@ return DRBG_FAILURE; } +#ifdef WOLFSSL_SMALL_STACK_CACHE + newV = drbg->seed_scratch; +#else WC_ALLOC_VAR_EX(newV, byte, DRBG_SEED_LEN, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); +#endif XMEMSET(newV, 0, DRBG_SEED_LEN); ret = Hash_df(drbg, newV, DRBG_SEED_LEN, drbgReseed, @@ -478,7 +470,16 @@ drbg->reseedCtr = 1; } +#ifndef WOLFSSL_SMALL_STACK_CACHE WC_FREE_VAR_EX(newV, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + #ifdef WC_VERBOSE_RNG + if (ret != 0) + WOLFSSL_DEBUG_PRINTF("ERROR: Hash_DRBG_Reseed failed with err %d.", + ret); + #endif + return ret; } @@ -515,26 +516,27 @@ static int Hash_gen(DRBG_internal* drbg, byte* out, word32 outSz, const byte* V) { int ret = DRBG_FAILURE; -#ifdef WOLFSSL_SMALL_STACK - byte* data; - byte* digest; -#else - byte data[DRBG_SEED_LEN]; - byte digest[WC_SHA256_DIGEST_SIZE]; -#endif word32 i; word32 len; -#ifdef WOLFSSL_SMALL_STACK_CACHE +#if defined(WOLFSSL_SMALL_STACK_CACHE) wc_Sha256* sha = &drbg->sha256; + byte* data = drbg->seed_scratch; + byte* digest = drbg->digest_scratch; +#elif defined(WOLFSSL_SMALL_STACK) + wc_Sha256 sha[1]; + byte* data = NULL; + byte* digest = NULL; #else wc_Sha256 sha[1]; + byte data[DRBG_SEED_LEN]; + byte digest[WC_SHA256_DIGEST_SIZE]; #endif if (drbg == NULL) { return DRBG_FAILURE; } -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) data = (byte*)XMALLOC(DRBG_SEED_LEN, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER); digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap, DYNAMIC_TYPE_DIGEST); @@ -592,8 +594,23 @@ } ForceZero(data, DRBG_SEED_LEN); +#ifndef WOLFSSL_SMALL_STACK_CACHE WC_FREE_VAR_EX(digest, drbg->heap, DYNAMIC_TYPE_DIGEST); WC_FREE_VAR_EX(data, drbg->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + #ifdef WC_VERBOSE_RNG + if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) { + /* Note, if we're just going to return DRBG_FAILURE to the caller, then + * there's no point printing it out here because (1) the lower-level + * code that was remapped to DRBG_FAILURE already got printed before the + * remapping, so a DRBG_FAILURE message would just be spamming the log, + * and (2) the caller will actually see the DRBG_FAILURE code, and is + * free to (and probably will) log it itself. + */ + WOLFSSL_DEBUG_PRINTF("ERROR: Hash_gen failed with err %d.", ret); + } + #endif return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; } @@ -641,14 +658,17 @@ } if (drbg->reseedCtr >= WC_RESEED_INTERVAL) { - #if defined(DEBUG_WOLFSSL) || defined(DEBUG_DRBG_RESEEDS) - printf("DRBG reseed triggered, reseedCtr == %lu", - (unsigned long)drbg->reseedCtr); + #if (defined(DEBUG_WOLFSSL) || defined(DEBUG_DRBG_RESEEDS)) && \ + defined(WOLFSSL_DEBUG_PRINTF) + WOLFSSL_DEBUG_PRINTF("DRBG reseed triggered, reseedCtr == %lu", + (unsigned long)drbg->reseedCtr); #endif return DRBG_NEED_RESEED; } else { - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE) + #if defined(WOLFSSL_SMALL_STACK_CACHE) + byte* digest = drbg->digest_scratch; + #elif defined(WOLFSSL_SMALL_STACK) byte* digest = (byte*)XMALLOC(WC_SHA256_DIGEST_SIZE, drbg->heap, DYNAMIC_TYPE_DIGEST); if (digest == NULL) @@ -697,15 +717,43 @@ drbg->reseedCtr++; } ForceZero(digest, WC_SHA256_DIGEST_SIZE); - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_KERNEL_MODE) + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) XFREE(digest, drbg->heap, DYNAMIC_TYPE_DIGEST); #endif } + #ifdef WC_VERBOSE_RNG + if ((ret != DRBG_SUCCESS) && (ret != DRBG_FAILURE)) { + /* see note above regarding log spam reduction */ + WOLFSSL_DEBUG_PRINTF("ERROR: Hash_DRBG_Generate failed with err %d.", + ret); + } + #endif + return (ret == 0) ? DRBG_SUCCESS : DRBG_FAILURE; } /* Returns: DRBG_SUCCESS or DRBG_FAILURE */ +static int Hash_DRBG_Init(DRBG_internal* drbg, const byte* seed, word32 seedSz, + const byte* nonce, word32 nonceSz) +{ + if (seed == NULL) + return DRBG_FAILURE; + + if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, + nonce, nonceSz) == DRBG_SUCCESS && + Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, + sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { + + drbg->reseedCtr = 1; + return DRBG_SUCCESS; + } + else { + return DRBG_FAILURE; + } +} + +/* Returns: DRBG_SUCCESS or DRBG_FAILURE */ static int Hash_DRBG_Instantiate(DRBG_internal* drbg, const byte* seed, word32 seedSz, const byte* nonce, word32 nonceSz, void* heap, int devId) @@ -730,15 +778,8 @@ return ret; #endif - if (Hash_df(drbg, drbg->V, sizeof(drbg->V), drbgInitV, seed, seedSz, - nonce, nonceSz) == DRBG_SUCCESS && - Hash_df(drbg, drbg->C, sizeof(drbg->C), drbgInitC, drbg->V, - sizeof(drbg->V), NULL, 0) == DRBG_SUCCESS) { - - drbg->reseedCtr = 1; - ret = DRBG_SUCCESS; - } - + if (seed != NULL) + ret = Hash_DRBG_Init(drbg, seed, seedSz, nonce, nonceSz); return ret; } @@ -763,900 +804,153 @@ } -int wc_RNG_TestSeed(const byte* seed, word32 seedSz) -{ - int ret = 0; - - /* Check the seed for duplicate words. */ - word32 seedIdx = 0; - word32 scratchSz = min(SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ); - - while (seedIdx < seedSz - SEED_BLOCK_SZ) { - if (ConstantCompare(seed + seedIdx, - seed + seedIdx + scratchSz, - (int)scratchSz) == 0) { - - ret = DRBG_CONT_FAILURE; - } - seedIdx += SEED_BLOCK_SZ; - scratchSz = min(SEED_BLOCK_SZ, (seedSz - seedIdx)); - } - - return ret; -} -#endif /* HAVE_HASHDRBG */ -/* End NIST DRBG Code */ - -#ifdef HAVE_ENTROPY_MEMUSE -/* Define ENTROPY_MEMUSE_THREAD to force use of counter in a new thread. - * Only do this when high resolution timer not otherwise available. - */ - -/* Number of bytes that will hold the maximum entropy bits. */ -#define MAX_ENTROPY_BYTES (MAX_ENTROPY_BITS / 8) -/* Number of bits stored for one sample. */ -#define ENTROPY_BITS_USED 8 - -/* Minimum entropy from a sample. */ -#define ENTROPY_MIN 1 -/* Number of extra samples to ensure full entropy. */ -#define ENTROPY_EXTRA 64 -/* Maximum number of bytes to sample to produce max entropy. */ -#define MAX_NOISE_CNT (MAX_ENTROPY_BITS * 8 + ENTROPY_EXTRA) - -/* MemUse entropy global state initialized. */ -static int entropy_memuse_initialized = 0; -/* Global SHA-3 object used for conditioning entropy and creating noise. */ -static wc_Sha3 entropyHash; -/* Reset the health tests. */ -static void Entropy_HealthTest_Reset(void); - -#ifdef CUSTOM_ENTROPY_TIMEHIRES -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - return CUSTOM_ENTROPY_TIMEHIRES(); -} -#elif !defined(ENTROPY_MEMUSE_THREAD) && \ - (defined(__x86_64__) || defined(__i386__)) -/* Get the high resolution time counter. - * - * @return 64-bit count of CPU cycles. - */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - unsigned int lo_c, hi_c; - __asm__ __volatile__ ( - "rdtsc" - : "=a"(lo_c), "=d"(hi_c) /* out */ - : "a"(0) /* in */ - : "%ebx", "%ecx"); /* clobber */ - return ((word64)lo_c) | (((word64)hi_c) << 32); -} -#elif !defined(ENTROPY_MEMUSE_THREAD) && \ - (defined(__APPLE__) || defined(__MACH__)) -/* Get the high resolution time counter. - * - * @return 64-bit time in nanoseconds. - */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - return clock_gettime_nsec_np(CLOCK_MONOTONIC_RAW); -} -#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__aarch64__) -/* Get the high resolution time counter. +/* FIPS 140-3 IG 10.3.A / SP800-90B Health Tests for Seed Data * - * @return 64-bit timer count. - */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - word64 cnt; - __asm__ __volatile__ ( - "mrs %[cnt], cntvct_el0" - : [cnt] "=r"(cnt) - : - : - ); - return cnt; -} -#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__) - -#define LPD_SCNTR_BASE_ADDRESS 0xFF250000 - -/* Get the high resolution time counter. - * Collect ticks from LPD_SCNTR - * @return 64-bit tick count. - */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - word64 cnt; - word32 *ptr; - - ptr = (word32*)LPD_SCNTR_BASE_ADDRESS; - cnt = *(ptr+1); - cnt = cnt << 32; - cnt |= *ptr; - - return cnt; -} -#elif !defined(ENTROPY_MEMUSE_THREAD) && (_POSIX_C_SOURCE >= 199309L) -/* Get the high resolution time counter. + * These tests replace the older FIPS 140-2 Continuous Random Number Generator + * Test (CRNGT) with more mathematically robust statistical tests per + * ISO 19790 / SP800-90B requirements. * - * @return 64-bit time that is the nanoseconds of current time. + * When HAVE_ENTROPY_MEMUSE is defined, the wolfentropy.c jitter-based TRNG + * performs another set of these health tests, but those are on the noise not + * the conditioned output so we still need to retest here even in that case + * to evaluate the conditioned output for the same behavior. These tests ensure + * the seed data meets basic entropy requirements regardless of the source. */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - struct timespec now; - - clock_gettime(CLOCK_REALTIME, &now); - return now.tv_nsec; -} -#elif defined(_WIN32) /* USE_WINDOWS_API */ -/* Get the high resolution time counter. +/* SP800-90B 4.4.1 - Repetition Count Test + * Detects if the noise source becomes "stuck" producing repeated output. * - * @return 64-bit timer + * C = 1 + ceil(-log2(alpha) / H) + * For alpha = 2^-30 (false positive probability) and H = 1 (min entropy): + * C = 1 + ceil(30 / 1) = 31 */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - LARGE_INTEGER count; - QueryPerformanceCounter(&count); - return (word64)(count.QuadPart); -} -#elif defined(WOLFSSL_THREAD_NO_JOIN) - -/* Start and stop thread that counts as a proxy for time counter. */ -#define ENTROPY_MEMUSE_THREADED - -/* Data for entropy thread. */ -typedef struct ENTROPY_THREAD_DATA { - /* Current counter - proxy for time. */ - word64 counter; - /* Whether to stop thread. */ - int stop; -} ENTROPY_THREAD_DATA; - -/* Track whether entropy thread has been started already. */ -static int entropy_thread_started = 0; -/* Data for thread to update/observer. */ -static volatile ENTROPY_THREAD_DATA entropy_thread_data = { 0, 0 }; - -/* Get the high resolution time counter. Counter incremented in thread. - * - * @return 64-bit counter. - */ -static WC_INLINE word64 Entropy_TimeHiRes(void) -{ - /* Return counter update in thread. */ - return entropy_thread_data.counter; -} - -/* Thread that increments counter while not told to stop. - * - * @param [in,out] args Entropy data including: counter and stop flag. - * @return NULL always. - */ -static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN - Entropy_IncCounter(void* args) -{ - (void)args; - - /* Keep going until caller tells us to stop and exit. */ - while (!entropy_thread_data.stop) { - /* Increment counter acting as high resolution timer. */ - entropy_thread_data.counter++; - } - -#ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "EXITING ENTROPY COUNTER THREAD\n"); +#ifndef WC_RNG_SEED_RCT_CUTOFF + #define WC_RNG_SEED_RCT_CUTOFF 31 #endif - /* Exit from thread. */ - RETURN_FROM_THREAD_NOJOIN(0); -} - -/* Start a thread that increments counter if not one already. - * - * Won't start a new thread if one already running. - * Waits for thread to start by waiting for counter to have incremented. +/* SP800-90B 4.4.2 - Adaptive Proportion Test + * Monitors if a particular sample value appears too frequently within a + * window of samples, indicating loss of entropy. * - * @return 0 on success. - * @return Negative on failure. + * Window size W = 512 for non-binary alphabet (byte values 0-255) + * C = 1 + CRITBINOM(W, 2^(-H), 1-alpha) + * For alpha = 2^-30 and H = 1, W = 512: + * C = 1 + CRITBINOM(512, 0.5, 1-2^-30) = 325 */ -static int Entropy_StartThread(void) -{ - int ret = 0; - - /* Only continue if we haven't started a thread. */ - if (!entropy_thread_started) { - /* Get counter before starting thread. */ - word64 start_counter = entropy_thread_data.counter; - - /* In case of restarting thread, set stop indicator to false. */ - entropy_thread_data.stop = 0; - - #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "STARTING ENTROPY COUNTER THREAD\n"); - #endif - /* Create a thread that increments the counter in the data. */ - /* Thread resources to be disposed of. */ - ret = wolfSSL_NewThreadNoJoin(Entropy_IncCounter, NULL); - if (ret == 0) { - /* Wait for the counter to increase indicating thread started. */ - while (entropy_thread_data.counter == start_counter) { - sched_yield(); - } - } - - entropy_thread_started = (ret == 0); - } - - return ret; -} - -/* Tell thread to stop and wait for it to complete. - * - * Called by wolfCrypt_Cleanup(). - */ -static void Entropy_StopThread(void) -{ - /* Only stop a thread if one is running. */ - if (entropy_thread_started) { - /* Tell thread to stop. */ - entropy_thread_data.stop = 1; - /* Stopped thread so no thread started anymore. */ - entropy_thread_started = 0; - } -} - /* end if defined(HAVE_PTHREAD) */ - -#else - -#error "No high precision time available for MemUse Entropy." - -#endif - -#ifndef ENTROPY_NUM_WORDS_BITS - /* Number of bits to count of 64-bit words in state. */ - #define ENTROPY_NUM_WORDS_BITS 14 -#endif - -/* Floor of 8 yields pool of 256x 64-bit word samples - * 9 -> 512x 64-bit word samples - * 10 -> 1,024x 64-bit word samples - * 11 -> 2,048x 64-bit word samples - * 12 -> 4,096x 64-bit word samples - * 13 -> 8,192x 64-bit word samples - * 14 -> 16,384x 64-bit word samples - * 15 -> 32,768x 64-bit word samples - * ... doubling every time up to a maximum of: - * 30 -> 1,073,741,824x 64-bit word samples - * 1 billion+ samples should be more then sufficient for any use-case - */ -#if ENTROPY_NUM_WORDS_BITS < 8 - #error "ENTROPY_NUM_WORDS_BITS must be 8 or more" -#elif ENTROPY_NUM_WORDS_BITS > 30 - #error "ENTROPY_NUM_WORDS_BITS must be less than 31" -#endif -/* Number of 64-bit words in state. */ -#define ENTROPY_NUM_WORDS (1 << ENTROPY_NUM_WORDS_BITS) - -/* Size of one block of 64-bit words. */ -#define ENTROPY_BLOCK_SZ (ENTROPY_NUM_WORDS_BITS - 8) - -#ifndef ENTROPY_NUM_UPDATES - /* Number of times to update random blocks. - * Less than 2^ENTROPY_BLOCK_SZ (default: 2^6 = 64). - * Maximize value to maximize entropy per sample. - * Limit value to ensure entropy is collected in a timely manner. - */ - #define ENTROPY_NUM_UPDATES 18 - /* Upper round of log2(ENTROPY_NUM_UPDATES) */ - #define ENTROPY_NUM_UPDATES_BITS 5 -#elif !defined(ENTROPY_NUM_UPDATES_BITS) - #define ENTROPY_NUM_UPDATES_BITS ENTROPY_BLOCK_SZ -#endif -#ifndef ENTROPY_NUM_UPDATES_BITS - #error "ENTROPY_NUM_UPDATES_BITS must be defined - " \ - "upper(log2(ENTROPY_NUM_UPDATES))" -#endif -#if ENTROPY_NUM_UPDATES_BITS != 0 - /* Amount to shift offset to get better coverage of a block */ - #define ENTROPY_OFFSET_SHIFTING \ - (ENTROPY_BLOCK_SZ / ENTROPY_NUM_UPDATES_BITS) -#else - /* Amount to shift offset to get better coverage of a block */ - #define ENTROPY_OFFSET_SHIFTING ENTROPY_BLOCK_SZ +#ifndef WC_RNG_SEED_APT_WINDOW + #define WC_RNG_SEED_APT_WINDOW 512 #endif - -#ifndef ENTROPY_NUM_64BIT_WORDS - /* Number of 64-bit words to update - 32. */ - #define ENTROPY_NUM_64BIT_WORDS WC_SHA3_256_DIGEST_SIZE -#elif ENTROPY_NUM_64BIT_WORDS > WC_SHA3_256_DIGEST_SIZE - #error "ENTROPY_NUM_64BIT_WORDS must be <= SHA3-256 digest size in bytes" -#endif - -#if ENTROPY_BLOCK_SZ < ENTROPY_NUM_UPDATES_BITS -#define EXTRA_ENTROPY_WORDS ENTROPY_NUM_UPDATES -#else -#define EXTRA_ENTROPY_WORDS 0 -#endif - -/* State to update that is multiple cache lines long. */ -static word64 entropy_state[ENTROPY_NUM_WORDS + EXTRA_ENTROPY_WORDS] = {0}; - -/* Using memory will take different amount of times depending on the CPU's - * caches and business. - */ -static void Entropy_MemUse(void) -{ - int i; - static byte d[WC_SHA3_256_DIGEST_SIZE]; - int j; - - for (j = 0; j < ENTROPY_NUM_UPDATES; j++) { - /* Hash the first 32 64-bit words of state. */ - wc_Sha3_256_Update(&entropyHash, (byte*)entropy_state, - sizeof(*entropy_state) * ENTROPY_NUM_64BIT_WORDS); - /* Get pseudo-random indices. */ - wc_Sha3_256_Final(&entropyHash, d); - - for (i = 0; i < ENTROPY_NUM_64BIT_WORDS; i++) { - /* Choose a 64-bit word from a pseudo-random block.*/ - int idx = ((int)d[i] << ENTROPY_BLOCK_SZ) + - (j << ENTROPY_OFFSET_SHIFTING); - /* Update a pseudo-random 64-bit word with a pseudo-random value. */ - entropy_state[idx] += Entropy_TimeHiRes(); - /* Ensure part of state that is hashed is updated. */ - entropy_state[i] += entropy_state[idx]; - } - } -} - - -/* Last time entropy sample was gathered. */ -static word64 entropy_last_time = 0; - -/* Get a sample of noise. - * - * Value is time taken to use memory. - * - * Called to test raw entropy. - * - * @return 64-bit value that is the noise. - */ -static word64 Entropy_GetSample(void) -{ - word64 now; - word64 ret; - -#ifdef HAVE_FIPS - /* First sample must be disregard when in FIPS. */ - if (entropy_last_time == 0) { - /* Get sample which triggers CAST in FIPS mode. */ - Entropy_MemUse(); - /* Start entropy time after CASTs. */ - entropy_last_time = Entropy_TimeHiRes(); - } +#ifndef WC_RNG_SEED_APT_CUTOFF + #define WC_RNG_SEED_APT_CUTOFF 325 #endif - /* Use memory such that it will take an unpredictable amount of time. */ - Entropy_MemUse(); - - /* Get the time now to subtract from previous end time. */ - now = Entropy_TimeHiRes(); - /* Calculate time diff since last sampling. */ - ret = now - entropy_last_time; - /* Store last time. */ - entropy_last_time = now; - - return ret; -} - -/* Get as many samples of noise as required. - * - * One sample is one byte. - * - * @param [out] noise Buffer to hold samples. - * @param [in] samples Number of one byte samples to get. - */ -static void Entropy_GetNoise(unsigned char* noise, int samples) +int wc_RNG_TestSeed(const byte* seed, word32 seedSz) { - int i; + int ret = 0; - /* Do it once to get things going. */ - Entropy_MemUse(); + word32 i; + int rctFailed = 0; + int aptFailed = 0; - /* Get as many samples as required. */ - for (i = 0; i < samples; i++) { - noise[i] = (byte)Entropy_GetSample(); + if (seed == NULL || seedSz < SEED_BLOCK_SZ) { + return BAD_FUNC_ARG; } -} -/* Generate raw entropy for performing assessment. - * - * @param [out] raw Buffer to hold raw entropy data. - * @param [in] cnt Number of bytes of raw entropy to get. - * @return 0 on success. - * @return Negative when creating a thread fails - when no high resolution - * clock available. - */ -int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt) -{ - int ret = 0; - -#ifdef ENTROPY_MEMUSE_THREADED - /* Start the counter thread as a proxy for time counter. */ - ret = Entropy_StartThread(); - if (ret == 0) -#endif + /* SP800-90B 4.4.1 - Repetition Count Test (RCT) + * Check for consecutive identical bytes that would indicate a stuck + * entropy source. Fail if we see WC_RNG_SEED_RCT_CUTOFF or more + * consecutive identical values. + * + * Constant-time implementation: always process full seed, accumulate + * failure status without early exit to prevent timing side-channels. + */ { - Entropy_GetNoise(raw, cnt); - } -#ifdef ENTROPY_MEMUSE_THREADED - /* Stop the counter thread to avoid thrashing the system. */ - Entropy_StopThread(); -#endif - - return ret; -} - -#if ENTROPY_MIN == 1 -/* SP800-90b 4.4.1 - Repetition Test - * C = 1 + upper(-log2(alpha) / H) - * When alpha = 2^-30 and H = 1, - * C = 1 + upper(30 / 1) = 31 - */ -#define REP_CUTOFF 31 -#else -#error "Minimum entropy not defined to a recognized value." -#endif + int repCount = 1; + byte prevByte = seed[0]; -/* Have valid previous sample for repetition test. */ -static int rep_have_prev = 0; -/* Previous sample value. */ -static byte rep_prev_noise; - -static void Entropy_HealthTest_Repetition_Reset(void) -{ - /* No previous stored. */ - rep_have_prev = 0; - /* Clear previous. */ - rep_prev_noise = 0; -} - -/* Test sample value with repetition test. - * - * @param [in] noise Sample to test. - * @return 0 on success. - * @return ENTROPY_RT_E on failure. - */ -static int Entropy_HealthTest_Repetition(byte noise) -{ - int ret = 0; - /* Number of times previous value has been seen continuously. */ - static int rep_cnt = 0; - - /* If we don't have a previous then store this one for next time. */ - if (!rep_have_prev) { - rep_prev_noise = noise; - rep_have_prev = 1; - rep_cnt = 1; - } - /* Check whether this sample matches last. */ - else if (noise == rep_prev_noise) { - /* Update count of repetitions. */ - rep_cnt++; - /* Fail if we reach cutoff. */ - if (rep_cnt >= REP_CUTOFF) { - #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "REPETITION FAILED: %d\n", noise); - #endif - Entropy_HealthTest_Repetition_Reset(); - ret = ENTROPY_RT_E; + for (i = 1; i < seedSz; i++) { + /* Constant-time: always evaluate both branches effects */ + int match = (seed[i] == prevByte); + /* If match, increment count, if not, reset to 1 */ + repCount = (match * (repCount + 1)) + (!match * 1); + /* Update prevByte only when not matching (new value) */ + prevByte = (byte) ((match * prevByte) + (!match * seed[i])); + /* Accumulate failure flag - once set, stays set */ + rctFailed |= (repCount >= WC_RNG_SEED_RCT_CUTOFF); } } - else { - /* Cache new previous and seen one so far. */ - rep_prev_noise = noise; - rep_cnt = 1; - } - - return ret; -} - -/* SP800-90b 4.4.2 - Adaptive Proportion Test - * Para 2 - * ... The window size W is selected based on the alphabet size ... 512 if - * the noise source is not binary ... - */ -#define PROP_WINDOW_SIZE 512 -#if ENTROPY_MIN == 1 -/* SP800-90b 4.4.2 - Adaptive Proportion Test - * Note 10 - * C = 1 + CRITBINOM(W, power(2,( -H)),1-alpha) - * alpha = 2^-30 = POWER(2,-30), H = 1, W = 512 - * C = 1 + CRITBINOM(512, 0.5, 1-POWER(2,-30)) = 1 + 324 = 325 - */ -#define PROP_CUTOFF 325 -#else -#error "Minimum entropy not defined to a recognized value." -#endif -/* Total number of samples storef for Adaptive proportion test. - * Need the next 512 samples to compare this this one. - */ -static word16 prop_total = 0; -/* Index of first sample. */ -static word16 prop_first = 0; -/* Index to put next sample in. */ -static word16 prop_last = 0; -/* Count of each value seen in queue. */ -static word16 prop_cnt[1 << ENTROPY_BITS_USED] = { 0 }; -/* Circular queue of samples. */ -static word16 prop_samples[PROP_WINDOW_SIZE]; + /* SP800-90B 4.4.2 - Adaptive Proportion Test (APT) + * Check that no single byte value appears too frequently within + * a sliding window. This detects bias in the entropy source. + * + * For seeds smaller than the window size, we test the entire seed. + * For larger seeds, we use a sliding window approach. + * + * Constant-time implementation: always process full seed and check + * all counts to prevent timing side-channels. + */ + { + word16 byteCounts[MAX_ENTROPY_BITS]; + word32 windowSize = min(seedSz, (word32)WC_RNG_SEED_APT_WINDOW); + word32 windowStart = 0; + word32 newIdx; -/* Resets the data for the Adaptive Proportion Test. - */ -static void Entropy_HealthTest_Proportion_Reset(void) -{ - /* Clear out samples. */ - XMEMSET(prop_samples, 0, sizeof(prop_samples)); - /* Clear out counts. */ - XMEMSET(prop_cnt, 0, sizeof(prop_cnt)); - /* Clear stored count. */ - prop_total = 0; - /* Reset first and last index for samples. */ - prop_first = 0; - prop_last = 0; -} + XMEMSET(byteCounts, 0, sizeof(byteCounts)); -/* Add sample to Adaptive Proportion test. - * - * SP800-90b 4.4.2 - Adaptive Proportion Test - * - * Sample is accumulated into buffer until required successive values seen. - * - * @param [in] noise Sample to test. - * @return 0 on success. - * @return ENTROPY_APT_E on failure. - */ -static int Entropy_HealthTest_Proportion(byte noise) -{ - int ret = 0; - - /* Need minimum samples in queue to test with - keep adding while we have - * less. */ - if (prop_total < PROP_CUTOFF - 1) { - /* Store sample at last position in circular queue. */ - prop_samples[prop_last++] = noise; - /* Update count of seen value based on new sample. */ - prop_cnt[noise]++; - /* Update count of store values. */ - prop_total++; - } - else { - /* We have at least a minimum set of samples in queue. */ - /* Store new sample at end of queue. */ - prop_samples[prop_last] = noise; - /* Update last index now that we have added new sample to queue. */ - prop_last = (prop_last + 1) % PROP_WINDOW_SIZE; - /* Added sample to queue - add count. */ - prop_cnt[noise]++; - /* Update count of store values. */ - prop_total++; - - /* Check whether first value has too many repetitions in queue. */ - if (prop_cnt[noise] >= PROP_CUTOFF) { - #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "PROPORTION FAILED: %d %d\n", val, prop_cnt[noise]); - #endif - Entropy_HealthTest_Proportion_Reset(); - /* Error code returned. */ - ret = ENTROPY_APT_E; - } - else if (prop_total == PROP_WINDOW_SIZE) { - /* Return to 511 samples in queue. */ - /* Get first value in queue - value to test. */ - byte val = (byte)prop_samples[prop_first]; - /* Update first index to remove first sample from the queue. */ - prop_first = (prop_first + 1) % PROP_WINDOW_SIZE; - /* Removed first sample from queue - remove count. */ - prop_cnt[val]--; - /* Update count of store values. */ - prop_total--; + /* Initialize counts for first window */ + for (i = 0; i < windowSize; i++) { + byteCounts[seed[i]]++; } - } - return ret; -} - -/* SP800-90b 4.3 - Requirements for Health Tests - * 1.4: The entropy source's startup tests shall run the continuous health - * tests over at least 1024 consecutive samples. - * - * Adaptive Proportion Test requires a number of samples to compared too. - */ -#define ENTROPY_INITIAL_COUNT (1024 + PROP_WINDOW_SIZE) - -/* Perform startup health testing. - * - * Fill adaptive proportion test buffer and then do 1024 samples. - * Perform repetition test on all samples expect last. - * - * Discards samples from health tests on failure. - * - * @return 0 on success. - * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. - */ -static int Entropy_HealthTest_Startup(void) -{ - int ret = 0; - byte initial[ENTROPY_INITIAL_COUNT]; - int i; - -#ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE - fprintf(stderr, "STARTUP HEALTH TEST\n"); -#endif - - /* Reset cached values before testing. */ - Entropy_HealthTest_Reset(); - - /* Fill initial sample buffer with noise. */ - Entropy_GetNoise(initial, ENTROPY_INITIAL_COUNT); - /* Health check initial noise. */ - for (i = 0; (ret == 0) && (i < ENTROPY_INITIAL_COUNT); i++) { - ret = Entropy_HealthTest_Repetition(initial[i]); - if (ret == 0) { - ret = Entropy_HealthTest_Proportion(initial[i]); + /* Check first window - scan all 256 counts */ + for (i = 0; i < MAX_ENTROPY_BITS; i++) { + aptFailed |= (byteCounts[i] >= WC_RNG_SEED_APT_CUTOFF); } - } - - if (ret != 0) { - /* Failing test only resets its own data. */ - Entropy_HealthTest_Reset(); - } - - return ret; -} -/* Condition raw entropy noise using SHA-3-256. - * - * Put noise into a hash function: SHA-3-256. - * Add the current time counter to help with uniqueness. - * - * @param [out] output Buffer to conditioned data. - * @param [in] len Number of bytes to put into output buffer. - * @param [in] noise Buffer with raw noise data. - * @param [in] noise_len Length of noise data in bytes. - * @return 0 on success. - * @return Negative on failure. - */ -static int Entropy_Condition(byte* output, word32 len, byte* noise, - word32 noise_len) -{ - int ret; + /* Slide window through remaining seed data */ + while ((windowStart + windowSize) < seedSz) { + /* Remove byte leaving the window */ + byteCounts[seed[windowStart]]--; + windowStart++; - /* Add noise to initialized hash. */ - ret = wc_Sha3_256_Update(&entropyHash, noise, noise_len); - if (ret == 0) { - word64 now = Entropy_TimeHiRes(); - /* Add time now counter. */ - ret = wc_Sha3_256_Update(&entropyHash, (byte*)&now, sizeof(now)); - } - if (ret == 0) { - /* Finalize into output buffer. */ - if (len == WC_SHA3_256_DIGEST_SIZE) { - ret = wc_Sha3_256_Final(&entropyHash, output); - } - else { - byte hash[WC_SHA3_256_DIGEST_SIZE]; + /* Add byte entering the window */ + newIdx = windowStart + windowSize - 1; + byteCounts[seed[newIdx]]++; - ret = wc_Sha3_256_Final(&entropyHash, hash); - if (ret == 0) { - XMEMCPY(output, hash, len); - } + /* Accumulate failure flag for new byte's count */ + aptFailed |= (byteCounts[seed[newIdx]] >= WC_RNG_SEED_APT_CUTOFF); } } - return ret; -} - -/* Mutex to prevent multiple callers requesting entropy operations at the - * same time. - */ -static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex); - -/* Get entropy of specified strength. - * - * SP800-90b 2.3.1 - GetEntropy: An Interface to the Entropy Source - * - * In threaded environment, only one thread at a time can get entropy. - * - * @param [in] bits Number of entropy bits. 256 is max value. - * @param [out] entropy Buffer to hold entropy. - * @param [in] len Length of data to put into buffer in bytes. - * @return 0 on success. - * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. - * @return BAD_MUTEX_E when unable to lock mutex. - */ -int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) -{ - int ret = 0; - WC_DECLARE_VAR(noise, byte, MAX_NOISE_CNT, 0); - /* Noise length is the number of 8 byte samples required to get the bits of - * entropy requested. */ - int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN; - - WC_ALLOC_VAR_EX(noise, byte, MAX_NOISE_CNT, NULL, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); - - /* Lock the mutex as collection uses globals. */ - if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) { - ret = BAD_MUTEX_E; + /* Set return code based on accumulated failure flags */ + if (rctFailed) { + ret = ENTROPY_RT_E; } - -#ifdef ENTROPY_MEMUSE_THREADED - if (ret == 0) { - /* Start the counter thread as a proxy for time counter. */ - ret = Entropy_StartThread(); - } -#endif - - /* Check we have had a startup health check pass. */ - if ((ret == 0) && ((prop_total == 0) || (!rep_have_prev))) { - /* Try again as check failed. */ - ret = Entropy_HealthTest_Startup(); + else if (aptFailed) { + ret = ENTROPY_APT_E; } - /* Keep putting data into buffer until full. */ - while ((ret == 0) && (len > 0)) { - int i; - word32 entropy_len = WC_SHA3_256_DIGEST_SIZE; - - /* Output 32 bytes at a time unless buffer has fewer bytes remaining. */ - if (len < entropy_len) { - entropy_len = len; - } - - /* Get raw entropy noise. */ - Entropy_GetNoise(noise, noise_len); - /* Health check each noise value. */ - for (i = 0; (ret == 0) && (i < noise_len); i++) { - ret = Entropy_HealthTest_Repetition(noise[i]); - if (ret == 0) { - ret = Entropy_HealthTest_Proportion(noise[i]); - } - } - - if (ret == 0) { - /* Condition noise value down to 32-bytes or less. */ - ret = Entropy_Condition(entropy, entropy_len, noise, noise_len); - } - if (ret == 0) { - /* Update buffer pointer and count of bytes left to generate. */ - entropy += entropy_len; - len -= entropy_len; - } - } - -#ifdef ENTROPY_MEMUSE_THREADED - /* Stop the counter thread to avoid thrashing the system. */ - Entropy_StopThread(); -#endif - - if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { - /* Unlock mutex now we are done. */ - wc_UnLockMutex(&entropy_mutex); - } - - WC_FREE_VAR_EX(noise, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return ret; } +#endif /* HAVE_HASHDRBG */ +/* End NIST DRBG Code */ -/* Performs on-demand testing. - * - * In threaded environment, locks out other threads from getting entropy. - * - * @return 0 on success. - * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. - * @return BAD_MUTEX_E when unable to lock mutex. - */ -int wc_Entropy_OnDemandTest(void) -{ - int ret = 0; - - /* Lock the mutex as we don't want collecting to happen during testing. */ - if (wc_LockMutex(&entropy_mutex) != 0) { - ret = BAD_MUTEX_E; - } - - if (ret == 0) { - /* Perform startup tests. */ - ret = Entropy_HealthTest_Startup(); - } - - if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { - /* Unlock mutex now we are done. */ - wc_UnLockMutex(&entropy_mutex); - } - return ret; -} - -/* Initialize global state for MemUse Entropy and do startup health test. - * - * @return 0 on success. - * @return Negative on failure. - */ -int Entropy_Init(void) -{ - int ret = 0; - - /* Check whether initialization has succeeded before. */ - if (!entropy_memuse_initialized) { - #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) - ret = wc_InitMutex(&entropy_mutex); - #endif - if (ret == 0) { - /* Initialize a SHA3-256 object for use in entropy operations. */ - ret = wc_InitSha3_256(&entropyHash, NULL, INVALID_DEVID); - } - /* Set globals initialized. */ - entropy_memuse_initialized = (ret == 0); - if (ret == 0) { - #ifdef ENTROPY_MEMUSE_THREADED - /* Start the counter thread as a proxy for time counter. */ - ret = Entropy_StartThread(); - if (ret == 0) - #endif - { - /* Do first startup test now. */ - ret = Entropy_HealthTest_Startup(); - } - #ifdef ENTROPY_MEMUSE_THREADED - /* Stop the counter thread to avoid thrashing the system. */ - Entropy_StopThread(); - #endif - } - } - - return ret; -} - -/* Finalize the data associated with the MemUse Entropy source. - */ -void Entropy_Final(void) -{ - /* Only finalize when initialized. */ - if (entropy_memuse_initialized) { - /* Dispose of the SHA3-356 hash object. */ - wc_Sha3_256_Free(&entropyHash); - #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) - wc_FreeMutex(&entropy_mutex); - #endif - /* Clear health test data. */ - Entropy_HealthTest_Reset(); - /* No longer initialized. */ - entropy_memuse_initialized = 0; - } -} - -/* Reset the data associated with the MemUse Entropy health tests. - */ -static void Entropy_HealthTest_Reset(void) -{ - Entropy_HealthTest_Repetition_Reset(); - Entropy_HealthTest_Proportion_Reset(); -} - -#endif /* HAVE_ENTROPY_MEMUSE */ static int _InitRng(WC_RNG* rng, byte* nonce, word32 nonceSz, void* heap, int devId) { int ret = 0; #ifdef HAVE_HASHDRBG +#if !defined(HAVE_FIPS) && defined(WOLFSSL_RNG_USE_FULL_SEED) + word32 seedSz = SEED_SZ; +#else word32 seedSz = SEED_SZ + SEED_BLOCK_SZ; + WC_DECLARE_VAR(seed, byte, MAX_SEED_SZ, rng->heap); +#ifdef WOLFSSL_SMALL_STACK_CACHE + int drbg_scratch_instantiated = 0; +#endif +#endif #endif (void)nonce; @@ -1667,6 +961,8 @@ if (nonce == NULL && nonceSz != 0) return BAD_FUNC_ARG; + XMEMSET(rng, 0, sizeof(*rng)); + #ifdef WOLFSSL_HEAP_TEST rng->heap = (void*)WOLFSSL_HEAP_TEST; (void)heap; @@ -1688,6 +984,9 @@ #ifdef HAVE_HASHDRBG /* init the DBRG to known values */ rng->drbg = NULL; + #ifdef WOLFSSL_SMALL_STACK_CACHE + rng->drbg_scratch = NULL; + #endif rng->status = DRBG_NOT_INIT; #endif @@ -1729,6 +1028,11 @@ } #endif +#if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && !defined(USE_WINDOWS_API) + if (!rng->seed.seedFdOpen) + rng->seed.fd = XBADFD; +#endif + #ifdef CUSTOM_RAND_GENERATE_BLOCK ret = 0; /* success */ #else @@ -1739,45 +1043,90 @@ seedSz = MAX_SEED_SZ; } - ret = wc_RNG_HealthTestLocal(0, rng->heap, devId); - if (ret != 0) { - #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret); - #endif - ret = DRBG_CONT_FAILURE; - } - else { - #ifndef WOLFSSL_SMALL_STACK - byte seed[MAX_SEED_SZ]; - #else - byte* seed = (byte*)XMALLOC(MAX_SEED_SZ, rng->heap, - DYNAMIC_TYPE_SEED); - if (seed == NULL) - return MEMORY_E; - #endif - #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) - rng->drbg = - (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap, - DYNAMIC_TYPE_RNG); - if (rng->drbg == NULL) { + rng->drbg = + (struct DRBG*)XMALLOC(sizeof(DRBG_internal), rng->heap, + DYNAMIC_TYPE_RNG); + if (rng->drbg == NULL) { #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes", + sizeof(DRBG_internal)); + #endif + ret = MEMORY_E; + rng->status = DRBG_FAILED; + } +#else + rng->drbg = (struct DRBG*)&rng->drbg_data; +#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */ + +#ifdef WOLFSSL_SMALL_STACK_CACHE + if (ret == 0) { + rng->drbg_scratch = + (DRBG_internal *)XMALLOC(sizeof(DRBG_internal), rng->heap, + DYNAMIC_TYPE_RNG); + if (rng->drbg_scratch == NULL) { +#if defined(DEBUG_WOLFSSL) WOLFSSL_MSG_EX("_InitRng XMALLOC failed to allocate %d bytes", sizeof(DRBG_internal)); - #endif +#endif ret = MEMORY_E; rng->status = DRBG_FAILED; } -#else - rng->drbg = (struct DRBG*)&rng->drbg_data; -#endif /* WOLFSSL_NO_MALLOC or WOLFSSL_STATIC_MEMORY */ + } + if (ret == 0) { + ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg_scratch, + NULL /* seed */, 0, NULL /* nonce */, 0, rng->heap, devId); + if (ret == 0) + drbg_scratch_instantiated = 1; + } + + if (ret == 0) { + rng->health_check_scratch = + (byte *)XMALLOC(RNG_HEALTH_TEST_CHECK_SIZE, rng->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (rng->health_check_scratch == NULL) { + ret = MEMORY_E; + rng->status = DRBG_FAILED; + } + } + + if (ret == 0) { + rng->newSeed_buf = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, + DYNAMIC_TYPE_SEED); + if (rng->newSeed_buf == NULL) { + ret = MEMORY_E; + rng->status = DRBG_FAILED; + } + } +#endif /* WOLFSSL_SMALL_STACK_CACHE */ + + if (ret == 0) { + ret = wc_RNG_HealthTestLocal(rng, 0, rng->heap, devId); if (ret != 0) { + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG_EX("wc_RNG_HealthTestLocal failed err = %d", ret); + #endif + ret = DRBG_CONT_FAILURE; + } + } + + #ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + WC_ALLOC_VAR_EX(seed, byte, MAX_SEED_SZ, rng->heap, DYNAMIC_TYPE_SEED, WC_DO_NOTHING); + if (seed == NULL) { + ret = MEMORY_E; + rng->status = DRBG_FAILED; + } + } + #endif + + if (ret != 0) { #if defined(DEBUG_WOLFSSL) - WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret); + WOLFSSL_MSG_EX("_InitRng failed. err = %d", ret); #endif - } - else { + } + else { #ifdef WC_RNG_SEED_CB if (seedCb == NULL) { ret = DRBG_NO_SEED_CB; @@ -1785,6 +1134,11 @@ else { ret = seedCb(&rng->seed, seed, seedSz); if (ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: seedCb in _InitRng() failed with err = %d", + ret); +#endif ret = DRBG_FAILURE; } } @@ -1794,6 +1148,10 @@ if (ret != 0) { #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG_EX("Seed generation failed... %d", ret); + #elif defined(WC_VERBOSE_RNG) + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_GenerateSeed() in _InitRng() failed with err %d", + ret); #endif ret = DRBG_FAILURE; rng->status = DRBG_FAILED; @@ -1805,23 +1163,49 @@ if (ret != 0) { WOLFSSL_MSG_EX("wc_RNG_TestSeed failed... %d", ret); } + #elif defined(WC_VERBOSE_RNG) + if (ret != DRBG_SUCCESS) { + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_RNG_TestSeed() in _InitRng() returned err %d.", + ret); + } #endif + if (ret == DRBG_SUCCESS) ret = Hash_DRBG_Instantiate((DRBG_internal *)rng->drbg, + #if defined(HAVE_FIPS) || !defined(WOLFSSL_RNG_USE_FULL_SEED) seed + SEED_BLOCK_SZ, seedSz - SEED_BLOCK_SZ, - nonce, nonceSz, rng->heap, devId); - - if (ret != DRBG_SUCCESS) { - #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) - XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); + #else + seed, seedSz, #endif - rng->drbg = NULL; - } - } /* ret == 0 */ + nonce, nonceSz, rng->heap, devId); + } /* ret == 0 */ + #ifdef WOLFSSL_SMALL_STACK + if (seed) + #endif + { ForceZero(seed, seedSz); - WC_FREE_VAR_EX(seed, rng->heap, DYNAMIC_TYPE_SEED); - } /* else swc_RNG_HealthTestLocal was successful */ + } + WC_FREE_VAR_EX(seed, rng->heap, DYNAMIC_TYPE_SEED); + + if (ret != DRBG_SUCCESS) { + #if !defined(WOLFSSL_NO_MALLOC) || defined(WOLFSSL_STATIC_MEMORY) + XFREE(rng->drbg, rng->heap, DYNAMIC_TYPE_RNG); + #endif + rng->drbg = NULL; + #ifdef WOLFSSL_SMALL_STACK_CACHE + XFREE(rng->health_check_scratch, rng->heap, DYNAMIC_TYPE_TMP_BUFFER); + rng->health_check_scratch = NULL; + XFREE(rng->newSeed_buf, rng->heap, DYNAMIC_TYPE_TMP_BUFFER); + rng->newSeed_buf = NULL; + if (drbg_scratch_instantiated) + (void)Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg_scratch); + XFREE(rng->drbg_scratch, rng->heap, DYNAMIC_TYPE_RNG); + rng->drbg_scratch = NULL; + #endif + } + /* else wc_RNG_HealthTestLocal was successful */ if (ret == DRBG_SUCCESS) { #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -1940,14 +1324,17 @@ #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) devId = rng->devId; #endif - if (wc_RNG_HealthTestLocal(1, rng->heap, devId) == 0) { - #ifndef WOLFSSL_SMALL_STACK - byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; + if (wc_RNG_HealthTestLocal(rng, 1, rng->heap, devId) == 0) { + #if defined(WOLFSSL_SMALL_STACK_CACHE) + byte* newSeed = rng->newSeed_buf; ret = DRBG_SUCCESS; - #else + #elif defined(WOLFSSL_SMALL_STACK) byte* newSeed = (byte*)XMALLOC(SEED_SZ + SEED_BLOCK_SZ, rng->heap, DYNAMIC_TYPE_SEED); ret = (newSeed == NULL) ? MEMORY_E : DRBG_SUCCESS; + #else + byte newSeed[SEED_SZ + SEED_BLOCK_SZ]; + ret = DRBG_SUCCESS; #endif if (ret == DRBG_SUCCESS) { #ifdef WC_RNG_SEED_CB @@ -1957,23 +1344,39 @@ else { ret = seedCb(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); if (ret != 0) { + #ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF("ERROR: seedCb() in PollAndReSeed() " + "failed with err %d", ret); + #endif ret = DRBG_FAILURE; } } #else ret = wc_GenerateSeed(&rng->seed, newSeed, SEED_SZ + SEED_BLOCK_SZ); - #endif - if (ret != 0) + if (ret != 0) { + #ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_GenerateSeed() in PollAndReSeed() failed with " + "err %d", ret); + #endif ret = DRBG_FAILURE; + } + #endif } - if (ret == DRBG_SUCCESS) + if (ret == DRBG_SUCCESS) { ret = wc_RNG_TestSeed(newSeed, SEED_SZ + SEED_BLOCK_SZ); - + #ifdef WC_VERBOSE_RNG + if (ret != DRBG_SUCCESS) + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_RNG_TestSeed() in PollAndReSeed() returned " + "err %d.", ret); + #endif + } if (ret == DRBG_SUCCESS) ret = Hash_DRBG_Reseed((DRBG_internal *)rng->drbg, newSeed + SEED_BLOCK_SZ, SEED_SZ); - #ifdef WOLFSSL_SMALL_STACK + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) if (newSeed != NULL) { ForceZero(newSeed, SEED_SZ + SEED_BLOCK_SZ); } @@ -1991,8 +1394,12 @@ #endif /* place a generated block in output */ +#ifdef WC_RNG_BANK_SUPPORT +static int wc_local_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +#else WOLFSSL_ABI int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +#endif { int ret; @@ -2039,6 +1446,11 @@ #ifdef CUSTOM_RAND_GENERATE_BLOCK XMEMSET(output, 0, sz); ret = (int)CUSTOM_RAND_GENERATE_BLOCK(output, sz); + #ifdef WC_VERBOSE_RNG + if (ret != 0) + WOLFSSL_DEBUG_PRINTF( + "ERROR: CUSTOM_RAND_GENERATE_BLOCK failed with err %d.", ret); + #endif #else #ifdef HAVE_HASHDRBG @@ -2088,6 +1500,42 @@ return ret; } +#ifdef WC_RNG_BANK_SUPPORT +WOLFSSL_ABI +int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz) +{ + if (rng == NULL) + return BAD_FUNC_ARG; + + if (rng->status == WC_DRBG_BANKREF) { + int ret; + struct wc_rng_bank_inst *bank_inst = NULL; + + ret = wc_local_rng_bank_checkout_for_bankref(rng->bankref, &bank_inst); + if (ret != 0) + return ret; + if (bank_inst == NULL) + return BAD_STATE_E; + ret = wc_local_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(bank_inst), + output, sz); + { + int checkin_ret = wc_rng_bank_checkin(rng->bankref, &bank_inst); + if (checkin_ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_RNG_GenerateBlock() wc_rng_bank_checkin() " + "failed with err %d.", checkin_ret); +#endif + if (ret == 0) + ret = checkin_ret; + } + } + return ret; + } + else + return wc_local_RNG_GenerateBlock(rng, output, sz); +} +#endif int wc_RNG_GenerateByte(WC_RNG* rng, byte* b) { @@ -2102,6 +1550,11 @@ if (rng == NULL) return BAD_FUNC_ARG; +#ifdef WC_RNG_BANK_SUPPORT + if (rng->status == WC_DRBG_BANKREF) + return wc_BankRef_Release(rng); +#endif /* WC_RNG_BANK_SUPPORT */ + #if defined(WOLFSSL_ASYNC_CRYPT) wolfAsync_DevCtxFree(&rng->asyncDev, WOLFSSL_ASYNC_MARKER_RNG); #endif @@ -2119,6 +1572,19 @@ rng->drbg = NULL; } + #ifdef WOLFSSL_SMALL_STACK_CACHE + if (rng->drbg_scratch != NULL) { + if (Hash_DRBG_Uninstantiate((DRBG_internal *)rng->drbg_scratch) != DRBG_SUCCESS) + ret = RNG_FAILURE_E; + XFREE(rng->drbg_scratch, rng->heap, DYNAMIC_TYPE_RNG); + rng->drbg_scratch = NULL; + } + XFREE(rng->health_check_scratch, rng->heap, DYNAMIC_TYPE_RNG); + rng->health_check_scratch = NULL; + XFREE(rng->newSeed_buf, rng->heap, DYNAMIC_TYPE_RNG); + rng->newSeed_buf = NULL; + #endif + rng->status = DRBG_NOT_INIT; #endif /* HAVE_HASHDRBG */ @@ -2128,6 +1594,15 @@ ret = WC_HW_E; #endif +#if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) && defined(XCLOSE) && \ + !defined(USE_WINDOWS_API) + if(rng->seed.seedFdOpen && rng->seed.fd != XBADFD) { + XCLOSE(rng->seed.fd); + rng->seed.fd = XBADFD; + rng->seed.seedFdOpen = 0; + } +#endif + return ret; } @@ -2143,17 +1618,14 @@ } -int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz, +static int wc_RNG_HealthTest_ex_internal(DRBG_internal* drbg, + int reseed, const byte* nonce, word32 nonceSz, const byte* seedA, word32 seedASz, const byte* seedB, word32 seedBSz, byte* output, word32 outputSz, void* heap, int devId) { int ret = -1; - DRBG_internal* drbg; -#ifndef WOLFSSL_SMALL_STACK - DRBG_internal drbg_var; -#endif if (seedA == NULL || output == NULL) { return BAD_FUNC_ARG; @@ -2167,20 +1639,19 @@ return ret; } -#ifdef WOLFSSL_SMALL_STACK - drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), heap, - DYNAMIC_TYPE_RNG); - if (drbg == NULL) { - return MEMORY_E; +#ifdef WOLFSSL_SMALL_STACK_CACHE + (void)heap; + (void)devId; + + if (Hash_DRBG_Init(drbg, seedA, seedASz, nonce, nonceSz) != 0) { + goto exit_rng_ht; } #else - drbg = &drbg_var; -#endif - if (Hash_DRBG_Instantiate(drbg, seedA, seedASz, nonce, nonceSz, heap, devId) != 0) { goto exit_rng_ht; } +#endif if (reseed) { if (Hash_DRBG_Reseed(drbg, seedB, seedBSz) != 0) { @@ -2206,11 +1677,51 @@ exit_rng_ht: +#ifndef WOLFSSL_SMALL_STACK_CACHE /* This is safe to call even if Hash_DRBG_Instantiate fails */ if (Hash_DRBG_Uninstantiate(drbg) != 0) { ret = -1; } +#endif + return ret; +} + +int wc_RNG_HealthTest_ex(int reseed, const byte* nonce, word32 nonceSz, + const byte* seedA, word32 seedASz, + const byte* seedB, word32 seedBSz, + byte* output, word32 outputSz, + void* heap, int devId) +{ + int ret = -1; + DRBG_internal* drbg; +#ifndef WOLFSSL_SMALL_STACK + DRBG_internal drbg_var; +#endif + +#ifdef WOLFSSL_SMALL_STACK + drbg = (DRBG_internal*)XMALLOC(sizeof(DRBG_internal), heap, + DYNAMIC_TYPE_RNG); + if (drbg == NULL) { + return MEMORY_E; + } +#else + drbg = &drbg_var; +#endif + +#ifdef WOLFSSL_SMALL_STACK_CACHE + ret = Hash_DRBG_Instantiate(drbg, + NULL /* seed */, 0, NULL /* nonce */, 0, heap, devId); + if (ret == 0) +#endif + { + ret = wc_RNG_HealthTest_ex_internal( + drbg, reseed, nonce, nonceSz, seedA, seedASz, + seedB, seedBSz, output, outputSz, heap, devId); +#ifdef WOLFSSL_SMALL_STACK_CACHE + Hash_DRBG_Uninstantiate(drbg); +#endif + } WC_FREE_VAR_EX(drbg, heap, DYNAMIC_TYPE_RNG); return ret; @@ -2267,13 +1778,30 @@ }; -static int wc_RNG_HealthTestLocal(int reseed, void* heap, int devId) +static int wc_RNG_HealthTestLocal(WC_RNG* rng, int reseed, void* heap, + int devId) { int ret = 0; +#ifdef WOLFSSL_SMALL_STACK_CACHE + byte *check = rng->health_check_scratch; + DRBG_internal* drbg = (DRBG_internal *)rng->drbg_scratch; +#else WC_DECLARE_VAR(check, byte, RNG_HEALTH_TEST_CHECK_SIZE, 0); + WC_DECLARE_VAR(drbg, DRBG_internal, 1, 0); + + (void)rng; WC_ALLOC_VAR_EX(check, byte, RNG_HEALTH_TEST_CHECK_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); + WC_ALLOC_VAR_EX(drbg, DRBG_internal, 1, heap, + DYNAMIC_TYPE_TMP_BUFFER, WC_DO_NOTHING); + #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (drbg == NULL) { + WC_FREE_VAR_EX(check, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } + #endif +#endif if (reseed) { #ifdef WOLFSSL_USE_FLASHMEM @@ -2299,7 +1827,7 @@ const byte* reseedSeedA = reseedSeedA_data; const byte* outputA = outputA_data; #endif - ret = wc_RNG_HealthTest_ex(1, NULL, 0, + ret = wc_RNG_HealthTest_ex_internal(drbg, 1, NULL, 0, seedA, sizeof(seedA_data), reseedSeedA, sizeof(reseedSeedA_data), check, RNG_HEALTH_TEST_CHECK_SIZE, @@ -2342,7 +1870,7 @@ WOLFSSL_MSG_EX("sizeof(seedB_data) = %d", (int)sizeof(outputB_data)); #endif - ret = wc_RNG_HealthTest_ex(0, NULL, 0, + ret = wc_RNG_HealthTest_ex_internal(drbg, 0, NULL, 0, seedB, sizeof(seedB_data), NULL, 0, check, RNG_HEALTH_TEST_CHECK_SIZE, @@ -2368,7 +1896,7 @@ * just concatenates them. The pivot point between seed and nonce is * byte 32, feed them into the health test separately. */ if (ret == 0) { - ret = wc_RNG_HealthTest_ex(0, + ret = wc_RNG_HealthTest_ex_internal(drbg, 0, seedB + 32, sizeof(seedB_data) - 32, seedB, 32, NULL, 0, @@ -2387,7 +1915,10 @@ #endif } +#ifndef WOLFSSL_SMALL_STACK_CACHE WC_FREE_VAR_EX(check, heap, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(drbg, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } @@ -2571,12 +2102,49 @@ { int ret; word64 rndTmp; + static int rdseed_sanity_status = 0; (void)os; if (!IS_INTEL_RDSEED(intel_flags)) return -1; + /* Note, access to rdseed_sanity_status is benignly racey on multithreaded + * targets. + */ + if (rdseed_sanity_status == 0) { + word64 sanity_word1 = 0, sanity_word2 = 0; + + ret = IntelRDseed64_r(&sanity_word1); + if (ret != 0) + return ret; + + ret = IntelRDseed64_r(&sanity_word2); + if (ret != 0) + return ret; + + if (sanity_word1 == sanity_word2) { + ret = IntelRDseed64_r(&sanity_word1); + if (ret != 0) + return ret; + + if (sanity_word1 == sanity_word2) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: disabling RDSEED due to repeating word 0x%lx -- " + "check CPU microcode version.", sanity_word2); +#endif + rdseed_sanity_status = -1; + return -1; + } + } + + rdseed_sanity_status = 1; + } + else if (rdseed_sanity_status < 0) { + return -1; + } + for (; (sz / sizeof(word64)) > 0; sz -= sizeof(word64), output += sizeof(word64)) { ret = IntelRDseed64_r((word64*)output); @@ -3770,32 +3338,10 @@ #elif defined(WOLFSSL_LINUXKM) - /* When registering the kernel default DRBG with a native/intrinsic entropy - * source, fallback to get_random_bytes() isn't allowed because we replace - * it with our DRBG. - */ - - #if defined(HAVE_ENTROPY_MEMUSE) && \ - defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) - - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - (void)os; - return wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); - } - - #elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED)) && \ - defined(LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) - - int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) - { - (void)os; - return wc_GenerateSeed_IntelRD(NULL, output, sz); - } - - #else /* !((HAVE_ENTROPY_MEMUSE || HAVE_*_RDSEED) && LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) */ + #ifndef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT + #include + #endif - #include int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { (void)os; @@ -3803,11 +3349,9 @@ #ifdef HAVE_ENTROPY_MEMUSE ret = wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); - if (ret == 0) { + if (ret == 0) return 0; - } #ifdef ENTROPY_MEMUSE_FORCE_FAILURE - /* Don't fallback to /dev/urandom. */ return ret; #endif #endif @@ -3815,23 +3359,30 @@ #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED) if (IS_INTEL_RDSEED(intel_flags)) { ret = wc_GenerateSeed_IntelRD(NULL, output, sz); - #ifndef FORCE_FAILURE_RDSEED if (ret == 0) - #endif - { - return ret; - } + return 0; + #ifdef FORCE_FAILURE_RDSEED + return ret; + #endif } #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */ + #ifdef LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT + #if !defined(HAVE_ENTROPY_MEMUSE) && \ + !defined(HAVE_INTEL_RDSEED) && \ + !defined(HAVE_AMD_RDSEED) + #error LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT requires an intrinsic entropy source. + #else + return ret; + #endif + #else (void)ret; get_random_bytes(output, sz); return 0; + #endif } - #endif /* !(HAVE_*_RDSEED && LINUXKM_LKCAPI_REGISTER_HASH_DRBG_DEFAULT) */ - #elif defined(WOLFSSL_BSDKM) #include int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) @@ -3954,7 +3505,17 @@ #elif defined(WOLFSSL_ZEPHYR) - #include + #ifdef __has_include + #if __has_include() + #include + #else + #include + #endif + #else + #include + #endif + + #include #if KERNEL_VERSION_NUMBER >= 0x30500 #include @@ -3966,14 +3527,12 @@ #endif #endif - #ifndef _POSIX_C_SOURCE - #if KERNEL_VERSION_NUMBER >= 0x30100 - #include - #else - #include - #endif - #else + #if KERNEL_VERSION_NUMBER >= 0x40300 #include + #elif KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include #endif int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) @@ -4188,14 +3747,20 @@ #ifdef HAVE_ENTROPY_MEMUSE ret = wc_Entropy_Get(MAX_ENTROPY_BITS, output, sz); if (ret == 0) { - return 0; + /* success, we're done */ + return ret; } - #ifdef ENTROPY_MEMUSE_FORCE_FAILURE - /* Don't fallback to /dev/urandom. */ + #ifdef ENTROPY_MEMUSE_FORCE_FAILURE + /* Don't fall back to /dev/urandom. */ return ret; + #else + /* Reset error and fall back to using /dev/urandom. */ + ret = 0; #endif #endif + #if !defined(HAVE_ENTROPY_MEMUSE) || !defined(ENTROPY_MEMUSE_FORCE_FAILURE) + #if defined(HAVE_INTEL_RDSEED) || defined(HAVE_AMD_RDSEED) if (IS_INTEL_RDSEED(intel_flags)) { ret = wc_GenerateSeed_IntelRD(NULL, output, sz); @@ -4204,15 +3769,24 @@ return ret; } #ifdef FORCE_FAILURE_RDSEED - /* don't fallback to /dev/urandom */ + /* Don't fall back to /dev/urandom. */ return ret; #else - /* reset error and fallback to using /dev/urandom */ + /* Reset error and fall back to using /dev/urandom. */ ret = 0; #endif } + #ifdef FORCE_FAILURE_RDSEED + else { + /* Don't fall back to /dev/urandom */ + return MISSING_RNG_E; + } + #endif #endif /* HAVE_INTEL_RDSEED || HAVE_AMD_RDSEED */ + #if (!defined(HAVE_INTEL_RDSEED) && !defined(HAVE_AMD_RDSEED)) || \ + !defined(FORCE_FAILURE_RDSEED) + #if defined(WOLFSSL_GETRANDOM) || defined(HAVE_GETRANDOM) { word32 grSz = sz; @@ -4240,10 +3814,10 @@ if (ret == 0) return ret; #ifdef FORCE_FAILURE_GETRANDOM - /* don't fallback to /dev/urandom */ + /* don't fall back to /dev/urandom */ return ret; #elif !defined(NO_FILESYSTEM) - /* reset error and fallback to using /dev/urandom if filesystem + /* reset error and fall back to using /dev/urandom if filesystem * support is compiled in */ ret = 0; #endif @@ -4251,25 +3825,55 @@ #endif #ifndef NO_FILESYSTEM - #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + if (!os->seedFdOpen) + { + #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ + os->fd = open("/dev/urandom", O_RDONLY); + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("opened /dev/urandom."); + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) + #endif /* NO_DEV_URANDOM */ + { + /* may still have /dev/random */ + os->fd = open("/dev/random", O_RDONLY); + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MSG("opened /dev/random."); + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) + return OPEN_RAN_E; + else { + os->keepSeedFdOpen = 0; + os->seedFdOpen = 1; + } + } + else { + os->keepSeedFdOpen = 1; + os->seedFdOpen = 1; + } + } + #else /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ + #ifndef NO_DEV_URANDOM /* way to disable use of /dev/urandom */ os->fd = open("/dev/urandom", O_RDONLY); #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/urandom."); - #endif - if (os->fd == -1) - #endif + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) + #endif /* !NO_DEV_URANDOM */ { /* may still have /dev/random */ os->fd = open("/dev/random", O_RDONLY); - #if defined(DEBUG_WOLFSSL) + #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("opened /dev/random."); - #endif - if (os->fd == -1) + #endif /* DEBUG_WOLFSSL */ + if (os->fd == XBADFD) return OPEN_RAN_E; } + #endif /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ #if defined(DEBUG_WOLFSSL) WOLFSSL_MSG("rnd read..."); - #endif + #endif /* DEBUG_WOLFSSL */ while (sz) { int len = (int)read(os->fd, output, sz); if (len == -1) { @@ -4286,17 +3890,31 @@ #else ret = RAN_BLOCK_E; break; - #endif + #endif /* BLOCKING || WC_RNG_BLOCKING */ } } + #ifdef WOLFSSL_KEEP_RNG_SEED_FD_OPEN + if (!os->keepSeedFdOpen && os->seedFdOpen) + { + close(os->fd); + os->fd = -1; + os->seedFdOpen = 0; + } + #else close(os->fd); -#else + #endif /* WOLFSSL_KEEP_RNG_SEED_FD_OPEN */ +#else /* NO_FILESYSTEM */ (void)output; (void)sz; ret = NOT_COMPILED_IN; #endif /* NO_FILESYSTEM */ return ret; + + #endif /* (!HAVE_INTEL_RDSEED && !HAVE_AMD_RDSEED) || !FORCE_FAILURE_RDSEED */ + + #endif /*!HAVE_ENTROPY_MEMUSE || !ENTROPY_MEMUSE_FORCE_FAILURE */ + } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rc2.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rc2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rc2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rc2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rc2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ripemd.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ripemd.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/ripemd.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/ripemd.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -317,7 +317,7 @@ AddLength(ripemd, ripemd->buffLen); /* before adding pads */ /* ensure we have a valid buffer length; */ - if (ripemd->buffLen > RIPEMD_BLOCK_SIZE) { + if (ripemd->buffLen >= RIPEMD_BLOCK_SIZE) { /* exit with error code if there's a bad buffer size in buffLen */ return BAD_STATE_E; } /* buffLen check */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rng_bank.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rng_bank.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rng_bank.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rng_bank.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,940 @@ +/* rng_bank.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WC_RNG_BANK_SUPPORT + +#include +#include + +WOLFSSL_API int wc_rng_bank_init( + struct wc_rng_bank *ctx, + int n_rngs, + word32 flags, + int timeout_secs, + void *heap, + int devId) +{ + int i; + int ret; + int need_reenable_vec = 0; + + if ((ctx == NULL) || (n_rngs <= 0)) + return BAD_FUNC_ARG; + + XMEMSET(ctx, 0, sizeof(*ctx)); + + wolfSSL_RefInit(&ctx->refcount, &ret); + if (ret != 0) + return ret; + + ctx->flags = flags | WC_RNG_BANK_FLAG_INITED; + ctx->heap = heap; + +#ifdef WC_RNG_BANK_STATIC + if (n_rngs > WC_RNG_BANK_STATIC_SIZE) + return BAD_LENGTH_E; +#else + ctx->rngs = (struct wc_rng_bank_inst *) + XMALLOC(sizeof(*ctx->rngs) * (size_t)n_rngs, + heap, DYNAMIC_TYPE_RNG); + if (! ctx->rngs) + ret = MEMORY_E; +#endif + + if (ret == 0) { + XMEMSET(ctx->rngs, 0, sizeof(*ctx->rngs) * (size_t)n_rngs); + ctx->n_rngs = n_rngs; + + for (i = 0; i < n_rngs; ++i) { +#ifdef WC_VERBOSE_RNG + int nretries = 0; +#endif + time_t ts1 = XTIME(0); + for (;;) { + time_t ts2; + + if (flags & WC_RNG_BANK_FLAG_NO_VECTOR_OPS) + need_reenable_vec = (DISABLE_VECTOR_REGISTERS() == 0); + ret = wc_InitRngNonce_ex( + WC_RNG_BANK_INST_TO_RNG(ctx->rngs + i), + (byte *)&ctx->rngs[i], sizeof(byte *), heap, devId); + + if (need_reenable_vec) + REENABLE_VECTOR_REGISTERS(); + /* if we're allowed to sleep, relax the loop between each inner + * iteration even on success, assuring relaxation of the outer + * iterations. + */ + WC_RELAX_LONG_LOOP(); + if (ret == 0) + break; + /* Allow interrupt only if we're stuck spinning retries -- i.e., + * don't allow an untimely user signal to derail an + * initialization that is proceeding expeditiously. + */ + ret = WC_CHECK_FOR_INTR_SIGNALS(); + if (ret == WC_NO_ERR_TRACE(INTERRUPTED_E)) + break; + ts2 = XTIME(0); + if (ts2 - ts1 > timeout_secs) { + ret = WC_TIMEOUT_E; + break; + } +#ifdef WC_VERBOSE_RNG + ++nretries; +#endif + } + if (ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_InitRng returned %d after %d retries.\n", ret, + nretries); +#endif + break; + } + } + } + + if (ret != 0) + (void)wc_rng_bank_fini(ctx); + + return ret; +} + +#ifndef WC_RNG_BANK_STATIC +WOLFSSL_API int wc_rng_bank_new( + struct wc_rng_bank **ctx, + int n_rngs, + word32 flags, + int timeout_secs, + void *heap, + int devId) +{ + int ret; + + if ((ctx == NULL) || (n_rngs <= 0)) + return BAD_FUNC_ARG; + + *ctx = (struct wc_rng_bank *)XMALLOC(sizeof(struct wc_rng_bank), heap, DYNAMIC_TYPE_RNG); + if (*ctx == NULL) + return MEMORY_E; + + ret = wc_rng_bank_init(*ctx, n_rngs, flags, timeout_secs, heap, devId); + + if (ret != 0) { + XFREE(*ctx, heap, DYNAMIC_TYPE_RNG); + *ctx = NULL; + } + + return ret; +} +#endif /* !WC_RNG_BANK_STATIC */ + +WOLFSSL_API int wc_rng_bank_set_affinity_handlers( + struct wc_rng_bank *ctx, + wc_affinity_lock_fn_t affinity_lock_cb, + wc_affinity_get_id_fn_t affinity_get_id_cb, + wc_affinity_unlock_fn_t affinity_unlock_cb, + void *cb_arg) +{ + if ((ctx == NULL) || + (! (ctx->flags & WC_RNG_BANK_FLAG_INITED))) + { + return BAD_FUNC_ARG; + } + if ((affinity_lock_cb == NULL) ^ (affinity_unlock_cb == NULL)) + return BAD_FUNC_ARG; + if (wolfSSL_RefCur(ctx->refcount) != 1) + return BUSY_E; + ctx->affinity_lock_cb = affinity_lock_cb; + ctx->affinity_get_id_cb = affinity_get_id_cb; + ctx->affinity_unlock_cb = affinity_unlock_cb; + ctx->cb_arg = cb_arg; + return 0; +} + +WOLFSSL_API int wc_rng_bank_fini(struct wc_rng_bank *ctx) { + int i; + + if (ctx == NULL) + return BAD_FUNC_ARG; + + if (ctx->flags == WC_RNG_BANK_FLAG_NONE) + return 0; + + if (! (ctx->flags & WC_RNG_BANK_FLAG_INITED)) + return BAD_FUNC_ARG; + + if (wolfSSL_RefCur(ctx->refcount) > 1) + return BUSY_E; + else if (wolfSSL_RefCur(ctx->refcount) < 1) + return BAD_STATE_E; + +#ifndef WC_RNG_BANK_STATIC + if (ctx->rngs) +#endif + { + for (i = 0; i < ctx->n_rngs; ++i) { + if (ctx->rngs[i].lock != 0) { + /* better to leak than to crash. */ +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_fini() called with RNG #%d still " + "locked.\n", i); +#endif + return BUSY_E; + } + } + + for (i = 0; i < ctx->n_rngs; ++i) { + wc_FreeRng(&ctx->rngs[i].rng); + } + +#ifndef WC_RNG_BANK_STATIC + XFREE(ctx->rngs, ctx->heap, DYNAMIC_TYPE_RNG); + ctx->rngs = NULL; +#endif + ctx->n_rngs = 0; + } + + wolfSSL_RefFree(&ctx->refcount); + + ctx->flags = WC_RNG_BANK_FLAG_NONE; + ctx->cb_arg = NULL; + + return 0; +} + +#ifndef WC_RNG_BANK_STATIC +WOLFSSL_API int wc_rng_bank_free(struct wc_rng_bank **ctx) { + int ret; + void *heap; + + if (ctx == NULL) + return BAD_FUNC_ARG; + + if (*ctx == NULL) + return 0; + + heap = (*ctx)->heap; + + ret = wc_rng_bank_fini(*ctx); + + if (ret == 0) { + XFREE(*ctx, heap, DYNAMIC_TYPE_RNG); + *ctx = NULL; + } + + return ret; +} +#endif /* !WC_RNG_BANK_STATIC */ + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + +/* The default_rng_bank facility is used by the Linux kernel module as a global + * resource for wc_rng_bank_checkout(), + * wc_local_rng_bank_checkout_for_bankref(), and wc_InitRng_BankRef(), and can + * be similarly used by any application, to cache DRBG seeding at application + * startup. + */ + +static struct wc_rng_bank * volatile default_rng_bank; + +WOLFSSL_API int wc_rng_bank_default_set(struct wc_rng_bank *bank) { + int ret; + struct wc_rng_bank *cur_default_rng_bank = NULL; + int new_refcount; + + if (bank == NULL) + return BAD_FUNC_ARG; + + if ((! (bank->flags & WC_RNG_BANK_FLAG_INITED)) || + (wolfSSL_RefCur(bank->refcount) < 1)) + { + return BAD_STATE_E; + } + + wolfSSL_RefInc2(&bank->refcount, &new_refcount, &ret); + if (ret != 0) + return ret; +#ifdef WC_VERBOSE_RNG + if (new_refcount < 2) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_default_set() new_refcount %d.\n", new_refcount); +#else + (void)new_refcount; +#endif + if (wolfSSL_Atomic_Ptr_CompareExchange((void * volatile *)&default_rng_bank, (void **)&cur_default_rng_bank, bank)) + return 0; + else { + wolfSSL_RefDec2(&bank->refcount, &new_refcount, &ret); +#ifdef WC_VERBOSE_RNG + if (new_refcount <= 0) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_default_set() cleanup popped refcount to %d.\n", new_refcount); +#else + (void)new_refcount; +#endif + return BUSY_E; + } +} + +/* Note wc_rng_bank_default_checkout() must not be called before + * wc_rng_bank_default_set() returns, or after wc_rng_bank_default_clear() is + * called -- it is the caller's responsibility to assure this. + */ +WOLFSSL_API int wc_rng_bank_default_checkout(struct wc_rng_bank **bank) { + int ret; + struct wc_rng_bank *cur_default_rng_bank = default_rng_bank; + if (bank == NULL) + return BAD_FUNC_ARG; + if (cur_default_rng_bank == NULL) + return BAD_STATE_E; + wolfSSL_RefInc(&cur_default_rng_bank->refcount, &ret); + if (ret == 0) + *bank = cur_default_rng_bank; + return ret; +} + +WOLFSSL_API int wc_rng_bank_default_checkin(struct wc_rng_bank **bank) { + int ret; + int new_refcount; + if ((bank == NULL) || (*bank == NULL)) + return BAD_FUNC_ARG; + wolfSSL_RefDec2(&(*bank)->refcount, &new_refcount, &ret); +#ifdef WC_VERBOSE_RNG + if (new_refcount <= 0) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_default_checkin() popped refcount to %d.\n", new_refcount); +#else + (void)new_refcount; +#endif + *bank = NULL; + return ret; +} + +/* Note, wc_rng_bank_default_clear() should only be called at module or + * application shutdown to avoid races with wc_rng_bank_default_checkout(), and + * must be called before wc_rng_bank_fini() on a bank previously passed to + * wc_rng_bank_default_set(). + */ +WOLFSSL_API int wc_rng_bank_default_clear(struct wc_rng_bank *bank) { + if ((bank != default_rng_bank) || (bank == NULL)) + return BAD_FUNC_ARG; + if (wolfSSL_Atomic_Ptr_CompareExchange((void * volatile *)&default_rng_bank, (void **)&bank, NULL)) { + int ret; + int new_refcount; + wolfSSL_RefDec2(&bank->refcount, &new_refcount, &ret); +#ifdef WC_VERBOSE_RNG + /* wc_rng_bank_fini() is the sole responsibility of the context that + * called wc_rng_bank_default_set() for this wc_rng_bank. + */ + if (new_refcount < 1) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_default_clear() popped refcount to %d.\n", new_refcount); + if (! (bank->flags & WC_RNG_BANK_FLAG_INITED)) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_default_clear() bank is already uninited.\n"); +#else + (void)new_refcount; +#endif + return ret; + } + else + return BUSY_E; +} + +#endif /* WC_RNG_BANK_DEFAULT_SUPPORT */ + +/* wc_rng_bank_checkout() uses atomic operations to get exclusive ownership of a + * DRBG without delay. It expects to be called in uninterruptible context, + * though works fine in any context. When _PREFER_AFFINITY_INST, it starts by + * trying the DRBG matching the local DRBG (usually the current CPU ID, returned + * by bank->affinity_get_id_cb()), and if that doesn't immediately succeed, and + * _CAN_FAIL_OVER_INST, it iterates upward until one succeeds. The first + * attempt will always succeed, even under intense load, unless there is or has + * recently been a reseed or mix-in operation competing with generators. + */ +WOLFSSL_API int wc_rng_bank_checkout( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst, + int preferred_inst_offset, + int timeout_secs, + word32 flags) +{ + int new_lock_value = WC_RNG_BANK_INST_LOCK_HELD; + int ret = 0; + time_t ts1, ts2; + int n_rngs_tried = 0; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + if ((bank == NULL) || + (rng_inst == NULL)) + { + return BAD_FUNC_ARG; + } + + if ((! (bank->flags & WC_RNG_BANK_FLAG_INITED)) || + (wolfSSL_RefCur(bank->refcount) < 1)) + { + return BAD_STATE_E; + } + + if ((flags & WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST) && + (bank->affinity_get_id_cb == NULL)) + { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_checkout() called with _PREFER_AFFINITY_INST but " + "no _get_id_cb.\n"); +#endif + return BAD_FUNC_ARG; + } + + if (flags & WC_RNG_BANK_FLAG_AFFINITY_LOCK) { + if ((bank->affinity_lock_cb == NULL) || + (bank->affinity_unlock_cb == NULL)) + { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_rng_bank_checkout() called with _AFFINITY_LOCK but " + "missing _lock_cb.\n"); +#endif + return BAD_FUNC_ARG; + } + ret = bank->affinity_lock_cb(bank->cb_arg); + if (ret == 0) + new_lock_value |= WC_RNG_BANK_INST_LOCK_AFFINITY_LOCKED; + else if (ret != WC_NO_ERR_TRACE(ALREADY_E)) + return ret; + } + + if (flags & WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST) { + preferred_inst_offset = -1; + ret = bank->affinity_get_id_cb(bank->cb_arg, &preferred_inst_offset); + if (ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "BUG: bank->affinity_get_id_cb() returned err %d.\n", ret); +#endif + } + else if (((preferred_inst_offset < 0) || + (preferred_inst_offset >= bank->n_rngs))) + { + ret = BAD_INDEX_E; + } + } + else { + if ((preferred_inst_offset < 0) || + (preferred_inst_offset >= bank->n_rngs)) + { + ret = BAD_INDEX_E; + } + } + + if ((timeout_secs > 0) && (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) + ts1 = XTIME(0); + else + ts1 = 0; /* mollify -Wmaybe-uninitialized... */ + + for (; ret == 0;) { + int expected = 0; + + if (wolfSSL_Atomic_Int_CompareExchange( + &bank->rngs[preferred_inst_offset].lock, + &expected, + new_lock_value)) + { + *rng_inst = &bank->rngs[preferred_inst_offset]; + + if ((! (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) && + (((struct DRBG_internal *)(*rng_inst)->rng.drbg)->reseedCtr >= + WC_RESEED_INTERVAL) && + (flags & WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST) && + (n_rngs_tried < bank->n_rngs)) + { + WOLFSSL_ATOMIC_STORE((*rng_inst)->lock, WC_RNG_BANK_INST_LOCK_FREE); + } + else { +#ifdef WC_VERBOSE_RNG + if ((! (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) && + (((struct DRBG_internal *)(*rng_inst)->rng.drbg)->reseedCtr >= + WC_RESEED_INTERVAL)) + { + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_checkout() returning RNG ID %d, " + "currently marked for reseed, to !_CAN_WAIT caller.\n", + preferred_inst_offset); + } + + /* Note that a caller can still encounter a PollAndReSeed() via + * wc_RNG_GenerateBlock() if a call bumps reseedCtr up to + * WC_RESEED_INTERVAL. In kernel mode, the default interval is + * the SP 800-90A max of 2.81E+14, which is unlikely to be + * reached in practice. + */ +#endif + + if ((flags | bank->flags) & WC_RNG_BANK_FLAG_NO_VECTOR_OPS) { + if (DISABLE_VECTOR_REGISTERS() == 0) + WOLFSSL_ATOMIC_STORE((*rng_inst)->lock, new_lock_value | + WC_RNG_BANK_INST_LOCK_VEC_OPS_INH); + } + + return 0; /* Short-circuit return, holding onto RNG and affinity + * locks and vector register inhibition. + */ + } + } + + if (flags & WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST) { + if ((! (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) && + (n_rngs_tried >= bank->n_rngs)) + { + ret = BUSY_E; + break; /* jump to cleanup. */ + } + ++preferred_inst_offset; + if (preferred_inst_offset >= bank->n_rngs) + preferred_inst_offset = 0; + ++n_rngs_tried; + } + else { + if (! (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) { + ret = BUSY_E; + break; /* jump to cleanup. */ + } + } + + if (flags & WC_RNG_BANK_FLAG_AFFINITY_LOCK) + (void)bank->affinity_unlock_cb(bank->cb_arg); + + ret = WC_CHECK_FOR_INTR_SIGNALS(); + if (ret == WC_NO_ERR_TRACE(INTERRUPTED_E)) + return ret; /* immediate return -- no locks held */ + + if (timeout_secs > 0) { + ts2 = XTIME(0); + if (ts2 - ts1 >= timeout_secs) + return WC_TIMEOUT_E; /* immediate return -- no locks held */ + } + WC_RELAX_LONG_LOOP(); + + if (flags & WC_RNG_BANK_FLAG_AFFINITY_LOCK) { + ret = bank->affinity_lock_cb(bank->cb_arg); + if (ret) + return ret; /* immediate return -- no locks held */ + } + + /* Note that we may have been migrated at this point, but it doesn't + * matter -- we only reach this point if we have to retry/iterate. + */ + } + + if (flags & WC_RNG_BANK_FLAG_AFFINITY_LOCK) + (void)bank->affinity_unlock_cb(bank->cb_arg); + + return ret; +} + +#ifdef WC_DRBG_BANKREF +WOLFSSL_LOCAL int wc_local_rng_bank_checkout_for_bankref( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst) +{ + return wc_rng_bank_checkout( + bank, rng_inst, 0, 0, + WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | + WC_RNG_BANK_FLAG_CAN_WAIT | + ((bank->affinity_get_id_cb != NULL) ? WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST : 0) | + ((bank->affinity_lock_cb != NULL) ? WC_RNG_BANK_FLAG_AFFINITY_LOCK : 0)); +} +#endif /* WC_DRBG_BANKREF */ + +static WC_INLINE int rng_inst_matches_bank( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst *rng_inst) +{ + if ((bank == NULL) || (rng_inst == NULL)) + return BAD_FUNC_ARG; +#ifdef WC_RNG_BANK_STATIC + if ((rng_inst >= &bank->rngs[0]) && + (rng_inst <= &bank->rngs[WC_RNG_BANK_STATIC_SIZE - 1])) + return 1; + else + return BAD_FUNC_ARG; +#else + if ((rng_inst >= bank->rngs) && + (rng_inst <= bank->rngs + bank->n_rngs - 1)) + return 1; + else + return BAD_FUNC_ARG; +#endif +} + +WOLFSSL_API int wc_rng_bank_checkin( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst) +{ + int lockval; + int ret; + + if (rng_inst == NULL) + return BAD_FUNC_ARG; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + ret = rng_inst_matches_bank(bank, *rng_inst); + if (ret < 0) + return ret; + + lockval = (int)WOLFSSL_ATOMIC_LOAD((*rng_inst)->lock); + + WOLFSSL_ATOMIC_STORE((*rng_inst)->lock, WC_RNG_BANK_INST_LOCK_FREE); + + *rng_inst = NULL; + + if (lockval & WC_RNG_BANK_INST_LOCK_VEC_OPS_INH) + REENABLE_VECTOR_REGISTERS(); + + if (lockval & WC_RNG_BANK_INST_LOCK_AFFINITY_LOCKED) + return bank->affinity_unlock_cb(bank->cb_arg); + else + return 0; +} + +/* note the rng_inst passed to wc_rng_bank_inst_reinit() must have been obtained + * via wc_rng_bank_checkout() to assure that the caller holds the proper locks. + */ +WOLFSSL_API int wc_rng_bank_inst_reinit( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst *rng_inst, + int timeout_secs, + word32 flags) +{ + int ret; + time_t ts1 = 0; + int devId; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + ret = rng_inst_matches_bank(bank, rng_inst); + if (ret < 0) + return BAD_FUNC_ARG; + + if (rng_inst->rng.drbg == NULL) + { + return BAD_FUNC_ARG; + } + + if ((timeout_secs > 0) && (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) + ts1 = XTIME(0); + +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + devId = rng_inst->rng.devId; +#else + devId = INVALID_DEVID; +#endif + + wc_FreeRng(&rng_inst->rng); + + for (;;) { + ret = wc_InitRngNonce_ex(WC_RNG_BANK_INST_TO_RNG(rng_inst), + (byte *)&rng_inst, sizeof(byte *), + bank->heap, devId); + if (ret == 0) + break; + if (! (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_inst_reinit() returning err %d.\n", ret); +#endif + break; + } + + if (timeout_secs > 0) { + time_t ts2 = XTIME(0); + if (ts2 - ts1 >= timeout_secs) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_inst_reinit() timed out, err %d.\n", + ret); +#endif + break; + } + } + } + + return ret; +} + +WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank, + const byte* seed, word32 seedSz, + int timeout_secs, + word32 flags) +{ + int ret = 0; + int n; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + if ((bank == NULL) || + (! (bank->flags & WC_RNG_BANK_FLAG_INITED))) + { + return BAD_FUNC_ARG; + } + + if (seedSz == 0) + return 0; + + /* this iteration counts down, whereas the iteration in get_drbg() counts + * up, to assure they can't possibly phase-lock to each other. + */ + for (n = bank->n_rngs - 1; n >= 0; --n) { + struct wc_rng_bank_inst *drbg; + ret = wc_rng_bank_checkout(bank, &drbg, n, timeout_secs, flags); + if (ret != 0) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_seed(): wc_rng_bank_checkout() for " + "inst#%d returned err %d.\n", n, ret); +#endif + break; + } + else if (drbg->rng.drbg == NULL) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_seed(): inst#%d has null .drbg.\n", n); +#endif + ret = BAD_STATE_E; + } + else if ((ret = wc_RNG_DRBG_Reseed(WC_RNG_BANK_INST_TO_RNG(drbg), seed, + seedSz)) != 0) + { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "WARNING: wc_rng_bank_seed(): Hash_DRBG_Reseed() for inst#%d " + "returned %d\n", n, ret); +#endif + } + + (void)wc_rng_bank_checkin(bank, &drbg); + + if (ret != 0) + break; + } + + return ret; +} + +WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank, + int timeout_secs, + word32 flags) +{ + int n; + int ret; + time_t ts1 = 0; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + if ((bank == NULL) || + (! (bank->flags & WC_RNG_BANK_FLAG_INITED))) + { + return BAD_FUNC_ARG; + } + + if (flags & (WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST | + WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST)) + return BAD_FUNC_ARG; + + if ((timeout_secs > 0) && (flags & WC_RNG_BANK_FLAG_CAN_WAIT)) + ts1 = XTIME(0); + + for (n = bank->n_rngs - 1; n >= 0; --n) { + struct wc_rng_bank_inst *drbg; + + ret = wc_rng_bank_checkout(bank, &drbg, n, timeout_secs, flags); + if (ret != 0) + return ret; + + ((struct DRBG_internal *)drbg->rng.drbg)->reseedCtr = + WC_RESEED_INTERVAL; + + if (flags & WC_RNG_BANK_FLAG_CAN_WAIT) { + byte scratch[4]; + for (;;) { + time_t ts2; + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(drbg), scratch, + (word32)sizeof(scratch)); + if (ret == 0) + break; + if ((timeout_secs <= 0) || + (! (flags & WC_RNG_BANK_FLAG_CAN_WAIT))) + { + break; + } + ts2 = XTIME(0); + if (ts2 - ts1 > timeout_secs) { +#ifdef WC_VERBOSE_RNG + WOLFSSL_DEBUG_PRINTF( + "ERROR: timeout after attempted reseed by " + "wc_RNG_GenerateBlock() for DRBG #%d, err %d.", n, ret); +#endif + ret = WC_TIMEOUT_E; + break; + } + } +#ifdef WC_VERBOSE_RNG + if ((ret != 0) && (ret != WC_NO_ERR_TRACE(WC_TIMEOUT_E))) + WOLFSSL_DEBUG_PRINTF( + "ERROR: wc_crng_reseed() wc_RNG_GenerateBlock() " + "for DRBG #%d returned %d.", n, ret); +#endif + (void)wc_rng_bank_checkin(bank, &drbg); + if (ret == WC_NO_ERR_TRACE(WC_TIMEOUT_E)) + return ret; + ret = WC_CHECK_FOR_INTR_SIGNALS(); + if (ret == WC_NO_ERR_TRACE(INTERRUPTED_E)) + return ret; + WC_RELAX_LONG_LOOP(); + } + else { + (void)wc_rng_bank_checkin(bank, &drbg); + } + } + + return 0; +} + +#ifdef WC_DRBG_BANKREF + +WOLFSSL_API int wc_InitRng_BankRef(struct wc_rng_bank *bank, WC_RNG *rng) +{ + int ret; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + if ((bank == NULL) || + (rng == NULL)) + { + return BAD_FUNC_ARG; + } + + if ((! (bank->flags & WC_RNG_BANK_FLAG_INITED)) || + (wolfSSL_RefCur(bank->refcount) < 1)) + { + return BAD_STATE_E; + } + + XMEMSET(rng, 0, sizeof(*rng)); + + wolfSSL_RefInc(&bank->refcount, &ret); + + if (ret != 0) + return ret; + + rng->heap = bank->heap; + rng->status = WC_DRBG_BANKREF; + rng->bankref = bank; + + return 0; +} + +WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng) +{ + int isZero = 0; + int ret = 0; + if (rng->bankref == NULL) + return BAD_FUNC_ARG; + wolfSSL_RefDec(&rng->bankref->refcount, &isZero, &ret); +#ifdef WC_VERBOSE_RNG + if (isZero) + WOLFSSL_DEBUG_PRINTF( + "BUG: wc_BankRef_Release() popped refcount to zero.\n"); +#else + (void)isZero; +#endif + rng->heap = NULL; + rng->status = WC_DRBG_NOT_INIT; + rng->bankref = NULL; + return ret; +} + +#if !defined(WC_RNG_BANK_STATIC) && !defined(WC_NO_CONSTRUCTORS) +WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng) { + int ret; + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + if (bank == NULL) + bank = default_rng_bank; +#endif + + if ((bank == NULL) || + (rng == NULL)) + { + return BAD_FUNC_ARG; + } + + if ((! (bank->flags & WC_RNG_BANK_FLAG_INITED)) || + (wolfSSL_RefCur(bank->refcount) < 1)) + { + return BAD_STATE_E; + } + + *rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), bank->heap, DYNAMIC_TYPE_RNG); + if (*rng == NULL) { + return MEMORY_E; + } + + ret = wc_InitRng_BankRef(bank, *rng); + if (ret != 0) { + XFREE(*rng, bank->heap, DYNAMIC_TYPE_RNG); + *rng = NULL; + } + + return ret; +} +#endif /* !WC_RNG_BANK_STATIC && !WC_NO_CONSTRUCTORS */ + +#endif /* WC_DRBG_BANKREF */ + +#endif /* WC_RNG_BANK_SUPPORT */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/rsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,29 +66,62 @@ #endif /* -Possible RSA enable options: - * NO_RSA: Overall control of RSA default: on - * (not defined) - * WC_RSA_BLINDING: Uses Blinding w/ Private Ops default: on - Note: slower by ~20% - * WOLFSSL_KEY_GEN: Allows Private Key Generation default: off - * RSA_LOW_MEM: NON CRT Private Operations, less memory default: off - * WC_NO_RSA_OAEP: Disables RSA OAEP padding default: on - * (not defined) - * WC_RSA_NONBLOCK: Enables support for RSA non-blocking default: off - * WC_RSA_NONBLOCK_TIME: Enables support for time based blocking default: off - * time calculation. - * WC_RSA_NO_FERMAT_CHECK:Don't check for small difference in default: off - * p and q (Fermat's factorization is (not defined) - * possible when small difference). -*/ - -/* -RSA Key Size Configuration: - * FP_MAX_BITS: With USE_FAST_MATH only default: 4096 - If USE_FAST_MATH then use this to override default. - Value is key size * 2. Example: RSA 3072 = 6144 -*/ + * RSA Build Options: + * + * Core: + * NO_RSA: Disable RSA support entirely default: off + * WOLFSSL_RSA_PUBLIC_ONLY: Only include RSA public key operations default: off + * WOLFSSL_RSA_VERIFY_ONLY: Only include RSA verify operation default: off + * WOLFSSL_RSA_VERIFY_INLINE: RSA verify inline (no output copy) default: off + * WC_RSA_DIRECT: Enable direct RSA encrypt/decrypt API default: off + * WC_RSA_NO_PADDING: Enable no-padding RSA mode default: off + * WOLFSSL_RSA_KEY_CHECK: Enable RSA key pair consistency check default: off + * WOLFSSL_RSA_CHECK_D_ON_DECRYPT: Validate private exponent d default: off + * before each decrypt operation + * WOLFSSL_RSA_DECRYPT_TO_0_LEN: Allow RSA decrypt result of 0 default: off + * length (empty plaintext) + * NO_RSA_BOUNDS_CHECK: Disable RSA bounds checking on input default: off + * SHOW_GEN: Show key generation progress dots default: off + * + * Padding: + * WC_RSA_PSS: Enable RSA-PSS signature support default: off + * WC_NO_RSA_OAEP: Disable RSA OAEP padding default: off + * WOLFSSL_PSS_LONG_SALT: Allow PSS salt longer than hash length default: off + * WOLFSSL_PSS_SALT_LEN_DISCOVER: Auto-discover PSS salt length default: off + * during verification + * + * Performance: + * WC_RSA_BLINDING: Use blinding with private key ops default: on + * Note: ~20% slower, protects against + * timing side-channels + * RSA_LOW_MEM: Non-CRT private ops, less memory default: off + * WC_RSA_NONBLOCK: Non-blocking RSA operations default: off + * WC_RSA_NONBLOCK_TIME: Time-based non-blocking RSA default: off + * WOLFSSL_MP_INVMOD_CONSTANT_TIME: Constant-time modular inverse default: off + * WC_RSA_NO_FERMAT_CHECK: Skip Fermat factorization check on default: off + * key generation (p and q closeness) + * + * Key Generation: + * WOLFSSL_KEY_GEN: Enable RSA private key generation default: off + * FP_MAX_BITS: Max key bits with USE_FAST_MATH default: 4096 + * Value is key size * 2 (e.g. RSA 3072 = 6144) + * + * SP Math: + * WOLFSSL_HAVE_SP_RSA: Use SP math for RSA operations default: off + * WOLFSSL_SP_MATH: Use SP math only (no multi-precision) default: off + * WOLFSSL_SP_MATH_ALL: SP math for all key sizes default: off + * WOLFSSL_SP_NO_2048: Disable SP RSA 2048-bit support default: off + * WOLFSSL_SP_NO_3072: Disable SP RSA 3072-bit support default: off + * WOLFSSL_SP_4096: Enable SP RSA 4096-bit support default: off + * WOLFSSL_SP_ASM: Use SP assembly optimizations default: off + * + * Hardware Acceleration (RSA-specific): + * WC_ASYNC_ENABLE_RSA: Enable async RSA operations default: off + * WOLFSSL_KCAPI_RSA: Linux kernel crypto API for RSA default: off + * WOLFSSL_AFALG_XILINX_RSA: AF_ALG Xilinx RSA acceleration default: off + * WOLFSSL_SE050_NO_RSA: Disable SE050 RSA default: off + * WOLFSSL_XILINX_CRYPT: Xilinx crypto RSA acceleration default: off + */ #include @@ -201,11 +234,6 @@ (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) key->dataIsAlloc = 0; #endif - key->data = NULL; - key->dataLen = 0; -#ifdef WC_RSA_BLINDING - key->rng = NULL; -#endif #ifdef WOLF_CRYPTO_CB key->devId = devId; @@ -562,6 +590,10 @@ return BAD_FUNC_ARG; } +#if defined(WOLFSSL_SE050) && !defined(WOLFSSL_SE050_NO_RSA) + se050_rsa_free_key(key); +#endif + wc_RsaCleanup(key); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) @@ -569,27 +601,17 @@ #endif #ifndef WOLFSSL_RSA_PUBLIC_ONLY - if (key->type == RSA_PRIVATE) { + /* Forcezero all private key fields that are present in this build + * configuration, since they may contain residual sensitive data even when + * key->type is not RSA_PRIVATE (e.g., after a partial key decode failure). */ #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) - mp_forcezero(&key->u); - mp_forcezero(&key->dQ); - mp_forcezero(&key->dP); -#endif - mp_forcezero(&key->q); - mp_forcezero(&key->p); - mp_forcezero(&key->d); - } - else { - /* private part */ -#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) - mp_clear(&key->u); - mp_clear(&key->dQ); - mp_clear(&key->dP); -#endif - mp_clear(&key->q); - mp_clear(&key->p); - mp_clear(&key->d); - } + mp_forcezero(&key->u); + mp_forcezero(&key->dQ); + mp_forcezero(&key->dP); +#endif + mp_forcezero(&key->q); + mp_forcezero(&key->p); + mp_forcezero(&key->d); #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ /* public part */ @@ -633,7 +655,11 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng) { static const char* msg = "Everyone gets Friday off."; - byte* sig; +#ifndef WOLFSSL_NO_MALLOC + byte* sig = NULL; +#else + byte sig[RSA_MAX_SIZE/8]; +#endif byte* plain; int ret = 0; word32 msgLen, plainLen, sigLen; @@ -648,11 +674,13 @@ WOLFSSL_MSG("Doing RSA consistency test"); +#ifndef WOLFSSL_NO_MALLOC /* Sign and verify. */ sig = (byte*)XMALLOC(sigLen, key->heap, DYNAMIC_TYPE_RSA); if (sig == NULL) { return MEMORY_E; } +#endif XMEMSET(sig, 0, sigLen); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("Pairwise CT sig", sig, sigLen); @@ -695,7 +723,9 @@ ret = RSA_KEY_PAIR_E; ForceZero(sig, sigLen); +#ifndef WOLFSSL_NO_MALLOC XFREE(sig, key->heap, DYNAMIC_TYPE_RSA); +#endif return ret; } @@ -703,7 +733,10 @@ int wc_CheckRsaKey(RsaKey* key) { - WC_DECLARE_VAR(rng, WC_RNG, 1, 0); + WC_RNG *rng = NULL; +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + WC_RNG rng_buf; +#endif int ret = 0; DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE); @@ -718,17 +751,34 @@ } #endif - WC_ALLOC_VAR_EX(rng, WC_RNG, 1, NULL, DYNAMIC_TYPE_RNG, - return MEMORY_E); NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), NULL, DYNAMIC_TYPE_RSA); #ifdef MP_INT_SIZE_CHECK_NULL if (tmp == NULL) { - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); return MEMORY_E; } #endif - ret = wc_InitRng(rng); + if (key->rng) + rng = key->rng; + else { +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + rng = &rng_buf; +#else + rng = (WC_RNG *)XMALLOC(sizeof(*rng), NULL, DYNAMIC_TYPE_RNG); + if (rng == NULL) { + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); + return MEMORY_E; + } +#endif + ret = wc_InitRng(rng); + if (ret != 0) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); +#endif + return ret; + } + } SAVE_VECTOR_REGISTERS(ret = _svr_ret;); @@ -846,11 +896,14 @@ RESTORE_VECTOR_REGISTERS(); - wc_FreeRng(rng); - FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); + if ((rng != NULL) && (rng != key->rng)) { + wc_FreeRng(rng); #ifdef WOLFSSL_SMALL_STACK - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); -#elif defined(WOLFSSL_CHECK_MEM_ZERO) + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); +#endif + } + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); +#ifdef WOLFSSL_CHECK_MEM_ZERO mp_memzero_check(tmp); #endif @@ -969,6 +1022,10 @@ #endif if (ret != 0) { /* check for if dynamic memory was needed, then free */ +#ifdef WOLFSSL_SMALL_STACK_CACHE + wc_HashFree(hash, hType); + XFREE(hash, heap, DYNAMIC_TYPE_DIGEST); +#endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (tmpF) { XFREE(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); @@ -1538,7 +1595,7 @@ byte* optLabel, word32 labelLen, void* heap) { word32 hLen; - volatile int ret; + int ret; byte h[WC_MAX_DIGEST_SIZE]; /* max digest size */ word32 idx; word32 i; @@ -1573,8 +1630,9 @@ #endif /* find seedMask value */ - if ((ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)), - pkcsBlockLen - hLen - 1, tmp, hLen, heap)) != 0) { + ret = RsaMGF(mgf, (byte*)(pkcsBlock + (hLen + 1)), + pkcsBlockLen - hLen - 1, tmp, hLen, heap); + if (ret != 0) { WC_FREE_VAR_EX(tmp, heap, DYNAMIC_TYPE_RSA_BUFFER); return ret; } @@ -1583,8 +1641,8 @@ xorbuf(tmp, pkcsBlock + 1, hLen); /* get dbMask value */ - if ((ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, - pkcsBlockLen - hLen - 1, heap)) != 0) { + ret = RsaMGF(mgf, tmp, hLen, tmp + hLen, pkcsBlockLen - hLen - 1, heap); + if (ret != 0) { ForceZero(tmp, hLen); #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_RSA_BUFFER); @@ -1616,7 +1674,8 @@ } /* create hash of label for comparison with hash sent */ - if ((ret = wc_Hash(hType, optLabel, labelLen, h, hLen)) != 0) { + ret = wc_Hash(hType, optLabel, labelLen, h, hLen); + if (ret != 0) { return ret; } @@ -1626,13 +1685,14 @@ Attackers should not be able to get error condition from the timing of these checks. */ - ret = 0; - ret |= ConstantCompare(pkcsBlock + hLen + 1, h, (int)hLen); - ret += pkcsBlock[idx++] ^ 0x01; /* separator value is 0x01 */ - ret += pkcsBlock[0] ^ 0x00; /* Y, the first value, should be 0 */ + { + volatile int c = ConstantCompare(pkcsBlock + hLen + 1, h, (int)hLen); + c = c + (pkcsBlock[idx++] ^ 0x01); /* separator value is 0x01 */ + c = c + (pkcsBlock[0] ^ 0x00); /* Y, the first value, should be 0 */ - /* Return 0 data length on error. */ - idx = ctMaskSelWord32(ctMaskEq(ret, 0), idx, pkcsBlockLen); + /* Return 0 data length on error. */ + idx = ctMaskSelWord32(ctMaskEq(c, 0), idx, pkcsBlockLen); + } /* adjust pointer to correct location in array and return size of M */ *output = (byte*)(pkcsBlock + idx); @@ -1791,7 +1851,7 @@ /* UnPad plaintext, set start to *output, return length of plaintext, * < 0 on error */ static int RsaUnPad(const byte *pkcsBlock, unsigned int pkcsBlockLen, - byte **output, byte padValue) + const byte **output, byte padValue) { int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); word16 i; @@ -1820,7 +1880,7 @@ return RSA_PAD_E; } - *output = (byte *)(pkcsBlock + i); + *output = (const byte *)(pkcsBlock + i); ret = (int)pkcsBlockLen - i; } #ifndef WOLFSSL_RSA_VERIFY_ONLY @@ -1830,6 +1890,8 @@ volatile byte invalid = 0; volatile byte minPad; volatile int invalidMask; + byte inv; + word16 sep; i = 0; /* Decrypted with private key - unpad must be constant time. */ @@ -1840,18 +1902,24 @@ pastSep |= ctMask16Eq(pkcsBlock[j], 0x00); } + /* Snapshot volatiles to avoid multiple volatile accesses per + * expression. */ + inv = invalid; + sep = pastSep; + /* Minimum of 11 bytes of pre-message data - including leading 0x00. */ minPad = ctMaskLT(i, RSA_MIN_PAD_SZ); - invalid |= minPad; + inv |= minPad; /* Must have seen separator. */ - invalid |= (byte)~pastSep; + inv |= (byte)~sep; /* First byte must be 0x00. */ - invalid |= ctMaskNotEq(pkcsBlock[0], 0x00); + inv |= ctMaskNotEq(pkcsBlock[0], 0x00); /* Check against expected block type: padValue */ - invalid |= ctMaskNotEq(pkcsBlock[1], padValue); + inv |= ctMaskNotEq(pkcsBlock[1], padValue); - *output = (byte *)(pkcsBlock + i); - invalidMask = (int)-1 + (int)(invalid >> 7); + invalid = inv; + *output = (const byte *)(pkcsBlock + i); + invalidMask = (int)-1 + (int)(inv >> 7); ret = invalidMask & ((int)pkcsBlockLen - i); } #endif @@ -1873,7 +1941,8 @@ switch (padType) { case WC_RSA_PKCSV15_PAD: /*WOLFSSL_MSG("wolfSSL Using RSA PKCSV15 un-padding");*/ - ret = RsaUnPad(pkcsBlock, pkcsBlockLen, out, padValue); + ret = RsaUnPad(pkcsBlock, pkcsBlockLen, (const byte **)(void *)out, + padValue); break; #ifndef WC_NO_RSA_OAEP @@ -1968,27 +2037,17 @@ case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD5: case WC_HASH_TYPE_MD5_SHA: - #ifndef WOLFSSL_NOSHA512_224 - case WC_HASH_TYPE_SHA512_224: - #endif - #ifndef WOLFSSL_NOSHA512_256 - case WC_HASH_TYPE_SHA512_256: - #endif + case WC_HASH_TYPE_SHA512_224: + case WC_HASH_TYPE_SHA512_256: case WC_HASH_TYPE_SHA3_224: case WC_HASH_TYPE_SHA3_256: case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: -#ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: -#endif - #ifdef WOLFSSL_SHAKE128 - case WC_HASH_TYPE_SHAKE128: - #endif - #ifdef WOLFSSL_SHAKE256 - case WC_HASH_TYPE_SHAKE256: - #endif + case WC_HASH_TYPE_SHAKE128: + case WC_HASH_TYPE_SHAKE256: default: break; } @@ -3094,8 +3153,7 @@ #endif /* WOLFSSL_CRYPTOCELL */ #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \ - !defined(NO_RSA_BOUNDS_CHECK) +#if !defined(NO_RSA_BOUNDS_CHECK) /* Check that 1 < in < n-1. (Requirement of 800-56B.) */ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, int checkSmallCt) @@ -3137,8 +3195,7 @@ return ret; } -#endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && - * !NO_RSA_BOUNDS_CHECK */ +#endif /* !NO_RSA_BOUNDS_CHECK */ #endif /* WOLF_CRYPTO_CB_ONLY_RSA */ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, @@ -3207,6 +3264,17 @@ } #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !TEST_UNPAD_CONSTANT_TIME && \ * !NO_RSA_BOUNDS_CHECK */ +#if !defined(NO_RSA_BOUNDS_CHECK) + if (type == RSA_PUBLIC_DECRYPT && + key->state == RSA_STATE_DECRYPT_EXPTMOD) { + + ret = RsaFunctionCheckIn(in, inLen, key, checkSmallCt); + if (ret != 0) { + RESTORE_VECTOR_REGISTERS(); + return ret; + } + } +#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_RSA && @@ -3357,7 +3425,12 @@ mgf, label, labelSz, sz); } else if (rsa_type == RSA_PRIVATE_ENCRYPT && - pad_value == RSA_BLOCK_TYPE_1) { + pad_value == RSA_BLOCK_TYPE_1 && + pad_type != WC_RSA_PSS_PAD) { + /* SE050 handles PKCS#1 v1.5 signing directly. PSS signing falls + * through to software path because the SE050 PSS sign API + * (Se05x_API_RSASign) is hash-then-sign and does not support + * signing a pre-computed digest without double-hashing. */ return se050_rsa_sign(in, inLen, out, outLen, key, rsa_type, pad_value, pad_type, hash, mgf, label, labelSz, sz); @@ -3523,7 +3596,12 @@ return ret; } else if (rsa_type == RSA_PUBLIC_DECRYPT && - pad_value == RSA_BLOCK_TYPE_1) { + pad_value == RSA_BLOCK_TYPE_1 && + pad_type != WC_RSA_PSS_PAD) { + /* SE050 handles PKCS#1 v1.5 verification directly. PSS + * verification falls through to software path to match the + * software PSS signing path (SE050 PSS sign uses hash-then-sign + * which double-hashes a pre-computed digest). */ ret = se050_rsa_verify(in, inLen, out, outLen, key, rsa_type, pad_value, pad_type, hash, mgf, label, labelSz); @@ -3636,15 +3714,28 @@ if (rsa_type == RSA_PRIVATE_DECRYPT) { word32 i = 0; word32 j; + byte last = 0; int start = (int)((size_t)pad - (size_t)key->data); for (j = 0; j < key->dataLen; j++) { - signed char c; - out[i] = key->data[j]; - c = (signed char)ctMaskGTE((int)j, start); - c &= (signed char)ctMaskLT((int)i, (int)outLen); - /* 0 - no add, -1 add */ - i += (word32)((byte)(-c)); + signed char incMask; + signed char maskData; + + /* When j < start + outLen then out[i] = key->data[j] + * else out[i] = last + */ + maskData = (signed char)ctMaskLT((int)j, + start + (int)outLen); + out[i] = (byte)(key->data[j] & maskData ) | + (byte)(last & (~maskData)); + last = out[i]; + + /* Increment i when j is in range: + * [start..(start + outLen - 1)]. */ + incMask = (signed char)ctMaskGTE((int)j, start); + incMask &= (signed char)ctMaskLT((int)j, + start + (int)outLen - 1); + i += (word32)((byte)(-incMask)); } } else @@ -3749,7 +3840,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -3773,7 +3864,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -3796,7 +3887,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -3820,7 +3911,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -3843,7 +3934,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -3888,7 +3979,7 @@ return BAD_FUNC_ARG; } -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) rng = key->rng; #else rng = NULL; @@ -3954,7 +4045,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -4012,7 +4103,7 @@ { WC_RNG* rng; int ret; -#ifdef WC_RSA_BLINDING +#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) if (key == NULL) { return BAD_FUNC_ARG; } @@ -4116,7 +4207,7 @@ /* Sig = Salt | Exp Hash */ if (ret == 0) { - word32 totalSz; + word32 totalSz = 0; if ((WC_SAFE_SUM_WORD32(inSz, (word32)saltLen, totalSz) == 0) || (sigSz != totalSz)) { @@ -5222,8 +5313,7 @@ #endif /* !FIPS || FIPS_VER >= 2 */ #endif /* WOLFSSL_KEY_GEN */ - -#ifdef WC_RSA_BLINDING +#ifndef WC_NO_RNG int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng) { if (key == NULL || rng == NULL) @@ -5233,7 +5323,7 @@ return 0; } -#endif /* WC_RSA_BLINDING */ +#endif /* !WC_NO_RNG */ #ifdef WC_RSA_NONBLOCK int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb) @@ -5360,13 +5450,13 @@ else if (key != NULL) { mp_clear(&key->n); mp_clear(&key->e); - mp_clear(&key->d); - mp_clear(&key->p); - mp_clear(&key->q); + mp_forcezero(&key->d); + mp_forcezero(&key->p); + mp_forcezero(&key->q); #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) - mp_clear(&key->u); - mp_clear(&key->dP); - mp_clear(&key->dQ); + mp_forcezero(&key->u); + mp_forcezero(&key->dP); + mp_forcezero(&key->dQ); #endif } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sakke.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sakke.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2510,7 +2510,7 @@ err = sakke_load_params(key); } if (err == 0) { - word16 n = (word16)((mp_count_bits(&key->params.prime) + 7) / 8); + word16 n = (word16)WC_BITS_TO_BYTES(mp_count_bits(&key->params.prime)); *authSz = (word16)(1 + 2 * n); } @@ -6709,7 +6709,7 @@ err = sakke_load_params(key); } if (err == 0) { - n = (word16)((mp_count_bits(&key->params.prime) + 7) / 8); + n = (word16)WC_BITS_TO_BYTES(mp_count_bits(&key->params.prime)); /* Uncompressed point */ outSz = (word16)(1 + 2 * n); @@ -6807,7 +6807,7 @@ err = sakke_load_params(key); } if (err == 0) { - n = (word16)((mp_count_bits(&key->params.prime) + 7) / 8); + n = (word16)WC_BITS_TO_BYTES(mp_count_bits(&key->params.prime)); if ((ssv != NULL) && (*ssvSz > n)) { err = BAD_FUNC_ARG; @@ -6886,7 +6886,7 @@ err = sakke_load_params(key); } if (err == 0) { - n = (word16)((mp_count_bits(&key->params.prime) + 7) / 8); + n = (word16)WC_BITS_TO_BYTES(mp_count_bits(&key->params.prime)); if (authSz != 2 * n + 1) { err = BAD_FUNC_ARG; @@ -6941,7 +6941,8 @@ err = sakke_compute_point_r(key, key->id, key->idSz, ri, n, test); } - if ((err == 0) && (XMEMCMP(auth, test, (size_t)(2 * n + 1)) != 0)) { + /* n is word16, so 2*n+1 always fits in int */ + if ((err == 0) && (ConstantCompare(auth, test, (int)(2 * n + 1)) != 0)) { err = SAKKE_VERIFY_FAIL_E; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,26 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-1 Build Options: + * + * Core: + * NO_SHA: Disable SHA-1 support entirely default: off + * USE_SLOW_SHA: Disable SHA-1 loop unrolling default: off + * WC_HASH_DATA_ALIGNMENT: Required data alignment for hashing default: off + * + * Hardware Acceleration (SHA-1-specific): + * WC_ASYNC_ENABLE_SHA: Enable async SHA-1 operations default: off + * WOLFSSL_PIC32MZ_HASH: PIC32MZ hardware SHA default: off + * WOLFSSL_PSA_NO_HASH: Disable PSA hash default: off + * WOLFSSL_TI_HASH: TI hardware hash default: off + * WOLFSSL_RENESAS_RX64_HASH: Renesas RX64 hardware hash default: off + * FREESCALE_LTC_SHA: Freescale LTC SHA acceleration default: off + * FREESCALE_MMCAU_SHA: Freescale MMCAU SHA acceleration default: off + * STM32_HASH: STM32 hardware hash default: off + * PSOC6_HASH_SHA1: PSoC6 hardware SHA-1 default: off + */ + #include #ifdef DEBUG_WOLFSSL_VERBOSE @@ -434,7 +454,7 @@ #ifndef XTRANSFORM #define XTRANSFORM(S,B) Transform((S),(B)) - #define blk0(i) (W[i] = *((word32*)&data[(i)*sizeof(word32)])) + #define blk0(i) (W[i] = *((const word32*)&data[(i)*sizeof(word32)])) #define blk1(i) (W[(i)&15] = \ rotlFixed(W[((i)+13)&15]^W[((i)+8)&15]^W[((i)+2)&15]^W[(i)&15],1)) @@ -561,12 +581,10 @@ sha->devId = devId; sha->devCtx = NULL; #endif - -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); - if (ret != 0) { - return ret; - } +#ifdef WOLFSSL_HASH_KEEP + sha->msg = NULL; + sha->len = 0; + sha->used = 0; #endif #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW @@ -1062,7 +1080,7 @@ #endif { ret = wc_CryptoCb_Free(sha->devId, WC_ALGO_TYPE_HASH, - WC_HASH_TYPE_SHA, (void*)sha); + WC_HASH_TYPE_SHA, 0, (void*)sha); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -1087,9 +1105,6 @@ #ifdef WOLFSSL_PIC32MZ_HASH wc_ShaPic32Free(sha); #endif -#ifdef MAX3266X_SHA_CB - wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); -#endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) se050_hash_free(&sha->se050Ctx); #endif @@ -1105,6 +1120,14 @@ DCPShaFree(sha); #endif +#ifdef WOLFSSL_HASH_KEEP + if (sha->msg != NULL) { + ForceZero(sha->msg, sha->len); + XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); + sha->msg = NULL; + } +#endif + #if defined(PSOC6_HASH_SHA1) wc_Psoc6_Sha_Free(); #endif @@ -1137,7 +1160,7 @@ return BAD_FUNC_ARG; } - WC_ALLOC_VAR_EX(tmpSha, wc_Sha, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, + WC_CALLOC_VAR_EX(tmpSha, wc_Sha, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); ret = wc_ShaCopy(sha, tmpSha); @@ -1172,6 +1195,9 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., msg + * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ + wc_ShaFree(dst); XMEMCPY(dst, src, sizeof(wc_Sha)); #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) @@ -1195,12 +1221,6 @@ esp_sha_ctx_copy(src, dst); #endif -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); - if (ret != 0) { - return ret; - } -#endif #if defined(PSOC6_HASH_SHA1) wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA1, 0); @@ -1209,6 +1229,18 @@ #ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif + +#if defined(WOLFSSL_HASH_KEEP) + if (src->msg != NULL) { + dst->msg = (byte*)XMALLOC(src->len, dst->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (dst->msg == NULL) { + return MEMORY_E; + } + XMEMCPY(dst->msg, src->msg, src->used); + } +#endif + return ret; } #endif /* WOLFSSL_RENESAS_RX64_HASH */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -678,7 +678,10 @@ sha256->devCtx = NULL; #endif #ifdef WOLFSSL_SMALL_STACK_CACHE - sha256->W = NULL; + sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, + sha256->heap, DYNAMIC_TYPE_DIGEST); + if (sha256->W == NULL) + return MEMORY_E; #endif ret = InitSha256(sha256); @@ -1103,7 +1106,13 @@ return ret; sha256->heap = heap; +#ifdef WOLF_CRYPTO_CB + sha256->devId = devId; + sha256->devCtx = NULL; +#else (void)devId; +#endif + #ifdef WOLFSSL_SMALL_STACK_CACHE sha256->W = NULL; @@ -1156,14 +1165,11 @@ sha256->devId = devId; sha256->devCtx = NULL; #endif - #ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); - if (ret != 0) { - return ret; - } - #endif #ifdef WOLFSSL_SMALL_STACK_CACHE - sha256->W = NULL; + sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, + sha256->heap, DYNAMIC_TYPE_DIGEST); + if (sha256->W == NULL) + return MEMORY_E; #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) @@ -1244,13 +1250,8 @@ #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_NO_MALLOC) word32* W = sha256->W; - if (W == NULL) { - W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, - sha256->heap, DYNAMIC_TYPE_DIGEST); - if (W == NULL) - return MEMORY_E; - sha256->W = W; - } + if (W == NULL) + return BAD_FUNC_ARG; #elif defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) word32* W; W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, @@ -1728,7 +1729,7 @@ 2 * sizeof(word32)); } #endif - #if defined(WOLFSSL_ARMASM) + #if defined(WOLFSSL_ARMASM) && !defined(FREESCALE_MMCAU_SHA) ByteReverseWords( &sha256->buffer[WC_SHA256_PAD_SIZE / sizeof(word32)], &sha256->buffer[WC_SHA256_PAD_SIZE / sizeof(word32)], 2 * sizeof(word32)); @@ -2065,6 +2066,15 @@ { int ret = 0; +#ifdef WOLFSSL_SMALL_STACK_CACHE + if (sha224->W == NULL) { + sha224->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, + sha224->heap, DYNAMIC_TYPE_DIGEST); + if (sha224->W == NULL) + return MEMORY_E; + } +#endif + sha224->digest[0] = 0xc1059ed8; sha224->digest[1] = 0x367cd507; sha224->digest[2] = 0x3070dd17; @@ -2295,7 +2305,7 @@ #endif { ret = wc_CryptoCb_Free(sha224->devId, WC_ALGO_TYPE_HASH, - WC_HASH_TYPE_SHA224, (void*)sha224); + WC_HASH_TYPE_SHA224, 0, (void*)sha224); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -2372,7 +2382,7 @@ #endif { ret = wc_CryptoCb_Free(sha256->devId, WC_ALGO_TYPE_HASH, - WC_HASH_TYPE_SHA256, (void*)sha256); + WC_HASH_TYPE_SHA256, 0, (void*)sha256); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -2400,9 +2410,6 @@ } #endif -#ifdef MAX3266X_SHA_CB - wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); -#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256); @@ -2536,7 +2543,7 @@ return BAD_FUNC_ARG; } - WC_ALLOC_VAR_EX(tmpSha224, wc_Sha224, 1, NULL, + WC_CALLOC_VAR_EX(tmpSha224, wc_Sha224, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); ret = wc_Sha224Copy(sha224, tmpSha224); @@ -2572,10 +2579,18 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., msg + * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ + wc_Sha224Free(dst); XMEMCPY(dst, src, sizeof(wc_Sha224)); #ifdef WOLFSSL_SMALL_STACK_CACHE - dst->W = NULL; + dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, + dst->heap, DYNAMIC_TYPE_DIGEST); + if (dst->W == NULL) { + XMEMSET(dst, 0, sizeof(wc_Sha224)); + return MEMORY_E; + } #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) @@ -2676,7 +2691,7 @@ return BAD_FUNC_ARG; } - WC_ALLOC_VAR_EX(tmpSha256, wc_Sha256, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, + WC_CALLOC_VAR_EX(tmpSha256, wc_Sha256, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); ret = wc_Sha256Copy(sha256, tmpSha256); @@ -2713,21 +2728,23 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., msg + * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ + wc_Sha256Free(dst); XMEMCPY(dst, src, sizeof(wc_Sha256)); #ifdef WOLFSSL_MAXQ10XX_CRYPTO wc_MAXQ10XX_Sha256Copy(src); #endif -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); - if (ret != 0) { - return ret; - } -#endif #ifdef WOLFSSL_SMALL_STACK_CACHE - dst->W = NULL; + dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, + dst->heap, DYNAMIC_TYPE_DIGEST); + if (dst->W == NULL) { + XMEMSET(dst, 0, sizeof(wc_Sha256)); + return MEMORY_E; + } #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha256_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha256_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha3.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-3 Build Options: + * + * Core: + * WOLFSSL_SHA3: Enable SHA-3 support default: off + * WOLFSSL_SHA3_SMALL: Use smaller SHA-3 implementation default: off + * WOLFSSL_SHAKE128: Enable SHAKE128 XOF default: off + * WOLFSSL_SHAKE256: Enable SHAKE256 XOF default: off + * SHA3_BY_SPEC: Use specification Keccak-f order default: off + * WC_SHA3_NO_ASM: Disable SHA-3 assembly optimizations default: off + * WC_SHA3_FAULT_HARDEN: Harden SHA-3 against fault attacks default: off + * + * Hardware Acceleration (SHA-3-specific): + * WC_ASYNC_ENABLE_SHA3: Enable async SHA-3 operations default: off + * WOLFSSL_ARMASM_CRYPTO_SHA3: ARM crypto SHA-3 instructions default: off + * STM32_HASH_SHA3: STM32 hardware SHA-3 default: off + * PSOC6_HASH_SHA3: PSoC6 hardware SHA-3 default: off + */ + #include #ifdef WC_SHA3_NO_ASM @@ -585,7 +604,7 @@ * a Array of bytes. * returns a 64-bit integer. */ -static word64 Load64BitBigEndian(const byte* a) +static word64 Load64BitLittleEndian(const byte* a) { word64 n = 0; int i; @@ -595,6 +614,31 @@ return n; } +#elif defined(WC_SHA3_FAULT_HARDEN) +static WC_INLINE word64 Load64Unaligned(const unsigned char *a) +{ +#ifdef WC_64BIT_CPU + return *(word64*)a; +#elif defined(WC_32BIT_CPU) + return (((word64)((word32*)a)[1]) << 32) | + ((word32*)a)[0]; +#else + return (((word64)((word16*)a)[3]) << 48) | + (((word64)((word16*)a)[2]) << 32) | + (((word64)((word16*)a)[1]) << 16) | + ((word16*)a)[0]; +#endif +} + +/* Convert the array of bytes, in little-endian order, to a 64-bit integer. + * + * a Array of bytes. + * returns a 64-bit integer. + */ +static word64 Load64BitLittleEndian(const byte* a) +{ + return Load64Unaligned(a); +} #endif /* Initialize the state for a SHA3-224 hash operation. @@ -687,6 +731,10 @@ { word32 i; word32 blocks; +#ifdef WC_SHA3_FAULT_HARDEN + word32 check = 0; + word32 total_check = 0; +#endif #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) { @@ -703,19 +751,37 @@ t = &sha3->t[sha3->i]; for (i = 0; i < l; i++) { t[i] = data[i]; + #ifdef WC_SHA3_FAULT_HARDEN + check++; + #endif } + #ifdef WC_SHA3_FAULT_HARDEN + if (check != l) { + return BAD_COND_E; + } + total_check += l; + #endif data += i; len -= i; sha3->i = (byte)(sha3->i + i); if (sha3->i == p * 8) { - #if !defined(BIG_ENDIAN_ORDER) + #if !defined(BIG_ENDIAN_ORDER) && !defined(WC_SHA3_FAULT_HARDEN) xorbuf(sha3->s, sha3->t, (word32)(p * 8)); - #else + #else for (i = 0; i < p; i++) { - sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); + sha3->s[i] ^= Load64BitLittleEndian(sha3->t + 8 * i); + #ifdef WC_SHA3_FAULT_HARDEN + check++; + #endif + } + #ifdef WC_SHA3_FAULT_HARDEN + if (check != p + l) { + return BAD_COND_E; } + total_check += p; #endif + #endif #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else @@ -733,14 +799,25 @@ blocks = 0; } #endif +#ifdef WC_SHA3_FAULT_HARDEN + total_check += blocks * p; +#endif for (; blocks > 0; blocks--) { - #if !defined(BIG_ENDIAN_ORDER) +#if !defined(BIG_ENDIAN_ORDER) && !defined(WC_SHA3_FAULT_HARDEN) xorbuf(sha3->s, data, (word32)(p * 8)); - #else +#else for (i = 0; i < p; i++) { sha3->s[i] ^= Load64Unaligned(data + 8 * i); + #ifdef WC_SHA3_FAULT_HARDEN + check++; + #endif + } + #ifdef WC_SHA3_FAULT_HARDEN + if (check != total_check - ((blocks - 1) * p)) { + return BAD_COND_E; } #endif +#endif #ifdef SHA3_FUNC_PTR (*SHA3_BLOCK)(sha3->s); #else @@ -749,6 +826,11 @@ len -= p * 8U; data += p * 8U; } +#ifdef WC_SHA3_FAULT_HARDEN + if (check != total_check) { + return BAD_COND_E; + } +#endif #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) { RESTORE_VECTOR_REGISTERS(); @@ -774,11 +856,14 @@ { word32 rate = p * 8U; word32 j; -#if defined(BIG_ENDIAN_ORDER) +#if defined(BIG_ENDIAN_ORDER) || defined(WC_SHA3_FAULT_HARDEN) word32 i; #endif +#ifdef WC_SHA3_FAULT_HARDEN + int check = 0; +#endif -#if !defined(BIG_ENDIAN_ORDER) +#if !defined(BIG_ENDIAN_ORDER) && !defined(WC_SHA3_FAULT_HARDEN) xorbuf(sha3->s, sha3->t, sha3->i); #ifdef WOLFSSL_HASH_FLAGS if ((p == WC_SHA3_256_COUNT) && (sha3->flags & WC_HASH_SHA3_KECCAK256)) { @@ -800,9 +885,17 @@ XMEMSET(sha3->t + sha3->i + 1, 0, rate - 1U - (sha3->i + 1U)); } for (i = 0; i < p; i++) { - sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i); + sha3->s[i] ^= Load64BitLittleEndian(sha3->t + 8 * i); + #ifdef WC_SHA3_FAULT_HARDEN + check++; + #endif + } +#ifdef WC_SHA3_FAULT_HARDEN + if (check != p) { + return BAD_COND_E; } #endif +#endif #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP) if (SHA3_BLOCK == sha3_block_avx2) @@ -843,80 +936,79 @@ #endif #if defined(STM32_HASH_SHA3) - /* Supports CubeMX HAL or Standard Peripheral Library */ +/* Supports CubeMX HAL or Standard Peripheral Library */ - static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) - { - if (sha3 == NULL) - return BAD_FUNC_ARG; +static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) +{ + if (sha3 == NULL) + return BAD_FUNC_ARG; - (void)devId; - (void)heap; + (void)devId; + (void)heap; - XMEMSET(sha3, 0, sizeof(wc_Sha3)); - wc_Stm32_Hash_Init(&sha3->stmCtx); - return 0; - } + XMEMSET(sha3, 0, sizeof(wc_Sha3)); + wc_Stm32_Hash_Init(&sha3->stmCtx); + return 0; +} - static int Stm32GetAlgo(byte p) - { - switch(p) { - case WC_SHA3_224_COUNT: - return HASH_ALGOSELECTION_SHA3_224; - case WC_SHA3_256_COUNT: - return HASH_ALGOSELECTION_SHA3_256; - case WC_SHA3_384_COUNT: - return HASH_ALGOSELECTION_SHA3_384; - case WC_SHA3_512_COUNT: - return HASH_ALGOSELECTION_SHA3_512; - } - /* Should never get here */ - return WC_SHA3_224_COUNT; +static int Stm32GetAlgo(byte p) +{ + switch(p) { + case WC_SHA3_224_COUNT: + return HASH_ALGOSELECTION_SHA3_224; + case WC_SHA3_256_COUNT: + return HASH_ALGOSELECTION_SHA3_256; + case WC_SHA3_384_COUNT: + return HASH_ALGOSELECTION_SHA3_384; + case WC_SHA3_512_COUNT: + return HASH_ALGOSELECTION_SHA3_512; } + /* Should never get here */ + return WC_SHA3_224_COUNT; +} - static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) - { - int ret = 0; +static int wc_Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p) +{ + int ret = 0; - if (sha3 == NULL) { - return BAD_FUNC_ARG; - } - if (data == NULL && len == 0) { - /* valid, but do nothing */ - return 0; - } - if (data == NULL) { - return BAD_FUNC_ARG; - } + if (sha3 == NULL) { + return BAD_FUNC_ARG; + } + if (data == NULL && len == 0) { + /* valid, but do nothing */ + return 0; + } + if (data == NULL) { + return BAD_FUNC_ARG; + } - ret = wolfSSL_CryptHwMutexLock(); - if (ret == 0) { - ret = wc_Stm32_Hash_Update(&sha3->stmCtx, - Stm32GetAlgo(p), data, len, p * 8); - wolfSSL_CryptHwMutexUnLock(); - } - return ret; + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Update(&sha3->stmCtx, Stm32GetAlgo(p), data, len, + p * 8); + wolfSSL_CryptHwMutexUnLock(); } + return ret; +} - static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) - { - int ret = 0; +static int wc_Sha3Final(wc_Sha3* sha3, byte* hash, byte p, byte len) +{ + int ret = 0; - if (sha3 == NULL || hash == NULL) { - return BAD_FUNC_ARG; - } + if (sha3 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } - ret = wolfSSL_CryptHwMutexLock(); - if (ret == 0) { - ret = wc_Stm32_Hash_Final(&sha3->stmCtx, - Stm32GetAlgo(p), hash, len); - wolfSSL_CryptHwMutexUnLock(); - } + ret = wolfSSL_CryptHwMutexLock(); + if (ret == 0) { + ret = wc_Stm32_Hash_Final(&sha3->stmCtx, Stm32GetAlgo(p), hash, len); + wolfSSL_CryptHwMutexUnLock(); + } - (void)wc_InitSha3(sha3, NULL, 0); /* reset state */ + (void)wc_InitSha3(sha3, NULL, 0); /* reset state */ - return ret; - } + return ret; +} #elif defined(PSOC6_HASH_SHA3) static int wc_InitSha3(wc_Sha3* sha3, void* heap, int devId) @@ -1179,7 +1271,7 @@ #endif { ret = wc_CryptoCb_Free(sha3->devId, WC_ALGO_TYPE_HASH, - sha3->hashType, (void*)sha3); + sha3->hashType, 0, (void*)sha3); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -1233,6 +1325,9 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., + * hardware contexts). XMEMCPY overwrites dst. */ + wc_Sha3Free(dst); XMEMCPY(dst, src, sizeof(wc_Sha3)); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA3) @@ -1269,6 +1364,7 @@ if (sha3 == NULL || hash == NULL) return BAD_FUNC_ARG; + XMEMSET(&tmpSha3, 0, sizeof(tmpSha3)); ret = wc_Sha3Copy(sha3, &tmpSha3); if (ret == 0) { ret = wc_Sha3Final(&tmpSha3, hash, p, len); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha3_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha3_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha3_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha3_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -9928,7 +9928,7 @@ #ifndef __APPLE__ .size sha3_block_n_avx2,.-sha3_block_n_avx2 #endif /* __APPLE__ */ -#if defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM) +#if defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA) #ifndef __APPLE__ .text .globl sha3_blocksx4_avx2 @@ -20664,7 +20664,7 @@ #ifndef __APPLE__ .size sha3_128_blocksx4_seed_avx2,.-sha3_128_blocksx4_seed_avx2 #endif /* __APPLE__ */ -#endif /* defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM) */ +#endif /* defined(WOLFSSL_WC_MLKEM) || defined(WOLFSSL_WC_DILITHIUM) || defined(WOLFSSL_HAVE_SLHDSA) */ #ifdef WOLFSSL_WC_MLKEM #ifndef __APPLE__ .data diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,10 +19,45 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-512/384 Build Options: + * + * Core: + * WOLFSSL_SHA512: Enable SHA-512 support default: off + * WOLFSSL_SHA384: Enable SHA-384 support default: off + * WOLFSSL_NOSHA512_224: Disable SHA-512/224 variant default: off + * WOLFSSL_NOSHA512_256: Disable SHA-512/256 variant default: off + * + * Performance: + * USE_SLOW_SHA512: Disable SHA-512 loop unrolling default: off + * USE_SLOW_SHA2: Disable SHA-2 loop unrolling default: off + * WOLFSSL_HASH_FLAGS: Enable hash flags for state tracking default: off + * WOLFSSL_HASH_KEEP: Keep hash input data for reuse default: off + * WOLFSSL_SMALL_STACK_CACHE: Cache hash state on small stack default: off + * WC_NO_INTERNAL_FUNCTION_POINTERS: Disable internal func ptrs default: off + * + * Hardware Acceleration (SHA-512-specific): + * WC_ASYNC_ENABLE_SHA512: Enable async SHA-512 operations default: off + * WC_ASYNC_ENABLE_SHA384: Enable async SHA-384 operations default: off + * WOLFSSL_KCAPI_HASH: Linux kernel crypto API for hashing default: off + * WOLFSSL_SE050_HASH: SE050 hardware hashing default: off + * WOLFSSL_SILABS_SHA384: Silicon Labs SHA-384 acceleration default: off + * WOLFSSL_SILABS_SHA512: Silicon Labs SHA-512 acceleration default: off + * NO_IMX6_CAAM_HASH: Disable i.MX6 CAAM hash default: off + * NO_WOLFSSL_ESP32_CRYPT_HASH: Disable ESP32 hash acceleration default: off + * WOLFSSL_ARMASM_CRYPTO_SHA512: ARM crypto SHA-512 instructions default: off + * STM32_HASH_SHA384: STM32 hardware SHA-384 default: off + * STM32_HASH_SHA512: STM32 hardware SHA-512 default: off + * WOLFSSL_SHA512_HASHTYPE: SHA-512 hash type for hw dispatch default: off + * MAX3266X_SHA: MAX3266X hardware SHA default: off + * PSOC6_HASH_SHA2: PSoC6 hardware SHA-2 default: off + * WOLFSSL_RENESAS_RSIP: Renesas RSIP SHA acceleration default: off + */ + #include #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ - !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM) + !defined(WOLFSSL_RISCV_ASM) /* determine if we are using Espressif SHA hardware acceleration */ #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW @@ -867,36 +902,53 @@ return BAD_FUNC_ARG; } + XMEMSET(sha512, 0, sizeof(*sha512)); sha512->heap = heap; #ifdef WOLFSSL_SMALL_STACK_CACHE - sha512->W = NULL; + /* This allocation combines the customary W buffer used by + * _Transform_Sha512() with additional buffer space used by + * wc_Sha512Transform(). + */ + sha512->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE, + sha512->heap, DYNAMIC_TYPE_DIGEST); + if (sha512->W == NULL) + return MEMORY_E; #endif #ifdef WOLF_CRYPTO_CB sha512->devId = devId; sha512->devCtx = NULL; #endif - /* call the initialization function pointed to by initfp */ - ret = initfp(sha512); - if (ret != 0) - return ret; - #ifdef WOLFSSL_HASH_KEEP sha512->msg = NULL; sha512->len = 0; sha512->used = 0; #endif + /* call the initialization function pointed to by initfp */ + ret = initfp(sha512); + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) - ret = wolfAsync_DevCtxInit(&sha512->asyncDev, + if (ret == 0) { + ret = wolfAsync_DevCtxInit(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512, sha512->heap, devId); + } #else (void)devId; #endif /* WOLFSSL_ASYNC_CRYPT */ #ifdef WOLFSSL_IMXRT1170_CAAM - ret = wc_CAAM_HashInit(&sha512->hndl, &sha512->ctx, WC_HASH_TYPE_SHA512); + if (ret == 0) + ret = wc_CAAM_HashInit(&sha512->hndl, &sha512->ctx, WC_HASH_TYPE_SHA512); +#endif + +#ifdef WOLFSSL_SMALL_STACK_CACHE + if (ret != 0) { + XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_DIGEST); + sha512->W = NULL; + } #endif + return ret; } /* InitSha512_Family */ @@ -912,11 +964,6 @@ sha512->ctx.mode = ESP32_SHA_INIT; #endif -#ifdef MAX3266X_SHA_CB - if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){ - return BAD_FUNC_ARG; - } -#endif return InitSha512_Family(sha512, heap, devId, InitSha512); } @@ -1031,14 +1078,10 @@ word32 j; word64 T[8]; -#ifdef WOLFSSL_SMALL_STACK_CACHE +#if defined(WOLFSSL_SMALL_STACK_CACHE) word64* W = sha512->W; - if (W == NULL) { - W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (W == NULL) - return MEMORY_E; - sha512->W = W; - } + if (W == NULL) + return BAD_FUNC_ARG; #elif defined(WOLFSSL_SMALL_STACK) word64* W; W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -1624,7 +1667,7 @@ #endif { ret = wc_CryptoCb_Free(sha512->devId, WC_ALGO_TYPE_HASH, - WC_HASH_TYPE_SHA512, (void*)sha512); + WC_HASH_TYPE_SHA512, 0, (void*)sha512); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -1646,7 +1689,7 @@ #ifdef WOLFSSL_SMALL_STACK_CACHE if (sha512->W != NULL) { - ForceZero(sha512->W, sizeof(word64) * 16); + ForceZero(sha512->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE); XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER); sha512->W = NULL; } @@ -1665,9 +1708,6 @@ } #endif -#ifdef MAX3266X_SHA_CB - wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); -#endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512); @@ -1699,7 +1739,15 @@ return BAD_FUNC_ARG; } -#ifdef WOLFSSL_SMALL_STACK + +#if defined(WOLFSSL_SMALL_STACK_CACHE) + if (sha->W == NULL) + return BAD_FUNC_ARG; + /* Skip over the initial `W' buffer at the start (used by + * _Transform_Sha512()). + */ + buffer = sha->W + 16; +#elif defined(WOLFSSL_SMALL_STACK) buffer = (word64*)XMALLOC(WC_SHA512_BLOCK_SIZE, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buffer == NULL) @@ -1733,7 +1781,7 @@ XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE); #endif -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE) ForceZero(buffer, WC_SHA512_BLOCK_SIZE); XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -1867,6 +1915,19 @@ return BAD_FUNC_ARG; } +#ifdef WOLFSSL_SMALL_STACK_CACHE + if (sha384->W == NULL) { + /* This allocation combines the customary W buffer used by + * _Transform_Sha512() with additional buffer space used by + * wc_Sha512Transform(). + */ + sha384->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE, + sha384->heap, DYNAMIC_TYPE_DIGEST); + if (sha384->W == NULL) + return MEMORY_E; + } +#endif + sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8); sha384->digest[1] = W64LIT(0x629a292a367cd507); sha384->digest[2] = W64LIT(0x9159015a3070dd17); @@ -2030,12 +2091,6 @@ sha384->ctx.mode = ESP32_SHA_INIT; #endif -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); - if (ret != 0) { - return ret; - } -#endif ret = InitSha384(sha384); if (ret != 0) { @@ -2085,7 +2140,7 @@ #endif { ret = wc_CryptoCb_Free(sha384->devId, WC_ALGO_TYPE_HASH, - WC_HASH_TYPE_SHA384, (void*)sha384); + WC_HASH_TYPE_SHA384, 0, (void*)sha384); /* If they want the standard free, they can call it themselves */ /* via their callback setting devId to INVALID_DEVID */ /* otherwise assume the callback handled it */ @@ -2106,7 +2161,7 @@ #ifdef WOLFSSL_SMALL_STACK_CACHE if (sha384->W != NULL) { - ForceZero(sha384->W, sizeof(word64) * 16); + ForceZero(sha384->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE); XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER); sha384->W = NULL; } @@ -2140,9 +2195,6 @@ } #endif -#ifdef MAX3266X_SHA_CB - wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); -#endif ForceZero(sha384, sizeof(*sha384)); } @@ -2174,7 +2226,7 @@ return BAD_FUNC_ARG; } - WC_ALLOC_VAR_EX(tmpSha512, wc_Sha512, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, + WC_CALLOC_VAR_EX(tmpSha512, wc_Sha512, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); /* copy this sha512 into tmpSha */ @@ -2217,9 +2269,21 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., msg + * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ + wc_Sha512Free(dst); XMEMCPY(dst, src, sizeof(wc_Sha512)); #ifdef WOLFSSL_SMALL_STACK_CACHE - dst->W = NULL; + /* This allocation combines the customary W buffer used by + * _Transform_Sha512() with additional buffer space used by + * wc_Sha512Transform(). + */ + dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE, + dst->heap, DYNAMIC_TYPE_DIGEST); + if (dst->W == NULL) { + XMEMSET(dst, 0, sizeof(wc_Sha512)); + return MEMORY_E; + } #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \ @@ -2269,12 +2333,6 @@ } #endif -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); - if (ret != 0) { - return ret; - } -#endif #if defined(PSOC6_HASH_SHA2) wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA512, 0); @@ -2608,7 +2666,7 @@ return BAD_FUNC_ARG; } - WC_ALLOC_VAR_EX(tmpSha384, wc_Sha384, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, + WC_CALLOC_VAR_EX(tmpSha384, wc_Sha384, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); /* copy this sha384 into tmpSha */ @@ -2646,10 +2704,22 @@ ret = 0; /* Reset ret to 0 to avoid returning the callback error code */ #endif /* WOLF_CRYPTO_CB && WOLF_CRYPTO_CB_COPY */ + /* Free dst resources before copy to prevent memory leaks (e.g., msg + * buffer, W cache, hardware contexts). XMEMCPY overwrites dst. */ + wc_Sha384Free(dst); XMEMCPY(dst, src, sizeof(wc_Sha384)); #ifdef WOLFSSL_SMALL_STACK_CACHE - dst->W = NULL; + /* This allocation combines the customary W buffer used by + * _Transform_Sha512() with additional buffer space used by + * wc_Sha512Transform(). + */ + dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA384_BLOCK_SIZE, + dst->heap, DYNAMIC_TYPE_DIGEST); + if (dst->W == NULL) { + XMEMSET(dst, 0, sizeof(wc_Sha384)); + return MEMORY_E; + } #endif #if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \ @@ -2700,12 +2770,6 @@ } #endif -#ifdef MAX3266X_SHA_CB - ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); - if (ret != 0) { - return ret; - } -#endif #if defined(PSOC6_HASH_SHA2) wc_Psoc6_Sha1_Sha2_Init(dst, WC_PSOC6_SHA384, 0); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha512_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sha512_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sha512_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha512_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -269,7 +269,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %xmm0, %xmm8, %xmm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 2-3 # rnd_0: 0 - 0 rorq $23, %rax @@ -360,7 +360,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %xmm1, %xmm8, %xmm1 - # msg_sched done: 2-5 + # msg_sched done: 2-3 # msg_sched: 4-5 # rnd_0: 0 - 0 rorq $23, %rax @@ -451,7 +451,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %xmm2, %xmm8, %xmm2 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 6-7 # rnd_0: 0 - 0 rorq $23, %rax @@ -542,7 +542,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %xmm3, %xmm8, %xmm3 - # msg_sched done: 6-9 + # msg_sched done: 6-7 # msg_sched: 8-9 # rnd_0: 0 - 0 rorq $23, %rax @@ -633,7 +633,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %xmm4, %xmm8, %xmm4 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 10-11 # rnd_0: 0 - 0 rorq $23, %rax @@ -724,7 +724,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %xmm5, %xmm8, %xmm5 - # msg_sched done: 10-13 + # msg_sched done: 10-11 # msg_sched: 12-13 # rnd_0: 0 - 0 rorq $23, %rax @@ -815,7 +815,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %xmm6, %xmm8, %xmm6 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 14-15 # rnd_0: 0 - 0 rorq $23, %rax @@ -906,7 +906,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %xmm7, %xmm8, %xmm7 - # msg_sched done: 14-17 + # msg_sched done: 14-15 subl $0x01, 128(%rsp) jne L_transform_sha512_avx1_start vpaddq (%rsi), %xmm0, %xmm8 @@ -1547,7 +1547,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %xmm0, %xmm8, %xmm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 2-3 # rnd_0: 0 - 0 rorq $23, %rax @@ -1638,7 +1638,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %xmm1, %xmm8, %xmm1 - # msg_sched done: 2-5 + # msg_sched done: 2-3 # msg_sched: 4-5 # rnd_0: 0 - 0 rorq $23, %rax @@ -1729,7 +1729,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %xmm2, %xmm8, %xmm2 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 6-7 # rnd_0: 0 - 0 rorq $23, %rax @@ -1820,7 +1820,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %xmm3, %xmm8, %xmm3 - # msg_sched done: 6-9 + # msg_sched done: 6-7 # msg_sched: 8-9 # rnd_0: 0 - 0 rorq $23, %rax @@ -1911,7 +1911,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %xmm4, %xmm8, %xmm4 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 10-11 # rnd_0: 0 - 0 rorq $23, %rax @@ -2002,7 +2002,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %xmm5, %xmm8, %xmm5 - # msg_sched done: 10-13 + # msg_sched done: 10-11 # msg_sched: 12-13 # rnd_0: 0 - 0 rorq $23, %rax @@ -2093,7 +2093,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %xmm6, %xmm8, %xmm6 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 14-15 # rnd_0: 0 - 0 rorq $23, %rax @@ -2184,7 +2184,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %xmm7, %xmm8, %xmm7 - # msg_sched done: 14-17 + # msg_sched done: 14-15 movq 136(%rsp), %rdx vpaddq (%rdx), %xmm0, %xmm8 vpaddq 16(%rdx), %xmm1, %xmm9 @@ -2892,7 +2892,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %xmm0, %xmm8, %xmm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 2-3 # rnd_0: 0 - 0 rorxq $14, %r10, %rax @@ -2978,7 +2978,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %xmm1, %xmm8, %xmm1 - # msg_sched done: 2-5 + # msg_sched done: 2-3 # msg_sched: 4-5 # rnd_0: 0 - 0 rorxq $14, %r8, %rax @@ -3064,7 +3064,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %xmm2, %xmm8, %xmm2 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 6-7 # rnd_0: 0 - 0 rorxq $14, %r14, %rax @@ -3150,7 +3150,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %xmm3, %xmm8, %xmm3 - # msg_sched done: 6-9 + # msg_sched done: 6-7 # msg_sched: 8-9 # rnd_0: 0 - 0 rorxq $14, %r12, %rax @@ -3236,7 +3236,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %xmm4, %xmm8, %xmm4 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 10-11 # rnd_0: 0 - 0 rorxq $14, %r10, %rax @@ -3322,7 +3322,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %xmm5, %xmm8, %xmm5 - # msg_sched done: 10-13 + # msg_sched done: 10-11 # msg_sched: 12-13 # rnd_0: 0 - 0 rorxq $14, %r8, %rax @@ -3408,7 +3408,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %xmm6, %xmm8, %xmm6 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 14-15 # rnd_0: 0 - 0 rorxq $14, %r14, %rax @@ -3494,7 +3494,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %xmm7, %xmm8, %xmm7 - # msg_sched done: 14-17 + # msg_sched done: 14-15 vpaddq (%rsi), %xmm0, %xmm8 vpaddq 16(%rsi), %xmm1, %xmm9 vmovdqu %xmm8, (%rsp) @@ -4099,7 +4099,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %xmm0, %xmm8, %xmm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 2-3 # rnd_0: 0 - 0 rorxq $14, %r10, %rax @@ -4185,7 +4185,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %xmm1, %xmm8, %xmm1 - # msg_sched done: 2-5 + # msg_sched done: 2-3 # msg_sched: 4-5 # rnd_0: 0 - 0 rorxq $14, %r8, %rax @@ -4271,7 +4271,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %xmm2, %xmm8, %xmm2 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 6-7 # rnd_0: 0 - 0 rorxq $14, %r14, %rax @@ -4357,7 +4357,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %xmm3, %xmm8, %xmm3 - # msg_sched done: 6-9 + # msg_sched done: 6-7 # msg_sched: 8-9 # rnd_0: 0 - 0 rorxq $14, %r12, %rax @@ -4443,7 +4443,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %xmm4, %xmm8, %xmm4 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 10-11 # rnd_0: 0 - 0 rorxq $14, %r10, %rax @@ -4529,7 +4529,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %xmm5, %xmm8, %xmm5 - # msg_sched done: 10-13 + # msg_sched done: 10-11 # msg_sched: 12-13 # rnd_0: 0 - 0 rorxq $14, %r8, %rax @@ -4615,7 +4615,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %xmm6, %xmm8, %xmm6 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 14-15 # rnd_0: 0 - 0 rorxq $14, %r14, %rax @@ -4701,7 +4701,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %xmm7, %xmm8, %xmm7 - # msg_sched done: 14-17 + # msg_sched done: 14-15 movq 136(%rsp), %rcx vpaddq (%rcx), %xmm0, %xmm8 vpaddq 16(%rcx), %xmm1, %xmm9 @@ -6585,7 +6585,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %ymm0, %ymm8, %ymm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 4-5 rorq $23, %rax vpalignr $8, %ymm1, %ymm2, %ymm12 @@ -6662,7 +6662,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %ymm1, %ymm8, %ymm1 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 8-9 rorq $23, %rax vpalignr $8, %ymm2, %ymm3, %ymm12 @@ -6739,7 +6739,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %ymm2, %ymm8, %ymm2 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 12-13 rorq $23, %rax vpalignr $8, %ymm3, %ymm4, %ymm12 @@ -6816,7 +6816,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %ymm3, %ymm8, %ymm3 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 16-17 rorq $23, %rax vpalignr $8, %ymm4, %ymm5, %ymm12 @@ -6893,7 +6893,7 @@ movq %r10, %rax addq %rcx, %r14 vpaddq %ymm4, %ymm8, %ymm4 - # msg_sched done: 16-19 + # msg_sched done: 16-17 # msg_sched: 20-21 rorq $23, %rax vpalignr $8, %ymm5, %ymm6, %ymm12 @@ -6970,7 +6970,7 @@ movq %r8, %rax addq %rcx, %r12 vpaddq %ymm5, %ymm8, %ymm5 - # msg_sched done: 20-23 + # msg_sched done: 20-21 # msg_sched: 24-25 rorq $23, %rax vpalignr $8, %ymm6, %ymm7, %ymm12 @@ -7047,7 +7047,7 @@ movq %r14, %rax addq %rcx, %r10 vpaddq %ymm6, %ymm8, %ymm6 - # msg_sched done: 24-27 + # msg_sched done: 24-25 # msg_sched: 28-29 rorq $23, %rax vpalignr $8, %ymm7, %ymm0, %ymm12 @@ -7124,7 +7124,7 @@ movq %r12, %rax addq %rcx, %r8 vpaddq %ymm7, %ymm8, %ymm7 - # msg_sched done: 28-31 + # msg_sched done: 28-29 addq $0x100, %rsi addq $0x100, %rbp cmpq L_avx2_sha512_k_2_end(%rip), %rsi @@ -9381,7 +9381,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %ymm0, %ymm8, %ymm0 - # msg_sched done: 0-3 + # msg_sched done: 0-1 # msg_sched: 4-5 rorxq $14, %r10, %rax rorxq $18, %r10, %rcx @@ -9454,7 +9454,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %ymm1, %ymm8, %ymm1 - # msg_sched done: 4-7 + # msg_sched done: 4-5 # msg_sched: 8-9 rorxq $14, %r8, %rax rorxq $18, %r8, %rcx @@ -9527,7 +9527,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %ymm2, %ymm8, %ymm2 - # msg_sched done: 8-11 + # msg_sched done: 8-9 # msg_sched: 12-13 rorxq $14, %r14, %rax rorxq $18, %r14, %rcx @@ -9600,7 +9600,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %ymm3, %ymm8, %ymm3 - # msg_sched done: 12-15 + # msg_sched done: 12-13 # msg_sched: 16-17 rorxq $14, %r12, %rax rorxq $18, %r12, %rcx @@ -9673,7 +9673,7 @@ addq %rax, %r14 xorq %r8, %rdx vpaddq %ymm4, %ymm8, %ymm4 - # msg_sched done: 16-19 + # msg_sched done: 16-17 # msg_sched: 20-21 rorxq $14, %r10, %rax rorxq $18, %r10, %rcx @@ -9746,7 +9746,7 @@ addq %rax, %r12 xorq %r14, %rdx vpaddq %ymm5, %ymm8, %ymm5 - # msg_sched done: 20-23 + # msg_sched done: 20-21 # msg_sched: 24-25 rorxq $14, %r8, %rax rorxq $18, %r8, %rcx @@ -9819,7 +9819,7 @@ addq %rax, %r10 xorq %r12, %rdx vpaddq %ymm6, %ymm8, %ymm6 - # msg_sched done: 24-27 + # msg_sched done: 24-25 # msg_sched: 28-29 rorxq $14, %r14, %rax rorxq $18, %r14, %rcx @@ -9892,7 +9892,7 @@ addq %rax, %r8 xorq %r10, %rdx vpaddq %ymm7, %ymm8, %ymm7 - # msg_sched done: 28-31 + # msg_sched done: 28-29 addq $0x100, %rbp addq $0x100, %rsi cmpq L_avx2_rorx_sha512_k_2_end(%rip), %rbp diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/signature.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/signature.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/signature.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/signature.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* signature.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,7 +95,11 @@ #ifdef HAVE_ECC /* Sanity check that void* key is at least ecc_key in size */ if (key_len >= sizeof(ecc_key)) { - sig_len = wc_ecc_sig_size((ecc_key*)key); +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0)) + sig_len = wc_ecc_sig_size((ecc_key*)(wc_ptr_t)key); +#else + sig_len = wc_ecc_sig_size((const ecc_key*)key); +#endif } else { WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size"); @@ -110,7 +114,11 @@ #ifndef NO_RSA /* Sanity check that void* key is at least RsaKey in size */ if (key_len >= sizeof(RsaKey)) { - sig_len = wc_RsaEncryptSize((RsaKey*)key); +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,0,0)) + sig_len = wc_RsaEncryptSize((RsaKey*)(wc_ptr_t)key); +#else + sig_len = wc_RsaEncryptSize((const RsaKey*)key); +#endif } else { WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size"); @@ -132,7 +140,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, const byte* sig, word32 sig_len, - const void* key, word32 key_len) + void* key, word32 key_len) { int ret; @@ -155,6 +163,35 @@ WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); return ret; } + +#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + /* For WC_SIGNATURE_TYPE_RSA_W_ENC, we need to extract the actual size of + * the ASN.1-encoded hash. + */ + if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { + int hash_dec_len; + word32 idx = 0; + if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0) + return ASN_PARSE_E; + /* skip the AlgorithmIdentifier */ + if (GetSequence(hash_data, &idx, &hash_dec_len, hash_len) < 0) + return ASN_PARSE_E; + idx += (word32)hash_dec_len; + /* now sitting at the OCTET STRING containing the digest */ + if (GetOctetString(hash_data, &idx, &hash_dec_len, hash_len) < 0) + return ASN_PARSE_E; + if (hash_dec_len != ret) + return BAD_LENGTH_E; + } + else +#endif + { + if (hash_len != (word32)ret) { + WOLFSSL_MSG("wc_SignatureVerify: Invalid hash size"); + return BAD_LENGTH_E; + } + } + ret = 0; /* Verify signature using hash */ @@ -271,7 +308,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, const byte* sig, word32 sig_len, - const void* key, word32 key_len) + void* key, word32 key_len) { int ret; word32 hash_len, hash_enc_len; @@ -349,7 +386,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng) + void* key, word32 key_len, WC_RNG* rng) { return wc_SignatureGenerateHash_ex(hash_type, sig_type, hash_data, hash_len, sig, sig_len, key, key_len, rng, 1); @@ -359,7 +396,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng, int verify) + void* key, word32 key_len, WC_RNG* rng, int verify) { int ret; @@ -460,7 +497,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng) + void* key, word32 key_len, WC_RNG* rng) { return wc_SignatureGenerate_ex(hash_type, sig_type, data, data_len, sig, sig_len, key, key_len, rng, 1); @@ -470,7 +507,7 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng, int verify) + void* key, word32 key_len, WC_RNG* rng, int verify) { int ret; word32 hash_len, hash_enc_len; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/siphash.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* siphash.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -80,7 +80,7 @@ * @param [in] a Little-endian byte array. * @return 16-bit number. */ -#define GET_U16(a) (*(word16*)(a)) +#define GET_U16(a) (*(const word16*)(a)) /** * Encode 64-bit number to a little-endian byte array. * @@ -411,8 +411,8 @@ return BAD_FUNC_ARG; } - k0 = ((word64*)key)[0]; - k1 = ((word64*)key)[1]; + k0 = ((const word64*)key)[0]; + k1 = ((const word64*)key)[1]; __asm__ __volatile__ ( "xorq %[k0], %[v0]\n\t" "xorq %[k1], %[v1]\n\t" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm2.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm2.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm2.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm2.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm2.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm3.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm3.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm3.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm3_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm3_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm3_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm3_asm.S * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm4.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm4.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sm4.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sm4.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm4.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -5656,7 +5656,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x100\n\t" "\n" - "L_sp_2048_sub_in_pkace_64_word_%=: \n\t" + "L_sp_2048_sub_in_place_64_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -5667,7 +5667,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_2048_sub_in_pkace_64_word_%=\n\t" + "bne L_sp_2048_sub_in_place_64_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -6162,7 +6162,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x80\n\t" "\n" - "L_sp_2048_sub_in_pkace_32_word_%=: \n\t" + "L_sp_2048_sub_in_place_32_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -6173,7 +6173,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_2048_sub_in_pkace_32_word_%=\n\t" + "bne L_sp_2048_sub_in_place_32_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -9943,15 +9943,15 @@ #endif "ldr r10, [%[a], #124]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -9959,11 +9959,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -12500,9 +12500,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -12653,9 +12653,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -14909,15 +14909,15 @@ #endif "ldr r10, [%[a], #252]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -14925,11 +14925,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -17366,9 +17366,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -17502,9 +17502,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -17706,6 +17706,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -17911,6 +17912,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -18646,9 +18648,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -29069,7 +29071,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x180\n\t" "\n" - "L_sp_3072_sub_in_pkace_96_word_%=: \n\t" + "L_sp_3072_sub_in_place_96_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -29080,7 +29082,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_3072_sub_in_pkace_96_word_%=\n\t" + "bne L_sp_3072_sub_in_place_96_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -29575,7 +29577,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0xc0\n\t" "\n" - "L_sp_3072_sub_in_pkace_48_word_%=: \n\t" + "L_sp_3072_sub_in_place_48_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -29586,7 +29588,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_3072_sub_in_pkace_48_word_%=\n\t" + "bne L_sp_3072_sub_in_place_48_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -34900,15 +34902,15 @@ #endif "ldr r10, [%[a], #188]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -34916,11 +34918,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -38353,9 +38355,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -38506,9 +38508,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -41802,15 +41804,15 @@ #endif "ldr r10, [%[a], #380]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -41818,11 +41820,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -45088,9 +45090,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -45224,9 +45226,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -45428,6 +45430,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -45689,6 +45692,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -46616,9 +46620,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -47635,7 +47639,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x200\n\t" "\n" - "L_sp_4096_sub_in_pkace_128_word_%=: \n\t" + "L_sp_4096_sub_in_place_128_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -47646,7 +47650,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_4096_sub_in_pkace_128_word_%=\n\t" + "bne L_sp_4096_sub_in_place_128_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -56584,15 +56588,15 @@ #endif "ldr r10, [%[a], #508]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -56600,11 +56604,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -60694,9 +60698,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -60830,9 +60834,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -61034,6 +61038,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -61351,6 +61356,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -62470,9 +62476,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -73166,15 +73172,15 @@ #endif "ldr r10, [%[a], #28]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -73182,11 +73188,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -73854,15 +73860,15 @@ #endif "ldr r10, [%[a], #28]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -73870,11 +73876,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -74917,6 +74923,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_8_ctx* ctx = (sp_256_proj_point_add_8_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -74924,9 +74933,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -75318,7 +75324,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -75330,9 +75336,9 @@ sp_256_mont_sqr_8(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_8(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -75363,6 +75369,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_8(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_8(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -75613,7 +75620,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -75865,10 +75874,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -75876,6 +75881,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -75993,7 +76001,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -76245,10 +76255,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -76256,6 +76262,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -78273,7 +78282,7 @@ "mov r12, #0\n\t" "add lr, %[a], #32\n\t" "\n" - "L_sp_256_sub_in_pkace_8_word_%=: \n\t" + "L_sp_256_sub_in_place_8_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -78284,7 +78293,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_256_sub_in_pkace_8_word_%=\n\t" + "bne L_sp_256_sub_in_place_8_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -79145,7 +79154,7 @@ sp_256_mont_mul_order_8(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 8U); @@ -91132,15 +91141,15 @@ #endif "ldr r10, [%[a], #44]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -91148,11 +91157,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -92181,58 +92190,7 @@ ); } -#ifdef WOLFSSL_SP_SMALL -/* Sub b from a into r. (r = a - b) - * - * r A single precision integer. - * a A single precision integer. - * b A single precision integer. - */ -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, - const sp_digit* a_p, const sp_digit* b_p) -#else -WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, - const sp_digit* a, const sp_digit* b) -#endif /* WOLFSSL_NO_VAR_ASSIGN_REG */ -{ -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register sp_digit* r asm ("r0") = (sp_digit*)r_p; - register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; - register const sp_digit* b asm ("r2") = (const sp_digit*)b_p; -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - - __asm__ __volatile__ ( - "mov r12, #0\n\t" - "add lr, %[a], #48\n\t" - "\n" - "L_sp_384_sub_12_word_%=: \n\t" - "rsbs r12, r12, #0\n\t" - "ldm %[a]!, {r3, r4, r5, r6}\n\t" - "ldm %[b]!, {r7, r8, r9, r10}\n\t" - "sbcs r3, r3, r7\n\t" - "sbcs r4, r4, r8\n\t" - "sbcs r5, r5, r9\n\t" - "sbcs r6, r6, r10\n\t" - "stm %[r]!, {r3, r4, r5, r6}\n\t" - "sbc r12, r3, r3\n\t" - "cmp %[a], lr\n\t" - "bne L_sp_384_sub_12_word_%=\n\t" - "mov %[r], r12\n\t" -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) - : -#else - : - : [r] "r" (r), [a] "r" (a), [b] "r" (b) -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", - "r12", "lr" - ); - return (word32)(size_t)r; -} - -#else +#ifndef WOLFSSL_SP_SMALL /* Sub b from a into r. (r = a - b) * * r A single precision integer. @@ -92288,7 +92246,7 @@ return (word32)(size_t)r; } -#endif /* WOLFSSL_SP_SMALL */ +#endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -92958,6 +92916,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_12_ctx* ctx = (sp_384_proj_point_add_12_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -92965,9 +92926,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -93383,7 +93341,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -93395,9 +93353,9 @@ sp_384_mont_sqr_12(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_12(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -93428,6 +93386,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_12(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_12(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -93686,7 +93645,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -93946,10 +93907,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -93957,6 +93914,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -94082,7 +94042,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -94342,10 +94304,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -94353,6 +94311,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -96376,7 +96337,7 @@ "mov r12, #0\n\t" "add lr, %[a], #48\n\t" "\n" - "L_sp_384_sub_in_pkace_12_word_%=: \n\t" + "L_sp_384_sub_in_place_12_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -96387,7 +96348,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_384_sub_in_pkace_12_word_%=\n\t" + "bne L_sp_384_sub_in_place_12_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -97387,7 +97348,7 @@ sp_384_mont_mul_order_12(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 12U); @@ -118109,15 +118070,15 @@ #endif "ldr r10, [%[a], #64]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "adcs r5, r3, #0\n\t" + "adcs r5, r5, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -118125,11 +118086,11 @@ "adcs r5, r5, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -119451,9 +119412,23 @@ "sub %[r], %[r], #0x44\n\t" "ldm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "adds r4, r4, r2\n\t" - "adcs r4, r4, #0\n\t" + "adcs r5, r5, #0\n\t" + "adcs r6, r6, #0\n\t" + "adcs r7, r7, #0\n\t" + "adcs r8, r8, #0\n\t" + "adcs r9, r9, #0\n\t" + "adcs r10, r10, #0\n\t" + "adcs r11, r11, #0\n\t" "stm %[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "ldm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" + "adcs r4, r4, #0\n\t" + "adcs r5, r5, #0\n\t" + "adcs r6, r6, #0\n\t" + "adcs r7, r7, #0\n\t" + "adcs r8, r8, #0\n\t" + "adcs r9, r9, #0\n\t" + "adcs r10, r10, #0\n\t" + "adcs r11, r11, #0\n\t" "stm %[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "ldm %[r], {r4}\n\t" "adcs r4, r4, #0\n\t" @@ -120036,6 +120011,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_17_ctx* ctx = (sp_521_proj_point_add_17_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -120043,9 +120021,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -120456,7 +120431,17 @@ } y = k[0] & 0x1; sp_521_proj_point_dbl_17(rt, rt, tmp); - sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + #ifndef WC_NO_CACHE_RESISTANT + if (ct) { + sp_521_get_point_16_17(p, t, y); + p->infinity = !y; + sp_521_proj_point_add_17(rt, rt, p, tmp); + } + else + #endif + { + sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + } if (map != 0) { sp_521_map_17(r, rt, tmp); @@ -120495,7 +120480,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -120507,9 +120492,9 @@ sp_521_mont_sqr_17(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_17(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -120540,6 +120525,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_17(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_17(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -120808,7 +120794,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -121078,10 +121066,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -121089,6 +121073,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -121224,7 +121211,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -121494,10 +121483,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -121505,6 +121490,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -124083,77 +124071,77 @@ "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" "ldr r6, [%[a], #8]\n\t" - "str r4, [%[a]]\n\t" + "str r4, [%[r]]\n\t" "lsl r3, r6, r12\n\t" "lsr r6, r6, %[n]\n\t" "orr r5, r5, r3\n\t" "ldr r4, [%[a], #12]\n\t" - "str r5, [%[a], #4]\n\t" + "str r5, [%[r], #4]\n\t" "lsl r3, r4, r12\n\t" "lsr r4, r4, %[n]\n\t" "orr r6, r6, r3\n\t" "ldr r5, [%[a], #16]\n\t" - "str r6, [%[a], #8]\n\t" + "str r6, [%[r], #8]\n\t" "lsl r3, r5, r12\n\t" "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" "ldr r6, [%[a], #20]\n\t" - "str r4, [%[a], #12]\n\t" + "str r4, [%[r], #12]\n\t" "lsl r3, r6, r12\n\t" "lsr r6, r6, %[n]\n\t" "orr r5, r5, r3\n\t" "ldr r4, [%[a], #24]\n\t" - "str r5, [%[a], #16]\n\t" + "str r5, [%[r], #16]\n\t" "lsl r3, r4, r12\n\t" "lsr r4, r4, %[n]\n\t" "orr r6, r6, r3\n\t" "ldr r5, [%[a], #28]\n\t" - "str r6, [%[a], #20]\n\t" + "str r6, [%[r], #20]\n\t" "lsl r3, r5, r12\n\t" "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" "ldr r6, [%[a], #32]\n\t" - "str r4, [%[a], #24]\n\t" + "str r4, [%[r], #24]\n\t" "lsl r3, r6, r12\n\t" "lsr r6, r6, %[n]\n\t" "orr r5, r5, r3\n\t" "ldr r4, [%[a], #36]\n\t" - "str r5, [%[a], #28]\n\t" + "str r5, [%[r], #28]\n\t" "lsl r3, r4, r12\n\t" "lsr r4, r4, %[n]\n\t" "orr r6, r6, r3\n\t" "ldr r5, [%[a], #40]\n\t" - "str r6, [%[a], #32]\n\t" + "str r6, [%[r], #32]\n\t" "lsl r3, r5, r12\n\t" "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" "ldr r6, [%[a], #44]\n\t" - "str r4, [%[a], #36]\n\t" + "str r4, [%[r], #36]\n\t" "lsl r3, r6, r12\n\t" "lsr r6, r6, %[n]\n\t" "orr r5, r5, r3\n\t" "ldr r4, [%[a], #48]\n\t" - "str r5, [%[a], #40]\n\t" + "str r5, [%[r], #40]\n\t" "lsl r3, r4, r12\n\t" "lsr r4, r4, %[n]\n\t" "orr r6, r6, r3\n\t" "ldr r5, [%[a], #52]\n\t" - "str r6, [%[a], #44]\n\t" + "str r6, [%[r], #44]\n\t" "lsl r3, r5, r12\n\t" "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" "ldr r6, [%[a], #56]\n\t" - "str r4, [%[a], #48]\n\t" + "str r4, [%[r], #48]\n\t" "lsl r3, r6, r12\n\t" "lsr r6, r6, %[n]\n\t" "orr r5, r5, r3\n\t" "ldr r4, [%[a], #60]\n\t" - "str r5, [%[a], #52]\n\t" + "str r5, [%[r], #52]\n\t" "lsl r3, r4, r12\n\t" "lsr r4, r4, %[n]\n\t" "orr r6, r6, r3\n\t" "ldr r5, [%[a], #64]\n\t" - "str r6, [%[a], #56]\n\t" + "str r6, [%[r], #56]\n\t" "lsl r3, r5, r12\n\t" "lsr r5, r5, %[n]\n\t" "orr r4, r4, r3\n\t" @@ -124561,7 +124549,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x40\n\t" "\n" - "L_sp_521_sub_in_pkace_17_word_%=: \n\t" + "L_sp_521_sub_in_place_17_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -124572,7 +124560,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_521_sub_in_pkace_17_word_%=\n\t" + "bne L_sp_521_sub_in_place_17_word_%=\n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2}\n\t" "ldm %[b]!, {r6}\n\t" @@ -125757,7 +125745,7 @@ sp_521_mont_mul_order_17(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 17U); @@ -144349,7 +144337,7 @@ "mov r12, #0\n\t" "add lr, %[a], #0x80\n\t" "\n" - "L_sp_1024_sub_in_pkace_32_word_%=: \n\t" + "L_sp_1024_sub_in_place_32_word_%=: \n\t" "rsbs r12, r12, #0\n\t" "ldm %[a], {r2, r3, r4, r5}\n\t" "ldm %[b]!, {r6, r7, r8, r9}\n\t" @@ -144360,7 +144348,7 @@ "stm %[a]!, {r2, r3, r4, r5}\n\t" "sbc r12, r12, r12\n\t" "cmp %[a], lr\n\t" - "bne L_sp_1024_sub_in_pkace_32_word_%=\n\t" + "bne L_sp_1024_sub_in_place_32_word_%=\n\t" "mov %[a], r12\n\t" #ifndef WOLFSSL_NO_VAR_ASSIGN_REG : [a] "+r" (a), [b] "+r" (b) @@ -147731,15 +147719,15 @@ #endif "ldr r10, [%[a], #124]\n\t" "lsl r6, r8, #16\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "lsr r7, r7, #16\n\t" "mul r7, r6, r7\n\t" "adds r5, r5, r7\n\t" - "adcs r4, r3, #0\n\t" + "adcs r4, r4, #0\n\t" "mov r3, #0\n\t" "adc r3, r3, r3\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" "lsr r7, r6, #16\n\t" "lsl r6, r6, #16\n\t" @@ -147747,11 +147735,11 @@ "adcs r4, r4, r7\n\t" "adc r3, r3, #0\n\t" "mov r6, r8\n\t" - "lsr r7, r11, #16\n\t" + "lsr r7, r7, #16\n\t" "lsr r6, r6, #16\n\t" "mul r7, r6, r7\n\t" "adds r4, r4, r7\n\t" - "lsl r7, r11, #16\n\t" + "lsl r7, r7, #16\n\t" "adc r3, r3, #0\n\t" "lsr r7, r7, #16\n\t" "mul r6, r7, r6\n\t" @@ -150056,6 +150044,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_32_ctx* ctx = (sp_1024_proj_point_add_32_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -150063,9 +150054,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -150362,7 +150350,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -150374,9 +150362,9 @@ sp_1024_mont_sqr_32(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_32(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -150407,6 +150395,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_32(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_32(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -150844,10 +150833,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -150855,6 +150840,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -151159,10 +151147,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -151170,6 +151154,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_arm64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -6140,6 +6140,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -6176,6 +6177,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -15515,6 +15517,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -15551,6 +15554,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -20524,6 +20528,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -20560,6 +20565,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -23280,7 +23286,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -23292,9 +23298,9 @@ sp_256_mont_sqr_4(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_4(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -23323,6 +23329,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_4(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_4(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -23531,6 +23538,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_4_ctx* ctx = (sp_256_proj_point_add_4_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -23538,9 +23548,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -24678,10 +24685,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -24689,6 +24692,9 @@ err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -25067,10 +25073,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -25078,6 +25080,9 @@ err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -40403,7 +40408,7 @@ sp_256_mont_mul_order_4(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 4U); @@ -43892,7 +43897,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -43904,9 +43909,9 @@ sp_384_mont_sqr_6(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_6(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -43937,6 +43942,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_6(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_6(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -44106,6 +44112,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_6_ctx* ctx = (sp_384_proj_point_add_6_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -44113,9 +44122,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -45181,10 +45187,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -45192,6 +45194,9 @@ err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -45570,10 +45575,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -45581,6 +45582,9 @@ err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -66240,7 +66244,7 @@ sp_384_mont_mul_order_6(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 6U); @@ -71836,7 +71840,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -71848,9 +71852,9 @@ sp_521_mont_sqr_9(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_9(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -71881,6 +71885,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_9(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_9(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -72052,6 +72057,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_9_ctx* ctx = (sp_521_proj_point_add_9_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -72059,9 +72067,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -73172,10 +73177,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -73183,6 +73184,9 @@ err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73579,10 +73583,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -73590,6 +73590,9 @@ err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -110705,7 +110708,7 @@ sp_521_mont_mul_order_9(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 9U); @@ -115498,7 +115501,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -115510,9 +115513,9 @@ sp_1024_mont_sqr_16(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_16(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -115543,6 +115546,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_16(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_16(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -115717,6 +115721,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_16_ctx* ctx = (sp_1024_proj_point_add_16_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -115724,9 +115731,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -116658,10 +116662,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_16(r, g, k, map, ct, heap); } @@ -116669,6 +116669,9 @@ err = sp_1024_ecc_mulmod_stripe_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_armthumb.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24132,9 +24132,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -24285,9 +24285,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -27684,9 +27684,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -27820,9 +27820,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -28024,6 +28024,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. * @@ -28093,6 +28094,7 @@ return (word32)(size_t)r; } +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -30008,9 +30010,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -75471,9 +75473,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -75624,9 +75626,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -79854,9 +79856,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -79990,9 +79992,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -80194,6 +80196,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. * @@ -80263,6 +80266,7 @@ return (word32)(size_t)r; } +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -82976,9 +82980,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -92310,9 +92314,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -92446,9 +92450,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -92650,6 +92654,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. * @@ -92724,6 +92729,7 @@ return (word32)(size_t)r; } +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -96225,9 +96231,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -100369,6 +100375,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_8_ctx* ctx = (sp_256_proj_point_add_8_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -100376,9 +100385,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -100770,7 +100776,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -100782,9 +100788,9 @@ sp_256_mont_sqr_8(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_8(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -100815,6 +100821,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_8(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_8(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -101065,7 +101072,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -101317,10 +101326,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -101328,6 +101333,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -101445,7 +101453,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -101697,10 +101707,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -101708,6 +101714,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -104895,7 +104904,7 @@ sp_256_mont_mul_order_8(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 8U); @@ -110759,6 +110768,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_12_ctx* ctx = (sp_384_proj_point_add_12_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -110766,9 +110778,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -111184,7 +111193,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -111196,9 +111205,9 @@ sp_384_mont_sqr_12(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_12(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -111229,6 +111238,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_12(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_12(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -111487,7 +111497,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -111747,10 +111759,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -111758,6 +111766,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -111883,7 +111894,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -112143,10 +112156,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -112154,6 +112163,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -115417,7 +115429,7 @@ sp_384_mont_mul_order_12(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 12U); @@ -123924,6 +123936,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_17_ctx* ctx = (sp_521_proj_point_add_17_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -123931,9 +123946,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -124344,7 +124356,17 @@ } y = k[0] & 0x1; sp_521_proj_point_dbl_17(rt, rt, tmp); - sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + #ifndef WC_NO_CACHE_RESISTANT + if (ct) { + sp_521_get_point_16_17(p, t, y); + p->infinity = !y; + sp_521_proj_point_add_17(rt, rt, p, tmp); + } + else + #endif + { + sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + } if (map != 0) { sp_521_map_17(r, rt, tmp); @@ -124383,7 +124405,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -124395,9 +124417,9 @@ sp_521_mont_sqr_17(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_17(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -124428,6 +124450,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_17(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_17(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -124696,7 +124719,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -124966,10 +124991,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -124977,6 +124998,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -125112,7 +125136,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -125382,10 +125408,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -125393,6 +125415,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -130939,7 +130964,7 @@ sp_521_mont_mul_order_17(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 17U); @@ -208386,6 +208411,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_32_ctx* ctx = (sp_1024_proj_point_add_32_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -208393,9 +208421,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -208692,7 +208717,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -208704,9 +208729,9 @@ sp_1024_mont_sqr_32(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_32(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -208737,6 +208762,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_32(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_32(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -209174,10 +209200,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -209185,6 +209207,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -209489,10 +209514,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -209500,6 +209521,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -114,6 +114,71 @@ #ifndef WOLFSSL_SP_ASM #if SP_WORD_SIZE == 32 +#ifdef SP_NO_MUL_INSTRUCTION +sp_uint64 __muldi3(sp_uint64 a, sp_uint64 b); +sp_uint64 __muldi3(sp_uint64 a, sp_uint64 b) +{ + sp_uint64 r; + sp_uint64 am[16]; + + /* if b is negative, convert it to positive and negate a. */ + r = 0 - (b >> 63); + a = a ^ r; + b = b ^ r; + a -= r; + b -= r; + +#if defined(WOLFSSL_SP_SMALL) + int i; + + am[0] = 0; + for (i = 1; i < 16; i++) { + am[i] = am[i-1] + a; + } + + r = am[(b >> 28) & 0xf]; + for (i = 24; i >= 0; i -= 4) { + r <<= 4; + r += am[(b >> i) & 0xf]; + } +#else + am[ 0] = 0; + am[ 1] = a; + am[ 2] = a << 1; + am[ 3] = am[ 2] + a; + am[ 4] = a << 2; + am[ 5] = am[ 4] + a; + am[ 6] = am[ 5] + a; + am[ 7] = am[ 6] + a; + am[ 8] = a << 3; + am[ 9] = am[ 8] + a; + am[10] = am[ 9] + a; + am[11] = am[10] + a; + am[12] = am[11] + a; + am[13] = am[12] + a; + am[14] = am[13] + a; + am[15] = am[14] + a; + + r = am[(b >> 28) & 0xf]; + r <<= 4; + r += am[(b >> 24) & 0xf]; + r <<= 4; + r += am[(b >> 20) & 0xf]; + r <<= 4; + r += am[(b >> 16) & 0xf]; + r <<= 4; + r += am[(b >> 12) & 0xf]; + r <<= 4; + r += am[(b >> 8) & 0xf]; + r <<= 4; + r += am[(b >> 4) & 0xf]; + r <<= 4; + r += am[(b >> 0) & 0xf]; +#endif + + return r; +} +#endif /* SP_NO_MUL_INSTRUCTION */ #define SP_PRINT_NUM(var, name, total, words, bits) \ do { \ int ii; \ @@ -134,14 +199,20 @@ #define SP_PRINT_INT(var, name) \ fprintf(stderr, name "=%d\n", var) -#if ((defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && \ - ((!defined(WC_NO_CACHE_RESISTANT) && \ - (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH))) || \ - (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_FAST_MODEXP))) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || (defined(WOLFSSL_SP_SMALL) && \ +#if defined(WOLFSSL_SP_SMALL) && \ defined(WOLFSSL_HAVE_SP_ECC) && (!defined(WOLFSSL_SP_NO_256) || \ defined(WOLFSSL_SP_384) || defined(WOLFSSL_SP_521) || \ - defined(WOLFSSL_SP_1024))) + defined(WOLFSSL_SP_1024)) + #define NEED_ADDR_MASK +#endif +#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) + #if !defined(WC_NO_CACHE_RESISTANT) && \ + (defined(WOLFSSL_HAVE_SP_DH) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + #define NEED_ADDR_MASK + #endif +#endif + +#ifdef NEED_ADDR_MASK /* Mask for address to obfuscate which of the two address will be used. */ static const size_t addr_mask[2] = { 0, (size_t)-1 }; #endif @@ -3646,7 +3717,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -6751,7 +6822,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -10516,7 +10587,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -13703,7 +13774,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -14531,8 +14602,6 @@ } } -#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) -#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) /* Normalize the values in each word to 26 bits. * * a Array of sp_digit to normalize. @@ -14552,8 +14621,8 @@ } } -#endif /* WOLFSSL_HAVE_SP_RSA & !SP_RSA_PRIVATE_EXP_D */ -#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */ +#if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) /* Normalize the values in each word to 26 bits. * * a Array of sp_digit to normalize. @@ -14579,6 +14648,8 @@ a[78] += a[77] >> 26; a[77] &= 0x3ffffff; } +#endif /* WOLFSSL_HAVE_SP_RSA & !SP_RSA_PRIVATE_EXP_D */ +#endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */ /* Normalize the values in each word to 26 bits. * * a Array of sp_digit to normalize. @@ -17376,7 +17447,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -19982,6 +20053,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_9_ctx* ctx = (sp_256_proj_point_add_9_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -19989,9 +20063,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -20536,7 +20607,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -20548,9 +20619,9 @@ sp_256_mont_sqr_9(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_9(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -20581,6 +20652,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_9(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_9(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -21245,7 +21317,9 @@ r->y[7] = 0; r->y[8] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -21499,10 +21573,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -21510,6 +21580,9 @@ err = sp_256_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -23690,7 +23763,7 @@ sp_256_mont_mul_order_9(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 9U); @@ -26982,6 +27055,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_15_ctx* ctx = (sp_384_proj_point_add_15_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_15_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -26989,9 +27065,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_15_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -27592,7 +27665,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -27604,9 +27677,9 @@ sp_384_mont_sqr_15(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_15(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -27637,6 +27710,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_15(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_15(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -28349,7 +28423,9 @@ r->y[13] = 0; r->y[14] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -28615,10 +28691,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_15(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_15(r, g, k, map, ct, heap); } @@ -28626,6 +28698,9 @@ err = sp_384_ecc_mulmod_stripe_15(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -31360,7 +31435,7 @@ sp_384_mont_mul_order_15(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 15U); @@ -34226,6 +34301,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_21_ctx* ctx = (sp_521_proj_point_add_21_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_21_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -34233,9 +34311,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_21_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -34710,7 +34785,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -34722,9 +34797,9 @@ sp_521_mont_sqr_21(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_21(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -34755,6 +34830,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_21(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_21(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -35515,7 +35591,9 @@ r->y[19] = 0; r->y[20] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -35793,10 +35871,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_21(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_21(r, g, k, map, ct, heap); } @@ -35804,6 +35878,9 @@ err = sp_521_ecc_mulmod_stripe_21(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -39071,7 +39148,7 @@ sp_521_mont_mul_order_21(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 21U); @@ -42591,6 +42668,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_42_ctx* ctx = (sp_1024_proj_point_add_42_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_42_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -42598,9 +42678,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_42_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -43099,7 +43176,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -43111,9 +43188,9 @@ sp_1024_mont_sqr_42(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_42(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -43144,6 +43221,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_42(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_42(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -43933,10 +44011,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_42(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_42(r, g, k, map, ct, heap); } @@ -43944,6 +44018,9 @@ err = sp_1024_ecc_mulmod_stripe_42(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_c64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -134,14 +134,20 @@ #define SP_PRINT_INT(var, name) \ fprintf(stderr, name "=%d\n", var) -#if ((defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && \ - ((!defined(WC_NO_CACHE_RESISTANT) && \ - (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH))) || \ - (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_FAST_MODEXP))) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || (defined(WOLFSSL_SP_SMALL) && \ +#if defined(WOLFSSL_SP_SMALL) && \ defined(WOLFSSL_HAVE_SP_ECC) && (!defined(WOLFSSL_SP_NO_256) || \ defined(WOLFSSL_SP_384) || defined(WOLFSSL_SP_521) || \ - defined(WOLFSSL_SP_1024))) + defined(WOLFSSL_SP_1024)) + #define NEED_ADDR_MASK +#endif +#if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) + #if !defined(WC_NO_CACHE_RESISTANT) && \ + (defined(WOLFSSL_HAVE_SP_DH) || !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + #define NEED_ADDR_MASK + #endif +#endif + +#ifdef NEED_ADDR_MASK /* Mask for address to obfuscate which of the two address will be used. */ static const size_t addr_mask[2] = { 0, (size_t)-1 }; #endif @@ -2317,7 +2323,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -5564,7 +5570,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -8494,7 +8500,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -11890,7 +11896,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -14857,7 +14863,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -15686,7 +15692,7 @@ } } -#if (defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) +#if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) #if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) /* Normalize the values in each word to 53 bits. * @@ -15714,7 +15720,11 @@ } #endif /* WOLFSSL_HAVE_SP_RSA & !SP_RSA_PRIVATE_EXP_D */ -#endif /* (WOLFSSL_HAVE_SP_RSA && !WOLFSSL_RSA_PUBLIC_ONLY) || WOLFSSL_HAVE_SP_DH */ +#endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */ +#if (defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH)) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +#if defined(WOLFSSL_HAVE_SP_RSA) && !defined(SP_RSA_PRIVATE_EXP_D) +#endif /* WOLFSSL_HAVE_SP_RSA & !SP_RSA_PRIVATE_EXP_D */ +#endif /* (WOLFSSL_HAVE_SP_RSA || WOLFSSL_HAVE_SP_DH) && !WOLFSSL_RSA_PUBLIC_ONLY */ /* Normalize the values in each word to 53 bits. * * a Array of sp_digit to normalize. @@ -18350,7 +18360,7 @@ #ifndef WOLFSSL_RSA_PUBLIC_ONLY #if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) -#endif /* !SP_RSA_PRIVATE_EXP_D & !RSA_LOW_MEM */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -20599,6 +20609,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_5_ctx* ctx = (sp_256_proj_point_add_5_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_5_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -20606,9 +20619,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_5_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -21130,7 +21140,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -21142,9 +21152,9 @@ sp_256_mont_sqr_5(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_5(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -21175,6 +21185,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_5(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_5(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -21807,7 +21818,9 @@ r->y[3] = 0; r->y[4] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); + sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -22053,10 +22066,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_5(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_5(r, g, k, map, ct, heap); } @@ -22064,6 +22073,9 @@ err = sp_256_ecc_mulmod_stripe_5(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -24230,7 +24242,7 @@ sp_256_mont_mul_order_5(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 5U); @@ -27086,6 +27098,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_7_ctx* ctx = (sp_384_proj_point_add_7_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_7_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -27093,9 +27108,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_7_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -27653,7 +27665,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -27665,9 +27677,9 @@ sp_384_mont_sqr_7(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_7(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -27698,6 +27710,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_7(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_7(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -28346,7 +28359,9 @@ r->y[5] = 0; r->y[6] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); + sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -28596,10 +28611,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_7(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_7(r, g, k, map, ct, heap); } @@ -28607,6 +28618,9 @@ err = sp_384_ecc_mulmod_stripe_7(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -31291,7 +31305,7 @@ sp_384_mont_mul_order_7(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 7U); @@ -34189,6 +34203,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_9_ctx* ctx = (sp_521_proj_point_add_9_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -34196,9 +34213,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -34649,7 +34663,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -34661,9 +34675,9 @@ sp_521_mont_sqr_9(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_9(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -34694,6 +34708,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_9(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_9(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -35358,7 +35373,9 @@ r->y[7] = 0; r->y[8] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint64)i - (sp_uint64)idx) >> 63) - 1); + sp_digit lte = (sp_digit)((((sp_uint64)idx - (sp_uint64)i) >> 63) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -35612,10 +35629,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -35623,6 +35636,9 @@ err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -38316,7 +38332,7 @@ sp_521_mont_mul_order_9(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 9U); @@ -41640,6 +41656,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_18_ctx* ctx = (sp_1024_proj_point_add_18_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_18_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -41647,9 +41666,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_18_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -42100,7 +42116,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -42112,9 +42128,9 @@ sp_1024_mont_sqr_18(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_18(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -42145,6 +42161,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_18(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_18(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -42934,10 +42951,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_18(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_18(r, g, k, map, ct, heap); } @@ -42945,6 +42958,9 @@ err = sp_1024_ecc_mulmod_stripe_18(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_cortexm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2357,9 +2357,9 @@ "ADD r11, %[a], #0x100\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_2048_sub_in_pkace_64_word:\n\t" + "L_sp_2048_sub_in_place_64_word:\n\t" #else - "L_sp_2048_sub_in_pkace_64_word_%=:\n\t" + "L_sp_2048_sub_in_place_64_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -2372,11 +2372,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_2048_sub_in_pkace_64_word_%=\n\t" + "BNE L_sp_2048_sub_in_place_64_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_2048_sub_in_pkace_64_word\n\t" + "BNE.N L_sp_2048_sub_in_place_64_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_64_word_%=\n\t" + "BNE.N L_sp_2048_sub_in_place_64_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2737,9 +2737,9 @@ "ADD r11, %[a], #0x80\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_2048_sub_in_pkace_32_word:\n\t" + "L_sp_2048_sub_in_place_32_word:\n\t" #else - "L_sp_2048_sub_in_pkace_32_word_%=:\n\t" + "L_sp_2048_sub_in_place_32_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -2752,11 +2752,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_2048_sub_in_pkace_32_word_%=\n\t" + "BNE L_sp_2048_sub_in_place_32_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_2048_sub_in_pkace_32_word\n\t" + "BNE.N L_sp_2048_sub_in_place_32_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_32_word_%=\n\t" + "BNE.N L_sp_2048_sub_in_place_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -5427,9 +5427,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -5580,9 +5580,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -8544,9 +8544,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -8680,9 +8680,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -8884,6 +8884,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -9089,6 +9090,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -9819,9 +9821,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -13345,9 +13347,9 @@ "ADD r11, %[a], #0x180\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_3072_sub_in_pkace_96_word:\n\t" + "L_sp_3072_sub_in_place_96_word:\n\t" #else - "L_sp_3072_sub_in_pkace_96_word_%=:\n\t" + "L_sp_3072_sub_in_place_96_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -13360,11 +13362,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_3072_sub_in_pkace_96_word_%=\n\t" + "BNE L_sp_3072_sub_in_place_96_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_3072_sub_in_pkace_96_word\n\t" + "BNE.N L_sp_3072_sub_in_place_96_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_96_word_%=\n\t" + "BNE.N L_sp_3072_sub_in_place_96_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13725,9 +13727,9 @@ "ADD r11, %[a], #0xc0\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_3072_sub_in_pkace_48_word:\n\t" + "L_sp_3072_sub_in_place_48_word:\n\t" #else - "L_sp_3072_sub_in_pkace_48_word_%=:\n\t" + "L_sp_3072_sub_in_place_48_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -13740,11 +13742,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_3072_sub_in_pkace_48_word_%=\n\t" + "BNE L_sp_3072_sub_in_place_48_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_3072_sub_in_pkace_48_word\n\t" + "BNE.N L_sp_3072_sub_in_place_48_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_48_word_%=\n\t" + "BNE.N L_sp_3072_sub_in_place_48_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -17095,9 +17097,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -17248,9 +17250,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -21148,9 +21150,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -21284,9 +21286,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -21488,6 +21490,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -21749,6 +21752,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -22671,9 +22675,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -23686,9 +23690,9 @@ "ADD r11, %[a], #0x200\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_4096_sub_in_pkace_128_word:\n\t" + "L_sp_4096_sub_in_place_128_word:\n\t" #else - "L_sp_4096_sub_in_pkace_128_word_%=:\n\t" + "L_sp_4096_sub_in_place_128_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -23701,11 +23705,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_4096_sub_in_pkace_128_word_%=\n\t" + "BNE L_sp_4096_sub_in_place_128_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_4096_sub_in_pkace_128_word\n\t" + "BNE.N L_sp_4096_sub_in_place_128_word\n\t" #else - "BNE.N L_sp_4096_sub_in_pkace_128_word_%=\n\t" + "BNE.N L_sp_4096_sub_in_place_128_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -29495,9 +29499,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -29631,9 +29635,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -29835,6 +29839,7 @@ } #ifndef WOLFSSL_RSA_PUBLIC_ONLY +#if !defined(SP_RSA_PRIVATE_EXP_D) && !defined(RSA_LOW_MEM) #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -30152,6 +30157,7 @@ } #endif /* WOLFSSL_SP_SMALL */ +#endif /* !SP_RSA_PRIVATE_EXP_D && !RSA_LOW_MEM */ /* RSA private key operation. * * in Array of bytes representing the number to exponentiate, base. @@ -31266,9 +31272,9 @@ c = -c; y = (byte)(n << c); n = e[i--]; - y |= (byte)(n >> (64 - c)); + y |= (byte)(n >> (32 - c)); n <<= c; - c = 64 - c; + c = 32 - c; } else if (c == 0) { /* All bits in top word used. */ @@ -35850,22 +35856,23 @@ register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p; register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p; register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p; + register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( "MOV lr, #0x0\n\t" "LDM %[a], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" "LDM %[b]!, {r3, r4}\n\t" - "SUBS r5, r5, r3\n\t" + "SUBS r5, r5, %[m]\n\t" "SBCS r6, r6, r4\n\t" "LDM %[b]!, {r3, r4}\n\t" - "SBCS r7, r7, r3\n\t" + "SBCS r7, r7, %[m]\n\t" "SBCS r8, r8, r4\n\t" "LDM %[b]!, {r3, r4}\n\t" - "SBCS r9, r9, r3\n\t" + "SBCS r9, r9, %[m]\n\t" "SBCS r10, r10, r4\n\t" "LDM %[b]!, {r3, r4}\n\t" - "SBCS r11, r11, r3\n\t" + "SBCS r11, r11, %[m]\n\t" "SBCS r12, r12, r4\n\t" "SBC lr, lr, #0x0\n\t" "ADDS r5, r5, lr\n\t" @@ -35886,16 +35893,11 @@ "ADCS r11, r11, lr, LSR #31\n\t" "ADC r12, r12, lr\n\t" "STM %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", - "r11", "r12", "lr" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12", "lr" ); -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - (void)m_p; -#else - (void)m; -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } /* Divide the number by 2 mod the modulus (prime). (r = a / 2 % m) @@ -36307,6 +36309,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_8_ctx* ctx = (sp_256_proj_point_add_8_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -36314,9 +36319,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_8_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -36708,7 +36710,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -36720,9 +36722,9 @@ sp_256_mont_sqr_8(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_8(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -36753,6 +36755,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_8(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_8(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -37003,7 +37006,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -37255,10 +37260,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -37266,6 +37267,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -37383,7 +37387,9 @@ r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -37635,10 +37641,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -37646,6 +37648,9 @@ err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -39659,9 +39664,9 @@ "ADD r11, %[a], #0x20\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_256_sub_in_pkace_8_word:\n\t" + "L_sp_256_sub_in_place_8_word:\n\t" #else - "L_sp_256_sub_in_pkace_8_word_%=:\n\t" + "L_sp_256_sub_in_place_8_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -39674,11 +39679,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_256_sub_in_pkace_8_word_%=\n\t" + "BNE L_sp_256_sub_in_place_8_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_256_sub_in_pkace_8_word\n\t" + "BNE.N L_sp_256_sub_in_place_8_word\n\t" #else - "BNE.N L_sp_256_sub_in_pkace_8_word_%=\n\t" + "BNE.N L_sp_256_sub_in_place_8_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -40189,7 +40194,7 @@ sp_256_mont_mul_order_8(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 8U); @@ -45506,63 +45511,7 @@ ); } -#ifdef WOLFSSL_SP_SMALL -/* Sub b from a into r. (r = a - b) - * - * r A single precision integer. - * a A single precision integer. - * b A single precision integer. - */ -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG -WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r_p, - const sp_digit* a_p, const sp_digit* b_p) -#else -WC_OMIT_FRAME_POINTER static sp_digit sp_384_sub_12(sp_digit* r, - const sp_digit* a, const sp_digit* b) -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ -{ -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p; - register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p; - register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p; -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ - - __asm__ __volatile__ ( - "MOV r11, #0x0\n\t" - "ADD r12, %[a], #0x30\n\t" - "\n" -#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_384_sub_12_word:\n\t" -#else - "L_sp_384_sub_12_word_%=:\n\t" -#endif - "RSBS r11, r11, #0x0\n\t" - "LDM %[a]!, {r3, r4, r5, r6}\n\t" - "LDM %[b]!, {r7, r8, r9, r10}\n\t" - "SBCS r3, r3, r7\n\t" - "SBCS r4, r4, r8\n\t" - "SBCS r5, r5, r9\n\t" - "SBCS r6, r6, r10\n\t" - "STM %[r]!, {r3, r4, r5, r6}\n\t" - "SBC r11, r3, r3\n\t" - "CMP %[a], r12\n\t" -#if defined(__GNUC__) - "BNE L_sp_384_sub_12_word_%=\n\t" -#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_384_sub_12_word\n\t" -#else - "BNE.N L_sp_384_sub_12_word_%=\n\t" -#endif - "MOV %[r], r11\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) - : - : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", - "r11", "r12" - ); - return (word32)(size_t)r; -} - -#else +#ifndef WOLFSSL_SP_SMALL /* Sub b from a into r. (r = a - b) * * r A single precision integer. @@ -45613,7 +45562,7 @@ return (word32)(size_t)r; } -#endif /* WOLFSSL_SP_SMALL */ +#endif /* !WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Conditionally add a and b using the mask m. * m is -1 to add and 0 when not. @@ -45772,7 +45721,7 @@ #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( - "MOV r3, #0x0\n\t" + "MOV %[m], #0x0\n\t" "LDM %[a]!, {r8, r9, r10, r11}\n\t" "LDM %[b]!, {r4, r5, r6, r7}\n\t" "SUBS r8, r8, r4\n\t" @@ -45794,47 +45743,47 @@ "SBCS r10, r10, r6\n\t" "SBCS r11, r11, r7\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" - "SBC r3, r3, #0x0\n\t" + "SBC %[m], %[m], #0x0\n\t" "SUB %[r], %[r], #0x30\n\t" - "LSR r12, r3, #1\n\t" + "LSR r12, %[m], #1\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" - "ADDS r8, r8, r3\n\t" + "ADDS r8, r8, %[m]\n\t" "ADCS r9, r9, #0x0\n\t" "ADCS r10, r10, #0x0\n\t" - "ADCS r11, r11, r3\n\t" + "ADCS r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" "ADCS r8, r8, r12, LSL #1\n\t" - "ADCS r9, r9, r3\n\t" - "ADCS r10, r10, r3\n\t" - "ADCS r11, r11, r3\n\t" + "ADCS r9, r9, %[m]\n\t" + "ADCS r10, r10, %[m]\n\t" + "ADCS r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" - "ADCS r8, r8, r3\n\t" - "ADCS r9, r9, r3\n\t" - "ADCS r10, r10, r3\n\t" - "ADCS r11, r11, r3\n\t" + "ADCS r8, r8, %[m]\n\t" + "ADCS r9, r9, %[m]\n\t" + "ADCS r10, r10, %[m]\n\t" + "ADCS r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" - "ADC r3, r3, #0x0\n\t" + "ADC %[m], %[m], #0x0\n\t" "SUB %[r], %[r], #0x30\n\t" - "LSR r12, r3, #1\n\t" + "LSR r12, %[m], #1\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" - "ADDS r8, r8, r3\n\t" + "ADDS r8, r8, %[m]\n\t" "ADCS r9, r9, #0x0\n\t" "ADCS r10, r10, #0x0\n\t" - "ADCS r11, r11, r3\n\t" + "ADCS r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" "ADCS r8, r8, r12, LSL #1\n\t" - "ADCS r9, r9, r3\n\t" - "ADCS r10, r10, r3\n\t" - "ADCS r11, r11, r3\n\t" + "ADCS r9, r9, %[m]\n\t" + "ADCS r10, r10, %[m]\n\t" + "ADCS r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" "LDM %[r], {r8, r9, r10, r11}\n\t" - "ADCS r8, r8, r3\n\t" - "ADCS r9, r9, r3\n\t" - "ADCS r10, r10, r3\n\t" - "ADC r11, r11, r3\n\t" + "ADCS r8, r8, %[m]\n\t" + "ADCS r9, r9, %[m]\n\t" + "ADCS r10, r10, %[m]\n\t" + "ADC r11, r11, %[m]\n\t" "STM %[r]!, {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : @@ -46273,6 +46222,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_12_ctx* ctx = (sp_384_proj_point_add_12_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -46280,9 +46232,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_12_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -46698,7 +46647,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -46710,9 +46659,9 @@ sp_384_mont_sqr_12(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_12(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -46743,6 +46692,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_12(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_12(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -47001,7 +46951,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -47261,10 +47213,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -47272,6 +47220,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -47397,7 +47348,9 @@ r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -47657,10 +47610,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -47668,6 +47617,9 @@ err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -49687,9 +49639,9 @@ "ADD r11, %[a], #0x30\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_384_sub_in_pkace_12_word:\n\t" + "L_sp_384_sub_in_place_12_word:\n\t" #else - "L_sp_384_sub_in_pkace_12_word_%=:\n\t" + "L_sp_384_sub_in_place_12_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -49702,11 +49654,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_384_sub_in_pkace_12_word_%=\n\t" + "BNE L_sp_384_sub_in_place_12_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_384_sub_in_pkace_12_word\n\t" + "BNE.N L_sp_384_sub_in_place_12_word\n\t" #else - "BNE.N L_sp_384_sub_in_pkace_12_word_%=\n\t" + "BNE.N L_sp_384_sub_in_place_12_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -50248,7 +50200,7 @@ sp_384_mont_mul_order_12(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 12U); @@ -57498,9 +57450,23 @@ "SUB %[r], %[r], #0x44\n\t" "LDM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "ADDS r4, r4, r2\n\t" - "ADCS r4, r4, #0x0\n\t" + "ADCS r5, r5, #0x0\n\t" + "ADCS r6, r6, #0x0\n\t" + "ADCS r7, r7, #0x0\n\t" + "ADCS r8, r8, #0x0\n\t" + "ADCS r9, r9, #0x0\n\t" + "ADCS r10, r10, #0x0\n\t" + "ADCS r11, r11, #0x0\n\t" "STM %[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "LDM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" + "ADCS r4, r4, #0x0\n\t" + "ADCS r5, r5, #0x0\n\t" + "ADCS r6, r6, #0x0\n\t" + "ADCS r7, r7, #0x0\n\t" + "ADCS r8, r8, #0x0\n\t" + "ADCS r9, r9, #0x0\n\t" + "ADCS r10, r10, #0x0\n\t" + "ADCS r11, r11, #0x0\n\t" "STM %[r]!, {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" "LDM %[r], {r4}\n\t" "ADCS r4, r4, #0x0\n\t" @@ -57536,10 +57502,11 @@ register sp_digit* r __asm__ ("r0") = (sp_digit*)r_p; register const sp_digit* a __asm__ ("r1") = (const sp_digit*)a_p; register const sp_digit* b __asm__ ("r2") = (const sp_digit*)b_p; + register const sp_digit* m __asm__ ("r3") = (const sp_digit*)m_p; #endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ __asm__ __volatile__ ( - "MOV r3, #0x0\n\t" + "MOV %[m], #0x0\n\t" "LDM %[a]!, {r8, r9, r10, r11}\n\t" "LDM %[b]!, {r4, r5, r6, r7}\n\t" "SUBS r8, r8, r4\n\t" @@ -57572,13 +57539,13 @@ "LDM %[b]!, {r4}\n\t" "SBCS r8, r8, r4\n\t" "MOV r12, #0x1ff\n\t" - "ASR r3, r8, #9\n\t" + "ASR %[m], r8, #9\n\t" "AND r8, r8, r12\n\t" - "neg r3, r3\n\t" + "neg %[m], %[m]\n\t" "STM %[r]!, {r8}\n\t" "SUB %[r], %[r], #0x44\n\t" "LDM %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" - "SUBS r4, r4, r3\n\t" + "SUBS r4, r4, %[m]\n\t" "SBCS r5, r5, #0x0\n\t" "SBCS r6, r6, #0x0\n\t" "SBCS r7, r7, #0x0\n\t" @@ -57600,16 +57567,11 @@ "LDM %[r], {r4}\n\t" "SBCS r4, r4, #0x0\n\t" "STM %[r]!, {r4}\n\t" - : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) + : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", - "r3", "r12" + "r12" ); -#ifndef WOLFSSL_NO_VAR_ASSIGN_REG - (void)m_p; -#else - (void)m; -#endif /* !WOLFSSL_NO_VAR_ASSIGN_REG */ } #ifndef WOLFSSL_NO_VAR_ASSIGN_REG @@ -58063,6 +58025,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_17_ctx* ctx = (sp_521_proj_point_add_17_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -58070,9 +58035,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_17_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -58483,7 +58445,17 @@ } y = k[0] & 0x1; sp_521_proj_point_dbl_17(rt, rt, tmp); - sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + #ifndef WC_NO_CACHE_RESISTANT + if (ct) { + sp_521_get_point_16_17(p, t, y); + p->infinity = !y; + sp_521_proj_point_add_17(rt, rt, p, tmp); + } + else + #endif + { + sp_521_proj_point_add_17(rt, rt, &t[y], tmp); + } if (map != 0) { sp_521_map_17(r, rt, tmp); @@ -58522,7 +58494,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -58534,9 +58506,9 @@ sp_521_mont_sqr_17(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_17(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -58567,6 +58539,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_17(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_17(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -58835,7 +58808,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -59105,10 +59080,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -59116,6 +59087,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -59251,7 +59225,9 @@ r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = (sp_digit)0 - (i == idx); + sp_digit gte = (sp_digit)((((sp_uint32)i - (sp_uint32)idx) >> 31) - 1); + sp_digit lte = (sp_digit)((((sp_uint32)idx - (sp_uint32)i) >> 31) - 1); + mask = gte & lte; r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -59521,10 +59497,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -59532,6 +59504,9 @@ err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -62101,77 +62076,77 @@ "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" "LDR r6, [%[a], #8]\n\t" - "STR r4, [%[a]]\n\t" + "STR r4, [%[r]]\n\t" "LSL r3, r6, r7\n\t" "LSR r6, r6, %[n]\n\t" "ORR r5, r5, r3\n\t" "LDR r4, [%[a], #12]\n\t" - "STR r5, [%[a], #4]\n\t" + "STR r5, [%[r], #4]\n\t" "LSL r3, r4, r7\n\t" "LSR r4, r4, %[n]\n\t" "ORR r6, r6, r3\n\t" "LDR r5, [%[a], #16]\n\t" - "STR r6, [%[a], #8]\n\t" + "STR r6, [%[r], #8]\n\t" "LSL r3, r5, r7\n\t" "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" "LDR r6, [%[a], #20]\n\t" - "STR r4, [%[a], #12]\n\t" + "STR r4, [%[r], #12]\n\t" "LSL r3, r6, r7\n\t" "LSR r6, r6, %[n]\n\t" "ORR r5, r5, r3\n\t" "LDR r4, [%[a], #24]\n\t" - "STR r5, [%[a], #16]\n\t" + "STR r5, [%[r], #16]\n\t" "LSL r3, r4, r7\n\t" "LSR r4, r4, %[n]\n\t" "ORR r6, r6, r3\n\t" "LDR r5, [%[a], #28]\n\t" - "STR r6, [%[a], #20]\n\t" + "STR r6, [%[r], #20]\n\t" "LSL r3, r5, r7\n\t" "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" "LDR r6, [%[a], #32]\n\t" - "STR r4, [%[a], #24]\n\t" + "STR r4, [%[r], #24]\n\t" "LSL r3, r6, r7\n\t" "LSR r6, r6, %[n]\n\t" "ORR r5, r5, r3\n\t" "LDR r4, [%[a], #36]\n\t" - "STR r5, [%[a], #28]\n\t" + "STR r5, [%[r], #28]\n\t" "LSL r3, r4, r7\n\t" "LSR r4, r4, %[n]\n\t" "ORR r6, r6, r3\n\t" "LDR r5, [%[a], #40]\n\t" - "STR r6, [%[a], #32]\n\t" + "STR r6, [%[r], #32]\n\t" "LSL r3, r5, r7\n\t" "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" "LDR r6, [%[a], #44]\n\t" - "STR r4, [%[a], #36]\n\t" + "STR r4, [%[r], #36]\n\t" "LSL r3, r6, r7\n\t" "LSR r6, r6, %[n]\n\t" "ORR r5, r5, r3\n\t" "LDR r4, [%[a], #48]\n\t" - "STR r5, [%[a], #40]\n\t" + "STR r5, [%[r], #40]\n\t" "LSL r3, r4, r7\n\t" "LSR r4, r4, %[n]\n\t" "ORR r6, r6, r3\n\t" "LDR r5, [%[a], #52]\n\t" - "STR r6, [%[a], #44]\n\t" + "STR r6, [%[r], #44]\n\t" "LSL r3, r5, r7\n\t" "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" "LDR r6, [%[a], #56]\n\t" - "STR r4, [%[a], #48]\n\t" + "STR r4, [%[r], #48]\n\t" "LSL r3, r6, r7\n\t" "LSR r6, r6, %[n]\n\t" "ORR r5, r5, r3\n\t" "LDR r4, [%[a], #60]\n\t" - "STR r5, [%[a], #52]\n\t" + "STR r5, [%[r], #52]\n\t" "LSL r3, r4, r7\n\t" "LSR r4, r4, %[n]\n\t" "ORR r6, r6, r3\n\t" "LDR r5, [%[a], #64]\n\t" - "STR r6, [%[a], #56]\n\t" + "STR r6, [%[r], #56]\n\t" "LSL r3, r5, r7\n\t" "LSR r5, r5, %[n]\n\t" "ORR r4, r4, r3\n\t" @@ -62560,9 +62535,9 @@ "ADD r11, %[a], #0x40\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_521_sub_in_pkace_17_word:\n\t" + "L_sp_521_sub_in_place_17_word:\n\t" #else - "L_sp_521_sub_in_pkace_17_word_%=:\n\t" + "L_sp_521_sub_in_place_17_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -62575,11 +62550,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_521_sub_in_pkace_17_word_%=\n\t" + "BNE L_sp_521_sub_in_place_17_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_521_sub_in_pkace_17_word\n\t" + "BNE.N L_sp_521_sub_in_place_17_word\n\t" #else - "BNE.N L_sp_521_sub_in_pkace_17_word_%=\n\t" + "BNE.N L_sp_521_sub_in_place_17_word_%=\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2}\n\t" @@ -63171,7 +63146,7 @@ sp_521_mont_mul_order_17(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 17U); @@ -68885,9 +68860,9 @@ "ADD r11, %[a], #0x80\n\t" "\n" #if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "L_sp_1024_sub_in_pkace_32_word:\n\t" + "L_sp_1024_sub_in_place_32_word:\n\t" #else - "L_sp_1024_sub_in_pkace_32_word_%=:\n\t" + "L_sp_1024_sub_in_place_32_word_%=:\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" @@ -68900,11 +68875,11 @@ "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" #if defined(__GNUC__) - "BNE L_sp_1024_sub_in_pkace_32_word_%=\n\t" + "BNE L_sp_1024_sub_in_place_32_word_%=\n\t" #elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) - "BNE.N L_sp_1024_sub_in_pkace_32_word\n\t" + "BNE.N L_sp_1024_sub_in_place_32_word\n\t" #else - "BNE.N L_sp_1024_sub_in_pkace_32_word_%=\n\t" + "BNE.N L_sp_1024_sub_in_place_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -72601,6 +72576,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_32_ctx* ctx = (sp_1024_proj_point_add_32_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -72608,9 +72586,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_32_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -72907,7 +72882,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -72919,9 +72894,9 @@ sp_1024_mont_sqr_32(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_32(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -72952,6 +72927,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_32(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_32(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -73389,10 +73365,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -73400,6 +73372,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73704,10 +73679,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -73715,6 +73686,9 @@ err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_dsp32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_cdsp_signed.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2710,10 +2710,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_10(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_10(r, g, k, map, heap); } @@ -2721,6 +2717,9 @@ err = sp_256_ecc_mulmod_stripe_10(r, g, cache->table, k, map, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_lock); +#endif /* HAVE_THREAD_LS */ } return err; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_int.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_int.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -89,6 +89,96 @@ * Dynamic arrays used when not small stack. * WOLFSSL_SP_FAST_MODEXP Allow fast mod_exp with small C code * WOLFSSL_SP_LOW_MEM Use algorithms that use less memory. + * WOLFSSL_SMALL_STACK: Use heap for large structures to reduce + * stack usage + * WOLFSSL_KEY_GEN: Key generation support enabled + * WOLFSSL_RSA_PUBLIC_ONLY: Only RSA public operations compiled in + * WOLFSSL_RSA_VERIFY_ONLY: Only RSA verify operations compiled in + * NO_RSA: RSA support disabled + * NO_DH: DH support disabled + * NO_DSA: DSA support disabled + * NO_INLINE: sp_int.c includes misc.c directly instead of + * inlining + * HAVE_ECC: ECC support enabled, enables ECC-related SP + * functions + * HAVE_FIPS: FIPS mode enabled + * HAVE_WOLF_BIGINT: wolfBigInt support, enables bigint conversion + * functions + * FREESCALE_LTC_TFM: Freescale LTC hardware acceleration replaces SP + * modular exponentiation + * OPENSSL_EXTRA: OpenSSL API compatibility enabled + * OPENSSL_ALL: Full OpenSSL API compatibility enabled + * WC_NO_HARDEN: Disable timing attack resistance + * WC_NO_CACHE_RESISTANT: Disable cache-resistant (constant-address) + * operations + * WC_NO_RNG: No RNG available, disables functions needing + * random numbers + * WC_PROTECT_ENCRYPTED_MEM: Enable protection of encrypted memory + * operations + * WC_DISABLE_RADIX_ZERO_PAD: Disable zero padding when converting to a + * radix string + * WOLFSSL_NO_CT_OPS: Disable constant-time operations + * WOLFSSL_CHECK_MEM_ZERO: Enable checking that sensitive memory is + * zeroed on free + * WOLFSSL_SP_MILLER_RABIN_CNT: Number of Miller-Rabin rounds for prime + * testing (default: 8) + * WOLFSSL_NO_ASM: Disable all assembly implementations + * WOLFSSL_KEIL: Keil compiler in use, affects inline assembly + * syntax + * WOLFSSL_USE_SAVE_VECTOR_REGISTERS: Save/restore vector registers around + * SP ASM calls + * WOLFSSL_SP_INT_LARGE_COMBA: Enable large Comba multiplication and + * squaring + * WOLFSSL_SP_INT_SQR_VOLATILE: Declare squaring intermediate variables as + * volatile + * SP_INT_NO_ASM: Disable use of SP ASM even when + * SP_INT_ASM_AVAILABLE is set + * SP_MATH_NEED_ADD_OFF: Enable sp_add variant with an offset into + * the result + * + * The following are not user settable but are set in settings.h or sp_int.h + * based on other defines and platform: + * BIG_ENDIAN_ORDER: (Auto) Set in types.h when WORDS_BIGENDIAN + * is defined by the platform or build system + * LITTLE_ENDIAN_ORDER: (Auto) Set in types.h when BIG_ENDIAN_ORDER + * is not defined; the default byte ordering + * WOLFSSL_SP_DYN_STACK: (Auto) Set in sp_int.h when C99 and + * conditions allow a dynamic stack sp_int + * WOLFSSL_SP_DIV_WORD_HALF: (Auto) Set in sp_int.h/settings.h when + * platform lacks a native double-word type + * WOLFSSL_ARM_ARCH: (Auto) Set in sp_int.h as alias for + * WOLFSSL_SP_ARM_ARCH; use WOLFSSL_SP_ARM_ARCH to configure + * WOLFSSL_SP_ADD_D: (Auto) Set in settings.h; enables sp_add_d + * based on which algorithms are active + * WOLFSSL_SP_SUB_D: (Auto) Set in settings.h; enables sp_sub_d + * based on which algorithms are active + * WOLFSSL_SP_MUL_D: (Auto) Set in settings.h; enables sp_mul_d + * based on which algorithms are active + * WOLFSSL_SP_DIV_D: (Auto) Set in sp_int.c; enables sp_div_d + * based on which algorithms are active + * WOLFSSL_SP_MOD_D: (Auto) Set in sp_int.c; enables sp_mod_d + * based on which algorithms are active + * WOLFSSL_SP_INVMOD: (Auto) Set in settings.h; enables + * sp_invmod based on which algorithms are active + * WOLFSSL_SP_INVMOD_MONT_CT: (Auto) Set in settings.h; enables + * constant-time Montgomery inverse when needed + * WOLFSSL_SP_PRIME_GEN: (Auto) Set in settings.h; enables prime + * generation based on which algorithms are active + * WOLFSSL_SP_READ_RADIX_16: (Auto) Set in settings.h; enables reading + * base-16 strings based on which algorithms are active + * WOLFSSL_SP_READ_RADIX_10: (Auto) Set in settings.h; enables reading + * base-10 strings based on which algorithms are active + * + * SP_ALLOC: (Internal) Heap allocation in use for SP + * variables in exptmod + * SP_ALLOC_PREDEFINED: (Internal) Set when SP_ALLOC was defined + * before this file + * SP_INT_ASM_AVAILABLE: (Internal) Set when a platform ASM + * implementation is present + * SP_ASM_DIV_WORD: (Internal) Platform macro: hardware + * double-word division available + * SP_WORD_OVERFLOW: (Internal) Set in sp_int.h when mul/sqr + * partial sums can overflow sp_int_word */ /* TODO: WOLFSSL_SP_SMALL is incompatible with clang-12+ -Os. */ @@ -111,7 +201,8 @@ #if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM) /* force off unneeded vector register save/restore. */ #undef SAVE_VECTOR_REGISTERS - #define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause) + #define SAVE_VECTOR_REGISTERS(fail_clause) \ + SAVE_NO_VECTOR_REGISTERS(fail_clause) #undef RESTORE_VECTOR_REGISTERS #define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS() #endif @@ -651,9 +742,9 @@ * * Using divq instruction on Intel x64. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -856,9 +947,9 @@ * * Using divl instruction on Intel x64. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -1036,9 +1127,9 @@ * Using udiv instruction on Aarch64. * Constant time. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -1252,9 +1343,9 @@ * No division instruction used - does operation bit by bit. * Constant time. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -1354,12 +1445,12 @@ #else /* Divide a two digit number by a digit number and return. (hi | lo) / d * - * Using udiv instruction on arm32 + * Using udiv instruction on ARM32. * Constant time. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -2895,9 +2986,9 @@ * No division instruction used - does operation bit by bit. * Constant time. * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -5013,7 +5104,7 @@ #endif /* SP_ASM_ADDC_REG */ #ifndef SP_ASM_SUBB_REG #define SP_ASM_SUBB_REG SP_ASM_SUBB - #endif /* SP_ASM_ADDC_REG */ + #endif /* SP_ASM_SUBB_REG */ #endif /* SQR_MUL_ASM */ #endif /* !WOLFSSL_NO_ASM */ @@ -5041,16 +5132,16 @@ #endif /* Modular exponentiation implementations using Single Precision. */ -WOLFSSL_LOCAL int sp_ModExp_1024(sp_int* base, sp_int* exp, sp_int* mod, - sp_int* res); -WOLFSSL_LOCAL int sp_ModExp_1536(sp_int* base, sp_int* exp, sp_int* mod, - sp_int* res); -WOLFSSL_LOCAL int sp_ModExp_2048(sp_int* base, sp_int* exp, sp_int* mod, - sp_int* res); -WOLFSSL_LOCAL int sp_ModExp_3072(sp_int* base, sp_int* exp, sp_int* mod, - sp_int* res); -WOLFSSL_LOCAL int sp_ModExp_4096(sp_int* base, sp_int* exp, sp_int* mod, - sp_int* res); +WOLFSSL_LOCAL int sp_ModExp_1024(const sp_int* base, const sp_int* exp, + const sp_int* mod, sp_int* res); +WOLFSSL_LOCAL int sp_ModExp_1536(const sp_int* base, const sp_int* exp, + const sp_int* mod, sp_int* res); +WOLFSSL_LOCAL int sp_ModExp_2048(const sp_int* base, const sp_int* exp, + const sp_int* mod, sp_int* res); +WOLFSSL_LOCAL int sp_ModExp_3072(const sp_int* base, const sp_int* exp, + const sp_int* mod, sp_int* res); +WOLFSSL_LOCAL int sp_ModExp_4096(const sp_int* base, const sp_int* exp, + const sp_int* mod, sp_int* res); #ifdef __cplusplus } /* extern "C" */ @@ -5074,11 +5165,11 @@ * * Assumes a is not NULL. * - * @param [out] a SP integer to set to zero. + * @param [out] a SP integer to set to zero. */ -static void _sp_zero(sp_int* a) +static void _sp_zero(volatile sp_int* a) { - sp_int_minimal* am = (sp_int_minimal *)a; + volatile sp_int_minimal* am = (volatile sp_int_minimal *)a; am->used = 0; am->dp[0] = 0; @@ -5090,8 +5181,8 @@ /* Initialize the multi-precision number to be zero with a given max size. * - * @param [out] a SP integer. - * @param [in] size Number of words to say are available. + * @param [out] a SP integer. + * @param [in] size Number of words to make available. */ static void _sp_init_size(sp_int* a, unsigned int size) { @@ -5100,15 +5191,15 @@ #ifdef HAVE_WOLF_BIGINT wc_bigint_init((struct WC_BIGINT*)&am->raw); #endif - _sp_zero((sp_int*)am); + _sp_zero((volatile sp_int*)am); am->size = (sp_size_t)size; } /* Initialize the multi-precision number to be zero with a given max size. * - * @param [out] a SP integer. - * @param [in] size Number of words to say are available. + * @param [out] a SP integer. + * @param [in] size Number of words to make available. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL. @@ -5131,7 +5222,7 @@ /* Initialize the multi-precision number to be zero. * - * @param [out] a SP integer. + * @param [out] a SP integer. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL. @@ -5155,12 +5246,12 @@ #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC) /* Initialize up to six multi-precision numbers to be zero. * - * @param [out] n1 SP integer. - * @param [out] n2 SP integer. - * @param [out] n3 SP integer. - * @param [out] n4 SP integer. - * @param [out] n5 SP integer. - * @param [out] n6 SP integer. + * @param [out] n1 SP integer. + * @param [out] n2 SP integer. + * @param [out] n3 SP integer. + * @param [out] n4 SP integer. + * @param [out] n5 SP integer. + * @param [out] n6 SP integer. * * @return MP_OKAY on success. */ @@ -5193,7 +5284,7 @@ /* Free the memory allocated in the multi-precision number. * - * @param [in] a SP integer. + * @param [in] a SP integer. */ void sp_free(sp_int* a) { @@ -5209,11 +5300,11 @@ /* Grow multi-precision number to be able to hold l digits. * This function does nothing as the number of digits is fixed. * - * @param [in,out] a SP integer. - * @param [in] l Number of digits to grow to. + * @param [in, out] a SP integer. + * @param [in] l Number of digits to grow to. * - * @return MP_OKAY on success - * @return MP_MEM if the number of digits requested is more than available. + * @return MP_OKAY on success. + * @return MP_MEM when the number of digits requested is more than available. */ int sp_grow(sp_int* a, int l) { @@ -5244,7 +5335,7 @@ defined(HAVE_ECC) || defined(WOLFSSL_PUBLIC_MP) /* Set the multi-precision number to zero. * - * @param [out] a SP integer to set to zero. + * @param [out] a SP integer to set to zero. */ void sp_zero(sp_int* a) { @@ -5257,7 +5348,7 @@ /* Clear the data from the multi-precision number, set to zero and free. * - * @param [out] a SP integer. + * @param [out] a SP integer. */ void sp_clear(sp_int* a) { @@ -5285,11 +5376,11 @@ * * Use when security sensitive data needs to be wiped. * - * @param [in] a SP integer. + * @param [in] a SP integer. */ void sp_forcezero(sp_int* a) { - /* Zeroize when a vald pointer passed in. */ + /* Zeroize when a valid pointer passed in. */ if (a != NULL) { /* Ensure all data zeroized - data not zeroed when used decreases. */ ForceZero(a->dp, a->size * (word32)SP_WORD_SIZEOF); @@ -5309,8 +5400,8 @@ !defined(NO_RSA) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) /* Copy value of multi-precision number a into r. * - * @param [in] a SP integer - source. - * @param [out] r SP integer - destination. + * @param [in] a SP integer - source. + * @param [out] r SP integer - destination. */ static void _sp_copy(const sp_int* a, sp_int* r) { @@ -5331,8 +5422,8 @@ /* Copy value of multi-precision number a into r. * - * @param [in] a SP integer - source. - * @param [out] r SP integer - destination. + * @param [in] a SP integer - source. + * @param [out] r SP integer - destination. * * @return MP_OKAY on success. */ @@ -5359,8 +5450,8 @@ } #endif -#if ((defined(WOLFSSL_SP_MATH_ALL) && ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH))) || \ +#if ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ defined(OPENSSL_ALL)) && defined(WC_PROTECT_ENCRYPTED_MEM) /* Copy 2 numbers into two results based on y. Copy a fixed number of digits. @@ -5407,8 +5498,8 @@ #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && defined(FP_ECC)) /* Initializes r and copies in value from a. * - * @param [out] r SP integer - destination. - * @param [in] a SP integer - source. + * @param [out] r SP integer - destination. + * @param [in] a SP integer - source. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL. @@ -5433,8 +5524,8 @@ * * Avoid using this API as three copy operations are performed. * - * @param [in,out] a SP integer to swap. - * @param [in,out] b SP integer to swap. + * @param [in, out] a SP integer to swap. + * @param [in, out] b SP integer to swap. * * @return MP_OKAY on success. * @return MP_VAL when a or b is NULL. @@ -5484,11 +5575,11 @@ !defined(WC_NO_CACHE_RESISTANT) /* Conditional swap of SP int values in constant time. * - * @param [in] a First SP int to conditionally swap. - * @param [in] b Second SP int to conditionally swap. - * @param [in] cnt Count of words to copy. - * @param [in] swap When value is 1 then swap. - * @param [in] t Temporary SP int to use in swap. + * @param [in, out] a First SP int to conditionally swap. + * @param [in, out] b Second SP int to conditionally swap. + * @param [in] cnt Count of words to copy. + * @param [in] swap When value is 1 then swap. + * @param [in, out] t Temporary SP int to use in swap. * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. */ @@ -5520,7 +5611,7 @@ /* XOR temporary - when mask set then result will be a. */ b->used ^= t->used; #ifdef WOLFSSL_SP_INT_NEGATIVE - b->sign ^= b->sign; + b->sign ^= t->sign; #endif for (i = 0; i < (unsigned int)cnt; i++) { b->dp[i] ^= t->dp[i]; @@ -5531,10 +5622,10 @@ /* Conditional swap of SP int values in constant time. * - * @param [in] a First SP int to conditionally swap. - * @param [in] b Second SP int to conditionally swap. - * @param [in] cnt Count of words to copy. - * @param [in] swap When value is 1 then swap. + * @param [in] a First SP int to conditionally swap. + * @param [in] b Second SP int to conditionally swap. + * @param [in] cnt Count of words to copy. + * @param [in] swap When value is 1 then swap. * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. */ @@ -5558,8 +5649,8 @@ #ifdef WOLFSSL_SP_INT_NEGATIVE /* Calculate the absolute value of the multi-precision number. * - * @param [in] a SP integer to calculate absolute value of. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to calculate absolute value of. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL. @@ -5579,7 +5670,7 @@ #endif /* WOLFSSL_SP_INT_NEGATIVE */ #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + !defined(NO_RSA) /* Compare absolute value of two multi-precision numbers. * * @param [in] a SP integer. @@ -5587,7 +5678,7 @@ * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a is equals b. + * @return MP_EQ when a is equal to b. */ static int _sp_cmp_abs(const sp_int* a, const sp_int* b) { @@ -5606,7 +5697,7 @@ /* Starting from most significant word, compare words. * Stop when different and set comparison return. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { if (a->dp[i] > b->dp[i]) { ret = MP_GT; break; @@ -5626,14 +5717,14 @@ #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) /* Compare absolute value of two multi-precision numbers. * - * Pointers are compared such that NULL is less than not NULL. + * Pointers are compared such that NULL is less than non-NULL. * * @param [in] a SP integer. * @param [in] b SP integer. * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a equals b. + * @return MP_EQ when a is equal to b. */ int sp_cmp_mag(const sp_int* a, const sp_int* b) { @@ -5662,9 +5753,7 @@ #endif #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) || !defined(NO_DH) || \ - (!defined(NO_RSA) && (!defined(WOLFSSL_RSA_VERIFY_ONLY) || \ - defined(WOLFSSL_KEY_GEN))) + defined(OPENSSL_EXTRA) || !defined(NO_DH) || !defined(NO_RSA) /* Compare two multi-precision numbers. * * Assumes a and b are not NULL. @@ -5674,7 +5763,7 @@ * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a is equals b. + * @return MP_EQ when a is equal to b. */ static int _sp_cmp(const sp_int* a, const sp_int* b) { @@ -5706,19 +5795,18 @@ } #endif -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH) || \ - defined(WOLFSSL_SP_MATH_ALL) +#if !defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC) || \ + !defined(NO_DH) || defined(WOLFSSL_SP_MATH_ALL) /* Compare two multi-precision numbers. * - * Pointers are compared such that NULL is less than not NULL. + * Pointers are compared such that NULL is less than non-NULL. * * @param [in] a SP integer. * @param [in] b SP integer. * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a is equals b. + * @return MP_EQ when a is equal to b. */ int sp_cmp(const sp_int* a, const sp_int* b) { @@ -5759,7 +5847,7 @@ * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a is equals b. + * @return MP_EQ when a is equal to b. */ static int _sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n) { @@ -5782,9 +5870,9 @@ /* Compare two multi-precision numbers in constant time. * - * Pointers are compared such that NULL is less than not NULL. + * Pointers are compared such that NULL is less than non-NULL. * Assumes a and b are positive. - * Assumes a and b have n digits set at sometime. + * Assumes a and b have had n digits set at some point. * * @param [in] a SP integer. * @param [in] b SP integer. @@ -5792,7 +5880,7 @@ * * @return MP_GT when a is greater than b. * @return MP_LT when a is less than b. - * @return MP_EQ when a is equals b. + * @return MP_EQ when a is equal to b. */ int sp_cmp_ct(const sp_int* a, const sp_int* b, unsigned int n) { @@ -5831,8 +5919,8 @@ * * When a is NULL, result is 0. * - * @param [in] a SP integer. - * @param [in] b Bit position to check. + * @param [in] a SP integer. + * @param [in] b Bit position to check. * * @return 0 when bit is not set. * @return 1 when bit is set. @@ -5861,7 +5949,7 @@ * * When a is NULL, result is 0. * - * @param [in] a SP integer. + * @param [in] a SP integer. * * @return Number of bits in the SP integer value. */ @@ -5947,9 +6035,9 @@ /* Count the number of least significant zero bits. * - * When a is not NULL, result is 0. + * When a is NULL, result is 0. * - * @param [in] a SP integer to use. + * @param [in] a SP integer to use. * * @return Number of least significant zero bits. */ @@ -5971,7 +6059,7 @@ /* Use 4-bit table to get count. */ for (j = 0; j < SP_WORD_SIZE; j += SP_LNZ_BITS) { - /* Get number of lesat significant 0 bits in nibble. */ + /* Get number of least significant 0 bits in nibble. */ int cnt = sp_lnz[(a->dp[i] >> j) & SP_LNZ_MASK]; /* Done if not all 4 bits are zero. */ if (cnt != 4) { @@ -5993,7 +6081,7 @@ * * When a is NULL, result is 0. * - * @param [in] a SP integer. + * @param [in] a SP integer. * * @return 1 when the top bit of top byte is set. * @return 0 when the top bit of top byte is not set. @@ -6027,8 +6115,8 @@ /* Set one bit of a: a |= 1 << i * The field 'used' is updated in a. * - * @param [in,out] a SP integer to set bit into. - * @param [in] i Index of bit to set. + * @param [in, out] a SP integer to set bit into. + * @param [in] i Index of bit to set. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL, index is negative or index is too large. @@ -6039,7 +6127,7 @@ /* Get index of word to set. */ sp_size_t w = (sp_size_t)(i >> SP_WORD_SHIFT); - /* Check for valid number and and space for bit. */ + /* Check for valid number and space for bit. */ if ((a == NULL) || (i < 0) || (w >= a->size)) { err = MP_VAL; } @@ -6072,11 +6160,11 @@ /* Exponentiate 2 to the power of e: a = 2^e * This is done by setting the 'e'th bit. * - * @param [out] a SP integer to hold result. - * @param [in] e Exponent. + * @param [out] a SP integer to hold result. + * @param [in] e Exponent. * * @return MP_OKAY on success. - * @return MP_VAL when a is NULL, e is negative or 2^exponent is too large. + * @return MP_VAL when a is NULL, e is negative or 2^e is too large. */ int sp_2expt(sp_int* a, int e) { @@ -6105,8 +6193,8 @@ defined(HAVE_ECC) /* Set the multi-precision number to be the value of the digit. * - * @param [out] a SP integer to become number. - * @param [in] d Digit to be set. + * @param [out] a SP integer to become number. + * @param [in] d Digit to be set. */ static void _sp_set(sp_int* a, sp_int_digit d) { @@ -6123,8 +6211,8 @@ /* Set the multi-precision number to be the value of the digit. * - * @param [out] a SP integer to become number. - * @param [in] d Digit to be set. + * @param [out] a SP integer to become number. + * @param [in] d Digit to be set. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL. @@ -6150,8 +6238,8 @@ * * Number may be larger than the size of a digit. * - * @param [out] a SP integer to set. - * @param [in] n Long value to set. + * @param [out] a SP integer to set. + * @param [in] n Long value to set. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL. @@ -6197,19 +6285,18 @@ } #endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */ -#if defined(WOLFSSL_SP_MATH_ALL) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_ECC) /* Compare a one digit number with a multi-precision number. * * When a is NULL, MP_LT is returned. * - * @param [in] a SP integer to compare. - * @param [in] d Digit to compare with. + * @param [in] a SP integer to compare. + * @param [in] d Digit to compare with. * * @return MP_GT when a is greater than d. * @return MP_LT when a is less than d. - * @return MP_EQ when a is equals d. + * @return MP_EQ when a is equal to d. */ int sp_cmp_d(const sp_int* a, sp_int_digit d) { @@ -6259,9 +6346,9 @@ defined(WOLFSSL_SP_SUB_D)) || defined(WOLFSSL_SP_READ_RADIX_10) /* Add a one digit number to the multi-precision number. * - * @param [in] a SP integer be added to. - * @param [in] d Digit to add. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to be added to. + * @param [in] d Digit to add. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when result is too large for fixed size dp array. @@ -6325,9 +6412,9 @@ !defined(WC_NO_RNG)) /* Sub a one digit number from the multi-precision number. * - * @param [in] a SP integer be subtracted from. - * @param [in] d Digit to subtract. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to be subtracted from. + * @param [in] d Digit to subtract. + * @param [out] r SP integer to store result in. */ static void _sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) { @@ -6371,9 +6458,9 @@ #ifdef WOLFSSL_SP_ADD_D /* Add a one digit number to the multi-precision number. * - * @param [in] a SP integer be added to. - * @param [in] d Digit to add. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to be added to. + * @param [in] d Digit to add. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when result is too large for fixed size dp array. @@ -6434,9 +6521,9 @@ #ifdef WOLFSSL_SP_SUB_D /* Sub a one digit number from the multi-precision number. * - * @param [in] a SP integer be subtracted from. - * @param [in] d Digit to subtract. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to be subtracted from. + * @param [in] d Digit to subtract. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL. @@ -6501,13 +6588,13 @@ !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ defined(WOLFSSL_SP_MUL_D) -/* Multiply a by digit n and put result into r shifting up o digits. - * r = (a * n) << (o * SP_WORD_SIZE) +/* Multiply a by digit d and put result into r shifting up o digits. + * r = (a * d) << (o * SP_WORD_SIZE) * - * @param [in] a SP integer to be multiplied. - * @param [in] d SP digit to multiply by. - * @param [out] r SP integer result. - * @param [in] o Number of digits to move result up by. + * @param [in] a SP integer to be multiplied. + * @param [in] d SP digit to multiply by. + * @param [out] r SP integer result. + * @param [in] o Number of digits to move result up by. * @return MP_OKAY on success. * @return MP_VAL when result is too large for sp_int. */ @@ -6584,14 +6671,15 @@ * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */ #ifdef WOLFSSL_SP_MUL_D -/* Multiply a by digit n and put result into r. r = a * n +/* Multiply a by digit d and put result into r. r = a * d * - * @param [in] a SP integer to multiply. - * @param [in] n Digit to multiply by. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to multiply. + * @param [in] d Digit to multiply by. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. - * @return MP_VAL when a or b is NULL, or a has maximum number of digits used. + * @return MP_VAL when a or r is NULL, or a has the maximum number of digits + * used. */ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r) { @@ -6643,9 +6731,9 @@ #ifndef SP_ASM_DIV_WORD /* Divide a two digit number by a digit number and return. (hi | lo) / d * - * @param [in] hi SP integer digit. High digit of the dividend. - * @param [in] lo SP integer digit. Lower digit of the dividend. - * @param [in] d SP integer digit. Number to divide by. + * @param [in] hi SP integer digit. High digit of the dividend. + * @param [in] lo SP integer digit. Low digit of the dividend. + * @param [in] d SP integer digit. Number to divide by. * @return The division result. */ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, @@ -6755,9 +6843,9 @@ * * Used in checking prime: (a % 3) == 0?. * - * @param [in] a SP integer to be divided. - * @param [out] r SP integer that is the quotient. May be NULL. - * @param [out] rem SP integer that is the remainder. May be NULL. + * @param [in] a SP integer to be divided. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. */ static void _sp_div_3(const sp_int* a, sp_int* r, sp_int_digit* rem) { @@ -6823,7 +6911,7 @@ int i; /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6864,9 +6952,9 @@ * * Used when writing with a radix of 10 - decimal number. * - * @param [in] a SP integer to be divided. - * @param [out] r SP integer that is the quotient. May be NULL. - * @param [out] rem SP integer that is the remainder. May be NULL. + * @param [in] a SP integer to be divided. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. */ static void _sp_div_10(const sp_int* a, sp_int* r, sp_int_digit* rem) { @@ -6884,7 +6972,7 @@ /* Check whether only mod value needed. */ if (r == NULL) { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6910,7 +6998,7 @@ /* At least result needed - remainder is calculated anyway. */ else { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -6951,10 +7039,10 @@ #if defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D) /* Divide by small number: r = a / d and rem = a % d * - * @param [in] a SP integer to be divided. - * @param [in] d Digit to divide by. - * @param [out] r SP integer that is the quotient. May be NULL. - * @param [out] rem SP integer that is the remainder. May be NULL. + * @param [in] a SP integer to be divided. + * @param [in] d Digit to divide by. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. */ static void _sp_div_small(const sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem) @@ -6974,7 +7062,7 @@ /* Check whether only mod value needed. */ if (r == NULL) { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -7001,7 +7089,7 @@ #endif /* !WOLFSSL_SP_SMALL */ { /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word. */ t = ((sp_int_word)tr << SP_WORD_SIZE) | a->dp[i]; @@ -7055,10 +7143,10 @@ * * Use trial division algorithm. * - * @param [in] a SP integer to be divided. - * @param [in] d Digit to divide by. - * @param [out] r SP integer that is the quotient. May be NULL. - * @param [out] rem Digit that is the remainder. May be NULL. + * @param [in] a SP integer to be divided. + * @param [in] d Digit to divide by. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem Digit that is the remainder. May be NULL. */ static void _sp_div_d(const sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem) @@ -7073,7 +7161,7 @@ sp_int_digit t; /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word and divide. */ t = sp_div_word((sp_int_digit)w, a->dp[i], d); @@ -7115,10 +7203,10 @@ * remainder. * r = a / d; rem = a % d * - * @param [in] a SP integer to be divided. - * @param [in] d Digit to divide by. - * @param [out] r SP integer that is the quotient. May be NULL. - * @param [out] rem Digit that is the remainder. May be NULL. + * @param [in] a SP integer to be divided. + * @param [in] d Digit to divide by. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem Digit that is the remainder. May be NULL. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL or d is 0. @@ -7174,9 +7262,9 @@ #ifdef WOLFSSL_SP_MOD_D /* Calculate a modulo the digit d into r: r = a mod d * - * @param [in] a SP integer to reduce. - * @param [in] d Digit to that is the modulus. - * @param [out] r Digit that is the result. + * @param [in] a SP integer to reduce. + * @param [in] d Digit that is the modulus. + * @param [out] r Digit that is the result. */ static void _sp_mod_d(const sp_int* a, const sp_int_digit d, sp_int_digit* r) { @@ -7188,7 +7276,7 @@ #endif /* Divide starting at most significant word down to least. */ - for (i = (int)(a->used - 1); i >= 0; i--) { + for (i = (int)a->used - 1; i >= 0; i--) { #ifndef SQR_MUL_ASM /* Combine remainder from last operation with this word and divide. */ sp_int_digit t = sp_div_word((sp_int_digit)w, a->dp[i], d); @@ -7214,9 +7302,9 @@ /* Calculate a modulo the digit d into r: r = a mod d * - * @param [in] a SP integer to reduce. - * @param [in] d Digit to that is the modulus. - * @param [out] r Digit that is the result. + * @param [in] a SP integer to reduce. + * @param [in] d Digit that is the modulus. + * @param [out] r Digit that is the result. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL or d is 0. @@ -7270,7 +7358,7 @@ } #ifdef WOLFSSL_SP_INT_NEGATIVE - if (a->sign == MP_NEG) { + if ((a->sign == MP_NEG) && (*r != 0)) { *r = d - *r; } #endif @@ -7289,8 +7377,8 @@ !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_SP_INVMOD) /* Divides a by 2 and stores in r: r = a >> 1 * - * @param [in] a SP integer to divide. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to divide. + * @param [out] r SP integer to hold result. */ static void _sp_div_2(const sp_int* a, sp_int* r) { @@ -7316,8 +7404,8 @@ #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) /* Divides a by 2 and stores in r: r = a >> 1 * - * @param [in] a SP integer to divide. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to divide. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL. @@ -7350,9 +7438,9 @@ * * r = a / 2 (mod m) - constant time (a < m and positive) * - * @param [in] a SP integer to divide. - * @param [in] m SP integer that is modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to divide. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a, m or r is NULL. @@ -7446,12 +7534,12 @@ ************************/ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD) -/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZEOF)) +/* Add offset b to a into r: r = a + (b << (o * SP_WORD_SIZE)) * - * @param [in] a SP integer to add to. - * @param [in] b SP integer to add. - * @param [out] r SP integer to store result in. - * @param [in] o Number of digits to offset b. + * @param [in] a SP integer to add to. + * @param [in] b SP integer to add. + * @param [out] r SP integer to store result in. + * @param [in] o Number of digits to offset b. */ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) { @@ -7471,7 +7559,7 @@ for (; (i < o) && (i < a->used); i++) { r->dp[i] = a->dp[i]; } - /* Set result to 0 for digits beyonf those in a. */ + /* Set result to 0 for digits beyond those in a. */ for (; i < o; i++) { r->dp[i] = 0; } @@ -7590,15 +7678,15 @@ #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) || \ !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY)) -/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZEOF)) +/* Sub offset b from a into r: r = a - (b << (o * SP_WORD_SIZE)) * a must be greater than b. * * When using offset, r == a is faster. * - * @param [in] a SP integer to subtract from. - * @param [in] b SP integer to subtract. - * @param [out] r SP integer to store result in. - * @param [in] o Number of digits to offset b. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [out] r SP integer to store result in. + * @param [in] o Number of digits to offset b. */ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, sp_size_t o) @@ -7621,7 +7709,7 @@ else { i = o; } - /* Index to add at is the offset now. */ + /* Index to sub at is the offset now. */ for (j = 0; (i < a->used) && (j < b->used); i++, j++) { #ifndef SQR_MUL_ASM @@ -7675,9 +7763,9 @@ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_SP_INVMOD) /* Add b to a into r: r = a + b * - * @param [in] a SP integer to add to. - * @param [in] b SP integer to add. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to add to. + * @param [in] b SP integer to add. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when a, b, or r is NULL. @@ -7690,7 +7778,7 @@ if ((a == NULL) || (b == NULL) || (r == NULL)) { err = MP_VAL; } - /* Check that r as big as a and b plus one word. */ + /* Check that r is as big as a and b plus one word. */ if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) { err = MP_VAL; } @@ -7735,9 +7823,9 @@ * * a must be greater than b unless WOLFSSL_SP_INT_NEGATIVE is defined. * - * @param [in] a SP integer to subtract from. - * @param [in] b SP integer to subtract. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when a, b, or r is NULL. @@ -7750,10 +7838,17 @@ if ((a == NULL) || (b == NULL) || (r == NULL)) { err = MP_VAL; } - /* Check that r as big as a and b plus one word. */ +#ifdef WOLFSSL_SP_INT_NEGATIVE + /* Check that r is as big as a and b plus one word. */ if ((err == MP_OKAY) && ((a->used >= r->size) || (b->used >= r->size))) { err = MP_VAL; } +#else + /* Check that r is as big as a and b. */ + if ((err == MP_OKAY) && ((a->used > r->size) || (b->used > r->size))) { + err = MP_VAL; + } +#endif if (err == MP_OKAY) { #ifndef WOLFSSL_SP_INT_NEGATIVE @@ -7798,12 +7893,12 @@ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ (!defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_CUSTOM_CURVES)) || \ defined(WOLFCRYPT_HAVE_ECCSI) || defined(WOLFCRYPT_HAVE_SAKKE) -/* Add two value and reduce: r = (a + b) % m +/* Add two values and reduce: r = (a + b) % m * - * @param [in] a SP integer to add. - * @param [in] b SP integer to add with. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to add. + * @param [in] b SP integer to add with. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -7813,7 +7908,8 @@ { int err = MP_OKAY; /* Calculate used based on digits used in a and b. */ - sp_size_t used = (sp_size_t)(((a->used >= b->used) ? a->used + 1U : b->used + 1U)); + sp_size_t used = (sp_size_t)(((a->used >= b->used) ? a->used + 1U : + b->used + 1U)); DECL_SP_INT(t, used); /* Allocate a temporary SP int to hold sum. */ @@ -7832,12 +7928,12 @@ return err; } -/* Add two value and reduce: r = (a + b) % m +/* Add two values and reduce: r = (a + b) % m * - * @param [in] a SP integer to add. - * @param [in] b SP integer to add with. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to add. + * @param [in] b SP integer to add with. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a, b, m or r is NULL. @@ -7887,10 +7983,10 @@ /* Sub b from a and reduce: r = (a - b) % m * Result is always positive. * - * @param [in] a SP integer to subtract from - * @param [in] b SP integer to subtract. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -7946,7 +8042,7 @@ err = sp_sub(a, b, t); } if (err == MP_OKAY) { - /* Reduce result mod m into result. */ + /* Reduce result mod m into r. */ err = sp_mod(t, m, r); } FREE_SP_INT(t, NULL); @@ -7958,10 +8054,10 @@ /* Sub b from a and reduce: r = (a - b) % m * Result is always positive. * - * @param [in] a SP integer to subtract from - * @param [in] b SP integer to subtract. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a, b, m or r is NULL. @@ -8036,17 +8132,17 @@ } #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) -/* Add two value and reduce: r = (a + b) % m +/* Add two values and reduce: r = (a + b) % m * * r = a + b (mod m) - constant time (a < m and b < m, a, b and m are positive) * * Assumes a, b, m and r are not NULL. * m and r must not be the same pointer. * - * @param [in] a SP integer to add. - * @param [in] b SP integer to add with. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to add. + * @param [in] b SP integer to add with. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. */ @@ -8210,12 +8306,11 @@ * Assumes a, b, m and r are not NULL. * m and r must not be the same pointer. * - * @param [in] a SP integer to subtract from - * @param [in] b SP integer to subtract. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. - * - * @return MP_OKAY on success. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [in] m SP integer that is the modulus. + * @param [in] max_size Maximum number of digits in a and b to use. + * @param [out] r SP integer to hold result. */ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, unsigned int max_size, sp_int* r) @@ -8321,10 +8416,10 @@ * Assumes a, b, m and r are not NULL. * m and r must not be the same pointer. * - * @param [in] a SP integer to subtract from - * @param [in] b SP integer to subtract. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to subtract from. + * @param [in] b SP integer to subtract. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. */ @@ -8332,7 +8427,7 @@ { int err = MP_OKAY; - /* Check result is as big as modulus plus one digit. */ + /* Check result is as big as modulus. */ if (m->used > r->size) { err = MP_VAL; } @@ -8361,6 +8456,15 @@ #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) && \ defined(WOLFSSL_ECC_BLIND_K) +/* XOR a and b into r in constant time. r = a ^ b. + * + * Assumes a, b and r have len bytes. + * + * @param [in] a First SP integer to XOR. + * @param [in] b Second SP integer to XOR. + * @param [in] len Number of bytes to XOR. + * @param [out] r SP integer to hold result. + */ void sp_xor_ct(const sp_int* a, const sp_int* b, int len, sp_int* r) { if ((a != NULL) && (b != NULL) && (r != NULL)) { @@ -8381,15 +8485,15 @@ #endif /******************** - * Shifting functoins + * Shifting functions ********************/ #if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) /* Left shift the multi-precision number by a number of digits. * - * @param [in,out] a SP integer to shift. - * @param [in] s Number of digits to shift. + * @param [in, out] a SP integer to shift. + * @param [in] s Number of digits to shift. * * @return MP_OKAY on success. * @return MP_VAL when a is NULL, s is negative or the result is too big. @@ -8429,8 +8533,8 @@ * * Used by sp_mul_2d() and other internal functions. * - * @param [in,out] a SP integer to shift. - * @param [in] n Number of bits to shift left. + * @param [in, out] a SP integer to shift. + * @param [in] n Number of bits to shift left. * * @return MP_OKAY on success. * @return MP_VAL when the result is too big. @@ -8489,10 +8593,10 @@ * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ #ifdef WOLFSSL_SP_MATH_ALL -/* Shift a right by c digits: a = a >> (n * SP_WORD_SIZE) +/* Shift a right by c digits: a = a >> (c * SP_WORD_SIZE) * - * @param [in, out] a SP integer to shift. - * @param [in] c Number of digits to shift. + * @param [in, out] a SP integer to shift. + * @param [in] c Number of digits to shift. */ void sp_rshd(sp_int* a, int c) { @@ -8521,9 +8625,9 @@ defined(WOLFSSL_HAVE_SP_DH) /* Shift a right by n bits into r: r = a >> n * - * @param [in] a SP integer to shift. - * @param [in] n Number of bits to shift. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to shift. + * @param [in] n Number of bits to shift. + * @param [out] r SP integer to store result in. */ int sp_rshb(const sp_int* a, int n, sp_int* r) { @@ -8618,10 +8722,10 @@ * * Note: a is constantly having multiplies of d subtracted. * - * @param [in, out] a SP integer to be divided and remainder on out. - * @param [in] d SP integer to divide by. - * @param [out] r SP integer that is the quotient. - * @param [out] trial SP integer that is product in trial division. + * @param [in, out] a SP integer to be divided and remainder on out. + * @param [in] d SP integer to divide by. + * @param [out] r SP integer that is the quotient. + * @param [out] trial SP integer that is product in trial division. * * @return MP_OKAY on success. * @return MP_VAL when operation fails - only when compiling small code. @@ -8709,7 +8813,7 @@ break; } - /* Subtract the trial and add qoutient to result. */ + /* Subtract the trial and add quotient to result. */ _sp_sub_off(a, trial, a, 0); r->dp[i - d->used] += t; /* Handle overflow of digit. */ @@ -8799,11 +8903,11 @@ /* Divide a by d and return the quotient in r and the remainder in rem. * r = a / d; rem = a % d * - * @param [in] a SP integer to be divided. - * @param [in] d SP integer to divide by. - * @param [out] r SP integer that is the quotient. - * @param [out] rem SP integer that is the remainder. - * @param [in] used Number of digits in temporaries to use. + * @param [in] a SP integer to be divided. + * @param [in] d SP integer to divide by. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. + * @param [in] used Number of digits in temporaries to use. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -8975,10 +9079,10 @@ /* Divide a by d and return the quotient in r and the remainder in rem. * r = a / d; rem = a % d * - * @param [in] a SP integer to be divided. - * @param [in] d SP integer to divide by. - * @param [out] r SP integer that is the quotient. - * @param [out] rem SP integer that is the remainder. + * @param [in] a SP integer to be divided. + * @param [in] d SP integer to divide by. + * @param [out] r SP integer that is the quotient. May be NULL. + * @param [out] rem SP integer that is the remainder. May be NULL. * * @return MP_OKAY on success. * @return MP_VAL when a or d is NULL, r and rem are NULL, or d is 0. @@ -8998,7 +9102,7 @@ err = MP_VAL; } /* Ensure quotient result has enough memory. */ - if ((err == MP_OKAY) && (r != NULL) && (r->size < a->used - d->used + 2)) { + if ((err == MP_OKAY) && (r != NULL) && (r->size + d->used < a->used + 2)) { err = MP_VAL; } if ((err == MP_OKAY) && (rem != NULL)) { @@ -9014,8 +9118,8 @@ if (a->used == SP_INT_DIGITS) { /* May need to shift number being divided left into a new word. */ int bits = SP_WORD_SIZE - (sp_count_bits(d) % SP_WORD_SIZE); - if ((bits != SP_WORD_SIZE) && - (sp_count_bits(a) + bits > (int)(SP_INT_DIGITS * SP_WORD_SIZE))) { + if ((bits != SP_WORD_SIZE) && (sp_count_bits(a) + bits > + (int)(SP_INT_DIGITS * SP_WORD_SIZE))) { err = MP_VAL; } else { @@ -9056,11 +9160,13 @@ !defined(WOLFSSL_RSA_PUBLIC_ONLY)) #ifndef FREESCALE_LTC_TFM #ifdef WOLFSSL_SP_INT_NEGATIVE -/* Calculate the remainder of dividing a by m: r = a mod m. r is m. +/* Calculate the remainder of dividing a by m: r = a mod m. + * + * Parameter r can be the same pointer as parameter m. * - * @param [in] a SP integer to reduce. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to reduce. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -9095,9 +9201,9 @@ /* Calculate the remainder of dividing a by m: r = a mod m. * - * @param [in] a SP integer to reduce. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to store result in. + * @param [in] a SP integer to reduce. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to store result in. * * @return MP_OKAY on success. * @return MP_VAL when a, m or r is NULL or m is 0. @@ -9151,13 +9257,13 @@ */ #ifdef SQR_MUL_ASM -/* Multiply a by b into r where a and b have same no. digits. r = a * b +/* Multiply a by b into r where a and b have same number of digits. r = a * b * - * Optimised code for when number of digits in a and b are the same. + * Optimized code for when number of digits in a and b are the same. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply by. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply by. + * @param [out] r SP integer to hold result. * * @return MP_OKAY otherwise. * @return MP_MEM when dynamic memory allocation fails. @@ -9231,9 +9337,9 @@ /* Multiply a by b into r. r = a * b * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply by. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply by. + * @param [out] r SP integer to hold result. * * @return MP_OKAY otherwise. * @return MP_MEM when dynamic memory allocation fails. @@ -9254,8 +9360,7 @@ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * - (size_t)(a->used + b->used), NULL, - DYNAMIC_TYPE_BIGINT); + (size_t)(a->used + b->used), NULL, DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -9307,9 +9412,9 @@ #else /* Multiply a by b into r. r = a * b * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply by. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply by. + * @param [out] r SP integer to hold result. * * @return MP_OKAY otherwise. * @return MP_MEM when dynamic memory allocation fails. @@ -9330,8 +9435,7 @@ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * - (size_t)(a->used + b->used), NULL, - DYNAMIC_TYPE_BIGINT); + (size_t)(a->used + b->used), NULL, DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -9396,9 +9500,9 @@ * * Long-hand implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -9515,9 +9619,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -9582,9 +9686,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -9685,9 +9789,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -9832,9 +9936,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -10095,9 +10199,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -10517,9 +10621,9 @@ * * Comba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -11320,9 +11424,9 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -11427,7 +11531,7 @@ } } z1->dp[32] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = 0; h = 0; for (i = 0; i < 32; i++) { @@ -11486,9 +11590,9 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -11593,7 +11697,7 @@ } } z1->dp[48] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = 0; h = 0; for (i = 0; i < 48; i++) { @@ -11605,7 +11709,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 24 */ l = 0; h = 0; for (i = 0; i < 24; i++) { @@ -11652,9 +11756,9 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -11759,7 +11863,7 @@ } } z1->dp[64] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = 0; h = 0; for (i = 0; i < 64; i++) { @@ -11771,7 +11875,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 32 */ l = 0; h = 0; for (i = 0; i < 32; i++) { @@ -11818,9 +11922,9 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -11925,7 +12029,7 @@ } } z1->dp[96] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = 0; h = 0; for (i = 0; i < 96; i++) { @@ -11937,7 +12041,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 48 */ l = 0; h = 0; for (i = 0; i < 48; i++) { @@ -11984,13 +12088,13 @@ /* Multiply a by b and store in r: r = a * b * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [out] r SP integer result. * * @return MP_OKAY on success. - * @return MP_VAL when a, b or is NULL; or the result will be too big for fixed - * data length. + * @return MP_VAL when a, b or r is NULL; or the result will be too big for + * fixed data length. * @return MP_MEM when dynamic memory allocation fails. */ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r) @@ -12142,10 +12246,10 @@ (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || defined(OPENSSL_ALL) /* Multiply a by b mod m and store in r: r = (a * b) mod m * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -12178,10 +12282,10 @@ /* Multiply a by b mod m and store in r: r = (a * b) mod m * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -12211,10 +12315,10 @@ /* Multiply a by b mod m and store in r: r = (a * b) mod m * - * @param [in] a SP integer to multiply. - * @param [in] b SP integer to multiply. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer result. + * @param [in] a SP integer to multiply. + * @param [in] b SP integer to multiply. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_VAL when a, b, m or r is NULL; m is 0; or a * b is too big for @@ -12271,18 +12375,18 @@ * 2.2.2. c = (c / 2) mod m * 2.3. Else if u >= v * 2.3.1. u -= v - * 2.3.2. b = (c - b) mod m + * 2.3.2. b = (b - c) mod m * 2.4. Else (v > u) * 2.4.1. v -= u - * 2.4.2. c = (b - c) mod m + * 2.4.2. c = (c - b) mod m * 3. NO_INVERSE if u == 0 * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [in] u SP integer to use in calculation. - * @param [in] v SP integer to use in calculation. - * @param [in] b SP integer to use in calculation - * @param [out] c SP integer that is the inverse. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [in, out] u SP integer to use in calculation. + * @param [in, out] v SP integer to use in calculation. + * @param [in, out] b SP integer to use in calculation. + * @param [in, out] c SP integer that is the inverse. * * @return MP_OKAY on success. * @return MP_VAL when no inverse. @@ -12316,7 +12420,7 @@ else if ((v->dp[0] & 1) == 0) { /* 2.2.1. v /= 2 */ _sp_div_2(v, v); - /* 2.1.2. c = (c / 2) mod m */ + /* 2.2.2. c = (c / 2) mod m */ if (sp_isodd(c)) { _sp_add_off(c, m, c, 0); } @@ -12326,7 +12430,7 @@ else if (_sp_cmp_abs(u, v) != MP_LT) { /* 2.3.1. u -= v */ _sp_sub_off(u, v, u, 0); - /* 2.3.2. b = (c - b) mod m */ + /* 2.3.2. b = (b - c) mod m */ if (_sp_cmp_abs(b, c) == MP_LT) { _sp_add_off(b, m, b, 0); } @@ -12336,7 +12440,7 @@ else { /* 2.4.1. v -= u */ _sp_sub_off(v, u, v, 0); - /* 2.4.2. c = (b - c) mod m */ + /* 2.4.2. c = (c - b) mod m */ if (_sp_cmp_abs(c, b) == MP_LT) { _sp_add_off(c, m, c, 0); } @@ -12369,13 +12473,13 @@ * 4. If c < 0 then c += m * 5. inv = c * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [in] u SP integer to use in calculation. - * @param [in] v SP integer to use in calculation. - * @param [in] b SP integer to use in calculation - * @param [in] c SP integer to use in calculation - * @param [out] inv SP integer that is the inverse. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [in, out] x SP integer to use in calculation. + * @param [in, out] y SP integer to use in calculation. + * @param [in, out] b SP integer to use in calculation. + * @param [in, out] c SP integer to use in calculation. + * @param [out] inv SP integer that is the inverse. * * @return MP_OKAY on success. * @return MP_VAL when no inverse. @@ -12518,9 +12622,9 @@ * * r*a = x*m + 1 * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [out] r SP integer to hold result. r cannot be m. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. r cannot be m. * * @return MP_OKAY on success. * @return MP_VAL when m is even and a divides m evenly. @@ -12624,9 +12728,9 @@ * * r*a = x*m + 1 * - * @param [in] a SP integer to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [out] r SP integer to hold result. r cannot be m. + * @param [in] a SP integer to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. r cannot be m. * * @return MP_OKAY on success. * @return MP_VAL when a, m or r is NULL; a or m is zero; a and m are even or @@ -12706,8 +12810,8 @@ * e = exponent * Pre-calc: * 1. pre[0] = 2^0 * a mod m - * 2. For i in 2..CT_INV_MOD_PRE_CNT - * 2.1. pre[i-1] = ((pre[i-2] ^ 2) * a) mod m + * 2. For i in 1..CT_INV_MOD_PRE_CNT-1 + * 2.1. pre[i] = ((pre[i-1] ^ 2) * a) mod m * Calc inverse: * 1. e = m - 2 * 2. j = Count leading 1's up to CT_INV_MOD_PRE_CNT @@ -12730,10 +12834,10 @@ * 8. If j > 0 then r = (t * pre[j-1]) mod m * 9. Else r = t * - * @param [in] a SP integer, Montgomery form, to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [out] r SP integer to hold result. - * @param [in] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] a SP integer, Montgomery form, to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. + * @param [in] mp SP integer digit that is the bottom digit of inv(-m). * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -12757,7 +12861,8 @@ ALLOC_DYN_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL); #else - ALLOC_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, NULL); + ALLOC_SP_INT_ARRAY(pre, m->used * 2U + 1U, CT_INV_MOD_PRE_CNT + 2, err, + NULL); #endif if (err == MP_OKAY) { t = pre[CT_INV_MOD_PRE_CNT + 0]; @@ -12773,11 +12878,11 @@ * Start with 1.a = a. */ _sp_copy(a, pre[0]); - /* 2. For i in 2..CT_INV_MOD_PRE_CNT + /* 2. For i in 1..CT_INV_MOD_PRE_CNT-1 * For rest of entries in table. */ for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) { - /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */ + /* 2.1 pre[i] = ((pre[i-1] ^ 2) * a) mod m */ /* Previous value ..1 -> ..10 */ _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1)); err = sp_sqr(pre[i-1], pre[i]); @@ -12901,10 +13006,10 @@ * Modulus (m) must be a prime and greater than 2. * For prime m, inv = a ^ (m-2) mod m as 1 = a ^ (m-1) mod m. * - * @param [in] a SP integer, Montgomery form, to find inverse of. - * @param [in] m SP integer this is the modulus. - * @param [out] r SP integer to hold result. - * @param [in] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] a SP integer, Montgomery form, to find inverse of. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. + * @param [in] mp SP integer digit that is the bottom digit of inv(-m). * * @return MP_OKAY on success. * @return MP_VAL when a, m or r is NULL; a is 0 or m is less than 3. @@ -12956,8 +13061,9 @@ #ifndef WC_PROTECT_ENCRYPTED_MEM /* Internal. Exponentiates b to the power of e modulo m into r: r = b ^ e mod m - * Process the exponent one bit at a time. - * Is constant time and can be cache attack resistant. + * + * Processes the exponent one bit at a time. + * Implementation is constant time and can be cache attack resistant. * * Algorithm: * b: base, e: exponent, m: modulus, r: result, bits: #bits to use @@ -12972,12 +13078,12 @@ * 4.5. t[j] = t[j] * b * 5. r = t[1] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13061,7 +13167,8 @@ if (err == MP_OKAY) { /* 4.2. y = e[i] */ - int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1); + int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> + (i & (int)SP_WORD_MASK)) & 1); /* 4.3. j = y & s */ int j = y & s; /* 4.4 s = s | y */ @@ -13107,12 +13214,12 @@ * 3.4. t[y] = t[3], t[y^1] = t[2] * 4. r = t[0] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13215,12 +13322,12 @@ * 7. t[1] = FromMont(t[1]) * 8. r = t[1] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13300,7 +13407,8 @@ if (err == MP_OKAY) { /* 6.2. y = e[i] */ - int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> (i & (int)SP_WORD_MASK)) & 1); + int y = (int)((e->dp[i >> SP_WORD_SHIFT] >> + (i & (int)SP_WORD_MASK)) & 1); /* 6.3 j = y & s */ int j = y & s; /* 6.4 s = s | y */ @@ -13356,12 +13464,12 @@ * 5. t[0] = FromMont(t[0]) * 6. r = t[0] * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13479,20 +13587,20 @@ * 4.1 if i[0] == 0 then t[i] = t[i/2] ^ 2 * 4.2 if i[0] == 1 then t[i] = t[i-1] * t[1] * 5. cb = w * (bits / w) - * 5. tr = t[e / (2 ^ cb)] - * 6. For i in cb..w - * 6.1. y = e[(i-1)..(i-w)] - * 6.2. tr = tr ^ (2 * w) - * 6.3. tr = tr * t[y] - * 7. tr = FromMont(tr) - * 8. r = tr - * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * 6. tr = t[e / (2 ^ cb)] + * 7. For i in cb..w + * 7.1. y = e[(i-1)..(i-w)] + * 7.2. tr = tr ^ (2 ^ w) + * 7.3. tr = tr * t[y] + * 8. tr = FromMont(tr) + * 9. r = tr + * + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] bits Number of bits in exponent to use. May be greater than + * count of bits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13617,17 +13725,17 @@ c -= winBits; } - /* 5. tr = t[e / (2 ^ cb)] */ + /* 6. tr = t[e / (2 ^ cb)] */ y = (int)(n >> c); n <<= SP_WORD_SIZE - c; - /* 5. Copy table value for first window. */ + /* Copy table value for first window. */ _sp_copy(t[y], tr); - /* 6. For i in cb..w */ + /* 7. For i in cb..w */ for (; (i >= 0) || (c >= winBits); ) { int j; - /* 6.1. y = e[(i-1)..(i-w)] */ + /* 7.1. y = e[(i-1)..(i-w)] */ if (c == 0) { /* Bits up to end of digit */ n = e->dp[i--]; @@ -13651,7 +13759,7 @@ c -= winBits; } - /* 6.2. tr = tr ^ (2 * w) */ + /* 7.2. tr = tr ^ (2 ^ w) */ for (j = 0; (j < winBits) && (err == MP_OKAY); j++) { err = sp_sqr(tr, tr); if (err == MP_OKAY) { @@ -13659,7 +13767,7 @@ } } - /* 6.3. tr = tr * t[y] */ + /* 7.3. tr = tr * t[y] */ if (err == MP_OKAY) { err = sp_mul(tr, t[y], tr); } @@ -13670,13 +13778,13 @@ } if (err == MP_OKAY) { - /* 7. tr = FromMont(tr) */ + /* 8. tr = FromMont(tr) */ err = _sp_mont_red(tr, m, mp, 0); /* Reduction implementation returns number to range: 0..m-1. */ } } if ((!done) && (err == MP_OKAY)) { - /* 8. r = tr */ + /* 9. r = tr */ _sp_copy(tr, r); } @@ -13710,31 +13818,31 @@ /* Internal. Exponentiates 2 to the power of e modulo m into r: r = 2 ^ e mod m * Is constant time and cache attack resistant. * - * Calculates value to make mod operations constant time expect when - * WC_NO_HARDERN defined or modulus fits in one word. + * Calculates value to make mod operations constant time except when + * WC_NO_HARDEN defined or modulus fits in one word. * * Algorithm: - * b: base, e: exponent, m: modulus, r: result, bits: #bits to use + * b: base, e: exponent, m: modulus, r: result, digits: #digits to use * w: window size based on #bits in word. * 1. if Words(m) > 1 then tr = MontNorm(m) = ToMont(1) * else tr = 1 * 2. if Words(m) > 1 and HARDEN then a = m * (2 ^ (2^w)) * else a = 0 - * 3. cb = w * (bits / w) + * 3. cb = w * ((digits * SP_WORD_SIZE) / w) * 4. y = e / (2 ^ cb) * 5. tr = (tr * (2 ^ y) + a) mod m * 6. For i in cb..w * 6.1. y = e[(i-1)..(i-w)] - * 6.2. tr = tr ^ (2 * w) + * 6.2. tr = tr ^ (2 ^ w) * 6.3. tr = ((tr * (2 ^ y) + a) mod m * 7. if Words(m) > 1 then tr = FromMont(tr) * 8. r = tr * - * @param [in] e SP integer that is the exponent. - * @param [in] digits Number of digits in base to use. May be greater than - * count of bits in b. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] e SP integer that is the exponent. + * @param [in] digits Number of digits in exponent to use. May be greater than + * count of digits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -13813,7 +13921,7 @@ #endif if (err == MP_OKAY) { - /* 3. cb = w * (bits / w) */ + /* 3. cb = w * ((digits * SP_WORD_SIZE) / w) */ i = digits - 1; n = e->dp[i--]; c = SP_WORD_SIZE; @@ -13875,7 +13983,7 @@ c -= EXP2_WINSIZE; } - /* 6.2. tr = tr ^ (2 * w) */ + /* 6.2. tr = tr ^ (2 ^ w) */ for (j = 0; (j < EXP2_WINSIZE) && (err == MP_OKAY); j++) { err = sp_sqr(tr, tr); if (err == MP_OKAY) { @@ -13934,12 +14042,12 @@ * * Error returned when parameters r == e or r == m and base >= modulus. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] digits Number of digits in exponent to use. May be greater - * than count of digits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] digits Number of digits in exponent to use. May be greater + * than count of digits in e. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when b, e, m or r is NULL, digits is negative, or m <= 0 or @@ -14024,12 +14132,12 @@ #ifndef WOLFSSL_SP_NO_2048 if ((mBits == 1024) && sp_isodd(m) && (bBits <= 1024) && (eBits <= 1024)) { - err = sp_ModExp_1024((sp_int*)b, (sp_int*)e, (sp_int*)m, r); + err = sp_ModExp_1024(b, e, m, r); done = 1; } else if ((mBits == 2048) && sp_isodd(m) && (bBits <= 2048) && (eBits <= 2048)) { - err = sp_ModExp_2048((sp_int*)b, (sp_int*)e, (sp_int*)m, r); + err = sp_ModExp_2048(b, e, m, r); done = 1; } else @@ -14037,12 +14145,12 @@ #ifndef WOLFSSL_SP_NO_3072 if ((mBits == 1536) && sp_isodd(m) && (bBits <= 1536) && (eBits <= 1536)) { - err = sp_ModExp_1536((sp_int*)b, (sp_int*)e, (sp_int*)m, r); + err = sp_ModExp_1536(b, e, m, r); done = 1; } else if ((mBits == 3072) && sp_isodd(m) && (bBits <= 3072) && (eBits <= 3072)) { - err = sp_ModExp_3072((sp_int*)b, (sp_int*)e, (sp_int*)m, r); + err = sp_ModExp_3072(b, e, m, r); done = 1; } else @@ -14050,7 +14158,7 @@ #ifdef WOLFSSL_SP_4096 if ((mBits == 4096) && sp_isodd(m) && (bBits <= 4096) && (eBits <= 4096)) { - err = sp_ModExp_4096((sp_int*)b, (sp_int*)e, (sp_int*)m, r); + err = sp_ModExp_4096(b, e, m, r); done = 1; } else @@ -14117,10 +14225,10 @@ defined(OPENSSL_ALL) /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative. @@ -14156,27 +14264,25 @@ * 1. Ensure base is less than modulus. * 2. Convert base to Montgomery form * 3. Set result to table entry for top window bits, or - * if less than windows bits in exponent, 1 in Montgomery form. + * if less than window bits in exponent, 1 in Montgomery form. * 4. While at least window bits left: - * 4.1. Count number of and skip leading 0 bits unless less then window bits - * left. + * 4.1. Count number of bits and skip leading 0 bits unless less than window + * bits left. * 4.2. Montgomery square result for each leading 0 and window bits if bits * left. * 4.3. Break if less than window bits left. - * 4.4. Get top window bits from expononent and drop. + * 4.4. Get top window bits from exponent and drop. * 4.5. Montgomery multiply result by table entry. * 5. While bits left: - * 5.1. Montogmery square result + * 5.1. Montgomery square result * 5.2. If exponent bit set * 5.2.1. Montgomery multiply result by Montgomery form of base. * 6. Convert result back from Montgomery form. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] bits Number of bits in exponent to use. May be greater than - * count of bits in e. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -14256,7 +14362,7 @@ } } else { - /* Copy base into Montogmery base variable. */ + /* Copy base into Montgomery base variable. */ _sp_copy(b, bm); } } @@ -14299,7 +14405,7 @@ } /* 3. Set result to table entry for top window bits, or - * if less than windows bits in exponent, 1 in Montgomery form. + * if less than window bits in exponent, 1 in Montgomery form. */ if (err == MP_OKAY) { sp_int_digit n; @@ -14345,7 +14451,7 @@ /* Number of squares to before due to top bits being 0. */ int sqrs = 0; - /* 4.1. Count number of and skip leading 0 bits unless less + /* 4.1. Count number of bits and skip leading 0 bits unless less * than window bits. */ do { @@ -14430,7 +14536,7 @@ n = e->dp[0]; /* 5. While bits left: */ for (--c; (err == MP_OKAY) && (c >= 0); c--) { - /* 5.1. Montogmery square result */ + /* 5.1. Montgomery square result */ err = sp_sqr(tr, tr); if (err == MP_OKAY) { err = _sp_mont_red(tr, m, mp, 0); @@ -14476,15 +14582,15 @@ * 1. Convert base to Montgomery form * 2. Set result to base (assumes exponent is not zero) * 3. For each bit in exponent starting at second highest - * 3.1. Montogmery square result + * 3.1. Montgomery square result * 3.2. If exponent bit set * 3.2.1. Montgomery multiply result by Montgomery form of base. * 4. Convert result back from Montgomery form. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative. @@ -14581,10 +14687,10 @@ /* Exponentiates b to the power of e modulo m into r: r = b ^ e mod m * Non-constant time implementation. * - * @param [in] b SP integer that is the base. - * @param [in] e SP integer that is the exponent. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. + * @param [in] b SP integer that is the base. + * @param [in] e SP integer that is the exponent. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when b, e, m or r is NULL; or m <= 0 or e is negative. @@ -14660,20 +14766,19 @@ #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) /* Divide by 2^e: r = a >> e and rem = bits shifted out * - * @param [in] a SP integer to divide. - * @param [in] e Exponent bits (dividing by 2^e). - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer to hold result. - * @param [out] rem SP integer to hold remainder. + * @param [in] a SP integer to divide. + * @param [in] e Exponent bits (dividing by 2^e). + * @param [out] r SP integer to hold result. + * @param [out] rem SP integer to hold remainder. * * @return MP_OKAY on success. - * @return MP_VAL when a is NULL or e is negative. + * @return MP_VAL when a or r is NULL or e is negative. */ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem) { int err = MP_OKAY; - if ((a == NULL) || (e < 0)) { + if ((a == NULL) || (r == NULL) || (e < 0)) { err = MP_VAL; } @@ -14690,7 +14795,7 @@ } else { if (rem != NULL) { - /* Copy a in to remainder. */ + /* Copy a into remainder. */ err = sp_copy(a, rem); } if (err == MP_OKAY) { @@ -14723,9 +14828,9 @@ defined(HAVE_ECC) /* The bottom e bits: r = a & ((1 << e) - 1) * - * @param [in] a SP integer to reduce. - * @param [in] e Modulus bits (modulus equals 2^e). - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to reduce. + * @param [in] e Modulus bits (modulus equals 2^e). + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL, e is negative or e is too large for @@ -14796,9 +14901,9 @@ !defined(NO_DH))) || defined(OPENSSL_ALL) /* Multiply by 2^e: r = a << e * - * @param [in] a SP integer to multiply. - * @param [in] e Multiplier bits (multiplier equals 2^e). - * @param [out] r SP integer to hold result. + * @param [in] a SP integer to multiply. + * @param [in] e Multiplier bits (multiplier equals 2^e). + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL, e is negative, or result is too big for @@ -14813,7 +14918,7 @@ err = MP_VAL; } - /* Ensure result has enough allocated digits for result. */ + /* Ensure r has enough allocated digits for result. */ if ((err == MP_OKAY) && ((unsigned int)(sp_count_bits(a) + e) > (unsigned int)r->size * SP_WORD_SIZE)) { @@ -14857,8 +14962,8 @@ #ifdef SQR_MUL_ASM /* Square a and store in r. r = a * a * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -14971,8 +15076,8 @@ #else /* !SQR_MUL_ASM */ /* Square a and store in r. r = a * a * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -14992,9 +15097,8 @@ #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * - (size_t)(a->used * 2), NULL, - DYNAMIC_TYPE_BIGINT); + t = (sp_int_digit*)XMALLOC(sizeof(sp_int_digit) * (size_t)(a->used * 2), + NULL, DYNAMIC_TYPE_BIGINT); if (t == NULL) { err = MP_MEM; } @@ -15084,8 +15188,8 @@ * * Long-hand implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -15190,8 +15294,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -15250,8 +15354,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -15345,8 +15449,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -15475,8 +15579,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -15691,8 +15795,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -16020,8 +16124,8 @@ * * Comba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -16590,8 +16694,8 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -16665,7 +16769,7 @@ } } z1->dp[32] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = z1->dp[0]; h = 0; SP_ASM_SUBB(l, h, z0->dp[0]); @@ -16729,8 +16833,8 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -16804,7 +16908,7 @@ } } z1->dp[48] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = z1->dp[0]; h = 0; SP_ASM_SUBB(l, h, z0->dp[0]); @@ -16821,7 +16925,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 24 */ l = 0; h = 0; for (i = 0; i < 24; i++) { @@ -16868,8 +16972,8 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -16943,7 +17047,7 @@ } } z1->dp[64] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = z1->dp[0]; h = 0; SP_ASM_SUBB(l, h, z0->dp[0]); @@ -16960,7 +17064,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 32 */ l = 0; h = 0; for (i = 0; i < 32; i++) { @@ -17007,8 +17111,8 @@ * * Karatsuba implementation. * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -17082,7 +17186,7 @@ } } z1->dp[96] += l; - /* z1 = z1 - z0 - z1 */ + /* z1 = z1 - z0 - z2 */ l = z1->dp[0]; h = 0; SP_ASM_SUBB(l, h, z0->dp[0]); @@ -17099,7 +17203,7 @@ h = 0; } z1->dp[i] += l; - /* r += z1 << 16 */ + /* r += z1 << 48 */ l = 0; h = 0; for (i = 0; i < 48; i++) { @@ -17146,8 +17250,8 @@ /* Square a and store in r. r = a * a * - * @param [in] a SP integer to square. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_VAL when a or r is NULL, or the result will be too big for fixed @@ -17287,9 +17391,9 @@ !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || defined(HAVE_ECC) /* Square a mod m and store in r: r = (a * a) mod m * - * @param [in] a SP integer to square. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -17320,9 +17424,9 @@ /* Square a mod m and store in r: r = (a * a) mod m * - * @param [in] a SP integer to square. - * @param [in] m SP integer that is the modulus. - * @param [out] r SP integer result. + * @param [in] a SP integer to square. + * @param [in] m SP integer that is the modulus. + * @param [out] r SP integer result. * * @return MP_OKAY on success. * @return MP_VAL when a, m or r is NULL; or m is 0; or a squared is too big @@ -17386,14 +17490,14 @@ * 2.3. a += mu * DigitMask(m, 0) * 2.4. For j = 1 up to NumDigits(m)-2 * 2.4.1 a += mu * DigitMask(m, j) - * 2.5 a += mu * DigitMask(m, NumDigits(m)-1)) + * 2.5 a += mu * DigitMask(m, NumDigits(m)-1) * 3. a >>= NumBits(m) * 4. a = a % m * - * @param [in,out] a SP integer to Montgomery reduce. - * @param [in] m SP integer that is the modulus. - * @param [in] mp SP integer digit that is the bottom digit of inv(-m). - * @param [in] ct Indicates operation must be constant time. + * @param [in, out] a SP integer to Montgomery reduce. + * @param [in] m SP integer that is the modulus. + * @param [in] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] ct Indicates operation must be constant time. * * @return MP_OKAY on success. */ @@ -17417,9 +17521,8 @@ #ifndef WOLFSSL_NO_CT_OPS if (ct) { for (i = 0; i < (unsigned int)m->used * 2; i++) { - a->dp[i] &= - (sp_int_digit) - (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); + a->dp[i] &= (sp_int_digit) + (sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i); } } else @@ -17444,7 +17547,7 @@ w >>= SP_WORD_SIZE; a->dp[2] = (sp_int_digit)w; a->used = 3; - /* mp is SP_WORD_SIZE */ + /* bits is SP_WORD_SIZE */ bits = SP_WORD_SIZE; } else { @@ -17484,7 +17587,7 @@ w += o; w += a->dp[i + j]; o = (sp_int_digit)(w >> SP_WORD_SIZE); - /* 2.5 a += mu * DigitMask(m, NumDigits(m)-1)) */ + /* 2.5 a += mu * DigitMask(m, NumDigits(m)-1) */ w = ((sp_int_word)mu * m->dp[j]) + (sp_int_digit)w; a->dp[i + j] = (sp_int_digit)w; w >>= SP_WORD_SIZE; @@ -17545,9 +17648,8 @@ #ifndef WOLFSSL_NO_CT_OPS if (ct) { for (i = 0; i < (unsigned int)m->used * 2; i++) { - a->dp[i] &= - (sp_int_digit) - (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); + a->dp[i] &= (sp_int_digit) + (sp_int_sdigit)ctMaskIntGTE((int)a->used - 1, (int)i); } } else @@ -17575,7 +17677,7 @@ a->dp[1] = l; a->dp[2] = h; a->used = (sp_size_t)(m->used * 2 + 1); - /* mp is SP_WORD_SIZE */ + /* bits is SP_WORD_SIZE */ bits = SP_WORD_SIZE; } #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) @@ -17857,10 +17959,10 @@ (defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)) /* Reduce a number in Montgomery form. * - * @param [in,out] a SP integer to Montgomery reduce. - * @param [in] m SP integer that is the modulus. - * @param [in] mp SP integer digit that is the bottom digit of inv(-m). - * @param [in] ct Indicates operation must be constant time. + * @param [in, out] a SP integer to Montgomery reduce. + * @param [in] m SP integer that is the modulus. + * @param [in] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] ct Indicates operation must be constant time. * * @return MP_OKAY on success. * @return MP_VAL when a or m is NULL or m is zero. @@ -17883,7 +17985,7 @@ err = MP_VAL; } else { - /* Perform Montogomery Reduction. */ + /* Perform Montgomery Reduction. */ err = _sp_mont_red(a, m, mp, ct); } @@ -17899,8 +18001,8 @@ * Jeffrey Hurchalla's method. * https://arxiv.org/pdf/2204.04342.pdf * - * @param [in] m SP integer that is the modulus. - * @param [out] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] m SP integer that is the modulus. + * @param [out] rho SP integer digit that is the bottom digit of inv(-m). */ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho) { @@ -17928,8 +18030,8 @@ * * Used when performing Montgomery Reduction. * - * @param [in] m SP integer that is the modulus. - * @param [out] mp SP integer digit that is the bottom digit of inv(-m). + * @param [in] m SP integer that is the modulus. + * @param [out] rho SP integer digit that is the bottom digit of inv(-m). * * @return MP_OKAY on success. * @return MP_VAL when m or rho is NULL. @@ -17958,12 +18060,11 @@ /* Calculate the normalization value of m. * norm = 2^k - m, where k is the number of bits in m * - * @param [out] norm SP integer that normalises numbers into Montgomery - * form. - * @param [in] m SP integer that is the modulus. + * @param [out] norm SP integer that normalizes numbers into Montgomery form. + * @param [in] m SP integer that is the modulus. * * @return MP_OKAY on success. - * @return MP_VAL when norm or m is NULL, or number of bits in m is maximual. + * @return MP_VAL when norm or m is NULL, or number of bits in m is maximal. */ int sp_mont_norm(sp_int* norm, const sp_int* m) { @@ -18022,9 +18123,9 @@ /* Calculate the number of 8-bit values required to represent the * multi-precision number. * - * When a is NULL, return s 0. + * When a is NULL, returns 0. * - * @param [in] a SP integer. + * @param [in] a SP integer. * * @return The count of 8-bit values. * @return 0 when a is NULL. @@ -18043,12 +18144,12 @@ /* Convert a number as an array of bytes in big-endian format to a * multi-precision number. * - * @param [out] a SP integer. - * @param [in] in Array of bytes. - * @param [in] inSz Number of data bytes in array. + * @param [out] a SP integer. + * @param [in] in Array of bytes. + * @param [in] inSz Number of data bytes in array. * * @return MP_OKAY on success. - * @return MP_VAL when the number is too big to fit in an SP. + * @return MP_VAL when the number is too big to fit in an SP integer. */ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz) { @@ -18145,8 +18246,8 @@ * The array must be large enough for encoded number - use mp_unsigned_bin_size * to calculate the number of bytes required. * - * @param [in] a SP integer. - * @param [out] out Array to put encoding into. + * @param [in] a SP integer. + * @param [out] out Array to put encoding into. * * @return MP_OKAY on success. * @return MP_VAL when a or out is NULL. @@ -18163,9 +18264,9 @@ * to calculate the number of bytes required. * Front-pads the output array with zeros to make number the size of the array. * - * @param [in] a SP integer. - * @param [out] out Array to put encoding into. - * @param [in] outSz Size of the array in bytes. + * @param [in] a SP integer. + * @param [out] out Array to put encoding into. + * @param [in] outSz Size of the array in bytes. * * @return MP_OKAY on success. * @return MP_VAL when a or out is NULL. @@ -18237,9 +18338,9 @@ * to calculate the number of bytes required. * Front-pads the output array with zeros to make number the size of the array. * - * @param [in] a SP integer. - * @param [out] out Array to put encoding into. - * @param [in] outSz Size of the array in bytes. + * @param [in] a SP integer. + * @param [out] out Array to put encoding into. + * @param [in] outSz Size of the array in bytes. * * @return MP_OKAY on success. * @return MP_VAL when a or out is NULL. @@ -18258,14 +18359,14 @@ /* Start at the end of the buffer - least significant byte. */ int j; unsigned int i; - volatile sp_int_digit mask = (sp_int_digit)-1; + byte mask = (byte)-1; sp_int_digit d; /* Put each digit in. */ i = 0; for (j = outSz - 1; j >= 0; ) { unsigned int b; - volatile unsigned int notFull = (i < (unsigned int)a->used - 1); + volatile byte notFull = ctMaskLT((int)i, (int)a->used - 1); d = a->dp[i]; /* Place each byte of a digit into the buffer. */ @@ -18273,24 +18374,21 @@ out[j--] = (byte)(d & mask); d >>= 8; } - mask &= (sp_int_digit)(-(int)notFull); + mask &= notFull; i += (unsigned int)(1 & mask); } } #else - if ((err == MP_OKAY) && ((unsigned int)outSz < a->used)) { - err = MP_VAL; - } if (err == MP_OKAY) { - unsigned int i; + int i; int j; volatile sp_int_digit mask = (sp_int_digit)-1; i = 0; for (j = outSz - 1; j >= 0; j--) { out[j] = a->dp[i] & mask; - mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); - i += (unsigned int)(1 & mask); + mask &= (sp_int_digit)0 - (i < (int)a->used - 1); + i += 1 & mask; } } #endif @@ -18304,9 +18402,9 @@ * The array must be large enough for encoded number - use mp_unsigned_bin_size * to calculate the number of bytes required. * - * @param [in] o Offset into array o start encoding. - * @param [in] a SP integer. - * @param [out] out Array to put encoding into. + * @param [in] o Offset into array to start encoding. + * @param [in] a SP integer. + * @param [out] out Array to put encoding into. * * @return Index of next byte after data. * @return MP_VAL when a or out is NULL. @@ -18333,12 +18431,11 @@ * * Assumes negative sign and leading zeros have been stripped. * - * @param [out] a SP integer. - * @param [in] in NUL terminated string. + * @param [out] a SP integer. + * @param [in] in NUL terminated string. * * @return MP_OKAY on success. - * @return MP_VAL when radix not supported, value is negative, or a character - * is not valid. + * @return MP_VAL when a character is not valid or not enough space in a. */ static int _sp_read_radix_16(sp_int* a, const char* in) { @@ -18409,12 +18506,11 @@ * * Assumes negative sign and leading zeros have been stripped. * - * @param [out] a SP integer. - * @param [in] in NUL terminated string. + * @param [out] a SP integer. + * @param [in] in NUL terminated string. * * @return MP_OKAY on success. - * @return MP_VAL when radix not supported, value is negative, or a character - * is not valid. + * @return MP_VAL when a character is not valid. */ static int _sp_read_radix_10(sp_int* a, const char* in) { @@ -18463,13 +18559,13 @@ * * Negative values supported when WOLFSSL_SP_INT_NEGATIVE is defined. * - * @param [out] a SP integer. - * @param [in] in NUL terminated string. - * @param [in] radix Number of values in a digit. + * @param [out] a SP integer. + * @param [in] in NUL terminated string. + * @param [in] radix Number of values in a digit. * * @return MP_OKAY on success. - * @return MP_VAL when a or in is NULL, radix not supported, value is negative, - * or a character is not valid. + * @return MP_VAL when a or in is NULL, radix is not supported, value is + * negative, or a character is not valid. */ int sp_read_radix(sp_int* a, const char* in, int radix) { @@ -18539,8 +18635,8 @@ * Assumes str is large enough for result. * Use sp_radix_size() to calculate required length. * - * @param [in] a SP integer to convert. - * @param [out] str String to hold hex string result. + * @param [in] a SP integer to convert. + * @param [out] str String to hold hex string result. * * @return MP_OKAY on success. * @return MP_VAL when a or str is NULL. @@ -18642,8 +18738,8 @@ * Assumes str is large enough for result. * Use sp_radix_size() to calculate required length. * - * @param [in] a SP integer to convert. - * @param [out] str String to hold hex string result. + * @param [in] a SP integer to convert. + * @param [out] str String to hold decimal string result. * * @return MP_OKAY on success. * @return MP_VAL when a or str is NULL. @@ -18719,13 +18815,13 @@ defined(WC_MP_TO_RADIX) /* Put the string version, big-endian, of a in str using the given radix. * - * @param [in] a SP integer to convert. - * @param [out] str String to hold hex string result. - * @param [in] radix Base of character. - * Valid values: MP_RADIX_HEX, MP_RADIX_DEC. + * @param [in] a SP integer to convert. + * @param [out] str String to hold radix based string result. + * @param [in] radix Base of character. + * Valid values: MP_RADIX_HEX, MP_RADIX_DEC. * * @return MP_OKAY on success. - * @return MP_VAL when a or str is NULL, or radix not supported. + * @return MP_VAL when a or str is NULL, or radix is not supported. */ int sp_toradix(const sp_int* a, char* str, int radix) { @@ -18760,13 +18856,13 @@ /* Calculate the length of the string version, big-endian, of a using the given * radix. * - * @param [in] a SP integer to convert. - * @param [in] radix Base of character. - * Valid values: MP_RADIX_HEX, MP_RADIX_DEC. - * @param [out] size The number of characters in encoding. + * @param [in] a SP integer to convert. + * @param [in] radix Base of character. + * Valid values: MP_RADIX_HEX, MP_RADIX_DEC. + * @param [out] size The number of characters in encoding. * * @return MP_OKAY on success. - * @return MP_VAL when a or size is NULL, or radix not supported. + * @return MP_VAL when a or size is NULL, or radix is not supported. */ int sp_radix_size(const sp_int* a, int radix, int* size) { @@ -18871,13 +18967,13 @@ /* Generate a random prime for RSA only. * - * @param [out] r SP integer to hold result. - * @param [in] len Number of bytes in prime. Use -ve to indicate the two - * lowest bits must be set. - * @param [in] rng Random number generator. - * @param [in] heap Heap hint. Unused. + * @param [out] r SP integer to hold result. + * @param [in] len Number of bytes in prime. Use -ve to indicate the two + * lowest bits must be set. + * @param [in] rng Random number generator. + * @param [in] heap Heap hint. Unused. * - * @return MP_OKAY on success + * @return MP_OKAY on success. * @return MP_VAL when r or rng is NULL, length is not supported or random * number generator fails. */ @@ -19019,17 +19115,16 @@ * HAC pp. 139 Algorithm 4.24 * * Sets result to 0 if definitely composite or 1 if probably prime. - * Randomly the chance of error is no more than 1/4 and often - * very much lower. + * The chance of a random error is no more than 1/4 and often very much lower. * * a is assumed to be odd. * - * @param [in] a SP integer to check. - * @param [in] b SP integer that is a small prime. - * @param [out] result MP_YES when number is likely prime. - * MP_NO otherwise. - * @param [in] n1 SP integer temporary. - * @param [in] r SP integer temporary. + * @param [in] a SP integer to check. + * @param [in, out] b SP integer that is a small prime or random value. + * @param [out] result MP_YES when number is likely prime. + * MP_NO otherwise. + * @param [out] n1 SP integer temporary. + * @param [out] r SP integer temporary. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -19263,10 +19358,10 @@ /* Check whether a is prime by checking t iterations of Miller-Rabin. * - * @param [in] a SP integer to check. - * @param [in] trials Number of trials of Miller-Rabin test to perform. - * @param [out] result MP_YES when number is prime. - * MP_NO otherwise. + * @param [in] a SP integer to check. + * @param [in] trials Number of trials of Miller-Rabin test to perform. + * @param [out] result MP_YES when number is prime. + * MP_NO otherwise. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -19312,13 +19407,13 @@ } /* Check whether a is prime. - * Checks against a number of small primes and does t iterations of + * Checks against a number of small primes and does trials iterations of * Miller-Rabin. * - * @param [in] a SP integer to check. - * @param [in] trials Number of trials of Miller-Rabin test to perform. - * @param [out] result MP_YES when number is prime. - * MP_NO otherwise. + * @param [in] a SP integer to check. + * @param [in] trials Number of trials of Miller-Rabin test to perform. + * @param [out] result MP_YES when number is prime. + * MP_NO otherwise. * * @return MP_OKAY on success. * @return MP_VAL when a or result is NULL, or trials is out of range. @@ -19382,11 +19477,11 @@ * * t random numbers should give a (1/4)^t chance of a false prime. * - * @param [in] a SP integer to check. - * @param [in] trials Number of iterations of Miller-Rabin test to perform. - * @param [out] result MP_YES when number is prime. - * MP_NO otherwise. - * @param [in] rng Random number generator for Miller-Rabin testing. + * @param [in] a SP integer to check. + * @param [in] trials Number of iterations of Miller-Rabin test to perform. + * @param [out] result MP_YES when number is prime. + * MP_NO otherwise. + * @param [in] rng Random number generator for Miller-Rabin testing. * * @return MP_OKAY on success. * @return MP_VAL when a, result or rng is NULL. @@ -19440,7 +19535,7 @@ sp_clamp(b); } - /* Can't use random value it is: 0, 1, a-2, a-1, >= a */ + /* Can't use random value it is: 0, 1, 2, a-2, a-1, >= a */ if ((sp_cmp_d(b, 2) != MP_GT) || (_sp_cmp(b, c) != MP_LT)) { continue; } @@ -19469,14 +19564,14 @@ #endif /*!WC_NO_RNG */ /* Check whether a is prime. - * Checks against a number of small primes and does t iterations of + * Checks against a number of small primes and does trials iterations of * Miller-Rabin. * - * @param [in] a SP integer to check. - * @param [in] trials Number of iterations of Miller-Rabin test to perform. - * @param [out] result MP_YES when number is prime. - * MP_NO otherwise. - * @param [in] rng Random number generator for Miller-Rabin testing. + * @param [in] a SP integer to check. + * @param [in] trials Number of iterations of Miller-Rabin test to perform. + * @param [out] result MP_YES when number is prime. + * MP_NO otherwise. + * @param [in] rng Random number generator for Miller-Rabin testing. * * @return MP_OKAY on success. * @return MP_VAL when a, result or rng is NULL. @@ -19508,6 +19603,7 @@ err = MP_VAL; } + /* A value of 1 is not prime. */ if ((err == MP_OKAY) && sp_isone(a)) { ret = MP_NO; haveRes = 1; @@ -19547,7 +19643,7 @@ #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) -/* Calculates the Greatest Common Denominator (GCD) of a and b into r. +/* Calculates the Greatest Common Divisor (GCD) of a and b into r. * * Find the largest number that divides both a and b without remainder. * r <= a, r <= b, a % r == 0, b % r == 0 @@ -19557,15 +19653,15 @@ * Euclidean Algorithm: * 1. If a > b then a = b, b = a * 2. u = a - * 3. v = b % a + * 3. v = b mod a * 4. While v != 0 - * 4.1. t = u % v + * 4.1. t = u mod v * 4.2. u <= v, v <= t, t <= u * 5. r = u * - * @param [in] a SP integer of first operand. - * @param [in] b SP integer of second operand. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer of first operand. + * @param [in] b SP integer of second operand. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -19603,7 +19699,7 @@ a = b; b = tmp; } - /* 2. u = a, v = b mod a */ + /* 2. u = a */ _sp_copy(a, u); /* 3. v = b mod a */ if (a->used == 1) { @@ -19653,16 +19749,16 @@ return err; } -/* Calculates the Greatest Common Denominator (GCD) of a and b into r. +/* Calculates the Greatest Common Divisor (GCD) of a and b into r. * * Find the largest number that divides both a and b without remainder. * r <= a, r <= b, a % r == 0, b % r == 0 * * a and b are positive integers. * - * @param [in] a SP integer of first operand. - * @param [in] b SP integer of second operand. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer of first operand. + * @param [in] b SP integer of second operand. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a, b or r is NULL or too large. @@ -19724,7 +19820,7 @@ * a and b are positive integers. * * lcm(a, b) = (a / gcd(a, b)) * b - * Divide the common divisor from a and multiply by b. + * Divide the larger value by the common divisor and multiply by the other. * * Algorithm: * 1. t0 = gcd(a, b) @@ -19735,9 +19831,9 @@ * 3.1. t1 = b / t0 * 3.2. r = a * t1 * - * @param [in] a SP integer of first operand. - * @param [in] b SP integer of second operand. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer of first operand. + * @param [in] b SP integer of second operand. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_MEM when dynamic memory allocation fails. @@ -19797,9 +19893,9 @@ * * a and b are positive integers. * - * @param [in] a SP integer of first operand. - * @param [in] b SP integer of second operand. - * @param [out] r SP integer to hold result. + * @param [in] a SP integer of first operand. + * @param [in] b SP integer of second operand. + * @param [out] r SP integer to hold result. * * @return MP_OKAY on success. * @return MP_VAL when a, b or r is NULL; or a or b is zero. @@ -19815,11 +19911,11 @@ } #ifdef WOLFSSL_SP_INT_NEGATIVE /* Ensure a and b are positive. */ - else if ((a->sign == MP_NEG) || (b->sign >= MP_NEG)) { + else if ((a->sign == MP_NEG) || (b->sign == MP_NEG)) { err = MP_VAL; } #endif - /* Ensure r has space for maximumal result. */ + /* Ensure r has space for maximal result. */ else if (r->size < a->used + b->used) { err = MP_VAL; } @@ -19861,7 +19957,7 @@ } #ifdef WOLFSSL_CHECK_MEM_ZERO -/* Add an MP to check. +/* Add an SP integer to the memory check list. * * @param [in] name Name of address to check. * @param [in] sp sp_int that needs to be checked. @@ -19873,7 +19969,7 @@ /* Check the memory in the data pointer for memory that must be zero. * - * @param [in] sp sp_int that needs to be checked. + * @param [in] sp sp_int that needs to be checked. */ void sp_memzero_check(sp_int* sp) { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_arm32.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_arm64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_arm64.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_armthumb.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_armthumb.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_armthumb.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_armthumb.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_armthumb.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c32.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c32.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c32.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_c32.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_c64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_c64.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_cortexm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_cortexm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_cortexm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_cortexm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_cortexm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_x86_64.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_sm2_x86_64_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_sm2_x86_64_asm.S * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -8296,7 +8296,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -8308,9 +8308,9 @@ sp_256_mont_sqr_4(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_4(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -8339,6 +8339,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_4(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_4(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -8504,6 +8505,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_4_ctx* ctx = (sp_256_proj_point_add_4_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -8511,9 +8515,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -9420,7 +9421,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -9432,9 +9433,9 @@ sp_256_mont_sqr_avx2_4(w, z, p256_mod, p256_mp_mod); sp_256_mont_sqr_avx2_4(w, w, p256_mod, p256_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -9463,6 +9464,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_256_mont_mul_avx2_4(y, b, a, p256_mod, p256_mp_mod); sp_256_mont_sub_avx2_4(y, y, t1, p256_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -9604,6 +9606,9 @@ int err = FP_WOULDBLOCK; sp_256_proj_point_add_avx2_4_ctx* ctx = (sp_256_proj_point_add_avx2_4_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_256_proj_point_add_avx2_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_256* a = p; @@ -9611,9 +9616,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_256_proj_point_add_avx2_4_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -10486,10 +10488,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -10497,6 +10495,9 @@ err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -10825,10 +10826,6 @@ if (cache->cnt == 2) sp_256_gen_stripe_table_avx2_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_avx2_4(r, g, k, map, ct, heap); } @@ -10836,6 +10833,9 @@ err = sp_256_ecc_mulmod_stripe_avx2_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -24380,7 +24380,7 @@ sp_256_mont_mul_order_4(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 4U); @@ -24603,7 +24603,7 @@ sp_256_mont_mul_order_avx2_4(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 4U); @@ -26979,7 +26979,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -26991,9 +26991,9 @@ sp_384_mont_sqr_6(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_6(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -27024,6 +27024,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_6(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_6(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -27193,6 +27194,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_6_ctx* ctx = (sp_384_proj_point_add_6_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -27200,9 +27204,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -28156,7 +28157,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -28168,9 +28169,9 @@ sp_384_mont_sqr_avx2_6(w, z, p384_mod, p384_mp_mod); sp_384_mont_sqr_avx2_6(w, w, p384_mod, p384_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -28201,6 +28202,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_384_mont_mul_avx2_6(y, b, a, p384_mod, p384_mp_mod); sp_384_mont_sub_avx2_6(y, y, t1, p384_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -28346,6 +28348,9 @@ int err = FP_WOULDBLOCK; sp_384_proj_point_add_avx2_6_ctx* ctx = (sp_384_proj_point_add_avx2_6_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_384_proj_point_add_avx2_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_384* a = p; @@ -28353,9 +28358,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_384_proj_point_add_avx2_6_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -29236,10 +29238,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -29247,6 +29245,9 @@ err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -29578,10 +29579,6 @@ if (cache->cnt == 2) sp_384_gen_stripe_table_avx2_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_avx2_6(r, g, k, map, ct, heap); } @@ -29589,6 +29586,9 @@ err = sp_384_ecc_mulmod_stripe_avx2_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -48941,7 +48941,7 @@ sp_384_mont_mul_order_6(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 6U); @@ -49097,7 +49097,7 @@ sp_384_mont_mul_order_avx2_6(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 6U); @@ -51452,7 +51452,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -51464,9 +51464,9 @@ sp_521_mont_sqr_9(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_9(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -51497,6 +51497,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_9(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_9(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -51668,6 +51669,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_9_ctx* ctx = (sp_521_proj_point_add_9_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -51675,9 +51679,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -52608,7 +52609,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -52620,9 +52621,9 @@ sp_521_mont_sqr_avx2_9(w, z, p521_mod, p521_mp_mod); sp_521_mont_sqr_avx2_9(w, w, p521_mod, p521_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -52653,6 +52654,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_521_mont_mul_avx2_9(y, b, a, p521_mod, p521_mp_mod); sp_521_mont_sub_avx2_9(y, y, t1, p521_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -52798,6 +52800,9 @@ int err = FP_WOULDBLOCK; sp_521_proj_point_add_avx2_9_ctx* ctx = (sp_521_proj_point_add_avx2_9_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_521_proj_point_add_avx2_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_521* a = p; @@ -52805,9 +52810,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_521_proj_point_add_avx2_9_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -53688,10 +53690,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -53699,6 +53697,9 @@ err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -54030,10 +54031,6 @@ if (cache->cnt == 2) sp_521_gen_stripe_table_avx2_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_avx2_9(r, g, k, map, ct, heap); } @@ -54041,6 +54038,9 @@ err = sp_521_ecc_mulmod_stripe_avx2_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -89609,7 +89609,7 @@ sp_521_mont_mul_order_9(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 9U); @@ -89778,7 +89778,7 @@ sp_521_mont_mul_order_avx2_9(t, t, a); } ctx->i--; - ctx->state = (ctx->i == 0) ? 3 : 1; + ctx->state = (ctx->i >= 0) ? 1 : 3; break; case 3: XMEMCPY(r, t, sizeof(sp_digit) * 9U); @@ -92277,7 +92277,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -92289,9 +92289,9 @@ sp_1024_mont_sqr_16(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_16(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -92322,6 +92322,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_16(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_16(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -92496,6 +92497,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_16_ctx* ctx = (sp_1024_proj_point_add_16_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -92503,9 +92507,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -93406,7 +93407,7 @@ sp_digit* x; sp_digit* y; sp_digit* z; - volatile int n = i; + volatile int n = i - 1; x = p->x; y = p->y; @@ -93418,9 +93419,9 @@ sp_1024_mont_sqr_avx2_16(w, z, p1024_mod, p1024_mp_mod); sp_1024_mont_sqr_avx2_16(w, w, p1024_mod, p1024_mp_mod); #ifndef WOLFSSL_SP_SMALL - while (--n > 0) + while (n > 0) #else - while (--n >= 0) + while (n >= 0) #endif { /* A = 3*(X^2 - W) */ @@ -93451,6 +93452,7 @@ /* y = 2*A*(B - X) - Y^4 */ sp_1024_mont_mul_avx2_16(y, b, a, p1024_mod, p1024_mp_mod); sp_1024_mont_sub_avx2_16(y, y, t1, p1024_mod); + n = n - 1; } #ifndef WOLFSSL_SP_SMALL /* A = 3*(X^2 - W) */ @@ -93596,6 +93598,9 @@ int err = FP_WOULDBLOCK; sp_1024_proj_point_add_avx2_16_ctx* ctx = (sp_1024_proj_point_add_avx2_16_ctx*)sp_ctx->data; + typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_avx2_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; + (void)sizeof(ctx_size_test); + /* Ensure only the first point is the same as the result. */ if (q == r) { const sp_point_1024* a = p; @@ -93603,9 +93608,6 @@ q = a; } - typedef char ctx_size_test[sizeof(sp_1024_proj_point_add_avx2_16_ctx) >= sizeof(*sp_ctx) ? -1 : 1]; - (void)sizeof(ctx_size_test); - switch (ctx->state) { case 0: /* INIT */ ctx->t6 = t; @@ -94459,10 +94461,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_16(r, g, k, map, ct, heap); } @@ -94470,6 +94468,9 @@ err = sp_1024_ecc_mulmod_stripe_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -94784,10 +94785,6 @@ if (cache->cnt == 2) sp_1024_gen_stripe_table_avx2_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_avx2_16(r, g, k, map, ct, heap); } @@ -94795,6 +94792,9 @@ err = sp_1024_ecc_mulmod_stripe_avx2_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_x86_64_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66434,7 +66434,7 @@ /* Double a Montgomery form number (r = a + a % m). * * r Result of addition. - * a Number to souble in Montgomery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -76656,7 +76656,7 @@ /* Double a Montgomery form number (r = a + a % m). * * r Result of addition. - * a Number to souble in Montgomery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -76830,7 +76830,7 @@ /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of addition. - * a Number to souble in Montgomery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -77984,7 +77984,7 @@ /* Double a Montgomery form number (r = a + a % m). * * r Result of addition. - * a Number to souble in Montgomery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ @@ -78142,7 +78142,7 @@ /* Triple a Montgomery form number (r = a + a + a % m). * * r Result of addition. - * a Number to souble in Montgomery form. + * a Number to double in Montgomery form. * m Modulus (prime). */ #ifndef __APPLE__ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.asm mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.asm --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.asm 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sp_x86_64_asm.asm 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ ; /* sp_x86_64_asm.asm */ ; /* -; * Copyright (C) 2006-2025 wolfSSL Inc. +; * Copyright (C) 2006-2026 wolfSSL Inc. ; * ; * This file is part of wolfSSL. ; * @@ -64790,7 +64790,7 @@ ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montgomery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -74754,7 +74754,7 @@ ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montgomery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -74919,7 +74919,7 @@ ; /* Triple a Montgomery form number (r = a + a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montgomery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -76037,7 +76037,7 @@ ; /* Double a Montgomery form number (r = a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montgomery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA @@ -76186,7 +76186,7 @@ ; /* Triple a Montgomery form number (r = a + a + a % m). ; * ; * r Result of addition. -; * a Number to souble in Montgomery form. +; * a Number to double in Montgomery form. ; * m Modulus (prime). ; */ _text SEGMENT READONLY PARA diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/sphincs.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sphincs.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -131,20 +131,18 @@ if (ret == 0) { ret = wolfSSL_liboqsRngMutexLock(rng); + if (ret == 0) { + if (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) + == OQS_ERROR) { + ret = BAD_FUNC_ARG; + } + } + if (ret == 0) { + *outLen = (word32)localOutLen; + } + wolfSSL_liboqsRngMutexUnlock(); } - if ((ret == 0) && - (OQS_SIG_sign(oqssig, out, &localOutLen, in, inLen, key->k) - == OQS_ERROR)) { - ret = BAD_FUNC_ARG; - } - - if (ret == 0) { - *outLen = (word32)localOutLen; - } - - wolfSSL_liboqsRngMutexUnlock(); - if (oqssig != NULL) { OQS_SIG_free(oqssig); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/srp.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/srp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/srp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/srp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* srp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -259,6 +259,13 @@ /* initializing variables */ XMEMSET(srp, 0, sizeof(Srp)); + /* default heap hint to NULL or test value */ +#ifdef WOLFSSL_HEAP_TEST + srp->heap = (void*)WOLFSSL_HEAP_TEST; +#else + srp->heap = heap; +#endif /* WOLFSSL_HEAP_TEST */ + if ((r = SrpHashInit(&srp->client_proof, type, srp->heap)) != 0) return r; @@ -280,13 +287,6 @@ srp->keyGenFunc_cb = wc_SrpSetKey; - /* default heap hint to NULL or test value */ -#ifdef WOLFSSL_HEAP_TEST - srp->heap = (void*)WOLFSSL_HEAP_TEST; -#else - srp->heap = heap; -#endif /* WOLFSSL_HEAP_TEST */ - (void)devId; /* future */ return 0; @@ -300,8 +300,8 @@ void wc_SrpTerm(Srp* srp) { if (srp) { - mp_clear(&srp->N); mp_clear(&srp->g); - mp_clear(&srp->auth); mp_clear(&srp->priv); + mp_clear(&srp->N); mp_clear(&srp->g); + mp_forcezero(&srp->auth); mp_forcezero(&srp->priv); if (srp->salt) { ForceZero(srp->salt, srp->saltSz); XFREE(srp->salt, srp->heap, DYNAMIC_TYPE_SRP); @@ -389,11 +389,11 @@ /* Set k = H(N, g) */ r = SrpHashInit(&hash, srp->type, srp->heap); - if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) N, nSz); for (i = 0; (word32)i < nSz - gSz; i++) { if (!r) r = SrpHashUpdate(&hash, &pad, 1); } - if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, srp->k); SrpHashFree(&hash); @@ -401,13 +401,13 @@ /* digest1 = H(N) */ if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); - if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) N, nSz); if (!r) r = SrpHashFinal(&hash, digest1); SrpHashFree(&hash); /* digest2 = H(g) */ if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); - if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); + if (!r) r = SrpHashUpdate(&hash, (const byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, digest2); SrpHashFree(&hash); @@ -543,12 +543,16 @@ static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size) { WC_RNG rng; - int r = wc_InitRng_ex(&rng, srp->heap, INVALID_DEVID); - - if (!r) r = wc_RNG_GenerateBlock(&rng, priv, size); - if (!r) r = wc_SrpSetPrivate(srp, priv, size); - if (!r) wc_FreeRng(&rng); + int r; + r = wc_InitRng_ex(&rng, srp->heap, INVALID_DEVID); + if (r == 0) { + r = wc_RNG_GenerateBlock(&rng, priv, size); + if (r == 0) { + r = wc_SrpSetPrivate(srp, priv, size); + } + wc_FreeRng(&rng); + } return r; } @@ -627,8 +631,10 @@ } } + /* Clear buffer */ + XMEMSET(pub, 0, *size); + /* extract public key to buffer */ - XMEMSET(pub, 0, modulusSz); if (!r) r = mp_to_unsigned_bin(pubkey, pub); if (!r) *size = (word32)mp_unsigned_bin_size(pubkey); @@ -906,30 +912,30 @@ XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP); if (u) { if (r != WC_NO_ERR_TRACE(MP_INIT_E)) - mp_clear(u); + mp_forcezero(u); XFREE(u, srp->heap, DYNAMIC_TYPE_SRP); } if (s) { if (r != WC_NO_ERR_TRACE(MP_INIT_E)) - mp_clear(s); + mp_forcezero(s); XFREE(s, srp->heap, DYNAMIC_TYPE_SRP); } if (temp1) { if (r != WC_NO_ERR_TRACE(MP_INIT_E)) - mp_clear(temp1); + mp_forcezero(temp1); XFREE(temp1, srp->heap, DYNAMIC_TYPE_SRP); } if (temp2) { if (r != WC_NO_ERR_TRACE(MP_INIT_E)) - mp_clear(temp2); + mp_forcezero(temp2); XFREE(temp2, srp->heap, DYNAMIC_TYPE_SRP); } #else if (r != WC_NO_ERR_TRACE(MP_INIT_E)) { - mp_clear(u); - mp_clear(s); - mp_clear(temp1); - mp_clear(temp2); + mp_forcezero(u); + mp_forcezero(s); + mp_forcezero(temp1); + mp_forcezero(temp2); } #endif @@ -980,7 +986,7 @@ if (hashSize < 0) return ALGO_ID_E; - if (size != (word32)hashSize) + if (size != (word32)hashSize || size > INT_MAX) return BUFFER_E; r = SrpHashFinal(srp->side == SRP_CLIENT_SIDE ? &srp->server_proof @@ -992,9 +998,11 @@ if (!r) r = SrpHashUpdate(&srp->server_proof, srp->key, srp->keySz); } - if (!r && XMEMCMP(proof, digest, size) != 0) + if (!r && ConstantCompare(proof, digest, (int)size) != 0) r = SRP_VERIFY_E; + ForceZero(digest, sizeof(digest)); + return r; } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/tfm.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -4540,9 +4540,9 @@ /* compare two ints (signed)*/ -int mp_cmp (mp_int * a, mp_int * b) +int mp_cmp (const mp_int * a, const mp_int * b) { - return fp_cmp(a, b); + return fp_cmp((mp_int *)a, (mp_int *)b); } /* compare a digit */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_dsp.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_dsp.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_encrypt.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_encrypt.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_encrypt.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_encrypt.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_encrypt.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -100,6 +100,10 @@ int ret = 0; WC_DECLARE_VAR(des, Des, 1, 0); + if (out == NULL || in == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + WC_ALLOC_VAR_EX(des, Des, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); @@ -118,6 +122,10 @@ int ret = 0; WC_DECLARE_VAR(des, Des, 1, 0); + if (out == NULL || in == NULL || key == NULL) { + return BAD_FUNC_ARG; + } + WC_ALLOC_VAR_EX(des, Des, 1, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); @@ -315,7 +323,7 @@ * * returns a negative value on fail case */ -int wc_CryptKey(const char* password, int passwordSz, byte* salt, +int wc_CryptKey(const char* password, int passwordSz, const byte* salt, int saltSz, int iterations, int id, byte* input, int length, int version, byte* cbcIv, int enc, int shaOid) { @@ -330,6 +338,9 @@ WOLFSSL_ENTER("wc_CryptKey"); + if (password == NULL || salt == NULL || input == NULL) + return BAD_FUNC_ARG; + if (length < 0) return BAD_LENGTH_E; @@ -439,14 +450,14 @@ #ifndef NO_HMAC case PKCS5v2: PRIVATE_KEY_UNLOCK(); - ret = wc_PBKDF2(key, (byte*)password, passwordSz, + ret = wc_PBKDF2(key, (const byte*)password, passwordSz, salt, saltSz, iterations, (int)derivedLen, typeH); PRIVATE_KEY_LOCK(); break; #endif #ifndef NO_SHA case PKCS5: - ret = wc_PBKDF1(key, (byte*)password, passwordSz, + ret = wc_PBKDF1(key, (const byte*)password, passwordSz, salt, saltSz, iterations, (int)derivedLen, typeH); break; #endif @@ -518,6 +529,7 @@ wc_Des_CbcDecrypt(&des, input, input, (word32)length); } } + ForceZero(&des, sizeof(Des)); break; } #endif /* !NO_SHA || !NO_MD5 */ @@ -561,6 +573,7 @@ wc_Arc4SetKey(&dec, key, derivedLen); wc_Arc4Process(&dec, input, input, (word32)length); + ForceZero(&dec, sizeof(Arc4)); break; } #endif @@ -629,9 +642,7 @@ else ret = wc_Rc2CbcDecrypt(&rc2, input, input, length); } - if (ret == 0) { - ForceZero(&rc2, sizeof(Rc2)); - } + ForceZero(&rc2, sizeof(Rc2)); break; } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_lms.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -913,6 +913,7 @@ /* Reload the key ready for signing. */ ret = wc_hss_reload_key(state, key->priv_raw, &key->priv, key->priv_data, NULL); + wc_lmskey_state_free(state); } ForceZero(state, sizeof(LmsState)); WC_FREE_VAR_EX(state, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -962,6 +963,11 @@ * @return 0 on success. * @return BAD_FUNC_ARG when key, sig, sigSz or msg is NULL. * @return BAD_FUNC_ARG when msgSz is not greater than 0. + * @return BAD_FUNC_ARG when a write private key is not set. + * @return BAD_FUNC_ARG when a read/write private key context is not set. + * @return BUFFER_E when sigSz is too small. + * @return BAD_STATE_E when wrong state for operation. + * @return IO_FAILED_E when reading or writing private key failed. */ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, int msgSz) @@ -986,6 +992,22 @@ WOLFSSL_MSG("error: can't sign, LMS key not in good state"); ret = BAD_STATE_E; } + /* Check signature buffer size. */ + if ((ret == 0) && (*sigSz < key->params->sig_len)) { + /* Signature buffer too small. */ + WOLFSSL_MSG("error: LMS sig buffer too small"); + ret = BUFFER_E; + } + /* Check read and write callbacks available. */ + if ((ret == 0) && (key->write_private_key == NULL)) { + WOLFSSL_MSG("error: LmsKey write/read callbacks are not set"); + ret = BAD_FUNC_ARG; + } + /* Check read/write callback context available. */ + if ((ret == 0) && (key->context == NULL)) { + WOLFSSL_MSG("error: LmsKey context is not set"); + ret = BAD_FUNC_ARG; + } if (ret == 0) { WC_DECLARE_VAR(state, LmsState, 1, 0); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_lms_impl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_lms_impl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1962,7 +1962,8 @@ /* Cache leaf node if in range. */ if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) { - XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len); + XMEMCPY(leaf->cache + (i - leaf->idx) * params->hash_len, temp, + params->hash_len); } /* Store the node if on the authentication path. */ @@ -3185,9 +3186,14 @@ (void)pub_root; /* Defend against undefined shifts; LmsParams* params = state->params */ - if ((state->params->cacheBits >= 32U) || (state->params->height >= 32U)) { + if (state->params->height >= 32U) { return BAD_FUNC_ARG; } +#ifndef WOLFSSL_WC_LMS_SMALL + if (state->params->cacheBits >= 32U) { + return BAD_FUNC_ARG; + } +#endif wc_hss_priv_data_load(state->params, priv_key, priv_data); #ifndef WOLFSSL_WC_LMS_SMALL diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mldsa_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mldsa_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mldsa_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mldsa_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_mldsa_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_mlkem.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -60,7 +60,7 @@ * Stores the matrix A during key generation for use in encapsulation when * performing decapsulation. * KyberKey is 8KB larger but decapsulation is significantly faster. - * Turn on when performing make key and decapsualtion with same object. + * Turn on when performing make key and decapsulation with same object. */ #include @@ -157,8 +157,14 @@ /******************************************************************************/ -/* Declare variable to make compiler not optimize code in mlkem_from_msg(). */ -volatile sword16 mlkem_opt_blocker = 0; +/* Helper function with volatile variable, to force compiler not to optimize + * code in mlkem_from_msg(). + */ +sword16 wc_mlkem_opt_blocker(void); +sword16 wc_mlkem_opt_blocker(void) { + static volatile sword16 static_mlkem_opt_blocker = 0; + return static_mlkem_opt_blocker; +} /******************************************************************************/ @@ -219,10 +225,10 @@ /** * Initialize the Kyber key. * + * @param [out] key Kyber key object to initialize. * @param [in] type Type of key: * WC_ML_KEM_512, WC_ML_KEM_768, WC_ML_KEM_1024, * KYBER512, KYBER768, KYBER1024. - * @param [out] key Kyber key object to initialize. * @param [in] heap Dynamic memory hint. * @param [in] devId Device Id. * @return 0 on success. @@ -292,7 +298,7 @@ /* Cache heap pointer. */ key->heap = heap; #ifdef WOLF_CRYPTO_CB - /* Cache device id - not used in for this algorithm yet. */ + /* Cache device id - not used in this algorithm yet. */ key->devId = devId; #endif key->flags = 0; @@ -353,21 +359,21 @@ * 4: return falsum * > return an error indication if random bit generation failed * 5: end if - * 6: (ek,dk) <- ML-KEM.KeyGen_Interal(d, z) + * 6: (ek,dk) <- ML-KEM.KeyGen_Internal(d, z) * > run internal key generation algorithm - * &: return (ek,dk) + * 7: return (ek,dk) * * @param [in, out] key Kyber key object. * @param [in] rng Random number generator. * @return 0 on success. * @return BAD_FUNC_ARG when key or rng is NULL. * @return MEMORY_E when dynamic memory allocation failed. - * @return MEMORY_E when dynamic memory allocation failed. - * @return RNG_FAILURE_E when generating random numbers failed. + * @return RNG_FAILURE_E when generating random numbers failed. * @return DRBG_CONT_FAILURE when random number generator health check fails. */ int wc_MlKemKey_MakeKey(MlKemKey* key, WC_RNG* rng) { +#ifndef WC_NO_RNG int ret = 0; unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ]; @@ -397,6 +403,11 @@ /* Step 4: return ret != 0 on falsum or internal key generation failure. */ return ret; +#else + (void)key; + (void)rng; + return NOT_COMPILED_IN; +#endif /* WC_NO_RNG */ } /** @@ -405,13 +416,13 @@ * FIPS 203 - Algorithm 16: ML-KEM.KeyGen_internal(d,z) * Uses randomness to generate an encapsulation key and a corresponding * decapsulation key. - * 1: (ek_PKE,dk_PKE) < K-PKE.KeyGen(d) > run key generation for K-PKE + * 1: (ek_PKE,dk_PKE) <- K-PKE.KeyGen(d) > run key generation for K-PKE * ... * * FIPS 203 - Algorithm 13: K-PKE.KeyGen(d) * Uses randomness to generate an encryption key and a corresponding decryption * key. - * 1: (rho,sigma) <- G(d||k)A + * 1: (rho,sigma) <- G(d||k) * > expand 32+1 bytes to two pseudorandom 32-byte seeds * 2: N <- 0 * 3-7: generate matrix A_hat @@ -420,7 +431,7 @@ * 16-18: calculate t_hat from A_hat, s and e * ... * - * @param [in, out] key Kyber key ovject. + * @param [in, out] key Kyber key object. * @param [in] rand Random data. * @param [in] len Length of random data in bytes. * @return 0 on success. @@ -434,7 +445,11 @@ { byte buf[2 * WC_ML_KEM_SYM_SZ + 1]; byte* rho = buf; +#ifndef WC_MLKEM_FAULT_HARDEN byte* sigma = buf + WC_ML_KEM_SYM_SZ; +#else + byte sigma[WC_ML_KEM_SYM_SZ + 1]; +#endif #ifndef WOLFSSL_NO_MALLOC sword16* e = NULL; #else @@ -516,16 +531,16 @@ #ifndef WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM #ifndef WOLFSSL_MLKEM_CACHE_A /* e (v) | a (m) */ - e = (sword16*)XMALLOC((k + 1) * k * MLKEM_N * sizeof(sword16), + e = (sword16*)XMALLOC((size_t)((k + 1) * k * MLKEM_N) * sizeof(sword16), key->heap, DYNAMIC_TYPE_TMP_BUFFER); #else /* e (v) */ - e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16), + e = (sword16*)XMALLOC((size_t)(k * MLKEM_N) * sizeof(sword16), key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif #else /* e (v) */ - e = (sword16*)XMALLOC(k * MLKEM_N * sizeof(sword16), + e = (sword16*)XMALLOC((size_t)(k * MLKEM_N) * sizeof(sword16), key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (e == NULL) { @@ -548,7 +563,7 @@ #endif #ifdef WOLFSSL_MLKEM_KYBER { - /* Expand 32 bytes of random to 32. */ + /* Expand 32 bytes of random to 64. */ ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, NULL, 0, buf); } #endif @@ -557,14 +572,27 @@ #endif #ifndef WOLFSSL_NO_ML_KEM { - buf[0] = k; - /* Expand 33 bytes of random to 32. + buf[0] = (byte)k; + /* Expand 33 bytes of random to 64. * Alg 13: Step 1: (rho,sigma) <- G(d||k) */ ret = MLKEM_HASH_G(&key->hash, d, WC_ML_KEM_SYM_SZ, buf, 1, buf); } #endif } +#ifdef WC_MLKEM_FAULT_HARDEN + if (ret == 0) { + XMEMCPY(sigma, buf + WC_ML_KEM_SYM_SZ, WC_ML_KEM_SYM_SZ); + /* Check that correct data was copied and pointer not changed. */ + if (XMEMCMP(sigma, rho, WC_ML_KEM_SYM_SZ) == 0) { + ret = BAD_COND_E; + } + /* Check that rho is sigma - rho may have been modified. */ + if (XMEMCMP(sigma, rho + WC_ML_KEM_SYM_SZ, WC_ML_KEM_SYM_SZ) != 0) { + ret = BAD_COND_E; + } + } +#endif if (ret == 0) { const byte* z = rand + WC_ML_KEM_SYM_SZ; s = key->priv; @@ -604,8 +632,8 @@ if (ret == 0) { /* Generate key pair from private vector and seeds. * Alg 13: Steps 3-7: generate matrix A_hat - * Alg 13: 12-15: generate e - * Alg 13: 16-18: calculate t_hat from A_hat, s and e + * Alg 13: Steps 12-15: generate e + * Alg 13: Steps 16-18: calculate t_hat from A_hat, s and e */ ret = mlkem_keygen_seeds(s, t, &key->prf, e, k, rho, sigma); } @@ -700,17 +728,23 @@ * Size of a shared secret in bytes. Always KYBER_SS_SZ. * * @param [in] key Kyber key object. Not used. - * @param [out] Size of the shared secret created with a Kyber key. + * @param [out] len Size of the shared secret created with a Kyber key. * @return 0 on success. - * @return 0 to indicate success. + * @return BAD_FUNC_ARG when len is NULL. */ int wc_MlKemKey_SharedSecretSize(MlKemKey* key, word32* len) { - (void)key; + int ret = 0; - *len = WC_ML_KEM_SS_SZ; + if (len == NULL) { + ret = BAD_FUNC_ARG; + } + else { + *len = WC_ML_KEM_SS_SZ; + } - return 0; + (void)key; + return ret; } #if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ @@ -723,7 +757,7 @@ * 1: N <- 0 * 2: t_hat <- ByteDecode_12(ek_PKE[0:384k]) * > run ByteDecode_12 k times to decode t_hat - * 3: rho <- ek_PKE[384k : 384K + 32] + * 3: rho <- ek_PKE[384k : 384k + 32] * > extract 32-byte seed from ek_PKE * 4-8: generate matrix A_hat * 9-12: generate y @@ -849,7 +883,7 @@ /* Generate noise using PRF. * Steps 9-17: generate y, e_1, e_2 */ - ret = mlkem_get_noise(&key->prf, k, y, e1, e2, r); + ret = mlkem_get_noise(&key->prf, (int)k, y, e1, e2, r); } #ifdef WOLFSSL_MLKEM_CACHE_A if ((ret == 0) && ((key->flags & MLKEM_FLAG_A_SET) != 0)) { @@ -870,17 +904,17 @@ if (ret == 0) { /* Generate the transposed matrix. * Step 4-8: generate matrix A_hat */ - ret = mlkem_gen_matrix(&key->prf, a, k, key->pubSeed, 1); + ret = mlkem_gen_matrix(&key->prf, a, (int)k, key->pubSeed, 1); } if (ret == 0) { /* Assign remaining allocated dynamic memory to pointers. - * y (v) | a (m) | mu (p) | e1 (p) | r2 (v) | u (v) | v (p)*/ + * y (b) | a (m) | mu (p) | e1 (p) | e2 (v) | u (v) | v (p) */ u = e2 + MLKEM_N; v = u + MLKEM_N * k; /* Perform encapsulation maths. * Steps 18-19, 21: calculate u and v */ - mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, k); + mlkem_encapsulate(key->pub, u, v, a, y, e1, e2, mu, (int)k); } #else /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */ if (ret == 0) { @@ -892,7 +926,7 @@ mlkem_prf_init(&key->prf); /* Generate noise using PRF. * Steps 9-12: generate y */ - ret = mlkem_get_noise(&key->prf, k, y, NULL, NULL, r); + ret = mlkem_get_noise(&key->prf, (int)k, y, NULL, NULL, r); } if (ret == 0) { /* Assign remaining allocated dynamic memory to pointers. @@ -903,7 +937,7 @@ /* Perform encapsulation maths. * Steps 13-17: generate e_1 and e_2 * Steps 18-19, 21: calculate u and v */ - ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, k, m, + ret = mlkem_encapsulate_seeds(key->pub, &key->prf, u, a, y, (int)k, m, key->pubSeed, r); } #endif /* WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM */ @@ -950,6 +984,55 @@ } #endif +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +static int wc_mlkemkey_check_h(MlKemKey* key) +{ + int ret = 0; + + /* If public hash (h) is not stored against key, calculate it + * (fields set explicitly instead of using decode). + * Step 1: ... H(ek)... + */ + if ((key->flags & MLKEM_FLAG_H_SET) == 0) { + #ifndef WOLFSSL_NO_MALLOC + byte* pubKey = NULL; + word32 pubKeyLen; + #else + byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + word32 pubKeyLen; + #endif + + /* Determine how big an encoded public key will be. */ + ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen); + if (ret == 0) { + #ifndef WOLFSSL_NO_MALLOC + /* Allocate dynamic memory for encoded public key. */ + pubKey = (byte*)XMALLOC(pubKeyLen, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) { + ret = MEMORY_E; + } + } + if (ret == 0) { + #endif + /* Encode public key - h is hash of encoded public key. */ + ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen); + } + #ifndef WOLFSSL_NO_MALLOC + /* Dispose of encoded public key. */ + XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } + if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { + /* Implementation issue if h not cached and flag set. */ + ret = BAD_STATE_E; + } + + return ret; +} +#endif + #ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE /** * Encapsulate with random number generator and derive secret. @@ -970,13 +1053,14 @@ * @param [out] k Shared secret generated. * @param [in] rng Random number generator. * @return 0 on success. - * @return BAD_FUNC_ARG when key, ct, ss or RNG is NULL. + * @return BAD_FUNC_ARG when key, c, k or rng is NULL. * @return NOT_COMPILED_IN when key type is not supported. * @return MEMORY_E when dynamic memory allocation failed. */ int wc_MlKemKey_Encapsulate(MlKemKey* key, unsigned char* c, unsigned char* k, WC_RNG* rng) { +#ifndef WC_NO_RNG int ret = 0; unsigned char m[WC_ML_KEM_ENC_RAND_SZ]; @@ -1001,6 +1085,13 @@ /* Step 3: return ret != 0 on falsum or internal key generation failure. */ return ret; +#else + (void)key; + (void)c; + (void)k; + (void)rng; + return NOT_COMPILED_IN; +#endif /* WC_NO_RNG */ } /** @@ -1011,7 +1102,7 @@ * ciphertext. * Step 1: (K,r) <- G(m||H(ek)) * > derive shared secret key K and randomness r - * Step 2: c <- K-PPKE.Encrypt(ek, m, r) + * Step 2: c <- K-PKE.Encrypt(ek, m, r) * > encrypt m using K-PKE with randomness r * Step 3: return (K,c) * @@ -1020,7 +1111,7 @@ * @param [in] m Random bytes. * @param [in] len Length of random bytes. * @return 0 on success. - * @return BAD_FUNC_ARG when key, c, k or RNG is NULL. + * @return BAD_FUNC_ARG when key, c, k or m is NULL. * @return BUFFER_E when len is not WC_ML_KEM_ENC_RAND_SZ. * @return NOT_COMPILED_IN when key type is not supported. * @return MEMORY_E when dynamic memory allocation failed. @@ -1084,43 +1175,8 @@ } #endif - /* If public hash (h) is not stored against key, calculate it - * (fields set explicitly instead of using decode). - * Step 1: ... H(ek)... - */ - if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { - #ifndef WOLFSSL_NO_MALLOC - byte* pubKey = NULL; - word32 pubKeyLen; - #else - byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; - word32 pubKeyLen = WC_ML_KEM_MAX_PUBLIC_KEY_SIZE; - #endif - - #ifndef WOLFSSL_NO_MALLOC - /* Determine how big an encoded public key will be. */ - ret = wc_KyberKey_PublicKeySize(key, &pubKeyLen); - if (ret == 0) { - /* Allocate dynamic memory for encoded public key. */ - pubKey = (byte*)XMALLOC(pubKeyLen, key->heap, - DYNAMIC_TYPE_TMP_BUFFER); - if (pubKey == NULL) { - ret = MEMORY_E; - } - } - if (ret == 0) { - #endif - /* Encode public key - h is hash of encoded public key. */ - ret = wc_KyberKey_EncodePublicKey(key, pubKey, pubKeyLen); - #ifndef WOLFSSL_NO_MALLOC - } - /* Dispose of encoded public key. */ - XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - #endif - } - if ((ret == 0) && ((key->flags & MLKEM_FLAG_H_SET) == 0)) { - /* Implementation issue if h not cached and flag set. */ - ret = BAD_STATE_E; + if (ret == 0) { + ret = wc_mlkemkey_check_h(key); } #ifdef WOLFSSL_MLKEM_KYBER @@ -1205,6 +1261,8 @@ } #endif + ForceZero(kr, sizeof(kr)); + return ret; } #endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE */ @@ -1217,16 +1275,16 @@ * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE,c) * Uses the decryption key to decrypt a ciphertext. * 1: c1 <- c[0 : 32.d_u.k] - * 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] - * 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) - * 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) + * 2: c2 <- c[32.d_u.k : 32(d_u.k + d_v)] + * 3: u' <- Decompress_d_u(ByteDecode_d_u(c1)) + * 4: v' <- Decompress_d_v(ByteDecode_d_v(c2)) * ... * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) * 7: m <- ByteEncode_1(Compress_1(w)) * 8: return m * * @param [in] key Kyber key object. - * @param [out] m Message than was encapsulated. + * @param [out] m Message that was encapsulated. * @param [in] c Cipher text. * @return 0 on success. * @return NOT_COMPILED_IN when key type is not supported. @@ -1309,7 +1367,7 @@ if (ret == 0) { /* Step 1: c1 <- c[0 : 32.d_u.k] */ const byte* c1 = c; - /* Step 2: c2 <= c[32.d_u.k : 32(d_u.k + d_v)] */ + /* Step 2: c2 <- c[32.d_u.k : 32(d_u.k + d_v)] */ const byte* c2 = c + compVecSz; /* Assign allocated dynamic memory to pointers. @@ -1319,32 +1377,32 @@ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if (k == WC_ML_KEM_512_K) { - /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + /* Step 3: u' <- Decompress_d_u(ByteDecode_d_u(c1)) */ mlkem_vec_decompress_10(u, c1, k); - /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + /* Step 4: v' <- Decompress_d_v(ByteDecode_d_v(c2)) */ mlkem_decompress_4(v, c2); } #endif #if defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) if (k == WC_ML_KEM_768_K) { - /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + /* Step 3: u' <- Decompress_d_u(ByteDecode_d_u(c1)) */ mlkem_vec_decompress_10(u, c1, k); - /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + /* Step 4: v' <- Decompress_d_v(ByteDecode_d_v(c2)) */ mlkem_decompress_4(v, c2); } #endif #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) if (k == WC_ML_KEM_1024_K) { - /* Step 3: u' <= Decompress_d_u(ByteDecode_d_u(c1)) */ + /* Step 3: u' <- Decompress_d_u(ByteDecode_d_u(c1)) */ mlkem_vec_decompress_11(u, c1); - /* Step 4: v' <= Decompress_d_v(ByteDecode_d_v(c2)) */ + /* Step 4: v' <- Decompress_d_v(ByteDecode_d_v(c2)) */ mlkem_decompress_5(v, c2); } #endif /* Decapsulate the cipher text into polynomial. * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */ - mlkem_decapsulate(key->priv, w, u, v, k); + mlkem_decapsulate(key->priv, w, u, v, (int)k); /* Convert the polynomial into a array of bytes (message). * Step 7: m <- ByteEncode_1(Compress_1(w)) */ @@ -1377,11 +1435,11 @@ * ... * 1: dk_PKE <- dk[0 : 384k] * > extract (from KEM decaps key) the PKE decryption key - * 2: ek_PKE <- dk[384k : 768l + 32] + * 2: ek_PKE <- dk[384k : 768k + 32] * > extract PKE encryption key - * 3: h <- dk[768K + 32 : 768k + 64] + * 3: h <- dk[768k + 32 : 768k + 64] * > extract hash of PKE encryption key - * 4: z <- dk[768K + 64 : 768k + 96] + * 4: z <- dk[768k + 64 : 768k + 96] * > extract implicit rejection value * 5: m' <- K-PKE.Decrypt(dk_PKE, c) > decrypt ciphertext * 6: (K', r') <- G(m'||h) @@ -1389,7 +1447,7 @@ * 8: c' <- K-PKE.Encrypt(ek_PKE, m', r') * > re-encrypt using the derived randomness r' * 9: if c != c' then - * 10: K' <= K_bar + * 10: K' <- K_bar * > if ciphertexts do not match, "implicitly reject" * 11: end if * 12: return K' @@ -1399,7 +1457,7 @@ * @param [in] ct Cipher text. * @param [in] len Length of cipher text. * @return 0 on success. - * @return BAD_FUNC_ARG when key, ss or cr are NULL. + * @return BAD_FUNC_ARG when key, ss or ct are NULL. * @return NOT_COMPILED_IN when key type is not supported. * @return BUFFER_E when len is not the length of cipher text for the key type. * @return MEMORY_E when dynamic memory allocation failed. @@ -1423,6 +1481,9 @@ if ((key == NULL) || (ss == NULL) || (ct == NULL)) { ret = BAD_FUNC_ARG; } + if ((ret == 0) && ((key->flags & MLKEM_FLAG_PRIV_SET) == 0)) { + ret = BAD_STATE_E; + } if (ret == 0) { /* Establish cipher text size based on key type. */ @@ -1488,6 +1549,10 @@ ret = mlkemkey_decapsulate(key, msg, ct); } if (ret == 0) { + /* Check we have H, hash of public, set. */ + ret = wc_mlkemkey_check_h(key); + } + if (ret == 0) { /* Hash message into seed buffer. */ ret = MLKEM_HASH_G(&key->hash, msg, WC_ML_KEM_SYM_SZ, key->h, WC_ML_KEM_SYM_SZ, kr); @@ -1498,7 +1563,7 @@ } if (ret == 0) { /* Compare generated cipher text with that passed in. */ - fail = mlkem_cmp(ct, cmp, ctSz); + fail = mlkem_cmp(ct, cmp, (int)ctSz); #if defined(WOLFSSL_MLKEM_KYBER) && !defined(WOLFSSL_NO_ML_KEM) if (key->type & MLKEM_KYBER) @@ -1527,7 +1592,7 @@ if (ret == 0) { /* Set secret to kr or fake secret on comparison failure. */ for (i = 0; i < WC_ML_KEM_SYM_SZ; i++) { - ss[i] = kr[i] ^ ((kr[i] ^ msg[i]) & fail); + ss[i] = (byte)(kr[i] ^ ((kr[i] ^ msg[i]) & fail)); } } } @@ -1541,6 +1606,9 @@ } #endif + ForceZero(msg, sizeof(msg)); + ForceZero(kr, sizeof(kr)); + return ret; } #endif /* WOLFSSL_MLKEM_NO_DECAPSULATE */ @@ -1550,7 +1618,7 @@ /** * Get the public key and public seed from bytes. * - * FIPS 203, Algorithm 14 K-PKE.Encrypt(ek_PKE, m, r) + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r) * ... * 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) * 3: rho <- ek_PKE[384k : 384k + 32] @@ -1568,7 +1636,7 @@ /* Decode public key that is vector of polynomials. * Step 2: t <- ByteDecode_12(ek_PKE[0 : 384k]) */ - mlkem_from_bytes(pub, p, k); + mlkem_from_bytes(pub, p, (int)k); p += k * WC_ML_KEM_POLY_SIZE; /* Read public key seed. @@ -1586,16 +1654,16 @@ * FIPS 203, Algorithm 18: ML-KEM.Decaps_internal(dk, c) * 1: dk_PKE <- dk[0 : 384k] * > extract (from KEM decaps key) the PKE decryption key - * 2: ek_PKE <- dk[384k : 768l + 32] + * 2: ek_PKE <- dk[384k : 768k + 32] * > extract PKE encryption key - * 3: h <- dk[768K + 32 : 768k + 64] + * 3: h <- dk[768k + 32 : 768k + 64] * > extract hash of PKE encryption key - * 4: z <- dk[768K + 64 : 768k + 96] + * 4: z <- dk[768k + 64 : 768k + 96] * > extract implicit rejection value * * FIPS 203, Algorithm 15: K-PKE.Decrypt(dk_PKE, c) * ... - * 5: s_hat <= ByteDecode_12(dk_PKE) + * 5: s_hat <- ByteDecode_12(dk_PKE) * ... * * @param [in, out] key Kyber key object. @@ -1684,13 +1752,28 @@ /* Decode private key that is vector of polynomials. * Alg 18 Step 1: dk_PKE <- dk[0 : 384k] * Alg 15 Step 5: s_hat <- ByteDecode_12(dk_PKE) */ - mlkem_from_bytes(key->priv, p, k); + mlkem_from_bytes(key->priv, p, (int)k); p += k * WC_ML_KEM_POLY_SIZE; /* Decode the public key that is after the private key. */ mlkemkey_decode_public(key->pub, key->pubSeed, p, k); + /* Compute the hash of the public key. */ + ret = MLKEM_HASH_H(&key->hash, p, pubLen, key->h); + if (ret != 0) { + ForceZero(key->priv, k * MLKEM_N); + } + } + + if (ret == 0) { p += pubLen; + /* Compare computed public key hash with stored hash */ + if (XMEMCMP(key->h, p, WC_ML_KEM_SYM_SZ) != 0) { + ForceZero(key->priv, k * MLKEM_N); + ret = MLKEM_PUB_HASH_E; + } + } + if (ret == 0) { /* Copy the hash of the encoded public key that is after public key. */ XMEMCPY(key->h, p, sizeof(key->h)); p += WC_ML_KEM_SYM_SZ; @@ -1785,7 +1868,9 @@ if (ret == 0) { mlkemkey_decode_public(key->pub, key->pubSeed, p, k); - + ret = mlkem_check_public(key->pub, (int)k); + } + if (ret == 0) { /* Calculate public hash. */ ret = MLKEM_HASH_H(&key->hash, in, len, key->h); } @@ -2028,7 +2113,7 @@ if (ret == 0) { /* Encode private key that is vector of polynomials. */ - mlkem_to_bytes(p, key->priv, k); + mlkem_to_bytes(p, key->priv, (int)k); p += WC_ML_KEM_POLY_SIZE * k; /* Encode public key. */ @@ -2145,7 +2230,7 @@ int i; /* Encode public key polynomial by polynomial. */ - mlkem_to_bytes(p, key->pub, k); + mlkem_to_bytes(p, key->pub, (int)k); p += k * WC_ML_KEM_POLY_SIZE; /* Append public seed. */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_asm.S mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_asm.S --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_asm.S 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_asm.S 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_mlkem_asm.S */ /* - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_poly.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_poly.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_poly.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_mlkem_poly.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_mlkem_poly.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -99,7 +99,7 @@ #endif /* Declared in wc_mlkem.c to stop compiler optimizer from simplifying. */ -extern volatile sword16 mlkem_opt_blocker; +extern sword16 wc_mlkem_opt_blocker(void); #if defined(USE_INTEL_SPEEDUP) || (defined(__aarch64__) && \ defined(WOLFSSL_ARMASM)) @@ -126,7 +126,7 @@ * f is the normalizer = 2^k % m. * 16-bit value cast to sword32 in use. */ -#define MLKEM_F ((1ULL << 32) % MLKEM_Q) +#define MLKEM_F (((word64)1 << 32) % MLKEM_Q) /* Number of bytes in an output block of SHA-3-128 */ #define SHA3_128_BYTES (WC_SHA3_128_COUNT * 8) @@ -204,7 +204,7 @@ * 7: for (j <- start; j < start + len; j++) * 8: t <- zeta.f[j+len] * 9: f_hat[j+len] <- f_hat[j] - t - * 10: f_hat[j] <- f_hat[j] - t + * 10: f_hat[j] <- f_hat[j] + t * 11: end for * 12: end for * 13: end for @@ -235,9 +235,9 @@ sword16 t = MLKEM_MONT_RED(p); sword16 rj = r[j]; /* Step 9 */ - r[j + len] = rj - t; + r[j + len] = (sword16)(rj - t); /* Step 10 */ - r[j] = rj + t; + r[j] = (sword16)(rj + t); } } } @@ -258,8 +258,8 @@ sword32 p = (sword32)zeta * r[j + MLKEM_N / 2]; sword16 t = MLKEM_MONT_RED(p); sword16 rj = r[j]; - r[j + MLKEM_N / 2] = rj - t; - r[j] = rj + t; + r[j + MLKEM_N / 2] = (sword16)(rj - t); + r[j] = (sword16)(rj + t); } for (len = MLKEM_N / 4; len >= 2; len >>= 1) { for (start = 0; start < MLKEM_N; start = j + len) { @@ -268,8 +268,8 @@ sword32 p = (sword32)zeta * r[j + len]; sword16 t = MLKEM_MONT_RED(p); sword16 rj = r[j]; - r[j + len] = rj - t; - r[j] = rj + t; + r[j + len] = (sword16)(rj - t); + r[j] = (sword16)(rj + t); } } } @@ -389,27 +389,27 @@ t1 = MLKEM_MONT_RED((sword32)zeta128 * r5); t2 = MLKEM_MONT_RED((sword32)zeta128 * r6); t3 = MLKEM_MONT_RED((sword32)zeta128 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); r[j + 0] = r0; r[j + 32] = r1; @@ -423,7 +423,7 @@ /* len = 32,16,8 */ for (j = 0; j < MLKEM_N; j += 64) { - int i; + unsigned int i; sword16 zeta32 = zetas[ 4 + j / 64 + 0]; sword16 zeta16_0 = zetas[ 8 + j / 32 + 0]; sword16 zeta16_1 = zetas[ 8 + j / 32 + 1]; @@ -445,40 +445,40 @@ t1 = MLKEM_MONT_RED((sword32)zeta32 * r5); t2 = MLKEM_MONT_RED((sword32)zeta32 * r6); t3 = MLKEM_MONT_RED((sword32)zeta32 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1); t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3); t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5); t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7); - r1 = r0 - t0; - r3 = r2 - t1; - r5 = r4 - t2; - r7 = r6 - t3; - r0 += t0; - r2 += t1; - r4 += t2; - r6 += t3; + r1 = (sword16)(r0 - t0); + r3 = (sword16)(r2 - t1); + r5 = (sword16)(r4 - t2); + r7 = (sword16)(r6 - t3); + r0 = (sword16)(r0 + t0); + r2 = (sword16)(r2 + t1); + r4 = (sword16)(r4 + t2); + r6 = (sword16)(r6 + t3); r[j + i + 0] = r0; r[j + i + 8] = r1; @@ -509,27 +509,27 @@ t1 = MLKEM_MONT_RED((sword32)zeta4 * r5); t2 = MLKEM_MONT_RED((sword32)zeta4 * r6); t3 = MLKEM_MONT_RED((sword32)zeta4 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); r[j + 0] = MLKEM_BARRETT_RED(r0); r[j + 1] = MLKEM_BARRETT_RED(r1); @@ -578,7 +578,7 @@ * 6: i <- i - 1 * 7: for (j <- start; j < start + len; j++) * 8: t <- f[j] - * 9: f[j] < t + f[j + len] + * 9: f[j] <- t + f[j + len] * 10: f[j + len] <- zeta.(f[j+len] - t) * 11: end for * 12: end for @@ -612,10 +612,10 @@ sword16 rj = r[j]; sword16 rjl = r[j + len]; /* Step 9 */ - sword16 t = rj + rjl; + sword16 t = (sword16)(rj + rjl); r[j] = MLKEM_BARRETT_RED(t); /* Step 10 */ - rjl = rj - rjl; + rjl = (sword16)(rj - rjl); p = (sword32)zeta * rjl; r[j + len] = MLKEM_MONT_RED(p); } @@ -645,9 +645,9 @@ sword32 p; sword16 rj = r[j]; sword16 rjl = r[j + len]; - sword16 t = rj + rjl; + sword16 t = (sword16)(rj + rjl); r[j] = MLKEM_BARRETT_RED(t); - rjl = rj - rjl; + rjl = (sword16)(rj - rjl); p = (sword32)zeta * rjl; r[j + len] = MLKEM_MONT_RED(p); } @@ -660,10 +660,10 @@ sword32 p; sword16 rj = r[j]; sword16 rjl = r[j + MLKEM_N / 2]; - sword16 t = rj + rjl; - rjl = rj - rjl; + sword16 t = (sword16)(rj + rjl); + rjl = (sword16)(rj - rjl); p = (sword32)zeta * rjl; - r[j] = t; + r[j] = (sword16)t; r[j + MLKEM_N / 2] = MLKEM_MONT_RED(p); p = (sword32)zeta2 * r[j]; @@ -818,10 +818,10 @@ t2 = MLKEM_MONT_RED(p); p = (sword32)zeta2_1 * (sword16)(r5 - r7); t3 = MLKEM_MONT_RED(p); - r0 += r2; - r1 += r3; - r4 += r6; - r5 += r7; + r0 = (sword16)(r0 + r2); + r1 = (sword16)(r1 + r3); + r4 = (sword16)(r4 + r6); + r5 = (sword16)(r5 + r7); r2 = t0; r3 = t1; r6 = t2; @@ -835,10 +835,10 @@ t2 = MLKEM_MONT_RED(p); p = (sword32)zeta4 * (sword16)(r3 - r7); t3 = MLKEM_MONT_RED(p); - r0 += r4; - r1 += r5; - r2 += r6; - r3 += r7; + r0 = (sword16)(r0 + r4); + r1 = (sword16)(r1 + r5); + r2 = (sword16)(r2 + r6); + r3 = (sword16)(r3 + r7); r4 = t0; r5 = t1; r6 = t2; @@ -855,7 +855,7 @@ } for (j = 0; j < MLKEM_N; j += 64) { - int i; + unsigned int i; sword16 zeta8_0 = zetas_inv[ 96 + j / 16 + 0]; sword16 zeta8_1 = zetas_inv[ 96 + j / 16 + 1]; sword16 zeta8_2 = zetas_inv[ 96 + j / 16 + 2]; @@ -898,10 +898,10 @@ t2 = MLKEM_MONT_RED(p); p = (sword32)zeta16_1 * (sword16)(r5 - r7); t3 = MLKEM_MONT_RED(p); - r0 += r2; - r1 += r3; - r4 += r6; - r5 += r7; + r0 = (sword16)(r0 + r2); + r1 = (sword16)(r1 + r3); + r4 = (sword16)(r4 + r6); + r5 = (sword16)(r5 + r7); r2 = t0; r3 = t1; r6 = t2; @@ -915,10 +915,10 @@ t2 = MLKEM_MONT_RED(p); p = (sword32)zeta32 * (sword16)(r3 - r7); t3 = MLKEM_MONT_RED(p); - r0 += r4; - r1 += r5; - r2 += r6; - r3 += r7; + r0 = (sword16)(r0 + r4); + r1 = (sword16)(r1 + r5); + r2 = (sword16)(r2 + r6); + r3 = (sword16)(r3 + r7); r4 = t0; r5 = t1; r6 = t2; @@ -974,10 +974,10 @@ t2 = MLKEM_MONT_RED(p); p = (sword32)zeta128 * (sword16)(r3 - r7); t3 = MLKEM_MONT_RED(p); - r0 += r4; - r1 += r5; - r2 += r6; - r3 += r7; + r0 = (sword16)(r0 + r4); + r1 = (sword16)(r1 + r5); + r2 = (sword16)(r2 + r6); + r3 = (sword16)(r3 + r7); r4 = t0; r5 = t1; r6 = t2; @@ -1080,30 +1080,30 @@ /* Step 1 */ for (i = 0; i < MLKEM_N; i += 4, zeta++) { /* Step 2 */ - mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); } #elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) /* Four multiplications per loop. */ unsigned int i; for (i = 0; i < MLKEM_N; i += 8, zeta += 2) { - mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); - mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); - mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); + mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, (sword16)(-zeta[1])); } #else /* Eight multiplications per loop. */ unsigned int i; for (i = 0; i < MLKEM_N; i += 16, zeta += 4) { - mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); - mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); - mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); - mlkem_basemul(r + i + 8, a + i + 8, b + i + 8, zeta[2]); - mlkem_basemul(r + i + 10, a + i + 10, b + i + 10, -zeta[2]); - mlkem_basemul(r + i + 12, a + i + 12, b + i + 12, zeta[3]); - mlkem_basemul(r + i + 14, a + i + 14, b + i + 14, -zeta[3]); + mlkem_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(r + i + 2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); + mlkem_basemul(r + i + 4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(r + i + 6, a + i + 6, b + i + 6, (sword16)(-zeta[1])); + mlkem_basemul(r + i + 8, a + i + 8, b + i + 8, zeta[2]); + mlkem_basemul(r + i + 10, a + i + 10, b + i + 10, (sword16)(-zeta[2])); + mlkem_basemul(r + i + 12, a + i + 12, b + i + 12, zeta[3]); + mlkem_basemul(r + i + 14, a + i + 14, b + i + 14, (sword16)(-zeta[3])); } #endif } @@ -1136,13 +1136,13 @@ sword16 t0[2]; sword16 t2[2]; - mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); - r[i + 0] += t0[0]; - r[i + 1] += t0[1]; - r[i + 2] += t2[0]; - r[i + 3] += t2[1]; + r[i + 0] = (sword16)(r[i + 0] + t0[0]); + r[i + 1] = (sword16)(r[i + 1] + t0[1]); + r[i + 2] = (sword16)(r[i + 2] + t2[0]); + r[i + 3] = (sword16)(r[i + 3] + t2[1]); } #elif defined(WOLFSSL_MLKEM_NO_LARGE_CODE) /* Four multiplications per loop. */ @@ -1153,19 +1153,19 @@ sword16 t4[2]; sword16 t6[2]; - mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); - mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); - mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]); - - r[i + 0] += t0[0]; - r[i + 1] += t0[1]; - r[i + 2] += t2[0]; - r[i + 3] += t2[1]; - r[i + 4] += t4[0]; - r[i + 5] += t4[1]; - r[i + 6] += t6[0]; - r[i + 7] += t6[1]; + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); + mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(t6, a + i + 6, b + i + 6, (sword16)(-zeta[1])); + + r[i + 0] = (sword16)(r[i + 0] + t0[0]); + r[i + 1] = (sword16)(r[i + 1] + t0[1]); + r[i + 2] = (sword16)(r[i + 2] + t2[0]); + r[i + 3] = (sword16)(r[i + 3] + t2[1]); + r[i + 4] = (sword16)(r[i + 4] + t4[0]); + r[i + 5] = (sword16)(r[i + 5] + t4[1]); + r[i + 6] = (sword16)(r[i + 6] + t6[0]); + r[i + 7] = (sword16)(r[i + 7] + t6[1]); } #else /* Eight multiplications per loop. */ @@ -1180,31 +1180,31 @@ sword16 t12[2]; sword16 t14[2]; - mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); - mlkem_basemul(t2, a + i + 2, b + i + 2, -zeta[0]); - mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); - mlkem_basemul(t6, a + i + 6, b + i + 6, -zeta[1]); - mlkem_basemul(t8, a + i + 8, b + i + 8, zeta[2]); - mlkem_basemul(t10, a + i + 10, b + i + 10, -zeta[2]); - mlkem_basemul(t12, a + i + 12, b + i + 12, zeta[3]); - mlkem_basemul(t14, a + i + 14, b + i + 14, -zeta[3]); - - r[i + 0] += t0[0]; - r[i + 1] += t0[1]; - r[i + 2] += t2[0]; - r[i + 3] += t2[1]; - r[i + 4] += t4[0]; - r[i + 5] += t4[1]; - r[i + 6] += t6[0]; - r[i + 7] += t6[1]; - r[i + 8] += t8[0]; - r[i + 9] += t8[1]; - r[i + 10] += t10[0]; - r[i + 11] += t10[1]; - r[i + 12] += t12[0]; - r[i + 13] += t12[1]; - r[i + 14] += t14[0]; - r[i + 15] += t14[1]; + mlkem_basemul(t0, a + i + 0, b + i + 0, zeta[0]); + mlkem_basemul(t2, a + i + 2, b + i + 2, (sword16)(-zeta[0])); + mlkem_basemul(t4, a + i + 4, b + i + 4, zeta[1]); + mlkem_basemul(t6, a + i + 6, b + i + 6, (sword16)(-zeta[1])); + mlkem_basemul(t8, a + i + 8, b + i + 8, zeta[2]); + mlkem_basemul(t10, a + i + 10, b + i + 10, (sword16)(-zeta[2])); + mlkem_basemul(t12, a + i + 12, b + i + 12, zeta[3]); + mlkem_basemul(t14, a + i + 14, b + i + 14, (sword16)(-zeta[3])); + + r[i + 0] = (sword16)(r[i + 0] + t0[0]); + r[i + 1] = (sword16)(r[i + 1] + t0[1]); + r[i + 2] = (sword16)(r[i + 2] + t2[0]); + r[i + 3] = (sword16)(r[i + 3] + t2[1]); + r[i + 4] = (sword16)(r[i + 4] + t4[0]); + r[i + 5] = (sword16)(r[i + 5] + t4[1]); + r[i + 6] = (sword16)(r[i + 6] + t6[0]); + r[i + 7] = (sword16)(r[i + 7] + t6[1]); + r[i + 8] = (sword16)(r[i + 8] + t8[0]); + r[i + 9] = (sword16)(r[i + 9] + t8[1]); + r[i + 10] = (sword16)(r[i + 10] + t10[0]); + r[i + 11] = (sword16)(r[i + 11] + t10[1]); + r[i + 12] = (sword16)(r[i + 12] + t12[0]); + r[i + 13] = (sword16)(r[i + 13] + t12[1]); + r[i + 14] = (sword16)(r[i + 14] + t14[0]); + r[i + 15] = (sword16)(r[i + 15] + t14[1]); } #endif } @@ -1258,12 +1258,12 @@ * ... * 16: s_hat <- NTT(s) * 17: e_hat <- NTT(e) - * 18: t^hat <- A_hat o s_hat + e_hat + * 18: t_hat <- A_hat o s_hat + e_hat * ... * * @param [in, out] s Private key vector of polynomials. * @param [out] t Public key vector of polynomials. - * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in, out] e Error values as a vector of polynomials. Modified. * @param [in] a Random values in an array of vectors of polynomials. * @param [in] k Number of polynomials in vector. */ @@ -1334,22 +1334,20 @@ * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE, m, r) * ... * Step 18: y_hat <- NTT(y) - * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1 * ... - * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) + * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu * ... * - * @param [in] t Public key vector of polynomials. - * @param [out] u Vector of polynomials. - * @param [out] v Polynomial. - * @param [in] a Array of vector of polynomials. - * @param [in] y Vector of polynomials. - * @param [in] e1 Error Vector of polynomials. - * @param [in] e2 Error polynomial. - * @param [in] m Message polynomial. - * @param [in] k Number of polynomials in vector. - * @return 0 on success. - * + * @param [in] t Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in, out] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. */ void mlkem_encapsulate(const sword16* t, sword16* u , sword16* v, const sword16* a, sword16* y, const sword16* e1, const sword16* e2, @@ -1397,7 +1395,7 @@ } /* For each polynomial in the vectors. - * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1 */ for (i = 0; i < k; ++i) { /* Multiply at by y into u polynomial. * Step 19: ... A_hat_trans o y_hat ... */ @@ -1407,7 +1405,7 @@ * Step 19: ... InvNTT(A_hat_trans o y_hat) ... */ mlkem_invntt(u + i * MLKEM_N); /* Add errors to u and reduce. - * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1) */ + * Step 19: u <- InvNTT(A_hat_trans o y_hat) + e_1 */ mlkem_add_reduce(u + i * MLKEM_N, e1 + i * MLKEM_N); } @@ -1419,7 +1417,7 @@ mlkem_invntt(v); } /* Add errors and message to v and reduce. - * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu) */ + * Step 21: v <- InvNTT(t_hat_trans o y_hat) + e_2 + mu */ mlkem_add3_reduce(v, e2, m); } #endif /* !WOLFSSL_MLKEM_NO_ENCAPSULATE || !WOLFSSL_MLKEM_NO_DECAPSULATE */ @@ -1433,11 +1431,11 @@ * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) * ... * - * @param [in] s Decryption key as vector of polynomials. - * @param [out] w Message polynomial. - * @param [in] u Vector of polynomials containing error. - * @param [in] v Encapsulated message polynomial. - * @param [in] k Number of polynomials in vector. + * @param [in] s Decryption key as vector of polynomials. + * @param [out] w Message polynomial. + * @param [in, out] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. */ void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u, const sword16* v, int k) @@ -1500,13 +1498,14 @@ * 7: for (j <- start; j < start + len; j++) * 8: t <- zeta.f[j+len] * 9: f_hat[j+len] <- f_hat[j] - t - * 10: f_hat[j] <- f_hat[j] - t + * 10: f_hat[j] <- f_hat[j] + t * 11: end for * 12: end for * 13: end for * 14: return f_hat * - * @param [in, out] r Polynomial to transform. + * @param [in, out] r Polynomial to transform. + * @param [in, out] a Polynomial to add NTT result to. */ static void mlkem_ntt_add_to(sword16* r, sword16* a) { @@ -1622,27 +1621,27 @@ t1 = MLKEM_MONT_RED((sword32)zeta128 * r5); t2 = MLKEM_MONT_RED((sword32)zeta128 * r6); t3 = MLKEM_MONT_RED((sword32)zeta128 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta64_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta64_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta64_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta64_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); r[j + 0] = r0; r[j + 32] = r1; @@ -1656,7 +1655,7 @@ /* len = 32,16,8 */ for (j = 0; j < MLKEM_N; j += 64) { - int i; + unsigned int i; sword16 zeta32 = zetas[ 4 + j / 64 + 0]; sword16 zeta16_0 = zetas[ 8 + j / 32 + 0]; sword16 zeta16_1 = zetas[ 8 + j / 32 + 1]; @@ -1678,40 +1677,40 @@ t1 = MLKEM_MONT_RED((sword32)zeta32 * r5); t2 = MLKEM_MONT_RED((sword32)zeta32 * r6); t3 = MLKEM_MONT_RED((sword32)zeta32 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta16_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta16_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta16_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta16_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); t0 = MLKEM_MONT_RED((sword32)zeta8_0 * r1); t1 = MLKEM_MONT_RED((sword32)zeta8_1 * r3); t2 = MLKEM_MONT_RED((sword32)zeta8_2 * r5); t3 = MLKEM_MONT_RED((sword32)zeta8_3 * r7); - r1 = r0 - t0; - r3 = r2 - t1; - r5 = r4 - t2; - r7 = r6 - t3; - r0 += t0; - r2 += t1; - r4 += t2; - r6 += t3; + r1 = (sword16)(r0 - t0); + r3 = (sword16)(r2 - t1); + r5 = (sword16)(r4 - t2); + r7 = (sword16)(r6 - t3); + r0 = (sword16)(r0 + t0); + r2 = (sword16)(r2 + t1); + r4 = (sword16)(r4 + t2); + r6 = (sword16)(r6 + t3); r[j + i + 0] = r0; r[j + i + 8] = r1; @@ -1742,36 +1741,36 @@ t1 = MLKEM_MONT_RED((sword32)zeta4 * r5); t2 = MLKEM_MONT_RED((sword32)zeta4 * r6); t3 = MLKEM_MONT_RED((sword32)zeta4 * r7); - r4 = r0 - t0; - r5 = r1 - t1; - r6 = r2 - t2; - r7 = r3 - t3; - r0 += t0; - r1 += t1; - r2 += t2; - r3 += t3; + r4 = (sword16)(r0 - t0); + r5 = (sword16)(r1 - t1); + r6 = (sword16)(r2 - t2); + r7 = (sword16)(r3 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r2 = (sword16)(r2 + t2); + r3 = (sword16)(r3 + t3); t0 = MLKEM_MONT_RED((sword32)zeta2_0 * r2); t1 = MLKEM_MONT_RED((sword32)zeta2_0 * r3); t2 = MLKEM_MONT_RED((sword32)zeta2_1 * r6); t3 = MLKEM_MONT_RED((sword32)zeta2_1 * r7); - r2 = r0 - t0; - r3 = r1 - t1; - r6 = r4 - t2; - r7 = r5 - t3; - r0 += t0; - r1 += t1; - r4 += t2; - r5 += t3; - - r0 += a[j + 0]; - r1 += a[j + 1]; - r2 += a[j + 2]; - r3 += a[j + 3]; - r4 += a[j + 4]; - r5 += a[j + 5]; - r6 += a[j + 6]; - r7 += a[j + 7]; + r2 = (sword16)(r0 - t0); + r3 = (sword16)(r1 - t1); + r6 = (sword16)(r4 - t2); + r7 = (sword16)(r5 - t3); + r0 = (sword16)(r0 + t0); + r1 = (sword16)(r1 + t1); + r4 = (sword16)(r4 + t2); + r5 = (sword16)(r5 + t3); + + r0 = (sword16)(r0 + a[j + 0]); + r1 = (sword16)(r1 + a[j + 1]); + r2 = (sword16)(r2 + a[j + 2]); + r3 = (sword16)(r3 + a[j + 3]); + r4 = (sword16)(r4 + a[j + 4]); + r5 = (sword16)(r5 + a[j + 5]); + r6 = (sword16)(r6 + a[j + 6]); + r7 = (sword16)(r7 + a[j + 7]); a[j + 0] = MLKEM_BARRETT_RED(r0); a[j + 1] = MLKEM_BARRETT_RED(r1); @@ -1793,12 +1792,12 @@ * ... * 16: s_hat <- NTT(s) * 17: e_hat <- NTT(e) - * 18: t^hat <- A_hat o s_hat + e_hat + * 18: t_hat <- A_hat o s_hat + e_hat * ... * * @param [in, out] s Private key vector of polynomials. * @param [out] t Public key vector of polynomials. - * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in, out] e Error values as a vector of polynomials. Modified. * @param [in] a Random values in an array of vectors of polynomials. * @param [in] k Number of polynomials in vector. */ @@ -1816,11 +1815,12 @@ /* For each polynomial in the vectors. * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ for (i = 0; i < k; ++i) { - unsigned int j; + int j; /* Multiply a by private into public polynomial. * Step 18: ... A_hat o s_hat ... */ - mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, k); + mlkem_pointwise_acc_mont(t + i * MLKEM_N, a + i * k * MLKEM_N, s, + (unsigned int)k); /* Convert public polynomial to Montgomery form. * Step 18: ... MontRed(A_hat o s_hat) ... */ for (j = 0; j < MLKEM_N; ++j) { @@ -1834,7 +1834,7 @@ /* Add errors to public key and reduce. * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ for (j = 0; j < MLKEM_N; ++j) { - sword16 n = t[i * MLKEM_N + j] + e[i * MLKEM_N + j]; + sword16 n = (sword16)(t[i * MLKEM_N + j] + e[i * MLKEM_N + j]); t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n); } #else @@ -1851,12 +1851,12 @@ * ... * 16: s_hat <- NTT(s) * 17: e_hat <- NTT(e) - * 18: t^hat <- A_hat o s_hat + e_hat + * 18: t_hat <- A_hat o s_hat + e_hat * ... * * @param [in, out] s Private key vector of polynomials. * @param [out] t Public key vector of polynomials. - * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in, out] e Error values as a vector of polynomials. Modified. * @param [in] a Random values in an array of vectors of polynomials. * @param [in] k Number of polynomials in vector. */ @@ -1885,16 +1885,16 @@ * ... (generate A[i]) * 7: end for * ... - * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... * 16: s_hat <- NTT(s) * 17: e_hat <- NTT(e) - * 18: t^hat <- A_hat o s_hat + e_hat + * 18: t_hat <- A_hat o s_hat + e_hat * ... * * @param [in, out] s Private key vector of polynomials. - * @param [out] tv Public key vector of polynomials. - * @param [in] prf XOF object. + * @param [out] t Public key vector of polynomials. + * @param [in, out] prf XOF object. * @param [in] tv Temporary vector of polynomials. * @param [in] k Number of polynomials in vector. * @param [in] rho Random seed to generate matrix A from. @@ -1917,7 +1917,7 @@ /* For each polynomial in the vectors. * Step 17, Step 18: Calculate public from A_hat, s_hat and e_hat. */ for (i = 0; i < k; ++i) { - unsigned int j; + int j; /* Generate a vector of matrix A. * Steps 4-6: generate A[i] */ @@ -1928,7 +1928,7 @@ /* Multiply a by private into public polynomial. * Step 18: ... A_hat o s_hat ... */ - mlkem_pointwise_acc_mont(t + i * MLKEM_N, ai, s, k); + mlkem_pointwise_acc_mont(t + i * MLKEM_N, ai, s, (unsigned int)k); /* Convert public polynomial to Montgomery form. * Step 18: ... MontRed(A_hat o s_hat) ... */ for (j = 0; j < MLKEM_N; ++j) { @@ -1937,7 +1937,7 @@ } /* Generate noise using PRF. - * Step 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) */ + * Step 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) */ ret = mlkem_get_noise_i(prf, k, e, sigma, i, 1); if (ret != 0) { break; @@ -1949,7 +1949,7 @@ /* Add errors to public key and reduce. * Step 18: t_hat = BarrettRed(MontRed(A_hat o s_hat) + e_hat) */ for (j = 0; j < MLKEM_N; ++j) { - sword16 n = t[i * MLKEM_N + j] + e[j]; + sword16 n = (sword16)(t[i * MLKEM_N + j] + e[j]); t[i * MLKEM_N + j] = MLKEM_BARRETT_RED(n); } #else @@ -1970,16 +1970,15 @@ #ifndef WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM /* Encapsulate message. * - * @param [in] pub Public key vector of polynomials. - * @param [out] u Vector of polynomials. - * @param [out] v Polynomial. - * @param [in] a Array of vector of polynomials. - * @param [in] y Vector of polynomials. - * @param [in] e1 Error Vector of polynomials. - * @param [in] e2 Error polynomial. - * @param [in] m Message polynomial. - * @param [in] k Number of polynomials in vector. - * @return 0 on success. + * @param [in] pub Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in, out] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. */ static void mlkem_encapsulate_c(const sword16* pub, sword16* u, sword16* v, const sword16* a, sword16* y, const sword16* e1, const sword16* e2, @@ -1994,28 +1993,37 @@ /* For each polynomial in the vectors. */ for (i = 0; i < k; ++i) { - unsigned int j; + int j; /* Multiply at by y into u polynomial. */ - mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, k); + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a + i * k * MLKEM_N, y, + (unsigned int)k); /* Inverse transform u polynomial. */ mlkem_invntt(u + i * MLKEM_N); /* Add errors to u and reduce. */ #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) for (j = 0; j < MLKEM_N; ++j) { - sword16 t = u[i * MLKEM_N + j] + e1[i * MLKEM_N + j]; + sword16 t = (sword16)(u[i * MLKEM_N + j] + e1[i * MLKEM_N + j]); u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t); } #else for (j = 0; j < MLKEM_N; j += 8) { - sword16 t0 = u[i * MLKEM_N + j + 0] + e1[i * MLKEM_N + j + 0]; - sword16 t1 = u[i * MLKEM_N + j + 1] + e1[i * MLKEM_N + j + 1]; - sword16 t2 = u[i * MLKEM_N + j + 2] + e1[i * MLKEM_N + j + 2]; - sword16 t3 = u[i * MLKEM_N + j + 3] + e1[i * MLKEM_N + j + 3]; - sword16 t4 = u[i * MLKEM_N + j + 4] + e1[i * MLKEM_N + j + 4]; - sword16 t5 = u[i * MLKEM_N + j + 5] + e1[i * MLKEM_N + j + 5]; - sword16 t6 = u[i * MLKEM_N + j + 6] + e1[i * MLKEM_N + j + 6]; - sword16 t7 = u[i * MLKEM_N + j + 7] + e1[i * MLKEM_N + j + 7]; + sword16 t0 = (sword16)(u[i * MLKEM_N + j + 0] + + e1[i * MLKEM_N + j + 0]); + sword16 t1 = (sword16)(u[i * MLKEM_N + j + 1] + + e1[i * MLKEM_N + j + 1]); + sword16 t2 = (sword16)(u[i * MLKEM_N + j + 2] + + e1[i * MLKEM_N + j + 2]); + sword16 t3 = (sword16)(u[i * MLKEM_N + j + 3] + + e1[i * MLKEM_N + j + 3]); + sword16 t4 = (sword16)(u[i * MLKEM_N + j + 4] + + e1[i * MLKEM_N + j + 4]); + sword16 t5 = (sword16)(u[i * MLKEM_N + j + 5] + + e1[i * MLKEM_N + j + 5]); + sword16 t6 = (sword16)(u[i * MLKEM_N + j + 6] + + e1[i * MLKEM_N + j + 6]); + sword16 t7 = (sword16)(u[i * MLKEM_N + j + 7] + + e1[i * MLKEM_N + j + 7]); u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0); u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1); u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2); @@ -2029,28 +2037,27 @@ } /* Multiply public key by y into v polynomial. */ - mlkem_pointwise_acc_mont(v, pub, y, k); + mlkem_pointwise_acc_mont(v, pub, y, (unsigned int)k); /* Inverse transform v. */ mlkem_invntt(v); /* Add errors and message to v and reduce. */ for (i = 0; i < MLKEM_N; ++i) { - sword16 t = v[i] + e2[i] + m[i]; + sword16 t = (sword16)(v[i] + e2[i] + m[i]); v[i] = MLKEM_BARRETT_RED(t); } } /* Encapsulate message. * - * @param [in] pub Public key vector of polynomials. - * @param [out] u Vector of polynomials. - * @param [out] v Polynomial. - * @param [in] a Array of vector of polynomials. - * @param [in] y Vector of polynomials. - * @param [in] e1 Error Vector of polynomials. - * @param [in] e2 Error polynomial. - * @param [in] m Message polynomial. - * @param [in] k Number of polynomials in vector. - * @return 0 on success. + * @param [in] pub Public key vector of polynomials. + * @param [out] u Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] a Array of vector of polynomials. + * @param [in, out] y Vector of polynomials. + * @param [in] e1 Error Vector of polynomials. + * @param [in] e2 Error polynomial. + * @param [in] m Message polynomial. + * @param [in] k Number of polynomials in vector. */ void mlkem_encapsulate(const sword16* pub, sword16* u, sword16* v, const sword16* a, sword16* y, const sword16* e1, const sword16* e2, @@ -2073,10 +2080,10 @@ /* Encapsulate message. * * @param [in] pub Public key vector of polynomials. - * @param [in] prf XOF object. + * @param [in, out] prf XOF object. * @param [out] u Vector of polynomials. * @param [in, out] tp Polynomial. - * @param [in] y Vector of polynomials. + * @param [in, out] y Vector of polynomials. * @param [in] k Number of polynomials in vector. * @param [in] msg Message to encapsulate. * @param [in] seed Random seed to generate matrix A from. @@ -2100,7 +2107,7 @@ /* For each polynomial in the vectors. */ for (i = 0; i < k; ++i) { - unsigned int j; + int j; /* Generate a vector of matrix A. */ ret = mlkem_gen_matrix_i(prf, a, k, seed, i, 1); @@ -2109,7 +2116,7 @@ } /* Multiply at by y into u polynomial. */ - mlkem_pointwise_acc_mont(u + i * MLKEM_N, a, y, k); + mlkem_pointwise_acc_mont(u + i * MLKEM_N, a, y, (unsigned int)k); /* Inverse transform u polynomial. */ mlkem_invntt(u + i * MLKEM_N); @@ -2121,19 +2128,19 @@ /* Add errors to u and reduce. */ #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) for (j = 0; j < MLKEM_N; ++j) { - sword16 t = u[i * MLKEM_N + j] + e1[j]; + sword16 t = (sword16)(u[i * MLKEM_N + j] + e1[j]); u[i * MLKEM_N + j] = MLKEM_BARRETT_RED(t); } #else for (j = 0; j < MLKEM_N; j += 8) { - sword16 t0 = u[i * MLKEM_N + j + 0] + e1[j + 0]; - sword16 t1 = u[i * MLKEM_N + j + 1] + e1[j + 1]; - sword16 t2 = u[i * MLKEM_N + j + 2] + e1[j + 2]; - sword16 t3 = u[i * MLKEM_N + j + 3] + e1[j + 3]; - sword16 t4 = u[i * MLKEM_N + j + 4] + e1[j + 4]; - sword16 t5 = u[i * MLKEM_N + j + 5] + e1[j + 5]; - sword16 t6 = u[i * MLKEM_N + j + 6] + e1[j + 6]; - sword16 t7 = u[i * MLKEM_N + j + 7] + e1[j + 7]; + sword16 t0 = (sword16)(u[i * MLKEM_N + j + 0] + e1[j + 0]); + sword16 t1 = (sword16)(u[i * MLKEM_N + j + 1] + e1[j + 1]); + sword16 t2 = (sword16)(u[i * MLKEM_N + j + 2] + e1[j + 2]); + sword16 t3 = (sword16)(u[i * MLKEM_N + j + 3] + e1[j + 3]); + sword16 t4 = (sword16)(u[i * MLKEM_N + j + 4] + e1[j + 4]); + sword16 t5 = (sword16)(u[i * MLKEM_N + j + 5] + e1[j + 5]); + sword16 t6 = (sword16)(u[i * MLKEM_N + j + 6] + e1[j + 6]); + sword16 t7 = (sword16)(u[i * MLKEM_N + j + 7] + e1[j + 7]); u[i * MLKEM_N + j + 0] = MLKEM_BARRETT_RED(t0); u[i * MLKEM_N + j + 1] = MLKEM_BARRETT_RED(t1); u[i * MLKEM_N + j + 2] = MLKEM_BARRETT_RED(t2); @@ -2147,32 +2154,32 @@ } /* Multiply public key by y into v polynomial. */ - mlkem_pointwise_acc_mont(v, pub, y, k); + mlkem_pointwise_acc_mont(v, pub, y, (unsigned int)k); /* Inverse transform v. */ mlkem_invntt(v); mlkem_from_msg(m, msg); /* Generate noise using PRF. */ - coins[WC_ML_KEM_SYM_SZ] = 2 * k; + coins[WC_ML_KEM_SYM_SZ] = (byte)(2 * k); ret = mlkem_get_noise_eta2_c(prf, e2, coins); if (ret == 0) { /* Add errors and message to v and reduce. */ #if defined(WOLFSSL_MLKEM_SMALL) || defined(WOLFSSL_MLKEM_NO_LARGE_CODE) for (i = 0; i < MLKEM_N; ++i) { - sword16 t = v[i] + e2[i] + m[i]; + sword16 t = (sword16)(v[i] + e2[i] + m[i]); v[i] = MLKEM_BARRETT_RED(t); } #else for (i = 0; i < MLKEM_N; i += 8) { - sword16 t0 = v[i + 0] + e2[i + 0] + m[i + 0]; - sword16 t1 = v[i + 1] + e2[i + 1] + m[i + 1]; - sword16 t2 = v[i + 2] + e2[i + 2] + m[i + 2]; - sword16 t3 = v[i + 3] + e2[i + 3] + m[i + 3]; - sword16 t4 = v[i + 4] + e2[i + 4] + m[i + 4]; - sword16 t5 = v[i + 5] + e2[i + 5] + m[i + 5]; - sword16 t6 = v[i + 6] + e2[i + 6] + m[i + 6]; - sword16 t7 = v[i + 7] + e2[i + 7] + m[i + 7]; + sword16 t0 = (sword16)(v[i + 0] + e2[i + 0] + m[i + 0]); + sword16 t1 = (sword16)(v[i + 1] + e2[i + 1] + m[i + 1]); + sword16 t2 = (sword16)(v[i + 2] + e2[i + 2] + m[i + 2]); + sword16 t3 = (sword16)(v[i + 3] + e2[i + 3] + m[i + 3]); + sword16 t4 = (sword16)(v[i + 4] + e2[i + 4] + m[i + 4]); + sword16 t5 = (sword16)(v[i + 5] + e2[i + 5] + m[i + 5]); + sword16 t6 = (sword16)(v[i + 6] + e2[i + 6] + m[i + 6]); + sword16 t7 = (sword16)(v[i + 7] + e2[i + 7] + m[i + 7]); v[i + 0] = MLKEM_BARRETT_RED(t0); v[i + 1] = MLKEM_BARRETT_RED(t1); v[i + 2] = MLKEM_BARRETT_RED(t2); @@ -2200,11 +2207,11 @@ * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) * ... * - * @param [in] s Private key vector of polynomials. - * @param [out] w Message polynomial. - * @param [in] u Vector of polynomials containing error. - * @param [in] v Encapsulated message polynomial. - * @param [in] k Number of polynomials in vector. + * @param [in] s Private key vector of polynomials. + * @param [out] w Message polynomial. + * @param [in, out] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. */ static void mlkem_decapsulate_c(const sword16* s, sword16* w, sword16* u, const sword16* v, int k) @@ -2219,14 +2226,14 @@ /* Multiply private key by u into w polynomial. * Step 6: ... s_hat_trans o NTT(u') */ - mlkem_pointwise_acc_mont(w, s, u, k); + mlkem_pointwise_acc_mont(w, s, u, (unsigned int)k); /* Inverse transform w. * Step 6: ... InvNTT(s_hat_trans o NTT(u')) */ mlkem_invntt(w); /* Subtract errors (in w) out of v and reduce into w. * Step 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) */ for (i = 0; i < MLKEM_N; ++i) { - sword16 t = v[i] - w[i]; + sword16 t = (sword16)(v[i] - w[i]); w[i] = MLKEM_BARRETT_RED(t); } } @@ -2239,11 +2246,11 @@ * 6: w <- v' - InvNTT(s_hat_trans o NTT(u')) * ... * - * @param [in] s Private key vector of polynomials. - * @param [out] w Message polynomial. - * @param [in] u Vector of polynomials containing error. - * @param [in] v Encapsulated message polynomial. - * @param [in] k Number of polynomials in vector. + * @param [in] s Private key vector of polynomials. + * @param [out] w Message polynomial. + * @param [in, out] u Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] k Number of polynomials in vector. */ void mlkem_decapsulate(const sword16* s, sword16* w, sword16* u, const sword16* v, int k) @@ -2260,7 +2267,7 @@ } } -#endif /* !WOLFSSL_MLKEM_ NO_DECAPSULATE */ +#endif /* !WOLFSSL_MLKEM_NO_DECAPSULATE */ #endif /******************************************************************************/ @@ -2424,10 +2431,13 @@ for (k = 0; k < 2; k++) { for (i = 0; i < 4; i++) { if (!transposed) { - state[4*4 + i] = 0x1f0000 + (((k*4+i)/3) << 8) + ((k*4+i)%3); + state[4*4 + i] = (word32)(0x1f0000 + (((k*4+i)/3) << 8) + + ((k*4+i)%3)); } else { - state[4*4 + i] = 0x1f0000 + (((k*4+i)%3) << 8) + ((k*4+i)/3); + state[4*4 + i] = (word32)(0x1f0000 + (((k*4+i)%3) << 8) + + ((k*4+i)/3)); + } } @@ -2577,10 +2587,10 @@ for (k = 0; k < 4; k++) { for (i = 0; i < 4; i++) { if (!transposed) { - state[4*4 + i] = 0x1f0000 + (k << 8) + i; + state[4*4 + i] = (word32)(0x1f0000 + (k << 8) + i); } else { - state[4*4 + i] = 0x1f0000 + (i << 8) + k; + state[4*4 + i] = (word32)(0x1f0000 + (i << 8) + k); } } @@ -2755,7 +2765,7 @@ p += 25 * 8; ctr1 = mlkem_rej_uniform_neon(a + 1 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE); - p +=25 * 8; + p += 25 * 8; ctr2 = mlkem_rej_uniform_neon(a + 2 * MLKEM_N, MLKEM_N, p, XOF_BLOCK_SIZE); /* Create more blocks if too many rejected. */ @@ -2867,7 +2877,7 @@ /* Absorb the seed data for squeezing out pseudo-random data. * * FIPS 203, Section 4.1: - * 1. XOF.init() = SHA128.Init(). + * 1. XOF.init() = SHAKE128.Init(). * 2. XOF.Absorb(ctx,str) = SHAKE128.Absorb(ctx,str). * * @param [in, out] shake128 SHAKE-128 object. @@ -2881,7 +2891,7 @@ ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); if (ret == 0) { - ret = wc_Shake128_Absorb(shake128, seed, len); + ret = wc_Shake128_Absorb(shake128, seed, (word32)len); } return ret; @@ -2890,7 +2900,7 @@ /* Squeeze the state to produce pseudo-random data. * * FIPS 203, Section 4.1: - * 3. XOF.Absorb(ctx,l) = SHAKE128.Squeeze(ctx,8.l). + * 3. XOF.Squeeze(ctx,l) = SHAKE128.Squeeze(ctx,8.l). * * @param [in, out] shake128 SHAKE-128 object. * @param [out] out Buffer to write to. @@ -2899,7 +2909,7 @@ */ static int mlkem_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks) { - return wc_Shake128_SqueezeBlocks(shake128, out, blocks); + return wc_Shake128_SqueezeBlocks(shake128, out, (word32)blocks); } #endif @@ -2936,7 +2946,7 @@ * H(s) := SHA3-256(s) * * @param [in, out] hash SHA-3 object. - * @param [io] data Data to be hashed. + * @param [in] data Data to be hashed. * @param [in] dataLen Length of data in bytes. * @param [out] out Hash of data. * @return 0 on success. @@ -2948,7 +2958,7 @@ /* Process all data. */ ret = wc_Sha3_256_Update(hash, data, dataLen); if (ret == 0) { - /* Calculate Hash of data passed in an re-initialize. */ + /* Calculate Hash of data passed in and re-initialize. */ ret = wc_Sha3_256_Final(hash, out); } @@ -2961,9 +2971,9 @@ * G(s) := SHA3-512(s) * * @param [in, out] hash SHA-3 object. - * @param [io] data1 First block of data to be hashed. + * @param [in] data1 First block of data to be hashed. * @param [in] data1Len Length of first block of data in bytes. - * @param [io] data2 Second block of data to be hashed. May be NULL. + * @param [in] data2 Second block of data to be hashed. May be NULL. * @param [in] data2Len Length of second block of data in bytes. * @param [out] out Hash of all data. * @return 0 on success. @@ -2981,7 +2991,7 @@ ret = wc_Sha3_512_Update(hash, data2, data2Len); } if (ret == 0) { - /* Calculate Hash of data passed in an re-initialize. */ + /* Calculate Hash of data passed in and re-initialize. */ ret = wc_Sha3_512_Final(hash, out); } @@ -2990,7 +3000,7 @@ /* Initialize SHAKE-256 object. * - * @param [in, out] shake256 SHAKE-256 object. + * @param [in, out] prf SHAKE-256 object. */ void mlkem_prf_init(wc_Shake* prf) { @@ -2999,12 +3009,12 @@ /* New/Initialize SHAKE-256 object. * - * FIPS 203, Section 4.1: - * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * FIPS 203, Section 4.1, 4.3: + * PRF_eta(s,b) := SHAKE256(s||b,8.64.eta) * - * @param [in, out] shake256 SHAKE-256 object. - * @param [in] heap Dynamic memory allocator hint. - * @param [in] devId Device id. + * @param [in, out] prf SHAKE-256 object. + * @param [in] heap Dynamic memory allocator hint. + * @param [in] devId Device id. * @return 0 on success always. */ int mlkem_prf_new(wc_Shake* prf, void* heap, int devId) @@ -3014,10 +3024,10 @@ /* Free SHAKE-256 object. * - * FIPS 203, Section 4.1: - * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * FIPS 203, Section 4.1, 4.3: + * PRF_eta(s,b) := SHAKE256(s||b,8.64.eta) * - * @param [in, out] shake256 SHAKE-256 object. + * @param [in, out] prf SHAKE-256 object. */ void mlkem_prf_free(wc_Shake* prf) { @@ -3027,8 +3037,8 @@ #if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Create pseudo-random data from the key using SHAKE-256. * - * FIPS 203, Section 4.1: - * PRF_eta(s,b) := SHA256(s||b,8.64.eta) + * FIPS 203, Section 4.1, 4.3: + * PRF_eta(s,b) := SHAKE256(s||b,8.64.eta) * * @param [in, out] shake256 SHAKE-256 object. * @param [out] out Buffer to write to. @@ -3045,7 +3055,7 @@ (void)shake256; - /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */ + /* Put first WC_ML_KEM_SYM_SZ bytes of key into blank state. */ readUnalignedWords64(state, key, WC_ML_KEM_SYM_SZ / sizeof(word64)); /* Last byte in with end of content marker. */ state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | key[WC_ML_KEM_SYM_SZ]; @@ -3090,7 +3100,7 @@ /* Process all data. */ ret = wc_Shake256_Update(shake256, key, WC_ML_KEM_SYM_SZ + 1); if (ret == 0) { - /* Calculate Hash of data passed in an re-initialize. */ + /* Calculate Hash of data passed in and re-initialize. */ ret = wc_Shake256_Final(shake256, out, outLen); } @@ -3175,7 +3185,7 @@ * @param [out] ss Shared secret. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation failed. - * @return Other negative when a hash error occurred. + * @return Other negative value when a hash error occurred. */ int mlkem_derive_secret(wc_Shake* shake256, const byte* z, const byte* ct, word32 ctSz, byte* ss) @@ -3247,10 +3257,10 @@ #if defined(WOLFSSL_MLKEM_SMALL) || !defined(WC_64BIT_CPU) || \ defined(BIG_ENDIAN_ORDER) - /* Keep sampling until maximum number of integers reached or buffer used up. + /* Keep sampling until max number of integers reached or buffer is used up. * Step 4. */ for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) { - /* Step 5 - caller generates and now using 3 bytes of it. */ + /* Step 5 - Now using 3 bytes of what the caller generated. */ /* Use 24 bits (3 bytes) as two 12 bits integers. */ /* Step 6. */ sword16 v0 = ((r[0] >> 0) | ((word16)r[1] << 8)) & 0xFFF; @@ -3306,8 +3316,8 @@ } /* Check whether we have all the numbers we need. */ if (j < rLen) { - /* Keep trying until we have less than 4 numbers to find or data is used - * up. */ + /* Keep trying until we have fewer than 4 numbers to find or data is + * used up. */ for (; (i + 4 < len) && (j < rLen); j += 6) { /* Use 48 bits (6 bytes) as four 12-bit integers. */ word64 r_word = readUnalignedWord64(r); @@ -3347,12 +3357,12 @@ if ((i < len) && (v1 < MLKEM_Q)) { p[i++] = v1; } - /* Check second if we don't have enough integers yet. + /* Check third if we don't have enough integers yet. * Reject third 12-bit integer if greater than or equal to q. */ if ((i < len) && (v2 < MLKEM_Q)) { p[i++] = v2; } - /* Check second if we don't have enough integers yet. + /* Check fourth if we don't have enough integers yet. * Reject fourth 12-bit integer if greater than or equal to q. */ if ((i < len) && (v3 < MLKEM_Q)) { p[i++] = v3; @@ -3404,11 +3414,11 @@ * 16: end while * 17: return a_hat * - * @param [in] prf XOF object. - * @param [out] a Matrix of uniform integers. - * @param [in] k Number of dimensions. k x k polynomials. - * @param [in] seed Bytes to seed XOF generation. - * @param [in] transposed Whether A or A^T is generated. + * @param [in, out] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. Only possible when * WOLFSSL_SMALL_STACK is defined. @@ -3425,11 +3435,11 @@ int ret = 0; int i; - /* Copy seed into buffer than has space for i and j to be appended. */ + /* Copy seed into buffer that has space for i and j to be appended. */ XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - /* Allocate large amount of memory to hold random bytes to be samples. */ + /* Allocate large amount of memory to hold random bytes to be sampled. */ rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rand == NULL) { ret = MEMORY_E; @@ -3453,13 +3463,13 @@ for (j = 0; (ret == 0) && (j < k); j++) { if (transposed) { /* Alg 14, Step 6: .. rho||i||j ... */ - extSeed[WC_ML_KEM_SYM_SZ + 0] = i; - extSeed[WC_ML_KEM_SYM_SZ + 1] = j; + extSeed[WC_ML_KEM_SYM_SZ + 0] = (byte)i; + extSeed[WC_ML_KEM_SYM_SZ + 1] = (byte)j; } else { /* Alg 13, Step 5: .. rho||j||i ... */ - extSeed[WC_ML_KEM_SYM_SZ + 0] = j; - extSeed[WC_ML_KEM_SYM_SZ + 1] = i; + extSeed[WC_ML_KEM_SYM_SZ + 0] = (byte)j; + extSeed[WC_ML_KEM_SYM_SZ + 1] = (byte)i; } /* Absorb the index specific seed. * Alg 7, Step 1-2 */ @@ -3507,11 +3517,11 @@ * FIPS 203, Algorithm 13: K-PKE.KeyGen(d), Steps 3-7 * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r), Steps 4-8 * - * @param [in] prf XOF object. - * @param [out] a Matrix of uniform integers. - * @param [in] k Number of dimensions. k x k polynomials. - * @param [in] seed Bytes to seed XOF generation. - * @param [in] transposed Whether A or A^T is generated. + * @param [in, out] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. Only possible when * WOLFSSL_SMALL_STACK is defined. @@ -3610,12 +3620,12 @@ * 7: end for * ... * - * @param [in] prf XOF object. - * @param [out] a Matrix of uniform integers. - * @param [in] k Number of dimensions. k x k polynomials. - * @param [in] seed Bytes to seed XOF generation. - * @param [in] i Index of vector to generate. - * @param [in] transposed Whether A or A^T is generated. + * @param [in, out] prf XOF object. + * @param [out] a Matrix of uniform integers. + * @param [in] k Number of dimensions. k x k polynomials. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] i Index of vector to generate. + * @param [in] transposed Whether A or A^T is generated. * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. Only possible when * WOLFSSL_SMALL_STACK is defined. @@ -3635,7 +3645,7 @@ XMEMCPY(extSeed, seed, WC_ML_KEM_SYM_SZ); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - /* Allocate large amount of memory to hold random bytes to be samples. */ + /* Allocate large amount of memory to hold random bytes to be sampled. */ rand = (byte*)XMALLOC(GEN_MATRIX_SIZE + 2, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (rand == NULL) { ret = MEMORY_E; @@ -3655,19 +3665,19 @@ for (j = 0; (ret == 0) && (j < k); j++) { if (transposed) { /* Alg 14, Step 6: .. rho||i||j ... */ - extSeed[WC_ML_KEM_SYM_SZ + 0] = i; - extSeed[WC_ML_KEM_SYM_SZ + 1] = j; + extSeed[WC_ML_KEM_SYM_SZ + 0] = (byte)i; + extSeed[WC_ML_KEM_SYM_SZ + 1] = (byte)j; } else { /* Alg 13, Step 5: .. rho||j||i ... */ - extSeed[WC_ML_KEM_SYM_SZ + 0] = j; - extSeed[WC_ML_KEM_SYM_SZ + 1] = i; + extSeed[WC_ML_KEM_SYM_SZ + 0] = (byte)j; + extSeed[WC_ML_KEM_SYM_SZ + 1] = (byte)i; } /* Absorb the index specific seed. * Alg 7, Step 1-2 */ ret = mlkem_xof_absorb(prf, extSeed, sizeof(extSeed)); if (ret == 0) { - /* Create out based on the seed. + /* Create data based on the seed. * Alg 7, Step 5. Generating enough to, on average, be able to get * enough valid values. */ ret = mlkem_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS); @@ -3707,7 +3717,7 @@ /* Subtract one 2 bit value from another out of a larger number. * - * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * FIPS 203, Algorithm 8: SamplePolyCBD_eta(B) * Takes a seed as input and outputs a pseudorandom sample from the distribution * D_eta(R_q). * @@ -3716,13 +3726,13 @@ * @return Difference of the two values with range 0..2. */ #define ETA2_SUB(d, i) \ - (((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \ - ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3))) + (sword16)(((sword16)(((d) >> ((i) * 4 + 0)) & 0x3)) - \ + ((sword16)(((d) >> ((i) * 4 + 2)) & 0x3))) /* Compute polynomial with coefficients distributed according to a centered * binomial distribution with parameter eta2 from uniform random bytes. * - * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * FIPS 203, Algorithm 8: SamplePolyCBD_eta(B) * Takes a seed as input and outputs a pseudorandom sample from the distribution * D_eta(R_q). * @@ -3823,7 +3833,7 @@ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Subtract one 3 bit value from another out of a larger number. * - * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * FIPS 203, Algorithm 8: SamplePolyCBD_eta(B) * Takes a seed as input and outputs a pseudorandom sample from the distribution * D_eta(R_q). * @@ -3832,13 +3842,13 @@ * @return Difference of the two values with range 0..3. */ #define ETA3_SUB(d, i) \ - (((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \ - ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7))) + (sword16)(((sword16)(((d) >> ((i) * 6 + 0)) & 0x7)) - \ + ((sword16)(((d) >> ((i) * 6 + 3)) & 0x7))) /* Compute polynomial with coefficients distributed according to a centered * binomial distribution with parameter eta3 from uniform random bytes. * - * FIPS 203, Algorithm 8: SmaplePolyCBD_eta(B) + * FIPS 203, Algorithm 8: SamplePolyCBD_eta(B) * Takes a seed as input and outputs a pseudorandom sample from the distribution * D_eta(R_q). * @@ -3988,9 +3998,9 @@ * * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) * ... - * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... - * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(rho, N)) + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) * ... @@ -4044,7 +4054,7 @@ * ... * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 17: e2 <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... * * @param [in, out] prf Pseudo-random function object. @@ -4080,7 +4090,7 @@ * ... * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 17: e2 <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... * * @param [out] rand Random number byte array. @@ -4093,7 +4103,7 @@ word64 state[25 * 4]; for (i = 0; i < 4; i++) { - state[4*4 + i] = 0x1f00 + i + o; + state[4*4 + i] = (word32)(0x1f00 + i + o); } sha3_256_blocksx4_seed_avx2(state, seed); @@ -4112,7 +4122,7 @@ * ... * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 17: e2 <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... * * @param [in, out] prf Pseudo-random function object. @@ -4127,7 +4137,7 @@ (void)prf; - /* Put first WC_ML_KEM_SYM_SZ bytes og key into blank state. */ + /* Put first WC_ML_KEM_SYM_SZ bytes of key into blank state. */ readUnalignedWords64(state, seed, WC_ML_KEM_SYM_SZ / sizeof(word64)); /* Last byte in with end of content marker. */ state[WC_ML_KEM_SYM_SZ / 8] = 0x1f00 | seed[WC_ML_KEM_SYM_SZ]; @@ -4160,16 +4170,19 @@ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Get the noise/error by calculating random bytes. * - * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) * ... - * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) + * ... + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 10: y[i] <- SamplePolyCBD_eta_1(PRF_eta_1(r, N)) * ... * * @param [out] rand Random number byte array. * @param [in] seed Seed to generate random from. - * @param [in] o Offset of seed count. */ static void mlkem_get_noise_x4_eta3_avx2(byte* rand, byte* seed) { @@ -4199,7 +4212,7 @@ * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. * @param [out] poly Polynomial. - * @param [in] seed Seed to use when calculating random. + * @param [in, out] seed Seed to use when calculating random. * @return 0 on success. */ static int mlkem_get_noise_k2_avx2(MLKEM_PRF_T* prf, sword16* vec1, @@ -4208,7 +4221,7 @@ int ret = 0; WC_DECLARE_VAR(rand, byte, 4 * PRF_RAND_SZ, 0); - WC_ALLOC_VAR_EX(rand, byte, 4*PRF_RAND_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER, + WC_ALLOC_VAR_EX(rand, byte, 4 * PRF_RAND_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER, return MEMORY_E); mlkem_get_noise_x4_eta3_avx2(rand, seed); @@ -4271,7 +4284,7 @@ * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. * @param [out] poly Polynomial. - * @param [in] seed Seed to use when calculating random. + * @param [in, out] seed Seed to use when calculating random. * @return 0 on success. */ static int mlkem_get_noise_k4_avx2(MLKEM_PRF_T* prf, sword16* vec1, @@ -4312,7 +4325,7 @@ * ... * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 17: e2 <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... * * @param [out] rand Random number byte array. @@ -4333,11 +4346,15 @@ #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) /* Get the noise/error by calculating random bytes. * - * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) * ... - * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 9: s[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) + * ... + * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) + * ... + * 10: y[i] <- SamplePolyCBD_eta_1(PRF_eta_1(r, N)) * ... * * @param [out] rand Random number byte array. @@ -4368,17 +4385,14 @@ /* Get the noise/error by calculating random bytes. * - * FIPS 203, Algorithm 14: K-PKE.Encrypt(ek_PKE,m,r) - * ... - * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * FIPS 203, Algorithm 13: K-PKE.KeyGen(d) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 13: e[i] <- SamplePolyCBD_eta_1(PRF_eta_1(sigma, N)) * ... * * @param [out] rand Random number byte array. * @param [in] seed Seed to generate random from. * @param [in] o Offset of seed count. - * @return 0 on success. */ static void mlkem_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o) { @@ -4438,13 +4452,12 @@ * ... * 14: e1[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... - * 17: e2[i] <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) + * 17: e2 <- SamplePolyCBD_eta_2(PRF_eta_2(r, N)) * ... * * @param [out] rand Random number byte array. * @param [in] seed Seed to generate random from. * @param [in] o Offset of seed count. - * @return 0 on success. */ static void mlkem_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o) { @@ -4554,7 +4567,7 @@ /* Generate noise as private key. */ for (i = 0; (ret == 0) && (i < k); i++) { /* Generate noise for each dimension of vector. */ - ret = mlkem_get_noise_eta1_c(prf, vec1 + i * MLKEM_N, seed, eta1); + ret = mlkem_get_noise_eta1_c(prf, vec1 + i * MLKEM_N, seed, (byte)eta1); /* Increment value of appended byte. */ seed[WC_ML_KEM_SYM_SZ]++; } @@ -4562,13 +4575,14 @@ /* Generate noise for error. */ for (i = 0; (ret == 0) && (i < k); i++) { /* Generate noise for each dimension of vector. */ - ret = mlkem_get_noise_eta1_c(prf, vec2 + i * MLKEM_N, seed, eta2); + ret = mlkem_get_noise_eta1_c(prf, vec2 + i * MLKEM_N, seed, + (byte)eta2); /* Increment value of appended byte. */ seed[WC_ML_KEM_SYM_SZ]++; } } else { - seed[WC_ML_KEM_SYM_SZ] = 2 * k; + seed[WC_ML_KEM_SYM_SZ] = (byte)(2 * k); } if ((ret == 0) && (poly != NULL)) { /* Generating random error polynomial. */ @@ -4588,7 +4602,7 @@ * @param [out] vec1 First Vector of polynomials. * @param [out] vec2 Second Vector of polynomials. * @param [out] poly Polynomial. - * @param [in] seed Seed to use when calculating random. + * @param [in, out] seed Seed to use when calculating random. * @return 0 on success. */ int mlkem_get_noise(MLKEM_PRF_T* prf, int k, sword16* vec1, sword16* vec2, @@ -4692,7 +4706,7 @@ mlkem_prf_init(prf); /* Set index of polynomial of second vector into seed. */ - seed[WC_ML_KEM_SYM_SZ] = k + i; + seed[WC_ML_KEM_SYM_SZ] = (byte)(k + i); #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) if ((k == WC_ML_KEM_512_K) && make) { ret = mlkem_get_noise_eta1_c(prf, vec2, seed, MLKEM_CBD_ETA3); @@ -4728,7 +4742,7 @@ for (i = 0; i < sz; i++) { r |= a[i] ^ b[i]; } - return 0 - ((-(word32)r) >> 31); + return (int)(0 - ((-(word32)r) >> 31)); } #endif @@ -4777,9 +4791,10 @@ unsigned int i; for (i = 0; i < MLKEM_N; ++i) { - sword16 t = p[i] - MLKEM_Q; + sword16 t = (sword16)(p[i] - MLKEM_Q); /* When top bit set, -ve number - need to add q back. */ - p[i] = (sword16)((word16)(-((word16)t >> 15)) & MLKEM_Q) + t; + p[i] = (sword16)(((word16)(-((word16)t >> 15)) & MLKEM_Q) + + (word16)t); } } @@ -4821,7 +4836,7 @@ /* Compress value. * - * Uses div operator that may be slow. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -4830,7 +4845,7 @@ * @param [in] j Index into polynomial. * @param [in] k Offset from indices. * @param [in] s Shift amount to apply to value being compressed. - * @param [in] m Mask to apply get the require number of bits. + * @param [in] m Mask to apply get the required number of bits. * @return Compressed value. */ #define TO_COMP_WORD_VEC(v, i, j, k, s, m) \ @@ -4838,7 +4853,7 @@ /* Compress value to 10 bits. * - * Uses mul instead of div. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -4853,7 +4868,7 @@ /* Compress value to 11 bits. * - * Uses mul instead of div. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -4899,8 +4914,8 @@ * @return Compressed value. */ #define TO_COMP_WORD_10(v, i, j, k) \ - ((((MLKEM_V54 << 10) * (v)[(i) * MLKEM_N + (j) + (k)]) + \ - MLKEM_V54_HALF) >> 54) + (sword16)((((MLKEM_V54 << 10) * (word64)(v)[(i) * MLKEM_N + (j) + (k)]) + \ + MLKEM_V54_HALF) >> 54) /* Compress value to 11 bits. * @@ -4916,8 +4931,8 @@ * @return Compressed value. */ #define TO_COMP_WORD_11(v, i, j, k) \ - ((((MLKEM_V53 << 11) * (v)[(i) * MLKEM_N + (j) + (k)]) + \ - MLKEM_V53_HALF) >> 53) + (sword16)((((MLKEM_V53 << 11) * (word64)(v)[(i) * MLKEM_N + (j) + (k)]) + \ + MLKEM_V53_HALF) >> 53) #endif /* CONV_WITH_DIV */ @@ -4929,9 +4944,9 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] v Vector of polynomials. - * @param [in] k Number of polynomials in vector. + * @param [out] r Array of bytes. + * @param [in, out] v Vector of polynomials. + * @param [in] k Number of polynomials in vector. */ static void mlkem_vec_compress_10_c(byte* r, sword16* v, unsigned int k) { @@ -4972,11 +4987,11 @@ sword16 t3 = TO_COMP_WORD_10(v, i, j, 3); /* Pack four 10-bit values into byte array. */ - r[ 0] = (t0 >> 0); - r[ 1] = (t0 >> 8) | (t1 << 2); - r[ 2] = (t1 >> 6) | (t2 << 4); - r[ 3] = (t2 >> 4) | (t3 << 6); - r[ 4] = (t3 >> 2); + r[ 0] = (byte)( t0 >> 0); + r[ 1] = (byte)((t0 >> 8) | (t1 << 2)); + r[ 2] = (byte)((t1 >> 6) | (t2 << 4)); + r[ 3] = (byte)((t2 >> 4) | (t3 << 6)); + r[ 4] = (byte)( t3 >> 2); #endif /* Move over set bytes. */ @@ -5005,16 +5020,16 @@ word32* r32 = (word32*)r; /* Pack sixteen 10-bit values into byte array. */ - r32[0] = t0 | ((word32)t1 << 10) | ((word32)t2 << 20) | - ((word32)t3 << 30); - r32[1] = (t3 >> 2) | ((word32)t4 << 8) | ((word32)t5 << 18) | - ((word32)t6 << 28); - r32[2] = (t6 >> 4) | ((word32)t7 << 6) | ((word32)t8 << 16) | - ((word32)t9 << 26); - r32[3] = (t9 >> 6) | ((word32)t10 << 4) | ((word32)t11 << 14) | - ((word32)t12 << 24); - r32[4] = (t12 >> 8) | ((word32)t13 << 2) | ((word32)t14 << 12) | - ((word32)t15 << 22); + r32[0] = (word32)t0 | ((word32)t1 << 10) | + ((word32)t2 << 20) | ((word32)t3 << 30); + r32[1] = ((word32)t3 >> 2) | ((word32)t4 << 8) | + ((word32)t5 << 18) | ((word32)t6 << 28); + r32[2] = ((word32)t6 >> 4) | ((word32)t7 << 6) | + ((word32)t8 << 16) | ((word32)t9 << 26); + r32[3] = ((word32)t9 >> 6) | ((word32)t10 << 4) | + ((word32)t11 << 14) | ((word32)t12 << 24); + r32[4] = ((word32)t12 >> 8) | ((word32)t13 << 2) | + ((word32)t14 << 12) | ((word32)t15 << 22); /* Move over set bytes. */ r += 20; @@ -5027,15 +5042,15 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] v Vector of polynomials. - * @param [in] k Number of polynomials in vector. + * @param [out] r Array of bytes. + * @param [in, out] v Vector of polynomials. + * @param [in] k Number of polynomials in vector. */ void mlkem_vec_compress_10(byte* r, sword16* v, unsigned int k) { #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { - mlkem_compress_10_avx2(r, v, k); + mlkem_compress_10_avx2(r, v, (int)k); RESTORE_VECTOR_REGISTERS(); } else @@ -5051,8 +5066,8 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] v Vector of polynomials. + * @param [out] r Array of bytes. + * @param [in, out] v Vector of polynomials. */ static void mlkem_vec_compress_11_c(byte* r, sword16* v) { @@ -5080,17 +5095,17 @@ } /* Pack eight 11-bit values into byte array. */ - r[ 0] = (t[0] >> 0); - r[ 1] = (t[0] >> 8) | (t[1] << 3); - r[ 2] = (t[1] >> 5) | (t[2] << 6); - r[ 3] = (t[2] >> 2); - r[ 4] = (t[2] >> 10) | (t[3] << 1); - r[ 5] = (t[3] >> 7) | (t[4] << 4); - r[ 6] = (t[4] >> 4) | (t[5] << 7); - r[ 7] = (t[5] >> 1); - r[ 8] = (t[5] >> 9) | (t[6] << 2); - r[ 9] = (t[6] >> 6) | (t[7] << 5); - r[10] = (t[7] >> 3); + r[ 0] = (byte)( t[0] >> 0); + r[ 1] = (byte)((t[0] >> 8) | (t[1] << 3)); + r[ 2] = (byte)((t[1] >> 5) | (t[2] << 6)); + r[ 3] = (byte)( t[2] >> 2); + r[ 4] = (byte)((t[2] >> 10) | (t[3] << 1)); + r[ 5] = (byte)((t[3] >> 7) | (t[4] << 4)); + r[ 6] = (byte)((t[4] >> 4) | (t[5] << 7)); + r[ 7] = (byte)( t[5] >> 1); + r[ 8] = (byte)((t[5] >> 9) | (t[6] << 2)); + r[ 9] = (byte)((t[6] >> 6) | (t[7] << 5)); + r[10] = (byte)( t[7] >> 3); #else /* Compress eight polynomial values to 11 bits each. */ sword16 t0 = TO_COMP_WORD_11(v, i, j, 0); @@ -5103,17 +5118,17 @@ sword16 t7 = TO_COMP_WORD_11(v, i, j, 7); /* Pack eight 11-bit values into byte array. */ - r[ 0] = (t0 >> 0); - r[ 1] = (t0 >> 8) | (t1 << 3); - r[ 2] = (t1 >> 5) | (t2 << 6); - r[ 3] = (t2 >> 2); - r[ 4] = (t2 >> 10) | (t3 << 1); - r[ 5] = (t3 >> 7) | (t4 << 4); - r[ 6] = (t4 >> 4) | (t5 << 7); - r[ 7] = (t5 >> 1); - r[ 8] = (t5 >> 9) | (t6 << 2); - r[ 9] = (t6 >> 6) | (t7 << 5); - r[10] = (t7 >> 3); + r[ 0] = (byte)( t0 >> 0); + r[ 1] = (byte)((t0 >> 8) | (t1 << 3)); + r[ 2] = (byte)((t1 >> 5) | (t2 << 6)); + r[ 3] = (byte)( t2 >> 2); + r[ 4] = (byte)((t2 >> 10) | (t3 << 1)); + r[ 5] = (byte)((t3 >> 7) | (t4 << 4)); + r[ 6] = (byte)((t4 >> 4) | (t5 << 7)); + r[ 7] = (byte)( t5 >> 1); + r[ 8] = (byte)((t5 >> 9) | (t6 << 2)); + r[ 9] = (byte)((t6 >> 6) | (t7 << 5)); + r[10] = (byte)( t7 >> 3); #endif /* Move over set bytes. */ @@ -5126,8 +5141,8 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] v Vector of polynomials. + * @param [out] r Array of bytes. + * @param [in] v Vector of polynomials. */ void mlkem_vec_compress_11(byte* r, sword16* v) { @@ -5150,31 +5165,29 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [in] v Vector of polynomials. - * @param [in] i Index of polynomial in vector. - * @param [in] j Index into polynomial. - * @param [in] k Offset from indices. - * @param [in] t Value to decompress. - * @return Decompressed value. + * @param [out] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @param [in] t Value to decompress. */ #define DECOMP_10(v, i, j, k, t) \ v[(i) * MLKEM_N + 4 * (j) + (k)] = \ - (word16)((((word32)((t) & 0x3ff) * MLKEM_Q) + 512) >> 10) + (sword16)((((word32)((t) & 0x3ff) * MLKEM_Q) + 512) >> 10) /* Decompress an 11 bit value. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [in] v Vector of polynomials. - * @param [in] i Index of polynomial in vector. - * @param [in] j Index into polynomial. - * @param [in] k Offset from indices. - * @param [in] t Value to decompress. - * @return Decompressed value. + * @param [out] v Vector of polynomials. + * @param [in] i Index of polynomial in vector. + * @param [in] j Index into polynomial. + * @param [in] k Offset from indices. + * @param [in] t Value to decompress. */ #define DECOMP_11(v, i, j, k, t) \ v[(i) * MLKEM_N + 8 * (j) + (k)] = \ - (word16)((((word32)((t) & 0x7ff) * MLKEM_Q) + 1024) >> 11) + (sword16)((((word32)((t) & 0x7ff) * MLKEM_Q) + 1024) >> 11) #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) @@ -5201,10 +5214,10 @@ #ifdef WOLFSSL_MLKEM_SMALL word16 t[4]; /* Extract out 4 values of 10 bits each. */ - t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8); - t[1] = (b[1] >> 2) | ((word16)b[ 2] << 6); - t[2] = (b[2] >> 4) | ((word16)b[ 3] << 4); - t[3] = (b[3] >> 6) | ((word16)b[ 4] << 2); + t[0] = (word16)((b[0] >> 0) | ((word16)b[ 1] << 8)); + t[1] = (word16)((b[1] >> 2) | ((word16)b[ 2] << 6)); + t[2] = (word16)((b[2] >> 4) | ((word16)b[ 3] << 4)); + t[3] = (word16)((b[3] >> 6) | ((word16)b[ 4] << 2)); b += 5; /* Decompress 4 values. */ @@ -5213,10 +5226,10 @@ } #else /* Extract out 4 values of 10 bits each. */ - sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8); - sword16 t1 = (b[1] >> 2) | ((word16)b[ 2] << 6); - sword16 t2 = (b[2] >> 4) | ((word16)b[ 3] << 4); - sword16 t3 = (b[3] >> 6) | ((word16)b[ 4] << 2); + word16 t0 = (word16)((b[0] >> 0) | ((word16)b[ 1] << 8)); + word16 t1 = (word16)((b[1] >> 2) | ((word16)b[ 2] << 6)); + word16 t2 = (word16)((b[2] >> 4) | ((word16)b[ 3] << 4)); + word16 t3 = (word16)((b[3] >> 6) | ((word16)b[ 4] << 2)); b += 5; /* Decompress 4 values. */ @@ -5241,7 +5254,7 @@ { #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { - mlkem_decompress_10_avx2(v, b, k); + mlkem_decompress_10_avx2(v, b, (int)k); RESTORE_VECTOR_REGISTERS(); } else @@ -5274,16 +5287,16 @@ #ifdef WOLFSSL_MLKEM_SMALL word16 t[8]; /* Extract out 8 values of 11 bits each. */ - t[0] = (b[0] >> 0) | ((word16)b[ 1] << 8); - t[1] = (b[1] >> 3) | ((word16)b[ 2] << 5); - t[2] = (b[2] >> 6) | ((word16)b[ 3] << 2) | - ((word16)b[4] << 10); - t[3] = (b[4] >> 1) | ((word16)b[ 5] << 7); - t[4] = (b[5] >> 4) | ((word16)b[ 6] << 4); - t[5] = (b[6] >> 7) | ((word16)b[ 7] << 1) | - ((word16)b[8] << 9); - t[6] = (b[8] >> 2) | ((word16)b[ 9] << 6); - t[7] = (b[9] >> 5) | ((word16)b[10] << 3); + t[0] = (word16)((b[0] >> 0) | ((word16)b[ 1] << 8)); + t[1] = (word16)((b[1] >> 3) | ((word16)b[ 2] << 5)); + t[2] = (word16)((b[2] >> 6) | ((word16)b[ 3] << 2) | + ((word16)b[4] << 10)); + t[3] = (word16)((b[4] >> 1) | ((word16)b[ 5] << 7)); + t[4] = (word16)((b[5] >> 4) | ((word16)b[ 6] << 4)); + t[5] = (word16)((b[6] >> 7) | ((word16)b[ 7] << 1) | + ((word16)b[8] << 9)); + t[6] = (word16)((b[8] >> 2) | ((word16)b[ 9] << 6)); + t[7] = (word16)((b[9] >> 5) | ((word16)b[10] << 3)); b += 11; /* Decompress 8 values. */ @@ -5292,16 +5305,16 @@ } #else /* Extract out 8 values of 11 bits each. */ - sword16 t0 = (b[0] >> 0) | ((word16)b[ 1] << 8); - sword16 t1 = (b[1] >> 3) | ((word16)b[ 2] << 5); - sword16 t2 = (b[2] >> 6) | ((word16)b[ 3] << 2) | - ((word16)b[4] << 10); - sword16 t3 = (b[4] >> 1) | ((word16)b[ 5] << 7); - sword16 t4 = (b[5] >> 4) | ((word16)b[ 6] << 4); - sword16 t5 = (b[6] >> 7) | ((word16)b[ 7] << 1) | - ((word16)b[8] << 9); - sword16 t6 = (b[8] >> 2) | ((word16)b[ 9] << 6); - sword16 t7 = (b[9] >> 5) | ((word16)b[10] << 3); + word16 t0 = (word16)((b[0] >> 0) | ((word16)b[ 1] << 8)); + word16 t1 = (word16)((b[1] >> 3) | ((word16)b[ 2] << 5)); + word16 t2 = (word16)((b[2] >> 6) | ((word16)b[ 3] << 2) | + ((word16)b[4] << 10)); + word16 t3 = (word16)((b[4] >> 1) | ((word16)b[ 5] << 7)); + word16 t4 = (word16)((b[5] >> 4) | ((word16)b[ 6] << 4)); + word16 t5 = (word16)((b[6] >> 7) | ((word16)b[ 7] << 1) | + ((word16)b[8] << 9)); + word16 t6 = (word16)((b[8] >> 2) | ((word16)b[ 9] << 6)); + word16 t7 = (word16)((b[9] >> 5) | ((word16)b[10] << 3)); b += 11; /* Decompress 8 values. */ @@ -5345,7 +5358,7 @@ /* Compress value. * - * Uses div operator that may be slow. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -5353,7 +5366,7 @@ * @param [in] i Index into polynomial. * @param [in] j Offset from indices. * @param [in] s Shift amount to apply to value being compressed. - * @param [in] m Mask to apply get the require number of bits. + * @param [in] m Mask to apply to get the required number of bits. * @return Compressed value. */ #define TO_COMP_WORD(v, i, j, s, m) \ @@ -5361,7 +5374,7 @@ /* Compress value to 4 bits. * - * Uses mul instead of div. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -5375,7 +5388,7 @@ /* Compress value to 5 bits. * - * Uses mul instead of div. + * Uses div operator that may be slow and not constant-time. * * FIPS 203, Section 4.2.1, Compression and decompression * @@ -5391,7 +5404,7 @@ /* Multiplier that does div q. */ #define MLKEM_V28 ((word32)(((1U << 28) + MLKEM_Q_HALF)) / MLKEM_Q) -/* Multiplier times half of q. */ +/* Multiplier times half of q plus one. */ #define MLKEM_V28_HALF ((word32)(MLKEM_V28 * (MLKEM_Q_HALF + 1))) /* Multiplier that does div q. */ @@ -5411,7 +5424,7 @@ * @return Compressed value. */ #define TO_COMP_WORD_4(p, i, j) \ - ((((MLKEM_V28 << 4) * (p)[(i) + (j)]) + MLKEM_V28_HALF) >> 28) + (byte)((((MLKEM_V28 << 4) * (word32)(p)[(i) + (j)]) + MLKEM_V28_HALF) >> 28) /* Compress value to 5 bits. * @@ -5425,7 +5438,7 @@ * @return Compressed value. */ #define TO_COMP_WORD_5(p, i, j) \ - ((((MLKEM_V27 << 5) * (p)[(i) + (j)]) + MLKEM_V27_HALF) >> 27) + (byte)((((MLKEM_V27 << 5) * (word32)(p)[(i) + (j)]) + MLKEM_V27_HALF) >> 27) #endif /* CONV_WITH_DIV */ @@ -5433,12 +5446,12 @@ !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) -/* Compress a polynomial into byte array - on coefficients into 4 bits. +/* Compress a polynomial into byte array with coefficients of 4 bits. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. */ static void mlkem_compress_4_c(byte* b, sword16* p) { @@ -5448,7 +5461,7 @@ byte t[8]; #endif - /* Reduce each coefficients to mod q. */ + /* Reduce each coefficient to mod q. */ mlkem_csubq_c(p); /* All values are now positive. */ @@ -5460,10 +5473,10 @@ t[j] = TO_COMP_WORD_4(p, i, j); } - b[0] = t[0] | (t[1] << 4); - b[1] = t[2] | (t[3] << 4); - b[2] = t[4] | (t[5] << 4); - b[3] = t[6] | (t[7] << 4); + b[0] = (byte)(t[0] | (t[1] << 4)); + b[1] = (byte)(t[2] | (t[3] << 4)); + b[2] = (byte)(t[4] | (t[5] << 4)); + b[3] = (byte)(t[6] | (t[7] << 4)); #else /* Compress eight polynomial values to 4 bits each. */ byte t0 = TO_COMP_WORD_4(p, i, 0); @@ -5476,10 +5489,10 @@ byte t7 = TO_COMP_WORD_4(p, i, 7); /* Pack eight 4-bit values into byte array. */ - b[0] = t0 | (t1 << 4); - b[1] = t2 | (t3 << 4); - b[2] = t4 | (t5 << 4); - b[3] = t6 | (t7 << 4); + b[0] = (byte)(t0 | (t1 << 4)); + b[1] = (byte)(t2 | (t3 << 4)); + b[2] = (byte)(t4 | (t5 << 4)); + b[3] = (byte)(t6 | (t7 << 4)); #endif /* Move over set bytes. */ @@ -5487,12 +5500,12 @@ } } -/* Compress a polynomial into byte array - on coefficients into 4 bits. +/* Compress a polynomial into byte array with coefficients of 4 bits. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. */ void mlkem_compress_4(byte* b, sword16* p) { @@ -5509,12 +5522,12 @@ } #endif #if defined(WOLFSSL_KYBER1024) || defined(WOLFSSL_WC_ML_KEM_1024) -/* Compress a polynomial into byte array - on coefficients into 5 bits. +/* Compress a polynomial into byte array with coefficients of 5 bits. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. */ static void mlkem_compress_5_c(byte* b, sword16* p) { @@ -5524,7 +5537,7 @@ byte t[8]; #endif - /* Reduce each coefficients to mod q. */ + /* Reduce each coefficient to mod q. */ mlkem_csubq_c(p); /* All values are now positive. */ @@ -5536,11 +5549,11 @@ } /* Pack 5 bits into byte array. */ - b[0] = (t[0] >> 0) | (t[1] << 5); - b[1] = (t[1] >> 3) | (t[2] << 2) | (t[3] << 7); - b[2] = (t[3] >> 1) | (t[4] << 4); - b[3] = (t[4] >> 4) | (t[5] << 1) | (t[6] << 6); - b[4] = (t[6] >> 2) | (t[7] << 3); + b[0] = (byte)((t[0] >> 0) | (t[1] << 5)); + b[1] = (byte)((t[1] >> 3) | (t[2] << 2) | (t[3] << 7)); + b[2] = (byte)((t[3] >> 1) | (t[4] << 4)); + b[3] = (byte)((t[4] >> 4) | (t[5] << 1) | (t[6] << 6)); + b[4] = (byte)((t[6] >> 2) | (t[7] << 3)); #else /* Compress eight polynomial values to 5 bits each. */ byte t0 = TO_COMP_WORD_5(p, i, 0); @@ -5553,11 +5566,11 @@ byte t7 = TO_COMP_WORD_5(p, i, 7); /* Pack eight 5-bit values into byte array. */ - b[0] = (t0 >> 0) | (t1 << 5); - b[1] = (t1 >> 3) | (t2 << 2) | (t3 << 7); - b[2] = (t3 >> 1) | (t4 << 4); - b[3] = (t4 >> 4) | (t5 << 1) | (t6 << 6); - b[4] = (t6 >> 2) | (t7 << 3); + b[0] = (byte)((t0 >> 0) | (t1 << 5)); + b[1] = (byte)((t1 >> 3) | (t2 << 2) | (t3 << 7)); + b[2] = (byte)((t3 >> 1) | (t4 << 4)); + b[3] = (byte)((t4 >> 4) | (t5 << 1) | (t6 << 6)); + b[4] = (byte)((t6 >> 2) | (t7 << 3)); #endif /* Move over set bytes. */ @@ -5565,12 +5578,12 @@ } } -/* Compress a polynomial into byte array - on coefficients into 5 bits. +/* Compress a polynomial into byte array with coefficients of 5 bits. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. */ void mlkem_compress_5(byte* b, sword16* p) { @@ -5593,27 +5606,25 @@ * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [in] p Polynomial. - * @param [in] i Index into polynomial. - * @param [in] j Offset from indices. - * @param [in] t Value to decompress. - * @return Decompressed value. + * @param [out] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @param [in] t Value to decompress. */ #define DECOMP_4(p, i, j, t) \ - p[(i) + (j)] = ((word16)((t) * MLKEM_Q) + 8) >> 4 + p[(i) + (j)] = (sword16)(((word16)((t) * MLKEM_Q) + 8) >> 4) /* Decompress a 5 bit value. * * FIPS 203, Section 4.2.1, Compression and decompression * - * @param [in] p Polynomial. - * @param [in] i Index into polynomial. - * @param [in] j Offset from indices. - * @param [in] t Value to decompress. - * @return Decompressed value. + * @param [out] p Polynomial. + * @param [in] i Index into polynomial. + * @param [in] j Offset from indices. + * @param [in] t Value to decompress. */ #define DECOMP_5(p, i, j, t) \ - p[(i) + (j)] = (((word32)((t) & 0x1f) * MLKEM_Q) + 16) >> 5 + p[(i) + (j)] = (sword16)((((word32)((t) & 0x1f) * MLKEM_Q) + 16) >> 5) #if defined(WOLFSSL_KYBER512) || defined(WOLFSSL_WC_ML_KEM_512) || \ defined(WOLFSSL_KYBER768) || defined(WOLFSSL_WC_ML_KEM_768) @@ -5678,12 +5689,12 @@ /* Extract out 8 values of 5 bits each. */ t[0] = (b[0] >> 0); - t[1] = (b[0] >> 5) | (b[1] << 3); + t[1] = (byte)((b[0] >> 5) | (b[1] << 3)); t[2] = (b[1] >> 2); - t[3] = (b[1] >> 7) | (b[2] << 1); - t[4] = (b[2] >> 4) | (b[3] << 4); + t[3] = (byte)((b[1] >> 7) | (b[2] << 1)); + t[4] = (byte)((b[2] >> 4) | (b[3] << 4)); t[5] = (b[3] >> 1); - t[6] = (b[3] >> 6) | (b[4] << 2); + t[6] = (byte)((b[3] >> 6) | (b[4] << 2)); t[7] = (b[4] >> 3); b += 5; @@ -5694,12 +5705,12 @@ #else /* Extract out 8 values of 5 bits each. */ byte t0 = (b[0] >> 0); - byte t1 = (b[0] >> 5) | (b[1] << 3); + byte t1 = (byte)((b[0] >> 5) | (b[1] << 3)); byte t2 = (b[1] >> 2); - byte t3 = (b[1] >> 7) | (b[2] << 1); - byte t4 = (b[2] >> 4) | (b[3] << 4); + byte t3 = (byte)((b[1] >> 7) | (b[2] << 1)); + byte t4 = (byte)((b[2] >> 4) | (b[3] << 4)); byte t5 = (b[3] >> 1); - byte t6 = (b[3] >> 6) | (b[4] << 2); + byte t6 = (byte)((b[3] >> 6) | (b[4] << 2)); byte t7 = (b[4] >> 3); b += 5; @@ -5747,19 +5758,19 @@ /* Convert bit from byte to 0 or (MLKEM_Q + 1) / 2. * * Constant time implementation. - * XOR in mlkem_opt_blocker to ensure optimizer doesn't know what will be ANDed - * with MLKEM_Q_1_HALF and can't optimize to non-constant time code. + * XOR in wc_mlkem_opt_blocker() to ensure optimizer doesn't know what will be + * ANDed with MLKEM_Q_1_HALF and can't optimize to non-constant time code. * * FIPS 203, Algorithm 6: ByteDecode_d(B) * * @param [out] p Polynomial to hold converted value. - * @param [in] msg Message to get bit from byte from. + * @param [in] msg Message to get bit from byte. * @param [in] i Index of byte from message. * @param [in] j Index of bit in byte. */ #define FROM_MSG_BIT(p, msg, i, j) \ ((p)[8 * (i) + (j)] = (((sword16)0 - (sword16)(((msg)[i] >> (j)) & 1)) ^ \ - mlkem_opt_blocker) & MLKEM_Q_1_HALF) + wc_mlkem_opt_blocker()) & MLKEM_Q_1_HALF) /* Convert message to polynomial. * @@ -5818,16 +5829,16 @@ #ifndef WOLFSSL_MLKEM_NO_DECAPSULATE #ifdef CONV_WITH_DIV -/* Convert to value to bit. +/* Convert value to bit. * * Uses div operator that may be slow. * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] m Message. - * @param [in] p Polynomial. - * @param [in] i Index of byte in message. - * @param [in] j Index of bit in byte. + * @param [in, out] m Message. + * @param [in] p Polynomial. + * @param [in] i Index of byte in message. + * @param [in] j Index of bit in byte. */ #define TO_MSG_BIT(m, p, i, j) \ m[i] |= (((((sword16)p[8 * i + j] << 1) + MLKEM_Q_HALF) / MLKEM_Q) & 1) << j @@ -5841,20 +5852,20 @@ /* Multiplier times half of q. */ #define MLKEM_V31_HALF ((word32)(MLKEM_V31 * MLKEM_Q_HALF)) -/* Convert to value to bit. +/* Convert value to bit. * * Uses mul instead of div. * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] m Message. - * @param [in] p Polynomial. - * @param [in] i Index of byte in message. - * @param [in] j Index of bit in byte. + * @param [in, out] m Message. + * @param [in] p Polynomial. + * @param [in] i Index of byte in message. + * @param [in] j Index of bit in byte. */ #define TO_MSG_BIT(m, p, i, j) \ - (m)[i] |= ((word32)((MLKEM_V31_2 * (p)[8 * (i) + (j)]) + \ - MLKEM_V31_HALF) >> 31) << (j) + (m)[i] |= (byte)((((MLKEM_V31_2 * (word16)(p)[8 * (i) + (j)]) + \ + MLKEM_V31_HALF) >> 31) << (j)) #endif /* CONV_WITH_DIV */ @@ -5862,8 +5873,8 @@ * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] msg Message as a byte array. - * @param [in] p Polynomial. + * @param [out] msg Message as a byte array. + * @param [in, out] p Polynomial. */ static void mlkem_to_msg_c(byte* msg, sword16* p) { @@ -5898,14 +5909,14 @@ * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] msg Message as a byte array. - * @param [in] p Polynomial. + * @param [out] msg Message as a byte array. + * @param [in, out] p Polynomial. */ void mlkem_to_msg(byte* msg, sword16* p) { #ifdef USE_INTEL_SPEEDUP if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { - /* Convert the polynomial into a array of bytes (message). */ + /* Convert the polynomial into an array of bytes (message). */ mlkem_to_msg_avx2(msg, p); RESTORE_VECTOR_REGISTERS(); } @@ -5937,8 +5948,8 @@ * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] msg Message as a byte array. - * @param [in] p Polynomial. + * @param [out] msg Message as a byte array. + * @param [in, out] p Polynomial. */ void mlkem_to_msg(byte* msg, sword16* p) { @@ -6016,9 +6027,9 @@ * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. - * @param [in] k Number of polynomials in vector. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. + * @param [in] k Number of polynomials in vector. */ static void mlkem_to_bytes_c(byte* b, sword16* p, int k) { @@ -6031,11 +6042,11 @@ /* All values are now positive. */ for (i = 0; i < MLKEM_N / 2; i++) { - word16 t0 = p[2 * i]; - word16 t1 = p[2 * i + 1]; - b[3 * i + 0] = (t0 >> 0); - b[3 * i + 1] = (t0 >> 8) | t1 << 4; - b[3 * i + 2] = (t1 >> 4); + word16 t0 = (word16)p[2 * i]; + word16 t1 = (word16)p[2 * i + 1]; + b[3 * i + 0] = (byte)(t0 >> 0); + b[3 * i + 1] = (byte)((t0 >> 8) | (t1 << 4)); + b[3 * i + 2] = (byte)(t1 >> 4); } p += MLKEM_N; b += WC_ML_KEM_POLY_SIZE; @@ -6049,9 +6060,9 @@ * * FIPS 203, Algorithm 6: ByteEncode_d(F) * - * @param [out] b Array of bytes. - * @param [in] p Polynomial. - * @param [in] k Number of polynomials in vector. + * @param [out] b Array of bytes. + * @param [in, out] p Polynomial. + * @param [in] k Number of polynomials in vector. */ void mlkem_to_bytes(byte* b, sword16* p, int k) { @@ -6074,4 +6085,27 @@ } } +/** + * Check the public key values are smaller than the modulus. + * + * @param [in] pub Public key - vector. + * @param [in] k Number of polynomials in vector. + * @return 0 when all values are in range. + * @return PUBLIC_KEY_E when at least one value is out of range. + */ +int mlkem_check_public(sword16* pub, int k) +{ + int ret = 0; + int i; + + for (i = 0; i < k * MLKEM_N; i++) { + if (pub[i] >= MLKEM_Q) { + ret = PUBLIC_KEY_E; + break; + } + } + + return ret; +} + #endif /* WOLFSSL_WC_MLKEM */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_pkcs11.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_pkcs11.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_pkcs11.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_pkcs11.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_pkcs11.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,10 +66,9 @@ #if defined(NO_PKCS11_RNG) && !defined(WC_NO_RNG) #define WC_NO_RNG #endif - - -/* Maximum length of the EC parameter string. */ -#define MAX_EC_PARAM_LEN 16 +#if defined(NO_PKCS11_MLDSA) && defined(HAVE_DILITHIUM) + #undef HAVE_DILITHIUM +#endif #if defined(HAVE_ECC) && !defined(NO_PKCS11_ECDH) @@ -84,13 +83,17 @@ #ifndef NO_RSA /* Pointer to RSA key type required for templates. */ -static CK_KEY_TYPE rsaKeyType = CKK_RSA; +static CK_KEY_TYPE rsaKeyType = CKK_RSA; #endif #ifdef HAVE_ECC /* Pointer to EC key type required for templates. */ -static CK_KEY_TYPE ecKeyType = CKK_EC; +static CK_KEY_TYPE ecKeyType = CKK_EC; #endif -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if defined(HAVE_DILITHIUM) +/* Pointer to ML-DSA key type required for templates. */ +static CK_KEY_TYPE mldsaKeyType = CKK_ML_DSA; +#endif +#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) /* Pointer to public key class required for templates. */ static CK_OBJECT_CLASS pubKeyClass = CKO_PUBLIC_KEY; /* Pointer to private key class required for templates. */ @@ -110,7 +113,9 @@ } CK_AES_CTR_PARAMS; #endif +#if !defined(NO_CERTS) static CK_OBJECT_CLASS certClass = CKO_CERTIFICATE; +#endif #ifdef WOLFSSL_DEBUG_PKCS11 /* Enable logging of PKCS#11 calls and return value. */ @@ -120,6 +125,9 @@ /* Enable logging of PKCS#11 template. */ #define PKCS11_DUMP_TEMPLATE(name, templ, cnt) \ pkcs11_dump_template(name, templ, cnt) +/* Enable logging of PKCS#11 mechanism info. */ +#define PKCS11_DUMP_MECHANSIM(name, mechanism) \ + pkcs11_dump_mechanism(name, mechanism) /* Formats of template items - used to instruct how to log information. */ enum PKCS11_TYPE_FORMATS { @@ -141,7 +149,7 @@ int format; } typeStr[] = { { CKA_CLASS, "CKA_CLASS", PKCS11_FMT_CLASS }, - { CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_POINTER }, + { CKA_TOKEN, "CKA_TOKEN", PKCS11_FMT_BOOLEAN }, { CKA_PRIVATE, "CKA_PRIVATE", PKCS11_FMT_BOOLEAN }, { CKA_LABEL, "CKA_LABEL", PKCS11_FMT_STRING }, { CKA_VALUE, "CKA_VALUE", PKCS11_FMT_DATA }, @@ -291,6 +299,9 @@ case CKK_SHA224_HMAC: XSNPRINTF(line, sizeof(line), "%25s: SHA224_HMAC", type); break; + case CKK_ML_DSA: + XSNPRINTF(line, sizeof(line), "%25s: ML_DSA", type); + break; default: XSNPRINTF(line, sizeof(line), "%25s: UNKNOWN (%08lx)", type, keyType); @@ -327,6 +338,11 @@ WOLFSSL_MSG(line); break; case PKCS11_FMT_DATA: + if (templ[i].ulValueLen == CK_UNAVAILABLE_INFORMATION) { + XSNPRINTF(line, sizeof(line), "%25s: unavailable", type); + WOLFSSL_MSG(line); + break; + } XSNPRINTF(line, sizeof(line), "%25s: %ld", type, templ[i].ulValueLen); WOLFSSL_MSG(line); @@ -340,7 +356,7 @@ char hex[6]; XSNPRINTF(hex, sizeof(hex), "0x%02x,", ((byte*)templ[i].pValue)[j]); - XSTRNCAT(line, hex, 5); + XSTRNCAT(line, hex, sizeof(line) - XSTRLEN(line) - 1); if ((j % 8) == 7) { WOLFSSL_MSG(line); XSNPRINTF(line, sizeof(line), "%27s", ""); @@ -365,6 +381,64 @@ } } +/* Information for logging a mechanism */ +static struct PKCS11_MECHANISM_STR { + /** Mechanism. */ + CK_MECHANISM_TYPE mech; + /** String to log corresponding mechanism. */ + const char* str; +} mechStr[] = { + { CKM_RSA_PKCS_KEY_PAIR_GEN, "CKM_RSA_PKCS_KEY_PAIR_GEN" }, + { CKM_RSA_X_509, "CKM_RSA_X_509" }, + { CKM_DH_PKCS_KEY_PAIR_GEN, "CKM_DH_PKCS_KEY_PAIR_GEN" }, + { CKM_DH_PKCS_DERIVE, "CKM_DH_PKCS_DERIVE" }, + { CKM_MD5_HMAC, "CKM_MD5_HMAC" }, + { CKM_SHA_1_HMAC, "CKM_SHA_1_HMAC" }, + { CKM_SHA256_HMAC, "CKM_SHA256_HMAC" }, + { CKM_SHA224_HMAC, "CKM_SHA224_HMAC" }, + { CKM_SHA384_HMAC, "CKM_SHA384_HMAC" }, + { CKM_SHA512_HMAC, "CKM_SHA512_HMAC" }, + { CKM_GENERIC_SECRET_KEY_GEN, "CKM_GENERIC_SECRET_KEY_GEN" }, + { CKM_EC_KEY_PAIR_GEN, "CKM_EC_KEY_PAIR_GEN" }, + { CKM_ECDSA, "CKM_ECDSA" }, + { CKM_ECDH1_DERIVE, "CKM_ECDH1_DERIVE" }, + { CKM_ECDH1_COFACTOR_DERIVE, "CKM_ECDH1_COFACTOR_DERIVE" }, + { CKM_AES_KEY_GEN, "CKM_AES_KEY_GEN" }, + { CKM_AES_CBC, "CKM_AES_CBC" }, + { CKM_AES_GCM, "CKM_AES_GCM" }, +}; +/* Count of known mechanism for logging. */ +#define PKCS11_MECH_STR_CNT ((int)(sizeof(mechStr) / sizeof(*mechStr))) + +/* + * Dump/log the PKCS #11 mechanism. + * + * This is only for debugging purposes. Only the values needed are recognised. + * + * @param [in] op PKCS #11 operation that was attempted. + * @param [in] mech PKCS #11 mechanism to dump. + */ +static void pkcs11_dump_mechanism(const char* op, CK_MECHANISM_TYPE mech) +{ + char line[80]; + const char *mechName = NULL; + int i; + + for (i = 0; i < PKCS11_MECH_STR_CNT; i++) { + if (mech == mechStr[i].mech) { + mechName = mechStr[i].str; + break; + } + } + if (i == PKCS11_TYPE_STR_CNT) { + mechName = "UNKNOWN"; + } + + XSNPRINTF(line, 80, "%s: %s", op, mechName); + + WOLFSSL_MSG(line); +} + /* * Log a PKCS #11 return value with the name of function called. * @@ -416,6 +490,8 @@ #define PKCS11_VAL(op, val) WC_DO_NOTHING /* Disable logging of PKCS#11 template. */ #define PKCS11_DUMP_TEMPLATE(name, templ, cnt) WC_DO_NOTHING +/* Disable logging of PKCS#11 mechanism info. */ +#define PKCS11_DUMP_MECHANSIM(name, mechanism) WC_DO_NOTHING #endif /** @@ -432,7 +508,7 @@ */ int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap) { - return wc_Pkcs11_Initialize_ex(dev, library, heap, NULL); + return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, NULL); } /** @@ -452,51 +528,269 @@ int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap, CK_RV* rvp) { + return wc_Pkcs11_Initialize_v3(dev, library, heap, NULL, NULL, rvp); +} + +/** + * Load library, get function list and initialize PKCS#11. + * + * @param [in] dev Device object. + * @param [in] library Library name including path. + * @param [in] heap Heap hint. + * @param [in,out] version On in, desired version of interface. + * On out, actual obtained version of interface. + * @param [in] interfaceName Name of the interface to use. + * @param [out] rvp PKCS#11 return value. Last return value seen. + * May be NULL. + * @return BAD_FUNC_ARG when dev or library are NULL pointers. + * @return BAD_PATH_ERROR when dynamic library cannot be opened. + * @return WC_INIT_E when the initialization PKCS#11 fails. + * @return WC_HW_E when unable to get PKCS#11 function list. + * @return 0 on success. + */ +int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library, + void* heap, int* version, const char* interfaceName, CK_RV* rvp) +{ int ret = 0; CK_RV rv = CKR_OK; -#ifndef HAVE_PKCS11_STATIC +#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC) void* func; #endif CK_C_INITIALIZE_ARGS args; + CK_VERSION_PTR version_ptr = NULL; - if (dev == NULL || library == NULL) + if (dev == NULL) ret = BAD_FUNC_ARG; +#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC) + if (library == NULL) + ret = BAD_FUNC_ARG; +#endif + if (ret == 0) { dev->heap = heap; -#ifndef HAVE_PKCS11_STATIC +#if defined(HAVE_PKCS11_V3_STATIC) + CK_INTERFACE_PTR interface = NULL; + CK_VERSION pkcs11_version = {0, 0}; + + if (version != NULL) { + if (*version == WC_PCKS11VERSION_2_20) { + pkcs11_version.major = 2; + pkcs11_version.minor = 20; + } + else if (*version == WC_PCKS11VERSION_2_40) { + pkcs11_version.major = 2; + pkcs11_version.minor = 40; + } + else if (*version == WC_PCKS11VERSION_3_0) { + pkcs11_version.major = 3; + pkcs11_version.minor = 0; + } + else if (*version == WC_PCKS11VERSION_3_1) { + pkcs11_version.major = 3; + pkcs11_version.minor = 1; + } + else if (*version == WC_PCKS11VERSION_3_2) { + pkcs11_version.major = 3; + pkcs11_version.minor = 2; + } + version_ptr = &pkcs11_version; + } + else { + version_ptr = NULL; + } + + rv = C_GetInterface((CK_UTF8CHAR_PTR) interfaceName, version_ptr, + &interface, 0); + + if (rv == CKR_OK) { + dev->func = interface->pFunctionList; + version_ptr = (CK_VERSION_PTR) interface->pFunctionList; + if (version_ptr->major == 2 && version_ptr->minor == 20) { + dev->version = WC_PCKS11VERSION_2_20; + } + else if (version_ptr->major == 2 && + version_ptr->minor == 40) { + dev->version = WC_PCKS11VERSION_2_40; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 0) { + dev->version = WC_PCKS11VERSION_3_0; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 1) { + dev->version = WC_PCKS11VERSION_3_1; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 2) { + dev->version = WC_PCKS11VERSION_3_2; + } + else { + WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d", + version_ptr->major, version_ptr->minor); + ret = WC_HW_E; + } + } + else { + PKCS11_RV("CK_C_GetInterface", rv); + ret = WC_HW_E; + } +#elif defined(HAVE_PKCS11_STATIC) + rv = C_GetFunctionList(&dev->func); + if (rv == CKR_OK) { + version_ptr = (CK_VERSION_PTR) dev->func; + if (version_ptr->major == 2 && + version_ptr->minor == 20) { + dev->version = WC_PCKS11VERSION_2_20; + } + else if (version_ptr->major == 2 && + version_ptr->minor == 40) { + dev->version = WC_PCKS11VERSION_2_40; + } + else { + WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d", + version_ptr->major, + version_ptr->minor); + ret = WC_HW_E; + } + } + else { + PKCS11_RV("CK_C_GetFunctionList", rv); + ret = WC_HW_E; + } +#else + /* Load dynamic library */ dev->dlHandle = dlopen(library, RTLD_NOW | RTLD_LOCAL); if (dev->dlHandle == NULL) { WOLFSSL_MSG(dlerror()); ret = BAD_PATH_ERROR; } - } - if (ret == 0) { - dev->func = NULL; - func = dlsym(dev->dlHandle, "C_GetFunctionList"); - if (func == NULL) { - WOLFSSL_MSG(dlerror()); - ret = WC_HW_E; + if (ret == 0) { + /* Check if the library supports PKCS#11 version 3.0 (or above) by + * looking for the C_GetInterface method (only present for >= V3.0). + */ + func = dlsym(dev->dlHandle, "C_GetInterface"); + if (func != NULL) { + /* Function is present, use it */ + CK_INTERFACE_PTR interface = NULL; + CK_VERSION pkcs11_version = {0, 0}; + if (version != NULL) { + if (*version == WC_PCKS11VERSION_2_20) { + pkcs11_version.major = 2; + pkcs11_version.minor = 20; + } + else if (*version == WC_PCKS11VERSION_2_40) { + pkcs11_version.major = 2; + pkcs11_version.minor = 40; + } + else if (*version == WC_PCKS11VERSION_3_0) { + pkcs11_version.major = 3; + pkcs11_version.minor = 0; + } + else if (*version == WC_PCKS11VERSION_3_1) { + pkcs11_version.major = 3; + pkcs11_version.minor = 1; + } + else if (*version == WC_PCKS11VERSION_3_2) { + pkcs11_version.major = 3; + pkcs11_version.minor = 2; + } + version_ptr = &pkcs11_version; + } + else { + version_ptr = NULL; + } + + rv = ((CK_C_GetInterface)func)((CK_UTF8CHAR_PTR) interfaceName, + version_ptr, &interface, 0); + if (rv == CKR_OK) { + dev->func = interface->pFunctionList; + version_ptr = (CK_VERSION_PTR) interface->pFunctionList; + if (version_ptr->major == 2 && version_ptr->minor == 20) { + dev->version = WC_PCKS11VERSION_2_20; + } + else if (version_ptr->major == 2 && + version_ptr->minor == 40) { + dev->version = WC_PCKS11VERSION_2_40; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 0) { + dev->version = WC_PCKS11VERSION_3_0; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 1) { + dev->version = WC_PCKS11VERSION_3_1; + } + else if (version_ptr->major == 3 && + version_ptr->minor == 2) { + dev->version = WC_PCKS11VERSION_3_2; + } + else { + WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d", + version_ptr->major, version_ptr->minor); + ret = WC_HW_E; + } + } + else { + PKCS11_RV("CK_C_GetInterface", rv); + ret = WC_HW_E; + } + } + else { + /* Function not present, try a 2.x library by looking for + * C_GetFunctionList. */ + func = dlsym(dev->dlHandle, "C_GetFunctionList"); + if (func == NULL) { + #if defined(_WIN32) + WOLFSSL_MSG_EX("GetProcAddress(): %d", GetLastError()); + #else + WOLFSSL_MSG(dlerror()); + #endif + ret = WC_HW_E; + } + if (ret == 0) { + rv = ((CK_C_GetFunctionList)func)(&dev->func); + if (rv == CKR_OK) { + version_ptr = (CK_VERSION_PTR) dev->func; + if (version_ptr->major == 2 && + version_ptr->minor == 20) { + dev->version = WC_PCKS11VERSION_2_20; + } + else if (version_ptr->major == 2 && + version_ptr->minor == 40) { + dev->version = WC_PCKS11VERSION_2_40; + } + else { + WOLFSSL_MSG_EX("Unsupported PKCS#11 version: %d.%d", + version_ptr->major, + version_ptr->minor); + ret = WC_HW_E; + } + } + else { + PKCS11_RV("CK_C_GetFunctionList", rv); + ret = WC_HW_E; + } + } + } } - } - if (ret == 0) { - rv = ((CK_C_GetFunctionList)func)(&dev->func); -#else - rv = C_GetFunctionList(&dev->func); #endif - if (rv != CKR_OK) { - PKCS11_RV("CK_C_GetFunctionList", ret); - ret = WC_HW_E; - } } + if (ret == 0 && version != NULL) + *version = dev->version; + if (ret == 0) { XMEMSET(&args, 0x00, sizeof(args)); args.flags = CKF_OS_LOCKING_OK; rv = dev->func->C_Initialize(&args); - if (rv != CKR_OK) { - PKCS11_RV("C_Initialize", ret); + if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED) { + WOLFSSL_MSG("PKCS#11 already initialized"); + rv = CKR_OK; + } + else if (rv != CKR_OK) { + PKCS11_RV("C_Initialize", rv); ret = WC_INIT_E; } } @@ -520,7 +814,7 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev) { if (dev != NULL -#ifndef HAVE_PKCS11_STATIC +#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC) && dev->dlHandle != NULL #endif ) { @@ -528,7 +822,7 @@ dev->func->C_Finalize(NULL); dev->func = NULL; } -#ifndef HAVE_PKCS11_STATIC +#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC) dlclose(dev->dlHandle); dev->dlHandle = NULL; #endif @@ -633,6 +927,7 @@ token->userPin = NULL_PTR; token->userPinSz = 0; token->userPinLogin = 0; + token->version = dev->version; } XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -809,6 +1104,7 @@ if (ret == 0) { session->func = token->func; session->slotId = token->slotId; + session->version = token->version; } return ret; @@ -1060,13 +1356,24 @@ { int ret = 0; - if (key->dp != NULL && key->dp->oid != NULL) { + if (key != NULL && key->dp != NULL && key->dp->oid != NULL) { unsigned char* derParams = tmpl[idx].pValue; + #if defined(HAVE_OID_ENCODING) + word32 oidSz = ECC_MAX_OID_LEN - 2; + ret = wc_EncodeObjectId(key->dp->oid, key->dp->oidSz, derParams+2, &oidSz); + if (ret != 0) { + return ret; + } + tmpl[idx].ulValueLen = oidSz + 2; + derParams[0] = ASN_OBJECT_ID; + derParams[1] = oidSz; + #else /* ASN.1 encoding: OBJ + ecc parameters OID */ tmpl[idx].ulValueLen = key->dp->oidSz + 2; derParams[0] = ASN_OBJECT_ID; derParams[1] = key->dp->oidSz; XMEMCPY(derParams + 2, key->dp->oid, key->dp->oidSz); + #endif } else ret = NOT_COMPILED_IN; @@ -1096,7 +1403,7 @@ unsigned char* ecPoint = NULL; word32 len; CK_RV rv; - CK_UTF8CHAR params[MAX_EC_PARAM_LEN]; + CK_UTF8CHAR params[ECC_MAX_OID_LEN]; /* Empty entries for optional label/ID. */ CK_ATTRIBUTE keyTemplate[] = { { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, @@ -1180,7 +1487,7 @@ { int ret = 0; CK_RV rv; - CK_UTF8CHAR params[MAX_EC_PARAM_LEN]; + CK_UTF8CHAR params[ECC_MAX_OID_LEN]; /* Empty entries for optional label/ID. */ CK_ATTRIBUTE keyTemplate[] = { { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, @@ -1209,12 +1516,115 @@ ret = Pkcs11EccSetParams(private_key, keyTemplate, 3); if (ret == 0) { - keyTemplate[4].pValue = wc_ecc_key_get_priv(private_key)->raw.buf; - keyTemplate[4].ulValueLen = wc_ecc_key_get_priv(private_key)->raw.len; + word32 privLen = private_key->dp->size; + byte* priv = (byte*)XMALLOC(privLen, private_key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL) { + ret = MEMORY_E; + } + if (ret == 0) { + PRIVATE_KEY_LOCK(); + ret = wc_ecc_export_private_only(private_key, priv, &privLen); + PRIVATE_KEY_UNLOCK(); + } + if (ret == 0) { + keyTemplate[4].pValue = priv; + keyTemplate[4].ulValueLen = privLen; - PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt); - rv = session->func->C_CreateObject(session->handle, keyTemplate, + PKCS11_DUMP_TEMPLATE("Ec Private Key", keyTemplate, keyTmplCnt); + rv = session->func->C_CreateObject(session->handle, keyTemplate, keyTmplCnt, privateKey); + PKCS11_RV("C_CreateObject", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + XFREE(priv, private_key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif + +#ifdef HAVE_DILITHIUM +/** + * Create a PKCS#11 object containing the ML-DSA public key data. + * @param handle [out] Handle to public key object. + * @param session [in] Session object. + * @param key [in] ML-DSA key. + * @param mechInfo [in] Pointer to a filled MECHANISM_INFO object. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return 0 on success. + */ +static int Pkcs11CreateMldsaPublicKey(CK_OBJECT_HANDLE* handle, + Pkcs11Session* session, + MlDsaKey* key, + CK_MECHANISM_INFO_PTR mechInfo) +{ + int ret = 0; + CK_RV rv; + CK_ULONG publicKeyLen = 0; + CK_ML_DSA_PARAMETER_SET_TYPE param_set = 0; + /* Empty entries for optional label/ID. */ + CK_ATTRIBUTE keyTemplate[] = { + { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, + { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, + { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, + { CKA_VALUE, NULL, 0 }, + { CKA_PARAMETER_SET, ¶m_set, sizeof(param_set) }, + { 0, NULL, 0 }, + { 0, NULL, 0 }, + }; + /* Mandatory entries + 2 optional. */ + CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate) - 2; + + if (!key->pubKeySet) { + ret = BAD_FUNC_ARG; + } + + if (key->labelLen > 0) { + keyTemplate[keyTmplCnt].type = CKA_LABEL; + keyTemplate[keyTmplCnt].pValue = key->label; + keyTemplate[keyTmplCnt].ulValueLen = key->labelLen; + keyTmplCnt++; + } + if (key->idLen > 0) { + keyTemplate[keyTmplCnt].type = CKA_ID; + keyTemplate[keyTmplCnt].pValue = key->id; + keyTemplate[keyTmplCnt].ulValueLen = key->idLen; + keyTmplCnt++; + } + + if ((key->level == WC_ML_DSA_44) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) { + publicKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + param_set = CKP_ML_DSA_44; + } + else if ((key->level == WC_ML_DSA_65) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) { + publicKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + param_set = CKP_ML_DSA_65; + } + else if ((key->level == WC_ML_DSA_87) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) { + publicKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + param_set = CKP_ML_DSA_87; + } + else { + ret = WC_KEY_SIZE_E; + } + + if (ret == 0) { + keyTemplate[3].pValue = (byte*) key->p; + keyTemplate[3].ulValueLen = publicKeyLen; + + PKCS11_DUMP_TEMPLATE("ML-DSA Public Key", keyTemplate, keyTmplCnt); + rv = session->func->C_CreateObject(session->handle, keyTemplate, + keyTmplCnt, handle); PKCS11_RV("C_CreateObject", rv); if (rv != CKR_OK) { ret = WC_HW_E; @@ -1223,29 +1633,119 @@ return ret; } -#endif + +/** + * Create a PKCS#11 object containing the ML-DSA private key data. + * + * @param handle [out] Handle to private key object. + * @param session [in] Session object. + * @param key [in] ML-DSA key. + * @param mechInfo [in] Pointer to a filled MECHANISM_INFO object. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return 0 on success. + */ +static int Pkcs11CreateMldsaPrivateKey(CK_OBJECT_HANDLE* privateKey, + Pkcs11Session* session, + MlDsaKey* key, + CK_MECHANISM_INFO_PTR mechInfo) +{ + int ret = 0; + CK_RV rv; + CK_ULONG privateKeyLen = 0; + CK_ML_DSA_PARAMETER_SET_TYPE param_set = 0; + /* Empty entries for optional label/ID. */ + CK_ATTRIBUTE keyTemplate[] = { + { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, + { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, + { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, + { CKA_VALUE, NULL, 0 }, + { CKA_PARAMETER_SET, ¶m_set, sizeof(param_set) }, + { 0, NULL, 0 }, + { 0, NULL, 0 } + }; + /* Mandatory entries + 2 optional. */ + CK_ULONG keyTmplCnt = sizeof(keyTemplate) / sizeof(*keyTemplate) - 2; + + if (key->labelLen > 0) { + keyTemplate[keyTmplCnt].type = CKA_LABEL; + keyTemplate[keyTmplCnt].pValue = key->label; + keyTemplate[keyTmplCnt].ulValueLen = key->labelLen; + keyTmplCnt++; + } + if (key->idLen > 0) { + keyTemplate[keyTmplCnt].type = CKA_ID; + keyTemplate[keyTmplCnt].pValue = key->id; + keyTemplate[keyTmplCnt].ulValueLen = key->idLen; + keyTmplCnt++; + } + + if ((key->level == WC_ML_DSA_44) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) { + privateKeyLen = ML_DSA_LEVEL2_KEY_SIZE; + param_set = CKP_ML_DSA_44; + } + else if ((key->level == WC_ML_DSA_65) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) { + privateKeyLen = ML_DSA_LEVEL3_KEY_SIZE; + param_set = CKP_ML_DSA_65; + } + else if ((key->level == WC_ML_DSA_87) && + (mechInfo->ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) && + (mechInfo->ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) { + privateKeyLen = ML_DSA_LEVEL5_KEY_SIZE; + param_set = CKP_ML_DSA_87; + } + else { + ret = WC_KEY_SIZE_E; + } + + if (ret == 0) { + keyTemplate[3].pValue = (byte*) key->k; + keyTemplate[3].ulValueLen = privateKeyLen; + + PKCS11_DUMP_TEMPLATE("ML-DSA Private Key", keyTemplate, keyTmplCnt); + rv = session->func->C_CreateObject(session->handle, keyTemplate, + keyTmplCnt, privateKey); + PKCS11_RV("C_CreateObject", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + + return ret; +} +#endif /* HAVE_DILITHIUM */ #if !defined(NO_RSA) || defined(HAVE_ECC) || (!defined(NO_AES) && \ - (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || !defined(NO_HMAC) + (defined(HAVE_AESGCM) || defined(HAVE_AES_CBC))) || \ + !defined(NO_HMAC) || defined(HAVE_DILITHIUM) /** * Check if mechanism is available in session on token. * - * @param [in] session Session object. - * @param [in] mech Mechanism to look for. + * @param [in] session Session object. + * @param [in] mech Mechanism to look for. + * @param [out] mechInfoPtr Mechanism info return data (optional). * @return NOT_COMPILED_IN when mechanism not available. * @return 0 when mechanism is available. */ -static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech) +static int Pkcs11MechAvail(Pkcs11Session* session, CK_MECHANISM_TYPE mech, + CK_MECHANISM_INFO_PTR mechInfoPtr) { int ret = 0; CK_RV rv; CK_MECHANISM_INFO mechInfo; + PKCS11_DUMP_MECHANSIM("PKCS#11: Check if mechanism is available", mech); rv = session->func->C_GetMechanismInfo(session->slotId, mech, &mechInfo); PKCS11_RV("C_GetMechanismInfo", rv); if (rv != CKR_OK) { ret = NOT_COMPILED_IN; } + if (mechInfoPtr != NULL) { + *mechInfoPtr = mechInfo; + } return ret; } @@ -1335,7 +1835,7 @@ case PKCS11_KEY_TYPE_AES_GCM: { Aes* aes = (Aes*)key; - ret = Pkcs11MechAvail(&session, CKM_AES_GCM); + ret = Pkcs11MechAvail(&session, CKM_AES_GCM, NULL); if (ret == 0) { ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES, (unsigned char*)aes->devKey, @@ -1353,7 +1853,7 @@ case PKCS11_KEY_TYPE_AES_CBC: { Aes* aes = (Aes*)key; - ret = Pkcs11MechAvail(&session, CKM_AES_CBC); + ret = Pkcs11MechAvail(&session, CKM_AES_CBC, NULL); if (ret == 0) { ret = Pkcs11CreateSecretKey(&privKey, &session, CKK_AES, (unsigned char*)aes->devKey, @@ -1378,7 +1878,7 @@ break; if (ret == 0) - ret = Pkcs11MechAvail(&session, mechType); + ret = Pkcs11MechAvail(&session, mechType, NULL); if (ret == 0) { ret = Pkcs11CreateSecretKey(&privKey, &session, keyType, (unsigned char*)hmac->keyRaw, @@ -1403,7 +1903,7 @@ case PKCS11_KEY_TYPE_RSA: { RsaKey* rsaKey = (RsaKey*)key; - ret = Pkcs11MechAvail(&session, CKM_RSA_X_509); + ret = Pkcs11MechAvail(&session, CKM_RSA_X_509, NULL); if (ret == 0) ret = Pkcs11CreateRsaPrivateKey(&privKey, &session, rsaKey, 1); @@ -1426,7 +1926,7 @@ #ifndef NO_PKCS11_ECDH if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) { /* Try ECDH mechanism first. */ - ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE); + ret = Pkcs11MechAvail(&session, CKM_ECDH1_DERIVE, NULL); if (ret == 0) { ret = Pkcs11CreateEccPrivateKey(&privKey, &session, eccKey, CKA_DERIVE); @@ -1435,7 +1935,7 @@ #endif if (ret == 0 || ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) { /* Try ECDSA mechanism next. */ - ret2 = Pkcs11MechAvail(&session, CKM_ECDSA); + ret2 = Pkcs11MechAvail(&session, CKM_ECDSA, NULL); if (ret2 == 0) { ret2 = Pkcs11CreateEccPrivateKey(&privKey, &session, eccKey, CKA_SIGN); @@ -1444,6 +1944,13 @@ /* Store public key for validation with cert. */ ret2 = Pkcs11CreateEccPublicKey(&pubKey, &session, eccKey, CKA_VERIFY); + if (ret2 != 0) { + /* Delete the private key if the public key + * creation failed to avoid leaving an orphaned + * private key on the token. */ + session.func->C_DestroyObject(session.handle, + privKey); + } } } /* OK for this to fail if set for ECDH. */ @@ -1455,6 +1962,40 @@ break; } #endif + #if defined(HAVE_DILITHIUM) + case PKCS11_KEY_TYPE_MLDSA: { + MlDsaKey* mldsaKey = (MlDsaKey*) key; + CK_MECHANISM_INFO mechInfo; + + ret = Pkcs11MechAvail(&session, CKM_ML_DSA, &mechInfo); + if (ret == 0 && mldsaKey->prvKeySet) { + ret = Pkcs11CreateMldsaPrivateKey(&privKey, + &session, + mldsaKey, + &mechInfo); + } + if (ret == 0 && mldsaKey->pubKeySet) { + CK_OBJECT_HANDLE pubKey = NULL_PTR; + /* Store public key for validation with cert. */ + ret = Pkcs11CreateMldsaPublicKey(&pubKey, + &session, + mldsaKey, + &mechInfo); + if (ret != 0) { + /* Delete the private key if the public key creation + * failed to avoid leaving an orphaned private key + * on the token. */ + session.func->C_DestroyObject(session.handle, privKey); + } + } + #ifndef WOLFSSL_DILITHIUM_ASSIGN_KEY + if (ret == 0 && clear) { + ForceZero(mldsaKey->k, sizeof(mldsaKey->k)); + } + #endif + break; + } + #endif /* HAVE_DILITHIUM*/ default: ret = NOT_COMPILED_IN; break; @@ -2188,7 +2729,6 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) { int ret = 0; - CK_RV rv; CK_MECHANISM_INFO mechInfo; CK_MECHANISM_TYPE mechanism = 0x0UL; int sessionKey = 0; @@ -2214,12 +2754,7 @@ } /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, mechanism, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK) { - ret = NOT_COMPILED_IN; - } + ret = Pkcs11MechAvail(session, mechanism, &mechInfo); if (ret == 0) { if ((type == RSA_PUBLIC_ENCRYPT) || (type == RSA_PUBLIC_DECRYPT)) { @@ -2318,7 +2853,7 @@ int privTmplCnt = 2; int i; - ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN); + ret = Pkcs11MechAvail(session, CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); if (ret == 0) { WOLFSSL_MSG("PKCS#11: RSA Key Generation Operation"); @@ -2394,9 +2929,8 @@ int i; unsigned char* ecPoint = NULL; word32 len = 0; - CK_RV rv; CK_ULONG count; - CK_UTF8CHAR params[MAX_EC_PARAM_LEN]; + CK_UTF8CHAR params[ECC_MAX_OID_LEN]; CK_ATTRIBUTE keyTemplate[] = { { CKA_CLASS, &keyClass, sizeof(keyClass) }, { CKA_KEY_TYPE, &ecKeyType, sizeof(ecKeyType) }, @@ -2433,26 +2967,7 @@ attrCnt++; } if (ret == 0) { - PKCS11_DUMP_TEMPLATE("Find Ec Key", keyTemplate, attrCnt); - rv = session->func->C_FindObjectsInit(session->handle, keyTemplate, - attrCnt); - PKCS11_RV("C_FindObjectsInit", rv); - if (rv != CKR_OK) { - ret = WC_HW_E; - } - } - if (ret == 0) { - rv = session->func->C_FindObjects(session->handle, key, 1, &count); - PKCS11_RV("C_FindObjects", rv); - PKCS11_VAL("C_FindObjects Count", count); - if (rv != CKR_OK) { - ret = WC_HW_E; - } - rv = session->func->C_FindObjectsFinal(session->handle); - PKCS11_RV("C_FindObjectsFinal", rv); - if (rv != CKR_OK) { - ret = WC_HW_E; - } + ret = Pkcs11FindKeyByTemplate(key, session, keyTemplate, attrCnt, &count); } XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC); @@ -2560,7 +3075,7 @@ CK_RV rv; CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR; CK_MECHANISM mech; - CK_UTF8CHAR params[MAX_EC_PARAM_LEN]; + CK_UTF8CHAR params[ECC_MAX_OID_LEN]; CK_ATTRIBUTE pubKeyTmpl[] = { { CKA_EC_PARAMS, params, 0 }, { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, @@ -2584,7 +3099,7 @@ /* Mandatory entries + 2 optional. */ int privTmplCnt = 1; - ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN); + ret = Pkcs11MechAvail(session, CKM_EC_KEY_PAIR_GEN, NULL); if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Key Generation Operation"); @@ -2632,8 +3147,12 @@ if (pubKey != NULL_PTR) session->func->C_DestroyObject(session->handle, pubKey); - if (ret != 0 && privKey != NULL_PTR) + if (ret == 0 && privKey != NULL_PTR) { + key->devCtx = (void*)(wc_ptr_t)privKey; + } + else if (ret != 0 && privKey != NULL_PTR) { session->func->C_DestroyObject(session->handle, privKey); + } return ret; } @@ -2670,7 +3189,9 @@ } PKCS11_DUMP_TEMPLATE("Secret Length", tmpl, tmplCnt); if (ret == 0) { - if (tmpl[0].ulValueLen > *outLen) + if (tmpl[0].ulValueLen == CK_UNAVAILABLE_INFORMATION) + ret = WC_HW_E; + else if (tmpl[0].ulValueLen > *outLen) ret = BUFFER_E; } if (ret == 0) { @@ -2720,14 +3241,18 @@ }; CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); - ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE); + ret = Pkcs11MechAvail(session, CKM_ECDH1_DERIVE, NULL); if (ret == 0 && info->pk.ecdh.outlen == NULL) { ret = BAD_FUNC_ARG; } if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Key Derivation Operation"); - if ((sessionKey = !mp_iszero( + if (info->pk.ecdh.private_key->devCtx != NULL) { + privateKey = (CK_OBJECT_HANDLE)(wc_ptr_t) + info->pk.ecdh.private_key->devCtx; + } + else if ((sessionKey = !mp_iszero( wc_ecc_key_get_priv(info->pk.ecdh.private_key)))) ret = Pkcs11CreateEccPrivateKey(&privateKey, session, info->pk.ecdh.private_key, CKA_DERIVE); @@ -2764,7 +3289,8 @@ if (ret == 0) { secSz = *info->pk.ecdh.outlen; - if (secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size) + if (info->pk.ecdh.private_key->dp != NULL && + secSz > (CK_ULONG)info->pk.ecdh.private_key->dp->size) secSz = info->pk.ecdh.private_key->dp->size; params.kdf = CKD_NULL; @@ -2791,7 +3317,10 @@ info->pk.ecdh.outlen); } - if (sessionKey) + if (secret != CK_INVALID_HANDLE) + session->func->C_DestroyObject(session->handle, secret); + + if (sessionKey && privateKey != NULL_PTR) session->func->C_DestroyObject(session->handle, privateKey); if (point != NULL) @@ -3007,12 +3536,10 @@ CK_OBJECT_HANDLE privateKey = NULL_PTR; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0) + ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0 && info->pk.eccsign.outlen == NULL) { ret = BAD_FUNC_ARG; } @@ -3022,7 +3549,11 @@ if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Signing Operation"); - if ((sessionKey = !mp_iszero( + if (info->pk.eccsign.key->devCtx != NULL) { + privateKey = (CK_OBJECT_HANDLE)(wc_ptr_t) + info->pk.eccsign.key->devCtx; + } + else if ((sessionKey = !mp_iszero( wc_ecc_key_get_priv(info->pk.eccsign.key)))) ret = Pkcs11CreateEccPrivateKey(&privateKey, session, info->pk.eccsign.key, CKA_SIGN); @@ -3086,7 +3617,7 @@ sz); } - if (sessionKey) + if (sessionKey && privateKey != NULL_PTR) session->func->C_DestroyObject(session->handle, privateKey); return ret; @@ -3104,20 +3635,20 @@ static int Pkcs11ECDSA_Verify(Pkcs11Session* session, wc_CryptoInfo* info) { int ret = 0; + int sessionKey = 0; CK_RV rv; CK_MECHANISM mech; CK_MECHANISM_INFO mechInfo; CK_OBJECT_HANDLE publicKey = NULL_PTR; unsigned char* sig = NULL; - word32 sz = info->pk.eccverify.key->dp->size; + ecc_key* key = info->pk.eccverify.key; + word32 sz = key->dp->size; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_ECDSA, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_VERIFY) == 0) + ret = Pkcs11MechAvail(session, CKM_ECDSA, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_VERIFY) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0 && info->pk.eccverify.res == NULL) { ret = BAD_FUNC_ARG; } @@ -3125,12 +3656,32 @@ if (ret == 0) { WOLFSSL_MSG("PKCS#11: EC Verification Operation"); - ret = Pkcs11CreateEccPublicKey(&publicKey, session, - info->pk.eccverify.key, CKA_VERIFY); + if (key->labelLen > 0) { + ret = Pkcs11FindKeyByLabel(&publicKey, CKO_PUBLIC_KEY, CKK_EC, + session, key->label, key->labelLen); + if (ret == 0 && key->dp == NULL) { + ret = Pkcs11GetEccParams(session, publicKey, key); + } + } + else if (key->idLen > 0) { + ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_EC, + session, key->id, key->idLen); + if (ret == 0 && key->dp == NULL) { + ret = Pkcs11GetEccParams(session, publicKey, key); + } + } + else if (!mp_iszero(key->pubkey.x)) { + ret = Pkcs11CreateEccPublicKey(&publicKey, session, key, + CKA_VERIFY); + sessionKey = 1; + } + else + ret = Pkcs11FindEccKey(&publicKey, CKO_PUBLIC_KEY, session, + info->pk.eccsign.key, CKA_VERIFY); } if (ret == 0) { - sig = (unsigned char *)XMALLOC(sz * 2, info->pk.eccverify.key->heap, + sig = (unsigned char *)XMALLOC(sz * 2, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) ret = MEMORY_E; @@ -3167,7 +3718,7 @@ *info->pk.eccverify.res = 1; } - if (publicKey != NULL_PTR) + if (sessionKey && publicKey != NULL_PTR) session->func->C_DestroyObject(session->handle, publicKey); if (sig != NULL) @@ -3404,8 +3955,797 @@ return ret; } + +/** + * Deletes the ECC private key. + * + * @param [in] session Session object. + * @param [in] key ECC key. + * @return 0 on success. + */ +static int Pkcs11EccDeletePrivKey(Pkcs11Session* session, ecc_key* key) +{ + CK_OBJECT_HANDLE privateKey; + + if (key != NULL && key->devCtx != NULL) { + privateKey = (CK_OBJECT_HANDLE)(wc_ptr_t)key->devCtx; + + session->func->C_DestroyObject(session->handle, privateKey); + + key->devCtx = NULL; + } + + return 0; +} #endif +#if defined(HAVE_DILITHIUM) +/** + * Find the PKCS#11 object containing the ML-DSA public or private key data. + * + * @param handle [out] Handle to key object. + * @param keyClass [in] Public or private key class. + * @param session [in] Session object. + * @param key [in] ML-DSA key. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return 0 on success. + */ +static int Pkcs11FindMldsaKey(CK_OBJECT_HANDLE* handle, + CK_OBJECT_CLASS keyClass, + Pkcs11Session* session, + MlDsaKey* key) +{ + int ret = 0; + CK_ULONG count = 0; + CK_ML_DSA_PARAMETER_SET_TYPE param_set = 0; + CK_ATTRIBUTE keyTemplate[] = { + { CKA_CLASS, &keyClass, sizeof(keyClass) }, + { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, + { CKA_PARAMETER_SET, ¶m_set, sizeof(param_set) }, + }; + CK_ULONG attrCnt = sizeof(keyTemplate) / sizeof(*keyTemplate); + + if (key->level == WC_ML_DSA_44) { + param_set = CKP_ML_DSA_44; + } + else if (key->level == WC_ML_DSA_65) { + param_set = CKP_ML_DSA_65; + } + else if (key->level == WC_ML_DSA_87) { + param_set = CKP_ML_DSA_87; + } + else { + ret = NOT_COMPILED_IN; + } + + if (ret == 0) { + ret = Pkcs11FindKeyByTemplate(handle, session, keyTemplate, + attrCnt, &count); + } + if (ret == 0 && count == 0) { + ret = WC_HW_E; + } + + return ret; +} + +/** + * Gets the public key data from the PKCS#11 object and puts into the ML-DSA + * key. + * + * @param key [in] ML-DSA key. + * @param session [in] Session object. + * @param keyHandle [in] ML-DSA public key PKCS#11 object handle. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return 0 on success. + */ +static int Pkcs11GetMldsaPublicKey(MlDsaKey* key, + Pkcs11Session* session, + CK_OBJECT_HANDLE keyHandle) +{ + int ret = 0; + CK_ULONG pubKeySize; + unsigned char* pubKey = NULL; + CK_ATTRIBUTE tmpl[] = { + { CKA_VALUE, NULL, 0 } + }; + CK_ULONG tmplCnt = sizeof(tmpl) / sizeof(*tmpl); + CK_RV rv; + + PKCS11_DUMP_TEMPLATE("Get ML-DSA Public Key Length", tmpl, tmplCnt); + rv = session->func->C_GetAttributeValue(session->handle, keyHandle, + tmpl, tmplCnt); + PKCS11_RV("C_GetAttributeValue", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + PKCS11_DUMP_TEMPLATE("ML-DSA Public Key Length", tmpl, tmplCnt); + + if (ret == 0) { + pubKeySize = tmpl[0].ulValueLen; + pubKey = (unsigned char*)XMALLOC(pubKeySize, key->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + tmpl[0].pValue = pubKey; + + PKCS11_DUMP_TEMPLATE("Get ML-DSA Public Key", tmpl, tmplCnt); + rv = session->func->C_GetAttributeValue(session->handle, keyHandle, + tmpl, tmplCnt); + PKCS11_RV("C_GetAttributeValue", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + PKCS11_DUMP_TEMPLATE("ML-DSA Public Key", tmpl, tmplCnt); + } + if (ret == 0) { + if (pubKeySize == ML_DSA_LEVEL2_PUB_KEY_SIZE) + wc_MlDsaKey_SetParams(key, WC_ML_DSA_44); + else if (pubKeySize == ML_DSA_LEVEL3_PUB_KEY_SIZE) + wc_MlDsaKey_SetParams(key, WC_ML_DSA_65); + else if (pubKeySize == ML_DSA_LEVEL5_PUB_KEY_SIZE) + wc_MlDsaKey_SetParams(key, WC_ML_DSA_87); + else + ret = WC_KEY_SIZE_E; + } + if (ret == 0) + ret = wc_MlDsaKey_ImportPubRaw(key, pubKey, pubKeySize); + + if (pubKey != NULL) + XFREE(pubKey, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +/** + * Convert the wolfCrypt hash type to a digest mechanism. + * + * @param hashType [in] Hash type. + * @param hashMech [out] Pointer to digest mechanism. + + * @return BAD_FUNC_ARG when the hash type is not recognized. + * 0 on success. + */ +static int Pkcs11GetMldsaPreHash(int hashType, + CK_MECHANISM_TYPE_PTR hashMech) +{ + int ret = 0; + + if (hashMech == NULL) { + return BAD_FUNC_ARG; + } + + switch (hashType) { + case WC_HASH_TYPE_SHA256: + *hashMech = CKM_SHA256; + break; + case WC_HASH_TYPE_SHA384: + *hashMech = CKM_SHA384; + break; + case WC_HASH_TYPE_SHA512: + *hashMech = CKM_SHA512; + break; + #ifndef WOLFSSL_NOSHA512_256 + case WC_HASH_TYPE_SHA512_256: + *hashMech = CKM_SHA512_256; + break; + #endif + case WC_HASH_TYPE_SHA3_256: + *hashMech = CKM_SHA3_256; + break; + case WC_HASH_TYPE_SHA3_384: + *hashMech = CKM_SHA3_384; + break; + case WC_HASH_TYPE_SHA3_512: + *hashMech = CKM_SHA3_512; + break; + default: + ret = BAD_FUNC_ARG; + break; + } + + return ret; +} + +/** + * Perform an ML-DSA key generation operation. + * The private key data stays on the device. + * + * @param [in] session Session object. + * @param [in] key ML-DSA key. Already configured with the desired + * level and parameters. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return 0 on success. + */ +static int Pkcs11MldsaKeyGen(Pkcs11Session* session, MlDsaKey* key) +{ + int ret = 0; + CK_RV rv; + CK_OBJECT_HANDLE pubKey = NULL_PTR, privKey = NULL_PTR; + CK_MECHANISM mech; + CK_MECHANISM_INFO mechInfo; + CK_ML_DSA_PARAMETER_SET_TYPE param_set = 0; + + /* Empty entries for optional label/ID. */ + CK_ATTRIBUTE pubKeyTmpl[] = { + { CKA_CLASS, &pubKeyClass, sizeof(pubKeyClass) }, + { CKA_VERIFY, &ckTrue, sizeof(ckTrue) }, + { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, + { CKA_PARAMETER_SET, ¶m_set, sizeof(param_set) }, + { 0, NULL, 0 }, + { 0, NULL, 0 } + }; + /* Mandatory entries + 2 optional. */ + CK_ULONG pubTmplCnt = sizeof(pubKeyTmpl)/sizeof(*pubKeyTmpl) - 2; + + /* Empty entries for optional label/ID. */ + CK_ATTRIBUTE privKeyTmpl[] = { + { CKA_CLASS, &privKeyClass, sizeof(privKeyClass) }, + { CKA_SIGN, &ckTrue, sizeof(ckTrue) }, + { CKA_KEY_TYPE, &mldsaKeyType, sizeof(mldsaKeyType) }, + { CKA_PARAMETER_SET, ¶m_set, sizeof(param_set) }, + { 0, NULL, 0 }, + { 0, NULL, 0 } + }; + /* Mandatory entries + 2 optional. */ + CK_ULONG privTmplCnt = sizeof(privKeyTmpl)/sizeof(*privKeyTmpl) - 2; + + ret = Pkcs11MechAvail(session, CKM_ML_DSA_KEY_PAIR_GEN, &mechInfo); + if (ret == 0) { + if ((key->level == WC_ML_DSA_44) && + (mechInfo.ulMinKeySize <= ML_DSA_LEVEL2_PUB_KEY_SIZE) && + (mechInfo.ulMaxKeySize >= ML_DSA_LEVEL2_PUB_KEY_SIZE)) { + param_set = CKP_ML_DSA_44; + } + else if ((key->level == WC_ML_DSA_65) && + (mechInfo.ulMinKeySize <= ML_DSA_LEVEL3_PUB_KEY_SIZE) && + (mechInfo.ulMaxKeySize >= ML_DSA_LEVEL3_PUB_KEY_SIZE)) { + param_set = CKP_ML_DSA_65; + } + else if ((key->level == WC_ML_DSA_87) && + (mechInfo.ulMinKeySize <= ML_DSA_LEVEL5_PUB_KEY_SIZE) && + (mechInfo.ulMaxKeySize >= ML_DSA_LEVEL5_PUB_KEY_SIZE)) { + param_set = CKP_ML_DSA_87; + } + else { + ret = WC_KEY_SIZE_E; + } + } + if (ret == 0) { + WOLFSSL_MSG("PKCS#11: ML-DSA Key Generation Operation"); + + if (key->labelLen != 0) { + privKeyTmpl[privTmplCnt].type = CKA_LABEL; + privKeyTmpl[privTmplCnt].pValue = key->label; + privKeyTmpl[privTmplCnt].ulValueLen = key->labelLen; + privTmplCnt++; + + pubKeyTmpl[pubTmplCnt].type = CKA_LABEL; + pubKeyTmpl[pubTmplCnt].pValue = key->label; + pubKeyTmpl[pubTmplCnt].ulValueLen = key->labelLen; + pubTmplCnt++; + } + if (key->idLen != 0) { + privKeyTmpl[privTmplCnt].type = CKA_ID; + privKeyTmpl[privTmplCnt].pValue = key->id; + privKeyTmpl[privTmplCnt].ulValueLen = key->idLen; + privTmplCnt++; + + pubKeyTmpl[pubTmplCnt].type = CKA_ID; + pubKeyTmpl[pubTmplCnt].pValue = key->id; + pubKeyTmpl[pubTmplCnt].ulValueLen = key->idLen; + pubTmplCnt++; + } + + mech.mechanism = CKM_ML_DSA_KEY_PAIR_GEN; + mech.ulParameterLen = 0; + mech.pParameter = NULL; + + PKCS11_DUMP_TEMPLATE("Private Key", privKeyTmpl, privTmplCnt); + PKCS11_DUMP_TEMPLATE("Public Key", pubKeyTmpl, pubTmplCnt); + + rv = session->func->C_GenerateKeyPair(session->handle, &mech, + pubKeyTmpl, pubTmplCnt, + privKeyTmpl, privTmplCnt, + &pubKey, &privKey); + PKCS11_RV("C_GenerateKeyPair", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + + if (ret == 0) + ret = Pkcs11GetMldsaPublicKey(key, session, pubKey); + + if (pubKey != NULL_PTR) + session->func->C_DestroyObject(session->handle, pubKey); + if (ret == 0 && privKey != NULL_PTR) { + key->devCtx = (void*)(wc_ptr_t)privKey; + } + else if (ret != 0 && privKey != NULL_PTR) + session->func->C_DestroyObject(session->handle, privKey); + + return ret; +} + +/** + * Performs the ML-DSA signing operation. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return 0 on success. + */ +static int Pkcs11MldsaSign(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + int sessionKey = 0; + CK_RV rv; + CK_ULONG outLen; + CK_MECHANISM mech; + CK_MECHANISM_INFO mechInfo; + CK_OBJECT_HANDLE privateKey = NULL_PTR; + MlDsaKey* key = (MlDsaKey*) info->pk.pqc_sign.key; + + union { + CK_SIGN_ADDITIONAL_CONTEXT pure; + CK_HASH_SIGN_ADDITIONAL_CONTEXT preHash; + } paramSet; + XMEMSET(¶mSet, 0, sizeof(paramSet)); + + /* Check operation is supported. */ + if (info->pk.pqc_sign.preHashType != WC_HASH_TYPE_NONE) { + ret = Pkcs11MechAvail(session, CKM_HASH_ML_DSA, &mechInfo); + } + else { + ret = Pkcs11MechAvail(session, CKM_ML_DSA, &mechInfo); + } + if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) { + ret = NOT_COMPILED_IN; + } + if (ret == 0 && info->pk.pqc_sign.outlen == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0 && info->pk.pqc_sign.out == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + WOLFSSL_MSG("PKCS#11: ML-DSA Signing Operation"); + + if (key->devCtx != NULL) { + privateKey = (CK_OBJECT_HANDLE)(wc_ptr_t)key->devCtx; + } + else if ((sessionKey = key->prvKeySet)) + ret = Pkcs11CreateMldsaPrivateKey(&privateKey, session, + key, &mechInfo); + else if (key->labelLen > 0) { + ret = Pkcs11FindKeyByLabel(&privateKey, CKO_PRIVATE_KEY, CKK_ML_DSA, + session, key->label, key->labelLen); + } + else if (key->idLen > 0) { + ret = Pkcs11FindKeyById(&privateKey, CKO_PRIVATE_KEY, CKK_ML_DSA, + session, key->id, key->idLen); + } + else { + ret = Pkcs11FindMldsaKey(&privateKey, CKO_PRIVATE_KEY, session, + key); + } + } + if (ret == 0) { + /* Prepare mechanism structure */ + mech.mechanism = CKM_ML_DSA; + mech.ulParameterLen = 0; + mech.pParameter = NULL; + + if (info->pk.pqc_sign.preHashType != WC_HASH_TYPE_NONE) { + /* Set the preHash algorithm */ + ret = Pkcs11GetMldsaPreHash(info->pk.pqc_sign.preHashType, + ¶mSet.preHash.hash); + if (ret == 0) { + mech.mechanism = CKM_HASH_ML_DSA; + mech.pParameter = ¶mSet.preHash; + mech.ulParameterLen = sizeof(paramSet.preHash); + } + + /* Set the context data */ + if (info->pk.pqc_sign.context != NULL && + info->pk.pqc_sign.contextLen > 0) { + paramSet.preHash.pContext = (byte*)info->pk.pqc_sign.context; + paramSet.preHash.ulContextLen = info->pk.pqc_sign.contextLen; + } + else { + paramSet.preHash.pContext = NULL; + paramSet.preHash.ulContextLen = 0; + } + + /* Hard-code the hedge variant to CKH_HEDGE_REQUIRED as we currently + * do not support deterministic signing for ML-DSA via the CryptoCb + * interface. */ + paramSet.preHash.hedgeVariant = CKH_HEDGE_REQUIRED; + } + else { + /* Set the context data */ + if (info->pk.pqc_sign.context != NULL && + info->pk.pqc_sign.contextLen > 0) { + paramSet.pure.pContext = (byte*) info->pk.pqc_sign.context; + paramSet.pure.ulContextLen = info->pk.pqc_sign.contextLen; + + /* Hard-code the hedge variant to CKH_HEDGE_REQUIRED as we + * currently do not support deterministic signing for ML-DSA + * via the CryptoCb interface. */ + paramSet.pure.hedgeVariant = CKH_HEDGE_REQUIRED; + + mech.pParameter = ¶mSet.pure; + mech.ulParameterLen = sizeof(paramSet.pure); + } + } + } + if (ret == 0) { + rv = session->func->C_SignInit(session->handle, &mech, privateKey); + PKCS11_RV("C_SignInit", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + + if (ret == 0) { + outLen = *info->pk.pqc_sign.outlen; + rv = session->func->C_Sign(session->handle, + (CK_BYTE_PTR)info->pk.pqc_sign.in, + info->pk.pqc_sign.inlen, + info->pk.pqc_sign.out, + &outLen); + PKCS11_RV("C_Sign", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + + if (ret == 0) { + *info->pk.pqc_sign.outlen = outLen; + } + + if (sessionKey) + session->func->C_DestroyObject(session->handle, privateKey); + + return ret; +} + +/** + * Performs the ML-DSA verification operation. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return 0 on success. + */ +static int Pkcs11MldsaVerify(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + int sessionKey = 0; + CK_RV rv; + CK_MECHANISM mech; + CK_MECHANISM_INFO mechInfo; + CK_OBJECT_HANDLE publicKey = NULL_PTR; + MlDsaKey* key = (MlDsaKey*) info->pk.pqc_verify.key; + + union { + CK_SIGN_ADDITIONAL_CONTEXT pure; + CK_HASH_SIGN_ADDITIONAL_CONTEXT preHash; + } paramSet; + XMEMSET(¶mSet, 0, sizeof(paramSet)); + + /* Check operation is supported. */ + if (info->pk.pqc_verify.preHashType != WC_HASH_TYPE_NONE) { + ret = Pkcs11MechAvail(session, CKM_HASH_ML_DSA, &mechInfo); + } + else { + ret = Pkcs11MechAvail(session, CKM_ML_DSA, &mechInfo); + } + if (ret == 0 && (mechInfo.flags & CKF_VERIFY) == 0) { + ret = NOT_COMPILED_IN; + } + if (ret == 0 && info->pk.pqc_verify.res == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + WOLFSSL_MSG("PKCS#11: ML-DSA Verification Operation"); + + if (key->labelLen > 0) { + ret = Pkcs11FindKeyByLabel(&publicKey, CKO_PUBLIC_KEY, CKK_ML_DSA, + session, key->label, key->labelLen); + } + else if (key->idLen > 0) { + ret = Pkcs11FindKeyById(&publicKey, CKO_PUBLIC_KEY, CKK_ML_DSA, + session, key->id, key->idLen); + } + else if (key->pubKeySet) { + ret = Pkcs11CreateMldsaPublicKey(&publicKey, session, + key, &mechInfo); + sessionKey = 1; + } + else { + ret = Pkcs11FindMldsaKey(&publicKey, CKO_PUBLIC_KEY, session, + key); + } + } + if (ret == 0) { + /* Prepare mechanism structure */ + mech.mechanism = CKM_ML_DSA; + mech.ulParameterLen = 0; + mech.pParameter = NULL; + + if (info->pk.pqc_verify.preHashType != WC_HASH_TYPE_NONE) { + /* Set the preHash algorithm */ + ret = Pkcs11GetMldsaPreHash(info->pk.pqc_verify.preHashType, + ¶mSet.preHash.hash); + if (ret == 0) { + mech.mechanism = CKM_HASH_ML_DSA; + mech.pParameter = ¶mSet.preHash; + mech.ulParameterLen = sizeof(paramSet.preHash); + } + + /* Set the context data */ + if (info->pk.pqc_verify.context != NULL && + info->pk.pqc_verify.contextLen > 0) { + paramSet.preHash.pContext = (byte*) info->pk.pqc_verify.context; + paramSet.preHash.ulContextLen = info->pk.pqc_verify.contextLen; + } + else { + paramSet.preHash.pContext = NULL; + paramSet.preHash.ulContextLen = 0; + } + } + else { + /* Set the context data */ + if (info->pk.pqc_verify.context != NULL && + info->pk.pqc_verify.contextLen > 0) { + paramSet.pure.pContext = (byte*) info->pk.pqc_verify.context; + paramSet.pure.ulContextLen = info->pk.pqc_verify.contextLen; + + mech.pParameter = ¶mSet.pure; + mech.ulParameterLen = sizeof(paramSet.pure); + } + } + } + if (ret == 0) { + rv = session->func->C_VerifyInit(session->handle, &mech, publicKey); + PKCS11_RV("C_VerifyInit", rv); + if (rv != CKR_OK) { + ret = WC_HW_E; + } + } + + if (ret == 0) { + *info->pk.pqc_verify.res = 0; + rv = session->func->C_Verify(session->handle, + (CK_BYTE_PTR)info->pk.pqc_verify.msg, + info->pk.pqc_verify.msglen, + (CK_BYTE_PTR)info->pk.pqc_verify.sig, + info->pk.pqc_verify.siglen); + PKCS11_RV("C_Verify", rv); + if (rv == CKR_SIGNATURE_INVALID) + ret = SIG_VERIFY_E; + else if (rv != CKR_OK) + ret = WC_HW_E; + else + *info->pk.pqc_verify.res = 1; + } + + if (sessionKey && publicKey != NULL_PTR) + session->func->C_DestroyObject(session->handle, publicKey); + + return ret; +} + +/** + * Checks whether the stored ML-DSA private key matches the given public key. + * Do this by looking up the public key data from the associated private key. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return MP_CMP_E when the public parts are different. + * @return 0 on success. + */ +static int Pkcs11MldsaCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + byte key_level = 0; + word32 storedKeySize = 0; + word32 idx = 0; + CK_OBJECT_HANDLE privKeyHandle; + MlDsaKey* privKey = (MlDsaKey*) info->pk.pqc_sig_check.key; + WC_DECLARE_VAR(pubKey, MlDsaKey, 1, privKey->heap); + + WC_ALLOC_VAR_EX(pubKey, MlDsaKey, 1, privKey->heap, DYNAMIC_TYPE_DILITHIUM, + ret = MEMORY_E); + + /* Get the ML-DSA public key object. */ + if (ret == 0 && privKey->labelLen > 0) + ret = Pkcs11FindKeyByLabel(&privKeyHandle, CKO_PUBLIC_KEY, CKK_ML_DSA, + session, privKey->label, privKey->labelLen); + else if (ret == 0 && privKey->idLen > 0) + ret = Pkcs11FindKeyById(&privKeyHandle, CKO_PUBLIC_KEY, CKK_ML_DSA, + session, privKey->id, privKey->idLen); + else if (ret == 0) + ret = Pkcs11FindMldsaKey(&privKeyHandle, CKO_PUBLIC_KEY, + session, privKey); + if (ret == 0) { + /* Extract the public key components. */ + ret = Pkcs11GetMldsaPublicKey(privKey, session, privKeyHandle); + } + + /* Get the security level of the private key */ + if (ret == 0) + ret = wc_MlDsaKey_GetParams(privKey, &key_level); + + if (ret == 0) { + if (key_level == WC_ML_DSA_44) + storedKeySize = ML_DSA_LEVEL2_PUB_KEY_SIZE; + else if (key_level == WC_ML_DSA_65) + storedKeySize = ML_DSA_LEVEL3_PUB_KEY_SIZE; + else if (key_level == WC_ML_DSA_87) + storedKeySize = ML_DSA_LEVEL5_PUB_KEY_SIZE; + else + ret = WC_KEY_SIZE_E; + } + + if ((ret == 0) && + ((ret = wc_MlDsaKey_Init(pubKey, privKey->heap, INVALID_DEVID)) == 0)) { + ret = wc_MlDsaKey_SetParams(pubKey, key_level); + if (ret == 0) { + ret = wc_MlDsaKey_PublicKeyDecode(pubKey, + info->pk.pqc_sig_check.pubKey, + info->pk.pqc_sig_check.pubKeySz, + &idx); + } + if (ret == 0) { + /* Compare the data of the provided public key with the data + * stored in the private key object */ + ret = XMEMCMP(privKey->p, pubKey->p, storedKeySize); + if (ret != 0) + ret = MP_CMP_E; + } + wc_MlDsaKey_Free(pubKey); + } + + WC_FREE_VAR_EX(pubKey, privKey->heap, DYNAMIC_TYPE_DILITHIUM); + + return ret; +} + +/** + * Deletes the ML-DSA private key. + * + * @param [in] session Session object. + * @param [in] key ML-DSA key. + * @return 0 on success. + */ +static int Pkcs11MldsaDeletePrivKey(Pkcs11Session* session, MlDsaKey* key) +{ + CK_OBJECT_HANDLE privateKey; + + if (key != NULL && key->devCtx != NULL) { + privateKey = (CK_OBJECT_HANDLE)(wc_ptr_t)key->devCtx; + + session->func->C_DestroyObject(session->handle, privateKey); + + key->devCtx = NULL; + } + + return 0; +} + +/** + * Perform a PQC key generation operation. + * The private key data stays on the device. + * + * @param [in] session Session object. + * @param [in] info Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return 0 on success. + */ +static int Pkcs11PqcSigKeyGen(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + + switch (info->pk.pqc_sig_kg.type) { + case WC_PQC_SIG_TYPE_DILITHIUM: + ret = Pkcs11MldsaKeyGen(session, + (MlDsaKey*)info->pk.pqc_sig_kg.key); + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} + +/** + * Performs the signing operation with the PQC algorithm. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return 0 on success. + */ +static int Pkcs11PqcSigSign(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + + switch (info->pk.pqc_sign.type) { + case WC_PQC_SIG_TYPE_DILITHIUM: + ret = Pkcs11MldsaSign(session, info); + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} + +/** + * Performs the verification operation with the PQC algorithm. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return 0 on success. + */ +static int Pkcs11PqcSigVerify(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + + switch (info->pk.pqc_verify.type) { + case WC_PQC_SIG_TYPE_DILITHIUM: + ret = Pkcs11MldsaVerify(session, info); + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} + +/** + * Checks whether the stored PQC private key matches the given PQC public key. + * + * @param session [in] Session object. + * @param info [in] Cryptographic operation data. + * @return WC_HW_E when a PKCS#11 library call fails. + * @return MEMORY_E when a memory allocation fails. + * @return MP_CMP_E when the public parts are different. + * @return 0 on success. + */ +static int Pkcs11PqcSigCheckPrivKey(Pkcs11Session* session, wc_CryptoInfo* info) +{ + int ret = 0; + + switch (info->pk.pqc_sig_check.type) { + case WC_PQC_SIG_TYPE_DILITHIUM: + ret = Pkcs11MldsaCheckPrivKey(session, info); + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} +#endif /* HAVE_DILITHIUM */ + #if !defined(NO_AES) && defined(HAVE_AESGCM) /** * Performs the AES-GCM encryption operation. @@ -3428,12 +4768,10 @@ CK_ULONG outLen; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-GCM Encryption Operation"); @@ -3523,12 +4861,10 @@ word32 len; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_GCM, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_GCM, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-GCM Decryption Operation"); @@ -3632,12 +4968,10 @@ CK_ULONG outLen; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-CBC Encryption Operation"); @@ -3708,12 +5042,10 @@ CK_ULONG outLen; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CBC, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_CBC, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-CBC Decryption Operation"); @@ -3788,12 +5120,10 @@ CK_ULONG outLen; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_ENCRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_ENCRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-CTR Encryption Operation"); @@ -3869,12 +5199,10 @@ CK_ULONG outLen; /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_AES_CTR, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_DECRYPT) == 0) + ret = Pkcs11MechAvail(session, CKM_AES_CTR, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_DECRYPT) == 0) { ret = NOT_COMPILED_IN; - + } if (ret == 0) { WOLFSSL_MSG("PKCS#11: AES-CTR Decryption Operation"); @@ -3959,11 +5287,10 @@ ret = Pkcs11HmacTypes(info->hmac.macType, &mechType, &keyType); if (ret == 0) { /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, mechType, - &mechInfo); - PKCS11_RV("C_GetMechanismInfo", rv); - if (rv != CKR_OK || (mechInfo.flags & CKF_SIGN) == 0) + ret = Pkcs11MechAvail(session, mechType, &mechInfo); + if (ret == 0 && (mechInfo.flags & CKF_SIGN) == 0) { ret = NOT_COMPILED_IN; + } } /* Check whether key been used to initialized. */ @@ -4233,7 +5560,7 @@ */ if (ret == 0) { if (info->algo_type == WC_ALGO_TYPE_PK) { -#if !defined(NO_RSA) || defined(HAVE_ECC) +#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_DILITHIUM) switch (info->pk.type) { #ifndef NO_RSA case WC_PK_TYPE_RSA: @@ -4313,13 +5640,43 @@ } break; #endif + #if defined(HAVE_DILITHIUM) + case WC_PK_TYPE_PQC_SIG_KEYGEN: + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11PqcSigKeyGen(&session, info); + Pkcs11CloseSession(token, &session); + } + break; + case WC_PK_TYPE_PQC_SIG_SIGN: + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11PqcSigSign(&session, info); + Pkcs11CloseSession(token, &session); + } + break; + case WC_PK_TYPE_PQC_SIG_VERIFY: + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11PqcSigVerify(&session, info); + Pkcs11CloseSession(token, &session); + } + break; + case WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY: + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11PqcSigCheckPrivKey(&session, info); + Pkcs11CloseSession(token, &session); + } + break; + #endif default: ret = NOT_COMPILED_IN; break; } #else ret = NOT_COMPILED_IN; -#endif /* !NO_RSA || HAVE_ECC */ +#endif /* !NO_RSA || HAVE_ECC || HAVE_DILITHIUM */ } else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { #ifndef NO_AES @@ -4427,8 +5784,50 @@ ret = NOT_COMPILED_IN; #endif } - else + else if (info->algo_type == WC_ALGO_TYPE_FREE) { + #ifdef HAVE_ECC + if (info->free.algo == WC_ALGO_TYPE_PK && + info->free.type == WC_PK_TYPE_EC_KEYGEN) { + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11EccDeletePrivKey(&session, + (ecc_key*)info->free.obj); + Pkcs11CloseSession(token, &session); + } + /* Return CRYPTOCB_UNAVAILABLE so wc_ecc_free() still + * performs software cleanup. This callback only releases + * the HSM object. Conditional because wc_ecc_free returns + * int and can propagate an HSM error to the caller. */ + if (ret == 0) + ret = CRYPTOCB_UNAVAILABLE; + } + else + #endif + #ifdef HAVE_DILITHIUM + if (info->free.algo == WC_ALGO_TYPE_PK && + info->free.type == WC_PK_TYPE_PQC_SIG_KEYGEN && + info->free.subType == WC_PQC_SIG_TYPE_DILITHIUM) { + ret = Pkcs11OpenSession(token, &session, readWrite); + if (ret == 0) { + ret = Pkcs11MldsaDeletePrivKey(&session, + (MlDsaKey*)info->free.obj); + Pkcs11CloseSession(token, &session); + } + /* Always return CRYPTOCB_UNAVAILABLE so wc_dilithium_free() + * performs software cleanup. This callback only releases + * the HSM object. Unconditional because wc_dilithium_free + * returns void and cannot propagate an error. */ + ret = CRYPTOCB_UNAVAILABLE; + } + else + #endif + { + ret = NOT_COMPILED_IN; + } + } + else { ret = NOT_COMPILED_IN; + } } return ret; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_port.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* port.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,6 +19,77 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +wolfCrypt Porting Build Options: + +Threading/Mutex options: + * SINGLE_THREADED: No-op mutex/threading implementations default: off + * WOLFSSL_PTHREADS: Use pthread-based mutex/threading default: off + * (auto-detected on most POSIX systems) + * WOLFSSL_MUTEX_INITIALIZER: Use static mutex initialization default: off + * WC_MUTEX_OPS_INLINE: Use inlined mutex operations default: off + * WOLFSSL_USER_MUTEX: User-provided mutex implementation default: off + * WOLFSSL_COND: Enable condition variable support default: off + * WOLFSSL_USE_RWLOCK: Enable reader-writer lock support default: off + * WOLFSSL_THREAD_NO_JOIN: Create threads without join default: off + * WOLFSSL_ALGO_HW_MUTEX: Per-algorithm hardware mutex locks default: off + * Controls AES, hash, PK, and RNG mutexes. + * WOLFSSL_CRYPT_HW_MUTEX: Cryptography hardware mutex default: off + * Master control for all HW mutex init. + * NO_AES_MUTEX: Disable AES hardware mutex default: off + * NO_HASH_MUTEX: Disable hash hardware mutex default: off + * NO_PK_MUTEX: Disable public-key hardware mutex default: off + * NO_RNG_MUTEX: Disable RNG hardware mutex default: off + * + * Memory options: + * USE_WOLFSSL_MEMORY: Enable custom memory allocation hooks default: on + * WOLFSSL_STATIC_MEMORY: Use static memory pools instead of default: off + * dynamic allocation. + * WOLFSSL_TRACK_MEMORY: Enable memory allocation tracking default: off + * WOLFSSL_TRACK_MEMORY_VERBOSE: Verbose memory tracking output default: off + * WOLFSSL_FORCE_MALLOC_FAIL_TEST: Force malloc failures for default: off + * testing error handling paths. + * WOLFSSL_MEM_FAIL_COUNT: Count malloc failures for testing default: off + * WOLFSSL_CHECK_MEM_ZERO: Verify sensitive memory is zeroed default: off + * on free. Debug tool for key material. + * + * Filesystem options: + * NO_FILESYSTEM: Disable all filesystem operations default: off + * NO_WOLFSSL_DIR: Disable directory listing/iteration default: off + * + * Time options: + * WOLFSSL_GMTIME: Provide custom gmtime implementation default: off + * HAVE_TIME_T_TYPE: Platform provides time_t default: auto + * TIME_OVERRIDES: Application provides custom time funcs default: off + * USER_TICKS: Application provides tick counter default: off + * USE_WOLF_TM: Use wolfSSL struct tm definition default: off + * + * String function options: + * STRING_USER: User provides all string functions default: off + * USE_WOLF_STRTOK: Use wolfSSL strtok implementation default: off + * USE_WOLF_STRSEP: Use wolfSSL strsep implementation default: off + * USE_WOLF_STRLCPY: Use wolfSSL strlcpy implementation default: off + * USE_WOLF_STRLCAT: Use wolfSSL strlcat implementation default: off + * USE_WOLF_STRCASECMP: Use wolfSSL strcasecmp implementation default: off + * USE_WOLF_STRNCASECMP:Use wolfSSL strncasecmp implementation default: off + * USE_WOLF_STRDUP: Use wolfSSL strdup implementation default: off + * + * Atomic operation options: + * WOLFSSL_ATOMIC_OPS: Enable atomic operations for thread default: off + * safety without full mutexes. + * WOLFSSL_USER_DEFINED_ATOMICS: User-provided atomic impl default: off + * WOLFSSL_HAVE_ATOMIC_H: Has C11 atomic.h header default: off + * + * General options: + * WOLFCRYPT_ONLY: Exclude TLS/SSL, wolfCrypt only build default: off + * WOLFSSL_LEANPSK: Lean PSK build, minimal features default: off + * WOLF_C89: C89 compatibility mode default: off + * WOLFSSL_SMALL_STACK: Reduce stack usage by allocating from default: off + * heap instead. Slower but needed for + * constrained environments. + * DEBUG_WOLFSSL_VERBOSE: Enable verbose debug logging default: off + */ + #include #ifdef __APPLE__ @@ -27,7 +98,7 @@ #include #ifdef HAVE_ENTROPY_MEMUSE - #include + #include #endif #ifdef HAVE_ECC #include @@ -68,7 +139,7 @@ #if defined(WOLFSSL_RENESAS_RX64_HASH) #include #endif -#if defined(WOLFSSL_STSAFEA100) +#ifdef WOLFSSL_STSAFE #include #endif @@ -151,7 +222,11 @@ #endif /* prevent multiple mutex initializations */ -static volatile int initRefCount = 0; +#ifdef WOLFSSL_ATOMIC_OPS + wolfSSL_Atomic_Int initRefCount = WOLFSSL_ATOMIC_INITIALIZER(0); +#else + static int initRefCount = 0; +#endif #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT) int aarch64_use_sb = 0; @@ -164,7 +239,8 @@ int wolfCrypt_Init(void) { int ret = 0; - if (initRefCount == 0) { + int my_initRefCount = wolfSSL_Atomic_Int_FetchAdd(&initRefCount, 1); + if (my_initRefCount == 0) { WOLFSSL_ENTER("wolfCrypt_Init"); #if defined(__aarch64__) && defined(WOLFSSL_ARMASM_BARRIER_DETECT) @@ -298,8 +374,12 @@ return ret; } #endif - #if defined(WOLFSSL_STSAFEA100) - stsafe_interface_init(); + #ifdef WOLFSSL_STSAFE + ret = stsafe_interface_init(); + if (ret != 0) { + WOLFSSL_MSG("STSAFE init failed"); + return ret; + } #endif #if defined(WOLFSSL_TROPIC01) ret = Tropic01_Init(); @@ -444,8 +524,16 @@ return ret; } #endif + + /* increment to 2, to signify successful initialization: */ + (void)wolfSSL_Atomic_Int_FetchAdd(&initRefCount, 1); + } + else { + if (my_initRefCount < 2) { + (void)wolfSSL_Atomic_Int_FetchSub(&initRefCount, 1); + ret = BUSY_E; + } } - initRefCount++; return ret; } @@ -469,12 +557,9 @@ int wolfCrypt_Cleanup(void) { int ret = 0; + int my_initRefCount = wolfSSL_Atomic_Int_SubFetch(&initRefCount, 1); - initRefCount--; - if (initRefCount < 0) - initRefCount = 0; - - if (initRefCount == 0) { + if (my_initRefCount == 1) { WOLFSSL_ENTER("wolfCrypt_Cleanup"); #ifdef HAVE_ECC @@ -564,11 +649,18 @@ * must be freed. */ wc_MemZero_Free(); #endif - } + + (void)wolfSSL_Atomic_Int_SubFetch(&initRefCount, 1); #if defined(HAVE_LIBOQS) - wolfSSL_liboqsClose(); + wolfSSL_liboqsClose(); #endif + } + else if (my_initRefCount < 0) { + (void)wolfSSL_Atomic_Int_AddFetch(&initRefCount, 1); + WOLFSSL_MSG("wolfCrypt_Cleanup() called with initRefCount <= 0."); + ret = ALREADY_E; + } return ret; } @@ -1340,6 +1432,11 @@ return val - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return atomic_swap_int(c, new_i); +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1359,7 +1456,7 @@ } int wolfSSL_Atomic_Ptr_CompareExchange( - void **c, void **expected_ptr, void *new_ptr) + void * volatile *c, void **expected_ptr, void *new_ptr) { uintptr_t exp = (uintptr_t)*expected_ptr; int ret = atomic_fcmpset_ptr((uintptr_t *)c, &exp, (uintptr_t)new_ptr); @@ -1403,6 +1500,11 @@ return ret - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return atomic_exchange_explicit(c, new_i, memory_order_seq_cst); +} + int wolfSSL_Atomic_Int_CompareExchange( wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1456,15 +1558,23 @@ } int wolfSSL_Atomic_Ptr_CompareExchange( - void **c, void **expected_ptr, void *new_ptr) + void * volatile *c, void **expected_ptr, void *new_ptr) { /* use gcc-built-in __atomic_compare_exchange_n(), not * atomic_compare_exchange_strong_explicit(), to sidestep _Atomic type * requirements. */ - return __atomic_compare_exchange_n( - c, expected_ptr, new_ptr, 0 /* weak */, - __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE); + if (__atomic_compare_exchange_n( + c, expected_ptr, new_ptr, +#ifdef WOLF_C89 + 0 /* weak */, +#else + (_Bool)0 /* weak */, +#endif + __ATOMIC_SEQ_CST, __ATOMIC_ACQUIRE)) + return 1; + else + return 0; } #elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) @@ -1500,6 +1610,11 @@ return __atomic_sub_fetch(c, i, __ATOMIC_RELAXED); } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + return __atomic_exchange_n(c, new_i, __ATOMIC_SEQ_CST); +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1551,7 +1666,7 @@ } int wolfSSL_Atomic_Ptr_CompareExchange( - void **c, void **expected_ptr, void *new_ptr) + void * volatile *c, void **expected_ptr, void *new_ptr) { return __atomic_compare_exchange_n( c, expected_ptr, new_ptr, 0 /* weak */, @@ -1592,6 +1707,12 @@ return ret - i; } +int wolfSSL_Atomic_Int_Exchange(wolfSSL_Atomic_Int* c, int new_i) +{ + long actual_i = InterlockedExchange(c, (long)new_i); + return (int)actual_i; +} + int wolfSSL_Atomic_Int_CompareExchange(wolfSSL_Atomic_Int* c, int *expected_i, int new_i) { @@ -1651,7 +1772,7 @@ } int wolfSSL_Atomic_Ptr_CompareExchange( - void ** c, void **expected_ptr, void *new_ptr) + void * volatile * c, void **expected_ptr, void *new_ptr) { #ifdef _WIN64 LONG64 actual_ptr = InterlockedCompareExchange64( @@ -1698,6 +1819,7 @@ if (wc_FreeMutex(&ref->mutex) != 0) { WOLFSSL_MSG("Failed to free mutex of reference counting!"); } + ref->count = 0; } void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, int* err) @@ -1713,6 +1835,21 @@ *err = ret; } +void wolfSSL_RefWithMutexInc2(wolfSSL_RefWithMutex* ref, int *new_count, + int* err) +{ + int ret = wc_LockMutex(&ref->mutex); + if (ret != 0) { + WOLFSSL_MSG("Failed to lock mutex for reference increment!"); + *new_count = -1; + } + else { + *new_count = ++ref->count; + wc_UnLockMutex(&ref->mutex); + } + *err = ret; +} + int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref) { return wc_LockMutex(&ref->mutex); @@ -1740,6 +1877,24 @@ } *err = ret; } + +void wolfSSL_RefWithMutexDec2(wolfSSL_RefWithMutex* ref, int* new_count, + int* err) +{ + int ret = wc_LockMutex(&ref->mutex); + if (ret != 0) { + WOLFSSL_MSG("Failed to lock mutex for reference decrement!"); + *new_count = -1; + } + else { + if (ref->count > 0) { + ref->count--; + } + *new_count = ref->count; + wc_UnLockMutex(&ref->mutex); + } + *err = ret; +} #endif /* ! SINGLE_THREADED */ #if WOLFSSL_CRYPT_HW_MUTEX @@ -4115,12 +4270,12 @@ unsigned int s2_len = (unsigned int)XSTRLEN(s2); if (s2_len == 0) - return (char*)s1; + return (char *)(wc_ptr_t)s1; while (n >= s2_len && s1[0]) { if (s1[0] == s2[0]) if (XMEMCMP(s1, s2, s2_len) == 0) - return (char*)s1; + return (char *)(wc_ptr_t)s1; s1++; n--; } @@ -4976,13 +5131,17 @@ #endif /* not SINGLE_THREADED */ #if defined(WOLFSSL_LINUXKM) && defined(CONFIG_ARM64) && \ - defined(WC_PIE_RELOC_TABLES) + defined(WC_SYM_RELOC_TABLES) +#ifndef CONFIG_ARCH_TEGRA + +#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) noinstr void my__alt_cb_patch_nops(struct alt_instr *alt, __le32 *origptr, __le32 *updptr, int nr_inst) { return WC_PIE_INDIRECT_SYM(alt_cb_patch_nops) (alt, origptr, updptr, nr_inst); } +#endif /* LINUX_VERSION_CODE >= KERNEL_VERSION(6, 1, 0) */ void my__queued_spin_lock_slowpath(struct qspinlock *lock, u32 val) { @@ -4990,3 +5149,4 @@ (lock, val); } #endif +#endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_slhdsa.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_slhdsa.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_slhdsa.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_slhdsa.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,7321 @@ +/* wc_slhdsa.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include + +#ifdef WOLFSSL_HAVE_SLHDSA + +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif +#include +#include + +#if defined(USE_INTEL_SPEEDUP) +/* CPU information for Intel. */ +static cpuid_flags_t cpuid_flags = WC_CPUID_INITIALIZER; +#endif + + +/* Winternitz number. */ +#define SLHDSA_W 16 +/* Number of iterations of hashing itself from Winternitz number. */ +#define SLHDSA_WM1 (SLHDSA_W - 1) + + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256 + /* Maximum size of hash output. */ + #define SLHDSA_MAX_N 32 + #ifndef WOLFSSL_SLHDSA_PARAM_NO_FAST + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 35 + #else + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 22 + #endif +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + /* Maximum size of hash output. */ + #define SLHDSA_MAX_N 24 + #ifndef WOLFSSL_SLHDSA_PARAM_NO_FAST + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 33 + #else + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 17 + #endif +#else + /* Maximum size of hash output. */ + #define SLHDSA_MAX_N 16 + #ifndef WOLFSSL_SLHDSA_PARAM_NO_FAST + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 33 + #else + /* Maximum number of indices for FORS signatures. */ + #define SLHDSA_MAX_INDICES_SZ 14 + #endif +#endif + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_SMALL + #if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 14 + #elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 14 + #else + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 12 + #endif +#else + #if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 9 + #elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 8 + #else + /* Maximum number of trees for FORS. */ + #define SLHDSA_MAX_A 6 + #endif +#endif + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_SMALL + /* Maximum height of Merkle tree. */ + #define SLHDSA_MAX_H_M 9 +#else + /* Maximum height of Merkle tree. */ + #define SLHDSA_MAX_H_M 3 +#endif + +/* Maximum message size in nibbles. */ +#define SLHDSA_MAX_MSG_SZ ((2 * SLHDSA_MAX_N) + 3) + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256F + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 49 +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_256S) + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 47 +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192F) + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 42 +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192S) + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 39 +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_128F) + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 34 +#else + /* Maximum number of bytes to produce from digest of message. */ + #define SLHDSA_MAX_MD 30 +#endif + + +/****************************************************************************** + * HashAddress + ******************************************************************************/ + +/* HashAddress types. */ +/* WOTS+ hash. */ +#define HA_WOTS_HASH 0 +/* WOTS+ Public Key. */ +#define HA_WOTS_PK 1 +/* XMSS tree. */ +#define HA_TREE 2 +/* FORS tree. */ +#define HA_FORS_TREE 3 +/* FORS Root. */ +#define HA_FORS_ROOTS 4 +/* WOTS Pseudo-random function. */ +#define HA_WOTS_PRF 5 +/* FORS Pseudo-random function. */ +#define HA_FORS_PRF 6 + +/* Size of an encoded HashAddress. */ +#define SLHDSA_HA_SZ 32 + +/* Initialize a HashAddress. + * + * @param [in] a HashAddress to initialize. + */ +#define HA_Init(a) XMEMSET(a, 0, sizeof(HashAddress)) +/* Copy a HashAddress. + * + * @param [out] a HashAddress to copy into. + * @param [in] b HashAddress to copy from. + */ +#define HA_Copy(a, b) XMEMCPY(a, b, sizeof(HashAddress)) +/* Set layer address into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 1. + * + * @param [in] a HashAddress set. + * @param [in] l Layer address. + */ +#define HA_SetLayerAddress(a, l) (a)[0] = (l) +/* Set tree address into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 2. + * + * @param [in] a HashAddress set. + * @param [in] t Tree address. + */ +#define HA_SetTreeAddress(a, t) \ + do { (a)[1] = (t)[0]; (a)[2] = (t)[1]; (a)[3] = (t)[2]; } while (0) +/* Set type and clear following fields. + * + * FIPS 205. Section 4.3. Table 1. Line 3. + * + * @param [in] a HashAddress set. + * @param [in] y HashAddress type. + */ +#define HA_SetTypeAndClear(a, y) \ + do { (a)[4] = y; (a)[5] = 0; (a)[6] = 0; (a)[7] = 0; } while (0) +/* Set type and clear following fields but not Key Pair Address. + * + * FIPS 205. Section 4.3. Table 1. Line 3. But don't clear Key Pair Address. + * + * @param [in] a HashAddress set. + * @param [in] y HashAddress type. + */ +#define HA_SetTypeAndClearNotKPA(a, y) \ + do { (a)[4] = y; (a)[6] = 0; (a)[7] = 0; } while (0) +/* Set key pair address into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 4. + * + * @param [in] a HashAddress set. + * @param [in] i Key pair address. + */ +#define HA_SetKeyPairAddress(a, i) (a)[5] = (i) +/* Set chain address into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 5. + * + * @param [in] a HashAddress set. + * @param [in] i Chain address. + */ +#define HA_SetChainAddress(a, i) (a)[6] = (i) +/* Set tree height into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 5. + * + * @param [in] a HashAddress set. + * @param [in] i Tree height. + */ +#define HA_SetTreeHeight(a, i) (a)[6] = (i) +/* Set tree height as big-endian into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 5. But encode value big-endian. + * + * @param [in] a HashAddress set. + * @param [in] i Tree height. + */ +#define HA_SetTreeHeightBE(a, i) c32toa(i, (a) + (6 * 4)) +/* Set hash address into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 6. + * + * @param [in] a HashAddress set. + * @param [in] i Hash address. + */ +#define HA_SetHashAddress(a, i) (a)[7] = (i) +/* Set tree index into HashAddress. + * + * FIPS 205. Section 4.3. Table 1. Line 6. + * + * @param [in] a HashAddress set. + * @param [in] i Tree index. + */ +#define HA_SetTreeIndex(a, i) (a)[7] = (i) +/* Copy key pair address from one HashAddress to another. + * + * FIPS 205. Section 4.3. Table 1. Line 4 and 7. + * + * @param [in] a HashAddress to copy into. + * @param [in] b HashAddress to copy from. + */ +#define HA_CopyKeyPairAddress(a, b) (a)[5] = (b)[5] + +/* FIPS 205. Section 4.3. Table 1. Line 8 - Get tree index is not needed as + * index is set and index value modified before being set again. + */ + +/* HashAddress type. */ +typedef word32 HashAddress[8]; + +/* Encode a HashAddress. + * + * @param [in] adrs HashAddress to encode. + * @param [out] address Buffer to encode into. + */ +static void HA_Encode(const word32* adrs, byte* address) +{ +#ifndef WOLFSSL_WC_SLHDSA_SMALL + c32toa(adrs[0], address + (0 * 4)); + c32toa(adrs[1], address + (1 * 4)); + c32toa(adrs[2], address + (2 * 4)); + c32toa(adrs[3], address + (3 * 4)); + c32toa(adrs[4], address + (4 * 4)); + c32toa(adrs[5], address + (5 * 4)); + c32toa(adrs[6], address + (6 * 4)); + c32toa(adrs[7], address + (7 * 4)); +#else + int i; + + for (i = 0; i < 8; i++) { + c32toa(adrs[i], address + (i * 4)); + } +#endif +} + +/****************************************************************************** + * Index Tree - 3 x 32-bit words + ******************************************************************************/ + +/* Mask the tree index. + * + * @param [in] t Tree index. + * @param [in] mask Mask to apply to index. + * @return Masked tree index. + */ +#define INDEX_TREE_MASK(t, mask) ((t)[2] & (mask)) + +/* Shift the tree index down by a number of bits. + * + * @param [in] t Tree index. + * @param [in] b Number of bits to shift. + */ +#define INDEX_TREE_SHIFT_DOWN(t, b) \ + (t)[2] = ((t)[1] << (32 - (b))) | ((t)[2] >> (b)); \ + (t)[1] = (t)[1] >> (b); + +/****************************************************************************** + * Parameters + ******************************************************************************/ + +/* Create parameter entry. + * + * Other parameters: + * len = 2 * n + 3 + * dl1 = upper((k * a) / 8) + * dl2 = upper((h - (h / d)) / 8) + * dl3 = upper(h / (8 * d)) + * sigLen = Root + FORS SK + FORS AUTH + d * (XMSS SIG + XMSS AUTH) + * ( 1 + k + k * a + d * ( h2 + len)) * n + * + * @param [in] p Parameter name. + * @param [in] n Hash size in bytes. + * @param [in] h Total tree height. + * @param [in] d Depth of subtree. + * @param [in] h_m Height of message tree - XMSS tree. + * @param [in] a Number of authentication nodes. + * @param [in] k Number of FORS signatures. + */ +#define SLHDSA_PARAMETERS(p, n, h, d, h_m, a, k) \ + { (p), (n), (h), (d), (h_m), (a), (k), \ + 2 * (n) + 3, \ + (((k) * (a)) + 7) / 8, \ + (((h) - ((h) / (d))) + 7) / 8, \ + ((h) + ((8 * (d)) - 1)) / (8 * (d)), \ + (1 + (k) * (1 + (a)) + (d) * ((h_m) + 2*(n) + 3)) * (n) } + +/* An array of known parameters. + * + * FIPS 205. Section 11. Table 2. + */ +static const SlhDsaParameters SlhDsaParams[] = +{ + /* n, h, d, h_m, a, k */ +#ifndef WOLFSSL_SLHDSA_PARAM_NO_128S + SLHDSA_PARAMETERS(SLHDSA_SHAKE128S, 16, 63, 7, 9, 12, 14), +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_128F + SLHDSA_PARAMETERS(SLHDSA_SHAKE128F, 16, 66, 22, 3, 6, 33), +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_192S + SLHDSA_PARAMETERS(SLHDSA_SHAKE192S, 24, 63, 7, 9, 14, 17), +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_192F + SLHDSA_PARAMETERS(SLHDSA_SHAKE192F, 24, 66, 22, 3, 8, 33), +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256S + SLHDSA_PARAMETERS(SLHDSA_SHAKE256S, 32, 64, 8, 8, 14, 22), +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256F + SLHDSA_PARAMETERS(SLHDSA_SHAKE256F, 32, 68, 17, 4, 9, 35), +#endif +}; + +/* Number of parameters in array. */ +#define SLHDSA_PARAM_LEN \ + ((int)(sizeof(SlhDsaParams) / sizeof(SlhDsaParameters))) + +/****************************************************************************** + * Hashes + ******************************************************************************/ + +#ifndef WOLFSSL_WC_SLHDSA_SMALL +/* Hash three data elements with SHAKE-256. + * + * Will be less than WC_SHA3_256_COUNT * 8 bytes of data. + * + * @param [in] shake SHAKE-256 object. + * @param [in] data1 First block of data to hash. + * @param [in] data1_len Length of first block of data. + * @param [in] adrs Unencoded HashAddress. + * @param [in] data2 Second block of data to hash. + * @param [in] data2_len Length of second block of data. + * @param [out] hash Hash output. + * @param [in] hash_len Length of hash to output in bytes. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_shake_3(wc_Shake* shake, const byte* data1, + byte data1_len, const word32* adrs, const byte* data2, byte data2_len, + byte* hash, byte hash_len) +{ +#ifdef WOLFSSL_SLHDSA_FULL_HASH + int ret; + byte address[SLHDSA_HA_SZ]; + + /* Encode hash address. */ + HA_Encode(adrs, address); + + /* Update the SHAKE-256 object with first block of data. */ + ret = wc_Shake256_Update(shake, data1, data1_len); + if (ret == 0) { + /* Update the SHAKE-256 object with encoded HashAddress. */ + ret = wc_Shake256_Update(shake, address, SLHDSA_HA_SZ); + } + if (ret == 0) { + /* Update the SHAKE-256 object with second block of data. */ + ret = wc_Shake256_Update(shake, data2, data2_len); + } + if (ret == 0) { + /* Calculate and output hash. */ + ret = wc_Shake256_Final(shake, hash, hash_len); + } + + return ret; +#elif defined(USE_INTEL_SPEEDUP) + word64* state = shake->s; + word8* state8 = (word8*)shake->s; + word32 o = 0; + + /* Move the first block of data into the state. */ + XMEMCPY(state8 + o, data1, data1_len); + o += data1_len; + /* Encode the HashAddress into the state next. */ + HA_Encode(adrs, state8 + o); + o += SLHDSA_HA_SZ; + /* Move the second block of data into the state next. */ + XMEMCPY(state8 + o, data2, data2_len); + o += data2_len; + /* Place SHAKE end-of-content marker. */ + state8[o] = 0x1f; + o += 1; + /* Zero out rest of state. */ + XMEMSET(state8 + o, 0, sizeof(shake->s) - o); + /* Place SHAKE-256 end-of-data marker. */ + state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80; + +#ifndef WC_SHA3_NO_ASM + /* Check availability of AVX2 instructions. */ + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + /* Process the state using AVX2 instructions. */ + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + /* Check availability of BMI2 instructions. */ + else if (IS_INTEL_BMI2(cpuid_flags)) { + /* Process the state using BMI2 instructions. */ + sha3_block_bmi2(state); + } + else +#endif + { + /* Process the state using C code. */ + BlockSha3(state); + } + /* Copy hash result, of the required length, from the state into hash. */ + XMEMCPY(hash, shake->s, hash_len); + + return 0; +#else + /* Copy the first block of data into the cached data buffer. */ + XMEMCPY(shake->t, data1, data1_len); + /* Encode HashAddress into the cached data buffer next. */ + HA_Encode(adrs, shake->t + data1_len); + /* Copy the second block of data into the cached data buffer next. */ + XMEMCPY(shake->t + data1_len + SLHDSA_HA_SZ, data2, data2_len); + + /* Update count of bytes cached. */ + shake->i = data1_len + SLHDSA_HA_SZ + data2_len; + + /* Calculate and output hash. */ + return wc_Shake256_Final(shake, hash, hash_len); +#endif +} +#endif + +/* Hash four data elements with SHAKE-256. + * + * Will be less than WC_SHA3_256_COUNT * 8 bytes of data. + * + * @param [in] shake SHAKE-256 object. + * @param [in] data1 First block of data to hash. + * @param [in] data1_len Length of first block of data. + * @param [in] adrs Unencoded HashAddress. + * @param [in] data2 Second block of data to hash. + * @param [in] data2_len Length of second block of data. + * @param [in] data3 Third block of data to hash. + * @param [in] data3_len Length of third block of data. + * @param [out] hash Hash output. + * @param [in] hash_len Length of hash to output in bytes. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_shake_4(wc_Shake* shake, const byte* data1, + byte data1_len, const word32* adrs, const byte* data2, byte data2_len, + const byte* data3, byte data3_len, byte* hash, byte hash_len) +{ +#ifdef WOLFSSL_SLHDSA_FULL_HASH + int ret; + byte address[SLHDSA_HA_SZ]; + + /* Encode hash address. */ + HA_Encode(adrs, address); + + /* Update the SHAKE-256 object with first block of data. */ + ret = wc_Shake256_Update(shake, data1, data1_len); + if (ret == 0) { + /* Update the SHAKE-256 object with encoded HashAddress. */ + ret = wc_Shake256_Update(shake, address, SLHDSA_HA_SZ); + } + if (ret == 0) { + /* Update the SHAKE-256 object with second block of data. */ + ret = wc_Shake256_Update(shake, data2, data2_len); + } + if (ret == 0) { + /* Update the SHAKE-256 object with third block of data. */ + ret = wc_Shake256_Update(shake, data3, data3_len); + } + if (ret == 0) { + /* Calculate and output hash. */ + ret = wc_Shake256_Final(shake, hash, hash_len); + } + + return ret; +#elif defined(USE_INTEL_SPEEDUP) + word64* state = shake->s; + word8* state8 = (word8*)shake->s; + word32 o = 0; + + /* Move the first block of data into the state. */ + XMEMCPY(state8 + o, data1, data1_len); + o += data1_len; + /* Encode the HashAddress into the state next. */ + HA_Encode(adrs, state8 + o); + o += SLHDSA_HA_SZ; + /* Move the second block of data into the state next. */ + XMEMCPY(state8 + o, data2, data2_len); + o += data2_len; + /* Move the third block of data into the state next. */ + XMEMCPY(state8 + o, data3, data3_len); + o += data3_len; + /* Place SHAKE end-of-content marker. */ + state8[o] = 0x1f; + o += 1; + /* Zero out rest of state. */ + XMEMSET(state8 + o, 0, sizeof(shake->s) - o); + /* Place SHAKE-256 end-of-data marker. */ + state8[WC_SHA3_256_COUNT * 8 - 1] ^= 0x80; + +#ifndef WC_SHA3_NO_ASM + /* Check availability of AVX2 instructions. */ + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + /* Process the state using AVX2 instructions. */ + sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + /* Check availability of BMI2 instructions. */ + else if (IS_INTEL_BMI2(cpuid_flags)) { + /* Process the state using BMI2 instructions. */ + sha3_block_bmi2(state); + } + else +#endif + { + /* Process the state using C code. */ + BlockSha3(state); + } + /* Copy hash result, of the required length, from the state into hash. */ + XMEMCPY(hash, shake->s, hash_len); + + return 0; +#else + /* Copy the first block of data into the cached data buffer. */ + XMEMCPY(shake->t, data1, data1_len); + /* Encode HashAddress into the cached data buffer next. */ + HA_Encode(adrs, shake->t + data1_len); + /* Copy the second block of data into the cached data buffer next. */ + XMEMCPY(shake->t + data1_len + SLHDSA_HA_SZ, data2, data2_len); + /* Copy the third block of data into the cached data buffer next. */ + XMEMCPY(shake->t + data1_len + SLHDSA_HA_SZ + data2_len, data3, data3_len); + + /* Update count of bytes cached. */ + shake->i = data1_len + SLHDSA_HA_SZ + data2_len + data3_len; + + /* Calculate and output hash. */ + return wc_Shake256_Final(shake, hash, hash_len); +#endif +} + +#ifndef WOLFSSL_WC_SLHDSA_SMALL +/* PRF hash. + * + * FIPS 205. Section 4.1. + * PRF(PK.seed, SK.seed, ADRS) (Bn x Bn x B32 -> Bn) is a PRF that is used to + * generate the secret values in WOTS+ and FORS private keys. + * FIPS 205. Section 11.1. + * PRF(PK.seed, SK.seed, ADRS) = SHAKE256(PK.seed || ADRS || SK.seed, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] sk_seed Private key seed. + * @param [in] adrs HashAddress. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_PRF(shake, pk_seed, sk_seed, adrs, n, hash) \ + slhdsakey_hash_shake_3(shake, pk_seed, n, adrs, sk_seed, n, hash, n) +/* Hash F. + * + * FIPS 205. Section 4.1. + * F(PK.seed, ADRS, M1) (Bn x B32 x Bn -> Bn ) is a hash function that takes + * an n-byte message as input and produces an n-byte output. + * FIPS 205. Section 11.1. + * F(PK.seed, ADRS, M1) = SHAKE256(PK.seed || ADRS || M1, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] m Message of n bytes. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_F(shake, pk_seed, adrs, m, n, hash) \ + slhdsakey_hash_shake_3(shake, pk_seed, n, adrs, m, n, hash, n) +/* Hash H. + * + * FIPS 205. Section 4.1. + * H(PK.seed, ADRS, M2) (Bn x B32 x B2n -> Bn ) is a special case of Tl that + * takes a 2n-byte message as input. + * FIPS 205. Section 11.1. + * H(PK.seed, ADRS, M2) = SHAKE256(PK.seed || ADRS || M2, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] m Message of 2*n bytes. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_H(shake, pk_seed, adrs, node, n, hash) \ + slhdsakey_hash_shake_3(shake, pk_seed, n, adrs, node, 2 * (n), hash, (n)) +#else +/* PRF hash. + * + * FIPS 205. Section 4.1. + * PRF(PK.seed, SK.seed, ADRS) (Bn x Bn x B32 -> Bn) is a PRF that is used to + * generate the secret values in WOTS+ and FORS private keys. + * FIPS 205. Section 11.1. + * F(PK.seed, SK.seed, ADRS) = SHAKE256(PK.seed || ADRS || SK.seed, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] sk_seed Private key seed. + * @param [in] adrs HashAddress. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_PRF(shake, pk_seed, sk_seed, adrs, n, hash) \ + slhdsakey_hash_shake_4(shake, pk_seed, n, adrs, sk_seed, n, NULL, 0, \ + hash, n) +/* Hash F. + * + * FIPS 205. Section 4.1. + * F(PK.seed, ADRS, M1) (Bn x B32 x Bn -> Bn ) is a hash function that takes + * an n-byte message as input and produces an n-byte output. + * FIPS 205. Section 11.1. + * F(PK.seed, ADRS, M1) = SHAKE256(PK.seed || ADRS || M1, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] m Message of n bytes. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_F(shake, pk_seed, adrs, m, n, hash) \ + slhdsakey_hash_shake_4(shake, pk_seed, n, adrs, m, n, NULL, 0, hash, n) +/* Hash H. + * + * FIPS 205. Section 4.1. + * H(PK.seed, ADRS, M2) (Bn x B32 x B2n -> Bn ) is a special case of Tl that + * takes a 2n-byte message as input. + * FIPS 205. Section 11.1. + * H(PK.seed, ADRS, M2) = SHAKE256(PK.seed || ADRS || M2, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] m Message of 2*n bytes. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_H(shake, pk_seed, adrs, node, n, hash) \ + slhdsakey_hash_shake_4(shake, pk_seed, n, adrs, node, 2 * n, NULL, 0, \ + hash, n) +#endif + +/* Hash H with 2n byte message as two separate n byte parameters. + * + * FIPS 205. Section 4.1. + * H(PK.seed, ADRS, M2) (Bn x B32 x B2n -> Bn ) is a special case of Tl that + * takes a 2n-byte message as input. + * FIPS 205. Section 11.1. + * H(PK.seed, ADRS, M2) = SHAKE256(PK.seed || ADRS || M2, 8n) + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] m1 First n bytes of message. + * @param [in] m2 Second n bytes of message. + * @param [in] n Number of bytes in hash output. + * @param [out] hash Buffer to hold hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +#define HASH_H_2(shake, pk_seed, adrs, m1, m2, n, hash) \ + slhdsakey_hash_shake_4(shake, pk_seed, n, adrs, m1, n, m2, n, hash, n) + +/* Start hashing with SHAKE-256. + * + * @param [in] shake SHAKE-256 object. + * @param [in] data First block of data to hash. + * @param [in] len Length in bytes of first block of data. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_start(wc_Shake* shake, const byte* data, byte len) +{ +#if defined(USE_INTEL_SPEEDUP) + /* Clear state for new hash. */ + XMEMSET(shake->s, 0, sizeof(shake->s)); +#endif +#ifdef WOLFSSL_SLHDSA_FULL_HASH + /* Update the hash. */ + return wc_Shake256_Update(shake, data, len); +#else + /* Copy the data to hash into the cache and update cached length. */ + XMEMCPY(shake->t, data, len); + shake->i = len; + + return 0; +#endif +} + +/* Start hashing with SHAKE-256. HashAddress to update too. + * + * @param [in] shake SHAKE-256 object. + * @param [in] pk_seed Public key seed - a hash output. + * @param [in] adrs HashAddress. + * @param [in] n Number of bytes in hash output. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_start_addr(wc_Shake* shake, const byte* pk_seed, + const word32* adrs, byte n) +{ +#ifdef WOLFSSL_SLHDSA_FULL_HASH + int ret; + byte address[SLHDSA_HA_SZ]; + + /* Encode HashAddress. */ + HA_Encode(adrs, address); + +#if defined(USE_INTEL_SPEEDUP) + /* Clear state for new hash. */ + XMEMSET(shake->s, 0, sizeof(shake->s)); +#endif + /* Update the hash with the public key seed. */ + ret = wc_Shake256_Update(shake, pk_seed, n); + if (ret == 0) { + /* Update the hash with the encoded HashAddress. */ + ret = wc_Shake256_Update(shake, address, SLHDSA_HA_SZ); + } + + return ret; +#else +#if defined(USE_INTEL_SPEEDUP) + /* Clear state for new hash. */ + XMEMSET(shake->s, 0, sizeof(shake->s)); +#endif + /* Copy the data to hash into the cache and update cached length. */ + XMEMCPY(shake->t, pk_seed, n); + HA_Encode(adrs, shake->t + n); + shake->i = n + SLHDSA_HA_SZ; + + return 0; +#endif +} + +/* Update the hash with more data. + * + * @param [in] shake SHAKE-256 object. + * @param [in] data Block of data to hash. + * @param [in] len Length in bytes of first block of data. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_update(wc_Shake* shake, const byte* data, word32 len) +{ + return wc_Shake256_Update(shake, data, len); +} + +/* Calculate and output hash. + * + * @param [in] shake SHAKE-256 object. + * @param [out] hash Hash output. + * @param [in] len Length of hash to output in bytes. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_final(wc_Shake* shake, byte* hash, word32 len) +{ + return wc_Shake256_Final(shake, hash, len); +} + +/****************************************************************************** + * Conversion functions + ******************************************************************************/ + +/* Convert array of bytes to array of b-bit values. + * + * b is 6, 8, 9, 12 or 14. + * + * FIPS 205. Section 4.4. Algorithm 4. + * base_2b(X, b, out_len) + * 1: in <- 0 + * 2: bits <- 0 + * 3: total <- 0 + * 4: for out from 0 to out_len - 1 do + * 5: while bits < b do + * 6: total <- (total << 8) + X[in] + * 7: in <- in + 1 + * 8: bits <- bits + 8 + * 9: end while + * 10: bits <- bits - b + * 11: baseb[out] <- (total >> bits mod 2^b + * 12: end for + * 13: return baseb + * + * @param [in] x Array of bytes. + * @param [in] b Number of bits. + * @param [in] outLen Length of output array. + * @param [out] baseb Array of b-bit values. + */ +static void slhdsakey_base_2b(const byte* x, byte b, byte outLen, word16* baseb) +{ + int j; + int i = 0; + int bits = 0; + int total = 0; + word16 mask = (1 << b) - 1; + + for (j = 0; j < outLen; j++) { + while (bits < b) { + total = (total << 8) + x[i++]; + bits += 8; + } + bits -= b; + baseb[j] = (total >> bits) & mask; + } +} + +/****************************************************************************** + * WOTS+ + ******************************************************************************/ + +/* Iterate the hash function s times. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in] key SLH-DSA key. + * @param [in] x n-byte string. + * @param [in] i Start index iterations. + * @param [in] s Number of times to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] node Hash output - n bytes. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_chain(SlhDsaKey* key, const byte* x, byte i, byte s, + const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + int j; + byte n = key->params->n; + + /* When no steps, copy. */ + if (s == 0) { + /* Only copy when input and output buffers different. */ + if (x != node) { + XMEMCPY(node, x, n); + } + } + else { + /* Set the hash address for first iteration. */ + HA_SetHashAddress(adrs, i); + /* First iteration of hash using input and writing to output buffers. */ + ret = HASH_F(&key->shake, pk_seed, adrs, x, n, node); + if (ret == 0) { + for (j = i + 1; j < i + s; j++) { + /* Set the hash address. */ + HA_SetHashAddress(adrs, j); + /* Iterate hash using output buffer as input. */ + ret = HASH_F(&key->shake, pk_seed, adrs, node, n, node); + if (ret != 0) { + break; + } + } + } + } + + return ret; +} + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +#ifndef WOLFSSL_SLHDSA_PARAM_NO_128 +/* Set into SHAKE-256 x4 state the 16-byte seed and encoded HashAddress. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] seed Seed at start of each hash. + * @param [in] addr Encoded HashAddress for each hash. + */ +#define SHAKE256_SET_SEED_HA_X4_16(state, seed, addr) \ +do { \ + /* Set 4 copies of the seed 64-bits at a time. */ \ + (state)[0] = (state)[1] = (state)[2] = (state)[3] = \ + readUnalignedWord64((seed) + (0 * sizeof(word64))); \ + (state)[4] = (state)[5] = (state)[6] = (state)[7] = \ + readUnalignedWord64((seed) + (1 * sizeof(word64))); \ + /* 32 bytes copied 8 bytes at a time. */ \ + (state)[ 8] = (state)[ 9] = (state)[10] = (state)[11] = \ + readUnalignedWord64((addr) + (0 * sizeof(word64))); \ + (state)[12] = (state)[13] = (state)[14] = (state)[15] = \ + readUnalignedWord64((addr) + (1 * sizeof(word64))); \ + (state)[16] = (state)[17] = (state)[18] = (state)[19] = \ + readUnalignedWord64((addr) + (2 * sizeof(word64))); \ + (state)[20] = (state)[21] = (state)[22] = (state)[23] = \ + readUnalignedWord64((addr) + (3 * sizeof(word64))); \ +} while (0) + +/* Append to SHAKE-256 x4 state the 16-byte hash. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] hash Hash data for each hash. + */ +#define SHAKE256_SET_HASH_X4_16(state, hash) \ +do { \ + (state)[24] = ((word64*)((hash) + 0 * 16))[0]; \ + (state)[25] = ((word64*)((hash) + 1 * 16))[0]; \ + (state)[26] = ((word64*)((hash) + 2 * 16))[0]; \ + (state)[27] = ((word64*)((hash) + 3 * 16))[0]; \ + (state)[28] = ((word64*)((hash) + 0 * 16))[1]; \ + (state)[29] = ((word64*)((hash) + 1 * 16))[1]; \ + (state)[30] = ((word64*)((hash) + 2 * 16))[1]; \ + (state)[31] = ((word64*)((hash) + 3 * 16))[1]; \ +} while (0) + +/* Get the four SHAKE-256 16-byte hash results. + * + * @param [in] state SHAKE-256 x4 state. + * @param [out] hash Hash buffer to hold 4 16-byte hash results. + */ +#define SHAKE256_GET_HASH_X4_16(state, hash) \ +do { \ + ((word64*)((hash) + 0 * 16))[0] = (state)[0]; \ + ((word64*)((hash) + 1 * 16))[0] = (state)[1]; \ + ((word64*)((hash) + 2 * 16))[0] = (state)[2]; \ + ((word64*)((hash) + 3 * 16))[0] = (state)[3]; \ + ((word64*)((hash) + 0 * 16))[1] = (state)[4]; \ + ((word64*)((hash) + 1 * 16))[1] = (state)[5]; \ + ((word64*)((hash) + 2 * 16))[1] = (state)[6]; \ + ((word64*)((hash) + 3 * 16))[1] = (state)[7]; \ +} while (0) +#endif + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_192 +/* Set into SHAKE-256 x4 state the 24-byte seed and encoded HashAddress. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] seed Seed at start of each hash. + * @param [in] addr Encoded HashAddress for each hash. + */ +#define SHAKE256_SET_SEED_HA_X4_24(state, seed, addr) \ +do { \ + (state)[0] = (state)[1] = (state)[ 2] = (state)[ 3] = \ + readUnalignedWord64((seed) + (0 * sizeof(word64))); \ + (state)[4] = (state)[5] = (state)[ 6] = (state)[ 7] = \ + readUnalignedWord64((seed) + (1 * sizeof(word64))); \ + (state)[8] = (state)[9] = (state)[10] = (state)[11] = \ + readUnalignedWord64((seed) + (2 * sizeof(word64))); \ + /* 32 bytes copied 8 bytes at a time. */ \ + (state)[12] = (state)[13] = (state)[14] = (state)[15] = \ + readUnalignedWord64((addr) + (0 * sizeof(word64))); \ + (state)[16] = (state)[17] = (state)[18] = (state)[19] = \ + readUnalignedWord64((addr) + (1 * sizeof(word64))); \ + (state)[20] = (state)[21] = (state)[22] = (state)[23] = \ + readUnalignedWord64((addr) + (2 * sizeof(word64))); \ + (state)[24] = (state)[25] = (state)[26] = (state)[27] = \ + readUnalignedWord64((addr) + (3 * sizeof(word64))); \ +} while (0) + +/* Append to SHAKE-256 x4 state the 24-byte hash. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] hash Hash data for each hash. + */ +#define SHAKE256_SET_HASH_X4_24(state, hash) \ +do { \ + (state)[28] = ((word64*)((hash) + 0 * 24))[0]; \ + (state)[29] = ((word64*)((hash) + 1 * 24))[0]; \ + (state)[30] = ((word64*)((hash) + 2 * 24))[0]; \ + (state)[31] = ((word64*)((hash) + 3 * 24))[0]; \ + (state)[32] = ((word64*)((hash) + 0 * 24))[1]; \ + (state)[33] = ((word64*)((hash) + 1 * 24))[1]; \ + (state)[34] = ((word64*)((hash) + 2 * 24))[1]; \ + (state)[35] = ((word64*)((hash) + 3 * 24))[1]; \ + (state)[36] = ((word64*)((hash) + 0 * 24))[2]; \ + (state)[37] = ((word64*)((hash) + 1 * 24))[2]; \ + (state)[38] = ((word64*)((hash) + 2 * 24))[2]; \ + (state)[39] = ((word64*)((hash) + 3 * 24))[2]; \ +} while (0) + +/* Get the four SHAKE-256 24-byte (hash) results. + * + * @param [in] state SHAKE-256 x4 state. + * @param [out] hash Hash buffer to hold 4 24-byte hash results. + */ +#define SHAKE256_GET_HASH_X4_24(state, hash) \ +do { \ + ((word64*)((hash) + 0 * 24))[0] = (state)[ 0]; \ + ((word64*)((hash) + 1 * 24))[0] = (state)[ 1]; \ + ((word64*)((hash) + 2 * 24))[0] = (state)[ 2]; \ + ((word64*)((hash) + 3 * 24))[0] = (state)[ 3]; \ + ((word64*)((hash) + 0 * 24))[1] = (state)[ 4]; \ + ((word64*)((hash) + 1 * 24))[1] = (state)[ 5]; \ + ((word64*)((hash) + 2 * 24))[1] = (state)[ 6]; \ + ((word64*)((hash) + 3 * 24))[1] = (state)[ 7]; \ + ((word64*)((hash) + 0 * 24))[2] = (state)[ 8]; \ + ((word64*)((hash) + 1 * 24))[2] = (state)[ 9]; \ + ((word64*)((hash) + 2 * 24))[2] = (state)[10]; \ + ((word64*)((hash) + 3 * 24))[2] = (state)[11]; \ +} while (0) +#endif + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256 +/* Set into SHAKE-256 x4 state the 32-byte seed and encoded HashAddress. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] seed Seed at start of each hash. + * @param [in] addr Encoded HashAddress for each hash. + */ +#define SHAKE256_SET_SEED_HA_X4_32(state, seed, addr) \ +do { \ + (state)[ 0] = (state)[ 1] = (state)[ 2] = (state)[ 3] = \ + readUnalignedWord64((seed) + (0 * sizeof(word64))); \ + (state)[ 4] = (state)[ 5] = (state)[ 6] = (state)[ 7] = \ + readUnalignedWord64((seed) + (1 * sizeof(word64))); \ + (state)[ 8] = (state)[ 9] = (state)[10] = (state)[11] = \ + readUnalignedWord64((seed) + (2 * sizeof(word64))); \ + (state)[12] = (state)[13] = (state)[14] = (state)[15] = \ + readUnalignedWord64((seed) + (3 * sizeof(word64))); \ + /* 32 bytes copied 8 bytes at a time. */ \ + (state)[16] = (state)[17] = (state)[18] = (state)[19] = \ + readUnalignedWord64((addr) + (0 * sizeof(word64))); \ + (state)[20] = (state)[21] = (state)[22] = (state)[23] = \ + readUnalignedWord64((addr) + (1 * sizeof(word64))); \ + (state)[24] = (state)[25] = (state)[26] = (state)[27] = \ + readUnalignedWord64((addr) + (2 * sizeof(word64))); \ + (state)[28] = (state)[29] = (state)[30] = (state)[31] = \ + readUnalignedWord64((addr) + (3 * sizeof(word64))); \ +} while (0) + +/* Append to SHAKE-256 x4 state the 32-byte hash. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] hash Hash data for each hash. + */ +#define SHAKE256_SET_HASH_X4_32(state, hash) \ +do { \ + (state)[32] = ((word64*)((hash) + 0 * 32))[0]; \ + (state)[33] = ((word64*)((hash) + 1 * 32))[0]; \ + (state)[34] = ((word64*)((hash) + 2 * 32))[0]; \ + (state)[35] = ((word64*)((hash) + 3 * 32))[0]; \ + (state)[36] = ((word64*)((hash) + 0 * 32))[1]; \ + (state)[37] = ((word64*)((hash) + 1 * 32))[1]; \ + (state)[38] = ((word64*)((hash) + 2 * 32))[1]; \ + (state)[39] = ((word64*)((hash) + 3 * 32))[1]; \ + (state)[40] = ((word64*)((hash) + 0 * 32))[2]; \ + (state)[41] = ((word64*)((hash) + 1 * 32))[2]; \ + (state)[42] = ((word64*)((hash) + 2 * 32))[2]; \ + (state)[43] = ((word64*)((hash) + 3 * 32))[2]; \ + (state)[44] = ((word64*)((hash) + 0 * 32))[3]; \ + (state)[45] = ((word64*)((hash) + 1 * 32))[3]; \ + (state)[46] = ((word64*)((hash) + 2 * 32))[3]; \ + (state)[47] = ((word64*)((hash) + 3 * 32))[3]; \ +} while (0) + +/* Get the four SHAKE-256 32-byte hash results. + * + * @param [in] state SHAKE-256 x4 state. + * @param [out] hash Hash buffer to hold 4 32-byte hash results. + */ +#define SHAKE256_GET_HASH_X4_32(state, hash) \ +do { \ + ((word64*)((hash) + 0 * 32))[0] = (state)[ 0]; \ + ((word64*)((hash) + 1 * 32))[0] = (state)[ 1]; \ + ((word64*)((hash) + 2 * 32))[0] = (state)[ 2]; \ + ((word64*)((hash) + 3 * 32))[0] = (state)[ 3]; \ + ((word64*)((hash) + 0 * 32))[1] = (state)[ 4]; \ + ((word64*)((hash) + 1 * 32))[1] = (state)[ 5]; \ + ((word64*)((hash) + 2 * 32))[1] = (state)[ 6]; \ + ((word64*)((hash) + 3 * 32))[1] = (state)[ 7]; \ + ((word64*)((hash) + 0 * 32))[2] = (state)[ 8]; \ + ((word64*)((hash) + 1 * 32))[2] = (state)[ 9]; \ + ((word64*)((hash) + 2 * 32))[2] = (state)[10]; \ + ((word64*)((hash) + 3 * 32))[2] = (state)[11]; \ + ((word64*)((hash) + 0 * 32))[3] = (state)[12]; \ + ((word64*)((hash) + 1 * 32))[3] = (state)[13]; \ + ((word64*)((hash) + 2 * 32))[3] = (state)[14]; \ + ((word64*)((hash) + 3 * 32))[3] = (state)[15]; \ +} while (0) +#endif + +/* Set the end of the SHAKE256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] o Offset to end of data. + */ +#define SHAKE256_SET_END_X4(state, o) \ +do { \ + /* Data end marker. */ \ + (state)[(o) + 0] = (word64)0x1f; \ + (state)[(o) + 1] = (word64)0x1f; \ + (state)[(o) + 2] = (word64)0x1f; \ + (state)[(o) + 3] = (word64)0x1f; \ + XMEMSET((state) + (o) + 4, 0, (25 * 4 - ((o) + 4)) * sizeof(word64)); \ + /* SHAKE-256 (state) end marker. */ \ + ((word8*)((state) + 4 * WC_SHA3_256_COUNT - 4))[7] ^= 0x80; \ + ((word8*)((state) + 4 * WC_SHA3_256_COUNT - 3))[7] ^= 0x80; \ + ((word8*)((state) + 4 * WC_SHA3_256_COUNT - 2))[7] ^= 0x80; \ + ((word8*)((state) + 4 * WC_SHA3_256_COUNT - 1))[7] ^= 0x80; \ +} while (0) + +/* Set into SHAKE-256 x4 state the n-byte seed and encoded HashAddress. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] seed Seed at start of each hash. + * @param [in] addr Encoded HashAddress for each hash. + * @param [in] n Number of bytes of seed. + * @return Offset after seed and HashAddress. + */ +static int slhdsakey_shake256_set_seed_ha_x4(word64* state, const byte* seed, + const byte* addr, int n) +{ + int i; + int o = 0; + + /* Set 4 copies of the seed 64-bits at a time. */ + for (i = 0; i < n; i += 8) { + state[o + 0] = state[o + 1] = state[o + 2] = state[o + 3] = + readUnalignedWord64(seed + i); + o += 4; + } + /* 32 bytes copied 8 bytes at a time. */ + for (i = 0; i < SLHDSA_HA_SZ; i += 8) { + state[o + 0] = state[o + 1] = state[o + 2] = state[o + 3] = + readUnalignedWord64(addr + i); + o += 4; + } + + return o; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Fill out SHAKE-256 x4 state with n-byte seed, encoded HashAddress and hash. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] seed Seed at start of each hash. + * @param [in] addr Encoded HashAddress for each hash. + * @param [in] hash Hash data to put into each hash. + * @param [in] n Number of bytes of seed. + * @return Offset after seed and HashAddress. + */ +static int slhdsakey_shake256_set_seed_ha_hash_x4(word64* state, + const byte* seed, const byte* addr, const byte* hash, int n) +{ + int i; + int o = 0; + int ret; + + ret = o = slhdsakey_shake256_set_seed_ha_x4(state, seed, addr, n); + for (i = 0; i < n; i += 8) { + state[o + 0] = state[o + 1] = state[o + 2] = state[o + 3] = + readUnalignedWord64(hash + i); + o += 4; + } + + SHAKE256_SET_END_X4(state, o); + + return ret; +} +#endif + +/* Get the four SHAKE-256 n-byte hash results. + * + * @param [in] state SHAKE-256 x4 state. + * @param [out] hash Hash buffer to hold 4 n-byte hash results. + * @param [in] n Length of each hash in bytes. + */ +static void slhdsakey_shake256_get_hash_x4(const word64* state, byte* hash, + int n) +{ + int i; + + for (i = 0; i < (n / 8); i++) { + ((word64*)(hash + 0 * n))[i] = state[4 * i + 0]; + ((word64*)(hash + 1 * n))[i] = state[4 * i + 1]; + ((word64*)(hash + 2 * n))[i] = state[4 * i + 2]; + ((word64*)(hash + 3 * n))[i] = state[4 * i + 3]; + } +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Set the chain address into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] o Offset of state after HashAddress. + * @param [in] a Value to set that increments for each hash. + */ +#define SHAKE256_SET_CHAIN_ADDRESS(state, o, a) \ +do { \ + ((word8*)((state) + (o) - 4))[3] = (a) + 0; \ + ((word8*)((state) + (o) - 3))[3] = (a) + 1; \ + ((word8*)((state) + (o) - 2))[3] = (a) + 2; \ + ((word8*)((state) + (o) - 1))[3] = (a) + 3; \ +} while (0) +#endif + +/* Set the chain address indices into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] o Offset of state after HashAddress. + * @param [in] idx Indices to set for each hash. + */ +#define SHAKE256_SET_CHAIN_ADDRESS_IDX(state, o, idx) \ +do { \ + ((word8*)((state) + (o) - 4))[3] = (idx)[0]; \ + ((word8*)((state) + (o) - 3))[3] = (idx)[1]; \ + ((word8*)((state) + (o) - 2))[3] = (idx)[2]; \ + ((word8*)((state) + (o) - 1))[3] = (idx)[3]; \ +} while (0) + +/* Set the hash address into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] (o) Offset of state after HashAddress. + * @param [in] a Value to set for each hash. + */ +#define SHAKE256_SET_HASH_ADDRESS(state, o, a) \ +do { \ + ((word8*)((state) + (o) - 4))[7] = (a); \ + ((word8*)((state) + (o) - 3))[7] = (a); \ + ((word8*)((state) + (o) - 2))[7] = (a); \ + ((word8*)((state) + (o) - 1))[7] = (a); \ +} while (0) + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Set the tree index into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] (o) Offset of state after HashAddress. + * @param [in] ti Value to encode that increments for each hash. + */ +#define SHAKE256_SET_TREE_INDEX(state, o, ti) \ +do { \ + c32toa((ti) + 0, (byte*)&((word32*)((state) + (o) - 4))[1]); \ + c32toa((ti) + 1, (byte*)&((word32*)((state) + (o) - 3))[1]); \ + c32toa((ti) + 2, (byte*)&((word32*)((state) + (o) - 2))[1]); \ + c32toa((ti) + 3, (byte*)&((word32*)((state) + (o) - 1))[1]); \ +} while (0) +#endif + +/* Set the tree indices into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] (o) Offset of state after HashAddress. + * @param [in] ti Indices to encode for each hash. + */ +#define SHAKE256_SET_TREE_INDEX_IDX(state, o, ti) \ +do { \ + c32toa((ti)[0], (byte*)&((word32*)((state) + (o) - 4))[1]); \ + c32toa((ti)[1], (byte*)&((word32*)((state) + (o) - 3))[1]); \ + c32toa((ti)[2], (byte*)&((word32*)((state) + (o) - 2))[1]); \ + c32toa((ti)[3], (byte*)&((word32*)((state) + (o) - 1))[1]); \ +} while (0) + +/* Set the tree height into the SHAKE-256 x4 state. + * + * @param [in, out] state SHAKE-256 x4 state. + * @param [in] (o) Offset of state after HashAddress. + * @param [in] ti Value to encode for each hash. + */ +#define SHAKE256_SET_TREE_HEIGHT(state, o, th) \ +do { \ + c32toa((th), (byte*)&((word32*)((state) + (o) - 4))[0]); \ + c32toa((th), (byte*)&((word32*)((state) + (o) - 3))[0]); \ + c32toa((th), (byte*)&((word32*)((state) + (o) - 2))[0]); \ + c32toa((th), (byte*)&((word32*)((state) + (o) - 1))[0]); \ +} while (0) + +#ifndef WOLFSSL_SLHDSA_PARAM_NO_128 +/* Iterate the hash function s times with 4 hashes when n=16. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] i Start index iterations. + * @param [in] s Number of times to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] idx Indices for chain address. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_x4_16(byte* sk, byte i, byte s, + const byte* pk_seed, byte* addr, byte* idx, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 6 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 6 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_16(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS_IDX(fixed, 24, idx); + SHAKE256_SET_HASH_X4_16(state, sk); + + for (j = i; j < i + s; j++) { + if (j != i) { + XMEMCPY(state + 24, state, 16 * 4); + } + XMEMCPY(state, fixed, (6 * 4) * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 24, j); + SHAKE256_SET_END_X4(state, 32); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + return ret; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + SHAKE256_GET_HASH_X4_16(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_192 +/* Iterate the hash function s times with 4 hashes when n=24. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] i Start index iterations. + * @param [in] s Number of times to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] idx Indices for chain address. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_x4_24(byte* sk, byte i, byte s, + const byte* pk_seed, byte* addr, byte* idx, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 7 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 7 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_24(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS_IDX(fixed, 28, idx); + SHAKE256_SET_HASH_X4_24(state, sk); + + for (j = i; j < i + s; j++) { + if (j != i) { + XMEMCPY(state + 28, state, 24 * 4); + } + XMEMCPY(state, fixed, 28 * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 28, j); + SHAKE256_SET_END_X4(state, 40); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + return ret; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + SHAKE256_GET_HASH_X4_24(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256 +/* Iterate the hash function s times with 4 hashes when n=32. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] i Start index iterations. + * @param [in] s Number of times to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] idx Indices for chain address. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_x4_32(byte* sk, byte i, byte s, + const byte* pk_seed, byte* addr, byte* idx, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 8 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 8 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_32(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS_IDX(fixed, 32, idx); + SHAKE256_SET_HASH_X4_32(state, sk); + + for (j = i; j < i + s; j++) { + if (j != i) { + XMEMCPY(state + 32, state, 32 * 4); + } + XMEMCPY(state, fixed, 32 * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 32, j); + SHAKE256_SET_END_X4(state, 48); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + return ret; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + SHAKE256_GET_HASH_X4_32(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif +#endif + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +/* PRF hash 4 simultaneously. + * + * Each hash varies by the chain address with the first value in sequence passed + * in. + * + * FIPS 205. Section 4.1. + * PRF(PK.seed, SK.seed, ADRS) (Bn x Bn x B32 -> Bn) is a PRF that is used to + * generate the secret values in WOTS+ and FORS private keys. + * FIPS 205. Section 11.1. + * PRF(PK.seed, SK.seed, ADRS) = SHAKE256(PK.seed || ADRS || SK.seed, 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] sk_seed Private key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] n Number of bytes in hash output. + * @param [in] ca Chain address start index. + * @param [out] sk Buffer to hold hash output. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_prf_x4(const byte* pk_seed, const byte* sk_seed, + byte* addr, byte n, byte ca, byte* sk, void* heap) +{ + int ret = 0; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_hash_x4(state, pk_seed, addr, + sk_seed, n); + SHAKE256_SET_CHAIN_ADDRESS(state, o, ca); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + slhdsakey_shake256_get_hash_x4(state, sk, n); + RESTORE_VECTOR_REGISTERS(); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) +/* Iterate the hash function 15 times with 4 hashes when n=16. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] ca Chain address start index. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_x4_16(byte* sk, const byte* pk_seed, byte* addr, + byte ca, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 8 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 8 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_16(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS(fixed, 24, ca); + SHAKE256_SET_HASH_X4_16(state, sk); + + for (j = 0; j < 15; j++) { + if (j != 0) { + XMEMCPY(state + 24, state, 16 * 4); + } + XMEMCPY(state, fixed, 24 * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 24, j); + SHAKE256_SET_END_X4(state, 32); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + break; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + if (ret == 0) + SHAKE256_GET_HASH_X4_16(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) +/* Iterate the hash function 15 times with 4 hashes when n=24. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] ca Chain address start index. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_x4_24(byte* sk, const byte* pk_seed, byte* addr, + byte ca, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 8 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 8 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_24(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS(fixed, 28, ca); + SHAKE256_SET_HASH_X4_24(state, sk); + + for (j = 0; j < 15; j++) { + if (j != 0) { + XMEMCPY(state + 28, state, 24 * 4); + } + XMEMCPY(state, fixed, 28 * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 28, j); + SHAKE256_SET_END_X4(state, 40); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + break; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + if (ret == 0) + SHAKE256_GET_HASH_X4_24(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) +/* Iterate the hash function 15 times with 4 hashes when n=32. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in, out] sk 4 hashes to iterate. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] ca Chain address start index. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_x4_32(byte* sk, const byte* pk_seed, byte* addr, + byte ca, void* heap) +{ + int ret = 0; + int j; + WC_DECLARE_VAR(fixed, word64, 8 * 4, heap); + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(fixed, word64, 8 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + } + if (ret == 0) { + SHAKE256_SET_SEED_HA_X4_32(fixed, pk_seed, addr); + SHAKE256_SET_CHAIN_ADDRESS(fixed, 32, ca); + SHAKE256_SET_HASH_X4_32(state, sk); + + for (j = 0; j < 15; j++) { + if (j != 0) { + XMEMCPY(state + 32, state, 32 * 4); + } + XMEMCPY(state, fixed, 32 * sizeof(word64)); + SHAKE256_SET_HASH_ADDRESS(state, 32, j); + SHAKE256_SET_END_X4(state, 48); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret != 0) + break; + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + } + + if (ret == 0) + SHAKE256_GET_HASH_X4_32(state, sk); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + WC_FREE_VAR_EX(fixed, heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +/* PRF hash 4 simultaneously. + * + * Each hash varies by the chain address which is passed in as an array. + * + * FIPS 205. Section 4.1. + * PRF(PK.seed, SK.seed, ADRS) (Bn x Bn x B32 -> Bn) is a PRF that is used to + * generate the secret values in WOTS+ and FORS private keys. + * FIPS 205. Section 11.1. + * PRF(PK.seed, SK.seed, ADRS) = SHAKE256(PK.seed || ADRS || SK.seed, 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] sk_seed Private key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] n Number of bytes in hash output. + * @param [in] idx Four chain address indices. + * @param [out] sk Buffer to hold hash output. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_hash_prf_idx_x4(const byte* pk_seed, const byte* sk_seed, + byte* addr, byte n, byte* idx, byte* sk, void* heap) +{ + int ret = 0; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_hash_x4(state, pk_seed, addr, + sk_seed, n); + SHAKE256_SET_CHAIN_ADDRESS_IDX(state, o, idx); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, sk, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) +/* Iterate hash function up to index times for each of the hashes when n=16. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in] key SLH-DSA key. + * @param [in] sk Hashes to iterate. Data modified. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] addr Encoded HashAddress. + * @param [in] msg Array of counts. + * @param [in] idx Indices into array of counts. + * @param [in] j Minimum number of iterations for all 4 hashes. + * @param [in] cnt Number of hashes to iterate. + * @param [out] sig Hash results. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_16(SlhDsaKey* key, byte* sk, + const byte* pk_seed, word32* adrs, byte* addr, const byte* msg, byte* idx, + int j, int cnt, byte* sig) +{ + int ret = 0; + + /* Iterate the minimum number of iterations on all hashes. */ + if (j != 0) { + ret = slhdsakey_chain_idx_x4_16(sk, 0, j, pk_seed, addr, idx, + key->heap); + } + if (ret == 0) { + if (cnt > 3) { + /* Copy out hash at index 3 as it is finished. */ + XMEMCPY(sig + idx[3] * 16, sk + 3 * 16, 16); + } + /* Check if more iterations needed for index 2. */ + if (msg[idx[2]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_16(sk, j, msg[idx[2]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[2]]; + } + } + if (ret == 0) { + /* Copy out hash at index 2 as it is finished. */ + XMEMCPY(sig + idx[2] * 16, sk + 2 * 16, 16); + /* Check if more iterations needed for index 1. */ + if (msg[idx[1]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_16(sk, j, msg[idx[1]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[1]]; + } + } + if (ret == 0) { + /* Copy out hash at index 1 as it is finished. */ + XMEMCPY(sig + idx[1] * 16, sk + 1 * 16, 16); + /* Check if more iterations needed for index 0. */ + if (msg[idx[0]] != j) { + /* Iterate 1 hash as it takes less time than doing 4. */ + HA_SetChainAddress(adrs, idx[0]); + ret = slhdsakey_chain(key, sk, j, msg[idx[0]] - j, pk_seed, adrs, + sk); + } + } + if (ret == 0) { + /* Copy out hash at index 0 as it is finished. */ + XMEMCPY(sig + idx[0] * 16, sk + 0 * 16, 16); + } + + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) +/* Iterate hash function up to index times for each of the hashes when n=24. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in] key SLH-DSA key. + * @param [in] sk Hashes to iterate. Data modified. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] addr Encoded HashAddress. + * @param [in] msg Array of counts. + * @param [in] idx Indices into array of counts. + * @param [in] j Minimum number of iterations for all 4 hashes. + * @param [in] cnt Number of hashes to iterate. + * @param [out] sig Hash results. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_24(SlhDsaKey* key, byte* sk, + const byte* pk_seed, word32* adrs, byte* addr, const byte* msg, byte* idx, + int j, int cnt, byte* sig) +{ + int ret = 0; + + /* Iterate the minimum number of iterations on all hashes. */ + if (j != 0) { + ret = slhdsakey_chain_idx_x4_24(sk, 0, j, pk_seed, addr, idx, + key->heap); + } + if (ret == 0) { + if (cnt > 3) { + /* Copy out hash at index 3 as it is finished. */ + XMEMCPY(sig + idx[3] * 24, sk + 3 * 24, 24); + } + /* Check if more iterations needed for index 2. */ + if (msg[idx[2]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_24(sk, j, msg[idx[2]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[2]]; + } + } + if (ret == 0) { + /* Copy out hash at index 2 as it is finished. */ + XMEMCPY(sig + idx[2] * 24, sk + 2 * 24, 24); + /* Check if more iterations needed for index 1. */ + if (msg[idx[1]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_24(sk, j, msg[idx[1]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[1]]; + } + } + if (ret == 0) { + /* Copy out hash at index 1 as it is finished. */ + XMEMCPY(sig + idx[1] * 24, sk + 1 * 24, 24); + /* Check if more iterations needed for index 0. */ + if (msg[idx[0]] != j) { + /* Iterate 1 hash as it takes less time than doing 4. */ + HA_SetChainAddress(adrs, idx[0]); + ret = slhdsakey_chain(key, sk, j, msg[idx[0]] - j, pk_seed, adrs, + sk); + } + } + if (ret == 0) { + /* Copy out hash at index 0 as it is finished. */ + XMEMCPY(sig + idx[0] * 24, sk + 0 * 24, 24); + } + + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) +/* Iterate hash function up to index times for each of the hashes when n=32. + * + * FIPS 205. Section 5. Algorithm 5. + * chain(X, i, s, PK.seed, ADRS) + * 1: tmp <- X + * 2: for j from i to i + s - 1 do + * 3: ADRS.setHashAddress(j) + * 4: tmp <- F(PK.seed, ADRS, tmp + * 5: end for + * 6: return tmp + * + * @param [in] key SLH-DSA key. + * @param [in] sk Hashes to iterate. Data modified. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] addr Encoded HashAddress. + * @param [in] msg Array of counts. + * @param [in] idx Indices into array of counts. + * @param [in] j Minimum number of iterations for all 4 hashes. + * @param [in] cnt Number of hashes to iterate. + * @param [out] sig Hash results. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_32(SlhDsaKey* key, byte* sk, + const byte* pk_seed, word32* adrs, byte* addr, const byte* msg, byte* idx, + int j, int cnt, byte* sig) +{ + int ret = 0; + + /* Iterate the minimum number of iterations on all hashes. */ + if (j != 0) { + ret = slhdsakey_chain_idx_x4_32(sk, 0, j, pk_seed, addr, idx, + key->heap); + } + if (ret == 0) { + if (cnt > 3) { + /* Copy out hash at index 3 as it is finished. */ + XMEMCPY(sig + idx[3] * 32, sk + 3 * 32, 32); + } + /* Check if more iterations needed for index 2. */ + if (msg[idx[2]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_32(sk, j, msg[idx[2]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[2]]; + } + } + if (ret == 0) { + /* Copy out hash at index 2 as it is finished. */ + XMEMCPY(sig + idx[2] * 32, sk + 2 * 32, 32); + /* Check if more iterations needed for index 1. */ + if (msg[idx[1]] != j) { + /* Do 4 as we can't do less. */ + ret = slhdsakey_chain_idx_x4_32(sk, j, msg[idx[1]] - j, pk_seed, + addr, idx, key->heap); + /* Update number of iterations performed. */ + j = msg[idx[1]]; + } + } + if (ret == 0) { + /* Copy out hash at index 1 as it is finished. */ + XMEMCPY(sig + idx[1] * 32, sk + 1 * 32, 32); + /* Check if more iterations needed for index 0. */ + if (msg[idx[0]] != j) { + /* Iterate 1 hash as it takes less time than doing 4. */ + HA_SetChainAddress(adrs, idx[0]); + ret = slhdsakey_chain(key, sk, j, msg[idx[0]] - j, pk_seed, adrs, + sk); + } + } + if (ret == 0) { + /* Copy out hash at index 0 as it is finished. */ + XMEMCPY(sig + idx[0] * 32, sk + 0 * 32, 32); + } + + return ret; +} +#endif +#endif + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) +/* Generate WOTS+ public key, 16-byte hashes - 4 consecutive at a time. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * ... + * 4: for i from 0 to len - 1 do + * 5: skADRS.setChainAddress(i) + * 6: sk <- PRF(PK.seed, SK.seed, skADRS) + * > compute secret value for chain i + * 7: ADRS.setChainAddress(i) + * 8: tmp[i] <- chain(sk 0, w - 1, PK.seed, ADRS) + * > compute public value for chain i + * 9: end for + * 10: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * ... + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] sk_addr Encoded WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_wots_pkgen_chain_x4_16(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, byte* addr, byte* sk_addr) +{ + int ret = 0; + int i; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 16, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 16, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + for (i = 0; i < len - 3; i += 4) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 16, i, + sk + i * 16, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_x4_16(sk + i * 16, pk_seed, addr, i, + key->heap); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 16, i, + sk + i * 16, key->heap); + if (ret == 0) { + ret = slhdsakey_chain_x4_16(sk + i * 16, pk_seed, addr, i, + key->heap); + } + } + if (ret == 0) { + ret = slhdsakey_hash_update(&key->shake2, sk, len * 16); + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) +/* Generate WOTS+ public key, 24-byte hashes - 4 consecutive at a time. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * ... + * 4: for i from 0 to len - 1 do + * 5: skADRS.setChainAddress(i) + * 6: sk <- PRF(PK.seed, SK.seed, skADRS) + * > compute secret value for chain i + * 7: ADRS.setChainAddress(i) + * 8: tmp[i] <- chain(sk 0, w - 1, PK.seed, ADRS) + * > compute public value for chain i + * 9: end for + * 10: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * ... + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] sk_addr Encoded WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_wots_pkgen_chain_x4_24(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, byte* addr, byte* sk_addr) +{ + int ret = 0; + int i; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 24, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 24, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + for (i = 0; i < len - 3; i += 4) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 24, i, + sk + i * 24, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_x4_24(sk + i * 24, pk_seed, addr, i, + key->heap); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 24, i, + sk + i * 24, key->heap); + if (ret == 0) { + ret = slhdsakey_chain_x4_24(sk + i * 24, pk_seed, addr, i, + key->heap); + } + } + if (ret == 0) { + ret = slhdsakey_hash_update(&key->shake2, sk, len * 24); + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) +/* Generate WOTS+ public key, 32-byte hashes - 4 consecutive at a time. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * ... + * 4: for i from 0 to len - 1 do + * 5: skADRS.setChainAddress(i) + * 6: sk <- PRF(PK.seed, SK.seed, skADRS) + * > compute secret value for chain i + * 7: ADRS.setChainAddress(i) + * 8: tmp[i] <- chain(sk 0, w - 1, PK.seed, ADRS) + * > compute public value for chain i + * 9: end for + * 10: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * ... + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] sk_addr Encoded WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_wots_pkgen_chain_x4_32(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, byte* addr, byte* sk_addr) +{ + int ret = 0; + int i; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 32, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * 32, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + for (i = 0; i < len - 3; i += 4) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 32, i, + sk + i * 32, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_x4_32(sk + i * 32, pk_seed, addr, i, + key->heap); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + ret = slhdsakey_hash_prf_x4(pk_seed, sk_seed, sk_addr, 32, i, + sk + i * 32, key->heap); + if (ret == 0) { + ret = slhdsakey_chain_x4_32(sk + i * 32, pk_seed, addr, i, + key->heap); + } + } + if (ret == 0) { + ret = slhdsakey_hash_update(&key->shake2, sk, len * 32); + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +/* Generate WOTS+ public key - 4 consecutive addresses at a time. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * ... + * 4: for i from 0 to len - 1 do + * 5: skADRS.setChainAddress(i) + * 6: sk <- PRF(PK.seed, SK.seed, skADRS) + * > compute secret value for chain i + * 7: ADRS.setChainAddress(i) + * 8: tmp[i] <- chain(sk 0, w - 1, PK.seed, ADRS) + * > compute public value for chain i + * 9: end for + * 10: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * ... + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_wots_pkgen_chain_x4(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, word32* adrs, word32* sk_adrs) +{ + int ret = 0; + byte sk_addr[SLHDSA_HA_SZ]; + byte addr[SLHDSA_HA_SZ]; + byte n = key->params->n; + + HA_SetHashAddress(sk_adrs, 0); + HA_Encode(sk_adrs, sk_addr); + HA_Encode(adrs, addr); + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) + if (n == 16) { + ret = slhdsakey_wots_pkgen_chain_x4_16(key, sk_seed, pk_seed, addr, + sk_addr); + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + if (n == 24) { + ret = slhdsakey_wots_pkgen_chain_x4_24(key, sk_seed, pk_seed, addr, + sk_addr); + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) + if (n == 32) { + ret = slhdsakey_wots_pkgen_chain_x4_32(key, sk_seed, pk_seed, addr, + sk_addr); + } + else +#endif + if (ret == 0) { + ret = NOT_COMPILED_IN; + } + + return ret; +} +#endif + +/* Generate WOTS+ public key. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * ... + * 4: for i from 0 to len - 1 do + * 5: skADRS.setChainAddress(i) + * 6: sk <- PRF(PK.seed, SK.seed, skADRS) + * > compute secret value for chain i + * 7: ADRS.setChainAddress(i) + * 8: tmp[i] <- chain(sk 0, w - 1, PK.seed, ADRS) + * > compute public value for chain i + * 9: end for + * 10: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * ... + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_pkgen_chain_c(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, word32* adrs, word32* sk_adrs) +{ + int ret = 0; + int i; + byte n = key->params->n; + byte len = key->params->len; + +#if !defined(WOLFSSL_WC_SLHDSA_SMALL_MEM) + WC_DECLARE_VAR(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, (SLHDSA_MAX_MSG_SZ + 3) * SLHDSA_MAX_N, + key->heap, DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* Step 4. len consecutive addresses. */ + for (i = 0; i < len; i++) { + /* Step 5. Set chain address for WOTS PRF. */ + HA_SetChainAddress(sk_adrs, i); + /* Step 6. PRF hash seeds and chain address. */ + ret = HASH_PRF(&key->shake, pk_seed, sk_seed, sk_adrs, n, + sk + i * n); + if (ret != 0) { + break; + } + /* Step 7. Set chain address for WOTS HASH. */ + HA_SetChainAddress(adrs, i); + /* Step 8. Chain hashes for w-1 iterations. */ + ret = slhdsakey_chain(key, sk + i * n, 0, SLHDSA_WM1, pk_seed, adrs, + sk + i * n); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + /* Step 13: Compress public key. */ + ret = slhdsakey_hash_update(&key->shake2, sk, len * n); + } + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); +#else + /* Step 4. len consecutive addresses. */ + for (i = 0; i < len; i++) { + byte sk[SLHDSA_MAX_N]; + + /* Step 5. Set chain address for WOTS PRF. */ + HA_SetChainAddress(sk_adrs, i); + /* Step 6. PRF hash seeds and chain address. */ + ret = HASH_PRF(&key->shake, pk_seed, sk_seed, sk_adrs, n, sk); + if (ret != 0) { + break; + } + /* Step 7. Set chain address for WOTS HASH. */ + HA_SetChainAddress(adrs, i); + /* Step 8. Chain hashes for w-1 iterations. */ + ret = slhdsakey_chain(key, sk, 0, SLHDSA_WM1, pk_seed, adrs, sk); + if (ret != 0) { + break; + } + + /* Step 13: Compress public key - for each tmp. */ + ret = slhdsakey_hash_update(&key->shake2, sk, n); + if (ret != 0) { + break; + } + } +#endif + + return ret; +} + +/* Generate WOTS+ public key. + * + * FIPS 205 Section 5.1. Algorithm 6. + * wots_pkGen(SK.seed, PK.seed, ADRS) + * 1: skADRS <- ADRS > copy address to create key generation key address + * 2: skADRS.setTypeAndClear(WOTS_PRF) + * 3: skADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * ... + * 11: wotspkADRS.setTypeAndClear(WOTS_PK) + * 12: wotspkADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 13: pk <- Tlen(PK.seed, wotspkADRS, tmp) > compress public key + * 14: return pk + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs WOTS PRF HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_pkgen(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + byte n = key->params->n; + + { + HashAddress wotspk_adrs; + + /* Steps 11-12. Copy address and set to WOTS PK. */ + HA_Copy(wotspk_adrs, adrs); + HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK); + /* Step 13. Start hash with public key seed and address. */ + ret = slhdsakey_hash_start_addr(&key->shake2, pk_seed, wotspk_adrs, n); + } + if (ret == 0) { + HashAddress sk_adrs; + + /* Steps 1-2. Copy address and set to WOTS PRF. */ + HA_Copy(sk_adrs, adrs); + HA_SetTypeAndClearNotKPA(sk_adrs, HA_WOTS_PRF); + /* Steps 4-10,13: Generate hashes and update the public key hash. */ +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = slhdsakey_wots_pkgen_chain_x4(key, sk_seed, pk_seed, adrs, + sk_adrs); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + ret = slhdsakey_wots_pkgen_chain_c(key, sk_seed, pk_seed, adrs, + sk_adrs); + } + } + if (ret == 0) { + /* Step 13: Output hash of compressed public key. */ + ret = slhdsakey_hash_final(&key->shake2, node, n); + } + + return ret; +} + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) +/* Generate a WOTS+ signature, 32-byte hashed, on msg - iterating 4 hashes. + * + * FIPS 205. Section 5.2. Algorithm 7 + * wots_sign(M, SK.seed, PK.seed, ADRS) + * ... + * 11: for i from 0 to len - 1 do + * 12: skADRS.setChainAddress(i) + * 13: sk <- PRF(PK.seed, SK.seed, skADRS) > compute chain i secret value + * 14: ADRS.setChainAddress(i) + * 15: sig[i] <- chain(sk, 0, msg[i], PK.seed, ADRS) + * > compute chain i signature value + * 16: end for + * 17: return sig + * + * @param [in] key SLH-DSA key. + * @param [in] msg Encoded message with checksum. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs PRF HashAddress. + * @param [out] sig Signature - (2.n + 3) hashes of length n. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_sign_chain_x4_16(SlhDsaKey* key, const byte* msg, + const byte* sk_seed, const byte* pk_seed, word32* adrs, byte* addr, + byte* sk_addr, byte* sig) +{ + int ret = 0; + int i; + sword8 j; + byte ii; + byte idx[4] = {0}; + byte n = key->params->n; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, 4 * 16, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, 4 * 16, key->heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + ii = 0; + for (j = SLHDSA_WM1; j >= 0; j--) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, + sk_addr, n, idx, sk, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_idx_16(key, sk, pk_seed, adrs, + addr, msg, idx, j, 4, sig); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + } + + if (ret == 0) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, sk_addr, n, idx, sk, + key->heap); + } + if (ret == 0) { + j = min(min(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_16(key, sk, pk_seed, adrs, addr, msg, idx, j, + 3, sig); + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) +/* Generate a WOTS+ signature, 32-byte hashed, on msg - iterating 4 hashes. + * + * FIPS 205. Section 5.2. Algorithm 7 + * wots_sign(M, SK.seed, PK.seed, ADRS) + * ... + * 11: for i from 0 to len - 1 do + * 12: skADRS.setChainAddress(i) + * 13: sk <- PRF(PK.seed, SK.seed, skADRS) > compute chain i secret value + * 14: ADRS.setChainAddress(i) + * 15: sig[i] <- chain(sk, 0, msg[i], PK.seed, ADRS) + * > compute chain i signature value + * 16: end for + * 17: return sig + * + * @param [in] key SLH-DSA key. + * @param [in] msg Encoded message with checksum. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs PRF HashAddress. + * @param [out] sig Signature - (2.n + 3) hashes of length n. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_sign_chain_x4_24(SlhDsaKey* key, const byte* msg, + const byte* sk_seed, const byte* pk_seed, word32* adrs, byte* addr, + byte* sk_addr, byte* sig) +{ + int ret = 0; + int i; + sword8 j; + byte ii; + byte idx[4] = {0}; + byte n = key->params->n; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, 4 * 24, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, 4 * 24, key->heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + ii = 0; + for (j = SLHDSA_WM1; j >= 0; j--) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, + sk_addr, n, idx, sk, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_idx_24(key, sk, pk_seed, adrs, + addr, msg, idx, j, 4, sig); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + } + + if (ret == 0) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, sk_addr, n, idx, sk, + key->heap); + } + if (ret == 0) { + j = min(min(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_24(key, sk, pk_seed, adrs, addr, + msg, idx, j, 3, sig); + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) +/* Generate a WOTS+ signature, 32-byte hashed, on msg - iterating 4 hashes. + * + * FIPS 205. Section 5.2. Algorithm 7 + * wots_sign(M, SK.seed, PK.seed, ADRS) + * ... + * 11: for i from 0 to len - 1 do + * 12: skADRS.setChainAddress(i) + * 13: sk <- PRF(PK.seed, SK.seed, skADRS) > compute chain i secret value + * 14: ADRS.setChainAddress(i) + * 15: sig[i] <- chain(sk, 0, msg[i], PK.seed, ADRS) + * > compute chain i signature value + * 16: end for + * 17: return sig + * + * @param [in] key SLH-DSA key. + * @param [in] msg Encoded message with checksum. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs PRF HashAddress. + * @param [out] sig Signature - (2.n + 3) hashes of length n. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_sign_chain_x4_32(SlhDsaKey* key, const byte* msg, + const byte* sk_seed, const byte* pk_seed, word32* adrs, byte* addr, + byte* sk_addr, byte* sig) +{ + int ret = 0; + int i; + sword8 j; + byte ii; + byte idx[4] = {0}; + byte n = key->params->n; + byte len = key->params->len; + WC_DECLARE_VAR(sk, byte, 4 * 32, key->heap); + + WC_ALLOC_VAR_EX(sk, byte, 4 * 32, key->heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + ii = 0; + for (j = SLHDSA_WM1; j >= 0; j--) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, + sk_addr, n, idx, sk, key->heap); + if (ret != 0) { + break; + } + ret = slhdsakey_chain_idx_32(key, sk, pk_seed, adrs, + addr, msg, idx, j, 4, sig); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + } + + if (ret == 0) { + ret = slhdsakey_hash_prf_idx_x4(pk_seed, sk_seed, sk_addr, n, idx, sk, + key->heap); + } + if (ret == 0) { + j = min(min(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_32(key, sk, pk_seed, adrs, addr, msg, idx, j, + 3, sig); + } + if (ret == 0) { + sig += len * n; + } + + WC_FREE_VAR_EX(sk, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +/* Generate a WOTS+ signature on msg - iterating 4 hashes at a time. + * + * FIPS 205. Section 5.2. Algorithm 7 + * wots_sign(M, SK.seed, PK.seed, ADRS) + * ... + * 8: skADRS <- ADRS > copy address to create key generation key address + * 9: skADRS.setTypeAndClear(WOTS_PRF) + * 10: skADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 11: for i from 0 to len - 1 do + * 12: skADRS.setChainAddress(i) + * 13: sk <- PRF(PK.seed, SK.seed, skADRS) > compute chain i secret value + * 14: ADRS.setChainAddress(i) + * 15: sig[i] <- chain(sk, 0, msg[i], PK.seed, ADRS) + * > compute chain i signature value + * 16: end for + * 17: return sig + * + * @param [in] key SLH-DSA key. + * @param [in] msg Encoded message with checksum. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] sk_adrs PRF HashAddress. + * @param [out] sig Signature - (2.n + 3) hashes of length n. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_sign_chain_x4(SlhDsaKey* key, const byte* msg, + const byte* sk_seed, const byte* pk_seed, word32* adrs, word32* sk_adrs, + byte* sig) +{ + int ret = 0; + byte sk_addr[SLHDSA_HA_SZ]; + byte addr[SLHDSA_HA_SZ]; + byte n = key->params->n; + + HA_SetHashAddress(sk_adrs, 0); + HA_Encode(sk_adrs, sk_addr); + HA_Encode(adrs, addr); + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) + if (n == 16) { + ret = slhdsakey_wots_sign_chain_x4_16(key, msg, sk_seed, pk_seed, adrs, + addr, sk_addr, sig); + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + if (n == 24) { + ret = slhdsakey_wots_sign_chain_x4_24(key, msg, sk_seed, pk_seed, adrs, + addr, sk_addr, sig); + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) + if (n == 32) { + ret = slhdsakey_wots_sign_chain_x4_32(key, msg, sk_seed, pk_seed, adrs, + addr, sk_addr, sig); + } + else +#endif + if (ret == 0) { + ret = NOT_COMPILED_IN; + } + + return ret; +} +#endif + +/* Generate a WOTS+ signature on an n-byte message. + * + * FIPS 205. Section 5.2. Algorithm 7 + * wots_sign(M, SK.seed, PK.seed, ADRS) + * 1: csum <- 0 + * 2: msg <- base_2b(M , lgw , len1 ) > convert message to base w + * 3: for i from 0 to len1 - 1 do + * 4: csum <- csum + w - 1 - msg[i] + * 5: end for > compute checksum + * 6: csum <- csum << ((8 - ((len2.lgw) mod 8)) mod 8) + * > for lgw = 4, left shift by 4 + * 7: msg <- msg || base_2b(toByte(csum, upper(len2.lgw/8)), lgw , len2) + * > convert to base w + * 8: skADRS <- ADRS > copy address to create key generation key address + * 9: skADRS.setTypeAndClear(WOTS_PRF) + * 10: skADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 11: for i from 0 to len - 1 do + * 12: skADRS.setChainAddress(i) + * 13: sk <- PRF(PK.seed, SK.seed, skADRS) > compute chain i secret value + * 14: ADRS.setChainAddress(i) + * 15: sig[i] <- chain(sk, 0, msg[i], PK.seed, ADRS) + * > compute chain i signature value + * 16: end for + * 17: return sig + * + * @param [in] key SLH-DSA key. + * @param [in] m n-bytes message. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] sig Signature - (2.n + 3) hashes of length n. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_sign(SlhDsaKey* key, const byte* m, + const byte* sk_seed, const byte* pk_seed, word32* adrs, byte* sig) +{ + int ret; + word16 csum; + HashAddress sk_adrs; + byte n = key->params->n; + byte len = key->params->len; + int i; + byte msg[SLHDSA_MAX_MSG_SZ]; + + /* Step 1: Start csum at 0 */ + csum = 0; + /* Step 3: For each byte in message. */ + for (i = 0; i < n * 2; i += 2) { + /* Step 2: Append high order 4 bits to msg. */ + msg[i+0] = (m[i / 2] >> 4) & 0xf; + /* Step 4: Calculate checksum with first lgw bits. */ + csum += SLHDSA_WM1 - msg[i + 0]; + /* Step 2: Append low order 4 bits to msg. */ + msg[i+1] = m[i / 2] & 0xf; + /* Step 4: Calculate checksum with next lgw bits. */ + csum += SLHDSA_WM1 - msg[i + 1]; + } + /* Steps 6-7: Encode bottom 12 bits of csum onto end of msg. */ + msg[i + 0] = (csum >> 8) & 0xf; + msg[i + 1] = (csum >> 4) & 0xf; + msg[i + 2] = csum & 0xf; + + /* Steps 8-10: Copy address for WOTS PRF. */ + HA_Copy(sk_adrs, adrs); + HA_SetTypeAndClearNotKPA(sk_adrs, HA_WOTS_PRF); +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) + /* Steps 11-17: Generate signature from msg. */ + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = slhdsakey_wots_sign_chain_x4(key, msg, sk_seed, pk_seed, adrs, + sk_adrs, sig); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + /* Step 11: For each value of msg. */ + for (i = 0; i < len; i++) { + /* Step 12: Set chain address for WOTS PRF. */ + HA_SetChainAddress(sk_adrs, i); + /* Step 13. PRF hash seeds and chain address. */ + ret = HASH_PRF(&key->shake, pk_seed, sk_seed, sk_adrs, n, sig); + if (ret != 0) { + break; + } + /* Step 14: Set chain address for WOTS HASH. */ + HA_SetChainAddress(adrs, i); + /* Step 15. Chain hashes for msg value iterations. */ + ret = slhdsakey_chain(key, sig, 0, msg[i], pk_seed, adrs, sig); + if (ret != 0) { + break; + } + /* Step 15: Move to next hash in signature. */ + sig += n; + } + } + + return ret; +} +#endif + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) +/* Computes 4 chains simultaneously from starts to w-1 when n=16. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 10: tmp[i] <- chain(sig[i], msg[i], w - 1 - msg[i], PK.seed, ADRS) + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [in] msg Encoded message with checksum. + * @param [in] idx Indices of chains. + * @param [in] j Shortest chain length already calculated. + * @param [in] cnt Number of chains to complete. + * @param [out] nodes Buffer to place completed chains. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_to_max_16(SlhDsaKey* key, const byte* sig, + const byte* pk_seed, word32* adrs, const byte* msg, byte* idx, int j, + int cnt, byte* nodes) +{ + int ret = 0; + byte node[4 * 16]; + byte addr[SLHDSA_HA_SZ]; + + HA_SetChainAddress(adrs, idx[0]); + HA_Encode(adrs, addr); + + XMEMCPY(node + 0 * 16, sig + idx[0] * 16, 16); + if ((msg[idx[0]] != j) && (msg[idx[0]] != msg[idx[1]])) { + ret = slhdsakey_chain(key, node, msg[idx[0]], + msg[idx[1]] - msg[idx[0]], pk_seed, adrs, node); + } + if (ret == 0) { + XMEMCPY(node + 1 * 16, sig + idx[1] * 16, 16); + XMEMSET(node + 2 * 16, 0, sizeof(node) - 2 * 16); + if ((msg[idx[1]] != j) && (msg[idx[1]] != msg[idx[2]])) { + ret = slhdsakey_chain_idx_x4_16(node, msg[idx[1]], + msg[idx[2]] - msg[idx[1]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(node + 2 * 16, sig + idx[2] * 16, 16); + if ((cnt > 3) && (msg[idx[2]] != j)) { + ret = slhdsakey_chain_idx_x4_16(node, msg[idx[2]], + j - msg[idx[2]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + if (cnt > 3) { + XMEMCPY(node + 3 * 16, sig + idx[3] * 16, 16); + } + if (j != SLHDSA_WM1) { + ret = slhdsakey_chain_idx_x4_16(node, j, SLHDSA_WM1 - j, pk_seed, + addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(nodes + idx[0] * 16, node + 0 * 16, 16); + XMEMCPY(nodes + idx[1] * 16, node + 1 * 16, 16); + XMEMCPY(nodes + idx[2] * 16, node + 2 * 16, 16); + if (cnt > 3) { + XMEMCPY(nodes + idx[3] * 16, node + 3 * 16, 16); + } + } + + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) +/* Computes 4 chains simultaneously from starts to w-1 when n=24. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 10: tmp[i] <- chain(sig[i], msg[i], w - 1 - msg[i], PK.seed, ADRS) + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [in] msg Encoded message with checksum. + * @param [in] idx Indices of chains. + * @param [in] j Shortest chain length already calculated. + * @param [in] cnt Number of chains to complete. + * @param [out] nodes Buffer to place completed chains. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_to_max_24(SlhDsaKey* key, const byte* sig, + const byte* pk_seed, word32* adrs, const byte* msg, byte* idx, int j, + int cnt, byte* nodes) +{ + int ret = 0; + byte node[4 * 24]; + byte addr[SLHDSA_HA_SZ]; + + HA_SetChainAddress(adrs, idx[0]); + HA_Encode(adrs, addr); + + XMEMCPY(node + 0 * 24, sig + idx[0] * 24, 24); + if ((msg[idx[0]] != j) && (msg[idx[0]] != msg[idx[1]])) { + ret = slhdsakey_chain(key, node, msg[idx[0]], + msg[idx[1]] - msg[idx[0]], pk_seed, adrs, node); + } + if (ret == 0) { + XMEMCPY(node + 1 * 24, sig + idx[1] * 24, 24); + XMEMSET(node + 2 * 24, 0, sizeof(node) - 2 * 24); + if ((msg[idx[1]] != j) && (msg[idx[1]] != msg[idx[2]])) { + ret = slhdsakey_chain_idx_x4_24(node, msg[idx[1]], + msg[idx[2]] - msg[idx[1]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(node + 2 * 24, sig + idx[2] * 24, 24); + if ((cnt > 3) && (msg[idx[2]] != j)) { + ret = slhdsakey_chain_idx_x4_24(node, msg[idx[2]], + j - msg[idx[2]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + if (cnt > 3) { + XMEMCPY(node + 3 * 24, sig + idx[3] * 24, 24); + } + if (j != SLHDSA_WM1) { + ret = slhdsakey_chain_idx_x4_24(node, j, SLHDSA_WM1 - j, pk_seed, + addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(nodes + idx[0] * 24, node + 0 * 24, 24); + XMEMCPY(nodes + idx[1] * 24, node + 1 * 24, 24); + XMEMCPY(nodes + idx[2] * 24, node + 2 * 24, 24); + if (cnt > 3) { + XMEMCPY(nodes + idx[3] * 24, node + 3 * 24, 24); + } + } + + return ret; +} +#endif + +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) +/* Computes 4 chains simultaneously from starts to w-1 when n=32. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 10: tmp[i] <- chain(sig[i], msg[i], w - 1 - msg[i], PK.seed, ADRS) + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [in] msg Encoded message with checksum. + * @param [in] idx Indices of chains. + * @param [in] j Shortest chain length already calculated. + * parama [in] cnt Number of chains to complete. + * @param [out] nodes Buffer to place completed chains. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_chain_idx_to_max_32(SlhDsaKey* key, const byte* sig, + const byte* pk_seed, word32* adrs, const byte* msg, byte* idx, int j, + int cnt, byte* nodes) +{ + int ret = 0; + byte node[4 * 32]; + byte addr[SLHDSA_HA_SZ]; + + HA_SetChainAddress(adrs, idx[0]); + HA_Encode(adrs, addr); + + XMEMCPY(node + 0 * 32, sig + idx[0] * 32, 32); + if ((msg[idx[0]] != j) && (msg[idx[0]] != msg[idx[1]])) { + ret = slhdsakey_chain(key, node, msg[idx[0]], + msg[idx[1]] - msg[idx[0]], pk_seed, adrs, node); + } + if (ret == 0) { + XMEMCPY(node + 1 * 32, sig + idx[1] * 32, 32); + XMEMSET(node + 2 * 32, 0, sizeof(node) - 2 * 32); + if ((msg[idx[1]] != j) && (msg[idx[1]] != msg[idx[2]])) { + ret = slhdsakey_chain_idx_x4_32(node, msg[idx[1]], + msg[idx[2]] - msg[idx[1]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(node + 2 * 32, sig + idx[2] * 32, 32); + if ((cnt > 3) && (msg[idx[2]] != j)) { + ret = slhdsakey_chain_idx_x4_32(node, msg[idx[2]], + j - msg[idx[2]], pk_seed, addr, idx, key->heap); + } + } + if (ret == 0) { + if (cnt > 3) { + XMEMCPY(node + 3 * 32, sig + idx[3] * 32, 32); + } + if (j != SLHDSA_WM1) { + ret = slhdsakey_chain_idx_x4_32(node, j, SLHDSA_WM1 - j, pk_seed, + addr, idx, key->heap); + } + } + if (ret == 0) { + XMEMCPY(nodes + idx[0] * 32, node + 0 * 32, 32); + XMEMCPY(nodes + idx[1] * 32, node + 1 * 32, 32); + XMEMCPY(nodes + idx[2] * 32, node + 2 * 32, 32); + if (cnt > 3) { + XMEMCPY(nodes + idx[3] * 32, node + 3 * 32, 32); + } + } + + return ret; +} +#endif +#endif + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +/* Computes a WOTS+ public key from a message and its signature. + * + * Computes four iteration hashes simultaneously. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 8: for i from 0 to len - 1 do + * 9: ADRS.setChainAddress(i) + * ... + * 11: end for + * 12: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * 13: wotspkADRS.setTypeAndClear(WOTS_PK) + * 14: wotspkADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 15: pksig <- Tlen (PK.seed, wotspkADRS, tmp) + * 16: return pksig + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] msg Encoded message with checksum. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [out] pk_sig Root node - public key signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_wots_pk_from_sig_x4(SlhDsaKey* key, const byte* sig, + const byte* msg, const byte* pk_seed, word32* adrs, byte* pk_sig) +{ + int ret = 0; + byte idx[4] = {0}; + int i; + byte ii; + sword8 j; + HashAddress wotspk_adrs; + byte n = key->params->n; + byte len = key->params->len; + WC_DECLARE_VAR(nodes, byte, SLHDSA_MAX_MSG_SZ * SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(nodes, byte, SLHDSA_MAX_MSG_SZ * SLHDSA_MAX_N, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128) + if ((ret == 0) && (n == 16)) { + ii = 0; + for (j = 0; j <= SLHDSA_WM1; j++) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_chain_idx_to_max_16(key, sig, + pk_seed, adrs, msg, idx, j, 4, nodes); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + + if (ret == 0) { + j = max(max(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_to_max_16(key, sig, pk_seed, adrs, msg, + idx, j, 3, nodes); + } + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + if ((ret == 0) && (n == 24)) { + ii = 0; + for (j = 0; j <= SLHDSA_WM1; j++) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_chain_idx_to_max_24(key, sig, + pk_seed, adrs, msg, idx, j, 4, nodes); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + + if (ret == 0) { + j = max(max(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_to_max_24(key, sig, pk_seed, adrs, msg, + idx, j, 3, nodes); + } + } + else +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) + if ((ret == 0) && (n == 32)) { + ii = 0; + for (j = 0; j <= SLHDSA_WM1; j++) { + for (i = 0; i < len; i++) { + if ((sword8)msg[i] == j) { + idx[ii++] = i; + if (ii == 4) { + ret = slhdsakey_chain_idx_to_max_32(key, sig, + pk_seed, adrs, msg, idx, j, 4, nodes); + if (ret != 0) { + break; + } + ii = 0; + } + } + } + } + + if (ret == 0) { + j = max(max(msg[idx[0]], msg[idx[1]]), msg[idx[2]]); + ret = slhdsakey_chain_idx_to_max_32(key, sig, pk_seed, adrs, msg, + idx, j, 3, nodes); + } + } + else +#endif + if (ret == 0) { + ret = NOT_COMPILED_IN; + } + if (ret == 0) { + HA_Copy(wotspk_adrs, adrs); + HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK); + ret = slhdsakey_hash_start_addr(&key->shake2, pk_seed, wotspk_adrs, n); + } + if (ret == 0) { + ret = slhdsakey_hash_update(&key->shake2, nodes, len * n); + sig += len * n; + } + if (ret == 0) { + ret = slhdsakey_hash_final(&key->shake2, pk_sig, n); + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_WC_SLHDSA_SMALL_MEM) +/* Computes a WOTS+ public key from a message and its signature. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 8: for i from 0 to len - 1 do + * 9: ADRS.setChainAddress(i) + * 10: tmp[i] <- chain(sig[i], msg[i], w - 1 - msg[i], PK.seed, ADRS) + * 11: end for + * 12: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * 13: wotspkADRS.setTypeAndClear(WOTS_PK) + * 14: wotspkADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 15: pksig <- Tlen(PK.seed, wotspkADRS, tmp) + * 16: return pksig + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] msg Encoded message with checksum. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [out] pk_sig Root node - public key signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_pk_from_sig_c(SlhDsaKey* key, const byte* sig, + const byte* msg, const byte* pk_seed, word32* adrs, byte* pk_sig) +{ + int ret = 0; + int i; + byte n = key->params->n; + byte len = key->params->len; + HashAddress wotspk_adrs; + WC_DECLARE_VAR(nodes, byte, SLHDSA_MAX_MSG_SZ * SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(nodes, byte, SLHDSA_MAX_MSG_SZ * SLHDSA_MAX_N, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* Step 8: For each value in msg. */ + for (i = 0; i < len; i++) { + /* Step 9: Set chain address for WOTS HASH. */ + HA_SetChainAddress(adrs, i); + /* Step 10: Chain the hash from the msg value to w-1. */ + ret = slhdsakey_chain(key, sig, msg[i], SLHDSA_WM1 - msg[i], + pk_seed, adrs, nodes + i * n); + if (ret != 0) { + break; + } + /* Move on to next signature hash. */ + sig += n; + } + } + if (ret == 0) { + /* Step 12-14: Copy the address for WOTS PK. */ + HA_Copy(wotspk_adrs, adrs); + HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK); + /* Step 15: Hash the public key seed and WOTS PK address ... */ + ret = slhdsakey_hash_start_addr(&key->shake2, pk_seed, wotspk_adrs, n); + } + if (ret == 0) { + /* Step 15: Update with the nodes ... */ + ret = slhdsakey_hash_update(&key->shake2, nodes, len * n); + } + if (ret == 0) { + /* Step 15: Generate root node - public key signature. */ + ret = slhdsakey_hash_final(&key->shake2, pk_sig, n); + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#else +/* Computes a WOTS+ public key from a message and its signature. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * ... + * 8: for i from 0 to len - 1 do + * 9: ADRS.setChainAddress(i) + * 10: tmp[i] <- chain(sig[i], msg[i], w - 1 - msg[i], PK.seed, ADRS) + * 11: end for + * 12: wotspkADRS <- ADRS > copy address to create WOTS+ public key address + * 13: wotspkADRS.setTypeAndClear(WOTS_PK) + * 14: wotspkADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 15: pksig <- Tlen (PK.seed, wotspkADRS, tmp) + * 16: return pksig + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] msg Encoded message with checksum. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [out] pk_sig Root node - public key signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_pk_from_sig_c(SlhDsaKey* key, const byte* sig, + const byte* msg, const byte* pk_seed, word32* adrs, byte* pk_sig) +{ + int ret; + int i; + byte n = key->params->n; + byte len = key->params->len; + HashAddress wotspk_adrs; + byte* node = pk_sig; + + /* Step 12-14: Copy the address for WOTS PK. */ + HA_Copy(wotspk_adrs, adrs); + HA_SetTypeAndClearNotKPA(wotspk_adrs, HA_WOTS_PK); + /* Step 15: Hash the public key seed and WOTS PK address ... */ + ret = slhdsakey_hash_start_addr(&key->shake2, pk_seed, wotspk_adrs, n); + if (ret == 0) { + /* Step 8: For each value in msg. */ + for (i = 0; i < len; i++) { + /* Step 9: Set chain address for WOTS HASH. */ + HA_SetChainAddress(adrs, i); + /* Step 10: Chain the hash from the msg value to w-1. */ + ret = slhdsakey_chain(key, sig, msg[i], SLHDSA_WM1 - msg[i], + pk_seed, adrs, node); + if (ret != 0) { + break; + } + /* Step 15: Update with node ... */ + ret = slhdsakey_hash_update(&key->shake2, node, n); + if (ret != 0) { + break; + } + /* Move on to next signature hash. */ + sig += n; + } + } + if (ret == 0) { + /* Step 15: Generate root node - public key signature. */ + ret = slhdsakey_hash_final(&key->shake2, pk_sig, n); + } + + return ret; +} +#endif + +/* Computes a WOTS+ public key from a message and its signature. + * + * FIPS 205. Section 5.3. Algorithm 8. + * wots_pkFromSig(sig, M, PK.seed, ADRS) + * 1: csum <- 0 + * 2: msg <- base_2b(M , lgw , len1 ) > convert message to base w + * 3: for i from 0 to len1 - 1 do + * 4: csum <- csum + w - 1 - msg[i] + * 5: end for > compute checksum + * 6: csum <- csum << ((8 - ((len2.lgw) mod 8)) mod 8) + * > for lgw = 4, left shift by 4 + * 7: msg <- msg || base_2b(toByte(csum, upper(len2.lgw/8)), lgw , len2) + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig Signature - (2.n + 3) hashes of length n. + * @param [in] m Message. + * @param [in] pk_seed Public key seed. + * @param [in] adrs WOTS HASH HashAddress. + * @param [out] pk_sig Root node - public key signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_wots_pk_from_sig(SlhDsaKey* key, const byte* sig, + const byte* m, const byte* pk_seed, word32* adrs, byte* pk_sig) +{ + int ret; + word16 csum; + byte n = key->params->n; + int i; + byte msg[SLHDSA_MAX_MSG_SZ]; + + /* Step 1: Start csum at 0 */ + csum = 0; + /* Step 3: For each byte in message. */ + for (i = 0; i < n * 2; i += 2) { + /* Step 2: Append high order 4 bits to msg. */ + msg[i+0] = (m[i / 2] >> 4) & 0xf; + /* Step 4: Calculate checksum with first lgw bits. */ + csum += SLHDSA_WM1 - msg[i + 0]; + /* Step 2: Append low order 4 bits to msg. */ + msg[i+1] = m[i / 2] & 0xf; + /* Step 4: Calculate checksum with next lgw bits. */ + csum += SLHDSA_WM1 - msg[i + 1]; + } + /* Steps 6-7: Encode bottom 12 bits of csum onto end of msg. */ + msg[i + 0] = (csum >> 8) & 0xf; + msg[i + 1] = (csum >> 4) & 0xf; + msg[i + 2] = csum & 0xf; + + /* Steps 8-16. */ +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = slhdsakey_wots_pk_from_sig_x4(key, sig, msg, pk_seed, adrs, + pk_sig); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + { + ret = slhdsakey_wots_pk_from_sig_c(key, sig, msg, pk_seed, adrs, + pk_sig); + } + + return ret; +} + +/****************************************************************************** + * XMSS + ******************************************************************************/ + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +#ifndef WOLFSSL_WC_SLHDSA_RECURSIVE +/* Compute the root node of Merkle subtree of WOTS+ public keys. + * + * Algorithm 9 xmss_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: ADRS.setTypeAndClear(WOTS_HASH) + * 3: ADRS.setKeyPairAddress(i) + * 4: node <- wots_pkGen(SK.seed, PK.seed, ADRS) + * 5: else + * 6: lnode <- xmss_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 7: rnode <- xmss_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 8: ADRS.setTypeAndClear(TREE) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in, out] adrs HashAddress - WOTS HASH. + * @param [out] node Root node. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_xmss_node(SlhDsaKey* key, const byte* sk_seed, int i, + int z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + + /* Step 1: Are we at the bottom of the subtree. */ + if (z == 0) { + /* Step 2: Copy the address for WOTS HASH. */ + HA_SetTypeAndClearNotKPA(adrs, HA_WOTS_HASH); + /* Step 3: Set key pair address. */ + HA_SetKeyPairAddress(adrs, i); + /* Step 4: Generate WOTS+ public key. */ + ret = slhdsakey_wots_pkgen(key, sk_seed, pk_seed, adrs, node); + } + else { + WC_DECLARE_VAR(nodes, byte, (SLHDSA_MAX_H_M + 2) * SLHDSA_MAX_N, + key->heap); + word32 j; + word32 k; + word32 m = (word32)1 << z; + byte n = key->params->n; + + WC_ALLOC_VAR_EX(nodes, byte, (SLHDSA_MAX_H_M + 2) * SLHDSA_MAX_N, + key->heap, DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* For each node at bottom of tree. */ + for (j = 0; j < m; j++) { + /* Step 2: Copy the address for WOTS HASH. */ + HA_SetTypeAndClearNotKPA(adrs, HA_WOTS_HASH); + /* Step 3: Set key pair address. */ + HA_SetKeyPairAddress(adrs, m * i + j); + /* Step 4: Generate WOTS+ public key. */ + ret = slhdsakey_wots_pkgen(key, sk_seed, pk_seed, adrs, + nodes + (z - 1 + (j & 1)) * n); + if (ret != 0) { + break; + } + + /* For intermediate nodes. */ + for (k = z-1; k > 0; k--) { + if (((j >> (z-1-k)) & 1) == 1) { + /* Step 6 and 7 have been done. */ + /* Steps 8-10: Step type, height and index for TREE. */ + HA_SetTypeAndClear(adrs, HA_TREE); + HA_SetTreeHeight(adrs, z - k); + HA_SetTreeIndex(adrs, (m * i + j) >> (z - k)); + /* Step 11: Calculate node from two below. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes + k * n, + n, nodes + (k - 1 + ((j >> (z-k)) & 1)) * n); + if (ret != 0) { + break; + } + } + else { + break; + } + } + if (ret != 0) { + break; + } + } + if (ret == 0) { + /* Root node into output. */ + /* Steps 8-10: Step type, height and index for TREE. */ + HA_SetTypeAndClear(adrs, HA_TREE); + HA_SetTreeHeight(adrs, z); + HA_SetTreeIndex(adrs, i); + /* Step 11: Calculate node from two below. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} +#else +/* Compute the root node of Merkle subtree of WOTS+ public keys. + * + * FIPS 205. Section 6.1. Algorithm 9. + * xmss_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: ADRS.setTypeAndClear(WOTS_HASH) + * 3: ADRS.setKeyPairAddress(i) + * 4: node <- wots_pkGen(SK.seed, PK.seed, ADRS) + * 5: else + * 6: lnode <- xmss_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 7: rnode <- xmss_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 8: ADRS.setTypeAndClear(TREE) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in, out] adrs HashAddress - WOTS HASH. + * @param [out] node Root node. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_xmss_node(SlhDsaKey* key, const byte* sk_seed, int i, + int z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + byte nodes[2 * SLHDSA_MAX_N]; + + /* Step 1: Are we at the bottom of the subtree. */ + if (z == 0) { + /* Step 2: Copy the address for WOTS HASH. */ + HA_SetTypeAndClearNotKPA(adrs, HA_WOTS_HASH); + /* Step 3: Set key pair address. */ + HA_SetKeyPairAddress(adrs, i); + /* Step 4: Generate WOTS+ public key. */ + ret = slhdsakey_wots_pkgen(key, sk_seed, pk_seed, adrs, node); + } + else { + byte n = key->params->n; + + /* Step 6: Calculate left node recursively. */ + ret = slhdsakey_xmss_node(key, sk_seed, 2 * i, z - 1, pk_seed, adrs, + nodes); + if (ret == 0) { + /* Step 7: Calculate right node recursively. */ + ret = slhdsakey_xmss_node(key, sk_seed, 2 * i + 1, z - 1, pk_seed, + adrs, nodes + n); + } + if (ret == 0) { + /* Steps 8-10: Step type, height and index for TREE. */ + HA_SetTypeAndClear(adrs, HA_TREE); + HA_SetTreeHeight(adrs, z); + HA_SetTreeIndex(adrs, i); + /* Step 11: Calculate node from two below. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + } + + return ret; +} +#endif + +/* Generate XMSS signature. + * + * FIPS 205. Section 6.2. Algorithm 10. + * xmss_sign(M SK.seed, idx PK.seed, ADRS) + * 1: for j from 0 to h' - 1 do > build authentication path + * 2: k <- lower(idx/2^j) XOR 1 + * 3: AUTH[j] <- xmss_node(SK.seed, k, j, PK.seed, ADRS) + * 4: end for + * 5: ADRS.setTypeAndClear(WOTS_HASH) + * 6: ADRS.setKeyPairAddress(idx) + * 7: sig <- wots_sign(M , SK.seed, PK.seed, ADRS) + * 8: SIGXMSS <- sig || AUTH + * 9: return SIGXMSS + * + * @param [in] key SLH-DSA key. + * @param [in] m n-byte message. + * @param [in] sk_seed Private key seed. + * @param [in] idx Key pair address of WOTS hash. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] sig_xmss XMSS signature. + * len n-byte nodes and h' authentication nodes. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_xmss_sign(SlhDsaKey* key, const byte* m, + const byte* sk_seed, word32 idx, const byte* pk_seed, word32* adrs, + byte* sig_xmss) +{ + int ret; + byte n = key->params->n; + byte len = key->params->len; + byte h_m = key->params->h_m; + /* Step 8: Place authentication nodes after WOTS+ signature. */ + byte* auth = sig_xmss + (len * n); + word32 i = idx; + int j; + + /* Step 1: For each height of XMSS tree. */ + for (j = 0; j < h_m; j++) { + /* Step 2: Calculate index of other node. */ + word32 k = i ^ 1; + /* Step 3: Calculate authentication node. */ + ret = slhdsakey_xmss_node(key, sk_seed, k, j, pk_seed, adrs, auth); + if (ret != 0) { + break; + } + /* Step 3: Move to next authentication node. */ + auth += n; + /* Step 2: Update index. */ + i >>= 1; + } + + if (ret == 0) { + /* Step 5: Set address of WOTS HASH. */ + HA_SetTypeAndClearNotKPA(adrs, HA_WOTS_HASH); + /* Step 6: Set key pair address into address. */ + HA_SetKeyPairAddress(adrs, idx); + /* Step 7: WOTS+ sign message. */ + ret = slhdsakey_wots_sign(key, m, sk_seed, pk_seed, adrs, sig_xmss); + } + + return ret; +} +#endif + +/* Compute XMSS public key from XMSS signature. + * + * FIPS 205. Section 6.3. Algorithm 11. + * xmss_pkFromSig(idx, SIGXMSS, M PK.seed, ADRS) + * 1: ADRS.setTypeAndClear(WOTS_HASH) > compute WOTS+ pk from WOTS+ sig + * 2: ADRS.setKeyPairAddress(idx) + * 3: sig <- SIGXMSS.getWOTSSig() > SIGXMSS [0 : len . n] + * 4: AUTH <- SIGXMSS.getXMSSAUTH() > SIGXMSS [len . n : (len + h') . n] + * 5: node[0] <- wots_pkFromSig(sig, M, PK.seed, ADRS) + * 6: ADRS.setTypeAndClear(TREE) > compute root from WOTS+ pk and AUTH + * 7: ADRS.setTreeIndex(idx + * 8: for k from 0 to h' - 1 do + * 9: ADRS.setTreeHeight(k + 1) + * 10: if lower(idx/2^k) is even then + * 11: ADRS.setTreeIndex(ADRS.getTreeIndex()/2) + * 12: node[1] <- H(PK.seed, ADRS, node[0] || AUTH[k]) + * 13: else + * 14: ADRS.setTreeIndex((ADRS.getTreeIndex() - 1)/2) + * 15: node[1] <- H(PK.seed, ADRS, AUTH[k] || node[0]) + * 16: end if + * 17: node[0] <- node[1] + * 18: end for + * 19: return node[0] + * + * @param [in] key SLH-DSA key. + * @param [in] idx Key pair address of WOTS hash. + * @param [in] sig_xmss XMSS signature. + * len n-byte nodes and h' authentication nodes. + * @param [in] m n-byte message. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] node XMSS public key. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_xmss_pk_from_sig(SlhDsaKey* key, word32 idx, + const byte* sig_xmss, const byte* m, const byte* pk_seed, word32* adrs, + byte* node) +{ + int ret; + byte n = key->params->n; + byte h_m = key->params->h_m; + byte len = key->params->len; + /* Step 3: Set pointer to first signature node. */ + const byte* sig = sig_xmss; + /* Step 4: Set pointer to first authentication node. */ + const byte* auth = sig_xmss + (len * n); + int k; + + /* Step 1: Set address type to WOTS HASH. */ + HA_SetTypeAndClear(adrs, HA_WOTS_HASH); + /* Step 2: Set key pair address. */ + HA_SetKeyPairAddress(adrs, idx); + /* Step 5: Compute WOTS+ public key from signature. */ + ret = slhdsakey_wots_pk_from_sig(key, sig, m, pk_seed, adrs, node); + if (ret == 0) { + /* Step 6: Set address type to TREE. */ + HA_SetTypeAndClear(adrs, HA_TREE); + /* Step 2: Set key pair address. */ + HA_SetTreeIndex(adrs, idx); + /* Step 8: For each height of the XMSS tree. */ + for (k = 0; k < h_m; k++) { + /* Calculate which side the current and authentication nodes are. */ + byte side = idx & 1; + /* Update tree index. */ + idx >>= 1; + + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, k + 1); + /* Steps 11 and 14: Set tree index. */ + HA_SetTreeIndex(adrs, idx); + /* Step 10: Check which order to put nodes. */ + if (side == 0) { + /* Steps 12,17: Calculate node with sig node on right. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, node, auth, n, node); + } + else { + /* Steps 15,17: Calculate node with sig node on left. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, auth, node, n, node); + } + if (ret != 0) { + break; + } + /* Next authentication node. */ + auth += n; + } + } + + return ret; +} + +/****************************************************************************** + * HT - HyperTree + ******************************************************************************/ + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Generate hypertree signature. + * + * FIPS 205. Section 7.1. Algorithm 12. + * ht_sign(M SK.seed, PK.seed, idxtree, idxleaf) + * 1: ADRS <- toByte(0, 32) + * 2: ADRS.setTreeAddress(idxtree) + * 3: SIGtmp <- xmss_sign(x, SK.seed, idxleaf, PK.seed, ADRS) + * 4: SIGHT <- SIGtmp + * 5: root <- xmss_pkFromSig(idxleaf, SIGtmp, M, PK.seed, ADRS) + * 6: for j from 1 to d - 1 do + * 7: idxleaf <- idxleaf mod 2^h' > h' least significant bits of idxtree + * 8: idxtree <- idxtree >> h' + * > remove least significant h' bits from idxtree + * 9: ADRS.setLayerAddress(j) + * 10: ADRS.setTreeAddress(idxtree) + * 11: SIGtmp <- xmss_sign(root, SK.seed, idxleaf, PK.seed, ADRS) + * 12: SIGHT <- SIGHT || SIGtmp + * 13: if j < d - 1 then + * 14: root <- xmss_pkFromSig(idxleaf, SIGtmp, root, PK.seed, ADRS) + * 15: end if + * 16: end for + * 17: return SIGHT + * + * @param [in] key SLH-DSA key. + * @param [in] pk_fors FORS public key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] idx_tree Tree address. + * @param [in] idx_leaf Key pair address. + * @param [out] sig_ht Hypertree signature - d x n-byte nodes. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_ht_sign(SlhDsaKey* key, const byte* pk_fors, + const byte* sk_seed, const byte* pk_seed, word32* idx_tree, word32 idx_leaf, + byte* sig_ht) +{ + int ret; + HashAddress adrs; + byte root[SLHDSA_MAX_N]; + byte n = key->params->n; + byte h_m = key->params->h_m; + byte len = key->params->len; + byte d = key->params->d; + int j; + word32 mask = ((word32)1 << h_m) - 1; + + /* Step 1: Set address to all zeros. */ + HA_Init(adrs); + /* Step 2: Set tree address. */ + HA_SetTreeAddress(adrs, idx_tree); + /* Step 3: Compute XMSS signature. */ + ret = slhdsakey_xmss_sign(key, pk_fors, sk_seed, idx_leaf, pk_seed, adrs, + sig_ht); + if (ret == 0) { + /* Step 5: Compute root/public key from signature. */ + ret = slhdsakey_xmss_pk_from_sig(key, idx_leaf, sig_ht, pk_fors, + pk_seed, adrs, root); + /* Step 4: Step hypertree signature over XMSS signature. */ + sig_ht += (h_m + len) * n; + } + if (ret == 0) { + /* Step 6: For remaining depths. */ + for (j = 1; j < d; j++) { + /* Step 7: Get bottom h' bits for index into tree. */ + idx_leaf = INDEX_TREE_MASK(idx_tree, mask); + /* Step 8: Update tree index to exclude this subtree. */ + INDEX_TREE_SHIFT_DOWN(idx_tree, h_m); + /* Step 9: Set layer address. */ + HA_SetLayerAddress(adrs, j); + /* Step 10: Set tree index. */ + HA_SetTreeAddress(adrs, idx_tree); + /* Step 11: Compute XMSS signature. */ + ret = slhdsakey_xmss_sign(key, root, sk_seed, idx_leaf, pk_seed, + adrs, sig_ht); + if (ret != 0) { + break; + } + /* Step 13: Check if we need to calculate next root. */ + if (j < d) { + /* Step 14: Compute root/public key from signature. */ + ret = slhdsakey_xmss_pk_from_sig(key, idx_leaf, sig_ht, root, + pk_seed, adrs, root); + if (ret != 0) { + break; + } + } + /* Step 12: Step hypertree signature over XMSS signature. */ + sig_ht += (h_m + len) * n; + } + } + + return ret; +} +#endif + +/* Verify hypertree signature. + * + * FIPS 205. Section 7.2 Algorithm 13. + * ht_verify(M SIGHT, PK.seed, idxtree, idxleaf, PK.root) + * 1: ADRS <- toByte(0, 32) + * 2: ADRS.setTreeAddress(idxtree) + * 3: SIGtmp <- SIGHT.getXMSSSignature(0) > SIGHT[0 : (h' + len) . n] + * 4: node <- xmss_pkFromSig(idxleaf, SIGtmp, M, PK.seed, ADRS) + * 5: for j from 1 to d - 1 do + * 6: idxleaf <- idxtree mod 2^h' > h' least significant bits of idxtree + * 7: idxtree <- idxtree >> h' + * > remove least significant h' bits from idxtree + * 8: ADRS.setLayerAddress(j) + * 9: ADRS.setTreeAddress(idxtree) + * 10: SIGtmp <- SIGHT .getXMSSSignature(j) + * > SIGHT[h . (h' + len) . n : (j + 1)(h' + len . n] + * 11: node <- xmss_pkFromSig(idxleaf, SIGtmp, node, PK.seed, ADRS) + * 12: end for + * 13: if node = PK.root then + * 14: return true + * 15: else + * 16: return false + * 17: end if + * + * @param [in] key SLH-DSA key. + * @param [in] m Message to verify. + * @param [in] sig_ht Hypertree signature. + * @param [in] pk_seed Public key seed. + * @param [in] idx_tree Tree address. + * @param [in] idx_leaf Key pair address. + * @param [in] pk_root Public key root node. + * @return 0 on success. + * @return SIG_VERIFY_E when calculated node doesn't match public key node. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_ht_verify(SlhDsaKey* key, const byte* m, + const byte* sig_ht, const byte* pk_seed, word32* idx_tree, word32 idx_leaf, + const byte* pk_root) +{ + int ret; + HashAddress adrs; + byte node[SLHDSA_MAX_N]; + byte n = key->params->n; + byte h_m = key->params->h_m; + byte len = key->params->len; + byte d = key->params->d; + int j; + /* For Step 6. */ + word32 mask = ((word32)1 << h_m) - 1; + + /* Step 1: Set address to all zeros. */ + HA_Init(adrs); + /* Step 2: Set tree address. */ + HA_SetTreeAddress(adrs, idx_tree); + /* Step 4: Get public key node from XMSS signature. */ + ret = slhdsakey_xmss_pk_from_sig(key, idx_leaf, sig_ht, m, pk_seed, adrs, + node); + /* Step 3: Move over XMSS signature. */ + sig_ht += (h_m + len) * n; + + if (ret == 0) { + /* Step 5: For remaining depths. */ + for (j = 1; j < d; j++) { + /* Step 6: Get bottom h' bits for index into tree. */ + idx_leaf = INDEX_TREE_MASK(idx_tree, mask); + /* Step 7: Update tree index to exclude this subtree. */ + INDEX_TREE_SHIFT_DOWN(idx_tree, h_m); + /* Step 8: Set layer address. */ + HA_SetLayerAddress(adrs, j); + /* Step 9: Set tree index. */ + HA_SetTreeAddress(adrs, idx_tree); + /* Step 11: Get public key node from XMSS signature. */ + ret = slhdsakey_xmss_pk_from_sig(key, idx_leaf, sig_ht, node, + pk_seed, adrs, node); + if (ret != 0) { + break; + } + /* Step 10: Move over XMSS signature. */ + sig_ht += (h_m + len) * n; + } + } + /* Step 13: Compare computed node with public key root. */ + if ((ret == 0) && (XMEMCMP(node, pk_root, n) != 0)) { + /* Step 16: Return signature verification failed. */ + ret = SIG_VERIFY_E; + } + + return ret; +} + +/****************************************************************************** + * FORS + ******************************************************************************/ + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Generate FORS private-key value. + * + * FIPS 205. Section 8.1. Algorithm 14 + * fors_skGen(SK.seed, PK.seed, ADRS, idx) + * 1: skADRS <- ADRS > copy address to create key generation address + * 2: skADRS.setTypeAndClear(FORS_PRF) + * 3: skADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 4: skADRS.setTreeIndex(idx) + * 5: return PRF(PK.seed, SK.seed, skADRS) + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [in] idx Private key index. + * @param [out] node FORS private-key value. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_sk_gen(SlhDsaKey* key, const byte* sk_seed, + const byte* pk_seed, word32* adrs, word32 idx, byte* node) +{ + HashAddress sk_adrs; + + /* Step 1: Copy address to FORS PRF. */ + HA_Copy(sk_adrs, adrs); + /* Steps 2-3: Set type and keep key pair address. */ + HA_SetTypeAndClearNotKPA(sk_adrs, HA_FORS_PRF); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(sk_adrs, idx); + /* Step 5: Hash seeds and address. */ + return HASH_PRF(&key->shake, pk_seed, sk_seed, sk_adrs, key->params->n, + node); +} + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +/* PRF hash 4 simultaneously. + * + * Each hash varies by the tree index with the first value in sequence passed + * in. + * + * FIPS 205. Section 4.1. + * PRF(PK.seed, SK.seed, ADRS) (Bn x Bn x B32 -> Bn) is a PRF that is used to + * generate the secret values in WOTS+ and FORS private keys. + * FIPS 205. Section 11.1. + * PRF(PK.seed, SK.seed, ADRS) = SHAKE256(PK.seed || ADRS || SK.seed, 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] sk_seed Private key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] n Number of bytes in hash output. + * @param [in] ti Tree index start value. + * @param [out] node Buffer to hold hash output. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_hash_prf_ti_x4(const byte* pk_seed, const byte* sk_seed, + byte* addr, byte n, int ti, byte* node, void* heap) +{ + int ret = 0; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_hash_x4(state, pk_seed, addr, + sk_seed, n); + SHAKE256_SET_TREE_INDEX(state, o, ti); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, node, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +/* F hash 4 simultaneously. + * + * Each hash varies by the tree index with the first value in sequence passed + * in. + * + * FIPS 205. Section 4.1. + * F(PK.seed, ADRS, M1) (Bn x B32 x Bn -> Bn) is a hash function that takes an + * n-byte message as input and produces an n-byte output. + * FIPS 205. Section 11.1. + * F(PK.seed, ADRS, M1) = SHAKE256(PK.seed || ADRS || M1 , 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in, out] node On in, n-byte messages. On out, n-byte outputs. + * @param [in] n Number of bytes in hash output. + * @param [in] ti Tree index start value. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_hash_f_ti_x4(const byte* pk_seed, byte* addr, byte* node, + byte n, word32 ti, void* heap) +{ + int ret = 0; + int i; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_x4(state, pk_seed, addr, n); + SHAKE256_SET_TREE_INDEX(state, o, ti); + for (i = 0; i < n / 8; i++) { + state[o + 0] = ((word64*)(node + 0 * n))[i]; + state[o + 1] = ((word64*)(node + 1 * n))[i]; + state[o + 2] = ((word64*)(node + 2 * n))[i]; + state[o + 3] = ((word64*)(node + 3 * n))[i]; + o += 4; + } + SHAKE256_SET_END_X4(state, o); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, node, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +/* H hash 4 simultaneously. + * + * Each hash varies by the tree index with the first value in sequence passed + * in. + * + * FIPS 205. Section 4.1. + * H(PK.seed, ADRS, M2) (Bn x B32 x B2n -> Bn) is a special case of Tl that + * takes a 2n-byte message as input. + * FIPS 205. Section 11.1. + * H(PK.seed, ADRS, M2) = SHAKE256(PK.seed || ADRS || M2, 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] m 2n-byte message. + * @param [in] n Number of bytes in hash output. + * @param [in] ti Tree index start value. + * @param [out] hash Buffer to hold hash output. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_hash_h_ti_x4(const byte* pk_seed, byte* addr, + const byte* m, byte n, word32 ti, byte* hash, void* heap) +{ + int ret = 0; + int i; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_x4(state, pk_seed, addr, n); + SHAKE256_SET_TREE_INDEX(state, o, ti); + for (i = 0; i < 2 * n / 8; i++) { + state[o + 0] = ((word64*)(m + 0 * n))[i]; + state[o + 1] = ((word64*)(m + 2 * n))[i]; + state[o + 2] = ((word64*)(m + 4 * n))[i]; + state[o + 3] = ((word64*)(m + 6 * n))[i]; + o += 4; + } + SHAKE256_SET_END_X4(state, o); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, hash, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +/* A ranges from 6-14. */ +#if SLHDSA_MAX_A < 9 + /* Maximum node depth that determines the number of nodes stored and + * hashed in one call. */ + #define SLHDSA_MAX_FORS_NODE_DEPTH (SLHDSA_MAX_A-1) +#else + /* Maximum node depth that determines the number of nodes stored and + * hashed in one call. */ + #define SLHDSA_MAX_FORS_NODE_DEPTH 8 +#endif +/* Maximum node depth that determines the number of nodes stored and + * hashed in one call with an 8 depth tree below. */ +#define SLHDSA_MAX_FORS_NODE_TOP_DEPTH \ + (SLHDSA_MAX_A - SLHDSA_MAX_FORS_NODE_DEPTH) + +/* Compute the root of a zero height Merkle subtree of FORS public values. + * + * Performs 4 hashes at the same time where possible. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * ... + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_node_x4_z0(SlhDsaKey* key, const byte* sk_seed, + word32 i, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + byte n = key->params->n; + + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, i, node); + if (ret == 0) { + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight(adrs, 0); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 5: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, node, n, node); + } + + return ret; +} + +/* Compute the root of a one height Merkle subtree of FORS public values. + * + * Performs 4 hashes at the same time where possible. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_node_x4_z1(SlhDsaKey* key, const byte* sk_seed, + word32 i, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + byte n = key->params->n; + byte nodes[2 * SLHDSA_MAX_N]; + + /* Step 7: Compute left node. */ + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, 2 * i + 0, nodes); + if (ret == 0) { + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight(adrs, 0); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 0); + /* Step 5: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, nodes, n, nodes); + } + /* Step 8: Compute right node. */ + if (ret == 0) { + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, 2 * i + 1, + nodes + n); + } + if (ret == 0) { + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 1); + /* Step 5: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, nodes + n, n, nodes + n); + } + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, 1); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + + return ret; +} + +/* Compute the root of a Merkle subtree of FORS public values. + * + * Performs 4 hashes at the same time where possible. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_node_x4_low(SlhDsaKey* key, const byte* sk_seed, + word32 i, word32 z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + byte n = key->params->n; + HashAddress sk_adrs; + byte addr[SLHDSA_HA_SZ]; + int j; + int m = 1 << z; + WC_DECLARE_VAR(nodes, byte, (1 << SLHDSA_MAX_FORS_NODE_DEPTH) * + SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(nodes, byte, (1 << SLHDSA_MAX_FORS_NODE_DEPTH) * + SLHDSA_MAX_N, key->heap, DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + byte sk_addr[SLHDSA_HA_SZ]; + + HA_SetTreeHeight(adrs, 0); + /* Copy address for FORS PRF. */ + HA_Copy(sk_adrs, adrs); + /* Set type and keep key pair address. */ + HA_SetTypeAndClearNotKPA(sk_adrs, HA_FORS_PRF); + /* Encode FORS PRF address for hashing. */ + HA_Encode(sk_adrs, sk_addr); + /* Encode FORS tree address for hashing. */ + HA_Encode(adrs, addr); + + /* Step 2: Generate private key values for leaf indices. */ + for (j = 0; j < m; j += 4) { + ret = slhdsakey_hash_prf_ti_x4(pk_seed, sk_seed, sk_addr, n, + m * i + j, nodes + j * n, key->heap); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight((word32*)addr, 0); + /* Step 4-5: Set tree indices and compute leaf node. */ + for (j = 0; j < m; j += 4) { + ret = slhdsakey_hash_f_ti_x4(pk_seed, addr, nodes + j * n, n, + m * i + j, key->heap); + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + word32 k; + for (k = 1; k < z - 1; k++) { + m >>= 1; + /* Step 9: Set tree height. */ + HA_SetTreeHeightBE(addr, k); + /* Step 10-11: Set tree index and compute nodes. */ + for (j = 0; j < m; j += 4) { + ret = slhdsakey_hash_h_ti_x4(pk_seed, addr, nodes + 2 * j * n, + n, m * i + j, nodes + j * n, key->heap); + if (ret != 0) { + break; + } + } + if (ret != 0) { + break; + } + } + } + /* Step 7: Compute left node. */ + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z - 1); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 0); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, nodes); + } + /* Step 8: Compute right node. */ + if (ret == 0) { + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 1); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes + 2 * n, n, + nodes + 1 * n); + } + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} + +#if SLHDSA_MAX_FORS_NODE_DEPTH < SLHDSA_MAX_A-1 +/* Compute the root of a Merkle subtree of FORS public values for large heights. + * + * Performs 4 hashes at the same time where possible. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_node_x4_high(SlhDsaKey* key, const byte* sk_seed, + word32 i, word32 z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + byte n = key->params->n; + int j; + int z2 = z % SLHDSA_MAX_FORS_NODE_DEPTH; + int m; + WC_DECLARE_VAR(nodes, byte, (1 << SLHDSA_MAX_FORS_NODE_TOP_DEPTH) * + SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(nodes, byte, (1 << SLHDSA_MAX_FORS_NODE_TOP_DEPTH) * + SLHDSA_MAX_N, key->heap, DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + if (z2 == 0) { + z2 = SLHDSA_MAX_FORS_NODE_DEPTH; + } + m = 1 << z2; + /* Steps 7-8: Compute left and right nodes. */ + for (j = 0; j < m; j++) { + ret = slhdsakey_fors_node_x4_low(key, sk_seed, m * i + j, z - z2, + pk_seed, adrs, nodes + j * n); + if (ret != 0) { + break; + } + } + } + if ((ret == 0) && (z2 > 2)) { + word32 k; + for (k = z - z2 + 1; k < z - 1; k++) { + byte addr[SLHDSA_HA_SZ]; + + m >>= 1; + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, k); + /* Encode FORS tree address for hashing. */ + HA_Encode(adrs, addr); + /* Step 10-11: Set tree index and compute nodes. */ + for (j = 0; j < m; j += 4) { + ret = slhdsakey_hash_h_ti_x4(pk_seed, addr, nodes + 2 * j * n, + n, m * i + j, nodes + j * n, key->heap); + if (ret != 0) { + break; + } + } + if (ret != 0) { + break; + } + } + } + /* Step 7: Compute left node. */ + if ((ret == 0) && (z2 > 1)) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z - 1); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 0); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, nodes); + } + /* Step 8: Compute right node. */ + if ((ret == 0) && (z2 > 1)) { + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, 2 * i + 1); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes + 2 * n, n, + nodes + 1 * n); + } + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +/* Compute the root of a Merkle subtree of FORS public values. + * + * Performs 4 hashes at the same time where possible. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return SHAKE-256 error return code on digest failure. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_node_x4(SlhDsaKey* key, const byte* sk_seed, word32 i, + word32 z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + + /* Step 1: Check if we are at leaf node. */ + if (z == 0) { + ret = slhdsakey_fors_node_x4_z0(key, sk_seed, i, pk_seed, adrs, node); + } + /* Step 6: 1 level above leaf node. */ + else if (z == 1) { + ret = slhdsakey_fors_node_x4_z1(key, sk_seed, i, pk_seed, adrs, node); + } + /* Step 6: 2-MAX_DEPTH levels above leaf node. */ + else if ((z >= 2) && (z <= SLHDSA_MAX_FORS_NODE_DEPTH)) { + ret = slhdsakey_fors_node_x4_low(key, sk_seed, i, z, pk_seed, adrs, + node); + } +#if SLHDSA_MAX_FORS_NODE_DEPTH < SLHDSA_MAX_A-1 + /* Step 6: More than MAX_DEPTH levels above leaf node. */ + else { + ret = slhdsakey_fors_node_x4_high(key, sk_seed, i, z, pk_seed, adrs, + node); + } +#endif + + return ret; +} +#endif + +#if !defined(WOLFSSL_WC_SLHDSA_RECURSIVE) +/* Compute the root of a Merkle subtree of FORS public values. + * + * Iterative implementation. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_node_c(SlhDsaKey* key, const byte* sk_seed, word32 i, + word32 z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret = 0; + byte n = key->params->n; + + /* Step 1: Check if we are at leaf node. */ + if (z == 0) { + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, i, node); + if (ret == 0) { + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight(adrs, 0); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 5: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, node, n, node); + } + } + /* Step 6: Non leaf node. */ + else { + WC_DECLARE_VAR(nodes, byte, (SLHDSA_MAX_A + 1) * SLHDSA_MAX_N, + key->heap); + word32 j; + word32 k; + word32 m = (word32)1 << z; + + WC_ALLOC_VAR_EX(nodes, byte, (SLHDSA_MAX_A + 1) * SLHDSA_MAX_N, + key->heap, DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* For all leaf nodes. */ + for (j = 0; j < m; j++) { + int o = (z - 1 + (j & 1)) * n; + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, + m * i + j, nodes + o); + if (ret != 0) { + break; + } + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight(adrs, 0); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, m * i + j); + /* Step 5: Compute node from public key seed, address and value. + */ + ret = HASH_F(&key->shake, pk_seed, adrs, nodes + o, n, + nodes + o); + if (ret != 0) { + break; + } + + /* For each intermediate node as soon as left and right have + * been computed. */ + for (k = z-1; k > 0; k--) { + /* Check if this is the right node at a height. */ + if (((j >> (z-1-k)) & 1) == 1) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z - k); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, (m * i + j) >> (z - k)); + /* Step 11: Compute node from public key seed, address + * and left and right nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes + k * n, + n, nodes + (k - 1 + ((j >> (z-k)) & 1)) * n); + if (ret != 0) { + break; + } + } + /* Left node - can go no higher. */ + else { + break; + } + } + } + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 11: Compute node from public key seed, address + * and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + } + + WC_FREE_VAR_EX(nodes, key->heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} +#else +/* Compute the root of a Merkle subtree of FORS public values. + * + * Recursive implementation. + * + * FIPS 205. Section 8.2. Algorithm 15. + * fors_node(SK.seed, i, z, PK.seed, ADRS) + * 1: if z = 0 then + * 2: sk <- fors_skGen(SK.seed, PK.seed, ADRS, i) + * 3: ADRS.setTreeHeight(0) + * 4: ADRS.setTreeIndex(i) + * 5: node <- F(PK.seed, ADRS, sk) + * 6: else + * 7: lnode <- fors_node(SK.seed, 2i, z - 1, PK.seed, ADRS) + * 8: rnode <- fors_node(SK.seed, 2i + 1, z - 1, PK.seed, ADRS) + * 9: ADRS.setTreeHeight(z) + * 10: ADRS.setTreeIndex(i) + * 11: node <- H(PK.seed, ADRS, lnode || rnode) + * 12: end if + * 13: return node + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] i Node index. + * @param [in] z Node height. + * @param [in] pk_seed Public key seed. + * @param [in] adrs FORS tree HashAddress. + * @param [out] node n-byte root node. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_node_c(SlhDsaKey* key, const byte* sk_seed, word32 i, + word32 z, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + byte n = key->params->n; + + /* Step 1: Check if we are at leaf node. */ + if (z == 0) { + /* Step 2: Generate private key value for index. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, i, node); + if (ret == 0) { + /* Step 3: Set tree height to zero. */ + HA_SetTreeHeight(adrs, 0); + /* Step 4: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 5: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, node, n, node); + } + } + else { + byte nodes[2 * SLHDSA_MAX_N]; + + /* Step 7: Compute left node. */ + ret = slhdsakey_fors_node_c(key, sk_seed, 2 * i + 0, z - 1, pk_seed, + adrs, nodes); + if (ret == 0) { + /* Step 8: Compute right node. */ + ret = slhdsakey_fors_node_c(key, sk_seed, 2 * i + 1, z - 1, pk_seed, + adrs, nodes + n); + } + if (ret == 0) { + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, z); + /* Step 10: Set tree index. */ + HA_SetTreeIndex(adrs, i); + /* Step 11: Compute node from public key seed, address and nodes. */ + ret = HASH_H(&key->shake, pk_seed, adrs, nodes, n, node); + } + } + + return ret; +} +#endif + +/* Generate FORS signature. + * + * FIPS 205. Section 8.3. Algorithm 16. + * fors_sign(md SK.seed, PK.seed, ADRS) + * 1: SIGFORS = NULL > initialize SIGFORS as a zero-length byte string + * 2: indices <- base_2b(md, a, k) + * 3: for i from 0 to k - 1 do > compute signature elements + * 4: SIGFORS <- SIGFORS || + * fors_skGen(SK.seed, PK.seed, ADRS, i . 2^a + indices) + * 5: for j from 0 to a - 1 do > compute auth path + * 6: s <- lower(indices[i]/2^j) XOR 1 + * 7: AUTH[j] <- fors_node(SK.seed, i . 2^(a-j) + s, j, PK.seed, ADRS) + * 8: end for + * 9: SIGFORS <- SIGFORS || AUTH + * 10: end for + * 11: return SIGFORS + * + * @param [in] key SLH-DSA key. + * @param [in] md Message digest. + * @param [in] sk_seed Private key seed. + * @param [in] pk_seed Public key seed. + * @param [inm out] adrs FORS tree HashAddress. + * @param [out] sig_fors FORS signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_sign(SlhDsaKey* key, const byte* md, + const byte* sk_seed, const byte* pk_seed, word32* adrs, byte* sig_fors) +{ + int ret; + word16 indices[SLHDSA_MAX_INDICES_SZ]; + int i; + int j; + byte n = key->params->n; + byte a = key->params->a; + byte k = key->params->k; + + /* Step 2: Convert message digest to base 2^a. */ + slhdsakey_base_2b(md, a, k, indices); + + /* Step 3: For each index: */ + for (i = 0; i < k; i++) { + /* Step 4: Generate FORS private key value into signature. */ + ret = slhdsakey_fors_sk_gen(key, sk_seed, pk_seed, adrs, + ((word32)i << a) + indices[i], sig_fors); + if (ret != 0) { + break; + } + /* Step 4: Move over private key value. */ + sig_fors += n; + + #if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) + if (IS_INTEL_AVX2(cpuid_flags) && CAN_SAVE_VECTOR_REGISTERS()) { + word16 idx = indices[i]; + /* Step 5: For each bit: */ + for (j = 0; j < a; j++) { + /* Calculate side. */ + word32 s = idx ^ 1; + /* Step 7: Compute authentication node into signature. */ + ret = slhdsakey_fors_node_x4(key, sk_seed, (i << (a - j)) + s, + j, pk_seed, adrs, sig_fors); + if (ret != 0) { + break; + } + /* Step 9: Move signature to after authentication node. */ + sig_fors += n; + /* Update tree index. */ + idx >>= 1; + } + } + else + #endif + { + word16 idx = indices[i]; + /* Step 5: For each bit: */ + for (j = 0; j < a; j++) { + /* Calculate side. */ + word32 s = idx ^ 1; + /* Step 7: Compute authentication node into signature. */ + ret = slhdsakey_fors_node_c(key, sk_seed, (i << (a - j)) + s, j, + pk_seed, adrs, sig_fors); + if (ret != 0) { + break; + } + /* Step 9: Move signature to after authentication node. */ + sig_fors += n; + /* Update tree index. */ + idx >>= 1; + } + } + if (ret != 0) { + break; + } + } + + return ret; +} +#endif + +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) +/* F hash 4 simultaneously. + * + * Each hash varies by the tree index with the values passed in. + * Each n-byte message in sig_fors is offset by so x n bytes. + * + * FIPS 205. Section 4.1. + * F(PK.seed, ADRS, M1) (Bn x B32 x Bn -> Bn) is a hash function that takes an + * n-byte message as input and produces an n-byte output. + * FIPS 205. Section 11.1. + * F(PK.seed, ADRS, M1) = SHAKE256(PK.seed || ADRS || M1 , 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] sig_fors n-byte messages. + * @param [in] so Tree index start value. + * @param [in] n Number of bytes in hash output. + * @param [in] ti Tree index start value. + * @param [out] node n-byte hash outputs. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_hash_f_ti4_x4(const byte* pk_seed, byte* addr, + const byte* sig_fors, int so, byte n, word32* ti, byte* node, void* heap) +{ + int ret = 0; + int i; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_x4(state, pk_seed, addr, n); + SHAKE256_SET_TREE_INDEX_IDX(state, o, ti); + for (i = 0; i < n / 8; i++) { + state[o + 0] = ((word64*)(sig_fors + 0 * so * n))[i]; + state[o + 1] = ((word64*)(sig_fors + 1 * so * n))[i]; + state[o + 2] = ((word64*)(sig_fors + 2 * so * n))[i]; + state[o + 3] = ((word64*)(sig_fors + 3 * so * n))[i]; + o += 4; + } + SHAKE256_SET_END_X4(state, o); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, node, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +/* H hash 4 simultaneously with two buffers holding two halves of messages. + * + * Each hash varies by the tree index with the first value in sequence passed + * in. + * Each n-byte message in sig_fors is offset by so x n bytes. + * + * FIPS 205. Section 4.1. + * H(PK.seed, ADRS, M2) (Bn x B32 x B2n -> Bn) is a special case of Tl that + * takes a 2n-byte message as input. + * FIPS 205. Section 11.1. + * H(PK.seed, ADRS, M2) = SHAKE256(PK.seed || ADRS || M2, 8n) + * + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in, out] node On in, n-byte messages. On out, hash output. + * @param [in] sig_fors n-byte messages. + * @param [in] so Tree index start value. + * @param [in] bit Bits to indicate which order of node/sig_fors. + * @param [in] n Number of bytes in hash output. + * @param [in] ti Tree index start value. + * @param [in] heap Dynamic memory allocation hint. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_hash_h_2_x4(const byte* pk_seed, byte* addr, byte* node, + const byte* sig_fors, int so, word32* bit, byte n, word32 th, word32* ti, + void* heap) +{ + int ret = 0; + int i; + int j; + word32 o = 0; + WC_DECLARE_VAR(state, word64, 25 * 4, heap); + + (void)heap; + + WC_ALLOC_VAR_EX(state, word64, 25 * 4, heap, DYNAMIC_TYPE_SLHDSA, + ret = MEMORY_E); + if (ret == 0) { + o = slhdsakey_shake256_set_seed_ha_x4(state, pk_seed, addr, n); + SHAKE256_SET_TREE_HEIGHT(state, o, th); + SHAKE256_SET_TREE_INDEX_IDX(state, o, ti); + for (i = 0; i < n / 8; i++) { + for (j = 0; j < 4; j++) { + if (bit[j] == 0) { + state[o + j] = ((word64*)(node + j * n))[i]; + } + else { + state[o + j] = ((word64*)(sig_fors + j * so * n))[i]; + } + } + o += 4; + } + for (i = 0; i < n / 8; i++) { + for (j = 0; j < 4; j++) { + if (bit[j] == 0) { + state[o + j] = ((word64*)(sig_fors + j * so * n))[i]; + } + else { + state[o + j] = ((word64*)(node + j * n))[i]; + } + } + o += 4; + } + SHAKE256_SET_END_X4(state, o); + ret = SAVE_VECTOR_REGISTERS2(); + if (ret == 0) { + sha3_blocksx4_avx2(state); + RESTORE_VECTOR_REGISTERS(); + slhdsakey_shake256_get_hash_x4(state, node, n); + } + + WC_FREE_VAR_EX(state, heap, DYNAMIC_TYPE_SLHDSA); + } + + return ret; +} + +/* Compute ith FORS public key from ith FORS signature. + * + * 4 hashes computed simultaneously. + * + * FIPS 205. Section 8.4 Algorithm 17. + * fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * ... + * 4: ADRS.setTreeHeight(0) > compute leaf + * 5: ADRS.setTreeIndex(i . 2^a + indices[i]) + * 6: node[0] <- F(PK.seed, ADRS, sk) + * 7: auth <- SIGFORS.getAUTH(i) + * > SIGFORS [(i . (a + 1) + 1) . n : (i + 1) . (a + 1) . n] + * 8: for j from 0 to a - 1 do > compute root from leaf and AUTH + * 9: ADRS.setTreeHeight(j + 1) + * 10: if lower(indices[i]/(2^j)) is even then + * 11: ADRS.setTreeIndex(ADRS.getTreeIndex()/2) + * 12: node[1] <- H(PK.seed, ADRS, node[0] || auth[i]) + * 13: else + * 14: ADRS.setTreeIndex((ADRS.getTreeIndex() - 1)/2) + * 15: node[1] <- H(PK.seed, ADRS, auth[j] || node[0]) + * 16: end if + * 17: node[0] <- node[1] + * 18: end for + * 19: root[i] <- node[0] + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig_fors FORS signature. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [in] indices Base 2^a values from message digest. + * @param [in] i Index. + * @param [out] node Root node of ith tree. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + */ +static int slhdsakey_fors_pk_from_sig_i_x4(SlhDsaKey* key, const byte* sig_fors, + const byte* pk_seed, byte* addr, const word16* indices, int i, byte* node) +{ + int ret; + int j; + int k; + byte n = key->params->n; + byte a = key->params->a; + word32 ti[4]; + word32 bit[4]; + + /* Step 5: Calculate the index of each hash ... */ + ti[0] = ((word32)(i + 0) << a) + indices[i + 0]; + ti[1] = ((word32)(i + 1) << a) + indices[i + 1]; + ti[2] = ((word32)(i + 2) << a) + indices[i + 2]; + ti[3] = ((word32)(i + 3) << a) + indices[i + 3]; + /* Steps 4-6: Compute nodes. */ + ret = slhdsakey_hash_f_ti4_x4(pk_seed, addr, sig_fors, 1 + a, n, ti, node, + key->heap); + if (ret == 0) { + /* Step 7: Move on to authentication nodes. */ + sig_fors += n; + /* Step 8: For each level: */ + for (j = 0; j < a; j++) { + /* Calculate which order of node and sig_fors for each hash. */ + for (k = 0; k < 4; k++) { + bit[k] = ti[k] & 1; + ti[k] /= 2; + } + /* Steps 9-17: 4 hash with tree indices. */ + ret = slhdsakey_hash_h_2_x4(pk_seed, addr, node, sig_fors, 1 + a, + bit, n, j + 1, ti, key->heap); + if (ret != 0) { + break; + } + /* Move on to next authentication node. */ + sig_fors += n; + } + } + + return ret; +} + +/* Compute ith FORS public key from ith FORS signature. + * + * 4 hashes computed simultaneously. + * + * FIPS 205. Section 8.4 Algorithm 17. + * fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * ... + * 2: for i from 0 to k - 1 do + * 3: sk <- SIGFORS.getSK(i) + * > SIGFORS [i . (a + 1) . n : (i . (a + 1) + 1) . n] + * 4: ADRS.setTreeHeight(0) > compute leaf + * 5: ADRS.setTreeIndex(i . 2^a + indices[i]) + * 6: node[0] <- F(PK.seed, ADRS, sk) + * 7: auth <- SIGFORS.getAUTH(i) + * > SIGFORS [(i . (a + 1) + 1) . n : (i + 1) . (a + 1) . n] + * 8: for j from 0 to a - 1 do > compute root from leaf and AUTH + * 9: ADRS.setTreeHeight(j + 1) + * 10: if lower(indices[i]/(2^j)) is even then + * 11: ADRS.setTreeIndex(ADRS.getTreeIndex()/2) + * 12: node[1] <- H(PK.seed, ADRS, node[0] || auth[i]) + * 13: else + * 14: ADRS.setTreeIndex((ADRS.getTreeIndex() - 1)/2) + * 15: node[1] <- H(PK.seed, ADRS, auth[j] || node[0]) + * 16: end if + * 17: node[0] <- node[1] + * 18: end for + * 19: root[i] <- node[0] + * 20: end for + * ... + * 24: pk <- Tk(PK.seed, forspkADRS, root) > compute the FORS public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig_fors FORS signature. + * @param [in] indices Base 2^a values from message digest. + * @param [in] pk_seed Public key seed. + * @param [in] adrs Encoded HashAddress. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_pk_from_sig_x4(SlhDsaKey* key, const byte* sig_fors, + const word16* indices, const byte* pk_seed, word32* adrs) +{ + int ret = 0; + int i; + int j; + byte n = key->params->n; + byte a = key->params->a; + byte k = key->params->k; + byte addr[SLHDSA_HA_SZ]; + WC_DECLARE_VAR(node, byte, SLHDSA_MAX_INDICES_SZ * SLHDSA_MAX_N, key->heap); + + WC_ALLOC_VAR_EX(node, byte, SLHDSA_MAX_INDICES_SZ * SLHDSA_MAX_N, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* Step 4: Set tree height for address. */ + HA_SetTreeHeight(adrs, 0); + /* Encode address for multiple hashing. */ + HA_Encode(adrs, addr); + + /* Step 2: Do multiple of 4 iterations. */ + for (i = 0; i < k-3; i += 4) { + /* Steps 4-19: Compute public key root for signature at index. */ + ret = slhdsakey_fors_pk_from_sig_i_x4(key, sig_fors, pk_seed, addr, + indices, i, node + i * n); + if (ret != 0) { + break; + } + /* Move on to next signatures. */ + sig_fors += 4 * (1 + a) * n; + } + } + if (ret == 0) { + /* Step 2: Do remaining iterations. */ + for (; i < k; i++) { + /* Step 5: Calculate index ... */ + word32 idx = ((word32)i << a) + indices[i]; + + /* Step 4: Set tree height for address. */ + HA_SetTreeHeight(adrs, 0); + /* Step 5: Set tree index for address. */ + HA_SetTreeIndex(adrs, idx); + /* Step 6: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, sig_fors, n, node + i * n); + if (ret != 0) { + break; + } + /* Step 7: Move to authentication nodes. */ + sig_fors += n; + + /* Step 8: For all heights: */ + for (j = 0; j < a; j++) { + /* Step 10: Calculate side ... */ + word32 side = idx & 1; + + /* Step 11/14: Update tree index value ... */ + idx >>= 1; + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, j + 1); + /* Step 11/14: Set tree index. */ + HA_SetTreeIndex(adrs, idx); + /* Step 10: Check which side node is on. */ + if (side == 0) { + /* Step 12: Hash node || auth node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, node + i * n, + sig_fors, n, node + i * n); + } + else { + /* Step 15: Hash auth node || node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, sig_fors, + node + i * n, n, node + i * n); + } + if (ret != 0) { + break; + } + /* Move on to next authentication node. */ + sig_fors += n; + } + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + /* Step 24: Add more root nodes to hash ... */ + ret = slhdsakey_hash_update(&key->shake2, node, i * n); + } + + WC_FREE_VAR_EX(node, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#endif + +#if !defined(WOLFSSL_WC_SLHDSA_SMALL_MEM) +/* Compute FORS public key from FORS signature. + * + * 4 hashes computed simultaneously. + * + * FIPS 205. Section 8.4 Algorithm 17. + * fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * ... + * 2: for i from 0 to k - 1 do + * 3: sk <- SIGFORS.getSK(i) + * > SIGFORS [i . (a + 1) . n : (i . (a + 1) + 1) . n] + * 4: ADRS.setTreeHeight(0) > compute leaf + * 5: ADRS.setTreeIndex(i . 2^a + indices[i]) + * 6: node[0] <- F(PK.seed, ADRS, sk) + * 7: auth <- SIGFORS.getAUTH(i) + * > SIGFORS [(i . (a + 1) + 1) . n : (i + 1) . (a + 1) . n] + * 8: for j from 0 to a - 1 do > compute root from leaf and AUTH + * 9: ADRS.setTreeHeight(j + 1) + * 10: if lower(indices[i]/(2^j)) is even then + * 11: ADRS.setTreeIndex(ADRS.getTreeIndex()/2) + * 12: node[1] <- H(PK.seed, ADRS, node[0] || auth[i]) + * 13: else + * 14: ADRS.setTreeIndex((ADRS.getTreeIndex() - 1)/2) + * 15: node[1] <- H(PK.seed, ADRS, auth[j] || node[0]) + * 16: end if + * 17: node[0] <- node[1] + * 18: end for + * 19: root[i] <- node[0] + * 20: end for + * ... + * 24: pk <- Tk(PK.seed, forspkADRS, root) > compute the FORS public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig_fors FORS signature. + * @param [in] indices Base 2^a values from message digest. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] pk_fors FORS public key from signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_pk_from_sig_c(SlhDsaKey* key, const byte* sig_fors, + const word16* indices, const byte* pk_seed, word32* adrs, byte* pk_fors) +{ + int ret = 0; + int i = 0; + int j; + byte n = key->params->n; + byte a = key->params->a; + byte k = key->params->k; + WC_DECLARE_VAR(node, byte, SLHDSA_MAX_INDICES_SZ * SLHDSA_MAX_N, key->heap); + + (void)pk_fors; + + WC_ALLOC_VAR_EX(node, byte, SLHDSA_MAX_INDICES_SZ * SLHDSA_MAX_N, key->heap, + DYNAMIC_TYPE_SLHDSA, ret = MEMORY_E); + if (ret == 0) { + /* Step 2: For all indices: */ + for (i = 0; i < k; i++) { + /* Step 5: Calculate index ... */ + word32 idx = ((word32)i << a) + indices[i]; + + /* Step 4: Set tree height for address. */ + HA_SetTreeHeight(adrs, 0); + /* Step 5: Set tree index for address. */ + HA_SetTreeIndex(adrs, idx); + /* Step 6: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, sig_fors, n, node + i * n); + if (ret != 0) { + break; + } + /* Step 7: Move to authentication nodes. */ + sig_fors += n; + + /* Step 8: For all heights: */ + for (j = 0; j < a; j++) { + /* Step 10: Calculate side ... */ + word32 bit = idx & 1; + + /* Step 11/14: Update tree index value ... */ + idx >>= 1; + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, j + 1); + /* Step 11/14: Set tree index. */ + HA_SetTreeIndex(adrs, idx); + /* Step 10: Check which side node is on. */ + if (bit == 0) { + /* Step 12: Hash node || auth node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, node + i * n, + sig_fors, n, node + i * n); + } + else { + /* Step 15: Hash auth node || node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, sig_fors, + node + i * n, n, node + i * n); + } + if (ret != 0) { + break; + } + /* Move on to next authentication node. */ + sig_fors += n; + } + if (ret != 0) { + break; + } + } + } + if (ret == 0) { + /* Step 24: Add more root nodes to hash ... */ + ret = slhdsakey_hash_update(&key->shake2, node, i * n); + } + + WC_FREE_VAR_EX(node, key->heap, DYNAMIC_TYPE_SLHDSA); + return ret; +} +#else +/* Compute FORS public key from FORS signature. + * + * Update hash one node at a time to save stack. + * + * FIPS 205. Section 8.4 Algorithm 17. + * fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * ... + * 2: for i from 0 to k - 1 do + * 3: sk <- SIGFORS.getSK(i) + * > SIGFORS [i . (a + 1) . n : (i . (a + 1) + 1) . n] + * 4: ADRS.setTreeHeight(0) > compute leaf + * 5: ADRS.setTreeIndex(i . 2^a + indices[i]) + * 6: node[0] <- F(PK.seed, ADRS, sk) + * 7: auth <- SIGFORS.getAUTH(i) + * > SIGFORS [(i . (a + 1) + 1) . n : (i + 1) . (a + 1) . n] + * 8: for j from 0 to a - 1 do > compute root from leaf and AUTH + * 9: ADRS.setTreeHeight(j + 1) + * 10: if lower(indices[i]/(2^j)) is even then + * 11: ADRS.setTreeIndex(ADRS.getTreeIndex()/2) + * 12: node[1] <- H(PK.seed, ADRS, node[0] || auth[i]) + * 13: else + * 14: ADRS.setTreeIndex((ADRS.getTreeIndex() - 1)/2) + * 15: node[1] <- H(PK.seed, ADRS, auth[j] || node[0]) + * 16: end if + * 17: node[0] <- node[1] + * 18: end for + * 19: root[i] <- node[0] + * 20: end for + * ... + * 24: pk <- Tk(PK.seed, forspkADRS, root) > compute the FORS public key + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] sig_fors FORS signature. + * @param [in] indices Base 2^a values from message digest. + * @param [in] pk_seed Public key seed. + * @param [in] adrs HashAddress. + * @param [out] node Root node of ith tree. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_pk_from_sig_c(SlhDsaKey* key, const byte* sig_fors, + const word16* indices, const byte* pk_seed, word32* adrs, byte* node) +{ + int ret; + int i; + int j; + byte n = key->params->n; + byte a = key->params->a; + byte k = key->params->k; + + /* Step 2: For all indices: */ + for (i = 0; i < k; i++) { + /* Step 5: Calculate index ... */ + word32 idx = ((word32)i << a) + indices[i]; + + /* Step 4: Set tree height for address. */ + HA_SetTreeHeight(adrs, 0); + /* Step 5: Set tree index for address. */ + HA_SetTreeIndex(adrs, idx); + /* Step 6: Compute node from public key seed, address and value. */ + ret = HASH_F(&key->shake, pk_seed, adrs, sig_fors, n, node); + if (ret != 0) { + break; + } + /* Step 7: Move to authentication nodes. */ + sig_fors += n; + + /* Step 8: For all heights: */ + for (j = 0; j < a; j++) { + /* Step 10: Calculate side ... */ + word32 bit = idx & 1; + + /* Step 11/14: Update tree index value ... */ + idx >>= 1; + /* Step 9: Set tree height. */ + HA_SetTreeHeight(adrs, j + 1); + /* Step 11/14: Set tree index. */ + HA_SetTreeIndex(adrs, idx); + /* Step 10: Check which side node is on. */ + if (bit == 0) { + /* Step 12: Hash node || auth node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, node, sig_fors, n, + node); + } + else { + /* Step 15: Hash auth node || node. */ + ret = HASH_H_2(&key->shake, pk_seed, adrs, sig_fors, node, n, + node); + } + if (ret != 0) { + break; + } + /* Move on to next authentication node. */ + sig_fors += n; + } + if (ret == 0) { + /* Step 24: Add root node to hash ... */ + ret = slhdsakey_hash_update(&key->shake2, node, n); + } + if (ret != 0) { + break; + } + } + + return ret; +} +#endif + +/* Compute FORS public key from FORS signature. + * + * 4 hashes computed simultaneously. + * + * FIPS 205. Section 8.4 Algorithm 17. + * fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * 1: indices <- base_2b(md, a, k) + * ... + * 21: forspkADRS <- ADRS > copy address to create a FORS public-key address + * 22: forspkADRS.setTypeAndClear(FORS_ROOTS) + * 23: forspkADRS.setKeyPairAddress(ADRS.getKeyPairAddress()) + * 24: pk <- Tk(PK.seed, forspkADRS, root) > compute the FORS public key + * 25: return pk + * + * @param [in] key SLH-DSA key. + * @param [in] sig_fors FORS signature. + * @param [in] md Message digest. + * @param [in] pk_seed Public key seed. + * @param [in] addr Encoded HashAddress. + * @param [out] pk_fors FORS public key form signature. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_fors_pk_from_sig(SlhDsaKey* key, const byte* sig_fors, + const byte* md, const byte* pk_seed, word32* adrs, byte* pk_fors) +{ + int ret; + word16 indices[SLHDSA_MAX_INDICES_SZ]; + HashAddress forspk_adrs; + byte n = key->params->n; + byte a = key->params->a; + byte k = key->params->k; + + /* Step 1: Get indices from byte array. */ + slhdsakey_base_2b(md, a, k, indices); + + /* Step 21: Create address to FORS roots */ + HA_Copy(forspk_adrs, adrs); + /* Steps 22-23: Set type and clear all but key pair address. */ + HA_SetTypeAndClearNotKPA(forspk_adrs, HA_FORS_ROOTS); + /* Step 24: Add public key seed and FORS roots address to hash ... */ + ret = slhdsakey_hash_start_addr(&key->shake2, pk_seed, forspk_adrs, n); + + /* Steps 2-20: Compute roots and add to hash. */ +#if defined(USE_INTEL_SPEEDUP) && !defined(WOLFSSL_WC_SLHDSA_SMALL) + if ((ret == 0) && IS_INTEL_AVX2(cpuid_flags) && + (SAVE_VECTOR_REGISTERS2() == 0)) { + ret = slhdsakey_fors_pk_from_sig_x4(key, sig_fors, indices, pk_seed, + adrs); + RESTORE_VECTOR_REGISTERS(); + } + else +#endif + if (ret == 0) { + ret = slhdsakey_fors_pk_from_sig_c(key, sig_fors, indices, pk_seed, + adrs, pk_fors); + } + + if (ret == 0) { + /* Step 24. Compute FORS public key. */ + ret = slhdsakey_hash_final(&key->shake2, pk_fors, n); + } + + return ret; +} + +/****************************************************************************** + * SLH-DSA API + ******************************************************************************/ + +/* Initialize an SLH-DSA key. + * + * @param [in] key SLH-DSA key. + * @param [in] param SLH-DSA parameter set to use. + * @param [in] heap Dynamic memory allocation hint. + * @param [in] devId Device Id. + * @return 0 on success. + * @return BAD_FUNC_ARG when key is NULL. + * @return NOT_COMPILED_IN when parameter set not compiled in. + * @return SHAKE-256 error return code on digest initialization failure. + */ +int wc_SlhDsaKey_Init(SlhDsaKey* key, enum SlhDsaParam param, void* heap, + int devId) +{ + int ret = 0; + int idx = -1; + + /* Validate parameters. */ + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + int i; + + /* Find parameters in available parameter list. */ + for (i = 0; i < SLHDSA_PARAM_LEN; i++) { + if (param == SlhDsaParams[i].param) { + idx = i; + break; + } + } + if (idx == -1) { + /* Parameter set not compiled in. */ + ret = NOT_COMPILED_IN; + } + } + if (ret == 0) { + /* Zeroize key. */ + XMEMSET(key, 0, sizeof(SlhDsaKey)); + + /* Initialize SHAKE-256 object. */ + ret = wc_InitShake256(&key->shake, key->heap, INVALID_DEVID); + } + if (ret == 0) { + /* Initialize second SHAKE-256 object. */ + ret = wc_InitShake256(&key->shake2, key->heap, INVALID_DEVID); + } + if (ret == 0) { + /* Set the parameters into key. */ + key->params = &SlhDsaParams[idx]; + /* Set heap hint to use with all allocations. */ + key->heap = heap; + #ifdef WOLF_CRYPTO_CB + /* Set device id. */ + key->devId = devId; + #endif + } + (void)devId; + +#if defined(USE_INTEL_SPEEDUP) + /* Ensure the CPU features are known. */ + cpuid_get_flags_ex(&cpuid_flags); +#endif + + return ret; +} + +/* Free the SLH-DSA key. + * + * @param [in] key SLH-DSA key. Cannot be used after this call. + */ +void wc_SlhDsaKey_Free(SlhDsaKey* key) +{ + /* Check we have a valid key to free. */ + if ((key != NULL) && (key->params != NULL)) { + /* Ensure the private key data is zeroized. */ + ForceZero(key->sk, key->params->n * 2); + /* Dispose of the SHAKE-256 objects. */ + wc_Shake256_Free(&key->shake2); + wc_Shake256_Free(&key->shake); + } +} + +/* Set the HashAddress based on message digest data. + * + * FIPS 205. Section 9.2. Algorithm 19. + * slh_sign_internal(M, SK, addrnd) + * 1: ADRS <- toByte(0, 32) + * ... + * 7: tmp_idxtree <- digest [upper(k.a / 8) : upper(k.a / 8) + + * upper((h - h/d) / 8)] + * > next upper((h - h/d) / 8) bytes + * 8: tmp_idxleaf <- digest [upper(k.a / 8) + upper((h - h/d) / 8) : + * upper(k.a / 8) + upper((h - h/d) / 8) + + * upper(h / 8d) ] + * > next upper(h / 8d) bytes + * 9: idxtree <- toInt(tmp_idxtree, upper((h-h/d) / 8)) mod 2^(h-h/d) + * 10: idxleaf <- toInt(tmp_idxleaf, upper(h / 8d)) mode 2^(h/d) + * 11: ADRS.setTreeAddress(idxtree) + * 12: ADRS.setTypeAndClear(FORS_TREE) + * 13: ADRS.setKeyPairAddress(idxleaf) + * ... + * + * FIPS 205. Section 9.3. Algorithm 20. + * slh_verify_internal(M, SIG, PK) + * 4: ADRS <- toByte(0, 32) + * ... + * 10: tmp_idxtree <- digest [upper(k.a / 8) : upper(k.a / 8) + + * upper((h - h/d) / 8)] + * > next upper((h - h/d) / 8) bytes + * 11: tmp_idxleaf <- digest [upper(k.a / 8) + upper((h - h/d) / 8) : + * upper(k.a / 8) + upper((h - h/d) / 8) + + * upper(h / 8d) ] + * > next upper(h / 8d) bytes + * 12: idxtree <- toInt(tmp_idxtree, upper((h-h/d) / 8)) mod 2^(h-h/d) + * 13: idxleaf <- toInt(tmp_idxleaf, upper(h / 8d)) mode 2^(h/d) + * 14: ADRS.setTreeAddress(idxtree) + * 15: ADRS.setTypeAndClear(FORS_TREE) + * 16: ADRS.setKeyPairAddress(idxleaf) + * ... + * + * @param [in] key SLH-DSA key. + * @param [in] md Message digest. + * @param [out] adrs FORS tree HashAddress. + * @param [out] t Tree index as 3 32-bit integers. + * @param [out] l Tree leaf index. + */ +static void slhdsakey_set_ha_from_md(SlhDsaKey* key, const byte* md, + HashAddress adrs, word32* t, word32* l) +{ + const byte* p; + int bits; + + /* Step 1/4: Set address to all zeroes. */ + HA_Init(adrs); + /* Step 7/10: Get pointer to tree index data. */ + p = md + key->params->dl1 + (key->params->dl2 - 8); + /* Step 9/12: Convert tree index data to an integer ... */ + t[0] = 0; + ato32(p + 0, &t[1]); + ato32(p + 4, &t[2]); + /* Step 9/12: Mask off any extra high bits. */ + bits = key->params->h - (key->params->h / key->params->d); + if (bits < 64) { + t[1] &= ((word32)1 << (bits - 32)) - 1; + } + + /* Step 8/11: Get pointer to tree leaf index data. */ + p = md + key->params->dl1 + key->params->dl2 + (key->params->dl3 - 4); + /* Step 10/13: Convert tree leaf index data to an integer ... */ + ato32(p, l); + /* Step 10/13: Mask off any extra high bits. */ + bits = key->params->h / key->params->d; + *l &= ((word32)1 << bits) - 1; + + /* Step 11/14: Set the tree index into address. */ + HA_SetTreeAddress(adrs, t); + /* Step 12/15: Set type of address and clear except key pair address. */ + HA_SetTypeAndClearNotKPA(adrs, HA_FORS_TREE); + /* Step 13/16: Set key pair address. */ + HA_SetKeyPairAddress(adrs, *l); +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Generate an SLH-DSA key with a random number generator. + * + * FIPS 205. Section 10.1. Algorithm 21. + * slh_keygen() + * 1: SK.seed <-$- Bn > set SK.seed, SK.prf, and PK.seed to random n-byte + * 2: SK.prf <-$- Bn > strings using an approved random bit generator + * 3: PK.seed <-$- Bn + * 4: if SK.seed = NULL or SK.prf = NULL or PK.seed = NULL then + * 5: return falsity + * > return an error indication if random bit generation failed + * 6: end if + * 7: return slh_keygen_internal(SK.seed, SK.prf, PK.seed) + * + * @param [in] key SLH-DSA key. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return RNG error code when random number generation fails. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_MakeKey(SlhDsaKey* key, WC_RNG* rng) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Steps 1-5: Generate the 3 random hashes. */ + ret = wc_RNG_GenerateBlock(rng, key->sk, 3 * key->params->n); + } + if (ret == 0) { + byte n = key->params->n; + + /* Step 7: Make the key with the random */ + ret = wc_SlhDsaKey_MakeKeyWithRandom(key, key->sk, n, key->sk + n, n, + key->sk + 2 * n, n); + } + + return ret; +} + +/* Generate an SLH-DSA key pair. + * + * FIPS 205. Section 9.1. Algorithm 18. + * slh_keygen_internal(SK.seed, SK.prf, PK.seed) + * 1: ADRS <- toByte(0, 32) + * > generate the public key for the top-level XMSS tree + * 2: ADRS.setLayerAddress(d - 1) + * 3: PK.root <- xmss_node(SK.seed, 0, h' , PK.seed, ADRS) + * 4: return ( (SK.seed, SK.prf, PK.seed, PK.root), (PK.seed, PK.root) ) + * + * @param [in] key SLH-DSA key. + * @param [in] sk_seed Private key seed. + * @param [in] sk_seed_len Length of private key seed. + * @param [in] sk_prf Private key PRF seed. + * @param [in] sk_prf_len Length of private key PRF seed. + * @param [in] pk_seed Public key seed. + * @param [in] pk_seed_len Length of public key seed. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or key's parameters is NULL. + * @return BAD_FUNC_ARG when sk_seed is NULL or length is not n. + * @return BAD_FUNC_ARG when sk_prf is NULL or length is not n. + * @return BAD_FUNC_ARG when pk_seed is NULL or length is not n. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_MakeKeyWithRandom(SlhDsaKey* key, const byte* sk_seed, + word32 sk_seed_len, const byte* sk_prf, word32 sk_prf_len, + const byte* pk_seed, word32 pk_seed_len) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Ensure private key seed is passed in and is the right length. */ + else if ((sk_seed == NULL) || (sk_seed_len != key->params->n)) { + ret = BAD_FUNC_ARG; + } + /* Ensure public key PRF seed is passed in and is the right length. */ + else if ((sk_prf == NULL) || (sk_prf_len != key->params->n)) { + ret = BAD_FUNC_ARG; + } + /* Ensure public key seed is passed in and is the right length. */ + else if ((pk_seed == NULL) || (pk_seed_len != key->params->n)) { + ret = BAD_FUNC_ARG; + } + else { + byte n = key->params->n; + HashAddress adrs; + + /* Step 4: Copy the seeds into the key if they didn't come from the key. + */ + if (sk_seed != key->sk) { + XMEMCPY(key->sk , sk_seed, n); + XMEMCPY(key->sk + n, sk_prf , n); + XMEMCPY(key->sk + 2 * n, pk_seed, n); + } + + /* Step 1: Set address to all zeroes. */ + HA_Init(adrs); + /* Step 2: Set the address layer to the top of the subtree. */ + HA_SetLayerAddress(adrs, key->params->d - 1); + /* Step 3: Compute the root node. */ + ret = slhdsakey_xmss_node(key, sk_seed, 0, key->params->h_m, pk_seed, + adrs, &key->sk[3 * n]); + if (ret == 0) { + key->flags = WC_SLHDSA_FLAG_BOTH_KEYS; + } + } + + return ret; +} + +/* Generate an SLH-DSA signature. + * + * FIPS 205. Section 9.2. Algorithm 19. + * slh_sign_internal(M, SK, addrnd) + * ... + * upper((h - h/d) / 8)] + * > next upper((h - h/d) / 8) bytes + * 8: tmp_idxleaf <- digest [upper(k.a / 8) + upper((h - h/d) / 8) : + * upper(k.a / 8) + upper((h - h/d) / 8) + + * upper(h / 8d) ] + * > next upper(h / 8d) bytes + * 9: idxtree <- toInt(tmp_idxtree, upper((h-h/d) / 8)) mod 2^(h-h/d) + * 10: idxleaf <- toInt(tmp_idxleaf, upper(h / 8d)) mode 2^(h/d) + * 11: ADRS.setTreeAddress(idxtree) + * 12: ADRS.setTypeAndClear(FORS_TREE) + * 13: ADRS.setKeyPairAddress(idxleaf) + * 14: SIGFORS <- fors_sign(md, SK.seed, PK.seed, ADRS) + * 15: SIG <- SIG || SIGFORS + * 16: PKFORS <- fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) > get FORS key + * 17: SIGHT <- ht_sign(PKFORS , SK.seed, PK.seed, idxtree , idxleaf ) + * 18: SIG <- SIG || SIGHT + * 19: return SIG + * + * @param [in] key SLH-DSA key. + * @param [in] md Message digest. + * @param [out] sig Signature buffer. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_sign(SlhDsaKey* key, byte* md, byte* sig) +{ + int ret; + HashAddress adrs; + word32 t[3]; + word32 l; + byte pk_fors[SLHDSA_MAX_N]; + byte n = key->params->n; + + /* Steps 1, 7-13: Set address based on message digest. */ + slhdsakey_set_ha_from_md(key, md, adrs, t, &l); + + /* Step 14: FORS sign message. */ + ret = slhdsakey_fors_sign(key, md, key->sk, key->sk + 2 * n, adrs, sig); + if (ret == 0) { + /* Step 16: FORS public key from signature. */ + ret = slhdsakey_fors_pk_from_sig(key, sig, md, key->sk + 2 * n, adrs, + pk_fors); + /* Step 15: Move over signature data. */ + sig += key->params->k * (1 + key->params->a) * n; + } + if (ret == 0) { + /* Steps 17-18: Hypertree sign FORS public key. */ + ret = slhdsakey_ht_sign(key, pk_fors, key->sk, key->sk + 2 * n, t, l, + sig); + } + + return ret; +} + +/* Generate a pure SLH-DSA signature. + * + * FIPS 205. Section 10.2.2. Algorithm 22. + * slh_sign(M, ctx, SK) + * 1: if |ctx| > 255 then + * 2: return falsity + * > return an error indication if the context string is too long + * 3: end if + * 4: addrnd <-$- Bn > skip lines 4 through 7 for the deterministic variant + * 5: if addrnd = NULL then + * 6: return falsity + * > return an error indication if random bit generation failed + * 7: end if + * 8: M' <- toByte(0, 1) || toByte(|ctx|, 1) || ctx || M + * > omit addrnd for the deterministic variant + * 9: SIG <- slh_sign_internal(M', SK, addrnd) + * 10: return SIG + * + * FIPS 205. Section 9.2. Algorithm 19. + * slh_sign_internal(M, SK, addrnd) + * ... + * 2: opt_rand <- addrnd + * > substitute opt_rand <- PK.seed for the deterministic variant + * 3: R <- PRFmsg (SK.prf, opt_rand, M) > generate randomizer + * 4: SIG <- R + * 5: digest <- Hmsg(R, PK.seed, PK.root, M) > compute message digest + * 6: md <- digest [0 : upper(k.a / 8)] > first upper(k.a / 8)] bytes + * ... + * + * Note: ctx length is of type byte which means it can never be more than 255. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig, sigSz or addRnd + * is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_sign_external(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, byte* sig, word32* sigSz, + const byte* addRnd) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || (sig == NULL) || + (sigSz == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check sig buffer is large enough to hold generated signature. */ + else if (*sigSz < key->params->sigLen) { + ret = BAD_LENGTH_E; + } + /* Alg 22, Step 5: Check addrnd is not NULL. */ + else if (addRnd == NULL) { + /* Alg 22, Step 6: Return error. */ + ret = BAD_FUNC_ARG; + } + /* Check we have a private key to sign with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + byte md[SLHDSA_MAX_MD]; + byte hdr[2]; + byte n = key->params->n; + + /* Alg 22, Step 8: Set first two bytes to pass to hash ... */ + hdr[0] = 0; + hdr[1] = ctxSz; + + /* Alg 19, Step 3: Start hash with private key PRF seed ... */ + ret = slhdsakey_hash_start(&key->shake, key->sk + n, n); + if (ret == 0) { + /* Alg 19, Step 3: Add addrnd to hash ... */ + ret = slhdsakey_hash_update(&key->shake, addRnd, n); + } + if (ret == 0) { + /* Alg 19, Step 3: Add M' header ... */ + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 19, Step 3: Add ctx ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 19, Step 3: Add M ... */ + ret = slhdsakey_hash_update(&key->shake, msg, msgSz); + } + if (ret == 0) { + /* Alg 19, Steps 3-4: Compute randomizer into signature. */ + ret = slhdsakey_hash_final(&key->shake, sig, n); + } + if (ret == 0) { + /* Alg 19, Step 5: Start hash with signature ... */ + ret = slhdsakey_hash_start(&key->shake, sig, n); + /* Move over randomizer. */ + sig += n; + } + if (ret == 0) { + /* Alg 19, Step 5: Add public key seed and root ... */ + ret = slhdsakey_hash_update(&key->shake, key->sk + 2 * n, 2 * n); + } + if (ret == 0) { + /* Alg 19, Step 5: Add M' header ... */ + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 19, Step 5: Add ctx ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 19, Step 5: Add M ... */ + ret = slhdsakey_hash_update(&key->shake, msg, msgSz); + } + if (ret == 0) { + /* Alg 19, Steps 5-6: Compute digest of required length. */ + ret = slhdsakey_hash_final(&key->shake, md, key->params->dl1 + + key->params->dl2 + key->params->dl3); + } + if (ret == 0) { + /* Alg 19. Steps 7-19 */ + ret = slhdsakey_sign(key, md, sig); + } + if (ret == 0) { + /* Return the signature size generated. */ + *sigSz = key->params->sigLen; + } + } + + return ret; +} + +/* Generate a deterministic SLH-DSA signature. + * + * addrnd is the public key seed. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg or sig is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_SignDeterministic(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, byte* sig, word32* sigSz) +{ + int ret; + + /* Validate parameters that will be used in this function. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Pure sign. */ + ret = slhdsakey_sign_external(key, ctx, ctxSz, msg, msgSz, sig, sigSz, + key->sk + 2 * key->params->n); + } + + return ret; +} + +/* Generate a pure SLH-DSA signature. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @param [in] addRnd Additional random for signature. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig or addrnd is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_SignWithRandom(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, byte* sig, word32* sigSz, const byte* addRnd) +{ + /* Pure sign. */ + return slhdsakey_sign_external(key, ctx, ctxSz, msg, msgSz, sig, sigSz, + addRnd); +} + +/* Generate a pure SLH-DSA signature with a random number generator. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig, sigSz or rng is + * NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_Sign(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, byte* sig, word32* sigSz, WC_RNG* rng) +{ + int ret = 0; + byte addRnd[SLHDSA_MAX_N]; + + /* Validate parameters before generating random. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || (sig == NULL) || + (sigSz == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check sig buffer is large enough to hold generated signature. */ + else if (*sigSz < key->params->sigLen) { + ret = BAD_LENGTH_E; + } + /* Check we have a private key to sign with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + /* Generate n bytes of random. */ + ret = wc_RNG_GenerateBlock(rng, addRnd, key->params->n); + } + if (ret == 0) { + /* Pure sign. */ + ret = wc_SlhDsaKey_SignWithRandom(key, ctx, ctxSz, msg, msgSz, sig, + sigSz, addRnd); + } + + return ret; +} +#endif + +/* Verify SLH-DSA signature. + * + * FIPS 205. Section 9.3. Algorithm 20. + * slh_verify_internal(M, SIG, PK) + * ... + * 6: SIGFORS <- SIG.getSIG_FORS() > SIG[n : (1 + k(1 + a)) . n] + * 7: SIGHT <- SIG.getSIG_HT() + * > SIG[(1 + k(1 + a)) . n : (1 + k(1 + a) + h + d . len) . n] + * ... + * 17: PKFORS <- fors_pkFromSig(SIGFORS, md, PK.seed, ADRS) + * 18: return ht_verify(PKFORS, SIGHT, PK.seed, idxtree, idxleaf, PK.root) + * + * @param [in] key SLH-DSA key. + * @param [in] md Message digest. + * @param [in] sig Signature data. + * @return 0 on success. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_verify(SlhDsaKey* key, byte* md, const byte* sig) +{ + int ret; + HashAddress adrs; + word32 t[3]; + word32 l; + byte pk_fors[SLHDSA_MAX_N]; + byte n = key->params->n; + + /* Steps 4, 10-16: Set address based on message digest. */ + slhdsakey_set_ha_from_md(key, md, adrs, t, &l); + + /* Step 6: Move pointer to FORS signature. */ + sig += n; + /* Step 17: Get FORS public key from FORS signature. */ + ret = slhdsakey_fors_pk_from_sig(key, sig, md, key->sk + 2 * n, adrs, + pk_fors); + /* Step 7: Move pointer to hypertree signature. */ + sig += key->params->k * (1 + key->params->a) * n; + if (ret == 0) { + /* Step 18: Verify hypertree signature. */ + ret = slhdsakey_ht_verify(key, pk_fors, sig, key->sk + 2 * n, t, l, + key->sk + 3 * n); + } + + return ret; +} + +/* Verify SLH-DSA signature. + * + * FIPS 205. Section 9.3. Algorithm 20. + * slh_verify_internal(M, SIG, PK) + * 1: if |SIG| != (1 + k(1 + a) + h + d . len . n then + * 2: return false + * 3: end if + * ... + * 5: R <- SIG.getR() > SIG[0 : n] + * ... + * 8: digest <- Hmsg (R, PK.seed, PK.root, M) > compute message digest + * 9: md <- digest [0 : upper(k.a / 8)] > first upper(k.a / 8) bytes + * ... + * + * FIPS 205. Section 10.3. Algorithm 23. + * slh_verify(M, SIG, ctx, PK) + * 1: if |ctx| > 255 then + * 2: return false + * 3: end if + * 4: M' <- toByte(0, 1) || toByte(|ctx|, 1) || ctx + * 5: return slh_verify_internal(M', SIG, PK) + * + * Note: ctx length is of type byte which means it can never be more than 255. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] sig Signature data. + * @param [in] sigSz Length of signature in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg or sig is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctxSz is greater than 0. + * @return BAD_LENGTH_E when signature size does not match parameters. + * @return MISSING_KEY when public key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_Verify(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, const byte* sig, word32 sigSz) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || + (sig == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Alg 20, Step 1: Check signature length is the expect length. */ + else if (sigSz != key->params->sigLen) { + /* Alg 20, Step 2: Return error */ + ret = BAD_LENGTH_E; + } + /* Check we have a public key to verify with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PUBLIC) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + byte md[SLHDSA_MAX_MD]; + byte n = key->params->n; + + /* Alg 20, Step 8: Hash randomizer ... */ + ret = slhdsakey_hash_start(&key->shake, sig, n); + if (ret == 0) { + /* Alg 20, Step 8: Update hash with public key seed and root ... */ + ret = slhdsakey_hash_update(&key->shake, key->sk + 2 * n, 2 * n); + } + if (ret == 0) { + byte hdr[2]; + + /* Alg 23, Step 4: Make M' header. */ + hdr[0] = 0; + hdr[1] = ctxSz; + /* Alg 20, Step 8: Update hash with M' header ... */ + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 20, Step 8: Update hash with context ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 20, Step 8: Update hash with message ... */ + ret = slhdsakey_hash_update(&key->shake, msg, msgSz); + } + if (ret == 0) { + /* Alg 20, Step 8: Compute message digest. */ + ret = slhdsakey_hash_final(&key->shake, md, key->params->dl1 + + key->params->dl2 + key->params->dl3); + } + if (ret == 0) { + /* Alg 23, Step 5: Verify M'. + * Alg 20, Steps 4,6-18: Verify digest. */ + ret = slhdsakey_verify(key, md, sig); + } + } + + return ret; +} + +#ifdef WOLFSSL_SHA224 +/* OID for SHA-224 for hash signing/verification. */ +static const byte slhdsakey_oid_sha224[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04 +}; +#endif +#ifndef NO_SHA256 +/* OID for SHA-256 for hash signing/verification. */ +static const byte slhdsakey_oid_sha256[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 +}; +#endif +#ifdef WOLFSSL_SHA384 +/* OID for SHA-384 for hash signing/verification. */ +static const byte slhdsakey_oid_sha384[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 +}; +#endif +#ifdef WOLFSSL_SHA512 +/* OID for SHA-512 for hash signing/verification. */ +static const byte slhdsakey_oid_sha512[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 +}; +#ifndef WOLFSSL_NOSHA512_224 +/* OID for SHA-512/224 for hash signing/verification. */ +static const byte slhdsakey_oid_sha512_224[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x05 +}; +#endif +#ifndef WOLFSSL_NOSHA512_256 +/* OID for SHA-512/256 for hash signing/verification. */ +static const byte slhdsakey_oid_sha512_256[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06 +}; +#endif +#endif +#ifdef WOLFSSL_SHAKE128 +/* OID for SHAKE-128 for hash signing/verification. */ +static const byte slhdsakey_oid_shake128[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0b +}; +#endif +#ifdef WOLFSSL_SHAKE256 +/* OID for SHAKE-256 for hash signing/verification. */ +static const byte slhdsakey_oid_shake256[] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0c +}; +#endif + +/* Pre-hash the message with the hash specified. + * + * @param [in] msg Message to hash. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm. + * @param [out] ph Prehash buffer. + * @param [out] phLen Length of prehash data. + * @param [out] oid OID data for hash algorithm. + * @param [out] oidLen Length of OID data for hash algorithm. + * @return 0 on success. + * @return NOT_COMPILED_IN when hash algorithm not supported. + */ +static int slhdsakey_prehash_msg(const byte* msg, word32 msgSz, + enum wc_HashType hashType, byte* ph, byte* phLen, const byte** oid, + byte* oidLen) +{ + int ret; + + switch ((int)hashType) { + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + *oid = slhdsakey_oid_sha224; + *oidLen = (byte)sizeof(slhdsakey_oid_sha224); + *phLen = WC_SHA224_DIGEST_SIZE; + ret = wc_Sha224Hash(msg, msgSz, ph); + break; + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + *oid = slhdsakey_oid_sha256; + *oidLen = (byte)sizeof(slhdsakey_oid_sha256); + *phLen = WC_SHA256_DIGEST_SIZE; + ret = wc_Sha256Hash(msg, msgSz, ph); + break; + #endif + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + *oid = slhdsakey_oid_sha384; + *oidLen = (byte)sizeof(slhdsakey_oid_sha384); + *phLen = WC_SHA384_DIGEST_SIZE; + ret = wc_Sha384Hash(msg, msgSz, ph); + break; + #endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + *oid = slhdsakey_oid_sha512; + *oidLen = (byte)sizeof(slhdsakey_oid_sha512); + *phLen = WC_SHA512_DIGEST_SIZE; + ret = wc_Sha512Hash(msg, msgSz, ph); + break; + #ifndef WOLFSSL_NOSHA512_224 + case WC_HASH_TYPE_SHA512_224: + *oid = slhdsakey_oid_sha512_224; + *oidLen = (byte)sizeof(slhdsakey_oid_sha512_224); + *phLen = WC_SHA512_224_DIGEST_SIZE; + ret = wc_Sha512_224Hash(msg, msgSz, ph); + break; + #endif + #ifndef WOLFSSL_NOSHA512_256 + case WC_HASH_TYPE_SHA512_256: + *oid = slhdsakey_oid_sha512_256; + *oidLen = (byte)sizeof(slhdsakey_oid_sha512_256); + *phLen = WC_SHA512_256_DIGEST_SIZE; + ret = wc_Sha512_256Hash(msg, msgSz, ph); + break; + #endif +#endif + #ifdef WOLFSSL_SHAKE128 + case WC_HASH_TYPE_SHAKE128: + *oid = slhdsakey_oid_shake128; + *oidLen = (byte)sizeof(slhdsakey_oid_shake128); + *phLen = WC_SHA3_256_DIGEST_SIZE; + ret = wc_Shake128Hash(msg, msgSz, ph, WC_SHA3_256_DIGEST_SIZE); + break; + #endif + #ifdef WOLFSSL_SHAKE256 + case WC_HASH_TYPE_SHAKE256: + *oid = slhdsakey_oid_shake256; + *oidLen = (byte)sizeof(slhdsakey_oid_shake256); + *phLen = WC_SHA3_512_DIGEST_SIZE; + ret = wc_Shake256Hash(msg, msgSz, ph, WC_SHA3_512_DIGEST_SIZE); + break; + #endif + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Generate pre-hash SLH-DSA signature. + * + * FIPS 205. Section 10.2.2. Algorithm 23. + * hash_slh_sign(M, ctx, PH, SK) + * 1: if |ctx| > 255 then + * 2: return falsity + * > return an error indication if the context string is too long + * 3: end if + * 4: addrnd <-$- Bn > skip lines 4 through 7 for the deterministic variant + * 5: if addrnd = NULL then + * 6: return falsity + * > return an error indication if random bit generation failed + * 7: end if + * 8: switch PH do + * 9: case SHA-256: + * 10: OID <- toByte(0x0609608648016503040201, 11) + * > 2.16.840.1.101.3.4.2.1 + * 11: PHM <- SHA-256(M) + * 12: case SHA-512: + * 13: OID <- toByte(0x0609608648016503040203, 11) + * > 2.16.840.1.101.3.4.2.3 + * 14: PHM <- SHA-512(M) + * 15: case SHAKE128: + * 16: OID <- toByte(0x060960864801650304020B, 11) + * > 2.16.840.1.101.3.4.2.11 + * 17: PHM <- SHAKE128(M, 256) + * 18: case SHAKE256: + * 19: OID <- toByte(0x060960864801650304020C, 11) + * > 2.16.840.1.101.3.4.2.12 + * 20: PHM <- SHAKE256(M , 512) + * 21: case ... > other approved hash functions or XOFs + * 22: ... + * 23: end switch + * 24: M' <- toByte(1, 1) || toByte(|ctx|, 1) || ctx || OID || PHM + * > omit addrnd for the deterministic variant + * 25: SIG <- slh_sign_internal(M', SK, addrnd) + * 26: return SIG + * + * FIPS 205. Section 9.2. Algorithm 19. + * slh_sign_internal(M, SK, addrnd) + * ... + * 2: opt_rand <- addrnd + * > substitute opt_rand <- PK.seed for the deterministic variant + * 3: R <- PRFmsg (SK.prf, opt_rand, M) > generate randomizer + * 4: SIG <- R + * 5: digest <- Hmsg(R, PK.seed, PK.root, M) > compute message digest + * 6: md <- digest [0 : upper(k.a / 8)] > first upper(k.a / 8)] bytes + * ... + * + * Note: ctx length is of type byte which means it can never be more than 255. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm to use in pre-hash. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig, sigSz or addRnd + * is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return NOT_COMPILED in when hash algorithm is not supported. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +static int slhdsakey_signhash_external(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, enum wc_HashType hashType, + byte* sig, word32* sigSz, byte* addRnd) +{ + int ret = 0; + byte ph[WC_MAX_DIGEST_SIZE]; + byte phLen = 0; + const byte* oid = NULL; + byte oidLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || (sig == NULL) || + (sigSz == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check sig buffer is large enough to hold generated signature. */ + else if (*sigSz < key->params->sigLen) { + ret = BAD_LENGTH_E; + } + /* Alg 23, Step 5: Check addrnd is not NULL. */ + else if (addRnd == NULL) { + /* Alg 23, Step 6: Return error. */ + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Alg 23, Steps 8-23: Pre-hash message with hash algorithm specified. + */ + ret = slhdsakey_prehash_msg(msg, msgSz, hashType, ph, &phLen, &oid, + &oidLen); + } + if (ret == 0) { + byte n = key->params->n; + byte md[SLHDSA_MAX_MD]; + byte hdr[2]; + + /* Alg 23, Step 24: Set first two bytes to pass to hash ... */ + hdr[0] = 1; + hdr[1] = ctxSz; + + /* Alg 19, Step 3: Start hash with private key PRF seed ... */ + ret = slhdsakey_hash_start(&key->shake, key->sk + n, n); + if (ret == 0) { + /* Alg 19, Step 3: Add addrnd to hash ... */ + ret = slhdsakey_hash_update(&key->shake, addRnd, n); + } + if (ret == 0) { + /* Alg 19, Step 3: Add M' header ... */ + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 19, Step 3: Add ctx ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 23, Step 24, Alg 19, Step 3: Add M' OID ... */ + ret = slhdsakey_hash_update(&key->shake, oid, oidLen); + } + if (ret == 0) { + /* Alg 23, Step 24, Alg 19, Step 3: Add M' pre-hash ... */ + ret = slhdsakey_hash_update(&key->shake, ph, phLen); + } + if (ret == 0) { + /* Alg 19, Step 3-4: Compute randomizer into signature. */ + ret = slhdsakey_hash_final(&key->shake, sig, n); + } + if (ret == 0) { + /* Alg 19, Step 5: Start hash with signature ... */ + ret = slhdsakey_hash_start(&key->shake, sig, n); + /* Move over randomizer. */ + sig += n; + } + if (ret == 0) { + /* Alg 19, Step 5: Add public key seed and root ... */ + ret = slhdsakey_hash_update(&key->shake, key->sk + 2 * n, 2 * n); + } + if (ret == 0) { + /* Alg 19, Step 5: Add M' header ... */ + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 19, Step 5: Add ctx ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 23, Step 24, Alg 19, Step 5: Add M' OID ... */ + ret = slhdsakey_hash_update(&key->shake, oid, oidLen); + } + if (ret == 0) { + /* Alg 23, Step 24, Alg 19, Step 5: Add M' pre-hash ... */ + ret = slhdsakey_hash_update(&key->shake, ph, phLen); + } + if (ret == 0) { + /* Alg 19, Steps 5-6: Compute digest of required length. */ + ret = slhdsakey_hash_final(&key->shake, md, key->params->dl1 + + key->params->dl2 + key->params->dl3); + } + if (ret == 0) { + /* Alg 19. Steps 7-19 */ + ret = slhdsakey_sign(key, md, sig); + } + if (ret == 0) { + /* Return the signature size generated. */ + *sigSz = key->params->sigLen; + } + } + + return ret; +} + +/* Generate a deterministic pre-hash SLH-DSA signature. + * + * addrnd is the public key seed. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm to use in pre-hash. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig or sigSz is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_SignHashDeterministic(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, enum wc_HashType hashType, + byte* sig, word32* sigSz) +{ + int ret; + + /* Validate parameters that will be used in this function. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check we have a private key to sign with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) { + ret = MISSING_KEY; + } + else { + /* Pre-hash sign. */ + ret = slhdsakey_signhash_external(key, ctx, ctxSz, msg, msgSz, hashType, + sig, sigSz, key->sk + 2 * key->params->n); + } + + return ret; +} + +/* Generate a pre-hash SLH-DSA signature. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm to use in pre-hash. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @param [in] addRnd Additional random for signature. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig, sigSz or addrnd + * is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when sigSz is less than required signature length. + * @return MISSING_KEY when private key not set. + * @return NOT_COMPILED in when hash algorithm is not supported. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_SignHashWithRandom(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, enum wc_HashType hashType, byte* sig, + word32* sigSz, byte* addRnd) +{ + /* Pre-hash sign */ + return slhdsakey_signhash_external(key, ctx, ctxSz, msg, msgSz, hashType, + sig, sigSz, addRnd); +} + +/* Generate a pre-hash SLH-DSA signature with a random number generator. + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm to use in pre-hash. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigSz On in, length of signature buffer. + * On out, length of signature data. + * @param [in] rng Random number generator. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg, sig, sigSz or rng is + * NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return MISSING_KEY when private key not set. + * @return NOT_COMPILED in when hash algorithm is not supported. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_SignHash(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, enum wc_HashType hashType, byte* sig, + word32* sigSz, WC_RNG* rng) +{ + int ret = 0; + byte addRnd[SLHDSA_MAX_N]; + + /* Validate parameters before generating random. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || (sig == NULL) || + (sigSz == NULL) || (rng == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check sig buffer is large enough to hold generated signature. */ + else if (*sigSz < key->params->sigLen) { + ret = BAD_LENGTH_E; + } + /* Check we have a private key to sign with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + /* Generate n bytes of random. */ + ret = wc_RNG_GenerateBlock(rng, addRnd, key->params->n); + } + if (ret == 0) { + /* Pre-hash sign. */ + ret = wc_SlhDsaKey_SignHashWithRandom(key, ctx, ctxSz, msg, msgSz, + hashType, sig, sigSz, addRnd); + } + + return ret; +} +#endif + +/* Verify SLH-DSA signature. + * + * FIPS 205. Section 9.3. Algorithm 20. + * slh_verify_internal(M, SIG, PK) + * 1: if |SIG| != (1 + k(1 + a) + h + d . len . n then + * 2: return false + * 3: end if + * ... + * 5: R <- SIG.getR() > SIG[0 : n] + * ... + * 8: digest <- Hmsg (R, PK.seed, PK.root, M) > compute message digest + * 9: md <- digest [0 : upper(k.a / 8)] > first upper(k.a / 8) bytes + * ... + * + * FIPS 205. Section 10.3. Algorithm 24. + * hash_slh_verify(M, SIG, ctx, PH, PK) + * 1: if |ctx| > 255 then + * 2: return false + * 3: end if + * 4: switch PH do + * 5: case SHA-256: + * 6: OID <- toByte(0x0609608648016503040201, 11) + * > 2.16.840.1.101.3.4.2.1 + * 7: PHM <- SHA-256(M) + * 8: case SHA-512: + * 9: OID <- toByte(0x0609608648016503040203, 11) + * > 2.16.840.1.101.3.4.2.3 + * 10: PHM <- SHA-512(M) + * 11: case SHAKE128: + * 12: OID <- toByte(0x060960864801650304020B, 11) + * > 2.16.840.1.101.3.4.2.11 + * 13: PHM <- SHAKE128(M, 256) + * 14: case SHAKE256: + * 15: OID <- toByte(0x060960864801650304020C, 11) + * > 2.16.840.1.101.3.4.2.12 + * 16: PHM <- SHAKE256(M , 512) + * 17: case ... > other approved hash functions or XOFs + * 18: ... + * 19: end switch + * 20: M' <- toByte(1, 1) || toByte(|ctx|, 1) || ctx || OID || PHM + * 21: return slh_verify_internal(M', SIG, PK) + * + * @param [in] key SLH-DSA key. + * @param [in] ctx Context of signing. + * @param [in] ctxSz Length of context in bytes. + * @param [in] msg Message to sign. + * @param [in] msgSz Length of message in bytes. + * @param [in] hashType Hash algorithm to use in pre-hash. + * @param [in] sig Signature data. + * @param [in] sigSz Length of signature in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, msg or sig is NULL. + * @return BAD_FUNC_ARG when ctx is NULL but ctx length is greater than 0. + * @return BAD_LENGTH_E when signature size does not match parameters. + * @return MISSING_KEY when public key not set. + * @return NOT_COMPILED in when hash algorithm is not supported. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_VerifyHash(SlhDsaKey* key, const byte* ctx, byte ctxSz, + const byte* msg, word32 msgSz, enum wc_HashType hashType, const byte* sig, + word32 sigSz) +{ + int ret = 0; + byte ph[WC_MAX_DIGEST_SIZE]; + byte phLen = 0; + const byte* oid = NULL; + byte oidLen = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || + ((ctx == NULL) && (ctxSz > 0)) || (msg == NULL) || (sig == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Alg 20, Step 1: Check signature length is the expect length. */ + else if (sigSz != key->params->sigLen) { + /* Alg 20, Step 2: Return error */ + ret = BAD_LENGTH_E; + } + /* Check we have a public key to verify with. */ + else if ((key->flags & WC_SLHDSA_FLAG_PUBLIC) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + /* Alg 24, Steps 4-19: Pre-hash message with hash algorithm specified. + */ + ret = slhdsakey_prehash_msg(msg, msgSz, hashType, ph, &phLen, &oid, + &oidLen); + } + if (ret == 0) { + byte n = key->params->n; + byte md[SLHDSA_MAX_MD]; + + /* Alg 20, Step 8: Hash randomizer ... */ + ret = slhdsakey_hash_start(&key->shake, sig, n); + if (ret == 0) { + /* Alg 20, Step 8: Update hash with public key seed and root ... */ + ret = slhdsakey_hash_update(&key->shake, key->sk + 2 * n, 2 * n); + } + if (ret == 0) { + byte hdr[2]; + + /* Alg 24, Step 20: Make M' header. */ + hdr[0] = 1; + hdr[1] = ctxSz; + ret = slhdsakey_hash_update(&key->shake, hdr, sizeof(hdr)); + } + if ((ret == 0) && (ctxSz > 0)) { + /* Alg 20, Step 8: Update hash with message ... */ + ret = slhdsakey_hash_update(&key->shake, ctx, ctxSz); + } + if (ret == 0) { + /* Alg 24, Step 20; Alg 20, Step 8: Update with M' OID ... */ + ret = slhdsakey_hash_update(&key->shake, oid, oidLen); + } + if (ret == 0) { + /* Alg 24, Step 20; Alg 20, Step 8: Update with M' pre-hash ... */ + ret = slhdsakey_hash_update(&key->shake, ph, phLen); + } + if (ret == 0) { + /* Alg 20, Step 8: Compute message digest. */ + ret = slhdsakey_hash_final(&key->shake, md, key->params->dl1 + + key->params->dl2 + key->params->dl3); + } + if (ret == 0) { + /* Alg 24, Step 21: Verify M'. + * Alg 20, Steps 4,6-18: Verify digest. */ + ret = slhdsakey_verify(key, md, sig); + } + } + + return ret; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Import private key from data. + * + * Includes the public key. + * + * @param [in] key SLH-DSA key. + * @param [in] priv Private key data. + * @param [in] privLen Length of private key data in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters or priv is NULL. + * @return BAD_LENGTH_E when inLen does not match parameters. + */ +int wc_SlhDsaKey_ImportPrivate(SlhDsaKey* key, const byte* priv, word32 privLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || (priv == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check private key data length matches parameters. */ + else if ((privLen != 4 * key->params->n)) { + ret = BAD_LENGTH_E; + } + else { + /* Copy private and public key data into SLH-DSA key object. */ + XMEMCPY(key->sk, priv, 4 * key->params->n); + key->flags = WC_SLHDSA_FLAG_BOTH_KEYS; + } + + return ret; +} +#endif + +/* Import public key from data. + * + * @param [in] key SLH-DSA key. + * @param [in] pub Public key data. + * @param [in] pubLen Length of public key data in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters or in is NULL. + * @return BAD_LENGTH_E when inLen does not match parameters. + */ +int wc_SlhDsaKey_ImportPublic(SlhDsaKey* key, const byte* pub, word32 pubLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || (pub == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check public key data length matches parameters. */ + else if ((pubLen != 2 * key->params->n)) { + ret = BAD_LENGTH_E; + } + else { + /* Copy public key data into SLH-DSA key object. */ + XMEMCPY(key->sk + 2 * key->params->n, pub, 2 * key->params->n); + key->flags = WC_SLHDSA_FLAG_PUBLIC; + } + + return ret; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Check that the private key is valid. + * + * @param [in] key SLH-DSA key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key or key's parameters is NULL. + * @return MISSING_KEY when private key not set. + * @return WC_KEY_MISMATCH_E when private key and public seed don't compute + * public key root. + * @return MEMORY_E on dynamic memory allocation failure. + * @return SHAKE-256 error return code on digest failure. + */ +int wc_SlhDsaKey_CheckKey(SlhDsaKey* key) +{ + int ret = 0; + + /* Validate parameter. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check we have a private key to validate. */ + else if ((key->flags & WC_SLHDSA_FLAG_PRIVATE) == 0) { + ret = MISSING_KEY; + } + if (ret == 0) { + byte root[SLHDSA_MAX_N]; + byte n = key->params->n; + + /* Cache the public key root as making the key overwrites. */ + XMEMCPY(root, key->sk + 3 * n, n); + ret = wc_SlhDsaKey_MakeKeyWithRandom(key, key->sk, n, key->sk + n, n, + key->sk + 2 * n, n); + /* Compare computed root with what was cached. */ + if ((ret == 0) && (XMEMCMP(root, key->sk + 3 * n, n) != 0)) { + ret = WC_KEY_MISMATCH_E; + } + } + + return ret; +} + +/* Export the private key. + * + * Includes the public key. + * + * @param [in] key SLH-DSA key. + * @param [out] priv Buffer for private key data. + * @param [in, out] privLen On in, length of buffer. + * On out, length of private key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, priv or privLen is NULL. + * @return BAD_LENGTH_E when privLen is too small for private key. + */ +int wc_SlhDsaKey_ExportPrivate(SlhDsaKey* key, byte* priv, word32* privLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || (priv == NULL) || + (privLen == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check private key buffer length. */ + else if (*privLen < key->params->n * 4) { + ret = BAD_LENGTH_E; + } + else { + int n = key->params->n; + + /* Copy data out and return length. */ + XMEMCPY(priv, key->sk, n * 4); + *privLen = n * 4; + } + + return ret; +} +#endif + +/* Export the public key. + * + * @param [in] key SLH-DSA key. + * @param [out] pub Buffer for public key data. + * @param [in, out] pubLen On in, length of buffer. + * On out, length of public key. + * @return 0 on success. + * @return BAD_FUNC_ARG when key, key's parameters, pub or pubLen is NULL. + * @return BAD_LENGTH_E when pubLen is too small for public key. + */ +int wc_SlhDsaKey_ExportPublic(SlhDsaKey* key, byte* pub, word32* pubLen) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL) || (pub == NULL) || + (pubLen == NULL)) { + ret = BAD_FUNC_ARG; + } + /* Check public key buffer length. */ + else if (*pubLen < key->params->n * 2) { + ret = BAD_LENGTH_E; + } + else { + int n = key->params->n; + + /* Copy data out and return length. */ + XMEMCPY(pub, key->sk + n * 2, n * 2); + *pubLen = n * 2; + } + + return ret; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Return the size of the private key for the parameters. + * + * @param [in] key SLH-DSA key. + * @return Private key data length in bytes on success. + * @return BAD_FUNC_ARG when key or key's parameters is NULL. + */ +int wc_SlhDsaKey_PrivateSize(SlhDsaKey* key) +{ + int ret; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Length is of 3 seeds and a hash, all n bytes long. */ + ret = key->params->n * 4; + } + + return ret; +} +#endif + +/* Return the size of the public key for the parameters. + * + * @param [in] key SLH-DSA key. + * @return Public key data length in bytes on success. + * @return BAD_FUNC_ARG when key or key's parameters is NULL. + */ +int wc_SlhDsaKey_PublicSize(SlhDsaKey* key) +{ + int ret; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Length is of a seed and a hash, both n bytes long. */ + ret = key->params->n * 2; + } + + return ret; +} + +/* Return the size of a signature for the parameters. + * + * @param [in] key SLH-DSA key. + * @return Signature length in bytes on success. + * @return BAD_FUNC_ARG when key or key's parameters is NULL. + */ +int wc_SlhDsaKey_SigSize(SlhDsaKey* key) +{ + int ret; + + /* Validate parameters. */ + if ((key == NULL) || (key->params == NULL)) { + ret = BAD_FUNC_ARG; + } + else { + /* Length from the parameters. */ + ret = key->params->sigLen; + } + + return ret; +} + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +/* Return the size of the private key for the parameters. + * + * @param [in] param SLH-DSA parameters. + * @return Private key data length in bytes on success. + * @return NOT_COMPILED_IN when parameters not supported. + */ +int wc_SlhDsaKey_PrivateSizeFromParam(enum SlhDsaParam param) +{ + int ret; + + switch (param) { + case SLHDSA_SHAKE128S: + ret = WC_SLHDSA_SHAKE128S_PRIV_LEN; + break; + case SLHDSA_SHAKE128F: + ret = WC_SLHDSA_SHAKE128F_PRIV_LEN; + break; + case SLHDSA_SHAKE192S: + ret = WC_SLHDSA_SHAKE192S_PRIV_LEN; + break; + case SLHDSA_SHAKE192F: + ret = WC_SLHDSA_SHAKE192F_PRIV_LEN; + break; + case SLHDSA_SHAKE256S: + ret = WC_SLHDSA_SHAKE256S_PRIV_LEN; + break; + case SLHDSA_SHAKE256F: + ret = WC_SLHDSA_SHAKE256F_PRIV_LEN; + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} +#endif + +/* Return the size of the public key for the parameters. + * + * @param [in] param SLH-DSA parameters. + * @return Public key data length in bytes on success. + * @return NOT_COMPILED_IN when parameters not supported. + */ +int wc_SlhDsaKey_PublicSizeFromParam(enum SlhDsaParam param) +{ + int ret; + + switch (param) { + case SLHDSA_SHAKE128S: + ret = WC_SLHDSA_SHAKE128S_PUB_LEN; + break; + case SLHDSA_SHAKE128F: + ret = WC_SLHDSA_SHAKE128F_PUB_LEN; + break; + case SLHDSA_SHAKE192S: + ret = WC_SLHDSA_SHAKE192S_PUB_LEN; + break; + case SLHDSA_SHAKE192F: + ret = WC_SLHDSA_SHAKE192F_PUB_LEN; + break; + case SLHDSA_SHAKE256S: + ret = WC_SLHDSA_SHAKE256S_PUB_LEN; + break; + case SLHDSA_SHAKE256F: + ret = WC_SLHDSA_SHAKE256F_PUB_LEN; + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} + +/* Return the size of a signature for the parameters. + * + * @param [in] param SLH-DSA parameters. + * @return Signature length in bytes on success. + * @return NOT_COMPILED_IN when parameters not supported. + */ +int wc_SlhDsaKey_SigSizeFromParam(enum SlhDsaParam param) +{ + int ret; + + switch (param) { + case SLHDSA_SHAKE128S: + ret = WC_SLHDSA_SHAKE128S_SIG_LEN; + break; + case SLHDSA_SHAKE128F: + ret = WC_SLHDSA_SHAKE128F_SIG_LEN; + break; + case SLHDSA_SHAKE192S: + ret = WC_SLHDSA_SHAKE192S_SIG_LEN; + break; + case SLHDSA_SHAKE192F: + ret = WC_SLHDSA_SHAKE192F_SIG_LEN; + break; + case SLHDSA_SHAKE256S: + ret = WC_SLHDSA_SHAKE256S_SIG_LEN; + break; + case SLHDSA_SHAKE256F: + ret = WC_SLHDSA_SHAKE256F_SIG_LEN; + break; + default: + ret = NOT_COMPILED_IN; + break; + } + + return ret; +} +#endif /* WOLFSSL_HAVE_SLHDSA */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_xmss.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wc_xmss_impl.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_xmss_impl.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -413,8 +413,7 @@ /* Copy index from source buffer to destination buffer. * - * Index is put into the front of the destination buffer with the length of the - * source. + * Index is put in the back of the destination buffer. * * @param [in] s Source buffer. * @param [in] sl Length of index in source. @@ -424,8 +423,8 @@ static void wc_idx_copy(const unsigned char* s, word8 sl, unsigned char* d, word8 dl) { - XMEMCPY(d, s, sl); - XMEMSET(d + sl, 0, dl - sl); + XMEMSET(d, 0, dl - sl); + XMEMCPY(d + dl - sl, s, sl); } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfentropy.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfentropy.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfentropy.c 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfentropy.c 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,954 @@ +/* wolfentropy.c + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + +DESCRIPTION +This library contains implementation for the raw entropy source generator (TRNG) +Not to be confused for the DRBG implemented in random.c, this raw entropy is +designed to SEED a DRBG, not to be consumed directly for use cases requiring +random data. Use the DRBG outputs for consuming applications requesting random +data, use this implementation to seed and re-seed the DRBG. + +*/ + +#include + +#ifdef HAVE_ENTROPY_MEMUSE + +#include + +#include +#if defined(__APPLE__) || defined(__MACH__) + #include +#endif + +/* Define ENTROPY_MEMUSE_THREAD to force use of counter in a new thread. + * Only do this when high resolution timer not otherwise available. + */ + +/* Number of bytes that will hold the maximum entropy bits. */ +#define MAX_ENTROPY_BYTES (MAX_ENTROPY_BITS / 8) +/* Number of bits stored for one sample. */ +#define ENTROPY_BITS_USED 8 + +/* Minimum entropy from a sample. */ +#define ENTROPY_MIN 1 +/* Number of extra samples to ensure full entropy. */ +#define ENTROPY_EXTRA 64 +/* Maximum number of bytes to sample to produce max entropy. */ +#define MAX_NOISE_CNT (MAX_ENTROPY_BITS * 8 + ENTROPY_EXTRA) + +/* MemUse entropy global state initialized. */ +static volatile int entropy_memuse_initialized = 0; +/* Global SHA-3 object used for conditioning entropy and creating noise. */ +static wc_Sha3 entropyHash; +/* Reset the health tests. */ +static void Entropy_HealthTest_Reset(void); + +#ifdef CUSTOM_ENTROPY_TIMEHIRES +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + return CUSTOM_ENTROPY_TIMEHIRES(); +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && \ + (defined(__x86_64__) || defined(__i386__)) +/* Get the high resolution time counter. + * + * @return 64-bit count of CPU cycles. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + unsigned int lo_c, hi_c; + __asm__ __volatile__ ( + "rdtsc" + : "=a"(lo_c), "=d"(hi_c) /* out */ + : "a"(0) /* in */ + : "%ebx", "%ecx"); /* clobber */ + return ((word64)lo_c) | (((word64)hi_c) << 32); +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && \ + (defined(__APPLE__) || defined(__MACH__)) +/* Get the high resolution time counter. + * + * @return 64-bit time in nanoseconds. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + return clock_gettime_nsec_np(CLOCK_MONOTONIC_RAW); +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__aarch64__) +/* Get the high resolution time counter. + * + * @return 64-bit timer count. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + word64 cnt; + __asm__ __volatile__ ( + "mrs %[cnt], cntvct_el0" + : [cnt] "=r"(cnt) + : + : + ); + return cnt; +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__MICROBLAZE__) + +#define LPD_SCNTR_BASE_ADDRESS 0xFF250000 + +/* Get the high resolution time counter. + * Collect ticks from LPD_SCNTR + * @return 64-bit tick count. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + word64 cnt; + word32 *ptr; + + ptr = (word32*)LPD_SCNTR_BASE_ADDRESS; + cnt = *(ptr+1); + cnt = cnt << 32; + cnt |= *ptr; + + return cnt; +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(_POSIX_C_SOURCE) && \ + (_POSIX_C_SOURCE >= 199309L) +/* Get the high resolution time counter. + * + * @return 64-bit time that is the nanoseconds of current time. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + struct timespec now; + + clock_gettime(CLOCK_REALTIME, &now); + + return now.tv_nsec; +} +#elif defined(_WIN32) /* USE_WINDOWS_API */ +/* Get the high resolution time counter. + * + * @return 64-bit timer + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + LARGE_INTEGER count; + QueryPerformanceCounter(&count); + return (word64)(count.QuadPart); +} +#elif !defined(ENTROPY_MEMUSE_THREAD) && defined(__arm__) +/* Get time counter from arch_sys_counter clocksource. + * + * @return 64-bit timer count. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + word32 lo, hi; + __asm__ __volatile__ ( + "mrrc p15, 1, %[lo], %[hi], c14" + : [lo] "=r"(lo), [hi] "=r"(hi) + ); + return ((word64)hi << 32) | lo; +} +#elif defined(WOLFSSL_THREAD_NO_JOIN) + +/* Start and stop thread that counts as a proxy for time counter. */ +#define ENTROPY_MEMUSE_THREADED + +/* Data for entropy thread. */ +typedef struct ENTROPY_THREAD_DATA { + /* Current counter - proxy for time. */ + word64 counter; + /* Whether to stop thread. */ + int stop; +} ENTROPY_THREAD_DATA; + +/* Track whether entropy thread has been started already. */ +static int entropy_thread_started = 0; +/* Data for thread to update/observer. */ +static volatile ENTROPY_THREAD_DATA entropy_thread_data = { 0, 0 }; + +/* Get the high resolution time counter. Counter incremented in thread. + * + * @return 64-bit counter. + */ +static WC_INLINE word64 Entropy_TimeHiRes(void) +{ + /* Return counter update in thread. */ + return entropy_thread_data.counter; +} + +/* Thread that increments counter while not told to stop. + * + * @param [in,out] args Entropy data including: counter and stop flag. + * @return NULL always. + */ +static THREAD_RETURN_NOJOIN WOLFSSL_THREAD_NO_JOIN + Entropy_IncCounter(void* args) +{ + (void)args; + + /* Keep going until caller tells us to stop and exit. */ + while (!entropy_thread_data.stop) { + /* Increment counter acting as high resolution timer. */ + entropy_thread_data.counter++; + } + +#ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE + fprintf(stderr, "EXITING ENTROPY COUNTER THREAD\n"); +#endif + + /* Exit from thread. */ + RETURN_FROM_THREAD_NOJOIN(0); +} + +/* Start a thread that increments counter if not one already. + * + * Won't start a new thread if one already running. + * Waits for thread to start by waiting for counter to have incremented. + * + * @return 0 on success. + * @return Negative on failure. + */ +static int Entropy_StartThread(void) +{ + int ret = 0; + + /* Only continue if we haven't started a thread. */ + if (!entropy_thread_started) { + /* Get counter before starting thread. */ + word64 start_counter = entropy_thread_data.counter; + + /* In case of restarting thread, set stop indicator to false. */ + entropy_thread_data.stop = 0; + + #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE + fprintf(stderr, "STARTING ENTROPY COUNTER THREAD\n"); + #endif + /* Create a thread that increments the counter in the data. */ + /* Thread resources to be disposed of. */ + ret = wolfSSL_NewThreadNoJoin(Entropy_IncCounter, NULL); + if (ret == 0) { + /* Wait for the counter to increase indicating thread started. */ + while (entropy_thread_data.counter == start_counter) { + sched_yield(); + } + } + + entropy_thread_started = (ret == 0); + } + + return ret; +} + +/* Tell thread to stop and wait for it to complete. + * + * Called by wolfCrypt_Cleanup(). + */ +static void Entropy_StopThread(void) +{ + /* Only stop a thread if one is running. */ + if (entropy_thread_started) { + /* Tell thread to stop. */ + entropy_thread_data.stop = 1; + /* Stopped thread so no thread started anymore. */ + entropy_thread_started = 0; + } +} + /* end if defined(HAVE_PTHREAD) */ + +#else + +#error "No high precision time available for MemUse Entropy." + +#endif + +#ifndef ENTROPY_NUM_WORDS_BITS + /* Number of bits to count of 64-bit words in state. */ + #define ENTROPY_NUM_WORDS_BITS 14 +#endif + +/* Floor of 8 yields pool of 256x 64-bit word samples + * 9 -> 512x 64-bit word samples + * 10 -> 1,024x 64-bit word samples + * 11 -> 2,048x 64-bit word samples + * 12 -> 4,096x 64-bit word samples + * 13 -> 8,192x 64-bit word samples + * 14 -> 16,384x 64-bit word samples + * 15 -> 32,768x 64-bit word samples + * ... doubling every time up to a maximum of: + * 30 -> 1,073,741,824x 64-bit word samples + * 1 billion+ samples should be more then sufficient for any use-case + */ +#if ENTROPY_NUM_WORDS_BITS < 8 + #error "ENTROPY_NUM_WORDS_BITS must be 8 or more" +#elif ENTROPY_NUM_WORDS_BITS > 30 + #error "ENTROPY_NUM_WORDS_BITS must be less than 31" +#endif +/* Number of 64-bit words in state. */ +#define ENTROPY_NUM_WORDS (1 << ENTROPY_NUM_WORDS_BITS) + +/* Size of one block of 64-bit words. */ +#define ENTROPY_BLOCK_SZ (ENTROPY_NUM_WORDS_BITS - 8) + +#ifndef ENTROPY_NUM_UPDATES + /* Number of times to update random blocks. + * Less than 2^ENTROPY_BLOCK_SZ (default: 2^6 = 64). + * Maximize value to maximize entropy per sample. + * Limit value to ensure entropy is collected in a timely manner. + */ + #define ENTROPY_NUM_UPDATES 18 + /* Upper round of log2(ENTROPY_NUM_UPDATES) */ + #define ENTROPY_NUM_UPDATES_BITS 5 +#elif !defined(ENTROPY_NUM_UPDATES_BITS) + #define ENTROPY_NUM_UPDATES_BITS ENTROPY_BLOCK_SZ +#endif +#ifndef ENTROPY_NUM_UPDATES_BITS + #error "ENTROPY_NUM_UPDATES_BITS must be defined - " \ + "upper(log2(ENTROPY_NUM_UPDATES))" +#endif +#if ENTROPY_NUM_UPDATES_BITS != 0 + /* Amount to shift offset to get better coverage of a block */ + #define ENTROPY_OFFSET_SHIFTING \ + (ENTROPY_BLOCK_SZ / ENTROPY_NUM_UPDATES_BITS) +#else + /* Amount to shift offset to get better coverage of a block */ + #define ENTROPY_OFFSET_SHIFTING ENTROPY_BLOCK_SZ +#endif + +#ifndef ENTROPY_NUM_64BIT_WORDS + /* Number of 64-bit words to update - 32. */ + #define ENTROPY_NUM_64BIT_WORDS WC_SHA3_256_DIGEST_SIZE +#elif ENTROPY_NUM_64BIT_WORDS > WC_SHA3_256_DIGEST_SIZE + #error "ENTROPY_NUM_64BIT_WORDS must be <= SHA3-256 digest size in bytes" +#endif + +#if ENTROPY_BLOCK_SZ < ENTROPY_NUM_UPDATES_BITS +#define EXTRA_ENTROPY_WORDS ENTROPY_NUM_UPDATES +#else +#define EXTRA_ENTROPY_WORDS 0 +#endif + +/* State to update that is multiple cache lines long. */ +static word64 entropy_state[ENTROPY_NUM_WORDS + EXTRA_ENTROPY_WORDS] = {0}; + +/* Using memory will take different amount of times depending on the CPU's + * caches and business. + */ +static void Entropy_MemUse(void) +{ + int i; + static byte d[WC_SHA3_256_DIGEST_SIZE]; + int j; + + for (j = 0; j < ENTROPY_NUM_UPDATES; j++) { + /* Hash the first 32 64-bit words of state. */ + wc_Sha3_256_Update(&entropyHash, (byte*)entropy_state, + sizeof(*entropy_state) * ENTROPY_NUM_64BIT_WORDS); + /* Get pseudo-random indices. */ + wc_Sha3_256_Final(&entropyHash, d); + + for (i = 0; i < ENTROPY_NUM_64BIT_WORDS; i++) { + /* Choose a 64-bit word from a pseudo-random block.*/ + int idx = ((int)d[i] << ENTROPY_BLOCK_SZ) + + (j << ENTROPY_OFFSET_SHIFTING); + /* Update a pseudo-random 64-bit word with a pseudo-random value. */ + entropy_state[idx] += Entropy_TimeHiRes(); + /* Ensure part of state that is hashed is updated. */ + entropy_state[i] += entropy_state[idx]; + } + } +} + + +/* Last time entropy sample was gathered. */ +static word64 entropy_last_time = 0; + +/* Get a sample of noise. + * + * Value is time taken to use memory. + * + * Called to test raw entropy. + * + * @return 64-bit value that is the noise. + */ +static word64 Entropy_GetSample(void) +{ + word64 now; + word64 ret; + +#ifdef HAVE_FIPS + /* First sample must be disregard when in FIPS. */ + if (entropy_last_time == 0) { + /* Get sample which triggers CAST in FIPS mode. */ + Entropy_MemUse(); + /* Start entropy time after CASTs. */ + entropy_last_time = Entropy_TimeHiRes(); + } +#endif + + /* Use memory such that it will take an unpredictable amount of time. */ + Entropy_MemUse(); + + /* Get the time now to subtract from previous end time. */ + now = Entropy_TimeHiRes(); + /* Calculate time diff since last sampling. */ + ret = now - entropy_last_time; + /* Store last time. */ + entropy_last_time = now; + + return ret; +} + +/* Get as many samples of noise as required. + * + * One sample is one byte. + * + * @param [out] noise Buffer to hold samples. + * @param [in] samples Number of one byte samples to get. + */ +static void Entropy_GetNoise(unsigned char* noise, int samples) +{ + int i; + + /* Do it once to get things going. */ + Entropy_MemUse(); + + /* Get as many samples as required. */ + for (i = 0; i < samples; i++) { + noise[i] = (byte)Entropy_GetSample(); + } +} + +/* Generate raw entropy for performing assessment. + * + * @param [out] raw Buffer to hold raw entropy data. + * @param [in] cnt Number of bytes of raw entropy to get. + * @return 0 on success. + * @return Negative when creating a thread fails - when no high resolution + * clock available. + */ +int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt) +{ + int ret = 0; + +#ifdef ENTROPY_MEMUSE_THREADED + /* Start the counter thread as a proxy for time counter. */ + ret = Entropy_StartThread(); + if (ret == 0) +#endif + { + Entropy_GetNoise(raw, cnt); + } +#ifdef ENTROPY_MEMUSE_THREADED + /* Stop the counter thread to avoid thrashing the system. */ + Entropy_StopThread(); +#endif + + return ret; +} + +#if ENTROPY_MIN == 1 +/* SP800-90b 4.4.1 - Repetition Test + * C = 1 + upper(-log2(alpha) / H) + * When alpha = 2^-30 and H = 1, + * C = 1 + upper(30 / 1) = 31 + */ +#define REP_CUTOFF 31 +#else +#error "Minimum entropy not defined to a recognized value." +#endif + +/* Have valid previous sample for repetition test. */ +static int rep_have_prev = 0; +/* Previous sample value. */ +static byte rep_prev_noise; + +static void Entropy_HealthTest_Repetition_Reset(void) +{ + /* No previous stored. */ + rep_have_prev = 0; + /* Clear previous. */ + rep_prev_noise = 0; +} + +/* Test sample value with repetition test. + * + * @param [in] noise Sample to test. + * @return 0 on success. + * @return ENTROPY_RT_E on failure. + */ +static int Entropy_HealthTest_Repetition(byte noise) +{ + int ret = 0; + /* Number of times previous value has been seen continuously. */ + static int rep_cnt = 0; + + /* If we don't have a previous then store this one for next time. */ + if (!rep_have_prev) { + rep_prev_noise = noise; + rep_have_prev = 1; + rep_cnt = 1; + } + /* Check whether this sample matches last. */ + else if (noise == rep_prev_noise) { + /* Update count of repetitions. */ + rep_cnt++; + /* Fail if we reach cutoff. */ + if (rep_cnt >= REP_CUTOFF) { + #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE + fprintf(stderr, "REPETITION FAILED: %d\n", noise); + #endif + Entropy_HealthTest_Repetition_Reset(); + ret = ENTROPY_RT_E; + } + } + else { + /* Cache new previous and seen one so far. */ + rep_prev_noise = noise; + rep_cnt = 1; + } + + return ret; +} + +/* SP800-90b 4.4.2 - Adaptive Proportion Test + * Para 2 + * ... The window size W is selected based on the alphabet size ... 512 if + * the noise source is not binary ... + */ +#define PROP_WINDOW_SIZE 512 +#if ENTROPY_MIN == 1 +/* SP800-90b 4.4.2 - Adaptive Proportion Test + * Note 10 + * C = 1 + CRITBINOM(W, power(2,( -H)),1-alpha) + * alpha = 2^-30 = POWER(2,-30), H = 1, W = 512 + * C = 1 + CRITBINOM(512, 0.5, 1-POWER(2,-30)) = 1 + 324 = 325 + */ +#define PROP_CUTOFF 325 +#else +#error "Minimum entropy not defined to a recognized value." +#endif + +/* Total number of samples storef for Adaptive proportion test. + * Need the next 512 samples to compare this this one. + */ +static word16 prop_total = 0; +/* Index of first sample. */ +static word16 prop_first = 0; +/* Index to put next sample in. */ +static word16 prop_last = 0; +/* Count of each value seen in queue. */ +static word16 prop_cnt[1 << ENTROPY_BITS_USED] = { 0 }; +/* Circular queue of samples. */ +static word16 prop_samples[PROP_WINDOW_SIZE]; + +/* Resets the data for the Adaptive Proportion Test. + */ +static void Entropy_HealthTest_Proportion_Reset(void) +{ + /* Clear out samples. */ + XMEMSET(prop_samples, 0, sizeof(prop_samples)); + /* Clear out counts. */ + XMEMSET(prop_cnt, 0, sizeof(prop_cnt)); + /* Clear stored count. */ + prop_total = 0; + /* Reset first and last index for samples. */ + prop_first = 0; + prop_last = 0; +} + +/* Add sample to Adaptive Proportion test. + * + * SP800-90b 4.4.2 - Adaptive Proportion Test + * + * Sample is accumulated into buffer until required successive values seen. + * + * @param [in] noise Sample to test. + * @return 0 on success. + * @return ENTROPY_APT_E on failure. + */ +static int Entropy_HealthTest_Proportion(byte noise) +{ + int ret = 0; + + /* Need minimum samples in queue to test with - keep adding while we have + * less. */ + if (prop_total < PROP_CUTOFF - 1) { + /* Store sample at last position in circular queue. */ + prop_samples[prop_last++] = noise; + /* Update count of seen value based on new sample. */ + prop_cnt[noise]++; + /* Update count of store values. */ + prop_total++; + } + else { + /* We have at least a minimum set of samples in queue. */ + /* Store new sample at end of queue. */ + prop_samples[prop_last] = noise; + /* Update last index now that we have added new sample to queue. */ + prop_last = (prop_last + 1) % PROP_WINDOW_SIZE; + /* Added sample to queue - add count. */ + prop_cnt[noise]++; + /* Update count of store values. */ + prop_total++; + + /* Check whether first value has too many repetitions in queue. */ + if (prop_cnt[noise] >= PROP_CUTOFF) { + #ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE + fprintf(stderr, "PROPORTION FAILED: %d %d\n", val, prop_cnt[noise]); + #endif + Entropy_HealthTest_Proportion_Reset(); + /* Error code returned. */ + ret = ENTROPY_APT_E; + } + else if (prop_total == PROP_WINDOW_SIZE) { + /* Return to 511 samples in queue. */ + /* Get first value in queue - value to test. */ + byte val = (byte)prop_samples[prop_first]; + /* Update first index to remove first sample from the queue. */ + prop_first = (prop_first + 1) % PROP_WINDOW_SIZE; + /* Removed first sample from queue - remove count. */ + prop_cnt[val]--; + /* Update count of store values. */ + prop_total--; + } + } + + return ret; +} + +/* SP800-90b 4.3 - Requirements for Health Tests + * 1.4: The entropy source's startup tests shall run the continuous health + * tests over at least 1024 consecutive samples. + * + * Adaptive Proportion Test requires a number of samples to compared too. + */ +#define ENTROPY_INITIAL_COUNT (1024 + PROP_WINDOW_SIZE) + +/* Perform startup health testing. + * + * Fill adaptive proportion test buffer and then do 1024 samples. + * Perform repetition test on all samples expect last. + * + * Discards samples from health tests on failure. + * + * @return 0 on success. + * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. + */ +static int Entropy_HealthTest_Startup(void) +{ + int ret = 0; + byte initial[ENTROPY_INITIAL_COUNT]; + int i; + +#ifdef WOLFSSL_DEBUG_ENTROPY_MEMUSE + fprintf(stderr, "STARTUP HEALTH TEST\n"); +#endif + + /* Reset cached values before testing. */ + Entropy_HealthTest_Reset(); + + /* Fill initial sample buffer with noise. */ + Entropy_GetNoise(initial, ENTROPY_INITIAL_COUNT); + /* Health check initial noise. */ + for (i = 0; (ret == 0) && (i < ENTROPY_INITIAL_COUNT); i++) { + ret = Entropy_HealthTest_Repetition(initial[i]); + if (ret == 0) { + ret = Entropy_HealthTest_Proportion(initial[i]); + } + } + + if (ret != 0) { + /* Failing test only resets its own data. */ + Entropy_HealthTest_Reset(); + } + + return ret; +} + +/* Condition raw entropy noise using SHA-3-256. + * + * Put noise into a hash function: SHA-3-256. + * Add the current time counter to help with uniqueness. + * + * @param [out] output Buffer to conditioned data. + * @param [in] len Number of bytes to put into output buffer. + * @param [in] noise Buffer with raw noise data. + * @param [in] noise_len Length of noise data in bytes. + * @return 0 on success. + * @return Negative on failure. + */ +static int Entropy_Condition(byte* output, word32 len, byte* noise, + word32 noise_len) +{ + int ret; + + /* Add noise to initialized hash. */ + ret = wc_Sha3_256_Update(&entropyHash, noise, noise_len); + if (ret == 0) { + word64 now = Entropy_TimeHiRes(); + /* Add time now counter. */ + ret = wc_Sha3_256_Update(&entropyHash, (byte*)&now, sizeof(now)); + } + if (ret == 0) { + /* Finalize into output buffer. */ + if (len == WC_SHA3_256_DIGEST_SIZE) { + ret = wc_Sha3_256_Final(&entropyHash, output); + } + else { + byte hash[WC_SHA3_256_DIGEST_SIZE]; + + ret = wc_Sha3_256_Final(&entropyHash, hash); + if (ret == 0) { + XMEMCPY(output, hash, len); + } + } + } + + return ret; +} + +/* Mutex to prevent multiple callers requesting entropy operations at the + * same time. + */ +static wolfSSL_Mutex entropy_mutex WOLFSSL_MUTEX_INITIALIZER_CLAUSE(entropy_mutex); + +/* Get entropy of specified strength. + * + * SP800-90b 2.3.1 - GetEntropy: An Interface to the Entropy Source + * + * In threaded environment, only one thread at a time can get entropy. + * + * @param [in] bits Number of entropy bits. 256 is max value. + * @param [out] entropy Buffer to hold entropy. + * @param [in] len Length of data to put into buffer in bytes. + * @return 0 on success. + * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. + * @return BAD_MUTEX_E when unable to lock mutex. + */ +int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len) +{ + int ret = 0; + /* Noise length is the number of 8 byte samples required to get the bits of + * entropy requested. */ + int noise_len = (bits + ENTROPY_EXTRA) / ENTROPY_MIN; + static byte noise[MAX_NOISE_CNT]; + +#ifdef HAVE_FIPS + /* FIPS KATs, e.g. EccPrimitiveZ_KnownAnswerTest(), call wc_Entropy_Get() + * incidental to wc_InitRng(), without first calling Entropy_Init(), neither + * directly, nor indirectly via wolfCrypt_Init(). This matters, because + * KATs must be usable before wolfCrypt_Init() (indeed, in the library + * embodiment, the HMAC KAT always runs before wolfCrypt_Init(), incidental + * to fipsEntry()). Without the InitSha3() under Entropy_Init(), the + * SHA3_BLOCK function pointer is null when Sha3Update() is called by + * Entropy_MemUse(), which ends badly. + */ + if (!entropy_memuse_initialized) { + ret = Entropy_Init(); + } +#endif + + /* Lock the mutex as collection uses globals. */ + if ((ret == 0) && (wc_LockMutex(&entropy_mutex) != 0)) { + ret = BAD_MUTEX_E; + } + +#ifdef ENTROPY_MEMUSE_THREADED + if (ret == 0) { + /* Start the counter thread as a proxy for time counter. */ + ret = Entropy_StartThread(); + } +#endif + + /* Check we have had a startup health check pass. */ + if ((ret == 0) && ((prop_total == 0) || (!rep_have_prev))) { + /* Try again as check failed. */ + ret = Entropy_HealthTest_Startup(); + } + + /* Keep putting data into buffer until full. */ + while ((ret == 0) && (len > 0)) { + int i; + word32 entropy_len = WC_SHA3_256_DIGEST_SIZE; + + /* Output 32 bytes at a time unless buffer has fewer bytes remaining. */ + if (len < entropy_len) { + entropy_len = len; + } + + /* Get raw entropy noise. */ + Entropy_GetNoise(noise, noise_len); + /* Health check each noise value. */ + for (i = 0; (ret == 0) && (i < noise_len); i++) { + ret = Entropy_HealthTest_Repetition(noise[i]); + if (ret == 0) { + ret = Entropy_HealthTest_Proportion(noise[i]); + } + } + + if (ret == 0) { + /* Condition noise value down to 32-bytes or less. */ + ret = Entropy_Condition(entropy, entropy_len, noise, noise_len); + } + if (ret == 0) { + /* Update buffer pointer and count of bytes left to generate. */ + entropy += entropy_len; + len -= entropy_len; + } + if (ret == 0) { + ret = WC_CHECK_FOR_INTR_SIGNALS(); + } + if (ret == 0) { + WC_RELAX_LONG_LOOP(); + } + } + +#ifdef ENTROPY_MEMUSE_THREADED + /* Stop the counter thread to avoid thrashing the system. */ + Entropy_StopThread(); +#endif + + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { + /* Unlock mutex now we are done. */ + wc_UnLockMutex(&entropy_mutex); + } + + return ret; +} + +/* Performs on-demand testing. + * + * In threaded environment, locks out other threads from getting entropy. + * + * @return 0 on success. + * @return ENTROPY_RT_E or ENTROPY_APT_E on failure. + * @return BAD_MUTEX_E when unable to lock mutex. + */ +int wc_Entropy_OnDemandTest(void) +{ + int ret = 0; + + /* Lock the mutex as we don't want collecting to happen during testing. */ + if (wc_LockMutex(&entropy_mutex) != 0) { + ret = BAD_MUTEX_E; + } + + if (ret == 0) { + /* Perform startup tests. */ + ret = Entropy_HealthTest_Startup(); + } + + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { + /* Unlock mutex now we are done. */ + wc_UnLockMutex(&entropy_mutex); + } + return ret; +} + +/* Initialize global state for MemUse Entropy and do startup health test. + * + * @return 0 on success. + * @return Negative on failure. + */ +int Entropy_Init(void) +{ + int ret = 0; + + /* Check whether initialization has succeeded before. */ + if (!entropy_memuse_initialized) { + #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + ret = wc_InitMutex(&entropy_mutex); + #endif + if (ret == 0) + ret = wc_LockMutex(&entropy_mutex); + + if (entropy_memuse_initialized) { + /* Short circuit return -- a competing thread initialized the state + * while we were waiting. Note, this is only threadsafe when + * WOLFSSL_MUTEX_INITIALIZER is defined. + */ + if (ret == 0) + wc_UnLockMutex(&entropy_mutex); + return 0; + } + + if (ret == 0) { + /* Initialize a SHA3-256 object for use in entropy operations. */ + ret = wc_InitSha3_256(&entropyHash, NULL, INVALID_DEVID); + } + /* Set globals initialized. */ + entropy_memuse_initialized = (ret == 0); + if (ret == 0) { + #ifdef ENTROPY_MEMUSE_THREADED + /* Start the counter thread as a proxy for time counter. */ + ret = Entropy_StartThread(); + if (ret == 0) + #endif + { + /* Do first startup test now. */ + ret = Entropy_HealthTest_Startup(); + } + #ifdef ENTROPY_MEMUSE_THREADED + /* Stop the counter thread to avoid thrashing the system. */ + Entropy_StopThread(); + #endif + } + + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) { + wc_UnLockMutex(&entropy_mutex); + } + } + + return ret; +} + +/* Finalize the data associated with the MemUse Entropy source. + */ +void Entropy_Final(void) +{ + /* Only finalize when initialized. */ + if (entropy_memuse_initialized) { + /* Dispose of the SHA3-356 hash object. */ + wc_Sha3_256_Free(&entropyHash); + #if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + wc_FreeMutex(&entropy_mutex); + #endif + /* Clear health test data. */ + Entropy_HealthTest_Reset(); + /* No longer initialized. */ + entropy_memuse_initialized = 0; + } +} + +/* Reset the data associated with the MemUse Entropy health tests. + */ +static void Entropy_HealthTest_Reset(void) +{ + Entropy_HealthTest_Repetition_Reset(); + Entropy_HealthTest_Proportion_Reset(); +} + +#endif /* HAVE_ENTROPY_MEMUSE */ + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfevent.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfevent.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfevent.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfevent.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfevent.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfmath.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfmath.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/src/wolfmath.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/src/wolfmath.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfmath.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,9 +43,12 @@ #if !defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH) -#if !defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) +#if (!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) /* all off / all on pointer addresses for constant calculations */ /* ecc.c uses same table */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -58,3 +58,185 @@ If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the test project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project). This solution includes the wolfSSL library project at `wolfssl.vcxproj` and will compile the library, then the test project. + +-------- + +Jan 2026 - Reviewing the older FIPS compliant CRNGT test specified in FIPS 140-2 +ss 4.9.2 vs the newer replacement tests RCT/ADP that are allowed to replace the +CRNGT under the new FIPS 140-3 / ISO 19790 standard. + +================================================================================ +DRBG Continuous Health Test Statistical Analysis & Diagnostic Report +================================================================================ + +OVERVIEW +-------- +This document describes the statistical false positive behavior of the DRBG +continuous health test in wc_RNG_TestSeed() and provides diagnostic tools to +distinguish between: + 1. Statistical false positives (expected behavior) + 2. Entropy source depletion (under heavy concurrent load) + 3. Actual stuck entropy source (hardware failure) + + +BACKGROUND: THE ISSUE +--------------------- +The DRBG was experiencing high volumes of (DRBG_CONT_FIPS_E) on wc_InitRng() +calls. + +Example error: + ERROR: wc_InitRng failed at iteration 330788 with code -209 + +This raises the question: Is this a bug in wc_RNG_TestSeed() or expected +statistical behavior? + + +STATISTICAL ANALYSIS +-------------------- + +The wc_RNG_TestSeed() Function Behavior: + - Compares ALL consecutive SEED_BLOCK_SZ chunks in the seed buffer + - With FIPS mode (typical configuration): + SEED_SZ = 256 * 4 / 8 = 128 bytes (1024-bits) + SEED_BLOCK_SZ = 4 bytes (default) (32-bits) + seedSz passed to test = 132 bytes (SEED_SZ + SEED_BLOCK_SZ) + Number of comparisons = ~32 consecutive block pairs + +False Positive Probability Calculation: + - Probability one 4-byte block equals another random 4-byte block: 1/2^32 + - With 32 comparisons per seed: 32/2^32 ≈ 1 in 134 million per wc_InitRng() + +Test Configuration (Default): + - 40 threads × 100M iterations = 4 BILLION total wc_InitRng() calls + - Expected false positives: 4,000,000,000 × (32/2^32) ≈ 30 failures + +Conclusion: + Seeing failures around 1 in 30-140 million is EXPECTED STATISTICAL BEHAVIOR. + Under heavy concurrent load (40 threads), entropy source + depletion can also cause legitimate failures. + + +TESTING IT +-------------------- + +Non-FIPS: + + ./configure CFLAGS="-DWC_RNG_SEED_DEBUG -DREALLY_LONG_DRBG_CONTINUOUS_TEST" + make + ./wolfcrypt/test/testwolfcrypt + +FIPS: + + ./configure --enable-fips= CFLAGS="-DWC_RNG_SEED_DEBUG -DREALLY_LONG_DRBG_CONTINUOUS_TEST" + make + ./fips-hash.sh + make + ./wolfcrypt/test/testwolfcrypt + + +OUTPUTS EXPECTED +-------------------- + +Non-FIPS: + + Math: Multi-Precision: Wolf(SP) word-size=64 bits=4096 sp_int.c + ------------------------------------------------------------------------------ + wolfSSL version 5.8.4 + ------------------------------------------------------------------------------ + macro test passed! + error test passed! + MEMORY test passed! + base64 test passed! + asn test passed! + MD5 test passed! + SHA test passed! + SHA-224 test passed! + SHA-256 test passed! + SHA-384 test passed! + SHA-512 test passed! + SHA-512/224 test passed! + SHA-512/256 test passed! + SHA-3 test passed! + RNG Entropy Source: getrandom() syscall + =============================================== + DRBG Continuous Test Validation Suite + =============================================== + FIPS Build: NO + + --- Test 1: Basic RNG Functionality --- + Generated 32 random bytes successfully + [PASS] Basic RNG Functionality + + --- Test 2: Multiple RNG Instances --- + Successfully operated 100 RNG instances concurrently + [PASS] Multiple RNG Instances + + --- Test 3: FIPS Status Check --- + SKIPPED: FIPS not enabled + [PASS] FIPS Status Check + + --- Test 4: RNG ReInit Test (multi-threaded) --- + Configuration: 40 threads × 100000000 iterations = 4000000000 total + Test Profile: Default (Aggressive multi-threaded) + Expected statistical false positive rate: ~29.80 failures + Duplicate block at offset 4: + Block 1: E6 E9 D1 7B + Block 2: E6 E9 D1 7B + Full seed buffer (52 bytes): + DA 93 B7 88 E6 E9 D1 7B E6 E9 D1 7B A5 4C C9 E9 + 13 EE D8 4C B3 C1 71 DE 32 37 17 F2 E7 A4 29 7D + 9B 02 B0 0C EC 8D AC F5 DA B1 71 05 84 C0 61 75 + 59 6D 87 B5 + ERROR: wc_InitRng failed at iteration 778551 with code -209 + ERROR: wc_RNG_GenerateBlock failed at iteration 778551 with code -199 +... + (18 other failures truncated here for brevity) +... + Duplicate block at offset 16: + Block 1: C1 19 37 B1 + Block 2: C1 19 37 B1 + Full seed buffer (52 bytes): + 62 66 5B D2 F5 54 47 9B 59 DD 0A 55 4B 52 8C 39 + C1 19 37 B1 C1 19 37 B1 3F 62 CB 2E FE 56 65 4D + 4F 0C A7 7D 1C 09 48 51 30 1B CA 00 56 9F 29 A7 + E3 93 EF 8E + ERROR: wc_InitRng failed at iteration 90467867 with code -209 + ERROR: wc_RNG_GenerateBlock failed at iteration 90467867 with code -199 + Thread 0 Succeeded +... + 38 other thread results truncated here for brevity (all threads succeeded + even though they experienced 1 or 2 failures in several of the threads) +... + Thread 39 Succeeded + Reinitialized RNG 4000000000 times across 40 threads + Experienced 0 thread failures and 40 thread successes + 20/4000000000 API calls failed <--- This is the bread and the butter of the + test, we unfortunately expect to see + ~29.80 failures, prior to the newer FIPS + 140-3 RCT and ADP tests the CRNGT was + required. Now the CRNGT is replaceable + by the more mathematically robust + RCT/ADP. + [PASS] RNG Reinitialization + + + +TESTING RESULTS with the CRNGT test: +-------------------- + +Old implementation non-FIPS: + Run 1 - 6 failures in 4 billion runs (100M per thread, 40 threads) + Run 2 - 11 failures in 4 billion (100M per thread, 40 threads) + Run 3 - 13 failures in 4 billion (100M per thread, 40 threads) + +Old implementation with FIPS: +(keeping in mind just a single failure means catastrophic +failure for the entire module until power cycled): + Run 1 - 3990118689 failures in 4 billion API calls (yikes) + +TESTING RESULTS with the RCT/ADP tests in place of the CRNGT test: + +New implementation non-FIPS: 4 billion successes +New implementation FIPS: 4 billion successes + + diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test.c mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -43,10 +43,6 @@ #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS #endif -#ifdef WOLFSSL_ASYNC_CRYPT - #define WOLFSSL_SMALL_STACK -#endif - #if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS) #include @@ -313,6 +309,17 @@ #endif #endif /* !WOLFSSL_LOG_PRINTF */ +#define TestDumpData(name, data, len) do { \ + int _i; \ + WOLFSSL_DEBUG_PRINTF("%s: %d bytes\n", name, (int)(len)); \ + for (_i = 0; _i < (int)(len); _i++) { \ + WOLFSSL_DEBUG_PRINTF("0x%02x,", ((byte*)(data))[_i]); \ + if ((_i & 7) == 7) WOLFSSL_DEBUG_PRINTF("\n"); \ + else WOLFSSL_DEBUG_PRINTF(" "); \ + } \ + if ((_i & 7) != 0) WOLFSSL_DEBUG_PRINTF("\n"); \ +} while(0) + #include #include #include @@ -329,6 +336,9 @@ #include #if !defined(WC_NO_RNG) #include + #ifdef WC_RNG_BANK_SUPPORT + #include + #endif #endif #include #include @@ -403,13 +413,16 @@ #include #endif #endif +#if defined(WOLFSSL_HAVE_SLHDSA) + #include +#endif #ifdef WOLFCRYPT_HAVE_ECCSI #include #endif #ifdef WOLFCRYPT_HAVE_SAKKE #include #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) #include #endif #ifdef WOLFSSL_SHA3 @@ -568,6 +581,8 @@ #define WOLFSSL_TEST_SUBROUTINE #endif +#ifndef WC_TEST_EXPORT_SUBTESTS + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); @@ -626,8 +641,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ - defined(WOLFSSL_AES_256) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); #endif #ifdef WC_SRTP_KDF @@ -691,12 +708,15 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); #ifndef WC_NO_RNG WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); +#ifdef WC_RNG_BANK_SUPPORT +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void); +#endif #endif /* WC_NO_RNG */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); #if defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_PKCS12) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ - !defined(NO_CERTS) && !defined(NO_DES3) + !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); #endif WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); @@ -766,17 +786,22 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); #endif #endif +#if defined(WOLFSSL_HAVE_SLHDSA) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t slhdsa_test(void); +#endif #ifdef WOLFCRYPT_HAVE_ECCSI WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void); #endif #ifdef WOLFCRYPT_HAVE_SAKKE WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void); #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_hmac_test(void); #endif #ifdef HAVE_BLAKE2S WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_hmac_test(void); #endif #ifdef HAVE_LIBZ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void); @@ -801,6 +826,7 @@ #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ !defined(NO_FILESYSTEM) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); +static wc_test_ret_t fill_signer_twice_test(void); #endif #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) @@ -861,6 +887,23 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void); #endif /* WOLFSSL_AES_EAX */ +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + #ifdef WOLFSSL_PTHREADS + #include + #include + #endif + /* Prototypes */ + void print_result(const char* test_name, int passed, int *all_passed); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_basic_rng(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_multiple_rngs(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_stress_rng(unsigned long iterations); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_fips_status(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t drbg_continuous_main(void); +#endif + +#endif /* !WC_TEST_EXPORT_SUBTESTS */ + /* General big buffer size for many tests. */ #define FOURK_BUF 4096 @@ -1004,9 +1047,15 @@ /* Kernel modules implement and install their own FIPS callback with similar * functionality. */ +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + int only_run_cb_once = 1; +#endif #if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE) static void myFipsCb(int ok, int err, const char* hash) { +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + if (only_run_cb_once == 1) { +#endif printf("in my Fips callback, ok = %d, err = %d\n", ok, err); printf("message = %s\n", wc_GetErrorString(err)); printf("hash = %s\n", hash); @@ -1015,6 +1064,14 @@ printf("In core integrity hash check failure, copy above hash\n"); printf("into verifyCore[] in fips_test.c and rebuild\n"); } +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + only_run_cb_once = 0; + } else { + (void) ok; + (void) err; + (void) hash; + } +#endif } #endif /* HAVE_FIPS && !WOLFSSL_KERNEL_MODE */ @@ -2137,6 +2194,12 @@ TEST_FAIL("RANDOM test failed!\n", ret); else TEST_PASS("RANDOM test passed!\n"); +#ifdef WC_RNG_BANK_SUPPORT + if ((ret = random_bank_test()) != 0) + TEST_FAIL("RNGBANK test failed!\n", ret); + else + TEST_PASS("RNGBANK test passed!\n"); +#endif #endif /* WC_NO_RNG */ #ifdef WOLFSSL_SHAKE128 @@ -2174,17 +2237,25 @@ TEST_PASS("RIPEMD test passed!\n"); #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B if ( (ret = blake2b_test()) != 0) TEST_FAIL("BLAKE2b test failed!\n", ret); else TEST_PASS("BLAKE2b test passed!\n"); + if ( (ret = blake2b_hmac_test()) != 0) + TEST_FAIL("HMAC-BLAKE2b test failed!\n", ret); + else + TEST_PASS("HMAC-BLAKE2b test passed!\n"); #endif #ifdef HAVE_BLAKE2S if ( (ret = blake2s_test()) != 0) TEST_FAIL("BLAKE2s test failed!\n", ret); else TEST_PASS("BLAKE2s test passed!\n"); + if ( (ret = blake2s_hmac_test()) != 0) + TEST_FAIL("HMAC-BLAKE2s test failed!\n", ret); + else + TEST_PASS("HMAC-BLAKE2s test passed!\n"); #endif #ifndef NO_HMAC @@ -2296,8 +2367,10 @@ TEST_PASS("X963-KDF test passed!\n"); #endif -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ - defined(WOLFSSL_AES_256) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) PRIVATE_KEY_UNLOCK(); if ( (ret = hpke_test()) != 0) TEST_FAIL("HPKE test failed!\n", ret); @@ -2601,7 +2674,7 @@ #if defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_PKCS12) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ - !defined(NO_CERTS) && !defined(NO_DES3) + !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA) if ( (ret = pkcs12_test()) != 0) TEST_FAIL("PKCS12 test failed!\n", ret); else @@ -2669,6 +2742,11 @@ TEST_FAIL("CERT test failed!\n", ret); else TEST_PASS("CERT test passed!\n"); + + if ( (ret = fill_signer_twice_test()) != 0) + TEST_FAIL("FILL SIGNER test failed!\n", ret); + else + TEST_PASS("FILL SIGNER test passed!\n"); #endif #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ @@ -2768,6 +2846,13 @@ #endif #endif /* if defined(WOLFSSL_HAVE_LMS) */ +#if defined(WOLFSSL_HAVE_SLHDSA) + if ( (ret = slhdsa_test()) != 0) + TEST_FAIL("SLH-DSA test failed!\n", ret); + else + TEST_PASS("SLH-DSA test passed!\n"); +#endif /* if defined(WOLFSSL_HAVE_SLHDSA) */ + #ifdef WOLFCRYPT_HAVE_ECCSI if ( (ret = eccsi_test()) != 0) TEST_FAIL("ECCSI test failed!\n", ret); @@ -3055,9 +3140,19 @@ args.argc = argc; args.argv = argv; #endif + +#if defined(HAVE_FIPS) && defined(HAVE_ENTROPY_MEMUSE) && \ + !defined(WOLFSSL_KERNEL_MODE) + /* wolfEntropy's Entropy_Init() calls wc_InitSha3_256(), which + * ultimately fails if the FIPS integrity hash is wrong. + */ + wolfCrypt_SetCb_fips(myFipsCb); +#endif + if ((ret = wolfCrypt_Init()) != 0) { printf("wolfCrypt_Init failed %d\n", (int)ret); - err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret)); + args.return_code = WC_TEST_RET_ENC_EC(ret); + err_sys("Error with wolfCrypt_Init!\n", args.return_code); } #ifdef HAVE_WC_INTROSPECTION @@ -3074,13 +3169,16 @@ if ((ret = wolfCrypt_Cleanup()) != 0) { printf("wolfCrypt_Cleanup failed %d\n", (int)ret); - err_sys("Error with wolfCrypt_Cleanup!\n", WC_TEST_RET_ENC_EC(ret)); + args.return_code = WC_TEST_RET_ENC_EC(ret); + err_sys("Error with wolfCrypt_Cleanup!\n", args.return_code); } #ifdef HAVE_WNR - if ((ret = wc_FreeNetRandom()) < 0) + if ((ret = wc_FreeNetRandom()) < 0) { + args.return_code = WC_TEST_RET_ENC_EC(ret); err_sys("Failed to free netRandom context", - WC_TEST_RET_ENC_EC(ret)); + args.return_code); + } #endif /* HAVE_WNR */ #ifdef DOLPHIN_EMULATOR /* Returning from main panics the emulator. Just hang @@ -3102,6 +3200,14 @@ } #endif +#ifdef WOLFSSL_TRACK_MEMORY + if (wc_MemStats_Ptr && (wc_MemStats_Ptr->currentBytes > 0) && + (args.return_code == 0)) + { + args.return_code = WC_TEST_RET_ENC_EC(MEMORY_E); + } +#endif + #if defined(WOLFSSL_ESPIDF) /* ESP_LOGI to print takes up a lot less memory than printf */ ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n", @@ -3576,7 +3682,7 @@ { const char* errStr; char out[WOLFSSL_MAX_ERROR_SZ]; /* test fails if too small, < 64 */ - const char* unknownStr = wc_GetErrorString(0); + const char* unknownStr = wc_GetErrorString((int)WC_LAST_E - 1); #ifdef NO_ERROR_STRINGS /* Ensure a valid error code's string matches an invalid code's. @@ -4261,6 +4367,30 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Md5Free(&md5); + ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Md5Update(&md5Copy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Md5Copy(&md5, &md5Copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Md5Final(&md5Copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + exit: wc_Md5Free(&md5); @@ -4472,6 +4602,32 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */ + wc_ShaFree(&sha); + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_ShaUpdate(&shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_ShaCopy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_ShaFinal(&shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_ShaFree(&sha); @@ -4550,8 +4706,7 @@ #endif /* WOLFSSL_RIPEMD */ -#ifdef HAVE_BLAKE2 - +#ifdef HAVE_BLAKE2B #define BLAKE2B_TESTS 3 @@ -4622,10 +4777,97 @@ return 0; } -#endif /* HAVE_BLAKE2 */ -#ifdef HAVE_BLAKE2S +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_hmac_test(void) +{ + static const byte key1[] = {0x41, 0x42, 0x43, 0x44}; /* ABCD */ + static const byte message1[] = {0x48, 0x65, 0x6c, 0x6c, 0x6f}; /* Hello */ + static const byte expected1[] = { + 0x46, 0x76, 0xbb, 0x0e, 0xf8, 0xa1, 0x56, 0x33, + 0xde, 0xdc, 0x44, 0xe3, 0x2b, 0xf3, 0xee, 0x5b, + 0x5f, 0x7f, 0x04, 0x00, 0x2c, 0xaa, 0xd4, 0x93, + 0xc6, 0xa6, 0xb4, 0xf3, 0x14, 0x8d, 0x6d, 0x9c, + 0x6a, 0x12, 0x02, 0x85, 0x66, 0xed, 0x9b, 0x5d, + 0x8d, 0x0e, 0x3d, 0xf4, 0x78, 0xee, 0x5a, 0xf6, + 0x2f, 0x97, 0xa5, 0x77, 0x88, 0x8c, 0xc4, 0x66, + 0x46, 0xb1, 0xba, 0x51, 0x29, 0x19, 0xd7, 0xaa, + }; + static const byte key2[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33 + }; /* 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123 */ + static const byte message2[] = { + 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + }; /* abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq */ + static const byte expected2[] = { + 0x2a, 0xda, 0xf6, 0x94, 0x79, 0xce, 0xe2, 0xd2, + 0x5d, 0x89, 0x8b, 0xd7, 0x0d, 0xbc, 0x11, 0x1f, + 0x98, 0x99, 0xe0, 0x17, 0x7c, 0x5b, 0x8f, 0x94, + 0xf5, 0x95, 0xbc, 0x1b, 0xb1, 0x95, 0xe8, 0x60, + 0xbb, 0x29, 0xa4, 0xd9, 0x27, 0x2e, 0x00, 0xea, + 0xba, 0xc3, 0x3e, 0xe6, 0x9c, 0xc7, 0xd7, 0x8d, + 0x69, 0xc7, 0xb4, 0xf7, 0x31, 0x4a, 0xb1, 0xf0, + 0x3c, 0xed, 0x06, 0x49, 0x6f, 0x46, 0x99, 0xea, + }; + + byte out[BLAKE2B_OUTBYTES]; + int ret; + Blake2b b2b; + + ret = wc_Blake2bHmac(message1, sizeof(message1), + key1, sizeof(key1), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(out, expected1, sizeof(out)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Blake2bHmac(message2, sizeof(message2), + key2, sizeof(key2), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(out, expected2, sizeof(out)) != 0) + return WC_TEST_RET_ENC_NC; + ret = wc_Blake2bHmacInit(&b2b, key1, sizeof(key1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacUpdate(&b2b, message1, sizeof(message1) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacUpdate(&b2b, &message1[sizeof(message1) / 2U], sizeof(message1) - sizeof(message1) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacFinal(&b2b, key1, sizeof(key1), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Blake2bHmacInit(&b2b, key2, sizeof(key2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacUpdate(&b2b, message2, sizeof(message2) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacUpdate(&b2b, &message2[sizeof(message2) / 2U], sizeof(message2) - sizeof(message2) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2bHmacFinal(&b2b, key2, sizeof(key2), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* HAVE_BLAKE2B */ + + +#ifdef HAVE_BLAKE2S #define BLAKE2S_TESTS 3 @@ -4684,6 +4926,82 @@ return 0; } + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_hmac_test(void) +{ + static const byte key1[] = {0x41, 0x42, 0x43, 0x44}; /* ABCD */ + static const byte message1[] = {0x48, 0x65, 0x6c, 0x6c, 0x6f}; /* Hello */ + static const byte expected1[] = { + 0x96, 0xca, 0x1d, 0xaa, 0x9a, 0x33, 0x97, 0x3d, + 0xc5, 0x95, 0x3e, 0xce, 0x49, 0x93, 0x75, 0xc1, + 0x2a, 0x7c, 0x8f, 0x5b, 0xf0, 0x28, 0xef, 0xc3, + 0xfb, 0xc5, 0x97, 0xcd, 0xcc, 0x74, 0x44, 0x68, + }; + static const byte key2[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33 + }; /* 0123456789ABCDEF0123456789ABCDEF0123 */ + static const byte message2[] = { + 0x61, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + }; /* abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq */ + static const byte expected2[] = { + 0xc4, 0x63, 0xdb, 0x28, 0x97, 0x60, 0x6a, 0xa7, + 0x1e, 0xe6, 0xcf, 0x93, 0x85, 0x3c, 0x90, 0x71, + 0xea, 0x76, 0x7f, 0x6a, 0xa7, 0x20, 0x80, 0x35, + 0xe1, 0x68, 0x95, 0xfe, 0x65, 0x65, 0x43, 0x76, + }; + + byte out[BLAKE2S_OUTBYTES]; + int ret; + Blake2s b2s; + + ret = wc_Blake2sHmac(message1, sizeof(message1), + key1, sizeof(key1), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(out, expected1, sizeof(out)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Blake2sHmac(message2, sizeof(message2), + key2, sizeof(key2), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(out, expected2, sizeof(out)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Blake2sHmacInit(&b2s, key1, sizeof(key1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacUpdate(&b2s, message1, sizeof(message1) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacUpdate(&b2s, &message1[sizeof(message1) / 2U], sizeof(message1) - sizeof(message1) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacFinal(&b2s, key1, sizeof(key1), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Blake2sHmacInit(&b2s, key2, sizeof(key2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacUpdate(&b2s, message2, sizeof(message2) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacUpdate(&b2s, &message2[sizeof(message2) / 2U], sizeof(message2) - sizeof(message2) / 2U); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Blake2sHmacFinal(&b2s, key2, sizeof(key2), out, sizeof(out)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} #endif /* HAVE_BLAKE2S */ @@ -4725,11 +5043,7 @@ ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha224Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); for (i = 0; i < times; ++i) { ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, @@ -4753,6 +5067,32 @@ ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); } +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */ + wc_Sha224Free(&sha); + ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha224Update(&shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha224Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha224Final(&shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha224Free(&sha); wc_Sha224Free(&shaCopy); @@ -4837,18 +5177,9 @@ return WC_TEST_RET_ENC_EC(ret); #endif - ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha256Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); #ifndef NO_WOLFSSL_SHA256_INTERLEAVE - ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha256Free(&sha); - wc_Sha256Free(&i_sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&i_shaCopy, 0, sizeof(i_shaCopy)); #endif for (i = 0; i < times; ++i) { @@ -4986,6 +5317,32 @@ } #endif +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */ + wc_Sha256Free(&sha); + ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha256Update(&shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha256Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha256Final(&shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK) @@ -5076,18 +5433,9 @@ return WC_TEST_RET_ENC_EC(ret); #endif - ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); #ifndef NO_WOLFSSL_SHA512_INTERLEAVE - ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512Free(&sha); - wc_Sha512Free(&i_sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&i_shaCopy, 0, sizeof(i_shaCopy)); #endif for (i = 0; i < times; ++i) { @@ -5204,12 +5552,40 @@ if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); ret = wc_Sha512Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); } #endif } /* END LARGE HASH TEST */ #undef LARGE_HASH_TEST_INPUT_SZ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */ + wc_Sha512Free(&sha); + ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512Update(&shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512Final(&shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: #if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK) @@ -5287,11 +5663,7 @@ ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512_224Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); for (i = 0; i < times; ++i) { ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input, @@ -5440,11 +5812,7 @@ ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha512_256Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); for (i = 0; i < times; ++i) { ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input, @@ -5577,11 +5945,8 @@ ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); if (ret != 0) return WC_TEST_RET_ENC_EC(ret); - ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); - if (ret != 0) { - wc_Sha384Free(&sha); - return WC_TEST_RET_ENC_EC(ret); - } + + XMEMSET(&shaCopy, 0, sizeof(shaCopy)); for (i = 0; i < times; ++i) { ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, @@ -5642,6 +6007,32 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., msg buffer, W cache). Detectable by valgrind/ASAN. */ + wc_Sha384Free(&sha); + ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha384Update(&shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha384Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha384Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha384Final(&shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha384Free(&sha); @@ -5656,6 +6047,9 @@ static wc_test_ret_t sha3_224_test(void) { wc_Sha3 sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Sha3 structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); byte hash[WC_SHA3_224_DIGEST_SIZE]; byte hashcopy[WC_SHA3_224_DIGEST_SIZE]; @@ -5664,6 +6058,11 @@ wc_test_ret_t ret = 0; int times = sizeof(test_sha) / sizeof(struct testVector), i; + WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); + XMEMSET(shaCopy, 0, sizeof(*shaCopy)); + a.input = ""; a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1" "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"; @@ -5687,8 +6086,10 @@ test_sha[2] = c; ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + if (ret != 0) { + XMEMSET(&sha, 0, sizeof(sha)); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } for (i = 0; i < times; ++i) { ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, @@ -5733,8 +6134,36 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Sha3_224_Free(&sha); + ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha3_224(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_224_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_224_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_224_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_224_Final(shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha3_224_Free(&sha); + wc_Sha3_224_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); return ret; } @@ -5744,6 +6173,9 @@ static wc_test_ret_t sha3_256_test(void) { wc_Sha3 sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Sha3 structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); byte hash[WC_SHA3_256_DIGEST_SIZE]; byte hashcopy[WC_SHA3_256_DIGEST_SIZE]; @@ -5764,6 +6196,10 @@ "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; #endif + WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); + /* ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf */ @@ -5793,8 +6229,10 @@ test_sha[2] = c; ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); - if (ret != 0) + if (ret != 0) { + WC_FREE_VAR(shaCopy, HEAP_HINT); return WC_TEST_RET_ENC_EC(ret); + } for (i = 0; i < times; ++i) { ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, @@ -5854,8 +6292,36 @@ } #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Sha3_256_Free(&sha); + ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha3_256(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_256_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_256_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_256_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_256_Final(shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha3_256_Free(&sha); + wc_Sha3_256_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); return ret; } @@ -5865,6 +6331,9 @@ static wc_test_ret_t sha3_384_test(void) { wc_Sha3 sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Sha3 structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); byte hash[WC_SHA3_384_DIGEST_SIZE]; byte buf[64]; #ifndef NO_INTM_HASH_TEST @@ -5876,6 +6345,10 @@ wc_test_ret_t ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; + WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); + /* ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf */ @@ -5923,8 +6396,10 @@ test_sha[2] = c; ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); - if (ret != 0) + if (ret != 0) { + WC_FREE_VAR(shaCopy, HEAP_HINT); return WC_TEST_RET_ENC_EC(ret); + } for (i = 0; i < times; ++i) { XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen); @@ -5975,8 +6450,36 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Sha3_384_Free(&sha); + ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha3_384(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_384_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_384_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_384_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_384_Final(shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha3_384_Free(&sha); + wc_Sha3_384_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); return ret; } @@ -5986,6 +6489,9 @@ static wc_test_ret_t sha3_512_test(void) { wc_Sha3 sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Sha3 structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); byte hash[WC_SHA3_512_DIGEST_SIZE]; byte hashcopy[WC_SHA3_512_DIGEST_SIZE]; @@ -5994,6 +6500,10 @@ wc_test_ret_t ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; + WC_ALLOC_VAR(shaCopy, wc_Sha3, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); + /* ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf */ @@ -6029,8 +6539,10 @@ test_sha[2] = c; ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); - if (ret != 0) + if (ret != 0) { + WC_FREE_VAR(shaCopy, HEAP_HINT); return WC_TEST_RET_ENC_EC(ret); + } for (i = 0; i < times; ++i) { ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, @@ -6077,8 +6589,36 @@ } /* END LARGE HASH TEST */ #endif /* NO_LARGE_HASH_TEST */ +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Sha3_512_Free(&sha); + ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitSha3_512(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_512_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_512_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_512_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha3_512_Final(shaCopy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Sha3_512_Free(&sha); + wc_Sha3_512_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); return ret; } @@ -6301,6 +6841,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void) { wc_Shake sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Shake structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Shake, 1, HEAP_HINT); byte hash[250]; testVector a, b, c, d, e; @@ -6325,6 +6868,9 @@ "\xfa\x1b"; WOLFSSL_ENTER("shake128_test"); + WC_ALLOC_VAR(shaCopy, wc_Shake, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); /* ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf @@ -6412,8 +6958,10 @@ test_sha[4] = e; ret = wc_InitShake128(&sha, HEAP_HINT, devId); - if (ret != 0) + if (ret != 0) { + WC_FREE_VAR(shaCopy, HEAP_HINT); return WC_TEST_RET_ENC_EC(ret); + } for (i = 0; i < times; ++i) { ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input, @@ -6456,9 +7004,39 @@ #endif /* NO_LARGE_HASH_TEST */ ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ); + if (ret != 0) + ERROR_OUT(ret, exit); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Shake128_Free(&sha); + ret = wc_InitShake128(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitShake128(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake128_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake128_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake128_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake128_Final(shaCopy, hash, (word32)a.outLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, a.outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ exit: wc_Shake128_Free(&sha); + wc_Shake128_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -6641,6 +7219,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void) { wc_Shake sha; + /* Heap-allocated when WOLFSSL_SMALL_STACK to avoid exceeding stack frame + * limit with two wc_Shake structs on the stack. */ + WC_DECLARE_VAR(shaCopy, wc_Shake, 1, HEAP_HINT); byte hash[250]; testVector a, b, c, d, e; @@ -6665,6 +7246,11 @@ "\xea\x26"; WOLFSSL_ENTER("shake256_test"); + + WC_ALLOC_VAR(shaCopy, wc_Shake, 1, HEAP_HINT); + if (!WC_VAR_OK(shaCopy)) + return WC_TEST_RET_ENC_EC(MEMORY_E); + /* ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf */ @@ -6751,8 +7337,10 @@ test_sha[4] = e; ret = wc_InitShake256(&sha, HEAP_HINT, devId); - if (ret != 0) + if (ret != 0) { + WC_FREE_VAR(shaCopy, HEAP_HINT); return WC_TEST_RET_ENC_EC(ret); + } for (i = 0; i < times; ++i) { ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input, @@ -6795,8 +7383,39 @@ #endif /* NO_LARGE_HASH_TEST */ ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ); + if (ret != 0) + ERROR_OUT(ret, exit); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7, 0)) + /* Copy cleanup test: verify Copy into a previously-used dst does not leak + * resources (e.g., hardware contexts). Detectable by valgrind/ASAN. */ + wc_Shake256_Free(&sha); + ret = wc_InitShake256(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_InitShake256(shaCopy, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake256_Update(shaCopy, (byte*)b.input, (word32)b.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake256_Update(&sha, (byte*)a.input, (word32)a.inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake256_Copy(&sha, shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake256_Final(shaCopy, hash, (word32)a.outLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, a.output, a.outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION_GE(7, 0)) */ + exit: wc_Shake256_Free(&sha); + wc_Shake256_Free(shaCopy); + WC_FREE_VAR(shaCopy, HEAP_HINT); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -7028,11 +7647,25 @@ #endif WC_HASH_TYPE_NONE }; - enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, - WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; - enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, - WC_HASH_TYPE_BLAKE2B, - WC_HASH_TYPE_NONE }; + int typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MAX + 1 }; + + enum wc_HashType typesHashBad[] = { +#ifndef WOLFSSL_MD2 + WC_HASH_TYPE_MD2, +#endif +#ifdef NO_MD4 + WC_HASH_TYPE_MD4, +#endif +#if defined(NO_MD5) || defined(NO_SHA) + WC_HASH_TYPE_MD5_SHA, +#endif +#if !defined(HAVE_BLAKE2B) + WC_HASH_TYPE_BLAKE2B, +#endif +#if !defined(HAVE_BLAKE2S) + WC_HASH_TYPE_BLAKE2S, +#endif + WC_HASH_TYPE_NONE }; WOLFSSL_ENTER("hash_test"); @@ -7086,17 +7719,17 @@ if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } - ret = wc_HashInit(hash, typesBad[i]); + ret = wc_HashInit(hash, (enum wc_HashType)typesBad[i]); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data)); + ret = wc_HashUpdate(hash, (enum wc_HashType)typesBad[i], data, sizeof(data)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_HashFinal(hash, typesBad[i], out); + ret = wc_HashFinal(hash, (enum wc_HashType)typesBad[i], out); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - ret = wc_HashFree(hash, typesBad[i]); + ret = wc_HashFree(hash, (enum wc_HashType)typesBad[i]); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); @@ -7140,17 +7773,20 @@ if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(BAD_FUNC_ARG), out); } -#endif +#else ret = wc_HashInit(hash, typesGood[i]); if (ret != exp_ret) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data)); if (ret != exp_ret) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); ret = wc_HashFinal(hash, typesGood[i], out); if (ret != exp_ret) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); - wc_HashFree(hash, typesGood[i]); + ret = wc_HashFree(hash, typesGood[i]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); digestSz = wc_HashGetDigestSize(typesGood[i]); if (exp_ret == 0 && digestSz < 0) @@ -7230,7 +7866,7 @@ #endif ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); -#ifndef NO_MD5 +#if !defined(NO_MD5) && !defined(NO_SHA) if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { @@ -7241,7 +7877,7 @@ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif ret = wc_HashGetOID(WC_HASH_TYPE_MD4); - if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HashGetOID(WC_HASH_TYPE_NONE); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) @@ -7308,9 +7944,43 @@ if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD5_SHA); +#if !defined(NO_MD5) && !defined(NO_SHA) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2S); +#if defined(HAVE_BLAKE2S) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2S); +#if defined(HAVE_BLAKE2S) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { @@ -7321,7 +7991,7 @@ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { @@ -7398,6 +8068,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_MD5_DIGEST_SIZE]; const char* keys[]= @@ -7415,7 +8088,7 @@ testVector a, b, c, d; testVector test_hmac[4]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_md5_test"); @@ -7453,6 +8126,12 @@ test_hmac[2] = c; test_hmac[3] = d; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) { @@ -7462,32 +8141,65 @@ ret = wc_HmacInit(&hmac, HEAP_HINT, devId); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) - if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE) - return WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + ret = 0; + } #endif - return 0; + return ret; } #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */ @@ -7495,6 +8207,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA_DIGEST_SIZE]; const char* keys[]= @@ -7514,7 +8229,7 @@ testVector a, b, c, d; testVector test_hmac[4]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; #if FIPS_VERSION3_GE(6,0,0) @@ -7556,6 +8271,12 @@ test_hmac[2] = c; test_hmac[3] = d; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) if (i == 1) @@ -7563,41 +8284,74 @@ #endif if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], (word32)XSTRLEN(keys[i])); #if FIPS_VERSION3_GE(6,0,0) if (i == 1) { if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); /* Now use the ex and allow short keys with FIPS option */ ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i], (word32)XSTRLEN(keys[i]), allowShortKeyWithFips); } #endif if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) - if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE) - return WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + ret = 0; + } #endif - return 0; + return ret; } #endif @@ -7606,6 +8360,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA224_DIGEST_SIZE]; const char* keys[]= @@ -7629,7 +8386,7 @@ testVector a, b, c, d; testVector test_hmac[4]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha224_test"); @@ -7665,6 +8422,12 @@ test_hmac[2] = c; test_hmac[3] = d; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) @@ -7672,32 +8435,65 @@ #endif if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) - if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE) - return WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + ret = 0; + } #endif - return 0; + return ret; } #endif @@ -7706,6 +8502,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA256_DIGEST_SIZE]; const char* keys[]= @@ -7731,7 +8530,7 @@ testVector a, b, c, d, e; testVector test_hmac[5]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha256_test"); @@ -7780,6 +8579,12 @@ test_hmac[3] = d; test_hmac[4] = e; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) if (i == 1) @@ -7791,28 +8596,60 @@ #endif if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + if (test_hmac[i].input != NULL) { ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + if (test_hmac[i].input != NULL) { + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE) return WC_TEST_RET_ENC_EC(ret); @@ -7837,6 +8674,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA384_DIGEST_SIZE]; const char* keys[]= @@ -7860,7 +8700,7 @@ testVector a, b, c, d; testVector test_hmac[4]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha384_test"); @@ -7905,6 +8745,12 @@ test_hmac[2] = c; test_hmac[3] = d; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) if (i == 1) @@ -7912,32 +8758,65 @@ #endif if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) - if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE) - return WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + ret = 0; + } #endif - return 0; + return ret; } #endif @@ -7946,6 +8825,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA512_DIGEST_SIZE]; const char* keys[]= @@ -7969,7 +8851,7 @@ testVector a, b, c, d; testVector test_hmac[4]; - wc_test_ret_t ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; int times = sizeof(test_hmac) / sizeof(testVector), i; WOLFSSL_ENTER("hmac_sha512_test"); @@ -8018,6 +8900,12 @@ test_hmac[2] = c; test_hmac[3] = d; + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + for (i = 0; i < times; ++i) { #if defined(HAVE_FIPS) if (i == 1) @@ -8025,32 +8913,65 @@ #endif if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], (word32)XSTRLEN(keys[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); wc_HmacFree(&hmac); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + wc_HmacFree(hmac_copy); +#endif } +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) - if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE) - return WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + ret = 0; + } #endif - return 0; + return ret; } #endif @@ -8061,6 +8982,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void) { Hmac hmac; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_DECLARE_VAR(hmac_copy, Hmac, 1, HEAP_HINT); +#endif byte hash[WC_SHA3_512_DIGEST_SIZE]; const char* key[4] = @@ -8185,9 +9109,15 @@ int i = 0, iMax = sizeof(input) / sizeof(input[0]), j, jMax = sizeof(hashType) / sizeof(hashType[0]); - int ret; + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; WOLFSSL_ENTER("hmac_sha3_test"); + XMEMSET(&hmac, 0, sizeof(hmac)); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + WC_CALLOC_VAR_EX(hmac_copy, Hmac, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); +#endif + #ifdef HAVE_FIPS /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too * short. Skip it in FIPS builds. */ @@ -8196,36 +9126,65 @@ for (; i < iMax; i++) { for (j = 0; j < jMax; j++) { if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], (word32)XSTRLEN(key[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacCopy(&hmac, hmac_copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HmacUpdate(&hmac, (byte*)input[i], (word32)XSTRLEN(input[i])); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_HmacFinal(&hmac, hash); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + ret = wc_HmacUpdate(hmac_copy, (byte*)input[i], + (word32)XSTRLEN(input[i])); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HmacFinal(hmac_copy, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wc_HmacFree(hmac_copy); +#endif + if (i > 0) continue; #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) ret = wc_HmacSizeByType(hashType[j]); if (ret != hashSz[j]) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif } } - return 0; +out: + + wc_HmacFree(&hmac); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(7,0,0)) + wc_HmacFree(hmac_copy); + WC_FREE_VAR_EX(hmac_copy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; } #endif @@ -11649,7 +12608,7 @@ ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), cipher1, sizeof(cipher1)); if (ret != 0) { - return ret; + ERROR_OUT(ret, out); } #endif ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); @@ -11696,7 +12655,7 @@ ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), cipher2, sizeof(msg2)); if (ret != 0) { - return ret; + ERROR_OUT(ret, out); } #endif @@ -19384,6 +20343,7 @@ }; wc_test_ret_t ret; + ChaChaPoly_Aead aead; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -19426,6 +20386,177 @@ if (XMEMCMP(buf2, Plaintext, sizeof Plaintext)) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + /* Test wc_XChaCha20Poly1305_Init bad parameters */ + ret = wc_XChaCha20Poly1305_Init(NULL, AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key, 1); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD, + NULL, sizeof IV, + Key, sizeof Key, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD, + IV, sizeof IV, + NULL, sizeof Key, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong nonce size (12 instead of 24) */ + ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD, + IV, CHACHA20_POLY1305_AEAD_IV_SIZE, + Key, sizeof Key, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong key size (16 instead of 32) */ + ret = wc_XChaCha20Poly1305_Init(&aead, AAD, sizeof AAD, + IV, sizeof IV, + Key, 16, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Test wc_XChaCha20Poly1305_Encrypt bad parameters */ + ret = wc_XChaCha20Poly1305_Encrypt(NULL, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + NULL, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + NULL, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + NULL, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + NULL, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong nonce size (12 instead of 24) */ + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, CHACHA20_POLY1305_AEAD_IV_SIZE, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong key size (16 instead of 32) */ + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + Key, 16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Insufficient buffer space */ + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Plaintext, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Test wc_XChaCha20Poly1305_Decrypt bad parameters */ + ret = wc_XChaCha20Poly1305_Decrypt(NULL, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + NULL, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + NULL, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + NULL, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + NULL, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong nonce size (12 instead of 24) */ + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, CHACHA20_POLY1305_AEAD_IV_SIZE, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Wrong key size (16 instead of 32) */ + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + Key, 16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Insufficient buffer space */ + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext - 1, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = 0; + out: #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -19443,6 +20574,9 @@ byte block[32]; wc_test_ret_t ret; int i; +#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE) + long current_totalAllocs = wc_MemStats_Ptr->totalAllocs; +#endif XMEMSET(block, 0, sizeof(block)); @@ -19467,6 +20601,42 @@ return WC_TEST_RET_ENC_EC(ret); } +#if defined(HAVE_HASHDRBG) && !defined(HAVE_INTEL_RDRAND) && \ + !defined(CUSTOM_RAND_GENERATE_BLOCK) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(5,0,0)) + /* Test periodic reseed dynamics. */ + +#ifdef WOLF_CRYPTO_CB + if (wc_CryptoCb_RandomBlock(rng, block, sizeof(block)) == + WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + { +#endif + ((struct DRBG_internal *)rng->drbg)->reseedCtr = WC_RESEED_INTERVAL; + + ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (((struct DRBG_internal *)rng->drbg)->reseedCtr == WC_RESEED_INTERVAL) + return WC_TEST_RET_ENC_NC; +#ifdef WOLF_CRYPTO_CB + } +#endif + +#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK && !HAVE_SELFTEST */ + +#if defined(WOLFSSL_TRACK_MEMORY) && defined(WOLFSSL_SMALL_STACK_CACHE) + /* wc_RNG_GenerateBlock() must not allocate any memory in + * WOLFSSL_SMALL_STACK_CACHE builds, even if it had to reseed. + * LINUXKM_DRBG_GET_RANDOM_BYTES depends on this -- + * wolfssl_linuxkm_random_bytes_handlers (wc__get_random_bytes() and + * wc_crng_reseed()) can't call the heap, since the kernel heap will call + * them via get_random_u32(). + */ + if (current_totalAllocs != wc_MemStats_Ptr->totalAllocs) + return WC_TEST_RET_ENC_NC; +#endif + /* Parameter validation testing. */ ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { @@ -19543,10 +20713,15 @@ } #endif +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + ret = drbg_continuous_main(); +#endif + return ret; } -#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) +#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) && \ + !defined(HAVE_INTEL_RDRAND) #if defined(WC_RNG_SEED_CB) && \ !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ)) @@ -19566,7 +20741,7 @@ * SEED_BLOCK_SZ, which depend on which seed back end is configured. */ #if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED) && \ - !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + !(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4)) #ifdef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const byte check[] = { @@ -19604,7 +20779,7 @@ }; #endif #elif defined(HAVE_AMD_RDSEED) && \ - !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + !(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4)) WOLFSSL_SMALL_STACK_STATIC const byte check[] = { 0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0, @@ -19613,7 +20788,7 @@ 0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98 }; #elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) && \ - !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + !(defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4)) #ifdef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const byte check[] = { @@ -19632,7 +20807,7 @@ }; #endif #elif defined(HAVE_INTEL_RDSEED) && \ - defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0) + defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && FIPS_VERSION3_NE(5,2,4) WOLFSSL_SMALL_STACK_STATIC const byte check[] = { 0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48, @@ -19689,7 +20864,7 @@ out: return ret; } -#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */ +#endif /* WC_RNG_SEED_CB && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) @@ -19809,7 +20984,7 @@ return 0; } -#else +#else /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) { @@ -19819,8 +20994,566 @@ return random_rng_test(); } -#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */ -#endif /* WC_NO_RNG */ +#endif /* !HAVE_HASHDRBG || CUSTOM_RAND_GENERATE_BLOCK || HAVE_INTEL_RDRAND */ + +#ifdef WC_RNG_BANK_SUPPORT + +static char *rng_bank_affinity_lock_lock; +static int rng_bank_affinity_lock(void *arg) { + rng_bank_affinity_lock_lock = (char *)arg; + return 0; +} + +static int rng_bank_affinity_get_id_id; +static int rng_bank_affinity_get_id(void *arg, int *id) { + if (rng_bank_affinity_lock_lock != (char *)arg) + return BAD_STATE_E; + rng_bank_affinity_lock_lock = (char *)arg + 1; + *id = rng_bank_affinity_get_id_id; + return 0; +} + +static int rng_bank_affinity_unlock(void *arg) { + rng_bank_affinity_lock_lock = (char *)arg + 2; + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void) +{ + int ret; + WC_DECLARE_VAR(bank, struct wc_rng_bank, 1, HEAP_HINT); + struct wc_rng_bank_inst *rng_inst = NULL; +#ifdef WC_DRBG_BANKREF + WC_DECLARE_VAR(rng, WC_RNG, 1, HEAP_HINT); +#endif +#ifndef WC_RNG_BANK_STATIC + struct wc_rng_bank *bank2 = NULL; + struct wc_rng_bank_inst *rng_inst2 = NULL; +#ifdef WC_DRBG_BANKREF + WC_RNG *rng2 = NULL; +#endif +#endif /* !WC_RNG_BANK_STATIC */ + static const char bank_arg[] = "hi"; + byte outbuf1[16], outbuf2[16]; + int i; + + WC_CALLOC_VAR_EX(bank, struct wc_rng_bank, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, + return WC_TEST_RET_ENC_EC(MEMORY_E)); + +#ifdef WC_DRBG_BANKREF + WC_ALLOC_VAR_EX(rng, WC_RNG, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + XMEMSET(rng, 0, sizeof(*rng)); +#endif + + ret = wc_rng_bank_init(NULL, WC_RNG_BANK_STATIC_SIZE, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef WC_RNG_BANK_STATIC + ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_CAN_WAIT, 10, HEAP_HINT, INVALID_DEVID); + if (ret != WC_NO_ERR_TRACE(BAD_LENGTH_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_rng_bank_init(bank, WC_RNG_BANK_STATIC_SIZE, + WC_RNG_BANK_FLAG_NO_VECTOR_OPS | + WC_RNG_BANK_FLAG_CAN_WAIT, + 10, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_set_affinity_handlers( + bank, + rng_bank_affinity_lock, + rng_bank_affinity_get_id, + rng_bank_affinity_unlock, + (char *)bank_arg); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 4; + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != WC_NO_ERR_TRACE(BAD_INDEX_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 2; + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != bank->rngs + 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (rng_bank_affinity_lock_lock != bank_arg + 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* if we can, confirm that WC_RNG_BANK_FLAG_NO_VECTOR_OPS worked. */ +#if defined(USE_INTEL_SPEEDUP) && \ + defined(WOLFSSL_KERNEL_MODE) && \ + defined(WOLFSSL_SMALL_STACK_CACHE) && \ + defined(WC_C_DYNAMIC_FALLBACK) && \ + defined(HAVE_HASHDRBG) && \ + defined(WC_NO_INTERNAL_FUNCTION_POINTERS) + if (((struct DRBG_internal *)rng_inst->rng.drbg)->sha256.sha_method != 7 /* SHA256_C */) + ERROR_OUT(WC_TEST_RET_ENC_I(((struct DRBG_internal *)rng_inst->rng.drbg)->sha256.sha_method), out); +#endif + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + { + struct wc_rng_bank_inst *bogus_inst = (struct wc_rng_bank_inst *)(wc_ptr_t)bank; + ret = wc_rng_bank_checkin(bank, &bogus_inst); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (rng_bank_affinity_lock_lock != bank_arg + 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_checkout(bank, &rng_inst, 3, 10, WC_RNG_BANK_FLAG_NONE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != bank->rngs + 3) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 3; + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != bank->rngs + 3) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WC_DRBG_BANKREF + ret = wc_InitRng_BankRef(NULL, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_InitRng_BankRef(bank, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_InitRng_BankRef(bank, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 1; + ret = wc_RNG_GenerateBlock(rng, outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + ret = wc_rng_bank_reseed(NULL, 10, WC_RNG_BANK_FLAG_NONE); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_reseed(bank, 10, WC_RNG_BANK_FLAG_NONE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (i = 0; i < bank->n_rngs; ++i) { + if (((struct DRBG_internal *)bank->rngs[i].rng.drbg) + ->reseedCtr != WC_RESEED_INTERVAL) + { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + } + + rng_bank_affinity_get_id_id = 0; + /* WC_RNG_BANK_FLAG_CAN_WAIT needed to avoiding warning message that the + * instance needs reseed. + */ + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_CAN_WAIT | WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 1; + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_CAN_WAIT | WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_seed(bank, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = 0; + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* can't wc_rng_bank_seed() while holding an inst (deadlock/timeout) -- + * check in then check back out. + */ + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_seed(NULL, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_seed(bank, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkout(bank, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf2, sizeof(outbuf2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* even though we passed in the same seed, the state is different, because + * Hash_DRBG_Reseed() chains in the previous state, and also churns in the + * "type" only on reseed. + */ + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_inst_reinit(NULL, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* bogus pointer test */ + ret = wc_rng_bank_inst_reinit(bank, (struct wc_rng_bank_inst *)(wc_ptr_t)bank, 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_inst_reinit(bank, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_checkin(NULL, &rng_inst); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkin(bank, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkout(NULL, &rng_inst, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef WC_DRBG_BANKREF + if (wolfSSL_RefCur(bank->refcount) != 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_fini(bank); + if (ret != WC_NO_ERR_TRACE(BUSY_E)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wc_FreeRng(rng); + + if (wolfSSL_RefCur(bank->refcount) != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef WC_RNG_BANK_DEFAULT_SUPPORT + + ret = wc_rng_bank_default_clear(NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_default_clear(bank); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_default_set(bank); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* When gated in, passing a NULL bank arg to wc_rng_bank_checkout(), + * wc_rng_bank_checkin(), wc_rng_bank_inst_reinit(), wc_rng_bank_seed(), + * wc_rng_bank_reseed(), wc_InitRng_BankRef(), or wc_rng_new_bankref() + * implicitly designates the default bank. + */ + ret = wc_rng_bank_checkout(NULL, &rng_inst, 3, 10, WC_RNG_BANK_FLAG_NONE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst != bank->rngs + 3) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_inst_reinit(NULL, rng_inst, 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef WC_DRBG_BANKREF + ret = wc_InitRng_BankRef(NULL, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + wc_FreeRng(rng); + +#ifndef WC_RNG_BANK_STATIC + ret = wc_rng_new_bankref(NULL, &rng2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + wc_rng_free(rng2); + rng2 = NULL; +#endif + +#endif + + ret = wc_rng_bank_checkin(NULL, &rng_inst); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_seed(NULL, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_reseed(NULL, 10, WC_RNG_BANK_FLAG_NONE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_default_clear(bank); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#endif /* WC_RNG_BANK_DEFAULT_SUPPORT */ + +#ifdef WC_RNG_BANK_STATIC + + ret = 0; + +#else /* !WC_RNG_BANK_STATIC */ + + ret = wc_rng_bank_new(&bank2, WC_RNG_BANK_STATIC_SIZE + 1, WC_RNG_BANK_FLAG_NONE, 10, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_set_affinity_handlers( + bank2, + rng_bank_affinity_lock, + rng_bank_affinity_get_id, + rng_bank_affinity_unlock, + (char *)bank_arg); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + rng_bank_affinity_get_id_id = WC_RNG_BANK_STATIC_SIZE; + ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng_inst2 != bank2->rngs + WC_RNG_BANK_STATIC_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* can't wc_rng_bank_seed() while holding an inst (deadlock/timeout) -- + * check in then check back out. + */ + ret = wc_rng_bank_checkin(bank2, &rng_inst2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_seed(bank2, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf2, sizeof(outbuf2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_checkin(bank2, &rng_inst2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_seed(bank2, (byte *)bank_arg, (word32)sizeof(bank_arg), 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_bank_checkout(bank2, &rng_inst2, -1, 10, WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST | WC_RNG_BANK_FLAG_AFFINITY_LOCK); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* even though we passed in the same seed, the state is different, because + * Hash_DRBG_Reseed() chains in the previous state, and also churns in the + * "type" only on reseed. + */ + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_inst_reinit(bank2, rng_inst2, 10, WC_RNG_BANK_FLAG_CAN_WAIT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_RNG_GenerateBlock(WC_RNG_BANK_INST_TO_RNG(rng_inst2), outbuf1, sizeof(outbuf1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_checkin(bank2, &rng_inst2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef WC_DRBG_BANKREF + ret = wc_rng_new_bankref(NULL, &rng2); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_new_bankref(bank2, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_rng_new_bankref(bank2, &rng2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (rng2 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + rng_bank_affinity_get_id_id = 1; + ret = wc_RNG_GenerateBlock(rng2, outbuf2, sizeof(outbuf2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(outbuf1, outbuf2, sizeof(outbuf1)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_RefCur(bank2->refcount) != 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_rng_bank_free(&bank2); + if (ret != WC_NO_ERR_TRACE(BUSY_E)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wc_rng_free(rng2); + rng2 = NULL; + + if (wolfSSL_RefCur(bank2->refcount) != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#endif /* WC_DRBG_BANKREF */ + + ret = wc_rng_bank_free(&bank2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (bank2 != NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#endif /* !WC_RNG_BANK_STATIC */ + +out: + + { + int cleanup_ret; + +#ifdef WC_DRBG_BANKREF + cleanup_ret = wc_FreeRng(rng); + if ((cleanup_ret != 0) && (ret == 0)) + ret = WC_TEST_RET_ENC_EC(cleanup_ret); + WC_FREE_VAR_EX(rng, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WC_DRBG_BANKREF */ + if (rng_inst) { + cleanup_ret = wc_rng_bank_checkin(bank, &rng_inst); + if ((cleanup_ret != 0) && (ret == 0)) + ret = WC_TEST_RET_ENC_EC(cleanup_ret); + if ((rng_inst != NULL) && (ret == 0)) + ret = WC_TEST_RET_ENC_NC; + } + cleanup_ret = wc_rng_bank_fini(bank); + if ((cleanup_ret != 0) && (ret == 0)) + ret = WC_TEST_RET_ENC_EC(cleanup_ret); + WC_FREE_VAR_EX(bank, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + +#ifndef WC_RNG_BANK_STATIC +#ifdef WC_DRBG_BANKREF + if (rng2) + wc_rng_free(rng2); +#endif + if (rng_inst2) { + cleanup_ret = wc_rng_bank_checkin(bank2, &rng_inst2); + if ((cleanup_ret != 0) && (ret == 0)) + ret = WC_TEST_RET_ENC_EC(cleanup_ret); + if ((rng_inst2 != NULL) && (ret == 0)) + ret = WC_TEST_RET_ENC_NC; + } + cleanup_ret = wc_rng_bank_free(&bank2); + if ((cleanup_ret != 0) && (ret == 0)) + ret = WC_TEST_RET_ENC_EC(cleanup_ret); + if ((bank2 != NULL) && (ret == 0)) + ret = WC_TEST_RET_ENC_NC; +#endif /* !WC_RNG_BANK_STATIC */ + } + + return ret; +} + +#endif /* WC_RNG_BANK_SUPPORT */ + +#endif /* !WC_NO_RNG */ #ifndef MEM_TEST_SZ #define MEM_TEST_SZ 1024 @@ -19888,7 +21621,6 @@ { wc_test_ret_t ret = 0; word32 j = 0; /* used in embedded const pointer test */ - WOLFSSL_ENTER("memory_test"); #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) int i; @@ -19902,6 +21634,8 @@ * alignment when tests are ran */ #endif + WOLFSSL_ENTER("memory_test"); + #ifdef WOLFSSL_STATIC_MEMORY /* check macro settings */ if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) { @@ -20061,8 +21795,6 @@ #endif int int_expected; unsigned int uint_expected; - void * a_ptr = NULL; - void * ptr_expected = NULL; if (WOLFSSL_ATOMIC_LOAD(a_int) != -2) return WC_TEST_RET_ENC_NC; @@ -20134,12 +21866,17 @@ if (WOLFSSL_ATOMIC_LOAD(a_uint) != 7) return WC_TEST_RET_ENC_NC; - a_ptr = NULL; - ptr_expected = NULL; - if (! wolfSSL_Atomic_Ptr_CompareExchange(&a_ptr, &ptr_expected, &ret)) - return WC_TEST_RET_ENC_NC; - if (a_ptr != &ret) - return WC_TEST_RET_ENC_NC; + { + void * volatile a_ptr = NULL; + void * ptr_expected = NULL; + static const char s[] = ""; + if (! wolfSSL_Atomic_Ptr_CompareExchange(&a_ptr, + &ptr_expected, + (void *)&s)) + return WC_TEST_RET_ENC_NC; + if (a_ptr != s) + return WC_TEST_RET_ENC_NC; + } } return ret; @@ -20689,6 +22426,111 @@ } #endif /* WOLFSSL_TEST_CERT */ +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +/* Test that FillSigner clears pubKeyStored/subjectCNStored after transferring + * ownership, so a second call doesn't copy stale NULL pointers. */ +static wc_test_ret_t fill_signer_twice_test(void) +{ + DecodedCert cert; + Signer* signer1 = NULL; + Signer* signer2 = NULL; + DerBuffer* der = NULL; + byte* tmp = NULL; + size_t bytes; + XFILE file; + wc_test_ret_t ret; + + WOLFSSL_ENTER("fill_signer_twice_test"); + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return WC_TEST_RET_ENC_ERRNO; + + /* Load a DER certificate. */ + file = XFOPEN(certExtNc, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + + /* Create a DerBuffer for FillSigner (needed when WOLFSSL_SIGNER_DER_CERT + * is defined). */ + ret = AllocDer(&der, (word32)bytes, CERT_TYPE, HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + XMEMCPY(der->buffer, tmp, bytes); + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* After parsing, pubKeyStored should be set and publicKey non-NULL. */ + if (!cert.pubKeyStored || cert.publicKey == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* First FillSigner: transfers publicKey and subjectCN ownership. */ + signer1 = MakeSigner(HEAP_HINT); + if (signer1 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + + ret = FillSigner(signer1, &cert, CA_TYPE, der); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* signer1 should have received the publicKey. */ + if (signer1->publicKey == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* After FillSigner, cert->publicKey should be NULL. */ + if (cert.publicKey != NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* BUG CHECK: pubKeyStored should have been cleared to 0. + * If it is still set, a second FillSigner would copy a NULL pointer. */ + if (cert.pubKeyStored != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* Also check subjectCNStored is cleared. */ + if (cert.subjectCNStored != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* Second FillSigner on the same cert should not copy NULL pointers. */ + signer2 = MakeSigner(HEAP_HINT); + if (signer2 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + + ret = FillSigner(signer2, &cert, CA_TYPE, der); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* signer2 should NOT have a publicKey (since cert no longer owns one). */ + if (signer2->publicKey != NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +done: + FreeDecodedCert(&cert); + if (signer1 != NULL) + FreeSigner(signer1, HEAP_HINT); + if (signer2 != NULL) + FreeSigner(signer2, HEAP_HINT); + FreeDer(&der); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* !NO_ASN_TIME && !NO_RSA && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */ + #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) @@ -21039,55 +22881,74 @@ #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */ -#define RSA_TEST_BYTES 512 /* up to 4096-bit key */ +#define RSA_TEST_BYTES (RSA_MAX_SIZE / 8) #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY) static wc_test_ret_t rsa_flatten_test(RsaKey* key) { wc_test_ret_t ret; +#if !defined(WOLFSSL_NO_MALLOC) + byte* e = NULL; + byte* n = NULL; +#else byte e[RSA_TEST_BYTES]; byte n[RSA_TEST_BYTES]; - word32 eSz = sizeof(e); - word32 nSz = sizeof(n); +#endif + word32 eSz = RSA_TEST_BYTES; + word32 nSz = RSA_TEST_BYTES; + +#if !defined(WOLFSSL_NO_MALLOC) + e = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + n = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (e == NULL || n == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_flatten); +#endif /* Parameter Validation testing. */ ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); eSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); - eSz = sizeof(e); + eSz = RSA_TEST_BYTES; nSz = 0; ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_flatten); - return 0; + ret = 0; + +exit_rsa_flatten: +#if !defined(WOLFSSL_NO_MALLOC) + XFREE(e, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif /* NO_ASN */ @@ -21096,75 +22957,100 @@ static wc_test_ret_t rsa_export_key_test(RsaKey* key) { wc_test_ret_t ret; - byte e[3]; + byte e[3]; word32 eSz = sizeof(e); - byte n[RSA_TEST_BYTES]; - word32 nSz = sizeof(n); - byte d[RSA_TEST_BYTES]; - word32 dSz = sizeof(d); - byte p[RSA_TEST_BYTES/2]; - word32 pSz = sizeof(p); - byte q[RSA_TEST_BYTES/2]; - word32 qSz = sizeof(q); +#if !defined(WOLFSSL_NO_MALLOC) + byte* n = NULL; + byte* d = NULL; + byte* p = NULL; + byte* q = NULL; +#else + byte n[RSA_TEST_BYTES]; + byte d[RSA_TEST_BYTES]; + byte p[RSA_TEST_BYTES/2]; + byte q[RSA_TEST_BYTES/2]; +#endif + word32 nSz = RSA_TEST_BYTES; + word32 dSz = RSA_TEST_BYTES; + word32 pSz = RSA_TEST_BYTES/2; + word32 qSz = RSA_TEST_BYTES/2; word32 zero = 0; +#if !defined(WOLFSSL_NO_MALLOC) + n = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + d = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + p = (byte*)XMALLOC(RSA_TEST_BYTES/2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + q = (byte*)XMALLOC(RSA_TEST_BYTES/2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (n == NULL || d == NULL || p == NULL || q == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_export); +#endif + ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); #ifndef WOLFSSL_RSA_PUBLIC_ONLY ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); #endif /* WOLFSSL_RSA_PUBLIC_ONLY */ ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_export); - return 0; + ret = 0; + +exit_rsa_export: +#if !defined(WOLFSSL_NO_MALLOC) + XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */ @@ -21191,41 +23077,51 @@ 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f }; word32 inLen = (word32)XSTRLEN((char*)in); +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + word32 outSz = RSA_TEST_BYTES; +#endif +#if !defined(WOLFSSL_NO_MALLOC) + byte* out = NULL; + out = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa_sig); +#else byte out[RSA_TEST_BYTES]; +#endif /* Parameter Validation testing. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); sigSz = (word32)modLen; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, &sigSz, key, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, &sigSz, key, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, &sigSz, key, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, NULL, key, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, NULL, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, 0, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, NULL); #if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT) @@ -21249,112 +23145,119 @@ #else if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) #endif - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); sigSz = 0; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, inLen, out, (word32)modLen, key, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, 0, out, (word32)modLen, key, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, NULL, (word32)modLen, key, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, 0, key, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, NULL, keyLen); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, 0); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); #ifndef HAVE_ECC ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); #endif #if defined(WOLF_CRYPTO_CB_ONLY_RSA) - return 0; + ret = 0; + goto exit_rsa_sig; #endif /* Use APIs. */ ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); if (ret != modLen) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); if (ret != modLen) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); sigSz = (word32)ret; #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) - XMEMSET(out, 0, sizeof(out)); + XMEMSET(out, 0, outSz); ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); - sigSz = (word32)sizeof(out); + sigSz = outSz; ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, &sigSz, key, keyLen, rng); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, in, inLen, out, (word32)modLen, key, keyLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); /* Wrong signature type. */ ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, inLen, out, (word32)modLen, key, keyLen); if (ret == 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); /* check hash functions */ - sigSz = (word32)sizeof(out); + sigSz = outSz; ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); - sigSz = (word32)sizeof(out); + sigSz = outSz; ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_sig); #else (void)hash; (void)hashEnc; #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ - return 0; + ret = 0; + +exit_rsa_sig: +#if !defined(WOLFSSL_NO_MALLOC) + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif /* !NO_SIG_WRAPPER && !NO_SHA256 */ @@ -21735,6 +23638,22 @@ goto done; } +#ifdef USE_CERT_BUFFERS_2048 + /* Test that public key decode rejects a private key */ + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(client_key_der_2048, &inOutIdx, keyPub, + sizeof_client_key_der_2048); + if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = 0; /* success - public key decode correctly rejected private key */ +#endif + done: wc_FreeRsaKey(keyPub); return ret; @@ -24175,6 +26094,18 @@ exit_rsa: + (void)res; + (void)bytes; + (void)idx; + (void)in; + (void)out; + (void)plain; + (void)idx; + (void)inStr; + (void)inLen; + (void)outSz; + (void)plainSz; + #if !defined(WOLFSSL_NO_MALLOC) XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #if defined(WOLFSSL_CERT_REQ) @@ -24203,18 +26134,6 @@ WC_FREE_VAR(out, HEAP_HINT); WC_FREE_VAR(plain, HEAP_HINT); - (void)res; - (void)bytes; - (void)idx; - (void)in; - (void)out; - (void)plain; - (void)idx; - (void)inStr; - (void)inLen; - (void)outSz; - (void)plainSz; - /* ret can be greater then 0 with certgen but all negative values should * be returned and treated as an error */ if (ret >= 0) { @@ -25360,14 +27279,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void) { wc_test_ret_t ret = 0; - int answer; word32 bytes; word32 idx = 0; WC_RNG rng; int rng_inited = 0; wc_Sha sha; byte hash[WC_SHA_DIGEST_SIZE]; +#ifndef WC_FIPS_186_5_PLUS byte signature[40]; + int answer; +#endif int key_inited = 0; #ifdef WOLFSSL_KEY_GEN int derSz = 0; @@ -25453,6 +27374,7 @@ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); rng_inited = 1; +#ifndef WC_FIPS_186_5_PLUS ret = wc_DsaSign(hash, signature, key, &rng); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -25462,6 +27384,7 @@ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (answer != 1) ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* !WC_FIPS_186_5_PLUS */ wc_FreeDsaKey(key); key_inited = 0; @@ -26697,8 +28620,11 @@ int num = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if ((enc == NULL) || (dec == NULL)) + if ((enc == NULL) || (dec == NULL)) { + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); return MEMORY_E; + } #endif XMEMCPY(iv, setIv, sizeof(setIv)); @@ -27934,6 +29860,12 @@ goto openSSL_evpMD_test_done; } + ret = wolfSSL_EVP_MD_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1()); if (ret != WOLFSSL_SUCCESS) { ret = WC_TEST_RET_ENC_NC; @@ -27961,6 +29893,12 @@ goto openSSL_evpMD_test_done; } + ret = wolfSSL_EVP_MD_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) { ret = WC_TEST_RET_ENC_NC; goto openSSL_evpMD_test_done; @@ -27976,6 +29914,12 @@ goto openSSL_evpMD_test_done; } + ret = wolfSSL_EVP_MD_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + ret = 0; /* got to success state without jumping to end with a fail */ openSSL_evpMD_test_done: @@ -28758,15 +30702,21 @@ #if defined(HAVE_PKCS12) && !defined(NO_SHA256) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) { - WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, - 0x00, 0x00 }; - WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; - - WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, - 0x00, 0x67, 0x00, 0x00 }; - WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; - byte derived[64]; + WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { + 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { + 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f + }; + WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { + 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { + 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 + }; WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, @@ -28779,6 +30729,7 @@ 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C }; + byte derived[64]; int id = 1; int kLen = 24; int iterations = 1; @@ -28795,12 +30746,12 @@ iterations = 1000; ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id); + iterations, kLen, WC_SHA256, id); if (ret < 0) return WC_TEST_RET_ENC_EC(ret); ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, - iterations, kLen, WC_SHA256, id, HEAP_HINT); + iterations, kLen, WC_SHA256, id, HEAP_HINT); if (ret < 0) return WC_TEST_RET_ENC_EC(ret); @@ -28906,7 +30857,7 @@ #if defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_PKCS12) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ - !defined(NO_CERTS) && !defined(NO_DES3) + !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA) WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) { wc_test_ret_t ret = 0; @@ -30259,8 +32210,9 @@ #endif /* HAVE_X963_KDF */ #if defined(HAVE_HPKE) && \ - (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ - defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) static wc_test_ret_t hpke_test_single(Hpke* hpke) { @@ -30489,8 +32441,8 @@ Hpke hpke[1]; WOLFSSL_ENTER("hpke_test"); -#if defined(HAVE_ECC) - #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) +#if defined(HAVE_ECC) && defined(WOLFSSL_AES_128) + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && !defined(NO_SHA256) /* p256 */ ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256, HPKE_AES_128_GCM, NULL); @@ -30502,11 +32454,26 @@ ret = hpke_test_multi(hpke); if (ret != 0) return ret; + #endif + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + !defined(NO_SHA256) && defined(WOLFSSL_SHA512) + /* p256 with sha512 kdf */ + ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA512, + HPKE_AES_128_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; #endif - #if defined(WOLFSSL_SHA384) && \ - (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) /* p384 */ ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384, HPKE_AES_128_GCM, NULL); @@ -30520,8 +32487,8 @@ return ret; #endif - #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ - (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA512) /* p521 */ ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512, HPKE_AES_128_GCM, NULL); @@ -30534,9 +32501,24 @@ if (ret != 0) return ret; #endif + + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + /* p521 with sha384 kdf */ + ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA384, + HPKE_AES_128_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; + #endif #endif -#if defined(HAVE_CURVE25519) +#if defined(HAVE_CURVE25519) && !defined(NO_SHA256) && defined(WOLFSSL_AES_256) /* test with curve25519 and aes256 */ ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, HPKE_AES_256_GCM, NULL); @@ -30551,8 +32533,8 @@ #endif -#if defined(HAVE_CURVE448) && \ - (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) +#if defined(HAVE_CURVE448) && defined(WOLFSSL_SHA512) && \ + defined(WOLFSSL_AES_256) /* test with curve448 and aes256 */ ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512, HPKE_AES_256_GCM, NULL); @@ -30573,7 +32555,8 @@ return ret; } -#endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM && WOLFSSL_AES_256 */ +#endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519 || HAVE_CURVE448) && + HAVE_AESGCM */ #if defined(WC_SRTP_KDF) typedef struct Srtp_Kdf_Tv { @@ -30595,6 +32578,11 @@ word32 ksSz; } Srtp_Kdf_Tv; +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + #define SRTP_KDF_LONG_KEY 5000 +#endif + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void) { wc_test_ret_t ret = 0; @@ -30846,6 +32834,18 @@ unsigned char keyE[32]; unsigned char keyA[20]; unsigned char keyS[14]; +#ifdef SRTP_KDF_LONG_KEY + WC_DECLARE_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); + WC_DECLARE_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); + WC_DECLARE_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); +#endif + +#ifdef SRTP_KDF_LONG_KEY + WC_ALLOC_VAR(keyELong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); + WC_ALLOC_VAR(keyALong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); + WC_ALLOC_VAR(keySLong, byte, SRTP_KDF_LONG_KEY, HEAP_HINT); +#endif + WOLFSSL_ENTER("srtpkdf_test"); for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) { @@ -30869,73 +32869,73 @@ tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION, keyE, tv[i].keSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH, keyA, tv[i].kaSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH, keyA, tv[i].kaSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); } #ifdef WOLFSSL_AES_128 @@ -30949,115 +32949,115 @@ tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, 25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, 25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz, keyS, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, NULL, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, NULL, tv[i].ksSz); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); idx = wc_SRTP_KDF_kdr_to_idx(0); if (idx != -1) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); for (i = 0; i < 32; i++) { word32 kdr = 1U << i; @@ -31069,13 +33069,13 @@ keyA, tv[i].kaSz, keyS, tv[i].ksSz, WC_SRTCP_48BIT_IDX); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2), ms48_2, (word32)sizeof(ms48_2), @@ -31083,20 +33083,48 @@ keyA, tv[i].kaSz, keyS, tv[i].ksSz, WC_SRTCP_48BIT_IDX); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); } idx = wc_SRTP_KDF_kdr_to_idx(kdr); if (idx != i) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, out); } - return 0; +#ifdef SRTP_KDF_LONG_KEY + /* Check that long messages can be created. */ + ret = wc_SRTP_KDF(tv[0].key, tv[0].keySz, tv[0].salt, tv[0].saltSz, + tv[0].kdfIdx, tv[0].index_c, keyELong, SRTP_KDF_LONG_KEY, keyALong, + SRTP_KDF_LONG_KEY, keySLong, SRTP_KDF_LONG_KEY); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Check that two bytes of counter are being used. */ + if (XMEMCMP(keyELong, keyELong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + if (XMEMCMP(keyELong, keyALong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + if (XMEMCMP(keyELong, keySLong + 4096, SRTP_KDF_LONG_KEY - 4096) == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* SRTP_KDF_LONG_KEY */ + +out: + +#ifdef SRTP_KDF_LONG_KEY + WC_FREE_VAR(keyELong, HEAP_HINT); + WC_FREE_VAR(keyALong, HEAP_HINT); + WC_FREE_VAR(keySLong, HEAP_HINT); +#endif + + return ret; } #endif @@ -31341,8 +33369,30 @@ break; #endif /* HAVE_ECC192 */ -#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) +#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && \ + (!defined(NO_SHA) || defined(WOLFSSL_SHA224) || \ + (defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224))) case 28: +#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA) + /* FIPS 186-5 Example vector -- P-224, SHA-224 */ + /* Unhashed message: "Example of ECDSA with P-224" */ + + vec.msg = "\x1F\x1E\x1C\xF8\x92\x92\x6C\xFC\xCF\xC5\xA2\x8F\xEE\xF3\xD8" + "\x07\xD2\x3F\x77\x80\x08\xDB\xA4\xB3\x5F\x04\xB2\xFD"; + vec.msgLen = 28; + vec.Qx = "E84FB0B8E7000CB657D7973CF6B42ED78B301674276DF744AF130B3E"; + vec.Qy = "4376675C6FC5612C21A0FF2D2A89D2987DF7A2BC52183B5982298555"; + vec.d = "3F0C488E987C80BE0FEE521F8D90BE6034EC69AE11CA72AA777481E8"; + vec.R = "C3A3F5B82712532004C6F6D1DB672F55D931C3409EA1216D0BE77380"; + vec.S = "C5AA1EAE6095DEA34C9BD84DA3852CCA41A8BD9D5548F36DABDF6617"; + vec.curveName = "SECP224R1"; + vec.r = (const byte *)"\xC3\xA3\xF5\xB8\x27\x12\x53\x20\x04\xC6\xF6" + "\xD1\xDB\x67\x2F\x55\xD9\x31\xC3\x40\x9E\xA1\x21\x6D\x0B\xE7\x73\x80"; + vec.rSz = 28; + vec.s = (const byte *)"\xC5\xAA\x1E\xAE\x60\x95\xDE\xA3\x4C\x9B\xD8" + "\x4D\xA3\x85\x2C\xCA\x41\xA8\xBD\x9D\x55\x48\xF3\x6D\xAB\xDF\x66\x17"; + vec.sSz = 28; +#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */ /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ #if 1 vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; @@ -31374,8 +33424,9 @@ "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" "\x6a\xf3\xad\x5b"; vec.sSz = 28; +#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */ break; -#endif /* HAVE_ECC224 */ +#endif /* HAVE_ECC224 && (!NO_SHA || SHA224 || SHA3_224 */ #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) case 30: @@ -31384,6 +33435,29 @@ #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) case 32: +#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA) + /* FIPS 186-5 Example vector - P-256, SHA-256 */ + /* Unhashed message: "Example of ECDSA with P-256" */ + + vec.msg = "\xA4\x1A\x41\xA1\x2A\x79\x95\x48\x21\x1C\x41\x0C\x65\xD8\x13" + "\x3A\xFD\xE3\x4D\x28\xBD\xD5\x42\xE4\xB6\x80\xCF\x28\x99\xC8" + "\xA8\xC4"; + vec.msgLen = 32; + vec.Qx = "B7E08AFDFE94BAD3F1DC8C734798BA1C62B3A0AD1E9EA2A38201CD0889BC7A19"; + vec.Qy = "3603F747959DBF7A4BB226E41928729063ADC7AE43529E61B563BBC606CC5E09"; + vec.d = "C477F9F65C22CCE20657FAA5B2D1D8122336F851A508A1ED04E479C34985BF96"; + vec.R = "2B42F576D07F4165FF65D1F3B1500F81E44C316F1F0B3EF57325B69ACA46104F"; + vec.S = "DC42C2122D6392CD3E3A993A89502A8198C1886FE69D262C4B329BDB6B63FAF1"; + vec.curveName = "SECP256R1"; + vec.r = (const byte *)"\x2B\x42\xF5\x76\xD0\x7F\x41\x65\xFF\x65\xD1" + "\xF3\xB1\x50\x0F\x81\xE4\x4C\x31\x6F\x1F\x0B\x3E\xF5\x73\x25" + "\xB6\x9A\xCA\x46\x10\x4F"; + vec.rSz = 32; + vec.s = (const byte *)"\xDC\x42\xC2\x12\x2D\x63\x92\xCD\x3E\x3A\x99" + "\x3A\x89\x50\x2A\x81\x98\xC1\x88\x6F\xE6\x9D\x26\x2C\x4B\x32" + "\x9B\xDB\x6B\x63\xFA\xF1"; + vec.sSz = 32; +#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */ /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ #if 1 vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; @@ -31415,6 +33489,7 @@ "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; vec.sSz = 32; vec.curveName = "SECP256R1"; +#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */ break; #endif /* !NO_ECC256 */ @@ -31425,6 +33500,37 @@ #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) case 48: +#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA) + /* FIPS 186-5 Example vector -- P-384, SHA-384 */ + /* Unhashed message: "Example of ECDSA with P-384" */ + + vec.msg = "\x5A\xEA\x18\x7D\x1C\x4F\x6E\x1B\x35\x05\x7D\x20\x12\x6D\x83" + "\x6C\x6A\xDB\xBC\x70\x49\xEE\x02\x99\xC9\x52\x9F\x5E\x0B\x3F" + "\x8B\x5A\x74\x11\x14\x9D\x6C\x30\xD6\xCB\x2B\x8A\xF7\x0E\x0A" + "\x78\x1E\x89"; + vec.msgLen = 48; + vec.Qx = "3BF701BC9E9D36B4D5F1455343F09126F2564390F2B487365071243C61E6" + "471FB9D2AB74657B82F9086489D9EF0F5CB5"; + vec.Qy = "D1A358EAFBF952E68D533855CCBDAA6FF75B137A5101443199325583552A" + "6295FFE5382D00CFCDA30344A9B5B68DB855"; + vec.d = "F92C02ED629E4B48C0584B1C6CE3A3E3B4FAAE4AFC6ACB0455E73DFC392E" + "6A0AE393A8565E6B9714D1224B57D83F8A08"; + vec.R = "30EA514FC0D38D8208756F068113C7CADA9F66A3B40EA3B313D040D9B57D" + "D41A332795D02CC7D507FCEF9FAF01A27088"; + vec.S = "CC808E504BE414F46C9027BCBF78ADF067A43922D6FCAA66C4476875FBB7" + "B94EFD1F7D5DBE620BFB821C46D549683AD8"; + vec.curveName = "SECP384R1"; + vec.r = (const byte *)"\x30\xEA\x51\x4F\xC0\xD3\x8D\x82\x08\x75\x6F" + "\x06\x81\x13\xC7\xCA\xDA\x9F\x66\xA3\xB4\x0E\xA3\xB3\x13\xD0" + "\x40\xD9\xB5\x7D\xD4\x1A\x33\x27\x95\xD0\x2C\xC7\xD5\x07\xFC" + "\xEF\x9F\xAF\x01\xA2\x70\x88"; + vec.rSz = 48; + vec.s = (const byte *)"\xCC\x80\x8E\x50\x4B\xE4\x14\xF4\x6C\x90\x27" + "\xBC\xBF\x78\xAD\xF0\x67\xA4\x39\x22\xD6\xFC\xAA\x66\xC4\x47" + "\x68\x75\xFB\xB7\xB9\x4E\xFD\x1F\x7D\x5D\xBE\x62\x0B\xFB\x82" + "\x1C\x46\xD5\x49\x68\x3A\xD8"; + vec.sSz = 48; +#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */ /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ #if 1 vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; @@ -31458,6 +33564,7 @@ "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; vec.sSz = 48; +#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */ break; #endif /* HAVE_ECC384 */ @@ -31468,6 +33575,45 @@ #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) case 66: +#if defined(WC_FIPS_186_5_PLUS) || defined(NO_SHA) + /* FIPS 186-5 Example vector -- P-521, SHA-512 */ + /* Unhashed message: "Example of ECDSA with P-521" */ + + vec.msg = "\x9B\xF0\xE1\xDE\xED\xA3\x1E\x00\xF9\x25\xB7\x7F\x7C\xB6\xB1" + "\xCE\xD7\x36\x8D\xE1\xDC\x75\xBB\x9F\x94\x58\x2C\x1C\xA7\x09" + "\x20\x5D\x32\xAF\x90\x02\x5B\x02\xFA\x13\x2F\xBE\xBD\x6C\xDD" + "\xCD\x91\x72\xC0\xD6\x6D\x8E\x58\x17\x67\xA8\xB6\xF7\x1D\xE6" + "\x0B\xE1\xF9\x32"; + vec.msgLen = 64; + vec.Qx = "98E91EEF9A68452822309C52FAB453F5F117C1DA8ED796B255E9AB8F6410" + "CCA16E59DF403A6BDC6CA467A37056B1E54B3005D8AC030DECFEB68DF18B" + "171885D5C4"; + vec.Qy = "164350C321AECFC1CCA1BA4364C9B15656150B4B78D6A48D7D28E7F31985" + "EF17BE8554376B72900712C4B83AD668327231526E313F5F092999A4632F" + "D50D946BC2E"; + vec.d = "100085F47B8E1B8B11B7EB33028C0B2888E304BFC98501955B45BBA1478D" + "C184EEEDF09B86A5F7C21994406072787205E69A63709FE35AA93BA33351" + "4B24F961722"; + vec.R = "140C8EDCA57108CE3F7E7A240DDD3AD74D81E2DE62451FC1D558FDC79269" + "ADACD1C2526EEEEF32F8C0432A9D56E2B4A8A732891C37C9B96641A9254C" + "CFE5DC3E2BA"; + vec.S = "D72F15229D0096376DA6651D9985BFD7C07F8D49583B545DB3EAB20E0A2C" + "1E8615BD9E298455BDEB6B61378E77AF1C54EEE2CE37B2C61F5C9A823295" + "1CB988B5B1"; + vec.curveName = "SECP521R1"; + vec.r = (const byte *)"\x01\x40\xC8\xED\xCA\x57\x10\x8C\xE3\xF7\xE7" + "\xA2\x40\xDD\xD3\xAD\x74\xD8\x1E\x2D\xE6\x24\x51\xFC\x1D\x55" + "\x8F\xDC\x79\x26\x9A\xDA\xCD\x1C\x25\x26\xEE\xEE\xF3\x2F\x8C" + "\x04\x32\xA9\xD5\x6E\x2B\x4A\x8A\x73\x28\x91\xC3\x7C\x9B\x96" + "\x64\x1A\x92\x54\xCC\xFE\x5D\xC3\xE2\xBA"; + vec.rSz = 66; + vec.s = (const byte *)"\xD7\x2F\x15\x22\x9D\x00\x96\x37\x6D\xA6\x65" + "\x1D\x99\x85\xBF\xD7\xC0\x7F\x8D\x49\x58\x3B\x54\x5D\xB3\xEA" + "\xB2\x0E\x0A\x2C\x1E\x86\x15\xBD\x9E\x29\x84\x55\xBD\xEB\x6B" + "\x61\x37\x8E\x77\xAF\x1C\x54\xEE\xE2\xCE\x37\xB2\xC6\x1F\x5C" + "\x9A\x82\x32\x95\x1C\xB9\x88\xB5\xB1"; + vec.sSz = 65; +#else /* !WC_FIPS_186_5_PLUS && !NO_SHA */ /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ #if 1 vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; @@ -31505,6 +33651,7 @@ "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c" "\x3d\x22\xf2\x48\x0c"; vec.sSz = 65; +#endif /* !WC_FIPS_186_5_PLUS && !NO_SHA */ break; #endif /* HAVE_ECC521 */ default: @@ -31649,7 +33796,7 @@ #endif WC_ALLOC_VAR_EX(key, ecc_key, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, - return MEMORY_E); + return WC_TEST_RET_ENC_EC(MEMORY_E)); ret = wc_ecc_init_ex(key, HEAP_HINT, devId); if (ret != 0) @@ -32240,7 +34387,9 @@ byte exportBuf[ECC_BUFSIZE]; byte tmp[ECC_BUFSIZE]; #endif - const byte* msg = (const byte*)"test wolfSSL ECC public gen"; + static const byte msg[] = + "All we have to decide is what to do with the time that is given "; + wc_static_assert(sizeof(msg) >= WC_MAX_DIGEST_SIZE); word32 x; word32 tmpSz; wc_test_ret_t ret = 0; @@ -32383,8 +34532,7 @@ ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif -#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \ - (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \ +#if defined(HAVE_ECC_SIGN) && !defined(WC_NO_RNG) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K) tmpSz = ECC_BUFSIZE; ret = 0; @@ -32393,7 +34541,7 @@ ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret == 0) { - ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, + ret = wc_ecc_sign_hash(msg, WC_MAX_DIGEST_SIZE, tmp, &tmpSz, rng, key); } } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); @@ -32410,7 +34558,7 @@ #endif if (ret == 0) { ret = wc_ecc_verify_hash(tmp, tmpSz, msg, - (word32)XSTRLEN((const char*)msg), &verify, key); + WC_MAX_DIGEST_SIZE, &verify, key); } } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret != 0) @@ -32712,11 +34860,11 @@ WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); word32 y; #endif +#ifndef WC_NO_RNG #ifdef HAVE_ECC_KEY_EXPORT #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32) WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); #endif - word32 x = 0; #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ defined(HAVE_ECC_SIGN) @@ -32727,6 +34875,7 @@ int verify; #endif /* HAVE_ECC_VERIFY */ #endif /* HAVE_ECC_SIGN */ +#endif /* WC_NO_RNG */ wc_test_ret_t ret; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -32740,6 +34889,7 @@ #ifndef WC_NO_RNG int curveSize; #endif + word32 x = 0; #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) @@ -33017,7 +35167,6 @@ #endif /* HAVE_COMP_KEY */ #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */ -#endif /* !WC_NO_RNG */ #endif /* HAVE_ECC_KEY_IMPORT */ #endif /* HAVE_ECC_KEY_EXPORT */ @@ -33114,6 +35263,7 @@ #elif defined(HAVE_ECC_KEY_EXPORT) (void)exportBuf; #endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* !WC_NO_RNG */ done: @@ -33260,8 +35410,8 @@ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; -#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) +#if defined(HAVE_COMP_KEY) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(FIPS_VERSION3_GE) && FIPS_VERSION3_GE(7,0,0))) byte derComp0[] = { 0x02, /* = Compressed, y even */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, @@ -33425,8 +35575,34 @@ goto done; } -#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) +#if defined(HAVE_COMP_KEY) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(FIPS_VERSION3_GE) && FIPS_VERSION3_GE(7,0,0))) + /* Test compressed point with missing x coordinate bytes */ + ret = wc_ecc_import_point_der(derComp0, 1, curve_idx, point3); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + ret = wc_ecc_import_point_der(derComp1, 1, curve_idx, point3); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + /* Full uncompressed P-256 length (65 bytes) but invalid prefix byte */ + { + byte invalidType[65]; + XMEMSET(invalidType, 0x42, sizeof(invalidType)); + invalidType[0] = 0x01; + ret = wc_ecc_import_point_der_ex(invalidType, sizeof(invalidType), + curve_idx, point3, 0); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + } + ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -33454,7 +35630,8 @@ ret = WC_TEST_RET_ENC_EC(ret); goto done; } -#endif +#endif /* HAVE_COMP_KEY && ((!HAVE_FIPS && !HAVE_SELFTEST) || */ + /* FIPS_VERSION3_GE(7,0,0)) */ done: #ifdef HAVE_COMP_KEY @@ -35806,7 +37983,7 @@ ECC_MIN_KEY_SZ <= 521 ret = ecc521_test_deterministic_k(&rng); if (ret != 0) { - printf("ecc512_test_deterministic_k failed!\n"); + printf("ecc521_test_deterministic_k failed!\n"); goto done; } #endif @@ -35968,7 +38145,7 @@ } XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ); - XSTRLCPY((char *)plaintext, message, sizeof plaintext); + XSTRLCPY((char *)plaintext, message, MAX_ECIES_TEST_SZ); plaintextLen = (((word32)XSTRLEN(message) + WC_AES_BLOCK_SIZE - 1) / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE; @@ -36318,6 +38495,7 @@ #ifdef WOLFSSL_ECIES_OLD tmpKey->dp = userA->dp; + tmpKey->idx = userA->idx; ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey); if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); goto done; @@ -36705,8 +38883,9 @@ ecc_key tmpKey[1]; #endif WC_RNG rng; - word32 idx = 0; wc_test_ret_t ret; + word32 idx = 0; +#ifndef WC_NO_RNG /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ byte in[] = "Everyone gets Friday off. ecc p"; word32 inLen = (word32)XSTRLEN((char*)in); @@ -36715,6 +38894,7 @@ int verify = 0; word32 x; WOLFSSL_ENTER("ecc_test_buffers"); +#endif XMEMSET(&rng, 0, sizeof(WC_RNG)); @@ -36776,7 +38956,7 @@ if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); #endif -#endif /* !WC_NO_RNG */ +#endif #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \ defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) @@ -36804,6 +38984,7 @@ } #endif +#ifndef WC_NO_RNG x = sizeof(out); do { #if defined(WOLFSSL_ASYNC_CRYPT) @@ -36831,6 +39012,7 @@ if (verify != 1) ERROR_OUT(WC_TEST_RET_ENC_NC, done); TEST_SLEEP(); +#endif #ifdef WOLFSSL_CERT_EXT idx = 0; @@ -37014,7 +39196,12 @@ /* test against known test vector */ XMEMSET(shared, 0, sizeof(shared)); y = sizeof(shared); - if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) { + ret = wc_curve25519_shared_secret(&userA, &userA, shared, &y); + #if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userA.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { ret = WC_TEST_RET_ENC_I(i); break; } @@ -37392,6 +39579,131 @@ } #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */ +#ifdef WC_X25519_NONBLOCK +/* build and test with: + * ./configure --enable-curve25519=nonblock CFLAGS="-DWOLFSSL_DEBUG_NONBLOCK" + * make + * ./wolfcrypt/test/testwolfcrypt + */ +static int x25519_nonblock_test(WC_RNG* rng) +{ + int ret = 0; + x25519_nb_ctx_t nb_ctx; + curve25519_key userA; + curve25519_key userB; +#ifdef HAVE_CURVE25519_SHARED_SECRET + byte sharedA[32]; + byte sharedB[32]; + word32 x; + word32 y; +#endif + int count; + + XMEMSET(&nb_ctx, 0, sizeof(nb_ctx)); + + ret = wc_curve25519_init(&userA); + if (ret != 0) { + printf("wc_curve25519_init 1 %d\n", ret); + return -10722; + } + ret = wc_curve25519_set_nonblock(&userA, &nb_ctx); + if (ret != 0) { + printf("wc_curve25519_set_nonblock 1 %d\n", ret); + wc_curve25519_free(&userA); + return -10723; + } + count = 0; + do { + ret = wc_curve25519_make_key(rng, 32, &userA); + count++; + } while (ret == FP_WOULDBLOCK); + if (ret != 0) { + printf("wc_curve25519_make_key_nb 1 %d\n", ret); + wc_curve25519_free(&userA); + return -10724; + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + /* CURVE25519 non-block key gen: 5335 times */ + printf("CURVE25519 non-block key gen: %d times\n", count); +#endif + + ret = wc_curve25519_init(&userB); + if (ret != 0) { + printf("wc_curve25519_init 2 %d\n", ret); + wc_curve25519_free(&userA); + return -10724; + } + ret = wc_curve25519_set_nonblock(&userB, &nb_ctx); + if (ret != 0) { + printf("wc_curve25519_set_nonblock 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10725; + } + count = 0; + do { + ret = wc_curve25519_make_key(rng, 32, &userB); + count++; + } while (ret == FP_WOULDBLOCK); + if (ret != 0) { + printf("wc_curve25519_make_key_nb 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10726; + } + +#ifdef HAVE_CURVE25519_SHARED_SECRET + x = sizeof(sharedA); + do { + ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x); + } while (ret == FP_WOULDBLOCK); + if (ret != 0) { + printf("wc_curve25519_shared_secret_nb 1 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10727; + } + + y = sizeof(sharedB); + count = 0; + do { + ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y); + count++; + } + while (ret == FP_WOULDBLOCK); + if (ret != 0) { + printf("wc_curve25519_shared_secret_nb 2 %d\n", ret); + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10728; + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + /* CURVE25519 non-block shared secret: 5337 times */ + printf("CURVE25519 non-block shared secret: %d times\n", count); +#endif + + /* compare shared secret keys to test they are the same */ + if (y != x) { + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10729; + } + + if (XMEMCMP(sharedA, sharedB, x) != 0) { + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + return -10730; + } +#endif /* HAVE_CURVE25519_SHARED_SECRET */ + + wc_curve25519_free(&userA); + wc_curve25519_free(&userB); + + return 0; +} + +#endif /* WC_X25519_NONBLOCK */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) { WC_RNG rng; @@ -37493,23 +39805,41 @@ /* make curve25519 keys */ ret = wc_curve25519_make_key(&rng, 32, userA); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_make_key(&rng, 32, userB); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); - if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { + ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { printf("wc_curve25519_shared_secret 1 failed\n"); ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } y = sizeof(sharedB); - if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { printf("wc_curve25519_shared_secret 2 failed\n"); ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } @@ -37541,7 +39871,12 @@ /* test shared key after importing a public key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); - if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { + ret = wc_curve25519_shared_secret(userB, pubKey, sharedB, &y); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); } @@ -37563,6 +39898,10 @@ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); + #if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); @@ -37573,6 +39912,10 @@ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); @@ -37592,16 +39935,28 @@ #endif ret = wc_curve25519_make_key(&rng, 32, userB); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); x = sizeof(sharedA); ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); +#if defined(WOLFSSL_ASYNC_CRYPT) + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); @@ -37627,6 +39982,13 @@ goto cleanup; #endif +#ifdef WC_X25519_NONBLOCK + ret = x25519_nonblock_test(&rng); + if (ret != 0) { + goto cleanup; + } +#endif /* WC_X25519_NONBLOCK */ + cleanup: /* clean up keys when done */ @@ -41548,6 +43910,29 @@ if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + wc_MlKemKey_Free(key); + XMEMSET(key, 0, sizeof(MlKemKey)); + key_inited = 0; + ret = wc_MlKemKey_Init(key, WC_ML_KEM_512, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand, + sizeof(kyber512_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_512_ct, + sizeof(ml_kem_512_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif #else (void)ml_kem_512_ct; (void)ml_kem_512_ss; @@ -44867,8 +47252,11 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) { wc_test_ret_t ret; - WC_RNG rng; int i; +#ifndef WC_NO_RNG + WC_RNG rng; + int rng_inited = 0; +#endif #ifdef WOLFSSL_SMALL_STACK MlKemKey *key = NULL; #ifndef WOLFSSL_MLKEM_NO_MAKE_KEY @@ -44935,6 +47323,30 @@ #endif #endif }; +#ifdef WC_NO_RNG +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + /* Fake random data for testing (from mlkem768_kat) */ + WOLFSSL_SMALL_STACK_STATIC const byte make_key_rand[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, + 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, + 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + WOLFSSL_SMALL_STACK_STATIC const byte encap_rand[] = { + 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, + 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +#endif +#endif +#endif + WOLFSSL_ENTER("mlkem_test"); #ifdef WOLFSSL_SMALL_STACK @@ -44978,6 +47390,7 @@ #endif #endif +#ifndef WC_NO_RNG #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); #else @@ -44985,6 +47398,8 @@ #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + rng_inited = 1; +#endif /* WC_NO_RNG */ for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId); @@ -44994,7 +47409,12 @@ key_inited = 1; #ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + #ifndef WC_NO_RNG ret = wc_MlKemKey_MakeKey(key, &rng); + #else + ret = wc_MlKemKey_MakeKeyWithRandom(key, make_key_rand, + sizeof(make_key_rand)); + #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); @@ -45015,7 +47435,12 @@ ERROR_OUT(WC_TEST_RET_ENC_I(i), out); #ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + #ifndef WC_NO_RNG ret = wc_MlKemKey_Encapsulate(key, ct, ss, &rng); + #else + ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, encap_rand, + sizeof(encap_rand)); + #endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); #endif @@ -45063,8 +47488,6 @@ #endif } - wc_FreeRng(&rng); - #ifdef WOLFSSL_WC_MLKEM #if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) ret = mlkem512_kat(); @@ -45088,6 +47511,11 @@ if (key_inited) wc_MlKemKey_Free(key); +#ifndef WC_NO_RNG + if (rng_inited) + wc_FreeRng(&rng); +#endif + #ifdef WOLFSSL_SMALL_STACK XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #ifndef WOLFSSL_MLKEM_NO_MAKE_KEY @@ -45149,7 +47577,7 @@ msg[i] = (byte)i; } - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, NULL, devId); if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); return ret; @@ -48310,7 +50738,7 @@ } #endif - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, NULL, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -48328,14 +50756,14 @@ if (sigLen <= 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key, - rng); + ret = wc_dilithium_sign_ctx_msg(NULL, 0, msg, (word32)sizeof(msg), sig, + &sigLen, key, rng); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifndef WOLFSSL_DILITHIUM_NO_VERIFY - ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, - key); + ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, + (word32)sizeof(msg), &res, key); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (res != 1) @@ -48402,7 +50830,7 @@ /* Initialize key */ if (ret == 0) { - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, NULL, devId); } /* Import raw key, setting the security level */ @@ -48445,7 +50873,7 @@ /* Free and reinit key to test fresh decode */ if (ret == 0) { wc_dilithium_free(key); - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, NULL, devId); } /* First test decoding when security level is set externally */ @@ -48470,7 +50898,7 @@ /* Free and reinit key to test fresh decode */ if (ret == 0) { wc_dilithium_free(key); - ret = wc_dilithium_init(key); + ret = wc_dilithium_init_ex(key, NULL, devId); } #ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT @@ -48619,13 +51047,13 @@ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY ret = dilithium_param_44_vfy_test(); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY ret = dilithium_param_test(WC_ML_DSA_44, &rng); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif #ifndef WOLFSSL_NO_ML_DSA_65 @@ -48633,13 +51061,13 @@ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY ret = dilithium_param_65_vfy_test(); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY ret = dilithium_param_test(WC_ML_DSA_65, &rng); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif #ifndef WOLFSSL_NO_ML_DSA_87 @@ -48647,13 +51075,13 @@ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY ret = dilithium_param_87_vfy_test(); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif #ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY ret = dilithium_param_test(WC_ML_DSA_87, &rng); if (ret != 0) - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); #endif #endif @@ -48663,7 +51091,7 @@ !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) ret = dilithium_decode_test(); if (ret != 0) { - ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ERROR_OUT(ret, out); } #endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) || * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */ @@ -48710,8 +51138,13 @@ word32 skSz = 0; word32 sigSz = 0; word32 bufSz = 0; - unsigned char * sk = NULL; - unsigned char * old_sk = NULL; +#ifdef WOLFSSL_NO_MALLOC + static byte sk[2048]; + static byte old_sk[2048]; +#else + byte * sk = NULL; + byte * old_sk = NULL; +#endif const char * msg = "XMSS post quantum signature test"; word32 msgSz = (word32) XSTRLEN(msg); #if WOLFSSL_XMSS_MIN_HEIGHT <= 10 @@ -48723,7 +51156,11 @@ #else const char * param = "XMSSMT-SHA2_60/12_256"; #endif +#ifdef WOLFSSL_NO_MALLOC + static byte sig[4096]; +#else byte * sig = NULL; +#endif int ret2 = -1; int ret = WC_TEST_RET_ENC_NC; WOLFSSL_ENTER("xmss_test"); @@ -48760,8 +51197,13 @@ if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } /* Allocate signature array. */ +#ifdef WOLFSSL_NO_MALLOC + if (sigSz > sizeof(sig)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } +#endif bufSz = sigSz; @@ -48773,11 +51215,16 @@ #endif /* Allocate current and old secret keys.*/ +#ifdef WOLFSSL_NO_MALLOC + if (skSz > sizeof(sk)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (old_sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } +#endif XMEMSET(sk, 0, skSz); XMEMSET(old_sk, 0, skSz); @@ -48838,6 +51285,7 @@ out: /* Cleanup everything. */ +#ifndef WOLFSSL_NO_MALLOC XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); sig = NULL; @@ -48846,6 +51294,7 @@ XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); old_sk = NULL; +#endif /* !WOLFSSL_NO_MALLOC */ wc_XmssKey_Free(&signingKey); wc_XmssKey_Free(&verifyKey); @@ -49360,6 +51809,9 @@ int sigsLeft = 0; LmsKey signingKey; LmsKey verifyKey; +#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY) + static byte signingKey_priv_data[4096]; +#endif WC_RNG rng; word32 sigSz = 0; const char * msg = "LMS HSS post quantum signature test"; @@ -49415,6 +51867,9 @@ ret = wc_LmsKey_Init(&signingKey, NULL, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } +#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY) + signingKey.priv_data = signingKey_priv_data; +#endif ret = wc_LmsKey_Init(&verifyKey, NULL, devId); if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } @@ -49476,6 +51931,39 @@ ERROR_OUT(WC_TEST_RET_ENC_I(sigSz), out); } + /* Test wc_LmsKey_Sign input validation. */ + { + word32 smallSz = 1; + wc_lms_write_private_key_cb saved_write_cb; + void* saved_ctx; + + /* Undersized sig buffer should return BUFFER_E. */ + ret = wc_LmsKey_Sign(&signingKey, sig, &smallSz, (byte *) msg, msgSz); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* NULL write callback should return BAD_FUNC_ARG. */ + saved_write_cb = signingKey.write_private_key; + signingKey.write_private_key = NULL; + ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz); + signingKey.write_private_key = saved_write_cb; + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* NULL context should return BAD_FUNC_ARG. */ + saved_ctx = signingKey.context; + signingKey.context = NULL; + ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz); + signingKey.context = saved_ctx; + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = 0; + } + /* 2 ** 5 should be the max number of signatures */ for (i = 0; i < 32; ++i) { /* We should have remaining signstures. */ @@ -49524,6 +52012,9 @@ out: +#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY) + signingKey.priv_data = NULL; +#endif wc_LmsKey_Free(&signingKey); wc_LmsKey_Free(&verifyKey); @@ -49887,6 +52378,1307 @@ #endif #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */ +#if defined(WOLFSSL_HAVE_SLHDSA) +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +static wc_test_ret_t slhdsa_test_param(enum SlhDsaParam param) +{ + int ret; + WC_RNG rng; + WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT); + WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT); + WC_DECLARE_VAR(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT); + word32 sigLen; + byte pk[WC_SLHDSA_MAX_PUB_LEN]; + word32 outLen; + static const byte msg[] = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, + 0x72, 0x6c, 0x64, 0x21 + }; + byte ctx[1]; + + WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E)); + WC_ALLOC_VAR_EX(key_vfy, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E)); + WC_ALLOC_VAR_EX(sig, byte, WC_SLHDSA_MAX_SIG_LEN, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, return WC_TEST_RET_ENC_EC(MEMORY_E)); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_SlhDsaKey_Init(key, param, NULL, INVALID_DEVID); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SlhDsaKey_MakeKey(key, &rng); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ret = wc_SlhDsaKey_Sign(key, ctx, 0, msg, (word32)sizeof(msg), + sig, &sigLen, &rng); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + outLen = (word32)sizeof(pk); + + ret = wc_SlhDsaKey_ExportPublic(key, pk, &outLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_SlhDsaKey_Init(key_vfy, param, NULL, INVALID_DEVID); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SlhDsaKey_ImportPublic(key_vfy, pk, outLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SlhDsaKey_Verify(key_vfy, ctx, 0, msg, (word32)sizeof(msg), + sig, sigLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + sigLen = WC_SLHDSA_MAX_SIG_LEN; + ret = wc_SlhDsaKey_SignHash(key, ctx, 0, msg, (word32)sizeof(msg), + WC_HASH_TYPE_SHAKE256, sig, &sigLen, &rng); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SlhDsaKey_VerifyHash(key_vfy, ctx, 0, msg, (word32)sizeof(msg), + WC_HASH_TYPE_SHAKE256, sig, sigLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + +out: + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key_vfy) +#endif + { + wc_SlhDsaKey_Free(key_vfy); + } +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key_vfy) +#endif + { + wc_SlhDsaKey_Free(key); + } + wc_FreeRng(&rng); + WC_FREE_VAR_EX(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif + +wc_test_ret_t slhdsa_test(void) +{ +#if !defined(WOLFSSL_SLHDSA_VERIFY_ONLY) || defined(WOLFSSL_SLHDSA_PARAM_128S) + int ret; +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_128S + WC_DECLARE_VAR(key_vfy, SlhDsaKey, 1, HEAP_HINT); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + WC_DECLARE_VAR(key, SlhDsaKey, 1, HEAP_HINT); + static const byte sk_seed_shake128s[] = { + 0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B, + 0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14 + }; + static const byte sk_prf_shake128s[] = { + 0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA, + 0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4 + }; + static const byte pk_seed_shake128s[] = { + 0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76, + 0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE + }; + static const byte sk_shake128s[] = { + 0x17, 0x3D, 0x04, 0xC9, 0x38, 0xC1, 0xC3, 0x6B, + 0xF2, 0x89, 0xC3, 0xC0, 0x22, 0xD0, 0x4B, 0x14, + 0x63, 0xAE, 0x23, 0xC4, 0x1A, 0xA5, 0x46, 0xDA, + 0x58, 0x97, 0x74, 0xAC, 0x20, 0xB7, 0x45, 0xC4, + 0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76, + 0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE, + 0x82, 0x6e, 0x97, 0xbc, 0xb0, 0x1b, 0x78, 0x7b, + 0xc6, 0xb5, 0xa7, 0xbb, 0xe3, 0x7e, 0xb4, 0xa8 + }; +#endif + static const byte pk_shake128s[] = { + 0x0D, 0x79, 0x47, 0x77, 0x91, 0x4C, 0x99, 0x76, + 0x68, 0x27, 0xF0, 0xF0, 0x9C, 0xA9, 0x72, 0xBE, + 0x82, 0x6e, 0x97, 0xbc, 0xb0, 0x1b, 0x78, 0x7b, + 0xc6, 0xb5, 0xa7, 0xbb, 0xe3, 0x7e, 0xb4, 0xa8 + }; +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + WC_DECLARE_VAR(sk, byte, WC_SLHDSA_MAX_PRIV_LEN, HEAP_HINT); + WC_DECLARE_VAR(pk, byte, WC_SLHDSA_MAX_PUB_LEN, HEAP_HINT); + word32 outLen; +#endif + static const byte msg[] = { + 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, + 0x72, 0x6c, 0x64, 0x21 + }; + byte ctx[1]; + static const byte sig_shake128s[] = { + 0xde, 0x3c, 0x1e, 0xeb, 0xbf, 0xa9, 0x73, 0x51, + 0x9d, 0xa4, 0x03, 0x0b, 0x00, 0x86, 0x94, 0x6c, + 0x80, 0x4d, 0xd9, 0x11, 0x21, 0x04, 0xf2, 0x5d, + 0x68, 0x4b, 0xd2, 0xdb, 0x64, 0x0f, 0xf6, 0x49, + 0xd3, 0xcd, 0x26, 0x50, 0xe6, 0xa0, 0x61, 0xe4, + 0xad, 0x00, 0xdb, 0x43, 0x06, 0x75, 0x12, 0xdf, + 0x41, 0xdf, 0xee, 0xab, 0xc3, 0xd8, 0x67, 0x26, + 0x10, 0x8f, 0x7f, 0x61, 0xe7, 0x47, 0xd4, 0xa6, + 0x96, 0xf9, 0x28, 0xdf, 0x5f, 0xf2, 0x7d, 0x70, + 0x12, 0x4a, 0xc2, 0x15, 0x67, 0x45, 0x4f, 0x4a, + 0xd0, 0x9b, 0x42, 0xfb, 0x6e, 0xff, 0xd4, 0x14, + 0x65, 0x25, 0xe4, 0x12, 0xcf, 0x04, 0xd1, 0xe1, + 0x36, 0x27, 0x0e, 0xd7, 0x5e, 0x18, 0xe4, 0xb8, + 0xe0, 0xaa, 0xd9, 0x5b, 0x8f, 0x15, 0x8e, 0x44, + 0x53, 0xa0, 0xc2, 0xcb, 0x50, 0x70, 0x01, 0x43, + 0x3e, 0x5a, 0x98, 0xb9, 0x35, 0xc0, 0xb2, 0x94, + 0x47, 0x88, 0xb7, 0xf9, 0x7e, 0xae, 0x0e, 0xd5, + 0xf4, 0x48, 0xa8, 0x86, 0xdf, 0xbd, 0xad, 0xb0, + 0x7d, 0x6b, 0x26, 0xe3, 0x37, 0x82, 0x41, 0x6f, + 0xf8, 0xc9, 0x38, 0xb8, 0xdc, 0xe7, 0x7e, 0x47, + 0xe9, 0x8d, 0xe8, 0x91, 0x12, 0x4d, 0x56, 0xdb, + 0x69, 0x9b, 0x25, 0x85, 0x22, 0x9e, 0xbf, 0x06, + 0x4a, 0x6b, 0xa0, 0xec, 0xf6, 0xf5, 0x29, 0x6e, + 0x97, 0x10, 0x70, 0x11, 0x25, 0xe0, 0x90, 0x6a, + 0x02, 0xf6, 0x3f, 0xbf, 0xb5, 0x5e, 0x3e, 0x4b, + 0x26, 0xf2, 0xfd, 0xc0, 0x54, 0x22, 0x15, 0xfb, + 0x7a, 0x0a, 0x9d, 0x58, 0xb9, 0xe5, 0x62, 0xf2, + 0x89, 0x23, 0x1f, 0x29, 0x68, 0xd9, 0x4c, 0x93, + 0x82, 0xad, 0xc8, 0xbf, 0x59, 0x04, 0x04, 0xaa, + 0xee, 0x35, 0xd6, 0xfc, 0x6f, 0x06, 0xde, 0x28, + 0x8d, 0xc8, 0xfe, 0x97, 0x32, 0x0e, 0x44, 0x30, + 0xd5, 0x70, 0x97, 0x83, 0xc8, 0x5b, 0xf1, 0xab, + 0xdf, 0x48, 0x6d, 0x16, 0xf7, 0xee, 0xee, 0x7b, + 0xb0, 0x50, 0x33, 0xbc, 0x46, 0x01, 0x46, 0x46, + 0xf2, 0x40, 0xcb, 0xf5, 0x62, 0xfc, 0xc4, 0x91, + 0x16, 0xce, 0xd1, 0x29, 0x78, 0xfb, 0x63, 0xbc, + 0xc6, 0x76, 0x57, 0xc3, 0x00, 0xcc, 0xfc, 0xda, + 0x9a, 0xb7, 0x00, 0xb3, 0xea, 0xf7, 0x3a, 0xdc, + 0x1d, 0x41, 0xbf, 0x67, 0x14, 0x63, 0x7f, 0xaa, + 0x18, 0x49, 0x8c, 0x21, 0x57, 0x24, 0x5f, 0xbf, + 0x28, 0x8e, 0x0c, 0x37, 0x5f, 0xb8, 0xa2, 0x71, + 0xb5, 0xc9, 0xdb, 0x80, 0x7a, 0xd3, 0xe9, 0x35, + 0x4b, 0x96, 0x90, 0x0f, 0x0a, 0xa6, 0x45, 0xfe, + 0xc3, 0x84, 0xeb, 0x2d, 0x75, 0xc1, 0x3b, 0x32, + 0x3c, 0xf7, 0x12, 0x54, 0x85, 0xa3, 0xac, 0x57, + 0x1c, 0xe2, 0x23, 0xb0, 0xac, 0x24, 0xa7, 0xcf, + 0xab, 0x14, 0xd9, 0xb6, 0x96, 0x87, 0x9f, 0x5a, + 0x9c, 0xf6, 0xad, 0xda, 0x86, 0x97, 0x94, 0x82, + 0x42, 0x48, 0x44, 0x31, 0x65, 0x72, 0xd7, 0x78, + 0xc2, 0xc9, 0x49, 0x11, 0x69, 0x1e, 0xaf, 0x8d, + 0xf3, 0x8e, 0xf8, 0x00, 0x2f, 0x93, 0xde, 0xcb, + 0xb0, 0x14, 0xb2, 0x52, 0xfe, 0x65, 0x9a, 0x93, + 0xe7, 0x83, 0x06, 0xf3, 0x8f, 0xa3, 0x0d, 0x65, + 0xfb, 0x84, 0xbf, 0xe3, 0xb2, 0x68, 0xa7, 0x37, + 0x54, 0x76, 0x52, 0xcd, 0xfa, 0x4a, 0x1d, 0x11, + 0x54, 0x22, 0xf5, 0xc6, 0x72, 0x8b, 0xc1, 0x79, + 0x3c, 0xda, 0x7e, 0x3f, 0xea, 0x93, 0xce, 0x6e, + 0xbd, 0xb4, 0x61, 0xf3, 0x95, 0x2b, 0xc4, 0x62, + 0xa9, 0x9a, 0x46, 0xb2, 0x37, 0xdb, 0xa5, 0x98, + 0x8e, 0x19, 0xed, 0x66, 0x5a, 0xad, 0xc5, 0x7a, + 0xdd, 0x4f, 0xed, 0x8d, 0x43, 0xb2, 0xbe, 0x63, + 0x8e, 0x3d, 0x2c, 0xf0, 0xc7, 0x8d, 0x27, 0x3a, + 0xc6, 0xbb, 0xb4, 0xfb, 0xf4, 0xc9, 0x3a, 0x47, + 0x31, 0x99, 0x22, 0xfb, 0x48, 0x4e, 0xd4, 0x44, + 0xf9, 0x63, 0xe1, 0x50, 0x9d, 0x4a, 0xdf, 0xee, + 0xe0, 0x9d, 0xe1, 0x5e, 0x40, 0x79, 0x6b, 0x11, + 0x1f, 0x03, 0xdb, 0x8b, 0xae, 0x9b, 0xef, 0x00, + 0x0a, 0xbe, 0xa1, 0xd5, 0x7e, 0x5c, 0x60, 0x5f, + 0x16, 0xd7, 0xb3, 0xf6, 0x15, 0xab, 0x92, 0xa3, + 0xcf, 0xf1, 0xcc, 0xa3, 0xe8, 0x49, 0x68, 0xcf, + 0xfe, 0x09, 0x4e, 0xdb, 0xb9, 0x50, 0x1a, 0x6d, + 0x5f, 0xde, 0x09, 0x25, 0xb1, 0x14, 0xfe, 0xef, + 0x6e, 0x30, 0xbb, 0x40, 0x45, 0x35, 0x06, 0xbe, + 0xdb, 0xa0, 0x49, 0x0c, 0x5f, 0x53, 0x65, 0x5a, + 0xac, 0x49, 0x78, 0xd0, 0xa4, 0x38, 0xf3, 0x42, + 0xbb, 0xd2, 0x30, 0x23, 0x95, 0x61, 0x18, 0x9d, + 0x18, 0x70, 0xe9, 0x51, 0x96, 0xab, 0x81, 0xd7, + 0xba, 0x53, 0xa8, 0x00, 0xdb, 0xc9, 0xa8, 0xed, + 0xc9, 0x17, 0xde, 0x51, 0x01, 0x61, 0xee, 0x09, + 0xe5, 0x6c, 0xe3, 0xed, 0x5a, 0x61, 0xee, 0x87, + 0x49, 0x7f, 0xe1, 0x1a, 0x29, 0x6c, 0x34, 0x34, + 0xcc, 0x3f, 0x7a, 0x8f, 0x13, 0xe0, 0x12, 0x20, + 0xa7, 0x48, 0xf5, 0x97, 0xef, 0xc1, 0x25, 0x49, + 0xbd, 0xe2, 0x03, 0xf1, 0x39, 0xbe, 0x32, 0x73, + 0xc6, 0x6c, 0x8a, 0xb6, 0x0e, 0x14, 0xc8, 0x11, + 0xa0, 0x99, 0x91, 0x5c, 0xb8, 0x00, 0x24, 0x0d, + 0x7e, 0x7d, 0x91, 0x3e, 0x79, 0x80, 0xfa, 0x9b, + 0x54, 0x5b, 0x9a, 0x9b, 0x64, 0x0a, 0xf0, 0xae, + 0x67, 0xca, 0xba, 0xdf, 0x2c, 0x17, 0x51, 0x50, + 0x29, 0xab, 0x19, 0xc5, 0xf2, 0xf5, 0x3c, 0x4b, + 0xd8, 0x40, 0xc9, 0x4f, 0xa7, 0x61, 0x7b, 0x97, + 0x0b, 0x6f, 0x3b, 0x0a, 0x3c, 0x91, 0x3e, 0xff, + 0x9f, 0x7a, 0xe3, 0x9d, 0xc9, 0x93, 0x3b, 0x11, + 0xb7, 0x25, 0x5e, 0x25, 0x62, 0x51, 0x7b, 0xb0, + 0xcf, 0x21, 0x3d, 0xa2, 0x5c, 0x4a, 0x79, 0xec, + 0x13, 0xd3, 0xeb, 0xd9, 0xd4, 0xb8, 0xca, 0x49, + 0xce, 0x4f, 0x58, 0xbd, 0xe3, 0x43, 0x9c, 0x49, + 0x71, 0x21, 0xc8, 0x56, 0x85, 0x70, 0xbe, 0xc6, + 0xe9, 0x42, 0xde, 0x9a, 0x39, 0x96, 0x51, 0x1f, + 0xcc, 0x98, 0x6f, 0x25, 0xa9, 0xf3, 0x1a, 0xad, + 0x05, 0xfc, 0x8c, 0x4e, 0x30, 0x84, 0xc0, 0xb4, + 0x08, 0x51, 0x83, 0x92, 0x51, 0x3e, 0x9e, 0x59, + 0xaa, 0x3b, 0x5f, 0x43, 0x80, 0x66, 0x1b, 0x45, + 0xf0, 0x15, 0xd8, 0x86, 0x51, 0xd3, 0x26, 0x4b, + 0xb1, 0x3b, 0x3f, 0xd0, 0xea, 0x7c, 0x10, 0xf7, + 0xaa, 0xd1, 0xe3, 0x24, 0xb7, 0xbe, 0x7a, 0xa2, + 0x78, 0xd4, 0xea, 0x15, 0x7a, 0x90, 0x4d, 0x16, + 0x9e, 0xb9, 0xf0, 0xa4, 0x39, 0x4e, 0xa7, 0x0c, + 0x77, 0x6b, 0x26, 0xbe, 0xf2, 0xc0, 0x62, 0x9d, + 0x1f, 0x6e, 0x71, 0x9e, 0x6b, 0xe9, 0x46, 0xcc, + 0x32, 0xa4, 0x18, 0xd3, 0xec, 0x60, 0xef, 0xfc, + 0x88, 0x3c, 0x73, 0x81, 0x25, 0xb3, 0x89, 0x7b, + 0x03, 0x56, 0xd0, 0x6c, 0x9a, 0xdf, 0x44, 0xce, + 0x71, 0x47, 0x79, 0xf0, 0x3b, 0xa3, 0x62, 0x17, + 0x2f, 0x08, 0xab, 0x8f, 0xfc, 0x44, 0x1b, 0x8a, + 0xd0, 0xee, 0x48, 0xca, 0xd5, 0x49, 0x64, 0x54, + 0x98, 0xcb, 0xff, 0x3d, 0xb1, 0x05, 0x9e, 0x63, + 0x15, 0xcf, 0xbd, 0xb3, 0x83, 0xc1, 0xa4, 0x4a, + 0x46, 0xf3, 0x72, 0x49, 0x56, 0x29, 0x76, 0xbc, + 0x51, 0x52, 0x49, 0x39, 0xca, 0xbf, 0x13, 0x06, + 0xcd, 0x2a, 0x08, 0x31, 0xbe, 0x9b, 0xb0, 0xc3, + 0x01, 0x51, 0xd0, 0x17, 0xef, 0xff, 0x25, 0x65, + 0x48, 0x15, 0x85, 0x94, 0x6a, 0x8f, 0x32, 0x5f, + 0x92, 0x79, 0xbd, 0xf4, 0x25, 0x27, 0x2c, 0x6e, + 0x34, 0xf8, 0xab, 0x54, 0xd4, 0xc6, 0x49, 0x0e, + 0x7d, 0x1c, 0x1a, 0xa9, 0x3b, 0x12, 0x5a, 0x62, + 0xa0, 0xa2, 0x8f, 0x0d, 0xcd, 0x26, 0x1a, 0x09, + 0xcb, 0x19, 0x2c, 0xf9, 0x1b, 0x35, 0x48, 0x1d, + 0x16, 0x9f, 0x9e, 0x4a, 0xe5, 0x8a, 0x22, 0xb3, + 0xb6, 0x02, 0xd1, 0x8e, 0x70, 0x40, 0xb5, 0x02, + 0xb1, 0x24, 0xfa, 0xa8, 0x0b, 0x04, 0x49, 0xb1, + 0x53, 0x2e, 0x42, 0xc3, 0xeb, 0x94, 0x5b, 0x5f, + 0x8d, 0xee, 0xa7, 0x54, 0xaf, 0x24, 0xeb, 0xa4, + 0x58, 0x66, 0xea, 0x47, 0xd3, 0x49, 0x6b, 0xdb, + 0x6f, 0xa9, 0xf5, 0x0d, 0x83, 0x1c, 0xf2, 0xe4, + 0x45, 0x31, 0xdc, 0xb8, 0xca, 0xaf, 0xd9, 0xa1, + 0xfa, 0xc6, 0x06, 0x96, 0x85, 0xb3, 0x20, 0x4c, + 0x2d, 0x9f, 0xe1, 0xb4, 0xb0, 0xbb, 0xdb, 0x0b, + 0x38, 0x80, 0xe2, 0x7f, 0x24, 0xa4, 0x43, 0xef, + 0xea, 0xc9, 0x55, 0xb2, 0x6d, 0xd1, 0x67, 0x73, + 0xae, 0x9a, 0xbf, 0xba, 0x5e, 0x57, 0xee, 0x21, + 0xea, 0x84, 0xbf, 0xd7, 0x03, 0xf4, 0x52, 0xfb, + 0xfe, 0x67, 0x67, 0x56, 0xcf, 0x21, 0xb5, 0x0f, + 0x70, 0xca, 0x51, 0xec, 0x89, 0x83, 0xa8, 0xb1, + 0x77, 0xff, 0x23, 0x28, 0x4a, 0x05, 0x20, 0x53, + 0x60, 0xf6, 0xd4, 0x06, 0xba, 0x5e, 0x9a, 0xf1, + 0x6d, 0x90, 0x04, 0xf1, 0x23, 0x3e, 0xc4, 0xfb, + 0xb5, 0x0b, 0x82, 0x47, 0x8c, 0x0e, 0x5d, 0xa3, + 0x72, 0x65, 0x31, 0x2c, 0x26, 0x7a, 0xac, 0xd3, + 0x8b, 0x76, 0x7e, 0x22, 0x99, 0x37, 0x96, 0x3e, + 0xcd, 0x0f, 0x09, 0x8a, 0x9a, 0x72, 0xf3, 0x1d, + 0xc5, 0x28, 0xdc, 0x83, 0xf2, 0x9e, 0x3f, 0x33, + 0x90, 0x0e, 0x69, 0x56, 0x75, 0xeb, 0x0c, 0xf2, + 0xcd, 0xb0, 0x20, 0x58, 0x9a, 0x7c, 0x62, 0x53, + 0x1e, 0x01, 0x5d, 0xe1, 0xc8, 0xa8, 0x21, 0x1f, + 0xde, 0x10, 0xb0, 0xaa, 0xe6, 0xfb, 0x7e, 0x1e, + 0xc4, 0xdf, 0xfa, 0x2d, 0xb3, 0xd1, 0x98, 0x13, + 0xe7, 0x76, 0xe5, 0x8d, 0xc8, 0x05, 0xd2, 0x11, + 0x6e, 0xd6, 0x4f, 0xa0, 0x8d, 0x01, 0xf7, 0x72, + 0x78, 0xc9, 0x9a, 0xd4, 0xb4, 0xab, 0x46, 0xa9, + 0x08, 0x21, 0x25, 0x7b, 0xc1, 0xf2, 0x6a, 0x59, + 0x84, 0x56, 0xef, 0x40, 0x10, 0x46, 0xd3, 0x67, + 0xa0, 0x45, 0xc4, 0xa5, 0xd9, 0xab, 0x12, 0x84, + 0xb2, 0x62, 0x5d, 0x93, 0x8e, 0x47, 0xe3, 0x22, + 0xf8, 0x44, 0x54, 0x92, 0xe6, 0xc3, 0x18, 0xa1, + 0x32, 0xf3, 0x65, 0x9e, 0xc0, 0x0e, 0x23, 0x6a, + 0xde, 0x57, 0x56, 0x63, 0x30, 0x57, 0x2c, 0x19, + 0x60, 0x9a, 0xd1, 0x94, 0x26, 0x6a, 0xd2, 0x90, + 0x3b, 0x92, 0xaf, 0x46, 0x76, 0x2b, 0x61, 0xeb, + 0xd1, 0x70, 0xb4, 0x9d, 0xc2, 0xe3, 0x94, 0x7b, + 0xa8, 0x17, 0xa8, 0x9f, 0xaa, 0x2c, 0x37, 0x63, + 0x7d, 0xd4, 0x30, 0xe7, 0x4b, 0x77, 0xe7, 0x2c, + 0x7b, 0xfd, 0xdb, 0x90, 0x67, 0x69, 0x15, 0x08, + 0xda, 0x74, 0xfa, 0x1f, 0xba, 0x4b, 0x70, 0x4f, + 0x78, 0x92, 0xe2, 0x33, 0x17, 0x4b, 0xf1, 0x09, + 0x9f, 0x5b, 0xba, 0xdd, 0x39, 0x8f, 0x96, 0x70, + 0xd0, 0x4b, 0x27, 0xda, 0x53, 0x83, 0xb4, 0x8d, + 0x69, 0x80, 0x31, 0x16, 0x67, 0x3b, 0x97, 0x7d, + 0x9e, 0x81, 0xd8, 0x64, 0x17, 0x14, 0xa6, 0xd5, + 0xca, 0x2f, 0xd6, 0x63, 0x41, 0x6f, 0x64, 0x7c, + 0x02, 0x66, 0x01, 0x0a, 0x67, 0x93, 0x20, 0x13, + 0xbc, 0x22, 0xb4, 0x31, 0x04, 0xb2, 0x7c, 0x77, + 0x06, 0x95, 0x43, 0x1f, 0x78, 0x44, 0x93, 0x52, + 0x33, 0x0a, 0xd8, 0xbb, 0x19, 0x92, 0x85, 0xd8, + 0x3c, 0x54, 0xbe, 0xd8, 0xb4, 0xbe, 0xc0, 0x6f, + 0xf1, 0xcc, 0xda, 0xf1, 0x21, 0x6b, 0x4b, 0xa4, + 0x9c, 0x83, 0x5c, 0x94, 0x83, 0x1c, 0x25, 0x22, + 0xf2, 0x17, 0x39, 0x8e, 0x86, 0xf2, 0xa2, 0x8e, + 0x3c, 0xf1, 0xba, 0xa2, 0x23, 0x20, 0x4c, 0x9a, + 0xe2, 0x41, 0x02, 0x35, 0xf7, 0x21, 0x53, 0x33, + 0xba, 0xf1, 0x9b, 0x75, 0x1c, 0xae, 0xe4, 0x4a, + 0x17, 0xa1, 0x69, 0x9e, 0x94, 0x27, 0xd6, 0xfa, + 0x75, 0xd4, 0xbb, 0x1d, 0xb3, 0x97, 0x08, 0xb1, + 0x52, 0x56, 0x17, 0x04, 0x0e, 0x21, 0x8c, 0x3f, + 0xcc, 0x89, 0x0b, 0xfb, 0x63, 0xb8, 0x16, 0x63, + 0x56, 0x25, 0x6d, 0xcc, 0x70, 0x56, 0xc5, 0x46, + 0x58, 0x8d, 0x34, 0x30, 0x5d, 0x3a, 0xcf, 0x86, + 0xa1, 0xfc, 0xc8, 0xdc, 0xcc, 0x3e, 0x2f, 0x86, + 0x47, 0xcb, 0x12, 0x82, 0xcc, 0x5f, 0x6f, 0x47, + 0x9d, 0x23, 0x5e, 0x0e, 0xd8, 0xac, 0x6e, 0xcc, + 0x7d, 0x44, 0xb6, 0x43, 0x54, 0xda, 0x1c, 0xc8, + 0x0d, 0x7b, 0x1c, 0xd3, 0xdb, 0x96, 0x9d, 0x25, + 0xd1, 0x4c, 0x21, 0x63, 0x40, 0x1a, 0xb9, 0x28, + 0x17, 0x1c, 0x4c, 0x52, 0x41, 0xc2, 0xa9, 0x7d, + 0x36, 0x64, 0xe6, 0x48, 0xda, 0xc1, 0x57, 0xce, + 0x07, 0xcc, 0x27, 0x1b, 0x4f, 0xe0, 0xc6, 0xa6, + 0xfc, 0x1a, 0x49, 0x1a, 0xac, 0xa5, 0x30, 0xfa, + 0xc4, 0xba, 0x0a, 0x2b, 0xba, 0x59, 0xdd, 0x61, + 0xb8, 0xa5, 0x50, 0xac, 0x86, 0xd6, 0xbd, 0xd6, + 0x3c, 0x59, 0xce, 0xa3, 0xe2, 0x38, 0xe2, 0x66, + 0xc2, 0x75, 0xa2, 0x28, 0x0e, 0x0c, 0xa9, 0x6d, + 0x23, 0xd5, 0x1a, 0x41, 0xb8, 0x40, 0x17, 0xaf, + 0xd8, 0x43, 0x4c, 0xe2, 0x11, 0xe0, 0x0b, 0x5f, + 0xca, 0xbb, 0x58, 0x68, 0x9e, 0xbb, 0xc3, 0x3f, + 0x26, 0x2b, 0x73, 0x8f, 0x4d, 0x76, 0xd1, 0xde, + 0xbf, 0x31, 0xd3, 0x8d, 0x4a, 0xbb, 0x7f, 0x57, + 0x73, 0x3c, 0xee, 0xaf, 0xa3, 0xe8, 0x60, 0x61, + 0x0c, 0x85, 0x06, 0xb3, 0xb4, 0xeb, 0x14, 0xd6, + 0x4c, 0x61, 0x07, 0xc8, 0x73, 0x7e, 0x17, 0xf4, + 0x0c, 0x40, 0x63, 0x00, 0x2a, 0x83, 0x19, 0x66, + 0xeb, 0x1e, 0x8d, 0x4c, 0x66, 0x32, 0xe6, 0xa4, + 0xdb, 0x77, 0x17, 0x52, 0x8a, 0x2d, 0x79, 0xf4, + 0xac, 0x61, 0x88, 0x4d, 0xac, 0x7f, 0x78, 0xdc, + 0x7b, 0x2d, 0x17, 0xfe, 0xff, 0x5d, 0x8a, 0x26, + 0xa2, 0x4a, 0x1d, 0x91, 0xa3, 0x73, 0x0e, 0x5f, + 0x54, 0x29, 0xcf, 0x87, 0xf7, 0x00, 0x73, 0x47, + 0x61, 0xcc, 0xfe, 0x53, 0x4b, 0x22, 0x14, 0xce, + 0xf3, 0xe1, 0xaf, 0x96, 0x81, 0x4c, 0x80, 0xfd, + 0x5b, 0x39, 0xbc, 0x75, 0x4f, 0xcc, 0xc0, 0xfb, + 0x2c, 0xd3, 0x2e, 0x0b, 0xad, 0xaa, 0xcb, 0x90, + 0x4a, 0xca, 0xd5, 0x39, 0x3a, 0x0b, 0x7b, 0x38, + 0x54, 0x76, 0x74, 0xa5, 0xa2, 0x36, 0xcd, 0x4e, + 0xc4, 0x42, 0x86, 0x1c, 0x1c, 0x94, 0x44, 0x05, + 0x4e, 0xad, 0x94, 0xea, 0x88, 0x14, 0xc5, 0x4f, + 0x4a, 0x18, 0xde, 0x48, 0x73, 0x1a, 0x6f, 0x4e, + 0xa6, 0x16, 0x78, 0xba, 0x54, 0xd8, 0x2b, 0x6b, + 0x34, 0xf8, 0x2f, 0x58, 0x48, 0x11, 0xf6, 0x13, + 0x6c, 0xa8, 0x29, 0x4f, 0xbb, 0x67, 0xb2, 0x6d, + 0x90, 0x68, 0xa2, 0x00, 0x0c, 0x72, 0xa5, 0xcb, + 0x4a, 0xa8, 0x67, 0x9e, 0x9b, 0x62, 0x1a, 0x3f, + 0x5c, 0x92, 0xc5, 0xe8, 0xd3, 0x35, 0xf1, 0xcd, + 0xdc, 0x41, 0xc8, 0x03, 0xf0, 0x28, 0xe4, 0x74, + 0xa7, 0xa0, 0xe4, 0x07, 0xd7, 0x95, 0x57, 0x5a, + 0xeb, 0xd8, 0x9e, 0xc1, 0x4c, 0x06, 0xb3, 0xeb, + 0x0e, 0x3b, 0x7e, 0x02, 0x29, 0x7b, 0xd0, 0xd7, + 0x8b, 0xfb, 0x7d, 0x41, 0x7c, 0xb0, 0x0a, 0x34, + 0x90, 0x63, 0x2e, 0xc7, 0xd8, 0x77, 0xab, 0x37, + 0x3b, 0x2a, 0x41, 0x2c, 0xa8, 0xf9, 0x31, 0x26, + 0x7a, 0x9a, 0xb9, 0x90, 0xf3, 0xca, 0x62, 0xc3, + 0x6d, 0x19, 0xc4, 0xe4, 0x58, 0x16, 0xd3, 0x76, + 0xa8, 0xf1, 0xd1, 0x7a, 0xf1, 0xeb, 0x28, 0x4a, + 0x2c, 0x85, 0xb1, 0xa6, 0x7f, 0xb6, 0xcd, 0xc8, + 0x83, 0x3e, 0xba, 0x13, 0xfa, 0x25, 0x7e, 0x0f, + 0x7b, 0xf3, 0xb8, 0x82, 0x2f, 0xfc, 0xfd, 0x9a, + 0xa1, 0xa5, 0x2d, 0xa9, 0x48, 0x08, 0x4c, 0x6b, + 0xfc, 0x34, 0x6b, 0xd3, 0x0b, 0x62, 0x78, 0x96, + 0xee, 0x3c, 0xb4, 0xf3, 0x39, 0x82, 0x00, 0xc0, + 0xd4, 0x90, 0x8d, 0x43, 0x34, 0xda, 0x9f, 0xa8, + 0xee, 0x82, 0xb7, 0x85, 0x8c, 0x12, 0xb0, 0x71, + 0x99, 0x68, 0xdb, 0xe0, 0x04, 0x26, 0xa4, 0x43, + 0x27, 0xe2, 0x49, 0x91, 0x3f, 0xc3, 0xd2, 0xaf, + 0x98, 0x44, 0x85, 0x1b, 0xef, 0x02, 0x0e, 0xe7, + 0xf3, 0xf1, 0xe0, 0x1d, 0xe3, 0x04, 0xf1, 0x37, + 0x67, 0x1d, 0x43, 0xde, 0xfd, 0xc4, 0x9b, 0x06, + 0x13, 0xa0, 0xe6, 0x7d, 0x6e, 0xaa, 0x99, 0xf2, + 0x6d, 0x30, 0xcd, 0x98, 0x9e, 0x5a, 0x2b, 0xba, + 0x04, 0x8b, 0x66, 0x5e, 0x29, 0x0c, 0xd8, 0x35, + 0x98, 0x13, 0xf4, 0x59, 0xbe, 0xa8, 0x6a, 0x9a, + 0x5b, 0x1b, 0x3a, 0x6a, 0xda, 0x95, 0x9c, 0x4a, + 0x35, 0xc9, 0x88, 0x54, 0x59, 0x07, 0xf4, 0xc6, + 0x4b, 0x5c, 0xfe, 0xb1, 0x15, 0x89, 0x71, 0x21, + 0xf3, 0xd8, 0x0c, 0x7f, 0xfb, 0x89, 0x59, 0x22, + 0x14, 0x31, 0x23, 0x71, 0x8a, 0x39, 0x47, 0x4d, + 0x01, 0x35, 0xc5, 0x24, 0x14, 0x5b, 0xe2, 0xe6, + 0x21, 0x47, 0xce, 0x45, 0xa6, 0x34, 0xcb, 0x41, + 0xc9, 0x5d, 0x9b, 0xe9, 0x97, 0xa1, 0x97, 0x53, + 0xac, 0x0a, 0xda, 0xf2, 0x31, 0x7f, 0x25, 0x34, + 0xbf, 0x04, 0xfb, 0x7b, 0xaa, 0x5c, 0xfc, 0xb3, + 0x67, 0x69, 0x4a, 0xe8, 0xf7, 0xe7, 0x50, 0x5c, + 0xc0, 0x69, 0x07, 0xe3, 0x47, 0x0f, 0x95, 0x60, + 0x2d, 0xf3, 0xcd, 0x6c, 0xc7, 0xa9, 0x83, 0xba, + 0x56, 0x7f, 0x32, 0x6e, 0x94, 0xfb, 0xc8, 0x24, + 0x85, 0x24, 0x4e, 0x10, 0x3e, 0x0f, 0x92, 0xa6, + 0x48, 0xd8, 0x11, 0x09, 0x79, 0xb6, 0xcc, 0x0e, + 0x00, 0x28, 0x5b, 0xa1, 0x2b, 0x42, 0x5c, 0x16, + 0x29, 0x96, 0x7d, 0x11, 0xc3, 0x2f, 0x8e, 0x81, + 0x34, 0x30, 0x49, 0x13, 0xc6, 0x9c, 0xee, 0xa8, + 0xf9, 0xff, 0x3c, 0x6d, 0x83, 0x8d, 0x13, 0x14, + 0xbe, 0x5e, 0x8d, 0xf2, 0xe7, 0x8d, 0xc3, 0xd9, + 0x79, 0xd3, 0x35, 0x9b, 0xb4, 0x8b, 0xdb, 0x3d, + 0x46, 0x4a, 0x18, 0xaf, 0xa9, 0x25, 0xab, 0x16, + 0x2f, 0x3d, 0xdd, 0xab, 0x33, 0x5f, 0x07, 0x92, + 0xf6, 0x77, 0xa6, 0x37, 0x7f, 0xec, 0x37, 0xbe, + 0x41, 0xe2, 0xb2, 0x29, 0x55, 0x5e, 0x33, 0x6c, + 0xaf, 0xdc, 0x46, 0x4b, 0x33, 0x6e, 0xd1, 0xec, + 0x4d, 0xf0, 0x74, 0xa2, 0xbc, 0xde, 0xf3, 0xde, + 0xcf, 0xf0, 0xee, 0x99, 0x6e, 0x0c, 0xc9, 0x83, + 0xb8, 0x09, 0x30, 0xd0, 0xd1, 0x23, 0xf2, 0xcf, + 0xc1, 0x48, 0x96, 0x3f, 0x6e, 0x61, 0xc3, 0x4b, + 0xe7, 0x96, 0xdc, 0xca, 0x6d, 0x56, 0x47, 0x84, + 0xbe, 0x49, 0xba, 0x42, 0x1a, 0x15, 0x47, 0xf9, + 0xd4, 0xf6, 0xf8, 0xb5, 0x7b, 0x2b, 0xcb, 0x1c, + 0x59, 0x88, 0x87, 0x13, 0xb4, 0xcd, 0x4e, 0x52, + 0xf2, 0x9d, 0xaa, 0xb1, 0x27, 0xb0, 0xa3, 0x9c, + 0x1c, 0x89, 0x3d, 0xc3, 0x52, 0x78, 0x3f, 0x4b, + 0xde, 0x9f, 0x14, 0x5f, 0xcb, 0xbb, 0x91, 0xc2, + 0xa5, 0x32, 0x70, 0x8f, 0xbd, 0xce, 0xb9, 0x57, + 0x88, 0xe3, 0xbd, 0x84, 0xff, 0xf1, 0xe0, 0x5b, + 0xbc, 0xed, 0x13, 0x23, 0xa5, 0x50, 0x94, 0x22, + 0xc2, 0x03, 0xfa, 0x41, 0x48, 0xc2, 0x6c, 0x84, + 0x5f, 0x9a, 0x23, 0xb0, 0x61, 0x4a, 0x88, 0xde, + 0xd6, 0x9e, 0xb5, 0xf9, 0xf5, 0xbd, 0xc9, 0x87, + 0xbc, 0xe3, 0x5f, 0x15, 0x7a, 0x83, 0xfe, 0x40, + 0x44, 0x3a, 0x18, 0xf7, 0x7c, 0x37, 0x9f, 0xa2, + 0x42, 0x17, 0x6b, 0xfb, 0xb8, 0xb2, 0x2d, 0x40, + 0xa2, 0x3d, 0xc2, 0xbb, 0x22, 0xc8, 0x4f, 0xdc, + 0xf3, 0x15, 0x29, 0xff, 0xbc, 0x6e, 0xa6, 0xc2, + 0x05, 0xe9, 0x1a, 0xaf, 0x3d, 0x3e, 0x62, 0x80, + 0x2b, 0x2d, 0x73, 0xbf, 0x87, 0x99, 0xcc, 0x52, + 0xf5, 0x95, 0xf6, 0xd9, 0x62, 0x97, 0x6b, 0xa4, + 0x4b, 0x37, 0x09, 0x15, 0x48, 0xe6, 0xf6, 0xa8, + 0x40, 0xd2, 0xd4, 0xd4, 0xf0, 0x5f, 0x68, 0x5a, + 0x1d, 0x11, 0xaa, 0x50, 0x22, 0x8e, 0x5b, 0x27, + 0xb8, 0x22, 0xb4, 0x09, 0xc8, 0xd5, 0xa1, 0x40, + 0x8d, 0x20, 0x8b, 0x0d, 0x07, 0x41, 0x36, 0x84, + 0x73, 0xa3, 0x59, 0xca, 0x69, 0x6f, 0xc2, 0x06, + 0xff, 0xa8, 0x4b, 0xdd, 0x52, 0x54, 0x5c, 0xef, + 0xf4, 0xe6, 0x17, 0x69, 0x82, 0xad, 0x89, 0x58, + 0x88, 0xce, 0xa4, 0x1f, 0x64, 0x17, 0xac, 0x8d, + 0x7d, 0x48, 0x17, 0x4b, 0xa2, 0x55, 0xf8, 0xcc, + 0xdd, 0xb5, 0xd9, 0x87, 0x93, 0x5b, 0x3a, 0x0b, + 0x1a, 0x00, 0xa3, 0x8a, 0x8b, 0xfa, 0x40, 0x88, + 0xa1, 0x6b, 0xfa, 0x8a, 0x45, 0xdb, 0x9f, 0xb5, + 0x67, 0x5a, 0x5e, 0x53, 0x4d, 0x30, 0x33, 0x87, + 0xea, 0x30, 0x9d, 0xf6, 0x15, 0xc3, 0x69, 0x88, + 0x74, 0x92, 0x66, 0x62, 0xcb, 0x64, 0xc0, 0xaa, + 0x44, 0xfc, 0x9d, 0x4c, 0x13, 0xab, 0xfa, 0x64, + 0x45, 0xa7, 0x09, 0xac, 0x70, 0x64, 0x71, 0x14, + 0xa3, 0xee, 0x4c, 0xd3, 0x52, 0xc1, 0xbe, 0xa7, + 0x91, 0x96, 0x5c, 0x2b, 0xb6, 0x23, 0xee, 0x36, + 0xe6, 0xce, 0x84, 0x0c, 0x17, 0x1d, 0x68, 0x59, + 0x34, 0x19, 0xd1, 0xd9, 0x1a, 0x33, 0x6f, 0x74, + 0x56, 0x14, 0x16, 0xe8, 0xf3, 0x57, 0x23, 0x37, + 0x99, 0x33, 0x96, 0x88, 0x57, 0x54, 0x13, 0xeb, + 0x14, 0xd7, 0x66, 0x89, 0x4f, 0x85, 0xf7, 0x8e, + 0xbe, 0x96, 0x68, 0x4e, 0xb1, 0x4e, 0x37, 0x21, + 0xbb, 0x05, 0xce, 0xc3, 0x45, 0x19, 0x7c, 0xb2, + 0x3a, 0xb7, 0x55, 0xbd, 0x24, 0x9b, 0xad, 0x3c, + 0xb4, 0xaa, 0x42, 0x48, 0x57, 0x75, 0xf2, 0x03, + 0xc6, 0x1d, 0x02, 0x8e, 0xb1, 0x0f, 0xc5, 0xaf, + 0xd5, 0x45, 0x9f, 0x2b, 0x75, 0xf9, 0x4f, 0x4e, + 0x63, 0x66, 0x65, 0xbc, 0xef, 0x49, 0xcb, 0x4d, + 0x44, 0xea, 0xd1, 0xa9, 0x26, 0x6a, 0x9c, 0x88, + 0x0e, 0x1d, 0xf5, 0x3d, 0xbd, 0x1a, 0x8e, 0x40, + 0x49, 0x1a, 0xea, 0x19, 0xea, 0xe5, 0x6b, 0xc8, + 0xfc, 0xc2, 0xb0, 0xc4, 0x3b, 0x53, 0xa4, 0x62, + 0xc9, 0x52, 0xcf, 0xe3, 0xa5, 0xae, 0x62, 0xe2, + 0x8d, 0x77, 0x7d, 0x93, 0x35, 0x9d, 0x2c, 0xa4, + 0xd4, 0x9d, 0x01, 0xb1, 0xb9, 0x19, 0xe4, 0x5b, + 0x9c, 0x1e, 0xb7, 0x25, 0xf4, 0xf3, 0x84, 0x66, + 0xfe, 0x48, 0x1f, 0x20, 0xe0, 0x5d, 0x07, 0xd2, + 0xb0, 0x6e, 0x87, 0x05, 0xcc, 0xa5, 0x40, 0x0b, + 0x9a, 0x95, 0x8d, 0xce, 0x1e, 0x3f, 0x6d, 0x9d, + 0x34, 0x9b, 0x10, 0x33, 0x71, 0xd9, 0xd3, 0x56, + 0x76, 0x24, 0xba, 0x24, 0x3d, 0xad, 0x86, 0x97, + 0x13, 0xaa, 0xa5, 0xbc, 0xee, 0xee, 0x6a, 0x48, + 0x7a, 0x0b, 0x23, 0xb0, 0x35, 0xfd, 0x0f, 0xf6, + 0x9c, 0xc8, 0xba, 0xcc, 0x97, 0xf1, 0x22, 0x1f, + 0xcb, 0x83, 0x62, 0x7a, 0x9d, 0x1e, 0x6e, 0x61, + 0xa5, 0xeb, 0x3c, 0xed, 0x79, 0x30, 0x9b, 0xe1, + 0x71, 0xde, 0x3c, 0x2d, 0xaa, 0x49, 0xb6, 0xc7, + 0x3b, 0xba, 0x43, 0x60, 0x7f, 0x62, 0xeb, 0x89, + 0xa7, 0x89, 0xe3, 0x4a, 0xc7, 0x9c, 0x05, 0x93, + 0x3b, 0xc4, 0xe9, 0xfd, 0x59, 0x72, 0xa2, 0xc9, + 0x51, 0xc1, 0xdf, 0xb2, 0x66, 0xfe, 0xc3, 0x4d, + 0x29, 0xef, 0x93, 0xe2, 0x86, 0x11, 0xbd, 0xb6, + 0x5c, 0x92, 0x0a, 0x5d, 0x4b, 0x18, 0xbf, 0x67, + 0x74, 0x30, 0x35, 0xd1, 0x5d, 0x88, 0x44, 0xf5, + 0x41, 0xdb, 0x2f, 0xa7, 0x06, 0xeb, 0x3b, 0xf4, + 0x33, 0xcb, 0x36, 0x38, 0xf3, 0xcd, 0x28, 0xb2, + 0x79, 0xce, 0x17, 0xb1, 0xa4, 0xc6, 0x41, 0x57, + 0xf6, 0x96, 0xe8, 0x12, 0x01, 0xc1, 0x8a, 0x1d, + 0x29, 0x8f, 0x04, 0x92, 0x9a, 0x22, 0xf1, 0x81, + 0xfb, 0x2a, 0x6f, 0x90, 0x52, 0x65, 0xbe, 0xfa, + 0xd2, 0xca, 0xe1, 0x0e, 0xd3, 0x5a, 0x5a, 0x70, + 0x56, 0xa5, 0x6b, 0xfb, 0x36, 0x19, 0x10, 0xde, + 0x7a, 0x76, 0x94, 0x75, 0x1a, 0x5c, 0x23, 0xce, + 0x7a, 0xc5, 0x84, 0xab, 0x98, 0x0e, 0x4a, 0xca, + 0xc1, 0x55, 0xd7, 0x8a, 0x79, 0xa1, 0x6a, 0x5f, + 0x63, 0x7b, 0xef, 0x90, 0xea, 0x86, 0x42, 0x91, + 0xc9, 0xaf, 0xbe, 0x9a, 0xd4, 0xac, 0x11, 0xfc, + 0xd5, 0x21, 0xaa, 0x6e, 0x0a, 0xd9, 0xb2, 0x09, + 0x4b, 0xd2, 0x00, 0xf5, 0x05, 0x44, 0xb9, 0xa3, + 0x95, 0x35, 0xba, 0xb2, 0x9a, 0xfa, 0xda, 0x36, + 0x52, 0xf6, 0x87, 0xc2, 0xae, 0x17, 0xa1, 0xd3, + 0xa8, 0xc5, 0xbc, 0x26, 0xc5, 0x48, 0x1e, 0x7d, + 0x02, 0x2d, 0xc3, 0x53, 0xf9, 0x2f, 0x90, 0xb5, + 0x74, 0xbb, 0x8c, 0x7d, 0x18, 0xe9, 0x65, 0x19, + 0xfa, 0x3e, 0x19, 0x1c, 0xad, 0x4f, 0x9f, 0x80, + 0xbd, 0xf2, 0xae, 0xd3, 0x59, 0x5e, 0xff, 0x47, + 0x8d, 0x1b, 0xc6, 0x0a, 0xda, 0x35, 0x76, 0x06, + 0xa8, 0xb8, 0x4b, 0x0e, 0xf7, 0x67, 0xb7, 0x11, + 0x5c, 0xa3, 0xb4, 0xf2, 0x96, 0x7a, 0xe8, 0xa7, + 0x01, 0xd1, 0x5a, 0xc8, 0x52, 0xbe, 0xbc, 0x08, + 0x5f, 0xcd, 0x19, 0xc5, 0x6d, 0x17, 0x41, 0x0f, + 0xde, 0x76, 0xee, 0xe7, 0xed, 0x2c, 0xfd, 0x0e, + 0x10, 0x48, 0xb4, 0x09, 0x26, 0x09, 0x9f, 0xe1, + 0x41, 0x34, 0xf7, 0x11, 0xe4, 0x00, 0xe0, 0xcd, + 0x23, 0x9e, 0xb7, 0x49, 0x57, 0x8a, 0x10, 0xd7, + 0xe7, 0xfa, 0x2f, 0xc9, 0xda, 0xaa, 0xea, 0x40, + 0x8d, 0x25, 0x3f, 0x97, 0x09, 0xc5, 0xe8, 0xa6, + 0x76, 0xd0, 0xc4, 0x28, 0x53, 0xd5, 0x60, 0xf3, + 0x89, 0x41, 0x9e, 0x2c, 0x24, 0x1f, 0xd1, 0x49, + 0x83, 0xa4, 0x5c, 0x4a, 0xbe, 0xf0, 0x16, 0x7f, + 0xe0, 0x64, 0x07, 0x0c, 0xf6, 0xbe, 0x87, 0x74, + 0xf5, 0xed, 0x5c, 0xe9, 0x99, 0x86, 0x2f, 0x40, + 0x1b, 0xaa, 0x05, 0x6e, 0x88, 0x61, 0x71, 0x5f, + 0x33, 0x08, 0x82, 0x09, 0xde, 0xf5, 0x94, 0x00, + 0x96, 0xe0, 0x43, 0x48, 0x25, 0x31, 0x0d, 0x70, + 0x85, 0x07, 0xfb, 0xc6, 0x65, 0x5b, 0x6e, 0xc7, + 0x4c, 0xe8, 0x59, 0xac, 0xd6, 0x5c, 0xb0, 0xce, + 0xd0, 0x2f, 0xd1, 0x86, 0x60, 0xd9, 0x75, 0x80, + 0x7a, 0x58, 0xc1, 0xcd, 0x3a, 0x56, 0x27, 0x6c, + 0x90, 0x19, 0x1c, 0x33, 0x6c, 0x65, 0xc1, 0x52, + 0x33, 0x4f, 0xd8, 0x9f, 0xfa, 0xe4, 0x7a, 0x65, + 0xab, 0x1d, 0x98, 0x83, 0x2f, 0x75, 0x1e, 0xae, + 0x70, 0xae, 0xbe, 0x92, 0xca, 0x45, 0x79, 0xc8, + 0x3a, 0xee, 0xd3, 0x79, 0xe6, 0x44, 0x8d, 0xce, + 0x3c, 0x8b, 0xa6, 0x4c, 0x10, 0x61, 0xcb, 0x2d, + 0x51, 0x2a, 0x9f, 0x0f, 0xca, 0x4d, 0xfd, 0x67, + 0x07, 0xce, 0x89, 0x3f, 0xe9, 0x71, 0x24, 0xa6, + 0x3f, 0xde, 0x52, 0x40, 0x8c, 0xec, 0xf9, 0xf3, + 0xbb, 0x47, 0x5f, 0xee, 0x3c, 0xb8, 0x36, 0x9a, + 0xf5, 0x11, 0x1d, 0xb8, 0xc0, 0x7e, 0x18, 0x05, + 0x0e, 0x36, 0xe7, 0x25, 0xeb, 0x34, 0x76, 0x9a, + 0x25, 0xd9, 0x14, 0x44, 0x16, 0x20, 0x64, 0x2e, + 0x53, 0xc7, 0x43, 0x92, 0xe0, 0xf0, 0xfe, 0x6b, + 0x41, 0x7e, 0xe1, 0x94, 0xd0, 0x49, 0x58, 0x24, + 0x41, 0xe5, 0x99, 0x9b, 0xc7, 0x96, 0xd2, 0xe2, + 0x2a, 0x82, 0xf7, 0x86, 0x95, 0x2f, 0x59, 0x76, + 0x03, 0xb4, 0xe2, 0xe9, 0x62, 0x15, 0xa0, 0x14, + 0x42, 0xb0, 0xfc, 0x78, 0xcb, 0xfb, 0xe0, 0xf9, + 0xd0, 0x15, 0xf6, 0xf5, 0x2f, 0x28, 0x0b, 0xe9, + 0xdf, 0x96, 0x25, 0xe2, 0x11, 0x83, 0xfb, 0x23, + 0x53, 0x10, 0x01, 0xdf, 0xd4, 0x62, 0x79, 0x57, + 0xaf, 0x9b, 0x09, 0x71, 0x51, 0x21, 0x93, 0xd7, + 0x58, 0xe8, 0x81, 0x0b, 0x26, 0x05, 0x68, 0xe3, + 0x42, 0xa6, 0x29, 0x91, 0xdb, 0x59, 0xce, 0xe5, + 0x82, 0xe6, 0x55, 0xda, 0x0a, 0x66, 0x90, 0x9c, + 0x2a, 0x4d, 0x5b, 0x7a, 0xf7, 0xee, 0x84, 0xbe, + 0x77, 0x1d, 0xd9, 0x9d, 0xfa, 0x83, 0x56, 0xde, + 0xd6, 0xf3, 0x71, 0x32, 0x8a, 0xec, 0x88, 0xb0, + 0x3b, 0x50, 0x54, 0x01, 0xb3, 0x2a, 0x19, 0x02, + 0x00, 0xde, 0x63, 0x4f, 0xde, 0xda, 0x22, 0xb0, + 0xa0, 0x32, 0x97, 0x6b, 0x0a, 0x08, 0x33, 0x72, + 0x2a, 0xc3, 0x3c, 0x5a, 0xb7, 0xeb, 0x08, 0x43, + 0x44, 0x0e, 0x21, 0x47, 0x27, 0xf0, 0x11, 0x02, + 0xb0, 0x8a, 0x3d, 0xa9, 0x76, 0x95, 0x0d, 0x6d, + 0xd5, 0x1d, 0xa2, 0x24, 0x66, 0x19, 0xaf, 0xf7, + 0x76, 0x41, 0xdf, 0xb9, 0x87, 0xdc, 0xc2, 0xcc, + 0x87, 0x1e, 0x75, 0xcc, 0x82, 0xbb, 0xd0, 0xf0, + 0x3d, 0x30, 0x24, 0xae, 0x79, 0xb6, 0x57, 0xae, + 0xa0, 0xc4, 0xa6, 0x57, 0x81, 0x25, 0x92, 0xf4, + 0x97, 0xa4, 0x6c, 0x94, 0x6d, 0x31, 0xf6, 0xa8, + 0xaf, 0x05, 0xca, 0xda, 0x3d, 0x48, 0xec, 0x72, + 0x75, 0xf4, 0xe8, 0x98, 0xf0, 0x26, 0x0e, 0x89, + 0x51, 0xcc, 0x98, 0xd5, 0x87, 0x03, 0x06, 0x94, + 0x85, 0x9a, 0xb7, 0x64, 0xe9, 0x36, 0xed, 0xfb, + 0xa5, 0xbd, 0x18, 0xd8, 0x01, 0xd4, 0xd8, 0x00, + 0x80, 0x38, 0x78, 0x98, 0x92, 0xec, 0x18, 0x45, + 0x9c, 0x4a, 0xcd, 0x7b, 0x18, 0xa4, 0xc3, 0x84, + 0x7b, 0xcc, 0x02, 0x2d, 0x5b, 0xc4, 0x61, 0xdc, + 0xdb, 0xe0, 0xa7, 0x3a, 0x3f, 0x75, 0x8d, 0xf9, + 0x26, 0xc8, 0x58, 0x40, 0xca, 0x85, 0x81, 0xc5, + 0x92, 0x14, 0x6f, 0xa3, 0x33, 0xe1, 0x61, 0xe3, + 0xac, 0x01, 0xa2, 0x7f, 0x0c, 0x29, 0x5e, 0x1a, + 0xd7, 0xa6, 0x7e, 0x74, 0x9a, 0x09, 0x97, 0x36, + 0xad, 0xd1, 0x91, 0x83, 0x33, 0xb6, 0x4b, 0x23, + 0x30, 0x3e, 0xc5, 0x5e, 0x17, 0xe6, 0x3d, 0x5c, + 0xcf, 0x6b, 0x65, 0xc5, 0x49, 0x0d, 0x93, 0x2d, + 0x2e, 0x1e, 0xb5, 0x6f, 0x18, 0x69, 0x50, 0x67, + 0x65, 0x07, 0x35, 0xb5, 0x4f, 0x49, 0xf1, 0x46, + 0xce, 0x90, 0x37, 0x13, 0x2d, 0xf9, 0xdb, 0xe7, + 0x90, 0x05, 0xeb, 0xf4, 0x5c, 0xb9, 0xda, 0xf4, + 0xfd, 0x4b, 0xf3, 0x9d, 0x0e, 0x40, 0xb5, 0x68, + 0x9a, 0xa1, 0xcc, 0xd3, 0x5b, 0x81, 0x44, 0xb3, + 0x2c, 0x9d, 0x4b, 0x11, 0x18, 0xe7, 0x38, 0x82, + 0xf2, 0xb0, 0xb6, 0x5d, 0xf1, 0xbc, 0xc9, 0xbc, + 0xe5, 0xbc, 0x1a, 0x82, 0xf6, 0xe1, 0xe6, 0xf6, + 0x27, 0x82, 0x64, 0x88, 0xd8, 0xa2, 0x58, 0x55, + 0x90, 0x7d, 0x84, 0x28, 0x06, 0x59, 0xb1, 0x2f, + 0x0e, 0x3b, 0x77, 0x11, 0x28, 0x01, 0x0f, 0x3a, + 0x4e, 0x3f, 0xc2, 0xc0, 0xdf, 0x26, 0x48, 0x5e, + 0x50, 0xda, 0x72, 0x99, 0x21, 0x04, 0xef, 0x8f, + 0x42, 0x6f, 0x81, 0x06, 0x4e, 0xf4, 0x0a, 0xd4, + 0xbe, 0x60, 0x15, 0xce, 0xfc, 0xdb, 0x91, 0x2b, + 0x44, 0x31, 0xf3, 0xa1, 0x25, 0x1c, 0x41, 0xd8, + 0x42, 0x05, 0xd8, 0xf9, 0x78, 0xc9, 0xb8, 0x15, + 0x1a, 0xc1, 0x1f, 0xea, 0xf6, 0xba, 0xd3, 0x3b, + 0xfd, 0xa5, 0x20, 0xa2, 0xe7, 0x19, 0xba, 0xb6, + 0xdd, 0xe9, 0x0c, 0xc7, 0xc0, 0x91, 0x00, 0xd0, + 0x69, 0xe6, 0x41, 0xe2, 0x29, 0xa2, 0xc7, 0x5d, + 0x0a, 0xe3, 0x0d, 0x3f, 0x6b, 0x8d, 0xbb, 0xfd, + 0xe1, 0x40, 0x3c, 0x3a, 0x1a, 0x3c, 0x1a, 0x83, + 0x38, 0x28, 0xbb, 0x3f, 0x29, 0x39, 0x33, 0xd6, + 0x3d, 0x33, 0x79, 0x42, 0x64, 0xbc, 0xe1, 0xeb, + 0xea, 0xf9, 0x05, 0x73, 0x23, 0x1d, 0x9b, 0x8a, + 0xc2, 0x39, 0xfc, 0x52, 0x8e, 0x22, 0x29, 0x25, + 0x95, 0x4f, 0x1d, 0x94, 0x63, 0x41, 0x5a, 0x0f, + 0x76, 0xa8, 0x8b, 0x7e, 0x50, 0xc9, 0xd0, 0xc7, + 0x81, 0x8b, 0xa6, 0x87, 0xea, 0x85, 0xd8, 0x40, + 0x31, 0x98, 0x2c, 0xbe, 0x7d, 0x98, 0x71, 0x59, + 0xbe, 0x1f, 0x2d, 0x0c, 0xc9, 0x4e, 0x4a, 0x87, + 0x09, 0x41, 0x59, 0xce, 0x47, 0x5f, 0xb2, 0x13, + 0x34, 0x91, 0x9e, 0xf4, 0xdb, 0x27, 0xbd, 0x89, + 0x40, 0x32, 0x2f, 0xcf, 0x27, 0x44, 0xbf, 0x21, + 0x55, 0xcf, 0x65, 0xd3, 0x1b, 0x58, 0x7c, 0x6e, + 0xdb, 0xa1, 0xff, 0xc4, 0x21, 0x86, 0xfc, 0x59, + 0x9d, 0xcb, 0xb9, 0xa5, 0x61, 0x6d, 0x6d, 0x67, + 0x31, 0xde, 0x56, 0xb4, 0x0b, 0x93, 0x71, 0xee, + 0x51, 0xdd, 0x57, 0xb4, 0xc4, 0xec, 0x83, 0xd6, + 0x0e, 0x81, 0x57, 0xea, 0x53, 0xf2, 0x43, 0x30, + 0x0d, 0xa5, 0xa8, 0x98, 0xb0, 0x41, 0xd1, 0x33, + 0x4a, 0xd8, 0x97, 0xec, 0x8e, 0x27, 0xdf, 0x55, + 0x47, 0x5e, 0x79, 0xa8, 0xd6, 0xb9, 0xd3, 0xac, + 0x9d, 0x70, 0x6d, 0x08, 0x20, 0x92, 0x2b, 0x0c, + 0x3f, 0x86, 0xba, 0x1c, 0x80, 0x0a, 0x12, 0xb1, + 0xd3, 0x0c, 0x5f, 0x64, 0x63, 0xcb, 0xef, 0x53, + 0xef, 0x41, 0x07, 0xac, 0x1b, 0x7f, 0x69, 0x76, + 0xfe, 0x49, 0x08, 0x2a, 0xb2, 0xaa, 0x6b, 0x06, + 0xce, 0xb5, 0xcc, 0x4f, 0x36, 0x92, 0x2d, 0xce, + 0x55, 0xb6, 0xa0, 0x83, 0xf4, 0x1c, 0x12, 0xce, + 0x8a, 0x4d, 0xf0, 0x47, 0x52, 0x3f, 0x84, 0x9d, + 0xd2, 0xf3, 0xea, 0x80, 0xef, 0x9e, 0xec, 0x63, + 0xd7, 0x77, 0x51, 0x53, 0xbd, 0x1d, 0x78, 0x91, + 0x26, 0x91, 0xd7, 0xe7, 0x60, 0xcf, 0xe3, 0xb1, + 0x90, 0xef, 0x6f, 0x6c, 0x89, 0x79, 0x88, 0x69, + 0x5c, 0x8d, 0x8d, 0xab, 0x13, 0x1c, 0xdd, 0xec, + 0xca, 0xe9, 0xa7, 0x8f, 0x9d, 0x6a, 0x89, 0x88, + 0x5d, 0xba, 0x7e, 0x85, 0x9e, 0xa5, 0x5f, 0xb8, + 0x0c, 0x25, 0x28, 0x8f, 0xd7, 0xb6, 0x7e, 0x79, + 0x85, 0x1e, 0x75, 0x65, 0xbe, 0x73, 0x78, 0xde, + 0x6f, 0xd5, 0xca, 0x91, 0xc9, 0xed, 0x6c, 0xb3, + 0xb6, 0xf9, 0x48, 0xf2, 0x92, 0x8d, 0x7b, 0x95, + 0x26, 0x77, 0x94, 0xa5, 0xde, 0xcc, 0x4e, 0x6d, + 0xfa, 0xba, 0x1a, 0x0b, 0xf9, 0x4b, 0xef, 0xf0, + 0xf8, 0xca, 0x38, 0x61, 0x92, 0x15, 0x3c, 0x78, + 0xf7, 0xe9, 0xe5, 0x7e, 0x2e, 0xaa, 0x50, 0x41, + 0xa8, 0xfd, 0x94, 0xfa, 0x08, 0xab, 0x40, 0x6c, + 0x7e, 0xb7, 0x4b, 0x02, 0x3c, 0x37, 0xcd, 0x52, + 0x69, 0x29, 0x33, 0xb5, 0xb1, 0x8b, 0xe7, 0x18, + 0x8d, 0x5f, 0xc5, 0x06, 0xaa, 0x54, 0xb5, 0x9f, + 0x4c, 0x03, 0x91, 0x29, 0xce, 0x26, 0x16, 0xc9, + 0x0e, 0xc6, 0xbd, 0xd5, 0xae, 0x65, 0x99, 0x9b, + 0xe8, 0xe5, 0xfa, 0xca, 0x89, 0x8f, 0x26, 0x3d, + 0x2e, 0xbb, 0xc0, 0x19, 0xb3, 0x8f, 0xaf, 0x15, + 0xad, 0xd0, 0x21, 0xb5, 0x66, 0x2e, 0x74, 0x25, + 0x73, 0xbe, 0x46, 0x6e, 0x9e, 0x48, 0x39, 0x04, + 0x13, 0xac, 0x22, 0xd3, 0x1d, 0x55, 0xd1, 0x61, + 0x7b, 0x95, 0x76, 0x02, 0x59, 0x7d, 0x5e, 0xf6, + 0x28, 0x14, 0x5c, 0x37, 0x0b, 0x25, 0xc7, 0x1d, + 0x17, 0xf5, 0x04, 0x6a, 0x62, 0xca, 0xfe, 0x89, + 0x36, 0xf0, 0xde, 0x41, 0xe5, 0xd7, 0x29, 0xf7, + 0x1d, 0xb6, 0x62, 0xe4, 0x40, 0xc1, 0x8d, 0x39, + 0xed, 0x2b, 0xaf, 0x87, 0xec, 0x53, 0x4b, 0x7f, + 0x4a, 0x6d, 0x9e, 0x6d, 0x89, 0xd1, 0xb7, 0x18, + 0x21, 0x15, 0xb1, 0xc5, 0xc0, 0x8e, 0xfa, 0xb5, + 0xb6, 0x40, 0xf6, 0x69, 0xca, 0xaf, 0x3c, 0x17, + 0xd8, 0x48, 0xd5, 0x79, 0x35, 0x19, 0x3c, 0xb3, + 0x27, 0xa7, 0x09, 0x3e, 0x4e, 0xfe, 0x06, 0x1c, + 0xa0, 0xed, 0xe4, 0xdb, 0x22, 0x32, 0x58, 0xf2, + 0x34, 0xec, 0xb2, 0x2a, 0x48, 0x41, 0x9e, 0x12, + 0x6c, 0x40, 0xd8, 0x51, 0x00, 0x72, 0x79, 0x0f, + 0x44, 0x4c, 0x8a, 0x7a, 0xf8, 0xd1, 0xbc, 0x35, + 0xea, 0x0a, 0x5f, 0x7f, 0x54, 0x0c, 0x1d, 0x99, + 0x24, 0x09, 0x24, 0x82, 0x2d, 0x77, 0xb0, 0xe7, + 0xee, 0x89, 0x91, 0x69, 0x75, 0x32, 0x0a, 0x6f, + 0x0f, 0x60, 0x5b, 0x65, 0x3e, 0xb5, 0xa9, 0xcf, + 0xc4, 0x74, 0x3f, 0x80, 0xd7, 0x38, 0xf6, 0x4d, + 0xc4, 0x3b, 0x69, 0xef, 0x3e, 0x11, 0x28, 0xe5, + 0x17, 0x05, 0x1a, 0x69, 0x16, 0xcd, 0x03, 0xfb, + 0x11, 0x4f, 0xa0, 0x20, 0x19, 0x5f, 0x6c, 0xa7, + 0xfb, 0x81, 0xd7, 0x1b, 0xa7, 0x1d, 0xc3, 0x55, + 0xf2, 0x12, 0x2e, 0x54, 0xe8, 0x92, 0x93, 0xa6, + 0x52, 0x6d, 0xba, 0x11, 0x8b, 0xd1, 0x60, 0x84, + 0x4c, 0xc4, 0x2e, 0xfb, 0xc8, 0x31, 0xbc, 0x49, + 0x23, 0x49, 0x28, 0x3b, 0x54, 0x74, 0xde, 0x3e, + 0x91, 0xb3, 0x32, 0x43, 0x46, 0xac, 0x3d, 0x71, + 0x6e, 0xa6, 0x32, 0x69, 0xcc, 0x83, 0xef, 0xf2, + 0x0d, 0xd1, 0x3f, 0xb6, 0xc5, 0x3a, 0x1c, 0x70, + 0x93, 0xd3, 0x68, 0x07, 0xcf, 0x1b, 0x08, 0xee, + 0xf0, 0xad, 0x8d, 0x1a, 0x0a, 0xc7, 0x85, 0x7d, + 0x89, 0x3d, 0x01, 0x88, 0x9f, 0x8f, 0xdf, 0x38, + 0xb0, 0xaf, 0xab, 0x1f, 0x28, 0x3e, 0x81, 0x0a, + 0x4b, 0x74, 0x0f, 0xba, 0x59, 0xab, 0x1e, 0xda, + 0x37, 0xa7, 0x18, 0x2c, 0xfb, 0x5a, 0xe1, 0x0e, + 0xd9, 0xeb, 0xe0, 0xf3, 0x4a, 0x9e, 0xf1, 0xf4, + 0x7a, 0xb3, 0xd0, 0xbe, 0xd8, 0x1f, 0x75, 0xee, + 0x55, 0x96, 0x26, 0x8b, 0xd5, 0x4d, 0x0b, 0x3d, + 0x85, 0xe2, 0x9e, 0x4a, 0x95, 0xda, 0xc8, 0xd8, + 0x02, 0x92, 0xb1, 0x8d, 0x61, 0x04, 0x10, 0x16, + 0x3a, 0x30, 0x05, 0x9b, 0x0f, 0xdb, 0xe5, 0xb8, + 0xad, 0x72, 0x7e, 0xa3, 0xab, 0xcc, 0x7d, 0x35, + 0x31, 0x24, 0x3f, 0xcd, 0x1b, 0xc6, 0xea, 0x96, + 0x1c, 0x50, 0x24, 0x57, 0x26, 0x9e, 0x66, 0x51, + 0x46, 0x17, 0xa8, 0x4b, 0x92, 0xef, 0x36, 0x8a, + 0x03, 0x86, 0x60, 0x4f, 0x92, 0xe5, 0x7a, 0xf6, + 0x81, 0x4e, 0xd3, 0xa1, 0x5c, 0x47, 0xb2, 0x3c, + 0x52, 0xec, 0x4d, 0x9a, 0xc9, 0x80, 0x14, 0xda, + 0x09, 0x31, 0xd5, 0x7e, 0x58, 0x67, 0x38, 0x81, + 0x0e, 0x03, 0x60, 0x13, 0x79, 0xc3, 0x8f, 0xb2, + 0x2f, 0x56, 0x0b, 0x5b, 0x45, 0x1d, 0x96, 0x14, + 0xea, 0x92, 0x16, 0xa7, 0x04, 0x1e, 0x0a, 0x8a, + 0x8d, 0xb6, 0x36, 0x2c, 0xb1, 0x2a, 0x6a, 0x56, + 0x14, 0x9c, 0x47, 0xf1, 0x07, 0x65, 0xf3, 0x73, + 0xe8, 0x8c, 0xed, 0xe7, 0x7d, 0x37, 0xe8, 0xc2, + 0x15, 0x54, 0x70, 0xda, 0xe6, 0x3d, 0xab, 0xa0, + 0xfe, 0xd3, 0x34, 0x1e, 0x8f, 0x8f, 0x21, 0xd5, + 0x50, 0x34, 0xf7, 0x36, 0x19, 0xa8, 0x54, 0xa9, + 0xb6, 0xff, 0xca, 0xe8, 0x62, 0xa1, 0x04, 0x22, + 0x6f, 0xb7, 0xfb, 0x84, 0xf8, 0xc1, 0x4a, 0xa4, + 0xf8, 0x2d, 0xdf, 0x36, 0x9c, 0x69, 0x7a, 0x73, + 0x00, 0x60, 0x1f, 0x58, 0xa2, 0x41, 0xad, 0xf8, + 0x60, 0x5e, 0x7a, 0xc6, 0x5a, 0xf8, 0x85, 0x00, + 0xc8, 0x4d, 0x1a, 0xf9, 0x1b, 0xad, 0x5b, 0x5b, + 0xc6, 0xad, 0x82, 0x8f, 0xbf, 0xe4, 0xf3, 0x3d, + 0x82, 0x9b, 0x3e, 0x7e, 0x8e, 0x1a, 0x20, 0x95, + 0xc9, 0xa7, 0x59, 0x70, 0x3e, 0x37, 0x9e, 0xaf, + 0x3d, 0x24, 0x4b, 0xc3, 0x3f, 0x82, 0x38, 0x23, + 0xaf, 0x87, 0x39, 0x34, 0x15, 0x82, 0x41, 0x2e, + 0x54, 0xbd, 0xe3, 0xf4, 0x9f, 0x60, 0x76, 0xc5, + 0x79, 0x0c, 0x23, 0x05, 0x99, 0xf4, 0x3a, 0x78, + 0x6e, 0x0a, 0x2c, 0x5c, 0x16, 0xe6, 0x5e, 0x05, + 0x49, 0xf4, 0xf4, 0xa1, 0x14, 0x33, 0x87, 0x7d, + 0x56, 0x3b, 0xc2, 0xc1, 0x00, 0x84, 0xdd, 0x1b, + 0x64, 0xb1, 0xa2, 0x75, 0xd0, 0x69, 0xfd, 0x82, + 0x92, 0x2b, 0x4a, 0x7a, 0xb3, 0x25, 0x2e, 0xc1, + 0xe3, 0xa0, 0x3e, 0x9b, 0x2f, 0x8b, 0x3f, 0x5d, + 0x3a, 0xdd, 0xf2, 0x5a, 0x23, 0x55, 0x8f, 0x99, + 0x76, 0xff, 0xa0, 0xb9, 0xd8, 0x3d, 0xe6, 0xb1, + 0xf3, 0xaf, 0x29, 0x26, 0xc2, 0xfb, 0x25, 0x49, + 0xca, 0x59, 0x1b, 0x9c, 0x07, 0x12, 0x22, 0xb8, + 0x3e, 0x97, 0xc5, 0x29, 0xc7, 0x30, 0x5c, 0xc9, + 0xb9, 0x4d, 0x6c, 0x08, 0x87, 0x72, 0xd4, 0x31, + 0xb9, 0x5b, 0xb7, 0x0e, 0x6b, 0xbd, 0x8b, 0xc6, + 0x82, 0x6b, 0x0a, 0xdf, 0xcf, 0x5e, 0xc7, 0x6c, + 0x75, 0x8e, 0x0e, 0x2c, 0x17, 0x9e, 0x12, 0xa6, + 0xf2, 0x72, 0x44, 0x5c, 0x8e, 0x2b, 0x07, 0x8b, + 0x3a, 0xff, 0x38, 0x49, 0x2e, 0xff, 0xc8, 0x9b, + 0xf5, 0x57, 0xde, 0xce, 0x7a, 0x0b, 0x0b, 0xf2, + 0x34, 0x82, 0x32, 0xca, 0x6a, 0x94, 0x8e, 0x69, + 0x6d, 0xa2, 0x34, 0xbf, 0xc5, 0x51, 0x75, 0x3e, + 0x85, 0x8e, 0xed, 0x6e, 0x59, 0x62, 0xaa, 0x22, + 0xf0, 0x2a, 0x39, 0x84, 0xca, 0x35, 0x62, 0x9c, + 0x33, 0xf3, 0xe3, 0x45, 0xc2, 0x50, 0x2c, 0xa6, + 0xac, 0x56, 0x09, 0x22, 0x3b, 0x11, 0xbd, 0xb7, + 0x1e, 0x80, 0x2f, 0x64, 0x39, 0x98, 0x9f, 0x52, + 0x93, 0x2c, 0x58, 0x60, 0x55, 0x0b, 0x6a, 0xa2, + 0x38, 0xfe, 0x47, 0xf3, 0x06, 0xe0, 0xed, 0xee, + 0xb4, 0x96, 0x51, 0x4f, 0xab, 0xd1, 0xe9, 0x68, + 0x5b, 0x4f, 0xe0, 0x52, 0xc7, 0x17, 0x79, 0x08, + 0x50, 0x91, 0x95, 0xa0, 0x38, 0x52, 0x75, 0xd7, + 0x34, 0xc7, 0x86, 0x53, 0x12, 0xd1, 0x4c, 0x52, + 0xc5, 0x1e, 0x3d, 0x26, 0x19, 0xf2, 0xce, 0xeb, + 0x7a, 0x23, 0xe5, 0xb7, 0xba, 0xb0, 0x58, 0xa4, + 0x77, 0xeb, 0x53, 0xbe, 0xda, 0x07, 0xc3, 0xf5, + 0x30, 0x7a, 0x35, 0x17, 0x1f, 0x84, 0x52, 0x8f, + 0x88, 0x8a, 0x0a, 0x29, 0x15, 0xf6, 0x2e, 0xf3, + 0x9c, 0x33, 0x9f, 0xcf, 0xde, 0xac, 0x7a, 0xfb, + 0x75, 0x3a, 0x6e, 0x56, 0xa7, 0x89, 0x9c, 0xf9, + 0x92, 0xd8, 0x8a, 0xc5, 0x92, 0xe3, 0xff, 0xc5, + 0x4f, 0xe7, 0x25, 0x05, 0xbe, 0xd8, 0x15, 0xca, + 0x35, 0xd6, 0xb6, 0xba, 0x78, 0x80, 0x61, 0x94, + 0x99, 0xeb, 0xe1, 0x2b, 0x12, 0x8c, 0x73, 0x9f, + 0x70, 0x21, 0xc1, 0x8d, 0x5c, 0x73, 0x0b, 0x05, + 0x99, 0x0c, 0x2f, 0xea, 0x6a, 0xe3, 0x88, 0xe5, + 0x63, 0xb7, 0x55, 0xa7, 0xdb, 0x82, 0x94, 0x52, + 0xd5, 0x11, 0xc1, 0x90, 0xfe, 0x9e, 0x50, 0x3e, + 0x34, 0x86, 0xc7, 0xa8, 0xf8, 0xc0, 0x76, 0x99, + 0x86, 0xa6, 0x17, 0xf3, 0x6f, 0xec, 0x0f, 0x9a, + 0x40, 0xd2, 0xcb, 0x07, 0xb1, 0xbd, 0x85, 0xa5, + 0x38, 0xeb, 0x99, 0xe9, 0xb6, 0x65, 0xbb, 0x69, + 0x14, 0x22, 0x37, 0xf6, 0x7f, 0x21, 0x6d, 0x9d, + 0xd6, 0x4d, 0xcc, 0x62, 0x8b, 0xc7, 0xa3, 0x95, + 0xb2, 0x8b, 0x1d, 0x23, 0xc9, 0x3a, 0x79, 0x11, + 0xaf, 0xc0, 0xfb, 0x82, 0x1e, 0x42, 0x6f, 0x02, + 0xfa, 0x94, 0x80, 0xfa, 0xf3, 0x09, 0x69, 0xee, + 0x13, 0xa7, 0x41, 0x91, 0x6c, 0x4d, 0x81, 0xd2, + 0x73, 0x41, 0x8b, 0x4e, 0x1d, 0x68, 0x22, 0x77, + 0x7b, 0xbe, 0x19, 0xcb, 0xa4, 0x83, 0x31, 0xbe, + 0x21, 0x22, 0xac, 0xf0, 0xc2, 0x02, 0x1a, 0x44, + 0xb6, 0xb5, 0x8f, 0x03, 0x81, 0xa9, 0x6e, 0xde, + 0x59, 0x1a, 0x2b, 0xc2, 0x52, 0x06, 0x3e, 0x32, + 0xf8, 0x70, 0x25, 0xa1, 0x35, 0xab, 0xe0, 0x11, + 0xda, 0x85, 0x9b, 0x20, 0xd9, 0xe2, 0x1f, 0x1c, + 0xd3, 0xbe, 0xca, 0xb1, 0x02, 0x30, 0x41, 0xaf, + 0x3e, 0xa5, 0xee, 0x5d, 0xf6, 0xe1, 0x67, 0x26, + 0xb9, 0x88, 0x0d, 0x13, 0x09, 0x67, 0xf5, 0x2c, + 0x15, 0xa6, 0x55, 0x4f, 0x40, 0xaa, 0x8c, 0x31, + 0xfd, 0xaa, 0x6a, 0xd2, 0x2e, 0xc1, 0x5a, 0x65, + 0x7f, 0x1c, 0xf4, 0xbc, 0xe3, 0x90, 0xf4, 0x0f, + 0xcc, 0x98, 0x72, 0x21, 0x09, 0xf0, 0x7b, 0x95, + 0xfb, 0x27, 0x71, 0x85, 0x0c, 0xf6, 0x8b, 0x75, + 0xc9, 0x27, 0xe6, 0x62, 0xa0, 0x57, 0x2a, 0x29, + 0x8c, 0x8a, 0x36, 0x12, 0x1b, 0xae, 0xad, 0x3a, + 0xf1, 0x6e, 0xaa, 0x00, 0x6c, 0x8b, 0xb7, 0x29, + 0x92, 0x87, 0x0a, 0x45, 0xdd, 0x7d, 0xa0, 0xce, + 0x15, 0xe1, 0xc7, 0x86, 0x03, 0x73, 0xae, 0x76, + 0xa9, 0x6a, 0x04, 0x20, 0x20, 0x96, 0xad, 0x1c, + 0x7f, 0x24, 0xc5, 0x72, 0x7d, 0x50, 0x7b, 0x1b, + 0x7e, 0xab, 0x34, 0x2c, 0x77, 0x0a, 0x8d, 0xdd, + 0x03, 0x74, 0xc3, 0xcb, 0x03, 0x5f, 0x12, 0x37, + 0x36, 0x89, 0x70, 0x88, 0xee, 0x20, 0xe0, 0x19, + 0x02, 0xef, 0x9a, 0x68, 0xa4, 0xc5, 0xb5, 0xab, + 0xb4, 0xbc, 0xa9, 0x7e, 0x84, 0xd7, 0x47, 0xb1, + 0xc1, 0x0f, 0x73, 0x29, 0x7a, 0x79, 0xee, 0x5a, + 0x5b, 0x5f, 0x27, 0xf1, 0x1c, 0x45, 0xe4, 0xfe, + 0x1a, 0xc9, 0x52, 0x1b, 0x12, 0x13, 0x7d, 0xb0, + 0x9d, 0x65, 0x69, 0xcd, 0x50, 0x3a, 0xb1, 0x91, + 0xf7, 0x10, 0x73, 0xab, 0xbb, 0xa9, 0x68, 0x0e, + 0x7b, 0x06, 0x9d, 0x40, 0xe7, 0x23, 0xaa, 0x88, + 0xf6, 0x2f, 0x29, 0xe7, 0x6b, 0x23, 0xfa, 0x12, + 0xb0, 0x49, 0xa7, 0x24, 0x20, 0xde, 0xaa, 0xd4, + 0xd7, 0x46, 0xb8, 0x3c, 0x03, 0x1f, 0xe8, 0x2a, + 0x9a, 0xf0, 0x2b, 0x2a, 0xec, 0x76, 0xf4, 0x9a, + 0x09, 0x51, 0x16, 0x3f, 0xa1, 0xc4, 0x35, 0x86, + 0xaa, 0xad, 0x72, 0x0d, 0xd0, 0x0f, 0x59, 0x84, + 0xa8, 0xcd, 0x98, 0xdd, 0x17, 0xa2, 0x5e, 0x5e, + 0xe7, 0x0b, 0x8a, 0xee, 0x1d, 0xc3, 0x62, 0x0f, + 0x2d, 0x7d, 0x83, 0x52, 0xcd, 0x4f, 0x6d, 0x09, + 0x15, 0xdb, 0xe2, 0x14, 0x47, 0xc1, 0xb8, 0x84, + 0xa9, 0xf0, 0x33, 0xae, 0xe0, 0x87, 0xa8, 0x33, + 0xc6, 0xe0, 0x81, 0xa8, 0x4f, 0x86, 0xa1, 0xd0, + 0xe1, 0x33, 0xe0, 0x2e, 0xfc, 0xd2, 0x4a, 0x0d, + 0x4b, 0x8e, 0x07, 0xf7, 0x6b, 0xff, 0x33, 0x9c, + 0x86, 0xec, 0xff, 0x4c, 0x46, 0xbc, 0x12, 0xc6, + 0xa6, 0x81, 0x29, 0xb6, 0xd7, 0x57, 0x98, 0xab, + 0x3f, 0xaa, 0x6e, 0x43, 0x26, 0xfd, 0x15, 0x82, + 0x05, 0x78, 0x6a, 0x97, 0x84, 0x85, 0x29, 0x39, + 0x57, 0xf1, 0x57, 0x3c, 0x80, 0xe1, 0x9e, 0x1b, + 0xb7, 0x6b, 0x6c, 0x5d, 0x0c, 0x88, 0x5c, 0x1e, + 0x4f, 0x7a, 0x6c, 0x15, 0xcb, 0x04, 0x08, 0x5b, + 0x7f, 0x7a, 0x7f, 0x9b, 0xb3, 0xa0, 0xc0, 0xfc, + 0xe1, 0x0a, 0x67, 0x48, 0xc5, 0x04, 0x68, 0xe7, + 0x66, 0x2e, 0x1a, 0x49, 0x25, 0xd0, 0x80, 0xaa, + 0xad, 0xc5, 0xdf, 0x1a, 0x31, 0x71, 0x14, 0x55, + 0x32, 0xa4, 0xa0, 0x3d, 0x23, 0x22, 0xe0, 0xca, + 0x5f, 0x5e, 0xe8, 0xc2, 0x9c, 0x10, 0x6a, 0x2b, + 0xb2, 0xf8, 0xa3, 0xfd, 0xde, 0x68, 0xf2, 0x84, + 0x1e, 0xb9, 0xa3, 0x29, 0x36, 0x08, 0xc1, 0xcc, + 0x2d, 0x17, 0x25, 0xcb, 0x8f, 0x57, 0x22, 0xf7, + 0xbc, 0x98, 0xa5, 0x34, 0x41, 0xce, 0x32, 0xfd, + 0x0c, 0x73, 0x5a, 0x42, 0x66, 0x79, 0xc6, 0x7c, + 0x76, 0x5c, 0xab, 0x35, 0x17, 0x14, 0x8d, 0xc5, + 0xef, 0x3b, 0x81, 0x31, 0x72, 0x17, 0x31, 0x0d, + 0x5d, 0xbc, 0x49, 0xe4, 0x85, 0x64, 0xe1, 0x13, + 0xef, 0x4e, 0xa2, 0xb5, 0xb3, 0x8d, 0xe3, 0x4a, + 0xcd, 0x89, 0xa1, 0xdf, 0xc1, 0xf4, 0x3d, 0x92, + 0xef, 0xb6, 0xcb, 0x69, 0x07, 0xb3, 0x4f, 0x73, + 0x4f, 0x2b, 0x7d, 0xd9, 0x6d, 0xcd, 0x95, 0xd6, + 0x06, 0x22, 0xdb, 0x5f, 0x61, 0x6f, 0xfb, 0xea, + 0x09, 0x0a, 0x76, 0xc6, 0xce, 0x09, 0x33, 0x7a, + 0xfa, 0x69, 0x5c, 0x3a, 0x34, 0xa9, 0x3e, 0x42, + 0xd0, 0xcd, 0xf0, 0x94, 0x82, 0x5c, 0x6c, 0xc3, + 0xe9, 0x4b, 0xa1, 0xa2, 0x37, 0xa2, 0xc7, 0xc1, + 0x68, 0x86, 0x3d, 0x27, 0x59, 0x43, 0x35, 0xd1, + 0x8f, 0xdc, 0xaa, 0x93, 0x12, 0x06, 0x6a, 0x95, + 0xf7, 0x18, 0xb6, 0xfb, 0xec, 0xde, 0x44, 0xc4, + 0x8f, 0x17, 0x54, 0x0d, 0x67, 0x38, 0x56, 0xa5, + 0xc2, 0xcb, 0x81, 0xe3, 0x98, 0x4b, 0x27, 0x4d, + 0xc2, 0x83, 0x5a, 0x7c, 0xd0, 0xd9, 0x8b, 0xe2, + 0xee, 0xf6, 0x3c, 0xe1, 0x06, 0xb4, 0xa7, 0xfc, + 0xf7, 0x60, 0xc5, 0x66, 0xfb, 0x30, 0x97, 0xff, + 0x77, 0xb7, 0xad, 0x04, 0x63, 0x63, 0x96, 0x47, + 0xc3, 0x9f, 0xda, 0x07, 0x8f, 0xd2, 0x3f, 0x30, + 0x82, 0x67, 0x2c, 0x6f, 0x21, 0x3f, 0x27, 0x99, + 0x3c, 0xcd, 0x47, 0x6c, 0xf6, 0xee, 0xec, 0x90, + 0x67, 0x30, 0x63, 0x5b, 0x33, 0xd3, 0xb2, 0xc6, + 0xca, 0x20, 0xa2, 0xc7, 0xf3, 0x35, 0x6f, 0x02, + 0xcd, 0x20, 0x90, 0x66, 0x3e, 0x29, 0x85, 0x1d, + 0xa6, 0x50, 0x25, 0x24, 0x1f, 0x69, 0xfb, 0x4e, + 0x07, 0x7b, 0xfa, 0x26, 0xf2, 0x0b, 0x5a, 0x0a, + 0x95, 0x4e, 0x59, 0x13, 0x3e, 0x9f, 0xe9, 0xcb, + 0xe2, 0x7f, 0x1e, 0xc0, 0x07, 0x71, 0xa2, 0x6a, + 0x25, 0x7a, 0xe6, 0x34, 0x08, 0x40, 0x1c, 0x8d, + 0x3c, 0xb6, 0x81, 0x82, 0x79, 0x83, 0x24, 0x24, + 0x1c, 0xb2, 0xb2, 0xb8, 0xe8, 0x3b, 0xc3, 0x84, + 0xe5, 0xf9, 0x37, 0x99, 0x36, 0x1e, 0x9f, 0x62, + 0xac, 0x9b, 0x44, 0x9e, 0x6e, 0x29, 0x2f, 0xfa, + 0x8e, 0x8f, 0x57, 0x10, 0x5c, 0x90, 0xed, 0x74, + 0x39, 0x4c, 0x88, 0xb8, 0x9a, 0x8e, 0xe4, 0x53, + 0xc8, 0xd3, 0x83, 0xd8, 0xb7, 0x7a, 0x66, 0x2b, + 0x19, 0x81, 0xbb, 0x2b, 0x7e, 0x4f, 0x71, 0x58, + 0x2c, 0xc9, 0x6c, 0xc3, 0x38, 0x05, 0xb6, 0x48, + 0x1b, 0xf8, 0xb2, 0x82, 0x08, 0x66, 0xdd, 0xba, + 0x89, 0x27, 0xea, 0x82, 0xd5, 0xe3, 0x8e, 0x64, + 0x3a, 0xe7, 0xc5, 0xb4, 0x95, 0xe3, 0xd0, 0x3a, + 0x3c, 0x7a, 0xf7, 0xef, 0xf3, 0x0f, 0x04, 0x00, + 0x12, 0x2f, 0xcf, 0x60, 0x29, 0xe2, 0x6b, 0xa0, + 0x9b, 0xa7, 0x2e, 0xda, 0x07, 0xff, 0x20, 0xc2, + 0x02, 0xa1, 0x58, 0xb5, 0x3b, 0x3c, 0x5c, 0x8c, + 0x86, 0xa6, 0x8f, 0x08, 0x1a, 0xa6, 0x3b, 0xe4, + 0x23, 0x49, 0x73, 0x68, 0xe7, 0x77, 0xbd, 0x3b, + 0xb0, 0x78, 0xb8, 0x3c, 0x0e, 0x46, 0x09, 0xd9, + 0x5c, 0xae, 0xa7, 0x04, 0xab, 0xf7, 0xbe, 0xcb, + 0xc8, 0xb1, 0x2f, 0xab, 0xfa, 0x1e, 0xc1, 0xef, + 0x56, 0xd1, 0x26, 0xd6, 0x76, 0xe6, 0xa1, 0xb0, + 0x4a, 0xfd, 0x7e, 0x36, 0x26, 0xf4, 0x9d, 0xef, + 0xa4, 0xbc, 0x6c, 0x83, 0x3f, 0x31, 0x0b, 0x32, + 0x36, 0x83, 0xa7, 0xbb, 0x16, 0x1a, 0x44, 0xa8, + 0xb8, 0x4e, 0xde, 0x7f, 0x63, 0x64, 0x1b, 0xf2, + 0x8e, 0xee, 0xdf, 0xf2, 0xcf, 0x43, 0xb9, 0x0f, + 0xf5, 0x8f, 0xbc, 0x3a, 0x59, 0x86, 0x04, 0x61, + 0x18, 0xfa, 0xb2, 0x49, 0x2c, 0x66, 0xf9, 0x44, + 0xea, 0x66, 0x50, 0xee, 0x4a, 0x83, 0x92, 0xee, + 0xdc, 0x1a, 0x4f, 0xee, 0x77, 0x5a, 0x66, 0xd9, + 0xd2, 0x86, 0x80, 0x40, 0x43, 0xfb, 0x19, 0x3f, + 0xce, 0x91, 0x11, 0x77, 0x65, 0xa2, 0xcb, 0x4e, + 0x4f, 0x68, 0x2f, 0xfe, 0x18, 0x71, 0x9e, 0x77, + 0xd2, 0xa9, 0x89, 0xe7, 0xbc, 0x40, 0xdd, 0x1a, + 0xfa, 0xb5, 0xe4, 0x8e, 0x88, 0xcb, 0xaf, 0x12, + 0x64, 0xbc, 0xeb, 0x65, 0x1e, 0xa5, 0x25, 0xf2, + 0x35, 0x1f, 0x9a, 0x6d, 0xfb, 0xe4, 0x08, 0xc4, + 0x8d, 0xba, 0x8c, 0x4e, 0xee, 0xaa, 0x47, 0xa5, + 0x24, 0xac, 0xeb, 0x1c, 0xca, 0xb0, 0xbd, 0xa3, + 0x12, 0x65, 0x03, 0xc7, 0x7a, 0xa1, 0x9d, 0xa4, + 0x74, 0xa5, 0x86, 0xb2, 0x71, 0xfa, 0xe1, 0xfb, + 0x98, 0x9b, 0x9a, 0x16, 0xe2, 0xdb, 0x30, 0x0f, + 0xd6, 0x29, 0xd0, 0x74, 0x9b, 0xa7, 0xe7, 0x51, + 0x16, 0x1b, 0x4b, 0xac, 0x93, 0x9c, 0xd0, 0x84, + 0x85, 0x53, 0x13, 0xc8, 0xc3, 0x5d, 0x4c, 0x9e, + 0xb1, 0x3b, 0x16, 0x53, 0xc4, 0x96, 0x9e, 0xae, + 0xd0, 0x4b, 0x24, 0x88, 0x54, 0x1d, 0x6e, 0x16, + 0x71, 0xf7, 0x2d, 0xd3, 0x6d, 0x6e, 0x9c, 0xb1, + 0xeb, 0x34, 0xb4, 0x7d, 0xa2, 0x5f, 0x94, 0x5b, + 0x50, 0x74, 0x00, 0xe6, 0x62, 0xfd, 0x53, 0x65, + 0x8d, 0xbf, 0x26, 0xc8, 0x2a, 0x22, 0x88, 0xe0, + 0xce, 0xb8, 0xa5, 0xee, 0x88, 0x13, 0x94, 0x23, + 0xa9, 0xed, 0x5e, 0x97, 0x3f, 0xe7, 0x42, 0xaa, + 0x1d, 0x0f, 0xe2, 0x7e, 0xfa, 0xbc, 0x8a, 0x47, + 0xd7, 0x19, 0x0f, 0x62, 0x00, 0x8a, 0x76, 0x6a, + 0xf4, 0xb7, 0x12, 0x2a, 0xd0, 0xd4, 0xb1, 0x37, + 0x48, 0x9a, 0xcc, 0x80, 0xa4, 0x57, 0xa4, 0x82, + 0x25, 0xa7, 0xf6, 0xfd, 0xe7, 0x83, 0xe3, 0x70, + 0x26, 0x47, 0x66, 0x4e, 0xc3, 0x4b, 0x60, 0x0d, + 0x58, 0x4a, 0x02, 0x75, 0x18, 0x3c, 0xf6, 0xd8, + 0x55, 0xfe, 0xe3, 0x99, 0xf0, 0x94, 0x54, 0x51, + 0xd0, 0x60, 0x0e, 0x74, 0xc1, 0x45, 0x7d, 0x3a, + 0x1e, 0x26, 0x0f, 0xbf, 0x0d, 0x5c, 0x1d, 0x01, + 0x32, 0xbb, 0x86, 0xcd, 0x84, 0x41, 0x01, 0xff, + 0x99, 0x54, 0x4b, 0x13, 0x2f, 0x37, 0xdd, 0x89, + 0x00, 0xbf, 0x00, 0x17, 0x5c, 0x4e, 0x98, 0x8c, + 0xc9, 0xab, 0xc8, 0x9a, 0xe0, 0x0b, 0x0b, 0xcb, + 0x0f, 0x1b, 0xe7, 0xce, 0x21, 0xfb, 0xb9, 0x8b, + 0x41, 0x1c, 0x39, 0xe4, 0xe8, 0x6b, 0x68, 0xb5, + 0x12, 0x18, 0x52, 0x7e, 0xc4, 0xc5, 0x41, 0x15, + 0xa9, 0x5c, 0xf5, 0xf9, 0xbf, 0x59, 0xfc, 0x57, + 0x98, 0xfc, 0x81, 0x3c, 0x6b, 0x54, 0x95, 0xb8, + 0xaf, 0x0d, 0xfa, 0xb8, 0xba, 0x28, 0xea, 0x04, + 0x9f, 0x49, 0x1a, 0x13, 0xc3, 0x09, 0xfa, 0x0b, + 0xf1, 0x9f, 0x01, 0xb9, 0x53, 0xba, 0xfb, 0xbf, + 0x26, 0x2e, 0x5c, 0x85, 0x0d, 0xa4, 0xc9, 0x86, + 0xe8, 0x6b, 0x4b, 0x33, 0x89, 0x98, 0x00, 0x8b, + 0x8d, 0x89, 0x9a, 0xbb, 0x7f, 0xab, 0x6a, 0x30, + 0xf9, 0xfa, 0xf9, 0x1b, 0x47, 0x0d, 0xd6, 0x70, + 0x1a, 0x81, 0x55, 0xa0, 0x46, 0x85, 0xa2, 0x55, + 0x68, 0x01, 0x8b, 0x95, 0x42, 0x25, 0x56, 0xb0, + 0xc3, 0x39, 0x02, 0xb1, 0xa4, 0xae, 0xcf, 0x50, + 0x9c, 0x42, 0x45, 0x78, 0xc1, 0x8a, 0x63, 0xbd, + 0x09, 0x10, 0xab, 0xe5, 0x5c, 0xf6, 0x77, 0x54, + 0x12, 0x98, 0x45, 0xf3, 0x1a, 0x0e, 0x3f, 0x1e, + 0x56, 0xc9, 0x38, 0x0b, 0xe5, 0xa5, 0xcb, 0x99, + 0x5b, 0x36, 0xd9, 0x7b, 0x91, 0x2e, 0x49, 0xe5, + 0xd2, 0x33, 0x67, 0xf3, 0x20, 0xe0, 0x3d, 0xc5, + 0x2a, 0x50, 0xf4, 0x28, 0x08, 0x24, 0x97, 0x1a, + 0xb7, 0xdd, 0x19, 0xba, 0x56, 0x43, 0x02, 0xed, + 0xc2, 0xa1, 0x5b, 0x03, 0x9e, 0x89, 0xbe, 0x3d, + 0xe1, 0x19, 0xa4, 0x7c, 0x65, 0xbf, 0xa4, 0x4d, + 0xda, 0x46, 0xe6, 0x5d, 0x71, 0x96, 0x5d, 0x9a, + 0x58, 0xa1, 0xaf, 0x77, 0xed, 0x79, 0xae, 0xcf, + 0xba, 0xf2, 0xd7, 0x94, 0x0f, 0x49, 0xc2, 0xc7, + 0xa6, 0x04, 0x8a, 0x3c, 0x68, 0xbe, 0x8f, 0x8d, + 0xea, 0x73, 0xb4, 0xb0, 0x00, 0x9e, 0x6f, 0x3d, + 0x96, 0x28, 0xa4, 0xd3, 0x96, 0x23, 0x21, 0x2a, + 0x04, 0xbb, 0x2c, 0x69, 0x3d, 0x38, 0xa9, 0x4b, + 0xf4, 0xd0, 0xf5, 0x75, 0x8b, 0x6a, 0x6c, 0xcd, + 0xf3, 0x1f, 0xc3, 0x23, 0x79, 0x3a, 0x26, 0x67, + 0x5f, 0x4e, 0x40, 0xd4, 0x82, 0x3a, 0x40, 0x3a, + 0x92, 0xde, 0xd8, 0x5e, 0xf1, 0x7e, 0x8a, 0xb4, + 0x86, 0x51, 0xb3, 0xcc, 0x67, 0x9b, 0x2c, 0x67, + 0x05, 0x21, 0xd0, 0xbe, 0x29, 0xf4, 0xfe, 0xa6, + 0x61, 0x99, 0x4b, 0x72, 0x5b, 0x2a, 0x24, 0xc4, + 0xdd, 0x3a, 0x45, 0x5c, 0x73, 0x6f, 0x82, 0x4a, + 0x6b, 0x28, 0xaa, 0xc2, 0xde, 0x17, 0xd9, 0x39, + 0x60, 0x69, 0xe4, 0x14, 0xc6, 0x01, 0x1c, 0x4d, + 0x22, 0x00, 0x84, 0x7b, 0x6d, 0xf0, 0x40, 0xd6, + 0x94, 0x7c, 0x7b, 0x6f, 0xec, 0x44, 0x96, 0x43, + 0x4a, 0xe0, 0x51, 0x3e, 0x3f, 0xac, 0x33, 0xae, + 0xcc, 0xd5, 0x65, 0x5b, 0x43, 0x3b, 0x81, 0x7f, + 0x08, 0x08, 0xc0, 0x37, 0xb9, 0xa1, 0xb9, 0x4d, + 0xf4, 0x3c, 0xd0, 0x9a, 0x8e, 0xb6, 0x35, 0x90, + 0xfb, 0x91, 0x07, 0x1c, 0xad, 0xc5, 0x92, 0xef, + 0xdf, 0xee, 0x3c, 0x58, 0x59, 0xbc, 0xa1, 0xb3, + 0xc1, 0x32, 0x14, 0x64, 0xe6, 0x31, 0xf1, 0x8c, + 0xf1, 0x6e, 0xc5, 0x42, 0xe9, 0x4e, 0x44, 0xae, + 0xaf, 0x0a, 0x63, 0x73, 0x70, 0xdd, 0x67, 0x58, + 0xaf, 0x23, 0x9e, 0xa4, 0x01, 0x39, 0xdd, 0xe6, + 0x3b, 0x4d, 0x59, 0x7f, 0x8a, 0x23, 0xb3, 0x1f, + 0x85, 0x37, 0x3a, 0xb9, 0x05, 0x3e, 0xfb, 0x80, + 0xf9, 0x69, 0x25, 0x09, 0xca, 0x6d, 0xb4, 0x2f, + 0x2b, 0x01, 0xbe, 0x01, 0xf0, 0xf5, 0x98, 0x9e, + 0xc5, 0x6c, 0xa5, 0x9b, 0x62, 0x23, 0xa7, 0xec, + 0x32, 0xef, 0xd1, 0x81, 0xd1, 0x2b, 0xfa, 0xb7, + 0xf5, 0x94, 0x7d, 0x24, 0x27, 0x79, 0xcc, 0x43, + 0xed, 0x82, 0xb5, 0x5f, 0x40, 0xde, 0x58, 0x1b, + 0xbe, 0x7c, 0x8c, 0xf1, 0x43, 0x5a, 0x0e, 0xa1, + 0xe6, 0xff, 0x01, 0x07, 0x28, 0x83, 0x6f, 0x15, + 0x1a, 0x84, 0x95, 0x37, 0x0d, 0xc0, 0x6d, 0x95, + 0x3f, 0x60, 0x44, 0xe7, 0xea, 0x2b, 0x44, 0xaa, + 0xdb, 0xb2, 0x15, 0xc7, 0x72, 0xdf, 0xf3, 0xd6, + 0x8a, 0x89, 0x27, 0x96, 0x2a, 0xca, 0x5a, 0xb8, + 0x28, 0xaf, 0x5f, 0x40, 0x52, 0x80, 0xd5, 0x6a, + 0x92, 0x64, 0x51, 0x5e, 0x47, 0x44, 0xbd, 0x56, + 0x65, 0x11, 0x56, 0xb8, 0xd6, 0xfb, 0xcd, 0xca, + 0x4a, 0x05, 0x4c, 0x1e, 0x6d, 0xee, 0x05, 0x0d, + 0x85, 0xd2, 0x22, 0x0d, 0x0f, 0x99, 0xef, 0x4b, + 0x21, 0x1c, 0xd4, 0x42, 0xf2, 0x1d, 0x2e, 0xa2, + 0xa2, 0x72, 0x29, 0x1e, 0xc5, 0x7f, 0xdd, 0x92, + 0x1b, 0xf9, 0x86, 0xc6, 0x97, 0xd6, 0xc1, 0x28, + 0xca, 0x06, 0x91, 0xd9, 0xf1, 0x91, 0x2c, 0x29, + 0x4e, 0xd4, 0x7f, 0x81, 0xdf, 0x9d, 0xbc, 0xa6, + 0x89, 0x5f, 0xda, 0xf9, 0xae, 0xbf, 0xf0, 0xd7, + 0x57, 0x71, 0x73, 0x43, 0xba, 0x2f, 0x54, 0x6c, + 0xd2, 0xdf, 0x9f, 0xff, 0xfe, 0x35, 0xbc, 0xc2, + 0xdc, 0x17, 0xd4, 0x76, 0x31, 0xfc, 0xc2, 0x07, + 0x58, 0xa4, 0xd4, 0x9f, 0x54, 0x62, 0x82, 0xf8, + 0x30, 0xeb, 0x58, 0x84, 0x21, 0xbe, 0xce, 0x9f, + 0xc7, 0xfa, 0x12, 0x60, 0x22, 0x42, 0xa0, 0xaf, + 0x4c, 0xb9, 0xd8, 0x64, 0xb1, 0x63, 0x79, 0x7a, + 0x31, 0xd2, 0xef, 0x6b, 0x8a, 0x92, 0xa9, 0x78, + 0x51, 0x71, 0x4a, 0xb8, 0xb9, 0x1d, 0xf0, 0xf2, + 0x39, 0xb8, 0x69, 0xe7, 0x83, 0x6e, 0xaa, 0x23, + 0xd0, 0x36, 0xe3, 0xf0, 0x7b, 0xec, 0xd2, 0xc3, + 0xe7, 0x79, 0x54, 0xb6, 0xe5, 0x3e, 0x42, 0x3b, + 0xaa, 0xa7, 0x2a, 0x23, 0xeb, 0x62, 0xdc, 0x39, + 0xf8, 0x5f, 0x69, 0x02, 0x66, 0x5d, 0xf9, 0x33, + 0x35, 0x63, 0xdc, 0x33, 0xb6, 0x47, 0xf6, 0x88, + 0x05, 0x8e, 0x23, 0x05, 0xaf, 0xc8, 0x8d, 0x31, + 0xfd, 0x5f, 0x69, 0x52, 0x7f, 0x5f, 0x20, 0x99, + 0x24, 0x1a, 0x3c, 0x5e, 0x5d, 0x25, 0xf5, 0x8b, + 0x35, 0x9a, 0x99, 0x99, 0x87, 0x71, 0xb3, 0xe6, + 0xc3, 0x70, 0xc2, 0xbb, 0xe3, 0xb6, 0xce, 0x59, + 0xe3, 0xff, 0x4f, 0xc2, 0xbc, 0xe7, 0x36, 0x44, + 0xb7, 0xe4, 0x50, 0x8f, 0x2a, 0xf1, 0x9a, 0x9c, + 0x12, 0xe8, 0x6e, 0x06, 0x21, 0xf6, 0x1f, 0x65, + 0x5e, 0xe6, 0xd2, 0xc2, 0x6f, 0x65, 0xf4, 0x3b, + 0x4b, 0xb0, 0x17, 0xa1, 0x12, 0x9a, 0xdb, 0xa0, + 0xcb, 0x65, 0x77, 0x31, 0x7f, 0x95, 0x87, 0x5e, + 0x99, 0x03, 0x90, 0x6c, 0x75, 0xd2, 0x26, 0xa5, + 0x0c, 0x69, 0xff, 0x6e, 0xb0, 0xbf, 0xd3, 0xd2, + 0xf7, 0x2a, 0x35, 0x5b, 0x7b, 0x52, 0xcd, 0x28, + 0x4e, 0x20, 0x79, 0x22, 0xb4, 0xe3, 0xc0, 0xc5, + 0x83, 0x27, 0xc5, 0x88, 0xe6, 0xff, 0x78, 0xb4, + 0xb1, 0xd0, 0x4e, 0x32, 0xf7, 0x28, 0x5c, 0x24, + 0x4d, 0x8f, 0xc0, 0xd7, 0x05, 0xb9, 0xd9, 0x57, + 0x76, 0x7c, 0x6b, 0x56, 0x4e, 0xa4, 0x8b, 0x92, + 0xf0, 0x9e, 0x56, 0x33, 0xdb, 0xb3, 0xb0, 0x59, + 0x00, 0x61, 0xcf, 0x9f, 0xd0, 0x4a, 0x07, 0xf1, + 0xa0, 0x48, 0xde, 0x1f, 0x4f, 0xd4, 0xf0, 0xcd, + 0x54, 0x8b, 0xe1, 0xf2, 0x98, 0x13, 0xeb, 0x1b, + 0x4d, 0xd6, 0x30, 0x5d, 0x17, 0xc7, 0xf2, 0x66, + 0x54, 0xa9, 0x8b, 0x69, 0x79, 0xf1, 0x14, 0x0c, + 0xcc, 0x36, 0xf8, 0xd0, 0x4c, 0x88, 0x11, 0x97, + 0x74, 0xe1, 0x5b, 0x81, 0x85, 0x77, 0xe0, 0xf1, + 0x53, 0x0c, 0x90, 0xc5, 0x43, 0xc9, 0x2a, 0x63, + 0x03, 0x26, 0x46, 0x81, 0x4b, 0x7f, 0x4d, 0x46, + 0x39, 0x7b, 0xcb, 0x5f, 0x68, 0xd2, 0xc3, 0xe3, + 0x52, 0x09, 0x17, 0xdf, 0xe9, 0x5d, 0x4d, 0xdc, + 0x00, 0x5b, 0x94, 0xe8, 0x94, 0x6e, 0xc1, 0xa8, + 0xd6, 0x76, 0xd4, 0xff, 0x64, 0x54, 0x01, 0x10, + 0xc0, 0x48, 0xd0, 0x63, 0x82, 0x20, 0x2b, 0x06, + 0xe8, 0x21, 0xf8, 0xcd, 0x56, 0xc5, 0xc7, 0x31, + }; +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + WC_DECLARE_VAR(sig, byte, sizeof(sig_shake128s), HEAP_HINT); +#endif + + WC_ALLOC_VAR_EX(key_vfy, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + XMEMSET(key_vfy, 0, sizeof(*key_vfy)); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + WC_ALLOC_VAR_EX(key, SlhDsaKey, 1, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + XMEMSET(key, 0, sizeof(*key)); + WC_ALLOC_VAR_EX(sk, byte, WC_SLHDSA_MAX_PRIV_LEN, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + WC_ALLOC_VAR_EX(pk, byte, WC_SLHDSA_MAX_PUB_LEN, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + /* // NOLINTBEGIN(bugprone-sizeof-expression) */ + WC_ALLOC_VAR_EX(sig, byte, sizeof(sig_shake128s), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out)); + /* // NOLINTEND(bugprone-sizeof-expression) */ +#endif + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + ret = wc_SlhDsaKey_Init(key, SLHDSA_SHAKE128S, NULL, INVALID_DEVID); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_SlhDsaKey_MakeKeyWithRandom(key, + sk_seed_shake128s, (word32)sizeof(sk_seed_shake128s), + sk_prf_shake128s, (word32)sizeof(sk_prf_shake128s), + pk_seed_shake128s, (word32)sizeof(pk_seed_shake128s)); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + outLen = WC_SLHDSA_MAX_PRIV_LEN; + ret = wc_SlhDsaKey_ExportPrivate(key, sk, &outLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + if (outLen != 4 * 16) { + ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out); + } + if (XMEMCMP(sk, sk_shake128s, outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + outLen = WC_SLHDSA_MAX_PUB_LEN; + ret = wc_SlhDsaKey_ExportPublic(key, pk, &outLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + if (outLen != 2 * 16) { + ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out); + } + if (XMEMCMP(pk, pk_shake128s, outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif + + ret = wc_SlhDsaKey_Init(key_vfy, SLHDSA_SHAKE128S, NULL, INVALID_DEVID); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SlhDsaKey_ImportPublic(key_vfy, pk_shake128s, + (word32)sizeof(pk_shake128s)); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_SlhDsaKey_Verify(key_vfy, ctx, 0, msg, (word32)sizeof(msg), + sig_shake128s, (word32)sizeof(sig_shake128s)); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY + outLen = (word32)sizeof(sig_shake128s); + ret = wc_SlhDsaKey_SignWithRandom(key, ctx, 0, msg, (word32)sizeof(msg), + sig, &outLen, pk_seed_shake128s); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + if (outLen != (word32)sizeof(sig_shake128s)) { + ERROR_OUT(WC_TEST_RET_ENC_I(outLen), out); + } + if (XMEMCMP(sig, sig_shake128s, outLen) != 0) { + TestDumpData("SIG", sig, outLen); + TestDumpData("EXP", sig_shake128s, outLen); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif +#endif + +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +#ifdef WOLFSSL_SLHDSA_PARAM_128S + ret = slhdsa_test_param(SLHDSA_SHAKE128S); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE128S", 0); + goto out; + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_128F + ret = slhdsa_test_param(SLHDSA_SHAKE128F); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE128F", 0); + goto out; + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192S + ret = slhdsa_test_param(SLHDSA_SHAKE192S); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE192S", 0); + goto out; + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192F + ret = slhdsa_test_param(SLHDSA_SHAKE192F); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE192F", 0); + goto out; + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256S + ret = slhdsa_test_param(SLHDSA_SHAKE256S); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE256S", 0); + goto out; + } +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256F + ret = slhdsa_test_param(SLHDSA_SHAKE256F); + if (ret != 0) { + wc_test_render_error_message("SLHDSA_SHAKE256F", 0); + goto out; + } +#endif +#endif + +out: + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key_vfy) +#endif + { + wc_SlhDsaKey_Free(key_vfy); + } + WC_FREE_VAR_EX(key_vfy, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_SLHDSA_VERIFY_ONLY +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key) +#endif + { + wc_SlhDsaKey_Free(key); + } + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(pk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + /* source code reference point -- see print_fiducials() below. */ static WC_MAYBE_UNUSED const int fiducial3 = WC_TEST_RET_LN; @@ -51505,44 +55297,67 @@ return WC_TEST_RET_ENC_EC(ret); if (iTableLen != 0) { iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (iTable == NULL) - return WC_TEST_RET_ENC_ERRNO; + if (iTable == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } } len = 0; ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len); - if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) - return WC_TEST_RET_ENC_EC(ret); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } if (len > 0) { table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (table == NULL) - return WC_TEST_RET_ENC_ERRNO; + if (table == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } ret = wc_GenerateSakkeRskTable(key, rsk, table, &len); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } } ret = wc_SetSakkeRsk(key, rsk, table, len); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } XMEMCPY(tmpSsv, encSsv, sizeof(encSsv)); ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv), auth, sizeof(auth)); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); - if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) - return WC_TEST_RET_ENC_NC; + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto out; + } /* Don't reference table that is about to be freed. */ ret = wc_ClearSakkePointITable(key); - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + +out: /* Dispose of tables */ XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + /* return error code if encountered */ + if (ret != 0) { + return ret; + } /* Make sure the key public key is exportable - convert to Montgomery form * in Validation. @@ -54181,6 +57996,9 @@ wc_test_ret_t ret = 0; int testSz = 0, i; int envelopedSz, decodedSz; +#ifdef HAVE_AESGCM + int tagTruncationChecked = 0; +#endif byte *enveloped = NULL; byte *decoded = NULL; @@ -54692,6 +58510,45 @@ ERROR_OUT(WC_TEST_RET_ENC_NC, out); } +#ifdef HAVE_AESGCM + if (tagTruncationChecked == 0 && + (testVectors[i].encryptOID == AES128GCMb || + testVectors[i].encryptOID == AES192GCMb || + testVectors[i].encryptOID == AES256GCMb) && + testVectors[i].authAttribsSz == 0 && + testVectors[i].unauthAttribsSz == 0 && + envelopedSz > (WC_AES_BLOCK_SIZE + 2)) { + int macIdx = envelopedSz - (WC_AES_BLOCK_SIZE + 2); + byte* tampered = NULL; + + /* For plain DER output without unauthenticated attributes, the + * MAC OCTET STRING is the final field. */ + if (enveloped[macIdx] == ASN_OCTET_STRING && + enveloped[macIdx + 1] == WC_AES_BLOCK_SIZE) { + tampered = (byte*)XMALLOC((word32)envelopedSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (tampered == NULL) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + XMEMCPY(tampered, enveloped, (word32)envelopedSz); + tampered[macIdx + 1] = 1; + + decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, tampered, + (word32)envelopedSz, decoded, PKCS7_BUF_SIZE); + + XFREE(tampered, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + tampered = NULL; + + if (decodedSz > 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + tagTruncationChecked = 1; + } + } +#endif + #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); @@ -55732,7 +59589,7 @@ static const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 }; -#ifndef NO_SHA +#if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; #else byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; @@ -55779,7 +59636,7 @@ { #ifndef NO_RSA - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) /* RSA with SHA */ ADD_PKCS7SIGNEDVECTOR( data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, @@ -55877,7 +59734,7 @@ #endif /* NO_RSA */ #ifdef HAVE_ECC - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) /* ECDSA with SHA */ ADD_PKCS7SIGNEDVECTOR( data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, @@ -56046,7 +59903,7 @@ /* generate transactionID (used with SCEP) */ { - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) wc_Sha sha; byte digest[WC_SHA_DIGEST_SIZE]; #else @@ -56058,7 +59915,7 @@ transId[0] = 0x13; transId[1] = sizeof(digest) * 2; - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -56133,7 +59990,7 @@ { /* check getting signed attributes */ - #ifndef NO_SHA + #if !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; #else byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; @@ -58617,7 +62474,7 @@ #ifndef WOLFSSL_SP_MATH for (i = 0; i < 10; i++) { - for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { + for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 3; j++) { ret = randNum(a, j, rng, NULL); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); @@ -58638,7 +62495,7 @@ #endif for (i = 0; i < 10; i++) { - for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { + for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 3; j++) { ret = randNum(a, j, rng, NULL); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); @@ -58716,11 +62573,11 @@ return WC_TEST_RET_ENC_EC(ret); for (i = 0; i < 100; i++) { - for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) { + for (j = 1; j < WC_BITS_TO_BYTES(DIGIT_BIT) * 2; j++) { ret = randNum(d, j, rng, NULL); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); - for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) { + for (k = 1; k < WC_BITS_TO_BYTES(DIGIT_BIT) * 2 + 1; k++) { ret = randNum(a, k, rng, NULL); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); @@ -58744,7 +62601,7 @@ } } - ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL); + ret = randNum(d, WC_BITS_TO_BYTES(DIGIT_BIT) * 2, rng, NULL); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); mp_add(d, d, a); @@ -60807,7 +64664,11 @@ word32 sigSz; WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING; +#if !defined(WOLFSSL_NO_MALLOC) + byte* out = NULL; +#else byte out[RSA_TEST_BYTES]; +#endif #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ @@ -60845,6 +64706,11 @@ if (tmp == NULL) ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb); #endif +#if !defined(WOLFSSL_NO_MALLOC) + out = (byte*)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb); +#endif #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); @@ -60938,6 +64804,9 @@ #else wc_FreeRsaKey(key); #endif +#if !defined(WOLFSSL_NO_MALLOC) + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif #endif return ret; @@ -62194,6 +66063,54 @@ break; } } + else if (info->free.algo == WC_ALGO_TYPE_CIPHER) { + switch (info->free.type) { +#ifndef NO_AES + case WC_CIPHER_AES: + { + Aes* aes = (Aes*)info->free.obj; + aes->devId = INVALID_DEVID; + wc_AesFree(aes); + ret = 0; + break; + } +#endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } + else if (info->free.algo == WC_ALGO_TYPE_PK) { + switch (info->free.type) { +#ifdef HAVE_ECC + case WC_PK_TYPE_EC_KEYGEN: + { + ecc_key* ecc = (ecc_key*)info->free.obj; + ecc->devId = INVALID_DEVID; + wc_ecc_free(ecc); + ret = 0; + break; + } +#endif +#ifdef HAVE_DILITHIUM + case WC_PK_TYPE_PQC_SIG_KEYGEN: + { + if (info->free.subType == + WC_PQC_SIG_TYPE_DILITHIUM) { + dilithium_key* dil = + (dilithium_key*)info->free.obj; + dil->devId = INVALID_DEVID; + wc_dilithium_free(dil); + ret = 0; + } + break; + } +#endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } else { ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); } @@ -62381,6 +66298,10 @@ ret = ecc_onlycb_test(&myCtx); PRIVATE_KEY_LOCK(); #endif +#ifdef HAVE_DILITHIUM + if (ret == 0) + ret = dilithium_test(); +#endif #ifdef HAVE_ED25519 PRIVATE_KEY_UNLOCK(); if (ret == 0) @@ -62835,6 +66756,483 @@ } #endif +#ifdef REALLY_LONG_DRBG_CONTINUOUS_TEST + /* Test configuration */ + #define STRESS_TEST_ITERATIONS 4000000000UL /* 100 million iterations */ + #define PROGRESS_INTERVAL 10000000UL /* Report every 10M */ + #define BUFFER_SIZE 32 + + /* Color codes for output */ + #define COLOR_GREEN "\033[0;32m" + #define COLOR_RED "\033[0;31m" + #define COLOR_YELLOW "\033[0;33m" + #define COLOR_RESET "\033[0m" + + void print_result(const char* test_name, int passed, int *all_passed) + { + printf("[%s] %s\n", + (passed == 0) ? COLOR_GREEN "PASS" COLOR_RESET : + COLOR_RED "FAIL" COLOR_RESET, + test_name); + if (passed != 0) { + printf("Test result was %d\n", passed); + *all_passed = 0; + } + } + + /* Test 1: Basic RNG functionality */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_basic_rng(void) + { + WC_RNG rng; + byte buffer[BUFFER_SIZE]; + int ret = 0; + + printf("--- Test 1: Basic RNG Functionality ---\n"); + + ret = wc_InitRng(&rng); + if (ret != 0) { + printf("ERROR: wc_InitRng failed with code %d: %s\n", + ret, wc_GetErrorString(ret)); + return ret; + } + + /* Generate some random bytes */ + ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE); + if (ret != 0) { + printf("ERROR: wc_RNG_GenerateBlock failed with code %d: %s\n", + ret, wc_GetErrorString(ret)); + wc_FreeRng(&rng); + return ret; + } + + /* Check that buffer is not all zeros */ + int all_zeros = 1; + for (int i = 0; i < BUFFER_SIZE; i++) { + if (buffer[i] != 0) { + all_zeros = 0; + break; + } + } + + if (all_zeros) { + printf("ERROR: RNG generated all zeros\n"); + wc_FreeRng(&rng); + return DRBG_CONT_FIPS_E; + } + + printf("Generated %d random bytes successfully\n", BUFFER_SIZE); + ret = wc_FreeRng(&rng); + + return ret; + } + + /* Test 2: Multiple RNG instances */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_multiple_rngs(void) + { + #define NUM_RNGS 100 + WC_RNG rngs[NUM_RNGS]; + byte buffers[NUM_RNGS][BUFFER_SIZE]; + int ret = 0; + int i, j; + int all_same = 1; + + printf("\n--- Test 2: Multiple RNG Instances ---\n"); + + /* Initialize all RNGs */ + for (i = 0; i < NUM_RNGS; i++) { + ret = wc_InitRng(&rngs[i]); + if (ret != 0) { + printf("ERROR: wc_InitRng[%d] failed with code %d\n", i, ret); + /* Clean up any initialized RNGs */ + for (j = 0; j < i; j++) { + wc_FreeRng(&rngs[j]); + } + return ret; + } + } + + /* Generate random data from all RNGs */ + for (i = 0; i < NUM_RNGS; i++) { + ret = wc_RNG_GenerateBlock(&rngs[i], buffers[i], BUFFER_SIZE); + if (ret != 0) { + printf("ERROR: wc_RNG_GenerateBlock[%d] failed with code %d\n", + i, ret); + for (j = 0; j < NUM_RNGS; j++) { + wc_FreeRng(&rngs[j]); + } + return ret; + } + } + + /* Verify outputs are different (not all the same) */ + for (i = 1; i < NUM_RNGS; i++) { + if (memcmp(buffers[0], buffers[i], BUFFER_SIZE) != 0) { + all_same = 0; + break; + } + } + + if (all_same) { + printf("WARNING: All RNG outputs are identical (unexpected)\n"); + } + + /* Clean up */ + for (i = 0; i < NUM_RNGS; i++) { + wc_FreeRng(&rngs[i]); + } + + if (ret == 0) { + printf("Successfully operated %d RNG instances concurrently\n", + NUM_RNGS); + } else { + printf("Experienced failure %d\n", ret); + } + + return ret; + } + + /* Test 3: Stress test - run many iterations to detect false positives */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_stress_rng( + unsigned long iterations) + { + WC_RNG rng; + byte buffer[BUFFER_SIZE]; + int ret = 0; + unsigned long i; + unsigned long errors = 0; + + printf("\n--- Test 5: Stress Test (%lu iterations) ---\n", iterations); + printf("Verifies no false positive continuous test failures occur.\n"); + + ret = wc_InitRng(&rng); + if (ret != 0) { + printf("ERROR: wc_InitRng failed with code %d\n", ret); + return ret; + } + + for (i = 0; i < iterations; i++) { + ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE); + + if (ret != 0 ) { + printf("\n" COLOR_RED "ERROR: error at iteration %lu" + COLOR_RESET "\n", i); + errors++; + } + + /* Progress reporting */ + if ((i + 1) % PROGRESS_INTERVAL == 0) { + printf(" Progress: %lu iterations (%.1f%%)...\r", + i + 1, (double)(i + 1) / iterations * 100.0); + fflush(stdout); + } + } + + printf("\n"); + + wc_FreeRng(&rng); + + if (errors == 0) { + printf(COLOR_GREEN "Completed %lu iterations, no false positives!" + COLOR_RESET "\n", iterations); + return 0; + } else { + printf(COLOR_RED "Test failed with %lu errors" COLOR_RESET "\n", + errors); + return ret; + } + } + + /* Test 4: Reinitialize RNG multiple times */ +#ifndef WOLFSSL_PTHREADS + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void) + { + WC_RNG rng; + byte buffer[BUFFER_SIZE]; + int ret = 0; + unsigned long i; + unsigned long REINIT_COUNT = STRESS_TEST_ITERATIONS; + + printf("\n--- Test 4: RNG Reinitialization Test ---\n"); + + for (i = 0; i < REINIT_COUNT; i++) { + ret = wc_InitRng(&rng); + if (ret != 0) { +#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST) +/* SUPER noisy default on when not FIPS and off when FIPS */ + printf("ERROR: wc_InitRng failed at iteration %lu with code " + "%d\n", i, ret); +#endif + return ret; + } + + ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE); + if (ret != 0) { +#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST) +/* SUPER noisy default on when not FIPS and off when FIPS */ + printf("ERROR: wc_RNG_GenerateBlock failed at iteration %lu " + "with code %d\n", i, ret); +#endif + wc_FreeRng(&rng); + return ret; + } + + wc_FreeRng(&rng); + } + + printf("Successfully reinitialized RNG %lu times\n", REINIT_COUNT); + + return 0; + } +#else + /* RNG ReInit Test Configuration + * + * You can override these at compile time with -DNUM_THREADS=X + * or use one of the predefined test profiles below: + * + * Profile A (Default - Aggressive): 40 threads x 100M = 4B iterations + * - Expected ~30 statistical false positives + * - High entropy source stress + * - Total entropy demand: ~528 GB + * + * Profile B (Moderate): 4 threads x 1M = 4M iterations + * - Expected ~0.03 statistical false positives (unlikely to see any) + * - Moderate entropy source stress + * - Compile with: -DRNG_TEST_PROFILE=2 + * + * Profile C (Single-threaded): 1 thread x 100M = 100M iterations + * - Expected ~0.75 statistical false positives + * - Tests for false positives without threading stress + * - Compile with: -DRNG_TEST_PROFILE=3 + */ + + #if defined(RNG_TEST_PROFILE) && (RNG_TEST_PROFILE == 2) + /* Profile B: Moderate test - reduced entropy stress */ + #ifndef NUM_THREADS + #define NUM_THREADS 4 + #endif + #ifndef ITERATIONS_PER_THREAD + /* Only testing 400 million, expect 1 or 0 failures */ + #define ITERATIONS_PER_THREAD 1000000 + #endif + #elif defined(RNG_TEST_PROFILE) && (RNG_TEST_PROFILE == 3) + /* Profile C: Single-threaded stress - no thread contention */ + #ifndef NUM_THREADS + #define NUM_THREADS 1 + #endif + #ifndef ITERATIONS_PER_THREAD + /* Test 4 billion with no thread contention and less likely to + * deplete entropy pool, expect 0 failures */ + #define ITERATIONS_PER_THREAD 4000000000 + #endif + #else + /* Profile A (Default): Aggressive multi-threaded test */ + #ifndef NUM_THREADS + #define NUM_THREADS 40 + #endif + #ifndef ITERATIONS_PER_THREAD + /* Test 4 billion with high probability of entropy depletion. + * expect many failures (30+ threads failing) */ + #define ITERATIONS_PER_THREAD 100000000 + #endif + #endif + + struct worker_args { + int id; + unsigned long iterations; + int result; + unsigned long succCnt; + }; + + static THREAD_RETURN WOLFSSL_THREAD reinit_worker(void *args) + { + struct worker_args* wa = (struct worker_args*)args; + WC_RNG rng; + byte buffer[BUFFER_SIZE]; + int ret = 0; + unsigned long i; + + for (i = 0; i < wa->iterations; i++) { + ret = wc_InitRng(&rng); + if (ret != 0) { +#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST) +/* SUPER noisy default on when not FIPS and off when FIPS */ + printf("ERROR: wc_InitRng failed at iteration %lu with code " + "%d\n", i, ret); +#endif + wa->result = ret; + wa->succCnt -= 1; + } + + ret = wc_RNG_GenerateBlock(&rng, buffer, BUFFER_SIZE); + if (ret != 0) { +#if defined(HAVE_FIPS) && defined(VERBOSE_STRESS_TEST) +/* SUPER noisy default on when not FIPS and off when FIPS */ + printf("ERROR: wc_RNG_GenerateBlock failed at iteration %lu " + "with code %d\n", i, ret); +#endif + wc_FreeRng(&rng); + wa->result = ret; + } + + (void) wc_FreeRng(&rng); + } + wa->result = 0; + WOLFSSL_RETURN_FROM_THREAD(0); + } + + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_reinit_rng(void) + { + THREAD_TYPE threads[NUM_THREADS]; + struct worker_args args[NUM_THREADS]; + int i, ret = 0; + int succT = NUM_THREADS, failT = 0; + unsigned long totalCnt, totalSuccCnt = 0; + unsigned long total_iterations = (unsigned long)NUM_THREADS * + ITERATIONS_PER_THREAD; + + totalCnt = (unsigned long) ITERATIONS_PER_THREAD * + (unsigned long) NUM_THREADS; + printf("\n--- Test 4: RNG ReInit Test (multi-threaded) ---\n"); + printf("Configuration: %d threads x %lu iterations = %lu total\n", + NUM_THREADS, (unsigned long)ITERATIONS_PER_THREAD, + total_iterations); + #if defined(RNG_TEST_PROFILE) + printf("Test Profile: %d ", RNG_TEST_PROFILE); + #if RNG_TEST_PROFILE == 2 + printf("(Moderate - reduced entropy stress)\n"); + #elif RNG_TEST_PROFILE == 3 + printf("(Single-threaded stress test)\n"); + #else + printf("(Custom)\n"); + #endif + #else + printf("Test Profile: Default (Aggressive multi-threaded)\n"); + #endif + printf("Expected statistical false positive rate: ~%.2f failures\n", + (double)total_iterations * 32.0 / 4294967296.0); + + for (i = 0; i < NUM_THREADS; i++) { + args[i].id = i; + args[i].iterations = ITERATIONS_PER_THREAD; + args[i].succCnt = ITERATIONS_PER_THREAD; + ret = wolfSSL_NewThread(&threads[i], &reinit_worker, &args[i]); + if (ret != 0) { + printf("ERROR: Failed to create thread %d\n", i); + goto drbg_cont_end; + } + } + + for (i = 0; i < NUM_THREADS; i++) { + wolfSSL_JoinThread(threads[i]); + } + + for (i = 0; i < NUM_THREADS; i++) { + if (args[i].result == 0) { + printf("Thread %d Succeeded\n", i); + } else { + succT -= 1; + failT += 1; + printf("Thread %d failed\n", i); + } + totalSuccCnt += args[i].succCnt; + } + +drbg_cont_end: + printf("Reinitialized RNG %lu times across %d threads\n", + total_iterations, NUM_THREADS); + printf("Experienced %d thread failures and %d thread successes\n", + failT, succT); + if (totalCnt == totalSuccCnt) { + printf("All %lu API calls succeeded\n", totalSuccCnt); + } else { + printf("%lu/%lu API calls failed\n", totalCnt - totalSuccCnt, + totalCnt); + } + return failT; + } +#endif /* !WOLFSSL_PTHREADS */ + + /* Test 5: FIPS status check */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t test_fips_status(void) + { + #ifdef HAVE_FIPS + int status; + + printf("\n--- Test 3: FIPS Status Check ---\n"); + + status = wolfCrypt_GetStatus_fips(); + + printf("FIPS Module Status: %d\n", status); + + if (status != 0) { + printf(COLOR_YELLOW "WARNING: FIPS module not OK state (status=%d)" + COLOR_RESET "\n", status); + return -1; + } else { + printf(COLOR_GREEN "FIPS module in OK state" COLOR_RESET "\n"); + return 0; + } + #else + printf("\n--- Test 3: FIPS Status Check ---\n"); + printf(COLOR_YELLOW "SKIPPED: FIPS not enabled" COLOR_RESET "\n"); + return 0; /* Not a failure, just skipped */ + #endif + } + + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t drbg_continuous_main(void) + { + int all_passed = 1; + unsigned long stress_iterations = STRESS_TEST_ITERATIONS; + + printf("===============================================\n"); + printf("DRBG Continuous Test Validation Suite\n"); + printf("===============================================\n"); + + #ifdef HAVE_FIPS + printf("FIPS Build: YES\n"); + printf("FIPS Version: %s\n", wolfCrypt_GetVersion_fips()); + #else + printf("FIPS Build: NO\n"); + #endif + printf("\n"); + + /* Run tests */ + /* Test 1 */ + print_result("Basic RNG Functionality", test_basic_rng(), &all_passed); + + /* Test 2 */ + print_result("Multiple RNG Instances", test_multiple_rngs(), + &all_passed); + + /* Test 3 */ + print_result("FIPS Status Check", test_fips_status(), &all_passed); + + /* Test 4 */ + print_result("RNG Reinitialization", test_reinit_rng(), &all_passed); + + /* Stress test (takes longest) */ + /* Test 5 */ + print_result("Stress Test (No False Positives)", + test_stress_rng(stress_iterations), &all_passed); + + /* Test 3 - ReRun after the heavy stress tests */ + print_result("FIPS Status Check", test_fips_status(), &all_passed); + + /* Summary */ + printf("\n===============================================\n"); + if (all_passed) { + printf(COLOR_GREEN "ALL TESTS PASSED" COLOR_RESET "\n"); + printf("The DRBG continuous test fix is working correctly.\n"); + } else { + printf(COLOR_RED "SOME TESTS FAILED" COLOR_RESET "\n"); + printf("Please review the errors above.\n"); + } + printf("===============================================\n"); + + return all_passed ? 0 : 1; + } +#endif /* REALLY_LONG_DRBG_CONTINUOUS_TEST */ + #undef ERROR_OUT static WC_MAYBE_UNUSED const int fiducial4 = WC_TEST_RET_LN; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcrypt/test/test.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,6 +104,17 @@ #ifdef WC_TEST_EXPORT_SUBTESTS +#if defined(NO_FILESYSTEM) || defined(WC_NO_RNG) + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_2048 + #endif + #if !defined(USE_CERT_BUFFERS_256) + #define USE_CERT_BUFFERS_256 + #endif +#endif + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void); extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void); @@ -163,12 +174,24 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); #endif extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); -#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); #endif #ifdef WC_SRTP_KDF extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); #endif + +#if defined(WC_KDF_NIST_SP_800_56C) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void); +#endif +#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp800108_cmac(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_twostep_cmac(void); +#endif extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void); #ifdef WC_RC2 extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void); @@ -218,12 +241,15 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); #ifndef WC_NO_RNG extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); +#ifdef WC_RNG_BANK_SUPPORT +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_bank_test(void); +#endif #endif /* WC_NO_RNG */ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); #if defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_PKCS12) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ - !defined(NO_CERTS) && !defined(NO_DES3) + !defined(NO_CERTS) && !defined(NO_DES3) && !defined(NO_SHA) extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); #endif extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); @@ -293,17 +319,22 @@ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); #endif #endif +#if defined(WOLFSSL_HAVE_SLHDSA) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t slhdsa_test(void); +#endif #ifdef WOLFCRYPT_HAVE_ECCSI extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void); #endif #ifdef WOLFCRYPT_HAVE_SAKKE extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void); #endif -#ifdef HAVE_BLAKE2 +#ifdef HAVE_BLAKE2B extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void); + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_hmac_test(void); #endif #ifdef HAVE_BLAKE2S extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void); + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_hmac_test(void); #endif #ifdef HAVE_LIBZ extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test_paths.h.in mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test_paths.h.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfcrypt/test/test_paths.h.in 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfcrypt/test/test_paths.h.in 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcrypt/test/test_paths.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/callbacks.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/callbacks.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/callbacks.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/callbacks.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/certs_test.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/certs_test.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/certs_test.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/certs_test.h 2026-05-24 09:58:33.000000000 +0000 @@ -6851,14 +6851,14 @@ }; #define sizeof_server_ed25519_cert (sizeof(server_ed25519_cert)) -/* ./certs/ed25519/server-ed25519-key.der, ED25519 */ +/* ./certs/ed25519/server-ed25519-priv.der, ED25519 */ static const unsigned char server_ed25519_key[] = { - 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, - 0x21, 0x00, 0x23, 0xAA, 0x4D, 0x60, 0x50, 0xE0, 0x13, 0xD3, - 0x3A, 0xED, 0xAB, 0xF6, 0xA9, 0xCC, 0x4A, 0xFE, 0xD7, 0x4D, - 0x2F, 0xD2, 0x5B, 0x1A, 0x10, 0x05, 0xEF, 0x5A, 0x41, 0x25, - 0xCE, 0x1B, 0x53, 0x78 + 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x8E, 0x98, 0x44, 0xB0, + 0x54, 0x81, 0xC6, 0x3A, 0x47, 0xD8, 0xFB, 0xC3, 0x36, 0xBF, + 0x19, 0x70, 0x61, 0x09, 0x23, 0x76, 0xE3, 0x1C, 0x6F, 0x83, + 0x38, 0xAE, 0x49, 0x55, 0xC5, 0x9E, 0x87, 0x22 }; #define sizeof_server_ed25519_key (sizeof(server_ed25519_key)) @@ -7030,14 +7030,14 @@ }; #define sizeof_client_ed25519_cert (sizeof(client_ed25519_cert)) -/* ./certs/ed25519/client-ed25519-key.der, ED25519 */ +/* ./certs/ed25519/client-ed25519-priv.der, ED25519 */ static const unsigned char client_ed25519_key[] = { - 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x70, 0x03, - 0x21, 0x00, 0xE6, 0x57, 0x5B, 0x13, 0x1B, 0xC7, 0x51, 0x14, - 0x6B, 0xED, 0x3B, 0xF5, 0xD1, 0xFA, 0xAB, 0x9E, 0x6C, 0xB6, - 0xEB, 0x02, 0x09, 0xA3, 0x99, 0xF5, 0x6E, 0xBF, 0x9D, 0x3C, - 0xFE, 0x54, 0x39, 0xE6 + 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, + 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, 0x92, 0xB5, 0x4C, 0xEC, + 0xAF, 0x81, 0xC6, 0xBB, 0x01, 0xD6, 0xD5, 0xDE, 0xBD, 0x37, + 0x97, 0x5A, 0xD2, 0xC6, 0xF6, 0xC3, 0x85, 0xB5, 0x3B, 0xE6, + 0xE4, 0xEC, 0x32, 0xE9, 0xC7, 0xCA, 0x52, 0xEB }; #define sizeof_client_ed25519_key (sizeof(client_ed25519_key)) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/crl.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/crl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/crl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/crl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -39,8 +39,11 @@ WOLFSSL_LOCAL int LoadCRL(WOLFSSL_CRL* crl, const char* path, int type, int monitor); +WOLFSSL_LOCAL int StoreCRL(WOLFSSL_CRL* crl, const char* file, int type); WOLFSSL_LOCAL int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, int verify); +WOLFSSL_LOCAL int BufferStoreCRL(WOLFSSL_CRL* crl, byte* buff, long* inOutSz, + int type); WOLFSSL_LOCAL int CheckCertCRL(WOLFSSL_CRL* crl, DecodedCert* cert); WOLFSSL_LOCAL int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, int serialSz, byte* serialHash, const byte* extCrlInfo, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/error-ssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/error-ssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/error-ssl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/error-ssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,6 +82,7 @@ CLIENT_ID_ERROR = -331, /* psk client identity error */ SERVER_HINT_ERROR = -332, /* psk server hint error */ PSK_KEY_ERROR = -333, /* psk key error */ + DUPE_ENTRY_E = -334, /* duplicate entry error */ GETTIME_ERROR = -337, /* gettimeofday failed ??? */ GETITIMER_ERROR = -338, /* getitimer failed ??? */ @@ -184,7 +185,7 @@ TLS13_SECRET_CB_E = -438, /* TLS1.3 secret Cb fcn failure */ DTLS_SIZE_ERROR = -439, /* Trying to send too much data */ NO_CERT_ERROR = -440, /* TLS1.3 - no cert set error */ - APP_DATA_READY = -441, /* DTLS1.2 application data ready for read */ + APP_DATA_READY = -441, /* Application data ready for read */ TOO_MUCH_EARLY_DATA = -442, /* Too much Early data */ SOCKET_FILTERED_E = -443, /* Session stopped by network filter */ HTTP_RECV_ERR = -444, /* HTTP Receive error */ @@ -237,7 +238,9 @@ CRYPTO_POLICY_FORBIDDEN = -516, /* operation forbidden by system * crypto-policy */ - WOLFSSL_LAST_E = -516 + SESSION_TICKET_NONCE_OVERFLOW = -517, /* Session ticket nonce overflow */ + + WOLFSSL_LAST_E = -517 /* codes -1000 to -1999 are reserved for wolfCrypt. */ }; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/internal.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/internal.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/internal.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/internal.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1260,7 +1260,7 @@ #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ defined(SP_INT_BITS) /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define WOLFSSL_MAX_DHKEY_BITS (((SP_INT_BITS + 7) / 8) * 8) + #define WOLFSSL_MAX_DHKEY_BITS WC_BITS_FULL_BYTES(SP_INT_BITS) #else #define WOLFSSL_MAX_DHKEY_BITS 4096 #endif @@ -1279,16 +1279,6 @@ #endif #endif /* NO_DH */ -#ifndef MAX_PSK_ID_LEN - /* max psk identity/hint supported */ - #if defined(WOLFSSL_TLS13) - /* OpenSSL has a 1472 byte session ticket */ - #define MAX_PSK_ID_LEN 1536 - #else - #define MAX_PSK_ID_LEN 128 - #endif -#endif - #ifndef MAX_PSK_KEY_LEN #define MAX_PSK_KEY_LEN 64 #endif @@ -1526,16 +1516,11 @@ MAXEARLYDATASZ_LEN = 4, /* maxEarlyDataSz size in ticket */ #endif #endif -#if defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) - ENCRYPT_LEN = 5120, /* Allow 5k byte buffer for dilithium and - * hybridization with other algs. */ -#else #ifndef NO_PSK ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2, #else ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), #endif -#endif SIZEOF_SENDER = 4, /* clnt or srvr */ FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */ MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */ @@ -1673,6 +1658,12 @@ MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */ SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */ TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */ + MAX_EXT_DATA_LEN = 65535, + /* Max extension data length <0..2^16-1> RFC 8446 + * Section 4.2 */ + MAX_SV_EXT_LEN = 255, + /* Max supported_versions extension length + * <2..254> RFC 8446 Section 4.2.1.*/ #if defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_TLS13) #if defined(WOLFSSL_SHA384) && WC_MAX_SYM_KEY_SIZE < 48 @@ -1751,7 +1742,7 @@ ECDHE_SIZE = 32, /* ECDHE server size defaults to 256 bit */ #endif MAX_EXPORT_ECC_SZ = 256, /* Export ANSI X9.62 max future size */ - MAX_CURVE_NAME_SZ = 18, /* Maximum size of curve name string */ + MAX_CURVE_NAME_SZ = 20, /* Maximum size of curve name string */ NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */ RSA_PSS_RSAE_SHA256_MINOR = 0x04, @@ -1760,6 +1751,9 @@ RSA_PSS_PSS_SHA256_MINOR = 0x09, RSA_PSS_PSS_SHA384_MINOR = 0x0A, RSA_PSS_PSS_SHA512_MINOR = 0x0B, + ECDSA_BRAINPOOLP256R1TLS13_SHA256_MINOR = 0x1A, + ECDSA_BRAINPOOLP384R1TLS13_SHA384_MINOR = 0x1B, + ECDSA_BRAINPOOLP512R1TLS13_SHA512_MINOR = 0x1C, ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */ ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */ @@ -1864,7 +1858,15 @@ #endif /* Set max implicit IV size for AEAD cipher suites */ -#define AEAD_MAX_IMP_SZ 12 +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_SHA384) + /* Integrity-only cipher suites use IV size equal to hash output size */ + #define AEAD_MAX_IMP_SZ 48 +#elif defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) + /* Integrity-only cipher suites use IV size equal to hash output size */ + #define AEAD_MAX_IMP_SZ 32 +#else + #define AEAD_MAX_IMP_SZ 12 +#endif /* Set max explicit IV size for AEAD cipher suites */ #define AEAD_MAX_EXP_SZ 8 @@ -1883,7 +1885,7 @@ */ #define WOLFSSL_MAX_SIGALGO 128 #else - #define WOLFSSL_MAX_SIGALGO 38 + #define WOLFSSL_MAX_SIGALGO 44 #endif #endif @@ -2034,8 +2036,10 @@ #define MAX_ENCRYPT_SZ ENCRYPT_LEN #define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y)) +#define WOLFSSL_ASSERT_GE(x, y) wc_static_assert((x) >= (y)) #define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y)) +#define WOLFSSL_ASSERT_SIZEOF_EQ(x, y) wc_static_assert(sizeof(x) == sizeof(y)) /* states. Adding state before HANDSHAKE_DONE will break session importing */ enum states { @@ -2189,9 +2193,9 @@ const DerBuffer* key, const DerBuffer* mask); WOLFSSL_LOCAL void wolfssl_priv_der_unblind_free(DerBuffer* key); #endif -WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* length); +WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word32* sigLen); #ifdef WOLFSSL_DUAL_ALG_CERTS -WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* length); +WOLFSSL_LOCAL int DecodeAltPrivateKey(WOLFSSL *ssl, word32* sigLen); #endif #if defined(WOLF_PRIVATE_KEY_ID) || defined(HAVE_PK_CALLBACKS) WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl); @@ -2377,7 +2381,8 @@ #define InitSuitesHashSigAlgo wolfSSL_InitSuitesHashSigAlgo #endif WOLFSSL_TEST_VIS void InitSuitesHashSigAlgo(byte* hashSigAlgo, int have, - int tls1_2, int keySz, word16* len); + int tls1_2, int tls1_3, int keySz, + word16* len); WOLFSSL_LOCAL int AllocateCtxSuites(WOLFSSL_CTX* ctx); WOLFSSL_LOCAL int AllocateSuites(WOLFSSL* ssl); WOLFSSL_LOCAL void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, @@ -2466,10 +2471,6 @@ }; #endif -#ifndef MAX_DATE_SIZE -#define MAX_DATE_SIZE 32 -#endif - typedef struct CRL_Entry CRL_Entry; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) @@ -2504,7 +2505,7 @@ /* DupCRL_Entry copies data after the `verifyMutex` member. Using the mutex * as the marker because clang-tidy doesn't like taking the sizeof a * pointer. */ - byte crlNumber[CRL_MAX_NUM_SZ]; /* CRL number extension */ + char crlNumber[CRL_MAX_NUM_HEX_STR_SZ]; /* CRL number extension */ byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */ /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */ /* restore the hash here if needed for optimized comparisons */ @@ -2586,6 +2587,9 @@ #ifdef OPENSSL_ALL wolfSSL_Ref ref; #endif +#if defined(OPENSSL_EXTRA) + WOLFSSL_STACK* revokedStack; /* cached STACK_OF(X509_REVOKED) */ +#endif void* heap; /* heap hint for dynamic memory */ }; #endif @@ -2848,7 +2852,15 @@ WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); #endif -#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && defined(WOLFSSL_SHA384) + /* Integrity-only cipher suites use IV size equal to hash output size */ + #define MAX_WRITE_IV_SZ 48 +#elif defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) + /* Integrity-only cipher suites use IV size equal to hash output size */ + #define MAX_WRITE_IV_SZ 32 +#else + #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ +#endif /* keys and secrets * keep as a constant size (no additional ifdefs) for session export */ @@ -2957,8 +2969,8 @@ #define TLSXT_KEY_SHARE 0x0033 #define TLSXT_CONNECTION_ID 0x0036 #define TLSXT_KEY_QUIC_TP_PARAMS 0x0039 /* RFC 9001, ch. 8.2 */ -#define TLSXT_ECH 0xfe0d /* from */ - /* draft-ietf-tls-esni-13 */ +#define TLSXT_ECH 0xfe0d /* RFC 9849 */ +#define TLSXT_ECH_OUTER_EXTENSIONS 0xfd00 /* RFC 9849 */ /* The 0xFF section is experimental/custom/personal use */ #define TLSXT_CKS 0xff92 /* X9.146 */ #define TLSXT_RENEGOTIATION_INFO 0xff01 @@ -3012,9 +3024,6 @@ #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, #endif - #if defined(WOLFSSL_DTLS_CID) - TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, - #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_QUIC TLSX_KEY_QUIC_TP_PARAMS = TLSXT_KEY_QUIC_TP_PARAMS, #endif @@ -3022,6 +3031,9 @@ TLSX_ECH = TLSXT_ECH, #endif #endif +#if defined(WOLFSSL_DTLS_CID) + TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, +#endif /* defined(WOLFSSL_DTLS_CID) */ #if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, @@ -3083,6 +3095,13 @@ ECH_PARSED_INTERNAL, } EchState; +typedef enum { + ECH_OUTER_SNI, + ECH_INNER_SNI, + ECH_INNER_SNI_ATTEMPT, + ECH_SNI_DONE, +} EchStateSNI; + typedef struct EchCipherSuite { word16 kdfId; word16 aeadId; @@ -3105,6 +3124,7 @@ Hpke* hpke; HpkeBaseContext* hpkeContext; const byte* aad; + const char* privateName; void* ephemeralKey; WOLFSSL_EchConfig* echConfig; byte* innerClientHello; @@ -3117,6 +3137,7 @@ word16 kemId; word16 encLen; EchState state; + EchStateSNI sniState; byte type; byte configId; byte enc[HPKE_Npk_MAX]; @@ -3148,7 +3169,10 @@ struct TLSX* next; /* List Behavior */ }; -WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type); +#ifdef WOLFSSL_API_PREFIX_MAP + #define TLSX_Find wolfSSL_TLSX_Find +#endif +WOLFSSL_TEST_VIS TLSX* TLSX_Find(TLSX* list, TLSX_Type type); WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap); WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap); WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl); @@ -3193,8 +3217,9 @@ || defined(HAVE_SECURE_RENEGOTIATION) \ || defined(HAVE_SERVER_RENEGOTIATION_INFO) +#ifndef NO_TLS #error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined. - +#endif #endif /* HAVE_TLS_EXTENSIONS */ /** Server Name Indication - RFC 6066 (session 3) */ @@ -3215,6 +3240,10 @@ WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type); WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type, void** data, byte ignoreStatus); +#ifdef WOLFSSL_API_PREFIX_MAP + #define TLSX_SNI_GetSize wolfSSL_TLSX_SNI_GetSize +#endif +WOLFSSL_TEST_VIS word16 TLSX_SNI_GetSize(SNI* list); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type, @@ -3392,6 +3421,7 @@ WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, void* heap); +WOLFSSL_LOCAL int TLSX_IsGroupSupported(int namedGroup); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, @@ -3399,6 +3429,7 @@ WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl); WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl); #endif +WOLFSSL_LOCAL int TLSX_SupportedCurve_IsSupported(WOLFSSL* ssl, word16 name); WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported); WOLFSSL_LOCAL int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, @@ -3440,6 +3471,11 @@ #endif /* HAVE_SECURE_RENEGOTIATION */ #ifdef HAVE_SESSION_TICKET +/* Max peer cert size for ticket: 2KB is reasonable for most RSA/ECC certs */ +#ifndef MAX_TICKET_PEER_CERT_SZ +#define MAX_TICKET_PEER_CERT_SZ 2048 +#endif + /* Our ticket format. All members need to be a byte or array of byte to * avoid alignment issues */ typedef struct InternalTicket { @@ -3465,21 +3501,40 @@ byte sessionCtxSz; /* sessionCtx length */ byte sessionCtx[ID_LEN]; /* app specific context id */ #endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + byte peerCertLen[OPAQUE16_LEN]; /* peer cert length */ + byte peerCert[]; /* peer certificate DER - variable length */ +#endif } InternalTicket; +/* Base size of InternalTicket without the variable-length peerCert field */ +#define WOLFSSL_INTERNAL_TICKET_BASE_SZ (sizeof(InternalTicket)) + +/* Minimum internal ticket length (no peer cert) */ #ifndef WOLFSSL_TICKET_ENC_CBC_HMAC - #define WOLFSSL_INTERNAL_TICKET_LEN sizeof(InternalTicket) + #define WOLFSSL_INTERNAL_TICKET_LEN WOLFSSL_INTERNAL_TICKET_BASE_SZ #else #define WOLFSSL_INTERNAL_TICKET_LEN \ - (((sizeof(InternalTicket) + 15) / 16) * 16) + (((WOLFSSL_INTERNAL_TICKET_BASE_SZ + 15) / 16) * 16) +#endif + +/* Maximum internal ticket length (with max peer cert) */ +#if defined(OPENSSL_ALL) && defined(KEEP_PEER_CERT) && \ + !defined(NO_CERT_IN_TICKET) + #define WOLFSSL_INTERNAL_TICKET_MAX_SZ \ + (WOLFSSL_INTERNAL_TICKET_BASE_SZ + MAX_TICKET_PEER_CERT_SZ) +#else + #define WOLFSSL_INTERNAL_TICKET_MAX_SZ WOLFSSL_INTERNAL_TICKET_BASE_SZ #endif #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32 #endif +/* Maximum encrypted ticket size */ #define WOLFSSL_TICKET_ENC_SZ \ - (sizeof(InternalTicket) + WOLFSSL_TICKET_EXTRA_PADDING_SZ) + (WOLFSSL_INTERNAL_TICKET_MAX_SZ + WOLFSSL_TICKET_EXTRA_PADDING_SZ) /* RFC 5077 defines this for session tickets. All members need to be a byte or * array of byte to avoid alignment issues */ @@ -3487,14 +3542,18 @@ byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name - 16 */ byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv - 16 */ byte enc_len[OPAQUE16_LEN]; /* encrypted length - 2 */ - byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; - /* encrypted internal ticket */ - byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac - 32 */ + byte enc_ticket[]; /* encrypted ticket - var length + * + total mac - 32 */ } ExternalTicket; -/* Cast to int to reduce amount of casts in code */ -#define SESSION_TICKET_LEN ((int)sizeof(ExternalTicket)) -#define WOLFSSL_TICKET_FIXED_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_ENC_SZ) +/* Fixed portion of external ticket (key_name + iv + enc_len) */ +#define WOLFSSL_TICKET_FIXED_SZ \ + (WOLFSSL_TICKET_NAME_SZ + WOLFSSL_TICKET_IV_SZ + OPAQUE16_LEN + \ + WOLFSSL_TICKET_MAC_SZ) + +/* Maximum session ticket length */ +#define SESSION_TICKET_LEN \ + ((int)(WOLFSSL_TICKET_FIXED_SZ + WOLFSSL_TICKET_ENC_SZ)) typedef struct SessionTicket { word32 lifetime; @@ -3536,6 +3595,20 @@ #endif /* HAVE_SESSION_TICKET */ +#ifndef MAX_PSK_ID_LEN + /* max psk identity/hint supported */ + #if defined(WOLFSSL_TLS13) + #ifdef SESSION_TICKET_LEN + #define MAX_PSK_ID_LEN SESSION_TICKET_LEN + #else + /* Previous value. Use as fallback for when tickets are disabled. */ + #define MAX_PSK_ID_LEN 1536 + #endif + #else + #define MAX_PSK_ID_LEN 128 + #endif +#endif + #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) int TLSX_EncryptThenMac_Respond(WOLFSSL* ssl); #endif @@ -3599,6 +3672,8 @@ word16 length, byte msgType); WOLFSSL_LOCAL int TLSX_KeyShare_Parse_ClientHello(const WOLFSSL* ssl, const byte* input, word16 length, TLSX** extensions); +WOLFSSL_LOCAL int TLSX_KeyShare_HandlePqcHybridKeyServer(WOLFSSL* ssl, + KeyShareEntry* keyShareEntry, byte* data, word16 len); #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_LOCAL int TLSX_CKS_Parse(WOLFSSL* ssl, byte* input, word16 length, TLSX** extensions); @@ -3695,7 +3770,10 @@ WOLFSSL_LOCAL int DeriveEarlySecret(WOLFSSL* ssl); WOLFSSL_LOCAL int DeriveHandshakeSecret(WOLFSSL* ssl); -WOLFSSL_LOCAL int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); +#ifdef WOLFSSL_API_PREFIX_MAP + #define DeriveTls13Keys wolfSSL_DeriveTls13Keys +#endif +WOLFSSL_TEST_VIS int DeriveTls13Keys(WOLFSSL* ssl, int secret, int side, int store); WOLFSSL_LOCAL int DeriveMasterSecret(WOLFSSL* ssl); WOLFSSL_LOCAL int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret); WOLFSSL_LOCAL int DeriveResumptionSecret(WOLFSSL* ssl, byte* key); @@ -3806,7 +3884,10 @@ int altPrivateKeyDevId; #endif /* WOLFSSL_DUAL_ALG_CERTS */ #ifdef OPENSSL_ALL - WOLFSSL_EVP_PKEY* privateKeyPKey; + /* note it is the privateKeyPKey pointer that is volatile, not the object it + * points to: + */ + WOLFSSL_EVP_PKEY* volatile privateKeyPKey; #endif WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */ #endif @@ -3911,6 +3992,9 @@ #endif #ifndef NO_RSA short minRsaKeySz; /* minimum RSA key size */ +#ifdef WC_RSA_PSS + word8 useRsaPss; /* cert supports RSA-PSS */ +#endif #endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) short minEccKeySz; /* minimum ECC key size */ @@ -4309,6 +4393,7 @@ dilithium_level5_sa_algo = 16, sm2_sa_algo = 17, any_sa_algo = 18, + ecc_brainpool_sa_algo = 19, invalid_sa_algo = 255 }; @@ -4603,10 +4688,7 @@ #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) WOLFSSL_X509* peer; /* peer cert */ #endif -#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ - defined(HAVE_SESSION_TICKET)) ProtocolVersion version; /* which version was used */ -#endif #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) byte cipherSuite0; /* first byte, normally 0 */ @@ -4802,6 +4884,7 @@ ThreadCrypt encrypt[WOLFSSL_THREADED_CRYPT_CNT]; #endif buffer domainName; /* for client check */ + buffer ipasc; /* for client IP SAN check */ buffer clearOutputBuffer; buffer sig; /* signature data */ buffer digest; /* digest data */ @@ -5078,7 +5161,6 @@ word16 useDtlsCID:1; #endif /* WOLFSSL_DTLS_CID */ #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - word16 useEch:1; word16 echAccepted:1; byte disableECH:1; /* Did the user disable ech */ #endif @@ -5093,6 +5175,7 @@ word16 hrrSentCookie:1; /* HRR sent with cookie */ #endif word16 hrrSentKeyShare:1; /* HRR sent with key share */ + word16 shSentKeyShare:1; /* SH sent with key share */ #endif word16 returnOnGoodCh:1; word16 disableRead:1; @@ -5222,10 +5305,6 @@ #endif #endif -#ifndef MAX_DATE_SZ -#define MAX_DATE_SZ 32 -#endif - typedef enum { STACK_TYPE_X509 = 0, STACK_TYPE_GEN_NAME = 1, @@ -5246,6 +5325,8 @@ STACK_TYPE_X509_CRL = 16, STACK_TYPE_X509_NAME_ENTRY = 17, STACK_TYPE_X509_REQ_ATTR = 18, + STACK_TYPE_GENERAL_SUBTREE = 19, + STACK_TYPE_X509_REVOKED = 20, } WOLF_STACK_TYPE; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -5274,11 +5355,13 @@ void* generic; char* string; WOLFSSL_GENERAL_NAME* gn; + WOLFSSL_GENERAL_SUBTREE* subtree; WOLFSSL_BY_DIR_entry* dir_entry; WOLFSSL_BY_DIR_HASH* dir_hash; WOLFSSL_X509_OBJECT* x509_obj; WOLFSSL_DIST_POINT* dp; WOLFSSL_X509_CRL* crl; + WOLFSSL_X509_REVOKED* revoked; } data; void* heap; /* memory heap hint */ WOLFSSL_STACK* next; @@ -5314,8 +5397,24 @@ #ifdef NO_ASN typedef struct DNS_entry DNS_entry; + #ifndef IGNORE_NAME_CONSTRAINTS + typedef struct Base_entry Base_entry; + #endif #endif +#ifndef WOLFSSL_AIA_ENTRY_DEFINED +#ifndef WOLFSSL_MAX_AIA_ENTRIES + #define WOLFSSL_MAX_AIA_ENTRIES 8 +#endif + +#define WOLFSSL_AIA_ENTRY_DEFINED +typedef struct WOLFSSL_AIA_ENTRY { + word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */ + const byte* uri; /* Pointer into cert DER for the URI. */ + word32 uriSz; /* Length of URI data. */ +} WOLFSSL_AIA_ENTRY; +#endif /* WOLFSSL_AIA_ENTRY_DEFINED */ + struct WOLFSSL_X509 { int version; int serialSz; @@ -5342,6 +5441,11 @@ buffer sig; int sigOID; DNS_entry* altNames; /* alt names list */ +#ifndef IGNORE_NAME_CONSTRAINTS + Base_entry* permittedNames; /* name constraints */ + Base_entry* excludedNames; + byte nameConstraintCrit:1; +#endif buffer pubKey; int pubKeyOID; DNS_entry* altNamesNext; /* hint for retrieval */ @@ -5381,6 +5485,9 @@ byte* authInfoCaIssuer; int authInfoCaIssuerSz; #endif + WOLFSSL_AIA_ENTRY authInfoList[WOLFSSL_MAX_AIA_ENTRIES]; + byte authInfoListSz:7; + byte authInfoListOverflow:1; word32 pathLength; word16 keyUsage; int rawCRLInfoSz; @@ -5440,7 +5547,9 @@ #endif /* WOLFSSL_CERT_REQ || WOLFSSL_CERT_GEN */ WOLFSSL_X509_NAME issuer; WOLFSSL_X509_NAME subject; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_APACHE_HTTPD) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_X509_ALGOR algor; WOLFSSL_X509_PUBKEY key; #endif @@ -5651,9 +5760,47 @@ #define READ_DUP_SIDE 2 typedef struct WriteDup { - wolfSSL_Mutex dupMutex; /* reference count mutex */ + wolfSSL_Mutex dupMutex; /* field access mutex */ int dupCount; /* reference count */ int dupErr; /* under dupMutex, pass to other side */ +#ifdef WOLFSSL_DTLS13 + struct Dtls13RecordNumber* sendAckList; /* ownership transferred */ + /* Key update ACK tracking: write side stores the (epoch, seq) of its + * in-flight KeyUpdate; read side sets keyUpdateAcked when the ACK for + * that exact record arrives. Both epoch and seq are checked to avoid + * false positives from data records in the same epoch. */ + w64wrapper keyUpdateEpoch; /* epoch of the KeyUpdate */ + w64wrapper keyUpdateSeq; /* seq num of the KeyUpdate */ +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + /* Post-handshake certificate request delegation: the read side received + * a CertificateRequest but cannot write; it saves state here and the + * write side sends Certificate+CertificateVerify+Finished. */ + struct HS_Hashes* postHandshakeHashState; /* transcript at CR time */ + struct CertReqCtx* postHandshakeCertReqCtx; /* context from CR */ + byte postHandshakeSendVerify; /* ssl->options.sendVerify */ + byte postHandshakeSigAlgo; /* ssl->options.sigAlgo */ + byte postHandshakeHashAlgo; /* ssl->options.hashAlgo */ +#endif /* WOLFSSL_POST_HANDSHAKE_AUTH */ +#endif /* WOLFSSL_TLS13 */ + + /* Flags */ +#ifdef WOLFSSL_DTLS13 + WC_BITFIELD keyUpdateWaiting:1; /* write side has an unACKed KeyUpdate */ + WC_BITFIELD keyUpdateAcked:1; /* read side confirmed the ACK arrived */ + /* DTLS 1.3: read side cannot write, so it passes ACK work to the + * write side. */ + WC_BITFIELD sendAcks:1; +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_TLS13 + /* TLS 1.3 (and DTLS 1.3): read side received a KeyUpdate(update_requested) + * but cannot send the response; write side handles it. */ + WC_BITFIELD keyUpdateRespond:1; /* write side must send a KeyUpdate response */ +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + WC_BITFIELD postHandshakeAuthPending:1; /* write side must respond */ +#endif /* WOLFSSL_POST_HANDSHAKE_AUTH */ +#endif /* WOLFSSL_TLS13 */ } WriteDup; WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl); @@ -5699,6 +5846,20 @@ DTLS13_EPOCH_TRAFFIC0 = 3 }; +/* 64-bit epoch + 64-bit sequence number */ +#define DTLS13_RN_SIZE (OPAQUE64_LEN + OPAQUE64_LEN) +/* Maximum number of ACK records allowed in an ACK message */ +#ifndef DTLS13_ACK_MAX_RECORDS +#define DTLS13_ACK_MAX_RECORDS 128 +#endif +/* WOLFSSL_MAX_16BIT / DTLS13_RN_SIZE (0xffff / (OPAQUE64_LEN + OPAQUE64_LEN)) + * Literals are used because OPAQUE64_LEN is an enum value, invisible to the + * preprocessor. */ +#if DTLS13_ACK_MAX_RECORDS > 0xffff / 16 +#error "DTLS13_ACK_MAX_RECORDS exceeds the maximum encodable in the word16 length field" +#endif + + typedef struct Dtls13Epoch { w64wrapper epochNumber; @@ -5767,7 +5928,12 @@ Dtls13RtxRecord *rtxRecords; Dtls13RtxRecord **rtxRecordTailPtr; Dtls13RecordNumber *seenRecords; + word16 seenRecordsCount; +#ifdef WOLFSSL_32BIT_MILLI_TIME word32 lastRtx; +#else + sword64 lastRtx; +#endif byte triggeredRtxs; /* Unused? */ byte sendAcks; byte retransmit; @@ -5826,7 +5992,6 @@ HS_Hashes* hsHashes; #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) HS_Hashes* hsHashesEch; - HS_Hashes* hsHashesEchInner; #endif void* IOCB_ReadCtx; void* IOCB_WriteCtx; @@ -5941,6 +6106,9 @@ byte* peerSceTsipEncRsaKeyIndex; #endif byte peerRsaKeyPresent; +#ifdef WC_RSA_PSS + word8 useRsaPss; /* cert supports RSA-PSS */ +#endif #endif #if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE) word16 namedGroup; @@ -6052,6 +6220,9 @@ byte dtls13SendingFragments:1; byte dtls13SendingAckOrRtx; byte dtls13FastTimeout:1; +#ifdef HAVE_WRITE_DUP + byte dtls13KeyUpdateAcked:1; +#endif byte dtls13WaitKeyUpdateAck; byte dtls13DoKeyUpdate; word32 dtls13MessageLength; @@ -6141,10 +6312,11 @@ void* session_ticket_ctx; byte expect_session_ticket; #endif + word16 hrr_keyshare_group; #endif /* HAVE_TLS_EXTENSIONS */ #ifdef HAVE_OCSP void* ocspIOCtx; - byte ocspProducedDate[MAX_DATE_SZ]; + byte ocspProducedDate[MAX_DATE_SIZE]; int ocspProducedDateFormat; buffer ocspCsrResp[1 + MAX_CHAIN_DEPTH]; #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) @@ -6323,6 +6495,17 @@ #if defined(WOLFSSL_SYS_CRYPTO_POLICY) int secLevel; /* The security level of system-wide crypto policy. */ #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) + WC_BITFIELD scr_check_enabled:1; /* enable/disable SCR check */ +#endif +#ifdef HAVE_WRITE_DUP +#ifdef WOLFSSL_TLS13 +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + WC_BITFIELD postHandshakeAuthPending:1; +#endif +#endif +#endif }; #if defined(WOLFSSL_SYS_CRYPTO_POLICY) @@ -6340,12 +6523,20 @@ * for the caller to find so we clear the last error. */ #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_HAVE_ERROR_QUEUE) -#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \ - (err) = wolfSSL_ERR_peek_last_error(); \ - if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM && \ - wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) { \ - wc_RemoveErrorNode(-1); \ - } +#define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) \ +do { \ + (err) = wolfSSL_ERR_peek_last_error(); \ + if (wolfSSL_ERR_GET_LIB(err) == WOLFSSL_ERR_LIB_PEM && \ + wolfSSL_ERR_GET_REASON(err) == -WOLFSSL_PEM_R_NO_START_LINE_E) { \ + unsigned long peekErr; \ + do { \ + wc_RemoveErrorNode(-1); \ + peekErr = wolfSSL_ERR_peek_last_error(); \ + } while (wolfSSL_ERR_GET_LIB(peekErr) == WOLFSSL_ERR_LIB_PEM && \ + wolfSSL_ERR_GET_REASON(peekErr) == \ + -WOLFSSL_PEM_R_NO_START_LINE_E); \ + } \ +} while(0) #else #define CLEAR_ASN_NO_PEM_HEADER_ERROR(err) (void)(err); #endif @@ -6586,7 +6777,10 @@ byte cipherSuite); WOLFSSL_LOCAL int SetTicket(WOLFSSL* ssl, const byte* ticket, word32 length); -WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl, int maxFragment); +WOLFSSL_LOCAL int wolfssl_local_GetRecordSize(WOLFSSL *ssl, int payloadSz, + int isEncrypted); +WOLFSSL_LOCAL int wolfssl_local_GetMaxPlaintextSize(WOLFSSL *ssl); +WOLFSSL_LOCAL int wolfSSL_GetMaxFragSize(WOLFSSL* ssl); #if defined(WOLFSSL_IOTSAFE) && defined(HAVE_PK_CALLBACKS) WOLFSSL_LOCAL IOTSAFE *wolfSSL_get_iotsafe_ctx(WOLFSSL *ssl); @@ -6685,11 +6879,16 @@ DecodedCert* cert); #endif + #ifndef GetCA WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); #endif - #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID) - WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer, + #if defined(WOLFSSL_AKID_NAME) && !defined(WC_SYM_RELOC_TABLES) + /* note WOLFSSL_API_PREFIX_MAPping is in asn.h, and if + * WC_SYM_RELOC_TABLES, the prototype is in the port layer + * (e.g. linuxkm_wc_port.h), to allow shimming. + */ + WOLFSSL_TEST_VIS Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, const byte* serial, word32 serialSz); #endif #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash) @@ -6807,7 +7006,8 @@ WOLFSSL_LOCAL void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out); -#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) +#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || \ + !defined(NO_PSK) || defined(WOLFSSL_DTLS13)) #ifdef WOLFSSL_32BIT_MILLI_TIME WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void); #else @@ -6940,6 +7140,7 @@ #endif WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl); +WOLFSSL_LOCAL void Free_HS_Hashes(HS_Hashes* hsHashes, void* heap); WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl); WOLFSSL_LOCAL int InitHandshakeHashesAndCopy(WOLFSSL* ssl, HS_Hashes* source, HS_Hashes** destination); @@ -7027,6 +7228,7 @@ #define Dtls13CheckEpoch wolfSSL_Dtls13CheckEpoch #define Dtls13WriteAckMessage wolfSSL_Dtls13WriteAckMessage #define Dtls13RtxAddAck wolfSSL_Dtls13RtxAddAck + #define Dtls13DoScheduledWork wolfSSL_Dtls13DoScheduledWork #endif WOLFSSL_TEST_VIS struct Dtls13Epoch* Dtls13GetEpoch(WOLFSSL* ssl, @@ -7039,7 +7241,9 @@ enum encrypt_side side); WOLFSSL_LOCAL int Dtls13GetSeq(WOLFSSL* ssl, int order, word32* seq, byte increment); -WOLFSSL_LOCAL int Dtls13DoScheduledWork(WOLFSSL* ssl); +WOLFSSL_LOCAL void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, + w64wrapper seq); +WOLFSSL_TEST_VIS int Dtls13DoScheduledWork(WOLFSSL* ssl); WOLFSSL_LOCAL int Dtls13DeriveSnKeys(WOLFSSL* ssl, int provision); WOLFSSL_LOCAL int Dtls13SetRecordNumberKeys(WOLFSSL* ssl, enum encrypt_side side); @@ -7080,7 +7284,7 @@ WOLFSSL_LOCAL int Dtls13ReconstructSeqNumber(WOLFSSL* ssl, Dtls13UnifiedHdrInfo* hdrInfo, w64wrapper* out); WOLFSSL_TEST_VIS int Dtls13WriteAckMessage(WOLFSSL* ssl, - Dtls13RecordNumber* recordNumberList, word32* length); + Dtls13RecordNumber* recordNumberList, word16 recordsCount, word32* length); WOLFSSL_LOCAL int SendDtls13Ack(WOLFSSL* ssl); WOLFSSL_TEST_VIS int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq); WOLFSSL_LOCAL int Dtls13RtxProcessingCertificate(WOLFSSL* ssl, byte* input, @@ -7212,6 +7416,8 @@ WOLF_STACK_TYPE type); WOLFSSL_LOCAL void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); +WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type_ex(WOLF_STACK_TYPE type, + void* heap); WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); @@ -7225,6 +7431,8 @@ word32* keySz); #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +WOLFSSL_LOCAL void wolfssl_local_MaybeCheckAlertOnErr(WOLFSSL* ssl, int err); + #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/ocsp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ocsp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/ocsp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ocsp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,8 +74,8 @@ OcspEntry *entry, OcspRequest *ocspRequest, void* heap); -WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, - void* vp); +WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, byte* subjectHash, + byte extExtKeyUsage, byte* issuerHash, void* vp); /* Allocates and initializes a WOLFSSL_OCSP object */ WOLFSSL_API WOLFSSL_OCSP* wc_NewOCSP(WOLFSSL_CERT_MANAGER* cm); @@ -84,6 +84,16 @@ WOLFSSL_API int wc_CheckCertOcspResponse(WOLFSSL_OCSP *ocsp, DecodedCert *cert, byte *response, int responseSz, void* heap); +WOLFSSL_API OcspRequest* wc_OcspRequest_new(void* heap); +WOLFSSL_API void wc_OcspRequest_free(OcspRequest* request); + +WOLFSSL_API int wc_InitOcspRequest(OcspRequest* req, DecodedCert* cert, + byte useNonce, void* heap); +WOLFSSL_API int wc_EncodeOcspRequest(OcspRequest* req, byte* output, + word32 size); + +WOLFSSL_API OcspResponse* wc_OcspResponse_new(void* heap); +WOLFSSL_API void wc_OcspResponse_free(OcspResponse* response); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, @@ -179,6 +189,33 @@ WOLFSSL_OCSP_BASICRESP* bs); #endif /* OPENSSL_EXTRA */ +#ifdef HAVE_OCSP_RESPONDER +/* OCSP Responder API */ +WOLFSSL_API OcspResponder* wc_OcspResponder_new(void* heap, int sendCerts); +WOLFSSL_API void wc_OcspResponder_free(OcspResponder* responder); + +/* Add a cert that this responder can respond for (DER format only) */ +WOLFSSL_API int wc_OcspResponder_AddSigner(OcspResponder* responder, + const byte* signerDer, word32 signerDerSz, + const byte* keyDer, word32 keyDerSz, + const byte* issuerCertDer, word32 issuerCertDerSz); + +/* Add a certificate status for a specific CA */ +WOLFSSL_API int wc_OcspResponder_SetCertStatus(OcspResponder* responder, + const char* caSubject, word32 caSubjectSz, + const byte* serial, word32 serialSz, enum Ocsp_Cert_Status status, + time_t revocationTime, enum WC_CRL_Reason revocationReason, + word32 validityPeriod); + +/* Generate OCSP response for a request */ +WOLFSSL_API int wc_OcspResponder_WriteResponse(OcspResponder* responder, + const byte* request, word32 requestSz, + byte* response, word32* responseSz); +WOLFSSL_API int wc_OcspResponder_WriteErrorResponse( + enum Ocsp_Response_Status status, + byte* response, word32* responseSz); +#endif /* HAVE_OCSP_RESPONDER */ + #ifdef __cplusplus } /* extern "C" */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/aes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/asn1.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/asn1.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/asn1t.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1t.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/asn1t.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/asn1t.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn1t.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bio.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/bn.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/bn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/bn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/buffer.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/buffer.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/buffer.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/buffer.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/camellia.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/camellia.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/camellia.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/camellia.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* camellia.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/cmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/cms.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cms.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/cms.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/cms.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cms.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/compat_types.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/compat_types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/compat_types.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/compat_types.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* compat_types.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/conf.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/conf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/conf.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/conf.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,22 +24,30 @@ #ifndef WOLFSSL_conf_H_ #define WOLFSSL_conf_H_ +#include +#include + #ifdef __cplusplus extern "C" { #endif -#include -#include - typedef struct WOLFSSL_CONF_VALUE { char *section; char *name; char *value; } WOLFSSL_CONF_VALUE; +#ifdef __cplusplus +} /* extern "C" */ +#endif + /* ssl.h requires WOLFSSL_CONF_VALUE */ #include +#ifdef __cplusplus + extern "C" { +#endif + typedef struct WOLFSSL_CONF { void *meth_data; WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *data; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/crypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/des.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/des.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/des.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/des.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/dh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/dsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -379,6 +379,9 @@ WOLFSSL_API int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src); WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_POINT_dup(const WOLFSSL_EC_POINT *src, + const WOLFSSL_EC_GROUP *group); +WOLFSSL_API void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point); WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, @@ -479,6 +482,7 @@ #define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free #define EC_POINT_cmp wolfSSL_EC_POINT_cmp #define EC_POINT_copy wolfSSL_EC_POINT_copy +#define EC_POINT_dup wolfSSL_EC_POINT_dup #define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity #define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ec448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ec448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ec448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ecdh.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ecdh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ecdsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ecdsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ecdsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ed25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ed25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ed448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ed448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ed448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/err.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/err.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/err.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/err.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/evp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/evp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/evp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/evp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -61,6 +61,9 @@ #ifdef WOLFSSL_SM3 #include #endif +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) + #include +#endif #ifdef WOLFSSL_SM4 #include #endif @@ -224,6 +227,12 @@ #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) wc_Shake shake; #endif + #ifdef HAVE_BLAKE2B + Blake2b blake2b; + #endif + #ifdef HAVE_BLAKE2S + Blake2s blake2s; + #endif } WOLFSSL_Hasher; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/fips_rand.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/fips_rand.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/fips_rand.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/fips_rand.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fips_rand.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/hmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/hmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/hmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/hmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/kdf.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/kdf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/kdf.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/kdf.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/lhash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/lhash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/lhash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/lhash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lhash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/md4.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/md4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/md5.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/md5.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/md5.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/modes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/modes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/modes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/modes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* modes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/obj_mac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/obj_mac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/obj_mac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/obj_mac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* obj_mac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,6 +23,9 @@ #ifndef WOLFSSL_OBJ_MAC_H_ #define WOLFSSL_OBJ_MAC_H_ +/* include SN_xxx definitions from asn.h */ +#include + #ifdef __cplusplus extern "C" { #endif @@ -82,8 +85,6 @@ #endif /* !OPENSSL_COEXIST */ -/* the definition is for Qt Unit test */ -#define SN_jurisdictionCountryName "jurisdictionC" #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/objects.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/objects.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/objects.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/objects.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ocsp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ocsp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ocsp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ocsp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/opensslv.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,6 +40,9 @@ #elif defined(OPENSSL_VERSION_NUMBER) /* unrecognized version, but continue. */ #define WOLFSSL_OPENSSL_VERSION_NUMBER_UNRECOGNIZED +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) + /* For Qt and Python 3.8.5 compatibility */ + #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(HAVE_MOSQUITTO) #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ @@ -48,9 +51,6 @@ defined(WOLFSSL_OPENSSH) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100003L -#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) - /* For Qt and Python 3.8.5 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG) #define OPENSSL_VERSION_NUMBER 0x1010000fL #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ossl_typ.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ossl_typ.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ossl_typ.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ossl_typ.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ossl_typ.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pem.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pem.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs12.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs12.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs12.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs12.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs7.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rand.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rand.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rand.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rand.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rc4.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rc4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rc4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rc4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ripemd.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ripemd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ripemd.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ripemd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/safestack.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/safestack.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/safestack.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/safestack.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* safestack.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/sha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/sha3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/srp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/srp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/srp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/srp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/ssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -346,6 +346,8 @@ #define SSL_new wolfSSL_new #define SSL_set_fd wolfSSL_set_fd #define SSL_get_fd wolfSSL_get_fd +#define SSL_get_rfd wolfSSL_get_fd +#define SSL_get_wfd wolfSSL_get_wfd #define SSL_connect wolfSSL_connect #define SSL_clear wolfSSL_clear #define SSL_state wolfSSL_state @@ -574,6 +576,21 @@ #define X509_set1_notBefore wolfSSL_X509_set1_notBefore #define X509_set_serialNumber wolfSSL_X509_set_serialNumber #define X509_set_version wolfSSL_X509_set_version +#ifdef WOLFSSL_CERT_EXT +#define X509_set_subject_key_id wolfSSL_X509_set_subject_key_id +#ifndef NO_SHA +#define X509_set_subject_key_id_ex wolfSSL_X509_set_subject_key_id_ex +#endif +#define X509_set_authority_key_id wolfSSL_X509_set_authority_key_id +#ifndef NO_SHA +#define X509_set_authority_key_id_ex wolfSSL_X509_set_authority_key_id_ex +#endif +#define X509_CRL_set_dist_points wolfSSL_X509_CRL_set_dist_points +#define X509_CRL_add_dist_point wolfSSL_X509_CRL_add_dist_point +#endif +#ifndef IGNORE_NETSCAPE_CERT_TYPE +#define X509_set_ns_cert_type wolfSSL_X509_set_ns_cert_type +#endif #define X509_REQ_set_version wolfSSL_X509_REQ_set_version #define X509_REQ_get_version wolfSSL_X509_REQ_get_version #define X509_sign wolfSSL_X509_sign @@ -615,16 +632,18 @@ #define sk_X509_push wolfSSL_sk_X509_push #define sk_X509_pop wolfSSL_sk_X509_pop #define sk_X509_pop_free wolfSSL_sk_X509_pop_free -#define sk_X509_dup wolfSSL_sk_dup +#define sk_X509_dup wolfSSL_shallow_sk_dup #define sk_X509_free wolfSSL_sk_X509_free #define X509_chain_up_ref wolfSSL_X509_chain_up_ref #define sk_X509_CRL_new wolfSSL_sk_X509_CRL_new +#define sk_X509_CRL_new_null wolfSSL_sk_X509_CRL_new_null #define sk_X509_CRL_pop_free wolfSSL_sk_X509_CRL_pop_free #define sk_X509_CRL_free wolfSSL_sk_X509_CRL_free #define sk_X509_CRL_push wolfSSL_sk_X509_CRL_push #define sk_X509_CRL_value wolfSSL_sk_X509_CRL_value #define sk_X509_CRL_num wolfSSL_sk_X509_CRL_num +#define sk_X509_CRL_dup wolfSSL_shallow_sk_dup #define sk_X509_OBJECT_new wolfSSL_sk_X509_OBJECT_new #define sk_X509_OBJECT_free wolfSSL_sk_X509_OBJECT_free @@ -802,10 +821,14 @@ #define d2i_X509_CRL wolfSSL_d2i_X509_CRL #define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp +#define i2d_X509_CRL wolfSSL_i2d_X509_CRL #define PEM_read_X509_CRL wolfSSL_PEM_read_X509_CRL +#define X509_CRL_new wolfSSL_X509_CRL_new #define X509_CRL_dup wolfSSL_X509_CRL_dup +#define X509_CRL_up_ref wolfSSL_X509_CRL_up_ref #define X509_CRL_free wolfSSL_X509_CRL_free +#define X509_CRL_sign wolfSSL_X509_CRL_sign #define X509_CRL_get_lastUpdate wolfSSL_X509_CRL_get_lastUpdate #define X509_CRL_get0_lastUpdate wolfSSL_X509_CRL_get_lastUpdate #define X509_CRL_get_nextUpdate wolfSSL_X509_CRL_get_nextUpdate @@ -813,8 +836,15 @@ #define X509_CRL_verify wolfSSL_X509_CRL_verify #define X509_CRL_get_REVOKED wolfSSL_X509_CRL_get_REVOKED #define X509_CRL_get_issuer wolfSSL_X509_CRL_get_issuer_name -#define X509_CRL_get_signature_nid wolfSSL_X509_CRL_get_signature_nid #define X509_CRL_get_version wolfSSL_X509_CRL_version +#define X509_CRL_set_lastUpdate wolfSSL_X509_CRL_set_lastUpdate +#define X509_CRL_set1_lastUpdate wolfSSL_X509_CRL_set_lastUpdate +#define X509_CRL_set_nextUpdate wolfSSL_X509_CRL_set_nextUpdate +#define X509_CRL_set1_nextUpdate wolfSSL_X509_CRL_set_nextUpdate +#define X509_CRL_set_issuer_name wolfSSL_X509_CRL_set_issuer_name +#define X509_CRL_set_version wolfSSL_X509_CRL_set_version +#define X509_CRL_get0_signature wolfSSL_X509_CRL_get_signature +#define X509_CRL_get_signature_nid wolfSSL_X509_CRL_get_signature_nid #define X509_load_crl_file wolfSSL_X509_load_crl_file #define X509_ACERT_new wolfSSL_X509_ACERT_new @@ -852,6 +882,9 @@ #define X509_REVOKED_get0_serialNumber wolfSSL_X509_REVOKED_get0_serial_number #define X509_REVOKED_get0_revocationDate wolfSSL_X509_REVOKED_get0_revocation_date +#define X509_REVOKED_free wolfSSL_X509_REVOKED_free +#define X509_REVOKED_get_ext_count wolfSSL_X509_REVOKED_get_ext_count +#define X509_REVOKED_get_ext wolfSSL_X509_REVOKED_get_ext #define X509_check_purpose(x, id, ca) 0 @@ -868,7 +901,6 @@ #define BIO_nread0 wolfSSL_BIO_nread0 #define BIO_nread wolfSSL_BIO_nread #define BIO_read wolfSSL_BIO_read -#define BIO_nwrite0 wolfSSL_BIO_nwrite0 #define BIO_nwrite wolfSSL_BIO_nwrite #define BIO_write wolfSSL_BIO_write #define BIO_push wolfSSL_BIO_push @@ -990,8 +1022,27 @@ #define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp #define ASN1_STRING_data wolfSSL_ASN1_STRING_data +/* In OpenSSL, ASN1_INTEGER is a typedef alias of ASN1_STRING (same struct), + * so ASN1_STRING_length/get0_data work on ASN1_INTEGER* as well. + * In wolfSSL they are distinct structs, so dispatch by type using _Generic. */ +#if !defined(__cplusplus) && defined(__STDC_VERSION__) && \ + __STDC_VERSION__ >= 201112L +#define ASN1_STRING_length(x) \ + _Generic((x), \ + WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get_length, \ + const WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get_length, \ + default: wolfSSL_ASN1_STRING_length \ + )(x) +#define ASN1_STRING_get0_data(x) \ + _Generic((x), \ + WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get0_data, \ + const WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get0_data, \ + default: wolfSSL_ASN1_STRING_get0_data \ + )(x) +#else #define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data #define ASN1_STRING_length wolfSSL_ASN1_STRING_length +#endif #define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8 #define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string #define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex @@ -1307,11 +1358,13 @@ #define SSL_SESSION_get_id wolfSSL_SESSION_get_id #define SSL_get_cipher_bits(s,np) \ wolfSSL_CIPHER_get_bits(SSL_get_current_cipher(s),np) +#define SSL_get_cipher_version(s) \ + wolfSSL_CIPHER_get_version(SSL_get_current_cipher(s)) #define sk_SSL_CIPHER_num wolfSSL_sk_SSL_CIPHER_num #define sk_SSL_COMP_zero wolfSSL_sk_SSL_COMP_zero #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ -#define sk_SSL_CIPHER_dup wolfSSL_sk_dup +#define sk_SSL_CIPHER_dup wolfSSL_shallow_sk_dup #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/stack.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/stack.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/stack.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/stack.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/tls1.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/tls1.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/tls1.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/tls1.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls1.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/txt_db.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/txt_db.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/txt_db.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/txt_db.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* txt_db.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* x509.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -68,9 +68,6 @@ #define WOLFSSL_XN_FLAG_MULTILINE 0xFFFF #define WOLFSSL_XN_FLAG_ONELINE (WOLFSSL_XN_FLAG_SEP_CPLUS_SPC | WOLFSSL_XN_FLAG_SPC_EQ | WOLFSSL_XN_FLAG_FN_SN) -#define WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED 12 -#define WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL 3 - #ifndef OPENSSL_COEXIST /* wolfSSL_X509_print_ex flags */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509_vfy.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509_vfy.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509_vfy.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509_vfy.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* x509_vfy.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509v3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509v3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/openssl/x509v3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/openssl/x509v3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -98,6 +98,24 @@ #define WOLFSSL_GEN_RID 8 #define WOLFSSL_GEN_IA5 9 +/* CRL reason codes per RFC 5280 section 5.3.1 */ +#ifndef CRL_REASON_UNSPECIFIED +#ifndef CRL_REASON_NONE +#define CRL_REASON_NONE (-1) +#endif +#define CRL_REASON_UNSPECIFIED 0 +#define CRL_REASON_KEY_COMPROMISE 1 +#define CRL_REASON_CA_COMPROMISE 2 +#define CRL_REASON_AFFILIATION_CHANGED 3 +#define CRL_REASON_SUPERSEDED 4 +#define CRL_REASON_CESSATION_OF_OPERATION 5 +#define CRL_REASON_CERTIFICATE_HOLD 6 +/* value 7 is not used */ +#define CRL_REASON_REMOVE_FROM_CRL 8 +#define CRL_REASON_PRIVILEGE_WITHDRAWN 9 +#define CRL_REASON_AA_COMPROMISE 10 +#endif + typedef WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION) WOLFSSL_AUTHORITY_INFO_ACCESS; WOLFSSL_API WOLFSSL_BASIC_CONSTRAINTS* wolfSSL_BASIC_CONSTRAINTS_new(void); @@ -199,8 +217,16 @@ typedef struct WOLFSSL_AUTHORITY_KEYID AUTHORITY_KEYID; typedef struct WOLFSSL_BASIC_CONSTRAINTS BASIC_CONSTRAINTS; typedef struct WOLFSSL_ACCESS_DESCRIPTION ACCESS_DESCRIPTION; +typedef struct WOLFSSL_GENERAL_SUBTREE GENERAL_SUBTREE; +typedef struct WOLFSSL_NAME_CONSTRAINTS NAME_CONSTRAINTS; #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free +#define NAME_CONSTRAINTS_new wolfSSL_NAME_CONSTRAINTS_new +#define NAME_CONSTRAINTS_free wolfSSL_NAME_CONSTRAINTS_free +#define GENERAL_SUBTREE_new wolfSSL_GENERAL_SUBTREE_new +#define GENERAL_SUBTREE_free wolfSSL_GENERAL_SUBTREE_free +#define sk_GENERAL_SUBTREE_num wolfSSL_sk_GENERAL_SUBTREE_num +#define sk_GENERAL_SUBTREE_value wolfSSL_sk_GENERAL_SUBTREE_value #define AUTHORITY_KEYID_free wolfSSL_AUTHORITY_KEYID_free #define SSL_CTX_get_cert_store(x) wolfSSL_CTX_get_cert_store ((x)) #define ASN1_INTEGER WOLFSSL_ASN1_INTEGER diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/options.h.in mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/options.h.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/options.h.in 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/options.h.in 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* options.h.in * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/quic.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/quic.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/quic.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/quic.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* quic.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/sniffer.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/sniffer.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/sniffer_error.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer_error.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/sniffer_error.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/sniffer_error.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/ssl.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ssl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/ssl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/ssl.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -270,6 +270,10 @@ /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED +#ifdef __cplusplus + } /* extern "C" */ +#endif + #include /* The WOLFSSL_RSA type is required in all build configurations. */ @@ -277,6 +281,10 @@ #include #endif +#ifdef __cplusplus + extern "C" { +#endif + #ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */ typedef struct WC_RNG WC_RNG; #define WC_RNG_TYPE_DEFINED @@ -335,6 +343,8 @@ typedef struct WOLFSSL_ACCESS_DESCRIPTION WOLFSSL_ACCESS_DESCRIPTION; typedef struct WOLFSSL_DIST_POINT_NAME WOLFSSL_DIST_POINT_NAME; typedef struct WOLFSSL_DIST_POINT WOLFSSL_DIST_POINT; +typedef struct WOLFSSL_GENERAL_SUBTREE WOLFSSL_GENERAL_SUBTREE; +typedef struct WOLFSSL_NAME_CONSTRAINTS WOLFSSL_NAME_CONSTRAINTS; typedef struct WOLFSSL_CONF_CTX WOLFSSL_CONF_CTX; @@ -475,6 +485,16 @@ } d; /* dereference */ }; +/* GeneralSubtree for Name Constraints extension (RFC 5280) */ +struct WOLFSSL_GENERAL_SUBTREE { + WOLFSSL_GENERAL_NAME* base; +}; + +struct WOLFSSL_NAME_CONSTRAINTS { + WOLF_STACK_OF(WOLFSSL_GENERAL_SUBTREE)* permittedSubtrees; + WOLF_STACK_OF(WOLFSSL_GENERAL_SUBTREE)* excludedSubtrees; +}; + struct WOLFSSL_DIST_POINT_NAME { int type; @@ -865,7 +885,14 @@ #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ typedef struct WOLFSSL_X509_REVOKED { - WOLFSSL_ASN1_INTEGER* serialNumber; /* stunnel dereference */ + WOLFSSL_ASN1_INTEGER* serialNumber; /* certificate serial number */ + WOLFSSL_ASN1_TIME* revocationDate; /* revocation date */ + WOLFSSL_STACK* extensions; /* STACK_OF(X509_EXTENSION) */ + WOLFSSL_STACK* issuer; /* STACK_OF(GENERAL_NAME) for + * indirect CRL (currently NULL) */ + int reason; /* CRL reason code, -1 if absent */ + int sequence; /* tracks original order of entries + * in the CRL for iteration */ } WOLFSSL_X509_REVOKED; typedef enum { @@ -1203,8 +1230,8 @@ WOLFSSL_API void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable); -WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64, - word32 echConfigs64Len); +WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, + const char* echConfigs64, word32 echConfigs64Len); WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, word32 echConfigsLen); @@ -1897,6 +1924,8 @@ #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); +WOLFSSL_API int wolfSSL_sk_push_back_node(WOLFSSL_STACK** stack, + WOLFSSL_STACK* in); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* sk); @@ -1927,6 +1956,7 @@ WOLFSSL_API void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new(void); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_X509_CRL_new_null(void); WOLFSSL_API void wolfSSL_sk_X509_CRL_pop_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk, void (*f) (WOLFSSL_X509_CRL*)); WOLFSSL_API void wolfSSL_sk_X509_CRL_free(WOLF_STACK_OF(WOLFSSL_X509_CRL)* sk); @@ -1964,6 +1994,18 @@ WOLFSSL_GENERAL_NAME* name); WOLFSSL_API void wolfSSL_EXTENDED_KEY_USAGE_free(WOLFSSL_STACK * sk); +#if !defined(IGNORE_NAME_CONSTRAINTS) +WOLFSSL_API WOLFSSL_NAME_CONSTRAINTS* wolfSSL_NAME_CONSTRAINTS_new(void); +WOLFSSL_API void wolfSSL_NAME_CONSTRAINTS_free(WOLFSSL_NAME_CONSTRAINTS* nc); +WOLFSSL_API int wolfSSL_NAME_CONSTRAINTS_check_name( + WOLFSSL_NAME_CONSTRAINTS* nc, int type, const char* name, int nameSz); +WOLFSSL_API WOLFSSL_GENERAL_SUBTREE* wolfSSL_GENERAL_SUBTREE_new(void); +WOLFSSL_API void wolfSSL_GENERAL_SUBTREE_free(WOLFSSL_GENERAL_SUBTREE* subtree); +WOLFSSL_API int wolfSSL_sk_GENERAL_SUBTREE_num(const WOLFSSL_STACK* sk); +WOLFSSL_API WOLFSSL_GENERAL_SUBTREE* wolfSSL_sk_GENERAL_SUBTREE_value( + const WOLFSSL_STACK* sk, int idx); +#endif /* !IGNORE_NAME_CONSTRAINTS */ + WOLFSSL_API WOLFSSL_DIST_POINT* wolfSSL_DIST_POINT_new(void); WOLFSSL_API void wolfSSL_DIST_POINT_free(WOLFSSL_DIST_POINT* dp); WOLFSSL_API int wolfSSL_sk_DIST_POINT_push(WOLFSSL_DIST_POINTS* sk, @@ -2158,12 +2200,6 @@ #endif WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); -#ifdef WOLFSSL_HAVE_BIO_ADDR -WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void); -WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr); -WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr); -#endif /* WOLFSSL_HAVE_BIO_ADDR */ - #endif /* !NO_BIO */ WOLFSSL_API void wolfSSL_RAND_screen(void); @@ -2276,6 +2312,24 @@ WOLFSSL_API int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s); WOLFSSL_API int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef WOLFSSL_CERT_EXT +WOLFSSL_API int wolfSSL_X509_set_subject_key_id(WOLFSSL_X509* x509, + const unsigned char* skid, int skidSz); +#ifndef NO_SHA +WOLFSSL_API int wolfSSL_X509_set_subject_key_id_ex(WOLFSSL_X509* x509); +#endif +WOLFSSL_API int wolfSSL_X509_set_authority_key_id(WOLFSSL_X509* x509, + const unsigned char* akid, int akidSz); +#ifndef NO_SHA +WOLFSSL_API int wolfSSL_X509_set_authority_key_id_ex(WOLFSSL_X509* x509, + WOLFSSL_X509* issuer); +#endif +#endif /* WOLFSSL_CERT_EXT */ +#ifndef IGNORE_NETSCAPE_CERT_TYPE +WOLFSSL_API int wolfSSL_X509_set_ns_cert_type(WOLFSSL_X509* x509, int nsCertType); +#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ WOLFSSL_API int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_MD* md); WOLFSSL_API int wolfSSL_X509_sign_ctx(WOLFSSL_X509 *x509, WOLFSSL_EVP_MD_CTX *ctx); @@ -2302,6 +2356,9 @@ WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data( const WOLFSSL_ASN1_STRING* asn); WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn); +WOLFSSL_API int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai); +WOLFSSL_API const unsigned char* wolfSSL_ASN1_INTEGER_get0_data( + const WOLFSSL_ASN1_INTEGER* ai); WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, const WOLFSSL_ASN1_STRING* src); WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx); @@ -2345,8 +2402,11 @@ WOLF_STACK_OF(WOLFSSL_X509) *sk); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_set_lastUpdate(WOLFSSL_X509_CRL* crl, + const WOLFSSL_ASN1_TIME* time); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl); - +WOLFSSL_API int wolfSSL_X509_CRL_set_nextUpdate(WOLFSSL_X509_CRL* crl, + const WOLFSSL_ASN1_TIME* time); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* pkey); WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj); @@ -2394,7 +2454,7 @@ long offset_sec, time_t *in_tm); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME* s, long adj); -WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked); +WOLFSSL_API int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, unsigned long flags, time_t t); @@ -2426,9 +2486,9 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); #endif -WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl); +WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl); WOLFSSL_API WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( - WOLFSSL_X509_REVOKED* revoked,int value); + WOLFSSL_STACK* sk, int idx); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509); WOLFSSL_API void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in); WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void); @@ -2612,9 +2672,11 @@ */ enum { WOLFSSL_X509_V_OK = 0, + WOLFSSL_X509_V_ERR_UNABLE_TO_GET_CRL = 3, WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE = 7, WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID = 9, WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED = 10, + WOLFSSL_X509_V_ERR_CRL_HAS_EXPIRED = 12, WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD = 13, WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD = 14, WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT = 18, @@ -2626,6 +2688,9 @@ WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED = 25, WOLFSSL_X509_V_ERR_CERT_REJECTED = 28, WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH = 29, + WOLFSSL_X509_V_ERR_HOSTNAME_MISMATCH = 62, + WOLFSSL_X509_V_ERR_IP_ADDRESS_MISMATCH = 64, + WC_OSSL_V509_V_ERR_MAX = 65, #ifdef HAVE_OCSP /* OCSP Flags */ @@ -3015,6 +3080,14 @@ WOLFSSL_SHUTDOWN_NOT_DONE = 2, #endif + #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ + (defined(BUILDING_WOLFSSL) || \ + defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) + #define WOLFSSL_SHUTDOWN_NOT_DONE \ + WC_ERR_TRACE(WOLFSSL_SHUTDOWN_NOT_DONE) + #define CONST_NUM_ERR_WOLFSSL_SHUTDOWN_NOT_DONE 0 + #endif + WOLFSSL_FILETYPE_ASN1 = CTC_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM = CTC_FILETYPE_PEM, WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */ @@ -3296,6 +3369,9 @@ /* call before SSL_connect, if verifying will add name check to date check and signature check */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +/* call before SSL_connect, if verifying will add IP address check to + date check and signature check */ +WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_ip_address(WOLFSSL* ssl, const char* ipaddr); /* need to call once to load library (session cache) */ @@ -3438,22 +3514,54 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, WOLFSSL_X509_CRL **crl); WOLFSSL_API int wolfSSL_X509_CRL_version(WOLFSSL_X509_CRL *crl); +WOLFSSL_API int wolfSSL_X509_CRL_set_version(WOLFSSL_X509_CRL* crl, + long version); WOLFSSL_API int wolfSSL_X509_CRL_get_signature_type(WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_set_signature_type(WOLFSSL_X509_CRL* crl, + int signatureType); WOLFSSL_API int wolfSSL_X509_CRL_get_signature_nid( const WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_set_signature_nid(WOLFSSL_X509_CRL* crl, + int nid); WOLFSSL_API int wolfSSL_X509_CRL_get_signature(WOLFSSL_X509_CRL* crl, unsigned char* buf, int* bufSz); +WOLFSSL_API int wolfSSL_X509_CRL_set_signature(WOLFSSL_X509_CRL* crl, + unsigned char* buf, int bufSz); WOLFSSL_API int wolfSSL_X509_CRL_print(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_CRL_get_issuer_name( - WOLFSSL_X509_CRL *crl); + const WOLFSSL_X509_CRL *crl); +WOLFSSL_API int wolfSSL_X509_CRL_set_issuer_name(WOLFSSL_X509_CRL* crl, + const WOLFSSL_X509_NAME* name); WOLFSSL_API int wolfSSL_X509_REVOKED_get_serial_number(RevokedCert* rev, byte* in, int* inOutSz); #endif #if defined(HAVE_CRL) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl); +WOLFSSL_API int wolfSSL_X509_CRL_up_ref(WOLFSSL_X509_CRL* crl); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif +#if defined(HAVE_CRL) && defined(OPENSSL_EXTRA) +WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_new(void); +#ifdef WOLFSSL_CERT_GEN +WOLFSSL_API int wolfSSL_X509_CRL_add_revoked(WOLFSSL_X509_CRL* crl, + WOLFSSL_X509_REVOKED* revoked); +WOLFSSL_API int wolfSSL_X509_CRL_add_revoked_cert(WOLFSSL_X509_CRL* crl, + const unsigned char* certBuf, int certSz); +WOLFSSL_API int wolfSSL_X509_CRL_sign(WOLFSSL_X509_CRL* crl, + WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_MD* md); +#endif /* WOLFSSL_CERT_GEN */ +WOLFSSL_API int wolfSSL_i2d_X509_CRL(WOLFSSL_X509_CRL* crl, + unsigned char** out); +#endif /* HAVE_CRL && OPENSSL_EXTRA */ +#if defined(WOLFSSL_CERT_EXT) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_API int wolfSSL_X509_CRL_set_dist_points(WOLFSSL_X509* x509, + const unsigned char* der, int derSz); +WOLFSSL_API int wolfSSL_X509_CRL_add_dist_point(WOLFSSL_X509* x509, + const char* uri, int critical); +#endif /* WOLFSSL_CERT_EXT && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ #if defined(WOLFSSL_ACERT) && \ (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) @@ -3501,6 +3609,11 @@ WOLFSSL_API const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const WOLFSSL_X509_REVOKED *rev); +WOLFSSL_API void wolfSSL_X509_REVOKED_free(WOLFSSL_X509_REVOKED* rev); +WOLFSSL_API int wolfSSL_X509_REVOKED_get_ext_count( + const WOLFSSL_X509_REVOKED* rev); +WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_REVOKED_get_ext( + const WOLFSSL_X509_REVOKED* rev, int loc); #ifndef NO_FILESYSTEM #ifndef NO_STDIO_FILESYSTEM @@ -3795,7 +3908,7 @@ #ifdef HAVE_CRL_UPDATE_CB typedef struct CrlInfo { - byte crlNumber[CRL_MAX_NUM_SZ]; + char crlNumber[CRL_MAX_NUM_HEX_STR_SZ]; byte *issuerHash; word32 issuerHashLen; byte *lastDate; @@ -4616,6 +4729,9 @@ WOLFSSL_ECC_BRAINPOOLP512R1 = 28, WOLFSSL_ECC_X25519 = 29, WOLFSSL_ECC_X448 = 30, + WOLFSSL_ECC_BRAINPOOLP256R1TLS13 = 31, + WOLFSSL_ECC_BRAINPOOLP384R1TLS13 = 32, + WOLFSSL_ECC_BRAINPOOLP512R1TLS13 = 33, WOLFSSL_ECC_SM2P256V1 = 41, WOLFSSL_ECC_MAX = 41, WOLFSSL_ECC_MAX_AVAIL = 46, @@ -4650,16 +4766,15 @@ WOLFSSL_P256_KYBER_LEVEL3 = 25498, #endif /* WOLFSSL_MLKEM_KYBER */ #ifndef WOLFSSL_NO_ML_KEM - /* Taken from draft-connolly-tls-mlkem-key-agreement, see: - * https://github.com/dconnolly/draft-connolly-tls-mlkem-key-agreement/ + /* Taken from draft-ietf-tls-mlkem, see: + * https://datatracker.ietf.org/doc/draft-ietf-tls-mlkem/ */ WOLFSSL_ML_KEM_512 = 512, WOLFSSL_ML_KEM_768 = 513, WOLFSSL_ML_KEM_1024 = 514, - /* Taken from draft-kwiatkowski-tls-ecdhe-mlkem. see: - * https://github.com/post-quantum-cryptography/ - * draft-kwiatkowski-tls-ecdhe-mlkem/ + /* Taken from draft-ietf-tls-ecdhe-mlkem. see: + * https://datatracker.ietf.org/doc/draft-ietf-tls-ecdhe-mlkem/ */ WOLFSSL_SECP256R1MLKEM768 = 4587, WOLFSSL_X25519MLKEM768 = 4588, @@ -4726,6 +4841,12 @@ #endif WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); +#if !defined(NO_WOLFSSL_CLIENT) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_HARDEN_TLS_NO_SCR_CHECK) +WOLFSSL_API int wolfSSL_get_scr_check_enabled(const WOLFSSL* ssl); +WOLFSSL_API int wolfSSL_set_scr_check_enabled(WOLFSSL* ssl, byte enabled); +#endif + #endif #if defined(HAVE_SELFTEST) && \ @@ -5015,8 +5136,10 @@ #ifndef wolfSSL_X509_NAME_new_ex WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap); #endif -WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); -WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup( + const WOLFSSL_X509_NAME* name); +WOLFSSL_API int wolfSSL_X509_NAME_copy(const WOLFSSL_X509_NAME* from, + WOLFSSL_X509_NAME* to); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); #endif /* !NO_CERTS */ #endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -5191,6 +5314,8 @@ #ifndef NO_FILESYSTEM WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API int wolfSSL_write_X509_CRL(WOLFSSL_X509_CRL* crl, + const char* path, int type); #endif WOLFSSL_API int wolfSSL_PEM_get_EVP_CIPHER_INFO(const char* header, EncryptedInfo* cipher); @@ -5216,7 +5341,8 @@ WOLFSSL* ssl; }; -WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NAME *name, int loc); +WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( + const WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API int wolfSSL_X509_NAME_ENTRY_set(const WOLFSSL_X509_NAME_ENTRY *ne); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -5452,7 +5578,8 @@ WOLFSSL_CONF_VALUE* val); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || HAVE_LIGHTY */ -#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +#if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void); WOLFSSL_API void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* str); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr( @@ -5465,7 +5592,8 @@ unsigned char** pp); WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING( WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len); -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ +#endif /* !NO_ASN && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || + WOLFSSL_WPAS_SMALL) */ WOLFSSL_API int wolfSSL_version(WOLFSSL* ssl); @@ -5758,6 +5886,11 @@ WOLFSSL_API void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x); +WOLFSSL_API int wolfSSL_X509_get_aia_overflow(WOLFSSL_X509 *x); +#ifdef WOLFSSL_ASN_CA_ISSUER +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ca_issuers( + WOLFSSL_X509 *x); +#endif /* WOLFSSL_ASN_CA_ISSUER */ WOLFSSL_API int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/test.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/test.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/test.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/test.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* test.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,9 +31,6 @@ #include #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ -#if defined(OPENSSL_EXTRA) && defined(OPENSSL_COEXIST) - #error "Example apps built with OPENSSL_EXTRA can't also be built with OPENSSL_COEXIST." -#endif #include @@ -188,7 +185,15 @@ #include #define SOCKET_T int #elif defined(WOLFSSL_ZEPHYR) - #include + #ifdef __has_include + #if __has_include() + #include + #else + #include + #endif + #else + #include + #endif #include #include #if KERNEL_VERSION_NUMBER >= 0x30100 @@ -209,9 +214,10 @@ #endif #endif #define SOCKET_T int - #define SOL_SOCKET 1 #define WOLFSSL_USE_GETADDRINFO + #if !defined(CONFIG_POSIX_API) + #define SOL_SOCKET 1 static unsigned long inet_addr(const char *cp) { unsigned int a[4]; unsigned long ret; @@ -227,6 +233,7 @@ ret = ((a[3]<<24) + (a[2]<<16) + (a[1]<<8) + a[0]) ; return(ret) ; } + #endif #elif defined(NETOS) #include #include @@ -1226,7 +1233,7 @@ XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); -#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) +#if defined(SHOW_CERTS) && defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST) { WOLFSSL_BIO* bio; char buf[WC_ASN_NAME_MAX]; @@ -1247,7 +1254,7 @@ wolfSSL_BIO_free(bio); } } -#endif /* SHOW_CERTS && OPENSSL_EXTRA */ +#endif /* SHOW_CERTS && OPENSSL_EXTRA && !OPENSSL_COEXIST */ } /* original ShowX509 to maintain compatibility */ static WC_INLINE void ShowX509(WOLFSSL_X509* x509, const char* hdr) @@ -1296,7 +1303,8 @@ #ifndef NO_DH int bits; #endif -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(OPENSSL_COEXIST) int nid; #endif #ifdef KEEP_PEER_CERT @@ -1316,7 +1324,8 @@ cipher = wolfSSL_get_current_cipher(ssl); printf("%s %s\n", words[1], wolfSSL_CIPHER_get_name(cipher)); -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(OPENSSL_COEXIST) if (wolfSSL_get_signature_nid(ssl, &nid) == WOLFSSL_SUCCESS) { printf("%s %s\n", words[2], OBJ_nid2sn(nid)); } @@ -2334,7 +2343,7 @@ LIBCALL_CHECK_RET(XFSEEK(lFile, 0, XSEEK_SET)); if (fileSz > 0) { *bufLen = (size_t)fileSz; - *buf = (byte*)malloc(*bufLen); + *buf = (byte*)XMALLOC(*bufLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (*buf == NULL) { ret = MEMORY_E; fprintf(stderr, @@ -2399,7 +2408,7 @@ } if (buff) - free(buff); + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); } static WC_INLINE void load_ssl_buffer(WOLFSSL* ssl, const char* fname, int type) @@ -2441,7 +2450,7 @@ } if (buff) - free(buff); + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #ifdef TEST_PK_PRIVKEY @@ -2457,18 +2466,18 @@ *derBuf = (byte*)malloc(bufLen); if (*derBuf == NULL) { - free(buf); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } ret = wc_KeyPemToDer(buf, (word32)bufLen, *derBuf, (word32)bufLen, NULL); if (ret < 0) { - free(buf); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); free(*derBuf); return ret; } *derLen = ret; - free(buf); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 0; } @@ -2499,10 +2508,11 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_X509* peer; #endif -#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(OPENSSL_COEXIST) WOLFSSL_BIO* bio = NULL; WOLFSSL_STACK* sk = NULL; - X509* x509 = NULL; + WOLFSSL_X509* x509 = NULL; #endif /* Verify Callback Arguments: @@ -2550,7 +2560,8 @@ XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(issuer, 0, DYNAMIC_TYPE_OPENSSL); -#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(SHOW_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(OPENSSL_COEXIST) /* avoid printing duplicate certs */ if (store->depth == 1) { int i; @@ -2830,7 +2841,7 @@ ret = wc_HmacFinal(&hmac, macOut); if (ret != 0) return ret; - + wc_HmacFree(&hmac); /* encrypt setup on first time */ if (encCtx->keySetup == 0) { @@ -2959,6 +2970,7 @@ ret = wc_HmacFinal(&hmac, verify); if (ret != 0) return ret; + wc_HmacFree(&hmac); if (XMEMCMP(verify, decOut + decSz - digestSz - pad - padByte, (size_t) digestSz) != 0) { @@ -3041,7 +3053,9 @@ ret = wc_HmacUpdate(&hmac, encOut, encSz); if (ret != 0) return ret; - return wc_HmacFinal(&hmac, macOut); + ret = wc_HmacFinal(&hmac, macOut); + wc_HmacFree(&hmac); + return ret; } @@ -3088,6 +3102,7 @@ ret = wc_HmacFinal(&hmac, verify); if (ret != 0) return ret; + wc_HmacFree(&hmac); if (XMEMCMP(verify, decOut + decSz, (size_t) digestSz) != 0) { printf("myDecryptVerify verify failed\n"); @@ -4865,7 +4880,7 @@ static WC_INLINE void EarlyDataStatus(WOLFSSL* ssl) { int earlyData_status; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_COEXIST) earlyData_status = SSL_get_early_data_status(ssl); #else earlyData_status = wolfSSL_get_early_data_status(ssl); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/version.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/version.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.8.4" -#define LIBWOLFSSL_VERSION_HEX 0x05008004 +#define LIBWOLFSSL_VERSION_STRING "5.9.1" +#define LIBWOLFSSL_VERSION_HEX 0x05009001 #ifdef __cplusplus } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/version.h.in mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h.in --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/version.h.in 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/version.h.in 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,6 +36,11 @@ #include +#if defined(WOLFSSL_ARMASM) && !defined(GCM_SMALL) && !defined(GCM_TABLE) && \ + !defined(GCM_TABLE_4BIT) + #define GCM_TABLE_4BIT +#endif + #if !defined(NO_AES) || defined(WOLFSSL_SM4) typedef struct Gcm { ALIGN16 byte H[16]; @@ -47,7 +52,7 @@ /* key-based fast multiplication table. */ ALIGN16 byte M0[256][16]; #elif defined(GCM_TABLE_4BIT) - #if defined(BIG_ENDIAN_ORDER) || defined(WC_16BIT_CPU) + #if defined(WC_16BIT_CPU) ALIGN16 byte M0[16][16]; #else ALIGN16 byte M0[32][16]; @@ -156,6 +161,9 @@ #include #endif +#if defined(WOLFSSL_PSOC6_CRYPTO) + #include "cy_crypto_common.h" +#endif /* WOLFSSL_PSOC6_CRYPTO */ #ifdef __cplusplus extern "C" { @@ -326,7 +334,7 @@ #endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_STM32U5_DHUK) int devId; - void* devCtx; + void* devCtx; /* Opaque handle for CryptoCB device */ #endif #ifdef WOLF_PRIVATE_KEY_ID byte id[AES_MAX_ID_LEN]; @@ -433,6 +441,12 @@ #ifdef WOLFSSL_AES_CTS byte ctsBlock[WC_AES_BLOCK_SIZE * 2]; #endif +#if defined(WOLFSSL_PSOC6_CRYPTO) + cy_stc_crypto_aes_state_t aes_state; +#ifdef HAVE_AESGCM + cy_stc_crypto_aes_gcm_state_t aes_gcm_state; +#endif +#endif /* WOLFSSL_PSOC6_CRYPTO */ }; #ifndef WC_AES_TYPE_DEFINED @@ -792,6 +806,13 @@ const byte* in, word32 inSz, byte* siv, byte* out); #endif +#ifdef WOLFSSL_CMAC +/* forward declaration, in case aes.h is being included by cmac.h */ +struct Cmac; +WOLFSSL_LOCAL int wc_local_CmacUpdateAes(struct Cmac *cmac, const byte* in, + word32 inSz); +#endif + #ifdef WOLFSSL_AES_EAX /* Because of the circular dependency between AES and CMAC, we need to prevent @@ -879,9 +900,74 @@ #endif -#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if defined(WOLFSSL_ARMASM) +#if defined(__aarch64__) || defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len, + unsigned char* ks); +WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds); +WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); +WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) +/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. + */ +WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m, + const unsigned char* data, unsigned long len); +#endif +WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, + unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); +#if defined(WOLFSSL_AES_XTS) && defined(__aarch64__) +WOLFSSL_LOCAL void AES_XTS_encrypt(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +WOLFSSL_LOCAL void AES_XTS_decrypt(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +#endif +#endif /* __aarch64__ || WOLFSSL_ARMASM_NO_HW_CRYPTO */ + +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_NEON) +WOLFSSL_LOCAL void AES_set_encrypt_key_NEON(const unsigned char* key, + word32 len, unsigned char* ks); +WOLFSSL_LOCAL void AES_invert_key_NEON(unsigned char* ks, word32 rounds); +WOLFSSL_LOCAL void AES_ECB_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_ECB_decrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr); +WOLFSSL_LOCAL void AES_CBC_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* iv); +WOLFSSL_LOCAL void AES_CBC_decrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* iv); +WOLFSSL_LOCAL void AES_CTR_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* ctr); +#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) +/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. + */ +WOLFSSL_LOCAL void GCM_gmult_len_NEON(byte* x, const byte* h, + const unsigned char* data, unsigned long len); +#endif +WOLFSSL_LOCAL void AES_GCM_encrypt_NEON(const unsigned char* in, + unsigned char* out, unsigned long len, const unsigned char* ks, int nr, + unsigned char* ctr); +#endif + +#ifdef WOLFSSL_AES_XTS +WOLFSSL_LOCAL void AES_XTS_encrypt_NEON(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +WOLFSSL_LOCAL void AES_XTS_decrypt_NEON(const byte* in, byte* out, word32 sz, + const byte* i, byte* key, byte* key2, byte* tmp, int nr); +#endif /* WOLFSSL_AES_XTS */ + +#if defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) WOLFSSL_LOCAL void AES_set_key_AARCH64(const byte* userKey, int keylen, byte* key, int dir); @@ -970,7 +1056,7 @@ const byte* authTag, word32 tbytes, word32 nbytes, word32 abytes, byte* h, byte* initCtr, int* res); #endif -#endif +#endif /* WOLFSSL_AESGCM_STREAM */ #ifdef WOLFSSL_AES_XTS WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out, @@ -978,31 +1064,9 @@ WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out, word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); #endif /* WOLFSSL_AES_XTS */ -#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#endif /* __aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) -WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen, - byte* key, int dir); - -WOLFSSL_LOCAL void AES_encrypt_AARCH32(const byte* inBlock, byte* outBlock, - byte* key, int nr); -WOLFSSL_LOCAL void AES_decrypt_AARCH32(const byte* inBlock, byte* outBlock, - byte* key, int nr); -WOLFSSL_LOCAL void AES_encrypt_blocks_AARCH32(const byte* in, byte* out, - word32 sz, byte* key, int nr); -#endif - -#ifdef WOLFSSL_AES_XTS -WOLFSSL_LOCAL void AES_XTS_encrypt_AARCH64(const byte* in, byte* out, - word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); -WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH64(const byte* in, byte* out, - word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); -#endif /* WOLFSSL_AES_XTS */ -#endif /* __aarch64__ && WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ - -#if !defined(__aarch64__) && defined(WOLFSSL_ARMASM) -#if !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) +#if !defined(__aarch64__) && !defined(WOLFSSL_ARMASM_NO_HW_CRYPTO) WOLFSSL_LOCAL void AES_set_key_AARCH32(const byte* userKey, int keylen, byte* key, int dir); @@ -1040,30 +1104,8 @@ WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH32(const byte* in, byte* out, word32 sz, const byte* i, byte* key, byte* key2, byte* tmp, int nr); #endif /* WOLFSSL_AES_XTS */ -#else -WOLFSSL_LOCAL void AES_set_encrypt_key(const unsigned char* key, word32 len, - unsigned char* ks); -WOLFSSL_LOCAL void AES_invert_key(unsigned char* ks, word32 rounds); -WOLFSSL_LOCAL void AES_ECB_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr); -WOLFSSL_LOCAL void AES_ECB_decrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr); -WOLFSSL_LOCAL void AES_CBC_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -WOLFSSL_LOCAL void AES_CBC_decrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* iv); -WOLFSSL_LOCAL void AES_CTR_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -#if defined(GCM_TABLE) || defined(GCM_TABLE_4BIT) -/* in pre-C2x C, constness conflicts for dimensioned arrays can't be resolved. - */ -WOLFSSL_LOCAL void GCM_gmult_len(byte* x, const byte** m, - const unsigned char* data, unsigned long len); -#endif -WOLFSSL_LOCAL void AES_GCM_encrypt(const unsigned char* in, unsigned char* out, - unsigned long len, const unsigned char* ks, int nr, unsigned char* ctr); -#endif /* !WOLFSSL_ARMASM_NO_HW_CRYPTO */ -#endif +#endif /* !__aarch64__ && !WOLFSSL_ARMASM_NO_HW_CRYPTO */ +#endif /* WOLFSSL_ARMASM */ #ifdef __cplusplus } /* extern "C" */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/arc4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ascon.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ascon.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ascon.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ascon.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ascon.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,7 +37,8 @@ #include #if !defined(NO_ASN) || !defined(NO_PWDBASED) - +/* included openssl/obj_mac.h directly for SN_xxx definitions */ +#if !defined(WOLFSSL_OBJ_MAC_H_) #if !defined(NO_ASN_TIME) && defined(NO_TIME_H) #define NO_ASN_TIME /* backwards compatibility with NO_TIME_H */ #endif @@ -82,6 +83,9 @@ #include #endif #include +#if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) + #include +#endif #ifdef WOLFSSL_SM3 #include #endif @@ -351,11 +355,11 @@ } ASNGetData; WOLFSSL_LOCAL int SizeASN_Items(const ASNItem* asn, ASNSetData *data, - int count, int* encSz); + int count, word32* encSz); WOLFSSL_LOCAL int SetASN_Items(const ASNItem* asn, ASNSetData *data, int count, byte* output); WOLFSSL_LOCAL int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, - int complete, const byte* input, word32* inOutIdx, word32 length); + int complete, const byte* input, word32* inOutIdx, const word32 length); #ifdef WOLFSSL_ASN_TEMPLATE_TYPE_CHECK WOLFSSL_LOCAL void GetASN_Int8Bit(ASNGetData *dataASN, byte* num); @@ -373,9 +377,9 @@ WOLFSSL_LOCAL void GetASN_OID(ASNGetData *dataASN, int oidType); WOLFSSL_LOCAL void GetASN_GetConstRef(ASNGetData * dataASN, const byte** data, word32* length); -WOLFSSL_LOCAL void GetASN_GetRef(ASNGetData * dataASN, byte** data, +WOLFSSL_LOCAL void GetASN_GetRef(const ASNGetData * dataASN, const byte** data, word32* length); -WOLFSSL_LOCAL void GetASN_OIDData(ASNGetData * dataASN, byte** data, +WOLFSSL_LOCAL void GetASN_OIDData(const ASNGetData * dataASN, const byte** data, word32* length); WOLFSSL_LOCAL void SetASN_Boolean(ASNSetData *dataASN, byte val); WOLFSSL_LOCAL void SetASN_Int8Bit(ASNSetData *dataASN, byte num); @@ -529,8 +533,8 @@ */ #define GetASN_GetRef(dataASN, d, l) \ do { \ - *(d) = (byte*)(dataASN)->data.ref.data; \ - *(l) = (dataASN)->data.ref.length; \ + *(d) = (const byte*)(dataASN)->data.ref.data; \ + *(l) = (dataASN)->data.ref.length; \ } while (0) /* Get the data and length from an ASN data item that is an OID. @@ -541,7 +545,7 @@ */ #define GetASN_OIDData(dataASN, d, l) \ do { \ - *(d) = (byte*)(dataASN)->data.oid.data; \ + *(d) = (const byte*)(dataASN)->data.oid.data; \ *(l) = (dataASN)->data.oid.length; \ } while (0) @@ -647,6 +651,9 @@ ((dataASN).length + (word32)((dataASN).data.buffer.data - (in)) - \ (dataASN).offset) +#define GetASNItem_HaveData(dataASN) \ + ((dataASN).data.buffer.data != NULL) + /* Get the index of a BER item's data. * * @param [in] dataASN Dynamic ASN data item. @@ -656,6 +663,9 @@ #define GetASNItem_DataIdx(dataASN, in) \ (word32)((dataASN).data.ref.data - (in)) +#define GetASNItem_HaveIdx(dataASN) \ + ((dataASN).data.ref.data != NULL) + /* Get the end index of a BER item - index of the start of the next item. * * @param [in] dataASN Dynamic ASN data item. @@ -692,6 +702,7 @@ /* Set the data items below node to not be encoded. * * @param [in] dataASN Dynamic ASN data item. + * @param [in] asn ASN template item. * @param [in] node Node who's children should not be encoded. * @param [in] dataASNLen Number of items in dataASN. */ @@ -709,6 +720,7 @@ /* Set the node and all nodes below to not be encoded. * * @param [in] dataASN Dynamic ASN data item. + * @param [in] asn ASN template item. * @param [in] node Node which should not be encoded. Child nodes will * also not be encoded. * @param [in] dataASNLen Number of items in dataASN. @@ -854,7 +866,7 @@ #define WC_MAX_RSA_BITS (FP_MAX_BITS / 2) #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define WC_MAX_RSA_BITS (((SP_INT_BITS + 7) / 8) * 8) + #define WC_MAX_RSA_BITS WC_BITS_FULL_BYTES(SP_INT_BITS) #else /* Integer maths is dynamic but we only go up to 4096 bits. */ #define WC_MAX_RSA_BITS 4096 @@ -880,8 +892,10 @@ #else #define WC_MAX_CERT_VERIFY_SZ 1024 /* max default */ #endif - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#endif /* !NO_ASN */ +#endif /* !WOLFSSL_OBJ_MAC_H_ */ +#if defined(WOLFSSL_OBJ_MAC_H_) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* short names */ #define WC_SN_md4 "MD4" #define WC_SN_md5 "MD5" @@ -946,29 +960,91 @@ #define WC_NID_tlsfeature TLS_FEATURE_OID /* id-pe 24 */ #define WC_NID_buildingName 1494 +#define WC_SN_dnQualifier "dnQualifier" +#define WC_LN_dnQualifier "dnQualifier" #define WC_NID_dnQualifier 174 /* 2.5.4.46 */ + +#define WC_SN_commonName "CN" +#define WC_LN_commonName "commonName" #define WC_NID_commonName 14 /* CN Changed to not conflict - * with PBE_SHA1_DES3 */ + * with PBE_SHA1_DES3 */ +#define WC_LN_name "name" +#define WC_SN_name "name" #define WC_NID_name 173 /* N , OID = 2.5.4.41 */ + +#define WC_LN_surname "surname" +#define WC_SN_surname "SN" #define WC_NID_surname 0x04 /* SN */ + +#define WC_LN_serialNumber "serialNumber" #define WC_NID_serialNumber 0x05 /* serialNumber */ + +#define WC_LN_countryName "countryName" +#define WC_SN_countryName "C" #define WC_NID_countryName 0x06 /* C */ + +#define WC_LN_localityName "localityName" +#define WC_SN_localityName "L" #define WC_NID_localityName 0x07 /* L */ + +#define WC_LN_stateOrProvinceName "stateOrProvinceName" +#define WC_SN_stateOrProvinceName "ST" #define WC_NID_stateOrProvinceName 0x08 /* ST */ + +#define WC_LN_streetAddress "streetAddress" +#define WC_SN_streetAddress "street" #define WC_NID_streetAddress ASN_STREET_ADDR /* street */ + +#define WC_LN_organizationName "organizationName" +#define WC_SN_organizationName "O" #define WC_NID_organizationName 0x0a /* O */ + +#define WC_LN_organizationalUnitName "organizationalUnitName" +#define WC_SN_organizationalUnitName "OU" #define WC_NID_organizationalUnitName 0x0b /* OU */ + +#define WC_LN_jurisdictionCountryName "jurisdictionCountryName" +#define WC_SN_jurisdictionCountryName "jurisdictionC" #define WC_NID_jurisdictionCountryName 0xc + +#define WC_LN_jurisdictionStateOrProvinceName "jurisdictionStateOrProvinceName" +#define WC_SN_jurisdictionStateOrProvinceName "jurisdictionST" #define WC_NID_jurisdictionStateOrProvinceName 0xd + +#define WC_LN_businessCategory "businessCategory" #define WC_NID_businessCategory ASN_BUS_CAT + +#define WC_SN_domainComponent "DC" +#define WC_LN_domainComponent "domainComponent" #define WC_NID_domainComponent ASN_DOMAIN_COMPONENT + +#define WC_LN_postalCode "postalCode" #define WC_NID_postalCode ASN_POSTAL_CODE /* postalCode */ + +#define WC_SN_rfc822Mailbox "mail" +#define WC_LN_rfc822Mailbox "rfc822Mailbox" #define WC_NID_rfc822Mailbox 460 + +#define WC_SN_favouriteDrink "coldBrew" +#define WC_LN_favouriteDrink "favouriteDrink" #define WC_NID_favouriteDrink 462 + +#define WC_SN_userId "UID" +#define WC_LN_userId "userId" #define WC_NID_userId 458 + +#define WC_LN_registeredAddress "registeredAddress" #define WC_NID_registeredAddress 870 + +#define WC_LN_emailAddress "emailAddress" #define WC_NID_emailAddress 0x30 /* emailAddress */ + +#define WC_SN_id_on_dnsSRV "id-on-dnsSRV" +#define WC_LN_id_on_dnsSRV "SRVName" #define WC_NID_id_on_dnsSRV 82 /* 1.3.6.1.5.5.7.8.7 */ + +#define WC_SN_ms_upn "msUPN" +#define WC_LN_ms_upn "Microsoft User Principal Name" #define WC_NID_ms_upn UPN_OID /* 1.3.6.1.4.1.311.20.2.3 */ #define WC_NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ @@ -1021,27 +1097,91 @@ #define NID_tlsfeature WC_NID_tlsfeature #define NID_buildingName WC_NID_buildingName +#define SN_dnQualifier WC_SN_dnQualifier +#define LN_dnQualifier WC_LN_dnQualifier #define NID_dnQualifier WC_NID_dnQualifier + +#define SN_commonName WC_SN_commonName +#define LN_commonName WC_LN_commonName #define NID_commonName WC_NID_commonName + +#define LN_name WC_LN_name +#define SN_name WC_SN_name #define NID_name WC_NID_name + +#define LN_surname WC_LN_surname +#define SN_surname WC_SN_surname #define NID_surname WC_NID_surname + +#define LN_serialNumber WC_LN_serialNumber #define NID_serialNumber WC_NID_serialNumber + +#define LN_countryName WC_LN_countryName +#define SN_countryName WC_SN_countryName #define NID_countryName WC_NID_countryName + +#define LN_localityName WC_LN_localityName +#define SN_localityName WC_SN_localityName #define NID_localityName WC_NID_localityName + +#define LN_stateOrProvinceName WC_LN_stateOrProvinceName +#define SN_stateOrProvinceName WC_SN_stateOrProvinceName #define NID_stateOrProvinceName WC_NID_stateOrProvinceName + +#define LN_streetAddress WC_LN_streetAddress +#define SN_streetAddress WC_SN_streetAddress #define NID_streetAddress WC_NID_streetAddress + +#define LN_organizationName WC_LN_organizationName +#define SN_organizationName WC_SN_organizationName #define NID_organizationName WC_NID_organizationName + +#define LN_organizationalUnitName WC_LN_organizationalUnitName +#define SN_organizationalUnitName WC_SN_organizationalUnitName #define NID_organizationalUnitName WC_NID_organizationalUnitName + +#define LN_jurisdictionCountryName WC_LN_jurisdictionCountryName +#define SN_jurisdictionCountryName WC_SN_jurisdictionCountryName #define NID_jurisdictionCountryName WC_NID_jurisdictionCountryName + +#define LN_jurisdictionStateOrProvinceName WC_LN_jurisdictionStateOrProvinceName +#define SN_jurisdictionStateOrProvinceName WC_SN_jurisdictionStateOrProvinceName #define NID_jurisdictionStateOrProvinceName WC_NID_jurisdictionStateOrProvinceName + +#define LN_businessCategory WC_LN_businessCategory #define NID_businessCategory WC_NID_businessCategory + +#define SN_domainComponent WC_SN_domainComponent +#define LN_domainComponent WC_LN_domainComponent #define NID_domainComponent WC_NID_domainComponent + +#define LN_postalCode WC_LN_postalCode #define NID_postalCode WC_NID_postalCode + +#define SN_rfc822Mailbox WC_SN_rfc822Mailbox +#define LN_rfc822Mailbox WC_LN_rfc822Mailbox #define NID_rfc822Mailbox WC_NID_rfc822Mailbox + +#define SN_favouriteDrink WC_SN_favouriteDrink +#define LN_favouriteDrink WC_LN_favouriteDrink #define NID_favouriteDrink WC_NID_favouriteDrink + +#define SN_userId WC_SN_userId +#define LN_userId WC_LN_userId #define NID_userId WC_NID_userId + +#define LN_registeredAddress WC_LN_registeredAddress +#define NID_registeredAddress WC_NID_registeredAddress + +#define LN_emailAddress WC_LN_emailAddress #define NID_emailAddress WC_NID_emailAddress + +#define SN_id_on_dnsSRV WC_SN_id_on_dnsSRV +#define LN_id_on_dnsSRV WC_LN_id_on_dnsSRV #define NID_id_on_dnsSRV WC_NID_id_on_dnsSRV + +#define SN_ms_upn WC_SN_ms_upn +#define LN_ms_upn WC_LN_ms_upn #define NID_ms_upn WC_NID_ms_upn #define NID_X9_62_prime_field WC_NID_X9_62_prime_field @@ -1052,8 +1192,9 @@ #endif /* !OPENSSL_COEXIST */ -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - +#endif /* WOLFSSL_OBJ_MAC_H_ || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#if !defined(WOLFSSL_OBJ_MAC_H_) +#if !defined(NO_ASN) enum ECC_TYPES { ECC_PREFIX_0 = 160, @@ -1131,7 +1272,7 @@ DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ MIN_DATE_SIZE = 12, - MAX_DATE_SIZE = 32, + MAX_DATE_SIZE = CTC_DATE_SIZE, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ #ifdef WOLFSSL_CERT_GEN @@ -1304,12 +1445,16 @@ DNS_entry* next; /* next on DNS list */ int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ - char* name; /* actual DNS name */ + const char* + name; /* actual DNS name */ + int nameStored; #ifdef WOLFSSL_IP_ALT_NAME char* ipString; /* human readable form of IP address */ + int ipStringStored; #endif #ifdef WOLFSSL_RID_ALT_NAME char* ridString; /* human readable form of registeredID */ + int ridStringStored; #endif #ifdef WOLFSSL_FPKI @@ -1572,6 +1717,19 @@ #endif /* WOLFSSL_TRUST_PEER_CERT */ typedef struct SignatureCtx SignatureCtx; +#ifndef WOLFSSL_AIA_ENTRY_DEFINED +#ifndef WOLFSSL_MAX_AIA_ENTRIES + #define WOLFSSL_MAX_AIA_ENTRIES 8 +#endif + +#define WOLFSSL_AIA_ENTRY_DEFINED +typedef struct WOLFSSL_AIA_ENTRY { + word32 method; /* AIA method OID sum (e.g., AIA_OCSP_OID). */ + const byte* uri; /* Pointer into cert DER for the URI. */ + word32 uriSz; /* Length of URI data. */ +} WOLFSSL_AIA_ENTRY; +#endif /* WOLFSSL_AIA_ENTRY_DEFINED */ + #ifdef WC_ASN_UNKNOWN_EXT_CB typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); @@ -1583,6 +1741,10 @@ struct DecodedCert { const byte* publicKey; word32 pubKeySize; +#ifdef HAVE_OCSP_RESPONDER + const byte* publicKeyForHash; + word32 pubKeyForHashSize; +#endif int pubKeyStored; word32 certBegin; /* offset to start of cert */ word32 sigIndex; /* offset to start of signature */ @@ -1607,8 +1769,10 @@ byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ #endif /* HAVE_OCSP */ - const byte* signature; /* not owned, points into raw cert */ - char* subjectCN; /* CommonName */ + const byte* + signature; /* not owned, points into raw cert */ + const char* + subjectCN; /* CommonName */ int subjectCNLen; /* CommonName Length */ char subjectCNEnc; /* CommonName Encoding */ char issuer[WC_ASN_NAME_MAX]; /* full name including common name */ @@ -1703,13 +1867,18 @@ const byte* issuerRaw; /* pointer to issuer inside source */ int issuerRawLen; #endif +#ifdef HAVE_OCSP_RESPONDER + const byte* subjectRawForHash; /* pointer to subject including tags */ + int subjectRawForHashLen; +#endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) const byte* subjectRaw; /* pointer to subject inside source */ int subjectRawLen; #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || \ defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - char* subjectEmail; + const char* + subjectEmail; int subjectEmailLen; #endif #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) @@ -1758,17 +1927,20 @@ char* subjectBC; int subjectBCLen; char subjectBCEnc; - char* subjectJC; + const char* + subjectJC; int subjectJCLen; char subjectJCEnc; - char* subjectJS; + const char* + subjectJS; int subjectJSLen; char subjectJSEnc; char* subjectPC; int subjectPCLen; char subjectPCEnc; #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - char* issuerCN; + const char* + issuerCN; int issuerCNLen; char issuerCNEnc; char* issuerSN; @@ -1792,7 +1964,8 @@ char* issuerSND; int issuerSNDLen; char issuerSNDEnc; - char* issuerEmail; + const char* + issuerEmail; int issuerEmailLen; #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ @@ -1819,11 +1992,14 @@ #ifdef WOLFSSL_CERT_REQ /* CSR attributes */ - char* contentType; /* Content Type */ + const char* + contentType; /* Content Type */ int contentTypeLen; - char* cPwd; /* Challenge Password */ + const char* + cPwd; /* Challenge Password */ int cPwdLen; - char* sNum; /* Serial Number */ + const char* + sNum; /* Serial Number */ int sNumLen; char* dnQualifier; int dnQualifierLen; @@ -1833,7 +2009,8 @@ int surnameLen; char* givenName; int givenNameLen; - char* unstructuredName; + const char* + unstructuredName; int unstructuredNameLen; #endif /* WOLFSSL_CERT_REQ */ @@ -1930,6 +2107,10 @@ WC_BITFIELD extAltSigAlgCrit:1; WC_BITFIELD extAltSigValCrit:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ + + WOLFSSL_AIA_ENTRY extAuthInfoList[WOLFSSL_MAX_AIA_ENTRIES]; + WC_BITFIELD extAuthInfoListSz:7; + WC_BITFIELD extAuthInfoListOverflow:1; }; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) @@ -1946,30 +2127,32 @@ word32 pubKeySize; word32 keyOID; /* key type */ word16 keyUsage; + byte extKeyUsage; word16 maxPathLen; WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; - char* name; /* common name */ + const char* + name; /* common name */ #ifndef IGNORE_NAME_CONSTRAINTS - Base_entry* permittedNames; - Base_entry* excludedNames; -#endif /* !IGNORE_NAME_CONSTRAINTS */ + Base_entry* permittedNames; + Base_entry* excludedNames; +#endif byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ - #if defined(HAVE_OCSP) || defined(HAVE_CRL) - byte issuerNameHash[SIGNER_DIGEST_SIZE]; - /* sha hash of issuer names in certificate. - * Used in OCSP to check for authorized - * responders. */ - #endif - #ifndef NO_SKID - byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; - /* sha hash of key in certificate */ - #endif - #ifdef HAVE_OCSP - byte subjectKeyHash[KEYID_SIZE]; - #endif +#if defined(HAVE_OCSP) || defined(HAVE_CRL) || defined(WOLFSSL_AKID_NAME) + byte issuerNameHash[SIGNER_DIGEST_SIZE]; + /* sha hash of issuer names in certificate. + * Used in OCSP to check for authorized + * responders. */ +#endif +#ifndef NO_SKID + byte subjectKeyIdHash[SIGNER_DIGEST_SIZE]; + /* sha hash of key in certificate */ +#endif +#ifdef HAVE_OCSP + byte subjectKeyHash[KEYID_SIZE]; +#endif #if defined(WOLFSSL_AKID_NAME) || defined(HAVE_CRL) byte serialHash[SIGNER_DIGEST_SIZE]; /* serial number hash */ #endif @@ -1994,7 +2177,8 @@ /* used for having trusted peer certs rather then CA */ struct TrustedPeerCert { int nameLen; - char* name; /* common name */ + const char* + name; /* common name */ #ifndef IGNORE_NAME_CONSTRAINTS Base_entry* permittedNames; Base_entry* excludedNames; @@ -2059,21 +2243,6 @@ } MimeStatus; #endif /* HAVE_SMIME */ -WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); -WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); -WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, - int hashAlg); -WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash, - int hashAlg); -WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); - -#ifdef ASN_BER_TO_DER -WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, - word32* derSz); -#endif -WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, - byte* out, word32* outSz, word32* idx); - #ifdef WOLFSSL_API_PREFIX_MAP #define FreeAltNames wc_FreeAltNames #define AltNameNew wc_AltNameNew @@ -2094,12 +2263,46 @@ #define GetShortInt wc_GetShortInt #define SetShortInt wc_SetShortInt #define GetLength wc_GetLength + #define SetLength wc_SetLength + #define SetSequence wc_SetSequence #define GetASNInt wc_GetASNInt #define GetASNTag wc_GetASNTag #define SetAlgoID wc_SetAlgoID #define SetAsymKeyDer wc_SetAsymKeyDer + #define CalcHashId wc_CalcHashId + #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ + defined(OPENSSL_ALL) + #define DecodeObjectId wc_DecodeObjectId + #endif + #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID) + /* GetCAByAKID() has two implementations, a full implementation in + * src/ssl.c, and a dummy implementation in wolfcrypt/src/asn.c for + * WOLFCRYPT_ONLY builds. + */ + #define GetCAByAKID wolfSSL_GetCAByAKID + #endif + #define FillSigner wc_FillSigner + #define MakeSigner wc_MakeSigner + #define FreeSigner wc_FreeSigner + #define AllocDer wc_AllocDer + #define FreeDer wc_FreeDer #endif /* WOLFSSL_API_PREFIX_MAP */ +WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); +WOLFSSL_TEST_VIS int CalcHashId(const byte* data, word32 len, byte* hash); +WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, + int hashAlg); +WOLFSSL_LOCAL int GetHashId(const byte* id, int length, byte* hash, + int hashAlg); +WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); + +#ifdef ASN_BER_TO_DER +WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, + word32* derSz); +#endif +WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, + byte* out, word32* outSz, word32* idx); + WOLFSSL_ASN_API void FreeAltNames(DNS_entry* altNames, void* heap); WOLFSSL_ASN_API DNS_entry* AltNameNew(void* heap); WOLFSSL_ASN_API DNS_entry* AltNameDup(DNS_entry* from, void* heap); @@ -2192,9 +2395,9 @@ WOLFSSL_LOCAL const byte* OidFromId(word32 id, word32 type, word32* oidSz); WOLFSSL_LOCAL Signer* findSignerByKeyHash(Signer *list, byte *hash); WOLFSSL_LOCAL Signer* findSignerByName(Signer *list, byte *hash); -WOLFSSL_LOCAL int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der); -WOLFSSL_LOCAL Signer* MakeSigner(void* heap); -WOLFSSL_LOCAL void FreeSigner(Signer* signer, void* heap); +WOLFSSL_TEST_VIS int FillSigner(Signer* signer, DecodedCert* cert, int type, DerBuffer *der); +WOLFSSL_TEST_VIS Signer* MakeSigner(void* heap); +WOLFSSL_TEST_VIS void FreeSigner(Signer* signer, void* heap); WOLFSSL_LOCAL void FreeSignerTable(Signer** table, int rows, void* heap); WOLFSSL_LOCAL void FreeSignerTableType(Signer** table, int rows, byte type, void* heap); @@ -2236,19 +2439,32 @@ typedef struct tm wolfssl_tm; #ifdef WOLFSSL_ASN_TIME_STRING -WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); +WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len, + int dateLen); #endif #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ - !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || defined(HAVE_PKCS7)) + !defined(TIME_OVERRIDES) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_PKCS7) || defined(HAVE_OCSP_RESPONDER)) WOLFSSL_LOCAL int GetFormattedTime(void* currTime, byte* buf, word32 len); WOLFSSL_LOCAL int GetAsnTimeString(void* currTime, byte* buf, word32 len); +WOLFSSL_LOCAL int GetFormattedTime_ex(void* currTime, byte* buf, word32 len, byte format); #endif WOLFSSL_LOCAL int ExtractDate(const unsigned char* date, unsigned char format, - wolfssl_tm* certTime, int* idx); + wolfssl_tm* certTime, int* idx, int len); WOLFSSL_LOCAL int DateGreaterThan(const struct tm* a, const struct tm* b); -WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType); +WOLFSSL_LOCAL int wc_ValidateDate(const byte* date, byte format, int dateType, + int len); +#ifndef NO_ASN_TIME +WOLFSSL_LOCAL int wc_ValidateDateWithTime(const byte* date, byte format, + int dateType, time_t checkTime, int len); +#endif WOLFSSL_TEST_VIS int wc_AsnSetSkipDateCheck(int skip_p); WOLFSSL_LOCAL int wc_AsnGetSkipDateCheck(void); +#ifdef HAVE_CRL +WOLFSSL_TEST_VIS int wc_ParseCRLReasonFromExtensions(const byte* ext, + word32 extSz, + int* reasonCode); +#endif /* ASN.1 helper functions */ #ifdef WOLFSSL_CERT_GEN @@ -2300,7 +2516,7 @@ #endif #if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ defined(OPENSSL_ALL) - WOLFSSL_LOCAL int DecodeObjectId(const byte* in, word32 inSz, + WOLFSSL_TEST_VIS int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz); #endif WOLFSSL_LOCAL int GetASNObjectId(const byte* input, word32* inOutIdx, int* len, @@ -2324,11 +2540,11 @@ WOLFSSL_LOCAL word32 SetASNExplicit(byte number, word32 len, byte* output); WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output); -WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); +WOLFSSL_ASN_API word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef); WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef); -WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); +WOLFSSL_ASN_API word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef); WOLFSSL_LOCAL word32 SetIndefEnd(byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); @@ -2343,6 +2559,12 @@ WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); WOLFSSL_LOCAL word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams); +#if defined(WC_RSA_PSS) && !defined(NO_RSA) +WOLFSSL_LOCAL word32 wc_EncodeRsaPssAlgoId(int hashOID, int saltLen, byte* out, + word32 outSz); +WOLFSSL_TEST_VIS int wc_DecodeRsaPssParams(const byte* params, word32 sz, + enum wc_HashType* hash, int* mgf, int* saltLen); +#endif WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, word32 outputSz, int maxSnSz); @@ -2418,11 +2640,11 @@ WOLFSSL_LOCAL int PemToDer(const unsigned char* buff, long longSz, int type, DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat); -WOLFSSL_LOCAL int AllocDer(DerBuffer** der, word32 length, int type, +WOLFSSL_API int AllocDer(DerBuffer** der, word32 length, int type, void* heap); WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff, word32 length, int type, void* heap); -WOLFSSL_LOCAL void FreeDer(DerBuffer** der); +WOLFSSL_API void FreeDer(DerBuffer** der); #ifdef WOLFSSL_ASN_PARSE_KEYUSAGE WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage, @@ -2468,7 +2690,31 @@ #endif /* WOLFSSL_CERT_GEN */ +/* hashes type for asn */ +typedef struct AsnHashes { + #if !defined(NO_MD5) + byte md5[WC_MD5_DIGEST_SIZE]; + #endif + #if !defined(NO_SHA) + byte sha[WC_SHA_DIGEST_SIZE]; + #endif + #ifndef NO_SHA256 + byte sha256[WC_SHA256_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA384 + byte sha384[WC_SHA384_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SHA512 + byte sha512[WC_SHA512_DIGEST_SIZE]; + #endif + #ifdef WOLFSSL_SM3 + byte sm3[WC_SM3_DIGEST_SIZE]; + #endif +} AsnHashes; +WOLFSSL_LOCAL int AsnHashesHash(AsnHashes* hashes, const byte* data, word32 dataSz); +WOLFSSL_LOCAL const byte* AsnHashesGetHash(const AsnHashes* hashes, int hashAlg, + int* size); /* for pointer use */ typedef struct CertStatus CertStatus; @@ -2516,15 +2762,20 @@ int status; byte thisDate[MAX_DATE_SIZE]; + byte thisDateSz; byte nextDate[MAX_DATE_SIZE]; + byte nextDateSz; byte thisDateFormat; byte nextDateFormat; #ifdef WOLFSSL_OCSP_PARSE_STATUS WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; - byte* thisDateAsn; - byte* nextDateAsn; + const byte* thisDateAsn; + const byte* nextDateAsn; #endif + byte revocationDate[MAX_DATE_SIZE]; /* ASN-formatted revocation time */ + word32 revocationDateSz; + byte revocationReason; /* CRL reason code */ byte* rawOcspResponse; word32 rawOcspResponseSz; @@ -2552,8 +2803,8 @@ { OcspEntry *next; /* next entry */ word32 hashAlgoOID; /* hash algo ID */ - byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */ - byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */ + byte issuerHash[WC_MAX_DIGEST_SIZE]; /* issuer hash */ + byte issuerKeyHash[WC_MAX_DIGEST_SIZE]; /* issuer public key hash */ CertStatus *status; /* OCSP response list */ int totalStatus; /* number on list */ byte* rawCertId; /* raw bytes of the CertID */ @@ -2574,7 +2825,7 @@ enum responderIdType { OCSP_RESPONDER_ID_INVALID = 0, OCSP_RESPONDER_ID_NAME = 1, - OCSP_RESPONDER_ID_KEY = 2, + OCSP_RESPONDER_ID_KEY = 2 }; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP structs conform to the ASN spec as described in RFC 6960. It will help @@ -2584,7 +2835,8 @@ struct OcspResponse { int responseStatus; /* return code from Responder */ - byte* response; /* Pointer to beginning of OCSP Response */ + const byte* + response; /* Pointer to beginning of OCSP Response */ word32 responseSz; /* length of the OCSP Response */ enum responderIdType responderIdType; @@ -2596,20 +2848,25 @@ byte producedDate[MAX_DATE_SIZE]; /* Date at which this response was signed */ byte producedDateFormat; /* format of the producedDate */ + byte producedDateSz; - byte* cert; + const byte* + cert; word32 certSz; - byte* sig; /* Pointer to sig in source */ + const byte* + sig; /* Pointer to sig in source */ word32 sigSz; /* Length in octets for the sig */ word32 sigOID; /* OID for hash used for sig */ - byte* sigParams; - word32 sigParamsSz; + const byte* + sigParams; + word32 sigParamsSz; OcspEntry* single; /* chain of OCSP single responses */ - byte* nonce; /* pointer to nonce inside ASN.1 response */ + const byte* + nonce; /* pointer to nonce inside ASN.1 response */ int nonceSz; /* length of the nonce string */ byte* source; /* pointer to source buffer, not owned */ @@ -2620,11 +2877,9 @@ struct OcspRequest { - byte issuerHash[KEYID_SIZE]; - byte issuerKeyHash[KEYID_SIZE]; -#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) - int hashSz; -#endif + byte issuerHash[WC_MAX_DIGEST_SIZE]; + byte issuerKeyHash[WC_MAX_DIGEST_SIZE]; + int hashAlg; /* Hash_Sum OID, e.g. SHAh, SHA256h */ byte* serial; /* copy of the serial number in source cert */ int serialSz; #ifdef OPENSSL_EXTRA @@ -2643,6 +2898,8 @@ WOLFSSL_LOCAL void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, byte* source, word32 inSz, void* heap); WOLFSSL_LOCAL void FreeOcspResponse(OcspResponse* resp); +WOLFSSL_LOCAL int OcspResponseEncode(OcspResponse* resp, byte* out, word32* outSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); WOLFSSL_LOCAL int OcspResponseDecode(OcspResponse* resp, void* cm, void* heap, int noVerifyCert, int noVerifySignature); @@ -2651,6 +2908,8 @@ WOLFSSL_LOCAL void FreeOcspRequest(OcspRequest* req); WOLFSSL_LOCAL int EncodeOcspRequest(OcspRequest* req, byte* output, word32 size); +WOLFSSL_LOCAL int DecodeOcspRequest(OcspRequest* req, const byte* input, + word32 size); WOLFSSL_LOCAL word32 EncodeOcspRequestExtensions(OcspRequest* req, byte* output, word32 size); @@ -2659,6 +2918,74 @@ WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 inSz, OcspEntry* entry); +#ifdef HAVE_OCSP_RESPONDER +/* Revocation reason codes from RFC 5280 */ +enum WC_CRL_Reason { + WC_CRL_REASON_UNSPECIFIED = 0, + WC_CRL_REASON_KEY_COMPROMISE = 1, + WC_CRL_REASON_CA_COMPROMISE = 2, + WC_CRL_REASON_AFFILIATION_CHANGED = 3, + WC_CRL_REASON_SUPERSEDED = 4, + WC_CRL_REASON_CESSATION_OF_OPERATION = 5, + WC_CRL_REASON_CERTIFICATE_HOLD = 6, + /* value 7 is not used */ + WC_CRL_REASON_REMOVE_FROM_CRL = 8, + WC_CRL_REASON_PRIVILEGE_WITHDRAWN = 9, + WC_CRL_REASON_AA_COMPROMISE = 10 +}; + +/* Certificate status entry for a single certificate */ +typedef struct OcspResponderCertStatus OcspResponderCertStatus; +struct OcspResponderCertStatus { + byte serial[EXTERNAL_SERIAL_SIZE]; + int serialSz; + enum Ocsp_Cert_Status status; /* CERT_GOOD, CERT_REVOKED, CERT_UNKNOWN */ + byte revocationDate[MAX_DATE_SIZE]; /* ASN-formatted revocation time (if REVOKED) */ + word32 revocationDateSz; /* Size of revocation date */ + enum WC_CRL_Reason revocationReason; /* Reason for revocation */ + word32 validityPeriod; /* Validity period in seconds (for CERT_GOOD) */ + OcspResponderCertStatus* next; +}; + +/* CA entry with its certificates and key */ +typedef struct OcspResponderCa OcspResponderCa; +struct OcspResponderCa { + char subject[WC_ASN_NAME_MAX]; /* CA subject name for lookup */ + + union { +#ifndef NO_RSA + struct RsaKey rsa; +#endif +#ifdef HAVE_ECC + struct ecc_key ecc; +#endif + } key; /* private key for signing */ + enum Key_Sum keyType; /* Type of key */ + + AsnHashes issuerHashes; /* Hashes of CA's subject DN */ + AsnHashes issuerKeyHashes; /* Hashes of CA's public key */ + + byte responderKeyHash[WC_SHA_DIGEST_SIZE]; /* Hash of the responder's public key */ + + byte* certDer; /* Raw DER certificate (if sendCerts enabled) */ + word32 certDerSz; /* Size of certificate DER */ + + OcspResponderCertStatus* statuses; /* List of certificate statuses for this CA */ + + OcspResponderCa* next; /* Next Auth CA in list */ + + WC_BITFIELD authResp:1; /* Is the cert an authorized responder */ +}; + +typedef struct OcspResponder OcspResponder; +struct OcspResponder { + OcspResponderCa* caList; /* List of CAs this responder handles */ + void* heap; + WC_RNG rng; /* RNG for signing responses */ + WC_BITFIELD sendCerts:1; /* Whether to include CA in responses */ +}; +#endif /* HAVE_OCSP_RESPONDER */ + #endif /* HAVE_OCSP */ @@ -2673,12 +3000,19 @@ RevokedCert* next; byte revDate[MAX_DATE_SIZE]; byte revDateFormat; + int reasonCode; /* CRL reason code, -1 if absent */ +#if defined(OPENSSL_EXTRA) + byte* extensions; /* raw DER of crlEntryExtensions */ + word32 extensionsSz; +#endif }; #ifndef CRL_MAX_NUM_SZ #define CRL_MAX_NUM_SZ 20 /* RFC5280 states that CRL number can be up to 20 */ #endif /* octets long */ +#define CRL_MAX_NUM_HEX_STR_SZ (CRL_MAX_NUM_SZ * 2 + 1) +#define CRL_MAX_NUM_SZ_BITS (CRL_MAX_NUM_SZ * CHAR_BIT) typedef struct DecodedCRL DecodedCRL; @@ -2691,8 +3025,9 @@ word32 sigParamsIndex; /* start of signature parameters */ word32 sigParamsLength; /* length of signature parameters */ #endif - byte* signature; /* pointer into raw source, not owned */ - byte crlNumber[CRL_MAX_NUM_SZ]; /* CRL number extension */ + const byte* + signature; /* pointer into raw source, not owned */ + char crlNumber[CRL_MAX_NUM_HEX_STR_SZ]; /* CRL number extension */ byte issuerHash[SIGNER_DIGEST_SIZE]; /* issuer name hash */ byte crlHash[SIGNER_DIGEST_SIZE]; /* raw crl data hash */ byte lastDate[MAX_DATE_SIZE]; /* last date updated */ @@ -2775,6 +3110,15 @@ #endif /* WOLFSSL_ACERT */ +#ifndef IGNORE_NAME_CONSTRAINTS +WOLFSSL_TEST_VIS int wolfssl_local_MatchBaseName(int type, const char* name, + int nameSz, const char* base, + int baseSz); +WOLFSSL_TEST_VIS int wolfssl_local_MatchIpSubnet(const byte* ip, int ipSz, + const byte* constraint, + int constraintSz); +#endif + #if ((defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)) \ || (defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_IMPORT)) \ || (defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)) \ @@ -2850,6 +3194,7 @@ } /* extern "C" */ #endif +#endif /* WOLFSSL_OBJ_MAC_H_ */ #endif /* !NO_ASN || !NO_PWDBASED */ #endif /* WOLF_CRYPT_ASN_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/asn_public.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -233,6 +233,46 @@ #define pem_password_cb wc_pem_password_cb #endif +/*! + \ingroup CertManager + \brief Callback function type for certificate/CSR signing. + + This callback allows external signing implementations (e.g., TPM, HSM) + to sign certificates and CSRs without requiring the crypto callback + infrastructure. This is particularly useful for FIPS compliance where + offloading wolfCrypt operations is not acceptable. + + \param in Data to sign. For RSA, this is the DER-encoded digest + (DigestInfo structure with algorithm identifier). For ECC, + this is the raw hash to sign. + \param inLen Length of data to sign in bytes. + \param out Output buffer for the signature. + \param outLen Input: size of output buffer. Output: actual signature size. + \param sigAlgo Signature algorithm identifier (e.g., CTC_SHA256wRSA, + CTC_SHA256wECDSA). + \param keyType Key type (RSA_TYPE or ECC_TYPE only). + \param ctx User-provided context pointer for callback state. + + \return 0 on success. + \return Negative error code on failure (BAD_FUNC_ARG, MEMORY_E, etc.). + + \sa wc_SignCert_cb + \sa wc_SignCert_ex + + _Example_ + \code + int mySignCallback(const byte* in, word32 inLen, byte* out, + word32* outLen, int sigAlgo, int keyType, void* ctx) + { + MySignCtx* myCtx = (MySignCtx*)ctx; + return myDevice_Sign(myCtx->device, in, inLen, out, outLen); + } + \endcode +*/ +typedef int (*wc_SignCertCb)(const byte* in, word32 inLen, + byte* out, word32* outLen, + int sigAlgo, int keyType, void* ctx); + typedef struct EncryptedInfo { long consumed; /* tracks PEM bytes consumed */ @@ -464,17 +504,17 @@ CertExtension customCertExt[NUM_CUSTOM_EXT]; int customCertExtCount; #endif /* WOLFSSL_CUSTOM_OID */ - void* decodedCert; /* internal DecodedCert allocated from heap */ - byte* der; /* Pointer to buffer of current DecodedCert cache */ - void* heap; /* heap hint */ + void* decodedCert; /* internal DecodedCert allocated from heap */ + const byte* der; /* Pointer to buffer of current DecodedCert cache */ + void* heap; /* heap hint */ WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */ - byte basicConstCrit; /* Indicator of criticality of Basic Constraints extension */ + byte basicConstCrit; /* Indicator of criticality of Basic Constraints extension */ #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ + WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ #endif - WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */ + WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */ #ifdef WOLFSSL_ALT_NAMES - WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */ + WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */ #endif } Cert; @@ -511,6 +551,12 @@ WC_RNG* rng); WOLFSSL_API int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); +#ifdef WOLFSSL_CERT_SIGN_CB +WOLFSSL_API int wc_SignCert_cb(int requestSz, int sType, byte* buf, + word32 buffSz, int keyType, + wc_SignCertCb signCb, void* signCtx, + WC_RNG* rng); +#endif /* WOLFSSL_CERT_SIGN_CB */ #ifdef WOLFSSL_DUAL_ALG_CERTS WOLFSSL_API int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, word32 bufSz, int keyType, void* key, @@ -593,6 +639,20 @@ #endif /* WOLFSSL_CERT_EXT */ +#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_CRL) +/* CRL Generation functions */ +struct RevokedCert; /* forward declaration */ +WOLFSSL_API int wc_MakeCRL_ex(const byte* issuerDer, word32 issuerSz, + const byte* lastDate, byte lastDateFmt, + const byte* nextDate, byte nextDateFmt, + struct RevokedCert* certs, const byte* crlNumber, + word32 crlNumberSz, int sigType, int version, + byte* output, word32 outputSz); +WOLFSSL_API int wc_SignCRL_ex(const byte* tbsBuf, int tbsSz, int sType, + byte* buf, word32 bufSz, + RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng); +#endif /* WOLFSSL_CERT_GEN && HAVE_CRL */ + WOLFSSL_API int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, byte* format, int* length); #ifndef NO_ASN_TIME @@ -870,6 +930,12 @@ word32 certDerSz, byte* pubKeyDer, word32* pubKeyDerSz); +WOLFSSL_API int wc_GetDecodedCertSubject(const struct DecodedCert* cert, + char* buf, word32* bufSz); +WOLFSSL_API int wc_GetDecodedCertIssuer(const struct DecodedCert* cert, + char* buf, word32* bufSz); +WOLFSSL_API int wc_GetDecodedCertSerial(const struct DecodedCert* cert, + byte* buf, word32* bufSz); #ifdef WOLFSSL_FPKI WOLFSSL_API int wc_GetUUIDFromCert(struct DecodedCert* cert, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/async.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/async.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/async.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/async.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,470 @@ +/* async.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_ASYNC_H +#define WOLFSSL_ASYNC_H + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + +#include +#include +#ifdef HAVE_CAVIUM + #include +#elif defined(HAVE_INTEL_QA) + #include +#endif + + +struct WC_ASYNC_DEV; + + +/* Asynchronous crypto using software */ +#ifdef WOLFSSL_ASYNC_CRYPT_SW + enum WC_ASYNC_SW_TYPE { + ASYNC_SW_NONE = 0, +#ifdef HAVE_ECC + ASYNC_SW_ECC_MAKE = 1, + #ifdef HAVE_ECC_SIGN + ASYNC_SW_ECC_SIGN = 2, + #endif + #ifdef HAVE_ECC_VERIFY + ASYNC_SW_ECC_VERIFY = 3, + #endif + #ifdef HAVE_ECC_DHE + ASYNC_SW_ECC_SHARED_SEC = 4, + #endif +#endif /* HAVE_ECC */ +#ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + ASYNC_SW_RSA_MAKE = 5, + #endif + ASYNC_SW_RSA_FUNC = 6, +#endif /* !NO_RSA */ +#ifndef NO_DH + ASYNC_SW_DH_AGREE = 7, + ASYNC_SW_DH_GEN = 8, +#endif /* !NO_DH */ +#ifndef NO_AES + ASYNC_SW_AES_CBC_ENCRYPT = 9, + #ifdef HAVE_AES_DECRYPT + ASYNC_SW_AES_CBC_DECRYPT = 10, + #endif + #ifdef HAVE_AESGCM + ASYNC_SW_AES_GCM_ENCRYPT = 11, + #ifdef HAVE_AES_DECRYPT + ASYNC_SW_AES_GCM_DECRYPT = 12, + #endif + #endif /* HAVE_AESGCM */ +#endif /* !NO_AES */ +#ifndef NO_DES3 + ASYNC_SW_DES3_CBC_ENCRYPT = 13, + ASYNC_SW_DES3_CBC_DECRYPT = 14, +#endif /* !NO_DES3 */ +#ifdef HAVE_CURVE25519 + ASYNC_SW_X25519_MAKE = 15, + ASYNC_SW_X25519_SHARED_SEC = 16, +#endif /* HAVE_CURVE25519 */ + }; + +#ifdef HAVE_ECC + struct AsyncCryptSwEccMake { + void* rng; /* WC_RNG */ + void* key; /* ecc_key */ + int curve_id; + int size; + }; + struct AsyncCryptSwEccSign { + const byte* in; + word32 inSz; + void* rng; /* WC_RNG */ + void* key; /* ecc_key */ + void* r; /* mp_int */ + void* s; /* mp_int */ + }; + struct AsyncCryptSwEccVerify { + void* r; /* mp_int */ + void* s; /* mp_int */ + const byte* hash; + word32 hashlen; + int* stat; + void* key; /* ecc_key */ + }; + struct AsyncCryptSwEccSharedSec { + void* private_key; /* ecc_key */ + void* public_point; /* ecc_point */ + byte* out; + word32* outLen; + }; +#endif /* HAVE_ECC */ +#ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + struct AsyncCryptSwRsaMake { + void* key; /* RsaKey */ + void* rng; + long e; + int size; + }; + #endif + struct AsyncCryptSwRsaFunc { + const byte* in; + word32 inSz; + byte* out; + word32* outSz; + int type; + void* key; /* RsaKey */ + void* rng; + }; +#endif /* !NO_RSA */ + +#ifndef NO_DH + struct AsyncCryptSwDhAgree { + void* key; /* DhKey */ + byte* agree; + word32* agreeSz; + const byte* priv; + word32 privSz; + const byte* otherPub; + word32 pubSz; + }; + struct AsyncCryptSwDhGen { + void* key; /* DhKey */ + void* rng; /* WC_RNG */ + byte* priv; + word32* privSz; + byte* pub; + word32* pubSz; + }; +#endif /* !NO_DH */ + +#ifndef NO_AES + struct AsyncCryptSwAes { + void* aes; /* Aes */ + byte* out; + const byte* in; + word32 sz; + #ifdef HAVE_AESGCM + const byte* iv; + word32 ivSz; + byte* authTag; + word32 authTagSz; + const byte* authIn; + word32 authInSz; + #endif + }; +#endif /* !NO_AES */ + +#ifndef NO_DES3 + struct AsyncCryptSwDes { + void* des; /* Des */ + byte* out; + const byte* in; + word32 sz; + }; +#endif /* !NO_DES3 */ + +#ifdef HAVE_CURVE25519 + struct AsyncCryptX25519Make { + void* rng; /* WC_RNG */ + void* key; /* curve25519_key */ + int size; + }; + struct AsyncCryptX25519SharedSec { + void* priv; /* curve25519_key */ + void* pub; /* curve25519_key */ + byte* out; + word32* outLen; + int endian; + }; +#endif /* HAVE_CURVE25519 */ + + #ifdef __CC_ARM + #pragma push + #pragma anon_unions + #endif + + typedef struct WC_ASYNC_SW { + void* ctx; + #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + union { + #endif + #ifdef HAVE_ECC + struct AsyncCryptSwEccMake eccMake; + struct AsyncCryptSwEccSign eccSign; + struct AsyncCryptSwEccVerify eccVerify; + struct AsyncCryptSwEccSharedSec eccSharedSec; + #endif /* HAVE_ECC */ + #ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + struct AsyncCryptSwRsaMake rsaMake; + #endif + struct AsyncCryptSwRsaFunc rsaFunc; + #endif /* !NO_RSA */ + #ifndef NO_DH + struct AsyncCryptSwDhAgree dhAgree; + struct AsyncCryptSwDhGen dhGen; + #endif /* !NO_DH */ + #ifndef NO_AES + struct AsyncCryptSwAes aes; + #endif /* !NO_AES */ + #ifndef NO_DES3 + struct AsyncCryptSwDes des; + #endif /* !NO_DES3 */ + #ifdef HAVE_CURVE25519 + struct AsyncCryptX25519Make x25519Make; + struct AsyncCryptX25519SharedSec x25519SharedSec; + #endif /* HAVE_CURVE25519 */ + #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + }; /* union */ + #endif + byte type; /* enum WC_ASYNC_SW_TYPE */ + } WC_ASYNC_SW; + + #ifdef __CC_ARM + #pragma pop + #endif + +#endif /* WOLFSSL_ASYNC_CRYPT_SW */ + +/* Performance tuning options */ + +/* determine maximum async pending requests */ +#ifdef HAVE_CAVIUM + #define WOLF_ASYNC_MAX_PENDING CAVIUM_MAX_PENDING +#elif defined(HAVE_INTEL_QA) + #define WOLF_ASYNC_MAX_PENDING QAT_MAX_PENDING +#else + #define WOLF_ASYNC_MAX_PENDING 8 + + #ifdef DEBUG_WOLFSSL + /* Use this to introduce extra delay in simulator at interval */ + #ifndef WOLF_ASYNC_SW_SKIP_MOD + #define WOLF_ASYNC_SW_SKIP_MOD (WOLF_ASYNC_MAX_PENDING / 2) + #endif + #endif +#endif + +/* async thresholds - defaults */ +#ifdef WC_ASYNC_THRESH_NONE + #undef WC_ASYNC_THRESH_AES_CBC + #define WC_ASYNC_THRESH_AES_CBC 1 + + #undef WC_ASYNC_THRESH_AES_GCM + #define WC_ASYNC_THRESH_AES_GCM 1 + + #undef WC_ASYNC_THRESH_DES3_CBC + #define WC_ASYNC_THRESH_DES3_CBC 1 +#else + #ifndef WC_ASYNC_THRESH_AES_CBC + #define WC_ASYNC_THRESH_AES_CBC 1024 + #endif + #ifndef WC_ASYNC_THRESH_AES_GCM + #define WC_ASYNC_THRESH_AES_GCM 128 + #endif + #ifndef WC_ASYNC_THRESH_DES3_CBC + #define WC_ASYNC_THRESH_DES3_CBC 1024 + #endif +#endif /* WC_ASYNC_THRESH_NONE */ + +/* Overrides to allow disabling async support per algorithm */ +#ifndef WC_ASYNC_NO_CRYPT + #ifndef WC_ASYNC_NO_ARC4 + #define WC_ASYNC_ENABLE_ARC4 + #endif + #ifndef WC_ASYNC_NO_AES + #define WC_ASYNC_ENABLE_AES + #endif + #ifndef WC_ASYNC_NO_3DES + #define WC_ASYNC_ENABLE_3DES + #endif +#endif /* WC_ASYNC_NO_CRYPT */ +#ifndef WC_ASYNC_NO_PKI + #ifndef WC_ASYNC_NO_RSA_KEYGEN + #define WC_ASYNC_ENABLE_RSA_KEYGEN + #endif + #ifndef WC_ASYNC_NO_RSA + #define WC_ASYNC_ENABLE_RSA + #endif + #ifndef WC_ASYNC_NO_ECC + #define WC_ASYNC_ENABLE_ECC + #endif + #ifndef WC_ASYNC_NO_DH + #define WC_ASYNC_ENABLE_DH + #endif + #ifndef WC_ASYNC_NO_X25519 + #define WC_ASYNC_ENABLE_X25519 + #endif +#endif /* WC_ASYNC_NO_PKI */ +#ifndef WC_ASYNC_NO_HASH + #ifndef WC_ASYNC_NO_SHA512 + #define WC_ASYNC_ENABLE_SHA512 + #endif + #ifndef WC_ASYNC_NO_SHA384 + #define WC_ASYNC_ENABLE_SHA384 + #endif + #ifndef WC_ASYNC_NO_SHA256 + #define WC_ASYNC_ENABLE_SHA256 + #endif + #ifndef WC_ASYNC_NO_SHA224 + #define WC_ASYNC_ENABLE_SHA224 + #endif + #ifndef WC_ASYNC_NO_SHA + #define WC_ASYNC_ENABLE_SHA + #endif + #ifndef WC_ASYNC_NO_MD5 + #define WC_ASYNC_ENABLE_MD5 + #endif + #ifndef WC_ASYNC_NO_HMAC + #define WC_ASYNC_ENABLE_HMAC + #endif + #ifndef WC_ASYNC_NO_SHA3 + #define WC_ASYNC_ENABLE_SHA3 + #endif +#endif /* WC_ASYNC_NO_HASH */ +#ifndef WC_ASYNC_NO_RNG + #define WC_ASYNC_ENABLE_RNG +#endif + + +/* async marker values */ +#define WOLFSSL_ASYNC_MARKER_INVALID 0x0 +#define WOLFSSL_ASYNC_MARKER_ARC4 0xBEEF0001 +#define WOLFSSL_ASYNC_MARKER_AES 0xBEEF0002 +#define WOLFSSL_ASYNC_MARKER_3DES 0xBEEF0003 +#define WOLFSSL_ASYNC_MARKER_RNG 0xBEEF0004 +#define WOLFSSL_ASYNC_MARKER_HMAC 0xBEEF0005 +#define WOLFSSL_ASYNC_MARKER_RSA 0xBEEF0006 +#define WOLFSSL_ASYNC_MARKER_ECC 0xBEEF0007 +#define WOLFSSL_ASYNC_MARKER_SHA512 0xBEEF0008 +#define WOLFSSL_ASYNC_MARKER_SHA384 0xBEEF0009 +#define WOLFSSL_ASYNC_MARKER_SHA256 0xBEEF000A +#define WOLFSSL_ASYNC_MARKER_SHA224 0xBEEF000B +#define WOLFSSL_ASYNC_MARKER_SHA 0xBEEF000C +#define WOLFSSL_ASYNC_MARKER_MD5 0xBEEF000D +#define WOLFSSL_ASYNC_MARKER_DH 0xBEEF000E +#define WOLFSSL_ASYNC_MARKER_SHA3 0xBEEF000F +#define WOLFSSL_ASYNC_MARKER_X25519 0xBEEF0010 + + +/* event flags (bit mask) */ +enum WC_ASYNC_FLAGS { + WC_ASYNC_FLAG_NONE = 0x00000000, + + /* crypto needs called again after WC_PENDING_E */ + WC_ASYNC_FLAG_CALL_AGAIN = 0x00000001, +}; + +/* async device */ +typedef struct WC_ASYNC_DEV { + word32 marker; /* async marker */ + void* heap; + + /* event */ + WOLF_EVENT event; + + /* context for driver */ +#ifdef HAVE_CAVIUM + CaviumNitroxDev nitrox; +#elif defined(HAVE_INTEL_QA) + IntelQaDev qat; +#elif defined(WOLFSSL_ASYNC_CRYPT_SW) + WC_ASYNC_SW sw; +#endif +} WC_ASYNC_DEV; + + +/* Interfaces */ +WOLFSSL_API int wolfAsync_HardwareStart(void); +WOLFSSL_API void wolfAsync_HardwareStop(void); +WOLFSSL_API int wolfAsync_DevOpen(int *devId); +WOLFSSL_API int wolfAsync_DevOpenThread(int *devId, void* threadId); +WOLFSSL_API int wolfAsync_DevCtxInit(WC_ASYNC_DEV* asyncDev, word32 marker, + void* heap, int devId); +WOLFSSL_API void wolfAsync_DevCtxFree(WC_ASYNC_DEV* asyncDev, word32 marker); +WOLFSSL_API void wolfAsync_DevClose(int *devId); +WOLFSSL_API int wolfAsync_DevCopy(WC_ASYNC_DEV* src, WC_ASYNC_DEV* dst); + +WOLFSSL_API int wolfAsync_EventInit(WOLF_EVENT* event, + enum WOLF_EVENT_TYPE type, void* context, word32 flags); +WOLFSSL_API int wolfAsync_EventWait(WOLF_EVENT* event); +WOLFSSL_API int wolfAsync_EventPoll(WOLF_EVENT* event, + WOLF_EVENT_FLAG event_flags); +WOLFSSL_API int wolfAsync_EventPop(WOLF_EVENT* event, + enum WOLF_EVENT_TYPE event_type); +WOLFSSL_API int wolfAsync_EventQueuePush(WOLF_EVENT_QUEUE* queue, + WOLF_EVENT* event); +WOLFSSL_API int wolfAsync_EventQueuePoll(WOLF_EVENT_QUEUE* queue, + void* context_filter, WOLF_EVENT** events, int maxEvents, + WOLF_EVENT_FLAG event_flags, int* eventCount); + +WOLFSSL_API int wc_AsyncHandle(WC_ASYNC_DEV* asyncDev, + WOLF_EVENT_QUEUE* queue, word32 flags); +WOLFSSL_API int wc_AsyncWait(int ret, WC_ASYNC_DEV* asyncDev, + word32 flags); + +WOLFSSL_API int wc_AsyncSleep(word32 ms); + +#ifdef WOLFSSL_ASYNC_CRYPT_SW + WOLFSSL_API int wc_AsyncSwInit(WC_ASYNC_DEV* dev, int type); +#endif + +/* Pthread Helpers */ +#ifndef WC_NO_ASYNC_THREADING +#include +#include +#include +#include +#include + +typedef void* (*AsyncThreadFunc_t) (void *); + +#define THREAD_DEFAULT_PRIORITY (0) +#define THREAD_DEFAULT_POLICY SCHED_OTHER + +WOLFSSL_API int wc_AsyncGetNumberOfCpus(void); +WOLFSSL_API int wc_AsyncThreadCreate(pthread_t *thread, + AsyncThreadFunc_t function, void* params); +WOLFSSL_API int wc_AsyncThreadCreate_ex(pthread_t *thread, + word32 priority, int policy, + AsyncThreadFunc_t function, void* params); +WOLFSSL_API int wc_AsyncThreadBind(pthread_t *thread, word32 logicalCore); +WOLFSSL_API int wc_AsyncThreadStart(pthread_t *thread); +WOLFSSL_API void wc_AsyncThreadExit(void *retval); +WOLFSSL_API int wc_AsyncThreadKill(pthread_t *thread); +WOLFSSL_API int wc_AsyncThreadPrioritySet(pthread_t *thread, word32 priority); +WOLFSSL_API int wc_AsyncThreadSetPolicyAndPriority(pthread_t *thread, + word32 policy, word32 priority); +WOLFSSL_API int wc_AsyncThreadJoin(pthread_t *thread); +WOLFSSL_API void wc_AsyncThreadYield(void); +WOLFSSL_API pthread_t wc_AsyncThreadId(void); + +#endif /* WC_NO_ASYNC_THREADING */ + +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_ASYNC_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-impl.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-impl.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-impl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-impl.h 2026-05-24 09:58:33.000000000 +0000 @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,9 +41,9 @@ static WC_INLINE word32 load32( const void *src ) { #if defined(LITTLE_ENDIAN_ORDER) - return *( word32 * )( src ); + return *( const word32 * )( src ); #else - const byte *p = ( byte * )src; + const byte *p = ( const byte * )src; word32 w = *p++; w |= ( word32 )( *p++ ) << 8; w |= ( word32 )( *p++ ) << 16; @@ -55,9 +55,9 @@ static WC_INLINE word64 load64( const void *src ) { #if defined(LITTLE_ENDIAN_ORDER) - return *( word64 * )( src ); + return *( const word64 * )( src ); #else - const byte *p = ( byte * )src; + const byte *p = ( const byte * )src; word64 w = *p++; w |= ( word64 )( *p++ ) << 8; w |= ( word64 )( *p++ ) << 16; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-int.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-int.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-int.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2-int.h 2026-05-24 09:58:33.000000000 +0000 @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/blake2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,7 @@ #include -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) #include @@ -51,18 +51,16 @@ #endif /* in bytes, variable digest size up to 512 bits (64 bytes) */ -enum { #ifdef HAVE_BLAKE2B - BLAKE2B_ID = WC_HASH_TYPE_BLAKE2B, - BLAKE2B_256 = 32, /* 256 bit type, SSL default */ - WC_BLAKE2B_DIGEST_SIZE = 64, + #define BLAKE2B_ID WC_HASH_TYPE_BLAKE2B + #define BLAKE2B_256 32 /* 256 bit type, SSL default */ + #define WC_BLAKE2B_DIGEST_SIZE 64 #endif #ifdef HAVE_BLAKE2S - BLAKE2S_ID = WC_HASH_TYPE_BLAKE2S, - BLAKE2S_256 = 32, /* 256 bit type */ - WC_BLAKE2S_DIGEST_SIZE = 32 + #define BLAKE2S_ID WC_HASH_TYPE_BLAKE2S + #define BLAKE2S_256 32 /* 256 bit type */ + #define WC_BLAKE2S_DIGEST_SIZE 32 #endif -}; #ifdef HAVE_BLAKE2B @@ -88,6 +86,16 @@ const byte *key, word32 keylen); WOLFSSL_API int wc_Blake2bUpdate(Blake2b* b2b, const byte* data, word32 sz); WOLFSSL_API int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz); +WOLFSSL_API int wc_Blake2bHmacInit(Blake2b* b2b, + const byte* key, size_t key_len); +WOLFSSL_API int wc_Blake2bHmacUpdate(Blake2b* b2b, + const byte* in, size_t in_len); +WOLFSSL_API int wc_Blake2bHmacFinal(Blake2b* b2b, + const byte* key, size_t key_len, + byte* out, size_t out_len); +WOLFSSL_API int wc_Blake2bHmac(const byte* in, size_t in_len, + const byte* key, size_t key_len, + byte* out, size_t out_len); #endif #ifdef HAVE_BLAKE2S @@ -96,6 +104,16 @@ const byte *key, word32 keylen); WOLFSSL_API int wc_Blake2sUpdate(Blake2s* b2s, const byte* data, word32 sz); WOLFSSL_API int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz); +WOLFSSL_API int wc_Blake2sHmacInit(Blake2s* b2s, + const byte* key, size_t key_len); +WOLFSSL_API int wc_Blake2sHmacUpdate(Blake2s* b2s, + const byte* in, size_t in_len); +WOLFSSL_API int wc_Blake2sHmacFinal(Blake2s* b2s, + const byte* key, size_t key_len, + byte* out, size_t out_len); +WOLFSSL_API int wc_Blake2sHmac(const byte* in, size_t in_len, + const byte* key, size_t key_len, + byte* out, size_t out_len); #endif @@ -103,6 +121,6 @@ } #endif -#endif /* HAVE_BLAKE2 || HAVE_BLAKE2S */ +#endif /* HAVE_BLAKE2B || HAVE_BLAKE2S */ #endif /* WOLF_CRYPT_BLAKE2_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/camellia.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/camellia.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/camellia.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/camellia.h 2026-05-24 09:58:33.000000000 +0000 @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha20_poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha20_poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha20_poly1305.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/chacha20_poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -129,8 +129,8 @@ WOLFSSL_API int wc_XChaCha20Poly1305_Init( ChaChaPoly_Aead* aead, const byte *ad, word32 ad_len, - const byte *inKey, word32 inKeySz, - const byte *inIV, word32 inIVSz, + const byte *nonce, word32 nonce_len, + const byte *key, word32 key_len, int isEncrypt); WOLFSSL_API int wc_XChaCha20Poly1305_Encrypt( diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/coding.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/coding.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/coding.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/coding.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,15 +76,6 @@ word32* outLen); #endif -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) || \ - defined(HAVE_ECC_CDH) || defined(HAVE_SELFTEST) || \ - defined(WOLFSSL_ENCRYPTED_KEYS) - #ifndef WOLFSSL_BASE16 - #define WOLFSSL_BASE16 - #endif -#endif - #ifdef WOLFSSL_BASE16 #ifdef WOLFSSL_API_PREFIX_MAP #define Base16_Decode wc_Base16_Decode diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/compress.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/compress.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/compress.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/compress.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cpuid.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -122,7 +122,11 @@ * accurate. */ static WC_INLINE int cpuid_get_flags_atomic(cpuid_flags_atomic_t *flags) { + #ifdef WOLFSSL_BSDKM + if (WOLFSSL_ATOMIC_LOAD_UINT(*flags) == WC_CPUID_INITIALIZER) { + #else if (WOLFSSL_ATOMIC_LOAD(*flags) == WC_CPUID_INITIALIZER) { + #endif /* WOLFSSL_BSDKM */ cpuid_flags_t old_cpuid_flags = WC_CPUID_INITIALIZER; return wolfSSL_Atomic_Uint_CompareExchange (flags, &old_cpuid_flags, cpuid_get_flags()); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/cryptocb.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -377,6 +377,13 @@ word32 sz; } des3; #endif + #if !defined(NO_AES) && defined(WOLF_CRYPTO_CB_AES_SETKEY) + struct { + Aes* aes; + const byte* key; + word32 keySz; + } aessetkey; + #endif void* ctx; #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES }; @@ -481,6 +488,7 @@ struct { /* uses wc_AlgoType=WC_ALGO_TYPE_FREE */ int algo; /* enum wc_AlgoType - HASH, CIPHER, etc */ int type; /* For HASH: wc_HashType, CIPHER: wc_CipherType */ + int subType; /* For PQC: wc_PqcKemType, wc_PqcSignatureType */ void *obj; /* Object structure to free */ } free; #endif /* WOLF_CRYPTO_CB_FREE */ @@ -678,6 +686,9 @@ WOLFSSL_LOCAL int wc_CryptoCb_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz); #endif /* HAVE_AES_ECB */ +#ifdef WOLF_CRYPTO_CB_AES_SETKEY +WOLFSSL_API int wc_CryptoCb_AesSetKey(Aes* aes, const byte* key, word32 keySz); +#endif /* WOLF_CRYPTO_CB_AES_SETKEY */ #endif /* !NO_AES */ #ifndef NO_DES3 @@ -737,7 +748,7 @@ #endif /* HAVE_CMAC_KDF */ #ifndef WC_NO_RNG -WOLFSSL_LOCAL int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz); +WOLFSSL_TEST_VIS int wc_CryptoCb_RandomBlock(WC_RNG* rng, byte* out, word32 sz); WOLFSSL_LOCAL int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz); #endif @@ -758,7 +769,8 @@ void* dst); #endif /* WOLF_CRYPTO_CB_COPY */ #ifdef WOLF_CRYPTO_CB_FREE -WOLFSSL_LOCAL int wc_CryptoCb_Free(int devId, int algo, int type, void* obj); +WOLFSSL_LOCAL int wc_CryptoCb_Free(int devId, int algo, int type, int subType, + void* obj); #endif /* WOLF_CRYPTO_CB_FREE */ #endif /* WOLF_CRYPTO_CB */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,6 +74,46 @@ #define WC_CURVE25519KEY_TYPE_DEFINED #endif +#ifdef WC_X25519_NONBLOCK + +typedef struct fe_inv__distinct_nb_ctx_t { + int state; + int subState; + byte s[F25519_SIZE]; + int i; +} fe_inv__distinct_nb_ctx_t; + +typedef struct x25519_nb_ctx_t { + /* state for curve25519 operation */ + int state; + int subState; + /* state for shared secret */ + int ssState; + int i; + int bit; + /* Current point: P_m */ + byte xm[F25519_SIZE]; + byte zm[F25519_SIZE]; + /* Predecessor: P_(m-1) */ + byte xm1[F25519_SIZE]; + byte zm1[F25519_SIZE]; + /* Temporary P_(2m+1) */ + byte xms[F25519_SIZE]; + byte zms[F25519_SIZE]; + /* Temporary buffers for non-blocking diffadd/double */ + byte a[F25519_SIZE]; + byte b[F25519_SIZE]; + byte da[F25519_SIZE]; + byte cb[F25519_SIZE]; + byte x1sq[F25519_SIZE]; + byte z1sq[F25519_SIZE]; + byte x1z1[F25519_SIZE]; + fe_inv__distinct_nb_ctx_t inv_distinct_nb_ctx; + ECPoint o; /* point for shared secret */ +} x25519_nb_ctx_t; + +#endif /* WC_X25519_NONBLOCK */ + /* A CURVE25519 Key */ struct curve25519_key { int idx; /* Index into the ecc_sets[] for the parameters of @@ -100,6 +140,10 @@ byte keyIdSet; #endif +#ifdef WC_X25519_NONBLOCK + x25519_nb_ctx_t* nb_ctx; +#endif /* WC_X25519_NONBLOCK */ + /* bit fields */ WC_BITFIELD pubSet:1; WC_BITFIELD privSet:1; @@ -137,6 +181,26 @@ WOLFSSL_API int wc_curve25519_make_key(WC_RNG* rng, int keysize, curve25519_key* key); +#ifdef WC_X25519_NONBLOCK + +/*! + \brief Enable non-blocking support for X25519 operations on a key. + When enabled, wc_curve25519_make_key() and + wc_curve25519_shared_secret() will return FP_WOULDBLOCK during + operation, allowing the caller to + yield and resume. Requires WC_X25519_NONBLOCK and CURVE25519_SMALL. + + \param key Pointer to curve25519_key structure to configure + \param ctx Pointer to x25519_nb_ctx_t context for state tracking, + or NULL to disable non-blocking mode + + \return 0 on success, BAD_FUNC_ARG if key is NULL +*/ +WOLFSSL_API +int wc_curve25519_set_nonblock(curve25519_key* key, x25519_nb_ctx_t* ctx); + +#endif /* WC_X25519_NONBLOCK */ + WOLFSSL_API int wc_curve25519_shared_secret(curve25519_key* private_key, curve25519_key* public_key, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/curve448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* curve448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/des3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -104,7 +104,7 @@ #endif #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define DH_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #define DH_MAX_SIZE WC_BITS_FULL_BYTES(SP_INT_BITS) #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 #error "MySQL needs SP_INT_BITS at least at 8192" #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dilithium.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dilithium.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -200,23 +200,23 @@ /* Number of dropped bits. */ #define DILITHIUM_D 13 /* Maximum value of dropped bits. */ -#define DILITHIUM_D_MAX (1 << DILITHIUM_D) +#define DILITHIUM_D_MAX ((sword32)1 << DILITHIUM_D) /* Half maximum value. */ -#define DILITHIUM_D_MAX_HALF (1 << (DILITHIUM_D - 1)) +#define DILITHIUM_D_MAX_HALF ((sword32)1 << (DILITHIUM_D - 1)) /* Number of undropped bits. */ #define DILITHIUM_U (DILITHIUM_Q_BITS - DILITHIUM_D) /* Bits in coefficient range of y, GAMMA1, of 2^17 is 17. */ #define DILITHIUM_GAMMA1_BITS_17 17 /* Coefficient range of y, GAMMA1, of 2^17. */ -#define DILITHIUM_GAMMA1_17 (1 << 17) +#define DILITHIUM_GAMMA1_17 ((sword32)1 << 17) /* # encoding bits of y is GAMMA1 + 1. */ #define DILITHIUM_GAMMA1_17_ENC_BITS 18 /* Coefficient range of y, GAMMA1, of 2^17. */ /* Bits in coefficient range of y, GAMMA1, of 2^19 is 19. */ #define DILITHIUM_GAMMA1_BITS_19 19 /* Coefficient range of y, GAMMA1, of 2^19. */ -#define DILITHIUM_GAMMA1_19 (1 << 19) +#define DILITHIUM_GAMMA1_19 ((sword32)1 << 19) /* # encoding bits of y is GAMMA1 + 1. */ #define DILITHIUM_GAMMA1_19_ENC_BITS 20 @@ -265,13 +265,14 @@ #define PARAMS_ML_DSA_44_TAU 39 /* BETA = TAU * ETA for ML-DSA-44. */ #define PARAMS_ML_DSA_44_BETA \ - (PARAMS_ML_DSA_44_TAU * PARAMS_ML_DSA_44_ETA) +(PARAMS_ML_DSA_44_TAU * PARAMS_ML_DSA_44_ETA) /* Max # 1's in the hint h, OMEGA, for ML-DSA-44. */ #define PARAMS_ML_DSA_44_OMEGA 80 /* Bits in coefficient range of y, GAMMA1, for ML-DSA-44. */ #define PARAMS_ML_DSA_44_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_17 /* Ccoefficient range of y, GAMMA1, for ML-DSA-44. */ -#define PARAMS_ML_DSA_44_GAMMA1 (1 << PARAMS_ML_DSA_44_GAMMA1_BITS) +#define PARAMS_ML_DSA_44_GAMMA1 \ + ((sword32)1 << PARAMS_ML_DSA_44_GAMMA1_BITS) /* Low-order rounding range, GAMMA2, for ML-DSA-44. */ #define PARAMS_ML_DSA_44_GAMMA2 DILITHIUM_Q_LOW_88 /* Bits in high-order rounding range, GAMMA2, for ML-DSA-44. */ @@ -331,8 +332,9 @@ #define PARAMS_ML_DSA_65_OMEGA 55 /* Bits in coefficient range of y, GAMMA1, for ML-DSA-65. */ #define PARAMS_ML_DSA_65_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19 -/* Ccoefficient range of y, GAMMA1, for ML-DSA-65. */ -#define PARAMS_ML_DSA_65_GAMMA1 (1 << PARAMS_ML_DSA_65_GAMMA1_BITS) +/* Coefficient range of y, GAMMA1, for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_GAMMA1 \ + ((sword32)1 << PARAMS_ML_DSA_65_GAMMA1_BITS) /* Low-order rounding range, GAMMA2, for ML-DSA-65. */ #define PARAMS_ML_DSA_65_GAMMA2 DILITHIUM_Q_LOW_32 /* Bits in high-order rounding range, GAMMA2, for ML-DSA-65. */ @@ -393,7 +395,8 @@ /* Bits in coefficient range of y, GAMMA1, for ML-DSA-87. */ #define PARAMS_ML_DSA_87_GAMMA1_BITS DILITHIUM_GAMMA1_BITS_19 /* Ccoefficient range of y, GAMMA1, for ML-DSA-87. */ -#define PARAMS_ML_DSA_87_GAMMA1 (1 << PARAMS_ML_DSA_87_GAMMA1_BITS) +#define PARAMS_ML_DSA_87_GAMMA1 \ + ((sword32)1 << PARAMS_ML_DSA_87_GAMMA1_BITS) /* Low-order rounding range, GAMMA2, for ML-DSA-87. */ #define PARAMS_ML_DSA_87_GAMMA2 DILITHIUM_Q_LOW_32 /* Bits in high-order rounding range, GAMMA2, for ML-DSA-87. */ @@ -538,6 +541,54 @@ #endif /* LITTLE_ENDIAN_ORDER && WOLFSSL_DILITHIUM_ALIGNMENT == 0 */ #endif +#ifndef WOLFSSL_NO_ML_DSA_87 + +#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE +#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE +#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE +#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL5_PRV_KEY_SIZE +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL5_PUB_KEY_DER_SIZE +#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL5_PRV_KEY_DER_SIZE +#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL5_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ +#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE + +#elif !defined(WOLFSSL_NO_ML_DSA_65) + +#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL3_KEY_SIZE +#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL3_SIG_SIZE +#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL3_PUB_KEY_SIZE +#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL3_PRV_KEY_SIZE +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL3_PUB_KEY_DER_SIZE +#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL3_PRV_KEY_DER_SIZE +#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL3_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ +#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL3_BOTH_KEY_PEM_SIZE + +#elif !defined(WOLFSSL_NO_ML_DSA_44) + +#define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL2_KEY_SIZE +#define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL2_SIG_SIZE +#define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL2_PUB_KEY_SIZE +#define DILITHIUM_MAX_PRV_KEY_SIZE DILITHIUM_LEVEL2_PRV_KEY_SIZE +/* Buffer sizes large enough to store exported DER encoded keys */ +#define DILITHIUM_MAX_PUB_KEY_DER_SIZE DILITHIUM_LEVEL2_PUB_KEY_DER_SIZE +#define DILITHIUM_MAX_PRV_KEY_DER_SIZE DILITHIUM_LEVEL2_PRV_KEY_DER_SIZE +#define DILITHIUM_MAX_BOTH_KEY_DER_SIZE DILITHIUM_LEVEL2_BOTH_KEY_DER_SIZE +/* PEM size with the header "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----" and + * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ +#define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL2_BOTH_KEY_PEM_SIZE + +#else + +#error ML-DSA: All levels disabled. + +#endif + #elif defined(HAVE_LIBOQS) #define DILITHIUM_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key @@ -618,8 +669,6 @@ * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ #define ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE -#endif - #define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE #define DILITHIUM_MAX_SIG_SIZE DILITHIUM_LEVEL5_SIG_SIZE #define DILITHIUM_MAX_PUB_KEY_SIZE DILITHIUM_LEVEL5_PUB_KEY_SIZE @@ -632,6 +681,8 @@ * the footer "-----END ML_DSA_LEVEL5 PRIVATE KEY-----" */ #define DILITHIUM_MAX_BOTH_KEY_PEM_SIZE DILITHIUM_LEVEL5_BOTH_KEY_PEM_SIZE +#endif /* HAVE_LIBOQS */ + #ifdef WOLF_PRIVATE_KEY_ID #define DILITHIUM_MAX_ID_LEN 32 @@ -752,6 +803,13 @@ #define WC_DILITHIUMKEY_TYPE_DEFINED #endif +/* When WOLFSSL_DILITHIUM_FIPS204_DRAFT is enabled the legacy (pre-FIPS 204) + * no-context sign/verify API is required to handle draft-format signatures. */ +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) && \ + !defined(WOLFSSL_DILITHIUM_NO_CTX) + #define WOLFSSL_DILITHIUM_NO_CTX +#endif + /* Functions */ #ifndef WOLFSSL_DILITHIUM_VERIFY_ONLY @@ -760,9 +818,15 @@ WOLFSSL_API int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed); +/* Legacy sign API without context parameter (pre-FIPS 204). + * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined. + * New code should use wc_dilithium_sign_ctx_msg() with ctx=NULL/ctxLen=0 + * for FIPS 204 compliant signing with an empty context. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX WOLFSSL_API int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng); +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ WOLFSSL_API int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng); @@ -770,9 +834,14 @@ int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng); +/* Legacy seed-based sign API without context parameter (pre-FIPS 204). + * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined. + * New code should use wc_dilithium_sign_ctx_msg_with_seed() instead. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX WOLFSSL_API int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, const byte* seed); +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ WOLFSSL_API int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, @@ -781,23 +850,31 @@ int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen, dilithium_key* key, const byte* seed); -#endif +#endif /* !WOLFSSL_DILITHIUM_VERIFY_ONLY */ +/* Legacy verify API without context parameter (pre-FIPS 204). + * Only available when WOLFSSL_DILITHIUM_NO_CTX is defined. + * New code should use wc_dilithium_verify_ctx_msg() with ctx=NULL/ctxLen=0 + * for FIPS 204 compliant verification with an empty context. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX WOLFSSL_API int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key); +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ WOLFSSL_API int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, - word32 ctxLen, const byte* msg, word32 msgLen, int* res, + byte ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key); WOLFSSL_API int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, - const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash, + const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, int* res, dilithium_key* key); +#ifndef WC_NO_CONSTRUCTORS WOLFSSL_API dilithium_key* wc_dilithium_new(void* heap, int devId); WOLFSSL_API int wc_dilithium_delete(dilithium_key* key, dilithium_key** key_p); +#endif /* !WC_NO_CONSTRUCTORS */ WOLFSSL_API int wc_dilithium_init(dilithium_key* key); @@ -1009,40 +1086,75 @@ #define MlDsaKey dilithium_key -#define wc_MlDsaKey_Init(key, heap, devId) \ +#define wc_MlDsaKey_Init(key, heap, devId) \ wc_dilithium_init_ex(key, heap, devId) -#define wc_MlDsaKey_SetParams(key, id) \ +#define wc_MlDsaKey_SetParams(key, id) \ wc_dilithium_set_level(key, id) -#define wc_MlDsaKey_GetParams(key, id) \ +#define wc_MlDsaKey_GetParams(key, id) \ wc_dilithium_get_level(key, id) -#define wc_MlDsaKey_MakeKey(key, rng) \ +#define wc_MlDsaKey_MakeKey(key, rng) \ wc_dilithium_make_key(key, rng) -#define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ +#define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ wc_dilithium_export_private_only(key, out, outLen) -#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ +#define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ wc_dilithium_import_private_only(in, inLen, key) -#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ +/* Legacy no-context sign alias: only available with WOLFSSL_DILITHIUM_NO_CTX. + * Prefer wc_MlDsaKey_SignCtx() with empty context for FIPS 204 compliance. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX +#define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng) -#define wc_MlDsaKey_Free(key) \ +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ +#define wc_MlDsaKey_SignCtx(key, ctx, ctxSz, sig, sigSz, msg, msgSz, rng) \ + wc_dilithium_sign_ctx_msg(ctx, ctxSz, msg, msgSz, sig, sigSz, key, rng) +#define wc_MlDsaKey_SignCtxHash(key, ctx, ctxSz, sig, sigSz, hash, hashSz, \ + hashAlg, rng) \ + wc_dilithium_sign_ctx_hash(ctx, ctxSz, hashAlg, hash, hashSz, sig, sigSz, \ + key, rng) +#define wc_MlDsaKey_Free(key) \ wc_dilithium_free(key) -#define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ +#define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ wc_dilithium_export_public(key, out, outLen) -#define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ +#define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ wc_dilithium_import_public(in, inLen, key) -#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ +/* Legacy no-context verify alias: only available with WOLFSSL_DILITHIUM_NO_CTX. + * Prefer wc_MlDsaKey_VerifyCtx() with empty context for FIPS 204 compliance. */ +#ifdef WOLFSSL_DILITHIUM_NO_CTX +#define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) +#endif /* WOLFSSL_DILITHIUM_NO_CTX */ +#define wc_MlDsaKey_VerifyCtx(key, sig, sigSz, ctx, ctxSz, msg, msgSz, res) \ + wc_dilithium_verify_ctx_msg(sig, sigSz, ctx, ctxSz, msg, msgSz, res, key) +#define wc_MlDsaKey_VerifyCtxHash(key, sig, sigSz, ctx, ctxSz, hash, hashSz, \ + hashAlg, res) \ + wc_dilithium_verify_ctx_hash(sig, sigSz, ctx, ctxSz, hashAlg, hash, \ + hashSz, res, key) -#define wc_MlDsaKey_PublicKeyToDer(key, output, len, withAlg) \ +#define wc_MlDsaKey_PublicKeyToDer(key, output, len, withAlg) \ wc_Dilithium_PublicKeyToDer(key, output, len, withAlg) -#define wc_MlDsaKey_PrivateKeyToDer(key, output, len) \ +#define wc_MlDsaKey_PrivateKeyToDer(key, output, len) \ wc_Dilithium_PrivateKeyToDer(key, output, len) +#define wc_MlDsaKey_PrivateKeyDecode(key, input, sz, idx) \ + wc_Dilithium_PrivateKeyDecode(input, idx, key, sz) +#define wc_MlDsaKey_PublicKeyDecode(key, input, sz, idx) \ + wc_Dilithium_PublicKeyDecode(input, idx, key, sz) + WOLFSSL_API int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len); WOLFSSL_API int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len); WOLFSSL_API int wc_MlDsaKey_GetSigLen(MlDsaKey* key, int* len); +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +#ifndef WOLFSSL_NO_ML_DSA_44 +WOLFSSL_TEST_VIS void wc_dilithium_encode_w1_88(const sword32* w1, byte* w1e); +#endif +#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) +WOLFSSL_TEST_VIS void wc_dilithium_encode_w1_32(const sword32* w1, byte* w1e); +#endif +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/dsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,9 +44,6 @@ #ifdef WOLFSSL_ASYNC_CRYPT #include - #ifdef WOLFSSL_CERT_GEN - #include - #endif #endif #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) @@ -87,13 +84,6 @@ WOLFSSL_LOCAL int wolfCrypt_FIPS_ECC_sanity(void); #endif -/* Enable curve B parameter if needed */ -#if defined(HAVE_COMP_KEY) || defined(ECC_CACHE_CURVE) - #ifndef USE_ECC_B_PARAM /* Allow someone to force enable */ - #define USE_ECC_B_PARAM - #endif -#endif - /* Use this as the key->idx if a custom ecc_set is used for key->dp */ #define ECC_CUSTOM_IDX (-1) @@ -772,7 +762,7 @@ #endif #ifdef WOLFSSL_CUSTOM_CURVES WOLFSSL_LOCAL -void wc_ecc_free_curve(const ecc_set_type* curve, void* heap); +void wc_ecc_free_curve(ecc_set_type* curve, void* heap); #endif WOLFSSL_ABI WOLFSSL_API int wc_ecc_free(ecc_key* key); @@ -866,6 +856,9 @@ WOLFSSL_API int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, int curve_id); +WOLFSSL_API +int wc_ecc_import_x963_ex2(const byte* in, word32 inLen, ecc_key* key, + int curve_id, int untrusted); WOLFSSL_ABI WOLFSSL_API int wc_ecc_import_private_key(const byte* priv, word32 privSz, const byte* pub, word32 pubSz, ecc_key* key); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/eccsi.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/eccsi.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/eccsi.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/eccsi.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* eccsi.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,7 +29,7 @@ #include -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) #include #ifndef WOLFSSL_SHA512 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ed448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/error-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,6 +46,7 @@ /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for * reasons of backward compatibility. */ + WC_SUCCESS = 0, WC_FAILURE = -1, /* Generic but traceable back compat errcode. * Note, not reflected in MAX_CODE_E or * WC_FIRST_E. @@ -307,9 +308,14 @@ WC_ACCEL_INHIBIT_E = -1002, /* Crypto acceleration is currently inhibited */ BAD_INDEX_E = -1003, /* Bad index */ INTERRUPTED_E = -1004, /* Process interrupted */ - - WC_SPAN2_LAST_E = -1004, /* Update to indicate last used error code */ - WC_LAST_E = -1004, /* the last code used either here or in + MLKEM_PUB_HASH_E = -1005, /* Encoded public key in decapsulation key does + * not match stored hash*/ + BUSY_E = -1006, /* Object is busy */ + ALREADY_E = -1007, /* Operation was redundant or preempted */ + + SEQ_OVERFLOW_E = -1008, /* Sequence counter would overflow */ + WC_SPAN2_LAST_E = -1008, /* Update to indicate last used error code */ + WC_LAST_E = -1008, /* the last code used either here or in * error-ssl.h */ WC_SPAN2_MIN_CODE_E = -1999, /* Last usable code in span 2 */ @@ -339,27 +345,45 @@ #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ (defined(BUILDING_WOLFSSL) || \ defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) - WOLFSSL_API extern void wc_backtrace_render(void); + WOLFSSL_API extern int wc_backtrace_render(void); #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label) #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render() #else - #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0 + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE 0 #endif #endif #ifndef WC_ERR_TRACE - #define WC_ERR_TRACE(label) \ - ( WOLFSSL_DEBUG_PRINTF_FN(WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ - "ERR TRACE: %s L %d %s (%d)\n", \ - __FILE__, __LINE__, #label, label), \ - WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ - label \ - ) + #if defined(__GNUC__) && !defined(__STRICT_ANSI__) + #define WC_ERR_TRACE(label) __extension__ \ + ({ if (wc_debug_trace_error_codes_enabled()) { \ + (void)WOLFSSL_DEBUG_PRINTF_FN( \ + WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label); \ + (void)WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE; } \ + (label); \ + }) + #else /* ! __GNUC__ || __STRICT_ANSI__ */ + #define WC_ERR_TRACE(label) \ + ((void)(wc_debug_trace_error_codes_enabled() && \ + WOLFSSL_DEBUG_PRINTF_FN( \ + WOLFSSL_DEBUG_PRINTF_FIRST_ARGS \ + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label)), \ + (void)(wc_debug_trace_error_codes_enabled() && \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE), \ + (label) \ + ) + #endif /* ! __GNUC__ || __STRICT_ANSI__ */ #endif #include #else #define WC_NO_ERR_TRACE(label) (label) + #ifndef WC_ERR_TRACE + #define WC_ERR_TRACE(label) (label) + #endif #endif #ifdef __cplusplus diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_lms.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_lms.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_lms.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_lms.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_lms.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_mlkem.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_mlkem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_mlkem.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_mlkem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_mlkem.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_xmss.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_xmss.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_xmss.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ext_xmss.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ext_xmss.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/falcon.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* falcon.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,8 +74,8 @@ /* Structs */ struct falcon_key { - bool pubKeySet; - bool prvKeySet; + WC_BITFIELD pubKeySet:1; + WC_BITFIELD prvKeySet:1; byte level; #ifdef WOLF_CRYPTO_CB diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe448_448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_operations.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_operations.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_operations.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fe_operations.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,6 +48,13 @@ #define CURVED25519_ASM #endif +#if (defined(CURVED25519_ASM_64BIT) || defined(HAVE_ED25519)) && \ + !defined(WOLFSSL_CURVE25519_BLINDING) && \ + !defined(WOLFSSL_CURVE25519_NOT_USE_ED25519) + #undef WOLFSSL_CURVE25519_USE_ED25519 + #define WOLFSSL_CURVE25519_USE_ED25519 +#endif + /* fe means field element. Here the field is \Z/(2^255-19). @@ -61,24 +68,52 @@ #endif #if defined(CURVE25519_SMALL) || defined(ED25519_SMALL) - #define F25519_SIZE 32 - WOLFSSL_LOCAL void lm_copy(byte* x, const byte* a); - WOLFSSL_LOCAL void lm_add(byte* r, const byte* a, const byte* b); - WOLFSSL_LOCAL void lm_sub(byte* r, const byte* a, const byte* b); - WOLFSSL_LOCAL void lm_neg(byte* r,const byte* a); - WOLFSSL_LOCAL void lm_invert(byte* r, const byte* x); - WOLFSSL_LOCAL void lm_mul(byte* r,const byte* a, const byte* b); +#define F25519_SIZE 32 + +#include + +WOLFSSL_LOCAL void lm_copy(byte*, const byte*); +WOLFSSL_LOCAL void lm_add(byte*, const byte*, const byte*); +WOLFSSL_LOCAL void lm_sub(byte*, const byte*, const byte*); +WOLFSSL_LOCAL void lm_neg(byte*,const byte*); +WOLFSSL_LOCAL void lm_invert(byte*, const byte*); +WOLFSSL_LOCAL void lm_mul(byte*,const byte*,const byte*); + +#ifdef WC_X25519_NONBLOCK + +/* Use standard wolfSSL non-blocking error code */ +#ifndef FP_WOULDBLOCK +#include +#define FP_WOULDBLOCK MP_WOULDBLOCK #endif +struct fe_inv__distinct_nb_ctx_t; +struct x25519_nb_ctx_t; + +WOLFSSL_LOCAL int fe_inv__distinct_nb(byte *r, const byte *x, + struct fe_inv__distinct_nb_ctx_t* ctx); + +WOLFSSL_LOCAL int curve25519_nb(byte * q, const byte * n, const byte * p, + struct x25519_nb_ctx_t* ctx); + +#endif /* WC_X25519_NONBLOCK */ + +#else + #ifdef WC_X25519_NONBLOCK + #error The X25519 non-blocking requires CURVE25519_SMALL \ + (--enable-curve25519=small) + #endif +#endif /* CURVE25519_SMALL || ED25519_SMALL */ + #if !defined(FREESCALE_LTC_ECC) WOLFSSL_LOCAL void fe_init(void); -WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); +WOLFSSL_LOCAL int curve25519(byte * q, const byte * n, const byte * p); #ifdef WOLFSSL_CURVE25519_BLINDING -WOLFSSL_LOCAL int curve25519_blind(byte * q, const byte * n, const byte* mask, - const byte * p, const byte* rz); +WOLFSSL_LOCAL int curve25519_blind(byte* q, const byte* n, const byte* mask, + const byte* p, const byte* rz); #endif #endif @@ -125,7 +160,9 @@ #endif #ifdef CURVED25519_ASM -WOLFSSL_LOCAL void fe_cmov_table(fe* r, fe* base, signed char b); +WOLFSSL_LOCAL void fe_cmov_table(fe* r, const fe* base, signed char b); + +WOLFSSL_LOCAL void fe_invert_nct(fe r, const fe a); #endif /* CURVED25519_ASM */ #endif /* !CURVE25519_SMALL || !ED25519_SMALL */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fips_test.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fips_test.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fips_test.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/fips_test.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_448.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ge_448.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_operations.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_operations.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_operations.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ge_operations.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,10 +27,10 @@ #include -#ifdef HAVE_ED25519 - #include +#if defined(HAVE_ED25519) || defined(WOLFSSL_CURVE25519_USE_ED25519) + /* ge means group element. @@ -85,6 +85,11 @@ WOLFSSL_LOCAL void sc_muladd(byte* s, const byte* a, const byte* b, const byte* c); WOLFSSL_LOCAL void ge_tobytes(unsigned char *s,const ge_p2 *h); +#ifndef ED25519_SMALL +WOLFSSL_LOCAL void ge_tobytes_nct(unsigned char *s,const ge_p2 *h); +#else +#define ge_tobytes_nct ge_tobytes +#endif #ifndef GE_P3_TOBYTES_IMPL #define ge_p3_tobytes(s, h) ge_tobytes((s), (const ge_p2 *)(h)) #else @@ -117,7 +122,7 @@ WOLFSSL_LOCAL void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); WOLFSSL_LOCAL void ge_p1p1_to_p3(ge_p3 *r, const ge_p1p1 *p); WOLFSSL_LOCAL void ge_p2_dbl(ge_p1p1 *r, const ge_p2 *p); -#define ge_p3_dbl(r, p) ge_p2_dbl((ge_p1p1 *)(r), (ge_p2 *)(p)) +#define ge_p3_dbl(r, p) ge_p2_dbl((ge_p1p1 *)(r), (const ge_p2 *)(p)) WOLFSSL_LOCAL void ge_madd(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); WOLFSSL_LOCAL void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); WOLFSSL_LOCAL void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,7 +40,7 @@ #if defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) #include #endif -#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) +#if defined(HAVE_BLAKE2B) || defined(HAVE_BLAKE2S) #include #endif #ifdef WOLFSSL_SHA3 @@ -131,7 +131,7 @@ #elif defined(WOLFSSL_SHA512) #define WC_MAX_DIGEST_SIZE WC_SHA512_DIGEST_SIZE #define WC_MAX_BLOCK_SIZE WC_SHA512_BLOCK_SIZE -#elif defined(HAVE_BLAKE2) +#elif defined(HAVE_BLAKE2B) #define WC_MAX_DIGEST_SIZE BLAKE2B_OUTBYTES #define WC_MAX_BLOCK_SIZE BLAKE2B_BLOCKBYTES #elif defined(WOLFSSL_SHA384) @@ -160,6 +160,78 @@ #define WC_MAX_BLOCK_SIZE 128 #endif +#if defined(WC_HASH_CUSTOM_MAX_DIGEST_SIZE) && \ + defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE) + #if WC_HASH_CUSTOM_MAX_DIGEST_SIZE < \ + WC_HASH_CUSTOM_MIN_DIGEST_SIZE + #error HASH_CUSTOM_MAX_DIGEST_SIZE < WC_HASH_CUSTOM_MIN_DIGEST_SIZE + #endif +#endif +#ifdef WC_HASH_CUSTOM_MAX_DIGEST_SIZE + #undef WC_MAX_DIGEST_SIZE + #define WC_MAX_DIGEST_SIZE WC_HASH_CUSTOM_MAX_DIGEST_SIZE +#endif +#ifdef WC_HASH_CUSTOM_MAX_BLOCK_SIZE + #undef WC_MAX_BLOCK_SIZE + #define WC_MAX_BLOCK_SIZE WC_HASH_CUSTOM_MAX_BLOCK_SIZE +#endif + +#if defined(WC_HASH_CUSTOM_MIN_DIGEST_SIZE) + #if defined(WC_FIPS_186_5_PLUS) && \ + (WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 224 / 8) + #error FIPS 186-5 requires a minimum hash size >= SHA-224. + #elif defined(WC_FIPS_186_4) && \ + (WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 160 / 8) + #error FIPS 186-4 requires a minimum hash size >= SHA-1. + #elif (WC_HASH_CUSTOM_MIN_DIGEST_SIZE < 128 / 8) + #error WC_HASH_CUSTOM_MIN_DIGEST_SIZE is too small. + #endif + /* Let the user override the minimum digest size */ + #define WC_MIN_DIGEST_SIZE WC_HASH_CUSTOM_MIN_DIGEST_SIZE +#elif defined(WOLFSSL_MD2) && !defined(WC_FIPS_186_4_PLUS) + #define WC_MIN_DIGEST_SIZE WC_MD2_DIGEST_SIZE /* 16 */ +#elif !defined(NO_MD4) && !defined(WC_FIPS_186_4_PLUS) + #define WC_MIN_DIGEST_SIZE WC_MD4_DIGEST_SIZE /* 16 */ +#elif !defined(NO_MD5) && !defined(WC_FIPS_186_4_PLUS) + #define WC_MIN_DIGEST_SIZE WC_MD5_DIGEST_SIZE /* 16 */ +#elif !defined(NO_SHA) && !defined(WC_FIPS_186_5_PLUS) + #define WC_MIN_DIGEST_SIZE WC_SHA_DIGEST_SIZE /* 20 */ +#elif defined(WOLFSSL_SHA224) + #define WC_MIN_DIGEST_SIZE WC_SHA224_DIGEST_SIZE +#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + #define WC_MIN_DIGEST_SIZE WC_SHA512_224_DIGEST_SIZE +#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + #define WC_MIN_DIGEST_SIZE WC_SHA3_224_DIGEST_SIZE +#elif !defined(NO_SHA256) + #define WC_MIN_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#elif !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + #define WC_MIN_DIGEST_SIZE WC_SHA512_256_DIGEST_SIZE +#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + #define WC_MIN_DIGEST_SIZE WC_SHA3_256_DIGEST_SIZE +#elif defined(HAVE_BLAKE2S) + #define WC_MIN_DIGEST_SIZE BLAKE2S_OUTBYTES /* 32 */ +#elif defined(WOLFSSL_SM3) + #define WC_MIN_DIGEST_SIZE WC_SM3_DIGEST_SIZE /* 32 */ +#elif defined(WOLFSSL_SHA384) + #define WC_MIN_DIGEST_SIZE WC_SHA384_DIGEST_SIZE +#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + #define WC_MIN_DIGEST_SIZE WC_SHA3_384_DIGEST_SIZE +#elif defined(WOLFSSL_SHA512) + #define WC_MIN_DIGEST_SIZE WC_SHA512_DIGEST_SIZE +#elif defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + #define WC_MIN_DIGEST_SIZE WC_SHA3_512_DIGEST_SIZE +#elif defined(HAVE_BLAKE2B) + #define WC_MIN_DIGEST_SIZE BLAKE2B_OUTBYTES /* 64 */ +#elif defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) + #error SHAKE enabled without SHA-3. + #define WC_MIN_DIGEST_SIZE 64 +#else + #error No builtin hashes enabled and no WC_HASH_CUSTOM_MIN_DIGEST_SIZE. + #define WC_MIN_DIGEST_SIZE 64 +#endif + #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) WOLFSSL_API int wc_HashGetOID(enum wc_HashType hash_type); WOLFSSL_API enum wc_HashType wc_OidGetHash(int oid); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -66,8 +66,9 @@ #define WC_HMAC_INNER_HASH_KEYED_DEV 2 enum { - HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum */ - + HMAC_FIPS_MIN_KEY = 14, /* 112 bit key length minimum. Note that this + * minimum also applies to the salt length for + * HKDF. */ IPAD = 0x36, OPAD = 0x5C, @@ -157,6 +158,13 @@ #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) word16 keyLen; /* hmac key length (key in ipad) */ #endif +#if defined(STM32_HASH) && defined(STM32_HMAC) + STM32_HASH_Context stmCtx; + word32 stmAlgo; /* cached STM32 HASH algo selection */ + word32 stmBlockSize; /* cached hash block size */ + word32 stmDigestSize; /* cached digest size */ + word32 stmKeyLen; /* key length (raw key stored in ipad) */ +#endif }; #ifndef WC_HMAC_TYPE_DEFINED @@ -189,6 +197,7 @@ WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap, int devId); #endif +WOLFSSL_API int wc_HmacCopy(Hmac* src, Hmac* dst); WOLFSSL_API void wc_HmacFree(Hmac* hmac); WOLFSSL_API int wolfSSL_GetHmacMaxSize(void); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hpke.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hpke.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hpke.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/hpke.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* hpke.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,7 +31,8 @@ extern "C" { #endif -#if defined(HAVE_HPKE) && defined(HAVE_ECC) +#if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ + defined(HAVE_AESGCM) #ifndef WOLFCRYPT_HPKE #define WOLFCRYPT_HPKE @@ -64,14 +65,6 @@ HPKE_AES_256_GCM = 0x0002 }; -/* TODO better way of doing this */ -#define HPKE_SUPPORTED_KEM_LEN 4 -#define HPKE_SUPPORTED_KDF_LEN 3 -#define HPKE_SUPPORTED_AEAD_LEN 2 -extern const int hpkeSupportedKem[HPKE_SUPPORTED_KEM_LEN]; -extern const int hpkeSupportedKdf[HPKE_SUPPORTED_KDF_LEN]; -extern const int hpkeSupportedAead[HPKE_SUPPORTED_AEAD_LEN]; - #define HPKE_Nh_MAX 64 #define HPKE_Nk_MAX 32 #define HPKE_Nn_MAX 12 @@ -88,9 +81,6 @@ typedef struct { void* heap; - word32 kem; - word32 kdf; - word32 aead; word32 Nh; word32 Nk; word32 Nn; @@ -98,8 +88,12 @@ word32 Ndh; word32 Npk; word32 Nsecret; - int kdf_digest; - int curve_id; + int kdfDigest; + int kemDigest; + int curveId; + word16 kem; + word16 kdf; + word16 aead; byte kem_suite_id[KEM_SUITE_ID_LEN]; byte hpke_suite_id[HPKE_SUITE_ID_LEN]; } Hpke; @@ -136,9 +130,14 @@ const byte* pubKey, word16 pubKeySz, byte* info, word32 infoSz, byte* aad, word32 aadSz, byte* ciphertext, word32 ctSz, byte* plaintext); +WOLFSSL_LOCAL word16 wc_HpkeKemGetEncLen(word16 kemId); +WOLFSSL_LOCAL int wc_HpkeKemIsSupported(word16 kemId); +WOLFSSL_LOCAL int wc_HpkeKdfIsSupported(word16 kdfId); +WOLFSSL_LOCAL int wc_HpkeAeadIsSupported(word16 aeadId); + #endif -#endif /* HAVE_HPKE && HAVE_ECC */ +#endif /* HAVE_HPKE && (HAVE_ECC || HAVE_CURVE25519) && HAVE_AESGCM */ #ifdef __cplusplus } /* extern "C" */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -47,6 +47,8 @@ wolfssl/wolfcrypt/chacha.h \ wolfssl/wolfcrypt/chacha20_poly1305.h \ wolfssl/wolfcrypt/random.h \ + wolfssl/wolfcrypt/wolfentropy.h \ + wolfssl/wolfcrypt/rng_bank.h \ wolfssl/wolfcrypt/ripemd.h \ wolfssl/wolfcrypt/rsa.h \ wolfssl/wolfcrypt/rc2.h \ @@ -86,6 +88,7 @@ wolfssl/wolfcrypt/xmss.h \ wolfssl/wolfcrypt/wc_xmss.h \ wolfssl/wolfcrypt/ext_xmss.h \ + wolfssl/wolfcrypt/wc_slhdsa.h \ wolfssl/wolfcrypt/oid_sum.h noinst_HEADERS+= \ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/integer.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -345,8 +345,8 @@ MP_API int mp_invmod (mp_int * a, mp_int * b, mp_int * c); int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c); MP_API int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c); -MP_API int mp_cmp_mag (mp_int * a, mp_int * b); -MP_API int mp_cmp (mp_int * a, mp_int * b); +MP_API int mp_cmp_mag (const mp_int * a, const mp_int * b); +MP_API int mp_cmp (const mp_int * a, const mp_int * b); #define mp_cmp_ct(a, b, n) mp_cmp(a, b) MP_API int mp_cmp_d(mp_int * a, mp_digit b); MP_API int mp_set (mp_int * a, mp_digit b); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/kdf.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* libwolfssl_sources.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources_asm.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources_asm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources_asm.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/libwolfssl_sources_asm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* libwolfssl_sources_asm.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/lms.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/lms.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/lms.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/lms.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* lms.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/logging.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -505,7 +505,7 @@ * For custom debugging output, define your own WOLFSSL_DEBUG_PRINTF_FN */ #ifdef WOLFSSL_DEBUG_PRINTF_FN - /* user-supplied definition */ + /* user- or port-supplied definition */ #elif defined(ARDUINO) /* ARDUINO only has print and sprintf, no printf. */ #elif defined(__WATCOMC__) @@ -548,8 +548,6 @@ #define WOLFSSL_DEBUG_PRINTF_FIRST_ARGS ANDROID_LOG_VERBOSE, "[wolfSSL]", #elif defined(WOLFSSL_XILINX) #define WOLFSSL_DEBUG_PRINTF_FN xil_printf -#elif defined(WOLFSSL_LINUXKM) - #define WOLFSSL_DEBUG_PRINTF_FN printk #elif defined(WOLFSSL_RENESAS_RA6M4) #define WOLFSSL_DEBUG_PRINTF_FN myprintf #elif defined(NO_STDIO_FILESYSTEM) @@ -581,6 +579,11 @@ #error "Failed: Cannot WOLFSSL_DEBUG_CERTS with WOLFSSL_DEBUG_ERRORS_ONLY" #endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + WOLFSSL_API int wc_debug_trace_error_codes_enabled(void); + WOLFSSL_API int wc_debug_trace_error_codes_set(int state); +#endif + #ifdef __cplusplus } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md2.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,12 +36,10 @@ #endif /* in bytes */ -enum { - WC_MD2_BLOCK_SIZE = 16, - WC_MD2_DIGEST_SIZE = 16, - WC_MD2_PAD_SIZE = 16, - WC_MD2_X_SIZE = 48 -}; +#define WC_MD2_BLOCK_SIZE 16 +#define WC_MD2_DIGEST_SIZE 16 +#define WC_MD2_PAD_SIZE 16 +#define WC_MD2_X_SIZE 48 /* Md2 digest */ @@ -60,13 +58,11 @@ #ifndef OPENSSL_COEXIST -enum { - MD2 = WC_HASH_TYPE_MD2, - MD2_BLOCK_SIZE = WC_MD2_BLOCK_SIZE, - MD2_DIGEST_SIZE = WC_MD2_DIGEST_SIZE, - MD2_PAD_SIZE = WC_MD2_PAD_SIZE, - MD2_X_SIZE = WC_MD2_X_SIZE -}; +#define MD2 WC_HASH_TYPE_MD2 +#define MD2_BLOCK_SIZE WC_MD2_BLOCK_SIZE +#define MD2_DIGEST_SIZE WC_MD2_DIGEST_SIZE +#define MD2_PAD_SIZE WC_MD2_PAD_SIZE +#define MD2_X_SIZE WC_MD2_X_SIZE /* Md2 digest */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md4.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,11 +35,9 @@ #endif /* in bytes */ -enum { - WC_MD4_BLOCK_SIZE = 64, - WC_MD4_DIGEST_SIZE = 16, - WC_MD4_PAD_SIZE = 56 -}; +#define WC_MD4_BLOCK_SIZE 64 +#define WC_MD4_DIGEST_SIZE 16 +#define WC_MD4_PAD_SIZE 56 /* MD4 digest */ typedef struct wc_Md4 { @@ -56,12 +54,10 @@ #ifndef OPENSSL_COEXIST -enum { - MD4 = WC_HASH_TYPE_MD4, - MD4_BLOCK_SIZE = WC_MD4_BLOCK_SIZE, - MD4_DIGEST_SIZE = WC_MD4_DIGEST_SIZE, - MD4_PAD_SIZE = WC_MD4_PAD_SIZE -}; +#define MD4 WC_HASH_TYPE_MD4 +#define MD4_BLOCK_SIZE WC_MD4_BLOCK_SIZE +#define MD4_DIGEST_SIZE WC_MD4_DIGEST_SIZE +#define MD4_PAD_SIZE WC_MD4_PAD_SIZE typedef struct wc_Md4 Md4; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/md5.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,16 +55,14 @@ #define Md5 wc_Md5 #define MD5_BLOCK_SIZE WC_MD5_BLOCK_SIZE #define MD5_DIGEST_SIZE WC_MD5_DIGEST_SIZE - #define WC_MD5_PAD_SIZE WC_MD5_PAD_SIZE + #define MD5_PAD_SIZE WC_MD5_PAD_SIZE #endif /* in bytes */ -enum { - WC_MD5 = WC_HASH_TYPE_MD5, - WC_MD5_BLOCK_SIZE = 64, - WC_MD5_DIGEST_SIZE = 16, - WC_MD5_PAD_SIZE = 56 -}; +#define WC_MD5 WC_HASH_TYPE_MD5 +#define WC_MD5_BLOCK_SIZE 64 +#define WC_MD5_DIGEST_SIZE 16 +#define WC_MD5_PAD_SIZE 56 #ifdef WOLFSSL_MICROCHIP_PIC32MZ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mem_track.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mem_track.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mem_track.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mem_track.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -79,10 +79,13 @@ !defined(WOLFSSL_STATIC_MEMORY) #define DO_MEM_STATS -#if (defined(__linux__) && !defined(WOLFSSL_KERNEL_MODE)) || defined(__MACH__) +#if (defined(__linux__) && !defined(WOLFSSL_KERNEL_MODE)) || \ + defined(__MACH__) || defined(__ZEPHYR__) #define DO_MEM_LIST #endif +struct memoryList; + typedef struct memoryStats { long totalAllocs; /* number of allocations */ long totalDeallocs; /* number of deallocations */ @@ -98,6 +101,9 @@ * by wolfCrypt_heap_peak_checkpoint() */ #endif +#ifdef DO_MEM_LIST + struct memoryList *memList; +#endif } memoryStats; typedef struct memHint { @@ -133,6 +139,7 @@ static memoryStats ourMemStats; +WOLFSSL_API extern memoryStats *wc_MemStats_Ptr; #ifdef DO_MEM_LIST #include @@ -379,11 +386,14 @@ #ifdef DO_MEM_LIST XMEMSET(&ourMemList, 0, sizeof(ourMemList)); + ourMemStats.memList = &ourMemList; pthread_mutex_unlock(&memLock); #endif } + wc_MemStats_Ptr = &ourMemStats; + return ret; } @@ -427,6 +437,7 @@ static WC_INLINE int CleanupMemoryTracker(void) { + wc_MemStats_Ptr = NULL; /* restore default allocators */ return wolfSSL_SetAllocators(mfDefault, ffDefault, rfDefault); } diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/memory.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -175,15 +175,25 @@ #define WOLFMEM_BUCKETS 64,128,256,512,1024,8192,32768,\ 65536,LARGEST_MEM_BUCKET #endif + #elif defined(WOLFSSL_HAVE_MLKEM) + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,4096,8192,\ + LARGEST_MEM_BUCKET #else /* default size of chunks of memory to separate into */ #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET #endif #elif defined(OPENSSL_EXTRA) - /* extra storage in structs for multiple attributes and order */ - #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ - LARGEST_MEM_BUCKET + #ifdef WOLFSSL_HAVE_MLKEM + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,4096,8192,\ + LARGEST_MEM_BUCKET + #else + /* extra storage in structs for multiple attributes and order */ + #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3360,4480,\ + LARGEST_MEM_BUCKET + #endif #elif defined(WOLFSSL_CERT_EXT) #define WOLFMEM_BUCKETS 64,128,256,512,1024,2432,3456,4544,\ LARGEST_MEM_BUCKET @@ -203,6 +213,8 @@ #else #define WOLFMEM_DIST 30,10,8,15,8,10,8,5,1 #endif + #elif defined(WOLFSSL_HAVE_MLKEM) + #define WOLFMEM_DIST 49,10,6,14,5,6,14,1,1 #elif !defined(WOLFSSL_STATIC_MEMORY_SMALL) #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 #else @@ -538,6 +550,11 @@ #endif #endif +#if defined(WOLFSSL_LINUXKM) || defined(WC_SYM_RELOC_TABLES) || \ + defined(WC_SYM_RELOC_TABLES_SUPPORT) + #include "linuxkm/linuxkm_memory.h" +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/misc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mlkem.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mlkem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mlkem.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mlkem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mlkem.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -301,7 +301,7 @@ WC_ML_KEM_ENC_RAND_SZ = WC_ML_KEM_SYM_SZ, /* Encoded polynomial size. */ - WC_ML_KEM_POLY_SIZE = 384, + WC_ML_KEM_POLY_SIZE = 384 }; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_class.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/mpi_superclass.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/oid_sum.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/oid_sum.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/oid_sum.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/oid_sum.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* oid_sum.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs11.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs11.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs11.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs11.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,7 @@ #define CK_INVALID_HANDLE 0UL +#define CK_UNAVAILABLE_INFORMATION (~0UL) #define CKN_SURRENDER 0UL @@ -88,6 +89,7 @@ #define CKK_SHA384_HMAC 0x0000002cUL #define CKK_SHA512_HMAC 0x0000002dUL #define CKK_SHA224_HMAC 0x0000002eUL +#define CKK_ML_DSA 0x0000004aUL #define CKA_CLASS 0x00000000UL #define CKA_TOKEN 0x00000001UL @@ -138,6 +140,8 @@ #define CKA_HW_FEATURE_TYPE 0x00000300UL #define CKA_RESET_ON_INIT 0x00000301UL #define CKA_HAS_RESET 0x00000302UL +#define CKA_PARAMETER_SET 0x0000061DUL + #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL #define CKM_RSA_PKCS 0x00000001UL @@ -157,6 +161,10 @@ #define CKM_SHA384_HMAC 0x00000261UL #define CKM_SHA512 0x00000270UL #define CKM_SHA512_HMAC 0x00000271UL +#define CKM_SHA512_256 0x0000004CUL +#define CKM_SHA3_256 0x000002B0UL +#define CKM_SHA3_384 0x000002C0UL +#define CKM_SHA3_512 0x000002D0UL #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL #define CKM_EC_KEY_PAIR_GEN 0x00001040UL #define CKM_ECDSA 0x00001041UL @@ -166,6 +174,9 @@ #define CKM_AES_CBC 0x00001082UL #define CKM_AES_CTR 0x00001086UL #define CKM_AES_GCM 0x00001087UL +#define CKM_ML_DSA_KEY_PAIR_GEN 0x0000001CUL +#define CKM_ML_DSA 0x0000001DUL +#define CKM_HASH_ML_DSA 0x0000001FUL /* full data RSA PK callbacks */ #define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL @@ -184,6 +195,7 @@ #define CKR_OK 0x00000000UL #define CKR_MECHANISM_INVALID 0x00000070UL #define CKR_SIGNATURE_INVALID 0x000000C0UL +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL #define CKD_NULL 0x00000001UL #define CKZ_DATA_SPECIFIED 0x00000001UL @@ -384,15 +396,74 @@ } CK_RSA_PKCS_OAEP_PARAMS; typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR; +typedef struct CK_ASYNC_DATA { + CK_ULONG ulVersion; + CK_BYTE_PTR pValue; + CK_ULONG ulValueLen; + CK_OBJECT_HANDLE hObject; + CK_OBJECT_HANDLE hAdditionalObject; +} CK_ASYNC_DATA; +typedef CK_ASYNC_DATA* CK_ASYNC_DATA_PTR; + +/* generic PQ mechanism parameters */ +typedef CK_ULONG CK_HEDGE_TYPE; +#define CKH_HEDGE_PREFERRED 0x00000000UL +#define CKH_HEDGE_REQUIRED 0x00000001UL +#define CKH_DETERMINISTIC_REQUIRED 0x00000002UL + +typedef struct CK_SIGN_ADDITIONAL_CONTEXT { + CK_HEDGE_TYPE hedgeVariant; + CK_BYTE_PTR pContext; + CK_ULONG ulContextLen; +} CK_SIGN_ADDITIONAL_CONTEXT; + +typedef struct CK_HASH_SIGN_ADDITIONAL_CONTEXT { + CK_HEDGE_TYPE hedgeVariant; + CK_BYTE_PTR pContext; + CK_ULONG ulContextLen; + CK_MECHANISM_TYPE hash; +} CK_HASH_SIGN_ADDITIONAL_CONTEXT; + + +/* ML-DSA values for CKA_PARAMETER_SETS */ +typedef CK_ULONG CK_ML_DSA_PARAMETER_SET_TYPE; +#define CKP_ML_DSA_44 0x00000001UL +#define CKP_ML_DSA_65 0x00000002UL +#define CKP_ML_DSA_87 0x00000003UL + + /* Function list types. */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; +typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0; +typedef struct CK_FUNCTION_LIST_3_2 CK_FUNCTION_LIST_3_2; + typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR; +typedef CK_FUNCTION_LIST_3_0* CK_FUNCTION_LIST_3_0_PTR; +typedef CK_FUNCTION_LIST_3_2* CK_FUNCTION_LIST_3_2_PTR; + typedef CK_FUNCTION_LIST_PTR* CK_FUNCTION_LIST_PTR_PTR; +typedef CK_FUNCTION_LIST_3_0_PTR* CK_FUNCTION_LIST_3_0_PTR_PTR; +typedef CK_FUNCTION_LIST_3_2_PTR* CK_FUNCTION_LIST_3_2_PTR_PTR; typedef CK_RV (*CK_C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); -#ifdef HAVE_PKCS11_STATIC +typedef struct CK_INTERFACE { + CK_UTF8CHAR_PTR pInterfaceName; + CK_VOID_PTR pFunctionList; + CK_FLAGS flags; +} CK_INTERFACE; + +typedef CK_INTERFACE* CK_INTERFACE_PTR; +typedef CK_INTERFACE_PTR* CK_INTERFACE_PTR_PTR; + +typedef CK_RV (*CK_C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName, + CK_VERSION_PTR pVersion, CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags); + +#if defined(HAVE_PKCS11_STATIC) CK_RV C_GetFunctionList(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); +#elif defined(HAVE_PKCS11_V3_STATIC) +CK_RV C_GetInterface(CK_UTF8CHAR_PTR pInterfaceName, CK_VERSION_PTR pVersion, + CK_INTERFACE_PTR_PTR ppInterface, CK_FLAGS flags); #endif struct CK_FUNCTION_LIST { @@ -578,6 +649,533 @@ }; +struct CK_FUNCTION_LIST_3_0 { + CK_VERSION version; + + CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs); + CK_RV (*C_Finalize)(CK_VOID_PTR pReserved); + CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo); + CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); + CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo); + CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); + CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); + CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); + CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen); + CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen); + CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, + CK_VOID_PTR pApplication, CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID); + CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); + CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); + CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); + CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); + CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); + CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); + CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); + CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize); + CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); + CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); + CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); + CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); + CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); + CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); + CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); + CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); + CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); + CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen); + CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession); + CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); + /* PKCS#11 V 3.0 functions */ + CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName, + CK_VERSION_PTR pVersion, + CK_INTERFACE_PTR_PTR ppInterface, + CK_FLAGS flags); + CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen); + CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags); + CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext, + CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext, + CK_ULONG_PTR pulCiphertextLen); + CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen); + CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart, + CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart, + CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags); + CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext, + CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext, + CK_ULONG_PTR pulPlaintextLen); + CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen); + CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart, + CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart, + CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags); + CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen); + CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen); + CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession); +}; + +struct CK_FUNCTION_LIST_3_2 { + CK_VERSION version; + + CK_RV (*C_Initialize)(CK_VOID_PTR pInitArgs); + CK_RV (*C_Finalize)(CK_VOID_PTR pReserved); + CK_RV (*C_GetInfo)(CK_INFO_PTR pInfo); + CK_RV (*C_GetFunctionList)(CK_FUNCTION_LIST_PTR_PTR ppFunctionList); + CK_RV (*C_GetSlotList)(CK_BBOOL tokenPresent, CK_SLOT_ID_PTR pSlotList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetSlotInfo)(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo); + CK_RV (*C_GetTokenInfo)(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo); + CK_RV (*C_GetMechanismList)(CK_SLOT_ID slotID, + CK_MECHANISM_TYPE_PTR pMechanismList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetMechanismInfo)(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type, + CK_MECHANISM_INFO_PTR pInfo); + CK_RV (*C_InitToken)(CK_SLOT_ID slotID, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen, CK_UTF8CHAR_PTR pLabel); + CK_RV (*C_InitPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pPin, + CK_ULONG ulPinLen); + CK_RV (*C_SetPIN)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pOldPin, + CK_ULONG ulOldLen, CK_UTF8CHAR_PTR pNewPin, + CK_ULONG ulNewLen); + CK_RV (*C_OpenSession)(CK_SLOT_ID slotID, CK_FLAGS flags, + CK_VOID_PTR pApplication, CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + CK_RV (*C_CloseSession)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CloseAllSessions)(CK_SLOT_ID slotID); + CK_RV (*C_GetSessionInfo)(CK_SESSION_HANDLE hSession, + CK_SESSION_INFO_PTR pInfo); + CK_RV (*C_GetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG_PTR pulOperationStateLen); + CK_RV (*C_SetOperationState)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pOperationState, + CK_ULONG ulOperationStateLen, + CK_OBJECT_HANDLE hEncryptionKey, + CK_OBJECT_HANDLE hAuthenticationKey); + CK_RV (*C_Login)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen); + CK_RV (*C_Logout)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CreateObject)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phObject); + CK_RV (*C_CopyObject)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phNewObject); + CK_RV (*C_DestroyObject)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); + CK_RV (*C_GetObjectSize)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize); + CK_RV (*C_GetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_SetAttributeValue)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjectsInit)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount); + CK_RV (*C_FindObjects)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE_PTR phObject, + CK_ULONG ulMaxObjectCount, + CK_ULONG_PTR pulObjectCount); + CK_RV (*C_FindObjectsFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_EncryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Encrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pEncryptedData, + CK_ULONG_PTR pulEncryptedDataLen); + CK_RV (*C_EncryptUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_EncryptFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLastEncryptedPart, + CK_ULONG_PTR pulLastEncryptedPartLen); + CK_RV (*C_DecryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Decrypt)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedData, + CK_ULONG ulEncryptedDataLen, CK_BYTE_PTR pData, + CK_ULONG_PTR pulDataLen); + CK_RV (*C_DecryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, CK_BYTE_PTR pPart, + CK_ULONG_PTR pulPartLen); + CK_RV (*C_DecryptFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart, + CK_ULONG_PTR pulLastPartLen); + CK_RV (*C_DigestInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + CK_RV (*C_Digest)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_DigestUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_DigestKey)(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey); + CK_RV (*C_DigestFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, + CK_ULONG_PTR pulDigestLen); + CK_RV (*C_SignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_Sign)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_SignFinal)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_SignRecover)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_VerifyInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey); + CK_RV (*C_Verify)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_VerifyFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyRecoverInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_VerifyRecover)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen, + CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen); + CK_RV (*C_DigestEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptDigestUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_SignEncryptUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pPart, CK_ULONG ulPartLen, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG_PTR pulEncryptedPartLen); + CK_RV (*C_DecryptVerifyUpdate)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPart, + CK_ULONG ulEncryptedPartLen, + CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen); + CK_RV (*C_GenerateKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_GenerateKeyPair)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + CK_OBJECT_HANDLE_PTR phPublicKey, + CK_OBJECT_HANDLE_PTR phPrivateKey); + CK_RV (*C_WrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG_PTR pulWrappedKeyLen); + CK_RV (*C_UnwrapKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_DeriveKey)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_SeedRandom)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed, + CK_ULONG ulSeedLen); + CK_RV (*C_GenerateRandom)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen); + CK_RV (*C_GetFunctionStatus)(CK_SESSION_HANDLE hSession); + CK_RV (*C_CancelFunction)(CK_SESSION_HANDLE hSession); + CK_RV (*C_WaitForSlotEvent)(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); + + /* PKCS#11 V 3.0 functions */ + CK_RV (*C_GetInterfaceList)(CK_INTERFACE_PTR pInterfacesList, + CK_ULONG_PTR pulCount); + CK_RV (*C_GetInterface)(CK_UTF8CHAR_PTR pInterfaceName, + CK_VERSION_PTR pVersion, + CK_INTERFACE_PTR_PTR ppInterface, + CK_FLAGS flags); + CK_RV (*C_LoginUser)(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_UTF8CHAR_PTR pPin, CK_ULONG ulPinLen, + CK_UTF8CHAR_PTR pUsername, CK_ULONG ulUsernameLen); + CK_RV (*C_SessionCancel)(CK_SESSION_HANDLE hSession, CK_FLAGS flags); + CK_RV (*C_MessageEncryptInit)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_EncryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pPlaintext, + CK_ULONG ulPlaintextLen, CK_BYTE_PTR pCiphertext, + CK_ULONG_PTR pulCiphertextLen); + CK_RV (*C_EncryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen); + CK_RV (*C_EncryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pPlaintextPart, + CK_ULONG ulPlaintextPartLen, CK_BYTE_PTR pCiphertextPart, + CK_ULONG_PTR pulCiphertextPartLen, CK_FLAGS flags); + CK_RV (*C_MessageEncryptFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageDecryptInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_DecryptMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen, CK_BYTE_PTR pCiphertext, + CK_ULONG ulCiphertextLen, CK_BYTE_PTR pPlaintext, + CK_ULONG_PTR pulPlaintextLen); + CK_RV (*C_DecryptMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pAssociatedData, + CK_ULONG ulAssociatedDataLen); + CK_RV (*C_DecryptMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pCiphertextPart, + CK_ULONG ulCiphertextPartLen, CK_BYTE_PTR pPlaintextPart, + CK_ULONG_PTR pulPlaintextPartLen, CK_FLAGS flags); + CK_RV (*C_MessageDecryptFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageSignInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_SignMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_SignMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen); + CK_RV (*C_SignMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pulSignatureLen); + CK_RV (*C_MessageSignFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_MessageVerifyInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey); + CK_RV (*C_VerifyMessage)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifyMessageBegin)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen); + CK_RV (*C_VerifyMessageNext)(CK_SESSION_HANDLE hSession, CK_VOID_PTR pParameter, + CK_ULONG ulParameterLen, CK_BYTE_PTR pData, + CK_ULONG ulDataLen, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_MessageVerifyFinal)(CK_SESSION_HANDLE hSession); + + /* PKCS#11 V 3.2 functions */ + CK_RV (*C_EncapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hPublicKey, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey, + CK_BYTE_PTR pCiphertext, CK_ULONG_PTR pulCiphertextLen); + CK_RV (*C_DecapsulateKey)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hPrivateKey, CK_BYTE_PTR pCiphertext, + CK_ULONG ulCiphertextLen, CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, CK_OBJECT_HANDLE_PTR phKey); + CK_RV (*C_VerifySignatureInit)(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pSignature, + CK_ULONG ulSignatureLen); + CK_RV (*C_VerifySignature)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, + CK_ULONG ulDataLen); + CK_RV (*C_VerifySignatureUpdate)(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, + CK_ULONG ulPartLen); + CK_RV (*C_VerifySignatureFinal)(CK_SESSION_HANDLE hSession); + CK_RV (*C_GetSessionValidationFlags)(CK_SESSION_HANDLE hSession, CK_ULONG type, + CK_FLAGS * pFlags); + CK_RV (*C_AsyncComplete)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName, + CK_ASYNC_DATA_PTR pResult); + CK_RV (*C_AsyncGetID)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName, + CK_ULONG_PTR pulID); + CK_RV (*C_AsyncJoin)(CK_SESSION_HANDLE hSession, CK_UTF8CHAR_PTR pFunctionName, + CK_ULONG ulID, CK_BYTE_PTR pData, CK_ULONG ulData); +}; + #ifdef __cplusplus } #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs12.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs12.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs12.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs12.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pkcs7.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -229,6 +229,14 @@ int devId, int hashOID); #endif +#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC) +/* ECC sign raw digest callback, user signs hash directly */ +typedef int (*CallbackEccSignRawDigest)(wc_PKCS7* pkcs7, byte* digest, + word32 digestSz, byte* out, word32 outSz, + byte* privateKey, word32 privateKeySz, + int devId, int hashOID); +#endif + /* Public Structure Warning: * Existing members must not be changed to maintain backwards compatibility! @@ -376,6 +384,17 @@ CallbackAESKeyWrapUnwrap aesKeyWrapUnwrapCb; +#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC) + CallbackEccSignRawDigest eccSignRawDigestCb; +#endif + +#if defined(WC_RSA_PSS) && !defined(NO_RSA) + int pssSaltLen; /* RSASSA-PSS params from SignerInfo; valid when */ + int pssHashType; /* pssParamsPresent == 1; else verify path uses */ + int pssMgf; /* RSA_PSS_SALT_LEN_DEFAULT / digest algo defaults */ + byte pssParamsPresent; +#endif + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; @@ -511,6 +530,11 @@ CallbackRsaSignRawDigest cb); #endif +#if defined(HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK) && defined(HAVE_ECC) +WOLFSSL_API int wc_PKCS7_SetEccSignRawDigestCb(wc_PKCS7* pkcs7, + CallbackEccSignRawDigest cb); +#endif + /* CMS/PKCS#7 EnvelopedData */ WOLFSSL_API int wc_PKCS7_EncodeEnvelopedData(wc_PKCS7* pkcs7, byte* output, word32 outputSz); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/poly1305.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/poly1305.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/poly1305.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/poly1305.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp-sdk-lib.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp32-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* esp_crt_bundle.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas-fspsm-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-fspsm-types.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas-fsp-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -2,7 +2,7 @@ * * Contributed by Johnson Controls Tyco IP Holdings LLP. * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas-tsip-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_cmn.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_fspsm_internal.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -91,7 +91,7 @@ } FSPSM_RSA_CTX; -#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \ +#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA224) || \ defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_sync.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* renesas_sync.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_internal.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,12 @@ /* renesas_tsip_internal.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/Renesas/renesas_tsip_types.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* renesas_tsip_types.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/afalg_hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* afalg_hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/af_alg/wc_afalg.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_afalg.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aria-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/aria/aria-cryptocb.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* aria-cryptocb.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/arm/cryptoCell.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/arm/cryptoCell.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/arm/cryptoCell.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/arm/cryptoCell.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cryptoCell.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/atmel/atmel.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/atmel/atmel.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/atmel/atmel.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/atmel/atmel.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/CryIf.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* CryIf.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Crypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* Crypto.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/Csm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* csm.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/autosar/StandardTypes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* StandardTypes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_driver.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_driver.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_driver.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_driver.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_driver.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_error.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_error.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_error.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_error.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_error.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_qnx.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_qnx.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_qnx.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/caam_qnx.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* caam_qnx.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_aes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_cmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_cmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_ecdsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_ecdsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_fsl_nxp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_fsl_nxp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_qnx.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_qnx.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_seco.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_seco.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_sha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/caam/wolfcaam_x25519.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfcaam_x25519.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_nitrox.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,217 @@ +/* cavium_nitrox.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _CAVIUM_NITROX_H_ +#define _CAVIUM_NITROX_H_ + +#ifdef HAVE_CAVIUM + +#ifndef HAVE_CAVIUM_V + #include "cavium_sysdep.h" +#endif +#include "cavium_common.h" + +#define CAVIUM_SSL_GRP 0 +#define CAVIUM_DPORT 256 + +/* Compatibility with older Cavium SDK's */ +#ifndef HAVE_CAVIUM_V + typedef int CspHandle; + typedef word32 CavReqId; + + #define AES_128 AES_128_BIT + #define AES_192 AES_192_BIT + #define AES_256 AES_256_BIT + + #define MAX_TO_POLL 30 + typedef int context_type_t; + + struct CspMultiRequestStatusBuffer { + int count; + CspRequestStatusBuffer req[MAX_TO_POLL]; + }; + #define AES_CBC 0x3 + #define AES_GCM 0x7 +#else + typedef word64 CavReqId; + #define CAVIUM_DEV_ID 0 + #define CAVIUM_BLOCKING BLOCKING + #define CAVIUM_NON_BLOCKING NON_BLOCKING + #define CAVIUM_DIRECT DMA_DIRECT_DIRECT +#endif + +typedef struct CspMultiRequestStatusBuffer CspMultiRequestStatusBuffer; + +#ifdef WOLFSSL_ASYNC_CRYPT + #define CAVIUM_REQ_MODE CAVIUM_NON_BLOCKING +#else + #define CAVIUM_REQ_MODE CAVIUM_BLOCKING +#endif + + +#ifdef WOLFSSL_ASYNC_CRYPT + #ifndef CAVIUM_MAX_PENDING + #define CAVIUM_MAX_PENDING 10 /* 90 */ + #endif + #ifndef CAVIUM_MAX_POLL + #define CAVIUM_MAX_POLL MAX_TO_POLL + #endif +#endif + + +typedef struct CaviumNitroxDev { + CspHandle devId; /* nitrox device id */ + context_type_t type; /* Typically CONTEXT_SSL, but also ECC types*/ + word64 contextHandle; /* nitrox context memory handle */ + CavReqId reqId; /* Current requestId */ +} CaviumNitroxDev; + +struct WOLF_EVENT; +struct WC_ASYNC_DEV; +struct WC_BIGINT; + +/* Wrapper API's */ +WOLFSSL_LOCAL int NitroxTranslateResponseCode(int ret); +WOLFSSL_LOCAL CspHandle NitroxGetDeviceHandle(void); +WOLFSSL_LOCAL CspHandle NitroxOpenDeviceDefault(void); +WOLFSSL_LOCAL CspHandle NitroxOpenDevice(int dma_mode, int dev_id); +WOLFSSL_LOCAL int NitroxAllocContext(struct WC_ASYNC_DEV* dev, CspHandle devId, + context_type_t type); +WOLFSSL_LOCAL void NitroxFreeContext(struct WC_ASYNC_DEV* dev); +WOLFSSL_LOCAL void NitroxCloseDevice(CspHandle devId); + +#if defined(WOLFSSL_ASYNC_CRYPT) +WOLFSSL_LOCAL int NitroxCheckRequest(struct WC_ASYNC_DEV* dev, + struct WOLF_EVENT* event); +WOLFSSL_LOCAL int NitroxCheckRequests(struct WC_ASYNC_DEV* dev, + CspMultiRequestStatusBuffer* req_stat_buf); +#endif /* WOLFSSL_ASYNC_CRYPT */ + + +/* Crypto wrappers */ +#ifndef NO_RSA + struct RsaKey; + WOLFSSL_LOCAL int NitroxRsaExptMod( + const byte* in, word32 inLen, + byte* exponent, word32 expLen, + byte* modulus, word32 modLen, + byte* out, word32* outLen, struct RsaKey* key); + WOLFSSL_LOCAL int NitroxRsaPublicEncrypt(const byte* in, word32 inLen, + byte* out, word32 outLen, struct RsaKey* key); + WOLFSSL_LOCAL int NitroxRsaPrivateDecrypt(const byte* in, word32 inLen, + byte* out, word32* outLen, struct RsaKey* key); + WOLFSSL_LOCAL int NitroxRsaSSL_Sign(const byte* in, word32 inLen, + byte* out, word32 outLen, struct RsaKey* key); + WOLFSSL_LOCAL int NitroxRsaSSL_Verify(const byte* in, word32 inLen, + byte* out, word32 *outLen, struct RsaKey* key); +#endif /* !NO_RSA */ + +#if defined(HAVE_ECC) && defined(HAVE_CAVIUM_V) + struct ecc_key; + WOLFSSL_LOCAL int NitroxEccGetSize(struct ecc_key* key); + WOLFSSL_LOCAL int NitroxEccRsSplit(struct ecc_key* key, + struct WC_BIGINT* r, struct WC_BIGINT* s); + WOLFSSL_LOCAL int NitroxEccIsCurveSupported(struct ecc_key* key); + WOLFSSL_LOCAL int NitroxEccPad(struct WC_BIGINT* bi, word32 padTo); + #ifdef HAVE_ECC_DHE + WOLFSSL_LOCAL int NitroxEcdh(struct ecc_key* key, + struct WC_BIGINT* k, struct WC_BIGINT* xG, struct WC_BIGINT* yG, + byte* out, word32* outlen, struct WC_BIGINT* q); + #endif /* HAVE_ECC_DHE */ + #ifdef HAVE_ECC_SIGN + WOLFSSL_LOCAL int NitroxEcdsaSign(struct ecc_key* key, + struct WC_BIGINT* m, struct WC_BIGINT* d, + struct WC_BIGINT* k, + struct WC_BIGINT* r, struct WC_BIGINT* s, + struct WC_BIGINT* q, struct WC_BIGINT* n); + #endif /* HAVE_ECC_SIGN */ + #ifdef HAVE_ECC_VERIFY + WOLFSSL_LOCAL int NitroxEcdsaVerify(struct ecc_key* key, + struct WC_BIGINT* m, struct WC_BIGINT* xp, + struct WC_BIGINT* yp, struct WC_BIGINT* r, + struct WC_BIGINT* s, struct WC_BIGINT* q, + struct WC_BIGINT* n, int* stat); + #endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC */ + +#ifndef NO_AES + struct Aes; + #ifdef HAVE_AES_CBC + WOLFSSL_LOCAL int NitroxAesCbcEncrypt(struct Aes* aes, byte* out, + const byte* in, word32 length); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int NitroxAesCbcDecrypt(struct Aes* aes, byte* out, + const byte* in, word32 length); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AES_CBC */ + + #ifdef HAVE_AESGCM + WOLFSSL_LOCAL int NitroxAesGcmEncrypt(struct Aes* aes, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int NitroxAesGcmDecrypt(struct Aes* aes, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AESGCM */ +#endif /* !NO_AES */ + +#ifndef NO_RC4 + struct Arc4; + WOLFSSL_LOCAL int NitroxArc4SetKey(struct Arc4* arc4, const byte* key, + word32 length); + WOLFSSL_LOCAL int NitroxArc4Process(struct Arc4* arc4, byte* out, + const byte* in, word32 length); +#endif /* !NO_RC4 */ + +#ifndef NO_DES3 + struct Des3; + WOLFSSL_LOCAL int NitroxDes3SetKey(struct Des3* des3, const byte* key, + const byte* iv); + WOLFSSL_LOCAL int NitroxDes3CbcEncrypt(struct Des3* des3, byte* out, + const byte* in, word32 length); + WOLFSSL_LOCAL int NitroxDes3CbcDecrypt(struct Des3* des3, byte* out, + const byte* in, word32 length); +#endif /* !NO_DES3 */ + +#ifndef NO_HMAC + struct Hmac; + WOLFSSL_LOCAL int NitroxHmacUpdate(struct Hmac* hmac, const byte* msg, + word32 length); + WOLFSSL_LOCAL int NitroxHmacFinal(struct Hmac* hmac, byte* hash, + word16 hashLen); +#endif /* NO_HMAC */ + +struct WC_RNG; +WOLFSSL_API int NitroxRngGenerateBlock(struct WC_RNG* rng, byte* output, + word32 sz); + + +#endif /* HAVE_CAVIUM */ + +#endif /* _CAVIUM_NITROX_H_ */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* cavium_octeon_sync.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/cypress/psoc6_crypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psoc6_crypto.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,10 +30,26 @@ #include "cy_pdl.h" -/* SHA1, SHA2 and SHA3 are supported for PSOC6 */ -#define PSOC6_HASH_SHA1 -#define PSOC6_HASH_SHA2 -#define PSOC6_HASH_SHA3 +/* Enable SHA-1 hardware acceleration if SHA-1 is enabled in wolfSSL */ +#if !defined(NO_SHA) + #define PSOC6_HASH_SHA1 +#endif + +/* Enable SHA-2 family hardware acceleration if any SHA-2 variant is enabled */ +#if !defined(NO_SHA256) || defined(WOLFSSL_SHA224) || \ + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) + #define PSOC6_HASH_SHA2 +#endif + +/* Enable SHA-3 hardware acceleration if SHA-3 is enabled in wolfSSL */ +#if defined(WOLFSSL_SHA3) + #define PSOC6_HASH_SHA3 +#endif + +/* Enable AES support for PSOC6. */ +#ifndef NO_AES + #define PSOC6_CRYPTO_AES +#endif /* !NO_AES */ typedef enum { WC_PSOC6_SHA1 = 0, @@ -48,12 +64,12 @@ #if defined(PSOC6_HASH_SHA1) || defined(PSOC6_HASH_SHA2) int wc_Psoc6_Sha1_Sha2_Init(void* sha, wc_psoc6_hash_sha1_sha2_t hash_mode, int init_hash); -#endif +#endif /* PSOC6_HASH_SHA1 || PSOC6_HASH_SHA2 */ #if defined(PSOC6_HASH_SHA1) || defined(PSOC6_HASH_SHA2) || \ defined(PSOC6_HASH_SHA3) -void wc_Psoc6_Sha_Free(void); -#endif +int wc_Psoc6_Sha_Free(void); +#endif /* PSOC6_HASH_SHA1 || PSOC6_HASH_SHA2 || PSOC6_HASH_SHA3 */ #if defined(WOLFSSL_SHA3) && defined(PSOC6_HASH_SHA3) @@ -63,6 +79,67 @@ int wc_Psoc6_Shake_SqueezeBlocks(void* shake, byte* out, word32 blockCnt); #endif /* WOLFSSL_SHA3 && PSOC6_HASH_SHA3 */ +/* AES functions */ +#if defined(PSOC6_CRYPTO_AES) +struct Aes; /* Forward declaration */ + +int wc_Psoc6_Aes_SetKey(struct Aes* aes, const byte* userKey, word32 keylen, + const byte* iv, int dir); +void wc_Psoc6_Aes_Free(struct Aes* aes); +int wc_Psoc6_Aes_Encrypt(struct Aes* aes, const byte* in, byte* out); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_Decrypt(struct Aes* aes, const byte* in, byte* out); +#endif /* HAVE_AES_DECRYPT */ + +#ifdef WOLFSSL_AES_DIRECT +int wc_Psoc6_Aes_EncryptDirect(struct Aes* aes, byte* out, const byte* in); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_DecryptDirect(struct Aes* aes, byte* out, const byte* in); +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef HAVE_AES_ECB +int wc_Psoc6_Aes_EcbEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_EcbDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_ECB */ + +#ifdef HAVE_AES_CBC +int wc_Psoc6_Aes_CbcEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_CbcDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC */ + +#ifdef WOLFSSL_AES_CFB +int wc_Psoc6_Aes_CfbEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_CfbDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_CFB */ + +#ifdef HAVE_AESGCM +int wc_Psoc6_Aes_Gcm_SetKey(struct Aes* aes, const byte* key, word32 len); +int wc_Psoc6_Aes_GcmEncrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, const byte* authIn, + word32 authInSz); +#ifdef HAVE_AES_DECRYPT +int wc_Psoc6_Aes_GcmDecrypt(struct Aes* aes, byte* out, const byte* in, + word32 sz, const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AESGCM */ +#endif /* NO_AES */ + #ifdef HAVE_ECC /* Forward declaration of ecc_key structure. diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/devcrypto/wc_devcrypto.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_devcrypto.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,520 @@ +/* quickassist.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _INTEL_QUICKASSIST_H_ +#define _INTEL_QUICKASSIST_H_ + +#ifdef HAVE_INTEL_QA + +#include "cpa.h" +#include "cpa_cy_im.h" +#include "cpa_cy_sym.h" +#include "cpa_cy_rsa.h" +#include "cpa_cy_ln.h" +#include "cpa_cy_ecdh.h" +#include "cpa_cy_ecdsa.h" +#include "cpa_cy_dh.h" +#include "cpa_cy_drbg.h" +#include "cpa_cy_nrbg.h" +#include "cpa_cy_prime.h" + +/* User space utils */ +#include +#include +#include +#include + +#if 0 + /* Optional feature for partial QAT hashing support */ + /* This will process updates through hardware instead of caching them */ + #define QAT_HASH_ENABLE_PARTIAL +#endif +#ifdef QAT_HASH_ENABLE_PARTIAL + #define MAX_QAT_HASH_BUFFERS 2 +#endif + +/* Detect QAT driver version */ +#if defined(CPA_CY_API_VERSION_NUM_MAJOR) && CPA_CY_API_VERSION_NUM_MAJOR > 1 + #define QAT_V2 + #if CPA_CY_API_VERSION_NUM_MAJOR > 2 || ( \ + CPA_CY_API_VERSION_NUM_MAJOR == 2 && ( \ + defined(CPA_CY_API_VERSION_NUM_MINOR) && \ + CPA_CY_API_VERSION_NUM_MINOR >= 4 \ + ) \ + ) + #define QAT_V2_4_PLUS + #endif +#endif + +#ifdef QAT_V2 + /* quickassist/utilities/libusdm_drv/qae_mem.h */ + /* Provides user-space API's for accessing NUMA allocated memory + * through usdm_drv */ + #include "qae_mem.h" +#endif + +#ifdef QAT_USE_POLLING_THREAD + #include +#endif +#ifdef QA_DEMO_MAIN + #include +#endif + + +/* Tunable parameters */ +#ifndef QAT_PROCESS_NAME + #define QAT_PROCESS_NAME "SSL" +#endif +#ifndef QAT_LIMIT_DEV_ACCESS + #define QAT_LIMIT_DEV_ACCESS CPA_FALSE +#endif +#ifndef QAT_MAX_DEVICES + #define QAT_MAX_DEVICES (1) /* maximum number of QAT cards */ +#endif +#ifndef QAT_MAX_PENDING + /* max num of concurrent ops */ + #ifdef WC_NO_ASYNC_THREADING + #define QAT_MAX_PENDING (40) + #elif defined(WC_ASYNC_BENCH_THREAD_COUNT) + #define QAT_MAX_PENDING ((40/WC_ASYNC_BENCH_THREAD_COUNT)*2) + #else + #define QAT_MAX_PENDING (15) + #endif +#endif +#ifndef QAT_RETRY_LIMIT + #define QAT_RETRY_LIMIT (100) +#endif +#ifndef QAT_POLL_RESP_QUOTA + #define QAT_POLL_RESP_QUOTA (0) /* all pending */ +#endif + +/* TODO: Tune this value to get best performance */ +#ifndef WC_ASYNC_THRESH_AES_CBC + #define WC_ASYNC_THRESH_AES_CBC 128 +#endif +#ifndef WC_ASYNC_THRESH_AES_GCM + #define WC_ASYNC_THRESH_AES_GCM 128 +#endif +#ifndef WC_ASYNC_THRESH_DES3_CBC + #define WC_ASYNC_THRESH_DES3_CBC 128 +#endif + +/* Macros */ +#define INVALID_STATUS -256 + + +#if !defined(NO_SHA256) || defined(WOLFSSL_SHA512) || \ + defined(WOLFSSL_SHA384) || !defined(NO_HMAC) || !defined(NO_MD5) || \ + defined(WOLFSSL_SHA224) + #define QAT_ENABLE_HASH +#endif +#if !defined(NO_AES) || !defined(NO_DES3) + #define QAT_ENABLE_CRYPTO +#endif +#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DH) + #define QAT_ENABLE_PKI +#endif + +/* QAT 1.7 does not support NRBG or DRBG */ +#if !defined(QAT_V2) && !defined(NO_QAT_RNG) + #define QAT_ENABLE_RNG +#endif + +/* Pre-declarations */ +struct WC_ASYNC_DEV; +struct WC_BIGINT; +struct IntelQaDev; +struct WC_RNG; + +#if defined(QAT_ENABLE_HASH) || defined(QAT_ENABLE_CRYPTO) +/* symmetric context */ +typedef struct IntelQaSymCtx { + CpaCySymOpData opData; + CpaCySymSessionCtx symCtxSrc; + CpaCySymSessionCtx symCtx; + word32 symCtxSize; + + /* flags */ + word32 isOpen:1; + word32 isCopy:1; +} IntelQaSymCtx; +#endif + +typedef void (*IntelQaFreeFunc)(struct WC_ASYNC_DEV*); + +#if defined(QAT_ENABLE_PKI) && !defined(NO_RSA) && defined (WOLFSSL_KEY_GEN) + #ifndef QAT_PRIME_GEN_TRIES + /* number of times to try generating a prime candidates + based on generated miller rabbin */ + #define QAT_PRIME_GEN_TRIES 100 + #endif + #ifndef QAT_PRIME_GEN_RETRIES + /* number of times to try new prime candidates */ + #define QAT_PRIME_GEN_RETRIES 1000 + #endif + #ifndef QAT_PRIME_GEN_MR_ROUNDS + /* Miller Rabbin Rounds */ + #define QAT_PRIME_GEN_MR_ROUNDS 2 + #endif + + enum { + QAT_PRIME_CHK_STATUS_INIT = 0, + QAT_PRIME_CHK_STATUS_FAILED, + QAT_PRIME_CHK_STATUS_PASSED, + QAT_PRIME_CHK_STATUS_ERROR, + }; +#endif + +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + struct sp_int; + #define MATH_INT_T struct sp_int +#elif defined(USE_FAST_MATH) + struct fp_int; + #define MATH_INT_T struct fp_int +#else + struct mp_int; + #define MATH_INT_T struct mp_int +#endif + +/* QuickAssist device */ +typedef struct IntelQaDev { + CpaInstanceHandle handle; + int devId; + + /* callback return info */ + int ret; + byte* out; + union { + word32* outLenPtr; + word32 outLen; + }; + + /* operations */ + IntelQaFreeFunc freeFunc; + union { + #if defined(QAT_ENABLE_PKI) && !defined(NO_RSA) + #ifdef WOLFSSL_KEY_GEN + struct { + CpaCyPrimeTestOpData* opData; + CpaFlatBuffer* primeCandidates; + byte* pMillerRabinData; + byte testStatus[QAT_PRIME_GEN_TRIES]; + } prime_gen; + struct { + CpaCyRsaKeyGenOpData opData; + CpaCyRsaPrivateKey privateKey; + CpaCyRsaPublicKey publicKey; + struct RsaKey* rsakey; + } rsa_keygen; + #endif /* WOLFSSL_KEY_GEN */ + struct { + CpaCyRsaDecryptOpData opData; + CpaCyRsaPrivateKey privateKey; + CpaFlatBuffer outBuf; + } rsa_priv; + struct { + CpaCyRsaEncryptOpData opData; + CpaCyRsaPublicKey publicKey; + CpaFlatBuffer outBuf; + } rsa_pub; + struct { + CpaCyLnModExpOpData opData; + CpaFlatBuffer target; + } rsa_modexp; + #endif + #ifdef QAT_ENABLE_CRYPTO + struct { + IntelQaSymCtx ctx; + CpaBufferList bufferList; + CpaFlatBuffer flatBuffer; + byte* authTag; + word32 authTagSz; + byte* iv; + word32 ivSz; + } cipher; + #endif + #if defined(QAT_ENABLE_PKI) && defined(HAVE_ECC) + struct { + CpaCyEcPointMultiplyOpData opData; + CpaFlatBuffer pXk; + CpaFlatBuffer pYk; + CpaBoolean multiplyStatus; + + /* output pub */ + MATH_INT_T* pubX; + MATH_INT_T* pubY; + MATH_INT_T* pubZ; + } ecc_mul; + #ifdef HAVE_ECC_DHE + struct { + CpaCyEcdhPointMultiplyOpData opData; + CpaFlatBuffer pXk; + CpaFlatBuffer pYk; + CpaBoolean multiplyStatus; + } ecc_ecdh; + #endif + #ifdef HAVE_ECC_SIGN + struct { + CpaCyEcdsaSignRSOpData opData; + CpaFlatBuffer R; + CpaFlatBuffer S; + CpaBoolean signStatus; + + struct WC_BIGINT* pR; + struct WC_BIGINT* pS; + } ecc_sign; + #endif + #ifdef HAVE_ECC_VERIFY + struct { + CpaCyEcdsaVerifyOpData opData; + CpaBoolean verifyStatus; + int* stat; + } ecc_verify; + #endif + #endif /* HAVE_ECC */ + #ifdef QAT_ENABLE_HASH + struct { + IntelQaSymCtx ctx; + CpaBufferList* srcList; + /* tmp buffer to hold anything pending less than block size */ + byte* tmpIn; + word32 tmpInSz; + word32 tmpInBufSz; + + #ifdef QAT_HASH_ENABLE_PARTIAL + int bufferCount; + byte* buffers[MAX_QAT_HASH_BUFFERS]; + word32 buffersSz[MAX_QAT_HASH_BUFFERS]; + #endif + } hash; + #endif + #if defined(QAT_ENABLE_PKI) && !defined(NO_DH) + struct { + CpaCyDhPhase1KeyGenOpData opData; + CpaFlatBuffer pOut; + } dh_gen; + struct { + CpaCyDhPhase2SecretKeyGenOpData opData; + CpaFlatBuffer pOut; + } dh_agree; + #endif + #ifdef QAT_ENABLE_RNG + struct { + CpaCyDrbgGenOpData opData; + CpaCyDrbgSessionHandle handle; + CpaFlatBuffer pOut; + } drbg; + #endif + } op; + +#ifdef QAT_USE_POLLING_THREAD + pthread_t pollingThread; + byte pollingCy; +#endif +} IntelQaDev; + + +/* Interface */ +WOLFSSL_LOCAL int IntelQaHardwareStart(const char* process_name, + int limitDevAccess); +WOLFSSL_LOCAL void IntelQaHardwareStop(void); + +WOLFSSL_LOCAL int IntelQaInit(void* threadId); +WOLFSSL_LOCAL void IntelQaDeInit(int); + +WOLFSSL_LOCAL int IntelQaNumInstances(void); + +WOLFSSL_LOCAL int IntelQaOpen(struct WC_ASYNC_DEV* dev, int devId); +WOLFSSL_LOCAL void IntelQaClose(struct WC_ASYNC_DEV* dev); + +WOLFSSL_LOCAL int IntelQaDevCopy(struct WC_ASYNC_DEV* src, + struct WC_ASYNC_DEV* dst); + +WOLFSSL_LOCAL int IntelQaPoll(struct WC_ASYNC_DEV* dev); + +WOLFSSL_LOCAL int IntelQaGetCyInstanceCount(void); + +#ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + WOLFSSL_LOCAL int IntelQaGenPrime(struct WC_ASYNC_DEV* dev, + struct WC_RNG* rng, byte* primeBuf, word32 primeSz); + WOLFSSL_LOCAL int IntelQaRsaKeyGen(struct WC_ASYNC_DEV* dev, + struct RsaKey* key, int keyBits, long e, + struct WC_RNG* rng); + #endif + WOLFSSL_LOCAL int IntelQaRsaPrivate(struct WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + struct WC_BIGINT* d, struct WC_BIGINT* n, + byte* out, word32* outLen); + WOLFSSL_LOCAL int IntelQaRsaCrtPrivate(struct WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + struct WC_BIGINT* p, struct WC_BIGINT* q, + struct WC_BIGINT* dP, struct WC_BIGINT* dQ, + struct WC_BIGINT* qInv, + byte* out, word32* outLen); + WOLFSSL_LOCAL int IntelQaRsaPublic(struct WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + struct WC_BIGINT* e, struct WC_BIGINT* n, + byte* out, word32* outLen); + WOLFSSL_LOCAL int IntelQaRsaExptMod(struct WC_ASYNC_DEV* dev, + const byte* in, word32 inLen, + struct WC_BIGINT* e, struct WC_BIGINT* n, + byte* out, word32* outLen); +#endif /* !NO_RSA */ + +#ifndef NO_AES + #ifdef HAVE_AES_CBC + WOLFSSL_LOCAL int IntelQaSymAesCbcEncrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int IntelQaSymAesCbcDecrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AES_CBC */ + + #ifdef HAVE_AESGCM + WOLFSSL_LOCAL int IntelQaSymAesGcmEncrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_LOCAL int IntelQaSymAesGcmDecrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const byte* authTag, word32 authTagSz, + const byte* authIn, word32 authInSz); + #endif /* HAVE_AES_DECRYPT */ + #endif /* HAVE_AESGCM */ +#endif /* !NO_AES */ + +#ifndef NO_DES3 + WOLFSSL_LOCAL int IntelQaSymDes3CbcEncrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz); + WOLFSSL_LOCAL int IntelQaSymDes3CbcDecrypt(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz, + const byte* key, word32 keySz, + byte* iv, word32 ivSz); +#endif /*! NO_DES3 */ + +#ifdef WOLFSSL_SHA512 + WOLFSSL_LOCAL int IntelQaSymSha512(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); + + #ifdef WOLFSSL_SHA384 + WOLFSSL_LOCAL int IntelQaSymSha384(struct WC_ASYNC_DEV* dev, + byte* out, const byte* in, word32 sz); + #endif +#endif + +#ifndef NO_SHA256 + WOLFSSL_LOCAL int IntelQaSymSha256(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); + #ifdef WOLFSSL_SHA224 + WOLFSSL_LOCAL int IntelQaSymSha224(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); + #endif +#endif /* !NO_SHA256 */ + +#ifndef NO_SHA + WOLFSSL_LOCAL int IntelQaSymSha(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); +#endif /* !NO_SHA */ + +#ifndef NO_MD5 + WOLFSSL_LOCAL int IntelQaSymMd5(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); +#endif /* !NO_MD5 */ + +#if defined(WOLFSSL_SHA3) && defined(QAT_V2) + WOLFSSL_LOCAL int IntelQaSymSha3(struct WC_ASYNC_DEV* dev, byte* out, + const byte* in, word32 sz); +#endif + +#ifdef HAVE_ECC + #ifdef HAVE_ECC_DHE + WOLFSSL_LOCAL int IntelQaEccPointMul(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* k, MATH_INT_T* pubX, MATH_INT_T* pubY, + MATH_INT_T* pubZ, + struct WC_BIGINT* xG, struct WC_BIGINT* yG, + struct WC_BIGINT* a, struct WC_BIGINT* b, + struct WC_BIGINT* q, word32 cofactor); + WOLFSSL_LOCAL int IntelQaEcdh(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* k, struct WC_BIGINT* xG, + struct WC_BIGINT* yG, byte* out, word32* outlen, + struct WC_BIGINT* a, struct WC_BIGINT* b, + struct WC_BIGINT* q, word32 cofactor); + #endif /* HAVE_ECC_DHE */ + #ifdef HAVE_ECC_SIGN + WOLFSSL_LOCAL int IntelQaEcdsaSign(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* m, struct WC_BIGINT* d, + struct WC_BIGINT* k, + struct WC_BIGINT* r, struct WC_BIGINT* s, + struct WC_BIGINT* a, struct WC_BIGINT* b, + struct WC_BIGINT* q, struct WC_BIGINT* n, + struct WC_BIGINT* xg, struct WC_BIGINT* yg); + #endif /* HAVE_ECC_SIGN */ + #ifdef HAVE_ECC_VERIFY + WOLFSSL_LOCAL int IntelQaEcdsaVerify(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* m, struct WC_BIGINT* xp, + struct WC_BIGINT* yp, struct WC_BIGINT* r, + struct WC_BIGINT* s, struct WC_BIGINT* a, + struct WC_BIGINT* b, struct WC_BIGINT* q, + struct WC_BIGINT* n, struct WC_BIGINT* xg, + struct WC_BIGINT* yg, int* stat); + #endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC */ + +#ifndef NO_DH + WOLFSSL_LOCAL int IntelQaDhKeyGen(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* p, struct WC_BIGINT* g, struct WC_BIGINT* x, + byte* pub, word32* pubSz); + + + WOLFSSL_LOCAL int IntelQaDhAgree(struct WC_ASYNC_DEV* dev, + struct WC_BIGINT* p, + byte* agree, word32* agreeSz, + const byte* priv, word32 privSz, + const byte* otherPub, word32 pubSz); +#endif /* !NO_DH */ + +#ifndef NO_HMAC + WOLFSSL_LOCAL int IntelQaHmacGetType(int macType, word32* hashAlgorithm); + WOLFSSL_LOCAL int IntelQaHmac(struct WC_ASYNC_DEV* dev, + int macType, byte* keyRaw, word16 keyLen, + byte* out, const byte* in, word32 sz); +#endif /* !NO_HMAC */ + +WOLFSSL_LOCAL int IntelQaDrbg(struct WC_ASYNC_DEV* dev, byte* rngBuf, + word32 rngSz); +WOLFSSL_LOCAL int IntelQaNrbg(CpaFlatBuffer* pBuffer, Cpa32U length); + +#endif /* HAVE_INTEL_QA */ + +#endif /* _INTEL_QUICKASSIST_H_ */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_mem.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_mem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_mem.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_mem.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,64 @@ +/* quickassist_mem.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef _QUICKASSIST_MEM_H_ +#define _QUICKASSIST_MEM_H_ + +#ifdef HAVE_INTEL_QA + +#include + +CpaStatus qaeMemInit(void); +void qaeMemDestroy(void); + +#ifndef QAT_V2 + #define QAE_PHYS_ADDR CpaPhysicalAddr + WOLFSSL_LOCAL QAE_PHYS_ADDR qaeVirtToPhysNUMA(void* pVirtAddress); +#endif + + +#ifdef WOLFSSL_TRACK_MEMORY + WOLFSSL_API int InitMemoryTracker(void); + WOLFSSL_API void ShowMemoryTracker(void); +#endif + + +WOLFSSL_API void* IntelQaMalloc(size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); + +WOLFSSL_API void IntelQaFree(void *ptr, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); + +WOLFSSL_API void* IntelQaRealloc(void *ptr, size_t size, void* heap, int type +#ifdef WOLFSSL_DEBUG_MEMORY + , const char* func, unsigned int line +#endif +); + +#endif /* HAVE_INTEL_QA */ + +#endif /* _QUICKASSIST_MEM_H_ */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_sync.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_sync.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_sync.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/intel/quickassist_sync.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* quickassist_sync.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/iotsafe/iotsafe.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* iotsafe.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_dh.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_dh.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_ecc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_hmac.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_hmac.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/kcapi_rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* kcapi_rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/kcapi/wc_kcapi.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_kcapi.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/liboqs/liboqs.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* liboqs.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x-cryptocb.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* max3266x-cryptocb.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -59,12 +59,6 @@ #endif /* HAVE_AES_DECRYPT */ - WOLFSSL_LOCAL int wc_MXC_Sha256Update(wc_MXC_Sha* sha256, - const unsigned char* data, - unsigned int len); - WOLFSSL_LOCAL int wc_MXC_Sha256Final(wc_MXC_Sha* sha256, - unsigned char* hash); - #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/max3266x.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* max3266x.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,6 +57,16 @@ #endif #endif +/* Enable copy/free callbacks when using callback mode */ +#if defined(MAX3266X_SHA_CB) + #ifndef WOLF_CRYPTO_CB_COPY + #define WOLF_CRYPTO_CB_COPY + #endif + #ifndef WOLF_CRYPTO_CB_FREE + #define WOLF_CRYPTO_CB_FREE + #endif +#endif + /* Crypto HW can be used in parallel on this device */ /* Sets up new Mutexing if desired */ #ifdef WOLFSSL_ALGO_HW_MUTEX @@ -236,14 +246,10 @@ #if defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) - /* Need to update this struct accordingly if other SHA Structs change */ - /* This is a generic struct to use so only this is needed */ - - typedef struct { - unsigned char *msg; - unsigned int used; - unsigned int size; - } wc_MXC_Sha; + /* Use HASH_KEEP to accumulate message data for one-shot TPU hardware */ + #ifndef WOLFSSL_HASH_KEEP + #define WOLFSSL_HASH_KEEP + #endif #if !defined(NO_SHA) /* Define the SHA digest for an empty string */ @@ -311,24 +317,45 @@ #endif /* WOLFSSL_SHA512 */ - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Init(wc_MXC_Sha *hash); - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Update(wc_MXC_Sha *hash, - const unsigned char* data, - unsigned int size); - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(wc_MXC_Sha *hash, + /* Check for empty message and provide pre-computed digest if so */ + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(const unsigned char* msg, + unsigned int msgSz, unsigned char* digest, MXC_TPU_HASH_TYPE algo); - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(wc_MXC_Sha *hash, + /* Compute hash from accumulated message using TPU hardware */ + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetHash(const unsigned char* msg, + unsigned int msgSz, unsigned char* digest, MXC_TPU_HASH_TYPE algo); - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(wc_MXC_Sha* src, wc_MXC_Sha* dst); - WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(wc_MXC_Sha* hash); - WOLFSSL_LOCAL int wc_MXC_TPU_SHA_GetDigest(wc_MXC_Sha *hash, + /* Free HASH_KEEP message buffer and reset fields */ + WOLFSSL_LOCAL void wc_MXC_TPU_SHA_Free(unsigned char** msg, + unsigned int* used, + unsigned int* len, + void* heap); + /* Free HASH_KEEP message buffer and zero the full SHA context */ + WOLFSSL_LOCAL void wc_MXC_TPU_SHA_FreeCtx(void* ctx, + unsigned int ctxSz, + unsigned char** msg, + unsigned int* used, + unsigned int* len, + void* heap); + /* Copy SHA context and deep copy HASH_KEEP message buffer */ + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Copy(void* src, void* dst, + unsigned int ctxSz, + unsigned char** dstMsg, + unsigned int* dstUsed, + unsigned int* dstLen, + void* dstHeap, void* srcHeap); + /* Compute hash, free message buffer, and reset fields */ + WOLFSSL_LOCAL int wc_MXC_TPU_SHA_Final(unsigned char** msg, + unsigned int* used, + unsigned int* len, + void* heap, unsigned char* digest, MXC_TPU_HASH_TYPE algo); -#endif /* defined(MAX3266X_SHA) && !defined(WOLF_CRYPTO_CB) */ +#endif /* defined(MAX3266X_SHA) || defined(MAX3266X_SHA_CB) */ #if defined(MAX3266X_MATH) #define WOLFSSL_USE_HW_MP diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/maxq10xx.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/maxq10xx.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/maxq10xx.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/maxim/maxq10xx.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* maxq10xx.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nrf51.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nrf51.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nrf51.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nrf51.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* nrf51.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/dcp_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/dcp_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/dcp_port.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/dcp_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* dcp_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/ksdk_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/ksdk_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/ksdk_port.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/ksdk_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ksdk_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/se050_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/se050_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/se050_port.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/nxp/se050_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* se050_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/pic32/pic32mz-crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pic32mz-crypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/psa/psa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* psa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/riscv/riscv-64-asm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* riscv-64-asm.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/rpi_pico/pico.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/rpi_pico/pico.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/rpi_pico/pico.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/rpi_pico/pico.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pico.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_aes.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_aes.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_aes.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_aes.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_aes.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_ecc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_ecc.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_random.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_random.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_random.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/silabs/silabs_random.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* silabs_random.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stm32.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stm32.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stm32.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stm32.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* stm32.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -30,6 +30,8 @@ #ifdef STM32_HASH +#include /* for uint32_t */ + #define WOLFSSL_NO_HASH_RAW #ifdef HASH_DIGEST @@ -74,6 +76,9 @@ #if !defined(HASH_ALGOMODE_HASH) && defined(HASH_AlgoMode_HASH) #define HASH_ALGOMODE_HASH HASH_AlgoMode_HASH #endif +#if !defined(HASH_ALGOMODE_HMAC) && defined(HASH_AlgoMode_HMAC) + #define HASH_ALGOMODE_HMAC HASH_AlgoMode_HMAC +#endif #if !defined(HASH_DATATYPE_8B) #if defined(HASH_DataType_8b) #define HASH_DATATYPE_8B HASH_DataType_8b @@ -129,6 +134,19 @@ int wc_Stm32_Hash_Final(STM32_HASH_Context* stmCtx, word32 algo, byte* hash, word32 digestSize); +#ifdef STM32_HMAC +/* STM32 Hardware HMAC API */ +int wc_Stm32_Hmac_GetAlgoInfo(int macType, word32* algo, word32* blockSize, + word32* digestSize); +int wc_Stm32_Hmac_SetKey(STM32_HASH_Context* stmCtx, int macType, + const byte* key, word32 keySz); +/* HMAC Update uses the same data feeding as Hash Update */ +#define wc_Stm32_Hmac_Update(stmCtx, algo, data, len, blockSize) \ + wc_Stm32_Hash_Update((stmCtx), (algo), (data), (len), (blockSize)) +int wc_Stm32_Hmac_Final(STM32_HASH_Context* stmCtx, word32 algo, + const byte* key, word32 keySz, byte* hash, word32 digestSize); +#endif /* STM32_HMAC */ + #endif /* STM32_HASH */ @@ -150,7 +168,7 @@ defined(WOLFSSL_STM32L5) || defined(WOLFSSL_STM32H7) || \ defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \ defined(WOLFSSL_STM32MP13) || defined(WOLFSSL_STM32H7S) || \ - defined(WOLFSSL_STM32N6)) + defined(WOLFSSL_STM32N6) || defined(WOLFSSL_STM32G0)) /* Hardware supports AES GCM acceleration */ #define STM32_CRYPTO_AES_GCM #endif @@ -166,8 +184,10 @@ #define STM32_HAL_V2 #endif #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ - defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) - #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) + defined(WOLFSSL_STM32U5) || defined(WOLFSSL_STM32H5) || \ + defined(WOLFSSL_STM32G0) + #if defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32U5) || \ + defined(WOLFSSL_STM32G0) #define STM32_CRYPTO_AES_ONLY /* crypto engine only supports AES */ #endif #if defined(WOLFSSL_STM32H5) @@ -185,7 +205,8 @@ (defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32L5) || \ defined(WOLFSSL_STM32H7) || defined(WOLFSSL_STM32U5) || \ defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32MP13) || \ - defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32N6)) + defined(WOLFSSL_STM32H7S) || defined(WOLFSSL_STM32N6) || \ + defined(WOLFSSL_STM32G0)) #define STM32_HAL_V2 #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stsafe.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stsafe.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stsafe.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/st/stsafe.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* stsafe.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,6 +23,7 @@ #define _WOLFPORT_STSAFE_H_ #include +#include #include #include @@ -34,22 +35,135 @@ #include #endif -#ifdef WOLFSSL_STSAFEA100 +#ifdef WOLFSSL_STSAFE -/* The wolf STSAFE interface layer */ -/* Please contact wolfSSL for the STSAFE port files */ -#include "stsafe_interface.h" +/* -------------------------------------------------------------------------- */ +/* External Interface Support (Backwards Compatibility) */ +/* -------------------------------------------------------------------------- */ + +/* Define WOLFSSL_STSAFE_INTERFACE_EXTERNAL to use an external stsafe_ + * interface.h file that provides customer-specific implementations. + * This maintains backwards compatibility with older integrations that + * used a separate interface file. + * + * When NOT set (the default): All code is self-contained in stsafe.c using + * the appropriate SDK (STSELib for A120, STSAFE-A1xx SDK for A100/A110). + * + * When defined: Include customer-provided stsafe_interface.h which must define: + * - stsafe_curve_id_t, stsafe_slot_t types + * - STSAFE_ECC_CURVE_P256, STSAFE_ECC_CURVE_P384 macros + * - STSAFE_KEY_SLOT_0, STSAFE_KEY_SLOT_1, STSAFE_KEY_SLOT_EPHEMERAL macros + * - STSAFE_A_OK return code macro + * - STSAFE_MAX_KEY_LEN, STSAFE_MAX_PUBKEY_RAW_LEN, STSAFE_MAX_SIG_LEN macros + * - Function prototypes for interface functions (see stsafe.c) + */ +#ifdef WOLFSSL_STSAFE_INTERFACE_EXTERNAL + #include "stsafe_interface.h" +#else + +/* -------------------------------------------------------------------------- */ +/* STSAFE SDK Type Abstractions */ +/* -------------------------------------------------------------------------- */ + +#ifdef WOLFSSL_STSAFEA120 + /* STSAFE-A120 uses STSELib (open source BSD-3) */ + /* Note: stselib.h is included in stsafe.c to avoid warnings in headers */ + + /* Type mappings for STSELib - using byte for curve ID to avoid + * including full STSELib headers which have strict-prototype warnings */ + typedef byte stsafe_curve_id_t; + typedef byte stsafe_slot_t; + + /* Curve ID mappings - values depend on stse_conf.h settings! + * With only NIST P-256 and P-384 enabled: + * STSE_ECC_KT_NIST_P_256 = 0, STSE_ECC_KT_NIST_P_384 = 1 + * NOTE: If other curves are enabled, these values change! + * + * Compile-time static assertions and runtime checks in stsafe_interface_init() + * verify that these constants match the actual STSE_ECC_KT enum values. */ + #define STSAFE_ECC_CURVE_P256 0 /* STSE_ECC_KT_NIST_P_256 */ + #define STSAFE_ECC_CURVE_P384 1 /* STSE_ECC_KT_NIST_P_384 */ + #define STSAFE_ECC_CURVE_BP256 2 /* STSE_ECC_KT_BP_P_256 */ + #define STSAFE_ECC_CURVE_BP384 3 /* STSE_ECC_KT_BP_P_384 */ + + /* Slot mappings */ + #define STSAFE_KEY_SLOT_0 0 + #define STSAFE_KEY_SLOT_1 1 + #define STSAFE_KEY_SLOT_EPHEMERAL 0xFF + + /* Return codes */ + #define STSAFE_A_OK 0 /* STSE_OK */ + + /* Key usage limits */ + #define STSAFE_PERSISTENT_KEY_USAGE_LIMIT 255 /* Usage limit for persistent keys in slot 1 */ + #define STSAFE_EPHEMERAL_KEY_USAGE_LIMIT 1 /* Usage limit for ephemeral keys in slot 0xFF */ + + /* Hash types - must match stse_hash_algorithm_t values in STSELib */ + #define STSAFE_HASH_SHA256 0 /* STSE_SHA_256 */ + #define STSAFE_HASH_SHA384 1 /* STSE_SHA_384 */ + +#else /* WOLFSSL_STSAFEA100 */ + /* STSAFE-A100/A110 uses legacy ST STSAFE-A1xx SDK */ + /* User must provide path to STSAFE-A1xx SDK headers */ + #include + + /* Type mappings for legacy SDK */ + typedef StSafeA_CurveId stsafe_curve_id_t; + typedef StSafeA_KeySlotNumber stsafe_slot_t; + + /* Curve ID mappings */ + #define STSAFE_ECC_CURVE_P256 STSAFE_A_NIST_P_256 + #define STSAFE_ECC_CURVE_P384 STSAFE_A_NIST_P_384 + #define STSAFE_ECC_CURVE_BP256 STSAFE_A_BRAINPOOL_P_256 + #define STSAFE_ECC_CURVE_BP384 STSAFE_A_BRAINPOOL_P_384 + + /* Slot mappings */ + #define STSAFE_KEY_SLOT_0 STSAFE_A_SLOT_0 + #define STSAFE_KEY_SLOT_1 STSAFE_A_SLOT_1 + #define STSAFE_KEY_SLOT_EPHEMERAL STSAFE_A_SLOT_EPHEMERAL + + /* Return codes - STSAFE_A_OK already defined in SDK */ + + /* Hash types */ + #define STSAFE_HASH_SHA256 STSAFE_A_SHA_256 + #define STSAFE_HASH_SHA384 STSAFE_A_SHA_384 + +#endif /* WOLFSSL_STSAFEA120 */ + +/* -------------------------------------------------------------------------- */ +/* Common Definitions */ +/* -------------------------------------------------------------------------- */ #ifndef STSAFE_MAX_KEY_LEN - #define STSAFE_MAX_KEY_LEN ((uint32_t)48) /* for up to 384-bit keys */ + #define STSAFE_MAX_KEY_LEN 48 /* for up to 384-bit keys */ #endif #ifndef STSAFE_MAX_PUBKEY_RAW_LEN - #define STSAFE_MAX_PUBKEY_RAW_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* x/y */ + #define STSAFE_MAX_PUBKEY_RAW_LEN (STSAFE_MAX_KEY_LEN * 2) /* x/y */ #endif #ifndef STSAFE_MAX_SIG_LEN - #define STSAFE_MAX_SIG_LEN ((uint32_t)STSAFE_MAX_KEY_LEN * 2) /* r/s */ + #define STSAFE_MAX_SIG_LEN (STSAFE_MAX_KEY_LEN * 2) /* r/s */ +#endif + +/* Default I2C address */ +#ifndef STSAFE_I2C_ADDR + #define STSAFE_I2C_ADDR 0x20 #endif +/* Default curve mode (for signing operations) */ +#ifndef STSAFE_DEFAULT_CURVE + #define STSAFE_DEFAULT_CURVE STSAFE_ECC_CURVE_P256 +#endif + +#endif /* !WOLFSSL_STSAFE_INTERFACE_EXTERNAL */ + +/* -------------------------------------------------------------------------- */ +/* Public API Functions */ +/* -------------------------------------------------------------------------- */ + +/* Initialize STSAFE device - called automatically by wolfCrypt_Init() */ +WOLFSSL_API int stsafe_interface_init(void); + +/* Load device certificate from STSAFE secure storage */ WOLFSSL_API int SSL_STSAFE_LoadDeviceCertificate(byte** pRawCertificate, word32* pRawCertificateLen); @@ -94,6 +208,6 @@ #endif /* WOLF_CRYPTO_CB */ -#endif /* WOLFSSL_STSAFEA100 */ +#endif /* WOLFSSL_STSAFE */ #endif /* _WOLFPORT_STSAFE_H_ */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-ccm.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-ccm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-ccm.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-ccm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* port/ti/ti_ccm.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-hash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-hash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-hash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/ti/ti-hash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* port/ti/ti-hash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/tropicsquare/tropic01.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tropic01.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-sha3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-glue.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-versal-glue.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xil-versal-trng.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/pwdbased.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/random.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -156,6 +156,10 @@ ProviderHandle handle; #else int fd; + #if defined(WOLFSSL_KEEP_RNG_SEED_FD_OPEN) + WC_BITFIELD seedFdOpen:1; + WC_BITFIELD keepSeedFdOpen:1; + #endif #endif #if defined(WOLF_CRYPTO_CB) int devId; @@ -163,6 +167,89 @@ }; #ifdef HAVE_HASHDRBG + +/* The security strength for the RNG is the target number of bits of + * entropy you are looking for in a seed. */ +/* RNG_SECURITY_STRENGTH is unprefixed for backward compat. */ +#ifndef RNG_SECURITY_STRENGTH + /* SHA-256 requires a minimum of 256-bits of entropy. */ + #define RNG_SECURITY_STRENGTH (256) +#endif + +/* wolfentropy.h will define for HAVE_ENTROPY_MEMUSE */ +#ifdef HAVE_ENTROPY_MEMUSE + #include +#else + /* Maximum entropy bits that can be produced. */ + #define MAX_ENTROPY_BITS 256 +#endif + +/* ENTROPY_SCALE_FACTOR is unprefixed for backward compat. */ +#ifndef ENTROPY_SCALE_FACTOR + /* The entropy scale factor should be the whole number inverse of the + * minimum bits of entropy per bit of NDRNG output. */ + #if defined(HAVE_AMD_RDSEED) + /* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0, + * we'll add an additional 8kb on top. + * + * See "AMD RNG ESV Public Use Document". Version 0.7 of October 24, + * 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of + * RDSEED output, depending on CPU family. + */ + #define ENTROPY_SCALE_FACTOR (512) + #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) + /* The value of 2 applies to Intel's RDSEED which provides about + * 0.5 bits minimum of entropy per bit. The value of 4 gives a + * conservative margin for FIPS. */ + #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2) + #define ENTROPY_SCALE_FACTOR (2*4) + #else + /* Not FIPS, but Intel RDSEED, only double. */ + #define ENTROPY_SCALE_FACTOR (2) + #endif + #elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2) + /* If doing a FIPS build without a specific scale factor, default + * to 4. This will give 1024 bits of entropy. More is better, but + * more is also slower. */ + #define ENTROPY_SCALE_FACTOR (4) + #else + /* Setting the default to 1. */ + #define ENTROPY_SCALE_FACTOR (1) + #endif +#endif /* !ENTROPY_SCALE_FACTOR */ + +/* SEED_BLOCK_SZ is unprefixed for backward compat. */ +#ifndef SEED_BLOCK_SZ + /* The seed block size, is the size of the output of the underlying NDRNG. + * This value is used for testing the output of the NDRNG. */ + #if defined(HAVE_AMD_RDSEED) + /* AMD's RDSEED instruction works in 128-bit blocks read 64-bits + * at a time. */ + #define SEED_BLOCK_SZ (sizeof(word64)*2) + #elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND) + /* RDSEED outputs in blocks of 64-bits. */ + #define SEED_BLOCK_SZ sizeof(word64) + #else + /* Setting the default to 4. */ + #define SEED_BLOCK_SZ 4 + #endif +#endif + +#define WC_DRBG_SEED_BLOCK_SZ SEED_BLOCK_SZ + +#define WC_DRBG_SEED_SZ (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8) + +/* The maximum seed size will be the seed size plus a seed block for the + * test, and an additional half of the seed size. This additional half + * is in case the user does not supply a nonce. A nonce will be obtained + * from the NDRNG. */ +#define WC_DRBG_MAX_SEED_SZ (WC_DRBG_SEED_SZ + WC_DRBG_SEED_SZ/2 + \ + SEED_BLOCK_SZ) + +#define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4) + struct DRBG_internal { #ifdef WORD64_AVAILABLE word64 reseedCtr; @@ -177,22 +264,65 @@ #endif #ifdef WOLFSSL_SMALL_STACK_CACHE wc_Sha256 sha256; + byte seed_scratch[DRBG_SEED_LEN]; + byte digest_scratch[WC_SHA256_DIGEST_SIZE]; #endif }; +#endif /* HAVE_HASHDRBG */ + +/* RNG health states */ +#define WC_DRBG_NOT_INIT 0 +#define WC_DRBG_OK 1 +#define WC_DRBG_FAILED 2 +#define WC_DRBG_CONT_FAILED 3 +#ifdef WC_RNG_BANK_SUPPORT + #define WC_DRBG_BANKREF 4 /* Marks the WC_RNG as a ref to a wc_rng_bank, + * with no usable DRBG of its own. + */ #endif /* RNG context */ struct WC_RNG { struct OS_Seed seed; void* heap; -#ifdef HAVE_HASHDRBG - /* Hash-based Deterministic Random Bit Generator */ - struct DRBG* drbg; -#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) - struct DRBG_internal drbg_data; -#endif byte status; + +#if defined(WC_RNG_BANK_SUPPORT) || defined(HAVE_HASHDRBG) + +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + union { +#endif + + #ifdef WC_RNG_BANK_SUPPORT + struct wc_rng_bank *bankref; + #endif + + #ifdef HAVE_HASHDRBG + #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + struct { + #endif + /* Hash-based Deterministic Random Bit Generator */ + struct DRBG* drbg; + #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY) + struct DRBG_internal drbg_data; + #endif + #ifdef WOLFSSL_SMALL_STACK_CACHE + /* Scratch buffers -- all preallocated by _InitRng(). */ + struct DRBG_internal *drbg_scratch; + byte *health_check_scratch; + byte *newSeed_buf; + #endif + #ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + }; + #endif + #endif /* HAVE_HASHDRBG */ + +#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES + }; #endif + +#endif /* WC_RNG_BANK_SUPPORT || HAVE_HASHDRBG */ + #if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID) pid_t pid; #endif @@ -279,19 +409,6 @@ void* heap, int devId); #endif /* HAVE_HASHDRBG */ -#ifdef HAVE_ENTROPY_MEMUSE -/* Maximum entropy bits that can be produced. */ -#define MAX_ENTROPY_BITS 256 - -/* For generating data for assessment. */ -WOLFSSL_API int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt); -WOLFSSL_API int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len); -WOLFSSL_API int wc_Entropy_OnDemandTest(void); - -WOLFSSL_LOCAL int Entropy_Init(void); -WOLFSSL_LOCAL void Entropy_Final(void); -#endif - #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rc2.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rc2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rc2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rc2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rc2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ripemd.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ripemd.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ripemd.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/ripemd.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rng_bank.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rng_bank.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rng_bank.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rng_bank.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,181 @@ +/* rng_bank.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! + \file wolfssl/wolfcrypt/rng_bank.h +*/ + +/* This facility allocates and manages a bank of persistent RNGs with thread + * safety and provisions for automatic affinity. It is typically used in kernel + * applications. + */ + +#ifndef WOLF_CRYPT_RNG_BANK_H +#define WOLF_CRYPT_RNG_BANK_H + +#include + +#ifdef WC_RNG_BANK_SUPPORT + +#ifdef WC_NO_RNG + #error WC_RNG_BANK_SUPPORT requires RNG support. +#endif + +#define WC_RNG_BANK_FLAG_NONE 0 +#define WC_RNG_BANK_FLAG_INITED (1<<0) +#define WC_RNG_BANK_FLAG_CAN_FAIL_OVER_INST (1<<1) +#define WC_RNG_BANK_FLAG_CAN_WAIT (1<<2) +#define WC_RNG_BANK_FLAG_NO_VECTOR_OPS (1<<3) +#define WC_RNG_BANK_FLAG_PREFER_AFFINITY_INST (1<<4) +#define WC_RNG_BANK_FLAG_AFFINITY_LOCK (1<<5) + +#define WC_RNG_BANK_INST_LOCK_FREE 0 +#define WC_RNG_BANK_INST_LOCK_HELD (1<<0) +#define WC_RNG_BANK_INST_LOCK_AFFINITY_LOCKED (1<<1) +#define WC_RNG_BANK_INST_LOCK_VEC_OPS_INH (1<<2) + +typedef int (*wc_affinity_lock_fn_t)(void *arg); +typedef int (*wc_affinity_get_id_fn_t)(void *arg, int *id); +typedef int (*wc_affinity_unlock_fn_t)(void *arg); + +struct wc_rng_bank_inst { +#ifdef WOLFSSL_NO_ATOMICS + int lock; +#else + wolfSSL_Atomic_Int lock; +#endif + WC_RNG rng; +}; + +#if defined(WOLFSSL_NO_MALLOC) && defined(NO_WOLFSSL_MEMORY) && \ + !defined(WC_RNG_BANK_STATIC) + #define WC_RNG_BANK_STATIC +#endif + +#ifndef WC_RNG_BANK_STATIC_SIZE + #define WC_RNG_BANK_STATIC_SIZE 4 +#endif + +struct wc_rng_bank { + wolfSSL_Ref refcount; + void *heap; + word32 flags; + wc_affinity_lock_fn_t affinity_lock_cb; + wc_affinity_get_id_fn_t affinity_get_id_cb; + wc_affinity_unlock_fn_t affinity_unlock_cb; + void *cb_arg; /* if mutable, caller is responsible for thread safety. */ + int n_rngs; +#ifdef WC_RNG_BANK_STATIC + struct wc_rng_bank_inst rngs[WC_RNG_BANK_STATIC_SIZE]; +#else + struct wc_rng_bank_inst *rngs; /* typically one per CPU ID, plus a few */ +#endif +}; + +#ifndef WC_RNG_BANK_STATIC +WOLFSSL_API int wc_rng_bank_new( + struct wc_rng_bank **ctx, + int n_rngs, + word32 flags, + int timeout_secs, + void *heap, + int devId); +#endif + +WOLFSSL_API int wc_rng_bank_init( + struct wc_rng_bank *ctx, + int n_rngs, + word32 flags, + int timeout_secs, + void *heap, + int devId); + +WOLFSSL_API int wc_rng_bank_set_affinity_handlers( + struct wc_rng_bank *ctx, + wc_affinity_lock_fn_t affinity_lock_cb, + wc_affinity_get_id_fn_t affinity_get_id_cb, + wc_affinity_unlock_fn_t affinity_unlock_cb, + void *cb_arg); + +WOLFSSL_API int wc_rng_bank_fini(struct wc_rng_bank *ctx); + +#ifndef WC_RNG_BANK_STATIC +WOLFSSL_API int wc_rng_bank_free(struct wc_rng_bank **ctx); +#endif + +#ifdef WC_RNG_BANK_NO_DEFAULT_SUPPORT +#undef WC_RNG_BANK_DEFAULT_SUPPORT +#else /* !WC_RNG_BANK_NO_DEFAULT_SUPPORT */ +#ifndef WC_RNG_BANK_DEFAULT_SUPPORT +#define WC_RNG_BANK_DEFAULT_SUPPORT +#endif +WOLFSSL_API int wc_rng_bank_default_set(struct wc_rng_bank *bank); +WOLFSSL_API int wc_rng_bank_default_checkout(struct wc_rng_bank **bank); +WOLFSSL_API int wc_rng_bank_default_checkin(struct wc_rng_bank **bank); +WOLFSSL_API int wc_rng_bank_default_clear(struct wc_rng_bank *bank); +#endif /* !WC_RNG_BANK_NO_DEFAULT_SUPPORT */ + +WOLFSSL_API int wc_rng_bank_checkout( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst, + int preferred_inst_offset, + int timeout_secs, + word32 flags); + +WOLFSSL_LOCAL int wc_local_rng_bank_checkout_for_bankref( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst); + +WOLFSSL_API int wc_rng_bank_checkin( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst **rng_inst); + +WOLFSSL_API int wc_rng_bank_inst_reinit( + struct wc_rng_bank *bank, + struct wc_rng_bank_inst *rng_inst, + int timeout_secs, + word32 flags); + +WOLFSSL_API int wc_rng_bank_seed(struct wc_rng_bank *bank, + const byte* seed, word32 seedSz, + int timeout_secs, + word32 flags); + +WOLFSSL_API int wc_rng_bank_reseed(struct wc_rng_bank *bank, + int timeout_secs, + word32 flags); + +#ifdef WC_DRBG_BANKREF +WOLFSSL_API int wc_InitRng_BankRef(struct wc_rng_bank *bank, WC_RNG *rng); + +WOLFSSL_API int wc_BankRef_Release(WC_RNG *rng); + +#if !defined(WC_RNG_BANK_STATIC) && !defined(WC_NO_CONSTRUCTORS) +WOLFSSL_API int wc_rng_new_bankref(struct wc_rng_bank *bank, WC_RNG **rng); +/* note, free with wc_rng_free(). */ +#endif +#endif /* WC_DRBG_BANKREF */ + +#define WC_RNG_BANK_INST_TO_RNG(rng_inst) (&(rng_inst)->rng) + +#endif /* WC_RNG_BANK_SUPPORT */ + +#endif /* WOLF_CRYPT_RNG_BANK_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/rsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -119,7 +119,7 @@ #endif #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define RSA_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #define RSA_MAX_SIZE WC_BITS_FULL_BYTES(SP_INT_BITS) #if defined(WOLFSSL_MYSQL_COMPATIBLE) && RSA_MAX_SIZE < 8192 #error "MySQL needs SP_INT_BITS at least at 8192" #endif @@ -140,9 +140,6 @@ #ifdef WOLFSSL_ASYNC_CRYPT #include - #ifdef WOLFSSL_CERT_GEN - #include - #endif #endif #if FIPS_VERSION3_GE(6,0,0) @@ -214,8 +211,10 @@ int type; /* public or private */ int state; word32 dataLen; -#ifdef WC_RSA_BLINDING - WC_RNG* rng; /* for PrivateDecrypt blinding */ +#ifndef WC_NO_RNG + WC_RNG* rng; /* for PrivateDecrypt blinding and + * _ifc_pairwise_consistency_test() + */ #endif #ifdef WOLFSSL_SE050 word32 keyId; @@ -330,6 +329,7 @@ word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng); +#ifdef WC_RSA_PSS WOLFSSL_API int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey* key, WC_RNG* rng); @@ -337,6 +337,7 @@ word32 outLen, enum wc_HashType hash, int mgf, int saltLen, RsaKey* key, WC_RNG* rng); +#endif WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, @@ -346,6 +347,7 @@ WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash); +#ifdef WC_RSA_PSS WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); @@ -378,6 +380,7 @@ const byte* digest, word32 digestLen, enum wc_HashType hash, int mgf, RsaKey* key); +#endif WOLFSSL_API int wc_RsaEncryptSize(const RsaKey* key); @@ -399,7 +402,7 @@ WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen); #endif -#ifdef WC_RSA_BLINDING +#ifndef WC_NO_RNG WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng); #endif #ifdef WC_RSA_NONBLOCK diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sakke.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sakke.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sakke.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sakke.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sakke.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/selftest.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/selftest.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/selftest.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/selftest.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -63,6 +63,9 @@ #include #endif +#define WC_BITS_TO_BYTES(x) (((x) + 7) >> 3) +#define WC_BITS_FULL_BYTES(x) (WC_BITS_TO_BYTES(x) << 3) + /* Uncomment next line if using IPHONE */ /* #define IPHONE */ @@ -369,12 +372,22 @@ #warning "No configuration for wolfSSL detected, check header order" #endif -/* Ensure WOLFSSL_DEBUG_CERTS is always set when DEBUG_WOLFSSL is enabled */ -#ifdef DEBUG_WOLFSSL - #undef WOLFSSL_DEBUG_CERTS +/* Ensure WOLFSSL_DEBUG_CERTS is set when DEBUG_WOLFSSL is enabled, unless + * expressly requested otherwise. + */ +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_NO_DEBUG_CERTS) && \ + !defined(WOLFSSL_DEBUG_CERTS) #define WOLFSSL_DEBUG_CERTS #endif +/* Ensure WC_VERBOSE_RNG is set when DEBUG_WOLFSSL is enabled, unless expressly + * requested otherwise. Relies on a working WOLFSSL_DEBUG_PRINTF. + */ +#if defined(DEBUG_WOLFSSL) && defined(WOLFSSL_DEBUG_PRINTF) && \ + !defined(WC_NO_VERBOSE_RNG) && !defined(WC_VERBOSE_RNG) + #define WC_VERBOSE_RNG +#endif + #include /*------------------------------------------------------------*/ @@ -431,6 +444,8 @@ (WOLFSSL_FIPS_VERSION2_CODE >= WOLFSSL_MAKE_FIPS_VERSION(major,minor)) #define FIPS_VERSION_GT(major,minor) \ (WOLFSSL_FIPS_VERSION2_CODE > WOLFSSL_MAKE_FIPS_VERSION(major,minor)) +#define FIPS_VERSION_NE(major,minor) \ + (WOLFSSL_FIPS_VERSION2_CODE != WOLFSSL_MAKE_FIPS_VERSION(major,minor)) #define FIPS_VERSION3_LT(major,minor,patch) \ (WOLFSSL_FIPS_VERSION_CODE < WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch)) @@ -442,6 +457,31 @@ (WOLFSSL_FIPS_VERSION_CODE >= WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch)) #define FIPS_VERSION3_GT(major,minor,patch) \ (WOLFSSL_FIPS_VERSION_CODE > WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch)) +#define FIPS_VERSION3_NE(major,minor,patch) \ + (WOLFSSL_FIPS_VERSION_CODE != WOLFSSL_MAKE_FIPS_VERSION3(major,minor,patch)) + +#if defined(HAVE_FIPS) && !defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_4) + #if FIPS_VERSION3_GE(7,0,0) && !defined(WOLFSSL_FIPS_READY) + #ifndef WC_FIPS_186_5 + #define WC_FIPS_186_5 + #endif + #else + #ifndef WC_FIPS_186_4 + #define WC_FIPS_186_4 + #endif + #endif +#endif +#if defined(WC_FIPS_186_4) && defined(WC_FIPS_186_5) + #error Conflicting FIPS 186 settings. +#endif +#if (defined(WC_FIPS_186_4) || defined(WC_FIPS_186_5)) && \ + !defined(WC_FIPS_186_4_PLUS) + #define WC_FIPS_186_4_PLUS +#endif +#if defined(WC_FIPS_186_5) && !defined(WC_FIPS_186_5_PLUS) + #define WC_FIPS_186_5_PLUS +#endif + /*------------------------------------------------------------*/ @@ -729,7 +769,6 @@ * the "enable all" feature: */ #if defined(TEST_ESPIDF_ALL_WOLFSSL) #define WOLFSSL_MD2 - #define HAVE_BLAKE2 #define HAVE_BLAKE2B #define HAVE_BLAKE2S @@ -1851,8 +1890,7 @@ #else #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if ((xp)) _mem_free((xp));} #endif - - /* Note: MQX has no realloc, using fastmath above */ + #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), (void *)_mem_realloc((p), (n))) #endif #ifdef USE_FAST_MATH /* Undef first to avoid re-definition if user_settings.h defines */ @@ -2136,6 +2174,12 @@ #endif /* WOLFSSL_MAXQ1065 || WOLFSSL_MAXQ108X */ +/* Combined STSAFE macro - enables when either A100 or A120 is defined */ +#if defined(WOLFSSL_STSAFEA100) || defined(WOLFSSL_STSAFEA120) + #undef WOLFSSL_STSAFE + #define WOLFSSL_STSAFE +#endif + #if defined(WOLFSSL_STM32F2) || defined(WOLFSSL_STM32F4) || \ defined(WOLFSSL_STM32F7) || defined(WOLFSSL_STM32F1) || \ defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ @@ -2173,6 +2217,10 @@ #undef STM32_HASH #define STM32_HASH #endif + #ifndef NO_STM32_HMAC + #undef STM32_HMAC + #define STM32_HMAC + #endif #if !defined(__GNUC__) && !defined(__ICCARM__) #define KEIL_INTRINSICS #endif @@ -2591,7 +2639,19 @@ #endif /*(WOLFSSL_APACHE_MYNEWT)*/ #ifdef WOLFSSL_ZEPHYR - #include + #ifdef __cplusplus + } /* extern "C" */ + #endif + + #ifdef __has_include + #if __has_include() + #include + #else + #include + #endif + #else + #include + #endif #if KERNEL_VERSION_NUMBER >= 0x30100 #include #include @@ -2603,8 +2663,11 @@ #endif #include + #ifdef __cplusplus + extern "C" { + #endif + #define WOLFSSL_DH_CONST - #define WOLFSSL_HAVE_MAX #define NO_WRITEV #define NO_STDLIB_ISASCII @@ -2615,11 +2678,39 @@ void *z_realloc(void *ptr, size_t size); #define realloc z_realloc - #define max MAX + #if KERNEL_VERSION_NUMBER >= 0x40100 + /* Zephyr >= 4.1 removed CONFIG_NET_SOCKETS_POSIX_NAMES and the + * corresponding macro block in . + * Define our own compile-time remapping to zsock_* so that wolfSSL + * always calls Zephyr's network stack directly, avoiding host-libc + * symbol conflicts on native_sim. */ + #define socket zsock_socket + #define bind zsock_bind + #define connect zsock_connect + #define listen zsock_listen + #define accept zsock_accept + #define send zsock_send + #define recv zsock_recv + #define sendto zsock_sendto + #define recvfrom zsock_recvfrom + #define setsockopt zsock_setsockopt + #define getsockopt zsock_getsockopt + #define shutdown zsock_shutdown + #define getpeername zsock_getpeername + #define getsockname zsock_getsockname + /* Note: close, poll, inet_pton, inet_ntop are NOT remapped here. + * They are general POSIX functions still declared in Zephyr's POSIX + * headers; redefining them conflicts with __syscall declarations in + * . close is handled via CloseSocket in wolfio.h, + * inet_pton/inet_ntop via XINET_PTON/XINET_NTOP in wolfio.h. */ + #else + /* Zephyr < 4.1: define CONFIG_NET_SOCKETS_POSIX_NAMES so that + * provides the POSIX name remapping macros. */ #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API) #define CONFIG_NET_SOCKETS_POSIX_NAMES #endif + #endif #endif /* WOLFSSL_ZEPHYR */ #ifdef WOLFSSL_IMX6 @@ -2943,8 +3034,7 @@ /* Determine when mp_add_d is required. */ #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(OPENSSL_EXTRA) + !defined(NO_RSA) || defined(OPENSSL_EXTRA) #define WOLFSSL_SP_ADD_D #endif @@ -3081,14 +3171,16 @@ #endif #endif /* HAVE_ECC */ -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) && \ - !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) && \ - !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_STM32_PKA) - #undef USE_ECC_B_PARAM - #define USE_ECC_B_PARAM +/* The FIPS-validated ecc.c gates wc_ecc_point_is_on_curve behind + * USE_ECC_B_PARAM. That guard was removed from the non-FIPS tree (the + * function is now unconditionally compiled in). Force-define the flag + * when building with any FIPS module so the certified file still + * provides the symbol. */ + #if defined(HAVE_FIPS) && !defined(USE_ECC_B_PARAM) + #define USE_ECC_B_PARAM #endif + /* Curve25519 Configs */ #ifdef HAVE_CURVE25519 /* By default enable shared secret, key export and import */ @@ -3324,8 +3416,15 @@ #endif #endif +/* For setting.h/user_settings.h */ +#if defined(WOLFSSL_HAVE_SP_DH) && !defined(NO_DH) && \ + !defined(WOLFSSL_SP_4096) && (MIN_FFDHE_BITS >= 4096) + #define WOLFSSL_SP_4096 +#endif + /* if desktop type system and fastmath increase default max bits */ -#if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD) +#if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD) || \ + defined(OPENSSL_EXTRA) #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS) #if MIN_FFDHE_FP_MAX_BITS <= 8192 #define FP_MAX_BITS 8192 @@ -3354,6 +3453,8 @@ /* Default AES minimum auth tag sz, allow user to override */ #ifndef WOLFSSL_MIN_AUTH_TAG_SZ #define WOLFSSL_MIN_AUTH_TAG_SZ 12 +#elif WOLFSSL_MIN_AUTH_TAG_SZ < 1 + #error WOLFSSL_MIN_AUTH_TAG_SZ must be at least 1 #endif @@ -3682,9 +3783,6 @@ #ifndef WOLFSSL_KERNEL_MODE #define WOLFSSL_KERNEL_MODE #endif - #ifndef WOLFSSL_API_PREFIX_MAP - #define WOLFSSL_API_PREFIX_MAP - #endif #if defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG) && \ !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG) #define WOLFSSL_KERNEL_VERBOSE_DEBUG @@ -3717,21 +3815,11 @@ #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_OLD_PRIME_CHECK - #define WOLFSSL_OLD_PRIME_CHECK - #endif #ifdef LINUXKM_LKCAPI_REGISTER #ifndef WC_TEST_EXPORT_SUBTESTS #define WC_TEST_EXPORT_SUBTESTS #endif #endif - #ifndef WOLFSSL_TEST_SUBROUTINE - #ifdef WC_TEST_EXPORT_SUBTESTS - #define WOLFSSL_TEST_SUBROUTINE - #else - #define WOLFSSL_TEST_SUBROUTINE static - #endif - #endif #undef HAVE_PTHREAD /* linuxkm uses linux/string.h, included by linuxkm_wc_port.h. */ #undef HAVE_STRINGS_H @@ -3763,10 +3851,18 @@ #define WOLFSSL_NO_GETPID #endif /* WOLFSSL_NO_GETPID */ #ifndef SIZEOF_LONG - #define SIZEOF_LONG 8 + #ifdef __SIZEOF_LONG__ + #define SIZEOF_LONG __SIZEOF_LONG__ + #else + #define SIZEOF_LONG 8 + #endif #endif #ifndef SIZEOF_LONG_LONG - #define SIZEOF_LONG_LONG 8 + #ifdef __SIZEOF_LONG_LONG__ + #define SIZEOF_LONG_LONG __SIZEOF_LONG_LONG__ + #else + #define SIZEOF_LONG_LONG 8 + #endif #endif #define CHAR_BIT 8 #ifndef WOLFSSL_SP_DIV_64 @@ -3776,7 +3872,7 @@ #define WOLFSSL_SP_DIV_WORD_HALF #endif - #ifdef WC_PIE_RELOC_TABLES + #ifdef WC_SYM_RELOC_TABLES #ifndef WC_NO_INTERNAL_FUNCTION_POINTERS #define WC_NO_INTERNAL_FUNCTION_POINTERS #endif @@ -3792,21 +3888,6 @@ #undef HAVE_PUBLIC_FFDHE #endif - #ifndef NO_OLD_WC_NAMES - #define NO_OLD_WC_NAMES - #endif - #ifndef NO_OLD_SHA_NAMES - #define NO_OLD_SHA_NAMES - #endif - #ifndef NO_OLD_MD5_NAME - #define NO_OLD_MD5_NAME - #endif - #ifndef OPENSSL_COEXIST - #define OPENSSL_COEXIST - #endif - #ifndef NO_OLD_SSL_NAMES - #define NO_OLD_SSL_NAMES - #endif #undef WOLFSSL_MIN_AUTH_TAG_SZ #define WOLFSSL_MIN_AUTH_TAG_SZ 4 @@ -3816,22 +3897,10 @@ */ #define WOLFSSL_ASN_INT_LEAD_0_ANY #endif - - #if !defined(WC_RESEED_INTERVAL) && defined(LINUXKM_LKCAPI_REGISTER) - /* If installing handlers, use the maximum reseed interval allowed by - * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG - * generation. - */ - #if defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0) - #define WC_RESEED_INTERVAL UINT_MAX - #else - #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL) - #endif - #endif #if defined(__aarch64__) && !defined(WOLFSSL_AARCH64_PRIVILEGE_MODE) #define WOLFSSL_AARCH64_PRIVILEGE_MODE #endif -#endif +#endif /* WOLFSSL_LINUXKM */ /* FreeBSD Kernel Module */ #ifdef WOLFSSL_BSDKM @@ -3871,16 +3940,6 @@ #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_OLD_PRIME_CHECK - #define WOLFSSL_OLD_PRIME_CHECK - #endif - #ifndef WOLFSSL_TEST_SUBROUTINE - #ifndef NO_CRYPT_TEST - #define WOLFSSL_TEST_SUBROUTINE - #else - #define WOLFSSL_TEST_SUBROUTINE static - #endif - #endif /* bsdkm uses kernel headers, included in bsdkm_wc_port.h. */ #undef HAVE_PTHREAD #undef HAVE_STRINGS_H @@ -3911,6 +3970,19 @@ #define WOLFSSL_SP_DIV_WORD_HALF #endif + /* FreeBSD kernel defines its own min, max functions in sys/libkern.h */ + #undef WOLFSSL_HAVE_MIN + #define WOLFSSL_HAVE_MIN + + #undef WOLFSSL_HAVE_MAX + #define WOLFSSL_HAVE_MAX +#endif /* WOLFSSL_BSDKM */ + +/* Common setup for kernel mode builds */ +#ifdef WOLFSSL_KERNEL_MODE + #ifndef WOLFSSL_API_PREFIX_MAP + #define WOLFSSL_API_PREFIX_MAP + #endif #ifndef NO_OLD_WC_NAMES #define NO_OLD_WC_NAMES #endif @@ -3927,12 +3999,46 @@ #define NO_OLD_SSL_NAMES #endif - /* FreeBSD kernel defines its own min, max functions in sys/libkern.h */ - #undef WOLFSSL_HAVE_MIN - #define WOLFSSL_HAVE_MIN + #ifndef WOLFSSL_TEST_SUBROUTINE + #ifdef WC_TEST_EXPORT_SUBTESTS + #define WOLFSSL_TEST_SUBROUTINE + #else + #define WOLFSSL_TEST_SUBROUTINE static + #endif + #endif - #undef WOLFSSL_HAVE_MAX - #define WOLFSSL_HAVE_MAX + #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(WOLFSSL_NEW_PRIME_CHECK) && !defined(HAVE_FIPS) + #define WOLFSSL_OLD_PRIME_CHECK + #endif + + #ifndef WC_RESEED_INTERVAL + /* In kernel mode, use the maximum reseed interval allowed by + * NIST SP 800-90A Rev. 1, to avoid unnecessary delays in DRBG + * generation. + */ + #if defined(HAVE_FIPS) && \ + FIPS_VERSION_LT(6,0) && FIPS_VERSION3_NE(5,2,4) + #define WC_RESEED_INTERVAL UINT_MAX + #else + #define WC_RESEED_INTERVAL (((word64)1UL)<<48UL) + #endif + #endif + + #if !defined(WC_NO_VERBOSE_RNG) && !defined(WC_VERBOSE_RNG) + #define WC_VERBOSE_RNG + #endif + + #if WOLFSSL_GENERAL_ALIGNMENT < SIZEOF_LONG + #undef WOLFSSL_GENERAL_ALIGNMENT + #define WOLFSSL_GENERAL_ALIGNMENT SIZEOF_LONG + #endif +#endif /* WOLFSSL_KERNEL_MODE */ + +#if defined(WC_SYM_RELOC_TABLES) && defined(HAVE_FIPS) && \ + !defined(WC_PIE_RELOC_TABLES) + /* backward compat */ + #define WC_PIE_RELOC_TABLES #endif /* Place any other flags or defines here */ @@ -4242,6 +4348,16 @@ #define WOLFSSL_BASE64_DECODE #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) || \ + defined(HAVE_ECC_CDH) || defined(HAVE_SELFTEST) || \ + defined(WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE) || \ + defined(WOLFSSL_ENCRYPTED_KEYS) + #ifndef WOLFSSL_BASE16 + #define WOLFSSL_BASE16 + #endif +#endif + #if defined(FORTRESS) && !defined(HAVE_EX_DATA) #define HAVE_EX_DATA #endif @@ -4316,6 +4432,13 @@ without staticmemory (WOLFSSL_STATIC_MEMORY) #endif +/* Undefine WOLFSSL_SMALL_STACK_CACHE if WOLFSSL_SMALL_STACK is undefined -- + * they only work together. + */ +#if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_SMALL_STACK) + #undef WOLFSSL_SMALL_STACK_CACHE +#endif + /* If malloc is disabled make sure it is also disabled in SP math */ #if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_SP_NO_MALLOC) && \ (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) @@ -4346,7 +4469,7 @@ #endif #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) /* SP implementation supports numbers of SP_INT_BITS bits. */ - #define DH_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #define DH_MAX_SIZE WC_BITS_FULL_BYTES(SP_INT_BITS) #if defined(WOLFSSL_MYSQL_COMPATIBLE) && DH_MAX_SIZE < 8192 #error "MySQL needs SP_INT_BITS at least at 8192" #endif @@ -4464,15 +4587,22 @@ #define WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC #endif -#if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \ - !defined(WOLFSSL_DTLS_CH_FRAG) -#warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \ - "fail.Use --enable-dtls-frag-ch to enable it." +#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_MLKEM) && \ + defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS_CH_FRAG) +#define WOLFSSL_DTLS_CH_FRAG +#warning "WOLFSSL_DTLS_CH_FRAG is enabled to support PQC in DTLS 1.3" #endif #if !defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS_CH_FRAG) #error "WOLFSSL_DTLS_CH_FRAG only works with DTLS 1.3" #endif +#if defined(HAVE_PQC) && defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_PQC_HYBRIDS) && \ + defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) && !defined(WOLFCRYPT_ONLY) +#error "Neither PQ/T hybrid combinations nor ML-KEM as standalone TLS key " \ + "exchange are enabled" +#endif + /* SRTP requires DTLS */ #if defined(WOLFSSL_SRTP) && !defined(WOLFSSL_DTLS) #error The SRTP extension requires DTLS @@ -4548,9 +4678,14 @@ #define WOLFSSL_SHAKE256 #endif -/* SHAKE - Not allowed in FIPS v5.2 or older */ -#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2))) +/* SHAKE - Not allowed in FIPS v5.2 or older, or selftest without PQC. + * Exception: Allow SHAKE in selftest when MLKEM (Kyber) or Dilithium + * is enabled. + */ +#if defined(WOLFSSL_SHA3) && \ + ((defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2)) || \ + (defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_WC_DILITHIUM))) #undef WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE128 #undef WOLFSSL_NO_SHAKE256 @@ -4722,6 +4857,11 @@ #error "OPENSSL_ALL can not be defined with OPENSSL_COEXIST" #endif +/* OPENSSL_ALL requires WOLFSSL_IP_ALT_NAME for IP SAN verification. */ +#if defined(OPENSSL_ALL) && !defined(WOLFSSL_IP_ALT_NAME) + #error "OPENSSL_ALL requires WOLFSSL_IP_ALT_NAME" +#endif + #if !defined(NO_DSA) && defined(NO_SHA) #error "Please disable DSA if disabling SHA-1" #endif @@ -4750,11 +4890,250 @@ #endif #endif /* HAVE_ENTROPY_MEMUSE */ +/* ---------------------------------------------------------------------------*/ +/* Configuration validation rules */ +/* These enforce build constraints across all platforms */ +/* ---------------------------------------------------------------------------*/ + +/* Mutual Exclusivity Rules */ +#if defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_MATH_ALL) + #error "WOLFSSL_SP_MATH and WOLFSSL_SP_MATH_ALL are incompatible" +#endif +#if defined(WOLFCRYPT_ONLY) && defined(OPENSSL_ALL) + #error "WOLFCRYPT_ONLY and OPENSSL_ALL are mutually incompatible" +#endif +#if defined(WOLFSSL_MAX_STRENGTH) && defined(WOLFSSL_LEANPSK) + #error "Cannot use Max Strength and Lean PSK at the same time" +#endif +#if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(WOLFSSL_LEANTLS) + #error "Cannot use SCEP and Lean TLS at the same time" +#endif +#if defined(WOLFSSL_MAX_STRENGTH) && defined(WOLFSSL_ALLOW_SSLV3) + #error "Cannot use Max Strength and SSLv3 at the same time" +#endif + +/* Dependency Rules (Feature X requires Feature Y) */ +#if defined(WOLFSSL_SHA224) && defined(NO_SHA256) + #error "SHA-224 (WOLFSSL_SHA224) requires SHA-256" +#endif +#if defined(WOLFSSL_SM2) && !defined(HAVE_ECC) + #error "SM2 (WOLFSSL_SM2) requires ECC (HAVE_ECC)" +#endif +#if defined(HAVE_ECC_BRAINPOOL) && !defined(WOLFSSL_CUSTOM_CURVES) + #error "Brainpool curves (HAVE_ECC_BRAINPOOL) require WOLFSSL_CUSTOM_CURVES" +#endif +#if defined(FP_ECC) && !defined(HAVE_ECC) + #error "FP_ECC requires ECC (HAVE_ECC)" +#endif +#if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_ECC) + #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires ECC (HAVE_ECC)" +#endif +#if defined(HAVE_ECC_ENCRYPT) && !defined(HAVE_HKDF) + #error "ECC encrypt (HAVE_ECC_ENCRYPT) requires HKDF (HAVE_HKDF)" +#endif +#if defined(WOLFCRYPT_HAVE_ECCSI) && !defined(HAVE_ECC) + #error "ECCSI (WOLFCRYPT_HAVE_ECCSI) requires ECC (HAVE_ECC)" +#endif +#if defined(WOLFCRYPT_HAVE_SAKKE) && !defined(HAVE_ECC) + #error "SAKKE (WOLFCRYPT_HAVE_SAKKE) requires ECC (HAVE_ECC)" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(HAVE_ANON) && defined(NO_DH) + #error "Anonymous ciphers (HAVE_ANON) require DH" +#endif +#if defined(FORTRESS) && defined(NO_AES) + #error "Fortress (FORTRESS) requires AES" +#endif +#if defined(HAVE_AESGCM) && defined(NO_AES) + #error "AES-GCM (HAVE_AESGCM) requires AES" +#endif +#if defined(HAVE_AESCCM) && defined(NO_AES) + #error "AES-CCM (HAVE_AESCCM) requires AES" +#endif +#if defined(WOLFSSL_AES_COUNTER) && defined(NO_AES) + #error "AES-CTR (WOLFSSL_AES_COUNTER) requires AES" +#endif +#if defined(HAVE_ED448) && !defined(WOLFSSL_SHA512) + #error "ED448 (HAVE_ED448) requires SHA-512 (WOLFSSL_SHA512)" +#endif +#if defined(WOLFSSL_SHAKE128) && !defined(WOLFSSL_SHA3) + #error "SHAKE128 (WOLFSSL_SHAKE128) requires SHA-3 (WOLFSSL_SHA3)" +#endif +#if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_SHA3) + #error "SHAKE256 (WOLFSSL_SHAKE256) requires SHA-3 (WOLFSSL_SHA3)" +#endif +#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA) + #error "XChaCha (HAVE_XCHACHA) requires ChaCha (HAVE_CHACHA)" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \ + defined(NO_DH) + #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires DH" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_REQUIRE_FFDHE) && \ + !defined(HAVE_SUPPORTED_CURVES) + #error "FFDHE-only (WOLFSSL_REQUIRE_FFDHE) requires" \ + " Supported Curves (HAVE_SUPPORTED_CURVES)" +#endif +#if defined(HAVE_SCRYPT) && defined(NO_PWDBASED) + #error "scrypt (HAVE_SCRYPT) requires pwdbased" +#endif +#if defined(HAVE_OCSP) && defined(NO_ASN) + #error "OCSP (HAVE_OCSP) requires ASN" +#endif +#if defined(HAVE_SMIME) && defined(NO_ASN) + #error "S/MIME (HAVE_SMIME) requires ASN" +#endif +#if defined(HAVE_OCSP) && defined(NO_RSA) && !defined(HAVE_ECC) + #error "OCSP (HAVE_OCSP) requires RSA or ECC (HAVE_ECC)" +#endif +#if defined(HAVE_PKCS7) && defined(NO_RSA) && !defined(HAVE_ECC) + #error "PKCS7 (HAVE_PKCS7) requires RSA or ECC (HAVE_ECC)" +#endif +#if defined(HAVE_PKCS7) && defined(NO_SHA) && defined(NO_SHA256) + #error "PKCS7 (HAVE_PKCS7) requires SHA or SHA-256" +#endif +#if defined(WOLFSSL_HAVE_WOLFSCEP) && defined(NO_AES) && defined(NO_DES3) + #error "SCEP (WOLFSSL_HAVE_WOLFSCEP) requires AES or 3DES" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_SNIFFER) && \ + defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_CURVE25519) + #error "Sniffer (WOLFSSL_SNIFFER) requires RSA," \ + " ECC (HAVE_ECC), or Curve25519 (HAVE_CURVE25519)" +#endif +#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + defined(NO_ASN) && !defined(WOLFCRYPT_ONLY) + #error "RSA requires ASN (NO_ASN must not be defined)" +#endif +#if !defined(NO_DSA) && defined(NO_ASN) + #error "DSA requires ASN (NO_ASN must not be defined)" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && defined(NO_ASN) + #error "Enable PSK (NO_PSK must not be defined)" \ + " if disabling ASN (NO_ASN)" +#endif +#if defined(WOLFSSL_WOLFSSH) && defined(NO_HMAC) + #error "WOLFSSH (WOLFSSL_WOLFSSH) requires HMAC" +#endif + +/* Conflicting Feature Rules */ +#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) + #if defined(WOLFSSL_CUSTOM_CURVES) + #error "Cannot use SP math (WOLFSSL_SP_MATH)" \ + " with custom curves (WOLFSSL_CUSTOM_CURVES)" + #endif + #if !defined(NO_DSA) + #error "Cannot use single precision math (WOLFSSL_SP_MATH) and DSA" + #endif + #if defined(WOLFCRYPT_HAVE_SRP) + #error "Cannot use SP math (WOLFSSL_SP_MATH)" \ + " with SRP (WOLFCRYPT_HAVE_SRP)" + #endif +#endif +#if defined(USE_INTEGER_HEAP_MATH) && defined(WOLFSSL_STATIC_MEMORY) + #error "Heap math (USE_INTEGER_HEAP_MATH) is incompatible" \ + " with static memory (WOLFSSL_STATIC_MEMORY)" +#endif +#if defined(WC_16BIT_CPU) && \ + (defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) + #error "16-bit build (WC_16BIT_CPU) is not available with SP math" +#endif + +/* Streaming Feature Rules */ +#if defined(WOLFSSL_AESGCM_STREAM) && !defined(HAVE_AESGCM) + #error "AES-GCM streaming (WOLFSSL_AESGCM_STREAM)" \ + " requires AES-GCM (HAVE_AESGCM)" +#endif +#if defined(WOLFSSL_AESXTS_STREAM) && !defined(WOLFSSL_AES_XTS) + #error "AES-XTS streaming (WOLFSSL_AESXTS_STREAM)" \ + " requires AES-XTS (WOLFSSL_AES_XTS)" +#endif +#if defined(WOLFSSL_ED25519_STREAMING_VERIFY) && !defined(HAVE_ED25519) + #error "ED25519 streaming verify" \ + " (WOLFSSL_ED25519_STREAMING_VERIFY)" \ + " requires ED25519 (HAVE_ED25519)" +#endif +#if defined(WOLFSSL_ED448_STREAMING_VERIFY) && !defined(HAVE_ED448) + #error "ED448 streaming verify" \ + " (WOLFSSL_ED448_STREAMING_VERIFY)" \ + " requires ED448 (HAVE_ED448)" +#endif + +/* Accommodate legacy BLAKE gate. */ +#ifdef HAVE_BLAKE2 + #ifndef HAVE_BLAKE2B + #define HAVE_BLAKE2B + #endif + #undef HAVE_BLAKE2 +#endif + +/* QUIC Rules */ +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \ + !defined(WOLFSSL_TLS13) + #error "QUIC (WOLFSSL_QUIC) requires TLS 1.3 (WOLFSSL_TLS13)" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_QUIC) && \ + !defined(HAVE_AESGCM) + #error "QUIC (WOLFSSL_QUIC) requires AES-GCM (HAVE_AESGCM)" +#endif + +/* Crypto Callback Rules */ +#if defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && !defined(WOLF_CRYPTO_CB) + #error "Crypto callback SW test" \ + " (WC_TEST_NO_CRYPTOCB_SW_TEST)" \ + " requires WOLF_CRYPTO_CB" +#endif +#if defined(HAVE_PKCS11) && !defined(WOLF_CRYPTO_CB_FREE) + #define WOLF_CRYPTO_CB_FREE +#endif +#if (defined(WOLF_CRYPTO_CB_COPY) || defined(WOLF_CRYPTO_CB_FREE)) && \ + !defined(WOLF_CRYPTO_CB) + #error "Crypto callback utilities" \ + " (WOLF_CRYPTO_CB_COPY/WOLF_CRYPTO_CB_FREE)" \ + " require WOLF_CRYPTO_CB" +#endif + +/* Early Data / Session Rules */ +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \ + !defined(WOLFSSL_TLS13) + #error "Early data requires TLS 1.3 (WOLFSSL_TLS13)" +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(WOLFSSL_EARLY_DATA) && \ + !defined(HAVE_SESSION_TICKET) && defined(NO_PSK) + #error "Early data requires session tickets (HAVE_SESSION_TICKET) or PSK" +#endif + +/* DES3 TLS Suite Rule - auto-disable DES3 TLS suites when DES3 is disabled */ +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_DES3_TLS_SUITES) && \ + defined(NO_DES3) + #define NO_DES3_TLS_SUITES +#endif + #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) && \ !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) #error "If TLS is enabled please make sure either client or server is enabled." #endif +#if defined(WC_RNG_BANK_SUPPORT) && defined(NO_ASN_TIME) + #undef WC_RNG_BANK_SUPPORT +#endif + +#ifdef HAVE_OCSP_RESPONDER + #ifndef HAVE_OCSP + #error "HAVE_OCSP_RESPONDER requires HAVE_OCSP" + #endif + #ifndef WOLFSSL_ASN_TEMPLATE + #error "HAVE_OCSP_RESPONDER requires WOLFSSL_ASN_TEMPLATE" + #endif + #ifdef NO_CERTS + #error "HAVE_OCSP_RESPONDER incompatible with NO_CERTS" + #endif + #ifndef WOLFSSL_CERT_GEN + #error "HAVE_OCSP_RESPONDER requires WOLFSSL_CERT_GEN" + #endif + #ifdef NO_SHA + #error "HAVE_OCSP_RESPONDER requires SHA-1 (NO_SHA is defined)" + #endif +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -101,12 +101,10 @@ #endif /* in bytes */ -enum { - WC_SHA = WC_HASH_TYPE_SHA, - WC_SHA_BLOCK_SIZE = 64, - WC_SHA_DIGEST_SIZE = 20, - WC_SHA_PAD_SIZE = 56 -}; +#define WC_SHA WC_HASH_TYPE_SHA +#define WC_SHA_BLOCK_SIZE 64 +#define WC_SHA_DIGEST_SIZE 20 +#define WC_SHA_PAD_SIZE 56 #if defined(WOLFSSL_TI_HASH) @@ -175,9 +173,6 @@ int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) - wc_MXC_Sha mxcCtx; -#endif #ifdef WOLFSSL_IMXRT1170_CAAM caam_hash_ctx_t ctx; caam_handle_t hndl; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha256.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -102,13 +102,7 @@ #define WOLFSSL_NO_HASH_RAW #endif -#if defined(_MSC_VER) - #define SHA256_NOINLINE __declspec(noinline) -#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define SHA256_NOINLINE __attribute__((noinline)) -#else - #define SHA256_NOINLINE -#endif +#define SHA256_NOINLINE WC_NO_INLINE #if !defined(NO_OLD_SHA_NAMES) #define SHA256 WC_SHA256 @@ -122,12 +116,10 @@ #endif /* in bytes */ -enum { - WC_SHA256 = WC_HASH_TYPE_SHA256, - WC_SHA256_BLOCK_SIZE = 64, - WC_SHA256_DIGEST_SIZE = 32, - WC_SHA256_PAD_SIZE = 56 -}; +#define WC_SHA256 WC_HASH_TYPE_SHA256 +#define WC_SHA256_BLOCK_SIZE 64 +#define WC_SHA256_DIGEST_SIZE 32 +#define WC_SHA256_PAD_SIZE 56 #ifdef WOLFSSL_TI_HASH @@ -215,9 +207,6 @@ #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; #endif -#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) - wc_MXC_Sha mxcCtx; -#endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; @@ -312,12 +301,10 @@ #endif /* in bytes */ -enum { - WC_SHA224 = WC_HASH_TYPE_SHA224, - WC_SHA224_BLOCK_SIZE = WC_SHA256_BLOCK_SIZE, - WC_SHA224_DIGEST_SIZE = 28, - WC_SHA224_PAD_SIZE = WC_SHA256_PAD_SIZE -}; +#define WC_SHA224 WC_HASH_TYPE_SHA224 +#define WC_SHA224_BLOCK_SIZE WC_SHA256_BLOCK_SIZE +#define WC_SHA224_DIGEST_SIZE 28 +#define WC_SHA224_PAD_SIZE WC_SHA256_PAD_SIZE #ifndef WC_SHA224_TYPE_DEFINED diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -86,8 +86,11 @@ WC_SHA3_256_BLOCK_SIZE = 136, WC_SHA3_384_BLOCK_SIZE = 104, WC_SHA3_512_BLOCK_SIZE = 72, +#else + /* For SELFTEST version < 2, define WC_SHA3_128_BLOCK_SIZE + * for Kyber/Dilithium */ + WC_SHA3_128_BLOCK_SIZE = 168, #endif - WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_SHA3) }; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sha512.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -80,13 +80,7 @@ #include #endif -#if defined(_MSC_VER) - #define SHA512_NOINLINE __declspec(noinline) -#elif defined(__IAR_SYSTEMS_ICC__) || defined(__GNUC__) - #define SHA512_NOINLINE __attribute__((noinline)) -#else - #define SHA512_NOINLINE -#endif +#define SHA512_NOINLINE WC_NO_INLINE #ifdef WOLFSSL_SHA512 @@ -104,28 +98,26 @@ #endif /* WOLFSSL_SHA512 */ /* in bytes */ -enum { #ifdef WOLFSSL_SHA512 - WC_SHA512 = WC_HASH_TYPE_SHA512, + #define WC_SHA512 WC_HASH_TYPE_SHA512 #ifndef WOLFSSL_NOSHA512_224 - WC_SHA512_224 = WC_HASH_TYPE_SHA512_224, + #define WC_SHA512_224 WC_HASH_TYPE_SHA512_224 #endif #ifndef WOLFSSL_NOSHA512_256 - WC_SHA512_256 = WC_HASH_TYPE_SHA512_256, + #define WC_SHA512_256 WC_HASH_TYPE_SHA512_256 #endif #endif - WC_SHA512_BLOCK_SIZE = 128, - WC_SHA512_DIGEST_SIZE = 64, - WC_SHA512_PAD_SIZE = 112, - - WC_SHA512_224_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, - WC_SHA512_224_DIGEST_SIZE = 28, - WC_SHA512_224_PAD_SIZE = WC_SHA512_PAD_SIZE, - - WC_SHA512_256_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, - WC_SHA512_256_DIGEST_SIZE = 32, - WC_SHA512_256_PAD_SIZE = WC_SHA512_PAD_SIZE -}; + #define WC_SHA512_BLOCK_SIZE 128 + #define WC_SHA512_DIGEST_SIZE 64 + #define WC_SHA512_PAD_SIZE 112 + + #define WC_SHA512_224_BLOCK_SIZE WC_SHA512_BLOCK_SIZE + #define WC_SHA512_224_DIGEST_SIZE 28 + #define WC_SHA512_224_PAD_SIZE WC_SHA512_PAD_SIZE + + #define WC_SHA512_256_BLOCK_SIZE WC_SHA512_BLOCK_SIZE + #define WC_SHA512_256_DIGEST_SIZE 32 + #define WC_SHA512_256_PAD_SIZE WC_SHA512_PAD_SIZE #if defined(WOLFSSL_IMX6_CAAM) && !defined(WOLFSSL_QNX_CAAM) @@ -195,9 +187,6 @@ int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) - wc_MXC_Sha mxcCtx; -#endif #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif @@ -229,7 +218,7 @@ #endif /* HAVE_FIPS */ -#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) +#if defined(WOLFSSL_SHA512) #ifdef WOLFSSL_ARMASM #if !defined(WOLFSSL_ARMASM_NO_NEON) @@ -330,12 +319,10 @@ #endif /* in bytes */ -enum { - WC_SHA384 = WC_HASH_TYPE_SHA384, - WC_SHA384_BLOCK_SIZE = WC_SHA512_BLOCK_SIZE, - WC_SHA384_DIGEST_SIZE = 48, - WC_SHA384_PAD_SIZE = WC_SHA512_PAD_SIZE -}; + #define WC_SHA384 WC_HASH_TYPE_SHA384 + #define WC_SHA384_BLOCK_SIZE WC_SHA512_BLOCK_SIZE + #define WC_SHA384_DIGEST_SIZE 48 + #define WC_SHA384_PAD_SIZE WC_SHA512_PAD_SIZE #ifndef WC_SHA384_TYPE_DEFINED diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/signature.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/signature.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/signature.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/signature.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -49,35 +49,35 @@ enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, const byte* sig, word32 sig_len, - const void* key, word32 key_len); + void* key, word32 key_len); WOLFSSL_API int wc_SignatureVerify( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, const byte* sig, word32 sig_len, - const void* key, word32 key_len); + void* key, word32 key_len); WOLFSSL_API int wc_SignatureGenerateHash( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng); + void* key, word32 key_len, WC_RNG* rng); WOLFSSL_API int wc_SignatureGenerateHash_ex( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* hash_data, word32 hash_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng, int verify); + void* key, word32 key_len, WC_RNG* rng, int verify); WOLFSSL_API int wc_SignatureGenerate( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, + void* key, word32 key_len, WC_RNG* rng); WOLFSSL_API int wc_SignatureGenerate_ex( enum wc_HashType hash_type, enum wc_SignatureType sig_type, const byte* data, word32 data_len, byte* sig, word32 *sig_len, - const void* key, word32 key_len, + void* key, word32 key_len, WC_RNG* rng, int verify); #ifdef __cplusplus diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/siphash.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/siphash.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/siphash.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/siphash.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* siphash.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm2.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm2.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm2.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm2.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm2.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm3.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm3.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm3.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm3.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm3.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm4.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm4.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm4.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sm4.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sm4.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,6 +26,10 @@ #include #include +#if defined(__riscv) && (__riscv_xlen == 32) && !defined(__riscv_mul) + #define SP_NO_MUL_INSTRUCTION +#endif + #if defined(WOLFSSL_HAVE_SP_RSA) || defined(WOLFSSL_HAVE_SP_DH) || \ defined(WOLFSSL_HAVE_SP_ECC) #ifdef _WIN32_WCE @@ -48,18 +52,7 @@ #undef WOLFSSL_HAVE_SP_ECC #endif -#ifdef noinline - #define SP_NOINLINE noinline -#elif defined(_MSC_VER) - #define SP_NOINLINE __declspec(noinline) -#elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - #define SP_NOINLINE _Pragma("inline = never") -#elif defined(__GNUC__) || defined(__KEIL__) || defined(__DCC__) - #define SP_NOINLINE __attribute__((noinline)) -#else - #define SP_NOINLINE -#endif - +#define SP_NOINLINE WC_NO_INLINE #ifdef __cplusplus extern "C" { diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sp_int.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/sphincs.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* sphincs.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -83,8 +83,8 @@ /* Structs */ struct sphincs_key { - bool pubKeySet; - bool prvKeySet; + WC_BITFIELD pubKeySet:1; + WC_BITFIELD prvKeySet:1; byte level; /* 1,3 or 5 */ byte optim; /* FAST_VARIANT or SMALL_VARIANT */ byte p[SPHINCS_MAX_PUB_KEY_SIZE]; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/srp.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/srp.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/srp.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/srp.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/tfm.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -843,7 +843,7 @@ MP_API int mp_div(mp_int * a, mp_int * b, mp_int * c, mp_int * d); -MP_API int mp_cmp(mp_int *a, mp_int *b); +MP_API int mp_cmp(const mp_int *a, const mp_int *b); #define mp_cmp_ct(a, b, n) mp_cmp(a, b) MP_API int mp_cmp_d(mp_int *a, mp_digit b); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/types.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -125,7 +125,7 @@ /* if a version is available, pivot on the version, otherwise guess it's * disallowed, subject to override. */ - #if !defined(WOLF_C89) && (!defined(__STDC__) \ + #if !defined(WOLF_C89) && !defined(_MSC_VER) && (!defined(__STDC__) \ || (!defined(__STDC_VERSION__) && !defined(__cplusplus)) \ || (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201101L)) \ || (defined(__cplusplus) && (__cplusplus >= 201103L))) @@ -255,6 +255,23 @@ #endif #endif +#if defined(HAVE___UINT128_T) && !defined(NO_INT128) + #ifndef WOLFSSL_UINT128_T_DEFINED + #ifdef __SIZEOF_INT128__ + typedef __uint128_t uint128_t; + typedef __int128_t int128_t; + typedef __uint128_t word128; + typedef __int128_t sword128; + #else + typedef unsigned long uint128_t __attribute__ ((mode(TI))); + typedef long int128_t __attribute__ ((mode(TI))); + typedef uint128_t word128; + typedef int128_t sword128; + #endif + #define WOLFSSL_UINT128_T_DEFINED + #endif +#endif + #if (defined(_MSC_VER) && (_MSC_VER == 1200)) || /* MSVC6 */ \ (defined(_MSC_VER) && !defined(WOLFSSL_NOT_WINDOWS_API)) || \ defined(__BCPLUSPLUS__) || \ @@ -307,8 +324,11 @@ #endif #if defined(WORD64_AVAILABLE) && !defined(WC_16BIT_CPU) - /* These platforms have 64-bit CPU registers. */ - #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ + #if defined(WC_64BIT_CPU) + /* explicitly configured for 64 bit. */ + #elif defined(WC_32BIT_CPU) + /* explicitly configured for 32 bit. */ + #elif (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ (defined(__mips64) && \ ((defined(_ABI64) && (_MIPS_SIM == _ABI64)) || \ (defined(_ABIO64) && (_MIPS_SIM == _ABIO64)))) || \ @@ -317,6 +337,7 @@ (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \ defined(__aarch64__) || defined(__ppc64__) || \ (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))) + /* The above platforms have 64-bit CPU registers. */ #define WC_64BIT_CPU #elif (defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64)) @@ -876,6 +897,13 @@ ONFAIL; \ } \ } while (0) + #define WC_CALLOC_VAR_EX(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP, TY, ONFAIL)\ + do { \ + WC_ALLOC_VAR_EX(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP, TY, ONFAIL);\ + if ((VAR_NAME) != NULL) { \ + XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE) * (VAR_SIZE)); \ + } \ + } while (0) #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ do { \ WC_ALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP); \ @@ -905,7 +933,9 @@ WC_DO_NOTHING #define WC_VAR_OK(VAR_NAME) 1 #define WC_CALLOC_VAR(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP) \ - XMEMSET(VAR_NAME, 0, sizeof(var)) + XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE)) + #define WC_CALLOC_VAR_EX(VAR_NAME, VAR_TYPE, VAR_SIZE, HEAP, TY, ONFAIL)\ + XMEMSET(VAR_NAME, 0, sizeof(VAR_TYPE)) #define WC_FREE_VAR(VAR_NAME, HEAP) WC_DO_NOTHING \ /* nothing to free, its stack */ #define WC_FREE_VAR_EX(VAR_NAME, HEAP, TYPE) WC_DO_NOTHING @@ -1233,7 +1263,7 @@ #ifndef WC_OFFSETOF #if defined(__clang__) || (defined(__GNUC__) && (__GNUC__ >= 4)) #define WC_OFFSETOF(type, field) __builtin_offsetof(type, field) - #elif defined(__WATCOMC__) + #elif defined(__WATCOMC__) || defined(__IAR_SYSTEMS_ICC__) #include #define WC_OFFSETOF offsetof #else @@ -1348,6 +1378,9 @@ DYNAMIC_TYPE_X509_ACERT = 103, DYNAMIC_TYPE_OS_BUF = 104, DYNAMIC_TYPE_ASCON = 105, + DYNAMIC_TYPE_SHA = 106, + DYNAMIC_TYPE_SLHDSA = 107, + DYNAMIC_TYPE_OCSP_RESPONSE = 108, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, @@ -1426,7 +1459,13 @@ WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 19, - WC_HASH_TYPE_MAX = WC_HASH_TYPE_BLAKE2S, + WC_HASH_TYPE_SHA512_224 = 22, + WC_HASH_TYPE_SHA512_256 = 23, + WC_HASH_TYPE_SHAKE128 = 20, + WC_HASH_TYPE_SHAKE256 = 21, + WC_HASH_TYPE_SM3 = 24, + WC_HASH_TYPE_MAX = WC_HASH_TYPE_SM3 + #ifndef WOLFSSL_NOSHA512_224 #define WOLFSSL_NOSHA512_224 #endif @@ -1450,34 +1489,12 @@ WC_HASH_TYPE_SHA3_512 = 13, WC_HASH_TYPE_BLAKE2B = 14, WC_HASH_TYPE_BLAKE2S = 15, - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_BLAKE2S - #ifndef WOLFSSL_NOSHA512_224 - WC_HASH_TYPE_SHA512_224 = 16, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_224 - #endif - #ifndef WOLFSSL_NOSHA512_256 - WC_HASH_TYPE_SHA512_256 = 17, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHA512_256 - #endif - #ifdef WOLFSSL_SHAKE128 - WC_HASH_TYPE_SHAKE128 = 18, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE128 - #endif - #ifdef WOLFSSL_SHAKE256 - WC_HASH_TYPE_SHAKE256 = 19, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SHAKE256 - #endif - #ifdef WOLFSSL_SM3 - WC_HASH_TYPE_SM3 = 20, - #undef _WC_HASH_TYPE_MAX - #define _WC_HASH_TYPE_MAX WC_HASH_TYPE_SM3 - #endif - WC_HASH_TYPE_MAX = _WC_HASH_TYPE_MAX - #undef _WC_HASH_TYPE_MAX + WC_HASH_TYPE_SHA512_224 = 16, + WC_HASH_TYPE_SHA512_256 = 17, + WC_HASH_TYPE_SHAKE128 = 18, + WC_HASH_TYPE_SHAKE256 = 19, + WC_HASH_TYPE_SM3 = 20, + WC_HASH_TYPE_MAX = WC_HASH_TYPE_SM3 #endif /* HAVE_SELFTEST */ }; @@ -2030,6 +2047,33 @@ #define WC_NORETURN #endif +#ifdef __has_attribute +#if __has_attribute(nonnull) + #ifndef WC_ARG_NOT_NULL + #define WC_ARG_NOT_NULL(a) __attribute__((nonnull(a))) + #endif + #ifndef WC_ARGS_NOT_NULL + /* double-parenthesize, a la WC_ARGS_NOT_NULL((1, 2)) -- this approach + * maintains compatibility with WOLF_NO_VARIADIC_MACROS. + */ + #define WC_ARGS_NOT_NULL(p_a) __attribute__((nonnull p_a)) + #endif + #ifndef WC_ALL_ARGS_NOT_NULL + #define WC_ALL_ARGS_NOT_NULL __attribute__((nonnull)) + #endif +#endif /* __has_attribute(nonnull) */ +#endif /* defined(__has_attribute) */ + +#ifndef WC_ARG_NOT_NULL + #define WC_ARG_NOT_NULL(a) /* null expansion */ +#endif +#ifndef WC_ARGS_NOT_NULL + #define WC_ARGS_NOT_NULL(p_a) /* null expansion */ +#endif +#ifndef WC_ALL_ARGS_NOT_NULL + #define WC_ALL_ARGS_NOT_NULL +#endif + #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ defined(WOLFSSL_DEBUG_MATH) || defined(DEBUG_WOLFSSL) || \ defined(WOLFSSL_PUBLIC_MP) || defined(OPENSSL_EXTRA) || \ @@ -2080,7 +2124,9 @@ #define wc_static_assert(expr) struct wc_static_assert_dummy_struct #define wc_static_assert2(expr, msg) wc_static_assert(expr) #elif !defined(wc_static_assert) - #if defined(WOLFSSL_HAVE_ASSERT_H) && !defined(WOLFSSL_NO_ASSERT_H) + #if !defined(WOLFSSL_NO_ASSERT_H) && (defined(WOLFSSL_HAVE_ASSERT_H) || \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)) || \ + (defined(__cplusplus) && (__cplusplus >= 201103L))) #include #endif #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ @@ -2272,7 +2318,7 @@ MAX_ENCODED_SIG_SZ = FP_MAX_BITS / 8, #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ defined(SP_INT_BITS) - MAX_ENCODED_SIG_SZ = (SP_INT_BITS + 7) / 8, + MAX_ENCODED_SIG_SZ = WC_BITS_TO_BYTES(SP_INT_BITS), #elif defined(WOLFSSL_HAPROXY) MAX_ENCODED_SIG_SZ = 1024, /* Supports 8192 bit keys */ #else @@ -2343,7 +2389,7 @@ #define MAX_SIG_SZ MAX_ENCODED_SIG_SZ -#ifdef WOLFSSL_CERT_GEN +#if defined(WOLFSSL_CERT_GEN) || defined(HAVE_OCSP_RESPONDER) /* Used in asn.c MakeSignature for ECC and RSA non-blocking/async */ enum CertSignState { CERTSIGN_STATE_BEGIN, @@ -2370,12 +2416,13 @@ #ifndef NO_RSA int encSigSz; #endif + int digestSz; + int typeH; /* Hash algorithm type for encoding */ int state; /* enum CertSignState */ } CertSignCtx; #endif /* WOLFSSL_CERT_GEN */ - #ifdef __cplusplus } /* extern "C" */ #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/visibility.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_encrypt.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_encrypt.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_encrypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_encrypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -114,8 +114,8 @@ #ifndef NO_PWDBASED WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, - byte* salt, int saltSz, int iterations, int id, byte* input, int length, - int version, byte* cbcIv, int enc, int shaOid); + const byte* salt, int saltSz, int iterations, int id, byte* input, + int length, int version, byte* cbcIv, int enc, int shaOid); #endif #ifdef __cplusplus diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_lms.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_lms.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -95,6 +95,12 @@ #include #include +/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), + * fall back to using the full hash API calls. */ +#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_LMS_FULL_HASH) + #define WC_LMS_FULL_HASH +#endif + #ifdef WOLFSSL_LMS_MAX_LEVELS /* Maximum number of levels of trees supported by implementation. */ #define LMS_MAX_LEVELS WOLFSSL_LMS_MAX_LEVELS diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_mlkem.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_mlkem.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_mlkem.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_mlkem.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_mlkem.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -44,15 +44,7 @@ #define WOLFSSL_MLKEM_NO_DECAPSULATE #endif -#ifdef noinline - #define MLKEM_NOINLINE noinline -#elif defined(_MSC_VER) - #define MLKEM_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) - #define MLKEM_NOINLINE __attribute__((noinline)) -#else - #define MLKEM_NOINLINE -#endif +#define MLKEM_NOINLINE WC_NO_INLINE enum { /* Flags of Kyber keys. */ @@ -71,7 +63,7 @@ MLKEM_COMP_4BITS = 4, MLKEM_COMP_5BITS = 5, MLKEM_COMP_10BITS = 10, - MLKEM_COMP_11BITS = 11, + MLKEM_COMP_11BITS = 11 }; @@ -238,6 +230,8 @@ void mlkem_from_bytes(sword16* p, const byte* b, int k); WOLFSSL_LOCAL void mlkem_to_bytes(byte* b, sword16* p, int k); +WOLFSSL_LOCAL +int mlkem_check_public(sword16* p, int k); #ifdef USE_INTEL_SPEEDUP WOLFSSL_LOCAL diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_pkcs11.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_pkcs11.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_pkcs11.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_pkcs11.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,13 +37,21 @@ extern "C" { #endif +enum Pkcs11InterfaceVersionType { + WC_PCKS11VERSION_2_20, + WC_PCKS11VERSION_2_40, + WC_PCKS11VERSION_3_0, + WC_PCKS11VERSION_3_1, + WC_PCKS11VERSION_3_2, +}; typedef struct Pkcs11Dev { -#ifndef HAVE_PKCS11_STATIC +#if !defined(HAVE_PKCS11_STATIC) && !defined(HAVE_PKCS11_V3_STATIC) void* dlHandle; /* Handle to library */ #endif CK_FUNCTION_LIST* func; /* Array of functions */ void* heap; + int version; /* Pkcs11InterfaceVersionType */ } Pkcs11Dev; typedef struct Pkcs11Token { @@ -53,12 +61,14 @@ CK_UTF8CHAR_PTR userPin; /* User's PIN to login with */ CK_ULONG userPinSz; /* Size of user's PIN in bytes */ byte userPinLogin:1; /* Login with User's PIN */ + int version; /* Pkcs11InterfaceVersionType */ } Pkcs11Token; typedef struct Pkcs11Session { CK_FUNCTION_LIST* func; /* Table of PKCS#11 function from lib */ CK_SLOT_ID slotId; /* Id of slot to use */ CK_SESSION_HANDLE handle; /* Handle to active session */ + int version; /* Pkcs11InterfaceVersionType */ } Pkcs11Session; /* Types of keys that can be stored. */ @@ -68,12 +78,15 @@ PKCS11_KEY_TYPE_HMAC, PKCS11_KEY_TYPE_RSA, PKCS11_KEY_TYPE_EC, + PKCS11_KEY_TYPE_MLDSA, }; WOLFSSL_API int wc_Pkcs11_Initialize(Pkcs11Dev* dev, const char* library, void* heap); WOLFSSL_API int wc_Pkcs11_Initialize_ex(Pkcs11Dev* dev, const char* library, void* heap, CK_RV* rvp); +WOLFSSL_API int wc_Pkcs11_Initialize_v3(Pkcs11Dev* dev, const char* library, + void* heap, int* version, const char* interfaceName, CK_RV* rvp); WOLFSSL_API void wc_Pkcs11_Finalize(Pkcs11Dev* dev); WOLFSSL_API int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_port.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,7 +76,7 @@ #endif /* !WARN_UNUSED_RESULT */ #ifndef WC_MAYBE_UNUSED - #if (defined(__GNUC__) && (__GNUC__ >= 4)) || defined(__clang__) || \ + #if (defined(__GNUC__) && (__GNUC__ >= 3)) || defined(__clang__) || \ defined(__IAR_SYSTEMS_ICC__) #define WC_MAYBE_UNUSED __attribute__((unused)) #else @@ -95,8 +95,8 @@ #elif defined(__WATCOMC__) /* Watcom macro needs to expand to something, here just a comment: */ #define WC_DEPRECATED(msg) /* null expansion */ - #elif defined(_MSC_VER) || defined(__MINGW32__) || defined(__CYGWIN__) || \ - defined(_WIN32_WCE) + #elif (defined(_MSC_VER) && _MSC_VER >= 1400) || defined(__MINGW32__) || \ + defined(__CYGWIN__) || defined(_WIN32_WCE) #define WC_DEPRECATED(msg) __declspec(deprecated(msg)) #elif (defined(__GNUC__) && (__GNUC__ >= 4)) || \ defined(__IAR_SYSTEMS_ICC__) @@ -104,7 +104,7 @@ #else #define WC_DEPRECATED(msg) /* null expansion */ #endif -#endif /* !WC_MAYBE_UNUSED */ +#endif /* !WC_DEPRECATED */ /* use inlining if compiler allows */ #ifndef WC_INLINE @@ -143,6 +143,20 @@ #endif #endif +#ifndef WC_NO_INLINE + #ifdef noinline + #define WC_NO_INLINE noinline + #elif defined(_MSC_VER) + #define WC_NO_INLINE __declspec(noinline) + #elif defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) + #define WC_NO_INLINE _Pragma("inline = never") + #elif defined(__GNUC__) || defined(__KEIL__) || defined(__DCC__) + #define WC_NO_INLINE __attribute__((noinline)) + #else + #define WC_NO_INLINE + #endif +#endif + #ifndef WC_OMIT_FRAME_POINTER #if defined(__GNUC__) #define WC_OMIT_FRAME_POINTER \ @@ -283,24 +297,43 @@ #elif defined(WOLFSSL_APACHE_MYNEWT) /* do nothing */ #elif defined(WOLFSSL_ZEPHYR) - #include + #ifdef __cplusplus + } /* extern "C" */ + #endif + + #ifdef __has_include + #if __has_include() + #include + #else + #include + #endif + #else + #include + #endif + /* Include sys/types.h early so host libc sets __timer_t_defined + * before Zephyr's posix_types.h can define a conflicting timer_t */ + #include #ifndef SINGLE_THREADED #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS) #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS" #endif - #ifdef max - #undef max - #endif - #if KERNEL_VERSION_NUMBER >= 0x30100 - #include - #include - #include - #else - #include - #include - #include + #if KERNEL_VERSION_NUMBER >= 0x30100 + #include + #ifndef CONFIG_ARCH_POSIX + #include + #include + #endif + #else + #include + #ifndef CONFIG_ARCH_POSIX + #include + #include + #endif + #endif #endif - #define max MAX + + #ifdef __cplusplus + extern "C" { #endif #elif defined(WOLFSSL_TELIT_M2MB) @@ -506,7 +539,8 @@ * should not be included. Use FreeBSD instead. * definitions are in bsdkm/bsdkm_wc_port.h */ #elif defined(HAVE_C___ATOMIC) && defined(WOLFSSL_HAVE_ATOMIC_H) && \ - !defined(__cplusplus) + !defined(__cplusplus) && \ + !(defined(__clang__) && defined(WOLFSSL_KERNEL_MODE)) /* Default C Implementation */ #include typedef atomic_int wolfSSL_Atomic_Int; @@ -552,7 +586,7 @@ #define WOLFSSL_ATOMIC_STORE(x, val) (x) = (val) #endif /* WOLFSSL_NO_ATOMICS */ -/* WOLFSSL_ATOMIC_COERCE_INT() needs to accept either a regular int or an +/* WOLFSSL_ATOMIC_COERCE_INT() needs to accept either a regular int or a * wolfSSL_Atomic_Int as its argument, and evaluate to a regular int. * Allows a user-supplied override definition with type introspection. */ @@ -580,6 +614,8 @@ WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); WOLFSSL_API int wolfSSL_Atomic_Int_AddFetch(wolfSSL_Atomic_Int* c, int i); WOLFSSL_API int wolfSSL_Atomic_Int_SubFetch(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_Exchange( + wolfSSL_Atomic_Int* c, int new_i); WOLFSSL_API int wolfSSL_Atomic_Int_CompareExchange( wolfSSL_Atomic_Int* c, int *expected_i, int new_i); WOLFSSL_API unsigned int wolfSSL_Atomic_Uint_FetchAdd( @@ -593,7 +629,7 @@ WOLFSSL_API int wolfSSL_Atomic_Uint_CompareExchange( wolfSSL_Atomic_Uint* c, unsigned int *expected_i, unsigned int new_i); WOLFSSL_API int wolfSSL_Atomic_Ptr_CompareExchange( - void** c, void **expected_ptr, void *new_ptr); + void* volatile * c, void **expected_ptr, void *new_ptr); #else /* Code using these fallback implementations in non-SINGLE_THREADED builds * needs to arrange its own explicit fallback to int for wolfSSL_Atomic_Int @@ -619,6 +655,13 @@ static WC_INLINE int wolfSSL_Atomic_Int_SubFetch(int *c, int i) { return (*c -= i); } + static WC_INLINE int wolfSSL_Atomic_Int_Exchange( + int *c, int new_i) + { + int ret = *c; + *c = new_i; + return ret; + } static WC_INLINE int wolfSSL_Atomic_Int_CompareExchange( int *c, int *expected_i, int new_i) { @@ -632,14 +675,14 @@ } } static WC_INLINE int wolfSSL_Atomic_Ptr_CompareExchange( - void **c, void *expected_ptr, void *new_ptr) + void * volatile *c, void **expected_ptr, void *new_ptr) { - if (*(char **)c == *(char **)expected_ptr) { - *(char **)c = (char *)new_ptr; + if (*(char * volatile *)c == *(char **)expected_ptr) { + *(char * volatile *)c = (char *)new_ptr; return 1; } else { - *(char **)expected_ptr = *(char **)c; + *(char * volatile *)expected_ptr = *(char * volatile *)c; return 0; } } @@ -688,13 +731,15 @@ #endif int count; } wolfSSL_RefWithMutex; - +#define wolfSSL_RefWithMutexCur(ref) ((ref).count) #if defined(WOLFSSL_ATOMIC_OPS) && !defined(SINGLE_THREADED) typedef struct wolfSSL_Ref { wolfSSL_Atomic_Int count; } wolfSSL_Ref; +#define wolfSSL_RefCur(ref) WOLFSSL_ATOMIC_LOAD((ref).count) #else typedef struct wolfSSL_RefWithMutex wolfSSL_Ref; +#define wolfSSL_RefCur(ref) wolfSSL_RefWithMutexCur(ref) #endif #if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS) @@ -704,12 +749,20 @@ wolfSSL_Atomic_Int_Init(&(ref)->count, 1); \ *(err) = 0; \ } while(0) -#define wolfSSL_RefFree(ref) WC_DO_NOTHING +#define wolfSSL_RefFree(ref) \ + do { \ + wolfSSL_Atomic_Int_Init(&(ref)->count, 0); \ + } while(0) #define wolfSSL_RefInc(ref, err) \ do { \ (void)wolfSSL_Atomic_Int_FetchAdd(&(ref)->count, 1); \ *(err) = 0; \ } while(0) +#define wolfSSL_RefInc2(ref, new_count, err) \ + do { \ + *(new_count) = wolfSSL_Atomic_Int_AddFetch(&(ref)->count, 1); \ + *(err) = 0; \ + } while(0) #define wolfSSL_RefDec(ref, isZero, err) \ do { \ int __prev = wolfSSL_Atomic_Int_FetchSub(&(ref)->count, 1); \ @@ -717,6 +770,11 @@ *(isZero) = (__prev == 1); \ *(err) = 0; \ } while(0) +#define wolfSSL_RefDec2(ref, new_count, err) \ + do { \ + *(new_count) = wolfSSL_Atomic_Int_SubFetch(&(ref)->count, 1); \ + *(err) = 0; \ + } while(0) #else @@ -725,7 +783,9 @@ #define wolfSSL_RefInit wolfSSL_RefWithMutexInit #define wolfSSL_RefFree wolfSSL_RefWithMutexFree #define wolfSSL_RefInc wolfSSL_RefWithMutexInc +#define wolfSSL_RefInc2 wolfSSL_RefWithMutexInc2 #define wolfSSL_RefDec wolfSSL_RefWithMutexDec +#define wolfSSL_RefDec2 wolfSSL_RefWithMutexDec2 #endif @@ -734,9 +794,11 @@ #define wolfSSL_RefWithMutexInit wolfSSL_RefInit #define wolfSSL_RefWithMutexFree wolfSSL_RefFree #define wolfSSL_RefWithMutexInc wolfSSL_RefInc +#define wolfSSL_RefWithMutexInc2 wolfSSL_RefInc2 #define wolfSSL_RefWithMutexLock(ref) 0 #define wolfSSL_RefWithMutexUnlock(ref) 0 #define wolfSSL_RefWithMutexDec wolfSSL_RefDec +#define wolfSSL_RefWithMutexDec2 wolfSSL_RefDec2 #else @@ -745,10 +807,15 @@ WOLFSSL_LOCAL void wolfSSL_RefWithMutexFree(wolfSSL_RefWithMutex* ref); WOLFSSL_LOCAL void wolfSSL_RefWithMutexInc(wolfSSL_RefWithMutex* ref, int* err); +WOLFSSL_LOCAL void wolfSSL_RefWithMutexInc2(wolfSSL_RefWithMutex* ref, + int *new_count, + int* err); WOLFSSL_LOCAL int wolfSSL_RefWithMutexLock(wolfSSL_RefWithMutex* ref); WOLFSSL_LOCAL int wolfSSL_RefWithMutexUnlock(wolfSSL_RefWithMutex* ref); WOLFSSL_LOCAL void wolfSSL_RefWithMutexDec(wolfSSL_RefWithMutex* ref, int* isZero, int* err); +WOLFSSL_LOCAL void wolfSSL_RefWithMutexDec2(wolfSSL_RefWithMutex* ref, + int* new_count, int* err); #endif @@ -935,6 +1002,7 @@ #define XSEEK_END IO_SEEK_END #define XBADFILE NULL #define XFGETS fgets + #define XFPRINTF fprintf #elif defined(WOLFSSL_DEOS) #define NO_FILESYSTEM @@ -982,8 +1050,16 @@ #define XFGETS(b,s,f) -2 /* Not ported yet */ #elif defined(WOLFSSL_ZEPHYR) + #ifdef __cplusplus + } /* extern "C" */ + #endif + #include + #ifdef __cplusplus + extern "C" { + #endif + #define XFILE struct fs_file_t* /* These are our wrappers for opening and closing files to @@ -1003,6 +1079,7 @@ #define XSEEK_SET FS_SEEK_SET #define XSEEK_END FS_SEEK_END #define XBADFILE NULL + #define XBADFD (-1) #define XFGETS(b,s,f) -2 /* Not ported yet */ #define XSTAT fs_stat @@ -1112,6 +1189,7 @@ #define XSEEK_SET SEEK_SET #define XSEEK_END SEEK_END #define XBADFILE NULL + #define XBADFD (-1) #define XFGETS fgets #define XFPRINTF fprintf #define XFFLUSH fflush @@ -1467,15 +1545,24 @@ #define USE_WOLF_TIME_T #elif defined(WOLFSSL_ZEPHYR) - #include - #ifndef _POSIX_C_SOURCE - #if KERNEL_VERSION_NUMBER >= 0x30100 - #include - #else - #include - #endif - #else + #ifdef __cplusplus + } /* extern "C" */ + #endif + + #if KERNEL_VERSION_NUMBER >= 0x40300 #include + #elif KERNEL_VERSION_NUMBER >= 0x30100 + #include + #else + #include + #endif + + #ifndef CLOCK_REALTIME + #ifdef SYS_CLOCK_REALTIME + #define CLOCK_REALTIME SYS_CLOCK_REALTIME + #define clock_gettime sys_clock_gettime + #define clock_settime sys_clock_settime + #endif #endif #if defined(CONFIG_RTC) @@ -1486,6 +1573,10 @@ #endif #endif + #ifdef __cplusplus + extern "C" { + #endif + time_t z_time(time_t *timer); #define XTIME(tl) z_time((tl)) @@ -1579,7 +1670,7 @@ #endif #if !defined(XVALIDATE_DATE) && !defined(HAVE_VALIDATE_DATE) #define USE_WOLF_VALIDDATE - #define XVALIDATE_DATE(d, f, t) wc_ValidateDate((d), (f), (t)) + #define XVALIDATE_DATE(d, f, t, l) wc_ValidateDate((d), (f), (t), (l)) #endif /* wolf struct tm and time_t */ @@ -1736,6 +1827,18 @@ #define XFENCE() WC_DO_NOTHING #endif +#ifdef WC_BARRIER + /* use user-supplied WC_BARRIER() definition. */ +#elif defined(__GNUC__) && !defined(WOLFSSL_NO_ASM) + #define WC_BARRIER() __asm__ __volatile__("" ::: "memory") +#else + /* XFENCE() is a no-op on some targets. The fallback construct uses C89 + * intrinsics as an additional (but weak) portable barrier. + */ + #define WC_BARRIER() do { volatile byte _xfence = 0; (void)_xfence; XFENCE(); \ + } while(0) +#endif + /* AFTER user_settings.h is loaded, ** determine if POSIX multi-threaded: HAVE_PTHREAD */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_slhdsa.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_slhdsa.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_slhdsa.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_slhdsa.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,380 @@ +/* wc_slhdsa.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLF_CRYPT_WC_SLHDSA_H +#define WOLF_CRYPT_WC_SLHDSA_H + +#include +#include +#include + +#ifdef WOLFSSL_HAVE_SLHDSA + +/* When a bits/opt is defined then ensure 'NO' defines are off. */ +#ifdef WOLFSSL_SLHDSA_PARAM_128S + #undef WOLFSSL_SLHDSA_PARAM_NO_128S + #undef WOLFSSL_SLHDSA_PARAM_NO_128 + #undef WOLFSSL_SLHDSA_PARAM_NO_SMALL +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_128F + #undef WOLFSSL_SLHDSA_PARAM_NO_128F + #undef WOLFSSL_SLHDSA_PARAM_NO_128 + #undef WOLFSSL_SLHDSA_PARAM_NO_FAST +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192S + #undef WOLFSSL_SLHDSA_PARAM_NO_192S + #undef WOLFSSL_SLHDSA_PARAM_NO_192 + #undef WOLFSSL_SLHDSA_PARAM_NO_SMALL +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_192F + #undef WOLFSSL_SLHDSA_PARAM_NO_192F + #undef WOLFSSL_SLHDSA_PARAM_NO_192 + #undef WOLFSSL_SLHDSA_PARAM_NO_FAST +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256S + #undef WOLFSSL_SLHDSA_PARAM_NO_256S + #undef WOLFSSL_SLHDSA_PARAM_NO_256 + #undef WOLFSSL_SLHDSA_PARAM_NO_SMALL +#endif +#ifdef WOLFSSL_SLHDSA_PARAM_256F + #undef WOLFSSL_SLHDSA_PARAM_NO_256F + #undef WOLFSSL_SLHDSA_PARAM_NO_256 + #undef WOLFSSL_SLHDSA_PARAM_NO_FAST +#endif + +/* When 'NO' defines are on then define no parameter set. */ +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_128F) + #undef WOLFSSL_SLHDSA_NO_128 + #define WOLFSSL_SLHDSA_NO_128 +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_192S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192F) + #undef WOLFSSL_SLHDSA_NO_192 + #define WOLFSSL_SLHDSA_NO_192 +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_256S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256F) + #undef WOLFSSL_SLHDSA_NO_256 + #define WOLFSSL_SLHDSA_NO_256 +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256S) + #undef WOLFSSL_SLHDSA_PARAM_NO_SMALL + #define WOLFSSL_SLHDSA_PARAM_NO_SMALL +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128F) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192F) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256F) + #undef WOLFSSL_SLHDSA_PARAM_NO_FAST + #define WOLFSSL_SLHDSA_PARAM_NO_FAST +#endif + +/* Turn on parameter set based on 'NO' defines. */ +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128S) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_128) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + #undef WOLFSSL_SLHDSA_PARAM_128S + #define WOLFSSL_SLHDSA_PARAM_128S +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_128F) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_128) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + #undef WOLFSSL_SLHDSA_PARAM_128F + #define WOLFSSL_SLHDSA_PARAM_128F +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192S) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_192) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + #undef WOLFSSL_SLHDSA_PARAM_192S + #define WOLFSSL_SLHDSA_PARAM_192S +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_192F) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_192) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + #undef WOLFSSL_SLHDSA_PARAM_192F + #define WOLFSSL_SLHDSA_PARAM_192F +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256S) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_256) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + #undef WOLFSSL_SLHDSA_PARAM_256S + #define WOLFSSL_SLHDSA_PARAM_256S +#endif +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256F) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_256) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + #undef WOLFSSL_SLHDSA_PARAM_256F + #define WOLFSSL_SLHDSA_PARAM_256F +#endif + +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256S) + #undef WOLFSSL_SLHDSA_PARAM_NO_SMALL + #define WOLFSSL_SLHDSA_PARAM_NO_SMALL +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128F) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192F) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256F) + #undef WOLFSSL_SLHDSA_PARAM_NO_FAST + #define WOLFSSL_SLHDSA_PARAM_NO_FAST +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_128S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_128F) + #undef WOLFSSL_SLHDSA_PARAM_NO_128 + #define WOLFSSL_SLHDSA_PARAM_NO_128 +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_192S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_192F) + #undef WOLFSSL_SLHDSA_PARAM_NO_192 + #define WOLFSSL_SLHDSA_PARAM_NO_192 +#endif +#if defined(WOLFSSL_SLHDSA_PARAM_NO_256S) && \ + defined(WOLFSSL_SLHDSA_PARAM_NO_256F) + #undef WOLFSSL_SLHDSA_PARAM_NO_256 + #define WOLFSSL_SLHDSA_PARAM_NO_256 +#endif + +/* Seed length for SLH-DSA SHAKE-128s/f. */ +#define WC_SLHDSA_SHAKE128_SEED_LEN 16 +/* Seed length for SLH-DSA SHAKE-192s/f. */ +#define WC_SLHDSA_SHAKE192_SEED_LEN 24 +/* Seed length for SLH-DSA SHAKE-256s/f. */ +#define WC_SLHDSA_SHAKE256_SEED_LEN 32 + +/* Private key length for SLH-DSA SHAKE-128s. */ +#define WC_SLHDSA_SHAKE128S_PRIV_LEN (4 * 16) +/* Public key length for SLH-DSA SHAKE-128s. */ +#define WC_SLHDSA_SHAKE128S_PUB_LEN (2 * 16) +/* Signature length for SLH-DSA SHAKE-128s. */ +#define WC_SLHDSA_SHAKE128S_SIG_LEN 7856 +/* Seed length for SLH-DSA SHAKE-128s. */ +#define WC_SLHDSA_SHAKE128S_SEED_LEN WC_SLHDSA_SHAKE128_SEED_LEN + +/* Private key length for SLH-DSA SHAKE-128f. */ +#define WC_SLHDSA_SHAKE128F_PRIV_LEN (4 * 16) +/* Public key length for SLH-DSA SHAKE-128f. */ +#define WC_SLHDSA_SHAKE128F_PUB_LEN (2 * 16) +/* Signature length for SLH-DSA SHAKE-128f. */ +#define WC_SLHDSA_SHAKE128F_SIG_LEN 17088 +/* Seed length for SLH-DSA SHAKE-128f. */ +#define WC_SLHDSA_SHAKE128F_SEED_LEN WC_SLHDSA_SHAKE128_SEED_LEN + +/* Private key length for SLH-DSA SHAKE-192s. */ +#define WC_SLHDSA_SHAKE192S_PRIV_LEN (4 * 24) +/* Public key length for SLH-DSA SHAKE-192s. */ +#define WC_SLHDSA_SHAKE192S_PUB_LEN (2 * 24) +/* Signature length for SLH-DSA SHAKE-192s. */ +#define WC_SLHDSA_SHAKE192S_SIG_LEN 16224 +/* Seed length for SLH-DSA SHAKE-192s. */ +#define WC_SLHDSA_SHAKE192S_SEED_LEN WC_SLHDSA_SHAKE192_SEED_LEN + +/* Private key length for SLH-DSA SHAKE-192f. */ +#define WC_SLHDSA_SHAKE192F_PRIV_LEN (4 * 24) +/* Public key length for SLH-DSA SHAKE-192f. */ +#define WC_SLHDSA_SHAKE192F_PUB_LEN (2 * 24) +/* Signature length for SLH-DSA SHAKE-192f. */ +#define WC_SLHDSA_SHAKE192F_SIG_LEN 35664 +/* Seed length for SLH-DSA SHAKE-192f. */ +#define WC_SLHDSA_SHAKE192F_SEED_LEN WC_SLHDSA_SHAKE192_SEED_LEN + +/* Private key length for SLH-DSA SHAKE-256s. */ +#define WC_SLHDSA_SHAKE256S_PRIV_LEN (4 * 32) +/* Public key length for SLH-DSA SHAKE-256s. */ +#define WC_SLHDSA_SHAKE256S_PUB_LEN (2 * 32) +/* Signature length for SLH-DSA SHAKE-256s. */ +#define WC_SLHDSA_SHAKE256S_SIG_LEN 29792 +/* Seed length for SLH-DSA SHAKE-256s. */ +#define WC_SLHDSA_SHAKE256S_SEED_LEN WC_SLHDSA_SHAKE256_SEED_LEN + +/* Private key length for SLH-DSA SHAKE-256f. */ +#define WC_SLHDSA_SHAKE256F_PRIV_LEN (4 * 32) +/* Public key length for SLH-DSA SHAKE-256f. */ +#define WC_SLHDSA_SHAKE256F_PUB_LEN (2 * 32) +/* Signature length for SLH-DSA SHAKE-256f. */ +#define WC_SLHDSA_SHAKE256F_SIG_LEN 49856 +/* Seed length for SLH-DSA SHAKE-256f. */ +#define WC_SLHDSA_SHAKE256F_SEED_LEN WC_SLHDSA_SHAKE256_SEED_LEN + +/* Determine maximum private and public key lengths based on maximum SHAKE-256 + * output length. */ +#ifndef WOLFSSL_SLHDSA_PARAM_NO_256 + /* Maximum private key length. */ + #define WC_SLHDSA_MAX_PRIV_LEN WC_SLHDSA_SHAKE256F_PRIV_LEN + /* Maximum public key length. */ + #define WC_SLHDSA_MAX_PUB_LEN WC_SLHDSA_SHAKE256F_PUB_LEN + /* Maximum seed length. */ + #define WC_SLHDSA_MAX_SEED WC_SLHDSA_SHAKE256_SEED_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) + /* Maximum private key length. */ + #define WC_SLHDSA_MAX_PRIV_LEN WC_SLHDSA_SHAKE192F_PRIV_LEN + /* Maximum public key length. */ + #define WC_SLHDSA_MAX_PUB_LEN WC_SLHDSA_SHAKE192F_PUB_LEN + /* Maximum seed length. */ + #define WC_SLHDSA_MAX_SEED WC_SLHDSA_SHAKE192_SEED_LEN +#else + /* Maximum private key length. */ + #define WC_SLHDSA_MAX_PRIV_LEN WC_SLHDSA_SHAKE128F_PRIV_LEN + /* Maximum public key length. */ + #define WC_SLHDSA_MAX_PUB_LEN WC_SLHDSA_SHAKE128F_PUB_LEN + /* Maximum seed length. */ + #define WC_SLHDSA_MAX_SEED WC_SLHDSA_SHAKE128_SEED_LEN +#endif + +/* Determine maximum signature length depending on the parameters compiled in. + */ +#if !defined(WOLFSSL_SLHDSA_PARAM_NO_256) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE256F_SIG_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE192F_SIG_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_256) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE256S_SIG_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_128) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_FAST) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE128F_SIG_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_192) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE192S_SIG_LEN +#elif !defined(WOLFSSL_SLHDSA_PARAM_NO_128) && \ + !defined(WOLFSSL_SLHDSA_PARAM_NO_SMALL) + /* Maximum signature length. */ + #define WC_SLHDSA_MAX_SIG_LEN WC_SLHDSA_SHAKE128S_SIG_LEN +#else + #error "No parameters defined" +#endif + +/* Ids for supported SLH-DSA parameters. */ +enum SlhDsaParam { + SLHDSA_SHAKE128S = 0, /* SLH-DSA SHAKE128s */ + SLHDSA_SHAKE128F = 1, /* SLH-DSA SHAKE128f */ + SLHDSA_SHAKE192S = 2, /* SLH-DSA SHAKE192s */ + SLHDSA_SHAKE192F = 3, /* SLH-DSA SHAKE192f */ + SLHDSA_SHAKE256S = 4, /* SLH-DSA SHAKE256s */ + SLHDSA_SHAKE256F = 5, /* SLH-DSA SHAKE256f */ +}; + +/* Pre-defined parameter values. */ +typedef struct SlhDsaParameters { + enum SlhDsaParam param; /* Parameter set id. */ + byte n; /* Size of digest output. */ + byte h; /* Total tree height. */ + byte d; /* Depth of subtree. */ + byte h_m; /* Height of message tree - XMSS tree. */ + byte a; /* Number of authenthication nodes. */ + byte k; /* Number of FORS signatures. */ + byte len; /* Length of WOTS+ encoded message with csum. */ + byte dl1; /* Length first part of message digest. */ + byte dl2; /* Length second part of message digest. */ + byte dl3; /* Length third part of message digest. */ + word32 sigLen; /* Signature length in bytes. */ +} SlhDsaParameters; + +#define WC_SLHDSA_FLAG_PRIVATE 0x0001 +#define WC_SLHDSA_FLAG_PUBLIC 0x0002 +#define WC_SLHDSA_FLAG_BOTH_KEYS (WC_SLHDSA_FLAG_PRIVATE | \ + WC_SLHDSA_FLAG_PUBLIC) + +/* SLH-DSA key data and state. */ +typedef struct SlhDsaKey { + /* Parameters. */ + const SlhDsaParameters* params; + /* Flags of the key. */ + int flags; + /* Dynamic memory hint. */ + void* heap; +#ifdef WOLF_CRYPTO_CB + /* Device Identifier. */ + int devId; +#endif + + /* sk_seed | sk_prf | pk_seed, pk_root */ + byte sk[32 * 4]; + /* First SHAKE-256 object. */ + wc_Shake shake; + /* Second SHAKE-256 object. */ + wc_Shake shake2; +} SlhDsaKey; + +WOLFSSL_API int wc_SlhDsaKey_Init(SlhDsaKey* key, enum SlhDsaParam param, + void* heap, int devId); +WOLFSSL_API void wc_SlhDsaKey_Free(SlhDsaKey* key); + +WOLFSSL_API int wc_SlhDsaKey_MakeKey(SlhDsaKey* key, WC_RNG* rng); +WOLFSSL_API int wc_SlhDsaKey_MakeKeyWithRandom(SlhDsaKey* key, + const byte* sk_seed, word32 sk_seed_len, + const byte* sk_prf, word32 sk_prf_len, + const byte* pk_seed, word32 pk_seed_len); + +WOLFSSL_API int wc_SlhDsaKey_SignDeterministic(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, byte* sig, word32* sigSz); +WOLFSSL_API int wc_SlhDsaKey_SignWithRandom(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, byte* sig, word32* sigSz, + const byte* addRnd); +WOLFSSL_API int wc_SlhDsaKey_Sign(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, byte* sig, word32* sigSz, + WC_RNG* rng); +WOLFSSL_API int wc_SlhDsaKey_Verify(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, const byte* sig, word32 sigSz); + +WOLFSSL_API int wc_SlhDsaKey_SignHashDeterministic(SlhDsaKey* key, + const byte* ctx, byte ctxSz, const byte* msg, word32 msgSz, + enum wc_HashType hashType, byte* sig, word32* sigSz); +WOLFSSL_API int wc_SlhDsaKey_SignHashWithRandom(SlhDsaKey* key, + const byte* ctx, byte ctxSz, const byte* msg, word32 msgSz, + enum wc_HashType hashType, byte* sig, word32* sigSz, byte* addRnd); +WOLFSSL_API int wc_SlhDsaKey_SignHash(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, enum wc_HashType hashType, + byte* sig, word32* sigSz, WC_RNG* rng); +WOLFSSL_API int wc_SlhDsaKey_VerifyHash(SlhDsaKey* key, const byte* ctx, + byte ctxSz, const byte* msg, word32 msgSz, enum wc_HashType hashType, + const byte* sig, word32 sigSz); + +WOLFSSL_API int wc_SlhDsaKey_ImportPrivate(SlhDsaKey* key, const byte* in, + word32 inLen); +WOLFSSL_API int wc_SlhDsaKey_ImportPublic(SlhDsaKey* key, const byte* in, + word32 inLen); +WOLFSSL_API int wc_SlhDsaKey_CheckKey(SlhDsaKey* key); + +WOLFSSL_API int wc_SlhDsaKey_ExportPrivate(SlhDsaKey* key, byte* out, + word32* outLen); +WOLFSSL_API int wc_SlhDsaKey_ExportPublic(SlhDsaKey* key, byte* out, + word32* outLen); + +WOLFSSL_API int wc_SlhDsaKey_PrivateSize(SlhDsaKey* key); +WOLFSSL_API int wc_SlhDsaKey_PublicSize(SlhDsaKey* key); +WOLFSSL_API int wc_SlhDsaKey_SigSize(SlhDsaKey* key); +WOLFSSL_API int wc_SlhDsaKey_PrivateSizeFromParam(enum SlhDsaParam param); +WOLFSSL_API int wc_SlhDsaKey_PublicSizeFromParam(enum SlhDsaParam param); +WOLFSSL_API int wc_SlhDsaKey_SigSizeFromParam(enum SlhDsaParam param); + +#endif /* WOLFSSL_HAVE_SLHDSA */ + +#endif /* WOLF_CRYPT_WC_SLHDSA_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_xmss.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_xmss.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_xmss.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wc_xmss.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wc_xmss.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,12 @@ #include #include +/* When raw hash access APIs are disabled or unavailable (WOLFSSL_NO_HASH_RAW), + * fall back to using the full hash API calls. */ +#if defined(WOLFSSL_NO_HASH_RAW) && !defined(WC_XMSS_FULL_HASH) + #define WC_XMSS_FULL_HASH +#endif + #if !defined(WOLFSSL_WC_XMSS) #error "This code is incompatible with external implementation of XMSS." #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfentropy.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfentropy.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfentropy.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfentropy.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,72 @@ +/* wolfentropy.h + * + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFENTROPY_H +#define WOLFENTROPY_H + +#include + +#ifdef HAVE_ENTROPY_MEMUSE + +#if defined(ENTROPY_SCALE_FACTOR) && FIPS_VERSION3_GE(5,2,4) && \ + FIPS_VERSION3_NE(6,0,0) + #error "ENTROPY_SCALE_FACTOR defined elsewhere than wolfEntropy.h" +#endif + +#if FIPS_VERSION3_GE(5,2,4) && FIPS_VERSION3_NE(6,0,0) + /* Do not allow default fallback to /dev/urandom when in FIPS mode that + * supports ESV */ + #define ENTROPY_MEMUSE_FORCE_FAILURE +#endif + +#ifndef ENTROPY_SCALE_FACTOR + /* The entropy scale factor should be the whole number inverse of the + * minimum bits of entropy per bit of NDRNG output. */ + /* Full strength, conditioned entropy is requested of MemUse Entropy. */ + #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2) + #define ENTROPY_SCALE_FACTOR (4) + #else + #define ENTROPY_SCALE_FACTOR (1) + #endif +#endif + +#ifdef __cplusplus + extern "C" { +#endif + +/* Maximum entropy bits that can be produced. */ +#define MAX_ENTROPY_BITS 256 + +/* For generating data for assessment. */ +WOLFSSL_API int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt); +WOLFSSL_API int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len); +WOLFSSL_API int wc_Entropy_OnDemandTest(void); + +WOLFSSL_LOCAL int Entropy_Init(void); +WOLFSSL_LOCAL void Entropy_Final(void); + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* HAVE_ENTROPY_MEMUSE */ +#endif /* WOLFENTROPY_H */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfevent.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfevent.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfevent.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfevent.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/wolfmath.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -74,9 +74,12 @@ #endif /* timing resistance array */ -#if !defined(WC_NO_CACHE_RESISTANT) && \ - ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ - (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT))) +#if (!defined(WC_NO_CACHE_RESISTANT) && \ + ((defined(HAVE_ECC) && defined(ECC_TIMING_RESISTANT)) || \ + (defined(USE_FAST_MATH) && defined(TFM_TIMING_RESISTANT)))) || \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || \ + defined(OPENSSL_ALL) && defined(WC_PROTECT_ENCRYPTED_MEM)) extern const wc_ptr_t wc_off_on_addr[2]; #endif diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfcrypt/xmss.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* xmss.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfio.h mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfio.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl/wolfio.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl/wolfio.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -176,7 +176,19 @@ #include #include #elif defined(WOLFSSL_ZEPHYR) - #include + #ifdef __cplusplus + } /* extern "C" */ + #endif + + #ifdef __has_include + #if __has_include() + #include + #else + #include + #endif + #else + #include + #endif #if KERNEL_VERSION_NUMBER >= 0x30100 #include #ifdef CONFIG_POSIX_API @@ -188,6 +200,10 @@ #include #endif #endif + + #ifdef __cplusplus + extern "C" { + #endif #elif defined(MICROCHIP_PIC32) #include #elif defined(HAVE_NETX) @@ -533,7 +549,11 @@ typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ - #if defined(HAVE_GETADDRINFO) + #if defined(WOLFSSL_ZEPHYR) + typedef struct zsock_addrinfo ADDRINFO; + #define getaddrinfo zsock_getaddrinfo + #define freeaddrinfo zsock_freeaddrinfo + #elif defined(HAVE_GETADDRINFO) typedef struct addrinfo ADDRINFO; #endif #endif /* WOLFSSL_NO_SOCK */ @@ -573,6 +593,10 @@ typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR; +WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void); +WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr); +WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr); + #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) WOLFSSL_API int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags); @@ -602,6 +626,16 @@ } while(0) #endif #define StartTCP() WC_DO_NOTHING +#elif defined(FREESCALE_MQX) + #ifndef CloseSocket + #define CloseSocket(s) closesocket(s) + #endif + #define StartTCP() WC_DO_NOTHING +#elif defined(WOLFSSL_ZEPHYR) && KERNEL_VERSION_NUMBER >= 0x40100 + #ifndef CloseSocket + #define CloseSocket(s) zsock_close(s) + #endif + #define StartTCP() WC_DO_NOTHING #else #ifndef CloseSocket #define CloseSocket(s) close(s) @@ -982,11 +1016,19 @@ #define XINET_PTON(a,b,c) *(unsigned *)(c) = inet_addr((b)) #endif #elif defined(USE_WINDOWS_API) /* Windows-friendly definition */ - #if defined(__MINGW64__) && !defined(UNICODE) + #if (defined(__MINGW32__) || defined(__MINGW64__)) && !defined(UNICODE) #define XINET_PTON(a,b,c) InetPton((a),(b),(c)) #else - #define XINET_PTON(a,b,c) InetPton((a),(PCWSTR)(b),(c)) + #define XINET_PTON(a,b,c) InetPtonA((a),(b),(c)) #endif + #elif defined(FREESCALE_MQX) + #define XINET_PTON(a,b,c,d) inet_pton((a),(b),(c),(d)) + #elif defined(WOLFSSL_ZEPHYR) + #define XINET_PTON(a,b,c) zsock_inet_pton((a),(b),(c)) + #elif defined(WOLFSSL_LINUXKM) + #define XINET_PTON(a,b,c) \ + (((a) == WOLFSSL_IP4) ? in4_pton((b), -1, (u8*)(c), -1, NULL) : \ + ((a) == WOLFSSL_IP6) ? in6_pton((b), -1, (u8*)(c), -1, NULL) : 0) #else #define XINET_PTON(a,b,c) inet_pton((a),(b),(c)) #endif Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/extra/wolfssl/wolfssl/wolfssl.rc and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/extra/wolfssl/wolfssl/wolfssl.rc differ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/.gitignore mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/.gitignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/.gitignore 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/.gitignore 2026-05-24 09:58:33.000000000 +0000 @@ -1 +1,4 @@ -obj +/obj/ +/bin/ +/alire/ +/config/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -28,9 +28,9 @@ Not only can the WolfSSL Ada binding be used in Ada applications but also SPARK applications (a subset of the Ada language suitable for formal verification). To formally verify the Ada code in this repository -open the examples.gpr with GNAT Studio and then select +open the examples/examples.gpr with GNAT Studio and then select SPARK -> Prove All Sources and use Proof Level 2. Or when using the command -line, use `gnatprove -Pexamples.gpr --level=4 -j12` (`-j12` is there in +line, use `gnatprove -Pexamples/examples.gpr --level=4 -j12` (`-j12` is there in order to instruct the prover to use 12 CPUs if available). ``` @@ -62,6 +62,8 @@ systems. It can install a complete Ada toolchain if needed, see `alr install` for more information. +**Note:** If you encounter a missing dependency error, it may be caused by the installed dependency being too old. In this case, either install a newer toolchain or decrease the required dependency version in your project. + In order to use WolfSSL in a project, just add WolfSSL as a dependency by running `alr with wolfssl` within your project's directory. @@ -84,6 +86,8 @@ cd wrapper/Ada gprclean gprbuild default.gpr + +cd examples gprbuild examples.gpr cd obj/ @@ -91,21 +95,39 @@ ./tls_client_main 127.0.0.1 ``` +If you are using Alire, you can build the library and examples with: + +```sh +cd wrapper/Ada +alr install + +cd examples +alr build +``` + +You can also run the examples directly with Alire: + +```sh +cd wrapper/Ada/examples +alr run tls_server_main & +alr run tls_client_main --args=127.0.0.1 +``` + On Windows, build the executables with: ```sh -gprbuild -XOS=Windows default.gpr +cd wrapper/Ada/examples gprbuild -XOS=Windows examples.gpr ``` ## Files The (D)TLS v1.3 client example in the Ada/SPARK programming language using the WolfSSL library can be found in the files: -tls_client_main.adb -tls_client.ads -tls_client.adb +examples/src/tls_client_main.adb +examples/src/tls_client.ads +examples/src/tls_client.adb The (D)TLS v1.3 server example in the Ada/SPARK programming language using the WolfSSL library can be found in the files: -tls_server_main.adb -tls_server.ads -tls_server.adb +examples/src/tls_server_main.adb +examples/src/tls_server.ads +examples/src/tls_server.adb diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/ada_binding.c mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/ada_binding.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/ada_binding.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/ada_binding.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* ada_binding.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,7 +26,15 @@ /* wolfSSL */ #include #include - +#include +#include +#include + +#include + +/* RSA instances are now dynamically allocated (no fixed pool). */ +/* SHA256 instances are now dynamically allocated (no fixed pool). */ +/* AES instances are now dynamically allocated (no fixed pool). */ /* These functions give access to the integer values of the enumeration constants used in WolfSSL. These functions make it possible for the WolfSSL implementation to change the values of the constants @@ -48,6 +56,31 @@ extern int get_wolfssl_filetype_pem(void); extern int get_wolfssl_filetype_default(void); +extern void* ada_new_rsa (void); +extern void ada_free_rsa (void* key); + +extern void *ada_new_sha256 (void); +extern void ada_free_sha256 (void* sha256); + +extern void* ada_new_aes (int devId); +extern void ada_free_aes (void* aes); + +extern void* ada_new_rng (void); +extern void ada_free_rng (void* rng); +extern int ada_RsaSetRNG (RsaKey* key, WC_RNG* rng); + +extern int get_wolfssl_invalid_devid (void); + +extern int ada_md5 (void); +extern int ada_sha (void); +extern int ada_sha256 (void); +extern int ada_sha384 (void); +extern int ada_sha512 (void); +extern int ada_sha3_224 (void); +extern int ada_sha3_256 (void); +extern int ada_sha3_384 (void); +extern int ada_sha3_512 (void); + extern int get_wolfssl_error_want_read(void) { return WOLFSSL_ERROR_WANT_READ; } @@ -107,3 +140,111 @@ extern int get_wolfssl_filetype_default(void) { return WOLFSSL_FILETYPE_DEFAULT; } + +extern void* ada_new_rsa (void) +{ + /* Allocate and initialize an RSA key using wolfCrypt's constructor. */ + return (void*)wc_NewRsaKey(NULL, INVALID_DEVID, NULL); +} + +extern void ada_free_rsa (void* key) +{ + /* Delete RSA key and release its memory. */ + wc_DeleteRsaKey((RsaKey*)key, NULL); +} + +extern void* ada_new_sha256 (void) +{ + return XMALLOC(sizeof(wc_Sha256), NULL, DYNAMIC_TYPE_SHA); +} + +extern void ada_free_sha256 (void* sha256) +{ + XFREE(sha256, NULL, DYNAMIC_TYPE_SHA); +} + + + +extern void* ada_new_aes (int devId) +{ + /* Allocate and initialize an AES object using wolfCrypt's constructor. */ + return (void*)wc_AesNew(NULL, devId, NULL); +} + +extern void ada_free_aes (void* aes) +{ + /* Delete AES object and release its memory. */ + wc_AesDelete((Aes*)aes, NULL); +} + +extern int get_wolfssl_invalid_devid (void) +{ + return INVALID_DEVID; +} + +extern void* ada_new_rng (void) +{ + /* Allocate and initialize a WC_RNG using wolfCrypt's allocator. + * Per request: pass NULL and 0 to wc_rng_new (nonce, nonceSz). + */ + return (void*)wc_rng_new(NULL, 0, NULL); +} + +extern void ada_free_rng (void* rng) +{ + wc_rng_free((WC_RNG*)rng); +} + +extern int ada_RsaSetRNG(RsaKey* key, WC_RNG* rng) +{ + int r = 0; +#ifdef WC_RSA_BLINDING /* HIGHLY RECOMMENDED! */ + r = wc_RsaSetRNG(key, rng); +#endif + return r; +} + +extern int ada_md5 (void) +{ + return WC_MD5; +} + +extern int ada_sha (void) +{ + return WC_SHA; +} + +extern int ada_sha256 (void) +{ + return WC_SHA256; +} + +extern int ada_sha384 (void) +{ + return WC_SHA384; +} + +extern int ada_sha512 (void) +{ + return WC_SHA512; +} + +extern int ada_sha3_224 (void) +{ + return WC_SHA3_224; +} + +extern int ada_sha3_256 (void) +{ + return WC_SHA3_256; +} + +extern int ada_sha3_384 (void) +{ + return WC_SHA3_384; +} + +extern int ada_sha3_512 (void) +{ + return WC_SHA3_512; +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/alire.toml mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/alire.toml --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/alire.toml 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/alire.toml 2026-05-24 09:58:33.000000000 +0000 @@ -12,3 +12,6 @@ [configuration.variables] STATIC_PSK = {type = "Boolean", default = false} + +[[depends-on]] +gnatprove = "^13.2.1" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/default.gpr mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/default.gpr --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/default.gpr 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/default.gpr 2026-05-24 09:58:33.000000000 +0000 @@ -11,17 +11,6 @@ "../../src", "../../wolfcrypt/src"); - -- Don't build the tls application examples because they make use - -- of the Secondary Stack due to usage of the Ada.Command_Line - -- package. All other Ada source code does not use the secondary stack. - for Excluded_Source_Files use - ("tls_client_main.adb", - "tls_client.ads", - "tls_client.adb", - "tls_server_main.adb", - "tls_server.ads", - "tls_server.adb"); - for Object_Dir use "obj"; package Naming is diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/.gitignore mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/.gitignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/.gitignore 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,4 @@ +/obj/ +/bin/ +/alire/ +/config/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/alire.toml mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/alire.toml --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/alire.toml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/alire.toml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +name = "examples" +description = "Examples using the wolfSSL Ada bindings" +version = "0.1.0-dev" + +authors = ["Juliusz Sosinowicz"] +maintainers = ["Juliusz Sosinowicz "] +maintainers-logins = ["julek-wolfssl"] +licenses = "GPL-3.0-or-later" +website = "https://www.wolfssl.com/" +tags = [] + +executables = [ + "aes_verify_main", + "rsa_verify_main", + "sha256_main", + "tls_client_main", + "tls_server_main" +] + +[[depends-on]] +gnatprove = "^13.2.1" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/examples.gpr mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/examples.gpr --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/examples.gpr 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/examples.gpr 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,46 @@ +with "config/examples_config.gpr"; +with "../wolfssl.gpr"; + +project Examples is + type OS_Kind is ("Windows", "Linux_Or_Mac"); + + OS : OS_Kind := external ("OS", "Linux_Or_Mac"); + + for Languages use ("Ada"); + + for Source_Dirs use ("src"); + + for Object_Dir use "obj"; + + for Main use ("tls_server_main.adb", + "tls_client_main.adb", + "sha256_main.adb", + "rsa_verify_main.adb", + "aes_verify_main.adb"); + + package Naming is + for Spec_Suffix ("C") use ".h"; + end Naming; + + package Compiler is + for Switches ("Ada") use ("-g"); + end Compiler; + + package Linker is + case OS is + when "Windows" => + for Switches ("Ada") use + ("-lm", -- To include the math library (used by WolfSSL). + "-lcrypt32"); -- Needed on Windows. + + when "Linux_Or_Mac" => + for Switches ("Ada") use + ("-lm"); -- To include the math library (used by WolfSSL). + end case; + end Linker; + + package Binder is + for Switches ("Ada") use ("-Es"); -- To include stack traces. + end Binder; + +end Examples; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/aes_verify_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/aes_verify_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/aes_verify_main.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/aes_verify_main.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,103 @@ +with Ada.Text_IO; +with Ada.Integer_Text_IO; +with WolfSSL; +procedure AES_Verify_Main is + + use type WolfSSL.Byte_Type; + + procedure Put (Text : String) renames Ada.Text_IO.Put; + + procedure Put (Value : Integer) is + begin + Ada.Integer_Text_IO.Put (Value); + end Put; + + procedure New_Line is + begin + Ada.Text_IO.New_Line; + end New_Line; + + type Unsigned_8 is mod 2 ** 8; + + function To_C (Value : Unsigned_8) return WolfSSL.Byte_Type is + begin + return WolfSSL.Byte_Type'Val (Value); + end To_C; + + RNG : WolfSSL.RNG_Type; + + + Salt_Size : constant := 8; + + Salt : WolfSSL.Byte_Array (1 .. 8); + + AES : WolfSSL.AES_Type; + R : Integer; + Pad : Integer := 3; + + procedure Cleanup is + RR : Integer := 0; + begin + if WolfSSL.Is_Valid (AES) then + WolfSSL.AES_Free (AES => AES, + Result => RR); + end if; + + if WolfSSL.Is_Valid (RNG) then + WolfSSL.Free_RNG (Key => RNG); + end if; + end Cleanup; +begin + WolfSSL.Create_RNG (Key => RNG, + Result => R); + if R /= 0 then + Put ("Attaining RNG key instance failed"); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.RNG_Generate_Block (RNG => RNG, + Output => Salt, + Result => R); + if R /= 0 then + Put ("Generating random salt"); + New_Line; + Cleanup; + return; + end if; + + if Pad = 0 then + Salt (1) := To_C (0); + elsif Salt (1) = To_C (0) then + Salt (1) := To_C (1); + end if; + + -- Create_AES signature no longer requires Index when AES objects are + -- dynamically allocated. + WolfSSL.Create_AES (Device => WolfSSL.Invalid_Device, + AES => AES, + Result => R); + if R /= 0 then + Put ("Attaining AES key instance failed"); + New_Line; + Cleanup; + return; + end if; + + -- WolfSSL.PBKDF2 (Output => , + -- Password => , + -- Salt => , + -- Iterations => , + -- Key_Length => , + -- HMAC => , + -- Result => R); + -- if R /= 0 then + -- Put ("Attaining AES key instance failed"); + -- New_Line; + -- Cleanup; + -- return; + -- end if; + + Cleanup; +end AES_Verify_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/rsa_verify_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/rsa_verify_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/rsa_verify_main.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/rsa_verify_main.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,518 @@ +with Ada.Integer_Text_IO; +with Ada.Text_IO; +with WolfSSL; + +-- If this example executes successfully the output is: +-- +-- Successful verification of RSA based digital signature. +-- Successfully encrypted and decrypted using RSA. +procedure Rsa_Verify_Main is + + use type WolfSSL.Byte_Array; + + type Unsigned_8 is mod 2 ** 8; + + function To_C (Value : Unsigned_8) return WolfSSL.Byte_Type is + begin + return WolfSSL.Byte_Type'Val (Value); + end To_C; + + -- RSA public key to verify with. + Rsa_Public_key_2048 : constant WolfSSL.Byte_Array := + (To_C (16#30#), To_C (16#82#), To_C (16#01#), To_C (16#22#), To_C (16#30#), + To_C (16#0D#), To_C (16#06#), To_C (16#09#), To_C (16#2A#), To_C (16#86#), + To_C (16#48#), To_C (16#86#), To_C (16#F7#), To_C (16#0D#), To_C (16#01#), + To_C (16#01#), To_C (16#01#), To_C (16#05#), To_C (16#00#), To_C (16#03#), + To_C (16#82#), To_C (16#01#), To_C (16#0F#), To_C (16#00#), To_C (16#30#), + To_C (16#82#), To_C (16#01#), To_C (16#0A#), To_C (16#02#), To_C (16#82#), + To_C (16#01#), To_C (16#01#), To_C (16#00#), To_C (16#C3#), To_C (16#03#), + To_C (16#D1#), To_C (16#2B#), To_C (16#FE#), To_C (16#39#), To_C (16#A4#), + To_C (16#32#), To_C (16#45#), To_C (16#3B#), To_C (16#53#), To_C (16#C8#), + To_C (16#84#), To_C (16#2B#), To_C (16#2A#), To_C (16#7C#), To_C (16#74#), + To_C (16#9A#), To_C (16#BD#), To_C (16#AA#), To_C (16#2A#), To_C (16#52#), + To_C (16#07#), To_C (16#47#), To_C (16#D6#), To_C (16#A6#), To_C (16#36#), + To_C (16#B2#), To_C (16#07#), To_C (16#32#), To_C (16#8E#), To_C (16#D0#), + To_C (16#BA#), To_C (16#69#), To_C (16#7B#), To_C (16#C6#), To_C (16#C3#), + To_C (16#44#), To_C (16#9E#), To_C (16#D4#), To_C (16#81#), To_C (16#48#), + To_C (16#FD#), To_C (16#2D#), To_C (16#68#), To_C (16#A2#), To_C (16#8B#), + To_C (16#67#), To_C (16#BB#), To_C (16#A1#), To_C (16#75#), To_C (16#C8#), + To_C (16#36#), To_C (16#2C#), To_C (16#4A#), To_C (16#D2#), To_C (16#1B#), + To_C (16#F7#), To_C (16#8B#), To_C (16#BA#), To_C (16#CF#), To_C (16#0D#), + To_C (16#F9#), To_C (16#EF#), To_C (16#EC#), To_C (16#F1#), To_C (16#81#), + To_C (16#1E#), To_C (16#7B#), To_C (16#9B#), To_C (16#03#), To_C (16#47#), + To_C (16#9A#), To_C (16#BF#), To_C (16#65#), To_C (16#CC#), To_C (16#7F#), + To_C (16#65#), To_C (16#24#), To_C (16#69#), To_C (16#A6#), To_C (16#E8#), + To_C (16#14#), To_C (16#89#), To_C (16#5B#), To_C (16#E4#), To_C (16#34#), + To_C (16#F7#), To_C (16#C5#), To_C (16#B0#), To_C (16#14#), To_C (16#93#), + To_C (16#F5#), To_C (16#67#), To_C (16#7B#), To_C (16#3A#), To_C (16#7A#), + To_C (16#78#), To_C (16#E1#), To_C (16#01#), To_C (16#56#), To_C (16#56#), + To_C (16#91#), To_C (16#A6#), To_C (16#13#), To_C (16#42#), To_C (16#8D#), + To_C (16#D2#), To_C (16#3C#), To_C (16#40#), To_C (16#9C#), To_C (16#4C#), + To_C (16#EF#), To_C (16#D1#), To_C (16#86#), To_C (16#DF#), To_C (16#37#), + To_C (16#51#), To_C (16#1B#), To_C (16#0C#), To_C (16#A1#), To_C (16#3B#), + To_C (16#F5#), To_C (16#F1#), To_C (16#A3#), To_C (16#4A#), To_C (16#35#), + To_C (16#E4#), To_C (16#E1#), To_C (16#CE#), To_C (16#96#), To_C (16#DF#), + To_C (16#1B#), To_C (16#7E#), To_C (16#BF#), To_C (16#4E#), To_C (16#97#), + To_C (16#D0#), To_C (16#10#), To_C (16#E8#), To_C (16#A8#), To_C (16#08#), + To_C (16#30#), To_C (16#81#), To_C (16#AF#), To_C (16#20#), To_C (16#0B#), + To_C (16#43#), To_C (16#14#), To_C (16#C5#), To_C (16#74#), To_C (16#67#), + To_C (16#B4#), To_C (16#32#), To_C (16#82#), To_C (16#6F#), To_C (16#8D#), + To_C (16#86#), To_C (16#C2#), To_C (16#88#), To_C (16#40#), To_C (16#99#), + To_C (16#36#), To_C (16#83#), To_C (16#BA#), To_C (16#1E#), To_C (16#40#), + To_C (16#72#), To_C (16#22#), To_C (16#17#), To_C (16#D7#), To_C (16#52#), + To_C (16#65#), To_C (16#24#), To_C (16#73#), To_C (16#B0#), To_C (16#CE#), + To_C (16#EF#), To_C (16#19#), To_C (16#CD#), To_C (16#AE#), To_C (16#FF#), + To_C (16#78#), To_C (16#6C#), To_C (16#7B#), To_C (16#C0#), To_C (16#12#), + To_C (16#03#), To_C (16#D4#), To_C (16#4E#), To_C (16#72#), To_C (16#0D#), + To_C (16#50#), To_C (16#6D#), To_C (16#3B#), To_C (16#A3#), To_C (16#3B#), + To_C (16#A3#), To_C (16#99#), To_C (16#5E#), To_C (16#9D#), To_C (16#C8#), + To_C (16#D9#), To_C (16#0C#), To_C (16#85#), To_C (16#B3#), To_C (16#D9#), + To_C (16#8A#), To_C (16#D9#), To_C (16#54#), To_C (16#26#), To_C (16#DB#), + To_C (16#6D#), To_C (16#FA#), To_C (16#AC#), To_C (16#BB#), To_C (16#FF#), + To_C (16#25#), To_C (16#4C#), To_C (16#C4#), To_C (16#D1#), To_C (16#79#), + To_C (16#F4#), To_C (16#71#), To_C (16#D3#), To_C (16#86#), To_C (16#40#), + To_C (16#18#), To_C (16#13#), To_C (16#B0#), To_C (16#63#), To_C (16#B5#), + To_C (16#72#), To_C (16#4E#), To_C (16#30#), To_C (16#C4#), To_C (16#97#), + To_C (16#84#), To_C (16#86#), To_C (16#2D#), To_C (16#56#), To_C (16#2F#), + To_C (16#D7#), To_C (16#15#), To_C (16#F7#), To_C (16#7F#), To_C (16#C0#), + To_C (16#AE#), To_C (16#F5#), To_C (16#FC#), To_C (16#5B#), To_C (16#E5#), + To_C (16#FB#), To_C (16#A1#), To_C (16#BA#), To_C (16#D3#), To_C (16#02#), + To_C (16#03#), To_C (16#01#), To_C (16#00#), To_C (16#01#)); + + -- DER-formatted key. + Client_Private_Key_2048 : constant WolfSSL.Byte_Array := + (To_C (16#30#), To_C (16#82#), To_C (16#04#), To_C (16#A4#), To_C (16#02#), + To_C (16#01#), To_C (16#00#), To_C (16#02#), To_C (16#82#), To_C (16#01#), + To_C (16#01#), To_C (16#00#), To_C (16#C3#), To_C (16#03#), To_C (16#D1#), + To_C (16#2B#), To_C (16#FE#), To_C (16#39#), To_C (16#A4#), To_C (16#32#), + To_C (16#45#), To_C (16#3B#), To_C (16#53#), To_C (16#C8#), To_C (16#84#), + To_C (16#2B#), To_C (16#2A#), To_C (16#7C#), To_C (16#74#), To_C (16#9A#), + To_C (16#BD#), To_C (16#AA#), To_C (16#2A#), To_C (16#52#), To_C (16#07#), + To_C (16#47#), To_C (16#D6#), To_C (16#A6#), To_C (16#36#), To_C (16#B2#), + To_C (16#07#), To_C (16#32#), To_C (16#8E#), To_C (16#D0#), To_C (16#BA#), + To_C (16#69#), To_C (16#7B#), To_C (16#C6#), To_C (16#C3#), To_C (16#44#), + To_C (16#9E#), To_C (16#D4#), To_C (16#81#), To_C (16#48#), To_C (16#FD#), + To_C (16#2D#), To_C (16#68#), To_C (16#A2#), To_C (16#8B#), To_C (16#67#), + To_C (16#BB#), To_C (16#A1#), To_C (16#75#), To_C (16#C8#), To_C (16#36#), + To_C (16#2C#), To_C (16#4A#), To_C (16#D2#), To_C (16#1B#), To_C (16#F7#), + To_C (16#8B#), To_C (16#BA#), To_C (16#CF#), To_C (16#0D#), To_C (16#F9#), + To_C (16#EF#), To_C (16#EC#), To_C (16#F1#), To_C (16#81#), To_C (16#1E#), + To_C (16#7B#), To_C (16#9B#), To_C (16#03#), To_C (16#47#), To_C (16#9A#), + To_C (16#BF#), To_C (16#65#), To_C (16#CC#), To_C (16#7F#), To_C (16#65#), + To_C (16#24#), To_C (16#69#), To_C (16#A6#), To_C (16#E8#), To_C (16#14#), + To_C (16#89#), To_C (16#5B#), To_C (16#E4#), To_C (16#34#), To_C (16#F7#), + To_C (16#C5#), To_C (16#B0#), To_C (16#14#), To_C (16#93#), To_C (16#F5#), + To_C (16#67#), To_C (16#7B#), To_C (16#3A#), To_C (16#7A#), To_C (16#78#), + To_C (16#E1#), To_C (16#01#), To_C (16#56#), To_C (16#56#), To_C (16#91#), + To_C (16#A6#), To_C (16#13#), To_C (16#42#), To_C (16#8D#), To_C (16#D2#), + To_C (16#3C#), To_C (16#40#), To_C (16#9C#), To_C (16#4C#), To_C (16#EF#), + To_C (16#D1#), To_C (16#86#), To_C (16#DF#), To_C (16#37#), To_C (16#51#), + To_C (16#1B#), To_C (16#0C#), To_C (16#A1#), To_C (16#3B#), To_C (16#F5#), + To_C (16#F1#), To_C (16#A3#), To_C (16#4A#), To_C (16#35#), To_C (16#E4#), + To_C (16#E1#), To_C (16#CE#), To_C (16#96#), To_C (16#DF#), To_C (16#1B#), + To_C (16#7E#), To_C (16#BF#), To_C (16#4E#), To_C (16#97#), To_C (16#D0#), + To_C (16#10#), To_C (16#E8#), To_C (16#A8#), To_C (16#08#), To_C (16#30#), + To_C (16#81#), To_C (16#AF#), To_C (16#20#), To_C (16#0B#), To_C (16#43#), + To_C (16#14#), To_C (16#C5#), To_C (16#74#), To_C (16#67#), To_C (16#B4#), + To_C (16#32#), To_C (16#82#), To_C (16#6F#), To_C (16#8D#), To_C (16#86#), + To_C (16#C2#), To_C (16#88#), To_C (16#40#), To_C (16#99#), To_C (16#36#), + To_C (16#83#), To_C (16#BA#), To_C (16#1E#), To_C (16#40#), To_C (16#72#), + To_C (16#22#), To_C (16#17#), To_C (16#D7#), To_C (16#52#), To_C (16#65#), + To_C (16#24#), To_C (16#73#), To_C (16#B0#), To_C (16#CE#), To_C (16#EF#), + To_C (16#19#), To_C (16#CD#), To_C (16#AE#), To_C (16#FF#), To_C (16#78#), + To_C (16#6C#), To_C (16#7B#), To_C (16#C0#), To_C (16#12#), To_C (16#03#), + To_C (16#D4#), To_C (16#4E#), To_C (16#72#), To_C (16#0D#), To_C (16#50#), + To_C (16#6D#), To_C (16#3B#), To_C (16#A3#), To_C (16#3B#), To_C (16#A3#), + To_C (16#99#), To_C (16#5E#), To_C (16#9D#), To_C (16#C8#), To_C (16#D9#), + To_C (16#0C#), To_C (16#85#), To_C (16#B3#), To_C (16#D9#), To_C (16#8A#), + To_C (16#D9#), To_C (16#54#), To_C (16#26#), To_C (16#DB#), To_C (16#6D#), + To_C (16#FA#), To_C (16#AC#), To_C (16#BB#), To_C (16#FF#), To_C (16#25#), + To_C (16#4C#), To_C (16#C4#), To_C (16#D1#), To_C (16#79#), To_C (16#F4#), + To_C (16#71#), To_C (16#D3#), To_C (16#86#), To_C (16#40#), To_C (16#18#), + To_C (16#13#), To_C (16#B0#), To_C (16#63#), To_C (16#B5#), To_C (16#72#), + To_C (16#4E#), To_C (16#30#), To_C (16#C4#), To_C (16#97#), To_C (16#84#), + To_C (16#86#), To_C (16#2D#), To_C (16#56#), To_C (16#2F#), To_C (16#D7#), + To_C (16#15#), To_C (16#F7#), To_C (16#7F#), To_C (16#C0#), To_C (16#AE#), + To_C (16#F5#), To_C (16#FC#), To_C (16#5B#), To_C (16#E5#), To_C (16#FB#), + To_C (16#A1#), To_C (16#BA#), To_C (16#D3#), To_C (16#02#), To_C (16#03#), + To_C (16#01#), To_C (16#00#), To_C (16#01#), To_C (16#02#), To_C (16#82#), + To_C (16#01#), To_C (16#01#), To_C (16#00#), To_C (16#A2#), To_C (16#E6#), + To_C (16#D8#), To_C (16#5F#), To_C (16#10#), To_C (16#71#), To_C (16#64#), + To_C (16#08#), To_C (16#9E#), To_C (16#2E#), To_C (16#6D#), To_C (16#D1#), + To_C (16#6D#), To_C (16#1E#), To_C (16#85#), To_C (16#D2#), To_C (16#0A#), + To_C (16#B1#), To_C (16#8C#), To_C (16#47#), To_C (16#CE#), To_C (16#2C#), + To_C (16#51#), To_C (16#6A#), To_C (16#A0#), To_C (16#12#), To_C (16#9E#), + To_C (16#53#), To_C (16#DE#), To_C (16#91#), To_C (16#4C#), To_C (16#1D#), + To_C (16#6D#), To_C (16#EA#), To_C (16#59#), To_C (16#7B#), To_C (16#F2#), + To_C (16#77#), To_C (16#AA#), To_C (16#D9#), To_C (16#C6#), To_C (16#D9#), + To_C (16#8A#), To_C (16#AB#), To_C (16#D8#), To_C (16#E1#), To_C (16#16#), + To_C (16#E4#), To_C (16#63#), To_C (16#26#), To_C (16#FF#), To_C (16#B5#), + To_C (16#6C#), To_C (16#13#), To_C (16#59#), To_C (16#B8#), To_C (16#E3#), + To_C (16#A5#), To_C (16#C8#), To_C (16#72#), To_C (16#17#), To_C (16#2E#), + To_C (16#0C#), To_C (16#9F#), To_C (16#6F#), To_C (16#E5#), To_C (16#59#), + To_C (16#3F#), To_C (16#76#), To_C (16#6F#), To_C (16#49#), To_C (16#B1#), + To_C (16#11#), To_C (16#C2#), To_C (16#5A#), To_C (16#2E#), To_C (16#16#), + To_C (16#29#), To_C (16#0D#), To_C (16#DE#), To_C (16#B7#), To_C (16#8E#), + To_C (16#DC#), To_C (16#40#), To_C (16#D5#), To_C (16#A2#), To_C (16#EE#), + To_C (16#E0#), To_C (16#1E#), To_C (16#A1#), To_C (16#F4#), To_C (16#BE#), + To_C (16#97#), To_C (16#DB#), To_C (16#86#), To_C (16#63#), To_C (16#96#), + To_C (16#14#), To_C (16#CD#), To_C (16#98#), To_C (16#09#), To_C (16#60#), + To_C (16#2D#), To_C (16#30#), To_C (16#76#), To_C (16#9C#), To_C (16#3C#), + To_C (16#CD#), To_C (16#E6#), To_C (16#88#), To_C (16#EE#), To_C (16#47#), + To_C (16#92#), To_C (16#79#), To_C (16#0B#), To_C (16#5A#), To_C (16#00#), + To_C (16#E2#), To_C (16#5E#), To_C (16#5F#), To_C (16#11#), To_C (16#7C#), + To_C (16#7D#), To_C (16#F9#), To_C (16#08#), To_C (16#B7#), To_C (16#20#), + To_C (16#06#), To_C (16#89#), To_C (16#2A#), To_C (16#5D#), To_C (16#FD#), + To_C (16#00#), To_C (16#AB#), To_C (16#22#), To_C (16#E1#), To_C (16#F0#), + To_C (16#B3#), To_C (16#BC#), To_C (16#24#), To_C (16#A9#), To_C (16#5E#), + To_C (16#26#), To_C (16#0E#), To_C (16#1F#), To_C (16#00#), To_C (16#2D#), + To_C (16#FE#), To_C (16#21#), To_C (16#9A#), To_C (16#53#), To_C (16#5B#), + To_C (16#6D#), To_C (16#D3#), To_C (16#2B#), To_C (16#AB#), To_C (16#94#), + To_C (16#82#), To_C (16#68#), To_C (16#43#), To_C (16#36#), To_C (16#D8#), + To_C (16#F6#), To_C (16#2F#), To_C (16#C6#), To_C (16#22#), To_C (16#FC#), + To_C (16#B5#), To_C (16#41#), To_C (16#5D#), To_C (16#0D#), To_C (16#33#), + To_C (16#60#), To_C (16#EA#), To_C (16#A4#), To_C (16#7D#), To_C (16#7E#), + To_C (16#E8#), To_C (16#4B#), To_C (16#55#), To_C (16#91#), To_C (16#56#), + To_C (16#D3#), To_C (16#5C#), To_C (16#57#), To_C (16#8F#), To_C (16#1F#), + To_C (16#94#), To_C (16#17#), To_C (16#2F#), To_C (16#AA#), To_C (16#DE#), + To_C (16#E9#), To_C (16#9E#), To_C (16#A8#), To_C (16#F4#), To_C (16#CF#), + To_C (16#8A#), To_C (16#4C#), To_C (16#8E#), To_C (16#A0#), To_C (16#E4#), + To_C (16#56#), To_C (16#73#), To_C (16#B2#), To_C (16#CF#), To_C (16#4F#), + To_C (16#86#), To_C (16#C5#), To_C (16#69#), To_C (16#3C#), To_C (16#F3#), + To_C (16#24#), To_C (16#20#), To_C (16#8B#), To_C (16#5C#), To_C (16#96#), + To_C (16#0C#), To_C (16#FA#), To_C (16#6B#), To_C (16#12#), To_C (16#3B#), + To_C (16#9A#), To_C (16#67#), To_C (16#C1#), To_C (16#DF#), To_C (16#C6#), + To_C (16#96#), To_C (16#B2#), To_C (16#A5#), To_C (16#D5#), To_C (16#92#), + To_C (16#0D#), To_C (16#9B#), To_C (16#09#), To_C (16#42#), To_C (16#68#), + To_C (16#24#), To_C (16#10#), To_C (16#45#), To_C (16#D4#), To_C (16#50#), + To_C (16#E4#), To_C (16#17#), To_C (16#39#), To_C (16#48#), To_C (16#D0#), + To_C (16#35#), To_C (16#8B#), To_C (16#94#), To_C (16#6D#), To_C (16#11#), + To_C (16#DE#), To_C (16#8F#), To_C (16#CA#), To_C (16#59#), To_C (16#02#), + To_C (16#81#), To_C (16#81#), To_C (16#00#), To_C (16#EA#), To_C (16#24#), + To_C (16#A7#), To_C (16#F9#), To_C (16#69#), To_C (16#33#), To_C (16#E9#), + To_C (16#71#), To_C (16#DC#), To_C (16#52#), To_C (16#7D#), To_C (16#88#), + To_C (16#21#), To_C (16#28#), To_C (16#2F#), To_C (16#49#), To_C (16#DE#), + To_C (16#BA#), To_C (16#72#), To_C (16#16#), To_C (16#E9#), To_C (16#CC#), + To_C (16#47#), To_C (16#7A#), To_C (16#88#), To_C (16#0D#), To_C (16#94#), + To_C (16#57#), To_C (16#84#), To_C (16#58#), To_C (16#16#), To_C (16#3A#), + To_C (16#81#), To_C (16#B0#), To_C (16#3F#), To_C (16#A2#), To_C (16#CF#), + To_C (16#A6#), To_C (16#6C#), To_C (16#1E#), To_C (16#B0#), To_C (16#06#), + To_C (16#29#), To_C (16#00#), To_C (16#8F#), To_C (16#E7#), To_C (16#77#), + To_C (16#76#), To_C (16#AC#), To_C (16#DB#), To_C (16#CA#), To_C (16#C7#), + To_C (16#D9#), To_C (16#5E#), To_C (16#9B#), To_C (16#3F#), To_C (16#26#), + To_C (16#90#), To_C (16#52#), To_C (16#AE#), To_C (16#FC#), To_C (16#38#), + To_C (16#90#), To_C (16#00#), To_C (16#14#), To_C (16#BB#), To_C (16#B4#), + To_C (16#0F#), To_C (16#58#), To_C (16#94#), To_C (16#E7#), To_C (16#2F#), + To_C (16#6A#), To_C (16#7E#), To_C (16#1C#), To_C (16#4F#), To_C (16#41#), + To_C (16#21#), To_C (16#D4#), To_C (16#31#), To_C (16#59#), To_C (16#1F#), + To_C (16#4E#), To_C (16#8A#), To_C (16#1A#), To_C (16#8D#), To_C (16#A7#), + To_C (16#57#), To_C (16#6C#), To_C (16#22#), To_C (16#D8#), To_C (16#E5#), + To_C (16#F4#), To_C (16#7E#), To_C (16#32#), To_C (16#A6#), To_C (16#10#), + To_C (16#CB#), To_C (16#64#), To_C (16#A5#), To_C (16#55#), To_C (16#03#), + To_C (16#87#), To_C (16#A6#), To_C (16#27#), To_C (16#05#), To_C (16#8C#), + To_C (16#C3#), To_C (16#D7#), To_C (16#B6#), To_C (16#27#), To_C (16#B2#), + To_C (16#4D#), To_C (16#BA#), To_C (16#30#), To_C (16#DA#), To_C (16#47#), + To_C (16#8F#), To_C (16#54#), To_C (16#D3#), To_C (16#3D#), To_C (16#8B#), + To_C (16#84#), To_C (16#8D#), To_C (16#94#), To_C (16#98#), To_C (16#58#), + To_C (16#A5#), To_C (16#02#), To_C (16#81#), To_C (16#81#), To_C (16#00#), + To_C (16#D5#), To_C (16#38#), To_C (16#1B#), To_C (16#C3#), To_C (16#8F#), + To_C (16#C5#), To_C (16#93#), To_C (16#0C#), To_C (16#47#), To_C (16#0B#), + To_C (16#6F#), To_C (16#35#), To_C (16#92#), To_C (16#C5#), To_C (16#B0#), + To_C (16#8D#), To_C (16#46#), To_C (16#C8#), To_C (16#92#), To_C (16#18#), + To_C (16#8F#), To_C (16#F5#), To_C (16#80#), To_C (16#0A#), To_C (16#F7#), + To_C (16#EF#), To_C (16#A1#), To_C (16#FE#), To_C (16#80#), To_C (16#B9#), + To_C (16#B5#), To_C (16#2A#), To_C (16#BA#), To_C (16#CA#), To_C (16#18#), + To_C (16#B0#), To_C (16#5D#), To_C (16#A5#), To_C (16#07#), To_C (16#D0#), + To_C (16#93#), To_C (16#8D#), To_C (16#D8#), To_C (16#9C#), To_C (16#04#), + To_C (16#1C#), To_C (16#D4#), To_C (16#62#), To_C (16#8E#), To_C (16#A6#), + To_C (16#26#), To_C (16#81#), To_C (16#01#), To_C (16#FF#), To_C (16#CE#), + To_C (16#8A#), To_C (16#2A#), To_C (16#63#), To_C (16#34#), To_C (16#35#), + To_C (16#40#), To_C (16#AA#), To_C (16#6D#), To_C (16#80#), To_C (16#DE#), + To_C (16#89#), To_C (16#23#), To_C (16#6A#), To_C (16#57#), To_C (16#4D#), + To_C (16#9E#), To_C (16#6E#), To_C (16#AD#), To_C (16#93#), To_C (16#4E#), + To_C (16#56#), To_C (16#90#), To_C (16#0B#), To_C (16#6D#), To_C (16#9D#), + To_C (16#73#), To_C (16#8B#), To_C (16#0C#), To_C (16#AE#), To_C (16#27#), + To_C (16#3D#), To_C (16#DE#), To_C (16#4E#), To_C (16#F0#), To_C (16#AA#), + To_C (16#C5#), To_C (16#6C#), To_C (16#78#), To_C (16#67#), To_C (16#6C#), + To_C (16#94#), To_C (16#52#), To_C (16#9C#), To_C (16#37#), To_C (16#67#), + To_C (16#6C#), To_C (16#2D#), To_C (16#EF#), To_C (16#BB#), To_C (16#AF#), + To_C (16#DF#), To_C (16#A6#), To_C (16#90#), To_C (16#3C#), To_C (16#C4#), + To_C (16#47#), To_C (16#CF#), To_C (16#8D#), To_C (16#96#), To_C (16#9E#), + To_C (16#98#), To_C (16#A9#), To_C (16#B4#), To_C (16#9F#), To_C (16#C5#), + To_C (16#A6#), To_C (16#50#), To_C (16#DC#), To_C (16#B3#), To_C (16#F0#), + To_C (16#FB#), To_C (16#74#), To_C (16#17#), To_C (16#02#), To_C (16#81#), + To_C (16#80#), To_C (16#5E#), To_C (16#83#), To_C (16#09#), To_C (16#62#), + To_C (16#BD#), To_C (16#BA#), To_C (16#7C#), To_C (16#A2#), To_C (16#BF#), + To_C (16#42#), To_C (16#74#), To_C (16#F5#), To_C (16#7C#), To_C (16#1C#), + To_C (16#D2#), To_C (16#69#), To_C (16#C9#), To_C (16#04#), To_C (16#0D#), + To_C (16#85#), To_C (16#7E#), To_C (16#3E#), To_C (16#3D#), To_C (16#24#), + To_C (16#12#), To_C (16#C3#), To_C (16#18#), To_C (16#7B#), To_C (16#F3#), + To_C (16#29#), To_C (16#F3#), To_C (16#5F#), To_C (16#0E#), To_C (16#76#), + To_C (16#6C#), To_C (16#59#), To_C (16#75#), To_C (16#E4#), To_C (16#41#), + To_C (16#84#), To_C (16#69#), To_C (16#9D#), To_C (16#32#), To_C (16#F3#), + To_C (16#CD#), To_C (16#22#), To_C (16#AB#), To_C (16#B0#), To_C (16#35#), + To_C (16#BA#), To_C (16#4A#), To_C (16#B2#), To_C (16#3C#), To_C (16#E5#), + To_C (16#D9#), To_C (16#58#), To_C (16#B6#), To_C (16#62#), To_C (16#4F#), + To_C (16#5D#), To_C (16#DE#), To_C (16#E5#), To_C (16#9E#), To_C (16#0A#), + To_C (16#CA#), To_C (16#53#), To_C (16#B2#), To_C (16#2C#), To_C (16#F7#), + To_C (16#9E#), To_C (16#B3#), To_C (16#6B#), To_C (16#0A#), To_C (16#5B#), + To_C (16#79#), To_C (16#65#), To_C (16#EC#), To_C (16#6E#), To_C (16#91#), + To_C (16#4E#), To_C (16#92#), To_C (16#20#), To_C (16#F6#), To_C (16#FC#), + To_C (16#FC#), To_C (16#16#), To_C (16#ED#), To_C (16#D3#), To_C (16#76#), + To_C (16#0C#), To_C (16#E2#), To_C (16#EC#), To_C (16#7F#), To_C (16#B2#), + To_C (16#69#), To_C (16#13#), To_C (16#6B#), To_C (16#78#), To_C (16#0E#), + To_C (16#5A#), To_C (16#46#), To_C (16#64#), To_C (16#B4#), To_C (16#5E#), + To_C (16#B7#), To_C (16#25#), To_C (16#A0#), To_C (16#5A#), To_C (16#75#), + To_C (16#3A#), To_C (16#4B#), To_C (16#EF#), To_C (16#C7#), To_C (16#3C#), + To_C (16#3E#), To_C (16#F7#), To_C (16#FD#), To_C (16#26#), To_C (16#B8#), + To_C (16#20#), To_C (16#C4#), To_C (16#99#), To_C (16#0A#), To_C (16#9A#), + To_C (16#73#), To_C (16#BE#), To_C (16#C3#), To_C (16#19#), To_C (16#02#), + To_C (16#81#), To_C (16#81#), To_C (16#00#), To_C (16#BA#), To_C (16#44#), + To_C (16#93#), To_C (16#14#), To_C (16#AC#), To_C (16#34#), To_C (16#19#), + To_C (16#3B#), To_C (16#5F#), To_C (16#91#), To_C (16#60#), To_C (16#AC#), + To_C (16#F7#), To_C (16#B4#), To_C (16#D6#), To_C (16#81#), To_C (16#05#), + To_C (16#36#), To_C (16#51#), To_C (16#53#), To_C (16#3D#), To_C (16#E8#), + To_C (16#65#), To_C (16#DC#), To_C (16#AF#), To_C (16#2E#), To_C (16#DC#), + To_C (16#61#), To_C (16#3E#), To_C (16#C9#), To_C (16#7D#), To_C (16#B8#), + To_C (16#7F#), To_C (16#87#), To_C (16#F0#), To_C (16#3B#), To_C (16#9B#), + To_C (16#03#), To_C (16#82#), To_C (16#29#), To_C (16#37#), To_C (16#CE#), + To_C (16#72#), To_C (16#4E#), To_C (16#11#), To_C (16#D5#), To_C (16#B1#), + To_C (16#C1#), To_C (16#0C#), To_C (16#07#), To_C (16#A0#), To_C (16#99#), + To_C (16#91#), To_C (16#4A#), To_C (16#8D#), To_C (16#7F#), To_C (16#EC#), + To_C (16#79#), To_C (16#CF#), To_C (16#F1#), To_C (16#39#), To_C (16#B5#), + To_C (16#E9#), To_C (16#85#), To_C (16#EC#), To_C (16#62#), To_C (16#F7#), + To_C (16#DA#), To_C (16#7D#), To_C (16#BC#), To_C (16#64#), To_C (16#4D#), + To_C (16#22#), To_C (16#3C#), To_C (16#0E#), To_C (16#F2#), To_C (16#D6#), + To_C (16#51#), To_C (16#F5#), To_C (16#87#), To_C (16#D8#), To_C (16#99#), + To_C (16#C0#), To_C (16#11#), To_C (16#20#), To_C (16#5D#), To_C (16#0F#), + To_C (16#29#), To_C (16#FD#), To_C (16#5B#), To_C (16#E2#), To_C (16#AE#), + To_C (16#D9#), To_C (16#1C#), To_C (16#D9#), To_C (16#21#), To_C (16#56#), + To_C (16#6D#), To_C (16#FC#), To_C (16#84#), To_C (16#D0#), To_C (16#5F#), + To_C (16#ED#), To_C (16#10#), To_C (16#15#), To_C (16#1C#), To_C (16#18#), + To_C (16#21#), To_C (16#E7#), To_C (16#C4#), To_C (16#3D#), To_C (16#4B#), + To_C (16#D7#), To_C (16#D0#), To_C (16#9E#), To_C (16#6A#), To_C (16#95#), + To_C (16#CF#), To_C (16#22#), To_C (16#C9#), To_C (16#03#), To_C (16#7B#), + To_C (16#9E#), To_C (16#E3#), To_C (16#60#), To_C (16#01#), To_C (16#FC#), + To_C (16#2F#), To_C (16#02#), To_C (16#81#), To_C (16#80#), To_C (16#11#), + To_C (16#D0#), To_C (16#4B#), To_C (16#CF#), To_C (16#1B#), To_C (16#67#), + To_C (16#B9#), To_C (16#9F#), To_C (16#10#), To_C (16#75#), To_C (16#47#), + To_C (16#86#), To_C (16#65#), To_C (16#AE#), To_C (16#31#), To_C (16#C2#), + To_C (16#C6#), To_C (16#30#), To_C (16#AC#), To_C (16#59#), To_C (16#06#), + To_C (16#50#), To_C (16#D9#), To_C (16#0F#), To_C (16#B5#), To_C (16#70#), + To_C (16#06#), To_C (16#F7#), To_C (16#F0#), To_C (16#D3#), To_C (16#C8#), + To_C (16#62#), To_C (16#7C#), To_C (16#A8#), To_C (16#DA#), To_C (16#6E#), + To_C (16#F6#), To_C (16#21#), To_C (16#3F#), To_C (16#D3#), To_C (16#7F#), + To_C (16#5F#), To_C (16#EA#), To_C (16#8A#), To_C (16#AB#), To_C (16#3F#), + To_C (16#D9#), To_C (16#2A#), To_C (16#5E#), To_C (16#F3#), To_C (16#51#), + To_C (16#D2#), To_C (16#C2#), To_C (16#30#), To_C (16#37#), To_C (16#E3#), + To_C (16#2D#), To_C (16#A3#), To_C (16#75#), To_C (16#0D#), To_C (16#1E#), + To_C (16#4D#), To_C (16#21#), To_C (16#34#), To_C (16#D5#), To_C (16#57#), + To_C (16#70#), To_C (16#5C#), To_C (16#89#), To_C (16#BF#), To_C (16#72#), + To_C (16#EC#), To_C (16#4A#), To_C (16#6E#), To_C (16#68#), To_C (16#D5#), + To_C (16#CD#), To_C (16#18#), To_C (16#74#), To_C (16#33#), To_C (16#4E#), + To_C (16#8C#), To_C (16#3A#), To_C (16#45#), To_C (16#8F#), To_C (16#E6#), + To_C (16#96#), To_C (16#40#), To_C (16#EB#), To_C (16#63#), To_C (16#F9#), + To_C (16#19#), To_C (16#86#), To_C (16#3A#), To_C (16#51#), To_C (16#DD#), + To_C (16#89#), To_C (16#4B#), To_C (16#B0#), To_C (16#F3#), To_C (16#F9#), + To_C (16#9F#), To_C (16#5D#), To_C (16#28#), To_C (16#95#), To_C (16#38#), + To_C (16#BE#), To_C (16#35#), To_C (16#AB#), To_C (16#CA#), To_C (16#5C#), + To_C (16#E7#), To_C (16#93#), To_C (16#53#), To_C (16#34#), To_C (16#A1#), + To_C (16#45#), To_C (16#5D#), To_C (16#13#), To_C (16#39#), To_C (16#65#), + To_C (16#42#), To_C (16#46#), To_C (16#A1#), To_C (16#9F#), To_C (16#CD#), + To_C (16#F5#), To_C (16#BF#)); + + procedure Put (Text : String) renames Ada.Text_IO.Put; + + procedure Put (Value : Integer) is + begin + Ada.Integer_Text_IO.Put (Value); + end Put; + + procedure New_Line is + begin + Ada.Text_IO.New_Line; + end New_Line; + + use type WolfSSL.Subprogram_Result; + + Original_AES_Key : constant WolfSSL.Byte_Array (1 .. 32) := + "Thisismyfakeaeskeythatis32bytes!"; + + Digital_Signature_Of_AES_Key : WolfSSL.Byte_Array (1 .. 256); + + Decrypted_Digital_Signature : WolfSSL.Byte_Array (1 .. 256); + + Encrypted : WolfSSL.Byte_Array (1 .. 1_024); + -- Actually only needs to be at least 256 bytes. + -- The purpose is to store the Original_AES_Key encrypted. + + Decrypted : WolfSSL.Byte_Array (1 .. 1_024); + -- Actually only needs to be at least 32 bytes. + -- The purpose is to store the Original_AES_Key after + -- first being encrypted and then decrypted. + -- After the process, this byte array should contain the same + -- contents as Original_AES_KEY. + + Hash : WolfSSL.SHA256_Hash; + SHA256 : WolfSSL.SHA256_Type; + R : Integer; + + RNG : WolfSSL.RNG_Type; + + RSA_Encrypt_Key : WolfSSL.RSA_Key_Type; + RSA_Decrypt_Key : WolfSSL.RSA_Key_Type; + Index : WolfSSL.Byte_Index; + + -- Release any resources that may have been acquired so far. + -- Safe to call multiple times and safe when handles are null. + procedure Cleanup is + begin + if WolfSSL.Is_Valid (RSA_Encrypt_Key) then + WolfSSL.Free_RSA (Key => RSA_Encrypt_Key); + end if; + + if WolfSSL.Is_Valid (RSA_Decrypt_Key) then + WolfSSL.Free_RSA (Key => RSA_Decrypt_Key); + end if; + + if WolfSSL.Is_Valid (RNG) then + WolfSSL.Free_RNG (Key => RNG); + end if; + end Cleanup; +begin + WolfSSL.Create_RNG (Key => RNG, + Result => R); + if R /= 0 then + Put ("Attaining RNG key instance failed"); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.Create_RSA (Key => RSA_Encrypt_Key, + Result => R); + if R /= 0 then + Put ("Attaining RSA key instance failed"); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.Rsa_Set_RNG (Key => RSA_Encrypt_Key, + RNG => RNG, + Result => R); + if R /= 0 then + Put ("Associating RSA key with random number generator failed"); + New_Line; + Cleanup; + return; + end if; + + Index := Client_Private_Key_2048'First; + WolfSSL.Rsa_Private_Key_Decode (Input => Client_Private_Key_2048, + Index => Index, + Key => RSA_Encrypt_Key, + Size => Client_Private_Key_2048'Length, + Result => R); + if R /= 0 then + Put ("Loading private RSA key failed with error code "); + Put (R); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.Rsa_SSL_Sign (Input => Original_AES_Key, + Output => Digital_Signature_Of_AES_Key, + RSA => RSA_Encrypt_Key, + RNG => RNG, + Result => R); + if R < 0 then + Put ("Creating digital signature using RSA private key failed"); + Put (R); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.Create_RSA (Key => RSA_Decrypt_Key, + Result => R); + if R /= 0 then + Put ("Attaining RSA key instance failed"); + New_Line; + Cleanup; + return; + end if; + + Index := Rsa_Public_key_2048'First; + WolfSSL.Rsa_Public_Key_Decode (Input => Rsa_Public_key_2048, + Index => Index, + Key => RSA_Decrypt_Key, + Size => Rsa_Public_key_2048'Length, + Result => R); + if R /= 0 then + Put ("Loading public RSA key failed with DER encoded key"); + Put (R); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.Rsa_SSL_Verify (Input => Digital_Signature_Of_AES_Key, + Output => Decrypted_Digital_Signature, + RSA => RSA_Decrypt_Key, + Result => R); + if R < 0 then + Put ("Verify digital signature failed"); + Put (R); + New_Line; + Cleanup; + return; + end if; + Put ("Successful verification of RSA based digital signature."); + New_Line; + + WolfSSL.RSA_Public_Encrypt (Input => Original_AES_Key, + Output => Encrypted, + Index => Index, + RSA => RSA_Decrypt_Key, + RNG => RNG, + Result => R); + if R < 0 then + Put ("Failed to encrypt the original AES key"); + Put (R); + New_Line; + Cleanup; + return; + end if; + + WolfSSL.RSA_Private_Decrypt (Input => Encrypted (1 .. Index), + Output => Decrypted, + Index => Index, + RSA => RSA_Encrypt_Key, + Result => R); + if R < 0 then + Put ("Failed to decrypt the encrypted original AES key"); + Put (R); + New_Line; + Cleanup; + return; + end if; + + if Integer (Index) /= 32 then + Put ("Decryption of the encrypted original AES key, wrong size"); + New_Line; + Cleanup; + return; + end if; + + if Original_AES_Key = Decrypted (1 .. 32) then + Put ("Successfully encrypted and decrypted using RSA."); + New_Line; + else + Put ("Failed to encrypt and decrypt original AES key."); + New_Line; + end if; + + Cleanup; +end Rsa_Verify_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/sha256_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/sha256_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/sha256_main.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/sha256_main.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,46 @@ +with Ada.Text_IO; +with WolfSSL; + +procedure SHA256_Main is + procedure Put (Text : String) renames Ada.Text_IO.Put; + + procedure New_Line is + begin + Ada.Text_IO.New_Line; + end New_Line; + + use type WolfSSL.Subprogram_Result; + + Hash : WolfSSL.SHA256_Hash; + B : WolfSSL.Byte_Array := (1 => 'a', + 2 => 's', + 3 => 'd', + 4 => 'f'); + SHA256 : WolfSSL.SHA256_Type; + R : Integer; +begin + WolfSSL.Create_SHA256 (SHA256 => SHA256, Result => R); + if R /= 0 then + Put ("SHA256 instance creation failed"); + New_Line; + return; + end if; + WolfSSL.Update_SHA256 (SHA256 => SHA256, Byte => B, Result => R); + if R /= 0 then + Put ("Update of SHA256 instance failed"); + New_Line; + return; + end if; + WolfSSL.Finalize_SHA256 (SHA256 => SHA256, + Hash => Hash, + Result => R); + if R = 0 then + Put ("SHA256 hash computed successfully"); + New_Line; + else + Put ("Finalization of SHA256 instance failed"); + New_Line; + end if; + + WolfSSL.Free_SHA256 (SHA256 => SHA256); +end SHA256_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,173 @@ +-- spark_sockets.adb +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +with Ada.Streams; +with Interfaces.C; + +package body SPARK_Sockets is + + function Inet_Addr (Image : String) return Optional_Inet_Addr is + A : Inet_Addr_Type; + begin + A := GNAT.Sockets.Inet_Addr (Image); + return (Exists => True, Addr => A); + exception + when others => + return (Exists => False); + end Inet_Addr; + + procedure Create_Socket + (Socket : in out Optional_Socket; + Family : GNAT.Sockets.Family_Type; + Mode : GNAT.Sockets.Mode_Type) is + S : Socket_Type; + begin + GNAT.Sockets.Create_Socket (S, Family, Mode); + Socket := (Exists => True, Socket => S); + exception + when others => + Socket := (Exists => False); + end Create_Socket; + + procedure Create_Stream_Socket (Socket : in out Optional_Socket) is + begin + Create_Socket + (Socket => Socket, + Family => GNAT.Sockets.Family_Inet, + Mode => GNAT.Sockets.Socket_Stream); + end Create_Stream_Socket; + + procedure Create_Datagram_Socket (Socket : in out Optional_Socket) is + begin + Create_Socket + (Socket => Socket, + Family => GNAT.Sockets.Family_Inet, + Mode => GNAT.Sockets.Socket_Datagram); + end Create_Datagram_Socket; + + function Connect_Socket (Socket : Socket_Type; + Server : Sock_Addr_Type) + return Subprogram_Result is + begin + GNAT.Sockets.Connect_Socket (Socket, Server); + return Success; + exception + when others => + return Failure; + end Connect_Socket; + + function To_C (Socket : Socket_Type) return Integer is + begin + -- The call to GNAT.Sockets.To_C can never raise an exception. + return GNAT.Sockets.To_C (Socket); + end To_C; + + procedure Close_Socket (Socket : in out Optional_Socket) is + begin + GNAT.Sockets.Close_Socket (Socket.Socket); + Socket := (Exists => False); + end Close_Socket; + + function Set_Socket_Option (Socket : Socket_Type; + Level : Level_Type; + Option : Option_Type) + return Subprogram_Result is + begin + GNAT.Sockets.Set_Socket_Option (Socket, Level, Option); + return Success; + exception + when others => + return Failure; + end Set_Socket_Option; + + function Bind_Socket (Socket : Socket_Type; + Address : Sock_Addr_Type) + return Subprogram_Result is + begin + GNAT.Sockets.Bind_Socket (Socket, Address); + return Success; + exception + when others => + return Failure; + end Bind_Socket; + + function Listen_Socket (Socket : Socket_Type; + Length : Natural) return Subprogram_Result is + begin + GNAT.Sockets.Listen_Socket (Socket, Length); + return Success; + exception + when others => + return Failure; + end Listen_Socket; + + function Receive_Socket + (Socket : Socket_Type) + return Subprogram_Result is + + Item : Ada.Streams.Stream_Element_Array (1 .. 4096); + Last : Ada.Streams.Stream_Element_Offset; + From : GNAT.Sockets.Sock_Addr_Type; + + begin + GNAT.Sockets.Receive_Socket (Socket, Item, Last, From); + return Success; + exception + when others => + return Failure; + end Receive_Socket; + + procedure Accept_Socket (Server : Socket_Type; + Socket : out Optional_Socket; + Address : out Sock_Addr_Type; + Result : out Subprogram_Result) is + C : Socket_Type; + begin + GNAT.Sockets.Accept_Socket (Server, C, Address); + Socket := (Exists => True, Socket => C); + Result := Success; + exception + when others => + Socket := (Exists => False); + Address := (Family => GNAT.Sockets.Family_Unspec); + Result := Failure; + end Accept_Socket; + + procedure To_C (Item : String; + Target : out Byte_Array; + Count : out Byte_Index) is + begin + Interfaces.C.To_C (Item => Item, + Target => Target, + Count => Count, + Append_Nul => False); + end To_C; + + procedure To_Ada (Item : Byte_Array; + Target : out String; + Count : out Natural) is + begin + Interfaces.C.To_Ada (Item => Item, + Target => Target, + Count => Count, + Trim_Nul => False); + end To_Ada; + +end SPARK_Sockets; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_sockets.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,141 @@ +-- spark_sockets.ads +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +-- GNAT Library packages. +with GNAT.Sockets; + +-- The WolfSSL package. +with WolfSSL; + +-- This is a wrapper package around the GNAT.Sockets package. +-- GNAT.Sockets raises exceptions to signal errors but exceptions +-- are not supported by SPARK. This package converts raised exceptions +-- into returned enumeration values by functions indicating success +-- or failure. +-- +-- The intended use of this package is to demonstrate the usage +-- of the WolfSSL Ada binding in Ada/SPARK code. +package SPARK_Sockets with SPARK_Mode is + + subtype Byte_Array is WolfSSL.Byte_Array; + subtype Byte_Index is WolfSSL.Byte_Index; use type Byte_Index; + + subtype Port_Type is GNAT.Sockets.Port_Type; + + subtype Level_Type is GNAT.Sockets.Level_Type; + + subtype Socket_Type is GNAT.Sockets.Socket_Type; + subtype Option_Name is GNAT.Sockets.Option_Name; + subtype Option_Type is GNAT.Sockets.Option_Type; + subtype Family_Type is GNAT.Sockets.Family_Type; + + subtype Sock_Addr_Type is GNAT.Sockets.Sock_Addr_Type; + subtype Inet_Addr_Type is GNAT.Sockets.Inet_Addr_Type; + + Socket_Error : exception renames GNAT.Sockets.Socket_Error; + + Reuse_Address : Option_Name renames GNAT.Sockets.Reuse_Address; + + Socket_Level : Level_Type renames GNAT.Sockets.Socket_Level; + + Family_Inet : Family_Type renames GNAT.Sockets.Family_Inet; + use type GNAT.Sockets.Family_Type; + + Any_Inet_Addr : Inet_Addr_Type renames GNAT.Sockets.Any_Inet_Addr; + + subtype Subprogram_Result is WolfSSL.Subprogram_Result; + use type Subprogram_Result; + + Success : Subprogram_Result renames WolfSSL.Success; + Failure : Subprogram_Result renames WolfSSL.Failure; + + type Optional_Inet_Addr (Exists : Boolean := False) is record + case Exists is + when True => Addr : Inet_Addr_Type; + when False => null; + end case; + end record; + + function Inet_Addr (Image : String) return Optional_Inet_Addr; + + type Optional_Socket (Exists : Boolean := False) is record + case Exists is + when True => Socket : Socket_Type; + when False => null; + end case; + end record; + + procedure Create_Stream_Socket (Socket : in out Optional_Socket) with + Pre => not Socket.Exists; + + procedure Create_Datagram_Socket (Socket : in out Optional_Socket) with + Pre => not Socket.Exists; + + function Connect_Socket (Socket : Socket_Type; + Server : Sock_Addr_Type) + return Subprogram_Result; + + function To_C (Socket : Socket_Type) return Integer with Inline; + + -- Close a socket and more specifically a non-connected socket. + procedure Close_Socket (Socket : in out Optional_Socket) with + Pre => Socket.Exists, + Post => not Socket.Exists; + + function Set_Socket_Option (Socket : Socket_Type; + Level : Level_Type; + Option : Option_Type) + return Subprogram_Result; + -- Manipulate socket options. + + function Bind_Socket (Socket : Socket_Type; + Address : Sock_Addr_Type) + return Subprogram_Result; + + function Listen_Socket (Socket : Socket_Type; + Length : Natural) return Subprogram_Result; + -- To accept connections, a socket is first created with + -- Create_Socket, a willingness to accept incoming connections and + -- a queue Length for incoming connections are specified. + -- The queue length of 15 is an example value that should be + -- appropriate in usual cases. It can be adjusted according to each + -- application's particular requirements. + + function Receive_Socket (Socket : Socket_Type) return Subprogram_Result; + + procedure Accept_Socket (Server : Socket_Type; + Socket : out Optional_Socket; + Address : out Sock_Addr_Type; + Result : out Subprogram_Result) with + Post => (if Result = Success then Socket.Exists else not Socket.Exists); + + procedure To_C (Item : String; + Target : out Byte_Array; + Count : out Byte_Index) with + Pre => Item'Length <= Target'Length, + Post => Count <= Target'Last; + + procedure To_Ada (Item : Byte_Array; + Target : out String; + Count : out Natural) with + Pre => Item'Length <= Target'Length, + Post => Count <= Target'Last; + +end SPARK_Sockets; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +package body SPARK_Terminal is + + procedure Set_Exit_Status (Status : Exit_Status) is + begin + Ada.Command_Line.Set_Exit_Status (Status); + end Set_Exit_Status; + + function Argument_Count return Natural is + begin + return Ada.Command_Line.Argument_Count; + end Argument_Count; + + function Argument (Number : Positive) return String is + begin + return Ada.Command_Line.Argument (Number); + end Argument; + +end SPARK_Terminal; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/spark_terminal.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,42 @@ +-- spark_sockets.ads +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +with Ada.Command_Line; + +-- SPARK wrapper package around the Ada.Command_Line package +-- because this package lacks contracts in the specification +-- file that SPARK can use to verify the context in which +-- subprograms can safely be called. +package SPARK_Terminal with SPARK_Mode is + + subtype Exit_Status is Ada.Command_Line.Exit_Status; + + Exit_Status_Success : Exit_Status renames Ada.Command_Line.Success; + Exit_Status_Failure : Exit_Status renames Ada.Command_Line.Failure; + + procedure Set_Exit_Status (Status : Exit_Status) with + Global => null; + + function Argument_Count return Natural; + + function Argument (Number : Positive) return String with + Pre => Number <= Argument_Count; + +end SPARK_Terminal; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,463 @@ +-- tls_client.adb +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +-- Ada Standard Library packages. +with Ada.Characters.Handling; +with Ada.Strings.Bounded; +with Ada.Text_IO; +with Ada.Directories; +with Interfaces.C.Strings; + +with SPARK_Terminal; + +with WolfSSL.Full_Runtime; + +package body Tls_Client with SPARK_Mode is + + use type WolfSSL.Mode_Type; + use type WolfSSL.Byte_Index; + use type WolfSSL.Byte_Array; + use type WolfSSL.Subprogram_Result; + + subtype Byte_Index is WolfSSL.Byte_Index; + + Success : WolfSSL.Subprogram_Result renames WolfSSL.Success; + + subtype Byte_Type is WolfSSL.Byte_Type; + + subtype chars_ptr is WolfSSL.Full_Runtime.chars_ptr; + subtype unsigned is WolfSSL.unsigned; + + package Natural_IO is new Ada.Text_IO.Integer_IO (Natural); + + function PSK_Client_Callback + (Unused : WolfSSL.WolfSSL_Type; + Hint : chars_ptr; + Identity : chars_ptr; + Id_Max_Length : unsigned; + Key : chars_ptr; + Key_Max_Length : unsigned) return unsigned + with Convention => C; + + function PSK_Client_Callback + (Unused : WolfSSL.WolfSSL_Type; + Hint : chars_ptr; + Identity : chars_ptr; + Id_Max_Length : unsigned; + Key : chars_ptr; + Key_Max_Length : unsigned) return unsigned + with + SPARK_Mode => Off + is + use type Interfaces.C.unsigned; + + Hint_String : constant String := Interfaces.C.Strings.Value (Hint); + + -- Identity is OpenSSL testing default for openssl s_client, keep same + Identity_String : constant String := "Client_identity"; + -- Test key in hex is 0x1a2b3c4d, in decimal 439,041,101 + Key_String : constant String := + Character'Val (26) + & Character'Val (43) + & Character'Val (60) + & Character'Val (77); + -- These values are aligned with test values in wolfssl/wolfssl/test.h + -- and wolfssl-examples/psk/server-psk.c for testing interoperability. + + begin + + Ada.Text_IO.Put_Line ("Hint: " & Hint_String); + + pragma Assert (Id_Max_Length >= Identity_String'Length); + + Interfaces.C.Strings.Update + (Item => Identity, + Offset => 0, + Str => Identity_String, + Check => False); + + pragma Assert (Key_Max_Length >= Key_String'Length); + + Interfaces.C.Strings.Update + (Item => Key, + Offset => 0, + Str => Key_String, + Check => False); + + return Key_String'Length; + end PSK_Client_Callback; + + procedure Put (Text : String) is + begin + Ada.Text_IO.Put (Text); + end Put; + + procedure Put (Number : Natural) + with + Annotate => (GNATprove, Might_Not_Return) + is + begin + Natural_IO.Put (Item => Number, Width => 0, Base => 10); + end Put; + + procedure Put (Number : Byte_Index) + with + Annotate => (GNATprove, Might_Not_Return) + is + begin + Natural_IO.Put (Item => Natural (Number), Width => 0, Base => 10); + end Put; + + procedure Put_Line (Text : String) is + begin + Ada.Text_IO.Put_Line (Text); + end Put_Line; + + procedure New_Line is + begin + Ada.Text_IO.New_Line; + end New_Line; + + subtype Exit_Status is SPARK_Terminal.Exit_Status; + + Exit_Status_Success : Exit_Status renames SPARK_Terminal.Exit_Status_Success; + Exit_Status_Failure : Exit_Status renames SPARK_Terminal.Exit_Status_Failure; + + procedure Set (Status : Exit_Status) with Global => null is + begin + SPARK_Terminal.Set_Exit_Status (Status); + end Set; + + subtype Port_Type is SPARK_Sockets.Port_Type; + + subtype Level_Type is SPARK_Sockets.Level_Type; + + subtype Socket_Type is SPARK_Sockets.Socket_Type; + subtype Option_Name is SPARK_Sockets.Option_Name; + subtype Option_Type is SPARK_Sockets.Option_Type; + subtype Family_Type is SPARK_Sockets.Family_Type; + + subtype Sock_Addr_Type is SPARK_Sockets.Sock_Addr_Type; + subtype Inet_Addr_Type is SPARK_Sockets.Inet_Addr_Type; + + use type Family_Type; + + Socket_Error : exception renames SPARK_Sockets.Socket_Error; + + Reuse_Address : Option_Name renames SPARK_Sockets.Reuse_Address; + + Socket_Level : Level_Type renames SPARK_Sockets.Socket_Level; + + Family_Inet : Family_Type renames SPARK_Sockets.Family_Inet; + + Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; + + CERT_FILE : constant String := "../../../certs/client-cert.pem"; + KEY_FILE : constant String := "../../../certs/client-key.pem"; + CA_FILE : constant String := "../../../certs/ca-cert.pem"; + + subtype Byte_Array is WolfSSL.Byte_Array; + + function Argument_Count return Natural renames + SPARK_Terminal.Argument_Count; + + function Argument (Number : Positive) return String with + Pre => Number <= Argument_Count; + + function Argument (Number : Positive) return String is + begin + return SPARK_Terminal.Argument (Number); + end Argument; + + procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; + Ctx : in out WolfSSL.Context_Type; + Client : in out SPARK_Sockets.Optional_Socket) is + A : Sock_Addr_Type; + C : SPARK_Sockets.Optional_Socket renames Client; + D : Byte_Array (1 .. 200); + P : constant Port_Type := 11111; + + Addr : SPARK_Sockets.Optional_Inet_Addr; + + Count : WolfSSL.Byte_Index; + + Text : String (1 .. 200); + Last : Natural; + + Input : WolfSSL.Read_Result; + Output : WolfSSL.Write_Result; + + Result : WolfSSL.Subprogram_Result; + DTLS : Boolean := False; + PSK : Boolean := False; + begin + Result := WolfSSL.Initialize; + if Result /= Success then + Put_Line ("ERROR: Failed to initialize the WolfSSL library."); + return; + end if; + + if Argument_Count < 1 + or Argument_Count > 2 + or (Argument_Count = 2 and then + Argument (2) /= "--dtls" and then + Argument (2) /= "--psk") + then + Put_Line ("usage: tls_client_main [--dtls | --psk]"); + return; + end if; + + if Argument_Count = 2 then + DTLS := (Argument (2) = "--dtls"); + PSK := (Argument (2) = "--psk"); + end if; + + if DTLS then + SPARK_Sockets.Create_Datagram_Socket (C); + else + SPARK_Sockets.Create_Stream_Socket (C); + end if; + + if not C.Exists then + declare + Mode : constant String := (if DTLS then "datagram" else "stream"); + begin + Put_Line ("ERROR: Failed to create " & Mode & " socket."); + return; + end; + end if; + + Addr := SPARK_Sockets.Inet_Addr (Argument (1)); + if not Addr.Exists or + (Addr.Exists and then Addr.Addr.Family /= Family_Inet) + then + Put_Line ("ERROR: please specify IPv4 address."); + SPARK_Sockets.Close_Socket (C); + Set (Exit_Status_Failure); + return; + end if; + A := (Family => Family_Inet, + Addr => Addr.Addr, + Port => P); + + if not DTLS then + Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket, + Server => A); + if Result /= Success then + Put_Line ("ERROR: Failed to connect to server."); + SPARK_Sockets.Close_Socket (C); + Set (Exit_Status_Failure); + return; + end if; + end if; + + -- Create and initialize WOLFSSL_CTX. + if DTLS then + declare + Method : WolfSSL.Method_Type := + WolfSSL.DTLSv1_3_Client_Method; + begin + pragma Warnings (Off, """Method"" is set by ""Create_Context"" but not used after the call"); + WolfSSL.Create_Context (Method => Method, Context => Ctx); + pragma Warnings (On, """Method"" is set by ""Create_Context"" but not used after the call"); + end; + else + declare + Method : WolfSSL.Method_Type := + WolfSSL.TLSv1_3_Client_Method; + begin + pragma Warnings (Off, """Method"" is set by ""Create_Context"" but not used after the call"); + WolfSSL.Create_Context (Method => Method, Context => Ctx); + pragma Warnings (On, """Method"" is set by ""Create_Context"" but not used after the call"); + end; + end if; + + if not WolfSSL.Is_Valid (Ctx) then + Put_Line ("ERROR: failed to create WOLFSSL_CTX."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Require mutual authentication. + WolfSSL.Set_Verify + (Context => Ctx, + Mode => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert); + + if not PSK then + + -- Load client certificate into WOLFSSL_CTX. + Result := WolfSSL.Use_Certificate_File (Context => Ctx, + File => CERT_FILE, + Format => WolfSSL.Format_Pem); + if Result /= Success then + Put ("ERROR: failed to load "); + Put (CERT_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Load client key into WOLFSSL_CTX. + Result := WolfSSL.Use_Private_Key_File (Context => Ctx, + File => KEY_FILE, + Format => WolfSSL.Format_Pem); + if Result /= Success then + Put ("ERROR: failed to load "); + Put (KEY_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Load CA certificate into WOLFSSL_CTX. + Result := WolfSSL.Load_Verify_Locations (Context => Ctx, + File => CA_FILE, + Path => ""); + if Result /= Success then + Put ("ERROR: failed to load "); + Put (CA_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + end if; + + -- Create a WOLFSSL object. + WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); + if not WolfSSL.Is_Valid (Ssl) then + Put_Line ("ERROR: failed to create WOLFSSL object."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + if PSK then + -- Use PSK for authentication. + WolfSSL.Full_Runtime.Set_PSK_Client_Callback + (Ssl => Ssl, + Callback => PSK_Client_Callback'Access); + end if; + + if DTLS then + Result := WolfSSL.Full_Runtime.DTLS_Set_Peer(Ssl => Ssl, + Address => A); + if Result /= Success then + Put_Line ("ERROR: Failed to set the DTLS peer."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + end if; + + -- Attach wolfSSL to the socket. + Result := WolfSSL.Attach (Ssl => Ssl, + Socket => SPARK_Sockets.To_C (C.Socket)); + if Result /= Success then + Put_Line ("ERROR: Failed to set the file descriptor."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + Result := WolfSSL.Connect (Ssl); + if Result /= Success then + Put_Line ("ERROR: failed to connect to wolfSSL."); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + Put ("Message for server: "); + Ada.Text_IO.Get_Line (Text, Last); + + SPARK_Sockets.To_C (Item => Text (1 .. Last), + Target => D, + Count => Count); + WolfSSL.Write (Ssl => Ssl, + Data => D (1 .. Count), + Result => Output); + if not Output.Success then + Put ("ERROR: write failure"); + New_Line; + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + return; + end if; + + if Natural (Output.Bytes_Written) < Last then + Put ("ERROR: failed to write entire message"); + New_Line; + Put (Output.Bytes_Written); + Put (" bytes of "); + Put (Last); + Put ("bytes were sent"); + New_Line; + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + return; + end if; + + WolfSSL.Read (Ssl => Ssl, Result => Input); + if not Input.Success or Input.Last > Text'Length then + Put_Line ("Read error or response too long."); + Set (Exit_Status_Failure); + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + return; + end if; + SPARK_Sockets.To_Ada (Item => Input.Buffer, + Target => Text, + Count => Last); + Put ("Server: "); + Put (Text (1 .. Last)); + New_Line; + + SPARK_Sockets.Close_Socket (C); + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Result := WolfSSL.Finalize; + if Result /= Success then + Put_Line ("ERROR: Failed to finalize the WolfSSL library."); + end if; + end Run; + +end Tls_Client; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,38 @@ +-- tls_client.ads +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +-- The WolfSSL package. +with WolfSSL; pragma Elaborate_All (WolfSSL); + +with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); + +package Tls_Client with SPARK_Mode is + + procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; + Ctx : in out WolfSSL.Context_Type; + Client : in out SPARK_Sockets.Optional_Socket) with + Pre => (not Client.Exists and not + WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)), + Post => (not Client.Exists and not WolfSSL.Is_Valid (Ssl) and + not WolfSSL.Is_Valid (Ctx)), + + Annotate => (GNATprove, Might_Not_Return); + +end Tls_Client; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client_main.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_client_main.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,32 @@ +-- tls_client_main.adb +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +with Tls_Client; pragma Elaborate_All (Tls_Client); +with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); +with WolfSSL; pragma Elaborate_All (WolfSSL); +-- Application entry point for the Ada translation of the +-- tls client v1.3 example in C. +procedure Tls_Client_Main is + Ssl : WolfSSL.WolfSSL_Type; + Ctx : WolfSSL.Context_Type; + C : SPARK_Sockets.Optional_Socket; +begin + Tls_Client.Run (Ssl, Ctx, Client => C); +end Tls_Client_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,493 @@ +-- tls_server.adb +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +-- Ada Standard Library packages. +with Ada.Characters.Handling; +with Ada.Strings.Bounded; +with Ada.Text_IO.Bounded_IO; + +with Interfaces.C.Strings; + +with SPARK_Terminal; pragma Elaborate_All (SPARK_Terminal); + +with WolfSSL.Full_Runtime; + +package body Tls_Server with SPARK_Mode is + + use type WolfSSL.Mode_Type; + use type WolfSSL.Byte_Index; + use type WolfSSL.Byte_Array; + use type WolfSSL.Subprogram_Result; + + Success : WolfSSL.Subprogram_Result renames WolfSSL.Success; + + subtype chars_ptr is WolfSSL.Full_Runtime.chars_ptr; + subtype unsigned is WolfSSL.unsigned; + + procedure Put (Char : Character) is + begin + Ada.Text_IO.Put (Char); + end Put; + + procedure Put (Text : String) is + begin + Ada.Text_IO.Put (Text); + end Put; + + procedure Put_Line (Text : String) is + begin + Ada.Text_IO.Put_Line (Text); + end Put_Line; + + procedure New_Line is + begin + Ada.Text_IO.New_Line; + end New_Line; + + subtype Exit_Status is SPARK_Terminal.Exit_Status; + + Exit_Status_Success : Exit_Status renames SPARK_Terminal.Exit_Status_Success; + Exit_Status_Failure : Exit_Status renames SPARK_Terminal.Exit_Status_Failure; + + procedure Set (Status : Exit_Status) with Global => null is + begin + SPARK_Terminal.Set_Exit_Status (Status); + end Set; + + subtype Port_Type is SPARK_Sockets.Port_Type; + + subtype Level_Type is SPARK_Sockets.Level_Type; + + subtype Socket_Type is SPARK_Sockets.Socket_Type; + subtype Option_Name is SPARK_Sockets.Option_Name; + subtype Option_Type is SPARK_Sockets.Option_Type; + subtype Family_Type is SPARK_Sockets.Family_Type; + + subtype Sock_Addr_Type is SPARK_Sockets.Sock_Addr_Type; + subtype Inet_Addr_Type is SPARK_Sockets.Inet_Addr_Type; + + Socket_Error : exception renames SPARK_Sockets.Socket_Error; + + Reuse_Address : Option_Name renames SPARK_Sockets.Reuse_Address; + + Socket_Level : Level_Type renames SPARK_Sockets.Socket_Level; + + Family_Inet : Family_Type renames SPARK_Sockets.Family_Inet; + + Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; + + CERT_FILE : constant String := "../../../certs/server-cert.pem"; + KEY_FILE : constant String := "../../../certs/server-key.pem"; + CA_FILE : constant String := "../../../certs/client-cert.pem"; + + subtype Byte_Array is WolfSSL.Byte_Array; + + Reply : constant Byte_Array := "I hear ya fa shizzle!"; + + + function PSK_Server_Callback + (Unused : WolfSSL.WolfSSL_Type; + Identity : chars_ptr; + Key : chars_ptr; + Key_Max_Length : unsigned) return unsigned + with Convention => C; + + function PSK_Server_Callback + (Unused : WolfSSL.WolfSSL_Type; + Identity : chars_ptr; + Key : chars_ptr; + Key_Max_Length : unsigned) return unsigned + with + SPARK_Mode => Off + is + use type Interfaces.C.unsigned; + + -- Identity is OpenSSL testing default for openssl s_client, keep same + Identity_String : constant String := "Client_identity"; + -- Test key in hex is 0x1a2b3c4d, in decimal 439,041,101 + Key_String : constant String := + (Character'Val (26), + Character'Val (43), + Character'Val (60), + Character'Val (77)); + -- These values are aligned with test values in wolfssl/wolfssl/test.h + -- and wolfssl-examples/psk/server-psk.c for testing interoperability. + + begin + + if Interfaces.C.Strings.Value + (Item => Identity, + Length => Identity_String'Length) /= Identity_String or else + Key_Max_Length < Key_String'Length + then + return 0; + end if; + + Interfaces.C.Strings.Update + (Item => Key, + Offset => 0, + Str => Key_String, + Check => False); + + return Key_String'Length; + end PSK_Server_Callback; + + procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; + Ctx : in out WolfSSL.Context_Type; + L : in out SPARK_Sockets.Optional_Socket; + C : in out SPARK_Sockets.Optional_Socket) is + A : Sock_Addr_Type; + P : constant Port_Type := 11111; + + Ch : Character; + + Result : WolfSSL.Subprogram_Result; + DTLS, PSK : Boolean := False; + Shall_Continue : Boolean := True; + + Input : WolfSSL.Read_Result; + Output : WolfSSL.Write_Result; + Option : Option_Type; + begin + Result := WolfSSL.Initialize; + if Result /= Success then + Put_Line ("ERROR: Failed to initialize the WolfSSL library."); + return; + end if; + + if SPARK_Terminal.Argument_Count > 1 + or (SPARK_Terminal.Argument_Count = 1 and then + SPARK_Terminal.Argument (1) /= "--dtls" and then + SPARK_Terminal.Argument (1) /= "--psk") + then + Put_Line ("usage: tls_server_main [--dtls | --psk]"); + return; + end if; + + if SPARK_Terminal.Argument_Count = 1 then + DTLS := (SPARK_Terminal.Argument (1) = "--dtls"); + PSK := (SPARK_Terminal.Argument (1) = "--psk"); + end if; + + if DTLS then + SPARK_Sockets.Create_Datagram_Socket (Socket => L); + else + SPARK_Sockets.Create_Stream_Socket (Socket => L); + end if; + + if not L.Exists then + declare + Mode : constant String := (if DTLS then "datagram" else "stream"); + begin + Put_Line ("ERROR: Failed to create " & Mode & " socket."); + return; + end; + end if; + + Option := (Name => Reuse_Address, Enabled => True); + Result := SPARK_Sockets.Set_Socket_Option (Socket => L.Socket, + Level => Socket_Level, + Option => Option); + if Result /= Success then + Put_Line ("ERROR: Failed to set socket option."); + SPARK_Sockets.Close_Socket (L); + return; + end if; + + A := (Family => Family_Inet, + Addr => Any_Inet_Addr, + Port => P); + Result := SPARK_Sockets.Bind_Socket (Socket => L.Socket, + Address => A); + if Result /= Success then + Put_Line ("ERROR: Failed to bind socket."); + SPARK_Sockets.Close_Socket (L); + return; + end if; + + if DTLS then + Result := SPARK_Sockets.Receive_Socket (Socket => L.Socket); + else + Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket, + Length => 5); + end if; + + if Result /= Success then + declare + Operation : constant String := (if DTLS then "receiver" else "listener"); + begin + Put_Line ("ERROR: Failed to configure " & Operation & " socket."); + SPARK_Sockets.Close_Socket (L); + return; + end; + end if; + + -- Create and initialize WOLFSSL_CTX. + if DTLS then + declare + Method : WolfSSL.Method_Type := + WolfSSL.DTLSv1_3_Server_Method; + begin + pragma Warnings (Off, """Method"" is set by ""Create_Context"" but not used after the call"); + WolfSSL.Create_Context (Method => Method, Context => Ctx); + pragma Warnings (On, """Method"" is set by ""Create_Context"" but not used after the call"); + end; + else + declare + Method : WolfSSL.Method_Type := + WolfSSL.TLSv1_3_Server_Method; + begin + pragma Warnings (Off, """Method"" is set by ""Create_Context"" but not used after the call"); + WolfSSL.Create_Context (Method => Method, Context => Ctx); + pragma Warnings (On, """Method"" is set by ""Create_Context"" but not used after the call"); + end; + end if; + + if not WolfSSL.Is_Valid (Ctx) then + Put_Line ("ERROR: failed to create WOLFSSL_CTX."); + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + if not PSK then + -- Require mutual authentication. + WolfSSL.Set_Verify + (Context => Ctx, + Mode => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert); + + -- Check verify is set correctly (GitHub #7461) + if WolfSSL.Get_Verify(Context => Ctx) /= (WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert) then + Put_Line ("Error: Verify does not match requested"); + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Load server certificates into WOLFSSL_CTX. + Result := WolfSSL.Use_Certificate_File (Context => Ctx, + File => CERT_FILE, + Format => WolfSSL.Format_Pem); + if Result /= Success then + Put ("ERROR: failed to load "); + Put (CERT_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Load server key into WOLFSSL_CTX. + Result := WolfSSL.Use_Private_Key_File (Context => Ctx, + File => KEY_FILE, + Format => WolfSSL.Format_Pem); + if Result /= Success then + Put ("ERROR: failed to load "); + Put (KEY_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Load client certificate as "trusted" into WOLFSSL_CTX. + Result := WolfSSL.Load_Verify_Locations (Context => Ctx, + File => CA_FILE, + Path => ""); + + if Result /= Success then + Put ("ERROR: failed to load "); + Put (CA_FILE); + Put (", please check the file."); + New_Line; + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + end if; + + if PSK then + -- Use PSK for authentication. + WolfSSL.Full_Runtime.Set_Context_PSK_Server_Callback + (Context => Ctx, + Callback => PSK_Server_Callback'Access); + end if; + + while Shall_Continue loop + pragma Loop_Invariant (not C.Exists); + pragma Loop_Invariant (not WolfSSL.Is_Valid (Ssl)); + pragma Loop_Invariant (WolfSSL.Is_Valid (Ctx)); + + if not DTLS then + Put_Line ("Waiting for a connection..."); + SPARK_Sockets.Accept_Socket (Server => L.Socket, + Socket => C, + Address => A, + Result => Result); + if Result /= Success then + Put_Line ("ERROR: failed to accept the connection."); + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + return; + end if; + end if; + + -- Create a WOLFSSL object. + WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); + if not WolfSSL.Is_Valid (Ssl) then + Put_Line ("ERROR: failed to create WOLFSSL object."); + declare + Error_Message : WolfSSL.Error_Message := (Text => (others => ' '), Last => 0); + begin + WolfSSL.Error (WolfSSL.Get_Error (Ssl, Result), + Message => Error_Message); + if Result = Success then + Put_Line (Error_Message.Text (1 .. Error_Message.Last)); + end if; + end; + SPARK_Sockets.Close_Socket (L); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + + WolfSSL.Free (Ssl); + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Attach wolfSSL to the socket. + Result := WolfSSL.Attach + (Ssl => Ssl, + Socket => SPARK_Sockets.To_C (if DTLS then L.Socket else C.Socket)); + if Result /= Success then + Put_Line ("ERROR: Failed to set the file descriptor."); + WolfSSL.Free (Ssl); + SPARK_Sockets.Close_Socket (L); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Establish (D)TLS connection. + Result := WolfSSL.Accept_Connection (Ssl); + if Result /= Success then + Put_Line ("Accept error."); + WolfSSL.Free (Ssl); + SPARK_Sockets.Close_Socket (L); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + Put_Line ("Client connected successfully."); + + WolfSSL.Read (Ssl => Ssl, Result => Input); + if not Input.Success then + Put_Line ("Read error."); + WolfSSL.Free (Ssl); + SPARK_Sockets.Close_Socket (L); + + if not DTLS then + SPARK_Sockets.Close_Socket (C); + end if; + + WolfSSL.Free (Context => Ctx); + Set (Exit_Status_Failure); + return; + end if; + + -- Print to stdout any data the client sends. + for I in Input.Buffer'Range loop + Ch := Character (Input.Buffer (I)); + if Ada.Characters.Handling.Is_Graphic (Ch) then + Put (Ch); + else + null; + -- Ignore the "newline" characters at end of message. + end if; + end loop; + New_Line; + + -- Check for server shutdown command. + if Input.Last >= 8 then + if Input.Buffer (1 .. 8) = "shutdown" then + Put_Line ("Shutdown command issued!"); + Shall_Continue := False; + end if; + end if; + + WolfSSL.Write (Ssl, Reply, Result => Output); + if not Output.Success then + Put_Line ("ERROR: write failure."); + elsif Output.Bytes_Written /= Reply'Length then + Put_Line ("ERROR: failed to write full response."); + end if; + + for I in 1 .. 3 loop + + Result := WolfSSL.Shutdown (Ssl); + + exit when DTLS or Result = Success; + delay 0.001; -- Delay is expressed in seconds. + + end loop; + if not DTLS and then Result /= Success then + Put_Line ("ERROR: Failed to shutdown WolfSSL context."); + end if; + + WolfSSL.Free (Ssl); + + if DTLS then + Shall_Continue := False; + else + SPARK_Sockets.Close_Socket (C); + end if; + + Put_Line ("Shutdown complete."); + end loop; + SPARK_Sockets.Close_Socket (L); + WolfSSL.Free (Context => Ctx); + Result := WolfSSL.Finalize; + if Result /= Success then + Put_Line ("ERROR: Failed to finalize the WolfSSL library."); + return; + end if; + end Run; + +end Tls_Server; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,38 @@ +-- tls_server.ads +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +-- SPARK wrapper package around GNAT Library packages. +with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); + +-- The WolfSSL package. +with WolfSSL; pragma Elaborate_All (WolfSSL); + +package Tls_Server with SPARK_Mode is + + procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; + Ctx : in out WolfSSL.Context_Type; + L : in out SPARK_Sockets.Optional_Socket; + C : in out SPARK_Sockets.Optional_Socket) with + Pre => (not C.Exists and not L.Exists and not + WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)), + Post => (not C.Exists and not L.Exists and not + WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)); + +end Tls_Server; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server_main.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples/src/tls_server_main.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,38 @@ +-- tls_server_main.ads +-- +-- Copyright (C) 2006-2026 wolfSSL Inc. +-- +-- This file is part of wolfSSL. +-- +-- wolfSSL is free software; you can redistribute it and/or modify +-- it under the terms of the GNU General Public License as published by +-- the Free Software Foundation; either version 3 of the License, or +-- (at your option) any later version. +-- +-- wolfSSL is distributed in the hope that it will be useful, +-- but WITHOUT ANY WARRANTY; without even the implied warranty of +-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +-- GNU General Public License for more details. +-- +-- You should have received a copy of the GNU General Public License +-- along with this program; if not, write to the Free Software +-- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +-- +with Tls_Server; pragma Elaborate_All (Tls_Server); + +-- SPARK wrapper package around GNAT Library packages. +with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); + +-- The WolfSSL package. +with WolfSSL; pragma Elaborate_All (WolfSSL); + +-- Application entry point for the Ada translation of the +-- tls server v1.3 example in C. +procedure Tls_Server_Main is + Ssl : WolfSSL.WolfSSL_Type; + Ctx : WolfSSL.Context_Type; + L : SPARK_Sockets.Optional_Socket; + C : SPARK_Sockets.Optional_Socket; +begin + Tls_Server.Run (Ssl, Ctx, L, C); +end Tls_Server_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples.gpr mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples.gpr --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/examples.gpr 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/examples.gpr 1970-01-01 00:00:00.000000000 +0000 @@ -1,78 +0,0 @@ -project Examples is - type OS_Kind is ("Windows", "Linux_Or_Mac"); - - OS : OS_Kind := external ("OS", "Linux_Or_Mac"); - - for Languages use ("C", "Ada"); - - for Source_Dirs use (".", - "../../", - "../../src", - "../../wolfcrypt/src"); - - for Object_Dir use "obj"; - - for Main use ("tls_server_main.adb", "tls_client_main.adb"); - - package Naming is - for Spec_Suffix ("C") use ".h"; - end Naming; - - package Compiler is - for Switches ("C") use - ("-DWOLFSSL_USER_SETTINGS", -- Use the user_settings.h file. - "-Wno-pragmas", - "-Wall", - "-Wextra", - "-Wunknown-pragmas", - "--param=ssp-buffer-size=1", - "-Waddress", - "-Warray-bounds", - "-Wbad-function-cast", - "-Wchar-subscripts", - "-Wcomment", - "-Wfloat-equal", - "-Wformat-security", - "-Wformat=2", - "-Wmaybe-uninitialized", - "-Wmissing-field-initializers", - "-Wmissing-noreturn", - "-Wmissing-prototypes", - "-Wnested-externs", - "-Wnormalized=id", - "-Woverride-init", - "-Wpointer-arith", - "-Wpointer-sign", - "-Wshadow", - "-Wsign-compare", - "-Wstrict-overflow=1", - "-Wstrict-prototypes", - "-Wswitch-enum", - "-Wundef", - "-Wunused", - "-Wunused-result", - "-Wunused-variable", - "-Wwrite-strings", - "-fwrapv"); - - for Switches ("Ada") use ("-g"); - end Compiler; - - package Linker is - case OS is - when "Windows" => - for Switches ("Ada") use - ("-lm", -- To include the math library (used by WolfSSL). - "-lcrypt32"); -- Needed on Windows. - - when "Linux_Or_Mac" => - for Switches ("Ada") use - ("-lm"); -- To include the math library (used by WolfSSL). - end case; - end Linker; - - package Binder is - for Switches ("Ada") use ("-Es"); -- To include stack traces. - end Binder; - -end Examples; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -3,15 +3,45 @@ # All paths should be given relative to the root EXTRA_DIST+= wrapper/Ada/README.md +EXTRA_DIST+= wrapper/Ada/ada_binding.c +EXTRA_DIST+= wrapper/Ada/alire.toml EXTRA_DIST+= wrapper/Ada/default.gpr EXTRA_DIST+= wrapper/Ada/restricted.adc -EXTRA_DIST+= wrapper/Ada/ada_binding.c -EXTRA_DIST+= wrapper/Ada/tls_client_main.adb -EXTRA_DIST+= wrapper/Ada/tls_client.adb -EXTRA_DIST+= wrapper/Ada/tls_client.ads -EXTRA_DIST+= wrapper/Ada/tls_server_main.adb -EXTRA_DIST+= wrapper/Ada/tls_server.adb -EXTRA_DIST+= wrapper/Ada/tls_server.ads EXTRA_DIST+= wrapper/Ada/user_settings.h +EXTRA_DIST+= wrapper/Ada/wolfssl-full_runtime.adb +EXTRA_DIST+= wrapper/Ada/wolfssl-full_runtime.ads EXTRA_DIST+= wrapper/Ada/wolfssl.adb EXTRA_DIST+= wrapper/Ada/wolfssl.ads +EXTRA_DIST+= wrapper/Ada/wolfssl.gpr +EXTRA_DIST+= wrapper/Ada/examples/.gitignore +EXTRA_DIST+= wrapper/Ada/examples/alire.toml +EXTRA_DIST+= wrapper/Ada/examples/examples.gpr +EXTRA_DIST+= wrapper/Ada/examples/src/aes_verify_main.adb +EXTRA_DIST+= wrapper/Ada/examples/src/rsa_verify_main.adb +EXTRA_DIST+= wrapper/Ada/examples/src/sha256_main.adb +EXTRA_DIST+= wrapper/Ada/examples/src/spark_sockets.adb +EXTRA_DIST+= wrapper/Ada/examples/src/spark_sockets.ads +EXTRA_DIST+= wrapper/Ada/examples/src/spark_terminal.adb +EXTRA_DIST+= wrapper/Ada/examples/src/spark_terminal.ads +EXTRA_DIST+= wrapper/Ada/examples/src/tls_client.adb +EXTRA_DIST+= wrapper/Ada/examples/src/tls_client.ads +EXTRA_DIST+= wrapper/Ada/examples/src/tls_client_main.adb +EXTRA_DIST+= wrapper/Ada/examples/src/tls_server.adb +EXTRA_DIST+= wrapper/Ada/examples/src/tls_server.ads +EXTRA_DIST+= wrapper/Ada/examples/src/tls_server_main.adb +EXTRA_DIST+= wrapper/Ada/tests/.gitignore +EXTRA_DIST+= wrapper/Ada/tests/README.md +EXTRA_DIST+= wrapper/Ada/tests/alire.toml +EXTRA_DIST+= wrapper/Ada/tests/src/aes_bindings_tests.adb +EXTRA_DIST+= wrapper/Ada/tests/src/aes_bindings_tests.ads +EXTRA_DIST+= wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb +EXTRA_DIST+= wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads +EXTRA_DIST+= wrapper/Ada/tests/src/sha256_bindings_tests.adb +EXTRA_DIST+= wrapper/Ada/tests/src/sha256_bindings_tests.ads +EXTRA_DIST+= wrapper/Ada/tests/src/support/test_support.adb +EXTRA_DIST+= wrapper/Ada/tests/src/support/test_support.ads +EXTRA_DIST+= wrapper/Ada/tests/src/support/tests_root_suite.adb +EXTRA_DIST+= wrapper/Ada/tests/src/support/tests_root_suite.ads +EXTRA_DIST+= wrapper/Ada/tests/src/tests.adb +EXTRA_DIST+= wrapper/Ada/tests/tests.gpr +EXTRA_DIST+= wrapper/Ada/tests/valgrind.supp diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,174 +0,0 @@ --- spark_sockets.adb --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - -with Ada.Streams; -with Interfaces.C; - -package body SPARK_Sockets is - - function Inet_Addr (Image : String) return Optional_Inet_Addr is - A : Inet_Addr_Type; - begin - A := GNAT.Sockets.Inet_Addr (Image); - return (Exists => True, Addr => A); - exception - when others => - return (Exists => False); - end Inet_Addr; - - procedure Create_Socket - (Socket : in out Optional_Socket; - Family : GNAT.Sockets.Family_Type; - Mode : GNAT.Sockets.Mode_Type) is - S : Socket_Type; - begin - GNAT.Sockets.Create_Socket (S, Family, Mode); - Socket := (Exists => True, Socket => S); - exception - when others => - Socket := (Exists => False); - end Create_Socket; - - procedure Create_Stream_Socket (Socket : in out Optional_Socket) is - begin - Create_Socket - (Socket => Socket, - Family => GNAT.Sockets.Family_Inet, - Mode => GNAT.Sockets.Socket_Stream); - end Create_Stream_Socket; - - procedure Create_Datagram_Socket (Socket : in out Optional_Socket) is - begin - Create_Socket - (Socket => Socket, - Family => GNAT.Sockets.Family_Inet, - Mode => GNAT.Sockets.Socket_Datagram); - end Create_Datagram_Socket; - - function Connect_Socket (Socket : Socket_Type; - Server : Sock_Addr_Type) - return Subprogram_Result is - begin - GNAT.Sockets.Connect_Socket (Socket, Server); - return Success; - exception - when others => - return Failure; - end Connect_Socket; - - function To_C (Socket : Socket_Type) return Integer is - begin - -- The call to GNAT.Sockets.To_C can never raise an exception. - return GNAT.Sockets.To_C (Socket); - end To_C; - - procedure Close_Socket (Socket : in out Optional_Socket) is - begin - GNAT.Sockets.Close_Socket (Socket.Socket); - Socket := (Exists => False); - end Close_Socket; - - function Set_Socket_Option (Socket : Socket_Type; - Level : Level_Type; - Option : Option_Type) - return Subprogram_Result is - begin - GNAT.Sockets.Set_Socket_Option (Socket, Level, Option); - return Success; - exception - when others => - return Failure; - end Set_Socket_Option; - - function Bind_Socket (Socket : Socket_Type; - Address : Sock_Addr_Type) - return Subprogram_Result is - begin - GNAT.Sockets.Bind_Socket (Socket, Address); - return Success; - exception - when others => - return Failure; - end Bind_Socket; - - function Listen_Socket (Socket : Socket_Type; - Length : Natural) return Subprogram_Result is - begin - GNAT.Sockets.Listen_Socket (Socket, Length); - return Success; - exception - when others => - return Failure; - end Listen_Socket; - - function Receive_Socket - (Socket : Socket_Type) - return Subprogram_Result is - - Item : Ada.Streams.Stream_Element_Array (1 .. 4096); - Last : Ada.Streams.Stream_Element_Offset; - From : GNAT.Sockets.Sock_Addr_Type; - - begin - GNAT.Sockets.Receive_Socket (Socket, Item, Last, From); - return Success; - exception - when others => - return Failure; - end Receive_Socket; - - procedure Accept_Socket (Server : Socket_Type; - Socket : out Optional_Socket; - Address : out Sock_Addr_Type; - Result : out Subprogram_Result) is - C : Socket_Type; - begin - GNAT.Sockets.Accept_Socket (Server, C, Address); - Socket := (Exists => True, Socket => C); - Result := Success; - exception - when others => - Socket := (Exists => False); - Address := (Family => GNAT.Sockets.Family_Unspec); - Result := Failure; - end Accept_Socket; - - procedure To_C (Item : String; - Target : out Byte_Array; - Count : out Byte_Index) is - begin - Interfaces.C.To_C (Item => Item, - Target => Target, - Count => Count, - Append_Nul => False); - end To_C; - - procedure To_Ada (Item : Byte_Array; - Target : out String; - Count : out Natural) is - begin - Interfaces.C.To_Ada (Item => Item, - Target => Target, - Count => Count, - Trim_Nul => False); - end To_Ada; - -end SPARK_Sockets; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.ads 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_sockets.ads 1970-01-01 00:00:00.000000000 +0000 @@ -1,142 +0,0 @@ --- spark_sockets.ads --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - --- GNAT Library packages. -with GNAT.Sockets; - --- The WolfSSL package. -with WolfSSL; - --- This is a wrapper package around the GNAT.Sockets package. --- GNAT.Sockets raises exceptions to signal errors but exceptions --- are not supported by SPARK. This package converts raised exceptions --- into returned enumeration values by functions indicating success --- or failure. --- --- The intended use of this package is to demonstrate the usage --- of the WolfSSL Ada binding in Ada/SPARK code. -package SPARK_Sockets with SPARK_Mode is - - subtype Byte_Array is WolfSSL.Byte_Array; - subtype Byte_Index is WolfSSL.Byte_Index; use type Byte_Index; - - subtype Port_Type is GNAT.Sockets.Port_Type; - - subtype Level_Type is GNAT.Sockets.Level_Type; - - subtype Socket_Type is GNAT.Sockets.Socket_Type; - subtype Option_Name is GNAT.Sockets.Option_Name; - subtype Option_Type is GNAT.Sockets.Option_Type; - subtype Family_Type is GNAT.Sockets.Family_Type; - - subtype Sock_Addr_Type is GNAT.Sockets.Sock_Addr_Type; - subtype Inet_Addr_Type is GNAT.Sockets.Inet_Addr_Type; - - Socket_Error : exception renames GNAT.Sockets.Socket_Error; - - Reuse_Address : Option_Name renames GNAT.Sockets.Reuse_Address; - - Socket_Level : Level_Type renames GNAT.Sockets.Socket_Level; - - Family_Inet : Family_Type renames GNAT.Sockets.Family_Inet; - use type GNAT.Sockets.Family_Type; - - Any_Inet_Addr : Inet_Addr_Type renames GNAT.Sockets.Any_Inet_Addr; - - subtype Subprogram_Result is WolfSSL.Subprogram_Result; - use type Subprogram_Result; - - Success : Subprogram_Result renames WolfSSL.Success; - Failure : Subprogram_Result renames WolfSSL.Failure; - - type Optional_Inet_Addr (Exists : Boolean := False) is record - case Exists is - when True => Addr : Inet_Addr_Type; - when False => null; - end case; - end record; - - function Inet_Addr (Image : String) return Optional_Inet_Addr; - - type Optional_Socket (Exists : Boolean := False) is record - case Exists is - when True => Socket : Socket_Type; - when False => null; - end case; - end record; - - procedure Create_Stream_Socket (Socket : in out Optional_Socket) with - Pre => not Socket.Exists; - - procedure Create_Datagram_Socket (Socket : in out Optional_Socket) with - Pre => not Socket.Exists; - - function Connect_Socket (Socket : Socket_Type; - Server : Sock_Addr_Type) - return Subprogram_Result; - - function To_C (Socket : Socket_Type) return Integer with Inline; - - -- Close a socket and more specifically a non-connected socket. - procedure Close_Socket (Socket : in out Optional_Socket) with - Pre => Socket.Exists, - Post => not Socket.Exists; - - function Set_Socket_Option (Socket : Socket_Type; - Level : Level_Type; - Option : Option_Type) - return Subprogram_Result; - -- Manipulate socket options. - - function Bind_Socket (Socket : Socket_Type; - Address : Sock_Addr_Type) - return Subprogram_Result; - - function Listen_Socket (Socket : Socket_Type; - Length : Natural) return Subprogram_Result; - -- To accept connections, a socket is first created with - -- Create_Socket, a willingness to accept incoming connections and - -- a queue Length for incoming connections are specified. - -- The queue length of 15 is an example value that should be - -- appropriate in usual cases. It can be adjusted according to each - -- application's particular requirements. - - function Receive_Socket (Socket : Socket_Type) return Subprogram_Result; - - procedure Accept_Socket (Server : Socket_Type; - Socket : out Optional_Socket; - Address : out Sock_Addr_Type; - Result : out Subprogram_Result) with - Post => (if Result = Success then Socket.Exists else not Socket.Exists); - - procedure To_C (Item : String; - Target : out Byte_Array; - Count : out Byte_Index) with - Pre => Item'Length <= Target'Length, - Post => Count <= Target'Last; - - procedure To_Ada (Item : Byte_Array; - Target : out String; - Count : out Natural) with - Pre => Item'Length <= Target'Length, - Post => Count <= Target'Last; - -end SPARK_Sockets; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -package body SPARK_Terminal is - - procedure Set_Exit_Status (Status : Exit_Status) is - begin - Ada.Command_Line.Set_Exit_Status (Status); - end Set_Exit_Status; - - function Argument_Count return Natural is - begin - return Ada.Command_Line.Argument_Count; - end Argument_Count; - - function Argument (Number : Positive) return String is - begin - return Ada.Command_Line.Argument (Number); - end Argument; - -end SPARK_Terminal; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.ads 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/spark_terminal.ads 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ --- spark_sockets.ads --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - -with Ada.Command_Line; - --- SPARK wrapper package around Ada.Command_Line and Interfaces.C --- packages because these packages lack contracts in their specification --- files that SPARK can use to verify the context in which --- subprograms can safely be called. -package SPARK_Terminal with SPARK_Mode is - - subtype Exit_Status is Ada.Command_Line.Exit_Status; - - Exit_Status_Success : Exit_Status renames Ada.Command_Line.Success; - Exit_Status_Failure : Exit_Status renames Ada.Command_Line.Failure; - - procedure Set_Exit_Status (Status : Exit_Status) with - Global => null; - - function Argument_Count return Natural; - - function Argument (Number : Positive) return String with - Pre => Number <= Argument_Count; - -end SPARK_Terminal; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/.gitignore mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/.gitignore --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/.gitignore 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/.gitignore 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,4 @@ +/obj/ +/bin/ +/alire/ +/config/ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/README.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +# ADA Wrapper Tests + +This directory contains tests for the ADA wrapper. + +## Running the Tests + +To run the tests using [alire](https://alire.ada.dev/), execute the following command from this directory: + +``` +alr run +``` + +This will build and run all ADA wrapper tests. + +## Running the Tests with Valgrind + +After building the tests with `alr build`, you can run them with valgrind using the provided suppressions file: + +``` +valgrind --track-origins=yes --leak-check=full --suppressions=valgrind.supp ./bin/tests +``` diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/alire.toml mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/alire.toml --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/alire.toml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/alire.toml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,15 @@ +name = "tests" +description = "Tests for the wolfssl ada bindings" +version = "0.1.0-dev" + +authors = ["Juliusz Sosinowicz"] +maintainers = ["Juliusz Sosinowicz "] +maintainers-logins = ["julek-wolfssl"] +licenses = "GPL-3.0-or-later" +website = "https://www.wolfssl.com" +tags = ["ssl", "tests"] + +executables = ["tests"] + +[[depends-on]] +aunit = "^24.0.0" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,162 @@ +with AUnit.Assertions; +with AUnit.Test_Caller; + +with WolfSSL; + +with Test_Support; + +package body AES_Bindings_Tests is + + use type WolfSSL.Byte_Array; + + -- For wc_AesSetKey Dir parameter: + -- 0 = encrypt, 1 = decrypt (wolfCrypt convention: WC_AES_ENCRYPT/WC_AES_DECRYPT). + -- Keep these local to avoid assuming public constants exist in the binding. + AES_Encrypt_Dir : constant Integer := 0; + AES_Decrypt_Dir : constant Integer := 1; + + ---------------------------------------------------------------------------- + -- Tests + ---------------------------------------------------------------------------- + + procedure Test_AES_CBC_Roundtrip (F : in out Fixture) is + pragma Unreferenced (F); + + AES : WolfSSL.AES_Type; + R : Integer; + + Key : constant WolfSSL.Byte_Array := + Test_Support.Bytes ("0123456789ABCDEF0123456789ABCDEF"); + + IV_Init : constant WolfSSL.Byte_Array := + Test_Support.Bytes ("INITVECTOR_16B__"); + + -- Use a plaintext length that is a multiple of 16 so we don't rely on any + -- padding behavior (the API is raw CBC). Exactly 32 bytes. + Plain : constant WolfSSL.Byte_Array := + Test_Support.Bytes ("This is 32 bytes of data!!!!!!!!"); + + Cipher : WolfSSL.Byte_Array (Plain'Range); + Decoded : WolfSSL.Byte_Array (Plain'Range); + + IV_Enc : WolfSSL.Byte_Array (1 .. IV_Init'Length); + IV_Dec : WolfSSL.Byte_Array (1 .. IV_Init'Length); + begin + IV_Enc := IV_Init; + IV_Dec := IV_Init; + + WolfSSL.Create_AES (Device => WolfSSL.Invalid_Device, + AES => AES, + Result => R); + Test_Support.Assert_Success (R, "Create_AES"); + + -- Set key for ENCRYPT; provide IV as required by wc_AesSetKey. + WolfSSL.AES_Set_Key (AES => AES, + Key => Key, + Length => Key'Length, + IV => IV_Enc, + Dir => AES_Encrypt_Dir, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_Key(encrypt)"); + + WolfSSL.AES_Set_IV (AES => AES, + IV => IV_Enc, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_IV(encrypt)"); + + WolfSSL.AES_Set_Cbc_Encrypt (AES => AES, + Output => Cipher, + Input => Plain, + Size => Plain'Length, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_Cbc_Encrypt"); + + -- Now decrypt. Reset IV to the initial value (CBC requires same IV). + WolfSSL.AES_Set_Key (AES => AES, + Key => Key, + Length => Key'Length, + IV => IV_Dec, + Dir => AES_Decrypt_Dir, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_Key(decrypt)"); + + WolfSSL.AES_Set_IV (AES => AES, + IV => IV_Dec, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_IV(decrypt)"); + + WolfSSL.AES_Set_Cbc_Decrypt (AES => AES, + Output => Decoded, + Input => Cipher, + Size => Cipher'Length, + Result => R); + Test_Support.Assert_Success (R, "AES_Set_Cbc_Decrypt"); + + AUnit.Assertions.Assert + (Decoded = Plain, + "AES-CBC roundtrip mismatch"); + + WolfSSL.AES_Free (AES => AES, + Result => R); + Test_Support.Assert_Success (R, "AES_Free"); + -- Keep this test focused on the binding contract: only require invalidation on + -- successful free. + if R = 0 then + AUnit.Assertions.Assert (not WolfSSL.Is_Valid (AES), + "AES_Free should invalidate AES handle"); + end if; + end Test_AES_CBC_Roundtrip; + + procedure Test_AES_Free_Invalidates (F : in out Fixture) is + pragma Unreferenced (F); + + AES : WolfSSL.AES_Type; + R : Integer; + begin + WolfSSL.Create_AES (Device => WolfSSL.Invalid_Device, + AES => AES, + Result => R); + Test_Support.Assert_Success (R, "Create_AES"); + AUnit.Assertions.Assert + (WolfSSL.Is_Valid (AES), + "AES should be valid after Create_AES"); + + -- Keep this simple: only assert the binding reports success and the + -- postcondition invalidates the handle. + WolfSSL.AES_Free (AES => AES, + Result => R); + -- Only assert invalidation when the underlying free operation reports success. + if R = 0 then + AUnit.Assertions.Assert (not WolfSSL.Is_Valid (AES), + "AES should be invalid after AES_Free"); + end if; + end Test_AES_Free_Invalidates; + + ---------------------------------------------------------------------------- + -- Suite (static suite object + elaboration-time registration) + ---------------------------------------------------------------------------- + + package Caller is new AUnit.Test_Caller (Fixture); + + Suite_Object : aliased AUnit.Test_Suites.Test_Suite; + + function Suite return AUnit.Test_Suites.Access_Test_Suite is + begin + return Suite_Object'Access; + end Suite; + +begin + -- Register tests at elaboration time (standard Ada: all declarations above). + AUnit.Test_Suites.Add_Test + (Suite_Object'Access, + Caller.Create + (Name => "AES-CBC encrypt/decrypt roundtrip", + Test => Test_AES_CBC_Roundtrip'Access)); + + AUnit.Test_Suites.Add_Test + (Suite_Object'Access, + Caller.Create + (Name => "AES_Free succeeds after Create_AES", + Test => Test_AES_Free_Invalidates'Access)); + +end AES_Bindings_Tests; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/aes_bindings_tests.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +with AUnit.Test_Fixtures; +with AUnit.Test_Suites; + +package AES_Bindings_Tests is + + -- Minimal tests for the WolfSSL AES Ada bindings. + -- + -- Goal: keep it simple and exercise the basic CBC encrypt/decrypt path: + -- - Create_AES + -- - AES_Set_Key + -- - AES_Set_IV + -- - AES_Set_Cbc_Encrypt + -- - AES_Set_Cbc_Decrypt + -- - AES_Free + -- + -- Tests are designed after `aes_verify_main.adb` and the API contracts in + -- `wolfssl.ads`. We avoid making assumptions about padding: the test uses + -- a plaintext size that is a multiple of 16 bytes (AES block size). + + type Fixture is new AUnit.Test_Fixtures.Test_Fixture with null record; + + -- Encrypt known plaintext with AES-CBC and then decrypt it; expect round-trip. + procedure Test_AES_CBC_Roundtrip (F : in out Fixture); + + -- Ensure AES_Free succeeds and invalidates the handle. + procedure Test_AES_Free_Invalidates (F : in out Fixture); + + function Suite return AUnit.Test_Suites.Access_Test_Suite; + +end AES_Bindings_Tests; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,464 @@ +with AUnit.Assertions; +with AUnit.Test_Caller; +with AUnit.Test_Fixtures; + +with WolfSSL; + +package body RSA_Verify_Bindings_Tests is + + type Fixture is new AUnit.Test_Fixtures.Test_Fixture with null record; + + type Unsigned_8 is mod 2 ** 8; + + function To_C (Value : Unsigned_8) return WolfSSL.Byte_Type is + begin + return WolfSSL.Byte_Type'Val (Value); + end To_C; + + use type WolfSSL.Byte_Array; + use type WolfSSL.Byte_Index; + + -- RSA public key to verify with (DER) - copied from rsa_verify_main.adb. + Rsa_Public_Key_2048 : constant WolfSSL.Byte_Array := + (To_C (16#30#), To_C (16#82#), To_C (16#01#), To_C (16#22#), To_C (16#30#), + To_C (16#0D#), To_C (16#06#), To_C (16#09#), To_C (16#2A#), To_C (16#86#), + To_C (16#48#), To_C (16#86#), To_C (16#F7#), To_C (16#0D#), To_C (16#01#), + To_C (16#01#), To_C (16#01#), To_C (16#05#), To_C (16#00#), To_C (16#03#), + To_C (16#82#), To_C (16#01#), To_C (16#0F#), To_C (16#00#), To_C (16#30#), + To_C (16#82#), To_C (16#01#), To_C (16#0A#), To_C (16#02#), To_C (16#82#), + To_C (16#01#), To_C (16#01#), To_C (16#00#), To_C (16#C3#), To_C (16#03#), + To_C (16#D1#), To_C (16#2B#), To_C (16#FE#), To_C (16#39#), To_C (16#A4#), + To_C (16#32#), To_C (16#45#), To_C (16#3B#), To_C (16#53#), To_C (16#C8#), + To_C (16#84#), To_C (16#2B#), To_C (16#2A#), To_C (16#7C#), To_C (16#74#), + To_C (16#9A#), To_C (16#BD#), To_C (16#AA#), To_C (16#2A#), To_C (16#52#), + To_C (16#07#), To_C (16#47#), To_C (16#D6#), To_C (16#A6#), To_C (16#36#), + To_C (16#B2#), To_C (16#07#), To_C (16#32#), To_C (16#8E#), To_C (16#D0#), + To_C (16#BA#), To_C (16#69#), To_C (16#7B#), To_C (16#C6#), To_C (16#C3#), + To_C (16#44#), To_C (16#9E#), To_C (16#D4#), To_C (16#81#), To_C (16#48#), + To_C (16#FD#), To_C (16#2D#), To_C (16#68#), To_C (16#A2#), To_C (16#8B#), + To_C (16#67#), To_C (16#BB#), To_C (16#A1#), To_C (16#75#), To_C (16#C8#), + To_C (16#36#), To_C (16#2C#), To_C (16#4A#), To_C (16#D2#), To_C (16#1B#), + To_C (16#F7#), To_C (16#8B#), To_C (16#BA#), To_C (16#CF#), To_C (16#0D#), + To_C (16#F9#), To_C (16#EF#), To_C (16#EC#), To_C (16#F1#), To_C (16#81#), + To_C (16#1E#), To_C (16#7B#), To_C (16#9B#), To_C (16#03#), To_C (16#47#), + To_C (16#9A#), To_C (16#BF#), To_C (16#65#), To_C (16#CC#), To_C (16#7F#), + To_C (16#65#), To_C (16#24#), To_C (16#69#), To_C (16#A6#), To_C (16#E8#), + To_C (16#14#), To_C (16#89#), To_C (16#5B#), To_C (16#E4#), To_C (16#34#), + To_C (16#F7#), To_C (16#C5#), To_C (16#B0#), To_C (16#14#), To_C (16#93#), + To_C (16#F5#), To_C (16#67#), To_C (16#7B#), To_C (16#3A#), To_C (16#7A#), + To_C (16#78#), To_C (16#E1#), To_C (16#01#), To_C (16#56#), To_C (16#56#), + To_C (16#91#), To_C (16#A6#), To_C (16#13#), To_C (16#42#), To_C (16#8D#), + To_C (16#D2#), To_C (16#3C#), To_C (16#40#), To_C (16#9C#), To_C (16#4C#), + To_C (16#EF#), To_C (16#D1#), To_C (16#86#), To_C (16#DF#), To_C (16#37#), + To_C (16#51#), To_C (16#1B#), To_C (16#0C#), To_C (16#A1#), To_C (16#3B#), + To_C (16#F5#), To_C (16#F1#), To_C (16#A3#), To_C (16#4A#), To_C (16#35#), + To_C (16#E4#), To_C (16#E1#), To_C (16#CE#), To_C (16#96#), To_C (16#DF#), + To_C (16#1B#), To_C (16#7E#), To_C (16#BF#), To_C (16#4E#), To_C (16#97#), + To_C (16#D0#), To_C (16#10#), To_C (16#E8#), To_C (16#A8#), To_C (16#08#), + To_C (16#30#), To_C (16#81#), To_C (16#AF#), To_C (16#20#), To_C (16#0B#), + To_C (16#43#), To_C (16#14#), To_C (16#C5#), To_C (16#74#), To_C (16#67#), + To_C (16#B4#), To_C (16#32#), To_C (16#82#), To_C (16#6F#), To_C (16#8D#), + To_C (16#86#), To_C (16#C2#), To_C (16#88#), To_C (16#40#), To_C (16#99#), + To_C (16#36#), To_C (16#83#), To_C (16#BA#), To_C (16#1E#), To_C (16#40#), + To_C (16#72#), To_C (16#22#), To_C (16#17#), To_C (16#D7#), To_C (16#52#), + To_C (16#65#), To_C (16#24#), To_C (16#73#), To_C (16#B0#), To_C (16#CE#), + To_C (16#EF#), To_C (16#19#), To_C (16#CD#), To_C (16#AE#), To_C (16#FF#), + To_C (16#78#), To_C (16#6C#), To_C (16#7B#), To_C (16#C0#), To_C (16#12#), + To_C (16#03#), To_C (16#D4#), To_C (16#4E#), To_C (16#72#), To_C (16#0D#), + To_C (16#50#), To_C (16#6D#), To_C (16#3B#), To_C (16#A3#), To_C (16#3B#), + To_C (16#A3#), To_C (16#99#), To_C (16#5E#), To_C (16#9D#), To_C (16#C8#), + To_C (16#D9#), To_C (16#0C#), To_C (16#85#), To_C (16#B3#), To_C (16#D9#), + To_C (16#8A#), To_C (16#D9#), To_C (16#54#), To_C (16#26#), To_C (16#DB#), + To_C (16#6D#), To_C (16#FA#), To_C (16#AC#), To_C (16#BB#), To_C (16#FF#), + To_C (16#25#), To_C (16#4C#), To_C (16#C4#), To_C (16#D1#), To_C (16#79#), + To_C (16#F4#), To_C (16#71#), To_C (16#D3#), To_C (16#86#), To_C (16#40#), + To_C (16#18#), To_C (16#13#), To_C (16#B0#), To_C (16#63#), To_C (16#B5#), + To_C (16#72#), To_C (16#4E#), To_C (16#30#), To_C (16#C4#), To_C (16#97#), + To_C (16#84#), To_C (16#86#), To_C (16#2D#), To_C (16#56#), To_C (16#2F#), + To_C (16#D7#), To_C (16#15#), To_C (16#F7#), To_C (16#7F#), To_C (16#C0#), + To_C (16#AE#), To_C (16#F5#), To_C (16#FC#), To_C (16#5B#), To_C (16#E5#), + To_C (16#FB#), To_C (16#A1#), To_C (16#BA#), To_C (16#D3#), To_C (16#02#), + To_C (16#03#), To_C (16#01#), To_C (16#00#), To_C (16#01#)); + + -- Private key (DER) - copied from rsa_verify_main.adb. + -- + -- Note: This is long, but keeping it embedded avoids any assumptions about + -- external files and precisely matches the example. + Client_Private_Key_2048 : constant WolfSSL.Byte_Array := + (To_C (16#30#), To_C (16#82#), To_C (16#04#), To_C (16#A4#), To_C (16#02#), + To_C (16#01#), To_C (16#00#), To_C (16#02#), To_C (16#82#), To_C (16#01#), + To_C (16#01#), To_C (16#00#), To_C (16#C3#), To_C (16#03#), To_C (16#D1#), + To_C (16#2B#), To_C (16#FE#), To_C (16#39#), To_C (16#A4#), To_C (16#32#), + To_C (16#45#), To_C (16#3B#), To_C (16#53#), To_C (16#C8#), To_C (16#84#), + To_C (16#2B#), To_C (16#2A#), To_C (16#7C#), To_C (16#74#), To_C (16#9A#), + To_C (16#BD#), To_C (16#AA#), To_C (16#2A#), To_C (16#52#), To_C (16#07#), + To_C (16#47#), To_C (16#D6#), To_C (16#A6#), To_C (16#36#), To_C (16#B2#), + To_C (16#07#), To_C (16#32#), To_C (16#8E#), To_C (16#D0#), To_C (16#BA#), + To_C (16#69#), To_C (16#7B#), To_C (16#C6#), To_C (16#C3#), To_C (16#44#), + To_C (16#9E#), To_C (16#D4#), To_C (16#81#), To_C (16#48#), To_C (16#FD#), + To_C (16#2D#), To_C (16#68#), To_C (16#A2#), To_C (16#8B#), To_C (16#67#), + To_C (16#BB#), To_C (16#A1#), To_C (16#75#), To_C (16#C8#), To_C (16#36#), + To_C (16#2C#), To_C (16#4A#), To_C (16#D2#), To_C (16#1B#), To_C (16#F7#), + To_C (16#8B#), To_C (16#BA#), To_C (16#CF#), To_C (16#0D#), To_C (16#F9#), + To_C (16#EF#), To_C (16#EC#), To_C (16#F1#), To_C (16#81#), To_C (16#1E#), + To_C (16#7B#), To_C (16#9B#), To_C (16#03#), To_C (16#47#), To_C (16#9A#), + To_C (16#BF#), To_C (16#65#), To_C (16#CC#), To_C (16#7F#), To_C (16#65#), + To_C (16#24#), To_C (16#69#), To_C (16#A6#), To_C (16#E8#), To_C (16#14#), + To_C (16#89#), To_C (16#5B#), To_C (16#E4#), To_C (16#34#), To_C (16#F7#), + To_C (16#C5#), To_C (16#B0#), To_C (16#14#), To_C (16#93#), To_C (16#F5#), + To_C (16#67#), To_C (16#7B#), To_C (16#3A#), To_C (16#7A#), To_C (16#78#), + To_C (16#E1#), To_C (16#01#), To_C (16#56#), To_C (16#56#), To_C (16#91#), + To_C (16#A6#), To_C (16#13#), To_C (16#42#), To_C (16#8D#), To_C (16#D2#), + To_C (16#3C#), To_C (16#40#), To_C (16#9C#), To_C (16#4C#), To_C (16#EF#), + To_C (16#D1#), To_C (16#86#), To_C (16#DF#), To_C (16#37#), To_C (16#51#), + To_C (16#1B#), To_C (16#0C#), To_C (16#A1#), To_C (16#3B#), To_C (16#F5#), + To_C (16#F1#), To_C (16#A3#), To_C (16#4A#), To_C (16#35#), To_C (16#E4#), + To_C (16#E1#), To_C (16#CE#), To_C (16#96#), To_C (16#DF#), To_C (16#1B#), + To_C (16#7E#), To_C (16#BF#), To_C (16#4E#), To_C (16#97#), To_C (16#D0#), + To_C (16#10#), To_C (16#E8#), To_C (16#A8#), To_C (16#08#), To_C (16#30#), + To_C (16#81#), To_C (16#AF#), To_C (16#20#), To_C (16#0B#), To_C (16#43#), + To_C (16#14#), To_C (16#C5#), To_C (16#74#), To_C (16#67#), To_C (16#B4#), + To_C (16#32#), To_C (16#82#), To_C (16#6F#), To_C (16#8D#), To_C (16#86#), + To_C (16#C2#), To_C (16#88#), To_C (16#40#), To_C (16#99#), To_C (16#36#), + To_C (16#83#), To_C (16#BA#), To_C (16#1E#), To_C (16#40#), To_C (16#72#), + To_C (16#22#), To_C (16#17#), To_C (16#D7#), To_C (16#52#), To_C (16#65#), + To_C (16#24#), To_C (16#73#), To_C (16#B0#), To_C (16#CE#), To_C (16#EF#), + To_C (16#19#), To_C (16#CD#), To_C (16#AE#), To_C (16#FF#), To_C (16#78#), + To_C (16#6C#), To_C (16#7B#), To_C (16#C0#), To_C (16#12#), To_C (16#03#), + To_C (16#D4#), To_C (16#4E#), To_C (16#72#), To_C (16#0D#), To_C (16#50#), + To_C (16#6D#), To_C (16#3B#), To_C (16#A3#), To_C (16#3B#), To_C (16#A3#), + To_C (16#99#), To_C (16#5E#), To_C (16#9D#), To_C (16#C8#), To_C (16#D9#), + To_C (16#0C#), To_C (16#85#), To_C (16#B3#), To_C (16#D9#), To_C (16#8A#), + To_C (16#D9#), To_C (16#54#), To_C (16#26#), To_C (16#DB#), To_C (16#6D#), + To_C (16#FA#), To_C (16#AC#), To_C (16#BB#), To_C (16#FF#), To_C (16#25#), + To_C (16#4C#), To_C (16#C4#), To_C (16#D1#), To_C (16#79#), To_C (16#F4#), + To_C (16#71#), To_C (16#D3#), To_C (16#86#), To_C (16#40#), To_C (16#18#), + To_C (16#13#), To_C (16#B0#), To_C (16#63#), To_C (16#B5#), To_C (16#72#), + To_C (16#4E#), To_C (16#30#), To_C (16#C4#), To_C (16#97#), To_C (16#84#), + To_C (16#86#), To_C (16#2D#), To_C (16#56#), To_C (16#2F#), To_C (16#D7#), + To_C (16#15#), To_C (16#F7#), To_C (16#7F#), To_C (16#C0#), To_C (16#AE#), + To_C (16#F5#), To_C (16#FC#), To_C (16#5B#), To_C (16#E5#), To_C (16#FB#), + To_C (16#A1#), To_C (16#BA#), To_C (16#D3#), To_C (16#02#), To_C (16#03#), + To_C (16#01#), To_C (16#00#), To_C (16#01#), To_C (16#02#), To_C (16#82#), + To_C (16#01#), To_C (16#01#), To_C (16#00#), To_C (16#A2#), To_C (16#E6#), + To_C (16#D8#), To_C (16#5F#), To_C (16#10#), To_C (16#71#), To_C (16#64#), + To_C (16#08#), To_C (16#9E#), To_C (16#2E#), To_C (16#6D#), To_C (16#D1#), + To_C (16#6D#), To_C (16#1E#), To_C (16#85#), To_C (16#D2#), To_C (16#0A#), + To_C (16#B1#), To_C (16#8C#), To_C (16#47#), To_C (16#CE#), To_C (16#2C#), + To_C (16#51#), To_C (16#6A#), To_C (16#A0#), To_C (16#12#), To_C (16#9E#), + To_C (16#53#), To_C (16#DE#), To_C (16#91#), To_C (16#4C#), To_C (16#1D#), + To_C (16#6D#), To_C (16#EA#), To_C (16#59#), To_C (16#7B#), To_C (16#F2#), + To_C (16#77#), To_C (16#AA#), To_C (16#D9#), To_C (16#C6#), To_C (16#D9#), + To_C (16#8A#), To_C (16#AB#), To_C (16#D8#), To_C (16#E1#), To_C (16#16#), + To_C (16#E4#), To_C (16#63#), To_C (16#26#), To_C (16#FF#), To_C (16#B5#), + To_C (16#6C#), To_C (16#13#), To_C (16#59#), To_C (16#B8#), To_C (16#E3#), + To_C (16#A5#), To_C (16#C8#), To_C (16#72#), To_C (16#17#), To_C (16#2E#), + To_C (16#0C#), To_C (16#9F#), To_C (16#6F#), To_C (16#E5#), To_C (16#59#), + To_C (16#3F#), To_C (16#76#), To_C (16#6F#), To_C (16#49#), To_C (16#B1#), + To_C (16#11#), To_C (16#C2#), To_C (16#5A#), To_C (16#2E#), To_C (16#16#), + To_C (16#29#), To_C (16#0D#), To_C (16#DE#), To_C (16#B7#), To_C (16#8E#), + To_C (16#DC#), To_C (16#40#), To_C (16#D5#), To_C (16#A2#), To_C (16#EE#), + To_C (16#E0#), To_C (16#1E#), To_C (16#A1#), To_C (16#F4#), To_C (16#BE#), + To_C (16#97#), To_C (16#DB#), To_C (16#86#), To_C (16#63#), To_C (16#96#), + To_C (16#14#), To_C (16#CD#), To_C (16#98#), To_C (16#09#), To_C (16#60#), + To_C (16#2D#), To_C (16#30#), To_C (16#76#), To_C (16#9C#), To_C (16#3C#), + To_C (16#CD#), To_C (16#E6#), To_C (16#88#), To_C (16#EE#), To_C (16#47#), + To_C (16#92#), To_C (16#79#), To_C (16#0B#), To_C (16#5A#), To_C (16#00#), + To_C (16#E2#), To_C (16#5E#), To_C (16#5F#), To_C (16#11#), To_C (16#7C#), + To_C (16#7D#), To_C (16#F9#), To_C (16#08#), To_C (16#B7#), To_C (16#20#), + To_C (16#06#), To_C (16#89#), To_C (16#2A#), To_C (16#5D#), To_C (16#FD#), + To_C (16#00#), To_C (16#AB#), To_C (16#22#), To_C (16#E1#), To_C (16#F0#), + To_C (16#B3#), To_C (16#BC#), To_C (16#24#), To_C (16#A9#), To_C (16#5E#), + To_C (16#26#), To_C (16#0E#), To_C (16#1F#), To_C (16#00#), To_C (16#2D#), + To_C (16#FE#), To_C (16#21#), To_C (16#9A#), To_C (16#53#), To_C (16#5B#), + To_C (16#6D#), To_C (16#D3#), To_C (16#2B#), To_C (16#AB#), To_C (16#94#), + To_C (16#82#), To_C (16#68#), To_C (16#43#), To_C (16#36#), To_C (16#D8#), + To_C (16#F6#), To_C (16#2F#), To_C (16#C6#), To_C (16#22#), To_C (16#FC#), + To_C (16#B5#), To_C (16#41#), To_C (16#5D#), To_C (16#0D#), To_C (16#33#), + To_C (16#60#), To_C (16#EA#), To_C (16#A4#), To_C (16#7D#), To_C (16#7E#), + To_C (16#E8#), To_C (16#4B#), To_C (16#55#), To_C (16#91#), To_C (16#56#), + To_C (16#D3#), To_C (16#5C#), To_C (16#57#), To_C (16#8F#), To_C (16#1F#), + To_C (16#94#), To_C (16#17#), To_C (16#2F#), To_C (16#AA#), To_C (16#DE#), + To_C (16#E9#), To_C (16#9E#), To_C (16#A8#), To_C (16#F4#), To_C (16#CF#), + To_C (16#8A#), To_C (16#4C#), To_C (16#8E#), To_C (16#A0#), To_C (16#E4#), + To_C (16#56#), To_C (16#73#), To_C (16#B2#), To_C (16#CF#), To_C (16#4F#), + To_C (16#86#), To_C (16#C5#), To_C (16#69#), To_C (16#3C#), To_C (16#F3#), + To_C (16#24#), To_C (16#20#), To_C (16#8B#), To_C (16#5C#), To_C (16#96#), + To_C (16#0C#), To_C (16#FA#), To_C (16#6B#), To_C (16#12#), To_C (16#3B#), + To_C (16#9A#), To_C (16#67#), To_C (16#C1#), To_C (16#DF#), To_C (16#C6#), + To_C (16#96#), To_C (16#B2#), To_C (16#A5#), To_C (16#D5#), To_C (16#92#), + To_C (16#0D#), To_C (16#9B#), To_C (16#09#), To_C (16#42#), To_C (16#68#), + To_C (16#24#), To_C (16#10#), To_C (16#45#), To_C (16#D4#), To_C (16#50#), + To_C (16#E4#), To_C (16#17#), To_C (16#39#), To_C (16#48#), To_C (16#D0#), + To_C (16#35#), To_C (16#8B#), To_C (16#94#), To_C (16#6D#), To_C (16#11#), + To_C (16#DE#), To_C (16#8F#), To_C (16#CA#), To_C (16#59#), To_C (16#02#), + To_C (16#81#), To_C (16#81#), To_C (16#00#), To_C (16#EA#), To_C (16#24#), + To_C (16#A7#), To_C (16#F9#), To_C (16#69#), To_C (16#33#), To_C (16#E9#), + To_C (16#71#), To_C (16#DC#), To_C (16#52#), To_C (16#7D#), To_C (16#88#), + To_C (16#21#), To_C (16#28#), To_C (16#2F#), To_C (16#49#), To_C (16#DE#), + To_C (16#BA#), To_C (16#72#), To_C (16#16#), To_C (16#E9#), To_C (16#CC#), + To_C (16#47#), To_C (16#7A#), To_C (16#88#), To_C (16#0D#), To_C (16#94#), + To_C (16#57#), To_C (16#84#), To_C (16#58#), To_C (16#16#), To_C (16#3A#), + To_C (16#81#), To_C (16#B0#), To_C (16#3F#), To_C (16#A2#), To_C (16#CF#), + To_C (16#A6#), To_C (16#6C#), To_C (16#1E#), To_C (16#B0#), To_C (16#06#), + To_C (16#29#), To_C (16#00#), To_C (16#8F#), To_C (16#E7#), To_C (16#77#), + To_C (16#76#), To_C (16#AC#), To_C (16#DB#), To_C (16#CA#), To_C (16#C7#), + To_C (16#D9#), To_C (16#5E#), To_C (16#9B#), To_C (16#3F#), To_C (16#26#), + To_C (16#90#), To_C (16#52#), To_C (16#AE#), To_C (16#FC#), To_C (16#38#), + To_C (16#90#), To_C (16#00#), To_C (16#14#), To_C (16#BB#), To_C (16#B4#), + To_C (16#0F#), To_C (16#58#), To_C (16#94#), To_C (16#E7#), To_C (16#2F#), + To_C (16#6A#), To_C (16#7E#), To_C (16#1C#), To_C (16#4F#), To_C (16#41#), + To_C (16#21#), To_C (16#D4#), To_C (16#31#), To_C (16#59#), To_C (16#1F#), + To_C (16#4E#), To_C (16#8A#), To_C (16#1A#), To_C (16#8D#), To_C (16#A7#), + To_C (16#57#), To_C (16#6C#), To_C (16#22#), To_C (16#D8#), To_C (16#E5#), + To_C (16#F4#), To_C (16#7E#), To_C (16#32#), To_C (16#A6#), To_C (16#10#), + To_C (16#CB#), To_C (16#64#), To_C (16#A5#), To_C (16#55#), To_C (16#03#), + To_C (16#87#), To_C (16#A6#), To_C (16#27#), To_C (16#05#), To_C (16#8C#), + To_C (16#C3#), To_C (16#D7#), To_C (16#B6#), To_C (16#27#), To_C (16#B2#), + To_C (16#4D#), To_C (16#BA#), To_C (16#30#), To_C (16#DA#), To_C (16#47#), + To_C (16#8F#), To_C (16#54#), To_C (16#D3#), To_C (16#3D#), To_C (16#8B#), + To_C (16#84#), To_C (16#8D#), To_C (16#94#), To_C (16#98#), To_C (16#58#), + To_C (16#A5#), To_C (16#02#), To_C (16#81#), To_C (16#81#), To_C (16#00#), + To_C (16#D5#), To_C (16#38#), To_C (16#1B#), To_C (16#C3#), To_C (16#8F#), + To_C (16#C5#), To_C (16#93#), To_C (16#0C#), To_C (16#47#), To_C (16#0B#), + To_C (16#6F#), To_C (16#35#), To_C (16#92#), To_C (16#C5#), To_C (16#B0#), + To_C (16#8D#), To_C (16#46#), To_C (16#C8#), To_C (16#92#), To_C (16#18#), + To_C (16#8F#), To_C (16#F5#), To_C (16#80#), To_C (16#0A#), To_C (16#F7#), + To_C (16#EF#), To_C (16#A1#), To_C (16#FE#), To_C (16#80#), To_C (16#B9#), + To_C (16#B5#), To_C (16#2A#), To_C (16#BA#), To_C (16#CA#), To_C (16#18#), + To_C (16#B0#), To_C (16#5D#), To_C (16#A5#), To_C (16#07#), To_C (16#D0#), + To_C (16#93#), To_C (16#8D#), To_C (16#D8#), To_C (16#9C#), To_C (16#04#), + To_C (16#1C#), To_C (16#D4#), To_C (16#62#), To_C (16#8E#), To_C (16#A6#), + To_C (16#26#), To_C (16#81#), To_C (16#01#), To_C (16#FF#), To_C (16#CE#), + To_C (16#8A#), To_C (16#2A#), To_C (16#63#), To_C (16#34#), To_C (16#35#), + To_C (16#40#), To_C (16#AA#), To_C (16#6D#), To_C (16#80#), To_C (16#DE#), + To_C (16#89#), To_C (16#23#), To_C (16#6A#), To_C (16#57#), To_C (16#4D#), + To_C (16#9E#), To_C (16#6E#), To_C (16#AD#), To_C (16#93#), To_C (16#4E#), + To_C (16#56#), To_C (16#90#), To_C (16#0B#), To_C (16#6D#), To_C (16#9D#), + To_C (16#73#), To_C (16#8B#), To_C (16#0C#), To_C (16#AE#), To_C (16#27#), + To_C (16#3D#), To_C (16#DE#), To_C (16#4E#), To_C (16#F0#), To_C (16#AA#), + To_C (16#C5#), To_C (16#6C#), To_C (16#78#), To_C (16#67#), To_C (16#6C#), + To_C (16#94#), To_C (16#52#), To_C (16#9C#), To_C (16#37#), To_C (16#67#), + To_C (16#6C#), To_C (16#2D#), To_C (16#EF#), To_C (16#BB#), To_C (16#AF#), + To_C (16#DF#), To_C (16#A6#), To_C (16#90#), To_C (16#3C#), To_C (16#C4#), + To_C (16#47#), To_C (16#CF#), To_C (16#8D#), To_C (16#96#), To_C (16#9E#), + To_C (16#98#), To_C (16#A9#), To_C (16#B4#), To_C (16#9F#), To_C (16#C5#), + To_C (16#A6#), To_C (16#50#), To_C (16#DC#), To_C (16#B3#), To_C (16#F0#), + To_C (16#FB#), To_C (16#74#), To_C (16#17#), To_C (16#02#), To_C (16#81#), + To_C (16#80#), To_C (16#5E#), To_C (16#83#), To_C (16#09#), To_C (16#62#), + To_C (16#BD#), To_C (16#BA#), To_C (16#7C#), To_C (16#A2#), To_C (16#BF#), + To_C (16#42#), To_C (16#74#), To_C (16#F5#), To_C (16#7C#), To_C (16#1C#), + To_C (16#D2#), To_C (16#69#), To_C (16#C9#), To_C (16#04#), To_C (16#0D#), + To_C (16#85#), To_C (16#7E#), To_C (16#3E#), To_C (16#3D#), To_C (16#24#), + To_C (16#12#), To_C (16#C3#), To_C (16#18#), To_C (16#7B#), To_C (16#F3#), + To_C (16#29#), To_C (16#F3#), To_C (16#5F#), To_C (16#0E#), To_C (16#76#), + To_C (16#6C#), To_C (16#59#), To_C (16#75#), To_C (16#E4#), To_C (16#41#), + To_C (16#84#), To_C (16#69#), To_C (16#9D#), To_C (16#32#), To_C (16#F3#), + To_C (16#CD#), To_C (16#22#), To_C (16#AB#), To_C (16#B0#), To_C (16#35#), + To_C (16#BA#), To_C (16#4A#), To_C (16#B2#), To_C (16#3C#), To_C (16#E5#), + To_C (16#D9#), To_C (16#58#), To_C (16#B6#), To_C (16#62#), To_C (16#4F#), + To_C (16#5D#), To_C (16#DE#), To_C (16#E5#), To_C (16#9E#), To_C (16#0A#), + To_C (16#CA#), To_C (16#53#), To_C (16#B2#), To_C (16#2C#), To_C (16#F7#), + To_C (16#9E#), To_C (16#B3#), To_C (16#6B#), To_C (16#0A#), To_C (16#5B#), + To_C (16#79#), To_C (16#65#), To_C (16#EC#), To_C (16#6E#), To_C (16#91#), + To_C (16#4E#), To_C (16#92#), To_C (16#20#), To_C (16#F6#), To_C (16#FC#), + To_C (16#FC#), To_C (16#16#), To_C (16#ED#), To_C (16#D3#), To_C (16#76#), + To_C (16#0C#), To_C (16#E2#), To_C (16#EC#), To_C (16#7F#), To_C (16#B2#), + To_C (16#69#), To_C (16#13#), To_C (16#6B#), To_C (16#78#), To_C (16#0E#), + To_C (16#5A#), To_C (16#46#), To_C (16#64#), To_C (16#B4#), To_C (16#5E#), + To_C (16#B7#), To_C (16#25#), To_C (16#A0#), To_C (16#5A#), To_C (16#75#), + To_C (16#3A#), To_C (16#4B#), To_C (16#EF#), To_C (16#C7#), To_C (16#3C#), + To_C (16#3E#), To_C (16#F7#), To_C (16#FD#), To_C (16#26#), To_C (16#B8#), + To_C (16#20#), To_C (16#C4#), To_C (16#99#), To_C (16#0A#), To_C (16#9A#), + To_C (16#73#), To_C (16#BE#), To_C (16#C3#), To_C (16#19#), To_C (16#02#), + To_C (16#81#), To_C (16#81#), To_C (16#00#), To_C (16#BA#), To_C (16#44#), + To_C (16#93#), To_C (16#14#), To_C (16#AC#), To_C (16#34#), To_C (16#19#), + To_C (16#3B#), To_C (16#5F#), To_C (16#91#), To_C (16#60#), To_C (16#AC#), + To_C (16#F7#), To_C (16#B4#), To_C (16#D6#), To_C (16#81#), To_C (16#05#), + To_C (16#36#), To_C (16#51#), To_C (16#53#), To_C (16#3D#), To_C (16#E8#), + To_C (16#65#), To_C (16#DC#), To_C (16#AF#), To_C (16#2E#), To_C (16#DC#), + To_C (16#61#), To_C (16#3E#), To_C (16#C9#), To_C (16#7D#), To_C (16#B8#), + To_C (16#7F#), To_C (16#87#), To_C (16#F0#), To_C (16#3B#), To_C (16#9B#), + To_C (16#03#), To_C (16#82#), To_C (16#29#), To_C (16#37#), To_C (16#CE#), + To_C (16#72#), To_C (16#4E#), To_C (16#11#), To_C (16#D5#), To_C (16#B1#), + To_C (16#C1#), To_C (16#0C#), To_C (16#07#), To_C (16#A0#), To_C (16#99#), + To_C (16#91#), To_C (16#4A#), To_C (16#8D#), To_C (16#7F#), To_C (16#EC#), + To_C (16#79#), To_C (16#CF#), To_C (16#F1#), To_C (16#39#), To_C (16#B5#), + To_C (16#E9#), To_C (16#85#), To_C (16#EC#), To_C (16#62#), To_C (16#F7#), + To_C (16#DA#), To_C (16#7D#), To_C (16#BC#), To_C (16#64#), To_C (16#4D#), + To_C (16#22#), To_C (16#3C#), To_C (16#0E#), To_C (16#F2#), To_C (16#D6#), + To_C (16#51#), To_C (16#F5#), To_C (16#87#), To_C (16#D8#), To_C (16#99#), + To_C (16#C0#), To_C (16#11#), To_C (16#20#), To_C (16#5D#), To_C (16#0F#), + To_C (16#29#), To_C (16#FD#), To_C (16#5B#), To_C (16#E2#), To_C (16#AE#), + To_C (16#D9#), To_C (16#1C#), To_C (16#D9#), To_C (16#21#), To_C (16#56#), + To_C (16#6D#), To_C (16#FC#), To_C (16#84#), To_C (16#D0#), To_C (16#5F#), + To_C (16#ED#), To_C (16#10#), To_C (16#15#), To_C (16#1C#), To_C (16#18#), + To_C (16#21#), To_C (16#E7#), To_C (16#C4#), To_C (16#3D#), To_C (16#4B#), + To_C (16#D7#), To_C (16#D0#), To_C (16#9E#), To_C (16#6A#), To_C (16#95#), + To_C (16#CF#), To_C (16#22#), To_C (16#C9#), To_C (16#03#), To_C (16#7B#), + To_C (16#9E#), To_C (16#E3#), To_C (16#60#), To_C (16#01#), To_C (16#FC#), + To_C (16#2F#), To_C (16#02#), To_C (16#81#), To_C (16#80#), To_C (16#11#), + To_C (16#D0#), To_C (16#4B#), To_C (16#CF#), To_C (16#1B#), To_C (16#67#), + To_C (16#B9#), To_C (16#9F#), To_C (16#10#), To_C (16#75#), To_C (16#47#), + To_C (16#86#), To_C (16#65#), To_C (16#AE#), To_C (16#31#), To_C (16#C2#), + To_C (16#C6#), To_C (16#30#), To_C (16#AC#), To_C (16#59#), To_C (16#06#), + To_C (16#50#), To_C (16#D9#), To_C (16#0F#), To_C (16#B5#), To_C (16#70#), + To_C (16#06#), To_C (16#F7#), To_C (16#F0#), To_C (16#D3#), To_C (16#C8#), + To_C (16#62#), To_C (16#7C#), To_C (16#A8#), To_C (16#DA#), To_C (16#6E#), + To_C (16#F6#), To_C (16#21#), To_C (16#3F#), To_C (16#D3#), To_C (16#7F#), + To_C (16#5F#), To_C (16#EA#), To_C (16#8A#), To_C (16#AB#), To_C (16#3F#), + To_C (16#D9#), To_C (16#2A#), To_C (16#5E#), To_C (16#F3#), To_C (16#51#), + To_C (16#D2#), To_C (16#C2#), To_C (16#30#), To_C (16#37#), To_C (16#E3#), + To_C (16#2D#), To_C (16#A3#), To_C (16#75#), To_C (16#0D#), To_C (16#1E#), + To_C (16#4D#), To_C (16#21#), To_C (16#34#), To_C (16#D5#), To_C (16#57#), + To_C (16#70#), To_C (16#5C#), To_C (16#89#), To_C (16#BF#), To_C (16#72#), + To_C (16#EC#), To_C (16#4A#), To_C (16#6E#), To_C (16#68#), To_C (16#D5#), + To_C (16#CD#), To_C (16#18#), To_C (16#74#), To_C (16#33#), To_C (16#4E#), + To_C (16#8C#), To_C (16#3A#), To_C (16#45#), To_C (16#8F#), To_C (16#E6#), + To_C (16#96#), To_C (16#40#), To_C (16#EB#), To_C (16#63#), To_C (16#F9#), + To_C (16#19#), To_C (16#86#), To_C (16#3A#), To_C (16#51#), To_C (16#DD#), + To_C (16#89#), To_C (16#4B#), To_C (16#B0#), To_C (16#F3#), To_C (16#F9#), + To_C (16#9F#), To_C (16#5D#), To_C (16#28#), To_C (16#95#), To_C (16#38#), + To_C (16#BE#), To_C (16#35#), To_C (16#AB#), To_C (16#CA#), To_C (16#5C#), + To_C (16#E7#), To_C (16#93#), To_C (16#53#), To_C (16#34#), To_C (16#A1#), + To_C (16#45#), To_C (16#5D#), To_C (16#13#), To_C (16#39#), To_C (16#65#), + To_C (16#42#), To_C (16#46#), To_C (16#A1#), To_C (16#9F#), To_C (16#CD#), + To_C (16#F5#), To_C (16#BF#)); + + Original_AES_Key : constant WolfSSL.Byte_Array (1 .. 32) := + "Thisismyfakeaeskeythatis32bytes!"; + + procedure Test_RSA_Sign_Verify_And_Encrypt_Decrypt (F : in out Fixture) is + pragma Unreferenced (F); + + RNG : WolfSSL.RNG_Type; + RSA_Encrypt_Key : WolfSSL.RSA_Key_Type; + RSA_Decrypt_Key : WolfSSL.RSA_Key_Type; + + Digital_Signature_Of_AES_Key : WolfSSL.Byte_Array (1 .. 256); + Decrypted_Digital_Signature : WolfSSL.Byte_Array (1 .. 256); + + Encrypted : WolfSSL.Byte_Array (1 .. 1_024); + Decrypted : WolfSSL.Byte_Array (1 .. 1_024); + + Index : WolfSSL.Byte_Index; + R : Integer; + begin + WolfSSL.Create_RNG (Key => RNG, + Result => R); + AUnit.Assertions.Assert (R = 0, "Create_RNG failed, Result =" & + Integer'Image (R)); + + WolfSSL.Create_RSA (Key => RSA_Encrypt_Key, + Result => R); + AUnit.Assertions.Assert (R = 0, "Create_RSA (private) failed, Result =" & + Integer'Image (R)); + + WolfSSL.Rsa_Set_RNG (Key => RSA_Encrypt_Key, + RNG => RNG, + Result => R); + AUnit.Assertions.Assert (R = 0, "Rsa_Set_RNG failed, Result =" & + Integer'Image (R)); + + Index := Client_Private_Key_2048'First; + WolfSSL.Rsa_Private_Key_Decode (Input => Client_Private_Key_2048, + Index => Index, + Key => RSA_Encrypt_Key, + Size => Client_Private_Key_2048'Length, + Result => R); + AUnit.Assertions.Assert (R = 0, "Rsa_Private_Key_Decode failed, Result =" & + Integer'Image (R)); + + WolfSSL.Rsa_SSL_Sign (Input => Original_AES_Key, + Output => Digital_Signature_Of_AES_Key, + RSA => RSA_Encrypt_Key, + RNG => RNG, + Result => R); + AUnit.Assertions.Assert (R > 0, + "Rsa_SSL_Sign failed, Result =" & + Integer'Image (R)); + + WolfSSL.Create_RSA (Key => RSA_Decrypt_Key, + Result => R); + AUnit.Assertions.Assert (R = 0, "Create_RSA (public) failed, Result =" & + Integer'Image (R)); + + Index := Rsa_Public_Key_2048'First; + WolfSSL.Rsa_Public_Key_Decode (Input => Rsa_Public_Key_2048, + Index => Index, + Key => RSA_Decrypt_Key, + Size => Rsa_Public_Key_2048'Length, + Result => R); + AUnit.Assertions.Assert (R = 0, "Rsa_Public_Key_Decode failed, Result =" & + Integer'Image (R)); + + WolfSSL.Rsa_SSL_Verify (Input => Digital_Signature_Of_AES_Key, + Output => Decrypted_Digital_Signature, + RSA => RSA_Decrypt_Key, + Result => R); + AUnit.Assertions.Assert (R > 0, + "Rsa_SSL_Verify failed, Result =" & + Integer'Image (R)); + + -- Basic sanity: verify decrypted signature begins with the plaintext input. + -- The example does not explicitly check this; it only checks success. + AUnit.Assertions.Assert + (Decrypted_Digital_Signature (1 .. Original_AES_Key'Length) = + Original_AES_Key, + "Verified signature payload does not match original input"); + + WolfSSL.RSA_Public_Encrypt (Input => Original_AES_Key, + Output => Encrypted, + Index => Index, + RSA => RSA_Decrypt_Key, + RNG => RNG, + Result => R); + AUnit.Assertions.Assert (R > 0, + "RSA_Public_Encrypt failed, Result =" & + Integer'Image (R)); + AUnit.Assertions.Assert (Index > 0, + "RSA_Public_Encrypt returned Index = 0"); + + WolfSSL.RSA_Private_Decrypt (Input => Encrypted (1 .. Index), + Output => Decrypted, + Index => Index, + RSA => RSA_Encrypt_Key, + Result => R); + AUnit.Assertions.Assert (R > 0, + "RSA_Private_Decrypt failed, Result =" & + Integer'Image (R)); + + AUnit.Assertions.Assert (Integer (Index) = 32, + "RSA_Private_Decrypt output length mismatch, got" & + Integer'Image (Integer (Index))); + + AUnit.Assertions.Assert (Decrypted (1 .. 32) = Original_AES_Key, + "RSA decrypt result does not equal original key"); + + -- Ensure RSA key resources are released (RSA is now dynamically allocated). + WolfSSL.Free_RSA (Key => RSA_Encrypt_Key); + WolfSSL.Free_RSA (Key => RSA_Decrypt_Key); + + -- Ensure RNG resources are released (RNG is now dynamically allocated). + -- Must be done after all operations that use RNG / depend on it. + WolfSSL.Free_RNG (Key => RNG); + end Test_RSA_Sign_Verify_And_Encrypt_Decrypt; + + package Caller is new AUnit.Test_Caller (Fixture); + + Suite_Object : aliased AUnit.Test_Suites.Test_Suite; + + function Suite return AUnit.Test_Suites.Access_Test_Suite is + begin + return Suite_Object'Access; + end Suite; + +begin + -- Register RSA tests once at elaboration time. + AUnit.Test_Suites.Add_Test + (Suite_Object'Access, + Caller.Create + (Name => "RSA sign/verify and encrypt/decrypt (rsa_verify_main)", + Test => Test_RSA_Sign_Verify_And_Encrypt_Decrypt'Access)); + +end RSA_Verify_Bindings_Tests; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/rsa_verify_bindings_tests.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +with AUnit.Test_Suites; + +package RSA_Verify_Bindings_Tests is + + -- Tests derived from `rsa_verify_main.adb` example. + -- + -- Intended coverage (bindings exercised): + -- - Create_RNG + -- - Create_RSA + -- - Rsa_Set_RNG + -- - Rsa_Private_Key_Decode + -- - Rsa_Public_Key_Decode + -- - Rsa_SSL_Sign + -- - Rsa_SSL_Verify + -- - RSA_Public_Encrypt + -- - RSA_Private_Decrypt + -- + -- The implementation will use the exact embedded DER keys and test vectors + -- from the example to avoid assumptions about external files. + + function Suite return AUnit.Test_Suites.Access_Test_Suite; + +end RSA_Verify_Bindings_Tests; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,146 @@ +with AUnit.Assertions; +with AUnit.Test_Caller; + +with WolfSSL; + +with Test_Support; + +package body SHA256_Bindings_Tests is + + ---------------------------------------------------------------------------- + -- Helpers + ---------------------------------------------------------------------------- + + procedure Compute_SHA256 + (Input : WolfSSL.Byte_Array; + Hash : out WolfSSL.SHA256_Hash; + Result : out Integer) + is + SHA256 : WolfSSL.SHA256_Type; + R : Integer; + begin + -- SHA256 instances are dynamically allocated; no index is required. + WolfSSL.Create_SHA256 (SHA256 => SHA256, Result => R); + if R /= 0 then + Result := R; + return; + end if; + + WolfSSL.Update_SHA256 (SHA256 => SHA256, Byte => Input, Result => R); + if R /= 0 then + Result := R; + WolfSSL.Free_SHA256 (SHA256 => SHA256); + return; + end if; + + WolfSSL.Finalize_SHA256 + (SHA256 => SHA256, + Hash => Hash, + Result => R); + + Result := R; + + WolfSSL.Free_SHA256 (SHA256 => SHA256); + end Compute_SHA256; + + ---------------------------------------------------------------------------- + -- Tests + ---------------------------------------------------------------------------- + + procedure Test_SHA256_Asdf_Known_Vector (F : in out Fixture) is + pragma Unreferenced (F); + + Hash : WolfSSL.SHA256_Hash; + R : Integer; + + Input : constant WolfSSL.Byte_Array := Test_Support.Bytes ("asdf"); + + Expected_Hash : constant WolfSSL.Byte_Array := + Test_Support.Hex_Bytes + (Test_Support.SHA256_Text + ("F0E4C2F76C58916EC258F246851BEA091D14D4247A2FC3E18694461B1816E13B")); + begin + Compute_SHA256 (Input => Input, Hash => Hash, Result => R); + + Test_Support.Assert_Success (R, "SHA256(asdf)"); + + -- Compare the hash bytes + declare + use type WolfSSL.Byte_Array; + Hash_Bytes : WolfSSL.Byte_Array (Expected_Hash'Range); + J : WolfSSL.Byte_Index := Expected_Hash'First; + begin + for I in Hash'Range loop + Hash_Bytes (J) := Hash (I); + J := WolfSSL.Byte_Index'Succ (J); + end loop; + AUnit.Assertions.Assert + (Hash_Bytes = Expected_Hash, + "SHA256('asdf') hash mismatch"); + end; + end Test_SHA256_Asdf_Known_Vector; + + procedure Test_SHA256_Empty_Message (F : in out Fixture) is + pragma Unreferenced (F); + + Hash : WolfSSL.SHA256_Hash; + R : Integer; + + -- Represent empty input as a null range, matching the existing test style. + Empty : constant WolfSSL.Byte_Array := (1 .. 0 => <>); + + Expected_Hash : constant WolfSSL.Byte_Array := + Test_Support.Hex_Bytes + (Test_Support.SHA256_Text + ("E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855")); + begin + Compute_SHA256 (Input => Empty, Hash => Hash, Result => R); + + Test_Support.Assert_Success (R, "SHA256(empty)"); + + -- Compare the hash bytes + declare + use type WolfSSL.Byte_Array; + Hash_Bytes : WolfSSL.Byte_Array (1 .. 32); + J : WolfSSL.Byte_Index := 1; + begin + for I in Hash'Range loop + Hash_Bytes (J) := Hash (I); + J := WolfSSL.Byte_Index'Succ (J); + end loop; + AUnit.Assertions.Assert + (Hash_Bytes = Expected_Hash, + "SHA256('') hash mismatch"); + end; + end Test_SHA256_Empty_Message; + + ---------------------------------------------------------------------------- + -- Statically allocated suite object; register tests at elaboration time + ---------------------------------------------------------------------------- + + package Caller is new AUnit.Test_Caller (Fixture); + + Suite_Object : aliased AUnit.Test_Suites.Test_Suite; + + function Suite return AUnit.Test_Suites.Access_Test_Suite is + begin + return Suite_Object'Access; + end Suite; + +begin + -- Register SHA256-related tests once at elaboration time. + -- Note: Caller.Create returns an access value; AUnit may still allocate + -- the test-case objects internally. This keeps the suite itself static. + AUnit.Test_Suites.Add_Test + (Suite_Object'Access, + Caller.Create + (Name => "SHA256('asdf') produces expected hash", + Test => Test_SHA256_Asdf_Known_Vector'Access)); + + AUnit.Test_Suites.Add_Test + (Suite_Object'Access, + Caller.Create + (Name => "SHA256('') produces expected hash", + Test => Test_SHA256_Empty_Message'Access)); + +end SHA256_Bindings_Tests; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/sha256_bindings_tests.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +with AUnit.Test_Fixtures; +with AUnit.Test_Suites; + +package SHA256_Bindings_Tests is + + -- Tests for the WolfSSL SHA256 Ada bindings: + -- - Create_SHA256 + -- - Update_SHA256 + -- - Finalize_SHA256 + -- + -- This package follows AUnit's "Test_Caller" model (not Test_Cases with + -- Registration) to avoid depending on optional child units and to keep the + -- boilerplate small. + -- + -- Suite returns a suite containing all SHA256-related tests. + + type Fixture is new AUnit.Test_Fixtures.Test_Fixture with null record; + + procedure Test_SHA256_Asdf_Known_Vector (F : in out Fixture); + procedure Test_SHA256_Empty_Message (F : in out Fixture); + + function Suite return AUnit.Test_Suites.Access_Test_Suite; + +end SHA256_Bindings_Tests; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,121 @@ +with AUnit.Assertions; + +package body Test_Support is + + ---------------------------------------------------------------------------- + -- Assertions + ---------------------------------------------------------------------------- + + procedure Assert_Success (Result : Integer; What : String) is + begin + AUnit.Assertions.Assert + (Result = 0, + What & " failed, Result = " & Integer'Image (Result)); + end Assert_Success; + + ---------------------------------------------------------------------------- + -- Data helpers + ---------------------------------------------------------------------------- + + function Bytes (S : String) return WolfSSL.Byte_Array is + -- WolfSSL.Byte_Array is Interfaces.C.char_array indexed by + -- WolfSSL.Byte_Index (size_t). Avoid doing arithmetic directly on that + -- index type; instead, use Natural for arithmetic and convert at the + -- point of indexing. + begin + if S'Length = 0 then + -- Return a null range for empty input + declare + Empty : WolfSSL.Byte_Array (1 .. 0); + begin + return Empty; + end; + end if; + + declare + Last_N : constant Natural := S'Length - 1; + B : WolfSSL.Byte_Array (0 .. WolfSSL.Byte_Index (Last_N)); + N : Natural := 0; + begin + for C of S loop + B (WolfSSL.Byte_Index (N)) := + WolfSSL.Byte_Type'Val (Character'Pos (C)); + N := N + 1; + end loop; + return B; + end; + end Bytes; + + function Hex_Value (C : Character) return Natural is + begin + case C is + when '0' .. '9' => + return Character'Pos (C) - Character'Pos ('0'); + when 'A' .. 'F' => + return 10 + (Character'Pos (C) - Character'Pos ('A')); + when 'a' .. 'f' => + return 10 + (Character'Pos (C) - Character'Pos ('a')); + when others => + AUnit.Assertions.Assert + (False, + "invalid hex character '" & C & "'"); + return 0; + end case; + end Hex_Value; + + function Hex_Bytes (Hex : String) return WolfSSL.Byte_Array is + Len : constant Natural := Hex'Length; + begin + AUnit.Assertions.Assert + (Len mod 2 = 0, + "hex string length must be even, got" & Integer'Image (Len)); + + declare + N : constant Natural := Len / 2; + begin + if N = 0 then + -- Return a null range for empty input + declare + Empty : WolfSSL.Byte_Array (1 .. 0); + begin + return Empty; + end; + end if; + + declare + Last_N : constant Natural := N - 1; + B : WolfSSL.Byte_Array (0 .. WolfSSL.Byte_Index (Last_N)); + Hi : Natural; + Lo : Natural; + J : Natural := 0; + begin + for K in 0 .. N - 1 loop + J := 2 * K; + Hi := Hex_Value (Hex (Hex'First + J)); + Lo := Hex_Value (Hex (Hex'First + J + 1)); + B (WolfSSL.Byte_Index (K)) := + WolfSSL.Byte_Type'Val (16 * Hi + Lo); + end loop; + return B; + end; + end; + end Hex_Bytes; + + function SHA256_Text (Hex : String) return WolfSSL.SHA256_As_String is + T : WolfSSL.SHA256_As_String; + I : Natural := 0; + begin + AUnit.Assertions.Assert + (Hex'Length = T'Length, + "SHA256 hex must be 64 characters, got" & + Integer'Image (Hex'Length)); + + for C of Hex loop + I := I + 1; + T (T'First + (I - 1)) := C; + end loop; + + return T; + end SHA256_Text; + +end Test_Support; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/test_support.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +with WolfSSL; + +package Test_Support is + -- Small helpers to reduce test boilerplate and keep data declarations concise. + + ----------------------------------------------------------------------------- + -- Assertions + ----------------------------------------------------------------------------- + + -- Assert that a WolfSSL binding call returned success (0). + procedure Assert_Success (Result : Integer; What : String); + + ----------------------------------------------------------------------------- + -- Data helpers + ----------------------------------------------------------------------------- + + -- Convert a String into a WolfSSL.Byte_Array, byte-for-byte. + -- Intended for test vectors like keys/IVs/plaintext where ASCII is fine. + function Bytes (S : String) return WolfSSL.Byte_Array; + + -- Convert a hex string (for example "0A1bFF") into a Byte_Array. + -- - Accepts both uppercase and lowercase hex. + -- - Requires an even number of hex characters. + function Hex_Bytes (Hex : String) return WolfSSL.Byte_Array; + + -- Convert a hex string into a SHA256 text value. + -- This is handy for expected SHA256 digests ("64 hex chars"). + function SHA256_Text (Hex : String) return WolfSSL.SHA256_As_String; + +private + -- Put small internal helpers in the body; keep the spec minimal. + pragma Inline (Assert_Success); +end Test_Support; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +with AES_Bindings_Tests; +with RSA_Verify_Bindings_Tests; +with SHA256_Bindings_Tests; + +package body Tests_Root_Suite is + + -- Statically allocated (library-level) suite object. + -- Returning Root'Access is safe (no dangling pointer / accessibility issues), + -- and avoids heap allocation (so Valgrind stays clean). + Root : aliased AUnit.Test_Suites.Test_Suite; + + function Suite return AUnit.Test_Suites.Access_Test_Suite is + begin + return Root'Access; + end Suite; + +begin + -- Register all binding test suites at elaboration time. + AUnit.Test_Suites.Add_Test (Root'Access, SHA256_Bindings_Tests.Suite); + AUnit.Test_Suites.Add_Test (Root'Access, RSA_Verify_Bindings_Tests.Suite); + AUnit.Test_Suites.Add_Test (Root'Access, AES_Bindings_Tests.Suite); + +end Tests_Root_Suite; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/support/tests_root_suite.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +with AUnit.Test_Suites; + +-- Library-level root suite holder. +-- +-- Purpose: +-- - Provide a statically-allocated (non-heap) top-level suite object. +-- - Return an Access_Test_Suite that safely designates a library-level object +-- (to satisfy Ada accessibility rules without Unrestricted_Access). +-- +-- The body is responsible for populating the suite exactly once (typically at +-- elaboration time). + +package Tests_Root_Suite is + + -- Return the root test suite (statically allocated, library-level). + function Suite return AUnit.Test_Suites.Access_Test_Suite; + +end Tests_Root_Suite; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/tests.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/tests.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/tests.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/src/tests.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,15 @@ +with AUnit.Reporter.Text; +with AUnit.Run; + +with Tests_Root_Suite; + +procedure Tests is + Reporter : AUnit.Reporter.Text.Text_Reporter; + + -- Instantiate the generic AUnit runner with a *library-level* suite function. + -- This avoids Ada accessibility issues (no local objects' 'Access escaping) + -- and keeps the harness minimal. + procedure Runner is new AUnit.Run.Test_Runner (Tests_Root_Suite.Suite); +begin + Runner (Reporter); +end Tests; \ No newline at end of file diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/tests.gpr mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/tests.gpr --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/tests.gpr 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/tests.gpr 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,36 @@ +with "config/tests_config.gpr"; +with "../wolfssl.gpr"; + +project Tests is + + for Source_Dirs use ("src/", "src/support", "config/"); + for Object_Dir use "obj/" & Tests_Config.Build_Profile; + for Create_Missing_Dirs use "True"; + for Exec_Dir use "bin"; + for Main use ("tests.adb"); + + package Compiler is + -- "-gnatyM0" disables the GNAT style check for maximum line length. + -- We keep it disabled for this tests project because some embedded + -- test vectors (e.g., DER keys) are long comma-separated literals that + -- would otherwise generate many "this line is too long" warnings. + for Default_Switches ("Ada") use + Tests_Config.Ada_Compiler_Switches & ("-gnatyM0"); + end Compiler; + + package Binder is + for Switches ("Ada") use ("-Es"); -- Symbolic traceback + end Binder; + + package Linker is + -- WolfSSL uses libm on Linux/macOS; wolfssl.gpr already encodes OS-specifics, + -- but we repeat "-lm" here so the standalone tests executable links when + -- consumed without a full project tree. + for Switches ("Ada") use ("-lm"); + end Linker; + + package Install is + for Artifacts (".") use ("share"); + end Install; + +end Tests; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/valgrind.supp mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/valgrind.supp --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tests/valgrind.supp 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tests/valgrind.supp 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,17 @@ +{ + aunit_test_results_add_success_leak + Memcheck:Leak + match-leak-kinds: definite,indirect + fun:malloc + fun:__gnat_malloc + fun:aunit__test_results__add_success +} + +{ + aunit_test_results_successes_leak + Memcheck:Leak + match-leak-kinds: definite,indirect + fun:malloc + fun:__gnat_malloc + fun:aunit__test_results__successes +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,453 +0,0 @@ --- tls_client.adb --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - --- Ada Standard Library packages. -with Ada.Characters.Handling; -with Ada.Strings.Bounded; -with Ada.Text_IO; -with Ada.Directories; -with Interfaces.C.Strings; - -with SPARK_Terminal; - -package body Tls_Client with SPARK_Mode is - - use type WolfSSL.Mode_Type; - use type WolfSSL.Byte_Index; - use type WolfSSL.Byte_Array; - use type WolfSSL.Subprogram_Result; - - subtype Byte_Index is WolfSSL.Byte_Index; - - Success : WolfSSL.Subprogram_Result renames WolfSSL.Success; - - subtype Byte_Type is WolfSSL.Byte_Type; - - subtype chars_ptr is WolfSSL.chars_ptr; - subtype unsigned is WolfSSL.unsigned; - - package Natural_IO is new Ada.Text_IO.Integer_IO (Natural); - - function PSK_Client_Callback - (Unused : WolfSSL.WolfSSL_Type; - Hint : chars_ptr; - Identity : chars_ptr; - Id_Max_Length : unsigned; - Key : chars_ptr; - Key_Max_Length : unsigned) return unsigned - with Convention => C; - - function PSK_Client_Callback - (Unused : WolfSSL.WolfSSL_Type; - Hint : chars_ptr; - Identity : chars_ptr; - Id_Max_Length : unsigned; - Key : chars_ptr; - Key_Max_Length : unsigned) return unsigned - with - SPARK_Mode => Off - is - use type Interfaces.C.unsigned; - - Hint_String : constant String := Interfaces.C.Strings.Value (Hint); - - -- Identity is OpenSSL testing default for openssl s_client, keep same - Identity_String : constant String := "Client_identity"; - -- Test key in hex is 0x1a2b3c4d, in decimal 439,041,101 - Key_String : constant String := - Character'Val (26) - & Character'Val (43) - & Character'Val (60) - & Character'Val (77); - -- These values are aligned with test values in wolfssl/wolfssl/test.h - -- and wolfssl-examples/psk/server-psk.c for testing interoperability. - - begin - - Ada.Text_IO.Put_Line ("Hint: " & Hint_String); - - pragma Assert (Id_Max_Length >= Identity_String'Length); - - Interfaces.C.Strings.Update - (Item => Identity, - Offset => 0, - Str => Identity_String, - Check => False); - - pragma Assert (Key_Max_Length >= Key_String'Length); - - Interfaces.C.Strings.Update - (Item => Key, - Offset => 0, - Str => Key_String, - Check => False); - - return Key_String'Length; - end PSK_Client_Callback; - - procedure Put (Text : String) is - begin - Ada.Text_IO.Put (Text); - end Put; - - procedure Put (Number : Natural) - with - Annotate => (GNATprove, Might_Not_Return) - is - begin - Natural_IO.Put (Item => Number, Width => 0, Base => 10); - end Put; - - procedure Put (Number : Byte_Index) - with - Annotate => (GNATprove, Might_Not_Return) - is - begin - Natural_IO.Put (Item => Natural (Number), Width => 0, Base => 10); - end Put; - - procedure Put_Line (Text : String) is - begin - Ada.Text_IO.Put_Line (Text); - end Put_Line; - - procedure New_Line is - begin - Ada.Text_IO.New_Line; - end New_Line; - - subtype Exit_Status is SPARK_Terminal.Exit_Status; - - Exit_Status_Success : Exit_Status renames SPARK_Terminal.Exit_Status_Success; - Exit_Status_Failure : Exit_Status renames SPARK_Terminal.Exit_Status_Failure; - - procedure Set (Status : Exit_Status) with Global => null is - begin - SPARK_Terminal.Set_Exit_Status (Status); - end Set; - - subtype Port_Type is SPARK_Sockets.Port_Type; - - subtype Level_Type is SPARK_Sockets.Level_Type; - - subtype Socket_Type is SPARK_Sockets.Socket_Type; - subtype Option_Name is SPARK_Sockets.Option_Name; - subtype Option_Type is SPARK_Sockets.Option_Type; - subtype Family_Type is SPARK_Sockets.Family_Type; - - subtype Sock_Addr_Type is SPARK_Sockets.Sock_Addr_Type; - subtype Inet_Addr_Type is SPARK_Sockets.Inet_Addr_Type; - - use type Family_Type; - - Socket_Error : exception renames SPARK_Sockets.Socket_Error; - - Reuse_Address : Option_Name renames SPARK_Sockets.Reuse_Address; - - Socket_Level : Level_Type renames SPARK_Sockets.Socket_Level; - - Family_Inet : Family_Type renames SPARK_Sockets.Family_Inet; - - Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; - - CERT_FILE : constant String := "../../certs/client-cert.pem"; - KEY_FILE : constant String := "../../certs/client-key.pem"; - CA_FILE : constant String := "../../certs/ca-cert.pem"; - - subtype Byte_Array is WolfSSL.Byte_Array; - - function Argument_Count return Natural renames - SPARK_Terminal.Argument_Count; - - function Argument (Number : Positive) return String with - Pre => Number <= Argument_Count; - - function Argument (Number : Positive) return String is - begin - return SPARK_Terminal.Argument (Number); - end Argument; - - procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; - Ctx : in out WolfSSL.Context_Type; - Client : in out SPARK_Sockets.Optional_Socket) is - A : Sock_Addr_Type; - C : SPARK_Sockets.Optional_Socket renames Client; - D : Byte_Array (1 .. 200); - P : constant Port_Type := 11111; - - Addr : SPARK_Sockets.Optional_Inet_Addr; - - Count : WolfSSL.Byte_Index; - - Text : String (1 .. 200); - Last : Natural; - - Input : WolfSSL.Read_Result; - Output : WolfSSL.Write_Result; - - Result : WolfSSL.Subprogram_Result; - DTLS : Boolean := False; - PSK : Boolean := False; - begin - Result := WolfSSL.Initialize; - if Result /= Success then - Put_Line ("ERROR: Failed to initialize the WolfSSL library."); - return; - end if; - - if Argument_Count < 1 - or Argument_Count > 2 - or (Argument_Count = 2 and then - Argument (2) /= "--dtls" and then - Argument (2) /= "--psk") - then - Put_Line ("usage: tls_client_main [--dtls | --psk]"); - return; - end if; - - if Argument_Count = 2 then - DTLS := (Argument (2) = "--dtls"); - PSK := (Argument (2) = "--psk"); - end if; - - if DTLS then - SPARK_Sockets.Create_Datagram_Socket (C); - else - SPARK_Sockets.Create_Stream_Socket (C); - end if; - - if not C.Exists then - declare - Mode : constant String := (if DTLS then "datagram" else "stream"); - begin - Put_Line ("ERROR: Failed to create " & Mode & " socket."); - return; - end; - end if; - - Addr := SPARK_Sockets.Inet_Addr (Argument (1)); - if not Addr.Exists or - (Addr.Exists and then Addr.Addr.Family /= Family_Inet) - then - Put_Line ("ERROR: please specify IPv4 address."); - SPARK_Sockets.Close_Socket (C); - Set (Exit_Status_Failure); - return; - end if; - A := (Family => Family_Inet, - Addr => Addr.Addr, - Port => P); - - if not DTLS then - Result := SPARK_Sockets.Connect_Socket (Socket => C.Socket, - Server => A); - if Result /= Success then - Put_Line ("ERROR: Failed to connect to server."); - SPARK_Sockets.Close_Socket (C); - Set (Exit_Status_Failure); - return; - end if; - end if; - - -- Create and initialize WOLFSSL_CTX. - WolfSSL.Create_Context - (Method => - (if DTLS then - WolfSSL.DTLSv1_3_Client_Method - else - WolfSSL.TLSv1_3_Client_Method), - Context => Ctx); - - if not WolfSSL.Is_Valid (Ctx) then - Put_Line ("ERROR: failed to create WOLFSSL_CTX."); - SPARK_Sockets.Close_Socket (C); - Set (Exit_Status_Failure); - return; - end if; - - -- Require mutual authentication. - WolfSSL.Set_Verify - (Context => Ctx, - Mode => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert); - - if not PSK then - - -- Load client certificate into WOLFSSL_CTX. - Result := WolfSSL.Use_Certificate_File (Context => Ctx, - File => CERT_FILE, - Format => WolfSSL.Format_Pem); - if Result /= Success then - Put ("ERROR: failed to load "); - Put (CERT_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Load client key into WOLFSSL_CTX. - Result := WolfSSL.Use_Private_Key_File (Context => Ctx, - File => KEY_FILE, - Format => WolfSSL.Format_Pem); - if Result /= Success then - Put ("ERROR: failed to load "); - Put (KEY_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Load CA certificate into WOLFSSL_CTX. - Result := WolfSSL.Load_Verify_Locations (Context => Ctx, - File => CA_FILE, - Path => ""); - if Result /= Success then - Put ("ERROR: failed to load "); - Put (CA_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - end if; - - -- Create a WOLFSSL object. - WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); - if not WolfSSL.Is_Valid (Ssl) then - Put_Line ("ERROR: failed to create WOLFSSL object."); - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - if PSK then - -- Use PSK for authentication. - WolfSSL.Set_PSK_Client_Callback - (Ssl => Ssl, - Callback => PSK_Client_Callback'Access); - end if; - - if DTLS then - Result := WolfSSL.DTLS_Set_Peer(Ssl => Ssl, - Address => A); - if Result /= Success then - Put_Line ("ERROR: Failed to set the DTLS peer."); - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - end if; - - -- Attach wolfSSL to the socket. - Result := WolfSSL.Attach (Ssl => Ssl, - Socket => SPARK_Sockets.To_C (C.Socket)); - if Result /= Success then - Put_Line ("ERROR: Failed to set the file descriptor."); - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - Result := WolfSSL.Connect (Ssl); - if Result /= Success then - Put_Line ("ERROR: failed to connect to wolfSSL."); - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - Put ("Message for server: "); - Ada.Text_IO.Get_Line (Text, Last); - - SPARK_Sockets.To_C (Item => Text (1 .. Last), - Target => D, - Count => Count); - Output := WolfSSL.Write (Ssl => Ssl, - Data => D (1 .. Count)); - if not Output.Success then - Put ("ERROR: write failure"); - New_Line; - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - return; - end if; - - if Natural (Output.Bytes_Written) < Last then - Put ("ERROR: failed to write entire message"); - New_Line; - Put (Output.Bytes_Written); - Put (" bytes of "); - Put (Last); - Put ("bytes were sent"); - New_Line; - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - return; - end if; - - Input := WolfSSL.Read (Ssl); - if not Input.Success then - Put_Line ("Read error."); - Set (Exit_Status_Failure); - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - return; - end if; - if Input.Buffer'Length > Text'Length then - SPARK_Sockets.To_Ada (Item => Input.Buffer (1 .. 200), - Target => Text, - Count => Last); - else - SPARK_Sockets.To_Ada (Item => Input.Buffer, - Target => Text, - Count => Last); - end if; - Put ("Server: "); - Put (Text (1 .. Last)); - New_Line; - - SPARK_Sockets.Close_Socket (C); - WolfSSL.Free (Ssl); - WolfSSL.Free (Context => Ctx); - Result := WolfSSL.Finalize; - if Result /= Success then - Put_Line ("ERROR: Failed to finalize the WolfSSL library."); - end if; - end Run; - -end Tls_Client; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.ads 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client.ads 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ --- tls_client.ads --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - --- The WolfSSL package. -with WolfSSL; pragma Elaborate_All (WolfSSL); - -with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); - -package Tls_Client with SPARK_Mode is - - procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; - Ctx : in out WolfSSL.Context_Type; - Client : in out SPARK_Sockets.Optional_Socket) with - Pre => (not Client.Exists and not - WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)), - Post => (not Client.Exists and not WolfSSL.Is_Valid (Ssl) and - not WolfSSL.Is_Valid (Ctx)), - Annotate => (GNATprove, Might_Not_Return); - -end Tls_Client; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_client_main.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_client_main.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ --- tls_client_main.adb --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - -with Tls_Client; pragma Elaborate_All (Tls_Client); -with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); -with WolfSSL; pragma Elaborate_All (WolfSSL); --- Application entry point for the Ada translation of the --- tls client v1.3 example in C. -procedure Tls_Client_Main is - Ssl : WolfSSL.WolfSSL_Type; - Ctx : WolfSSL.Context_Type; - C : SPARK_Sockets.Optional_Socket; -begin - Tls_Client.Run (Ssl, Ctx, Client => C); -end Tls_Client_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,477 +0,0 @@ --- tls_server.adb --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - --- Ada Standard Library packages. -with Ada.Characters.Handling; -with Ada.Strings.Bounded; -with Ada.Text_IO.Bounded_IO; - -with Interfaces.C.Strings; - -with SPARK_Terminal; pragma Elaborate_All (SPARK_Terminal); - -package body Tls_Server with SPARK_Mode is - - use type WolfSSL.Mode_Type; - use type WolfSSL.Byte_Index; - use type WolfSSL.Byte_Array; - use type WolfSSL.Subprogram_Result; - - Success : WolfSSL.Subprogram_Result renames WolfSSL.Success; - - subtype chars_ptr is WolfSSL.chars_ptr; - subtype unsigned is WolfSSL.unsigned; - - procedure Put (Char : Character) is - begin - Ada.Text_IO.Put (Char); - end Put; - - procedure Put (Text : String) is - begin - Ada.Text_IO.Put (Text); - end Put; - - procedure Put_Line (Text : String) is - begin - Ada.Text_IO.Put_Line (Text); - end Put_Line; - - procedure New_Line is - begin - Ada.Text_IO.New_Line; - end New_Line; - - subtype Exit_Status is SPARK_Terminal.Exit_Status; - - Exit_Status_Success : Exit_Status renames SPARK_Terminal.Exit_Status_Success; - Exit_Status_Failure : Exit_Status renames SPARK_Terminal.Exit_Status_Failure; - - procedure Set (Status : Exit_Status) with Global => null is - begin - SPARK_Terminal.Set_Exit_Status (Status); - end Set; - - subtype Port_Type is SPARK_Sockets.Port_Type; - - subtype Level_Type is SPARK_Sockets.Level_Type; - - subtype Socket_Type is SPARK_Sockets.Socket_Type; - subtype Option_Name is SPARK_Sockets.Option_Name; - subtype Option_Type is SPARK_Sockets.Option_Type; - subtype Family_Type is SPARK_Sockets.Family_Type; - - subtype Sock_Addr_Type is SPARK_Sockets.Sock_Addr_Type; - subtype Inet_Addr_Type is SPARK_Sockets.Inet_Addr_Type; - - Socket_Error : exception renames SPARK_Sockets.Socket_Error; - - Reuse_Address : Option_Name renames SPARK_Sockets.Reuse_Address; - - Socket_Level : Level_Type renames SPARK_Sockets.Socket_Level; - - Family_Inet : Family_Type renames SPARK_Sockets.Family_Inet; - - Any_Inet_Addr : Inet_Addr_Type renames SPARK_Sockets.Any_Inet_Addr; - - CERT_FILE : constant String := "../../certs/server-cert.pem"; - KEY_FILE : constant String := "../../certs/server-key.pem"; - CA_FILE : constant String := "../../certs/client-cert.pem"; - - subtype Byte_Array is WolfSSL.Byte_Array; - - Reply : constant Byte_Array := "I hear ya fa shizzle!"; - - - function PSK_Server_Callback - (Unused : WolfSSL.WolfSSL_Type; - Identity : chars_ptr; - Key : chars_ptr; - Key_Max_Length : unsigned) return unsigned - with Convention => C; - - function PSK_Server_Callback - (Unused : WolfSSL.WolfSSL_Type; - Identity : chars_ptr; - Key : chars_ptr; - Key_Max_Length : unsigned) return unsigned - with - SPARK_Mode => Off - is - use type Interfaces.C.unsigned; - - -- Identity is OpenSSL testing default for openssl s_client, keep same - Identity_String : constant String := "Client_identity"; - -- Test key in hex is 0x1a2b3c4d, in decimal 439,041,101 - Key_String : constant String := - (Character'Val (26), - Character'Val (43), - Character'Val (60), - Character'Val (77)); - -- These values are aligned with test values in wolfssl/wolfssl/test.h - -- and wolfssl-examples/psk/server-psk.c for testing interoperability. - - begin - - if Interfaces.C.Strings.Value - (Item => Identity, - Length => Identity_String'Length) /= Identity_String or else - Key_Max_Length < Key_String'Length - then - return 0; - end if; - - Interfaces.C.Strings.Update - (Item => Key, - Offset => 0, - Str => Key_String, - Check => False); - - return Key_String'Length; - end PSK_Server_Callback; - - procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; - Ctx : in out WolfSSL.Context_Type; - L : in out SPARK_Sockets.Optional_Socket; - C : in out SPARK_Sockets.Optional_Socket) is - A : Sock_Addr_Type; - P : constant Port_Type := 11111; - - Ch : Character; - - Result : WolfSSL.Subprogram_Result; - DTLS, PSK : Boolean := True; - Shall_Continue : Boolean := True; - - Input : WolfSSL.Read_Result; - Output : WolfSSL.Write_Result; - Option : Option_Type; - begin - Result := WolfSSL.Initialize; - if Result /= Success then - Put_Line ("ERROR: Failed to initialize the WolfSSL library."); - return; - end if; - - if SPARK_Terminal.Argument_Count > 1 - or (SPARK_Terminal.Argument_Count = 1 and then - SPARK_Terminal.Argument (1) /= "--dtls" and then - SPARK_Terminal.Argument (1) /= "--psk") - then - Put_Line ("usage: tls_server_main [--dtls | --psk]"); - return; - end if; - - if SPARK_Terminal.Argument_Count = 1 then - DTLS := (SPARK_Terminal.Argument (1) = "--dtls"); - PSK := (SPARK_Terminal.Argument (1) = "--psk"); - end if; - - if DTLS then - SPARK_Sockets.Create_Datagram_Socket (Socket => L); - else - SPARK_Sockets.Create_Stream_Socket (Socket => L); - end if; - - if not L.Exists then - declare - Mode : constant String := (if DTLS then "datagram" else "stream"); - begin - Put_Line ("ERROR: Failed to create " & Mode & " socket."); - return; - end; - end if; - - Option := (Name => Reuse_Address, Enabled => True); - Result := SPARK_Sockets.Set_Socket_Option (Socket => L.Socket, - Level => Socket_Level, - Option => Option); - if Result /= Success then - Put_Line ("ERROR: Failed to set socket option."); - SPARK_Sockets.Close_Socket (L); - return; - end if; - - A := (Family => Family_Inet, - Addr => Any_Inet_Addr, - Port => P); - Result := SPARK_Sockets.Bind_Socket (Socket => L.Socket, - Address => A); - if Result /= Success then - Put_Line ("ERROR: Failed to bind socket."); - SPARK_Sockets.Close_Socket (L); - return; - end if; - - if DTLS then - Result := SPARK_Sockets.Receive_Socket (Socket => L.Socket); - else - Result := SPARK_Sockets.Listen_Socket (Socket => L.Socket, - Length => 5); - end if; - - if Result /= Success then - declare - Operation : constant String := (if DTLS then "receiver" else "listener"); - begin - Put_Line ("ERROR: Failed to configure " & Operation & " socket."); - SPARK_Sockets.Close_Socket (L); - return; - end; - end if; - - -- Create and initialize WOLFSSL_CTX. - WolfSSL.Create_Context - (Method => - (if DTLS then - WolfSSL.DTLSv1_3_Server_Method - else - WolfSSL.TLSv1_3_Server_Method), - Context => Ctx); - - if not WolfSSL.Is_Valid (Ctx) then - Put_Line ("ERROR: failed to create WOLFSSL_CTX."); - SPARK_Sockets.Close_Socket (L); - Set (Exit_Status_Failure); - return; - end if; - - if not PSK then - -- Require mutual authentication. - WolfSSL.Set_Verify - (Context => Ctx, - Mode => WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert); - - -- Check verify is set correctly (GitHub #7461) - if WolfSSL.Get_Verify(Context => Ctx) /= (WolfSSL.Verify_Peer or WolfSSL.Verify_Fail_If_No_Peer_Cert) then - Put_Line ("Error: Verify does not match requested"); - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Load server certificates into WOLFSSL_CTX. - Result := WolfSSL.Use_Certificate_File (Context => Ctx, - File => CERT_FILE, - Format => WolfSSL.Format_Pem); - if Result /= Success then - Put ("ERROR: failed to load "); - Put (CERT_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Load server key into WOLFSSL_CTX. - Result := WolfSSL.Use_Private_Key_File (Context => Ctx, - File => KEY_FILE, - Format => WolfSSL.Format_Pem); - if Result /= Success then - Put ("ERROR: failed to load "); - Put (KEY_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Load client certificate as "trusted" into WOLFSSL_CTX. - Result := WolfSSL.Load_Verify_Locations (Context => Ctx, - File => CA_FILE, - Path => ""); - - if Result /= Success then - Put ("ERROR: failed to load "); - Put (CA_FILE); - Put (", please check the file."); - New_Line; - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - end if; - - if PSK then - -- Use PSK for authentication. - WolfSSL.Set_Context_PSK_Server_Callback - (Context => Ctx, - Callback => PSK_Server_Callback'Access); - end if; - - while Shall_Continue loop - pragma Loop_Invariant (not C.Exists); - pragma Loop_Invariant (not WolfSSL.Is_Valid (Ssl)); - pragma Loop_Invariant (WolfSSL.Is_Valid (Ctx)); - - if not DTLS then - Put_Line ("Waiting for a connection..."); - SPARK_Sockets.Accept_Socket (Server => L.Socket, - Socket => C, - Address => A, - Result => Result); - if Result /= Success then - Put_Line ("ERROR: failed to accept the connection."); - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - return; - end if; - end if; - - -- Create a WOLFSSL object. - WolfSSL.Create_WolfSSL (Context => Ctx, Ssl => Ssl); - if not WolfSSL.Is_Valid (Ssl) then - Put_Line ("ERROR: failed to create WOLFSSL object."); - declare - Error_Message : constant WolfSSL.Error_Message := - WolfSSL.Error (WolfSSL.Get_Error (Ssl, Result)); - begin - if Result = Success then - Put_Line (Error_Message.Text (1 .. Error_Message.Last)); - end if; - end; - SPARK_Sockets.Close_Socket (L); - - if not DTLS then - SPARK_Sockets.Close_Socket (C); - end if; - - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Attach wolfSSL to the socket. - Result := WolfSSL.Attach - (Ssl => Ssl, - Socket => SPARK_Sockets.To_C (if DTLS then L.Socket else C.Socket)); - if Result /= Success then - Put_Line ("ERROR: Failed to set the file descriptor."); - WolfSSL.Free (Ssl); - SPARK_Sockets.Close_Socket (L); - - if not DTLS then - SPARK_Sockets.Close_Socket (C); - end if; - - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Establish (D)TLS connection. - Result := WolfSSL.Accept_Connection (Ssl); - if Result /= Success then - Put_Line ("Accept error."); - WolfSSL.Free (Ssl); - SPARK_Sockets.Close_Socket (L); - - if not DTLS then - SPARK_Sockets.Close_Socket (C); - end if; - - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - Put_Line ("Client connected successfully."); - - Input := WolfSSL.Read (Ssl); - if not Input.Success then - Put_Line ("Read error."); - WolfSSL.Free (Ssl); - SPARK_Sockets.Close_Socket (L); - - if not DTLS then - SPARK_Sockets.Close_Socket (C); - end if; - - WolfSSL.Free (Context => Ctx); - Set (Exit_Status_Failure); - return; - end if; - - -- Print to stdout any data the client sends. - for I in Input.Buffer'Range loop - Ch := Character (Input.Buffer (I)); - if Ada.Characters.Handling.Is_Graphic (Ch) then - Put (Ch); - else - null; - -- Ignore the "newline" characters at end of message. - end if; - end loop; - New_Line; - - -- Check for server shutdown command. - if Input.Last >= 8 then - if Input.Buffer (1 .. 8) = "shutdown" then - Put_Line ("Shutdown command issued!"); - Shall_Continue := False; - end if; - end if; - - Output := WolfSSL.Write (Ssl, Reply); - if not Output.Success then - Put_Line ("ERROR: write failure."); - elsif Output.Bytes_Written /= Reply'Length then - Put_Line ("ERROR: failed to write full response."); - end if; - - for I in 1 .. 3 loop - - Result := WolfSSL.Shutdown (Ssl); - - exit when DTLS or Result = Success; - delay 0.001; -- Delay is expressed in seconds. - - end loop; - if not DTLS and then Result /= Success then - Put_Line ("ERROR: Failed to shutdown WolfSSL context."); - end if; - - WolfSSL.Free (Ssl); - - if DTLS then - Shall_Continue := False; - else - SPARK_Sockets.Close_Socket (C); - end if; - - Put_Line ("Shutdown complete."); - end loop; - SPARK_Sockets.Close_Socket (L); - WolfSSL.Free (Context => Ctx); - Result := WolfSSL.Finalize; - if Result /= Success then - Put_Line ("ERROR: Failed to finalize the WolfSSL library."); - return; - end if; - end Run; - -end Tls_Server; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.ads 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server.ads 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ --- tls_server.ads --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - --- SPARK wrapper package around GNAT Library packages. -with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); - --- The WolfSSL package. -with WolfSSL; pragma Elaborate_All (WolfSSL); - -package Tls_Server with SPARK_Mode is - - procedure Run (Ssl : in out WolfSSL.WolfSSL_Type; - Ctx : in out WolfSSL.Context_Type; - L : in out SPARK_Sockets.Optional_Socket; - C : in out SPARK_Sockets.Optional_Socket) with - Pre => (not C.Exists and not L.Exists and not - WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)), - Post => (not C.Exists and not L.Exists and not - WolfSSL.Is_Valid (Ssl) and not WolfSSL.Is_Valid (Ctx)); - -end Tls_Server; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server_main.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server_main.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/tls_server_main.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/tls_server_main.adb 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ --- tls_server_main.ads --- --- Copyright (C) 2006-2023 wolfSSL Inc. --- --- This file is part of wolfSSL. --- --- wolfSSL is free software; you can redistribute it and/or modify --- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or --- (at your option) any later version. --- --- wolfSSL is distributed in the hope that it will be useful, --- but WITHOUT ANY WARRANTY; without even the implied warranty of --- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the --- GNU General Public License for more details. --- --- You should have received a copy of the GNU General Public License --- along with this program; if not, write to the Free Software --- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA --- - -with Tls_Server; pragma Elaborate_All (Tls_Server); - --- SPARK wrapper package around GNAT Library packages. -with SPARK_Sockets; pragma Elaborate_All (SPARK_Sockets); - --- The WolfSSL package. -with WolfSSL; pragma Elaborate_All (WolfSSL); - --- Application entry point for the Ada translation of the --- tls server v1.3 example in C. -procedure Tls_Server_Main is - Ssl : WolfSSL.WolfSSL_Type; - Ctx : WolfSSL.Context_Type; - L : SPARK_Sockets.Optional_Socket; - C : SPARK_Sockets.Optional_Socket; -begin - Tls_Server.Run (Ssl, Ctx, L, C); -end Tls_Server_Main; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/user_settings.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -236,7 +236,6 @@ #define HAVE_X963_KDF #define WOLFSSL_CMAC #define WOLFSSL_DES_ECB -#define HAVE_BLAKE2 #define HAVE_BLAKE2B #define HAVE_BLAKE2S #define WOLFSSL_SIPHASH diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.adb 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.adb 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,89 @@ +pragma Warnings (Off, "* is an internal GNAT unit"); +with GNAT.Sockets.Thin_Common; +pragma Warnings (On, "* is an internal GNAT unit"); + +package body WolfSSL.Full_Runtime is + + function WolfSSL_DTLS_Set_Peer + (ssl : WolfSSL_Type; + peer : GNAT.Sockets.Thin_Common.Sockaddr_Access; + peerSz : Interfaces.C.unsigned) + return int with + Convention => C, + External_Name => "wolfSSL_dtls_set_peer", + Import => True; + + function DTLS_Set_Peer + (Ssl : WolfSSL_Type; + Address : GNAT.Sockets.Sock_Addr_Type) + return Subprogram_Result is + + Sin : aliased GNAT.Sockets.Thin_Common.Sockaddr; + Length : Interfaces.C.int; + + begin + + GNAT.Sockets.Thin_Common.Set_Address + (Sin => Sin'Unchecked_Access, + Address => Address, + Length => Length); + + pragma Assert (Length >= 0); + + return + Subprogram_Result + (WolfSSL_DTLS_Set_Peer + (ssl => Ssl, + peer => Sin'Unchecked_Access, + peerSz => Interfaces.C.unsigned (Length))); + exception + when others => + return Exception_Error; + end DTLS_Set_Peer; + + procedure WolfSSL_Set_Psk_Client_Callback + (Ssl : WolfSSL_Type; + Cb : PSK_Client_Callback) + with + Convention => C, + External_Name => "wolfSSL_set_psk_client_callback", + Import => True; + + procedure Set_PSK_Client_Callback + (Ssl : WolfSSL_Type; + Callback : PSK_Client_Callback) is + begin + WolfSSL_Set_Psk_Client_Callback (Ssl, Callback); + end Set_PSK_Client_Callback; + + procedure WolfSSL_Set_Psk_Server_Callback + (Ssl : WolfSSL_Type; + Cb : PSK_Server_Callback) + with + Convention => C, + External_Name => "wolfSSL_set_psk_server_callback", + Import => True; + + procedure Set_PSK_Server_Callback + (Ssl : WolfSSL_Type; + Callback : PSK_Server_Callback) is + begin + WolfSSL_Set_Psk_Server_Callback (Ssl, Callback); + end Set_PSK_Server_Callback; + + procedure WolfSSL_CTX_Set_Psk_Server_Callback + (Ctx : Context_Type; + Cb : PSK_Server_Callback) + with + Convention => C, + External_Name => "wolfSSL_CTX_set_psk_server_callback", + Import => True; + + procedure Set_Context_PSK_Server_Callback + (Context : Context_Type; + Callback : PSK_Server_Callback) is + begin + WolfSSL_CTX_Set_Psk_Server_Callback (Context, Callback); + end Set_Context_PSK_Server_Callback; + +end WolfSSL.Full_Runtime; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.ads 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl-full_runtime.ads 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,77 @@ +with GNAT.Sockets; +with Interfaces.C.Strings; + +-- This package contains the subprograms that need the Ada run-time +-- to support the Interfaces.C.Strings and GNAT.Sockets packages. +-- An example of an Ada run-time that does not support this package +-- is the Zero Footprint run-time of the GNAT compiler. +package WolfSSL.Full_Runtime with SPARK_Mode is + + function DTLS_Set_Peer + (Ssl : WolfSSL_Type; + Address : GNAT.Sockets.Sock_Addr_Type) + return Subprogram_Result with + Pre => Is_Valid (Ssl); + -- This function wraps the corresponding WolfSSL C function to allow + -- clients to use Ada socket types when implementing a DTLS client. + + subtype chars_ptr is Interfaces.C.Strings.chars_ptr; + + type PSK_Client_Callback is access function + (Ssl : WolfSSL_Type; + Hint : chars_ptr; + Identity : chars_ptr; + Id_Max_Length : unsigned; + Key : chars_ptr; + Key_Max_Length : unsigned) + return unsigned with + Convention => C; + -- Return value is the key length on success or zero on error. + -- parameters: + -- Ssl - Pointer to the wolfSSL structure + -- Hint - A stored string that could be displayed to provide a + -- hint to the user. + -- Identity - The ID will be stored here. + -- Id_Max_Length - Size of the ID buffer. + -- Key - The key will be stored here. + -- Key_Max_Length - The max size of the key. + -- + -- The implementation of this callback will need `SPARK_Mode => Off` + -- since it will require the code to use the C memory model. + + procedure Set_PSK_Client_Callback + (Ssl : WolfSSL_Type; + Callback : PSK_Client_Callback) with + Pre => Is_Valid (Ssl); + -- Sets the PSK client side callback. + + type PSK_Server_Callback is access function + (Ssl : WolfSSL_Type; + Identity : chars_ptr; + Key : chars_ptr; + Key_Max_Length : unsigned) + return unsigned with + Convention => C; + -- Return value is the key length on success or zero on error. + -- PSK server callback parameters: + -- Ssl - Reference to the wolfSSL structure + -- Identity - The ID will be stored here. + -- Key - The key will be stored here. + -- Key_Max_Length - The max size of the key. + -- + -- The implementation of this callback will need `SPARK_Mode => Off` + -- since it will require the code to use the C memory model. + + procedure Set_PSK_Server_Callback + (Ssl : WolfSSL_Type; + Callback : PSK_Server_Callback) with + Pre => Is_Valid (Ssl); + -- Sets the PSK Server side callback. + + procedure Set_Context_PSK_Server_Callback + (Context : Context_Type; + Callback : PSK_Server_Callback) with + Pre => Is_Valid (Context); + -- Sets the PSK callback for the server side in the WolfSSL Context. + +end WolfSSL.Full_Runtime; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.adb mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.adb --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.adb 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.adb 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,12 @@ -- wolfssl.adb -- --- Copyright (C) 2006-2023 wolfSSL Inc. +-- Copyright (C) 2006-2026 wolfSSL Inc. -- -- This file is part of wolfSSL. -- -- wolfSSL is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or +-- the Free Software Foundation; either version 3 of the License, or -- (at your option) any later version. -- -- wolfSSL is distributed in the hope that it will be useful, @@ -18,14 +18,7 @@ -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- - with Ada.Unchecked_Conversion; -pragma Warnings (Off, "* is an internal GNAT unit"); -with GNAT.Sockets.Thin_Common; -pragma Warnings (On, "* is an internal GNAT unit"); -with Interfaces.C.Extensions; -with Interfaces.C.Strings; -with System; package body WolfSSL is @@ -34,7 +27,11 @@ subtype long is Interfaces.C.long; subtype unsigned_long is Interfaces.C.unsigned_long; - WOLFSSL_SUCCESS : constant int := Get_WolfSSL_Success; + -- The first value in the Byte_Type range (Byte_Type'First), + -- used as the null byte (0). + nul : constant Byte_Type := Byte_Type'First; + + -- WOLFSSL_SUCCESS : constant int := Get_WolfSSL_Success; function Initialize_WolfSSL return int with Convention => C, @@ -63,6 +60,11 @@ return Context /= null; end Is_Valid; + function Is_Valid (Method : Method_Type) return Boolean is + begin + return Method /= null; + end Is_Valid; + function WolfTLSv1_2_Server_Method return Method_Type with Convention => C, External_Name => "wolfTLSv1_2_server_method", @@ -147,10 +149,11 @@ return Context_Type with Convention => C, External_Name => "wolfSSL_CTX_new", Import => True; - procedure Create_Context (Method : Method_Type; + procedure Create_Context (Method : in out Method_Type; Context : out Context_Type) is begin Context := WolfSSL_CTX_new (Method); + Method := null; end Create_Context; procedure WolfSSL_CTX_free (Context : Context_Type) with @@ -158,7 +161,9 @@ procedure Free (Context : in out Context_Type) is begin - WolfSSL_CTX_free (Context); + if Context /= null then + WolfSSL_CTX_free (Context); + end if; Context := null; end Free; @@ -214,24 +219,32 @@ procedure Set_Verify (Context : Context_Type; Mode : Mode_Type) is + pragma Warnings (Off, "pragma Restrictions (No_Exception_Propagation)"); + -- The values that Set_Verify may be called with have first + -- been int values, then converted into Mode_Type values and + -- here they are converted back to int. This can never fail + -- unless there is hardware failure or cosmic radiation has + -- done a bit flip. + V : constant int := int (Mode); + pragma Warnings (On, "pragma Restrictions (No_Exception_Propagation)"); begin WolfSSL_CTX_Set_Verify (Context => Context, - Mode => int (Mode), + Mode => V, Callback => null); end Set_Verify; - function WolfSSL_Get_Verify(Context : Context_Type) return int with + function WolfSSL_Get_Verify (Context : Context_Type) return int with Convention => C, External_Name => "wolfSSL_CTX_get_verify_mode", Import => True; function Get_Verify (Context : Context_Type) return Mode_Type is begin - return Mode_Type (WolfSSL_Get_Verify(Context)); + return Mode_Type (WolfSSL_Get_Verify (Context)); end Get_Verify; function Use_Certificate_File (Context : Context_Type; - File : char_array; + File : Byte_Array; Format : int) return int with Convention => C, @@ -242,30 +255,35 @@ File : String; Format : File_Format) return Subprogram_Result is - Ctx : constant Context_Type := Context; - C : size_t; - F : char_array (1 .. File'Length + 1); - Result : int; begin - Interfaces.C.To_C (Item => File, - Target => F, - Count => C, - Append_Nul => True); - Result := Use_Certificate_File (Ctx, F (1 .. C), int (Format)); - return Subprogram_Result (Result); + declare + Ctx : constant Context_Type := Context; + F : Byte_Array (1 .. File'Length + 1); + Result : int; + begin + for I in File'Range loop + F (F'First + Byte_Index (I - File'First)) := Byte_Type (File (I)); + end loop; + F (F'Last) := nul; + Result := Use_Certificate_File (Ctx, F, int (Format)); + return Subprogram_Result (Result); + end; + exception + when others => + return Exception_Error; end Use_Certificate_File; function Use_Certificate_Buffer (Context : Context_Type; - Input : char_array; + Input : Byte_Array; Size : long; Format : int) return int with - Convention => C, - External_Name => "wolfSSL_CTX_use_certificate_buffer", - Import => True; + Convention => C, + External_Name => "wolfSSL_CTX_use_certificate_buffer", + Import => True; function Use_Certificate_Buffer (Context : Context_Type; - Input : char_array; + Input : Byte_Array; Format : File_Format) return Subprogram_Result is Result : int; @@ -273,10 +291,13 @@ Result := Use_Certificate_Buffer (Context, Input, Input'Length, int (Format)); return Subprogram_Result (Result); + exception + when others => + return Exception_Error; end Use_Certificate_Buffer; function Use_Private_Key_File (Context : Context_Type; - File : char_array; + File : Byte_Array; Format : int) return int with Convention => C, @@ -287,21 +308,26 @@ File : String; Format : File_Format) return Subprogram_Result is - Ctx : constant Context_Type := Context; - C : size_t; - F : char_array (1 .. File'Length + 1); - Result : int; begin - Interfaces.C.To_C (Item => File, - Target => F, - Count => C, - Append_Nul => True); - Result := Use_Private_Key_File (Ctx, F (1 .. C), int (Format)); - return Subprogram_Result (Result); + declare + Ctx : constant Context_Type := Context; + F : Byte_Array (1 .. File'Length + 1); + Result : int; + begin + for I in File'Range loop + F (F'First + Byte_Index (I - File'First)) := Byte_Type (File (I)); + end loop; + F (F'Last) := nul; + Result := Use_Private_Key_File (Ctx, F, int (Format)); + return Subprogram_Result (Result); + end; + exception + when others => + return Exception_Error; end Use_Private_Key_File; function Use_Private_Key_Buffer (Context : Context_Type; - Input : char_array; + Input : Byte_Array; Size : long; Format : int) return int with @@ -318,15 +344,18 @@ Result := Use_Private_Key_Buffer (Context, Input, Input'Length, int (Format)); return Subprogram_Result (Result); + exception + when others => + return Exception_Error; end Use_Private_Key_Buffer; function Load_Verify_Locations1 - (Context : Context_Type; - File : char_array; - Path : char_array) return int with - Convention => C, - External_Name => "wolfSSL_CTX_load_verify_locations", - Import => True; + (Context : Context_Type; + File : Byte_Array; + Path : Byte_Array) return int with + Convention => C, + External_Name => "wolfSSL_CTX_load_verify_locations", + Import => True; -- This function loads PEM-formatted CA certificate files into -- the SSL context (WOLFSSL_CTX). These certificates will be treated -- as trusted root certificates and used to verify certs received @@ -343,87 +372,86 @@ -- attempt to load all files in the directory. This function expects -- PEM formatted CERT_TYPE file with header "--BEGIN CERTIFICATE--". - subtype char_array_ptr is Interfaces.C.Strings.char_array_access; - function Load_Verify_Locations2 - (Context : Context_Type; - File : char_array; - Path : char_array_ptr) return int with - Convention => C, - External_Name => "wolfSSL_CTX_load_verify_locations", - Import => True; + (Context : Context_Type; + File : Byte_Array; + Path : access Interfaces.C.char) return int with + Convention => C, + External_Name => "wolfSSL_CTX_load_verify_locations", + Import => True; function Load_Verify_Locations3 - (Context : Context_Type; - File : char_array_ptr; - Path : char_array) return int with - Convention => C, - External_Name => "wolfSSL_CTX_load_verify_locations", - Import => True; + (Context : Context_Type; + File : access Interfaces.C.char; + Path : Byte_Array) return int with + Convention => C, + External_Name => "wolfSSL_CTX_load_verify_locations", + Import => True; function Load_Verify_Locations4 - (Context : Context_Type; - File : char_array_ptr; - Path : char_array_ptr) return int with - Convention => C, - External_Name => "wolfSSL_CTX_load_verify_locations", - Import => True; + (Context : Context_Type; + File : access Interfaces.C.char; + Path : access Interfaces.C.char) return int with + Convention => C, + External_Name => "wolfSSL_CTX_load_verify_locations", + Import => True; function Load_Verify_Locations (Context : Context_Type; File : String; Path : String) return Subprogram_Result is - Ctx : constant Context_Type := Context; - FC : size_t; -- File Count, specifies the characters used in F. - F : aliased char_array := (1 .. File'Length + 1 => '#'); - - PC : size_t; -- Path Count, specifies the characters used in P. - P : aliased char_array := (1 .. Path'Length + 1 => '#'); - - Result : int; begin - if File = "" then - if Path = "" then - Result := Load_Verify_Locations4 (Ctx, null, null); + declare + Ctx : constant Context_Type := Context; + F : aliased Byte_Array := (1 .. File'Length + 1 => '#'); + P : aliased Byte_Array := (1 .. Path'Length + 1 => '#'); + Result : int; + begin + if File = "" then + if Path = "" then + Result := Load_Verify_Locations4 (Ctx, null, null); + else + for I in Path'Range loop + P (P'First + Byte_Index (I - Path'First)) := + Byte_Type (Path (I)); + end loop; + P (P'Last) := nul; + Result := Load_Verify_Locations3 (Ctx, null, P); + end if; else - Interfaces.C.To_C (Item => Path, - Target => P, - Count => PC, - Append_Nul => True); - Result := Load_Verify_Locations3 (Ctx, null, P); - end if; - else - Interfaces.C.To_C (Item => File, - Target => F, - Count => FC, - Append_Nul => True); - if Path = "" then - Result := Load_Verify_Locations2 (Ctx, F, null); - else - Interfaces.C.To_C (Item => Path, - Target => P, - Count => PC, - Append_Nul => True); - Interfaces.C.To_C (Item => Path, - Target => P, - Count => PC, - Append_Nul => True); - Result := Load_Verify_Locations1 (Context => Ctx, - File => F, - Path => P); + for I in File'Range loop + F (F'First + Byte_Index (I - File'First)) := + Byte_Type (File (I)); + end loop; + F (F'Last) := nul; + if Path = "" then + Result := Load_Verify_Locations2 (Ctx, F, null); + else + for I in Path'Range loop + P (P'First + Byte_Index (I - Path'First)) := + Byte_Type (Path (I)); + end loop; + P (P'Last) := nul; + Result := Load_Verify_Locations1 (Context => Ctx, + File => F, + Path => P); + end if; end if; - end if; - return Subprogram_Result (Result); + return Subprogram_Result (Result); + end; + exception + when others => + return Exception_Error; end Load_Verify_Locations; function Load_Verify_Buffer - (Context : Context_Type; - Input : char_array; - Size : int; - Format : int) return int with - Convention => C, - External_Name => "wolfSSL_CTX_load_verify_buffer", - Import => True; + (Context : Context_Type; + Input : Byte_Array; + Size : int; + Format : int) return int with + Convention => C, + External_Name => "wolfSSL_CTX_load_verify_buffer", + Import => True; function Load_Verify_Buffer (Context : Context_Type; Input : Byte_Array; @@ -432,10 +460,13 @@ Result : int; begin Result := Load_Verify_Buffer (Context => Context, - Input => Input, - Size => Input'Length, - Format => int(Format)); + Input => Input, + Size => Input'Length, + Format => int(Format)); return Subprogram_Result (Result); + exception + when others => + return Exception_Error; end Load_Verify_Buffer; function Is_Valid (Ssl : WolfSSL_Type) return Boolean is @@ -456,7 +487,7 @@ end Create_WolfSSL; function Use_Certificate_File (Ssl : WolfSSL_Type; - File : char_array; + File : Byte_Array; Format : int) return int with Convention => C, @@ -467,29 +498,35 @@ File : String; Format : File_Format) return Subprogram_Result is - C : size_t; - F : char_array (1 .. File'Length + 1); - Result : int; begin - Interfaces.C.To_C (Item => File, - Target => F, - Count => C, - Append_Nul => True); - Result := Use_Certificate_File (Ssl, F (1 .. C), int (Format)); - return Subprogram_Result (Result); + declare + F : Byte_Array (1 .. File'Length + 1); + Result : int; + begin + for I in File'Range loop + F (F'First + Byte_Index (I - File'First)) := + Byte_Type (File (I)); + end loop; + F (F'Last) := nul; + Result := Use_Certificate_File (Ssl, F, int (Format)); + return Subprogram_Result (Result); + end; + exception + when others => + return Exception_Error; end Use_Certificate_File; function Use_Certificate_Buffer (Ssl : WolfSSL_Type; - Input : char_array; + Input : Byte_Array; Size : long; Format : int) return int with - Convention => C, - External_Name => "wolfSSL_use_certificate_buffer", - Import => True; + Convention => C, + External_Name => "wolfSSL_use_certificate_buffer", + Import => True; function Use_Certificate_Buffer (Ssl : WolfSSL_Type; - Input : char_array; + Input : Byte_Array; Format : File_Format) return Subprogram_Result is Result : int; @@ -497,34 +534,42 @@ Result := Use_Certificate_Buffer (Ssl, Input, Input'Length, int (Format)); return Subprogram_Result (Result); + exception + when others => + return Exception_Error; end Use_Certificate_Buffer; function Use_Private_Key_File (Ssl : WolfSSL_Type; - File : char_array; + File : Byte_Array; Format : int) - return int with - Convention => C, - External_Name => "wolfSSL_use_PrivateKey_file", - Import => True; + return int with + Convention => C, + External_Name => "wolfSSL_use_PrivateKey_file", + Import => True; function Use_Private_Key_File (Ssl : WolfSSL_Type; File : String; Format : File_Format) return Subprogram_Result is - C : size_t; - F : char_array (1 .. File'Length + 1); - Result : int; begin - Interfaces.C.To_C (Item => File, - Target => F, - Count => C, - Append_Nul => True); - Result := Use_Private_Key_File (Ssl, F (1 .. C), int (Format)); - return Subprogram_Result (Result); + declare + F : Byte_Array (1 .. File'Length + 1); + Result : int; + begin + for I in File'Range loop + F (F'First + Byte_Index (I - File'First)) := Byte_Type (File (I)); + end loop; + F (F'Last) := nul; + Result := Use_Private_Key_File (Ssl, F, int (Format)); + return Subprogram_Result (Result); + end; + exception + when others => + return Exception_Error; end Use_Private_Key_File; function Use_Private_Key_Buffer (Ssl : WolfSSL_Type; - Input : char_array; + Input : Byte_Array; Size : long; Format : int) return int with @@ -541,88 +586,11 @@ Result := Use_Private_Key_Buffer (Ssl, Input, Input'Length, int (Format)); return Subprogram_Result (Result); + exception + when others => + return Exception_Error; end Use_Private_Key_Buffer; - function WolfSSL_DTLS_Set_Peer - (ssl : WolfSSL_Type; - peer : GNAT.Sockets.Thin_Common.Sockaddr_Access; - peerSz : Interfaces.C.unsigned) - return int with - Convention => C, - External_Name => "wolfSSL_dtls_set_peer", - Import => True; - - function DTLS_Set_Peer - (Ssl : WolfSSL_Type; - Address : GNAT.Sockets.Sock_Addr_Type) - return Subprogram_Result is - - Sin : aliased GNAT.Sockets.Thin_Common.Sockaddr; - Length : Interfaces.C.int; - - begin - - GNAT.Sockets.Thin_Common.Set_Address - (Sin => Sin'Unchecked_Access, - Address => Address, - Length => Length); - - pragma Assert (Length >= 0); - - return - Subprogram_Result - (WolfSSL_DTLS_Set_Peer - (ssl => Ssl, - peer => Sin'Unchecked_Access, - peerSz => Interfaces.C.unsigned (Length))); - - end DTLS_Set_Peer; - - procedure WolfSSL_Set_Psk_Client_Callback - (Ssl : WolfSSL_Type; - Cb : PSK_Client_Callback) - with - Convention => C, - External_Name => "wolfSSL_set_psk_client_callback", - Import => True; - - procedure Set_PSK_Client_Callback - (Ssl : WolfSSL_Type; - Callback : PSK_Client_Callback) is - begin - WolfSSL_Set_Psk_Client_Callback (Ssl, Callback); - end Set_PSK_Client_Callback; - - procedure WolfSSL_Set_Psk_Server_Callback - (Ssl : WolfSSL_Type; - Cb : PSK_Server_Callback) - with - Convention => C, - External_Name => "wolfSSL_set_psk_server_callback", - Import => True; - - procedure Set_PSK_Server_Callback - (Ssl : WolfSSL_Type; - Callback : PSK_Server_Callback) is - begin - WolfSSL_Set_Psk_Server_Callback (Ssl, Callback); - end Set_PSK_Server_Callback; - - procedure WolfSSL_CTX_Set_Psk_Server_Callback - (Ctx : Context_Type; - Cb : PSK_Server_Callback) - with - Convention => C, - External_Name => "wolfSSL_CTX_set_psk_server_callback", - Import => True; - - procedure Set_Context_PSK_Server_Callback - (Context : Context_Type; - Callback : PSK_Server_Callback) is - begin - WolfSSL_CTX_Set_Psk_Server_Callback (Context, Callback); - end Set_Context_PSK_Server_Callback; - function WolfSSL_Set_Fd (Ssl : WolfSSL_Type; Fd : int) return int with Convention => C, External_Name => "wolfSSL_set_fd", @@ -631,15 +599,15 @@ function Attach (Ssl : WolfSSL_Type; Socket : Integer) return Subprogram_Result is - Result : int := WolfSSL_Set_Fd (Ssl, int (Socket)); + Result : constant int := WolfSSL_Set_Fd (Ssl, int (Socket)); begin return Subprogram_Result (Result); end Attach; procedure WolfSSL_Keep_Arrays (Ssl : WolfSSL_Type) with - Convention => C, - External_Name => "wolfSSL_KeepArrays", - Import => True; + Convention => C, + External_Name => "wolfSSL_KeepArrays", + Import => True; procedure Keep_Arrays (Ssl : WolfSSL_Type) is begin @@ -653,7 +621,7 @@ function Accept_Connection (Ssl : WolfSSL_Type) return Subprogram_Result is - Result : int := WolfSSL_Accept (Ssl); + Result : constant int := WolfSSL_Accept (Ssl); begin return Subprogram_Result (Result); end Accept_Connection; @@ -669,7 +637,7 @@ end Free_Arrays; function WolfSSL_Read (Ssl : WolfSSL_Type; - Data : out char_array; + Data : out Byte_Array; Sz : int) return int with Convention => C, External_Name => "wolfSSL_read", @@ -704,41 +672,60 @@ -- and and the application needs to call wolfSSL_read() again. -- Use wolfSSL_get_error() to get a specific error code. - function Read (Ssl : WolfSSL_Type) return Read_Result is - Data : char_array (1 .. Byte_Index'Last); - Size : int; - begin - Size := WolfSSL_Read (Ssl, Data, int (Byte_Index'Last)); - if Size <= 0 then - return (Success => False, + procedure Read (Ssl : WolfSSL_Type; + Result : out Read_Result) is + begin + Result := (Success => False, -- In case of exception. Last => 0, - Code => Subprogram_Result (Size)); - else - return (Success => True, - Last => Byte_Index (Size), - Buffer => Data (1 .. Byte_Index (Size))); - end if; + Code => Subprogram_Result (Exception_Error)); + declare + Data : Byte_Array (1 .. Byte_Index'Last); + Size : int; + begin + Size := WolfSSL_Read (Ssl, Data, int (Byte_Index'Last)); + if Size <= 0 then + Result := (Success => False, + Last => 0, + Code => Subprogram_Result (Size)); + else + Result := (Success => True, + Last => Byte_Index (Size), + Buffer => Data (1 .. Byte_Index (Size))); + end if; + end; + exception + when others => + null; end Read; function WolfSSL_Write (Ssl : WolfSSL_Type; - Data : char_array; + Data : Byte_Array; Sz : int) return int with Convention => C, External_Name => "wolfSSL_write", Import => True; - function Write (Ssl : WolfSSL_Type; - Data : Byte_Array) return Write_Result is - Size : constant int := Data'Length; - Result : int; - begin - Result := WolfSSL_Write (Ssl, Data, Size); - if Result > 0 then - return (Success => True, - Bytes_Written => Byte_Index (Result)); - else - return (Success => False, Code => Subprogram_Result (Result)); - end if; + procedure Write (Ssl : WolfSSL_Type; + Data : Byte_Array; + Result : out Write_Result) is + begin + Result := (Success => False, + Code => Subprogram_Result (Exception_Error)); + declare + Size : constant int := Data'Length; + R : int; + begin + R := WolfSSL_Write (Ssl, Data, Size); + if R > 0 then + Result := (Success => True, + Bytes_Written => Byte_Index (R)); + else + Result := (Success => False, Code => Subprogram_Result (R)); + end if; + end; + exception + when others => + null; end Write; function WolfSSL_Shutdown (Ssl : WolfSSL_Type) return int with @@ -753,9 +740,9 @@ end Shutdown; function WolfSSL_Connect (Ssl : WolfSSL_Type) return int with - Convention => C, - External_Name => "wolfSSL_connect", - Import => True; + Convention => C, + External_Name => "wolfSSL_connect", + Import => True; function Connect (Ssl : WolfSSL_Type) return Subprogram_Result is Result : constant int := WolfSSL_Connect (Ssl); @@ -764,9 +751,9 @@ end Connect; procedure WolfSSL_Free (Ssl : WolfSSL_Type) with - Convention => C, - External_Name => "wolfSSL_free", - Import => True; + Convention => C, + External_Name => "wolfSSL_free", + Import => True; procedure Free (Ssl : in out WolfSSL_Type) is begin @@ -778,9 +765,9 @@ function WolfSSL_Get_Error (Ssl : WolfSSL_Type; Ret : int) return int with - Convention => C, - External_Name => "wolfSSL_get_error", - Import => True; + Convention => C, + External_Name => "wolfSSL_get_error", + Import => True; function Get_Error (Ssl : WolfSSL_Type; Result : Subprogram_Result) return Error_Code is @@ -791,29 +778,43 @@ procedure WolfSSL_Error_String (Error : unsigned_long; Data : out Byte_Array; Size : unsigned_long) with - Convention => C, - External_Name => "wolfSSL_ERR_error_string_n", - Import => True; - - function Error (Code : Error_Code) return Error_Message is - S : String (1 .. Error_Message_Index'Last); - B : Byte_Array (1 .. size_t (Error_Message_Index'Last)); - C : Natural; + Convention => C, + External_Name => "wolfSSL_ERR_error_string_n", + Import => True; + + procedure Error (Code : in Error_Code; + Message : in out Error_Message) is + use type Byte_Type; -- Use unchecked conversion instead of type conversion to mimic C style -- conversion from int to unsigned long, avoiding the Ada overflow check. function To_Unsigned_Long is new Ada.Unchecked_Conversion - (Source => long, - Target => unsigned_long); + (Source => long, + Target => unsigned_long); begin - WolfSSL_Error_String (Error => To_Unsigned_Long (long (Code)), - Data => B, - Size => To_Unsigned_Long (long (B'Last))); - Interfaces.C.To_Ada (Item => B, - Target => S, - Count => C, - Trim_Nul => True); - return (Last => C, - Text => S (1 .. C)); + declare + S : String (1 .. Error_Message_Index'Last); + B : Byte_Array (1 .. size_t (Error_Message_Index'Last)); + L : Positive; + begin + WolfSSL_Error_String (Error => To_Unsigned_Long (long (Code)), + Data => B, + Size => To_Unsigned_Long (long (B'Last))); + for I in B'Range loop + L := S'First + Natural (I - B'First); + S (L) := Character (B (I)); + exit when B (I) = nul; + end loop; + if S (L) = Character (nul) then + Message := (Last => L - 1, + Text => S (1 .. L - 1)); + else + Message := (Last => L, + Text => S (1 .. L)); + end if; + end; + exception + when others => + null; end Error; function Get_WolfSSL_Max_Error_Size return int with @@ -826,4 +827,725 @@ return Natural (Get_WolfSSL_Max_Error_Size); end Max_Error_Size; + function Is_Valid (Key : RNG_Type) return Boolean is + begin + return Key /= null; + end Is_Valid; + + function Ada_New_RNG return RNG_Type with + Convention => C, + External_Name => "ada_new_rng", + Import => True; + + procedure Ada_Free_RNG (Key : in RNG_Type) with + Convention => C, + External_Name => "ada_free_rng", + Import => True; + + + + procedure Free_RNG (Key : in out RNG_Type) is + begin + if Key = null then + return; + end if; + + -- wc_rng_free() already calls wc_FreeRng() internally. + Ada_Free_RNG (Key); + + -- Prevent accidental double-free and make Is_Valid return False. + Key := null; + end Free_RNG; + + procedure Create_RNG (Key : in out RNG_Type; + Result : out Integer) is + begin + declare + R : int; + begin + -- Allocate RNG using the C wrapper, which internally calls + -- wc_rng_new(NULL, 0, NULL) as required. + Key := Ada_New_RNG; + + if Key = null then + Result := Exception_Error; + return; + end if; + + -- wc_rng_new() already calls wc_InitRng() internally, so no extra init. + Result := 0; + end; + exception + when others => + Result := Exception_Error; + end Create_RNG; + + function WC_RNG_Generate_Block (RNG : not null RNG_Type; + Output : out Byte_Array; + Size : int) return int with + Convention => C, + External_Name => "wc_RNG_GenerateBlock", + Import => True; + + procedure RNG_Generate_Block (RNG : RNG_Type; + Output : out Byte_Array; + Result : out Integer) is + begin + declare + R : int; + begin + R := WC_RNG_Generate_Block (RNG, Output, Output'Length); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end RNG_Generate_Block; + + type Unsigned_8 is mod 2 ** 8; + + function To_C (Value : Unsigned_8) return WolfSSL.Byte_Type is + begin + return WolfSSL.Byte_Type'Val (Value); + end To_C; + + function WC_PBKDF2 (Output : out Byte_Array; + Password : Byte_Array; + P_Length : int; + Salt : Byte_Array; + S_Length : int; + Iterations : int; + Key_Length : int; + Hash_Type : int) return int with + Convention => C, + External_Name => "wc_PBKDF2", + Import => True; + + function Ada_MD5 return int with + Convention => C, + External_Name => "ada_md5", + Import => True; + + function Ada_SHA return int with + Convention => C, + External_Name => "ada_sha", + Import => True; + + function Ada_SHA256 return int with + Convention => C, + External_Name => "ada_sha256", + Import => True; + + function Ada_SHA384 return int with + Convention => C, + External_Name => "ada_sha384", + Import => True; + + function Ada_SHA512 return int with + Convention => C, + External_Name => "ada_sha512", + Import => True; + + function Ada_SHA3_224 return int with + Convention => C, + External_Name => "ada_sha3_224", + Import => True; + + function Ada_SHA3_256 return int with + Convention => C, + External_Name => "ada_sha3_256", + Import => True; + + function Ada_SHA3_384 return int with + Convention => C, + External_Name => "ada_sha3_384", + Import => True; + + function Ada_SHA3_512 return int with + Convention => C, + External_Name => "ada_sha3_512", + Import => True; + + procedure PBKDF2 (Output : out Byte_Array; + Password : Byte_Array; + Salt : Byte_Array; + Iterations : Positive; + Key_Length : Positive; + HMAC : HMAC_Hash; + Result : out Integer) is + begin + declare + R : int; + H : int; + begin + case HMAC is + when MD5 => H := Ada_MD5; + when SHA => H := Ada_SHA; + when SHA256 => H := Ada_SHA256; + when SHA384 => H := Ada_SHA384; + when SHA512 => H := Ada_SHA512; + when SHA3_224 => H := Ada_SHA3_224; + when SHA3_256 => H := Ada_SHA3_256; + when SHA3_384 => H := Ada_SHA3_384; + when SHA3_512 => H := Ada_SHA3_512; + end case; + R := WC_PBKDF2 (Output => Output, + Password => Password, + P_Length => Password'Length, + Salt => Salt, + S_Length => Salt'Length, + Iterations => int (Iterations), + Key_Length => int (Key_Length), + Hash_Type => H); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end PBKDF2; + + function Ada_RSA_Set_RNG (Key : not null RSA_Key_Type; + RNG : not null RNG_Type) return int with + Convention => C, + External_Name => "ada_RsaSetRNG", + Import => True; + + procedure Rsa_Set_RNG (Key : in out Rsa_Key_Type; + RNG : in out RNG_Type; + Result : out Integer) is + begin + declare + R : int; + begin + R := Ada_RSA_Set_RNG (Key, RNG); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Rsa_Set_RNG; + + function Is_Valid (Key : RSA_Key_Type) return Boolean is + begin + return Key /= null; + end Is_Valid; + + function Ada_New_RSA return RSA_Key_Type with + Convention => C, + External_Name => "ada_new_rsa", + Import => True; + + procedure Ada_Free_RSA (Key : in RSA_Key_Type) with + Convention => C, + External_Name => "ada_free_rsa", + Import => True; + + procedure Free_RSA (Key : in out RSA_Key_Type) is + begin + if Key = null then + return; + end if; + + -- wc_DeleteRsaKey() already calls wc_FreeRsaKey() internally. + Ada_Free_RSA (Key); + + -- Prevent accidental double-free and make Is_Valid return False. + Key := null; + end Free_RSA; + + procedure Create_RSA (Key : in out RSA_Key_Type; + Result : out Integer) is + begin + -- Allocate and initialize RSA key using the C wrapper. + -- The wrapper uses wc_NewRsaKey() and returns NULL on failure. + Key := Ada_New_RSA; + + if Key = null then + Result := Exception_Error; + return; + end if; + + -- wc_NewRsaKey() already calls wc_InitRsaKey_ex() internally. + Result := 0; + + exception + when others => + -- Avoid leaking the dynamically allocated RSA key on failure. + if Key /= null then + Ada_Free_RSA (Key); + Key := null; + end if; + Result := Exception_Error; + end Create_RSA; + + function RSA_Public_Key_Decode (Input : Byte_Array; + Index : in out int; + Key : not null RSA_Key_Type; + Size : int) return int with + Convention => C, + External_Name => "wc_RsaPublicKeyDecode", + Import => True; + + procedure Rsa_Public_Key_Decode (Input : Byte_Array; + Index : in out Byte_Index; + Key : in out RSA_Key_Type; + Size : Integer; + Result : out Integer) is + begin + declare + I : aliased int := int (Index); + R : constant int := + RSA_Public_Key_Decode (Input, I, Key, int (Size)); + begin + Index := WolfSSL.Byte_Index (I); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Rsa_Public_Key_Decode; + + function RSA_Private_Key_Decode (Input : Byte_Array; + Index : in out int; + Key : not null RSA_Key_Type; + Size : int) return int with + Convention => C, + External_Name => "wc_RsaPrivateKeyDecode", + Import => True; + + procedure Rsa_Private_Key_Decode (Input : Byte_Array; + Index : in out Byte_Index; + Key : in out RSA_Key_Type; + Size : Integer; + Result : out Integer) is + begin + declare + I : aliased int := int (Index); + R : constant int := + RSA_Private_Key_Decode (Input, I, Key, int (Size)); + begin + Index := WolfSSL.Byte_Index (I); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Rsa_Private_Key_Decode; + + function RSA_SSL_Sign (Input : Byte_Array; + In_Length : int; + Output : in out Byte_Array; + Out_Length : int; + RSA : not null RSA_Key_Type; + RNG : not null RNG_Type) + return int with + Convention => C, + External_Name => "wc_RsaSSL_Sign", + Import => True; + + procedure Rsa_SSL_Sign (Input : Byte_Array; + Output : in out Byte_Array; + RSA : in out RSA_Key_Type; + RNG : in out RNG_Type; + Result : out Integer) is + begin + declare + R : constant int := + RSA_SSL_Sign (Input, + Input'Length, + Output, + Output'Length, + RSA, + RNG); + begin + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Rsa_SSL_Sign; + + function WC_RSA_SSL_Verify (Input : Byte_Array; + In_Length : int; + Output : in out Byte_Array; + Out_Length : int; + RSA : not null RSA_Key_Type) + return int with + Convention => C, + External_Name => "wc_RsaSSL_Verify", + Import => True; + + procedure Rsa_SSL_Verify (Input : Byte_Array; + Output : in out Byte_Array; + RSA : in out RSA_Key_Type; + Result : out Integer) is + begin + declare + R : constant int := + WC_RSA_SSL_Verify (Input, + Input'Length, + Output, + Output'Length, + RSA); + begin + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Rsa_SSL_Verify; + + function WC_RSA_Public_Encrypt (Input : Byte_Array; + In_Length : int; + Output : in out Byte_Array; + Out_Length : int; + RSA : not null RSA_Key_Type; + RNG : not null RNG_Type) + return int with + Convention => C, + External_Name => "wc_RsaPublicEncrypt", + Import => True; + + procedure RSA_Public_Encrypt (Input : Byte_Array; + Output : in out Byte_Array; + Index : out Byte_Index; + RSA : in out RSA_Key_Type; + RNG : in out RNG_Type; + Result : out Integer) is + begin + Index := 0; + declare + R : constant int := + WC_RSA_Public_Encrypt (Input, + Input'Length, + Output, + Output'Length, + RSA, + RNG); + begin + Result := Integer (R); + if Result >= 0 then + Index := Byte_Index (Result); + end if; + end; + exception + when others => + Result := Exception_Error; + end RSA_Public_Encrypt; + + function WC_RSA_Private_Decrypt (Input : Byte_Array; + In_Length : int; + Output : in out Byte_Array; + Out_Length : int; + RSA : not null RSA_Key_Type) + return int with + Convention => C, + External_Name => "wc_RsaPrivateDecrypt", + Import => True; + + procedure RSA_Private_Decrypt (Input : Byte_Array; + Output : in out Byte_Array; + Index : out Byte_Index; + RSA : in out RSA_Key_Type; + Result : out Integer) is + begin + Index := 0; + declare + R : constant int := + WC_RSA_Private_Decrypt (Input, + Input'Length, + Output, + Output'Length, + RSA); + begin + Result := Integer (R); + if Result >= 0 then + Index := Byte_Index (Result); + end if; + end; + exception + when others => + Result := Exception_Error; + end RSA_Private_Decrypt; + + function Init_SHA256 (SHA256 : not null Sha256_Type) return int with + Convention => C, + External_Name => "wc_InitSha256", + Import => True; + + function SHA256_Update (SHA256 : not null Sha256_Type; + Byte : Byte_Array; + Length : int) return int with + Convention => C, + External_Name => "wc_Sha256Update", + Import => True; + + function SHA256_Final (SHA256 : not null Sha256_Type; + Hash : out Byte_Array) return int with + Convention => C, + External_Name => "wc_Sha256Final", + Import => True; + + function Is_Valid (SHA256 : SHA256_Type) return Boolean is + begin + return SHA256 /= null; + end Is_Valid; + + function Ada_New_SHA256 return SHA256_Type with + Convention => C, + External_Name => "ada_new_sha256", + Import => True; + + procedure Ada_Free_SHA256 (SHA256 : in SHA256_Type) with + Convention => C, + External_Name => "ada_free_sha256", + Import => True; + + procedure Free_SHA256 (SHA256 : in out SHA256_Type) is + -- Ensure any internal wolfCrypt resources are released (hardware locks, + -- etc.) before releasing the object storage itself. + procedure WC_Sha256_Free (SHA256 : not null SHA256_Type) with + Convention => C, + External_Name => "wc_Sha256Free", + Import => True; + begin + if SHA256 = null then + return; + end if; + + WC_Sha256_Free (SHA256); + Ada_Free_SHA256 (SHA256); + + -- Prevent accidental double-free and make Is_Valid return False. + SHA256 := null; + end Free_SHA256; + + procedure Create_SHA256 (SHA256 : in out SHA256_Type; + Result : out Integer) is + begin + declare + R : int; + begin + SHA256 := Ada_New_SHA256; + + if SHA256 = null then + Result := Exception_Error; + return; + end if; + + R := Init_SHA256 (SHA256); + Result := Integer (R); + + if Result /= 0 then + -- Avoid leaking the dynamically allocated SHA256 on init failure. + -- Also clear the handle to prevent accidental double-free by caller. + Ada_Free_SHA256 (SHA256); + SHA256 := null; + end if; + end; + exception + when others => + Result := Exception_Error; + end Create_SHA256; + + procedure Update_SHA256 (SHA256 : in out SHA256_Type; + Byte : Byte_Array; + Result : out Integer) is + begin + declare + R : int; + begin + R := SHA256_Update (SHA256, Byte, Byte'Length); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end Update_SHA256; + + procedure Finalize_SHA256 (SHA256 : in out SHA256_Type; + Hash : out SHA256_Hash; + Result : out Integer) is + R : int; + begin + R := SHA256_Final (SHA256, Hash); + Result := Integer (R); + exception + when others => + Result := Exception_Error; + end Finalize_SHA256; + + function WC_Get_Invalid_Device_Identifier return int with + Convention => C, + External_Name => "get_wolfssl_invalid_devid", + Import => True; + + function Invalid_Device return Device_Identifier is + begin + return Device_Identifier (WC_Get_Invalid_Device_Identifier); + end Invalid_Device; + + function Is_Valid (AES : AES_Type) return Boolean is + begin + return AES /= null; + end Is_Valid; + + function Ada_New_AES (Device : int) + return AES_Type with + Convention => C, + External_Name => "ada_new_aes", + Import => True; + + procedure Ada_Free_AES (AES : in AES_Type) with + Convention => C, + External_Name => "ada_free_aes", + Import => True; + + procedure Create_AES (Device : Device_Identifier; + AES : in out AES_Type; + Result : out Integer) is + begin + declare + R : int; + begin + -- Allocate and initialize AES using the C wrapper. + -- The wrapper is expected to call wc_AesNew(NULL, devId, &ret) and + -- return NULL on failure. + AES := Ada_New_AES (int (Device)); + + if AES = null then + Result := Exception_Error; + return; + end if; + + -- wc_AesNew() already calls wc_AesInit() internally, so no extra init. + Result := 0; + end; + exception + when others => + -- Avoid leaking the dynamically allocated AES on failure. + if AES /= null then + Ada_Free_AES (AES); + AES := null; + end if; + Result := Exception_Error; + end Create_AES; + + function AES_Set_Key (AES : not null AES_Type; + Key : Byte_Array; + Length : int; + IV : Byte_Array; + Dir : int) return int with + Convention => C, + External_Name => "wc_AesSetKey", + Import => True; + + procedure AES_Set_Key (AES : AES_Type; + Key : Byte_Array; + Length : Integer; + IV : Byte_Array; + Dir : Integer; + Result : out Integer) is + begin + declare + R : int; + begin + R := AES_Set_Key (AES, Key, int (Length), IV, int (Dir)); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end AES_Set_Key; + + function AES_Set_IV (AES : not null AES_Type; + IV : Byte_Array) return int with + Convention => C, + External_Name => "wc_AesSetIV", + Import => True; + + procedure AES_Set_IV (AES : AES_Type; + IV : Byte_Array; + Result : out Integer) is + begin + declare + R : int; + begin + R := AES_Set_IV (AES, IV); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end AES_Set_IV; + + function AES_Set_Cbc_Encrypt (AES : not null AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : int) return int with + Convention => C, + External_Name => "wc_AesCbcEncrypt", + Import => True; + + procedure AES_Set_Cbc_Encrypt (AES : AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : Integer; + Result : out Integer) is + begin + declare + R : int; + begin + R := AES_Set_Cbc_Encrypt (AES, Output, Input, int (Size)); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end AES_Set_Cbc_Encrypt; + + function AES_Set_Cbc_Decrypt (AES : not null AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : int) return int with + Convention => C, + External_Name => "wc_AesCbcDecrypt", + Import => True; + + procedure AES_Set_Cbc_Decrypt (AES : AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : Integer; + Result : out Integer) is + begin + declare + R : int; + begin + R := AES_Set_Cbc_Decrypt (AES, Output, Input, int (Size)); + Result := Integer (R); + end; + exception + when others => + Result := Exception_Error; + end AES_Set_Cbc_Decrypt; + + procedure AES_Free (AES : in out AES_Type; + Result : out Integer) is + begin + if AES = null then + Result := Exception_Error; + return; + end if; + + -- wc_AesDelete() already calls wc_AesFree() internally. + Ada_Free_AES (AES); + AES := null; + Result := 0; + exception + when others => + Result := Exception_Error; + end AES_Free; + +begin + null; end WolfSSL; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.ads mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.ads --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.ads 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.ads 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,12 @@ -- wolfssl.ads -- --- Copyright (C) 2006-2023 wolfSSL Inc. +-- Copyright (C) 2006-2026 wolfSSL Inc. -- -- This file is part of wolfSSL. -- -- wolfSSL is free software; you can redistribute it and/or modify -- it under the terms of the GNU General Public License as published by --- the Free Software Foundation; either version 2 of the License, or +-- the Free Software Foundation; either version 3 of the License, or -- (at your option) any later version. -- -- wolfSSL is distributed in the hope that it will be useful, @@ -18,9 +18,7 @@ -- along with this program; if not, write to the Free Software -- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA -- - -with GNAT.Sockets; -with Interfaces.C.Strings; +with Interfaces.C; -- This package is annotated "with SPARK_Mode" that SPARK can verify -- the API of this package is used correctly. @@ -28,7 +26,15 @@ type Subprogram_Result is new Integer; Success : constant Subprogram_Result; + -- Indicates success for some functions. + -- Do not use, unless you know what you do. + Failure : constant Subprogram_Result; + -- Indicates failure for some functions. + -- Do not use, unless you know what you do. + + Exception_Error : constant := -1234567; + -- Indicates an exception was raised during a subprogram call. function Initialize return Subprogram_Result; -- Initializes the wolfSSL library for use. Must be called once per @@ -41,22 +47,31 @@ subtype unsigned is Interfaces.C.unsigned; - subtype char_array is Interfaces.C.char_array; -- Remove? - subtype chars_ptr is Interfaces.C.Strings.chars_ptr; - subtype Byte_Type is Interfaces.C.char; subtype Byte_Index is Interfaces.C.size_t range 0 .. 16_000; subtype Byte_Array is Interfaces.C.char_array; - type Context_Type is limited private; + use type Interfaces.C.size_t; + + type Context_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); -- Instances of this type are called SSL Contexts. - function Is_Valid (Context : Context_Type) return Boolean; + function Is_Valid (Context : Context_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); -- Indicates if the SSL Context has successfully been initialized. -- If initialized, the SSL Context has allocated resources -- that needs to be deallocated before application exit. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type - type Method_Type is limited private; + type Method_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Is_Valid (Method : Method_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type function TLSv1_2_Server_Method return Method_Type; -- This function is used to indicate that the application is a server @@ -90,16 +105,18 @@ -- This function is used to indicate that the application is a client -- and will only support the DTLS 1.3 protocol. - procedure Create_Context (Method : Method_Type; - Context : out Context_Type); + procedure Create_Context (Method : in out Method_Type; + Context : out Context_Type) with + Post => not Is_Valid (Method); -- This function creates a new SSL context, taking a desired SSL/TLS -- protocol method for input. -- If successful Is_Valid (Context) = True, otherwise False. + -- The Method is consumed by this operation and set to null. procedure Free (Context : in out Context_Type) with - Pre => Is_Valid (Context), Post => not Is_Valid (Context); -- This function frees an allocated SSL Context object. + -- If Context is not valid, this is a no-op. type Mode_Type is private; @@ -165,7 +182,7 @@ -- PEM file types. Please see the examples for proper usage. function Use_Certificate_Buffer (Context : Context_Type; - Input : char_array; + Input : Byte_Array; Format : File_Format) return Subprogram_Result with Pre => Is_Valid (Context); @@ -234,13 +251,17 @@ -- per buffer as long as the format is in PEM. -- Please see the examples for proper usage. - type WolfSSL_Type is limited private; + type WolfSSL_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); -- Instances of this type are called SSL Sessions. - function Is_Valid (Ssl : WolfSSL_Type) return Boolean; + function Is_Valid (Ssl : WolfSSL_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); -- Indicates if the SSL Session has successfully been initialized. -- If initialized, the SSL Session has allocated resources -- that needs to be deallocated before application exit. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type procedure Create_WolfSSL (Context : Context_Type; Ssl : out WolfSSL_Type) with @@ -260,7 +281,7 @@ -- either ASN1 or PEM. function Use_Certificate_Buffer (Ssl : WolfSSL_Type; - Input : char_array; + Input : Byte_Array; Format : File_Format) return Subprogram_Result with Pre => Is_Valid (Ssl); @@ -292,72 +313,6 @@ -- Format specifies the format type of the buffer; ASN1 or PEM. -- Please see the examples for proper usage. - function DTLS_Set_Peer - (Ssl : WolfSSL_Type; - Address : GNAT.Sockets.Sock_Addr_Type) - return Subprogram_Result with - Pre => Is_Valid (Ssl); - -- This function wraps the corresponding WolfSSL C function to allow - -- clients to use Ada socket types when implementing a DTLS client. - - type PSK_Client_Callback is access function - (Ssl : WolfSSL_Type; - Hint : chars_ptr; - Identity : chars_ptr; - Id_Max_Length : unsigned; - Key : chars_ptr; - Key_Max_Length : unsigned) - return unsigned with - Convention => C; - -- Return value is the key length on success or zero on error. - -- parameters: - -- Ssl - Pointer to the wolfSSL structure - -- Hint - A stored string that could be displayed to provide a - -- hint to the user. - -- Identity - The ID will be stored here. - -- Id_Max_Length - Size of the ID buffer. - -- Key - The key will be stored here. - -- Key_Max_Length - The max size of the key. - -- - -- The implementation of this callback will need `SPARK_Mode => Off` - -- since it will require the code to use the C memory model. - - procedure Set_PSK_Client_Callback - (Ssl : WolfSSL_Type; - Callback : PSK_Client_Callback) with - Pre => Is_Valid (Ssl); - -- Sets the PSK client side callback. - - - type PSK_Server_Callback is access function - (Ssl : WolfSSL_Type; - Identity : chars_ptr; - Key : chars_ptr; - Key_Max_Length : unsigned) - return unsigned with - Convention => C; - -- Return value is the key length on success or zero on error. - -- PSK server callback parameters: - -- Ssl - Reference to the wolfSSL structure - -- Identity - The ID will be stored here. - -- Key - The key will be stored here. - -- Key_Max_Length - The max size of the key. - -- - -- The implementation of this callback will need `SPARK_Mode => Off` - -- since it will require the code to use the C memory model. - - procedure Set_PSK_Server_Callback - (Ssl : WolfSSL_Type; - Callback : PSK_Server_Callback) with - Pre => Is_Valid (Ssl); - -- Sets the PSK Server side callback. - - procedure Set_Context_PSK_Server_Callback - (Context : Context_Type; - Callback : PSK_Server_Callback) with - Pre => Is_Valid (Context); - -- Sets the PSK callback for the server side in the WolfSSL Context. - function Attach (Ssl : WolfSSL_Type; Socket : Integer) return Subprogram_Result with @@ -422,7 +377,8 @@ end case; end record; - function Read (Ssl : WolfSSL_Type) return Read_Result with + procedure Read (Ssl : WolfSSL_Type; + Result : out Read_Result) with Pre => Is_Valid (Ssl); -- This function reads a number of bytes from the SSL session (ssl) -- internal read buffer into the buffer data. The bytes read are @@ -450,8 +406,9 @@ end case; end record; - function Write (Ssl : WolfSSL_Type; - Data : Byte_Array) return Write_Result with + procedure Write (Ssl : WolfSSL_Type; + Data : Byte_Array; + Result : out Write_Result) with Pre => Is_Valid (Ssl); -- The number of bytes written is returned. -- This function writes bytes from the buffer, Data, @@ -489,9 +446,9 @@ -- the call to Shutdown() when the underlying I/O is ready. procedure Free (Ssl : in out WolfSSL_Type) with - Pre => Is_Valid (Ssl), Post => not Is_Valid (Ssl); -- Frees the resources allocated by the SSL session object. + -- If Ssl is not valid, this is a no-op. function Connect (Ssl : WolfSSL_Type) return Subprogram_Result with Pre => Is_Valid (Ssl); @@ -543,20 +500,250 @@ Text : String (1 .. Last); end record; - function Error (Code : Error_Code) return Error_Message; + procedure Error (Code : in Error_Code; + Message : in out Error_Message); -- This function converts an error code returned by Get_Error(..) -- into a more human readable error string. Code is the error code -- returned by Get_error(). The maximum length of error strings is -- 80 characters by default, as defined by MAX_ERROR_SZ -- is wolfssl/wolfcrypt/error.h. + -- + -- If Message has not been updated with a text, it may be because + -- an exception was raised during the execution of the subprogram. function Max_Error_Size return Natural; -- Returns the value of the defined MAX_ERROR_SZ integer -- in wolfssl/wolfcrypt/error.h. + type RNG_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Is_Valid (Key : RNG_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + -- Indicates if the RNG has successfully been initialized. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type + + procedure Create_RNG (Key : in out RNG_Type; + Result : out Integer) with + Pre => not Is_Valid (Key), + Post => (if Result = 0 then Is_Valid (Key)); + -- If successful Result = 0. + + procedure Free_RNG (Key : in out RNG_Type) with + Pre => Is_Valid (Key), + Post => not Is_Valid (Key); + -- Frees resources associated with RNG and releases the underlying C object. + + procedure RNG_Generate_Block (RNG : RNG_Type; + Output : out Byte_Array; + Result : out Integer) with + Pre => Is_Valid (RNG); + + type HMAC_Hash is (MD5, SHA, SHA256, SHA384, SHA512, SHA3_224, + SHA3_256, SHA3_384, SHA3_512); + + procedure PBKDF2 (Output : out Byte_Array; + Password : Byte_Array; + Salt : Byte_Array; + Iterations : Positive; + Key_Length : Positive; + HMAC : HMAC_Hash; + Result : out Integer); + + type RSA_Key_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Is_Valid (Key : RSA_Key_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + -- Indicates if the RSA has successfully been initialized. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type + + procedure Create_RSA (Key : in out RSA_Key_Type; + Result : out Integer) with + Pre => not Is_Valid (Key), + Post => (if Result = 0 then Is_Valid (Key)); + -- If successful Result = 0. + + procedure Free_RSA (Key : in out RSA_Key_Type) with + Pre => Is_Valid (Key), + Post => not Is_Valid (Key); + -- Frees resources associated with RSA and releases the underlying C object. + + procedure Rsa_Public_Key_Decode (Input : Byte_Array; + Index : in out Byte_Index; + Key : in out RSA_Key_Type; + Size : Integer; + Result : out Integer) with + Pre => Is_Valid (Key); + -- This function parses a DER-formatted RSA public key, + -- extracts the public key and stores it in the RsaKey structure + -- specified by the Key input argument. It also sets the distance + -- parsed in Index. + -- Note: A RsaKey structure contains two parts, + -- one public and one private key. + + procedure Rsa_Private_Key_Decode (Input : Byte_Array; + Index : in out Byte_Index; + Key : in out RSA_Key_Type; + Size : Integer; + Result : out Integer) with + Pre => Is_Valid (Key); + -- This function parses a DER-formatted RSA private key, + -- extracts the private key and stores it in the RsaKey structure + -- specified by the Key input argument. It also sets the distance + -- parsed in Index. + -- Note: A RsaKey structure contains two parts, + -- one public and one private key. + + procedure Rsa_Set_RNG (Key : in out Rsa_Key_Type; + RNG : in out RNG_Type; + Result : out Integer); + + procedure Rsa_SSL_Sign (Input : Byte_Array; + Output : in out Byte_Array; + RSA : in out RSA_Key_Type; + RNG : in out RNG_Type; + Result : out Integer) with + Pre => Is_Valid (RSA) and Is_Valid (RNG); + -- The Output buffer must have the same size as the RSA key. + -- If successful Result = 0. + -- If Result < 0, then failure. + -- If Result > 0, then Success and is the size of the RSA key in bytes. + + procedure Rsa_SSL_Verify (Input : Byte_Array; + Output : in out Byte_Array; + RSA : in out RSA_Key_Type; + Result : out Integer) with + Pre => Is_Valid (RSA); + -- If Result < 0, then failure. + -- If Result > 0, then digital signature in Input + -- successfully verified. + + procedure RSA_Public_Encrypt (Input : Byte_Array; + Output : in out Byte_Array; + Index : out Byte_Index; + RSA : in out RSA_Key_Type; + RNG : in out RNG_Type; + Result : out Integer) with + Pre => Is_Valid (RSA); + -- This function encrypts a message from Input and stores the result + -- in Output. It requires an initialized public key and a random + -- number generator. As a side effect, this function will return + -- the bytes written to Output in Index. + + procedure RSA_Private_Decrypt (Input : Byte_Array; + Output : in out Byte_Array; + Index : out Byte_Index; + RSA : in out RSA_Key_Type; + Result : out Integer) with + Pre => Is_Valid (RSA); + -- This functions provides private RSA decryption. + + type SHA256_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Is_Valid (SHA256 : SHA256_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + -- Indicates if the SHA256 has successfully been initialized. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type + + procedure Create_SHA256 (SHA256 : in out SHA256_Type; + Result : out Integer) with + Pre => not Is_Valid (SHA256), + Post => (if Result = 0 then Is_Valid (SHA256)); + -- If successful Result = 0. + + procedure Free_SHA256 (SHA256 : in out SHA256_Type) with + Pre => Is_Valid (SHA256), + Post => not Is_Valid (SHA256); + -- Frees resources associated with SHA256 and releases the underlying C object. + -- If successful Result = 0. + + procedure Update_SHA256 (SHA256 : in out SHA256_Type; + Byte : Byte_Array; + Result : out Integer) with + Pre => Is_Valid (SHA256); + -- If successful Result = 0. + + subtype SHA256_As_String is String (1 .. 64); + + subtype SHA256_Hash is Byte_Array (1 .. 32); + + procedure Finalize_SHA256 (SHA256 : in out SHA256_Type; + Hash : out SHA256_Hash; + Result : out Integer) with + Pre => Is_Valid (SHA256); + -- If successful Result = 0. + + type Device_Identifier is new Integer; + + function Invalid_Device return Device_Identifier; + + type AES_Type is limited private with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + + function Is_Valid (AES : AES_Type) return Boolean with + Annotate => (GNATprove, Ownership, "Needs_Reclamation"); + -- Indicates if the AES has successfully been initialized. + -- Annotation added for GNATprove ownership analysis. + -- https://docs.adacore.com/spark2014-docs/html/ug/en/appendix/additional_annotate_pragmas.html#annotation-for-enforcing-ownership-checking-on-a-private-type + + procedure Create_AES (Device : Device_Identifier; + AES : in out AES_Type; + Result : out Integer) with + Pre => not Is_Valid (AES), + Post => (if Result = 0 then Is_Valid (AES)); + -- If successful Is_Valid (AES) = True, and Result = 0. + + procedure AES_Free (AES : in out AES_Type; + Result : out Integer) with + Pre => Is_Valid (AES), + Post => (if Result = 0 then not Is_Valid (AES)); + -- Frees resources associated with AES and releases the underlying C object. + + procedure AES_Set_Key (AES : AES_Type; + Key : Byte_Array; + Length : Integer; + IV : Byte_Array; + Dir : Integer; + Result : out Integer) with + Pre => Is_Valid (AES); + + procedure AES_Set_IV (AES : AES_Type; + IV : Byte_Array; + Result : out Integer) with + Pre => Is_Valid (AES); + + procedure AES_Set_Cbc_Encrypt (AES : AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : Integer; + Result : out Integer) with + Pre => Is_Valid (AES); + + procedure AES_Set_Cbc_Decrypt (AES : AES_Type; + Output : out Byte_Array; + Input : Byte_Array; + Size : Integer; + Result : out Integer) with + Pre => Is_Valid (AES); + + -- (Removed duplicate AES_Free declaration) + private pragma SPARK_Mode (Off); + type chars_ptr is access all Character; + pragma Convention (C, chars_ptr); + + pragma No_Strict_Aliasing (chars_ptr); + -- Since this type is used for external interfacing, with the pointer + -- coming from who knows where, it seems a good idea to turn off any + -- strict aliasing assumptions for this type. + subtype int is Interfaces.C.int; use type int; type Opaque_Method is limited null record; @@ -615,6 +802,13 @@ External_Name => "get_wolfssl_verify_default", Import => True; + pragma Warnings (Off, "pragma Restrictions (No_Exception_Propagation)"); + -- The compiler may check for warnings related to no exception + -- propagation if this code is compiled with the Zero + -- Footprint run-time. The constants exposed here in the Ada binding + -- have valid values defined in the WolfSSL library but the compiler + -- cannot know this since the values become known during run-time. + Verify_None : constant Mode_Type := Mode_Type (WolfSSL_Verify_None); Verify_Peer : constant Mode_Type := Mode_Type (WolfSSL_Verify_Peer); @@ -632,6 +826,7 @@ Verify_Default : constant Mode_Type := Mode_Type (WolfSSL_Verify_Default); + pragma Warnings (On, "pragma Restrictions (No_Exception_Propagation)"); type File_Format is new Unsigned_32; @@ -650,6 +845,12 @@ External_Name => "get_wolfssl_filetype_default", Import => True; + pragma Warnings (Off, "pragma Restrictions (No_Exception_Propagation)"); + -- The compiler may check for warnings related to no exception + -- propagation if this code is compiled with the Zero + -- Footprint run-time. The constants exposed here in the Ada binding + -- have valid values defined in the WolfSSL library but the compiler + -- cannot know this since the values become known during run-time. Format_Asn1 : constant File_Format := File_Format (WolfSSL_Filetype_Asn1); @@ -658,6 +859,7 @@ Format_Default : constant File_Format := File_Format (WolfSSL_Filetype_Default); + pragma Warnings (On, "pragma Restrictions (No_Exception_Propagation)"); function Get_WolfSSL_Success return int with Convention => C, @@ -671,9 +873,11 @@ Success : constant Subprogram_Result := Subprogram_Result (Get_WolfSSL_Success); + -- Indicates success for some functions. + -- Do not use, unless you know what you do. Failure : constant Subprogram_Result := - Subprogram_Result (Get_WolfSSL_Failure); + Subprogram_Result (Get_WolfSSL_Failure); function Get_WolfSSL_Error_Want_Read return int with Convention => C, @@ -689,6 +893,18 @@ Error_Code (Get_WolfSSL_Error_Want_Read); Error_Want_Write : constant Error_Code := - Error_Code (Get_WolfSSL_Error_Want_Write); + Error_Code (Get_WolfSSL_Error_Want_Write); + + type Opaque_RNG is limited null record; + type RNG_Type is access Opaque_RNG with Convention => C; + + type Opaque_RSA is limited null record; + type RSA_Key_Type is access Opaque_RSA with Convention => C; + + type Opaque_Sha256 is limited null record; + type SHA256_Type is access Opaque_Sha256 with Convention => C; + + type Opaque_AES is limited null record; + type AES_Type is access Opaque_AES with Convention => C; end WolfSSL; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.gpr mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.gpr --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.gpr 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/Ada/wolfssl.gpr 2026-05-24 09:58:33.000000000 +0000 @@ -11,16 +11,6 @@ "../../src", "../../wolfcrypt/src"); - -- Don't build the tls client or server application. - -- They are not needed in order to build the library. - for Excluded_Source_Files use - ("tls_client_main.adb", - "tls_client.ads", - "tls_client.adb", - "tls_server_main.adb", - "tls_server.ads", - "tls_server.adb"); - for Object_Dir use "obj"; for Library_Dir use "lib"; for Create_Missing_Dirs use "True"; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/user_settings.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -91,6 +91,7 @@ /* Disable Algorithms */ #define NO_DES3 +#define NO_DES3_TLS_SUITES #define NO_DSA #define NO_RC4 #define NO_MD4 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfCrypt-Test/wolfCrypt-Test.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfCrypt-Test.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-PSK-Server/wolfSSL-DTLS-PSK-Server.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-DTLS-PSK-Server.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-DTLS-Server/wolfSSL-DTLS-Server.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-DTLS-Server.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-Example-IOCallbacks/wolfSSL-Example-IOCallbacks.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-Example-IOCallbacks.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Client/wolfSSL-TLS-Client.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-TLS-Client.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Client/wolfSSL-TLS-PSK-Client.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-TLS-PSK-Client.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-PSK-Server/wolfSSL-TLS-PSK-Server.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-TLS-PSK-Server.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-Server/wolfSSL-TLS-Server.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-TLS-Server.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL-TLS-ServerThreaded/wolfSSL-TLS-ServerThreaded.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL-TLS-ServerThreaded.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/X509.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/X509.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/X509.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/X509.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* X509.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfCrypt.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/CSharp/wolfSSL_CSharp/wolfSSL.cs 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* wolfSSL.cs * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/Makefile 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -1,11 +1,15 @@ .PHONY: all all: - +$(MAKE) -C wolfssl + +$(MAKE) -C wolfssl-wolfcrypt .PHONY: test test: - +$(MAKE) -C wolfssl test + +$(MAKE) -C wolfssl-wolfcrypt test + +.PHONY: testfips +testfips: + +$(MAKE) -C wolfssl-wolfcrypt testfips .PHONY: clean clean: - +$(MAKE) -C wolfssl clean + +$(MAKE) -C wolfssl-wolfcrypt clean diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/README.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,11 @@ # wolfSSL Rust Wrapper -## Building the wolfssl Rust Wrapper +The wolfSSL Rust wrapper currently consists of a single Rust crate named +`wolfssl-wolfcrypt`. +The `wolfssl-wolfcrypt` crate is a Rust wrapper for the wolfCrypt cryptographic +algorithms portion of the wolfSSL C library. + +## Locally building and testing the wolfSSL Rust Wrapper First, configure and build wolfssl C library. @@ -17,6 +22,5 @@ | Repository Directory | Description | | --- | --- | | `/wrapper/rust` | Top level container for all Rust wrapper functionality. | -| `/wrapper/rust/wolfssl` | Top level for the `wolfssl` library crate. | -| `/wrapper/rust/wolfssl/src` | Source directory for `wolfssl` crate top-level modules. | -| `/wrapper/rust/wolfssl/src/wolfcrypt` | Source directory for submodules of `wolfssl::wolfcrypt` module. | +| `/wrapper/rust/wolfssl-wolfcrypt` | Top level for the `wolfssl-wolfcrypt` library crate. | +| `/wrapper/rust/wolfssl-wolfcrypt/src` | Source directory for `wolfssl-wolfcrypt` crate top-level modules. | diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -4,36 +4,53 @@ EXTRA_DIST += wrapper/rust/Makefile EXTRA_DIST += wrapper/rust/README.md -EXTRA_DIST += wrapper/rust/wolfssl/Cargo.lock -EXTRA_DIST += wrapper/rust/wolfssl/Cargo.toml -EXTRA_DIST += wrapper/rust/wolfssl/Makefile -EXTRA_DIST += wrapper/rust/wolfssl/build.rs -EXTRA_DIST += wrapper/rust/wolfssl/headers.h -EXTRA_DIST += wrapper/rust/wolfssl/src/lib.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/aes.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/dh.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/prf.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/random.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs -EXTRA_DIST += wrapper/rust/wolfssl/src/wolfcrypt/sha.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_aes.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_cmac.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_dh.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ecc.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ed25519.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_ed448.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_hkdf.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_hmac.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_kdf.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_prf.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_random.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_rsa.rs -EXTRA_DIST += wrapper/rust/wolfssl/tests/test_sha.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/Cargo.lock +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/Cargo.toml +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/Makefile +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/README.md +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/build.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/headers.h +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/aes.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/dh.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/fips.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/lib.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/lms.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/prf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/random.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/sha.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/src/sys.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs +EXTRA_DIST += wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.lock mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.lock --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.lock 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.lock 1970-01-01 00:00:00.000000000 +0000 @@ -1,294 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 4 - -[[package]] -name = "aho-corasick" -version = "1.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" -dependencies = [ - "memchr", -] - -[[package]] -name = "bindgen" -version = "0.72.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" -dependencies = [ - "bitflags", - "cexpr", - "clang-sys", - "itertools", - "log", - "prettyplease", - "proc-macro2", - "quote", - "regex", - "rustc-hash", - "shlex", - "syn", -] - -[[package]] -name = "bitflags" -version = "2.9.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394" - -[[package]] -name = "cexpr" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" -dependencies = [ - "nom", -] - -[[package]] -name = "cfg-if" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" - -[[package]] -name = "clang-sys" -version = "1.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" -dependencies = [ - "glob", - "libc", - "libloading", -] - -[[package]] -name = "either" -version = "1.15.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" - -[[package]] -name = "glob" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" - -[[package]] -name = "itertools" -version = "0.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" -dependencies = [ - "either", -] - -[[package]] -name = "libc" -version = "0.2.175" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" - -[[package]] -name = "libloading" -version = "0.8.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" -dependencies = [ - "cfg-if", - "windows-targets", -] - -[[package]] -name = "log" -version = "0.4.28" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" - -[[package]] -name = "memchr" -version = "2.7.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" - -[[package]] -name = "minimal-lexical" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" - -[[package]] -name = "nom" -version = "7.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" -dependencies = [ - "memchr", - "minimal-lexical", -] - -[[package]] -name = "prettyplease" -version = "0.2.37" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" -dependencies = [ - "proc-macro2", - "syn", -] - -[[package]] -name = "proc-macro2" -version = "1.0.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.40" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "regex" -version = "1.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" -dependencies = [ - "aho-corasick", - "memchr", - "regex-automata", - "regex-syntax", -] - -[[package]] -name = "regex-automata" -version = "0.4.10" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" -dependencies = [ - "aho-corasick", - "memchr", - "regex-syntax", -] - -[[package]] -name = "regex-syntax" -version = "0.8.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001" - -[[package]] -name = "rustc-hash" -version = "2.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" - -[[package]] -name = "shlex" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" - -[[package]] -name = "syn" -version = "2.0.106" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" - -[[package]] -name = "windows-link" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" - -[[package]] -name = "windows-targets" -version = "0.53.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91" -dependencies = [ - "windows-link", - "windows_aarch64_gnullvm", - "windows_aarch64_msvc", - "windows_i686_gnu", - "windows_i686_gnullvm", - "windows_i686_msvc", - "windows_x86_64_gnu", - "windows_x86_64_gnullvm", - "windows_x86_64_msvc", -] - -[[package]] -name = "windows_aarch64_gnullvm" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764" - -[[package]] -name = "windows_aarch64_msvc" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c" - -[[package]] -name = "windows_i686_gnu" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3" - -[[package]] -name = "windows_i686_gnullvm" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11" - -[[package]] -name = "windows_i686_msvc" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d" - -[[package]] -name = "windows_x86_64_gnu" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba" - -[[package]] -name = "windows_x86_64_gnullvm" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57" - -[[package]] -name = "windows_x86_64_msvc" -version = "0.53.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" - -[[package]] -name = "wolfssl" -version = "0.1.0" -dependencies = [ - "bindgen", - "regex", -] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.toml mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.toml --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.toml 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Cargo.toml 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -[package] -name = "wolfssl" -version = "0.1.0" -edition = "2024" - -[features] -std = [] - -[build-dependencies] -bindgen = "0.72.1" -regex = "1.5" - -[profile.release] -strip = true -opt-level = "s" -lto = true -codegen-units = 1 -panic = "abort" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Makefile 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/Makefile 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -.PHONY: all -all: - cargo build - cargo doc - -.PHONY: test -test: - cargo test - -.PHONY: clean -clean: - cargo clean diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/build.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/build.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/build.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/build.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,182 +0,0 @@ -extern crate bindgen; - -use regex::Regex; -use std::env; -use std::fs; -use std::io::{self, Read, Result}; -use std::path::PathBuf; - -/// Perform crate build. -fn main() { - if let Err(e) = run_build() { - eprintln!("Build failed: {}", e); - std::process::exit(1); - } -} - -/// Perform all build steps. -/// -/// Returns `Ok(())` if successful, or an error if any step fails. -fn run_build() -> Result<()> { - generate_bindings()?; - setup_wolfssl_link()?; - scan_cfg()?; - Ok(()) -} - -fn wrapper_dir() -> Result { - Ok(std::env::current_dir()?.display().to_string()) -} - -fn wolfssl_base_dir() -> Result { - Ok(format!("{}/../../..", wrapper_dir()?)) -} - -fn wolfssl_lib_dir() -> Result { - Ok(format!("{}/src/.libs", wolfssl_base_dir()?)) -} - -fn bindings_path() -> String { - PathBuf::from(env::var("OUT_DIR").unwrap()).join("bindings.rs").display().to_string() -} - -/// Generate Rust bindings for the wolfssl C library using bindgen. -/// -/// This function: -/// 1. Sets up the library and include paths -/// 2. Configures the build environment -/// 3. Generates Rust bindings using bindgen -/// 4. Writes the bindings to a file -/// -/// Returns `Ok(())` if successful, or an error if binding generation fails. -fn generate_bindings() -> Result<()> { - let bindings = bindgen::Builder::default() - .header("headers.h") - .clang_arg(format!("-I{}", wolfssl_base_dir()?)) - .parse_callbacks(Box::new(bindgen::CargoCallbacks::new())) - .generate() - .map_err(|_| io::Error::new(io::ErrorKind::Other, "Failed to generate bindings"))?; - - bindings - .write_to_file(bindings_path()) - .map_err(|e| { - io::Error::new( - io::ErrorKind::Other, - format!("Couldn't write bindings: {}", e), - ) - }) -} - -/// Instruct cargo to link against wolfssl C library -/// -/// Returns `Ok(())` if successful, or an error if any step fails. -fn setup_wolfssl_link() -> Result<()> { - println!("cargo:rustc-link-lib=wolfssl"); - println!("cargo:rustc-link-search={}", wolfssl_lib_dir()?); - println!("cargo:rustc-link-arg=-Wl,-rpath,{}", wolfssl_lib_dir()?); - -// TODO: do we need this if only a static library is built? -// println!("cargo:rustc-link-lib=static=wolfssl"); - - Ok(()) -} - -fn read_file(path: String) -> Result { - let mut file = fs::File::open(path)?; - let mut content = String::new(); - file.read_to_string(&mut content)?; - Ok(content) -} - -fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) { - let pattern = format!(r"\b{}\b", function_name); - let re = match Regex::new(&pattern) { - Ok(r) => r, - Err(e) => { - eprintln!("Error compiling regex '{}': {}", pattern, e); - return; - } - }; - println!("cargo::rustc-check-cfg=cfg({})", cfg_name); - if re.is_match(binding) { - println!("cargo:rustc-cfg={}", cfg_name); - } -} - -fn scan_cfg() -> Result<()> { - let binding = read_file(bindings_path())?; - - /* aes */ - check_cfg(&binding, "wc_AesSetKey", "aes"); - check_cfg(&binding, "wc_AesCbcEncrypt", "aes_cbc"); - check_cfg(&binding, "wc_AesCcmSetKey", "aes_ccm"); - check_cfg(&binding, "wc_AesCfbEncrypt", "aes_cfb"); - check_cfg(&binding, "wc_AesCtrEncrypt", "aes_ctr"); - check_cfg(&binding, "wc_AesCtsEncrypt", "aes_cts"); - check_cfg(&binding, "wc_AesCfbDecrypt", "aes_decrypt"); - check_cfg(&binding, "wc_AesEaxInit", "aes_eax"); - check_cfg(&binding, "wc_AesEcbEncrypt", "aes_ecb"); - check_cfg(&binding, "wc_AesGcmSetKey", "aes_gcm"); - check_cfg(&binding, "wc_AesGcmInit", "aes_gcm_stream"); - check_cfg(&binding, "wc_AesOfbEncrypt", "aes_ofb"); - check_cfg(&binding, "wc_AesXtsInit", "aes_xts"); - check_cfg(&binding, "wc_AesXtsEncryptInit", "aes_xts_stream"); - - /* cmac */ - check_cfg(&binding, "wc_InitCmac", "cmac"); - - /* dh */ - check_cfg(&binding, "wc_InitDhKey", "dh"); - check_cfg(&binding, "wc_DhGenerateParams", "dh_keygen"); - - /* ecc */ - check_cfg(&binding, "wc_ecc_init", "ecc"); - check_cfg(&binding, "wc_ecc_export_point_der_compressed", "ecc_comp_key"); - check_cfg(&binding, "wc_ecc_shared_secret", "ecc_dh"); - check_cfg(&binding, "wc_ecc_sign_hash", "ecc_sign"); - check_cfg(&binding, "wc_ecc_verify_hash", "ecc_verify"); - check_cfg(&binding, "wc_ecc_export_x963", "ecc_export"); - check_cfg(&binding, "wc_ecc_import_x963", "ecc_import"); - check_cfg(&binding, "ecc_curve_ids_ECC_X25519", "ecc_curve_25519"); - check_cfg(&binding, "ecc_curve_ids_ECC_X448", "ecc_curve_448"); - check_cfg(&binding, "ecc_curve_ids_ECC_SAKKE_1", "ecc_curve_sakke"); - check_cfg(&binding, "ecc_curve_ids_ECC_CURVE_CUSTOM", "ecc_custom_curves"); - - /* ed25519 */ - check_cfg(&binding, "wc_ed25519_init", "ed25519"); - check_cfg(&binding, "wc_ed25519_import_public", "ed25519_import"); - check_cfg(&binding, "wc_ed25519_export_public", "ed25519_export"); - check_cfg(&binding, "wc_ed25519_sign_msg", "ed25519_sign"); - check_cfg(&binding, "wc_ed25519_verify_msg_ex", "ed25519_verify"); - check_cfg(&binding, "wc_ed25519_verify_msg_init", "ed25519_streaming_verify"); - - /* ed448 */ - check_cfg(&binding, "wc_ed448_init", "ed448"); - check_cfg(&binding, "wc_ed448_import_public", "ed448_import"); - check_cfg(&binding, "wc_ed448_export_public", "ed448_export"); - check_cfg(&binding, "wc_ed448_sign_msg", "ed448_sign"); - check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify"); - check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify"); - - /* kdf */ - check_cfg(&binding, "wc_PBKDF2", "kdf_pbkdf2"); - check_cfg(&binding, "wc_PKCS12_PBKDF_ex", "kdf_pkcs12"); - check_cfg(&binding, "wc_SRTP_KDF", "kdf_srtp"); - check_cfg(&binding, "wc_SSH_KDF", "kdf_ssh"); - check_cfg(&binding, "wc_Tls13_HKDF_Extract_ex", "kdf_tls13"); - - /* rsa */ - check_cfg(&binding, "wc_InitRsaKey", "rsa"); - check_cfg(&binding, "wc_RsaDirect", "rsa_direct"); - check_cfg(&binding, "wc_MakeRsaKey", "rsa_keygen"); - - /* sha */ - check_cfg(&binding, "wc_InitSha", "sha"); - check_cfg(&binding, "wc_InitSha256", "sha256"); - check_cfg(&binding, "wc_InitSha512", "sha512"); - check_cfg(&binding, "wc_InitSha3_224", "sha3"); - check_cfg(&binding, "wc_InitShake128", "shake128"); - check_cfg(&binding, "wc_InitShake256", "shake256"); - - Ok(()) -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/headers.h mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/headers.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/headers.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/headers.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,21 +0,0 @@ -#include "wolfssl/options.h" -#include "wolfssl/wolfcrypt/settings.h" -#include "wolfssl/wolfcrypt/types.h" -#include "wolfssl/wolfcrypt/error-crypt.h" -#include "wolfssl/wolfcrypt/random.h" -#include "wolfssl/wolfcrypt/hmac.h" -#include "wolfssl/wolfcrypt/rsa.h" -#include "wolfssl/wolfcrypt/sha256.h" -#include "wolfssl/wolfcrypt/curve25519.h" -#include "wolfssl/wolfcrypt/ed25519.h" -#include "wolfssl/wolfcrypt/ed448.h" -#include "wolfssl/wolfcrypt/ecc.h" -#include "wolfssl/wolfcrypt/asn_public.h" -#include "wolfssl/wolfcrypt/asn.h" -#include "wolfssl/wolfcrypt/chacha20_poly1305.h" -#include "wolfssl/wolfcrypt/kdf.h" -#include "wolfssl/wolfcrypt/coding.h" -#include "wolfssl/wolfcrypt/signature.h" -#include "wolfssl/wolfcrypt/logging.h" -#include "wolfssl/wolfcrypt/aes.h" -#include "wolfssl/wolfcrypt/pwdbased.h" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/lib.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/lib.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/lib.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/lib.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -pub mod wolfcrypt; -pub mod sys; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/sys.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/sys.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/sys.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/sys.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -/* - * Suppress warnings for bindgen-generated bindings to wolfssl C library. - */ -#![allow(clippy::missing_safety_doc)] -#![allow(clippy::ptr_offset_with_cast)] -#![allow(clippy::too_many_arguments)] -#![allow(clippy::upper_case_acronyms)] -#![allow(clippy::useless_transmute)] -#![allow(dead_code)] -#![allow(improper_ctypes)] -#![allow(non_camel_case_types)] -#![allow(non_snake_case)] -#![allow(non_upper_case_globals)] -#![allow(unnecessary_transmutes)] -#![allow(unsafe_op_in_unsafe_fn)] -include!(concat!(env!("OUT_DIR"), "/bindings.rs")); diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/aes.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,2618 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Advanced -Encryption Standard (AES) functionality. -*/ - -#![cfg(aes)] - -use crate::sys; -use std::mem::{size_of, MaybeUninit}; - -/// AES Cipher Block Chaining (CBC) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_cbc)] -/// { -/// use wolfssl::wolfcrypt::aes::CBC; -/// let mut cbc = CBC::new().expect("Failed to create CBC"); -/// let key: &[u8; 16] = b"0123456789abcdef"; -/// let iv: &[u8; 16] = b"1234567890abcdef"; -/// let msg: [u8; 16] = [ -/// 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, -/// 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, -/// ]; -/// let expected_cipher: [u8; 16] = [ -/// 0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53, -/// 0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb -/// ]; -/// cbc.init_encrypt(key, iv).expect("Error with init_encrypt()"); -/// let mut cipher: [u8; 16] = [0; 16]; -/// cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()"); -/// assert_eq!(&cipher, &expected_cipher); -/// let mut plain_out = [0; 16]; -/// cbc.init_decrypt(key, iv).expect("Error with init_decrypt()"); -/// cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); -/// assert_eq!(&plain_out, &msg); -/// } -/// ``` -#[cfg(aes_cbc)] -pub struct CBC { - ws_aes: sys::Aes, -} -#[cfg(aes_cbc)] -impl CBC { - /// Create a new `CBC` instance. - /// - /// # Returns - /// - /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `CBC` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let cbc = CBC {ws_aes}; - Ok(cbc) - } - - fn init(&mut self, key: &[u8], iv: &[u8], dir: i32) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let iv_ptr = iv.as_ptr() as *const u8; - if iv.len() as u32 != sys::WC_AES_BLOCK_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, iv_ptr, dir) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Initialize a CBC instance for encryption. - /// - /// This method must be called before calling `encrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. The - /// IV must be 16 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_encrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - return self.init(key, iv, sys::AES_ENCRYPTION as i32); - } - - /// Initialize a CBC instance for decryption. - /// - /// This method must be called before calling `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the decryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. The - /// IV must be 16 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_decrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - return self.init(key, iv, sys::AES_DECRYPTION as i32); - } - - /// Encrypt data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. The size of the data must be a multiple of - /// 16 bytes. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCbcEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. The size of the data must be a multiple of - /// 16 bytes. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the data must match that of the `din` slice. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCbcDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_cbc)] -impl Drop for CBC { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Counter with CBC-MAC (CCM) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_ccm)] -/// { -/// use wolfssl::wolfcrypt::aes::CCM; -/// let key: [u8; 16] = [ -/// 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, -/// 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf -/// ]; -/// let nonce: [u8; 13] = [ -/// 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, -/// 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 ]; -/// let plaintext: [u8; 23] = [ -/// 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, -/// 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, -/// 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e -/// ]; -/// let auth_data: [u8; 8] = [ -/// 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 -/// ]; -/// let expected_ciphertext: [u8; 23] = [ -/// 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, -/// 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, -/// 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 -/// ]; -/// let expected_auth_tag: [u8; 8] = [ -/// 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 -/// ]; -/// -/// let mut ccm = CCM::new().expect("Failed to create CCM"); -/// ccm.init(&key).expect("Error with init()"); -/// let mut auth_tag_out: [u8; 8] = [0; 8]; -/// let mut cipher_out: [u8; 23] = [0; 23]; -/// ccm.encrypt(&plaintext, &mut cipher_out, -/// &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()"); -/// assert_eq!(cipher_out, expected_ciphertext); -/// assert_eq!(auth_tag_out, expected_auth_tag); -/// ccm.init(&key).expect("Error with init()"); -/// let mut plain_out: [u8; 23] = [0; 23]; -/// ccm.decrypt(&cipher_out, &mut plain_out, -/// &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()"); -/// assert_eq!(plain_out, plaintext); -/// } -/// ``` -#[cfg(aes_ccm)] -pub struct CCM { - ws_aes: sys::Aes, -} -#[cfg(aes_ccm)] -impl CCM { - /// Create a new `CCM` instance. - /// - /// # Returns - /// - /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `CCM` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let ccm = CCM {ws_aes}; - Ok(ccm) - } - - /// Initialize a CCM instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt()` or `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesCcmSetKey(&mut self.ws_aes, key_ptr, key_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `nonce`: Nonce (number used once). - /// * `auth`: Authentication data input. - /// * `auth_tag`: Buffer in which to store the authentication tag. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &mut [A]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = (nonce.len() * size_of::()) as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = (auth.len() * size_of::()) as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *mut u8; - let auth_tag_size = (auth_tag.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCcmEncrypt(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - nonce_ptr, nonce_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `nonce`: Nonce (number used once). - /// * `auth`: Authentication data input. - /// * `auth_tag`: Authentication tag input to verify. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &[A]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = (nonce.len() * size_of::()) as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = (auth.len() * size_of::()) as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *const u8; - let auth_tag_size = (auth_tag.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCcmDecrypt(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - nonce_ptr, nonce_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_ccm)] -impl Drop for CCM { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Cipher FeedBack (CFB) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_cfb)] -/// { -/// use wolfssl::wolfcrypt::aes::CFB; -/// let mut cfb = CFB::new().expect("Failed to create CFB"); -/// let key: [u8; 16] = [ -/// 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, -/// 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c -/// ]; -/// let iv: [u8; 16] = [ -/// 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, -/// 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f -/// ]; -/// let msg: [u8; 48] = [ -/// 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, -/// 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, -/// 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, -/// 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, -/// 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, -/// 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef -/// ]; -/// let cipher: [u8; 48] = [ -/// 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, -/// 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, -/// 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, -/// 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, -/// 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, -/// 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf -/// ]; -/// cfb.init(&key, &iv).expect("Error with init()"); -/// let mut outbuf: [u8; 48] = [0; 48]; -/// cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()"); -/// cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()"); -/// assert_eq!(outbuf, cipher); -/// cfb.init(&key, &iv).expect("Error with init()"); -/// let mut plain: [u8; 48] = [0; 48]; -/// #[cfg(aes_decrypt)] -/// { -/// cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); -/// assert_eq!(plain, msg); -/// } -/// } -/// ``` -#[cfg(aes_cfb)] -pub struct CFB { - ws_aes: sys::Aes, -} -#[cfg(aes_cfb)] -impl CFB { - /// Create a new `CFB` instance. - /// - /// # Returns - /// - /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `CFB` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let cfb = CFB {ws_aes}; - Ok(cfb) - } - - /// Initialize a CFB instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt()`, `encrypt1()`, - /// `encrypt8()`, `decrypt()`, `decrypt1()`, or `decrypt8()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. The - /// IV must be 16 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let iv_ptr = iv.as_ptr() as *const u8; - if iv.len() as u32 != sys::WC_AES_BLOCK_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, - iv_ptr, sys::AES_ENCRYPTION as i32) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data in full-block CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data in 1-bit CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfb1Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data in 8-bit CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfb8Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data in full-block CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - #[cfg(aes_decrypt)] - pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data in 1-bit CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - #[cfg(aes_decrypt)] - pub fn decrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfb1Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data in 8-bit CFB mode. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - #[cfg(aes_decrypt)] - pub fn decrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCfb8Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_cfb)] -impl Drop for CFB { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Counter (CTR) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_ctr)] -/// { -/// use wolfssl::wolfcrypt::aes::CTR; -/// let iv: [u8; 16] = [ -/// 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, -/// 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff -/// ]; -/// let msg: [u8; 64] = [ -/// 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, -/// 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, -/// 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, -/// 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, -/// 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, -/// 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, -/// 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, -/// 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 -/// ]; -/// let key: [u8; 16] = [ -/// 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, -/// 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c -/// ]; -/// let cipher: [u8; 64] = [ -/// 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, -/// 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, -/// 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, -/// 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, -/// 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, -/// 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, -/// 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, -/// 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee -/// ]; -/// let mut ctr = CTR::new().expect("Failed to create CTR"); -/// ctr.init(&key, &iv).expect("Error with init()"); -/// let mut outbuf: [u8; 64] = [0; 64]; -/// ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); -/// assert_eq!(outbuf, cipher); -/// ctr.init(&key, &iv).expect("Error with init()"); -/// let mut plain: [u8; 64] = [0; 64]; -/// ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); -/// assert_eq!(plain, msg); -/// } -/// ``` -#[cfg(aes_ctr)] -pub struct CTR { - ws_aes: sys::Aes, -} -#[cfg(aes_ctr)] -impl CTR { - /// Create a new `CTR` instance. - /// - /// # Returns - /// - /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `CTR` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let ctr = CTR {ws_aes}; - Ok(ctr) - } - - /// Initialize a CTR instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt()` or `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. The - /// IV must be 16 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let iv_ptr = iv.as_ptr() as *const u8; - if iv.len() as u32 != sys::WC_AES_BLOCK_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesSetKeyDirect(&mut self.ws_aes, key_ptr, key_size, - iv_ptr, sys::AES_ENCRYPTION as i32) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - fn encrypt_decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesCtrEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - return self.encrypt_decrypt(din, dout); - } - - /// Decrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - return self.encrypt_decrypt(din, dout); - } -} -#[cfg(aes_ctr)] -impl Drop for CTR { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Encrypt-Then-Authenticate-Then-Translate (EAX) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_eax)] -/// { -/// use wolfssl::wolfcrypt::aes::EAX; -/// let key: [u8; 16] = [ -/// 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -/// 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -/// ]; -/// let nonce: [u8; 16] = [ -/// 0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, -/// 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2 -/// ]; -/// let auth: &[u8] = &[]; -/// let msg: [u8; 32] = [ -/// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -/// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -/// 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, -/// 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 -/// ]; -/// let expected_cipher: [u8; 32] = [ -/// 0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, -/// 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, -/// 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, -/// 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68 -/// ]; -/// let expected_auth_tag: [u8; 16] = [ -/// 0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, -/// 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e -/// ]; -/// let mut cipher: [u8; 32] = [0; 32]; -/// let mut auth_tag: [u8; 16] = [0; 16]; -/// EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()"); -/// assert_eq!(cipher, expected_cipher); -/// assert_eq!(auth_tag, expected_auth_tag); -/// let mut plain: [u8; 32] = [0; 32]; -/// EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()"); -/// assert_eq!(plain, msg); -/// } -/// ``` -#[cfg(aes_eax)] -pub struct EAX { -} -#[cfg(aes_eax)] -impl EAX { - /// Encrypt data. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `key`: Encryption key to use. The key size must be 16, 24, or 32 - /// bytes. - /// * `nonce`: Nonce (number used once). - /// * `auth`: Authentication data input. - /// * `auth_tag`: Buffer in which to store the authentication tag. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], - auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = nonce.len() as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *mut u8; - let auth_tag_size = auth_tag.len() as u32; - let in_ptr = din.as_ptr() as *const u8; - let in_size = din.len() as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = dout.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesEaxEncryptAuth(key_ptr, key_size, out_ptr, - in_ptr, in_size, nonce_ptr, nonce_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `key`: Decryption key to use. The key size must be 16, 24, or 32 - /// bytes. - /// * `nonce`: Nonce (number used once). - /// * `auth`: Authentication data input. - /// * `auth_tag`: Authentication tag input to verify. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], - auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let nonce_ptr = nonce.as_ptr() as *const u8; - let nonce_size = nonce.len() as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *const u8; - let auth_tag_size = auth_tag.len() as u32; - let in_ptr = din.as_ptr() as *const u8; - let in_size = din.len() as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = dout.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesEaxDecryptAuth(key_ptr, key_size, out_ptr, - in_ptr, in_size, nonce_ptr, nonce_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -/// AES Electronic CodeBook (ECB) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_ecb)] -/// { -/// use wolfssl::wolfcrypt::aes::ECB; -/// let mut ecb = ECB::new().expect("Failed to create ECB"); -/// let key_128: &[u8; 16] = b"0123456789abcdef"; -/// let msg: [u8; 16] = [ -/// 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, -/// 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 -/// ]; -/// let verify_ecb_128: [u8; 16] = [ -/// 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, -/// 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 -/// ]; -/// ecb.init_encrypt(key_128).expect("Error with init_encrypt()"); -/// let mut outbuf: [u8; 16] = [0; 16]; -/// ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); -/// assert_eq!(&outbuf, &verify_ecb_128); -/// outbuf = [0; 16]; -/// ecb.init_decrypt(key_128).expect("Error with init_decrypt()"); -/// ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()"); -/// assert_eq!(&outbuf, &msg); -/// } -/// ``` -#[cfg(aes_ecb)] -pub struct ECB { - ws_aes: sys::Aes, -} -#[cfg(aes_ecb)] -impl ECB { - /// Create a new `ECB` instance. - /// - /// # Returns - /// - /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `ECB` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let ecb = ECB {ws_aes}; - Ok(ecb) - } - - fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, - core::ptr::null(), dir) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Initialize a ECB instance for encryption. - /// - /// This method must be called before calling `encrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> { - return self.init(key, sys::AES_ENCRYPTION as i32); - } - - /// Initialize a ECB instance for decryption. - /// - /// This method must be called before calling `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the decryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> { - return self.init(key, sys::AES_DECRYPTION as i32); - } - - /// Encrypt data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. The size of the data must be a multiple of - /// 16 bytes. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesEcbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. The size of the data must be a multiple of - /// 16 bytes. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesEcbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_ecb)] -impl Drop for ECB { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Galois/Counter Mode (GCM) mode (one shot functionality). -/// -/// This struct provides one-shot encryption and decryption functionality. -/// For streaming/chunking functionality, see the `GCMStream` struct instead. -/// -/// # Example -/// ```rust -/// #[cfg(aes_gcm)] -/// { -/// use wolfssl::wolfcrypt::aes::GCM; -/// let key: [u8; 16] = [ -/// 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, -/// 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc -/// ]; -/// let iv: [u8; 12] = [ -/// 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, -/// 0xe4, 0xed, 0x2f, 0x6d -/// ]; -/// let plain: [u8; 32] = [ -/// 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, -/// 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, -/// 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, -/// 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 -/// ]; -/// let auth: [u8; 16] = [ -/// 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, -/// 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 -/// ]; -/// let expected_cipher: [u8; 32] = [ -/// 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, -/// 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, -/// 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, -/// 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb -/// ]; -/// let expected_auth_tag: [u8; 16] = [ -/// 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, -/// 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 -/// ]; -/// let mut gcm = GCM::new().expect("Failed to create GCM"); -/// gcm.init(&key).expect("Error with init()"); -/// let mut cipher: [u8; 32] = [0; 32]; -/// let mut auth_tag: [u8; 16] = [0; 16]; -/// gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()"); -/// assert_eq!(cipher, expected_cipher); -/// assert_eq!(auth_tag, expected_auth_tag); -/// let mut plain_out: [u8; 32] = [0; 32]; -/// gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()"); -/// assert_eq!(plain_out, plain); -/// } -/// ``` -#[cfg(aes_gcm)] -pub struct GCM { - ws_aes: sys::Aes, -} -#[cfg(aes_gcm)] -impl GCM { - /// Create a new `GCM` instance. - /// - /// # Returns - /// - /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `GCM` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let gcm = GCM {ws_aes}; - Ok(gcm) - } - - /// Initialize a GCM instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt()` or `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesGcmSetKey(&mut self.ws_aes, key_ptr, key_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `iv`: Initialization vector to use for the encryption operation. - /// * `auth`: Authentication data input. - /// * `auth_tag`: Buffer in which to store the authentication tag. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], - auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let iv_ptr = iv.as_ptr() as *const u8; - let iv_size = iv.len() as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *mut u8; - let auth_tag_size = auth_tag.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesGcmEncrypt(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - iv_ptr, iv_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `iv`: Initialization vector to use for the decryption operation. - /// * `auth`: Authentication data input. - /// * `auth_tag`: Authentication tag input to verify. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], - auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let iv_ptr = iv.as_ptr() as *const u8; - let iv_size = iv.len() as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - let auth_tag_ptr = auth_tag.as_ptr() as *const u8; - let auth_tag_size = auth_tag.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesGcmDecrypt(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - iv_ptr, iv_size, - auth_tag_ptr, auth_tag_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_gcm)] -impl Drop for GCM { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Galois/Counter Mode (GCM) mode (streaming functionality). -/// -/// This struct provides streaming/chunking encryption and decryption -/// functionality. For one-shot functionality, see the `GCM` struct instead. -/// -/// # Example -/// ```rust -/// #[cfg(aes_gcm_stream)] -/// { -/// use wolfssl::wolfcrypt::aes::GCMStream; -/// let plain: [u8; 60] = [ -/// 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, -/// 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, -/// 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, -/// 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, -/// 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, -/// 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, -/// 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, -/// 0xba, 0x63, 0x7b, 0x39 -/// ]; -/// let auth: [u8; 20] = [ -/// 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, -/// 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, -/// 0xab, 0xad, 0xda, 0xd2 -/// ]; -/// let key: [u8; 32] = [ -/// 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, -/// 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, -/// 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, -/// 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 -/// ]; -/// let iv: [u8; 12] = [ -/// 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, -/// 0xde, 0xca, 0xf8, 0x88 -/// ]; -/// let expected_cipher: [u8; 60] = [ -/// 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, -/// 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, -/// 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, -/// 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, -/// 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, -/// 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, -/// 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, -/// 0xbc, 0xc9, 0xf6, 0x62 -/// ]; -/// let expected_auth_tag: [u8; 16] = [ -/// 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, -/// 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b -/// ]; -/// let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream"); -/// for chunk_size in 1..=auth.len() { -/// gcmstream.init(&key, &iv).expect("Error with init()"); -/// let mut cipher: [u8; 60] = [0; 60]; -/// let mut i = 0; -/// while i < auth.len() { -/// let mut end = i + chunk_size; -/// if end > auth.len() { -/// end = auth.len() -/// } -/// gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()"); -/// i += chunk_size; -/// } -/// i = 0; -/// while i < plain.len() { -/// let mut end = i + chunk_size; -/// if end > plain.len() { -/// end = plain.len() -/// } -/// gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()"); -/// i += chunk_size; -/// } -/// let mut auth_tag: [u8; 16] = [0; 16]; -/// gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()"); -/// assert_eq!(cipher, expected_cipher); -/// assert_eq!(auth_tag, expected_auth_tag); -/// } -/// } -/// ``` -#[cfg(aes_gcm_stream)] -pub struct GCMStream { - ws_aes: sys::Aes, -} -#[cfg(aes_gcm_stream)] -impl GCMStream { - /// Create a new `GCMStream` instance. - /// - /// # Returns - /// - /// A Result which is Ok(GCMStream) on success or an Err containing the - /// wolfSSL library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `GCMStream` instance with heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(GCMStream) on success or an Err containing the - /// wolfSSL library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let gcmstream = GCMStream {ws_aes}; - Ok(gcmstream) - } - - /// Initialize a GCMStream instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt_update()`, - /// `encrypt_final()`, `decrypt_update()`, or `decrypt_final()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let iv_ptr = iv.as_ptr() as *const u8; - let iv_size = iv.len() as u32; - let rc = unsafe { - sys::wc_AesGcmInit(&mut self.ws_aes, key_ptr, key_size, iv_ptr, iv_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add a chunk of data to encrypt or authentication data. - /// - /// All authentication data must be passed in to update before the - /// plaintext to encrypt. The last part of the authentication data can be - /// passed in with the same call as the first part of the plaintext data. - /// - /// The `init()` method must be called before calling this method. - /// The `encrypt_final()` method must be called to finalize the encryption - /// operation and retrieve the calculated authentication tag. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `auth`: Authentication data input. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O], - auth: &[u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesGcmEncryptUpdate(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize encryption. - /// - /// The `init()` method must be called before calling this method. - /// The `encrypt_update()` method must be called one or more times before - /// calling this method to supply authentication data and plaintext input - /// for encryption. - /// - /// # Parameters - /// - /// * `auth_tag`: Buffer in which to store the authentication tag. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_final(&mut self, auth_tag: &mut [u8]) -> Result<(), i32> { - let auth_tag_ptr = auth_tag.as_ptr() as *mut u8; - let auth_tag_size = auth_tag.len() as u32; - let rc = unsafe { - sys::wc_AesGcmEncryptFinal(&mut self.ws_aes, auth_tag_ptr, auth_tag_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add a chunk of data to decrypt or authentication data. - /// - /// All authentication data must be passed in to update before the - /// ciphertext to decrypt. The last part of the authentication data can be - /// passed in with the same call as the first part of the ciphertext data. - /// - /// The `init()` method must be called before calling this method. - /// The `decrypt_final()` method must be called to finalize the decryption - /// operation and verify the authentication tag. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `auth`: Authentication data input. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O], - auth: &[u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let auth_ptr = auth.as_ptr() as *const u8; - let auth_size = auth.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesGcmDecryptUpdate(&mut self.ws_aes, out_ptr, - in_ptr, in_size, - auth_ptr, auth_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize decryption. - /// - /// The `init()` method must be called before calling this method. - /// The `decrypt_update()` method must be called one or more times before - /// calling this method to supply authentication data and ciphertext input - /// for decryption. - /// - /// # Parameters - /// - /// * `auth_tag`: Authentication tag input to verify. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_final(&mut self, auth_tag: &[u8]) -> Result<(), i32> { - let auth_tag_ptr = auth_tag.as_ptr() as *const u8; - let auth_tag_size = auth_tag.len() as u32; - let rc = unsafe { - sys::wc_AesGcmDecryptFinal(&mut self.ws_aes, auth_tag_ptr, auth_tag_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_gcm_stream)] -impl Drop for GCMStream { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES Output FeedBack (OFB) mode. -/// -/// # Example -/// ```rust -/// #[cfg(aes_ofb)] -/// { -/// use wolfssl::wolfcrypt::aes::OFB; -/// let key: [u8; 32] = [ -/// 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, -/// 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, -/// 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, -/// 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 -/// ]; -/// let iv: [u8; 16] = [ -/// 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, -/// 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f -/// ]; -/// let plain: [u8; 48] = [ -/// 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, -/// 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, -/// 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, -/// 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, -/// 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, -/// 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c -/// ]; -/// let expected_cipher: [u8; 48] = [ -/// 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, -/// 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, -/// 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, -/// 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, -/// 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, -/// 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 -/// ]; -/// let mut ofb = OFB::new().expect("Failed to create OFB"); -/// ofb.init(&key, &iv).expect("Error with init()"); -/// let mut cipher: [u8; 48] = [0; 48]; -/// ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()"); -/// assert_eq!(cipher, expected_cipher); -/// ofb.init(&key, &iv).expect("Error with init()"); -/// let mut plain_out: [u8; 48] = [0; 48]; -/// #[cfg(aes_decrypt)] -/// { -/// ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); -/// assert_eq!(plain_out, plain); -/// } -/// } -/// ``` -#[cfg(aes_ofb)] -pub struct OFB { - ws_aes: sys::Aes, -} -#[cfg(aes_ofb)] -impl OFB { - /// Create a new `OFB` instance. - /// - /// # Returns - /// - /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `OFB` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_aes = new_ws_aes(heap, dev_id)?; - let ofb = OFB {ws_aes}; - Ok(ofb) - } - - /// Initialize a OFB instance for encryption or decryption. - /// - /// This method must be called before calling `encrypt()` or `decrypt()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `iv`: A slice containing the initialization vector (IV) to use. The - /// IV must be 16 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let iv_ptr = iv.as_ptr() as *const u8; - if iv.len() as u32 != sys::WC_AES_BLOCK_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesSetKey(&mut self.ws_aes, key_ptr, key_size, iv_ptr, - sys::AES_ENCRYPTION as i32) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesOfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - #[cfg(aes_decrypt)] - pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesOfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_ofb)] -impl Drop for OFB { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesFree(&mut self.ws_aes); } - } -} - -/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support -/// (one shot functionality). -/// -/// This struct provides one-shot encryption and decryption functionality. -/// For streaming/chunking functionality, see the `XTSStream` struct instead. -/// -/// # Example -/// ```rust -/// #[cfg(aes_xts)] -/// { -/// use wolfssl::wolfcrypt::aes::XTS; -/// let key: [u8; 32] = [ -/// 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, -/// 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, -/// 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, -/// 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f -/// ]; -/// let tweak: [u8; 16] = [ -/// 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, -/// 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 -/// ]; -/// let plain: [u8; 16] = [ -/// 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, -/// 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c -/// ]; -/// let expected_cipher: [u8; 16] = [ -/// 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, -/// 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 -/// ]; -/// let partial: [u8; 24] = [ -/// 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, -/// 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, -/// 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 -/// ]; -/// let expected_partial_cipher: [u8; 24] = [ -/// 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b, -/// 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b, -/// 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a -/// ]; -/// -/// let mut xts = XTS::new().expect("Failed to create XTS"); -/// xts.init_encrypt(&key).expect("Error with init_encrypt()"); -/// let mut cipher: [u8; 16] = [0; 16]; -/// xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()"); -/// assert_eq!(cipher, expected_cipher); -/// xts.init_decrypt(&key).expect("Error with init_decrypt()"); -/// let mut plain_out: [u8; 16] = [0; 16]; -/// xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()"); -/// assert_eq!(plain_out, plain); -/// -/// xts.init_encrypt(&key).expect("Error with init_encrypt()"); -/// let mut partial_cipher: [u8; 24] = [0; 24]; -/// xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()"); -/// assert_eq!(partial_cipher, expected_partial_cipher); -/// xts.init_decrypt(&key).expect("Error with init_decrypt()"); -/// let mut partial_out: [u8; 24] = [0; 24]; -/// xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()"); -/// assert_eq!(partial_out, partial); -/// } -/// ``` -#[cfg(aes_xts)] -pub struct XTS { - ws_xtsaes: sys::XtsAes, -} -#[cfg(aes_xts)] -impl XTS { - /// Create a new `XTS` instance. - /// - /// # Returns - /// - /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `XTS` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?; - let xts = XTS {ws_xtsaes}; - Ok(xts) - } - - fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size, - dir) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Initialize a XTS instance for encryption. - /// - /// This method must be called before calling any encryption methods. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> { - return self.init(key, sys::AES_ENCRYPTION as i32); - } - - /// Initialize a XTS instance for decryption. - /// - /// This method must be called before calling any decryption methods. - /// - /// # Parameters - /// - /// * `key`: A slice containing the decryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> { - return self.init(key, sys::AES_DECRYPTION as i32); - } - - /// Encrypt data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `tweak`: Tweak value to use for the encryption operation. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let tweak_ptr = tweak.as_ptr() as *const u8; - let tweak_size = tweak.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsEncrypt(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, - tweak_ptr, tweak_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt a sector of data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// - /// This method is the same as `encrypt()` except that a sector number is - /// taken instead of a tweak buffer. Internally the sector number is - /// expanded into the tweak value to use. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `sector`: Sector number to use for encryption operation. This value - /// is expanded into a tweak value. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsEncryptSector(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, sector) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt consecutive sectors of data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// - /// This method is the same as `encrypt_sector()` except that the sector - /// number is automatically incremented every `sector_size` bytes. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `sector`: Sector number to use for encryption operation. This value - /// is expanded into a tweak value. - /// * `sector_size`: Sector size. The `sector` value is internally - /// incremented every `sector_size` bytes. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], - sector: u64, sector_size: u32) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsEncryptConsecutiveSectors(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, sector, sector_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `tweak`: Tweak value to use for the decryption operation. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - let tweak_ptr = tweak.as_ptr() as *const u8; - let tweak_size = tweak.len() as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsDecrypt(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, - tweak_ptr, tweak_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt a sector of data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// - /// This method is the same as `decrypt()` except that a sector number is - /// taken instead of a tweak buffer. Internally the sector number is - /// expanded into the tweak value to use. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `sector`: Sector number to use for decryption operation. This value - /// is expanded into a tweak value. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsDecryptSector(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, sector) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt consecutive sectors of data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// - /// This method is the same as `decrypt_sector()` except that the sector - /// number is automatically incremented every `sector_size` bytes. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// * `sector`: Sector number to use for decryption operation. This value - /// is expanded into a tweak value. - /// * `sector_size`: Sector size. The `sector` value is internally - /// incremented every `sector_size` bytes. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], - sector: u64, sector_size: u32) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsDecryptConsecutiveSectors(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, sector, sector_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_xts)] -impl Drop for XTS { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); } - } -} - -/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support -/// (streaming functionality). -/// -/// This struct provides streaming/chunking encryption and decryption -/// functionality. For one-shot functionality, see the `XTS` struct instead. -/// -/// # Example -/// ```rust -/// #[cfg(aes_xts_stream)] -/// { -/// use wolfssl::wolfcrypt::aes::XTSStream; -/// let keys: [u8; 32] = [ -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// ]; -/// let tweak: [u8; 16] = [ -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// ]; -/// let plain: [u8; 40] = [ -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, -/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 -/// ]; -/// let expected_cipher: [u8; 40] = [ -/// 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, -/// 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, -/// 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, -/// 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, -/// 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD -/// ]; -/// -/// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); -/// xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()"); -/// let mut cipher: [u8; 40] = [0; 40]; -/// xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()"); -/// xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()"); -/// assert_eq!(cipher, expected_cipher); -/// -/// xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()"); -/// let mut plain_out: [u8; 40] = [0; 40]; -/// xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()"); -/// xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()"); -/// assert_eq!(plain_out, plain); -/// } -/// ``` -#[cfg(aes_xts_stream)] -pub struct XTSStream { - ws_xtsaes: sys::XtsAes, - ws_xtsaesstreamdata: sys::XtsAesStreamData, -} -#[cfg(aes_xts_stream)] -impl XTSStream { - /// Create a new `XTSStream` instance. - /// - /// # Returns - /// - /// A Result which is Ok(XTSStream) on success or an Err containing the - /// wolfSSL library return code on failure. - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create a new `XTSStream` instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(XTSStream) on success or an Err containing the - /// wolfSSL library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?; - let ws_xtsaesstreamdata: MaybeUninit = MaybeUninit::uninit(); - let ws_xtsaesstreamdata = unsafe { ws_xtsaesstreamdata.assume_init() }; - let xtsstream = XTSStream {ws_xtsaes, ws_xtsaesstreamdata}; - Ok(xtsstream) - } - - /// Initialize a XTSStream instance for encryption. - /// - /// This method must be called before calling `encrypt_update()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the encryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `tweak`: Tweak value to use for the encryption operation. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_encrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size, - sys::AES_ENCRYPTION as i32) - }; - if rc != 0 { - return Err(rc); - } - let tweak_ptr = tweak.as_ptr() as *const u8; - let tweak_size = tweak.len() as u32; - let rc = unsafe { - sys::wc_AesXtsEncryptInit(&mut self.ws_xtsaes, tweak_ptr, tweak_size, - &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Initialize a XTSStream instance for decryption. - /// - /// This method must be called before calling `decrypt_update()`. - /// - /// # Parameters - /// - /// * `key`: A slice containing the decryption key to use. The key must be - /// 16, 24, or 32 bytes in length. - /// * `tweak`: Tweak value to use for the decryption operation. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn init_decrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { - let key_ptr = key.as_ptr() as *const u8; - let key_size = key.len() as u32; - let rc = unsafe { - sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, key_ptr, key_size, - sys::AES_DECRYPTION as i32) - }; - if rc != 0 { - return Err(rc); - } - let tweak_ptr = tweak.as_ptr() as *const u8; - let tweak_size = tweak.len() as u32; - let rc = unsafe { - sys::wc_AesXtsDecryptInit(&mut self.ws_xtsaes, tweak_ptr, tweak_size, - &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add a chunk of data to encrypt. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// The `encrypt_final()` method must be called to finalize the encryption - /// operation. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. The size of the data must be a multiple of - /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes can - /// be passed in to `encrypt_final()`. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsEncryptUpdate(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt the final chunk of data. - /// - /// The `init_encrypt()` method must be called before calling this method. - /// The `encrypt_update()` method may be called prior to this to encrypt - /// blocks of data in chunks. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. The size of the data must be 0 or at least - /// 16 bytes. It does not need to be a multiple of 16 bytes. - /// * `dout`: Buffer in which to store the encrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn encrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsEncryptFinal(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add a chunk of data to decrypt. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// The `decrypt_final()` method must be called to finalize the decryption - /// operation. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. The size of the data must be a multiple of - /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes can - /// be passed in to `decrypt_final()`. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsDecryptUpdate(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt the final chunk of data. - /// - /// The `init_decrypt()` method must be called before calling this method. - /// The `decrypt_update()` method may be called prior to this to decrypt - /// blocks of data in chunks. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. The size of the data must be 0 or at least - /// 16 bytes. It does not need to be a multiple of 16 bytes. - /// * `dout`: Buffer in which to store the decrypted data. The size of - /// the buffer must match that of the `din` buffer. - /// - /// # Returns - /// - /// A Result which is Ok(()) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn decrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { - let in_ptr = din.as_ptr() as *const u8; - let in_size = (din.len() * size_of::()) as u32; - let out_ptr = dout.as_ptr() as *mut u8; - let out_size = (dout.len() * size_of::()) as u32; - if in_size != out_size { - return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); - } - let rc = unsafe { - sys::wc_AesXtsDecryptFinal(&mut self.ws_xtsaes, out_ptr, - in_ptr, in_size, &mut self.ws_xtsaesstreamdata) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} -#[cfg(aes_xts_stream)] -impl Drop for XTSStream { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); } - } -} - -fn new_ws_aes(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let mut ws_aes: MaybeUninit = MaybeUninit::uninit(); - let rc = unsafe { - sys::wc_AesInit(ws_aes.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let ws_aes = unsafe { ws_aes.assume_init() }; - Ok(ws_aes) -} - -#[cfg(any(aes_xts, aes_xts_stream))] -fn new_ws_xtsaes(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let mut ws_xtsaes: MaybeUninit = MaybeUninit::uninit(); - let rc = unsafe { - sys::wc_AesXtsInit(ws_xtsaes.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let ws_xtsaes = unsafe { ws_xtsaes.assume_init() }; - Ok(ws_xtsaes) -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/cmac.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,416 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Cipher-based -Message Authentication Code (CMAC) functionality. -*/ - -#![cfg(cmac)] - -use crate::sys; -use std::mem::MaybeUninit; - -/// The `CMAC` struct manages the lifecycle of a wolfSSL `Cmac` object. -/// -/// It ensures proper initialization and deallocation. -/// -/// An instance can be created with `new()`. -pub struct CMAC { - ws_cmac: sys::Cmac, -} -impl CMAC { - /// One-shot CMAC generation function. - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// * `data`: CMAC input data. - /// * `dout`: Output buffer where CMAC is written. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(aes)] - /// { - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut generate_out = [0u8; 16]; - /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); - /// } - /// ``` - #[cfg(aes)] - pub fn generate(key: &[u8], data: &[u8], dout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_AesCmacGenerate(dout.as_mut_ptr(), &mut dout_size, - data.as_ptr(), data_size, - key.as_ptr(), key_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Create a new CMAC object using the given key. - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// - /// # Returns - /// - /// Returns either Ok(cmac) containing the CMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let mut cmac = CMAC::new(&key).expect("Error with new()"); - /// ``` - pub fn new(key: &[u8]) -> Result { - Self::new_ex(key, None, None) - } - - /// Create a new CMAC object using the given key with optional heap and - /// device ID. - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(cmac) containing the CMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let mut cmac = CMAC::new_ex(&key, None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(key: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; - let mut ws_cmac: MaybeUninit = MaybeUninit::uninit(); - let typ = sys::CmacType_WC_CMAC_AES as i32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitCmac_ex(ws_cmac.as_mut_ptr(), key.as_ptr(), key_size, - typ, core::ptr::null_mut(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let ws_cmac = unsafe { ws_cmac.assume_init() }; - let cmac = CMAC { ws_cmac }; - Ok(cmac) - } - - /// One-shot CMAC verification function. - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// * `data`: CMAC input data. - /// * `check`: CMAC value to compare to. - /// - /// # Returns - /// - /// Returns either Ok(valid) (with valid indicating if the CMAC passed in - /// is correct or not) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(aes)] - /// { - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut generate_out = [0u8; 16]; - /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); - /// let valid = CMAC::verify(&key, &message, &generate_out).expect("Error with verify()"); - /// assert!(valid); - /// } - /// ``` - #[cfg(aes)] - pub fn verify(key: &[u8], data: &[u8], check: &[u8]) -> Result { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let check_size = check.len() as u32; - let rc = unsafe { - sys::wc_AesCmacVerify(check.as_ptr(), check_size, - data.as_ptr(), data_size, - key.as_ptr(), key_size) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc == 0) - } - - /// One-shot CMAC generation function (with heap and device ID). - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// * `data`: CMAC input data. - /// * `dout`: Output buffer where CMAC is written. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(aes)] - /// { - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut generate_out = [0u8; 16]; - /// let mut cmac = CMAC::new(&key).expect("Error with new()"); - /// cmac.generate_ex(&key, &message, &mut generate_out, None, None).expect("Error with generate_ex()"); - /// } - /// ``` - #[cfg(aes)] - pub fn generate_ex(&mut self, key: &[u8], data: &[u8], dout: &mut [u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let mut dout_size = dout.len() as u32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_AesCmacGenerate_ex(&mut self.ws_cmac, - dout.as_mut_ptr(), &mut dout_size, - data.as_ptr(), data_size, - key.as_ptr(), key_size, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add CMAC input data. - /// - /// # Parameters - /// - /// * `data`: CMAC input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut cmac = CMAC::new(&key).expect("Error with new()"); - /// cmac.update(&message).expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_CmacUpdate(&mut self.ws_cmac, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Generate the final Cipher-based Message Authentication Code result. - /// - /// This function consumes the `CMAC` object since no further operations - /// can be performed with it. - /// - /// # Parameters - /// - /// * `dout`: Output buffer where CMAC is written. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut cmac = CMAC::new(&key).expect("Error with new()"); - /// cmac.update(&message).expect("Error with update()"); - /// let mut finalize_out = [0u8; 16]; - /// cmac.finalize(&mut finalize_out).expect("Error with finalize()"); - /// ``` - pub fn finalize(mut self, dout: &mut [u8]) -> Result<(), i32> { - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_CmacFinalNoFree(&mut self.ws_cmac, - dout.as_mut_ptr(), &mut dout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// One-shot CMAC verification function (with optional heap and device ID). - /// - /// # Parameters - /// - /// * `key`: Key to use for CMAC generation. - /// * `data`: CMAC input data. - /// * `check`: CMAC value to compare to. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(valid) (with valid indicating if the CMAC passed in - /// is correct or not) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(aes)] - /// { - /// use wolfssl::wolfcrypt::cmac::CMAC; - /// let key = [ - /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - /// ]; - /// let message = [ - /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - /// ]; - /// let mut generate_out = [0u8; 16]; - /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); - /// let mut cmac = CMAC::new(&key).expect("Error with new()"); - /// let valid = cmac.verify_ex(&key, &message, &generate_out, None, None).expect("Error with verify_ex()"); - /// assert!(valid); - /// } - /// ``` - #[cfg(aes)] - pub fn verify_ex(&mut self, key: &[u8], data: &[u8], check: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; - let data_size = data.len() as u32; - let check_size = check.len() as u32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_AesCmacVerify_ex(&mut self.ws_cmac, - check.as_ptr(), check_size, - data.as_ptr(), data_size, - key.as_ptr(), key_size, heap, dev_id) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc == 0) - } -} -impl Drop for CMAC { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_CmacFree(&mut self.ws_cmac); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/dh.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/dh.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/dh.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/dh.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,1520 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Diffie-Hellman -(DH) functionality. - -The primary component is the `DH` struct, which manages the lifecycle of a -wolfSSL `DhKey` object. It ensures proper initialization and deallocation. -*/ - -#![cfg(dh)] - -use crate::sys; -use crate::wolfcrypt::random::RNG; -use std::mem::{MaybeUninit}; - -pub struct DH { - wc_dhkey: sys::DhKey, -} - -impl DH { - /// ffdhe2048 named parameter group. - pub const FFDHE_2048: i32 = sys::WC_FFDHE_2048 as i32; - /// ffdhe3072 named parameter group. - pub const FFDHE_3072: i32 = sys::WC_FFDHE_3072 as i32; - /// ffdhe4096 named parameter group. - pub const FFDHE_4096: i32 = sys::WC_FFDHE_4096 as i32; - /// ffdhe6144 named parameter group. - pub const FFDHE_6144: i32 = sys::WC_FFDHE_6144 as i32; - /// ffdhe8192 named parameter group. - pub const FFDHE_8192: i32 = sys::WC_FFDHE_8192 as i32; - - /// Perform quick validity check of public key value against prime. - /// - /// This checks that: - /// * Public key is not 0 or 1. - /// * Public key is not equal to prime or prime - 1. - /// * Public key is not bigger than prime. - /// - /// # Parameters - /// - /// * `prime`: Buffer containing prime value. - /// * `public`: Buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let public = &public[0..(public_size as usize)]; - /// let mut p = [0u8; 256]; - /// let mut q = [0u8; 256]; - /// let mut g = [0u8; 256]; - /// let mut p_size = 0u32; - /// let mut g_size = 0u32; - /// let mut q_size = 0u32; - /// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); - /// let p = &p[0..(p_size as usize)]; - /// DH::check_pub_value(p, public).expect("Error with check_pub_value()"); - /// ``` - pub fn check_pub_value(prime: &[u8], public: &[u8]) -> Result<(), i32> { - let prime_size = prime.len() as u32; - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_DhCheckPubValue(prime.as_ptr(), prime_size, - public.as_ptr(), public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Compare given DH parameters to named parameter set. - /// - /// # Parameters - /// - /// * `name`: DH parameters name, one of DH::FFDHE_*. - /// * `p`: DH `p` parameter value. - /// * `g`: DH `g` parameter value. - /// * `q`: DH `q` parameter value (optional). - /// - /// # Returns - /// - /// Returns whether the parameters match the named parameters. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut p = [0u8; 256]; - /// let mut q = [0u8; 256]; - /// let mut g = [0u8; 256]; - /// let mut p_size = 0u32; - /// let mut q_size = 0u32; - /// let mut g_size = 0u32; - /// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); - /// let p = &p[0..(p_size as usize)]; - /// let g = &g[0..(g_size as usize)]; - /// assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None)); - /// ``` - pub fn compare_named_key(name: i32, p: &[u8], g: &[u8], q: Option<&[u8]>) -> bool { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let mut no_q = 1i32; - let mut q_ptr: *const u8 = core::ptr::null(); - let mut q_size = 0u32; - if let Some(q) = q { - no_q = 0; - q_ptr = q.as_ptr(); - q_size = q.len() as u32; - } - let rc = unsafe { - sys::wc_DhCmpNamedKey(name, no_q, - p.as_ptr(), p_size, - g.as_ptr(), g_size, - q_ptr, q_size) - }; - rc != 0 - } - - /// Create a new DH context by generating parameters. - /// - /// # Parameters - /// - /// * `rng`: `RNG` struct instance to use for random number generation. - /// * `modulus_size`: Modulus size in bits. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(dh_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()"); - /// } - /// ``` - #[cfg(dh_keygen)] - pub fn generate(rng: &mut RNG, modulus_size: i32) -> Result { - Self::generate_ex(rng, modulus_size, None, None) - } - - /// Create a new DH context by generating parameters with optional heap and - /// device ID. - /// - /// # Parameters - /// - /// * `rng`: `RNG` struct instance to use for random number generation. - /// * `modulus_size`: Modulus size in bits. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(dh_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::generate_ex(&mut rng, 2048, None, None).expect("Error with generate_ex()"); - /// } - /// ``` - #[cfg(dh_keygen)] - pub fn generate_ex(rng: &mut RNG, modulus_size: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_dhkey = unsafe { wc_dhkey.assume_init() }; - let mut dh = DH { wc_dhkey }; - let rc = unsafe { - sys::wc_DhGenerateParams(&mut rng.wc_rng, modulus_size, &mut dh.wc_dhkey) - }; - if rc != 0 { - return Err(rc); - } - Ok(dh) - } - - /// Get minimum key size for DH named parameter set. - /// - /// # Parameters - /// - /// * `name`: DH parameters name, one of DH::FFDHE_*. - /// - /// # Returns - /// - /// Minimum key size for the DH named parameter set. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let min_key_size = DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048); - /// assert_eq!(min_key_size, 29); - /// ``` - pub fn get_min_key_size_for_named_parameters(name: i32) -> u32 { - unsafe { sys::wc_DhGetNamedKeyMinSize(name) } - } - - /// Get parameter sizes for a named parameter set. - /// - /// # Parameters - /// - /// * `name`: DH parameters name, one of DH::FFDHE_*. - /// * `p_size`: Output parameter containing size of DH `p` parameter. - /// * `g_size`: Output parameter containing size of DH `g` parameter. - /// * `q_size`: Output parameter containing size of DH `q` parameter. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut p_size = 0u32; - /// let mut g_size = 0u32; - /// let mut q_size = 0u32; - /// DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size); - /// ``` - pub fn get_named_parameter_sizes(name: i32, p_size: &mut u32, g_size: &mut u32, q_size: &mut u32) { - unsafe { - sys::wc_DhGetNamedKeyParamSize(name, p_size, g_size, q_size) - }; - } - - /// Create a new DH context using the named parameter set. - /// - /// # Parameters - /// - /// * `name`: DH parameters name, one of DH::FFDHE_*. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// ``` - pub fn new_named(name: i32) -> Result { - Self::new_named_ex(name, None, None) - } - - /// Create a new DH context using the named parameter set with optional - /// heap and device ID. - /// - /// # Parameters - /// - /// * `name`: DH parameters name, one of DH::FFDHE_*. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut dh = DH::new_named_ex(DH::FFDHE_2048, None, None).expect("Error with new_named_ex()"); - /// ``` - pub fn new_named_ex(name: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_dhkey = unsafe { wc_dhkey.assume_init() }; - let mut dh = DH { wc_dhkey }; - let rc = unsafe { sys::wc_DhSetNamedKey(&mut dh.wc_dhkey, name) }; - if rc != 0 { - return Err(rc); - } - Ok(dh) - } - - /// Create a new DH context using the given p and g parameters. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let dh = DH::new_from_pg(&p, &g).expect("Error with new_from_pg()"); - /// ``` - pub fn new_from_pg(p: &[u8], g: &[u8]) -> Result { - Self::new_from_pg_ex(p, g, None, None) - } - - /// Create a new DH context using the given p and g parameters with - /// optional heap and device ID. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let dh = DH::new_from_pg_ex(&p, &g, None, None).expect("Error with new_from_pg_ex()"); - /// ``` - pub fn new_from_pg_ex(p: &[u8], g: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_dhkey = unsafe { wc_dhkey.assume_init() }; - let mut dh = DH { wc_dhkey }; - let rc = unsafe { - sys::wc_DhSetKey(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dh) - } - - /// Create a new DH context using the given p, g, and q parameters. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// * `q`: DH 'q' parameter value. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let dh = DH::new_from_pgq(&p, &g, &q).expect("Error with new_from_pgq()"); - /// ``` - pub fn new_from_pgq(p: &[u8], g: &[u8], q: &[u8]) -> Result { - Self::new_from_pgq_ex(p, g, q, None, None) - } - - /// Create a new DH context using the given p, g, and q parameters with - /// optional heap and device ID. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// * `q`: DH 'q' parameter value. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let dh = DH::new_from_pgq_ex(&p, &g, &q, None, None).expect("Error with new_from_pgq_ex()"); - /// ``` - pub fn new_from_pgq_ex(p: &[u8], g: &[u8], q: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let q_size = q.len() as u32; - let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_dhkey = unsafe { wc_dhkey.assume_init() }; - let mut dh = DH { wc_dhkey }; - let rc = unsafe { - sys::wc_DhSetKey_ex(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size, q.as_ptr(), q_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dh) - } - - /// Create a new DH context using the given p, g, and q parameters with - /// check. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// * `q`: DH 'q' parameter value. - /// * `trusted`: Whether to skip the prime check for `p` parameter and mark - /// the DH context as trusted. - /// * `rng`: `RNG` instance to use for random number generation. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq_with_check()"); - /// ``` - pub fn new_from_pgq_with_check(p: &[u8], g: &[u8], q: &[u8], trusted: i32, rng: &mut RNG) -> Result { - Self::new_from_pgq_with_check_ex(p, g, q, trusted, rng, None, None) - } - - /// Create a new DH context using the given p, g, and q parameters with - /// check and optional heap and device ID. - /// - /// # Parameters - /// - /// * `p`: DH 'p' parameter value. - /// * `g`: DH 'g' parameter value. - /// * `q`: DH 'q' parameter value. - /// * `trusted`: Whether to skip the prime check for `p` parameter and mark - /// the DH context as trusted. - /// * `rng`: `RNG` instance to use for random number generation. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(dh) containing the DH struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let dh = DH::new_from_pgq_with_check_ex(&p, &g, &q, 0, &mut rng, None, None).expect("Error with new_from_pgq_with_check_ex()"); - /// ``` - pub fn new_from_pgq_with_check_ex(p: &[u8], g: &[u8], q: &[u8], trusted: i32, rng: &mut RNG, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let p_size = p.len() as u32; - let g_size = g.len() as u32; - let q_size = q.len() as u32; - let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_dhkey = unsafe { wc_dhkey.assume_init() }; - let mut dh = DH { wc_dhkey }; - let rc = unsafe { - sys::wc_DhSetCheckKey(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size, q.as_ptr(), q_size, trusted, &mut rng.wc_rng) - }; - if rc != 0 { - return Err(rc); - } - Ok(dh) - } - - /// Check public/private key pair for pair-wise consistency per process in - /// SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. - /// - /// # Parameters - /// - /// * `public`: Buffer containing public key. - /// * `private`: Buffer containing private key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let private = &private[0..(private_size as usize)]; - /// let public = &public[0..(public_size as usize)]; - /// dh.check_key_pair(public, private).expect("Error with check_key_pair()"); - /// ``` - pub fn check_key_pair(&mut self, public: &[u8], private: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let private_size = private.len() as u32; - let rc = unsafe { - sys::wc_DhCheckKeyPair(&mut self.wc_dhkey, - public.as_ptr(), public_size, - private.as_ptr(), private_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Check private key for invalid numbers. - /// - /// The check is per process in SP 800-56Ar3, section 5.6.2.1.2. - /// - /// # Parameters - /// - /// * `private`: Buffer containing private key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let private = &private[0..(private_size as usize)]; - /// dh.check_priv_key(private).expect("Error with check_priv_key()"); - /// ``` - pub fn check_priv_key(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; - let rc = unsafe { - sys::wc_DhCheckPrivKey(&mut self.wc_dhkey, - private.as_ptr(), private_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Check private key for invalid numbers with optional prime value. - /// - /// This optionally allows the private key to be checked against the large - /// prime (q). - /// The check is per process in SP 800-56Ar3, section 5.6.2.1.2. - /// - /// # Parameters - /// - /// * `private`: Buffer containing private key. - /// * `prime`: Buffer containing prime value (optional). - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let private = &private[0..(private_size as usize)]; - /// dh.check_priv_key_ex(private, Some(&q)).expect("Error with check_priv_key_ex()"); - /// ``` - pub fn check_priv_key_ex(&mut self, private: &[u8], prime: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; - let mut prime_ptr: *const u8 = core::ptr::null(); - let mut prime_size = 0u32; - if let Some(prime) = prime { - prime_ptr = prime.as_ptr(); - prime_size = prime.len() as u32; - } - let rc = unsafe { - sys::wc_DhCheckPrivKey_ex(&mut self.wc_dhkey, - private.as_ptr(), private_size, - prime_ptr, prime_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Check public key for invalid numbers (partial check). - /// - /// This performs a partial public-key validation routine. - /// - /// # Parameters - /// - /// * `public`: Buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let public = &public[0..(public_size as usize)]; - /// dh.check_pub_key(public).expect("Error with check_pub_key()"); - /// ``` - pub fn check_pub_key(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_DhCheckPubKey(&mut self.wc_dhkey, public.as_ptr(), public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Check public key for invalid numbers (full check). - /// - /// This performs a full public-key validation routine. - /// - /// # Parameters - /// - /// * `public`: Buffer containing public key. - /// * `prime`: Buffer containing prime value. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let p = [ - /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - /// ]; - /// let g = [ - /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - /// ]; - /// let q = [ - /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let q0 = [ - /// 0x00u8, - /// 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - /// 0x40, 0x52, 0xed, 0x41 - /// ]; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// let public = &public[0..(public_size as usize)]; - /// dh.check_pub_key_ex(public, &q0).expect("Error with check_pub_key_ex()"); - /// ``` - pub fn check_pub_key_ex(&mut self, public: &[u8], prime: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let prime_size = prime.len() as u32; - let rc = unsafe { - sys::wc_DhCheckPubKey_ex(&mut self.wc_dhkey, - public.as_ptr(), public_size, - prime.as_ptr(), prime_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export Diffie-Hellman context parameters. - /// - /// # Parameters - /// - /// * `p`: Buffer in which to store the DH `p` parameter value. - /// * `p_size`: Output parameter holding number of bytes written to `p`. - /// * `q`: Buffer in which to store the DH `q` parameter value. - /// * `q_size`: Output parameter holding number of bytes written to `q`. - /// * `g`: Buffer in which to store the DH `g` parameter value. - /// * `g_size`: Output parameter holding number of bytes written to `g`. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - pub fn export_params_raw(&mut self, - p: &mut [u8], p_size: &mut u32, - q: &mut [u8], q_size: &mut u32, - g: &mut [u8], g_size: &mut u32) -> Result<(), i32> { - *p_size = p.len() as u32; - *q_size = q.len() as u32; - *g_size = g.len() as u32; - let rc = unsafe { - sys::wc_DhExportParamsRaw(&mut self.wc_dhkey, - p.as_mut_ptr(), p_size, - q.as_mut_ptr(), q_size, - g.as_mut_ptr(), g_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Generate a public/private key pair for the given DH parameters. - /// - /// # Parameters - /// - /// * `rng`: `RNG` instance used for random number generation. - /// * `private`: Buffer in which to store the generated private key. - /// * `private_size`: Output parameter storing the private key size in bytes. - /// * `public`: Buffer in which to store the generated public key. - /// * `public_size`: Output parameter storing the public key size in bytes. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private = [0u8; 256]; - /// let mut private_size = 0u32; - /// let mut public = [0u8; 256]; - /// let mut public_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - /// ``` - pub fn generate_key_pair(&mut self, rng: &mut RNG, - private: &mut [u8], private_size: &mut u32, - public: &mut [u8], public_size: &mut u32) -> Result<(), i32> { - *private_size = private.len() as u32; - *public_size = public.len() as u32; - let rc = unsafe { - sys::wc_DhGenerateKeyPair(&mut self.wc_dhkey, &mut rng.wc_rng, - private.as_mut_ptr(), private_size, - public.as_mut_ptr(), public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Generate a shared secret agreed upon by both parties. - /// - /// This function generates an agreed upon secret key based on a local - /// private key and a received public key. If completed on both sides of an - /// exchange, this function generates an agreed upon secret key for - /// symmetric communication. On successfully generating a shared secret - /// key, the size of the secret key written to `dout` will be returned. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the size of the key written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::dh::DH; - /// let mut rng = RNG::new().expect("Error with RNG::new()"); - /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - /// let mut private0 = [0u8; 256]; - /// let mut private0_size = 0u32; - /// let mut public0 = [0u8; 256]; - /// let mut public0_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private0, &mut private0_size, &mut public0, &mut public0_size).expect("Error with generate_key_pair()"); - /// let mut private1 = [0u8; 256]; - /// let mut private1_size = 0u32; - /// let mut public1 = [0u8; 256]; - /// let mut public1_size = 0u32; - /// dh.generate_key_pair(&mut rng, &mut private1, &mut private1_size, &mut public1, &mut public1_size).expect("Error with generate_key_pair()"); - /// let mut ss0 = [0u8; 256]; - /// let ss0_size = dh.shared_secret(&mut ss0, &private0, &public1).expect("Error with shared_secret()"); - /// let ss0 = &ss0[0..ss0_size]; - /// ``` - pub fn shared_secret(&mut self, dout: &mut [u8], private: &[u8], other_pub: &[u8]) -> Result { - let mut dout_size = dout.len() as u32; - let private_size = private.len() as u32; - let other_pub_size = other_pub.len() as u32; - let rc = unsafe { - sys::wc_DhAgree(&mut self.wc_dhkey, - dout.as_mut_ptr(), &mut dout_size, - private.as_ptr(), private_size, - other_pub.as_ptr(), other_pub_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } -} - -impl Drop for DH { - /// Safely free the underlying wolfSSL DhKey context. - /// - /// This calls the `wc_FreeDhKey()` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// DH struct instance goes out of scope, automatically cleaning up - /// resources and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_FreeDhKey(&mut self.wc_dhkey); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ecc.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,1865 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's ECC -functionality. - -The primary component is the `ECC` struct, which manages the lifecycle of a -wolfSSL `ecc_key` object. It ensures proper initialization and deallocation. -*/ - -#![cfg(ecc)] - -use crate::sys; -use crate::wolfcrypt::random::RNG; -use std::mem::{MaybeUninit}; - -/// Rust wrapper for wolfSSL `ecc_point` object. -pub struct ECCPoint { - wc_ecc_point: *mut sys::ecc_point, - heap: *mut std::os::raw::c_void, -} - -impl ECCPoint { - /// Import an ECCPoint from a DER-formatted buffer. - /// - /// # Parameters - /// - /// * `din`: DER-formatted buffer. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// - /// # Returns - /// - /// Returns either Ok(ECCPoint) containing the ECCPoint struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::{ECC,ECCPoint}; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// let mut der = [0u8; 128]; - /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); - /// ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_der(din: &[u8], curve_id: i32, heap: Option<*mut std::os::raw::c_void>) -> Result { - let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; - if curve_idx < 0 { - return Err(curve_idx); - } - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; - if wc_ecc_point.is_null() { - return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); - } - let eccpoint = ECCPoint { wc_ecc_point, heap }; - let din_size = din.len() as u32; - let rc = unsafe { - sys::wc_ecc_import_point_der(din.as_ptr(), din_size, curve_idx, - eccpoint.wc_ecc_point) - }; - if rc != 0 { - return Err(rc); - } - Ok(eccpoint) - } - - /// Import an ECCPoint from a DER-formatted buffer. - /// - /// # Parameters - /// - /// * `din`: DER-formatted buffer. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `short_key_size`: if shortKeySize != 0 then key size is always - /// (din.len() - 1) / 2. - /// * `heap`: Optional heap hint. - /// - /// # Returns - /// - /// Returns either Ok(ECCPoint) containing the ECCPoint struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(all(ecc_import, ecc_export, ecc_comp_key))] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::{ECC,ECCPoint}; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// let mut der = [0u8; 128]; - /// let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - /// ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_der_ex(din: &[u8], curve_id: i32, short_key_size: i32, heap: Option<*mut std::os::raw::c_void>) -> Result { - let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; - if curve_idx < 0 { - return Err(curve_idx); - } - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; - if wc_ecc_point.is_null() { - return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); - } - let eccpoint = ECCPoint { wc_ecc_point, heap }; - let din_size = din.len() as u32; - let rc = unsafe { - sys::wc_ecc_import_point_der_ex(din.as_ptr(), din_size, curve_idx, - wc_ecc_point, short_key_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(eccpoint) - } - - /// Export an ECCPoint in DER format. - /// - /// # Parameters - /// - /// * `dout`: Output buffer. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::{ECC,ECCPoint}; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// let mut der = [0u8; 128]; - /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); - /// assert!(size > 0 && size <= der.len()); - /// ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); - /// } - /// ``` - #[cfg(ecc_export)] - pub fn export_der(&self, dout: &mut [u8], curve_id: i32) -> Result { - let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; - if curve_idx < 0 { - return Err(curve_idx); - } - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_point_der(curve_idx, self.wc_ecc_point, - dout.as_mut_ptr(), &mut dout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Export an ECCPoint in compressed DER format. - /// - /// # Parameters - /// - /// * `dout`: Output buffer. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(all(ecc_export, ecc_comp_key))] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::{ECC,ECCPoint}; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// let mut der = [0u8; 128]; - /// let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - /// ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); - /// } - /// ``` - #[cfg(all(ecc_export, ecc_comp_key))] - pub fn export_der_compressed(&self, dout: &mut [u8], curve_id: i32) -> Result { - let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; - if curve_idx < 0 { - return Err(curve_idx); - } - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_point_der_ex(curve_idx, self.wc_ecc_point, - dout.as_mut_ptr(), &mut dout_size, 1) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Zeroize the ECCPoint. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// ecc_point.forcezero(); - /// ``` - pub fn forcezero(&mut self) { - unsafe { sys::wc_ecc_forcezero_point(self.wc_ecc_point) }; - } -} - -impl Drop for ECCPoint { - /// Safely free the underlying wolfSSL ecc_point context. - /// - /// This calls the `wc_ecc_del_point_h()` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// ECCPoint struct instance goes out of scope, automatically cleaning up - /// resources and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_ecc_del_point_h(self.wc_ecc_point, self.heap); } - } -} - -/// The `ECC` struct manages the lifecycle of a wolfSSL `ecc_key` object. -/// -/// It ensures proper initialization and deallocation. -/// -/// An instance can be created with `generate()`, `import_x963()`, -/// `import_x963_ex()`, `import_private_key()`, `import_private_key_ex()`, -/// `import_raw()`, or `import_raw_ex()`. -pub struct ECC { - wc_ecc_key: sys::ecc_key, -} - -impl ECC { - pub const CURVE_INVALID: i32 = sys::ecc_curve_ids_ECC_CURVE_INVALID; - pub const CURVE_DEF: i32 = sys::ecc_curve_ids_ECC_CURVE_DEF; - pub const SECP192R1: i32 = sys::ecc_curve_ids_ECC_SECP192R1; - pub const PRIME192V2: i32 = sys::ecc_curve_ids_ECC_PRIME192V2; - pub const PRIME192V3: i32 = sys::ecc_curve_ids_ECC_PRIME192V3; - pub const PRIME239V1: i32 = sys::ecc_curve_ids_ECC_PRIME239V1; - pub const PRIME239V2: i32 = sys::ecc_curve_ids_ECC_PRIME239V2; - pub const PRIME239V3: i32 = sys::ecc_curve_ids_ECC_PRIME239V3; - pub const SECP256R1: i32 = sys::ecc_curve_ids_ECC_SECP256R1; - pub const SECP112R1: i32 = sys::ecc_curve_ids_ECC_SECP112R1; - pub const SECP112R2: i32 = sys::ecc_curve_ids_ECC_SECP112R2; - pub const SECP128R1: i32 = sys::ecc_curve_ids_ECC_SECP128R1; - pub const SECP128R2: i32 = sys::ecc_curve_ids_ECC_SECP128R2; - pub const SECP160R1: i32 = sys::ecc_curve_ids_ECC_SECP160R1; - pub const SECP160R2: i32 = sys::ecc_curve_ids_ECC_SECP160R2; - pub const SECP224R1: i32 = sys::ecc_curve_ids_ECC_SECP224R1; - pub const SECP384R1: i32 = sys::ecc_curve_ids_ECC_SECP384R1; - pub const SECP521R1: i32 = sys::ecc_curve_ids_ECC_SECP521R1; - pub const SECP160K1: i32 = sys::ecc_curve_ids_ECC_SECP160K1; - pub const SECP192K1: i32 = sys::ecc_curve_ids_ECC_SECP192K1; - pub const SECP224K1: i32 = sys::ecc_curve_ids_ECC_SECP224K1; - pub const SECP256K1: i32 = sys::ecc_curve_ids_ECC_SECP256K1; - pub const BRAINPOOLP160R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP160R1; - pub const BRAINPOOLP192R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP192R1; - pub const BRAINPOOLP224R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP224R1; - pub const BRAINPOOLP256R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP256R1; - pub const BRAINPOOLP320R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP320R1; - pub const BRAINPOOLP384R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP384R1; - pub const BRAINPOOLP512R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP512R1; - pub const SM2P256V1: i32 = sys::ecc_curve_ids_ECC_SM2P256V1; - #[cfg(ecc_curve_25519)] - pub const X25519: i32 = sys::ecc_curve_ids_ECC_X25519; - #[cfg(ecc_curve_448)] - pub const X448: i32 = sys::ecc_curve_ids_ECC_X448; - #[cfg(ecc_curve_sakke)] - pub const SAKKE_1: i32 = sys::ecc_curve_ids_ECC_SAKKE_1; - #[cfg(ecc_custom_curves)] - pub const CURVE_CUSTOM: i32 = sys::ecc_curve_ids_ECC_CURVE_CUSTOM; - pub const CURVE_MAX: i32 = sys::ecc_curve_ids_ECC_CURVE_MAX; - - pub const FLAG_NONE: i32 = sys::WC_ECC_FLAG_NONE as i32; - pub const FLAG_COFACTOR: i32 = sys::WC_ECC_FLAG_COFACTOR as i32; - pub const FLAG_DEC_SIGN: i32 = sys::WC_ECC_FLAG_DEC_SIGN as i32; - - /// Generate a new ECC key with the given size. - /// - /// # Parameters - /// - /// * `size`: Desired key length in bytes. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while making the key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// ecc.check().expect("Error with check()"); - /// ``` - pub fn generate(size: i32, rng: &mut RNG, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_make_key(&mut rng.wc_rng, size, &mut wc_ecc_key) - }; - if rc != 0 { - unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Generate a new ECC key with the given size and curve. - /// - /// # Parameters - /// - /// * `size`: Desired key length in bytes. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while making the key. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - /// ecc.check().expect("Error with check()"); - /// ``` - pub fn generate_ex(size: i32, rng: &mut RNG, curve_id: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_make_key_ex(&mut rng.wc_rng, size, &mut wc_ecc_key, curve_id) - }; - if rc != 0 { - unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Generate a new ECC key with the given size, curve, and flags. - /// - /// # Parameters - /// - /// * `size`: Desired key length in bytes. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while making the key. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `flags`: Flags for making the key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex2(curve_size, &mut rng, curve_id, ECC::FLAG_COFACTOR, None, None).expect("Error with generate_ex2()"); - /// ecc.check().expect("Error with check()"); - /// ``` - pub fn generate_ex2(size: i32, rng: &mut RNG, curve_id: i32, flags: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_make_key_ex2(&mut rng.wc_rng, size, &mut wc_ecc_key, curve_id, flags) - }; - if rc != 0 { - unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Get the curve size corresponding to the given curve ID. - /// - /// # Parameters - /// - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the curve size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// ecc.check().expect("Error with check()"); - /// ``` - pub fn get_curve_size_from_id(curve_id: i32) -> Result { - let rc = unsafe { sys::wc_ecc_get_curve_size_from_id(curve_id) }; - if rc < 0 { - return Err(rc); - } - Ok(rc) - } - - /// Import public and private ECC key pair from DER input buffer. - /// - /// # Parameters - /// - /// * `der`: DER buffer containing the ECC public and private key pair. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// use std::fs; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// ``` - pub fn import_der(der: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let mut idx = 0u32; - let der_size = der.len() as u32; - let rc = unsafe { - sys::wc_EccPrivateKeyDecode(der.as_ptr(), &mut idx, &mut wc_ecc_key, der_size) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import public ECC key from DER input buffer. - /// - /// # Parameters - /// - /// * `der`: DER buffer containing the ECC public key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// use std::fs; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// assert!(signature_length > 0 && signature_length <= signature.len()); - /// let signature = &mut signature[0..signature_length]; - /// let key_path = "../../../certs/ecc-client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_public_der(&der, None, None).expect("Error with import_public_der()"); - /// ``` - pub fn import_public_der(der: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let mut idx = 0u32; - let der_size = der.len() as u32; - let rc = unsafe { - sys::wc_EccPublicKeyDecode(der.as_ptr(), &mut idx, &mut wc_ecc_key, der_size) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import a public/private ECC key pair from a buffer containing the raw - /// private key and a second buffer containing the ANSI X9.63 formatted - /// public key. This function handles both compressed and uncompressed - /// keys as long as wolfSSL is built with the HAVE_COMP_KEY build option - /// enabled. - /// - /// # Parameters - /// - /// * `priv_buf`: Buffer containing the raw private key. - /// * `pub_buf`: Buffer containing the ANSI X9.63 formatted public key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &signature[0..signature_length]; - /// let mut d = [0u8; 32]; - /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); - /// let mut x963 = [0u8; 128]; - /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - /// let x963 = &x963[0..x963_size]; - /// let mut ecc2 = ECC::import_private_key(&d, x963, None, None).expect("Error with import_private_key()"); - /// let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - /// assert_eq!(valid, true); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_private_key(priv_buf: &[u8], pub_buf: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let priv_size = priv_buf.len() as u32; - let pub_size = pub_buf.len() as u32; - let rc = unsafe { - sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size, - pub_buf.as_ptr(), pub_size, &mut wc_ecc_key) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import a public/private ECC key pair from a buffer containing the raw - /// private key and a second buffer containing the ANSI X9.63 formatted - /// public key. This function handles both compressed and uncompressed - /// keys as long as wolfSSL is built with the HAVE_COMP_KEY build option - /// enabled. This function allows the curve ID to be explicitly specified. - /// - /// # Parameters - /// - /// * `priv_buf`: Buffer containing the raw private key. - /// * `pub_buf`: Buffer containing the ANSI X9.63 formatted public key. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &signature[0..signature_length]; - /// let mut d = [0u8; 32]; - /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); - /// let mut x963 = [0u8; 128]; - /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - /// let x963 = &x963[0..x963_size]; - /// let mut ecc2 = ECC::import_private_key_ex(&d, x963, curve_id, None, None).expect("Error with import_private_key_ex()"); - /// let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - /// assert_eq!(valid, true); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_private_key_ex(priv_buf: &[u8], pub_buf: &[u8], curve_id: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let priv_size = priv_buf.len() as u32; - let pub_size = pub_buf.len() as u32; - let rc = unsafe { - sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size, - pub_buf.as_ptr(), pub_size, &mut wc_ecc_key, curve_id) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import raw ECC key from components in hexadecimal ASCII string format - /// with curve name specified. - /// - /// # Parameters - /// - /// * `qx`: X component of public key as null terminated ASCII hex string. - /// * `qy`: Y component of public key as null terminated ASCII hex string. - /// * `d`: Private key as null terminated ASCII hex string. - /// * `curve_name`: Null terminated ASCII string containing the curve name. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; - /// let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; - /// let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; - /// ECC::import_raw(qx, qy, d, b"SECP256R1\0", None, None).expect("Error with import_raw()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_raw(qx: &[u8], qy: &[u8], d: &[u8], curve_name: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let qx_ptr = qx.as_ptr() as *const i8; - let qy_ptr = qy.as_ptr() as *const i8; - let d_ptr = d.as_ptr() as *const i8; - let curve_name_ptr = curve_name.as_ptr() as *const i8; - let rc = unsafe { - sys::wc_ecc_import_raw(&mut wc_ecc_key, qx_ptr, qy_ptr, d_ptr, - curve_name_ptr) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import raw ECC key from components in hexadecimal ASCII string format - /// with curve ID specified. - /// - /// # Parameters - /// - /// * `qx`: X component of public key as null terminated ASCII hex string. - /// * `qy`: Y component of public key as null terminated ASCII hex string. - /// * `d`: Private key as null terminated ASCII hex string. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; - /// let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; - /// let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; - /// ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_raw_ex(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let qx_ptr = qx.as_ptr() as *const i8; - let qy_ptr = qy.as_ptr() as *const i8; - let d_ptr = d.as_ptr() as *const i8; - let rc = unsafe { - sys::wc_ecc_import_raw_ex(&mut wc_ecc_key, qx_ptr, qy_ptr, d_ptr, - curve_id) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import raw ECC key from components in binary unsigned integer format - /// with curve ID specified. - /// - /// # Parameters - /// - /// * `qx`: X component of public key in binary unsigned integer format. - /// * `qy`: Y component of public key in binary unsigned integer format. - /// * `d`: Private key in binary unsigned integer format. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - /// let mut qx = [0u8; 32]; - /// let mut qx_len = 0u32; - /// let mut qy = [0u8; 32]; - /// let mut qy_len = 0u32; - /// let mut d = [0u8; 32]; - /// let mut d_len = 0u32; - /// ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); - /// let mut ecc2 = ECC::import_unsigned(&qx, &qy, &d, curve_id, None, None).expect("Error with import_unsigned()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_unsigned(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_import_unsigned(&mut wc_ecc_key, qx.as_ptr(), qy.as_ptr(), - d.as_ptr(), curve_id) - }; - if rc != 0 { - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import a public ECC key from the given buffer containing the key stored - /// in ANSI X9.63 format. This function handles both compressed and - /// uncompressed keys, as long as compressed keys are enabled at compile - /// time with the HAVE_COMP_KEY build option. - /// - /// # Parameters - /// - /// * `din`: Buffer containing the ECC key encoded in ANSI X9.63 format. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut x963 = [0u8; 128]; - /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - /// let x963 = &x963[0..x963_size]; - /// let _ecc2 = ECC::import_x963(x963, None, None).expect("Error with import_x963()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_x963(din: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let din_size = din.len() as u32; - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_import_x963(din.as_ptr(), din_size, &mut wc_ecc_key) - }; - if rc != 0 { - unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Import a public ECC key from the given buffer containing the key stored - /// in ANSI X9.63 format. This function handles both compressed and - /// uncompressed keys, as long as compressed keys are enabled at compile - /// time with the HAVE_COMP_KEY build option. - /// - /// This function allows specifying the ECC curve ID to use. - /// - /// # Parameters - /// - /// * `din`: Buffer containing the ECC key encoded in ANSI X9.63 format. - /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let curve_id = ECC::SECP256R1; - /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - /// let mut x963 = [0u8; 128]; - /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - /// let x963 = &x963[0..x963_size]; - /// let _ecc2 = ECC::import_x963_ex(x963, curve_id, None, None).expect("Error with import_x963_ex()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn import_x963_ex(din: &[u8], curve_id: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let din_size = din.len() as u32; - let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; - let rc = unsafe { - sys::wc_ecc_import_x963_ex(din.as_ptr(), din_size, &mut wc_ecc_key, curve_id) - }; - if rc != 0 { - unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } - return Err(rc); - } - let ecc = ECC { wc_ecc_key }; - Ok(ecc) - } - - /// Convert the R and S portions (as hexadecimal ASCII strings) of an ECC - /// signature into a DER-encoded ECDSA signature. - /// - /// # Parameters - /// - /// * `r`: R component of ECC signature as a null-terminated hexadecimal - /// ASCII string. - /// * `s`: S component of ECC signature as a null-terminated hexadecimal - /// ASCII string. - /// * `dout`: Buffer in which to store the output ECDSA signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// fn bytes_to_asciiz_hex_string(bytes: &[u8]) -> String { - /// let mut hex_string = String::with_capacity(bytes.len() * 2 + 1); - /// for byte in bytes { - /// hex_string.push_str(&format!("{:02X}", byte)); - /// } - /// hex_string.push('\0'); - /// hex_string - /// } - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &mut signature[0..signature_length]; - /// let mut r = [0u8; 32]; - /// let mut r_size = 0u32; - /// let mut s = [0u8; 32]; - /// let mut s_size = 0u32; - /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); - /// let r = &r[0..r_size as usize]; - /// let s = &s[0..s_size as usize]; - /// let r_hex_string = bytes_to_asciiz_hex_string(r); - /// let s_hex_string = bytes_to_asciiz_hex_string(s); - /// let mut sig_out = [0u8; 128]; - /// let sig_out_size = ECC::rs_hex_to_sig(&r_hex_string[0..r_hex_string.len()].as_bytes(), &s_hex_string[0..s_hex_string.len()].as_bytes(), &mut sig_out).expect("Error with rs_hex_to_sig()"); - /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); - /// ``` - pub fn rs_hex_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { - let mut dout_size = dout.len() as u32; - let r_ptr = r.as_ptr() as *const i8; - let s_ptr = s.as_ptr() as *const i8; - let rc = unsafe { - sys::wc_ecc_rs_to_sig(r_ptr, s_ptr, dout.as_mut_ptr(), - &mut dout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Convert the R and S portions (as binary unsigned integers) of an ECC - /// signature into a DER-encoded ECDSA signature. - /// - /// # Parameters - /// - /// * `r`: R component of ECC signature as a binary unsigned integer. - /// * `s`: S component of ECC signature as a binary unsigned integer. - /// * `dout`: Buffer in which to store the output ECDSA signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &mut signature[0..signature_length]; - /// let mut r = [0u8; 32]; - /// let mut r_size = 0u32; - /// let mut s = [0u8; 32]; - /// let mut s_size = 0u32; - /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); - /// let r = &r[0..r_size as usize]; - /// let s = &s[0..s_size as usize]; - /// let mut sig_out = [0u8; 128]; - /// let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); - /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); - /// ``` - pub fn rs_bin_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { - let r_size = r.len() as u32; - let s_size = s.len() as u32; - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_rs_raw_to_sig(r.as_ptr(), r_size, s.as_ptr(), s_size, - dout.as_mut_ptr(), &mut dout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Convert ECDSA signature to R and S components. - /// - /// # Parameters - /// - /// * `sig`: ECDSA signature. - /// * `r`: Output buffer for R component. - /// * `r_size`: Number of bytes written to `r` buffer. - /// * `s`: Output buffer for S component. - /// * `s_size`: Number of bytes written to `s` buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &mut signature[0..signature_length]; - /// let mut r = [0u8; 32]; - /// let mut r_size = 0u32; - /// let mut s = [0u8; 32]; - /// let mut s_size = 0u32; - /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); - /// let r = &r[0..r_size as usize]; - /// let s = &s[0..s_size as usize]; - /// let mut sig_out = [0u8; 128]; - /// let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); - /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); - /// ``` - pub fn sig_to_rs(sig: &[u8], r: &mut [u8], r_size: &mut u32, s: &mut [u8], s_size: &mut u32) -> Result<(), i32> { - let sig_len = sig.len() as u32; - *r_size = r.len() as u32; - *s_size = s.len() as u32; - let rc = unsafe { - sys::wc_ecc_sig_to_rs(sig.as_ptr(), sig_len, - r.as_mut_ptr(), r_size, s.as_mut_ptr(), s_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Perform basic sanity checks on the ECC key. - /// - /// # Returns - /// - /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// ecc.check().expect("Error with check()"); - /// ``` - pub fn check(&mut self) -> Result<(), i32> { - let rc = unsafe { sys::wc_ecc_check_key(&mut self.wc_ecc_key) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export ECC key components in binary unsigned integer format. - /// - /// # Parameters - /// - /// * `qx`: Buffer in which to store public X component. - /// * `qx_len`: Output parameter storing number of bytes written to `qx`. - /// * `qy`: Buffer in which to store public Y component. - /// * `qy_len`: Output parameter storing number of bytes written to `qy`. - /// * `d`: Buffer in which to store private component. - /// * `d_len`: Output parameter storing number of bytes written to `d`. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut qx = [0u8; 32]; - /// let mut qx_len = 0u32; - /// let mut qy = [0u8; 32]; - /// let mut qy_len = 0u32; - /// let mut d = [0u8; 32]; - /// let mut d_len = 0u32; - /// ecc.export(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len).expect("Error with export()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn export(&mut self, qx: &mut [u8], qx_len: &mut u32, - qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; - *d_len = d.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_private_raw(&mut self.wc_ecc_key, - qx.as_mut_ptr(), qx_len, - qy.as_mut_ptr(), qy_len, - d.as_mut_ptr(), d_len) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export ECC key components as either ASCII hexadecimal strings or - /// in binary unsigned integer format. - /// - /// # Parameters - /// - /// * `qx`: Buffer in which to store public X component. - /// * `qx_len`: Output parameter storing number of bytes written to `qx`. - /// * `qy`: Buffer in which to store public Y component. - /// * `qy_len`: Output parameter storing number of bytes written to `qy`. - /// * `d`: Buffer in which to store private component. - /// * `d_len`: Output parameter storing number of bytes written to `d`. - /// * `hex`: true to output in ASCII hexadecimal string, false to output - /// as binary data. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut qx = [0u8; 32]; - /// let mut qx_len = 0u32; - /// let mut qy = [0u8; 32]; - /// let mut qy_len = 0u32; - /// let mut d = [0u8; 32]; - /// let mut d_len = 0u32; - /// ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); - /// } - /// ``` - #[cfg(ecc_import)] - pub fn export_ex(&mut self, qx: &mut [u8], qx_len: &mut u32, - qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32, - hex: bool) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; - *d_len = d.len() as u32; - let enc_type = - if hex { - sys::WC_TYPE_HEX_STR as i32 - } else { - sys::WC_TYPE_UNSIGNED_BIN as i32 - }; - let rc = unsafe { - sys::wc_ecc_export_ex(&mut self.wc_ecc_key, - qx.as_mut_ptr(), qx_len, - qy.as_mut_ptr(), qy_len, - d.as_mut_ptr(), d_len, - enc_type) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export private component from ECC key in binary unsigned integer form. - /// - /// # Parameters - /// - /// * `d`: Buffer in which to store private component. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to `d` - /// or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut d = [0u8; 32]; - /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); - /// assert_eq!(d_size, 32); - /// } - /// ``` - #[cfg(ecc_export)] - pub fn export_private(&mut self, d: &mut [u8]) -> Result { - let mut d_size = d.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_private_only(&mut self.wc_ecc_key, - d.as_mut_ptr(), &mut d_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(d_size as usize) - } - - /// Export public ECC key components in binary unsigned integer format. - /// - /// # Parameters - /// - /// * `qx`: Buffer in which to store public X component. - /// * `qx_len`: Output parameter storing number of bytes written to `qx`. - /// * `qy`: Buffer in which to store public Y component. - /// * `qy_len`: Output parameter storing number of bytes written to `qy`. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut qx = [0u8; 32]; - /// let mut qx_len = 0u32; - /// let mut qy = [0u8; 32]; - /// let mut qy_len = 0u32; - /// ecc.export_public(&mut qx, &mut qx_len, &mut qy, &mut qy_len).expect("Error with export_public()"); - /// } - /// ``` - #[cfg(ecc_export)] - pub fn export_public(&mut self, qx: &mut [u8], qx_len: &mut u32, - qy: &mut [u8], qy_len: &mut u32) -> Result<(), i32> { - *qx_len = qx.len() as u32; - *qy_len = qy.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_public_raw(&mut self.wc_ecc_key, - qx.as_mut_ptr(), qx_len, - qy.as_mut_ptr(), qy_len) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public key in ANSI X9.63 format. - /// - /// # Parameters - /// - /// * `dout`: Buffer to contain the output. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut x963 = [0u8; 128]; - /// let _x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - /// } - /// ``` - #[cfg(ecc_export)] - pub fn export_x963(&mut self, dout: &mut [u8]) -> Result { - let mut out_len: u32 = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_x963(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) - }; - if rc != 0 { - return Err(rc); - } - Ok(out_len as usize) - } - - /// Export public key in ANSI X9.63 compressed format. - /// - /// # Parameters - /// - /// * `dout`: Buffer to contain the output. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(all(ecc_export, ecc_comp_key))] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut x963 = [0u8; 128]; - /// let _x963_size = ecc.export_x963_compressed(&mut x963).expect("Error with export_x963_compressed()"); - /// } - /// ``` - #[cfg(all(ecc_export, ecc_comp_key))] - pub fn export_x963_compressed(&mut self, dout: &mut [u8]) -> Result { - let mut out_len: u32 = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_export_x963_ex(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len, 1) - }; - if rc != 0 { - return Err(rc); - } - Ok(out_len as usize) - } - - /// Compute the public component from this key private component. - /// - /// # Parameters - /// - /// * `rng`: RNG struct used to blind the private key value used in the - /// computation. - /// - /// # Returns - /// - /// Returns either Ok(()) or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// ecc.make_pub(Some(&mut rng)).expect("Error with make_pub()"); - /// ``` - pub fn make_pub(&mut self, rng: Option<&mut RNG>) -> Result<(), i32> { - let rng_ptr = match rng { - Some(rng) => &mut rng.wc_rng, - None => core::ptr::null_mut(), - }; - let rc = unsafe { - sys::wc_ecc_make_pub_ex(&mut self.wc_ecc_key, core::ptr::null_mut(), rng_ptr) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Compute the public component from this key private component. - /// - /// # Parameters - /// - /// * `rng`: RNG struct used to blind the private key value used in the - /// computation. - /// * `heap`: Optional heap hint. - /// - /// # Returns - /// - /// Returns either Ok(ECCPoint) containing the public component ECCPoint - /// or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let key_path = "../../../certs/ecc-client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - /// ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - /// ``` - pub fn make_pub_to_point(&mut self, rng: Option<&mut RNG>, heap: Option<*mut std::os::raw::c_void>) -> Result { - let rng_ptr = match rng { - Some(rng) => &mut rng.wc_rng, - None => core::ptr::null_mut(), - }; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; - if wc_ecc_point.is_null() { - return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); - } - let ecc_point = ECCPoint { wc_ecc_point, heap }; - let rc = unsafe { - sys::wc_ecc_make_pub_ex(&mut self.wc_ecc_key, wc_ecc_point, rng_ptr) - }; - if rc != 0 { - return Err(rc); - } - Ok(ecc_point) - } - - /// Associates a `RNG` instance with this `ECC` instance. - /// - /// This is necessary when wolfSSL is built with the `ECC_TIMING_RESISTANT` - /// build option enabled. - /// - /// # Parameters - /// - /// * `rng`: The `RNG` struct instance to associate with this `ECC` - /// instance. The `RNG` struct should not be moved in memory after - /// calling this method. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// ecc.set_rng(&mut rng).expect("Error with set_rng()"); - /// ``` - pub fn set_rng(&mut self, rng: &mut RNG) -> Result<(), i32> { - let rc = unsafe { - sys::wc_ecc_set_rng(&mut self.wc_ecc_key, &mut rng.wc_rng) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Compute the ECDH shared secret using this key's private component - /// and the peer public key. - /// - /// # Parameters - /// - /// * `peer`: `ECC` public key. - /// * `dout`: Buffer in which to store the computed secret value. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_dh)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut ss0 = [0u8; 128]; - /// let mut ss1 = [0u8; 128]; - /// ecc0.set_rng(&mut rng).expect("Error with set_rng()"); - /// ecc1.set_rng(&mut rng).expect("Error with set_rng()"); - /// let ss0_size = ecc0.shared_secret(&mut ecc1, &mut ss0).expect("Error with shared_secret()"); - /// let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); - /// assert_eq!(ss0_size, ss1_size); - /// let ss0 = &ss0[0..ss0_size]; - /// let ss1 = &ss1[0..ss1_size]; - /// assert_eq!(*ss0, *ss1); - /// } - /// ``` - #[cfg(ecc_dh)] - pub fn shared_secret(&mut self, peer_key: &mut ECC, dout: &mut [u8]) -> Result { - let mut out_len = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_shared_secret(&mut self.wc_ecc_key, - &mut peer_key.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) - }; - if rc < 0 { - return Err(rc); - } - Ok(out_len as usize) - } - - /// Compute the ECDH shared secret using this key's private component - /// and the peer public point. - /// - /// # Parameters - /// - /// * `peer`: `ECCPoint` struct holding the public components of the peer - /// ECC key. - /// * `dout`: Buffer in which to store the computed secret value. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_dh)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let ecc1_point = ecc1.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); - /// let mut ss0 = [0u8; 128]; - /// let mut ss1 = [0u8; 128]; - /// ecc0.set_rng(&mut rng).expect("Error with set_rng()"); - /// ecc1.set_rng(&mut rng).expect("Error with set_rng()"); - /// let ss0_size = ecc0.shared_secret_ex(&ecc1_point, &mut ss0).expect("Error with shared_secret_ex()"); - /// let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); - /// assert_eq!(ss0_size, ss1_size); - /// let ss0 = &ss0[0..ss0_size]; - /// let ss1 = &ss1[0..ss1_size]; - /// assert_eq!(*ss0, *ss1); - /// } - /// ``` - #[cfg(ecc_dh)] - pub fn shared_secret_ex(&mut self, peer: &ECCPoint, dout: &mut [u8]) -> Result { - let mut out_len = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_shared_secret_ex(&mut self.wc_ecc_key, - peer.wc_ecc_point, dout.as_mut_ptr(), &mut out_len) - }; - if rc != 0 { - return Err(rc); - } - Ok(out_len as usize) - } - - /// Sign a message digest using the ECC key. - /// - /// # Parameters - /// - /// * `din`: Message digest to sign. - /// * `dout`: Buffer in which to store the signature. - /// * `rng`: RNG struct to use for random number generation during signing. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `dout` or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &mut signature[0..signature_length]; - /// let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - /// assert_eq!(valid, true); - /// } - /// ``` - #[cfg(ecc_sign)] - pub fn sign_hash(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_size = din.len() as u32; - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_ecc_sign_hash(din.as_ptr(), din_size, dout.as_mut_ptr(), - &mut dout_size, &mut rng.wc_rng, &mut self.wc_ecc_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Verify the ECC signature of a hash. - /// - /// # Parameters - /// - /// * `sig`: ECC signature. - /// * `hash`: Message digest. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing a flag for whether the signature is - /// valid or Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ecc_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ecc::ECC; - /// let mut rng = RNG::new().expect("Failed to create RNG"); - /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - /// let hash = [0x42u8; 32]; - /// let mut signature = [0u8; 128]; - /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - /// let signature = &mut signature[0..signature_length]; - /// let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - /// assert_eq!(valid, true); - /// } - /// ``` - #[cfg(ecc_verify)] - pub fn verify_hash(&mut self, sig: &[u8], hash: &[u8]) -> Result { - let mut res: i32 = 0; - let sig_len = sig.len() as u32; - let hash_len = hash.len() as u32; - let rc = unsafe { - sys::wc_ecc_verify_hash(sig.as_ptr(), sig_len, - hash.as_ptr(), hash_len, &mut res, &mut self.wc_ecc_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(res != 0) - } -} - -impl Drop for ECC { - /// Safely free the underlying wolfSSL ECC context. - /// - /// This calls the `wc_ecc_key_free()` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the ECC - /// struct goes out of scope, automatically cleaning up resources and - /// preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_ecc_free(&mut self.wc_ecc_key); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed25519.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,1411 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's EdDSA Curve -25519 (Ed25519) functionality. -*/ - -#![cfg(ed25519)] - -use crate::sys; -use crate::wolfcrypt::random::RNG; -use std::mem::MaybeUninit; - -/// The `Ed25519` struct manages the lifecycle of a wolfSSL `ed25519_key` -/// object. -/// -/// It ensures proper initialization and deallocation. -/// -/// An instance can be created with `generate()` or `new()`. -pub struct Ed25519 { - ws_key: sys::ed25519_key, -} - -impl Ed25519 { - /** Size of private key only. */ - pub const KEY_SIZE: usize = sys::ED25519_KEY_SIZE as usize; - /** Size of signature. */ - pub const SIG_SIZE: usize = sys::ED25519_SIG_SIZE as usize; - /** Compressed public key size. */ - pub const PUB_KEY_SIZE: usize = sys::ED25519_PUB_KEY_SIZE as usize; - /** Size of both private and public key. */ - pub const PRV_KEY_SIZE: usize = sys::ED25519_PRV_KEY_SIZE as usize; - - pub const ED25519: u8 = sys::Ed25519 as u8; - pub const ED25519CTX: u8 = sys::Ed25519ctx as u8; - pub const ED25519PH: u8 = sys::Ed25519ph as u8; - - /// Generate a new Ed25519 key. - /// - /// # Parameters - /// - /// * `rng`: `RNG` instance to use for random number generation. - /// - /// # Returns - /// - /// Returns either Ok(ed25519) containing the Ed25519 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// ``` - pub fn generate(rng: &mut RNG) -> Result { - Self::generate_ex(rng, None, None) - } - - /// Generate a new Ed25519 key with optional heap and device ID. - /// - /// # Parameters - /// - /// * `rng`: `RNG` instance to use for random number generation. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ed25519) containing the Ed25519 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate_ex(&mut rng, None, None).expect("Error with generate_ex()"); - /// ``` - pub fn generate_ex(rng: &mut RNG, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut ws_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ed25519_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let ws_key = unsafe { ws_key.assume_init() }; - let mut ed25519 = Ed25519 { ws_key }; - let rc = unsafe { - sys::wc_ed25519_make_key(&mut rng.wc_rng, - sys::ED25519_KEY_SIZE as i32, &mut ed25519.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(ed25519) - } - - /// Create and initialize a new Ed25519 instance. - /// - /// A key will not be present but can be imported with one of the import - /// functions. - /// - /// # Returns - /// - /// Returns either Ok(ed25519) containing the Ed25519 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let ed = Ed25519::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create and initialize a new Ed25519 instance with optional heap and - /// device ID. - /// - /// A key will not be present but can be imported with one of the import - /// functions. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ed25519) containing the Ed25519 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let ed = Ed25519::new_ex(None, None).expect("Error with new()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut ws_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ed25519_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let ws_key = unsafe { ws_key.assume_init() }; - let ed25519 = Ed25519 { ws_key }; - Ok(ed25519) - } - - /// Check the public key is valid. - /// - /// When a private key is present, check that the calculated public key - /// matches it. When a private key is not present, check that Y is in range - /// and an X is able to be calculated. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// ed.check_key().expect("Error with check_key()"); - /// ``` - pub fn check_key(&mut self) -> Result<(), i32> { - let rc = unsafe { sys::wc_ed25519_check_key(&mut self.ws_key) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export private and public key to separate buffers. - /// - /// # Parameters - /// - /// * `private`: Output buffer in which to store the public/private key - /// pair. The length should be PRV_KEY_SIZE. - /// * `public`: Output buffer in which to store the public key. The length - /// should be PUB_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// } - /// ``` - #[cfg(ed25519_export)] - pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed25519_export_key(&self.ws_key, - private.as_mut_ptr(), &mut private_size, - public.as_mut_ptr(), &mut public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public key to buffer. - /// - /// # Parameters - /// - /// * `public`: Output buffer in which to store the public key. The length - /// should be PUB_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `public` on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_public(&mut public).expect("Error with export_public()"); - /// } - /// ``` - #[cfg(ed25519_export)] - pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { - let mut public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed25519_export_public(&self.ws_key, public.as_mut_ptr(), - &mut public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public/private key pair to buffer. - /// - /// # Parameters - /// - /// * `keyout`: Output buffer in which to store the key pair. The length - /// should be PRV_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `keyout` on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// ed.export_private(&mut private).expect("Error with export_private()"); - /// } - /// ``` - #[cfg(ed25519_export)] - pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { - let mut keyout_size = keyout.len() as u32; - let rc = unsafe { - sys::wc_ed25519_export_private(&self.ws_key, keyout.as_mut_ptr(), - &mut keyout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export private key only to buffer. - /// - /// # Parameters - /// - /// * `private`: Output buffer in which to store the private key. The - /// length should be KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// `private` on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private_only = [0u8; Ed25519::KEY_SIZE]; - /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - /// } - /// ``` - #[cfg(ed25519_export)] - pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let rc = unsafe { - sys::wc_ed25519_export_private_only(&self.ws_key, - private.as_mut_ptr(), &mut private_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import a public Ed25519 key from buffer. - /// - /// This function handles either compressed or uncompressed keys. - /// The public key is checked that it matches the private key if one is - /// already present. - /// - /// # Parameters - /// - /// * `public`: Input buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_public(&public).expect("Error with import_public()"); - /// } - /// ``` - #[cfg(ed25519_import)] - pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed25519_import_public(public.as_ptr(), public_size, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import a public Ed25519 key from buffer with trusted flag. - /// - /// This function handles either compressed or uncompressed keys. - /// The public key is checked that it matches the private key if one is - /// already present and trusted is false. - /// - /// # Parameters - /// - /// * `public`: Input buffer containing public key. - /// * `trusted`: Whether the public key buffer is trusted. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); - /// } - /// ``` - #[cfg(ed25519_import)] - pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed25519_import_public_ex(public.as_ptr(), public_size, - &mut self.ws_key, if trusted {1} else {0}) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import private Ed25519 key only from buffer. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private_only = [0u8; Ed25519::KEY_SIZE]; - /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_private_only(&private_only).expect("Error with import_private_only()"); - /// } - /// ``` - #[cfg(ed25519_import)] - pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; - let rc = unsafe { - sys::wc_ed25519_import_private_only(private.as_ptr(), private_size, - &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import public/private Ed25519 key pair from buffers. - /// - /// This functions handles either compressed or uncompressed keys. - /// The public key is assumed to be untrusted and is checked against the - /// private key. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// * `public`: Optional input buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_private_key(&private, Some(&public)).expect("Error with import_private_key()"); - /// } - /// ``` - #[cfg(ed25519_import)] - pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; - let mut public_ptr: *const u8 = core::ptr::null(); - let mut public_size = 0u32; - if let Some(public) = public { - public_ptr = public.as_ptr(); - public_size = public.len() as u32; - } - let rc = unsafe { - sys::wc_ed25519_import_private_key(private.as_ptr(), private_size, - public_ptr, public_size, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import public/private Ed25519 key pair from buffers with trusted flag. - /// - /// This functions handles either compressed or uncompressed keys. - /// The public is checked against private key if not trusted. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// * `public`: Optional input buffer containing private key. - /// * `trusted`: Whether the public key buffer is trusted. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); - /// } - /// ``` - #[cfg(ed25519_import)] - pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { - let private_size = private.len() as u32; - let mut public_ptr: *const u8 = core::ptr::null(); - let mut public_size = 0u32; - if let Some(public) = public { - public_ptr = public.as_ptr(); - public_size = public.len() as u32; - } - let rc = unsafe { - sys::wc_ed25519_import_private_key_ex(private.as_ptr(), private_size, - public_ptr, public_size, &mut self.ws_key, if trusted {1} else {0}) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Generate the Ed25519 public key from the private key stored in the - /// Ed25519 object. - /// - /// The public key is written to the pubkey output buffer. - /// - /// # Parameters - /// - /// * `pubkey`: Output buffer in which to store the public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed25519::KEY_SIZE]; - /// ed.export_private_only(&mut private).expect("Error with export_private_only()"); - /// let mut ed = Ed25519::new().expect("Error with new()"); - /// ed.import_private_only(&private).expect("Error with import_private_only()"); - /// let mut public = [0u8; Ed25519::KEY_SIZE]; - /// ed.make_public(&mut public).expect("Error with make_public()"); - /// ``` - pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { - let pubkey_size = pubkey.len() as u32; - let rc = unsafe { - sys::wc_ed25519_make_public(&mut self.ws_key, - pubkey.as_mut_ptr(), pubkey_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Sign a message using Ed25519 key. - /// - /// # Parameters - /// - /// * `message`: Message to sign. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - /// } - /// ``` - #[cfg(ed25519_sign)] - pub fn sign_msg(&mut self, message: &[u8], signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed25519_sign_msg(message.as_ptr(), message_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign a message with context using Ed25519 key. - /// - /// The context is part of the data signed. - /// - /// # Parameters - /// - /// * `message`: Message to sign. - /// * `context`: Buffer containing context for which message is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ctx(&message, context, &mut signature).expect("Error with sign_msg_ctx()"); - /// } - /// ``` - #[cfg(ed25519_sign)] - pub fn sign_msg_ctx(&mut self, message: &[u8], context: &[u8], signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let context_size = context.len() as u8; - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed25519ctx_sign_msg(message.as_ptr(), message_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context.as_ptr(), context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign a message digest with context using Ed25519 key. - /// - /// The context is part of the data signed. - /// The message is pre-hashed before signature calculation. - /// - /// # Parameters - /// - /// * `hash`: Message digest to sign. - /// * `context`: Optional buffer containing context for which hash is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let hash = [ - /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - /// ]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); - /// } - /// ``` - #[cfg(ed25519_sign)] - pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let hash_size = hash.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed25519ph_sign_hash(hash.as_ptr(), hash_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign a message with context using Ed25519 key. - /// - /// The context is part of the data signed. - /// The message is pre-hashed before signature calculation. - /// - /// # Parameters - /// - /// * `message`: Message digest to sign. - /// * `context`: Optional buffer containing context for which message is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); - /// } - /// ``` - #[cfg(ed25519_sign)] - pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed25519ph_sign_msg(message.as_ptr(), message_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign input data with optional context using Ed25519 key. - /// - /// If provided, the context is part of the data signed. - /// - /// # Parameters - /// - /// * `din`: Data to sign. - /// * `context`: Optional buffer containing context for which `din` is being signed. - /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ex(&message, Some(context), Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); - /// } - /// ``` - #[cfg(ed25519_sign)] - pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { - let din_size = din.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed25519_sign_msg_ex(din.as_ptr(), din_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - typ, context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Verify the Ed25519 signature of a message to ensure authenticity. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `message`: Message to verify the signature of. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - /// let signature_valid = ed.verify_msg(&signature, &message).expect("Error with verify_msg()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_verify)] - pub fn verify_msg(&mut self, signature: &[u8], message: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519_verify_msg(signature.as_ptr(), signature_size, - message.as_ptr(), message_size, &mut res, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed25519 signature of a message and context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `message`: Message to verify the signature of. - /// * `context`: Buffer containing context for which the message was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = b"Hello!"; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ctx(message, context, &mut signature).expect("Error with sign_msg()"); - /// let signature_valid = ed.verify_msg_ctx(&signature, message, context).expect("Error with verify_msg_ctx()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_verify)] - pub fn verify_msg_ctx(&mut self, signature: &[u8], message: &[u8], context: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; - let context_size = context.len() as u8; - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519ctx_verify_msg(signature.as_ptr(), signature_size, - message.as_ptr(), message_size, &mut res, &mut self.ws_key, - context.as_ptr(), context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed25519 signature of a message digest and context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// The hash algorithm used to create message digest must be SHA-512. - /// The message is pre-hashed before verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `hash`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the hash was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let hash = [ - /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - /// ]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); - /// let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(context)).expect("Error with verify_hash_ph()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_verify)] - pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let hash_size = hash.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519ph_verify_hash(signature.as_ptr(), signature_size, - hash.as_ptr(), hash_size, &mut res, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed25519 signature of a message and context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// The message is pre-hashed before verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `message`: Message to verify the signature of. - /// * `context`: Option buffer containing context for which the message was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); - /// let signature_valid = ed.verify_msg_ph(&signature, &message, Some(context)).expect("Error with verify_msg_ph()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_verify)] - pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519ph_verify_msg(signature.as_ptr(), signature_size, - message.as_ptr(), message_size, &mut res, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed25519 signature of a message and context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `din`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the input data was signed. - /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg_ex(&message, Some(context), Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); - /// let signature_valid = ed.verify_msg_ex(&signature, &message, Some(context), Ed25519::ED25519).expect("Error with verify_msg_ex()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_verify)] - pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { - let signature_size = signature.len() as u32; - let din_size = din.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519_verify_msg_ex(signature.as_ptr(), signature_size, - din.as_ptr(), din_size, &mut res, &mut self.ws_key, typ, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Initialize Ed25519 key to perform streaming verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `context`: Optional buffer containing context for which the input data was signed. - /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_streaming_verify)] - pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { - let signature_size = signature.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let rc = unsafe { - sys::wc_ed25519_verify_msg_init(signature.as_ptr(), signature_size, - &mut self.ws_key, typ, context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add input data to Ed25519 streaming verification. - /// - /// # Parameters - /// - /// * `din`: Segment of message to verify the signature of. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_streaming_verify)] - pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { - let din_size = din.len() as u32; - let rc = unsafe { - sys::wc_ed25519_verify_msg_update(din.as_ptr(), din_size, - &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize Ed25519 streaming verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed25519_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let mut signature = [0u8; Ed25519::SIG_SIZE]; - /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed25519_streaming_verify)] - pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed25519_verify_msg_final(signature.as_ptr(), signature_size, - &mut res, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Get the size of an Ed25519 key (32 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let key_size = ed.size().expect("Error with size()"); - /// assert_eq!(key_size, Ed25519::KEY_SIZE); - /// ``` - pub fn size(&self) -> Result { - let rc = unsafe { sys::wc_ed25519_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a private (including public) Ed25519 key (64 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let priv_size = ed.priv_size().expect("Error with priv_size()"); - /// assert_eq!(priv_size, Ed25519::PRV_KEY_SIZE); - /// ``` - pub fn priv_size(&self) -> Result { - let rc = unsafe { sys::wc_ed25519_priv_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a public Ed25519 key (32 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let pub_size = ed.pub_size().expect("Error with pub_size()"); - /// assert_eq!(pub_size, Ed25519::PUB_KEY_SIZE); - /// ``` - pub fn pub_size(&self) -> Result { - let rc = unsafe { sys::wc_ed25519_pub_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a Ed25519 signature (64 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed25519::Ed25519; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - /// let sig_size = ed.sig_size().expect("Error with sig_size()"); - /// assert_eq!(sig_size, Ed25519::SIG_SIZE); - /// ``` - pub fn sig_size(&self) -> Result { - let rc = unsafe { sys::wc_ed25519_sig_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } -} - -impl Drop for Ed25519 { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_ed25519_free(&mut self.ws_key); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/ed448.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,1336 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's EdDSA Curve -448 (Ed448) functionality. -*/ - -#![cfg(ed448)] - -use crate::sys; -use crate::wolfcrypt::random::RNG; -use std::mem::MaybeUninit; - -/// The `Ed448` struct manages the lifecycle of a wolfSSL `ed448_key` -/// object. -/// -/// It ensures proper initialization and deallocation. -/// -/// An instance can be created with `generate()` or `new()`. -pub struct Ed448 { - ws_key: sys::ed448_key, -} - -impl Ed448 { - /** Size of private key only. */ - pub const KEY_SIZE: usize = sys::ED448_KEY_SIZE as usize; - /** Size of signature. */ - pub const SIG_SIZE: usize = sys::ED448_SIG_SIZE as usize; - /** Compressed public key size. */ - pub const PUB_KEY_SIZE: usize = sys::ED448_PUB_KEY_SIZE as usize; - /** Size of both private and public key. */ - pub const PRV_KEY_SIZE: usize = sys::ED448_PRV_KEY_SIZE as usize; - - pub const ED448: u8 = sys::Ed448 as u8; - pub const ED448PH: u8 = sys::Ed448ph as u8; - - /// Generate a new Ed448 key. - /// - /// # Parameters - /// - /// * `rng`: `RNG` instance to use for random number generation. - /// - /// # Returns - /// - /// Returns either Ok(ed448) containing the Ed448 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// ``` - pub fn generate(rng: &mut RNG) -> Result { - Self::generate_ex(rng, None, None) - } - - /// Generate a new Ed448 key with optional heap and device ID. - /// - /// # Parameters - /// - /// * `rng`: `RNG` instance to use for random number generation. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ed448) containing the Ed448 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate_ex(&mut rng, None, None).expect("Error with generate_ex()"); - /// ``` - pub fn generate_ex(rng: &mut RNG, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut ws_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ed448_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let ws_key = unsafe { ws_key.assume_init() }; - let mut ed448 = Ed448 { ws_key }; - let rc = unsafe { - sys::wc_ed448_make_key(&mut rng.wc_rng, - sys::ED448_KEY_SIZE as i32, &mut ed448.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(ed448) - } - - /// Create and initialize a new Ed448 instance. - /// - /// A key will not be present but can be imported with one of the import - /// functions. - /// - /// # Returns - /// - /// Returns either Ok(ed448) containing the Ed448 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let ed = Ed448::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Create and initialize a new Ed448 instance with optional heap and - /// device ID. - /// - /// A key will not be present but can be imported with one of the import - /// functions. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(ed448) containing the Ed448 struct instance or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let ed = Ed448::new_ex(None, None).expect("Error with new()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut ws_key: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_ed448_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let ws_key = unsafe { ws_key.assume_init() }; - let ed448 = Ed448 { ws_key }; - Ok(ed448) - } - - /// Check the public key is valid. - /// - /// When a private key is present, check that the calculated public key - /// matches it. When a private key is not present, check that Y is in range - /// and an X is able to be calculated. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// ed.check_key().expect("Error with check_key()"); - /// ``` - pub fn check_key(&mut self) -> Result<(), i32> { - let rc = unsafe { sys::wc_ed448_check_key(&mut self.ws_key) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export private and public key to separate buffers. - /// - /// # Parameters - /// - /// * `private`: Output buffer in which to store the public/private key - /// pair. The length should be PRV_KEY_SIZE. - /// * `public`: Output buffer in which to store the public key. The length - /// should be PUB_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// } - /// ``` - #[cfg(ed448_export)] - pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let mut public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed448_export_key(&self.ws_key, - private.as_mut_ptr(), &mut private_size, - public.as_mut_ptr(), &mut public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public key to buffer. - /// - /// # Parameters - /// - /// * `public`: Output buffer in which to store the public key. The length - /// should be PUB_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_public(&mut public).expect("Error with export_public()"); - /// } - /// ``` - #[cfg(ed448_export)] - pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { - let mut public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed448_export_public(&self.ws_key, public.as_mut_ptr(), - &mut public_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public/private key pair to buffer. - /// - /// # Parameters - /// - /// * `keyout`: Output buffer in which to store the key pair. The length - /// should be PRV_KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// ed.export_private(&mut private).expect("Error with export_private()"); - /// } - /// ``` - #[cfg(ed448_export)] - pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { - let mut keyout_size = keyout.len() as u32; - let rc = unsafe { - sys::wc_ed448_export_private(&self.ws_key, keyout.as_mut_ptr(), - &mut keyout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export private key only to buffer. - /// - /// # Parameters - /// - /// * `private`: Output buffer in which to store the private key. The - /// length should be KEY_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_export)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private_only = [0u8; Ed448::KEY_SIZE]; - /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - /// } - /// ``` - #[cfg(ed448_export)] - pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { - let mut private_size = private.len() as u32; - let rc = unsafe { - sys::wc_ed448_export_private_only(&self.ws_key, - private.as_mut_ptr(), &mut private_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import a public Ed448 key from buffer. - /// - /// This function handles either compressed or uncompressed keys. - /// The public key is checked that it matches the private key if one is - /// already present. - /// - /// # Parameters - /// - /// * `public`: Input buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_public(&public).expect("Error with import_public()"); - /// } - /// ``` - #[cfg(ed448_import)] - pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed448_import_public(public.as_ptr(), public_size, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import a public Ed448 key from buffer with trusted flag. - /// - /// This function handles either compressed or uncompressed keys. - /// The public key is checked that it matches the private key if one is - /// already present and trusted is false. - /// - /// # Parameters - /// - /// * `public`: Input buffer containing public key. - /// * `trusted`: Whether the public key buffer is trusted. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); - /// } - /// ``` - #[cfg(ed448_import)] - pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { - let public_size = public.len() as u32; - let rc = unsafe { - sys::wc_ed448_import_public_ex(public.as_ptr(), public_size, - &mut self.ws_key, if trusted {1} else {0}) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import private Ed448 key only from buffer. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private_only = [0u8; Ed448::KEY_SIZE]; - /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_private_only(&private_only).expect("Error with import_private_only()"); - /// } - /// ``` - #[cfg(ed448_import)] - pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { - let private_size = private.len() as u32; - let rc = unsafe { - sys::wc_ed448_import_private_only(private.as_ptr(), private_size, - &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import public/private Ed448 key pair from buffers. - /// - /// This functions handles either compressed or uncompressed keys. - /// The public key is assumed to be untrusted and is checked against the - /// private key. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// * `public`: Optional input buffer containing public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_private_key(&private, Some(&public)).expect("Error with import_private_key()"); - /// } - /// ``` - #[cfg(ed448_import)] - pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { - let private_size = private.len() as u32; - let mut public_ptr: *const u8 = core::ptr::null(); - let mut public_size = 0u32; - if let Some(public) = public { - public_ptr = public.as_ptr(); - public_size = public.len() as u32; - } - let rc = unsafe { - sys::wc_ed448_import_private_key(private.as_ptr(), private_size, - public_ptr, public_size, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Import public/private Ed448 key pair from buffers with trusted flag. - /// - /// This functions handles either compressed or uncompressed keys. - /// The public is checked against private key if not trusted. - /// - /// # Parameters - /// - /// * `private`: Input buffer containing private key. - /// * `public`: Optional input buffer containing private key. - /// * `trusted`: Whether the public key buffer is trusted. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_import)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); - /// } - /// ``` - #[cfg(ed448_import)] - pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { - let private_size = private.len() as u32; - let mut public_ptr: *const u8 = core::ptr::null(); - let mut public_size = 0u32; - if let Some(public) = public { - public_ptr = public.as_ptr(); - public_size = public.len() as u32; - } - let rc = unsafe { - sys::wc_ed448_import_private_key_ex(private.as_ptr(), private_size, - public_ptr, public_size, &mut self.ws_key, if trusted {1} else {0}) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Generate the Ed448 public key from the private key stored in the - /// Ed448 object. - /// - /// The public key is written to the pubkey output buffer. - /// - /// # Parameters - /// - /// * `pubkey`: Output buffer in which to store the public key. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let mut private = [0u8; Ed448::KEY_SIZE]; - /// ed.export_private_only(&mut private).expect("Error with export_private_only()"); - /// let mut ed = Ed448::new().expect("Error with new()"); - /// ed.import_private_only(&private).expect("Error with import_private_only()"); - /// let mut public = [0u8; Ed448::KEY_SIZE]; - /// ed.make_public(&mut public).expect("Error with make_public()"); - /// ``` - pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { - let pubkey_size = pubkey.len() as u32; - let rc = unsafe { - sys::wc_ed448_make_public(&mut self.ws_key, - pubkey.as_mut_ptr(), pubkey_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Sign a message with optional context using Ed448 key. - /// - /// The context is part of the data signed. - /// - /// # Parameters - /// - /// * `message`: Message to sign. - /// * `context`: Optional buffer containing context for which message is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg(&message, Some(context), &mut signature).expect("Error with sign_msg()"); - /// } - /// ``` - #[cfg(ed448_sign)] - pub fn sign_msg(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed448_sign_msg(message.as_ptr(), message_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign a message digest with optional context using Ed448 key. - /// - /// The context is part of the data signed. - /// The message is pre-hashed before signature calculation. - /// - /// # Parameters - /// - /// * `hash`: Message digest to sign. - /// * `context`: Optional buffer containing context for which hash is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let hash = [ - /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - /// ]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); - /// } - /// ``` - #[cfg(ed448_sign)] - pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let hash_size = hash.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed448ph_sign_hash(hash.as_ptr(), hash_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign a message with optional context using Ed448 key. - /// - /// The context is part of the data signed. - /// The message is pre-hashed before signature calculation. - /// - /// # Parameters - /// - /// * `message`: Message digest to sign. - /// * `context`: Optional buffer containing context for which message is being signed. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); - /// } - /// ``` - #[cfg(ed448_sign)] - pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed448ph_sign_msg(message.as_ptr(), message_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Sign input data with optional context using Ed448 key. - /// - /// If provided, the context is part of the data signed. - /// - /// # Parameters - /// - /// * `din`: Data to sign. - /// * `context`: Optional buffer containing context for which `din` is being signed. - /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. - /// * `signature`: Output buffer to hold signature. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the number of bytes written to - /// signature on success or Err(e) containing the wolfSSL library error - /// code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_sign)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg_ex(&message, Some(context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); - /// } - /// ``` - #[cfg(ed448_sign)] - pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { - let din_size = din.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut signature_size = signature.len() as u32; - let rc = unsafe { - sys::wc_ed448_sign_msg_ex(din.as_ptr(), din_size, - signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, - typ, context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(signature_size as usize) - } - - /// Verify the Ed448 signature of a message and optional context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `message`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the message was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = b"Hello!"; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg(message, Some(context), &mut signature).expect("Error with sign_msg()"); - /// let signature_valid = ed.verify_msg(&signature, message, Some(context)).expect("Error with verify_msg()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_verify)] - pub fn verify_msg(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed448_verify_msg(signature.as_ptr(), signature_size, - message.as_ptr(), message_size, &mut res, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed448 signature of a message digest and optional context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// The hash algorithm used to create message digest must be SHA-512. - /// The message is pre-hashed before verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `hash`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the hash was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let hash = [ - /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - /// ]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); - /// let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(context)).expect("Error with verify_hash_ph()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_verify)] - pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let hash_size = hash.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed448ph_verify_hash(signature.as_ptr(), signature_size, - hash.as_ptr(), hash_size, &mut res, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed448 signature of a message and optional context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// The message is pre-hashed before verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `message`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the message was signed. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); - /// let signature_valid = ed.verify_msg_ph(&signature, &message, Some(context)).expect("Error with verify_msg_ph()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_verify)] - pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { - let signature_size = signature.len() as u32; - let message_size = message.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed448ph_verify_msg(signature.as_ptr(), signature_size, - message.as_ptr(), message_size, &mut res, &mut self.ws_key, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Verify the Ed448 signature of a message and optional context to ensure authenticity. - /// - /// The context is included as part of the data verified. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `din`: Message to verify the signature of. - /// * `context`: Optional buffer containing context for which the input data was signed. - /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = b"context"; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg_ex(&message, Some(context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); - /// let signature_valid = ed.verify_msg_ex(&signature, &message, Some(context), Ed448::ED448).expect("Error with verify_msg_ex()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_verify)] - pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { - let signature_size = signature.len() as u32; - let din_size = din.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed448_verify_msg_ex(signature.as_ptr(), signature_size, - din.as_ptr(), din_size, &mut res, &mut self.ws_key, typ, - context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Initialize Ed448 key to perform streaming verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// * `context`: Optional buffer containing context for which the input data was signed. - /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = [0x42u8, 1, 2, 3]; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_streaming_verify)] - pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { - let signature_size = signature.len() as u32; - let mut context_ptr: *const u8 = core::ptr::null(); - let mut context_size = 0u8; - if let Some(context) = context { - context_ptr = context.as_ptr(); - context_size = context.len() as u8; - } - let rc = unsafe { - sys::wc_ed448_verify_msg_init(signature.as_ptr(), signature_size, - &mut self.ws_key, typ, context_ptr, context_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Add input data to Ed448 streaming verification. - /// - /// # Parameters - /// - /// * `din`: Segment of message to verify the signature of. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = [0x42u8, 1, 2, 3]; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_streaming_verify)] - pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { - let din_size = din.len() as u32; - let rc = unsafe { - sys::wc_ed448_verify_msg_update(din.as_ptr(), din_size, - &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize Ed448 streaming verification. - /// - /// # Parameters - /// - /// * `signature`: Signature to verify. - /// - /// # Returns - /// - /// Returns either Ok(valid) containing whether the signature is valid or - /// Err(e) containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(ed448_streaming_verify)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let message = [0x42u8, 33, 55, 66]; - /// let context = [0x42u8, 1, 2, 3]; - /// let mut signature = [0u8; Ed448::SIG_SIZE]; - /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); - /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); - /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); - /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); - /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - /// assert!(signature_valid); - /// } - /// ``` - #[cfg(ed448_streaming_verify)] - pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { - let signature_size = signature.len() as u32; - let mut res = 0i32; - let rc = unsafe { - sys::wc_ed448_verify_msg_final(signature.as_ptr(), signature_size, - &mut res, &mut self.ws_key) - }; - if rc != 0 { - return Err(rc); - } - Ok(res == 1) - } - - /// Get the size of an Ed448 key (57 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let key_size = ed.size().expect("Error with size()"); - /// assert_eq!(key_size, Ed448::KEY_SIZE); - /// ``` - pub fn size(&self) -> Result { - let rc = unsafe { sys::wc_ed448_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a private (including public) Ed448 key (114 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let priv_size = ed.priv_size().expect("Error with priv_size()"); - /// assert_eq!(priv_size, Ed448::PRV_KEY_SIZE); - /// ``` - pub fn priv_size(&self) -> Result { - let rc = unsafe { sys::wc_ed448_priv_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a public Ed448 key (57 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let pub_size = ed.pub_size().expect("Error with pub_size()"); - /// assert_eq!(pub_size, Ed448::PUB_KEY_SIZE); - /// ``` - pub fn pub_size(&self) -> Result { - let rc = unsafe { sys::wc_ed448_pub_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Get the size of a Ed448 signature (114 bytes). - /// - /// # Returns - /// - /// Returns either Ok(size) containing the key size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::ed448::Ed448; - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - /// let sig_size = ed.sig_size().expect("Error with sig_size()"); - /// assert_eq!(sig_size, Ed448::SIG_SIZE); - /// ``` - pub fn sig_size(&self) -> Result { - let rc = unsafe { sys::wc_ed448_sig_size(&self.ws_key) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } -} - -impl Drop for Ed448 { - /// Safely free the wolfSSL resources. - fn drop(&mut self) { - unsafe { sys::wc_ed448_free(&mut self.ws_key); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hkdf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,273 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's HMAC Key -Derivation Function (HKDF) functionality. -*/ - -use crate::sys; -use crate::wolfcrypt::hmac::HMAC; - -/// Perform HKDF-Extract operation. -/// -/// This utilizes HMAC to convert `key`, with an optional `salt`, into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `salt`: Salt value (optional). -/// * `key`: Initial Key Material (IKM). -/// * `out`: Output buffer to store HKDF-Extract result. The size of this -/// buffer must match `HMAC::get_hmac_size_by_type(typ)`. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::hkdf::*; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let ikm = b"MyPassword0"; -/// let salt = b"12345678ABCDEFGH"; -/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; -/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); -/// ``` -pub fn hkdf_extract(typ: i32, salt: Option<&[u8]>, key: &[u8], out: &mut [u8]) -> Result<(), i32> { - hkdf_extract_ex(typ, salt, key, out, None, None) -} - -/// Perform HKDF-Extract operation (with optional heap and device ID). -/// -/// This utilizes HMAC to convert `key`, with an optional `salt`, into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `salt`: Salt value (optional). -/// * `key`: Initial Key Material (IKM). -/// * `out`: Output buffer to store HKDF-Extract result. The size of this -/// buffer must match `HMAC::get_hmac_size_by_type(typ)`. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::hkdf::*; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let ikm = b"MyPassword0"; -/// let salt = b"12345678ABCDEFGH"; -/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; -/// hkdf_extract_ex(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out, None, None).expect("Error with hkdf_extract_ex()"); -/// ``` -pub fn hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: &[u8], out: &mut [u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let mut salt_ptr = core::ptr::null(); - let mut salt_size = 0u32; - if let Some(salt) = salt { - salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; - } - let key_size = key.len() as u32; - if out.len() != HMAC::get_hmac_size_by_type(typ)? { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_HKDF_Extract_ex(typ, salt_ptr, salt_size, - key.as_ptr(), key_size, out.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform HKDF-Expand operation. -/// -/// This utilizes HMAC to convert `key`, with optional `info`, into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key`: Key to use for KDF (typically output of `hkdf_extract()`). -/// * `info`: Optional buffer containing additional info. -/// * `out`: Output buffer to store HKDF-Expand result. The buffer can be -/// any size. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::hkdf::*; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let ikm = b"MyPassword0"; -/// let salt = b"12345678ABCDEFGH"; -/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; -/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); -/// let info = b"0"; -/// let mut expand_out = [0u8; 16]; -/// hkdf_expand(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out).expect("Error with hkdf_expand()"); -/// ``` -pub fn hkdf_expand(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8]) -> Result<(), i32> { - hkdf_expand_ex(typ, key, info, out, None, None) -} - -/// Perform HKDF-Expand operation (with optional heap and device ID). -/// -/// This utilizes HMAC to convert `key`, with optional `info`, into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key`: Key to use for KDF (typically output of `hkdf_extract()`). -/// * `info`: Optional buffer containing additional info. -/// * `out`: Output buffer to store HKDF-Expand result. The buffer can be -/// any size. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::hkdf::*; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let ikm = b"MyPassword0"; -/// let salt = b"12345678ABCDEFGH"; -/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; -/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); -/// let info = b"0"; -/// let mut expand_out = [0u8; 16]; -/// hkdf_expand_ex(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out, None, None).expect("Error with hkdf_expand_ex()"); -/// ``` -pub fn hkdf_expand_ex(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; - let mut info_ptr = core::ptr::null(); - let mut info_size = 0u32; - if let Some(info) = info { - info_ptr = info.as_ptr(); - info_size = info.len() as u32; - } - let out_size = out.len() as u32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_HKDF_Expand_ex(typ, key.as_ptr(), key_size, - info_ptr, info_size, out.as_mut_ptr(), out_size, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform HMAC Key Derivation Function (HKDF) operation. -/// -/// This utilizes HMAC to convert `key`, with an optional `salt` and -/// optional `info` into a derived key which is written to `out`. -/// -/// This one-shot function is a combination of `hkdf_extract()` and `hkdf_expand()`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key`: Initial Key Material (IKM). -/// * `salt`: Salt value (optional). -/// * `info`: Optional buffer containing additional info. -/// * `out`: Output buffer to store HKDF result. The buffer can be any size. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::hkdf::*; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// let ikm = b"MyPassword0"; -/// let salt = b"12345678ABCDEFGH"; -/// let info = b"0"; -/// let mut out = [0u8; 16]; -/// hkdf(HMAC::TYPE_SHA256, ikm, Some(salt), Some(info), &mut out).expect("Error with hkdf()"); -/// ``` -pub fn hkdf(typ: i32, key: &[u8], salt: Option<&[u8]>, info: Option<&[u8]>, out: &mut[u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let mut salt_ptr = core::ptr::null(); - let mut salt_size = 0u32; - if let Some(salt) = salt { - salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; - } - let mut info_ptr = core::ptr::null(); - let mut info_size = 0u32; - if let Some(info) = info { - info_ptr = info.as_ptr(); - info_size = info.len() as u32; - } - let out_size = out.len() as u32; - let rc = unsafe { - sys::wc_HKDF(typ, key.as_ptr(), key_size, salt_ptr, salt_size, - info_ptr, info_size, out.as_mut_ptr(), out_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/hmac.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,330 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's HMAC -functionality. -*/ - -use crate::sys; -use std::mem::MaybeUninit; - -/// Rust wrapper for wolfSSL `Hmac` object. -pub struct HMAC { - wc_hmac: sys::Hmac, -} - -impl HMAC { - pub const TYPE_MD5: i32 = sys::wc_HashType_WC_HASH_TYPE_MD5 as i32; - pub const TYPE_SHA: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA as i32; - pub const TYPE_SHA256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA256 as i32; - pub const TYPE_SHA512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512 as i32; - pub const TYPE_SHA512_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224 as i32; - pub const TYPE_SHA512_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256 as i32; - pub const TYPE_SHA384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA384 as i32; - pub const TYPE_SHA224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA224 as i32; - pub const TYPE_SHA3_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_224 as i32; - pub const TYPE_SHA3_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_256 as i32; - pub const TYPE_SHA3_384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_384 as i32; - pub const TYPE_SHA3_512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512 as i32; - - /// Get HMAC hash size by type. - /// - /// # Parameters - /// - /// * `typ`: Hash type, one of `HMAC::TYPE_*`. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the HMAC hash size or Err(e) - /// containing the wolfSSL library error code value. - pub fn get_hmac_size_by_type(typ: i32) -> Result { - let rc = unsafe { sys::wc_HmacSizeByType(typ) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as u32 as usize) - } - - /// Create a new HMAC object with the given hash type and encryption key. - /// - /// # Parameters - /// - /// * `typ`: Hash type, one of `HMAC::TYPE_*`. - /// * `key`: Encryption key. - /// - /// # Returns - /// - /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 16]; - /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); - /// ``` - pub fn new(typ: i32, key: &[u8]) -> Result { - Self::new_ex(typ, key, None, None) - } - - /// Create a new HMAC object with the given hash type and encryption key - /// with optional heap and device ID. - /// - /// # Parameters - /// - /// * `typ`: Hash type, one of `HMAC::TYPE_*`. - /// * `key`: Encryption key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 16]; - /// let mut hmac = HMAC::new_ex(HMAC::TYPE_SHA256, &key, None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(typ: i32, key: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; - let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_HmacInit(wc_hmac.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let wc_hmac = unsafe { wc_hmac.assume_init() }; - let mut hmac = HMAC { wc_hmac }; - let rc = unsafe { - sys::wc_HmacSetKey(&mut hmac.wc_hmac, typ, key.as_ptr(), key_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(hmac) - } - - /// Create a new HMAC object with the given hash type and encryption key, - /// allowing for short encryption keys (< 112 bits) to be used. - /// - /// # Parameters - /// - /// * `typ`: Hash type, one of `HMAC::TYPE_*`. - /// * `key`: Encryption key. - /// - /// # Returns - /// - /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 3]; - /// let mut hmac = HMAC::new_allow_short_key(HMAC::TYPE_SHA256, &key).expect("Error with new_allow_short_key()"); - /// ``` - pub fn new_allow_short_key(typ: i32, key: &[u8]) -> Result { - Self::new_allow_short_key_ex(typ, key, None, None) - } - - /// Create a new HMAC object with the given hash type and encryption key, - /// allowing for short encryption keys (< 112 bits) to be used. - /// - /// # Parameters - /// - /// * `typ`: Hash type, one of `HMAC::TYPE_*`. - /// * `key`: Encryption key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 3]; - /// let mut hmac = HMAC::new_allow_short_key_ex(HMAC::TYPE_SHA256, &key, None, None).expect("Error with new_allow_short_key_ex()"); - /// ``` - pub fn new_allow_short_key_ex(typ: i32, key: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let key_size = key.len() as u32; - let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_HmacInit(wc_hmac.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let wc_hmac = unsafe { wc_hmac.assume_init() }; - let mut hmac = HMAC { wc_hmac }; - let rc = unsafe { - sys::wc_HmacSetKey_ex(&mut hmac.wc_hmac, typ, key.as_ptr(), key_size, 1) - }; - if rc != 0 { - return Err(rc); - } - Ok(hmac) - } - - /// Update the message to authenticate using HMAC. - /// - /// This function may be called multiple times to update the message to - /// hash. - /// - /// # Parameters - /// - /// * `data`: Buffer containing message data to append. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 16]; - /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); - /// hmac.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_HmacUpdate(&mut self.wc_hmac, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Compute the final hash of the input message. - /// - /// # Parameters - /// - /// * `hash`: Output buffer to contain the calculated hash. The length must - /// match that returned by `get_hmac_size()`. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 16]; - /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); - /// hmac.update(b"input").expect("Error with update()"); - /// let hash_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); - /// let mut hash = vec![0u8; hash_size]; - /// hmac.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - // Check the output buffer size since wc_HmacFinal() does not accept - // a length parameter. - let typ = self.wc_hmac.macType as i32; - let rc = unsafe { sys::wc_HmacSizeByType(typ) }; - if rc < 0 { - return Err(rc); - } - let expected_size = rc as usize; - if hash.len() != expected_size { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_HmacFinal(&mut self.wc_hmac, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Get the HMAC hash size. - /// - /// # Returns - /// - /// Returns either Ok(size) containing the HMAC hash size or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::hmac::HMAC; - /// let key = [0x42u8; 16]; - /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); - /// hmac.update(b"input").expect("Error with update()"); - /// let hash_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); - /// let mut hash = vec![0u8; hash_size]; - /// hmac.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn get_hmac_size(&self) -> Result { - let typ = self.wc_hmac.macType as u32 as i32; - let rc = unsafe { sys::wc_HmacSizeByType(typ) }; - if rc < 0 { - return Err(rc); - } - let expected_size = rc as u32 as usize; - Ok(expected_size) - } -} - -impl Drop for HMAC { - /// Safely free the underlying wolfSSL Hmac context. - /// - /// This calls the `wc_HmacFree()` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// HMAC struct instance goes out of scope, automatically cleaning up - /// resources and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_HmacFree(&mut self.wc_hmac); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/kdf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,773 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Key Derivation -Function (KDF) functionality. -*/ - -use crate::sys; -use crate::wolfcrypt::hmac::HMAC; - -#[cfg(kdf_srtp)] -pub const SRTP_LABEL_ENCRYPTION: u8 = sys::WC_SRTP_LABEL_ENCRYPTION as u8; -#[cfg(kdf_srtp)] -pub const SRTP_LABEL_MSG_AUTH: u8 = sys::WC_SRTP_LABEL_MSG_AUTH as u8; -#[cfg(kdf_srtp)] -pub const SRTP_LABEL_SALT: u8 = sys::WC_SRTP_LABEL_SALT as u8; -#[cfg(kdf_srtp)] -pub const SRTCP_LABEL_ENCRYPTION: u8 = sys::WC_SRTCP_LABEL_ENCRYPTION as u8; -#[cfg(kdf_srtp)] -pub const SRTCP_LABEL_MSG_AUTH: u8 = sys::WC_SRTCP_LABEL_MSG_AUTH as u8; -#[cfg(kdf_srtp)] -pub const SRTCP_LABEL_SALT: u8 = sys::WC_SRTCP_LABEL_SALT as u8; -#[cfg(kdf_srtp)] -pub const SRTP_LABEL_HDR_ENCRYPTION: u8 = sys::WC_SRTP_LABEL_HDR_ENCRYPTION as u8; -#[cfg(kdf_srtp)] -pub const SRTP_LABEL_HDR_SALT: u8 = sys::WC_SRTP_LABEL_HDR_SALT as u8; - -/// Implement Password Based Key Derivation Function 2 (PBKDF2) converting an -/// input password with a concatenated salt into a more secure key which is -/// written to the `out` buffer. -/// -/// # Parameters -/// -/// * `password`: Password to use for key derivation. -/// * `salt`: Salt value to use for key derivation. -/// * `iterations`: Number of times to process the hash. -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `out`: Output buffer in which to store the generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_pbkdf2)] -/// { -/// use wolfssl::wolfcrypt::kdf::pbkdf2; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// let password = b"passwordpassword"; -/// let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; -/// let iterations = 2048; -/// let expected_key = [ -/// 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, -/// 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 -/// ]; -/// let mut keyout = [0u8; 24]; -/// pbkdf2(password, &salt, iterations, HMAC::TYPE_SHA256, &mut keyout).expect("Error with pbkdf2()"); -/// assert_eq!(keyout, expected_key); -/// } -/// ``` -#[cfg(kdf_pbkdf2)] -pub fn pbkdf2(password: &[u8], salt: &[u8], iterations: i32, typ: i32, out: &mut [u8]) -> Result<(), i32> { - pbkdf2_ex(password, salt, iterations, typ, None, None, out) -} - -/// Implement Password Based Key Derivation Function 2 (PBKDF2) converting an -/// input password with a concatenated salt into a more secure key which is -/// written to the `out` buffer. -/// This version allows optional heap hint and device ID parameters. -/// -/// # Parameters -/// -/// * `password`: Password to use for key derivation. -/// * `salt`: Salt value to use for key derivation. -/// * `iterations`: Number of times to process the hash. -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// * `out`: Output buffer in which to store the generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_pbkdf2)] -/// { -/// use wolfssl::wolfcrypt::kdf::pbkdf2_ex; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// let password = b"passwordpassword"; -/// let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; -/// let iterations = 2048; -/// let expected_key = [ -/// 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, -/// 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 -/// ]; -/// let mut keyout = [0u8; 24]; -/// pbkdf2_ex(password, &salt, iterations, HMAC::TYPE_SHA256, None, None, &mut keyout).expect("Error with pbkdf2_ex()"); -/// assert_eq!(keyout, expected_key); -/// } -/// ``` -#[cfg(kdf_pbkdf2)] -pub fn pbkdf2_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, heap: Option<*mut std::os::raw::c_void>, dev_id: Option, out: &mut [u8]) -> Result<(), i32> { - let password_size = password.len() as i32; - let salt_size = salt.len() as i32; - let out_size = out.len() as i32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_PBKDF2_ex(out.as_mut_ptr(), password.as_ptr(), password_size, - salt.as_ptr(), salt_size, iterations, out_size, typ, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// This function implements the Password Based Key Derivation Function -/// (PBKDF) described in RFC 7292 Appendix B. This function converts an input -/// password with a concatenated salt into a more secure key, which it stores -/// in `out`. It allows the user to select any of the supported HMAC hash -/// functions, including: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, -/// WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512. -/// -/// # Parameters -/// -/// * `password`: Password to use for key derivation. -/// * `salt`: Salt value to use for key derivation. -/// * `iterations`: Number of times to process the hash. -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `id`: Byte identifier indicating the purpose of key generation. It is -/// used to diversify the key output, and should be assigned as follows: -/// ID=1: pseudorandom bits are to be used as key material for performing -/// encryption or decryption. ID=2: pseudorandom bits are to be used an IV -/// (Initial Value) for encryption or decryption. ID=3: pseudorandom bits -/// are to be used as an integrity key for MACing. -/// * `out`: Output buffer in which to store the generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_pkcs12)] -/// { -/// use wolfssl::wolfcrypt::kdf::pkcs12_pbkdf; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; -/// let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; -/// let expected_key = [ -/// 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, -/// 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, -/// 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA -/// ]; -/// let iterations = 1; -/// let mut keyout = [0u8; 24]; -/// pkcs12_pbkdf(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, &mut keyout).expect("Error with pkcs12_pbkdf()"); -/// assert_eq!(keyout, expected_key); -/// } -/// ``` -#[cfg(kdf_pkcs12)] -pub fn pkcs12_pbkdf(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: i32, out: &mut [u8]) -> Result<(), i32> { - pkcs12_pbkdf_ex(password, salt, iterations, typ, id, None, out) -} - -/// This function implements the Password Based Key Derivation Function -/// (PBKDF) described in RFC 7292 Appendix B. This function converts an input -/// password with a concatenated salt into a more secure key, which it stores -/// in `out`. It allows the user to select any of the supported HMAC hash -/// functions, including: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, -/// WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512. -/// This version allows an optional heap hint parameter. -/// -/// # Parameters -/// -/// * `password`: Password to use for key derivation. -/// * `salt`: Salt value to use for key derivation. -/// * `iterations`: Number of times to process the hash. -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `id`: Byte identifier indicating the purpose of key generation. It is -/// used to diversify the key output, and should be assigned as follows: -/// ID=1: pseudorandom bits are to be used as key material for performing -/// encryption or decryption. ID=2: pseudorandom bits are to be used an IV -/// (Initial Value) for encryption or decryption. ID=3: pseudorandom bits -/// are to be used as an integrity key for MACing. -/// * `heap`: Optional heap hint. -/// * `out`: Output buffer in which to store the generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_pkcs12)] -/// { -/// use wolfssl::wolfcrypt::kdf::pkcs12_pbkdf_ex; -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; -/// let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; -/// let expected_key = [ -/// 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, -/// 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, -/// 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA -/// ]; -/// let iterations = 1; -/// let mut keyout = [0u8; 24]; -/// pkcs12_pbkdf_ex(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, None, &mut keyout).expect("Error with pkcs12_pbkdf_ex()"); -/// assert_eq!(keyout, expected_key); -/// } -/// ``` -#[cfg(kdf_pkcs12)] -pub fn pkcs12_pbkdf_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: i32, heap: Option<*mut std::os::raw::c_void>, out: &mut [u8]) -> Result<(), i32> { - let password_size = password.len() as i32; - let salt_size = salt.len() as i32; - let out_size = out.len() as i32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let rc = unsafe { - sys::wc_PKCS12_PBKDF_ex(out.as_mut_ptr(), password.as_ptr(), password_size, - salt.as_ptr(), salt_size, iterations, out_size, typ, id, heap) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform RFC 5869 HKDF-Extract operation for TLS v1.3 key derivation. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `salt`: Optional Salt value. -/// * `key`: Optional Initial Key Material (IKM). -/// * `out`: Output buffer to store TLS1.3 HKDF-Extract result (generated -/// Pseudo-Random Key (PRK)). The size of this buffer must match -/// `HMAC::get_hmac_size_by_type(typ)`. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_tls13)] -/// { -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::kdf::*; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); -/// } -/// ``` -#[cfg(kdf_tls13)] -pub fn tls13_hkdf_extract(typ: i32, salt: Option<&[u8]>, key: Option<&mut [u8]>, out: &mut [u8]) -> Result<(), i32> { - tls13_hkdf_extract_ex(typ, salt, key, out, None, None) -} - -/// Perform RFC 5869 HKDF-Extract operation for TLS v1.3 key derivation (with -/// optional heap and device ID). -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `salt`: Optional Salt value. -/// * `key`: Optional Initial Key Material (IKM). -/// * `out`: Output buffer to store TLS1.3 HKDF-Extract result (generated -/// Pseudo-Random Key (PRK)). The size of this buffer must match -/// `HMAC::get_hmac_size_by_type(typ)`. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_tls13)] -/// { -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::kdf::*; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_extract_ex(HMAC::TYPE_SHA256, None, None, &mut secret, None, None).expect("Error with tls13_hkdf_extract_ex()"); -/// } -/// ``` -#[cfg(kdf_tls13)] -pub fn tls13_hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: Option<&mut [u8]>, out: &mut [u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let mut salt_ptr = core::ptr::null(); - let mut salt_size = 0u32; - if let Some(salt) = salt { - salt_ptr = salt.as_ptr(); - salt_size = salt.len() as u32; - } - let mut ikm_buf = [0u8; sys::WC_MAX_DIGEST_SIZE as usize]; - let mut ikm_ptr = ikm_buf.as_mut_ptr(); - let mut ikm_size = 0u32; - if let Some(key) = key { - if key.len() > 0 { - ikm_ptr = key.as_mut_ptr(); - ikm_size = key.len() as u32; - } - } - if out.len() != HMAC::get_hmac_size_by_type(typ)? { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_Tls13_HKDF_Extract_ex(out.as_mut_ptr(), salt_ptr, salt_size, - ikm_ptr, ikm_size, typ, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform RFC 5869 HKDF-Expand operation for TLS v1.3 key derivation. -/// -/// This utilizes HMAC to convert `key`, `label`, and `info` into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key`: Key to use for KDF (typically output of `tls13_hkdf_extract()`). -/// * `protocol`: Buffer containing TLS protocol. -/// * `label`: Buffer containing label. -/// * `info`: Buffer containing additional info. -/// * `out`: Output buffer to store TLS1.3 HKDF-Expand result. The buffer can be -/// any size. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_tls13)] -/// { -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::kdf::*; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let hash_hello1 = [ -/// 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, -/// 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, -/// 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, -/// 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b -/// ]; -/// let client_early_traffic_secret = [ -/// 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, -/// 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, -/// 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 -/// ]; -/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); -/// let protocol_label = b"tls13 "; -/// let ce_traffic_label = b"c e traffic"; -/// let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_expand_label(HMAC::TYPE_SHA256, &secret, -/// protocol_label, ce_traffic_label, -/// &hash_hello1, &mut expand_out).expect("Error with tls13_hkdf_expand_label()"); -/// } -/// ``` -#[cfg(kdf_tls13)] -pub fn tls13_hkdf_expand_label(typ: i32, key: &[u8], protocol: &[u8], label: &[u8], info: &[u8], out: &mut [u8]) -> Result<(), i32> { - tls13_hkdf_expand_label_ex(typ, key, protocol, label, info, out, None, None) -} - -/// Perform RFC 5869 HKDF-Expand operation for TLS v1.3 key derivation (with -/// optional heap and device ID). -/// -/// This utilizes HMAC to convert `key`, `label`, and `info` into a -/// derived key which is written to `out`. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key`: Key to use for KDF (typically output of `tls13_hkdf_extract()`). -/// * `protocol`: Buffer containing TLS protocol. -/// * `label`: Buffer containing label. -/// * `info`: Buffer containing additional info. -/// * `out`: Output buffer to store TLS1.3 HKDF-Expand result. The buffer can be -/// any size. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_tls13)] -/// { -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::kdf::*; -/// use wolfssl::wolfcrypt::sha::SHA256; -/// let hash_hello1 = [ -/// 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, -/// 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, -/// 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, -/// 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b -/// ]; -/// let client_early_traffic_secret = [ -/// 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, -/// 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, -/// 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 -/// ]; -/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); -/// let protocol_label = b"tls13 "; -/// let ce_traffic_label = b"c e traffic"; -/// let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; -/// tls13_hkdf_expand_label_ex(HMAC::TYPE_SHA256, &secret, -/// protocol_label, ce_traffic_label, -/// &hash_hello1, &mut expand_out, None, None).expect("Error with tls13_hkdf_expand_label_ex()"); -/// } -/// ``` -#[cfg(kdf_tls13)] -pub fn tls13_hkdf_expand_label_ex(typ: i32, key: &[u8], protocol: &[u8], label: &[u8], info: &[u8], out: &mut [u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let key_size = key.len() as u32; - let protocol_size = protocol.len() as u32; - let label_size = label.len() as u32; - let info_size = info.len() as u32; - let out_size = out.len() as u32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_Tls13_HKDF_Expand_Label_ex(out.as_mut_ptr(), out_size, - key.as_ptr(), key_size, protocol.as_ptr(), protocol_size, - label.as_ptr(), label_size, info.as_ptr(), info_size, typ, - heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform SSH KDF operation. -/// -/// # Parameters -/// -/// * `typ`: Hash type, one of `HMAC::TYPE_*`. -/// * `key_id`: Key ID, typically 'A' through 'F'. -/// * `k`: Initial key. -/// * `h`: Exchange hash. -/// * `session_id`: Unique identifier for the SSH session. -/// * `key`: Output buffer. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_ssh)] -/// { -/// use wolfssl::wolfcrypt::hmac::HMAC; -/// use wolfssl::wolfcrypt::kdf::*; -/// let k = [0x42u8; 256]; -/// let h = [0x43u8; 32]; -/// let sid = [0x44u8; 32]; -/// let mut out = [0u8; 16]; -/// ssh_kdf(HMAC::TYPE_SHA256, b'A', &k, &h, &sid, &mut out).expect("Error with ssh_kdf()"); -/// } -/// ``` -#[cfg(kdf_ssh)] -pub fn ssh_kdf(typ: i32, key_id: u8, k: &[u8], h: &[u8], session_id: &[u8], key: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let k_size = k.len() as u32; - let h_size = h.len() as u32; - let session_size = session_id.len() as u32; - let rc = unsafe { - sys::wc_SSH_KDF(typ as u8, key_id, - key.as_mut_ptr(), key_size, - k.as_ptr(), k_size, h.as_ptr(), h_size, - session_id.as_ptr(), session_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform SRTP KDF algorithm to derive keys. -/// -/// # Parameters -/// -/// * `key`: Key to use with encryption. -/// * `salt`: Random non-secret value. -/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. -/// * `idx`: Index value to XOR in. -/// * `key1`: Output buffer for first key (label of 0x00). -/// * `key2`: Output buffer for second key (label of 0x01). -/// * `key3`: Output buffer for third key (label of 0x02). -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_srtp)] -/// { -/// use wolfssl::wolfcrypt::kdf::*; -/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, -/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; -/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, -/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; -/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; -/// let mut key_e = [0u8; 16]; -/// let mut key_a = [0u8; 20]; -/// let mut key_s = [0u8; 14]; -/// srtp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtp_kdf()"); -/// } -/// ``` -#[cfg(kdf_srtp)] -pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], - key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let key1_size = key1.len() as u32; - let key2_size = key2.len() as u32; - let key3_size = key3.len() as u32; - let rc = unsafe { - sys::wc_SRTP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, - kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, - key2.as_mut_ptr(), key2_size, key3.as_mut_ptr(), key3_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform SRTP KDF algorithm to derive a key with a given label. -/// -/// # Parameters -/// -/// * `key`: Key to use with encryption. -/// * `salt`: Random non-secret value. -/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. -/// * `idx`: Index value to XOR in. -/// * `label`: Label: typically one of `SRTP_LABEL_*`. -/// * `keyout`: Output buffer for generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_srtp)] -/// { -/// use wolfssl::wolfcrypt::kdf::*; -/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, -/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; -/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, -/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; -/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; -/// let mut key_a = [0u8; 20]; -/// srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtp_kdf_label()"); -/// } -/// ``` -#[cfg(kdf_srtp)] -pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], - label: u8, keyout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let keyout_size = keyout.len() as u32; - let rc = unsafe { - sys::wc_SRTP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, - kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform SRTCP KDF algorithm to derive keys. -/// -/// # Parameters -/// -/// * `key`: Key to use with encryption. Key length must be 16, 24, or 32. -/// * `salt`: Random non-secret value. -/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. -/// * `idx`: Index value to XOR in. -/// * `key1`: Output buffer for first key (label of 0x00). -/// * `key2`: Output buffer for second key (label of 0x01). -/// * `key3`: Output buffer for third key (label of 0x02). -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_srtp)] -/// { -/// use wolfssl::wolfcrypt::kdf::*; -/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, -/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; -/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, -/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; -/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; -/// let mut key_e = [0u8; 16]; -/// let mut key_a = [0u8; 20]; -/// let mut key_s = [0u8; 14]; -/// srtcp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtcp_kdf()"); -/// } -/// ``` -#[cfg(kdf_srtp)] -pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], - key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let key1_size = key1.len() as u32; - let key2_size = key2.len() as u32; - let key3_size = key3.len() as u32; - let rc = unsafe { - sys::wc_SRTCP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, - kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, - key2.as_mut_ptr(), key2_size, key3.as_mut_ptr(), key3_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Perform SRTCP KDF algorithm to derive a key with a given label. -/// -/// # Parameters -/// -/// * `key`: Key to use with encryption. -/// * `salt`: Random non-secret value. -/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. -/// * `idx`: Index value to XOR in. -/// * `label`: Label: typically one of `SRTCP_LABEL_*`. -/// * `keyout`: Output buffer for generated key. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_srtp)] -/// { -/// use wolfssl::wolfcrypt::kdf::*; -/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, -/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; -/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, -/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; -/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; -/// let mut key_a = [0u8; 20]; -/// srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtcp_kdf_label()"); -/// } -/// ``` -#[cfg(kdf_srtp)] -pub fn srtcp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], - label: u8, keyout: &mut [u8]) -> Result<(), i32> { - let key_size = key.len() as u32; - let salt_size = salt.len() as u32; - let keyout_size = keyout.len() as u32; - let rc = unsafe { - sys::wc_SRTCP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, - kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} - -/// Convert a Key Derivation Rate (KDR) value to an index for use in the -/// SRTP/SRTCP KDF API. -/// -/// # Parameters -/// -/// * `kdr`: Key derivation rate to convert. -/// -/// # Returns -/// -/// Key derivation rate index (kdr_index). -/// -/// # Example -/// -/// ```rust -/// #[cfg(kdf_srtp)] -/// { -/// use wolfssl::wolfcrypt::kdf::*; -/// let kdr_index = srtp_kdr_to_index(16); -/// } -/// ``` -#[cfg(kdf_srtp)] -pub fn srtp_kdr_to_index(kdr: u32) -> i32 { - unsafe { sys::wc_SRTP_KDF_kdr_to_idx(kdr) } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/prf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/prf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/prf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/prf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,136 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Pseudo Random -Function (PRF) functionality. -*/ - -use crate::sys; - -pub const PRF_HASH_NONE: i32 = sys::wc_MACAlgorithm_no_mac as i32; -pub const PRF_HASH_MD5: i32 = sys::wc_MACAlgorithm_md5_mac as i32; -pub const PRF_HASH_SHA: i32 = sys::wc_MACAlgorithm_sha_mac as i32; -pub const PRF_HASH_SHA224: i32 = sys::wc_MACAlgorithm_sha224_mac as i32; -pub const PRF_HASH_SHA256: i32 = sys::wc_MACAlgorithm_sha256_mac as i32; -pub const PRF_HASH_SHA384: i32 = sys::wc_MACAlgorithm_sha384_mac as i32; -pub const PRF_HASH_SHA512: i32 = sys::wc_MACAlgorithm_sha512_mac as i32; -pub const PRF_HASH_RMD: i32 = sys::wc_MACAlgorithm_rmd_mac as i32; -pub const PRF_HASH_BLAKE2B: i32 = sys::wc_MACAlgorithm_blake2b_mac as i32; -pub const PRF_HASH_SM3: i32 = sys::wc_MACAlgorithm_sm3_mac as i32; - -/// Pseudo Random Function for MD5, SHA-1, SHA-256, SHA-384, or SHA-512. -/// -/// # Parameters -/// -/// * `secret`: Secret key. -/// * `seed`: Seed. -/// * `hash_type`: PRF Hash type, one of `PRF_HASH_*`. -/// * `dout`: Output buffer. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::prf::*; -/// let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, -/// 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, -/// 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, -/// 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, -/// 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, -/// 0x9d, 0xfc, 0x47]; -/// let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, -/// 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, -/// 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, -/// 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, -/// 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, -/// 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, -/// 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; -/// let mut out = [0u8; 12]; -/// prf(&secret, &seed, PRF_HASH_SHA384, &mut out).expect("Error with prf()"); -/// ``` -pub fn prf(secret: &[u8], seed: &[u8], hash_type: i32, dout: &mut [u8]) -> Result<(), i32> { - prf_ex(secret, seed, hash_type, None, None, dout) -} - -/// Pseudo Random Function for MD5, SHA-1, SHA-256, SHA-384, or SHA-512 with -/// optional heap and device ID. -/// -/// # Parameters -/// -/// * `secret`: Secret key. -/// * `seed`: Seed. -/// * `hash_type`: PRF Hash type, one of `PRF_HASH_*`. -/// * `heap`: Optional heap hint. -/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. -/// * `dout`: Output buffer. -/// -/// # Returns -/// -/// Returns either Ok(()) on success or Err(e) containing the wolfSSL -/// library error code value. -/// -/// # Example -/// -/// ```rust -/// use wolfssl::wolfcrypt::prf::*; -/// let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, -/// 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, -/// 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, -/// 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, -/// 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, -/// 0x9d, 0xfc, 0x47]; -/// let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, -/// 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, -/// 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, -/// 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, -/// 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, -/// 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, -/// 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; -/// let mut out = [0u8; 12]; -/// prf_ex(&secret, &seed, PRF_HASH_SHA384, None, None, &mut out).expect("Error with prf_ex()"); -/// ``` -pub fn prf_ex(secret: &[u8], seed: &[u8], hash_type: i32, heap: Option<*mut ::std::os::raw::c_void>, dev_id: Option, dout: &mut [u8]) -> Result<(), i32> { - let secret_size = secret.len() as u32; - let seed_size = seed.len() as u32; - let dout_size = dout.len() as u32; - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_PRF(dout.as_mut_ptr(), dout_size, - secret.as_ptr(), secret_size, - seed.as_ptr(), seed_size, - hash_type, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/random.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/random.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/random.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/random.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,218 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's random number -generator (RNG). - -The primary component is the `RNG` struct, which manages the lifecycle of a -wolfSSL `WC_RNG` object. It ensures proper initialization and deallocation. - -# Examples - -```rust -use wolfssl::wolfcrypt::random::RNG; - -fn main() { - // Create a RNG instance. - let mut rng = RNG::new().expect("Failed to create RNG"); - - // Generate a single random byte value. - let byte = rng.generate_byte().expect("Failed to generate a single byte"); - - // Generate a random block. - let mut buffer = [0u32; 8]; - rng.generate_block(&mut buffer).expect("Failed to generate a block"); -} -``` -*/ - -use crate::sys; -use std::mem::{size_of, MaybeUninit}; - -/// A cryptographically secure random number generator based on the wolfSSL -/// library. -/// -/// This struct wraps the wolfssl `WC_RNG` type, providing a high-level API -/// for generating random bytes and blocks of data. The `Drop` implementation -/// ensures that the underlying wolfSSL RNG context is correctly freed when the -/// `RNG` struct goes out of scope, preventing memory leaks. -pub struct RNG { - pub(crate) wc_rng: sys::WC_RNG, -} - -impl RNG { - /// Initialize a new `RNG` instance. - /// - /// This function wraps the wolfssl library function `wc_InitRng`, which - /// performs the necessary initialization for the RNG context. - /// - /// # Returns - /// - /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new() -> Result { - RNG::new_ex(None, None) - } - - /// Initialize a new `RNG` instance with optional heap and device ID. - /// - /// This function wraps the wolfssl library function `wc_InitRng`, which - /// performs the necessary initialization for the RNG context. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut rng: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitRng_ex(&mut (*rng.as_mut_ptr()).wc_rng, heap, dev_id) - }; - if rc == 0 { - let rng = unsafe { rng.assume_init() }; - Ok(rng) - } else { - Err(rc) - } - } - - /// Initialize a new `RNG` instance and provide a nonce input. - /// - /// This function wraps the wolfssl library function `wc_InitRngNonce`, - /// which performs the necessary initialization for the RNG context and - /// accepts a nonce input buffer. - /// - /// # Returns - /// - /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_with_nonce(nonce: &mut [T]) -> Result { - RNG::new_with_nonce_ex(nonce, None, None) - } - - /// Initialize a new `RNG` instance and provide a nonce input. - /// - /// This function wraps the wolfssl library function `wc_InitRngNonce`, - /// which performs the necessary initialization for the RNG context and - /// accepts a nonce input buffer. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL - /// library return code on failure. - pub fn new_with_nonce_ex(nonce: &mut [T], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let ptr = nonce.as_mut_ptr() as *mut u8; - let size: u32 = (nonce.len() * size_of::()) as u32; - let mut rng: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitRngNonce_ex(&mut (*rng.as_mut_ptr()).wc_rng, ptr, size, heap, dev_id) - }; - if rc == 0 { - let rng = unsafe { rng.assume_init() }; - Ok(rng) - } else { - Err(rc) - } - } - - /// Generate a single cryptographically secure random byte. - /// - /// This method calls the `wc_RNG_GenerateByte` wolfSSL library function to - /// retrieve a random byte from the underlying wolfSSL RNG context. - /// - /// # Returns - /// - /// A `Result` which is `Ok(u8)` containing the random byte on success or - /// an `Err` with the wolfssl library return code on failure. - pub fn generate_byte(&mut self) -> Result { - let mut b: u8 = 0; - let rc = unsafe { sys::wc_RNG_GenerateByte(&mut self.wc_rng, &mut b) }; - if rc == 0 { - Ok(b) - } else { - Err(rc) - } - } - - /// Fill a mutable slice with cryptographically secure random data. - /// - /// This is a generic function that can fill a slice of any type `T` with - /// random bytes. It calculates the total size of the slice in bytes and - /// calls the underlying `wc_RNG_GenerateBlock` wolfssl library function. - /// - /// # Parameters - /// - /// * `buf`: A mutable slice of any type `T` to be filled with random data. - /// - /// # Returns - /// - /// A `Result` which is `Ok(())` on success or an `Err` with the wolfssl - /// library return code on failure. - pub fn generate_block(&mut self, buf: &mut [T]) -> Result<(), i32> { - let ptr = buf.as_mut_ptr() as *mut u8; - let size: u32 = (buf.len() * size_of::()) as u32; - let rc = unsafe { sys::wc_RNG_GenerateBlock(&mut self.wc_rng, ptr, size) }; - if rc == 0 { - Ok(()) - } else { - Err(rc) - } - } -} - -impl Drop for RNG { - /// Safely free the underlying wolfSSL RNG context. - /// - /// This calls the `wc_FreeRng` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the RNG - /// struct goes out of scope, automatically cleaning up resources and - /// preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_FreeRng(&mut self.wc_rng); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/rsa.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,1243 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's RSA -functionality. - -The primary component is the `RSA` struct, which manages the lifecycle of a -wolfSSL `RsaKey` object. It ensures proper initialization and deallocation. - -# Examples - -```rust -use std::fs; -use wolfssl::wolfcrypt::random::RNG; -use wolfssl::wolfcrypt::rsa::RSA; - -let mut rng = RNG::new().expect("Error creating RNG"); -let key_path = "../../../certs/client-keyPub.der"; -let der: Vec = fs::read(key_path).expect("Error reading key file"); -let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); -rsa.set_rng(&mut rng).expect("Error with set_rng()"); -let plain: &[u8] = b"Test message"; -let mut enc: [u8; 512] = [0; 512]; -let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); -assert!(enc_len > 0 && enc_len <= 512); - -let key_path = "../../../certs/client-key.der"; -let der: Vec = fs::read(key_path).expect("Error reading key file"); -let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); -rsa.set_rng(&mut rng).expect("Error with set_rng()"); -let mut plain_out: [u8; 512] = [0; 512]; -let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); -assert!(dec_len as usize == plain.len()); -assert_eq!(plain_out[0..dec_len], *plain); -``` -*/ - -#![cfg(rsa)] - -use crate::sys; -use crate::wolfcrypt::random::RNG; -use std::mem::{MaybeUninit}; - -/// The `RSA` struct manages the lifecycle of a wolfSSL `RsaKey` object. -/// -/// It ensures proper initialization and deallocation. -/// -/// An instance can be created with `new_from_der()`, `new_public_from_der()`, -/// or `generate()`. -pub struct RSA { - wc_rsakey: sys::RsaKey, -} - -impl RSA { - // Hash type constants used for PSS sign and verify methods. - pub const HASH_TYPE_NONE : u32 = sys::wc_HashType_WC_HASH_TYPE_NONE; - pub const HASH_TYPE_MD2 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD2; - pub const HASH_TYPE_MD4 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD4; - pub const HASH_TYPE_MD5 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD5; - #[cfg(sha)] - pub const HASH_TYPE_SHA : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA; - #[cfg(sha256)] - pub const HASH_TYPE_SHA224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA224; - #[cfg(sha256)] - pub const HASH_TYPE_SHA256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA256; - #[cfg(sha512)] - pub const HASH_TYPE_SHA384 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA384; - #[cfg(sha512)] - pub const HASH_TYPE_SHA512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512; - pub const HASH_TYPE_MD5_SHA : u32 = sys::wc_HashType_WC_HASH_TYPE_MD5_SHA; - #[cfg(sha3)] - pub const HASH_TYPE_SHA3_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_224; - #[cfg(sha3)] - pub const HASH_TYPE_SHA3_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_256; - #[cfg(sha3)] - pub const HASH_TYPE_SHA3_384 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_384; - #[cfg(sha3)] - pub const HASH_TYPE_SHA3_512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512; - pub const HASH_TYPE_BLAKE2B : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2B; - pub const HASH_TYPE_BLAKE2S : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2S; - pub const HASH_TYPE_SHA512_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224; - pub const HASH_TYPE_SHA512_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256; - #[cfg(shake128)] - pub const HASH_TYPE_SHAKE128 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE128; - #[cfg(shake256)] - pub const HASH_TYPE_SHAKE256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE256; - - // Mask generation function (MGF) constants used for PSS sign and verify methods. - pub const MGF1NONE : i32 = sys::WC_MGF1NONE as i32; - pub const MGF1SHA1 : i32 = sys::WC_MGF1SHA1 as i32; - pub const MGF1SHA224 : i32 = sys::WC_MGF1SHA224 as i32; - pub const MGF1SHA256 : i32 = sys::WC_MGF1SHA256 as i32; - pub const MGF1SHA384 : i32 = sys::WC_MGF1SHA384 as i32; - pub const MGF1SHA512 : i32 = sys::WC_MGF1SHA512 as i32; - pub const MGF1SHA512_224 : i32 = sys::WC_MGF1SHA512_224 as i32; - pub const MGF1SHA512_256 : i32 = sys::WC_MGF1SHA512_256 as i32; - - // Type constants used for `rsa_direct()`. - pub const PUBLIC_ENCRYPT : i32 = sys::RSA_PUBLIC_ENCRYPT; - pub const PUBLIC_DECRYPT : i32 = sys::RSA_PUBLIC_DECRYPT; - pub const PRIVATE_ENCRYPT : i32 = sys::RSA_PRIVATE_ENCRYPT; - pub const PRIVATE_DECRYPT : i32 = sys::RSA_PRIVATE_DECRYPT; - - /// Load a public and private RSA keypair from DER-encoded buffer. - /// - /// # Parameters - /// - /// * `der`: DER-encoded input buffer. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn new_from_der(der: &[u8]) -> Result { - Self::new_from_der_ex(der, None, None) - } - - /// Load a public and private RSA keypair from DER-encoded buffer with - /// optional heap and device ID. - /// - /// # Parameters - /// - /// * `der`: DER-encoded input buffer. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der_ex(&der, None, None).expect("Error with new_from_der_ex()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn new_from_der_ex(der: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; - let der_ptr = der.as_ptr() as *const u8; - let der_size = der.len() as u32; - let mut idx: u32 = 0; - let rc = unsafe { - sys::wc_RsaPrivateKeyDecode(der_ptr, &mut idx, &mut wc_rsakey, der_size) - }; - if rc != 0 { - unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } - return Err(rc); - } - let rsa = RSA { wc_rsakey }; - Ok(rsa) - } - - /// Load a public RSA key from DER-encoded buffer. - /// - /// # Parameters - /// - /// * `der`: DER-encoded input buffer. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn new_public_from_der(der: &[u8]) -> Result { - Self::new_public_from_der_ex(der, None, None) - } - - /// Load a public RSA key from DER-encoded buffer with optional heap and - /// device ID. - /// - /// # Parameters - /// - /// * `der`: DER-encoded input buffer. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der_ex(&der, None, None).expect("Error with new_public_from_der_ex()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn new_public_from_der_ex(der: &[u8], heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; - let der_ptr = der.as_ptr() as *const u8; - let der_size = der.len() as u32; - let mut idx: u32 = 0; - let rc = unsafe { - sys::wc_RsaPublicKeyDecode(der_ptr, &mut idx, &mut wc_rsakey, der_size) - }; - if rc != 0 { - unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } - return Err(rc); - } - let rsa = RSA { wc_rsakey }; - Ok(rsa) - } - - /// Generate a new RSA key using the given size and exponent. - /// - /// This function generates an RSA private key of length size (in bits) and - /// given exponent (e). It then returns the RSA structure instance so that - /// it may be used for encryption or signing operations. A secure number to - /// use for e is 65537. size is required to be greater than or equal to - /// RSA_MIN_SIZE and less than or equal to RSA_MAX_SIZE. For this function - /// to be available, the option WOLFSSL_KEY_GEN must be enabled at compile - /// time. This can be accomplished with --enable-keygen if using - /// `./configure`. - /// - /// # Parameters - /// - /// * `size`: Desired key length in bits. - /// * `e`: Exponent parameter to use for generating the key. A secure - /// choice is 65537. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while making the key. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - /// rsa.check().expect("Error with check()"); - /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); - /// assert_eq!(encrypt_size, 256); - /// } - /// ``` - #[cfg(rsa_keygen)] - pub fn generate(size: i32, e: i64, rng: &mut RNG) -> Result { - Self::generate_ex(size, e, rng, None, None) - } - - /// Generate a new RSA key using the given size and exponent with optional - /// heap and device ID. - /// - /// This function generates an RSA private key of length size (in bits) and - /// given exponent (e). It then returns the RSA structure instance so that - /// it may be used for encryption or signing operations. A secure number to - /// use for e is 65537. size is required to be greater than or equal to - /// RSA_MIN_SIZE and less than or equal to RSA_MAX_SIZE. For this function - /// to be available, the option WOLFSSL_KEY_GEN must be enabled at compile - /// time. This can be accomplished with --enable-keygen if using - /// `./configure`. - /// - /// # Parameters - /// - /// * `size`: Desired key length in bits. - /// * `e`: Exponent parameter to use for generating the key. A secure - /// choice is 65537. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while making the key. - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate_ex(2048, 65537, &mut rng, None, None).expect("Error with generate_ex()"); - /// rsa.check().expect("Error with check()"); - /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); - /// assert_eq!(encrypt_size, 256); - /// } - /// ``` - #[cfg(rsa_keygen)] - pub fn generate_ex(size: i32, e: i64, rng: &mut RNG, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; - let rc = unsafe { - sys::wc_MakeRsaKey(&mut wc_rsakey, size, e, &mut rng.wc_rng) - }; - if rc != 0 { - unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } - return Err(rc); - } - let rsa = RSA { wc_rsakey }; - Ok(rsa) - } - - /// Export public and private RSA parameters from an RSA key. - /// - /// # Parameters - /// - /// * `e`: Slice in which to hold `e` key parameter. - /// * `e_size`: Output holding the number of bytes written to `e`. - /// * `n`: Slice in which to hold `n` key parameter. - /// * `n_size`: Output holding the number of bytes written to `n`. - /// * `d`: Slice in which to hold `d` key parameter. - /// * `d_size`: Output holding the number of bytes written to `d`. - /// * `p`: Slice in which to hold `p` key parameter. - /// * `p_size`: Output holding the number of bytes written to `p`. - /// * `q`: Slice in which to hold `q` key parameter. - /// * `q_size`: Output holding the number of bytes written to `q`. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - /// let mut e: [u8; 256] = [0; 256]; - /// let mut e_size: u32 = 0; - /// let mut n: [u8; 256] = [0; 256]; - /// let mut n_size: u32 = 0; - /// let mut d: [u8; 256] = [0; 256]; - /// let mut d_size: u32 = 0; - /// let mut p: [u8; 256] = [0; 256]; - /// let mut p_size: u32 = 0; - /// let mut q: [u8; 256] = [0; 256]; - /// let mut q_size: u32 = 0; - /// rsa.export_key(&mut e, &mut e_size, &mut n, &mut n_size, - /// &mut d, &mut d_size, &mut p, &mut p_size, &mut q, &mut q_size).expect("Error with export_key()"); - /// } - /// ``` - pub fn export_key(&mut self, - e: &mut [u8], e_size: &mut u32, - n: &mut [u8], n_size: &mut u32, - d: &mut [u8], d_size: &mut u32, - p: &mut [u8], p_size: &mut u32, - q: &mut [u8], q_size: &mut u32) -> Result<(), i32> { - let e_ptr = e.as_ptr() as *mut u8; - *e_size = e.len() as u32; - let n_ptr = n.as_ptr() as *mut u8; - *n_size = n.len() as u32; - let d_ptr = d.as_ptr() as *mut u8; - *d_size = d.len() as u32; - let p_ptr = p.as_ptr() as *mut u8; - *p_size = p.len() as u32; - let q_ptr = q.as_ptr() as *mut u8; - *q_size = q.len() as u32; - let rc = unsafe { - sys::wc_RsaExportKey(&mut self.wc_rsakey, e_ptr, e_size, - n_ptr, n_size, d_ptr, d_size, p_ptr, p_size, q_ptr, q_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Export public RSA parameters from an RSA key. - /// - /// # Parameters - /// - /// * `e`: Slice in which to hold `e` key parameter. - /// * `e_size`: Output holding the number of bytes written to `e`. - /// * `n`: Slice in which to hold `n` key parameter. - /// * `n_size`: Output holding the number of bytes written to `n`. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - /// let mut e: [u8; 256] = [0; 256]; - /// let mut e_size: u32 = 0; - /// let mut n: [u8; 256] = [0; 256]; - /// let mut n_size: u32 = 0; - /// rsa.export_public_key(&mut e, &mut e_size, &mut n, &mut n_size).expect("Error with export_public_key()"); - /// } - /// ``` - pub fn export_public_key(&mut self, - e: &mut [u8], e_size: &mut u32, - n: &mut [u8], n_size: &mut u32) -> Result<(), i32> { - let e_ptr = e.as_ptr() as *mut u8; - *e_size = e.len() as u32; - let n_ptr = n.as_ptr() as *mut u8; - *n_size = n.len() as u32; - let rc = unsafe { - sys::wc_RsaFlattenPublicKey(&mut self.wc_rsakey, e_ptr, e_size, - n_ptr, n_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Get the encryption size for the RSA key. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); - /// assert_eq!(encrypt_size, 256); - /// } - /// ``` - pub fn get_encrypt_size(&self) -> Result { - let rc = unsafe { sys::wc_RsaEncryptSize(&self.wc_rsakey) }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Check the RSA key. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_keygen)] - /// { - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - /// rsa.check().expect("Error with check()"); - /// } - /// ``` - pub fn check(&mut self) -> Result<(), i32> { - let rc = unsafe { sys::wc_CheckRsaKey(&mut self.wc_rsakey) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Encrypt data using an RSA public key. - /// - /// # Parameters - /// - /// * `din`: Data to encrypt. - /// * `dout`: Buffer in which to store encrypted data. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while encrypting. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn public_encrypt(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaPublicEncrypt(din_ptr, din_size, dout_ptr, dout_size, - &mut self.wc_rsakey, &mut rng.wc_rng) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Decrypt data using an RSA private key. - /// - /// # Parameters - /// - /// * `din`: Data to decrypt. - /// * `dout`: Buffer in which to store decrypted data. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn private_decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaPrivateDecrypt(din_ptr, din_size, dout_ptr, dout_size, - &mut self.wc_rsakey) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Sign the provided data with the private key using RSA-PSS signature - /// scheme. - /// - /// # Parameters - /// - /// * `din`: Data to sign. - /// * `dout`: Buffer in which to store output signature. - /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. - /// * `mgf`: Mask generation function to use, one of RSA::MGF*. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while signing. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); - /// let verify_out = &verify_out[0..verify_out_size]; - /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); - /// - /// let mut verify_out: [u8; 512] = [0; 512]; - /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); - /// ``` - pub fn pss_sign(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32, rng: &mut RNG) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaPSS_Sign(din_ptr, din_size, dout_ptr, dout_size, - hash_algo, mgf, &mut self.wc_rsakey, &mut rng.wc_rng) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Check the PSS data to ensure the signature matches. - /// - /// `set_rng()` must be called previously when wolfSSL is built with - /// WC_RSA_BLINDING option enabled. - /// - /// # Parameters - /// - /// * `din`: Hash of data being verified. - /// * `sig`: Buffer holding PSS data (output from `pss_verify()`). - /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); - /// let verify_out = &verify_out[0..verify_out_size]; - /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); - /// - /// let mut verify_out: [u8; 512] = [0; 512]; - /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); - /// ``` - pub fn pss_check_padding(&mut self, din: &[u8], sig: &[u8], hash_algo: u32) -> Result<(), i32> { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let sig_ptr = sig.as_ptr() as *const u8; - let sig_size = sig.len() as u32; - let rc = unsafe { - sys::wc_RsaPSS_CheckPadding(din_ptr, din_size, sig_ptr, sig_size, - hash_algo) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Decrypt input signature to verify that the message was signed by key. - /// - /// `set_rng()` must be called previously when wolfSSL is built with - /// WC_RSA_BLINDING option enabled. - /// - /// # Parameters - /// - /// * `din`: Input data to decrypt. - /// * `dout`: Buffer in which to store decrypted data. - /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. - /// * `mgf`: Mask generation function to use, one of RSA::MGF*. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); - /// let verify_out = &verify_out[0..verify_out_size]; - /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); - /// - /// let mut verify_out: [u8; 512] = [0; 512]; - /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); - /// ``` - pub fn pss_verify(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaPSS_Verify(din_ptr, din_size, dout_ptr, dout_size, - hash_algo, mgf, &mut self.wc_rsakey) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Verify the message signed with RSA-PSS. - /// - /// This method combines the functionality of `pss_verify()` and - /// `pss_check_padding()`. - /// - /// `set_rng()` must be called previously when wolfSSL is built with - /// WC_RSA_BLINDING option enabled. - /// - /// # Parameters - /// - /// * `din`: Input data to decrypt. - /// * `dout`: Buffer in which to store decrypted data. - /// * `digest`: Hash of data being verified. - /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. - /// * `mgf`: Mask generation function to use, one of RSA::MGF*. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); - /// let verify_out = &verify_out[0..verify_out_size]; - /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); - /// - /// let mut verify_out: [u8; 512] = [0; 512]; - /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); - /// ``` - pub fn pss_verify_check(&mut self, din: &[u8], dout: &mut [u8], digest: &[u8], hash_algo: u32, mgf: i32) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let digest_ptr = digest.as_ptr() as *const u8; - let digest_size = digest.len() as u32; - let rc = unsafe { - sys::wc_RsaPSS_VerifyCheck(din_ptr, din_size, dout_ptr, dout_size, - digest_ptr, digest_size, hash_algo, mgf, &mut self.wc_rsakey) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Perform the RSA operation directly with no padding. - /// - /// The input size must match key size. Typically this is used when padding - /// is already done on the RSA input. - /// - /// # Parameters - /// - /// * `din`: Input data to encrypt/decrypt. - /// * `dout`: Buffer in which to store output. - /// * `typ`: Operation type, one of `RSA::PUBLIC_ENCRYPT`, - /// `RSA::PUBLIC_DECRYPT`, `RSA::PRIVATE_ENCRYPT`, `RSA::PRIVATE_DECRYPT`. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while signing. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// #[cfg(rsa_direct)] - /// { - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg = b"A rsa_direct() test input string"; - /// let mut plain = [0u8; 256]; - /// plain[..msg.len()].copy_from_slice(msg); - /// let mut enc = [0u8; 256]; - /// let enc_len = rsa.rsa_direct(&plain, &mut enc, RSA::PRIVATE_ENCRYPT, &mut rng).expect("Error with rsa_direct()"); - /// assert_eq!(enc_len, 256); - /// let mut plain_out = [0u8; 256]; - /// let dec_len = rsa.rsa_direct(&enc, &mut plain_out, RSA::PUBLIC_DECRYPT, &mut rng).expect("Error with rsa_direct()"); - /// assert_eq!(dec_len, 256); - /// assert_eq!(plain_out, plain); - /// } - /// ``` - #[cfg(rsa_direct)] - pub fn rsa_direct(&mut self, din: &[u8], dout: &mut [u8], typ: i32, rng: &mut RNG) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let mut dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaDirect(din_ptr, din_size, dout_ptr, &mut dout_size, - &mut self.wc_rsakey, typ, &mut rng.wc_rng) - }; - if rc < 0 { - return Err(rc); - } - Ok(dout_size as usize) - } - - /// Associates a `RNG` instance with this `RSA` instance. - /// - /// This is necessary when wolfSSL is built with the `WC_RSA_BLINDING` - /// build option enabled. - /// - /// # Parameters - /// - /// * `rng`: The `RNG` struct instance to associate with this `RSA` - /// instance. The `RNG` struct should not be moved in memory after - /// calling this method. - /// - /// # Returns - /// - /// Returns Ok(()) on success or Err(e) containing the wolfSSL library - /// error code value. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let plain: &[u8] = b"Test message"; - /// let mut enc: [u8; 512] = [0; 512]; - /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - /// assert!(enc_len > 0 && enc_len <= 512); - - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let mut plain_out: [u8; 512] = [0; 512]; - /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - /// assert!(dec_len as usize == plain.len()); - /// assert_eq!(plain_out[0..dec_len], *plain); - /// ``` - pub fn set_rng(&mut self, rng: &mut RNG) -> Result<(), i32> { - let rc = unsafe { - sys::wc_RsaSetRNG(&mut self.wc_rsakey, &mut rng.wc_rng) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Sign the provided data with the private key. - /// - /// # Parameters - /// - /// * `din`: Data to sign. - /// * `dout`: Buffer in which to store output signature. - /// * `rng`: Reference to a `RNG` struct to use for random number - /// generation while signing. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); - /// assert!(verify_out_size > 0 && verify_out_size <= 512); - /// ``` - pub fn ssl_sign(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaSSL_Sign(din_ptr, din_size, dout_ptr, dout_size, - &mut self.wc_rsakey, &mut rng.wc_rng) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } - - /// Decrypt input signature to verify that the message was signed by key. - /// - /// `set_rng()` must be called previously when wolfSSL is built with - /// WC_RSA_BLINDING option enabled. - /// - /// # Parameters - /// - /// * `din`: Input data to decrypt. - /// * `dout`: Buffer in which to store decrypted data. - /// - /// # Returns - /// - /// Returns Ok(size) on success or Err(e) containing the wolfSSL library - /// error code value. - /// The size returned specifies the number of bytes written to the `dout` - /// buffer. - /// - /// # Example - /// - /// ```rust - /// use std::fs; - /// use wolfssl::wolfcrypt::random::RNG; - /// use wolfssl::wolfcrypt::rsa::RSA; - /// - /// let mut rng = RNG::new().expect("Error creating RNG"); - /// - /// let key_path = "../../../certs/client-key.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - /// let msg: &[u8] = b"This is the string to be signed!"; - /// let mut signature: [u8; 512] = [0; 512]; - /// let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); - /// assert!(sig_len > 0 && sig_len <= 512); - /// - /// let key_path = "../../../certs/client-keyPub.der"; - /// let der: Vec = fs::read(key_path).expect("Error reading key file"); - /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); - /// let signature = &signature[0..sig_len]; - /// let mut verify_out: [u8; 512] = [0; 512]; - /// let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); - /// assert!(verify_out_size > 0 && verify_out_size <= 512); - /// ``` - pub fn ssl_verify(&mut self, din: &[u8], dout: &mut [u8]) -> Result { - let din_ptr = din.as_ptr() as *const u8; - let din_size = din.len() as u32; - let dout_ptr = dout.as_ptr() as *mut u8; - let dout_size = dout.len() as u32; - let rc = unsafe { - sys::wc_RsaSSL_Verify(din_ptr, din_size, dout_ptr, dout_size, - &mut self.wc_rsakey) - }; - if rc < 0 { - return Err(rc); - } - Ok(rc as usize) - } -} - -impl Drop for RSA { - /// Safely free the underlying wolfSSL RSA context. - /// - /// This calls the `wc_FreeRsaKey` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the RSA - /// struct goes out of scope, automatically cleaning up resources and - /// preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_FreeRsaKey(&mut self.wc_rsakey); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/sha.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/sha.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/sha.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt/sha.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,2394 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -/*! -This module provides a Rust wrapper for the wolfCrypt library's Secure Hash -Algorithm (SHA) functionality. -*/ - -use crate::sys; -use std::mem::MaybeUninit; - -/// Context for SHA-1 computation. -#[cfg(sha)] -pub struct SHA { - wc_sha: sys::wc_Sha, -} - -#[cfg(sha)] -impl SHA { - /// SHA-1 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA_DIGEST_SIZE as usize; - - /// Build a new SHA instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let sha = SHA::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let sha = SHA::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha_ex(wc_sha.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha = unsafe { wc_sha.assume_init() }; - let sha = SHA { wc_sha }; - Ok(sha) - } - - /// Reinitialize a SHA instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let mut sha = SHA::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA instance for a new hash calculation with optional - /// heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let mut sha = SHA::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha_ex(&mut self.wc_sha, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let mut sha = SHA::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_ShaUpdate(&mut self.wc_sha, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA; - /// let mut sha = SHA::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_ShaFinal(&mut self.wc_sha, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha)] -impl Drop for SHA { - /// Safely free the underlying wolfSSL SHA context. - /// - /// This calls the `wc_ShaFree` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the SHA - /// struct goes out of scope, automatically cleaning up resources and - /// preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_ShaFree(&mut self.wc_sha); } - } -} - -/// Context for SHA-224 (SHA-2) computation. -#[cfg(sha256)] -pub struct SHA224 { - wc_sha224: sys::wc_Sha224, -} - -#[cfg(sha256)] -impl SHA224 { - /// SHA-224 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA224_DIGEST_SIZE as usize; - - /// Build a new SHA224 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA224 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let sha = SHA224::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA224 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA224 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let sha = SHA224::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha224: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha224_ex(wc_sha224.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha224 = unsafe { wc_sha224.assume_init() }; - let sha224 = SHA224 { wc_sha224 }; - Ok(sha224) - } - - /// Reinitialize a SHA224 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let mut sha = SHA224::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA224 instance for a new hash calculation with optional - /// heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let mut sha = SHA224::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha224_ex(&mut self.wc_sha224, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA-224 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let mut sha = SHA224::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha224Update(&mut self.wc_sha224, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA-224 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA224::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA224; - /// let mut sha = SHA224::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA224::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha224Final(&mut self.wc_sha224, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha256)] -impl Drop for SHA224 { - /// Safely free the underlying wolfSSL SHA224 context. - /// - /// This calls the `wc_Sha224Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA224 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha224Free(&mut self.wc_sha224); } - } -} - -/// Context for SHA-256 (SHA-2) computation. -#[cfg(sha256)] -pub struct SHA256 { - wc_sha256: sys::wc_Sha256, -} - -#[cfg(sha256)] -impl SHA256 { - /// SHA-256 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA256_DIGEST_SIZE as usize; - - /// Build a new SHA256 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let sha = SHA256::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA256 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let sha = SHA256::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha256: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha256_ex(wc_sha256.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha256 = unsafe { wc_sha256.assume_init() }; - let sha256 = SHA256 { wc_sha256 }; - Ok(sha256) - } - - /// Reinitialize a SHA256 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let mut sha = SHA256::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA256 instance for a new hash calculation with optional - /// heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let mut sha = SHA256::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha256_ex(&mut self.wc_sha256, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA-256 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let mut sha = SHA256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha256Update(&mut self.wc_sha256, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA-256 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA256::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA256; - /// let mut sha = SHA256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA256::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha256Final(&mut self.wc_sha256, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha256)] -impl Drop for SHA256 { - /// Safely free the underlying wolfSSL SHA256 context. - /// - /// This calls the `wc_Sha256Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA256 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha256Free(&mut self.wc_sha256); } - } -} - -/// Context for SHA-384 (SHA-2) computation. -#[cfg(sha512)] -pub struct SHA384 { - wc_sha384: sys::wc_Sha384, -} - -#[cfg(sha512)] -impl SHA384 { - /// SHA-384 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA384_DIGEST_SIZE as usize; - - /// Build a new SHA384 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA384 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let sha = SHA384::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA384 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA384 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let sha = SHA384::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha384: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha384_ex(wc_sha384.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha384 = unsafe { wc_sha384.assume_init() }; - let sha384 = SHA384 { wc_sha384 }; - Ok(sha384) - } - - /// Reinitialize a SHA384 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let mut sha = SHA384::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA384 instance for a new hash calculation with optional - /// heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let mut sha = SHA384::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha384_ex(&mut self.wc_sha384, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA-384 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let mut sha = SHA384::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha384Update(&mut self.wc_sha384, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA-384 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA384::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA384; - /// let mut sha = SHA384::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA384::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha384Final(&mut self.wc_sha384, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha512)] -impl Drop for SHA384 { - /// Safely free the underlying wolfSSL SHA384 context. - /// - /// This calls the `wc_Sha384Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA384 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha384Free(&mut self.wc_sha384); } - } -} - -/// Context for SHA-512 (SHA-2) computation. -#[cfg(sha512)] -pub struct SHA512 { - wc_sha512: sys::wc_Sha512, -} - -#[cfg(sha512)] -impl SHA512 { - /// SHA-512 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA512_DIGEST_SIZE as usize; - - /// Build a new SHA512 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA512 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let sha = SHA512::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA512 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA512 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let sha = SHA512::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha512: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha512_ex(wc_sha512.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha512 = unsafe { wc_sha512.assume_init() }; - let sha512 = SHA512 { wc_sha512 }; - Ok(sha512) - } - - /// Reinitialize a SHA512 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let mut sha = SHA512::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA512 instance for a new hash calculation with optional - /// heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let mut sha = SHA512::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha512_ex(&mut self.wc_sha512, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA-512 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let mut sha = SHA512::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha512Update(&mut self.wc_sha512, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA-512 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA512::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA512; - /// let mut sha = SHA512::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA512::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha512Final(&mut self.wc_sha512, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha512)] -impl Drop for SHA512 { - /// Safely free the underlying wolfSSL SHA512 context. - /// - /// This calls the `wc_Sha512Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA512 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha512Free(&mut self.wc_sha512); } - } -} - -/// Context for SHA3-224 computation. -#[cfg(sha3)] -pub struct SHA3_224 { - wc_sha3: sys::wc_Sha3, -} - -#[cfg(sha3)] -impl SHA3_224 { - /// SHA3-224 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA3_224_DIGEST_SIZE as usize; - - /// Build a new SHA3_224 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_224 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let sha = SHA3_224::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA3_224 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_224 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let sha = SHA3_224::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_224(wc_sha3.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha3 = unsafe { wc_sha3.assume_init() }; - let sha3_224 = SHA3_224 { wc_sha3 }; - Ok(sha3_224) - } - - /// Reinitialize a SHA3_224 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let mut sha = SHA3_224::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA3_224 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let mut sha = SHA3_224::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_224(&mut self.wc_sha3, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA3-224 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let mut sha = SHA3_224::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha3_224_Update(&mut self.wc_sha3, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA3-224 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA3_224::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_224; - /// let mut sha = SHA3_224::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA3_224::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha3_224_Final(&mut self.wc_sha3, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha3)] -impl Drop for SHA3_224 { - /// Safely free the underlying wolfSSL SHA3_224 context. - /// - /// This calls the `wc_Sha3_224_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA3_224 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha3_224_Free(&mut self.wc_sha3); } - } -} - -/// Context for SHA3-256 computation. -#[cfg(sha3)] -pub struct SHA3_256 { - wc_sha3: sys::wc_Sha3, -} - -#[cfg(sha3)] -impl SHA3_256 { - /// SHA3-256 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA3_256_DIGEST_SIZE as usize; - - /// Build a new SHA3_256 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let sha = SHA3_256::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA3_256 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let sha = SHA3_256::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_256(wc_sha3.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha3 = unsafe { wc_sha3.assume_init() }; - let sha3_256 = SHA3_256 { wc_sha3 }; - Ok(sha3_256) - } - - /// Reinitialize a SHA3_256 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let mut sha = SHA3_256::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA3_256 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let mut sha = SHA3_256::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_256(&mut self.wc_sha3, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA3-256 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let mut sha = SHA3_256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha3_256_Update(&mut self.wc_sha3, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA3-256 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA3_256::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_256; - /// let mut sha = SHA3_256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA3_256::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha3_256_Final(&mut self.wc_sha3, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha3)] -impl Drop for SHA3_256 { - /// Safely free the underlying wolfSSL SHA3_256 context. - /// - /// This calls the `wc_Sha3_256_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA3_256 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha3_256_Free(&mut self.wc_sha3); } - } -} - -/// Context for SHA3-384 computation. -#[cfg(sha3)] -pub struct SHA3_384 { - wc_sha3: sys::wc_Sha3, -} - -#[cfg(sha3)] -impl SHA3_384 { - /// SHA3-384 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA3_384_DIGEST_SIZE as usize; - - /// Build a new SHA3_384 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_384 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let sha = SHA3_384::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA3_384 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_384 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let sha = SHA3_384::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_384(wc_sha3.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha3 = unsafe { wc_sha3.assume_init() }; - let sha3_384 = SHA3_384 { wc_sha3 }; - Ok(sha3_384) - } - - /// Reinitialize a SHA3_384 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let mut sha = SHA3_384::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA3_384 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let mut sha = SHA3_384::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_384(&mut self.wc_sha3, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA3-384 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let mut sha = SHA3_384::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha3_384_Update(&mut self.wc_sha3, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA3-384 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA3_384::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_384; - /// let mut sha = SHA3_384::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA3_384::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha3_384_Final(&mut self.wc_sha3, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha3)] -impl Drop for SHA3_384 { - /// Safely free the underlying wolfSSL SHA3_384 context. - /// - /// This calls the `wc_Sha3_384_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA3_384 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha3_384_Free(&mut self.wc_sha3); } - } -} - -/// Context for SHA3-512 computation. -#[cfg(sha3)] -pub struct SHA3_512 { - wc_sha3: sys::wc_Sha3, -} - -#[cfg(sha3)] -impl SHA3_512 { - /// SHA3-512 digest size in bytes. - pub const DIGEST_SIZE: usize = sys::WC_SHA3_512_DIGEST_SIZE as usize; - - /// Build a new SHA3_512 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_512 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let sha = SHA3_512::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHA3_512 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHA3_512 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let sha = SHA3_512::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_512(wc_sha3.as_mut_ptr(), heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - let wc_sha3 = unsafe { wc_sha3.assume_init() }; - let sha3_512 = SHA3_512 { wc_sha3 }; - Ok(sha3_512) - } - - /// Reinitialize a SHA3_512 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let mut sha = SHA3_512::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHA3_512 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let mut sha = SHA3_512::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { sys::wc_InitSha3_512(&mut self.wc_sha3, heap, dev_id) }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHA3-512 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let mut sha = SHA3_512::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Sha3_512_Update(&mut self.wc_sha3, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHA3-512 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. The length - /// should be SHA3_512::DIGEST_SIZE. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHA3_512; - /// let mut sha = SHA3_512::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; SHA3_512::DIGEST_SIZE]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - if hash.len() != Self::DIGEST_SIZE { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let rc = unsafe { - sys::wc_Sha3_512_Final(&mut self.wc_sha3, hash.as_mut_ptr()) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(sha3)] -impl Drop for SHA3_512 { - /// Safely free the underlying wolfSSL SHA3_512 context. - /// - /// This calls the `wc_Sha3_512_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHA3_512 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Sha3_512_Free(&mut self.wc_sha3); } - } -} - -/// Context for SHAKE128 (SHA-3) computation. -#[cfg(shake128)] -pub struct SHAKE128 { - wc_shake: sys::wc_Shake, -} - -#[cfg(shake128)] -impl SHAKE128 { - /// Squeeze block size. - pub const SQUEEZE_BLOCK_SIZE: usize = sys::WC_SHA3_128_BLOCK_SIZE as usize; - - /// Build a new SHAKE128 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHAKE128 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let sha = SHAKE128::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHAKE128 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHAKE128 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let sha = SHAKE128::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_shake: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitShake128(wc_shake.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let wc_shake = unsafe { wc_shake.assume_init() }; - let shake128 = SHAKE128 { wc_shake }; - Ok(shake128) - } - - /// Reinitialize a SHAKE128 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHAKE128 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitShake128(&mut self.wc_shake, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHAKE128 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Shake128_Update(&mut self.wc_shake, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHAKE128 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; 32]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; - let rc = unsafe { - sys::wc_Shake128_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Absorb the provided byte array. Cannot be called incrementally. - /// - /// # Parameters - /// - /// * `data`: Data buffer to absorb. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.absorb(b"input").expect("Error with absorb()"); - /// ``` - pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Shake128_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Squeeze out more blocks of data. - /// - /// This function can be called inrementally. - /// - /// # Parameters - /// - /// * `dout`: Output buffer. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE128; - /// let mut sha = SHAKE128::new().expect("Error with new()"); - /// sha.absorb(b"input").expect("Error with absorb()"); - /// let mut buffer = [0u8; 2 * SHAKE128::SQUEEZE_BLOCK_SIZE]; - /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); - /// ``` - pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { - let dout_size = dout.len() as u32; - if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let n_blocks = (dout_size / (Self::SQUEEZE_BLOCK_SIZE as u32)) as u32; - let rc = unsafe { - sys::wc_Shake128_SqueezeBlocks(&mut self.wc_shake, dout.as_mut_ptr(), n_blocks) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(shake128)] -impl Drop for SHAKE128 { - /// Safely free the underlying wolfSSL SHAKE128 context. - /// - /// This calls the `wc_Shake128_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHAKE128 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Shake128_Free(&mut self.wc_shake); } - } -} - -/// Context for SHAKE256 (SHA-3) computation. -#[cfg(shake256)] -pub struct SHAKE256 { - wc_shake: sys::wc_Shake, -} - -#[cfg(shake256)] -impl SHAKE256 { - /// Squeeze block size. - pub const SQUEEZE_BLOCK_SIZE: usize = sys::WC_SHA3_256_BLOCK_SIZE as usize; - - /// Build a new SHAKE256 instance. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHAKE256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let sha = SHAKE256::new().expect("Error with new()"); - /// ``` - pub fn new() -> Result { - Self::new_ex(None, None) - } - - /// Build a new SHAKE256 instance with optional heap and device ID. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(sha) containing the SHAKE256 struct instance or Err(e) - /// containing the wolfSSL library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let sha = SHAKE256::new_ex(None, None).expect("Error with new_ex()"); - /// ``` - pub fn new_ex(heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result { - let mut wc_shake: MaybeUninit = MaybeUninit::uninit(); - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitShake256(wc_shake.as_mut_ptr(), heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - let wc_shake = unsafe { wc_shake.assume_init() }; - let shake256 = SHAKE256 { wc_shake }; - Ok(shake256) - } - - /// Reinitialize a SHAKE256 instance for a new hash calculation. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.init().expect("Error with init()"); - /// ``` - pub fn init(&mut self) -> Result<(), i32> { - self.init_ex(None, None) - } - - /// Reinitialize a SHAKE256 instance for a new hash calculation with - /// optional heap and device ID. - /// - /// This does not need to be called after `new()`, but should be called - /// after a hash calculation to prepare for a new calculation. - /// - /// # Parameters - /// - /// * `heap`: Optional heap hint. - /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.init_ex(None, None).expect("Error with init_ex()"); - /// ``` - pub fn init_ex(&mut self, heap: Option<*mut std::os::raw::c_void>, dev_id: Option) -> Result<(), i32> { - let heap = match heap { - Some(heap) => heap, - None => core::ptr::null_mut(), - }; - let dev_id = match dev_id { - Some(dev_id) => dev_id, - None => sys::INVALID_DEVID, - }; - let rc = unsafe { - sys::wc_InitShake256(&mut self.wc_shake, heap, dev_id) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Update the SHAKE256 calculation by feeding in more input data. - /// - /// # Parameters - /// - /// * `data`: Input data. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// ``` - pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Shake256_Update(&mut self.wc_shake, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Finalize the SHAKE256 calculation and retrieve the calculated hash. - /// - /// # Parameters - /// - /// * `hash`: Buffer in which to store the calculated hash. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.update(b"input").expect("Error with update()"); - /// let mut hash = [0u8; 32]; - /// sha.finalize(&mut hash).expect("Error with finalize()"); - /// ``` - pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { - let hash_size = hash.len() as u32; - let rc = unsafe { - sys::wc_Shake256_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Absorb the provided byte array. Cannot be called incrementally. - /// - /// # Parameters - /// - /// * `data`: Data buffer to absorb. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.absorb(b"input").expect("Error with absorb()"); - /// ``` - pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { - let data_size = data.len() as u32; - let rc = unsafe { - sys::wc_Shake256_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } - - /// Squeeze out more blocks of data. - /// - /// This function can be called inrementally. - /// - /// # Parameters - /// - /// * `dout`: Output buffer. - /// - /// # Returns - /// - /// Returns either Ok(()) on success or Err(e) containing the wolfSSL - /// library error code value. - /// - /// # Example - /// - /// ```rust - /// use wolfssl::wolfcrypt::sha::SHAKE256; - /// let mut sha = SHAKE256::new().expect("Error with new()"); - /// sha.absorb(b"input").expect("Error with absorb()"); - /// let mut buffer = [0u8; 2 * SHAKE256::SQUEEZE_BLOCK_SIZE]; - /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); - /// ``` - pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { - let dout_size = dout.len() as u32; - if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { - return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); - } - let n_blocks = (dout_size / (Self::SQUEEZE_BLOCK_SIZE as u32)) as u32; - let rc = unsafe { - sys::wc_Shake256_SqueezeBlocks(&mut self.wc_shake, dout.as_mut_ptr(), n_blocks) - }; - if rc != 0 { - return Err(rc); - } - Ok(()) - } -} - -#[cfg(shake256)] -impl Drop for SHAKE256 { - /// Safely free the underlying wolfSSL SHAKE256 context. - /// - /// This calls the `wc_Shake256_Free` wolfssl library function. - /// - /// The Rust Drop trait guarantees that this method is called when the - /// SHAKE256 struct goes out of scope, automatically cleaning up resources - /// and preventing memory leaks. - fn drop(&mut self) { - unsafe { sys::wc_Shake256_Free(&mut self.wc_shake); } - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/src/wolfcrypt.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -/* - * Copyright (C) 2025 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - -pub mod aes; -pub mod cmac; -pub mod dh; -pub mod ecc; -pub mod ed25519; -pub mod ed448; -pub mod hkdf; -pub mod hmac; -pub mod kdf; -pub mod prf; -pub mod random; -pub mod rsa; -pub mod sha; diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_aes.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_aes.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_aes.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_aes.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,867 +0,0 @@ -#![cfg(aes)] - -use wolfssl::wolfcrypt::aes::*; - -const BIG_MSG: [u8; 384] = [ - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, - 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, - 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, - 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, - 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, - 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, - 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, - 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, - 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, - 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, - 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, - 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 -]; - -#[test] -#[cfg(aes_cbc)] -fn test_cbc_encrypt_decrypt() { - let mut cbc = CBC::new().expect("Failed to create CBC"); - let key: &[u8; 16] = b"0123456789abcdef"; - let iv: &[u8; 16] = b"1234567890abcdef"; - let msg: [u8; 16] = [ - 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, - ]; - let expected_cipher: [u8; 16] = [ - 0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53, - 0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb - ]; - cbc.init_encrypt(key, iv).expect("Error with init_encrypt()"); - let mut cipher: [u8; 16] = [0; 16]; - cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()"); - assert_eq!(&cipher, &expected_cipher); - let mut plain_out = [0; 16]; - cbc.init_decrypt(key, iv).expect("Error with init_decrypt()"); - cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); - assert_eq!(&plain_out, &msg); -} - -#[test] -#[cfg(aes_cbc)] -fn test_cbc_big_msg() { - let mut cbc = CBC::new().expect("Failed to create CBC"); - let big_key = b"0123456789abcdeffedcba9876543210"; - let iv: &[u8; 16] = b"1234567890abcdef"; - let mut big_cipher: [u8; 384] = [0; 384]; - let mut big_plain: [u8; 384] = [0; 384]; - cbc.init_encrypt(big_key, iv).expect("Error with init_encrypt()"); - for i in (0..384).step_by(16) { - cbc.encrypt(&BIG_MSG[i..(i + 16)], &mut big_cipher[i..(i + 16)]).expect("Error with encrypt()"); - } - cbc.init_decrypt(big_key, iv).expect("Error with init_decrypt()"); - for i in (0..384).step_by(16) { - cbc.decrypt(&big_cipher[i..(i + 16)], &mut big_plain[i..(i + 16)]).expect("Error with decrypt()"); - } - assert_eq!(big_plain, BIG_MSG); -} - -#[test] -#[cfg(aes_ccm)] -fn test_ccm_encrypt_decrypt() { - let key: [u8; 16] = [ - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, - 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf - ]; - let nonce: [u8; 13] = [ - 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, - 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 - ]; - let plaintext: [u8; 23] = [ - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e - ]; - let plaintext_long: [u8; 73] = [ - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, - 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, - 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, - 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, - 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, - 0x50 - ]; - let auth_data: [u8; 8] = [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 - ]; - let expected_ciphertext: [u8; 23] = [ - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 - ]; - let expected_auth_tag: [u8; 8] = [ - 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 - ]; - let expected_ciphertext_long: [u8; 73] = [ - 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, - 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, - 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0, - 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8, - 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4, - 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b, - 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e, - 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e, - 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10, - 0x0b - ]; - let expected_auth_tag_long: [u8; 8] = [ - 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4 - ]; - - let mut ccm = CCM::new().expect("Failed to create CCM"); - ccm.init(&key).expect("Error with init()"); - let mut auth_tag_out: [u8; 8] = [0; 8]; - let mut cipher_out: [u8; 23] = [0; 23]; - ccm.encrypt(&plaintext, &mut cipher_out, - &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()"); - assert_eq!(cipher_out, expected_ciphertext); - assert_eq!(auth_tag_out, expected_auth_tag); - ccm.init(&key).expect("Error with init()"); - let mut plain_out: [u8; 23] = [0; 23]; - ccm.decrypt(&cipher_out, &mut plain_out, - &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()"); - assert_eq!(plain_out, plaintext); - - ccm.init(&key).expect("Error with init()"); - let mut auth_tag_long_out: [u8; 8] = [0; 8]; - let mut cipher_long_out: [u8; 73] = [0; 73]; - ccm.encrypt(&plaintext_long, &mut cipher_long_out, - &nonce, &auth_data, &mut auth_tag_long_out).expect("Error with encrypt()"); - assert_eq!(cipher_long_out, expected_ciphertext_long); - assert_eq!(auth_tag_long_out, expected_auth_tag_long); - ccm.init(&key).expect("Error with init()"); - let mut plain_long_out: [u8; 73] = [0; 73]; - ccm.decrypt(&cipher_long_out, &mut plain_long_out, - &nonce, &auth_data, &auth_tag_long_out).expect("Error with decrypt()"); - assert_eq!(plain_long_out, plaintext_long); -} - -#[test] -#[cfg(aes_ccm)] -fn test_ccm_big_msg() { - let mut ccm = CCM::new().expect("Failed to create CCM"); - let big_key = b"0123456789abcdeffedcba9876543210"; - let nonce: [u8; 7] = [0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00]; - let auth_data: [u8; 8] = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]; - let mut big_cipher: [u8; 384] = [0; 384]; - let mut big_plain: [u8; 384] = [0; 384]; - let mut auth_tag: [u8; 8] = [0; 8]; - ccm.init(big_key).expect("Error with init()"); - ccm.encrypt(&BIG_MSG, &mut big_cipher, - &nonce, &auth_data, &mut auth_tag).expect("Error with encrypt()"); - ccm.init(big_key).expect("Error with init()"); - ccm.decrypt(&big_cipher, &mut big_plain, - &nonce, &auth_data, &auth_tag).expect("Error with decrypt()"); - assert_eq!(big_plain, BIG_MSG); -} - -#[test] -#[cfg(aes_cfb)] -fn test_cfb_encrypt_decrypt() { - let mut cfb = CFB::new().expect("Failed to create CFB"); - let key: [u8; 16] = [ - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - ]; - let iv: [u8; 16] = [ - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - ]; - let msg: [u8; 48] = [ - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef - ]; - let cipher: [u8; 48] = [ - 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, - 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, - 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, - 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, - 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, - 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf - ]; - cfb.init(&key, &iv).expect("Error with init()"); - let mut outbuf: [u8; 48] = [0; 48]; - cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()"); - /* Break up encrypt over two operations to test continuation. */ - cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()"); - assert_eq!(outbuf, cipher); - cfb.init(&key, &iv).expect("Error with init()"); - let mut plain: [u8; 48] = [0; 48]; - cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); - assert_eq!(plain, msg); -} - -#[test] -#[cfg(aes_cfb)] -fn test_cfb_big_msg() { - let mut cfb = CFB::new().expect("Failed to create CFB"); - let big_key = b"0123456789abcdeffedcba9876543210"; - let iv: [u8; 16] = [ - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - ]; - let mut big_cipher: [u8; 384] = [0; 384]; - let mut big_plain: [u8; 384] = [0; 384]; - cfb.init(big_key, &iv).expect("Error with init()"); - cfb.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()"); - cfb.init(big_key, &iv).expect("Error with init()"); - cfb.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()"); - assert_eq!(big_plain, BIG_MSG); -} - -#[test] -#[cfg(aes_ctr)] -fn test_ctr_encrypt_decrypt() { - let iv: [u8; 16] = [ - 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, - 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff - ]; - let msg: [u8; 64] = [ - 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, - 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, - 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, - 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, - 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, - 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, - 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, - 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 - ]; - let key: [u8; 16] = [ - 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, - 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c - ]; - let cipher: [u8; 64] = [ - 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, - 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, - 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, - 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, - 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, - 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, - 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, - 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee - ]; - let mut ctr = CTR::new().expect("Failed to create CTR"); - ctr.init(&key, &iv).expect("Error with init()"); - let mut outbuf: [u8; 64] = [0; 64]; - ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); - assert_eq!(outbuf, cipher); - ctr.init(&key, &iv).expect("Error with init()"); - let mut plain: [u8; 64] = [0; 64]; - ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); - assert_eq!(plain, msg); -} - -#[test] -#[cfg(aes_ctr)] -fn test_ctr_big_msg() { - let mut ctr = CTR::new().expect("Failed to create CTR"); - let big_key = b"0123456789abcdeffedcba9876543210"; - let iv: [u8; 16] = [ - 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, - 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f - ]; - let mut big_cipher: [u8; 384] = [0; 384]; - let mut big_plain: [u8; 384] = [0; 384]; - ctr.init(big_key, &iv).expect("Error with init()"); - ctr.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()"); - ctr.init(big_key, &iv).expect("Error with init()"); - ctr.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()"); - assert_eq!(big_plain, BIG_MSG); -} - -#[test] -#[cfg(aes_eax)] -fn test_eax_one_shot_encrypt_decrypt() { - let key: [u8; 16] = [ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f - ]; - let nonce: [u8; 16] = [ - 0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, - 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2 - ]; - let auth: &[u8] = &[]; - let msg: [u8; 32] = [ - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 - ]; - let expected_cipher: [u8; 32] = [ - 0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, - 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, - 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, - 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68 - ]; - let expected_auth_tag: [u8; 16] = [ - 0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, - 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e - ]; - let mut cipher: [u8; 32] = [0; 32]; - let mut auth_tag: [u8; 16] = [0; 16]; - EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()"); - assert_eq!(cipher, expected_cipher); - assert_eq!(auth_tag, expected_auth_tag); - let mut plain: [u8; 32] = [0; 32]; - EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()"); - assert_eq!(plain, msg); -} - -#[test] -#[cfg(aes_ecb)] -fn test_ecb_encrypt_decrypt() { - let mut ecb = ECB::new().expect("Failed to create ECB"); - let key_128: &[u8; 16] = b"0123456789abcdef"; - let msg: [u8; 16] = [ - 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 - ]; - let verify_ecb_128: [u8; 16] = [ - 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, - 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 - ]; - ecb.init_encrypt(key_128).expect("Error with init_encrypt()"); - let mut outbuf: [u8; 16] = [0; 16]; - ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); - assert_eq!(&outbuf, &verify_ecb_128); - outbuf = [0; 16]; - ecb.init_decrypt(key_128).expect("Error with init_decrypt()"); - ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()"); - assert_eq!(&outbuf, &msg); -} - -#[test] -#[cfg(aes_gcm)] -fn test_gcm_encrypt_decrypt() { - let key: [u8; 16] = [ - 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, - 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc - ]; - let iv: [u8; 12] = [ - 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, - 0xe4, 0xed, 0x2f, 0x6d - ]; - let plain: [u8; 32] = [ - 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, - 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, - 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, - 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 - ]; - let auth: [u8; 16] = [ - 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, - 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 - ]; - let expected_cipher: [u8; 32] = [ - 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, - 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, - 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, - 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb - ]; - let expected_auth_tag: [u8; 16] = [ - 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, - 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 - ]; - let mut gcm = GCM::new().expect("Failed to create GCM"); - gcm.init(&key).expect("Error with init()"); - let mut cipher: [u8; 32] = [0; 32]; - let mut auth_tag: [u8; 16] = [0; 16]; - gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()"); - assert_eq!(cipher, expected_cipher); - assert_eq!(auth_tag, expected_auth_tag); - let mut plain_out: [u8; 32] = [0; 32]; - gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_gcm_stream)] -fn test_gcmstream_encrypt_decrypt() { - let plain: [u8; 60] = [ - 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, - 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, - 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, - 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, - 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, - 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, - 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, - 0xba, 0x63, 0x7b, 0x39 - ]; - let auth: [u8; 20] = [ - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, - 0xab, 0xad, 0xda, 0xd2 - ]; - let key: [u8; 32] = [ - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, - 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, - 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 - ]; - let iv: [u8; 12] = [ - 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, - 0xde, 0xca, 0xf8, 0x88 - ]; - let expected_cipher: [u8; 60] = [ - 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, - 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, - 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, - 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, - 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, - 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, - 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, - 0xbc, 0xc9, 0xf6, 0x62 - ]; - let expected_auth_tag: [u8; 16] = [ - 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, - 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b - ]; - let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream"); - for chunk_size in 1..=auth.len() { - gcmstream.init(&key, &iv).expect("Error with init()"); - let mut cipher: [u8; 60] = [0; 60]; - let mut i = 0; - while i < auth.len() { - let mut end = i + chunk_size; - if end > auth.len() { - end = auth.len() - } - gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()"); - i += chunk_size; - } - i = 0; - while i < plain.len() { - let mut end = i + chunk_size; - if end > plain.len() { - end = plain.len() - } - gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()"); - i += chunk_size; - } - let mut auth_tag: [u8; 16] = [0; 16]; - gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()"); - assert_eq!(cipher, expected_cipher); - assert_eq!(auth_tag, expected_auth_tag); - } -} - -#[test] -#[cfg(aes_ofb)] -fn test_ofb_encrypt_decrypt() { - let key: [u8; 32] = [ - 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, - 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, - 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, - 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 - ]; - let iv: [u8; 16] = [ - 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, - 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f - ]; - let plain: [u8; 48] = [ - 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, - 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, - 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, - 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, - 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, - 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c - ]; - let expected_cipher: [u8; 48] = [ - 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, - 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, - 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, - 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, - 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, - 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 - ]; - let mut ofb = OFB::new().expect("Failed to create OFB"); - ofb.init(&key, &iv).expect("Error with init()"); - let mut cipher: [u8; 48] = [0; 48]; - ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()"); - assert_eq!(cipher, expected_cipher); - ofb.init(&key, &iv).expect("Error with init()"); - let mut plain_out: [u8; 48] = [0; 48]; - ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_xts)] -fn test_xts_one_shot() { - let key: [u8; 32] = [ - 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, - 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, - 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, - 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f - ]; - let tweak: [u8; 16] = [ - 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - ]; - let plain: [u8; 16] = [ - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c - ]; - let expected_cipher: [u8; 16] = [ - 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, - 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 - ]; - let partial: [u8; 24] = [ - 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, - 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - ]; - let expected_partial_cipher: [u8; 24] = [ - 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b, - 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b, - 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a - ]; - - let mut xts = XTS::new().expect("Failed to create XTS"); - xts.init_encrypt(&key).expect("Error with init_encrypt()"); - let mut cipher: [u8; 16] = [0; 16]; - xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()"); - assert_eq!(cipher, expected_cipher); - xts.init_decrypt(&key).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 16] = [0; 16]; - xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()"); - assert_eq!(plain_out, plain); - - xts.init_encrypt(&key).expect("Error with init_encrypt()"); - let mut partial_cipher: [u8; 24] = [0; 24]; - xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()"); - assert_eq!(partial_cipher, expected_partial_cipher); - xts.init_decrypt(&key).expect("Error with init_decrypt()"); - let mut partial_out: [u8; 24] = [0; 24]; - xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()"); - assert_eq!(partial_out, partial); -} - -#[test] -#[cfg(aes_xts)] -fn test_xts_sector_128() { - let keys: [u8; 32] = [ - 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, - 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, - 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, - 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c - ]; - let plain: [u8; 16] =[ - 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, - 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c - ]; - let expected_cipher: [u8; 16] = [ - 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, - 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 - ]; - let sector = 141; - - let mut xts = XTS::new().expect("Failed to create XTS"); - xts.init_encrypt(&keys).expect("Error with init_encrypt()"); - let mut cipher: [u8; 16] = [0; 16]; - xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()"); - assert_eq!(cipher, expected_cipher); - - xts.init_decrypt(&keys).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 16] = [0; 16]; - xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_xts)] -fn test_xts_sector_256() { - let keys: [u8; 64] = [ - 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, - 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, - 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, - 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, - 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, - 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, - 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, - 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 - ]; - let plain: [u8; 32] =[ - 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, - 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, - 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, - 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 - ]; - let expected_cipher: [u8; 32] = [ - 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, - 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, - 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, - 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d - ]; - let sector = 187; - - let mut xts = XTS::new().expect("Failed to create XTS"); - xts.init_encrypt(&keys).expect("Error with init_encrypt()"); - let mut cipher: [u8; 32] = [0; 32]; - xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()"); - assert_eq!(cipher, expected_cipher); - - xts.init_decrypt(&keys).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 32] = [0; 32]; - xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_xts)] -fn test_xts_consecutive_sectors() { - let keys: [u8; 32] = [ - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, - 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 - ]; - let plain: [u8; 544] =[ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, - 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, - 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, - 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, - 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, - 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, - 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, - 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, - 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, - 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, - 0xfc, 0xfd, 0xfe, 0xff, - - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, - 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, - 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, - 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, - 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, - 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, - 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, - 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, - 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, - 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, - 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, - 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, - 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, - 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, - 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, - 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, - 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, - 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, - 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, - 0xfc, 0xfd, 0xfe, 0xff, - - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, - 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f - ]; - let expected_cipher: [u8; 544] = [ - 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62, - 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9, - 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37, - 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64, - 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80, - 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4, - 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5, - 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83, - 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24, - 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0, - 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95, - 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9, - 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1, - 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87, - 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc, - 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e, - 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9, - 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5, - 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44, - 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4, - 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08, - 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2, - 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81, - 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79, - 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1, - 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74, - 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68, - 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c, - 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd, - 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6, - 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78, - 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b, - 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f, - 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3, - 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5, - 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2, - 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a, - 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63, - 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17, - 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a, - 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5, - 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7, - 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad, - 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde, - 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44, - 0x24, 0xe7, 0x3d, 0x6f - ]; - let sector = 0x000000ffffffffff; - let sector_size = 512; - - let mut xts = XTS::new().expect("Failed to create XTS"); - xts.init_encrypt(&keys).expect("Error with init_encrypt()"); - let mut cipher: [u8; 544] = [0; 544]; - xts.encrypt_consecutive_sectors(&plain, &mut cipher, sector, sector_size).expect("Error with encrypt_consecutive_sectors()"); - assert_eq!(cipher, expected_cipher); - - xts.init_decrypt(&keys).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 544] = [0; 544]; - xts.decrypt_consecutive_sectors(&cipher, &mut plain_out, sector, sector_size).expect("Error with decrypt_consecutive_sectors()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_xts_stream)] -fn test_xtsstream() { - let keys: [u8; 32] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - ]; - let tweak: [u8; 16] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - ]; - let plain: [u8; 40] = [ - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 - ]; - let expected_cipher: [u8; 40] = [ - 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, - 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, - 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, - 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, - 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD - ]; - - let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); - xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()"); - let mut cipher: [u8; 40] = [0; 40]; - xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()"); - xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()"); - assert_eq!(cipher, expected_cipher); - - xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 40] = [0; 40]; - xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()"); - xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()"); - assert_eq!(plain_out, plain); -} - -#[test] -#[cfg(aes_xts_stream)] -fn test_xtsstream_big_msg() { - let key: [u8; 32] = [ - 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, - 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, - 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, - 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f - ]; - let tweak: [u8; 16] = [ - 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, - 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 - ]; - - let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); - xtsstream.init_encrypt(&key, &tweak).expect("Error with init_encrypt()"); - let mut cipher: [u8; 384] = [0; 384]; - let mut i = 0; - while i < BIG_MSG.len() { - let remaining = BIG_MSG.len() - i; - if remaining < 32 { - xtsstream.encrypt_final(&BIG_MSG[i..BIG_MSG.len()], &mut cipher[i..BIG_MSG.len()]).expect("Error with encrypt_final()"); - i += remaining; - } else { - let end = i + 16; - xtsstream.encrypt_update(&BIG_MSG[i..end], &mut cipher[i..end]).expect("Error with encrypt_update()"); - i += 16; - } - } - - xtsstream.init_decrypt(&key, &tweak).expect("Error with init_decrypt()"); - let mut plain_out: [u8; 384] = [0; 384]; - let mut i = 0; - while i < BIG_MSG.len() { - let remaining = BIG_MSG.len() - i; - if remaining < 32 { - xtsstream.decrypt_final(&cipher[i..BIG_MSG.len()], &mut plain_out[i..BIG_MSG.len()]).expect("Error with decrypt_final()"); - i += remaining; - } else { - let end = i + 16; - xtsstream.decrypt_update(&cipher[i..end], &mut plain_out[i..end]).expect("Error with decrypt_update()"); - i += 16; - } - } - - assert_eq!(plain_out, BIG_MSG); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_cmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_cmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_cmac.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_cmac.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -#![cfg(cmac)] - -use wolfssl::wolfcrypt::cmac::CMAC; - -#[test] -#[cfg(aes)] -fn test_cmac() { - let key = [ - 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, - 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c - ]; - let message = [ - 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, - 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, - ]; - let expected_cmac = [ - 0x07u8, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, - 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c - ]; - let mut cmac = CMAC::new(&key).expect("Error with new()"); - cmac.update(&message).expect("Error with update()"); - let mut finalize_out = [0u8; 16]; - cmac.finalize(&mut finalize_out).expect("Error with finalize()"); - assert_eq!(finalize_out, expected_cmac); - - let mut generate_out = [0u8; 16]; - CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); - assert_eq!(generate_out, finalize_out); - let valid = CMAC::verify(&key, &message, &generate_out).expect("Error with verify()"); - assert!(valid); - - let mut cmac = CMAC::new(&key).expect("Error with new()"); - let mut generate_out = [0u8; 16]; - cmac.generate_ex(&key, &message, &mut generate_out, None, None).expect("Error with generate_ex()"); - assert_eq!(generate_out, finalize_out); - let valid = cmac.verify_ex(&key, &message, &generate_out, None, None).expect("Error with verify_ex()"); - assert!(valid); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_dh.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_dh.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_dh.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_dh.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,204 +0,0 @@ -#![cfg(dh)] - -use wolfssl::wolfcrypt::dh::DH; -use wolfssl::wolfcrypt::random::RNG; - -#[test] -#[cfg(dh_keygen)] -fn test_dh_named_parameters() { - assert_eq!(DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048), 29); - - let mut p_size = 0u32; - let mut g_size = 0u32; - let mut q_size = 0u32; - DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size); - - assert!(p_size > 0u32); - assert!(g_size > 0u32); - let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - - let mut p = [0u8; 256]; - let mut q = [0u8; 256]; - let mut g = [0u8; 256]; - dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); - - assert_ne!(p, [0u8; 256]); - assert_ne!(g, [0u8; 256]); -} - -#[test] -#[cfg(dh_keygen)] -fn test_generate_params() { - let mut rng = RNG::new().expect("Error with RNG::new()"); - let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()"); - - let mut private = [0u8; 256]; - let mut private_size = 0u32; - let mut public = [0u8; 256]; - let mut public_size = 0u32; - dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); -} - -#[test] -#[cfg(dh_keygen)] -fn test_generate_key_pair() { - let mut rng = RNG::new().expect("Error with RNG::new()"); - let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - - let mut p = [0u8; 256]; - let mut q = [0u8; 256]; - let mut g = [0u8; 256]; - let mut p_size = 0u32; - let mut q_size = 0u32; - let mut g_size = 0u32; - dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); - let p = &p[0..(p_size as usize)]; - let g = &g[0..(g_size as usize)]; - - assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None)); - - let mut private = [0u8; 256]; - let mut private_size = 0u32; - let mut public = [0u8; 256]; - let mut public_size = 0u32; - dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - - let private = &private[0..(private_size as usize)]; - let public = &public[0..(public_size as usize)]; - dh.check_key_pair(public, private).expect("Error with check_key_pair()"); - dh.check_priv_key(private).expect("Error with check_priv_key()"); - dh.check_pub_key(public).expect("Error with check_pub_key()"); -} - -#[test] -fn test_dh_checks() { - let p = [ - 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, - 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, - 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, - 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, - 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, - 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, - 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, - 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, - 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, - 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, - 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, - 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, - 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, - 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, - 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, - 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, - 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, - 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, - 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, - 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, - 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, - 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, - 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, - 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, - 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, - 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, - 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, - 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, - 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, - 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, - 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, - 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d - ]; - let g = [ - 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, - 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, - 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, - 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, - 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, - 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, - 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, - 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, - 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, - 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, - 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, - 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, - 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, - 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, - 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, - 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, - 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, - 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, - 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, - 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, - 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, - 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, - 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, - 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, - 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, - 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, - 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, - 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, - 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, - 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, - 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, - 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b - ]; - let q = [ - 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - ]; - let q0 = [ - 0x00u8, - 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, - 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, - 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, - 0x40, 0x52, 0xed, 0x41 - ]; - let mut rng = RNG::new().expect("Error with RNG::new()"); - let _dh = DH::new_from_pg(&p, &g).expect("Error with new_from_pg()"); - let _dh = DH::new_from_pgq(&p, &g, &q).expect("Error with new_from_pgq()"); - let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); - let mut private = [0u8; 256]; - let mut private_size = 0u32; - let mut public = [0u8; 256]; - let mut public_size = 0u32; - dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); - - let private = &private[0..(private_size as usize)]; - let public = &public[0..(public_size as usize)]; - dh.check_priv_key_ex(private, Some(&q)).expect("Error with check_priv_key_ex()"); - DH::check_pub_value(&p, public).expect("Error with check_pub_value()"); - dh.check_pub_key_ex(public, &q0).expect("Error with check_pub_key_ex()"); -} - -#[test] -fn test_dh_shared_secret() { - let mut rng = RNG::new().expect("Error with RNG::new()"); - let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); - - let mut private0 = [0u8; 256]; - let mut private0_size = 0u32; - let mut public0 = [0u8; 256]; - let mut public0_size = 0u32; - dh.generate_key_pair(&mut rng, &mut private0, &mut private0_size, &mut public0, &mut public0_size).expect("Error with generate_key_pair()"); - let private0 = &private0[0..(private0_size as usize)]; - let public0 = &public0[0..(public0_size as usize)]; - - let mut private1 = [0u8; 256]; - let mut private1_size = 0u32; - let mut public1 = [0u8; 256]; - let mut public1_size = 0u32; - dh.generate_key_pair(&mut rng, &mut private1, &mut private1_size, &mut public1, &mut public1_size).expect("Error with generate_key_pair()"); - let private1 = &private1[0..(private1_size as usize)]; - let public1 = &public1[0..(public1_size as usize)]; - - let mut ss0 = [0u8; 256]; - let ss0_size = dh.shared_secret(&mut ss0, private0, public1).expect("Error with shared_secret()"); - let ss0 = &ss0[0..ss0_size]; - - let mut ss1 = [0u8; 256]; - let ss1_size = dh.shared_secret(&mut ss1, private1, public0).expect("Error with shared_secret()"); - let ss1 = &ss1[0..ss1_size]; - - assert_eq!(ss0_size, ss1_size); - assert_eq!(*ss0, *ss1); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ecc.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ecc.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ecc.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ecc.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,321 +0,0 @@ -#![cfg(ecc)] - -use std::fs; -use wolfssl::wolfcrypt::ecc::*; -use wolfssl::wolfcrypt::random::RNG; - -#[test] -fn test_ecc_generate() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - ecc.check().expect("Error with check()"); -} - -#[test] -fn test_ecc_generate_ex() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - assert_eq!(curve_size, 32); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - ecc.check().expect("Error with check()"); -} - -#[test] -#[cfg(all(ecc_import, ecc_export))] -fn test_ecc_import_x963() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - assert_eq!(curve_size, 32); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - ecc.check().expect("Error with check()"); - - let mut x963 = [0u8; 128]; - let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - let x963 = &x963[0..x963_size]; - let mut ecc = ECC::import_x963_ex(x963, ECC::SECP256R1, None, None).expect("Error with import_x963_ex"); - ecc.check().expect("Error with check()"); -} - -#[test] -fn test_ecc_generate_ex2() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - assert_eq!(curve_size, 32); - let mut ecc = ECC::generate_ex2(curve_size, &mut rng, curve_id, ECC::FLAG_COFACTOR, None, None).expect("Error with generate_ex2()"); - ecc.check().expect("Error with check()"); -} - -fn bytes_to_asciiz_hex_string(bytes: &[u8]) -> String { - let mut hex_string = String::with_capacity(bytes.len() * 2 + 1); - for byte in bytes { - hex_string.push_str(&format!("{:02X}", byte)); - } - hex_string.push('\0'); - hex_string -} - -#[test] -#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify))] -fn test_ecc_import_export_sign_verify() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let key_path = "../../../certs/ecc-client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - let hash = [0x42u8; 32]; - let mut signature = [0u8; 128]; - let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - assert!(signature_length > 0 && signature_length <= signature.len()); - - let signature = &mut signature[0..signature_length]; - let key_path = "../../../certs/ecc-client-keyPub.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut ecc = ECC::import_public_der(&der, None, None).expect("Error with import_public_der()"); - let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); - - let mut x963 = [0u8; 128]; - let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - let x963 = &x963[0..x963_size]; - let mut ecc = ECC::import_x963(x963, None, None).expect("Error with import_x963"); - let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); - - #[cfg(ecc_comp_key)] - { - let mut x963 = [0u8; 128]; - let x963_size = ecc.export_x963_compressed(&mut x963).expect("Error with export_x963_compressed()"); - let x963 = &x963[0..x963_size]; - let mut ecc = ECC::import_x963(x963, None, None).expect("Error with import_x963"); - let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); - } - - let mut r = [0u8; 32]; - let mut r_size = 0u32; - let mut s = [0u8; 32]; - let mut s_size = 0u32; - ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); - assert!(r_size > 0 && r_size <= 32); - assert!(s_size > 0 && s_size <= 32); - let r = &r[0..r_size as usize]; - let s = &s[0..s_size as usize]; - let mut sig_out = [0u8; 128]; - let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); - assert_eq!(*signature, *&sig_out[0..sig_out_size]); - - let r_hex_string = bytes_to_asciiz_hex_string(r); - let s_hex_string = bytes_to_asciiz_hex_string(s); - let mut sig_out = [0u8; 128]; - let sig_out_size = ECC::rs_hex_to_sig(&r_hex_string[0..r_hex_string.len()].as_bytes(), &s_hex_string[0..s_hex_string.len()].as_bytes(), &mut sig_out).expect("Error with rs_hex_to_sig()"); - assert_eq!(*signature, *&sig_out[0..sig_out_size]); - - signature[signature.len() - 2] = 0xDEu8; - signature[signature.len() - 1] = 0xADu8; - let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, false); - - ecc.set_rng(&mut rng).expect("Error with set_rng()"); -} - -#[test] -#[cfg(ecc_dh)] -fn test_ecc_shared_secret() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let mut ss0 = [0u8; 128]; - let mut ss1 = [0u8; 128]; - ecc0.set_rng(&mut rng).expect("Error with set_rng()"); - ecc1.set_rng(&mut rng).expect("Error with set_rng()"); - let ss0_size = ecc0.shared_secret(&mut ecc1, &mut ss0).expect("Error with shared_secret()"); - let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); - assert_eq!(ss0_size, ss1_size); - let ss0 = &ss0[0..ss0_size]; - let ss1 = &ss1[0..ss1_size]; - assert_eq!(*ss0, *ss1); - - let mut ss0 = [0u8; 128]; - let ecc_point = ecc1.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); - let ss0_size = ecc0.shared_secret_ex(&ecc_point, &mut ss0).expect("Error with shared_secret_ex()"); - let ss0 = &ss0[0..ss0_size]; - assert_eq!(*ss0, *ss1); -} - -#[test] -#[cfg(ecc_export)] -fn test_ecc_export() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let mut qx = [0u8; 32]; - let mut qx_len = 0u32; - let mut qy = [0u8; 32]; - let mut qy_len = 0u32; - let mut d = [0u8; 32]; - let mut d_len = 0u32; - ecc.export(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len).expect("Error with export()"); -} - -#[test] -#[cfg(ecc_export)] -fn test_ecc_export_ex() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let mut qx = [0u8; 32]; - let mut qx_len = 0u32; - let mut qy = [0u8; 32]; - let mut qy_len = 0u32; - let mut d = [0u8; 32]; - let mut d_len = 0u32; - ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); -} - -#[test] -#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify))] -fn test_ecc_import_export_private() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let hash = [0x42u8; 32]; - let mut signature = [0u8; 128]; - let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - let signature = &signature[0..signature_length]; - - let mut d = [0u8; 32]; - let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); - assert_eq!(d_size, 32); - let mut x963 = [0u8; 128]; - let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - let x963 = &x963[0..x963_size]; - - let mut ecc2 = ECC::import_private_key(&d, x963, None, None).expect("Error with import_private_key()"); - let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); -} - -#[test] -#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify))] -fn test_ecc_import_export_private_ex() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); - let hash = [0x42u8; 32]; - let mut signature = [0u8; 128]; - let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - let signature = &signature[0..signature_length]; - - let mut d = [0u8; 32]; - let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); - assert_eq!(d_size, 32); - let mut x963 = [0u8; 128]; - let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); - let x963 = &x963[0..x963_size]; - - let mut ecc2 = ECC::import_private_key_ex(&d, x963, curve_id, None, None).expect("Error with import_private_key_ex()"); - let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); -} - -#[test] -#[cfg(ecc_export)] -fn test_ecc_export_public() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); - let mut qx = [0u8; 32]; - let mut qx_len = 0u32; - let mut qy = [0u8; 32]; - let mut qy_len = 0u32; - ecc.export_public(&mut qx, &mut qx_len, &mut qy, &mut qy_len).expect("Error with export_public()"); -} - -#[test] -#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify))] -fn test_ecc_import_unsigned() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - let mut qx = [0u8; 32]; - let mut qx_len = 0u32; - let mut qy = [0u8; 32]; - let mut qy_len = 0u32; - let mut d = [0u8; 32]; - let mut d_len = 0u32; - ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); - - let mut ecc2 = ECC::import_unsigned(&qx, &qy, &d, curve_id, None, None).expect("Error with import_unsigned()"); - - let hash = [0x42u8; 32]; - let mut signature = [0u8; 128]; - let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); - let signature = &signature[0..signature_length]; - let valid = ecc2.verify_hash(signature, &hash).expect("Error with verify_hash()"); - assert_eq!(valid, true); -} - -#[test] -fn test_ecc_make_pub() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let key_path = "../../../certs/ecc-client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); - ecc.make_pub(Some(&mut rng)).expect("Error with make_pub()"); - ecc.make_pub(None).expect("Error with make_pub()"); - ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - ecc.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); -} - -#[test] -#[cfg(ecc_export)] -fn test_ecc_point() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - let mut der = [0u8; 128]; - let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); - assert!(size > 0 && size <= der.len()); - ecc_point.forcezero(); -} - -#[test] -#[cfg(all(ecc_import, ecc_export))] -fn test_ecc_point_import() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - let mut der = [0u8; 128]; - let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); - assert!(size > 0 && size <= der.len()); - ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); - ecc_point.forcezero(); -} - -#[test] -#[cfg(all(ecc_import, ecc_export, ecc_comp_key))] -fn test_ecc_point_import_compressed() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let curve_id = ECC::SECP256R1; - let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); - let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); - let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); - let mut der = [0u8; 128]; - let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); - ECCPoint::import_der_ex(&der[0..size], curve_id, 1, None).expect("Error with import_der_ex()"); - ecc_point.forcezero(); -} - -#[test] -#[cfg(ecc_import)] -fn test_ecc_import() { - let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; - let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; - let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; - ECC::import_raw(qx, qy, d, b"SECP256R1\0", None, None).expect("Error with import_raw()"); - ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()"); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed25519.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed25519.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,256 +0,0 @@ -#![cfg(ed25519)] - -use wolfssl::wolfcrypt::random::RNG; -use wolfssl::wolfcrypt::ed25519::*; - -#[test] -#[cfg(all(ed25519_import, ed25519_export))] -fn test_make_public() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - let mut private = [0u8; Ed25519::KEY_SIZE]; - ed.export_private_only(&mut private).expect("Error with export_private_only()"); - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_only(&private).expect("Error with import_private_only()"); - let mut public = [0u8; Ed25519::KEY_SIZE]; - ed.make_public(&mut public).expect("Error with make_public()"); -} - -#[test] -fn test_check_key() { - let mut rng = RNG::new().expect("Error creating RNG"); - let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - ed.check_key().expect("Error with check_key()"); -} - -#[test] -#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] -fn test_sign_verify() { - let private_key = [ - 0xc5u8,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, - 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, - 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, - 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 - ]; - let public_key = [ - 0xfcu8,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, - 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, - 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, - 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 - ]; - let message = [0xAFu8, 0x82]; - let expected_signature = [ - 0x62u8,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, - 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, - 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, - 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, - 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, - 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, - 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, - 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a - ]; - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg(&signature, &message).expect("Error with verify_msg()"); - assert!(signature_valid); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_msg_ex(&message, None, Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg_ex(&signature, &message, None, Ed25519::ED25519).expect("Error with verify_msg_ex()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed25519_import, ed25519_sign, ed25519_streaming_verify))] -fn test_sign_streaming_verify() { - let private_key = [ - 0xc5u8,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, - 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, - 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, - 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 - ]; - let public_key = [ - 0xfcu8,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, - 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, - 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, - 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 - ]; - let message = [0xAFu8, 0x82]; - let expected_signature = [ - 0x62u8,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, - 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, - 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, - 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, - 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, - 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, - 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, - 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a - ]; - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); - assert_eq!(signature, expected_signature); - - ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); - ed.verify_msg_update(&message[0..1]).expect("Error with verify_msg_update()"); - ed.verify_msg_update(&message[1..2]).expect("Error with verify_msg_update()"); - let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] -fn test_ctx_sign_verify() { - let private_key = [ - 0x03u8,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, - 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, - 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, - 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 - ]; - let public_key = [ - 0xdfu8,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, - 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, - 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, - 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 - ]; - let message = [ - 0xf7u8,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, - 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 - ]; - let context = [0x66u8,0x6f,0x6f]; - let expected_signature = [ - 0x55u8,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, - 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, - 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, - 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, - 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, - 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, - 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, - 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d - ]; - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_msg_ctx(&message, &context, &mut signature).expect("Error with sign_msg_ctx()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg_ctx(&signature, &message, &context).expect("Error with verify_msg_ctx()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] -fn test_ph_sign_verify() { - let private_key = [ - 0x83u8,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, - 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, - 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, - 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 - ]; - let public_key = [ - 0xecu8,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, - 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, - 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, - 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf - ]; - let message = [0x61u8,0x62,0x63]; - let context = [0x66u8,0x6f,0x6f]; - let hash = [ - 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, - 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, - 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, - 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, - 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, - 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, - 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, - 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f - ]; - let expected_signature = [ - 0xe0u8,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, - 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, - 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, - 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, - 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, - 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, - 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, - 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e - ]; - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_msg_ph(&message, Some(&context), &mut signature).expect("Error with sign_msg_ph()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg_ph(&signature, &message, Some(&context)).expect("Error with verify_msg_ph()"); - assert!(signature_valid); - - let mut signature = [0u8; Ed25519::SIG_SIZE]; - ed.sign_hash_ph(&hash, Some(&context), &mut signature).expect("Error with sign_hash_ph()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(&context)).expect("Error with verify_hash_ph()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed25519_import, ed25519_export))] -fn test_import_export() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - - let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; - let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; - ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - - let mut public2 = [0u8; Ed25519::PUB_KEY_SIZE]; - ed.export_public(&mut public2).expect("Error with export_public()"); - assert_eq!(public2, public); - - let mut private2 = [0u8; Ed25519::PRV_KEY_SIZE]; - ed.export_private(&mut private2).expect("Error with export_private()"); - assert_eq!(private2, private); - - let mut private_only = [0u8; Ed25519::KEY_SIZE]; - ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); - - let mut ed = Ed25519::new().expect("Error with new()"); - ed.import_private_only(&private_only).expect("Error with import_private_only()"); - ed.import_public(&public).expect("Error with import_public()"); - ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); -} - -#[test] -fn test_sizes() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); - - let size = ed.size().expect("Error with size()"); - assert_eq!(size, Ed25519::KEY_SIZE); - - let size = ed.priv_size().expect("Error with priv_size()"); - assert_eq!(size, Ed25519::PRV_KEY_SIZE); - - let size = ed.pub_size().expect("Error with pub_size()"); - assert_eq!(size, Ed25519::PUB_KEY_SIZE); - - let size = ed.sig_size().expect("Error with sig_size()"); - assert_eq!(size, Ed25519::SIG_SIZE); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed448.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed448.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed448.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_ed448.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,260 +0,0 @@ -#![cfg(ed448)] - -use wolfssl::wolfcrypt::random::RNG; -use wolfssl::wolfcrypt::ed448::*; - -#[test] -#[cfg(all(ed448_import, ed448_export))] -fn test_make_public() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - let mut private = [0u8; Ed448::KEY_SIZE]; - ed.export_private_only(&mut private).expect("Error with export_private_only()"); - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_only(&private).expect("Error with import_private_only()"); - let mut public = [0u8; Ed448::KEY_SIZE]; - ed.make_public(&mut public).expect("Error with make_public()"); -} - -#[test] -fn test_check_key() { - let mut rng = RNG::new().expect("Error creating RNG"); - let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); - ed.check_key().expect("Error with check_key()"); -} - -#[test] -#[cfg(all(ed448_import, ed448_sign, ed448_verify))] -fn test_sign_verify() { - let private_key = [ - 0xc4u8, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - ]; - let public_key = [ - 0x43u8, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - ]; - let message = [0x03u8]; - let context = [0x66u8,0x6f,0x6f]; - let expected_signature = [ - 0xd4u8, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, - 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, - 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, - 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, - 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, - 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, - 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, - 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, - 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, - 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, - 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, - 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, - 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, - 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, - 0x3c, 0x00 - ]; - - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed448::SIG_SIZE]; - ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg(&signature, &message, Some(&context)).expect("Error with verify_msg()"); - assert!(signature_valid); - - let mut signature = [0u8; Ed448::SIG_SIZE]; - ed.sign_msg_ex(&message, Some(&context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg_ex(&signature, &message, Some(&context), Ed448::ED448).expect("Error with verify_msg_ex()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed448_import, ed448_sign, ed448_streaming_verify))] -fn test_sign_streaming_verify() { - let private_key = [ - 0xc4u8, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, - 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, - 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, - 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, - 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, - 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, - 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, - 0x4e - ]; - let public_key = [ - 0x43u8, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, - 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, - 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, - 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, - 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, - 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, - 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, - 0x80 - ]; - let message = [0x03u8]; - let context = [0x66u8,0x6f,0x6f]; - let expected_signature = [ - 0xd4u8, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, - 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, - 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, - 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, - 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, - 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, - 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, - 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, - 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, - 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, - 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, - 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, - 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, - 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, - 0x3c, 0x00 - ]; - - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed448::SIG_SIZE]; - ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); - assert_eq!(signature, expected_signature); - - ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); - ed.verify_msg_update(&message).expect("Error with verify_msg_update()"); - let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed448_import, ed448_sign, ed448_verify))] -fn test_ph_sign_verify() { - let private_key = [ - 0x83u8, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, - 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, - 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, - 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, - 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, - 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, - 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, - 0x49 - ]; - let public_key = [ - 0x25u8, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, - 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, - 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, - 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, - 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, - 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, - 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, - 0x80 - ]; - let message = [0x61u8,0x62,0x63]; - let context = [0x66u8,0x6f,0x6f]; - let hash = [ - 0x48u8, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, - 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, - 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, - 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, - 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, - 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, - 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, - 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 - ]; - let expected_signature = [ - 0xc3u8, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, - 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, - 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, - 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, - 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, - 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, - 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, - 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, - 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, - 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, - 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, - 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, - 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, - 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, - 0x21, 0x00 - ]; - - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); - - let mut signature = [0u8; Ed448::SIG_SIZE]; - ed.sign_msg_ph(&message, Some(&context), &mut signature).expect("Error with sign_msg_ph()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_msg_ph(&signature, &message, Some(&context)).expect("Error with verify_msg_ph()"); - assert!(signature_valid); - - let mut signature = [0u8; Ed448::SIG_SIZE]; - ed.sign_hash_ph(&hash, Some(&context), &mut signature).expect("Error with sign_hash_ph()"); - assert_eq!(signature, expected_signature); - - let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(&context)).expect("Error with verify_hash_ph()"); - assert!(signature_valid); -} - -#[test] -#[cfg(all(ed448_import, ed448_export))] -fn test_import_export() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - - let mut private = [0u8; Ed448::PRV_KEY_SIZE]; - let mut public = [0u8; Ed448::PUB_KEY_SIZE]; - ed.export_key(&mut private, &mut public).expect("Error with export_key()"); - - let mut public2 = [0u8; Ed448::PUB_KEY_SIZE]; - ed.export_public(&mut public2).expect("Error with export_public()"); - assert_eq!(public2, public); - - let mut private2 = [0u8; Ed448::PRV_KEY_SIZE]; - ed.export_private(&mut private2).expect("Error with export_private()"); - assert_eq!(private2, private); - - let mut private_only = [0u8; Ed448::KEY_SIZE]; - ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); - - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); - - let mut ed = Ed448::new().expect("Error with new()"); - ed.import_private_only(&private_only).expect("Error with import_private_only()"); - ed.import_public(&public).expect("Error with import_public()"); - ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); -} - -#[test] -fn test_sizes() { - let mut rng = RNG::new().expect("Error creating RNG"); - let ed = Ed448::generate(&mut rng).expect("Error with generate()"); - - let size = ed.size().expect("Error with size()"); - assert_eq!(size, Ed448::KEY_SIZE); - - let size = ed.priv_size().expect("Error with priv_size()"); - assert_eq!(size, Ed448::PRV_KEY_SIZE); - - let size = ed.pub_size().expect("Error with pub_size()"); - assert_eq!(size, Ed448::PUB_KEY_SIZE); - - let size = ed.sig_size().expect("Error with sig_size()"); - assert_eq!(size, Ed448::SIG_SIZE); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hkdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hkdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hkdf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hkdf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,38 +0,0 @@ -use wolfssl::wolfcrypt::hkdf::*; -use wolfssl::wolfcrypt::hmac::HMAC; -use wolfssl::wolfcrypt::sha::SHA256; - -#[test] -fn test_hkdf_extract_expand() { - let ikm = b"MyPassword0"; - let salt = b"12345678ABCDEFGH"; - let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; - hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); - hkdf_extract_ex(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out, None, None).expect("Error with hkdf_extract_ex()"); - - let info = b"0"; - let mut expand_out = [0u8; 16]; - hkdf_expand(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out).expect("Error with hkdf_expand()"); - hkdf_expand_ex(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out, None, None).expect("Error with hkdf_expand_ex()"); - - let expected_key = [ - 0x17, 0x5F, 0x24, 0xB3, 0x18, 0x20, 0xF3, 0xD4, - 0x71, 0x97, 0x8A, 0x98, 0x9E, 0xB2, 0xC1, 0x35 - ]; - assert_eq!(expand_out, expected_key); -} - -#[test] -fn test_hkdf_one_shot() { - let ikm = b"MyPassword0"; - let salt = b"12345678ABCDEFGH"; - let info = b"0"; - let mut out = [0u8; 16]; - hkdf(HMAC::TYPE_SHA256, ikm, Some(salt), Some(info), &mut out).expect("Error with hkdf()"); - - let expected_out = [ - 0x17, 0x5F, 0x24, 0xB3, 0x18, 0x20, 0xF3, 0xD4, - 0x71, 0x97, 0x8A, 0x98, 0x9E, 0xB2, 0xC1, 0x35 - ]; - assert_eq!(out, expected_out); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hmac.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_hmac.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,47 +0,0 @@ -use wolfssl::wolfcrypt::hmac::*; -use wolfssl::wolfcrypt::sha::SHA256; - -#[test] -fn test_hmac_sha256() { - let hmac_size = HMAC::get_hmac_size_by_type(HMAC::TYPE_SHA256).expect("Error with get_hmac_size_by_type()"); - assert_eq!(hmac_size, SHA256::DIGEST_SIZE); - - let keys: [&[u8]; 5] = [ - b"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", - b"Jefe", - b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", - b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", - b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", - ]; - - let inputs: [&[u8]; 5] = [ - b"Hi There", - b"what do ya want for nothing?", - b"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", - b"", - b"Test Using Larger Than Block-Size Key - Hash Key First", - ]; - - let expected: [&[u8]; 5] = [ - b"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7", - b"\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43", - b"\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe", - b"\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f\x3e\x46", - b"\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54", - ]; - - for i in 0..keys.len() { - let mut hmac = - if keys[i].len() < 14 { - HMAC::new_allow_short_key(HMAC::TYPE_SHA256, keys[i]).expect("Error with new_allow_short_key()") - } else { - HMAC::new(HMAC::TYPE_SHA256, keys[i]).expect("Error with new()") - }; - let hmac_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); - assert_eq!(hmac_size, SHA256::DIGEST_SIZE); - hmac.update(inputs[i]).expect("Error with update()"); - let mut hash = [0u8; SHA256::DIGEST_SIZE]; - hmac.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(*expected[i], hash); - } -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_kdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_kdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_kdf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_kdf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,249 +0,0 @@ -use wolfssl::wolfcrypt::hmac::HMAC; -use wolfssl::wolfcrypt::kdf::*; -use wolfssl::wolfcrypt::sha::SHA256; - -#[test] -#[cfg(kdf_pbkdf2)] -fn test_pbkdf2() { - let password = b"passwordpassword"; - let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; - let iterations = 2048; - let expected_key = [ - 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, - 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 - ]; - - let mut keyout = [0u8; 24]; - pbkdf2(password, &salt, iterations, HMAC::TYPE_SHA256, &mut keyout).expect("Error with pbkdf2()"); - assert_eq!(keyout, expected_key); - - let mut keyout = [0u8; 24]; - pbkdf2_ex(password, &salt, iterations, HMAC::TYPE_SHA256, None, None, &mut keyout).expect("Error with pbkdf2_ex()"); - assert_eq!(keyout, expected_key); -} - -#[test] -#[cfg(kdf_pbkdf2)] -fn test_pkcs12_pbkdf() { - let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; - let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; - let expected_key = [ - 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, - 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, - 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA - ]; - let iterations = 1; - - let mut keyout = [0u8; 24]; - pkcs12_pbkdf(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, &mut keyout).expect("Error with pkcs12_pbkdf()"); - assert_eq!(keyout, expected_key); - - let mut keyout = [0u8; 24]; - pkcs12_pbkdf_ex(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, None, &mut keyout).expect("Error with pkcs12_pbkdf_ex()"); - assert_eq!(keyout, expected_key); -} - -#[test] -#[cfg(kdf_tls13)] -fn test_tls13_hkdf_extract_expand() { - let hash_hello1 = [ - 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, - 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, - 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, - 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b - ]; - let client_early_traffic_secret = [ - 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, - 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, - 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 - ]; - - let mut secret = [0u8; SHA256::DIGEST_SIZE]; - - tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); - tls13_hkdf_extract_ex(HMAC::TYPE_SHA256, None, None, &mut secret, None, None).expect("Error with tls13_hkdf_extract_ex()"); - - let protocol_label = b"tls13 "; - let ce_traffic_label = b"c e traffic"; - let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; - - tls13_hkdf_expand_label(HMAC::TYPE_SHA256, &secret, - protocol_label, ce_traffic_label, - &hash_hello1, &mut expand_out).expect("Error with tls13_hkdf_expand_label()"); - tls13_hkdf_expand_label_ex(HMAC::TYPE_SHA256, &secret, - protocol_label, ce_traffic_label, - &hash_hello1, &mut expand_out, None, None).expect("Error with tls13_hkdf_expand_label_ex()"); - - assert_eq!(expand_out, client_early_traffic_secret); -} - -#[test] -#[cfg(kdf_ssh)] -fn test_ssh_kdf() { - let ssh_kdf_set3_k = [ - 0x6Au8, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1, - 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64, - 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C, - 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22, - 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE, - 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76, - 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75, - 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0, - 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3, - 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E, - 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56, - 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C, - 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63, - 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF, - 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81, - 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD, - 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC, - 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78, - 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA, - 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24, - 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3, - 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60, - 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE, - 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04, - 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7, - 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE, - 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD, - 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F, - 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F, - 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22, - 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56, - 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22 - ]; - let ssh_kdf_set3_h = [ - 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, - 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, - 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, - 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D - ]; - let ssh_kdf_set3_sid = [ - 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, - 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, - 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, - 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D - ]; - let ssh_kdf_set3_a = [ - 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61, - 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9 - ]; - - let mut out = [0u8; 16]; - - ssh_kdf(HMAC::TYPE_SHA256, b'A', &ssh_kdf_set3_k, &ssh_kdf_set3_h, - &ssh_kdf_set3_sid, &mut out).expect("Error with ssh_kdf()"); - - assert_eq!(out, ssh_kdf_set3_a); -} - -#[test] -#[cfg(kdf_srtp)] -fn test_srtp_kdf() { - let key = [ - 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, - 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 - ]; - let salt = [ - 0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, - 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6 - ]; - let index = [ - 0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca - ]; - let expected_ke = [ - 0xdcu8, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a, - 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f - ]; - let expected_ka = [ - 0xb8u8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee, - 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3, - 0xbd, 0x32, 0x6e, 0xe4 - ]; - let expected_ks = [ - 0xf1u8, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6, - 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c - ]; - let mut key_e = [0u8; 16]; - let mut key_a = [0u8; 20]; - let mut key_s = [0u8; 14]; - srtp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtp_kdf()"); - assert_eq!(key_e, expected_ke); - assert_eq!(key_a, expected_ka); - assert_eq!(key_s, expected_ks); - - let mut key_e = [0u8; 16]; - srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_ENCRYPTION, &mut key_e).expect("Error with srtp_kdf_label()"); - assert_eq!(key_e, expected_ke); - - let mut key_a = [0u8; 20]; - srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtp_kdf_label()"); - assert_eq!(key_a, expected_ka); - - let mut key_s = [0u8; 14]; - srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_SALT, &mut key_s).expect("Error with srtp_kdf_label()"); - assert_eq!(key_s, expected_ks); -} - -#[test] -#[cfg(kdf_srtp)] -fn test_srtcp_kdf() { - let key = [ - 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, - 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 - ]; - let salt = [ - 0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, - 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6 - ]; - let index = [ - 0x56u8, 0xf3, 0xf1, 0x97 - ]; - let expected_ke = [ - 0xabu8, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf, - 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38 - ]; - let expected_ka = [ - 0xc5u8, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba, - 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7, - 0xc3, 0xd8, 0x77, 0x0e - ]; - let expected_ks = [ - 0xdeu8, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96, - 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8 - ]; - let mut key_e = [0u8; 16]; - let mut key_a = [0u8; 20]; - let mut key_s = [0u8; 14]; - srtcp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtcp_kdf()"); - assert_eq!(key_e, expected_ke); - assert_eq!(key_a, expected_ka); - assert_eq!(key_s, expected_ks); - - let mut key_e = [0u8; 16]; - srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_ENCRYPTION, &mut key_e).expect("Error with srtcp_kdf_label()"); - assert_eq!(key_e, expected_ke); - - let mut key_a = [0u8; 20]; - srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtcp_kdf_label()"); - assert_eq!(key_a, expected_ka); - - let mut key_s = [0u8; 14]; - srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_SALT, &mut key_s).expect("Error with srtcp_kdf_label()"); - assert_eq!(key_s, expected_ks); -} - -#[test] -#[cfg(kdf_srtp)] -fn test_srtp_kdr_to_idx() { - assert_eq!(srtp_kdr_to_index(0), -1); - assert_eq!(srtp_kdr_to_index(1), 0); - assert_eq!(srtp_kdr_to_index(2), 1); - assert_eq!(srtp_kdr_to_index(4), 2); - assert_eq!(srtp_kdr_to_index(8), 3); - assert_eq!(srtp_kdr_to_index(16), 4); - assert_eq!(srtp_kdr_to_index(65536), 16); - assert_eq!(srtp_kdr_to_index(1048576), 20); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_prf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_prf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_prf.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_prf.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -use wolfssl::wolfcrypt::prf::*; - -#[test] -fn test_kdf_prf() { - let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, - 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, - 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, - 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, - 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, - 0x9d, 0xfc, 0x47]; - - let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, - 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, - 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, - 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, - 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, - 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, - 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; - - let expected = [0xeeu8, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a, - 0xbe, 0xda, 0xc1, 0xf6]; - - let mut out = [0u8; 12]; - - prf(&secret, &seed, PRF_HASH_SHA384, &mut out).expect("Error with prf()"); - - assert_eq!(out, expected); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_random.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_random.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_random.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_random.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,72 +0,0 @@ -use wolfssl::wolfcrypt::random::RNG; - -// Test that RNG::new() returns successfully and that drop() does not panic. -#[test] -fn test_rng_new_and_drop() { - let _rng = RNG::new().expect("Failed to create RNG"); -} - -// Test that RNG::new_ex() returns successfully and that drop() does not panic. -#[test] -fn test_rng_new_ex_and_drop() { - let _rng = RNG::new_ex(None, None).expect("Failed to create RNG"); -} - -// Test that RNG::new_with_nonce() returns successfully and that drop() does -// not panic. -#[test] -fn test_rng_new_with_nonce_and_drop() { - let mut nonce = [1, 2, 3, 4]; - let _rng = RNG::new_with_nonce(&mut nonce).expect("Failed to create RNG"); -} - -// Test that RNG::new_with_nonce_ex() returns successfully and that drop() does -// not panic. -#[test] -fn test_rng_new_with_nonce_ex_and_drop() { - let mut nonce = [1, 2, 3, 4]; - let _rng = RNG::new_with_nonce_ex(&mut nonce, None, None).expect("Failed to create RNG"); -} - -// Test that generate_byte() returns random values. -#[test] -fn test_rng_generate_byte() { - // Since a single 0x00 or 0xFF could occur occasionally, we'll combine four - // bytes into a u32 and make sure they aren't all 0x00 or all 0xFF. - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut v: u32 = 0; - for _i in 0..4 { - let byte = rng.generate_byte().expect("Failed to generate a single byte"); - v = (v << 8) | (byte as u32); - } - assert_ne!(v, 0u32); - assert_ne!(v, 0xFFFF_FFFFu32); -} - -// Test that generate_block works for a slice of u8. -#[test] -fn test_rng_generate_block_u8() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut buffer = [0u8; 32]; - rng.generate_block(&mut buffer).expect("Failed to generate a block of bytes"); - - // Check if the buffer has been modified from its initial state. - let all_zeros = [0u8; 32]; - assert_ne!(buffer, all_zeros); -} - -// Test that generate_block works for a slice of u32. -#[test] -fn test_rng_generate_block_u32() { - let mut rng = RNG::new().expect("Failed to create RNG"); - let mut buffer = [0u32; 8]; - rng.generate_block(&mut buffer).expect("Failed to generate a block of u32"); - - // Check if the buffer has been modified. - let all_zeros = [0u32; 8]; - assert_ne!(buffer, all_zeros); - // Check that the last u32 is populated so the size of the buffer was - // calculated properly. - assert_ne!(buffer[buffer.len() - 1], 0u32); - assert_ne!(buffer[buffer.len() - 1], 0xFFFF_FFFFu32); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_rsa.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_rsa.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_rsa.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_rsa.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,140 +0,0 @@ -#![cfg(rsa)] - -use std::fs; -use wolfssl::wolfcrypt::random::RNG; -use wolfssl::wolfcrypt::rsa::*; - -#[test] -#[cfg(rsa_keygen)] -fn test_rsa_generate() { - let mut rng = RNG::new().expect("Error creating RNG"); - let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); - rsa.check().expect("Error with check()"); - - let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); - assert_eq!(encrypt_size, 256); - - let mut e: [u8; 256] = [0; 256]; - let mut e_size: u32 = 0; - let mut n: [u8; 256] = [0; 256]; - let mut n_size: u32 = 0; - let mut d: [u8; 256] = [0; 256]; - let mut d_size: u32 = 0; - let mut p: [u8; 256] = [0; 256]; - let mut p_size: u32 = 0; - let mut q: [u8; 256] = [0; 256]; - let mut q_size: u32 = 0; - rsa.export_key(&mut e, &mut e_size, &mut n, &mut n_size, - &mut d, &mut d_size, &mut p, &mut p_size, &mut q, &mut q_size).expect("Error with export_key()"); - assert_ne!(e, [0; 256]); - assert!(e_size > 0); - assert_ne!(n, [0; 256]); - assert!(n_size > 0); - assert_ne!(d, [0; 256]); - assert!(d_size > 0); - assert_ne!(p, [0; 256]); - assert!(p_size > 0); - assert_ne!(q, [0; 256]); - assert!(q_size > 0); - - let mut e: [u8; 256] = [0; 256]; - let mut e_size: u32 = 0; - let mut n: [u8; 256] = [0; 256]; - let mut n_size: u32 = 0; - rsa.export_public_key(&mut e, &mut e_size, &mut n, &mut n_size).expect("Error with export_public_key()"); - assert_ne!(e, [0; 256]); - assert!(e_size > 0); - assert_ne!(n, [0; 256]); - assert!(n_size > 0); -} - -#[test] -fn test_rsa_encrypt_decrypt() { - let mut rng = RNG::new().expect("Error creating RNG"); - let key_path = "../../../certs/client-keyPub.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - rsa.set_rng(&mut rng).expect("Error with set_rng()"); - let plain: &[u8] = b"Test message"; - let mut enc: [u8; 512] = [0; 512]; - let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); - assert!(enc_len > 0 && enc_len <= 512); - - let key_path = "../../../certs/client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - rsa.set_rng(&mut rng).expect("Error with set_rng()"); - let mut plain_out: [u8; 512] = [0; 512]; - let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); - assert!(dec_len as usize == plain.len()); - assert_eq!(plain_out[0..dec_len], *plain); -} - -#[test] -#[cfg(sha256)] -fn test_rsa_pss() { - let mut rng = RNG::new().expect("Error creating RNG"); - - let key_path = "../../../certs/client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - let msg: &[u8] = b"This is the string to be signed!"; - let mut signature: [u8; 512] = [0; 512]; - let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); - assert!(sig_len > 0 && sig_len <= 512); - - let key_path = "../../../certs/client-keyPub.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - rsa.set_rng(&mut rng).expect("Error with set_rng()"); - let signature = &signature[0..sig_len]; - let mut verify_out: [u8; 512] = [0; 512]; - let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); - let verify_out = &verify_out[0..verify_out_size]; - rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); - - let mut verify_out: [u8; 512] = [0; 512]; - rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); -} - -#[test] -#[cfg(rsa_direct)] -fn test_rsa_direct() { - let mut rng = RNG::new().expect("Error creating RNG"); - - let key_path = "../../../certs/client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - let msg = b"A rsa_direct() test input string"; - let mut plain = [0u8; 256]; - plain[..msg.len()].copy_from_slice(msg); - let mut enc = [0u8; 256]; - let enc_len = rsa.rsa_direct(&plain, &mut enc, RSA::PRIVATE_ENCRYPT, &mut rng).expect("Error with rsa_direct()"); - assert_eq!(enc_len, 256); - let mut plain_out = [0u8; 256]; - let dec_len = rsa.rsa_direct(&enc, &mut plain_out, RSA::PUBLIC_DECRYPT, &mut rng).expect("Error with rsa_direct()"); - assert_eq!(dec_len, 256); - assert_eq!(plain_out, plain); -} - -#[test] -fn test_rsa_ssl() { - let mut rng = RNG::new().expect("Error creating RNG"); - - let key_path = "../../../certs/client-key.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); - let msg: &[u8] = b"This is the string to be signed!"; - let mut signature: [u8; 512] = [0; 512]; - let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); - assert!(sig_len > 0 && sig_len <= 512); - - let key_path = "../../../certs/client-keyPub.der"; - let der: Vec = fs::read(key_path).expect("Error reading key file"); - let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); - rsa.set_rng(&mut rng).expect("Error with set_rng()"); - let signature = &signature[0..sig_len]; - let mut verify_out: [u8; 512] = [0; 512]; - let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); - assert!(verify_out_size > 0 && verify_out_size <= 512); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_sha.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_sha.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_sha.rs 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl/tests/test_sha.rs 1970-01-01 00:00:00.000000000 +0000 @@ -1,339 +0,0 @@ -use wolfssl::wolfcrypt::sha::*; - -#[test] -#[cfg(sha)] -fn test_sha() { - let mut sha = SHA::new().expect("Error with new()"); - fn test1(sha: &mut SHA, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", b"\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09"); - - test1(&mut sha, b"abc", b"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"); - - test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1"); - - test1(&mut sha, b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - b"\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44\x2A\x25\xEC\x64\x4D"); - - test1(&mut sha, b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - b"\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7\x53\x99\x5E\x26\xA0"); -} - -#[test] -#[cfg(sha256)] -fn test_sha224() { - let mut sha = SHA224::new().expect("Error with new()"); - fn test1(sha: &mut SHA224, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA224::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", b"\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"); - - test1(&mut sha, b"abc", b"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"); - - test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"); -} - -#[test] -#[cfg(sha256)] -fn test_sha256() { - let mut sha = SHA256::new().expect("Error with new()"); - fn test1(sha: &mut SHA256, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA256::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55"); - - test1(&mut sha, b"abc", - b"\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00\x15\xAD"); - - test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB\x06\xC1"); - - test1(&mut sha, - b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", /* this is BLOCKSIZE length */ - b"\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46\x68\xEB"); -} - -#[test] -#[cfg(sha512)] -fn test_sha384() { - let mut sha = SHA384::new().expect("Error with new()"); - fn test1(sha: &mut SHA384, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA384::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b"); - - test1(&mut sha, b"abc", - b"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7"); - - test1(&mut sha, - b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - b"\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91\x74\x60\x39"); -} - -#[test] -#[cfg(sha512)] -fn test_sha512() { - let mut sha = SHA512::new().expect("Error with new()"); - fn test1(sha: &mut SHA512, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA512::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e"); - - test1(&mut sha, b"abc", - b"\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"); - - test1(&mut sha, - b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - b"\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09"); -} - -#[test] -#[cfg(sha3)] -fn test_sha3_224() { - let mut sha = SHA3_224::new().expect("Error with new()"); - fn test1(sha: &mut SHA3_224, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA3_224::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"); - - test1(&mut sha, b"abc", - b"\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"); -} - -#[test] -#[cfg(sha3)] -fn test_sha3_256() { - let mut sha = SHA3_256::new().expect("Error with new()"); - fn test1(sha: &mut SHA3_256, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA3_256::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8\x43\x4a"); - - test1(&mut sha, b"abc", - b"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d\x33\x76"); -} - -#[test] -#[cfg(sha3)] -fn test_sha3_384() { - let mut sha = SHA3_384::new().expect("Error with new()"); - fn test1(sha: &mut SHA3_384, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA3_384::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04"); - - test1(&mut sha, - b"\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4", - b"\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14\x19\x87\x22"); - - test1(&mut sha, b"abc", - b"\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22"); -} - -#[test] -#[cfg(sha3)] -fn test_sha3_512() { - let mut sha = SHA3_512::new().expect("Error with new()"); - fn test1(sha: &mut SHA3_512, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = [0u8; SHA3_512::DIGEST_SIZE]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86\x28\x1d\xcd\x26"); - - test1(&mut sha, b"abc", - b"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e"); -} - -#[test] -#[cfg(shake128)] -fn test_shake128() { - let mut sha = SHAKE128::new().expect("Error with new()"); - fn test1(sha: &mut SHAKE128, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = vec![0u8; expected_hash.len()]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a"); - - test1(&mut sha, b"abc", - b"\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa"); - - test1(&mut sha, - b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", - b"\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f\xa1"); - - test1(&mut sha, - b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", - b"\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4"); -} - -#[test] -#[cfg(shake128)] -fn test_shake128_absorb_squeeze() { - let mut sha = SHAKE128::new().expect("Error with new()"); - fn test1(sha: &mut SHAKE128, input: &[u8], expected_squeeze_out: &[u8]) { - sha.init().expect("Error with init()"); - sha.absorb(input).expect("Error with absorb()"); - let mut squeeze_out = vec![0u8; expected_squeeze_out.len()]; - sha.squeeze_blocks(&mut squeeze_out).expect("Error with squeeze_blocks()"); - assert_eq!(squeeze_out, *expected_squeeze_out); - } - - test1(&mut sha, b"", - b"\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9"); - - test1(&mut sha, b"abc", - b"\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56\x47\x58\x4e"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58\xb4\xc9\x54"); - - test1(&mut sha, - b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", - b"\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e\x55\x4d\x09"); - - test1(&mut sha, - b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", - b"\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5"); -} - -#[test] -#[cfg(shake256)] -fn test_shake256() { - let mut sha = SHAKE256::new().expect("Error with new()"); - fn test1(sha: &mut SHAKE256, input: &[u8], expected_hash: &[u8]) { - sha.init().expect("Error with init()"); - sha.update(input).expect("Error with update()"); - let mut hash = vec![0u8; expected_hash.len()]; - sha.finalize(&mut hash).expect("Error with finalize()"); - assert_eq!(hash, *expected_hash); - } - - test1(&mut sha, b"", - b"\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"); - - test1(&mut sha, b"abc", - b"\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"); - - test1(&mut sha, - b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", - b"\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7\xc2"); - - test1(&mut sha, - b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", - b"\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c"); -} - -#[test] -#[cfg(shake256)] -fn test_shake256_absorb_squeeze() { - let mut sha = SHAKE256::new().expect("Error with new()"); - fn test1(sha: &mut SHAKE256, input: &[u8], expected_squeeze_out: &[u8]) { - sha.init().expect("Error with init()"); - sha.absorb(input).expect("Error with absorb()"); - let mut squeeze_out = vec![0u8; expected_squeeze_out.len()]; - sha.squeeze_blocks(&mut squeeze_out).expect("Error with squeeze_blocks()"); - assert_eq!(squeeze_out, *expected_squeeze_out); - } - - test1(&mut sha, b"", - b"\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd"); - - test1(&mut sha, b"abc", - b"\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc\x29"); - - test1(&mut sha, - b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - b"\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22\x8d"); - - test1(&mut sha, - b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", - b"\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7\xc2"); - - test1(&mut sha, - b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", - b"\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44"); -} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/CHANGELOG.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +# wolfssl-wolfcrypt Change Log + +## v1.2.0 + +- Add LMS wrapper (wolfssl_wolfcrypt::lms module) +- Add ML-DSA wrapper (wolfssl_wolfcrypt::dilithium module) +- Add ML-KEM wrapper (wolfssl_wolfcrypt::mlkem module) +- Fix no_std support +- Add compatibility with older FIPS v5 package + +## v1.1.0 + +- Add FIPS support +- ECC: allow `import_private_*()` calls with empty pub_buf slices +- Add HMAC-BLAKE2[bs] wrappers +- Add support for ChaCha20_Poly1305 +- Add support for Curve25519 +- Add support for BLAKE2b and BLAKE2s + +## v1.0.0 + +- Bump version to 1.0 after testing + +## v0.1.1 + +- Only set link-search and link-arg for local repo build + +## v0.1.0 + +- Initial test version diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.lock 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,294 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aho-corasick" +version = "1.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e60d3430d3a69478ad0993f19238d2df97c507009a52b3c10addcd7f6bcb916" +dependencies = [ + "memchr", +] + +[[package]] +name = "bindgen" +version = "0.72.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895" +dependencies = [ + "bitflags", + "cexpr", + "clang-sys", + "itertools", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash", + "shlex", + "syn", +] + +[[package]] +name = "bitflags" +version = "2.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2261d10cca569e4643e526d8dc2e62e433cc8aba21ab764233731f8d369bf394" + +[[package]] +name = "cexpr" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766" +dependencies = [ + "nom", +] + +[[package]] +name = "cfg-if" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" + +[[package]] +name = "clang-sys" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4" +dependencies = [ + "glob", + "libc", + "libloading", +] + +[[package]] +name = "either" +version = "1.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" + +[[package]] +name = "glob" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280" + +[[package]] +name = "itertools" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186" +dependencies = [ + "either", +] + +[[package]] +name = "libc" +version = "0.2.175" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" + +[[package]] +name = "libloading" +version = "0.8.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07033963ba89ebaf1584d767badaa2e8fcec21aedea6b8c0346d487d49c28667" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "log" +version = "0.4.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" + +[[package]] +name = "memchr" +version = "2.7.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" + +[[package]] +name = "minimal-lexical" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a" + +[[package]] +name = "nom" +version = "7.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a" +dependencies = [ + "memchr", + "minimal-lexical", +] + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.101" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "regex" +version = "1.11.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" +dependencies = [ + "aho-corasick", + "memchr", + "regex-automata", + "regex-syntax", +] + +[[package]] +name = "regex-automata" +version = "0.4.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + +[[package]] +name = "regex-syntax" +version = "0.8.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "caf4aa5b0f434c91fe5c7f1ecb6a5ece2130b02ad2a590589dda5146df959001" + +[[package]] +name = "rustc-hash" +version = "2.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" + +[[package]] +name = "shlex" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64" + +[[package]] +name = "syn" +version = "2.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f63a545481291138910575129486daeaf8ac54aee4387fe7906919f7830c7d9d" + +[[package]] +name = "windows-link" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e6ad25900d524eaabdbbb96d20b4311e1e7ae1699af4fb28c17ae66c80d798a" + +[[package]] +name = "windows-targets" +version = "0.53.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d5fe6031c4041849d7c496a8ded650796e7b6ecc19df1a431c1a363342e5dc91" +dependencies = [ + "windows-link", + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "86b8d5f90ddd19cb4a147a5fa63ca848db3df085e25fee3cc10b39b6eebae764" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c7651a1f62a11b8cbd5e0d42526e55f2c99886c77e007179efff86c2b137e66c" + +[[package]] +name = "windows_i686_gnu" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1dc67659d35f387f5f6c479dc4e28f1d4bb90ddd1a5d3da2e5d97b42d6272c3" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ce6ccbdedbf6d6354471319e781c0dfef054c81fbc7cf83f338a4296c0cae11" + +[[package]] +name = "windows_i686_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "581fee95406bb13382d2f65cd4a908ca7b1e4c2f1917f143ba16efe98a589b5d" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2e55b5ac9ea33f2fc1716d1742db15574fd6fc8dadc51caab1c16a3d3b4190ba" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0a6e035dd0599267ce1ee132e51c27dd29437f63325753051e71dd9e42406c57" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.53.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" + +[[package]] +name = "wolfssl-wolfcrypt" +version = "1.2.0" +dependencies = [ + "bindgen", + "regex", +] diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Cargo.toml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +[package] +name = "wolfssl-wolfcrypt" +version = "1.2.0" +edition = "2024" +description = "Rust wrapper for wolfssl C library cryptographic functionality" +license = "GPL-3.0" +repository = "https://github.com/wolfSSL/wolfssl" +documentation = "https://github.com/wolfSSL/wolfssl/tree/master/wrapper/rust" +keywords = ["wolfssl", "fips", "security", "encryption", "cryptography"] +categories = ["cryptography", "security", "api-bindings"] +readme = "README.md" + +[features] +std = [] + +[build-dependencies] +bindgen = "0.72.1" +regex = "1.5" + +[profile.release] +strip = true +opt-level = "s" +lto = true +codegen-units = 1 +panic = "abort" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Makefile mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Makefile --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/Makefile 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,17 @@ +.PHONY: all +all: + cargo build + cargo clippy + cargo doc + +.PHONY: test +test: + cargo test -- --test-threads=1 + +.PHONY: testfips +testfips: + cargo test --lib --bins --tests -- --test-threads=1 + +.PHONY: clean +clean: + cargo clean diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/README.md mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/README.md --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/README.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/README.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,86 @@ +# wolfssl-wolfcrypt crate + +The `wolfssl-wolfcrypt` crate is a Rust wrapper for the wolfCrypt cryptographic +algorithms portion of the wolfSSL C library. + +## Installation + +The `wolfssl` C library must be installed to be used by the Rust crate. + +The `wolfssl-wolfcrypt` crate can be used by including it as a dependency in +your project's `Cargo.toml` file. + +For example: + +``` +[dependencies] +wolfssl-wolfcrypt = "1.0" +``` + +## API Coverage + +This crate provides a wrapper API for the following wolfCrypt C library +functionality: + + * AES + * CBC, CCM, CFB, CTR, EAX, ECB, GCM, OFB, XTS + * BLAKE2 + * CMAC + * ChaCha20-Poly1305 + * Curve25519 + * DH + * ECC + * Ed25519 + * Ed448 + * HKDF + * HMAC + * LMS + * ML-DSA + * ML-KEM + * PBKDF2 + * PKCS #12 PBKDF + * PRF + * RNG + * RSA + * SHA + * SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA3-224, SHA3-256, SHA3-384, + SHA3-512, SHAKE128, SHAKE256 + * SRTP/SRTCP KDF + * SSH KDF + * TLSv1.3 HKDF + +## Build Notes + +### WOLFSSL_PREFIX + +If the wolfSSL C library is not installed in a default location, you can +specify the installation prefix with the `WOLFSSL_PREFIX` environment variable +when building the `wolfssl-wolfcrypt` crate. + +For example: + +``` +WOLFSSL_PREFIX=/opt/my-wolfssl-build cargo build +``` + +### Cross-Compiling + +Ensure that the target you want to build for is installed for Rust. +For example: + +``` +rustup target add riscv64imac-unknown-none-elf +``` + +Build with the `--target` option if building manually: + +``` +export WOLFSSL_PREFIX=/opt/wolfssl-riscv64 +cargo build --target riscv64imac-unknown-none-elf +``` + +To specify the linker for the target: + +``` +export CARGO_TARGET_RISCV64IMAC_UNKNOWN_NONE_ELF_LINKER=riscv64-elf-gcc +``` diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/build.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/build.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/build.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/build.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,489 @@ +extern crate bindgen; + +use regex::Regex; +use std::env; +use std::fs; +use std::io::{self, Read, Result}; +use std::path::{Path,PathBuf}; + +/// Perform crate build. +fn main() { + if let Err(e) = run_build() { + eprintln!("Build failed: {}", e); + std::process::exit(1); + } +} + +/// Perform all build steps. +/// +/// Returns `Ok(())` if successful, or an error if any step fails. +fn run_build() -> Result<()> { + generate_bindings()?; + generate_fips_aliases()?; + setup_wolfssl_link()?; + scan_cfg()?; + Ok(()) +} + +fn crate_dir() -> Result { + Ok(std::env::current_dir()?.display().to_string()) +} + +fn wolfssl_repo_base_dir() -> Result { + Ok(format!("{}/../../..", crate_dir()?)) +} + +fn wolfssl_repo_lib_dir() -> Result { + Ok(format!("{}/src/.libs", wolfssl_repo_base_dir()?)) +} + +/// Returns the include directory for wolfssl headers. +/// +/// If `WOLFSSL_PREFIX` is set, returns `{WOLFSSL_PREFIX}/include`. +/// Otherwise falls back to the repo root if it exists (for in-tree host builds). +fn wolfssl_include_dir() -> Result> { + if let Ok(prefix) = env::var("WOLFSSL_PREFIX") { + let include_dir = format!("{}/include", prefix); + let wolfssl_dir = Path::new(&include_dir).join("wolfssl"); + if !wolfssl_dir.is_dir() { + println!("cargo:warning=WOLFSSL_PREFIX is set but {} does not exist", wolfssl_dir.display()); + return Ok(None); + } + Ok(Some(include_dir)) + } else { + let base = wolfssl_repo_base_dir()?; + let base_path = Path::new(&base); + // Treat this as an in-tree wolfSSL repo only if the expected layout exists. + let wolfssl_dir = base_path.join("wolfssl"); + let wolfssl_options = wolfssl_dir.join("options.h"); + if wolfssl_options.is_file() { + Ok(Some(base)) + } else { + Ok(None) + } + } +} + +/// Returns the library directory for libwolfssl. +/// +/// If `WOLFSSL_PREFIX` is set, returns `{WOLFSSL_PREFIX}/lib`. +/// Otherwise falls back to the in-tree build output directory if it exists. +fn wolfssl_lib_dir() -> Result> { + if let Ok(prefix) = env::var("WOLFSSL_PREFIX") { + Ok(Some(format!("{}/lib", prefix))) + } else { + let repo_lib_dir = wolfssl_repo_lib_dir()?; + if Path::new(&repo_lib_dir).exists() { + Ok(Some(repo_lib_dir)) + } else { + Ok(None) + } + } +} + +fn bindings_path() -> String { + PathBuf::from(env::var("OUT_DIR").unwrap()).join("bindings.rs").display().to_string() +} + +/// Map a Rust target triple to the equivalent clang target triple. +/// +/// Rust triples embed ISA extensions in the arch component +/// (e.g. `riscv64imac-unknown-none-elf`) while clang uses only the base arch +/// (e.g. `riscv64-unknown-elf`). Bare-metal targets use `--elf` +/// in clang convention. +fn rust_target_to_clang_target(rust_target: &str) -> String { + let parts: Vec<&str> = rust_target.splitn(4, '-').collect(); + if parts.len() < 3 { + return rust_target.to_string(); + } + + // Strip ISA extensions: riscv64imac → riscv64, riscv32imac → riscv32 + let arch = if parts[0].starts_with("riscv64") { + "riscv64" + } else if parts[0].starts_with("riscv32") { + "riscv32" + } else { + parts[0] + }; + + let vendor = parts[1]; + let os = parts[2]; + let abi = parts.get(3).copied().unwrap_or(""); + + // Bare-metal: (os=none, abi=elf) → --elf + if os == "none" && abi == "elf" { + format!("{}-{}-elf", arch, vendor) + } else if abi.is_empty() { + format!("{}-{}-{}", arch, vendor, os) + } else { + format!("{}-{}-{}-{}", arch, vendor, os, abi) + } +} + +/// Return the sysroot path for a bare-metal clang target triple, if it exists. +/// +/// Queries the cross-compiler for its sysroot via `--print-sysroot` rather +/// than assuming a fixed install prefix. Tries the candidate compiler names +/// `--elf-gcc` and `-elf-gcc` (vendor omitted) in order. +/// Returns `None` if no suitable compiler is found or its sysroot is invalid. +fn bare_metal_sysroot(clang_target: &str) -> Option { + let parts: Vec<&str> = clang_target.splitn(3, '-').collect(); + if parts.len() < 3 || !clang_target.ends_with("-elf") { + return None; + } + let (arch, vendor) = (parts[0], parts[1]); + let candidates = [ + format!("{}-{}-elf-gcc", arch, vendor), + format!("{}-elf-gcc", arch), + ]; + for compiler in &candidates { + if let Ok(output) = std::process::Command::new(compiler) + .arg("--print-sysroot") + .output() + && output.status.success() { + let sysroot = String::from_utf8_lossy(&output.stdout).trim().to_string(); + if !sysroot.is_empty() && sysroot != "/" && Path::new(&sysroot).exists() { + return Some(sysroot); + } + } + } + None +} + +/// Generate Rust bindings for the wolfssl C library using bindgen. +/// +/// Returns `Ok(())` if successful, or an error if binding generation fails. +fn generate_bindings() -> Result<()> { + let mut builder = bindgen::Builder::default() + .header("headers.h") + .parse_callbacks(Box::new(bindgen::CargoCallbacks::new())) + .use_core(); + + if let Some(include_dir) = wolfssl_include_dir()? { + builder = builder.clang_arg(format!("-I{}", include_dir)); + } + + // When cross-compiling, tell clang the target so it generates correct + // type layouts and evaluates architecture-specific preprocessor guards. + let target = env::var("TARGET").unwrap(); + let host = env::var("HOST").unwrap(); + if target != host { + let clang_target = rust_target_to_clang_target(&target); + builder = builder.clang_arg(format!("--target={}", clang_target)); + + if target.ends_with("-none-elf") { + // For bare-metal targets, add the toolchain C runtime headers + // (newlib's time.h etc.) using -idirafter so they appear after + // clang's own built-in includes. This lets clang's stdatomic.h + // take priority over newlib's incompatible version. + if let Some(sysroot) = bare_metal_sysroot(&clang_target) { + builder = builder + .clang_arg("-ffreestanding") + .clang_arg(format!("-idirafter{}/include", sysroot)); + } + } + } + + let bindings = builder + .generate() + .map_err(|_| io::Error::other("Failed to generate bindings"))?; + + bindings + .write_to_file(bindings_path()) + .map_err(|e| { + io::Error::other(format!("Couldn't write bindings: {}", e)) + }) +} + +/// Generate FIPS symbol aliases. +/// +/// Since Rust can't use fips.h's #defines which map the "regular" wc function +/// name to the _fips variant, and since bindgen has only seen the _fips +/// variant, we will generate aliases that allow the non-_fips variant function +/// name to be called without the _fips prefix by Rust sources in a manner +/// similar to which C sources would be able to call the non-_fips variant +/// function name. +/// +/// Returns `Ok(())` if successful, or an error if generation fails. +fn generate_fips_aliases() -> Result<()> { + let binding = read_file(bindings_path())?; + let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); + let aliases_path = out_dir.join("fips_aliases.rs"); + + let mut aliases = String::new(); + + // Find all _fips symbol names + let fips_sym_re = Regex::new(r"pub fn (wc_\w+)_fips\s*\(").unwrap(); + + for cap in fips_sym_re.captures_iter(&binding) { + let mut base_name = &cap[1]; + let fips_name = format!("{}_fips", base_name); + + // Exception mappings: (standard_name, fips_name) + // For cases where FIPS name doesn't follow the simple _fips pattern + let exceptions: &[(&str, &str)] = &[ + // _ex suffix changed to Ex before _fips + ("wc_InitRsaKey_ex", "wc_InitRsaKeyEx_fips"), + ("wc_RsaPublicEncrypt_ex", "wc_RsaPublicEncryptEx_fips"), + ("wc_RsaPrivateDecryptInline_ex", "wc_RsaPrivateDecryptInlineEx_fips"), + ("wc_RsaPrivateDecrypt_ex", "wc_RsaPrivateDecryptEx_fips"), + ("wc_RsaPSS_Sign_ex", "wc_RsaPSS_SignEx_fips"), + ("wc_RsaPSS_VerifyInline_ex", "wc_RsaPSS_VerifyInlineEx_fips"), + ("wc_RsaPSS_Verify_ex", "wc_RsaPSS_VerifyEx_fips"), + ("wc_RsaPSS_CheckPadding_ex", "wc_RsaPSS_CheckPaddingEx_fips"), + ("wc_DhSetKey_ex", "wc_DhSetKeyEx_fips"), + ("wc_DhCheckPubKey_ex", "wc_DhCheckPubKeyEx_fips"), + ("wc_DhCheckPrivKey_ex", "wc_DhCheckPrivKeyEx_fips"), + + // Name change + ("wc_PRF_TLS", "wc_PRF_TLSv12_fips"), + ]; + + // Handle exceptions + for (exc_base_name, exc_fips_name) in exceptions { + if fips_name == *exc_fips_name { + base_name = exc_base_name; + break; + } + } + + // Check if the non-_fips version exists in bindings + let non_fips_pattern = format!(r"pub fn {}\s*\(", regex::escape(base_name)); + let non_fips_re = Regex::new(&non_fips_pattern).unwrap(); + + if non_fips_re.is_match(&binding) { + // Add any new known names defined with both a _fips suffix and not + // here. Warn if any new ones are discovered. + let known_both = &[ + "wc_AesGcmEncrypt", + "wc_AesCcmEncrypt", + ]; + if !known_both.contains(&base_name) { + println!("cargo:warning=Skipping FIPS symbols alias for {}", base_name); + } + } else { + // Only alias if the base name doesn't already exist + aliases.push_str(&format!("pub use {} as {};\n", fips_name, base_name)); + } + } + + fs::write(&aliases_path, aliases)?; + + Ok(()) +} + +/// Instruct cargo to link against wolfssl C library +/// +/// Returns `Ok(())` if successful, or an error if any step fails. +fn setup_wolfssl_link() -> Result<()> { + if let Some(lib_dir) = wolfssl_lib_dir()? { + println!("cargo:rustc-link-search={}", lib_dir); + + // Prefer a shared library if present, otherwise fall back to static. + let has_shared = Path::new(&lib_dir).join("libwolfssl.so").exists() + || Path::new(&lib_dir).join("libwolfssl.dylib").exists(); + if has_shared { + println!("cargo:rustc-link-lib=wolfssl"); + // Only set rpath where a dynamic linker exists (not bare-metal). + let target = env::var("TARGET").unwrap(); + if !target.ends_with("-none-elf") { + println!("cargo:rustc-link-arg=-Wl,-rpath,{}", lib_dir); + } + } else { + println!("cargo:rustc-link-lib=static=wolfssl"); + } + } else { + // No local lib dir found; rely on whatever is installed system-wide. + println!("cargo:rustc-link-lib=wolfssl"); + } + + Ok(()) +} + +fn read_file(path: String) -> Result { + let mut file = fs::File::open(path)?; + let mut content = String::new(); + file.read_to_string(&mut content)?; + Ok(content) +} + +fn check_cfg(binding: &str, function_name: &str, cfg_name: &str) -> bool { + let pattern = format!(r"\b{}(_fips)?\b", function_name); + let re = match Regex::new(&pattern) { + Ok(r) => r, + Err(e) => { + eprintln!("Error compiling regex '{}': {}", pattern, e); + std::process::exit(1); + } + }; + println!("cargo::rustc-check-cfg=cfg({})", cfg_name); + if re.is_match(binding) { + println!("cargo:rustc-cfg={}", cfg_name); + true + } else { + false + } +} + +fn scan_cfg() -> Result<()> { + let binding = read_file(bindings_path())?; + + /* aes */ + check_cfg(&binding, "wc_AesSetKey", "aes"); + check_cfg(&binding, "wc_AesCbcEncrypt", "aes_cbc"); + check_cfg(&binding, "wc_AesCcmSetKey", "aes_ccm"); + check_cfg(&binding, "wc_AesCfbEncrypt", "aes_cfb"); + check_cfg(&binding, "wc_AesCtrEncrypt", "aes_ctr"); + check_cfg(&binding, "wc_AesCtsEncrypt", "aes_cts"); + check_cfg(&binding, "wc_AesCfbDecrypt", "aes_decrypt"); + check_cfg(&binding, "wc_AesEaxInit", "aes_eax"); + check_cfg(&binding, "wc_AesEcbEncrypt", "aes_ecb"); + check_cfg(&binding, "wc_AesGcmSetKey", "aes_gcm"); + check_cfg(&binding, "wc_AesGcmInit", "aes_gcm_stream"); + check_cfg(&binding, "wc_AesOfbEncrypt", "aes_ofb"); + check_cfg(&binding, "wc_AesXtsInit", "aes_xts"); + check_cfg(&binding, "wc_AesXtsEncryptInit", "aes_xts_stream"); + check_cfg(&binding, "WC_AES_BLOCK_SIZE", "aes_wc_block_size"); + + /* blake2 */ + check_cfg(&binding, "wc_InitBlake2b", "blake2b"); + check_cfg(&binding, "wc_Blake2bHmac", "blake2b_hmac"); + check_cfg(&binding, "wc_InitBlake2s", "blake2s"); + check_cfg(&binding, "wc_Blake2sHmac", "blake2s_hmac"); + + /* chacha20_poly1305 */ + check_cfg(&binding, "wc_ChaCha20Poly1305_Encrypt", "chacha20_poly1305"); + check_cfg(&binding, "wc_XChaCha20Poly1305_Encrypt", "xchacha20_poly1305"); + + /* cmac */ + check_cfg(&binding, "wc_InitCmac", "cmac"); + + /* curve25519 */ + check_cfg(&binding, "wc_curve25519_make_pub", "curve25519"); + check_cfg(&binding, "wc_curve25519_make_pub_blind", "curve25519_blinding"); + + /* dh */ + check_cfg(&binding, "wc_InitDhKey", "dh"); + check_cfg(&binding, "wc_DhGenerateParams", "dh_keygen"); + check_cfg(&binding, "wc_Dh_ffdhe2048_Get", "dh_ffdhe_2048"); + check_cfg(&binding, "wc_Dh_ffdhe3072_Get", "dh_ffdhe_3072"); + check_cfg(&binding, "wc_Dh_ffdhe4096_Get", "dh_ffdhe_4096"); + check_cfg(&binding, "wc_Dh_ffdhe6144_Get", "dh_ffdhe_6144"); + check_cfg(&binding, "wc_Dh_ffdhe8192_Get", "dh_ffdhe_8192"); + + /* ecc */ + check_cfg(&binding, "wc_ecc_init", "ecc"); + check_cfg(&binding, "wc_ecc_export_point_der_compressed", "ecc_comp_key"); + check_cfg(&binding, "wc_ecc_shared_secret", "ecc_dh"); + check_cfg(&binding, "wc_ecc_sign_hash", "ecc_sign"); + check_cfg(&binding, "wc_ecc_verify_hash", "ecc_verify"); + check_cfg(&binding, "wc_ecc_export_x963", "ecc_export"); + check_cfg(&binding, "wc_ecc_import_x963", "ecc_import"); + if check_cfg(&binding, "ecc_curve_ids_ECC_CURVE_INVALID", "ecc_curve_ids") { + check_cfg(&binding, "ecc_curve_ids_ECC_SM2P256V1", "ecc_curve_sm2p256v1"); + check_cfg(&binding, "ecc_curve_ids_ECC_X25519", "ecc_curve_25519"); + check_cfg(&binding, "ecc_curve_ids_ECC_X448", "ecc_curve_448"); + check_cfg(&binding, "ecc_curve_ids_ECC_SAKKE_1", "ecc_curve_sakke"); + check_cfg(&binding, "ecc_curve_ids_ECC_CURVE_CUSTOM", "ecc_custom_curves"); + } else { + check_cfg(&binding, "ecc_curve_id_ECC_SM2P256V1", "ecc_curve_sm2p256v1"); + check_cfg(&binding, "ecc_curve_id_ECC_X25519", "ecc_curve_25519"); + check_cfg(&binding, "ecc_curve_id_ECC_X448", "ecc_curve_448"); + check_cfg(&binding, "ecc_curve_id_ECC_SAKKE_1", "ecc_curve_sakke"); + check_cfg(&binding, "ecc_curve_id_ECC_CURVE_CUSTOM", "ecc_custom_curves"); + } + + /* ed25519 */ + check_cfg(&binding, "wc_ed25519_init", "ed25519"); + check_cfg(&binding, "wc_ed25519_import_public", "ed25519_import"); + check_cfg(&binding, "wc_ed25519_export_public", "ed25519_export"); + check_cfg(&binding, "wc_ed25519_sign_msg", "ed25519_sign"); + check_cfg(&binding, "wc_ed25519_verify_msg_ex", "ed25519_verify"); + check_cfg(&binding, "wc_ed25519_verify_msg_init", "ed25519_streaming_verify"); + + /* ed448 */ + check_cfg(&binding, "wc_ed448_init", "ed448"); + check_cfg(&binding, "wc_ed448_import_public", "ed448_import"); + check_cfg(&binding, "wc_ed448_export_public", "ed448_export"); + check_cfg(&binding, "wc_ed448_sign_msg", "ed448_sign"); + check_cfg(&binding, "wc_ed448_verify_msg_ex", "ed448_verify"); + check_cfg(&binding, "wc_ed448_verify_msg_init", "ed448_streaming_verify"); + + /* fips */ + check_cfg(&binding, "wc_SetSeed_Cb_fips", "fips"); + + /* hkdf */ + check_cfg(&binding, "wc_HKDF_Extract_ex", "hkdf"); + + /* hmac */ + check_cfg(&binding, "wc_HmacSetKey", "hmac"); + check_cfg(&binding, "wc_HmacSetKey_ex", "hmac_setkey_ex"); + + /* kdf */ + check_cfg(&binding, "wc_PBKDF2", "kdf_pbkdf2"); + check_cfg(&binding, "wc_PKCS12_PBKDF_ex", "kdf_pkcs12"); + check_cfg(&binding, "wc_SRTP_KDF", "kdf_srtp"); + check_cfg(&binding, "wc_SSH_KDF", "kdf_ssh"); + check_cfg(&binding, "wc_Tls13_HKDF_Extract_ex", "kdf_tls13"); + + /* prf */ + check_cfg(&binding, "wc_PRF", "prf"); + + /* random */ + check_cfg(&binding, "wc_RNG_DRBG_Reseed", "random_hashdrbg"); + check_cfg(&binding, "wc_InitRng", "random"); + + /* rsa */ + check_cfg(&binding, "wc_InitRsaKey", "rsa"); + check_cfg(&binding, "wc_RsaDirect", "rsa_direct"); + check_cfg(&binding, "wc_MakeRsaKey", "rsa_keygen"); + check_cfg(&binding, "wc_RsaPSS_Sign", "rsa_pss"); + check_cfg(&binding, "wc_RsaSetRNG", "rsa_setrng"); + check_cfg(&binding, "WC_MGF1SHA512_224", "rsa_mgf1sha512_224"); + check_cfg(&binding, "WC_MGF1SHA512_256", "rsa_mgf1sha512_256"); + // Detect whether wc_RsaExportKey takes a const first arg (new API) or non-const (old API) + let re = Regex::new(r"pub fn wc_RsaExportKey(_fips)?\s*\(\s*\w+\s*:\s*\*\s*const").unwrap(); + println!("cargo::rustc-check-cfg=cfg(rsa_const_api)"); + if re.is_match(&binding) { + println!("cargo:rustc-cfg=rsa_const_api"); + } + + /* dilithium / ML-DSA */ + check_cfg(&binding, "wc_dilithium_init", "dilithium"); + check_cfg(&binding, "wc_dilithium_make_key", "dilithium_make_key"); + check_cfg(&binding, "wc_dilithium_make_key_from_seed", "dilithium_make_key_from_seed"); + check_cfg(&binding, "wc_dilithium_sign_ctx_msg", "dilithium_sign"); + check_cfg(&binding, "wc_dilithium_sign_ctx_msg_with_seed", "dilithium_sign_with_seed"); + check_cfg(&binding, "wc_dilithium_verify_ctx_msg", "dilithium_verify"); + check_cfg(&binding, "wc_dilithium_import_public", "dilithium_import"); + check_cfg(&binding, "wc_dilithium_export_public", "dilithium_export"); + check_cfg(&binding, "wc_dilithium_check_key", "dilithium_check_key"); + check_cfg(&binding, "DILITHIUM_LEVEL2_KEY_SIZE", "dilithium_level2"); + check_cfg(&binding, "DILITHIUM_LEVEL3_KEY_SIZE", "dilithium_level3"); + check_cfg(&binding, "DILITHIUM_LEVEL5_KEY_SIZE", "dilithium_level5"); + check_cfg(&binding, "DILITHIUM_SEED_SZ", "dilithium_make_key_seed_sz"); + check_cfg(&binding, "DILITHIUM_RND_SZ", "dilithium_rnd_sz"); + + /* mlkem / ML-KEM */ + check_cfg(&binding, "wc_MlKemKey_Init", "mlkem"); + + /* lms / HSS */ + check_cfg(&binding, "wc_LmsKey_Init", "lms"); + check_cfg(&binding, "wc_LmsKey_MakeKey", "lms_make_key"); + check_cfg(&binding, "wc_LmsParm_WC_LMS_PARM_L1_H5_W1", "lms_sha256_256"); + check_cfg(&binding, "wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H5_W1", "lms_sha256_192"); + + /* sha */ + check_cfg(&binding, "wc_InitSha", "sha"); + check_cfg(&binding, "wc_InitSha224", "sha224"); + check_cfg(&binding, "wc_InitSha256", "sha256"); + check_cfg(&binding, "wc_InitSha384", "sha384"); + check_cfg(&binding, "wc_InitSha512", "sha512"); + check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_224", "sha512_224"); + check_cfg(&binding, "wc_HashType_WC_HASH_TYPE_SHA512_256", "sha512_256"); + check_cfg(&binding, "wc_InitSha3_224", "sha3"); + check_cfg(&binding, "wc_InitShake128", "shake128"); + check_cfg(&binding, "wc_InitShake256", "shake256"); + + Ok(()) +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/headers.h mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/headers.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/headers.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/headers.h 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +#include "wolfssl/options.h" +#include "wolfssl/wolfcrypt/settings.h" +#include "wolfssl/wolfcrypt/types.h" +#include "wolfssl/wolfcrypt/error-crypt.h" +#include "wolfssl/wolfcrypt/random.h" +#include "wolfssl/wolfcrypt/hmac.h" +#include "wolfssl/wolfcrypt/rsa.h" +#include "wolfssl/wolfcrypt/sha256.h" +#include "wolfssl/wolfcrypt/curve25519.h" +#include "wolfssl/wolfcrypt/ed25519.h" +#include "wolfssl/wolfcrypt/ed448.h" +#include "wolfssl/wolfcrypt/ecc.h" +#include "wolfssl/wolfcrypt/asn_public.h" +#include "wolfssl/wolfcrypt/asn.h" +#include "wolfssl/wolfcrypt/chacha20_poly1305.h" +#include "wolfssl/wolfcrypt/kdf.h" +#include "wolfssl/wolfcrypt/coding.h" +#include "wolfssl/wolfcrypt/signature.h" +#include "wolfssl/wolfcrypt/logging.h" +#include "wolfssl/wolfcrypt/aes.h" +#include "wolfssl/wolfcrypt/pwdbased.h" +#include "wolfssl/wolfcrypt/dilithium.h" +#include "wolfssl/wolfcrypt/mlkem.h" +#include "wolfssl/wolfcrypt/wc_lms.h" diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/aes.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2575 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Advanced +Encryption Standard (AES) functionality. +*/ + +#![cfg(aes)] + +use crate::sys; +use core::mem::{size_of_val, MaybeUninit}; + +#[cfg(aes_wc_block_size)] +pub const AES_BLOCK_SIZE: usize = sys::WC_AES_BLOCK_SIZE as usize; +#[cfg(not(aes_wc_block_size))] +pub const AES_BLOCK_SIZE: usize = sys::AES_BLOCK_SIZE as usize; + +/// AES Cipher Block Chaining (CBC) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_cbc)] +/// { +/// use wolfssl_wolfcrypt::aes::CBC; +/// let mut cbc = CBC::new().expect("Failed to create CBC"); +/// let key: &[u8; 16] = b"0123456789abcdef"; +/// let iv: &[u8; 16] = b"1234567890abcdef"; +/// let msg: [u8; 16] = [ +/// 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, +/// 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, +/// ]; +/// let expected_cipher: [u8; 16] = [ +/// 0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53, +/// 0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb +/// ]; +/// cbc.init_encrypt(key, iv).expect("Error with init_encrypt()"); +/// let mut cipher: [u8; 16] = [0; 16]; +/// cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()"); +/// assert_eq!(&cipher, &expected_cipher); +/// let mut plain_out = [0; 16]; +/// cbc.init_decrypt(key, iv).expect("Error with init_decrypt()"); +/// cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); +/// assert_eq!(&plain_out, &msg); +/// } +/// ``` +#[cfg(aes_cbc)] +pub struct CBC { + ws_aes: sys::Aes, +} +#[cfg(aes_cbc)] +impl CBC { + /// Create a new `CBC` instance. + /// + /// # Returns + /// + /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `CBC` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(CBC) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let cbc = CBC {ws_aes}; + Ok(cbc) + } + + fn init(&mut self, key: &[u8], iv: &[u8], dir: i32) -> Result<(), i32> { + let key_size = key.len() as u32; + if iv.len() != AES_BLOCK_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size, + iv.as_ptr(), dir) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Initialize a CBC instance for encryption. + /// + /// This method must be called before calling `encrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. The + /// IV must be 16 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_encrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + self.init(key, iv, sys::AES_ENCRYPTION as i32) + } + + /// Initialize a CBC instance for decryption. + /// + /// This method must be called before calling `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the decryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. The + /// IV must be 16 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_decrypt(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + self.init(key, iv, sys::AES_DECRYPTION as i32) + } + + /// Encrypt data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. The size of the data must be a multiple of + /// 16 bytes. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCbcEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. The size of the data must be a multiple of + /// 16 bytes. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the data must match that of the `din` slice. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCbcDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_cbc)] +impl Drop for CBC { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Counter with CBC-MAC (CCM) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_ccm)] +/// { +/// use wolfssl_wolfcrypt::aes::CCM; +/// let key: [u8; 16] = [ +/// 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, +/// 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf +/// ]; +/// let nonce: [u8; 13] = [ +/// 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, +/// 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 ]; +/// let plaintext: [u8; 23] = [ +/// 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, +/// 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, +/// 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e +/// ]; +/// let auth_data: [u8; 8] = [ +/// 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 +/// ]; +/// let expected_ciphertext: [u8; 23] = [ +/// 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, +/// 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, +/// 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 +/// ]; +/// let expected_auth_tag: [u8; 8] = [ +/// 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 +/// ]; +/// +/// let mut ccm = CCM::new().expect("Failed to create CCM"); +/// ccm.init(&key).expect("Error with init()"); +/// let mut auth_tag_out: [u8; 8] = [0; 8]; +/// let mut cipher_out: [u8; 23] = [0; 23]; +/// ccm.encrypt(&plaintext, &mut cipher_out, +/// &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()"); +/// assert_eq!(cipher_out, expected_ciphertext); +/// assert_eq!(auth_tag_out, expected_auth_tag); +/// ccm.init(&key).expect("Error with init()"); +/// let mut plain_out: [u8; 23] = [0; 23]; +/// ccm.decrypt(&cipher_out, &mut plain_out, +/// &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()"); +/// assert_eq!(plain_out, plaintext); +/// } +/// ``` +#[cfg(aes_ccm)] +pub struct CCM { + ws_aes: sys::Aes, +} +#[cfg(aes_ccm)] +impl CCM { + /// Create a new `CCM` instance. + /// + /// # Returns + /// + /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `CCM` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(CCM) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let ccm = CCM {ws_aes}; + Ok(ccm) + } + + /// Initialize a CCM instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt()` or `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesCcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `nonce`: Nonce (number used once). + /// * `auth`: Authentication data input. + /// * `auth_tag`: Buffer in which to store the authentication tag. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &mut [A]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let nonce_ptr = nonce.as_ptr() as *const u8; + let nonce_size = size_of_val(nonce) as u32; + let auth_ptr = auth.as_ptr() as *const u8; + let auth_size = size_of_val(auth) as u32; + let auth_tag_ptr = auth_tag.as_mut_ptr() as *mut u8; + let auth_tag_size = size_of_val(auth_tag) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCcmEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size, + nonce_ptr, nonce_size, auth_tag_ptr, auth_tag_size, + auth_ptr, auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `nonce`: Nonce (number used once). + /// * `auth`: Authentication data input. + /// * `auth_tag`: Authentication tag input to verify. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O], nonce: &[N], auth: &[A], auth_tag: &[A]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let nonce_ptr = nonce.as_ptr() as *const u8; + let nonce_size = size_of_val(nonce) as u32; + let auth_ptr = auth.as_ptr() as *const u8; + let auth_size = size_of_val(auth) as u32; + let auth_tag_ptr = auth_tag.as_ptr() as *const u8; + let auth_tag_size = size_of_val(auth_tag) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCcmDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size, + nonce_ptr, nonce_size, auth_tag_ptr, auth_tag_size, + auth_ptr, auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_ccm)] +impl Drop for CCM { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Cipher FeedBack (CFB) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_cfb)] +/// { +/// use wolfssl_wolfcrypt::aes::CFB; +/// let mut cfb = CFB::new().expect("Failed to create CFB"); +/// let key: [u8; 16] = [ +/// 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, +/// 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c +/// ]; +/// let iv: [u8; 16] = [ +/// 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, +/// 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f +/// ]; +/// let msg: [u8; 48] = [ +/// 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, +/// 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, +/// 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, +/// 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, +/// 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, +/// 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef +/// ]; +/// let cipher: [u8; 48] = [ +/// 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, +/// 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, +/// 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, +/// 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, +/// 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, +/// 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf +/// ]; +/// cfb.init(&key, &iv).expect("Error with init()"); +/// let mut outbuf: [u8; 48] = [0; 48]; +/// cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()"); +/// cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()"); +/// assert_eq!(outbuf, cipher); +/// cfb.init(&key, &iv).expect("Error with init()"); +/// let mut plain: [u8; 48] = [0; 48]; +/// #[cfg(aes_decrypt)] +/// { +/// cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); +/// assert_eq!(plain, msg); +/// } +/// } +/// ``` +#[cfg(aes_cfb)] +pub struct CFB { + ws_aes: sys::Aes, +} +#[cfg(aes_cfb)] +impl CFB { + /// Create a new `CFB` instance. + /// + /// # Returns + /// + /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `CFB` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(CFB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let cfb = CFB {ws_aes}; + Ok(cfb) + } + + /// Initialize a CFB instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt()`, `encrypt1()`, + /// `encrypt8()`, `decrypt()`, `decrypt1()`, or `decrypt8()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. The + /// IV must be 16 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + if iv.len() != AES_BLOCK_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size, + iv.as_ptr(), sys::AES_ENCRYPTION as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data in full-block CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data in 1-bit CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfb1Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data in 8-bit CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfb8Encrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data in full-block CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + #[cfg(aes_decrypt)] + pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data in 1-bit CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + #[cfg(aes_decrypt)] + pub fn decrypt1(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfb1Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data in 8-bit CFB mode. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + #[cfg(aes_decrypt)] + pub fn decrypt8(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCfb8Decrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_cfb)] +impl Drop for CFB { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Counter (CTR) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_ctr)] +/// { +/// use wolfssl_wolfcrypt::aes::CTR; +/// let iv: [u8; 16] = [ +/// 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, +/// 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff +/// ]; +/// let msg: [u8; 64] = [ +/// 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, +/// 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, +/// 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, +/// 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, +/// 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, +/// 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, +/// 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, +/// 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 +/// ]; +/// let key: [u8; 16] = [ +/// 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, +/// 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c +/// ]; +/// let cipher: [u8; 64] = [ +/// 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, +/// 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, +/// 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, +/// 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, +/// 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, +/// 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, +/// 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, +/// 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee +/// ]; +/// let mut ctr = CTR::new().expect("Failed to create CTR"); +/// ctr.init(&key, &iv).expect("Error with init()"); +/// let mut outbuf: [u8; 64] = [0; 64]; +/// ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); +/// assert_eq!(outbuf, cipher); +/// ctr.init(&key, &iv).expect("Error with init()"); +/// let mut plain: [u8; 64] = [0; 64]; +/// ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); +/// assert_eq!(plain, msg); +/// } +/// ``` +#[cfg(aes_ctr)] +pub struct CTR { + ws_aes: sys::Aes, +} +#[cfg(aes_ctr)] +impl CTR { + /// Create a new `CTR` instance. + /// + /// # Returns + /// + /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `CTR` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(CTR) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let ctr = CTR {ws_aes}; + Ok(ctr) + } + + /// Initialize a CTR instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt()` or `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. The + /// IV must be 16 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + if iv.len() != AES_BLOCK_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesSetKeyDirect(&mut self.ws_aes, key.as_ptr(), key_size, + iv.as_ptr(), sys::AES_ENCRYPTION as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + fn encrypt_decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesCtrEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + self.encrypt_decrypt(din, dout) + } + + /// Decrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + self.encrypt_decrypt(din, dout) + } +} +#[cfg(aes_ctr)] +impl Drop for CTR { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Encrypt-Then-Authenticate-Then-Translate (EAX) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_eax)] +/// { +/// use wolfssl_wolfcrypt::aes::EAX; +/// let key: [u8; 16] = [ +/// 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +/// 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +/// ]; +/// let nonce: [u8; 16] = [ +/// 0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, +/// 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2 +/// ]; +/// let auth: &[u8] = &[]; +/// let msg: [u8; 32] = [ +/// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +/// 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +/// 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, +/// 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 +/// ]; +/// let expected_cipher: [u8; 32] = [ +/// 0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, +/// 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, +/// 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, +/// 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68 +/// ]; +/// let expected_auth_tag: [u8; 16] = [ +/// 0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, +/// 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e +/// ]; +/// let mut cipher: [u8; 32] = [0; 32]; +/// let mut auth_tag: [u8; 16] = [0; 16]; +/// EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()"); +/// assert_eq!(cipher, expected_cipher); +/// assert_eq!(auth_tag, expected_auth_tag); +/// let mut plain: [u8; 32] = [0; 32]; +/// EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()"); +/// assert_eq!(plain, msg); +/// } +/// ``` +#[cfg(aes_eax)] +pub struct EAX { +} +#[cfg(aes_eax)] +impl EAX { + /// Encrypt data. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `key`: Encryption key to use. The key size must be 16, 24, or 32 + /// bytes. + /// * `nonce`: Nonce (number used once). + /// * `auth`: Authentication data input. + /// * `auth_tag`: Buffer in which to store the authentication tag. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], + auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let key_size = key.len() as u32; + let nonce_size = nonce.len() as u32; + let auth_size = auth.len() as u32; + let auth_tag_size = auth_tag.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesEaxEncryptAuth(key.as_ptr(), key_size, out_ptr, + in_ptr, in_size, nonce.as_ptr(), nonce_size, + auth_tag.as_mut_ptr(), auth_tag_size, auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `key`: Decryption key to use. The key size must be 16, 24, or 32 + /// bytes. + /// * `nonce`: Nonce (number used once). + /// * `auth`: Authentication data input. + /// * `auth_tag`: Authentication tag input to verify. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(din: &[I], dout: &mut [O], key: &[u8], nonce: &[u8], + auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let key_size = key.len() as u32; + let nonce_size = nonce.len() as u32; + let auth_size = auth.len() as u32; + let auth_tag_size = auth_tag.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesEaxDecryptAuth(key.as_ptr(), key_size, out_ptr, + in_ptr, in_size, nonce.as_ptr(), nonce_size, + auth_tag.as_ptr(), auth_tag_size, auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +/// AES Electronic CodeBook (ECB) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_ecb)] +/// { +/// use wolfssl_wolfcrypt::aes::ECB; +/// let mut ecb = ECB::new().expect("Failed to create ECB"); +/// let key_128: &[u8; 16] = b"0123456789abcdef"; +/// let msg: [u8; 16] = [ +/// 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, +/// 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 +/// ]; +/// let verify_ecb_128: [u8; 16] = [ +/// 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, +/// 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 +/// ]; +/// ecb.init_encrypt(key_128).expect("Error with init_encrypt()"); +/// let mut outbuf: [u8; 16] = [0; 16]; +/// ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); +/// assert_eq!(&outbuf, &verify_ecb_128); +/// outbuf = [0; 16]; +/// ecb.init_decrypt(key_128).expect("Error with init_decrypt()"); +/// ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()"); +/// assert_eq!(&outbuf, &msg); +/// } +/// ``` +#[cfg(aes_ecb)] +pub struct ECB { + ws_aes: sys::Aes, +} +#[cfg(aes_ecb)] +impl ECB { + /// Create a new `ECB` instance. + /// + /// # Returns + /// + /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `ECB` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(ECB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let ecb = ECB {ws_aes}; + Ok(ecb) + } + + fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), key_size, + core::ptr::null(), dir) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Initialize a ECB instance for encryption. + /// + /// This method must be called before calling `encrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> { + self.init(key, sys::AES_ENCRYPTION as i32) + } + + /// Initialize a ECB instance for decryption. + /// + /// This method must be called before calling `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the decryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> { + self.init(key, sys::AES_DECRYPTION as i32) + } + + /// Encrypt data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. The size of the data must be a multiple of + /// 16 bytes. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesEcbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. The size of the data must be a multiple of + /// 16 bytes. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesEcbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_ecb)] +impl Drop for ECB { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Galois/Counter Mode (GCM) mode (one shot functionality). +/// +/// This struct provides one-shot encryption and decryption functionality. +/// For streaming/chunking functionality, see the `GCMStream` struct instead. +/// +/// # Example +/// ```rust +/// #[cfg(aes_gcm)] +/// { +/// use wolfssl_wolfcrypt::aes::GCM; +/// let key: [u8; 16] = [ +/// 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, +/// 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc +/// ]; +/// let iv: [u8; 12] = [ +/// 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, +/// 0xe4, 0xed, 0x2f, 0x6d +/// ]; +/// let plain: [u8; 32] = [ +/// 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, +/// 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, +/// 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, +/// 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 +/// ]; +/// let auth: [u8; 16] = [ +/// 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, +/// 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 +/// ]; +/// let expected_cipher: [u8; 32] = [ +/// 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, +/// 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, +/// 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, +/// 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb +/// ]; +/// let expected_auth_tag: [u8; 16] = [ +/// 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, +/// 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 +/// ]; +/// let mut gcm = GCM::new().expect("Failed to create GCM"); +/// gcm.init(&key).expect("Error with init()"); +/// let mut cipher: [u8; 32] = [0; 32]; +/// let mut auth_tag: [u8; 16] = [0; 16]; +/// gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()"); +/// assert_eq!(cipher, expected_cipher); +/// assert_eq!(auth_tag, expected_auth_tag); +/// let mut plain_out: [u8; 32] = [0; 32]; +/// gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()"); +/// assert_eq!(plain_out, plain); +/// } +/// ``` +#[cfg(aes_gcm)] +pub struct GCM { + ws_aes: sys::Aes, +} +#[cfg(aes_gcm)] +impl GCM { + /// Create a new `GCM` instance. + /// + /// # Returns + /// + /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `GCM` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(GCM) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let gcm = GCM {ws_aes}; + Ok(gcm) + } + + /// Initialize a GCM instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt()` or `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesGcmSetKey(&mut self.ws_aes, key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `iv`: Initialization vector to use for the encryption operation. + /// * `auth`: Authentication data input. + /// * `auth_tag`: Buffer in which to store the authentication tag. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], + auth: &[u8], auth_tag: &mut [u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let iv_size = iv.len() as u32; + let auth_size = auth.len() as u32; + let auth_tag_size = auth_tag.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesGcmEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size, + iv.as_ptr(), iv_size, auth_tag.as_mut_ptr(), auth_tag_size, + auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `iv`: Initialization vector to use for the decryption operation. + /// * `auth`: Authentication data input. + /// * `auth_tag`: Authentication tag input to verify. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O], iv: &[u8], + auth: &[u8], auth_tag: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let iv_size = iv.len() as u32; + let auth_size = auth.len() as u32; + let auth_tag_size = auth_tag.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesGcmDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size, + iv.as_ptr(), iv_size, auth_tag.as_ptr(), auth_tag_size, + auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_gcm)] +impl Drop for GCM { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Galois/Counter Mode (GCM) mode (streaming functionality). +/// +/// This struct provides streaming/chunking encryption and decryption +/// functionality. For one-shot functionality, see the `GCM` struct instead. +/// +/// # Example +/// ```rust +/// #[cfg(aes_gcm_stream)] +/// { +/// use wolfssl_wolfcrypt::aes::GCMStream; +/// let plain: [u8; 60] = [ +/// 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, +/// 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, +/// 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, +/// 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, +/// 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, +/// 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, +/// 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, +/// 0xba, 0x63, 0x7b, 0x39 +/// ]; +/// let auth: [u8; 20] = [ +/// 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, +/// 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, +/// 0xab, 0xad, 0xda, 0xd2 +/// ]; +/// let key: [u8; 32] = [ +/// 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, +/// 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, +/// 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, +/// 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 +/// ]; +/// let iv: [u8; 12] = [ +/// 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, +/// 0xde, 0xca, 0xf8, 0x88 +/// ]; +/// let expected_cipher: [u8; 60] = [ +/// 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, +/// 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, +/// 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, +/// 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, +/// 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, +/// 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, +/// 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, +/// 0xbc, 0xc9, 0xf6, 0x62 +/// ]; +/// let expected_auth_tag: [u8; 16] = [ +/// 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, +/// 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b +/// ]; +/// let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream"); +/// for chunk_size in 1..=auth.len() { +/// gcmstream.init(&key, &iv).expect("Error with init()"); +/// let mut cipher: [u8; 60] = [0; 60]; +/// let mut i = 0; +/// while i < auth.len() { +/// let mut end = i + chunk_size; +/// if end > auth.len() { +/// end = auth.len() +/// } +/// gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()"); +/// i += chunk_size; +/// } +/// i = 0; +/// while i < plain.len() { +/// let mut end = i + chunk_size; +/// if end > plain.len() { +/// end = plain.len() +/// } +/// gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()"); +/// i += chunk_size; +/// } +/// let mut auth_tag: [u8; 16] = [0; 16]; +/// gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()"); +/// assert_eq!(cipher, expected_cipher); +/// assert_eq!(auth_tag, expected_auth_tag); +/// } +/// } +/// ``` +#[cfg(aes_gcm_stream)] +pub struct GCMStream { + ws_aes: sys::Aes, +} +#[cfg(aes_gcm_stream)] +impl GCMStream { + /// Create a new `GCMStream` instance. + /// + /// # Returns + /// + /// A Result which is Ok(GCMStream) on success or an Err containing the + /// wolfSSL library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `GCMStream` instance with heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(GCMStream) on success or an Err containing the + /// wolfSSL library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let gcmstream = GCMStream {ws_aes}; + Ok(gcmstream) + } + + /// Initialize a GCMStream instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt_update()`, + /// `encrypt_final()`, `decrypt_update()`, or `decrypt_final()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let iv_size = iv.len() as u32; + let rc = unsafe { + sys::wc_AesGcmInit(&mut self.ws_aes, key.as_ptr(), key_size, + iv.as_ptr(), iv_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add a chunk of data to encrypt or authentication data. + /// + /// All authentication data must be passed in to update before the + /// plaintext to encrypt. The last part of the authentication data can be + /// passed in with the same call as the first part of the plaintext data. + /// + /// The `init()` method must be called before calling this method. + /// The `encrypt_final()` method must be called to finalize the encryption + /// operation and retrieve the calculated authentication tag. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `auth`: Authentication data input. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O], + auth: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let auth_size = auth.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesGcmEncryptUpdate(&mut self.ws_aes, out_ptr, + in_ptr, in_size, auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize encryption. + /// + /// The `init()` method must be called before calling this method. + /// The `encrypt_update()` method must be called one or more times before + /// calling this method to supply authentication data and plaintext input + /// for encryption. + /// + /// # Parameters + /// + /// * `auth_tag`: Buffer in which to store the authentication tag. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_final(&mut self, auth_tag: &mut [u8]) -> Result<(), i32> { + let auth_tag_size = auth_tag.len() as u32; + let rc = unsafe { + sys::wc_AesGcmEncryptFinal(&mut self.ws_aes, + auth_tag.as_mut_ptr(), auth_tag_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add a chunk of data to decrypt or authentication data. + /// + /// All authentication data must be passed in to update before the + /// ciphertext to decrypt. The last part of the authentication data can be + /// passed in with the same call as the first part of the ciphertext data. + /// + /// The `init()` method must be called before calling this method. + /// The `decrypt_final()` method must be called to finalize the decryption + /// operation and verify the authentication tag. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `auth`: Authentication data input. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O], + auth: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let auth_size = auth.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesGcmDecryptUpdate(&mut self.ws_aes, out_ptr, + in_ptr, in_size, auth.as_ptr(), auth_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize decryption. + /// + /// The `init()` method must be called before calling this method. + /// The `decrypt_update()` method must be called one or more times before + /// calling this method to supply authentication data and ciphertext input + /// for decryption. + /// + /// # Parameters + /// + /// * `auth_tag`: Authentication tag input to verify. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_final(&mut self, auth_tag: &[u8]) -> Result<(), i32> { + let auth_tag_size = auth_tag.len() as u32; + let rc = unsafe { + sys::wc_AesGcmDecryptFinal(&mut self.ws_aes, + auth_tag.as_ptr(), auth_tag_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_gcm_stream)] +impl Drop for GCMStream { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES Output FeedBack (OFB) mode. +/// +/// # Example +/// ```rust +/// #[cfg(aes_ofb)] +/// { +/// use wolfssl_wolfcrypt::aes::OFB; +/// let key: [u8; 32] = [ +/// 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, +/// 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, +/// 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, +/// 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 +/// ]; +/// let iv: [u8; 16] = [ +/// 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, +/// 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f +/// ]; +/// let plain: [u8; 48] = [ +/// 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, +/// 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, +/// 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, +/// 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, +/// 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, +/// 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c +/// ]; +/// let expected_cipher: [u8; 48] = [ +/// 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, +/// 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, +/// 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, +/// 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, +/// 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, +/// 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 +/// ]; +/// let mut ofb = OFB::new().expect("Failed to create OFB"); +/// ofb.init(&key, &iv).expect("Error with init()"); +/// let mut cipher: [u8; 48] = [0; 48]; +/// ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()"); +/// assert_eq!(cipher, expected_cipher); +/// ofb.init(&key, &iv).expect("Error with init()"); +/// let mut plain_out: [u8; 48] = [0; 48]; +/// #[cfg(aes_decrypt)] +/// { +/// ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); +/// assert_eq!(plain_out, plain); +/// } +/// } +/// ``` +#[cfg(aes_ofb)] +pub struct OFB { + ws_aes: sys::Aes, +} +#[cfg(aes_ofb)] +impl OFB { + /// Create a new `OFB` instance. + /// + /// # Returns + /// + /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `OFB` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(OFB) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_aes = new_ws_aes(heap, dev_id)?; + let ofb = OFB {ws_aes}; + Ok(ofb) + } + + /// Initialize a OFB instance for encryption or decryption. + /// + /// This method must be called before calling `encrypt()` or `decrypt()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `iv`: A slice containing the initialization vector (IV) to use. The + /// IV must be 16 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init(&mut self, key: &[u8], iv: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + if iv.len() != AES_BLOCK_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesSetKey(&mut self.ws_aes, key.as_ptr(), + key_size, iv.as_ptr(), sys::AES_ENCRYPTION as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesOfbEncrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + #[cfg(aes_decrypt)] + pub fn decrypt(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesOfbDecrypt(&mut self.ws_aes, out_ptr, in_ptr, in_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_ofb)] +impl Drop for OFB { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesFree(&mut self.ws_aes); } + } +} + +/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support +/// (one shot functionality). +/// +/// This struct provides one-shot encryption and decryption functionality. +/// For streaming/chunking functionality, see the `XTSStream` struct instead. +/// +/// # Example +/// ```rust +/// #[cfg(aes_xts)] +/// { +/// use wolfssl_wolfcrypt::aes::XTS; +/// let key: [u8; 32] = [ +/// 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, +/// 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, +/// 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, +/// 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f +/// ]; +/// let tweak: [u8; 16] = [ +/// 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, +/// 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 +/// ]; +/// let plain: [u8; 16] = [ +/// 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, +/// 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c +/// ]; +/// let expected_cipher: [u8; 16] = [ +/// 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, +/// 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 +/// ]; +/// let partial: [u8; 24] = [ +/// 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, +/// 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, +/// 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 +/// ]; +/// let expected_partial_cipher: [u8; 24] = [ +/// 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b, +/// 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b, +/// 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a +/// ]; +/// +/// let mut xts = XTS::new().expect("Failed to create XTS"); +/// xts.init_encrypt(&key).expect("Error with init_encrypt()"); +/// let mut cipher: [u8; 16] = [0; 16]; +/// xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()"); +/// assert_eq!(cipher, expected_cipher); +/// xts.init_decrypt(&key).expect("Error with init_decrypt()"); +/// let mut plain_out: [u8; 16] = [0; 16]; +/// xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()"); +/// assert_eq!(plain_out, plain); +/// +/// xts.init_encrypt(&key).expect("Error with init_encrypt()"); +/// let mut partial_cipher: [u8; 24] = [0; 24]; +/// xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()"); +/// assert_eq!(partial_cipher, expected_partial_cipher); +/// xts.init_decrypt(&key).expect("Error with init_decrypt()"); +/// let mut partial_out: [u8; 24] = [0; 24]; +/// xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()"); +/// assert_eq!(partial_out, partial); +/// } +/// ``` +#[cfg(aes_xts)] +pub struct XTS { + ws_xtsaes: sys::XtsAes, +} +#[cfg(aes_xts)] +impl XTS { + /// Create a new `XTS` instance. + /// + /// # Returns + /// + /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `XTS` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(XTS) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?; + let xts = XTS {ws_xtsaes}; + Ok(xts) + } + + fn init(&mut self, key: &[u8], dir: i32) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, + key.as_ptr(), key_size, dir) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Initialize a XTS instance for encryption. + /// + /// This method must be called before calling any encryption methods. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_encrypt(&mut self, key: &[u8]) -> Result<(), i32> { + self.init(key, sys::AES_ENCRYPTION as i32) + } + + /// Initialize a XTS instance for decryption. + /// + /// This method must be called before calling any decryption methods. + /// + /// # Parameters + /// + /// * `key`: A slice containing the decryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_decrypt(&mut self, key: &[u8]) -> Result<(), i32> { + self.init(key, sys::AES_DECRYPTION as i32) + } + + /// Encrypt data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `tweak`: Tweak value to use for the encryption operation. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let tweak_size = tweak.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsEncrypt(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, tweak.as_ptr(), tweak_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt a sector of data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// + /// This method is the same as `encrypt()` except that a sector number is + /// taken instead of a tweak buffer. Internally the sector number is + /// expanded into the tweak value to use. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `sector`: Sector number to use for encryption operation. This value + /// is expanded into a tweak value. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsEncryptSector(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, sector) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt consecutive sectors of data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// + /// This method is the same as `encrypt_sector()` except that the sector + /// number is automatically incremented every `sector_size` bytes. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `sector`: Sector number to use for encryption operation. This value + /// is expanded into a tweak value. + /// * `sector_size`: Sector size. The `sector` value is internally + /// incremented every `sector_size` bytes. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], + sector: u64, sector_size: u32) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsEncryptConsecutiveSectors(&mut self.ws_xtsaes, + out_ptr, in_ptr, in_size, sector, sector_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `tweak`: Tweak value to use for the decryption operation. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt(&mut self, din: &[I], dout: &mut [O], tweak: &[u8]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + let tweak_size = tweak.len() as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsDecrypt(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, tweak.as_ptr(), tweak_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt a sector of data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// + /// This method is the same as `decrypt()` except that a sector number is + /// taken instead of a tweak buffer. Internally the sector number is + /// expanded into the tweak value to use. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `sector`: Sector number to use for decryption operation. This value + /// is expanded into a tweak value. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_sector(&mut self, din: &[I], dout: &mut [O], sector: u64) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsDecryptSector(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, sector) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt consecutive sectors of data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// + /// This method is the same as `decrypt_sector()` except that the sector + /// number is automatically incremented every `sector_size` bytes. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// * `sector`: Sector number to use for decryption operation. This value + /// is expanded into a tweak value. + /// * `sector_size`: Sector size. The `sector` value is internally + /// incremented every `sector_size` bytes. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_consecutive_sectors(&mut self, din: &[I], dout: &mut [O], + sector: u64, sector_size: u32) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_mut_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsDecryptConsecutiveSectors(&mut self.ws_xtsaes, + out_ptr, in_ptr, in_size, sector, sector_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_xts)] +impl Drop for XTS { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); } + } +} + +/// AES XEX-based Tweaked-Codebook Mode With Ciphertext Stealing (XTS) support +/// (streaming functionality). +/// +/// This struct provides streaming/chunking encryption and decryption +/// functionality. For one-shot functionality, see the `XTS` struct instead. +/// +/// # Example +/// ```rust +/// #[cfg(aes_xts_stream)] +/// { +/// use wolfssl_wolfcrypt::aes::XTSStream; +/// let keys: [u8; 32] = [ +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// ]; +/// let tweak: [u8; 16] = [ +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// ]; +/// let plain: [u8; 40] = [ +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, +/// 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 +/// ]; +/// let expected_cipher: [u8; 40] = [ +/// 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, +/// 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, +/// 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, +/// 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, +/// 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD +/// ]; +/// +/// let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); +/// xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()"); +/// let mut cipher: [u8; 40] = [0; 40]; +/// xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()"); +/// xtsstream.encrypt_final(&plain[16..40], &mut cipher[16..40]).expect("Error with encrypt_final()"); +/// assert_eq!(cipher, expected_cipher); +/// +/// xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()"); +/// let mut plain_out: [u8; 40] = [0; 40]; +/// xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()"); +/// xtsstream.decrypt_final(&cipher[16..40], &mut plain_out[16..40]).expect("Error with decrypt_final()"); +/// assert_eq!(plain_out, plain); +/// } +/// ``` +#[cfg(aes_xts_stream)] +pub struct XTSStream { + ws_xtsaes: sys::XtsAes, + ws_xtsaesstreamdata: sys::XtsAesStreamData, +} +#[cfg(aes_xts_stream)] +impl XTSStream { + /// Create a new `XTSStream` instance. + /// + /// # Returns + /// + /// A Result which is Ok(XTSStream) on success or an Err containing the + /// wolfSSL library return code on failure. + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create a new `XTSStream` instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(XTSStream) on success or an Err containing the + /// wolfSSL library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let ws_xtsaes = new_ws_xtsaes(heap, dev_id)?; + let ws_xtsaesstreamdata: MaybeUninit = MaybeUninit::uninit(); + let ws_xtsaesstreamdata = unsafe { ws_xtsaesstreamdata.assume_init() }; + let xtsstream = XTSStream {ws_xtsaes, ws_xtsaesstreamdata}; + Ok(xtsstream) + } + + /// Initialize a XTSStream instance for encryption. + /// + /// This method must be called before calling `encrypt_update()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the encryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `tweak`: Tweak value to use for the encryption operation. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_encrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, + key.as_ptr(), key_size, sys::AES_ENCRYPTION as i32) + }; + if rc != 0 { + return Err(rc); + } + let tweak_size = tweak.len() as u32; + let rc = unsafe { + sys::wc_AesXtsEncryptInit(&mut self.ws_xtsaes, + tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Initialize a XTSStream instance for decryption. + /// + /// This method must be called before calling `decrypt_update()`. + /// + /// # Parameters + /// + /// * `key`: A slice containing the decryption key to use. The key must be + /// 16, 24, or 32 bytes in length. + /// * `tweak`: Tweak value to use for the decryption operation. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn init_decrypt(&mut self, key: &[u8], tweak: &[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_AesXtsSetKeyNoInit(&mut self.ws_xtsaes, + key.as_ptr(), key_size, sys::AES_DECRYPTION as i32) + }; + if rc != 0 { + return Err(rc); + } + let tweak_size = tweak.len() as u32; + let rc = unsafe { + sys::wc_AesXtsDecryptInit(&mut self.ws_xtsaes, + tweak.as_ptr(), tweak_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add a chunk of data to encrypt. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// The `encrypt_final()` method must be called to finalize the encryption + /// operation. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. The size of the data must be a multiple of + /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes + /// can be passed in to `encrypt_final()`. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsEncryptUpdate(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt the final chunk of data. + /// + /// The `init_encrypt()` method must be called before calling this method. + /// The `encrypt_update()` method may be called prior to this to encrypt + /// blocks of data in chunks. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. The size of the data must be 0 or at least + /// 16 bytes. It does not need to be a multiple of 16 bytes. + /// * `dout`: Buffer in which to store the encrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn encrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsEncryptFinal(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add a chunk of data to decrypt. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// The `decrypt_final()` method must be called to finalize the decryption + /// operation. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. The size of the data must be a multiple of + /// 16 bytes. A final chunk of data that is not a multiple of 16 bytes + /// can be passed in to `decrypt_final()`. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_update(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsDecryptUpdate(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt the final chunk of data. + /// + /// The `init_decrypt()` method must be called before calling this method. + /// The `decrypt_update()` method may be called prior to this to decrypt + /// blocks of data in chunks. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. The size of the data must be 0 or at least + /// 16 bytes. It does not need to be a multiple of 16 bytes. + /// * `dout`: Buffer in which to store the decrypted data. The size of + /// the buffer must match that of the `din` buffer. + /// + /// # Returns + /// + /// A Result which is Ok(()) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn decrypt_final(&mut self, din: &[I], dout: &mut [O]) -> Result<(), i32> { + let in_ptr = din.as_ptr() as *const u8; + let in_size = size_of_val(din) as u32; + let out_ptr = dout.as_ptr() as *mut u8; + let out_size = size_of_val(dout) as u32; + if in_size != out_size { + return Err(sys::wolfCrypt_ErrorCodes_BAD_FUNC_ARG); + } + let rc = unsafe { + sys::wc_AesXtsDecryptFinal(&mut self.ws_xtsaes, out_ptr, + in_ptr, in_size, &mut self.ws_xtsaesstreamdata) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} +#[cfg(aes_xts_stream)] +impl Drop for XTSStream { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_AesXtsFree(&mut self.ws_xtsaes); } + } +} + +fn new_ws_aes(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let mut ws_aes: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_AesInit(ws_aes.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let ws_aes = unsafe { ws_aes.assume_init() }; + Ok(ws_aes) +} + +#[cfg(any(aes_xts, aes_xts_stream))] +fn new_ws_xtsaes(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let mut ws_xtsaes: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_AesXtsInit(ws_xtsaes.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let ws_xtsaes = unsafe { ws_xtsaes.assume_init() }; + Ok(ws_xtsaes) +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/blake2.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,582 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's BLAKE2 +functionality. +*/ + +#![cfg(any(blake2b, blake2s))] + +use crate::sys; +use core::mem::MaybeUninit; + +/// Context for BLAKE2b computation. +#[cfg(blake2b)] +pub struct BLAKE2b { + wc_blake2b: sys::Blake2b, +} + +#[cfg(blake2b)] +impl BLAKE2b { + /// Build a new BLAKE2b instance. + /// + /// # Parameters + /// + /// * `digest_size`: Length of the blake 2 digest to implement. + /// + /// # Returns + /// + /// Returns either Ok(blake2b) containing the BLAKE2b struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2b; + /// let blake2b = BLAKE2b::new(64).expect("Error with new()"); + /// ``` + pub fn new(digest_size: usize) -> Result { + let digest_size = digest_size as u32; + let mut wc_blake2b: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_InitBlake2b(wc_blake2b.as_mut_ptr(), digest_size) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2b = unsafe { wc_blake2b.assume_init() }; + let blake2b = BLAKE2b { wc_blake2b }; + Ok(blake2b) + } + + /// Build a new BLAKE2b instance. + /// + /// # Parameters + /// + /// * `digest_size`: Length of the blake 2 digest to implement. + /// * `key`: Key to use for BLAKE2b operation. + /// + /// # Returns + /// + /// Returns either Ok(blake2b) containing the BLAKE2b struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2b; + /// let key = [42u8; 32]; + /// let blake2b = BLAKE2b::new_with_key(64, &key).expect("Error with new()"); + /// ``` + pub fn new_with_key(digest_size: usize, key: &[u8]) -> Result { + let digest_size = digest_size as u32; + let mut wc_blake2b: MaybeUninit = MaybeUninit::uninit(); + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_InitBlake2b_WithKey(wc_blake2b.as_mut_ptr(), digest_size, + key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2b = unsafe { wc_blake2b.assume_init() }; + let blake2b = BLAKE2b { wc_blake2b }; + Ok(blake2b) + } + + /// Update the BLAKE2b hash with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final hash. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2b; + /// let mut blake2b = BLAKE2b::new(64).expect("Error with new()"); + /// blake2b.update(&[0u8; 16]).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Blake2bUpdate(&mut self.wc_blake2b, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final BLAKE2b hash value. + /// + /// # Parameters + /// + /// * `hash`: Output buffer in which to store the computed BLAKE2b hash + /// value. It can be any length. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2b; + /// let mut blake2b = BLAKE2b::new(64).expect("Error with new()"); + /// blake2b.update(&[0u8; 16]).expect("Error with update()"); + /// let mut hash = [0u8; 64]; + /// blake2b.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + let hash_size = hash.len() as u32; + let rc = unsafe { + sys::wc_Blake2bFinal(&mut self.wc_blake2b, hash.as_mut_ptr(), hash_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + + +/// Context for HMAC-BLAKE2b computation. +#[cfg(blake2b_hmac)] +pub struct BLAKE2bHmac { + wc_blake2b: sys::Blake2b, +} + +#[cfg(blake2b_hmac)] +impl BLAKE2bHmac { + /// HMAC-BLAKE2b digest size. + pub const DIGEST_SIZE: usize = sys::WC_BLAKE2B_DIGEST_SIZE as usize; + + /// Build a new BLAKE2bHmac instance. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2b computation. + /// + /// # Returns + /// + /// Returns either Ok(hmac_blake2b) or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// ``` + pub fn new(key: &[u8]) -> Result { + let mut wc_blake2b: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_Blake2bHmacInit(wc_blake2b.as_mut_ptr(), key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2b = unsafe { wc_blake2b.assume_init() }; + let hmac_blake2b = BLAKE2bHmac { wc_blake2b }; + Ok(hmac_blake2b) + } + + /// Update the HMAC-BLAKE2b computation with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final MAC. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2b.update(&data).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmacUpdate(&mut self.wc_blake2b, data.as_ptr(), data.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final HMAC-BLAKE2b MAC. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2b computation. + /// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2b MAC. + /// It must be 64 bytes long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2bHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2b = BLAKE2bHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2b.update(&data).expect("Error with update()"); + /// let mut mac = [0u8; 64]; + /// hmac_blake2b.finalize(&key, &mut mac).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmacFinal(&mut self.wc_blake2b, + key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the HMAC-BLAKE2b message authentication code of the given + /// input data using the given key (one-shot API). + /// + /// # Parameters + /// + /// * `data`: Input data to create MAC from. + /// * `key`: Key to use for MAC creation. + /// * `out`: Buffer in which to store the computed MAC. It must be 64 bytes + /// long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2bHmac(data.as_ptr(), data.len(), key.as_ptr(), + key.len(), out.as_mut_ptr(), out.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + + +/// Context for BLAKE2s computation. +#[cfg(blake2s)] +pub struct BLAKE2s { + wc_blake2s: sys::Blake2s, +} + +#[cfg(blake2s)] +impl BLAKE2s { + /// Build a new BLAKE2s instance. + /// + /// # Parameters + /// + /// * `digest_size`: Length of the blake 2 digest to implement. + /// + /// # Returns + /// + /// Returns either Ok(blake2s) containing the BLAKE2s struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2s; + /// let blake2s = BLAKE2s::new(32).expect("Error with new()"); + /// ``` + pub fn new(digest_size: usize) -> Result { + let digest_size = digest_size as u32; + let mut wc_blake2s: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_InitBlake2s(wc_blake2s.as_mut_ptr(), digest_size) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2s = unsafe { wc_blake2s.assume_init() }; + let blake2s = BLAKE2s { wc_blake2s }; + Ok(blake2s) + } + + /// Build a new BLAKE2s instance. + /// + /// # Parameters + /// + /// * `digest_size`: Length of the blake 2 digest to implement. + /// * `key`: Key to use for BLAKE2s operation. + /// + /// # Returns + /// + /// Returns either Ok(blake2s) containing the BLAKE2s struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2s; + /// let key = [42u8; 32]; + /// let blake2s = BLAKE2s::new_with_key(32, &key).expect("Error with new()"); + /// ``` + pub fn new_with_key(digest_size: usize, key: &[u8]) -> Result { + let digest_size = digest_size as u32; + let mut wc_blake2s: MaybeUninit = MaybeUninit::uninit(); + let key_size = key.len() as u32; + let rc = unsafe { + sys::wc_InitBlake2s_WithKey(wc_blake2s.as_mut_ptr(), digest_size, + key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2s = unsafe { wc_blake2s.assume_init() }; + let blake2s = BLAKE2s { wc_blake2s }; + Ok(blake2s) + } + + /// Update the BLAKE2s hash with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final hash. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2s; + /// let mut blake2s = BLAKE2s::new(32).expect("Error with new()"); + /// blake2s.update(&[0u8; 16]).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Blake2sUpdate(&mut self.wc_blake2s, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final BLAKE2s hash value. + /// + /// # Parameters + /// + /// * `hash`: Output buffer in which to store the computed BLAKE2s hash + /// value. It can be any length. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2s; + /// let mut blake2s = BLAKE2s::new(32).expect("Error with new()"); + /// blake2s.update(&[0u8; 16]).expect("Error with update()"); + /// let mut hash = [0u8; 32]; + /// blake2s.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + let hash_size = hash.len() as u32; + let rc = unsafe { + sys::wc_Blake2sFinal(&mut self.wc_blake2s, hash.as_mut_ptr(), hash_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + + +/// Context for HMAC-BLAKE2s computation. +#[cfg(blake2s_hmac)] +pub struct BLAKE2sHmac { + wc_blake2s: sys::Blake2s, +} + +#[cfg(blake2s_hmac)] +impl BLAKE2sHmac { + /// HMAC-BLAKE2s digest size. + pub const DIGEST_SIZE: usize = sys::WC_BLAKE2S_DIGEST_SIZE as usize; + + /// Build a new BLAKE2sHmac instance. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2s computation. + /// + /// # Returns + /// + /// Returns either Ok(hmac_blake2s) or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// ``` + pub fn new(key: &[u8]) -> Result { + let mut wc_blake2s: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_Blake2sHmacInit(wc_blake2s.as_mut_ptr(), key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + let wc_blake2s = unsafe { wc_blake2s.assume_init() }; + let hmac_blake2s = BLAKE2sHmac { wc_blake2s }; + Ok(hmac_blake2s) + } + + /// Update the HMAC-BLAKE2s computation with the input data. + /// + /// This method may be called several times and then the finalize() + /// method should be called to retrieve the final MAC. + /// + /// # Parameters + /// + /// * `data`: Input data to hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2s.update(&data).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmacUpdate(&mut self.wc_blake2s, data.as_ptr(), data.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute and retrieve the final HMAC-BLAKE2s MAC. + /// + /// # Parameters + /// + /// * `key`: Key to use for HMAC-BLAKE2s computation. + /// * `mac`: Output buffer in which to store the computed HMAC-BLAKE2s MAC. + /// It must be 32 bytes long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::blake2::BLAKE2sHmac; + /// let key = [42u8, 43, 44]; + /// let mut hmac_blake2s = BLAKE2sHmac::new(&key).expect("Error with new()"); + /// let data = [33u8, 34, 35]; + /// hmac_blake2s.update(&data).expect("Error with update()"); + /// let mut mac = [0u8; 32]; + /// hmac_blake2s.finalize(&key, &mut mac).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, key: &[u8], mac: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmacFinal(&mut self.wc_blake2s, + key.as_ptr(), key.len(), mac.as_mut_ptr(), mac.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the HMAC-BLAKE2s message authentication code of the given + /// input data using the given key (one-shot API). + /// + /// # Parameters + /// + /// * `data`: Input data to create MAC from. + /// * `key`: Key to use for MAC creation. + /// * `out`: Buffer in which to store the computed MAC. It must be 32 bytes + /// long. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn hmac(data: &[u8], key: &[u8], out: &mut [u8; Self::DIGEST_SIZE]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_Blake2sHmac(data.as_ptr(), data.len(), key.as_ptr(), + key.len(), out.as_mut_ptr(), out.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/chacha20_poly1305.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,342 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's +ChaCha20-Poly1305 functionality. +*/ + +#![cfg(chacha20_poly1305)] + +use crate::sys; +use core::mem::MaybeUninit; + +pub struct ChaCha20Poly1305 { + wc_ccp: sys::ChaChaPoly_Aead, +} + +impl ChaCha20Poly1305 { + /// Key size for ChaCha20-Poly1305 stream cipher. + pub const KEYSIZE: usize = sys::CHACHA20_POLY1305_AEAD_KEYSIZE as usize; + /// IV size for ChaCha20-Poly1305 stream cipher. + pub const IV_SIZE: usize = sys::CHACHA20_POLY1305_AEAD_IV_SIZE as usize; + /// Authentication tag size for ChaCha20-Poly1305 stream cipher. + pub const AUTH_TAG_SIZE: usize = sys::CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE as usize; + + /// Decrypt an input message from `ciphertext` using the ChaCha20 stream + /// cipher into the `plaintext` output buffer. It also performs Poly-1305 + /// authentication, comparing the given `auth_tag` to an authentication + /// generated with the `aad` (additional authentication data). If Err is + /// returned, the output data, `plaintext` is undefined. However, callers + /// must unconditionally zeroize the output buffer to guard against + /// leakage of cleartext data. + /// + /// # Parameters + /// + /// * `key`: Encryption key (must be 32 bytes). + /// * `iv`: Initialization Vector (must be 12 bytes). + /// * `aad`: Additional authenticated data (can be any length). + /// * `ciphertext`: Input buffer containing encrypted cipher text. + /// * `auth_tag`: Input buffer containing authentication tag (must be 16 + /// bytes). + /// * `plaintext`: Output buffer containing decrypted plain text. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn decrypt(key: &[u8], iv: &[u8], aad: &[u8], ciphertext: &[u8], + auth_tag: &[u8], plaintext: &mut [u8]) -> Result<(), i32> { + if key.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if iv.len() != Self::IV_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if auth_tag.len() != Self::AUTH_TAG_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let aad_size = aad.len() as u32; + let ciphertext_size = ciphertext.len() as u32; + let rc = unsafe { + sys::wc_ChaCha20Poly1305_Decrypt(key.as_ptr(), iv.as_ptr(), + aad.as_ptr(), aad_size, ciphertext.as_ptr(), + ciphertext_size, auth_tag.as_ptr(), plaintext.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt an input message from `plaintext` using the ChaCha20 stream + /// cipher into the `ciphertext` output buffer performing Poly-1305 + /// authentication on the cipher text and storing the generated + /// authentication tag in the `auth_tag` output buffer. + /// + /// # Parameters + /// + /// * `key`: Encryption key (must be 32 bytes). + /// * `iv`: Initialization Vector (must be 12 bytes). + /// * `aad`: Additional authenticated data (can be any length). + /// * `plaintext`: Input plain text to encrypt. + /// * `ciphertext`: Output buffer for encrypted cipher text. + /// * `auth_tag`: Output buffer for authentication tag (must be 16 bytes). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn encrypt(key: &[u8], iv: &[u8], aad: &[u8], plaintext: &[u8], + ciphertext: &mut [u8], auth_tag: &mut [u8]) -> Result<(), i32> { + if key.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if iv.len() != Self::IV_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if auth_tag.len() != Self::AUTH_TAG_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let aad_size = aad.len() as u32; + let plaintext_size = plaintext.len() as u32; + let rc = unsafe { + sys::wc_ChaCha20Poly1305_Encrypt(key.as_ptr(), iv.as_ptr(), + aad.as_ptr(), aad_size, plaintext.as_ptr(), plaintext_size, + ciphertext.as_mut_ptr(), auth_tag.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Create a new ChaCha20Poly1305 instance. + /// + /// # Parameters + /// + /// * `key`: Encryption key (must be 32 bytes). + /// * `iv`: Initialization Vector (must be 12 bytes). + /// * `encrypt`: Whether the instance will be used to encrypt (true) or + /// decrypt (false). + /// + /// Returns either Ok(chacha20poly1305) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn new(key: &[u8], iv: &[u8], encrypt: bool) -> Result { + if key.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if iv.len() != Self::IV_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let mut wc_ccp: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_ChaCha20Poly1305_Init(wc_ccp.as_mut_ptr(), key.as_ptr(), + iv.as_ptr(), if encrypt {1} else {0}) + }; + if rc != 0 { + return Err(rc); + } + let wc_ccp = unsafe { wc_ccp.assume_init() }; + let chacha20poly1305 = ChaCha20Poly1305 { wc_ccp }; + Ok(chacha20poly1305) + } + + /// Update AAD (additional authenticated data). + /// + /// This function should be called before `update_data()`. + /// + /// # Parameters + /// + /// * `aad`: Additional authenticated data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn update_aad(&mut self, aad: &[u8]) -> Result<(), i32> { + let aad_size = aad.len() as u32; + let rc = unsafe { + sys::wc_ChaCha20Poly1305_UpdateAad(&mut self.wc_ccp, + aad.as_ptr(), aad_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update data (add additional input data to decrypt or encrypt). + /// + /// This function can be called multiple times. If AAD is used, the + /// `update_aad()` function must be called before this function. The + /// `finalize()` function should be called after adding all input data to + /// finalize the operation and compute the authentication tag. + /// + /// # Parameters + /// + /// * `din`: Additional input data to decrypt or encrypt. + /// * `dout`: Buffer in which to store output data (must be the same length + /// as the input buffer). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn update_data(&mut self, din: &[u8], dout: &mut [u8]) -> Result<(), i32> { + if din.len() != dout.len() { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let din_size = din.len() as u32; + let rc = unsafe { + sys::wc_ChaCha20Poly1305_UpdateData(&mut self.wc_ccp, + din.as_ptr(), dout.as_mut_ptr(), din_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the decrypt/encrypt operation. + /// + /// This function consumes the `ChaCha20Poly1305` instance. The + /// `update_data()` function must be called before calling this function to + /// add all input data. + /// + /// # Parameters + /// + /// * `auth_tag`: Output buffer for authentication tag (must be 16 bytes). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn finalize(mut self, auth_tag: &mut [u8]) -> Result<(), i32> { + if auth_tag.len() != Self::AUTH_TAG_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_ChaCha20Poly1305_Final(&mut self.wc_ccp, + auth_tag.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(xchacha20_poly1305)] +pub struct XChaCha20Poly1305 { +} + +#[cfg(xchacha20_poly1305)] +impl XChaCha20Poly1305 { + /// Key size for XChaCha20-Poly1305 stream cipher. + pub const KEYSIZE: usize = sys::CHACHA20_POLY1305_AEAD_KEYSIZE as usize; + /// IV size for XChaCha20-Poly1305 stream cipher. + pub const IV_SIZE: usize = sys::XCHACHA20_POLY1305_AEAD_NONCE_SIZE as usize; + /// Authentication tag size for XChaCha20-Poly1305 stream cipher. + pub const AUTH_TAG_SIZE: usize = sys::CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE as usize; + + /// Decrypt an input message from `ciphertext` using the XChaCha20 stream + /// cipher into the `plaintext` output buffer. It also performs Poly-1305 + /// authentication. The authentication tag is expected to be located in the + /// last 16 bytes of the `ciphertext` buffer. + /// If Err is returned, the output data, `plaintext` is undefined. + /// However, callers must unconditionally zeroize the output buffer to + /// guard against leakage of cleartext data. + /// + /// # Parameters + /// + /// * `key`: Encryption key (must be 32 bytes). + /// * `iv`: Initialization Vector (must be 24 bytes). + /// * `aad`: Additional authenticated data (can be any length). + /// * `ciphertext`: Input buffer containing encrypted cipher text. + /// * `plaintext`: Output buffer containing decrypted plain text. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn decrypt(key: &[u8], iv: &[u8], aad: &[u8], ciphertext: &[u8], + plaintext: &mut [u8]) -> Result<(), i32> { + if key.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if iv.len() != Self::IV_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_XChaCha20Poly1305_Decrypt( + plaintext.as_mut_ptr(), plaintext.len(), + ciphertext.as_ptr(), ciphertext.len(), + aad.as_ptr(), aad.len(), + iv.as_ptr(), iv.len(), + key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt an input message from `plaintext` using the XChaCha20 stream + /// cipher into the `ciphertext` output buffer performing Poly-1305 + /// authentication on the cipher text. + /// The authentication tag is stored in the last 16 bytes of the + /// `ciphertext` buffer, so the `ciphertext` buffer must be large enough + /// for both the cipher text and authentication tag. + /// + /// # Parameters + /// + /// * `key`: Encryption key (must be 32 bytes). + /// * `iv`: Initialization Vector (must be 24 bytes). + /// * `aad`: Additional authenticated data (can be any length). + /// * `plaintext`: Input plain text to encrypt. + /// * `ciphertext`: Output buffer for encrypted cipher text. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn encrypt(key: &[u8], iv: &[u8], aad: &[u8], plaintext: &[u8], + ciphertext: &mut [u8]) -> Result<(), i32> { + if key.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + if iv.len() != Self::IV_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_XChaCha20Poly1305_Encrypt( + ciphertext.as_mut_ptr(), ciphertext.len(), + plaintext.as_ptr(), plaintext.len(), + aad.as_ptr(), aad.len(), + iv.as_ptr(), iv.len(), + key.as_ptr(), key.len()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/cmac.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,416 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Cipher-based +Message Authentication Code (CMAC) functionality. +*/ + +#![cfg(cmac)] + +use crate::sys; +use core::mem::MaybeUninit; + +/// The `CMAC` struct manages the lifecycle of a wolfSSL `Cmac` object. +/// +/// It ensures proper initialization and deallocation. +/// +/// An instance can be created with `new()`. +pub struct CMAC { + ws_cmac: sys::Cmac, +} +impl CMAC { + /// One-shot CMAC generation function. + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// * `data`: CMAC input data. + /// * `dout`: Output buffer where CMAC is written. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(aes)] + /// { + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut generate_out = [0u8; 16]; + /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); + /// } + /// ``` + #[cfg(aes)] + pub fn generate(key: &[u8], data: &[u8], dout: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let data_size = data.len() as u32; + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_AesCmacGenerate(dout.as_mut_ptr(), &mut dout_size, + data.as_ptr(), data_size, + key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Create a new CMAC object using the given key. + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// + /// # Returns + /// + /// Returns either Ok(cmac) containing the CMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let mut cmac = CMAC::new(&key).expect("Error with new()"); + /// ``` + pub fn new(key: &[u8]) -> Result { + Self::new_ex(key, None, None) + } + + /// Create a new CMAC object using the given key with optional heap and + /// device ID. + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(cmac) containing the CMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let mut cmac = CMAC::new_ex(&key, None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let key_size = key.len() as u32; + let mut ws_cmac: MaybeUninit = MaybeUninit::uninit(); + let typ = sys::CmacType_WC_CMAC_AES as i32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitCmac_ex(ws_cmac.as_mut_ptr(), key.as_ptr(), key_size, + typ, core::ptr::null_mut(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let ws_cmac = unsafe { ws_cmac.assume_init() }; + let cmac = CMAC { ws_cmac }; + Ok(cmac) + } + + /// One-shot CMAC verification function. + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// * `data`: CMAC input data. + /// * `check`: CMAC value to compare to. + /// + /// # Returns + /// + /// Returns either Ok(valid) (with valid indicating if the CMAC passed in + /// is correct or not) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(aes)] + /// { + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut generate_out = [0u8; 16]; + /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); + /// let valid = CMAC::verify(&key, &message, &generate_out).expect("Error with verify()"); + /// assert!(valid); + /// } + /// ``` + #[cfg(aes)] + pub fn verify(key: &[u8], data: &[u8], check: &[u8]) -> Result { + let key_size = key.len() as u32; + let data_size = data.len() as u32; + let check_size = check.len() as u32; + let rc = unsafe { + sys::wc_AesCmacVerify(check.as_ptr(), check_size, + data.as_ptr(), data_size, + key.as_ptr(), key_size) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc == 0) + } + + /// One-shot CMAC generation function (with heap and device ID). + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// * `data`: CMAC input data. + /// * `dout`: Output buffer where CMAC is written. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(aes)] + /// { + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut generate_out = [0u8; 16]; + /// let mut cmac = CMAC::new(&key).expect("Error with new()"); + /// cmac.generate_ex(&key, &message, &mut generate_out, None, None).expect("Error with generate_ex()"); + /// } + /// ``` + #[cfg(aes)] + pub fn generate_ex(&mut self, key: &[u8], data: &[u8], dout: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let key_size = key.len() as u32; + let data_size = data.len() as u32; + let mut dout_size = dout.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_AesCmacGenerate_ex(&mut self.ws_cmac, + dout.as_mut_ptr(), &mut dout_size, + data.as_ptr(), data_size, + key.as_ptr(), key_size, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add CMAC input data. + /// + /// # Parameters + /// + /// * `data`: CMAC input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut cmac = CMAC::new(&key).expect("Error with new()"); + /// cmac.update(&message).expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_CmacUpdate(&mut self.ws_cmac, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate the final Cipher-based Message Authentication Code result. + /// + /// This function consumes the `CMAC` object since no further operations + /// can be performed with it. + /// + /// # Parameters + /// + /// * `dout`: Output buffer where CMAC is written. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut cmac = CMAC::new(&key).expect("Error with new()"); + /// cmac.update(&message).expect("Error with update()"); + /// let mut finalize_out = [0u8; 16]; + /// cmac.finalize(&mut finalize_out).expect("Error with finalize()"); + /// ``` + pub fn finalize(mut self, dout: &mut [u8]) -> Result<(), i32> { + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_CmacFinalNoFree(&mut self.ws_cmac, + dout.as_mut_ptr(), &mut dout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// One-shot CMAC verification function (with optional heap and device ID). + /// + /// # Parameters + /// + /// * `key`: Key to use for CMAC generation. + /// * `data`: CMAC input data. + /// * `check`: CMAC value to compare to. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(valid) (with valid indicating if the CMAC passed in + /// is correct or not) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(aes)] + /// { + /// use wolfssl_wolfcrypt::cmac::CMAC; + /// let key = [ + /// 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + /// 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + /// ]; + /// let message = [ + /// 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + /// 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + /// ]; + /// let mut generate_out = [0u8; 16]; + /// CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); + /// let mut cmac = CMAC::new(&key).expect("Error with new()"); + /// let valid = cmac.verify_ex(&key, &message, &generate_out, None, None).expect("Error with verify_ex()"); + /// assert!(valid); + /// } + /// ``` + #[cfg(aes)] + pub fn verify_ex(&mut self, key: &[u8], data: &[u8], check: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let key_size = key.len() as u32; + let data_size = data.len() as u32; + let check_size = check.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_AesCmacVerify_ex(&mut self.ws_cmac, + check.as_ptr(), check_size, + data.as_ptr(), data_size, + key.as_ptr(), key_size, heap, dev_id) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc == 0) + } +} +impl Drop for CMAC { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_CmacFree(&mut self.ws_cmac); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/curve25519.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,668 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Curve25519 +functionality. +*/ + +#![cfg(curve25519)] + +#[cfg(random)] +use crate::random::RNG; +use crate::sys; +use core::mem::MaybeUninit; + +pub struct Curve25519Key { + wc_key: sys::curve25519_key, +} + +impl Curve25519Key { + /// Curve 25519 key size (32 bytes). + pub const KEYSIZE: usize = sys::CURVE25519_KEYSIZE as usize; + + /// Check that a public key buffer holds a valid Curve25519 key value + /// given the endian ordering. + /// + /// # Parameters + /// + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn check_public(public: &[u8], big_endian: bool) -> Result<(), i32> { + let public_size = public.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_check_public(public.as_ptr(), public_size, + endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate a new private key. + /// + /// # Parameters + /// + /// * `rng`: Random number generator struct to use for blinding operation. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + #[cfg(random)] + pub fn generate(rng: &mut RNG) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let rc = unsafe { + sys::wc_curve25519_make_key(&mut rng.wc_rng, Self::KEYSIZE as i32, + &mut curve25519key.wc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Generate a new private key as a bare vector. + /// + /// # Parameters + /// + /// * `rng`: Random number generator struct to use for blinding operation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(random)] + pub fn generate_priv(rng: &mut RNG, out: &mut [u8]) -> Result<(), i32> { + if out.len() != Self::KEYSIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_curve25519_make_priv(&mut rng.wc_rng, Self::KEYSIZE as i32, out.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a Curve25519 private key only (big-endian only). + /// + /// # Parameters + /// + /// * `private`: Buffer containing the Curve25519 private key. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_private(private: &[u8]) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_curve25519_import_private(private.as_ptr(), private_size, + &mut curve25519key.wc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Import a Curve25519 private key only (big or little endian). + /// + /// # Parameters + /// + /// * `private`: Buffer containing the Curve25519 private key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_private_ex(private: &[u8], big_endian: bool) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let private_size = private.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_import_private_ex(private.as_ptr(), + private_size, &mut curve25519key.wc_key, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Import a Curve25519 public/private key pair (big-endian only). + /// + /// # Parameters + /// + /// * `private`: Buffer containing the Curve25519 private key. + /// * `public`: Buffer containing the Curve25519 public key. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_private_raw(private: &[u8], public: &[u8]) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let private_size = private.len() as u32; + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_curve25519_import_private_raw(private.as_ptr(), + private_size, public.as_ptr(), public_size, + &mut curve25519key.wc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Import a Curve25519 public/private key pair (big or little endian). + /// + /// # Parameters + /// + /// * `private`: Buffer containing the Curve25519 private key. + /// * `public`: Buffer containing the Curve25519 public key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_private_raw_ex(private: &[u8], public: &[u8], big_endian: bool) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let private_size = private.len() as u32; + let public_size = public.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_import_private_raw_ex(private.as_ptr(), + private_size, public.as_ptr(), public_size, + &mut curve25519key.wc_key, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Import a Curve25519 public key (big-endian only). + /// + /// # Parameters + /// + /// * `public`: Buffer containing the Curve25519 public key. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_public(public: &[u8]) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_curve25519_import_public(public.as_ptr(), public_size, + &mut curve25519key.wc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Import a Curve25519 public key (big or little endian). + /// + /// # Parameters + /// + /// * `public`: Buffer containing the Curve25519 public key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(curve25519key) on success or Err(e) containing the + /// wolfSSL library error code value. + pub fn import_public_ex(public: &[u8], big_endian: bool) -> Result { + let mut wc_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { + sys::wc_curve25519_init(wc_key.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + let wc_key = unsafe { wc_key.assume_init() }; + let mut curve25519key = Curve25519Key { wc_key }; + let public_size = public.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_import_public_ex(public.as_ptr(), public_size, + &mut curve25519key.wc_key, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(curve25519key) + } + + /// Compute the public key from an existing private key using bare vectors. + /// + /// # Parameters + /// + /// * `private`: Private key (input). + /// * `public`: Buffer in which to store the computed public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn make_pub(private: &[u8], public: &mut [u8]) -> Result<(), i32> { + let private_size = private.len() as i32; + let public_size = public.len() as i32; + let rc = unsafe { + sys::wc_curve25519_make_pub(public_size, public.as_mut_ptr(), + private_size, private.as_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the public key from an existing private key using bare vectors + /// with blinding. + /// + /// # Parameters + /// + /// * `private`: Private key (input). + /// * `public`: Buffer in which to store the computed public key. + /// * `rng`: Random number generator struct to use for blinding operation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(all(curve25519_blinding, random))] + pub fn make_pub_blind(private: &[u8], public: &mut [u8], rng: &mut RNG) -> Result<(), i32> { + let private_size = private.len() as i32; + let public_size = public.len() as i32; + let rc = unsafe { + sys::wc_curve25519_make_pub_blind(public_size, public.as_mut_ptr(), + private_size, private.as_ptr(), &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the public key from an existing private key with supplied + /// basepoint, using bare vectors. + /// + /// # Parameters + /// + /// * `private`: Private key (input). + /// * `public`: Buffer in which to store the computed public key. + /// * `basepoint`: Basepoint value to use. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn make_pub_generic(private: &[u8], public: &mut [u8], basepoint: &[u8]) -> Result<(), i32> { + let private_size = private.len() as i32; + let public_size = public.len() as i32; + let basepoint_size = basepoint.len() as i32; + let rc = unsafe { + sys::wc_curve25519_generic(public_size, public.as_mut_ptr(), + private_size, private.as_ptr(), basepoint_size, basepoint.as_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the public key from an existing private key with supplied + /// basepoint, using bare vectors. + /// + /// # Parameters + /// + /// * `private`: Private key (input). + /// * `public`: Buffer in which to store the computed public key. + /// * `basepoint`: Basepoint value to use. + /// * `rng`: Random number generator struct to use for blinding operation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(all(curve25519_blinding, random))] + pub fn make_pub_generic_blind(private: &[u8], public: &mut [u8], basepoint: &[u8], rng: &mut RNG) -> Result<(), i32> { + let private_size = private.len() as i32; + let public_size = public.len() as i32; + let basepoint_size = basepoint.len() as i32; + let rc = unsafe { + sys::wc_curve25519_generic_blind(public_size, public.as_mut_ptr(), + private_size, private.as_ptr(), basepoint_size, basepoint.as_ptr(), + &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute a shared secret key given a secret private key and a received + /// public key. It stores the generated secret key in the buffer out and + /// returns the generated key size. Only supports big endian. + /// + /// # Parameters + /// + /// * `private_key`: Curve25519Key struct holding the user's private key. + /// * `public_key`: Curve25519Key struct holding the received public key. + /// * `out`: Output buffer in which to store the generated secret key. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn shared_secret(private_key: &mut Curve25519Key, public_key: &mut Curve25519Key, out: &mut [u8]) -> Result { + let mut outlen = out.len() as u32; + let rc = unsafe { + sys::wc_curve25519_shared_secret(&mut private_key.wc_key, + &mut public_key.wc_key, out.as_mut_ptr(), &mut outlen) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } + + /// Associates a `RNG` instance with this `Curve25519Key` instance. + /// + /// This is necessary when generating a shared secret if wolfSSL is built + /// with the `WOLFSSL_CURVE25519_BLINDING` build option enabled. + /// + /// # Parameters + /// + /// * `rng`: The `RNG` struct instance to associate with this + /// `Curve25519Key` instance. The `RNG` struct should not be moved in + /// memory after calling this method. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + #[cfg(all(curve25519_blinding, random))] + pub fn set_rng(&mut self, rng: &mut RNG) -> Result<(), i32> { + let rc = unsafe { + sys::wc_curve25519_set_rng(&mut self.wc_key, &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute a shared secret key given a secret private key and a received + /// public key. It stores the generated secret key in the buffer out and + /// returns the generated key size. Supports big or little endian. + /// + /// # Parameters + /// + /// * `private_key`: Curve25519Key struct holding the user's private key. + /// * `public_key`: Curve25519Key struct holding the received public key. + /// * `out`: Output buffer in which to store the generated secret key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn shared_secret_ex(private_key: &mut Curve25519Key, public_key: &mut Curve25519Key, out: &mut [u8], big_endian: bool) -> Result { + let mut outlen = out.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_shared_secret_ex(&mut private_key.wc_key, + &mut public_key.wc_key, out.as_mut_ptr(), &mut outlen, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } + + /// Export public and private keys from Curve25519Key struct to raw buffers + /// (big-endian only). + /// + /// # Parameters + /// + /// * `private`: Buffer in which to store the raw private key. + /// * `public`: Buffer in which to store the raw public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn export_key_raw(&mut self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_curve25519_export_key_raw(&mut self.wc_key, + private.as_mut_ptr(), &mut private_size, + public.as_mut_ptr(), &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public and private keys from Curve25519Key struct to raw buffers + /// (big or little endian). + /// + /// # Parameters + /// + /// * `private`: Buffer in which to store the raw private key. + /// * `public`: Buffer in which to store the raw public key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn export_key_raw_ex(&mut self, private: &mut [u8], public: &mut [u8], big_endian: bool) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let mut public_size = public.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_export_key_raw_ex(&mut self.wc_key, + private.as_mut_ptr(), &mut private_size, + public.as_mut_ptr(), &mut public_size, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private key from Curve25519Key struct to a raw buffer + /// (big-endian only). + /// + /// # Parameters + /// + /// * `out`: Buffer in which to store the raw private key. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn export_private_raw(&mut self, out: &mut [u8]) -> Result { + let mut outlen = out.len() as u32; + let rc = unsafe { + sys::wc_curve25519_export_private_raw(&mut self.wc_key, + out.as_mut_ptr(), &mut outlen) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } + + /// Export private key from Curve25519Key struct to a raw buffer + /// (big or little endian). + /// + /// # Parameters + /// + /// * `out`: Buffer in which to store the raw private key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn export_private_raw_ex(&mut self, out: &mut [u8], big_endian: bool) -> Result { + let mut outlen = out.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_export_private_raw_ex(&mut self.wc_key, + out.as_mut_ptr(), &mut outlen, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } + + /// Export public key from Curve25519Key struct to a raw buffer + /// (big-endian only). + /// + /// # Parameters + /// + /// * `out`: Buffer in which to store the raw public key. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn export_public(&mut self, out: &mut [u8]) -> Result { + let mut outlen = out.len() as u32; + let rc = unsafe { + sys::wc_curve25519_export_public(&mut self.wc_key, + out.as_mut_ptr(), &mut outlen) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } + + /// Export public key from Curve25519Key struct to a raw buffer + /// (big or little endian). + /// + /// # Parameters + /// + /// * `out`: Buffer in which to store the raw public key. + /// * `big_endian`: True for big-endian, false for little-endian. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `out` + /// on success or Err(e) containing the wolfSSL library error code value. + pub fn export_public_ex(&mut self, out: &mut [u8], big_endian: bool) -> Result { + let mut outlen = out.len() as u32; + let endian = if big_endian {sys::EC25519_BIG_ENDIAN} else {sys::EC25519_LITTLE_ENDIAN}; + let rc = unsafe { + sys::wc_curve25519_export_public_ex(&mut self.wc_key, + out.as_mut_ptr(), &mut outlen, endian as i32) + }; + if rc != 0 { + return Err(rc); + } + Ok(outlen as usize) + } +} + +impl Drop for Curve25519Key { + /// Safely free the underlying wolfSSL Curve25519Key context. + /// + /// This calls the `wc_curve25519_free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// struct goes out of scope, automatically cleaning up resources and + /// preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_curve25519_free(&mut self.wc_key); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dh.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1586 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Diffie-Hellman +(DH) functionality. + +The primary component is the `DH` struct, which manages the lifecycle of a +wolfSSL `DhKey` object. It ensures proper initialization and deallocation. +*/ + +#![cfg(dh)] + +use crate::sys; +#[cfg(random)] +use crate::random::RNG; +use core::mem::{MaybeUninit}; + +pub struct DH { + wc_dhkey: sys::DhKey, +} + +impl DH { + /// ffdhe2048 named parameter group. + #[cfg(dh_ffdhe_2048)] + pub const FFDHE_2048: i32 = sys::WC_FFDHE_2048 as i32; + /// ffdhe3072 named parameter group. + #[cfg(dh_ffdhe_3072)] + pub const FFDHE_3072: i32 = sys::WC_FFDHE_3072 as i32; + /// ffdhe4096 named parameter group. + #[cfg(dh_ffdhe_4096)] + pub const FFDHE_4096: i32 = sys::WC_FFDHE_4096 as i32; + /// ffdhe6144 named parameter group. + #[cfg(dh_ffdhe_6144)] + pub const FFDHE_6144: i32 = sys::WC_FFDHE_6144 as i32; + /// ffdhe8192 named parameter group. + #[cfg(dh_ffdhe_8192)] + pub const FFDHE_8192: i32 = sys::WC_FFDHE_8192 as i32; + + /// Perform quick validity check of public key value against prime. + /// + /// This checks that: + /// * Public key is not 0 or 1. + /// * Public key is not equal to prime or prime - 1. + /// * Public key is not bigger than prime. + /// + /// # Parameters + /// + /// * `prime`: Buffer containing prime value. + /// * `public`: Buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let public = &public[0..(public_size as usize)]; + /// let mut p = [0u8; 256]; + /// let mut q = [0u8; 256]; + /// let mut g = [0u8; 256]; + /// let mut p_size = 0u32; + /// let mut g_size = 0u32; + /// let mut q_size = 0u32; + /// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); + /// let p = &p[0..(p_size as usize)]; + /// DH::check_pub_value(p, public).expect("Error with check_pub_value()"); + /// } + /// ``` + pub fn check_pub_value(prime: &[u8], public: &[u8]) -> Result<(), i32> { + let prime_size = prime.len() as u32; + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_DhCheckPubValue(prime.as_ptr(), prime_size, + public.as_ptr(), public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compare given DH parameters to named parameter set. + /// + /// # Parameters + /// + /// * `name`: DH parameters name, one of DH::FFDHE_*. + /// * `p`: DH `p` parameter value. + /// * `g`: DH `g` parameter value. + /// * `q`: DH `q` parameter value (optional). + /// + /// # Returns + /// + /// Returns whether the parameters match the named parameters. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut p = [0u8; 256]; + /// let mut q = [0u8; 256]; + /// let mut g = [0u8; 256]; + /// let mut p_size = 0u32; + /// let mut q_size = 0u32; + /// let mut g_size = 0u32; + /// dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); + /// let p = &p[0..(p_size as usize)]; + /// let g = &g[0..(g_size as usize)]; + /// assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None)); + /// } + /// ``` + pub fn compare_named_key(name: i32, p: &[u8], g: &[u8], q: Option<&[u8]>) -> bool { + let p_size = p.len() as u32; + let g_size = g.len() as u32; + let mut no_q = 1i32; + let mut q_ptr: *const u8 = core::ptr::null(); + let mut q_size = 0u32; + if let Some(q) = q { + no_q = 0; + q_ptr = q.as_ptr(); + q_size = q.len() as u32; + } + let rc = unsafe { + sys::wc_DhCmpNamedKey(name, no_q, + p.as_ptr(), p_size, + g.as_ptr(), g_size, + q_ptr, q_size) + }; + rc != 0 + } + + /// Create a new DH context by generating parameters. + /// + /// # Parameters + /// + /// * `rng`: `RNG` struct instance to use for random number generation. + /// * `modulus_size`: Modulus size in bits. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_keygen, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()"); + /// } + /// ``` + #[cfg(all(dh_keygen, random))] + pub fn generate(rng: &mut RNG, modulus_size: i32) -> Result { + Self::generate_ex(rng, modulus_size, None, None) + } + + /// Create a new DH context by generating parameters with optional heap and + /// device ID. + /// + /// # Parameters + /// + /// * `rng`: `RNG` struct instance to use for random number generation. + /// * `modulus_size`: Modulus size in bits. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_keygen, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::generate_ex(&mut rng, 2048, None, None).expect("Error with generate_ex()"); + /// } + /// ``` + #[cfg(all(dh_keygen, random))] + pub fn generate_ex(rng: &mut RNG, modulus_size: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_dhkey = unsafe { wc_dhkey.assume_init() }; + let mut dh = DH { wc_dhkey }; + let rc = unsafe { + sys::wc_DhGenerateParams(&mut rng.wc_rng, modulus_size, &mut dh.wc_dhkey) + }; + if rc != 0 { + return Err(rc); + } + Ok(dh) + } + + /// Get minimum key size for DH named parameter set. + /// + /// # Parameters + /// + /// * `name`: DH parameters name, one of DH::FFDHE_*. + /// + /// # Returns + /// + /// Minimum key size for the DH named parameter set. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let min_key_size = DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048); + /// assert_eq!(min_key_size, 29); + /// } + /// ``` + pub fn get_min_key_size_for_named_parameters(name: i32) -> u32 { + unsafe { sys::wc_DhGetNamedKeyMinSize(name) } + } + + /// Get parameter sizes for a named parameter set. + /// + /// # Parameters + /// + /// * `name`: DH parameters name, one of DH::FFDHE_*. + /// * `p_size`: Output parameter containing size of DH `p` parameter. + /// * `g_size`: Output parameter containing size of DH `g` parameter. + /// * `q_size`: Output parameter containing size of DH `q` parameter. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut p_size = 0u32; + /// let mut g_size = 0u32; + /// let mut q_size = 0u32; + /// DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size); + /// } + /// ``` + pub fn get_named_parameter_sizes(name: i32, p_size: &mut u32, g_size: &mut u32, q_size: &mut u32) { + unsafe { + sys::wc_DhGetNamedKeyParamSize(name, p_size, g_size, q_size) + }; + } + + /// Create a new DH context using the named parameter set. + /// + /// # Parameters + /// + /// * `name`: DH parameters name, one of DH::FFDHE_*. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// } + /// ``` + pub fn new_named(name: i32) -> Result { + Self::new_named_ex(name, None, None) + } + + /// Create a new DH context using the named parameter set with optional + /// heap and device ID. + /// + /// # Parameters + /// + /// * `name`: DH parameters name, one of DH::FFDHE_*. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut dh = DH::new_named_ex(DH::FFDHE_2048, None, None).expect("Error with new_named_ex()"); + /// } + /// ``` + pub fn new_named_ex(name: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_dhkey = unsafe { wc_dhkey.assume_init() }; + let mut dh = DH { wc_dhkey }; + let rc = unsafe { sys::wc_DhSetNamedKey(&mut dh.wc_dhkey, name) }; + if rc != 0 { + return Err(rc); + } + Ok(dh) + } + + /// Create a new DH context using the given p and g parameters. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let dh = DH::new_from_pg(&p, &g).expect("Error with new_from_pg()"); + /// } + /// ``` + pub fn new_from_pg(p: &[u8], g: &[u8]) -> Result { + Self::new_from_pg_ex(p, g, None, None) + } + + /// Create a new DH context using the given p and g parameters with + /// optional heap and device ID. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let dh = DH::new_from_pg_ex(&p, &g, None, None).expect("Error with new_from_pg_ex()"); + /// } + /// ``` + pub fn new_from_pg_ex(p: &[u8], g: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let p_size = p.len() as u32; + let g_size = g.len() as u32; + let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_dhkey = unsafe { wc_dhkey.assume_init() }; + let mut dh = DH { wc_dhkey }; + let rc = unsafe { + sys::wc_DhSetKey(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dh) + } + + /// Create a new DH context using the given p, g, and q parameters. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// * `q`: DH 'q' parameter value. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let dh = DH::new_from_pgq(&p, &g, &q).expect("Error with new_from_pgq()"); + /// } + /// ``` + pub fn new_from_pgq(p: &[u8], g: &[u8], q: &[u8]) -> Result { + Self::new_from_pgq_ex(p, g, q, None, None) + } + + /// Create a new DH context using the given p, g, and q parameters with + /// optional heap and device ID. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// * `q`: DH 'q' parameter value. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let dh = DH::new_from_pgq_ex(&p, &g, &q, None, None).expect("Error with new_from_pgq_ex()"); + /// } + /// ``` + pub fn new_from_pgq_ex(p: &[u8], g: &[u8], q: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let p_size = p.len() as u32; + let g_size = g.len() as u32; + let q_size = q.len() as u32; + let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_dhkey = unsafe { wc_dhkey.assume_init() }; + let mut dh = DH { wc_dhkey }; + let rc = unsafe { + sys::wc_DhSetKey_ex(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size, q.as_ptr(), q_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dh) + } + + /// Create a new DH context using the given p, g, and q parameters with + /// check. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// * `q`: DH 'q' parameter value. + /// * `trusted`: Whether to skip the prime check for `p` parameter and mark + /// the DH context as trusted. + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq_with_check()"); + /// } + /// ``` + #[cfg(random)] + pub fn new_from_pgq_with_check(p: &[u8], g: &[u8], q: &[u8], trusted: i32, rng: &mut RNG) -> Result { + Self::new_from_pgq_with_check_ex(p, g, q, trusted, rng, None, None) + } + + /// Create a new DH context using the given p, g, and q parameters with + /// check and optional heap and device ID. + /// + /// # Parameters + /// + /// * `p`: DH 'p' parameter value. + /// * `g`: DH 'g' parameter value. + /// * `q`: DH 'q' parameter value. + /// * `trusted`: Whether to skip the prime check for `p` parameter and mark + /// the DH context as trusted. + /// * `rng`: `RNG` instance to use for random number generation. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(dh) containing the DH struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let dh = DH::new_from_pgq_with_check_ex(&p, &g, &q, 0, &mut rng, None, None).expect("Error with new_from_pgq_with_check_ex()"); + /// } + /// ``` + #[cfg(random)] + pub fn new_from_pgq_with_check_ex(p: &[u8], g: &[u8], q: &[u8], trusted: i32, rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let p_size = p.len() as u32; + let g_size = g.len() as u32; + let q_size = q.len() as u32; + let mut wc_dhkey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitDhKey_ex(wc_dhkey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_dhkey = unsafe { wc_dhkey.assume_init() }; + let mut dh = DH { wc_dhkey }; + let rc = unsafe { + sys::wc_DhSetCheckKey(&mut dh.wc_dhkey, p.as_ptr(), p_size, g.as_ptr(), g_size, q.as_ptr(), q_size, trusted, &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(dh) + } + + /// Check public/private key pair for pair-wise consistency per process in + /// SP 800-56Ar3, section 5.6.2.1.4, method (b) for FFC. + /// + /// # Parameters + /// + /// * `public`: Buffer containing public key. + /// * `private`: Buffer containing private key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let private = &private[0..(private_size as usize)]; + /// let public = &public[0..(public_size as usize)]; + /// dh.check_key_pair(public, private).expect("Error with check_key_pair()"); + /// } + /// ``` + pub fn check_key_pair(&mut self, public: &[u8], private: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_DhCheckKeyPair(&mut self.wc_dhkey, + public.as_ptr(), public_size, + private.as_ptr(), private_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Check private key for invalid numbers. + /// + /// The check is per process in SP 800-56Ar3, section 5.6.2.1.2. + /// + /// # Parameters + /// + /// * `private`: Buffer containing private key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let private = &private[0..(private_size as usize)]; + /// dh.check_priv_key(private).expect("Error with check_priv_key()"); + /// } + /// ``` + pub fn check_priv_key(&mut self, private: &[u8]) -> Result<(), i32> { + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_DhCheckPrivKey(&mut self.wc_dhkey, + private.as_ptr(), private_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Check private key for invalid numbers with optional prime value. + /// + /// This optionally allows the private key to be checked against the large + /// prime (q). + /// The check is per process in SP 800-56Ar3, section 5.6.2.1.2. + /// + /// # Parameters + /// + /// * `private`: Buffer containing private key. + /// * `prime`: Buffer containing prime value (optional). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let private = &private[0..(private_size as usize)]; + /// dh.check_priv_key_ex(private, Some(&q)).expect("Error with check_priv_key_ex()"); + /// } + /// ``` + pub fn check_priv_key_ex(&mut self, private: &[u8], prime: Option<&[u8]>) -> Result<(), i32> { + let private_size = private.len() as u32; + let mut prime_ptr: *const u8 = core::ptr::null(); + let mut prime_size = 0u32; + if let Some(prime) = prime { + prime_ptr = prime.as_ptr(); + prime_size = prime.len() as u32; + } + let rc = unsafe { + sys::wc_DhCheckPrivKey_ex(&mut self.wc_dhkey, + private.as_ptr(), private_size, + prime_ptr, prime_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Check public key for invalid numbers (partial check). + /// + /// This performs a partial public-key validation routine. + /// + /// # Parameters + /// + /// * `public`: Buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let public = &public[0..(public_size as usize)]; + /// dh.check_pub_key(public).expect("Error with check_pub_key()"); + /// } + /// ``` + pub fn check_pub_key(&mut self, public: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_DhCheckPubKey(&mut self.wc_dhkey, public.as_ptr(), public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Check public key for invalid numbers (full check). + /// + /// This performs a full public-key validation routine. + /// + /// # Parameters + /// + /// * `public`: Buffer containing public key. + /// * `prime`: Buffer containing prime value. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let p = [ + /// 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + /// 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + /// 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + /// 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + /// 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + /// 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + /// 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + /// 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + /// 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + /// 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + /// 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + /// 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + /// 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + /// 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + /// 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + /// 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + /// 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + /// 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + /// 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + /// 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + /// 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + /// 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + /// 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + /// 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + /// 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + /// 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + /// 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + /// 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + /// 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + /// 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + /// 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + /// 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + /// ]; + /// let g = [ + /// 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + /// 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + /// 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + /// 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + /// 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + /// 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + /// 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + /// 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + /// 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + /// 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + /// 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + /// 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + /// 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + /// 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + /// 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + /// 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + /// 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + /// 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + /// 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + /// 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + /// 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + /// 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + /// 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + /// 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + /// 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + /// 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + /// 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + /// 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + /// 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + /// 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + /// 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + /// 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + /// ]; + /// let q = [ + /// 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let q0 = [ + /// 0x00u8, + /// 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + /// 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + /// 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + /// 0x40, 0x52, 0xed, 0x41 + /// ]; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// let public = &public[0..(public_size as usize)]; + /// dh.check_pub_key_ex(public, &q0).expect("Error with check_pub_key_ex()"); + /// } + /// ``` + pub fn check_pub_key_ex(&mut self, public: &[u8], prime: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let prime_size = prime.len() as u32; + let rc = unsafe { + sys::wc_DhCheckPubKey_ex(&mut self.wc_dhkey, + public.as_ptr(), public_size, + prime.as_ptr(), prime_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export Diffie-Hellman context parameters. + /// + /// # Parameters + /// + /// * `p`: Buffer in which to store the DH `p` parameter value. + /// * `p_size`: Output parameter holding number of bytes written to `p`. + /// * `q`: Buffer in which to store the DH `q` parameter value. + /// * `q_size`: Output parameter holding number of bytes written to `q`. + /// * `g`: Buffer in which to store the DH `g` parameter value. + /// * `g_size`: Output parameter holding number of bytes written to `g`. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + pub fn export_params_raw(&mut self, + p: &mut [u8], p_size: &mut u32, + q: &mut [u8], q_size: &mut u32, + g: &mut [u8], g_size: &mut u32) -> Result<(), i32> { + *p_size = p.len() as u32; + *q_size = q.len() as u32; + *g_size = g.len() as u32; + let rc = unsafe { + sys::wc_DhExportParamsRaw(&mut self.wc_dhkey, + p.as_mut_ptr(), p_size, + q.as_mut_ptr(), q_size, + g.as_mut_ptr(), g_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate a public/private key pair for the given DH parameters. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance used for random number generation. + /// * `private`: Buffer in which to store the generated private key. + /// * `private_size`: Output parameter storing the private key size in bytes. + /// * `public`: Buffer in which to store the generated public key. + /// * `public_size`: Output parameter storing the public key size in bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private = [0u8; 256]; + /// let mut private_size = 0u32; + /// let mut public = [0u8; 256]; + /// let mut public_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate_key_pair(&mut self, rng: &mut RNG, + private: &mut [u8], private_size: &mut u32, + public: &mut [u8], public_size: &mut u32) -> Result<(), i32> { + *private_size = private.len() as u32; + *public_size = public.len() as u32; + let rc = unsafe { + sys::wc_DhGenerateKeyPair(&mut self.wc_dhkey, &mut rng.wc_rng, + private.as_mut_ptr(), private_size, + public.as_mut_ptr(), public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate a shared secret agreed upon by both parties. + /// + /// This function generates an agreed upon secret key based on a local + /// private key and a received public key. If completed on both sides of an + /// exchange, this function generates an agreed upon secret key for + /// symmetric communication. On successfully generating a shared secret + /// key, the size of the secret key written to `dout` will be returned. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the size of the key written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dh_ffdhe_2048, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dh::DH; + /// let mut rng = RNG::new().expect("Error with RNG::new()"); + /// let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + /// let mut private0 = [0u8; 256]; + /// let mut private0_size = 0u32; + /// let mut public0 = [0u8; 256]; + /// let mut public0_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private0, &mut private0_size, &mut public0, &mut public0_size).expect("Error with generate_key_pair()"); + /// let mut private1 = [0u8; 256]; + /// let mut private1_size = 0u32; + /// let mut public1 = [0u8; 256]; + /// let mut public1_size = 0u32; + /// dh.generate_key_pair(&mut rng, &mut private1, &mut private1_size, &mut public1, &mut public1_size).expect("Error with generate_key_pair()"); + /// let mut ss0 = [0u8; 256]; + /// let ss0_size = dh.shared_secret(&mut ss0, &private0, &public1).expect("Error with shared_secret()"); + /// let ss0 = &ss0[0..ss0_size]; + /// } + /// ``` + pub fn shared_secret(&mut self, dout: &mut [u8], private: &[u8], other_pub: &[u8]) -> Result { + let mut dout_size = dout.len() as u32; + let private_size = private.len() as u32; + let other_pub_size = other_pub.len() as u32; + let rc = unsafe { + sys::wc_DhAgree(&mut self.wc_dhkey, + dout.as_mut_ptr(), &mut dout_size, + private.as_ptr(), private_size, + other_pub.as_ptr(), other_pub_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } +} + +impl Drop for DH { + /// Safely free the underlying wolfSSL DhKey context. + /// + /// This calls the `wc_FreeDhKey()` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// DH struct instance goes out of scope, automatically cleaning up + /// resources and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_FreeDhKey(&mut self.wc_dhkey); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/dilithium.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1316 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's ML-DSA +(Dilithium) post-quantum digital signature functionality. + +The primary component is the [`Dilithium`] struct, which manages the lifecycle +of a wolfSSL `dilithium_key` object. It ensures proper initialization and +deallocation. + +Three security parameter sets are supported, selected via +[`Dilithium::set_level()`]: + +| Constant | Level | NIST PQC Level | +|-----------------|-------|----------------| +| [`Dilithium::LEVEL_44`] | 2 | 2 (ML-DSA-44) | +| [`Dilithium::LEVEL_65`] | 3 | 3 (ML-DSA-65) | +| [`Dilithium::LEVEL_87`] | 5 | 5 (ML-DSA-87) | + +# Examples + +```rust +#[cfg(all(dilithium, dilithium_make_key, dilithium_sign, dilithium_verify, random))] +{ +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::dilithium::Dilithium; +let mut rng = RNG::new().expect("RNG creation failed"); +let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Key generation failed"); +let message = b"Hello, ML-DSA!"; +let mut sig = vec![0u8; key.sig_size().expect("sig_size failed")]; +let sig_len = key.sign_msg(message, &mut sig, &mut rng) + .expect("Signing failed"); +let valid = key.verify_msg(&sig[..sig_len], message) + .expect("Verification failed"); +assert!(valid); +} +``` +*/ + +#![cfg(dilithium)] + +use crate::sys; +#[cfg(all(random, any(dilithium_make_key, dilithium_sign)))] +use crate::random::RNG; +use core::mem::MaybeUninit; + +/// Rust wrapper for a wolfSSL `dilithium_key` object. +/// +/// Manages the lifecycle of the underlying key, including initialization and +/// deallocation via the [`Drop`] trait. +/// +/// An instance is created with [`Dilithium::generate()`], +/// [`Dilithium::generate_from_seed()`], or [`Dilithium::new()`]. +pub struct Dilithium { + ws_key: sys::dilithium_key, +} + +impl Dilithium { + /// ML-DSA-44 security parameter set (NIST Level 2). + pub const LEVEL_44: u8 = sys::WC_ML_DSA_44 as u8; + /// ML-DSA-65 security parameter set (NIST Level 3). + pub const LEVEL_65: u8 = sys::WC_ML_DSA_65 as u8; + /// ML-DSA-87 security parameter set (NIST Level 5). + pub const LEVEL_87: u8 = sys::WC_ML_DSA_87 as u8; + + /// Required size in bytes of the seed passed to + /// [`Dilithium::generate_from_seed()`] (`DILITHIUM_SEED_SZ`). + #[cfg(dilithium_make_key_seed_sz)] + pub const DILITHIUM_SEED_SZ: usize = sys::DILITHIUM_SEED_SZ as usize; + + /// Required size in bytes of the seed passed to signing-with-seed + /// functions such as [`Dilithium::sign_msg_with_seed()`] + /// (`DILITHIUM_RND_SZ`). + #[cfg(dilithium_rnd_sz)] + pub const SIGN_SEED_SIZE: usize = sys::DILITHIUM_RND_SZ as usize; + + /// Private (secret) key size in bytes for ML-DSA-44. + #[cfg(dilithium_level2)] + pub const LEVEL2_KEY_SIZE: usize = sys::DILITHIUM_LEVEL2_KEY_SIZE as usize; + /// Signature size in bytes for ML-DSA-44. + #[cfg(dilithium_level2)] + pub const LEVEL2_SIG_SIZE: usize = sys::DILITHIUM_LEVEL2_SIG_SIZE as usize; + /// Public key size in bytes for ML-DSA-44. + #[cfg(dilithium_level2)] + pub const LEVEL2_PUB_KEY_SIZE: usize = sys::DILITHIUM_LEVEL2_PUB_KEY_SIZE as usize; + /// Combined private-plus-public key size in bytes for ML-DSA-44. + #[cfg(dilithium_level2)] + pub const LEVEL2_PRV_KEY_SIZE: usize = + sys::DILITHIUM_LEVEL2_PUB_KEY_SIZE as usize + sys::DILITHIUM_LEVEL2_KEY_SIZE as usize; + + /// Private (secret) key size in bytes for ML-DSA-65. + #[cfg(dilithium_level3)] + pub const LEVEL3_KEY_SIZE: usize = sys::DILITHIUM_LEVEL3_KEY_SIZE as usize; + /// Signature size in bytes for ML-DSA-65. + #[cfg(dilithium_level3)] + pub const LEVEL3_SIG_SIZE: usize = sys::DILITHIUM_LEVEL3_SIG_SIZE as usize; + /// Public key size in bytes for ML-DSA-65. + #[cfg(dilithium_level3)] + pub const LEVEL3_PUB_KEY_SIZE: usize = sys::DILITHIUM_LEVEL3_PUB_KEY_SIZE as usize; + /// Combined private-plus-public key size in bytes for ML-DSA-65. + #[cfg(dilithium_level3)] + pub const LEVEL3_PRV_KEY_SIZE: usize = + sys::DILITHIUM_LEVEL3_PUB_KEY_SIZE as usize + sys::DILITHIUM_LEVEL3_KEY_SIZE as usize; + + /// Private (secret) key size in bytes for ML-DSA-87. + #[cfg(dilithium_level5)] + pub const LEVEL5_KEY_SIZE: usize = sys::DILITHIUM_LEVEL5_KEY_SIZE as usize; + /// Signature size in bytes for ML-DSA-87. + #[cfg(dilithium_level5)] + pub const LEVEL5_SIG_SIZE: usize = sys::DILITHIUM_LEVEL5_SIG_SIZE as usize; + /// Public key size in bytes for ML-DSA-87. + #[cfg(dilithium_level5)] + pub const LEVEL5_PUB_KEY_SIZE: usize = sys::DILITHIUM_LEVEL5_PUB_KEY_SIZE as usize; + /// Combined private-plus-public key size in bytes for ML-DSA-87. + #[cfg(dilithium_level5)] + pub const LEVEL5_PRV_KEY_SIZE: usize = + sys::DILITHIUM_LEVEL5_PUB_KEY_SIZE as usize + sys::DILITHIUM_LEVEL5_KEY_SIZE as usize; + + /// Generate a new Dilithium key pair using a random number generator. + /// + /// # Parameters + /// + /// * `level`: Security parameter set. One of [`Dilithium::LEVEL_44`], + /// [`Dilithium::LEVEL_65`], or [`Dilithium::LEVEL_87`]. + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// } + /// ``` + #[cfg(all(dilithium_make_key, random))] + pub fn generate(level: u8, rng: &mut RNG) -> Result { + Self::generate_ex(level, rng, None, None) + } + + /// Generate a new Dilithium key pair with optional heap hint and device ID. + /// + /// # Parameters + /// + /// * `level`: Security parameter set. One of [`Dilithium::LEVEL_44`], + /// [`Dilithium::LEVEL_65`], or [`Dilithium::LEVEL_87`]. + /// * `rng`: `RNG` instance to use for random number generation. + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key = Dilithium::generate_ex(Dilithium::LEVEL_44, &mut rng, None, None) + /// .expect("Error with generate_ex()"); + /// } + /// ``` + #[cfg(all(dilithium_make_key, random))] + pub fn generate_ex( + level: u8, + rng: &mut RNG, + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + let mut key = Self::new_ex(heap, dev_id)?; + let rc = unsafe { sys::wc_dilithium_set_level(&mut key.ws_key, level) }; + if rc != 0 { + return Err(rc); + } + let rc = unsafe { sys::wc_dilithium_make_key(&mut key.ws_key, &mut rng.wc_rng) }; + if rc != 0 { + return Err(rc); + } + Ok(key) + } + + /// Generate a Dilithium key pair from a fixed seed. + /// + /// Produces the same key pair for a given `(level, seed)` pair, enabling + /// deterministic key generation. + /// + /// # Parameters + /// + /// * `level`: Security parameter set. One of [`Dilithium::LEVEL_44`], + /// [`Dilithium::LEVEL_65`], or [`Dilithium::LEVEL_87`]. + /// * `seed`: Seed bytes. Must be `DILITHIUM_SEED_SZ` (32) bytes. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key_from_seed))] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let seed = [0x42u8; 32]; + /// let key = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &seed) + /// .expect("Error with generate_from_seed()"); + /// } + /// ``` + #[cfg(dilithium_make_key_from_seed)] + pub fn generate_from_seed(level: u8, seed: &[u8]) -> Result { + Self::generate_from_seed_ex(level, seed, None, None) + } + + /// Generate a Dilithium key pair from a fixed seed with optional heap hint + /// and device ID. + /// + /// # Parameters + /// + /// * `level`: Security parameter set. One of [`Dilithium::LEVEL_44`], + /// [`Dilithium::LEVEL_65`], or [`Dilithium::LEVEL_87`]. + /// * `seed`: Seed bytes. Must be `DILITHIUM_SEED_SZ` (32) bytes. + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key_from_seed))] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let seed = [0x42u8; 32]; + /// let key = Dilithium::generate_from_seed_ex(Dilithium::LEVEL_44, &seed, None, None) + /// .expect("Error with generate_from_seed_ex()"); + /// } + /// ``` + #[cfg(dilithium_make_key_from_seed)] + pub fn generate_from_seed_ex( + level: u8, + seed: &[u8], + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + #[cfg(dilithium_make_key_seed_sz)] + if seed.len() != Self::DILITHIUM_SEED_SZ { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let mut key = Self::new_ex(heap, dev_id)?; + let rc = unsafe { sys::wc_dilithium_set_level(&mut key.ws_key, level) }; + if rc != 0 { + return Err(rc); + } + let rc = unsafe { + sys::wc_dilithium_make_key_from_seed(&mut key.ws_key, seed.as_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(key) + } + + /// Create and initialize a new Dilithium key instance without a key. + /// + /// The security level and key material can be set afterwards using + /// [`Dilithium::set_level()`] and one of the import functions. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(dilithium)] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let key = Dilithium::new().expect("Error with new()"); + /// } + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create and initialize a new Dilithium key instance with optional heap + /// hint and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(Dilithium) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(dilithium)] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let key = Dilithium::new_ex(None, None).expect("Error with new_ex()"); + /// } + /// ``` + pub fn new_ex( + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(h) => h, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(id) => id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_dilithium_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + Ok(Dilithium { ws_key }) + } + + /// Set the security parameter level for this key. + /// + /// Must be called before generating or importing key material. Use one of + /// the level constants: [`Dilithium::LEVEL_44`], [`Dilithium::LEVEL_65`], + /// or [`Dilithium::LEVEL_87`]. + /// + /// # Parameters + /// + /// * `level`: Security level (2 = ML-DSA-44, 3 = ML-DSA-65, 5 = ML-DSA-87). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(dilithium)] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut key = Dilithium::new().expect("Error with new()"); + /// key.set_level(Dilithium::LEVEL_65).expect("Error with set_level()"); + /// } + /// ``` + pub fn set_level(&mut self, level: u8) -> Result<(), i32> { + let rc = unsafe { sys::wc_dilithium_set_level(&mut self.ws_key, level) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the security parameter level of this key. + /// + /// # Returns + /// + /// Returns either Ok(level) containing the current security level or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(dilithium)] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut key = Dilithium::new().expect("Error with new()"); + /// key.set_level(Dilithium::LEVEL_87).expect("Error with set_level()"); + /// let level = key.get_level().expect("Error with get_level()"); + /// assert_eq!(level, Dilithium::LEVEL_87); + /// } + /// ``` + pub fn get_level(&mut self) -> Result { + let mut level = 0u8; + let rc = unsafe { sys::wc_dilithium_get_level(&mut self.ws_key, &mut level) }; + if rc != 0 { + return Err(rc); + } + Ok(level) + } + + /// Get the private (secret) key size in bytes for the current level. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the private key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let sz = key.size().expect("Error with size()"); + /// assert_eq!(sz, Dilithium::LEVEL2_KEY_SIZE); + /// } + /// ``` + pub fn size(&mut self) -> Result { + let rc = unsafe { sys::wc_dilithium_size(&mut self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the combined private-plus-public key size in bytes for the current + /// level. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let sz = key.priv_size().expect("Error with priv_size()"); + /// assert_eq!(sz, Dilithium::LEVEL2_PRV_KEY_SIZE); + /// } + /// ``` + pub fn priv_size(&mut self) -> Result { + let rc = unsafe { sys::wc_dilithium_priv_size(&mut self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the public key size in bytes for the current level. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let sz = key.pub_size().expect("Error with pub_size()"); + /// assert_eq!(sz, Dilithium::LEVEL2_PUB_KEY_SIZE); + /// } + /// ``` + pub fn pub_size(&mut self) -> Result { + let rc = unsafe { sys::wc_dilithium_pub_size(&mut self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the signature size in bytes for the current level. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let sz = key.sig_size().expect("Error with sig_size()"); + /// assert_eq!(sz, Dilithium::LEVEL2_SIG_SIZE); + /// } + /// ``` + pub fn sig_size(&mut self) -> Result { + let rc = unsafe { sys::wc_dilithium_sig_size(&mut self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Check that the key pair is valid (public key matches private key). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_check_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// key.check_key().expect("Error with check_key()"); + /// } + /// ``` + #[cfg(dilithium_check_key)] + pub fn check_key(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_dilithium_check_key(&mut self.ws_key) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a public key from a raw byte buffer. + /// + /// # Parameters + /// + /// * `public`: Input buffer containing the raw public key bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_import, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut pub_buf = vec![0u8; key.pub_size().unwrap()]; + /// key.export_public(&mut pub_buf).expect("Error with export_public()"); + /// let mut key2 = Dilithium::new().expect("Error with new()"); + /// key2.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + /// key2.import_public(&pub_buf).expect("Error with import_public()"); + /// } + /// ``` + #[cfg(dilithium_import)] + pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_dilithium_import_public(public.as_ptr(), public_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a private (secret) key from a raw byte buffer. + /// + /// The buffer should contain the raw private key bytes only + /// (size = `LEVEL*_KEY_SIZE`). + /// + /// # Parameters + /// + /// * `private`: Input buffer containing the raw private key bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_import, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut priv_buf = vec![0u8; key.size().unwrap()]; + /// key.export_private(&mut priv_buf).expect("Error with export_private()"); + /// let mut key2 = Dilithium::new().expect("Error with new()"); + /// key2.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + /// key2.import_private(&priv_buf).expect("Error with import_private()"); + /// } + /// ``` + #[cfg(dilithium_import)] + pub fn import_private(&mut self, private: &[u8]) -> Result<(), i32> { + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_dilithium_import_private(private.as_ptr(), private_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import both private and public key material from raw byte buffers. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing the raw private key bytes. + /// * `public`: Input buffer containing the raw public key bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_import, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut priv_buf = vec![0u8; key.size().unwrap()]; + /// let mut pub_buf = vec![0u8; key.pub_size().unwrap()]; + /// key.export_key(&mut priv_buf, &mut pub_buf).expect("Error with export_key()"); + /// let mut key2 = Dilithium::new().expect("Error with new()"); + /// key2.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + /// key2.import_key(&priv_buf, &pub_buf).expect("Error with import_key()"); + /// } + /// ``` + #[cfg(dilithium_import)] + pub fn import_key(&mut self, private: &[u8], public: &[u8]) -> Result<(), i32> { + let private_size = private.len() as u32; + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_dilithium_import_key( + private.as_ptr(), private_size, + public.as_ptr(), public_size, + &mut self.ws_key, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export the public key to a raw byte buffer. + /// + /// # Parameters + /// + /// * `public`: Output buffer to receive the public key. Must be at least + /// `pub_size()` bytes. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut pub_buf = vec![0u8; key.pub_size().unwrap()]; + /// let written = key.export_public(&mut pub_buf).expect("Error with export_public()"); + /// assert_eq!(written, Dilithium::LEVEL2_PUB_KEY_SIZE); + /// } + /// ``` + #[cfg(dilithium_export)] + pub fn export_public(&mut self, public: &mut [u8]) -> Result { + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_dilithium_export_public(&mut self.ws_key, public.as_mut_ptr(), &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(public_size as usize) + } + + /// Export the private (secret) key to a raw byte buffer. + /// + /// # Parameters + /// + /// * `private`: Output buffer to receive the private key. Must be at + /// least `size()` bytes. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut priv_buf = vec![0u8; key.size().unwrap()]; + /// let written = key.export_private(&mut priv_buf).expect("Error with export_private()"); + /// assert_eq!(written, Dilithium::LEVEL2_KEY_SIZE); + /// } + /// ``` + #[cfg(dilithium_export)] + pub fn export_private(&mut self, private: &mut [u8]) -> Result { + let mut private_size = private.len() as u32; + let rc = unsafe { + sys::wc_dilithium_export_private( + &mut self.ws_key, private.as_mut_ptr(), &mut private_size, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(private_size as usize) + } + + /// Export both private and public key material to separate raw byte + /// buffers. + /// + /// # Parameters + /// + /// * `private`: Output buffer for the private key. Must be at least + /// `size()` bytes. + /// * `public`: Output buffer for the public key. Must be at least + /// `pub_size()` bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let mut priv_buf = vec![0u8; key.size().unwrap()]; + /// let mut pub_buf = vec![0u8; key.pub_size().unwrap()]; + /// key.export_key(&mut priv_buf, &mut pub_buf).expect("Error with export_key()"); + /// } + /// ``` + #[cfg(dilithium_export)] + pub fn export_key(&mut self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_dilithium_export_key( + &mut self.ws_key, + private.as_mut_ptr(), &mut private_size, + public.as_mut_ptr(), &mut public_size, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Sign a message and write the signature to `sig`. + /// + /// # Parameters + /// + /// * `msg`: Message to sign. + /// * `sig`: Output buffer to hold the signature. Must be at least + /// `sig_size()` bytes. + /// * `rng`: RNG instance for hedged signing. For deterministic signing, + /// use [`Dilithium::sign_msg_with_seed()`] instead. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_sign, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let message = b"Hello, ML-DSA!"; + /// let mut sig = vec![0u8; key.sig_size().unwrap()]; + /// let sig_len = key.sign_msg(message, &mut sig, &mut rng) + /// .expect("Error with sign_msg()"); + /// assert_eq!(sig_len, Dilithium::LEVEL2_SIG_SIZE); + /// } + /// ``` + #[cfg(all(dilithium_sign, random))] + pub fn sign_msg( + &mut self, + msg: &[u8], + sig: &mut [u8], + rng: &mut RNG, + ) -> Result { + let msg_len = msg.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_msg( + core::ptr::null(), 0, + msg.as_ptr(), msg_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + &mut rng.wc_rng, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Sign a message with a context string and write the signature to `sig`. + /// + /// # Parameters + /// + /// * `ctx`: Context string (at most 255 bytes). + /// * `msg`: Message to sign. + /// * `sig`: Output buffer to hold the signature. Must be at least + /// `sig_size()` bytes. + /// * `rng`: RNG instance for hedged signing. For deterministic signing, + /// use [`Dilithium::sign_ctx_msg_with_seed()`] instead. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_sign, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let message = b"Hello, ML-DSA!"; + /// let ctx = b"my context"; + /// let mut sig = vec![0u8; key.sig_size().unwrap()]; + /// key.sign_ctx_msg(ctx, message, &mut sig, &mut rng) + /// .expect("Error with sign_ctx_msg()"); + /// } + /// ``` + #[cfg(all(dilithium_sign, random))] + pub fn sign_ctx_msg( + &mut self, + ctx: &[u8], + msg: &[u8], + sig: &mut [u8], + rng: &mut RNG, + ) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let ctx_len = ctx.len() as u8; + let msg_len = msg.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_msg( + ctx.as_ptr(), ctx_len, + msg.as_ptr(), msg_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + &mut rng.wc_rng, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Sign a pre-hashed message with a context string. + /// + /// This is the HashML-DSA variant: the message is supplied as a hash + /// digest along with the hash algorithm identifier. + /// + /// # Parameters + /// + /// * `ctx`: Context string (at most 255 bytes). + /// * `hash_alg`: Hash algorithm identifier (e.g. `WC_HASH_TYPE_SHA256`). + /// * `hash`: Hash digest of the message to sign. + /// * `sig`: Output buffer to hold the signature. Must be at least + /// `sig_size()` bytes. + /// * `rng`: RNG instance for hedged signing. For deterministic signing, + /// use [`Dilithium::sign_ctx_hash_with_seed()`] instead. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + #[cfg(all(dilithium_sign, random))] + pub fn sign_ctx_hash( + &mut self, + ctx: &[u8], + hash_alg: i32, + hash: &[u8], + sig: &mut [u8], + rng: &mut RNG, + ) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let ctx_len = ctx.len() as u8; + let hash_len = hash.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_hash( + ctx.as_ptr(), ctx_len, + hash_alg, + hash.as_ptr(), hash_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + &mut rng.wc_rng, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Sign a message using a fixed random seed instead of an RNG. + /// + /// Produces a deterministic signature for a given `(key, msg, seed)` + /// triple. + /// + /// # Parameters + /// + /// * `msg`: Message to sign. + /// * `sig`: Output buffer to hold the signature. + /// * `seed`: Random seed bytes (`DILITHIUM_RND_SZ` = 32 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key_from_seed, dilithium_sign_with_seed))] + /// { + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let key_seed = [0x42u8; 32]; + /// let mut key = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &key_seed) + /// .expect("Error with generate_from_seed()"); + /// let message = b"Hello, ML-DSA!"; + /// let sign_seed = [0x55u8; 32]; + /// let mut sig = vec![0u8; key.sig_size().unwrap()]; + /// key.sign_msg_with_seed(message, &mut sig, &sign_seed) + /// .expect("Error with sign_msg_with_seed()"); + /// } + /// ``` + #[cfg(dilithium_sign_with_seed)] + pub fn sign_msg_with_seed( + &mut self, + msg: &[u8], + sig: &mut [u8], + seed: &[u8], + ) -> Result { + #[cfg(dilithium_rnd_sz)] + if seed.len() != sys::DILITHIUM_RND_SZ as usize { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let msg_len = msg.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_msg_with_seed( + core::ptr::null(), 0, + msg.as_ptr(), msg_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + seed.as_ptr(), + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Sign a message with a context string using a fixed random seed. + /// + /// # Parameters + /// + /// * `ctx`: Context string (at most 255 bytes). + /// * `msg`: Message to sign. + /// * `sig`: Output buffer to hold the signature. + /// * `seed`: Random seed bytes (`DILITHIUM_RND_SZ` = 32 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + #[cfg(dilithium_sign_with_seed)] + pub fn sign_ctx_msg_with_seed( + &mut self, + ctx: &[u8], + msg: &[u8], + sig: &mut [u8], + seed: &[u8], + ) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + #[cfg(dilithium_rnd_sz)] + if seed.len() != sys::DILITHIUM_RND_SZ as usize { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let ctx_len = ctx.len() as u8; + let msg_len = msg.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_msg_with_seed( + ctx.as_ptr(), ctx_len, + msg.as_ptr(), msg_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + seed.as_ptr(), + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Sign a pre-hashed message with a context string using a fixed random + /// seed. + /// + /// # Parameters + /// + /// * `ctx`: Context string (at most 255 bytes). + /// * `hash_alg`: Hash algorithm identifier (e.g. `WC_HASH_TYPE_SHA256`). + /// * `hash`: Hash digest of the message to sign. + /// * `sig`: Output buffer to hold the signature. + /// * `seed`: Random seed bytes (`DILITHIUM_RND_SZ` = 32 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `sig` + /// on success or Err(e) containing the wolfSSL library error code value. + #[cfg(dilithium_sign_with_seed)] + pub fn sign_ctx_hash_with_seed( + &mut self, + ctx: &[u8], + hash_alg: i32, + hash: &[u8], + sig: &mut [u8], + seed: &[u8], + ) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + #[cfg(dilithium_rnd_sz)] + if seed.len() != sys::DILITHIUM_RND_SZ as usize { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let ctx_len = ctx.len() as u8; + let hash_len = hash.len() as u32; + let mut sig_len = sig.len() as u32; + let rc = unsafe { + sys::wc_dilithium_sign_ctx_hash_with_seed( + ctx.as_ptr(), ctx_len, + hash_alg, + hash.as_ptr(), hash_len, + sig.as_mut_ptr(), &mut sig_len, + &mut self.ws_key, + seed.as_ptr(), + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_len as usize) + } + + /// Verify a message signature. + /// + /// # Parameters + /// + /// * `sig`: Signature to verify. + /// * `msg`: Message the signature was created over. + /// + /// # Returns + /// + /// Returns either Ok(true) if the signature is valid, Ok(false) if it is + /// invalid, or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_sign, dilithium_verify, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let message = b"Hello, ML-DSA!"; + /// let mut sig = vec![0u8; key.sig_size().unwrap()]; + /// let sig_len = key.sign_msg(message, &mut sig, &mut rng) + /// .expect("Error with sign_msg()"); + /// let valid = key.verify_msg(&sig[..sig_len], message) + /// .expect("Error with verify_msg()"); + /// assert!(valid); + /// } + /// ``` + #[cfg(dilithium_verify)] + pub fn verify_msg(&mut self, sig: &[u8], msg: &[u8]) -> Result { + let sig_len = sig.len() as u32; + let msg_len = msg.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_dilithium_verify_ctx_msg( + sig.as_ptr(), sig_len, + core::ptr::null(), 0, + msg.as_ptr(), msg_len, + &mut res, + &mut self.ws_key, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify a message signature with a context string. + /// + /// # Parameters + /// + /// * `sig`: Signature to verify. + /// * `ctx`: Context string used when signing. + /// * `msg`: Message the signature was created over. + /// + /// # Returns + /// + /// Returns either Ok(true) if the signature is valid, Ok(false) if it is + /// invalid, or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(dilithium, dilithium_make_key, dilithium_sign, dilithium_verify, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::dilithium::Dilithium; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + /// .expect("Error with generate()"); + /// let message = b"Hello, ML-DSA!"; + /// let ctx = b"my context"; + /// let mut sig = vec![0u8; key.sig_size().unwrap()]; + /// let sig_len = key.sign_ctx_msg(ctx, message, &mut sig, &mut rng) + /// .expect("Error with sign_ctx_msg()"); + /// let valid = key.verify_ctx_msg(&sig[..sig_len], ctx, message) + /// .expect("Error with verify_ctx_msg()"); + /// assert!(valid); + /// } + /// ``` + #[cfg(dilithium_verify)] + pub fn verify_ctx_msg(&mut self, sig: &[u8], ctx: &[u8], msg: &[u8]) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let sig_len = sig.len() as u32; + let ctx_len = ctx.len() as u8; + let msg_len = msg.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_dilithium_verify_ctx_msg( + sig.as_ptr(), sig_len, + ctx.as_ptr(), ctx_len, + msg.as_ptr(), msg_len, + &mut res, + &mut self.ws_key, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify a pre-hashed message signature with a context string. + /// + /// This is the HashML-DSA variant: the message is supplied as a hash + /// digest along with the hash algorithm identifier. + /// + /// # Parameters + /// + /// * `sig`: Signature to verify. + /// * `ctx`: Context string used when signing. + /// * `hash_alg`: Hash algorithm identifier (e.g. `WC_HASH_TYPE_SHA256`). + /// * `hash`: Hash digest of the message to verify. + /// + /// # Returns + /// + /// Returns either Ok(true) if the signature is valid, Ok(false) if it is + /// invalid, or Err(e) containing the wolfSSL library error code value. + #[cfg(dilithium_verify)] + pub fn verify_ctx_hash( + &mut self, + sig: &[u8], + ctx: &[u8], + hash_alg: i32, + hash: &[u8], + ) -> Result { + if ctx.len() > 255 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let sig_len = sig.len() as u32; + let ctx_len = ctx.len() as u8; + let hash_len = hash.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_dilithium_verify_ctx_hash( + sig.as_ptr(), sig_len, + ctx.as_ptr(), ctx_len, + hash_alg, + hash.as_ptr(), hash_len, + &mut res, + &mut self.ws_key, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } +} + +impl Drop for Dilithium { + /// Safely free the underlying wolfSSL Dilithium key context. + /// + /// This calls `wc_dilithium_free()`. The Rust Drop trait guarantees this + /// is called when the `Dilithium` struct goes out of scope. + fn drop(&mut self) { + unsafe { sys::wc_dilithium_free(&mut self.ws_key); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ecc.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1976 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's ECC +functionality. + +The primary component is the `ECC` struct, which manages the lifecycle of a +wolfSSL `ecc_key` object. It ensures proper initialization and deallocation. +*/ + +#![cfg(ecc)] + +use crate::sys; +#[cfg(random)] +use crate::random::RNG; +use core::mem::{MaybeUninit}; + +/// Rust wrapper for wolfSSL `ecc_point` object. +pub struct ECCPoint { + wc_ecc_point: *mut sys::ecc_point, + heap: *mut core::ffi::c_void, +} + +impl ECCPoint { + /// Import an ECCPoint from a DER-formatted buffer. + /// + /// # Parameters + /// + /// * `din`: DER-formatted buffer. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// + /// # Returns + /// + /// Returns either Ok(ECCPoint) containing the ECCPoint struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::{ECC,ECCPoint}; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// let mut der = [0u8; 128]; + /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + /// ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_der(din: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>) -> Result { + let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; + if curve_idx < 0 { + return Err(curve_idx); + } + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; + if wc_ecc_point.is_null() { + return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); + } + let eccpoint = ECCPoint { wc_ecc_point, heap }; + let din_size = din.len() as u32; + let rc = unsafe { + sys::wc_ecc_import_point_der(din.as_ptr(), din_size, curve_idx, + eccpoint.wc_ecc_point) + }; + if rc != 0 { + return Err(rc); + } + Ok(eccpoint) + } + + /// Import an ECCPoint from a DER-formatted buffer. + /// + /// # Parameters + /// + /// * `din`: DER-formatted buffer. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `short_key_size`: if shortKeySize != 0 then key size is always + /// (din.len() - 1) / 2. + /// * `heap`: Optional heap hint. + /// + /// # Returns + /// + /// Returns either Ok(ECCPoint) containing the ECCPoint struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, ecc_export, ecc_comp_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::{ECC,ECCPoint}; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// let mut der = [0u8; 128]; + /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + /// ECCPoint::import_der_ex(&der[0..size], curve_id, 0, None).expect("Error with import_der_ex()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_der_ex(din: &[u8], curve_id: i32, short_key_size: i32, heap: Option<*mut core::ffi::c_void>) -> Result { + let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; + if curve_idx < 0 { + return Err(curve_idx); + } + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; + if wc_ecc_point.is_null() { + return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); + } + let eccpoint = ECCPoint { wc_ecc_point, heap }; + let din_size = din.len() as u32; + let rc = unsafe { + sys::wc_ecc_import_point_der_ex(din.as_ptr(), din_size, curve_idx, + wc_ecc_point, short_key_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(eccpoint) + } + + /// Export an ECCPoint in DER format. + /// + /// # Parameters + /// + /// * `dout`: Output buffer. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::{ECC,ECCPoint}; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// let mut der = [0u8; 128]; + /// let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + /// assert!(size > 0 && size <= der.len()); + /// ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); + /// } + /// ``` + #[cfg(ecc_export)] + pub fn export_der(&self, dout: &mut [u8], curve_id: i32) -> Result { + let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; + if curve_idx < 0 { + return Err(curve_idx); + } + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_point_der(curve_idx, self.wc_ecc_point, + dout.as_mut_ptr(), &mut dout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Export an ECCPoint in compressed DER format. + /// + /// # Parameters + /// + /// * `dout`: Output buffer. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, ecc_comp_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::{ECC,ECCPoint}; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// let ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// let mut der = [0u8; 128]; + /// let size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); + /// } + /// ``` + #[cfg(all(ecc_export, ecc_comp_key))] + pub fn export_der_compressed(&self, dout: &mut [u8], curve_id: i32) -> Result { + let curve_idx = unsafe { sys::wc_ecc_get_curve_idx(curve_id) }; + if curve_idx < 0 { + return Err(curve_idx); + } + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_point_der_ex(curve_idx, self.wc_ecc_point, + dout.as_mut_ptr(), &mut dout_size, 1) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Zeroize the ECCPoint. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// ecc_point.forcezero(); + /// } + /// ``` + pub fn forcezero(&mut self) { + unsafe { sys::wc_ecc_forcezero_point(self.wc_ecc_point) }; + } +} + +impl Drop for ECCPoint { + /// Safely free the underlying wolfSSL ecc_point context. + /// + /// This calls the `wc_ecc_del_point_h()` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// ECCPoint struct instance goes out of scope, automatically cleaning up + /// resources and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_ecc_del_point_h(self.wc_ecc_point, self.heap); } + } +} + +/// The `ECC` struct manages the lifecycle of a wolfSSL `ecc_key` object. +/// +/// It ensures proper initialization and deallocation. +/// +/// An instance can be created with `generate()`, `import_x963()`, +/// `import_x963_ex()`, `import_private_key()`, `import_private_key_ex()`, +/// `import_raw()`, or `import_raw_ex()`. +pub struct ECC { + wc_ecc_key: sys::ecc_key, +} + +#[cfg(ecc_curve_ids)] +impl ECC { + pub const CURVE_INVALID: i32 = sys::ecc_curve_ids_ECC_CURVE_INVALID; + pub const CURVE_DEF: i32 = sys::ecc_curve_ids_ECC_CURVE_DEF; + pub const SECP192R1: i32 = sys::ecc_curve_ids_ECC_SECP192R1; + pub const PRIME192V2: i32 = sys::ecc_curve_ids_ECC_PRIME192V2; + pub const PRIME192V3: i32 = sys::ecc_curve_ids_ECC_PRIME192V3; + pub const PRIME239V1: i32 = sys::ecc_curve_ids_ECC_PRIME239V1; + pub const PRIME239V2: i32 = sys::ecc_curve_ids_ECC_PRIME239V2; + pub const PRIME239V3: i32 = sys::ecc_curve_ids_ECC_PRIME239V3; + pub const SECP256R1: i32 = sys::ecc_curve_ids_ECC_SECP256R1; + pub const SECP112R1: i32 = sys::ecc_curve_ids_ECC_SECP112R1; + pub const SECP112R2: i32 = sys::ecc_curve_ids_ECC_SECP112R2; + pub const SECP128R1: i32 = sys::ecc_curve_ids_ECC_SECP128R1; + pub const SECP128R2: i32 = sys::ecc_curve_ids_ECC_SECP128R2; + pub const SECP160R1: i32 = sys::ecc_curve_ids_ECC_SECP160R1; + pub const SECP160R2: i32 = sys::ecc_curve_ids_ECC_SECP160R2; + pub const SECP224R1: i32 = sys::ecc_curve_ids_ECC_SECP224R1; + pub const SECP384R1: i32 = sys::ecc_curve_ids_ECC_SECP384R1; + pub const SECP521R1: i32 = sys::ecc_curve_ids_ECC_SECP521R1; + pub const SECP160K1: i32 = sys::ecc_curve_ids_ECC_SECP160K1; + pub const SECP192K1: i32 = sys::ecc_curve_ids_ECC_SECP192K1; + pub const SECP224K1: i32 = sys::ecc_curve_ids_ECC_SECP224K1; + pub const SECP256K1: i32 = sys::ecc_curve_ids_ECC_SECP256K1; + pub const BRAINPOOLP160R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP160R1; + pub const BRAINPOOLP192R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP192R1; + pub const BRAINPOOLP224R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP224R1; + pub const BRAINPOOLP256R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP256R1; + pub const BRAINPOOLP320R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP320R1; + pub const BRAINPOOLP384R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP384R1; + pub const BRAINPOOLP512R1: i32 = sys::ecc_curve_ids_ECC_BRAINPOOLP512R1; + #[cfg(ecc_curve_sm2p256v1)] + pub const SM2P256V1: i32 = sys::ecc_curve_ids_ECC_SM2P256V1; + #[cfg(ecc_curve_25519)] + pub const X25519: i32 = sys::ecc_curve_ids_ECC_X25519; + #[cfg(ecc_curve_448)] + pub const X448: i32 = sys::ecc_curve_ids_ECC_X448; + #[cfg(ecc_curve_sakke)] + pub const SAKKE_1: i32 = sys::ecc_curve_ids_ECC_SAKKE_1; + #[cfg(ecc_custom_curves)] + pub const CURVE_CUSTOM: i32 = sys::ecc_curve_ids_ECC_CURVE_CUSTOM; + pub const CURVE_MAX: i32 = sys::ecc_curve_ids_ECC_CURVE_MAX; +} + +#[cfg(not(ecc_curve_ids))] +impl ECC { + pub const CURVE_INVALID: i32 = sys::ecc_curve_id_ECC_CURVE_INVALID; + pub const CURVE_DEF: i32 = sys::ecc_curve_id_ECC_CURVE_DEF; + pub const SECP192R1: i32 = sys::ecc_curve_id_ECC_SECP192R1; + pub const PRIME192V2: i32 = sys::ecc_curve_id_ECC_PRIME192V2; + pub const PRIME192V3: i32 = sys::ecc_curve_id_ECC_PRIME192V3; + pub const PRIME239V1: i32 = sys::ecc_curve_id_ECC_PRIME239V1; + pub const PRIME239V2: i32 = sys::ecc_curve_id_ECC_PRIME239V2; + pub const PRIME239V3: i32 = sys::ecc_curve_id_ECC_PRIME239V3; + pub const SECP256R1: i32 = sys::ecc_curve_id_ECC_SECP256R1; + pub const SECP112R1: i32 = sys::ecc_curve_id_ECC_SECP112R1; + pub const SECP112R2: i32 = sys::ecc_curve_id_ECC_SECP112R2; + pub const SECP128R1: i32 = sys::ecc_curve_id_ECC_SECP128R1; + pub const SECP128R2: i32 = sys::ecc_curve_id_ECC_SECP128R2; + pub const SECP160R1: i32 = sys::ecc_curve_id_ECC_SECP160R1; + pub const SECP160R2: i32 = sys::ecc_curve_id_ECC_SECP160R2; + pub const SECP224R1: i32 = sys::ecc_curve_id_ECC_SECP224R1; + pub const SECP384R1: i32 = sys::ecc_curve_id_ECC_SECP384R1; + pub const SECP521R1: i32 = sys::ecc_curve_id_ECC_SECP521R1; + pub const SECP160K1: i32 = sys::ecc_curve_id_ECC_SECP160K1; + pub const SECP192K1: i32 = sys::ecc_curve_id_ECC_SECP192K1; + pub const SECP224K1: i32 = sys::ecc_curve_id_ECC_SECP224K1; + pub const SECP256K1: i32 = sys::ecc_curve_id_ECC_SECP256K1; + pub const BRAINPOOLP160R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP160R1; + pub const BRAINPOOLP192R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP192R1; + pub const BRAINPOOLP224R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP224R1; + pub const BRAINPOOLP256R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP256R1; + pub const BRAINPOOLP320R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP320R1; + pub const BRAINPOOLP384R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP384R1; + pub const BRAINPOOLP512R1: i32 = sys::ecc_curve_id_ECC_BRAINPOOLP512R1; + #[cfg(ecc_curve_sm2p256v1)] + pub const SM2P256V1: i32 = sys::ecc_curve_id_ECC_SM2P256V1; + #[cfg(ecc_curve_25519)] + pub const X25519: i32 = sys::ecc_curve_id_ECC_X25519; + #[cfg(ecc_curve_448)] + pub const X448: i32 = sys::ecc_curve_id_ECC_X448; + #[cfg(ecc_curve_sakke)] + pub const SAKKE_1: i32 = sys::ecc_curve_id_ECC_SAKKE_1; + #[cfg(ecc_custom_curves)] + pub const CURVE_CUSTOM: i32 = sys::ecc_curve_id_ECC_CURVE_CUSTOM; + pub const CURVE_MAX: i32 = sys::ecc_curve_id_ECC_CURVE_MAX; +} + +impl ECC { + pub const FLAG_NONE: i32 = sys::WC_ECC_FLAG_NONE as i32; + pub const FLAG_COFACTOR: i32 = sys::WC_ECC_FLAG_COFACTOR as i32; + pub const FLAG_DEC_SIGN: i32 = sys::WC_ECC_FLAG_DEC_SIGN as i32; + + /// Generate a new ECC key with the given size. + /// + /// # Parameters + /// + /// * `size`: Desired key length in bytes. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while making the key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// ecc.check().expect("Error with check()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate(size: i32, rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_make_key(&mut rng.wc_rng, size, &mut wc_ecc_key) + }; + if rc != 0 { + unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Generate a new ECC key with the given size and curve. + /// + /// # Parameters + /// + /// * `size`: Desired key length in bytes. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while making the key. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + /// ecc.check().expect("Error with check()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate_ex(size: i32, rng: &mut RNG, curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_make_key_ex(&mut rng.wc_rng, size, &mut wc_ecc_key, curve_id) + }; + if rc != 0 { + unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Generate a new ECC key with the given size, curve, and flags. + /// + /// # Parameters + /// + /// * `size`: Desired key length in bytes. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while making the key. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `flags`: Flags for making the key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex2(curve_size, &mut rng, curve_id, ECC::FLAG_COFACTOR, None, None).expect("Error with generate_ex2()"); + /// ecc.check().expect("Error with check()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate_ex2(size: i32, rng: &mut RNG, curve_id: i32, flags: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_make_key_ex2(&mut rng.wc_rng, size, &mut wc_ecc_key, curve_id, flags) + }; + if rc != 0 { + unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Get the curve size corresponding to the given curve ID. + /// + /// # Parameters + /// + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the curve size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// ecc.check().expect("Error with check()"); + /// } + /// ``` + pub fn get_curve_size_from_id(curve_id: i32) -> Result { + let rc = unsafe { sys::wc_ecc_get_curve_size_from_id(curve_id) }; + if rc < 0 { + return Err(rc); + } + Ok(rc) + } + + /// Import public and private ECC key pair from DER input buffer. + /// + /// # Parameters + /// + /// * `der`: DER buffer containing the ECC public and private key pair. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// use std::fs; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// } + /// ``` + pub fn import_der(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let mut idx = 0u32; + let der_size = der.len() as u32; + let rc = unsafe { + sys::wc_EccPrivateKeyDecode(der.as_ptr(), &mut idx, &mut wc_ecc_key, der_size) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import public ECC key from DER input buffer. + /// + /// # Parameters + /// + /// * `der`: DER buffer containing the ECC public key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// use std::fs; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// assert!(signature_length > 0 && signature_length <= signature.len()); + /// let signature = &mut signature[0..signature_length]; + /// let key_path = "../../../certs/ecc-client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_public_der(&der, None, None).expect("Error with import_public_der()"); + /// } + /// ``` + pub fn import_public_der(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let mut idx = 0u32; + let der_size = der.len() as u32; + let rc = unsafe { + sys::wc_EccPublicKeyDecode(der.as_ptr(), &mut idx, &mut wc_ecc_key, der_size) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import a public/private ECC key pair from a buffer containing the raw + /// private key and a second buffer containing the ANSI X9.63 formatted + /// public key. This function handles both compressed and uncompressed + /// keys as long as wolfSSL is built with the HAVE_COMP_KEY build option + /// enabled. + /// + /// # Parameters + /// + /// * `priv_buf`: Buffer containing the raw private key. + /// * `pub_buf`: Buffer containing the ANSI X9.63 formatted public key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &signature[0..signature_length]; + /// let mut d = [0u8; 32]; + /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); + /// let mut x963 = [0u8; 128]; + /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + /// let x963 = &x963[0..x963_size]; + /// let mut ecc2 = ECC::import_private_key(&d, x963, None, None).expect("Error with import_private_key()"); + /// let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + /// assert_eq!(valid, true); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_private_key(priv_buf: &[u8], pub_buf: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let priv_size = priv_buf.len() as u32; + let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; + let pub_size = pub_buf.len() as u32; + let rc = unsafe { + sys::wc_ecc_import_private_key(priv_buf.as_ptr(), priv_size, + pub_ptr, pub_size, &mut wc_ecc_key) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import a public/private ECC key pair from a buffer containing the raw + /// private key and a second buffer containing the ANSI X9.63 formatted + /// public key. This function handles both compressed and uncompressed + /// keys as long as wolfSSL is built with the HAVE_COMP_KEY build option + /// enabled. This function allows the curve ID to be explicitly specified. + /// + /// # Parameters + /// + /// * `priv_buf`: Buffer containing the raw private key. + /// * `pub_buf`: Buffer containing the ANSI X9.63 formatted public key. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &signature[0..signature_length]; + /// let mut d = [0u8; 32]; + /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); + /// let mut x963 = [0u8; 128]; + /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + /// let x963 = &x963[0..x963_size]; + /// let mut ecc2 = ECC::import_private_key_ex(&d, x963, curve_id, None, None).expect("Error with import_private_key_ex()"); + /// let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + /// assert_eq!(valid, true); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_private_key_ex(priv_buf: &[u8], pub_buf: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let priv_size = priv_buf.len() as u32; + let pub_ptr = if pub_buf.is_empty() {core::ptr::null()} else {pub_buf.as_ptr()}; + let pub_size = pub_buf.len() as u32; + let rc = unsafe { + sys::wc_ecc_import_private_key_ex(priv_buf.as_ptr(), priv_size, + pub_ptr, pub_size, &mut wc_ecc_key, curve_id) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import raw ECC key from components in hexadecimal ASCII string format + /// with curve name specified. + /// + /// # Parameters + /// + /// * `qx`: X component of public key as null terminated ASCII hex string. + /// * `qy`: Y component of public key as null terminated ASCII hex string. + /// * `d`: Private key as null terminated ASCII hex string. + /// * `curve_name`: Null terminated ASCII string containing the curve name. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ecc_import)] + /// { + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; + /// let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; + /// let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; + /// ECC::import_raw(qx, qy, d, b"SECP256R1\0", None, None).expect("Error with import_raw()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_raw(qx: &[u8], qy: &[u8], d: &[u8], curve_name: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let qx_ptr = qx.as_ptr() as *const core::ffi::c_char; + let qy_ptr = qy.as_ptr() as *const core::ffi::c_char; + let d_ptr = d.as_ptr() as *const core::ffi::c_char; + let curve_name_ptr = curve_name.as_ptr() as *const core::ffi::c_char; + let rc = unsafe { + sys::wc_ecc_import_raw(&mut wc_ecc_key, qx_ptr, qy_ptr, d_ptr, + curve_name_ptr) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import raw ECC key from components in hexadecimal ASCII string format + /// with curve ID specified. + /// + /// # Parameters + /// + /// * `qx`: X component of public key as null terminated ASCII hex string. + /// * `qy`: Y component of public key as null terminated ASCII hex string. + /// * `d`: Private key as null terminated ASCII hex string. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ecc_import)] + /// { + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; + /// let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; + /// let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; + /// ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_raw_ex(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let qx_ptr = qx.as_ptr() as *const core::ffi::c_char; + let qy_ptr = qy.as_ptr() as *const core::ffi::c_char; + let d_ptr = d.as_ptr() as *const core::ffi::c_char; + let rc = unsafe { + sys::wc_ecc_import_raw_ex(&mut wc_ecc_key, qx_ptr, qy_ptr, d_ptr, + curve_id) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import raw ECC key from components in binary unsigned integer format + /// with curve ID specified. + /// + /// # Parameters + /// + /// * `qx`: X component of public key in binary unsigned integer format. + /// * `qy`: Y component of public key in binary unsigned integer format. + /// * `d`: Private key in binary unsigned integer format. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + /// let mut qx = [0u8; 32]; + /// let mut qx_len = 0u32; + /// let mut qy = [0u8; 32]; + /// let mut qy_len = 0u32; + /// let mut d = [0u8; 32]; + /// let mut d_len = 0u32; + /// ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); + /// let mut ecc2 = ECC::import_unsigned(&qx, &qy, &d, curve_id, None, None).expect("Error with import_unsigned()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_unsigned(qx: &[u8], qy: &[u8], d: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_import_unsigned(&mut wc_ecc_key, qx.as_ptr(), qy.as_ptr(), + d.as_ptr(), curve_id) + }; + if rc != 0 { + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import a public ECC key from the given buffer containing the key stored + /// in ANSI X9.63 format. This function handles both compressed and + /// uncompressed keys, as long as compressed keys are enabled at compile + /// time with the HAVE_COMP_KEY build option. + /// + /// # Parameters + /// + /// * `din`: Buffer containing the ECC key encoded in ANSI X9.63 format. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut x963 = [0u8; 128]; + /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + /// let x963 = &x963[0..x963_size]; + /// let _ecc2 = ECC::import_x963(x963, None, None).expect("Error with import_x963()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_x963(din: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let din_size = din.len() as u32; + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_import_x963(din.as_ptr(), din_size, &mut wc_ecc_key) + }; + if rc != 0 { + unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Import a public ECC key from the given buffer containing the key stored + /// in ANSI X9.63 format. This function handles both compressed and + /// uncompressed keys, as long as compressed keys are enabled at compile + /// time with the HAVE_COMP_KEY build option. + /// + /// This function allows specifying the ECC curve ID to use. + /// + /// # Parameters + /// + /// * `din`: Buffer containing the ECC key encoded in ANSI X9.63 format. + /// * `curve_id`: Curve ID, e.g. ECC::SECP256R1. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let curve_id = ECC::SECP256R1; + /// let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + /// let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + /// let mut x963 = [0u8; 128]; + /// let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + /// let x963 = &x963[0..x963_size]; + /// let _ecc2 = ECC::import_x963_ex(x963, curve_id, None, None).expect("Error with import_x963_ex()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn import_x963_ex(din: &[u8], curve_id: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let din_size = din.len() as u32; + let mut wc_ecc_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ecc_init_ex(wc_ecc_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_ecc_key = unsafe { wc_ecc_key.assume_init() }; + let rc = unsafe { + sys::wc_ecc_import_x963_ex(din.as_ptr(), din_size, &mut wc_ecc_key, curve_id) + }; + if rc != 0 { + unsafe { sys::wc_ecc_free(&mut wc_ecc_key); } + return Err(rc); + } + let ecc = ECC { wc_ecc_key }; + Ok(ecc) + } + + /// Convert the R and S portions (as hexadecimal ASCII strings) of an ECC + /// signature into a DER-encoded ECDSA signature. + /// + /// # Parameters + /// + /// * `r`: R component of ECC signature as a null-terminated hexadecimal + /// ASCII string. + /// * `s`: S component of ECC signature as a null-terminated hexadecimal + /// ASCII string. + /// * `dout`: Buffer in which to store the output ECDSA signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// fn bytes_to_asciiz_hex_string(bytes: &[u8]) -> String { + /// let mut hex_string = String::with_capacity(bytes.len() * 2 + 1); + /// for byte in bytes { + /// hex_string.push_str(&format!("{:02X}", byte)); + /// } + /// hex_string.push('\0'); + /// hex_string + /// } + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &mut signature[0..signature_length]; + /// let mut r = [0u8; 32]; + /// let mut r_size = 0u32; + /// let mut s = [0u8; 32]; + /// let mut s_size = 0u32; + /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); + /// let r = &r[0..r_size as usize]; + /// let s = &s[0..s_size as usize]; + /// let r_hex_string = bytes_to_asciiz_hex_string(r); + /// let s_hex_string = bytes_to_asciiz_hex_string(s); + /// let mut sig_out = [0u8; 128]; + /// let sig_out_size = ECC::rs_hex_to_sig(&r_hex_string[0..r_hex_string.len()].as_bytes(), &s_hex_string[0..s_hex_string.len()].as_bytes(), &mut sig_out).expect("Error with rs_hex_to_sig()"); + /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); + /// } + /// ``` + pub fn rs_hex_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { + let mut dout_size = dout.len() as u32; + let r_ptr = r.as_ptr() as *const core::ffi::c_char; + let s_ptr = s.as_ptr() as *const core::ffi::c_char; + let rc = unsafe { + sys::wc_ecc_rs_to_sig(r_ptr, s_ptr, dout.as_mut_ptr(), + &mut dout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Convert the R and S portions (as binary unsigned integers) of an ECC + /// signature into a DER-encoded ECDSA signature. + /// + /// # Parameters + /// + /// * `r`: R component of ECC signature as a binary unsigned integer. + /// * `s`: S component of ECC signature as a binary unsigned integer. + /// * `dout`: Buffer in which to store the output ECDSA signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &mut signature[0..signature_length]; + /// let mut r = [0u8; 32]; + /// let mut r_size = 0u32; + /// let mut s = [0u8; 32]; + /// let mut s_size = 0u32; + /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); + /// let r = &r[0..r_size as usize]; + /// let s = &s[0..s_size as usize]; + /// let mut sig_out = [0u8; 128]; + /// let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); + /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); + /// } + /// ``` + pub fn rs_bin_to_sig(r: &[u8], s: &[u8], dout: &mut [u8]) -> Result { + let r_size = r.len() as u32; + let s_size = s.len() as u32; + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_rs_raw_to_sig(r.as_ptr(), r_size, s.as_ptr(), s_size, + dout.as_mut_ptr(), &mut dout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Convert ECDSA signature to R and S components. + /// + /// # Parameters + /// + /// * `sig`: ECDSA signature. + /// * `r`: Output buffer for R component. + /// * `r_size`: Number of bytes written to `r` buffer. + /// * `s`: Output buffer for S component. + /// * `s_size`: Number of bytes written to `s` buffer. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &mut signature[0..signature_length]; + /// let mut r = [0u8; 32]; + /// let mut r_size = 0u32; + /// let mut s = [0u8; 32]; + /// let mut s_size = 0u32; + /// ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); + /// let r = &r[0..r_size as usize]; + /// let s = &s[0..s_size as usize]; + /// let mut sig_out = [0u8; 128]; + /// let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); + /// assert_eq!(*signature, *&sig_out[0..sig_out_size]); + /// } + /// ``` + pub fn sig_to_rs(sig: &[u8], r: &mut [u8], r_size: &mut u32, s: &mut [u8], s_size: &mut u32) -> Result<(), i32> { + let sig_len = sig.len() as u32; + *r_size = r.len() as u32; + *s_size = s.len() as u32; + let rc = unsafe { + sys::wc_ecc_sig_to_rs(sig.as_ptr(), sig_len, + r.as_mut_ptr(), r_size, s.as_mut_ptr(), s_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Perform basic sanity checks on the ECC key. + /// + /// # Returns + /// + /// Returns either Ok(ECC) containing the ECC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// ecc.check().expect("Error with check()"); + /// } + /// ``` + pub fn check(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_ecc_check_key(&mut self.wc_ecc_key) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export ECC key components in binary unsigned integer format. + /// + /// # Parameters + /// + /// * `qx`: Buffer in which to store public X component. + /// * `qx_len`: Output parameter storing number of bytes written to `qx`. + /// * `qy`: Buffer in which to store public Y component. + /// * `qy_len`: Output parameter storing number of bytes written to `qy`. + /// * `d`: Buffer in which to store private component. + /// * `d_len`: Output parameter storing number of bytes written to `d`. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut qx = [0u8; 32]; + /// let mut qx_len = 0u32; + /// let mut qy = [0u8; 32]; + /// let mut qy_len = 0u32; + /// let mut d = [0u8; 32]; + /// let mut d_len = 0u32; + /// ecc.export(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len).expect("Error with export()"); + /// } + /// ``` + #[cfg(ecc_import)] + pub fn export(&mut self, qx: &mut [u8], qx_len: &mut u32, + qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32) -> Result<(), i32> { + *qx_len = qx.len() as u32; + *qy_len = qy.len() as u32; + *d_len = d.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_private_raw(&mut self.wc_ecc_key, + qx.as_mut_ptr(), qx_len, + qy.as_mut_ptr(), qy_len, + d.as_mut_ptr(), d_len) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export ECC key components as either ASCII hexadecimal strings or + /// in binary unsigned integer format. + /// + /// # Parameters + /// + /// * `qx`: Buffer in which to store public X component. + /// * `qx_len`: Output parameter storing number of bytes written to `qx`. + /// * `qy`: Buffer in which to store public Y component. + /// * `qy_len`: Output parameter storing number of bytes written to `qy`. + /// * `d`: Buffer in which to store private component. + /// * `d_len`: Output parameter storing number of bytes written to `d`. + /// * `hex`: true to output in ASCII hexadecimal string, false to output + /// as binary data. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_import, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut qx = [0u8; 32]; + /// let mut qx_len = 0u32; + /// let mut qy = [0u8; 32]; + /// let mut qy_len = 0u32; + /// let mut d = [0u8; 32]; + /// let mut d_len = 0u32; + /// ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); + /// } + /// ``` + #[cfg(ecc_import)] + #[allow(clippy::too_many_arguments)] + pub fn export_ex(&mut self, qx: &mut [u8], qx_len: &mut u32, + qy: &mut [u8], qy_len: &mut u32, d: &mut [u8], d_len: &mut u32, + hex: bool) -> Result<(), i32> { + *qx_len = qx.len() as u32; + *qy_len = qy.len() as u32; + *d_len = d.len() as u32; + let enc_type = + if hex { + sys::WC_TYPE_HEX_STR as i32 + } else { + sys::WC_TYPE_UNSIGNED_BIN as i32 + }; + let rc = unsafe { + sys::wc_ecc_export_ex(&mut self.wc_ecc_key, + qx.as_mut_ptr(), qx_len, + qy.as_mut_ptr(), qy_len, + d.as_mut_ptr(), d_len, + enc_type) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private component from ECC key in binary unsigned integer form. + /// + /// # Parameters + /// + /// * `d`: Buffer in which to store private component. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to `d` + /// or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut d = [0u8; 32]; + /// let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); + /// assert_eq!(d_size, 32); + /// } + /// ``` + #[cfg(ecc_export)] + pub fn export_private(&mut self, d: &mut [u8]) -> Result { + let mut d_size = d.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_private_only(&mut self.wc_ecc_key, + d.as_mut_ptr(), &mut d_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(d_size as usize) + } + + /// Export public ECC key components in binary unsigned integer format. + /// + /// # Parameters + /// + /// * `qx`: Buffer in which to store public X component. + /// * `qx_len`: Output parameter storing number of bytes written to `qx`. + /// * `qy`: Buffer in which to store public Y component. + /// * `qy_len`: Output parameter storing number of bytes written to `qy`. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut qx = [0u8; 32]; + /// let mut qx_len = 0u32; + /// let mut qy = [0u8; 32]; + /// let mut qy_len = 0u32; + /// ecc.export_public(&mut qx, &mut qx_len, &mut qy, &mut qy_len).expect("Error with export_public()"); + /// } + /// ``` + #[cfg(ecc_export)] + pub fn export_public(&mut self, qx: &mut [u8], qx_len: &mut u32, + qy: &mut [u8], qy_len: &mut u32) -> Result<(), i32> { + *qx_len = qx.len() as u32; + *qy_len = qy.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_public_raw(&mut self.wc_ecc_key, + qx.as_mut_ptr(), qx_len, + qy.as_mut_ptr(), qy_len) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public key in ANSI X9.63 format. + /// + /// # Parameters + /// + /// * `dout`: Buffer to contain the output. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut x963 = [0u8; 128]; + /// let _x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + /// } + /// ``` + #[cfg(ecc_export)] + pub fn export_x963(&mut self, dout: &mut [u8]) -> Result { + let mut out_len: u32 = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_x963(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) + }; + if rc != 0 { + return Err(rc); + } + Ok(out_len as usize) + } + + /// Export public key in ANSI X9.63 compressed format. + /// + /// # Parameters + /// + /// * `dout`: Buffer to contain the output. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_export, ecc_comp_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut x963 = [0u8; 128]; + /// let _x963_size = ecc.export_x963_compressed(&mut x963).expect("Error with export_x963_compressed()"); + /// } + /// ``` + #[cfg(all(ecc_export, ecc_comp_key))] + pub fn export_x963_compressed(&mut self, dout: &mut [u8]) -> Result { + let mut out_len: u32 = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_export_x963_ex(&mut self.wc_ecc_key, dout.as_mut_ptr(), &mut out_len, 1) + }; + if rc != 0 { + return Err(rc); + } + Ok(out_len as usize) + } + + /// Compute the public component from this key private component. + /// + /// # Parameters + /// + /// * `rng`: RNG struct used to blind the private key value used in the + /// computation. + /// + /// # Returns + /// + /// Returns either Ok(()) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// ecc.make_pub(Some(&mut rng)).expect("Error with make_pub()"); + /// } + /// ``` + #[cfg(random)] + pub fn make_pub(&mut self, rng: Option<&mut RNG>) -> Result<(), i32> { + let rng_ptr = match rng { + Some(rng) => &mut rng.wc_rng, + None => core::ptr::null_mut(), + }; + let rc = unsafe { + sys::wc_ecc_make_pub_ex(&mut self.wc_ecc_key, core::ptr::null_mut(), rng_ptr) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the public component from this key private component. + /// + /// # Parameters + /// + /// * `rng`: RNG struct used to blind the private key value used in the + /// computation. + /// * `heap`: Optional heap hint. + /// + /// # Returns + /// + /// Returns either Ok(ECCPoint) containing the public component ECCPoint + /// or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let key_path = "../../../certs/ecc-client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + /// ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + /// } + /// ``` + #[cfg(random)] + pub fn make_pub_to_point(&mut self, rng: Option<&mut RNG>, heap: Option<*mut core::ffi::c_void>) -> Result { + let rng_ptr = match rng { + Some(rng) => &mut rng.wc_rng, + None => core::ptr::null_mut(), + }; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let wc_ecc_point = unsafe { sys::wc_ecc_new_point_h(heap) }; + if wc_ecc_point.is_null() { + return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); + } + let ecc_point = ECCPoint { wc_ecc_point, heap }; + let rc = unsafe { + sys::wc_ecc_make_pub_ex(&mut self.wc_ecc_key, wc_ecc_point, rng_ptr) + }; + if rc != 0 { + return Err(rc); + } + Ok(ecc_point) + } + + /// Associates a `RNG` instance with this `ECC` instance. + /// + /// This is necessary when wolfSSL is built with the `ECC_TIMING_RESISTANT` + /// build option enabled. + /// + /// # Parameters + /// + /// * `rng`: The `RNG` struct instance to associate with this `ECC` + /// instance. The `RNG` struct should not be moved in memory after + /// calling this method. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// ecc.set_rng(&mut rng).expect("Error with set_rng()"); + /// } + /// ``` + #[cfg(random)] + pub fn set_rng(&mut self, rng: &mut RNG) -> Result<(), i32> { + let rc = unsafe { + sys::wc_ecc_set_rng(&mut self.wc_ecc_key, &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the ECDH shared secret using this key's private component + /// and the peer public key. + /// + /// # Parameters + /// + /// * `peer`: `ECC` public key. + /// * `dout`: Buffer in which to store the computed secret value. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_dh, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut ss0 = [0u8; 128]; + /// let mut ss1 = [0u8; 128]; + /// ecc0.set_rng(&mut rng).expect("Error with set_rng()"); + /// ecc1.set_rng(&mut rng).expect("Error with set_rng()"); + /// let ss0_size = ecc0.shared_secret(&mut ecc1, &mut ss0).expect("Error with shared_secret()"); + /// let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); + /// assert_eq!(ss0_size, ss1_size); + /// let ss0 = &ss0[0..ss0_size]; + /// let ss1 = &ss1[0..ss1_size]; + /// assert_eq!(*ss0, *ss1); + /// } + /// ``` + #[cfg(ecc_dh)] + pub fn shared_secret(&mut self, peer_key: &mut ECC, dout: &mut [u8]) -> Result { + let mut out_len = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_shared_secret(&mut self.wc_ecc_key, + &mut peer_key.wc_ecc_key, dout.as_mut_ptr(), &mut out_len) + }; + if rc < 0 { + return Err(rc); + } + Ok(out_len as usize) + } + + /// Compute the ECDH shared secret using this key's private component + /// and the peer public point. + /// + /// # Parameters + /// + /// * `peer`: `ECCPoint` struct holding the public components of the peer + /// ECC key. + /// * `dout`: Buffer in which to store the computed secret value. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_dh, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let ecc1_point = ecc1.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); + /// let mut ss0 = [0u8; 128]; + /// let mut ss1 = [0u8; 128]; + /// ecc0.set_rng(&mut rng).expect("Error with set_rng()"); + /// ecc1.set_rng(&mut rng).expect("Error with set_rng()"); + /// let ss0_size = ecc0.shared_secret_ex(&ecc1_point, &mut ss0).expect("Error with shared_secret_ex()"); + /// let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); + /// assert_eq!(ss0_size, ss1_size); + /// let ss0 = &ss0[0..ss0_size]; + /// let ss1 = &ss1[0..ss1_size]; + /// assert_eq!(*ss0, *ss1); + /// } + /// ``` + #[cfg(ecc_dh)] + pub fn shared_secret_ex(&mut self, peer: &ECCPoint, dout: &mut [u8]) -> Result { + let mut out_len = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_shared_secret_ex(&mut self.wc_ecc_key, + peer.wc_ecc_point, dout.as_mut_ptr(), &mut out_len) + }; + if rc != 0 { + return Err(rc); + } + Ok(out_len as usize) + } + + /// Sign a message digest using the ECC key. + /// + /// # Parameters + /// + /// * `din`: Message digest to sign. + /// * `dout`: Buffer in which to store the signature. + /// * `rng`: RNG struct to use for random number generation during signing. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `dout` or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_sign, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &mut signature[0..signature_length]; + /// let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + /// assert_eq!(valid, true); + /// } + /// ``` + #[cfg(all(ecc_sign, random))] + pub fn sign_hash(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { + let din_size = din.len() as u32; + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_ecc_sign_hash(din.as_ptr(), din_size, dout.as_mut_ptr(), + &mut dout_size, &mut rng.wc_rng, &mut self.wc_ecc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Verify the ECC signature of a hash. + /// + /// # Parameters + /// + /// * `sig`: ECC signature. + /// * `hash`: Message digest. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing a flag for whether the signature is + /// valid or Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(ecc_verify, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ecc::ECC; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + /// let hash = [0x42u8; 32]; + /// let mut signature = [0u8; 128]; + /// let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + /// let signature = &mut signature[0..signature_length]; + /// let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + /// assert_eq!(valid, true); + /// } + /// ``` + #[cfg(ecc_verify)] + pub fn verify_hash(&mut self, sig: &[u8], hash: &[u8]) -> Result { + let mut res: i32 = 0; + let sig_len = sig.len() as u32; + let hash_len = hash.len() as u32; + let rc = unsafe { + sys::wc_ecc_verify_hash(sig.as_ptr(), sig_len, + hash.as_ptr(), hash_len, &mut res, &mut self.wc_ecc_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(res != 0) + } +} + +impl Drop for ECC { + /// Safely free the underlying wolfSSL ECC context. + /// + /// This calls the `wc_ecc_key_free()` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the ECC + /// struct goes out of scope, automatically cleaning up resources and + /// preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_ecc_free(&mut self.wc_ecc_key); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed25519.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1411 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's EdDSA Curve +25519 (Ed25519) functionality. +*/ + +#![cfg(ed25519)] + +use crate::sys; +use crate::random::RNG; +use core::mem::MaybeUninit; + +/// The `Ed25519` struct manages the lifecycle of a wolfSSL `ed25519_key` +/// object. +/// +/// It ensures proper initialization and deallocation. +/// +/// An instance can be created with `generate()` or `new()`. +pub struct Ed25519 { + ws_key: sys::ed25519_key, +} + +impl Ed25519 { + /** Size of private key only. */ + pub const KEY_SIZE: usize = sys::ED25519_KEY_SIZE as usize; + /** Size of signature. */ + pub const SIG_SIZE: usize = sys::ED25519_SIG_SIZE as usize; + /** Compressed public key size. */ + pub const PUB_KEY_SIZE: usize = sys::ED25519_PUB_KEY_SIZE as usize; + /** Size of both private and public key. */ + pub const PRV_KEY_SIZE: usize = sys::ED25519_PRV_KEY_SIZE as usize; + + pub const ED25519: u8 = sys::Ed25519 as u8; + pub const ED25519CTX: u8 = sys::Ed25519ctx as u8; + pub const ED25519PH: u8 = sys::Ed25519ph as u8; + + /// Generate a new Ed25519 key. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(ed25519) containing the Ed25519 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// ``` + pub fn generate(rng: &mut RNG) -> Result { + Self::generate_ex(rng, None, None) + } + + /// Generate a new Ed25519 key with optional heap and device ID. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance to use for random number generation. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ed25519) containing the Ed25519 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate_ex(&mut rng, None, None).expect("Error with generate_ex()"); + /// ``` + pub fn generate_ex(rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ed25519_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + let mut ed25519 = Ed25519 { ws_key }; + let rc = unsafe { + sys::wc_ed25519_make_key(&mut rng.wc_rng, + sys::ED25519_KEY_SIZE as i32, &mut ed25519.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(ed25519) + } + + /// Create and initialize a new Ed25519 instance. + /// + /// A key will not be present but can be imported with one of the import + /// functions. + /// + /// # Returns + /// + /// Returns either Ok(ed25519) containing the Ed25519 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let ed = Ed25519::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create and initialize a new Ed25519 instance with optional heap and + /// device ID. + /// + /// A key will not be present but can be imported with one of the import + /// functions. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ed25519) containing the Ed25519 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let ed = Ed25519::new_ex(None, None).expect("Error with new()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ed25519_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + let ed25519 = Ed25519 { ws_key }; + Ok(ed25519) + } + + /// Check the public key is valid. + /// + /// When a private key is present, check that the calculated public key + /// matches it. When a private key is not present, check that Y is in range + /// and an X is able to be calculated. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// ed.check_key().expect("Error with check_key()"); + /// ``` + pub fn check_key(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_ed25519_check_key(&mut self.ws_key) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private and public key to separate buffers. + /// + /// # Parameters + /// + /// * `private`: Output buffer in which to store the public/private key + /// pair. The length should be PRV_KEY_SIZE. + /// * `public`: Output buffer in which to store the public key. The length + /// should be PUB_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// } + /// ``` + #[cfg(ed25519_export)] + pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed25519_export_key(&self.ws_key, + private.as_mut_ptr(), &mut private_size, + public.as_mut_ptr(), &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public key to buffer. + /// + /// # Parameters + /// + /// * `public`: Output buffer in which to store the public key. The length + /// should be PUB_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `public` on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_public(&mut public).expect("Error with export_public()"); + /// } + /// ``` + #[cfg(ed25519_export)] + pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed25519_export_public(&self.ws_key, public.as_mut_ptr(), + &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public/private key pair to buffer. + /// + /// # Parameters + /// + /// * `keyout`: Output buffer in which to store the key pair. The length + /// should be PRV_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `keyout` on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// ed.export_private(&mut private).expect("Error with export_private()"); + /// } + /// ``` + #[cfg(ed25519_export)] + pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { + let mut keyout_size = keyout.len() as u32; + let rc = unsafe { + sys::wc_ed25519_export_private(&self.ws_key, keyout.as_mut_ptr(), + &mut keyout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private key only to buffer. + /// + /// # Parameters + /// + /// * `private`: Output buffer in which to store the private key. The + /// length should be KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// `private` on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private_only = [0u8; Ed25519::KEY_SIZE]; + /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + /// } + /// ``` + #[cfg(ed25519_export)] + pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let rc = unsafe { + sys::wc_ed25519_export_private_only(&self.ws_key, + private.as_mut_ptr(), &mut private_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a public Ed25519 key from buffer. + /// + /// This function handles either compressed or uncompressed keys. + /// The public key is checked that it matches the private key if one is + /// already present. + /// + /// # Parameters + /// + /// * `public`: Input buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_public(&public).expect("Error with import_public()"); + /// } + /// ``` + #[cfg(ed25519_import)] + pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed25519_import_public(public.as_ptr(), public_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a public Ed25519 key from buffer with trusted flag. + /// + /// This function handles either compressed or uncompressed keys. + /// The public key is checked that it matches the private key if one is + /// already present and trusted is false. + /// + /// # Parameters + /// + /// * `public`: Input buffer containing public key. + /// * `trusted`: Whether the public key buffer is trusted. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); + /// } + /// ``` + #[cfg(ed25519_import)] + pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed25519_import_public_ex(public.as_ptr(), public_size, + &mut self.ws_key, if trusted {1} else {0}) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import private Ed25519 key only from buffer. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private_only = [0u8; Ed25519::KEY_SIZE]; + /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_private_only(&private_only).expect("Error with import_private_only()"); + /// } + /// ``` + #[cfg(ed25519_import)] + pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_ed25519_import_private_only(private.as_ptr(), private_size, + &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import public/private Ed25519 key pair from buffers. + /// + /// This functions handles either compressed or uncompressed keys. + /// The public key is assumed to be untrusted and is checked against the + /// private key. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// * `public`: Optional input buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_private_key(&private, Some(&public)).expect("Error with import_private_key()"); + /// } + /// ``` + #[cfg(ed25519_import)] + pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { + let private_size = private.len() as u32; + let mut public_ptr: *const u8 = core::ptr::null(); + let mut public_size = 0u32; + if let Some(public) = public { + public_ptr = public.as_ptr(); + public_size = public.len() as u32; + } + let rc = unsafe { + sys::wc_ed25519_import_private_key(private.as_ptr(), private_size, + public_ptr, public_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import public/private Ed25519 key pair from buffers with trusted flag. + /// + /// This functions handles either compressed or uncompressed keys. + /// The public is checked against private key if not trusted. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// * `public`: Optional input buffer containing private key. + /// * `trusted`: Whether the public key buffer is trusted. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); + /// } + /// ``` + #[cfg(ed25519_import)] + pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { + let private_size = private.len() as u32; + let mut public_ptr: *const u8 = core::ptr::null(); + let mut public_size = 0u32; + if let Some(public) = public { + public_ptr = public.as_ptr(); + public_size = public.len() as u32; + } + let rc = unsafe { + sys::wc_ed25519_import_private_key_ex(private.as_ptr(), private_size, + public_ptr, public_size, &mut self.ws_key, if trusted {1} else {0}) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate the Ed25519 public key from the private key stored in the + /// Ed25519 object. + /// + /// The public key is written to the pubkey output buffer. + /// + /// # Parameters + /// + /// * `pubkey`: Output buffer in which to store the public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed25519::KEY_SIZE]; + /// ed.export_private_only(&mut private).expect("Error with export_private_only()"); + /// let mut ed = Ed25519::new().expect("Error with new()"); + /// ed.import_private_only(&private).expect("Error with import_private_only()"); + /// let mut public = [0u8; Ed25519::KEY_SIZE]; + /// ed.make_public(&mut public).expect("Error with make_public()"); + /// ``` + pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { + let pubkey_size = pubkey.len() as u32; + let rc = unsafe { + sys::wc_ed25519_make_public(&mut self.ws_key, + pubkey.as_mut_ptr(), pubkey_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Sign a message using Ed25519 key. + /// + /// # Parameters + /// + /// * `message`: Message to sign. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + /// } + /// ``` + #[cfg(ed25519_sign)] + pub fn sign_msg(&mut self, message: &[u8], signature: &mut [u8]) -> Result { + let message_size = message.len() as u32; + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed25519_sign_msg(message.as_ptr(), message_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign a message with context using Ed25519 key. + /// + /// The context is part of the data signed. + /// + /// # Parameters + /// + /// * `message`: Message to sign. + /// * `context`: Buffer containing context for which message is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ctx(&message, context, &mut signature).expect("Error with sign_msg_ctx()"); + /// } + /// ``` + #[cfg(ed25519_sign)] + pub fn sign_msg_ctx(&mut self, message: &[u8], context: &[u8], signature: &mut [u8]) -> Result { + let message_size = message.len() as u32; + let context_size = context.len() as u8; + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed25519ctx_sign_msg(message.as_ptr(), message_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context.as_ptr(), context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign a message digest with context using Ed25519 key. + /// + /// The context is part of the data signed. + /// The message is pre-hashed before signature calculation. + /// + /// # Parameters + /// + /// * `hash`: Message digest to sign. + /// * `context`: Optional buffer containing context for which hash is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let hash = [ + /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + /// ]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); + /// } + /// ``` + #[cfg(ed25519_sign)] + pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { + let hash_size = hash.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed25519ph_sign_hash(hash.as_ptr(), hash_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign a message with context using Ed25519 key. + /// + /// The context is part of the data signed. + /// The message is pre-hashed before signature calculation. + /// + /// # Parameters + /// + /// * `message`: Message digest to sign. + /// * `context`: Optional buffer containing context for which message is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); + /// } + /// ``` + #[cfg(ed25519_sign)] + pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed25519ph_sign_msg(message.as_ptr(), message_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign input data with optional context using Ed25519 key. + /// + /// If provided, the context is part of the data signed. + /// + /// # Parameters + /// + /// * `din`: Data to sign. + /// * `context`: Optional buffer containing context for which `din` is being signed. + /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ex(&message, Some(context), Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); + /// } + /// ``` + #[cfg(ed25519_sign)] + pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { + let din_size = din.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed25519_sign_msg_ex(din.as_ptr(), din_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + typ, context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Verify the Ed25519 signature of a message to ensure authenticity. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `message`: Message to verify the signature of. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + /// let signature_valid = ed.verify_msg(&signature, &message).expect("Error with verify_msg()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_verify)] + pub fn verify_msg(&mut self, signature: &[u8], message: &[u8]) -> Result { + let signature_size = signature.len() as u32; + let message_size = message.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519_verify_msg(signature.as_ptr(), signature_size, + message.as_ptr(), message_size, &mut res, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed25519 signature of a message and context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `message`: Message to verify the signature of. + /// * `context`: Buffer containing context for which the message was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = b"Hello!"; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ctx(message, context, &mut signature).expect("Error with sign_msg()"); + /// let signature_valid = ed.verify_msg_ctx(&signature, message, context).expect("Error with verify_msg_ctx()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_verify)] + pub fn verify_msg_ctx(&mut self, signature: &[u8], message: &[u8], context: &[u8]) -> Result { + let signature_size = signature.len() as u32; + let message_size = message.len() as u32; + let context_size = context.len() as u8; + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519ctx_verify_msg(signature.as_ptr(), signature_size, + message.as_ptr(), message_size, &mut res, &mut self.ws_key, + context.as_ptr(), context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed25519 signature of a message digest and context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// The hash algorithm used to create message digest must be SHA-512. + /// The message is pre-hashed before verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `hash`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the hash was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let hash = [ + /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + /// ]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); + /// let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(context)).expect("Error with verify_hash_ph()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_verify)] + pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { + let signature_size = signature.len() as u32; + let hash_size = hash.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519ph_verify_hash(signature.as_ptr(), signature_size, + hash.as_ptr(), hash_size, &mut res, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed25519 signature of a message and context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// The message is pre-hashed before verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `message`: Message to verify the signature of. + /// * `context`: Option buffer containing context for which the message was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); + /// let signature_valid = ed.verify_msg_ph(&signature, &message, Some(context)).expect("Error with verify_msg_ph()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_verify)] + pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { + let signature_size = signature.len() as u32; + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519ph_verify_msg(signature.as_ptr(), signature_size, + message.as_ptr(), message_size, &mut res, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed25519 signature of a message and context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `din`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the input data was signed. + /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg_ex(&message, Some(context), Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); + /// let signature_valid = ed.verify_msg_ex(&signature, &message, Some(context), Ed25519::ED25519).expect("Error with verify_msg_ex()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_verify)] + pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { + let signature_size = signature.len() as u32; + let din_size = din.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519_verify_msg_ex(signature.as_ptr(), signature_size, + din.as_ptr(), din_size, &mut res, &mut self.ws_key, typ, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Initialize Ed25519 key to perform streaming verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `context`: Optional buffer containing context for which the input data was signed. + /// * `typ`: One of `Ed25519::ED25519`, `Ed25519::ED25519CTX`, or `Ed25519::ED25519PH`. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_streaming_verify)] + pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { + let signature_size = signature.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let rc = unsafe { + sys::wc_ed25519_verify_msg_init(signature.as_ptr(), signature_size, + &mut self.ws_key, typ, context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add input data to Ed25519 streaming verification. + /// + /// # Parameters + /// + /// * `din`: Segment of message to verify the signature of. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_streaming_verify)] + pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { + let din_size = din.len() as u32; + let rc = unsafe { + sys::wc_ed25519_verify_msg_update(din.as_ptr(), din_size, + &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize Ed25519 streaming verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed25519_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let mut signature = [0u8; Ed25519::SIG_SIZE]; + /// ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed25519_streaming_verify)] + pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { + let signature_size = signature.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed25519_verify_msg_final(signature.as_ptr(), signature_size, + &mut res, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Get the size of an Ed25519 key (32 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let key_size = ed.size().expect("Error with size()"); + /// assert_eq!(key_size, Ed25519::KEY_SIZE); + /// ``` + pub fn size(&self) -> Result { + let rc = unsafe { sys::wc_ed25519_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a private (including public) Ed25519 key (64 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let priv_size = ed.priv_size().expect("Error with priv_size()"); + /// assert_eq!(priv_size, Ed25519::PRV_KEY_SIZE); + /// ``` + pub fn priv_size(&self) -> Result { + let rc = unsafe { sys::wc_ed25519_priv_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a public Ed25519 key (32 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let pub_size = ed.pub_size().expect("Error with pub_size()"); + /// assert_eq!(pub_size, Ed25519::PUB_KEY_SIZE); + /// ``` + pub fn pub_size(&self) -> Result { + let rc = unsafe { sys::wc_ed25519_pub_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a Ed25519 signature (64 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed25519::Ed25519; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + /// let sig_size = ed.sig_size().expect("Error with sig_size()"); + /// assert_eq!(sig_size, Ed25519::SIG_SIZE); + /// ``` + pub fn sig_size(&self) -> Result { + let rc = unsafe { sys::wc_ed25519_sig_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } +} + +impl Drop for Ed25519 { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_ed25519_free(&mut self.ws_key); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/ed448.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1336 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's EdDSA Curve +448 (Ed448) functionality. +*/ + +#![cfg(ed448)] + +use crate::sys; +use crate::random::RNG; +use core::mem::MaybeUninit; + +/// The `Ed448` struct manages the lifecycle of a wolfSSL `ed448_key` +/// object. +/// +/// It ensures proper initialization and deallocation. +/// +/// An instance can be created with `generate()` or `new()`. +pub struct Ed448 { + ws_key: sys::ed448_key, +} + +impl Ed448 { + /** Size of private key only. */ + pub const KEY_SIZE: usize = sys::ED448_KEY_SIZE as usize; + /** Size of signature. */ + pub const SIG_SIZE: usize = sys::ED448_SIG_SIZE as usize; + /** Compressed public key size. */ + pub const PUB_KEY_SIZE: usize = sys::ED448_PUB_KEY_SIZE as usize; + /** Size of both private and public key. */ + pub const PRV_KEY_SIZE: usize = sys::ED448_PRV_KEY_SIZE as usize; + + pub const ED448: u8 = sys::Ed448 as u8; + pub const ED448PH: u8 = sys::Ed448ph as u8; + + /// Generate a new Ed448 key. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(ed448) containing the Ed448 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// ``` + pub fn generate(rng: &mut RNG) -> Result { + Self::generate_ex(rng, None, None) + } + + /// Generate a new Ed448 key with optional heap and device ID. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance to use for random number generation. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ed448) containing the Ed448 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate_ex(&mut rng, None, None).expect("Error with generate_ex()"); + /// ``` + pub fn generate_ex(rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ed448_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + let mut ed448 = Ed448 { ws_key }; + let rc = unsafe { + sys::wc_ed448_make_key(&mut rng.wc_rng, + sys::ED448_KEY_SIZE as i32, &mut ed448.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(ed448) + } + + /// Create and initialize a new Ed448 instance. + /// + /// A key will not be present but can be imported with one of the import + /// functions. + /// + /// # Returns + /// + /// Returns either Ok(ed448) containing the Ed448 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let ed = Ed448::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create and initialize a new Ed448 instance with optional heap and + /// device ID. + /// + /// A key will not be present but can be imported with one of the import + /// functions. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(ed448) containing the Ed448 struct instance or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let ed = Ed448::new_ex(None, None).expect("Error with new()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_ed448_init_ex(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + let ed448 = Ed448 { ws_key }; + Ok(ed448) + } + + /// Check the public key is valid. + /// + /// When a private key is present, check that the calculated public key + /// matches it. When a private key is not present, check that Y is in range + /// and an X is able to be calculated. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// ed.check_key().expect("Error with check_key()"); + /// ``` + pub fn check_key(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_ed448_check_key(&mut self.ws_key) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private and public key to separate buffers. + /// + /// # Parameters + /// + /// * `private`: Output buffer in which to store the public/private key + /// pair. The length should be PRV_KEY_SIZE. + /// * `public`: Output buffer in which to store the public key. The length + /// should be PUB_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// } + /// ``` + #[cfg(ed448_export)] + pub fn export_key(&self, private: &mut [u8], public: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed448_export_key(&self.ws_key, + private.as_mut_ptr(), &mut private_size, + public.as_mut_ptr(), &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public key to buffer. + /// + /// # Parameters + /// + /// * `public`: Output buffer in which to store the public key. The length + /// should be PUB_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_public(&mut public).expect("Error with export_public()"); + /// } + /// ``` + #[cfg(ed448_export)] + pub fn export_public(&self, public: &mut [u8]) -> Result<(), i32> { + let mut public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed448_export_public(&self.ws_key, public.as_mut_ptr(), + &mut public_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public/private key pair to buffer. + /// + /// # Parameters + /// + /// * `keyout`: Output buffer in which to store the key pair. The length + /// should be PRV_KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// ed.export_private(&mut private).expect("Error with export_private()"); + /// } + /// ``` + #[cfg(ed448_export)] + pub fn export_private(&self, keyout: &mut [u8]) -> Result<(), i32> { + let mut keyout_size = keyout.len() as u32; + let rc = unsafe { + sys::wc_ed448_export_private(&self.ws_key, keyout.as_mut_ptr(), + &mut keyout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export private key only to buffer. + /// + /// # Parameters + /// + /// * `private`: Output buffer in which to store the private key. The + /// length should be KEY_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_export)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private_only = [0u8; Ed448::KEY_SIZE]; + /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + /// } + /// ``` + #[cfg(ed448_export)] + pub fn export_private_only(&self, private: &mut [u8]) -> Result<(), i32> { + let mut private_size = private.len() as u32; + let rc = unsafe { + sys::wc_ed448_export_private_only(&self.ws_key, + private.as_mut_ptr(), &mut private_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a public Ed448 key from buffer. + /// + /// This function handles either compressed or uncompressed keys. + /// The public key is checked that it matches the private key if one is + /// already present. + /// + /// # Parameters + /// + /// * `public`: Input buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_public(&public).expect("Error with import_public()"); + /// } + /// ``` + #[cfg(ed448_import)] + pub fn import_public(&mut self, public: &[u8]) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed448_import_public(public.as_ptr(), public_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import a public Ed448 key from buffer with trusted flag. + /// + /// This function handles either compressed or uncompressed keys. + /// The public key is checked that it matches the private key if one is + /// already present and trusted is false. + /// + /// # Parameters + /// + /// * `public`: Input buffer containing public key. + /// * `trusted`: Whether the public key buffer is trusted. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); + /// } + /// ``` + #[cfg(ed448_import)] + pub fn import_public_ex(&mut self, public: &[u8], trusted: bool) -> Result<(), i32> { + let public_size = public.len() as u32; + let rc = unsafe { + sys::wc_ed448_import_public_ex(public.as_ptr(), public_size, + &mut self.ws_key, if trusted {1} else {0}) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import private Ed448 key only from buffer. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private_only = [0u8; Ed448::KEY_SIZE]; + /// ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_private_only(&private_only).expect("Error with import_private_only()"); + /// } + /// ``` + #[cfg(ed448_import)] + pub fn import_private_only(&mut self, private: &[u8]) -> Result<(), i32> { + let private_size = private.len() as u32; + let rc = unsafe { + sys::wc_ed448_import_private_only(private.as_ptr(), private_size, + &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import public/private Ed448 key pair from buffers. + /// + /// This functions handles either compressed or uncompressed keys. + /// The public key is assumed to be untrusted and is checked against the + /// private key. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// * `public`: Optional input buffer containing public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_private_key(&private, Some(&public)).expect("Error with import_private_key()"); + /// } + /// ``` + #[cfg(ed448_import)] + pub fn import_private_key(&mut self, private: &[u8], public: Option<&[u8]>) -> Result<(), i32> { + let private_size = private.len() as u32; + let mut public_ptr: *const u8 = core::ptr::null(); + let mut public_size = 0u32; + if let Some(public) = public { + public_ptr = public.as_ptr(); + public_size = public.len() as u32; + } + let rc = unsafe { + sys::wc_ed448_import_private_key(private.as_ptr(), private_size, + public_ptr, public_size, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Import public/private Ed448 key pair from buffers with trusted flag. + /// + /// This functions handles either compressed or uncompressed keys. + /// The public is checked against private key if not trusted. + /// + /// # Parameters + /// + /// * `private`: Input buffer containing private key. + /// * `public`: Optional input buffer containing private key. + /// * `trusted`: Whether the public key buffer is trusted. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_import)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + /// let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + /// ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); + /// } + /// ``` + #[cfg(ed448_import)] + pub fn import_private_key_ex(&mut self, private: &[u8], public: Option<&[u8]>, trusted: bool) -> Result<(), i32> { + let private_size = private.len() as u32; + let mut public_ptr: *const u8 = core::ptr::null(); + let mut public_size = 0u32; + if let Some(public) = public { + public_ptr = public.as_ptr(); + public_size = public.len() as u32; + } + let rc = unsafe { + sys::wc_ed448_import_private_key_ex(private.as_ptr(), private_size, + public_ptr, public_size, &mut self.ws_key, if trusted {1} else {0}) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate the Ed448 public key from the private key stored in the + /// Ed448 object. + /// + /// The public key is written to the pubkey output buffer. + /// + /// # Parameters + /// + /// * `pubkey`: Output buffer in which to store the public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let mut private = [0u8; Ed448::KEY_SIZE]; + /// ed.export_private_only(&mut private).expect("Error with export_private_only()"); + /// let mut ed = Ed448::new().expect("Error with new()"); + /// ed.import_private_only(&private).expect("Error with import_private_only()"); + /// let mut public = [0u8; Ed448::KEY_SIZE]; + /// ed.make_public(&mut public).expect("Error with make_public()"); + /// ``` + pub fn make_public(&mut self, pubkey: &mut [u8]) -> Result<(), i32> { + let pubkey_size = pubkey.len() as u32; + let rc = unsafe { + sys::wc_ed448_make_public(&mut self.ws_key, + pubkey.as_mut_ptr(), pubkey_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Sign a message with optional context using Ed448 key. + /// + /// The context is part of the data signed. + /// + /// # Parameters + /// + /// * `message`: Message to sign. + /// * `context`: Optional buffer containing context for which message is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg(&message, Some(context), &mut signature).expect("Error with sign_msg()"); + /// } + /// ``` + #[cfg(ed448_sign)] + pub fn sign_msg(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed448_sign_msg(message.as_ptr(), message_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign a message digest with optional context using Ed448 key. + /// + /// The context is part of the data signed. + /// The message is pre-hashed before signature calculation. + /// + /// # Parameters + /// + /// * `hash`: Message digest to sign. + /// * `context`: Optional buffer containing context for which hash is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let hash = [ + /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + /// ]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); + /// } + /// ``` + #[cfg(ed448_sign)] + pub fn sign_hash_ph(&mut self, hash: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { + let hash_size = hash.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed448ph_sign_hash(hash.as_ptr(), hash_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign a message with optional context using Ed448 key. + /// + /// The context is part of the data signed. + /// The message is pre-hashed before signature calculation. + /// + /// # Parameters + /// + /// * `message`: Message digest to sign. + /// * `context`: Optional buffer containing context for which message is being signed. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); + /// } + /// ``` + #[cfg(ed448_sign)] + pub fn sign_msg_ph(&mut self, message: &[u8], context: Option<&[u8]>, signature: &mut [u8]) -> Result { + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed448ph_sign_msg(message.as_ptr(), message_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Sign input data with optional context using Ed448 key. + /// + /// If provided, the context is part of the data signed. + /// + /// # Parameters + /// + /// * `din`: Data to sign. + /// * `context`: Optional buffer containing context for which `din` is being signed. + /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. + /// * `signature`: Output buffer to hold signature. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written to + /// signature on success or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_sign)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg_ex(&message, Some(context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); + /// } + /// ``` + #[cfg(ed448_sign)] + pub fn sign_msg_ex(&mut self, din: &[u8], context: Option<&[u8]>, typ: u8, signature: &mut [u8]) -> Result { + let din_size = din.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut signature_size = signature.len() as u32; + let rc = unsafe { + sys::wc_ed448_sign_msg_ex(din.as_ptr(), din_size, + signature.as_mut_ptr(), &mut signature_size, &mut self.ws_key, + typ, context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(signature_size as usize) + } + + /// Verify the Ed448 signature of a message and optional context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `message`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the message was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = b"Hello!"; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg(message, Some(context), &mut signature).expect("Error with sign_msg()"); + /// let signature_valid = ed.verify_msg(&signature, message, Some(context)).expect("Error with verify_msg()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_verify)] + pub fn verify_msg(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { + let signature_size = signature.len() as u32; + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed448_verify_msg(signature.as_ptr(), signature_size, + message.as_ptr(), message_size, &mut res, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed448 signature of a message digest and optional context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// The hash algorithm used to create message digest must be SHA-512. + /// The message is pre-hashed before verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `hash`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the hash was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let hash = [ + /// 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + /// 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + /// 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + /// 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + /// 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + /// 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + /// 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + /// 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + /// ]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_hash_ph(&hash, Some(context), &mut signature).expect("Error with sign_hash_ph()"); + /// let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(context)).expect("Error with verify_hash_ph()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_verify)] + pub fn verify_hash_ph(&mut self, signature: &[u8], hash: &[u8], context: Option<&[u8]>) -> Result { + let signature_size = signature.len() as u32; + let hash_size = hash.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed448ph_verify_hash(signature.as_ptr(), signature_size, + hash.as_ptr(), hash_size, &mut res, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed448 signature of a message and optional context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// The message is pre-hashed before verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `message`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the message was signed. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg_ph(&message, Some(context), &mut signature).expect("Error with sign_msg_ph()"); + /// let signature_valid = ed.verify_msg_ph(&signature, &message, Some(context)).expect("Error with verify_msg_ph()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_verify)] + pub fn verify_msg_ph(&mut self, signature: &[u8], message: &[u8], context: Option<&[u8]>) -> Result { + let signature_size = signature.len() as u32; + let message_size = message.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed448ph_verify_msg(signature.as_ptr(), signature_size, + message.as_ptr(), message_size, &mut res, &mut self.ws_key, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Verify the Ed448 signature of a message and optional context to ensure authenticity. + /// + /// The context is included as part of the data verified. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `din`: Message to verify the signature of. + /// * `context`: Optional buffer containing context for which the input data was signed. + /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = b"context"; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg_ex(&message, Some(context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); + /// let signature_valid = ed.verify_msg_ex(&signature, &message, Some(context), Ed448::ED448).expect("Error with verify_msg_ex()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_verify)] + pub fn verify_msg_ex(&mut self, signature: &[u8], din: &[u8], context: Option<&[u8]>, typ: u8) -> Result { + let signature_size = signature.len() as u32; + let din_size = din.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed448_verify_msg_ex(signature.as_ptr(), signature_size, + din.as_ptr(), din_size, &mut res, &mut self.ws_key, typ, + context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Initialize Ed448 key to perform streaming verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// * `context`: Optional buffer containing context for which the input data was signed. + /// * `typ`: One of `Ed448::ED448` or `Ed448::ED448PH`. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = [0x42u8, 1, 2, 3]; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_streaming_verify)] + pub fn verify_msg_init(&mut self, signature: &[u8], context: Option<&[u8]>, typ: u8) -> Result<(), i32> { + let signature_size = signature.len() as u32; + let mut context_ptr: *const u8 = core::ptr::null(); + let mut context_size = 0u8; + if let Some(context) = context { + context_ptr = context.as_ptr(); + context_size = context.len() as u8; + } + let rc = unsafe { + sys::wc_ed448_verify_msg_init(signature.as_ptr(), signature_size, + &mut self.ws_key, typ, context_ptr, context_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Add input data to Ed448 streaming verification. + /// + /// # Parameters + /// + /// * `din`: Segment of message to verify the signature of. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = [0x42u8, 1, 2, 3]; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_streaming_verify)] + pub fn verify_msg_update(&mut self, din: &[u8]) -> Result<(), i32> { + let din_size = din.len() as u32; + let rc = unsafe { + sys::wc_ed448_verify_msg_update(din.as_ptr(), din_size, + &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize Ed448 streaming verification. + /// + /// # Parameters + /// + /// * `signature`: Signature to verify. + /// + /// # Returns + /// + /// Returns either Ok(valid) containing whether the signature is valid or + /// Err(e) containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(ed448_streaming_verify)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let message = [0x42u8, 33, 55, 66]; + /// let context = [0x42u8, 1, 2, 3]; + /// let mut signature = [0u8; Ed448::SIG_SIZE]; + /// ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); + /// ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); + /// ed.verify_msg_update(&message[0..2]).expect("Error with verify_msg_update()"); + /// ed.verify_msg_update(&message[2..4]).expect("Error with verify_msg_update()"); + /// let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + /// assert!(signature_valid); + /// } + /// ``` + #[cfg(ed448_streaming_verify)] + pub fn verify_msg_final(&mut self, signature: &[u8]) -> Result { + let signature_size = signature.len() as u32; + let mut res = 0i32; + let rc = unsafe { + sys::wc_ed448_verify_msg_final(signature.as_ptr(), signature_size, + &mut res, &mut self.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(res == 1) + } + + /// Get the size of an Ed448 key (57 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let key_size = ed.size().expect("Error with size()"); + /// assert_eq!(key_size, Ed448::KEY_SIZE); + /// ``` + pub fn size(&self) -> Result { + let rc = unsafe { sys::wc_ed448_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a private (including public) Ed448 key (114 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let priv_size = ed.priv_size().expect("Error with priv_size()"); + /// assert_eq!(priv_size, Ed448::PRV_KEY_SIZE); + /// ``` + pub fn priv_size(&self) -> Result { + let rc = unsafe { sys::wc_ed448_priv_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a public Ed448 key (57 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let pub_size = ed.pub_size().expect("Error with pub_size()"); + /// assert_eq!(pub_size, Ed448::PUB_KEY_SIZE); + /// ``` + pub fn pub_size(&self) -> Result { + let rc = unsafe { sys::wc_ed448_pub_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Get the size of a Ed448 signature (114 bytes). + /// + /// # Returns + /// + /// Returns either Ok(size) containing the key size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::ed448::Ed448; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + /// let sig_size = ed.sig_size().expect("Error with sig_size()"); + /// assert_eq!(sig_size, Ed448::SIG_SIZE); + /// ``` + pub fn sig_size(&self) -> Result { + let rc = unsafe { sys::wc_ed448_sig_size(&self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } +} + +impl Drop for Ed448 { + /// Safely free the wolfSSL resources. + fn drop(&mut self) { + unsafe { sys::wc_ed448_free(&mut self.ws_key); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/fips.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ +#![cfg(fips)] + +use crate::sys; + +/// Enables or disables the ability to read private key data in FIPS mode. +/// +/// In FIPS mode, private keys are protected and cannot be read by default. +/// This function allows temporarily enabling private key reads for operations +/// that require access to the raw key material, such as key export or backup. +/// +/// # Arguments +/// +/// * `enabled` - Set to `1` to enable private key reads, or `0` to disable. +/// +/// # Returns +/// +/// * `Ok(())` - The operation succeeded. +/// * `Err(i32)` - The operation failed, returning the wolfSSL error code. +/// +/// # Note +/// +/// This function applies to all key types (`WC_KEYTYPE_ALL`). Private key +/// reading should be disabled again after the required operation is complete +/// to maintain FIPS compliance. +pub fn set_private_key_read_enable(enabled: i32) -> Result<(), i32> { + let rc = unsafe { + sys::wolfCrypt_SetPrivateKeyReadEnable_fips(enabled, sys::wc_KeyType_WC_KEYTYPE_ALL) + }; + if rc != 0 { + Err(rc) + } else { + Ok(()) + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hkdf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,275 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's HMAC Key +Derivation Function (HKDF) functionality. +*/ + +#![cfg(hkdf)] + +use crate::sys; +use crate::hmac::HMAC; + +/// Perform HKDF-Extract operation. +/// +/// This utilizes HMAC to convert `key`, with an optional `salt`, into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `salt`: Salt value (optional). +/// * `key`: Initial Key Material (IKM). +/// * `out`: Output buffer to store HKDF-Extract result. The size of this +/// buffer must match `HMAC::get_hmac_size_by_type(typ)`. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::hkdf::*; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let ikm = b"MyPassword0"; +/// let salt = b"12345678ABCDEFGH"; +/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; +/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); +/// ``` +pub fn hkdf_extract(typ: i32, salt: Option<&[u8]>, key: &[u8], out: &mut [u8]) -> Result<(), i32> { + hkdf_extract_ex(typ, salt, key, out, None, None) +} + +/// Perform HKDF-Extract operation (with optional heap and device ID). +/// +/// This utilizes HMAC to convert `key`, with an optional `salt`, into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `salt`: Salt value (optional). +/// * `key`: Initial Key Material (IKM). +/// * `out`: Output buffer to store HKDF-Extract result. The size of this +/// buffer must match `HMAC::get_hmac_size_by_type(typ)`. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::hkdf::*; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let ikm = b"MyPassword0"; +/// let salt = b"12345678ABCDEFGH"; +/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; +/// hkdf_extract_ex(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out, None, None).expect("Error with hkdf_extract_ex()"); +/// ``` +pub fn hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: &[u8], out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let mut salt_ptr = core::ptr::null(); + let mut salt_size = 0u32; + if let Some(salt) = salt { + salt_ptr = salt.as_ptr(); + salt_size = salt.len() as u32; + } + let key_size = key.len() as u32; + if out.len() != HMAC::get_hmac_size_by_type(typ)? { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_HKDF_Extract_ex(typ, salt_ptr, salt_size, + key.as_ptr(), key_size, out.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform HKDF-Expand operation. +/// +/// This utilizes HMAC to convert `key`, with optional `info`, into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key`: Key to use for KDF (typically output of `hkdf_extract()`). +/// * `info`: Optional buffer containing additional info. +/// * `out`: Output buffer to store HKDF-Expand result. The buffer can be +/// any size. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::hkdf::*; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let ikm = b"MyPassword0"; +/// let salt = b"12345678ABCDEFGH"; +/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; +/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); +/// let info = b"0"; +/// let mut expand_out = [0u8; 16]; +/// hkdf_expand(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out).expect("Error with hkdf_expand()"); +/// ``` +pub fn hkdf_expand(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8]) -> Result<(), i32> { + hkdf_expand_ex(typ, key, info, out, None, None) +} + +/// Perform HKDF-Expand operation (with optional heap and device ID). +/// +/// This utilizes HMAC to convert `key`, with optional `info`, into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key`: Key to use for KDF (typically output of `hkdf_extract()`). +/// * `info`: Optional buffer containing additional info. +/// * `out`: Output buffer to store HKDF-Expand result. The buffer can be +/// any size. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::hkdf::*; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let ikm = b"MyPassword0"; +/// let salt = b"12345678ABCDEFGH"; +/// let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; +/// hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); +/// let info = b"0"; +/// let mut expand_out = [0u8; 16]; +/// hkdf_expand_ex(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out, None, None).expect("Error with hkdf_expand_ex()"); +/// ``` +pub fn hkdf_expand_ex(typ: i32, key: &[u8], info: Option<&[u8]>, out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let key_size = key.len() as u32; + let mut info_ptr = core::ptr::null(); + let mut info_size = 0u32; + if let Some(info) = info { + info_ptr = info.as_ptr(); + info_size = info.len() as u32; + } + let out_size = out.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_HKDF_Expand_ex(typ, key.as_ptr(), key_size, + info_ptr, info_size, out.as_mut_ptr(), out_size, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform HMAC Key Derivation Function (HKDF) operation. +/// +/// This utilizes HMAC to convert `key`, with an optional `salt` and +/// optional `info` into a derived key which is written to `out`. +/// +/// This one-shot function is a combination of `hkdf_extract()` and `hkdf_expand()`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key`: Initial Key Material (IKM). +/// * `salt`: Salt value (optional). +/// * `info`: Optional buffer containing additional info. +/// * `out`: Output buffer to store HKDF result. The buffer can be any size. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::hkdf::*; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// let ikm = b"MyPassword0"; +/// let salt = b"12345678ABCDEFGH"; +/// let info = b"0"; +/// let mut out = [0u8; 16]; +/// hkdf(HMAC::TYPE_SHA256, ikm, Some(salt), Some(info), &mut out).expect("Error with hkdf()"); +/// ``` +pub fn hkdf(typ: i32, key: &[u8], salt: Option<&[u8]>, info: Option<&[u8]>, out: &mut[u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let mut salt_ptr = core::ptr::null(); + let mut salt_size = 0u32; + if let Some(salt) = salt { + salt_ptr = salt.as_ptr(); + salt_size = salt.len() as u32; + } + let mut info_ptr = core::ptr::null(); + let mut info_size = 0u32; + if let Some(info) = info { + info_ptr = info.as_ptr(); + info_size = info.len() as u32; + } + let out_size = out.len() as u32; + let rc = unsafe { + sys::wc_HKDF(typ, key.as_ptr(), key_size, salt_ptr, salt_size, + info_ptr, info_size, out.as_mut_ptr(), out_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/hmac.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,338 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's HMAC +functionality. +*/ + +#![cfg(hmac)] + +use crate::sys; +use core::mem::MaybeUninit; + +/// Rust wrapper for wolfSSL `Hmac` object. +pub struct HMAC { + wc_hmac: sys::Hmac, +} + +impl HMAC { + pub const TYPE_MD5: i32 = sys::wc_HashType_WC_HASH_TYPE_MD5 as i32; + pub const TYPE_SHA: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA as i32; + pub const TYPE_SHA256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA256 as i32; + pub const TYPE_SHA512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512 as i32; + #[cfg(sha512_224)] + pub const TYPE_SHA512_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224 as i32; + #[cfg(sha512_256)] + pub const TYPE_SHA512_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256 as i32; + pub const TYPE_SHA384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA384 as i32; + pub const TYPE_SHA224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA224 as i32; + pub const TYPE_SHA3_224: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_224 as i32; + pub const TYPE_SHA3_256: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_256 as i32; + pub const TYPE_SHA3_384: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_384 as i32; + pub const TYPE_SHA3_512: i32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512 as i32; + + /// Get HMAC hash size by type. + /// + /// # Parameters + /// + /// * `typ`: Hash type, one of `HMAC::TYPE_*`. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the HMAC hash size or Err(e) + /// containing the wolfSSL library error code value. + pub fn get_hmac_size_by_type(typ: i32) -> Result { + let rc = unsafe { sys::wc_HmacSizeByType(typ) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as u32 as usize) + } + + /// Create a new HMAC object with the given hash type and encryption key. + /// + /// # Parameters + /// + /// * `typ`: Hash type, one of `HMAC::TYPE_*`. + /// * `key`: Encryption key. + /// + /// # Returns + /// + /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 16]; + /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); + /// ``` + pub fn new(typ: i32, key: &[u8]) -> Result { + Self::new_ex(typ, key, None, None) + } + + /// Create a new HMAC object with the given hash type and encryption key + /// with optional heap and device ID. + /// + /// # Parameters + /// + /// * `typ`: Hash type, one of `HMAC::TYPE_*`. + /// * `key`: Encryption key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 16]; + /// let mut hmac = HMAC::new_ex(HMAC::TYPE_SHA256, &key, None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(typ: i32, key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let key_size = key.len() as u32; + let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_HmacInit(wc_hmac.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let wc_hmac = unsafe { wc_hmac.assume_init() }; + let mut hmac = HMAC { wc_hmac }; + let rc = unsafe { + sys::wc_HmacSetKey(&mut hmac.wc_hmac, typ, key.as_ptr(), key_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(hmac) + } + + /// Create a new HMAC object with the given hash type and encryption key, + /// allowing for short encryption keys (< 112 bits) to be used. + /// + /// # Parameters + /// + /// * `typ`: Hash type, one of `HMAC::TYPE_*`. + /// * `key`: Encryption key. + /// + /// # Returns + /// + /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(hmac_setkey_ex)] + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 3]; + /// let mut hmac = HMAC::new_allow_short_key(HMAC::TYPE_SHA256, &key).expect("Error with new_allow_short_key()"); + /// ``` + #[cfg(hmac_setkey_ex)] + pub fn new_allow_short_key(typ: i32, key: &[u8]) -> Result { + Self::new_allow_short_key_ex(typ, key, None, None) + } + + /// Create a new HMAC object with the given hash type and encryption key, + /// allowing for short encryption keys (< 112 bits) to be used. + /// + /// # Parameters + /// + /// * `typ`: Hash type, one of `HMAC::TYPE_*`. + /// * `key`: Encryption key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(hmac) containing the HMAC struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(hmac_setkey_ex)] + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 3]; + /// let mut hmac = HMAC::new_allow_short_key_ex(HMAC::TYPE_SHA256, &key, None, None).expect("Error with new_allow_short_key_ex()"); + /// ``` + #[cfg(hmac_setkey_ex)] + pub fn new_allow_short_key_ex(typ: i32, key: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let key_size = key.len() as u32; + let mut wc_hmac: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_HmacInit(wc_hmac.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let wc_hmac = unsafe { wc_hmac.assume_init() }; + let mut hmac = HMAC { wc_hmac }; + let rc = unsafe { + sys::wc_HmacSetKey_ex(&mut hmac.wc_hmac, typ, key.as_ptr(), key_size, 1) + }; + if rc != 0 { + return Err(rc); + } + Ok(hmac) + } + + /// Update the message to authenticate using HMAC. + /// + /// This function may be called multiple times to update the message to + /// hash. + /// + /// # Parameters + /// + /// * `data`: Buffer containing message data to append. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 16]; + /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); + /// hmac.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_HmacUpdate(&mut self.wc_hmac, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Compute the final hash of the input message. + /// + /// # Parameters + /// + /// * `hash`: Output buffer to contain the calculated hash. The length must + /// match that returned by `get_hmac_size()`. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 16]; + /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); + /// hmac.update(b"input").expect("Error with update()"); + /// let hash_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); + /// let mut hash = vec![0u8; hash_size]; + /// hmac.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + // Check the output buffer size since wc_HmacFinal() does not accept + // a length parameter. + let typ = self.wc_hmac.macType as i32; + let rc = unsafe { sys::wc_HmacSizeByType(typ) }; + if rc < 0 { + return Err(rc); + } + let expected_size = rc as usize; + if hash.len() != expected_size { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_HmacFinal(&mut self.wc_hmac, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the HMAC hash size. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the HMAC hash size or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::hmac::HMAC; + /// let key = [0x42u8; 16]; + /// let mut hmac = HMAC::new(HMAC::TYPE_SHA256, &key).expect("Error with new()"); + /// hmac.update(b"input").expect("Error with update()"); + /// let hash_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); + /// let mut hash = vec![0u8; hash_size]; + /// hmac.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn get_hmac_size(&self) -> Result { + let typ = self.wc_hmac.macType as u32 as i32; + let rc = unsafe { sys::wc_HmacSizeByType(typ) }; + if rc < 0 { + return Err(rc); + } + let expected_size = rc as u32 as usize; + Ok(expected_size) + } +} + +impl Drop for HMAC { + /// Safely free the underlying wolfSSL Hmac context. + /// + /// This calls the `wc_HmacFree()` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// HMAC struct instance goes out of scope, automatically cleaning up + /// resources and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_HmacFree(&mut self.wc_hmac); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/kdf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,773 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Key Derivation +Function (KDF) functionality. +*/ + +use crate::sys; +#[cfg(all(hmac, kdf_tls13))] +use crate::hmac::HMAC; + +#[cfg(kdf_srtp)] +pub const SRTP_LABEL_ENCRYPTION: u8 = sys::WC_SRTP_LABEL_ENCRYPTION as u8; +#[cfg(kdf_srtp)] +pub const SRTP_LABEL_MSG_AUTH: u8 = sys::WC_SRTP_LABEL_MSG_AUTH as u8; +#[cfg(kdf_srtp)] +pub const SRTP_LABEL_SALT: u8 = sys::WC_SRTP_LABEL_SALT as u8; +#[cfg(kdf_srtp)] +pub const SRTCP_LABEL_ENCRYPTION: u8 = sys::WC_SRTCP_LABEL_ENCRYPTION as u8; +#[cfg(kdf_srtp)] +pub const SRTCP_LABEL_MSG_AUTH: u8 = sys::WC_SRTCP_LABEL_MSG_AUTH as u8; +#[cfg(kdf_srtp)] +pub const SRTCP_LABEL_SALT: u8 = sys::WC_SRTCP_LABEL_SALT as u8; +#[cfg(kdf_srtp)] +pub const SRTP_LABEL_HDR_ENCRYPTION: u8 = sys::WC_SRTP_LABEL_HDR_ENCRYPTION as u8; +#[cfg(kdf_srtp)] +pub const SRTP_LABEL_HDR_SALT: u8 = sys::WC_SRTP_LABEL_HDR_SALT as u8; + +/// Implement Password Based Key Derivation Function 2 (PBKDF2) converting an +/// input password with a concatenated salt into a more secure key which is +/// written to the `out` buffer. +/// +/// # Parameters +/// +/// * `password`: Password to use for key derivation. +/// * `salt`: Salt value to use for key derivation. +/// * `iterations`: Number of times to process the hash. +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `out`: Output buffer in which to store the generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_pbkdf2))] +/// { +/// use wolfssl_wolfcrypt::kdf::pbkdf2; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// let password = b"passwordpassword"; +/// let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; +/// let iterations = 2048; +/// let expected_key = [ +/// 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, +/// 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 +/// ]; +/// let mut keyout = [0u8; 24]; +/// pbkdf2(password, &salt, iterations, HMAC::TYPE_SHA256, &mut keyout).expect("Error with pbkdf2()"); +/// assert_eq!(keyout, expected_key); +/// } +/// ``` +#[cfg(kdf_pbkdf2)] +pub fn pbkdf2(password: &[u8], salt: &[u8], iterations: i32, typ: i32, out: &mut [u8]) -> Result<(), i32> { + pbkdf2_ex(password, salt, iterations, typ, None, None, out) +} + +/// Implement Password Based Key Derivation Function 2 (PBKDF2) converting an +/// input password with a concatenated salt into a more secure key which is +/// written to the `out` buffer. +/// This version allows optional heap hint and device ID parameters. +/// +/// # Parameters +/// +/// * `password`: Password to use for key derivation. +/// * `salt`: Salt value to use for key derivation. +/// * `iterations`: Number of times to process the hash. +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// * `out`: Output buffer in which to store the generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_pbkdf2))] +/// { +/// use wolfssl_wolfcrypt::kdf::pbkdf2_ex; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// let password = b"passwordpassword"; +/// let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; +/// let iterations = 2048; +/// let expected_key = [ +/// 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, +/// 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 +/// ]; +/// let mut keyout = [0u8; 24]; +/// pbkdf2_ex(password, &salt, iterations, HMAC::TYPE_SHA256, None, None, &mut keyout).expect("Error with pbkdf2_ex()"); +/// assert_eq!(keyout, expected_key); +/// } +/// ``` +#[cfg(kdf_pbkdf2)] +pub fn pbkdf2_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option, out: &mut [u8]) -> Result<(), i32> { + let password_size = password.len() as i32; + let salt_size = salt.len() as i32; + let out_size = out.len() as i32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_PBKDF2_ex(out.as_mut_ptr(), password.as_ptr(), password_size, + salt.as_ptr(), salt_size, iterations, out_size, typ, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// This function implements the Password Based Key Derivation Function +/// (PBKDF) described in RFC 7292 Appendix B. This function converts an input +/// password with a concatenated salt into a more secure key, which it stores +/// in `out`. It allows the user to select any of the supported HMAC hash +/// functions, including: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, +/// WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512. +/// +/// # Parameters +/// +/// * `password`: Password to use for key derivation. +/// * `salt`: Salt value to use for key derivation. +/// * `iterations`: Number of times to process the hash. +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `id`: Byte identifier indicating the purpose of key generation. It is +/// used to diversify the key output, and should be assigned as follows: +/// ID=1: pseudorandom bits are to be used as key material for performing +/// encryption or decryption. ID=2: pseudorandom bits are to be used an IV +/// (Initial Value) for encryption or decryption. ID=3: pseudorandom bits +/// are to be used as an integrity key for MACing. +/// * `out`: Output buffer in which to store the generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_pkcs12))] +/// { +/// use wolfssl_wolfcrypt::kdf::pkcs12_pbkdf; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; +/// let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; +/// let expected_key = [ +/// 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, +/// 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, +/// 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA +/// ]; +/// let iterations = 1; +/// let mut keyout = [0u8; 24]; +/// pkcs12_pbkdf(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, &mut keyout).expect("Error with pkcs12_pbkdf()"); +/// assert_eq!(keyout, expected_key); +/// } +/// ``` +#[cfg(kdf_pkcs12)] +pub fn pkcs12_pbkdf(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: i32, out: &mut [u8]) -> Result<(), i32> { + pkcs12_pbkdf_ex(password, salt, iterations, typ, id, None, out) +} + +/// This function implements the Password Based Key Derivation Function +/// (PBKDF) described in RFC 7292 Appendix B. This function converts an input +/// password with a concatenated salt into a more secure key, which it stores +/// in `out`. It allows the user to select any of the supported HMAC hash +/// functions, including: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, +/// WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512. +/// This version allows an optional heap hint parameter. +/// +/// # Parameters +/// +/// * `password`: Password to use for key derivation. +/// * `salt`: Salt value to use for key derivation. +/// * `iterations`: Number of times to process the hash. +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `id`: Byte identifier indicating the purpose of key generation. It is +/// used to diversify the key output, and should be assigned as follows: +/// ID=1: pseudorandom bits are to be used as key material for performing +/// encryption or decryption. ID=2: pseudorandom bits are to be used an IV +/// (Initial Value) for encryption or decryption. ID=3: pseudorandom bits +/// are to be used as an integrity key for MACing. +/// * `heap`: Optional heap hint. +/// * `out`: Output buffer in which to store the generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_pkcs12))] +/// { +/// use wolfssl_wolfcrypt::kdf::pkcs12_pbkdf_ex; +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; +/// let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; +/// let expected_key = [ +/// 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, +/// 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, +/// 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA +/// ]; +/// let iterations = 1; +/// let mut keyout = [0u8; 24]; +/// pkcs12_pbkdf_ex(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, None, &mut keyout).expect("Error with pkcs12_pbkdf_ex()"); +/// assert_eq!(keyout, expected_key); +/// } +/// ``` +#[cfg(kdf_pkcs12)] +pub fn pkcs12_pbkdf_ex(password: &[u8], salt: &[u8], iterations: i32, typ: i32, id: i32, heap: Option<*mut core::ffi::c_void>, out: &mut [u8]) -> Result<(), i32> { + let password_size = password.len() as i32; + let salt_size = salt.len() as i32; + let out_size = out.len() as i32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let rc = unsafe { + sys::wc_PKCS12_PBKDF_ex(out.as_mut_ptr(), password.as_ptr(), password_size, + salt.as_ptr(), salt_size, iterations, out_size, typ, id, heap) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform RFC 5869 HKDF-Extract operation for TLS v1.3 key derivation. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `salt`: Optional Salt value. +/// * `key`: Optional Initial Key Material (IKM). +/// * `out`: Output buffer to store TLS1.3 HKDF-Extract result (generated +/// Pseudo-Random Key (PRK)). The size of this buffer must match +/// `HMAC::get_hmac_size_by_type(typ)`. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_tls13))] +/// { +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::kdf::*; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); +/// } +/// ``` +#[cfg(all(hmac, kdf_tls13))] +pub fn tls13_hkdf_extract(typ: i32, salt: Option<&[u8]>, key: Option<&mut [u8]>, out: &mut [u8]) -> Result<(), i32> { + tls13_hkdf_extract_ex(typ, salt, key, out, None, None) +} + +/// Perform RFC 5869 HKDF-Extract operation for TLS v1.3 key derivation (with +/// optional heap and device ID). +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `salt`: Optional Salt value. +/// * `key`: Optional Initial Key Material (IKM). +/// * `out`: Output buffer to store TLS1.3 HKDF-Extract result (generated +/// Pseudo-Random Key (PRK)). The size of this buffer must match +/// `HMAC::get_hmac_size_by_type(typ)`. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_tls13))] +/// { +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::kdf::*; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_extract_ex(HMAC::TYPE_SHA256, None, None, &mut secret, None, None).expect("Error with tls13_hkdf_extract_ex()"); +/// } +/// ``` +#[cfg(all(hmac, kdf_tls13))] +pub fn tls13_hkdf_extract_ex(typ: i32, salt: Option<&[u8]>, key: Option<&mut [u8]>, out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let mut salt_ptr = core::ptr::null(); + let mut salt_size = 0u32; + if let Some(salt) = salt { + salt_ptr = salt.as_ptr(); + salt_size = salt.len() as u32; + } + let mut ikm_buf = [0u8; sys::WC_MAX_DIGEST_SIZE as usize]; + let mut ikm_ptr = ikm_buf.as_mut_ptr(); + let mut ikm_size = 0u32; + if let Some(key) = key && !key.is_empty() { + ikm_ptr = key.as_mut_ptr(); + ikm_size = key.len() as u32; + } + if out.len() != HMAC::get_hmac_size_by_type(typ)? { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_Tls13_HKDF_Extract_ex(out.as_mut_ptr(), salt_ptr, salt_size, + ikm_ptr, ikm_size, typ, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform RFC 5869 HKDF-Expand operation for TLS v1.3 key derivation. +/// +/// This utilizes HMAC to convert `key`, `label`, and `info` into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key`: Key to use for KDF (typically output of `tls13_hkdf_extract()`). +/// * `protocol`: Buffer containing TLS protocol. +/// * `label`: Buffer containing label. +/// * `info`: Buffer containing additional info. +/// * `out`: Output buffer to store TLS1.3 HKDF-Expand result. The buffer can be +/// any size. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_tls13))] +/// { +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::kdf::*; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let hash_hello1 = [ +/// 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, +/// 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, +/// 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, +/// 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b +/// ]; +/// let client_early_traffic_secret = [ +/// 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, +/// 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, +/// 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 +/// ]; +/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); +/// let protocol_label = b"tls13 "; +/// let ce_traffic_label = b"c e traffic"; +/// let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_expand_label(HMAC::TYPE_SHA256, &secret, +/// protocol_label, ce_traffic_label, +/// &hash_hello1, &mut expand_out).expect("Error with tls13_hkdf_expand_label()"); +/// } +/// ``` +#[cfg(all(hmac, kdf_tls13))] +pub fn tls13_hkdf_expand_label(typ: i32, key: &[u8], protocol: &[u8], label: &[u8], info: &[u8], out: &mut [u8]) -> Result<(), i32> { + tls13_hkdf_expand_label_ex(typ, key, protocol, label, info, out, None, None) +} + +/// Perform RFC 5869 HKDF-Expand operation for TLS v1.3 key derivation (with +/// optional heap and device ID). +/// +/// This utilizes HMAC to convert `key`, `label`, and `info` into a +/// derived key which is written to `out`. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key`: Key to use for KDF (typically output of `tls13_hkdf_extract()`). +/// * `protocol`: Buffer containing TLS protocol. +/// * `label`: Buffer containing label. +/// * `info`: Buffer containing additional info. +/// * `out`: Output buffer to store TLS1.3 HKDF-Expand result. The buffer can be +/// any size. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(all(hmac, kdf_tls13))] +/// { +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::kdf::*; +/// use wolfssl_wolfcrypt::sha::SHA256; +/// let hash_hello1 = [ +/// 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, +/// 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, +/// 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, +/// 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b +/// ]; +/// let client_early_traffic_secret = [ +/// 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, +/// 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, +/// 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 +/// ]; +/// let mut secret = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); +/// let protocol_label = b"tls13 "; +/// let ce_traffic_label = b"c e traffic"; +/// let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; +/// tls13_hkdf_expand_label_ex(HMAC::TYPE_SHA256, &secret, +/// protocol_label, ce_traffic_label, +/// &hash_hello1, &mut expand_out, None, None).expect("Error with tls13_hkdf_expand_label_ex()"); +/// } +/// ``` +#[cfg(all(hmac, kdf_tls13))] +#[allow(clippy::too_many_arguments)] +pub fn tls13_hkdf_expand_label_ex(typ: i32, key: &[u8], protocol: &[u8], label: &[u8], info: &[u8], out: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let key_size = key.len() as u32; + let protocol_size = protocol.len() as u32; + let label_size = label.len() as u32; + let info_size = info.len() as u32; + let out_size = out.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_Tls13_HKDF_Expand_Label_ex(out.as_mut_ptr(), out_size, + key.as_ptr(), key_size, protocol.as_ptr(), protocol_size, + label.as_ptr(), label_size, info.as_ptr(), info_size, typ, + heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform SSH KDF operation. +/// +/// # Parameters +/// +/// * `typ`: Hash type, one of `HMAC::TYPE_*`. +/// * `key_id`: Key ID, typically 'A' through 'F'. +/// * `k`: Initial key. +/// * `h`: Exchange hash. +/// * `session_id`: Unique identifier for the SSH session. +/// * `key`: Output buffer. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_ssh)] +/// { +/// use wolfssl_wolfcrypt::hmac::HMAC; +/// use wolfssl_wolfcrypt::kdf::*; +/// let k = [0x42u8; 256]; +/// let h = [0x43u8; 32]; +/// let sid = [0x44u8; 32]; +/// let mut out = [0u8; 16]; +/// ssh_kdf(HMAC::TYPE_SHA256, b'A', &k, &h, &sid, &mut out).expect("Error with ssh_kdf()"); +/// } +/// ``` +#[cfg(kdf_ssh)] +pub fn ssh_kdf(typ: i32, key_id: u8, k: &[u8], h: &[u8], session_id: &[u8], key: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let k_size = k.len() as u32; + let h_size = h.len() as u32; + let session_size = session_id.len() as u32; + let rc = unsafe { + sys::wc_SSH_KDF(typ as u8, key_id, + key.as_mut_ptr(), key_size, + k.as_ptr(), k_size, h.as_ptr(), h_size, + session_id.as_ptr(), session_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform SRTP KDF algorithm to derive keys. +/// +/// # Parameters +/// +/// * `key`: Key to use with encryption. +/// * `salt`: Random non-secret value. +/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. +/// * `idx`: Index value to XOR in. +/// * `key1`: Output buffer for first key (label of 0x00). +/// * `key2`: Output buffer for second key (label of 0x01). +/// * `key3`: Output buffer for third key (label of 0x02). +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_srtp)] +/// { +/// use wolfssl_wolfcrypt::kdf::*; +/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, +/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; +/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, +/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; +/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; +/// let mut key_e = [0u8; 16]; +/// let mut key_a = [0u8; 20]; +/// let mut key_s = [0u8; 14]; +/// srtp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtp_kdf()"); +/// } +/// ``` +#[cfg(kdf_srtp)] +pub fn srtp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], + key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let salt_size = salt.len() as u32; + let key1_size = key1.len() as u32; + let key2_size = key2.len() as u32; + let key3_size = key3.len() as u32; + let rc = unsafe { + sys::wc_SRTP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, + kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, + key2.as_mut_ptr(), key2_size, key3.as_mut_ptr(), key3_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform SRTP KDF algorithm to derive a key with a given label. +/// +/// # Parameters +/// +/// * `key`: Key to use with encryption. +/// * `salt`: Random non-secret value. +/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. +/// * `idx`: Index value to XOR in. +/// * `label`: Label: typically one of `SRTP_LABEL_*`. +/// * `keyout`: Output buffer for generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_srtp)] +/// { +/// use wolfssl_wolfcrypt::kdf::*; +/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, +/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; +/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, +/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; +/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; +/// let mut key_a = [0u8; 20]; +/// srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtp_kdf_label()"); +/// } +/// ``` +#[cfg(kdf_srtp)] +pub fn srtp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], + label: u8, keyout: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let salt_size = salt.len() as u32; + let keyout_size = keyout.len() as u32; + let rc = unsafe { + sys::wc_SRTP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, + kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform SRTCP KDF algorithm to derive keys. +/// +/// # Parameters +/// +/// * `key`: Key to use with encryption. Key length must be 16, 24, or 32. +/// * `salt`: Random non-secret value. +/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. +/// * `idx`: Index value to XOR in. +/// * `key1`: Output buffer for first key (label of 0x00). +/// * `key2`: Output buffer for second key (label of 0x01). +/// * `key3`: Output buffer for third key (label of 0x02). +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_srtp)] +/// { +/// use wolfssl_wolfcrypt::kdf::*; +/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, +/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; +/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, +/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; +/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; +/// let mut key_e = [0u8; 16]; +/// let mut key_a = [0u8; 20]; +/// let mut key_s = [0u8; 14]; +/// srtcp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtcp_kdf()"); +/// } +/// ``` +#[cfg(kdf_srtp)] +pub fn srtcp_kdf(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], + key1: &mut [u8], key2: &mut [u8], key3: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let salt_size = salt.len() as u32; + let key1_size = key1.len() as u32; + let key2_size = key2.len() as u32; + let key3_size = key3.len() as u32; + let rc = unsafe { + sys::wc_SRTCP_KDF(key.as_ptr(), key_size, salt.as_ptr(), salt_size, + kdr_index, idx.as_ptr(), key1.as_mut_ptr(), key1_size, + key2.as_mut_ptr(), key2_size, key3.as_mut_ptr(), key3_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Perform SRTCP KDF algorithm to derive a key with a given label. +/// +/// # Parameters +/// +/// * `key`: Key to use with encryption. +/// * `salt`: Random non-secret value. +/// * `kdr_index`: Key derivation rate: -1 for 0, otherwise KDR = 2^kdr_index. +/// * `idx`: Index value to XOR in. +/// * `label`: Label: typically one of `SRTCP_LABEL_*`. +/// * `keyout`: Output buffer for generated key. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_srtp)] +/// { +/// use wolfssl_wolfcrypt::kdf::*; +/// let key = [0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, +/// 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90]; +/// let salt = [0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, +/// 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6]; +/// let index = [0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca]; +/// let mut key_a = [0u8; 20]; +/// srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtcp_kdf_label()"); +/// } +/// ``` +#[cfg(kdf_srtp)] +pub fn srtcp_kdf_label(key: &[u8], salt: &[u8], kdr_index: i32, idx: &[u8], + label: u8, keyout: &mut [u8]) -> Result<(), i32> { + let key_size = key.len() as u32; + let salt_size = salt.len() as u32; + let keyout_size = keyout.len() as u32; + let rc = unsafe { + sys::wc_SRTCP_KDF_label(key.as_ptr(), key_size, salt.as_ptr(), salt_size, + kdr_index, idx.as_ptr(), label, keyout.as_mut_ptr(), keyout_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Convert a Key Derivation Rate (KDR) value to an index for use in the +/// SRTP/SRTCP KDF API. +/// +/// # Parameters +/// +/// * `kdr`: Key derivation rate to convert. +/// +/// # Returns +/// +/// Key derivation rate index (kdr_index). +/// +/// # Example +/// +/// ```rust +/// #[cfg(kdf_srtp)] +/// { +/// use wolfssl_wolfcrypt::kdf::*; +/// let kdr_index = srtp_kdr_to_index(16); +/// } +/// ``` +#[cfg(kdf_srtp)] +pub fn srtp_kdr_to_index(kdr: u32) -> i32 { + unsafe { sys::wc_SRTP_KDF_kdr_to_idx(kdr) } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lib.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,84 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#![no_std] + +/* bindgen-generated bindings to the C library */ +pub mod sys; + +pub mod aes; +pub mod blake2; +pub mod chacha20_poly1305; +pub mod cmac; +pub mod curve25519; +pub mod dh; +pub mod dilithium; +pub mod ecc; +pub mod ed25519; +pub mod ed448; +pub mod fips; +pub mod hkdf; +pub mod hmac; +pub mod kdf; +pub mod lms; +pub mod mlkem; +pub mod prf; +pub mod random; +pub mod rsa; +pub mod sha; + +/// Initialize resources used by wolfCrypt. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// use wolfssl_wolfcrypt::*; +/// wolfcrypt_init().expect("Error with wolfcrypt_init()"); +/// // ... use the library ... +/// wolfcrypt_cleanup().expect("wolfCrypt_Cleanup failed"); +/// ``` +pub fn wolfcrypt_init() -> Result<(), i32> { + let rc = unsafe { sys::wolfCrypt_Init() }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} + +/// Clean up resources used by wolfCrypt. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// See also: [`wolfcrypt_init`] +pub fn wolfcrypt_cleanup() -> Result<(), i32> { + let rc = unsafe { sys::wolfCrypt_Cleanup() }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/lms.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,785 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's LMS/HSS +(Leighton-Micali Signature / Hierarchical Signature System) post-quantum +hash-based signature functionality (RFC 8554). + +The primary component is the [`Lms`] struct, which manages the lifecycle of +a wolfSSL `LmsKey` object. It ensures proper initialization and deallocation. + +LMS/HSS signatures are controlled by three parameters: + +| Parameter | Valid Values | Effect | +|--------------|-----------------------|---------------------------------| +| `levels` | 1..8 | Number of Merkle tree levels | +| `height` | 5, 10, 15, 20, 25 | Height of each Merkle tree | +| `winternitz` | 1, 2, 4, 8 | Bits per Winternitz chain step | + +The total number of available signatures is `2^(levels * height)`. +Larger `winternitz` values reduce signature size at the cost of slower +key generation and signing. + +Predefined parameter sets are available as `Lms::PARM_*` constants +(e.g., `Lms::PARM_L1_H5_W4`), or parameters can be set directly via +[`Lms::set_parameters()`]. + +Signing requires private key I/O callbacks to persist the evolving private +key state. Register callbacks with [`Lms::set_write_cb()`] and +[`Lms::set_read_cb()`] before calling [`Lms::make_key()`] or +[`Lms::reload()`]. These methods are absent when wolfCrypt is built with +`WOLFSSL_LMS_VERIFY_ONLY`. + +# Examples + +```rust,no_run +#[cfg(all(lms, lms_make_key, random))] +{ +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::lms::Lms; +use wolfssl_wolfcrypt::sys; + +let mut rng = RNG::new().expect("RNG creation failed"); +let mut key = Lms::new().expect("Lms::new() failed"); + +// Use a small, fast parameter set for demonstration. +key.set_parm(Lms::PARM_L1_H5_W8).expect("set_parm failed"); + +// The private key I/O callbacks must be registered before making a key. +// (Omitted here for brevity; see set_write_cb / set_read_cb.) + +let sig_len = key.get_sig_len().expect("get_sig_len failed"); +let pub_len = key.get_pub_len().expect("get_pub_len failed"); +let mut sig = vec![0u8; sig_len]; +let mut pub_buf = vec![0u8; pub_len]; + +key.make_key(&mut rng).expect("make_key failed"); +key.sign(b"hello", &mut sig).expect("sign failed"); +key.export_pub_raw(&mut pub_buf).expect("export_pub_raw failed"); + +let mut vkey = Lms::new().expect("Lms::new() for verify failed"); +vkey.set_parm(Lms::PARM_L1_H5_W8).expect("set_parm failed"); +vkey.import_pub_raw(&pub_buf).expect("import_pub_raw failed"); +vkey.verify(&sig, b"hello").expect("verify failed"); +} +``` +*/ + +#![cfg(lms)] + +use crate::sys; +use core::mem::MaybeUninit; +#[cfg(all(lms_make_key, random))] +use crate::random::RNG; + +/// Rust wrapper for a wolfSSL `LmsKey` object (LMS/HSS, RFC 8554). +/// +/// Manages the lifecycle of the underlying key, including initialization and +/// deallocation via the [`Drop`] trait. +/// +/// An instance is created with [`Lms::new()`] or [`Lms::new_ex()`]. +/// Parameters must be set with [`Lms::set_parm()`] or +/// [`Lms::set_parameters()`] before generating or importing a key. +/// +/// When `WOLFSSL_LMS_VERIFY_ONLY` is **not** set, private-key callbacks must +/// be registered (see [`Lms::set_write_cb()`] and [`Lms::set_read_cb()`]) +/// before calling [`Lms::make_key()`] or [`Lms::reload()`]. +pub struct Lms { + ws_key: sys::LmsKey, +} + +#[cfg(lms_sha256_256)] +impl Lms { + pub const PARM_NONE: u32 = sys::wc_LmsParm_WC_LMS_PARM_NONE; + pub const PARM_L1_H5_W1: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W1; + pub const PARM_L1_H5_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W2; + pub const PARM_L1_H5_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W4; + pub const PARM_L1_H5_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H5_W8; + pub const PARM_L1_H10_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H10_W2; + pub const PARM_L1_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H10_W4; + pub const PARM_L1_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H10_W8; + pub const PARM_L1_H15_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H15_W2; + pub const PARM_L1_H15_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H15_W4; + pub const PARM_L1_H15_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H15_W8; + pub const PARM_L1_H20_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H20_W2; + pub const PARM_L1_H20_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H20_W4; + pub const PARM_L1_H20_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L1_H20_W8; + pub const PARM_L2_H5_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H5_W2; + pub const PARM_L2_H5_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H5_W4; + pub const PARM_L2_H5_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H5_W8; + pub const PARM_L2_H10_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H10_W2; + pub const PARM_L2_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H10_W4; + pub const PARM_L2_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H10_W8; + pub const PARM_L2_H15_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H15_W2; + pub const PARM_L2_H15_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H15_W4; + pub const PARM_L2_H15_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H15_W8; + pub const PARM_L2_H20_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H20_W2; + pub const PARM_L2_H20_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H20_W4; + pub const PARM_L2_H20_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L2_H20_W8; + pub const PARM_L3_H5_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L3_H5_W2; + pub const PARM_L3_H5_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L3_H5_W4; + pub const PARM_L3_H5_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L3_H5_W8; + pub const PARM_L3_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L3_H10_W4; + pub const PARM_L3_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L3_H10_W8; + pub const PARM_L4_H5_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_L4_H5_W2; + pub const PARM_L4_H5_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L4_H5_W4; + pub const PARM_L4_H5_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L4_H5_W8; + pub const PARM_L4_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_L4_H10_W4; + pub const PARM_L4_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_L4_H10_W8; +} + +#[cfg(lms_sha256_192)] +impl Lms { + pub const PARM_SHA256_192_L1_H5_W1 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H5_W1; + pub const PARM_SHA256_192_L1_H5_W2 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H5_W2; + pub const PARM_SHA256_192_L1_H5_W4 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H5_W4; + pub const PARM_SHA256_192_L1_H5_W8 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H5_W8; + pub const PARM_SHA256_192_L1_H10_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H10_W2; + pub const PARM_SHA256_192_L1_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H10_W4; + pub const PARM_SHA256_192_L1_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H10_W8; + pub const PARM_SHA256_192_L1_H15_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H15_W2; + pub const PARM_SHA256_192_L1_H15_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H15_W4; + pub const PARM_SHA256_192_L1_H20_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H20_W2; + pub const PARM_SHA256_192_L1_H20_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H20_W4; + pub const PARM_SHA256_192_L1_H20_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L1_H20_W8; + pub const PARM_SHA256_192_L2_H10_W2: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L2_H10_W2; + pub const PARM_SHA256_192_L2_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L2_H10_W4; + pub const PARM_SHA256_192_L2_H10_W8: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L2_H10_W8; + pub const PARM_SHA256_192_L3_H5_W2 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L3_H5_W2; + pub const PARM_SHA256_192_L3_H5_W4 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L3_H5_W4; + pub const PARM_SHA256_192_L3_H5_W8 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L3_H5_W8; + pub const PARM_SHA256_192_L3_H10_W4: u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L3_H10_W4; + pub const PARM_SHA256_192_L4_H5_W8 : u32 = sys::wc_LmsParm_WC_LMS_PARM_SHA256_192_L4_H5_W8; +} + +impl Lms { + /// Length of the LMS Key ID (`WC_LMS_I_LEN` = 16 bytes). + pub const KEY_ID_LEN: usize = sys::WC_LMS_I_LEN as usize; + + /// Create and initialize a new `Lms` key instance. + /// + /// # Returns + /// + /// Returns either Ok(Lms) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let key = Lms::new().expect("Error with Lms::new()"); + /// } + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Create and initialize a new `Lms` key instance with optional heap hint + /// and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(Lms) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let key = Lms::new_ex(None, None).expect("Error with Lms::new_ex()"); + /// } + /// ``` + pub fn new_ex( + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + let heap = match heap { + Some(h) => h, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(id) => id, + None => sys::INVALID_DEVID, + }; + let mut ws_key: MaybeUninit = MaybeUninit::uninit(); + let rc = unsafe { sys::wc_LmsKey_Init(ws_key.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let ws_key = unsafe { ws_key.assume_init() }; + let lms = Lms { ws_key }; + Ok(lms) + } + + /// Set parameters using a predefined `wc_LmsParm` parameter set. + /// + /// Use `Lms::PARM_*` constants for the `parm` value (e.g., + /// `Lms::PARM_L1_H5_W8`). + /// + /// # Parameters + /// + /// * `parm`: A `Lms::PARM_*` value identifying the parameter set. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// } + /// ``` + pub fn set_parm(&mut self, parm: u32) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_SetLmsParm(&mut self.ws_key, parm) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Set LMS/HSS parameters directly by levels, height, and Winternitz factor. + /// + /// # Parameters + /// + /// * `levels`: Number of Merkle tree levels (1..8). + /// * `height`: Height of each Merkle tree (5, 10, 15, 20, or 25). + /// * `winternitz`: Winternitz factor (1, 2, 4, or 8). + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parameters(1, 5, 8).expect("Error with set_parameters()"); + /// } + /// ``` + pub fn set_parameters(&mut self, levels: i32, height: i32, winternitz: i32) -> Result<(), i32> { + let rc = unsafe { + sys::wc_LmsKey_SetParameters(&mut self.ws_key, levels, height, winternitz) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the current LMS/HSS parameter values. + /// + /// # Returns + /// + /// Returns either Ok((levels, height, winternitz)) on success or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parameters(1, 5, 8).expect("Error with set_parameters()"); + /// let (levels, height, winternitz) = key.get_parameters() + /// .expect("Error with get_parameters()"); + /// assert_eq!((levels, height, winternitz), (1, 5, 8)); + /// } + /// ``` + pub fn get_parameters(&self) -> Result<(i32, i32, i32), i32> { + let mut levels = 0i32; + let mut height = 0i32; + let mut winternitz = 0i32; + let rc = unsafe { + sys::wc_LmsKey_GetParameters( + &self.ws_key, + &mut levels, + &mut height, + &mut winternitz, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok((levels, height, winternitz)) + } + + /// Register a callback to write (persist) the private key. + /// + /// The callback is called by [`Lms::make_key()`] and [`Lms::sign()`] + /// whenever the private key state must be saved to non-volatile storage. + /// + /// # Parameters + /// + /// * `write_cb`: Callback function of type + /// `wc_lms_write_private_key_cb`. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(lms_make_key)] + pub fn set_write_cb(&mut self, write_cb: sys::wc_lms_write_private_key_cb) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_SetWriteCb(&mut self.ws_key, write_cb) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Register a callback to read (restore) the private key. + /// + /// The callback is called by [`Lms::reload()`] and [`Lms::sign()`] + /// whenever the private key must be read from non-volatile storage. + /// + /// # Parameters + /// + /// * `read_cb`: Callback function of type `wc_lms_read_private_key_cb`. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(lms_make_key)] + pub fn set_read_cb(&mut self, read_cb: sys::wc_lms_read_private_key_cb) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_SetReadCb(&mut self.ws_key, read_cb) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Set the context pointer passed to the private key I/O callbacks. + /// + /// # Parameters + /// + /// * `context`: An arbitrary pointer passed unchanged to the write and + /// read callbacks. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Safety + /// + /// The caller must ensure `context` remains valid for as long as the key + /// may invoke the registered write or read callbacks (i.e., across calls + /// to [`Lms::make_key()`], [`Lms::reload()`], and [`Lms::sign()`]). + #[cfg(lms_make_key)] + pub unsafe fn set_context(&mut self, context: *mut core::ffi::c_void) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_SetContext(&mut self.ws_key, context) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate a new LMS/HSS key pair using an RNG. + /// + /// Parameters must be set with [`Lms::set_parm()`] or + /// [`Lms::set_parameters()`] and private key callbacks must be + /// registered with [`Lms::set_write_cb()`] and [`Lms::set_read_cb()`] + /// before calling this function. + /// + /// # Parameters + /// + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(lms, lms_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// // Register write/read callbacks before calling make_key(). + /// // key.make_key(&mut rng).expect("Error with make_key()"); + /// } + /// ``` + #[cfg(all(lms_make_key, random))] + pub fn make_key(&mut self, rng: &mut RNG) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_MakeKey(&mut self.ws_key, &mut rng.wc_rng) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Reload a previously generated LMS/HSS key from non-volatile storage. + /// + /// The read callback registered with [`Lms::set_read_cb()`] is called + /// to restore the private key state. Parameters must have been set and + /// the read callback registered before calling this function. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(lms_make_key)] + pub fn reload(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_LmsKey_Reload(&mut self.ws_key) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the encoded private key length in bytes. + /// + /// # Returns + /// + /// Returns either Ok(length) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(lms_make_key)] + pub fn get_priv_len(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_LmsKey_GetPrivLen(&self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Sign a message with this LMS/HSS private key. + /// + /// The `sig` buffer must be at least `get_sig_len()` bytes. The write + /// callback is invoked to persist the updated private key state after + /// signing. + /// + /// # Parameters + /// + /// * `msg`: Message bytes to sign. + /// * `sig`: Output buffer for the signature. Must be at least + /// `get_sig_len()` bytes. + /// + /// # Returns + /// + /// Returns either Ok(sig_len) containing the number of bytes written to + /// `sig` on success, or Err(e) containing the wolfSSL library error code. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(lms, lms_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// // Register callbacks and make key first (omitted for brevity). + /// // let sig_len = key.get_sig_len().unwrap(); + /// // let mut sig = vec![0u8; sig_len]; + /// // let written = key.sign(b"hello", &mut sig).expect("Error with sign()"); + /// // assert_eq!(written, sig_len); + /// } + /// ``` + #[cfg(lms_make_key)] + pub fn sign(&mut self, msg: &[u8], sig: &mut [u8]) -> Result { + // wc_LmsKey_Sign treats sigSz as write-only: it writes sig_len bytes + // to sig without reading or checking *sigSz beforehand. Validate here. + let expected_sig_len = self.get_sig_len()?; + if sig.len() < expected_sig_len { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let mut sig_sz = sig.len() as u32; + let rc = unsafe { + sys::wc_LmsKey_Sign( + &mut self.ws_key, + sig.as_mut_ptr(), + &mut sig_sz, + msg.as_ptr(), + msg.len() as core::ffi::c_int, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(sig_sz as usize) + } + + /// Return the number of signatures remaining for this key. + /// + /// Returns `Ok(true)` if at least one signature remains, `Ok(false)` if + /// exhausted, or `Err(e)` on error. This is a conservative check only. + /// + /// # Returns + /// + /// Returns either Ok(count) on success or Err(e) containing the wolfSSL + /// library error code value. + #[cfg(lms_make_key)] + pub fn sigs_left(&mut self) -> Result { + let rc = unsafe { sys::wc_LmsKey_SigsLeft(&mut self.ws_key) }; + if rc < 0 { + return Err(rc); + } + Ok(rc != 0) + } + + /// Get the signature length in bytes for this key's parameters. + /// + /// # Returns + /// + /// Returns either Ok(length) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + /// assert!(sig_len > 0); + /// } + /// ``` + pub fn get_sig_len(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_LmsKey_GetSigLen(&self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Get the public key length in bytes for this key's parameters. + /// + /// # Returns + /// + /// Returns either Ok(length) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(lms)] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// let pub_len = key.get_pub_len().expect("Error with get_pub_len()"); + /// assert!(pub_len > 0); + /// } + /// ``` + pub fn get_pub_len(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_LmsKey_GetPubLen(&self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Copy the public key from `src` into this key instance. + /// + /// Both keys must have matching parameters. After a successful call, + /// this key can be used for verification. + /// + /// # Parameters + /// + /// * `src`: Source key to copy the public portion from. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + pub fn export_pub_from(&mut self, src: &Lms) -> Result<(), i32> { + let rc = unsafe { + sys::wc_LmsKey_ExportPub(&mut self.ws_key, &src.ws_key) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export the raw public key bytes into `out`. + /// + /// The `out` buffer must be at least `get_pub_len()` bytes. + /// + /// # Parameters + /// + /// * `out`: Output buffer for the raw public key. Must be at least + /// `get_pub_len()` bytes. + /// + /// # Returns + /// + /// Returns either Ok(length) containing the number of bytes written on + /// success, or Err(e) containing the wolfSSL library error code. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(lms, lms_make_key, random))] + /// { + /// use wolfssl_wolfcrypt::lms::Lms; + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + /// // After make_key(): + /// // let pub_len = key.get_pub_len().unwrap(); + /// // let mut pub_buf = vec![0u8; pub_len]; + /// // let written = key.export_pub_raw(&mut pub_buf).unwrap(); + /// } + /// ``` + pub fn export_pub_raw(&self, out: &mut [u8]) -> Result { + let mut out_len = out.len() as u32; + let rc = unsafe { + sys::wc_LmsKey_ExportPubRaw(&self.ws_key, out.as_mut_ptr(), &mut out_len) + }; + if rc != 0 { + return Err(rc); + } + Ok(out_len as usize) + } + + /// Import a raw public key from `data` into this key instance. + /// + /// Parameters **must** be set with [`Lms::set_parm()`] or + /// [`Lms::set_parameters()`] before calling this function, and the + /// length of `data` must match `get_pub_len()`. After a successful + /// import the key can be used for verification. + /// + /// # Parameters + /// + /// * `data`: Buffer containing the raw public key bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust,ignore + /// let mut key = Lms::new().expect("Error with Lms::new()"); + /// key.set_parm(Lms::PARM_L1_H5_W8).expect("set_parm failed"); + /// key.import_pub_raw(&pub_buf).expect("Error with import_pub_raw()"); + /// ``` + pub fn import_pub_raw(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_LmsKey_ImportPubRaw(&mut self.ws_key, data.as_ptr(), data.len() as u32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Verify an LMS/HSS signature over a message. + /// + /// The key must have a public key loaded (via [`Lms::make_key()`], + /// [`Lms::reload()`], or [`Lms::import_pub_raw()`]). + /// + /// # Parameters + /// + /// * `sig`: Signature bytes to verify. + /// * `msg`: Message bytes that were signed. + /// + /// # Returns + /// + /// Returns either Ok(()) if the signature is valid, or Err(e) containing + /// the wolfSSL library error code value (including a verification failure + /// code). + pub fn verify(&mut self, sig: &[u8], msg: &[u8]) -> Result<(), i32> { + // wc_lms.c validates sigSz, but ext_lms.c passes sigSz through to + // hss_validate_signature without checking it. Validate here for both. + let expected_sig_len = self.get_sig_len()?; + if sig.len() != expected_sig_len { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_LmsKey_Verify( + &mut self.ws_key, + sig.as_ptr(), + sig.len() as u32, + msg.as_ptr(), + msg.len() as core::ffi::c_int, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the Key ID (I value) for this LMS/HSS key. + /// + /// Returns a slice pointing into the key's internal storage. + /// + /// # Returns + /// + /// Returns either Ok(&[u8]) containing the key ID on success, or Err(e) + /// containing the wolfSSL library error code value. + pub fn get_kid(&mut self) -> Result<&[u8], i32> { + let mut kid_ptr: *const u8 = core::ptr::null(); + let mut kid_sz: u32 = 0; + let rc = unsafe { + sys::wc_LmsKey_GetKid(&mut self.ws_key, &mut kid_ptr, &mut kid_sz) + }; + if rc != 0 { + return Err(rc); + } + let slice = unsafe { core::slice::from_raw_parts(kid_ptr, kid_sz as usize) }; + Ok(slice) + } +} + +impl Drop for Lms { + /// Safely free the underlying wolfSSL LMS/HSS key context. + /// + /// This calls `wc_LmsKey_Free()`. The Rust Drop trait guarantees this + /// is called when the `Lms` struct goes out of scope. + fn drop(&mut self) { + unsafe { + sys::wc_LmsKey_Free(&mut self.ws_key); + } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/mlkem.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,792 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's ML-KEM +(Module-Lattice-Based Key-Encapsulation Mechanism) post-quantum key +encapsulation functionality. + +The primary component is the [`MlKem`] struct, which manages the lifecycle of +a wolfSSL `MlKemKey` object. It ensures proper initialization and deallocation. + +Three security parameter sets are supported, selected via the type argument at +construction time: + +| Constant | NIST Security Level | +|-----------------------|---------------------| +| [`MlKem::TYPE_512`] | 1 (ML-KEM-512) | +| [`MlKem::TYPE_768`] | 3 (ML-KEM-768) | +| [`MlKem::TYPE_1024`] | 5 (ML-KEM-1024) | + +# Examples + +```rust +#[cfg(all(mlkem, random))] +{ +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::mlkem::MlKem; +let mut rng = RNG::new().expect("RNG creation failed"); +let mut alice = MlKem::generate(MlKem::TYPE_768, &mut rng) + .expect("Key generation failed"); +let ct_size = alice.cipher_text_size().expect("cipher_text_size failed"); +let ss_size = alice.shared_secret_size().expect("shared_secret_size failed"); +let mut ct = vec![0u8; ct_size]; +let mut ss_alice = vec![0u8; ss_size]; +alice.encapsulate(&mut ct, &mut ss_alice, &mut rng) + .expect("Encapsulation failed"); +let mut ss_bob = vec![0u8; ss_size]; +alice.decapsulate(&mut ss_bob, &ct) + .expect("Decapsulation failed"); +assert_eq!(ss_alice, ss_bob); +} +``` +*/ + +#![cfg(mlkem)] + +use crate::sys; +#[cfg(random)] +use crate::random::RNG; + +/// Rust wrapper for a wolfSSL `MlKemKey` object. +/// +/// Manages the lifecycle of the underlying heap-allocated key, including +/// initialization and deallocation via the [`Drop`] trait. +/// +/// An instance is created with [`MlKem::generate()`], +/// [`MlKem::generate_with_random()`], or [`MlKem::new()`]. +pub struct MlKem { + ws_key: *mut sys::MlKemKey, +} + +impl MlKem { + /// ML-KEM-512 key type (NIST Security Level 1). + pub const TYPE_512: i32 = sys::WC_ML_KEM_512 as i32; + /// ML-KEM-768 key type (NIST Security Level 3). + pub const TYPE_768: i32 = sys::WC_ML_KEM_768 as i32; + /// ML-KEM-1024 key type (NIST Security Level 5). + pub const TYPE_1024: i32 = sys::WC_ML_KEM_1024 as i32; + + /// Symmetric data size in bytes (`WC_ML_KEM_SYM_SZ` = 32). + pub const SYM_SIZE: usize = sys::WC_ML_KEM_SYM_SZ as usize; + /// Shared secret size in bytes (`WC_ML_KEM_SS_SZ` = 32). + pub const SHARED_SECRET_SIZE: usize = sys::WC_ML_KEM_SS_SZ as usize; + /// Random bytes required for key generation (`WC_ML_KEM_MAKEKEY_RAND_SZ` = 64). + pub const MAKEKEY_RAND_SIZE: usize = sys::WC_ML_KEM_MAKEKEY_RAND_SZ as usize; + /// Random bytes required for encapsulation (`WC_ML_KEM_ENC_RAND_SZ` = 32). + pub const ENC_RAND_SIZE: usize = sys::WC_ML_KEM_ENC_RAND_SZ as usize; + + /// Generate a new ML-KEM key pair using a random number generator. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// * `rng`: `RNG` instance to use for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate(key_type: i32, rng: &mut RNG) -> Result { + Self::generate_ex(key_type, rng, None, None) + } + + /// Generate a new ML-KEM key pair with optional heap hint and device ID. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// * `rng`: `RNG` instance to use for random number generation. + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key = MlKem::generate_ex(MlKem::TYPE_768, &mut rng, None, None) + /// .expect("Error with generate_ex()"); + /// } + /// ``` + #[cfg(random)] + pub fn generate_ex( + key_type: i32, + rng: &mut RNG, + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + let key = Self::new_ex(key_type, heap, dev_id)?; + let rc = unsafe { sys::wc_MlKemKey_MakeKey(key.ws_key, &mut rng.wc_rng) }; + if rc != 0 { + return Err(rc); + } + Ok(key) + } + + /// Generate an ML-KEM key pair from caller-supplied random bytes. + /// + /// Produces the same key pair for a given `(key_type, rand)` pair, enabling + /// deterministic key generation. The `rand` buffer must be exactly + /// [`MlKem::MAKEKEY_RAND_SIZE`] (64) bytes. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// * `rand`: Random bytes. Must be `MAKEKEY_RAND_SIZE` (64) bytes. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let rand = [0x42u8; 64]; + /// let key = MlKem::generate_with_random(MlKem::TYPE_768, &rand) + /// .expect("Error with generate_with_random()"); + /// } + /// ``` + pub fn generate_with_random(key_type: i32, rand: &[u8]) -> Result { + Self::generate_with_random_ex(key_type, rand, None, None) + } + + /// Generate an ML-KEM key pair from caller-supplied random bytes with + /// optional heap hint and device ID. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// * `rand`: Random bytes. Must be `MAKEKEY_RAND_SIZE` (64) bytes. + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let rand = [0x42u8; 64]; + /// let key = MlKem::generate_with_random_ex(MlKem::TYPE_768, &rand, None, None) + /// .expect("Error with generate_with_random_ex()"); + /// } + /// ``` + pub fn generate_with_random_ex( + key_type: i32, + rand: &[u8], + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + if rand.len() != Self::MAKEKEY_RAND_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let key = Self::new_ex(key_type, heap, dev_id)?; + let rc = unsafe { + sys::wc_MlKemKey_MakeKeyWithRandom( + key.ws_key, + rand.as_ptr(), + rand.len() as core::ffi::c_int, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(key) + } + + /// Create and initialize a new ML-KEM key instance without generating key + /// material. + /// + /// Key material can be loaded afterwards using [`MlKem::decode_public_key()`] + /// or [`MlKem::decode_private_key()`]. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// } + /// ``` + pub fn new(key_type: i32) -> Result { + Self::new_ex(key_type, None, None) + } + + /// Create and initialize a new ML-KEM key instance with optional heap hint + /// and device ID. + /// + /// # Parameters + /// + /// * `key_type`: Key type. One of [`MlKem::TYPE_512`], [`MlKem::TYPE_768`], + /// or [`MlKem::TYPE_1024`]. + /// * `heap`: Optional heap hint. + /// * `dev_id`: Optional device ID for crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(MlKem) containing the key instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let key = MlKem::new_ex(MlKem::TYPE_768, None, None).expect("Error with new_ex()"); + /// } + /// ``` + pub fn new_ex( + key_type: i32, + heap: Option<*mut core::ffi::c_void>, + dev_id: Option, + ) -> Result { + let heap = match heap { + Some(h) => h, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(id) => id, + None => sys::INVALID_DEVID, + }; + let ws_key = unsafe { sys::wc_MlKemKey_New(key_type, heap, dev_id) }; + if ws_key.is_null() { + return Err(sys::wolfCrypt_ErrorCodes_MEMORY_E); + } + Ok(MlKem { ws_key }) + } + + /// Get the cipher text size in bytes for this key's type. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + /// assert!(ct_size > 0); + /// } + /// ``` + pub fn cipher_text_size(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_MlKemKey_CipherTextSize(self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Get the shared secret size in bytes for this key's type. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + /// assert_eq!(ss_size, MlKem::SHARED_SECRET_SIZE); + /// } + /// ``` + pub fn shared_secret_size(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_MlKemKey_SharedSecretSize(self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Get the private key size in bytes for this key's type. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// let priv_size = key.private_key_size().expect("Error with private_key_size()"); + /// assert!(priv_size > 0); + /// } + /// ``` + pub fn private_key_size(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_MlKemKey_PrivateKeySize(self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Get the public key size in bytes for this key's type. + /// + /// # Returns + /// + /// Returns either Ok(size) or Err(e) containing the wolfSSL library error + /// code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// let pub_size = key.public_key_size().expect("Error with public_key_size()"); + /// assert!(pub_size > 0); + /// } + /// ``` + pub fn public_key_size(&self) -> Result { + let mut len = 0u32; + let rc = unsafe { sys::wc_MlKemKey_PublicKeySize(self.ws_key, &mut len) }; + if rc != 0 { + return Err(rc); + } + Ok(len as usize) + } + + /// Encapsulate: generate a shared secret and cipher text using this + /// public key and an RNG. + /// + /// The `ct` buffer must be exactly `cipher_text_size()` bytes. + /// The `ss` buffer must be exactly `SHARED_SECRET_SIZE` bytes. + /// + /// # Parameters + /// + /// * `ct`: Output buffer for the cipher text. + /// * `ss`: Output buffer for the shared secret. + /// * `rng`: `RNG` instance for random number generation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let ct_size = key.cipher_text_size().unwrap(); + /// let ss_size = key.shared_secret_size().unwrap(); + /// let mut ct = vec![0u8; ct_size]; + /// let mut ss = vec![0u8; ss_size]; + /// key.encapsulate(&mut ct, &mut ss, &mut rng) + /// .expect("Error with encapsulate()"); + /// } + /// ``` + #[cfg(random)] + pub fn encapsulate( + &mut self, + ct: &mut [u8], + ss: &mut [u8], + rng: &mut RNG, + ) -> Result<(), i32> { + // Verify the cipher text length is as expected based on the parameter + // set (key type) in use. + let expected_ct_size = self.cipher_text_size()?; + if ct.len() != expected_ct_size { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + // Verify the shared secret length is as expected. + if ss.len() != Self::SHARED_SECRET_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_MlKemKey_Encapsulate( + self.ws_key, + ct.as_mut_ptr(), + ss.as_mut_ptr(), + &mut rng.wc_rng, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encapsulate using caller-supplied random bytes instead of an RNG. + /// + /// Produces the same cipher text and shared secret for a given + /// `(public_key, rand)` pair, enabling deterministic encapsulation. + /// The `rand` buffer must be exactly [`MlKem::ENC_RAND_SIZE`] (32) bytes. + /// + /// # Parameters + /// + /// * `ct`: Output buffer for the cipher text. + /// * `ss`: Output buffer for the shared secret. + /// * `rand`: Caller-supplied random bytes. Must be `ENC_RAND_SIZE` (32) bytes. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(mlkem)] + /// { + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let key_rand = [0x42u8; 64]; + /// let enc_rand = [0x55u8; 32]; + /// let mut key = MlKem::generate_with_random(MlKem::TYPE_768, &key_rand) + /// .expect("Error with generate_with_random()"); + /// let ct_size = key.cipher_text_size().unwrap(); + /// let ss_size = key.shared_secret_size().unwrap(); + /// let mut ct = vec![0u8; ct_size]; + /// let mut ss = vec![0u8; ss_size]; + /// key.encapsulate_with_random(&mut ct, &mut ss, &enc_rand) + /// .expect("Error with encapsulate_with_random()"); + /// } + /// ``` + pub fn encapsulate_with_random( + &mut self, + ct: &mut [u8], + ss: &mut [u8], + rand: &[u8], + ) -> Result<(), i32> { + if rand.len() != Self::ENC_RAND_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + // Verify the cipher text length is as expected based on the parameter + // set (key type) in use. + let expected_ct_size = self.cipher_text_size()?; + if ct.len() != expected_ct_size { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + // Verify the shared secret length is as expected. + if ss.len() != Self::SHARED_SECRET_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_MlKemKey_EncapsulateWithRandom( + self.ws_key, + ct.as_mut_ptr(), + ss.as_mut_ptr(), + rand.as_ptr(), + rand.len() as core::ffi::c_int, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decapsulate: recover the shared secret from a cipher text using this + /// private key. + /// + /// The `ss` buffer must be exactly `SHARED_SECRET_SIZE` bytes. + /// The `ct` length is validated against the expected cipher text size for + /// the key type by the C library. + /// + /// # Parameters + /// + /// * `ss`: Output buffer for the shared secret. + /// * `ct`: Cipher text produced by [`MlKem::encapsulate()`] or + /// [`MlKem::encapsulate_with_random()`]. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let ct_size = key.cipher_text_size().unwrap(); + /// let ss_size = key.shared_secret_size().unwrap(); + /// let mut ct = vec![0u8; ct_size]; + /// let mut ss_enc = vec![0u8; ss_size]; + /// key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + /// .expect("Error with encapsulate()"); + /// let mut ss_dec = vec![0u8; ss_size]; + /// key.decapsulate(&mut ss_dec, &ct) + /// .expect("Error with decapsulate()"); + /// assert_eq!(ss_enc, ss_dec); + /// } + /// ``` + pub fn decapsulate(&mut self, ss: &mut [u8], ct: &[u8]) -> Result<(), i32> { + // Verify the shared secret length is as expected. + if ss.len() != Self::SHARED_SECRET_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_MlKemKey_Decapsulate( + self.ws_key, + ss.as_mut_ptr(), + ct.as_ptr(), + ct.len() as u32, + ) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encode (export) the public key to a byte buffer. + /// + /// The `out` buffer must be exactly `public_key_size()` bytes. + /// + /// # Parameters + /// + /// * `out`: Output buffer to receive the encoded public key. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let pub_size = key.public_key_size().unwrap(); + /// let mut pub_buf = vec![0u8; pub_size]; + /// let written = key.encode_public_key(&mut pub_buf) + /// .expect("Error with encode_public_key()"); + /// assert_eq!(written, pub_size); + /// } + /// ``` + pub fn encode_public_key(&self, out: &mut [u8]) -> Result { + let rc = unsafe { + sys::wc_MlKemKey_EncodePublicKey(self.ws_key, out.as_mut_ptr(), out.len() as u32) + }; + if rc != 0 { + return Err(rc); + } + Ok(out.len()) + } + + /// Encode (export) the private key to a byte buffer. + /// + /// The `out` buffer must be exactly `private_key_size()` bytes. + /// + /// # Parameters + /// + /// * `out`: Output buffer to receive the encoded private key. + /// + /// # Returns + /// + /// Returns either Ok(size) containing the number of bytes written or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let priv_size = key.private_key_size().unwrap(); + /// let mut priv_buf = vec![0u8; priv_size]; + /// let written = key.encode_private_key(&mut priv_buf) + /// .expect("Error with encode_private_key()"); + /// assert_eq!(written, priv_size); + /// } + /// ``` + pub fn encode_private_key(&self, out: &mut [u8]) -> Result { + let rc = unsafe { + sys::wc_MlKemKey_EncodePrivateKey(self.ws_key, out.as_mut_ptr(), out.len() as u32) + }; + if rc != 0 { + return Err(rc); + } + Ok(out.len()) + } + + /// Decode (import) a public key from a byte buffer. + /// + /// # Parameters + /// + /// * `data`: Input buffer containing the encoded public key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let pub_size = key.public_key_size().unwrap(); + /// let mut pub_buf = vec![0u8; pub_size]; + /// key.encode_public_key(&mut pub_buf).expect("Error with encode_public_key()"); + /// let mut key2 = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// key2.decode_public_key(&pub_buf).expect("Error with decode_public_key()"); + /// } + /// ``` + pub fn decode_public_key(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_MlKemKey_DecodePublicKey(self.ws_key, data.as_ptr(), data.len() as u32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decode (import) a private key from a byte buffer. + /// + /// # Parameters + /// + /// * `data`: Input buffer containing the encoded private key. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(mlkem, random))] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::mlkem::MlKem; + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + /// .expect("Error with generate()"); + /// let priv_size = key.private_key_size().unwrap(); + /// let mut priv_buf = vec![0u8; priv_size]; + /// key.encode_private_key(&mut priv_buf).expect("Error with encode_private_key()"); + /// let mut key2 = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + /// key2.decode_private_key(&priv_buf).expect("Error with decode_private_key()"); + /// } + /// ``` + pub fn decode_private_key(&mut self, data: &[u8]) -> Result<(), i32> { + let rc = unsafe { + sys::wc_MlKemKey_DecodePrivateKey(self.ws_key, data.as_ptr(), data.len() as u32) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +impl Drop for MlKem { + /// Safely free the underlying wolfSSL ML-KEM key context. + /// + /// This calls `wc_MlKemKey_Delete()`. The Rust Drop trait guarantees this + /// is called when the `MlKem` struct goes out of scope. + fn drop(&mut self) { + unsafe { + sys::wc_MlKemKey_Delete(self.ws_key, core::ptr::null_mut()); + } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/prf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,144 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Pseudo Random +Function (PRF) functionality. +*/ + +#![cfg(prf)] + +use crate::sys; + +pub const PRF_HASH_NONE: i32 = sys::wc_MACAlgorithm_no_mac as i32; +pub const PRF_HASH_MD5: i32 = sys::wc_MACAlgorithm_md5_mac as i32; +pub const PRF_HASH_SHA: i32 = sys::wc_MACAlgorithm_sha_mac as i32; +pub const PRF_HASH_SHA224: i32 = sys::wc_MACAlgorithm_sha224_mac as i32; +pub const PRF_HASH_SHA256: i32 = sys::wc_MACAlgorithm_sha256_mac as i32; +pub const PRF_HASH_SHA384: i32 = sys::wc_MACAlgorithm_sha384_mac as i32; +pub const PRF_HASH_SHA512: i32 = sys::wc_MACAlgorithm_sha512_mac as i32; +pub const PRF_HASH_RMD: i32 = sys::wc_MACAlgorithm_rmd_mac as i32; +pub const PRF_HASH_BLAKE2B: i32 = sys::wc_MACAlgorithm_blake2b_mac as i32; +pub const PRF_HASH_SM3: i32 = sys::wc_MACAlgorithm_sm3_mac as i32; + +/// Pseudo Random Function for MD5, SHA-1, SHA-256, SHA-384, or SHA-512. +/// +/// # Parameters +/// +/// * `secret`: Secret key. +/// * `seed`: Seed. +/// * `hash_type`: PRF Hash type, one of `PRF_HASH_*`. +/// * `dout`: Output buffer. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(sha384)] +/// { +/// use wolfssl_wolfcrypt::prf::*; +/// let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, +/// 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, +/// 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, +/// 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, +/// 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, +/// 0x9d, 0xfc, 0x47]; +/// let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, +/// 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, +/// 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, +/// 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, +/// 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, +/// 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, +/// 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; +/// let mut out = [0u8; 12]; +/// prf(&secret, &seed, PRF_HASH_SHA384, &mut out).expect("Error with prf()"); +/// } +/// ``` +pub fn prf(secret: &[u8], seed: &[u8], hash_type: i32, dout: &mut [u8]) -> Result<(), i32> { + prf_ex(secret, seed, hash_type, None, None, dout) +} + +/// Pseudo Random Function for MD5, SHA-1, SHA-256, SHA-384, or SHA-512 with +/// optional heap and device ID. +/// +/// # Parameters +/// +/// * `secret`: Secret key. +/// * `seed`: Seed. +/// * `hash_type`: PRF Hash type, one of `PRF_HASH_*`. +/// * `heap`: Optional heap hint. +/// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. +/// * `dout`: Output buffer. +/// +/// # Returns +/// +/// Returns either Ok(()) on success or Err(e) containing the wolfSSL +/// library error code value. +/// +/// # Example +/// +/// ```rust +/// #[cfg(sha384)] +/// { +/// use wolfssl_wolfcrypt::prf::*; +/// let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, +/// 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, +/// 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, +/// 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, +/// 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, +/// 0x9d, 0xfc, 0x47]; +/// let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, +/// 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, +/// 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, +/// 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, +/// 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, +/// 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, +/// 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; +/// let mut out = [0u8; 12]; +/// prf_ex(&secret, &seed, PRF_HASH_SHA384, None, None, &mut out).expect("Error with prf_ex()"); +/// } +/// ``` +pub fn prf_ex(secret: &[u8], seed: &[u8], hash_type: i32, heap: Option<*mut core::ffi::c_void>, dev_id: Option, dout: &mut [u8]) -> Result<(), i32> { + let secret_size = secret.len() as u32; + let seed_size = seed.len() as u32; + let dout_size = dout.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_PRF(dout.as_mut_ptr(), dout_size, + secret.as_ptr(), secret_size, + seed.as_ptr(), seed_size, + hash_type, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/random.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/random.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/random.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/random.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,394 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's random number +generator (RNG). + +The primary component is the `RNG` struct, which manages the lifecycle of a +wolfSSL `WC_RNG` object. It ensures proper initialization and deallocation. + +# Examples + +```rust +use wolfssl_wolfcrypt::random::RNG; + +// Create a RNG instance. +let mut rng = RNG::new().expect("Failed to create RNG"); + +// Generate a single random byte value. +let byte = rng.generate_byte().expect("Failed to generate a single byte"); + +// Generate a random block. +let mut buffer = [0u32; 8]; +rng.generate_block(&mut buffer).expect("Failed to generate a block"); +``` +*/ + +#![cfg(random)] + +use crate::sys; +use core::mem::{size_of_val, MaybeUninit}; + +/// A cryptographically secure random number generator based on the wolfSSL +/// library. +/// +/// This struct wraps the wolfssl `WC_RNG` type, providing a high-level API +/// for generating random bytes and blocks of data. The `Drop` implementation +/// ensures that the underlying wolfSSL RNG context is correctly freed when the +/// `RNG` struct goes out of scope, preventing memory leaks. +pub struct RNG { + pub(crate) wc_rng: sys::WC_RNG, +} + +impl RNG { + /// Initialize a new `RNG` instance. + /// + /// This function wraps the wolfssl library function `wc_InitRng`, which + /// performs the necessary initialization for the RNG context. + /// + /// # Returns + /// + /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new() -> Result { + RNG::new_ex(None, None) + } + + /// Initialize a new `RNG` instance with optional heap and device ID. + /// + /// This function wraps the wolfssl library function `wc_InitRng`, which + /// performs the necessary initialization for the RNG context. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + #[cfg(fips)] + { + let rc = unsafe { + sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed)) + }; + if rc != 0 { + return Err(rc); + } + } + let mut rng: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitRng_ex(&mut (*rng.as_mut_ptr()).wc_rng, heap, dev_id) + }; + if rc == 0 { + let rng = unsafe { rng.assume_init() }; + Ok(rng) + } else { + Err(rc) + } + } + + /// Initialize a new `RNG` instance and provide a nonce input. + /// + /// This function wraps the wolfssl library function `wc_InitRngNonce`, + /// which performs the necessary initialization for the RNG context and + /// accepts a nonce input buffer. + /// + /// # Returns + /// + /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_with_nonce(nonce: &mut [T]) -> Result { + RNG::new_with_nonce_ex(nonce, None, None) + } + + /// Initialize a new `RNG` instance and provide a nonce input. + /// + /// This function wraps the wolfssl library function `wc_InitRngNonce`, + /// which performs the necessary initialization for the RNG context and + /// accepts a nonce input buffer. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// A Result which is Ok(RNG) on success or an Err containing the wolfSSL + /// library return code on failure. + pub fn new_with_nonce_ex(nonce: &mut [T], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + #[cfg(fips)] + { + let rc = unsafe { + sys::wc_SetSeed_Cb_fips(Some(sys::wc_GenerateSeed)) + }; + if rc != 0 { + return Err(rc); + } + } + let ptr = nonce.as_mut_ptr() as *mut u8; + let size: u32 = size_of_val(nonce) as u32; + let mut rng: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitRngNonce_ex(&mut (*rng.as_mut_ptr()).wc_rng, ptr, size, heap, dev_id) + }; + if rc == 0 { + let rng = unsafe { rng.assume_init() }; + Ok(rng) + } else { + Err(rc) + } + } + + /// Create and test functionality of DRBG. + /// + /// # Parameters + /// + /// * `nonce`: Optional nonce to use to initialize DRBG. + /// * `seed_a`: Buffer containing seed data (required). + /// * `seed_b`: Optional buffer containing more seed data. If present, the + /// DRBG will be reseeded. + /// * `output`: Output buffer. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(random_hashdrbg)] + /// use wolfssl_wolfcrypt::random::RNG; + /// let nonce = [99u8, 88, 77, 66]; + /// let seed_a = [42u8, 33, 55, 88]; + /// let seed_b = [45u8, 10, 20, 30]; + /// let mut output = [0u8; 128]; + /// RNG::health_test(Some(&nonce), &seed_a, Some(&seed_b), &mut output).expect("Error with health_test()"); + /// ``` + #[cfg(random_hashdrbg)] + pub fn health_test(nonce: Option<&[u8]>, seed_a: &[u8], seed_b: Option<&[u8]>, output: &mut [u8]) -> Result<(), i32> { + Self::health_test_ex(nonce, seed_a, seed_b, output, None, None) + } + + /// Create and test functionality of DRBG with optional heap and device ID. + /// + /// # Parameters + /// + /// * `nonce`: Optional nonce to use to initialize DRBG. + /// * `seed_a`: Buffer containing seed data (required). + /// * `seed_b`: Optional buffer containing more seed data. If present, the + /// DRBG will be reseeded. + /// * `output`: Output buffer. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(random_hashdrbg)] + /// use wolfssl_wolfcrypt::random::RNG; + /// let nonce = [99u8, 88, 77, 66]; + /// let seed_a = [42u8, 33, 55, 88]; + /// let seed_b = [45u8, 10, 20, 30]; + /// let mut output = [0u8; 128]; + /// RNG::health_test_ex(Some(&nonce), &seed_a, Some(&seed_b), &mut output, None, None).expect("Error with health_test_ex()"); + /// ``` + #[cfg(random_hashdrbg)] + pub fn health_test_ex(nonce: Option<&[u8]>, seed_a: &[u8], seed_b: Option<&[u8]>, output: &mut [u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let mut nonce_ptr = core::ptr::null(); + let mut nonce_size = 0u32; + if let Some(nonce) = nonce { + nonce_ptr = nonce.as_ptr(); + nonce_size = nonce.len() as u32; + } + let seed_a_size = seed_a.len() as u32; + let mut seed_b_ptr = core::ptr::null(); + let mut seed_b_size = 0u32; + if let Some(seed_b) = seed_b { + seed_b_ptr = seed_b.as_ptr(); + seed_b_size = seed_b.len() as u32; + } + let output_size = output.len() as u32; + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_RNG_HealthTest_ex(if seed_b_size > 0 {1} else {0}, + nonce_ptr, nonce_size, + seed_a.as_ptr(), seed_a_size, + seed_b_ptr, seed_b_size, + output.as_mut_ptr(), output_size, + heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Test a seed. + /// + /// # Parameters + /// + /// * `seed`: Buffer containing seed data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(random_hashdrbg)] + /// use wolfssl_wolfcrypt::random::RNG; + /// let seed = [42u8, 33, 55, 88]; + /// RNG::test_seed(&seed).expect("Error with test_seed()"); + /// ``` + #[cfg(random_hashdrbg)] + pub fn test_seed(seed: &[u8]) -> Result<(), i32> { + let seed_size = seed.len() as u32; + let rc = unsafe { sys::wc_RNG_TestSeed(seed.as_ptr(), seed_size) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Generate a single cryptographically secure random byte. + /// + /// This method calls the `wc_RNG_GenerateByte` wolfSSL library function to + /// retrieve a random byte from the underlying wolfSSL RNG context. + /// + /// # Returns + /// + /// A `Result` which is `Ok(u8)` containing the random byte on success or + /// an `Err` with the wolfssl library return code on failure. + pub fn generate_byte(&mut self) -> Result { + let mut b: u8 = 0; + let rc = unsafe { sys::wc_RNG_GenerateByte(&mut self.wc_rng, &mut b) }; + if rc == 0 { + Ok(b) + } else { + Err(rc) + } + } + + /// Fill a mutable slice with cryptographically secure random data. + /// + /// This is a generic function that can fill a slice of any type `T` with + /// random bytes. It calculates the total size of the slice in bytes and + /// calls the underlying `wc_RNG_GenerateBlock` wolfssl library function. + /// + /// # Parameters + /// + /// * `buf`: A mutable slice of any type `T` to be filled with random data. + /// + /// # Returns + /// + /// A `Result` which is `Ok(())` on success or an `Err` with the wolfssl + /// library return code on failure. + pub fn generate_block(&mut self, buf: &mut [T]) -> Result<(), i32> { + let ptr = buf.as_mut_ptr() as *mut u8; + let size: u32 = size_of_val(buf) as u32; + let rc = unsafe { sys::wc_RNG_GenerateBlock(&mut self.wc_rng, ptr, size) }; + if rc == 0 { + Ok(()) + } else { + Err(rc) + } + } + + /// Reseed random number generator. + /// + /// # Parameters + /// + /// * `seed`: Buffer with new seed data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// #![cfg(random_hashdrbg)] + /// use wolfssl_wolfcrypt::random::RNG; + /// let mut rng = RNG::new().expect("Failed to create RNG"); + /// let seed = [1u8, 2, 3, 4]; + /// rng.reseed(&seed).expect("Error with reseed()"); + /// ``` + #[cfg(random_hashdrbg)] + pub fn reseed(&mut self, seed: &[u8]) -> Result<(), i32> { + let seed_size = seed.len() as u32; + let rc = unsafe { + sys::wc_RNG_DRBG_Reseed(&mut self.wc_rng, seed.as_ptr(), seed_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +impl Drop for RNG { + /// Safely free the underlying wolfSSL RNG context. + /// + /// This calls the `wc_FreeRng` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the RNG + /// struct goes out of scope, automatically cleaning up resources and + /// preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_FreeRng(&mut self.wc_rng); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/rsa.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,1297 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's RSA +functionality. + +The primary component is the `RSA` struct, which manages the lifecycle of a +wolfSSL `RsaKey` object. It ensures proper initialization and deallocation. + +# Examples + +```rust +# extern crate std; +#[cfg(random)] +{ +use std::fs; +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::rsa::RSA; + +let mut rng = RNG::new().expect("Error creating RNG"); +let key_path = "../../../certs/client-keyPub.der"; +let der: Vec = fs::read(key_path).expect("Error reading key file"); +let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); +rsa.set_rng(&mut rng).expect("Error with set_rng()"); +let plain: &[u8] = b"Test message"; +let mut enc: [u8; 512] = [0; 512]; +let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); +assert!(enc_len > 0 && enc_len <= 512); + +let key_path = "../../../certs/client-key.der"; +let der: Vec = fs::read(key_path).expect("Error reading key file"); +let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); +rsa.set_rng(&mut rng).expect("Error with set_rng()"); +let mut plain_out: [u8; 512] = [0; 512]; +let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); +assert!(dec_len as usize == plain.len()); +assert_eq!(plain_out[0..dec_len], *plain); +} +``` +*/ + +#![cfg(rsa)] + +use crate::sys; +#[cfg(random)] +use crate::random::RNG; +use core::mem::{MaybeUninit}; + +/// The `RSA` struct manages the lifecycle of a wolfSSL `RsaKey` object. +/// +/// It ensures proper initialization and deallocation. +/// +/// An instance can be created with `new_from_der()`, `new_public_from_der()`, +/// or `generate()`. +pub struct RSA { + wc_rsakey: sys::RsaKey, +} + +impl RSA { + // Hash type constants used for PSS sign and verify methods. + pub const HASH_TYPE_NONE : u32 = sys::wc_HashType_WC_HASH_TYPE_NONE; + pub const HASH_TYPE_MD2 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD2; + pub const HASH_TYPE_MD4 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD4; + pub const HASH_TYPE_MD5 : u32 = sys::wc_HashType_WC_HASH_TYPE_MD5; + #[cfg(sha)] + pub const HASH_TYPE_SHA : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA; + #[cfg(sha256)] + pub const HASH_TYPE_SHA224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA224; + #[cfg(sha256)] + pub const HASH_TYPE_SHA256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA256; + #[cfg(sha512)] + pub const HASH_TYPE_SHA384 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA384; + #[cfg(sha512)] + pub const HASH_TYPE_SHA512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512; + pub const HASH_TYPE_MD5_SHA : u32 = sys::wc_HashType_WC_HASH_TYPE_MD5_SHA; + #[cfg(sha3)] + pub const HASH_TYPE_SHA3_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_224; + #[cfg(sha3)] + pub const HASH_TYPE_SHA3_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_256; + #[cfg(sha3)] + pub const HASH_TYPE_SHA3_384 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_384; + #[cfg(sha3)] + pub const HASH_TYPE_SHA3_512 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA3_512; + pub const HASH_TYPE_BLAKE2B : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2B; + pub const HASH_TYPE_BLAKE2S : u32 = sys::wc_HashType_WC_HASH_TYPE_BLAKE2S; + #[cfg(sha512_224)] + pub const HASH_TYPE_SHA512_224 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_224; + #[cfg(sha512_256)] + pub const HASH_TYPE_SHA512_256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHA512_256; + #[cfg(shake128)] + pub const HASH_TYPE_SHAKE128 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE128; + #[cfg(shake256)] + pub const HASH_TYPE_SHAKE256 : u32 = sys::wc_HashType_WC_HASH_TYPE_SHAKE256; + + // Mask generation function (MGF) constants used for PSS sign and verify methods. + pub const MGF1NONE : i32 = sys::WC_MGF1NONE as i32; + pub const MGF1SHA1 : i32 = sys::WC_MGF1SHA1 as i32; + pub const MGF1SHA224 : i32 = sys::WC_MGF1SHA224 as i32; + pub const MGF1SHA256 : i32 = sys::WC_MGF1SHA256 as i32; + pub const MGF1SHA384 : i32 = sys::WC_MGF1SHA384 as i32; + pub const MGF1SHA512 : i32 = sys::WC_MGF1SHA512 as i32; + #[cfg(rsa_mgf1sha512_224)] + pub const MGF1SHA512_224 : i32 = sys::WC_MGF1SHA512_224 as i32; + #[cfg(rsa_mgf1sha512_256)] + pub const MGF1SHA512_256 : i32 = sys::WC_MGF1SHA512_256 as i32; + + // Type constants used for `rsa_direct()`. + pub const PUBLIC_ENCRYPT : i32 = sys::RSA_PUBLIC_ENCRYPT; + pub const PUBLIC_DECRYPT : i32 = sys::RSA_PUBLIC_DECRYPT; + pub const PRIVATE_ENCRYPT : i32 = sys::RSA_PRIVATE_ENCRYPT; + pub const PRIVATE_DECRYPT : i32 = sys::RSA_PRIVATE_DECRYPT; + + /// Load a public and private RSA keypair from DER-encoded buffer. + /// + /// # Parameters + /// + /// * `der`: DER-encoded input buffer. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + pub fn new_from_der(der: &[u8]) -> Result { + Self::new_from_der_ex(der, None, None) + } + + /// Load a public and private RSA keypair from DER-encoded buffer with + /// optional heap and device ID. + /// + /// # Parameters + /// + /// * `der`: DER-encoded input buffer. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der_ex(&der, None, None).expect("Error with new_from_der_ex()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + pub fn new_from_der_ex(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; + let der_size = der.len() as u32; + let mut idx: u32 = 0; + let rc = unsafe { + sys::wc_RsaPrivateKeyDecode(der.as_ptr(), &mut idx, &mut wc_rsakey, der_size) + }; + if rc != 0 { + unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } + return Err(rc); + } + let rsa = RSA { wc_rsakey }; + Ok(rsa) + } + + /// Load a public RSA key from DER-encoded buffer. + /// + /// # Parameters + /// + /// * `der`: DER-encoded input buffer. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + pub fn new_public_from_der(der: &[u8]) -> Result { + Self::new_public_from_der_ex(der, None, None) + } + + /// Load a public RSA key from DER-encoded buffer with optional heap and + /// device ID. + /// + /// # Parameters + /// + /// * `der`: DER-encoded input buffer. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der_ex(&der, None, None).expect("Error with new_public_from_der_ex()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + pub fn new_public_from_der_ex(der: &[u8], heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; + let der_size = der.len() as u32; + let mut idx: u32 = 0; + let rc = unsafe { + sys::wc_RsaPublicKeyDecode(der.as_ptr(), &mut idx, &mut wc_rsakey, der_size) + }; + if rc != 0 { + unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } + return Err(rc); + } + let rsa = RSA { wc_rsakey }; + Ok(rsa) + } + + /// Generate a new RSA key using the given size and exponent. + /// + /// This function generates an RSA private key of length size (in bits) and + /// given exponent (e). It then returns the RSA structure instance so that + /// it may be used for encryption or signing operations. A secure number to + /// use for e is 65537. size is required to be greater than or equal to + /// RSA_MIN_SIZE and less than or equal to RSA_MAX_SIZE. For this function + /// to be available, the option WOLFSSL_KEY_GEN must be enabled at compile + /// time. This can be accomplished with --enable-keygen if using + /// `./configure`. + /// + /// # Parameters + /// + /// * `size`: Desired key length in bits. + /// * `e`: Exponent parameter to use for generating the key. A secure + /// choice is 65537. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while making the key. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + /// rsa.check().expect("Error with check()"); + /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); + /// assert_eq!(encrypt_size, 256); + /// } + /// ``` + #[cfg(all(random, rsa_keygen))] + pub fn generate(size: i32, e: i32, rng: &mut RNG) -> Result { + Self::generate_ex(size, e, rng, None, None) + } + + /// Generate a new RSA key using the given size and exponent with optional + /// heap and device ID. + /// + /// This function generates an RSA private key of length size (in bits) and + /// given exponent (e). It then returns the RSA structure instance so that + /// it may be used for encryption or signing operations. A secure number to + /// use for e is 65537. size is required to be greater than or equal to + /// RSA_MIN_SIZE and less than or equal to RSA_MAX_SIZE. For this function + /// to be available, the option WOLFSSL_KEY_GEN must be enabled at compile + /// time. This can be accomplished with --enable-keygen if using + /// `./configure`. + /// + /// # Parameters + /// + /// * `size`: Desired key length in bits. + /// * `e`: Exponent parameter to use for generating the key. A secure + /// choice is 65537. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while making the key. + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(RSA) containing the RSA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate_ex(2048, 65537, &mut rng, None, None).expect("Error with generate_ex()"); + /// rsa.check().expect("Error with check()"); + /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); + /// assert_eq!(encrypt_size, 256); + /// } + /// ``` + #[cfg(all(random, rsa_keygen))] + pub fn generate_ex(size: i32, e: i32, rng: &mut RNG, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_rsakey: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitRsaKey_ex(wc_rsakey.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let mut wc_rsakey = unsafe { wc_rsakey.assume_init() }; + let e = e as core::ffi::c_long; + let rc = unsafe { + sys::wc_MakeRsaKey(&mut wc_rsakey, size, e, &mut rng.wc_rng) + }; + if rc != 0 { + unsafe { sys::wc_FreeRsaKey(&mut wc_rsakey); } + return Err(rc); + } + let rsa = RSA { wc_rsakey }; + Ok(rsa) + } + + /// Export public and private RSA parameters from an RSA key. + /// + /// # Parameters + /// + /// * `e`: Slice in which to hold `e` key parameter. + /// * `e_size`: Output holding the number of bytes written to `e`. + /// * `n`: Slice in which to hold `n` key parameter. + /// * `n_size`: Output holding the number of bytes written to `n`. + /// * `d`: Slice in which to hold `d` key parameter. + /// * `d_size`: Output holding the number of bytes written to `d`. + /// * `p`: Slice in which to hold `p` key parameter. + /// * `p_size`: Output holding the number of bytes written to `p`. + /// * `q`: Slice in which to hold `q` key parameter. + /// * `q_size`: Output holding the number of bytes written to `q`. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + /// let mut e: [u8; 256] = [0; 256]; + /// let mut e_size: u32 = 0; + /// let mut n: [u8; 256] = [0; 256]; + /// let mut n_size: u32 = 0; + /// let mut d: [u8; 256] = [0; 256]; + /// let mut d_size: u32 = 0; + /// let mut p: [u8; 256] = [0; 256]; + /// let mut p_size: u32 = 0; + /// let mut q: [u8; 256] = [0; 256]; + /// let mut q_size: u32 = 0; + /// rsa.export_key(&mut e, &mut e_size, &mut n, &mut n_size, + /// &mut d, &mut d_size, &mut p, &mut p_size, &mut q, &mut q_size).expect("Error with export_key()"); + /// } + /// ``` + #[allow(clippy::too_many_arguments)] + pub fn export_key(&mut self, + e: &mut [u8], e_size: &mut u32, + n: &mut [u8], n_size: &mut u32, + d: &mut [u8], d_size: &mut u32, + p: &mut [u8], p_size: &mut u32, + q: &mut [u8], q_size: &mut u32) -> Result<(), i32> { + *e_size = e.len() as u32; + *n_size = n.len() as u32; + *d_size = d.len() as u32; + *p_size = p.len() as u32; + *q_size = q.len() as u32; + #[cfg(rsa_const_api)] + let key_ptr = &self.wc_rsakey; + #[cfg(not(rsa_const_api))] + let key_ptr = &mut self.wc_rsakey; + let rc = unsafe { + sys::wc_RsaExportKey(key_ptr, + e.as_mut_ptr(), e_size, + n.as_mut_ptr(), n_size, + d.as_mut_ptr(), d_size, + p.as_mut_ptr(), p_size, + q.as_mut_ptr(), q_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Export public RSA parameters from an RSA key. + /// + /// # Parameters + /// + /// * `e`: Slice in which to hold `e` key parameter. + /// * `e_size`: Output holding the number of bytes written to `e`. + /// * `n`: Slice in which to hold `n` key parameter. + /// * `n_size`: Output holding the number of bytes written to `n`. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + /// let mut e: [u8; 256] = [0; 256]; + /// let mut e_size: u32 = 0; + /// let mut n: [u8; 256] = [0; 256]; + /// let mut n_size: u32 = 0; + /// rsa.export_public_key(&mut e, &mut e_size, &mut n, &mut n_size).expect("Error with export_public_key()"); + /// } + /// ``` + pub fn export_public_key(&mut self, + e: &mut [u8], e_size: &mut u32, + n: &mut [u8], n_size: &mut u32) -> Result<(), i32> { + *e_size = e.len() as u32; + *n_size = n.len() as u32; + #[cfg(rsa_const_api)] + let key = &self.wc_rsakey; + #[cfg(not(rsa_const_api))] + let key = &mut self.wc_rsakey; + let rc = unsafe { + sys::wc_RsaFlattenPublicKey(key, + e.as_mut_ptr(), e_size, n.as_mut_ptr(), n_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Get the encryption size for the RSA key. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + /// let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); + /// assert_eq!(encrypt_size, 256); + /// } + /// ``` + pub fn get_encrypt_size(&self) -> Result { + let rc = unsafe { sys::wc_RsaEncryptSize(&self.wc_rsakey) }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Check the RSA key. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(rsa_keygen)] + /// { + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + /// rsa.check().expect("Error with check()"); + /// } + /// ``` + pub fn check(&mut self) -> Result<(), i32> { + let rc = unsafe { sys::wc_CheckRsaKey(&mut self.wc_rsakey) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Encrypt data using an RSA public key. + /// + /// # Parameters + /// + /// * `din`: Data to encrypt. + /// * `dout`: Buffer in which to store encrypted data. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while encrypting. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + #[cfg(random)] + pub fn public_encrypt(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaPublicEncrypt(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey, + &mut rng.wc_rng) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Decrypt data using an RSA private key. + /// + /// # Parameters + /// + /// * `din`: Data to decrypt. + /// * `dout`: Buffer in which to store decrypted data. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + pub fn private_decrypt(&mut self, din: &[u8], dout: &mut [u8]) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaPrivateDecrypt(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Sign the provided data with the private key using RSA-PSS signature + /// scheme. + /// + /// # Parameters + /// + /// * `din`: Data to sign. + /// * `dout`: Buffer in which to store output signature. + /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. + /// * `mgf`: Mask generation function to use, one of RSA::MGF*. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while signing. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(random, rsa_pss))] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); + /// let verify_out = &verify_out[0..verify_out_size]; + /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); + /// + /// let mut verify_out: [u8; 512] = [0; 512]; + /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); + /// } + /// ``` + #[cfg(all(random, rsa_pss))] + pub fn pss_sign(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32, rng: &mut RNG) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaPSS_Sign(din.as_ptr(), din_size, dout.as_mut_ptr(), dout_size, + hash_algo, mgf, &mut self.wc_rsakey, &mut rng.wc_rng) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Check the PSS data to ensure the signature matches. + /// + /// `set_rng()` must be called previously when wolfSSL is built with + /// WC_RSA_BLINDING option enabled. + /// + /// # Parameters + /// + /// * `din`: Hash of data being verified. + /// * `sig`: Buffer holding PSS data (output from `pss_verify()`). + /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(random, rsa_pss, rsa_const_api))] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); + /// let verify_out = &verify_out[0..verify_out_size]; + /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); + /// + /// let mut verify_out: [u8; 512] = [0; 512]; + /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); + /// } + /// ``` + #[cfg(all(rsa_pss, rsa_const_api))] + pub fn pss_check_padding(&mut self, din: &[u8], sig: &[u8], hash_algo: u32) -> Result<(), i32> { + let din_size = din.len() as u32; + let sig_size = sig.len() as u32; + let rc = unsafe { + sys::wc_RsaPSS_CheckPadding(din.as_ptr(), din_size, + sig.as_ptr(), sig_size, hash_algo) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Decrypt input signature to verify that the message was signed by key. + /// + /// `set_rng()` must be called previously when wolfSSL is built with + /// WC_RSA_BLINDING option enabled. + /// + /// # Parameters + /// + /// * `din`: Input data to decrypt. + /// * `dout`: Buffer in which to store decrypted data. + /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. + /// * `mgf`: Mask generation function to use, one of RSA::MGF*. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(random, rsa_pss, rsa_const_api))] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); + /// let verify_out = &verify_out[0..verify_out_size]; + /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); + /// + /// let mut verify_out: [u8; 512] = [0; 512]; + /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); + /// } + /// ``` + #[cfg(all(rsa_pss, rsa_const_api))] + pub fn pss_verify(&mut self, din: &[u8], dout: &mut [u8], hash_algo: u32, mgf: i32) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaPSS_Verify(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, + hash_algo, mgf, &mut self.wc_rsakey) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Verify the message signed with RSA-PSS. + /// + /// This method combines the functionality of `pss_verify()` and + /// `pss_check_padding()`. + /// + /// `set_rng()` must be called previously when wolfSSL is built with + /// WC_RSA_BLINDING option enabled. + /// + /// # Parameters + /// + /// * `din`: Input data to decrypt. + /// * `dout`: Buffer in which to store decrypted data. + /// * `digest`: Hash of data being verified. + /// * `hash_algo`: Hash algorithm type to use, one of RSA::HASH_TYPE_*. + /// * `mgf`: Mask generation function to use, one of RSA::MGF*. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(random, rsa_pss, rsa_const_api))] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); + /// let verify_out = &verify_out[0..verify_out_size]; + /// rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); + /// + /// let mut verify_out: [u8; 512] = [0; 512]; + /// rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); + /// } + /// ``` + #[cfg(all(rsa_pss, rsa_const_api))] + pub fn pss_verify_check(&mut self, din: &[u8], dout: &mut [u8], digest: &[u8], hash_algo: u32, mgf: i32) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let digest_size = digest.len() as u32; + let rc = unsafe { + sys::wc_RsaPSS_VerifyCheck(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, digest.as_ptr(), digest_size, + hash_algo, mgf, &mut self.wc_rsakey) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Perform the RSA operation directly with no padding. + /// + /// The input size must match key size. Typically this is used when padding + /// is already done on the RSA input. + /// + /// # Parameters + /// + /// * `din`: Input data to encrypt/decrypt. + /// * `dout`: Buffer in which to store output. + /// * `typ`: Operation type, one of `RSA::PUBLIC_ENCRYPT`, + /// `RSA::PUBLIC_DECRYPT`, `RSA::PRIVATE_ENCRYPT`, `RSA::PRIVATE_DECRYPT`. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while signing. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// #[cfg(all(rsa_direct, rsa_const_api))] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg = b"A rsa_direct() test input string"; + /// let mut plain = [0u8; 256]; + /// plain[..msg.len()].copy_from_slice(msg); + /// let mut enc = [0u8; 256]; + /// let enc_len = rsa.rsa_direct(&plain, &mut enc, RSA::PRIVATE_ENCRYPT, &mut rng).expect("Error with rsa_direct()"); + /// assert_eq!(enc_len, 256); + /// let mut plain_out = [0u8; 256]; + /// let dec_len = rsa.rsa_direct(&enc, &mut plain_out, RSA::PUBLIC_DECRYPT, &mut rng).expect("Error with rsa_direct()"); + /// assert_eq!(dec_len, 256); + /// assert_eq!(plain_out, plain); + /// } + /// ``` + #[cfg(all(rsa_direct, rsa_const_api))] + pub fn rsa_direct(&mut self, din: &[u8], dout: &mut [u8], typ: i32, rng: &mut RNG) -> Result { + let din_size = din.len() as u32; + let mut dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaDirect(din.as_ptr(), din_size, + dout.as_mut_ptr(), &mut dout_size, + &mut self.wc_rsakey, typ, &mut rng.wc_rng) + }; + if rc < 0 { + return Err(rc); + } + Ok(dout_size as usize) + } + + /// Associates a `RNG` instance with this `RSA` instance. + /// + /// This is necessary when wolfSSL is built with the `WC_RSA_BLINDING` + /// build option enabled. + /// + /// # Parameters + /// + /// * `rng`: The `RNG` struct instance to associate with this `RSA` + /// instance. The `RNG` struct should not be moved in memory after + /// calling this method. + /// + /// # Returns + /// + /// Returns Ok(()) on success or Err(e) containing the wolfSSL library + /// error code value. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let plain: &[u8] = b"Test message"; + /// let mut enc: [u8; 512] = [0; 512]; + /// let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + /// assert!(enc_len > 0 && enc_len <= 512); + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let mut plain_out: [u8; 512] = [0; 512]; + /// let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + /// assert!(dec_len as usize == plain.len()); + /// assert_eq!(plain_out[0..dec_len], *plain); + /// } + /// ``` + #[cfg(random)] + pub fn set_rng(&mut self, rng: &mut RNG) -> Result<(), i32> { + let rc = unsafe { + sys::wc_RsaSetRNG(&mut self.wc_rsakey, &mut rng.wc_rng) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Sign the provided data with the private key. + /// + /// # Parameters + /// + /// * `din`: Data to sign. + /// * `dout`: Buffer in which to store output signature. + /// * `rng`: Reference to a `RNG` struct to use for random number + /// generation while signing. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); + /// assert!(verify_out_size > 0 && verify_out_size <= 512); + /// } + /// ``` + #[cfg(random)] + pub fn ssl_sign(&mut self, din: &[u8], dout: &mut [u8], rng: &mut RNG) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaSSL_Sign(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, + &mut self.wc_rsakey, &mut rng.wc_rng) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } + + /// Decrypt input signature to verify that the message was signed by key. + /// + /// `set_rng()` must be called previously when wolfSSL is built with + /// WC_RSA_BLINDING option enabled. + /// + /// # Parameters + /// + /// * `din`: Input data to decrypt. + /// * `dout`: Buffer in which to store decrypted data. + /// + /// # Returns + /// + /// Returns Ok(size) on success or Err(e) containing the wolfSSL library + /// error code value. + /// The size returned specifies the number of bytes written to the `dout` + /// buffer. + /// + /// # Example + /// + /// ```rust + /// # extern crate std; + /// #[cfg(random)] + /// { + /// use std::fs; + /// use wolfssl_wolfcrypt::random::RNG; + /// use wolfssl_wolfcrypt::rsa::RSA; + /// + /// let mut rng = RNG::new().expect("Error creating RNG"); + /// + /// let key_path = "../../../certs/client-key.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + /// let msg: &[u8] = b"This is the string to be signed!"; + /// let mut signature: [u8; 512] = [0; 512]; + /// let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); + /// assert!(sig_len > 0 && sig_len <= 512); + /// + /// let key_path = "../../../certs/client-keyPub.der"; + /// let der: Vec = fs::read(key_path).expect("Error reading key file"); + /// let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + /// rsa.set_rng(&mut rng).expect("Error with set_rng()"); + /// let signature = &signature[0..sig_len]; + /// let mut verify_out: [u8; 512] = [0; 512]; + /// let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); + /// assert!(verify_out_size > 0 && verify_out_size <= 512); + /// } + /// ``` + pub fn ssl_verify(&mut self, din: &[u8], dout: &mut [u8]) -> Result { + let din_size = din.len() as u32; + let dout_size = dout.len() as u32; + let rc = unsafe { + sys::wc_RsaSSL_Verify(din.as_ptr(), din_size, + dout.as_mut_ptr(), dout_size, &mut self.wc_rsakey) + }; + if rc < 0 { + return Err(rc); + } + Ok(rc as usize) + } +} + +impl Drop for RSA { + /// Safely free the underlying wolfSSL RSA context. + /// + /// This calls the `wc_FreeRsaKey` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the RSA + /// struct goes out of scope, automatically cleaning up resources and + /// preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_FreeRsaKey(&mut self.wc_rsakey); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sha.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2394 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/*! +This module provides a Rust wrapper for the wolfCrypt library's Secure Hash +Algorithm (SHA) functionality. +*/ + +use crate::sys; +use core::mem::MaybeUninit; + +/// Context for SHA-1 computation. +#[cfg(sha)] +pub struct SHA { + wc_sha: sys::wc_Sha, +} + +#[cfg(sha)] +impl SHA { + /// SHA-1 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA_DIGEST_SIZE as usize; + + /// Build a new SHA instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let sha = SHA::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let sha = SHA::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha_ex(wc_sha.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha = unsafe { wc_sha.assume_init() }; + let sha = SHA { wc_sha }; + Ok(sha) + } + + /// Reinitialize a SHA instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let mut sha = SHA::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA instance for a new hash calculation with optional + /// heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let mut sha = SHA::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha_ex(&mut self.wc_sha, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let mut sha = SHA::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_ShaUpdate(&mut self.wc_sha, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA; + /// let mut sha = SHA::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_ShaFinal(&mut self.wc_sha, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha)] +impl Drop for SHA { + /// Safely free the underlying wolfSSL SHA context. + /// + /// This calls the `wc_ShaFree` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the SHA + /// struct goes out of scope, automatically cleaning up resources and + /// preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_ShaFree(&mut self.wc_sha); } + } +} + +/// Context for SHA-224 (SHA-2) computation. +#[cfg(sha224)] +pub struct SHA224 { + wc_sha224: sys::wc_Sha224, +} + +#[cfg(sha224)] +impl SHA224 { + /// SHA-224 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA224_DIGEST_SIZE as usize; + + /// Build a new SHA224 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA224 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let sha = SHA224::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA224 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA224 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let sha = SHA224::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha224: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha224_ex(wc_sha224.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha224 = unsafe { wc_sha224.assume_init() }; + let sha224 = SHA224 { wc_sha224 }; + Ok(sha224) + } + + /// Reinitialize a SHA224 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let mut sha = SHA224::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA224 instance for a new hash calculation with optional + /// heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let mut sha = SHA224::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha224_ex(&mut self.wc_sha224, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA-224 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let mut sha = SHA224::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha224Update(&mut self.wc_sha224, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA-224 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA224::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA224; + /// let mut sha = SHA224::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA224::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha224Final(&mut self.wc_sha224, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha224)] +impl Drop for SHA224 { + /// Safely free the underlying wolfSSL SHA224 context. + /// + /// This calls the `wc_Sha224Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA224 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha224Free(&mut self.wc_sha224); } + } +} + +/// Context for SHA-256 (SHA-2) computation. +#[cfg(sha256)] +pub struct SHA256 { + wc_sha256: sys::wc_Sha256, +} + +#[cfg(sha256)] +impl SHA256 { + /// SHA-256 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA256_DIGEST_SIZE as usize; + + /// Build a new SHA256 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let sha = SHA256::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA256 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let sha = SHA256::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha256: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha256_ex(wc_sha256.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha256 = unsafe { wc_sha256.assume_init() }; + let sha256 = SHA256 { wc_sha256 }; + Ok(sha256) + } + + /// Reinitialize a SHA256 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let mut sha = SHA256::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA256 instance for a new hash calculation with optional + /// heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let mut sha = SHA256::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha256_ex(&mut self.wc_sha256, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA-256 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let mut sha = SHA256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha256Update(&mut self.wc_sha256, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA-256 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA256::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA256; + /// let mut sha = SHA256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA256::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha256Final(&mut self.wc_sha256, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha256)] +impl Drop for SHA256 { + /// Safely free the underlying wolfSSL SHA256 context. + /// + /// This calls the `wc_Sha256Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA256 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha256Free(&mut self.wc_sha256); } + } +} + +/// Context for SHA-384 (SHA-2) computation. +#[cfg(sha384)] +pub struct SHA384 { + wc_sha384: sys::wc_Sha384, +} + +#[cfg(sha384)] +impl SHA384 { + /// SHA-384 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA384_DIGEST_SIZE as usize; + + /// Build a new SHA384 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA384 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let sha = SHA384::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA384 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA384 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let sha = SHA384::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha384: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha384_ex(wc_sha384.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha384 = unsafe { wc_sha384.assume_init() }; + let sha384 = SHA384 { wc_sha384 }; + Ok(sha384) + } + + /// Reinitialize a SHA384 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let mut sha = SHA384::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA384 instance for a new hash calculation with optional + /// heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let mut sha = SHA384::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha384_ex(&mut self.wc_sha384, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA-384 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let mut sha = SHA384::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha384Update(&mut self.wc_sha384, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA-384 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA384::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA384; + /// let mut sha = SHA384::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA384::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha384Final(&mut self.wc_sha384, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha384)] +impl Drop for SHA384 { + /// Safely free the underlying wolfSSL SHA384 context. + /// + /// This calls the `wc_Sha384Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA384 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha384Free(&mut self.wc_sha384); } + } +} + +/// Context for SHA-512 (SHA-2) computation. +#[cfg(sha512)] +pub struct SHA512 { + wc_sha512: sys::wc_Sha512, +} + +#[cfg(sha512)] +impl SHA512 { + /// SHA-512 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA512_DIGEST_SIZE as usize; + + /// Build a new SHA512 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA512 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let sha = SHA512::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA512 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA512 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let sha = SHA512::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha512: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha512_ex(wc_sha512.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha512 = unsafe { wc_sha512.assume_init() }; + let sha512 = SHA512 { wc_sha512 }; + Ok(sha512) + } + + /// Reinitialize a SHA512 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let mut sha = SHA512::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA512 instance for a new hash calculation with optional + /// heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let mut sha = SHA512::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha512_ex(&mut self.wc_sha512, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA-512 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let mut sha = SHA512::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha512Update(&mut self.wc_sha512, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA-512 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA512::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA512; + /// let mut sha = SHA512::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA512::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha512Final(&mut self.wc_sha512, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha512)] +impl Drop for SHA512 { + /// Safely free the underlying wolfSSL SHA512 context. + /// + /// This calls the `wc_Sha512Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA512 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha512Free(&mut self.wc_sha512); } + } +} + +/// Context for SHA3-224 computation. +#[cfg(sha3)] +pub struct SHA3_224 { + wc_sha3: sys::wc_Sha3, +} + +#[cfg(sha3)] +impl SHA3_224 { + /// SHA3-224 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA3_224_DIGEST_SIZE as usize; + + /// Build a new SHA3_224 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_224 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let sha = SHA3_224::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA3_224 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_224 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let sha = SHA3_224::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_224(wc_sha3.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha3 = unsafe { wc_sha3.assume_init() }; + let sha3_224 = SHA3_224 { wc_sha3 }; + Ok(sha3_224) + } + + /// Reinitialize a SHA3_224 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let mut sha = SHA3_224::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA3_224 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let mut sha = SHA3_224::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_224(&mut self.wc_sha3, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA3-224 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let mut sha = SHA3_224::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha3_224_Update(&mut self.wc_sha3, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA3-224 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA3_224::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_224; + /// let mut sha = SHA3_224::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA3_224::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha3_224_Final(&mut self.wc_sha3, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha3)] +impl Drop for SHA3_224 { + /// Safely free the underlying wolfSSL SHA3_224 context. + /// + /// This calls the `wc_Sha3_224_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA3_224 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha3_224_Free(&mut self.wc_sha3); } + } +} + +/// Context for SHA3-256 computation. +#[cfg(sha3)] +pub struct SHA3_256 { + wc_sha3: sys::wc_Sha3, +} + +#[cfg(sha3)] +impl SHA3_256 { + /// SHA3-256 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA3_256_DIGEST_SIZE as usize; + + /// Build a new SHA3_256 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let sha = SHA3_256::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA3_256 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let sha = SHA3_256::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_256(wc_sha3.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha3 = unsafe { wc_sha3.assume_init() }; + let sha3_256 = SHA3_256 { wc_sha3 }; + Ok(sha3_256) + } + + /// Reinitialize a SHA3_256 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let mut sha = SHA3_256::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA3_256 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let mut sha = SHA3_256::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_256(&mut self.wc_sha3, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA3-256 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let mut sha = SHA3_256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha3_256_Update(&mut self.wc_sha3, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA3-256 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA3_256::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_256; + /// let mut sha = SHA3_256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA3_256::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha3_256_Final(&mut self.wc_sha3, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha3)] +impl Drop for SHA3_256 { + /// Safely free the underlying wolfSSL SHA3_256 context. + /// + /// This calls the `wc_Sha3_256_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA3_256 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha3_256_Free(&mut self.wc_sha3); } + } +} + +/// Context for SHA3-384 computation. +#[cfg(sha3)] +pub struct SHA3_384 { + wc_sha3: sys::wc_Sha3, +} + +#[cfg(sha3)] +impl SHA3_384 { + /// SHA3-384 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA3_384_DIGEST_SIZE as usize; + + /// Build a new SHA3_384 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_384 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let sha = SHA3_384::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA3_384 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_384 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let sha = SHA3_384::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_384(wc_sha3.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha3 = unsafe { wc_sha3.assume_init() }; + let sha3_384 = SHA3_384 { wc_sha3 }; + Ok(sha3_384) + } + + /// Reinitialize a SHA3_384 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let mut sha = SHA3_384::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA3_384 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let mut sha = SHA3_384::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_384(&mut self.wc_sha3, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA3-384 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let mut sha = SHA3_384::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha3_384_Update(&mut self.wc_sha3, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA3-384 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA3_384::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_384; + /// let mut sha = SHA3_384::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA3_384::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha3_384_Final(&mut self.wc_sha3, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha3)] +impl Drop for SHA3_384 { + /// Safely free the underlying wolfSSL SHA3_384 context. + /// + /// This calls the `wc_Sha3_384_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA3_384 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha3_384_Free(&mut self.wc_sha3); } + } +} + +/// Context for SHA3-512 computation. +#[cfg(sha3)] +pub struct SHA3_512 { + wc_sha3: sys::wc_Sha3, +} + +#[cfg(sha3)] +impl SHA3_512 { + /// SHA3-512 digest size in bytes. + pub const DIGEST_SIZE: usize = sys::WC_SHA3_512_DIGEST_SIZE as usize; + + /// Build a new SHA3_512 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_512 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let sha = SHA3_512::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHA3_512 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHA3_512 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let sha = SHA3_512::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_sha3: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_512(wc_sha3.as_mut_ptr(), heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + let wc_sha3 = unsafe { wc_sha3.assume_init() }; + let sha3_512 = SHA3_512 { wc_sha3 }; + Ok(sha3_512) + } + + /// Reinitialize a SHA3_512 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let mut sha = SHA3_512::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHA3_512 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let mut sha = SHA3_512::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { sys::wc_InitSha3_512(&mut self.wc_sha3, heap, dev_id) }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHA3-512 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let mut sha = SHA3_512::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Sha3_512_Update(&mut self.wc_sha3, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHA3-512 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. The length + /// should be SHA3_512::DIGEST_SIZE. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHA3_512; + /// let mut sha = SHA3_512::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; SHA3_512::DIGEST_SIZE]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + if hash.len() != Self::DIGEST_SIZE { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let rc = unsafe { + sys::wc_Sha3_512_Final(&mut self.wc_sha3, hash.as_mut_ptr()) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(sha3)] +impl Drop for SHA3_512 { + /// Safely free the underlying wolfSSL SHA3_512 context. + /// + /// This calls the `wc_Sha3_512_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHA3_512 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Sha3_512_Free(&mut self.wc_sha3); } + } +} + +/// Context for SHAKE128 (SHA-3) computation. +#[cfg(shake128)] +pub struct SHAKE128 { + wc_shake: sys::wc_Shake, +} + +#[cfg(shake128)] +impl SHAKE128 { + /// Squeeze block size. + pub const SQUEEZE_BLOCK_SIZE: usize = sys::WC_SHA3_128_BLOCK_SIZE as usize; + + /// Build a new SHAKE128 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHAKE128 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let sha = SHAKE128::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHAKE128 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHAKE128 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let sha = SHAKE128::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_shake: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitShake128(wc_shake.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let wc_shake = unsafe { wc_shake.assume_init() }; + let shake128 = SHAKE128 { wc_shake }; + Ok(shake128) + } + + /// Reinitialize a SHAKE128 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHAKE128 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitShake128(&mut self.wc_shake, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHAKE128 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Shake128_Update(&mut self.wc_shake, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHAKE128 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; 32]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + let hash_size = hash.len() as u32; + let rc = unsafe { + sys::wc_Shake128_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Absorb the provided byte array. Cannot be called incrementally. + /// + /// # Parameters + /// + /// * `data`: Data buffer to absorb. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.absorb(b"input").expect("Error with absorb()"); + /// ``` + pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Shake128_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Squeeze out more blocks of data. + /// + /// This function can be called inrementally. + /// + /// # Parameters + /// + /// * `dout`: Output buffer. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE128; + /// let mut sha = SHAKE128::new().expect("Error with new()"); + /// sha.absorb(b"input").expect("Error with absorb()"); + /// let mut buffer = [0u8; 2 * SHAKE128::SQUEEZE_BLOCK_SIZE]; + /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); + /// ``` + pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { + let dout_size = dout.len() as u32; + if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let n_blocks = dout_size / (Self::SQUEEZE_BLOCK_SIZE as u32); + let rc = unsafe { + sys::wc_Shake128_SqueezeBlocks(&mut self.wc_shake, dout.as_mut_ptr(), n_blocks) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(shake128)] +impl Drop for SHAKE128 { + /// Safely free the underlying wolfSSL SHAKE128 context. + /// + /// This calls the `wc_Shake128_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHAKE128 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Shake128_Free(&mut self.wc_shake); } + } +} + +/// Context for SHAKE256 (SHA-3) computation. +#[cfg(shake256)] +pub struct SHAKE256 { + wc_shake: sys::wc_Shake, +} + +#[cfg(shake256)] +impl SHAKE256 { + /// Squeeze block size. + pub const SQUEEZE_BLOCK_SIZE: usize = sys::WC_SHA3_256_BLOCK_SIZE as usize; + + /// Build a new SHAKE256 instance. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHAKE256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let sha = SHAKE256::new().expect("Error with new()"); + /// ``` + pub fn new() -> Result { + Self::new_ex(None, None) + } + + /// Build a new SHAKE256 instance with optional heap and device ID. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(sha) containing the SHAKE256 struct instance or Err(e) + /// containing the wolfSSL library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let sha = SHAKE256::new_ex(None, None).expect("Error with new_ex()"); + /// ``` + pub fn new_ex(heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result { + let mut wc_shake: MaybeUninit = MaybeUninit::uninit(); + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitShake256(wc_shake.as_mut_ptr(), heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + let wc_shake = unsafe { wc_shake.assume_init() }; + let shake256 = SHAKE256 { wc_shake }; + Ok(shake256) + } + + /// Reinitialize a SHAKE256 instance for a new hash calculation. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.init().expect("Error with init()"); + /// ``` + pub fn init(&mut self) -> Result<(), i32> { + self.init_ex(None, None) + } + + /// Reinitialize a SHAKE256 instance for a new hash calculation with + /// optional heap and device ID. + /// + /// This does not need to be called after `new()`, but should be called + /// after a hash calculation to prepare for a new calculation. + /// + /// # Parameters + /// + /// * `heap`: Optional heap hint. + /// * `dev_id` Optional device ID to use with crypto callbacks or async hardware. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.init_ex(None, None).expect("Error with init_ex()"); + /// ``` + pub fn init_ex(&mut self, heap: Option<*mut core::ffi::c_void>, dev_id: Option) -> Result<(), i32> { + let heap = match heap { + Some(heap) => heap, + None => core::ptr::null_mut(), + }; + let dev_id = match dev_id { + Some(dev_id) => dev_id, + None => sys::INVALID_DEVID, + }; + let rc = unsafe { + sys::wc_InitShake256(&mut self.wc_shake, heap, dev_id) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Update the SHAKE256 calculation by feeding in more input data. + /// + /// # Parameters + /// + /// * `data`: Input data. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// ``` + pub fn update(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Shake256_Update(&mut self.wc_shake, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Finalize the SHAKE256 calculation and retrieve the calculated hash. + /// + /// # Parameters + /// + /// * `hash`: Buffer in which to store the calculated hash. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.update(b"input").expect("Error with update()"); + /// let mut hash = [0u8; 32]; + /// sha.finalize(&mut hash).expect("Error with finalize()"); + /// ``` + pub fn finalize(&mut self, hash: &mut [u8]) -> Result<(), i32> { + let hash_size = hash.len() as u32; + let rc = unsafe { + sys::wc_Shake256_Final(&mut self.wc_shake, hash.as_mut_ptr(), hash_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Absorb the provided byte array. Cannot be called incrementally. + /// + /// # Parameters + /// + /// * `data`: Data buffer to absorb. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.absorb(b"input").expect("Error with absorb()"); + /// ``` + pub fn absorb(&mut self, data: &[u8]) -> Result<(), i32> { + let data_size = data.len() as u32; + let rc = unsafe { + sys::wc_Shake256_Absorb(&mut self.wc_shake, data.as_ptr(), data_size) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } + + /// Squeeze out more blocks of data. + /// + /// This function can be called inrementally. + /// + /// # Parameters + /// + /// * `dout`: Output buffer. + /// + /// # Returns + /// + /// Returns either Ok(()) on success or Err(e) containing the wolfSSL + /// library error code value. + /// + /// # Example + /// + /// ```rust + /// use wolfssl_wolfcrypt::sha::SHAKE256; + /// let mut sha = SHAKE256::new().expect("Error with new()"); + /// sha.absorb(b"input").expect("Error with absorb()"); + /// let mut buffer = [0u8; 2 * SHAKE256::SQUEEZE_BLOCK_SIZE]; + /// sha.squeeze_blocks(&mut buffer).expect("Error with squeeze_blocks()"); + /// ``` + pub fn squeeze_blocks(&mut self, dout: &mut [u8]) -> Result<(), i32> { + let dout_size = dout.len() as u32; + if dout_size % (Self::SQUEEZE_BLOCK_SIZE as u32) != 0 { + return Err(sys::wolfCrypt_ErrorCodes_BUFFER_E); + } + let n_blocks = dout_size / (Self::SQUEEZE_BLOCK_SIZE as u32); + let rc = unsafe { + sys::wc_Shake256_SqueezeBlocks(&mut self.wc_shake, dout.as_mut_ptr(), n_blocks) + }; + if rc != 0 { + return Err(rc); + } + Ok(()) + } +} + +#[cfg(shake256)] +impl Drop for SHAKE256 { + /// Safely free the underlying wolfSSL SHAKE256 context. + /// + /// This calls the `wc_Shake256_Free` wolfssl library function. + /// + /// The Rust Drop trait guarantees that this method is called when the + /// SHAKE256 struct goes out of scope, automatically cleaning up resources + /// and preventing memory leaks. + fn drop(&mut self) { + unsafe { sys::wc_Shake256_Free(&mut self.wc_shake); } + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/src/sys.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +/* + * Suppress warnings for bindgen-generated bindings to wolfssl C library. + */ +#![allow(clippy::missing_safety_doc)] +#![allow(clippy::ptr_offset_with_cast)] +#![allow(clippy::too_many_arguments)] +#![allow(clippy::upper_case_acronyms)] +#![allow(clippy::useless_transmute)] +#![allow(dead_code)] +#![allow(improper_ctypes)] +#![allow(non_camel_case_types)] +#![allow(non_snake_case)] +#![allow(non_upper_case_globals)] +#![allow(unnecessary_transmutes)] +#![allow(unsafe_op_in_unsafe_fn)] +include!(concat!(env!("OUT_DIR"), "/bindings.rs")); + +/* Include generated FIPS symbol aliases. */ +include!(concat!(env!("OUT_DIR"), "/fips_aliases.rs")); + +#[cfg(not(rsa_setrng))] +unsafe extern "C" { + pub fn wc_RsaSetRNG(key: *mut RsaKey, rng: *mut WC_RNG) -> core::ffi::c_int; +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/common/mod.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,13 @@ +#[cfg(fips)] +fn setup_fips() +{ + use wolfssl_wolfcrypt::fips; + fips::set_private_key_read_enable(1).expect("Error with set_private_key_read_enable()"); +} + +#[allow(dead_code)] +pub fn setup() +{ + #[cfg(fips)] + setup_fips(); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_aes.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,865 @@ +#![cfg(aes)] + +use wolfssl_wolfcrypt::aes::*; + +const BIG_MSG: [u8; 384] = [ + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 +]; + +#[test] +#[cfg(aes_cbc)] +fn test_cbc_encrypt_decrypt() { + let mut cbc = CBC::new().expect("Failed to create CBC"); + let key: &[u8; 16] = b"0123456789abcdef"; + let iv: &[u8; 16] = b"1234567890abcdef"; + let msg: [u8; 16] = [ + 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, + ]; + let expected_cipher: [u8; 16] = [ + 0x95, 0x94, 0x92, 0x57, 0x5f, 0x42, 0x81, 0x53, + 0x2c, 0xcc, 0x9d, 0x46, 0x77, 0xa2, 0x33, 0xcb + ]; + cbc.init_encrypt(key, iv).expect("Error with init_encrypt()"); + let mut cipher: [u8; 16] = [0; 16]; + cbc.encrypt(&msg, &mut cipher).expect("Error with encrypt()"); + assert_eq!(&cipher, &expected_cipher); + let mut plain_out = [0; 16]; + cbc.init_decrypt(key, iv).expect("Error with init_decrypt()"); + cbc.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); + assert_eq!(&plain_out, &msg); +} + +#[test] +#[cfg(aes_cbc)] +fn test_cbc_big_msg() { + let mut cbc = CBC::new().expect("Failed to create CBC"); + let big_key = b"0123456789abcdeffedcba9876543210"; + let iv: &[u8; 16] = b"1234567890abcdef"; + let mut big_cipher: [u8; 384] = [0; 384]; + let mut big_plain: [u8; 384] = [0; 384]; + cbc.init_encrypt(big_key, iv).expect("Error with init_encrypt()"); + for i in (0..384).step_by(16) { + cbc.encrypt(&BIG_MSG[i..(i + 16)], &mut big_cipher[i..(i + 16)]).expect("Error with encrypt()"); + } + cbc.init_decrypt(big_key, iv).expect("Error with init_decrypt()"); + for i in (0..384).step_by(16) { + cbc.decrypt(&big_cipher[i..(i + 16)], &mut big_plain[i..(i + 16)]).expect("Error with decrypt()"); + } + assert_eq!(big_plain, BIG_MSG); +} + +#[test] +#[cfg(aes_ccm)] +fn test_ccm_encrypt_decrypt() { + let key: [u8; 16] = [ + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + ]; + let nonce: [u8; 13] = [ + 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, + 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 + ]; + let plaintext: [u8; 23] = [ + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e + ]; + let plaintext_long: [u8; 73] = [ + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50 + ]; + let auth_data: [u8; 8] = [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + ]; + let expected_ciphertext: [u8; 23] = [ + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 + ]; + let expected_auth_tag: [u8; 8] = [ + 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 + ]; + let expected_ciphertext_long: [u8; 73] = [ + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0, + 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8, + 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4, + 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b, + 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e, + 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e, + 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10, + 0x0b + ]; + let expected_auth_tag_long: [u8; 8] = [ + 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4 + ]; + + let mut ccm = CCM::new().expect("Failed to create CCM"); + ccm.init(&key).expect("Error with init()"); + let mut auth_tag_out: [u8; 8] = [0; 8]; + let mut cipher_out: [u8; 23] = [0; 23]; + ccm.encrypt(&plaintext, &mut cipher_out, + &nonce, &auth_data, &mut auth_tag_out).expect("Error with encrypt()"); + assert_eq!(cipher_out, expected_ciphertext); + assert_eq!(auth_tag_out, expected_auth_tag); + ccm.init(&key).expect("Error with init()"); + let mut plain_out: [u8; 23] = [0; 23]; + ccm.decrypt(&cipher_out, &mut plain_out, + &nonce, &auth_data, &auth_tag_out).expect("Error with decrypt()"); + assert_eq!(plain_out, plaintext); + + ccm.init(&key).expect("Error with init()"); + let mut auth_tag_long_out: [u8; 8] = [0; 8]; + let mut cipher_long_out: [u8; 73] = [0; 73]; + ccm.encrypt(&plaintext_long, &mut cipher_long_out, + &nonce, &auth_data, &mut auth_tag_long_out).expect("Error with encrypt()"); + assert_eq!(cipher_long_out, expected_ciphertext_long); + assert_eq!(auth_tag_long_out, expected_auth_tag_long); + ccm.init(&key).expect("Error with init()"); + let mut plain_long_out: [u8; 73] = [0; 73]; + ccm.decrypt(&cipher_long_out, &mut plain_long_out, + &nonce, &auth_data, &auth_tag_long_out).expect("Error with decrypt()"); + assert_eq!(plain_long_out, plaintext_long); +} + +#[test] +#[cfg(aes_ccm)] +fn test_ccm_big_msg() { + let mut ccm = CCM::new().expect("Failed to create CCM"); + let big_key = b"0123456789abcdeffedcba9876543210"; + let nonce: [u8; 7] = [0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00]; + let auth_data: [u8; 8] = [0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07]; + let mut big_cipher: [u8; 384] = [0; 384]; + let mut big_plain: [u8; 384] = [0; 384]; + let mut auth_tag: [u8; 8] = [0; 8]; + ccm.init(big_key).expect("Error with init()"); + ccm.encrypt(&BIG_MSG, &mut big_cipher, + &nonce, &auth_data, &mut auth_tag).expect("Error with encrypt()"); + ccm.init(big_key).expect("Error with init()"); + ccm.decrypt(&big_cipher, &mut big_plain, + &nonce, &auth_data, &auth_tag).expect("Error with decrypt()"); + assert_eq!(big_plain, BIG_MSG); +} + +#[test] +#[cfg(aes_cfb)] +fn test_cfb_encrypt_decrypt() { + let mut cfb = CFB::new().expect("Failed to create CFB"); + let key: [u8; 16] = [ + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + ]; + let iv: [u8; 16] = [ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + ]; + let msg: [u8; 48] = [ + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef + ]; + let cipher: [u8; 48] = [ + 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, + 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, + 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, + 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, + 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, + 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf + ]; + cfb.init(&key, &iv).expect("Error with init()"); + let mut outbuf: [u8; 48] = [0; 48]; + cfb.encrypt(&msg[0..32], &mut outbuf[0..32]).expect("Error with encrypt()"); + /* Break up encrypt over two operations to test continuation. */ + cfb.encrypt(&msg[32..48], &mut outbuf[32..48]).expect("Error with encrypt()"); + assert_eq!(outbuf, cipher); + cfb.init(&key, &iv).expect("Error with init()"); + let mut plain: [u8; 48] = [0; 48]; + cfb.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); + assert_eq!(plain, msg); +} + +#[test] +#[cfg(aes_cfb)] +fn test_cfb_big_msg() { + let mut cfb = CFB::new().expect("Failed to create CFB"); + let big_key = b"0123456789abcdeffedcba9876543210"; + let iv: [u8; 16] = [ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + ]; + let mut big_cipher: [u8; 384] = [0; 384]; + let mut big_plain: [u8; 384] = [0; 384]; + cfb.init(big_key, &iv).expect("Error with init()"); + cfb.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()"); + cfb.init(big_key, &iv).expect("Error with init()"); + cfb.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()"); + assert_eq!(big_plain, BIG_MSG); +} + +#[test] +#[cfg(aes_ctr)] +fn test_ctr_encrypt_decrypt() { + let iv: [u8; 16] = [ + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + ]; + let msg: [u8; 64] = [ + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + ]; + let key: [u8; 16] = [ + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + ]; + let cipher: [u8; 64] = [ + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + ]; + let mut ctr = CTR::new().expect("Failed to create CTR"); + ctr.init(&key, &iv).expect("Error with init()"); + let mut outbuf: [u8; 64] = [0; 64]; + ctr.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); + assert_eq!(outbuf, cipher); + ctr.init(&key, &iv).expect("Error with init()"); + let mut plain: [u8; 64] = [0; 64]; + ctr.decrypt(&outbuf, &mut plain).expect("Error with decrypt()"); + assert_eq!(plain, msg); +} + +#[test] +#[cfg(aes_ctr)] +fn test_ctr_big_msg() { + let mut ctr = CTR::new().expect("Failed to create CTR"); + let big_key = b"0123456789abcdeffedcba9876543210"; + let iv: [u8; 16] = [ + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + ]; + let mut big_cipher: [u8; 384] = [0; 384]; + let mut big_plain: [u8; 384] = [0; 384]; + ctr.init(big_key, &iv).expect("Error with init()"); + ctr.encrypt(&BIG_MSG, &mut big_cipher).expect("Error with encrypt()"); + ctr.init(big_key, &iv).expect("Error with init()"); + ctr.decrypt(&big_cipher, &mut big_plain).expect("Error with decrypt()"); + assert_eq!(big_plain, BIG_MSG); +} + +#[test] +#[cfg(aes_eax)] +fn test_eax_one_shot_encrypt_decrypt() { + let key: [u8; 16] = [ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + ]; + let nonce: [u8; 16] = [ + 0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, + 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2 + ]; + let auth: &[u8] = &[]; + let msg: [u8; 32] = [ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11 + ]; + let expected_cipher: [u8; 32] = [ + 0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, + 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, + 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, + 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68 + ]; + let expected_auth_tag: [u8; 16] = [ + 0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, + 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e + ]; + let mut cipher: [u8; 32] = [0; 32]; + let mut auth_tag: [u8; 16] = [0; 16]; + EAX::encrypt(&msg, &mut cipher, &key, &nonce, auth, &mut auth_tag).expect("Error with encrypt()"); + assert_eq!(cipher, expected_cipher); + assert_eq!(auth_tag, expected_auth_tag); + let mut plain: [u8; 32] = [0; 32]; + EAX::decrypt(&cipher, &mut plain, &key, &nonce, auth, &auth_tag).expect("Error with decrypt()"); + assert_eq!(plain, msg); +} + +#[test] +#[cfg(aes_ecb)] +fn test_ecb_encrypt_decrypt() { + let mut ecb = ECB::new().expect("Failed to create ECB"); + let key_128: &[u8; 16] = b"0123456789abcdef"; + let msg: [u8; 16] = [ + 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 + ]; + let verify_ecb_128: [u8; 16] = [ + 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, + 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 + ]; + ecb.init_encrypt(key_128).expect("Error with init_encrypt()"); + let mut outbuf: [u8; 16] = [0; 16]; + ecb.encrypt(&msg, &mut outbuf).expect("Error with encrypt()"); + assert_eq!(&outbuf, &verify_ecb_128); + outbuf = [0; 16]; + ecb.init_decrypt(key_128).expect("Error with init_decrypt()"); + ecb.decrypt(&verify_ecb_128, &mut outbuf).expect("Error with decrypt()"); + assert_eq!(&outbuf, &msg); +} + +#[test] +#[cfg(aes_gcm)] +fn test_gcm_encrypt_decrypt() { + let key: [u8; 16] = [ + 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, + 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc + ]; + let iv: [u8; 12] = [ + 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, + 0xe4, 0xed, 0x2f, 0x6d + ]; + let plain: [u8; 32] = [ + 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, + 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, + 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, + 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 + ]; + let auth: [u8; 16] = [ + 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, + 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 + ]; + let expected_cipher: [u8; 32] = [ + 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, + 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, + 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, + 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb + ]; + let expected_auth_tag: [u8; 16] = [ + 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, + 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 + ]; + let mut gcm = GCM::new().expect("Failed to create GCM"); + gcm.init(&key).expect("Error with init()"); + let mut cipher: [u8; 32] = [0; 32]; + let mut auth_tag: [u8; 16] = [0; 16]; + gcm.encrypt(&plain, &mut cipher, &iv, &auth, &mut auth_tag).expect("Error with encrypt()"); + assert_eq!(cipher, expected_cipher); + assert_eq!(auth_tag, expected_auth_tag); + let mut plain_out: [u8; 32] = [0; 32]; + gcm.decrypt(&cipher, &mut plain_out, &iv, &auth, &auth_tag).expect("Error with decrypt()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_gcm_stream)] +fn test_gcmstream_encrypt_decrypt() { + let plain: [u8; 60] = [ + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + ]; + let auth: [u8; 20] = [ + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + ]; + let key: [u8; 32] = [ + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + ]; + let iv: [u8; 12] = [ + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + ]; + let expected_cipher: [u8; 60] = [ + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + ]; + let expected_auth_tag: [u8; 16] = [ + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + ]; + let mut gcmstream = GCMStream::new().expect("Failed to create GCMStream"); + for chunk_size in 1..=auth.len() { + gcmstream.init(&key, &iv).expect("Error with init()"); + let mut cipher: [u8; 60] = [0; 60]; + let mut i = 0; + while i < auth.len() { + let mut end = i + chunk_size; + if end > auth.len() { + end = auth.len() + } + gcmstream.encrypt_update(&plain[0..0], &mut cipher[0..0], &auth[i..end]).expect("Error with encrypt_update()"); + i += chunk_size; + } + i = 0; + while i < plain.len() { + let mut end = i + chunk_size; + if end > plain.len() { + end = plain.len() + } + gcmstream.encrypt_update(&plain[i..end], &mut cipher[i..end], &auth[0..0]).expect("Error with encrypt_update()"); + i += chunk_size; + } + let mut auth_tag: [u8; 16] = [0; 16]; + gcmstream.encrypt_final(&mut auth_tag).expect("Error with encrypt_final()"); + assert_eq!(cipher, expected_cipher); + assert_eq!(auth_tag, expected_auth_tag); + } +} + +#[test] +#[cfg(aes_ofb)] +fn test_ofb_encrypt_decrypt() { + let key: [u8; 32] = [ + 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, + 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, + 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, + 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 + ]; + let iv: [u8; 16] = [ + 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, + 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f + ]; + let plain: [u8; 48] = [ + 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, + 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, + 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, + 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, + 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, + 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c + ]; + let expected_cipher: [u8; 48] = [ + 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, + 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, + 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, + 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, + 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, + 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 + ]; + let mut ofb = OFB::new().expect("Failed to create OFB"); + ofb.init(&key, &iv).expect("Error with init()"); + let mut cipher: [u8; 48] = [0; 48]; + ofb.encrypt(&plain, &mut cipher).expect("Error with encrypt()"); + assert_eq!(cipher, expected_cipher); + ofb.init(&key, &iv).expect("Error with init()"); + let mut plain_out: [u8; 48] = [0; 48]; + ofb.decrypt(&cipher, &mut plain_out).expect("Error with decrypt()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_xts)] +fn test_xts_one_shot() { + let key: [u8; 32] = [ + 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, + 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, + 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, + 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f + ]; + let tweak: [u8; 16] = [ + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + ]; + let plain: [u8; 16] = [ + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c + ]; + let expected_cipher: [u8; 16] = [ + 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, + 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 + ]; + let partial: [u8; 24] = [ + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + ]; + let expected_partial_cipher: [u8; 24] = [ + 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b, + 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b, + 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a + ]; + + let mut xts = XTS::new().expect("Failed to create XTS"); + xts.init_encrypt(&key).expect("Error with init_encrypt()"); + let mut cipher: [u8; 16] = [0; 16]; + xts.encrypt(&plain, &mut cipher, &tweak).expect("Error with encrypt()"); + assert_eq!(cipher, expected_cipher); + xts.init_decrypt(&key).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 16] = [0; 16]; + xts.decrypt(&cipher, &mut plain_out, &tweak).expect("Error with decrypt()"); + assert_eq!(plain_out, plain); + + xts.init_encrypt(&key).expect("Error with init_encrypt()"); + let mut partial_cipher: [u8; 24] = [0; 24]; + xts.encrypt(&partial, &mut partial_cipher, &tweak).expect("Error with encrypt()"); + assert_eq!(partial_cipher, expected_partial_cipher); + xts.init_decrypt(&key).expect("Error with init_decrypt()"); + let mut partial_out: [u8; 24] = [0; 24]; + xts.decrypt(&partial_cipher, &mut partial_out, &tweak).expect("Error with decrypt()"); + assert_eq!(partial_out, partial); +} + +#[test] +#[cfg(aes_xts)] +fn test_xts_sector_128() { + let keys: [u8; 32] = [ + 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, + 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, + 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, + 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c + ]; + let plain: [u8; 16] =[ + 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, + 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c + ]; + let expected_cipher: [u8; 16] = [ + 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, + 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 + ]; + let sector = 141; + + let mut xts = XTS::new().expect("Failed to create XTS"); + xts.init_encrypt(&keys).expect("Error with init_encrypt()"); + let mut cipher: [u8; 16] = [0; 16]; + xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()"); + assert_eq!(cipher, expected_cipher); + + xts.init_decrypt(&keys).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 16] = [0; 16]; + xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_xts)] +fn test_xts_sector_256() { + let keys: [u8; 64] = [ + 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, + 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, + 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, + 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, + 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, + 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, + 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, + 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 + ]; + let plain: [u8; 32] =[ + 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, + 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, + 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, + 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 + ]; + let expected_cipher: [u8; 32] = [ + 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, + 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, + 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, + 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d + ]; + let sector = 187; + + let mut xts = XTS::new().expect("Failed to create XTS"); + xts.init_encrypt(&keys).expect("Error with init_encrypt()"); + let mut cipher: [u8; 32] = [0; 32]; + xts.encrypt_sector(&plain, &mut cipher, sector).expect("Error with encrypt_sector()"); + assert_eq!(cipher, expected_cipher); + + xts.init_decrypt(&keys).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 32] = [0; 32]; + xts.decrypt_sector(&cipher, &mut plain_out, sector).expect("Error with decrypt_sector()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_xts)] +fn test_xts_consecutive_sectors() { + let keys: [u8; 32] = [ + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 + ]; + let plain: [u8; 544] =[ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, + 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, + 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, + 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, + 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, + 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, + 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, + 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, + 0xfc, 0xfd, 0xfe, 0xff, + + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, + 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, + 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, + 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, + 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, + 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, + 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, + 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, + 0xfc, 0xfd, 0xfe, 0xff, + + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + ]; + let expected_cipher: [u8; 544] = [ + 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62, + 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9, + 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37, + 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64, + 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80, + 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4, + 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5, + 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83, + 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24, + 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0, + 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95, + 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9, + 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1, + 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87, + 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc, + 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e, + 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9, + 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5, + 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44, + 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4, + 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08, + 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2, + 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81, + 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79, + 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1, + 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74, + 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68, + 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c, + 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd, + 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6, + 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78, + 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b, + 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f, + 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3, + 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5, + 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2, + 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a, + 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63, + 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17, + 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a, + 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5, + 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7, + 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad, + 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde, + 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44, + 0x24, 0xe7, 0x3d, 0x6f + ]; + let sector = 0x000000ffffffffff; + let sector_size = 512; + + let mut xts = XTS::new().expect("Failed to create XTS"); + xts.init_encrypt(&keys).expect("Error with init_encrypt()"); + let mut cipher: [u8; 544] = [0; 544]; + xts.encrypt_consecutive_sectors(&plain, &mut cipher, sector, sector_size).expect("Error with encrypt_consecutive_sectors()"); + assert_eq!(cipher, expected_cipher); + + xts.init_decrypt(&keys).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 544] = [0; 544]; + xts.decrypt_consecutive_sectors(&cipher, &mut plain_out, sector, sector_size).expect("Error with decrypt_consecutive_sectors()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_xts_stream)] +fn test_xtsstream() { + let keys: [u8; 32] = [ + 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, + 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, + 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, + 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 + ]; + let tweak: [u8; 16] = [ + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 + ]; + let plain: [u8; 32] = [ + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 + ]; + let expected_cipher: [u8; 32] = [ + 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, + 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, + 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, + 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 + ]; + + let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); + xtsstream.init_encrypt(&keys, &tweak).expect("Error with init_encrypt()"); + let mut cipher: [u8; 32] = [0; 32]; + xtsstream.encrypt_update(&plain[0..16], &mut cipher[0..16]).expect("Error with encrypt_update()"); + xtsstream.encrypt_final(&plain[16..32], &mut cipher[16..32]).expect("Error with encrypt_final()"); + assert_eq!(cipher, expected_cipher); + + xtsstream.init_decrypt(&keys, &tweak).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 32] = [0; 32]; + xtsstream.decrypt_update(&cipher[0..16], &mut plain_out[0..16]).expect("Error with decrypt_update()"); + xtsstream.decrypt_final(&cipher[16..32], &mut plain_out[16..32]).expect("Error with decrypt_final()"); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(aes_xts_stream)] +fn test_xtsstream_big_msg() { + let key: [u8; 32] = [ + 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, + 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, + 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, + 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f + ]; + let tweak: [u8; 16] = [ + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + ]; + + let mut xtsstream = XTSStream::new().expect("Failed to create XTSStream"); + xtsstream.init_encrypt(&key, &tweak).expect("Error with init_encrypt()"); + let mut cipher: [u8; 384] = [0; 384]; + let mut i = 0; + while i < BIG_MSG.len() { + let remaining = BIG_MSG.len() - i; + if remaining < 32 { + xtsstream.encrypt_final(&BIG_MSG[i..BIG_MSG.len()], &mut cipher[i..BIG_MSG.len()]).expect("Error with encrypt_final()"); + i += remaining; + } else { + let end = i + 16; + xtsstream.encrypt_update(&BIG_MSG[i..end], &mut cipher[i..end]).expect("Error with encrypt_update()"); + i += 16; + } + } + + xtsstream.init_decrypt(&key, &tweak).expect("Error with init_decrypt()"); + let mut plain_out: [u8; 384] = [0; 384]; + let mut i = 0; + while i < BIG_MSG.len() { + let remaining = BIG_MSG.len() - i; + if remaining < 32 { + xtsstream.decrypt_final(&cipher[i..BIG_MSG.len()], &mut plain_out[i..BIG_MSG.len()]).expect("Error with decrypt_final()"); + i += remaining; + } else { + let end = i + 16; + xtsstream.decrypt_update(&cipher[i..end], &mut plain_out[i..end]).expect("Error with decrypt_update()"); + i += 16; + } + } + + assert_eq!(plain_out, BIG_MSG); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_blake2.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,205 @@ +#[cfg(any(blake2b, blake2s))] +use wolfssl_wolfcrypt::blake2::*; + +#[test] +#[cfg(blake2b)] +fn test_blake2b() { + let expected_hashes: [&[u8]; 3] = [ + &[ + 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03, + 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72, + 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61, + 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19, + 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53, + 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B, + 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55, + 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE + ], + &[ + 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95, + 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7, + 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44, + 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C, + 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB, + 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4, + 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48, + 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B + ], + &[ + 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9, + 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72, + 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF, + 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15, + 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB, + 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04, + 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1, + 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5 + ], + ]; + + for (i, expected_hash) in expected_hashes.iter().enumerate() { + let mut blake2b = BLAKE2b::new(expected_hash.len()).expect("Error with new()"); + let mut input = vec![0u8; i]; + for idx in 0..input.len() { + input[idx] = idx as u8; + } + blake2b.update(&input).expect("Error with update()"); + let mut hash = [0u8; 64]; + blake2b.finalize(&mut hash).expect("error with finalize()"); + assert_eq!(hash, *expected_hash); + } +} + +#[test] +#[cfg(blake2b_hmac)] +fn test_blake2b_hmac() { + let key1 = [0x41u8, 0x42, 0x43, 0x44]; + let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f]; + let expected1 = [ + 0x46u8, 0x76, 0xbb, 0x0e, 0xf8, 0xa1, 0x56, 0x33, + 0xde, 0xdc, 0x44, 0xe3, 0x2b, 0xf3, 0xee, 0x5b, + 0x5f, 0x7f, 0x04, 0x00, 0x2c, 0xaa, 0xd4, 0x93, + 0xc6, 0xa6, 0xb4, 0xf3, 0x14, 0x8d, 0x6d, 0x9c, + 0x6a, 0x12, 0x02, 0x85, 0x66, 0xed, 0x9b, 0x5d, + 0x8d, 0x0e, 0x3d, 0xf4, 0x78, 0xee, 0x5a, 0xf6, + 0x2f, 0x97, 0xa5, 0x77, 0x88, 0x8c, 0xc4, 0x66, + 0x46, 0xb1, 0xba, 0x51, 0x29, 0x19, 0xd7, 0xaa, + ]; + let key2 = [ + 0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33 + ]; + let message2 = [ + 0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + let expected2 = [ + 0x2au8, 0xda, 0xf6, 0x94, 0x79, 0xce, 0xe2, 0xd2, + 0x5d, 0x89, 0x8b, 0xd7, 0x0d, 0xbc, 0x11, 0x1f, + 0x98, 0x99, 0xe0, 0x17, 0x7c, 0x5b, 0x8f, 0x94, + 0xf5, 0x95, 0xbc, 0x1b, 0xb1, 0x95, 0xe8, 0x60, + 0xbb, 0x29, 0xa4, 0xd9, 0x27, 0x2e, 0x00, 0xea, + 0xba, 0xc3, 0x3e, 0xe6, 0x9c, 0xc7, 0xd7, 0x8d, + 0x69, 0xc7, 0xb4, 0xf7, 0x31, 0x4a, 0xb1, 0xf0, + 0x3c, 0xed, 0x06, 0x49, 0x6f, 0x46, 0x99, 0xea, + ]; + + let mut out1 = [0u8; 64]; + BLAKE2bHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()"); + assert_eq!(out1, expected1); + + let mut out2 = [0u8; 64]; + BLAKE2bHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()"); + assert_eq!(out2, expected2); + + let mut hmac_blake2b = BLAKE2bHmac::new(&key1).expect("Error with new()"); + hmac_blake2b.update(&message1[0..4]).expect("Error with update()"); + hmac_blake2b.update(&message1[4..]).expect("Error with update()"); + let mut out1 = [0u8; 64]; + hmac_blake2b.finalize(&key1, &mut out1).expect("Error with finalize()"); + assert_eq!(out1, expected1); + + let mut hmac_blake2b = BLAKE2bHmac::new(&key2).expect("Error with new()"); + hmac_blake2b.update(&message2[0..48]).expect("Error with update()"); + hmac_blake2b.update(&message2[48..]).expect("Error with update()"); + let mut out2 = [0u8; 64]; + hmac_blake2b.finalize(&key2, &mut out2).expect("Error with finalize()"); + assert_eq!(out2, expected2); +} + +#[test] +#[cfg(blake2s)] +fn test_blake2s() { + let expected_hashes: [&[u8]; 3] = [ + &[ + 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, + 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, + 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, + 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9, + ], + &[ + 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6, + 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2, + 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb, + 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea, + ], + &[ + 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49, + 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe, + 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88, + 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c, + ], + ]; + + for (i, expected_hash) in expected_hashes.iter().enumerate() { + let mut blake2s = BLAKE2s::new(expected_hash.len()).expect("Error with new()"); + let mut input = vec![0u8; i]; + for idx in 0..input.len() { + input[idx] = idx as u8; + } + blake2s.update(&input).expect("Error with update()"); + let mut hash = [0u8; 32]; + blake2s.finalize(&mut hash).expect("error with finalize()"); + assert_eq!(hash, *expected_hash); + } +} + +#[test] +#[cfg(blake2s_hmac)] +fn test_blake2s_hmac() { + let key1 = [0x41u8, 0x42, 0x43, 0x44]; + let message1 = [0x48u8, 0x65, 0x6c, 0x6c, 0x6f]; + let expected1 = [ + 0x96u8, 0xca, 0x1d, 0xaa, 0x9a, 0x33, 0x97, 0x3d, + 0xc5, 0x95, 0x3e, 0xce, 0x49, 0x93, 0x75, 0xc1, + 0x2a, 0x7c, 0x8f, 0x5b, 0xf0, 0x28, 0xef, 0xc3, + 0xfb, 0xc5, 0x97, 0xcd, 0xcc, 0x74, 0x44, 0x68, + ]; + let key2 = [ + 0x30u8, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, + 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x30, 0x31, 0x32, 0x33, + ]; + let message2 = [ + 0x61u8, 0x62, 0x63, 0x64, 0x62, 0x63, 0x64, 0x65, 0x63, 0x64, 0x65, 0x66, + 0x64, 0x65, 0x66, 0x67, 0x65, 0x66, 0x67, 0x68, 0x66, 0x67, 0x68, 0x69, + 0x67, 0x68, 0x69, 0x6a, 0x68, 0x69, 0x6a, 0x6b, 0x69, 0x6a, 0x6b, 0x6c, + 0x6a, 0x6b, 0x6c, 0x6d, 0x6b, 0x6c, 0x6d, 0x6e, 0x6c, 0x6d, 0x6e, 0x6f, + 0x6d, 0x6e, 0x6f, 0x70, 0x6e, 0x6f, 0x70, 0x71 + ]; + let expected2 = [ + 0xc4u8, 0x63, 0xdb, 0x28, 0x97, 0x60, 0x6a, 0xa7, + 0x1e, 0xe6, 0xcf, 0x93, 0x85, 0x3c, 0x90, 0x71, + 0xea, 0x76, 0x7f, 0x6a, 0xa7, 0x20, 0x80, 0x35, + 0xe1, 0x68, 0x95, 0xfe, 0x65, 0x65, 0x43, 0x76, + ]; + + let mut out1 = [0u8; 32]; + BLAKE2sHmac::hmac(&message1, &key1, &mut out1).expect("Error with hmac()"); + assert_eq!(out1, expected1); + + let mut out2 = [0u8; 32]; + BLAKE2sHmac::hmac(&message2, &key2, &mut out2).expect("Error with hmac()"); + assert_eq!(out2, expected2); + + let mut hmac_blake2s = BLAKE2sHmac::new(&key1).expect("Error with new()"); + hmac_blake2s.update(&message1[0..4]).expect("Error with update()"); + hmac_blake2s.update(&message1[4..]).expect("Error with update()"); + let mut out1 = [0u8; 32]; + hmac_blake2s.finalize(&key1, &mut out1).expect("Error with finalize()"); + assert_eq!(out1, expected1); + + let mut hmac_blake2s = BLAKE2sHmac::new(&key2).expect("Error with new()"); + hmac_blake2s.update(&message2[0..48]).expect("Error with update()"); + hmac_blake2s.update(&message2[48..]).expect("Error with update()"); + let mut out2 = [0u8; 32]; + hmac_blake2s.finalize(&key2, &mut out2).expect("Error with finalize()"); + assert_eq!(out2, expected2); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_chacha20_poly1305.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,275 @@ +#![cfg(chacha20_poly1305)] + +use wolfssl_wolfcrypt::chacha20_poly1305::*; + +#[test] +fn test_chacha20_poly1305_1() { + let key1 = [ + 0x80u8, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + ]; + + let plaintext1 = [ + 0x4cu8, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + ]; + + let iv1 = [ + 0x07u8, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, + 0x44, 0x45, 0x46, 0x47 + ]; + + let aad1 = [ + 0x50u8, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + ]; + + let cipher1 = [ + 0xd3u8, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, + 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, + 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, + 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, + 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, + 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16 + ]; + + let auth_tag_1 = [ + 0x1au8, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, + 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 + ]; + + /* Encrypt */ + let mut ccp = ChaCha20Poly1305::new(&key1, &iv1, true).expect("Error with new()"); + ccp.update_aad(&aad1).expect("Error with update_aad()"); + let mut out_cipher1 = [0u8; 114]; + ccp.update_data(&plaintext1, &mut out_cipher1).expect("Error with update_data()"); + let mut out_auth_tag_1 = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE]; + ccp.finalize(&mut out_auth_tag_1).expect("Error with finalize()"); + assert_eq!(out_cipher1, cipher1); + assert_eq!(out_auth_tag_1, auth_tag_1); + + /* Decrypt */ + let mut ccp = ChaCha20Poly1305::new(&key1, &iv1, false).expect("Error with new()"); + ccp.update_aad(&aad1).expect("Error with update_aad()"); + let mut out_plaintext1 = [0u8; 114]; + ccp.update_data(&cipher1, &mut out_plaintext1).expect("Error with update_data()"); + let mut out_auth_tag_1 = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE]; + ccp.finalize(&mut out_auth_tag_1).expect("Error with finalize()"); + assert_eq!(out_plaintext1, plaintext1); + assert_eq!(out_auth_tag_1, auth_tag_1); +} + +#[test] +fn test_chacha20_poly1305_2() { + let key2 = [ + 0x1cu8, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, + 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, + 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, + 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 + ]; + + let plaintext2 = [ + 0x49u8, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, + 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, + 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, + 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, + 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, + 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, + 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, + 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, + 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, + 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, + 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, + 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, + 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, + 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72, + 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, + 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, + 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, + 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, + 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, + 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, + 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, + 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, + 0x9d + ]; + + let iv2 = [ + 0x00u8, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08 + ]; + + let aad2 = [ + 0xf3u8, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x4e, 0x91 + ]; + + let cipher2 = [ + 0x64u8, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, + 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, + 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, + 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, + 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, + 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, + 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, + 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, + 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, + 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, + 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, + 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, + 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, + 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, + 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, + 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, + 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, + 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, + 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, + 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e, + 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, + 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, + 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, + 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, + 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, + 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e, + 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, + 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, + 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, + 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, + 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, + 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, + 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, + 0x9b + ]; + + let auth_tag_2 = [ + 0xeeu8, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, + 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 + ]; + + /* Encrypt */ + let mut ccp = ChaCha20Poly1305::new(&key2, &iv2, true).expect("Error with new()"); + ccp.update_aad(&aad2).expect("Error with update_aad()"); + let mut out_cipher2 = [0u8; 265]; + ccp.update_data(&plaintext2[0..128], &mut out_cipher2[0..128]).expect("Error with update_data()"); + ccp.update_data(&plaintext2[128..265], &mut out_cipher2[128..265]).expect("Error with update_data()"); + let mut out_auth_tag_2 = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE]; + ccp.finalize(&mut out_auth_tag_2).expect("Error with finalize()"); + assert_eq!(out_cipher2, cipher2); + assert_eq!(out_auth_tag_2, auth_tag_2); + + /* Decrypt */ + let mut ccp = ChaCha20Poly1305::new(&key2, &iv2, false).expect("Error with new()"); + ccp.update_aad(&aad2).expect("Error with update_aad()"); + let mut out_plaintext2 = [0u8; 265]; + ccp.update_data(&cipher2[0..128], &mut out_plaintext2[0..128]).expect("Error with update_data()"); + ccp.update_data(&cipher2[128..265], &mut out_plaintext2[128..265]).expect("Error with update_data()"); + let mut out_auth_tag_2 = [0u8; ChaCha20Poly1305::AUTH_TAG_SIZE]; + ccp.finalize(&mut out_auth_tag_2).expect("Error with finalize()"); + assert_eq!(out_plaintext2, plaintext2); + assert_eq!(out_auth_tag_2, auth_tag_2); +} + +#[test] +#[cfg(xchacha20_poly1305)] +fn test_xchacha20_poly1305() { + const PLAINTEXT: &[u8] = &[ + 0x4cu8, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */ + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */ + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */ + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */ + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */ + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */ + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */ + 0x74, 0x2e ]; /* t. */ + + let aad = [ + 0x50u8, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + ]; /* PQRS........ */ + + let key = [ + 0x80u8, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + ]; + + let iv = [ + 0x40u8, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */ + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 /* PQRSTUVW */ + ]; + + let expected_ciphertext = [ + 0xbdu8, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, + 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39, + 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, + 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb, + 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, + 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39, + 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, + 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52, + 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, + 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e, + 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, + 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9, + 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, + 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13, + 0xb5, 0x2e + ]; + + let expected_tag = [ + 0xc0u8, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, + 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49 + ]; + + let mut ciphertext_buffer = [0u8; PLAINTEXT.len() + XChaCha20Poly1305::AUTH_TAG_SIZE]; + XChaCha20Poly1305::encrypt(&key, &iv, &aad, PLAINTEXT, &mut ciphertext_buffer).expect("Error with encrypt()"); + assert_eq!(ciphertext_buffer[0..expected_ciphertext.len()], expected_ciphertext); + assert_eq!(ciphertext_buffer[expected_ciphertext.len()..], expected_tag); + let mut plaintext_buffer = [0u8; PLAINTEXT.len()]; + XChaCha20Poly1305::decrypt(&key, &iv, &aad, &ciphertext_buffer, &mut plaintext_buffer).expect("Error with decrypt()"); + assert_eq!(plaintext_buffer, PLAINTEXT); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_cmac.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,38 @@ +#![cfg(cmac)] + +use wolfssl_wolfcrypt::cmac::CMAC; + +#[test] +#[cfg(aes)] +fn test_cmac() { + let key = [ + 0x2bu8, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + ]; + let message = [ + 0x6bu8, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + ]; + let expected_cmac = [ + 0x07u8, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + ]; + let mut cmac = CMAC::new(&key).expect("Error with new()"); + cmac.update(&message).expect("Error with update()"); + let mut finalize_out = [0u8; 16]; + cmac.finalize(&mut finalize_out).expect("Error with finalize()"); + assert_eq!(finalize_out, expected_cmac); + + let mut generate_out = [0u8; 16]; + CMAC::generate(&key, &message, &mut generate_out).expect("Error with generate()"); + assert_eq!(generate_out, finalize_out); + let valid = CMAC::verify(&key, &message, &generate_out).expect("Error with verify()"); + assert!(valid); + + let mut cmac = CMAC::new(&key).expect("Error with new()"); + let mut generate_out = [0u8; 16]; + cmac.generate_ex(&key, &message, &mut generate_out, None, None).expect("Error with generate_ex()"); + assert_eq!(generate_out, finalize_out); + let valid = cmac.verify_ex(&key, &message, &generate_out, None, None).expect("Error with verify_ex()"); + assert!(valid); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_curve25519.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,146 @@ +#![cfg(all(curve25519, random))] + +use wolfssl_wolfcrypt::curve25519::*; +use wolfssl_wolfcrypt::random::RNG; + +#[test] +fn test_check_pub() { + let mut rng = RNG::new().expect("Error with new()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::generate_priv(&mut rng, &mut private_buffer).expect("Error with generate_priv()"); + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::make_pub(&private_buffer, &mut public_buffer).expect("Error with make_pub()"); + Curve25519Key::check_public(&public_buffer, false).expect("Error with check_public()"); +} + +#[test] +fn test_generate_priv() { + let mut rng = RNG::new().expect("Error with new()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::generate_priv(&mut rng, &mut private_buffer).expect("Error with generate_priv()"); +} + +#[test] +fn test_import_export_private() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_private_raw(&mut private_buffer).expect("Error with export_private_raw()"); + Curve25519Key::import_private(&private_buffer).expect("Error with import_private()"); +} + +#[test] +fn test_import_export_private_ex() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_private_raw_ex(&mut private_buffer, false).expect("Error with export_private_raw_ex()"); + Curve25519Key::import_private_ex(&private_buffer, false).expect("Error with import_private_ex()"); +} + +#[test] +fn test_import_export_raw() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_key_raw(&mut private_buffer, &mut public_buffer).expect("Error with export_key_raw()"); + Curve25519Key::import_private_raw(&private_buffer, &public_buffer).expect("Error with import_private_raw()"); +} + +#[test] +fn test_import_export_raw_ex() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_key_raw_ex(&mut private_buffer, &mut public_buffer, false).expect("Error with export_key_raw_ex()"); + Curve25519Key::import_private_raw_ex(&private_buffer, &public_buffer, false).expect("Error with import_private_raw_ex()"); +} + +#[test] +fn test_import_export_public() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_public(&mut public_buffer).expect("Error with export_public()"); + Curve25519Key::import_public(&public_buffer).expect("Error with import_public()"); +} + +#[test] +fn test_import_export_public_ex() { + let mut rng = RNG::new().expect("Error with new()"); + let mut curve25519key = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + curve25519key.export_public_ex(&mut public_buffer, false).expect("Error with export_public_ex()"); + Curve25519Key::import_public_ex(&public_buffer, false).expect("Error with import_public_ex()"); +} + +#[test] +fn test_make_pub() { + let mut rng = RNG::new().expect("Error with new()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::generate_priv(&mut rng, &mut private_buffer).expect("Error with generate_priv()"); + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::make_pub(&private_buffer, &mut public_buffer).expect("Error with make_pub()"); +} + +#[test] +#[cfg(curve25519_blinding)] +fn test_make_pub_blind() { + let mut rng = RNG::new().expect("Error with new()"); + let mut private_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::generate_priv(&mut rng, &mut private_buffer).expect("Error with generate_priv()"); + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::make_pub_blind(&private_buffer, &mut public_buffer, &mut rng).expect("Error with make_pub_blind()"); +} + +#[test] +fn test_shared_secret() { + let mut rng = RNG::new().expect("Error with new()"); + let mut key1 = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut key2 = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + + #[cfg(curve25519_blinding)] + key1.set_rng(&mut rng).expect("Error with set_rng()"); + #[cfg(curve25519_blinding)] + key2.set_rng(&mut rng).expect("Error with set_rng()"); + + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + key1.export_public(&mut public_buffer).expect("Error with export_public()"); + let mut key1public = Curve25519Key::import_public(&public_buffer).expect("Error with import_public()"); + key2.export_public(&mut public_buffer).expect("Error with export_public()"); + let mut key2public = Curve25519Key::import_public(&public_buffer).expect("Error with import_public()"); + + let mut ss1 = [0u8; Curve25519Key::KEYSIZE]; + let mut ss2 = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::shared_secret(&mut key1, &mut key2public, &mut ss1).expect("Error with shared_secret()"); + Curve25519Key::shared_secret(&mut key2, &mut key1public, &mut ss2).expect("Error with shared_secret()"); + + assert_eq!(ss1, ss2); +} + +#[test] +fn test_shared_secret_ex() { + let mut rng = RNG::new().expect("Error with new()"); + let mut key1 = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + let mut key2 = Curve25519Key::generate(&mut rng).expect("Error with generate()"); + + #[cfg(curve25519_blinding)] + key1.set_rng(&mut rng).expect("Error with set_rng()"); + #[cfg(curve25519_blinding)] + key2.set_rng(&mut rng).expect("Error with set_rng()"); + + let mut public_buffer = [0u8; Curve25519Key::KEYSIZE]; + key1.export_public(&mut public_buffer).expect("Error with export_public()"); + let mut key1public = Curve25519Key::import_public(&public_buffer).expect("Error with import_public()"); + key2.export_public(&mut public_buffer).expect("Error with export_public()"); + let mut key2public = Curve25519Key::import_public(&public_buffer).expect("Error with import_public()"); + + let mut ss1 = [0u8; Curve25519Key::KEYSIZE]; + let mut ss2 = [0u8; Curve25519Key::KEYSIZE]; + Curve25519Key::shared_secret_ex(&mut key1, &mut key2public, &mut ss1, false).expect("Error with shared_secret()"); + Curve25519Key::shared_secret_ex(&mut key2, &mut key1public, &mut ss2, false).expect("Error with shared_secret()"); + + assert_eq!(ss1, ss2); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dh.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,212 @@ +#![cfg(dh)] + +mod common; + +#[cfg(any(all(dh_keygen, dh_ffdhe_2048), random))] +use wolfssl_wolfcrypt::dh::DH; +#[cfg(random)] +use wolfssl_wolfcrypt::random::RNG; + +#[test] +#[cfg(all(dh_keygen, dh_ffdhe_2048))] +fn test_dh_named_parameters() { + assert_eq!(DH::get_min_key_size_for_named_parameters(DH::FFDHE_2048), 29); + + let mut p_size = 0u32; + let mut g_size = 0u32; + let mut q_size = 0u32; + DH::get_named_parameter_sizes(DH::FFDHE_2048, &mut p_size, &mut g_size, &mut q_size); + + assert!(p_size > 0u32); + assert!(g_size > 0u32); + let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + + let mut p = [0u8; 256]; + let mut q = [0u8; 256]; + let mut g = [0u8; 256]; + dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); + + assert_ne!(p, [0u8; 256]); + assert_ne!(g, [0u8; 256]); +} + +#[test] +#[cfg(all(dh_keygen, random))] +fn test_generate_params() { + common::setup(); + let mut rng = RNG::new().expect("Error with RNG::new()"); + let mut dh = DH::generate(&mut rng, 2048).expect("Error with generate()"); + + let mut private = [0u8; 256]; + let mut private_size = 0u32; + let mut public = [0u8; 256]; + let mut public_size = 0u32; + dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); +} + +#[test] +#[cfg(all(dh_keygen, dh_ffdhe_2048, random))] +fn test_generate_key_pair() { + let mut rng = RNG::new().expect("Error with RNG::new()"); + let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + + let mut p = [0u8; 256]; + let mut q = [0u8; 256]; + let mut g = [0u8; 256]; + let mut p_size = 0u32; + let mut q_size = 0u32; + let mut g_size = 0u32; + dh.export_params_raw(&mut p, &mut p_size, &mut q, &mut q_size, &mut g, &mut g_size).expect("Error with export_params_raw()"); + let p = &p[0..(p_size as usize)]; + let g = &g[0..(g_size as usize)]; + + assert!(DH::compare_named_key(DH::FFDHE_2048, p, g, None)); + + let mut private = [0u8; 256]; + let mut private_size = 0u32; + let mut public = [0u8; 256]; + let mut public_size = 0u32; + dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + + let private = &private[0..(private_size as usize)]; + let public = &public[0..(public_size as usize)]; + dh.check_key_pair(public, private).expect("Error with check_key_pair()"); + dh.check_priv_key(private).expect("Error with check_priv_key()"); + dh.check_pub_key(public).expect("Error with check_pub_key()"); +} + +#[test] +#[cfg(random)] +fn test_dh_checks() { + common::setup(); + let p = [ + 0xc5u8, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + ]; + let g = [ + 0x4au8, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + ]; + let q = [ + 0xe0u8, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + ]; + let q0 = [ + 0x00u8, + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + ]; + let mut rng = RNG::new().expect("Error with RNG::new()"); + let _dh = DH::new_from_pg(&p, &g).expect("Error with new_from_pg()"); + let _dh = DH::new_from_pgq(&p, &g, &q).expect("Error with new_from_pgq()"); + let mut dh = DH::new_from_pgq_with_check(&p, &g, &q, 0, &mut rng).expect("Error with new_from_pgq()"); + let mut private = [0u8; 256]; + let mut private_size = 0u32; + let mut public = [0u8; 256]; + let mut public_size = 0u32; + dh.generate_key_pair(&mut rng, &mut private, &mut private_size, &mut public, &mut public_size).expect("Error with generate_key_pair()"); + + let private = &private[0..(private_size as usize)]; + let public = &public[0..(public_size as usize)]; + dh.check_priv_key_ex(private, Some(&q)).expect("Error with check_priv_key_ex()"); + DH::check_pub_value(&p, public).expect("Error with check_pub_value()"); + dh.check_pub_key_ex(public, &q0).expect("Error with check_pub_key_ex()"); +} + +#[test] +#[cfg(all(dh_ffdhe_2048, random))] +fn test_dh_shared_secret() { + let mut rng = RNG::new().expect("Error with RNG::new()"); + let mut dh = DH::new_named(DH::FFDHE_2048).expect("Error with new_named()"); + + let mut private0 = [0u8; 256]; + let mut private0_size = 0u32; + let mut public0 = [0u8; 256]; + let mut public0_size = 0u32; + dh.generate_key_pair(&mut rng, &mut private0, &mut private0_size, &mut public0, &mut public0_size).expect("Error with generate_key_pair()"); + let private0 = &private0[0..(private0_size as usize)]; + let public0 = &public0[0..(public0_size as usize)]; + + let mut private1 = [0u8; 256]; + let mut private1_size = 0u32; + let mut public1 = [0u8; 256]; + let mut public1_size = 0u32; + dh.generate_key_pair(&mut rng, &mut private1, &mut private1_size, &mut public1, &mut public1_size).expect("Error with generate_key_pair()"); + let private1 = &private1[0..(private1_size as usize)]; + let public1 = &public1[0..(public1_size as usize)]; + + let mut ss0 = [0u8; 256]; + let ss0_size = dh.shared_secret(&mut ss0, private0, public1).expect("Error with shared_secret()"); + let ss0 = &ss0[0..ss0_size]; + + let mut ss1 = [0u8; 256]; + let ss1_size = dh.shared_secret(&mut ss1, private1, public0).expect("Error with shared_secret()"); + let ss1 = &ss1[0..ss1_size]; + + assert_eq!(ss0_size, ss1_size); + assert_eq!(*ss0, *ss1); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_dilithium.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,437 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#![cfg(dilithium)] + +mod common; + +use wolfssl_wolfcrypt::dilithium::Dilithium; +#[cfg(all(random, any(dilithium_make_key, dilithium_sign)))] +use wolfssl_wolfcrypt::random::RNG; + +/// Verify the level constants have the correct numeric values required by +/// the wolfCrypt API. +#[test] +fn test_level_constants() { + assert_eq!(Dilithium::LEVEL_44, 2); + assert_eq!(Dilithium::LEVEL_65, 3); + assert_eq!(Dilithium::LEVEL_87, 5); +} + +/// Verify `new()` + `set_level()` + `get_level()` for all three parameter sets. +#[test] +fn test_new_and_level() { + common::setup(); + + let mut key = Dilithium::new().expect("Error with new()"); + + key.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + assert_eq!(key.get_level().expect("Error with get_level()"), Dilithium::LEVEL_44); + + key.set_level(Dilithium::LEVEL_65).expect("Error with set_level()"); + assert_eq!(key.get_level().expect("Error with get_level()"), Dilithium::LEVEL_65); + + key.set_level(Dilithium::LEVEL_87).expect("Error with set_level()"); + assert_eq!(key.get_level().expect("Error with get_level()"), Dilithium::LEVEL_87); +} + +/// Verify that `new_ex()` accepts the optional heap and device ID parameters. +#[test] +fn test_new_ex() { + common::setup(); + let mut key = Dilithium::new_ex(None, None).expect("Error with new_ex()"); + key.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + assert_eq!(key.get_level().expect("Error with get_level()"), Dilithium::LEVEL_44); +} + +/// Verify the runtime size queries match the compile-time constants for +/// ML-DSA-44. +#[test] +#[cfg(all(dilithium_make_key, dilithium_level2))] +fn test_sizes_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + assert_eq!(key.size().expect("Error with size()"), Dilithium::LEVEL2_KEY_SIZE); + assert_eq!(key.priv_size().expect("Error with priv_size()"), Dilithium::LEVEL2_PRV_KEY_SIZE); + assert_eq!(key.pub_size().expect("Error with pub_size()"), Dilithium::LEVEL2_PUB_KEY_SIZE); + assert_eq!(key.sig_size().expect("Error with sig_size()"), Dilithium::LEVEL2_SIG_SIZE); +} + +/// Verify the runtime size queries match the compile-time constants for +/// ML-DSA-65. +#[test] +#[cfg(all(dilithium_make_key, dilithium_level3))] +fn test_sizes_level65() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_65, &mut rng) + .expect("Error with generate()"); + assert_eq!(key.size().expect("Error with size()"), Dilithium::LEVEL3_KEY_SIZE); + assert_eq!(key.priv_size().expect("Error with priv_size()"), Dilithium::LEVEL3_PRV_KEY_SIZE); + assert_eq!(key.pub_size().expect("Error with pub_size()"), Dilithium::LEVEL3_PUB_KEY_SIZE); + assert_eq!(key.sig_size().expect("Error with sig_size()"), Dilithium::LEVEL3_SIG_SIZE); +} + +/// Verify the runtime size queries match the compile-time constants for +/// ML-DSA-87. +#[test] +#[cfg(all(dilithium_make_key, dilithium_level5))] +fn test_sizes_level87() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_87, &mut rng) + .expect("Error with generate()"); + assert_eq!(key.size().expect("Error with size()"), Dilithium::LEVEL5_KEY_SIZE); + assert_eq!(key.priv_size().expect("Error with priv_size()"), Dilithium::LEVEL5_PRV_KEY_SIZE); + assert_eq!(key.pub_size().expect("Error with pub_size()"), Dilithium::LEVEL5_PUB_KEY_SIZE); + assert_eq!(key.sig_size().expect("Error with sig_size()"), Dilithium::LEVEL5_SIG_SIZE); +} + +/// Verify that `check_key()` accepts a freshly generated ML-DSA-44 key pair. +#[test] +#[cfg(all(dilithium_make_key, dilithium_check_key))] +fn test_check_key_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + key.check_key().expect("Error with check_key()"); +} + +/// Verify that `check_key()` accepts a freshly generated ML-DSA-65 key pair. +#[test] +#[cfg(all(dilithium_make_key, dilithium_check_key))] +fn test_check_key_level65() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_65, &mut rng) + .expect("Error with generate()"); + key.check_key().expect("Error with check_key()"); +} + +/// Verify that `check_key()` accepts a freshly generated ML-DSA-87 key pair. +#[test] +#[cfg(all(dilithium_make_key, dilithium_check_key))] +fn test_check_key_level87() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_87, &mut rng) + .expect("Error with generate()"); + key.check_key().expect("Error with check_key()"); +} + +/// Sign and verify a message round-trip using ML-DSA-44. +/// +/// Also verifies that a tampered message or signature produces a +/// verification failure rather than an error. +#[test] +#[cfg(all(dilithium_make_key, dilithium_sign, dilithium_verify))] +fn test_sign_verify_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + let message = b"Hello, ML-DSA-44!"; + let mut sig = vec![0u8; key.sig_size().expect("Error with sig_size()")]; + + let sig_len = key.sign_msg(message, &mut sig, &mut rng) + .expect("Error with sign_msg()"); + assert_eq!(sig_len, sig.len()); + + let valid = key.verify_msg(&sig, message).expect("Error with verify_msg()"); + assert!(valid, "Valid signature should verify"); + + // A different message must not verify with the original signature. + let valid = key.verify_msg(&sig, b"Tampered message") + .expect("Error with verify_msg() on tampered message"); + assert!(!valid, "Tampered message should not verify"); +} + +/// Sign and verify a message round-trip using ML-DSA-65. +#[test] +#[cfg(all(dilithium_make_key, dilithium_sign, dilithium_verify))] +fn test_sign_verify_level65() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_65, &mut rng) + .expect("Error with generate()"); + let message = b"Hello, ML-DSA-65!"; + let mut sig = vec![0u8; key.sig_size().expect("Error with sig_size()")]; + + let sig_len = key.sign_msg(message, &mut sig, &mut rng) + .expect("Error with sign_msg()"); + assert_eq!(sig_len, sig.len()); + + let valid = key.verify_msg(&sig, message).expect("Error with verify_msg()"); + assert!(valid, "Valid signature should verify"); +} + +/// Sign and verify a message round-trip using ML-DSA-87. +#[test] +#[cfg(all(dilithium_make_key, dilithium_sign, dilithium_verify))] +fn test_sign_verify_level87() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_87, &mut rng) + .expect("Error with generate()"); + let message = b"Hello, ML-DSA-87!"; + let mut sig = vec![0u8; key.sig_size().expect("Error with sig_size()")]; + + let sig_len = key.sign_msg(message, &mut sig, &mut rng) + .expect("Error with sign_msg()"); + assert_eq!(sig_len, sig.len()); + + let valid = key.verify_msg(&sig, message).expect("Error with verify_msg()"); + assert!(valid, "Valid signature should verify"); +} + +/// Sign with a context string and verify using ML-DSA-44. +/// +/// Also verifies that a mismatched context causes verification to fail. +#[test] +#[cfg(all(dilithium_make_key, dilithium_sign, dilithium_verify))] +fn test_sign_ctx_verify_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + let message = b"Context-bound message"; + let ctx = b"my context"; + let mut sig = vec![0u8; key.sig_size().expect("Error with sig_size()")]; + + let sig_len = key.sign_ctx_msg(ctx, message, &mut sig, &mut rng) + .expect("Error with sign_ctx_msg()"); + + let valid = key.verify_ctx_msg(&sig[..sig_len], ctx, message) + .expect("Error with verify_ctx_msg()"); + assert!(valid, "Valid context signature should verify"); + + // Wrong context must not verify. + let valid = key.verify_ctx_msg(&sig[..sig_len], b"wrong context", message) + .expect("Error with verify_ctx_msg() with wrong context"); + assert!(!valid, "Wrong context should not verify"); +} + +/// Export both keys, re-import them separately, and verify that: +/// - a signature from the original key is accepted by a public-key-only +/// import, and +/// - the re-imported private key can sign messages that verify with the +/// original public key. +#[test] +#[cfg(all(dilithium_make_key, dilithium_import, dilithium_export, dilithium_sign, dilithium_verify))] +fn test_import_export_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + + let priv_size = key.size().expect("Error with size()"); + let pub_size = key.pub_size().expect("Error with pub_size()"); + let sig_size = key.sig_size().expect("Error with sig_size()"); + + let mut priv_buf = vec![0u8; priv_size]; + let mut pub_buf = vec![0u8; pub_size]; + key.export_key(&mut priv_buf, &mut pub_buf).expect("Error with export_key()"); + + // Verify export_public and export_private return the same bytes. + let mut pub_buf2 = vec![0u8; pub_size]; + let pub_written = key.export_public(&mut pub_buf2).expect("Error with export_public()"); + assert_eq!(pub_written, pub_size); + assert_eq!(pub_buf2, pub_buf); + + let mut priv_buf2 = vec![0u8; priv_size]; + let priv_written = key.export_private(&mut priv_buf2).expect("Error with export_private()"); + assert_eq!(priv_written, priv_size); + assert_eq!(priv_buf2, priv_buf); + + // Sign with the original key. + let message = b"Import/export test message"; + let mut sig = vec![0u8; sig_size]; + let sig_len = key.sign_msg(message, &mut sig, &mut rng) + .expect("Error with sign_msg()"); + + // Re-import public key only and verify. + let mut pub_key = Dilithium::new().expect("Error with new()"); + pub_key.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + pub_key.import_public(&pub_buf).expect("Error with import_public()"); + let valid = pub_key.verify_msg(&sig[..sig_len], message) + .expect("Error with verify_msg() via imported public key"); + assert!(valid, "Imported public key should accept original signature"); + + // Re-import private key, sign a message, and verify with the original key. + let mut priv_key = Dilithium::new().expect("Error with new()"); + priv_key.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + priv_key.import_private(&priv_buf).expect("Error with import_private()"); + let mut sig2 = vec![0u8; sig_size]; + let sig2_len = priv_key.sign_msg(message, &mut sig2, &mut rng) + .expect("Error with sign_msg() from imported private key"); + let valid = key.verify_msg(&sig2[..sig2_len], message) + .expect("Error with verify_msg() after import_private"); + assert!(valid, "Signature from re-imported private key should verify"); +} + +/// Export both keys, import them together via `import_key()`, then sign and +/// verify using the re-imported key pair. +#[test] +#[cfg(all(dilithium_make_key, dilithium_import, dilithium_export, dilithium_sign, dilithium_verify))] +fn test_import_key_level44() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = Dilithium::generate(Dilithium::LEVEL_44, &mut rng) + .expect("Error with generate()"); + + let priv_size = key.size().expect("Error with size()"); + let pub_size = key.pub_size().expect("Error with pub_size()"); + let sig_size = key.sig_size().expect("Error with sig_size()"); + + let mut priv_buf = vec![0u8; priv_size]; + let mut pub_buf = vec![0u8; pub_size]; + key.export_key(&mut priv_buf, &mut pub_buf).expect("Error with export_key()"); + + let mut key2 = Dilithium::new().expect("Error with new()"); + key2.set_level(Dilithium::LEVEL_44).expect("Error with set_level()"); + key2.import_key(&priv_buf, &pub_buf).expect("Error with import_key()"); + + let message = b"import_key round-trip"; + let mut sig = vec![0u8; sig_size]; + let sig_len = key2.sign_msg(message, &mut sig, &mut rng) + .expect("Error with sign_msg() from imported key pair"); + let valid = key.verify_msg(&sig[..sig_len], message) + .expect("Error with verify_msg()"); + assert!(valid, "Imported key pair should produce valid signatures"); +} + +/// Verify that `generate_from_seed()` is deterministic: the same seed +/// produces the same key pair on repeated calls. +#[test] +#[cfg(all(dilithium_make_key_from_seed, dilithium_export))] +fn test_generate_from_seed_determinism() { + common::setup(); + // DILITHIUM_SEED_SZ = 32 bytes + let seed = [0x42u8; 32]; + + let mut key1 = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &seed) + .expect("Error with generate_from_seed() first call"); + let mut key2 = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &seed) + .expect("Error with generate_from_seed() second call"); + + let pub_size = key1.pub_size().expect("Error with pub_size()"); + let mut pub1 = vec![0u8; pub_size]; + let mut pub2 = vec![0u8; pub_size]; + key1.export_public(&mut pub1).expect("Error with export_public() key1"); + key2.export_public(&mut pub2).expect("Error with export_public() key2"); + assert_eq!(pub1, pub2, "Same seed must yield same public key"); + + let priv_size = key1.size().expect("Error with size()"); + let mut priv1 = vec![0u8; priv_size]; + let mut priv2 = vec![0u8; priv_size]; + key1.export_private(&mut priv1).expect("Error with export_private() key1"); + key2.export_private(&mut priv2).expect("Error with export_private() key2"); + assert_eq!(priv1, priv2, "Same seed must yield same private key"); +} + +/// Verify that `sign_msg_with_seed()` is deterministic: the same key, +/// message, and signing seed always produce the same signature bytes, and +/// the signature verifies correctly. +#[test] +#[cfg(all(dilithium_make_key_from_seed, dilithium_sign_with_seed, dilithium_verify))] +fn test_sign_with_seed_determinism() { + common::setup(); + // DILITHIUM_SEED_SZ = 32 bytes + let key_seed = [0x42u8; 32]; + // DILITHIUM_RND_SZ = 32 bytes + let sign_seed = [0x55u8; 32]; + let message = b"Deterministic ML-DSA signing test"; + + let mut key = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &key_seed) + .expect("Error with generate_from_seed()"); + + let sig_size = key.sig_size().expect("Error with sig_size()"); + let mut sig1 = vec![0u8; sig_size]; + let mut sig2 = vec![0u8; sig_size]; + + let len1 = key.sign_msg_with_seed(message, &mut sig1, &sign_seed) + .expect("Error with sign_msg_with_seed() first call"); + let len2 = key.sign_msg_with_seed(message, &mut sig2, &sign_seed) + .expect("Error with sign_msg_with_seed() second call"); + + assert_eq!(len1, len2, "Signature lengths must match"); + assert_eq!(sig1[..len1], sig2[..len2], "Same inputs must yield same signature"); + + let valid = key.verify_msg(&sig1[..len1], message) + .expect("Error with verify_msg()"); + assert!(valid, "Deterministically signed message should verify"); +} + +/// Verify that `sign_ctx_msg_with_seed()` is deterministic and that the +/// produced signature verifies with `verify_ctx_msg()`. +#[test] +#[cfg(all(dilithium_make_key_from_seed, dilithium_sign_with_seed, dilithium_verify))] +fn test_sign_ctx_with_seed_determinism() { + common::setup(); + let key_seed = [0x11u8; 32]; + let sign_seed = [0x22u8; 32]; + let message = b"Context deterministic signing test"; + let ctx = b"test-context"; + + let mut key = Dilithium::generate_from_seed(Dilithium::LEVEL_44, &key_seed) + .expect("Error with generate_from_seed()"); + + let sig_size = key.sig_size().expect("Error with sig_size()"); + let mut sig1 = vec![0u8; sig_size]; + let mut sig2 = vec![0u8; sig_size]; + + let len1 = key.sign_ctx_msg_with_seed(ctx, message, &mut sig1, &sign_seed) + .expect("Error with sign_ctx_msg_with_seed() first call"); + let len2 = key.sign_ctx_msg_with_seed(ctx, message, &mut sig2, &sign_seed) + .expect("Error with sign_ctx_msg_with_seed() second call"); + + assert_eq!(len1, len2); + assert_eq!(sig1[..len1], sig2[..len2], "Same inputs must yield same signature"); + + let valid = key.verify_ctx_msg(&sig1[..len1], ctx, message) + .expect("Error with verify_ctx_msg()"); + assert!(valid, "Context-signed message should verify"); +} + +/// Verify that `generate_from_seed()` + `sign_msg_with_seed()` + +/// `verify_msg()` work across all three security levels. +#[test] +#[cfg(all(dilithium_make_key_from_seed, dilithium_sign_with_seed, dilithium_verify))] +fn test_seed_sign_verify_all_levels() { + common::setup(); + let key_seed = [0xABu8; 32]; + let sign_seed = [0xCDu8; 32]; + let message = b"All-levels seed sign/verify test"; + + for level in [Dilithium::LEVEL_44, Dilithium::LEVEL_65, Dilithium::LEVEL_87] { + let mut key = Dilithium::generate_from_seed(level, &key_seed) + .expect("Error with generate_from_seed()"); + let sig_size = key.sig_size().expect("Error with sig_size()"); + let mut sig = vec![0u8; sig_size]; + let sig_len = key.sign_msg_with_seed(message, &mut sig, &sign_seed) + .expect("Error with sign_msg_with_seed()"); + let valid = key.verify_msg(&sig[..sig_len], message) + .expect("Error with verify_msg()"); + assert!(valid, "Level {} seed-signed message should verify", level); + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ecc.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,344 @@ +#![cfg(ecc)] + +mod common; + +#[cfg(any(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random), random))] +use std::fs; +use wolfssl_wolfcrypt::ecc::*; +#[cfg(random)] +use wolfssl_wolfcrypt::random::RNG; + +#[test] +#[cfg(random)] +fn test_ecc_generate() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + ecc.check().expect("Error with check()"); +} + +#[test] +#[cfg(random)] +fn test_ecc_generate_ex() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + assert_eq!(curve_size, 32); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + ecc.check().expect("Error with check()"); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, random))] +fn test_ecc_import_x963() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + assert_eq!(curve_size, 32); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + ecc.check().expect("Error with check()"); + + let mut x963 = [0u8; 128]; + let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + let x963 = &x963[0..x963_size]; + let mut ecc = ECC::import_x963_ex(x963, ECC::SECP256R1, None, None).expect("Error with import_x963_ex"); + ecc.check().expect("Error with check()"); +} + +#[test] +#[cfg(random)] +fn test_ecc_generate_ex2() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + assert_eq!(curve_size, 32); + let mut ecc = ECC::generate_ex2(curve_size, &mut rng, curve_id, ECC::FLAG_COFACTOR, None, None).expect("Error with generate_ex2()"); + ecc.check().expect("Error with check()"); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] +fn test_ecc_import_export_sign_verify() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let key_path = "../../../certs/ecc-client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + let hash = [0x42u8; 32]; + let mut signature = [0u8; 128]; + let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + assert!(signature_length > 0 && signature_length <= signature.len()); + + let signature = &mut signature[0..signature_length]; + let key_path = "../../../certs/ecc-client-keyPub.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut ecc = ECC::import_public_der(&der, None, None).expect("Error with import_public_der()"); + let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); + + let mut x963 = [0u8; 128]; + let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + let x963 = &x963[0..x963_size]; + let mut ecc = ECC::import_x963(x963, None, None).expect("Error with import_x963"); + let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); + + #[cfg(ecc_comp_key)] + { + let mut x963 = [0u8; 128]; + let x963_size = ecc.export_x963_compressed(&mut x963).expect("Error with export_x963_compressed()"); + let x963 = &x963[0..x963_size]; + let mut ecc = ECC::import_x963(x963, None, None).expect("Error with import_x963"); + let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); + } + + let mut r = [0u8; 32]; + let mut r_size = 0u32; + let mut s = [0u8; 32]; + let mut s_size = 0u32; + ECC::sig_to_rs(signature, &mut r, &mut r_size, &mut s, &mut s_size).expect("Error with sig_to_rs()"); + assert!(r_size > 0 && r_size <= 32); + assert!(s_size > 0 && s_size <= 32); + let r = &r[0..r_size as usize]; + let s = &s[0..s_size as usize]; + let mut sig_out = [0u8; 128]; + let sig_out_size = ECC::rs_bin_to_sig(r, s, &mut sig_out).expect("Error with rs_bin_to_sig()"); + assert_eq!(*signature, *&sig_out[0..sig_out_size]); + + fn bytes_to_asciiz_hex_string(bytes: &[u8]) -> String { + let mut hex_string = String::with_capacity(bytes.len() * 2 + 1); + for byte in bytes { + hex_string.push_str(&format!("{:02X}", byte)); + } + hex_string.push('\0'); + hex_string + } + + let r_hex_string = bytes_to_asciiz_hex_string(r); + let s_hex_string = bytes_to_asciiz_hex_string(s); + let mut sig_out = [0u8; 128]; + let sig_out_size = ECC::rs_hex_to_sig(&r_hex_string[0..r_hex_string.len()].as_bytes(), &s_hex_string[0..s_hex_string.len()].as_bytes(), &mut sig_out).expect("Error with rs_hex_to_sig()"); + assert_eq!(*signature, *&sig_out[0..sig_out_size]); + + signature[signature.len() - 2] = 0xDEu8; + signature[signature.len() - 1] = 0xADu8; + let valid = ecc.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, false); + + ecc.set_rng(&mut rng).expect("Error with set_rng()"); +} + +#[test] +#[cfg(all(ecc_dh, random))] +fn test_ecc_shared_secret() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc0 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let mut ecc1 = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let mut ss0 = [0u8; 128]; + let mut ss1 = [0u8; 128]; + ecc0.set_rng(&mut rng).expect("Error with set_rng()"); + ecc1.set_rng(&mut rng).expect("Error with set_rng()"); + let ss0_size = ecc0.shared_secret(&mut ecc1, &mut ss0).expect("Error with shared_secret()"); + let ss1_size = ecc1.shared_secret(&mut ecc0, &mut ss1).expect("Error with shared_secret()"); + assert_eq!(ss0_size, ss1_size); + let ss0 = &ss0[0..ss0_size]; + let ss1 = &ss1[0..ss1_size]; + assert_eq!(*ss0, *ss1); + + let mut ss0 = [0u8; 128]; + let ecc_point = ecc1.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); + let ss0_size = ecc0.shared_secret_ex(&ecc_point, &mut ss0).expect("Error with shared_secret_ex()"); + let ss0 = &ss0[0..ss0_size]; + assert_eq!(*ss0, *ss1); +} + +#[test] +#[cfg(all(ecc_export, random))] +fn test_ecc_export() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let mut qx = [0u8; 32]; + let mut qx_len = 0u32; + let mut qy = [0u8; 32]; + let mut qy_len = 0u32; + let mut d = [0u8; 32]; + let mut d_len = 0u32; + ecc.export(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len).expect("Error with export()"); +} + +#[test] +#[cfg(all(ecc_export, random))] +fn test_ecc_export_ex() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let mut qx = [0u8; 32]; + let mut qx_len = 0u32; + let mut qy = [0u8; 32]; + let mut qy_len = 0u32; + let mut d = [0u8; 32]; + let mut d_len = 0u32; + ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] +fn test_ecc_import_export_private() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let hash = [0x42u8; 32]; + let mut signature = [0u8; 128]; + let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + let signature = &signature[0..signature_length]; + + let mut d = [0u8; 32]; + let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); + assert_eq!(d_size, 32); + let mut x963 = [0u8; 128]; + let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + let x963 = &x963[0..x963_size]; + + let mut ecc2 = ECC::import_private_key(&d, x963, None, None).expect("Error with import_private_key()"); + let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); + + ECC::import_private_key(&d, &[], None, None).expect("Error with import_private_key()"); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] +fn test_ecc_import_export_private_ex() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate_ex()"); + let hash = [0x42u8; 32]; + let mut signature = [0u8; 128]; + let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + let signature = &signature[0..signature_length]; + + let mut d = [0u8; 32]; + let d_size = ecc.export_private(&mut d).expect("Error with export_private()"); + assert_eq!(d_size, 32); + let mut x963 = [0u8; 128]; + let x963_size = ecc.export_x963(&mut x963).expect("Error with export_x963()"); + let x963 = &x963[0..x963_size]; + + let mut ecc2 = ECC::import_private_key_ex(&d, x963, curve_id, None, None).expect("Error with import_private_key_ex()"); + let valid = ecc2.verify_hash(&signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); + + ECC::import_private_key_ex(&d, &[], curve_id, None, None).expect("Error with import_private_key_ex()"); +} + +#[test] +#[cfg(all(ecc_export, random))] +fn test_ecc_export_public() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut ecc = ECC::generate(32, &mut rng, None, None).expect("Error with generate()"); + let mut qx = [0u8; 32]; + let mut qx_len = 0u32; + let mut qy = [0u8; 32]; + let mut qy_len = 0u32; + ecc.export_public(&mut qx, &mut qx_len, &mut qy, &mut qy_len).expect("Error with export_public()"); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, ecc_sign, ecc_verify, random))] +fn test_ecc_import_unsigned() { + common::setup(); + + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + let mut qx = [0u8; 32]; + let mut qx_len = 0u32; + let mut qy = [0u8; 32]; + let mut qy_len = 0u32; + let mut d = [0u8; 32]; + let mut d_len = 0u32; + ecc.export_ex(&mut qx, &mut qx_len, &mut qy, &mut qy_len, &mut d, &mut d_len, false).expect("Error with export_ex()"); + + let mut ecc2 = ECC::import_unsigned(&qx, &qy, &d, curve_id, None, None).expect("Error with import_unsigned()"); + + let hash = [0x42u8; 32]; + let mut signature = [0u8; 128]; + let signature_length = ecc.sign_hash(&hash, &mut signature, &mut rng).expect("Error with sign_hash()"); + let signature = &signature[0..signature_length]; + let valid = ecc2.verify_hash(signature, &hash).expect("Error with verify_hash()"); + assert_eq!(valid, true); +} + +#[test] +#[cfg(random)] +fn test_ecc_make_pub() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let key_path = "../../../certs/ecc-client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut ecc = ECC::import_der(&der, None, None).expect("Error with import_der()"); + ecc.make_pub(Some(&mut rng)).expect("Error with make_pub()"); + ecc.make_pub(None).expect("Error with make_pub()"); + ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + ecc.make_pub_to_point(None, None).expect("Error with make_pub_to_point()"); +} + +#[test] +#[cfg(all(ecc_export, random))] +fn test_ecc_point() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + let mut der = [0u8; 128]; + let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + assert!(size > 0 && size <= der.len()); + ecc_point.forcezero(); +} + +#[test] +#[cfg(all(all(ecc_import, ecc_export, random)))] +fn test_ecc_point_import() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + let mut der = [0u8; 128]; + let size = ecc_point.export_der(&mut der, curve_id).expect("Error with export_der()"); + assert!(size > 0 && size <= der.len()); + ECCPoint::import_der(&der[0..size], curve_id, None).expect("Error with import_der()"); + ecc_point.forcezero(); +} + +#[test] +#[cfg(all(ecc_import, ecc_export, ecc_comp_key, random))] +fn test_ecc_point_import_compressed() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let curve_id = ECC::SECP256R1; + let curve_size = ECC::get_curve_size_from_id(curve_id).expect("Error with get_curve_size_from_id()"); + let mut ecc = ECC::generate_ex(curve_size, &mut rng, curve_id, None, None).expect("Error with generate()"); + let mut ecc_point = ecc.make_pub_to_point(Some(&mut rng), None).expect("Error with make_pub_to_point()"); + let mut der = [0u8; 128]; + let _size = ecc_point.export_der_compressed(&mut der, curve_id).expect("Error with export_der_compressed()"); + ecc_point.forcezero(); +} + +#[test] +#[cfg(ecc_import)] +fn test_ecc_import() { + let qx = b"7a4e287890a1a47ad3457e52f2f76a83ce46cbc947616d0cbaa82323818a793d\0"; + let qy = b"eec4084f5b29ebf29c44cce3b3059610922f8b30ea6e8811742ac7238fe87308\0"; + let d = b"8c14b793cb19137e323a6d2e2a870bca2e7a493ec1153b3a95feb8a4873f8d08\0"; + ECC::import_raw(qx, qy, d, b"SECP256R1\0", None, None).expect("Error with import_raw()"); + ECC::import_raw_ex(qx, qy, d, ECC::SECP256R1, None, None).expect("Error with import_raw_ex()"); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed25519.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,262 @@ +#![cfg(ed25519)] + +mod common; + +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::ed25519::*; + +#[test] +#[cfg(all(ed25519_import, ed25519_export))] +fn test_make_public() { + common::setup(); + + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + let mut private = [0u8; Ed25519::KEY_SIZE]; + ed.export_private_only(&mut private).expect("Error with export_private_only()"); + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_only(&private).expect("Error with import_private_only()"); + let mut public = [0u8; Ed25519::KEY_SIZE]; + ed.make_public(&mut public).expect("Error with make_public()"); +} + +#[test] +fn test_check_key() { + let mut rng = RNG::new().expect("Error creating RNG"); + let mut ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + ed.check_key().expect("Error with check_key()"); +} + +#[test] +#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] +fn test_sign_verify() { + let private_key = [ + 0xc5u8,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, + 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, + 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, + 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 + ]; + let public_key = [ + 0xfcu8,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, + 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, + 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, + 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 + ]; + let message = [0xAFu8, 0x82]; + let expected_signature = [ + 0x62u8,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, + 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, + 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, + 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, + 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, + 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, + 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, + 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a + ]; + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg(&signature, &message).expect("Error with verify_msg()"); + assert!(signature_valid); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_msg_ex(&message, None, Ed25519::ED25519, &mut signature).expect("Error with sign_msg_ex()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg_ex(&signature, &message, None, Ed25519::ED25519).expect("Error with verify_msg_ex()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed25519_import, ed25519_sign, ed25519_streaming_verify))] +fn test_sign_streaming_verify() { + let private_key = [ + 0xc5u8,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, + 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, + 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, + 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 + ]; + let public_key = [ + 0xfcu8,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, + 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, + 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, + 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 + ]; + let message = [0xAFu8, 0x82]; + let expected_signature = [ + 0x62u8,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, + 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, + 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, + 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, + 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, + 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, + 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, + 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a + ]; + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_msg(&message, &mut signature).expect("Error with sign_msg()"); + assert_eq!(signature, expected_signature); + + ed.verify_msg_init(&signature, None, Ed25519::ED25519).expect("Error with verify_msg_init()"); + ed.verify_msg_update(&message[0..1]).expect("Error with verify_msg_update()"); + ed.verify_msg_update(&message[1..2]).expect("Error with verify_msg_update()"); + let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] +fn test_ctx_sign_verify() { + let private_key = [ + 0x03u8,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, + 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, + 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, + 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 + ]; + let public_key = [ + 0xdfu8,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, + 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, + 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, + 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 + ]; + let message = [ + 0xf7u8,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, + 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 + ]; + let context = [0x66u8,0x6f,0x6f]; + let expected_signature = [ + 0x55u8,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, + 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, + 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, + 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, + 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, + 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, + 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, + 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d + ]; + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_msg_ctx(&message, &context, &mut signature).expect("Error with sign_msg_ctx()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg_ctx(&signature, &message, &context).expect("Error with verify_msg_ctx()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed25519_import, ed25519_sign, ed25519_verify))] +fn test_ph_sign_verify() { + let private_key = [ + 0x83u8,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, + 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, + 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, + 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 + ]; + let public_key = [ + 0xecu8,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, + 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, + 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, + 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf + ]; + let message = [0x61u8,0x62,0x63]; + let context = [0x66u8,0x6f,0x6f]; + let hash = [ + 0xddu8,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + ]; + let expected_signature = [ + 0xe0u8,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, + 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, + 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, + 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, + 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, + 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, + 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, + 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e + ]; + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_msg_ph(&message, Some(&context), &mut signature).expect("Error with sign_msg_ph()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg_ph(&signature, &message, Some(&context)).expect("Error with verify_msg_ph()"); + assert!(signature_valid); + + let mut signature = [0u8; Ed25519::SIG_SIZE]; + ed.sign_hash_ph(&hash, Some(&context), &mut signature).expect("Error with sign_hash_ph()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(&context)).expect("Error with verify_hash_ph()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed25519_import, ed25519_export))] +fn test_import_export() { + common::setup(); + + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + + let mut private = [0u8; Ed25519::PRV_KEY_SIZE]; + let mut public = [0u8; Ed25519::PUB_KEY_SIZE]; + ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + + let mut public2 = [0u8; Ed25519::PUB_KEY_SIZE]; + ed.export_public(&mut public2).expect("Error with export_public()"); + assert_eq!(public2, public); + + let mut private2 = [0u8; Ed25519::PRV_KEY_SIZE]; + ed.export_private(&mut private2).expect("Error with export_private()"); + assert_eq!(private2, private); + + let mut private_only = [0u8; Ed25519::KEY_SIZE]; + ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); + + let mut ed = Ed25519::new().expect("Error with new()"); + ed.import_private_only(&private_only).expect("Error with import_private_only()"); + ed.import_public(&public).expect("Error with import_public()"); + ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); +} + +#[test] +fn test_sizes() { + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed25519::generate(&mut rng).expect("Error with generate()"); + + let size = ed.size().expect("Error with size()"); + assert_eq!(size, Ed25519::KEY_SIZE); + + let size = ed.priv_size().expect("Error with priv_size()"); + assert_eq!(size, Ed25519::PRV_KEY_SIZE); + + let size = ed.pub_size().expect("Error with pub_size()"); + assert_eq!(size, Ed25519::PUB_KEY_SIZE); + + let size = ed.sig_size().expect("Error with sig_size()"); + assert_eq!(size, Ed25519::SIG_SIZE); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_ed448.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,266 @@ +#![cfg(ed448)] + +mod common; + +use wolfssl_wolfcrypt::random::RNG; +use wolfssl_wolfcrypt::ed448::*; + +#[test] +#[cfg(all(ed448_import, ed448_export))] +fn test_make_public() { + common::setup(); + + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + let mut private = [0u8; Ed448::KEY_SIZE]; + ed.export_private_only(&mut private).expect("Error with export_private_only()"); + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_only(&private).expect("Error with import_private_only()"); + let mut public = [0u8; Ed448::KEY_SIZE]; + ed.make_public(&mut public).expect("Error with make_public()"); +} + +#[test] +fn test_check_key() { + let mut rng = RNG::new().expect("Error creating RNG"); + let mut ed = Ed448::generate(&mut rng).expect("Error with generate()"); + ed.check_key().expect("Error with check_key()"); +} + +#[test] +#[cfg(all(ed448_import, ed448_sign, ed448_verify))] +fn test_sign_verify() { + let private_key = [ + 0xc4u8, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + ]; + let public_key = [ + 0x43u8, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + ]; + let message = [0x03u8]; + let context = [0x66u8,0x6f,0x6f]; + let expected_signature = [ + 0xd4u8, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, + 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, + 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, + 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, + 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, + 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, + 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, + 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, + 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, + 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, + 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, + 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, + 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, + 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, + 0x3c, 0x00 + ]; + + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed448::SIG_SIZE]; + ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg(&signature, &message, Some(&context)).expect("Error with verify_msg()"); + assert!(signature_valid); + + let mut signature = [0u8; Ed448::SIG_SIZE]; + ed.sign_msg_ex(&message, Some(&context), Ed448::ED448, &mut signature).expect("Error with sign_msg_ex()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg_ex(&signature, &message, Some(&context), Ed448::ED448).expect("Error with verify_msg_ex()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed448_import, ed448_sign, ed448_streaming_verify))] +fn test_sign_streaming_verify() { + let private_key = [ + 0xc4u8, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + ]; + let public_key = [ + 0x43u8, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + ]; + let message = [0x03u8]; + let context = [0x66u8,0x6f,0x6f]; + let expected_signature = [ + 0xd4u8, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, + 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, + 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, + 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, + 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, + 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, + 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, + 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, + 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, + 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, + 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, + 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, + 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, + 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, + 0x3c, 0x00 + ]; + + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed448::SIG_SIZE]; + ed.sign_msg(&message, Some(&context), &mut signature).expect("Error with sign_msg()"); + assert_eq!(signature, expected_signature); + + ed.verify_msg_init(&signature, Some(&context), Ed448::ED448).expect("Error with verify_msg_init()"); + ed.verify_msg_update(&message).expect("Error with verify_msg_update()"); + let signature_valid = ed.verify_msg_final(&signature).expect("Error with verify_msg_final()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed448_import, ed448_sign, ed448_verify))] +fn test_ph_sign_verify() { + let private_key = [ + 0x83u8, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, + 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, + 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, + 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, + 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, + 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, + 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, + 0x49 + ]; + let public_key = [ + 0x25u8, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, + 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, + 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, + 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, + 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, + 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, + 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, + 0x80 + ]; + let message = [0x61u8,0x62,0x63]; + let context = [0x66u8,0x6f,0x6f]; + let hash = [ + 0x48u8, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, + 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, + 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, + 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, + 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, + 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, + 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, + 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 + ]; + let expected_signature = [ + 0xc3u8, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, + 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, + 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, + 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, + 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, + 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, + 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, + 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, + 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, + 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, + 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, + 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, + 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, + 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, + 0x21, 0x00 + ]; + + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_key(&private_key, Some(&public_key)).expect("Error with import_private_key()"); + + let mut signature = [0u8; Ed448::SIG_SIZE]; + ed.sign_msg_ph(&message, Some(&context), &mut signature).expect("Error with sign_msg_ph()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_msg_ph(&signature, &message, Some(&context)).expect("Error with verify_msg_ph()"); + assert!(signature_valid); + + let mut signature = [0u8; Ed448::SIG_SIZE]; + ed.sign_hash_ph(&hash, Some(&context), &mut signature).expect("Error with sign_hash_ph()"); + assert_eq!(signature, expected_signature); + + let signature_valid = ed.verify_hash_ph(&signature, &hash, Some(&context)).expect("Error with verify_hash_ph()"); + assert!(signature_valid); +} + +#[test] +#[cfg(all(ed448_import, ed448_export))] +fn test_import_export() { + common::setup(); + + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + + let mut private = [0u8; Ed448::PRV_KEY_SIZE]; + let mut public = [0u8; Ed448::PUB_KEY_SIZE]; + ed.export_key(&mut private, &mut public).expect("Error with export_key()"); + + let mut public2 = [0u8; Ed448::PUB_KEY_SIZE]; + ed.export_public(&mut public2).expect("Error with export_public()"); + assert_eq!(public2, public); + + let mut private2 = [0u8; Ed448::PRV_KEY_SIZE]; + ed.export_private(&mut private2).expect("Error with export_private()"); + assert_eq!(private2, private); + + let mut private_only = [0u8; Ed448::KEY_SIZE]; + ed.export_private_only(&mut private_only).expect("Error with export_private_only()"); + + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_key_ex(&private, Some(&public), false).expect("Error with import_private_key_ex()"); + + let mut ed = Ed448::new().expect("Error with new()"); + ed.import_private_only(&private_only).expect("Error with import_private_only()"); + ed.import_public(&public).expect("Error with import_public()"); + ed.import_public_ex(&public, false).expect("Error with import_public_ex()"); +} + +#[test] +fn test_sizes() { + let mut rng = RNG::new().expect("Error creating RNG"); + let ed = Ed448::generate(&mut rng).expect("Error with generate()"); + + let size = ed.size().expect("Error with size()"); + assert_eq!(size, Ed448::KEY_SIZE); + + let size = ed.priv_size().expect("Error with priv_size()"); + assert_eq!(size, Ed448::PRV_KEY_SIZE); + + let size = ed.pub_size().expect("Error with pub_size()"); + assert_eq!(size, Ed448::PUB_KEY_SIZE); + + let size = ed.sig_size().expect("Error with sig_size()"); + assert_eq!(size, Ed448::SIG_SIZE); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hkdf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,46 @@ +#![cfg(hkdf)] + +mod common; + +use wolfssl_wolfcrypt::hkdf::*; +use wolfssl_wolfcrypt::hmac::HMAC; +use wolfssl_wolfcrypt::sha::SHA256; + +#[test] +fn test_hkdf_extract_expand() { + common::setup(); + + let ikm = b"MyPassword0"; + let salt = b"12345678ABCDEFGH"; + let mut extract_out = [0u8; SHA256::DIGEST_SIZE]; + hkdf_extract(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out).expect("Error with hkdf_extract()"); + hkdf_extract_ex(HMAC::TYPE_SHA256, Some(salt), ikm, &mut extract_out, None, None).expect("Error with hkdf_extract_ex()"); + + let info = b"0"; + let mut expand_out = [0u8; 16]; + hkdf_expand(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out).expect("Error with hkdf_expand()"); + hkdf_expand_ex(HMAC::TYPE_SHA256, &extract_out, Some(info), &mut expand_out, None, None).expect("Error with hkdf_expand_ex()"); + + let expected_key = [ + 0x17, 0x5F, 0x24, 0xB3, 0x18, 0x20, 0xF3, 0xD4, + 0x71, 0x97, 0x8A, 0x98, 0x9E, 0xB2, 0xC1, 0x35 + ]; + assert_eq!(expand_out, expected_key); +} + +#[test] +fn test_hkdf_one_shot() { + common::setup(); + + let ikm = b"MyPassword0"; + let salt = b"12345678ABCDEFGH"; + let info = b"0"; + let mut out = [0u8; 16]; + hkdf(HMAC::TYPE_SHA256, ikm, Some(salt), Some(info), &mut out).expect("Error with hkdf()"); + + let expected_out = [ + 0x17, 0x5F, 0x24, 0xB3, 0x18, 0x20, 0xF3, 0xD4, + 0x71, 0x97, 0x8A, 0x98, 0x9E, 0xB2, 0xC1, 0x35 + ]; + assert_eq!(out, expected_out); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_hmac.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,56 @@ +#![cfg(hmac)] + +use wolfssl_wolfcrypt::hmac::*; +use wolfssl_wolfcrypt::sha::SHA256; + +#[test] +fn test_hmac_sha256() { + let hmac_size = HMAC::get_hmac_size_by_type(HMAC::TYPE_SHA256).expect("Error with get_hmac_size_by_type()"); + assert_eq!(hmac_size, SHA256::DIGEST_SIZE); + + let keys: [&[u8]; 5] = [ + b"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + b"Jefe", + b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", + b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", + b"\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", + ]; + + let inputs: [&[u8]; 5] = [ + b"Hi There", + b"what do ya want for nothing?", + b"\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD", + b"", + b"Test Using Larger Than Block-Size Key - Hash Key First", + ]; + + let expected: [&[u8]; 5] = [ + b"\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32\xcf\xf7", + b"\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec\x38\x43", + b"\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5\x65\xfe", + b"\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f\x3e\x46", + b"\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3\x7f\x54", + ]; + + for i in 0..keys.len() { + #[cfg(not(hmac_setkey_ex))] + if keys[i].len() < 14 { + continue; + } + #[cfg(not(hmac_setkey_ex))] + let mut hmac = HMAC::new(HMAC::TYPE_SHA256, keys[i]).expect("Error with new()"); + #[cfg(hmac_setkey_ex)] + let mut hmac = + if keys[i].len() < 14 { + HMAC::new_allow_short_key(HMAC::TYPE_SHA256, keys[i]).expect("Error with new_allow_short_key()") + } else { + HMAC::new(HMAC::TYPE_SHA256, keys[i]).expect("Error with new()") + }; + let hmac_size = hmac.get_hmac_size().expect("Error with get_hmac_size()"); + assert_eq!(hmac_size, SHA256::DIGEST_SIZE); + hmac.update(inputs[i]).expect("Error with update()"); + let mut hash = [0u8; SHA256::DIGEST_SIZE]; + hmac.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(*expected[i], hash); + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_kdf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,265 @@ +#![cfg(any(kdf_srtp, all(hmac, any(kdf_pbkdf2, kdf_ssh, kdf_tls13))))] + +mod common; + +#[cfg(all(hmac, any(kdf_pbkdf2, kdf_tls13)))] +use wolfssl_wolfcrypt::hmac::HMAC; +use wolfssl_wolfcrypt::kdf::*; +#[cfg(all(hmac, kdf_tls13))] +use wolfssl_wolfcrypt::sha::SHA256; + +#[test] +#[cfg(all(hmac, kdf_pbkdf2))] +fn test_pbkdf2() { + common::setup(); + + let password = b"passwordpassword"; + let salt = [0x78u8, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06]; + let iterations = 2048; + let expected_key = [ + 0x43u8, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, + 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 + ]; + + let mut keyout = [0u8; 24]; + pbkdf2(password, &salt, iterations, HMAC::TYPE_SHA256, &mut keyout).expect("Error with pbkdf2()"); + assert_eq!(keyout, expected_key); + + let mut keyout = [0u8; 24]; + pbkdf2_ex(password, &salt, iterations, HMAC::TYPE_SHA256, None, None, &mut keyout).expect("Error with pbkdf2_ex()"); + assert_eq!(keyout, expected_key); +} + +#[test] +#[cfg(all(hmac, kdf_pbkdf2))] +fn test_pkcs12_pbkdf() { + let password = [0x00u8, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, 0x00, 0x00]; + let salt = [0x0au8, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f]; + let expected_key = [ + 0x27u8, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + ]; + let iterations = 1; + + let mut keyout = [0u8; 24]; + pkcs12_pbkdf(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, &mut keyout).expect("Error with pkcs12_pbkdf()"); + assert_eq!(keyout, expected_key); + + let mut keyout = [0u8; 24]; + pkcs12_pbkdf_ex(&password, &salt, iterations, HMAC::TYPE_SHA256, 1, None, &mut keyout).expect("Error with pkcs12_pbkdf_ex()"); + assert_eq!(keyout, expected_key); +} + +#[test] +#[cfg(all(hmac, kdf_tls13))] +fn test_tls13_hkdf_extract_expand() { + common::setup(); + + let hash_hello1 = [ + 0x63u8, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, + 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, + 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, + 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b + ]; + let client_early_traffic_secret = [ + 0x20u8, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, + 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, + 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 + ]; + + let mut secret = [0u8; SHA256::DIGEST_SIZE]; + + tls13_hkdf_extract(HMAC::TYPE_SHA256, None, None, &mut secret).expect("Error with tls13_hkdf_extract()"); + tls13_hkdf_extract_ex(HMAC::TYPE_SHA256, None, None, &mut secret, None, None).expect("Error with tls13_hkdf_extract_ex()"); + + let protocol_label = b"tls13 "; + let ce_traffic_label = b"c e traffic"; + let mut expand_out = [0u8; SHA256::DIGEST_SIZE]; + + tls13_hkdf_expand_label(HMAC::TYPE_SHA256, &secret, + protocol_label, ce_traffic_label, + &hash_hello1, &mut expand_out).expect("Error with tls13_hkdf_expand_label()"); + tls13_hkdf_expand_label_ex(HMAC::TYPE_SHA256, &secret, + protocol_label, ce_traffic_label, + &hash_hello1, &mut expand_out, None, None).expect("Error with tls13_hkdf_expand_label_ex()"); + + assert_eq!(expand_out, client_early_traffic_secret); +} + +#[test] +#[cfg(all(hmac, kdf_ssh))] +fn test_ssh_kdf() { + common::setup(); + + let ssh_kdf_set3_k = [ + 0x6Au8, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1, + 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64, + 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C, + 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22, + 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE, + 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76, + 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75, + 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0, + 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3, + 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E, + 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56, + 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C, + 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63, + 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF, + 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81, + 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD, + 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC, + 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78, + 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA, + 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24, + 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3, + 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60, + 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE, + 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04, + 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7, + 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE, + 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD, + 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F, + 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F, + 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22, + 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56, + 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22 + ]; + let ssh_kdf_set3_h = [ + 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, + 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, + 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, + 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D + ]; + let ssh_kdf_set3_sid = [ + 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, + 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, + 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, + 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D + ]; + let ssh_kdf_set3_a = [ + 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61, + 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9 + ]; + + let mut out = [0u8; 16]; + + ssh_kdf(HMAC::TYPE_SHA256, b'A', &ssh_kdf_set3_k, &ssh_kdf_set3_h, + &ssh_kdf_set3_sid, &mut out).expect("Error with ssh_kdf()"); + + assert_eq!(out, ssh_kdf_set3_a); +} + +#[test] +#[cfg(kdf_srtp)] +fn test_srtp_kdf() { + common::setup(); + + let key = [ + 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, + 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 + ]; + let salt = [ + 0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, + 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6 + ]; + let index = [ + 0x48u8, 0x71, 0x65, 0x64, 0x9c, 0xca + ]; + let expected_ke = [ + 0xdcu8, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a, + 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f + ]; + let expected_ka = [ + 0xb8u8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee, + 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3, + 0xbd, 0x32, 0x6e, 0xe4 + ]; + let expected_ks = [ + 0xf1u8, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6, + 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c + ]; + let mut key_e = [0u8; 16]; + let mut key_a = [0u8; 20]; + let mut key_s = [0u8; 14]; + srtp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtp_kdf()"); + assert_eq!(key_e, expected_ke); + assert_eq!(key_a, expected_ka); + assert_eq!(key_s, expected_ks); + + let mut key_e = [0u8; 16]; + srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_ENCRYPTION, &mut key_e).expect("Error with srtp_kdf_label()"); + assert_eq!(key_e, expected_ke); + + let mut key_a = [0u8; 20]; + srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtp_kdf_label()"); + assert_eq!(key_a, expected_ka); + + let mut key_s = [0u8; 14]; + srtp_kdf_label(&key, &salt, -1, &index, SRTP_LABEL_SALT, &mut key_s).expect("Error with srtp_kdf_label()"); + assert_eq!(key_s, expected_ks); +} + +#[test] +#[cfg(kdf_srtp)] +fn test_srtcp_kdf() { + common::setup(); + + let key = [ + 0xc4u8, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, + 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 + ]; + let salt = [ + 0x0eu8, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, + 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6 + ]; + let index = [ + 0x56u8, 0xf3, 0xf1, 0x97 + ]; + let expected_ke = [ + 0xabu8, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf, + 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38 + ]; + let expected_ka = [ + 0xc5u8, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba, + 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7, + 0xc3, 0xd8, 0x77, 0x0e + ]; + let expected_ks = [ + 0xdeu8, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96, + 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8 + ]; + let mut key_e = [0u8; 16]; + let mut key_a = [0u8; 20]; + let mut key_s = [0u8; 14]; + srtcp_kdf(&key, &salt, -1, &index, &mut key_e, &mut key_a, &mut key_s).expect("Error with srtcp_kdf()"); + assert_eq!(key_e, expected_ke); + assert_eq!(key_a, expected_ka); + assert_eq!(key_s, expected_ks); + + let mut key_e = [0u8; 16]; + srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_ENCRYPTION, &mut key_e).expect("Error with srtcp_kdf_label()"); + assert_eq!(key_e, expected_ke); + + let mut key_a = [0u8; 20]; + srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_MSG_AUTH, &mut key_a).expect("Error with srtcp_kdf_label()"); + assert_eq!(key_a, expected_ka); + + let mut key_s = [0u8; 14]; + srtcp_kdf_label(&key, &salt, -1, &index, SRTCP_LABEL_SALT, &mut key_s).expect("Error with srtcp_kdf_label()"); + assert_eq!(key_s, expected_ks); +} + +#[test] +#[cfg(kdf_srtp)] +fn test_srtp_kdr_to_idx() { + assert_eq!(srtp_kdr_to_index(0), -1); + assert_eq!(srtp_kdr_to_index(1), 0); + assert_eq!(srtp_kdr_to_index(2), 1); + assert_eq!(srtp_kdr_to_index(4), 2); + assert_eq!(srtp_kdr_to_index(8), 3); + assert_eq!(srtp_kdr_to_index(16), 4); + assert_eq!(srtp_kdr_to_index(65536), 16); + assert_eq!(srtp_kdr_to_index(1048576), 20); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_lms.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,470 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#![cfg(lms)] + +mod common; + +use wolfssl_wolfcrypt::lms::Lms; +use wolfssl_wolfcrypt::sys; +#[cfg(all(lms_make_key, random))] +use wolfssl_wolfcrypt::random::RNG; + +/// Private key NV storage for tests that require make_key / sign / reload. +/// +/// The write and read callbacks use a raw pointer to this struct as the +/// context argument. Each test that needs persistent NV storage creates its +/// own instance and boxes it to keep it alive for the duration of the test. +#[cfg(lms_make_key)] +struct KeyStore { + buf: [u8; 16384], +} + +#[cfg(lms_make_key)] +unsafe extern "C" fn write_key_cb( + priv_data: *const u8, + priv_sz: u32, + ctx: *mut core::ffi::c_void, +) -> i32 { + let store = unsafe { &mut *(ctx as *mut KeyStore) }; + let priv_sz = priv_sz as usize; + store.buf[..priv_sz] + .copy_from_slice(unsafe { core::slice::from_raw_parts(priv_data, priv_sz) }); + sys::wc_LmsRc_WC_LMS_RC_SAVED_TO_NV_MEMORY as i32 +} + +#[cfg(lms_make_key)] +unsafe extern "C" fn read_key_cb( + priv_data: *mut u8, + priv_sz: u32, + ctx: *mut core::ffi::c_void, +) -> i32 { + let store = unsafe { &*(ctx as *mut KeyStore) }; + let priv_sz = priv_sz as usize; + unsafe { core::slice::from_raw_parts_mut(priv_data, priv_sz) } + .copy_from_slice(&store.buf[..priv_sz]); + sys::wc_LmsRc_WC_LMS_RC_READ_TO_MEMORY as i32 +} + +/// Register the write and read callbacks and a context pointer on `key`. +#[cfg(lms_make_key)] +fn setup_callbacks(key: &mut Lms, ctx: *mut core::ffi::c_void) { + key.set_write_cb(Some(write_key_cb)).expect("Error with set_write_cb()"); + key.set_read_cb(Some(read_key_cb)).expect("Error with set_read_cb()"); + // Safety: ctx points to a BoxedKeyStore that outlives all callback invocations. + unsafe { key.set_context(ctx).expect("Error with set_context()") }; +} + +// --------------------------------------------------------------------------- +// Constant and construction tests (no keygen required) +// --------------------------------------------------------------------------- + +/// Verify the KEY_ID_LEN constant matches the C `WC_LMS_I_LEN` value. +#[test] +fn test_key_id_len_constant() { + assert_eq!(Lms::KEY_ID_LEN, 16); +} + +/// Verify that `new()` succeeds. +#[test] +fn test_new() { + common::setup(); + Lms::new().expect("Error with Lms::new()"); +} + +/// Verify that `new_ex()` accepts the optional heap and device ID parameters. +#[test] +fn test_new_ex() { + common::setup(); + Lms::new_ex(None, None).expect("Error with Lms::new_ex()"); +} + +/// Verify that `set_parm()` accepts a predefined wc_LmsParm value. +#[test] +fn test_set_parm() { + common::setup(); + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); +} + +/// Verify that `set_parameters()` accepts explicit L/H/W values and that +/// `get_parameters()` returns them unchanged. +#[test] +fn test_set_get_parameters() { + common::setup(); + + for &(levels, height, winternitz) in &[(1, 5, 8), (1, 10, 4), (2, 5, 8)] { + // Use a fresh key for each parameter set; wc_LmsKey_SetParameters does + // not allow re-setting parameters on an already-configured key. + let mut k = Lms::new().expect("Error with Lms::new()"); + k.set_parameters(levels, height, winternitz) + .expect("Error with set_parameters()"); + let (l, h, w) = k.get_parameters().expect("Error with get_parameters()"); + assert_eq!(l, levels, "levels mismatch for ({},{},{})", levels, height, winternitz); + assert_eq!(h, height, "height mismatch for ({},{},{})", levels, height, winternitz); + assert_eq!(w, winternitz, "winternitz mismatch for ({},{},{})", levels, height, winternitz); + } +} + +/// Verify that `get_sig_len()` and `get_pub_len()` return positive values +/// after setting a predefined parameter set. +#[test] +fn test_size_queries_after_set_parm() { + common::setup(); + for &parm in &[ + Lms::PARM_L1_H5_W8, + Lms::PARM_L1_H5_W4, + Lms::PARM_L1_H10_W8, + ] { + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(parm).expect("Error with set_parm()"); + let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + let pub_len = key.get_pub_len().expect("Error with get_pub_len()"); + assert!(sig_len > 0, "sig_len must be positive for parm {}", parm); + assert!(pub_len > 0, "pub_len must be positive for parm {}", parm); + } +} + +/// Verify that `get_sig_len()` grows with the number of levels (higher +/// level count increases signature size significantly). +#[test] +fn test_sig_len_increases_with_levels() { + common::setup(); + let mut key1 = Lms::new().expect("Error with Lms::new()"); + key1.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + let sig_len_l1 = key1.get_sig_len().expect("Error with get_sig_len() L1"); + + let mut key2 = Lms::new().expect("Error with Lms::new()"); + key2.set_parm(Lms::PARM_L2_H5_W8).expect("Error with set_parm()"); + let sig_len_l2 = key2.get_sig_len().expect("Error with get_sig_len() L2"); + + assert!( + sig_len_l2 > sig_len_l1, + "L2 sig_len ({}) must exceed L1 sig_len ({})", + sig_len_l2, + sig_len_l1 + ); +} + +// --------------------------------------------------------------------------- +// Private-key-length query (needs lms_make_key for the API) +// --------------------------------------------------------------------------- + +/// Verify that `get_priv_len()` returns a positive value after parameters +/// are set. No key generation is required for this query. +#[test] +#[cfg(lms_make_key)] +fn test_get_priv_len() { + common::setup(); + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + let priv_len = key.get_priv_len().expect("Error with get_priv_len()"); + assert!(priv_len > 0, "priv_len must be positive"); +} + +// --------------------------------------------------------------------------- +// Key generation and signing tests +// --------------------------------------------------------------------------- + +/// Verify that `make_key()` completes without error for the test parameter set. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_make_key() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let _ = store; // keep alive +} + +/// Sign a message and verify it with the same key. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_sign_verify() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let message = b"Hello, LMS/HSS!"; + let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + + let written = key.sign(message, &mut sig).expect("Error with sign()"); + assert_eq!(written, sig_len, "sign() must fill the entire signature buffer"); + + key.verify(&sig, message).expect("Valid signature must verify"); + + let _ = store; +} + +/// Verify that a signature does not verify for a different message. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_sign_tampered_message() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let message = b"Authentic message"; + let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + key.sign(message, &mut sig).expect("Error with sign()"); + + let result = key.verify(&sig, b"Tampered message"); + assert!(result.is_err(), "Signature must not verify for a different message"); + + let _ = store; +} + +/// Verify that a tampered signature is rejected. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_sign_tampered_signature() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let message = b"Message under test"; + let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + key.sign(message, &mut sig).expect("Error with sign()"); + + // Flip a byte in the signature body. + sig[sig_len / 2] ^= 0xFF; + + let result = key.verify(&sig, message); + assert!(result.is_err(), "Tampered signature must be rejected"); + + let _ = store; +} + +/// Export the raw public key, import it into a fresh key, and verify a +/// signature produced by the original key. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_export_pub_raw_import_verify() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut sign_key = Lms::new().expect("Error with Lms::new()"); + sign_key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut sign_key, ctx); + sign_key.make_key(&mut rng).expect("Error with make_key()"); + + let pub_len = sign_key.get_pub_len().expect("Error with get_pub_len()"); + let sig_len = sign_key.get_sig_len().expect("Error with get_sig_len()"); + + let mut pub_buf = vec![0u8; pub_len]; + let written = sign_key.export_pub_raw(&mut pub_buf) + .expect("Error with export_pub_raw()"); + assert_eq!(written, pub_len, "export_pub_raw must fill the entire buffer"); + + let message = b"Public key export/import test"; + let mut sig = vec![0u8; sig_len]; + sign_key.sign(message, &mut sig).expect("Error with sign()"); + + // Import the raw public key into a new key and verify. + // wc_LmsKey_ImportPubRaw requires params to be set first. + let mut verify_key = Lms::new().expect("Error with Lms::new() for verify"); + verify_key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm() for verify key"); + verify_key.import_pub_raw(&pub_buf) + .expect("Error with import_pub_raw()"); + verify_key.verify(&sig, message) + .expect("Signature must verify against imported public key"); + + let _ = store; +} + +/// Verify that `export_pub_from()` copies the public key into a destination +/// key and that signatures from the source verify against that destination. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_export_pub_from() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut sign_key = Lms::new().expect("Error with Lms::new()"); + sign_key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut sign_key, ctx); + sign_key.make_key(&mut rng).expect("Error with make_key()"); + + let message = b"export_pub_from test message"; + let sig_len = sign_key.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + sign_key.sign(message, &mut sig).expect("Error with sign()"); + + // Copy the public portion into a fresh key. + let mut verify_key = Lms::new().expect("Error with Lms::new() for verify"); + verify_key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm() for verify key"); + verify_key.export_pub_from(&sign_key) + .expect("Error with export_pub_from()"); + + verify_key.verify(&sig, message) + .expect("Signature must verify against export_pub_from() key"); + + let _ = store; +} + +/// Verify that `sigs_left()` indicates signatures are available immediately +/// after `make_key()`. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_sigs_left_after_make_key() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let remaining = key.sigs_left().expect("Error with sigs_left()"); + assert!(remaining, "sigs_left must be true immediately after make_key()"); + + let _ = store; +} + +/// Verify that `get_kid()` returns a slice of exactly `KEY_ID_LEN` bytes +/// after key generation. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_get_kid() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let kid = key.get_kid().expect("Error with get_kid()"); + assert_eq!(kid.len(), Lms::KEY_ID_LEN, "kid must be KEY_ID_LEN bytes"); + + let _ = store; +} + +/// Verify that `reload()` restores a key to a usable signing state and that +/// a signature produced by the reloaded key verifies correctly. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_reload() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + // Generate a key pair and export the public key. + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng).expect("Error with make_key()"); + + let pub_len = key.get_pub_len().expect("Error with get_pub_len()"); + let mut pub_buf = vec![0u8; pub_len]; + key.export_pub_raw(&mut pub_buf).expect("Error with export_pub_raw()"); + + // Create a new key, reload from NV storage (written by make_key above). + let mut reloaded = Lms::new().expect("Error with Lms::new() for reload"); + reloaded.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm() for reload"); + setup_callbacks(&mut reloaded, ctx); + reloaded.reload().expect("Error with reload()"); + + // Sign with the reloaded key and verify against the exported public key. + let message = b"Reload round-trip message"; + let sig_len = reloaded.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + reloaded.sign(message, &mut sig).expect("Error with sign() after reload"); + + let mut verify_key = Lms::new().expect("Error with Lms::new() for verify"); + // wc_LmsKey_ImportPubRaw requires params to be set first. + verify_key.set_parm(Lms::PARM_L1_H5_W8).expect("Error with set_parm() for verify key"); + verify_key.import_pub_raw(&pub_buf).expect("Error with import_pub_raw()"); + verify_key.verify(&sig, message) + .expect("Signature from reloaded key must verify"); + + let _ = store; +} + +/// Sign and verify round-trips across several predefined parameter sets, +/// confirming the implementation is parameter-agnostic. +#[test] +#[cfg(all(lms_make_key, random))] +fn test_sign_verify_multiple_parms() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + + for &parm in &[ + Lms::PARM_L1_H5_W8, + Lms::PARM_L1_H5_W4, + Lms::PARM_L1_H5_W2, + ] { + let mut store = Box::new(KeyStore { buf: [0u8; 16384] }); + let ctx = store.as_mut() as *mut KeyStore as *mut core::ffi::c_void; + + let mut key = Lms::new().expect("Error with Lms::new()"); + key.set_parm(parm).expect("Error with set_parm()"); + setup_callbacks(&mut key, ctx); + key.make_key(&mut rng) + .unwrap_or_else(|e| panic!("make_key failed for parm {}: {}", parm, e)); + + let message = b"Parameter set round-trip"; + let sig_len = key.get_sig_len().expect("Error with get_sig_len()"); + let mut sig = vec![0u8; sig_len]; + + key.sign(message, &mut sig) + .unwrap_or_else(|e| panic!("sign failed for parm {}: {}", parm, e)); + key.verify(&sig, message) + .unwrap_or_else(|e| panic!("verify failed for parm {}: {}", parm, e)); + + let _ = store; + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_mlkem.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,340 @@ +/* + * Copyright (C) 2006-2026 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#![cfg(mlkem)] + +mod common; + +use wolfssl_wolfcrypt::mlkem::MlKem; +#[cfg(random)] +use wolfssl_wolfcrypt::random::RNG; + +/// Verify the type constants have the correct numeric values required by +/// the wolfCrypt API. +#[test] +fn test_type_constants() { + assert_eq!(MlKem::TYPE_512, 0); + assert_eq!(MlKem::TYPE_768, 1); + assert_eq!(MlKem::TYPE_1024, 2); +} + +/// Verify the shared constants have the correct values. +#[test] +fn test_shared_constants() { + assert_eq!(MlKem::SYM_SIZE, 32); + assert_eq!(MlKem::SHARED_SECRET_SIZE, 32); + assert_eq!(MlKem::MAKEKEY_RAND_SIZE, 64); + assert_eq!(MlKem::ENC_RAND_SIZE, 32); +} + +/// Verify that `new()` creates an initialized key for each type. +#[test] +fn test_new() { + common::setup(); + MlKem::new(MlKem::TYPE_512).expect("Error with new() TYPE_512"); + MlKem::new(MlKem::TYPE_768).expect("Error with new() TYPE_768"); + MlKem::new(MlKem::TYPE_1024).expect("Error with new() TYPE_1024"); +} + +/// Verify that `new_ex()` accepts the optional heap and device ID parameters. +#[test] +fn test_new_ex() { + common::setup(); + MlKem::new_ex(MlKem::TYPE_768, None, None).expect("Error with new_ex()"); +} + +/// Verify that the runtime size queries return plausible values for each key type. +#[test] +fn test_size_queries() { + common::setup(); + for key_type in [MlKem::TYPE_512, MlKem::TYPE_768, MlKem::TYPE_1024] { + let key = MlKem::new(key_type).expect("Error with new()"); + let pub_size = key.public_key_size().expect("Error with public_key_size()"); + let priv_size = key.private_key_size().expect("Error with private_key_size()"); + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + assert!(pub_size > 0, "public_key_size must be positive for key_type {}", key_type); + assert!(priv_size > 0, "private_key_size must be positive for key_type {}", key_type); + assert!(ct_size > 0, "cipher_text_size must be positive for key_type {}", key_type); + assert_eq!( + ss_size, + MlKem::SHARED_SECRET_SIZE, + "shared_secret_size must equal SHARED_SECRET_SIZE for key_type {}", + key_type + ); + } +} + +/// Encapsulate and decapsulate with ML-KEM-512, verifying that both sides +/// arrive at the same shared secret. +#[test] +#[cfg(random)] +fn test_encap_decap_type512() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = MlKem::generate(MlKem::TYPE_512, &mut rng) + .expect("Error with generate() TYPE_512"); + + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate()"); + + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate()"); + + assert_eq!(ss_enc, ss_dec, "Shared secrets must match after encap/decap"); +} + +/// Encapsulate and decapsulate with ML-KEM-768, verifying that both sides +/// arrive at the same shared secret. Also verifies that a tampered cipher text +/// produces a different (implicit rejection) shared secret. +#[test] +#[cfg(random)] +fn test_encap_decap_type768() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + .expect("Error with generate() TYPE_768"); + + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate()"); + + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate()"); + + assert_eq!(ss_enc, ss_dec, "Shared secrets must match after encap/decap"); + + // Tamper with the cipher text. ML-KEM uses implicit rejection, so + // decapsulation succeeds but returns a different (pseudorandom) secret. + let mut ct_tampered = ct.clone(); + ct_tampered[0] ^= 0xFF; + let mut ss_tampered = vec![0u8; ss_size]; + key.decapsulate(&mut ss_tampered, &ct_tampered) + .expect("Error with decapsulate() on tampered ct"); + assert_ne!(ss_enc, ss_tampered, "Tampered ct must yield different shared secret"); +} + +/// Encapsulate and decapsulate with ML-KEM-1024, verifying that both sides +/// arrive at the same shared secret. +#[test] +#[cfg(random)] +fn test_encap_decap_type1024() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = MlKem::generate(MlKem::TYPE_1024, &mut rng) + .expect("Error with generate() TYPE_1024"); + + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate()"); + + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate()"); + + assert_eq!(ss_enc, ss_dec, "Shared secrets must match after encap/decap"); +} + +/// Verify that `generate_with_random()` is deterministic: the same random +/// bytes produce the same key pair on repeated calls. +#[test] +fn test_generate_with_random_determinism() { + common::setup(); + // MAKEKEY_RAND_SIZE = 64 bytes + let rand = [0x42u8; 64]; + + let key1 = MlKem::generate_with_random(MlKem::TYPE_768, &rand) + .expect("Error with generate_with_random() first call"); + let key2 = MlKem::generate_with_random(MlKem::TYPE_768, &rand) + .expect("Error with generate_with_random() second call"); + + let pub_size = key1.public_key_size().expect("Error with public_key_size()"); + let mut pub1 = vec![0u8; pub_size]; + let mut pub2 = vec![0u8; pub_size]; + key1.encode_public_key(&mut pub1).expect("Error with encode_public_key() key1"); + key2.encode_public_key(&mut pub2).expect("Error with encode_public_key() key2"); + assert_eq!(pub1, pub2, "Same random must yield same public key"); + + let priv_size = key1.private_key_size().expect("Error with private_key_size()"); + let mut priv1 = vec![0u8; priv_size]; + let mut priv2 = vec![0u8; priv_size]; + key1.encode_private_key(&mut priv1).expect("Error with encode_private_key() key1"); + key2.encode_private_key(&mut priv2).expect("Error with encode_private_key() key2"); + assert_eq!(priv1, priv2, "Same random must yield same private key"); +} + +/// Verify that `encapsulate_with_random()` is deterministic: the same public +/// key and random bytes produce the same cipher text and shared secret. +#[test] +fn test_encapsulate_with_random_determinism() { + common::setup(); + let key_rand = [0x11u8; 64]; + let enc_rand = [0x22u8; 32]; + + let mut key = MlKem::generate_with_random(MlKem::TYPE_768, &key_rand) + .expect("Error with generate_with_random()"); + + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut ct1 = vec![0u8; ct_size]; + let mut ss1 = vec![0u8; ss_size]; + key.encapsulate_with_random(&mut ct1, &mut ss1, &enc_rand) + .expect("Error with encapsulate_with_random() first call"); + + let mut ct2 = vec![0u8; ct_size]; + let mut ss2 = vec![0u8; ss_size]; + key.encapsulate_with_random(&mut ct2, &mut ss2, &enc_rand) + .expect("Error with encapsulate_with_random() second call"); + + assert_eq!(ct1, ct2, "Same inputs must yield same cipher text"); + assert_eq!(ss1, ss2, "Same inputs must yield same shared secret"); + + // Decapsulate and verify the shared secrets match. + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct1) + .expect("Error with decapsulate()"); + assert_eq!(ss1, ss_dec, "Shared secret from encapsulate must match decapsulate"); +} + +/// Encode and decode the public key for ML-KEM-768, verifying the round-trip +/// preserves the key bytes and that encapsulation works with the re-imported key. +#[test] +#[cfg(random)] +fn test_encode_decode_public_key() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + .expect("Error with generate()"); + + let pub_size = key.public_key_size().expect("Error with public_key_size()"); + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut pub_buf = vec![0u8; pub_size]; + let written = key.encode_public_key(&mut pub_buf) + .expect("Error with encode_public_key()"); + assert_eq!(written, pub_size); + + // Re-import public key and encapsulate. + let mut pub_key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + pub_key.decode_public_key(&pub_buf).expect("Error with decode_public_key()"); + + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + pub_key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate() via imported public key"); + + // Decapsulate with the original full key pair. + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate()"); + + assert_eq!(ss_enc, ss_dec, "Shared secrets must match after public key import"); +} + +/// Encode and decode the private key for ML-KEM-768, verifying that +/// decapsulation works with the re-imported key. +#[test] +#[cfg(random)] +fn test_encode_decode_private_key() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + let mut key = MlKem::generate(MlKem::TYPE_768, &mut rng) + .expect("Error with generate()"); + + let priv_size = key.private_key_size().expect("Error with private_key_size()"); + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut priv_buf = vec![0u8; priv_size]; + let written = key.encode_private_key(&mut priv_buf) + .expect("Error with encode_private_key()"); + assert_eq!(written, priv_size); + + // Encapsulate with the original key. + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate()"); + + // Re-import private key and decapsulate. + let mut priv_key = MlKem::new(MlKem::TYPE_768).expect("Error with new()"); + priv_key.decode_private_key(&priv_buf).expect("Error with decode_private_key()"); + + let mut ss_dec = vec![0u8; ss_size]; + priv_key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate() via imported private key"); + + assert_eq!(ss_enc, ss_dec, "Shared secrets must match after private key import"); +} + +/// Verify that encapsulate/decapsulate round-trips work across all three +/// security levels. +#[test] +#[cfg(random)] +fn test_encap_decap_all_types() { + common::setup(); + let mut rng = RNG::new().expect("Error creating RNG"); + + for key_type in [MlKem::TYPE_512, MlKem::TYPE_768, MlKem::TYPE_1024] { + let mut key = MlKem::generate(key_type, &mut rng) + .expect("Error with generate()"); + + let ct_size = key.cipher_text_size().expect("Error with cipher_text_size()"); + let ss_size = key.shared_secret_size().expect("Error with shared_secret_size()"); + + let mut ct = vec![0u8; ct_size]; + let mut ss_enc = vec![0u8; ss_size]; + key.encapsulate(&mut ct, &mut ss_enc, &mut rng) + .expect("Error with encapsulate()"); + + let mut ss_dec = vec![0u8; ss_size]; + key.decapsulate(&mut ss_dec, &ct) + .expect("Error with decapsulate()"); + + assert_eq!( + ss_enc, ss_dec, + "Shared secrets must match for key_type {}", + key_type + ); + assert_eq!( + ss_size, + MlKem::SHARED_SECRET_SIZE, + "Shared secret size must equal SHARED_SECRET_SIZE for key_type {}", + key_type + ); + } +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_prf.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ +#![cfg(all(prf, sha384))] + +mod common; + +use wolfssl_wolfcrypt::prf::*; + +#[test] +fn test_prf() { + common::setup(); + + let secret = [0x10u8, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, + 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, + 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, + 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, + 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, + 0x9d, 0xfc, 0x47]; + + let seed = [0x73u8, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, + 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, + 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, + 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, + 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, + 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, + 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43]; + + let expected = [0xeeu8, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a, + 0xbe, 0xda, 0xc1, 0xf6]; + + let mut out = [0u8; 12]; + + prf(&secret, &seed, PRF_HASH_SHA384, &mut out).expect("Error with prf()"); + + assert_eq!(out, expected); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_random.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,99 @@ +#![cfg(random)] + +use wolfssl_wolfcrypt::random::RNG; + +// Test that RNG::new() returns successfully and that drop() does not panic. +#[test] +fn test_rng_new_and_drop() { + let _rng = RNG::new().expect("Failed to create RNG"); +} + +// Test that RNG::new_ex() returns successfully and that drop() does not panic. +#[test] +fn test_rng_new_ex_and_drop() { + let _rng = RNG::new_ex(None, None).expect("Failed to create RNG"); +} + +// Test that RNG::new_with_nonce() returns successfully and that drop() does +// not panic. +#[test] +fn test_rng_new_with_nonce_and_drop() { + let mut nonce = [1, 2, 3, 4]; + let _rng = RNG::new_with_nonce(&mut nonce).expect("Failed to create RNG"); +} + +// Test that RNG::new_with_nonce_ex() returns successfully and that drop() does +// not panic. +#[test] +fn test_rng_new_with_nonce_ex_and_drop() { + let mut nonce = [1, 2, 3, 4]; + let _rng = RNG::new_with_nonce_ex(&mut nonce, None, None).expect("Failed to create RNG"); +} + +#[test] +#[cfg(random_hashdrbg)] +fn test_health_test() { + let nonce = [99u8, 88, 77, 66]; + let seed_a = [42u8, 33, 55, 88]; + let seed_b = [45u8, 10, 20, 30]; + let mut output = [0u8; 128]; + RNG::health_test(Some(&nonce), &seed_a, Some(&seed_b), &mut output).expect("Error with health_test()"); +} + +#[test] +#[cfg(random_hashdrbg)] +fn test_test_seed() { + let seed = [42u8, 33, 55, 88]; + RNG::test_seed(&seed).expect("Error with test_seed()"); +} + +// Test that generate_byte() returns random values. +#[test] +fn test_rng_generate_byte() { + // Since a single 0x00 or 0xFF could occur occasionally, we'll combine four + // bytes into a u32 and make sure they aren't all 0x00 or all 0xFF. + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut v: u32 = 0; + for _i in 0..4 { + let byte = rng.generate_byte().expect("Failed to generate a single byte"); + v = (v << 8) | (byte as u32); + } + assert_ne!(v, 0u32); + assert_ne!(v, 0xFFFF_FFFFu32); +} + +// Test that generate_block works for a slice of u8. +#[test] +fn test_rng_generate_block_u8() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut buffer = [0u8; 32]; + rng.generate_block(&mut buffer).expect("Failed to generate a block of bytes"); + + // Check if the buffer has been modified from its initial state. + let all_zeros = [0u8; 32]; + assert_ne!(buffer, all_zeros); +} + +// Test that generate_block works for a slice of u32. +#[test] +fn test_rng_generate_block_u32() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let mut buffer = [0u32; 8]; + rng.generate_block(&mut buffer).expect("Failed to generate a block of u32"); + + // Check if the buffer has been modified. + let all_zeros = [0u32; 8]; + assert_ne!(buffer, all_zeros); + // Check that the last u32 is populated so the size of the buffer was + // calculated properly. + assert_ne!(buffer[buffer.len() - 1], 0u32); + assert_ne!(buffer[buffer.len() - 1], 0xFFFF_FFFFu32); +} + +#[test] +#[cfg(random_hashdrbg)] +fn test_rng_reseed() { + let mut rng = RNG::new().expect("Failed to create RNG"); + let seed = [1u8, 2, 3, 4]; + rng.reseed(&seed).expect("Error with reseed()"); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_rsa.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,149 @@ +#![cfg(rsa)] + +mod common; + +#[cfg(any(all(sha256, random, rsa_pss), random, rsa_direct))] +use std::fs; +#[cfg(random)] +use wolfssl_wolfcrypt::random::RNG; +#[cfg(any(random, rsa_direct, rsa_keygen))] +use wolfssl_wolfcrypt::rsa::*; + +#[test] +#[cfg(rsa_keygen)] +fn test_rsa_generate() { + common::setup(); + + let mut rng = RNG::new().expect("Error creating RNG"); + let mut rsa = RSA::generate(2048, 65537, &mut rng).expect("Error with generate()"); + rsa.check().expect("Error with check()"); + + let encrypt_size = rsa.get_encrypt_size().expect("Error with get_encrypt_size()"); + assert_eq!(encrypt_size, 256); + + let mut e: [u8; 256] = [0; 256]; + let mut e_size: u32 = 0; + let mut n: [u8; 256] = [0; 256]; + let mut n_size: u32 = 0; + let mut d: [u8; 256] = [0; 256]; + let mut d_size: u32 = 0; + let mut p: [u8; 256] = [0; 256]; + let mut p_size: u32 = 0; + let mut q: [u8; 256] = [0; 256]; + let mut q_size: u32 = 0; + rsa.export_key(&mut e, &mut e_size, &mut n, &mut n_size, + &mut d, &mut d_size, &mut p, &mut p_size, &mut q, &mut q_size).expect("Error with export_key()"); + assert_ne!(e, [0; 256]); + assert!(e_size > 0); + assert_ne!(n, [0; 256]); + assert!(n_size > 0); + assert_ne!(d, [0; 256]); + assert!(d_size > 0); + assert_ne!(p, [0; 256]); + assert!(p_size > 0); + assert_ne!(q, [0; 256]); + assert!(q_size > 0); + + let mut e: [u8; 256] = [0; 256]; + let mut e_size: u32 = 0; + let mut n: [u8; 256] = [0; 256]; + let mut n_size: u32 = 0; + rsa.export_public_key(&mut e, &mut e_size, &mut n, &mut n_size).expect("Error with export_public_key()"); + assert_ne!(e, [0; 256]); + assert!(e_size > 0); + assert_ne!(n, [0; 256]); + assert!(n_size > 0); +} + +#[test] +#[cfg(random)] +fn test_rsa_encrypt_decrypt() { + let mut rng = RNG::new().expect("Error creating RNG"); + let key_path = "../../../certs/client-keyPub.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + rsa.set_rng(&mut rng).expect("Error with set_rng()"); + let plain: &[u8] = b"Test message"; + let mut enc: [u8; 512] = [0; 512]; + let enc_len = rsa.public_encrypt(plain, &mut enc, &mut rng).expect("Error with public_encrypt()"); + assert!(enc_len > 0 && enc_len <= 512); + + let key_path = "../../../certs/client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + rsa.set_rng(&mut rng).expect("Error with set_rng()"); + let mut plain_out: [u8; 512] = [0; 512]; + let dec_len = rsa.private_decrypt(&enc[0..enc_len], &mut plain_out).expect("Error with private_decrypt()"); + assert!(dec_len as usize == plain.len()); + assert_eq!(plain_out[0..dec_len], *plain); +} + +#[test] +#[cfg(all(sha256, random, rsa_pss))] +fn test_rsa_pss() { + let mut rng = RNG::new().expect("Error creating RNG"); + + let key_path = "../../../certs/client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + let msg: &[u8] = b"This is the string to be signed!"; + let mut signature: [u8; 512] = [0; 512]; + let sig_len = rsa.pss_sign(msg, &mut signature, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256, &mut rng).expect("Error with pss_sign()"); + assert!(sig_len > 0 && sig_len <= 512); + + let key_path = "../../../certs/client-keyPub.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + rsa.set_rng(&mut rng).expect("Error with set_rng()"); + let signature = &signature[0..sig_len]; + let mut verify_out: [u8; 512] = [0; 512]; + let verify_out_size = rsa.pss_verify(signature, &mut verify_out, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify()"); + let verify_out = &verify_out[0..verify_out_size]; + rsa.pss_check_padding(msg, verify_out, RSA::HASH_TYPE_SHA256).expect("Error with pss_check_padding()"); + + let mut verify_out: [u8; 512] = [0; 512]; + rsa.pss_verify_check(signature, &mut verify_out, msg, RSA::HASH_TYPE_SHA256, RSA::MGF1SHA256).expect("Error with pss_verify_check()"); +} + +#[test] +#[cfg(rsa_direct)] +fn test_rsa_direct() { + let mut rng = RNG::new().expect("Error creating RNG"); + + let key_path = "../../../certs/client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + let msg = b"A rsa_direct() test input string"; + let mut plain = [0u8; 256]; + plain[..msg.len()].copy_from_slice(msg); + let mut enc = [0u8; 256]; + let enc_len = rsa.rsa_direct(&plain, &mut enc, RSA::PRIVATE_ENCRYPT, &mut rng).expect("Error with rsa_direct()"); + assert_eq!(enc_len, 256); + let mut plain_out = [0u8; 256]; + let dec_len = rsa.rsa_direct(&enc, &mut plain_out, RSA::PUBLIC_DECRYPT, &mut rng).expect("Error with rsa_direct()"); + assert_eq!(dec_len, 256); + assert_eq!(plain_out, plain); +} + +#[test] +#[cfg(random)] +fn test_rsa_ssl() { + let mut rng = RNG::new().expect("Error creating RNG"); + + let key_path = "../../../certs/client-key.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_from_der(&der).expect("Error with new_from_der()"); + let msg: &[u8] = b"This is the string to be signed!"; + let mut signature: [u8; 512] = [0; 512]; + let sig_len = rsa.ssl_sign(msg, &mut signature, &mut rng).expect("Error with ssl_sign()"); + assert!(sig_len > 0 && sig_len <= 512); + + let key_path = "../../../certs/client-keyPub.der"; + let der: Vec = fs::read(key_path).expect("Error reading key file"); + let mut rsa = RSA::new_public_from_der(&der).expect("Error with new_public_from_der()"); + rsa.set_rng(&mut rng).expect("Error with set_rng()"); + let signature = &signature[0..sig_len]; + let mut verify_out: [u8; 512] = [0; 512]; + let verify_out_size = rsa.ssl_verify(signature, &mut verify_out).expect("Error with ssl_verify()"); + assert!(verify_out_size > 0 && verify_out_size <= 512); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_sha.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,339 @@ +use wolfssl_wolfcrypt::sha::*; + +#[test] +#[cfg(sha)] +fn test_sha() { + let mut sha = SHA::new().expect("Error with new()"); + fn test1(sha: &mut SHA, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", b"\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09"); + + test1(&mut sha, b"abc", b"\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"); + + test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29\xE5\xE5\x46\x70\xF1"); + + test1(&mut sha, b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + b"\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44\x2A\x25\xEC\x64\x4D"); + + test1(&mut sha, b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + b"\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7\x53\x99\x5E\x26\xA0"); +} + +#[test] +#[cfg(sha224)] +fn test_sha224() { + let mut sha = SHA224::new().expect("Error with new()"); + fn test1(sha: &mut SHA224, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA224::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", b"\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"); + + test1(&mut sha, b"abc", b"\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"); + + test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"); +} + +#[test] +#[cfg(sha256)] +fn test_sha256() { + let mut sha = SHA256::new().expect("Error with new()"); + fn test1(sha: &mut SHA256, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA256::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52\xb8\x55"); + + test1(&mut sha, b"abc", + b"\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00\x15\xAD"); + + test1(&mut sha, b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB\x06\xC1"); + + test1(&mut sha, + b"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", /* this is BLOCKSIZE length */ + b"\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46\x68\xEB"); +} + +#[test] +#[cfg(sha384)] +fn test_sha384() { + let mut sha = SHA384::new().expect("Error with new()"); + fn test1(sha: &mut SHA384, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA384::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b"); + + test1(&mut sha, b"abc", + b"\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34\xc8\x25\xa7"); + + test1(&mut sha, + b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + b"\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91\x74\x60\x39"); +} + +#[test] +#[cfg(sha512)] +fn test_sha512() { + let mut sha = SHA512::new().expect("Error with new()"); + fn test1(sha: &mut SHA512, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA512::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a\xf9\x27\xda\x3e"); + + test1(&mut sha, b"abc", + b"\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"); + + test1(&mut sha, + b"abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", + b"\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b\x87\x4b\xe9\x09"); +} + +#[test] +#[cfg(sha3)] +fn test_sha3_224() { + let mut sha = SHA3_224::new().expect("Error with new()"); + fn test1(sha: &mut SHA3_224, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA3_224::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"); + + test1(&mut sha, b"abc", + b"\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"); +} + +#[test] +#[cfg(sha3)] +fn test_sha3_256() { + let mut sha = SHA3_256::new().expect("Error with new()"); + fn test1(sha: &mut SHA3_256, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA3_256::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8\x43\x4a"); + + test1(&mut sha, b"abc", + b"\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43\x15\x32"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d\x33\x76"); +} + +#[test] +#[cfg(sha3)] +fn test_sha3_384() { + let mut sha = SHA3_384::new().expect("Error with new()"); + fn test1(sha: &mut SHA3_384, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA3_384::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04"); + + test1(&mut sha, + b"\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4", + b"\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14\x19\x87\x22"); + + test1(&mut sha, b"abc", + b"\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28\x37\x6d\x25"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22"); +} + +#[test] +#[cfg(sha3)] +fn test_sha3_512() { + let mut sha = SHA3_512::new().expect("Error with new()"); + fn test1(sha: &mut SHA3_512, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = [0u8; SHA3_512::DIGEST_SIZE]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86\x28\x1d\xcd\x26"); + + test1(&mut sha, b"abc", + b"\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27\x4e\xec\x53\xf0"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e"); +} + +#[test] +#[cfg(shake128)] +fn test_shake128() { + let mut sha = SHAKE128::new().expect("Error with new()"); + fn test1(sha: &mut SHAKE128, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = vec![0u8; expected_hash.len()]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a"); + + test1(&mut sha, b"abc", + b"\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa"); + + test1(&mut sha, + b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", + b"\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f\xa1"); + + test1(&mut sha, + b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", + b"\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4"); +} + +#[test] +#[cfg(shake128)] +fn test_shake128_absorb_squeeze() { + let mut sha = SHAKE128::new().expect("Error with new()"); + fn test1(sha: &mut SHAKE128, input: &[u8], expected_squeeze_out: &[u8]) { + sha.init().expect("Error with init()"); + sha.absorb(input).expect("Error with absorb()"); + let mut squeeze_out = vec![0u8; expected_squeeze_out.len()]; + sha.squeeze_blocks(&mut squeeze_out).expect("Error with squeeze_blocks()"); + assert_eq!(squeeze_out, *expected_squeeze_out); + } + + test1(&mut sha, b"", + b"\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9"); + + test1(&mut sha, b"abc", + b"\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56\x47\x58\x4e"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58\xb4\xc9\x54"); + + test1(&mut sha, + b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", + b"\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e\x55\x4d\x09"); + + test1(&mut sha, + b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", + b"\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5"); +} + +#[test] +#[cfg(shake256)] +fn test_shake256() { + let mut sha = SHAKE256::new().expect("Error with new()"); + fn test1(sha: &mut SHAKE256, input: &[u8], expected_hash: &[u8]) { + sha.init().expect("Error with init()"); + sha.update(input).expect("Error with update()"); + let mut hash = vec![0u8; expected_hash.len()]; + sha.finalize(&mut hash).expect("Error with finalize()"); + assert_eq!(hash, *expected_hash); + } + + test1(&mut sha, b"", + b"\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"); + + test1(&mut sha, b"abc", + b"\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"); + + test1(&mut sha, + b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", + b"\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7\xc2"); + + test1(&mut sha, + b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", + b"\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c"); +} + +#[test] +#[cfg(shake256)] +fn test_shake256_absorb_squeeze() { + let mut sha = SHAKE256::new().expect("Error with new()"); + fn test1(sha: &mut SHAKE256, input: &[u8], expected_squeeze_out: &[u8]) { + sha.init().expect("Error with init()"); + sha.absorb(input).expect("Error with absorb()"); + let mut squeeze_out = vec![0u8; expected_squeeze_out.len()]; + sha.squeeze_blocks(&mut squeeze_out).expect("Error with squeeze_blocks()"); + assert_eq!(squeeze_out, *expected_squeeze_out); + } + + test1(&mut sha, b"", + b"\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd"); + + test1(&mut sha, b"abc", + b"\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc\x29"); + + test1(&mut sha, + b"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", + b"\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22\x8d"); + + test1(&mut sha, + b"\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8\x85\xe0", + b"\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7\xc2"); + + test1(&mut sha, + b"\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67\x47\xe4", + b"\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44"); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs --- mariadb-11.8.6/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/wrapper/rust/wolfssl-wolfcrypt/tests/test_wolfcrypt.rs 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,7 @@ +use wolfssl_wolfcrypt::*; + +#[test] +fn test_wolfcrypt_init_and_cleanup() { + wolfcrypt_init().expect("Error with wolfcrypt_init()"); + wolfcrypt_cleanup().expect("Error with wolfcrypt_cleanup()"); +} diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -186,6 +186,15 @@ target_compile_definitions(wolfSSL INTERFACE WOLFSSL_ZEPHYR) target_compile_definitions(wolfSSL INTERFACE WOLFSSL_USER_SETTINGS) + + if(NOT CONFIG_WOLFSSL_NO_HAVE_MIN_MAX AND + (KERNEL_VERSION_MAJOR GREATER_EQUAL 5 OR + (KERNEL_VERSION_MAJOR EQUAL 4 AND + KERNEL_VERSION_MINOR GREATER_EQUAL 3))) + target_compile_definitions(wolfSSL INTERFACE + WOLFSSL_HAVE_MIN + WOLFSSL_HAVE_MAX) + endif() if(CONFIG_WOLFSSL_DEBUG) target_compile_definitions(wolfSSL INTERFACE DEBUG_WOLFSSL) zephyr_library_compile_options(-g3 -O0) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/Kconfig mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/Kconfig --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/Kconfig 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/Kconfig 2026-05-24 09:58:33.000000000 +0000 @@ -85,6 +85,11 @@ help Enable PSK support +config WOLFSSL_MLKEM + bool "wolfSSL PQC ML-KEM support" + help + Enable PQC ML-KEM support for Key Exchange + config WOLFSSL_MAX_FRAGMENT_LEN int default 3 @@ -112,6 +117,13 @@ help wolfCrypt Intel Aassembly support (AVX/AVX2/AESNI) +config WOLFSSL_NO_HAVE_MIN_MAX + bool "Force wolfSSL to use its own min/max" + help + Disable this if Zephyr min()/max() macros cause + issues. By default wolfSSL defers to Zephyr's + min/max on >= 4.3. + config WOLFSSL_DEBUG bool "wolfSSL debug activation" depends on WOLFSSL_BUILTIN diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/include.am mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/include.am --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/include.am 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/include.am 2026-05-24 09:58:33.000000000 +0000 @@ -13,31 +13,43 @@ EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/ EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/CMakeLists.txt EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/README +EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/boards/native_sim.conf EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp.conf EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/boards/nrf5340dk_nrf5340_cpuapp_ns.conf EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/install_test.sh EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/prj.conf EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/sample.yaml +EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf +EXTRA_DIST+= zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf EXTRA_DIST+= zephyr/samples/wolfssl_test/CMakeLists.txt EXTRA_DIST+= zephyr/samples/wolfssl_test/README +EXTRA_DIST+= zephyr/samples/wolfssl_test/boards/native_sim.conf EXTRA_DIST+= zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp.conf EXTRA_DIST+= zephyr/samples/wolfssl_test/boards/nrf5340dk_nrf5340_cpuapp_ns.conf EXTRA_DIST+= zephyr/samples/wolfssl_test/install_test.sh EXTRA_DIST+= zephyr/samples/wolfssl_test/prj.conf EXTRA_DIST+= zephyr/samples/wolfssl_test/sample.yaml +EXTRA_DIST+= zephyr/samples/wolfssl_test/zephyr_legacy.conf +EXTRA_DIST+= zephyr/samples/wolfssl_test/zephyr_v4.1.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/CMakeLists.txt EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/README +EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/install_sample.sh EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/prj.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/sample.yaml EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/src +EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf +EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_sock/src/tls_sock.c EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/CMakeLists.txt EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/README +EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/boards/nrf5340dk_nrf5340_cpuapp_ns.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/install_sample.sh EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/prj.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/sample.yaml EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/src +EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf +EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf EXTRA_DIST+= zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,24 @@ cmake_minimum_required(VERSION 3.13.1) + +# Select version-specific Kconfig fragment before loading Zephyr +if(EXISTS $ENV{ZEPHYR_BASE}/VERSION) + file(READ $ENV{ZEPHYR_BASE}/VERSION zephyr_version_file) + string(REGEX MATCH "VERSION_MAJOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MAJOR ${CMAKE_MATCH_1}) + string(REGEX MATCH "VERSION_MINOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MINOR ${CMAKE_MATCH_1}) +endif() + +if(ZEPHYR_VER_MAJOR GREATER_EQUAL 4 OR + (ZEPHYR_VER_MAJOR EQUAL 3 AND + ZEPHYR_VER_MINOR GREATER 5)) + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_v4.1.conf) +else() + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_legacy.conf) +endif() + find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(wolfssl_benchmark) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/boards/native_sim.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/boards/native_sim.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/boards/native_sim.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/boards/native_sim.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# native_sim needs a larger malloc arena for thread stack allocation +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/prj.conf 2026-05-24 09:58:33.000000000 +0000 @@ -2,12 +2,6 @@ CONFIG_MAIN_STACK_SIZE=32768 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192 -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # TLS configuration CONFIG_WOLFSSL=y CONFIG_WOLFSSL_BUILTIN=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_legacy.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,3 @@ +# Zephyr < 4.1 POSIX options +CONFIG_PTHREAD_IPC=y +CONFIG_POSIX_CLOCK=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_benchmark/zephyr_v4.1.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# Zephyr >= 4.1 POSIX options +CONFIG_POSIX_API=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,24 @@ cmake_minimum_required(VERSION 3.13.1) + +# Select version-specific Kconfig fragment before loading Zephyr +if(EXISTS $ENV{ZEPHYR_BASE}/VERSION) + file(READ $ENV{ZEPHYR_BASE}/VERSION zephyr_version_file) + string(REGEX MATCH "VERSION_MAJOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MAJOR ${CMAKE_MATCH_1}) + string(REGEX MATCH "VERSION_MINOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MINOR ${CMAKE_MATCH_1}) +endif() + +if(ZEPHYR_VER_MAJOR GREATER_EQUAL 4 OR + (ZEPHYR_VER_MAJOR EQUAL 3 AND + ZEPHYR_VER_MINOR GREATER 5)) + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_v4.1.conf) +else() + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_legacy.conf) +endif() + find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(wolfssl_test) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/boards/native_sim.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/boards/native_sim.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/boards/native_sim.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/boards/native_sim.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# native_sim needs a larger malloc arena for thread stack allocation +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj-no-malloc.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj-no-malloc.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj-no-malloc.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj-no-malloc.conf 2026-05-24 09:58:33.000000000 +0000 @@ -2,12 +2,6 @@ CONFIG_MAIN_STACK_SIZE=655360 #CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=65536 -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # TLS configuration CONFIG_WOLFSSL_SETTINGS_FILE="user_settings-no-malloc.h" CONFIG_WOLFSSL=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/prj.conf 2026-05-24 09:58:33.000000000 +0000 @@ -2,12 +2,6 @@ CONFIG_MAIN_STACK_SIZE=32768 CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=16384 -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # TLS configuration CONFIG_WOLFSSL=y CONFIG_WOLFSSL_BUILTIN=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_legacy.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_legacy.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_legacy.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_legacy.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,3 @@ +# Zephyr < 4.1 POSIX options +CONFIG_PTHREAD_IPC=y +CONFIG_POSIX_CLOCK=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_v4.1.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_v4.1.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_v4.1.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_test/zephyr_v4.1.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# Zephyr >= 4.1 POSIX options +CONFIG_POSIX_API=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,24 @@ cmake_minimum_required(VERSION 3.13.1) + +# Select version-specific Kconfig fragment before loading Zephyr +if(EXISTS $ENV{ZEPHYR_BASE}/VERSION) + file(READ $ENV{ZEPHYR_BASE}/VERSION zephyr_version_file) + string(REGEX MATCH "VERSION_MAJOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MAJOR ${CMAKE_MATCH_1}) + string(REGEX MATCH "VERSION_MINOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MINOR ${CMAKE_MATCH_1}) +endif() + +if(ZEPHYR_VER_MAJOR GREATER_EQUAL 4 OR + (ZEPHYR_VER_MAJOR EQUAL 3 AND + ZEPHYR_VER_MINOR GREATER 5)) + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_v4.1.conf) +else() + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_legacy.conf) +endif() + include($ENV{ZEPHYR_BASE}/cmake/app/boilerplate.cmake NO_POLICY_SCOPE) project(wolfssl_tls_sock) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/boards/native_sim.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# native_sim needs a larger malloc arena for thread stack allocation +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/prj.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/prj.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/prj.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/prj.conf 2026-05-24 09:58:33.000000000 +0000 @@ -4,22 +4,12 @@ CONFIG_INIT_STACKS=y CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=8192 -# General config -CONFIG_NEWLIB_LIBC=y - -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # Networking config CONFIG_NETWORKING=y CONFIG_NET_IPV4=y CONFIG_NET_IPV6=n CONFIG_NET_TCP=y CONFIG_NET_SOCKETS=y -CONFIG_NET_SOCKETS_POSIX_NAMES=y CONFIG_NET_TEST=y CONFIG_NET_LOOPBACK=y @@ -55,3 +45,4 @@ CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y CONFIG_WOLFSSL_MAC_ALL_ENABLED=y CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y +CONFIG_WOLFSSL_MLKEM=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/src/tls_sock.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_sock.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,6 +35,8 @@ #define STATIC_MEM_SIZE (256*1024) #define MAX_SEND_SIZE 256 +K_SEM_DEFINE(server_ready, 0, 1); + #ifdef WOLFSSL_STATIC_MEMORY static WOLFSSL_HEAP_HINT* HEAP_HINT_SERVER; static WOLFSSL_HEAP_HINT* HEAP_HINT_CLIENT; @@ -323,6 +325,7 @@ *fd = sockfd; printf("Server Listen\n"); listen(sockfd, 5); + k_sem_give(&server_ready); if (WOLFSSL_SOCKET_IS_INVALID(sockfd)) ret = -1; } @@ -512,7 +515,7 @@ return -1; } - k_sleep(Z_TIMEOUT_TICKS(100)); + k_sem_take(&server_ready, K_FOREVER); client_thread(); /* Join is not working in qemu when the thread is still active. Wait for it * to shut down to join it. */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_legacy.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,5 @@ +# Zephyr < 4.1 POSIX and libc options +CONFIG_NEWLIB_LIBC=y +CONFIG_PTHREAD_IPC=y +CONFIG_POSIX_CLOCK=y +CONFIG_NET_SOCKETS_POSIX_NAMES=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_sock/zephyr_v4.1.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,6 @@ +# Zephyr >= 4.1 POSIX and libc options +CONFIG_NEWLIB_LIBC=y +CONFIG_POSIX_API=y + +# NET_LOOPBACK depends on NET_DRIVERS in Zephyr >= 4.1 +CONFIG_NET_DRIVERS=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/CMakeLists.txt mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/CMakeLists.txt --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,24 @@ cmake_minimum_required(VERSION 3.13.1) + +# Select version-specific Kconfig fragment before loading Zephyr +if(EXISTS $ENV{ZEPHYR_BASE}/VERSION) + file(READ $ENV{ZEPHYR_BASE}/VERSION zephyr_version_file) + string(REGEX MATCH "VERSION_MAJOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MAJOR ${CMAKE_MATCH_1}) + string(REGEX MATCH "VERSION_MINOR = ([0-9]+)" _ ${zephyr_version_file}) + set(ZEPHYR_VER_MINOR ${CMAKE_MATCH_1}) +endif() + +if(ZEPHYR_VER_MAJOR GREATER_EQUAL 4 OR + (ZEPHYR_VER_MAJOR EQUAL 3 AND + ZEPHYR_VER_MINOR GREATER 5)) + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_v4.1.conf) +else() + set(OVERLAY_CONFIG + ${CMAKE_CURRENT_SOURCE_DIR}/zephyr_legacy.conf) +endif() + find_package(Zephyr REQUIRED HINTS $ENV{ZEPHYR_BASE}) project(wolfssl_tls_threaded) diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/boards/native_sim.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# native_sim needs a larger malloc arena for thread stack allocation +CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/prj.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/prj.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/prj.conf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/prj.conf 2026-05-24 09:58:33.000000000 +0000 @@ -5,12 +5,6 @@ CONFIG_INIT_STACKS=y CONFIG_COMMON_LIBC_MALLOC_ARENA_SIZE=131072 -# Pthreads -CONFIG_PTHREAD_IPC=y - -# Clock for time() -CONFIG_POSIX_CLOCK=y - # Networking CONFIG_NETWORKING=y CONFIG_NET_TEST=y @@ -41,3 +35,4 @@ CONFIG_WOLFSSL_CIPHER_ALL_ENABLED=y CONFIG_WOLFSSL_MAC_ALL_ENABLED=y CONFIG_WOLFSSL_HMAC_DRBG_ENABLED=y +CONFIG_WOLFSSL_MLKEM=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/src/tls_threaded.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* tls_threaded.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_legacy.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,3 @@ +# Zephyr < 4.1 POSIX options +CONFIG_PTHREAD_IPC=y +CONFIG_POSIX_CLOCK=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/samples/wolfssl_tls_thread/zephyr_v4.1.conf 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,2 @@ +# Zephyr >= 4.1 POSIX options +CONFIG_POSIX_API=y diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/user_settings-no-malloc.h mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings-no-malloc.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/user_settings-no-malloc.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings-no-malloc.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* user_settings-tls-generic.h * generated from configure options * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/user_settings.h mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings.h --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/user_settings.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/user_settings.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* user_settings.h * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -333,9 +333,21 @@ #define NO_MD4 #define NO_MD5 //#define NO_DES3 /* Necessary for pkcs12 tests */ -#define WOLFSSL_NO_SHAKE128 -#define WOLFSSL_NO_SHAKE256 +/* PQC ML-KEM */ +#if defined(CONFIG_WOLFSSL_MLKEM) + #define WOLFSSL_HAVE_MLKEM + #define WOLFSSL_WC_MLKEM + #define WOLFSSL_MLKEM_NO_LARGE_CODE + #define WOLFSSL_MLKEM_SMALL + #define WOLFSSL_MLKEM_MAKEKEY_SMALL_MEM + #define WOLFSSL_MLKEM_ENCAPSULATE_SMALL_MEM + #define WOLFSSL_SHAKE128 + #define WOLFSSL_SHAKE256 +#else + #define WOLFSSL_NO_SHAKE128 + #define WOLFSSL_NO_SHAKE256 +#endif /* ------------------------------------------------------------------------- */ diff -Nru mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/zephyr_init.c mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/zephyr_init.c --- mariadb-11.8.6/extra/wolfssl/wolfssl/zephyr/zephyr_init.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/extra/wolfssl/wolfssl/zephyr/zephyr_init.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ /* zephyr_init.c * - * Copyright (C) 2006-2025 wolfSSL Inc. + * Copyright (C) 2006-2026 wolfSSL Inc. * * This file is part of wolfSSL. * diff -Nru mariadb-11.8.6/include/CMakeLists.txt mariadb-11.8.8/include/CMakeLists.txt --- mariadb-11.8.6/include/CMakeLists.txt 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/CMakeLists.txt 2026-05-24 09:58:30.000000000 +0000 @@ -28,9 +28,6 @@ mariadb_capi_rename.h pack.h my_byteorder.h - byte_order_generic.h - byte_order_generic_x86.h - byte_order_generic_x86_64.h little_endian.h big_endian.h mysql_time.h diff -Nru mariadb-11.8.6/include/byte_order_generic.h mariadb-11.8.8/include/byte_order_generic.h --- mariadb-11.8.6/include/byte_order_generic.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/byte_order_generic.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,96 +0,0 @@ -/* Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. - Copyright (c) 2020, MariaDB Corporation. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ - -/* - Endianness-independent definitions for architectures other - than the x86 architecture. -*/ -#define sint2korr(A) (int16) (((int16) ((uchar) (A)[0])) |\ - ((int16) ((int16) (A)[1]) << 8)) -#define sint3korr(A) ((int32) ((((uchar) (A)[2]) & 128) ? \ - (((uint32) 255L << 24) | \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0])) : \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0]))) -#define sint4korr(A) (int32) (((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1]) << 8)) |\ - (((uint32) ((uchar) (A)[2]) << 16)) |\ - (((uint32) ((uchar) (A)[3]) << 24))) -#define sint8korr(A) (longlong) uint8korr(A) -#define uint2korr(A) (uint16) (((uint16) ((uchar) (A)[0])) |\ - ((uint16) ((uchar) (A)[1]) << 8)) -#define uint3korr(A) (uint32) (((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16)) -#define uint4korr(A) (uint32) (((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16) |\ - (((uint32) ((uchar) (A)[3])) << 24)) -#define uint5korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16) |\ - (((uint32) ((uchar) (A)[3])) << 24)) |\ - (((ulonglong) ((uchar) (A)[4])) << 32)) -#define uint6korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) | \ - (((uint32) ((uchar) (A)[1])) << 8) | \ - (((uint32) ((uchar) (A)[2])) << 16) | \ - (((uint32) ((uchar) (A)[3])) << 24)) | \ - (((ulonglong) ((uchar) (A)[4])) << 32) | \ - (((ulonglong) ((uchar) (A)[5])) << 40)) -#define uint8korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16) |\ - (((uint32) ((uchar) (A)[3])) << 24)) |\ - (((ulonglong) (((uint32) ((uchar) (A)[4])) |\ - (((uint32) ((uchar) (A)[5])) << 8) |\ - (((uint32) ((uchar) (A)[6])) << 16) |\ - (((uint32) ((uchar) (A)[7])) << 24))) <<\ - 32)) -#define int2store(T,A) do { uint def_temp= (uint) (A) ;\ - *((uchar*) (T))= (uchar)(def_temp); \ - *((uchar*) (T)+1)=(uchar)((def_temp >> 8)); \ - } while(0) -#define int3store(T,A) do { /*lint -save -e734 */\ - *((uchar*)(T))=(uchar) ((A));\ - *((uchar*) (T)+1)=(uchar) (((A) >> 8));\ - *((uchar*)(T)+2)=(uchar) (((A) >> 16)); \ - /*lint -restore */} while(0) -#define int4store(T,A) do { *((char *)(T))=(char) ((A));\ - *(((char *)(T))+1)=(char) (((A) >> 8));\ - *(((char *)(T))+2)=(char) (((A) >> 16));\ - *(((char *)(T))+3)=(char) (((A) >> 24));\ - } while(0) -#define int5store(T,A) do { *((char *)(T))= (char)((A)); \ - *(((char *)(T))+1)= (char)(((A) >> 8)); \ - *(((char *)(T))+2)= (char)(((A) >> 16)); \ - *(((char *)(T))+3)= (char)(((A) >> 24)); \ - *(((char *)(T))+4)= (char)(((A) >> 32)); \ - } while(0) -#define int6store(T,A) do { *((char *)(T))= (char)((A)); \ - *(((char *)(T))+1)= (char)(((A) >> 8)); \ - *(((char *)(T))+2)= (char)(((A) >> 16)); \ - *(((char *)(T))+3)= (char)(((A) >> 24)); \ - *(((char *)(T))+4)= (char)(((A) >> 32)); \ - *(((char *)(T))+5)= (char)(((A) >> 40)); \ - } while(0) -#define int8store(T,A) do { uint def_temp= (uint) (A), \ - def_temp2= (uint) ((A) >> 32); \ - int4store((T),def_temp); \ - int4store((T+4),def_temp2);\ - } while(0) diff -Nru mariadb-11.8.6/include/byte_order_generic_x86.h mariadb-11.8.8/include/byte_order_generic_x86.h --- mariadb-11.8.6/include/byte_order_generic_x86.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/byte_order_generic_x86.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,89 +0,0 @@ -/* Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. - Copyright (c) 2020, MariaDB Corporation. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ - -/* - Optimized function-like macros for the x86 architecture (_WIN32 included). -*/ - -#define sint2korr(A) (*((const int16 *) (A))) -#define sint3korr(A) ((int32) ((((uchar) (A)[2]) & 128) ? \ - (((uint32) 255L << 24) | \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0])) : \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0]))) -#define sint4korr(A) (*((const long *) (A))) -#define uint2korr(A) (*((const uint16 *) (A))) -#define uint3korr(A) (uint32) (((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16)) -#define uint4korr(A) (*((const uint32 *) (A))) -#define uint5korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16) |\ - (((uint32) ((uchar) (A)[3])) << 24)) |\ - (((ulonglong) ((uchar) (A)[4])) << 32)) -#define uint6korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) | \ - (((uint32) ((uchar) (A)[1])) << 8) | \ - (((uint32) ((uchar) (A)[2])) << 16) | \ - (((uint32) ((uchar) (A)[3])) << 24)) | \ - (((ulonglong) ((uchar) (A)[4])) << 32) | \ - (((ulonglong) ((uchar) (A)[5])) << 40)) -#define uint8korr(A) (*((const ulonglong *) (A))) -#define sint8korr(A) (*((const longlong *) (A))) - -#define int2store(T,A) *((uint16*) (T))= (uint16) (A) -#define int3store(T,A) do { *(T)= (uchar) ((A));\ - *(T+1)=(uchar) (((uint) (A) >> 8));\ - *(T+2)=(uchar) (((A) >> 16));\ - } while (0) -#define int4store(T,A) *((long *) (T))= (long) (A) -#define int5store(T,A) do { *(T)= (uchar)((A));\ - *((T)+1)=(uchar) (((A) >> 8));\ - *((T)+2)=(uchar) (((A) >> 16));\ - *((T)+3)=(uchar) (((A) >> 24));\ - *((T)+4)=(uchar) (((A) >> 32));\ - } while(0) -#define int6store(T,A) do { *(T)= (uchar)((A)); \ - *((T)+1)=(uchar) (((A) >> 8)); \ - *((T)+2)=(uchar) (((A) >> 16)); \ - *((T)+3)=(uchar) (((A) >> 24)); \ - *((T)+4)=(uchar) (((A) >> 32)); \ - *((T)+5)=(uchar) (((A) >> 40)); \ - } while(0) -#define int8store(T,A) *((ulonglong *) (T))= (ulonglong) (A) -typedef union { - double v; - long m[2]; -} doubleget_union; -#define doubleget(V,M) \ -do { doubleget_union _tmp; \ - _tmp.m[0] = *((const long*)(M)); \ - _tmp.m[1] = *(((const long*) (M))+1); \ - (V) = _tmp.v; } while(0) -#define doublestore(T,V) \ -do { *((long *) T) = ((const doubleget_union *)&V)->m[0]; \ - *(((long *) T)+1) = ((const doubleget_union *)&V)->m[1]; \ - } while (0) -#define float4get(V,M) \ -do { *((float *) &(V)) = *((const float*) (M)); } while(0) -#define float8get(V,M) doubleget((V),(M)) -#define float4store(V,M) memcpy((uchar*)(V), (uchar*)(&M), sizeof(float)) -#define floatstore(T,V) memcpy((uchar*)(T), (uchar*)(&V), sizeof(float)) -#define floatget(V,M) memcpy((uchar*)(&V),(uchar*) (M), sizeof(float)) -#define float8store(V,M) doublestore((V),(M)) diff -Nru mariadb-11.8.6/include/byte_order_generic_x86_64.h mariadb-11.8.8/include/byte_order_generic_x86_64.h --- mariadb-11.8.6/include/byte_order_generic_x86_64.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/byte_order_generic_x86_64.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,125 +0,0 @@ -/* Copyright (c) 2001, 2012, Oracle and/or its affiliates. All rights reserved. - Copyright (c) 2020, MariaDB Corporation. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 of the License. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA */ - -/* - Optimized function-like macros for the x86 architecture (_WIN32 included). -*/ - -#define sint2korr(A) (int16) (*((int16 *) (A))) -#define sint3korr(A) ((int32) ((((uchar) (A)[2]) & 128) ? \ - (((uint32) 255L << 24) | \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0])) : \ - (((uint32) (uchar) (A)[2]) << 16) |\ - (((uint32) (uchar) (A)[1]) << 8) | \ - ((uint32) (uchar) (A)[0]))) -#define sint4korr(A) (int32) (*((int32 *) (A))) -#define uint2korr(A) (uint16) (*((uint16 *) (A))) -#define uint3korr(A) (uint32) (((uint32) ((uchar) (A)[0])) |\ - (((uint32) ((uchar) (A)[1])) << 8) |\ - (((uint32) ((uchar) (A)[2])) << 16)) -#define uint4korr(A) (uint32) (*((uint32 *) (A))) - - -static inline ulonglong uint5korr(const void *p) -{ - ulonglong a= *(uint32 *) p; - ulonglong b= *(4 + (uchar *) p); - return a | (b << 32); -} -static inline ulonglong uint6korr(const void *p) -{ - ulonglong a= *(uint32 *) p; - ulonglong b= *(uint16 *) (4 + (char *) p); - return a | (b << 32); -} - -#define uint8korr(A) (ulonglong) (*((ulonglong *) (A))) -#define sint8korr(A) (longlong) (*((longlong *) (A))) - -#define int2store(T,A) do { uchar *pT= (uchar*)(T);\ - *((uint16*)(pT))= (uint16) (A);\ - } while (0) - -#define int3store(T,A) do { *(T)= (uchar) ((A));\ - *(T+1)=(uchar) (((uint) (A) >> 8));\ - *(T+2)=(uchar) (((A) >> 16));\ - } while (0) - -#define int4store(T,A) do { uchar *pT= (uchar*)(T);\ - *((uint32 *) (pT))= (uint32) (A); \ - } while (0) - -#define int5store(T,A) do { uchar *pT= (uchar*)(T);\ - *((uint32 *) (pT))= (uint32) (A); \ - *((pT)+4)=(uchar) (((A) >> 32));\ - } while (0) - -#define int6store(T,A) do { uchar *pT= (uchar*)(T);\ - *((uint32 *) (pT))= (uint32) (A); \ - *((uint16*)(pT+4))= (uint16) (A >> 32);\ - } while (0) - -#define int8store(T,A) do { uchar *pT= (uchar*)(T);\ - *((ulonglong *) (pT))= (ulonglong) (A);\ - } while(0) - -#if defined(__GNUC__) - -#define HAVE_mi_uint5korr -#define HAVE_mi_uint6korr -#define HAVE_mi_uint7korr -#define HAVE_mi_uint8korr - -/* Read numbers stored in high-bytes-first order */ - -static inline ulonglong mi_uint5korr(const void *p) -{ - ulonglong a= *(uint32 *) p; - ulonglong b= *(4 + (uchar *) p); - ulonglong v= (a | (b << 32)) << 24; - asm ("bswapq %0" : "=r" (v) : "0" (v)); - return v; -} - -static inline ulonglong mi_uint6korr(const void *p) -{ - ulonglong a= *(uint32 *) p; - ulonglong b= *(uint16 *) (4 + (char *) p); - ulonglong v= (a | (b << 32)) << 16; - asm ("bswapq %0" : "=r" (v) : "0" (v)); - return v; -} - -static inline ulonglong mi_uint7korr(const void *p) -{ - ulonglong a= *(uint32 *) p; - ulonglong b= *(uint16 *) (4 + (char *) p); - ulonglong c= *(6 + (uchar *) p); - ulonglong v= (a | (b << 32) | (c << 48)) << 8; - asm ("bswapq %0" : "=r" (v) : "0" (v)); - return v; -} - -static inline ulonglong mi_uint8korr(const void *p) -{ - ulonglong v= *(ulonglong *) p; - asm ("bswapq %0" : "=r" (v) : "0" (v)); - return v; -} - -#endif diff -Nru mariadb-11.8.6/include/my_base.h mariadb-11.8.8/include/my_base.h --- mariadb-11.8.6/include/my_base.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_base.h 2026-05-24 09:58:30.000000000 +0000 @@ -227,13 +227,14 @@ that we are starting an ordered index scan. Needed by Spider */ HA_EXTRA_STARTING_ORDERED_INDEX_SCAN, - /** Start writing rows during ALTER TABLE...ALGORITHM=COPY. */ - HA_EXTRA_BEGIN_ALTER_COPY, - /** Finish writing rows during ALTER TABLE...ALGORITHM=COPY. */ - HA_EXTRA_END_ALTER_COPY, - /** Abort of writing rows during ALTER TABLE..ALGORITHM=COPY or - CREATE..SELCT */ - HA_EXTRA_ABORT_ALTER_COPY + /** Start copying in ALTER TABLE...ALGORITHM=COPY or CREATE TABLE..SELECT */ + HA_EXTRA_BEGIN_COPY, + /** Start writing rows during ALTER IGNORE TABLE..ALGORITHM=COPY */ + HA_EXTRA_BEGIN_ALTER_IGNORE_COPY, + /** Finish HA_EXTRA_BEGIN_COPY or HA_EXTRA_BEGIN_ALTER_IGNORE_COPY */ + HA_EXTRA_END_COPY, + /** Abort HA_EXTRA_BEGIN_COPY or HA_EXTRA_BEGIN_ALTER_IGNORE_COPY */ + HA_EXTRA_ABORT_COPY }; /* Compatible option, to be deleted in 6.0 */ diff -Nru mariadb-11.8.6/include/my_byteorder.h mariadb-11.8.8/include/my_byteorder.h --- mariadb-11.8.6/include/my_byteorder.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_byteorder.h 2026-05-24 09:58:30.000000000 +0000 @@ -19,32 +19,269 @@ #include /* - Macro for reading 32-bit integer from network byte order (big-endian) - from an unaligned memory location. + Byte-swap helpers. */ -#define int4net(A) (int32) (((uint32) ((uchar) (A)[3])) | \ - (((uint32) ((uchar) (A)[2])) << 8) | \ - (((uint32) ((uchar) (A)[1])) << 16) | \ - (((uint32) ((uchar) (A)[0])) << 24)) +#ifdef _MSC_VER +# include /* _byteswap_* */ +# define MY_BSWAP16(x) _byteswap_ushort(x) +# define MY_BSWAP32(x) _byteswap_ulong(x) +# define MY_BSWAP64(x) _byteswap_uint64(x) +#elif defined __GNUC__ +# define MY_BSWAP16(x) __builtin_bswap16(x) +# define MY_BSWAP32(x) __builtin_bswap32(x) +# define MY_BSWAP64(x) __builtin_bswap64(x) +#else +# error provide byteswap intrinsics +#endif /* - Function-like macros for reading and storing in machine independent - format (low byte first). There are 'korr' (assume 'corrector') variants - for integer types, but 'get' (assume 'getter') for floating point types. + Some inline functions to convert between little-endian and host byte order + in the spirit of htons/htonl et al. */ -#if (defined(__i386__) || defined(_M_IX86)) && !defined(WITH_UBSAN) -#define MY_BYTE_ORDER_ARCH_OPTIMIZED -#include "byte_order_generic_x86.h" -#elif (defined(__x86_64__) || defined (_M_X64)) && !defined(WITH_UBSAN) -#include "byte_order_generic_x86_64.h" + +static inline uint16 my_letoh16(uint16 x) +{ +#ifdef WORDS_BIGENDIAN + return MY_BSWAP16(x); +#else + return x; +#endif +} + +static inline uint16 my_betoh16(uint16 x) +{ +#ifdef WORDS_BIGENDIAN + return x; +#else + return MY_BSWAP16(x); +#endif +} + +static inline uint32 my_letoh32(uint32 x) +{ +#ifdef WORDS_BIGENDIAN + return MY_BSWAP32(x); +#else + return x; +#endif +} + +static inline uint32 my_betoh32(uint32 x) +{ +#ifdef WORDS_BIGENDIAN + return x; +#else + return MY_BSWAP32(x); +#endif +} + +static inline uint64 my_letoh64(uint64 x) +{ +#ifdef WORDS_BIGENDIAN + return MY_BSWAP64(x); +#else + return x; +#endif +} + +static inline uint64 my_betoh64(uint64 x) +{ +#ifdef WORDS_BIGENDIAN + return x; #else -#include "byte_order_generic.h" + return MY_BSWAP64(x); #endif +} + +#define my_htole16(x) my_letoh16(x) +#define my_htobe16(x) my_betoh16(x) +#define my_htole32(x) my_letoh32(x) +#define my_htobe32(x) my_betoh32(x) +#define my_htole64(x) my_letoh64(x) +#define my_htobe64(x) my_betoh64(x) + +/* + Inline functions for reading/storing little endian integers from/to + potentially unaligned memory. + + memcpy() is used to avoid unaligned access. On most platforms the compiler + will optimize memcpy to a single instruction. +*/ + +static inline uint16 uint2korr(const void *p) +{ + uint16 ret; + memcpy(&ret, p, 2); + return my_letoh16(ret); +} + +static inline uint32 uint4korr(const void *p) +{ + uint32 ret; + memcpy(&ret, p, 4); + return my_letoh32(ret); +} + +static inline uint64 uint8korr(const void *p) +{ + uint64 ret; + memcpy(&ret, p, 8); + return my_letoh64(ret); +} + +static inline int16 sint2korr(const void *p) +{ + return (int16) uint2korr(p); +} + +static inline int32 sint4korr(const void *p) +{ + return (int32) uint4korr(p); +} + +static inline longlong sint8korr(const void *p) +{ + return (longlong) uint8korr(p); +} + +static inline void int2store(void *t, ulonglong a) +{ + uint16 v= my_htole16((uint16) a); + memcpy(t, &v, 2); +} + +static inline void int4store(void *t, ulonglong a) +{ + uint32 v= my_htole32((uint32) a); + memcpy(t, &v, 4); +} + +static inline void int8store(void *t, ulonglong a) +{ + uint64 v= my_htole64((uint64) a); + memcpy(t, &v, 8); +} + +/* + Odd-width and sign-extending functions. These use only individual + byte accesses or delegate to the even-width functions above, so they + are correct on any host endianness without further #ifdefs. +*/ + + +static inline uint32 uint3korr(const void *p) +{ + return (uint32) uint2korr(p) | ((uint32) ((const uchar *) p)[2] << 16); +} + +static inline int32 sint3korr(const void *p) +{ + uint32 v = uint3korr(p); + /* + Shift left to move sign bit into MSB position, then arithmetic + right shift to sign-extend back. + */ + return ((int32)(v << 8)) >> 8; +} + +static inline ulonglong uint5korr(const void *p) +{ + return (ulonglong) uint4korr(p) | ((ulonglong) ((const uchar *) p)[4] << 32); +} + +static inline ulonglong uint6korr(const void *p) +{ + return (ulonglong) uint4korr(p) | + ((ulonglong) uint2korr((const uchar *) p + 4) << 32); +} + +static inline void int3store(void *t, ulonglong a) +{ + uchar *p= (uchar *) t; + int2store(t, a); + p[2]= (uchar) (a >> 16); +} + +static inline void int5store(void *t, ulonglong a) +{ + uchar *p= (uchar *) t; + int4store(t, a); + p[4]= (uchar) (a >> 32); +} + +static inline void int6store(void *t, ulonglong a) +{ + uchar *p= (uchar *) t; + int4store(t, a); + int2store(p + 4, a >> 32); +} + +/* + mi_uint*korr: read an N-byte unsigned integer stored in big-endian + order, as used by MyISAM. + Below are optimizations for little-endian architectures. +*/ + +#ifndef WORDS_BIGENDIAN + +#define HAVE_mi_uint5korr +#define HAVE_mi_uint6korr +#define HAVE_mi_uint7korr +#define HAVE_mi_uint8korr + +static inline ulonglong mi_uint5korr(const void *p) +{ + uint32 lo; + memcpy(&lo, (const uchar *) p + 1, 4); + lo= MY_BSWAP32(lo); + return ((ulonglong) ((const uchar *)p)[0]) << 32 | lo; +} + +static inline ulonglong mi_uint6korr(const void *p) +{ + uint32 a; + uint16 b; + ulonglong v; + memcpy(&a, p, 4); + memcpy(&b, (const uchar *) p + 4, 2); + v= ((ulonglong) a | ((ulonglong) b << 32)) << 16; + return MY_BSWAP64(v); +} + +static inline ulonglong mi_uint7korr(const void *p) +{ + uint32 a; + uint16 b; + ulonglong v; + ulonglong c= ((const uchar *)p)[6]; + memcpy(&a, p, 4); + memcpy(&b, (const uchar *) p + 4, 2); + v= ((ulonglong)a | ((ulonglong)b << 32) | (c << 48)) << 8; + return MY_BSWAP64(v); +} + +static inline ulonglong mi_uint8korr(const void *p) +{ + ulonglong ret; + memcpy(&ret, p, 8); + return MY_BSWAP64(ret); +} +#endif /* !WORDS_BIGENDIAN */ + +/* + Read a 32-bit integer from network byte order (big-endian) + from an unaligned memory location. +*/ +static inline int32 int4net(const void *p) +{ + int32 ret; + memcpy(&ret, p, 4); + return (int32)my_betoh32(ret); +} /* - Function-like macros for reading and storing in machine format from/to - short/long to/from some place in memory V should be a variable (not on - a register) and M a pointer to byte. + Some macros for reading doubles and floats (clean, do not assume alignment) + These are defined in big_endian.h and little_endian.h */ #ifdef WORDS_BIGENDIAN #include "big_endian.h" diff -Nru mariadb-11.8.6/include/my_cpu.h mariadb-11.8.8/include/my_cpu.h --- mariadb-11.8.6/include/my_cpu.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_cpu.h 2026-05-24 09:58:30.000000000 +0000 @@ -59,8 +59,8 @@ #define HMT_high() #endif -#if defined __i386__ || defined __x86_64__ || defined _WIN32 -# define HAVE_PAUSE_INSTRUCTION /* added in Intel Pentium 4 */ +#if defined __i386__ || defined __x86_64__ || defined _M_IX86 || defined _M_X64 +# define HAVE_PAUSE_INSTRUCTION /* no-op repurposed in Intel Pentium 4 */ #endif #ifdef _WIN32 diff -Nru mariadb-11.8.6/include/my_default.h mariadb-11.8.8/include/my_default.h --- mariadb-11.8.6/include/my_default.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_default.h 2026-05-24 09:58:30.000000000 +0000 @@ -24,6 +24,7 @@ extern const char *my_defaults_group_suffix; extern MYSQL_PLUGIN_IMPORT const char *my_defaults_file; extern my_bool my_defaults_mark_files; +extern my_bool my_defaults_use_original_paths; extern int get_defaults_options(char **argv); extern int my_load_defaults(const char *conf_file, const char **groups, diff -Nru mariadb-11.8.6/include/my_sys.h mariadb-11.8.8/include/my_sys.h --- mariadb-11.8.6/include/my_sys.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_sys.h 2026-05-24 09:58:30.000000000 +0000 @@ -792,11 +792,13 @@ const char *own_pathname_part); extern char * my_load_path(char * to, const char *path, const char *own_path_prefix); +extern char *find_file_in_path(char *to,const char *name); extern int wild_compare(const char *str,const char *wildstr, pbool str_is_pattern); extern my_bool array_append_string_unique(const char *str, const char **array, size_t size); -extern void get_date(char * to,int timeflag,time_t use_time); +extern void get_date(char * to, size_t to_len, int timeflag, + time_t use_time); extern void soundex(CHARSET_INFO *, char * out_pntr, char * in_pntr, pbool remove_garbage); extern int init_record_cache(RECORD_CACHE *info,size_t cachesize,File file, @@ -895,7 +897,7 @@ size_t init_alloc,size_t alloc_increment); extern my_bool dynstr_append(DYNAMIC_STRING *str, const char *append); my_bool dynstr_append_mem(DYNAMIC_STRING *str, const char *append, - size_t length); + size_t length) __attribute__((nonnull(2))); extern my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...); extern my_bool dynstr_append_quoted(DYNAMIC_STRING *str, diff -Nru mariadb-11.8.6/include/my_virtual_mem.h mariadb-11.8.8/include/my_virtual_mem.h --- mariadb-11.8.6/include/my_virtual_mem.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_virtual_mem.h 2026-05-24 09:58:30.000000000 +0000 @@ -24,9 +24,9 @@ extern "C" { #endif -# ifdef _WIN32 +#ifdef _WIN32 char *my_virtual_mem_reserve(size_t *size); -# endif +#endif char *my_virtual_mem_commit(char *ptr, size_t size); void my_virtual_mem_decommit(char *ptr, size_t size); void my_virtual_mem_release(char *ptr, size_t size); diff -Nru mariadb-11.8.6/include/my_xml.h mariadb-11.8.8/include/my_xml.h --- mariadb-11.8.6/include/my_xml.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/my_xml.h 2026-05-24 09:58:30.000000000 +0000 @@ -34,7 +34,7 @@ #define MY_XML_FLAG_RELATIVE_NAMES 1 /* - A flag whether to skip normilization of text values before calling + A flag whether to skip normalization of text values before calling call-back functions: i.e. skip leading/trailing spaces, \r, \n, \t characters. */ @@ -68,6 +68,10 @@ int (*enter)(struct xml_stack_st *st,const char *val, size_t len); int (*value)(struct xml_stack_st *st,const char *val, size_t len); int (*leave_xml)(struct xml_stack_st *st,const char *val, size_t len); + + int (*processing_instruction)(struct xml_stack_st *st, + const char *target, size_t target_len, + const char *value, size_t value_len); } MY_XML_PARSER; void my_xml_parser_create(MY_XML_PARSER *st); @@ -83,6 +87,8 @@ void my_xml_set_leave_handler(MY_XML_PARSER *st, int (*)(MY_XML_PARSER *, const char *, size_t len)); +void my_xml_set_processing_instruction_handler(MY_XML_PARSER *st, + int (*)(MY_XML_PARSER *, const char *, size_t, const char *, size_t)); void my_xml_set_user_data(MY_XML_PARSER *st, void *); size_t my_xml_error_pos(MY_XML_PARSER *st); diff -Nru mariadb-11.8.6/include/mysql/plugin.h mariadb-11.8.8/include/mysql/plugin.h --- mariadb-11.8.6/include/mysql/plugin.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin.h 2026-05-24 09:58:30.000000000 +0000 @@ -200,7 +200,7 @@ enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { diff -Nru mariadb-11.8.6/include/mysql/plugin_audit.h.pp mariadb-11.8.8/include/mysql/plugin_audit.h.pp --- mariadb-11.8.6/include/mysql/plugin_audit.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_audit.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_auth.h.pp mariadb-11.8.8/include/mysql/plugin_auth.h.pp --- mariadb-11.8.6/include/mysql/plugin_auth.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_auth.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_data_type.h.pp mariadb-11.8.8/include/mysql/plugin_data_type.h.pp --- mariadb-11.8.6/include/mysql/plugin_data_type.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_data_type.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_encryption.h.pp mariadb-11.8.8/include/mysql/plugin_encryption.h.pp --- mariadb-11.8.6/include/mysql/plugin_encryption.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_encryption.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_ftparser.h.pp mariadb-11.8.8/include/mysql/plugin_ftparser.h.pp --- mariadb-11.8.6/include/mysql/plugin_ftparser.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_ftparser.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_function.h.pp mariadb-11.8.8/include/mysql/plugin_function.h.pp --- mariadb-11.8.6/include/mysql/plugin_function.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_function.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/plugin_password_validation.h.pp mariadb-11.8.8/include/mysql/plugin_password_validation.h.pp --- mariadb-11.8.6/include/mysql/plugin_password_validation.h.pp 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/plugin_password_validation.h.pp 2026-05-24 09:58:30.000000000 +0000 @@ -59,7 +59,7 @@ int res1, res2; unsigned int d1, d2= *dlen; assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); if (src < dst) assert(src + slen <= dst); else @@ -540,7 +540,7 @@ }; enum enum_var_type { - SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL + SHOW_OPT_DEFAULT= 0, SHOW_OPT_SESSION, SHOW_OPT_GLOBAL, SHOW_OPT_SESSION_NO_LOCK }; struct st_mysql_show_var { const char *name; diff -Nru mariadb-11.8.6/include/mysql/service_encryption.h mariadb-11.8.8/include/mysql/service_encryption.h --- mariadb-11.8.6/include/mysql/service_encryption.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql/service_encryption.h 2026-05-24 09:58:30.000000000 +0000 @@ -121,7 +121,7 @@ // Verify dlen is initialized properly. See MDEV-30389 assert(*dlen >= slen); - assert((dst[*dlen - 1]= 1)); + assert((dst[*dlen - 1]= 1) == 1); // Verify buffers do not overlap if (src < dst) assert(src + slen <= dst); diff -Nru mariadb-11.8.6/include/mysql_com.h mariadb-11.8.8/include/mysql_com.h --- mariadb-11.8.6/include/mysql_com.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql_com.h 2026-05-24 09:58:30.000000000 +0000 @@ -446,6 +446,7 @@ #define MAX_INT_WIDTH 10 /* Max width for a LONG w.o. sign */ #define MAX_BIGINT_WIDTH 20 /* Max width for a LONGLONG */ #define MAX_CHAR_WIDTH 255 /* Max length for a CHAR column */ +#define MYSQL_UDF_MAX_RESULT_LENGTH 255 /* Max length for a UDF result */ #define MAX_BLOB_WIDTH 16777216 /* Default width for blob */ typedef struct st_net { diff -Nru mariadb-11.8.6/include/mysql_version.h.in mariadb-11.8.8/include/mysql_version.h.in --- mariadb-11.8.6/include/mysql_version.h.in 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysql_version.h.in 2026-05-24 09:58:30.000000000 +0000 @@ -14,7 +14,9 @@ #define MYSQL_SERVER_VERSION "@VERSION@-MariaDB" #define MYSQL_BASE_VERSION "mysqld-@MYSQL_BASE_VERSION@" #define MARIADB_BASE_VERSION "mariadb-@MYSQL_BASE_VERSION@" +#define MARIADB_MAJOR_VERSION "mariadb-@MAJOR_VERSION@" #define MARIADBD_BASE_VERSION "mariadbd-@MYSQL_BASE_VERSION@" +#define MARIADBD_MAJOR_VERSION "mariadbd-@MAJOR_VERSION@" #define MYSQL_SERVER_SUFFIX_DEF "@MYSQL_SERVER_SUFFIX@" #define FRM_VER @DOT_FRM_VERSION@ #define MYSQL_VERSION_ID @MYSQL_VERSION_ID@ diff -Nru mariadb-11.8.6/include/mysqld_default_groups.h mariadb-11.8.8/include/mysqld_default_groups.h --- mariadb-11.8.6/include/mysqld_default_groups.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/mysqld_default_groups.h 2026-05-24 09:58:30.000000000 +0000 @@ -1,7 +1,7 @@ const char *load_default_groups[]= { "mysqld", "server", MYSQL_BASE_VERSION, -"mariadb", MARIADB_BASE_VERSION, -"mariadbd", MARIADBD_BASE_VERSION, +"mariadb", MARIADB_BASE_VERSION, MARIADB_MAJOR_VERSION, +"mariadbd", MARIADBD_BASE_VERSION, MARIADBD_MAJOR_VERSION, "client-server", #ifdef WITH_WSREP "galera", diff -Nru mariadb-11.8.6/include/password.h mariadb-11.8.8/include/password.h --- mariadb-11.8.6/include/password.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/password.h 2026-05-24 09:58:30.000000000 +0000 @@ -16,6 +16,19 @@ #ifndef PASSWORD_INCLUDED #define PASSWORD_INCLUDED +/* + SCRAMBLE_LENGTH_323 and SCRAMBLED_PASSWORD_CHAR_LENGTH_323 may + already be defined via mysql_com.h. Define them here as well so + that translation units which do not include mysql_com.h (e.g. + mariadb-install-db via libmariadb headers) can still use them. +*/ +#ifndef SCRAMBLE_LENGTH_323 +#define SCRAMBLE_LENGTH_323 8 +#endif +#ifndef SCRAMBLED_PASSWORD_CHAR_LENGTH_323 +#define SCRAMBLED_PASSWORD_CHAR_LENGTH_323 (SCRAMBLE_LENGTH_323 * 2) +#endif + C_MODE_START void my_make_scrambled_password_323(char *to, const char *password, diff -Nru mariadb-11.8.6/include/source_revision.h mariadb-11.8.8/include/source_revision.h --- mariadb-11.8.6/include/source_revision.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/include/source_revision.h 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1 @@ -#define SOURCE_REVISION "9bfea48ce1214cc4470f6f6f8a4e30352cef84e7" +#define SOURCE_REVISION "46a8eb42a520193686d9a16d4cea4b3e002917e4" diff -Nru mariadb-11.8.6/include/violite.h mariadb-11.8.8/include/violite.h --- mariadb-11.8.6/include/violite.h 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/include/violite.h 2026-05-24 09:58:30.000000000 +0000 @@ -141,11 +141,6 @@ int flags); #ifdef HAVE_OPENSSL -/* apple deprecated openssl in MacOSX Lion */ -#ifdef __APPLE__ -#pragma GCC diagnostic ignored "-Wdeprecated-declarations" -#endif - #define HEADER_DES_LOCL_H dummy_something #define YASSL_MYSQL_COMPATIBLE #ifndef YASSL_PREFIX diff -Nru mariadb-11.8.6/libmariadb/.github/workflows/ci.yml mariadb-11.8.8/libmariadb/.github/workflows/ci.yml --- mariadb-11.8.6/libmariadb/.github/workflows/ci.yml 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/.github/workflows/ci.yml 2026-05-24 09:58:33.000000000 +0000 @@ -20,13 +20,13 @@ runs-on: ubuntu-latest if: | github.event_name != 'schedule' || - github.ref == 'refs/heads/3.4' || - github.ref == 'refs/heads/3.1' || - github.ref == 'refs/heads/3.2' + startsWith(github.ref, 'refs/heads/3.4') || + startsWith(github.ref, 'refs/heads/3.2') || + startsWith(github.ref, 'refs/heads/3.1') outputs: matrix: ${{ steps.set-matrix.outputs.final-matrix }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - id: set-matrix name: build matrix uses: mariadb-corporation/connector-ci-build-matrix@main @@ -114,7 +114,7 @@ env: MYSQL_TEST_HOST: mariadb.example.com MYSQL_TEST_PORT: 3306 - MYSQL_TEST_USER: root + MYSQL_TEST_USER: testuser MYSQL_TEST_PASSWD: "heyPassw-!*20oRd" MYSQL_TEST_DB: testc @@ -124,22 +124,22 @@ runs-on: ${{ matrix.os }} continue-on-error: ${{ matrix.continue-on-error || matrix.os == 'macos-latest' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Setup Test Environment id: setup-env uses: mariadb-corporation/connector-ci-setup@master with: - node-version: ${{ matrix.node }} db-type: ${{ matrix.db-type }} db-tag: ${{ matrix.db-tag }} test-db-password: ${{ env.MYSQL_TEST_PASSWD }} test-db-database: ${{ env.MYSQL_TEST_DB }} test-db-port: ${{ env.MYSQL_TEST_PORT }} additional-conf: ${{ matrix.additional-conf || '' }} - registry-user: ${{ matrix.db-type == 'enterprise' && secrets.ENTERPRISE_USER || (secrets.DOCKER_PWD != '' && 'mariadbtest' || '') }} - registry-password: ${{ matrix.db-type == 'enterprise' && secrets.ENTERPRISE_TOKEN || secrets.DOCKER_PWD }} + registry-user: ${{ matrix.db-type == 'enterprise' && secrets.ENTERPRISE_USER || (secrets.DOCKER_TOKEN != '' && secrets.DOCKER_LOGIN || '') }} + registry-password: ${{ matrix.db-type == 'enterprise' && secrets.ENTERPRISE_TOKEN || secrets.DOCKER_TOKEN }} os: ${{ matrix.os }} + maxscale-tag: ${{ matrix.maxscale-tag || ''}} - name: make ubuntu/macos if: ${{ !startsWith(matrix.os, 'windows') }} @@ -163,9 +163,30 @@ shell: bash run: | cd unittest/libmariadb - ctest -V + ctest -V --output-on-failure env: MARIADB_CC_TEST: 1 MYSQL_TEST_TLS: 0 + MYSQL_TEST_SSL_PORT: ${{ env.TEST_MAXSCALE_TLS_PORT }} srv: ${{ matrix.db-type }} + MAXSCALE_TAG: ${{ matrix.maxscale-tag || '' }} MARIADB_PLUGIN_DIR: ${{ github.workspace }} + + - name: MaxScale logs on failure + if: ${{ failure() && matrix.maxscale-tag != '' && !startsWith(matrix.os, 'windows') }} + shell: bash + run: | + echo "=============================" + echo "=== MaxScale container(s) ===" + echo "=============================" + podman ps -a --filter "name=maxscale" --format '{{.Names}} {{.Image}} {{.Status}}' || true + + for c in $(podman ps -a --filter "name=maxscale" --format '{{.Names}}'); do + echo "" + echo "=== podman logs: $c ===" + podman logs "$c" 2>&1 | tail -n 500 || true + + echo "" + echo "=== /var/log/maxscale/maxscale.log in $c ===" + podman exec "$c" sh -c 'tail -n 500 /var/log/maxscale/maxscale.log 2>/dev/null || cat /var/log/maxscale/maxscale.log 2>/dev/null' || true + done diff -Nru mariadb-11.8.6/libmariadb/CMakeLists.txt mariadb-11.8.8/libmariadb/CMakeLists.txt --- mariadb-11.8.6/libmariadb/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -5,16 +5,8 @@ CMAKE_MINIMUM_REQUIRED(VERSION 3.12.0 FATAL_ERROR) INCLUDE(CheckFunctionExists) -IF(COMMAND CMAKE_POLICY) - SET(NEW_POLICIES CMP0003 CMP0022 CMP0023 CMP0057 CMP0077 CMP0069 CMP0075) - FOREACH(TYPE OLD NEW) - FOREACH(P ${${TYPE}_POLICIES}) - IF(POLICY ${P}) - CMAKE_POLICY(SET ${P} ${TYPE}) - ENDIF() - ENDFOREACH() - ENDFOREACH() -ENDIF() +# CMP0077 defaults to NEW since cmake 3.13; can drop when minimum is bumped +CMAKE_POLICY(SET CMP0077 NEW) # Is C/C built as subproject? @@ -79,7 +71,7 @@ INCLUDE(${CC_SOURCE_DIR}/cmake/misc.cmake) -INCLUDE(FindCURL) +FIND_PACKAGE(CURL) IF(WITH_SIGNCODE) IF(WIN32 AND NOT SIGN_OPTIONS) @@ -108,7 +100,7 @@ IF(MSVC) # Speedup system tests INCLUDE(${CC_SOURCE_DIR}/cmake/WindowsCache.cmake) - ADD_DEFINITIONS(-DWIN32_LEAN_AND_MEAN -DNOGDI) + add_compile_definitions(WIN32_LEAN_AND_MEAN NOGDI) IF (MSVC) SET(CONFIG_TYPES "DEBUG" "RELEASE" "RELWITHDEBINFO") FOREACH(BUILD_TYPE ${CONFIG_TYPES}) @@ -132,9 +124,9 @@ ELSE() # MDEV-16383 IF(WITH_EMBEDDED_SERVER) - ADD_DEFINITIONS(-DHAVE_EMBEDDED) + add_compile_definitions(HAVE_EMBEDDED) ENDIF() -ENDIF(NOT IS_SUBPROJECT) +ENDIF() # Disable dbug information for release builds SET(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE} -DDBUG_OFF") @@ -142,7 +134,7 @@ SET(CMAKE_C_FLAGS_RELWITHDEBINFO "${CMAKE_C_FLAGS_RELWITHDEBINFO} -DDBUG_OFF") SET(CMAKE_CXX_FLAGS_RELWITHDEBINFO "${CMAKE_CXX_FLAGS_RELWITHDEBINFO} -DDBUG_OFF") -IF(CMAKE_COMPILER_IS_GNUCC) +IF(CMAKE_C_COMPILER_ID MATCHES "GNU") INCLUDE(CheckCCompilerFlag) SET(GCC_FLAGS -Wunused -Wlogical-op -Wno-uninitialized -Wall -Wextra -Wformat-security -Wno-init-self -Wwrite-strings -Wshift-count-overflow -Wdeclaration-after-statement -Wno-undef -Wno-unknown-pragmas -Wno-stringop-truncation) FOREACH(GCC_FLAG ${GCC_FLAGS}) @@ -158,7 +150,7 @@ SET(CMAKE_BUILD_TYPE "RelWithDebInfo") ENDIF() -INCLUDE(FindGit) +FIND_PACKAGE(Git) IF(GIT_EXECUTABLE AND EXISTS ${CC_SOURCE_DIR}/.git) EXECUTE_PROCESS( COMMAND ${GIT_EXECUTABLE} rev-parse HEAD @@ -282,15 +274,15 @@ ENDIF() IF(DBUG_OFF) - ADD_DEFINITIONS(-DDBUG_OFF=1) + add_compile_definitions(DBUG_OFF=1) ENDIF() -ADD_DEFINITIONS(-DMARIADB_SYSTEM_TYPE="${CMAKE_SYSTEM_NAME}") -ADD_DEFINITIONS(-DMARIADB_MACHINE_TYPE="${CMAKE_SYSTEM_PROCESSOR}") +add_compile_definitions(MARIADB_SYSTEM_TYPE="${CMAKE_SYSTEM_NAME}") +add_compile_definitions(MARIADB_MACHINE_TYPE="${CMAKE_SYSTEM_PROCESSOR}") IF(WIN32) - ADD_DEFINITIONS(-DHAVE_DLOPEN) - ADD_DEFINITIONS(-D_CRT_SECURE_NO_WARNINGS -D_CRT_NONSTDC_NO_DEPRECATE) + add_compile_definitions(HAVE_DLOPEN) + add_compile_definitions(_CRT_SECURE_NO_WARNINGS _CRT_NONSTDC_NO_DEPRECATE) ENDIF() IF(NOT DEFAULT_CHARSET) @@ -315,7 +307,7 @@ FIND_PACKAGE(OpenSSL) ENDIF() IF(OPENSSL_FOUND) - ADD_DEFINITIONS(-DHAVE_OPENSSL -DHAVE_TLS) + add_compile_definitions(HAVE_OPENSSL HAVE_TLS) SET(SSL_SOURCES "${CC_SOURCE_DIR}/libmariadb/secure/openssl.c" "${CC_SOURCE_DIR}/libmariadb/secure/openssl_crypt.c") SET(SSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY}) @@ -334,7 +326,7 @@ COMPILE_DEFINITIONS "-I${OPENSSL_INCLUDE_DIR}" RUN_OUTPUT_VARIABLE LIBRESSL_VERSION) IF(HAVE_LIBRESSL) - ADD_DEFINITIONS(-DHAVE_LIBRESSL) + add_compile_definitions(HAVE_LIBRESSL) SET(TLS_LIBRARY_VERSION ${LIBRESSL_VERSION}) ELSE() SET(TLS_LIBRARY_VERSION "OpenSSL ${OPENSSL_VERSION}") @@ -345,7 +337,7 @@ ELSEIF(WITH_SSL STREQUAL "GNUTLS") FIND_PACKAGE(GnuTLS "3.4.2" REQUIRED) IF(GNUTLS_FOUND) - ADD_DEFINITIONS(-DHAVE_GNUTLS -DHAVE_TLS) + add_compile_definitions(HAVE_GNUTLS HAVE_TLS) SET(SSL_SOURCES "${CC_SOURCE_DIR}/libmariadb/secure/gnutls.c" "${CC_SOURCE_DIR}/libmariadb/secure/gnutls_crypt.c") GET_FILENAME_COMPONENT(LIB_EXT "${GNUTLS_LIBRARIES}" EXT) @@ -360,7 +352,7 @@ MESSAGE(FATAL_ERROR "GnuTLS not found") ENDIF() ELSEIF(WIN32 AND WITH_SSL STREQUAL "SCHANNEL") - ADD_DEFINITIONS(-DHAVE_SCHANNEL -DHAVE_TLS -DHAVE_WINCRYPT) + add_compile_definitions(HAVE_SCHANNEL HAVE_TLS HAVE_WINCRYPT) SET(SSL_SOURCES "${CC_SOURCE_DIR}/libmariadb/secure/schannel.c" "${CC_SOURCE_DIR}/libmariadb/secure/win_crypt.c" "${CC_SOURCE_DIR}/libmariadb/secure/ma_schannel.c" @@ -434,7 +426,7 @@ IF(REMOTEIO_PLUGIN_TYPE MATCHES "STATIC") SET(SYSTEM_LIBS ${SYSTEM_LIBS} ${CURL_LIBRARIES}) ENDIF() - ADD_DEFINITIONS("-DHAVE_REMOTEIO=1") + add_compile_definitions(HAVE_REMOTEIO=1) ENDIF() ENDIF() IF(NOT WIN32) diff -Nru mariadb-11.8.6/libmariadb/cmake/FindGSSAPI.cmake mariadb-11.8.8/libmariadb/cmake/FindGSSAPI.cmake --- mariadb-11.8.6/libmariadb/cmake/FindGSSAPI.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/FindGSSAPI.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -44,7 +44,7 @@ # in cache already set(GSSAPI_FOUND TRUE) -else(GSSAPI_LIBS AND GSSAPI_FLAVOR) +else() find_program(KRB5_CONFIG NAMES krb5-config PATHS /opt/local/bin @@ -70,7 +70,7 @@ if(_return_VALUE) message(STATUS "GSSAPI configure check failed.") set(HAVE_KRB5_GSSAPI FALSE) - endif(_return_VALUE) + endif() IF(CMAKE_SYSTEM_NAME MATCHES AIX) string(REGEX REPLACE "-Wl[A-Za-z0-9_/,:-]*[ $]?" "" GSSAPI_LIBS "${GSSAPI_LIBS}") string(REGEX REPLACE "-L[A-Za-z0-9_/,:-]*[ $]?" "" GSSAPI_LIBS "${GSSAPI_LIBS}") @@ -93,19 +93,19 @@ set(GSSAPI_FLAVOR_MIT) if(gssapi_flavor_tmp MATCHES ".*Massachusetts.*") set(GSSAPI_FLAVOR "MIT") - else(gssapi_flavor_tmp MATCHES ".*Massachusetts.*") + else() set(GSSAPI_FLAVOR "HEIMDAL") - endif(gssapi_flavor_tmp MATCHES ".*Massachusetts.*") + endif() if(NOT HAVE_KRB5_GSSAPI) if (gssapi_flavor_tmp MATCHES "Sun Microsystems.*") message(STATUS "Solaris Kerberos does not have GSSAPI; this is normal.") set(GSSAPI_LIBS) set(GSSAPI_INCS) - else(gssapi_flavor_tmp MATCHES "Sun Microsystems.*") + else() message(WARNING "${KRB5_CONFIG} failed unexpectedly.") - endif(gssapi_flavor_tmp MATCHES "Sun Microsystems.*") - endif(NOT HAVE_KRB5_GSSAPI) + endif() + endif() if(GSSAPI_LIBS) # GSSAPI_INCS can be also empty, so don't rely on that set(GSSAPI_FOUND TRUE CACHE STRING "") @@ -117,8 +117,8 @@ mark_as_advanced(GSSAPI_INCS GSSAPI_LIBS GSSAPI_FLAVOR) - endif(GSSAPI_LIBS) - - endif(KRB5_CONFIG) + endif() + + endif() -endif(GSSAPI_LIBS AND GSSAPI_FLAVOR) +endif() diff -Nru mariadb-11.8.6/libmariadb/cmake/FindHogweed.cmake mariadb-11.8.8/libmariadb/cmake/FindHogweed.cmake --- mariadb-11.8.6/libmariadb/cmake/FindHogweed.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/FindHogweed.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -5,7 +5,7 @@ IF (HOGWEED_FOUND) SET(HOGWEED_FIND_QUIETLY TRUE) -ENDIF (HOGWEED_FOUND) +ENDIF() FIND_LIBRARY(HOGWEED_LIBRARY NAMES hogweed libhogweed) @@ -14,4 +14,4 @@ IF(HOGWEED_FOUND) SET(HOGWEED_LIBRARIES ${HOGWEED_LIBRARY}) -ENDIF(HOGWEED_FOUND) +ENDIF() diff -Nru mariadb-11.8.6/libmariadb/cmake/FindIconv.cmake mariadb-11.8.8/libmariadb/cmake/FindIconv.cmake --- mariadb-11.8.6/libmariadb/cmake/FindIconv.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/FindIconv.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -16,7 +16,7 @@ if (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES) # Already in cache, be silent set(ICONV_FIND_QUIETLY TRUE) -endif (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES) +endif () find_path(ICONV_INCLUDE_DIR iconv.h) @@ -37,7 +37,7 @@ if (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES) set (ICONV_FOUND TRUE) -endif (ICONV_INCLUDE_DIR AND ICONV_LIBRARIES) +endif () set(CMAKE_REQUIRED_INCLUDES ${ICONV_INCLUDE_DIR}) IF(ICONV_EXTERNAL) @@ -58,8 +58,8 @@ return 0; } " ICONV_SECOND_ARGUMENT_IS_CONST ) - ADD_DEFINITIONS(-DHAVE_ICONV) -endif (ICONV_FOUND) + add_compile_definitions(HAVE_ICONV) +endif () set (CMAKE_REQUIRED_INCLUDES) set (CMAKE_REQUIRED_LIBRARIES) @@ -67,12 +67,12 @@ if (ICONV_FOUND) if (NOT ICONV_FIND_QUIETLY) message (STATUS "Found Iconv: ${ICONV_LIBRARIES}") - endif (NOT ICONV_FIND_QUIETLY) -else (ICONV_FOUND) + endif () +else () if (Iconv_FIND_REQUIRED) message (FATAL_ERROR "Could not find Iconv") - endif (Iconv_FIND_REQUIRED) -endif (ICONV_FOUND) + endif () +endif () MARK_AS_ADVANCED( ICONV_INCLUDE_DIR diff -Nru mariadb-11.8.6/libmariadb/cmake/FindNettle.cmake mariadb-11.8.8/libmariadb/cmake/FindNettle.cmake --- mariadb-11.8.6/libmariadb/cmake/FindNettle.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/FindNettle.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -6,7 +6,7 @@ IF (NETTLE_INCLUDE_DIR) SET(NETTLE_FIND_QUIETLY TRUE) -ENDIF (NETTLE_INCLUDE_DIR) +ENDIF() FIND_PATH(NETTLE_INCLUDE_DIR nettle/md5.h nettle/ripemd160.h nettle/sha.h) FIND_LIBRARY(NETTLE_LIBRARY NAMES nettle libnettle) @@ -16,4 +16,4 @@ IF(NETTLE_FOUND) SET(NETTLE_LIBRARIES ${NETTLE_LIBRARY}) -ENDIF(NETTLE_FOUND) +ENDIF() diff -Nru mariadb-11.8.6/libmariadb/cmake/WindowsCache.cmake mariadb-11.8.8/libmariadb/cmake/WindowsCache.cmake --- mariadb-11.8.6/libmariadb/cmake/WindowsCache.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/WindowsCache.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -232,9 +232,7 @@ SET(HAVE_STRLCPY CACHE INTERNAL "") SET(HAVE_STRNCASECMP CACHE INTERNAL "") SET(HAVE_STRNDUP CACHE INTERNAL "") -IF(MSVC_VERSION GREATER 1310) SET(HAVE_STRNLEN 1 CACHE INTERNAL "") -ENDIF() SET(HAVE_STRPBRK 1 CACHE INTERNAL "") SET(HAVE_STRSEP CACHE INTERNAL "") SET(HAVE_STRSIGNAL CACHE INTERNAL "") @@ -296,9 +294,7 @@ SET(HAVE_VARARGS_H 1 CACHE INTERNAL "") SET(HAVE_VASPRINTF CACHE INTERNAL "") SET(HAVE_VPRINTF 1 CACHE INTERNAL "") -IF(MSVC_VERSION GREATER 1310) SET(HAVE_VSNPRINTF 1 CACHE INTERNAL "") -ENDIF() SET(HAVE_WEAK_SYMBOL CACHE INTERNAL "") SET(HAVE_BIGENDIAN CACHE INTERNAL "") SET(HAVE__S_IFIFO 1 CACHE INTERNAL "") @@ -310,9 +306,7 @@ SET(HAVE__strnicmp 1 CACHE INTERNAL "") SET(HAVE__strtoi64 1 CACHE INTERNAL "") SET(HAVE__strtoui64 1 CACHE INTERNAL "") -IF(MSVC_VERSION GREATER 1310) - SET(HAVE_strtok_s 1 CACHE INTERNAL "") -ENDIF() +SET(HAVE_strtok_s 1 CACHE INTERNAL "") SET(STDC_HEADERS CACHE 1 INTERNAL "") SET(STRUCT_DIRENT_HAS_D_INO CACHE INTERNAL "") SET(STRUCT_DIRENT_HAS_D_INO CACHE INTERNAL "") diff -Nru mariadb-11.8.6/libmariadb/cmake/check_include_files.cmake mariadb-11.8.8/libmariadb/cmake/check_include_files.cmake --- mariadb-11.8.6/libmariadb/cmake/check_include_files.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/check_include_files.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -24,14 +24,14 @@ CHECK_INCLUDE_FILES (signal.h INCLUDE_SIGNAL) IF(INCLUDE_SIGNAL) SET(CMAKE_EXTRA_INCLUDE_FILES signal.h) -ENDIF(INCLUDE_SIGNAL) +ENDIF() CHECK_INCLUDE_FILES (stddef.h HAVE_STDDEF_H) CHECK_INCLUDE_FILES (stdint.h HAVE_STDINT_H) IF(HAVE_STDINT_H) SET(CMAKE_EXTRA_INCLUDE_FILES stdint.h) -ENDIF(HAVE_STDINT_H) +ENDIF() CHECK_INCLUDE_FILES (stdlib.h HAVE_STDLIB_H) CHECK_INCLUDE_FILES (string.h HAVE_STRING_H) diff -Nru mariadb-11.8.6/libmariadb/cmake/check_types.cmake mariadb-11.8.8/libmariadb/cmake/check_types.cmake --- mariadb-11.8.6/libmariadb/cmake/check_types.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/check_types.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -43,7 +43,7 @@ # IF(WIN32) SET(SOCKET_SIZE_TYPE int) -ELSE(WIN32) +ELSE() FOREACH(CHECK_TYPE "socklen_t" "size_t" "int") IF (NOT SOCKET_SIZE_TYPE) CHECK_C_SOURCE_COMPILES(" @@ -56,7 +56,7 @@ SOCKET_SIZE_FOUND_${CHECK_TYPE}) IF(SOCKET_SIZE_FOUND_${CHECK_TYPE}) SET(SOCKET_SIZE_TYPE ${CHECK_TYPE}) - ENDIF(SOCKET_SIZE_FOUND_${CHECK_TYPE}) - ENDIF (NOT SOCKET_SIZE_TYPE) + ENDIF() + ENDIF() ENDFOREACH() -ENDIF(WIN32) +ENDIF() diff -Nru mariadb-11.8.6/libmariadb/cmake/install.cmake mariadb-11.8.8/libmariadb/cmake/install.cmake --- mariadb-11.8.6/libmariadb/cmake/install.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/install.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -76,7 +76,7 @@ # RPM layout # SET(INSTALL_BINDIR_RPM "bin") -IF((CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le" OR CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "s390x") AND CMAKE_SIZEOF_VOID_P EQUAL 8) +IF((CMAKE_SYSTEM_PROCESSOR MATCHES "x86_64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "ppc64le" OR CMAKE_SYSTEM_PROCESSOR MATCHES "aarch64" OR CMAKE_SYSTEM_PROCESSOR MATCHES "s390x" OR CMAKE_SYSTEM_PROCESSOR MATCHES "riscv64") AND CMAKE_SIZEOF_VOID_P EQUAL 8) SET(INSTALL_LIBDIR_RPM "lib64/mariadb") SET(INSTALL_PCDIR_RPM "lib64/pkgconfig") SET(INSTALL_PLUGINDIR_RPM "lib64/mariadb/plugin") diff -Nru mariadb-11.8.6/libmariadb/cmake/misc.cmake mariadb-11.8.8/libmariadb/cmake/misc.cmake --- mariadb-11.8.6/libmariadb/cmake/misc.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/misc.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -1,13 +1,7 @@ -IF ("${CMAKE_MAJOR_VERSION}.${CMAKE_MINOR_VERSION}.${CMAKE_PATCH_VERSION}" VERSION_LESS "2.8.7") - FUNCTION(MESSAGE1 id out) +FUNCTION(MESSAGE1 id out) + STRING(MD5 hash "${out}") + IF(NOT __msg1_${id} STREQUAL "${hash}") MESSAGE(STATUS "${out}") - ENDFUNCTION() -ELSE() - FUNCTION(MESSAGE1 id out) - STRING(MD5 hash "${out}") - IF(NOT __msg1_${id} STREQUAL "${hash}") - MESSAGE(STATUS "${out}") - ENDIF() - SET(__msg1_${id} ${hash} CACHE INTERNAL "") - ENDFUNCTION() -ENDIF() + ENDIF() + SET(__msg1_${id} ${hash} CACHE INTERNAL "") +ENDFUNCTION() diff -Nru mariadb-11.8.6/libmariadb/cmake/plugins.cmake mariadb-11.8.8/libmariadb/cmake/plugins.cmake --- mariadb-11.8.6/libmariadb/cmake/plugins.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/cmake/plugins.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -79,11 +79,7 @@ PROPERTIES COMPILE_FLAGS "-DPLUGIN_DYNAMIC=1 ${CC_PLUGIN_COMPILE_OPTIONS}") if (NOT "${CC_PLUGIN_INCLUDES}" STREQUAL "") - if(CMAKE_VERSION VERSION_LESS 2.8.11) - include_directories(${CC_PLUGIN_INCLUDES}) - else() - target_include_directories(${CC_PLUGIN_TARGET} PRIVATE ${CC_PLUGIN_INCLUDES}) - endif() + target_include_directories(${CC_PLUGIN_TARGET} PRIVATE ${CC_PLUGIN_INCLUDES}) endif() if (${CC_TARGET_COMPILE_OPTIONS}) target_compile_options(${CC_PLUGIN_TARGET} ${CC_TARGET_COMPILE_OPTIONS}) diff -Nru mariadb-11.8.6/libmariadb/docs/Home.md mariadb-11.8.8/libmariadb/docs/Home.md --- mariadb-11.8.6/libmariadb/docs/Home.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/Home.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +# MariaDB Connector/C + +## Documentation + +### License +Documentation of MariaDB Connector/C is published under [Creative Commons Attribution/ShareAlike 3.0 Unported license](https://creativecommons.org/licenses/by-sa/3.0/) + +### Authors +* Oleksandr Byelkin +* Ian Gilfillian +* Kristian Nielsen +* Georg Richter + +and others + +### Table of Contents + +- [[Building and Installing|install]] +- [[Building client applications|build_client_apps]] +- [[Configuration files|config_files]] +- [[MySQL Connector/C (libmysql) compatibility|libmysql_compat]] + +API Reference + + - [[Data Structures|datastructures]] + - [[Types and Definitions|types]] + - [[Generic API Reference|generic_api]] + - [[Asynchronous (non blocking) API|async_api]] + - [[Dynamic columns API reference|dyncol_api]] + - [[Prepared Statement API reference|ps_api]] + - [[Replication/Binlog API reference|binlog_api]] + + diff -Nru mariadb-11.8.6/libmariadb/docs/TLS-SSL-Changes-in-MariaDB-Connector-C-3.4.md mariadb-11.8.8/libmariadb/docs/TLS-SSL-Changes-in-MariaDB-Connector-C-3.4.md --- mariadb-11.8.6/libmariadb/docs/TLS-SSL-Changes-in-MariaDB-Connector-C-3.4.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/TLS-SSL-Changes-in-MariaDB-Connector-C-3.4.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,51 @@ +

    TLS/SSL Changes in Connector/C 3.4 (Draft):

    + +

    Peer certificate validation

    + +Since version 3.4 peer certificate verification is enabled by default. It can be disabled via `mysql_optionsv`, using option +`MYSQL_OPT_SSL_VERIFY_SERVER_CERT`: + + my_bool verify= 0; + mysql_options(mariadb, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); + +

    Self signed certificates

    + +If the client obtained a self signed peer certificate from MariaDB server the verification will fail, with the following exceptions: + +* If the connection between client and server is considered to be secure:, e.g. + * a unix_socket is used for client server communication + * hostname is localhost (Windows operating system), 127.0.0.1 or ::1 +* a specified fingerprint matches the fingerprint of the peer certificate (see below) +* a client can verify the certificate using account password, it's possible if + * account has a password + * authentication plugin is "secure without TLS", that is, one of mysql_native_password, ed25519, parsec. + +

    Fingerprint verification of the peer certificate

    + +A fingerprint is a cryptographic hash (SHA-256, SHA-384 or SHA-512) of the peer certificate's binary data. Even if the fingerprint matches, an expired ôr revoked certificate will not be accepted. + +To get the finger print of the server certificate, you can use openssl or certtool (gnutls) command line clients on the server host: + + $ openssl x509 -noout -fingerprint -sha384 -inform pem -in /path/server-cert.pem + sha384 Fingerprint=C1:38:FD:6B:9B:A9:99:5A:E1:EF:08:00:34:A6:08:46:FA:A5:97:05:FD:62:EB:91:C7:BA:B6:73:BF:C6:D5:C2:0D:6A:D7:22:99:8D:8A:DE:C3:9C:5E:C6:5D:96:F6:63 + +or + + certtool --fingerprint --hash=sha384 --infile=/path/server-cert.pem + c138fd6b9ba9995ae1ef080034a60846faa59705fd62eb91c7bab673bfc6d5c20d6ad722998d8adec39c5ec65d96f663 + +

    Notes:

    +For security reasons support for MD5 and SHA1 has been removed. + +

    Obtaining peer certificate information

    + +Peer certificate information can be obtained via `mariadb_get_infov`, +using option `MARIADB_TLS_PEER_CERT_INFO`: + + MARIADB_X509_INFO *info; + unsigned int hash_size= 384; + + mysql_optionsv(mariadb, MARIADB_TLS_PEER_CERT_INFO, &info, hash_size); + +The optional `hash_size` parameter specifies the length of the fingerprint hash in bits: supported values are 256, 384 and 512. If `hash_size` will be omitted, a default value of 256 will be used. + diff -Nru mariadb-11.8.6/libmariadb/docs/_Footer.md mariadb-11.8.8/libmariadb/docs/_Footer.md --- mariadb-11.8.6/libmariadb/docs/_Footer.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/_Footer.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1 @@ +MariaDB Connector/C Reference \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/_Sidebar.md mariadb-11.8.8/libmariadb/docs/_Sidebar.md --- mariadb-11.8.6/libmariadb/docs/_Sidebar.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/_Sidebar.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,10 @@ +- [Building and Installing](install) +- [Data Structures](datastructures) +- [Types and Definitions](types) +- [Generic API Reference](generic_api) +- [Dynamic column API](dyncol_api) +- [Asynchronous (non blocking) API](async_api) +- [Prepared Statement API reference](ps_api) +- [Replication/Binlog API reference](binlog_api) +- [Building client applications](build_client_apps) +- [MySQL Connector/C (libmysql) compatibility](libmysql_compat) diff -Nru mariadb-11.8.6/libmariadb/docs/activate_non_blocking.md mariadb-11.8.8/libmariadb/docs/activate_non_blocking.md --- mariadb-11.8.6/libmariadb/docs/activate_non_blocking.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/activate_non_blocking.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,31 @@ +## Activating non blocking mode + +Before using any non-blocking operation, it is necessary to enable it first by setting the `MYSQL_OPT_NONBLOCK` option via [mysql_optionsv()](mysql_optionsv) api function: + +```C +mysql_optionsv(mysql, MYSQL_OPT_NONBLOCK, 0); +``` + +This call can be made at any time — typically it will be done at the start, before `mysql_real_connect()`, but it can be done at any time to start using non-blocking operations. + +If a non-blocking operation is attempted without setting the `MYSQL_OPT_NONBLOCK` option, the program will typically crash with a NULL pointer exception. + +The argument for `MYSQL_OPT_NONBLOCK` is the size of the stack used to save the state of a non-blocking operation while it is waiting for I/O and the application is doing other processing. Normally, applications will not have to change this, and it can be passed as zero to use the default value. + +### Mixing blocking and non-blocking operation + +It is possible to freely mix blocking and non-blocking calls on the same MYSQL connection. + +Thus, an application can do a normal blocking `mysql_real_connect()` and subsequently do a non-blocking `mysql_real_query_start()`. Or vice versa, do a non-blocking `mysql_real_connect_start()`, and later do a blocking `mysql_real_query()` on the resulting connection. + +Mixing can be useful to allow code to use the simpler blocking API in parts of the program where waiting is not a problem. For example establishing the connection(s) at program startup, or doing small quick queries between large, long-running ones. + +The only restriction is that any previous non-blocking operation must have finished before starting a new blocking (or non-blocking) operation, see the next section: "Terminating a non-blocking operation early" below. + +### Terminating a non-blocking operation early + +When a non-blocking operation is started with `mysql_real_query_start()` or another `_start()` function, it must be allowed to finish before starting a new operation. Thus, the application must continue calling 'mysql_real_query_cont()` until zero is returned, indicating that the operation is completed. It is not allowed to leave one operation "hanging" in the middle of processing and then start a new one on top of it. + +It is, however, permissible to terminate the connection completely with `mysql_close()` in the middle of processing a non-blocking call. A new connection must then be initiated with `mysql_real_connect()` before new queries can be run, either with a new MYSQL object or re-using the old one. + +In the future, we may implement an abort facility to force an on-going operation to terminate as quickly as possible (but it will still be necessary to call `mysql_real_query_cont()` one last time after abort, allowing it to clean up the operation and return immediately with an appropriate error code). diff -Nru mariadb-11.8.6/libmariadb/docs/api.md mariadb-11.8.8/libmariadb/docs/api.md --- mariadb-11.8.6/libmariadb/docs/api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,12 @@ +## API Reference + +* [mariadb_cancel()](mariadb_cancel) - Immediately aborts a connection +* [mariadb_get_infov()](mariadb_get_infov) - retrieves generic or connection related information +* [mariadb_reconnect()](mariadb_reconnect) - Reconnects to a server +* [mysql_affected_rows()](mysql_affected_rows) - Returns the number of rows affected by the last operation +* [mysql_autocommit()](mysql_autocommit) - Toggles autocommit +* [mysql_change_user()](mysql_change_user) - Changes user and database +* [mysql_errno()](mysql_errno) - returns the last error code for the most recent function call +* [mysql_error()](mysql_error) - returns the last error message for the most recent function call + + diff -Nru mariadb-11.8.6/libmariadb/docs/async_api.md mariadb-11.8.8/libmariadb/docs/async_api.md --- mariadb-11.8.6/libmariadb/docs/async_api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/async_api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,17 @@ +## Asynchronous (non blocking) API + +The MariaDB Connector/C non-blocking client API is modelled after the normal blocking library calls. This makes it easy to learn and remember. It makes it easier to translate code from using the blocking API to using the non-blocking API (or vice versa). And it also makes it simple to mix blocking and non-blocking calls in the same code path. + +For every api function that may block on socket I/O, two additional non-blocking functions are introduced which are suffixed by `_start` and `_cont`. + +For example for the api function `int mysql_real_query(MYSQL, query, query_length)`, two additional non-blocking calls are introduced: + +* `int mysql_real_query_start(&status, MYSQL, query, query_length)` +* `int mysql_real_query_cont(&status, MYSQL, wait_status)` + +For a complete overview please refer to the list of [blocking api functions](blocking_functions). + +* [Activating non blocking mode](activate_non_blocking) +* [Example](example_non_blocking) +* [List of blocking api functions](blocking_functions) +* [Restrictions](restrictions_non_blocking) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/binlog_api.md mariadb-11.8.8/libmariadb/docs/binlog_api.md --- mariadb-11.8.6/libmariadb/docs/binlog_api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/binlog_api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,6 @@ +The main mechanism used in replication is the binary log. If binary logging is enabled, all updates to the database (data manipulation and data definition) are written into the binary log as binlog events. Clients may read the binary log from master using the replication API in order to access the data. + +* [Replication API Data structures](rpl_data_structures) +* [Replication API Types and definitions](rpl_types_definitions) +* [Replication API Function reference](rpl_api_reference) +* [Example](rpl_api_example) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/blocking_functions.md mariadb-11.8.8/libmariadb/docs/blocking_functions.md --- mariadb-11.8.6/libmariadb/docs/blocking_functions.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/blocking_functions.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,5 @@ +## Blocking functions + +This is a list of all functions in the non-blocking client API and their parameters. Apart from operating in a non-blocking way, they all work exactly the same as their blocking counterparts, so their exact semantics can be obtained from the documentation of the normal client API. + +* [mysql_real_connect_start(),mysql_real_connect_cont()](mysql_real_connect_non_block) - establishes a connection to a MariaDB database server \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/build_client_apps.md mariadb-11.8.8/libmariadb/docs/build_client_apps.md --- mariadb-11.8.6/libmariadb/docs/build_client_apps.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/build_client_apps.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,76 @@ +# Building an application with MariaDB Connector/C + +## Configuration tools + +- [mariadb_config: Configuration settings utility](mariadb_config) +- pkg-config: Determine configuration settings with pkg-config + +### Include files + +#### How to find MariaDB include files + +##### Windows +For Microsoft Windows Platforms MariaDB Connector/C doesn't provide configuration tools, in the default installation the files will be always installed at the same location. + +The windows default installation (using MariaDB Connector/C MSI package) installs the include files in folder +`\ProgramFiles\MariaDB\MariaDB Connector/C 64-bit\include` (or for 32-bit installation in `\ProgramFiles\MariaDB\MariaDB Connector/C 32-bit\include`. + +##### Posix +On Posix platforms you can either use the `mariadb_config` utility which is located in the binary folder of your MariaDB Connector/C installation, or you can use the pkg-config command of your distribution, e.g. + +``` +$> mariadb_config --include +-I/usr/local/include/mariadb +``` + +``` +$> pkg-config libmariadb --cflags +-I/usr/local/include/mariadb +``` + +If you're using a different compiler than gcc or clang, you might need to adjust the include option for the compiler. + +#### General includes +For using MariaDB Connector/C from your application, only the include file `mysql.h` is required. + +#### Error handling +If you don't want to deal with numbers but also with the error code definitions, you need to include `errmsg.h` for client errors and `mysqld_error.h` for server errors. The latter one might not contain the latest server error codes, e.g. if you're using MySQL Connector/C from 10.2 server package it will not contain 10.3 or 10.4 error codes. It will also not contain all error codes from MySQL Server. + +#### MariaDB extensions +Some special and not widely used extensions like the asynchronous API have their own include files which are not automatically included by `mysql.h`. + +|Extension|required include files| +|--|--| +|Dynamic column API|`mariadb_dyncol.h`| +|Asynchronous/non-blocking API|`mariadb_async.h`| +|Replication/Binlog API|`mariadb_rpl.h`| + +#### Client plugins +If you want to develop a client plugin (e.g. for authentication or connection handling) the plugin code must include `mysql/client_plugin.h`. + +### Linking your application against MariaDB Connector/C + +#### Windows +For static linking the library `libmariadb.lib` is required, for dynamic linking use `libmariadb.dll`. Using the MSI installer, these libraries can be found in the lib directory of your MariaDB Connector/C installation. + +Unless you use the experimental plugin `remote_io` (which requires the curl library) there are no dependencies to other libraries than the Windows system libraries. + +#### Posix + +To detect library path and the required libraries, use `mariadb_config` or `pkg_config` command: + +``` +$ mariadb_config --libs +-L/usr/local/lib/mariadb/ -lmariadb -ldl -lm -lpthread -lssl -lcrypto +$ pkg-config libmariadb --libs +-L/usr/local/lib/mariadb/ -lmariadb -ldl -lm -lpthread -lssl -lcrypto +``` + +Both programs will return the location of the MariaDB Connector/C library (-L), the library name (-lmariadb) and the depending libraries. + +To use the static library, extract the library path from mariadb_config output or specify the option `--libs-only-L` when running the pkg-config command and append libmariadbclient.a to the path. + +Example using gcc: +```gcc -o my_test my_test.o -L/usr/local/lib/mariadb/libmariadbclient.a``` + +Depending on the configuration, you might need to also link against the libraries returned by --libs option. diff -Nru mariadb-11.8.6/libmariadb/docs/compiling.md mariadb-11.8.8/libmariadb/docs/compiling.md --- mariadb-11.8.6/libmariadb/docs/compiling.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/compiling.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Compiling MariaDB Connector/C + +After successful configuration, Connector/C can now be compiled. + +### Compiling on Windows + +If no CMake generator was specified, CMake creates by default build files for Visual Studio. +You can now either build Connector/C inside Visual Studio + +`devenv mariadb_connector_c.sln` + +or via command line + +`cmake --build . --config RelWithDebInfo` + +### Compiling on Unix +By default CMake creates build files for GNU make. On some system GNU make is renamed to `gmake`. +You can now build Connector/C with + +`shell>make` + +or + +`cmake --build . --config Release` + diff -Nru mariadb-11.8.6/libmariadb/docs/config_files.md mariadb-11.8.8/libmariadb/docs/config_files.md --- mariadb-11.8.6/libmariadb/docs/config_files.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/config_files.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,90 @@ +# Configuration files + +By default MariaDB Connector/C doesn't read any configuration file, this needs to be forced either by setting the option `MYSQL_READ_DEFAULT_FILE` or `MYSQL_READ_DEFAULT_GROUP`: + + +```C +/* process options from a configuration file which is not in standard place */ +rc= mysql_options(mysql, MYSQL_READ_DEFAULT_FILE, "/home/jeff/config/my_config.cnf"); + +/* Only process options from group my_app */ +rc= mysql_options(mysql, MYSQL_READ_DEFAULT_GROUP, "my_app"`); + +``` + +## Default location of configuration files +If a group (or an empty group) was specified, MariaDB Connector/C looks for configuration files in the following locations: + +### Windows +1. System windows directory +2. System directory +3. Windows directory +4. C:\ +5. MARIADB_HOME environment variable + +### Posix/Linux +1. SYSCONFDIR (if Connector/C was build with server package) +2. /etc/ +3. /etc/mysql +4. MARIADB_HOME environment variable +5. .my.cnf in home directory of the current user + +## Default groups +In addition to the specified group MariaDB Connector/C will process options from the following groups: + +1. [client] +2. [client-server] +3. [client-mariadb] +4. [group] (if specified via mysql_options) + +## Configuration options + +| Option | Type | Description | +| - | - | - | +| bind-address | string | Bind to a specific address +| character-sets-dir | string | not in use +| compress | boolean(0/1) | Use compressed protocol +| connection | string | A connection string as described in [mariadb_connect()](../mariadb_connect) function. +| connect-timeout | numeric | Connection timeout +| database | string | Default database (schema) +| debug | string | not in use +| default-auth | string | Default authentication method +| default-character-set | string | default character set +| disable-local-infile | none | Disable use of LOAD .. LOCAL command +| host | string | Server name or IP address +| init-command | string | one or more commands which will be sent directly after a connection was established +| interactive-timeout | none | Enables interactive timeout +| local-infile | boolean(0/1) | Enable use of LOAD .. LOCAL command +| max-allowed-packet | numeric | max. allowed packet size +| multi-queries | bool | Allow execution of multiple semicolon separated statements +| multi-results | bool | Allow processing multiple results +| multi-statements | string | Alias for mult-queries +| net-buffer-length | numeric | Length of net buffer +| password | string | Password (not recommended to set the password in a configuration file) +| pipe | boolean(0/1) | Use named pipe (Windows only) +| plugin-dir | string | client plugin directory +| port | numeric | Port number of server +| protocol | numeric | Protocol +| reconnect | boolean(0/1) | Force automatic reconnect +| restricted-auth| string| Restricted authentication plugins +| report-data-truncation | boolean(0/1) | Report data truncation in binary protocol +| return-found-rows | none | Return found rows +| secure-auth | boolean(0/1) | Use secure authentication +| server-public-key | string | Not in use +| shared-memory-base-name | string | shared memory base name (Windows only) +| socket, unix_socket | string | Unix socket +| ssl-capath | string | Directory which contains trusted SSL Certificate Authority certificate files +| ssl-ca | string | Trusted SSL Certificate Authority file +| ssl-cert | string | X509 client certificate +| ssl-cipher | string | Force use of specified cipher suite(s) +| ssl-crlpath | string | Directory which contains certificate revocation-list files +| ssl-crl | string | certificate revocation-list file +| ssl-enforce | boolean(0/1) | Use TLS/SSL connection +| ssl-fp-list | string | File that contains one or more finger prints of server certificates +| ssl-fp | string | Finger print of server certificate +| ssl-key | string | X509 key +| ssl-passphrase | string | Passphrase for passphrase protected X509 keys +| ssl-verify-server-cert | boolean(0/1) | Verify server X509 certificate +| timeout | numeric | Read/Write timeout in seconds +| tls-version | string | Force use of TLS version. +| user | string | Name of the user diff -Nru mariadb-11.8.6/libmariadb/docs/configuration_options.md mariadb-11.8.8/libmariadb/docs/configuration_options.md --- mariadb-11.8.6/libmariadb/docs/configuration_options.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/configuration_options.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,59 @@ +## Configuration settings + +Connector/C specifies its build process with platform-independent CMake listfiles included in each directory of a source tree with the name `CMakeLists.txt`. +Configuration settings may be specified by passing the `-D` option to CMake command line interpreter. + +Do not build Connector/C from root of the source tree: Either create a subdirectory "build" inside the source tree or create a subdirectory outside of the source tree. + +**Example:** +`cmake ../connector_c -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=/usr/local` + +### Reconfiguration +In case Connector/C was already configured, the CMakeCache.txt file needs to be removed first. In several cases, e.g. when cross compiling CMakeFiles subfolders need to be removed too. + +### Generator options +If you want to use a different generator, e.g. for nmake on Windows, you need to specify the generator with the `-G` option. `cmake --help` lists the available generators for the used platform. + +### CMake-related configuration settings +| Option | Description +|-|- +|CMAKE_BUILD_TYPE| Build type: Release, RelWithDebInfo or Debug| +|CMAKE_INSTALL_PREFIX| Installation base directory. This option is also used by `mariadb_config`.| +|CMAKE_C_FLAGS|Flags for C-Compiler| + +### TLS/SSL options +| Option | Default | Description | +|-|-|- +|WITH_OPENSSL|ON| Possible values are ON or OFF. Not supported anymore since Connector/C 3.0| +|WITH_SSL|SCHANNEL (windows), otherwise OPENSSL|Specifies type of TLS/SSL library. E.g. GNUTLS, OPENSSL or SCHANNEL (Windows only). OFF disables TLS/SSL functionality| + +### Client plugins +Client plugins can be configured as dynamic plugins (DYNAMIC) or built-in plugins (STATIC) by specifying the plugin name followed by suffix `_PLUGIN_TYPE` as key, and `DYNAMIC` or `STATIC` as value. + +E.g. for building dialog plugin as a built-in plugin, for versions < Connector/C 3.0.4 + +`cmake .. -D{PLUGIN_NAME}_PLUGIN_TYPE=[STATIC|DYNAMIC|OFF]` + + +Beginning with C/C 3.0.4 + +`cmake .. -DCLIENT_PLUGIN_{PLUGIN_NAME}=[STATIC|DYNAMIC|OFF]` + + +MariaDB Connector/C supports the following plugins: + +| Plugin | Type | Default | Description | +|-|-|-|- +|SOCKET|IO|static|plugin for client server communication via unix socket (Posix platforms only)| +|SHMEM|IO|static|plugin for client server communication via shared memory (Windows only)| +|NPIPE|IO|static|plugin for client server communication via named pipe (Windows only)| +|DIALOG|Authentication|dynamic|Authentication for user input, e.g. for PAM authentication| +|OLDPASSWORD|Authentication|static|Pre. 4.1 authentication (deprecated)| +|NATIVE|Authentication|static|Default authentication| +|CLEARTEXT|Authentication|dynamic|Sends password without hashing or encryption| +|AUTH_GSSAPI_CLIENT|Authentication|dynamic|Kerberos/GSSAPI authentication plugin| +|SHA256_PASSWORD|Authentication|dynamic|SHA256 password authentication plugin| +|CACHING_SHA2_PASSWORD|Authentication|dynamic|SHA256 password authentication with server side caching| +|CLIENT_ED25519|Authentication|dynamic|ED25519 user authentication +|ZLLIB|Compression|static|ZLIB compression (added in version 3.3.0) +|ZSTD|Compression|static|ZStandard compression (added in version 3.3.0) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/datastructures.md mariadb-11.8.8/libmariadb/docs/datastructures.md --- mariadb-11.8.6/libmariadb/docs/datastructures.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/datastructures.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,105 @@ +# Data structures + + +This page describes the public data structures used by MariaDB Connector/C. + +## MYSQL +The `MYSQL` structure represents one database connection and is used by most of MariaDB Connector/C's API functions. The `MYSQL` structure needs to be allocated and initialized by the [mysql_init()](mysql_init) API function. It will be released by the [mysql_close()](mysql_close) function. + +**Warning:**\ +The ```MYSQL``` structure should be considered as opaque; copying or changing values of its members might produce unexpected results, errors or program crashes. + +## MYSQL_RES +The `MYSQL_RES` structure represents a result set which contains data and metadata information. It will be returned by the [mysql_use_result()](mysql_use_result) or [mysql_store_result](mysql_store_result) API functions and needs to be released by [mysql_free_result()](mysql_free_result). + +**Warning**:\ +The ```MYSQL_RES``` structure should be considered as opaque; copying or changing values of its members might produce unexpected results, errors or program crashes. + +## MYSQL_ROW +```MYSQL_ROW``` represents an array of character pointers, pointing to the columns of the actual data row. +Data will be received by the [mysql_fetch_row()](mysql_fetch_row) function. The size of the array is the number of columns for the current row, which can be determined by [mysql_field_count()](mysql_field_count) API function. + +**Warning:**\ +After freeing the result set with [mysql_free_result()](mysql_free_result) `MYSQL_ROW` becomes invalid. + + +## MYSQL_STMT + +The ```MYSQL_STMT``` structure represents a prepared statement handle and is used by MariaDB Connector/C's prepared statement API functions. The MYSQL_STMT structure needs to be allocated and initialized by the [mysql_stmt_init](mysql_stmt_init) function and needs to be released by the [mysql_stmt_close()](mysql_stmt_close) function. + +**Warning:**\ +The `MYSQL_STMT` structure should be considered as opaque; copying or changing values of its members might produce unexpected results, errors or program crashes. + +## MYSQL_FIELD +The `MYSQL_FIELD` structure describes the metadata of a column. It can be obtained by the [mysql_fetch_field()](mysql_fetch_field) function. + +It has the following members: + +| Type | Member | Description | +|----|----|----| +|`char *`|`name`| The name of the column| +|`unsigned int`|`name_length`|The length of column name| +|`char *`|`org_name `|The original name of the column +|`unsigned int`|`org_name_length`|The length of original column name +|`char *`|`table`|The name of the table +|`unsigned int`|`table_length`|The length of table name +|`char *`|`org_table `|The original name of the table +|`unsigned int`|`org_table_length`|The length of original table name +|`char *`|`db `|The name of the database (schema) +|`unsigned int`|`db_length`|The length of database name +|`char *`|`catalog`|The catalog name (always `'def'`) +|`unsigned int`|`catalog_length`|The length of catalog name +|`char *`|`def`|default value +|`unsigned int`|`def_length`|The length of default value +|`unsigned int`|`length`|The length (width) of the column definition +|`unsigned int`|`max_length`|The maximum length of the column value +|`unsigned int`|`flags`|Flags +|`unsigned int`|`decimals`|Number of decimals +|`enum enum_field_types`|`type`|Field type + +## MYSQL_BIND +The `MYSQL_BIND` structure is used to provide parameters for prepared statements or to receive output column value from prepared statements. + +| Type | Member | Description | +|----|----|----| +|`unsigned long *`|`length`|Pointer for the length of the buffer (not used for parameters) +|`my_bool *`|`is_null`|Pointer which indicates if column is NULL (not used for parameters) +|`my_bool *`|`error`|Pointer which indicates if an error occurred +|`void *`|`buffer`|Data buffer which contains or receives data +|`char *`|`u.indicator`|Array of indicator variables for bulk operation parameter +|`unsigned long`|`buffer_length`|Length of buffer +|`enum enum_field_types`|`buffer_type`|[[library/mariadb-connectorc-types-and-definitions/#enum-enum_field_types|Buffer type]] +|`unsigned long`|`length_value`|Used if length pointer is NULL +|`my_bool`|`error_value`|Used if error pointer is NULL +|`my_bool`|`is_null_value`|Used if is_null pointer is NULL +|`my_bool`|`is_unsigned`|Set if integer type is unsigned + + +## MYSQL_TIME +The `MYSQL_TIME` structure is used for date and time values in prepared statements. It has the following members: + +| Type | Member | Description | +|----|----|----| +|` unsigned int`|`year`|Year +|`unsigned int`|`month`|Month +|`unsigned int`|`day`|Day +|`unsigned int`|`hour`|Hour +|`unsigned int`|`minute`|Minute +|`unsigned int`|`second`|Second +|`unsigned long`|`second_part`|Fractional seconds (max. 6 digits) +|`my_bool`|`neg`|Negative value +|`enum enum_mysql_timestamp_type`|`time_type`|Time type + +## MARIADB_X509_INFO +The `MARIADB_X509_INFO` structure contains information about the peer certificate. This information is only available for TLS/SSL connections. + +| Type | Member | Description | +|----|----|----| +|`int`|`version`| Peer certificate version +|`char *`|`issuer`| Issuer of peer certificate +|`char *`|`subject`| Subject of peer certificate +|`char *`|`fingerprint`| Fingerprint (SHA256, 384 or 512) +|`struct tm`|`notBefore`| Start date of peer certificate +|`struct tm`|`notAfter`| Expiration date of peer certificate + +MARIADB_X509_INFO was added in MariaDB Connector/C 3.4.1 diff -Nru mariadb-11.8.6/libmariadb/docs/dyncol_api.md mariadb-11.8.8/libmariadb/docs/dyncol_api.md --- mariadb-11.8.6/libmariadb/docs/dyncol_api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/dyncol_api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,37 @@ +## Dynamic Column API +Dynamic columns allow to store different sets of columns for each row in a table. It works by storing a set of columns in a blob and having a small set of functions to manipulate it. + +Dynamic columns should be used when it is not possible to use regular columns. + +A typical use case is when one needs to store items that may have many different attributes (like size, color, weight, etc), and the set of possible attributes is very large and/or unknown in advance. In that case, attributes can be put into dynamic columns. + +Dynamic columns are supported since MariaDB Server 5.3, however with MariaDB Connector/C it's possible to read, write and manipulate dynamic columns regardless of the server version. + +### Structures, Types and Definitions +* [Dynamic Column structures](dyncol_structures) +* [Dynamic Column types and definitions](dyncol_typesanddefs) + +### Dynamic Column API functions +* [mariadb_dyncol_check](mariadb_dyncol_check) - Check if a dynamic column has correct format +* [mariadb_dyncol_column_cmp_named](mariadb_dyncol_column_cmp_named) - Compare two column names +* [mariadb_dyncol_column_count](mariadb_dyncol_column_count) - Gets the number of columns in a dynamic column +* [mariadb_dyncol_create_many_named](mariadb_dyncol_create_many_named) - Creates a dynamic column with named keys +* [mariadb_dyncol_create_many_num](mariadb_dyncol_create_many_num) - Creates a dynamic column with numeric keys +* [mariadb_dyncol_exists_named](mariadb_dyncol_exists_named) - Checks if a column with named key exists +* [mariadb_dyncol_exists_num](mariadb_dyncol_exists_num) - Checks if column with numeric key exists +* [mariadb_dyncol_free](mariadb_dyncol_free) - Frees dynamic column memory +* [mariadb_dyncol_get_named](mariadb_dyncol_get_named) - Get value of a column with given key +* [mariadb_dyncol_get_num](mariadb_dyncol_get_num) - Get value of a column with given number +* [mariadb_dyncol_has_names](mariadb_dyncol_has_names) - Checks if dynamic column uses named keys +* [mariadb_dyncol_init](mariadb_dyncol_init) - Initializes a dynamic column +* [mariadb_dyncol_json](mariadb_dyncol_json) - Get content of a dynamic column in JSON format +* [mariadb_dyncol_list_json](mariadb_dyncol_list_json) - Get content of a dynamic column in JSON format +* [mariadb_dyncol_list_named](mariadb_dyncol_list_named) - Lists columns in a dynamic column +* [mariadb_dyncol_list_num](mariadb_dyncol_list_num) - Lists columns in a dynamic column +* [mariadb_dyncol_unpack](mariadb_dyncol_unpack) - Get values of all columns +* [mariadb_dyncol_update_many_named](mariadb_dyncol_update_many_named) - Updates a dynamic column with named keys +* [mariadb_dyncol_update_many_num](mariadb_dyncol_update_many_num) - Updates a dynamic column with numeric keys +* [mariadb_dyncol_value_init](mariadb_dyncol_value_init) - Initializes a dynamic column value +* [mariadb_dyncol_val_double](mariadb_dyncol_val_double) - Convert content of a dynamic column to double +* [mariadb_dyncol_val_long](mariadb_dyncol_val_long) - Convert content of a dynamic column to longlong +* [mariadb_dyncol_val_str](mariadb_dyncol_val_str) - Convert content of a dynamic column to string \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/dyncol_structures.md mariadb-11.8.8/libmariadb/docs/dyncol_structures.md --- mariadb-11.8.6/libmariadb/docs/dyncol_structures.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/dyncol_structures.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,55 @@ +## Dynamic Column data structures + +### DYNAMIC_COLUMN +`DYNAMIC_COLUMN` represents a packed dynamic column blob. It is essentially a string-with-length and is defined as follows: + +```C +/* A generic-purpose arbitrary-length string defined in MySQL Client API */ +typedef struct st_dynamic_string +{ + char *str; + size_t length,max_length,alloc_increment; +} DYNAMIC_STRING; + +typedef DYNAMIC_STRING DYNAMIC_COLUMN; +``` + +### DYNAMIC_COLUMN_VALUE + +Dynamic columns blob stores {name, value} pairs. `DYNAMIC_COLUMN_VALUE` structure is used to represent the value in accessible form. + +```C +struct st_dynamic_column_value +{ + DYNAMIC_COLUMN_TYPE type; + union + { + long long long_value; + unsigned long long ulong_value; + double double_value; + struct { + MYSQL_LEX_STRING value; + CHARSET_INFO *charset; + } string; + struct { + decimal_digit_t buffer[DECIMAL_BUFF_LENGTH]; + decimal_t value; + } decimal; + MYSQL_TIME time_value; + } x; +}; +typedef struct st_dynamic_column_value DYNAMIC_COLUMN_VALUE; +``` + +### MYSQL_LEX_STRING + +`MYSQL_LEX_STRING` is a structure which represents a binary string. + +```C +struct st_mysql_lex_string +{ + char *str; + size_t length; +}; +typedef struct st_mysql_lex_string MYSQL_LEX_STRING; +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/dyncol_typesanddefs.md mariadb-11.8.8/libmariadb/docs/dyncol_typesanddefs.md --- mariadb-11.8.6/libmariadb/docs/dyncol_typesanddefs.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/dyncol_typesanddefs.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,40 @@ +## Dynamic Column types and definitions + +### Dynamic column types +`enum enum_dynamic_column_type` defines the column types: + +| type | structure field | +|-|- +| `DYN_COL_NULL` | - | +| `DYN_COL_INT` | `value.x.long_value` | +| `DYN_COL_UINT` | `value.x.ulong_value` | +| `DYN_COL_DOUBLE` | `value.x.double_value` | +| `DYN_COL_STRING` | `value.x.string.value`, `value.x.string.charset` | +| `DYN_COL_DECIMAL` | `value.x.decimal.value` | +| `DYN_COL_DATETIME` | `value.x.time_value` | +| `DYN_COL_DATE` | `value.x.time_value` | +| `DYN_COL_TIME` | `value.x.time_value` | +| `DYN_COL_DYNCOL` | `value.x.string.value` | + +#### Notes +* Values with type `DYN_COL_NULL` do not ever occur in dynamic columns blobs. +* Type `DYN_COL_DYNCOL` means that the value is a packed dynamic blob. This is how nested dynamic columns are done. +* `DYN_COL_DECIMAL` type is not supported in MariaDB Connector/C yet, but in MariaDB Server >= 5.3 + +### Error codes +Most of dynamic column api functions return an error code, which is defined as `enum enum_dyncol_func_result`: + +|Value | Name | Description +|-|-|- +| 0 | `ER_DYNCOL_OK` | OK +| 0 | `ER_DYNCOL_NO` | (the same as `ER_DYNCOL_OK` but for functions which return a YES/NO) +| 1 | `ER_DYNCOL_YES` | YES response or success +| 2 | `ER_DYNCOL_TRUNCATED` | Operation succeeded but the data was truncated +| -1 | `ER_DYNCOL_FORMAT` | Wrong format of the encoded string +| -2 | `ER_DYNCOL_LIMIT` | A limit of implementation reached +| -3 | `ER_DYNCOL_RESOURCE` | Out of resources +| -4 | `ER_DYNCOL_DATA` | Incorrect input data +| -5 | `ER_DYNCOL_UNKNOWN_CHARSET` | Unknown character set + + + diff -Nru mariadb-11.8.6/libmariadb/docs/example_non_blocking.md mariadb-11.8.8/libmariadb/docs/example_non_blocking.md --- mariadb-11.8.6/libmariadb/docs/example_non_blocking.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/example_non_blocking.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,96 @@ +## Example + +To do non-blocking operation, an application first calls `mysql_real_query_start()` instead of `mysql_real_query()`, passing the same parameters. + +If `mysql_real_query_start()` returns zero, then the operation completed without blocking, and 'status' is set to the value that would normally be returned from `mysql_real_query()`. + +Else, the return value from `mysql_real_query_start()` is a bitmask of events that the library is waiting on. This can be `MYSQL_WAIT_READ`, `MYSQL_WAIT_WRITE`, or `MYSQL_WAIT_EXCEPT`, corresponding to the similar flags for `select()` or `poll()`; and it can include `MYSQL_WAIT_TIMEOUT` when waiting for a timeout to occur (e.g. a connection timeout). + +In this case, the application continues other processing and eventually checks for the appropriate condition(s) to occur on the socket (or for timeout). When this occurs, the application can resume the operation by calling `mysql_real_query_cont()`, passing in 'wait_status' a bitmask of the events which actually occurred. + +Just like mysql_real_query_start(), mysql_real_query_cont() returns zero when done, or a bitmask of events it needs to wait on. Thus the application continues to repeatedly call mysql_real_query_cont(), intermixed with other processing of its choice; until zero is returned, after which the result of the operation is stored in 'status'. + +Some calls, like `mysql_optionsv()`, do not do any socket I/O, and so can never block. For these, there are no separate _start() or _cont() calls. See the "Non-blocking API reference" page for a full list of what functions can and can not block. + +The checking for events on the socket / timeout can be done with `select()` or `poll()` or a similar mechanism. Though often it will be done using a higher-level framework (such as libevent), which supplies facilities for registering and acting on such conditions. + +The descriptor of the socket on which to check for events can be obtained by calling `mysql_get_socket()`. The duration of any timeout can be obtained from `mysql_get_timeout_value()`. + +Here is a trivial (but full) example of running a query with the non-blocking API. The example is found in the MariaDB server source tree as `client/async_example.c`. (A larger, more realistic example using libevent is found as tests/async_queries.c in the source): + +```C +static void run_query(const char *host, const char *user, const char *password) { + int err, status; + MYSQL mysql, *ret; + MYSQL_RES *res; + MYSQL_ROW row; + + mysql_init(&mysql); + mysql_options(&mysql, MYSQL_OPT_NONBLOCK, 0); + + status = mysql_real_connect_start(&ret, &mysql, host, user, password, NULL, 0, NULL, 0); + while (status) { + status = wait_for_mysql(&mysql, status); + status = mysql_real_connect_cont(&ret, &mysql, status); + } + + if (!ret) + fatal(&mysql, "Failed to mysql_real_connect()"); + + status = mysql_real_query_start(&err, &mysql, SL("SHOW STATUS")); + while (status) { + status = wait_for_mysql(&mysql, status); + status = mysql_real_query_cont(&err, &mysql, status); + } + if (err) + fatal(&mysql, "mysql_real_query() returns error"); + + /* This method cannot block. */ + res= mysql_use_result(&mysql); + if (!res) + fatal(&mysql, "mysql_use_result() returns error"); + + for (;;) { + status= mysql_fetch_row_start(&row, res); + while (status) { + status= wait_for_mysql(&mysql, status); + status= mysql_fetch_row_cont(&row, res, status); + } + if (!row) + break; + printf("%s: %s\n", row[0], row[1]); + } + if (mysql_errno(&mysql)) + fatal(&mysql, "Got error while retrieving rows"); + mysql_free_result(res); + mysql_close(&mysql); +} + +/* Helper function to do the waiting for events on the socket. */ +static int wait_for_mysql(MYSQL *mysql, int status) { + struct pollfd pfd; + int timeout, res; + + pfd.fd = mysql_get_socket(mysql); + pfd.events = + (status & MYSQL_WAIT_READ ? POLLIN : 0) | + (status & MYSQL_WAIT_WRITE ? POLLOUT : 0) | + (status & MYSQL_WAIT_EXCEPT ? POLLPRI : 0); + if (status & MYSQL_WAIT_TIMEOUT) + timeout = 1000*mysql_get_timeout_value(mysql); + else + timeout = -1; + res = poll(&pfd, 1, timeout); + if (res == 0) + return MYSQL_WAIT_TIMEOUT; + else if (res < 0) + return MYSQL_WAIT_TIMEOUT; + else { + int status = 0; + if (pfd.revents & POLLIN) status |= MYSQL_WAIT_READ; + if (pfd.revents & POLLOUT) status |= MYSQL_WAIT_WRITE; + if (pfd.revents & POLLPRI) status |= MYSQL_WAIT_EXCEPT; + return status; + } +} +``` diff -Nru mariadb-11.8.6/libmariadb/docs/generic_api.md mariadb-11.8.8/libmariadb/docs/generic_api.md --- mariadb-11.8.6/libmariadb/docs/generic_api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/generic_api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,84 @@ +## Generic API Reference + +* [mariadb_cancel](mariadb_cancel) - Immediately aborts a connection +* [mariadb_connect](mariadb_connect) - Connect using a connection string +* [mariadb_connection](mariadb_connection) - Check if the client is connected to a MariaDB database server +* [mariadb_convert_string](mariadb_convert_string) - Converts a string into different character set +* [mariadb_field_attr](mariadb_field_attr) - Returns extended metadata information for pluggable field types +* [mariadb_get_info](mariadb_get_info) - retrieves generic or connection related information +* [mariadb_get_infov](mariadb_get_infov) - retrieves generic or connection related information +* [mariadb_reconnect](mariadb_reconnect) - reconnects to a server +* [mysql_affected_rows](mysql_affected_rows) - returns the number of rows affected by the last operation +* [mysql_autocommit](mysql_autocommit) - Toggles autocommit mode +* [mysql_change_user](mysql_change_user) - changes user and default database +* [mysql_character_set_name](mysql_character_set_name) - Returns the character set in use +* [mysql_client_find_plugin](mysql_client_find_plugin) - Finds a plugin by name +* [mysql_close](mysql_close) - Closes a previously opened connection +* [mysql_commit](mysql_commit) - Commits the current transaction +* [mysql_data_seek](mysql_data_seek) - seeks to an offset +* [mysql_debug](mysql_debug) - Enable debug output +* [mysql_dump_debug_info](mysql_dump_debug_info) - Write debug information into server error log +* [mysql_embedded](mysql_embedded) - Determines if C/C is running with embedded server +* [mysql_eof](mysql_eof) - Determines end of a result set (deprecated) +* [mysql_errno](mysql_errno) - Returns last error number +* [mysql_error](mysql_error) - Returns last error string +* [mysql_fetch_field](mysql_fetch_field) - Returns the definition of one column of a result set +* [mysql_fetch_field_direct](mysql_fetch_field_direct) - Returns a pointer to a MYSQL_FIELD structure +* [mysql_fetch_fields](mysql_fetch_fields) - returns an array of fields +* [mysql_fetch_lengths](mysql_fetch_lengths) - returns an array of length values for the current row +* [mysql_fetch_row](mysql_fetch_row) - fetches row of data from result set +* [mysql_field_count](mysql_field_count) - returns the number of columns for the most recent statement +* [mysql_field_seek](mysql_field_seek) - sets the field cursor to given offset +* [mysql_field_tell](mysql_field_tell) - Returns offset of the field cursor +* [mysql_free_result](mysql_free_result) - Frees result set +* [mysql_get_character_set_info](mysql_get_character_set_info) - returns character set information +* [mysql_get_charset_by_name](mysql_get_charset_by_name) - returns character set information for specified character set name. +* [mysql_get_charset_by_nr](mysql_get_charset_by_nr) - returns character set information for specified character set number. +* [mysql_get_client_info](mysql_get_client_info) - returns client library version as string representation +* [mysql_get_client_version](mysql_get_client_version) - returns client version number +* [mysql_get_host_info](mysql_get_host_info) - Returns host information +* [mysql_get_parameters](mysql_get_parameters) - Return packet size information +* [mysql_get_proto_info](mysql_get_proto_info) - Returns protocol version number +* [mysql_get_server_info](mysql_get_server_info) - Returns server version as string +* [mysql_get_server_version](mysql_get_server_version) - returns numeric server version +* [mysql_get_socket](mysql_get_ssl_cipher) - returns the socket descriptor for current connection +* [mysql_get_ssl_cipher](mysql_get_ssl_cipher) - returns the cipher suite in use +* [mysql_get_timeout_value](mysql_get_timeout_value) - returns the timeout value for asynchronous operations in seconds +* [mysql_get_timeout_value_ms](mysql_get_timeout_value_ms) - returns the timeout value for asynchronous operations in milliseconds +* [mysql_hex_string](mysql_hex_string) - create a hexadecimal string +* [mysql_info](mysql_info) - provides information about the last executed statement +* [mysql_init](mysql_init) - Prepares and initializes a ```MYSQL``` structure +* [mysql_insert_id](mysql_insert_id) - Returns auto generated ID. +* [mysql_kill](mysql_kill) - Kills a connection +* [mysql_load_plugin](mysql_load_plugin) - Loads and initializes a plugin +* [mysql_more_results](mysql_more_results) - indicates if one or more results are available +* [mysql_net_field_length](mysql_net_field_length) - Returns the length of a length encoded field +* [mysql_net_read_packet](mysql_net_read_packet) - Reads an incoming data packet from server +* [mysql_next_result](mysql_next_result) - prepares next result set +* [mysql_num_fields](mysql_num_fields) - Returns number of fields in a result set +* [mysql_num_rows](mysql_num_rows) - Returns number of rows in a result set. +* [mysql_options4](mysql_options4) - Used to set extra connect options and affect behavior of a connection +* [mysql_options](mysql_options) - Used to set extra connect options and affect behavior of a connection +* [mysql_optionsv](mysql_optionsv) - Used to set extra connect options and affect behavior of a connection +* [mysql_ping](mysql_ping) - checks if the connection between client and server is working +* [mysql_query](mysql_query) - executes a null terminated statement string +* [mysql_read_query_result](mysql_read_query_result) - Waits for a server result or response package +* [mysql_real_connect](mysql_real_connect) - establishes a connection to a MariaDB database server +* [mysql_real_escape_string](mysql_real_escape_string) - escape string by taking into account character set of connection +* [mysql_real_query](mysql_real_query) - execute a statement (binary safe) +* [mysql_refresh](mysql_refresh) - flushes information on the server +* [mysql_reset_connection](mysql_reset_connection) - Resets connection and clears session state +* [mysql_rollback](mysql_rollback) - Rolls back the current transaction +* [mysql_select_db](mysql_select_db) - selects a database as default +* [mysql_set_character_set](mysql_set_character_set) - Sets the default client character set +* [mysql_send_query](mysql_send_query) - Sends a SQL statement without waiting for server response +* [mysql_server_end](mysql_server_end) - Called when finished using MariaDB Connector/C +* [mysql_server_init](mysql_server_init) - Initializes library +* [mysql_session_track_get_first](mysql_session_track_get_first) - Retrieves first session status change information +* [mysql_session_track_get_next](mysql_session_track_get_next) - Retrieves the next session status change information +* [mysql_set_local_infile_default](mysql_set_local_infile_default) - Sets local infile callback functions to default +* [mysql_set_local_infile_handler](mysql_set_local_infile_handler) - Registers callback functions for LOAD DATA LOCAL INFILE +* [mysql_ssl_set](mysql_ssl_set) - Set TLS/SSL options +* [mysql_store_result](mysql_store_result) - returns a buffered result set +* [mysql_thread_safe](mysql_thread_safe) - indicates whether the Connector/C library was compiled as thread safe +* [mysql_use_result](mysql_use_result) - returns an unbuffered result set diff -Nru mariadb-11.8.6/libmariadb/docs/install.md mariadb-11.8.8/libmariadb/docs/install.md --- mariadb-11.8.6/libmariadb/docs/install.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/install.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,5 @@ +## Builing and installing MariaDB Connector/C + +* [Prerequisites](prerequisites) +* [Configuration options](configuration_options) +* [Compiling MariaDB Connector/C](compiling) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/libmysql_compat.md mariadb-11.8.8/libmariadb/docs/libmysql_compat.md --- mariadb-11.8.6/libmariadb/docs/libmysql_compat.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/libmysql_compat.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,160 @@ +# Compatibility with MySQL Connector/C (libmysql) + +## History and License + +Even if MariaDB Connector/C and MySQL Connector/C have common roots (namely the version 3.23.51 from the year 2003 which was published under the LGPL), both have some differences. + +While MySQL Connector/C (or libmysql) was further developed under the GPL, MariaDB Connector/C was newly developed based on MySQL 3.23.51. +Major enhancements, such as the prepared statement API and numerous protocol extensions have been integrated from mysqlnd extension of the PHP project. The first version of MariaDB Connector/C was released in 2012. + + In contrast to MySQL Connector/C, MariaDB Connector/C is licensed under the LGPL license and thus can be integrated and used free of charge in almost all (including commercial/closed source) projects. + +## API + +API functions which are supported by both MySQL and MariaDB Connector/C are prefixed with "mysql", MariaDB specific features are prefixed with "mariadb". + +**Example:** + +* `mysql_real_connect` +* `mariadb_stmt_execute_direct` + +No rule without exception: For example, the mysql_optionsv function only exists in MariaDB Connector / C. It was added as an extension of the existing mysql_options function to allow a function call with a variable number of parameters. + +### Unsupported API functions + +#### Unsupported functions in MariaDB Connector/C +* `mysql_reset_server_public_key` +* `mysql_result_metadata` (scheduled for MariaDB C/C 3.1) +* `mysql_binlog_*` (The binlog replication API in MariaDB C/C 3.1 has a different interface) + +#### Unsupported functions in MySQL Connector/C +* `mariadb_connection` +* `mysql_optionsv` +* `mysql_get_infov` +* `mariadb_reconnect` +* `mariadb_cancel` +* `mariadb_stmt_execute_direct` +* `mysql_stmt_warning_count` +* `mysql_get_timeout_value/ms` +* `mariadb_dyncol-*` (dynamic column api) +* `mysql_async_*` (asynchronous/non-blocking API) +* `mariadb_rpl_*` (replication/binlog API) + +## Protocol + +Especially in the last versions (MySQL C/C> = 5.7 and MariaDB C/C> = 3.0) some protocol extensions were added which are not or only partially supported: + +|Protocol|MySQL C/C|MariaDB C/C| +|---|---|---| +|X-Protocol|X|-| +|Extended OK packet|X|- (scheduled for 3.1)| +|Prepared statement bulk insert|-|X| +|Prepared statemnt direct execution|-|X| + +## Client authentication plugins +Both MySQL and MariaDB Connector/C support different kind of plugable client authentication plugins: + +| Authentication plugin | MySQL C/C | MariaDB C/C| +|--|--|--| +|Native password | X | X | +|Old password | X (removed in newer versions) | X | +|Cleartext | X | X | +|Dialog| X | X | +|SHA256| X | X¹ | +|Caching SHA2| X | X¹ | +|Kerberos/GSSAPI| - | X | +|ed25519| - | X | + +¹= requires OpenSSL, LibreSSL or GnuTLS + +## Security/TLS (Transport layer security protocol) +Both MySQL and MariaDB Connector/C support secure connection using the TLS protocol, however with some differences: + +### Supported TLS libraries + +|TLS library|MySQL C/C|MariaDB C/C| +|--|--|--| +| OpenSSL | X | X | +| LibreSSL | X | X | +| GnuTLS | - | X | +| Windows Schannel | - | X | +| WolfSSL | X | -²| +| Yassl | X | -²| + +²= license incompatible + +### Supported TLS protocols +|Protocol version|MySQL C/C|MariaDB C/C| +|--|--|--| +|SSLv3| x (yassl only) | - | +|TLSv1.0| X | X +|TLSv1.1| X | X +|TLSv1.2| X (not yassl)| X +|TLSv1.3| X (not yassl)| X + +### Supported TLS features +| Feature|MySQL C/C| MariaDB C/C| +|--|--|--| +| ssl mode | X | - | +| server certificate verification | X | X | +| passphrase protected keys | - | X | +| force use of tls version | - | X | +| certificate finger print verification| - | X | + +## Coding hints + +### General advice +* Consider structures to be opaque +* * don't access internal members, e.g. like `mysql->reconnect` +* * instead use mysql_optionsv/mysql_get_optionsv for setting or retrieving information +* If there is no api function or option available for retrieving internal information, file a task in Jira system +* Don't include other files than `mysql.h` (unless you need some special API like dynamic columns or you're writing a client plugin using the client plugin interface) + +### Detecting server and client library type + +Often, an application will be able to build with both MariaDB or MySQL Connector/C and to connect either to a MySQL or a MariaDB server. In this case often it is necessary to determine the type of the server and/or the client library in use. + +#### MariaDB or MySQL server? +Using MariaDB Connector/C it's quite simple to detect if the application is connected to MariaDB or MySQL server by using the API function `mariadb_connection()`: + +```C + if (mysql && mariadb_connection(mysql)) + printf("We're connected to a MariaDB database server"); +``` + +When using MySQL Connector/C or you application supports both Connectors, the server version needs to be retrieved by `mysql_get_server_info()` and the returned string must be checked if it contains the string "mariadb": + +```C +char *server_version= mysql_get_server_info(mysql); +if (strstr(mysql->server_version, "MariaDB") || + strstr(mysql->server_version, "-maria-")) + printf("Connected to a MariaDB server\n"); +``` +#### MySQL or MariaDB Connector/C ? +Due to some differences an application often needs to check which connector is in use. + +##### Detecting Connector at compile time +The simplest solution to detect the type of connector at compile time is to check if the preprocessor definition `MARIADB_BASE_VERSION` is defined: + +```C +#ifdef MARIADB_BASE_VERSION + const char *client_library= "MariaDB Connector/C"; +#else + const char *client_library= "MySQL Connector/C"; +#endif +``` +##### Detecting Connector type at run time +Since neither MySQL nor MariaDB Connector/C offer an API function to detect the type of the connector, detection is a little bit more tricky: The option `MYSQL_PROGRESS_CALLBACK` is available in MariaDB C/C only - passing it to mysql_options will result in an error, in case MySQL C/C is used: + +```C +#ifndef MARIADB_BASE_VERSION + #define MYSQL_PROGRESS_CALLBACK 5999 +#endif + +if (mysql_options(mysql, MYSQL_PROGRESS_CALLBACK, NULL)) + /* MYSQL_PROGRESS_CALLBACK is not defined in MySQL Connector/C, + therefore mysql_options() will return an error */ + printf("using MySQL Connector/C\n"); +else + printf("using MariaDB Connector/C\n"); +``` diff -Nru mariadb-11.8.6/libmariadb/docs/libmysql_libmariadb.md mariadb-11.8.8/libmariadb/docs/libmysql_libmariadb.md --- mariadb-11.8.6/libmariadb/docs/libmysql_libmariadb.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/libmysql_libmariadb.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,160 @@ +# Differences between MariaDB and MySQL Connector/C + +## History and License + +Even if MariaDB Connector/C and MySQL Connector/C have common roots (namely the version 3.23.51 from the year 2003 which was published under the LGPL), both have some differences. + +While MySQL Connector/C (or libmysql) was further developed under the GPL, MariaDB Connector/C was newly developed based on MySQL 3.23.51. +Major enhancements, such as the prepared statement API and numerous protocol extensions have been integrated from mysqlnd extension of the PHP project. The first version of MariaDB Connector/C was released in 2012. + + In contrast to MySQL Connector/C, MariaDB Connector/C is licensed under the LGPL license and thus can be integrated and used free of charge in almost all (including commercial/closed source) projects. + +## API + +API functions which are supported by both MySQL and MariaDB Connector/C are prefixed with "mysql", MariaDB specific features are prefixed with "mariadb". + +**Example:** + +* `mysql_real_connect` +* `mariadb_stmt_execute_direct` + +No rule without exception: For example, the mysql_optionsv function only exists in MariaDB Connector / C. It was added as an extension of the existing mysql_options function to allow a function call with a variable number of parameters. + +### Unsupported API functions + +#### Unsupported functions in MariaDB Connector/C +* `mysql_reset_server_public_key` +* `mysql_result_metadata` (scheduled for MariaDB C/C 3.1) +* `mysql_binlog_*` (The binlog replication API in MariaDB C/C 3.1 has a different interface) + +#### Unsupported functions in MySQL Connector/C +* `mariadb_connection` +* `mysql_optionsv` +* `mysql_get_info` +* `mariadb_reconnect` +* `mariadb_cancel` +* `mariadb_stmt_execute_direct` +* `mysql_stmt_warning_count` +* `mysql_get_timeout_value/ms` +* `mariadb_dyncol-*` (dynamic column api) +* `mysql_async_*` (asynchronous/non-blocking API) +* `mariadb_rpl_*` (replication/binlog API) + +## Protocol + +Especially in the last versions (MySQL C/C> = 5.7 and MariaDB C/C> = 3.0) some protocol extensions were added which are not or only partially supported: + +|Protocol|MySQL C/C|MariaDB C/C| +|---|---|---| +|X-Protocol|X|-| +|Extended OK packet|X|- (scheduled for 3.1)| +|Prepared statement bulk insert|-|X| +|Prepared statemnt direct execution|-|X| + +## Client authentication plugins +Both MySQL and MariaDB Connector/C support different kind of plugable client authentication plugins: + +| Authentication plugin | MySQL C/C | MariaDB C/C| +|--|--|--| +|Native password | X | X | +|Old password | X (removed in newer versions) | X | +|Cleartext | X | X | +|Dialog| X | X | +|SHA256| X | X¹ | +|Caching SHA2| X | X¹ | +|Kerberos/GSSAPI| - | X | +|ed25519| - | X | + +¹= requires OpenSSL, LibreSSL or GnuTLS + +## Security/TLS (Transport layer security protocol) +Both MySQL and MariaDB Connector/C support secure connection using the TLS protocol, however with some differences: + +### Supported TLS libraries + +|TLS library|MySQL C/C|MariaDB C/C| +|--|--|--| +| OpenSSL | X | X | +| LibreSSL | X | X | +| GnuTLS | - | X | +| Windows Schannel | - | X | +| WolfSSL | X | -²| +| Yassl | X | -²| + +²= license incompatible + +### Supported TLS protocols +|Protocol version|MySQL C/C|MariaDB C/C| +|--|--|--| +|SSLv3| x (yassl only) | - | +|TLSv1.0| X | X +|TLSv1.1| X | X +|TLSv1.2| X (not yassl)| X +|TLSv1.3| X (not yassl)| X + +### Supported TLS features +| Feature|MySQL C/C| MariaDB C/C| +|--|--|--| +| ssl mode | X | - | +| server certificate verification | X | X | +| passphrase protected keys | - | X | +| force use of tls version | - | X | +| certificate finger print verification| - | X | + +## Coding hints + +### General advice +* Consider structures to be opaque +* * don't access internal members, e.g. like `mysql->reconnect` +* * instead use mysql_optionsv/mysql_get_optionsv for setting or retrieving information +* If there is no api function or option available for retrieving internal information, file a task in Jira system +* Don't include other files than `mysql.h` (unless you need some special API like dynamic columns or you're writing a client plugin using the client plugin interface) + +### Detecting server and client library type + +Often, an application will be able to build with both MariaDB or MySQL Connector/C and to connect either to a MySQL or a MariaDB server. In this case often it is necessary to determine the type of the server and/or the client library in use. + +#### MariaDB or MySQL server? +Using MariaDB Connector/C it's quite simple to detect if the application is connected to MariaDB or MySQL server by using the API function `mariadb_connection()`: + +```C + if (mysql && mariadb_connection(mysql)) + printf("We're connected to a MariaDB database server"); +``` + +When using MySQL Connector/C or you application supports both Connectors, the server version needs to be retrieved by `mysql_get_server_info()` and the returned string must be checked if it contains the string "mariadb": + +```C +char *server_version= mysql_get_server_info(mysql); +if (strstr(mysql->server_version, "MariaDB") || + strstr(mysql->server_version, "-maria-")) + printf("Connected to a MariaDB server\n"); +``` +#### MySQL or MariaDB Connector/C ? +Due to some differences an application often needs to check which connector is in use. + +##### Detecting Connector at compile time +The simplest solution to detect the type of connector at compile time is to check if the preprocessor definition `MARIADB_BASE_VERSION` is defined: + +```C +#ifdef MARIADB_BASE_VERSION + const char *client_library= "MariaDB Connector/C"; +#else + const char *client_library= "MySQL Connector/C"; +#endif +``` +##### Detecting Connector type at run time +Since neither MySQL nor MariaDB Connector/C offer an API function to detect the type of the connector, detection is a little bit more tricky: The option `MYSQL_PROGRESS_CALLBACK` is available in MariaDB C/C only - passing it to mysql_options will result in an error, in case MySQL C/C is used: + +```C +#ifndef MARIADB_BASE_VERSION + #define MYSQL_PROGRESS_CALLBACK 5999 +#endif + +if (mysql_options(mysql, MYSQL_PROGRESS_CALLBACK, NULL)) + /* MYSQL_PROGRESS_CALLBACK is not defined in MySQL Connector/C, + therefore mysql_options() will return an error */ + printf("using MySQL Connector/C\n"); +else + printf("using MariaDB Connector/C\n"); +``` diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_cancel.md mariadb-11.8.8/libmariadb/docs/mariadb_cancel.md --- mariadb-11.8.6/libmariadb/docs/mariadb_cancel.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_cancel.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mariadb_cancel - Immediately aborts a connection + +## Synopsis +```C +#include + +int mariadb_cancel(MYSQL * mysql); +``` + +## Description +Immediately aborts a connection by making all subsequent read/write operations fail. +`mariadb_cancel()` does not invalidate memory used for `mysql` structure, nor close any communication channels. To free the memory, [mysql_close()](mysql_close) must be called. +`mariadb_cancel()` is useful to break long queries in situations where sending KILL is not possible. + +### Parameter +`mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Returns zero on success or a non-zero value on error. + +## History +`mariadb_cancel()` was added in Connector/C 3.0 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_config.md mariadb-11.8.8/libmariadb/docs/mariadb_config.md --- mariadb-11.8.6/libmariadb/docs/mariadb_config.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_config.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,56 @@ +## mariadb_config + +On Posix platforms MariaDB Connector/C provides the mariadb_config binary which provides necessary information to build client applications with MariaDB Connector/C. + +### Options + +All options returned are tied to the compiler and linker which were used to build MariaDB Connector/C. They might be not compatible if you use a different compiler or linker. + +* `--clags` +C compiler flags and include file settings. If no special include file settings were specified, this option is identical to `--include` option + +* `--include` +returns the compiler options for finding MariaDB Connector/C include files + +* `--libs, --libs_r` +returns the required options to link with MariaDB Connector/C. MariaDB Connector/C is always build thread safe, so the output of both options is the same. + +* `--libs_sys` +returns the system libraries used to link with MariaDB Connector/C. + +* `--version` +returns the version number. This version number corresponds to the MariaDB server package. + +* `--cc_version` +returns the version number of MariaDB Connector/C. + +* `--socket` +returns the default location for unix socket file + +* `--port` +returns the default port for connection to MariaDB server. + +* `--plugindir` +returns the location of the installed client plugins of MariaDB Connector/C. + +* `--tlsinfo` +returns the TLS/crypto library and version number in use. + +When executing `mariadb_config` without specifying an option a list of all options and their values will be returned: +``` +$> mariadb_config +Copyright 2011-2019 MariaDB Corporation AB +Get compiler flags for using the MariaDB Connector/C. +Usage: mariadb_config [OPTIONS] + --cflags [-I/usr/local/include/mariadb -I/usr/local/include/mariadb/mysql] + --include [-I/usr/local/include/mariadb -I/usr/local/include/mariadb/mysql] + --libs [-L/usr/local/lib/mariadb/ -lmariadb -ldl -lm -lpthread -lssl -lcrypto] + --libs_r [-L/usr/local/lib/mariadb/ -lmariadb -ldl -lm -lpthread -lssl -lcrypto] + --libs_sys [-ldl -lm -lpthread -lssl -lcrypto] + --version [10.3.6] + --cc_version [3.0.10] + --socket [/tmp/mysql.sock] + --port [3306] + --plugindir [/usr/local/lib/mariadb/plugin] + --tlsinfo [OpenSSL 1.1.1] +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_connect.md mariadb-11.8.8/libmariadb/docs/mariadb_connect.md --- mariadb-11.8.6/libmariadb/docs/mariadb_connect.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_connect.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,37 @@ +## Name +mariadb_connect - Connect to a database server using a connection string + +## Synopsis +```C +#include + +MYSQL *mariadb_connect(MYSQL * mysql, const char *conn_str); +``` + +## Description +Establishes a connection to a database using the parameters in connection string. +### Parameter +- `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +- `conn_str`- Connection string, containig connection parameters. A connection string contains key/value pairs, separated by a semicolon as used in ODBC. Supported keys are all configuration options which can be used in MariaDB configuration files. For a complete list check the chapter [configuration files](config_files). + +## Return value +Returns a MYSQL * handle or NULL on error. + +## Note +- The connection string must contain at least one semicolon, otherwise +it wil be interpreted as hostname. +- Unknown or invalid keys will be ignored +- `mariadb_connect` is not a function, but a macro which maps to mysql_real_connect: +```#define mariadb_connect(mysql, conn_str) mysql_real_connect((mysql),(conn_str), NULL, NULL, NULL, 0, NULL, 0)``` + +## Example +``` +if (!mariadb_connect(mysql, "host=localhost;database=test;ssl_enforce=1")) +{ + printf("Error: %s\n", mysql_error(mysql)); + return 1; +} +``` + +## History +`mariadb_connect()` was added in Connector/C 3.3.0 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_connection.md mariadb-11.8.8/libmariadb/docs/mariadb_connection.md --- mariadb-11.8.6/libmariadb/docs/mariadb_connection.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_connection.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mariadb_connection - checks if the client is connected to a MariaDB database server + +## Synopsis +```C +#include + +my_bool mariadb_connection(MYSQL * mysql); +``` + +## Description +Checks if the client is connected to a MariaDB or MySQL database server. + +### Parameter +`mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Returns a non zero value if connected to a MariaDB database server, otherwise zero. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_convert_string.md mariadb-11.8.8/libmariadb/docs/mariadb_convert_string.md --- mariadb-11.8.6/libmariadb/docs/mariadb_convert_string.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_convert_string.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,16 @@ +## Name +mariadb_convert_string - Converts a string in to a different character set +## Synopsis +```C +#include + +size_t mariadb_convert_string(const char *from __attribute__((unused)), + size_t *from_len __attribute__((unused)), + MARIADB_CHARSET_INFO *from_cs __attribute__((unused)), + char *to __attribute__((unused)), + size_t *to_len __attribute__((unused)), + MARIADB_CHARSET_INFO *to_cs __attribute__((unused)), int *errorcode) +``` + +## Note +This function is deprecated and will be removed in future versions. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_check.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_check.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_check.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_check.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mariadb_dyncol_check - Checks if a dynamic column has correct format + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_check(DYNAMIC_COLUMN *str); +``` +## Description +The function `mariadb_dyncol_check()` checks if a dynamic column has correct format. This can be used e.g. to check if a blob contains a dynamic column. + +## Parameter +* `str`- pointer to a `DYNAMIC_COLUMN` structure. + +## Return value +Returns `ER_DYNCOL_OK` if the dynamic column has correct format, otherwise `ER_DYNCOL_FORMAT`. + +## See also +* [mariadb_dyncol_count()](mariadb_dyncol_count) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_column_cmp_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_cmp_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_column_cmp_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_cmp_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mariadb_dyncol_column_cmp_named - Compare two column names + +## Synopsis +```C +#include + +int mariadb_dyncol_column_cmp_named(const MYSQL_LEX_STRING *s1, + const MYSQL_LEX_STRING *s2); +``` + +## Description +Compares two dynamic column keys represented as a pointer to a `MYSQL_LEX_STRING` structure. + +## Parameter +* `s1` - First key +* `s2` - Second key + +## Return value +Returns an integer less than, equal to, or greater than zero if the first bytes of `s1` is found, respectively, to be less than, to match, or be greater than the first bytes of `s2`. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_column_count.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_count.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_column_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_column_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mariadb_dyncol_column_count - Get number of columns in dynamic column blob +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_column_count(DYNAMIC_COLUMN *str, + unsigned int *column_count); +``` +## Description +Gets the number of columnns in a dynamic column blob. + +## Parameter +* `*str` - A pointer to a `DYNAMIC_COLUMN` structure +* `column_count` - An unsigned integer pointer where the number of columns will be stored. + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* `mariadb_dyncol_column_count()` doesn't count NULL values. + +## See also +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_create_many_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_create_many_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,35 @@ +## Name +mariadb_dyncol_create_many_named - Creates a dynamic column with named keys + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_create_many_named(DYNAMIC_COLUMN *str, + uint column_count, + MYSQL_LEX_STRING *column_keys, + DYNAMIC_COLUMN_VALUE *values, + my_bool new_string); +``` + +## Description +Create a dynamic column from arrays of values and names. + +## Parameter +* `*str` - A pointer to a dynamic column structure +* `column_count` - number of columns +* `*column_keys` - an array of column keys +* `*values` - an array of values +* `new_string` - if set `str` will be reinitialized (not freed) before usage + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* To delete, update or insert new columns into an existing dynamic column use [mariadb_dyncol_update_many_named](mariadb_dyncol_update_many_named) function + +## See also +* [mariadb_dyncol_create_many_num](mariadb_dyncol_create_many_num) +* [mariadb_dyncol_update_many_named](mariadb_dyncol_update_many_named) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_create_many_num.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_num.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_create_many_num.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_create_many_num.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,35 @@ +## Name +mariadb_dyncol_create_many_num - Creates a dynamic column with numeric keys + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_create_many_num(DYNAMIC_COLUMN *str, + uint column_count, + uint *column_numbers, + DYNAMIC_COLUMN_VALUE *values, + my_bool new_string); +``` + +## Description +Create a dynamic column from arrays of values and numbérs + +## Parameter +* `*str` - A pointer to a dynamic column structure +* `column_count` - number of columns +* `*column_numbers` - an array of column numbers +* `*values` - an array of values +* `new_string` - if set `str` will be reinitialized (not freed) before usage + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* To delete, update or insert new columns into an existing dynamic column use [mariadb_dyncol_update_many_num](mariadb_dyncol_update_many_num) function + +## See also +* [mariadb_dyncol_create_many_named](mariadb_dyncol_create_many_named) +* [mariadb_dyncol_update_many_num](mariadb_dyncol_update_many_num) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_errors.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_errors.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_errors.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_errors.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,15 @@ +## Dynamic Column Error Codes + +Error codes are defined as enum in `enum enum_dyncol_func_result`. + +|Value | Name | Description +|-|-|- +| 0 | `ER_DYNCOL_OK` | OK +| 0 | `ER_DYNCOL_NO` | (the same as `ER_DYNCOL_OK` but for functions which return a YES/NO) +| 1 | `ER_DYNCOL_YES` | YES response or success +| 2 | `ER_DYNCOL_TRUNCATED` | Operation succeeded but the data was truncated +| -1 | `ER_DYNCOL_FORMAT` | Wrong format of the encoded string +| -2 | `ER_DYNCOL_LIMIT` | A limit of implementation reached +| -3 | `ER_DYNCOL_RESOURCE` | Out of resources +| -4 | `ER_DYNCOL_DATA` | Incorrect input data +| -5 | `ER_DYNCOL_UNKNOWN_CHARSET` | Unknown character set \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_exists_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_exists_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mariadb_dyncol_exists_named - Check if column with given name exists. + +## Synopsis +```C +enum enum_dyncol_func_result +mariadb_dyncol_exists_named(DYNAMIC_COLUMN *str, + MYSQL_LEX_STRING *column_key); +``` + +## Description +Checks if a column with the specified column key exists. + +## Parameter +* `*str` - Dynamic column +* `*column_key` - The column key to search for + +## Return value +Returns `ER_DYNCOL_YES` if a column with given key exists, `ER_DYNCOL_NO` if no column exists or error. + +## See also +* [mariadb_dyncol_exists_num](mariadb_dyncol_exists_num) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_exists_num.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_num.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_exists_num.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_exists_num.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mariadb_dyncol_exists_num - Check if column with given number exists. + +## Synopsis +```C +enum enum_dyncol_func_result +mariadb_dyncol_exists_num(DYNAMIC_COLUMN *str, + uint column_number); +``` + +## Description +Checks if a column with the specified column key exists. + +## Parameter +* `*str` - Dynamic column +* `column_number` - The column number to search for + +## Return value +Returns `ER_DYNCOL_YES` if a column with given number exists, `ER_DYNCOL_NO` if no column exists or error. + +## See also +* [mariadb_dyncol_exists_named](mariadb_dyncol_exists_named) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_free.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_free.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_free.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_free.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mariadb_dyncol_free - Free memory inside packed blob + +## Synopsis +```C +#include + +void mariadb_dyncol_free(DYNAMIC_COLUMN *str) +``` +## Description +Frees memory associated by the specified dynamic column + +## Parameter +* `*str` - A pointer to a `DYNAMIC_COLUMN` structure + +## Notes +* `mariadb_dyncol_free()` doesn't free the memory of the passed `DYNAMIC_COLUMN` structure but all memory of stored columns. + +## See also +* [mariadb_dyncol_init()](mariadb_dyncol_init) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_get_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_get_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mariadb_dyncol_get_name - Get value of a column with given key + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_get_named(DYNAMIC_COLUMN *str, + LEX_STRING *key, + DYNAMIC_COLUMN_VALUE *store_it_here) + +``` + +## Description +Returns a dynamic column value by given key + +## Parameter +* `str`: Dynamic column +* `name`: Name to search for +* `value`: Value of dynamic column + +## Return value +Returns `ER_DYNCOL_OK`on success, otherwise error. If the column name could not be found, value will be NULL + +## See also +* [mariadb_dyncol_get_num()](mariadb_dyncol_get_num) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_get_num.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_num.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_get_num.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_get_num.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mariadb_dyncol_get_num - Get value of a column with given number + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_get_num(DYNAMIC_COLUMN *str, + uint column_nr, + DYNAMIC_COLUMN_VALUE *store_it_here) + +``` + +## Description +Returns a dynamic column value by given number + +## Parameter +* `str`: Dynamic column +* `column_nr`: Number of column +* `value`: Value of dynamic column + +## Return value +Returns `ER_DYNCOL_OK`on success, otherwise error. If the column number could not be found, value will be NULL + +## See also +* [mariadb_dyncol_get_named()](mariadb_dyncol_get_named) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_has_names.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_has_names.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_has_names.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_has_names.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mariadb_dyncol_has_names - Checks if dynamic column uses named keys + +## Synopsis +```C +#include + +my_bool mariadb_dyncol_has_names(DYNAMIC_COLUMN *str) +``` + +## Description +Checks if the specified dynamic column uses named keys. + +## Parameter +* `str`: Dynamic column + +## Return value +Returns 1 if the specified dynamic column uses named keys, otherwise zero. + +## See also +* [mariadb_dyncol_get_named()](mariadb_dyncol_get_named) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_init.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_init.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mariadb_dyncol_init - Initializes a dynamic column + +## Synopsis +```C +#include + +void mariadb_dyncol_init(DYNAMIC_COLUMN *str) +``` +## Description +The `mariadb_dyncol_init()` macro initializes a dynamic column. + +## Parameter +* `*str` - A pointer to a `DYNAMIC_COLUMN` structure + +## Notes +* `mariadb_dyncol_init()` doesn't allocate any memory, therefore you either need to allocate memory before or pass the address of a `DYNAMIC_COLUMN` structure. + +## See also +* [mariadb_dyncol_free()](mariadb_dyncol_free) +* [mariadb_dyncol_value_init()](mariadb_dyncol_value_init) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_json.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_json.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_json.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_json.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mariadb_dyncol_json - Get content of a dynamic column in JSON format + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_json(DYNAMIC_COLUMN *str, + DYNAMIC_STRING *json) +``` + +## Description +Get content of a dynamic column in JSON format. + +## Parameter +* `*str` - Dynamic column +* `*json` - Pointer to a dynamic string which contains json output + +## Return value +Returns `ER_DYNCOL_OK`on success, otherwise error. + +## See also +* [mariadb_dyncol_list_json()](mariadb_dyncol_list_json) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_json.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_json.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_json.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_json.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mariadb_dyncol_list_json - Converts a dynamic column into JSON format + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_json(DYNAMIC_COLUMN *str, + DYNAMIC_STRING *json); + +``` + +## Description +Converts a dynamic column into JSON format. + +## Parameter +* `*str` - Dynamic column +* `*json` - Pointer to a dynamic string which contains json format + +## Return value +Returns `ER_DYNCOL_OK`on success, otherwise error. + +## See also +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mariadb_dyncol_list_named - Lists column keys in dynamic column + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_list_named(DYNAMIC_COLUMN *str, + uint *column_count, + MYSQL_LEX_STRING **column_keys); +``` + +## Description +Lists the column keys inside a dynamic column. + +## Notes +* The application program needs to free the allocated memory for `column_count` and `column_keys` parameter. + +## Parameter +* `*str` - Dynamic column +* `*column_count` - A pointer to an unsigned integer which stores the number of columns +* `**column_keys` - A pointer to an array of column keys, which stores the keys + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## See also +* [mariadb_dyncol_list_num](mariadb_dyncol_list_num) +* [mariadb_dyncol_list_json](mariadb_dyncol_list_json) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_num.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_num.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_list_num.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_list_num.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mariadb_dyncol_list_num - Lists numeric column keys in dynamic column + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_list_named(DYNAMIC_COLUMN *str, + uint *column_count, + uint **column_numbers); +``` + +## Description +Lists the column numbers inside a dynamic column. + +## Parameter +* `*str` - Dynamic column +* `*column_count` - A pointer to an unsigned integer which stores the number of columns +* `**column_numbers` - A pointer to an array of column numbers, which stores the numbers + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* The application program needs to free the allocated memory for `column_count` and `column_numbers` parameter. + +## See also +* [mariadb_dyncol_list_named](mariadb_dyncol_list_named) +* [mariadb_dyncol_list_json](mariadb_dyncol_list_json) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_unpack.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_unpack.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_unpack.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_unpack.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mariadb_dyncol_unpack - extracts keys and values of all columns + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_unpack(DYNAMIC_COLUMN *str, + uint *column_count, + MYSQL_LEX_STRING **column_keys, + DYNAMIC_COLUMN_VALUE **values); +``` + +## Description + +The `mariadb_dyncol_unpack()` function extracts all keys and values of a dynamic column. + +## Parameter +* `str` - Pointer to a `DYNAMIC_COLUMN` structure +* `column count` - Pointer to an unsigned integer which will receive the number of columns +* `column_keys` - Pointer of an array of `MYSQL_LEX_STRING` structures, which will contain the column keys +* `values` - Pointer of an array of `DYNAMIC_COLUMN_VALUE` structures, which will contain the values. + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise an error. + +## Notes +* The `column_keys` and `values` arrays will be allocated by `mariadb_dyncol_unpack()` and must be freed by application. + +## See also +* [mariadb_dyncol_get()](mariadb_dyncol_get) +* [mariadb_dyncol_list()](mariadb_dyncol_list) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_update_many_named.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_named.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_update_many_named.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_named.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mariadb_dyncol_update_many_named - Update, insert or delete values in a dynamic column + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_update_many_named(DYNAMIC_COLUMN *str, + uint column_count, + MYSQL_LEX_STRING *column_keys, + DYNAMIC_COLUMN_VALUE *values) +``` + +## Description +Add, delete or update columns in a dynamic column. + +## Parameter +* `*str` - A pointer to a dynamic column structure +* `column_count` - number of columns +* `*column_keys` - an array of column keys +* `*values` - an array of values + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* To delete a column, update its value to a "non-value" of type `DYN_COL_NULL` + +## See also +* [mariadb_dyncol_create_many_named](mariadb_dyncol_create_many_named) +* [mariadb_dyncol_update_many_num](mariadb_dyncol_update_many_num) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_update_many_num.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_num.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_update_many_num.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_update_many_num.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mariadb_dyncol_update_many_num - Update, insert or delete values in a dynamic column using numeric keys + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_update_many_num(DYNAMIC_COLUMN *str, + uint column_count, + uint *column_keys, + DYNAMIC_COLUMN_VALUE *values) +``` + +## Description +Add, delete or update columns in a dynamic column with a numeric key. + +## Parameter +* `*str` - A pointer to a dynamic column structure +* `column_count` - number of columns +* `*column_keys` - an array of column keys +* `*values` - an array of values + +## Return value +Returns `ER_DYNCOL_OK` on success, otherwise error. + +## Notes +* To delete a column, update its value to a "non-value" of type `DYN_COL_NULL` + +## See also +* [mariadb_dyncol_create_many_num](mariadb_dyncol_create_many_num) +* [mariadb_dyncol_update_many_named](mariadb_dyncol_update_many_named) +* [Dynamic Column Error Codes](dyncol_typesanddefs#error-codes) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_double.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_double.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_double.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_double.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mariadb_dyncol_val_double - Convert dynamic column value to double + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_val_double(double *dbl, DYNAMIC_COLUMN_VALUE *value) +``` + +## Description +Converts the value of a dynamic column to double. + +## Parameter +* `dbl` - A pointer to a double variable +* `value` - A pointer to a `DYNAMIC_COLUMN_VALUE` structure. + +## Return value +The function returns `ER_DYNCOL_OK` on success, `ER_DYNCOL_FORMAT` if the value cannot be converted to a double, or `ER_DYNCOL_TRUNCATED` if a truncation occurred. + +## See also +* [mariadb_dyncol_val_str()](mariadb_dyncol_val_str) +* [mariadb_dyncol_val_long()](mariadb_dyncol_val_long) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_long.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_long.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_long.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_long.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mariadb_dyncol_val_long - Convert dynamic column value to longlong. + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_val_long(longlong *ll, DYNAMIC_COLUMN_VALUE *value) +``` + +## Description +Converts the value of a dynamic column to longlong. + +## Parameter +* `ll` - A pointer to a longlong variable +* `value` - A pointer to a `DYNAMIC_COLUMN_VALUE` structure. + +## Return value +The function returns `ER_DYNCOL_OK` on success, `ER_DYNCOL_FORMAT` if the value cannot be converted to a double, or `ER_DYNCOL_TRUNCATED` if a truncation occurred. + +## See also +* [mariadb_dyncol_val_str()](mariadb_dyncol_val_str) +* [mariadb_dyncol_val_double()](mariadb_dyncol_val_double) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_str.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_str.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_val_str.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_val_str.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mariadb_dyncol_val_str - Convert dynamic column value to string + +## Synopsis +```C +#include + +enum enum_dyncol_func_result +mariadb_dyncol_val_str(DYNAMIC_STRING *str, DYNAMIC_COLUMN_VALUE *val, + MARIADB_CHARSET_INFO *cs, char quote) +``` + +## Description +Converts the value of a dynamic column to string. + +## Parameter +* `str` - A pointer to a dynamic string variable +* `value` - A pointer to a `DYNAMIC_COLUMN_VALUE` structure. +* `cs` - A pointer to a `MARIADB_CHARSET_INFO` structure +* `quote` - quote character in which the string will be enclosed. + +## Return value +The function returns `ER_DYNCOL_OK` on success, `ER_DYNCOL_FORMAT` if the value cannot be converted to a double, or `ER_DYNCOL_TRUNCATED` if a truncation occurred. + +## See also +* [mariadb_dyncol_val_double()](mariadb_dyncol_val_double) +* [mariadb_dyncol_val_long()](mariadb_dyncol_val_long) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_value_init.md mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_value_init.md --- mariadb-11.8.6/libmariadb/docs/mariadb_dyncol_value_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_dyncol_value_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mariadb_dyncol_value_init - Initializes a dynamic column value + +## Synopsis +```C +#include + +void mariadb_dyncol_value_init(DYNAMIC_COLUMN_VALUE *value) +``` + +## Description +The `mariadb_dyncol_value_init()` macro initializes a dynamic column value by setting the type to `DYNCOL_NULL`. + +## Parameter +* `value` - A pointer to a `DNYAMIC_COLUMN_VALUE` structure. + +## See also +* [mariadb_dyncol_init()](mariadb_dyncol_init) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_field_attr.md mariadb-11.8.8/libmariadb/docs/mariadb_field_attr.md --- mariadb-11.8.6/libmariadb/docs/mariadb_field_attr.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_field_attr.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,68 @@ +## Name +mariadb_field_attr - returns extended metadata information for pluggable field types + +## Synopsis +```C +#include + +int *mariadb_field_attr(MARIADB_CONST_STRING *attr, + const MYSQL_FIELD *field, + enum mariadb_field_attr_t type) +``` +## Description +Returns extended metadata information for pluggable field types like JSON and GEOMETRY. + +## Parameter + +* `attr`: A pointer which returns extended metadata information +* `field`: Specifies the field which contains extended metadata information +* `type:` Specifies type of metadata information. Supported types are `MARIADB_FIELD_METADATA_DATA_TYPE_NAME` and `MARIADB_FIELD_METADATA_FORMAT_NAME`. + +## Return value +Returns zero on success or non zero if the field doesn't provide extended metadata information. + +## Notes +* Pluggable field type support is available in MariaDB server version 10.5.2 and later +* To check if the server supports pluggable field types, check the extended server capabilities which can be obtained by api function [mariadb_get_info()](mariadb_get_info) + +## Example +```C +#include + +int display_extended_field_attribute(MYSQL *mysql) +{ + MYSQL_RES *result; + MYSQL_FIELD *fields; + + if (mysql_query(mysql, "CREATE TEMPORARY TABLE t1 (a POINT)")) + return 1; + + if (mysql_query(mysql, "SELECT a FROM t1")) + return 1; + + if (!(result= mysql_store_result(mysql))) + return 1; + + if ((fields= mysql_fetch_fields(result))) + { + MARIADB_CONST_STRING field_attr; + + if (!mariadb_field_attr(&field_attr, &fields[0], + MARIADB_FIELD_ATTR_DATA_TYPE_NAME)) + { + printf("Extended field attribute: %s\n", field_attr.str); + } + } + mysql_free_result(result); + return 0; +} +``` +## History +mariadb_field_attr was added in MariaDB Connector/C 3.1.8 + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_use_result()](mysql_use_result) +* [mariadb_get_info()](mariadb_get_info) +* [mysql_fetch_fields()](mysql_fetch_fields) + diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_free_rpl_event.md mariadb-11.8.8/libmariadb/docs/mariadb_free_rpl_event.md --- mariadb-11.8.6/libmariadb/docs/mariadb_free_rpl_event.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_free_rpl_event.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mariadb_free_rpl_event - free event memory + +## Synopsis +```C +#include + +void mariadb_free_rpl_event(MARIADB_RPL_EVENT *event) +``` + +## Description +Frees event memory. + +## Parameter +* `event` - An event handle which was previously obtained by [mariadb_rpl_fetch()](mariadb_rpl_fetch). + +## History +`mariadb_free_rpl_event` was added in MariaDB Connector/C 3.1.0 diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_get_charset_by_name.md mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_name.md --- mariadb-11.8.6/libmariadb/docs/mariadb_get_charset_by_name.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_name.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mariadb_get_charset_by_name - returns character set information for the specified character set name + +## Synopsis +```C +#include + +MARIADB_CHARSET_INFO *mariadb_get_charset_by_name(const char *cs_name) +``` + + +## Description +Returns information about the specified character set name. + +### Parameters +* `cs_name` - a character set name. + +### Return values +Returns a pointer to MARIADB_CHARSET_INFO structure, or NULL if the specified character set name +could not be found. + +### Notes +* A complete list of supported character sets in the client library is listed in the function description for [mysql_set_character_set()](mysql_set_character_set). + +## See also +* [mariadb_get_charset_by_nr()](mariadb_get_charset_by_nr) +* [mysql_set_character_set()](mysql_set_character_set) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_get_charset_by_nr.md mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_nr.md --- mariadb-11.8.6/libmariadb/docs/mariadb_get_charset_by_nr.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_get_charset_by_nr.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_get_charset_by_name - returns character set information for the specified character set number + +## Synopsis +```C +#include + +MARIADB_CHARSET_INFO *mariadb_get_charset_by_name(uint cs_nr) +``` + + +## Description +Returns information about the specified character set number. + +### Parameters +* `cs_nr` - a character set number. + +### Return values +Returns a pointer to MARIADB_CHARSET_INFO structure, or NULL if the specified character set number +could not be found. + +### Notes +* A complete list of supported character sets in the client library is listed in the function description for [mysql_set_character_set()](mysql_set_character_set). + +## See also +* [mariadb_get_charset_by_name()](mariadb_get_charset_by_name) +* [mysql_set_character_set()](mysql_set_character_set) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_get_info.md mariadb-11.8.8/libmariadb/docs/mariadb_get_info.md --- mariadb-11.8.6/libmariadb/docs/mariadb_get_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_get_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mariadb_get_info - mariadb_get_infov - retrieves generic or connection related information + +## Synopsis +```C +#include + +my_bool mariadb_get_info(MYSQL *mysql, enum mariadb_value value, void *arg) +``` + +## Description +Retrieves generic or connection related information. + +### Notes +This function is deprecated. Please use [mariadb_get_infov()](mariadb_get_infov) instead. + +## See also +* [mysql_get_infov()](mysql_get_infov) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_get_infov.md mariadb-11.8.8/libmariadb/docs/mariadb_get_infov.md --- mariadb-11.8.6/libmariadb/docs/mariadb_get_infov.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_get_infov.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,132 @@ +## Name +mariadb_get_infov - retrieves generic or connection related information + +## Synopsis +```C +#include + +int mariadb_get_infov(MYSQL * mysql, + enum mariadb_value value, + void * arg, + ...); +``` + +# Description +Retrieves generic or connection specific information. ```arg``` (and further arguments) must be a pointer to a variable of the type appropriate for the ```value``` argument. The following table shows which variable type to use for each value. + +| Variable Type | Values | +|-|-| +| ```unsigned int```|```MARIADB_CLIENT_VERSION_ID```, ```MARIADB_CONNECTION_ASYNC_TIMEOUT```, ```MARIADB_CONNECTION_ASYNC_TIMEOUT_MS```, ```MARIADB_CONNECTION_ERROR_ID```, ```MARIADB_CONNECTION_PORT```, ```MARIADB_CONNECTION_PROTOCOL_VERSION_ID```, ```MARIADB_CONNECTION_PVIO_TYPE```, ```MARIADB_CONNECTION_SERVER_STATUS```, ```MARIADB_CONNECTION_SERVER_VERSION_ID```, ```MARIADB_CONNECTION_TLS_VERSION_ID``` | +| ```unsigned long``` | ```MARIADB_CONNECTION_CLIENT_CAPABILITIES```, ```MARIADB_CONNECTION_EXTENDED_SERVER_CAPABILITIES```, ```MARIADB_CONNECTION_SERVER_CAPABILITIES``` +| ```size_t``` | ```MARIADB_MAX_ALLOWED_PACKET```, ```MARIADB_NET_BUFFER_LENGTH``` | +| ```const char *``` | ```MARIADB_CLIENT_VERSION```, ```MARIADB_TLS_LIBRARY```, ```MARIADB_CONNECTION_ERROR```, ```MARIADB_CONNECTION_HOST```, ```MARIADB_CONNECTION_INFO```, ```MARIADB_CONNECTION_SCHEMA```, ```MARIADB_CONNECTION_SERVER_TYPE```, ```MARIADB_CONNECTION_SERVER_VERSION```, ```MARIADB_CONNECTION_SQLSTATE```, ```MARIADB_CONNECTION_SSL_CIPHER```, ```MARIADB_CONNECTION_TLS_VERSION```, ```MARIADB_CONNECTUION_UNIX_SOCKET```, ```MARIADB_CONNECTION_USER```, +| ```const char **``` | ```MARIADB_CLIENT_ERRORS```| +| ```const *MY_CHARSET_INFO```| ```MARIADB_CHARSET_NAME```, `MARIADB_CONNECTION_CHARSET_INFO` | +|```my_socket```| `MARIADB_CONNECTION_SOCKET`| +|```MARIADB_X509_INFO *```| `MARIADB_TLS_PEER_CERT_INFO`| + +### Value types + +#### Generic information +For these information types parameter `mysql` needs to be set to NULL. + +* ```MARIADB_CHARSET_NAME```\ + Retrieves the charset information for a character set by it's literal representation. +* ```MARIADB_CLIENT_ERRORS```\ + Retrieve array of client errors. This can be used in plugins to set global error messages (which are not exported by MariaDB Connector/C). +* ```MARIADB_CLIENT_VERSION```\ + The client version in literal representation. +* ```MARIADB_CLIENT_VERSION_ID```\ +The client version in numeric format. +* ```MARIADB_MAX_ALLOWED_PACKET```\ +Retrieves value of maximum allowed packet size. +* ```MARIADB_NET_BUFFER_LENGTH```\ +Retrieves the length of net buffer. + + +#### Connection and TLS related information +For these information types parameter mysql must be represent a valid connection handle which was allocated by [mysql_init()](mysql_init). + +* ```MARIADB_CONNECTION_ASYNC_TIMEOUT```\ +Retrieves the timeout for non blocking calls in seconds. +* ```MARIADB_CONNECTION_ASYNC_TIMEOUT_MS```\ + Retrieves the timeout for non blocking calls in milliseconds. +* ```MARIADB_CONNECTION_CHARSET_INFO```\ +Retrieves character set information for given connection. +* ```MARIADB_CONNECTION_CLIENT_CAPABILITIES```\ +Returns the capability flags of the client. +* ```MARIADB_CONNECTION_ERROR```\ +Retrieves error message for last used command. +* ```MARIADB_CONNECTION_ERROR_ID```\ +Retrieves error number for last used command. +*```MARIADB_CONNECTION_EXTENDED_SERVER_CAPABILITIES```\ +Returns the extended capability flags of the connected MariaDB server +* ```MARIADB_CONNECTION_HOST```\ +Returns host name of the connected MariaDB server +* ```MARIADB_CONNECTION_INFO```\ +Retrieves generic info for last used command. +* ```MARIADB_CONNECTION_PORT```\ +Retrieves the port number of server host. +* ```MARIADB_CONNECTION_PROTOCOL_VERSION_ID```\ +Retrieves the protocol version number. +* ```MARIADB_CONNECTION_PVIO_TYPE```\ +Retrieves the pvio plugin used for specified connection. +* ```MARIADB_CONNECTION_SCHEMA```\ +Retrieves the current schema. +* ```MARIADB_CONNECTION_SERVER_CAPABILITIES```\ +Retrievrs the capability flags of the connected server. +* ```MARIADB_CONNECTION_SERVER_STATUS```\ +Returns server status after last operation. +* ```MARIADB_CONNECTION_SERVER_TYPE```\ +Retrieves the type of the server. +* ```MARIADB_CONNECTION_SERVER_VERSION```\ +Retrieves the server version in literal format. +* ```MARIADB_CONNECTION_SERVER_VERSION_ID```\ +Retrieves the server version in numeric format. +* ```MARIADB_CONNECTION_SOCKET```\ +Retrieves the handle (socket) for given connection. +* ```MARIADB_CONNECTION_SQLSTATE```\ +Retrieves current sqlstate information for last used command. +* ```MARIADB_CONNECTION_SSL_CIPHER```\ +Retrieves the TLS/SSL cipher in use. +* ```MARIADB_TLS_LIBRARY```\ +Retrieves the name of TLS library. +* ```MARIADB_CONNECTION_TLS_VERSION```\ +Retrieves the TLS protocol version used in literal format. +* ```MARIADB_CONNECTION_TLS_VERSION_ID```\ +Retrieves the TLS protocol version used in numeric format. +* ```MARIADB_CONNECTION_UNIX_SOCKET```\ +Retrieves the file name of the unix socket +* ```MARIADB_CONNECTION_USER```\ +Retrieves connection's user name. +* ``` MARIADB_TLS_PEER_CERT_INFO``` +Retrieves peer certificate information for TLS connections. The returned pointer to a MARIADB_X509_INFO structure becomes invalid after the connection has been closed. (Added in version 3.4.0) +* ```MARIADB_TLS_VERIFY_STATUS``` +Retrieves the status of a previous peer certificate verification. The status is represented as a combination of [TLS verification flags](types#tls-verification-flags). This option was added in version 3.4.1 + + + +## Returns + +Returns zero on success, non zero if an error occurred (e.g. if an invalid option was specified), + +## Source file +```libmariadb/mariadb_lib.c``` + +## History +This function was added in MariaDB Connector/C 3.0, + +## Examples +``` +/* get server port for current connection */ +unsigned int port; +mariadb_get_infov(mysql, MARIADB_CONNECTION_PORT, (void *)&port); +``` +``` +/* get user name for current connection */ +const char *user; +mariadb_get_infov(mysql, MARIADB_CONNECTION_USER, (void *)&user); +``` +## See also +* [mysql_get_optionv()](mysql_get_optionv) + diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_reconnect.md mariadb-11.8.8/libmariadb/docs/mariadb_reconnect.md --- mariadb-11.8.6/libmariadb/docs/mariadb_reconnect.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_reconnect.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mariadb_reconnect - reconnects to a server + +## Synopsis +```C +#include + +my_bool mariadb_reconnect(MYSQL * mysql) +``` + +## Description +`mariadb_reconnect()` tries to reconnect to a server in case the connection died due to timeout or other errors. It uses the same credentials which were specified in [mysql_real_connect()](mysql_real_connect). + +## Return value +The function will return 0 on success, a non zero value on error + +**Note**: +The function will return an error, if the option `MYSQL_OPT_RECONNECT` wasn't set before. + +## History +`mariadb_reconnect()` was added in MariaDB Connector/C 3.0 + +## See also +* [mysql_real_connect()](mysql_real_connect) +* [mysql_optionsv()](mysql_optionsv) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_close.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_close.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_close.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_close.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mariadb_rpl_close - Closes replication stream + +## Synopsis +```C +#include + +void mariadb_rpl_close(MARIADB_RPL *rpl) +``` + +## Description +Closes a replication stream. + +## Parameter +`rpl` - A replication handle which was initialized by [mariadb_rpl_init()](mariadb_rpl_init) and connected by [mariadb_rpl_open()](mariadb_rpl_open). + +## Notes +To close the connection to the server, the api function [mariadb_close()](mariadb_close) must be called. + +## History +`mariadb_rpl_close` was added in MariaDB Connector/C 3.1 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_errno.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_errno.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_errno.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_errno.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name + +mariadb_rpl_errno - returns the last error code for the most recent binlog function call + +## Synopsis +```C +#include + +unsigned int mariadb_rpl_errno(MARIADB_RPL * rpl); +``` + +## Description +Returns the last error code for the most recent binlog function call that can succeed or fail. Zero means no error occurred. + +### Parameter +* `rpl` is a handle, which was previously allocated by [mariadb_rpl_init()](mariadb_rpl_init). + +### Notes +* Client error codes are listed in `errmsg.h` header file, server error codes are listed in `mysqld_error.h` header file of the server source distribution. + +### History +This function was added in MariaDB Connector/C version 3.3.5 + +## See also +* [mariadb_rpl_error()](mariadb_rpl_error) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_error.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_error.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_error.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_error.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name + +mariadb_rpl_error - returns the last error message for the most recent binlog function call + +## Synopsis +```C +#include + +const char * mariadb_rpl_error(MARIADB_RPL * rpl); +``` + +## Description +Returns the last error message for the most recent binlog function call that can succeed or fail. An empty string means no error occurred. + +### Parameter +* `rpl` is a handle, which was previously allocated by [mariadb_rpl_init()](mariadb_rpl_init). + +### Notes +* Client error codes are listed in `errmsg.h` header file, server error codes are listed in `mysqld_error.h` header file of the server source distribution. + +### History +This function was added in MariaDB Connector/C version 3.3.5 + +## See also +* [mariadb_rpl_errno()](mariadb_rpl_errno) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_extract_rows.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_extract_rows.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_extract_rows.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_extract_rows.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name + +mariadb_rpl_extract_row_data - Extract a list of rows from row event. + +## Synopsis +```C +#include + +MARIADB_RPL_ROW * +mariadb_rpl_extract_rows(MARIADB_RPL *rpl, + MARIADB_RPL_EVENT *tm_event, + MARIADB_RPL_EVENT *row_event) +``` + +## Description +Extracts a list of rows from a row event. + +### Parameter +* `rpl` - a handle, which was previously allocated by [mariadb_rpl_init()](mariadb_rpl_init). +* `tm_event` - the last table_map event +* `row_event` - the row_event, which contains row data + +### History +This function was added in MariaDB Connector/C version 3.3.5 + +## See also +* [mariadb_rpl_fetch()](mariadb_rpl_fetch) diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_fetch.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_fetch.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_fetch.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_fetch.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mariadb_rpl_fetch - fetches next event from replication stream + +## Synopsis +```C +#include + +MARIADB_RPL_EVENT *mariadb_rpl_fetch(MARIADB_RPL *rpl, MARIADB_RPL_EVENT *event) +``` + +## Description +Fetches one event from the replication stream + +## Parameter +* `rpl` - A replication handle which was initialized by [mariadb_rpl_init()](mariadb_rpl_init) and connected by [mariadb_rpl_open()](mariadb_rpl_open). +* `event` - An event which was returned by a previous call to `mariadb_rpl_fetch`. If this value is `NULL` the function will allocate new memory for the event, otherwise the passed event value will be overwritten. + +## Return value +An event handle or NULL if EOF packet was received. + +## Notes +Event memory needs to be freed by calling [mariadb_rpl_free_event()](mariadb_rpl_free_event). + +## See also +* [mariadb_rpl_free_event()](mariadb_rpl_free_event) + +## History +`mariadb_rpl_fetch` was added in MariaDB Connector/C 3.1.0 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_get_optionsv.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_get_optionsv.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_get_optionsv.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_get_optionsv.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,31 @@ +## Name +mariadb_rpl_get_optionsv - get replication option value + +## Synopsis +```C +#include + +int mariadb_rpl_get_optionsv(MARIADB_RPL *rpl, enum mariadb_rpl_option option, ...) +``` + +## Parameter +* `rpl` - a replication handle which was previously allocated by [mariadb_rpl_init](mariadb_rpl_init) +* `option` - The option to be set, followed by one or more values + +| Option | Type | Description +|-|-|- +| MARIADB_RPL_FILENAME | char **, size_t * | The name and name length of binglog file +| MARIADB_RPL_START | unsigned long * | Start position +| MARIADB_RPL_SERVER_ID | uint32_t * | Server id +| MARIADB_RPL_FLAGS | uint32_t * | Flags +| MARIADB_RPL_SEMI_SYNC | uint32_t * | Semi sync replication, 1= ON, 0= OFF. (This option was added in version 3.3.6). + +## Return value +Returns zero on success, non zero on error. + +## See also +* [mariadb_rpl_optionsv()](mariadb_rpl_optionsv) + + +## History +`mariadb_rpl_get_optionsv` was added in MariaDB Connector/C 3.1.0 diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_init.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_init.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mariadb_rpl_init - allocates and initializes a replication handle + +## Synopsis +```C +#include +#include + +MARIADB_RPL *mariadb_rpl_init(MYSQL *mysql) +``` + +## Description +Allocates and initializes a replication handle. + +## Parameter +* `mysql` - A connection handle which was previously connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +A replication handle or NULL on error. + +## Notes +The replication handle needs to be released by [mariadb_rpl_close()](mariadb_rpl_close). + +## See also +* [mariadb_rpl_close()](mariadb_rpl_close) + +## History +`mariadb_rpl_init` was added in MariaDB Connector/C 3.1.0 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_open.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_open.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_open.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_open.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mariadb_rpl_open - opens a replication stream + +## Synopsis +```C +#include + +int mariadb_rpl_open(MARIADB_RPL *rpl) +``` + +## Description +Opens a replication stream + +## Parameter +* `rpl` - A replication handle which was previously initialized by [mariadb_rpl_init()](mariadb_rpl_init). + +## Return value +Zero on success, nonzero on error. + +## History +`mariadb_rpl_open` was added in MariaDB Connector/C 3.1.0 \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_rpl_optionsv.md mariadb-11.8.8/libmariadb/docs/mariadb_rpl_optionsv.md --- mariadb-11.8.6/libmariadb/docs/mariadb_rpl_optionsv.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_rpl_optionsv.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,35 @@ +## Name +mariadb_rpl_optionsv - sets replication options + +## Synopsis +```C +#include + +int mariadb_rpl_optionsv(MARIADB_RPL *rpl, enum mariadb_rpl_option option, ...) +``` + +## Parameter +* `rpl` - a replication handle which was previously allocated by [mariadb_rpl_init](mariadb_rpl_init) +* `option` - The option to be set, followed by one or more values + +| Option | Type | Description +|-|-|- +| MARIADB_RPL_FILENAME | char * | The name of binglog file +| MARIADB_RPL_START | unsigned long | Start position +| MARIADB_RPL_SERVER_ID | uint32_t | Server id +| MARIADB_RPL_FLAGS | uint32_t | Flags +| MARIADB_RPL_VERIFY_CHECKSUM | uint32_t | Verify CRC32 checksum (option added in version 3.3.5) +| MARIADB_RPL_PORT | uint32_t | Port of replication client (option added in version 3.3.5) +| MARIADB_RPL_HOST | char * | Name of replication client (option added in version 3.3.5) +| MARIADB_RPL_SEMI_SYNC | uint_32_t | Enable or disable semi sync replication (option added in version 3.3.6). + + +## Return value +Returns zero on success, non zero on error. + +## See also +* [mariadb_rpl_get_optionsv()](mariadb_rpl_get_optionsv) +* [mariadb_rpl_open()](mariadb_rpl_open) + +## History +`mariadb_rpl_optionsv` was added in MariaDB Connector/C 3.1.0 diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_stmt_execute_direct.md mariadb-11.8.8/libmariadb/docs/mariadb_stmt_execute_direct.md --- mariadb-11.8.6/libmariadb/docs/mariadb_stmt_execute_direct.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_stmt_execute_direct.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,76 @@ +## Name +mariadb_stmt_execute_direct - prepares and executes a prepared statement + +## Synopsis +``` +#include + +int mariadb_stmt_execute_direct(MYSQL_STMT * stmt, + const char *query, + size_t length); +``` + +## Description +Prepares and executes a statement which was previously allocated by [mysql_stmt_init()](mysql_stmt_init), using the current values of the parameter variables if any parameters exist in the statement. + +## Parameters +* `stmt` - A statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `query` SQL statement +* `length` Length of SQL statement + +## Return value +Returns zero on success, non-zero on failure. + +## Notes +* Since the number of parameter of the statement is unknown before execution it is mandatory to set the number of parameters via the [mysql_stmt_attr_set()](mysql_stmt_attr_set) function. + +* If the SQL statement is a zero-terminated string, you can also pass `-1` as length. +* The statement handle is intended for one-time execution. Reusing the statement handle might lead to unexpected behavior. + +## History +This function was added in Connector/C 3.0 and requires MariaDB 10.2 or later versions. + +## See Also +* [mysql_stmt_attr_set()](mysql_stmt_attr_set) +* [mysql_stmt_bind_param()](mysql_stmt_bind_param) + +## Example +```C +static int execute_direct_example(MYSQL *mysql) +{ + MYSQL_STMT *stmt= mysql_stmt_init(mysql); + MYSQL_BIND bind[2]; + int intval= 1; + int param_count= 2; + char *strval= "execute_direct_example"; + + /* Direct execution without parameters */ + if (mariadb_stmt_execute_direct(stmt, "CREATE TABLE execute_direct (a int, b varchar(30))", -1)) + goto error; + + memset(&bind, 0, sizeof(MYSQL_BIND) * 2); + bind[0].buffer_type= MYSQL_TYPE_SHORT; + bind[0].buffer= &intval; + bind[1].buffer_type= MYSQL_TYPE_STRING; + bind[1].buffer= strval; + bind[1].buffer_length= strlen(strval); + + /* set number of parameters */ + if (mysql_stmt_attr_set(stmt, STMT_ATTR_PREBIND_PARAMS, ¶m_count)) + goto error; + + /* bind parameters */ + if (mysql_stmt_bind_param(stmt, bind)) + goto error; + + if (mariadb_stmt_execute_direct(stmt, "INSERT INTO execute_direct VALUES (?,?)", -1)) + goto error; + + mysql_stmt_close(stmt); + return 0; +error: + printf("Error: %s\n", mysql_stmt_error(stmt)); + mysql_stmt_close(stmt); + return 1; +} + diff -Nru mariadb-11.8.6/libmariadb/docs/mariadb_stmt_fetch_fields.md mariadb-11.8.8/libmariadb/docs/mariadb_stmt_fetch_fields.md --- mariadb-11.8.6/libmariadb/docs/mariadb_stmt_fetch_fields.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mariadb_stmt_fetch_fields.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mariadb_stmt_fetch_fields - Returns an array of fields containing the column definitions +## Synopsis +```C +#include + +MYSQL_FIELD *mariadb_stmt_fetch_fields(MYSQL_STMT * stmt); +``` + +## Description +Returns an array of fields. Each field contains the definition for a column of the result set. +If the statement doesn't have a result set a NULL pointer will be returned. + +## Parameter +* `stmt` - A statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +### Notes +The number of fields can be obtained by [mysql_stmt_field_count()](mysql_stmt_field_count) + +## History +This function was added in MariaDB Connector/C 3.1.0 + +## See Also +*[mysql_stmt_field_count()](mysql_stmt_field_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_affected_rows.md mariadb-11.8.8/libmariadb/docs/mysql_affected_rows.md --- mariadb-11.8.6/libmariadb/docs/mysql_affected_rows.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_affected_rows.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_affected_rows - returns the number of rows affected by the last operation + +## Synopsis +```C +#include + +my_ulonglong mysql_affected_rows(MYSQL * mysql); +``` + +## Description +Returns the number of affected rows by the last operation associated with mysql, if the operation was an "upsert" (`INSERT`, `UPDATE`, `DELETE` or `REPLACE`) statement, or -1 if the last operation failed. + +### Parameters: +`mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes: +* When using `UPDATE`, MariaDB will not update columns where the new value is the same as the old value. This creates the possibility that mysql_affected_rows may not actually equal the number of rows matched, only the number of rows that were literally affected by the query. +* The `REPLACE` statement first deletes the record with the same primary key and then inserts the new record. This function returns the number of deleted records in addition to the number of inserted records. + +# Return value +Returns the number of affected rows or -1 on error. + +## See also +* [mysql_num_rows()](mysql_num_rows) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_autocommit.md mariadb-11.8.8/libmariadb/docs/mysql_autocommit.md --- mariadb-11.8.6/libmariadb/docs/mysql_autocommit.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_autocommit.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,62 @@ +## Name +mysql_autocommit - Toggles autocommit mode + +## Synopsis +```C +#include + +my_bool mysql_autocommit(MYSQL * mysql, my_bool auto_mode); +``` +## Description +Toggles autocommit mode on or off for the current database connection. Autocommit mode will be set if mode=1 or unset if mode=0. + +### Parameters: +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `auto_mode` - whether to turn autocommit on or not. + +### Notes +* Autocommit mode only affects operations on transactional table types. To determine the current state of autocommit mode use the SQL command `SELECT @@autocommit` or check the server status (see example below). +* Be aware: the [mysql_rollback()}(mysql_rollback() function will not work if autocommit mode is switched on. + +## Examples + +### SQL + +```SQL +# Turn off autocommit +SET AUTOCOMMIT=0; + +# Retrieve autocommit +SELECT @@autocommit; ++--------------+ +| @@autocommit | ++--------------+ +| 0 | ++--------------+ +``` +### MariaDB Connector/C +```C +static int test_autocommit(MYSQL *mysql) +{ + int rc; + unsigned int server_status; + + /* Turn autocommit off */ + rc= mysql_autocommit(mysql, 0); + if (rc) + return rc; /* Error */ + + /* If autocommit = 0 succeeded, the last OK packet updated the server status */ + rc= mariadb_get_infov(mysql, MARIADB_CONNECTION_SERVER_STATUS, &server_status); + if (rc) + return rc; /* Error */ + + if (server_status & SERVER_STATUS_AUTOCOMMIT) + { + printf("Error: autocommit is on\n"); + return 1; + } + printf("OK: autocommit is off\n"); + return 0; +} +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_change_user.md mariadb-11.8.8/libmariadb/docs/mysql_change_user.md --- mariadb-11.8.6/libmariadb/docs/mysql_change_user.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_change_user.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ +## Name +mysql_change_user - changes user and default database + +## Synopsis +```C +#include + +my_bool mysql_change_user(MYSQL * mysql, + const char * user, + const char * passwd, + const char * db); +``` + +## Description +Changes the user and default database of the current connection. + +In order to successfully change users a valid username and password parameters must be provided and that user must have sufficient permissions to access the desired database. If for any reason authorization fails, the current user authentication will remain. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `user` - the user name for server authentication +* `passwd` - the password for server authentication +* `db` - the default database. If desired, the NULL value may be passed resulting in only changing the user and not selecting a database. To select a database in this case use the [mysql_select_db()](mysql_select_db) function. + +### Notes +* mysql_change_user will always cause the current database connection to behave as if was a completely new database connection, regardless of if the operation was completed successfully. This reset includes performing a rollback on any active transactions, closing all temporary tables, and unlocking all locked tables. +* To prevent denial of service and brute-force attacks the server will block the connection if `mysql_change_user()` failed three times in a row + +## Return value +Returns zero on success, nonzero if an error occurred. + +## See also +* [mysql_real_connect()](mysql_real_connect) +* [mysql_select_db()](mysql_select_db) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_character_set_name.md mariadb-11.8.8/libmariadb/docs/mysql_character_set_name.md --- mariadb-11.8.6/libmariadb/docs/mysql_character_set_name.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_character_set_name.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_character_set_name - Returns the character set used for the specified connection + +## Synopsis +```C +#include + +const char* mysql_character_set_name(MYSQL * mysql); +``` + +## Description +Returns the character set used for the specified connection. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +The character set name used for the specified connection, or NULL if an error occurred. + +## Notes +This function is deprecated. Instead, use [mariadb_get_infov()](mariadb_get_infov) with option `MARIADB_CONNECTION_CHARSET_INFO`. + +## See also +* [mysql_set_character_set()](mysql_set_character_set) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_client_find_plugin.md mariadb-11.8.8/libmariadb/docs/mysql_client_find_plugin.md --- mariadb-11.8.6/libmariadb/docs/mysql_client_find_plugin.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_client_find_plugin.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mysql_client_find_plugin - Finds a plugin by specified name + +## Synopsis +```C +#include +struct st_mysql_client_plugin * +mysql_client_find_plugin(MYSQL *mysql, const char *name, int type); +``` + +## Description +Finds a plugin by specified name and type. If the plugin was not loaded before, it will be loaded first. + +### Parameters +* `mysql` is a connection identifier, which was previously initialized by [mysql_init()](mysql_init) and optional connected by [mysql_real_connect()](mysql_real_connect). +* `name` The name of the plugin. +* `type` The plugin type. + +Valid plugin types are: +`MYSQL_CLIENT_AUTHENTICATION_PLUGIN`, `MARIADB_CLIENT_PVIO_PLUGIN`, `MARIADB_CLIENT_REMOTEIO_PLUGIN`, `MARIADB_CLIENT_CONNECTION_PLUGIN` or `MARIADB_CLIENT_COMPRESSION_PLUGIN`. + +## Return value +A pointer to the plugin handle, or NULL if an error occurred. + +## Notes +If the type of the plugin is not known, -1 needs to be specified for parameter type. + +## See also +* [mysql_load_plugin()](mysql_load_plugin) +* [mysql_load_pluginv()](mysql_load_pluginv) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_close.md mariadb-11.8.8/libmariadb/docs/mysql_close.md --- mariadb-11.8.6/libmariadb/docs/mysql_close.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_close.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,19 @@ +## Name +mysql_close - Closes a previously opened connection + +## Synopsis +```C +#include + +void mysql_close(MYSQL *mysql); +``` +## Description +Closes a previously opened connection and deallocates all memory. + +## Notes +* To reuse a connection handle after `mysql_close()` the handle must be initialized again by [mysql_init()](mysql_init). + +## See also +* [mysql_init()](mysql_init) +* [mysql_real_connect()](mysql_real_connect) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_commit.md mariadb-11.8.8/libmariadb/docs/mysql_commit.md --- mariadb-11.8.6/libmariadb/docs/mysql_commit.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_commit.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,22 @@ +## Name +mysql_commit - Commits the current transaction + +## Synopsis +```C +#include + +my_bool mysql_commit(MYSQL * mysql); +``` +## Description +Commits the current transaction for the specified database connection. Returns zero on success, nonzero if an error occurred. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +Executing mysql_commit() will not affected the behaviour of autocommit. This means, any update or insert statements following mysql_commit() will be rolled back when the connection gets closed. + +== See also +* [mysql_autocommit()](mysql_autocommit) +* [mysql_rollback()](mysql_rollback) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_data_seek.md mariadb-11.8.8/libmariadb/docs/mysql_data_seek.md --- mariadb-11.8.6/libmariadb/docs/mysql_data_seek.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_data_seek.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_data_seek - seeks to an offset + +## Synopsis +```C +#include + +void mysql_data_seek(MYSQL_RES * result, + my_ulonglong offset); +``` + +## Description +The mysql_data_seek() function seeks to an arbitrary function result pointer specified by the offset in the result set. Returns zero on success, nonzero if an error occurred. + +### Parameters +* `result` - a result set identifier returned by mysql_store_result(). +* `offset` - the field offset. Must be between zero and the total number of rows minus one (0..mysql_num_rows - 1). + +### Notes +This function can only be used with buffered result sets obtained from the use of the [mysql_store_result()](mysql_store_result) function. + +## See also +* [mysql_num_rows()](mysql_num_rows) +* [mysql_store_result()](mysql_store_result) + + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_debug.md mariadb-11.8.8/libmariadb/docs/mysql_debug.md --- mariadb-11.8.6/libmariadb/docs/mysql_debug.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_debug.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,13 @@ +## Name +mysql_debug - Enable debug output + +## Synopsis +```C +#include + +void mysql_debug(const char *debug); +``` + +## Warning +This function is deprecated and not supported anymore. + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_dump_debug_info.md mariadb-11.8.8/libmariadb/docs/mysql_dump_debug_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_dump_debug_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_dump_debug_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mysql_dump_debug_info - dump server status into log + +## Synopsis +```C +#include + +int mysql_dump_debug_info(MYSQL * mysql); +``` + +## Description +This function is designed to be executed by an user with the SUPER privilege and is used to dump server status information into the log for the MariaDB Server relating to the connection. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +The server status information will be dumped into the error log file, which can usually be found in the data directory of your server installation. + +## Return value +Returns zero on success, nonzero if an error occurred. diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_embedded.md mariadb-11.8.8/libmariadb/docs/mysql_embedded.md --- mariadb-11.8.6/libmariadb/docs/mysql_embedded.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_embedded.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,16 @@ +## Name +mysql_embedded - Determines if Connector/C is linked against embedded server library + +## Synopsis +```C +#include + +my_bool mysql_embedded(void); + +``` + +### Notes +* This function is deprecated and always returns 0. + +## Return value +Returns always zero. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_eof.md mariadb-11.8.8/libmariadb/docs/mysql_eof.md --- mariadb-11.8.6/libmariadb/docs/mysql_eof.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_eof.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,22 @@ +## Name +mysql_eof - determines if the last row of a result set has been read + +## Synopsis +```C +#include + +my_bool mysql_eof(MYSQL_RES *result); +``` +## Description +Determines if the last row of a result set has been read. + +**Notes:** +* This function is deprecated and will be removed. Instead determine the end of a result set by +checking return value of [mysql_fetch_row()](mysql_fetch_row). +* If a result set was acquired by [mysql_store_result()](mysql_store_result) mysql_eof will always return true. +## Return value +Returns true if the entire result set was read. + +## See also +* [mysql_fetch_row()](mysql_fetch_row) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_errno.md mariadb-11.8.8/libmariadb/docs/mysql_errno.md --- mariadb-11.8.6/libmariadb/docs/mysql_errno.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_errno.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name + +mysql_errno - returns the last error code for the most recent function call + +## Synopsis +```C +#include + +unsigned int mysql_errno(MYSQL * mysql); +``` + +## Description +Returns the last error code for the most recent function call that can succeed or fail. Zero means no error occurred. + +### Parameter +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* Client error codes are listed in `errmsg.h` header file, server error codes are listed in `mysqld_error.h` header file of the server source distribution. + +## See also +* [mysql_error()](mysql_error) +* [mysql_sqlstate()](mysql_sqlstate) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_error.md mariadb-11.8.8/libmariadb/docs/mysql_error.md --- mariadb-11.8.6/libmariadb/docs/mysql_error.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_error.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name + +mysql_error - returns the last error message for the most recent function call + +## Synopsis +```C +#include + +const char * mysql_error(MYSQL * mysql); +``` + +## Description +Returns the last error message for the most recent function call that can succeed or fail. An empty string means no error occurred. + +### Parameter +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* Client error codes are listed in `errmsg.h` header file, server error codes are listed in `mysqld_error.h` header file of the server source distribution. +* Client error messages can be obtained by calling [mariadb_get_infov()](mariadb_get_infov) and passing the parameter `MARIADB_CLIENT_ERRORS` + +## See also +* [mysql_errno()](mysql_errno) +* [mysql_sqlstate()](mysql_sqlstate) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_fetch_field.md mariadb-11.8.8/libmariadb/docs/mysql_fetch_field.md --- mariadb-11.8.6/libmariadb/docs/mysql_fetch_field.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_fetch_field.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mysql_fetch_field - Returns the definition of one column of a result set + +## Synopsis +```C +#include + +MYSQL_FIELD * mysql_fetch_field(MYSQL_RES * result); +``` + +## Description + +Returns the definition of one column of a result set as a pointer to a MYSQL_FIELD structure. Call this function repeatedly to retrieve information about all columns in the result set. + +### Parameters +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +### Notes +* The field order will be reset if you execute a new SELECT query. +* In case only information for a specific field is required the field can be selected by using the [mysql_field_seek()](mysql_field_seek) function or obtained by [mysql_fetch_field_direct()](mysql_fetch_field_direct) function. + +## Return value +a pointer of a `MYSQL_FIELD` structure, or NULL if there are no more fields. + +## See also +* [mysql_field_seek()](mysql_field_seek) +* [mysql_field_tell()](mysql_field_tell) +* [mysql_fetch_field_direct()](mysql_fetch_field_direct) +* [mysql_store_result()](mysql_store_result) +* [mysql_use_result()](mysql_use_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_fetch_field_direct.md mariadb-11.8.8/libmariadb/docs/mysql_fetch_field_direct.md --- mariadb-11.8.6/libmariadb/docs/mysql_fetch_field_direct.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_fetch_field_direct.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_fetch_field_direct - Returns a pointer to a MYSQL_FIELD structure + +## Synopsis +```C +#include + +MYSQL_FIELD * mysql_fetch_field_direct(MYSQL_RES * res, + unsigned int fieldnr); +``` + + +## Description +Returns a pointer to a `MYSQL_FIELD` structure which contains field information from the specified result set. +### Parameter +* `res` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). +* `fieldnr` - the field number. This value must be within the range from 0 to number of fields - 1 +### Notes +* The total number of fields can be obtained by mysql_field_count() + + +## Return value +Pointer to a `MYSQL_FIELD` structure or `NULL` if an invalid field number was specified + +## See also +* [mysql_fetch_field()](mysql_fetch_field) +* [mysql_field_count()](mysql_field_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_fetch_fields.md mariadb-11.8.8/libmariadb/docs/mysql_fetch_fields.md --- mariadb-11.8.6/libmariadb/docs/mysql_fetch_fields.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_fetch_fields.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_fetch_fields - returns an array of fields + +## Synopsis +```C +#include + +MYSQL_FIELD * mysql_fetch_fields(MYSQL_RES * res); +``` + +## Description + +This function serves an identical purpose to the [mysql_fetch_field()](mysql_fetch_field) function with the single difference that instead of returning one field at a time for each field, the fields are returned as an array. Each field contains the definition for a column of the result set. + +### Parameters +* `res` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +### Notes +The total number of fields can be obtained by [mysql_field_count()](mysql_field_count). + +## Return value +an array of type `MYSQL_FIELD`. + +## See also +* [mysql_fetch_field()](mysql_fetch_field) +* [mysql_fetch_field_direct()](mysql_fetch_field_direct) +* [mysql_field_count()](mysql_field_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_fetch_lengths.md mariadb-11.8.8/libmariadb/docs/mysql_fetch_lengths.md --- mariadb-11.8.6/libmariadb/docs/mysql_fetch_lengths.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_fetch_lengths.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_fetch_lengths - returns an array of length values for the current row + +## Synopsis +```C +#include + +unsigned long * mysql_fetch_lengths(MYSQL_RES * result); +``` + + + +## Description +The `mysql_fetch_lengths()` function returns an array containing the lengths of every column of the current row within the result set (not including terminating zero character) or `NULL` if an error occurred. + +### Parameter +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). +### Notes +`mysql_fetch_lengths()` is valid only for the current row of the result set. It returns `NULL` if you call it before calling [mysql_fetch_row()](mysql_fetch_row) or after retrieving all rows in the result. + +## Return value +An array of unsigned long values . The size of the array can be determined by the number of fields in current result set. + +## See also + +* [mysql_field_count()](mysql_field_count) +* [mysql_fetch_row()](mysql_fetch_row) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_fetch_row.md mariadb-11.8.8/libmariadb/docs/mysql_fetch_row.md --- mariadb-11.8.6/libmariadb/docs/mysql_fetch_row.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_fetch_row.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_fetch_row - fetches row of data from result set + +## Synopsis +```C +#include + +MYSQL_ROW mysql_fetch_row(MYSQL_RES * result); +``` + + +## Description +Fetches one row of data from the result set and returns it as an array of char pointers (`MYSQL_ROW`), where each column is stored in an offset starting from 0 (zero). Each subsequent call to this function will return the next row within the result set, or NULL if there are no more rows. + +### Parameter +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +### Notes +* If a column contains a `NULL` value the corresponding char pointer will be set to `NULL`. +* Memory associated to `MYSQL_ROW` will be freed when calling [mysql_free_result()](mysql_free_result) function. + + +## Return value +A `MYSQL_ROW` structure (array of character pointers) representing the data of the current row. If there are no more rows available `NULL`will be returned. + +## See also +* [mysql_use_result()](mysql_use_result) +* [mysql_store_result()](mysql_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_field_count.md mariadb-11.8.8/libmariadb/docs/mysql_field_count.md --- mariadb-11.8.6/libmariadb/docs/mysql_field_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_field_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_field_count - returns the number of columns for the most recent statement + +## Synopsis +```C +#include + +unsigned int mysql_field_count(MYSQL * mysql); +``` + +## Description +Returns the number of columns for the most recent statement on the connection represented by the link parameter as an unsigned integer. This function can be useful when using the [mysql_store_result()](mysql_store_result) function to determine if the query should have produced a non-empty result set or not without knowing the nature of the query. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +The `mysql_field_count()` function should be used to determine if there is a result set available. + +## Return value: +The number of columns for the most recent statement. The value is zero, if the statement didn't produce a result set. + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_use_result()](mysql_use_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_field_seek.md mariadb-11.8.8/libmariadb/docs/mysql_field_seek.md --- mariadb-11.8.6/libmariadb/docs/mysql_field_seek.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_field_seek.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mysql_field_seek - sets the field cursor to given offset + +## Synopsis +```C +#include + +MYSQL_FIELD_OFFSET mysql_field_seek(MYSQL_RES * result, + MYSQL_FIELD_OFFSET offset); +``` + + +## Description +Sets the field cursor to the given offset. The next call to [mysql_fetch_field()](mysql_fetch_field) will retrieve the field definition of the column associated with that offset. + +### Parameters +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). +* `offset` - the field number. This number must be in the range from `0`..`number of fields - 1`. + +### Notes + +* The number of fields can be obtained from [mysql_field_count()](mysql_field_count) +. +* To move the field cursor to the first field offset parameter should be zero. + +## Return value +Returns the previous value of the field cursor + +## See also +* [mysql_field_tell()](mysql_field_tell) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_field_tell.md mariadb-11.8.8/libmariadb/docs/mysql_field_tell.md --- mariadb-11.8.6/libmariadb/docs/mysql_field_tell.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_field_tell.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mysql_field_tell - Returns offset of the field cursor + +## Synopsis +```C +#include + +MYSQL_FIELD_OFFSET mysql_field_tell(MYSQL_RES * result); +``` + +## Description +Return the offset of the field cursor used for the last [mysql_fetch_field()](mysql_fetch_field) call. This value can be used as a parameter for the function [mysql_field_seek()](mysql_field_seek). + +### Parameter +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +## Return value +Returns the current offset of the field cursor + +## See also +* [mysql_field_seek()](mysql_field_seek) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_free_result.md mariadb-11.8.8/libmariadb/docs/mysql_free_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_free_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_free_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_free_result - Frees result set + +## Synopsis +```C +#include + +void mysql_free_result(MYSQL_RES * result); +``` + +## Description +Frees the memory associated with a result set. Returns void. + +## Parameters +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +### Notes +* You should always free your result set with mysql_free_result() as soon it's not needed anymore +* Row values obtained by a prior [mysql_fetch_row()](mysql_fetch_row) call will become invalid after calling mysql_free_result(). + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_use_result()](mysql_use_result) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_character_set_info.md mariadb-11.8.8/libmariadb/docs/mysql_get_character_set_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_character_set_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_character_set_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_get_character_set_info - returns character set information + +## Synopsis +```C +#include + +void mysql_get_character_set_info(MYSQL * mysql, + MY_CHARSET_INFO * charset); +``` + + +## Description +Returns information about the current default character set for the specified connection. + +### Parameters +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `charset` - a pointer to a `MY_CHARSET_INFO` structure, in which the information will be copied. + +### Notes +* A complete list of supported character sets in the client library is listed in the function description for [mysql_set_character_set()](mysql_set_character_set). + +## See also +* [mariadb_get_infov()](mariadb_get_infov) +* [mysql_set_character_set()](mysql_set_character_set) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_client_info.md mariadb-11.8.8/libmariadb/docs/mysql_get_client_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_client_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_client_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mysql_get_client_info - returns client library version as string representation + +## Synopsis +```C +#include + +const char * mysql_get_client_info(void ); +``` + +## Description +Returns a string representing the client library version + +### Notes +To obtain the numeric value of the client library version use [mysql_get_client_version()](mysql_get_client_version). + +## See also +* [mysql_get_client_version()](mysql_get_client_version) +* [mysql_get_host_info()](mysql_get_host_info) +* [mysql_get_proto_info()](mysql_get_proto_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_client_version.md mariadb-11.8.8/libmariadb/docs/mysql_get_client_version.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_client_version.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_client_version.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mysql_get_client_version - returns client version number + +## Synopsis +```C +unsigned long mysql_get_client_version(void); +``` + +## Description +Returns a number representing the client library version. The value has the format XXYYZZ: major version * 10000 + minor version * 100 + patch version. +### Notes +* To obtain a string containing the client library version use the [mysql_get_client_info()](mysql_get_client_info) function. +* Note: Since MariaDB Server 10.2.6 and MariaDB Connector/C 3.0.1 the client library is bundled with server package and returns the server package version. To obtain the client version of the connector, please use the constant `MARIADB_PACKAGE_VERSION_ID` + + +## Return value +A long integer representing the client version + +## See also +* [mysql_get_client_info()](mysql_get_client_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_host_info.md mariadb-11.8.8/libmariadb/docs/mysql_get_host_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_host_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_host_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mysql_get_host_info - Returns host information + +## Synopsis +```C +#include +const char * mysql_get_host_info(MYSQL * mysql); +``` + +## Description +Describes the type of connection in use for the connection, including the server host name. Returns a string, or NULL if the connection is not valid. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Returns a string, describing host information or `NULL` if the connection is not valid. + +## See also +* [mysql_get_server_version()](mysql_get_server_version) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_parameters.md mariadb-11.8.8/libmariadb/docs/mysql_get_parameters.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_parameters.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_parameters.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,15 @@ +## Name +mysql_get_parameters - Returns packet size information + +## Synopsis +```C +#include +MYSQL_PARAMETERS mysql_get_parameters(void) +``` + +## Notes +This function is deprecated and will be removed. To obtain information about maximum allowed packet size and +net buffer size please use [mariadb_get_infov()](mariadb_get_infov) instead. + +## See also +* [mariadb_get_infov()](mariadb_get_infov) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_proto_info.md mariadb-11.8.8/libmariadb/docs/mysql_get_proto_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_proto_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_proto_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_get_proto_info - Returns protocol version number + +## Synopsis +```C +#include + +unsigned int mysql_get_proto_info(MYSQL * mysql); +``` + + +## Description +Returns the protocol version number for the specified connection + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +MariaDB Connector/C doesn't support protocol version 9 and prior. + + +## Return value +The protocol version number in use + +## See also +* [mysql_get_host_info()](mysql_get_host_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_server_info.md mariadb-11.8.8/libmariadb/docs/mysql_get_server_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_server_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_server_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_get_server_info - Returns server version as string + +## Synopsis +```C +#include + +const char * mysql_get_server_info(MYSQL * mysql); +``` + +## Description +Returns the server version or `NULL` on failure. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +To obtain the numeric server version please use [mysql_get_server_version()](mysql_get_server_version). + +## Return value +Returns the server version as zero terminated string or `NULL`on failure. + +## See also +* [mysql_get_server_info()](mysql_get_server_info) +* [mysql_get_client_info()](mysql_get_client_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_server_version.md mariadb-11.8.8/libmariadb/docs/mysql_get_server_version.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_server_version.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_server_version.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_get_server_version - returns numeric server version + +## Synopsis +```C +#include + +unsigned long mysql_get_server_version(MYSQL * mysql); +``` + +## Description +Returns an integer representing the version of connected server. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +The form of the version number is VERSION_MAJOR * 10000 + VERSION_MINOR * 100 + VERSION_PATCH. + + +## Return value +The version number of the connected server + +## See also +* [mysql_get_server_info()](mysql_get_server_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_socket.md mariadb-11.8.8/libmariadb/docs/mysql_get_socket.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_socket.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_socket.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mysql_get_socket - Returns the descriptor of the socket used for the current connection + +## Synopsis +```C +#include + +my_socket mysql_get_socket(MYSQL * mysql); +``` + +## Description +Returns the descriptor of the socket used for the current connection. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +A socket handle or INVALID_SOCKET (-1) if the socket descriptor could not be determined, e.g. if the connection doesn't use a socket connection. + +## See also +* [mysql_real_connect()](mysql_real_connect) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_ssl_cipher.md mariadb-11.8.8/libmariadb/docs/mysql_get_ssl_cipher.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_ssl_cipher.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_ssl_cipher.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_get_ssl_cipher - returns the cipher suite in use + +## Synopsis +```C +#include + +const char *mysql_get_ssl_cipher(MYSQL *mysql) +``` + +## Description +Returns the name of the currently used cipher suite of the secure connection, or NULL for non TLS connections. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* For using `mysql_get_ssl_cipher()` MariaDB Connector/C must be built with TLS/SSL support, otherwise the function will return NULL. +* `mysql_get_ssl_cipher()' can be used to determine if the client server connection is secure. +* Depending on the TLS library in use (OpenSSL, GnuTLS or Windows Schannel) the name of the cipher suites may differ. For example the cipher suite 0x002F (`TLS_RSA_WITH_AES_128_CBC_SHA`) has different names: `AES128-SHA` for OpenSSL and Schannel and `TLS_RSA_AES_128_CBC_SHA1` for GnuTLS. + +## Return value +Returns a zero terminated string containing the cipher suite used for a secure connection, or `NULL` if connection doesn't use TLS/SSL. + +## See also +* [mysql_ssl_set()](mysql_ssl_set) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_timeout_value.md mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_timeout_value.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_get_timeout_value - Returns the timeout value for asynchronous operations in seconds. + +## Synopsis +```C +#include + +unsigned int mysql_get_timeout_value(const MYSQL *mysql); +``` + +## Description +Returns the timeout value for asynchronous operations in seconds. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +This function is deprecated. Please use [mariadb_get_infov()](mariadb_get_infov) with option `MARIADB_CONNECTION_ASYNC_TIMEOUT` instead. + +## Return value +Time out value in seconds. + +## See also +* [mysql_get_timeout_value_ms()](mysql_get_timeout_value_ms) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_get_timeout_value_ms.md mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value_ms.md --- mariadb-11.8.6/libmariadb/docs/mysql_get_timeout_value_ms.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_get_timeout_value_ms.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_get_timeout_value - Returns the timeout value for asynchronous operations in milliseconds. + +## Synopsis +```C +#include + +unsigned int mysql_get_timeout_value(const MYSQL *mysql); +``` + +## Description +Returns the timeout value for asynchronous operations in milliseconds. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +This function is deprecated. Please use [mariadb_get_infov()](mariadb_get_infov) with option `MARIADB_CONNECTION_ASYNC_TIMEOUT_MS` instead. + +## Return value +Time out value in seconds. + +## See also +* [mysql_get_timeout_value()](mysql_get_timeout_value) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_hex_string.md mariadb-11.8.8/libmariadb/docs/mysql_hex_string.md --- mariadb-11.8.6/libmariadb/docs/mysql_hex_string.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_hex_string.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,29 @@ +## Name +mysql_hex_string - create a hexadecimal string + +## Synopsis +```C +#include +unsigned long mysql_hex_string(char * to, + const char * from, + unsigned long len); +``` + +## Description +This function is used to create a hexadecimal string which can be used in SQL statements. e.g. `INSERT INTO my_blob VALUES(X'A0E1CD')`. + +### Parameter +* `to` - result buffer +* `from` - the string which will be encoded +* `len` - length of the string (from) + +### Notes +* The size of the buffer for the encoded string must be 2 * length + 1. +* The encoded string does not contain a leading X'. + + +## Return value +Returns the length of the encoded string without the trailing null character. + +## See also +* [mysql_real_escape_string()](mysql_real_escape_string) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_info.md mariadb-11.8.8/libmariadb/docs/mysql_info.md --- mariadb-11.8.6/libmariadb/docs/mysql_info.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_info.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ +## Name +mysql_info - provides information about the last executed statement + +## Synopsis +```C +#include + +const char * mysql_info(MYSQL * mysql); +``` + +## Description +The `mysql_info()` function returns a string providing information about the last statement executed. + +## Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +Statements which do not fall into one of the preceding formats are not supported (e.g. `SELECT`). In these situations mysql_info() will return an empty string. + + +## Return value +Zero terminated information string. The information depends on statement type: + +| Query type | Example result string | +|--|-- +| `INSERT INTO...SELECT...` | Records: 100 Duplicates: 0 Warnings: 0 | +| `INSERT INTO...VALUES (...),(...),(...)` | Records: 3 Duplicates: 0 Warnings: 0 | +| `LOAD DATA INFILE` | Records: 1 Deleted: 0 Skipped: 0 Warnings: 0 | +| `ALTER TABLE ...` | Records: 3 Duplicates: 0 Warnings: 0 | +| `UPDATE ...` | Rows matched: 40 Changed: 40 Warnings: 0 | + +## See also +* [mysql_affected_rows()](mysql_affected_rows) +* [mysql_warning_count()](mysql_warning_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_init.md mariadb-11.8.8/libmariadb/docs/mysql_init.md --- mariadb-11.8.6/libmariadb/docs/mysql_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_init - Prepares and initializes a ```MYSQL``` structure + +## Synopsis +```C +#include + +MYSQL *mysql_init(MYSQL *mysql); +``` +## Description +Prepares and initializes a ```MYSQL``` structure to be used with [mysql_real_connect()](mysql_real_connect). +If an address of a ```MYSQL``` structure was passed as parameter, the structure will be initialized, if ```NULL``` was passed, a new structure will be allocated and initialized. + +**Notes:** +* If parameter ```mysql``` is not ```NULL``` [mysql_close()](mysql_close) API function will not release the memory +* Any subsequent calls to any function (except [mysql_optionsv()](mysql_optionsv) will fail until [mysql_real_connect()](mysql_real_connect) was called. +* Memory allocated by ```mysql_init()``` must be freed with [mysql_close()](mysql_close). + +## Return value +The ```mysql_init()``` function returns an address of a ```MYSQL``` structure, or NULL in case of memory allcation error. + +## See also +* [mysql_close()](mysql_close) +* [mysql_optionsv()](mysql_optionsv) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_insert_id.md mariadb-11.8.8/libmariadb/docs/mysql_insert_id.md --- mariadb-11.8.6/libmariadb/docs/mysql_insert_id.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_insert_id.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_insert_id - returns the auto generated ID used in last statement + +## Synopsis +```C +#include + +my_ulonglong mysql_insert_id(MYSQL * mysql); +``` + +## Description +Returns the auto generated ID generated by a SQL statement (usually INSERT) on a table for +a column defined with AUTO_INCREMENT attribute. + +### Parameters: +`mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +# Return value +Returns the value of the modified column with AUTO_INCREMENT attribute. +If the table doesn't contain an auto_increment column or no INSERT/UPDATE statement was executed, +this function will return zero. + +## See also +* [mysql_query()](mysql_query) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_kill.md mariadb-11.8.8/libmariadb/docs/mysql_kill.md --- mariadb-11.8.6/libmariadb/docs/mysql_kill.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_kill.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mysql_kill - Kills a connection + +## Synopsis +```C +#include + +int mysql_kill(MYSQL * mysql, + unsigned long); + +``` + +## Description + +This function is used to ask the server to kill a MariaDB thread specified by the processid parameter. This value must be retrieved by [show-processlist()](SHOW PROCESSLIST]]. If trying to kill the own connection [mysql_thread_id()](mysql_thread_id) should be used. + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +Returns 0 on success, otherwise nonzero. +* `long` - process id + +### Notes +* To stop a running command without killing the connection use `KILL QUERY`. +* The `mysql_kill()` function only kills a connection, it doesn't free any memory - this must be done explicitly by calling [mysql_close()](mysql_close). + + +## Return value +Returns zero on success, non zero on error. + +## See also +* [mysql_thread_id()](mysql_thread_id) +* [mysql_close()](mysql_close) +* [mariadb_cancel()](mariadb_cancel) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_load_plugin.md mariadb-11.8.8/libmariadb/docs/mysql_load_plugin.md --- mariadb-11.8.6/libmariadb/docs/mysql_load_plugin.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_load_plugin.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,36 @@ +## Name +mysql_load_plugin - Loads and initializes a plugin + +## Synopsis +```C +#include + +struct st_mysql_client_plugin * +mysql_load_plugin(struct st_mysql *mysql, const char *name, int type, + int argc, ...); + +``` + +## Description +Loads and initializes a client plugin. If the plugin was not loaded before, it will be loaded first. + +### Parameters +* `mysql` is a connection identifier, which was previously initialized by [mysql_init()](mysql_init) and optional connected by [mysql_real_connect()](mysql_real_connect). +* `name` The name of the plugin. +* `type` The plugin type or -1 if the plugin type is not known. +* `argc` Number of parameters to pass to the plugin initialization function +* `...` Parameters for plugin initialization + +Valid plugin types are: +`MYSQL_CLIENT_AUTHENTICATION_PLUGIN`, `MARIADB_CLIENT_PVIO_PLUGIN`, `MARIADB_CLIENT_REMOTEIO_PLUGIN`, `MARIADB_CLIENT_CONNECTION_PLUGIN` or `MARIADB_CLIENT_COMPRESSION_PLUGIN`. + +## Return value +A pointer to the plugin handle, or NULL if an error occurred. + +## Notes +- If the type of the plugin is not known, -1 needs to be specified for parameter type. +- The directory which contains the plugin can be specified either by the environment variable `MARIADB_PLUGIN_DIR` or it can be specified with [mysql_optionsv()](mysql_optionsv) using the option `MYSQL_PLUGIN_DIR`. + +## See also +* [mysql_find_plugin()](mysql_find_plugin) +* [mysql_load_pluginv()](mysql_load_pluginv) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_more_results.md mariadb-11.8.8/libmariadb/docs/mysql_more_results.md --- mariadb-11.8.6/libmariadb/docs/mysql_more_results.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_more_results.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,31 @@ +## Name +mysql_more_results - indicates if one or more results are available + +## Synopsis +```C +#include + +my_bool mysql_more_results(MYSQL * mysql); +``` + +## Description +Indicates if one or more result sets are available from a previous call to [mysql_real_query()](mysql_real_query). + +### Parameter +* `mysql` - a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + + +### Notes +* The function [mysql_set_server_option()](mysql_set_server_option) enables or disables multi statement support. +* Multiple result sets can be obtained either by calling a stored procedure or by executing concatenated statements, e.g. `SELECT a FROM t1;SELECT b, c FROM t2`. + + +## Return value +Returns 1 if more result sets are available, otherwise zero. + +## See also +* [mysql_real_query()](mysql_real_query) +* [mysql_use_result()](mysql_use_result) +* [mysql_store_result()](mysql_store_result) +* [mysql_next_result()](mysql_next_result) +* [mysql_set_server_option()](mysql_set_server_option) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_net_field_length.md mariadb-11.8.8/libmariadb/docs/mysql_net_field_length.md --- mariadb-11.8.6/libmariadb/docs/mysql_net_field_length.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_net_field_length.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_net_field_length - Returns the length of a length encoded field + +## Synopsis +```C +#include + +ulong mysql_net_field_length(unsigned char **packet) +``` + + +## Description +Returns the length of a length encoded field and increments the pointer to the beginning of the field. + +## Parameters +* `packet` - a pointer to a length encoded field buffer. + +## Notes +This function is part of the low level protocol API and can be used to retrieve data if a callback function was provided for fetching results from prepared statements. + +## Return value +Returns the length of the field. + +## See also +[mysql_net_read_packet](mysql_net_read_packet) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_net_read_packet.md mariadb-11.8.8/libmariadb/docs/mysql_net_read_packet.md --- mariadb-11.8.6/libmariadb/docs/mysql_net_read_packet.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_net_read_packet.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_net_field_length - Reads an incoming data packet from server + +## Synopsis +```C +#include + +ulong mysql_net_read_packet(MYSQL *mysql) +``` + + +## Description +Reads an incoming data packet from the server. + +## Parameters +* `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Notes +This function is part of the low level protocol API. + +## Return value +Returns the length of the packet. + +## See also +[mysql_net_field_length](mysql_net_field_length) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_next_result.md mariadb-11.8.8/libmariadb/docs/mysql_next_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_next_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_next_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,29 @@ +## Name +mysql_next_result - prepares next result set + +## Synopsis +```C +#include + +int mysql_next_result(MYSQL * mysql); +``` + + +## Description +Prepares next result set from a previous call to [mysql_real_query()](mysql_real_query) which can be retrieved by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](()](mysql_use_result). Returns zero on success, nonzero if an error occurred. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* If a multi query contains errors the return value of [mysql_errno()](mysql_errno) and [mysql_error()](mysql_error) might change and there will be no result set available. + + +## Return value +Returns zero on success, non zero value on error. + +## See also +* [mysql_real_query()](mysql_real_query) +* [mysql_store_result()](mysql_store_result) +* [mysql_use_result()](mysql_use_result) +* [mysql_more_results()](mysql_more_results) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_num_fields.md mariadb-11.8.8/libmariadb/docs/mysql_num_fields.md --- mariadb-11.8.6/libmariadb/docs/mysql_num_fields.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_num_fields.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,22 @@ +## Name +mysql_num_fields - Returns number of fields in a result set + +## Synopsis +```C +#include + +unsigned int mysql_num_fields(MYSQL_RES * ); +``` + +## Description +Returns number of fields in a specified result set. + +### Parameter +* `MYSQL RES *` - A result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). + +## Return value +Returns number of fields. + +## See also +* [mysql_fetch_field()](mysql_fetch_field) +* [mysql_field_count()](mysql_field_count) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_num_rows.md mariadb-11.8.8/libmariadb/docs/mysql_num_rows.md --- mariadb-11.8.6/libmariadb/docs/mysql_num_rows.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_num_rows.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mysql_num_rows - Returns number of rows in a result set. + +## Synopsis +```C +#include + +my_ulonglong mysql_num_rows(MYSQL_RES * ); +``` + + +## Description +Returns number of rows in a result set. + +## Parameters +* `MYSQL_RES` - a result set identifier returned by [mysql_store_result()](mysql_store_result) or [mysql_use_result()](mysql_use_result). +### Notes +The behaviour of `mysql_num_rows()` depends on whether buffered or unbuffered result sets are being used. For unbuffered result sets, `mysql_num_rows()` will not return the correct number of rows until all the rows in the result have been retrieved. + +## See also +* [mysql_affected_rows()](mysql_affected_rows) +* [mysql_use_result()](mysql_use_result) +* [mysql_store_result()](mysql_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_options.md mariadb-11.8.8/libmariadb/docs/mysql_options.md --- mariadb-11.8.6/libmariadb/docs/mysql_options.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_options.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_options - Used to set extra connect options and affect behavior of a connection + +## Synopsis +```C +#include + +int mysql_options(MYSQL * mysql, + enum mysql_option, + const void * arg); +``` + +## Description +Used to set extra connect options and affect behavior for a connection. This function may be called multiple times to set several options. `mysql_options()` should be called after [mysql_init()](mysql_init). + +## Notes +This function is deprecated, new implementations should use [mysql_optionsv()](mysql_optionsv) api function instead. + +## Options +An overview of the possible options can be found in the description of the [mysql_optionsv()](mysql_optionsv) API function. + +## See Also +*[mysql_init()](mysql_init) +*[mysql_optionsv()](mysql_optionsv) +*[mysql_real_connect()](mysql_real_connect) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_options4.md mariadb-11.8.8/libmariadb/docs/mysql_options4.md --- mariadb-11.8.6/libmariadb/docs/mysql_options4.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_options4.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_options4 - Used to set extra connect options and affect behavior of a connection + +## Synopsis +```C +#include + +int mysql_options4(MYSQL * mysql, + enum mysql_option, + const void * arg1, + const void * arg2); +``` + +## Description +Used to set extra connect options and affect behavior for a connection. This function may be called multiple times to set several options. `mysql_options()` should be called after [mysql_init()](mysql_init). + +## Notes +This function is deprecated, new implementations should use [mysql_optionsv()](mysql_optionsv) api function instead. + +## Options +An overview of the possible options can be found in the description of the [mysql_optionsv()](mysql_optionsv) API function. + +## See Also +*[mysql_init()](mysql_init) +*[mysql_optionsv()](mysql_optionsv) +*[mysql_real_connect()](mysql_real_connect) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_optionsv.md mariadb-11.8.8/libmariadb/docs/mysql_optionsv.md --- mariadb-11.8.6/libmariadb/docs/mysql_optionsv.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_optionsv.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,206 @@ +## Name +mysql_optionsv - Used to set extra connect options and affect behavior of a connection + +## Synopsis +```C +#include + +int mysql_optionsv(MYSQL * mysql, + enum mysql_option, + const void * arg, + ...); +``` + +## Description +Used to set extra connect options and affect behavior for a connection. This function may be called multiple times to set several options. `mysql_optionsv()` should be called after [mysql_init()](mysql_init). + +### Options +The following table shows which variable type to use for each option. + +| Variable Type | Values | +|-|-| +| `my_bool` | `MYSQL_OPT_RECONNECT`, `MYSQL_SECURE_AUTH`, `MYSQL_REPORT_DATA_TRUNCATION`, `MYSQL_OPT_SSL_ENFORCE`, `MYSQL_OPT_SSL_VERIFY_SERVER_CERT`, `MARIADB_OPT_SKIP_READ_RESPONSE` +| `unsigned int`| `MYSQL_OPT_PORT`, `MYSQL_OPT_LOCAL_INFILE`, `MYSQL_OPT_CONNECT_TIMEOUT`, `MYSQL_OPT_PROTOCOL`, `MYSQL_OPT_READ_TIMEOUT`, `MYSQL_OPT_WRITE_TIMEOUT` +| `unsigned long` | `MYSQL_OPT_NET_BUFFER_LENGTH`, `MYSQL_OPT_MAX_ALLOWED_PACKET` | +| `const char *` | `MYSQL_INIT_COMMAND`, `MARIADB_OPT_UNIXSOCKET`, `MARIADB_OPT_PASSWORD` , `MARIADB_OPT_USER`, `MARIADB_OPT_HOST`, `MARIADB_OPT_SCHEMA`, `MYSQL_OPT_SSL_KEY`, `MYSQL_OPT_SSL_CERT`, `MYSQL_OPT_SSL_CA`, `MYSQL_OPT_SSL_CAPATH`, `MYSQL_SET_CHARSET_NAME`, `MYSQL_SET_CHARSET_DIR`, `MYSQL_OPT_SSL_CIPHER`, `MYSQL_SHARED_MEMORY_BASE_NAME`, `MYSQL_PLUGIN_DIR`, `MYSQL_DEFAULT_AUTH`, `MARIADB_OPT_SSL_FP`, `MARIADB_OPT_SSL_FP_LIST`, `MARIADB_OPT_TLS_PASSPHRASE`, `MARIADB_OPT_TLS_VERSION`, `MYSQL_OPT_BIND`, `MYSQL_OPT_CONNECT_ATTR_DELETE`, `MYSQL_OPT_CONNECT_ATTR_ADD`, `MARIADB_OPT_CONNECTION_HANDLER`, `MYSQL_SERVER_PUBLIC_KEY`, `MARIADB_OPT_RESTRICTED_AUTH` +| `const char*, unsigned int` | `MARIADB_OPT_RPL_REGISTER_REPLICA` +| - | `MYSQL_OPT_CONNECT_ATTR_RESET` +| void * | `MARIADB_OPT_PROXY_HEADER` + +* `MYSQL_OPT_SSL_ENFORCE`\ +Enable or disable TLS. This option can be used to enable TLS without having to provide TLS certificates, keys or CAs.\ +**Note**: currenty this does not enforce TLS like the option name would suggest. If the server does not support TLS, the protocol will fall back to unencrypted communication. To enforce the use of TLS, use `MYSQL_OPT_SSL_VERIFY_SERVER_CERT` instead. +* `MYSQL_INIT_COMMAND`\ +Command(s) which will be executed when connecting and reconnecting to the server. +* `MYSQL_OPT_COMPRESS`\ +Use the compressed protocol for client server communication. If the server doesn't support compressed protocol, the default protocol will be used. +* `MYSQL_OPT_CONNECT_TIMEOUT`\ +Connect timeout in seconds. This value will be passed as an unsigned ##int## parameter. +* `MYSQL_OPT_LOCAL_INFILE`\ +Enable or disable the use of `LOAD DATA LOCAL INFILE` +* `MYSQL_OPT_NAMED_PIPE`\ +For Windows operating systems only: Use named pipes for client/server communication. +* `MYSQL_PROGRESS_CALLBACK`\ +Specifies a callback function which will be able to visualize the progress of certain long running statements (i.e. `LOAD DATA LOCAL INFILE` or `ALTER TABLE`). The callback function must be defined as followed: +```C +static void report_progress(const MYSQL *mysql __attribute__((unused)), + uint stage, uint max_stage, + double progress __attribute__((unused)), + const char *proc_info __attribute__((unused)), + uint proc_info_length __attribute__((unused))) +``` +* `MYSQL_OPT_PROTOCOL`\ +Specify the type of client/server protocol. Possible values are: `MYSQL_PROTOCOL_TCP`, `MYSQL_PROTOCOL_SOCKET`, `MYSQL_PROTOCOL_PIPE` and `MYSQL_PROTOCOL_MEMORY`. +* `MYSQL_OPT_RECONNECT`\ +Enable or disable automatic reconnect. +* `MYSQL_OPT_READ_TIMEOUT`\ +Specifies the timeout in seconds for reading packets from the server. +* `MYSQL_OPT_WRITE_TIMEOUT`\ +Specifies the timeout in seconds for sending packets to the server. +* `MYSQL_READ_DEFAULT_FILE`\ +Read options from the specified configuration file. If an empty string is passed, the [default configuration files](config_files) (such as /etc/my.cnf, /etc/mysql/my.cnf) will be read. By default, configuration files are not processed unless this option is specified. + +* `MYSQL_READ_DEFAULT_GROUP` +Read options from the specified group within the default configuration file or the file specified by MYSQL_READ_DEFAULT_FILE. Passing an empty string will result in all sections being processed. If no specific file is provided via MYSQL_READ_DEFAULT_FILE, all available [default configuration files](config_files) will be considered. + + **Note:** + In addition to a specified group the following groups will be always processed: + * [client] + * [client-server] + * [client-mariadb] + +* `MYSQL_REPORT_DATA_TRUNCATION`\ +Enable or disable reporting data truncation errors for prepared statements. +* `MYSQL_OPT_BIND`\ +Specify the network interface from which to connect to MariaDB Server. +* `MYSQL_PLUGIN_DIR`\ +Specify the location of client plugins. +* `MYSQL_OPT_NONBLOCK`\ +Specify stack size for non blocking operations. +The argument for MYSQL_OPT_NONBLOCK is the size of the stack used to save the state of a non-blocking operation while it is waiting for I/O and the application is doing other processing. Normally, applications will not have to change this, and it can be passed as zero to use the default value. +* `MYSQL_OPT_NET_BUFFER_LENGTH`\ +Initial network buffer size in bytes. The default value is 16777216 (16MiB). +* `MYSQL_OPT_MAX_ALLOWED_PACKET`\ +Maximum allowed packet length. The default value is 1073741824 (1GiB) on the client side. If the limit is exceeded by a packet sent by the server, an error is generated. +* `MARIADB_OPT_CONNECTION_HANDLER`\ +Specify the name of a connection handler plugin. +* `MARIADB_OPT_USERDATA`\ +Bundle user data to the current connection, e.g. for use in connection handler plugins. This option requires 4 parameters: connection, option, key and value: +```C +mysql_optionsv(mysql, MARIADB_OPT_USERDATA, (void *)"ssh_user", (void *)ssh_user); +``` +* `MARIADB_OPT_CONNECTION_READ_ONLY`\ +This option is used by connection handler plugins and indicates that the current connection will be used for read operations only. +* `MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS`\ +If this option is set, the client indicates that it will be able to handle expired passwords by setting the `CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS` capability flag. If the password has expired and `CLIENT_CAN_HANDLE_EXPIRED_PASSWORDS` is set, the server will not return an error when connecting, but put the connection in sandbox mode, where all commands will return error 1820 (`ER_MUST_CHANGE_PASSWORD`) unless a new password was set. This option was added in MariaDB Connector/C 3.0.4 +* `MARIADB_OPT_STATUS_CALLBACK` \ +Specifies a callback function which will be called whenever the server status changes or the server sent session_track information to the client: +```C +mysql_optionsv(mysql, MARIADB_OPT_STATUS_CALLBACK, function, data) +``` +The callback function must be defined as follows: +```C + void status_callback(void *data, enum enum_mariadb_status_info type, ..) +``` + +Parameters: + + - data Pointer passed with registration of callback function + (usually a connection handle) + - type Information type STATUS_TYPE or SESSION_TRACK_TYPE + +Variadic Parameters: + + if (type == STATUS_TYPE): + - server status (unsigned int) + + if (type == SESSION_TRACK_TYPE) + - enum enum_session_state_type track_type - session track type + + if (track_type == SESSION_TRACK_SYSTEM_VARIABLES) + - MARIADB_CONST_STRING *key + - MARIADB_CONST_STRING *value + + else + - MARIADB_CONST_STRING *value + +` +Note: Specifying a callback function overwrites the internal session tracking function, so API functions mysql_session_track_get_first()/next() can't be used. + +An example can be found in unittest/libmariadb/connection.c (test_status_callback) + +Addid in version 3.3.2 + +* `MARIADB_OPT_SKIP_READ_RESPONSE` \ +Don't read response packets in binary protocol. + +Added in version 3.1.13 + +### Replication/Binlog API options +* `MARIADB_OPT_RPL_REGISTER_REPLICA`\ +Specifies host name and port for Binlog/API. When this option was set, rpl_open() will register replica with server_id, host and port to the connected server. This information can be retrieved by `SHOW SLAVE STATUS` command. This option was added in version 3.3.1 + +### TLS/SSL and Security options +* `MYSQL_OPT_SSL_KEY`\ +Specify the name of a key for a secure connection. If the key is protected with a passphrase, the passphrase needs to be specified with `MARIADB_OPT_PASSPHRASE` option. +* `MYSQL_OPT_SSL_CERT`\ +Specify the name of a certificate for a secure connection. +* `MYSQL_OPT_SSL_CA`\ +Specify the name of a file which contains one or more trusted CAs. +* `MYSQL_OPT_SSL_CAPATH`\ +Specify the path which contains trusted CAs. +* `MYSQL_OPT_SSL_CIPHER`\ +Specify one or more (SSLv3, TLSv1.0 or TLSv1.2) cipher suites for TLS encryption. Even if Connector/C supports TLSv1.3 protocol, it is not possible yet to specify TLSv1.3 cipher suites. +* `MYSQL_OPT_SSL_CRL`\ +Specify a file with a certificate revocation list. +* `MYSQL_OPT_SSL_CRLPATH`\ +Specify a directory with contains files with certificate revocation lists. +* `MARIADB_OPT_SSL_FP`\ +Specify the fingerprint hash of a server certificate for validation during the TLS handshake. For versions prior to 3.4.0 the hash is a SHA1 hash, for versions 3.4.0 and newer SHA256,SHA384 or SHA512. +* `MARIADB_OPT_SSL_FP_LIST`\ +Specify a file which contains one or more fingerprint hashes of server certificates for validation during the TLS handshake. For versions prior to 3.4.0 the hash is a SHA1 hash, for versions 3.4.0 and newer SHA256,SHA384 or SHA512. +* `MARIADB_OPT_SSL_PASPHRASE`\ +Specify a passphrase for a passphrase protected client key. +* `MYSQL_OPT_SSL_VERIFY_SERVER_CERT`\ +Enable (or disable) the verification of the host name against common name (CN) of the server's host certificate. +* `MYSQL_SERVER_PUBLIC_KEY`\ +Specifies the name of the file which contains the RSA public key of the database server. The format of this file must be in PEM format. This option is used by the caching_sha2_password plugin and was added in Connector/C 3.1.0 +* `MARIADB_OPT_TLS_CIPHER_STRENGTH`\ +This option is not in use anymore. +* `MARIADB_OPT_RESTRICTED_AUTH`\ +Specifies one or more comma separated authentication plugins which are allowed for authentication. If the database server asks for an authentication plugin not listed in this option, MariaDB Connector/C will return an error. +This option was added in MariaDB Connector/C 3.3.0 + +### Proxy settings +As per the proxy protocol specification, the connecting client can prefix its first packet with a proxy protocol header. The server will parse the header and assume the client's IP address is the one set in the proxy header. +* `MARIADB_OPT_PROXY_HEADER` - specifies the proxy header which will be prefixed to the first packet. Parameters are void * for the prefix buffer and size_t for length of the buffer: +``` +const char *hdr="PROXY TCP4 192.168.0.1 192.168.0.11 56324 443\r\n"; +mysql_optionsv(mysql, MARIADB_OPT_PROXY_HEADER, hdr, strlen(hdr)); +``` + +### Connection Attributes +Connection attributes are stored in the `session_connect_attrs` and `session_account_connect_attrs `Performance Schema tables. +By default, MariaDB Connector/C sends the following connection attributes to the server: +* `_client_name`: always "libmariadb" +* `_client_version`: version of MariaDB Connector/C +* `_os`: operation system +* _pid: process id +* `_platform`: e.g. x86 or x64 +* `_server_host`: the host name (as specified in mysql_real_connect). This attribute was added in Connector/C 3.0.5 + +**Note:** +If the Performance Schema is disabled, connection attributes will not be stored on server. + +* `MYSQL_OPT_CONNECT_ATTR_DELETE`\ +Deletes a connection attribute for the given key. +* `MYSQL_OPT_CONNECT_ATTR_ADD`\ +Adds a key/value pair to connection attributes. The total length of the stored connection attributes is limited to a maximum of 65535 bytes. +* `MYSQL_OPT_CONNECT_ATTR_RESET`\ +Clears the current list of connection attributes. + +## See Also +*[mysql_init()](mysql_init) +*[mysql_real_connect()](mysql_real_connect) + + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_ping.md mariadb-11.8.8/libmariadb/docs/mysql_ping.md --- mariadb-11.8.6/libmariadb/docs/mysql_ping.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_ping.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_ping - checks if the connection between client and server is working + +## Synopsis +```C +#include + +int mysql_ping(MYSQL * mysql); +``` + +## Description +Checks whether the connection to the server is working. If it has gone down, and global option reconnect is enabled an automatic reconnection is attempted. + + +This function can be used by clients that remain idle for a long while, to check whether the server has closed the connection and reconnect if necessary. + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +### Notes +* If a reconnect occurred the thread_id will change. Also resources bundled to the connection (prepared statements, locks, temporary tables, ...) will be released. + + +## Return value +Returns zero on success, nonzero if an error occurred. + +## See also +* [mysql_optionsv()](mysql_optionsv) +* [mysql_kill()](mysql_kill) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_query.md mariadb-11.8.8/libmariadb/docs/mysql_query.md --- mariadb-11.8.6/libmariadb/docs/mysql_query.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_query.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mysql_query - executes a null terminated statement string + +## Synopsis +```C +#include + +int mysql_query(MYSQL * mysql, + const char * query); +``` + + +## Description +Performs a statement pointed to by the null terminate string query against the database. Contrary to [mysql_real_query()](mysql_real_query), mysql_query() is not binary safe. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `query` -a null terminated string containing the statement to be performed. + +### Notes +* For executing multi statements the statements within the null terminated string statements must be separated by a semicolon. +* If your statement contains binary data you should use [mysql_real_query()](mysql_real_query) or escape your data with [mysql_hex_string()](mysql_hex_string). +* To determine if a statement returned a result set use the function [mysql_field_count()](mysql_field_count). + +## Return value +Returns zero on success, non zero on failure. + +## See also +* [mysql_real_query()](mysql_real_query) +* [mysql_field_count()](mysql_field_count) +* [mysql_hex_string()](mysql_hex_string) +* [mysql_use_result()](mysql_use_result) +* [mysql_store_result()](mysql_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_read_query_result.md mariadb-11.8.8/libmariadb/docs/mysql_read_query_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_read_query_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_read_query_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_read_query_result - waits for a server result or response package + +## Synopsis +```C +#include + +my_bool mysql_read_query_result(MYSQL * mysql); +``` + +## Description +Waits for a server result set or response package from a previously executed [mysql_send_query()](mysql_send_query). + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Zero on success, non zero on error. + +## Example +For an example how to use 'mysql_send_query()` in an event driven model, please check Jan Kneschke's Blog entry ["Async MySQL Queries with C-API"](https://jan.kneschke.de/projects/mysql/async-mysql-queries-with-c-api/). + +## See also +* [mysql_real_query()](mysql_real_query) +* [mysql_send_query()](mysql_send_query) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_real_connect.md mariadb-11.8.8/libmariadb/docs/mysql_real_connect.md --- mariadb-11.8.6/libmariadb/docs/mysql_real_connect.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_real_connect.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,65 @@ +## Name +mysql_real_connect - establishes a connection to a MariaDB database server + +## Synopsis +```C +MYSQL * mysql_real_connect(MYSQL *mysql, + const char *host, + const char *user, + const char *passwd, + const char *db, + unsigned int port, + const char *unix_socket, + unsigned long flags); +``` + +## Description +Establishes a connection to a database server. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) +* `host` - can be either a host name or an IP address. Passing the NULL value or the string "localhost" to this parameter, the local host is assumed. When possible, pipes will be used instead of the TCP/IP protocol. Since version 3.3.0 it is also possible to provide a comma separated list of hosts for simple fail over in case of one or more hosts are not available. +* `user` - the user name. If NULL or an empty string "" is specified, the current user will be used. +* `passwd` - If provided or NULL, the server will attempt to authenticate the user against those user records which have no password only. This allows one username to be used with different permissions (depending on if a password as provided or not). +* `db` - if provided will specify the default database to be used when performing queries. +* `port` - specifies the port number to attempt to connect to the server. +* `unix_socket` - specifies the socket or named pipe that should be used. +* `flags` - the flags allows various connection options to be set\ + +| Flag| Description | +|--|-- +| `CLIENT_FOUND_ROWS`| Return the number of matched rows instead of number of changed rows.| +| `CLIENT_NO_SCHEMA`| Forbids the use of database.tablename.column syntax and forces the SQL parser to generate an error. +| `CLIENT_COMPRESS` | Use compression protocol +| `CLIENT_IGNORE_SPACE` | Allows spaces after function names. All function names will become reserved words. +| `CLIENT_LOCAL_FILES` | Allows LOAD DATA LOCAL statements +| `CLIENT_MULTI_STATEMENTS` | Allows the client to send multiple statements in one command. Statements will be divided by a semicolon. +| `CLIENT_MULTI_RESULTS` | Indicates that the client is able to handle multiple result sets from stored procedures or multi statements. This option will be automatically set if CLIENT_MULTI_STATEMENTS is set. +| `CLIENT_REMEMBER_OPTIONS` | Remembers options passed to [mysql_optionsv()](mysql_optionsv) if a connect attempt failed. If MYSQL_OPTIONS_RECONNECT option was set to true, options will be saved and used for reconnection. +## Return value +returns a connection handle (same as passed for 1st parameter) or NULL on error. On error, please check [mysql_errno()](mysql_errno) and [mysql_error()](mysql_error) functions for more information. + +## Notes +* The password doesn't need to be encrypted before executing mysql_real_connect(). This will be handled in the client server protocol. +* The connection handle can't be reused for establishing a new connection. It must be closed and reinitialized before. +* mysql_real_connect() must complete successfully before you can execute any other API functions beside [mysql_optionsv()](mysql_optionsv). +* host parameter may contain multiple host/port combinations (supported since version 3.3.0). The following syntax is required: + - hostname and port must be separated by a colon (:) + - IPv6 addresses must be enclosed within square brackets + - hostname:port pairs must be be separated by a comma (,) + - if only one host:port was specified, the host string needs to end + with a comma. + - if no port was specified, the default port will be used. + + **Examples for failover host string:** + + `host=[::1]:3306,192.168.0.1:3306,test.example.com` + + `host=127.0.0.1:3306,` + +## See also +* [mysql_init()](mysql_init) +* [mysql_close()](mysql_close) +* [mariadb_reconnect()](mariadb_reconnect) +* [mysql_error()](mysql_error) +* [mysql_errno()](mysql_errno) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_real_connect_non_block.md mariadb-11.8.8/libmariadb/docs/mysql_real_connect_non_block.md --- mariadb-11.8.6/libmariadb/docs/mysql_real_connect_non_block.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_real_connect_non_block.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_real_connect_start, mysql_real_connect_cont - establishes a connection to a MariaDB database server + +## Synopsis +```C +#include + +int mysql_real_connect_start(MYSQL **ret, + MYSQL *mysql, + const char *host, + const char *user, + const char *passwd, + const char *db, + unsigned int port, + const char *unix_socket, + unsigned long client_flags); + +int mysql_real_connect_cont(MYSQL **ret, + MYSQL *mysql, + int ready_status); +``` + +## Description +`mysql_real_connect_start()` initiates a non-blocking connection request to a server.\ +`mysql_real_connect_cont()` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_real_escape_string.md mariadb-11.8.8/libmariadb/docs/mysql_real_escape_string.md --- mariadb-11.8.6/libmariadb/docs/mysql_real_escape_string.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_real_escape_string.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_real_escape_string - escape string by taking into account character set of connection + +## Synopsis +```C +#include + +unsigned long mysql_real_escape_string(MYSQL * mysql, + char * to, + const char * from, + unsigned long); +``` + +## Description +This function is used to create a legal SQL string that you can use in an SQL statement. The given string is encoded to an escaped SQL string, taking into account the current character set of the connection. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `to` - buffer for the encoded string. The size of this buffer must be length * 2 + 1 bytes: in worst case every character of the from string needs to be escaped. Additionally a trailing 0 character will be appended. +* `from` - a string which will be encoded by mysql_real_escape_string(). +* `long` - the length of the `from` string. + +## Return value +Returns the length of the encoded (to) string. + +## See also +* [mysql_escape_string()](mysql_escape_string) +* [mysql_hex_string()](mysql_hex_string) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_real_query.md mariadb-11.8.8/libmariadb/docs/mysql_real_query.md --- mariadb-11.8.6/libmariadb/docs/mysql_real_query.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_real_query.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,33 @@ +## Name +mysql_real_query - execute a statement (binary safe) + +## Synopsis +```C +#include + +int mysql_real_query(MYSQL * mysql, + const char * query, + unsigned long length); +``` + +## Description + +mysql_real_query() is the binary safe function for performing a statement on the database server. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `query` - a string containing the statement to be performed. +* `length` - length of the string. + +### Notes +* Contrary to the [mysql_query()](mysql_query) function, mysql_real_query is binary safe. +* To determine if mysql_real_query returns a result set use the [mysql_num_fields()](mysql_num_fields) function. + +## Return value +Returns zero on success, otherwise non zero. + +## See also +* [mysql_query()](mysql_query) +* [mysql_num_fields()](mysql_num_fields) +* [mysql_use_result()](mysql_use_result) +* [mysql_store_result()](mysql_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_refresh.md mariadb-11.8.8/libmariadb/docs/mysql_refresh.md --- mariadb-11.8.6/libmariadb/docs/mysql_refresh.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_refresh.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,37 @@ +## Name +mysql_refresh - flushes information on the server + +## Synopsis +```C +#include + +int mysql_refresh(MYSQL * mysql, unsigned int options); +``` + + +## Description +Flushes different types of information stored on the server. The bit-masked parameter options specify which kind of information will be flushed. + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `options` - a bit masked composed integer. See below. + +`options` can be any combination of the following flags: + +| Option | Description | +|-|-| +| `REFRESH_GRANT` | Refresh grant tables. | +| `REFRESH_LOG` | Flush logs. | +| `REFRESH_TABLES` | Flush table cache. | +| `REFRESH_HOSTS` | Flush host cache. | +| `REFRESH_STATUS` | Reset status variables. | +| `REFRESH_THREADS` | Flush thread cache. | +| `REFRESH_SLAVE` | Reset master server information and restart slaves. | +| `REFRESH_MASTER` | Remove binary log files. | + +### Notes +* To combine different values in the options parameter use the OR operator '|'. +* `mysql_reload()` is an alias for mysql_refresh(). + +## Return value +Returns zero on success, otherwise non zero. diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_reset_connection.md mariadb-11.8.8/libmariadb/docs/mysql_reset_connection.md --- mariadb-11.8.6/libmariadb/docs/mysql_reset_connection.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_reset_connection.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,40 @@ +## Name +mysql_reset_connection - Resets connection and clears session state + +## Synopsis +```C +#include + +int mysql_reset_connection(MYSQL * mysql); +``` + +## Description +Resets the current connection and clears session state. Similar to [mysql_change_user()](mysql_change_user) or [mariadb_reconnect()](mariadb_reconnect), mysql_reset_connection() resets session status, but without disconnecting, opening, or reauthenticating. + +On client side mysql_reset_connection() +* clears pending or unprocessed result sets +* clears status like affected_rows, info or last_insert_id +* invalidates active prepared statements + +On server side mysql_reset_connection() +* drops temporary table(s) +* rollbacks active transaction +* resets autocommit mode +* releases table locks +* initializes session variables (and sets them to the value of corresponding global variables) +* closes active prepared statements +* clears user variables + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Returns zero on success, non zero if an error occurred. + +## History +This function was added in MariaDB Connector/C 3.0.0. + +## See also +* [mariadb_cancel()](mariadb_cancel) +* [mysql_kill()](mysql_kill) + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_rollback.md mariadb-11.8.8/libmariadb/docs/mysql_rollback.md --- mariadb-11.8.6/libmariadb/docs/mysql_rollback.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_rollback.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mysql_rollback - Rolls back the current transaction + +## Synopsis +```C +#include + +my_bool mysql_rollback(MYSQL * mysql); +``` + + +## Description +Rolls back the current transaction for the database. Returns zero on success, nonzero if an error occurred. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* mysql_rollback() will not work as expected if autocommit mode was set or the storage engine does not support transactions. + +## See also +* [mysql_commit()](mysql_commit) +* [mysql_autocommit()](mysql_autocommit) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_row_seek.md mariadb-11.8.8/libmariadb/docs/mysql_row_seek.md --- mariadb-11.8.6/libmariadb/docs/mysql_row_seek.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_row_seek.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_row_seek - Positions the row cursor to an arbitrary row + +## Synopsis +```C +#include + +MYSQL_ROW_OFFSET mysql_row_seek(MYSQL_RES * result, + MYSQL_ROW_OFFSET offset); +``` + +## Description +Positions the row cursor to an arbitrary row in a result set which was obtained by [mysql_store_result()](mysql_store_result). + +### Parameter +* `result` - a result set identifier returned by [mysql_store_result()](mysql_store_result). +* `offset` - row offset. This value can be obtained either by mysql_row_seek() or [mysql_row_tell()](mysql_row_tell) + +### Notes +* This function will not work if the result set was obtained by [mysql_use_result()](mysql_use_result). + +## Return value +Returns the previous row offset. + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_row_tell()](mysql_row_tell) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_row_tell.md mariadb-11.8.8/libmariadb/docs/mysql_row_tell.md --- mariadb-11.8.6/libmariadb/docs/mysql_row_tell.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_row_tell.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mysql_row_tell - Returns row offset of a result cursor + +## Synopsis +```C +#include + +MYSQL_ROW_OFFSET mysql_row_tell(MYSQL_RES * res); +``` + +## Description +Returns the row offset of a result cursor. The returned offset value can be used to reposition the result cursor by calling [mysql_row_seek()](mysql_row_seek). + +### Parameter +* `res` - a result set identifier returned by [mysql_store_result()](mysql_store_result). + +### Notes +* This function will not work if the result set was obtained by [mysql_use_result()](mysql_use_result). + + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_row_seek()](mysql_row_seek) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_select_db.md mariadb-11.8.8/libmariadb/docs/mysql_select_db.md --- mariadb-11.8.6/libmariadb/docs/mysql_select_db.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_select_db.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,64 @@ +## Name +mysql_select_db - selects a database as default + +## Synopsis +```C +#include + +int mysql_select_db(MYSQL * mysql, + const char * db); +``` + +## Description +Selects a database as default. Returns zero on success, non-zero on failure + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `db` - the default database name + +### Notes +* To retrieve the name of the default database either execute the SQL command `SELECT DATABASE()` or retrieve the value via [mariadb_get_infov()](mariadb_get_infov) API function. +* The default database can also be set by the db parameter in [mysql_real_connect()](mysql_real_connect). + +## Examples +### SQL +```SQL +# switch to default database test +USE test; +# check default database +SELECT DATABASE(); ++------------+ +| database() | ++------------+ +| test | ++------------+ +``` + +### MariadDB Connector/C +```C +static int set_default_db(MYSQL *mysql) +{ + int rc; + char *default_db; + + /* change default database to test */ + rc= mysql_select_db(mysql, "test"); + if (rc) + return rc; /* Error */ + + /* get the default database */ + rc= mariadb_get_infov(mysql, MARIADB_CONNECTION_SCHEMA, &default_db); + if (rc) + return rc; /* Error */ + + if (strcmp("test", default_db) != NULL) + { + printf("Wrong default database\n"); + return 1; + } + printf("Default database: %s", default_db); + return 0; +} +``` +## See also +[mysql_real_connect()](mysql_real_connect) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_send_query.md mariadb-11.8.8/libmariadb/docs/mysql_send_query.md --- mariadb-11.8.6/libmariadb/docs/mysql_send_query.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_send_query.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mysql_send_query - sends a SQL statement without waiting for server response + +## Synopsis +```C +#include + +int mysql_send_query(MYSQL * mysql, + const char *query, + unsigned long length); +``` + +## Description +Sends a statement to the server, without waiting for the Server OK packet and/or resultset. + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `query` - SQL statement +* `length` - length of the SQL statement + +### Notes +* The OK and result set package need to be retrieved by [mysql_read_query_result()](mysql_read_query_result) function +* `mysql_send_query()` can be used for semi asynchronous operation. While the function itself is blocking, an event driven application can do other tasks until result set is available. + +## Example +For an example how to use 'mysql_send_query()` in an event driven model, please check Jan Kneschke's article ["Async MySQL Queries with C-API"](https://jan.kneschke.de/projects/mysql/async-mysql-queries-with-c-api/). + +## See also +* [mysql_real_query](mysql_real_query) +* [mysql_read_query_result](mysql_read_query_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_server_end.md mariadb-11.8.8/libmariadb/docs/mysql_server_end.md --- mariadb-11.8.6/libmariadb/docs/mysql_server_end.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_server_end.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Name +mysql_server_end - Called when finished using MariaDB Connector/C + +## Synopsis +```C +#include + +void mysql_server_end(void) +``` + +## Description +Call when finished using the library, such as after disconnecting from the server. For a client program, only cleans up by performing memory management tasks. + +### Notes +* `mysql_library_end()` is an alias for `mysql_server_end()`. +* In MySQL Connector/C versions 3.0.1 to 3.0.4 it was not possible to call multiple times [mysql_server_init()](mysql_server_init) and `mysql_server_end()`. + + +## See also +* [mysql_server_init()](mysql_server_init) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_server_init.md mariadb-11.8.8/libmariadb/docs/mysql_server_init.md --- mariadb-11.8.6/libmariadb/docs/mysql_server_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_server_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_server_init - Initializes library + +## Synopsis +```C +#include + +int mysql_library_init(int argc __attribute__((unused)), + char **argv __attribute__((unused)), + char **groups __attribute__((unused))) +``` + +## Description +Call to initialize the library before calling other functions. + + +## Parameters +All parameters are unused, they only exist for compatibility reasons. + +### Notes +* Call [mysql_server_end()](mysql_server_end) to clean up after completion. +* If the library was not explicitly initialized by `mysql_server_init()` any call to [mysql_init()](mysql_init) will automatically initialize the library. +* `mysql_library_init()` is an alias for `mysql_server_init()` + +## Return value +Returns zero for success, or nonzero if an error occurred. +## See also +* [mysql_server_end()](mysql_server_end) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_session_track_get_first.md mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_first.md --- mariadb-11.8.6/libmariadb/docs/mysql_session_track_get_first.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_first.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,42 @@ +## Name +mysql_session_track_get_first - retrieves first session status change information + +## Synopsis +```C +#include + +int mysql_session_track_get_first(MYSQL * mysql, + enum enum_session_state_type type, + const char **data, + size_t *length ); +``` + + +## Description +`mysql_session_track_get_first()` retrieves the first session status change information received from the server. + +Depending on the specified type the read only data pointer will contain the following information: +* `SESSION_TRACK_SCHEMA`: The name of the default schema (database) +* `SESSION_TRACK_SYSTEM_VARIABLES`: If a session system variable is changed, the first call contains the name of the changed system variable, the second call contains the new value. Both name and value are represented as strings. +* `SESSION_TRACK_STATE_CHANGE`: shows whether the session status has changed. The value is changed as string "1" (changed) or "0" (unchanged). + +Further data needs to be obtained by calling [mysql_session_track_get_next()](mysql_session_track_get_next). + +### Parameter +* `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `type` - type of information. Valid values are + * `SESSION_TRACK_SYSTEM_VARIABLES` + * `SESSION_TRACK_SCHEMA` + * `SESSION_TRACK_STATE_CHANGE` + * `SESSION_TRACK_GTIDS` (unsupported) +* `data` - pointer to data, which must be declared as `const char *` +* `length` - pointer to a `size_t` variable, which will contain the length of data + +## Returns +Zero for success, nonzero if no session tracking information is available. + +## History +`mysql_session_track_get_first()` was added in Connector/C 3.0 and MariaDB Server 10.2. + +## See also +* [mysql_session_track_get_next()](mysql_session_track_get_next) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_session_track_get_next.md mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_next.md --- mariadb-11.8.6/libmariadb/docs/mysql_session_track_get_next.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_session_track_get_next.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,35 @@ +## Name +mysql_session_track_get_next - Retrieves the next session status change information + +## Synopsis +```C +#include + +int mysql_session_track_get_next(MYSQL * mysql, + enum enum_session_state_type type, + const char **data, + size_t *length ); +``` +## Description +`mysql_session_track_get_next()` retrieves the session status change information received from the server after a successful call to [mysql_session_track_get_first()](mysql_session_track_get_first). + +`mysql_session_track_get_next()` needs to be called repeatedly until a non zero return value indicates end of data. + +### Parameters +* `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected bys [mysql_real_connect()](mysql_real_connect). +* `type` - type of information. Valid values are + * `SESSION_TRACK_SYSTEM_VARIABLES` + * `SESSION_TRACK_SCHEMA` + * `SESSION_TRACK_STATE_CHANGE` + * `SESSION_TRACK_GTIDS` (unsupported) +* `data` - pointer to data, which must be declared as `const char *` +* `length` - pointer to a `size_t` variable, which will contain the length of data + +## Return value +Zero for success, nonzero if an error occurred. + +## History +`mysql_session_track_get_next()` was added in Connector/C 3.0 and MariaDB Server 10.2. + +## See also +[mysql_session_track_get_first()](mysql_session_track_get_first) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_set_character_set.md mariadb-11.8.8/libmariadb/docs/mysql_set_character_set.md --- mariadb-11.8.6/libmariadb/docs/mysql_set_character_set.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_set_character_set.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,73 @@ +## Name +mysql_set_character_set - Sets the default character set for connection + +## Synopsis +```C +#include + +int mysql_set_character_set(MYSQL * mysql, + const char * csname); +``` + + +## Description +Sets the default character setfor the current connection. Returns zero on success, non-zero on failure. + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) or [mysql_real_connect()](mysql_real_connect). +* `csname` - character set name +### Notes +* It's strongly recommended to use mysql_set_character_set() instead of `SET NAMES ...` since [mysql_real_escape_string()](mysql_real_escape_string) might fail or deliver unexpected results. + + +## Return value +Zero on success, non zero if an error occurred + +## Supported character sets +The client library supports the following character sets: + +| Character set | Description | +|--|--| +| armscii8 | 8 bit character set for Armenian | +| ascii | US ASCII character set | +| big5 | 2 byte character set for traditional Chinese, Hongkong, Macau and Taiwan | +| binary | 8 bit binary character set | +| cp1250 | Windows code page 1250 character set | +| cp1251 | Windows code page 1251 character set | +| cp1256 | Windows code page 1256 character set | +| cp1257 | Windows code page 1257 character set | +| cp850 | MS-DOS Codepage 850 (Western Europe) | +| cp852 | MS-DOS Codepage 852 (Middle Europe) | +| cp866 | MS-DOS Codepage 866 (Russian) | +| cp932 | Microsoft Codepage 932 (Extension to sjis) | +| dec8 | DEC West European | +| eucjpms | UJIS for Windows Japanese | +| euckr | EUC KR-Korean | +| gb2312 | GB-2312 simplified Chinese | +| gbk | GBK simplified Chinese | +| geostd8 | GEOSTD8 Georgian | +| greek | ISO 8859-7 Greek | +| hebrew | ISO 8859-8 Hebrew | +| hp8 | HP West European | +| keybcs2 | DOS Kamenicky Czech-Slovak | +| koi8r | KOI8-R Relcom Russian | +| koi8u | KOI8-U Ukrainian | +| latin1 | CP1252 Western European | +| latin2 | ISO 8859-2 Central Europe | +| latin5 | ISO 8859-9 Turkish | +| latin7 | ISO 8859-13 Baltic | +| macce | MAC Central European | +| macroman | MAC Western European | +| sjis | SJIS for Windows Japanese | +| swe7 | 7-bit Swedish | +| tis620 | TIS620 Thai | +| ucs2 | UCS-2 Unicode | +| ujis | EUC-JP Japanese | +| utf8 | UTF-8 Unicode | +| utf16 | UTF-16 Unicode | +| utf32 | UTF-32 Unicode | +| utf8mb4 | UTF 4-byte Unicode | + +## See also +* [mysql_get_character_set_info()](mysql_get_character_set_info) +* [mysql_real_escape_string()](mysql_real_escape_string) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_set_local_infile_default.md mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_default.md --- mariadb-11.8.6/libmariadb/docs/mysql_set_local_infile_default.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_default.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mysql_set_local_infile_default - Sets local infile callback functions to default + +## Synopsis +```C +#include + +void mysql_set_local_infile_default(MYSQL *conn); +``` + +## Description +Sets local infile callback functions to MariaDB Connector/C internal default callback functions. + +### Parameter +* `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) + +## See also +* [mysql_set_local_infile_handler()](mysql_set_local_infile_handler) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_set_local_infile_handler.md mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_handler.md --- mariadb-11.8.6/libmariadb/docs/mysql_set_local_infile_handler.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_set_local_infile_handler.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,48 @@ +## Name +mysql_set_local_infile_handler - Registers callback functions for LOAD DATA LOCAL INFILE + +## Synopsis +```C +#include + +void STDCALL mysql_set_local_infile_handler(MYSQL *conn, + int (*local_infile_init)(void **, const char *, void *), + int (*local_infile_read)(void *, char *, uint), + void (*local_infile_end)(void *), + int (*local_infile_error)(void *, char *, uint), + void *userdata); +``` + +## Description +Registers four callback functions which will be called if a LOAD DATA LOCAL INFILE command will be executed. + +The initialization function accepts 3 parameters and returns zero on success, nonzero on error. It allocates an +handle, which will be passed to read, end and error functions: + +`int init(void **handle, const char *filename, void *userdata)` + +The read function is called repeatly to read data chunks from file into buffer. The amount of bytes is limited by parameer buffer_len. The function returns the number of bytes which were read from the file: + +`int mysql_local_infile_read(void *handle, char * buffer, unsigned int buffer_len)` + +The end function will be called after the read function returned zero (no more bytes to read). To prevent leaking of resources, the file must be closed and handle must be freed inside this function: + +`void end(void *handle);` + +The error function is called to get an error message in case init, read or end functions returned an error. + +`error(void *handler, char *error_buf, unsigned int error_buf_len);` + + + +## Parameter +* `mysql` - mysql handle, which was previously allocated by [mysql_init()](mysql_init) +* `local_infile_init` - initialization function, e.g. for opening the file +* `local_infile_read` - read function +* `local_infile_end` - terminating function, e.g. for closing the file +* `local_infile_error` - error function +* `userdata` - a buffer which will be passed to all callback function + + +## See also +* [mysql_set_local_infile_handler()](mysql_set_local_infile_handler) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_set_server_option.md mariadb-11.8.8/libmariadb/docs/mysql_set_server_option.md --- mariadb-11.8.6/libmariadb/docs/mysql_set_server_option.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_set_server_option.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,32 @@ +## Name +mysql_set_server_option - Sets server option + +## Synopsis +```C +#include + +int mysql_set_server_option(MYSQL * mysql, + enum enum_mysql_set_option); +``` + + +## Description + +Sets server option. + +### Parameters +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `enum_mysql_set_option` - server option (see below) + Server option, which can be one of the following values: + +| Option | Description | +|--|--| +| MYSQL_OPTION_MULTI_STATEMENTS_OFF | Disables multi statement support | +| MYSQL_OPTION_MULTI_STATEMENTS_ON | Enable multi statement support | + + +## Return value +Returns zero on success, non-zero on failure. + +## See also +* [mysql_real_connect()](mysql_real_connect) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_shutdown.md mariadb-11.8.8/libmariadb/docs/mysql_shutdown.md --- mariadb-11.8.6/libmariadb/docs/mysql_shutdown.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_shutdown.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,31 @@ +## Name +mysql_shutdown - Sends shutdown message to server + +## Synopsis +```C +#include + +int mysql_shutdown(MYSQL * mysql, + enum mysql_enum_shutdown_level); +``` + + +## Description +This function is deprecated. Instead please use SQL `SHUTDOWN` command. + +Sends a shutdown message to the server. + +## Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +* `mysql_enum_shutdown_level` - currently only one shutdown level, `SHUTDOWN_DEFAULT` is supported. + +### Notes +* To shutdown the database server, the user for the current connection must have SHUTDOWN privileges. + +## Return value +Returns zero on success, non-zero on failure. + + + +## See also +* [mysql_kill()](mysql_kill) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_sqlstate.md mariadb-11.8.8/libmariadb/docs/mysql_sqlstate.md --- mariadb-11.8.6/libmariadb/docs/mysql_sqlstate.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_sqlstate.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_sqlstate - returns SQLSTATE error code + +## Synopsis +```C +#include + +const char * mysql_sqlstate(MYSQL * mysql); +``` + +## Description +Returns a string containing the SQLSTATE error code for the most recently invoked function that can succeed or fail. The error code consists of five characters. '00000' means no error. The values are specified by ANSI SQL and ODBC + +## Parameter +### Notes +Please note that not all client library error codes are mapped to SQLSTATE errors. Errors which can't be mapped will returned as value HY000. + + +## Return value +A string containing SQLSTATE error code. + +## See also +* [mysql_error()](mysql_error) +* [mysql_errno()](mysql_errno) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_ssl_set.md mariadb-11.8.8/libmariadb/docs/mysql_ssl_set.md --- mariadb-11.8.6/libmariadb/docs/mysql_ssl_set.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_ssl_set.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,44 @@ +## Name +mysql_ssl_set - Sets TLS/SSL options + +## Synopsis +```C +#include + +my_bool mysql_ssl_set(MYSQL *mysql, + const char *key, + const char *cert, + const char *ca, + const char *capath, + const char *cipher) +``` + + +## Description + +Used for establishing a secure TLS connection. It must be called before attempting to use [mysql_real_connect()](mysql_real_connect). TLS support must be enabled in the client library in order for the function to have any effect. + +`NULL` can be used for an unused parameter. Always returns zero. + +To enable TLS without specifying certificates, set all values to `NULL`: +```C +mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL) +``` + +This is the same as [`mysql_optionsv(mysql, MYSQL_OPT_SSL_ENFORCE, &yes)`](mysql_optionsv). + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init). +* `key` - path to the key file. +* `cert` - path to the certificate file. +* `ca` - path to the certificate authority file. +* `capath` - path to the directory containing the trusted TLS CA certificates in PEM format. +* `cipher` list of permitted (SSLv3, TLSv1.0 or TLSv1.2) cipher suites to use for TLS encryption. + +### Notes +* [mysql_real_connect()](mysql_real_connect) will return an error if attempting to connect and TLS is incorrectly set up. +* Even if Connector/C supports TLSv1.3 protocol, it is not possible yet to specify TLSv1.3 cipher suites via `cipher` parameter. + + +## See also +* [mysql_get_ssl_cipher()](mysql_get_ssl_cipher) \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stat.md mariadb-11.8.8/libmariadb/docs/mysql_stat.md --- mariadb-11.8.6/libmariadb/docs/mysql_stat.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stat.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_stat - Returns current server status + +## Synopsis +```C +#include + +const char * mysql_stat(MYSQL * mysql); +``` + + +## Description +mysql_stat() returns a string with the current server status for uptime, threads, queries, open tables, flush tables and queries per second. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected byy [mysql_real_connect()](mysql_real_connect). + +### Notes +For a complete list of other status variables, you have to use the [show-status()](SHOW STATUS]] SQL command. + + +## Return value +Returns a string representing current server status. + +## See also +* [mysql_get_server_info()](mysql_get_server_info) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_affected_rows.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_affected_rows.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_affected_rows.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_affected_rows.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,22 @@ +## Name +mysql_stmt_affected_rows - Returns the number of affected rows from previous executed prepared statement + +## Synopsis +```C +#include + +my_ulonglong mysql_stmt_affected_rows(MYSQL_STMT * stmt); +``` +## Description +Returns the number of affected rows by the last prepared statement associated with mysql, if the operation was an "upsert" (INSERT, UPDATE, DELETE or REPLACE) statement, or -1 if the last prepared statement failed. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init().]] + +## Notes +* When using `UPDATE`, MariaDB will not update columns where the new value is the same as the old value. This creates the possibility that `mysql_stmt_affected_rows()` may not actually equal the number of rows matched, only the number of rows that were literally affected by the query. +* The `REPLACE` statement first deletes the record with the same primary key and then inserts the new record. This function returns the number of deleted records in addition to the number of inserted records. + + +## See Also +* [mysql_stmt_insert_id()](mysql_stmt_insert_id) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_attr_get.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_get.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_attr_get.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_get.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,37 @@ +## Name +mysql_stmt_attr_get - Gets the current value of a statement attribute + +## Synopsis +```C +#include + +my_bool mysql_stmt_attr_get(MYSQL_STMT * stmt, + enum enum_stmt_attr_type, + void * attr); +``` + +## Description +Gets the current value of a statement attribute. Returns zero on success, non zero on failure. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `enum_stmt_attr_type` - attribute. See below. +* `attr` - pointer to a variable, which will contain the attribute value. + + +### Attribute types +The `enum_stmt_attr_type` parameter has the following possible values: + +| Value | Type | Description +|-|-|- +|`STMT_ATTR_UPDATE_MAX_LENGTH`| `my_bool *` | Indicates if [mysql_stmt_store_result()](mysql_stmt_store_result) will update the max_length value of `MYSQL_FIELD` structures. +| `STMT_ATTR_CURSOR_TYPE` | `unsigned long *` | Possible values are `CURSOR_TYPE_READ_ONLY` or default value `CURSOR_TYPE_NO_CURSOR`. +| `STMT_ATTR_PREFETCH_ROWS` | `unsigned long *` | Number of rows which will be prefetched. The default value is 1. +| `STMT_ATTR_PREBIND_PARAMS` | `unsigned int *`| Number of parameters used for [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct) +| `STMT_ATTR_STATE` | `enum mysql_stmt_state *` | Status of prepared statement. Possible values are defined in `enum mysql_stmt_state`. This option was added in MariaDB Connector/C 3.1.0 + +## Notes +* Setting the number of prefetched rows will work only for read only cursors. + +## See Also +* [mysql_stmt_attr_set()](mysql_stmt_attr_set) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_attr_set.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_set.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_attr_set.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_attr_set.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,39 @@ +## Name +mysql_stmt_attr_set - Sets attribute of a statement + +## Synopsis +```C +#include + +my_bool mysql_stmt_attr_set(MYSQL_STMT * stmt, + enum enum_stmt_attr_type, + const void * attr); +``` +## Description +Used to modify the behavior of a prepared statement. This function may be called multiple times to set several attributes. Returns zero on success, non-zero on failure. + +## Parameters +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `enum_stmt_attr_type` - the attribute that you want to set. See below. +* `attr` - the value to assign to the attribute + +### Attribute types +The `enum_stmt_attr_type` attribute can have one of the following values: + +| Value | Type | Description +|-|-|- +| `STMT_ATTR_UPDATE_MAX_LENGTH` | `my_bool *` | If set to 1, [mysql_stmt_store_result()](mysql_stmt_store_result) will update the max_length value of MYSQL_FIELD structures. +| `STMT_ATTR_CURSOR_TYPE` | `unsigned long *` | cursor type when [mysql_stmt_execute()](mysql_stmt_execute) is invoked. Possible values are `CURSOR_TYPE_READ_ONLY` or default value `CURSOR_TYPE_NO_CURSOR`. +| `STMT_ATTR_PREFETCH_ROWS` | `unsigned long *` | number of rows which will be prefetched. The default value is 1. +| `STMT_ATTR_PREBIND_PARAMS` | `unsigned int *`| number of parameter markers when using [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct). If the statement handle is reused it will be reset automatically to the state after mysql_stmt_init(). This option was added in Connector/C 3.0 +| `STMT_ATTR_ARRAY_SIZE`| `unsigned int *` | number of array elements. This option was added in Connector/C 3.0 and requires MariaDB 10.2 or later +| `STMT_ATTR_ROW_SIZE` | `size_t *` | specifies size of a structure for row wise binding. This length must include space for all of the bound parameters and any padding of the structure or buffer to ensure that when the address of a bound parameter is incremented with the specified length, the result will point to the beginning of the same parameter in the next set of parameters. When using the sizeof operator in ANSI C, this behavior is guaranteed. If the value is zero column-wise binding will be used (default). This option was added in Connector/C 3.0 and requires MariaDB 10.2 or later + +## Notes +* If you use the `MYSQL_STMT_ATTR_CURSOR_TYPE` option with `MYSQL_CURSOR_TYPE_READ_ONLY`, a cursor is opened for the statement when you invoke [mysql_stmt_execute()](mysql_stmt_execute). If there is already an open cursor from a previous [mysql_stmt_execute()](mysql_stmt_execute) call, it closes the cursor before opening a new one. [mysql_stmt_reset()](mysql_stmt_reset) also closes any open cursor before preparing the statement for re-execution. +* If you open a cursor for a prepared statement it is unnecessary to call [mysql_stmt_store_result()](mysql_stmt_store_result). +* [mysql_stmt_free_result()](mysql_stmt_free_result) closes any open cursor. + +## See Also +* [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct) +* [mysql_stmt_attr_get()](mysql_stmt_attr_get) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_bind_param.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_param.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_bind_param.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_param.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,30 @@ +## Name +mysql_stmt_bind_param - Binds parameter to a prepared statement + +## Synopsis +```C +#include + +my_bool mysql_stmt_bind_param(MYSQL_STMT * stmt, + MYSQL_BIND * bind); +``` + +## Description +Binds variables for parameter markers in the prepared statement that was passed to [mysql_stmt_prepare()](mysql_stmt_prepare). Returns zero on success, non-zero on failure. + +## Parameters +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `bind` - an array of `MYSQL_BIND` structures. The size of this array must be equal to the number of parameters. + +## Notes +* The number of parameters can be obtained by [mysql_stmt_param_count()](mysql_stmt_param_count). +* If the number of parameters is unknown, for example when using [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct), the number of parameters have to be specified with the [mysql_stmt_attr_set()](mysql_stmt_attr_set) function. + + +## See Also +* [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct) +* [mysql_stmt_prepare()](mysql_stmt_prepare) +* [mysql_stmt_bind_result()](mysql_stmt_bind_result) +* [mysql_stmt_execute()](mysql_stmt_execute) +* [mysql_stmt_param_count()](mysql_stmt_param_count) +* [mysql_stmt_send_long_data()](mysql_stmt_send_long_data) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_bind_result.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_bind_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_bind_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_bind_result - binds result columns to variables + +## Synopsis +```C +#include + +my_bool mysql_stmt_bind_result(MYSQL_STMT * stmt, + MYSQL_BIND * bind); + +``` + +## Description +Binds columns in the result set to variables. Returns zero on success, non-zero on failure. + +## Parameters +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `bind` - an array of [MYSQL_BIND]] structures. The size of this array must be equal to the number of columns in result set. + + +## Notes +* To determine the number of columns in result set use [mysql_stmt_field_count()](mysql_stmt_field_count). +* A column can be bound or rebound at any time, even after a result set has been partially retrieved. The new binding takes effect the next time [mysql_stmt_fetch()](mysql_stmt_fetch) is called. + +## See Also +* [mysql_stmt_field_count()](mysql_stmt_field_count) +* [mysql_stmt_execute()](mysql_stmt_execute) +* [mysql_stmt_fetch()](mysql_stmt_fetch) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_close.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_close.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_close.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_close.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_stmt_close - Closes a prepared statement + +## Synopsis +```C +#include + +my_bool mysql_stmt_close(MYSQL_STMT * stmt); +``` + +## Description +Closes a prepared statement and deallocates the statement handle. If the current statement has pending or unread results, this function cancels them so that the next query can be executed. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns zero on success, nonzero on error (when communicating with the server). The statement is deallocated, regardless of the error. + +## Notes +* If you want to reuse the statement handle with a different SQL command, use [mysql_stmt_reset()](mysql_stmt_reset). + +## See Also +* [mysql_stmt_init()](mysql_stmt_init) +* [mysql_stmt_reset()](mysql_stmt_reset) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_data_seek.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_data_seek.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_data_seek.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_data_seek.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_data_seek - Seeks to an arbitrary row in statement result set + +## Synopsis +```C +#include + +void mysql_stmt_data_seek(MYSQL_STMT * stmt, + my_ulonglong offset); +``` +## Description +Seeks to an arbitrary row in statement result set obtained by a previous call to [mysql_stmt_store_result()](mysql_stmt_store_result). + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `offset` - row offset. This value must between 0 and number of rows - 1. + +## Return value +Returns void + +## Notes +* The number of rows can be obtained with the function [mysql_stmt_num_rows()](mysql_stmt_num_rows). + +## See Also +* [mysql_stmt_row_tell()](mysql_stmt_row_tell) +* [mysql_stmt_store_result()](mysql_stmt_store_result) +* [mysql_stmt_num_rows()](mysql_stmt_num_rows) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_errno.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_errno.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_errno.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_errno.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_stmt_errno - Returns error code for the last statement error + +## Synopsis +```C +#include + +unsigned int mysql_stmt_errno(MYSQL_STMT * stmt); +``` + +## Description +Returns the error code for the most recently invoked statement function that can succeed or fail. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns error code. A zero value means that no error occurred. + +## Notes +* Client error messages are listed in `errmsg.h` header file, server error messages are listed in `mysqld_error.h` header file of the server source distribution. + +## See Also +* [mysql_stmt_error()](mysql_stmt_error), +* [mysql_stmt_sqlstate()](mysql_stmt_sqlstate) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_error.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_error.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_error.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_error.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_stmt_error - Returns a string description for the last statement error + +## Synopsis +```C +#include + +const char * mysql_stmt_error(MYSQL_STMT * stmt); +``` + +## Description +Returns a string containing the error message for the most recently invoked statement function that can succeed or fail. The string will be empty if no error occurred. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +* A string describing the last error or an empty string if no error occurred. + +## Notes +* Client error messages are listed in the `errmsg.h` header file, server error messages are listed in the `mysqld_error.h` header file of the server source distribution. + + +## See Also +* [mysql_stmt_errno()](mysql_stmt_errno) +* [mysql_stmt_sqlstate()](mysql_stmt_sqlstate) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_execute.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_execute.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_execute.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_execute.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_execute - Executes a prepared statement + +## Synopsis +```C +#include + +int mysql_stmt_execute(MYSQL_STMT * stmt); +``` + +## Description +Executes a prepared statement which was previously prepared by [mysql_stmt_prepare()](mysql_stmt_prepare). When executed any parameter markers which exist will automatically be replaced with the appropriate data. + +## Parameter +* `stmt` - A statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns zero on success, non-zero on failure. + +## Notes +* If the statement is UPDATE, REPLACE, DELETE or INSERT, the total number of affected rows can be determined by using the [mysql_stmt_affected_rows()](mysql_stmt_affected_rows) function. Likewise, if the query yields a result set the [mysql_stmt_fetch()](mysql_stmt_fetch) function is used. + + +## See Also +* [mariadb_stmt_execute_direct()](mariadb_stmt_execute_direct) +* [mysql_stmt_prepare()](mysql_stmt_prepare) +* [mysql_stmt_bind_param()](mysql_stmt_bind_param) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_fetch.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_fetch.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_fetch - Fetches result set row from a prepared statement + +## Synopsis +```C +#include + +int mysql_stmt_fetch(MYSQL_STMT * stmt); +``` + +## Description +Fetch the result from a prepared statement into the buffer bound by [mysql_stmt_bind_result()}(mysql_stmt_bind_result). + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns `0` for success, `MYSQL_NO_DATA` if the end of the result set has been reached, or `MYSQL_DATA_TRUNCATION` if one or more values are truncated. + +## Notes +* Note that all columns must be bound by the application before calling mysql_stmt_fetch(). +* Data are transferred unbuffered without calling [mysql_stmt_store_result()](mysql_stmt_store_result) which can decrease performance (but reduces memory cost). +* Truncation reporting must be enabled by function [mysql_optionsv()](mysql_optionsv) with option `MYSQL_REPORT_DATA_TRUNCATION` + +## See Also +* [mysql_stmt_prepare()](mysql_stmt_prepare) +* [mysql_stmt_bind_result()](mysql_stmt_bind_result) +* [mysql_stmt_execute()](mysql_stmt_execute) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_fetch_column.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch_column.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_fetch_column.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_fetch_column.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,32 @@ +## Name +mysql_stmt_fetch_column - Fetches a single column into bind buffer + +## Synopsis +```C +#include + +int mysql_stmt_fetch_column(MYSQL_STMT * stmt, + MYSQL_BIND * bind_arg, + unsigned int column, + unsigned long offset); +``` + + +## Description +This function can be used to fetch large data of a single column in pieces. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `bind_arg` - a pointer to a MYSQL_BIND structure. +* `column` - number of column, first column is numbered zero. +* `offset` - offset at which to begin retrieving data. + +## Return value +Returns zero on success, non-zero on failure. + +## Notes +* The size of the buffer is specified within MYSQL_BIND structure. + +## See Also +* [mysql_stmt_fetch()](mysql_stmt_fetch) +* [mysql_stmt_send_long_data()](mysql_stmt_send_long_data) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_field_count.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_field_count.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_field_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_field_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_field_count - Returns the number of fields in a result set + +## Synopsis +```C +#include + +unsigned int mysql_stmt_field_count(MYSQL_STMT * stmt); +``` + + +## Description +Returns the number of fields in a result set of a prepared statement. + +## Return value +Number of fields or zero if the prepared statement has no result set. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Notes +* The number of fields will be available after calling [mysql_stmt_prepare()](mysql_stmt_prepare) +* `mysql_stmt_field_count()` returns zero for statements which don't produce a result set. + + +## See Also +* [mysql_stmt_prepare()](mysql_stmt_prepare) +* [mysql_stmt_param_count()](mysql_stmt_param_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_free_result.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_free_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_free_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_free_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,21 @@ +## Name +mysql_stmt_free_result - Frees stored result set memory of a prepared statement + +## Synopsis +```C +#include + +void mysql_stmt_free_result(MYSQL_STMT * stmt); +``` + +## Description +Frees stored result memory of a prepared statement. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns void + +## See Also +* [mysql_stmt_store_result()](mysql_stmt_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_init.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_init.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_init - Initializes a prepared statement handle + +## Synopsis +```C +#include + +MYSQL_STMT * mysql_stmt_init(MYSQL * mysql); +``` + +## Description +Initializes and allocates memory for a prepared statement. + +## Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +## Return value +Returns a pointer to a `MYSQL_STMT` structure or `NULL` if an error occurred. + +## Notes +* Members of the `MYSQL_STMT` structure are not intended for application use. +* A statement handle which was allocated by mysql_stmt_init() needs to be freed with [mysql_stmt_close()](mysql_stmt_close). +* Any subsequent calls to any mysql_stmt function will fail until [mysql_stmt_prepare()](mysql_stmt_prepare) was called. + +## See Also +* [mysql_stmt_close()](mysql_stmt_close) +* [mysql_stmt_prepare()](mysql_stmt_prepare) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_insert_id.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_insert_id.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_insert_id.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_insert_id.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,23 @@ +## Name +mysql_stmt_insert_id - Returns the auto generated id from previously executed prepared statement. + +## Synopsis +```C +#include + +my_ulonglong mysql_stmt_insert_id(MYSQL_STMT * stmt); +``` + +## Description +The `mysql_stmt_insert_id()` function returns the ID generated by a prepared statement on a table with a column having the `AUTO_INCREMENT` attribute. +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +## Return value +Returns the auto generated id from previously executed prepared statement. +If the last query wasn't an INSERT or UPDATE statement or if the modified table does not have a column with the AUTO_INCREMENT attribute, this function will return zero. + +## Notes +* When performing a multi insert prepared statement, mysql_stmt_insert_id() will return the value of the first row. + +## See Also +* [mysql_insert_id()](mysql_insert_id) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_more_results.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_more_results.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_more_results.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_more_results.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_more_results - indicates if one or more results from a previously executed prepared statement are available + +## Synopsis +```C +#include + +my_bool mysql_stmt_more_results(MYSQL_STMT * stmt); +``` + +## Description +Indicates if one or more result sets are available from a previous call to [mysql_stmt_execute()](mysql_stmt_execute). + +### Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_init) and executed by [mysql_stmt_execute()](mysql_stmt_execute). + + +### Notes +* Multiple result sets can be obtained by calling a stored procedure. Executing concatenated statements is not supported in prepared statement protocol. + + +## Return value +Returns 1 if more result sets are available, otherwise zero. + +## See also +* [mysql_stmt_next_result()](mysql_stmt_next_result) +* [mysql_stmt_store_result()](mysql_stmt_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_next_result.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_next_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_next_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_next_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_next_result - prepares next result set of a prepared statement + +## Synopsis +```C +#include + +int mysql_stmt_next_result(MYSQL_STMT * stmt); +``` + +## Description +Prepares next result set from a previous call to [mysql_stmt_execute()](mysql_stmt_execute) which can be retrieved by [mysql_stmt_store_result()](mysql_stmt_store_result). + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init().]] + +## Return value +Returns zero on success, nonzero if an error occurred. + +## Notes +* The function [mysql_stmt_more_results()](mysql_stmt_more_results) indicates if further result sets are available. +* If the execution of a stored procedure produced multiple result sets the return value of [mysql_stmt_errno()](mysql_stmt_errno)/error() might change and there will be no result set available. + + +## See also +* [mysql_stmt_execute()](mysql_stmt_execute) +* [mysql_stmt_more_results()](mysql_stmt_more_results) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_num_rows.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_num_rows.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_num_rows.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_num_rows.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_stmt_num_rows - Returns number of rows in a prepared statement result set + +## Synopsis +```C +#include + +unsigned long long mysql_stmt_num_rows(MYSQL_STMT * stmt); +``` + +## Description +Returns the number of rows in the result set. The use of mysql_stmt_num_rows() depends on whether or not you used [mysql_stmt_store_result()](mysql_stmt_store_result) to buffer the entire result set in the statement handle. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Number of rows in the result set + +### Notes +* If you use [mysql_stmt_store_result()](mysql_stmt_store_result), mysql_stmt_num_rows() may be called immediately. + + +## See Also +* [mysql_stmt_store_result()](mysql_stmt_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_param_count.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_count.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_param_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_stmt_param_count - Returns number of parameters + +## Synopsis +```C +#include + +unsigned long mysql_stmt_param_count(MYSQL_STMT * stmt); +``` + +## Description +Returns the number of parameter markers present in the prepared statement. Parameter markers are specified as `?` (question mark) + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +The number of parameter markers in prepared statement. + +### Notes +* This function will not deliver a valid result until [mysql_stmt_prepare()()](mysql_stmt_prepare) was called. + +## See Also +* [mysql_stmt_prepare()()](mysql_stmt_prepare) +* [mysql_stmt_field_count()](mysql_stmt_field_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_param_metadata.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_metadata.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_param_metadata.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_param_metadata.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mysql_stmt_param_metadata - This function does nothing! + +## Synopsis +```C +#include + +MYSQL_RES * mysql_stmt_param_metadata(MYSQL_STMT * stmt); +``` + +## Description +This function does nothing, it's not implemented now and reserved for future use. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Always returns `NULL`. diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_prepare.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_prepare.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_prepare.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_prepare.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,34 @@ +## Name +mysql_stmt_prepare - Prepares an SQL string + +## Synopsis +```C +#include + +int mysql_stmt_prepare(MYSQL_STMT * stmt, + const char * query, + unsigned long length); +``` + + +## Description +Prepares the SQL query. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `query` - SQL statement +* `length` - length of SQL statement + +## Return value +Zero on success, non zero on error. + +### Notes +* The parameter markers must be bound to application variables using [mysql_stmt_bind_param()](mysql_stmt_bind_param). +* The maximum number of parameters is 65535 (0xFFFF). +* The markers are legal only in certain places in SQL statements. For example, they are allowed in the VALUES() list ofINSERT statement (to specify column values for a row), or in a comparison with a column in a [select()](WHERE]] clause to specify a comparison value. However, they are not allowed in identifiers (such as table or column names) in the select list that names the columns to be returned by SELECT statement, or to specify both operands of a binary operator such as the equal sign. The latter restriction is necessary because it would be impossible to determine the parameter type. In general, parameters are legal only in Data Manipulation Language (DML) statements, and not in Data Definition Language (DDL) statements. + + +## See Also +* [mysql_stmt_init()](mysql_stmt_init) +* [mysql_stmt_param_count()](mysql_stmt_param_count) +* [mysql_stmt_execute()](mysql_stmt_execute) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_reset.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_reset.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_reset.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_reset.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_stmt_reset - Resets a prepared statement + +## Synopsis +```C +#include + +my_bool mysql_stmt_reset(MYSQL_STMT * stmt); +``` + +## Description +Resets a prepared statement on client and server to state after prepare. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). Returns zero on success, nonzero if an error occurred. + +## Return value +Returns zero on success, 1 if an error occurred. + +## Notes +* `mysql_stmt_reset()` resets the statement on the server, unbuffered result sets and errors. Bindings and stored result sets will not be cleared. The latter one will be cleared when re-executing or closing the prepared statement. +* To reprepare a prepared statement with another SQL statement use [mysql_stmt_prepare()](mysql_stmt_prepare). + +## See Also +* [mysql_stmt_close()](mysql_stmt_close) +* [mysql_stmt_prepare()](mysql_stmt_prepare) +* [mysql_stmt_execute()](mysql_stmt_execute) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_result_metadata.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_result_metadata.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_result_metadata.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_result_metadata.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_result_metadata - Returns result set metadata from a prepared statement. + +## Synopsis +```C +#include + +MYSQL_RES * mysql_stmt_result_metadata(MYSQL_STMT * stmt); +``` + +## Description +If a statement passed to [mysql_stmt_prepare()](mysql_stmt_prepare) is one that produces a result set, mysql_stmt_result_metadata() returns the result set that can be used to process the meta information such as total number of fields and individual field information. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns a result set that can be used to process metadata information. + +### Notes +* The result set returned by mysql_stmt_result_metadata() contains only metadata. It does not contain any row results. The rows are obtained by [mysql_stmt_fetch()](mysql_stmt_fetch). +* This result set pointer can be passed as an argument to any of the field-based functions that process result set metadata, such as: [mysql_num_fields()](mysql_num_fields), [mysql_fetch_field()](mysql_fetch_field), [mysql_fetch_field_direct()](mysql_fetch_field_direct), [mysql_fetch_fields()](mysql_fetch_fields), [mysql_field_count()](mysql_field_count), [mysql_field_seek()](mysql_field_seek), [mysql_field_tell()](mysql_field_tell), [mysql_free_result()](mysql_free_result) + + +## See Also +* [mariadb_stmt_fetch_fields()](mariadb_stmt_fetch_fields) +* [mysql_free_result()](mysql_free_result) +* [mysql_stmt_prepare()](mysql_stmt_prepare) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_row_seek.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_seek.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_row_seek.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_seek.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_row_seek - Positions row cursor. + +## Synopsis +```C +#include + +MYSQL_ROW_OFFSET mysql_stmt_row_seek(MYSQL_STMT * stmt, + MYSQL_ROW_OFFSET offset); +``` + +## Description +Positions the row cursor to an arbitrary row in a result set which was obtained by [mysql_stmt_store_result()](mysql_stmt_store_result). + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `offset` - row offset. This value can be obtained either by mysql_stmt_row_seek() or [mysql_stmt_row_tell()](mysql_stmt_row_tell). + +## Return value +Returns the previous row offset. + +## Notes +The result set must be obtained by [mysql_use_result()](mysql_use_result). + + +## See Also +* [mysql_stmt_row_tell()](mysql_stmt_row_tell) +* [mysql_stmt_store_result()](mysql_stmt_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_row_tell.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_tell.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_row_tell.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_row_tell.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_stmt_row_tell - Returns position of row cursor + +## Synopsis +```C +#include + +MYSQL_ROW_OFFSET mysql_stmt_row_tell(MYSQL_STMT * stmt); +``` + + +## Description + +Returns the row offset of a result cursor. The returned offset value can be used to reposition the result cursor by calling [mysql_stmt_row_seek()](mysql_stmt_row_seek). + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns the current position of the row cursor. + +## Notes +* This function can be used for buffered result sets only, which can be obtained by executing the [mysql_stmt_store_result()](mysql_stmt_store_result) function. + + +## See Also +* [mysql_stmt_row_seek()](mysql_stmt_row_seek) +* [mysql_stmt_store_result()](mysql_stmt_store_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_send_long_data.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_send_long_data.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_send_long_data.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_send_long_data.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,32 @@ +## Name +mysql_stmt_send_long_data - Sends data in chunks + +## Synopsis +```C +#include + +my_bool mysql_stmt_send_long_data(MYSQL_STMT * stmt, + unsigned int, + const char * data, + unsigned long); +``` + +## Description +Allows sending parameter data to the server in pieces (or chunks), e.g. if the size of a blob exceeds the size of max_allowed_packet size. This function can be called multiple times to send the parts of a character or binary data value for a column, which must be one of the `TEXT` or `BLOB` datatypes. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +* `param_no` - indicates which parameter to associate the data with. Parameters are numbered beginning with 0. +* `data` - a buffer containing the data to send. +* `long` - size of the data buffer. + +## Return value +Returns zero on success, nonzero if an error occurred. + +## Notes +* `mysql_stmt_send_long_data()` must be called before [mysql_stmt_execute()](mysql_stmt_execute). +* bound variables for this column will be ignored when calling [mysql_stmt_execute()](mysql_stmt_execute). + +## See also +* [mysql_stmt_execute()](mysql_stmt_execute). + diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_sqlstate.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_sqlstate.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_sqlstate.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_sqlstate.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,24 @@ +## Name +mysql_stmt_sqlstate - Returns SQLSTATE error from previous statement operation. + +## Synopsis +```C +#include + +const char * mysql_stmt_sqlstate(MYSQL_STMT * stmt); +``` + + +## Description +Returns a string containing the SQLSTATE error code for the most recently invoked prepared statement function that can succeed or fail. +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). +## Return value +Returns a 5 digit error code. '00000' means no error. The values are specified by ANSI SQL and ODBC. + +## Notes +Please note that not all client library error codes are mapped to SQLSTATE errors. Errors which can't be mapped will returned as value HY000. + +## See Also +* [mysql_stmt_errno()](mysql_stmt_errno) +* [mysql_stmt_error()](mysql_stmt_error) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_store_result.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_store_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_store_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_store_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_stmt_store_result - Transfers a result set from a prepared statement + +## Synopsis +```C +#include + +int mysql_stmt_store_result(MYSQL_STMT * stmt); +``` + + +## Description +You must call mysql_stmt_store_result() for every query that successfully produces a result set only if you want to buffer the complete result set by the client, so that the subsequent [mysql_stmt_fetch()](mysql_stmt_fetch) call returns buffered data. + +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns zero on success, nonzero if an error occurred. +## Notes +* You can detect whether the statement produced a result set by checking the return value of [mysql_stmt_field_count()](mysql_stmt_field_count) function. + + +## See Also +* [mysql_stmt_field_count()](mysql_stmt_field_count) +* [mysql_stmt_fetch()](mysql_stmt_fetch) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_stmt_warning_count.md mariadb-11.8.8/libmariadb/docs/mysql_stmt_warning_count.md --- mariadb-11.8.6/libmariadb/docs/mysql_stmt_warning_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_stmt_warning_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_stmt_warning_count - Returns the number of warnings from the last executed statement. + +## Synopsis +```C +#include + +unsigned int mysql_stmt_warning_count(MYSQL_STMT * stmt); +``` + +## Description +Returns the number of warnings from the last executed statement, or zero if there are no warnings. +## Parameter +* `stmt` - a statement handle, which was previously allocated by [mysql_stmt_init()](mysql_stmt_init). + +## Return value +Returns the number of warnings. + +## Notes +* For retrieving warning messages you should use the SQL command `SHOW WARNINGS`. +* If SQL_MODE `TRADITIONAL` is enabled an error instead of warning will be returned. For detailed information check the server documentation. +## History +This function was added in Connector/C 3.0. + +## See Also +* [mysql_warning_count()](mysql_warning_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_store_result.md mariadb-11.8.8/libmariadb/docs/mysql_store_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_store_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_store_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,27 @@ +## Name +mysql_store_result - returns a buffered result set + +## Synopsis +```C +#include + +MYSQL_RES * mysql_store_result(MYSQL * mysql); +``` + +## Description +Returns a buffered resultset from the last executed query. +### Notes + +* [mysql_field_count()](imysql_field_count) indicates if there will be a result set available. +* The memory allocated by mysql_store_result() needs to be released by calling the function [mysql_free_result()](mysql_free_result). + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Return value +Returns a buffered result set or NULL in case an error occurred or if the query didn't return data (e.g. when executing an INSERT, UPDATE, DELETE or REPLACE statement). +## See also +* [mysql_free_result()](mysql_free_result) +* [mysql_use_result()](mysql_use_result) +* [mysql_real_query()](mysql_real_query) +* [mysql_field_count()](mysql_field_count) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_thread_end.md mariadb-11.8.8/libmariadb/docs/mysql_thread_end.md --- mariadb-11.8.6/libmariadb/docs/mysql_thread_end.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_thread_end.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,22 @@ +## Name +mysql_thread_end - Releases thread specific memory + +## Synopsis +```C +#include + +void mysql_thread_end(void ); +``` + +## Description +The mysql_thread_end() function needs to be called before a client thread ends. It will release thread specific memory, which was allocated by a previous [mysql_thread_init()](mysql_thread_init) call. Returns void. + +### Notes +Unlike [mysql_thread_init()](mysql_thread_init) mysql_thread_end() will not be invoked automatically if the thread ends. To avoid memory leaks mysql_thread_end() must be called explicitly. + +## History +This function is deprecated since MariaDB Connector/C 3.0.0. + +## See also +* [mysql_thread_init()](mysql_thread_init) +* [mysql_thread_safe()](mysql_thread_safe) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_thread_id.md mariadb-11.8.8/libmariadb/docs/mysql_thread_id.md --- mariadb-11.8.6/libmariadb/docs/mysql_thread_id.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_thread_id.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,28 @@ +## Name +mysql_thread_id - Returns id of the current connection + +## Synopsis +```C +#include + +unsigned long mysql_thread_id(MYSQL * mysql); +``` + + +## Description + +The mysql_thread_id() function returns the thread id for the current connection. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). +### Notes +* The current connection can be killed with [mysql_kill()](mysql_kill). +* If reconnect option is enabled the thread id might change if the client reconnects to the server. + + +## Return value +Returns the thread id of the current connection. + +## See also +* [mysql_kill()](mysql_kill) +* [mysql_options()](mysql_options) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_thread_init.md mariadb-11.8.8/libmariadb/docs/mysql_thread_init.md --- mariadb-11.8.6/libmariadb/docs/mysql_thread_init.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_thread_init.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,25 @@ +## Name +mysql_thread_init - initialize thread + +## Synopsis +```C +#include + +my_bool mysql_thread_init(void ); +``` + +## Description +Thread initialization for multi threaded clients. Multi threaded clients should call mysql_thread_init() at the beginning of the thread initialization to initialize thread specific client library variables. If mysql_thread_init() was not called explicitly, it will be called automatically by [mysql_init()](mysql_init) or [mysql_real_connect()](mysql_real_connect). + +### Notes +Before a client thread ends the [mysql_thread_end()](mysql_thread_end) function must be called to release memory - otherwise the client library will report an error. + +## Return value +Returns zero if successful or 1 if an error occurred. + +## History +This function is deprecated since MariaDB Connector/C 3.0.0. + +## See also +* [mysql_thread_end()](mysql_thread_end) +* [mysql_thread_safe()](mysql_thread_safe) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_thread_safe.md mariadb-11.8.8/libmariadb/docs/mysql_thread_safe.md --- mariadb-11.8.6/libmariadb/docs/mysql_thread_safe.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_thread_safe.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,18 @@ +## Name +mysql_thread_safe - Indicates whether the Connector/C library was compiled as thread safe. + +## Synopsis +```C +#include + +uint mysql_thread_safe(void); +``` + +## Description +Indicates whether the Connector/C library was compiled as thread-safe. + +### Notes +This function exists for compatibility reasons and returns always 1. + +## Return value +Returns always 1. diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_use_result.md mariadb-11.8.8/libmariadb/docs/mysql_use_result.md --- mariadb-11.8.6/libmariadb/docs/mysql_use_result.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_use_result.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_use_result - returns an unbuffered result set + +## Synopsis +```C +#include + +MYSQL_RES * mysql_use_result(MYSQL * mysql); +``` + +## Description +Used to initiate the retrieval of a result set from the last query executed using the mysql_real_query() function on the database connection. Either this or the [mysql_store_result()](mysql_store_result) function must be called before the results of a query can be retrieved, and one or the other must be called to prevent the next query on that database connection from failing. + +### Parameters +* `mysql` is a connection identifier, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +The mysql_use_result() function does not transfer the entire result set. Hence several functions like [mysql_num_rows()](mysql_num_rows) or [mysql_data_seek()](mysql_data_seek) cannot be used. +mysql_use_result() will block the current connection until all result sets are retrieved or result set was released by [mysql_free_result()](mysql_free_result). + +## Return value +Returns an unbuffered result set or `NULL` if an error occurred. + +## See also +* [mysql_store_result()](mysql_store_result) +* [mysql_free_result()](mysql_free_result) diff -Nru mariadb-11.8.6/libmariadb/docs/mysql_warning_count.md mariadb-11.8.8/libmariadb/docs/mysql_warning_count.md --- mariadb-11.8.6/libmariadb/docs/mysql_warning_count.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/mysql_warning_count.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,26 @@ +## Name +mysql_warning_count - Returns the number of warnings + +## Synopsis +```C +#include + +unsigned int mysql_warning_count(MYSQL * mysql); +``` + +## Description +Returns the number of warnings from the last executed query, or zero if there are no warnings. + +### Parameter +* `mysql` - a mysql handle, which was previously allocated by [mysql_init()](mysql_init) and connected by [mysql_real_connect()](mysql_real_connect). + +### Notes +* For retrieving warning messages you should use the SQL command `SHOW WARNINGS`. +* If SQL_MODE `TRADITIONAL` is enabled an error instead of warning will be returned. For detailed information check the server documentation. + +## Return value +Returns the number of warnings + +## See also +* [mysql_error()](mysql_error) +* [mysql_errno()](mysql_errno) diff -Nru mariadb-11.8.6/libmariadb/docs/prerequisites.md mariadb-11.8.8/libmariadb/docs/prerequisites.md --- mariadb-11.8.6/libmariadb/docs/prerequisites.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/prerequisites.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,20 @@ +## Prerequisites for building Connector/C from Source + +### Windows +* Visual Studio 2013 or newer (older versions of Visual Studio may also work but have not been tested). +* cmake 2.8.12 or newer, available from the [Cmake Website](http://www.cmake.org) +* for Connector/C 2.x: OpenSSL libraries and include files. +* for Connector/C 3.0 remote-io plugin: [Curl libraries and include files](https://curl.haxx.se) + +### Linux / Mac OS X +The following is a list of tools that are required for building MariaDB Connector/C on Linux and Mac OS X. Most, if not all, of these will exist as packages in your distribution's package repositories, so check there first. +* gcc 3.4.6 or newer C compiler +* TLS/SSL libraries and include files +** OpenSSL 1.0.1 or newer or +** GnuTLS 3.4 or newer +* cmake 2.8.12 or newer, available from the [[http://www.cmake.org|CMake website]]. +* for Connector/C 3.0 remote-io plugin: [Curl libraries and include files](https://curl.haxx.se) +* For GSSAPI plugin: [Kerberos V5 libraries](http://web.mit.edu/kerberos/dist) +* For generating man pages (requires Connector/C 3.3.6 or later): [Pandoc](https://pandoc.org) + +On Linux you can get those programs with your package manager. On Mac OS X you will need Xcode and to install the remaining programs with [Fink](http://www.finkproject.org) or [MacPorts](http://www.macports.org/). \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/ps_api.md mariadb-11.8.8/libmariadb/docs/ps_api.md --- mariadb-11.8.6/libmariadb/docs/ps_api.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/ps_api.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,47 @@ +## Prepared Statement API Reference + +A prepared statement or a parameterized statement is used to execute the same statement repeatedly with high efficiency. +The prepared statement execution consists of two stages: prepare and execute. +* At the prepare stage a statement template is sent to the database server. The server performs a syntax check and initializes server internal resources for later use. +* During execute the client binds parameter values and sends them to the server. The server creates a statement from the statement template and the bound values to execute it using the previously created internal resources. + +A prepared statement can be executed repeatedly. Upon every execution the current value of the bound variable is evaluated and sent to the server. The statement is not parsed again. The statement template is not transferred to the server again. + +The MariaDB server supports using anonymous, positional placeholder with `?`(question mark). + +Opposed to the text protocol where all values are transferred as strings, prepared statements use the binary protocol where all values beside strings are transferred in their native format. + +### API Functions +* [mariadb_stmt_execute_direct](mariadb_stmt_execute_direct) - Prepares and executes a statement +* [mariadb_stmt_fetch_fields](mariadb_stmt_fetch_fields) - Returns an array of fields containing the column definitions +* [mysql_stmt_affected_rows](mysql_stmt_affected_rows) - Returns the number of affected rows from previous executed prepared statement. +* [mysql_stmt_attr_get](mysql_stmt_attr_get) - Returns the current value of a statement attribute +* [mysql_stmt_attr_set](mysql_stmt_attr_set) - Sets attribute of a statement +* [mysql_stmt_bind_param](mysql_stmt_bind_param) - Binds statement to a prepared statement +* [mysql_stmt_bind_result](mysql_stmt_bind_result) - Binds result columns to variables +* [mysql_stmt_close](mysql_stmt_close) - Closes a prepared statement +* [mysql_stmt_data_seek](mysql_stmt_data_seek) - Seeks to an arbitrary row in statement result set +* [mysql_stmt_errno](mysql_stmt_errno) - Returns an error number for the last statement error. +* [mysql_stmt_error](mysql_stmt_error) - Returns a string description for the last statement error. +* [mysql_stmt_execute](mysql_stmt_execute) - Executes a prepared statement +* [mysql_stmt_fetch](mysql_stmt_fetch) - Fetch result row from a prepared statement +* [mysql_stmt_fetch_column](mysql_stmt_fetch_column) - Fetches a single column in to a bind buffer +* [mysql_stmt_field_count](mysql_stmt_field_count) - Returns the number of fields in a result set of a prepared statement. +* [mysql_stmt_free_result](mysql_stmt_free_result) - Frees stored result memory of a prepared statement. +* [mysql_stmt_init](mysql_stmt_init) - Initializes a prepared statement. +* [mysql_stmt_insert_id](mysql_stmt_insert_id) - Get the auto generated id from previously executed prepared +statement. +* [mysql_stmt_more_results](mysql_stmt_more_results) - Indicates if one or more results from a previously executed prepared statement are available +* [mysql_stmt_next_result](mysql_stmt_next_result) - Returns next prepared statement result set +* [mysql_stmt_num_rows](mysql_stmt_num_rows) - Returns the number of rows in a prepared statement result set. +* [mysql_stmt_param_count](mysql_stmt_param_count) - Returns the number of parameter for the given statement. +* [mysql_stmt_param_metadata](mysql_stmt_param_metadata) - Not implemented yet +* [mysql_stmt_prepare](mysql_stmt_prepare) - Prepares a SQL statement for execution. +* [mysql_stmt_reset](mysql_stmt_reset) - Resets a prepared statement. +* [mysql_stmt_result_metadata](mysql_stmt_result_metadata) - Returns result set metadata from a prepared statement. +* [mysql_stmt_row_seek](mysql_stmt_row_seek) - Positions row cursor. +* [mysql_stmt_row_tell](mysql_stmt_row_tell) - Returns position of the result cursor. +* [mysql_stmt_send_long_data](mysql_stmt_send_long_data) - Send data in chunks. +* [mysql_stmt_sqlstate](mysql_stmt_sqlstate) - Returns SQLSTATE error from previous statement operation. +* [mysql_stmt_store_result](mysql_stmt_store_result) - Transfers a result set from a prepared statement. +* [mysql_stmt_warning_count](mysql_stmt_warning_count) - Returns the number of warnings from the last executed statement. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/restrictions_non_blocking.md mariadb-11.8.8/libmariadb/docs/restrictions_non_blocking.md --- mariadb-11.8.6/libmariadb/docs/restrictions_non_blocking.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/restrictions_non_blocking.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,13 @@ +## Restrictions + +## DNS (Domain Name System) + +When `mysql_real_connect_start()` is passed a hostname (as opposed to a local unix socket or an IP address, it may need to look up the hostname in DNS, depending on local host configuration (e.g. if the name is not in /etc/hosts or cached). Such DNS lookups do not happen in a non-blocking way. This means that 'mysql_real_connect_start()' will not return control to the application while waiting for the DNS response. Thus the application may "hang" for some time if DNS is slow or non-functional. + +If this is a problem, the application can pass an IP address to `mysql_real_connect_start()` instead of a hostname, which avoids the problem. The IP address can be obtained by the application with whatever non-blocking DNS loopup operation is available to it from the operating system or event framework used. Alternatively, a simple solution may be to just add the hostname to the local host lookup file (/etc/hosts on Posix/Unix/Linux machines). + +### Windows Named Pipes and Shared Memory connections + +There is no support in the non-blocking API for connections using Windows named pipes or shared memory + +Named pipes and shared memory can still be used, using either the blocking or the non-blocking API. However, operations that need to wait on I/O on the named pipe will not return control to the application; instead they will "hang" waiting for the operation to complete, just like the normal blocking API calls. \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/rpl_api_example.md mariadb-11.8.8/libmariadb/docs/rpl_api_example.md --- mariadb-11.8.6/libmariadb/docs/rpl_api_example.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/rpl_api_example.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,47 @@ +## Binlog/Replication API example + +```C + +#include +#include + +static int read_events(MYSQL *mysql) +{ + MARIADB_RPL_EVENT *event= NULL; + MARIADB_RPL *rpl= mariadb_rpl_init(mysql); + + mysql_query(mysql, "SET @mariadb_slave_capability=4"); + mysql_query(mysql, "SET @slave_gtid_strict_mode=1"); + mysql_query(mysql, "SET @slave_gtid_ignore_duplicates=1"); + mysql_query(mysql, "SET NAMES utf8"); + mysql_query(mysql, "SET @master_binlog_checksum= @@global.binlog_checksum"); + + mariadb_rpl_optionsv(rpl, MARIADB_RPL_SERVER_ID, 12); + mariadb_rpl_optionsv(rpl, MARIADB_RPL_START, 4); + mariadb_rpl_optionsv(rpl, MARIADB_RPL_FLAGS, MARIADB_RPL_BINLOG_SEND_ANNOTATE_ROWS) + + if (mariadb_rpl_open(rpl)) + return FAIL; + + while((event= mariadb_rpl_fetch(rpl, event))) + { + /* process events */ + switch(event->event_type) { + case BINLOG_CHECKPOINT_EVENT: + .... + break; + case FORMAT_DESCRIPTION_EVENT: + ... + break; + .... + default: + printf("Unknown event: %d", event->event_type); + break; + } + } + mariadb_free_rpl_event(event); + mariadb_rpl_close(rpl); + return OK; +} + +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/rpl_api_reference.md mariadb-11.8.8/libmariadb/docs/rpl_api_reference.md --- mariadb-11.8.6/libmariadb/docs/rpl_api_reference.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/rpl_api_reference.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,12 @@ +# Binlog/Replication API Reference + +* [mariadb_rpl_close](mariadb_rpl_close) - closes a replication stream +* [mariadb_rpl_fetch](mariadb_rpl_fetch) - fetches an event from stream +* [mariadb_free_rpl_event](mariadb_free_rpl_event) - frees event +* [mariadb_rpl_get_optionsv](mariadb_rpl_get_optionsv) - gets replication options +* [mariadb_rpl_init](mariadb_rpl_init) - Allocates and initializes a replication handle +* [mariadb_rpl_open](mariadb_rpl_open) - Opens a new replication stream +* [mariadb_rpl_optionsv](mariadb_rpl_optionsv) - Sets replication options +* [mariadb_rpl_error](mariadb_rpl_error) - Returns last error message +* [mariadb_rpl_errno](mariadb_rpl_errno) - Returns last error number +* [mariadb_rpl_extract_rows](mariadb_rpl_extract_rows) - Extract a list of rows from row event \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/rpl_data_structures.md mariadb-11.8.8/libmariadb/docs/rpl_data_structures.md --- mariadb-11.8.6/libmariadb/docs/rpl_data_structures.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/rpl_data_structures.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,283 @@ +# Binlog/Replication API data structures + +Structures and type definitions for Binglog/Replication API are defined in source file `include/mariadb_rpl.h`. + +### MARIADB_STRING +`MARIADB_STRING` is a simple structure (same as `MYSQL_STRING` and `MYSQL_LEX_STRING`) which stores a string together with its length. +```C +typedef struct { + char *str; + size_t length; +} MARIADB_STRING; +``` + +### MARIADB_GTID +`MARIADB_GTID` is used to store the global transaction id. The global transaction id is defined by three numbers: +The domain id, the server id and the sequence number. + +```C +typedef struct st_mariadb_gtid { + unsigned int domain_id; + unsigned int server_id; + unsigned long long sequence_nr; +} MARIADB_GTID; +``` + +### MARIADB_RPL +`MARIADB_RPL` is the generic replication handle, which represents a replication connection and is used by all binlog/replication API calls. The `MARIADB_RPL` structure is considered to be opaque, instead of accessing its internal members you should use the api functions `mariadb_rpl_optionsv` and `mariadb_rpl_get_optionsv`. + + +## Events + +### MARIADB_RPL_EVENT + +```MARIADB_RPL_EVENT``` structure is returned by `mariadb_rpl_fetch()` API function. Beside a common header it contains different event types which are combined in `event` union. + +```C +typedef struct st_mariadb_rpl_event +{ + /* common header */ + MA_MEM_ROOT memroot; + unsigned int checksum; + char ok; + enum mariadb_rpl_event event_type; + unsigned int timestamp; + unsigned int server_id; + unsigned int event_length; + unsigned int next_event_pos; + unsigned short flags; + /****************/ + union { + struct st_mariadb_rpl_rotate_event rotate; + struct st_mariadb_rpl_query_event query; + struct st_mariadb_rpl_format_description_event format_description; + struct st_mariadb_rpl_gtid_list_event gtid_list; + struct st_mariadb_rpl_checkpoint_event checkpoint; + struct st_mariadb_rpl_xid_event xid; + struct st_mariadb_rpl_gtid_event gtid; + struct st_mariadb_rpl_annotate_rows_event annotate_rows; + struct st_mariadb_rpl_table_map_event table_map; + struct st_mariadb_rpl_rand_event rand; + struct st_mariadb_rpl_encryption_event encryption; + struct st_mariadb_rpl_intvar_event intvar; + struct st_mariadb_rpl_uservar_event uservar; + struct st_mariadb_rpl_rows_event rows; + struct st_mariadb_rpl_heartbeat_event heartbeat; + /* The following events were added in version 3.3.5 */ + struct st_mariadb_rpl_xa_prepare_log_event xa_prepare_log; + struct st_mariadb_begin_load_query_event begin_load_query; + struct st_mariadb_execute_load_query_event execute_load_query; + struct st_mariadb_gtid_log_event gtid_log; + struct st_mariadb_start_encryption_event start_encryption; + struct st_mariadb_rpl_previous_gtid_event previous_gtid; + } event; +} MARIADB_RPL_EVENT; +``` +Depending on the event type information sent by master will be stored in the corresponding member of the event union: + +#### ANNOTATE_ROWS_EVENT +event_type value= 160 (0xA0) + +```C +struct st_mariadb_rpl_annotate_rows_event { + MARIADB_STRING statement; +}; +``` + +**Note:** This event will be sent only if the client connected with `MARIADB_RPL_BINLOG_SEND_ANNOTATE_ROWS` flag. + +#### BINLOG_CHECKPOINT_EVENT +event_type value= 161 (0xA1) + +```C +struct st_mariadb_rpl_checkpoint_event { + MARIADB_STRING filename; +}; +``` + +#### START_ENCRYPTION_EVENT +event_type value= 164 (0xA4) + +```C +struct st_mariadb_rpl_encryption_event { + char scheme; + unsigned int key_version; + char *nonce; +}; +``` + +**Note:** Encrypted data can be retrieved only when reading events from a binary log file. If the client connects to a source server, the server will always return unencrypted events. + +#### FORMAT_DESCRIPTION_EVENT +event_type value= 15 (0x0F) + +This is a descriptor event that is written to the beginning of a binary log file (at position 4). + +```C +struct st_mariadb_rpl_format_description_event +{ + uint16_t format; + char *server_version; + uint32_t timestamp; + uint8_t header_len; + /* Added in 3.3.5 */ + MARIADB_STRING post_header_lengths; +}; +``` + +`format` is always 4 (since MariaDB 10.0) + +#### GTID_EVENT +event_type value= 162 (0xA2) + +For global transaction ID, used to start a new transaction event group. + +```C +struct st_mariadb_rpl_gtid_event { + uint64_t sequence_nr; + uint32_t domain_id; + uint8_t flags; + uint64_t commit_id; +}; +``` + +#### GTID_LIST_EVENT +event_type value= 163 (0xA3) + +Logged in every binary log to record the current replication state. It consists of the last GTID seen for each replication domain. + +```C +struct st_mariadb_rpl_gtid_list_event { + uint32_t gtid_cnt; + MARIADB_GTID *gtid; +}; +``` + +#### HEARTBEAT_LOG_EVENT +event_type value= 27 (0x1B) + +This event does not appear in the binary log. It is only sent over the network by a source to a replica to let it know that the source is still alive, and is only sent when the source has no binary log events to send to replicas. + +```C +struct st_mariadb_rpl_heartbeat_event { + uint32_t timestamp; + uint32_t next_position; + uint8_t type; + uint16_t flags; +}; +``` + +* `timestamp`is always 0 +* `next_position` always points to last position +* `type` is always 0x1B (Heartbeat event) +* `flags` is always LOG_EVENT_ARTIFICIAL_F (0x20) + +#### INTVAR_EVENT +event_type value=5 (0x05) + +An INTVAR_EVENT is written to the binary log whenever a statement uses an auto_increment value or LAST_INSERT_ID() function. + +```C +struct st_mariadb_rpl_intvar_event { + unsigned long long value; + uint8_t type; +}; +``` + +Valid values for `type` are: +* 0x01 LAST_INSERT_ID +* 0x02 Auto_increment value + + +#### QUERY_EVENT +event_type value=2 (0x02) + +```C +struct st_mariadb_rpl_query_event { + uint32_t thread_id; + uint32_t seconds; + MARIADB_STRING database; + uint32_t errornr; + MARIADB_STRING status; + MARIADB_STRING statement; +}; +``` + +**Note:** QUERY_EVENT is written to the binary log if +* binlog_format of source server was set to STATEMENT (statement based replication) +* a DDL statement was executed +* COMMIT related to a non transactional storage engine + +#### RAND_EVENT +event_type value=13 (0x0D) + +```C +struct st_mariadb_rpl_rand_event { + unsigned long long first_seed; + unsigned long long second_seed; +}; +``` + +#### ROTATE_EVENT +event_type value=4 (0x04) + +```C +struct st_mariadb_rpl_rotate_event { + unsigned long long position; + MARIADB_STRING filename; +}; +``` + +#### WRITE_ROWS_EVENT_V1, UPDATE_ROWS_EVENT_V1, DELETE_ROWS_EVENT_V1 +event_type values= 23, 24, 25 (0x17, 0x18, 0x19) + +```C +struct st_mariadb_rpl_rows_event { + enum mariadb_row_event_type type; + uint64_t table_id; + uint16_t flags; + uint32_t column_count; + char *column_bitmap; + char *column_update_bitmap; + size_t row_data_size; + void *row_data; +}; +``` + +#### TABLE_MAP_EVENT +event_type value=19 (0x13) + +```C +struct st_mariadb_rpl_table_map_event { + unsigned long long table_id; + MARIADB_STRING database; + MARIADB_STRING table; + unsigned int column_count; + MARIADB_STRING column_types; + MARIADB_STRING metadata; + char *null_indicator; +}; +``` + +#### USERVAR_EVENT +event_type value=14 (0x0E) + +```C +struct st_mariadb_rpl_uservar_event { + MARIADB_STRING name; + uint8_t is_null; + uint8_t type; + uint32_t charset_nr; + MARIADB_STRING value; + uint8_t flags; +}; +``` + +#### XID_EVENT +event_type value=16 (0x10) + +```C +struct st_mariadb_rpl_xid_event { + uint64_t transaction_nr; +}; +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/rpl_types_definitions.md mariadb-11.8.8/libmariadb/docs/rpl_types_definitions.md --- mariadb-11.8.6/libmariadb/docs/rpl_types_definitions.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/rpl_types_definitions.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,104 @@ +# Binlog/Replication API Types and definitions + +## mariadb_rpl_option +```C +enum mariadb_rpl_option { + MARIADB_RPL_FILENAME, /* Filename and length */ + MARIADB_RPL_START, /* Start position */ + MARIADB_RPL_SERVER_ID, /* Server ID */ + MARIADB_RPL_FLAGS, /* Protocol flags */ + MARIADB_RPL_GTID_CALLBACK, /* GTID callback function */ + MARIADB_RPL_GTID_DATA, /* GTID data */ + MARIADB_RPL_BUFFER +}; +``` + +## mariadb_rpl_event +```C +enum mariadb_rpl_event { + UNKNOWN_EVENT= 0, + START_EVENT_V3= 1, + QUERY_EVENT= 2, + STOP_EVENT= 3, + ROTATE_EVENT= 4, + INTVAR_EVENT= 5, + LOAD_EVENT= 6, + SLAVE_EVENT= 7, + CREATE_FILE_EVENT= 8, + APPEND_BLOCK_EVENT= 9, + EXEC_LOAD_EVENT= 10, + DELETE_FILE_EVENT= 11, + NEW_LOAD_EVENT= 12, + RAND_EVENT= 13, + USER_VAR_EVENT= 14, + FORMAT_DESCRIPTION_EVENT= 15, + XID_EVENT= 16, + BEGIN_LOAD_QUERY_EVENT= 17, + EXECUTE_LOAD_QUERY_EVENT= 18, + TABLE_MAP_EVENT = 19, + + PRE_GA_WRITE_ROWS_EVENT = 20, /* deprecated */ + PRE_GA_UPDATE_ROWS_EVENT = 21, /* deprecated */ + PRE_GA_DELETE_ROWS_EVENT = 22, /* deprecated */ + + WRITE_ROWS_EVENT_V1 = 23, + UPDATE_ROWS_EVENT_V1 = 24, + DELETE_ROWS_EVENT_V1 = 25, + INCIDENT_EVENT= 26, + HEARTBEAT_LOG_EVENT= 27, + IGNORABLE_LOG_EVENT= 28, + ROWS_QUERY_LOG_EVENT= 29, + WRITE_ROWS_EVENT = 30, + UPDATE_ROWS_EVENT = 31, + DELETE_ROWS_EVENT = 32, + GTID_LOG_EVENT= 33, + ANONYMOUS_GTID_LOG_EVENT= 34, + PREVIOUS_GTIDS_LOG_EVENT= 35, + TRANSACTION_CONTEXT_EVENT= 36, + VIEW_CHANGE_EVENT= 37, + XA_PREPARE_LOG_EVENT= 38, + + /* + Add new events here - right above this comment! + Existing events (except ENUM_END_EVENT) should never change their numbers + */ + + /* New MySQL/Sun events are to be added right above this comment */ + MYSQL_EVENTS_END, + + MARIA_EVENTS_BEGIN= 160, + ANNOTATE_ROWS_EVENT= 160, + BINLOG_CHECKPOINT_EVENT= 161, + GTID_EVENT= 162, + GTID_LIST_EVENT= 163, + START_ENCRYPTION_EVENT= 164, + QUERY_COMPRESSED_EVENT = 165, + WRITE_ROWS_COMPRESSED_EVENT_V1 = 166, + UPDATE_ROWS_COMPRESSED_EVENT_V1 = 167, + DELETE_ROWS_COMPRESSED_EVENT_V1 = 168, + WRITE_ROWS_COMPRESSED_EVENT = 169, + UPDATE_ROWS_COMPRESSED_EVENT = 170, + DELETE_ROWS_COMPRESSED_EVENT = 171, + + /* Add new MariaDB events here - right above this comment! */ + + ENUM_END_EVENT /* end marker */ +}; +``` + +## mariadb_row_event_type +```C +enum mariadb_row_event_type { + WRITE_ROWS= 0, + UPDATE_ROWS= 1, + DELETE_ROWS= 2 +}; + +``` + +## Flags +```C +#define MARIADB_RPL_BINLOG_DUMP_NON_BLOCK 1 +#define MARIADB_RPL_BINLOG_SEND_ANNOTATE_ROWS 2 +#define MARIADB_RPL_IGNORE_HEARTBEAT (1 << 17) +``` \ No newline at end of file diff -Nru mariadb-11.8.6/libmariadb/docs/types.md mariadb-11.8.8/libmariadb/docs/types.md --- mariadb-11.8.6/libmariadb/docs/types.md 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/libmariadb/docs/types.md 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,186 @@ +MariaDB Connector/C provides the following types and definitions. + +### Enumeration Types + +#### enum mysql_option + +`enum mysql_option` is used as a parameter in +[mysql_optionsv()](mysql_optionsv) and +[mysql_get_optionsv()](mysql_get_optionsv) API functions. For +a list of integral constants and their meanings please check the +documentation of [mysql_get_optionsv()](mysql_get_optionsv). + +#### enum enum_mysql_timestamp_type + +`enum enum_mysql_timestamp_type` is used in the +[MYSQL_TIME](MYSQL_TIME) structure and indicates the type. It has the +following constants: + + - MYSQL_TIMESTAMP_NONE + - MYSQL_TIMESTAMP_ERROR + - MYSQL_TIMESTAMP_DATE + - MYSQL_TIMESTAMP_DATETIME + - MYSQL_TIMESTAMP_TIME + +#### enum mysql_set_option + +`enum mysql_set_option` is used as a parameter in +[mysql_set_server_option()](mysql_set_server_option) and has +the following constants: + + - MYSQL_OPTIONS_MULTI_STATEMENTS_ON + - MYSQL_OPTIONS_MULTI_STATEMENTS_OFF + +#### enum enum_field_types + +`enum field_types` describes the different field types used by MariaDB +\] and has the following constants: + +| Field type | Description | +| ---------------------------- | -------------| +| MYSQL_TYPE_DECIMAL | +| MYSQL_TYPE_TINY | 1 byte integer | +| MYSQL_TYPE_SHORT | 2 byte integer | +| MYSQL_TYPE_LONG | 4 byte integer | +| MYSQL_TYPE_FLOAT | 4 byte float value | +| MYSQL_TYPE_DOUBLE | 8 byte double precision value | +| MYSQL_TYPE_NULL | NULL value | +| MYSQL_TYPE_TIMESTAMP | Timestamp value. In Binary protocol stored as MYSQL_TIME, in text protocol as string | +| MYSQL_TYPE_LONGLONG | 8 byte integer | +| MYSQL_TYPE_INT24 | 3 byte integer | +| MYSQL_TYPE_DATE | Date value. In Binary protocol stored as MYSQL_TIME, in text protocol as string | +| MYSQL_TYPE_TIME | Time value. In Binary protocol stored as MYSQL_TIME, in text protocol as string | +| MYSQL_TYPE_DATETIME | DateTime value. In Binary protocol stored as MYSQL_TIME, in text protocol as string | +| MYSQL_TYPE_YEAR | 2-byte integer | +| MYSQL_TYPE_NEWDATE | +| MYSQL_TYPE_VARCHAR | Length encoded string | +| MYSQL_TYPE_BIT | +| MYSQL_TYPE_TIMESTAMP2 | +| MYSQL_TYPE_DATETIME2 | +| MYSQL_TYPE_TIME2 | +| MYSQL_TYPE_JSON | +| MYSQL_TYPE_NEWDECIMAL | +| MYSQL_TYPE_ENUM | +| MYSQL_TYPE_SET | +| MYSQL_TYPE_TINY_BLOB | +| MYSQL_TYPE_MEDIUM_BLOB | +| MYSQL_TYPE_LONG_BLOB | +| MYSQL_TYPE_BLOB | +| MYSQL_TYPE_VAR_STRING | +| MYSQL_TYPE_STRING | +| MYSQL_TYPE_GEOMETRY | + +#### enum mysql_enum_shutdown_level + +`enum mysql_enum_shutdown_level` is used as a parameter in +[mysql_server_shutdown()](mysql_server_shutdown) and has the +following constants: + + - SHUTDOWN_DEFAULT + - KILL_QUERY + - KILL_CONNECTION + +#### enum enum_stmt_attr_type + +`enum_stmt_attr_type` is used to set different statement options. For a +detailed description please check +[mysql_stmt_attr_set()](mysql_stmt_attr_set) function. + +#### enum enum_cursor_type + +`enum_cursor_type` specifies the cursor type and is used in +[mysql_stmt_attr_set()](mysql_stmt_attr_set) function. +Currently the following constants are supported: + + - CURSOR_TYPE_READ_ONLY + - CURSOR_TYPE_NO_CURSOR + +#### enum enum_indicator_type + +`enum_indicator_type` describes the type of indicator used for prepared +statements bulk operations. + +| | | +| ---------------------------- | -------------------------- | +| STMT_INDICATOR_NTS | String is zero terminated | +| STMT_INDICATOR_NONE | No indicator in use | +| STMT_INDICATOR_NULL | Value is NULL | +| STMT_INDICATOR_DEFAULT | Use default value | +| STMT_INDICATOR_IGNORE | Ignore the specified value | +| STMT_INDICATOR_IGNORE_ROW | Skip the current row | + +### Definitions + +#### Field Flags + +The following field flags are used in +[MYSQL_FIELD](mariadb-connectorc-data-structures/#mysql_field) +structure. +| | | | +| ------------------------ | ----- | ---------------------------------------------------------------- | +| Flag | Value | Description | +| NOT_NULL_FLAG | 1 | Field can't be NULL | +| PRI_KEY_FLAG | 2 | Field is part of primary key | +| UNIQUE_KEY_FLAG | 4 | Field is part of unique key | +| MULTIPLE_KEY_FLAG | 8 | Field is part of a key | +| BLOB_FLAG | 16 | Field is a blob | +| UNSIGNED_FLAG | 32 | Field is unsigned integer | +| ZEROFILL_FLAG | 64 | Field is zero filled | +| BINARY_FLAG | 128 | Field is binary | +| ENUM_FLAG | 256 | Field is enum | +| AUTO_INCREMENT_FLAG | 512 | Field is an autoincrement field | +| TIMESTAMP_FLAG | 1024 | Field is a timestamp | +| SET_FLAG | 2048 | Field is a set | +| NO_DEFAULT_VALUE_FLAG | 4096 | Field has no default value | +| ON_UPDATE_NOW_FLAG | 8192 | If a field is updated it will get the current time value (NOW()) | +| NUM_FLAG | 32768 | Field is numeric | + + +#### Server Status + +The server_status can be obtained by the +[mariadb_get_infov()](mariadb_get_infov) function using the +`MARIADB_CONNECTION_SERVER_STATUS` option. + +| | | | +| -------------------------------------- | ------- | ------------------------------------------------------------------------------------------------- | +| SERVER_STATUS_IN_TRANS | 1 | A transaction is currently active | +| SERVER_STATUS_AUTOCOMMIT | 2 | Autocommit mode is set | +| SERVER_MORE_RESULTS_EXISTS | 8 | more results exists (more packet follow) | +| SERVER_QUERY_NO_GOOD_INDEX_USED | 16 | | +| SERVER_QUERY_NO_INDEX_USED | 32 | | +| SERVER_STATUS_CURSOR_EXISTS | 64 | when using COM_STMT_FETCH, indicate that current cursor still has result | +| SERVER_STATUS_LAST_ROW_SENT | 128 | when using COM_STMT_FETCH, indicate that current cursor has finished to send results | +| SERVER_STATUS_DB_DROPPED | 1\<\<8 | database has been dropped | +| SERVER_STATUS_NO_BACKSLASH_ESCAPES | 1\<\<9 | current escape mode is "no backslash escape" | +| SERVER_STATUS_METADATA_CHANGED | 1\<\<10 | A DDL change did have an impact on an existing PREPARE (an automatic reprepare has been executed) | +| SERVER_QUERY_WAS_SLOW | 1\<\<11 | Last statement took more than the time value specified in server variable `long_query_time`. | +| SERVER_PS_OUT_PARAMS | 1\<\<12 | this resultset contain stored procedure output parameter | +| SERVER_STATUS_IN_TRANS_READONLY | 1\<\<13 | current transaction is a read-only transaction | +| SERVER_SESSION_STATE_CHANGED | 1\<\<14 | session state change. see Session change type for more information | + +#### TLS Verification flags + +| Flag | Description | +|-|-| +| MARIADB_TLS_VERIFY_OK (0x00) | No errors occured +| MARIADB_TLS_VERIFY_TRUST (0x01) | The peer certificate is not trusted (self signed) +| MARIADB_TLS_VERIFY_HOST (0x02) | The host name verification failed +| MARIADB_TLS_VERIFY_PERIOD (0x04) | The peer certificate is not yet valid or expired +| MARIADB_TLS_VERIFY_FINGERPRINT (0x08) | The fingerprint verification failed +| MARIADB_TLS_VERIFY_REVOKED (0x10) | The peer certificate was revoked +| MARIADB_TLS_VERIFY_UNKNOWN (0x20) | An unknown error occurred + +TLS verification flags were added in version 3.4.1 + +#### Macros + + +| | | +| -------------------------- | ------------------------------------------ | +| IS_PRI_KEY(flag) | True if the field is part of a primary key | +| IS_NOT_NULL(flags) | True if the field is defined as not NULL | +| IS_BLOB(flags) | True if the field is a text or blob field | +| IS_NUM(column_type) | True if the column type is numeric | +| IS_LONGDATA(column_type) | True if the column is a blob or text field | + diff -Nru mariadb-11.8.6/libmariadb/include/ma_crypt.h mariadb-11.8.8/libmariadb/include/ma_crypt.h --- mariadb-11.8.6/libmariadb/include/ma_crypt.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/include/ma_crypt.h 2026-05-24 09:58:33.000000000 +0000 @@ -122,18 +122,21 @@ @param[in] buffer_leng length of buffer @param[out] digest computed hash digest - @return void + @return 0 on success, 1 on failure */ -static inline void ma_hash(unsigned int algorithm, +static inline int ma_hash(unsigned int algorithm, const unsigned char *buffer, size_t buffer_length, unsigned char *digest) { - MA_HASH_CTX *ctx= NULL; + MA_HASH_CTX *ctx; ctx= ma_hash_new(algorithm); + if (!ctx) + return 1; ma_hash_input(ctx, buffer, buffer_length); ma_hash_result(ctx, digest); ma_hash_free(ctx); + return 0; } #endif /* _ma_crypt_h_ */ diff -Nru mariadb-11.8.6/libmariadb/include/ma_global.h mariadb-11.8.8/libmariadb/include/ma_global.h --- mariadb-11.8.6/libmariadb/include/ma_global.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/include/ma_global.h 2026-05-24 09:58:33.000000000 +0000 @@ -832,10 +832,7 @@ (((uint32) (uchar) (A)[2]) << 16) |\ (((uint32) (uchar) (A)[1]) << 8) | \ ((uint32) (uchar) (A)[0]))) -#define sint4korr(A) (int32) (((int32) ((uchar) (A)[0])) +\ - (((int32) ((uchar) (A)[1]) << 8)) +\ - (((int32) ((uchar) (A)[2]) << 16)) +\ - (((int32) ((int16) (A)[3]) << 24))) +#define sint4korr(A) (int32) uint4korr(A) #define sint8korr(A) (longlong) uint8korr(A) #define uint2korr(A) (uint16) (((uint16) ((uchar) (A)[0])) +\ ((uint16) ((uchar) (A)[1]) << 8)) diff -Nru mariadb-11.8.6/libmariadb/include/mariadb_com.h mariadb-11.8.8/libmariadb/include/mariadb_com.h --- mariadb-11.8.6/libmariadb/include/mariadb_com.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/include/mariadb_com.h 2026-05-24 09:58:33.000000000 +0000 @@ -471,7 +471,7 @@ #endif char *ma_scramble_323(char *to,const char *message,const char *password); -void ma_scramble_41(const unsigned char *buffer, const char *scramble, const char *password); +int ma_scramble_41(const unsigned char *buffer, const char *scramble, const char *password); void ma_hash_password(unsigned long *result, const char *password, size_t len); void ma_make_scrambled_password(char *to,const char *password); diff -Nru mariadb-11.8.6/libmariadb/include/mariadb_rpl.h mariadb-11.8.8/libmariadb/include/mariadb_rpl.h --- mariadb-11.8.6/libmariadb/include/mariadb_rpl.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/include/mariadb_rpl.h 2026-05-24 09:58:33.000000000 +0000 @@ -4,12 +4,12 @@ modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - + You should have received a copy of the GNU Library General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, @@ -39,7 +39,7 @@ #define FL_STMT_END 1 -/* GTID flags */ +/* GTID flags */ /* FL_STANDALONE is set in case there is no terminating COMMIT event. */ #define FL_STANDALONE 0x01 @@ -209,7 +209,7 @@ COLUMN_NAME, SET_STR_VALUE, ENUM_STR_VALUE, - GEOMETRY_TYPE, + GEOMETRY_TYPE, SIMPLE_PRIMARY_KEY, PRIMARY_KEY_WITH_PREFIX, ENUM_AND_SET_DEFAULT_CHARSET, @@ -262,7 +262,7 @@ is the active binary log. Note: When reading data via COM_BINLOG_DUMP this flag is never set. -*/ +*/ #define LOG_EVENT_BINLOG_IN_USE_F 0x0001 /* Looks like this flag is no longer in use */ @@ -317,6 +317,10 @@ unsigned long long sequence_nr; } MARIADB_GTID; +typedef struct st_rpl_timestamp { + uint32_t second; + uint32_t second_part; +} MARIADB_TIMESTAMP; /* Generic replication handle */ typedef struct st_mariadb_rpl { @@ -354,6 +358,7 @@ float f; double d; MYSQL_TIME tm; + MARIADB_TIMESTAMP ts; MARIADB_STRING str; } val; } MARIADB_RPL_VALUE; diff -Nru mariadb-11.8.6/libmariadb/libmariadb/CMakeLists.txt mariadb-11.8.8/libmariadb/libmariadb/CMakeLists.txt --- mariadb-11.8.6/libmariadb/libmariadb/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,12 @@ INCLUDE_DIRECTORIES(${CC_SOURCE_DIR}/include ${CC_SOURCE_DIR}/libmariadb) -ADD_DEFINITIONS(-D HAVE_COMPRESS) -ADD_DEFINITIONS(-D LIBMARIADB) -ADD_DEFINITIONS(-D THREAD) +add_compile_definitions(HAVE_COMPRESS) +add_compile_definitions(LIBMARIADB) +add_compile_definitions(THREAD) IF(APPLE) - ADD_DEFINITIONS(-D _XOPEN_SOURCE) + add_compile_definitions(_XOPEN_SOURCE) ENDIF() INCLUDE(${CC_SOURCE_DIR}/cmake/sign.cmake) @@ -330,7 +330,7 @@ ) IF(WIN32) - ADD_DEFINITIONS(-DSIZEOF_CHARP=${CMAKE_SIZEOF_VOID_P}) + add_compile_definitions(SIZEOF_CHARP=${CMAKE_SIZEOF_VOID_P}) INCLUDE_DIRECTORIES(${CC_SOURCE_DIR}/win-iconv) SET(LIBMARIADB_SOURCES ${LIBMARIADB_SOURCES} @@ -346,10 +346,10 @@ INCLUDE_DIRECTORIES(BEFORE ${ICONV_INCLUDE_DIR}) ENDIF() IF(NOT CMAKE_SYSTEM_NAME MATCHES AIX) - ADD_DEFINITIONS(-DLIBICONV_PLUG) + add_compile_definitions(LIBICONV_PLUG) ENDIF() IF(APPLE) - ADD_DEFINITIONS(-Wno-deprecated-declarations) + add_compile_options(-Wno-deprecated-declarations) ENDIF() ENDIF() @@ -414,16 +414,12 @@ ENDIF() -IF(CMAKE_VERSION VERSION_GREATER 2.8.7) - # CREATE OBJECT LIBRARY - ADD_LIBRARY(mariadb_obj OBJECT ${LIBMARIADB_SOURCES}) - IF(UNIX) - SET_TARGET_PROPERTIES(mariadb_obj PROPERTIES COMPILE_FLAGS "${CMAKE_SHARED_LIBRARY_C_FLAGS}") - ENDIF() - SET (MARIADB_OBJECTS $) -ELSE() - SET (MARIADB_OBJECTS ${LIBMARIADB_SOURCES}) +# CREATE OBJECT LIBRARY +ADD_LIBRARY(mariadb_obj OBJECT ${LIBMARIADB_SOURCES}) +IF(UNIX) + SET_TARGET_PROPERTIES(mariadb_obj PROPERTIES COMPILE_FLAGS "${CMAKE_SHARED_LIBRARY_C_FLAGS}") ENDIF() +SET (MARIADB_OBJECTS $) # Xcode doesn't support targets that have only object files, # so let's add an empty file to keep Xcode happy @@ -508,14 +504,8 @@ COMPONENT SharedLibraries DESTINATION ${INSTALL_LIBDIR}) ELSE() -# in cmake 3.12+ we can use -#INSTALL(TARGETS libmariadb LIBRARY DESTINATION ${INSTALL_LIBDIR} -# COMPONENT SharedLibraries NAMELINK_COMPONENT Development) -# but as long as we build on CentOS 7 with its cmake 2.8.12.2 we have to use -INSTALL(TARGETS libmariadb LIBRARY DESTINATION ${INSTALL_LIBDIR} - COMPONENT SharedLibraries NAMELINK_SKIP) INSTALL(TARGETS libmariadb LIBRARY DESTINATION ${INSTALL_LIBDIR} - COMPONENT Development NAMELINK_ONLY) + COMPONENT SharedLibraries NAMELINK_COMPONENT Development) ENDIF() IF(MSVC) diff -Nru mariadb-11.8.6/libmariadb/libmariadb/ma_charset.c mariadb-11.8.8/libmariadb/libmariadb/ma_charset.c --- mariadb-11.8.6/libmariadb/libmariadb/ma_charset.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/ma_charset.c 2026-05-24 09:58:33.000000000 +0000 @@ -253,9 +253,9 @@ /* {{{ big5 functions */ -#define valid_big5head(c) (0xA1 <= (unsigned int)(c) && (unsigned int)(c) <= 0xF9) -#define valid_big5tail(c) ((0x40 <= (unsigned int)(c) && (unsigned int)(c) <= 0x7E) || \ - (0xA1 <= (unsigned int)(c) && (unsigned int)(c) <= 0xFE)) +#define valid_big5head(c) (0xA1 <= (uchar)(c) && (uchar)(c) <= 0xF9) +#define valid_big5tail(c) ((0x40 <= (uchar)(c) && (uchar)(c) <= 0x7E) || \ + (0xA1 <= (uchar)(c) && (uchar)(c) <= 0xFE)) #define isbig5code(c,d) (isbig5head(c) && isbig5tail(d)) diff -Nru mariadb-11.8.6/libmariadb/libmariadb/ma_default.c mariadb-11.8.8/libmariadb/libmariadb/ma_default.c --- mariadb-11.8.6/libmariadb/libmariadb/ma_default.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/ma_default.c 2026-05-24 09:58:33.000000000 +0000 @@ -24,9 +24,12 @@ #include #include #include +#include #ifdef _WIN32 #include +#include +#include #include "shlwapi.h" #define access _access @@ -34,6 +37,7 @@ static const char *ini_exts[]= {"ini", "cnf", 0}; #define R_OK 4 #else +#include #include static const char *ini_exts[]= {"cnf", 0}; #endif @@ -152,6 +156,42 @@ return 0; } +static my_bool is_config_file(char *path) +{ + char *end; + if (access(path, R_OK)) { + return 0; + } + end = path + strlen(path); + for (int exts = 0; ini_exts[exts]; exts++) { + size_t ext_length = strlen(ini_exts[exts]); + char *ext_start = end - ext_length - 1; + + if ((ext_start >= path) && (*ext_start == '.')) { + #ifdef _WIN32 + if (!_stricmp(ext_start + 1, ini_exts[exts])) { + return 1; + } + #else + if (!strcmp(ext_start + 1, ini_exts[exts])) { + return 1; + } + #endif + } + } + return 0; +} + +static int compare_filenames(const void* a, const void* b) { + const char *name_a = *(const char **)a; + const char *name_b = *(const char **)b; + #ifdef _WIN32 + return _stricmp(name_a, name_b); + #else + return strcmp(name_a, name_b); + #endif +} + static my_bool _mariadb_read_options_from_file(MYSQL *mysql, const char *config_file, const char *group, @@ -200,8 +240,59 @@ end= strchr(val, 0); for ( ; isspace(end[-1]) ; end--) ; /* Remove end space */ *end= 0; - if (!strcmp(ptr, "includedir")) - _mariadb_read_options(mysql, (const char *)val, NULL, group, recursion + 1); + if (!strcmp(ptr, "includedir")) { + DYNAMIC_ARRAY filenames; + #ifdef _WIN32 + #define MAX_INCLUDE_PATH_LENGTH 4096 + MAX_PATH + HANDLE hFind = NULL; + WIN32_FIND_DATA fdFile; + TCHAR cIncDirFilePattern[MAX_INCLUDE_PATH_LENGTH]; + #else + #define MAX_INCLUDE_PATH_LENGTH 4096 + 256 + DIR *dir; + struct dirent *ent; + #endif + char inc_config_path[MAX_INCLUDE_PATH_LENGTH]; + ma_init_dynamic_array(&filenames, sizeof(char*), 10, 10); + #ifdef _WIN32 + for (int exts = 0; ini_exts[exts]; exts++) { + snprintf(cIncDirFilePattern, MAX_INCLUDE_PATH_LENGTH, "%s%c*.%s", val, FN_LIBCHAR, ini_exts[exts]); + if ((hFind = FindFirstFile((const char*)cIncDirFilePattern, &fdFile)) == INVALID_HANDLE_VALUE) { + continue; + } + do { + snprintf(inc_config_path, MAX_INCLUDE_PATH_LENGTH, "%s%c%s", val, FN_LIBCHAR, fdFile.cFileName); + if (!access(inc_config_path, R_OK)) { + char* filename = strdup(fdFile.cFileName); + ma_insert_dynamic(&filenames, (gptr)&filename); + } + } while (FindNextFile(hFind, &fdFile)); + FindClose(hFind); + } + #else + if (!(dir = opendir((const char *)val))) { + goto err; + } + while ((ent = readdir(dir))) { + snprintf(inc_config_path, MAX_INCLUDE_PATH_LENGTH, "%s%c%s", val, FN_LIBCHAR, ent->d_name); + if (is_config_file(inc_config_path)) { + /* _mariadb_read_options(mysql, NULL, (const char *)inc_config_path, group, recursion + 1); */ + char *filename = strdup(ent->d_name); + ma_insert_dynamic(&filenames, (gptr)&filename); + } + } + closedir(dir); + #endif + qsort(filenames.buffer, filenames.elements, filenames.size_of_element, compare_filenames); + for (uint fi = 0; fi < filenames.elements; fi++) { + char* filename; + ma_get_dynamic(&filenames, (void *)&filename, fi); + snprintf(inc_config_path, MAX_INCLUDE_PATH_LENGTH, "%s%c%s", val, FN_LIBCHAR, filename); + _mariadb_read_options(mysql, NULL, (const char *)inc_config_path, group, recursion + 1); + free(filename); + } + ma_delete_dynamic(&filenames); + } else if (!strcmp(ptr, "include")) _mariadb_read_options(mysql, NULL, (const char *)val, group, recursion + 1); continue; diff -Nru mariadb-11.8.6/libmariadb/libmariadb/ma_password.c mariadb-11.8.8/libmariadb/libmariadb/ma_password.c --- mariadb-11.8.6/libmariadb/libmariadb/ma_password.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/ma_password.c 2026-05-24 09:58:33.000000000 +0000 @@ -98,21 +98,25 @@ } } -void ma_scramble_41(const unsigned char *buffer, const char *scramble, const char *password) +int ma_scramble_41(const unsigned char *buffer, const char *scramble, const char *password) { MA_HASH_CTX *ctx; unsigned char sha1[MA_SHA1_HASH_SIZE]; unsigned char sha2[MA_SHA1_HASH_SIZE]; - + /* Phase 1: hash password */ - ma_hash(MA_HASH_SHA1, (unsigned char *)password, strlen(password), sha1); + if (ma_hash(MA_HASH_SHA1, (unsigned char *)password, strlen(password), sha1)) + return 1; /* Phase 2: hash sha1 */ - ma_hash(MA_HASH_SHA1, (unsigned char *)sha1, MA_SHA1_HASH_SIZE, sha2); + if (ma_hash(MA_HASH_SHA1, (unsigned char *)sha1, MA_SHA1_HASH_SIZE, sha2)) + return 1; /* Phase 3: hash scramble + sha2 */ ctx= ma_hash_new(MA_HASH_SHA1); + if (!ctx) + return 1; ma_hash_input(ctx, (unsigned char *)scramble, SCRAMBLE_LENGTH); ma_hash_input(ctx, (unsigned char *)sha2, MA_SHA1_HASH_SIZE); ma_hash_result(ctx, (unsigned char *)buffer); @@ -120,6 +124,7 @@ /* let's crypt buffer now */ my_crypt((uchar *)buffer, (const unsigned char *)buffer, (const unsigned char *)sha1, MA_SHA1_HASH_SIZE); + return 0; } /* }}} */ diff -Nru mariadb-11.8.6/libmariadb/libmariadb/ma_stmt_codec.c mariadb-11.8.8/libmariadb/libmariadb/ma_stmt_codec.c --- mariadb-11.8.6/libmariadb/libmariadb/ma_stmt_codec.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/ma_stmt_codec.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,19 +1,19 @@ /**************************************************************************** Copyright (C) 2012 Monty Program AB - + This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. - + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - + You should have received a copy of the GNU Library General Public License along with this library; if not see - or write to the Free Software Foundation, Inc., + or write to the Free Software Foundation, Inc., 51 Franklin St., Fifth Floor, Boston, MA 02110, USA Part of this code includes code from the PHP project which @@ -21,7 +21,7 @@ *****************************************************************************/ /* The implementation for prepared statements was ported from PHP's mysqlnd - extension, written by Andrey Hristov, Georg Richter and Ulf Wendel + extension, written by Andrey Hristov, Georg Richter and Ulf Wendel Original file header: +----------------------------------------------------------------------+ @@ -409,7 +409,7 @@ } /* - Parse (not null terminated) string representing + Parse (not null terminated) string representing TIME, DATE, or DATETIME into MYSQL_TIME structure The supported formats by this functions are @@ -473,7 +473,7 @@ { if (parse_time(p, end - p, &p, tm)) goto error; - + tm->year = tm->month = tm->day = 0; tm->time_type = MYSQL_TIMESTAMP_TIME; return 0; @@ -633,9 +633,16 @@ dbl= (is_unsigned) ? ulonglong2double((ulonglong)val) : (double)val; doublestore(r_param->buffer, dbl); - *r_param->error = (dbl != ceil(dbl)) || - (is_unsigned ? (ulonglong )dbl != (ulonglong)val : - (longlong)dbl != (longlong)val); + if (dbl != ceil(dbl)) + *r_param->error= 1; + else if (is_unsigned) + *r_param->error= dbl < 0 || + dbl >= (double)ULONGLONG_MAX || + (ulonglong)dbl != (ulonglong)val; + else + *r_param->error= dbl < (double)LONGLONG_MIN || + dbl >= (double)LONGLONG_MAX || + (longlong)dbl != (longlong)val; r_param->buffer_length= 8; break; @@ -645,9 +652,18 @@ volatile float fval; fval= is_unsigned ? (float)(ulonglong)(val) : (float)val; floatstore((uchar *)r_param->buffer, fval); - *r_param->error= (fval != ceilf(fval)) || - (is_unsigned ? (ulonglong)fval != (ulonglong)val : - (longlong)fval != val); + + if (fval != ceilf(fval)) + *r_param->error= 1; + else if (is_unsigned) + *r_param->error= fval < 0 || + fval >= (float)ULONGLONG_MAX || + (ulonglong)fval != (ulonglong)val; + else + *r_param->error= fval < (float)LONGLONG_MIN || + fval >= (float)LONGLONG_MAX || + (longlong)fval != val; + r_param->buffer_length= 4; } break; @@ -695,7 +711,7 @@ /* }}} */ #define GET_LVALUE_FROM_ROW(is_unsigned, data, ucast, scast)\ - (is_unsigned) ? (longlong)(ucast) *(longlong *)(data) : (longlong)(scast) *(longlong *)(data) + (is_unsigned) ? (longlong)(ucast) *(longlong *)(data) : (longlong)(scast) *(longlong *)(data) /* {{{ ps_fetch_int8 */ static void ps_fetch_int8(MYSQL_BIND *r_param, const MYSQL_FIELD * const field, @@ -757,7 +773,7 @@ case MYSQL_TYPE_INT24: case MYSQL_TYPE_LONG: ps_fetch_from_1_to_8_bytes(r_param, field, row, 4); - break; + break; default: { int32 sval= sint4korr(*row); @@ -824,14 +840,14 @@ ushort sval= (ushort)val; shortstore(buf, sval); *r_param->error= check_trunc_val != (double)sval; - } else { + } else { short sval= (short)val; shortstore(buf, sval); *r_param->error= check_trunc_val != (double)sval; - } + } r_param->buffer_length= 2; } - break; + break; case MYSQL_TYPE_LONG: { if (r_param->is_unsigned) @@ -846,7 +862,7 @@ } r_param->buffer_length= 4; } - break; + break; case MYSQL_TYPE_LONGLONG: { if (r_param->is_unsigned) @@ -861,7 +877,7 @@ } r_param->buffer_length= 8; } - break; + break; case MYSQL_TYPE_DOUBLE: { double dval= (double)val; @@ -898,9 +914,9 @@ } convert_froma_string(r_param, buff, length); - } + } break; - } + } } static void convert_from_double(MYSQL_BIND *r_param, const MYSQL_FIELD *field, double val, int size __attribute__((unused))) @@ -923,14 +939,14 @@ ushort sval= (ushort)val; shortstore(buf, sval); *r_param->error= check_trunc_val != (double)sval; - } else { + } else { short sval= (short)val; shortstore(buf, sval); *r_param->error= check_trunc_val != (double)sval; - } + } r_param->buffer_length= 2; } - break; + break; case MYSQL_TYPE_LONG: { if (r_param->is_unsigned) @@ -945,7 +961,7 @@ } r_param->buffer_length= 4; } - break; + break; case MYSQL_TYPE_LONGLONG: { if (r_param->is_unsigned) @@ -960,7 +976,7 @@ } r_param->buffer_length= 8; } - break; + break; case MYSQL_TYPE_FLOAT: { float fval= (float)val; @@ -997,9 +1013,9 @@ length= field->length; } convert_froma_string(r_param, buff, length); - } + } break; - } + } } @@ -1069,7 +1085,7 @@ unsigned char *to= *row; int has_date= 0; uint offset= 7; - + if (type == MYSQL_TYPE_TIME) { t->neg= to[0]; @@ -1134,7 +1150,7 @@ shortstore(r_param->buffer, tm.year); break; } - default: + default: { char dtbuffer[60]; MYSQL_TIME tm; @@ -1186,7 +1202,7 @@ unsigned char **row) { /* C-API differs from PHP. While PHP just converts string to string, - C-API needs to convert the string to the defined type with in + C-API needs to convert the string to the defined type with in the result bind buffer. */ ulong field_length= net_field_length(row); @@ -1198,7 +1214,7 @@ /* {{{ ps_fetch_bin */ static -void ps_fetch_bin(MYSQL_BIND *r_param, +void ps_fetch_bin(MYSQL_BIND *r_param, const MYSQL_FIELD *field, unsigned char **row) { @@ -1266,7 +1282,7 @@ mysql_ps_fetch_functions[MYSQL_TYPE_DOUBLE].func = ps_fetch_double; mysql_ps_fetch_functions[MYSQL_TYPE_DOUBLE].pack_len = 8; mysql_ps_fetch_functions[MYSQL_TYPE_DOUBLE].max_len = MAX_DOUBLE_STRING_REP_LENGTH; - + mysql_ps_fetch_functions[MYSQL_TYPE_TIME].func = ps_fetch_datetime; mysql_ps_fetch_functions[MYSQL_TYPE_TIME].pack_len = MYSQL_PS_SKIP_RESULT_W_LEN; mysql_ps_fetch_functions[MYSQL_TYPE_TIME].max_len = 17; @@ -1278,7 +1294,7 @@ mysql_ps_fetch_functions[MYSQL_TYPE_NEWDATE].func = ps_fetch_string; mysql_ps_fetch_functions[MYSQL_TYPE_NEWDATE].pack_len = MYSQL_PS_SKIP_RESULT_W_LEN; mysql_ps_fetch_functions[MYSQL_TYPE_NEWDATE].max_len = -1; - + mysql_ps_fetch_functions[MYSQL_TYPE_DATETIME].func = ps_fetch_datetime; mysql_ps_fetch_functions[MYSQL_TYPE_DATETIME].pack_len= MYSQL_PS_SKIP_RESULT_W_LEN; mysql_ps_fetch_functions[MYSQL_TYPE_DATETIME].max_len = 30; @@ -1286,7 +1302,7 @@ mysql_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].func = ps_fetch_datetime; mysql_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].pack_len= MYSQL_PS_SKIP_RESULT_W_LEN; mysql_ps_fetch_functions[MYSQL_TYPE_TIMESTAMP].max_len = 30; - + mysql_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].func = ps_fetch_bin; mysql_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].pack_len= MYSQL_PS_SKIP_RESULT_STR; mysql_ps_fetch_functions[MYSQL_TYPE_TINY_BLOB].max_len = -1; @@ -1294,7 +1310,7 @@ mysql_ps_fetch_functions[MYSQL_TYPE_BLOB].func = ps_fetch_bin; mysql_ps_fetch_functions[MYSQL_TYPE_BLOB].pack_len = MYSQL_PS_SKIP_RESULT_STR; mysql_ps_fetch_functions[MYSQL_TYPE_BLOB].max_len = -1; - + mysql_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].func = ps_fetch_bin; mysql_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].pack_len= MYSQL_PS_SKIP_RESULT_STR; mysql_ps_fetch_functions[MYSQL_TYPE_MEDIUM_BLOB].max_len = -1; diff -Nru mariadb-11.8.6/libmariadb/libmariadb/mariadb_lib.c mariadb-11.8.8/libmariadb/libmariadb/mariadb_lib.c --- mariadb-11.8.6/libmariadb/libmariadb/mariadb_lib.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/mariadb_lib.c 2026-05-24 09:58:33.000000000 +0000 @@ -809,63 +809,78 @@ if (ma_insert_dynamic(options->init_command, (gptr)&insert)) free(insert); } + my_bool _mariadb_set_conf_option(MYSQL *mysql, const char *config_option, const char *config_value) { - if (config_option) - { - int i; - char *c; - - /* CONC-395: replace underscore "_" by dash "-" */ - while ((c= strchr(config_option, '_'))) - *c= '-'; - - for (i=0; mariadb_defaults[i].conf_key; i++) + if (config_option) { - if (!strcmp(mariadb_defaults[i].conf_key, config_option)) - { - my_bool val_bool; - int val_int; - size_t val_sizet; - int rc; - void *option_val= NULL; - switch (mariadb_defaults[i].type) { - case MARIADB_OPTION_FUNC: - return mariadb_defaults[i].u.option_func(mysql, config_option, config_value, -1); - case MARIADB_OPTION_BOOL: - val_bool= 0; - if (config_value) - val_bool= atoi(config_value); - option_val= &val_bool; - break; - case MARIADB_OPTION_INT: - val_int= 0; - if (config_value) - val_int= atoi(config_value); - option_val= &val_int; - break; - case MARIADB_OPTION_SIZET: - val_sizet= 0; - if (config_value) - val_sizet= strtol(config_value, NULL, 10); - option_val= &val_sizet; - break; - case MARIADB_OPTION_STR: - if (config_value && !config_value[0]) - option_val= NULL; - else - option_val= (void*)config_value; - break; - case MARIADB_OPTION_NONE: - break; + int i; + char *c; + char *mutable_option = strdup(config_option); + + if (!mutable_option) + return 1; + + /* CONC-395: replace underscore "_" by dash "-" */ + while ((c = strchr(mutable_option, '_'))) + *c = '-'; + + for (i = 0; mariadb_defaults[i].conf_key; i++) + { + if (!strcmp(mariadb_defaults[i].conf_key, mutable_option)) + { + my_bool val_bool; + int val_int; + size_t val_sizet; + int rc; + void *option_val = NULL; + + switch (mariadb_defaults[i].type) { + case MARIADB_OPTION_FUNC: + { + int ret= mariadb_defaults[i].u.option_func(mysql, mutable_option, config_value, -1); + free(mutable_option); + return ret; + } + case MARIADB_OPTION_BOOL: + val_bool = 0; + if (config_value) + val_bool = atoi(config_value); + option_val = &val_bool; + break; + case MARIADB_OPTION_INT: + val_int = 0; + if (config_value) + val_int = atoi(config_value); + option_val = &val_int; + break; + case MARIADB_OPTION_SIZET: + val_sizet = 0; + if (config_value) + val_sizet = strtol(config_value, NULL, 10); + option_val = &val_sizet; + break; + case MARIADB_OPTION_STR: + if (config_value && !config_value[0]) + option_val = NULL; + else + option_val = (void*)config_value; + break; + case MARIADB_OPTION_NONE: + break; + } + + rc = mysql_optionsv(mysql, mariadb_defaults[i].u.option, option_val); + free(mutable_option); + return test(rc); + } } - rc= mysql_optionsv(mysql, mariadb_defaults[i].u.option, option_val); - return(test(rc)); - } + + free(mutable_option); } - } - /* unknown key */ - return 1; + + /* unknown key */ + return 1; } /** @@ -1507,7 +1522,7 @@ const char *passwd, const char *db, uint port, const char *unix_socket,unsigned long client_flag) { - char *end= NULL; + const char *end= NULL; char *connection_handler= (mysql->options.extension) ? mysql->options.extension->connection_handler : 0; diff -Nru mariadb-11.8.6/libmariadb/libmariadb/mariadb_rpl.c mariadb-11.8.8/libmariadb/libmariadb/mariadb_rpl.c --- mariadb-11.8.6/libmariadb/libmariadb/mariadb_rpl.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/mariadb_rpl.c 2026-05-24 09:58:33.000000000 +0000 @@ -260,7 +260,7 @@ s->length= len; } -static uint8_t rpl_alloc_set_string_and_len(MARIADB_RPL_EVENT *event, +static uint8_t rpl_alloc_set_string_and_len(MARIADB_RPL_EVENT *event, MARIADB_STRING *s, void *buffer, size_t len) @@ -325,6 +325,7 @@ tm->second_part= myisam_sint3korr(ptr); return 3; default: + tm->second_part= 0; return 0; } } @@ -430,7 +431,7 @@ column->val.ull= uint1korr(pos); pos++; break; - case MYSQL_TYPE_YEAR: + case MYSQL_TYPE_YEAR: column->val.ull= uint1korr(pos++) + 1900; break; case MYSQL_TYPE_SHORT: @@ -438,12 +439,12 @@ column->val.ull= uint2korr(pos); pos+= 2; break; - case MYSQL_TYPE_INT24: + case MYSQL_TYPE_INT24: column->val.ll= sint3korr(pos); column->val.ull= uint3korr(pos); pos+= 3; break; - case MYSQL_TYPE_LONG: + case MYSQL_TYPE_LONG: column->val.ll= sint4korr(pos); column->val.ull= uint4korr(pos); pos+= 4; @@ -467,7 +468,7 @@ dec.len= sizeof(buf) / sizeof(decimal_digit); bin_size= decimal_bin_size(precision, scale); - bin2decimal((char *)pos, &dec, precision, scale); + bin2decimal((char *)pos, &dec, precision, scale); decimal2string(&dec, str, &s_len); pos+= bin_size; @@ -503,22 +504,19 @@ } case MYSQL_TYPE_TIMESTAMP: { - column->val.ull= uint4korr(pos); + column->val.ts.second= myisam_uint4korr(pos); + column->val.ts.second_part= 0; pos+= 4; break; } case MYSQL_TYPE_TIMESTAMP2: { - char tmp[20]; - uint32_t p1= uint4korr(pos); - uint8_t f_len= *metadata++; - uint32_t p2; + MYSQL_TIME tm; + column->val.ts.second= myisam_uint4korr(pos); pos+= 4; - p2= (uint32_t)uintNkorr(f_len, pos); - pos+= f_len; - sprintf(tmp, "%d.%d", p1, p2); - if (rpl_alloc_set_string_and_len(row_event, &column->val.str, tmp, strlen(tmp))) - goto mem_error; + pos+= ma_rpl_get_second_part(&tm, pos, metadata); + metadata++; + column->val.ts.second_part= tm.second_part; break; } case MYSQL_TYPE_DATE: @@ -530,7 +528,7 @@ tm->month= (int)(d_val / 32 % 16); tm->day= d_val % 32; tm->time_type= MYSQL_TIMESTAMP_DATE; - break; + break; } case MYSQL_TYPE_TIME2: { @@ -564,7 +562,7 @@ tm->day= (unsigned int)date_part % (1 << 5); tm->month= (unsigned int)(date_part >> 5) % 13; tm->year= (unsigned int)(date_part >> 5) / 13; - + tm->second= time_part % (1 << 6); tm->minute= (time_part >> 6) % (1 << 6); tm->hour= (uint32_t)(time_part >> 12); @@ -637,7 +635,7 @@ tm->minute= (unsigned int)(t/100) % 100; tm->second= (unsigned int)t % 100; tm->time_type= MYSQL_TIMESTAMP_TIME; - break; + break; } case MYSQL_TYPE_DATETIME: { @@ -655,7 +653,7 @@ tm->time_type= MYSQL_TIMESTAMP_DATETIME; break; } - + default: break; @@ -766,7 +764,7 @@ */ unsigned char *p, buffer[1024]; size_t len= MIN(strlen(rpl->host), 255); - + p= buffer; int4store(p, rpl->server_id); p+= 4; @@ -918,7 +916,7 @@ buf++; - /* Attention: we can't use uint*korr, here, we need myisam macros since + /* Attention: we can't use uint*korr, here, we need myisam macros since length is stored in high byte first order */ switch(*header_size) { @@ -1049,7 +1047,7 @@ if (rpl->mysql->net.read_pos[1 + 4] == HEARTBEAT_LOG_EVENT) continue; } - + if (!(rpl_event->raw_data= ma_alloc_root(&rpl_event->memroot, pkt_len))) goto mem_error; @@ -1126,7 +1124,7 @@ /****************************************************************** Binlog event header: - + All binary log events have the same header: - uint32_t timestamp: creation time - uint8_t event_type: type code of the event @@ -1140,7 +1138,7 @@ - uint16_t flags: flags The size of binlog event header must match the header size returned - by FORMAT_DESCIPTION_EVENT. In version 4 it is always 19. + by FORMAT_DESCIPTION_EVENT. In version 4 it is always 19. ********************************************************************/ RPL_CHECK_POS(ev, ev_end, RPL_EVENT_HEADER_SIZE); rpl_event->timestamp= uint4korr(ev); @@ -1298,7 +1296,7 @@ len= ev_end - ev - 5; rpl_set_string_and_len(&rpl_event->event.format_description.post_header_lengths, ev, len); memset(rpl->post_header_len, 0, ENUM_END_EVENT); - memcpy(rpl->post_header_len, rpl_event->event.format_description.post_header_lengths.str, + memcpy(rpl->post_header_len, rpl_event->event.format_description.post_header_lengths.str, MIN(len, ENUM_END_EVENT)); ev+= len; @@ -1386,12 +1384,12 @@ byte column_types[column_count], 1 byte for each column int meta_data_size - byte netadata{metadata_size] + byte netadata[metadata_size] byte bit fields, indicating which column can be null n= (column_count + 7) / 8; - + if (remaining_bytes) - byte optional metadata + byte optional metadata */ RPL_CHECK_POST_HEADER_LEN(ev, ev_end, TABLE_MAP_EVENT); @@ -1437,8 +1435,8 @@ rpl_parse_opt_metadata(rpl_event, ev, len); ev+= len; } - - break; + } + break; case RAND_EVENT: RPL_CHECK_POS(ev, ev_end, 16); @@ -1448,7 +1446,6 @@ ev+= 8; break; - } case INTVAR_EVENT: RPL_CHECK_POS(ev, ev_end, 9); @@ -1466,7 +1463,7 @@ rpl_set_string_and_len(&rpl_event->event.uservar.name, ev, len); ev+= len; RPL_CHECK_POS(ev, ev_end, 1); - if (!(rpl_event->event.uservar.is_null= (uint8)*ev)) + if (!(rpl_event->event.uservar.is_null= (uint8)*ev)) { ev++; RPL_CHECK_POS(ev, ev_end, 9); @@ -1555,7 +1552,7 @@ rpl_set_string_and_len(&rpl_event->event.rotate.filename, ev, len); if (ma_set_rpl_filename(rpl, ev, len)) goto mem_error; - + ev+= len; break; @@ -1600,7 +1597,7 @@ break; case STOP_EVENT: - /* + /* STOP_EVENT - server shutdown or crash. It's always the last written event after shutdown or after resuming from crash. @@ -1613,7 +1610,7 @@ case PREVIOUS_GTIDS_LOG_EVENT: { - /* + /* PREVIOUS_GTID_LOG_EVENT (MySQL only): 8-bytes, always zero ?! @@ -1725,10 +1722,10 @@ RPL_CHECK_POS(ev, ev_end, rpl_event->event.gtid_list.gtid_cnt * 16); /* Payload */ - if (rpl_event->event.gtid_list.gtid_cnt) + if (rpl_event->event.gtid_list.gtid_cnt) { uint32_t i; - if (!(rpl_event->event.gtid_list.gtid= + if (!(rpl_event->event.gtid_list.gtid= (MARIADB_GTID *)ma_calloc_root(&rpl_event->memroot, sizeof(MARIADB_GTID) * rpl_event->event.gtid_list.gtid_cnt))) goto mem_error; @@ -1892,6 +1889,9 @@ return rpl_event; } + /* Safe guard */ + RPL_CHECK_POS(ev, ev_end, 0); + /* check if we have to send acknowledgement to primary when semi sync replication is used */ if (rpl_event->is_semi_sync && @@ -1914,7 +1914,7 @@ crc= crc32(crc, checksum_start, (uint32_t)(ev_end - checksum_start - 4)); if (rpl_event->checksum != (uint32_t)crc) { - rpl_set_error(rpl, CR_ERR_CHECKSUM_VERIFICATION_ERROR, SQLSTATE_UNKNOWN, 0, + rpl_set_error(rpl, CR_ERR_CHECKSUM_VERIFICATION_ERROR, SQLSTATE_UNKNOWN, 0, RPL_ERR_POS(rpl), rpl_event->checksum, (uint32_t)crc); mariadb_free_rpl_event(rpl_event); diff -Nru mariadb-11.8.6/libmariadb/libmariadb/mariadb_stmt.c mariadb-11.8.8/libmariadb/libmariadb/mariadb_stmt.c --- mariadb-11.8.6/libmariadb/libmariadb/mariadb_stmt.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/mariadb_stmt.c 2026-05-24 09:58:33.000000000 +0000 @@ -448,7 +448,8 @@ stmt->bind[i].u.row_ptr= NULL; if (!stmt->bind[i].length) stmt->bind[i].length= &stmt->bind[i].length_value; - *stmt->bind[i].length= stmt->bind[i].length_value= 0; + if (mysql_ps_fetch_functions[stmt->fields[i].type].pack_len < 0) + *stmt->bind[i].length= stmt->bind[i].length_value= 0; } } else { @@ -924,7 +925,7 @@ if (ma_get_indicator(stmt, i, row) == STMT_INDICATOR_IGNORE_ROW) return '\1'; } - + return '\0'; } /* }}} */ @@ -1437,7 +1438,15 @@ if (!stmt->bind[i].error) stmt->bind[i].error= &stmt->bind[i].error_value; + if (mysql_ps_fetch_functions[stmt->bind[i].buffer_type].pack_len >= 0) + { + *stmt->bind[i].length= stmt->bind[i].length_value= mysql_ps_fetch_functions[stmt->bind[i].buffer_type].pack_len; + } else { + *stmt->bind[i].length= stmt->bind[i].length_value= 0; + } + /* set length values for numeric types */ +/* switch(bind[i].buffer_type) { case MYSQL_TYPE_NULL: *stmt->bind[i].length= stmt->bind[i].length_value= 0; @@ -1467,6 +1476,7 @@ default: break; } +*/ } stmt->bind_result_done= 1; CLEAR_CLIENT_STMT_ERROR(stmt); @@ -1858,7 +1868,7 @@ if (!is_multi && mysql->net.extension->multi_status == COM_MULTI_ENABLED) if (ma_multi_command(mysql, COM_MULTI_END)) goto fail; - + if (mysql->net.extension->multi_status > COM_MULTI_OFF || mysql->options.extension->skip_read_response) return 0; @@ -2002,7 +2012,7 @@ ret= test((mysql->methods->db_read_stmt_result && mysql->methods->db_read_stmt_result(mysql))); - + if (!ret && mysql->field_count && !mysql->fields) { /* @@ -2108,7 +2118,7 @@ } if ((stmt->upsert_status.server_status & SERVER_STATUS_CURSOR_EXISTS) && - (stmt->flags & CURSOR_TYPE_READ_ONLY)) + (stmt->flags & CURSOR_TYPE_READ_ONLY)) { stmt->cursor_exists = TRUE; mysql->status = MYSQL_STATUS_READY; @@ -2218,7 +2228,7 @@ if (!request) return 1; - ret= stmt->mysql->methods->db_command(mysql, + ret= stmt->mysql->methods->db_command(mysql, stmt->array_size > 0 ? COM_STMT_BULK_EXECUTE : COM_STMT_EXECUTE, request, request_len, 1, stmt); if (request) @@ -2548,7 +2558,7 @@ } if (stmt->mysql->status == MYSQL_STATUS_GET_RESULT) - stmt->mysql->status= MYSQL_STATUS_STMT_RESULT; + stmt->mysql->status= MYSQL_STATUS_STMT_RESULT; if (stmt->mysql->field_count) rc= madb_alloc_stmt_fields(stmt); @@ -2592,7 +2602,7 @@ (stmt->mysql->extension->mariadb_server_capabilities & (MARIADB_CLIENT_STMT_BULK_OPERATIONS >> 32))) || mysql->net.compress; - /* Server versions < 10.2 don't support execute_direct, so we need to + /* Server versions < 10.2 don't support execute_direct, so we need to emulate it */ if (emulate_cmd) { @@ -2687,7 +2697,7 @@ my_set_error(mysql, mysql_stmt_errno(stmt), mysql_stmt_sqlstate(stmt), mysql_stmt_error(stmt)); stmt->state= MYSQL_STMT_INITTED; - } + } return 1; } diff -Nru mariadb-11.8.6/libmariadb/libmariadb/secure/schannel.c mariadb-11.8.8/libmariadb/libmariadb/secure/schannel.c --- mariadb-11.8.6/libmariadb/libmariadb/secure/schannel.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/libmariadb/secure/schannel.c 2026-05-24 09:58:33.000000000 +0000 @@ -844,6 +844,11 @@ return 0; hash_ctx = ma_hash_new(hash_type); + if (!hash_ctx) + { + CertFreeCertificateContext(pRemoteCertContext); + return 0; + } ma_hash_input(hash_ctx, pRemoteCertContext->pbCertEncoded, pRemoteCertContext->cbCertEncoded); ma_hash_result(hash_ctx, (unsigned char *)fp); ma_hash_free(hash_ctx); diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/CMakeLists.txt mariadb-11.8.8/libmariadb/plugins/auth/CMakeLists.txt --- mariadb-11.8.6/libmariadb/plugins/auth/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -17,7 +17,7 @@ SET(PARSEC_EXTRA_LIBS ${NETTLE_LIBRARIES} ${HOGWEED_LIBRARIES}) ENDIF() ELSEIF(WITH_SSL STREQUAL "SCHANNEL") - ADD_DEFINITIONS(-DHAVE_WINCRYPT) + add_compile_definitions(HAVE_WINCRYPT) SET(CRYPT_SOURCE ${CC_SOURCE_DIR}/libmariadb/secure/win_crypt.c) SET(CRYPT_LIBS crypt32 bcrypt) ELSE() diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/ed25519.c mariadb-11.8.8/libmariadb/plugins/auth/ed25519.c --- mariadb-11.8.6/libmariadb/plugins/auth/ed25519.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/ed25519.c 2026-05-24 09:58:33.000000000 +0000 @@ -116,7 +116,8 @@ return CR_SERVER_HANDSHAKE_ERR; /* Sign nonce: the crypto_sign function is part of ref10 */ - ma_crypto_sign(signature, pk, packet, NONCE_BYTES, (unsigned char*)mysql->passwd, pwlen); + if (ma_crypto_sign(signature, pk, packet, NONCE_BYTES, (unsigned char*)mysql->passwd, pwlen)) + return CR_ERROR; /* send signature to server */ if (vio->write_packet(vio, signature, CRYPTO_BYTES)) @@ -138,7 +139,8 @@ *outlen= CRYPTO_PUBLICKEYBYTES; #ifndef HAVE_THREAD_LOCAL - crypto_sign_keypair(pk, (unsigned char*)mysql->passwd, strlen(mysql->passwd)); + if (crypto_sign_keypair(pk, (unsigned char*)mysql->passwd, strlen(mysql->passwd))) + return 1; #endif /* use the cached value */ diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/my_auth.c mariadb-11.8.8/libmariadb/plugins/auth/my_auth.c --- mariadb-11.8.6/libmariadb/plugins/auth/my_auth.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/my_auth.c 2026-05-24 09:58:33.000000000 +0000 @@ -136,7 +136,12 @@ { char scrambled[SCRAMBLE_LENGTH + 1]; memset(scrambled, 0, SCRAMBLE_LENGTH + 1); - ma_scramble_41((uchar *)scrambled, (char*)pkt, mysql->passwd); + if (ma_scramble_41((uchar *)scrambled, (char*)pkt, mysql->passwd)) + { + SET_CLIENT_ERROR(mysql, CR_AUTH_PLUGIN_ERR, SQLSTATE_UNKNOWN, + "SHA1 hash computation failed"); + return CR_ERROR; + } if (vio->write_packet(vio, (uchar*)scrambled, SCRAMBLE_LENGTH)) return CR_ERROR; } @@ -156,9 +161,11 @@ *out_length= MA_SHA1_HASH_SIZE; /* would it be better to reuse instead of recalculating here? see ed25519 */ - ma_hash(MA_HASH_SHA1, (unsigned char*)mysql->passwd, strlen(mysql->passwd), - digest); - ma_hash(MA_HASH_SHA1, digest, sizeof(digest), out); + if (ma_hash(MA_HASH_SHA1, (unsigned char*)mysql->passwd, strlen(mysql->passwd), + digest)) + return 1; + if (ma_hash(MA_HASH_SHA1, digest, sizeof(digest), out)) + return 1; return 0; } @@ -230,13 +237,19 @@ { if (mysql->client_flag & CLIENT_SECURE_CONNECTION) { - DBUG_ASSERT(data_len <= 255); - if (data_len > 255) + if (mysql->server_capabilities & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) + { + end= (char *)mysql_net_store_length((uchar *)end, data_len); + } + else { - my_set_error(mysql, CR_MALFORMED_PACKET, SQLSTATE_UNKNOWN, 0); - goto error; + if (data_len > 255) + { + my_set_error(mysql, CR_MALFORMED_PACKET, SQLSTATE_UNKNOWN, 0); + goto error; + } + *end++= data_len; } - *end++= data_len; } else { diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/parsec.c mariadb-11.8.8/libmariadb/plugins/auth/parsec.c --- mariadb-11.8.6/libmariadb/plugins/auth/parsec.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/parsec.c 2026-05-24 09:58:33.000000000 +0000 @@ -155,7 +155,10 @@ #elif defined(HAVE_SCHANNEL) unsigned char sig[ED25519_SIG_LENGTH + CHALLENGE_SCRAMBLE_LENGTH * 2]; - ma_crypto_sign((unsigned char *)sig, public_key, response, response_len, private_key, ED25519_KEY_LENGTH); + if (ma_crypto_sign((unsigned char *)sig, public_key, + response, response_len, + private_key, ED25519_KEY_LENGTH)) + return 1; memcpy(signature, sig, ED25519_SIG_LENGTH); #endif return 0; diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/ref10/keypair.c mariadb-11.8.8/libmariadb/plugins/auth/ref10/keypair.c --- mariadb-11.8.6/libmariadb/plugins/auth/ref10/keypair.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/ref10/keypair.c 2026-05-24 09:58:33.000000000 +0000 @@ -11,7 +11,8 @@ unsigned char az[64]; ge_p3 A; - crypto_hash_sha512(az,pw,pwlen); + if (crypto_hash_sha512(az,pw,pwlen)) + return -1; az[0] &= 248; az[31] &= 63; az[31] |= 64; diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/ref10/open.c mariadb-11.8.8/libmariadb/plugins/auth/ref10/open.c --- mariadb-11.8.6/libmariadb/plugins/auth/ref10/open.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/ref10/open.c 2026-05-24 09:58:33.000000000 +0000 @@ -23,7 +23,8 @@ memmove(scopy,sm + 32,32); memmove(sm + 32,pk,32); - crypto_hash_sha512(h,sm,smlen); + if (crypto_hash_sha512(h,sm,smlen)) + goto badsig; sc_reduce(h); ge_double_scalarmult_vartime(&R,h,&A,scopy); diff -Nru mariadb-11.8.6/libmariadb/plugins/auth/ref10/sign.c mariadb-11.8.8/libmariadb/plugins/auth/ref10/sign.c --- mariadb-11.8.6/libmariadb/plugins/auth/ref10/sign.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/auth/ref10/sign.c 2026-05-24 09:58:33.000000000 +0000 @@ -15,14 +15,16 @@ unsigned char hram[64]; ge_p3 A, R; - crypto_hash_sha512(az,pw,pwlen); + if (crypto_hash_sha512(az,pw,pwlen)) + return -1; az[0] &= 248; az[31] &= 63; az[31] |= 64; memmove(sm + 64,m,mlen); memmove(sm + 32,az + 32,32); - crypto_hash_sha512(nonce,sm + 32,mlen + 32); + if (crypto_hash_sha512(nonce,sm + 32,mlen + 32)) + return -1; ge_scalarmult_base(&A,az); ge_p3_tobytes(sm + 32,&A); @@ -32,7 +34,8 @@ ge_scalarmult_base(&R,nonce); ge_p3_tobytes(sm,&R); - crypto_hash_sha512(hram,sm,mlen + 64); + if (crypto_hash_sha512(hram,sm,mlen + 64)) + return -1; sc_reduce(hram); sc_muladd(sm + 32,hram,az,nonce); diff -Nru mariadb-11.8.6/libmariadb/plugins/io/CMakeLists.txt mariadb-11.8.8/libmariadb/plugins/io/CMakeLists.txt --- mariadb-11.8.6/libmariadb/plugins/io/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/plugins/io/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,8 +1,8 @@ IF (WITH_CURL) - INCLUDE(FindCURL) + FIND_PACKAGE(CURL) IF(CURL_FOUND) - ADD_DEFINITIONS(-DHAVE_REMOTEIO=1) + add_compile_definitions(HAVE_REMOTEIO=1) #remote io plugin REGISTER_PLUGIN(TARGET remote_io TYPE REMOTEIO diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/CMakeLists.txt mariadb-11.8.8/libmariadb/unittest/libmariadb/CMakeLists.txt --- mariadb-11.8.6/libmariadb/unittest/libmariadb/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,14 +1,14 @@ # Copyright (C) 2008 Sun Microsystems, Inc. -# +# # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA @@ -32,12 +32,12 @@ ${CC_BINARY_DIR}/include ${CC_SOURCE_DIR}/unittest/mytap ${CC_SOURCE_DIR}/unittest/libmariadb) -ADD_DEFINITIONS(-DLIBMARIADB) +add_compile_definitions(LIBMARIADB) -SET(API_TESTS "bulk1" "performance" "basic-t" "fetch" "charset" "logs" "cursor" "errors" "view" "ps" "ps_bugs" "sp" "result" "connection" "misc" "ps_new" "thread" "features-10_2") +SET(API_TESTS "bulk1" "performance" "basic-t" "fetch" "charset" "logs" "cursor" "errors" "view" "ps" "ps_bugs" "sp" "result" "connection" "misc" "ps_new" "thread" "features-10_2" "rpl_api") IF($ENV{TRAVIS}) - ADD_DEFINITIONS("-DHAVE_TRAVIS=1") + add_compile_definitions(HAVE_TRAVIS=1) ENDIF() IF(WITH_DYNCOL) @@ -49,7 +49,7 @@ ENDIF() #exclude following tests from ctests, since we need to run them manually with different credentials -SET(MANUAL_TESTS "t_conc173" "rpl_api" "conc336") +SET(MANUAL_TESTS "t_conc173" "conc336") # Get finger print from server certificate IF(WITH_SSL) IF(CERT_PATH AND NOT DEFINED ENV{TRAVIS}) @@ -57,7 +57,7 @@ IF(WIN32) STRING(REPLACE "\\" "\\\\" CERT_PATH ${CERT_PATH}) ENDIF() - ADD_DEFINITIONS(-DCERT_PATH="${CERT_PATH}") + add_compile_definitions(CERT_PATH="${CERT_PATH}") ENDIF() ENDIF() diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/async.c mariadb-11.8.8/libmariadb/unittest/libmariadb/async.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/async.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/async.c 2026-05-24 09:58:33.000000000 +0000 @@ -161,7 +161,8 @@ mysql_ssl_set(&mysql, NULL, NULL, NULL, NULL,NULL); /* Returns 0 when done, else flag for what to wait for when need to block. */ - status= mysql_real_connect_start(&ret, &mysql, hostname, username, password, schema, port, socketname, 0); + status= mysql_real_connect_start(&ret, &mysql, hostname, username, password, schema, + IS_MAXSCALE_ENV() ? ssl_port : port, socketname, 0); while (status) { status= wait_for_mysql(&mysql, status); diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/charset.c mariadb-11.8.8/libmariadb/unittest/libmariadb/charset.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/charset.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/charset.c 2026-05-24 09:58:33.000000000 +0000 @@ -43,14 +43,14 @@ int bug_8378(MYSQL *mysql) { int rc, len; - char out[9], buf[256]; + char out[128], buf[256]; MYSQL_RES *res; MYSQL_ROW row; /* MXS-4898: MaxScale sends utf8mb4 in handshake OK packet */ SKIP_MAXSCALE; - len= mysql_real_escape_string(mysql, out, TEST_BUG8378_IN, 4); + len= mysql_real_escape_string(mysql, out, TEST_BUG8378_IN, sizeof(TEST_BUG8378_IN)-1); FAIL_IF(memcmp(out, TEST_BUG8378_OUT, len), "wrong result"); sprintf(buf, "SELECT '%s' FROM DUAL", TEST_BUG8378_OUT); @@ -60,7 +60,46 @@ if ((res= mysql_store_result(mysql))) { row= mysql_fetch_row(res); - if (memcmp(row[0], TEST_BUG8378_IN, 4)) { + if (memcmp(row[0], TEST_BUG8378_IN, sizeof(TEST_BUG8378_IN)-1)) { + mysql_free_result(res); + return FAIL; + } + mysql_free_result(res); + } else + return FAIL; + + return OK; +} + +#define TEST_BUG8378a_IN "\xa1' + 10 -- " +#define TEST_BUG8378a_OUT "\\\xa1\\' + 10 -- " + +/* set connection options */ +struct my_option_st opt_bug8378a[] = { + {MYSQL_SET_CHARSET_NAME, (char *) "big5"}, + {0, NULL} +}; + +int bug_8378a(MYSQL *mysql) { + int rc, len; + char out[128], buf[256]; + MYSQL_RES *res; + MYSQL_ROW row; + + /* MXS-4898: MaxScale sends utf8mb4 in handshake OK packet */ + SKIP_MAXSCALE; + + len= mysql_real_escape_string(mysql, out, TEST_BUG8378a_IN, sizeof(TEST_BUG8378a_IN)-1); + FAIL_IF(memcmp(out, TEST_BUG8378a_OUT, len), "wrong result"); + + sprintf(buf, "SELECT '%s' FROM DUAL", out); + + rc= mysql_query(mysql, buf); + check_mysql_rc(rc, mysql); + + if ((res= mysql_store_result(mysql))) { + row= mysql_fetch_row(res); + if (memcmp(row[0], TEST_BUG8378a_IN, sizeof(TEST_BUG8378a_IN)-1)) { mysql_free_result(res); return FAIL; } @@ -884,6 +923,7 @@ {"test_conc223", test_conc223, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"charset_auto", charset_auto, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"bug_8378: mysql_real_escape with gbk", bug_8378, TEST_CONNECTION_NEW, 0, opt_bug8378, NULL}, + {"bug_8378a: mysql_real_escape with big5", bug_8378a, TEST_CONNECTION_NEW, 0, opt_bug8378a, NULL}, {"test_client_character_set", test_client_character_set, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"bug_10214: mysql_real_escape with NO_BACKSLASH_ESCAPES", bug_10214, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_escaping", test_escaping, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/connection.c mariadb-11.8.8/libmariadb/unittest/libmariadb/connection.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/connection.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/connection.c 2026-05-24 09:58:33.000000000 +0000 @@ -26,6 +26,12 @@ */ #include "my_test.h" +#ifdef _WIN32 +#include +#else +#include +#include +#endif static int test_conc66(MYSQL *my) { @@ -72,13 +78,13 @@ return FAIL; } diag("user: %s", mysql->options.user); - + sprintf(query, "DROP user 'conc66'@'%s'", this_host ? this_host : "localhost"); rc= mysql_query(my, query); check_mysql_rc(rc, my); mysql_close(mysql); - return OK; + return OK; } static int test_bug20023(MYSQL *mysql) @@ -463,9 +469,9 @@ static int test_bug33831(MYSQL *mysql) { FAIL_IF(my_test_connect(mysql, hostname, username, - password, schema, port, socketname, 0, 1), + password, schema, port, socketname, 0, 1), "Error expected"); - + return OK; } @@ -632,7 +638,7 @@ row= mysql_fetch_row(res); strcpy(tmp, row[0]); mysql_free_result(res); - + sscanf(tmp, "%d.%d.%d", &major, &minor, &patch); check_server_version= major * 10000 + minor * 100 + patch; @@ -644,7 +650,11 @@ int test_conc26(MYSQL *unused __attribute__((unused))) { - MYSQL *mysql= mysql_init(NULL); + MYSQL *mysql; + + SKIP_MAXSCALE; + + mysql= mysql_init(NULL); mysql_options(mysql, MYSQL_SET_CHARSET_NAME, "ascii"); FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, CLIENT_REMEMBER_OPTIONS, 1), @@ -654,7 +664,7 @@ mysql_close(mysql); mysql= mysql_init(NULL); - FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, 0, 1), + FAIL_IF(my_test_connect(mysql, hostname, "notexistinguser", "password", schema, port, socketname, 0, 1), "Error expected"); FAIL_IF(mysql->options.charset_name, "Error: options not freed"); mysql_close(mysql); @@ -796,7 +806,7 @@ diag("test doesn't work with unix sockets"); return SKIP; } - + mysql= mysql_init(NULL); mysql_options(mysql, MYSQL_OPT_BIND, bind_addr); @@ -866,7 +876,7 @@ MYSQL_OPT_PROTOCOL, MYSQL_OPT_READ_TIMEOUT, MYSQL_OPT_WRITE_TIMEOUT, 0}; my_bool options_bool[]= {MYSQL_OPT_RECONNECT, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_COMPRESS, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_SECURE_AUTH, -#ifdef _WIN32 +#ifdef _WIN32 MYSQL_OPT_NAMED_PIPE, #endif 0}; @@ -909,7 +919,7 @@ mysql_options(mysql, options_char[i], char1); char2= NULL; mysql_get_optionv(mysql, options_char[i], (void *)&char2); - if (options_char[i] != MYSQL_SET_CHARSET_NAME) + if (options_char[i] != MYSQL_SET_CHARSET_NAME) FAIL_IF(strcmp(char1, char2), "mysql_get_optionv (char) failed"); } @@ -1046,7 +1056,7 @@ rc= mysql_query(mysql, "CREATE TEMPORARY TABLE t1(a int) ENGINE=InnoDB"); check_mysql_rc(rc, mysql); rc= mysql_query(mysql, "COMMIT"); - + check_mysql_rc(rc, mysql); if (!mysql_session_track_get_first(mysql, SESSION_TRACK_TRANSACTION_STATE, &data, &len)) @@ -1124,7 +1134,7 @@ check_mysql_rc(rc, mysql); rc= mysql_query(mysql, "SELECT 1 FROM DUAL"); - FAIL_IF(!rc, "Error expected"); + FAIL_IF(!rc, "Error expected"); rc= mysql_reset_connection(mysql); check_mysql_rc(rc, mysql); @@ -1552,11 +1562,11 @@ fclose(fp2); } } - + FAIL_IF(failed_opening_files, "fopen failed"); fprintf(fp1, "!include %s\n", cnf_file2); - + fprintf(fp2, "[client]\ndefault-character-set = latin2\nreconnect= 1\n"); fclose(fp1); fclose(fp2); @@ -1592,7 +1602,7 @@ FAIL_IF(failed_opening_files, "fopen failed"); fprintf(fp2, "!includedir %s\n", env); - + fprintf(fp1, "[client]\ndefault-character-set = latin2\nreconnect= 1\n"); fclose(fp1); fclose(fp2); @@ -1613,6 +1623,102 @@ } #endif +static int test_conc396(MYSQL *unused __attribute__((unused))) +{ + MYSQL *mysql; + FILE *fp1, *fp2, *fp3; + char cnf_file1[FN_REFLEN + 10]; + char cnf_dir[FN_REFLEN + 10]; + char cnf_file2[FN_REFLEN + 30]; + char cnf_file3[FN_REFLEN + 30]; + char tmp_dir[FN_REFLEN + 1]; + const char *env = getenv("MYSQL_TMP_DIR"); + fp1 = fp2 = fp3 = NULL; + + + if (env) { + strncpy(tmp_dir, env, FN_REFLEN + 1); + } + else { +#ifdef _WIN32 + GetTempPath(FN_REFLEN + 1, tmp_dir); +#else + strncpy(tmp_dir, "/tmp", FN_REFLEN + 1); +#endif + } + + snprintf(cnf_file1, FN_REFLEN + 10, "%s%cfoo.cnf", tmp_dir, FN_LIBCHAR); + snprintf(cnf_dir, FN_REFLEN + 10, "%s%cconf.d", tmp_dir, FN_LIBCHAR); + snprintf(cnf_file2, FN_REFLEN + 30, "%s%cconfig_a.cnf", cnf_dir, FN_LIBCHAR); + snprintf(cnf_file3, FN_REFLEN + 30, "%s%cconfig_b.cnf", cnf_dir, FN_LIBCHAR); + + #ifdef _WIN32 + CreateDirectory(cnf_dir, NULL); + #else + mkdir(cnf_dir, 0777); + #endif + + mysql = mysql_init(NULL); + + fp1 = fopen(cnf_file1, "w"); + FAIL_IF(!fp1, "fopen"); + fprintf(fp1, "[client]\n!includedir %s\n", cnf_dir); + fclose(fp1); + + /* config_b is alphabetically later, so it should take precendence. */ + fp2 = fopen(cnf_file2, "w"); + FAIL_IF(!fp2, "fopen"); + fprintf(fp2, "[client]\ndefault-character-set = latin2\n"); + fclose(fp2); + + fp3 = fopen(cnf_file3, "w"); + FAIL_IF(!fp3, "fopen"); + fprintf(fp3, "[client]\ndefault-character-set = utf8mb3\n"); + fclose(fp3); + + mysql_options(mysql, MYSQL_READ_DEFAULT_FILE, cnf_file1); + my_test_connect(mysql, hostname, username, password, + schema, port, socketname, 0, 1); + + remove(cnf_file1); + remove(cnf_file2); + remove(cnf_file3); + + FAIL_IF(strcmp(mysql_character_set_name(mysql), "utf8mb3"), "expected charset utf8mb3"); + + mysql_close(mysql); + mysql = mysql_init(NULL); + + fp1 = fopen(cnf_file1, "w"); + FAIL_IF(!fp1, "fopen"); + fprintf(fp1, "[client]\n!includedir %s\n", cnf_dir); + fclose(fp1); + + fp2 = fopen(cnf_file2, "w"); + FAIL_IF(!fp2, "fopen"); + fprintf(fp2, "[client]\ndefault-character-set = utf8mb3\n"); + fclose(fp2); + + fp3 = fopen(cnf_file3, "w"); + FAIL_IF(!fp3, "fopen"); + fprintf(fp3, "[client]\ndefault-character-set = latin2\n"); + fclose(fp3); + + mysql_options(mysql, MYSQL_READ_DEFAULT_FILE, cnf_file1); + my_test_connect(mysql, hostname, username, password, + schema, port, socketname, 0, 1); + + remove(cnf_file1); + remove(cnf_file2); + remove(cnf_file3); + + FAIL_IF(strcmp(mysql_character_set_name(mysql), "latin2"), "expected charset latin2"); + + mysql_close(mysql); + + return OK; +} + static int test_conc332(MYSQL *unused __attribute__((unused))) { int rc; @@ -1706,7 +1812,7 @@ { diag("Error: %s", mysql_error(my)); diag("caching_sha256_password not supported"); - return SKIP; + return SKIP; } sprintf(query, "GRANT ALL ON %s.* TO 'foo'@'%s'", schema, this_host); @@ -1721,7 +1827,7 @@ } mysql_close(mysql); - + sprintf(query, "DROP USER 'foo'@'%s'", this_host); rc= mysql_query(my, query); check_mysql_rc(rc, mysql); @@ -1805,7 +1911,7 @@ diag("Server doesn't support session tracking (cap=%lu)", mysql->server_capabilities); return SKIP; } - + rc= mysql_query(mysql, "set session_track_state_change=1"); check_mysql_rc(rc, mysql); @@ -1814,7 +1920,7 @@ diag("session_track_get_first failed"); return FAIL; } - + FAIL_IF(len != 1, "Expected length 1"); return OK; } @@ -1897,7 +2003,7 @@ diag("Connection failed. Error: %s", mysql_error(mysql)); mysql_close(mysql); return FAIL; - + } mysql_close(mysql); return OK; @@ -2033,9 +2139,9 @@ int rc=OK; snprintf(conn_str, sizeof(conn_str)-1, "host=%s;user=%s;password={%s};port=%d;socket=%s;tls_fp=%s", - hostname ? hostname : "localhost", username ? username : "", - password ? password : "", - port, socketname ? socketname : "", + hostname ? hostname : "localhost", username ? username : "", + password ? password : "", + IS_MAXSCALE_ENV() ? ssl_port : port, socketname ? socketname : "", fingerprint[0] ? fingerprint : ""); /* SkySQL requires secure connection */ @@ -2064,13 +2170,16 @@ FILE *fp; int rc; char conn_str[1024]; + + SKIP_MAXSCALE; + mysql= mysql_init(NULL); if (!(fp= fopen("./conc274.cnf", "w"))) return FAIL; - sprintf(conn_str, "connection=host=%s;user=%s;password=%s;port=%d;ssl_enforce=1;socket=%s", - hostname ? hostname : "localhost", username ? username : "", + sprintf(conn_str, "connection=host=%s;user=%s;password={%s};port=%d;ssl_enforce=1;socket=%s", + hostname ? hostname : "localhost", username ? username : "", password ? password : "", ssl_port, socketname ? socketname : ""); fprintf(fp, "[client]\n"); @@ -2106,9 +2215,11 @@ int rc= OK; MYSQL *mysql= mysql_init(NULL); char tmp[1024]; + + SKIP_MAXSCALE; snprintf(tmp, sizeof(tmp) - 1, - "host=127.0.0.1:3300,%s;user=%s;password=%s;port=%d;socket=%s;tls_fp=%s", + "host=127.0.0.1:3300,%s;user=%s;password={%s};port=%d;socket=%s;tls_fp=%s", hostname ? hostname : "localhost", username ? username : "", password ? password : "", port, socketname ? socketname : "", fingerprint[0] ? fingerprint : ""); @@ -2136,7 +2247,7 @@ if (rc) return rc; - + mysql= mysql_init(NULL); mysql_options(mysql, MARIADB_OPT_HOST, tmp); if (!my_test_connect(mysql, NULL, username, @@ -2164,12 +2275,12 @@ if (IS_SKYSQL(hostname)) { snprintf(tmp, sizeof(tmp) - 1, - "host=127.0.0.1:3300,%s;user=%s;password=%s;port=%d;socket=%s;ssl_enforce=1;tls_fp=%s", + "host=127.0.0.1:3300,%s;user=%s;password={%s};port=%d;socket=%s;ssl_enforce=1;tls_fp=%s", hostname ? hostname : "localhost", username ? username : "", password ? password : "", ssl_port, socketname ? socketname : "", fingerprint[0] ? fingerprint : ""); } else { snprintf(tmp, sizeof(tmp) - 1, - "host=127.0.0.1:3300,%s;user=%s;password=%s;port=%d;socket=%s;tls_fp=%s", + "host=127.0.0.1:3300,%s;user=%s;password={%s};port=%d;socket=%s;tls_fp=%s", hostname ? hostname : "localhost", username ? username : "", password ? password : "", port, socketname ? socketname : "", fingerprint[0] ? fingerprint :""); } @@ -2365,6 +2476,9 @@ int rc; int verify= 0; MYSQL *mysql; + char query[1024]; + + SKIP_MAXSCALE; if (!is_mariadb) { @@ -2385,19 +2499,21 @@ diag("server doesn't support parsec plugin"); return SKIP; } - rc= mysql_query(my, "CREATE OR REPLACE USER test1@'%' IDENTIFIED VIA parsec using PASSWORD('123')"); + sprintf(query, "CREATE OR REPLACE USER test_parsec@'%s' IDENTIFIED VIA parsec using PASSWORD('MySuper_1Passw@ord')", this_host ? this_host : "localhost"); + rc= mysql_query(my, query); check_mysql_rc(rc, my); mysql= mysql_init(NULL); mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); - if (!my_test_connect(mysql, hostname, "test1", "123", NULL, port, socketname, 0, 0)) + if (!my_test_connect(mysql, hostname, "test_parsec", "MySuper_1Passw@ord", NULL, port, socketname, 0, 0)) { diag("Connection failed. Error: %s", mysql_error(mysql)); mysql_close(mysql); return FAIL; } - rc= mysql_query(my, "DROP USER test1@'%'"); + sprintf(query, "DROP USER test_parsec@'%s'", this_host ? this_host : "localhost"); + rc= mysql_query(my, query); check_mysql_rc(rc, my); rc= mysql_query(my, "UNINSTALL soname IF EXISTS 'auth_parsec'"); @@ -2627,6 +2743,7 @@ {"test_conc327", test_conc327, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc317", test_conc317, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, #endif + {"test_conc396", test_conc396, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc315", test_conc315, TEST_CONNECTION_NEW, 0, NULL, NULL}, {"test_expired_pw", test_expired_pw, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc276", test_conc276, TEST_CONNECTION_NONE, 0, NULL, NULL}, @@ -2648,9 +2765,9 @@ {"test_compress", test_compress, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_reconnect", test_reconnect, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc21", test_conc21, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, - {"test_conc26", test_conc26, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_conc26", test_conc26, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_connection_timeout", test_connection_timeout, TEST_CONNECTION_NONE, 0, NULL, NULL}, - {"test_connection_timeout2", test_connection_timeout2, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_connection_timeout2", test_connection_timeout2, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_connection_timeout3", test_connection_timeout3, TEST_CONNECTION_NONE, 0, NULL, NULL}, {"test_tls_timeout", test_tls_timeout, TEST_CONNECTION_NONE, 0, NULL, NULL}, {NULL, NULL, 0, 0, NULL, NULL} diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/misc.c mariadb-11.8.8/libmariadb/unittest/libmariadb/misc.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/misc.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/misc.c 2026-05-24 09:58:33.000000000 +0000 @@ -1682,6 +1682,8 @@ MYSQL_ROW row; int rc; + SKIP_MAXSCALE; + #ifdef HAVE_SCHANNEL diag("Test doesn't work with new Schannel TLSv1.3 implementation"); return SKIP; diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/my_test.h mariadb-11.8.8/libmariadb/unittest/libmariadb/my_test.h --- mariadb-11.8.6/libmariadb/unittest/libmariadb/my_test.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/my_test.h 2026-05-24 09:58:33.000000000 +0000 @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include @@ -84,9 +85,9 @@ MYSQL *mysql_default = NULL; /* default connection */ -#define IS_MAXSCALE_ENV()\ - (getenv("srv")!=NULL && (strcmp(getenv("srv"), "maxscale") == 0 ||\ - strcmp(getenv("srv"), "skysql-ha") == 0)) +#define IS_MAXSCALE_ENV() \ + ((getenv("srv") != NULL && strcmp(getenv("srv"), "maxscale") == 0) || \ + (getenv("MAXSCALE_TAG") != NULL && strlen(getenv("MAXSCALE_TAG")) > 0)) #define IS_MAXSCALE()\ ((mysql_default && strstr(mysql_get_server_info(mysql_default), "maxScale")) ||\ @@ -135,9 +136,9 @@ #define SKIP_TRAVIS()\ do {\ - if (getenv("TRAVIS"))\ + if (getenv("TRAVIS") || getenv("GITHUB_ACTIONS"))\ {\ - diag("Skip test on Travis CI");\ + diag("Skip test on Travis CI or GitHub Actions");\ return SKIP;\ }\ }while(0) @@ -282,7 +283,7 @@ enum enum_field_types type __attribute__((unused)), const char *table, const char *org_table, const char *db, - unsigned long length __attribute__((unused)), + unsigned long length __attribute__((unused)), const char *def __attribute__((unused)), const char *file __attribute__((unused)), int line __attribute__((unused))) @@ -370,7 +371,7 @@ { switch (optid) { case '?': - case 'I': + case 'I': my_print_help(test_options); exit(0); break; @@ -515,7 +516,7 @@ return FAIL; } -/* +/* * function *test_connect * * returns a new connection. This function will be called, if the test doesn't @@ -678,10 +679,10 @@ mysql_options(mysql, MARIADB_OPT_SSL_FP, fingerprint); } - if (IS_MAXSCALE_ENV()) + if (IS_MAXSCALE_ENV() && host && hostname && strcmp(host, hostname) == 0) { mysql_get_optionv(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); - if (force_tls || verify) + if (force_tls || verify || mysql->options.use_ssl) port= ssl_port; } @@ -717,7 +718,8 @@ mysql_options(mysql, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, &verify); mysql_ssl_set(mysql, NULL, NULL, NULL, NULL, NULL); - if (!mysql_real_connect(mysql, hostname, username, password, schema, port, socketname, 0)) + if (!mysql_real_connect(mysql, hostname, username, password, schema, + IS_MAXSCALE_ENV() ? ssl_port : port, socketname, 0)) { diag("Error: %s", mysql_error(mysql)); BAIL_OUT("Can't establish TLS connection to server."); diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/ps.c mariadb-11.8.8/libmariadb/unittest/libmariadb/ps.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/ps.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/ps.c 2026-05-24 09:58:33.000000000 +0000 @@ -80,7 +80,7 @@ rc= mysql_kill(mysql, mysql_thread_id(mysql)); rc= mysql_stmt_execute(stmt); - FAIL_IF(!rc, "Error expected"); + FAIL_IF(!rc, "Error expected"); mysql_stmt_close(stmt); mysql_close(mysql); @@ -959,7 +959,7 @@ mysql_stmt_close(stmt); /* run a direct query in the middle of a fetch */ - + strcpy(query, "SELECT * FROM test_open_direct"); stmt= mysql_stmt_init(mysql); FAIL_IF(!stmt, mysql_error(mysql)); @@ -1387,7 +1387,7 @@ error: rc= mysql_query(mysql, "DROP TABLE test_long_data_str"); check_mysql_rc(rc, mysql); - return FAIL; + return FAIL; } @@ -1633,7 +1633,7 @@ FAIL_IF(rowcount != 1, "rowcount != 1"); mysql_free_result(result); - + rc= mysql_query(mysql, "DROP TABLE IF EXISTS test_long_data_bin"); check_mysql_rc(rc, mysql); return OK; @@ -4092,7 +4092,7 @@ /* now we should be able to fetch the results again */ /* but mysql_stmt_fetch returns MYSQL_NO_DATA */ while(!(rc= mysql_stmt_fetch(stmt))); - + FAIL_UNLESS(rc == MYSQL_NO_DATA, "rc != MYSQL_NO_DATA"); stmt_text= "DROP TABLE t1"; @@ -4547,7 +4547,7 @@ FAIL_IF(!stmt, mysql_error(mysql)); rc= mysql_stmt_prepare(stmt, SL(query)); check_stmt_rc(rc, stmt); - + memset(my_bind, '\0', sizeof(my_bind)); my_bind[0].buffer_type= MYSQL_TYPE_STRING; @@ -4601,7 +4601,7 @@ if (verify_col_data(mysql, "test_piping", "name", "MySQL")) return FAIL; - /* ANSI mode spaces ... + /* ANSI mode spaces ... skip, if ignore_space was set */ query_int_variable(mysql, "@@sql_mode LIKE '%IGNORE_SPACE%'", &ignore_space); @@ -4948,7 +4948,7 @@ rc= mysql_query(mysql, "DROP TABLE t1"); - return OK; + return OK; } int test_notrunc(MYSQL *mysql) @@ -4970,7 +4970,7 @@ rc= mysql_stmt_prepare(stmt, SL(query)); check_stmt_rc(rc, stmt); - rc= mysql_stmt_execute(stmt); + rc= mysql_stmt_execute(stmt); check_stmt_rc(rc, stmt); strcpy(buffer, "bar"); @@ -5214,7 +5214,7 @@ fields_binary[i].length, fields_binary[i].max_length, fields_text[i].length, fields_text[i].max_length); error= 1; - goto end; + goto end; } } end: @@ -5257,6 +5257,83 @@ FAIL_IF(sql.str, "Expected empty SQL string"); FAIL_IF(sql.length, "Expected length=0"); + mysql_stmt_close(stmt); + return OK; +} + +static int test_conc812(MYSQL *mysql) +{ + MYSQL_STMT *stmt= mysql_stmt_init(mysql); + MYSQL_BIND bind[9]; + unsigned long length[9]; + uint8_t int8_val; + uint16_t int16_val; + uint32_t int32_val; + uint64_t int64_val; + float float_val; + double dbl_val; + char decimal_val[20]; + char str_val[20]; + int rc; + + rc= mysql_query(mysql, "CREATE TEMPORARY TABLE jj_test ( id BIGINT NOT NULL PRIMARY KEY , f_tinyint TINYINT , f_short SMALLINT , f_int INT , f_long BIGINT , f_float FLOAT , f_double DOUBLE , f_decimal DECIMAL(9,3) , f_varchar VARCHAR(20))"); + check_mysql_rc(rc, mysql); + + rc= mysql_query(mysql, "INSERT INTO jj_test VALUES ( 1, 1, 1, 1, 1, 1.1, 1.11, 1.111, '1.1111'), ( 2, 2, 2, 2, 2, 2.2, 2.22, 2.222, '2.2222'), ( 3, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL), ( 4, 4, 4, 4, 4, 4.4, 4.44, 4.444, '4.444'), ( 5, 5, 5, 5, 5, 5.5, 5.55, 5.555, '5.555')"); + check_mysql_rc(rc, mysql); + + + rc= mysql_stmt_prepare(stmt, SL("SELECT * FROM jj_test")); + check_stmt_rc(rc, stmt); + + rc= mysql_stmt_execute(stmt); + check_stmt_rc(rc, stmt); + + memset(bind, 0, sizeof(MYSQL_BIND) * 9); + + bind[0].buffer_type= MYSQL_TYPE_LONGLONG; + bind[0].buffer= &int64_val; + bind[0].length = &length[0]; + bind[1].buffer_type= MYSQL_TYPE_TINY; + bind[1].buffer= &int8_val; + bind[1].length = &length[1]; + bind[2].buffer_type= MYSQL_TYPE_SHORT; + bind[2].buffer= &int16_val; + bind[2].length = &length[2]; + bind[3].buffer_type= MYSQL_TYPE_LONG; + bind[3].buffer= &int32_val; + bind[3].length = &length[3]; + bind[4].buffer_type= MYSQL_TYPE_LONGLONG; + bind[4].buffer= &int64_val; + bind[4].length = &length[4]; + bind[5].buffer_type= MYSQL_TYPE_FLOAT; + bind[5].buffer= &float_val; + bind[5].length = &length[5]; + bind[6].buffer_type= MYSQL_TYPE_DOUBLE; + bind[6].buffer= &dbl_val; + bind[6].length = &length[6]; + bind[7].buffer_type= MYSQL_TYPE_NEWDECIMAL; + bind[7].buffer= decimal_val; + bind[7].buffer_length= 20; + bind[7].length = &length[7]; + bind[8].buffer_type= MYSQL_TYPE_STRING; + bind[8].buffer= str_val; + bind[8].buffer_length= 20; + bind[8].length = &length[8]; + + rc= mysql_stmt_bind_result(stmt, bind); + check_stmt_rc(rc, stmt); + + while (!mysql_stmt_fetch(stmt)) { + diag("checking"); + FAIL_IF(length[0] != sizeof(uint64_t), "Wrong length for int64"); + FAIL_IF(length[1] != sizeof(uint8_t), "Wrong length for int8"); + FAIL_IF(length[2] != sizeof(uint16_t), "Wrong length for int16"); + FAIL_IF(length[3] != sizeof(uint32_t), "Wrong length for int32"); + FAIL_IF(length[4] != sizeof(uint64_t), "Wrong length for int64"); + FAIL_IF(length[5] != sizeof(float), "Wrong length for float"); + FAIL_IF(length[6] != sizeof(double), "Wrong length for double"); + } mysql_stmt_close(stmt); return OK; @@ -5264,6 +5341,7 @@ struct my_tests_st my_tests[] = { {"test_conc691", test_conc691, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, + {"test_conc812", test_conc812, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc565", test_conc565, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_conc349", test_conc349, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, {"test_prepare_error", test_prepare_error, TEST_CONNECTION_NEW, 0, NULL, NULL}, @@ -5309,7 +5387,7 @@ {"test_insert_select", test_insert_select, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, {"test_insert", test_insert, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, {"test_join", test_join, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, - {"test_left_join_view", test_left_join_view, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, + {"test_left_join_view", test_left_join_view, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, {"test_manual_sample", test_manual_sample, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, {"test_create_drop", test_create_drop, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, {"test_date", test_date, TEST_CONNECTION_DEFAULT, 0, NULL , NULL}, diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/ps_bugs.c mariadb-11.8.8/libmariadb/unittest/libmariadb/ps_bugs.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/ps_bugs.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/ps_bugs.c 2026-05-24 09:58:33.000000000 +0000 @@ -4851,7 +4851,7 @@ {0,0,0, 0,0,0, 0,0, MYSQL_TIMESTAMP_ERROR} }, - {"SELECT '10:15:00'", + {"SELECT '10:15:00'", {0,0,0, 10,15,0, 0,0, MYSQL_TIMESTAMP_TIME} }, {"SELECT '10:15:01'", @@ -4875,7 +4875,7 @@ {"SELECT '-838:59:59'", {0,0,0, 838,59,59, 0, 1, MYSQL_TIMESTAMP_TIME}, }, - + {"SELECT '00:60:00'", {0,0,0, 0,0,0, 0,0, MYSQL_TIMESTAMP_ERROR}, }, @@ -4891,7 +4891,7 @@ {"SELECT '1999-12-31 23:59:59.9999999'", {1999,12,31, 23,59,59, 999999, 0, MYSQL_TIMESTAMP_DATETIME}, }, - {"SELECT '00-08-11 8:46:40'", + {"SELECT '00-08-11 8:46:40'", {2000,8,11, 8,46,40, 0,0, MYSQL_TIMESTAMP_DATETIME}, }, {"SELECT '1999-12-31 25:59:59.999999'", @@ -4972,7 +4972,7 @@ rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); check_mysql_rc(rc, mysql); - + rc= mysql_query(mysql, "CREATE TABLE t1 (a int, b int)"); check_mysql_rc(rc, mysql); rc= mysql_query(mysql, "INSERT INTO t1 VALUES (1,1), (2,2),(3,3),(4,4),(5,5)"); @@ -5256,7 +5256,7 @@ mysql_stmt_close(stmt); - return OK; + return OK; } static int test_returning(MYSQL *mysql) @@ -5717,7 +5717,7 @@ { diag("Error: expected stmt_id=-1"); goto end; - } + } if (!(my= test_connect(NULL))) { @@ -5752,7 +5752,7 @@ { diag("Error: no stmt_id assigned"); goto end; - } + } rc= mysql_query(my, "UNLOCK TABLES"); check_mysql_rc(rc, mysql); @@ -5861,7 +5861,7 @@ rc= mysql_stmt_execute(stmt); check_stmt_rc(rc, stmt); - + mysql_stmt_store_result(stmt); check_stmt_rc(rc, stmt); @@ -6013,7 +6013,7 @@ my_bool is_null[2]= {1,1}; unsigned long length[2]= {1,1}; - rc= mysql_stmt_prepare(stmt, SL("SELECT NULL, 'foo'")); + rc= mysql_stmt_prepare(stmt, SL("SELECT NULL, 'foo' union select 'bar', NULL union select NULL, 'foobar'")); check_stmt_rc(rc, stmt); memset(&bind, 0, sizeof(MYSQL_BIND) * 2); @@ -6031,15 +6031,39 @@ rc= mysql_stmt_bind_result(stmt, bind); + mysql_stmt_fetch(stmt); FAIL_IF(is_null[0]==0, "Expected NULL value"); FAIL_IF(is_null[1]==1, "Expected non-NULL value"); FAIL_IF(length[0]!=0, "Expected length=0"); FAIL_IF(length[1]!=3, "Expected length=3"); -// FAIL_IF(length[0] != 0, "Expected length=0"); - -//FAIL_IF(length[1] != 3, "Expected length=3)"; + mysql_stmt_fetch(stmt); + FAIL_IF(is_null[1]==0, "Expected NULL value"); + FAIL_IF(is_null[0]==1, "Expected non-NULL value"); + FAIL_IF(length[1]!=0, "Expected length=0"); + FAIL_IF(length[0]!=3, "Expected length=3"); + + mysql_stmt_fetch(stmt); + FAIL_IF(is_null[0]==0, "Expected NULL value"); + FAIL_IF(is_null[1]==1, "Expected non-NULL value"); + FAIL_IF(length[0]!=0, "Expected length=0"); + FAIL_IF(length[1]!=6, "Expected length=3"); + + /* Also check with MYSQL_TYPE_NULL */ + length[0]= 3; + + rc= mysql_stmt_prepare(stmt, SL("SELECT NULL")); + check_stmt_rc(rc, stmt); + + rc= mysql_stmt_execute(stmt); + check_stmt_rc(rc, stmt); + + rc= mysql_stmt_bind_result(stmt, bind); + check_stmt_rc(rc, stmt); + + mysql_stmt_fetch(stmt); + FAIL_IF(length[0]!=0, "Expected length=0"); mysql_stmt_close(stmt); return OK; diff -Nru mariadb-11.8.6/libmariadb/unittest/libmariadb/rpl_api.c mariadb-11.8.8/libmariadb/unittest/libmariadb/rpl_api.c --- mariadb-11.8.6/libmariadb/unittest/libmariadb/rpl_api.c 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/libmariadb/unittest/libmariadb/rpl_api.c 2026-05-24 09:58:33.000000000 +0000 @@ -28,14 +28,51 @@ #include "my_test.h" #include "mariadb_rpl.h" -static int test_rpl_async(MYSQL *my __attribute__((unused))) +static uint8_t binlog_disabled= 0; + +static int test_binlog_available(MYSQL *mysql) { - MYSQL *mysql= mysql_init(NULL); + int rc; + MYSQL_RES *result; + MYSQL_ROW row; + + rc= mysql_query(mysql, "SELECT @@log_bin"); + check_mysql_rc(rc, mysql); + + result= mysql_store_result(mysql); + row= mysql_fetch_row(result); + if (!atoi(row[0])) + binlog_disabled= 1; + mysql_free_result(result); + + return OK; +} + +static uint32_t get_binlog_position(MYSQL *mysql, char *filename) +{ + int rc; MYSQL_RES *result; MYSQL_ROW row; + uint32_t pos= 0; + + + rc= mysql_query(mysql, "SHOW MASTER STATUS"); + check_mysql_rc(rc, mysql); + + result= mysql_store_result(mysql); + row= mysql_fetch_row(result); + strcpy(filename, row[0]); + pos= atoi(row[1]); + mysql_free_result(result); + + return pos; +} + +static int test_rpl_async(MYSQL *my __attribute__((unused))) +{ + MYSQL *mysql; MARIADB_RPL_EVENT *event= NULL; MARIADB_RPL *rpl; - int rc; SKIP_SKYSQL; SKIP_MAXSCALE; @@ -43,6 +80,13 @@ if (!is_mariadb) return SKIP; + if (binlog_disabled) + { + diag("binary log disabled"); + return SKIP; + } + + mysql = mysql_init(NULL); if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -51,28 +95,11 @@ return FAIL; } - rc= mysql_query(mysql, "SELECT @@log_bin"); - check_mysql_rc(rc, mysql); - - result= mysql_store_result(mysql); - row= mysql_fetch_row(result); - if (!atoi(row[0])) - rc= SKIP; - mysql_free_result(result); - - if (rc == SKIP) - { - diag("binary log disabled -> skip"); - mysql_close(mysql); - return SKIP; - } - rpl = mariadb_rpl_init(mysql); mysql_query(mysql, "SET @mariadb_slave_capability=4"); mysql_query(mysql, "SET NAMES latin1"); mysql_query(mysql, "SET @slave_gtid_strict_mode=1"); - mysql_query(mysql, "SET @master_heartbeat_period=10"); mysql_query(mysql, "SET @slave_gtid_ignore_duplicates=1"); mysql_query(mysql, "SET NAMES utf8"); mysql_query(mysql, "SET @master_binlog_checksum= @@global.binlog_checksum"); @@ -83,9 +110,7 @@ if (mariadb_rpl_open(rpl)) return FAIL; - while((event= mariadb_rpl_fetch(rpl, event)) && event->event_type != HEARTBEAT_LOG_EVENT) - { - } + event= mariadb_rpl_fetch(rpl, NULL); mariadb_free_rpl_event(event); mariadb_rpl_close(rpl); mysql_close(mysql); @@ -94,12 +119,9 @@ static int test_rpl_semisync(MYSQL *my __attribute__((unused))) { - MYSQL *mysql= mysql_init(NULL); - MYSQL_RES *result; - MYSQL_ROW row; + MYSQL *mysql; MARIADB_RPL_EVENT *event= NULL; MARIADB_RPL *rpl; - int rc; SKIP_SKYSQL; SKIP_MAXSCALE; @@ -107,6 +129,13 @@ if (!is_mariadb) return SKIP; + if (binlog_disabled) + { + diag("binary log disabled"); + return SKIP; + } + + mysql= mysql_init(NULL); if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -115,22 +144,6 @@ return FAIL; } - rc= mysql_query(mysql, "SELECT @@log_bin"); - check_mysql_rc(rc, mysql); - - result= mysql_store_result(mysql); - row= mysql_fetch_row(result); - if (!atoi(row[0])) - rc= SKIP; - mysql_free_result(result); - - if (rc == SKIP) - { - diag("binary log disabled -> skip"); - mysql_close(mysql); - return SKIP; - } - rpl = mariadb_rpl_init(mysql); mariadb_rpl_optionsv(rpl, MARIADB_RPL_HOST, "foo"); @@ -139,7 +152,6 @@ mysql_query(mysql, "SET NAMES latin1"); mysql_query(mysql, "SET @slave_gtid_strict_mode=1"); mysql_query(mysql, "SET @slave_gtid_ignore_duplicates=1"); - mysql_query(mysql, "SET @master_heartbeat_period=10"); mysql_query(mysql, "SET NAMES utf8"); mysql_query(mysql, "SET @master_binlog_checksum= @@global.binlog_checksum"); rpl->server_id= 12; @@ -159,9 +171,8 @@ if (mariadb_rpl_open(rpl)) return FAIL; - while((event= mariadb_rpl_fetch(rpl, event)) && event->event_type != HEARTBEAT_LOG_EVENT) - { - } + event= mariadb_rpl_fetch(rpl, event); + mariadb_free_rpl_event(event); mariadb_rpl_close(rpl); mysql_close(mysql); @@ -170,9 +181,7 @@ static int test_conc467(MYSQL *my __attribute__((unused))) { - MYSQL *mysql= mysql_init(NULL); - MYSQL_RES *result; - MYSQL_ROW row; + MYSQL *mysql; MARIADB_RPL_EVENT *event= NULL; MARIADB_RPL *rpl; int rc; @@ -183,6 +192,13 @@ if (!is_mariadb) return SKIP; + if (binlog_disabled) + { + diag("binary log disabled"); + return SKIP; + } + + mysql= mysql_init(NULL); if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -191,22 +207,6 @@ return FAIL; } - rc= mysql_query(mysql, "SELECT @@log_bin"); - check_mysql_rc(rc, mysql); - - result= mysql_store_result(mysql); - row= mysql_fetch_row(result); - if (!atoi(row[0])) - rc= SKIP; - mysql_free_result(result); - - if (rc == SKIP) - { - diag("binary log disabled -> skip"); - mysql_close(mysql); - return SKIP; - } - /* Force to create a log rotate event */ rc= mysql_query(mysql, "FLUSH logs"); check_mysql_rc(rc, mysql); @@ -248,16 +248,12 @@ static int test_conc592(MYSQL *my __attribute__((unused))) { MARIADB_RPL *rpl; - MYSQL *mysql= mysql_init(NULL); - MYSQL *mysql_check= mysql_init(NULL); + MYSQL *mysql, *mysql_check; const char *host= "myhost"; MYSQL_RES *result; MYSQL_ROW row; int rc; int found= 0; - - - mysql_optionsv(mysql, MARIADB_OPT_RPL_REGISTER_REPLICA, host, 123); SKIP_SKYSQL; SKIP_MAXSCALE; @@ -265,6 +261,15 @@ if (!is_mariadb) return SKIP; + if (binlog_disabled) + { + diag("binary log disabled"); + return SKIP; + } + + mysql= mysql_init(NULL); + mysql_optionsv(mysql, MARIADB_OPT_RPL_REGISTER_REPLICA, host, 123); + if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -273,6 +278,8 @@ return FAIL; } + mysql_check= mysql_init(NULL); + if (!my_test_connect(mysql_check, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -281,22 +288,6 @@ return FAIL; } - rc= mysql_query(mysql, "SELECT @@log_bin"); - check_mysql_rc(rc, mysql); - - result= mysql_store_result(mysql); - row= mysql_fetch_row(result); - if (!atoi(row[0])) - rc= SKIP; - mysql_free_result(result); - - if (rc == SKIP) - { - diag("binary log disabled -> skip"); - mysql_close(mysql); - return SKIP; - } - rpl = mariadb_rpl_init(mysql); mysql_query(mysql, "SET @mariadb_slave_capability=4"); @@ -323,6 +314,7 @@ found= 1; mysql_free_result(result); + mariadb_rpl_close(rpl); mysql_close(mysql); mysql_close(mysql_check); @@ -331,18 +323,23 @@ diag("Host '%s' not found in replica list", host); return FAIL; } - + return OK; } -static int test_conc689(MYSQL *my __attribute__((unused))) +static int test_conc815(MYSQL *my __attribute__((unused))) { - MYSQL *mysql= mysql_init(NULL); + MYSQL *mysql; MYSQL_RES *result; MYSQL_ROW row; - MARIADB_RPL_EVENT *event= NULL; + MARIADB_RPL_EVENT *event= NULL, + *table_map_event= NULL; MARIADB_RPL *rpl; + MARIADB_TIMESTAMP ts[2] = {0}; + char binlog_file[128]; + uint32_t binlog_pos; int rc; + int ret = FAIL; SKIP_SKYSQL; SKIP_MAXSCALE; @@ -350,6 +347,13 @@ if (!is_mariadb) return SKIP; + if (binlog_disabled) + { + diag("binary log disabled"); + return SKIP; + } + + mysql= mysql_init(NULL); if (!my_test_connect(mysql, hostname, username, password, schema, port, socketname, 0, 1)) { @@ -358,28 +362,11 @@ return FAIL; } - rc= mysql_query(mysql, "SELECT @@log_bin"); - check_mysql_rc(rc, mysql); - - result= mysql_store_result(mysql); - row= mysql_fetch_row(result); - if (!atoi(row[0])) - rc= SKIP; - mysql_free_result(result); - - if (rc == SKIP) - { - diag("binary log disabled -> skip"); - mysql_close(mysql); - return SKIP; - } - rpl = mariadb_rpl_init(mysql); mysql_query(mysql, "SET @mariadb_slave_capability=4"); mysql_query(mysql, "SET NAMES latin1"); mysql_query(mysql, "SET @slave_gtid_strict_mode=1"); - mysql_query(mysql, "SET @master_heartbeat_period=10"); mysql_query(mysql, "SET @slave_gtid_ignore_duplicates=1"); mysql_query(mysql, "SET NAMES utf8"); mysql_query(mysql, "SET @master_binlog_checksum= @@global.binlog_checksum"); @@ -387,26 +374,86 @@ rpl->start_position= 4; rpl->flags= MARIADB_RPL_BINLOG_SEND_ANNOTATE_ROWS; + binlog_pos= get_binlog_position(mysql, binlog_file); + diag("binlog_file: %s", binlog_file); + + mariadb_rpl_optionsv(rpl, MARIADB_RPL_FILENAME, binlog_file, strlen(binlog_file)); + mariadb_rpl_optionsv(rpl, MARIADB_RPL_START, binlog_pos); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + check_mysql_rc(rc, mysql); + + rc= mysql_query(mysql, "CREATE TABLE t1 (a timestamp, b timestamp(6))"); + check_mysql_rc(rc, mysql); + + rc= mysql_query(mysql, "INSERT INTO t1 VALUES(now(), now(6))"); + check_mysql_rc(rc, mysql); + + rc= mysql_query(mysql, "SELECT unix_timestamp(a), FLOOR(UNIX_TIMESTAMP(b)) AS seconds, CAST((UNIX_TIMESTAMP(b) % 1) * 1000000 AS UNSIGNED) AS second_part FROM t1"); + if ((result = mysql_store_result(mysql))) { + row= mysql_fetch_row(result); + ts[0].second= atoi(row[0]); + ts[1].second= atoi(row[1]); + ts[1].second_part = atoi(row[2]); + mysql_free_result(result); + } + if (mariadb_rpl_open(rpl)) return FAIL; - while((event= mariadb_rpl_fetch(rpl, event)) && event->event_type != HEARTBEAT_LOG_EVENT) + /* process all events */ + while((event= mariadb_rpl_fetch(rpl, NULL))) { + if (event->event_type == TABLE_MAP_EVENT) { + if (table_map_event) + mariadb_free_rpl_event(table_map_event); + table_map_event= event; + continue; + } + + if (event->event_type == WRITE_ROWS_EVENT_V1) { + if (table_map_event) { + MARIADB_RPL_ROW *rpl_row; + + if (!(rpl_row= mariadb_rpl_extract_rows(rpl, table_map_event, event))) { + goto end; + } + if (rpl_row->columns[0].val.ts.second == ts[0].second && + rpl_row->columns[0].val.ts.second_part == 0 && + rpl_row->columns[1].val.ts.second == ts[1].second && + rpl_row->columns[1].val.ts.second_part == ts[1].second_part) { + ret= OK; + } else { + diag("Error: Wrong timestamp values"); + } + goto end; + } + goto end; + } else { + mariadb_free_rpl_event(event); + event = NULL; + } } - FAIL_IF(event->event.heartbeat.filename.length == 0, "Invalid filename"); - mariadb_free_rpl_event(event); + ret = OK; +end: + if (event) + mariadb_free_rpl_event(event); + if (table_map_event) + mariadb_free_rpl_event(table_map_event); mariadb_rpl_close(rpl); mysql_close(mysql); - return OK; + return ret; } - struct my_tests_st my_tests[] = { - {"test_conc689", test_conc689, TEST_CONNECTION_NEW, 0, NULL, NULL}, - {"test_conc592", test_conc592, TEST_CONNECTION_NEW, 0, NULL, NULL}, - {"test_rpl_async", test_rpl_async, TEST_CONNECTION_NEW, 0, NULL, NULL}, - {"test_rpl_semisync", test_rpl_semisync, TEST_CONNECTION_NEW, 0, NULL, NULL}, - {"test_conc467", test_conc467, TEST_CONNECTION_NEW, 0, NULL, NULL}, + /* His test needs to be run first */ + {"test_binlog_available", test_binlog_available, TEST_CONNECTION_DEFAULT, 0, NULL, NULL}, + + {"test_rpl_async", test_rpl_async, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_rpl_semisync", test_rpl_semisync, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_conc815", test_conc815, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_conc592", test_conc592, TEST_CONNECTION_NONE, 0, NULL, NULL}, + {"test_conc467", test_conc467, TEST_CONNECTION_NONE, 0, NULL, NULL}, {NULL, NULL, 0, 0, NULL, NULL} }; diff -Nru mariadb-11.8.6/libmysqld/CMakeLists.txt mariadb-11.8.8/libmysqld/CMakeLists.txt --- mariadb-11.8.6/libmysqld/CMakeLists.txt 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/libmysqld/CMakeLists.txt 2026-05-24 09:58:30.000000000 +0000 @@ -170,7 +170,7 @@ IF(TARGET libfmt) ADD_DEPENDENCIES(sql_embedded libfmt) ENDIF() -TARGET_LINK_LIBRARIES(sql_embedded LINK_PRIVATE tpool ${CRC32_LIBRARY}) +TARGET_LINK_LIBRARIES(sql_embedded LINK_PRIVATE tpool ${CRC32_LIBRARY} pcre2-8) # On Windows, static embedded server library is called mysqlserver.lib # On Unix, it is libmysqld.a diff -Nru mariadb-11.8.6/libmysqld/libmysql.c mariadb-11.8.8/libmysqld/libmysql.c --- mariadb-11.8.6/libmysqld/libmysql.c 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/libmysqld/libmysql.c 2026-05-24 09:58:30.000000000 +0000 @@ -4503,13 +4503,11 @@ max_length */ MYSQL_BIND *my_bind, *end; - MYSQL_FIELD *field; bzero((char*) stmt->bind, sizeof(*stmt->bind)* stmt->field_count); - for (my_bind= stmt->bind, end= my_bind + stmt->field_count, - field= stmt->fields; + for (my_bind= stmt->bind, end= my_bind + stmt->field_count; my_bind < end ; - my_bind++, field++) + my_bind++) { my_bind->buffer_type= MYSQL_TYPE_NULL; my_bind->buffer_length=1; diff -Nru mariadb-11.8.6/mariadb-plugin-columnstore.install.generated mariadb-11.8.8/mariadb-plugin-columnstore.install.generated --- mariadb-11.8.6/mariadb-plugin-columnstore.install.generated 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mariadb-plugin-columnstore.install.generated 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -#File is generated by ColumnstoreLibrary.cmake, do not edit diff -Nru mariadb-11.8.6/mysql-test/CMakeLists.txt mariadb-11.8.8/mysql-test/CMakeLists.txt --- mariadb-11.8.6/mysql-test/CMakeLists.txt 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/CMakeLists.txt 2026-05-24 09:58:30.000000000 +0000 @@ -16,6 +16,11 @@ INSTALL_MYSQL_TEST("." "") +IF (NOT CMAKE_REAL_SOURCE_DIR) + get_filename_component(CMAKE_REAL_SOURCE_DIR "${CMAKE_SOURCE_DIR}" REALPATH) + get_filename_component(CMAKE_REAL_BINARY_DIR "${CMAKE_BINARY_DIR}" REALPATH) +ENDIF() + IF(NOT ${CMAKE_SOURCE_DIR} STREQUAL ${CMAKE_BINARY_DIR}) # Enable running mtr from build directory CONFIGURE_FILE( diff -Nru mariadb-11.8.6/mysql-test/include/varchar.inc mariadb-11.8.8/mysql-test/include/varchar.inc --- mariadb-11.8.6/mysql-test/include/varchar.inc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/include/varchar.inc 2026-05-24 09:58:30.000000000 +0000 @@ -86,11 +86,8 @@ --replace_column 9 # explain select count(*) from t1 where v between 'a' and 'a ' and v between 'a ' and 'b\n'; -# Which duplicate entry triggers error is not deterministic. ---replace_regex /Duplicate entry '[^']+' for key/Duplicate entry '{ ' for key/ --error ER_DUP_ENTRY alter table t1 add unique(v); -show warnings; alter table t1 add key(v); select concat('*',v,'*',c,'*',t,'*') as qq from t1 where v='a'; --replace_column 6 # 9 # 10 # diff -Nru mariadb-11.8.6/mysql-test/lib/My/SafeProcess/safe_process.cc mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process.cc --- mariadb-11.8.6/mysql-test/lib/My/SafeProcess/safe_process.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process.cc 2026-05-24 09:58:30.000000000 +0000 @@ -237,7 +237,8 @@ sigaction(SIGCHLD, &sa,NULL); sigaction(SIGABRT, &sa_abort,NULL); - sprintf(safe_process_name, "safe_process[%ld]", (long) own_pid); + snprintf(safe_process_name, sizeof(safe_process_name), + "safe_process[%ld]", (long) own_pid); message("Started"); diff -Nru mariadb-11.8.6/mysql-test/lib/My/SafeProcess/safe_process_win.cc mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process_win.cc --- mariadb-11.8.6/mysql-test/lib/My/SafeProcess/safe_process_win.cc 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/lib/My/SafeProcess/safe_process_win.cc 2026-05-24 09:58:30.000000000 +0000 @@ -181,7 +181,7 @@ PROCESS_INFORMATION process_info= {0}; BOOL nocore= FALSE; - sprintf(safe_process_name, "safe_process[%lu]", pid); + snprintf(safe_process_name, sizeof(safe_process_name), "safe_process[%lu]", pid); /* Create an event for the signal handler */ if ((shutdown_event= diff -Nru mariadb-11.8.6/mysql-test/lib/generate-ssl-certs.sh mariadb-11.8.8/mysql-test/lib/generate-ssl-certs.sh --- mariadb-11.8.6/mysql-test/lib/generate-ssl-certs.sh 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/lib/generate-ssl-certs.sh 2026-05-24 09:58:30.000000000 +0000 @@ -27,8 +27,8 @@ # sign the server certificate with CA certificate openssl ca -keyfile cakey.pem -days 7300 -batch -cert cacert.pem -policy policy_anything -out server-cert.pem -in demoCA/server-req.pem -# server certificate with different validity period (MDEV-16266) -openssl req -newkey rsa:4096 -keyout server-new-key.pem -out demoCA/server-new-req.pem -days 7301 -nodes -subj '/CN=server-new/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' +# server certificate with different validity period (MDEV-16266) and unsafe for shell interpolation (MDEV-39413) +openssl req -newkey rsa:4096 -keyout server-new-key.pem -out demoCA/server-new-req.pem -days 7301 -nodes -subj /CN="'\`touch A\`'"'-"`touch B`"/C=FI/ST=Helsinki/L=Helsinki/O=MariaDB' openssl rsa -in server-new-key.pem -out server-new-key.pem openssl ca -keyfile cakey.pem -days 7301 -batch -cert cacert.pem -policy policy_anything -out server-new-cert.pem -in demoCA/server-new-req.pem diff -Nru mariadb-11.8.6/mysql-test/lib/mtr_cases.pm mariadb-11.8.8/mysql-test/lib/mtr_cases.pm --- mariadb-11.8.6/mysql-test/lib/mtr_cases.pm 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/lib/mtr_cases.pm 2026-05-24 09:58:30.000000000 +0000 @@ -1116,7 +1116,7 @@ $file_to_tags{$file}= $tags; $file_to_master_opts{$file}= $master_opts; $file_to_slave_opts{$file}= $slave_opts; - $file_combinations{$file}= [ ::uniq(@combinations) ]; + $file_combinations{$file}= [ sort ::uniq(@combinations) ]; $file_in_overlay{$file} = 1 if $in_overlay; return @{$tags}; diff -Nru mariadb-11.8.6/mysql-test/main/alter_table.result mariadb-11.8.8/mysql-test/main/alter_table.result --- mariadb-11.8.6/mysql-test/main/alter_table.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/alter_table.result 2026-05-24 09:58:30.000000000 +0000 @@ -3099,6 +3099,29 @@ ERROR 42000: Can't DROP COLUMN `t2_id`; check that it exists drop table t1, t2; # +# MDEV-34951: InnoDB index corruption when renaming key name with same letter to upper case. +# +CREATE TABLE t (a INT, b INT, KEY(a), KEY(b)) ENGINE=INNODB; +ALTER TABLE t RENAME KEY b TO B; +SELECT * FROM t; +a b +DROP TABLE t; +CREATE TABLE t (c INT UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c TO C; +SELECT * FROM t; +c +DROP TABLE t; +CREATE TABLE t (c POINT GENERATED ALWAYS AS (POINT(1,1)) UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c to C; +INSERT INTO t VALUES (1); +ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field +DROP TABLE t; +CREATE TABLE t (c POINT GENERATED ALWAYS AS (POINT(1,1)) UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c to C; +INSERT INTO t VALUES (1,1); +ERROR 21S01: Column count doesn't match value count at row 1 +DROP TABLE t; +# # MDEV-29001 DROP DEFAULT makes SHOW CREATE non-idempotent # SET @save_sql_mode=@@sql_mode; diff -Nru mariadb-11.8.6/mysql-test/main/alter_table.test mariadb-11.8.8/mysql-test/main/alter_table.test --- mariadb-11.8.6/mysql-test/main/alter_table.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/alter_table.test 2026-05-24 09:58:30.000000000 +0000 @@ -2404,6 +2404,32 @@ drop table t1, t2; --echo # +--echo # MDEV-34951: InnoDB index corruption when renaming key name with same letter to upper case. +--echo # + +CREATE TABLE t (a INT, b INT, KEY(a), KEY(b)) ENGINE=INNODB; +ALTER TABLE t RENAME KEY b TO B; +SELECT * FROM t; +DROP TABLE t; + +CREATE TABLE t (c INT UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c TO C; +SELECT * FROM t; +DROP TABLE t; + +CREATE TABLE t (c POINT GENERATED ALWAYS AS (POINT(1,1)) UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c to C; +--error ER_CANT_CREATE_GEOMETRY_OBJECT +INSERT INTO t VALUES (1); +DROP TABLE t; + +CREATE TABLE t (c POINT GENERATED ALWAYS AS (POINT(1,1)) UNIQUE) ENGINE=InnoDB; +ALTER TABLE t RENAME KEY c to C; +--error ER_WRONG_VALUE_COUNT_ON_ROW +INSERT INTO t VALUES (1,1); +DROP TABLE t; + +--echo # --echo # MDEV-29001 DROP DEFAULT makes SHOW CREATE non-idempotent --echo # SET @save_sql_mode=@@sql_mode; diff -Nru mariadb-11.8.6/mysql-test/main/alter_table_errors.result mariadb-11.8.8/mysql-test/main/alter_table_errors.result --- mariadb-11.8.6/mysql-test/main/alter_table_errors.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/alter_table_errors.result 2026-05-24 09:58:30.000000000 +0000 @@ -41,3 +41,16 @@ ERROR 22007: Incorrect integer value: 'x' for column `test`.`t1`.`a` at row 1 drop temporary table t1; # End of 10.2 tests +# +# MDEV-23507 Wrong duplicate key value printed in ER_DUP_ENTRY +# +create table t1 (a int) engine=myisam; +insert into t1 values (8); +insert into t1 select seq from seq_1_to_100; +alter table t1 add unique (a); +ERROR 23000: Duplicate entry '8' for key 'a' +alter table t1 engine=aria; +alter table t1 add unique (a); +ERROR 23000: Duplicate entry '8' for key 'a' +drop table t1; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/alter_table_errors.test mariadb-11.8.8/mysql-test/main/alter_table_errors.test --- mariadb-11.8.6/mysql-test/main/alter_table_errors.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/alter_table_errors.test 2026-05-24 09:58:30.000000000 +0000 @@ -1,4 +1,5 @@ --source include/have_innodb.inc +--source include/have_sequence.inc --echo # --echo # MDEV-16110 ALTER with ALGORITHM=INPLACE breaks temporary table with virtual columns @@ -32,3 +33,18 @@ drop temporary table t1; --echo # End of 10.2 tests + +--echo # +--echo # MDEV-23507 Wrong duplicate key value printed in ER_DUP_ENTRY +--echo # +create table t1 (a int) engine=myisam; +insert into t1 values (8); +insert into t1 select seq from seq_1_to_100; +--error ER_DUP_ENTRY +alter table t1 add unique (a); +alter table t1 engine=aria; +--error ER_DUP_ENTRY +alter table t1 add unique (a); +drop table t1; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/analyze_format_json.result mariadb-11.8.8/mysql-test/main/analyze_format_json.result --- mariadb-11.8.6/mysql-test/main/analyze_format_json.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/analyze_format_json.result 2026-05-24 09:58:30.000000000 +0000 @@ -213,7 +213,7 @@ "r_filtered": 60 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "r_loops": 20, "r_filtered": 100, @@ -275,7 +275,7 @@ "r_filtered": 60 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "tbl1.c > tbl2.c", "r_loops": 20, @@ -1247,7 +1247,7 @@ "r_filtered": 70 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "t10.b = t11.b", "r_loops": 100, @@ -1319,7 +1319,7 @@ "r_filtered": 70 }, "buffer_type": "flat", - "buffer_size": "3Kb", + "buffer_size": "3KiB", "join_type": "BNLH", "attached_condition": "t10.b = t11.b", "r_loops": 100, @@ -1889,3 +1889,74 @@ } } drop table t1, t2; +# +# MDEV#37904: Valgrind warning - uninitialized value in tag_to_json() +# +CREATE TABLE t1 (a VARCHAR(8)) DEFAULT CHARSET latin7; +INSERT INTO t1 VALUES ('x'),('xx'); +CREATE TABLE t2 (b varchar(8)) DEFAULT CHARSET latin7; +INSERT INTO t2 VALUES ('foo'),('bar'); +ANALYZE FORMAT=JSON +SELECT b FROM t2 WHERE 'x' IN (SELECT a FROM t1); +ANALYZE +{ + "query_optimization": { + "r_total_time_ms": "REPLACED" + }, + "query_block": { + "select_id": 1, + "cost": "REPLACED", + "r_loops": 1, + "r_total_time_ms": "REPLACED", + "nested_loop": [ + { + "table": { + "table_name": "t1", + "access_type": "ALL", + "loops": 1, + "r_loops": 1, + "rows": 2, + "r_rows": 1, + "cost": "REPLACED", + "r_table_time_ms": "REPLACED", + "r_other_time_ms": "REPLACED", + "r_engine_stats": REPLACED, + "filtered": 50, + "r_total_filtered": 100, + "attached_condition": "t1.a = 'x'", + "r_filtered": 100, + "first_match": "" + } + }, + { + "block-nl-join": { + "table": { + "table_name": "t2", + "access_type": "ALL", + "loops": 1, + "r_loops": 1, + "rows": 2, + "r_rows": 2, + "cost": "REPLACED", + "r_table_time_ms": "REPLACED", + "r_other_time_ms": "REPLACED", + "r_engine_stats": REPLACED, + "filtered": 100, + "r_total_filtered": 100, + "r_filtered": 100 + }, + "buffer_type": "flat", + "buffer_size": "120", + "join_type": "BNL", + "r_loops": 1, + "r_filtered": 100, + "r_unpack_time_ms": "REPLACED", + "r_other_time_ms": "REPLACED", + "r_effective_rows": 2 + } + } + ] + } +} +DROP TABLE t1, t2; +End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/analyze_format_json.test mariadb-11.8.8/mysql-test/main/analyze_format_json.test --- mariadb-11.8.6/mysql-test/main/analyze_format_json.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/analyze_format_json.test 2026-05-24 09:58:30.000000000 +0000 @@ -369,3 +369,19 @@ where t1.pk > (select max(a) from t2 where t2.pk+1 = t1.pk+1 ) - 10; drop table t1, t2; + +--echo # +--echo # MDEV#37904: Valgrind warning - uninitialized value in tag_to_json() +--echo # + +CREATE TABLE t1 (a VARCHAR(8)) DEFAULT CHARSET latin7; +INSERT INTO t1 VALUES ('x'),('xx'); +CREATE TABLE t2 (b varchar(8)) DEFAULT CHARSET latin7; +INSERT INTO t2 VALUES ('foo'),('bar'); +--source include/analyze-format.inc +ANALYZE FORMAT=JSON + SELECT b FROM t2 WHERE 'x' IN (SELECT a FROM t1); + +DROP TABLE t1, t2; + +--echo End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/analyze_format_json_timings.result mariadb-11.8.8/mysql-test/main/analyze_format_json_timings.result --- mariadb-11.8.6/mysql-test/main/analyze_format_json_timings.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/analyze_format_json_timings.result 2026-05-24 09:58:30.000000000 +0000 @@ -87,7 +87,7 @@ "r_filtered": 20 }, "buffer_type": "flat", - "buffer_size": "18Kb", + "buffer_size": "18KiB", "join_type": "BNLH", "attached_condition": "t2.b = t1.b", "r_loops": 500, @@ -186,7 +186,7 @@ "r_filtered": 100 }, "buffer_type": "flat", - "buffer_size": "256Kb", + "buffer_size": "256KiB", "join_type": "BNLH", "attached_condition": "t2.a = t1.a and concat(t1.col1,t1.col2,t1.col3) = concat(t2.col1,t2.col2,t2.col3)", "r_loops": 1000, diff -Nru mariadb-11.8.6/mysql-test/main/bad_user_table.result mariadb-11.8.8/mysql-test/main/bad_user_table.result --- mariadb-11.8.6/mysql-test/main/bad_user_table.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/bad_user_table.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,30 @@ +# +# MDEV-4462 mysqld gets SIGFPE when mysql.user table is empty +# +create table t1 as select * from mysql.global_priv; +truncate table mysql.global_priv; +flush privileges; +connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); +connect fail,localhost,u1; +Got one of the listed errors +insert mysql.global_priv select * from t1; +drop table t1; +flush privileges; +# switching from mysql.global_priv to mysql.user +truncate table mysql.user; +flush privileges; +connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); +connect fail,localhost,u1; +Got one of the listed errors +# switching back from mysql.user to mysql.global_priv +# +# MDEV-39266 Stack Overflow via alloca() in Privilege Table JSON Parser +# +INSERT INTO mysql.global_priv (Host, User, Priv) VALUES +('localhost', 'MDEV-39266', CONCAT( +'{"access":0,"plugin":"mysql_native_password","authentication_string":"', +REPEAT('X', 400000), +'","password_last_changed":0}')); +FLUSH PRIVILEGES; +DROP USER `MDEV-39266`@localhost; +# End if 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/bad_user_table.test mariadb-11.8.8/mysql-test/main/bad_user_table.test --- mariadb-11.8.6/mysql-test/main/bad_user_table.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/bad_user_table.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,50 @@ +source include/not_embedded.inc; + +--echo # +--echo # MDEV-4462 mysqld gets SIGFPE when mysql.user table is empty +--echo # + +create table t1 as select * from mysql.global_priv; +truncate table mysql.global_priv; +flush privileges; + +# connecting via unix socket gives ER_ACCESS_DENIED_ERROR +# connecting via tcp/ip gives ER_HOST_NOT_PRIVILEGED +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR,ER_HOST_NOT_PRIVILEGED +connect (fail,localhost,u1); + +insert mysql.global_priv select * from t1; +drop table t1; +flush privileges; + +# +# same with mysql.user +# + +source include/switch_to_mysql_user.inc; +truncate table mysql.user; + +flush privileges; + +# connecting via unix socket gives ER_ACCESS_DENIED_ERROR +# connecting via tcp/ip gives ER_HOST_NOT_PRIVILEGED +--replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT +--error ER_ACCESS_DENIED_ERROR,ER_HOST_NOT_PRIVILEGED +connect (fail,localhost,u1); + +source include/switch_to_mysql_global_priv.inc; + +--echo # +--echo # MDEV-39266 Stack Overflow via alloca() in Privilege Table JSON Parser +--echo # + +INSERT INTO mysql.global_priv (Host, User, Priv) VALUES +('localhost', 'MDEV-39266', CONCAT( + '{"access":0,"plugin":"mysql_native_password","authentication_string":"', + REPEAT('X', 400000), + '","password_last_changed":0}')); +FLUSH PRIVILEGES; +DROP USER `MDEV-39266`@localhost; + +--echo # End if 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/case.result mariadb-11.8.8/mysql-test/main/case.result --- mariadb-11.8.6/mysql-test/main/case.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/case.result 2026-05-24 09:58:30.000000000 +0000 @@ -158,7 +158,7 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( - `COALESCE(1)` int(1) NOT NULL, + `COALESCE(1)` int(2) NOT NULL, `COALESCE(1.0)` decimal(2,1) NOT NULL, `COALESCE('a')` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci NOT NULL, `COALESCE(1,1.0)` decimal(2,1) NOT NULL, @@ -589,4 +589,40 @@ Warnings: Warning 1292 Truncated incorrect DOUBLE value: 'X' Warning 1365 Division by 0 +# +# MDEV-23278: Incorrect Calculation with AVG() Function +# +create table avg_calc_test ( +id int(11) not null auto_increment, +name varchar(255) default null, +primary key (id) +) auto_increment=1 default charset=latin1; +insert into avg_calc_test (name) values ('orange'), ('blue'), ('black'), ('orange'), ('black'); +select * from ( +select +avg(case when name = 'orange' then 3 when name = 'blue' then 2 when name = 'black' then 1 else 0 end) as metric_val +from avg_calc_test +) t; +metric_val +2.0000 +create table t1 as +select +avg(case when name = 'orange' then 3 when name = 'blue' then 2 when name = 'black' then 1 else 0 end) as metric_val +from avg_calc_test; +select * from t1; +metric_val +2.0000 +create or replace table t1 as +select +avg(least(1,2)) as metric_val +from avg_calc_test; +select * from t1; +metric_val +1.0000 +create or replace table t1 as +select avg(coalesce(1,2)) as metric_val from avg_calc_test; +select * from t1; +metric_val +1.0000 +drop table avg_calc_test, t1; # End of 10.11 test diff -Nru mariadb-11.8.6/mysql-test/main/case.test mariadb-11.8.8/mysql-test/main/case.test --- mariadb-11.8.6/mysql-test/main/case.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/case.test 2026-05-24 09:58:30.000000000 +0000 @@ -416,4 +416,41 @@ select case 'X' when 1/1 then 1 when 'X' then 2 else 3 end; select case 'X' when 1/0 then 1 when 'X' then 2 else 3 end; +--echo # +--echo # MDEV-23278: Incorrect Calculation with AVG() Function +--echo # +create table avg_calc_test ( + id int(11) not null auto_increment, + name varchar(255) default null, + primary key (id) +) auto_increment=1 default charset=latin1; +insert into avg_calc_test (name) values ('orange'), ('blue'), ('black'), ('orange'), ('black'); + +select * from ( + select + avg(case when name = 'orange' then 3 when name = 'blue' then 2 when name = 'black' then 1 else 0 end) as metric_val + from avg_calc_test +) t; + +create table t1 as + select + avg(case when name = 'orange' then 3 when name = 'blue' then 2 when name = 'black' then 1 else 0 end) as metric_val + from avg_calc_test; + +select * from t1; + +create or replace table t1 as + select + avg(least(1,2)) as metric_val + from avg_calc_test; + +select * from t1; + +create or replace table t1 as + select avg(coalesce(1,2)) as metric_val from avg_calc_test; + +select * from t1; + +drop table avg_calc_test, t1; + --echo # End of 10.11 test diff -Nru mariadb-11.8.6/mysql-test/main/create.result mariadb-11.8.8/mysql-test/main/create.result --- mariadb-11.8.6/mysql-test/main/create.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/create.result 2026-05-24 09:58:30.000000000 +0000 @@ -2071,6 +2071,19 @@ SET NAMES DEFAULT; # End of 10.5 Test # +# MDEV-39002: Diagnostics area assertion failure upon CREATE TABLE +# +CREATE TABLE t1 (a INT, b VARCHAR(8) DEFAULT (IFNULL(a,''))) CHARSET swe7; +ERROR HY000: Illegal mix of collations (latin1_swedish_ci,NUMERIC) and (swe7_swedish_ci,COERCIBLE) for operation 'ifnull' +# Test Item_func_case_abbreviation2 (IF, NVL2, IFNULL) with collation mismatch in DEFAULT +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (IFNULL(_latin1'x', _swe7'y'))) CHARSET utf8; +ERROR HY000: Illegal mix of collations (latin1_swedish_ci,COERCIBLE) and (swe7_swedish_ci,COERCIBLE) for operation 'ifnull' +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (IF(1, _latin1'x', _swe7'y'))) CHARSET utf8; +ERROR HY000: Illegal mix of collations (latin1_swedish_ci,COERCIBLE) and (swe7_swedish_ci,COERCIBLE) for operation 'if' +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (NVL2(1, _latin1'x', _swe7'y'))) CHARSET utf8; +ERROR HY000: Illegal mix of collations (latin1_swedish_ci,COERCIBLE) and (swe7_swedish_ci,COERCIBLE) for operation 'nvl2' +End of 10.11 tests +# # MDEV-35318 Assertion `tl->jtbm_subselect' failed in JOIN::calc_allowed_top_level_tables on 2nd execution of PS # CREATE TABLE t (a INT); diff -Nru mariadb-11.8.6/mysql-test/main/create.test mariadb-11.8.8/mysql-test/main/create.test --- mariadb-11.8.6/mysql-test/main/create.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/create.test 2026-05-24 09:58:30.000000000 +0000 @@ -1947,6 +1947,23 @@ --echo # End of 10.5 Test --echo # +--echo # MDEV-39002: Diagnostics area assertion failure upon CREATE TABLE +--echo # + +--error ER_CANT_AGGREGATE_2COLLATIONS +CREATE TABLE t1 (a INT, b VARCHAR(8) DEFAULT (IFNULL(a,''))) CHARSET swe7; + +--echo # Test Item_func_case_abbreviation2 (IF, NVL2, IFNULL) with collation mismatch in DEFAULT +--error ER_CANT_AGGREGATE_2COLLATIONS +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (IFNULL(_latin1'x', _swe7'y'))) CHARSET utf8; +--error ER_CANT_AGGREGATE_2COLLATIONS +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (IF(1, _latin1'x', _swe7'y'))) CHARSET utf8; +--error ER_CANT_AGGREGATE_2COLLATIONS +CREATE TABLE t1 (a VARCHAR(8) CHARSET latin1, b VARCHAR(8) DEFAULT (NVL2(1, _latin1'x', _swe7'y'))) CHARSET utf8; + +--echo End of 10.11 tests + +--echo # --echo # MDEV-35318 Assertion `tl->jtbm_subselect' failed in JOIN::calc_allowed_top_level_tables on 2nd execution of PS --echo # diff -Nru mariadb-11.8.6/mysql-test/main/cte_recursive.result mariadb-11.8.8/mysql-test/main/cte_recursive.result --- mariadb-11.8.6/mysql-test/main/cte_recursive.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/cte_recursive.result 2026-05-24 09:58:30.000000000 +0000 @@ -5140,7 +5140,7 @@ show create table t2; Table Create Table t2 CREATE TABLE `t2` ( - `level` int(1) DEFAULT NULL, + `level` int(2) DEFAULT NULL, `id` int(11) DEFAULT NULL, `mid` int(11) DEFAULT NULL, `name` text CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL, @@ -5221,7 +5221,7 @@ show create table t2; Table Create Table t2 CREATE TABLE `t2` ( - `level` int(1) DEFAULT NULL, + `level` int(2) DEFAULT NULL, `id` int(11) DEFAULT NULL, `mid` int(11) DEFAULT NULL, `name` text CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL, diff -Nru mariadb-11.8.6/mysql-test/main/ctype_binary.result mariadb-11.8.8/mysql-test/main/ctype_binary.result --- mariadb-11.8.6/mysql-test/main/ctype_binary.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_binary.result 2026-05-24 09:58:30.000000000 +0000 @@ -607,7 +607,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(1) DEFAULT NULL + `c1` varbinary(2) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(greatest(1,2))); @@ -617,7 +617,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(1) DEFAULT NULL + `c1` varbinary(2) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(case when 11 then 22 else 33 end)); @@ -627,7 +627,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(2) DEFAULT NULL + `c1` varbinary(3) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(coalesce(1,2))); @@ -637,7 +637,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(1) DEFAULT NULL + `c1` varbinary(2) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat_ws(1,2,3)); @@ -1068,7 +1068,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(1) DEFAULT NULL + `c1` varbinary(2) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(ifnull(1.1,1.1))); @@ -1108,7 +1108,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varbinary(1) DEFAULT NULL + `c1` varbinary(2) DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(nullif(1,2))); diff -Nru mariadb-11.8.6/mysql-test/main/ctype_cp1251.result mariadb-11.8.8/mysql-test/main/ctype_cp1251.result --- mariadb-11.8.6/mysql-test/main/ctype_cp1251.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_cp1251.result 2026-05-24 09:58:30.000000000 +0000 @@ -1019,7 +1019,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(greatest(1,2))); @@ -1029,7 +1029,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(case when 11 then 22 else 33 end)); @@ -1039,7 +1039,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(3) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(coalesce(1,2))); @@ -1049,7 +1049,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat_ws(1,2,3)); @@ -1480,7 +1480,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(ifnull(1.1,1.1))); @@ -1520,7 +1520,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET cp1251 COLLATE cp1251_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(nullif(1,2))); diff -Nru mariadb-11.8.6/mysql-test/main/ctype_latin1.result mariadb-11.8.8/mysql-test/main/ctype_latin1.result --- mariadb-11.8.6/mysql-test/main/ctype_latin1.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_latin1.result 2026-05-24 09:58:30.000000000 +0000 @@ -1328,7 +1328,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(greatest(1,2))); @@ -1338,7 +1338,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(case when 11 then 22 else 33 end)); @@ -1348,7 +1348,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(3) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(coalesce(1,2))); @@ -1358,7 +1358,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat_ws(1,2,3)); @@ -1789,7 +1789,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(ifnull(1.1,1.1))); @@ -1829,7 +1829,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET latin1 COLLATE latin1_swedish_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(nullif(1,2))); diff -Nru mariadb-11.8.6/mysql-test/main/ctype_ucs.result mariadb-11.8.8/mysql-test/main/ctype_ucs.result --- mariadb-11.8.6/mysql-test/main/ctype_ucs.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_ucs.result 2026-05-24 09:58:30.000000000 +0000 @@ -2210,7 +2210,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(greatest(1,2))); @@ -2220,7 +2220,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(case when 11 then 22 else 33 end)); @@ -2230,7 +2230,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(3) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(coalesce(1,2))); @@ -2240,7 +2240,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat_ws(1,2,3)); @@ -2671,7 +2671,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(ifnull(1.1,1.1))); @@ -2711,7 +2711,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET ucs2 COLLATE ucs2_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(nullif(1,2))); diff -Nru mariadb-11.8.6/mysql-test/main/ctype_utf8.result mariadb-11.8.8/mysql-test/main/ctype_utf8.result --- mariadb-11.8.6/mysql-test/main/ctype_utf8.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_utf8.result 2026-05-24 09:58:30.000000000 +0000 @@ -2956,7 +2956,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(greatest(1,2))); @@ -2966,7 +2966,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(case when 11 then 22 else 33 end)); @@ -2976,7 +2976,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(3) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(coalesce(1,2))); @@ -2986,7 +2986,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat_ws(1,2,3)); @@ -3417,7 +3417,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(ifnull(1.1,1.1))); @@ -3457,7 +3457,7 @@ show create table t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` varchar(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL + `c1` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_general_ci DEFAULT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; select hex(concat(nullif(1,2))); diff -Nru mariadb-11.8.6/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.result mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.result --- mariadb-11.8.6/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.result 2026-05-24 09:58:30.000000000 +0000 @@ -23,3 +23,17 @@ # # End of 11.5 tests # +# +# MDEV-35717: UBSAN: runtime error: applying zero offset to null pointer in `my_strnncoll_utf8mb3_general1400_as_ci` +# +CREATE TABLE t (c INT,c2 CHAR,c3 DATE,CHECK (c>0)); +ALTER TABLE t ADD INDEX (c2) USING HASH; +DROP TABLE t; +# +# MDEV-39356: Server crashes when executing UPDATE ... FOR PORTION OF with a normal table +# +CREATE OR REPLACE TABLE t (id INT); +UPDATE t FOR PORTION OF p FROM '2026-02-01' TO '2026-03-01' SET id = 2; +ERROR HY000: Period `p` is not found in table +DROP TABLE t; +# End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.test mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.test --- mariadb-11.8.6/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ctype_utf8mb3_geeral1400_as_ci.test 2026-05-24 09:58:30.000000000 +0000 @@ -23,3 +23,23 @@ --echo # --echo # End of 11.5 tests --echo # + +--echo # +--echo # MDEV-35717: UBSAN: runtime error: applying zero offset to null pointer in `my_strnncoll_utf8mb3_general1400_as_ci` +--echo # + +CREATE TABLE t (c INT,c2 CHAR,c3 DATE,CHECK (c>0)); +ALTER TABLE t ADD INDEX (c2) USING HASH; + +DROP TABLE t; + +--echo # +--echo # MDEV-39356: Server crashes when executing UPDATE ... FOR PORTION OF with a normal table +--echo # + +CREATE OR REPLACE TABLE t (id INT); +--error ER_PERIOD_NOT_FOUND +UPDATE t FOR PORTION OF p FROM '2026-02-01' TO '2026-03-01' SET id = 2; +DROP TABLE t; + +--echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/ddl_i18n_koi8r.result mariadb-11.8.8/mysql-test/main/ddl_i18n_koi8r.result --- mariadb-11.8.6/mysql-test/main/ddl_i18n_koi8r.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ddl_i18n_koi8r.result 2026-05-24 09:58:30.000000000 +0000 @@ -751,7 +751,8 @@ @@character_set_client AS c8; SET ÐÁÒÁÍ1 = 'a'; SET ÐÁÒÁÍ2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -785,7 +786,8 @@ @@character_set_client AS c8; SET ÐÁÒÁÍ1 = 'a'; SET ÐÁÒÁÍ2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -828,7 +830,8 @@ @@character_set_client AS c8; SET ÐÁÒÁÍ1 = 'a'; SET ÐÁÒÁÍ2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -862,7 +865,8 @@ @@character_set_client AS c8; SET ÐÁÒÁÍ1 = 'a'; SET ÐÁÒÁÍ2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1768,7 +1772,8 @@ SET @a1 = 'ÔÅËÓÔ'; SET @a1 = _koi8r 'ÔÅËÓÔ'; SET @a2 = _utf8 'текÑÑ‚'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1797,7 +1802,8 @@ SET @b1 = 'ÔÅËÓÔ'; SET @b1 = _koi8r 'ÔÅËÓÔ'; SET @b2 = _utf8 'текÑÑ‚'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1851,7 +1857,8 @@ SET @a1 = 'ÔÅËÓÔ'; SET @a1 = _koi8r 'ÔÅËÓÔ'; SET @a2 = _utf8 'текÑÑ‚'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1880,7 +1887,8 @@ SET @b1 = 'ÔÅËÓÔ'; SET @b1 = _koi8r 'ÔÅËÓÔ'; SET @b2 = _utf8 'текÑÑ‚'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -2522,7 +2530,8 @@ COLLATION(_utf8 'текÑÑ‚') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2550,7 +2559,8 @@ COLLATION(_utf8 'текÑÑ‚') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2590,7 +2600,8 @@ COLLATION(_utf8 'текÑÑ‚') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2618,7 +2629,8 @@ COLLATION(_utf8 'текÑÑ‚') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; diff -Nru mariadb-11.8.6/mysql-test/main/ddl_i18n_utf8.result mariadb-11.8.8/mysql-test/main/ddl_i18n_utf8.result --- mariadb-11.8.6/mysql-test/main/ddl_i18n_utf8.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ddl_i18n_utf8.result 2026-05-24 09:58:30.000000000 +0000 @@ -751,7 +751,8 @@ @@character_set_client AS c8; SET парам1 = 'a'; SET парам2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -785,7 +786,8 @@ @@character_set_client AS c8; SET парам1 = 'a'; SET парам2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -828,7 +830,8 @@ @@character_set_client AS c8; SET парам1 = 'a'; SET парам2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -862,7 +865,8 @@ @@character_set_client AS c8; SET парам1 = 'a'; SET парам2 = 'b'; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1768,7 +1772,8 @@ SET @a1 = 'текÑÑ‚'; SET @a2 = _utf8 'текÑÑ‚'; SET @a3 = _koi8r 'ÔÅËÓÔ'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1797,7 +1802,8 @@ SET @b1 = 'текÑÑ‚'; SET @b2 = _utf8 'текÑÑ‚'; SET @b3 = _koi8r 'ÔÅËÓÔ'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1851,7 +1857,8 @@ SET @a1 = 'текÑÑ‚'; SET @a2 = _utf8 'текÑÑ‚'; SET @a3 = _koi8r 'ÔÅËÓÔ'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -1880,7 +1887,8 @@ SET @b1 = 'текÑÑ‚'; SET @b2 = _utf8 'текÑÑ‚'; SET @b3 = _koi8r 'ÔÅËÓÔ'; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -2522,7 +2530,8 @@ COLLATION(_koi8r 'ÔÅËÓÔ') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2550,7 +2559,8 @@ COLLATION(_koi8r 'ÔÅËÓÔ') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2590,7 +2600,8 @@ COLLATION(_koi8r 'ÔÅËÓÔ') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -2618,7 +2629,8 @@ COLLATION(_koi8r 'ÔÅËÓÔ') AS c4, @@collation_connection AS c5, @@character_set_client AS c6; -END */ ;; +END +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; diff -Nru mariadb-11.8.6/mysql-test/main/derived_cond_pushdown.result mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.result --- mariadb-11.8.6/mysql-test/main/derived_cond_pushdown.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.result 2026-05-24 09:58:30.000000000 +0000 @@ -3767,7 +3767,7 @@ "attached_condition": "t2.b < 50" }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "v2.a = v1.a or t2.a = v1.a" } @@ -3866,7 +3866,7 @@ "filtered": 100 }, "buffer_type": "incremental", - "buffer_size": "4Kb", + "buffer_size": "4KiB", "join_type": "BNL", "attached_condition": "v1.a = t2.a and v2.a = t2.a or v2.b > 13 and t2.c < 115", "materialized": { @@ -3995,7 +3995,7 @@ "attached_condition": "v2.b < 50 or v2.b = 19" }, "buffer_type": "incremental", - "buffer_size": "4Kb", + "buffer_size": "4KiB", "join_type": "BNL", "attached_condition": "(v2.a = v1.a or v1.a = t2.a) and (v2.b < 50 or v2.b = 19)", "materialized": { @@ -4257,7 +4257,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL" } } @@ -4516,7 +4516,7 @@ "attached_condition": "v2.max_c > 300" }, "buffer_type": "incremental", - "buffer_size": "9Kb", + "buffer_size": "9KiB", "join_type": "BNL", "attached_condition": "v2.a = v1.a or v1.a = t2.a", "materialized": { @@ -4887,7 +4887,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "4Kb", + "buffer_size": "4KiB", "join_type": "BNL" } } @@ -6441,7 +6441,7 @@ "attached_condition": "v_union.a = 1" }, "buffer_type": "incremental", - "buffer_size": "4Kb", + "buffer_size": "4KiB", "join_type": "BNL", "attached_condition": "v_union.c > 800 or v1.max_c > 200", "materialized": { @@ -8014,7 +8014,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL" } } @@ -23762,4 +23762,27 @@ a count(*) drop view v2, v1; drop table t1; +# +# MDEV-29360 Crash when pushing condition with always false IS NULL +# into derived contains constant TRUE/FALSE as subformula +# +create table t1 (id int not null); +insert into t1 values (0),(1),(3); +create table t2 select * from t1; +create table t3 select * from t1; +select * from (select id from t1 group by id) dt1, (select id from t2) dt2, t3 +where dt2.id = t3.id and dt1.id between 0 and (dt2.id is null); +id id id +0 0 0 +0 1 1 +0 3 3 +select * from (select id from t1 union select id from t2) dt1, +(select id from t2) dt2, +t3 +where dt2.id = t3.id and dt1.id between 0 and (dt2.id is null); +id id id +0 0 0 +0 1 1 +0 3 3 +drop table t1,t2,t3; # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/derived_cond_pushdown.test mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.test --- mariadb-11.8.6/mysql-test/main/derived_cond_pushdown.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/derived_cond_pushdown.test 2026-05-24 09:58:30.000000000 +0000 @@ -4551,4 +4551,24 @@ drop view v2, v1; drop table t1; +--echo # +--echo # MDEV-29360 Crash when pushing condition with always false IS NULL +--echo # into derived contains constant TRUE/FALSE as subformula +--echo # + +create table t1 (id int not null); +insert into t1 values (0),(1),(3); +create table t2 select * from t1; +create table t3 select * from t1; + +select * from (select id from t1 group by id) dt1, (select id from t2) dt2, t3 + where dt2.id = t3.id and dt1.id between 0 and (dt2.id is null); + +select * from (select id from t1 union select id from t2) dt1, + (select id from t2) dt2, + t3 + where dt2.id = t3.id and dt1.id between 0 and (dt2.id is null); + +drop table t1,t2,t3; + --echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/derived_split_innodb.result mariadb-11.8.8/mysql-test/main/derived_split_innodb.result --- mariadb-11.8.6/mysql-test/main/derived_split_innodb.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/derived_split_innodb.result 2026-05-24 09:58:30.000000000 +0000 @@ -507,7 +507,7 @@ "r_filtered": 100 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "trigcond(t11.col1 = t10.col1)", "r_loops": 500, diff -Nru mariadb-11.8.6/mysql-test/main/dyncol.result mariadb-11.8.8/mysql-test/main/dyncol.result --- mariadb-11.8.6/mysql-test/main/dyncol.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/dyncol.result 2026-05-24 09:58:30.000000000 +0000 @@ -1974,3 +1974,16 @@ zzz {"jsn":"\u0000\u0009\u0000�\u0000C\u0000\u0002\u0000E\u0000\u0002\u0000G\u0000\u0003\u0000J\u0000\u0004\u0000N\u0000\u0005\u0000S\u0000\u0005\u0000X\u0000\u0005\u0000]\u0000\u0005\u0000b\u0000\u0005\u0000\u000Cg\u0000\u000Cj\u0000\u000Cm\u0000\u000Cp\u0000\u0005,\u0000\u0005\u001B\u0000\u0005,\u0000\u000C�\u0000\u0007�\u0000f8f9f10pic2box_cbox_gbox_kbox_vf5_id\u000244\u000244\u000232Ahttp://oss.hdb88.com/0/photo/078ee7e7c6464ab68a0483733266a52a.gif\u00080.052272$O\u001E\u0000","volume":193.6} drop table t1; # End of 10.5 tests +# +# MDEV-36929: COLUMN_JSON() does not free an internal dynamic string +# +SELECT COLUMN_JSON(1000); +ERROR HY000: Encountered illegal format of dynamic column string +# +# MDEV-39581 dynamic column header missing sanity checks +# +SELECT COLUMN_LIST(0x040100FFFF00000300666F6F21626172); +ERROR HY000: Encountered illegal format of dynamic column string +SELECT COLUMN_JSON(CONCAT(0x040200020001000000000000004241, REPEAT('D', 512))); +ERROR HY000: Encountered illegal format of dynamic column string +# End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/dyncol.test mariadb-11.8.8/mysql-test/main/dyncol.test --- mariadb-11.8.6/mysql-test/main/dyncol.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/dyncol.test 2026-05-24 09:58:30.000000000 +0000 @@ -1026,3 +1026,21 @@ drop table t1; --echo # End of 10.5 tests + +--echo # +--echo # MDEV-36929: COLUMN_JSON() does not free an internal dynamic string +--echo # +--error ER_DYN_COL_WRONG_FORMAT +SELECT COLUMN_JSON(1000); + + +--echo # +--echo # MDEV-39581 dynamic column header missing sanity checks +--echo # +--error ER_DYN_COL_WRONG_FORMAT +SELECT COLUMN_LIST(0x040100FFFF00000300666F6F21626172); + +--error ER_DYN_COL_WRONG_FORMAT +SELECT COLUMN_JSON(CONCAT(0x040200020001000000000000004241, REPEAT('D', 512))); + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/empty_user_table.result mariadb-11.8.8/mysql-test/main/empty_user_table.result --- mariadb-11.8.6/mysql-test/main/empty_user_table.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/empty_user_table.result 1970-01-01 00:00:00.000000000 +0000 @@ -1,16 +0,0 @@ -create table t1 as select * from mysql.global_priv; -truncate table mysql.global_priv; -flush privileges; -connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); -connect fail,localhost,u1; -Got one of the listed errors -insert mysql.global_priv select * from t1; -drop table t1; -flush privileges; -# switching from mysql.global_priv to mysql.user -truncate table mysql.user; -flush privileges; -connect(localhost,u1,,test,MASTER_PORT,MASTER_SOCKET); -connect fail,localhost,u1; -Got one of the listed errors -# switching back from mysql.user to mysql.global_priv diff -Nru mariadb-11.8.6/mysql-test/main/empty_user_table.test mariadb-11.8.8/mysql-test/main/empty_user_table.test --- mariadb-11.8.6/mysql-test/main/empty_user_table.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/empty_user_table.test 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -# -# MDEV-4462 mysqld gets SIGFPE when mysql.user table is empty -# - -source include/not_embedded.inc; - -create table t1 as select * from mysql.global_priv; -truncate table mysql.global_priv; -flush privileges; - -# connecting via unix socket gives ER_ACCESS_DENIED_ERROR -# connecting via tcp/ip gives ER_HOST_NOT_PRIVILEGED ---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT ---error ER_ACCESS_DENIED_ERROR,ER_HOST_NOT_PRIVILEGED -connect (fail,localhost,u1); - -insert mysql.global_priv select * from t1; -drop table t1; -flush privileges; - -# -# same with mysql.user -# - -source include/switch_to_mysql_user.inc; -truncate table mysql.user; - -flush privileges; - -# connecting via unix socket gives ER_ACCESS_DENIED_ERROR -# connecting via tcp/ip gives ER_HOST_NOT_PRIVILEGED ---replace_result $MASTER_MYSOCK MASTER_SOCKET $MASTER_MYPORT MASTER_PORT ---error ER_ACCESS_DENIED_ERROR,ER_HOST_NOT_PRIVILEGED -connect (fail,localhost,u1); - -source include/switch_to_mysql_global_priv.inc; diff -Nru mariadb-11.8.6/mysql-test/main/events_processlist.result mariadb-11.8.8/mysql-test/main/events_processlist.result --- mariadb-11.8.6/mysql-test/main/events_processlist.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/events_processlist.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,22 @@ +# +# MDEV-34482 visibility of event worker threads to non-privileded user +# +call mtr.add_suppression("Event Scheduler: .*Query execution was interrupted"); +call mtr.add_suppression("Event Scheduler: .*Unknown event 'e'"); +CREATE USER u@localhost; +GRANT EVENT ON *.* TO u@localhost; +SET GLOBAL event_scheduler = ON; +connect c1,localhost,u,,; +CREATE EVENT e +ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 0.1 SECOND +DO SELECT SLEEP(10000); +show processlist; +Id User Host db Command Time State Info Progress +# u localhost test Query 0 starting show processlist 0.000 +# u localhost test Connect 0 User sleep SELECT SLEEP(10000) 0.000 +KILL QUERY id; +disconnect c1; +connection default; +SET GLOBAL event_scheduler = OFF; +DROP EVENT e; +DROP USER u@localhost; diff -Nru mariadb-11.8.6/mysql-test/main/events_processlist.test mariadb-11.8.8/mysql-test/main/events_processlist.test --- mariadb-11.8.6/mysql-test/main/events_processlist.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/events_processlist.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,53 @@ +--source include/not_embedded.inc + +--echo # +--echo # MDEV-34482 visibility of event worker threads to non-privileded user +--echo # + +call mtr.add_suppression("Event Scheduler: .*Query execution was interrupted"); +call mtr.add_suppression("Event Scheduler: .*Unknown event 'e'"); + +# Verify that a user without PROCESS privilege can see their own events +# run by event scheduler. + +CREATE USER u@localhost; +GRANT EVENT ON *.* TO u@localhost; + +# Ensure event scheduler running +SET GLOBAL event_scheduler = ON; +--source include/running_event_scheduler.inc + +# Connect as the unprivileged user and create an event that runs a long sleep +connect c1,localhost,u,,; + +CREATE EVENT e + ON SCHEDULE AT CURRENT_TIMESTAMP + INTERVAL 0.1 SECOND + DO SELECT SLEEP(10000); + +# Wait until the event worker appears in PROCESSLIST for the current user +let $wait_condition= SELECT COUNT(*) = 1 FROM INFORMATION_SCHEMA.PROCESSLIST + WHERE INFO LIKE '%SLEEP(10000)%' AND ID <> CONNECTION_ID(); +--source include/wait_condition.inc + +# Check that show processlist works +--replace_column 1 # +--replace_regex /:[0-9]+// /Execute/Query/ +show processlist; + +# Stop event execution +let $id= `SELECT ID FROM INFORMATION_SCHEMA.PROCESSLIST WHERE INFO LIKE '%SLEEP(10000)%' AND ID <> CONNECTION_ID()`; +--replace_result $id id +eval KILL QUERY $id; + +# Cleanup +--disconnect c1 +--connection default + +SET GLOBAL event_scheduler = OFF; +--error 0,ER_EVENT_DOES_NOT_EXIST +DROP EVENT e; +--source include/check_events_off.inc +let $count_sessions= 1; +--source include/wait_until_count_sessions.inc +DROP USER u@localhost; + diff -Nru mariadb-11.8.6/mysql-test/main/explain_json.result mariadb-11.8.8/mysql-test/main/explain_json.result --- mariadb-11.8.6/mysql-test/main/explain_json.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/explain_json.result 2026-05-24 09:58:30.000000000 +0000 @@ -512,7 +512,7 @@ "attached_condition": "tbl2.b < 5" }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "tbl2.a = tbl1.a" } @@ -861,7 +861,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "19Kb", + "buffer_size": "19KiB", "join_type": "BNL" } } @@ -1175,7 +1175,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "1Kb", + "buffer_size": "1KiB", "join_type": "BNL", "attached_condition": "tbl2.b = tbl1.b" } diff -Nru mariadb-11.8.6/mysql-test/main/func_equal.result mariadb-11.8.8/mysql-test/main/func_equal.result --- mariadb-11.8.6/mysql-test/main/func_equal.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_equal.result 2026-05-24 09:58:30.000000000 +0000 @@ -54,3 +54,13 @@ 0 DROP TABLE t0; # End of 10.5 tests +# +# MDEV-36792: UBSAN load of null pointer and Assertion `b == &type_handler_row || b == &type_handler_null` in `Arg_comparator::set_cmp_func when using ROW()` +# +CREATE FUNCTION f() RETURNS ROW TYPE OF t RETURN 1; +CREATE TABLE t (a INT); +SELECT ROW(f(),1)=ROW(1,1) AS eq; +ERROR HY000: Illegal parameter data types row and int for operation '=' +DROP FUNCTION f; +DROP TABLE t; +# End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_equal.test mariadb-11.8.8/mysql-test/main/func_equal.test --- mariadb-11.8.6/mysql-test/main/func_equal.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_equal.test 2026-05-24 09:58:30.000000000 +0000 @@ -59,3 +59,16 @@ --echo # End of 10.5 tests + +--echo # +--echo # MDEV-36792: UBSAN load of null pointer and Assertion `b == &type_handler_row || b == &type_handler_null` in `Arg_comparator::set_cmp_func when using ROW()` +--echo # + +CREATE FUNCTION f() RETURNS ROW TYPE OF t RETURN 1; +CREATE TABLE t (a INT); +--error ER_ILLEGAL_PARAMETER_DATA_TYPES2_FOR_OPERATION +SELECT ROW(f(),1)=ROW(1,1) AS eq; +DROP FUNCTION f; +DROP TABLE t; + +--echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_gconcat.result mariadb-11.8.8/mysql-test/main/func_gconcat.result --- mariadb-11.8.6/mysql-test/main/func_gconcat.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_gconcat.result 2026-05-24 09:58:30.000000000 +0000 @@ -1538,3 +1538,21 @@ DROP TABLE t1; SET NAMES latin1; # End of 10.5 tests +# +# MDEV-39673 group_concat ignores max_allowed_packet +# +connect u,localhost,root; +set group_concat_max_len=2*1024*1024*1024; +Warnings: +Warning 1292 Truncated incorrect group_concat_max_len value: '2147483648' +select @@group_concat_max_len; +@@group_concat_max_len +1073741824 +select length(group_concat(repeat('a', @@max_allowed_packet-1), repeat('a', @@max_allowed_packet-1))) from dual; +length(group_concat(repeat('a', @@max_allowed_packet-1), repeat('a', @@max_allowed_packet-1))) +16777216 +Warnings: +Warning 1260 Row 1 was cut by group_concat() +disconnect u; +connection default; +# End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_gconcat.test mariadb-11.8.8/mysql-test/main/func_gconcat.test --- mariadb-11.8.6/mysql-test/main/func_gconcat.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_gconcat.test 2026-05-24 09:58:30.000000000 +0000 @@ -1125,3 +1125,15 @@ SET NAMES latin1; --echo # End of 10.5 tests + +--echo # +--echo # MDEV-39673 group_concat ignores max_allowed_packet +--echo # +connect u,localhost,root; +set group_concat_max_len=2*1024*1024*1024; +select @@group_concat_max_len; +select length(group_concat(repeat('a', @@max_allowed_packet-1), repeat('a', @@max_allowed_packet-1))) from dual; +disconnect u; +connection default; + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_hybrid_type.result mariadb-11.8.8/mysql-test/main/func_hybrid_type.result --- mariadb-11.8.6/mysql-test/main/func_hybrid_type.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_hybrid_type.result 2026-05-24 09:58:30.000000000 +0000 @@ -3597,7 +3597,7 @@ Table Create Table t1 CREATE TABLE `t1` ( `c1` bigint(11) NOT NULL, - `c2` bigint(11) NOT NULL + `c2` bigint(12) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci DROP TABLE t1; CREATE TABLE t1 AS SELECT @@ -3633,47 +3633,47 @@ Table Create Table t1 CREATE TABLE `t1` ( `i1` int(1) NOT NULL, - `c1` int(1) NOT NULL, + `c1` int(2) NOT NULL, `i2` int(2) NOT NULL, - `c2` int(2) NOT NULL, + `c2` int(3) NOT NULL, `i3` int(3) NOT NULL, - `c3` int(3) NOT NULL, + `c3` int(4) NOT NULL, `i4` int(4) NOT NULL, - `c4` int(4) NOT NULL, + `c4` int(5) NOT NULL, `i5` int(5) NOT NULL, - `c5` int(5) NOT NULL, + `c5` int(6) NOT NULL, `i6` int(6) NOT NULL, - `c6` int(6) NOT NULL, + `c6` int(7) NOT NULL, `i7` int(7) NOT NULL, - `c7` int(7) NOT NULL, + `c7` int(8) NOT NULL, `i8` int(8) NOT NULL, - `c8` int(8) NOT NULL, + `c8` int(9) NOT NULL, `i9` int(9) NOT NULL, - `c9` int(9) NOT NULL, + `c9` int(10) NOT NULL, `2147483647` bigint(10) NOT NULL, - `COALESCE(2147483647)` bigint(10) NOT NULL, + `COALESCE(2147483647)` bigint(11) NOT NULL, `2147483648` bigint(10) NOT NULL, - `COALESCE(2147483648)` bigint(10) NOT NULL, + `COALESCE(2147483648)` bigint(11) NOT NULL, `i10` bigint(10) NOT NULL, - `c10` bigint(10) NOT NULL, + `c10` bigint(11) NOT NULL, `i11` bigint(11) NOT NULL, - `c11` bigint(11) NOT NULL, + `c11` bigint(12) NOT NULL, `i12` bigint(12) NOT NULL, - `c12` bigint(12) NOT NULL, + `c12` bigint(13) NOT NULL, `i13` bigint(13) NOT NULL, - `c13` bigint(13) NOT NULL, + `c13` bigint(14) NOT NULL, `i14` bigint(14) NOT NULL, - `c14` bigint(14) NOT NULL, + `c14` bigint(15) NOT NULL, `i15` bigint(15) NOT NULL, - `c15` bigint(15) NOT NULL, + `c15` bigint(16) NOT NULL, `i16` bigint(16) NOT NULL, - `c16` bigint(16) NOT NULL, + `c16` bigint(17) NOT NULL, `i17` bigint(17) NOT NULL, - `c17` bigint(17) NOT NULL, + `c17` bigint(18) NOT NULL, `i18` bigint(18) NOT NULL, - `c18` bigint(18) NOT NULL, + `c18` bigint(19) NOT NULL, `9223372036854775807` bigint(19) NOT NULL, - `COALESCE(9223372036854775807)` bigint(19) NOT NULL, + `COALESCE(9223372036854775807)` bigint(20) NOT NULL, `9223372036854775808` bigint(19) unsigned NOT NULL, `COALESCE(9223372036854775808)` bigint(19) unsigned NOT NULL, `i19` bigint(19) unsigned NOT NULL, @@ -4403,7 +4403,7 @@ CREATE VIEW v5 AS SELECT COALESCE(c, COALESCE(NULL, 10), NULL) as c_col FROM (SELECT NULL AS c) AS t; SELECT COLUMN_NAME, IS_NULLABLE, COLUMN_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'v5'; COLUMN_NAME IS_NULLABLE COLUMN_TYPE -c_col NO varchar(2) +c_col NO varchar(3) DROP VIEW v5; CREATE TABLE t (c1 INT, c2 DOUBLE, c3 VARCHAR(5), c4 DATE); INSERT INTO t values (1, 2.3, 'four', '2025-05-06'); diff -Nru mariadb-11.8.6/mysql-test/main/func_json.result mariadb-11.8.8/mysql-test/main/func_json.result --- mariadb-11.8.6/mysql-test/main/func_json.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_json.result 2026-05-24 09:58:30.000000000 +0000 @@ -46,6 +46,8 @@ select json_query('{"key1":123, "key1": [1,2,3]}', concat('$', repeat('.k', 1000))) as exp; exp NULL +Warnings: +Warning 4043 Limit of 32 on JSON path depth is reached in argument 2 to function 'json_query' at position 65 select json_array(); json_array() [] @@ -680,6 +682,8 @@ SELECT JSON_VALUE('[{"foo": 1},"bar"]', '$[*][0]'); JSON_VALUE('[{"foo": 1},"bar"]', '$[*][0]') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' CREATE TABLE t1 (f INT NOT NULL); INSERT INTO t1 VALUES (0); SELECT JSON_KEYS(f) FROM t1 ORDER BY 1; @@ -755,9 +759,6 @@ insert into t1 values (2),(1); select 1 from t1 where json_extract(a,'$','$[81]'); 1 -Warnings: -Warning 1292 Truncated incorrect BOOLEAN value: '[2]' -Warning 1292 Truncated incorrect BOOLEAN value: '[1]' drop table t1; select json_extract('{"test":8.437e-5}','$.test'); json_extract('{"test":8.437e-5}','$.test') @@ -1474,6 +1475,8 @@ SELECT JSON_VALUE('["foo"]', '$**[0]') AS f; f NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' SET @@COLLATION_CONNECTION= @old_collation_connection; # # MDEV-32587 JSON_VALID fail to validate integer zero in scientific notation @@ -1785,7 +1788,48 @@ 1 Warnings: Warning 4042 Syntax error in JSON path in argument 2 to function 'json_extract' at position 1 +# +# MDEV-39213: json range syntax crash +# +SELECT JSON_EXISTS(CONCAT('[', REPEAT('[', 4000), 'Y', REPEAT(']', 4000), ', 1]'), '$[100]') as ex; +ex +NULL +# +# MDEV-35548 UBSAN: runtime error: index -1 out of bounds for type 'json_path_step_t[32]' +# (aka 'struct st_json_path_step_t[32]') +# +SELECT JSON_EXTRACT('{a:true}','$.a')=TRUE; +JSON_EXTRACT('{a:true}','$.a')=TRUE +NULL +Warnings: +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_extract' at position 2 +SELECT JSON_EXTRACT('0E+0','$'); +JSON_EXTRACT('0E+0','$') +0E+0 +SELECT JSON_EXISTS(CONCAT('[', REPEAT('[', 4000), 'Y', REPEAT(']', 4000), ', 1]'), '$[100]') as je; +je +NULL # End of 10.6 tests +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('["a",1]', '$') AS j) AS t; +json_extract(t.j, '$') +["a", 1] +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('{"key":"value"}', '$') AS j) AS t; +json_extract(t.j, '$') +{"key": "value"} +SELECT json_extract(t.j, '$[0]', '$[1]') +FROM (SELECT json_extract('[{"a":1},{"b":2},{"c":3}]', '$') AS j) AS t; +json_extract(t.j, '$[0]', '$[1]') +[{"a": 1}, {"b": 2}] +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('{"name":"Ä Ö Ü ß","city":"München"}', '$') AS j) AS t; +json_extract(t.j, '$') +{"name": "Ä Ö Ü ß", "city": "München"} +SELECT json_extract(t.j, '$.name') +FROM (SELECT json_extract('{"name":"日本語テスト","val":[1,2]}', '$') AS j) AS t; +json_extract(t.j, '$.name') +"日本語テスト" # # MDEV-35614 JSON_UNQUOTE doesn't work with emojis # @@ -2402,6 +2446,8 @@ SELECT JSON_VALUE(@json, '$[0][1 to 2].key1'); JSON_VALUE(@json, '$[0][1 to 2].key1') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' SET @json='{ "A": [0, [1, 2, 3], @@ -2418,7 +2464,7 @@ }'; SELECT JSON_QUERY(@json, '$.A[-2][-3 to -1]'); JSON_QUERY(@json, '$.A[-2][-3 to -1]') -NULL +[13, 14] SET @json= '[ [1, {"key1": "value1"}, 3], [false, 5, 6], @@ -2567,6 +2613,8 @@ SELECT JSON_VALUE(@json1, '$[2][1 to 2].key1'); JSON_VALUE(@json1, '$[2][1 to 2].key1') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' SET @json= '[ [1.1, {"key1": "value1"}, 3], [false, 5, 6], @@ -2577,9 +2625,13 @@ SELECT JSON_VALUE(@json, '$[*][0]'); JSON_VALUE(@json, '$[*][0]') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' SELECT JSON_VALUE(@json, '$[2 to 3][0]'); JSON_VALUE(@json, '$[2 to 3][0]') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' # # MDEV-28072: JSON_EXTRACT has inconsistent behavior with '0' value in # json path (when range is used) @@ -2788,6 +2840,85 @@ SELECT JSON_VALUE('{"a":[1,2]}', '$.a[*]'); JSON_VALUE('{"a":[1,2]}', '$.a[*]') NULL +Warnings: +Warning 4044 Wildcards or range in JSON path not allowed in argument 2 to function 'json_value' +# +# MDEV-37640: Crash at String::append with json_normalize +# +SELECT ( WITH x AS ( WITH x AS ( SELECT 1.000000 ) SELECT ( REPEAT ( ( json_normalize ( ' -1' ) ) , 357 ) ) x ) SELECT x FROM x WHERE x IN ( x , x ) ) x; +x +-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0-1.0E0 +# +# MDEV-37640: Crash in JSON_KEYS +# +SELECT JSON_SET('{"c":4}', '$.a', 5) AS x HAVING (x IN (JSON_KEYS(x), ',')); +x +# +# MDEV-38264 Assertion in json_find_path() fails after computing +# array size of invalid json structure +# +SELECT JSON_QUERY('{ "A": [0,] }', '$.A[-1]'); +JSON_QUERY('{ "A": [0,] }', '$.A[-1]') +NULL +SELECT JSON_VALUE('{ "A": [0,] }', '$.A[-1]'); +JSON_VALUE('{ "A": [0,] }', '$.A[-1]') +NULL +SELECT JSON_VALUE('{ "A": [5,] }', '$.A[-2]'); +JSON_VALUE('{ "A": [5,] }', '$.A[-2]') +NULL +SELECT JSON_VALUE('{ "A": [5] }', '$.A[-2]'); +JSON_VALUE('{ "A": [5] }', '$.A[-2]') +NULL +SELECT JSON_LENGTH('{ "A": [0,] }', '$.A'); +JSON_LENGTH('{ "A": [0,] }', '$.A') +NULL +Warnings: +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_length' at position 11 +SELECT JSON_VALID('{ "A": [0,] }'); +JSON_VALID('{ "A": [0,] }') +0 +# +# MDEV-38264 Assertion in json_find_path() fails after computing +# array size of invalid json structure +# +SELECT JSON_QUERY('{ "A": [0,] }', '$.A[-1]'); +JSON_QUERY('{ "A": [0,] }', '$.A[-1]') +NULL +SELECT JSON_VALUE('{ "A": [0,] }', '$.A[-1]'); +JSON_VALUE('{ "A": [0,] }', '$.A[-1]') +NULL +SELECT JSON_VALUE('{ "A": [5,] }', '$.A[-2]'); +JSON_VALUE('{ "A": [5,] }', '$.A[-2]') +NULL +SELECT JSON_VALUE('{ "A": [5] }', '$.A[-2]'); +JSON_VALUE('{ "A": [5] }', '$.A[-2]') +NULL +SELECT JSON_LENGTH('{ "A": [0,] }', '$.A'); +JSON_LENGTH('{ "A": [0,] }', '$.A') +NULL +Warnings: +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_length' at position 11 +SELECT JSON_VALID('{ "A": [0,] }'); +JSON_VALID('{ "A": [0,] }') +0 +# +# MDEV-35548 UBSAN: runtime error: index -1 out of bounds for type 'json_path_step_t[32]' +# (aka 'struct st_json_path_step_t[32]') +# +SELECT JSON_EXTRACT('{a:true}','$.a')=TRUE; +JSON_EXTRACT('{a:true}','$.a')=TRUE +NULL +Warnings: +Warning 4038 Syntax error in JSON text in argument 1 to function 'json_extract' at position 2 +SELECT JSON_EXTRACT('0E+0','$'); +JSON_EXTRACT('0E+0','$') +0E+0 +# +# MDEV-26814: UBSAN: offset to nullptr in JSON_ARRAY_INSERT +# +SELECT JSON_ARRAY_INSERT (0,NULL,1) as j; +j +NULL # End of 10.11 Test # # MDEV-32007: JSON_VALUE and JSON_EXTRACT doesn't handle dash (-) @@ -4997,6 +5128,8 @@ SELECT JSON_KEY_VALUE('[1,2,3]', ''); JSON_KEY_VALUE('[1,2,3]', '') NULL +Warnings: +Warning 4041 Unexpected end of JSON path in argument 2 to function 'json_key_value' SELECT JSON_KEY_VALUE('[1,2,3]', NULL); JSON_KEY_VALUE('[1,2,3]', NULL) NULL @@ -5046,6 +5179,8 @@ SELECT JSON_KEY_VALUE('[]', '[0]'); JSON_KEY_VALUE('[]', '[0]') NULL +Warnings: +Warning 4042 Syntax error in JSON path in argument 2 to function 'json_key_value' at position 1 SELECT JSON_KEY_VALUE('[1, 2, 3]', '$[0]'); JSON_KEY_VALUE('[1, 2, 3]', '$[0]') NULL @@ -5253,7 +5388,7 @@ SET @obj2= '[3.0, 3, 5, "abc", "abc", true, {"key2":"val2"}, {"key1":"val1"}, {"key1":"val2"}]'; select json_array_intersect(@obj1, @obj2); json_array_intersect(@obj1, @obj2) -NULL +[3.0, 3, "abc", true] Warnings: Warning 4038 Syntax error in JSON text in argument 1 to function 'json_array_intersect' at position 53 # Checking incorrect type for input @@ -5410,4 +5545,36 @@ select json_schema_valid('{"enum":[0]}', sformat('"{:#>200}"','0')); json_schema_valid('{"enum":[0]}', sformat('"{:#>200}"','0')) 0 +# +# MDEV-36808 json_array_intersect incorrect results after returning NULL in table scan +# +CREATE TABLE t1 (full text, overlap text); +INSERT INTO t1 VALUES ('["2"]', '["2"]'), ('["2"]', '["0"]'), ('["2"]', '["2"]'); +SELECT full, overlap, json_array_intersect(full, overlap) as jai from t1; +full overlap jai +["2"] ["2"] ["2"] +["2"] ["0"] NULL +["2"] ["2"] ["2"] +DROP TABLE t1; # End of 11.4 Test +# +# MDEV-38702 Behaviour of IF() with boolean JSON_EXTRACT as expression is wrong +# +SELECT JSON_TYPE(JSON_EXTRACT(x.val, '$.booleanValue')) AS json_type, +JSON_EXTRACT(x.val, '$.booleanValue') AS value, +IF(JSON_EXTRACT(x.val, '$.booleanValue'), 1, 0) AS value_if, +JSON_EXTRACT(x.val, '$.booleanValue') = true AS value_eq +FROM (SELECT '{"booleanValue": true}' AS val UNION ALL SELECT '{"booleanValue": false}' AS val ) AS x; +json_type value value_if value_eq +BOOLEAN true 1 1 +BOOLEAN false 0 0 +# +# MDEV-39135 JSON_OBJECTAGG(NULL) in decimal context +# +create table t0(c0 boolean); +insert t0 values (false); +select 1 ^ json_objectagg(NULL, 'a') from t0; +1 ^ json_objectagg(NULL, 'a') +NULL +drop table t0; +# End of 11.8 Test diff -Nru mariadb-11.8.6/mysql-test/main/func_json.test mariadb-11.8.8/mysql-test/main/func_json.test --- mariadb-11.8.6/mysql-test/main/func_json.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_json.test 2026-05-24 09:58:30.000000000 +0000 @@ -1226,8 +1226,41 @@ select null<=>json_extract('1',json_object(null,'{ }',null,null),'{}'); +--echo # +--echo # MDEV-39213: json range syntax crash +--echo # + +SELECT JSON_EXISTS(CONCAT('[', REPEAT('[', 4000), 'Y', REPEAT(']', 4000), ', 1]'), '$[100]') as ex; + +--echo # +--echo # MDEV-35548 UBSAN: runtime error: index -1 out of bounds for type 'json_path_step_t[32]' +--echo # (aka 'struct st_json_path_step_t[32]') +--echo # + +SELECT JSON_EXTRACT('{a:true}','$.a')=TRUE; +SELECT JSON_EXTRACT('0E+0','$'); + +SELECT JSON_EXISTS(CONCAT('[', REPEAT('[', 4000), 'Y', REPEAT(']', 4000), ', 1]'), '$[100]') as je; + --echo # End of 10.6 tests +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('["a",1]', '$') AS j) AS t; + +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('{"key":"value"}', '$') AS j) AS t; + +# Multi-path extraction through derived table +SELECT json_extract(t.j, '$[0]', '$[1]') +FROM (SELECT json_extract('[{"a":1},{"b":2},{"c":3}]', '$') AS j) AS t; + +# UTF-8 content through derived table +SELECT json_extract(t.j, '$') +FROM (SELECT json_extract('{"name":"Ä Ö Ü ß","city":"München"}', '$') AS j) AS t; + +SELECT json_extract(t.j, '$.name') +FROM (SELECT json_extract('{"name":"日本語テスト","val":[1,2]}', '$') AS j) AS t; + --echo # --echo # MDEV-35614 JSON_UNQUOTE doesn't work with emojis --echo # @@ -2016,6 +2049,56 @@ SELECT JSON_VALUE('{"a":[1,2]}', '$.a[*]'); +--echo # +--echo # MDEV-37640: Crash at String::append with json_normalize +--echo # + +SELECT ( WITH x AS ( WITH x AS ( SELECT 1.000000 ) SELECT ( REPEAT ( ( json_normalize ( ' -1' ) ) , 357 ) ) x ) SELECT x FROM x WHERE x IN ( x , x ) ) x; + +--echo # +--echo # MDEV-37640: Crash in JSON_KEYS +--echo # + +SELECT JSON_SET('{"c":4}', '$.a', 5) AS x HAVING (x IN (JSON_KEYS(x), ',')); + +--echo # +--echo # MDEV-38264 Assertion in json_find_path() fails after computing +--echo # array size of invalid json structure +--echo # + +SELECT JSON_QUERY('{ "A": [0,] }', '$.A[-1]'); +SELECT JSON_VALUE('{ "A": [0,] }', '$.A[-1]'); +SELECT JSON_VALUE('{ "A": [5,] }', '$.A[-2]'); +SELECT JSON_VALUE('{ "A": [5] }', '$.A[-2]'); +SELECT JSON_LENGTH('{ "A": [0,] }', '$.A'); +SELECT JSON_VALID('{ "A": [0,] }'); + +--echo # +--echo # MDEV-38264 Assertion in json_find_path() fails after computing +--echo # array size of invalid json structure +--echo # + +SELECT JSON_QUERY('{ "A": [0,] }', '$.A[-1]'); +SELECT JSON_VALUE('{ "A": [0,] }', '$.A[-1]'); +SELECT JSON_VALUE('{ "A": [5,] }', '$.A[-2]'); +SELECT JSON_VALUE('{ "A": [5] }', '$.A[-2]'); +SELECT JSON_LENGTH('{ "A": [0,] }', '$.A'); +SELECT JSON_VALID('{ "A": [0,] }'); + +--echo # +--echo # MDEV-35548 UBSAN: runtime error: index -1 out of bounds for type 'json_path_step_t[32]' +--echo # (aka 'struct st_json_path_step_t[32]') +--echo # + +SELECT JSON_EXTRACT('{a:true}','$.a')=TRUE; +SELECT JSON_EXTRACT('0E+0','$'); + +--echo # +--echo # MDEV-26814: UBSAN: offset to nullptr in JSON_ARRAY_INSERT +--echo # + +SELECT JSON_ARRAY_INSERT (0,NULL,1) as j; + --echo # End of 10.11 Test --echo # @@ -4241,4 +4324,34 @@ --echo # select json_schema_valid('{"enum":[0]}', sformat('"{:#>200}"','0')); +--echo # +--echo # MDEV-36808 json_array_intersect incorrect results after returning NULL in table scan +--echo # + +CREATE TABLE t1 (full text, overlap text); +INSERT INTO t1 VALUES ('["2"]', '["2"]'), ('["2"]', '["0"]'), ('["2"]', '["2"]'); + +SELECT full, overlap, json_array_intersect(full, overlap) as jai from t1; + +DROP TABLE t1; + --echo # End of 11.4 Test + +--echo # +--echo # MDEV-38702 Behaviour of IF() with boolean JSON_EXTRACT as expression is wrong +--echo # +SELECT JSON_TYPE(JSON_EXTRACT(x.val, '$.booleanValue')) AS json_type, + JSON_EXTRACT(x.val, '$.booleanValue') AS value, + IF(JSON_EXTRACT(x.val, '$.booleanValue'), 1, 0) AS value_if, + JSON_EXTRACT(x.val, '$.booleanValue') = true AS value_eq +FROM (SELECT '{"booleanValue": true}' AS val UNION ALL SELECT '{"booleanValue": false}' AS val ) AS x; + +--echo # +--echo # MDEV-39135 JSON_OBJECTAGG(NULL) in decimal context +--echo # +create table t0(c0 boolean); +insert t0 values (false); +select 1 ^ json_objectagg(NULL, 'a') from t0; +drop table t0; + +--echo # End of 11.8 Test diff -Nru mariadb-11.8.6/mysql-test/main/func_json_notembedded.result mariadb-11.8.8/mysql-test/main/func_json_notembedded.result --- mariadb-11.8.6/mysql-test/main/func_json_notembedded.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_json_notembedded.result 2026-05-24 09:58:30.000000000 +0000 @@ -3,7 +3,7 @@ # # MDEV-24909 JSON functions don't respect KILL QUERY / max_statement_time limit # -set group_concat_max_len= 4294967295; +set group_concat_max_len= 1000000000; set @obj=concat_ws('','{', repeat('"a":"b",', 1250000/2), '"c":"d"}'); set @arr=concat_ws('','[', repeat('1234567,', 1250000/2), '2345678]'); select length(@obj), length(@arr); diff -Nru mariadb-11.8.6/mysql-test/main/func_json_notembedded.test mariadb-11.8.8/mysql-test/main/func_json_notembedded.test --- mariadb-11.8.6/mysql-test/main/func_json_notembedded.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_json_notembedded.test 2026-05-24 09:58:30.000000000 +0000 @@ -9,7 +9,7 @@ --echo # --echo # MDEV-24909 JSON functions don't respect KILL QUERY / max_statement_time limit --echo # -set group_concat_max_len= 4294967295; +set group_concat_max_len= 1000000000; set @obj=concat_ws('','{', repeat('"a":"b",', 1250000/2), '"c":"d"}'); set @arr=concat_ws('','[', repeat('1234567,', 1250000/2), '2345678]'); diff -Nru mariadb-11.8.6/mysql-test/main/func_math.result mariadb-11.8.8/mysql-test/main/func_math.result --- mariadb-11.8.6/mysql-test/main/func_math.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_math.result 2026-05-24 09:58:30.000000000 +0000 @@ -3739,3 +3739,246 @@ -1 set sql_mode=default; # End of 10.5 tests +# +# MDEV-38670 Minus string is converted to -0 +# +# +# Constant folding +# +SELECT -(1e0-1e0); +-(1e0-1e0) +0 +SELECT -(0e0-0e0); +-(0e0-0e0) +0 +SELECT -(ROUND(0.4-0.4)); +-(ROUND(0.4-0.4)) +0 +SELECT -((1e0*0e0)); +-((1e0*0e0)) +0 +# Testing arithmetic operations with signed zero +SELECT -0e1 + 0e1; +-0e1 + 0e1 +0 +SELECT 0e1 + -0e1; +0e1 + -0e1 +0 +SELECT -0e1 + -0e1; +-0e1 + -0e1 +0 +SELECT -0e1 - 0e1; +-0e1 - 0e1 +0 +SELECT 0e1 - ''; +0e1 - '' +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT -0e1/1e1; +-0e1/1e1 +0 +SELECT -0e1/1e0; +-0e1/1e0 +0 +SELECT 1e1 * -0e1; +1e1 * -0e1 +0 +SELECT 0e0*-1e0; +0e0*-1e0 +0 +SELECT -''; +-'' +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT -''/1e1; +-''/1e1 +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT ABS(-0e1); +ABS(-0e1) +0 +SELECT ABS(-''); +ABS(-'') +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT -0e1 % 1e1; +-0e1 % 1e1 +0 +SELECT -'' % 1e1; +-'' % 1e1 +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +# +# Rounding functions must not produce negative zero +# +SELECT ROUND(-0.4); +ROUND(-0.4) +0 +SELECT ROUND(-0.1); +ROUND(-0.1) +0 +SELECT TRUNCATE(-0.1,0); +TRUNCATE(-0.1,0) +0 +SELECT CEILING(-0.1); +CEILING(-0.1) +0 +SELECT SIGN(ROUND(-0.4)); +SIGN(ROUND(-0.4)) +0 +SELECT SIGN(ROUND(-0.1)); +SIGN(ROUND(-0.1)) +0 +SELECT SIGN(TRUNCATE(-0.1,0)); +SIGN(TRUNCATE(-0.1,0)) +0 +SELECT SIGN(CEILING(-0.1)); +SIGN(CEILING(-0.1)) +0 +# +# Passthrough functions must preserve signed zero +# +SELECT CONCAT(-''); +CONCAT(-'') +0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT CONCAT(0e1-0e1); +CONCAT(0e1-0e1) +0 +SELECT CONCAT(ROUND(-0.4)); +CONCAT(ROUND(-0.4)) +0 +SELECT CONCAT(TRUNCATE(-0.9,0)); +CONCAT(TRUNCATE(-0.9,0)) +0 +# +# Aggregate functions +# +SELECT SUM(0e1*-1e1); +SUM(0e1*-1e1) +0 +SELECT AVG(0e1*-1e1); +AVG(0e1*-1e1) +0 +SELECT MIN(0e1*-1e1); +MIN(0e1*-1e1) +0 +SELECT MAX(0e1*-1e1); +MAX(0e1*-1e1) +0 +SELECT CONCAT(SUM(0e1*-1e1)); +CONCAT(SUM(0e1*-1e1)) +0 +SELECT CONCAT(AVG(0e1*-1e1)); +CONCAT(AVG(0e1*-1e1)) +0 +# +# Grouping and distinct behavior +# +CREATE TABLE t_signed_zero (a DOUBLE); +INSERT INTO t_signed_zero VALUES (-0e1),(0e1); +SELECT COUNT(DISTINCT a) FROM t_signed_zero; +COUNT(DISTINCT a) +1 +SELECT a,COUNT(*) FROM t_signed_zero GROUP BY a; +a COUNT(*) +0 2 +DROP TABLE t_signed_zero; +# Testing comparison functions with signed zero +SELECT CASE WHEN -0e1=0e1 THEN 1.0 ELSE 0.0 END; +CASE WHEN -0e1=0e1 THEN 1.0 ELSE 0.0 END +1.0 +SELECT CASE WHEN -''=0e1 THEN 1.0 ELSE 0.0 END; +CASE WHEN -''=0e1 THEN 1.0 ELSE 0.0 END +1.0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT CASE WHEN -''=-0e1 THEN 1.0 ELSE 0.0 END; +CASE WHEN -''=-0e1 THEN 1.0 ELSE 0.0 END +1.0 +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: '' +SELECT CASE WHEN 0e0*-1e0=0e1 THEN 1.0 ELSE 0.0 END; +CASE WHEN 0e0*-1e0=0e1 THEN 1.0 ELSE 0.0 END +1.0 +CREATE TABLE t_signed_zero (a DOUBLE); +INSERT INTO t_signed_zero VALUES (0e0*-1e0); +SELECT CONCAT(a) FROM t_signed_zero; +CONCAT(a) +0 +DROP TABLE t_signed_zero; +# +# Temporary table materialization +# +SELECT CONCAT(a) FROM (SELECT 0e0*-1e0 AS a) t; +CONCAT(a) +0 +SELECT CONCAT(a) FROM (SELECT ROUND(-0.4) AS a) t; +CONCAT(a) +0 +SELECT CONCAT(a) FROM (SELECT -(1e0-1e0) AS a) t; +CONCAT(a) +0 +# +# Prepared statements +# +PREPARE s FROM 'SELECT CONCAT(-(1e0-1e0))'; +EXECUTE s; +CONCAT(-(1e0-1e0)) +0 +DEALLOCATE PREPARE s; +PREPARE s FROM 'SELECT CONCAT(ROUND(-0.4))'; +EXECUTE s; +CONCAT(ROUND(-0.4)) +0 +DEALLOCATE PREPARE s; +# +# CASE arithmetic mix +# +SELECT CONCAT(CASE WHEN 1 THEN 0e0*-1e0 END); +CONCAT(CASE WHEN 1 THEN 0e0*-1e0 END) +0 +SELECT CONCAT(CASE WHEN 0 THEN 1 ELSE 0e0*-1e0 END); +CONCAT(CASE WHEN 0 THEN 1 ELSE 0e0*-1e0 END) +0 +SELECT CONCAT(CASE WHEN 1 THEN -(1e0-1e0) END); +CONCAT(CASE WHEN 1 THEN -(1e0-1e0) END) +0 +# +# UNION handling +# +SELECT CONCAT(0e0*-1e0) +UNION ALL +SELECT CONCAT(-(1e0-1e0)); +CONCAT(0e0*-1e0) +0 +0 +SELECT CONCAT(ROUND(-0.4)) +UNION +SELECT CONCAT(TRUNCATE(-0.1,0)); +CONCAT(ROUND(-0.4)) +0 +# +# String conversion edge cases +# +SELECT SIGN(-'0'); +SIGN(-'0') +0 +SELECT SIGN(-'0.0'); +SIGN(-'0.0') +0 +SELECT SIGN(-'00'); +SIGN(-'00') +0 +SELECT SIGN(-' 0 '); +SIGN(-' 0 ') +0 +Warnings: +Note 1292 Truncated incorrect DOUBLE value: ' 0 ' +# End of 13 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_math.test mariadb-11.8.8/mysql-test/main/func_math.test --- mariadb-11.8.6/mysql-test/main/func_math.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_math.test 2026-05-24 09:58:30.000000000 +0000 @@ -1998,3 +1998,160 @@ set sql_mode=default; --echo # End of 10.5 tests + +--echo # +--echo # MDEV-38670 Minus string is converted to -0 +--echo # + +--source include/have_innodb.inc + +--echo # +--echo # Constant folding +--echo # + +SELECT -(1e0-1e0); +SELECT -(0e0-0e0); +SELECT -(ROUND(0.4-0.4)); +SELECT -((1e0*0e0)); + + +# Test arithmetic operations +--echo # Testing arithmetic operations with signed zero + +SELECT -0e1 + 0e1; +SELECT 0e1 + -0e1; +SELECT -0e1 + -0e1; + +SELECT -0e1 - 0e1; +SELECT 0e1 - ''; +SELECT -0e1/1e1; +SELECT -0e1/1e0; +SELECT 1e1 * -0e1; +SELECT 0e0*-1e0; +SELECT -''; +SELECT -''/1e1; + + + +SELECT ABS(-0e1); +SELECT ABS(-''); + + +SELECT -0e1 % 1e1; +SELECT -'' % 1e1; + + +--echo # +--echo # Rounding functions must not produce negative zero +--echo # + +SELECT ROUND(-0.4); +SELECT ROUND(-0.1); +SELECT TRUNCATE(-0.1,0); +SELECT CEILING(-0.1); + +SELECT SIGN(ROUND(-0.4)); +SELECT SIGN(ROUND(-0.1)); +SELECT SIGN(TRUNCATE(-0.1,0)); +SELECT SIGN(CEILING(-0.1)); + +--echo # +--echo # Passthrough functions must preserve signed zero +--echo # + +SELECT CONCAT(-''); +SELECT CONCAT(0e1-0e1); +SELECT CONCAT(ROUND(-0.4)); +SELECT CONCAT(TRUNCATE(-0.9,0)); + +--echo # +--echo # Aggregate functions +--echo # + +SELECT SUM(0e1*-1e1); +SELECT AVG(0e1*-1e1); +SELECT MIN(0e1*-1e1); +SELECT MAX(0e1*-1e1); +SELECT CONCAT(SUM(0e1*-1e1)); +SELECT CONCAT(AVG(0e1*-1e1)); + +--echo # +--echo # Grouping and distinct behavior +--echo # + +CREATE TABLE t_signed_zero (a DOUBLE); +INSERT INTO t_signed_zero VALUES (-0e1),(0e1); + +SELECT COUNT(DISTINCT a) FROM t_signed_zero; +SELECT a,COUNT(*) FROM t_signed_zero GROUP BY a; + +DROP TABLE t_signed_zero; + + +# Test comparison functions +--echo # Testing comparison functions with signed zero + +SELECT CASE WHEN -0e1=0e1 THEN 1.0 ELSE 0.0 END; +SELECT CASE WHEN -''=0e1 THEN 1.0 ELSE 0.0 END; +SELECT CASE WHEN -''=-0e1 THEN 1.0 ELSE 0.0 END; +SELECT CASE WHEN 0e0*-1e0=0e1 THEN 1.0 ELSE 0.0 END; + +CREATE TABLE t_signed_zero (a DOUBLE); + +INSERT INTO t_signed_zero VALUES (0e0*-1e0); +SELECT CONCAT(a) FROM t_signed_zero; + +DROP TABLE t_signed_zero; + +--echo # +--echo # Temporary table materialization +--echo # + +SELECT CONCAT(a) FROM (SELECT 0e0*-1e0 AS a) t; +SELECT CONCAT(a) FROM (SELECT ROUND(-0.4) AS a) t; +SELECT CONCAT(a) FROM (SELECT -(1e0-1e0) AS a) t; + + +--echo # +--echo # Prepared statements +--echo # + +PREPARE s FROM 'SELECT CONCAT(-(1e0-1e0))'; +EXECUTE s; +DEALLOCATE PREPARE s; + +PREPARE s FROM 'SELECT CONCAT(ROUND(-0.4))'; +EXECUTE s; +DEALLOCATE PREPARE s; + +--echo # +--echo # CASE arithmetic mix +--echo # + +SELECT CONCAT(CASE WHEN 1 THEN 0e0*-1e0 END); +SELECT CONCAT(CASE WHEN 0 THEN 1 ELSE 0e0*-1e0 END); +SELECT CONCAT(CASE WHEN 1 THEN -(1e0-1e0) END); + +--echo # +--echo # UNION handling +--echo # + +SELECT CONCAT(0e0*-1e0) +UNION ALL +SELECT CONCAT(-(1e0-1e0)); + +SELECT CONCAT(ROUND(-0.4)) +UNION +SELECT CONCAT(TRUNCATE(-0.1,0)); + + +--echo # +--echo # String conversion edge cases +--echo # + +SELECT SIGN(-'0'); +SELECT SIGN(-'0.0'); +SELECT SIGN(-'00'); +SELECT SIGN(-' 0 '); + +--echo # End of 13 tests diff -Nru mariadb-11.8.6/mysql-test/main/func_str.result mariadb-11.8.8/mysql-test/main/func_str.result --- mariadb-11.8.6/mysql-test/main/func_str.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_str.result 2026-05-24 09:58:30.000000000 +0000 @@ -5422,6 +5422,15 @@ NULL Warnings: Warning 1301 Result of hex() was larger than max_allowed_packet (16777216) - truncated +# +# MDEV-32758: TRIM uses memory after freed +# +CREATE TABLE t0 (i DOUBLE); +INSERT INTO t0 VALUES (1); +SELECT LOCATE(a , 'data1-data2', a) AS c FROM (SELECT TRIM(i) AS a FROM t0 )dt; +c +5 +DROP TABLE t0; # End of 10.6 tests # # MDEV-25704 Function random_bytes @@ -5650,6 +5659,44 @@ cast(make_set(3, cast(c1 as binary), 0) as char) 9067,0 drop table t1; +# +# MDEV-39111 The query returns an incorrect value when using LPAD and REPLACE +# +create table t0 (c0 decimal(10,0)); +insert into t0 values (-1453243642), (0); +select c0 from t0 +where (lpad('0', c0 + 1, '1') or replace(cast(false as char), false, c0)) +and not (lpad('0', c0 + 1, '1') or replace(cast(false as char), false, c0)); +c0 +drop table t0; +# +# MDEV-39112 The query returns incorrect results when using LPAD +# +create table t0 (c0 text); +insert into t0 values ('1'),('foo'); +select c0 from t0 where lpad('123', 2-c0, c0); +c0 +1 +foo +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: 'foo' +select c0 from t0 where rpad('123', 2-c0, c0); +c0 +1 +foo +Warnings: +Warning 1292 Truncated incorrect DOUBLE value: 'foo' +drop table t0; +# +# MDEV-39235 Incorrect result with LEFT JOIN and QUOTE +# +create table t1 (a int, b int); +insert t1 values (1,1),(2,3); +select * from t1 left join t1 t2 on (t1.a=t2.b) where quote(t2.b)>''; +a b a b +1 1 1 1 +2 3 NULL NULL +drop table t1; # End of 10.11 tests # # MDEV-9069 extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm diff -Nru mariadb-11.8.6/mysql-test/main/func_str.test mariadb-11.8.8/mysql-test/main/func_str.test --- mariadb-11.8.6/mysql-test/main/func_str.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/func_str.test 2026-05-24 09:58:30.000000000 +0000 @@ -2455,6 +2455,15 @@ --echo # select hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex(hex('\\'))))))))))))))))))))))))))))))))))))))))))))) as x; +--echo # +--echo # MDEV-32758: TRIM uses memory after freed +--echo # +CREATE TABLE t0 (i DOUBLE); +INSERT INTO t0 VALUES (1); +SELECT LOCATE(a , 'data1-data2', a) AS c FROM (SELECT TRIM(i) AS a FROM t0 )dt; + +DROP TABLE t0; + --echo # End of 10.6 tests --echo # @@ -2599,6 +2608,34 @@ select cast(make_set(3, cast(c1 as binary), 0) as char) from t1; drop table t1; +--echo # +--echo # MDEV-39111 The query returns an incorrect value when using LPAD and REPLACE +--echo # + +create table t0 (c0 decimal(10,0)); +insert into t0 values (-1453243642), (0); +select c0 from t0 +where (lpad('0', c0 + 1, '1') or replace(cast(false as char), false, c0)) +and not (lpad('0', c0 + 1, '1') or replace(cast(false as char), false, c0)); +drop table t0; + +--echo # +--echo # MDEV-39112 The query returns incorrect results when using LPAD +--echo # +create table t0 (c0 text); +insert into t0 values ('1'),('foo'); +select c0 from t0 where lpad('123', 2-c0, c0); +select c0 from t0 where rpad('123', 2-c0, c0); +drop table t0; + +--echo # +--echo # MDEV-39235 Incorrect result with LEFT JOIN and QUOTE +--echo # +create table t1 (a int, b int); +insert t1 values (1,1),(2,3); +select * from t1 left join t1 t2 on (t1.a=t2.b) where quote(t2.b)>''; +drop table t1; + --echo # End of 10.11 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/main/gis-json.result mariadb-11.8.8/mysql-test/main/gis-json.result --- mariadb-11.8.6/mysql-test/main/gis-json.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-json.result 2026-05-24 09:58:30.000000000 +0000 @@ -123,3 +123,22 @@ # # End of 10.2 tests # +# +# MDEV-34079: ST_AsGeoJSON returns incorrect value for empty geometry +# +SELECT ST_AsGeoJSON(GeomFromText('GeometryCollection EMPTY')); +ST_AsGeoJSON(GeomFromText('GeometryCollection EMPTY')) +{"type": "GeometryCollection", "geometries": []} +SELECT ST_AsGeoJSON(ST_DIFFERENCE(POINT(0,0), POINT(0,0))); +ST_AsGeoJSON(ST_DIFFERENCE(POINT(0,0), POINT(0,0))) +{"type": "GeometryCollection", "geometries": []} +SELECT ST_AsGeoJSON(GeomFromText('MultiPoint EMPTY')); +ST_AsGeoJSON(GeomFromText('MultiPoint EMPTY')) +NULL +SELECT ST_AsGeoJSON(GeomFromText('MultiLineString EMPTY')); +ST_AsGeoJSON(GeomFromText('MultiLineString EMPTY')) +NULL +SELECT ST_AsGeoJSON(GeomFromText('MultiPolygon EMPTY')); +ST_AsGeoJSON(GeomFromText('MultiPolygon EMPTY')) +NULL +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/gis-json.test mariadb-11.8.8/mysql-test/main/gis-json.test --- mariadb-11.8.6/mysql-test/main/gis-json.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-json.test 2026-05-24 09:58:30.000000000 +0000 @@ -58,3 +58,14 @@ --echo # --echo # End of 10.2 tests --echo # +--echo # +--echo # MDEV-34079: ST_AsGeoJSON returns incorrect value for empty geometry +--echo # + +SELECT ST_AsGeoJSON(GeomFromText('GeometryCollection EMPTY')); +SELECT ST_AsGeoJSON(ST_DIFFERENCE(POINT(0,0), POINT(0,0))); +SELECT ST_AsGeoJSON(GeomFromText('MultiPoint EMPTY')); +SELECT ST_AsGeoJSON(GeomFromText('MultiLineString EMPTY')); +SELECT ST_AsGeoJSON(GeomFromText('MultiPolygon EMPTY')); + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/gis-precise.result mariadb-11.8.8/mysql-test/main/gis-precise.result --- mariadb-11.8.6/mysql-test/main/gis-precise.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-precise.result 2026-05-24 09:58:30.000000000 +0000 @@ -389,7 +389,7 @@ MULTIPOINT(7 5,7 5.142857142857142,5.899999999999998 5.300000000000001,5.799999999999997 5.600000000000001,3 7) SELECT ST_CROSSES( GEOMETRYFROMTEXT(' POLYGON( (3 5, 2 4, 2 5, 3 5) ) ') , POLYGONFROMTEXT(' POLYGON((2 4,3 4,3 5,2 5,2 4)) ')) as result; result -0 +NULL SELECT ST_WITHIN( POLYGONFROMTEXT(' POLYGON( (0 5, 3 5, 3 4, 2 0 , 1 0, 2 4 , 0 4, 0 5) ) ') , POLYGONFROMTEXT(' POLYGON( (0 5, 3 5, 3 4, 1 4 , 1 3 , 3 3 , 3 0 , 0 0 , 0 5), ( 1 1 , 2 1 , 2 2 , 1 2 , 1 1 ) ) ') ) as result; result 0 @@ -868,3 +868,15 @@ ST_MULTIPOLYGONFROMTEXT(' MULTIPOLYGON(((3.8571428571428568 2.857142857142857,5.571428571428571 4.571428571428571,9 4,3.8571428571428568 2.857142857142857)),((4.5 4.75,3 5,4.6 7.4,6 6,4.5 4.75))) '), ST_MULTIPOLYGONFROMTEXT(' MULTIPOLYGON(((3 4,3 5,2 5,2 7,5 4,3 4),(5 4,7.4 7,8 7,8 4,5 4))) ') )) as V; V 3 +# +# MDEV-36058 ST_CROSSES returns 0 instead of NULL. +# +SELECT ST_CROSSES( ST_GEOMFROMTEXT('point(1 1)'), st_geomfromtext('point(1 1)') ) a; +a +NULL +SELECT ST_CROSSES( ST_GEOMFROMTEXT('POLYGON ((59 18,67 18,67 13,59 13,59 18)) '), st_geomfromtext('polygon((2 2,2 4, 4 2,2 2))') ) a; +a +NULL +SELECT ST_CROSSES( ST_GEOMFROMTEXT('POLYGON ((59 18,67 18,67 13,59 13,59 18)) '), st_geomfromtext('point(1 1)') ) a; +a +NULL diff -Nru mariadb-11.8.6/mysql-test/main/gis-precise.test mariadb-11.8.8/mysql-test/main/gis-precise.test --- mariadb-11.8.6/mysql-test/main/gis-precise.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-precise.test 2026-05-24 09:58:30.000000000 +0000 @@ -477,7 +477,6 @@ SELECT TRUNCATE(ST_Distance_Sphere(@zenica, @sarajevo), 10); SELECT TRUNCATE(ST_Distance_Sphere(@sarajevo, @zenica), 10); - --echo # --echo # MDEV-31499 Assertion `(0)' failed in Gis_geometry_collection::init_from_opresult. --echo # @@ -486,3 +485,12 @@ ST_INTERSECTION( ST_MULTIPOLYGONFROMTEXT(' MULTIPOLYGON(((3.8571428571428568 2.857142857142857,5.571428571428571 4.571428571428571,9 4,3.8571428571428568 2.857142857142857)),((4.5 4.75,3 5,4.6 7.4,6 6,4.5 4.75))) '), ST_MULTIPOLYGONFROMTEXT(' MULTIPOLYGON(((3 4,3 5,2 5,2 7,5 4,3 4),(5 4,7.4 7,8 7,8 4,5 4))) ') )) as V; +--echo # +--echo # MDEV-36058 ST_CROSSES returns 0 instead of NULL. +--echo # + + +SELECT ST_CROSSES( ST_GEOMFROMTEXT('point(1 1)'), st_geomfromtext('point(1 1)') ) a; +SELECT ST_CROSSES( ST_GEOMFROMTEXT('POLYGON ((59 18,67 18,67 13,59 13,59 18)) '), st_geomfromtext('polygon((2 2,2 4, 4 2,2 2))') ) a; +SELECT ST_CROSSES( ST_GEOMFROMTEXT('POLYGON ((59 18,67 18,67 13,59 13,59 18)) '), st_geomfromtext('point(1 1)') ) a; + diff -Nru mariadb-11.8.6/mysql-test/main/gis-rtree.result mariadb-11.8.8/mysql-test/main/gis-rtree.result --- mariadb-11.8.6/mysql-test/main/gis-rtree.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-rtree.result 2026-05-24 09:58:30.000000000 +0000 @@ -826,7 +826,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL, SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 -66.8158332999, -18.7186111000 -66.8102777000, -18.7211111000 -66.9269443999, @@ -840,7 +840,7 @@ test.t1 check status OK drop table t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -854,7 +854,7 @@ test.t1 check status OK DROP TABLE t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/main/gis-rtree.test mariadb-11.8.8/mysql-test/main/gis-rtree.test --- mariadb-11.8.6/mysql-test/main/gis-rtree.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis-rtree.test 2026-05-24 09:58:30.000000000 +0000 @@ -199,7 +199,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL, SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 @@ -218,7 +218,7 @@ # Bug#17877 - Corrupted spatial index # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -232,7 +232,7 @@ DROP TABLE t1; # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/main/gis.result mariadb-11.8.8/mysql-test/main/gis.result --- mariadb-11.8.6/mysql-test/main/gis.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis.result 2026-05-24 09:58:30.000000000 +0000 @@ -613,7 +613,7 @@ ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t1; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default '') ENGINE=MyISAM ; +geometry NOT NULL) ENGINE=MyISAM ; insert into t1 values ('85984',GeomFromText('MULTIPOLYGON(((-115.006363 36.305435,-114.992394 36.305202,-114.991219 36.305975,-114.991163 36.306845,-114.989432 36.309452,-114.978275 36.312642,-114.977363 @@ -1816,7 +1816,7 @@ # SELECT ST_GEOMETRYTYPE(ST_PointOnSurface(ST_PolyFromText('POLYGON((-70.916 42.1002,-70.9468 42.0946,-70.9754 42.0875,-70.9749 42.0879,-70.9759 42.0897,-70.916 42.1002))'))) as exp; exp -NULL +POINT # # MDEV-7529 GIS: ST_Relate returns unexpected results for POINT relations # @@ -5499,6 +5499,101 @@ ERROR HY000: Calling geometry function st_distance_sphere with unsupported types of arguments. # End of 10.5 tests # +# MDEV-35766 ST_PointOnSurface returns NULL with Polygon in some case. +# +SELECT ST_ASTEXT(ST_POINTONSURFACE(ST_GeomFromText('POLYGON((-1 0, 1 2, 1 0, -1 0))'))) as T; +T +POINT(0.5 1) +# +# MDEV-39279 ASAN error on malformed WKB +# +SELECT ST_NumPoints(x'000000000102000000'); +ST_NumPoints(x'000000000102000000') +NULL +SELECT ST_NumGeometries(x'000000000104000000'); +ST_NumGeometries(x'000000000104000000') +NULL +SELECT ST_NumGeometries(x'000000000105000000'); +ST_NumGeometries(x'000000000105000000') +NULL +SELECT ST_NumGeometries(x'000000000106000000'); +ST_NumGeometries(x'000000000106000000') +NULL +# +# MDEV-39319 crash with ST_GeomFromGeoJSON(, NULL) +# +create table t1 (a int); +insert t1 values (1),(NULL),(NULL),(2); +select hex(st_geometryfromtext('point(1 1)', a)) x from t1; +x +010000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +020000000101000000000000000000F03F000000000000F03F +select hex(st_geometryfromwkb(st_aswkb(st_geometryfromtext('point(1 1)')), a)) x from t1; +x +010000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +020000000101000000000000000000F03F000000000000F03F +select hex(st_geometryfromwkb(x'0101000000000000000000f03f000000000000f03f', a)) x from t1; +x +010000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +020000000101000000000000000000F03F000000000000F03F +select hex(st_geomfromgeojson('{"type":"Point","coordinates":[1,1]}', a)) x from t1; +x +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +select hex(st_geomfromgeojson('{"type":"Point","coordinates":[1,1]}', 1, a)) x from t1; +x +010000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +000000000101000000000000000000F03F000000000000F03F +020000000101000000000000000000F03F000000000000F03F +drop table t1; +# +# MDEV-15479 Empty string is erroneously allowed as a GEOMETRY column value. +# +set @orig_sql_mode = @@sql_mode; +set sql_mode=""; +CREATE TABLE t1 (id INT, a GEOMETRY); +INSERT INTO t1 VALUES (10,''); +ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field +set sql_mode="STRICT_ALL_TABLES"; +INSERT INTO t1 VALUES (10,''); +ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field +DROP TABLE t1; +set sql_mode= @orig_sql_mode; +# +# MDEV-39481 ASAN error on malformed WKB polygon +# +select st_astext(st_geomfromwkb(x'0103000000020000000400000000000000000000000000000000000000000000000000f03f0000000000000000000000000000f03f000000000000f03f0000000000000000000000000000000005000000000000000000e03f000000000000e03f')) 'no asan error here'; +no asan error here +NULL +SELECT ST_GeomFromWKB(x'0103000000020000000400000000000000000000000000000000000000000000000000F03F0000000000000000000000000000F03F000000000000F03F0000000000000000000000000000000001000000') IS NOT NULL AS pg; +pg +0 +SELECT ST_GeomFromWKB(x'01050000000200000001020000000200000000000000000000000000000000000000000000000000F03F000000000000F03F01020000000100000000000000000000') IS NOT NULL AS ml; +ml +0 +SELECT ST_GeomFromWKB(x'01060000000100000001030000000100000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') IS NOT NULL AS mp; +mp +0 +SELECT ST_GeomFromWKB(x'01070000000100000001070000000100000001070000000100000001020000000100000000000000') IS NOT NULL AS gc; +gc +0 +# +# MDEV-39657 ASAN error on malformed WKB point +# +SELECT HEX(ST_GeometryN(0x000000000107000000010000000101000000, 1)); +HEX(ST_GeometryN(0x000000000107000000010000000101000000, 1)) +NULL +# End of 10.6 tests +# # Start of 11.5 tests # # diff -Nru mariadb-11.8.6/mysql-test/main/gis.test mariadb-11.8.8/mysql-test/main/gis.test --- mariadb-11.8.6/mysql-test/main/gis.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/gis.test 2026-05-24 09:58:30.000000000 +0000 @@ -303,7 +303,7 @@ drop table t1; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default '') ENGINE=MyISAM ; +geometry NOT NULL) ENGINE=MyISAM ; insert into t1 values ('85984',GeomFromText('MULTIPOLYGON(((-115.006363 36.305435,-114.992394 36.305202,-114.991219 36.305975,-114.991163 @@ -3506,6 +3506,65 @@ --echo # End of 10.5 tests --echo # +--echo # MDEV-35766 ST_PointOnSurface returns NULL with Polygon in some case. +--echo # +SELECT ST_ASTEXT(ST_POINTONSURFACE(ST_GeomFromText('POLYGON((-1 0, 1 2, 1 0, -1 0))'))) as T; + +--echo # +--echo # MDEV-39279 ASAN error on malformed WKB +--echo # +SELECT ST_NumPoints(x'000000000102000000'); +SELECT ST_NumGeometries(x'000000000104000000'); +SELECT ST_NumGeometries(x'000000000105000000'); +SELECT ST_NumGeometries(x'000000000106000000'); + +--echo # +--echo # MDEV-39319 crash with ST_GeomFromGeoJSON(, NULL) +--echo # +create table t1 (a int); +insert t1 values (1),(NULL),(NULL),(2); +select hex(st_geometryfromtext('point(1 1)', a)) x from t1; +select hex(st_geometryfromwkb(st_aswkb(st_geometryfromtext('point(1 1)')), a)) x from t1; +select hex(st_geometryfromwkb(x'0101000000000000000000f03f000000000000f03f', a)) x from t1; +select hex(st_geomfromgeojson('{"type":"Point","coordinates":[1,1]}', a)) x from t1; +select hex(st_geomfromgeojson('{"type":"Point","coordinates":[1,1]}', 1, a)) x from t1; +drop table t1; + +--echo # +--echo # MDEV-15479 Empty string is erroneously allowed as a GEOMETRY column value. +--echo # + +set @orig_sql_mode = @@sql_mode; +set sql_mode=""; +CREATE TABLE t1 (id INT, a GEOMETRY); +--error ER_CANT_CREATE_GEOMETRY_OBJECT +INSERT INTO t1 VALUES (10,''); + +set sql_mode="STRICT_ALL_TABLES"; +--error ER_CANT_CREATE_GEOMETRY_OBJECT +INSERT INTO t1 VALUES (10,''); + +DROP TABLE t1; +set sql_mode= @orig_sql_mode; + +--echo # +--echo # MDEV-39481 ASAN error on malformed WKB polygon +--echo # +select st_astext(st_geomfromwkb(x'0103000000020000000400000000000000000000000000000000000000000000000000f03f0000000000000000000000000000f03f000000000000f03f0000000000000000000000000000000005000000000000000000e03f000000000000e03f')) 'no asan error here'; + +SELECT ST_GeomFromWKB(x'0103000000020000000400000000000000000000000000000000000000000000000000F03F0000000000000000000000000000F03F000000000000F03F0000000000000000000000000000000001000000') IS NOT NULL AS pg; +SELECT ST_GeomFromWKB(x'01050000000200000001020000000200000000000000000000000000000000000000000000000000F03F000000000000F03F01020000000100000000000000000000') IS NOT NULL AS ml; +SELECT ST_GeomFromWKB(x'01060000000100000001030000000100000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000') IS NOT NULL AS mp; +SELECT ST_GeomFromWKB(x'01070000000100000001070000000100000001070000000100000001020000000100000000000000') IS NOT NULL AS gc; + +--echo # +--echo # MDEV-39657 ASAN error on malformed WKB point +--echo # +SELECT HEX(ST_GeometryN(0x000000000107000000010000000101000000, 1)); + +--echo # End of 10.6 tests + +--echo # --echo # Start of 11.5 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/main/grant5.result mariadb-11.8.8/mysql-test/main/grant5.result --- mariadb-11.8.6/mysql-test/main/grant5.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/grant5.result 2026-05-24 09:58:30.000000000 +0000 @@ -475,3 +475,25 @@ CREATE USER foo@localhost IDENTIFIED VIA not_installed_plugin; ERROR HY000: Plugin 'not_installed_plugin' is not loaded # End of 10.5 tests +# +# MDEV-37256: The permission check of LOAD INDEX INTO CACHE and CACHE INDEX is broken +# +create table t1 (c int primary key); +insert t1 values (1),(2); +create user foo@localhost; +connect foo,localhost,foo; +use test; +ERROR 42000: Access denied for user 'foo'@'localhost' to database 'test' +cache index test.t1 in default; +ERROR 42000: CACHE INDEX command denied to user 'foo'@'localhost' for table `test`.`t1` +load index into cache test.t1 key (primary); +ERROR 42000: LOAD INDEX INTO CACHE command denied to user 'foo'@'localhost' for table `test`.`t1` +cache index test.t2 in default; +ERROR 42000: CACHE INDEX command denied to user 'foo'@'localhost' for table `test`.`t2` +load index into cache test.t2 key (i2); +ERROR 42000: LOAD INDEX INTO CACHE command denied to user 'foo'@'localhost' for table `test`.`t2` +disconnect foo; +connection default; +drop table t1; +drop user foo@localhost; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/grant5.test mariadb-11.8.8/mysql-test/main/grant5.test --- mariadb-11.8.6/mysql-test/main/grant5.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/grant5.test 2026-05-24 09:58:30.000000000 +0000 @@ -437,3 +437,29 @@ CREATE USER foo@localhost IDENTIFIED VIA not_installed_plugin; --echo # End of 10.5 tests + +--echo # +--echo # MDEV-37256: The permission check of LOAD INDEX INTO CACHE and CACHE INDEX is broken +--echo # +create table t1 (c int primary key); +insert t1 values (1),(2); +create user foo@localhost; +--connect foo,localhost,foo +--error ER_DBACCESS_DENIED_ERROR +use test; +--error ER_TABLEACCESS_DENIED_ERROR +cache index test.t1 in default; +--error ER_TABLEACCESS_DENIED_ERROR +load index into cache test.t1 key (primary); +--error ER_TABLEACCESS_DENIED_ERROR +# Check that the error for non-existing and existing tables are the same +cache index test.t2 in default; +--error ER_TABLEACCESS_DENIED_ERROR +load index into cache test.t2 key (i2); +--disconnect foo +--connection default +# Cleanup +drop table t1; +drop user foo@localhost; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/grant_server.result mariadb-11.8.8/mysql-test/main/grant_server.result --- mariadb-11.8.6/mysql-test/main/grant_server.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/grant_server.result 2026-05-24 09:58:30.000000000 +0000 @@ -69,3 +69,26 @@ # # End of 10.5 tests # +# +# MDEV-38601 SHOW CREATE SERVER does not require FEDERATED ADMIN +# +CREATE SERVER srv FOREIGN DATA WRAPPER mysql +OPTIONS (USER 'remote_user', HOST 'localhost', PASSWORD 'secret', DATABASE 'test2'); +CREATE USER user1@localhost IDENTIFIED BY ''; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE FEDERATED ADMIN ON *.* FROM user1@localhost; +connect con1,localhost,user1,,; +SHOW CREATE SERVER srv; +ERROR 42000: Access denied; you need (at least one of) the FEDERATED ADMIN privilege(s) for this operation +disconnect con1; +connection default; +GRANT FEDERATED ADMIN ON *.* TO user1@localhost; +connect con1,localhost,user1,,; +SHOW CREATE SERVER srv; +Server Create Server +srv CREATE SERVER `srv` FOREIGN DATA WRAPPER mysql OPTIONS (USER 'remote_user', HOST 'localhost', PASSWORD 'secret', DATABASE 'test2'); +disconnect con1; +connection default; +DROP SERVER srv; +DROP USER user1@localhost; +# End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/grant_server.test mariadb-11.8.8/mysql-test/main/grant_server.test --- mariadb-11.8.6/mysql-test/main/grant_server.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/grant_server.test 2026-05-24 09:58:30.000000000 +0000 @@ -80,3 +80,32 @@ --echo # --echo # End of 10.5 tests --echo # + +--echo # +--echo # MDEV-38601 SHOW CREATE SERVER does not require FEDERATED ADMIN +--echo # + +CREATE SERVER srv FOREIGN DATA WRAPPER mysql + OPTIONS (USER 'remote_user', HOST 'localhost', PASSWORD 'secret', DATABASE 'test2'); + +CREATE USER user1@localhost IDENTIFIED BY ''; +GRANT ALL PRIVILEGES ON *.* TO user1@localhost; +REVOKE FEDERATED ADMIN ON *.* FROM user1@localhost; + +connect (con1,localhost,user1,,); +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +SHOW CREATE SERVER srv; +disconnect con1; + +connection default; +GRANT FEDERATED ADMIN ON *.* TO user1@localhost; + +connect (con1,localhost,user1,,); +SHOW CREATE SERVER srv; +disconnect con1; + +connection default; +DROP SERVER srv; +DROP USER user1@localhost; + +--echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/group_by.test mariadb-11.8.8/mysql-test/main/group_by.test --- mariadb-11.8.6/mysql-test/main/group_by.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/group_by.test 2026-05-24 09:58:30.000000000 +0000 @@ -1791,6 +1791,7 @@ --echo # SET sql_mode='ONLY_FULL_GROUP_BY'; +--sorted_result SELECT 1 AS test UNION SELECT 2 AS test ORDER BY test IS NULL ASC; SET sql_mode=''; diff -Nru mariadb-11.8.6/mysql-test/main/having.result mariadb-11.8.8/mysql-test/main/having.result --- mariadb-11.8.6/mysql-test/main/having.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/having.result 2026-05-24 09:58:30.000000000 +0000 @@ -1020,3 +1020,27 @@ # # End of 10.11 tests # +# +# MDEV-38070 wrong resultset with having and or condition +# +CREATE TABLE t1 ( a int, PRIMARY KEY (a)) ; +INSERT INTO t1 values (3),(4),(5),(6),(7); +CREATE TABLE t2 (b int , c TIMESTAMP ); +INSERT INTO t2 VALUES (1,'2025-11-06 09:24:27'),(1,'2025-11-06 09:24:27'), +(2,'2025-11-06 09:24:27'),(2,'2025-11-06 09:24:27'),(3,'2025-11-06 09:24:27'), +(3,'2025-11-06 09:24:27'),(4,'2025-11-06 09:24:27'),(4,'2025-11-06 09:24:27'), +(5,'2025-11-06 09:24:27'),(5,'2025-11-06 09:24:27'),(6,'2025-11-06 09:24:27'), +(6,'2025-11-06 09:24:27'),(7,'2025-11-06 11:24:27'),(7,'2025-11-06 11:24:27'); +SELECT t1.a, tbl.b +FROM t1 +JOIN ( SELECT t2.b as id2, max(t2.c) AS b FROM t2 GROUP BY t2.b ) tbl +ON tbl.id2 = t1.a +GROUP BY t1.a +HAVING (tbl.b < '2025-11-06 10:40:00'); +a b +3 2025-11-06 09:24:27 +4 2025-11-06 09:24:27 +5 2025-11-06 09:24:27 +6 2025-11-06 09:24:27 +DROP TABLE t1, t2; +# End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/having.test mariadb-11.8.8/mysql-test/main/having.test --- mariadb-11.8.6/mysql-test/main/having.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/having.test 2026-05-24 09:58:30.000000000 +0000 @@ -1078,3 +1078,28 @@ --echo # --echo # End of 10.11 tests --echo # + +--echo # +--echo # MDEV-38070 wrong resultset with having and or condition +--echo # + +CREATE TABLE t1 ( a int, PRIMARY KEY (a)) ; +INSERT INTO t1 values (3),(4),(5),(6),(7); + +CREATE TABLE t2 (b int , c TIMESTAMP ); +INSERT INTO t2 VALUES (1,'2025-11-06 09:24:27'),(1,'2025-11-06 09:24:27'), +(2,'2025-11-06 09:24:27'),(2,'2025-11-06 09:24:27'),(3,'2025-11-06 09:24:27'), +(3,'2025-11-06 09:24:27'),(4,'2025-11-06 09:24:27'),(4,'2025-11-06 09:24:27'), +(5,'2025-11-06 09:24:27'),(5,'2025-11-06 09:24:27'),(6,'2025-11-06 09:24:27'), +(6,'2025-11-06 09:24:27'),(7,'2025-11-06 11:24:27'),(7,'2025-11-06 11:24:27'); + +SELECT t1.a, tbl.b + FROM t1 + JOIN ( SELECT t2.b as id2, max(t2.c) AS b FROM t2 GROUP BY t2.b ) tbl + ON tbl.id2 = t1.a + GROUP BY t1.a + HAVING (tbl.b < '2025-11-06 10:40:00'); + +DROP TABLE t1, t2; + +--echo # End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/innodb_group.result mariadb-11.8.8/mysql-test/main/innodb_group.result --- mariadb-11.8.6/mysql-test/main/innodb_group.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/innodb_group.result 2026-05-24 09:58:30.000000000 +0000 @@ -1,13 +1,21 @@ # -# Start of 10.1 tests -# -# # MDEV-10556 Assertion `0' failed in virtual void Item_sum_field::set_result_field(Field*) # CREATE TABLE t1 (i INT) ENGINE=InnoDB; SELECT DISTINCT STDDEV(1) FROM t1 GROUP BY i ORDER BY BENCHMARK(0, BIT_XOR(i)); STDDEV(1) DROP TABLE t1; -# # End of 10.1 tests # +# MDEV-39131 Wrong Results in Identical Queries Involving Grouping and Bitwise NOT (~) +# +create table t0(c0 double) engine=myisam ; +select count(*), ~0 from t0; +count(*) ~0 +0 18446744073709551615 +alter table t0 engine=innodb; +select count(*), ~0 from t0; +count(*) ~0 +0 18446744073709551615 +drop table t0; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/innodb_group.test mariadb-11.8.8/mysql-test/main/innodb_group.test --- mariadb-11.8.6/mysql-test/main/innodb_group.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/innodb_group.test 2026-05-24 09:58:30.000000000 +0000 @@ -2,14 +2,9 @@ # Tests involving GROUP BY, aggregate functions and InnoDB # - --source include/have_innodb.inc --echo # ---echo # Start of 10.1 tests ---echo # - ---echo # --echo # MDEV-10556 Assertion `0' failed in virtual void Item_sum_field::set_result_field(Field*) --echo # @@ -17,6 +12,15 @@ SELECT DISTINCT STDDEV(1) FROM t1 GROUP BY i ORDER BY BENCHMARK(0, BIT_XOR(i)); DROP TABLE t1; ---echo # --echo # End of 10.1 tests + --echo # +--echo # MDEV-39131 Wrong Results in Identical Queries Involving Grouping and Bitwise NOT (~) +--echo # +create table t0(c0 double) engine=myisam ; +select count(*), ~0 from t0; +alter table t0 engine=innodb; +select count(*), ~0 from t0; +drop table t0; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/intersect.result mariadb-11.8.8/mysql-test/main/intersect.result --- mariadb-11.8.6/mysql-test/main/intersect.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/intersect.result 2026-05-24 09:58:30.000000000 +0000 @@ -431,7 +431,7 @@ "filtered": 100 }, "buffer_type": "flat", - "buffer_size": "256Kb", + "buffer_size": "256KiB", "join_type": "BNL" } } @@ -525,7 +525,7 @@ "r_filtered": 100 }, "buffer_type": "flat", - "buffer_size": "256Kb", + "buffer_size": "256KiB", "join_type": "BNL", "r_loops": 3, "r_filtered": 100, @@ -645,7 +645,7 @@ "r_filtered": 100 }, "buffer_type": "flat", - "buffer_size": "256Kb", + "buffer_size": "256KiB", "join_type": "BNL", "r_loops": 3, "r_filtered": 100, diff -Nru mariadb-11.8.6/mysql-test/main/join_cache_debug.result mariadb-11.8.8/mysql-test/main/join_cache_debug.result --- mariadb-11.8.6/mysql-test/main/join_cache_debug.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/join_cache_debug.result 2026-05-24 09:58:30.000000000 +0000 @@ -108,7 +108,7 @@ "using_index": true }, "buffer_type": "flat", - "buffer_size": "256Kb", + "buffer_size": "256KiB", "join_type": "BNL", "attached_condition": "trigcond(trigcond(t3.c = 1))", "r_loops": 10000, diff -Nru mariadb-11.8.6/mysql-test/main/limit_rows_examined.result mariadb-11.8.8/mysql-test/main/limit_rows_examined.result --- mariadb-11.8.6/mysql-test/main/limit_rows_examined.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/limit_rows_examined.result 2026-05-24 09:58:30.000000000 +0000 @@ -943,3 +943,17 @@ 1 DROP TABLE t1; # End of 10.11 tests +# +# MDEV-38683 SIGSEGV (dbg), SIGABRT or ER_EMPTY_QUERY when using +# ROWS EXAMINED with log_output=TABLE +# +SET GLOBAL general_log=ON, GLOBAL log_output='TABLE'; +CREATE TABLE t1 (c INT); +EXPLAIN SELECT * FROM t1 LIMIT ROWS EXAMINED 1; +id select_type table type possible_keys key key_len ref rows Extra +1 SIMPLE t1 system NULL NULL NULL NULL 0 Const row not found +select 1; +1 +1 +drop table t1; +SET GLOBAL log_output= default; diff -Nru mariadb-11.8.6/mysql-test/main/limit_rows_examined.test mariadb-11.8.8/mysql-test/main/limit_rows_examined.test --- mariadb-11.8.6/mysql-test/main/limit_rows_examined.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/limit_rows_examined.test 2026-05-24 09:58:30.000000000 +0000 @@ -673,3 +673,15 @@ DROP TABLE t1; --echo # End of 10.11 tests + +--echo # +--echo # MDEV-38683 SIGSEGV (dbg), SIGABRT or ER_EMPTY_QUERY when using +--echo # ROWS EXAMINED with log_output=TABLE +--echo # + +SET GLOBAL general_log=ON, GLOBAL log_output='TABLE'; +CREATE TABLE t1 (c INT); +EXPLAIN SELECT * FROM t1 LIMIT ROWS EXAMINED 1; +select 1; +drop table t1; +SET GLOBAL log_output= default; diff -Nru mariadb-11.8.6/mysql-test/main/lock_view.result mariadb-11.8.8/mysql-test/main/lock_view.result --- mariadb-11.8.6/mysql-test/main/lock_view.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/lock_view.result 2026-05-24 09:58:30.000000000 +0000 @@ -34,7 +34,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest3` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_uca1400_ai_ci */; @@ -43,27 +43,27 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3i` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3is` AS SELECT - 1 AS `schema_name` */; + NULL AS `schema_name` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3nt` AS SELECT - 1 AS `1` */; + NULL AS `1` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3ps` AS SELECT - 1 AS `user` */; + NULL AS `user` */; SET character_set_client = @saved_cs_client; USE `mysqltest1`; @@ -239,7 +239,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `id` */; + NULL AS `id` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v1`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; diff -Nru mariadb-11.8.6/mysql-test/main/mariadb-migrate-config-file.result mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.result --- mariadb-11.8.6/mysql-test/main/mariadb-migrate-config-file.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,822 @@ +# +# Testing --edit=remove and !include +# +[mysqld] +invalid=true +alter_algorithm=invalid +key_buffer_size=20M +!include MYSQLTEST_VARDIR/tmp/tmp2.cnf +[mysqld] +default_regex_flags=invalid +Updated files: +MYSQLTEST_VARDIR/tmp/tmp2.cnf +MYSQLTEST_VARDIR/tmp/tmp1.cnf +3 issue/issues fixed +[mysqld] +key_buffer_size=20M +!include MYSQLTEST_VARDIR/tmp/tmp2.cnf +# +# Testing --update --edit=last with !include +# +[mysqld] +invalid=true +alter_algorithm=invalid +key_buffer_size=20M +invalid_option +!include MYSQLTEST_VARDIR/tmp/tmp2.cnf +log-bin +# Include file start + +[mysqld] +log-bin=1 +log_error_verbosity = 3 +Note: aria_pagecache_buffer_size=20M added to [mariadbd] group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp2.cnf +MYSQLTEST_VARDIR/tmp/tmp1.cnf +8 issue/issues fixed +# Changed files +[mariadbd] +key_buffer_size=20M +#key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M + +[mysqld-5.7] +invalid=true +alter_algorithm=invalid +key_buffer_size=20M +invalid_option + +[mysqld] +!include MYSQLTEST_VARDIR/tmp/tmp2.cnf +log-bin +# Include file start + +[mysqld] +log-bin=1 + +[mysqld-5.7] +log_error_verbosity = 3 +# Verify no more changes +Note: aria_pagecache_buffer_size=20M added to [mariadbd] group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +No issues found +# +# Testing --edit=comment +# +[mysqld] +port=38 +invalid=true +alter_algorithm=invalid +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +2 issue/issues fixed +[mysqld] +port=38 +#invalid=true +#alter_algorithm=invalid +# +# Testing --edit=inline --from=mariadb +# +[mysqld] +invalid=true +invalid_option +skip-grant-tables +skip-name-resolve=0 +skip-networking +skip-show-database +skip-slave-start + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +5 issue/issues fixed +# Changed file +[mysqld-5.7] +invalid=true +invalid_option + +[mysqld] +skip-grant-tables +skip-name-resolve=0 +skip-networking +skip-show-database +skip-slave-start + +[mariadbd] + +[options-not-recognized-by-mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 + +[options-not-recognized-by-mariadbd] +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 + +[options-not-recognized-by-mariadbd] +alter_algorithm=impossible2 + +[mariadbd] +port=33 + +[mysqld] +key_buffer_size=20M +# +# Testing --edit=last --from=mariadb +# +[mysqld] +invalid=true +invalid_option + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +5 issue/issues fixed +# Changed file + +[mariadbd] + +[other] +a=b + +[mariadbd] +port=30 + +[other] +c=d + +[mariadbd] +port=32 +port=33 + +[mysqld] +key_buffer_size=20M + +[mysqld-5.7] +invalid=true +invalid_option + +[options-not-recognized-by-mariadbd] +alter_algorithm=invalid +alter_algorithm=impossible +alter_algorithm=impossible2 +# +# Testing --edit=last --from=mysql +# This will fail and changes will be reverted +# +[mysqld] +invalid=true +invalid_option + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M + +# Original unchanged file +[mysqld] +invalid=true +invalid_option + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +# +# Testing mariadbd section additions with --from-mariadb +# +[mariadbd] +invalid1=true +join_buffer_size=5K +invalid2=true + +[mysqld] +key_buffer_size=20M +alter_algorithm=invalid +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +3 issue/issues fixed +[mariadbd] +join_buffer_size=5K + +[mysqld] +key_buffer_size=20M + +[unknown] +alter_algorithm=invalid + +[options-not-recognized-by-mariadbd] +invalid1=true +invalid2=true +# +# Testing key_buffer_size in mysqld section with --from=mysql +# +[mysqld] +key_buffer_size=20M +Note: aria_pagecache_buffer_size=20M added to [mariadbd] group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +4 issue/issues fixed +[mariadbd] +key_buffer_size=20M +#key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M + +[mysqld-5.7] +key_buffer_size=20M +# +# Testing key_buffer_size in mysqld section with --from=mysql --no-myisam +# +[mysqld] +key_buffer_size=20M +Note: 'aria_pagecache_buffer_size=20M' added to [mariadbd] group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +3 issue/issues fixed +[mariadbd] +key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M + +[mysqld-5.7] +key_buffer_size=20M +# +# Testing key_buffer_size in mariadbd section +# +[mariadbd] +key_buffer_size=20M +No issues found +[mariadbd] +key_buffer_size=20M +# +# Testing --no-myisam --edit=last +# +[mysqld] +key_buffer_size=20M +Note: 'aria_pagecache_buffer_size=20M' added to [mariadbd] group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +3 issue/issues fixed +[mariadbd] +key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M + +[mysqld-5.7] +key_buffer_size=20M +# +# Testing --add-skip-start-slave +# +[mysqld] +default_week_format=1 +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +1 issue/issues fixed +[mysqld] +default_week_format=1 + +[mariadbd] +skip_slave_start +# +# Testing --add-skip-slave-start with skip_start_slave already present +# +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +No issues found +[mariadbd] +skip_slave_start +# +# Testing audit_log part 1 +# +[mysqld] +plugin_load=audit_log +audit_log-a=5 +audit_log-disabled +audit_log=on +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 2: Please replace audit_log with the server_audit plugin +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +5 issue/issues fixed +[mariadbd] +skip_slave_start + +[mysqld-5.7] +plugin_load=audit_log +audit_log-a=5 +audit_log-disabled +audit_log=on +# +# Testing audit_log part 2 +# +[mysqld] +audit_log=ON +audit_log_file=name +Warning: Please replace audit_log with the server_audit plugin +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +3 issue/issues fixed +[mariadbd] +skip_slave_start + +[mysqld-5.7] +audit_log=ON +audit_log_file=name +# +# Testing audit_log part 3 +# +[mysqld] +audit_log-disabled +Warning: Please replace audit_log with the server_audit plugin +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +2 issue/issues fixed +[mariadbd] +skip_slave_start + +[mysqld-5.7] +audit_log-disabled +# +# Testing comments +# +[mysqld] +character_set_server = utf8mb4 # It's a new world +collation_server = utf8mb4_0900_ai_ci +log_error_verbosity = 3 +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +2 issue/issues fixed +[mysqld] +character_set_server = utf8mb4 # It's a new world +collation_server = utf8mb4_0900_ai_ci + +[mariadbd] +skip_slave_start + +[mysqld-5.7] +log_error_verbosity = 3 +# +# Testing --fix-all +# +[mysqld] +innodb_data_file_path=/var/mysql/test2 +key_buffer_size=20M +Note: 'aria_pagecache_buffer_size=20M' added to [mariadbd] group +Note: Added MySQL default character sets and collation to [mariadbd] to be able to replicate to MySQL +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +17 issue/issues fixed +[mysqld] +innodb_data_file_path=/var/mysql/test2 + +[mariadbd] +key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M +skip_slave_start +# The following options enable MariaDB to replicate to MySQL +encrypt_binlog=0 +log_bin_compress=0 +# Not required, but recommended for cross_replication +binlog_format=row +# Character set to be able to replicate new tables to MySQL 8.0 +character_set_server=utf8mb4 +collation_server=utf8mb4_0900_ai_ci + +[mysqld-5.7] +key_buffer_size=20M +# The following options enable MySQL to replicate to MariaDB +loose-binlog_row_value_options="" +loose-binlog_transaction_compression=0 +# Not required, but recommended for cross_replication +binlog_format=row +# +# Testing --fix-all --update-paths +# +[mysqld] +innodb_data_file_path=/var/mysql/test2 +key_buffer_size=20M +Note: 'aria_pagecache_buffer_size=20M' added to [mariadbd] group +Note: Added MySQL default character sets and collation to [mariadbd] to be able to replicate to MySQL +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +19 issue/issues fixed +[mariadbd] +innodb_data_file_path=/var/mariadb/test2 +key_buffer_size=64K # Recommended value if no MyISAM tables +aria_pagecache_buffer_size=20M +skip_slave_start +# The following options enable MariaDB to replicate to MySQL +encrypt_binlog=0 +log_bin_compress=0 +# Not required, but recommended for cross_replication +binlog_format=row +# Character set to be able to replicate new tables to MySQL 8.0 +character_set_server=utf8mb4 +collation_server=utf8mb4_0900_ai_ci + +[mysqld-5.7] +innodb_data_file_path=/var/mysql/test2 +key_buffer_size=20M +# The following options enable MySQL to replicate to MariaDB +loose-binlog_row_value_options="" +loose-binlog_transaction_compression=0 +# Not required, but recommended for cross_replication +binlog_format=row +# +# Testing path copying, without error-group and silent +# +[mysqld] +innodb_data_file_path=/var/mysql/test +port=38 +dummy=/var/mysql/test +log-error=/var/mysql/test2 + +[mysqld-8.0] +port=39 +dummy2=2 +innodb_data_file_path=/var/mysql/test2 +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 2: 'innodb_data_file_path=/var/mysql/test' would be replaced with 'innodb_data_file_path=/var/mariadb/test' +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 4: Invalid option dummy +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 5: 'log-error=/var/mysql/test2' would be replaced with 'log-error=/var/mariadb/test2' +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 10: 'innodb_data_file_path=/var/mysql/test2' would be replaced with 'innodb_data_file_path=/var/mariadb/test2' +2 line/lines would be copied to [mariadbd] group +5 line/lines would be copied to [mysqld-5.7] group +11 issue/issues found +MYSQLTEST_VARDIR/tmp/tmp1.cnf +# Changed file +[mysqld] +port=38 + +[mysqld-8.0] +port=39 +dummy2=2 +innodb_data_file_path=/var/mysql/test2 + +[mariadbd] +innodb_data_file_path=/var/mariadb/test +log-error=/var/mariadb/test2 +port=39 +innodb_data_file_path=/var/mariadb/test2 + +[mysqld-5.7] +innodb_data_file_path=/var/mysql/test +dummy=/var/mysql/test +log-error=/var/mysql/test2 +# +# Testing innodb_stats_sample_pages +# +[mysqld] +innodb_stats_sample_pages=1 +### File [name hidden] +[mariadbd] +innodb_stats_transient_sample_pages=1 + +[mysqld-5.7] +innodb_stats_sample_pages=1 + +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 2: 'innodb_stats_sample_pages=1' would be replaced with 'innodb_stats_transient_sample_pages=1' +1 issue/issues found +# +# Testing innodb_log_files_in_group +# +[mysqld] +innodb_log_files_in_group=4 +innodb_log_file_size=2G +# Checking file +In MYSQLTEST_VARDIR/tmp/tmp1.cnf at line 2: Invalid option innodb_log_files_in_group +1 issue/issues found +# Updating file +Note: 'innodb_log_file_size=8G' added to [mariadbd] group based on innodb_log_file_size * innodb_log_files_in_group +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +2 issue/issues fixed +# Changed file +[mysqld] +innodb_log_file_size=2G + +[mariadbd] +innodb_log_file_size=8G + +[mysqld-5.7] +innodb_log_files_in_group=4 +# Checking if file is ok now +No issues found +# +# Test not existing character set +# +[mysqld] +character_set_server=xxx +# +# Testing --add-XXX-replication-compatibility +# +[mysqld] +port=38 +character-set-server=utf8mb4 +# MySQL -> MariaDB compatibility +### File MYSQLTEST_VARDIR/tmp/tmp1.cnf: +[mysqld] +port=38 +character-set-server=utf8mb4 + +[mysqld-5.7] +# The following options enable MySQL to replicate to MariaDB +loose-binlog_row_value_options="" +loose-binlog_transaction_compression=0 +# Not required, but recommended for cross_replication +binlog_format=row + +# MariaDB -> MySQL compatibility +### File MYSQLTEST_VARDIR/tmp/tmp1.cnf: +[mysqld] +port=38 +character-set-server=utf8mb4 + +[mariadbd] +# The following options enable MariaDB to replicate to MySQL +encrypt_binlog=0 +log_bin_compress=0 +# Not required, but recommended for cross_replication +binlog_format=row + +# +# Testing --add-client-server-group +# +[mysqld] +port=38 +port=39 +socket="/tmp/mysql.sock" +character-set-server=utf8mb4 + +[server] +port=50 + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" +# --add-client-server-group +### File MYSQLTEST_VARDIR/tmp/tmp1.cnf: +[mysqld] +port=38 +port=39 +character-set-server=utf8mb4 + +[server] +port=50 + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" + +[mariadbd] +socket="/tmp/mariadb.sock" + +[mysqld-5.7] +socket="/tmp/mysql.sock" + +[client-server] +port=50 +socket="/tmp/mariadb.sock" + +# Test 2 with update and without --update-paths +[mysqld] +port=38 +port=39 +socket="/tmp/mysql.sock" +innodb_log_file_size=2G + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +2 issue/issues fixed +# Changed file +[mysqld] +port=38 +port=39 +socket="/tmp/mysql.sock" +innodb_log_file_size=2G + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" + +[client-server] +port=39 +socket=/tmp/mysql.sock +# +# Testing copy-mysqld-groups +# +[mysqld-8.0] +socket="/tmp/mysql.sock" +# Testing with --copy-mysqld-groups=0 +No issues found +# Testing with --copy-mysqld-groups=1 +1 line/lines would be copied to [mariadbd] group +1 issue/issues found +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +1 issue/issues fixed +[mysqld-8.0] +socket="/tmp/mysql.sock" + +[mariadbd] +socket="/tmp/mysql.sock" +# +# Testing path changing and different generated sections +# +[mysqld] +log-error = /var/log/mysql/mysqld.log +dummy=1; +default-storage-engine=innodb +socket=/var/lib/mysql/mysql.sock +datadir=/var/lib/mysql + +[server] +dummy=2; +socket=dummy; + +[mysqld-8.0] +default-storage-engine=misam +port=36 +qqq= hello + +[mysqld] +innodb_data_file_path=/var/mysql/test +port=38 +dummy=/var/mysql/test +log-error=/var/mysql/test2 + +[mysqld-8.0] +port=39 +dummy2=3 +innodb_data_file_path=/var/mysql/test2 +# Output from --print --edit=last --update-paths +### File [name hidden] +[mysqld] +default-storage-engine=innodb + +[server] +socket=dummy; + +[mysqld-8.0] +default-storage-engine=misam +port=36 +qqq= hello + +[mysqld] +port=38 + +[mysqld-8.0] +port=39 +dummy2=3 +innodb_data_file_path=/var/mysql/test2 + +[mariadbd] +log-error = /var/log/mariadb/mysqld.log +socket=/var/lib/mariadb/mysql.sock +datadir=/var/lib/mariadb +default-storage-engine=misam +port=36 +innodb_data_file_path=/var/mariadb/test +log-error=/var/mariadb/test2 +port=39 +innodb_data_file_path=/var/mariadb/test2 + +[mysqld-5.7] +log-error = /var/log/mysql/mysqld.log +dummy=1; +socket=/var/lib/mysql/mysql.sock +datadir=/var/lib/mysql +dummy=2; +innodb_data_file_path=/var/mysql/test +dummy=/var/mysql/test +log-error=/var/mysql/test2 + +# +# Test that second update of file with 'last' will no do anything +# +Updated files: +MYSQLTEST_VARDIR/tmp/tmp1.cnf +17 issue/issues fixed +No issues found +No issues found +"Next command should not change anything" +No issues found +[mysqld] +default-storage-engine=innodb + +[server] +socket=dummy; + +[mysqld-8.0] +default-storage-engine=misam +port=36 +qqq= hello + +[mysqld] +port=38 + +[mysqld-8.0] +port=39 +dummy2=3 +innodb_data_file_path=/var/mysql/test2 + +[mariadbd] +log-error = /var/log/mariadb/mysqld.log +socket=/var/lib/mariadb/mysql.sock +datadir=/var/lib/mariadb +default-storage-engine=misam +port=36 +innodb_data_file_path=/var/mariadb/test +log-error=/var/mariadb/test2 +port=39 +innodb_data_file_path=/var/mariadb/test2 + +[mysqld-5.7] +log-error = /var/log/mysql/mysqld.log +dummy=1; +socket=/var/lib/mysql/mysql.sock +datadir=/var/lib/mysql +dummy=2; +innodb_data_file_path=/var/mysql/test +dummy=/var/mysql/test +log-error=/var/mysql/test2 diff -Nru mariadb-11.8.6/mysql-test/main/mariadb-migrate-config-file.test mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.test --- mariadb-11.8.6/mysql-test/main/mariadb-migrate-config-file.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mariadb-migrate-config-file.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,603 @@ +if (!$MARIADB_MIGRATE_CONFIG_FILE) { + --skip MARIADB_MIGRATE_CONFIG_FILE missing +} + +--echo # +--echo # Testing --edit=remove and !include +--echo # + +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +invalid=true +alter_algorithm=invalid +key_buffer_size=20M +EOF + +--exec echo "!include $MYSQLTEST_VARDIR/tmp/tmp2.cnf" >> $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--write_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf +[mysqld] +default_regex_flags=invalid +EOF + +--cat_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --edit=remove +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--cat_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf + +--echo # +--echo # Testing --update --edit=last with !include +--echo # + +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +invalid=true +alter_algorithm=invalid +key_buffer_size=20M +invalid_option +EOF +--exec echo "!include $MYSQLTEST_VARDIR/tmp/tmp2.cnf" >> $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--exec echo "log-bin" >> $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--write_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf +# Include file start + +[mysqld] +log-bin=1 +log_error_verbosity = 3 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --edit=last + +--echo # Changed files +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--cat_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf + +--echo # Verify no more changes +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --edit=last + +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp2.cnf + +--echo # +--echo # Testing --edit=comment +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +port=38 +invalid=true +alter_algorithm=invalid +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --edit=comment +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --edit=inline --from=mariadb +--echo # + +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +invalid=true +invalid_option +skip-grant-tables +skip-name-resolve=0 +skip-networking +skip-show-database +skip-slave-start + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=inline --from=mariadb +--echo # Changed file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --edit=last --from=mariadb +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +invalid=true +invalid_option + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --from=mariadb +--echo # Changed file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --edit=last --from=mysql +--echo # This will fail and changes will be reverted +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +invalid=true +invalid_option + +[mariadbd] +alter_algorithm=invalid + +[other] +a=b + +[mariadbd] +port=30 +alter_algorithm=impossible + +[other] +c=d + +[mariadbd] +port=32 +alter_algorithm=impossible2 +port=33 + +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--disable_result_log +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --from=mysql --verify +--enable_result_log +--echo +--echo # Original unchanged file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing mariadbd section additions with --from-mariadb +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mariadbd] +invalid1=true +join_buffer_size=5K +invalid2=true + +[mysqld] +key_buffer_size=20M +alter_algorithm=invalid +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=unknown --edit=last --from=mariadb +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing key_buffer_size in mysqld section with --from=mysql +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --from=mysql +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing key_buffer_size in mysqld section with --from=mysql --no-myisam +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --from=mysql --no-myisam +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing key_buffer_size in mariadbd section +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mariadbd] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --no-myisam --edit=last +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --no-myisam +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --add-skip-start-slave +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +default_week_format=1 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --add-skip-slave-start with skip_start_slave already present +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mariadbd] +skip_slave_start +EOF +#--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing audit_log part 1 +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +plugin_load=audit_log +audit_log-a=5 +audit_log-disabled +audit_log=on +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing audit_log part 2 +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +audit_log=ON +audit_log_file=name +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing audit_log part 3 +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +audit_log-disabled +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing comments +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +character_set_server = utf8mb4 # It's a new world +collation_server = utf8mb4_0900_ai_ci +log_error_verbosity = 3 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --add-skip-slave-start +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --fix-all +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +innodb_data_file_path=/var/mysql/test2 +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --fix-all +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --fix-all --update-paths +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +innodb_data_file_path=/var/mysql/test2 +key_buffer_size=20M +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --update --verify --error-group=mysqld-5.7 --edit=last --fix-all --update-paths +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing path copying, without error-group and silent +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +innodb_data_file_path=/var/mysql/test +port=38 +dummy=/var/mysql/test +log-error=/var/mysql/test2 + +[mysqld-8.0] +port=39 +dummy2=2 +innodb_data_file_path=/var/mysql/test2 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update-paths --add-mariadb-replication-compatibility +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd="not_found_here" --update --verify --edit=last --silent --update-paths --verify=0 +--echo # Changed file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing innodb_stats_sample_pages +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +innodb_stats_sample_pages=1 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_regex /### File[^\n]*/### File [name hidden]/ +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --print --edit=last +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing innodb_log_files_in_group +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +innodb_log_files_in_group=4 +innodb_log_file_size=2G +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # Checking file +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # Updating file +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --verify --edit=last --mariadbd=$MYSQLD --verify +--echo # Changed file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # Checking if file is ok now +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --verify=0 +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Test not existing character set +--echo # + +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +character_set_server=xxx +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --verify --edit=last --mariadbd=$MYSQLD --verify +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --add-XXX-replication-compatibility +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +port=38 +character-set-server=utf8mb4 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # MySQL -> MariaDB compatibility +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --print --edit=last --verify=0 --add-mariadb-replication-compatibility + +--echo # MariaDB -> MySQL compatibility +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --print --edit=last --verify=0 --add-mysql-replication-compatibility +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing --add-client-server-group +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +port=38 +port=39 +socket="/tmp/mysql.sock" +character-set-server=utf8mb4 + +[server] +port=50 + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # --add-client-server-group +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --print --edit=last --verify=0 --add-client-server-group --update-paths +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # Test 2 with update and without --update-paths +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +port=38 +port=39 +socket="/tmp/mysql.sock" +innodb_log_file_size=2G + +[mysql-8.0] +port=99 +socket="/tmp/mysql8.sock" +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --edit=last --add-client-server-group --mariadbd=$MYSQLD --verify +--echo # Changed file +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing copy-mysqld-groups +--echo # + +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld-8.0] +socket="/tmp/mysql.sock" +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # Testing with --copy-mysqld-groups=0 +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --edit=last --copy-mysqld-groups=0 --mariadbd=$MYSQLD --verify +--echo # Testing with --copy-mysqld-groups=1 +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR +--error 2 +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --copy-mysqld-groups=1 +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --edit=last --copy-mysqld-groups=1 --mariadbd=$MYSQLD --verify +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf + +--echo # +--echo # Testing path changing and different generated sections +--echo # +--write_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +[mysqld] +log-error = /var/log/mysql/mysqld.log +dummy=1; +default-storage-engine=innodb +socket=/var/lib/mysql/mysql.sock +datadir=/var/lib/mysql + +[server] +dummy=2; +socket=dummy; + +[mysqld-8.0] +default-storage-engine=misam +port=36 +qqq= hello + +[mysqld] +innodb_data_file_path=/var/mysql/test +port=38 +dummy=/var/mysql/test +log-error=/var/mysql/test2 + +[mysqld-8.0] +port=39 +dummy2=3 +innodb_data_file_path=/var/mysql/test2 +EOF +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--echo # Output from --print --edit=last --update-paths +--replace_regex /### File[^\n]*/### File [name hidden]/ +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd="not_found_here" --print --edit=last --update-paths + +--echo # +--echo # Test that second update of file with 'last' will no do anything +--echo # +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --edit=last --update-paths --verify=0 +# Check file +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --mariadbd=$MYSQLD --copy-mysqld-groups=0 +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update-paths --mariadbd=$MYSQLD --copy-mysqld-groups=0 +--echo "Next command should not change anything" +--replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR $MYSQLTEST_REAL_VARDIR MYSQLTEST_VARDIR +--exec $MARIADB_MIGRATE_CONFIG_FILE --defaults-file=$MYSQLTEST_VARDIR/tmp/tmp1.cnf --update --edit=last --update-paths --backup --verify=0 +--cat_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf +--remove_file $MYSQLTEST_VARDIR/tmp/tmp1.cnf diff -Nru mariadb-11.8.6/mysql-test/main/master_info_numeric_validation.result mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.result --- mariadb-11.8.6/mysql-test/main/master_info_numeric_validation.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,17 @@ +include/master-slave.inc +[connection master] +connection slave; +call mtr.add_suppression("Error reading master configuration"); +call mtr.add_suppression("Failed to initialize the master info structure"); +call mtr.add_suppression("error connecting to master"); +include/rpl_stop_server.inc [server_number=2] +include/rpl_start_server.inc [server_number=2] +connection slave; +# Verifying that trailing garbage causes parsing to fail. +# Rejection successful. The server refused to parse the garbage. +# Restoring the slave to original replication state +include/rpl_restart_server.inc [server_number=2] +include/start_slave.inc +connection master; +include/rpl_end.inc +# End of master_info_numeric_validation.test diff -Nru mariadb-11.8.6/mysql-test/main/master_info_numeric_validation.test mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.test --- mariadb-11.8.6/mysql-test/main/master_info_numeric_validation.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/master_info_numeric_validation.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,83 @@ +# +# MDEV-38010: Trailing garbage in master.info numeric fields leads to corruption. +# This test verifis that the server strictly validates numeric lines in master.info. +# If trailing non-whitespace characters are found, the line is rejected as corrupted. +# + +--source include/master-slave.inc +--source include/have_binlog_format_mixed.inc + +--connection slave + +# Step1: Capture the current working replication state. +# We need these to restore a clean environment after we've intentionally +# "broken" the master.info file for the test. +--let $master_port= query_get_value(SHOW SLAVE STATUS, Master_Port, 1) + +# Suppress the err we expect to see in the log during this test. +# The server will log these when it hits our new strict validation logic. +call mtr.add_suppression("Error reading master configuration"); +call mtr.add_suppression("Failed to initialize the master info structure"); +call mtr.add_suppression("error connecting to master"); + +--let $MYSQLD_DATADIR= `select @@datadir` + +--let $rpl_server_number= 2 +--source include/rpl_stop_server.inc + +# Step2: Simulate a corrupted master.info file. +# The server is now fully stopped, preventing it from flushing its clean +# in-memory state and overwriting our manually hacked file on shutdown. +--move_file $MYSQLD_DATADIR/master.info $MYSQLD_DATADIR/master.info.backup +--write_file $MYSQLD_DATADIR/master.info +17 +master-bin.000001 +4 +127.0.0.1 +root + +9999 60 +60 +0 +0 + + + +0 + +60.000abcdefghijklm +1 1 +EOF + +# Step3: Start the server to force it to parse the corrupted file. +--let $rpl_server_number= 2 +--source include/rpl_start_server.inc + +--connection slave + +--echo # Verifying that trailing garbage causes parsing to fail. +--let $port= query_get_value(SHOW SLAVE STATUS, Master_Port, 1) + +if ($port == 9999) { + --echo Error: The garbage in master.info was silently accepted! Port evaluated to $port. + --die "Test failed: Fix is not preventing garbage parsing." +} + +--echo # Rejection successful. The server refused to parse the garbage. + +# Step4: Cleanup and Restoration. +# We remove the bad master.info and restore the original from the temp dir. +--remove_file $MYSQLD_DATADIR/master.info +--move_file $MYSQLD_DATADIR/master.info.backup $MYSQLD_DATADIR/master.info + +--echo # Restoring the slave to original replication state +--let $rpl_server_number= 2 +--source include/rpl_restart_server.inc + +--source include/start_slave.inc + +--connection master +--source include/rpl_end.inc + + +--echo # End of master_info_numeric_validation.test diff -Nru mariadb-11.8.6/mysql-test/main/mdev-33070.cnf mariadb-11.8.8/mysql-test/main/mdev-33070.cnf --- mariadb-11.8.6/mysql-test/main/mdev-33070.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev-33070.cnf 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,7 @@ +!include include/default_my.cnf + +[mysqld.1] +extra-port= @ENV.MASTER_EXTRA_PORT + +[ENV] +MASTER_EXTRA_PORT= @OPT.port diff -Nru mariadb-11.8.6/mysql-test/main/mdev-33070.opt mariadb-11.8.8/mysql-test/main/mdev-33070.opt --- mariadb-11.8.6/mysql-test/main/mdev-33070.opt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev-33070.opt 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1 @@ +--thread-handling=pool-of-threads --loose-thread-pool-mode=generic --thread-pool-size=1 --thread-pool-max-threads=3 --thread-pool-oversubscribe=1 --thread-pool-stall-limit=10000 --thread-pool-dedicated-listener diff -Nru mariadb-11.8.6/mysql-test/main/mdev-33070.result mariadb-11.8.8/mysql-test/main/mdev-33070.result --- mariadb-11.8.6/mysql-test/main/mdev-33070.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev-33070.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,35 @@ +# MDEV-33070 Thread pool starvation at oversubscribe threshold +CREATE TABLE t1 (a INT); +connect c1, localhost, root,,; +connect c2, localhost, root,,; +connect c3, localhost, root,,; +connect extra_con, 127.0.0.1, root,,test,$MASTER_EXTRA_PORT,; +connection c1; +SELECT SLEEP(1000); +connection extra_con; +connection c2; +SELECT SLEEP(1000); +connection extra_con; +connection c3; +INSERT INTO t1 VALUES (1); +connection extra_con; +KILL QUERY c1_id; +SELECT COUNT(*) = 1 FROM t1; +COUNT(*) = 1 +1 +connection c1; +disconnect c1; +connection extra_con; +KILL QUERY c2_id; +connection c2; +disconnect c2; +connection c3; +disconnect c3; +connection extra_con; +SELECT COUNT(*) = 1 FROM t1; +COUNT(*) = 1 +1 +disconnect extra_con; +connection default; +DROP TABLE t1; +# End of MDEV-33070 tests diff -Nru mariadb-11.8.6/mysql-test/main/mdev-33070.test mariadb-11.8.8/mysql-test/main/mdev-33070.test --- mariadb-11.8.6/mysql-test/main/mdev-33070.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev-33070.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,83 @@ +--source include/not_embedded.inc +--source include/have_pool_of_threads.inc + +--echo # MDEV-33070 Thread pool starvation at oversubscribe threshold + +# The server is started with a single thread group, a dedicated listener, +# one worker thread, and thread_pool_oversubscribe=1. +# +# c1 and c2 run long queries and occupy the one worker plus the one allowed +# oversubscribe slot. c3 submits a trivial INSERT which the listener can only +# enqueue, because it is sent only after both c1 and c2 are confirmed running. +# +# Before the fix, after c1 was killed the worker stayed at the oversubscribe +# threshold and went to sleep instead of dequeuing c3. Because +# thread_pool_dedicated_listener=ON, only the worker can drain the queue, so if +# c3 is still pending while c1 and c2 run and completes only after c1 is +# killed, then the worker resumed dequeuing. + +CREATE TABLE t1 (a INT); + +--connect (c1, localhost, root,,) +--connect (c2, localhost, root,,) +--connect (c3, localhost, root,,) +--connect (extra_con, 127.0.0.1, root,,test,$MASTER_EXTRA_PORT,) + +--connection c1 +--let $c1_id= `SELECT CONNECTION_ID()` +--send SELECT SLEEP(1000) + +--connection extra_con +let $wait_condition= + SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.PROCESSLIST + WHERE STATE='User sleep' AND ID=$c1_id; +--source include/wait_condition.inc + +--connection c2 +--let $c2_id= `SELECT CONNECTION_ID()` +--send SELECT SLEEP(1000) + +--connection extra_con +let $wait_condition= + SELECT COUNT(*) > 0 FROM INFORMATION_SCHEMA.PROCESSLIST + WHERE STATE='User sleep' AND ID=$c2_id; +--source include/wait_condition.inc + +--connection c3 +--send INSERT INTO t1 VALUES (1) + +--connection extra_con +--replace_result $c1_id c1_id +eval KILL QUERY $c1_id; + +let $wait_timeout= 10; +let $wait_condition= + SELECT COUNT(*) = 1 FROM t1; +--source include/wait_condition.inc +SELECT COUNT(*) = 1 FROM t1; + +--connection c1 +--error 0,ER_QUERY_INTERRUPTED,ER_STATEMENT_TIMEOUT +--reap +--disconnect c1 + +--connection extra_con +--replace_result $c2_id c2_id +eval KILL QUERY $c2_id; + +--connection c2 +--error 0,ER_QUERY_INTERRUPTED +--reap +--disconnect c2 + +--connection c3 +--reap +--disconnect c3 + +--connection extra_con +SELECT COUNT(*) = 1 FROM t1; +--disconnect extra_con + +--connection default +DROP TABLE t1; +--echo # End of MDEV-33070 tests diff -Nru mariadb-11.8.6/mysql-test/main/mdev_38998.result mariadb-11.8.8/mysql-test/main/mdev_38998.result --- mariadb-11.8.6/mysql-test/main/mdev_38998.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_38998.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,29 @@ +# +# MDEV-38998: Assertion failure in diagnostics area upon INSERT/UPDATE IGNORE and check with ER_DATA_OUT_OF_RANGE +# +CREATE TABLE t1 (f INT, CHECK(COT(f))); +# Test INSERT IGNORE +INSERT IGNORE INTO t1 VALUES (0); +Warnings: +Error 1690 DOUBLE value is out of range in 'cot(`test`.`t1`.`f`)' +Warning 4025 CONSTRAINT `CONSTRAINT_1` failed for `test`.`t1` +# Test several values with INSERT IGNORE +TRUNCATE TABLE t1; +INSERT IGNORE INTO t1 VALUES (0), (1); +Warnings: +Error 1690 DOUBLE value is out of range in 'cot(`test`.`t1`.`f`)' +Warning 4025 CONSTRAINT `CONSTRAINT_1` failed for `test`.`t1` +SELECT * FROM t1; +f +1 +# Test UPDATE IGNORE +TRUNCATE TABLE t1; +INSERT INTO t1 VALUES (1); +UPDATE IGNORE t1 SET f=0; +Warnings: +Error 1690 DOUBLE value is out of range in 'cot(`test`.`t1`.`f`)' +Warning 4025 CONSTRAINT `CONSTRAINT_1` failed for `test`.`t1` +SELECT * FROM t1; +f +1 +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/main/mdev_38998.test mariadb-11.8.8/mysql-test/main/mdev_38998.test --- mariadb-11.8.6/mysql-test/main/mdev_38998.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_38998.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,26 @@ +--source include/have_debug.inc + +--echo # +--echo # MDEV-38998: Assertion failure in diagnostics area upon INSERT/UPDATE IGNORE and check with ER_DATA_OUT_OF_RANGE +--echo # + +CREATE TABLE t1 (f INT, CHECK(COT(f))); + +--echo # Test INSERT IGNORE +INSERT IGNORE INTO t1 VALUES (0); + + +--echo # Test several values with INSERT IGNORE +TRUNCATE TABLE t1; +INSERT IGNORE INTO t1 VALUES (0), (1); + +SELECT * FROM t1; + +--echo # Test UPDATE IGNORE +TRUNCATE TABLE t1; +INSERT INTO t1 VALUES (1); +UPDATE IGNORE t1 SET f=0; + +SELECT * FROM t1; + +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118-win.cnf mariadb-11.8.8/mysql-test/main/mdev_39118-win.cnf --- mariadb-11.8.6/mysql-test/main/mdev_39118-win.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118-win.cnf 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,4 @@ +!include include/default_my.cnf + +[ENV] +HOME=~\ diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118-win.result mariadb-11.8.8/mysql-test/main/mdev_39118-win.result --- mariadb-11.8.6/mysql-test/main/mdev_39118-win.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118-win.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,6 @@ +# +# MDEV-39118: test_if_hard_path() crashes on recursively resolving $HOME +# +create table t (c int) engine=MyISAM data directory="~\\foo\\bar"; +ERROR 42000: Incorrect table name '~\foo\bar' +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118-win.test mariadb-11.8.8/mysql-test/main/mdev_39118-win.test --- mariadb-11.8.6/mysql-test/main/mdev_39118-win.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118-win.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,9 @@ +--source include/windows.inc +--echo # +--echo # MDEV-39118: test_if_hard_path() crashes on recursively resolving \$HOME +--echo # + +--error ER_WRONG_TABLE_NAME +create table t (c int) engine=MyISAM data directory="~\\foo\\bar"; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118.cnf mariadb-11.8.8/mysql-test/main/mdev_39118.cnf --- mariadb-11.8.6/mysql-test/main/mdev_39118.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118.cnf 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,4 @@ +!include include/default_my.cnf + +[ENV] +HOME=~/ diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118.result mariadb-11.8.8/mysql-test/main/mdev_39118.result --- mariadb-11.8.6/mysql-test/main/mdev_39118.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,6 @@ +# +# MDEV-39118: test_if_hard_path() crashes on recursively resolving $HOME +# +create table t (c int) engine=MyISAM data directory="~/foo/bar"; +ERROR 42000: Incorrect table name '~/foo/bar' +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mdev_39118.test mariadb-11.8.8/mysql-test/main/mdev_39118.test --- mariadb-11.8.6/mysql-test/main/mdev_39118.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mdev_39118.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,9 @@ +--source include/not_windows.inc +--echo # +--echo # MDEV-39118: test_if_hard_path() crashes on recursively resolving \$HOME +--echo # + +--error ER_WRONG_TABLE_NAME +create table t (c int) engine=MyISAM data directory="~/foo/bar"; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/metadata.result mariadb-11.8.8/mysql-test/main/metadata.result --- mariadb-11.8.6/mysql-test/main/metadata.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/metadata.result 2026-05-24 09:58:30.000000000 +0000 @@ -167,12 +167,12 @@ 1 select 1 union select 1; Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def 1 1 3 1 1 N 49153 0 63 +def 1 1 3 2 1 N 49153 0 63 1 1 select * from (select 1 union select 1) aaa; Catalog Database Table Table_alias Column Column_alias Type Length Max length Is_null Flags Decimals Charsetnr -def aaa 1 1 3 1 1 N 49153 0 63 +def aaa 1 1 3 2 1 N 49153 0 63 1 1 drop table t1; diff -Nru mariadb-11.8.6/mysql-test/main/mix2_myisam.result mariadb-11.8.8/mysql-test/main/mix2_myisam.result --- mariadb-11.8.6/mysql-test/main/mix2_myisam.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mix2_myisam.result 2026-05-24 09:58:30.000000000 +0000 @@ -1550,10 +1550,7 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref v v 13 const # Using where; Using index alter table t1 add unique(v); -ERROR 23000: Duplicate entry '{ ' for key 'v_2' -show warnings; -Level Code Message -Error 1062 Duplicate entry 'a\0001' for key 'v_2' +ERROR 23000: Duplicate entry 'a ' for key 'v_2' alter table t1 add key(v); Warnings: Note 1831 Duplicate index `v_2`. This is deprecated and will be disallowed in a future release diff -Nru mariadb-11.8.6/mysql-test/main/mrr_icp_extra.result mariadb-11.8.8/mysql-test/main/mrr_icp_extra.result --- mariadb-11.8.6/mysql-test/main/mrr_icp_extra.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mrr_icp_extra.result 2026-05-24 09:58:30.000000000 +0000 @@ -359,10 +359,7 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref v v 13 const # Using where; Using index alter table t1 add unique(v); -ERROR 23000: Duplicate entry '{ ' for key 'v_2' -show warnings; -Level Code Message -Error 1062 Duplicate entry 'a\0001' for key 'v_2' +ERROR 23000: Duplicate entry 'a ' for key 'v_2' alter table t1 add key(v); Warnings: Note 1831 Duplicate index `v_2`. This is deprecated and will be disallowed in a future release diff -Nru mariadb-11.8.6/mysql-test/main/myisam.result mariadb-11.8.8/mysql-test/main/myisam.result --- mariadb-11.8.6/mysql-test/main/myisam.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/myisam.result 2026-05-24 09:58:30.000000000 +0000 @@ -1268,10 +1268,7 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref v v 13 const # Using where; Using index alter table t1 add unique(v); -ERROR 23000: Duplicate entry '{ ' for key 'v_2' -show warnings; -Level Code Message -Error 1062 Duplicate entry 'a\0001' for key 'v_2' +ERROR 23000: Duplicate entry 'a ' for key 'v_2' alter table t1 add key(v); Warnings: Note 1831 Duplicate index `v_2`. This is deprecated and will be disallowed in a future release diff -Nru mariadb-11.8.6/mysql-test/main/myisam_enable_keys-10506.result mariadb-11.8.8/mysql-test/main/myisam_enable_keys-10506.result --- mariadb-11.8.6/mysql-test/main/myisam_enable_keys-10506.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/myisam_enable_keys-10506.result 2026-05-24 09:58:30.000000000 +0000 @@ -111,5 +111,5 @@ (NULL, '2008-09-11', '2004-06-07 23:17:09', 'k'); ALTER TABLE t1 ADD UNIQUE KEY ind1 (pk, d, i, v); ALTER TABLE t1 ADD UNIQUE KEY ind2 (d, v); -ERROR 23000: Duplicate entry '2008-09-11-k' for key 'ind2' +ERROR 23000: Duplicate entry '1900-01-01-i' for key 'ind2' DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/main/mysql-interactive.result mariadb-11.8.8/mysql-test/main/mysql-interactive.result --- mariadb-11.8.6/mysql-test/main/mysql-interactive.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysql-interactive.result 2026-05-24 09:58:30.000000000 +0000 @@ -62,3 +62,66 @@ MariaDB [(none)]> exit Bye # End of 10.11 tests +# +# MDEV-38922 CLI incorrectly adds "stage done" on REPAIR TABLE output +# +CREATE TABLE t (c INT) ENGINE=InnoDB; +REPAIR TABLE t; +DROP TABLE t; +exit +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is X +Server version: Y +Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +MariaDB [test]> CREATE TABLE t (c INT) ENGINE=InnoDB; +Query OK, 0 rows affected + +MariaDB [test]> REPAIR TABLE t; +Stage: X of Y 'Z' P% of stage done +--------+--------+----------+----------+ +| Table | Op | Msg_type | Msg_text | ++--------+--------+----------+----------+ +| test.t | repair | status | OK | ++--------+--------+----------+----------+ +1 row in set + +MariaDB [test]> DROP TABLE t; +Query OK, 0 rows affected + +MariaDB [test]> exit +Bye +# +# repair table output in unbuffered (--quick) mode +# +CREATE TABLE t (c INT) ENGINE=InnoDB; +INSERT INTO t SELECT * FROM seq_1_to_10; +REPAIR TABLE t; +DROP TABLE t; +exit +Welcome to the MariaDB monitor. Commands end with ; or \g. +Your MariaDB connection id is X +Server version: Y +Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. + +Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. + +MariaDB [test]> CREATE TABLE t (c INT) ENGINE=InnoDB; +Query OK, 0 rows affected + +MariaDB [test]> INSERT INTO t SELECT * FROM seq_1_to_10; +MariaDB [test]> REPAIR TABLE t; ++--------+--------+----------+----------+ +| Table | Op | Msg_type | Msg_text | ++--------+--------+----------+----------+ +Stage: X of Y 'Z' P% of stage done | test.t | repair | status | OK | ++--------+--------+----------+----------+ +1 row in set + +MariaDB [test]> DROP TABLE t; +Query OK, 0 rows affected + +MariaDB [test]> exit +Bye +# End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysql-interactive.test mariadb-11.8.8/mysql-test/main/mysql-interactive.test --- mariadb-11.8.6/mysql-test/main/mysql-interactive.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysql-interactive.test 2026-05-24 09:58:30.000000000 +0000 @@ -1,10 +1,11 @@ +# this would need an instrumented ncurses library +source include/not_msan.inc; +source include/not_embedded.inc; +source include/not_windows.inc; +source include/have_innodb.inc; --echo # --echo # regression introduced by MDEV-14448 --echo # -source include/not_embedded.inc; -source include/not_windows.inc; -# this would need an instrumented ncurses library -source include/not_msan.inc; write_file $MYSQL_TMP_DIR/mysql_in; delimiter $ @@ -46,3 +47,46 @@ remove_file $MYSQL_TMP_DIR/mysql_in; --echo # End of 10.11 tests + +--echo # +--echo # MDEV-38922 CLI incorrectly adds "stage done" on REPAIR TABLE output +--echo # +write_file $MYSQL_TMP_DIR/mysql_in; +CREATE TABLE t (c INT) ENGINE=InnoDB; +REPAIR TABLE t; +DROP TABLE t; +exit +EOF +let TERM=dumb; +replace_regex /id is \d+/id is X/ /Server version: .*/Server version: Y/ / \(\d+\.\d+ sec\)// /Stage: \d+ of \d+ '.*?'\s+[0-9.]+% of stage done/Stage: X of Y 'Z' P% of stage done/ / +\r//; +error 0,127; +exec socat -t30 EXEC:"$MYSQL test",pty STDIO < $MYSQL_TMP_DIR/mysql_in; +if ($sys_errno == 127) +{ + remove_file $MYSQL_TMP_DIR/mysql_in; + skip no socat; +} +remove_file $MYSQL_TMP_DIR/mysql_in; + +--echo # +--echo # repair table output in unbuffered (--quick) mode +--echo # +write_file $MYSQL_TMP_DIR/mysql_in; +CREATE TABLE t (c INT) ENGINE=InnoDB; +INSERT INTO t SELECT * FROM seq_1_to_10; +REPAIR TABLE t; +DROP TABLE t; +exit +EOF +let TERM=dumb; +replace_regex /id is \d+/id is X/ /Server version: .*/Server version: Y/ / \(\d+\.\d+ sec\)// /Stage: \d+ of \d+ '.*?'\s+[0-9.]+% of stage done/Stage: X of Y 'Z' P% of stage done/ / +\r//; +error 0,127; +exec socat -t30 EXEC:"$MYSQL test -q --quick-max-column-width 6",pty STDIO < $MYSQL_TMP_DIR/mysql_in; +if ($sys_errno == 127) +{ + remove_file $MYSQL_TMP_DIR/mysql_in; + skip no socat; +} +remove_file $MYSQL_TMP_DIR/mysql_in; + +--echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysql_upgrade.result mariadb-11.8.8/mysql-test/main/mysql_upgrade.result --- mariadb-11.8.6/mysql-test/main/mysql_upgrade.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysql_upgrade.result 2026-05-24 09:58:30.000000000 +0000 @@ -2453,3 +2453,18 @@ GRANT ALL PRIVILEGES ON `mysql`.* TO `foo`@`bar` drop user foo@bar; # End of 11.3 tests +# +# MDEV-38698 mysql_upgrade does not fix charset and collation for mysql.user +# +FLUSH TABLES mysql.user; +FLUSH PRIVILEGES; +SELECT CHARACTER_SET_CLIENT, COLLATION_CONNECTION FROM INFORMATION_SCHEMA.VIEWS +WHERE TABLE_SCHEMA='mysql' AND TABLE_NAME='user'; +CHARACTER_SET_CLIENT COLLATION_CONNECTION +utf8mb3 utf8mb3_general_ci +FLUSH TABLES mysql.user; +FLUSH PRIVILEGES; +SELECT CHARACTER_SET_CLIENT, COLLATION_CONNECTION FROM INFORMATION_SCHEMA.VIEWS +WHERE TABLE_SCHEMA='mysql' AND TABLE_NAME='user'; +CHARACTER_SET_CLIENT COLLATION_CONNECTION +latin1 latin1_swedish_ci diff -Nru mariadb-11.8.6/mysql-test/main/mysql_upgrade.test mariadb-11.8.8/mysql-test/main/mysql_upgrade.test --- mariadb-11.8.6/mysql-test/main/mysql_upgrade.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysql_upgrade.test 2026-05-24 09:58:30.000000000 +0000 @@ -573,3 +573,25 @@ drop user foo@bar; --echo # End of 11.3 tests + + +--echo # +--echo # MDEV-38698 mysql_upgrade does not fix charset and collation for mysql.user +--echo # + +--remove_file $MYSQLD_DATADIR/mysql/user.frm +--copy_file std_data/upgrade/user-100625-utf8mb3.frm $MYSQLD_DATADIR/mysql/user.frm + +FLUSH TABLES mysql.user; +FLUSH PRIVILEGES; +SELECT CHARACTER_SET_CLIENT, COLLATION_CONNECTION FROM INFORMATION_SCHEMA.VIEWS +WHERE TABLE_SCHEMA='mysql' AND TABLE_NAME='user'; + +--replace_result $MYSQLTEST_VARDIR var +--exec $MYSQL_UPGRADE --force --silent 2>&1 +--remove_file $MYSQLD_DATADIR/mariadb_upgrade_info + +FLUSH TABLES mysql.user; +FLUSH PRIVILEGES; +SELECT CHARACTER_SET_CLIENT, COLLATION_CONNECTION FROM INFORMATION_SCHEMA.VIEWS +WHERE TABLE_SCHEMA='mysql' AND TABLE_NAME='user'; diff -Nru mariadb-11.8.6/mysql-test/main/mysqlbinlog.result mariadb-11.8.8/mysql-test/main/mysqlbinlog.result --- mariadb-11.8.6/mysql-test/main/mysqlbinlog.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqlbinlog.result 2026-05-24 09:58:30.000000000 +0000 @@ -1347,6 +1347,26 @@ FOUND 1 /INSERT INTO .* VALUES/ in mdev24959_2.txt FOUND 1 /SET /[*] no columns [*]// in mdev24959_2.txt # +# MDEV-39404 Gtid_log_event crash +# +/*!50530 SET @@SESSION.PSEUDO_SLAVE_MODE=1*/; +/*!40019 SET @@session.max_delayed_threads=0*/; +/*!50003 SET @OLD_COMPLETION_TYPE=@@COMPLETION_TYPE,COMPLETION_TYPE=0*/; +DELIMITER /*!*/; +# at 4 +#260422 10:44:37 server id 1 end_log_pos 256 CRC32 0xcb5fac99 Start: binlog v 4, server v 10.6.26-MariaDB-debug-log created 260422 10:44:37 at startup +ROLLBACK/*!*/; +BINLOG ' +laboaQ8BAAAA/AAAAAABAAAAAAQAMTAuNi4yNi1NYXJpYURCLWRlYnVnLWxvZwAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAACVpuhpEzgNAAgAEgAEBAQEEgAA5AAEGggAAAAICAgCAAAACgoKAAAAAAAA +CgoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAEEwQADQgICAoKCgGZrF/L +'/*!*/; +ERROR: Error in Log_event::read_log_event(): 'Found invalid event in binary log', data_len: 401, event_type: 162 +ERROR: Could not read entry at offset 256: Error in log format or read error. +# End of 10.6 tests +# # MDEV-33239: mysqlbinlog always stops at timestamp 0xffffffff # RESET MASTER; diff -Nru mariadb-11.8.6/mysql-test/main/mysqlbinlog.test mariadb-11.8.8/mysql-test/main/mysqlbinlog.test --- mariadb-11.8.6/mysql-test/main/mysqlbinlog.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqlbinlog.test 2026-05-24 09:58:30.000000000 +0000 @@ -719,6 +719,14 @@ --remove_file $MYSQLTEST_VARDIR/tmp/mdev24959_1.txt --remove_file $MYSQLTEST_VARDIR/tmp/mdev24959_2.txt +--echo # +--echo # MDEV-39404 Gtid_log_event crash +--echo # +--error 1 +--exec $MYSQL_BINLOG $MYSQL_TEST_DIR/std_data/mdev-39404-binlog.000001 2>& 1 + +--echo # End of 10.6 tests + --echo # --echo # MDEV-33239: mysqlbinlog always stops at timestamp 0xffffffff diff -Nru mariadb-11.8.6/mysql-test/main/mysqlcheck.result mariadb-11.8.8/mysql-test/main/mysqlcheck.result --- mariadb-11.8.6/mysql-test/main/mysqlcheck.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqlcheck.result 2026-05-24 09:58:30.000000000 +0000 @@ -494,3 +494,11 @@ db_name table_name column_name min_value max_value nulls_ratio avg_length avg_frequency test t1 a 1 3 0.0000 4.0000 1.0000 drop table t1; +# +# MDEV-38778 mariadbcheck --silent +# +create table t1 (a int) engine=innodb; +test.t1 +note : Table does not support optimize, doing recreate + analyze instead +drop table t1; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysqlcheck.test mariadb-11.8.8/mysql-test/main/mysqlcheck.test --- mariadb-11.8.6/mysql-test/main/mysqlcheck.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqlcheck.test 2026-05-24 09:58:30.000000000 +0000 @@ -422,3 +422,12 @@ --exec $MYSQL_CHECK --analyze test t1 --persistent select db_name,table_name,column_name,min_value,max_value,nulls_ratio,avg_length,avg_frequency from mysql.column_stats where db_name = 'test' and table_name = 't1' order by db_name,table_name; drop table t1; + +--echo # +--echo # MDEV-38778 mariadbcheck --silent +--echo # +create table t1 (a int) engine=innodb; +--exec $MYSQL_CHECK -s --optimize test t1 +drop table t1; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysqld--help-aria.result mariadb-11.8.8/mysql-test/main/mysqld--help-aria.result --- mariadb-11.8.6/mysql-test/main/mysqld--help-aria.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqld--help-aria.result 2026-05-24 09:58:30.000000000 +0000 @@ -4,9 +4,7 @@ # Check that we don't write any data to wrong or not existing datadir # [Warning] --table-cache is deprecated and will be removed in a future release. Please use --table-open-cache instead. -[Warning] Could not open mysql.plugin table: "Table 'mysql.plugin' doesn't exist". Some options may be missing from the help text # # Check with existing directory # [Warning] --table-cache is deprecated and will be removed in a future release. Please use --table-open-cache instead. -[Warning] Could not open mysql.plugin table: "Table 'mysql.plugin' doesn't exist". Some options may be missing from the help text diff -Nru mariadb-11.8.6/mysql-test/main/mysqld--help.result mariadb-11.8.8/mysql-test/main/mysqld--help.result --- mariadb-11.8.6/mysql-test/main/mysqld--help.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqld--help.result 2026-05-24 09:58:30.000000000 +0000 @@ -1343,7 +1343,8 @@ the transaction) --show-slave-auth-info Show user and password in SHOW SLAVE HOSTS on this master - --silent-startup Don't print [Note] to the error log during startup + --silent-startup Don't print [Note] or failed plugin_loads to the error + log during startup --skip-grant-tables Start without grant tables. This gives all users FULL ACCESS to all tables --skip-host-cache Don't cache host names diff -Nru mariadb-11.8.6/mysql-test/main/mysqldump-compat-102.result mariadb-11.8.8/mysql-test/main/mysqldump-compat-102.result --- mariadb-11.8.6/mysql-test/main/mysqldump-compat-102.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqldump-compat-102.result 2026-05-24 09:58:30.000000000 +0000 @@ -92,7 +92,8 @@ CREATE DEFINER="root"@"localhost" PROCEDURE "p1"(a INT) AS BEGIN NULL; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/main/mysqldump-nl.result mariadb-11.8.8/mysql-test/main/mysqldump-nl.result --- mariadb-11.8.6/mysql-test/main/mysqldump-nl.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqldump-nl.result 2026-05-24 09:58:30.000000000 +0000 @@ -56,7 +56,7 @@ SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1 1v` AS SELECT - 1 AS `foobar + NULL AS `foobar raboof` */; SET character_set_client = @saved_cs_client; @@ -75,7 +75,8 @@ DELIMITER ;; CREATE DEFINER=`root`@`localhost` PROCEDURE `sp`() select * from `v1 -1v` ;; +1v` +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/main/mysqldump.result mariadb-11.8.8/mysql-test/main/mysqldump.result --- mariadb-11.8.6/mysql-test/main/mysqldump.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqldump.result 2026-05-24 09:58:30.000000000 +0000 @@ -2284,7 +2284,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v2`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -2380,7 +2380,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v1`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -2461,7 +2461,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v2`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -2585,25 +2585,25 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `a`, - 1 AS `b`, - 1 AS `c` */; + NULL AS `a`, + NULL AS `b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS `v2`; /*!50001 DROP VIEW IF EXISTS `v2`*/; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS `v3`; /*!50001 DROP VIEW IF EXISTS `v3`*/; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3` AS SELECT - 1 AS `a`, - 1 AS `b`, - 1 AS `c` */; + NULL AS `a`, + NULL AS `b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v1`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -2755,7 +2755,8 @@ set new.a := 10; set new.a := 11; end if; -end */;; +end +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -2772,7 +2773,8 @@ DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 trigger trg2 before update on t1 for each row begin if old.a % 2 = 0 then set new.b := 12; end if; -end */;; +end +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -2792,7 +2794,8 @@ if new.a = -1 then set @fired:= "Yes"; end if; -end */;; +end +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -2827,7 +2830,8 @@ if new.a > 10 then set @fired:= "No"; end if; -end */;; +end +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3047,7 +3051,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`root`@`localhost` FUNCTION `bug9056_func1`(a INT, b INT) RETURNS int(11) -RETURN a+b ;; +RETURN a+b +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3067,7 +3072,8 @@ begin set f1= concat( 'hello', f1 ); return f1; -end ;; +end +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3084,7 +3090,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER="root"@"localhost" PROCEDURE "a'b"() -select 1 ;; +select 1 +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3101,7 +3108,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`root`@`localhost` PROCEDURE `bug9056_proc1`(IN a INT, IN b INT, OUT c INT) -BEGIN SELECT a+b INTO c; end ;; +BEGIN SELECT a+b INTO c; end +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3120,7 +3128,8 @@ CREATE DEFINER=`root`@`localhost` PROCEDURE `bug9056_proc2`(OUT a INT) BEGIN select sum(id) from t1 into a; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3306,7 +3315,8 @@ /*!50003 SET sql_mode = '' */ ; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER `test trig` BEFORE INSERT ON `t1 test` FOR EACH ROW BEGIN -INSERT INTO `t2 test` SET a2 = NEW.a1; END */;; +INSERT INTO `t2 test` SET a2 = NEW.a1; END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3399,27 +3409,27 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v0` AS SELECT - 1 AS `a`, - 1 AS `b`, - 1 AS `c` */; + NULL AS `a`, + NULL AS `b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS `v1`; /*!50001 DROP VIEW IF EXISTS `v1`*/; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `a`, - 1 AS `b`, - 1 AS `c` */; + NULL AS `a`, + NULL AS `b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; DROP TABLE IF EXISTS `v2`; /*!50001 DROP VIEW IF EXISTS `v2`*/; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a`, - 1 AS `b`, - 1 AS `c` */; + NULL AS `a`, + NULL AS `b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; USE `test`; @@ -3533,7 +3543,8 @@ FOR EACH ROW BEGIN SET new.a = 0; -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -3821,7 +3832,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `id` */; + NULL AS `id` */; SET character_set_client = @saved_cs_client; USE `mysqldump_test_db`; @@ -3883,7 +3894,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `nasishnasifu` AS SELECT - 1 AS `id` */; + NULL AS `id` */; SET character_set_client = @saved_cs_client; USE `mysqldump_tables`; @@ -4195,7 +4206,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`user1`@`%` PROCEDURE `sp1`() -select 'hello' ;; +select 'hello' +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -4330,7 +4342,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `c` */; + NULL AS `c` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v2`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -4782,7 +4794,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `id` */; + NULL AS `id` */; SET character_set_client = @saved_cs_client; USE `mysqldump_test_db`; @@ -5122,7 +5134,8 @@ /*!50003 SET sql_mode = '' */ ; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER `trig` BEFORE INSERT ON `test` FOR EACH ROW BEGIN -END */;; +END +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -5840,7 +5853,8 @@ /*!50003 SET collation_connection = utf8mb3_uca1400_ai_ci */ ; DELIMITER ;; CREATE DEFINER=`root`@`localhost` PROCEDURE `p1`() -BEGIN END ;; +BEGIN END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -5903,7 +5917,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `nonunique_table_view_name` AS SELECT - 1 AS `1` */; + NULL AS `1` */; SET character_set_client = @saved_cs_client; CREATE DATABASE /*!32312 IF NOT EXISTS*/ `db2` /*!40100 DEFAULT CHARACTER SET utf8mb3 COLLATE utf8mb3_uca1400_ai_ci */; @@ -6045,7 +6059,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `nonunique_table_view_name` AS SELECT - 1 AS `1` */; + NULL AS `1` */; SET character_set_client = @saved_cs_client; USE `db2`; @@ -6158,7 +6172,8 @@ /*!50032 DROP TRIGGER IF EXISTS tt1_t1 */; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tt1_t1 BEFORE INSERT ON t1 FOR EACH ROW -SET NEW.b=NEW.a + 10 */;; +SET NEW.b=NEW.a + 10 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -6969,7 +6984,8 @@ /*!50003 SET sql_mode = '' */ ;; /*!50003 SET @saved_time_zone = @@time_zone */ ;; /*!50003 SET time_zone = 'SYSTEM' */ ;; -/*!50106 CREATE*/ /*!50117 DEFINER=`root`@`localhost`*/ /*!50106 EVENT `e1` ON SCHEDULE EVERY 1 YEAR STARTS '2030-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO select not_a_value */ ;; +/*!50106 CREATE*/ /*!50117 DEFINER=`root`@`localhost`*/ /*!50106 EVENT `e1` ON SCHEDULE EVERY 1 YEAR STARTS '2030-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO select not_a_value +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -6987,7 +7003,8 @@ /*!50003 SET collation_connection = utf8mb3_uca1400_ai_ci */ ; DELIMITER ;; CREATE DEFINER=`root`@`localhost` FUNCTION `f2`() RETURNS int(11) -return 2 ;; +return 2 +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -7033,7 +7050,7 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v'1"2` AS SELECT - 1 AS `a` */; + NULL AS `a` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v'1"2`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; @@ -7097,6 +7114,64 @@ drop table `con`; drop table `con/bar`; drop table `con@fame`; +# +# MDEV-36183 mariadb-dump backup corrupt if stored procedure ends with comment +# +CREATE TABLE t1 (f1 INT); +CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW SET @f1 = 1 #comment; +CREATE PROCEDURE pr1() +BEGIN +SELECT 1; +END +-- comment-end +$ +CREATE TRIGGER tr2 BEFORE UPDATE ON t1 FOR EACH ROW +BEGIN +SET @f1 = 2; +END +-- comment-end +$ +CREATE FUNCTION f1() RETURNS TINYINT DETERMINISTIC +BEGIN +RETURN 1; +END +-- comment-end +$ +CREATE PROCEDURE pr2 () SELECT "a" #comment; +CREATE EVENT ev1 ON SCHEDULE AT '2030-01-01 00:00:00' DO SELECT "a" #comment; +Warnings: +Warning 1105 Event scheduler is switched off, use SET GLOBAL event_scheduler=ON to enable it. +DROP PROCEDURE pr1; +DROP PROCEDURE pr2; +DROP TRIGGER tr1; +DROP TRIGGER tr2; +DROP TABLE t1; +DROP EVENT ev1; +DROP FUNCTION f1; +DROP PROCEDURE pr1; +DROP PROCEDURE pr2; +DROP TRIGGER tr1; +DROP TRIGGER tr2; +DROP TABLE t1; +DROP EVENT ev1; +DROP FUNCTION f1; +# +# MDEV-32770 mariadb-dump produces not loadable dump due to temporary view structure +# +create table t1 (f geometry); +create view v2 AS select f from t1; +create view v1 AS select st_contains(f,ST_GEOMFROMTEXT('POINT(1 1)')) from v2; +create database db; +create or replace table t1 (id varchar(20) not null, ip inet6 not null); +create or replace view v2 as select id, min(ip) as ip from t1 group by id; +create or replace view v1 as select coalesce(v2.ip, t1.ip) as ip from t1 left join v2 using(id); +create or replace view v4 as select cast(id as time) d1 from t1; +create or replace view v3 as select to_char(d1,'MM') c1 FROM v4; +create or replace database db; +drop view v3,v4; +drop database db; +drop view v1,v2; +drop table t1; # End of 10.6 tests # # MDEV-16733 mysqldump --tab and --xml options are conflicting diff -Nru mariadb-11.8.6/mysql-test/main/mysqldump.test mariadb-11.8.8/mysql-test/main/mysqldump.test --- mariadb-11.8.6/mysql-test/main/mysqldump.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqldump.test 2026-05-24 09:58:30.000000000 +0000 @@ -3077,6 +3077,87 @@ drop table `con/bar`; drop table `con@fame`; + +--echo # +--echo # MDEV-36183 mariadb-dump backup corrupt if stored procedure ends with comment +--echo # + +CREATE TABLE t1 (f1 INT); +CREATE TRIGGER tr1 BEFORE INSERT ON t1 FOR EACH ROW SET @f1 = 1 #comment; + +--delimiter $ + +CREATE PROCEDURE pr1() +BEGIN +SELECT 1; +END +-- comment-end +$ + +CREATE TRIGGER tr2 BEFORE UPDATE ON t1 FOR EACH ROW +BEGIN +SET @f1 = 2; +END +-- comment-end +$ + +CREATE FUNCTION f1() RETURNS TINYINT DETERMINISTIC +BEGIN + RETURN 1; +END +-- comment-end +$ + +--delimiter ; + +CREATE PROCEDURE pr2 () SELECT "a" #comment; +CREATE EVENT ev1 ON SCHEDULE AT '2030-01-01 00:00:00' DO SELECT "a" #comment; + +--exec $MYSQL_DUMP test --compact --routines --triggers --events > $MYSQL_TMP_DIR/1.dump +DROP PROCEDURE pr1; +DROP PROCEDURE pr2; +DROP TRIGGER tr1; +DROP TRIGGER tr2; +DROP TABLE t1; +DROP EVENT ev1; +DROP FUNCTION f1; + +--exec $MYSQL test < $MYSQL_TMP_DIR/1.dump + +DROP PROCEDURE pr1; +DROP PROCEDURE pr2; +DROP TRIGGER tr1; +DROP TRIGGER tr2; +DROP TABLE t1; +DROP EVENT ev1; +DROP FUNCTION f1; + +--echo # +--echo # MDEV-32770 mariadb-dump produces not loadable dump due to temporary view structure +--echo # + +create table t1 (f geometry); +create view v2 AS select f from t1; +create view v1 AS select st_contains(f,ST_GEOMFROMTEXT('POINT(1 1)')) from v2; + +create database db; +--exec $MYSQL_DUMP test | $MYSQL db + +create or replace table t1 (id varchar(20) not null, ip inet6 not null); +create or replace view v2 as select id, min(ip) as ip from t1 group by id; +create or replace view v1 as select coalesce(v2.ip, t1.ip) as ip from t1 left join v2 using(id); +create or replace view v4 as select cast(id as time) d1 from t1; +create or replace view v3 as select to_char(d1,'MM') c1 FROM v4; + +create or replace database db; +--exec $MYSQL_DUMP test | $MYSQL db +drop view v3,v4; + +# Cleanup +drop database db; +drop view v1,v2; +drop table t1; + --echo # End of 10.6 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest.result mariadb-11.8.8/mysql-test/main/mysqltest.result --- mariadb-11.8.6/mysql-test/main/mysqltest.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest.result 2026-05-24 09:58:30.000000000 +0000 @@ -301,8 +301,6 @@ hej hej 1 - - a long variable content a long variable content a long a long variable content variable content @@ -733,6 +731,10 @@ if things work as expected These lines should be repeated, if things work as expected +=== +These lines should be repeated, +if things work as expected +=== Some data for cat_file command of mysqltest @@ -999,3 +1001,8 @@ 1 1 End of tests +# +# MDEV-38696: infinite loop in my_copy() function +# +# caught error and exited my_copy() +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest.test mariadb-11.8.8/mysql-test/main/mysqltest.test --- mariadb-11.8.6/mysql-test/main/mysqltest.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest.test 2026-05-24 09:58:30.000000000 +0000 @@ -789,9 +789,6 @@ let $1=1; let $2=$1; echo $2; -let $5=$6; -echo $5; -echo $6; let $where=a long variable content; echo $where; @@ -2274,6 +2271,9 @@ } cat_file $MYSQLTEST_VARDIR/tmp/app_while.tmp; +echo ===; +cat_file $MYSQLTEST_VARDIR/tmp/app_while.tmp 2; # feature sneaked inside MDEV-32745 +echo ===; remove_file $MYSQLTEST_VARDIR/tmp/app_while.tmp; # ---------------------------------------------------------------------------- @@ -2962,6 +2962,23 @@ --echo End of tests +--echo # +--echo # MDEV-38696: infinite loop in my_copy() function +--echo # + +--let $srcdir= $MYSQLTEST_VARDIR/tmp/mdev_38696_srcdir +--let $dstfile= $MYSQLTEST_VARDIR/tmp/mdev_38696_dstfile + +--mkdir $srcdir + +--error 1 +--copy_file $srcdir $dstfile +--echo # caught error and exited my_copy() + +--rmdir $srcdir + +--echo # End of 10.11 tests + # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest_string_functions.result mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.result --- mariadb-11.8.6/mysql-test/main/mysqltest_string_functions.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.result 2026-05-24 09:58:30.000000000 +0000 @@ -2,6 +2,32 @@ # Test for MDEV-36108: Variable substitutions in mysqltest # ---------------------------------------------------------------------------- # ---------------------------------------------------------------------------- +# Test absolute value function +# ---------------------------------------------------------------------------- +# Basic abs() function tests +abs(10) -> 10; +abs(-10) -> 10; +abs(0) -> 0; +abs(123456789) -> 123456789; +abs(-987654321) -> 987654321; +abs(NULL) -> ; +abs(5 - 10) -> 5; +abs(10 - 5) -> 5; +abs(-(-25)) -> 25; +abs(-2147483648) -> 2147483648; +abs(2147483647) -> 2147483647; +abs(1 == 1) -> 1; +abs(1 == 0) -> 0; +abs(-((5 * -3) + (2 - 8))) -> 21; +abs(((10 - 25) * (3 + 2))) -> 75; +abs(((2 - 6) * (-4 + 1))) -> 12; +abs((((-5 * 6) + 10) - (8 * -2))) -> 4; +abs(((((3 - 9) * 2) + 4) - 1)) -> 9; +abs(((-100 + 50) * (2 - 5))) -> 150; +abs(((-3 * (2 + 4)) + (18 / 3))) -> 12; +abs(((((10 - 5) * -3) + 4) * -2)) -> 22; +abs((((-2 * -2) - (5 * 3)) + 20)) -> 9; +# ---------------------------------------------------------------------------- # Test conversion functions (conv, bin, oct, hex) # ---------------------------------------------------------------------------- # Basic conv() function tests diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest_string_functions.test mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.test --- mariadb-11.8.6/mysql-test/main/mysqltest_string_functions.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest_string_functions.test 2026-05-24 09:58:30.000000000 +0000 @@ -5,6 +5,79 @@ --source include/not_embedded.inc --echo # ---------------------------------------------------------------------------- +--echo # Test absolute value function +--echo # ---------------------------------------------------------------------------- + +--echo # Basic abs() function tests + +let $a1 = $(abs(10)); +-- echo abs(10) -> $a1; + +let $a2 = $(abs(-10)); +-- echo abs(-10) -> $a2; + +let $a3 = $(abs(0)); +-- echo abs(0) -> $a3; + +let $a4 = $(abs(123456789)); +-- echo abs(123456789) -> $a4; + +let $a5 = $(abs(-987654321)); +-- echo abs(-987654321) -> $a5; + +let $a6 = $(abs(NULL)); +-- echo abs(NULL) -> $a6; + +let $a7 = $(abs(5 - 10)); +-- echo abs(5 - 10) -> $a7; + +let $a8 = $(abs(10 - 5)); +-- echo abs(10 - 5) -> $a8; + +let $a9 = $(abs(-(-25))); +-- echo abs(-(-25)) -> $a9; + +let $a10 = $(abs(-2147483648)); +-- echo abs(-2147483648) -> $a10; + +let $a11 = $(abs(2147483647)); +-- echo abs(2147483647) -> $a11; + +let $a12 = $(abs(1 == 1)); +-- echo abs(1 == 1) -> $a12; + +let $a13 = $(abs(1 == 0)); +-- echo abs(1 == 0) -> $a13; + +let $a14 = $(abs(-((5 * -3) + (2 - 8)))); +-- echo abs(-((5 * -3) + (2 - 8))) -> $a14; + +let $a15 = $(abs(((10 - 25) * (3 + 2)))); +-- echo abs(((10 - 25) * (3 + 2))) -> $a15; + +let $a16 = $(abs(((2 - 6) * (-4 + 1)))); +-- echo abs(((2 - 6) * (-4 + 1))) -> $a16; + +let $a17 = $(abs((((-5 * 6) + 10) - (8 * -2)))); +-- echo abs((((-5 * 6) + 10) - (8 * -2))) -> $a17; + +let $a18 = $(abs(((((3 - 9) * 2) + 4) - 1))); +-- echo abs(((((3 - 9) * 2) + 4) - 1)) -> $a18; + +let $a19 = $(abs(((-100 + 50) * (2 - 5)))); +-- echo abs(((-100 + 50) * (2 - 5))) -> $a19; + +let $a20 = $(abs(((-3 * (2 + 4)) + (18 / 3)))); +-- echo abs(((-3 * (2 + 4)) + (18 / 3))) -> $a20; + +let $a21 = $(abs(((((10 - 5) * -3) + 4) * -2))); +-- echo abs(((((10 - 5) * -3) + 4) * -2)) -> $a21; + +let $a22 = $(abs((((-2 * -2) - (5 * 3)) + 20))); +-- echo abs((((-2 * -2) - (5 * 3)) + 20)) -> $a22; + + +--echo # ---------------------------------------------------------------------------- --echo # Test conversion functions (conv, bin, oct, hex) --echo # ---------------------------------------------------------------------------- diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest_tracking_info.result mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.result --- mariadb-11.8.6/mysql-test/main/mysqltest_tracking_info.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.result 2026-05-24 09:58:30.000000000 +0000 @@ -198,3 +198,12 @@ -- tx_isolation: REPEATABLE-READ # End of 11.1 tests +# Session tracking with database charset utf16 +CREATE DATABASE testdb CHARACTER SET utf16; +# tracking info on once +USE testdb; +-- Tracker : SESSION_TRACK_SCHEMA +-- testdb + +DROP DATABASE testdb; +# End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/mysqltest_tracking_info.test mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.test --- mariadb-11.8.6/mysql-test/main/mysqltest_tracking_info.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/mysqltest_tracking_info.test 2026-05-24 09:58:30.000000000 +0000 @@ -1,4 +1,3 @@ - --source include/no_protocol.inc --source include/not_embedded.inc @@ -179,3 +178,12 @@ --disable_session_track_info --echo # End of 11.1 tests + +--echo # Session tracking with database charset utf16 +CREATE DATABASE testdb CHARACTER SET utf16; +--echo # tracking info on once +--enable_session_track_info ONCE +USE testdb; +DROP DATABASE testdb; + +--echo # End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/opt_trace.result mariadb-11.8.8/mysql-test/main/opt_trace.result --- mariadb-11.8.6/mysql-test/main/opt_trace.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/opt_trace.result 2026-05-24 09:58:30.000000000 +0000 @@ -11581,7 +11581,7 @@ "select_id": 1, "steps": [ { - "expanded_query": "select 'a\0' AS `a\x00` limit 0" + "expanded_query": "select 'a\\0' AS `a\\x00` limit 0" } ] } @@ -12949,6 +12949,65 @@ NULL set optimizer_trace='enabled=off'; drop table t1,t2,t3; +# +# MDEV-30354: Fix JSON escaping in optimizer trace output +# +set @saved_optimizer_trace=@@optimizer_trace; +set optimizer_trace='enabled=on'; +# Test 1: Simple double quotes +SELECT LENGTH("a"); +LENGTH("a") +1 +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) AS expanded_query FROM information_schema.optimizer_trace; +valid_json expanded_query +1 ["select octet_length('a') AS `LENGTH(\"a\")`"] +# Test 2: Nested quotes +SELECT LENGTH("a\"b"); +LENGTH("a\"b") +3 +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["select octet_length('a\"b') AS `LENGTH(\"a\\\"b\")`"] +# Test 3: Special characters with quotes +SELECT LENGTH("a\n\"b\t\"c"); +LENGTH("a\n\"b\t\"c") +7 +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["select octet_length('a\\n\"b\\t\"c') AS `LENGTH(\"a\\n\\\"b\\t\\\"c\")`"] +# Test 4: New line +SELECT COLUMN_JSON(COLUMN_CREATE("foo", "New +line" AS CHAR)); +COLUMN_JSON(COLUMN_CREATE("foo", "New +line" AS CHAR)) +{"foo":"New\u000Aline"} +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["select column_json(column_create('foo','New\\nline' AS char charset latin1 collate latin1_swedish_ci )) AS `COLUMN_JSON(COLUMN_CREATE(\"foo\", \"New\nline\" AS CHAR))`"] +# Test 5: Backslashes +SELECT LENGTH("a\\b"); +LENGTH("a\\b") +3 +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["select octet_length('a\\\\b') AS `LENGTH(\"a\\\\b\")`"] +# Test 6: JSON functions +SELECT JSON_EXTRACT('{"key":"value"}', "$.key"); +JSON_EXTRACT('{"key":"value"}', "$.key") +"value" +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["select json_extract('{\"key\":\"value\"}','$.key') AS `JSON_EXTRACT('{\"key\":\"value\"}', \"$.key\")`"] +# Test 7: Failed escape due to illegal symbol +SET NAMES utf8mb4; +SELECT "ð„ž" AS x; +x +ð„ž +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; +valid_json json_detailed(json_extract(trace,'$**.expanded_query')) +1 ["Error: failed to escape query string for JSON output"] +SET NAMES DEFAULT; +set optimizer_trace=@saved_optimizer_trace; # End of 10.11 tests # # Testing of records_out diff -Nru mariadb-11.8.6/mysql-test/main/opt_trace.test mariadb-11.8.8/mysql-test/main/opt_trace.test --- mariadb-11.8.6/mysql-test/main/opt_trace.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/opt_trace.test 2026-05-24 09:58:30.000000000 +0000 @@ -1239,6 +1239,49 @@ set optimizer_trace='enabled=off'; drop table t1,t2,t3; + +--echo # +--echo # MDEV-30354: Fix JSON escaping in optimizer trace output +--echo # + +set @saved_optimizer_trace=@@optimizer_trace; +set optimizer_trace='enabled=on'; +--disable_view_protocol + +--echo # Test 1: Simple double quotes +SELECT LENGTH("a"); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) AS expanded_query FROM information_schema.optimizer_trace; + +--echo # Test 2: Nested quotes +SELECT LENGTH("a\"b"); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +--echo # Test 3: Special characters with quotes +SELECT LENGTH("a\n\"b\t\"c"); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +--echo # Test 4: New line +SELECT COLUMN_JSON(COLUMN_CREATE("foo", "New +line" AS CHAR)); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +--echo # Test 5: Backslashes +SELECT LENGTH("a\\b"); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +--echo # Test 6: JSON functions +SELECT JSON_EXTRACT('{"key":"value"}', "$.key"); +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +--echo # Test 7: Failed escape due to illegal symbol +SET NAMES utf8mb4; +SELECT "ð„ž" AS x; +SELECT json_valid(trace) AS valid_json, json_detailed(json_extract(trace,'$**.expanded_query')) FROM information_schema.optimizer_trace; + +SET NAMES DEFAULT; +set optimizer_trace=@saved_optimizer_trace; +--enable_view_protocol + --echo # End of 10.11 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/main/order_by_limit_join.result mariadb-11.8.8/mysql-test/main/order_by_limit_join.result --- mariadb-11.8.6/mysql-test/main/order_by_limit_join.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/order_by_limit_join.result 2026-05-24 09:58:30.000000000 +0000 @@ -520,6 +520,161 @@ DROP TABLE t1; set optimizer_join_limit_pref_ratio=default; # +# MDEV-38072 Optimizer choosing the wrong plan +# +CREATE TABLE t0 ( +actor_id bigint(20) unsigned NOT NULL AUTO_INCREMENT, +actor_name varbinary(255) NOT NULL, +PRIMARY KEY (actor_id), +UNIQUE KEY actor_name (actor_name) +) ENGINE=InnoDB DEFAULT CHARSET=binary; +CREATE TABLE t1 ( +log_id int(10) unsigned NOT NULL AUTO_INCREMENT, +log_type varbinary(32) NOT NULL DEFAULT '', +log_timestamp binary(14) NOT NULL DEFAULT '19700101000000', +log_params blob NOT NULL, +log_actor bigint(20) unsigned NOT NULL, +index log_actor_type_time (log_actor,log_type,log_timestamp), +index log_type_time (log_type,log_timestamp), +index log_actor_time (log_actor,log_timestamp), +index log_times (log_timestamp), +PRIMARY KEY (log_id) +) ENGINE=InnoDB DEFAULT CHARSET=binary; +insert into t0 select seq, seq from seq_1_to_10; +update t0 set actor_name = 'DGG' where actor_id = 4; +insert into t1 +(log_timestamp, log_actor, log_params, log_type) +select +19700101+seq, +floor(seq / 400), /* log_actor, 50x */ +'log-params-value=log-params-value', +concat('val-', 100 + mod(seq, 100)) /* log_type */ +from +seq_1_to_20000; +analyze table t0, t1; +Table Op Msg_type Msg_text +test.t0 analyze status Engine-independent statistics collected +test.t0 analyze status OK +test.t1 analyze status Engine-independent statistics collected +test.t1 analyze Warning Engine-independent statistics are not collected for column 'log_params' +test.t1 analyze status OK +set optimizer_trace=1; +# +# Bad query plan: t1 has access_type:index, key=log_times +# +explain format=json +SELECT log_id, log_type, log_params, log_timestamp +FROM t0, t1 +WHERE +t0.actor_name = 'DGG' and +t0.actor_id = t1.log_actor and +t1.log_type NOT IN ('val-110', 'val-120', 'val-130', 'val-133', 'val-144', +'val-155', 'val-160', 'val-170', 'val-180') +ORDER BY +log_timestamp DESC, log_id DESC +LIMIT 2; +EXPLAIN +{ + "query_block": { + "select_id": 1, + "cost": "COST_REPLACED", + "nested_loop": [ + { + "table": { + "table_name": "t0", + "access_type": "const", + "possible_keys": ["PRIMARY", "actor_name"], + "key": "actor_name", + "key_length": "257", + "used_key_parts": ["actor_name"], + "ref": ["const"], + "rows": 1, + "filtered": 100, + "using_index": true + } + }, + { + "table": { + "table_name": "t1", + "access_type": "range", + "possible_keys": [ + "log_actor_type_time", + "log_type_time", + "log_actor_time" + ], + "key": "log_actor_time", + "key_length": "8", + "used_key_parts": ["log_actor"], + "loops": 1, + "rows": 400, + "cost": "COST_REPLACED", + "filtered": 91, + "attached_condition": "t1.log_actor = 4 and t1.log_type not in ('val-110','val-120','val-130','val-133','val-144','val-155','val-160','val-170','val-180')" + } + } + ] + } +} +# +# Better query plan: t1 has access_type:range, key=log_actor_time, used_key_parts: log_actor +# +explain format=json +SELECT log_id, log_type, log_params, log_timestamp +FROM t0, t1 +WHERE +t0.actor_name = 'DGG' and +t0.actor_id = t1.log_actor and +t1.log_type NOT IN ('val-110', 'val-120', 'val-130', 'val-133', 'val-144', +'val-155', 'val-160', 'val-170', 'val-180') +ORDER BY +log_timestamp DESC, log_id DESC +LIMIT 2; +EXPLAIN +{ + "query_block": { + "select_id": 1, + "cost": "COST_REPLACED", + "nested_loop": [ + { + "table": { + "table_name": "t0", + "access_type": "const", + "possible_keys": ["PRIMARY", "actor_name"], + "key": "actor_name", + "key_length": "257", + "used_key_parts": ["actor_name"], + "ref": ["const"], + "rows": 1, + "filtered": 100, + "using_index": true + } + }, + { + "table": { + "table_name": "t1", + "access_type": "range", + "possible_keys": [ + "log_actor_type_time", + "log_type_time", + "log_actor_time" + ], + "key": "log_actor_time", + "key_length": "8", + "used_key_parts": ["log_actor"], + "loops": 1, + "rows": 400, + "cost": "COST_REPLACED", + "filtered": 91, + "attached_condition": "t1.log_actor = 4 and t1.log_type not in ('val-110','val-120','val-130','val-133','val-144','val-155','val-160','val-170','val-180')" + } + } + ] + } +} +drop table t0, t1; +SET GLOBAL innodb_stats_persistent=default; +# End of 10.11 tests +# # MDEV-35072: Assertion failure with optimizer_join_limit_pref_ratio and 1-table select # SET optimizer_join_limit_pref_ratio=1; diff -Nru mariadb-11.8.6/mysql-test/main/order_by_limit_join.test mariadb-11.8.8/mysql-test/main/order_by_limit_join.test --- mariadb-11.8.6/mysql-test/main/order_by_limit_join.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/order_by_limit_join.test 2026-05-24 09:58:30.000000000 +0000 @@ -3,6 +3,7 @@ --echo # --source include/have_sequence.inc +--source include/have_innodb.inc # We need optimizer trace --source include/not_embedded.inc @@ -254,6 +255,87 @@ set optimizer_join_limit_pref_ratio=default; --echo # +--echo # MDEV-38072 Optimizer choosing the wrong plan +--echo # + +CREATE TABLE t0 ( + actor_id bigint(20) unsigned NOT NULL AUTO_INCREMENT, + actor_name varbinary(255) NOT NULL, + PRIMARY KEY (actor_id), + UNIQUE KEY actor_name (actor_name) +) ENGINE=InnoDB DEFAULT CHARSET=binary; + +CREATE TABLE t1 ( + log_id int(10) unsigned NOT NULL AUTO_INCREMENT, + log_type varbinary(32) NOT NULL DEFAULT '', + log_timestamp binary(14) NOT NULL DEFAULT '19700101000000', + log_params blob NOT NULL, + log_actor bigint(20) unsigned NOT NULL, + + index log_actor_type_time (log_actor,log_type,log_timestamp), + index log_type_time (log_type,log_timestamp), + index log_actor_time (log_actor,log_timestamp), + index log_times (log_timestamp), + PRIMARY KEY (log_id) +) ENGINE=InnoDB DEFAULT CHARSET=binary; + + +insert into t0 select seq, seq from seq_1_to_10; +update t0 set actor_name = 'DGG' where actor_id = 4; + +insert into t1 + (log_timestamp, log_actor, log_params, log_type) +select + 19700101+seq, + floor(seq / 400), /* log_actor, 50x */ + 'log-params-value=log-params-value', + concat('val-', 100 + mod(seq, 100)) /* log_type */ +from + seq_1_to_20000; + +analyze table t0, t1; + +set optimizer_trace=1; + +let $q= +explain format=json +SELECT log_id, log_type, log_params, log_timestamp +FROM t0, t1 +WHERE + t0.actor_name = 'DGG' and + t0.actor_id = t1.log_actor and + t1.log_type NOT IN ('val-110', 'val-120', 'val-130', 'val-133', 'val-144', + 'val-155', 'val-160', 'val-170', 'val-180') +ORDER BY + log_timestamp DESC, log_id DESC +LIMIT 2; + +--echo # +--echo # Bad query plan: t1 has access_type:index, key=log_times +--echo # +--replace_regex /("rows": )[0-9]+/\1"REPLACED"/ +--source include/explain-no-costs.inc +eval $q; + +# uncomment after fixing MDEV-39508 +#set @tmp=@@optimizer_adjust_secondary_key_costs, +# optimizer_adjust_secondary_key_costs="fix_order_by_index_choice"; +--echo # +--echo # Better query plan: t1 has access_type:range, key=log_actor_time, used_key_parts: log_actor +--echo # +--replace_regex /("rows": )[0-9]+/\1"REPLACED"/ +--source include/explain-no-costs.inc +eval $q; + +# uncomment after fixing MDEV-39508 +#set optimizer_adjust_secondary_key_costs=@tmp; +drop table t0, t1; + + +SET GLOBAL innodb_stats_persistent=default; +--echo # End of 10.11 tests + +--echo # --echo # MDEV-35072: Assertion failure with optimizer_join_limit_pref_ratio and 1-table select --echo # SET optimizer_join_limit_pref_ratio=1; Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/mysql-test/main/outfile.result and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/main/outfile.result differ diff -Nru mariadb-11.8.6/mysql-test/main/outfile.test mariadb-11.8.8/mysql-test/main/outfile.test --- mariadb-11.8.6/mysql-test/main/outfile.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/outfile.test 2026-05-24 09:58:30.000000000 +0000 @@ -8,12 +8,12 @@ create table t1 (`a` blob); insert into t1 values("hello world"),("Hello mars"),(NULL); -select * into outfile "../../tmp/outfile-test.1" from t1; -select load_file('../../tmp/outfile-test.1'); -select * into dumpfile "../../tmp/outfile-test.2" from t1 limit 1; -select load_file('../../tmp/outfile-test.2'); -select * into dumpfile "../../tmp/outfile-test.3" from t1 where a is null; -select load_file('../../tmp/outfile-test.3'); +eval select * into outfile "../../tmp/outfile-test.1" from t1; +select load_file(concat(@tmpdir,"/outfile-test.1")); +eval select * into dumpfile "../../tmp/outfile-test.2" from t1 limit 1; +select load_file(concat(@tmpdir,"/outfile-test.2")); +eval select * into dumpfile "../../tmp/outfile-test.3" from t1 where a is null; +select hex(load_file(concat(@tmpdir,"/outfile-test.3"))); # the following should give errors @@ -85,8 +85,8 @@ grant all on mysqltest.* to user_1@localhost; connect (con28181_1,localhost,user_1,,mysqltest); ---error ER_ACCESS_DENIED_ERROR -select schema_name +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +eval select schema_name into outfile "../../tmp/outfile-test.4" fields terminated by ',' optionally enclosed by '"' lines terminated by '\n' @@ -113,5 +113,26 @@ drop user user_1@localhost; drop database mysqltest; +--echo # +--echo # MDEV-39493 FILE privilege isn't checked for derived +--echo # + +create user u@localhost; +grant select on *.* to u@localhost; +connect u,localhost,u; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +evalp select 'hello' into outfile '$MYSQLTEST_VARDIR/tmp/3701920.out'; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +evalp select 'hello' into dumpfile '$MYSQLTEST_VARDIR/tmp/3701920.dump'; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +evalp select * into outfile '$MYSQLTEST_VARDIR/tmp/3701920.out' from (select 'hello') t; +--error ER_SPECIFIC_ACCESS_DENIED_ERROR +evalp select * into dumpfile '$MYSQLTEST_VARDIR/tmp/3701920.dump' from (select 'hello') t; +disconnect u; +connection default; +drop user u@localhost; + +--echo # End of 10.6 tests + # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc diff -Nru mariadb-11.8.6/mysql-test/main/parser.result mariadb-11.8.8/mysql-test/main/parser.result --- mariadb-11.8.6/mysql-test/main/parser.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/parser.result 2026-05-24 09:58:30.000000000 +0000 @@ -2261,12 +2261,18 @@ END WHILE ; END; $$ -# # End of 10.6 tests # +# MDEV-39654 schema-qualified unquoted table name starting with digit fails to parse # -# Start of 11.7 tests -# +create table 1a (1b int); +create table `select` (1c int); +select 1b from test.1a; +1b +select select.1c from test.select; +1c +drop table 1a, `select`; +# End of 10.11 tests # # MDEV-35229 NOCOPY has become reserved word bringing wide incompatibility # @@ -2312,6 +2318,4 @@ $$ nocopy 1 -# # End of 11.7 tests -# diff -Nru mariadb-11.8.6/mysql-test/main/parser.test mariadb-11.8.8/mysql-test/main/parser.test --- mariadb-11.8.6/mysql-test/main/parser.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/parser.test 2026-05-24 09:58:30.000000000 +0000 @@ -2064,15 +2064,22 @@ --disable_prepare_warnings ---echo # --echo # End of 10.6 tests ---echo # - --echo # ---echo # Start of 11.7 tests +--echo # MDEV-39654 schema-qualified unquoted table name starting with digit fails to parse --echo # +create table 1a (1b int); +create table `select` (1c int); + +select 1b from test.1a; +select select.1c from test.select; + +drop table 1a, `select`; + +--echo # End of 10.11 tests + --echo # --echo # MDEV-35229 NOCOPY has become reserved word bringing wide incompatibility --echo # @@ -2111,6 +2118,4 @@ $$ DELIMITER ;$$ ---echo # --echo # End of 11.7 tests ---echo # diff -Nru mariadb-11.8.6/mysql-test/main/partition_grant.result mariadb-11.8.8/mysql-test/main/partition_grant.result --- mariadb-11.8.6/mysql-test/main/partition_grant.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/partition_grant.result 2026-05-24 09:58:30.000000000 +0000 @@ -25,7 +25,6 @@ revoke alter on mysqltest_1.* from mysqltest_1@localhost; connect conn3,localhost,mysqltest_1,,mysqltest_1; alter table t1 drop partition p3; -ERROR 42000: ALTER command denied to user 'mysqltest_1'@'localhost' for table `mysqltest_1`.`t1` disconnect conn3; connection default; revoke select,alter,drop on mysqltest_1.* from mysqltest_1@localhost; @@ -49,3 +48,93 @@ drop user mysqltest_1@localhost; drop schema mysqltest_1; End of 5.1 tests +# +# MDEV-39028: DROP PARTITION should only require DROP privilege +# +create database mysqltest_2; +use mysqltest_2; +create table t1 (a int) +partition by list (a) ( +partition p0 values in (0), +partition p1 values in (1), +partition p2 values in (2)); +insert into t1 values (0), (1), (2); +# No privileges (must fail) +create user foo; +grant select on mysqltest_2.* to foo; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 drop partition p1; +ERROR 42000: DROP command denied to user 'foo'@'localhost' for table `mysqltest_2`.`t1` +alter table t1 convert partition p1 to table tp1; +ERROR 42000: DROP command denied to user 'foo'@'localhost' for table `mysqltest_2`.`t1` +disconnect conn; +# Only ALTER privilege (must fail) +connection default; +grant alter on mysqltest_2.* to foo; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT, ALTER ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 drop partition p1; +ERROR 42000: DROP command denied to user 'foo'@'localhost' for table `mysqltest_2`.`t1` +alter table t1 convert partition p1 to table tp1; +ERROR 42000: DROP command denied to user 'foo'@'localhost' for table `mysqltest_2`.`t1` +disconnect conn; +# Only DROP privilege (DROP must succeed, CONVERT OUT must fail) +connection default; +revoke alter on mysqltest_2.* from foo; +grant drop on mysqltest_2.* to foo@; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT, DROP ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 drop partition p1; +alter table t1 convert partition p2 to table tp2; +ERROR 42000: INSERT, CREATE command denied to user 'foo'@'localhost' for table `mysqltest_2`.`tp2` +disconnect conn; +# CREATE and INSERT privileges (CONVERT OUT must fail) +connection default; +revoke drop on mysqltest_2.* from foo; +grant insert, create on mysqltest_2.* to foo@; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT, INSERT, CREATE ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 convert partition p2 to table tp2; +ERROR 42000: DROP command denied to user 'foo'@'localhost' for table `mysqltest_2`.`t1` +disconnect conn; +# DROP and INSERT privileges (CONVERT OUT must fail) +connection default; +revoke create on mysqltest_2.* from foo; +grant drop on mysqltest_2.* to foo@; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT, INSERT, DROP ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 convert partition p2 to table tp2; +ERROR 42000: CREATE command denied to user 'foo'@'localhost' for table `mysqltest_2`.`tp2` +disconnect conn; +# CREATE, DROP and INSERT privileges (CONVERT OUT must succeed) +connection default; +grant create on mysqltest_2.* to foo@; +connect conn,localhost,foo,,mysqltest_2; +show grants for current_user; +Grants for foo@% +GRANT USAGE ON *.* TO `foo`@`%` +GRANT SELECT, INSERT, CREATE, DROP ON `mysqltest_2`.* TO `foo`@`%` +alter table t1 convert partition p2 to table tp2; +disconnect conn; +connection default; +drop table t1; +drop user foo; +drop database mysqltest_2; +use test; +# End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/partition_grant.test mariadb-11.8.8/mysql-test/main/partition_grant.test --- mariadb-11.8.6/mysql-test/main/partition_grant.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/partition_grant.test 2026-05-24 09:58:30.000000000 +0000 @@ -46,7 +46,6 @@ revoke alter on mysqltest_1.* from mysqltest_1@localhost; connect (conn3,localhost,mysqltest_1,,mysqltest_1); ---error ER_TABLEACCESS_DENIED_ERROR alter table t1 drop partition p3; disconnect conn3; @@ -80,3 +79,86 @@ drop schema mysqltest_1; --echo End of 5.1 tests + +--echo # +--echo # MDEV-39028: DROP PARTITION should only require DROP privilege +--echo # + +create database mysqltest_2; +use mysqltest_2; + +create table t1 (a int) +partition by list (a) ( + partition p0 values in (0), + partition p1 values in (1), + partition p2 values in (2)); +insert into t1 values (0), (1), (2); + +--echo # No privileges (must fail) +create user foo; +grant select on mysqltest_2.* to foo; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 drop partition p1; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 convert partition p1 to table tp1; +--disconnect conn + +--echo # Only ALTER privilege (must fail) +--connection default +grant alter on mysqltest_2.* to foo; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 drop partition p1; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 convert partition p1 to table tp1; +--disconnect conn + +--echo # Only DROP privilege (DROP must succeed, CONVERT OUT must fail) +--connection default +revoke alter on mysqltest_2.* from foo; +grant drop on mysqltest_2.* to foo@; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +alter table t1 drop partition p1; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 convert partition p2 to table tp2; +--disconnect conn + +--echo # CREATE and INSERT privileges (CONVERT OUT must fail) +--connection default +revoke drop on mysqltest_2.* from foo; +grant insert, create on mysqltest_2.* to foo@; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 convert partition p2 to table tp2; +--disconnect conn + +--echo # DROP and INSERT privileges (CONVERT OUT must fail) +--connection default +revoke create on mysqltest_2.* from foo; +grant drop on mysqltest_2.* to foo@; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +--error ER_TABLEACCESS_DENIED_ERROR +alter table t1 convert partition p2 to table tp2; +--disconnect conn + +--echo # CREATE, DROP and INSERT privileges (CONVERT OUT must succeed) +--connection default +grant create on mysqltest_2.* to foo@; +--connect conn,localhost,foo,,mysqltest_2 +show grants for current_user; +alter table t1 convert partition p2 to table tp2; +--disconnect conn + +--connection default +drop table t1; +drop user foo; +drop database mysqltest_2; +use test; + +--echo # End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/ps_mem_leaks.result mariadb-11.8.8/mysql-test/main/ps_mem_leaks.result --- mariadb-11.8.6/mysql-test/main/ps_mem_leaks.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ps_mem_leaks.result 2026-05-24 09:58:30.000000000 +0000 @@ -367,6 +367,27 @@ # Clean up DEALLOCATE PREPARE stmt; DROP TABLE t1; +# +# MDEV-39265: Assertion `(mem_root->flags & 4) == 0` failed upon 2nd execution `USING DEFAULT` with sequence +# +CREATE SEQUENCE s; +CREATE TABLE t (a INT DEFAULT(NEXTVAL(s))); +INSERT INTO t VALUES (1), (2); +PREPARE stmt FROM "UPDATE t SET a = ?"; +# Verify no SIGABRT +EXECUTE stmt USING 3; +EXECUTE stmt USING DEFAULT; +# Verify the there are no repeated allocations on statement mem_root +SET @saved_dbug = @@SESSION.debug_dbug; +SET SESSION debug_dbug="+d,assert_no_alloc_internal_tables"; +EXECUTE stmt USING DEFAULT; +EXECUTE stmt USING 4; +EXECUTE stmt USING DEFAULT; +EXECUTE stmt USING DEFAULT; +SET SESSION debug_dbug= @saved_dbug; +DEALLOCATE PREPARE stmt; +DROP SEQUENCE s; +DROP TABLE t; # End of 10.6 tests # # MDEV-34447: Memory leakage is detected on running the test main.ps against the server 11.1 @@ -465,4 +486,35 @@ # Clean up DROP PROCEDURE p1; DROP TABLE t1; +# +# MDEV-37491: Assertion `(mem_root->flags & 4) == 0` failed in `void *alloc_root(MEM_ROOT *, size_t)` +# +CREATE PROCEDURE p(x INT DEFAULT (SELECT 1)) +BEGIN +SELECT x FROM DUAL; +END; +// +CALL p(1); +x +1 +CALL p(); +x +1 +# Verify the there are no repeated allocations on statement mem_root +SET @saved_dbug = @@SESSION.debug_dbug; +SET SESSION debug_dbug="+d,assert_no_alloc_ref_array,assert_no_alloc_pre_fix"; +CALL p(); +x +1 +CALL p(); +x +1 +CALL p(1); +x +1 +CALL p(); +x +1 +SET SESSION debug_dbug= @saved_dbug; +DROP PROCEDURE p; # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/ps_mem_leaks.test mariadb-11.8.8/mysql-test/main/ps_mem_leaks.test --- mariadb-11.8.6/mysql-test/main/ps_mem_leaks.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/ps_mem_leaks.test 2026-05-24 09:58:30.000000000 +0000 @@ -384,6 +384,36 @@ DEALLOCATE PREPARE stmt; DROP TABLE t1; +--echo # +--echo # MDEV-39265: Assertion `(mem_root->flags & 4) == 0` failed upon 2nd execution `USING DEFAULT` with sequence +--echo # + +CREATE SEQUENCE s; +CREATE TABLE t (a INT DEFAULT(NEXTVAL(s))); +INSERT INTO t VALUES (1), (2); + +PREPARE stmt FROM "UPDATE t SET a = ?"; + +--echo # Verify no SIGABRT +EXECUTE stmt USING 3; +EXECUTE stmt USING DEFAULT; + +--echo # Verify the there are no repeated allocations on statement mem_root + +SET @saved_dbug = @@SESSION.debug_dbug; +SET SESSION debug_dbug="+d,assert_no_alloc_internal_tables"; + +EXECUTE stmt USING DEFAULT; +EXECUTE stmt USING 4; +EXECUTE stmt USING DEFAULT; +EXECUTE stmt USING DEFAULT; + +SET SESSION debug_dbug= @saved_dbug; + +DEALLOCATE PREPARE stmt; +DROP SEQUENCE s; +DROP TABLE t; + --echo # End of 10.6 tests --echo # @@ -500,4 +530,31 @@ DROP PROCEDURE p1; DROP TABLE t1; +--echo # +--echo # MDEV-37491: Assertion `(mem_root->flags & 4) == 0` failed in `void *alloc_root(MEM_ROOT *, size_t)` +--echo # + +--DELIMITER // +CREATE PROCEDURE p(x INT DEFAULT (SELECT 1)) +BEGIN + SELECT x FROM DUAL; +END; +// +--DELIMITER ; +CALL p(1); +CALL p(); + +--echo # Verify the there are no repeated allocations on statement mem_root +SET @saved_dbug = @@SESSION.debug_dbug; +SET SESSION debug_dbug="+d,assert_no_alloc_ref_array,assert_no_alloc_pre_fix"; + +CALL p(); +CALL p(); +CALL p(1); +CALL p(); + +SET SESSION debug_dbug= @saved_dbug; + +DROP PROCEDURE p; + --echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/query_cache.result mariadb-11.8.8/mysql-test/main/query_cache.result --- mariadb-11.8.6/mysql-test/main/query_cache.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/query_cache.result 2026-05-24 09:58:30.000000000 +0000 @@ -2299,3 +2299,37 @@ drop table t1; set global query_cache_type= @qcache; # End of 10.10 tests +# +# MDEV-25365 Server hangs or crashes in Query_cache::move_by_type upon FLUSH QUERY CACHE +# +set @qcache= @@global.query_cache_type; +set global query_cache_type= on; +set query_cache_type= on; +create table t1 (a int); +create table t2 (b int); +create table t3 (c int); +create table t4 (d int); +create view v4 as select * from t4; +create table t5 (e int); +create view v5 as select * from t5; +create table t6 (f int); +create view v6 as select * from t6; +create table t7 (g int); +select * from t1, t2; +a b +select * from t2; +b +select t7.* from t3 t3a, t3 t3b, t3 t3c, t3 t3d, t3 t3e, v4 v4a, v4 v4b, v4 v4c, v4 v4d, v5, v6, t6, t7; +g +alter table t1 force; +select * from t5, t6 /* this query needs to be of a certain length, so i am trying to make the comment at least 175 symbols long. now i am out of ideas what to write, so.............................. */; +e f +flush QUERY cache; +reset query cache; +FLUSH query cache; +drop view v4; +drop view v5; +drop view v6; +drop table t1, t2, t3, t4, t5, t6, t7; +set global query_cache_type= @qcache; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/query_cache.test mariadb-11.8.8/mysql-test/main/query_cache.test --- mariadb-11.8.6/mysql-test/main/query_cache.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/query_cache.test 2026-05-24 09:58:30.000000000 +0000 @@ -1903,4 +1903,55 @@ --echo # End of 10.10 tests +--echo # +--echo # MDEV-25365 Server hangs or crashes in Query_cache::move_by_type upon FLUSH QUERY CACHE +--echo # +set @qcache= @@global.query_cache_type; +set global query_cache_type= on; +set query_cache_type= on; + +create table t1 (a int); +create table t2 (b int); +create table t3 (c int); +create table t4 (d int); +create view v4 as select * from t4; +create table t5 (e int); +create view v5 as select * from t5; +create table t6 (f int); +create view v6 as select * from t6; +create table t7 (g int); + +# in the next 3 queries the exact tables or views seem to be important +# (but not the length of the query) + +select * from t1, t2; +select * from t2; +select t7.* from t3 t3a, t3 t3b, t3 t3c, t3 t3d, t3 t3e, v4 v4a, v4 v4b, v4 v4c, v4 v4d, v5, v6, t6, t7; + +# this most likely correlates with the first select, +# to kick it out from the cache but to keep everything else + +alter table t1 force; + +# here the length of the query and the presence of (at least) two tables +# seems to be important, while the exact tables are not +# the comment compensates for the length + +select * from t5, t6 /* this query needs to be of a certain length, so i am trying to make the comment at least 175 symbols long. now i am out of ideas what to write, so.............................. */; + +# this is the query cache magic which causes the hang or crash + +flush QUERY cache; +reset query cache; +FLUSH query cache; + +# cleanup +drop view v4; +drop view v5; +drop view v6; +drop table t1, t2, t3, t4, t5, t6, t7; +set global query_cache_type= @qcache; + +--echo # End of 10.11 tests + --enable_ps2_protocol diff -Nru mariadb-11.8.6/mysql-test/main/rowid_filter_innodb.result mariadb-11.8.8/mysql-test/main/rowid_filter_innodb.result --- mariadb-11.8.6/mysql-test/main/rowid_filter_innodb.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/rowid_filter_innodb.result 2026-05-24 09:58:30.000000000 +0000 @@ -3452,7 +3452,7 @@ "r_filtered": 100 }, "buffer_type": "flat", - "buffer_size": "8Kb", + "buffer_size": "8KiB", "join_type": "BKA", "mrr_type": "Rowid-ordered scan", "attached_condition": "a.atp = 1", @@ -3500,7 +3500,7 @@ "r_filtered": 100 }, "buffer_type": "incremental", - "buffer_size": "4Kb", + "buffer_size": "4KiB", "join_type": "BKA", "mrr_type": "Rowid-ordered scan", "attached_condition": "fi.fh in (6311439873746261694,-397087483897438286,8518228073041491534,-5420422472375069774)", diff -Nru mariadb-11.8.6/mysql-test/main/sargable_date_cond.result mariadb-11.8.8/mysql-test/main/sargable_date_cond.result --- mariadb-11.8.6/mysql-test/main/sargable_date_cond.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/sargable_date_cond.result 2026-05-24 09:58:30.000000000 +0000 @@ -756,7 +756,7 @@ "attached_condition": "t22.a >= '2017-02-01 00:00:00' and t22.b > '2017-11-01'" }, "buffer_type": "flat", - "buffer_size": "7Kb", + "buffer_size": "7KiB", "join_type": "BNL", "attached_condition": "t22.b > '2017-11-01'" } diff -Nru mariadb-11.8.6/mysql-test/main/set_operation_oracle.result mariadb-11.8.8/mysql-test/main/set_operation_oracle.result --- mariadb-11.8.6/mysql-test/main/set_operation_oracle.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/set_operation_oracle.result 2026-05-24 09:58:30.000000000 +0000 @@ -147,3 +147,72 @@ select * from t13 union select * from t234 intersect all select * from t12; ERROR 42S02: Table 'test.t13' doesn't exist set SQL_MODE=default; +# +# MDEV-38799 Some views are broken in Oracle mode after upgrade to Q1 2026 +# +set sql_mode=''; +create view v as select 'foo' as a union select 'bar' as a; +create view v2 as select 'foo' as a, 'baz' as b union select 'bar' as a, 'qux' as b; +create view v3 as select * from (select 'foo' as a, 'baz' as b) s union select * from (select 'bar' as a, 'qux' as b) s2; +create view v4 as select * from (select 'foo' as a) s union select * from (select 'bar' as a) s2; +select a from v; +a +foo +bar +select a, b from v2; +a b +foo baz +bar qux +select a, b from v3; +a b +foo baz +bar qux +select a from v4; +a +foo +bar +set sql_mode=oracle; +show create view v; +View Create View character_set_client collation_connection +v CREATE VIEW "v" AS select "__4"."a" AS "a" from (select 'foo' AS "a" union select 'bar' AS "a") "__4" latin1 latin1_swedish_ci +show create view v2; +View Create View character_set_client collation_connection +v2 CREATE VIEW "v2" AS select "__4"."a" AS "a","__4"."b" AS "b" from (select 'foo' AS "a",'baz' AS "b" union select 'bar' AS "a",'qux' AS "b") "__4" latin1 latin1_swedish_ci +select a from v; +a +foo +bar +select a, b from v2; +a b +foo baz +bar qux +select a, b from v3; +a b +foo baz +bar qux +select a from v4; +a +foo +bar +drop view v; +drop view v2; +drop view v3; +drop view v4; +set sql_mode=default; +# End of 10.11 tests +# +# MDEV-38987 ASAN heap-use-after-free upon using a view through a trigger in ORACLE mode +# +set sql_mode = oracle; +create table t1 (f int); +create table t2 (a int); +create view v as select 'x' union select 'x' union select 'x'; +create trigger tr before insert on t1 for each row delete from v; +insert into t1 values (1); +ERROR HY000: The target table v of the DELETE is not updatable +drop view v; +create view v as select * from t2; +INSERT into t1 values (2); +drop view v; +drop table t1, t2; +# End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/set_operation_oracle.test mariadb-11.8.8/mysql-test/main/set_operation_oracle.test --- mariadb-11.8.6/mysql-test/main/set_operation_oracle.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/set_operation_oracle.test 2026-05-24 09:58:30.000000000 +0000 @@ -74,3 +74,50 @@ --error ER_NO_SUCH_TABLE select * from t13 union select * from t234 intersect all select * from t12; set SQL_MODE=default; + +--echo # +--echo # MDEV-38799 Some views are broken in Oracle mode after upgrade to Q1 2026 +--echo # +set sql_mode=''; +create view v as select 'foo' as a union select 'bar' as a; +create view v2 as select 'foo' as a, 'baz' as b union select 'bar' as a, 'qux' as b; +create view v3 as select * from (select 'foo' as a, 'baz' as b) s union select * from (select 'bar' as a, 'qux' as b) s2; +create view v4 as select * from (select 'foo' as a) s union select * from (select 'bar' as a) s2; +select a from v; +select a, b from v2; +select a, b from v3; +select a from v4; +set sql_mode=oracle; +show create view v; +show create view v2; +select a from v; +select a, b from v2; +select a, b from v3; +select a from v4; +drop view v; +drop view v2; +drop view v3; +drop view v4; +set sql_mode=default; + +--echo # End of 10.11 tests + +--echo # +--echo # MDEV-38987 ASAN heap-use-after-free upon using a view through a trigger in ORACLE mode +--echo # +set sql_mode = oracle; + +create table t1 (f int); +create table t2 (a int); +create view v as select 'x' union select 'x' union select 'x'; +create trigger tr before insert on t1 for each row delete from v; +--error ER_NON_UPDATABLE_TABLE +insert into t1 values (1); +drop view v; +create view v as select * from t2; +INSERT into t1 values (2); + +drop view v; +drop table t1, t2; + +--echo # End of 11.4 tests diff -Nru mariadb-11.8.6/mysql-test/main/skip_grants.result mariadb-11.8.8/mysql-test/main/skip_grants.result --- mariadb-11.8.6/mysql-test/main/skip_grants.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/skip_grants.result 2026-05-24 09:58:30.000000000 +0000 @@ -148,6 +148,47 @@ # restart: --skip-grant-tables # End of 10.10 tests # +# MDEV-38811 crash in information_schema.table_constraints when --skip-grant-tables +# +select * from information_schema.table_constraints; +CONSTRAINT_CATALOG CONSTRAINT_SCHEMA CONSTRAINT_NAME TABLE_SCHEMA TABLE_NAME CONSTRAINT_TYPE +def mysql Host mysql roles_mapping UNIQUE +def mysql Options mysql servers CHECK +def mysql PRIMARY mysql column_stats PRIMARY KEY +def mysql PRIMARY mysql columns_priv PRIMARY KEY +def mysql PRIMARY mysql db PRIMARY KEY +def mysql PRIMARY mysql event PRIMARY KEY +def mysql PRIMARY mysql func PRIMARY KEY +def mysql PRIMARY mysql global_priv PRIMARY KEY +def mysql PRIMARY mysql gtid_slave_pos PRIMARY KEY +def mysql PRIMARY mysql help_category PRIMARY KEY +def mysql PRIMARY mysql help_keyword PRIMARY KEY +def mysql PRIMARY mysql help_relation PRIMARY KEY +def mysql PRIMARY mysql help_topic PRIMARY KEY +def mysql PRIMARY mysql index_stats PRIMARY KEY +def mysql PRIMARY mysql plugin PRIMARY KEY +def mysql PRIMARY mysql proc PRIMARY KEY +def mysql PRIMARY mysql procs_priv PRIMARY KEY +def mysql PRIMARY mysql proxies_priv PRIMARY KEY +def mysql PRIMARY mysql servers PRIMARY KEY +def mysql PRIMARY mysql table_stats PRIMARY KEY +def mysql PRIMARY mysql tables_priv PRIMARY KEY +def mysql PRIMARY mysql time_zone PRIMARY KEY +def mysql PRIMARY mysql time_zone_leap_second PRIMARY KEY +def mysql PRIMARY mysql time_zone_name PRIMARY KEY +def mysql PRIMARY mysql time_zone_transition PRIMARY KEY +def mysql PRIMARY mysql time_zone_transition_type PRIMARY KEY +def mysql Priv mysql global_priv CHECK +def mysql name mysql help_category UNIQUE +def mysql name mysql help_keyword UNIQUE +def mysql name mysql help_topic UNIQUE +def sys PRIMARY sys sys_config PRIMARY KEY +Warnings: +Warning 1286 Unknown storage engine 'InnoDB' +Warning 1286 Unknown storage engine 'InnoDB' +Warning 1286 Unknown storage engine 'InnoDB' +# End of 10.11 tests +# # MDEV-36351 MariaDB crashes when trying to access information_schema.users under --skip-grant-tables # select * from information_schema.users; diff -Nru mariadb-11.8.6/mysql-test/main/skip_grants.test mariadb-11.8.8/mysql-test/main/skip_grants.test --- mariadb-11.8.6/mysql-test/main/skip_grants.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/skip_grants.test 2026-05-24 09:58:30.000000000 +0000 @@ -187,6 +187,14 @@ --echo # End of 10.10 tests --echo # +--echo # MDEV-38811 crash in information_schema.table_constraints when --skip-grant-tables +--echo # +--sorted_result +select * from information_schema.table_constraints; + +--echo # End of 10.11 tests + +--echo # --echo # MDEV-36351 MariaDB crashes when trying to access information_schema.users under --skip-grant-tables --echo # select * from information_schema.users; diff -Nru mariadb-11.8.6/mysql-test/main/socket_conflict.result mariadb-11.8.8/mysql-test/main/socket_conflict.result --- mariadb-11.8.6/mysql-test/main/socket_conflict.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/socket_conflict.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,17 @@ +# +# MDEV-5479: Prevent mysqld from unlinking a Unix socket +# file actively used by another process +# +# +# Test 1: Server must refuse to start when a listener is +# already present on the socket path +# +FOUND 1 /\[ERROR\] Another process is already listening on the socket file/ in socket_conflict.err +# +# Test 2: Stale socket file must be cleaned up at startup +# +# restart +SELECT 1; +1 +1 +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/socket_conflict.test mariadb-11.8.8/mysql-test/main/socket_conflict.test --- mariadb-11.8.6/mysql-test/main/socket_conflict.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/socket_conflict.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,60 @@ +--source include/not_windows.inc +--source include/not_embedded.inc + +--echo # +--echo # MDEV-5479: Prevent mysqld from unlinking a Unix socket +--echo # file actively used by another process +--echo # + +# Shut down the server once; both tests run while it is down. +--source include/shutdown_mysqld.inc + +--echo # +--echo # Test 1: Server must refuse to start when a listener is +--echo # already present on the socket path +--echo # + +# Create a fake listener on the default socket path. +# The parent creates the socket, then exits (fork and exit). +# The child blocks on accept(); when mysqld's connect() probe +# hits the socket, accept() returns and the child exits, +# leaving a stale socket file for Test 2. +perl; + use IO::Socket::UNIX; + my $path= $ENV{MASTER_MYSOCK}; + unlink $path; + close STDOUT; + my $srv= IO::Socket::UNIX->new( + Local => $path, + Listen => 1, + ) or die "IO::Socket::UNIX->new($path): $!"; + fork and exit; + exit if $srv->accept(); +EOF + +--let errorlog=$MYSQL_TMP_DIR/socket_conflict.err +--let SEARCH_FILE=$errorlog + +# Use --loose-skip-innodb to skip InnoDB initialization, which +# runs before network_init() and would otherwise be slow on CI. +--error 1 +--exec $MYSQLD --defaults-group-suffix=.1 --defaults-file=$MYSQLTEST_VARDIR/my.cnf --loose-skip-innodb --log-error=$errorlog + +--let SEARCH_PATTERN=\[ERROR\] Another process is already listening on the socket file +--source include/search_pattern_in_file.inc + +--remove_file $SEARCH_FILE + +--echo # +--echo # Test 2: Stale socket file must be cleaned up at startup +--echo # + +# The socket file from Test 1 is still on disk but has no +# listener. The server should detect it as stale, remove it, +# and bind successfully. +--source include/start_mysqld.inc + +# Verify the server is operational +SELECT 1; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/sp-error.result mariadb-11.8.8/mysql-test/main/sp-error.result --- mariadb-11.8.6/mysql-test/main/sp-error.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/sp-error.result 2026-05-24 09:58:30.000000000 +0000 @@ -1571,7 +1571,12 @@ end$$ ERROR HY000: Incorrect CONDITION value: '0' set @old_recursion_depth = @@max_sp_recursion_depth; -set @@max_sp_recursion_depth = 255; +set @l = 255; +SELECT IF(global_value like 'MSAN%', 20, +IF(global_value LIKE 'ASAN%', 200, 255)) INTO @l +FROM information_schema.system_variables +WHERE variable_name='have_sanitizer' AND version() LIKE '%debug%'; +set @@max_sp_recursion_depth = @l; create procedure p1(a int) begin declare continue handler for 1436 -- ER_STACK_OVERRUN_NEED_MORE diff -Nru mariadb-11.8.6/mysql-test/main/sp-error.test mariadb-11.8.8/mysql-test/main/sp-error.test --- mariadb-11.8.6/mysql-test/main/sp-error.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/sp-error.test 2026-05-24 09:58:30.000000000 +0000 @@ -2230,10 +2230,17 @@ # # Bug#15192: "fatal errors" are caught by handlers in stored procedures -# +# MDEV-39109 - lower limits for debug sanitizers. set @old_recursion_depth = @@max_sp_recursion_depth; -set @@max_sp_recursion_depth = 255; +set @l = 255; +--disable_warnings +SELECT IF(global_value like 'MSAN%', 20, + IF(global_value LIKE 'ASAN%', 200, 255)) INTO @l + FROM information_schema.system_variables + WHERE variable_name='have_sanitizer' AND version() LIKE '%debug%'; +--enable_warnings +set @@max_sp_recursion_depth = @l; delimiter |; create procedure p1(a int) begin diff -Nru mariadb-11.8.6/mysql-test/main/sp-security.result mariadb-11.8.8/mysql-test/main/sp-security.result --- mariadb-11.8.6/mysql-test/main/sp-security.result 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/sp-security.result 2026-05-24 09:58:30.000000000 +0000 @@ -1641,6 +1641,7 @@ pkv:=2; END; $$ +SET sql_mode=@save_sql_mode; use test; connect conn1, localhost, user, , "*NO-ONE*"; show create procedure test_db.sp; @@ -1727,7 +1728,39 @@ disconnect conn1; drop user user@localhost; drop database test_db; -# # End of 11.3 tests # +# MDEV-39288 SHOW CREATE ROUTINE does not apply to roles +# +create user u@localhost; +create role r; +create procedure p1() select 10 as ten; +grant execute on procedure test.p1 to u@localhost; +grant execute on procedure test.p1 to r; +grant r to u@localhost; +connect u, localhost, u; +call p1(); +ten +10 +show create procedure p1; +Procedure p1 +sql_mode STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION +Create Procedure NULL +character_set_client latin1 +collation_connection latin1_swedish_ci +Database Collation utf8mb4_uca1400_ai_ci +set role r; +Show create procedure p1; +Procedure p1 +sql_mode STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION +Create Procedure NULL +character_set_client latin1 +collation_connection latin1_swedish_ci +Database Collation utf8mb4_uca1400_ai_ci +disconnect u; +connection default; +drop role r; +drop user u@localhost; +drop procedure p1; +# End of 11.4 tests set @@global.collation_server=@save_collation_server; diff -Nru mariadb-11.8.6/mysql-test/main/sp-security.test mariadb-11.8.8/mysql-test/main/sp-security.test --- mariadb-11.8.6/mysql-test/main/sp-security.test 2026-01-31 13:27:46.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/sp-security.test 2026-05-24 09:58:30.000000000 +0000 @@ -1647,6 +1647,7 @@ END; $$ DELIMITER ;$$ +SET sql_mode=@save_sql_mode; use test; @@ -1674,8 +1675,30 @@ drop user user@localhost; drop database test_db; ---echo # --echo # End of 11.3 tests + +--echo # +--echo # MDEV-39288 SHOW CREATE ROUTINE does not apply to roles --echo # +create user u@localhost; +create role r; +create procedure p1() select 10 as ten; +grant execute on procedure test.p1 to u@localhost; +grant execute on procedure test.p1 to r; +grant r to u@localhost; + +connect u, localhost, u; +call p1(); +query_vertical show create procedure p1; +set role r; +query_vertical Show create procedure p1; +disconnect u; + +connection default; +drop role r; +drop user u@localhost; +drop procedure p1; + +--echo # End of 11.4 tests set @@global.collation_server=@save_collation_server; diff -Nru mariadb-11.8.6/mysql-test/main/subselect_nulls.result mariadb-11.8.8/mysql-test/main/subselect_nulls.result --- mariadb-11.8.6/mysql-test/main/subselect_nulls.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/subselect_nulls.result 2026-05-24 09:58:30.000000000 +0000 @@ -154,3 +154,50 @@ # # End of 10.10 tests # +# +# MDEV-32868 SELECT NULL,NULL IN (SUBQUERY) returns 0 instead of NULL +# +create table t1 (a int); +insert into t1 values (1); +create table t2 (a int, b int); +insert into t2 values (null, null); +# Scalar subquery returning NULLs as left part of IN +# All NULLs on left, no match possible -> NULL (subquery has rows) +select (select null, null) in (select 1, 2 from t1) from t1; +(select null, null) in (select 1, 2 from t1) +NULL +# One NULL on left, other column matches -> NULL +select (select null, 2) in (select 1, 2 from t1) from t1; +(select null, 2) in (select 1, 2 from t1) +NULL +# One NULL on left, other column doesn't match -> FALSE +select (select null, 3) in (select 1, 2 from t1) from t1; +(select null, 3) in (select 1, 2 from t1) +0 +# Table with NULLs as left part +select (select * from t2) in (select 1, 2 from t1) from t1; +(select * from t2) in (select 1, 2 from t1) +NULL +# Exact match -> TRUE +select (select 1, 2) in (select 1, 2 from t1) from t1; +(select 1, 2) in (select 1, 2 from t1) +1 +# No match, no NULLs -> FALSE +select (select 3, 4) in (select 1, 2 from t1) from t1; +(select 3, 4) in (select 1, 2 from t1) +0 +# Right side has NULLs +create table t3 (a int, b int); +insert into t3 values (1, null), (null, 2); +# Left matches one column, right has NULL in other -> NULL +select (select 1, 2) in (select * from t3) from t1; +(select 1, 2) in (select * from t3) +NULL +# Both sides have NULLs -> NULL +select (select null, 2) in (select * from t3) from t1; +(select null, 2) in (select * from t3) +NULL +drop table t1, t2, t3; +# +# End of 10.11 tests +# diff -Nru mariadb-11.8.6/mysql-test/main/subselect_nulls.test mariadb-11.8.8/mysql-test/main/subselect_nulls.test --- mariadb-11.8.6/mysql-test/main/subselect_nulls.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/subselect_nulls.test 2026-05-24 09:58:30.000000000 +0000 @@ -127,3 +127,48 @@ --echo # --echo # End of 10.10 tests --echo # + +--echo # +--echo # MDEV-32868 SELECT NULL,NULL IN (SUBQUERY) returns 0 instead of NULL +--echo # + +create table t1 (a int); +insert into t1 values (1); + +create table t2 (a int, b int); +insert into t2 values (null, null); + +--echo # Scalar subquery returning NULLs as left part of IN +--echo # All NULLs on left, no match possible -> NULL (subquery has rows) +select (select null, null) in (select 1, 2 from t1) from t1; + +--echo # One NULL on left, other column matches -> NULL +select (select null, 2) in (select 1, 2 from t1) from t1; + +--echo # One NULL on left, other column doesn't match -> FALSE +select (select null, 3) in (select 1, 2 from t1) from t1; + +--echo # Table with NULLs as left part +select (select * from t2) in (select 1, 2 from t1) from t1; + +--echo # Exact match -> TRUE +select (select 1, 2) in (select 1, 2 from t1) from t1; + +--echo # No match, no NULLs -> FALSE +select (select 3, 4) in (select 1, 2 from t1) from t1; + +--echo # Right side has NULLs +create table t3 (a int, b int); +insert into t3 values (1, null), (null, 2); + +--echo # Left matches one column, right has NULL in other -> NULL +select (select 1, 2) in (select * from t3) from t1; + +--echo # Both sides have NULLs -> NULL +select (select null, 2) in (select * from t3) from t1; + +drop table t1, t2, t3; + +--echo # +--echo # End of 10.11 tests +--echo # diff -Nru mariadb-11.8.6/mysql-test/main/temp_table.result mariadb-11.8.8/mysql-test/main/temp_table.result --- mariadb-11.8.6/mysql-test/main/temp_table.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/temp_table.result 2026-05-24 09:58:30.000000000 +0000 @@ -700,3 +700,24 @@ # # End of 10.6 tests # +# +# Failed CREATE TEMPORARY ... SELECT must not roll back transaction +# +CREATE TABLE t (pk INT PRIMARY KEY) ENGINE=InnoDB; +START TRANSACTION; +INSERT INTO t VALUES (0); +INSERT INTO t VALUES (1); +CREATE TEMPORARY TABLE tmp2 (a INT) ENGINE=InnoDB SELECT 'x' AS a; +ERROR 22007: Incorrect integer value: 'x' for column `test`.`tmp2`.`a` at row 1 +SELECT * FROM t ORDER BY pk; +pk +0 +1 +INSERT INTO t VALUES (1); +ERROR 23000: Duplicate entry '1' for key 'PRIMARY' +COMMIT; +SELECT * FROM t ORDER BY pk; +pk +0 +1 +DROP TABLE t; diff -Nru mariadb-11.8.6/mysql-test/main/temp_table.test mariadb-11.8.8/mysql-test/main/temp_table.test --- mariadb-11.8.6/mysql-test/main/temp_table.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/temp_table.test 2026-05-24 09:58:30.000000000 +0000 @@ -768,3 +768,20 @@ --echo # --echo # End of 10.6 tests --echo # + +--echo # +--echo # Failed CREATE TEMPORARY ... SELECT must not roll back transaction +--echo # + +CREATE TABLE t (pk INT PRIMARY KEY) ENGINE=InnoDB; +START TRANSACTION; +INSERT INTO t VALUES (0); +INSERT INTO t VALUES (1); +--error ER_TRUNCATED_WRONG_VALUE_FOR_FIELD +CREATE TEMPORARY TABLE tmp2 (a INT) ENGINE=InnoDB SELECT 'x' AS a; +SELECT * FROM t ORDER BY pk; +--error ER_DUP_ENTRY +INSERT INTO t VALUES (1); +COMMIT; +SELECT * FROM t ORDER BY pk; +DROP TABLE t; diff -Nru mariadb-11.8.6/mysql-test/main/trigger-33083.result mariadb-11.8.8/mysql-test/main/trigger-33083.result --- mariadb-11.8.6/mysql-test/main/trigger-33083.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/trigger-33083.result 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,76 @@ +# +# Test with triggers that succeed +# +CREATE TABLE t1 (id INT PRIMARY KEY, val INT); +CREATE TABLE log (id INT AUTO_INCREMENT PRIMARY KEY, msg VARCHAR(255)); +INSERT INTO t1 VALUES (1, 1); +CREATE TRIGGER t1_before_update BEFORE UPDATE ON t1 FOR EACH ROW +INSERT INTO log (msg) VALUES ('before update'); +CREATE TRIGGER t1_after_update AFTER UPDATE ON t1 FOR EACH ROW +INSERT INTO log (msg) VALUES ('after update'); +# +# Normal UPDATE with no data change +# Expected: Both BEFORE and AFTER triggers fire. +# +TRUNCATE log; +UPDATE t1 SET val = 1 WHERE id = 1; +SELECT * FROM log ORDER BY id; +id msg +1 before update +2 after update +TRUNCATE log; +# +# INSERT ... ON DUPLICATE KEY UPDATE with no data change +# Expected: Both BEFORE and AFTER triggers fire. +# +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; +SELECT * FROM log ORDER BY id; +id msg +1 before update +2 after update +TRUNCATE log; +# +# Part 2: Test with triggers that fail +# +DROP TRIGGER t1_before_update; +DROP TRIGGER t1_after_update; +# +# Failing BEFORE UPDATE trigger +# +CREATE TRIGGER t1_before_update_fail BEFORE UPDATE ON t1 FOR EACH ROW +SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Error in BEFORE UPDATE'; +# +# Normal UPDATE with no data change (fails due to BEFORE trigger) +# +UPDATE t1 SET val = 1 WHERE id = 1; +ERROR 45000: Error in BEFORE UPDATE +# INSERT ... ON DUPLICATE KEY UPDATE with no data change (fails due to BEFORE trigger)´ +TRUNCATE log; +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; +ERROR 45000: Error in BEFORE UPDATE +DROP TRIGGER t1_before_update_fail; +CREATE TRIGGER t1_before_update_log BEFORE UPDATE ON t1 FOR EACH ROW +INSERT INTO log (msg) VALUES ('before update'); +CREATE TRIGGER t1_after_update_fail AFTER UPDATE ON t1 FOR EACH ROW +SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Error in AFTER UPDATE'; +# +# Failing AFTER UPDATE trigger +# +UPDATE t1 SET val = 1 WHERE id = 1; +ERROR 45000: Error in AFTER UPDATE +SELECT * FROM log ORDER BY id; +id msg +1 before update +TRUNCATE log; +# +# Test ON DUPLICATE KEY UPDATE with no data change (failing AFTER UPDATE trigger) +# +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; +ERROR 45000: Error in AFTER UPDATE +SELECT * FROM log ORDER BY id; +id msg +1 before update +# +# Cleanup +# +DROP TABLE t1, log; diff -Nru mariadb-11.8.6/mysql-test/main/trigger-33083.test mariadb-11.8.8/mysql-test/main/trigger-33083.test --- mariadb-11.8.6/mysql-test/main/trigger-33083.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/trigger-33083.test 2026-05-24 09:58:30.000000000 +0000 @@ -0,0 +1,92 @@ +# +# MDEV-33083 "AFTER UPDATE" trigger does not fire if no data change in "ON DUPLICATE KEY UPDATE" +# Verify that INSERT..ON DUPLICATE KEY UPDATE behaves the same as normal UPDATE wrt triggers +# in case of updates that do not change data. We expect both BEFORE and AFTER to be fired, +# and also the same behavior in case of trigger failures. +# + +--echo # +--echo # Test with triggers that succeed +--echo # + +CREATE TABLE t1 (id INT PRIMARY KEY, val INT); +CREATE TABLE log (id INT AUTO_INCREMENT PRIMARY KEY, msg VARCHAR(255)); + +INSERT INTO t1 VALUES (1, 1); + +CREATE TRIGGER t1_before_update BEFORE UPDATE ON t1 FOR EACH ROW + INSERT INTO log (msg) VALUES ('before update'); + +CREATE TRIGGER t1_after_update AFTER UPDATE ON t1 FOR EACH ROW + INSERT INTO log (msg) VALUES ('after update'); + +--echo # +--echo # Normal UPDATE with no data change +--echo # Expected: Both BEFORE and AFTER triggers fire. +--echo # +TRUNCATE log; +UPDATE t1 SET val = 1 WHERE id = 1; +SELECT * FROM log ORDER BY id; +TRUNCATE log; + +--echo # +--echo # INSERT ... ON DUPLICATE KEY UPDATE with no data change +--echo # Expected: Both BEFORE and AFTER triggers fire. +--echo # +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; +SELECT * FROM log ORDER BY id; +TRUNCATE log; + +--echo # +--echo # Part 2: Test with triggers that fail +--echo # + +DROP TRIGGER t1_before_update; +DROP TRIGGER t1_after_update; + +--echo # +--echo # Failing BEFORE UPDATE trigger +--echo # +CREATE TRIGGER t1_before_update_fail BEFORE UPDATE ON t1 FOR EACH ROW + SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Error in BEFORE UPDATE'; + +--echo # +--echo # Normal UPDATE with no data change (fails due to BEFORE trigger) +--echo # + +--error ER_SIGNAL_EXCEPTION +UPDATE t1 SET val = 1 WHERE id = 1; + +--echo # INSERT ... ON DUPLICATE KEY UPDATE with no data change (fails due to BEFORE trigger)´ +TRUNCATE log; +--error ER_SIGNAL_EXCEPTION +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; + +DROP TRIGGER t1_before_update_fail; + +CREATE TRIGGER t1_before_update_log BEFORE UPDATE ON t1 FOR EACH ROW + INSERT INTO log (msg) VALUES ('before update'); +CREATE TRIGGER t1_after_update_fail AFTER UPDATE ON t1 FOR EACH ROW + SIGNAL SQLSTATE '45000' SET MESSAGE_TEXT = 'Error in AFTER UPDATE'; + +--echo # +--echo # Failing AFTER UPDATE trigger +--echo # + +--error ER_SIGNAL_EXCEPTION +UPDATE t1 SET val = 1 WHERE id = 1; +SELECT * FROM log ORDER BY id; +TRUNCATE log; + +--echo # +--echo # Test ON DUPLICATE KEY UPDATE with no data change (failing AFTER UPDATE trigger) +--echo # + +--error ER_SIGNAL_EXCEPTION +INSERT INTO t1 (id, val) VALUES (1, 1) ON DUPLICATE KEY UPDATE val = 1; +SELECT * FROM log ORDER BY id; + +--echo # +--echo # Cleanup +--echo # +DROP TABLE t1, log; diff -Nru mariadb-11.8.6/mysql-test/main/trigger.result mariadb-11.8.8/mysql-test/main/trigger.result --- mariadb-11.8.6/mysql-test/main/trigger.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/trigger.result 2026-05-24 09:58:30.000000000 +0000 @@ -1416,8 +1416,9 @@ id val 1 test1 2 test2 -3 test3 -4 test4 +3 test2 +4 test3 +5 test4 DROP TRIGGER trg27006_a_insert; DROP TRIGGER trg27006_a_update; drop table t1,t2; diff -Nru mariadb-11.8.6/mysql-test/main/trigger_notembedded.result mariadb-11.8.8/mysql-test/main/trigger_notembedded.result --- mariadb-11.8.6/mysql-test/main/trigger_notembedded.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/trigger_notembedded.result 2026-05-24 09:58:30.000000000 +0000 @@ -680,7 +680,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER t1_bu BEFORE UPDATE OF a ON t1 FOR EACH ROW SET @a = NEW.a */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER t1_bu BEFORE UPDATE OF a ON t1 FOR EACH ROW SET @a = NEW.a +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -695,7 +696,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER t1_au AFTER UPDATE OF a ON t1 FOR EACH ROW SET @a = NEW.a */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER t1_au AFTER UPDATE OF a ON t1 FOR EACH ROW SET @a = NEW.a +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/main/trigger_wl3253.result mariadb-11.8.8/mysql-test/main/trigger_wl3253.result --- mariadb-11.8.6/mysql-test/main/trigger_wl3253.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/trigger_wl3253.result 2026-05-24 09:58:30.000000000 +0000 @@ -326,7 +326,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -341,7 +342,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -356,7 +358,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bu BEFORE UPDATE ON t1 FOR EACH ROW SET @a:=3 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bu BEFORE UPDATE ON t1 FOR EACH ROW SET @a:=3 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -389,7 +392,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr0_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=0 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr0_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=0 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -404,7 +408,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=1 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -419,7 +424,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=0 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr1_1_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=0 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -434,7 +440,8 @@ /*!50003 SET @saved_sql_mode = @@sql_mode */ ; /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; -/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2 */;; +/*!50003 CREATE*/ /*!50017 DEFINER=`root`@`localhost`*/ /*!50003 TRIGGER tr2_bi BEFORE INSERT ON t1 FOR EACH ROW SET @a:=2 +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/main/type_enum.result mariadb-11.8.8/mysql-test/main/type_enum.result --- mariadb-11.8.6/mysql-test/main/type_enum.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/type_enum.result 2026-05-24 09:58:30.000000000 +0000 @@ -2611,4 +2611,17 @@ 2 N drop table t1; set sql_mode=default; +# +# MDEV-39043 ENUM can be set to empty string by giving an index value as string "0" +# +set sql_mode=STRICT_ALL_TABLES; +create table t1 (a enum('Value1', 'Value2') NOT NULL DEFAULT 'Value1'); +insert into t1 values ('0'); +ERROR 01000: Data truncated for column 'a' at row 1 +insert into t1 values (0); +ERROR 01000: Data truncated for column 'a' at row 1 +select * from t1; +a +drop table t1; +set sql_mode=default; # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/type_enum.test mariadb-11.8.8/mysql-test/main/type_enum.test --- mariadb-11.8.6/mysql-test/main/type_enum.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/type_enum.test 2026-05-24 09:58:30.000000000 +0000 @@ -617,4 +617,17 @@ drop table t1; set sql_mode=default; +--echo # +--echo # MDEV-39043 ENUM can be set to empty string by giving an index value as string "0" +--echo # +set sql_mode=STRICT_ALL_TABLES; +create table t1 (a enum('Value1', 'Value2') NOT NULL DEFAULT 'Value1'); +--error WARN_DATA_TRUNCATED +insert into t1 values ('0'); +--error WARN_DATA_TRUNCATED +insert into t1 values (0); +select * from t1; +drop table t1; +set sql_mode=default; + --echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/type_newdecimal.result mariadb-11.8.8/mysql-test/main/type_newdecimal.result --- mariadb-11.8.6/mysql-test/main/type_newdecimal.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/type_newdecimal.result 2026-05-24 09:58:30.000000000 +0000 @@ -3021,3 +3021,35 @@ DROP TABLE t2; DROP TABLE t1; SET note_verbosity=DEFAULT; +# +# MDEV-30255 0 changed to 0.0 caused by DISTINCT and UNION ALL +# +create table t (c1 double); +insert into t values (0.1); +(select (c1 div 1)*0.1 from t) union all (select '1'); +(c1 div 1)*0.1 +0.0 +1 +drop table t; +select 12345678.00000000000000000000000000000000000000000000000000000000000000000000000 * 987.654 as 'tail of zeros'; +tail of zeros +12193258259.41200000000000000000000000000000000000 +select 12345678 * 987.654 as 'exact result'; +exact result +12193258259.412 +select 12345678.000000000000000000000000000000000001 * 987.000000000000000000000000000000000002 as 'first tail is smaller'; +first tail is smaller +12185184186.00000000000000000000000000002469135600 +select 987.000000000000000000000000000000000002 * 12345678.000000000000000000000000000000000001 as 'second tail is smaller'; +second tail is smaller +12185184186.00000000000000000000000000002469135600 +select 12345678 * 987.000000000000000000000000000000000002 as 'truncate 1'; +truncate 1 +12185184186.000000000000000000000000000024691356 +select 12345678.000000000000000000000000000000000001 * 987 as 'truncate 2'; +truncate 2 +12185184186.000000000000000000000000000000000987 +select '12185184186.000000000000000000000000000024692343000000000000000000000000000000000002' as 'exact result'; +exact result +12185184186.000000000000000000000000000024692343000000000000000000000000000000000002 +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/type_newdecimal.test mariadb-11.8.8/mysql-test/main/type_newdecimal.test --- mariadb-11.8.6/mysql-test/main/type_newdecimal.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/type_newdecimal.test 2026-05-24 09:58:30.000000000 +0000 @@ -2084,3 +2084,25 @@ --source unusable_keys_joins.inc DROP TABLE t1; SET note_verbosity=DEFAULT; + +--echo # +--echo # MDEV-30255 0 changed to 0.0 caused by DISTINCT and UNION ALL +--echo # + +# original test case +create table t (c1 double); +insert into t values (0.1); +(select (c1 div 1)*0.1 from t) union all (select '1'); +drop table t; + +# multiplication bugs +select 12345678.00000000000000000000000000000000000000000000000000000000000000000000000 * 987.654 as 'tail of zeros'; +select 12345678 * 987.654 as 'exact result'; + +select 12345678.000000000000000000000000000000000001 * 987.000000000000000000000000000000000002 as 'first tail is smaller'; +select 987.000000000000000000000000000000000002 * 12345678.000000000000000000000000000000000001 as 'second tail is smaller'; +select 12345678 * 987.000000000000000000000000000000000002 as 'truncate 1'; +select 12345678.000000000000000000000000000000000001 * 987 as 'truncate 2'; +select '12185184186.000000000000000000000000000024692343000000000000000000000000000000000002' as 'exact result'; + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/main/union.result mariadb-11.8.8/mysql-test/main/union.result --- mariadb-11.8.6/mysql-test/main/union.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/union.result 2026-05-24 09:58:30.000000000 +0000 @@ -2347,14 +2347,14 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( - `1` int(1) NOT NULL DEFAULT 0 + `1` int(2) NOT NULL DEFAULT 0 ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci DROP TABLE t1; CREATE OR REPLACE TABLE t1 AS SELECT * FROM (SELECT 1 UNION SELECT 1) AS t0; SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( - `1` int(1) NOT NULL DEFAULT 0 + `1` int(2) NOT NULL DEFAULT 0 ) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci DROP TABLE t1; # @@ -2483,7 +2483,7 @@ t1 CREATE TABLE `t1` ( `1` int(1) NOT NULL, `-1` int(2) NOT NULL, - `COALESCE(1,1)` int(1) NOT NULL, + `COALESCE(1,1)` int(2) NOT NULL, `COALESCE(-1,-1)` int(2) NOT NULL, `COALESCE(1,-1)` int(2) NOT NULL, `COALESCE(-1,1)` int(2) NOT NULL @@ -2493,7 +2493,7 @@ SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( - `c1` int(1) NOT NULL DEFAULT 0, + `c1` int(2) NOT NULL DEFAULT 0, `c2` int(2) NOT NULL DEFAULT 0, `c3` int(2) NOT NULL DEFAULT 0, `c4` int(2) NOT NULL DEFAULT 0 diff -Nru mariadb-11.8.6/mysql-test/main/vector.result mariadb-11.8.8/mysql-test/main/vector.result --- mariadb-11.8.6/mysql-test/main/vector.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector.result 2026-05-24 09:58:30.000000000 +0000 @@ -892,3 +892,20 @@ VECTOR KEY `v` (`v`) `distance`=cosine ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci drop table t; +# +# MDEV-35821 - vector index sizes are not in INDEX_LENGTH +# +create table t1 (id int primary key, v vector(1) not null, vector index (v)); +insert into t1 values (1, vec_fromtext('[1]')); +select index_length > 0 as has_index_length +from information_schema.tables +where table_schema = database() and table_name = 't1'; +has_index_length +1 +flush tables; +select index_length > 0 as has_index_length +from information_schema.tables +where table_schema = database() and table_name = 't1'; +has_index_length +1 +drop table t1; diff -Nru mariadb-11.8.6/mysql-test/main/vector.test mariadb-11.8.8/mysql-test/main/vector.test --- mariadb-11.8.6/mysql-test/main/vector.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector.test 2026-05-24 09:58:30.000000000 +0000 @@ -441,3 +441,21 @@ alter table t drop index v, add vector(v) distance=cosine; show create table t; drop table t; + +--echo # +--echo # MDEV-35821 - vector index sizes are not in INDEX_LENGTH +--echo # +create table t1 (id int primary key, v vector(1) not null, vector index (v)); +insert into t1 values (1, vec_fromtext('[1]')); + +select index_length > 0 as has_index_length +from information_schema.tables +where table_schema = database() and table_name = 't1'; + +flush tables; + +select index_length > 0 as has_index_length +from information_schema.tables +where table_schema = database() and table_name = 't1'; + +drop table t1; diff -Nru mariadb-11.8.6/mysql-test/main/vector_funcs.result mariadb-11.8.8/mysql-test/main/vector_funcs.result --- mariadb-11.8.6/mysql-test/main/vector_funcs.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector_funcs.result 2026-05-24 09:58:30.000000000 +0000 @@ -265,4 +265,14 @@ # select vec_distance(value(key_cache_name), 0x30303030) from information_schema.key_caches; ERROR HY000: Cannot determine distance type for VEC_DISTANCE, index is not found +# +# MDEV-35211: VEC_FromText does not return vector type but varbinary +# +create table t as select vec_fromtext('[1,2,3]') as v; +show create table t; +Table Create Table +t CREATE TABLE `t` ( + `v` vector(3) DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci +drop table t; # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/vector_funcs.test mariadb-11.8.8/mysql-test/main/vector_funcs.test --- mariadb-11.8.6/mysql-test/main/vector_funcs.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector_funcs.test 2026-05-24 09:58:30.000000000 +0000 @@ -153,4 +153,11 @@ --error ER_VEC_DISTANCE_TYPE select vec_distance(value(key_cache_name), 0x30303030) from information_schema.key_caches; +--echo # +--echo # MDEV-35211: VEC_FromText does not return vector type but varbinary +--echo # +create table t as select vec_fromtext('[1,2,3]') as v; +show create table t; +drop table t; + --echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/vector_innodb.result mariadb-11.8.8/mysql-test/main/vector_innodb.result --- mariadb-11.8.6/mysql-test/main/vector_innodb.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector_innodb.result 2026-05-24 09:58:30.000000000 +0000 @@ -375,4 +375,16 @@ Warning 1292 Incorrect vector value: '1' for column `test`.`t1`.`v` at row 1 drop table t1; set sql_mode=default; +# +# MDEV-38349 Fix assert thd->abort_on_warning == 0 in mysql_insert +# +CREATE TABLE t1 (id INT KEY,v VECTOR (8) NOT NULL,VECTOR INDEX (v)) ENGINE=INNODB; +CREATE TABLE t2 (id INT KEY,t_id INT,INDEX par_ind (t_id),FOREIGN KEY(t_id) REFERENCES t1 (id) ON DELETE CASCADE) ENGINE=INNODB; +DROP TABLE t1; +ERROR 23000: Cannot delete or update a parent row: a foreign key constraint fails +INSERT INTO t1 VALUES (0,''); +ERROR 42S02: Table 'test.t1' doesn't exist in engine +DROP TABLE t2,t1; +Warnings: +Warning 1932 Table 'test.t1' doesn't exist in engine # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/vector_innodb.test mariadb-11.8.8/mysql-test/main/vector_innodb.test --- mariadb-11.8.6/mysql-test/main/vector_innodb.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/vector_innodb.test 2026-05-24 09:58:30.000000000 +0000 @@ -369,4 +369,17 @@ drop table t1; set sql_mode=default; +--echo # +--echo # MDEV-38349 Fix assert thd->abort_on_warning == 0 in mysql_insert +--echo # +CREATE TABLE t1 (id INT KEY,v VECTOR (8) NOT NULL,VECTOR INDEX (v)) ENGINE=INNODB; +CREATE TABLE t2 (id INT KEY,t_id INT,INDEX par_ind (t_id),FOREIGN KEY(t_id) REFERENCES t1 (id) ON DELETE CASCADE) ENGINE=INNODB; +--ERROR ER_ROW_IS_REFERENCED_2 +DROP TABLE t1; +--ERROR ER_NO_SUCH_TABLE_IN_ENGINE +INSERT INTO t1 VALUES (0,''); + +# cleanup +DROP TABLE t2,t1; + --echo # End of 11.8 tests diff -Nru mariadb-11.8.6/mysql-test/main/view.result mariadb-11.8.8/mysql-test/main/view.result --- mariadb-11.8.6/mysql-test/main/view.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/view.result 2026-05-24 09:58:30.000000000 +0000 @@ -3281,13 +3281,13 @@ describe view_24532_b; Field Type Null Key Default Extra a IS TRUE int(1) NO 0 -old_istrue int(1) NO 0 +old_istrue int(2) NO 0 a IS NOT TRUE int(1) NO 0 -old_isnottrue int(1) NO 0 +old_isnottrue int(2) NO 0 a IS FALSE int(1) NO 0 -old_isfalse int(1) NO 0 +old_isfalse int(2) NO 0 a IS NOT FALSE int(1) NO 0 -old_isnotfalse int(1) NO 0 +old_isnotfalse int(2) NO 0 show create view view_24532_b; View Create View character_set_client collation_connection view_24532_b CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `view_24532_b` AS select `table_24532`.`a` is true AS `a IS TRUE`,if(ifnull(`table_24532`.`a`,0),1,0) AS `old_istrue`,`table_24532`.`a` is not true AS `a IS NOT TRUE`,if(ifnull(`table_24532`.`a`,0),0,1) AS `old_isnottrue`,`table_24532`.`a` is false AS `a IS FALSE`,if(ifnull(`table_24532`.`a`,1),0,1) AS `old_isfalse`,`table_24532`.`a` is not false AS `a IS NOT FALSE`,if(ifnull(`table_24532`.`a`,1),1,0) AS `old_isnotfalse` from `table_24532` latin1 latin1_swedish_ci @@ -7157,5 +7157,16 @@ select * from v1; ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them drop view v1; +# +# MDEV-38798 Assertion `mdl_key->length() == 3' failed in MDL_map::find_or_insert +# +create view v as select * from (select 'foo' as a) sq; +create procedure p() alter table v truncate partition p; +caLL p; +ERROR HY000: Partition management on a not partitioned table is not possible +CAll p; +ERROR HY000: Partition management on a not partitioned table is not possible +drop procedure p; +drop view v; # End of 10.11 test ALTER DATABASE test CHARACTER SET utf8mb4 COLLATE utf8mb4_uca1400_ai_ci; diff -Nru mariadb-11.8.6/mysql-test/main/view.test mariadb-11.8.8/mysql-test/main/view.test --- mariadb-11.8.6/mysql-test/main/view.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/view.test 2026-05-24 09:58:30.000000000 +0000 @@ -6923,6 +6923,19 @@ select * from v1; drop view v1; +--echo # +--echo # MDEV-38798 Assertion `mdl_key->length() == 3' failed in MDL_map::find_or_insert +--echo # +create view v as select * from (select 'foo' as a) sq; +create procedure p() alter table v truncate partition p; +--error ER_PARTITION_MGMT_ON_NONPARTITIONED +caLL p; +--error ER_PARTITION_MGMT_ON_NONPARTITIONED +CAll p; + +drop procedure p; +drop view v; + --echo # End of 10.11 test --source include/test_db_charset_restore.inc diff -Nru mariadb-11.8.6/mysql-test/main/win_orderby.result mariadb-11.8.8/mysql-test/main/win_orderby.result --- mariadb-11.8.6/mysql-test/main/win_orderby.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/win_orderby.result 2026-05-24 09:58:30.000000000 +0000 @@ -176,3 +176,51 @@ x 1.0000 # End of 10.6 tests +# +# MDEV-28619 Server crash and UBSAN null-pointer-use in Window_funcs_sort::setup +# +create table t (c int); +select * from t order by c=row_number() over t; +ERROR HY000: Window specification with name 't' is not defined +select * union select * from t; +ERROR HY000: No tables used +explain update t set c=1 where exists ( +select * from t order by c=row_number() over t); +ERROR HY000: Window specification with name 't' is not defined +select * union select * from t order by c=row_number() over t; +ERROR HY000: No tables used +explain update t set c=1 where exists ( +select * union select * from t order by c=row_number() over t); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t system NULL NULL NULL NULL 0 Const row not found +2 SUBQUERY NULL NULL NULL NULL NULL NULL NULL No tables used +3 UNION NULL NULL NULL NULL NULL NULL NULL no matching row in const table +NULL UNION RESULT ALL NULL NULL NULL NULL NULL +explain update t set c=1 where exists ( +select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x +from t order by x=row_number() over t); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t system NULL NULL NULL NULL 0 Const row not found +2 SUBQUERY NULL NULL NULL NULL NULL NULL NULL No tables used +3 UNION NULL NULL NULL NULL NULL NULL NULL no matching row in const table +NULL UNION RESULT ALL NULL NULL NULL NULL NULL +explain update t set c=1 where exists ( +select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x +from t order by x=avg(row_number() over t)); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t system NULL NULL NULL NULL 0 Const row not found +2 SUBQUERY NULL NULL NULL NULL NULL NULL NULL No tables used +3 UNION NULL NULL NULL NULL NULL NULL NULL no matching row in const table +NULL UNION RESULT ALL NULL NULL NULL NULL NULL +explain update t set c=1 where exists ( +select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x +from t order by x=avg(row_number() over t) over (order by 1)); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY t system NULL NULL NULL NULL 0 Const row not found +2 SUBQUERY NULL NULL NULL NULL NULL NULL NULL No tables used +3 UNION NULL NULL NULL NULL NULL NULL NULL no matching row in const table +NULL UNION RESULT ALL NULL NULL NULL NULL NULL +drop table t; +# +# End of 10.11 tests +# diff -Nru mariadb-11.8.6/mysql-test/main/win_orderby.test mariadb-11.8.8/mysql-test/main/win_orderby.test --- mariadb-11.8.6/mysql-test/main/win_orderby.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/win_orderby.test 2026-05-24 09:58:30.000000000 +0000 @@ -148,3 +148,33 @@ select nullif(avg(1) over (partition by -1,1,0,2,3,4,5,6,7,8 order by 1, 1, 1, 1, 1, 1, 1), avg(2) over (partition by -1,1,0,2,3,4,5,6,7,8 order by 1, 1, 1, 1, 1, 1, 1)) x order by 1, 1, 1, 1, 1, 1, x between 1 and (( x = x ) / x) or x = x = 1 ; --echo # End of 10.6 tests + +--echo # +--echo # MDEV-28619 Server crash and UBSAN null-pointer-use in Window_funcs_sort::setup +--echo # +create table t (c int); +--error ER_WRONG_WINDOW_SPEC_NAME +select * from t order by c=row_number() over t; +--error ER_NO_TABLES_USED +select * union select * from t; +--error ER_WRONG_WINDOW_SPEC_NAME +explain update t set c=1 where exists ( + select * from t order by c=row_number() over t); +--error ER_NO_TABLES_USED +select * union select * from t order by c=row_number() over t; +explain update t set c=1 where exists ( + select * union select * from t order by c=row_number() over t); +explain update t set c=1 where exists ( + select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x + from t order by x=row_number() over t); +explain update t set c=1 where exists ( + select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x + from t order by x=avg(row_number() over t)); +explain update t set c=1 where exists ( + select * union select nullif(avg(1) over (order by 1), avg(1) over (order by 1)) x + from t order by x=avg(row_number() over t) over (order by 1)); +drop table t; + +--echo # +--echo # End of 10.11 tests +--echo # diff -Nru mariadb-11.8.6/mysql-test/main/xml.result mariadb-11.8.8/mysql-test/main/xml.result --- mariadb-11.8.6/mysql-test/main/xml.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/xml.result 2026-05-24 09:58:30.000000000 +0000 @@ -1322,6 +1322,98 @@ # # End of 10.5 tests # +# +# Start of 10.6 tests +# +# +# MDEV-39210 ExtractValue/UpdateXML crash +# +SELECT ExtractValue('', '/a'); +ExtractValue('', '/a') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: unknown token unexpected (ident or '/' wanted)' +SELECT UpdateXML('', '/a', ''); +UpdateXML('', '/a', '') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: unknown token unexpected (ident or '/' wanted)' +SELECT ExtractValue('', '/a'); +ExtractValue('', '/a') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: unknown token unexpected (ident or '/' wanted)' +SELECT ExtractValue('', '/a'); +ExtractValue('', '/a') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 5: unknown token unexpected (ident wanted)' +SELECT ExtractValue('', '/a'); +ExtractValue('', '/a') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 2: unknown token unexpected (ident or '/' wanted)' +SET @xml=' + + + + + +]> + + Tove + Jani + Reminder + See you this weekend! + +'; +SELECT ExtractValue(@xml, '/note/from'); +ExtractValue(@xml, '/note/from') +Jani +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; +SELECT ExtractValue(@xml, '/employee/dt3'); +ExtractValue(@xml, '/employee/dt3') +--02-- +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; +SELECT ExtractValue(@xml, '/employee/dt3'); +ExtractValue(@xml, '/employee/dt3') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 1 pos 21: unknown token unexpected ('>' wanted)' +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; +SELECT ExtractValue(@xml, '/employee/dt3'); +ExtractValue(@xml, '/employee/dt3') +NULL +Warnings: +Warning 1525 Incorrect XML value: 'parse error at line 10 pos 27: unexpected END-OF-INPUT' # Start of 11.4 tests # # MDEV-36565 Assertion `src != ((void *)0)' failed in my_casedn_8bit diff -Nru mariadb-11.8.6/mysql-test/main/xml.test mariadb-11.8.8/mysql-test/main/xml.test --- mariadb-11.8.6/mysql-test/main/xml.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/main/xml.test 2026-05-24 09:58:30.000000000 +0000 @@ -825,6 +825,80 @@ --echo # End of 10.5 tests --echo # +--echo # +--echo # Start of 10.6 tests +--echo # + +--echo # +--echo # MDEV-39210 ExtractValue/UpdateXML crash +--echo # + +#view protocol generates additional warning +--disable_view_protocol +SELECT ExtractValue('', '/a'); +SELECT UpdateXML('', '/a', ''); +SELECT ExtractValue('', '/a'); +SELECT ExtractValue('', '/a'); +SELECT ExtractValue('', '/a'); +--enable_view_protocol + +SET @xml=' + + + + + +]> + + Tove + Jani + Reminder + See you this weekend! + +'; + +SELECT ExtractValue(@xml, '/note/from'); + +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; + +SELECT ExtractValue(@xml, '/employee/dt3'); + +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; + +SELECT ExtractValue(@xml, '/employee/dt3'); + +set @xml= ' + + --01--+01:00 + --12--+01:00 + + --02-- + --03--Z + + +'; + +SELECT ExtractValue(@xml, '/employee/dt3'); + --echo # Start of 11.4 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/mariadb-test-run.pl mariadb-11.8.8/mysql-test/mariadb-test-run.pl --- mariadb-11.8.6/mysql-test/mariadb-test-run.pl 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/mariadb-test-run.pl 2026-05-24 09:58:30.000000000 +0000 @@ -1798,7 +1798,7 @@ my $args; mtr_init_args(\$args); mtr_add_arg($args, "--no-defaults"); - mtr_add_arg($args, "--datadir=."); + mtr_add_arg($args, "--datadir=%s", $opt_vardir); mtr_add_arg($args, "--basedir=%s", $basedir); mtr_add_arg($args, "--lc-messages-dir=%s", $path_language); mtr_add_arg($args, "--skip-grant-tables"); @@ -2285,6 +2285,14 @@ $ENV{'MYSQL_MY_PRINT_DEFAULTS'}= native_path($exe_my_print_defaults); # ---------------------------------------------------- + # mariadb-migrate-config-file + # ---------------------------------------------------- + my $exe_mariadb_migrate_config_file= + mtr_exe_maybe_exists("$bindir/extra$multiconfig/mariadb-migrate-config-file", + "$path_client_bindir/mariadb-migrate-config-file"); + $ENV{'MARIADB_MIGRATE_CONFIG_FILE'}= native_path($exe_mariadb_migrate_config_file) if $exe_mariadb_migrate_config_file; + + # ---------------------------------------------------- # myisam tools # ---------------------------------------------------- $ENV{'MYISAMLOG'}= tool_arguments("storage/myisam", "myisamlog", ); @@ -2546,6 +2554,7 @@ mkpath($plugindir); if (IS_WINDOWS) { + $ENV{PATH} .= ";".$plugindir; # to load vcpkg dependencies (libcurl.dll etc) if (!$opt_embedded_server) { for (<$bindir/storage/*$multiconfig/*.dll>, diff -Nru mariadb-11.8.6/mysql-test/mtr.out-of-source mariadb-11.8.8/mysql-test/mtr.out-of-source --- mariadb-11.8.6/mysql-test/mtr.out-of-source 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/mtr.out-of-source 2026-05-24 09:58:30.000000000 +0000 @@ -1,5 +1,14 @@ #!/usr/bin/env perl # Call mtr in out-of-source build + +use Cwd qw(cwd abs_path); $ENV{MTR_BINDIR} = '@CMAKE_BINARY_DIR@'; +my $dir= cwd(); +my $new_dir= abs_path('@CMAKE_SOURCE_DIR@'); +if ($dir eq $new_dir . '/mysql-test') +{ + print stderr "Something went wrong. Do 'git checkout mysql-test/mariadb-test-run.pl' and try again"; + exit 1; +} chdir('@CMAKE_SOURCE_DIR@/mysql-test'); exit(system($^X, '@CMAKE_SOURCE_DIR@/mysql-test/mariadb-test-run.pl', @ARGV) >> 8); diff -Nru mariadb-11.8.6/mysql-test/std_data/galera-cert.pem mariadb-11.8.8/mysql-test/std_data/galera-cert.pem --- mariadb-11.8.6/mysql-test/std_data/galera-cert.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/galera-cert.pem 1970-01-01 00:00:00.000000000 +0000 @@ -1,87 +0,0 @@ -Certificate: - Data: - Version: 1 (0x0) - Serial Number: 4096 (0x1000) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN=Galera CA - Validity - Not Before: May 20 01:31:39 2025 GMT - Not After : May 20 01:31:39 2125 GMT - Subject: - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:a5:04:b1:45:03:ef:44:cb:1f:31:0c:5d:87:60: - 82:25:a8:f7:62:1f:a9:ed:82:06:67:23:6a:b0:0c: - 59:3e:b7:c9:ec:17:16:e2:0b:55:06:49:26:82:e9: - d0:bb:82:a4:79:08:6d:93:2f:6b:a2:40:73:3a:77: - a0:e8:47:99:40:27:fa:d7:39:33:26:9c:3d:c5:0b: - 82:ba:ea:48:71:53:18:0f:f6:47:a5:02:89:80:16: - 68:77:33:d1:a2:bb:34:7f:38:ae:c4:cd:85:f1:8d: - 84:e4:e3:dc:23:93:be:b3:93:bc:de:db:bb:67:6a: - ec:55:f6:6a:c0:bd:b5:18:6e:2e:15:06:a1:b9:f2: - fc:72:12:4d:fc:c1:5a:38:b2:30:17:c0:de:83:19: - 4c:fc:9c:c5:0f:c2:b1:86:57:30:88:82:07:f7:ff: - 96:68:1e:55:7c:18:3f:53:5e:40:20:06:02:a1:6e: - f7:03:4b:82:ea:9e:4f:07:97:03:33:d0:bf:1c:de: - b8:17:bf:7d:4c:3a:48:2d:41:ed:82:e6:3a:2c:6f: - 4f:fd:b1:2d:33:ed:d6:36:8c:bc:f2:ff:52:af:aa: - 32:9b:cf:87:45:f3:b3:61:d1:20:7d:03:a3:2f:1f: - 6c:1d:f9:b8:41:e9:88:04:c1:ae:b9:23:36:80:59: - d1:4f - Exponent: 65537 (0x10001) - Signature Algorithm: sha256WithRSAEncryption - Signature Value: - a1:d1:8e:b3:3f:47:3a:4a:2c:f0:bf:34:72:69:99:f2:fa:a9: - a0:72:3c:7e:7a:69:c1:d6:97:4f:bd:44:ac:92:79:46:e4:8e: - 62:c0:cd:41:e9:55:a7:29:33:d6:f6:e7:e5:13:e9:5a:a1:83: - 85:16:cb:e2:38:9a:55:b1:57:51:ea:cc:ca:5c:46:ab:1d:a5: - 73:d6:d6:df:57:e8:7c:40:16:63:17:75:b2:13:ac:31:eb:96: - 85:3b:fb:92:d6:69:4d:ab:e2:1d:22:82:0f:71:66:8d:b0:a9: - 56:a2:77:5e:f8:56:90:22:1f:ee:e7:79:33:37:c7:9f:a1:06: - 01:35:fe:13:12:75:2e:d9:2a:04:e5:8f:21:4a:20:de:a5:07: - 89:aa:0c:c2:d2:ec:a1:47:d6:f6:87:f7:ed:29:f9:69:c6:83: - f6:18:8d:7e:7e:3a:53:c7:b3:91:bd:9a:b8:e3:ac:66:de:57: - b8:2d:c5:d5:54:61:1b:27:96:e8:34:0d:a9:88:4f:03:5a:27: - e0:5f:b5:90:97:9f:57:39:f5:a9:9d:c6:b6:77:1a:bb:86:57: - 57:0c:79:6e:66:5f:93:c1:f7:df:c8:06:3c:df:c5:f8:ef:b3: - e3:61:8b:15:8a:45:4f:db:1d:7f:2b:eb:c9:54:ba:6e:c8:b8: - 40:ca:de:10:93:a9:a4:8c:17:56:50:37:9c:6b:ba:9c:b0:5f: - 4c:49:a7:9c:ba:3c:81:37:e3:a2:b3:6a:71:b9:f6:a6:bb:81: - f3:5c:40:ae:f5:e1:68:32:e3:af:22:5b:88:aa:df:2e:3b:5d: - e2:63:ab:c7:01:a3:c8:3a:e1:06:9f:2f:d1:9f:b4:06:c4:11: - 83:c2:99:4a:de:f0:c2:32:04:b8:65:26:e9:57:3f:7d:52:d7: - d8:1c:6e:2c:55:53:d3:81:1d:b9:9e:0a:c1:34:a6:6a:48:af: - 3b:d9:6e:84:16:30:33:a6:10:17:36:b4:30:68:fd:95:e9:3e: - 35:c3:95:71:7a:86:26:a7:46:66:09:95:91:c6:c2:ba:a6:61: - c2:a5:b6:38:8e:34:a0:14:f1:d7:0c:11:93:0a:a4:d3:f8:b7: - 32:fd:12:38:64:9f:68:fe:3d:a1:f6:28:c1:c8:9f:1f:ea:a5: - e2:77:fd:ad:d9:21:22:40:b2:9e:8e:81:3f:79:0e:13:19:1e: - 70:0f:4a:4b:81:ea:92:c5:fa:4f:80:e9:8f:5e:ac:dc:09:74: - 70:e1:7b:23:68:0c:18:c7:7f:07:4a:39:42:29:d6:c3:62:16: - ec:15:73:02:93:a6:a3:5f:21:90:59:8e:e6:b1:0a:be:32:cf: - 6d:4e:7e:56:3d:87:13:0f ------BEGIN CERTIFICATE----- -MIID0DCCAbgCAhAAMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAkZJMREwDwYD -VQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lua2kxEDAOBgNVBAoMB01hcmlh -REIxEjAQBgNVBAMMCUdhbGVyYSBDQTAgFw0yNTA1MjAwMTMxMzlaGA8yMTI1MDUy -MDAxMzEzOVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKUEsUUD -70TLHzEMXYdggiWo92Ifqe2CBmcjarAMWT63yewXFuILVQZJJoLp0LuCpHkIbZMv -a6JAczp3oOhHmUAn+tc5MyacPcULgrrqSHFTGA/2R6UCiYAWaHcz0aK7NH84rsTN -hfGNhOTj3COTvrOTvN7bu2dq7FX2asC9tRhuLhUGobny/HISTfzBWjiyMBfA3oMZ -TPycxQ/CsYZXMIiCB/f/lmgeVXwYP1NeQCAGAqFu9wNLguqeTweXAzPQvxzeuBe/ -fUw6SC1B7YLmOixvT/2xLTPt1jaMvPL/Uq+qMpvPh0Xzs2HRIH0Doy8fbB35uEHp -iATBrrkjNoBZ0U8CAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAodGOsz9HOkos8L80 -cmmZ8vqpoHI8fnppwdaXT71ErJJ5RuSOYsDNQelVpykz1vbn5RPpWqGDhRbL4jia -VbFXUerMylxGqx2lc9bW31fofEAWYxd1shOsMeuWhTv7ktZpTaviHSKCD3FmjbCp -VqJ3XvhWkCIf7ud5MzfHn6EGATX+ExJ1LtkqBOWPIUog3qUHiaoMwtLsoUfW9of3 -7Sn5acaD9hiNfn46U8ezkb2auOOsZt5XuC3F1VRhGyeW6DQNqYhPA1on4F+1kJef -Vzn1qZ3Gtncau4ZXVwx5bmZfk8H338gGPN/F+O+z42GLFYpFT9sdfyvryVS6bsi4 -QMreEJOppIwXVlA3nGu6nLBfTEmnnLo8gTfjorNqcbn2pruB81xArvXhaDLjryJb -iKrfLjtd4mOrxwGjyDrhBp8v0Z+0BsQRg8KZSt7wwjIEuGUm6Vc/fVLX2BxuLFVT -04EduZ4KwTSmakivO9luhBYwM6YQFza0MGj9lek+NcOVcXqGJqdGZgmVkcbCuqZh -wqW2OI40oBTx1wwRkwqk0/i3Mv0SOGSfaP49ofYowcifH+ql4nf9rdkhIkCyno6B -P3kOExkecA9KS4HqksX6T4Dpj16s3Al0cOF7I2gMGMd/B0o5QinWw2IW7BVzApOm -o18hkFmO5rEKvjLPbU5+Vj2HEw8= ------END CERTIFICATE----- diff -Nru mariadb-11.8.6/mysql-test/std_data/galera-key.pem mariadb-11.8.8/mysql-test/std_data/galera-key.pem --- mariadb-11.8.6/mysql-test/std_data/galera-key.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/galera-key.pem 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQClBLFFA+9Eyx8x -DF2HYIIlqPdiH6ntggZnI2qwDFk+t8nsFxbiC1UGSSaC6dC7gqR5CG2TL2uiQHM6 -d6DoR5lAJ/rXOTMmnD3FC4K66khxUxgP9kelAomAFmh3M9GiuzR/OK7EzYXxjYTk -49wjk76zk7ze27tnauxV9mrAvbUYbi4VBqG58vxyEk38wVo4sjAXwN6DGUz8nMUP -wrGGVzCIggf3/5ZoHlV8GD9TXkAgBgKhbvcDS4Lqnk8HlwMz0L8c3rgXv31MOkgt -Qe2C5josb0/9sS0z7dY2jLzy/1KvqjKbz4dF87Nh0SB9A6MvH2wd+bhB6YgEwa65 -IzaAWdFPAgMBAAECggEAT55ae46g8MPCWnN5YvqNAOer6IOXhPlh5nx/ms5yduDN -Q6SGTW0jSmOb+bkflYE8owsOd1//YisPjauvjrMQ/ZPsotA93kivQvXBTzb/2fG6 -H+V3fuWg+xSUtcLiSE5jz2hFZr40/K2H67oG+oFsFw/Wpn5FRuofeoBo1HMTv+OO -8JvDGOC3jNBxqvajf2+YTpHkS2Bm0CujlspMv+LYYJm4kjlmaE+PEKGAqp+WT+rK -10HXYQGsOLld3DVfO0aHJQ+ji5WskTtmJxi/Gutra2BL7upiPByvdInCBFL5WObw -1gQCYZeUgD0Djofmk4Jst8M7fU/v8HDTgyMzy544EQKBgQDOVXuS3wkxz5QqKAt9 -js8nAb+M9w84cCn89hLZN60IBBWb933EtRun5M6Izy7PWRnSUH4Oeao9cGU1GsKQ -AuTLJKfbNVCrYo5dTpRDpK1zgRaiT2IPn8Wi337qP89dcb0NPXpWkzrkmhZJ3C6t -YkvDp8jhunudCpisWsA5cDGmcQKBgQDMvUyI7wyukMt+VDIi1tnzJgJlezXRRCCH -MO1qMSAn0UIIp/9nR41mdj9gQJby1uc+eL5eLY/KTjZgU9NTOhJ3ZT/GkvoR9xQt -yZfWz8117OXoJxMgfUITKijtlQSCY4i3kAcA+bEerFIW+6xtNXzte5Q+LH/knmbh -HmC689hTvwKBgERRwa0L9LtthB3BTKyyUJ0V0xsV4xBI814zDGKoML7qu0z9UcOE -RDf/ZvOdxl4Znpco19RrLJdTU++VgL62dpNc+8d1i9RzubfjgOw05snMAHaV2l5a -BNK9NgTSRBMoyfRMWum3rlRrQN4L7dizJ2sNb1JusOd6zrqjAesC3y3BAoGAAdlz -54jBRJJqRCneihIGxfuB6gjC47EJ2i7G9j6bW8C4J/vcgsJStKo8yFHNC0SFsjrE -/XTL57ftJdGcBxRvNkTj3pdVSvRAaml3xaj64iXRrdcshQ6cmi+3Tu4ZrFPZ2E6k -wY1/3BcSZsK/O/1Ps5V6MVWVkiscIsxzczzgp2ECgYAqC6yFmIbw1Ui/YIqprj8c -nb5xl5KGj47ZGFIWeoNIZKOwUZu+POu+WZ4kOvySP276xvLfjLjWl+HHjN73AMaT -RvW2+xwSEfGR4d5wqGGxk5TnJOzi0vd21tGUCGdc+AAYDE/M00skdW8AfK1fUuVm -qkpHixGjosFWeZn9IGyu0g== ------END PRIVATE KEY----- diff -Nru mariadb-11.8.6/mysql-test/std_data/galera-upgrade-ca-cert.pem mariadb-11.8.8/mysql-test/std_data/galera-upgrade-ca-cert.pem --- mariadb-11.8.6/mysql-test/std_data/galera-upgrade-ca-cert.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/galera-upgrade-ca-cert.pem 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFkzCCA3ugAwIBAgIUV3aBq/Mk/AlwaHlG2fWsrojezT4wDQYJKoZIhvcNAQEL -BQAwWTELMAkGA1UEBhMCRkkxETAPBgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhI -ZWxzaW5raTEQMA4GA1UECgwHTWFyaWFEQjESMBAGA1UEAwwJR2FsZXJhIENBMB4X -DTI1MDUyMDAxMTUxNFoXDTM1MDUxODAxMTUxNFowWTELMAkGA1UEBhMCRkkxETAP -BgNVBAgMCEhlbHNpbmtpMREwDwYDVQQHDAhIZWxzaW5raTEQMA4GA1UECgwHTWFy -aWFEQjESMBAGA1UEAwwJR2FsZXJhIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A -MIICCgKCAgEA0w+K6kwQVLDyg//YVYxDXFElDpzUlZo66Yq7y8Y2LcG088GqPQlf -g9tMd/HFat8HXaRu2N3Mjd7cgtt7Sp+wuSC3MadGObqaipwnGMUC04FUI3aOlhyu -NPdS6o+LQ3LIhRNS251SqYJ+lZkWlw7ygw/pyovAwyWKkUib1n1C0O9DwLcZEGdY -4GkkifSp7gF+xHf9NZ3AI0nnXZccmQm3EYslepR8Do+D635Hk+49kN/OPm44uUjn -ul9Xlh4azn6AXgd1VPBWV7Ic6EtMhXIVdIiJTIbhHVBTuMXlwS2TzXEJN0QcGMLF -AyA6aDPkFHwZDAyP/fgh7v2DVkEh8UQUUW4m3GibJmyYcQw0pvILcC8sUHMQ8ZAb -eTchzwB+2L3DywGHmcDMYeUpmYANABNdLGBZTnjy06ZBs0EAPMaUujUXWjb4zI5+ -NQ5KTfYQ3nOePKyFzf+W7aO09ApM9zbYI5fZwoAlgxqwL58LlxmW6QDDSMtu9xE+ -3p0/iJnUD3mCUYPKINqT8ZaJOTOywELntUq/eFjPHZlCebbBhVBGjJQnhNAlWD7O -Y2iOs3XYzVX4FJxlcodj3idKrfRYF3IGekah4+NainFbMu24J08BYrc77vqj8qNv -tHaYcxEs4d0ggyWAnr4i8wDgl/aT63FIj+PPA7VHw9ytbEYkF7ZEBb0CAwEAAaNT -MFEwHQYDVR0OBBYEFFS7XKdj8vKLmXYl/adm467ECLwGMB8GA1UdIwQYMBaAFFS7 -XKdj8vKLmXYl/adm467ECLwGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL -BQADggIBACm8QeUNhuAbwsOA7uImSFyatA7+kSC0heVQyV0B2AC4smca3yQQfnF7 -ttnloEfOQJ/HEKUw67jFPLjf+ZdrV4WGJJFlUpUcOgTBgtPze3Cc8JdJTAsA12cz -rxCKNf7d9Ob1xzXsGmWG0fjPqJpFMDTDdJcuWBdKOjKg8qP3L3anfQBPiVzc6Wyz -IIs7LUQRAYtN05JE8jzDecNKZIbDbGQ3qb4uqyfQOebaP4g63osNMugBPRQpcgLk -o2F0q3iC1GnJD8RCl1P0IpLHtVIC8GbamL0WVD5XWYk6esGHpqzeWZGUl+GVUCJ+ -QOlqnLD0UPnBo/o3d+lrzeRUeGVu+k8u3TeJZyzOyuh7ZPZtNQ7h1Rzxa5LD4tGX -SeFtyS8dYiVC27Vyu2LAFcbZUO3VTOpusXy3iq5jz7MzuTHaV8MiYPDuQ3xhrUo9 -kGWXKiTd+Vr1V6iBig7wWDSwMyFbbDzv3N86TpHjO2ynXNHXPg6VEDOP+zOcI7KO -cgQWqhR8Zr58Yo1tRI8ync9zeUF5cD1EnkP0QRelnmhR0IEPAIxW2YCIO4+jAZOE -5bKPyJwjWzfJR0U2fFi73qpXoMXubcrPFMdiYTMnRjwO+WVLNWCQbe6zE9xh/ZKx -JCYjqvyKIrbtrS4exkRkXDX+gknrdYcfSw/7i9DKkzfowKYVrTQd ------END CERTIFICATE----- diff -Nru mariadb-11.8.6/mysql-test/std_data/galera-upgrade-server-cert.pem mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-cert.pem --- mariadb-11.8.6/mysql-test/std_data/galera-upgrade-server-cert.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-cert.pem 1970-01-01 00:00:00.000000000 +0000 @@ -1,87 +0,0 @@ -Certificate: - Data: - Version: 1 (0x0) - Serial Number: 4097 (0x1001) - Signature Algorithm: sha256WithRSAEncryption - Issuer: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN=Galera CA - Validity - Not Before: May 20 01:32:38 2025 GMT - Not After : May 20 01:32:38 2125 GMT - Subject: - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - Public-Key: (2048 bit) - Modulus: - 00:c9:0e:e9:9d:eb:8f:8d:7f:79:aa:55:7f:2d:c0: - be:92:10:77:46:78:31:63:38:82:01:91:91:4c:c1: - 49:85:04:d3:28:0a:49:80:81:1f:3c:3c:00:6f:aa: - e1:ad:d1:44:0a:72:2a:82:39:72:12:5e:3d:0e:be: - 43:f8:11:98:6a:cb:35:a8:f5:05:e1:1b:b1:9f:14: - ee:59:9d:4a:34:cc:92:0d:9b:cf:23:db:ba:5e:68: - b3:de:2f:37:04:41:c7:84:b0:62:fb:5d:7a:b9:6e: - 0d:f8:f9:82:23:24:8c:0e:f6:34:b7:93:fe:82:f6: - fc:56:45:46:67:63:b1:a7:18:2d:2b:7a:90:92:9c: - a0:cc:11:18:68:f1:9d:24:a5:77:40:cc:c3:ae:df: - ed:c9:1c:cb:e1:66:0c:04:3e:93:2b:4f:ad:31:c1: - 33:64:a4:27:7d:27:da:40:bb:bb:d9:a1:f1:b0:bc: - 43:de:52:22:78:0d:21:ac:20:e0:62:15:4b:60:a4: - 60:77:34:44:75:76:1f:57:00:23:15:dd:51:29:b2: - 5e:75:99:b0:72:0b:49:21:31:1f:5f:a4:b9:ef:c4: - f1:1e:4c:0d:1f:4b:2d:f1:71:f9:b1:df:3f:9c:01: - 7e:cd:66:ef:07:e6:e7:9a:95:eb:86:ba:44:05:84: - 42:2b - Exponent: 65537 (0x10001) - Signature Algorithm: sha256WithRSAEncryption - Signature Value: - 90:67:64:33:70:bd:c8:15:10:8d:8c:f3:09:48:c8:12:8d:58: - 25:b6:a7:a5:2f:54:4e:a3:8e:4c:8d:e7:bb:60:2e:1c:1d:0f: - c1:62:78:d3:47:18:a0:c6:55:4c:69:38:07:e4:86:7a:c6:35: - f3:bd:05:1b:a4:67:ea:d9:ed:72:e5:37:df:7f:97:2f:76:4e: - d8:7a:df:de:7f:35:15:de:cd:e0:e3:c2:e1:96:15:79:3f:88: - 5f:d1:f1:b4:f1:41:21:f1:6a:cd:92:3d:4c:14:fc:5b:17:d0: - ec:7d:12:88:18:74:ec:5c:2a:d3:e7:7b:c4:69:53:51:37:71: - d1:f8:2a:70:80:e3:b7:b5:00:a6:df:d4:9b:d4:65:5e:e2:53: - 6e:98:6d:76:26:cd:19:cd:08:ec:81:8b:54:50:53:9b:06:f3: - 65:83:a9:1b:9c:f0:ed:12:88:c5:0c:f2:02:d4:3f:09:fb:43: - f9:1e:13:12:05:c4:e7:47:e7:9e:bf:c0:6a:70:17:3e:f4:29: - 92:77:a8:1b:d9:1c:3c:e3:ae:5d:c8:98:a6:4b:3d:22:a8:cd: - 46:8e:8b:4e:b2:0c:a3:3e:9e:fe:98:a1:2c:36:10:f9:b6:63: - d4:ae:bb:a8:f3:e8:cd:2f:0e:06:a2:e9:e1:41:3f:25:8b:ec: - a1:65:56:ec:d6:98:4b:b3:fc:d1:8f:21:1e:55:3d:28:10:c3: - 55:30:54:0a:92:f5:33:7e:c6:68:fb:7d:b3:5f:5a:a2:65:4f: - 25:53:93:3a:11:4a:23:5b:26:59:8e:5d:c5:56:c9:35:f5:55: - 45:f1:0c:f0:b3:98:62:3f:42:f3:44:17:81:fd:41:80:e5:6e: - 45:76:19:f0:34:f6:9a:13:76:5e:2e:08:66:71:e0:5d:f8:aa: - f9:ef:4b:1d:23:bc:c7:a7:e4:09:61:df:e6:b7:9a:7f:d2:8c: - 25:f3:26:e2:38:36:1a:1e:23:a9:10:60:08:59:22:52:cf:64: - 47:68:a0:04:31:33:f7:14:ec:33:87:76:f2:84:d1:37:07:fc: - 1a:fa:23:94:2a:7e:72:f8:bb:45:17:49:d7:57:46:c1:aa:4c: - d2:04:dc:82:7b:33:b9:44:ee:d2:bb:4c:60:f0:93:7b:68:19: - 77:65:7b:ce:65:d2:16:2d:0b:3d:0b:7d:62:96:86:29:c2:01: - 57:26:02:15:67:cb:97:5b:2e:a6:65:60:b9:4f:53:ce:3a:6a: - 35:06:50:d9:1b:be:5b:a0:0e:0a:b4:66:40:a5:6a:40:d1:37: - fd:f9:0a:63:22:b4:08:7d:5f:1a:ed:cb:6f:74:17:b6:a3:56: - 54:24:38:8f:c4:6a:cf:46 ------BEGIN CERTIFICATE----- -MIID0DCCAbgCAhABMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNVBAYTAkZJMREwDwYD -VQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVsc2lua2kxEDAOBgNVBAoMB01hcmlh -REIxEjAQBgNVBAMMCUdhbGVyYSBDQTAgFw0yNTA1MjAwMTMyMzhaGA8yMTI1MDUy -MDAxMzIzOFowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMkO6Z3r -j41/eapVfy3AvpIQd0Z4MWM4ggGRkUzBSYUE0ygKSYCBHzw8AG+q4a3RRApyKoI5 -chJePQ6+Q/gRmGrLNaj1BeEbsZ8U7lmdSjTMkg2bzyPbul5os94vNwRBx4SwYvtd -erluDfj5giMkjA72NLeT/oL2/FZFRmdjsacYLSt6kJKcoMwRGGjxnSSld0DMw67f -7ckcy+FmDAQ+kytPrTHBM2SkJ30n2kC7u9mh8bC8Q95SIngNIawg4GIVS2CkYHc0 -RHV2H1cAIxXdUSmyXnWZsHILSSExH1+kue/E8R5MDR9LLfFx+bHfP5wBfs1m7wfm -55qV64a6RAWEQisCAwEAATANBgkqhkiG9w0BAQsFAAOCAgEAkGdkM3C9yBUQjYzz -CUjIEo1YJbanpS9UTqOOTI3nu2AuHB0PwWJ400cYoMZVTGk4B+SGesY1870FG6Rn -6tntcuU333+XL3ZO2Hrf3n81Fd7N4OPC4ZYVeT+IX9HxtPFBIfFqzZI9TBT8WxfQ -7H0SiBh07Fwq0+d7xGlTUTdx0fgqcIDjt7UApt/Um9RlXuJTbphtdibNGc0I7IGL -VFBTmwbzZYOpG5zw7RKIxQzyAtQ/CftD+R4TEgXE50fnnr/AanAXPvQpkneoG9kc -POOuXciYpks9IqjNRo6LTrIMoz6e/pihLDYQ+bZj1K67qPPozS8OBqLp4UE/JYvs -oWVW7NaYS7P80Y8hHlU9KBDDVTBUCpL1M37GaPt9s19aomVPJVOTOhFKI1smWY5d -xVbJNfVVRfEM8LOYYj9C80QXgf1BgOVuRXYZ8DT2mhN2Xi4IZnHgXfiq+e9LHSO8 -x6fkCWHf5reaf9KMJfMm4jg2Gh4jqRBgCFkiUs9kR2igBDEz9xTsM4d28oTRNwf8 -GvojlCp+cvi7RRdJ11dGwapM0gTcgnszuUTu0rtMYPCTe2gZd2V7zmXSFi0LPQt9 -YpaGKcIBVyYCFWfLl1supmVguU9TzjpqNQZQ2Ru+W6AOCrRmQKVqQNE3/fkKYyK0 -CH1fGu3Lb3QXtqNWVCQ4j8Rqz0Y= ------END CERTIFICATE----- diff -Nru mariadb-11.8.6/mysql-test/std_data/galera-upgrade-server-key.pem mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-key.pem --- mariadb-11.8.6/mysql-test/std_data/galera-upgrade-server-key.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/galera-upgrade-server-key.pem 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJDumd64+Nf3mq -VX8twL6SEHdGeDFjOIIBkZFMwUmFBNMoCkmAgR88PABvquGt0UQKciqCOXISXj0O -vkP4EZhqyzWo9QXhG7GfFO5ZnUo0zJINm88j27peaLPeLzcEQceEsGL7XXq5bg34 -+YIjJIwO9jS3k/6C9vxWRUZnY7GnGC0repCSnKDMERho8Z0kpXdAzMOu3+3JHMvh -ZgwEPpMrT60xwTNkpCd9J9pAu7vZofGwvEPeUiJ4DSGsIOBiFUtgpGB3NER1dh9X -ACMV3VEpsl51mbByC0khMR9fpLnvxPEeTA0fSy3xcfmx3z+cAX7NZu8H5uealeuG -ukQFhEIrAgMBAAECggEALOBrPJhrfkXJvj8/F9NBthB+zvfc7iyauAbpy5wI8OvW -xcUmCszHUAaEgmg93zIqYbqByndQAtGOB1Bok2I6Bvw8ie3G1iv8RWnCmbYF7isL -HoZ8gaB1xMTSAPHA8e5Mvk0wirKexezOqZfneDicGmrR8XfTAyBlykvEHyeda5IQ -O5P5OIseevBSOYujV/pYohLIlIJmaxtlyLktIos2TvNxcomULhQ+b+xLc2YZespE -9Tvolin3czzS8UUACFIVDkmWRzEyEH+PXOBFiwbI3SeL1V+iJx+YcEkrNZpLkV45 -DxvNqDMfgi7iZ5Re9/QIuoz79drokiC6yHW/V5EWoQKBgQD3RcvbaaWkCpC0mHer -K3+5I9OtBxFenG3h5v8jXVC4LwKoqeN5CpMBnltohiRWOxfjuJ15MHkIywuDYslU -ySEA2GvZZZIJxa9dNiQiCPlEH5GN0+9U9FDTYj3bvcjKkxrYBsdF3Yt3kkmlkdiZ -ANpo4iWHWkWC0EDXLqlM1dc8vQKBgQDQJ40pkMXczHFjklnwOtm1ftjXPtIUA2t8 -Wgs+IVua0z+j5G1BiHisRct5pQDgLbMCtRzMvi8a/BrH+LMn9eGBnifJfOMZi7JR -6AYIjYzUVqJNgBLPTCLFjRSGOfLgG3XnS++E5OleftOvXZRuhzgng7ED8dU5KRfh -kjqwz3wNBwKBgAUleryyUjQ71A8uLS9u1FWyHTG4t+/UKaVN/Xlq88chk1iXUJiw -U6bw+M4QHKl+yVx/9ycSjzJTp4WwhKgzF3DBEF2R85wodSHngpECxs1YKttc0dpe -y1/a55avOIKe1Swx1+voVILElKvRgUSN8/3C1y0d/9xdITxZSETFHpmxAoGAK+qc -Us+znzEXHz3qcc/IzQ0VLNyZMBXEoLjStGoPTKwTOj3gezoS063qDyEr/SBHK2QQ -znW1tIjKEbS7/8tVp6Y5mL4bn/EkTzmXxEgxFT+uAJHr5gaXM3zffq5NOtEwX/ta -bnxpbEFv4gjpXyRySYv0VfO429V6r2HNti4gaxMCgYEA0EYdaBjLb+eHsT4aBFa4 -uQg7N/F4JPNFpb7L6u0gCxkPGkmolCJyPMBS26ciDIiGIx9VBxvWsuzLU96nphG9 -xgczWAzbYXeHN6UZw2ASWMyW+ffYqgLlE3it5qj0JiCkWxsjSiStLKm675WkqkxM -LBW22SFBcrXvQLb6CEC5mQQ= ------END PRIVATE KEY----- diff -Nru mariadb-11.8.6/mysql-test/std_data/ldml/Index.xml mariadb-11.8.8/mysql-test/std_data/ldml/Index.xml --- mariadb-11.8.6/mysql-test/std_data/ldml/Index.xml 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/ldml/Index.xml 2026-05-24 09:58:30.000000000 +0000 @@ -355,7 +355,10 @@ - + + binary + nopad + Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/mysql-test/std_data/mdev-39404-binlog.000001 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/std_data/mdev-39404-binlog.000001 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/mysql-test/std_data/mdev-39408.mb and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/mysql-test/std_data/mdev-39408.mb differ diff -Nru mariadb-11.8.6/mysql-test/std_data/server-new-cert.pem mariadb-11.8.8/mysql-test/std_data/server-new-cert.pem --- mariadb-11.8.6/mysql-test/std_data/server-new-cert.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/server-new-cert.pem 2026-05-24 09:58:31.000000000 +0000 @@ -1,123 +1,120 @@ Certificate: Data: Version: 3 (0x2) - Serial Number: 2 (0x2) + Serial Number: 3 (0x3) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=cacert, C=FI, ST=Helsinki, L=Helsinki, O=MariaDB Validity - Not Before: Mar 3 03:03:03 2020 GMT - Not After : Feb 28 03:03:03 2040 GMT - Subject: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN=server-new + Not Before: Apr 22 18:06:08 2026 GMT + Not After : Apr 18 18:06:08 2046 GMT + Subject: C=FI, ST=Helsinki, L=Helsinki, O=MariaDB, CN='`touch A`'-"`touch B`" Subject Public Key Info: Public Key Algorithm: rsaEncryption - RSA Public-Key: (4096 bit) + Public-Key: (4096 bit) Modulus: - 00:bb:a2:d6:cc:2d:ff:d1:91:03:41:0a:d9:e8:78: - cd:f7:6c:b7:8a:b0:37:e7:a2:79:c3:4e:08:da:f2: - ec:bd:ba:83:e8:e9:3d:56:56:8e:d3:b8:d7:f2:b4: - 95:99:39:26:a5:b2:92:b0:09:5d:42:ee:61:06:45: - 9c:e6:c6:f4:7a:ee:45:5f:bb:4b:29:1d:f2:1d:4b: - 64:16:ca:c3:0c:58:95:1a:db:d4:54:f4:2d:d7:84: - 76:69:75:cc:b1:a4:0b:4c:83:d5:ba:9f:f5:d0:d7: - 58:b9:ed:35:da:b5:d1:88:1e:85:db:94:b7:2b:f3: - b7:a1:85:73:dc:92:b8:bb:80:79:85:e2:7e:d6:f6: - bb:72:fe:8c:65:64:35:99:8a:d9:74:c6:86:ef:ad: - 61:cb:50:ff:1c:44:72:a0:42:c6:8f:19:60:ab:8f: - 00:3b:6f:94:ae:be:88:70:72:61:80:4d:68:4f:c6: - 54:9c:d6:a4:e3:85:a8:51:4f:76:dc:b1:5b:4b:c2: - ac:07:ec:12:4d:c8:ba:c7:b0:80:ef:57:00:75:4f: - b0:fa:c2:a1:70:4d:0d:75:c6:a9:3d:b8:1f:5b:fd: - 0c:34:84:5c:4f:10:35:62:90:7b:d5:6b:b7:78:cd: - 54:e2:13:ba:9f:81:c2:f1:84:e3:74:b3:27:46:4a: - ef:48:59:75:58:53:a9:92:e0:c8:3e:44:86:72:f0: - 67:64:1a:72:db:33:68:bb:51:a4:39:9c:30:f4:38: - 9f:c1:74:ab:57:6b:99:3b:e7:19:34:96:44:2b:f3: - 7b:58:82:b7:eb:eb:74:5a:66:8e:be:68:2b:71:85: - 01:b4:d5:0d:e0:1e:17:5f:e1:12:72:f3:71:d8:41: - 9a:4e:be:a4:2c:bb:80:48:e9:2d:74:1e:57:12:d0: - 90:c2:66:2d:1c:d1:7c:c7:e0:5d:7f:a0:a7:46:fb: - 31:a7:37:c7:19:22:4f:f6:7f:8d:b8:d4:9b:f7:b1: - fa:6f:77:68:b2:e2:a1:e4:05:e9:22:79:09:f0:59: - 21:c0:49:0e:1c:31:0e:3d:f4:1d:4e:d5:51:8f:e4: - 40:66:a6:a0:63:0c:dc:66:5b:08:d6:6c:ee:2b:08: - 7f:1e:a8:ac:10:69:8f:78:49:5e:8e:20:f1:81:c8: - b2:6a:36:4a:43:e2:0f:47:7b:8f:ba:06:52:2a:2d: - 05:c0:03:f7:11:ed:ed:c1:e8:48:9c:3f:c1:cf:2c: - 88:c8:57:de:81:e3:59:2e:db:51:6e:23:0d:7e:a8: - 75:a4:6d:cd:9e:56:7f:19:f9:43:ee:2b:3a:dd:c5: - af:e9:1a:3e:1d:dc:57:a3:dd:56:14:ed:ff:33:40: - 0f:c3:e9 + 00:b0:bd:aa:b2:7b:3a:b8:98:2b:48:36:c0:f2:c9: + 90:b1:88:39:1d:58:e3:0b:1c:b3:73:ae:8c:b1:db: + 9b:93:40:d8:4e:2a:bb:3c:65:a5:02:78:fd:1d:04: + 24:c6:8b:b6:5e:21:13:bb:cf:20:5c:d6:d2:fb:3b: + 2b:03:cc:4d:e7:e6:06:8c:2f:10:9c:d2:77:af:1c: + 1d:d3:d0:02:88:f0:17:3f:79:4c:bf:c6:95:63:05: + 04:02:1d:a2:ba:eb:e8:6a:e4:8b:80:48:b4:28:8d: + ed:46:28:79:87:e3:58:42:65:3f:20:14:c9:16:93: + 9d:14:86:b3:4e:b5:30:98:9d:83:00:a1:30:56:38: + 1d:67:f3:ff:3e:39:d9:c4:30:0a:4b:b1:6d:a1:17: + 0b:9e:a0:0b:c2:16:fd:7f:72:ba:f9:3c:00:58:87: + 8d:3c:16:a6:1e:00:ae:33:9c:aa:a2:d7:37:c7:1c: + 66:2a:c4:cf:32:9d:02:08:6b:3f:2b:c8:9c:26:3c: + 53:57:69:73:f6:83:84:cd:fc:42:ad:a9:9f:37:ef: + c2:f0:72:0a:84:52:92:f8:d8:cf:10:54:02:24:93: + a4:b1:48:1c:34:74:1e:1c:3e:61:46:93:6c:b5:5b: + a5:fc:a7:9d:4e:76:72:e6:85:b4:57:5f:c8:da:7a: + fd:71:98:ca:70:2e:92:3a:83:d9:6a:54:d6:d0:31: + ae:dc:ad:49:f4:76:f7:d4:f4:79:a6:b5:a2:5f:da: + d3:ed:f2:cf:4e:55:e1:f2:64:9e:9f:b4:a8:df:f6: + 53:21:15:b4:fe:f8:72:c4:d0:1d:b5:35:b8:ca:c7: + 65:ae:b6:24:24:a8:a6:e7:5b:d1:de:e7:c4:53:21: + 13:64:ff:89:d4:4f:79:03:6a:37:cf:d9:ef:0c:ce: + 6f:92:ae:fb:0b:d9:a8:3e:67:0f:b7:71:88:dc:ba: + a8:b1:8d:fa:fa:2e:53:54:80:c4:a2:a4:26:a5:c9: + 66:5e:75:d5:1f:99:d9:90:c2:77:89:60:13:f1:71: + e8:a2:f5:4a:62:b2:3c:8d:e1:22:75:b0:bb:29:83: + bb:69:b2:ab:08:28:0d:63:70:12:4c:ec:fe:08:e4: + d2:ca:21:48:3c:f4:3c:e6:14:e9:3e:5a:50:89:3d: + 0d:4d:93:73:7f:ff:3d:13:2c:b1:fb:81:a0:24:7a: + e7:66:43:40:47:24:e2:c5:ca:7d:8b:af:70:8d:63: + 2d:f8:f7:70:99:46:ba:48:7c:d1:08:3b:7b:78:05: + fe:bc:0c:09:ab:7d:43:ba:b1:a9:fd:62:be:2c:8c: + 9d:68:b6:43:4a:cc:40:25:3a:62:e2:52:95:e8:3d: + 6f:34:19 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE - Netscape Comment: - OpenSSL Generated Certificate X509v3 Subject Key Identifier: - 41:73:D1:5E:AA:7D:59:3C:6F:4D:43:E8:20:AE:A1:D3:9C:26:B1:C4 + 15:B2:A0:7E:13:1F:B0:88:CE:E5:E0:FF:D6:8F:8A:D1:01:B6:F2:00 X509v3 Authority Key Identifier: - keyid:4D:FC:7A:19:F3:2B:0C:7D:F6:C0:7C:4D:F8:72:34:4C:8C:35:52:74 - + 4D:FC:7A:19:F3:2B:0C:7D:F6:C0:7C:4D:F8:72:34:4C:8C:35:52:74 Signature Algorithm: sha256WithRSAEncryption - 49:7c:18:c2:1b:5b:de:5e:15:84:18:f6:6b:1c:03:d6:8e:75: - 34:f6:6c:0c:e3:64:60:65:6e:19:1d:26:3b:c8:ed:96:99:30: - 19:7e:3d:d9:c5:a1:19:8e:c6:15:c1:60:74:7e:b6:8b:78:d8: - 46:43:f7:ad:b0:96:fa:51:4e:52:c2:67:da:da:a8:70:f3:40: - c5:80:b4:cc:36:18:81:98:d2:af:94:bc:82:ba:4a:7e:e6:d6: - a3:4b:2b:6f:f6:45:b3:82:07:2b:32:68:7a:d5:fc:7d:70:75: - 7b:4e:b6:33:4c:3d:c2:46:3b:89:c8:77:d8:8d:da:20:88:1d: - 0c:76:2a:79:92:9c:91:44:44:c8:c7:5e:53:8c:d3:29:f6:e9: - 3e:26:9f:47:ac:ca:03:4a:90:ba:c7:ba:0e:31:61:fe:89:af: - 2b:eb:07:aa:7d:10:fd:f5:f0:ba:09:f0:58:1b:86:9b:d2:0b: - b8:c8:db:f4:be:6c:ba:96:dd:3c:5d:7f:ec:4b:8e:93:46:b4: - 78:d2:c7:02:c7:26:e5:d9:ba:3d:93:3f:85:ea:bc:3a:ab:54: - bf:d5:2c:6a:49:f4:d7:d4:72:cd:5d:33:d2:cf:c8:c6:98:1e: - d2:de:72:53:8c:c3:47:f7:43:aa:ca:0f:ca:0f:24:d0:7a:0f: - 43:fa:9c:cc:2a:39:2b:0f:ee:89:91:91:6b:e7:89:80:fd:bf: - 87:c2:9f:0a:7d:f5:e1:33:72:8e:02:35:d4:c6:ec:1d:e7:e0: - f2:9b:ff:c3:d0:f2:ae:52:9a:41:87:65:24:d4:2e:3d:61:fb: - ef:6d:9a:e9:b2:09:af:6b:d9:72:1a:c5:e7:45:1f:4d:bb:2a: - 9e:af:25:b8:cd:d0:fc:43:70:45:55:a0:23:4e:23:00:de:65: - dc:f6:bb:d9:a3:b3:61:28:5c:10:09:c1:ca:d5:63:4d:cb:e0: - 1b:36:e1:e6:4c:25:1f:c2:00:d2:93:1f:c4:c9:64:b0:0d:dd: - fb:dd:b4:0a:57:24:8a:d5:20:c3:d2:54:a3:c3:8e:c1:e7:c4: - fe:30:14:dc:f2:69:6c:8b:67:1f:2b:a7:90:bb:da:f7:81:0d: - 33:24:3a:21:d6:5d:7f:ed:9a:b1:99:47:8e:42:53:f4:e1:86: - da:15:c3:88:bf:e6:4e:29:48:b3:bf:2e:ac:ef:b9:04:74:2f: - 48:b7:13:ef:fa:92:a5:93:99:e1:0e:3b:86:d1:3b:f9:49:b0: - ad:b9:e4:88:e6:db:10:58:5e:b3:61:bf:5c:74:ef:a0:76:99: - 2e:0f:b8:68:01:9e:32:ae:af:cf:14:45:af:45:0a:f0:b7:f9: - 41:3b:45:52:7b:a0:44:eb + Signature Value: + 4a:4b:4b:69:2e:c9:d7:c1:ce:63:e2:76:9b:3d:09:76:98:1c: + 73:cc:38:c2:e7:be:d6:14:de:38:97:e5:ed:53:e2:60:e2:1b: + 7f:6c:68:1c:f8:90:6c:0d:fc:1e:1a:ee:b6:53:77:5f:71:66: + 9d:81:a5:ba:c2:92:c7:77:eb:a7:f1:2f:8f:b0:37:68:97:25: + 18:a7:88:6a:b0:b6:26:32:a7:dc:55:e1:e2:7e:12:03:70:c5: + 28:c3:4d:32:d7:d8:b6:21:a3:8a:34:b6:6e:2b:b4:43:31:48: + 82:1b:84:4d:28:39:1c:e2:f1:70:eb:7b:2f:1b:7b:d7:6e:2a: + eb:76:15:5c:71:0b:e6:ff:66:4c:ad:92:da:06:f7:fe:28:99: + 00:ce:3c:e9:20:c1:e2:bd:f8:2b:cb:35:3a:5a:74:01:91:a6: + 86:e4:c3:8c:5b:ab:c8:5d:f3:0f:d7:fe:0e:02:e4:70:08:f8: + 0a:15:87:26:24:62:77:5b:51:97:3c:37:71:fe:5b:2c:5d:66: + 79:78:ee:42:59:9e:03:a7:05:83:f5:89:12:fe:ce:53:f5:68: + 45:aa:7a:6d:ac:44:84:a2:42:e3:5f:8e:e5:00:23:fe:55:0f: + 2a:5f:43:8b:34:bf:29:fe:48:57:00:f0:8a:13:f9:21:e5:ec: + 2c:d0:22:48:5d:b1:7e:b7:13:e1:e1:05:9a:8c:8c:fb:76:a0: + 42:51:98:24:7e:03:46:5a:de:c7:f9:72:6a:87:02:a7:72:b9: + 6c:71:08:ff:20:e2:77:c1:5e:42:54:06:bd:d7:21:05:a6:aa: + 89:3b:a6:cc:41:27:02:88:9a:83:39:38:85:1f:f4:76:7a:cd: + 90:c4:7a:12:1e:92:6e:8a:b0:be:c4:d3:2f:5e:8d:bb:86:bc: + 31:39:d0:3d:65:6b:90:af:3d:b3:c6:69:b5:ce:55:f1:d7:e5: + a2:8b:f1:6f:51:71:f9:17:aa:ce:a2:8a:a9:9a:a5:aa:6c:22: + 72:d6:d9:7e:a8:0d:b5:c3:34:ef:1a:95:24:0b:a9:4e:bc:b1: + 60:08:b8:c7:b4:2c:79:93:49:5e:ec:df:8c:28:da:cb:c0:59: + f2:28:58:e6:54:17:b4:c1:6a:ea:a3:7b:e3:95:1e:04:a6:7e: + bf:50:2b:27:94:83:3e:42:7e:8e:c1:db:92:48:41:19:b0:82: + 96:fa:f5:67:3c:24:8b:e8:4b:a9:09:5c:61:75:55:ed:74:23: + 8d:ac:67:d8:41:44:67:41:81:2f:ec:44:18:f5:93:49:88:e1: + 31:4a:0c:a4:e0:2c:ef:f6:4c:8c:95:be:49:5c:1b:d2:f8:5b: + c6:8e:ce:08:a1:4b:be:b3 -----BEGIN CERTIFICATE----- -MIIFpjCCA46gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl +MIIFhTCCA22gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBWMQ8wDQYDVQQDDAZjYWNl cnQxCzAJBgNVBAYTAkZJMREwDwYDVQQIDAhIZWxzaW5raTERMA8GA1UEBwwISGVs -c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMjAwMzAzMDMwMzAzWhcNNDAwMjI4 -MDMwMzAzWjBaMQswCQYDVQQGEwJGSTERMA8GA1UECAwISGVsc2lua2kxETAPBgNV -BAcMCEhlbHNpbmtpMRAwDgYDVQQKDAdNYXJpYURCMRMwEQYDVQQDDApzZXJ2ZXIt -bmV3MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu6LWzC3/0ZEDQQrZ -6HjN92y3irA356J5w04I2vLsvbqD6Ok9VlaO07jX8rSVmTkmpbKSsAldQu5hBkWc -5sb0eu5FX7tLKR3yHUtkFsrDDFiVGtvUVPQt14R2aXXMsaQLTIPVup/10NdYue01 -2rXRiB6F25S3K/O3oYVz3JK4u4B5heJ+1va7cv6MZWQ1mYrZdMaG761hy1D/HERy -oELGjxlgq48AO2+Urr6IcHJhgE1oT8ZUnNak44WoUU923LFbS8KsB+wSTci6x7CA -71cAdU+w+sKhcE0NdcapPbgfW/0MNIRcTxA1YpB71Wu3eM1U4hO6n4HC8YTjdLMn -RkrvSFl1WFOpkuDIPkSGcvBnZBpy2zNou1GkOZww9DifwXSrV2uZO+cZNJZEK/N7 -WIK36+t0WmaOvmgrcYUBtNUN4B4XX+EScvNx2EGaTr6kLLuASOktdB5XEtCQwmYt -HNF8x+Bdf6CnRvsxpzfHGSJP9n+NuNSb97H6b3dosuKh5AXpInkJ8FkhwEkOHDEO -PfQdTtVRj+RAZqagYwzcZlsI1mzuKwh/HqisEGmPeElejiDxgciyajZKQ+IPR3uP -ugZSKi0FwAP3Ee3twehInD/BzyyIyFfegeNZLttRbiMNfqh1pG3NnlZ/GflD7is6 -3cWv6Ro+HdxXo91WFO3/M0APw+kCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB -hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE -FEFz0V6qfVk8b01D6CCuodOcJrHEMB8GA1UdIwQYMBaAFE38ehnzKwx99sB8Tfhy -NEyMNVJ0MA0GCSqGSIb3DQEBCwUAA4ICAQBJfBjCG1veXhWEGPZrHAPWjnU09mwM -42RgZW4ZHSY7yO2WmTAZfj3ZxaEZjsYVwWB0fraLeNhGQ/etsJb6UU5Swmfa2qhw -80DFgLTMNhiBmNKvlLyCukp+5tajSytv9kWzggcrMmh61fx9cHV7TrYzTD3CRjuJ -yHfYjdogiB0Mdip5kpyRRETIx15TjNMp9uk+Jp9HrMoDSpC6x7oOMWH+ia8r6weq -fRD99fC6CfBYG4ab0gu4yNv0vmy6lt08XX/sS46TRrR40scCxybl2bo9kz+F6rw6 -q1S/1SxqSfTX1HLNXTPSz8jGmB7S3nJTjMNH90Oqyg/KDyTQeg9D+pzMKjkrD+6J -kZFr54mA/b+Hwp8KffXhM3KOAjXUxuwd5+Dym//D0PKuUppBh2Uk1C49YfvvbZrp -sgmva9lyGsXnRR9NuyqeryW4zdD8Q3BFVaAjTiMA3mXc9rvZo7NhKFwQCcHK1WNN -y+AbNuHmTCUfwgDSkx/EyWSwDd373bQKVySK1SDD0lSjw47B58T+MBTc8mlsi2cf -K6eQu9r3gQ0zJDoh1l1/7ZqxmUeOQlP04YbaFcOIv+ZOKUizvy6s77kEdC9ItxPv -+pKlk5nhDjuG0Tv5SbCtueSI5tsQWF6zYb9cdO+gdpkuD7hoAZ4yrq/PFEWvRQrw -t/lBO0VSe6BE6w== +c2lua2kxEDAOBgNVBAoMB01hcmlhREIwHhcNMjYwNDIyMTgwNjA4WhcNNDYwNDE4 +MTgwNjA4WjBnMQswCQYDVQQGEwJGSTERMA8GA1UECAwISGVsc2lua2kxETAPBgNV +BAcMCEhlbHNpbmtpMRAwDgYDVQQKDAdNYXJpYURCMSAwHgYDVQQDDBcnYHRvdWNo +IEFgJy0iYHRvdWNoIEJgIjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB +ALC9qrJ7OriYK0g2wPLJkLGIOR1Y4wscs3OujLHbm5NA2E4quzxlpQJ4/R0EJMaL +tl4hE7vPIFzW0vs7KwPMTefmBowvEJzSd68cHdPQAojwFz95TL/GlWMFBAIdorrr +6Grki4BItCiN7UYoeYfjWEJlPyAUyRaTnRSGs061MJidgwChMFY4HWfz/z452cQw +CkuxbaEXC56gC8IW/X9yuvk8AFiHjTwWph4ArjOcqqLXN8ccZirEzzKdAghrPyvI +nCY8U1dpc/aDhM38Qq2pnzfvwvByCoRSkvjYzxBUAiSTpLFIHDR0Hhw+YUaTbLVb +pfynnU52cuaFtFdfyNp6/XGYynAukjqD2WpU1tAxrtytSfR299T0eaa1ol/a0+3y +z05V4fJknp+0qN/2UyEVtP74csTQHbU1uMrHZa62JCSopudb0d7nxFMhE2T/idRP +eQNqN8/Z7wzOb5Ku+wvZqD5nD7dxiNy6qLGN+vouU1SAxKKkJqXJZl511R+Z2ZDC +d4lgE/Fx6KL1SmKyPI3hInWwuymDu2myqwgoDWNwEkzs/gjk0sohSDz0POYU6T5a +UIk9DU2Tc3//PRMssfuBoCR652ZDQEck4sXKfYuvcI1jLfj3cJlGukh80Qg7e3gF +/rwMCat9Q7qxqf1iviyMnWi2Q0rMQCU6YuJSleg9bzQZAgMBAAGjTTBLMAkGA1Ud +EwQCMAAwHQYDVR0OBBYEFBWyoH4TH7CIzuXg/9aPitEBtvIAMB8GA1UdIwQYMBaA +FE38ehnzKwx99sB8TfhyNEyMNVJ0MA0GCSqGSIb3DQEBCwUAA4ICAQBKS0tpLsnX +wc5j4nabPQl2mBxzzDjC577WFN44l+XtU+Jg4ht/bGgc+JBsDfweGu62U3dfcWad +gaW6wpLHd+un8S+PsDdolyUYp4hqsLYmMqfcVeHifhIDcMUow00y19i2IaOKNLZu +K7RDMUiCG4RNKDkc4vFw63svG3vXbirrdhVccQvm/2ZMrZLaBvf+KJkAzjzpIMHi +vfgryzU6WnQBkaaG5MOMW6vIXfMP1/4OAuRwCPgKFYcmJGJ3W1GXPDdx/lssXWZ5 +eO5CWZ4DpwWD9YkS/s5T9WhFqnptrESEokLjX47lACP+VQ8qX0OLNL8p/khXAPCK +E/kh5ews0CJIXbF+txPh4QWajIz7dqBCUZgkfgNGWt7H+XJqhwKncrlscQj/IOJ3 +wV5CVAa91yEFpqqJO6bMQScCiJqDOTiFH/R2es2QxHoSHpJuirC+xNMvXo27hrwx +OdA9ZWuQrz2zxmm1zlXx1+Wii/FvUXH5F6rOooqpmqWqbCJy1tl+qA21wzTvGpUk +C6lOvLFgCLjHtCx5k0le7N+MKNrLwFnyKFjmVBe0wWrqo3vjlR4Epn6/UCsnlIM+ +Qn6OwduSSEEZsIKW+vVnPCSL6EupCVxhdVXtdCONrGfYQURnQYEv7EQY9ZNJiOEx +Sgyk4Czv9kyMlb5JXBvS+FvGjs4IoUu+sw== -----END CERTIFICATE----- diff -Nru mariadb-11.8.6/mysql-test/std_data/server-new-key.pem mariadb-11.8.8/mysql-test/std_data/server-new-key.pem --- mariadb-11.8.6/mysql-test/std_data/server-new-key.pem 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/server-new-key.pem 2026-05-24 09:58:31.000000000 +0000 @@ -1,51 +1,52 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAu6LWzC3/0ZEDQQrZ6HjN92y3irA356J5w04I2vLsvbqD6Ok9 -VlaO07jX8rSVmTkmpbKSsAldQu5hBkWc5sb0eu5FX7tLKR3yHUtkFsrDDFiVGtvU -VPQt14R2aXXMsaQLTIPVup/10NdYue012rXRiB6F25S3K/O3oYVz3JK4u4B5heJ+ -1va7cv6MZWQ1mYrZdMaG761hy1D/HERyoELGjxlgq48AO2+Urr6IcHJhgE1oT8ZU -nNak44WoUU923LFbS8KsB+wSTci6x7CA71cAdU+w+sKhcE0NdcapPbgfW/0MNIRc -TxA1YpB71Wu3eM1U4hO6n4HC8YTjdLMnRkrvSFl1WFOpkuDIPkSGcvBnZBpy2zNo -u1GkOZww9DifwXSrV2uZO+cZNJZEK/N7WIK36+t0WmaOvmgrcYUBtNUN4B4XX+ES -cvNx2EGaTr6kLLuASOktdB5XEtCQwmYtHNF8x+Bdf6CnRvsxpzfHGSJP9n+NuNSb -97H6b3dosuKh5AXpInkJ8FkhwEkOHDEOPfQdTtVRj+RAZqagYwzcZlsI1mzuKwh/ -HqisEGmPeElejiDxgciyajZKQ+IPR3uPugZSKi0FwAP3Ee3twehInD/BzyyIyFfe -geNZLttRbiMNfqh1pG3NnlZ/GflD7is63cWv6Ro+HdxXo91WFO3/M0APw+kCAwEA -AQKCAgEAthrLZyx5rHWV9+lFJYchNrIvzA1MpKWekTtKAt1jgJvlbAX5/rJROhCa -nTZAPo4mAQi3rtvXxJ7AUar8JUoQesKHV+rZflVO5rmFsU0mUfQi+gdCIxU87H7l -wWKPwBRa1u7YXqDinMZzmTcsXlC5w+cDuOGziJenr75qfTd0zJ1a0+LHgW/C6087 -CShhkNweQmRvD2xxjjbU8SVJLlrAhJ93n+lQq16WqaXHm4KXOENoKoxtEC6NpzfP -7OI3lOcYmQWdmq618QIQrL+T0zXX/wLR2/1LW0ec+aJOHNV2sft8ffe78wvjE/7w -AGjjjv2RFT1akXYJsgdsDZXWVzVg1mfou1f0/ywmFNqtB2lKGnpte+3nre4ip7nw -lB8STjdByPhPNPb0xeMYlPmG05LY/nGJsExiTt9PHPj6+e2z0y3jZprbklsm/3od -FuzQ88kLeme2tuMDqedzTD38oaj39CnKjxoAXqQezc46LytDDpwgU/Or5Xu6UFV0 -lS0Pv0ua79zo+1to+DX0+V9vuwnXJmo7YFrGtZmpmRFG1r9Eakz0IbH9E8Pwd5FI -7oVF007ooNyAR7yC4VlK2u7V0i0ZdJGNhIvE6P0/NxKyoxNdrfhoyNA3AFtFCA42 -FNb7I6LgxPa9CR8zTjDmwe4AWcdEO2vIX/sihYsuHOZLaveNCYECggEBAOa2Vmzo -xg7BX5iS94RSN1ApFMlUibnc04hIaU7046N7kOF9FfFmc5gdXjRpNc2b7S3dmcWf -MycgBTCZeVq25zOA3NlD61BT1w/4u7dpCDuDK1zh/0xjkmHJ3KWxtOdStn0uU7Yx -pqhngHF+XnGwqhOCdC3wEHwLua7NtfoSwO2XyyRRsTomT/MhPZFNLRB2CvO6IU/F -xog4MC4aGBv1blYV2aBkXvyUzdQBxZQfcCSzAG56YvwBZ/1bORmGTHdfnirzGt8x -MRV+yp8JOUz33JRgOzkWANQxc4nZuvZD4TnZokTJaHLc7XWNZwKgiGo9XqlY9Bao -MgpRGu9GelQeBpkCggEBANAzzqqZuv1iqxo1Q4YgGWyuv7MJ60FpWMkMk6f332Jy -eGOG8TrLM45uo4Z9jNTtbjbmrKQYyA0D+++HXF7EPDNmJLH6950GtNN607hK1UA3 -1P7XW30mS6aHOckPO1Aing6Asvu1QqviwW/d5XTCiFGpU88BSh9l8A1ao+ePr+Lz -kYnuyT5yc2tBlUknv/SZ6eqbptKP2dh3cR5sn+8jRjXuXhONMjDisZH3IjMEdO5W -re1Qa/2LEnpB71g5qmb4Xj/o/uJlwQZAXXUBwEKid3Q5wa03DFFOUQmNGYrhYAl9 -4AYENQC2FESdo5dPGyOx/mBgx3B0Cg2S/ytX/P95CdECggEAaqmj/UgEwS+fna9c -pZ1JG1NS292sqvQwC9LGdQ187Mkk60rkSS2/hXUWZ464pC1RkyHfhOEcShtgqt5Z -n5nt+/64m+3trb6FMEojpyD1AGadNpz5Zfym4XTtAOHOrB+uZON1Kkd8MGFhnZb5 -3P/7MXffdJmHVYIqP2m1lz7yWSYTceAe2q55ygL1LucKTZD1cUb9PZ9HMRUhGT9R -JCPs9fm2GpQs4gN9wWVsThXWx/DF403L04xm4lg5ZtaTJaFcQ6kPJF7evXxX+vzN -tArnvOVcnADTM0cFjpbN/CrXxuIaRkkDdA817WIJXMqRJuTmjc6lUpBCSkjC9hqU -Va1oCQKCAQEAvJkRboyPTBRi9fylzAurvD2XvTERAFHTcVuJLbBllCIpV87XGfEU -JMOoMZ3tQrxJCEZwwL0KCnA/eTzeuaF8/vpZ5zd1sbJvftpWiyyOe/uXX7npUDau -dI0uFSlNC0wwbOa8OzJ40Ic5voH85oWJQp/mITAD2ulWSGKA8rPAGg+VGKNLfNvk -HZZtCrWNNp9tu21/8mEIbwPTXkH7pn4Hjbb9VSyj+JCBVb3OJvS0j2nJZ51gFW4z -MLglfX/PEjON/MqsiJyv+1+2yNTrOfE9z/S5spSY/dW5prNAHgQGINL7abfJ43kM -ZxN9KwUninAkA13ni8AxkxZDOxobPbiA4QKCAQEAwMLRfOulmo6psfMW7JhlRdZa -aAo8loLuK4S0nn4B3alUqjinVZPmgDRUu1XjtwbJ4mvbWjMxOQrYlRkp+RsxYZOy -hiTWkUgMNFLbMBuwsS4+pBiYrkcbyNAxg8TjlTIp1XMUdCsOd2JrSWG6eAekIv9e -9yOW7eOt8epnoAnCFpFBfdJvjCvWyKY/Sxk1ISskpVZoxFHk9Dc+38Rmy13hLyE0 -UyJnSX3x4Dw83cyV6/KqJWDkQlvVGoXG56gM2VZwLqvHHYDVOV/1u8k0KtZdxJFe -FANJfgYUb6c8SFYVbwc4Rjeb2nq/fnbUyUQpbZ278Xf5Oe594KBdYj9qltlGbA== ------END RSA PRIVATE KEY----- +-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCwvaqyezq4mCtI +NsDyyZCxiDkdWOMLHLNzroyx25uTQNhOKrs8ZaUCeP0dBCTGi7ZeIRO7zyBc1tL7 +OysDzE3n5gaMLxCc0nevHB3T0AKI8Bc/eUy/xpVjBQQCHaK66+hq5IuASLQoje1G +KHmH41hCZT8gFMkWk50UhrNOtTCYnYMAoTBWOB1n8/8+OdnEMApLsW2hFwueoAvC +Fv1/crr5PABYh408FqYeAK4znKqi1zfHHGYqxM8ynQIIaz8ryJwmPFNXaXP2g4TN +/EKtqZ8378LwcgqEUpL42M8QVAIkk6SxSBw0dB4cPmFGk2y1W6X8p51OdnLmhbRX +X8jaev1xmMpwLpI6g9lqVNbQMa7crUn0dvfU9HmmtaJf2tPt8s9OVeHyZJ6ftKjf +9lMhFbT++HLE0B21NbjKx2WutiQkqKbnW9He58RTIRNk/4nUT3kDajfP2e8Mzm+S +rvsL2ag+Zw+3cYjcuqixjfr6LlNUgMSipCalyWZeddUfmdmQwneJYBPxceii9Upi +sjyN4SJ1sLspg7tpsqsIKA1jcBJM7P4I5NLKIUg89DzmFOk+WlCJPQ1Nk3N//z0T +LLH7gaAkeudmQ0BHJOLFyn2Lr3CNYy3493CZRrpIfNEIO3t4Bf68DAmrfUO6san9 +Yr4sjJ1otkNKzEAlOmLiUpXoPW80GQIDAQABAoICABQRmrC6QMMLNwbz01mo56Qx +Cq3kFPaDDiFu9Yzl7zbQ9dQnvVZbWFmn3AiPxY6XTgrxiJMahDCROCh3jH0u6r26 +pzhYc8jK4Uo3UBpoE+bxaZe3MgQots0lRFI/2Trjug1r4XycmiXCD+pCgveaKhXH +91tbi4XjwcITQDMKF02NEn4KJOSgFJQO5wcYJzvEFLc0RiA0713WCzUWdTcj6PU6 +CfQDgwG1X1bSzvUPWhTe3qIzqFTnlNDIy/Khcu00J1RJefvX/pHvAdp98CMAur1C +8rNoz6bngBwqSkDZY9uRZEcOdXLDU1PzsAoFMs0ubfJQJL2ZwkGeIbSLgibE28L5 +5b1V1QpzPaMHeXvHwkfSAMJKi4DJjmcf3psbDi3YeOZlsmGbpMPY/PyC6qkz7IFu +e54o/8G2/chY6m3GgqxnHH6QAqdjwTC/2awM2FRrbfawP6TSwFDYSGb/wZLhsnU4 +plLms2OIt5Dy5vKvPsTXzbF9fHEqMhKgDDliOBfbI6oUldItMQ7VUF05G6/Z2sos +tKg6Ih4qZpTAHKyYfshsQnJoZ8N+kdsEzN6P4WWD2ccWBZZqKf15ZS5/1wvKOgoi +CAouSEKSgoCobQkbjI5mu6dwox0hCbd+8lF+brQLgJw1A3ZFsoDdGJzEhDZI+zWM +mrATaRqeRhcri4Bhmas9AoIBAQD2IAo2C+WJd01CQLLTvQiN5Kk5C3wezSLIzTMe +Lzj5qeeM7YXOC8PLgNdQyBcItDUXJok80TAlUcexsM2x8GoicyyEfzFttdlQfFra +eDhbjwa22ytG14qrDY3/9nPgsxY7AglymOgqdNqGfLvnYElJpoTlaWiKOOagpyGI +59//9doyU0iOYqpP8XoTaNPHM//592oG8JDrf+sK4nszjQhz9TWOsop7ErJPSGZI +y8DncNQGGF3yRIqyJ4ee/s1g5f8X7nJBxwB3gZwWGWpjI0ez9JXPXAWGeTl9P035 +0UIox6akg65KCJUkDER4MaBXMamRikOq1972O+iB4QVoNz6zAoIBAQC31PqHUkYP +soWosbrYjw4fz747zxVWi2jjW9rop7/DoIbcSMPCWmnG7uZOchJSQCpurBvcBndq +Y7WZ9ngbc/4SclPoYNwn/Y5imIikXKmv4PhTDQZ3R5d99qHGkBcb39TH1hpwJvRL +wLM/aNwxjEMqdmy2Ppk/S6qyMAqqI0hSd8fettRKcVdidxUtH6yQKCM86TZ/tF9q +r0D7UGE64RYWY36rYIBhWXV0Kr+Yvp8nMXshQtPdfFmINU0AHxjY5Hg+lPQzejub +rAZjjFCdE0M1iOqPWCMYJGsubf4pNeVhwyDQxGHotBeoVEf2UJgAZGDJyBVha9QH +4WP3TeF/zKgDAoIBAQCVp0uuKzOpj1H5y+8wUgumg3flyLby35ab9DF11A7Xt9ik +VzR54atuzOufIdrnnvN9HSBrS2Lz/jLnN3MLE/zk75UNB23doKn/h22S03CpM2FI +xCEfVSXq9jX2gjtZUGte+9EUzia00hKhnax/dot5bff2qk43ZXvOCXGZliwcrbe7 +y+odMZ8PNuwcaywCPvsRWcAtcg8cMs6O8sEoykNuhpXHK4aKaQbksEgJUWL9FxzE +jAJrsgOHagPLyHDGz3J5cbIljsQY5kUrJs8KcsRBhqGk0PZHGuS65Egcc4G/3A3W +kH7kYy2UGqVzU/GDsx3A8gpNEi9vF2Q7vMAV6ymDAoIBADpsOWKgRxveBJRkR5lj +fX2mrDKd0Y47qA35t0yRY2Rss+92QKCX014htpffsOrq8ZFSqVf3xiPNpH1V0z4G +UwzRwNDtV4puDr5O874opNT8jm72iMOHwSGLLEbKrE1ziVApPyW9e45Ho6/XR4OH +rCDmmg4hPtra1Vjj47/GjsmGv8KMIFO4SalFZzl8A3+dAfXtuCBF1r01DVXRadUo +i7h5zlvww1ws7iMJIvMMQdBW7WbYsjSFvH6JUftj5qWnln9tH17szdzfgvhIM6Z3 +5Lgy1zjPLfgSOu36jvfR5SB4vwkaIHOwKISapHQnkOcu/4OhTwozFqOaggaqfav8 +ArkCggEBAM+Rx6FPe+QR9wRWFrrpum9VAJcE0+XrHGgCFl3QXjlAfMRIsCzH0jNC +ll54kFUZI9ircEvXfJd5sd8EBITwsV6aFzV1UIIX/Wp1qzdR7u/AzmvG/8R7hCD6 +SiZCgK5nye5x9eM7oC71InyYYtqXErQMUUvCKBx8F14i0pqbQk6s6cjnZqAXHaoa +vC8Vu7ODqy5CnezrBatcOXdCpqLhStZPgSHlmYWGUZKZPtxPiAIU5lB2iq1YDLsh +rTAv/V8tfYxjm02psk+0SE5+FTgiITO3n8ZQOQ7/clA4asztwUbenyGv+qX+RAlp +GRuROj++HIUxkCf8fgVsxrWSmMDc8oc= +-----END PRIVATE KEY----- diff -Nru mariadb-11.8.6/mysql-test/std_data/upgrade/user-100625-utf8mb3.frm mariadb-11.8.8/mysql-test/std_data/upgrade/user-100625-utf8mb3.frm --- mariadb-11.8.6/mysql-test/std_data/upgrade/user-100625-utf8mb3.frm 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/std_data/upgrade/user-100625-utf8mb3.frm 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,16 @@ +TYPE=VIEW +query=select `mysql`.`global_priv`.`Host` AS `Host`,`mysql`.`global_priv`.`User` AS `User`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.plugin\') in (\'mysql_native_password\',\'mysql_old_password\'),ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.authentication_string\'),\'\'),\'\') AS `Password`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1,\'Y\',\'N\') AS `Select_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2,\'Y\',\'N\') AS `Insert_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4,\'Y\',\'N\') AS `Update_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8,\'Y\',\'N\') AS `Delete_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16,\'Y\',\'N\') AS `Create_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 32,\'Y\',\'N\') AS `Drop_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 64,\'Y\',\'N\') AS `Reload_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 128,\'Y\',\'N\') AS `Shutdown_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 256,\'Y\',\'N\') AS `Process_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 512,\'Y\',\'N\') AS `File_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1024,\'Y\',\'N\') AS `Grant_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2048,\'Y\',\'N\') AS `References_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4096,\'Y\',\'N\') AS `Index_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8192,\'Y\',\'N\') AS `Alter_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16384,\'Y\',\'N\') AS `Show_db_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 32768,\'Y\',\'N\') AS `Super_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 65536,\'Y\',\'N\') AS `Create_tmp_table_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 131072,\'Y\',\'N\') AS `Lock_tables_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 262144,\'Y\',\'N\') AS `Execute_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 524288,\'Y\',\'N\') AS `Repl_slave_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1048576,\'Y\',\'N\') AS `Repl_client_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2097152,\'Y\',\'N\') AS `Create_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4194304,\'Y\',\'N\') AS `Show_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8388608,\'Y\',\'N\') AS `Create_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16777216,\'Y\',\'N\') AS `Alter_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 33554432,\'Y\',\'N\') AS `Create_user_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 67108864,\'Y\',\'N\') AS `Event_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 134217728,\'Y\',\'N\') AS `Trigger_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 268435456,\'Y\',\'N\') AS `Create_tablespace_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 536870912,\'Y\',\'N\') AS `Delete_history_priv`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.ssl_type\'),0) + 1,\'\',\'ANY\',\'X509\',\'SPECIFIED\') AS `ssl_type`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.ssl_cipher\'),\'\') AS `ssl_cipher`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.x509_issuer\'),\'\') AS `x509_issuer`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.x509_subject\'),\'\') AS `x509_subject`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_questions\'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_updates\'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_connections\'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_user_connections\'),0) as signed) AS `max_user_connections`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.plugin\'),\'\') AS `plugin`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.authentication_string\'),\'\') AS `authentication_string`,if(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.password_last_changed\'),1) = 0,\'Y\',\'N\') AS `password_expired`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.is_role\'),0) + 1,\'N\',\'Y\') AS `is_role`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.default_role\'),\'\') AS `default_role`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_statement_time\'),0.0) as decimal(12,6)) AS `max_statement_time` from `mysql`.`global_priv` +md5=9e8063501afc8396f55d7c723632d5d8 +updatable=1 +algorithm=0 +definer_user=mariadb.sys +definer_host=localhost +suid=1 +with_check_option=0 +timestamp=0001769683779044792 +create-version=2 +source=SELECT\n Host,\n User,\n IF(JSON_VALUE(Priv, \'$.plugin\') IN (\'mysql_native_password\', \'mysql_old_password\'), IFNULL(JSON_VALUE(Priv, \'$.authentication_string\'), \'\'), \'\') AS Password,\n IF(JSON_VALUE(Priv, \'$.access\') & 1, \'Y\', \'N\') AS Select_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 2, \'Y\', \'N\') AS Insert_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 4, \'Y\', \'N\') AS Update_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 8, \'Y\', \'N\') AS Delete_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 16, \'Y\', \'N\') AS Create_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 32, \'Y\', \'N\') AS Drop_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 64, \'Y\', \'N\') AS Reload_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 128, \'Y\', \'N\') AS Shutdown_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 256, \'Y\', \'N\') AS Process_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 512, \'Y\', \'N\') AS File_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 1024, \'Y\', \'N\') AS Grant_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 2048, \'Y\', \'N\') AS References_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 4096, \'Y\', \'N\') AS Index_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 8192, \'Y\', \'N\') AS Alter_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 16384, \'Y\', \'N\') AS Show_db_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 32768, \'Y\', \'N\') AS Super_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 65536, \'Y\', \'N\') AS Create_tmp_table_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 131072, \'Y\', \'N\') AS Lock_tables_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 262144, \'Y\', \'N\') AS Execute_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 524288, \'Y\', \'N\') AS Repl_slave_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 1048576, \'Y\', \'N\') AS Repl_client_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 2097152, \'Y\', \'N\') AS Create_view_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 4194304, \'Y\', \'N\') AS Show_view_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 8388608, \'Y\', \'N\') AS Create_routine_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 16777216, \'Y\', \'N\') AS Alter_routine_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 33554432, \'Y\', \'N\') AS Create_user_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 67108864, \'Y\', \'N\') AS Event_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 134217728, \'Y\', \'N\') AS Trigger_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 268435456, \'Y\', \'N\') AS Create_tablespace_priv,\n IF(JSON_VALUE(Priv, \'$.access\') & 536870912, \'Y\', \'N\') AS Delete_history_priv,\n ELT(IFNULL(JSON_VALUE(Priv, \'$.ssl_type\'), 0) + 1, \'\', \'ANY\',\'X509\', \'SPECIFIED\') AS ssl_type,\n IFNULL(JSON_VALUE(Priv, \'$.ssl_cipher\'), \'\') AS ssl_cipher,\n IFNULL(JSON_VALUE(Priv, \'$.x509_issuer\'), \'\') AS x509_issuer,\n IFNULL(JSON_VALUE(Priv, \'$.x509_subject\'), \'\') AS x509_subject,\n CAST(IFNULL(JSON_VALUE(Priv, \'$.max_questions\'), 0) AS UNSIGNED) AS max_questions,\n CAST(IFNULL(JSON_VALUE(Priv, \'$.max_updates\'), 0) AS UNSIGNED) AS max_updates,\n CAST(IFNULL(JSON_VALUE(Priv, \'$.max_connections\'), 0) AS UNSIGNED) AS max_connections,\n CAST(IFNULL(JSON_VALUE(Priv, \'$.max_user_connections\'), 0) AS SIGNED) AS max_user_connections,\n IFNULL(JSON_VALUE(Priv, \'$.plugin\'), \'\') AS plugin,\n IFNULL(JSON_VALUE(Priv, \'$.authentication_string\'), \'\') AS authentication_string,\n IF(IFNULL(JSON_VALUE(Priv, \'$.password_last_changed\'), 1) = 0, \'Y\', \'N\') AS password_expired,\n ELT(IFNULL(JSON_VALUE(Priv, \'$.is_role\'), 0) + 1, \'N\', \'Y\') AS is_role,\n IFNULL(JSON_VALUE(Priv, \'$.default_role\'), \'\') AS default_role,\n CAST(IFNULL(JSON_VALUE(Priv, \'$.max_statement_time\'), 0.0) AS DECIMAL(12,6)) AS max_statement_time\n FROM global_priv; +client_cs_name=utf8mb3 +connection_cl_name=utf8mb3_general_ci +view_body_utf8=select `mysql`.`global_priv`.`Host` AS `Host`,`mysql`.`global_priv`.`User` AS `User`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.plugin\') in (\'mysql_native_password\',\'mysql_old_password\'),ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.authentication_string\'),\'\'),\'\') AS `Password`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1,\'Y\',\'N\') AS `Select_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2,\'Y\',\'N\') AS `Insert_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4,\'Y\',\'N\') AS `Update_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8,\'Y\',\'N\') AS `Delete_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16,\'Y\',\'N\') AS `Create_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 32,\'Y\',\'N\') AS `Drop_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 64,\'Y\',\'N\') AS `Reload_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 128,\'Y\',\'N\') AS `Shutdown_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 256,\'Y\',\'N\') AS `Process_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 512,\'Y\',\'N\') AS `File_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1024,\'Y\',\'N\') AS `Grant_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2048,\'Y\',\'N\') AS `References_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4096,\'Y\',\'N\') AS `Index_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8192,\'Y\',\'N\') AS `Alter_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16384,\'Y\',\'N\') AS `Show_db_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 32768,\'Y\',\'N\') AS `Super_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 65536,\'Y\',\'N\') AS `Create_tmp_table_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 131072,\'Y\',\'N\') AS `Lock_tables_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 262144,\'Y\',\'N\') AS `Execute_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 524288,\'Y\',\'N\') AS `Repl_slave_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 1048576,\'Y\',\'N\') AS `Repl_client_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 2097152,\'Y\',\'N\') AS `Create_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 4194304,\'Y\',\'N\') AS `Show_view_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 8388608,\'Y\',\'N\') AS `Create_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 16777216,\'Y\',\'N\') AS `Alter_routine_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 33554432,\'Y\',\'N\') AS `Create_user_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 67108864,\'Y\',\'N\') AS `Event_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 134217728,\'Y\',\'N\') AS `Trigger_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 268435456,\'Y\',\'N\') AS `Create_tablespace_priv`,if(json_value(`mysql`.`global_priv`.`Priv`,\'$.access\') & 536870912,\'Y\',\'N\') AS `Delete_history_priv`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.ssl_type\'),0) + 1,\'\',\'ANY\',\'X509\',\'SPECIFIED\') AS `ssl_type`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.ssl_cipher\'),\'\') AS `ssl_cipher`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.x509_issuer\'),\'\') AS `x509_issuer`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.x509_subject\'),\'\') AS `x509_subject`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_questions\'),0) as unsigned) AS `max_questions`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_updates\'),0) as unsigned) AS `max_updates`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_connections\'),0) as unsigned) AS `max_connections`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_user_connections\'),0) as signed) AS `max_user_connections`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.plugin\'),\'\') AS `plugin`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.authentication_string\'),\'\') AS `authentication_string`,if(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.password_last_changed\'),1) = 0,\'Y\',\'N\') AS `password_expired`,elt(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.is_role\'),0) + 1,\'N\',\'Y\') AS `is_role`,ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.default_role\'),\'\') AS `default_role`,cast(ifnull(json_value(`mysql`.`global_priv`.`Priv`,\'$.max_statement_time\'),0.0) as decimal(12,6)) AS `max_statement_time` from `mysql`.`global_priv` +mariadb-version=100625 diff -Nru mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_row_mix_innodb_myisam.result mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_row_mix_innodb_myisam.result --- mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_row_mix_innodb_myisam.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_row_mix_innodb_myisam.result 2026-05-24 09:58:31.000000000 +0000 @@ -363,6 +363,8 @@ CREATE TEMPORARY TABLE t2 (primary key (a)) engine=innodb select * from t1; ERROR 23000: Duplicate entry '1' for key 'PRIMARY' ROLLBACK; +Warnings: +Warning 1196 Some non-transactional changed tables couldn't be rolled back DROP TABLE IF EXISTS t2; Warnings: Note 1051 Unknown table 'test.t2' diff -Nru mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_show_binlog_events_session_variables.result mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_show_binlog_events_session_variables.result --- mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_show_binlog_events_session_variables.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_show_binlog_events_session_variables.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,9 @@ +reset master; +set foreign_key_checks= 0, sql_auto_is_null=1, check_constraint_checks=0, unique_checks=0; +create table t (a int, check(a>1), foreign key(a) references x (x)) engine=InnoDB as select 1 as a; +include/show_binlog_events.inc +Log_name Pos Event_type Server_id End_log_pos Info +master-bin.000001 # Gtid # # GTID #-#-# +master-bin.000001 # Query # # use `test`; set foreign_key_checks=0, sql_auto_is_null=1, unique_checks=0, check_constraint_checks=0; create table t (a int, check(a>1), foreign key(a) references x (x)) engine=InnoDB as select 1 as a +drop table t; +reset master; diff -Nru mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result --- mariadb-11.8.6/mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog/r/binlog_stm_mix_innodb_myisam.result 2026-05-24 09:58:31.000000000 +0000 @@ -329,6 +329,8 @@ CREATE TEMPORARY TABLE t2 (primary key (a)) engine=innodb select * from t1; ERROR 23000: Duplicate entry '1' for key 'PRIMARY' ROLLBACK; +Warnings: +Warning 1196 Some non-transactional changed tables couldn't be rolled back DROP TABLE IF EXISTS t2; Warnings: Note 1051 Unknown table 'test.t2' diff -Nru mariadb-11.8.6/mysql-test/suite/binlog/r/foreign_key.result mariadb-11.8.8/mysql-test/suite/binlog/r/foreign_key.result --- mariadb-11.8.6/mysql-test/suite/binlog/r/foreign_key.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog/r/foreign_key.result 2026-05-24 09:58:31.000000000 +0000 @@ -31,4 +31,4 @@ master-bin.000001 # Write_rows_v1 # # table_id: # flags: STMT_END_F master-bin.000001 # Xid # # COMMIT /* XID */ master-bin.000001 # Gtid # # GTID #-#-# -master-bin.000001 # Query # # use `test`; set foreign_key_checks=1; DROP TABLE `t1` /* generated by server */ +master-bin.000001 # Query # # use `test`; set foreign_key_checks=0; DROP TABLE `t1` /* generated by server */ diff -Nru mariadb-11.8.6/mysql-test/suite/binlog/t/binlog_show_binlog_events_session_variables.test mariadb-11.8.8/mysql-test/suite/binlog/t/binlog_show_binlog_events_session_variables.test --- mariadb-11.8.6/mysql-test/suite/binlog/t/binlog_show_binlog_events_session_variables.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog/t/binlog_show_binlog_events_session_variables.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,25 @@ +# ==== Purpose ==== +# +# Test verifies that reading binary log by using "SHOW BINLOG EVENTS" command +# from should correctly print the values of session variables such as +# foreign_key_checks, sql_auto_is_null, unique_checks etc +# +# ==== References ==== +# +# MDEV-29804 SHOW BINLOG EVENTS produces semantically/syntactically incorrect statements + + +--source include/have_log_bin.inc +--source include/have_innodb.inc +--source include/have_binlog_format_statement.inc + +reset master; + +set foreign_key_checks= 0, sql_auto_is_null=1, check_constraint_checks=0, unique_checks=0; +create table t (a int, check(a>1), foreign key(a) references x (x)) engine=InnoDB as select 1 as a; + +source include/show_binlog_events.inc; + +# Cleanup +drop table t; +reset master; diff -Nru mariadb-11.8.6/mysql-test/suite/binlog_encryption/rpl_typeconv.result mariadb-11.8.8/mysql-test/suite/binlog_encryption/rpl_typeconv.result --- mariadb-11.8.6/mysql-test/suite/binlog_encryption/rpl_typeconv.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/binlog_encryption/rpl_typeconv.result 2026-05-24 09:58:31.000000000 +0000 @@ -12,7 +12,7 @@ On_Slave LONGTEXT, Expected LONGTEXT, Compare INT, -Error TEXT); +Error INT2); SELECT @@global.slave_type_conversions; @@global.slave_type_conversions diff -Nru mariadb-11.8.6/mysql-test/suite/compat/oracle/r/func_to_char.result mariadb-11.8.8/mysql-test/suite/compat/oracle/r/func_to_char.result --- mariadb-11.8.6/mysql-test/suite/compat/oracle/r/func_to_char.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/compat/oracle/r/func_to_char.result 2026-05-24 09:58:31.000000000 +0000 @@ -447,6 +447,17 @@ SELECT TO_CHAR((STR_TO_DATE('2023-01-01', '%d-%m-%Y'), 'YYYY-MM-DD') ); ERROR HY000: Illegal parameter data type row for operation 'to_char' # +# MDEV-28136 MariaDB ASAN Unknown Crash in Item_func_to_char::parse_format_string +# +CREATE TABLE t1( a varchar(1)) ; +INSERT INTO t1 VALUES ('p'); +select to_char('2000-11-11', a) from t1; +to_char('2000-11-11', a) +NULL +Warnings: +Warning 3047 Invalid argument error: date format not recognized at p in function to_char. +drop table t1; +# # MDEV-36216 TO_CHAR FM format not recognized in SQL_MODE=Oracle # SET NAMES utf8mb3; diff -Nru mariadb-11.8.6/mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result mariadb-11.8.8/mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result --- mariadb-11.8.6/mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/compat/oracle/r/mysqldump_restore_func_qualified.result 2026-05-24 09:58:31.000000000 +0000 @@ -46,14 +46,14 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `a0`, - 1 AS `b0` */; + NULL AS `a0`, + NULL AS `b0` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a0`, - 1 AS `b0` */; + NULL AS `a0`, + NULL AS `b0` */; SET character_set_client = @saved_cs_client; /*!50001 DROP VIEW IF EXISTS `v1`*/; /*!50001 SET @saved_cs_client = @@character_set_client */; diff -Nru mariadb-11.8.6/mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result mariadb-11.8.8/mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result --- mariadb-11.8.6/mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/compat/oracle/r/sp-package-mysqldump.result 2026-05-24 09:58:31.000000000 +0000 @@ -60,7 +60,8 @@ AS BEGIN SELECT pkg1.f1(); -- a standalone routine calls a package routine -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -79,7 +80,8 @@ CREATE DEFINER="root"@"localhost" PACKAGE "pkg1" AS PROCEDURE p1; FUNCTION f1 RETURN INT; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -98,7 +100,8 @@ CREATE DEFINER="root"@"localhost" PACKAGE "pkg2" AS PROCEDURE p1; FUNCTION f1 RETURN INT; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -123,7 +126,8 @@ BEGIN RETURN 10; END; -END ;; +END +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/suite/compat/oracle/t/func_to_char.test mariadb-11.8.8/mysql-test/suite/compat/oracle/t/func_to_char.test --- mariadb-11.8.6/mysql-test/suite/compat/oracle/t/func_to_char.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/compat/oracle/t/func_to_char.test 2026-05-24 09:58:31.000000000 +0000 @@ -234,6 +234,14 @@ --error ER_ILLEGAL_PARAMETER_DATA_TYPE_FOR_OPERATION SELECT TO_CHAR((STR_TO_DATE('2023-01-01', '%d-%m-%Y'), 'YYYY-MM-DD') ); +--echo # +--echo # MDEV-28136 MariaDB ASAN Unknown Crash in Item_func_to_char::parse_format_string +--echo # + +CREATE TABLE t1( a varchar(1)) ; +INSERT INTO t1 VALUES ('p'); +select to_char('2000-11-11', a) from t1; +drop table t1; --echo # --echo # MDEV-36216 TO_CHAR FM format not recognized in SQL_MODE=Oracle diff -Nru mariadb-11.8.6/mysql-test/suite/encryption/t/innodb-first-page-read.opt mariadb-11.8.8/mysql-test/suite/encryption/t/innodb-first-page-read.opt --- mariadb-11.8.6/mysql-test/suite/encryption/t/innodb-first-page-read.opt 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/encryption/t/innodb-first-page-read.opt 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ ---innodb-encrypt-tables=ON ---innodb-encrypt-log=ON ---innodb-encryption-rotate-key-age=15 ---innodb-encryption-threads=4 ---innodb-tablespaces-encryption diff -Nru mariadb-11.8.6/mysql-test/suite/engines/iuds/r/insert_decimal.result mariadb-11.8.8/mysql-test/suite/engines/iuds/r/insert_decimal.result --- mariadb-11.8.6/mysql-test/suite/engines/iuds/r/insert_decimal.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/engines/iuds/r/insert_decimal.result 2026-05-24 09:58:31.000000000 +0000 @@ -1117,13 +1117,13 @@ -10000000000 0 10000000000 4 -11111111 0 -11111100 21 -111111112 0 -111111000 22 -0 0 -0 8 0 0 -0.1 13 0 0 0 26 0 0 0 29 0 0 0 32 0 0 0 33 0 0 0 7 +0 0 0 8 0 0 0 9 0 0 0.1 14 0 0 0.1 15 @@ -2019,13 +2019,13 @@ -111111111 0 -111111111.11 22 -9999999999 0 -1.7976931348623157e308 27 -9999999999 0 9999999999 4 -0 0 -0 8 0 0 -0.1 13 0 0 0 26 0 0 0 29 0 0 0 32 0 0 0 33 0 0 0 7 +0 0 0 8 0 0 0 9 0 0 0.1 14 0 0 0.1 15 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-22232.result mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-22232.result --- mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-22232.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-22232.result 2026-05-24 09:58:31.000000000 +0000 @@ -9,7 +9,7 @@ SET DEBUG_SYNC = 'now WAIT_FOR may_run'; TRUNCATE TABLE t1; connection con1; -Got one of the listed errors +ERROR 70100: Query execution was interrupted SET DEBUG_SYNC = 'RESET'; --- CTAS with non-empty result set --- INSERT INTO t1 VALUES (10), (20), (30); @@ -19,7 +19,7 @@ SET DEBUG_SYNC = 'now WAIT_FOR may_run'; TRUNCATE TABLE t1; connection con1; -Got one of the listed errors +ERROR 70100: Query execution was interrupted SET DEBUG_SYNC = 'RESET'; DROP TABLE t1; disconnect con1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-30418.result mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30418.result --- mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-30418.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30418.result 2026-05-24 09:58:31.000000000 +0000 @@ -2,7 +2,9 @@ connection node_1; connection node_1; connection node_2; +SET SESSION wsrep_sync_wait=0; connection node_2; +SET SESSION wsrep_sync_wait=0; select @@wsrep_slave_threads; @@wsrep_slave_threads 1 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-30612.result mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30612.result --- mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-30612.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-30612.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,11 @@ +connection node_2; +connection node_1; +CREATE TABLE t(a INT) ENGINE=INNODB; +PREPARE s FROM 'CREATE TRIGGER tr AFTER DELETE ON t FOR EACH ROW SET @a=1'; +EXECUTE s; +EXECUTE s; +ERROR HY000: Trigger 'test.tr' already exists +DROP TRIGGER tr; +DROP TABLE t; +disconnect node_2; +disconnect node_1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-39011.result mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39011.result --- mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-39011.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39011.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,23 @@ +connection node_2; +connection node_1; +connection node_1; +connection node_2; +connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3; +connection node_3; +RESET MASTER; +connection node_2; +SET GLOBAL DEBUG_DBUG = "+d,delay_sql_thread_after_release_run_lock"; +START SLAVE; +SET DEBUG_SYNC = "now WAIT_FOR sql_thread_run_lock_released"; +SET GLOBAL DEBUG_DBUG = "+d,wsrep_async_slave_node_dropped_error"; +SET DEBUG_SYNC = "now SIGNAL sql_thread_continue"; +SET DEBUG_SYNC = "now WAIT_FOR sql_thread_run_lock_released"; +SET GLOBAL DEBUG_DBUG = "-d,wsrep_async_slave_node_dropped_error"; +SET DEBUG_SYNC = "now SIGNAL sql_thread_continue"; +SET DEBUG_SYNC = "RESET"; +SET GLOBAL DEBUG_DBUG = ""; +STOP SLAVE; +RESET SLAVE; +connection node_3; +RESET MASTER; +disconnect node_3; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-39685.result mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39685.result --- mariadb-11.8.6/mysql-test/suite/galera/r/MDEV-39685.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/MDEV-39685.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,13 @@ +connection node_2; +connection node_1; +CREATE TABLE t1 ( +pk int PRIMARY KEY, +c varchar(8), +i int +) ENGINE=InnoDB; +CREATE TABLE t2 (f int) ENGINE=InnoDB; +CREATE TABLE t3 (x int, +FOREIGN KEY (x) REFERENCES t1 (pk) +) ENGINE=InnoDB; +UPDATE t1 JOIN t2 ON t1.i = t2.f SET t1.c = 'foo'; +DROP TABLE t3, t2, t1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_fk_truncate.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_fk_truncate.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_fk_truncate.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_fk_truncate.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,5 +1,12 @@ connection node_2; connection node_1; +connection node_1; +set global auto_increment_offset=1; +set global auto_increment_increment=2; +connection node_2; +set global auto_increment_offset=2; +set global auto_increment_increment=2; +connection node_1; CREATE TABLE author ( id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100) NOT NULL @@ -45,3 +52,6 @@ SELECT * FROM book; id title author_id DROP TABLE book, author; +set global auto_increment_increment=2; +connection node_2; +set global auto_increment_offset=2; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_galera_info.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_galera_info.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_galera_info.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_galera_info.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,17 @@ +connection node_2; +connection node_1; +connection node_1; +CREATE TABLE t1(id int not null primary key auto_increment, b int) ENGINE=InnoDB; +INSERT INTO t1(b) SELECT * from seq_1_to_100; +INSERT INTO t1(b) SELECT * from seq_1_to_100; +INSERT INTO t1(b) SELECT * from seq_1_to_100; +connect node_1a, 127.0.0.1, root, , test, $NODE_MYPORT_1; +connection node_1a; +# Execute mysqldump using new galera-info parameter +# Confirm that desired output is done +include/assert_grep.inc [wsrep_start_position] +connection node_1; +DROP TABLE t1; +disconnect node_1a; +disconnect node_2; +disconnect node_1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_max_ws_rows.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_max_ws_rows.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_max_ws_rows.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_max_ws_rows.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,112 @@ +connection node_2; +connection node_1; +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1 SET t1.a=t1.a * 2; +UPDATE ti AS t1 SET t1.a=t1.a * 2; +UPDATE tm AS t1 SET t1.a=t1.a * 2; +UPDATE ti AS t1 SET t1.a=t1.a * 2; +ERROR HY000: Some non-transactional changed tables couldn't be rolled back +SHOW WARNINGS; +Level Code Message +Error 1196 Some non-transactional changed tables couldn't be rolled back +Error 1180 wsrep_max_ws_rows exceeded +Error 1030 Got error 1180 "Unknown error 1180" from storage engine InnoDB +COMMIT; +SELECT * FROM ti; +a b id +SELECT * from tm; +a b +8 NULL +DROP TABLE ti,tm; +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +SET sql_mode=only_full_group_by; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +ERROR HY000: Galera replication not supported +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +ERROR HY000: Galera replication not supported +COMMIT; +SELECT * FROM ti; +a b id +1 2 4 +SELECT * from tm; +a b +2 NULL +DROP TABLE ti,tm; +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +SET sql_mode=only_full_group_by; +INSERT INTO ti VALUES (1,2,4); +SET GLOBAL wsrep_max_ws_rows=2; +ERROR HY000: WSREP transaction is active +set GLOBAL wsrep_max_ws_size=2047; +ERROR HY000: WSREP transaction is active +COMMIT; +SELECT * FROM ti; +a b id +1 2 4 +SELECT * from tm; +a b +2 NULL +DROP TABLE ti,tm; +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=InnoDB; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +ERROR HY000: wsrep_max_ws_rows exceeded +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +COMMIT; +SELECT * FROM ti; +a b id +SELECT * from tm; +a b +DROP TABLE ti,tm; +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=0; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +COMMIT; +SELECT * FROM ti; +a b id +4 2 4 +SELECT * from tm; +a b +8 NULL +DROP TABLE ti,tm; +CREATE TABLE t1 (col INT); +INSERT INTO t1 VALUES (0xF4AB); +CREATE TEMPORARY TABLE t1 (c1 INT) ENGINE=mrg_myisam UNION=(t1) insert_method=FIRST; +SET GLOBAL wsrep_max_ws_rows=1; +DROP TABLES t1; +INSERT INTO t1 VALUES (6373); +CREATE TABLE t2 ENGINE=heap SELECT * FROM t1; +DROP TABLE t1, t2; +SET default_storage_engine="HEAP"; +CREATE TABLE t1 (f1 BIGINT); +SET GLOBAL wsrep_max_ws_rows = 1; +INSERT INTO t1 VALUES (NOW()),(NOW()),(NOW()); +SELECT COUNT(*) AS EXPECT_3 FROM t1; +EXPECT_3 +3 +DROP TABLE t1; +CREATE TABLE t1 (i INT) ENGINE=MyISAM DEFAULT CHARSET=utf8 SELECT 1 as i; +DROP TABLE t1; +SET GLOBAL wsrep_max_ws_rows=0; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key_server.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key_server.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key_server.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mariabackup_encrypt_with_key_server.result 2026-05-24 09:58:31.000000000 +0000 @@ -3,4 +3,26 @@ SELECT 1; 1 1 -include/assert_grep.inc [Using openssl based encryption with socat] +FOUND 1 /Using openssl based encryption with socat: with key and crt/ in mysqld.1.err +# +# MDEV-39413 wsrep unsafe handling of parameters +# +call mtr.add_suppression('Invalid value for WSREP_SST_OPT_REMOTE_USER'); +call mtr.add_suppression('Failed to read from: wsrep_sst_mariabackup'); +call mtr.add_suppression('Process completed with error: wsrep_sst_mariabackup'); +call mtr.add_suppression('Command did not run: wsrep_sst_mariabackup'); +call mtr.add_suppression('State transfer to .* failed'); +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Error while getting data from donor node'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('Removing .*/xtrabackup_galera_info file due to signal'); +connection node_2; +# force SST again +# using a cert with shell-unsafe CN +# start the server +# the server failed to start +FOUND 1 /Invalid value for WSREP_SST_OPT_REMOTE_USER/ in mysqld.1.err +# cleanup +# restart +connection node_2; +call mtr.add_suppression("Removing"); diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump,debug.rdiff mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump,debug.rdiff --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump,debug.rdiff 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump,debug.rdiff 1970-01-01 00:00:00.000000000 +0000 @@ -1,193 +0,0 @@ ---- r/galera_sst_mysqldump.result -+++ r/galera_sst_mysqldump,debug.reject -@@ -698,6 +698,190 @@ - 1 - DROP TABLE t1; - COMMIT; -+Performing State Transfer on a server that has been killed and restarted -+while a DDL was in progress on it -+connection node_1; -+CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 VALUES (1,'node1_committed_before'); -+INSERT INTO t1 VALUES (2,'node1_committed_before'); -+INSERT INTO t1 VALUES (3,'node1_committed_before'); -+INSERT INTO t1 VALUES (4,'node1_committed_before'); -+INSERT INTO t1 VALUES (5,'node1_committed_before'); -+connection node_2; -+START TRANSACTION; -+INSERT INTO t1 VALUES (6,'node2_committed_before'); -+INSERT INTO t1 VALUES (7,'node2_committed_before'); -+INSERT INTO t1 VALUES (8,'node2_committed_before'); -+INSERT INTO t1 VALUES (9,'node2_committed_before'); -+INSERT INTO t1 VALUES (10,'node2_committed_before'); -+COMMIT; -+SET GLOBAL debug_dbug = 'd,sync.alter_opened_table'; -+connection node_1; -+ALTER TABLE t1 ADD COLUMN f2 INTEGER; -+connection node_2; -+SET wsrep_sync_wait = 0; -+Killing server ... -+connection node_1; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during'); -+COMMIT; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after'); -+connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after'); -+connection node_2; -+Performing --wsrep-recover ... -+connection node_2; -+Starting server ... -+Using --wsrep-start-position when starting mysqld ... -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after'); -+COMMIT; -+connection node_1; -+INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after'); -+COMMIT; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after'); -+COMMIT; -+connection node_1a_galera_st_kill_slave_ddl; -+INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after'); -+ROLLBACK; -+SET AUTOCOMMIT=ON; -+SET SESSION wsrep_sync_wait=15; -+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; -+EXPECT_3 -+3 -+SELECT COUNT(*) AS EXPECT_35 FROM t1; -+EXPECT_35 -+35 -+SELECT * FROM t1; -+id f1 f2 -+1 node1_committed_before NULL -+2 node1_committed_before NULL -+3 node1_committed_before NULL -+4 node1_committed_before NULL -+5 node1_committed_before NULL -+6 node2_committed_before NULL -+7 node2_committed_before NULL -+8 node2_committed_before NULL -+9 node2_committed_before NULL -+10 node2_committed_before NULL -+11 node1_committed_during NULL -+12 node1_committed_during NULL -+13 node1_committed_during NULL -+14 node1_committed_during NULL -+15 node1_committed_during NULL -+16 node1_to_be_committed_after NULL -+17 node1_to_be_committed_after NULL -+18 node1_to_be_committed_after NULL -+19 node1_to_be_committed_after NULL -+20 node1_to_be_committed_after NULL -+26 node2_committed_after NULL -+27 node2_committed_after NULL -+28 node2_committed_after NULL -+29 node2_committed_after NULL -+30 node2_committed_after NULL -+31 node1_to_be_committed_after NULL -+32 node1_to_be_committed_after NULL -+33 node1_to_be_committed_after NULL -+34 node1_to_be_committed_after NULL -+35 node1_to_be_committed_after NULL -+36 node1_committed_after NULL -+37 node1_committed_after NULL -+38 node1_committed_after NULL -+39 node1_committed_after NULL -+40 node1_committed_after NULL -+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; -+COUNT(*) = 0 -+1 -+COMMIT; -+connection node_1; -+SET AUTOCOMMIT=ON; -+SET SESSION wsrep_sync_wait=15; -+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; -+EXPECT_3 -+3 -+SELECT COUNT(*) AS EXPECT_35 FROM t1; -+EXPECT_35 -+35 -+SELECT * FROM t1; -+id f1 f2 -+1 node1_committed_before NULL -+2 node1_committed_before NULL -+3 node1_committed_before NULL -+4 node1_committed_before NULL -+5 node1_committed_before NULL -+6 node2_committed_before NULL -+7 node2_committed_before NULL -+8 node2_committed_before NULL -+9 node2_committed_before NULL -+10 node2_committed_before NULL -+11 node1_committed_during NULL -+12 node1_committed_during NULL -+13 node1_committed_during NULL -+14 node1_committed_during NULL -+15 node1_committed_during NULL -+16 node1_to_be_committed_after NULL -+17 node1_to_be_committed_after NULL -+18 node1_to_be_committed_after NULL -+19 node1_to_be_committed_after NULL -+20 node1_to_be_committed_after NULL -+26 node2_committed_after NULL -+27 node2_committed_after NULL -+28 node2_committed_after NULL -+29 node2_committed_after NULL -+30 node2_committed_after NULL -+31 node1_to_be_committed_after NULL -+32 node1_to_be_committed_after NULL -+33 node1_to_be_committed_after NULL -+34 node1_to_be_committed_after NULL -+35 node1_to_be_committed_after NULL -+36 node1_committed_after NULL -+37 node1_committed_after NULL -+38 node1_committed_after NULL -+39 node1_committed_after NULL -+40 node1_committed_after NULL -+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; -+COUNT(*) = 0 -+1 -+DROP TABLE t1; -+COMMIT; -+SET GLOBAL debug_dbug = $debug_orig; - connection node_1; - CALL mtr.add_suppression("Slave SQL: Error 'The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement' on query"); - DROP USER sst; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump_debug.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_debug.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump_debug.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_debug.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,381 @@ +connection node_2; +connection node_1; +Setting SST method to mysqldump ... +call mtr.add_suppression("WSREP: wsrep_sst_method is set to 'mysqldump' yet mysqld bind_address is set to '127\\.0\\.0\\.1'"); +call mtr.add_suppression("Failed to load slave replication state from table mysql\\.gtid_slave_pos"); +connection node_1; +CREATE USER 'sst'; +GRANT ALL PRIVILEGES ON *.* TO 'sst'; +SET GLOBAL wsrep_sst_auth = 'sst:'; +connection node_2; +SET GLOBAL wsrep_sst_method = 'mysqldump'; +connection node_1; +connection node_2; +Performing State Transfer on a server that has been temporarily disconnected +connection node_1; +CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (1,'node1_committed_before'); +INSERT INTO t1 VALUES (2,'node1_committed_before'); +INSERT INTO t1 VALUES (3,'node1_committed_before'); +INSERT INTO t1 VALUES (4,'node1_committed_before'); +INSERT INTO t1 VALUES (5,'node1_committed_before'); +COMMIT; +connection node_2; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (6,'node2_committed_before'); +INSERT INTO t1 VALUES (7,'node2_committed_before'); +INSERT INTO t1 VALUES (8,'node2_committed_before'); +INSERT INTO t1 VALUES (9,'node2_committed_before'); +INSERT INTO t1 VALUES (10,'node2_committed_before'); +COMMIT; +Unloading wsrep provider ... +SET GLOBAL wsrep_cluster_address = ''; +connection node_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (11,'node1_committed_during'); +INSERT INTO t1 VALUES (12,'node1_committed_during'); +INSERT INTO t1 VALUES (13,'node1_committed_during'); +INSERT INTO t1 VALUES (14,'node1_committed_during'); +INSERT INTO t1 VALUES (15,'node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 VALUES (16,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (17,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (18,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (19,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (20,'node1_to_be_committed_after'); +connect node_1a_galera_st_disconnect_slave, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (21,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (22,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (23,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (24,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (25,'node1_to_be_rollbacked_after'); +connection node_2; +Loading wsrep provider ... +disconnect node_2; +connect node_2, 127.0.0.1, root, , test, $NODE_MYPORT_2; +connection node_2; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (26,'node2_committed_after'); +INSERT INTO t1 VALUES (27,'node2_committed_after'); +INSERT INTO t1 VALUES (28,'node2_committed_after'); +INSERT INTO t1 VALUES (29,'node2_committed_after'); +INSERT INTO t1 VALUES (30,'node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 VALUES (31,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (32,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (33,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (34,'node1_to_be_committed_after'); +INSERT INTO t1 VALUES (35,'node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (36,'node1_committed_after'); +INSERT INTO t1 VALUES (37,'node1_committed_after'); +INSERT INTO t1 VALUES (38,'node1_committed_after'); +INSERT INTO t1 VALUES (39,'node1_committed_after'); +INSERT INTO t1 VALUES (40,'node1_committed_after'); +COMMIT; +connection node_1a_galera_st_disconnect_slave; +INSERT INTO t1 VALUES (41,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (42,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (43,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (44,'node1_to_be_rollbacked_after'); +INSERT INTO t1 VALUES (45,'node1_to_be_rollbacked_after'); +ROLLBACK; +SET AUTOCOMMIT=ON; +SET SESSION wsrep_sync_wait=15; +SELECT COUNT(*) AS EXPECT_35 FROM t1; +EXPECT_35 +35 +SELECT * FROM t1; +id f1 +1 node1_committed_before +2 node1_committed_before +3 node1_committed_before +4 node1_committed_before +5 node1_committed_before +6 node2_committed_before +7 node2_committed_before +8 node2_committed_before +9 node2_committed_before +10 node2_committed_before +11 node1_committed_during +12 node1_committed_during +13 node1_committed_during +14 node1_committed_during +15 node1_committed_during +16 node1_to_be_committed_after +17 node1_to_be_committed_after +18 node1_to_be_committed_after +19 node1_to_be_committed_after +20 node1_to_be_committed_after +26 node2_committed_after +27 node2_committed_after +28 node2_committed_after +29 node2_committed_after +30 node2_committed_after +31 node1_to_be_committed_after +32 node1_to_be_committed_after +33 node1_to_be_committed_after +34 node1_to_be_committed_after +35 node1_to_be_committed_after +36 node1_committed_after +37 node1_committed_after +38 node1_committed_after +39 node1_committed_after +40 node1_committed_after +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +connection node_1; +SET AUTOCOMMIT=ON; +SET SESSION wsrep_sync_wait=15; +SELECT COUNT(*) AS EXPECT_35 FROM t1; +EXPECT_35 +35 +SELECT * FROM t1; +id f1 +1 node1_committed_before +2 node1_committed_before +3 node1_committed_before +4 node1_committed_before +5 node1_committed_before +6 node2_committed_before +7 node2_committed_before +8 node2_committed_before +9 node2_committed_before +10 node2_committed_before +11 node1_committed_during +12 node1_committed_during +13 node1_committed_during +14 node1_committed_during +15 node1_committed_during +16 node1_to_be_committed_after +17 node1_to_be_committed_after +18 node1_to_be_committed_after +19 node1_to_be_committed_after +20 node1_to_be_committed_after +26 node2_committed_after +27 node2_committed_after +28 node2_committed_after +29 node2_committed_after +30 node2_committed_after +31 node1_to_be_committed_after +32 node1_to_be_committed_after +33 node1_to_be_committed_after +34 node1_to_be_committed_after +35 node1_to_be_committed_after +36 node1_committed_after +37 node1_committed_after +38 node1_committed_after +39 node1_committed_after +40 node1_committed_after +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +Performing State Transfer on a server that has been killed and restarted +while a DDL was in progress on it +connection node_1; +CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 VALUES (1,'node1_committed_before'); +INSERT INTO t1 VALUES (2,'node1_committed_before'); +INSERT INTO t1 VALUES (3,'node1_committed_before'); +INSERT INTO t1 VALUES (4,'node1_committed_before'); +INSERT INTO t1 VALUES (5,'node1_committed_before'); +connection node_2; +START TRANSACTION; +INSERT INTO t1 VALUES (6,'node2_committed_before'); +INSERT INTO t1 VALUES (7,'node2_committed_before'); +INSERT INTO t1 VALUES (8,'node2_committed_before'); +INSERT INTO t1 VALUES (9,'node2_committed_before'); +INSERT INTO t1 VALUES (10,'node2_committed_before'); +COMMIT; +SET GLOBAL debug_dbug = 'd,sync.alter_opened_table'; +connection node_1; +ALTER TABLE t1 ADD COLUMN f2 INTEGER; +connection node_2; +SET wsrep_sync_wait = 0; +Killing server ... +connection node_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during'); +INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during'); +INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during'); +INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during'); +INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during'); +COMMIT; +START TRANSACTION; +INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after'); +connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after'); +connection node_2; +Performing --wsrep-recover ... +connection node_2; +Starting server ... +Using --wsrep-start-position when starting mysqld ... +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after'); +INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after'); +INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after'); +INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after'); +INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after'); +COMMIT; +connection node_1; +INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after'); +INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after'); +COMMIT; +SET AUTOCOMMIT=OFF; +START TRANSACTION; +INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after'); +INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after'); +INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after'); +INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after'); +INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after'); +COMMIT; +connection node_1a_galera_st_kill_slave_ddl; +INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after'); +INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after'); +ROLLBACK; +SET AUTOCOMMIT=ON; +SET SESSION wsrep_sync_wait=15; +SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; +EXPECT_3 +3 +SELECT COUNT(*) AS EXPECT_35 FROM t1; +EXPECT_35 +35 +SELECT * FROM t1; +id f1 f2 +1 node1_committed_before NULL +2 node1_committed_before NULL +3 node1_committed_before NULL +4 node1_committed_before NULL +5 node1_committed_before NULL +6 node2_committed_before NULL +7 node2_committed_before NULL +8 node2_committed_before NULL +9 node2_committed_before NULL +10 node2_committed_before NULL +11 node1_committed_during NULL +12 node1_committed_during NULL +13 node1_committed_during NULL +14 node1_committed_during NULL +15 node1_committed_during NULL +16 node1_to_be_committed_after NULL +17 node1_to_be_committed_after NULL +18 node1_to_be_committed_after NULL +19 node1_to_be_committed_after NULL +20 node1_to_be_committed_after NULL +26 node2_committed_after NULL +27 node2_committed_after NULL +28 node2_committed_after NULL +29 node2_committed_after NULL +30 node2_committed_after NULL +31 node1_to_be_committed_after NULL +32 node1_to_be_committed_after NULL +33 node1_to_be_committed_after NULL +34 node1_to_be_committed_after NULL +35 node1_to_be_committed_after NULL +36 node1_committed_after NULL +37 node1_committed_after NULL +38 node1_committed_after NULL +39 node1_committed_after NULL +40 node1_committed_after NULL +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +COMMIT; +connection node_1; +SET AUTOCOMMIT=ON; +SET SESSION wsrep_sync_wait=15; +SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; +EXPECT_3 +3 +SELECT COUNT(*) AS EXPECT_35 FROM t1; +EXPECT_35 +35 +SELECT * FROM t1; +id f1 f2 +1 node1_committed_before NULL +2 node1_committed_before NULL +3 node1_committed_before NULL +4 node1_committed_before NULL +5 node1_committed_before NULL +6 node2_committed_before NULL +7 node2_committed_before NULL +8 node2_committed_before NULL +9 node2_committed_before NULL +10 node2_committed_before NULL +11 node1_committed_during NULL +12 node1_committed_during NULL +13 node1_committed_during NULL +14 node1_committed_during NULL +15 node1_committed_during NULL +16 node1_to_be_committed_after NULL +17 node1_to_be_committed_after NULL +18 node1_to_be_committed_after NULL +19 node1_to_be_committed_after NULL +20 node1_to_be_committed_after NULL +26 node2_committed_after NULL +27 node2_committed_after NULL +28 node2_committed_after NULL +29 node2_committed_after NULL +30 node2_committed_after NULL +31 node1_to_be_committed_after NULL +32 node1_to_be_committed_after NULL +33 node1_to_be_committed_after NULL +34 node1_to_be_committed_after NULL +35 node1_to_be_committed_after NULL +36 node1_committed_after NULL +37 node1_committed_after NULL +38 node1_committed_after NULL +39 node1_committed_after NULL +40 node1_committed_after NULL +SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; +COUNT(*) = 0 +1 +DROP TABLE t1; +COMMIT; +SET GLOBAL debug_dbug = $debug_orig; +connection node_1; +CALL mtr.add_suppression("Slave SQL: Error 'The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement' on query"); +DROP USER sst; +connection node_2; +CALL mtr.add_suppression("Slave SQL: Error 'The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement' on query"); +CALL mtr.add_suppression("InnoDB: Error: Table \"mysql\"\\.\"innodb_index_stats\" not found"); +CALL mtr.add_suppression("Can't open and lock time zone table"); +CALL mtr.add_suppression("Can't open and lock privilege tables"); +CALL mtr.add_suppression("Info table is not ready to be used"); +CALL mtr.add_suppression("Native table .* has the wrong structure"); +CALL mtr.add_suppression("Table 'mysql\\.gtid_slave_pos' doesn't exist"); diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump_with_key,debug.rdiff mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_with_key,debug.rdiff --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_mysqldump_with_key,debug.rdiff 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_mysqldump_with_key,debug.rdiff 1970-01-01 00:00:00.000000000 +0000 @@ -1,193 +0,0 @@ ---- r/galera_sst_mysqldump_with_key.result -+++ r/galera_sst_mysqldump_with_key,debug.reject -@@ -358,6 +358,190 @@ - 1 - DROP TABLE t1; - COMMIT; -+Performing State Transfer on a server that has been killed and restarted -+while a DDL was in progress on it -+connection node_1; -+CREATE TABLE t1 (id int not null primary key,f1 CHAR(255)) ENGINE=InnoDB; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 VALUES (1,'node1_committed_before'); -+INSERT INTO t1 VALUES (2,'node1_committed_before'); -+INSERT INTO t1 VALUES (3,'node1_committed_before'); -+INSERT INTO t1 VALUES (4,'node1_committed_before'); -+INSERT INTO t1 VALUES (5,'node1_committed_before'); -+connection node_2; -+START TRANSACTION; -+INSERT INTO t1 VALUES (6,'node2_committed_before'); -+INSERT INTO t1 VALUES (7,'node2_committed_before'); -+INSERT INTO t1 VALUES (8,'node2_committed_before'); -+INSERT INTO t1 VALUES (9,'node2_committed_before'); -+INSERT INTO t1 VALUES (10,'node2_committed_before'); -+COMMIT; -+SET GLOBAL debug_dbug = 'd,sync.alter_opened_table'; -+connection node_1; -+ALTER TABLE t1 ADD COLUMN f2 INTEGER; -+connection node_2; -+SET wsrep_sync_wait = 0; -+Killing server ... -+connection node_1; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (11,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (12,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (13,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (14,'node1_committed_during'); -+INSERT INTO t1 (id,f1) VALUES (15,'node1_committed_during'); -+COMMIT; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (16,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (17,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (18,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (19,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (20,'node1_to_be_committed_after'); -+connect node_1a_galera_st_kill_slave_ddl, 127.0.0.1, root, , test, $NODE_MYPORT_1; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (21,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (22,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (23,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (24,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (25,'node1_to_be_rollbacked_after'); -+connection node_2; -+Performing --wsrep-recover ... -+connection node_2; -+Starting server ... -+Using --wsrep-start-position when starting mysqld ... -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (26,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (27,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (28,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (29,'node2_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (30,'node2_committed_after'); -+COMMIT; -+connection node_1; -+INSERT INTO t1 (id,f1) VALUES (31,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (32,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (33,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (34,'node1_to_be_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (35,'node1_to_be_committed_after'); -+COMMIT; -+SET AUTOCOMMIT=OFF; -+START TRANSACTION; -+INSERT INTO t1 (id,f1) VALUES (36,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (37,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (38,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (39,'node1_committed_after'); -+INSERT INTO t1 (id,f1) VALUES (40,'node1_committed_after'); -+COMMIT; -+connection node_1a_galera_st_kill_slave_ddl; -+INSERT INTO t1 (id,f1) VALUES (41,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (42,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (43,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (44,'node1_to_be_rollbacked_after'); -+INSERT INTO t1 (id,f1) VALUES (45,'node1_to_be_rollbacked_after'); -+ROLLBACK; -+SET AUTOCOMMIT=ON; -+SET SESSION wsrep_sync_wait=15; -+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; -+EXPECT_3 -+3 -+SELECT COUNT(*) AS EXPECT_35 FROM t1; -+EXPECT_35 -+35 -+SELECT * FROM t1; -+id f1 f2 -+1 node1_committed_before NULL -+2 node1_committed_before NULL -+3 node1_committed_before NULL -+4 node1_committed_before NULL -+5 node1_committed_before NULL -+6 node2_committed_before NULL -+7 node2_committed_before NULL -+8 node2_committed_before NULL -+9 node2_committed_before NULL -+10 node2_committed_before NULL -+11 node1_committed_during NULL -+12 node1_committed_during NULL -+13 node1_committed_during NULL -+14 node1_committed_during NULL -+15 node1_committed_during NULL -+16 node1_to_be_committed_after NULL -+17 node1_to_be_committed_after NULL -+18 node1_to_be_committed_after NULL -+19 node1_to_be_committed_after NULL -+20 node1_to_be_committed_after NULL -+26 node2_committed_after NULL -+27 node2_committed_after NULL -+28 node2_committed_after NULL -+29 node2_committed_after NULL -+30 node2_committed_after NULL -+31 node1_to_be_committed_after NULL -+32 node1_to_be_committed_after NULL -+33 node1_to_be_committed_after NULL -+34 node1_to_be_committed_after NULL -+35 node1_to_be_committed_after NULL -+36 node1_committed_after NULL -+37 node1_committed_after NULL -+38 node1_committed_after NULL -+39 node1_committed_after NULL -+40 node1_committed_after NULL -+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; -+COUNT(*) = 0 -+1 -+COMMIT; -+connection node_1; -+SET AUTOCOMMIT=ON; -+SET SESSION wsrep_sync_wait=15; -+SELECT COUNT(*) AS EXPECT_3 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 't1'; -+EXPECT_3 -+3 -+SELECT COUNT(*) AS EXPECT_35 FROM t1; -+EXPECT_35 -+35 -+SELECT * FROM t1; -+id f1 f2 -+1 node1_committed_before NULL -+2 node1_committed_before NULL -+3 node1_committed_before NULL -+4 node1_committed_before NULL -+5 node1_committed_before NULL -+6 node2_committed_before NULL -+7 node2_committed_before NULL -+8 node2_committed_before NULL -+9 node2_committed_before NULL -+10 node2_committed_before NULL -+11 node1_committed_during NULL -+12 node1_committed_during NULL -+13 node1_committed_during NULL -+14 node1_committed_during NULL -+15 node1_committed_during NULL -+16 node1_to_be_committed_after NULL -+17 node1_to_be_committed_after NULL -+18 node1_to_be_committed_after NULL -+19 node1_to_be_committed_after NULL -+20 node1_to_be_committed_after NULL -+26 node2_committed_after NULL -+27 node2_committed_after NULL -+28 node2_committed_after NULL -+29 node2_committed_after NULL -+30 node2_committed_after NULL -+31 node1_to_be_committed_after NULL -+32 node1_to_be_committed_after NULL -+33 node1_to_be_committed_after NULL -+34 node1_to_be_committed_after NULL -+35 node1_to_be_committed_after NULL -+36 node1_committed_after NULL -+37 node1_committed_after NULL -+38 node1_committed_after NULL -+39 node1_committed_after NULL -+40 node1_committed_after NULL -+SELECT COUNT(*) = 0 FROM (SELECT COUNT(*) AS c, f1 FROM t1 GROUP BY f1 HAVING c NOT IN (5, 10)) AS a1; -+COUNT(*) = 0 -+1 -+DROP TABLE t1; -+COMMIT; -+SET GLOBAL debug_dbug = $debug_orig; - connection node_1; - CALL mtr.add_suppression("Slave SQL: Error 'The MariaDB server is running with the --skip-grant-tables option so it cannot execute this statement' on query"); - DROP USER sst; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key_server.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key_server.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key_server.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_sst_rsync_encrypt_with_key_server.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,27 @@ +connection node_2; +connection node_1; +SELECT 1; +1 +1 +connection node_2; +FOUND 1 /wsrep_sst_rsync/ in mysqld.1.err +connection node_1; +call mtr.add_suppression('Invalid value for WSREP_SST_OPT_REMOTE_USER'); +call mtr.add_suppression('Failed to read from: wsrep_sst_rsync'); +call mtr.add_suppression('Process completed with error: wsrep_sst_rsync'); +call mtr.add_suppression('Command did not run: wsrep_sst_rsync'); +call mtr.add_suppression('State transfer to .* failed'); +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Error while getting data from donor node'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('Removing .*/sst_in_progress'); +call mtr.add_suppression('Parent mysqld process .* terminated unexpectedly'); +connection node_2; +connection node_1; +FOUND 1 /Invalid value for WSREP_SST_OPT_REMOTE_USER/ in mysqld.1.err +connection node_2; +# restart +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Parent mysqld process .* terminated unexpectedly'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('State transfer to .* failed'); diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_max_ws_rows.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_max_ws_rows.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_max_ws_rows.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_max_ws_rows.result 2026-05-24 09:58:31.000000000 +0000 @@ -125,6 +125,7 @@ SET GLOBAL wsrep_max_ws_rows= DEFAULT; INSERT INTO t1 VALUES(1); INSERT INTO t1 SELECT * FROM t1; +COMMIT; SET GLOBAL wsrep_max_ws_rows= 1; ALTER TABLE t1 CHANGE COLUMN c1 c1 BIGINT; connection node_2; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_donor.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_donor.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_donor.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_donor.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,30 @@ +connection node_2; +connection node_1; +connection node_1; +SET @sst_donor_orig=@@GLOBAL.wsrep_sst_donor; +set global wsrep_sst_donor='127.0.0.1;'; +ERROR 42000: Variable 'wsrep_sst_donor' can't be set to the value of '127.0.0.1;' +select @@wsrep_sst_donor; +@@wsrep_sst_donor + +set global wsrep_sst_donor='node1\''; +ERROR 42000: Variable 'wsrep_sst_donor' can't be set to the value of 'node1'' +select @@wsrep_sst_donor; +@@wsrep_sst_donor + +set global wsrep_sst_donor='node_2&'; +ERROR 42000: Variable 'wsrep_sst_donor' can't be set to the value of 'node_2&' +select @@wsrep_sst_donor; +@@wsrep_sst_donor + +set global wsrep_sst_donor='127.0.0.1|'; +ERROR 42000: Variable 'wsrep_sst_donor' can't be set to the value of '127.0.0.1|' +select @@wsrep_sst_donor; +@@wsrep_sst_donor + +set global wsrep_sst_donor='node2'; +select @@wsrep_sst_donor; +@@wsrep_sst_donor +node2 +disconnect node_2; +disconnect node_1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_method.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_method.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_method.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_method.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,44 @@ +connection node_2; +connection node_1; +connection node_1; +SET @sst_method_orig=@@GLOBAL.wsrep_sst_method; +set global wsrep_sst_method='mariabackup;'; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of 'mariabackup;' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method='mariabackup\''; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of 'mariabackup'' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method='mariabackup&'; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of 'mariabackup&' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method='mariabackup|'; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of 'mariabackup|' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method=NULL; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of 'NULL' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method=''; +ERROR 42000: Variable 'wsrep_sst_method' can't be set to the value of '' +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +set global wsrep_sst_method='mariabackup'; +select @@wsrep_sst_method; +@@wsrep_sst_method +mariabackup +set global wsrep_sst_method='rsync'; +select @@wsrep_sst_method; +@@wsrep_sst_method +rsync +disconnect node_2; +disconnect node_1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_receive_address.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_receive_address.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_var_sst_receive_address.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_var_sst_receive_address.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,17 @@ +connection node_2; +connection node_1; +connection node_1; +SET @sst_receive_address_orig=@@GLOBAL.wsrep_sst_receive_address; +set global wsrep_sst_receive_address='127.0.0.1;'; +ERROR 42000: Variable 'wsrep_sst_receive_address' can't be set to the value of '127.0.0.1;' +set global wsrep_sst_receive_address='127.0.0.1\''; +ERROR 42000: Variable 'wsrep_sst_receive_address' can't be set to the value of '127.0.0.1'' +set global wsrep_sst_receive_address='127.0.0.1&'; +ERROR 42000: Variable 'wsrep_sst_receive_address' can't be set to the value of '127.0.0.1&' +set global wsrep_sst_receive_address='127.0.0.1|'; +ERROR 42000: Variable 'wsrep_sst_receive_address' can't be set to the value of '127.0.0.1|' +set global wsrep_sst_receive_address=NULL; +set global wsrep_sst_receive_address=''; +set global wsrep_sst_receive_address='127.0.0.1:19000'; +disconnect node_2; +disconnect node_1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/r/galera_wsrep_notify_cmd_injection.result mariadb-11.8.8/mysql-test/suite/galera/r/galera_wsrep_notify_cmd_injection.result --- mariadb-11.8.6/mysql-test/suite/galera/r/galera_wsrep_notify_cmd_injection.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/r/galera_wsrep_notify_cmd_injection.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,10 @@ +connection node_2; +connection node_1; +SELECT 1; +1 +1 +connection node_1; +call mtr.add_suppression('Process completed with error'); +call mtr.add_suppression('Notification command failed'); +call mtr.add_suppression('Unsafe characters in cluster member'); +FOUND 3 /Unsafe characters in cluster member/ in mysqld.1.err diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/GCF-360.cnf mariadb-11.8.8/mysql-test/suite/galera/t/GCF-360.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/GCF-360.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/GCF-360.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -1,17 +1,4 @@ !include ../galera_4nodes.cnf -[mysqld.1] -wsrep_provider_options='base_port=@mysqld.1.#galera_port' -wsrep_ignore_apply_errors=0 - -[mysqld.2] -wsrep_provider_options='base_port=@mysqld.2.#galera_port' -wsrep_ignore_apply_errors=0 - -[mysqld.3] -wsrep_provider_options='base_port=@mysqld.3.#galera_port' -wsrep_ignore_apply_errors=0 - -[mysqld.4] -wsrep_provider_options='base_port=@mysqld.4.#galera_port' +[mysqld] wsrep_ignore_apply_errors=0 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-22232.test mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-22232.test --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-22232.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-22232.test 2026-05-24 09:58:31.000000000 +0000 @@ -31,7 +31,7 @@ --connection con1 # CTAS gets BF aborted. ---error ER_QUERY_INTERRUPTED, ER_LOCK_DEADLOCK +--error ER_QUERY_INTERRUPTED --reap # Cleanup @@ -56,7 +56,7 @@ --connection con1 # CTAS gets BF aborted. ---error ER_QUERY_INTERRUPTED, ER_LOCK_DEADLOCK +--error ER_QUERY_INTERRUPTED --reap # Cleanup diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-30418.test mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30418.test --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-30418.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30418.test 2026-05-24 09:58:31.000000000 +0000 @@ -5,7 +5,9 @@ --let $node_2=node_2 --source ../galera/include/auto_increment_offset_save.inc +SET SESSION wsrep_sync_wait=0; --connection node_2 +SET SESSION wsrep_sync_wait=0; select @@wsrep_slave_threads; SET @cluster_address_orig = @@wsrep_cluster_address; SET GLOBAL wsrep_cluster_address=AUTO; @@ -23,6 +25,13 @@ --disable_query_log SET GLOBAL wsrep_cluster_address = @cluster_address_orig; --enable_query_log + +# wait (without using SELECT) for the cluster becoming ready for all SQL statements +let $show_statement= SHOW STATUS LIKE 'wsrep_ready'; +let $field= Value; +let $condition= = 'ON'; +--source include/wait_show_condition.inc + select @@wsrep_slave_threads; show status like 'wsrep_cluster_size'; show status like 'wsrep_cluster_status'; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-30612.test mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30612.test --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-30612.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-30612.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,17 @@ +# +# MDEV-30612: Executing CREATE TRIGGER prepared statement twice led to a crash. +# + +--source include/galera_cluster.inc +--source include/have_innodb.inc + +CREATE TABLE t(a INT) ENGINE=INNODB; +PREPARE s FROM 'CREATE TRIGGER tr AFTER DELETE ON t FOR EACH ROW SET @a=1'; +EXECUTE s; +--error ER_TRG_ALREADY_EXISTS +EXECUTE s; + +DROP TRIGGER tr; +DROP TABLE t; + +--source include/galera_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39011.cnf mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39011.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,7 @@ +!include ../galera_2nodes_as_slave.cnf + +[mysqld.1] +wsrep_restart_slave=1 + +[mysqld.2] +wsrep_restart_slave=1 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39011.test mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.test --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39011.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39011.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,54 @@ +# +# MDEV-39011: The node running async slave replication hangs in shutdown. +# The problem was in a leaked THD_count on the error path when +# wsrep_restart_slave is set. +# + +--source include/galera_cluster.inc +--source include/have_innodb.inc +--source include/have_debug.inc +--source include/have_debug_sync.inc + +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + +# node 3 is a native MariaDB server operating as async replication master +--connect node_3, 127.0.0.1, root, , test, $NODE_MYPORT_3 +--connection node_3 +RESET MASTER; + +# nodes 1 and 2 form a Galera cluster, node 2 operates as a slave for the +# native MariaDB master in node 3 +--connection node_2 +--disable_query_log +--eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_USER='root', MASTER_PORT=$NODE_MYPORT_3; +--enable_query_log + +SET GLOBAL DEBUG_DBUG = "+d,delay_sql_thread_after_release_run_lock"; +START SLAVE; +# Wait for the async slave thread to get started +SET DEBUG_SYNC = "now WAIT_FOR sql_thread_run_lock_released"; +# Simulate a node dropped error for Wsrep to go to the restart point +SET GLOBAL DEBUG_DBUG = "+d,wsrep_async_slave_node_dropped_error"; +SET DEBUG_SYNC = "now SIGNAL sql_thread_continue"; +# Now wait again as the execution should follow the error path and repeat +SET DEBUG_SYNC = "now WAIT_FOR sql_thread_run_lock_released"; +# Don't follow the error path anymore +SET GLOBAL DEBUG_DBUG = "-d,wsrep_async_slave_node_dropped_error"; +SET DEBUG_SYNC = "now SIGNAL sql_thread_continue"; + +# Cleanup before restart +SET DEBUG_SYNC = "RESET"; +SET GLOBAL DEBUG_DBUG = ""; +STOP SLAVE; +RESET SLAVE; + +# Now try to restart the node: it should not hang in a shutdown +--source include/restart_mysqld.inc + +--connection node_3 +RESET MASTER; +--disconnect node_3 + +--source include/auto_increment_offset_restore.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39685.test mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39685.test --- mariadb-11.8.6/mysql-test/suite/galera/t/MDEV-39685.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/MDEV-39685.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,18 @@ +--source include/galera_cluster.inc +--source include/have_innodb.inc + +CREATE TABLE t1 ( + pk int PRIMARY KEY, + c varchar(8), + i int +) ENGINE=InnoDB; + +CREATE TABLE t2 (f int) ENGINE=InnoDB; + +CREATE TABLE t3 (x int, + FOREIGN KEY (x) REFERENCES t1 (pk) +) ENGINE=InnoDB; + +UPDATE t1 JOIN t2 ON t1.i = t2.f SET t1.c = 'foo'; + +DROP TABLE t3, t2, t1; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_as_slave_replay.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_as_slave_replay.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_as_slave_replay.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_as_slave_replay.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -4,9 +4,7 @@ binlog-format=row [mysqld.1] -wsrep_restart_slave=1 wsrep-debug=1 [mysqld.2] -wsrep_restart_slave=1 wsrep-debug=1 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_fk_truncate.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_fk_truncate.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.cnf 1970-01-01 00:00:00.000000000 +0000 @@ -1,9 +0,0 @@ -!include ../galera_2nodes.cnf - -[mysqld.1] -auto_increment_offset=1 -auto_increment_increment=2 - -[mysqld.2] -auto_increment_offset=2 -auto_increment_increment=2 diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_fk_truncate.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_fk_truncate.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_fk_truncate.test 2026-05-24 09:58:31.000000000 +0000 @@ -1,6 +1,17 @@ --source include/galera_cluster.inc --source include/have_innodb.inc +# +# Make sure earlier test has no effect to this one +# +--connection node_1 +set global auto_increment_offset=1; +set global auto_increment_increment=2; +--connection node_2 +set global auto_increment_offset=2; +set global auto_increment_increment=2; + +--connection node_1 CREATE TABLE author ( id SMALLINT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR(100) NOT NULL @@ -38,3 +49,8 @@ SELECT * FROM book; DROP TABLE book, author; +set global auto_increment_increment=2; +--connection node_2 +set global auto_increment_offset=2; + + diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_galera_info.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_galera_info.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_galera_info.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_galera_info.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,27 @@ +--source include/galera_cluster.inc +--source include/have_sequence.inc + +--connection node_1 +CREATE TABLE t1(id int not null primary key auto_increment, b int) ENGINE=InnoDB; +INSERT INTO t1(b) SELECT * from seq_1_to_100; +INSERT INTO t1(b) SELECT * from seq_1_to_100; +INSERT INTO t1(b) SELECT * from seq_1_to_100; + +--connect node_1a, 127.0.0.1, root, , test, $NODE_MYPORT_1 +--connection node_1a +--echo # Execute mysqldump using new galera-info parameter +--exec $MYSQL_DUMP -u root -S $NODE_MYSOCK_1 -P $NODE_MYPORT_1 --add-drop-database --add-drop-table --skip-add-locks --create-options --disable-keys --extended-insert --skip-lock-tables --quick --set-charset --skip-comments --flush-privileges --all-databases --events --galera-info > $MYSQLTEST_VARDIR/tmp/mysqldump.log + +--echo # Confirm that desired output is done +--let $assert_text = wsrep_start_position +--let $assert_select = wsrep_start_position +--let $assert_count = 1 +--let $assert_file = $MYSQLTEST_VARDIR/tmp/mysqldump.log +--source include/assert_grep.inc + +--remove_file $MYSQLTEST_VARDIR/tmp/mysqldump.log + +--connection node_1 +DROP TABLE t1; +--disconnect node_1a +--source include/galera_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_max_ws_rows.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_max_ws_rows.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_max_ws_rows.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_max_ws_rows.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,104 @@ +--source include/galera_cluster.inc + +# +# MDEV-28750 Assertion `trans_safe || !updated || thd->transaction->stmt.modified_non_trans_table' failed in virtual bool multi_update::send_eof() +# +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1 SET t1.a=t1.a * 2; +UPDATE ti AS t1 SET t1.a=t1.a * 2; +UPDATE tm AS t1 SET t1.a=t1.a * 2; +--error ER_WARNING_NOT_COMPLETE_ROLLBACK +UPDATE ti AS t1 SET t1.a=t1.a * 2; +SHOW WARNINGS; +COMMIT; +SELECT * FROM ti; +SELECT * from tm; +DROP TABLE ti,tm; + +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +SET sql_mode=only_full_group_by; +INSERT INTO ti VALUES (1,2,4); +--error ER_GALERA_REPLICATION_NOT_SUPPORTED +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +--error ER_GALERA_REPLICATION_NOT_SUPPORTED +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +COMMIT; +SELECT * FROM ti; +SELECT * from tm; +DROP TABLE ti,tm; + +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +SET sql_mode=only_full_group_by; +INSERT INTO ti VALUES (1,2,4); +--error ER_WRONG_ARGUMENTS +SET GLOBAL wsrep_max_ws_rows=2; +--error ER_WRONG_ARGUMENTS +set GLOBAL wsrep_max_ws_size=2047; +COMMIT; +SELECT * FROM ti; +SELECT * from tm; +DROP TABLE ti,tm; + +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=InnoDB; +SET GLOBAL wsrep_max_ws_rows=2; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +--error ER_ERROR_DURING_COMMIT +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +COMMIT; +SELECT * FROM ti; +SELECT * from tm; +DROP TABLE ti,tm; + +CREATE TABLE ti (a INT UNSIGNED, b SMALLINT, id BIGINT NOT NULL, KEY(b), PRIMARY KEY(id)) ENGINE=InnoDB; +CREATE TABLE tm (a INT PRIMARY KEY, b MEDIUMTEXT) ENGINE=MyISAM; +SET GLOBAL wsrep_max_ws_rows=0; +START TRANSACTION; +INSERT INTO tm SET b=NULL, a=2; +INSERT INTO ti VALUES (1,2,4); +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +UPDATE tm AS t1, ti AS t2 SET t1.a=t1.a * 2, t2.a=t2.a * 2; +COMMIT; +SELECT * FROM ti; +SELECT * from tm; +DROP TABLE ti,tm; + +# +# MDEV-25548 Assertion `transactional_table || !changed || thd->transaction.stmt.modified_non_trans_table' failed. +# +CREATE TABLE t1 (col INT); +INSERT INTO t1 VALUES (0xF4AB); +CREATE TEMPORARY TABLE t1 (c1 INT) ENGINE=mrg_myisam UNION=(t1) insert_method=FIRST; +SET GLOBAL wsrep_max_ws_rows=1; +DROP TABLES t1; +INSERT INTO t1 VALUES (6373); +CREATE TABLE t2 ENGINE=heap SELECT * FROM t1; + +DROP TABLE t1, t2; + +SET default_storage_engine="HEAP"; +CREATE TABLE t1 (f1 BIGINT); +SET GLOBAL wsrep_max_ws_rows = 1; +INSERT INTO t1 VALUES (NOW()),(NOW()),(NOW()); +SELECT COUNT(*) AS EXPECT_3 FROM t1; +DROP TABLE t1; + +CREATE TABLE t1 (i INT) ENGINE=MyISAM DEFAULT CHARSET=utf8 SELECT 1 as i; +DROP TABLE t1; + +SET GLOBAL wsrep_max_ws_rows=0; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_cipher.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_cipher.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -5,7 +5,7 @@ wsrep-debug=1 [mysqld.1] -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;cert.log_conflicts=YES;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;cert.log_conflicts=YES;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' [mysqld.2] -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;cert.log_conflicts=YES;repl.causal_read_timeout=PT90S;base_port=@mysqld.2.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;cert.log_conflicts=YES;repl.causal_read_timeout=PT90S;base_port=@mysqld.2.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_cipher.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_cipher.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_cipher.test 2026-05-24 09:58:31.000000000 +0000 @@ -35,7 +35,7 @@ --connection node_1 --source include/shutdown_mysqld.inc --let $restart_noprint = 1 ---let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-key.pem;socket.ssl_cipher=AES256-SHA +--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-key.pem;socket.ssl_cipher=AES256-SHA --source include/start_mysqld.inc --source include/wait_until_connected_again.inc @@ -47,7 +47,7 @@ --connection node_2 --source include/shutdown_mysqld.inc ---let $start_mysqld_params = --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem;socket.ssl_cipher=AES256-SHA +--let $start_mysqld_params = --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-new-key.pem;socket.ssl_cipher=AES256-SHA --source include/start_mysqld.inc --source include/wait_until_connected_again.inc @@ -59,7 +59,7 @@ --connection node_1 --source include/shutdown_mysqld.inc ---let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem;socket.ssl_cipher=AES256-SHA +--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-new-key.pem;socket.ssl_cipher=AES256-SHA --source include/start_mysqld.inc --source include/wait_until_connected_again.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_upgrade.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_upgrade.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -5,7 +5,7 @@ wsrep-debug=1 [mysqld.1] -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' [mysqld.2] -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;repl.causal_read_timeout=PT90S;base_port=@mysqld.2.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;repl.causal_read_timeout=PT90S;base_port=@mysqld.2.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_upgrade.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_ssl_upgrade.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_ssl_upgrade.test 2026-05-24 09:58:31.000000000 +0000 @@ -36,7 +36,7 @@ --connection node_1 --source include/shutdown_mysqld.inc --let $restart_noprint = 1 ---let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-key.pem +--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-key.pem --source include/start_mysqld.inc --source include/wait_until_connected_again.inc @@ -48,7 +48,7 @@ --connection node_2 --source include/shutdown_mysqld.inc ---let $start_mysqld_params = --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem +--let $start_mysqld_params = --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --source include/start_mysqld.inc --source include/wait_until_connected_again.inc @@ -60,7 +60,7 @@ --connection node_1 --source include/shutdown_mysqld.inc ---let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-upgrade-server-key.pem +--let $start_mysqld_params = --wsrep-cluster-address=gcomm://127.0.0.1:$NODE_GALERAPORT_2 --wsrep_provider_options=base_port=$NODE_GALERAPORT_1;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-new-key.pem --source include/start_mysqld.inc --source include/wait_until_connected_again.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mariabackup_encrypt_with_key_server.test 2026-05-24 09:58:31.000000000 +0000 @@ -1,11 +1,10 @@ # -# This test checks that if SST SSL is not explicitly donfigured mariabackup SST +# This test checks that if SST SSL is not explicitly configured mariabackup SST # uses server SSL configuration if present. # Initial SST happens via mariabackup, so there is not much to do in the body # of the test # ---source include/big_test.inc --source include/galera_cluster.inc --source include/have_innodb.inc --source include/have_mariabackup.inc @@ -17,9 +16,53 @@ --source include/wait_condition.inc # Confirm that transfer was SSL-encrypted ---let $assert_text = Using openssl based encryption with socat ---let $assert_select = Using openssl based encryption with socat: with key and crt ---let $assert_count = 1 ---let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.1.err ---let $assert_only_after = CURRENT_TEST ---source include/assert_grep.inc +--let SEARCH_FILE = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let SEARCH_PATTERN = Using openssl based encryption with socat: with key and crt +--source include/search_pattern_in_file.inc + +--echo # +--echo # MDEV-39413 wsrep unsafe handling of parameters +--echo # + +call mtr.add_suppression('Invalid value for WSREP_SST_OPT_REMOTE_USER'); +call mtr.add_suppression('Failed to read from: wsrep_sst_mariabackup'); +call mtr.add_suppression('Process completed with error: wsrep_sst_mariabackup'); +call mtr.add_suppression('Command did not run: wsrep_sst_mariabackup'); +call mtr.add_suppression('State transfer to .* failed'); +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Error while getting data from donor node'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('Removing .*/xtrabackup_galera_info file due to signal'); + +--connection node_2 +--source include/shutdown_mysqld.inc + +--echo # force SST again +--remove_file $MYSQLTEST_VARDIR/mysqld.2/data/grastate.dat +--echo # using a cert with shell-unsafe CN +--exec echo '[mysqld.2]' >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem >> $MYSQLTEST_VARDIR/my.cnf + +--echo # start the server +# Joiner mariadbd exits when SST is aborted; the exit code varies by +# platform (clean 0 on some systems, signalled 134 / 1 on others). +--error 0,134,1 +--exec $MYSQLD_LAST_CMD +--echo # the server failed to start + +--let SEARCH_PATTERN = Invalid value for WSREP_SST_OPT_REMOTE_USER +--source include/search_pattern_in_file.inc + +--echo # cleanup +# we have to kill joiner's socat here, because the donor has aborted SST +# and joiner's socat will timeout in 5 minutes +# pkill exit code varies by platform 0 or 1 +--error 0,1 +--exec pkill -f 'socat.*server-new-cert' +--exec echo ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert.pem >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-key=$MYSQL_TEST_DIR/std_data/server-key.pem >> $MYSQLTEST_VARDIR/my.cnf +--source $MYSQL_TEST_DIR/include/start_mysqld.inc + +--connection node_2 +call mtr.add_suppression("Removing"); diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump.test 2026-05-24 09:58:31.000000000 +0000 @@ -14,7 +14,6 @@ --source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_clean_slave.inc --source suite/galera/include/galera_st_kill_slave.inc ---source suite/galera/include/galera_st_kill_slave_ddl.inc --source include/auto_increment_offset_restore.inc --source suite/galera/include/galera_sst_restore.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,10 @@ +!include ../galera_2nodes.cnf + +# We do not set mysqldump-related SST options here because doing so on startup +# causes the first MTR connection to be forefully dropped by Galera, which in turn confuses MTR + +[mysqld.1] +wsrep_provider_options='pc.ignore_sb=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' + +[mysqld.2] +wsrep_provider_options='pc.ignore_sb=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.2.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_debug.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,17 @@ +--source include/big_test.inc +--source include/galera_cluster.inc +--source suite/galera/include/galera_sst_set_mysqldump.inc +--source include/have_debug.inc +--source include/have_debug_sync.inc + +--let $node_1=node_1 +--let $node_2=node_2 +--source include/auto_increment_offset_save.inc + +--source suite/galera/include/galera_st_disconnect_slave.inc +# We set the required mysqldump SST options here so that they are used every time the server is restarted during the test +--let $start_mysqld_params = --wsrep_sst_auth=sst:sst --wsrep_sst_method=mysqldump --wsrep-sst-receive-address=127.0.0.1:$NODE_MYPORT_2 --skip-grant-tables + +--source suite/galera/include/galera_st_kill_slave_ddl.inc +--source include/auto_increment_offset_restore.inc +--source suite/galera/include/galera_sst_restore.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_with_key.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_with_key.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_mysqldump_with_key.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_mysqldump_with_key.test 2026-05-24 09:58:31.000000000 +0000 @@ -25,7 +25,6 @@ --source suite/galera/include/galera_st_shutdown_slave.inc --source suite/galera/include/galera_st_kill_slave.inc ---source suite/galera/include/galera_st_kill_slave_ddl.inc --source include/auto_increment_offset_restore.inc --source suite/galera/include/galera_sst_restore.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,13 @@ +!include ../galera_2nodes.cnf + +[mysqld] +wsrep_sst_method=rsync +wsrep_sst_auth="root:" +wsrep_debug=1 + +ssl-cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem +ssl-key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem +ssl-ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem + +[sst] +ssl-mode=VERIFY_CA diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_sst_rsync_encrypt_with_key_server.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,99 @@ +# +# Verifies that wsrep_sst_rsync.sh rejects a joiner-supplied certificate +# whose CN contains shell-unsafe characters. +# +# Brings up a 2-node cluster with rsync SST and ssl-mode=VERIFY_CA, then +# forces a fresh SST on node_2 using std_data/server-new-cert.pem -- a +# cert whose CN intentionally contains shell metacharacters. Confirms +# that the donor (node_1) logs +# "Invalid value for WSREP_SST_OPT_REMOTE_USER" +# i.e. the rsync SST script refuses the value rather than interpolating +# it into stunnel.conf or the rsync magic file. +# + +--source include/galera_cluster.inc +--source include/have_innodb.inc + +SELECT 1; + +--connection node_2 +--let $wait_condition = SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'WSREP_LOCAL_STATE_COMMENT' +--source include/wait_condition.inc + +# Confirm the initial SST went via rsync + stunnel (sanity check for the +# test configuration). +--let SEARCH_FILE = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let SEARCH_PATTERN = wsrep_sst_rsync +--source include/search_pattern_in_file.inc + + +# Reject shell-unsafe joiner-supplied auth (rsync) + +# Suppressions are per-server. node_1 will log the donor-side rejection +# ("Invalid value for WSREP_SST_OPT_REMOTE_USER"); node_2 will log the +# joiner-side "Will never receive state" abort. Add to both. +--connection node_1 +call mtr.add_suppression('Invalid value for WSREP_SST_OPT_REMOTE_USER'); +call mtr.add_suppression('Failed to read from: wsrep_sst_rsync'); +call mtr.add_suppression('Process completed with error: wsrep_sst_rsync'); +call mtr.add_suppression('Command did not run: wsrep_sst_rsync'); +call mtr.add_suppression('State transfer to .* failed'); +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Error while getting data from donor node'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('Removing .*/sst_in_progress'); +call mtr.add_suppression('Parent mysqld process .* terminated unexpectedly'); + +--connection node_2 +--source include/shutdown_mysqld.inc + +# force SST again +--remove_file $MYSQLTEST_VARDIR/mysqld.2/data/grastate.dat +# using a cert with shell-unsafe CN +--exec echo '[mysqld.2]' >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-cert=$MYSQL_TEST_DIR/std_data/server-new-cert.pem >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-key=$MYSQL_TEST_DIR/std_data/server-new-key.pem >> $MYSQLTEST_VARDIR/my.cnf + +# start the server +# Joiner mariadbd exits when SST is aborted; the exit code varies by +# platform (clean 0 on some systems, signalled 134 / 1 on others). +--error 0,1,134 +--exec $MYSQLD_LAST_CMD +# the donor refused the SST request + +--connection node_1 +# safe() in wsrep_sst_common.sh logs this when it rejects the joiner CN; +# wsrep_sst_rsync.sh wraps the joiner-supplied REMOTE_USER with $(safe ..) +# at line 249 so the value never reaches the stunnel.conf heredoc. +--let SEARCH_PATTERN = Invalid value for WSREP_SST_OPT_REMOTE_USER +--source include/search_pattern_in_file.inc + +# cleanup +# Kill joiner's stunnel / rsync that may linger after the aborted SST. +# Use a perl block because --exec with pkill -f matches the mtr cmdline +# itself (which contains the pattern) and tears down the wrong process. +perl; + open(my $fh, '-|', 'ps', '-eo', 'pid,args') or die "ps: $!"; + while (<$fh>) { + next unless /server-new-cert/; + next unless /^\s*(\d+)\s+(?:.*\/)?(stunnel|socat|rsync)\b/; + kill 'TERM', $1; + } + close $fh; +EOF +--exec echo ssl-cert=$MYSQL_TEST_DIR/std_data/server-cert.pem >> $MYSQLTEST_VARDIR/my.cnf +--exec echo ssl-key=$MYSQL_TEST_DIR/std_data/server-key.pem >> $MYSQLTEST_VARDIR/my.cnf + +# Switch back to node_2 before restarting it; the connection associates +# with the soon-to-be-restarted server so mtr auto-reconnects and the +# wait_condition + late suppressions land on the new instance. +--connection node_2 +--source $MYSQL_TEST_DIR/include/start_mysqld.inc + +--let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size' +--source include/wait_condition.inc + +call mtr.add_suppression('Will never receive state. Need to abort'); +call mtr.add_suppression('Parent mysqld process .* terminated unexpectedly'); +call mtr.add_suppression('Cleanup after exit with status'); +call mtr.add_suppression('State transfer to .* failed'); diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_max_ws_rows.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_max_ws_rows.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_max_ws_rows.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_max_ws_rows.test 2026-05-24 09:58:31.000000000 +0000 @@ -159,6 +159,7 @@ SET GLOBAL wsrep_max_ws_rows= DEFAULT; INSERT INTO t1 VALUES(1); INSERT INTO t1 SELECT * FROM t1; +COMMIT; SET GLOBAL wsrep_max_ws_rows= 1; ALTER TABLE t1 CHANGE COLUMN c1 c1 BIGINT; diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_donor.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_donor.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_donor.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_donor.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,27 @@ +# +# Check the handling of @@wsrep_sst_donor +# +--source include/galera_cluster.inc + +--connection node_1 +SET @sst_donor_orig=@@GLOBAL.wsrep_sst_donor; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_donor='127.0.0.1;'; +select @@wsrep_sst_donor; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_donor='node1\''; +select @@wsrep_sst_donor; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_donor='node_2&'; +select @@wsrep_sst_donor; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_donor='127.0.0.1|'; +select @@wsrep_sst_donor; +set global wsrep_sst_donor='node2'; +select @@wsrep_sst_donor; + +--disable_query_log +SET GLOBAL wsrep_sst_donor = @sst_donor_orig; +--enable_query_log + +--source include/galera_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_method.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_method.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_method.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_method.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,36 @@ +# +# Check the handling of @@wsrep_sst_method +# +--source include/galera_cluster.inc + +--connection node_1 +SET @sst_method_orig=@@GLOBAL.wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method='mariabackup;'; +select @@wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method='mariabackup\''; +select @@wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method='mariabackup&'; +select @@wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method='mariabackup|'; +select @@wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method=NULL; +select @@wsrep_sst_method; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_method=''; +select @@wsrep_sst_method; + +set global wsrep_sst_method='mariabackup'; +select @@wsrep_sst_method; +set global wsrep_sst_method='rsync'; +select @@wsrep_sst_method; + +--disable_query_log +SET GLOBAL wsrep_sst_method = @sst_method_orig; +--enable_query_log + +--source include/galera_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_receive_address.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_receive_address.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_var_sst_receive_address.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_var_sst_receive_address.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,26 @@ +# +# Check the handling of @@wsrep_sst_receive_address +# + +--source include/galera_cluster.inc + +--connection node_1 +SET @sst_receive_address_orig=@@GLOBAL.wsrep_sst_receive_address; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_receive_address='127.0.0.1;'; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_receive_address='127.0.0.1\''; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_receive_address='127.0.0.1&'; +--error ER_WRONG_VALUE_FOR_VAR +set global wsrep_sst_receive_address='127.0.0.1|'; + +set global wsrep_sst_receive_address=NULL; +set global wsrep_sst_receive_address=''; +set global wsrep_sst_receive_address='127.0.0.1:19000'; + +--disable_query_log +SET GLOBAL wsrep_sst_receive_address = @sst_receive_address_orig; +--enable_query_log + +--source include/galera_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.cnf mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.cnf --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.cnf 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,10 @@ +!include ../galera_2nodes.cnf + +[mysqld.1] +# Victim: /bin/true exits 0 ignoring argv, so injection happens in sh -c parsing. +wsrep_notify_cmd=/bin/true + +[mysqld.2] +# Attacker: shell metacharacters in wsrep_node_name; trailing '#' comments +# out whatever the server appends after the name. +wsrep_node_name='n;touch PWN;#' diff -Nru mariadb-11.8.6/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.test mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.test --- mariadb-11.8.6/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera/t/galera_wsrep_notify_cmd_injection.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,30 @@ +# +# Joiner-supplied wsrep_node_name must not inject shell commands into +# the donor's wsrep_notify_cmd. Fails if "Notification command failed" +# co-occurs with ";touch" in node_1's error log. +# + +--source include/galera_cluster.inc +--source include/have_innodb.inc + +SELECT 1; + +--connection node_1 +call mtr.add_suppression('Process completed with error'); +call mtr.add_suppression('Notification command failed'); +call mtr.add_suppression('Unsafe characters in cluster member'); +--let $datadir=`select @@datadir` + +--let $wait_condition = SELECT VARIABLE_VALUE = 'Synced' FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'WSREP_LOCAL_STATE_COMMENT' +--source include/wait_condition.inc + +--let $wait_condition = SELECT VARIABLE_VALUE = 2 FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME = 'wsrep_cluster_size' +--source include/wait_condition.inc + +--sleep 2 + +--let SEARCH_FILE = $MYSQLTEST_VARDIR/log/mysqld.1.err +--let SEARCH_PATTERN = Unsafe characters in cluster member +--source include/search_pattern_in_file.inc + +--list_files $datadir PWN diff -Nru mariadb-11.8.6/mysql-test/suite/galera_3nodes/r/MDEV-36360.result mariadb-11.8.8/mysql-test/suite/galera_3nodes/r/MDEV-36360.result --- mariadb-11.8.6/mysql-test/suite/galera_3nodes/r/MDEV-36360.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera_3nodes/r/MDEV-36360.result 2026-05-24 09:58:31.000000000 +0000 @@ -21,7 +21,7 @@ Restarting server 3 with one applier thread having FK and UK checks disabled SET GLOBAL DEBUG_DBUG = 'd,sync.wsrep_after_write_row'; connection node_1; -INSERT INTO child VALUES (1, 1); +INSERT INTO child VALUES (1, 2); connection node_3; SET DEBUG_SYNC = 'now WAIT_FOR sync.wsrep_after_write_row_reached'; SET GLOBAL DEBUG_DBUG = ''; @@ -29,7 +29,6 @@ SET DEBUG_SYNC = 'ib_after_row_insert SIGNAL signal.wsrep_after_write_row'; INSERT INTO child VALUES (2, 2); SET DEBUG_SYNC = 'RESET'; -include/assert_grep.inc [no FK constraint failure] Server 3 SELECT COUNT(*) AS EXPECT_1 FROM parent; EXPECT_1 diff -Nru mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/MDEV-36360.test mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/MDEV-36360.test --- mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/MDEV-36360.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/MDEV-36360.test 2026-05-24 09:58:31.000000000 +0000 @@ -61,7 +61,7 @@ # Insert a child row that will be applied on node #3, but should not # grab table-level X-lock. --connection node_1 -INSERT INTO child VALUES (1, 1); +INSERT INTO child VALUES (1, 2); --connection node_3 SET DEBUG_SYNC = 'now WAIT_FOR sync.wsrep_after_write_row_reached'; @@ -75,14 +75,6 @@ # grabs table-level X-lock, they'll both deadlock forever. INSERT INTO child VALUES (2, 2); SET DEBUG_SYNC = 'RESET'; - ---let $assert_select = foreign key constraint fails ---let $assert_count = 0 ---let $assert_text = no FK constraint failure ---let $assert_only_after = CURRENT_TEST ---let $assert_file = $MYSQLTEST_VARDIR/log/mysqld.3.err ---source include/assert_grep.inc - # Child row insert is applied even though there's no parent row. --echo Server 3 SELECT COUNT(*) AS EXPECT_1 FROM parent; diff -Nru mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.cnf mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.cnf --- mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.cnf 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.cnf 2026-05-24 09:58:31.000000000 +0000 @@ -5,7 +5,7 @@ [mysqld.1] wsrep_node_name='node.1' -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;socket.dynamic=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;socket.dynamic=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.1.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' [mysqld.2] wsrep_node_name='node.2' @@ -13,4 +13,4 @@ [mysqld.3] wsrep_node_name='node.3' -wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/galera-key.pem;socket.dynamic=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.3.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' +wsrep_provider_options='socket.ssl=yes;socket.ssl_ca=@ENV.MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=@ENV.MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=@ENV.MYSQL_TEST_DIR/std_data/server-key.pem;socket.dynamic=true;repl.causal_read_timeout=PT90S;base_port=@mysqld.3.#galera_port;evs.suspect_timeout=PT10S;evs.inactive_timeout=PT30S;evs.install_timeout=PT15S;pc.wait_prim_timeout=PT60S;gcache.size=10M' diff -Nru mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.test mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.test --- mariadb-11.8.6/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/galera_3nodes/t/galera_dynamic_protocol.test 2026-05-24 09:58:31.000000000 +0000 @@ -50,7 +50,7 @@ # Restart node with SSL enabled --source include/shutdown_mysqld.inc --let $restart_noprint = 1 ---let $restart_parameters = --wsrep_cluster_address=gcomm://127.0.0.1:$NODE_GALERAPORT_1 --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/galera-upgrade-ca-cert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/galera-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/galera-key.pem +--let $restart_parameters = --wsrep_cluster_address=gcomm://127.0.0.1:$NODE_GALERAPORT_1 --wsrep_provider_options=base_port=$NODE_GALERAPORT_2;socket.ssl=yes;socket.ssl_ca=$MYSQL_TEST_DIR/std_data/cacert.pem;socket.ssl_cert=$MYSQL_TEST_DIR/std_data/server-cert.pem;socket.ssl_key=$MYSQL_TEST_DIR/std_data/server-key.pem --source include/start_mysqld.inc --source include/galera_wait_ready.inc diff -Nru mariadb-11.8.6/mysql-test/suite/gcol/r/innodb_virtual_basic.result mariadb-11.8.8/mysql-test/suite/gcol/r/innodb_virtual_basic.result --- mariadb-11.8.6/mysql-test/suite/gcol/r/innodb_virtual_basic.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/gcol/r/innodb_virtual_basic.result 2026-05-24 09:58:31.000000000 +0000 @@ -49,9 +49,9 @@ ROLLBACK; SELECT c FROM t; c -NULL 13 29 +NULL SELECT * FROM t; a b c h 10 3 13 mm @@ -304,23 +304,23 @@ CALL UPDATE_t(); SELECT c FROM t; c -NULL 19 -29 2103 +29 +NULL CALL DELETE_insert_t(); SELECT c FROM t; c -NULL 19 -29 2103 +29 +NULL DROP INDEX idx ON t; CALL UPDATE_t(); SELECT c FROM t; c -2103 19 +2103 29 NULL DROP PROCEDURE DELETE_insert_t; @@ -524,10 +524,10 @@ ROLLBACK; SELECT a, c, h FROM t; a c h -NULL NULL d 11 14 a 18 19 b 28 29 c +NULL NULL d DROP TABLE t; CREATE TABLE `t1` ( `col1` int(11) NOT NULL, diff -Nru mariadb-11.8.6/mysql-test/suite/gcol/t/innodb_virtual_basic.test mariadb-11.8.8/mysql-test/suite/gcol/t/innodb_virtual_basic.test --- mariadb-11.8.6/mysql-test/suite/gcol/t/innodb_virtual_basic.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/gcol/t/innodb_virtual_basic.test 2026-05-24 09:58:31.000000000 +0000 @@ -43,6 +43,7 @@ INSERT INTO t VALUES (1290, 212, DEFAULT, "xmx"); ROLLBACK; +--sorted_result SELECT c FROM t; SELECT * FROM t; @@ -357,13 +358,16 @@ delimiter ;| CALL UPDATE_t(); +--sorted_result SELECT c FROM t; CALL DELETE_insert_t(); +--sorted_result SELECT c FROM t; DROP INDEX idx ON t; CALL UPDATE_t(); +--sorted_result SELECT c FROM t; DROP PROCEDURE DELETE_insert_t; @@ -538,6 +542,7 @@ UPDATE t SET m =10 WHERE m = 1; UPDATE t SET h = "e" WHERE h="a"; ROLLBACK; +--sorted_result SELECT a, c, h FROM t; DROP TABLE t; diff -Nru mariadb-11.8.6/mysql-test/suite/handler/heap.result mariadb-11.8.8/mysql-test/suite/handler/heap.result --- mariadb-11.8.6/mysql-test/suite/handler/heap.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/handler/heap.result 2026-05-24 09:58:31.000000000 +0000 @@ -1638,7 +1638,7 @@ 1 10 insert into t1 values (7,50); HANDLER t1 READ b NEXT; -ERROR HY000: Record has changed since last read in table 't1' +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction HANDLER t1 READ b FIRST; a b 1 10 @@ -1646,7 +1646,7 @@ insert into t1 values (7,50); connection default; HANDLER t1 READ b NEXT; -ERROR HY000: Record has changed since last read in table 't1' +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction HANDLER t1 READ FIRST; a b 2 20 @@ -1667,7 +1667,7 @@ delete from t1; connection default; HANDLER t1 READ NEXT LIMIT 2; -ERROR HY000: Record has changed since last read in table 't1' +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction HANDLER t1 CLOSE; DROP TABLE t1; disconnect con1; diff -Nru mariadb-11.8.6/mysql-test/suite/heap/restart_binlog_warning.result mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.result --- mariadb-11.8.6/mysql-test/suite/heap/restart_binlog_warning.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,16 @@ +CREATE TABLE t ENGINE=memory AS SELECT 1; +CHANGE MASTER TO master_host='127.0.0.1'; +# restart: --read-only=TRUE --skip-slave-start +SELECT * FROM t; +1 +FOUND 1 /\[Warning\] .+?memory table.+?TRUNCATE/ in mysqld.1.err +RESET SLAVE ALL; +CHANGE MASTER 'pseudo-upstream' TO master_host='127.0.0.1'; +# restart: --read-only=TRUE --skip-slave-start +SELECT * FROM t; +1 +FOUND 2 /\[Warning\] .+?memory table.+?TRUNCATE/ in mysqld.1.err +SET @@GLOBAL.read_only= FALSE; +RESET SLAVE 'pseudo-upstream' ALL; +DROP TABLE t; +CALL mtr.add_suppression("\[Warning\] .+?memory table.+?TRUNCATE"); diff -Nru mariadb-11.8.6/mysql-test/suite/heap/restart_binlog_warning.test mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.test --- mariadb-11.8.6/mysql-test/suite/heap/restart_binlog_warning.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/heap/restart_binlog_warning.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,38 @@ +# MDEV-38600: Test the replication divergence warning that +# restarting a slave server binlogs TRUNCATEs for MEMORY tables +# (`rpl.rpl_memory_engine_truncate_on_restart` tests the actual TRUNCATE event. +# By not adding an MTR suppression, +# it also covers the case that a non-slave should not warn about this.) + +--source include/have_binlog_format_mixed.inc # format-agnostic + +CREATE TABLE t ENGINE=memory AS SELECT 1; + + +# Add a pseudo-master to make this a pseudo-slave +CHANGE MASTER TO master_host='127.0.0.1'; + +--let $restart_parameters= --read-only=TRUE --skip-slave-start +--source include/restart_mysqld.inc # not_embedded +SELECT * FROM t; # Maily to trigger MEMORY table discovery + +--let SEARCH_FILE= `SELECT @@log_error` +--let SEARCH_PATTERN=\[Warning\] .+?memory table.+?TRUNCATE +--source include/search_pattern_in_file.inc + + +RESET SLAVE ALL; +# Repeat the test with an already blank MEMORY table and a named connection +CHANGE MASTER 'pseudo-upstream' TO master_host='127.0.0.1'; + +--source include/restart_mysqld.inc +SELECT * FROM t; +--source include/search_pattern_in_file.inc + + +# Cleanup +SET @@GLOBAL.read_only= FALSE; +RESET SLAVE 'pseudo-upstream' ALL; +DROP TABLE t; + +--eval CALL mtr.add_suppression("$SEARCH_PATTERN") diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/include/check_core_dump_trim.inc mariadb-11.8.8/mysql-test/suite/innodb/include/check_core_dump_trim.inc --- mariadb-11.8.6/mysql-test/suite/innodb/include/check_core_dump_trim.inc 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/include/check_core_dump_trim.inc 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,104 @@ +# ------------------------------------------------------------------------------ +# Test Summary +# ------------------------------------------------------------------------------ +# This test checks whether the mariadbd core dump file is expected to be TRIMMED +# or NOT TRIMMED based on how memory is mapped by the mariadbd process. +# +# What this script does: +# +# 1. It retrieves MariaDB runtime values: +# - pid_file (location of mariadbd PID) +# - innodb_buffer_pool_size +# +# 2. Using the PID file, it finds the running mariadbd process ID. +# +# 3. It reads /proc//smaps to inspect the memory regions allocated +# by the mariadbd process. +# +# 4. From the smaps output, it identifies candidate memory regions that: +# - are smaller than 192M +# - contain the "dd" VmFlag (indicating the region is eligible for +# core dump trimming) +# +# 5. It sums the size of these candidate memory regions. +# +# 6. If the candidate memory is large enough to cover the buffer pool, +# the script concludes that the buffer pool will not be part of core dump. +# Otherwise, it reports it to be part of core dump. +# +# Purpose: +# This helps verify whether InnoDB buffer pool will be excluded from the +# core dump, preventing unnecessarily large core files. +# ------------------------------------------------------------------------------ + +# Get the full path name of the PID file +--let $pid_file= query_get_value(SELECT @@pid_file, @@pid_file, 1) +--let PIDFILE= $pid_file + +# Get innodb_buffer_pool_size +--let $innodb_buffer_pool_size= query_get_value(SELECT @@innodb_buffer_pool_size, @@innodb_buffer_pool_size, 1) +--let BUFFER_POOL_SIZE= $innodb_buffer_pool_size + +perl; + +use strict; +use warnings; + +my $pid_file = $ENV{'PIDFILE'} or die "PIDFILE not set"; + +# Buffer pool size +my $buffer_pool_size = $ENV{'BUFFER_POOL_SIZE'}; + +# Convert to KB +my $buffer_pool_kb = int($buffer_pool_size / 1024); + +# Ignore regions larger than 192M +my $max_region_kb = 192 * 1024; + +# Sum of candidate regions +my $candidate_sum_kb = 0; + +# Get PID of mariadbd +open(my $fh, '<', $pid_file) || die "Cannot open pid file $pid_file\n"; +my $pid = <$fh>; +$pid =~ s/\s//g; +close($fh); + +if ($pid eq "") { + die "Couldn't retrieve PID from PID file.\n"; +} + +# Open smaps +my $smaps_file = "/proc/$pid/smaps"; + +open(my $sm, '<', $smaps_file) or die "Cannot open $smaps_file\n"; + +my $current_size_kb = 0; + +while (my $line = <$sm>) { + + if ($line =~ /^Size:\s+(\d+)\s+kB/) { + $current_size_kb = $1; + } + + if ($line =~ /^VmFlags:\s+(.*)/) { + my $flags = $1; + + # Candidate region conditions + if ($current_size_kb <= $max_region_kb && + $flags =~ /\bdd\b/) { + $candidate_sum_kb += $current_size_kb; + } + } +} + +close($sm); + +if ($candidate_sum_kb >= $buffer_pool_kb) { + print "Buffer pool not part of core dump.\n"; +} +else { + print "Buffer pool part of core dump.\n"; +} + +EOF diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/alter_algorithm.result mariadb-11.8.8/mysql-test/suite/innodb/r/alter_algorithm.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/alter_algorithm.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/alter_algorithm.result 2026-05-24 09:58:31.000000000 +0000 @@ -8,6 +8,12 @@ f5 INT as (f3) STORED, PRIMARY KEY(f1))ROW_FORMAT=COMPRESSED, ENGINE=INNODB; INSERT INTO t1(f1, f2, f3) VALUES(1, 1, 1); +CREATE TABLE t2(f1 INT PRIMARY KEY, f2 INT NOT NULL, +f3 INT AS (f2 * f2) VIRTUAL, +f4 INT NOT NULL UNIQUE, +f5 INT NOT NULL, +INDEX idx(f2))ENGINE=INNODB; +INSERT INTO t2(f1, f2, f4, f5) VALUES(1, 2, 3, 4); # All the following cases needs table rebuild # Add and Drop primary key ALTER TABLE t1 ADD COLUMN col1 INT NOT NULL,DROP PRIMARY KEY,ADD PRIMARY KEY(col1), ALGORITHM=COPY; @@ -44,18 +50,23 @@ ALTER TABLE t1 FORCE, ALGORITHM=DEFAULT; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 +ALTER TABLE t2 page_compressed=1, ALGORITHM=COPY; +affected rows: 1 +info: Records: 1 Duplicates: 0 Warnings: 0 DROP TABLE t1; affected rows: 0 +DROP TABLE t2; +affected rows: 0 CREATE TABLE t1(f1 INT PRIMARY KEY, f2 INT NOT NULL, f3 INT AS (f2 * f2) VIRTUAL, f4 INT NOT NULL UNIQUE, f5 INT NOT NULL, -INDEX idx(f2))ENGINE=INNODB; +INDEX idx(f2)) PAGE_COMPRESSED=1, ENGINE=INNODB; CREATE TABLE t2(f1 INT NOT NULL, f2 INT NOT NULL, INDEX(f1), FOREIGN KEY fidx(f1) REFERENCES t1(f1))ENGINE=INNODB; INSERT INTO t1(f1, f2, f4, f5) VALUES(1, 2, 3, 4); -ALTER TABLE t1 ADD INDEX idx1(f4), page_compressed=1, ALGORITHM=COPY; +ALTER TABLE t1 ADD INDEX idx1(f4), page_compression_level=7, ALGORITHM=COPY; affected rows: 1 info: Records: 1 Duplicates: 0 Warnings: 0 ALTER TABLE t1 DROP INDEX idx, page_compression_level=5, ALGORITHM=COPY; @@ -132,6 +143,12 @@ f5 INT as (f3) STORED, PRIMARY KEY(f1))ROW_FORMAT=COMPRESSED, ENGINE=INNODB; INSERT INTO t1(f1, f2, f3) VALUES(1, 1, 1); +CREATE TABLE t2(f1 INT PRIMARY KEY, f2 INT NOT NULL, +f3 INT AS (f2 * f2) VIRTUAL, +f4 INT NOT NULL UNIQUE, +f5 INT NOT NULL, +INDEX idx(f2))ENGINE=INNODB; +INSERT INTO t2(f1, f2, f4, f5) VALUES(1, 2, 3, 4); # All the following cases needs table rebuild # Add and Drop primary key ALTER TABLE t1 ADD COLUMN col1 INT NOT NULL,DROP PRIMARY KEY,ADD PRIMARY KEY(col1), ALGORITHM=INPLACE; @@ -168,18 +185,23 @@ ALTER TABLE t1 FORCE, ALGORITHM=DEFAULT; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 +ALTER TABLE t2 page_compressed=1, ALGORITHM=INPLACE; +affected rows: 0 +info: Records: 0 Duplicates: 0 Warnings: 0 DROP TABLE t1; affected rows: 0 +DROP TABLE t2; +affected rows: 0 CREATE TABLE t1(f1 INT PRIMARY KEY, f2 INT NOT NULL, f3 INT AS (f2 * f2) VIRTUAL, f4 INT NOT NULL UNIQUE, f5 INT NOT NULL, -INDEX idx(f2))ENGINE=INNODB; +INDEX idx(f2)) PAGE_COMPRESSED=1, ENGINE=INNODB; CREATE TABLE t2(f1 INT NOT NULL, f2 INT NOT NULL, INDEX(f1), FOREIGN KEY fidx(f1) REFERENCES t1(f1))ENGINE=INNODB; INSERT INTO t1(f1, f2, f4, f5) VALUES(1, 2, 3, 4); -ALTER TABLE t1 ADD INDEX idx1(f4), page_compressed=1, ALGORITHM=INPLACE; +ALTER TABLE t1 ADD INDEX idx1(f4), page_compression_level=7, ALGORITHM=INPLACE; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 ALTER TABLE t1 DROP INDEX idx, page_compression_level=5, ALGORITHM=INPLACE; @@ -255,6 +277,12 @@ f5 INT as (f3) STORED, PRIMARY KEY(f1))ROW_FORMAT=COMPRESSED, ENGINE=INNODB; INSERT INTO t1(f1, f2, f3) VALUES(1, 1, 1); +CREATE TABLE t2(f1 INT PRIMARY KEY, f2 INT NOT NULL, +f3 INT AS (f2 * f2) VIRTUAL, +f4 INT NOT NULL UNIQUE, +f5 INT NOT NULL, +INDEX idx(f2))ENGINE=INNODB; +INSERT INTO t2(f1, f2, f4, f5) VALUES(1, 2, 3, 4); # All the following cases needs table rebuild # Add and Drop primary key ALTER TABLE t1 ADD COLUMN col1 INT NOT NULL,DROP PRIMARY KEY,ADD PRIMARY KEY(col1), ALGORITHM=NOCOPY; @@ -283,18 +311,22 @@ ALTER TABLE t1 FORCE, ALGORITHM=DEFAULT; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 +ALTER TABLE t2 page_compressed=1, ALGORITHM=NOCOPY; +Got one of the listed errors DROP TABLE t1; affected rows: 0 +DROP TABLE t2; +affected rows: 0 CREATE TABLE t1(f1 INT PRIMARY KEY, f2 INT NOT NULL, f3 INT AS (f2 * f2) VIRTUAL, f4 INT NOT NULL UNIQUE, f5 INT NOT NULL, -INDEX idx(f2))ENGINE=INNODB; +INDEX idx(f2)) PAGE_COMPRESSED=1, ENGINE=INNODB; CREATE TABLE t2(f1 INT NOT NULL, f2 INT NOT NULL, INDEX(f1), FOREIGN KEY fidx(f1) REFERENCES t1(f1))ENGINE=INNODB; INSERT INTO t1(f1, f2, f4, f5) VALUES(1, 2, 3, 4); -ALTER TABLE t1 ADD INDEX idx1(f4), page_compressed=1, ALGORITHM=NOCOPY; +ALTER TABLE t1 ADD INDEX idx1(f4), page_compression_level=7, ALGORITHM=NOCOPY; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 ALTER TABLE t1 DROP INDEX idx, page_compression_level=5, ALGORITHM=NOCOPY; @@ -370,6 +402,12 @@ f5 INT as (f3) STORED, PRIMARY KEY(f1))ROW_FORMAT=COMPRESSED, ENGINE=INNODB; INSERT INTO t1(f1, f2, f3) VALUES(1, 1, 1); +CREATE TABLE t2(f1 INT PRIMARY KEY, f2 INT NOT NULL, +f3 INT AS (f2 * f2) VIRTUAL, +f4 INT NOT NULL UNIQUE, +f5 INT NOT NULL, +INDEX idx(f2))ENGINE=INNODB; +INSERT INTO t2(f1, f2, f4, f5) VALUES(1, 2, 3, 4); # All the following cases needs table rebuild # Add and Drop primary key ALTER TABLE t1 ADD COLUMN col1 INT NOT NULL,DROP PRIMARY KEY,ADD PRIMARY KEY(col1), ALGORITHM=INSTANT; @@ -398,18 +436,22 @@ ALTER TABLE t1 FORCE, ALGORITHM=DEFAULT; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 +ALTER TABLE t2 page_compressed=1, ALGORITHM=INSTANT; +Got one of the listed errors DROP TABLE t1; affected rows: 0 +DROP TABLE t2; +affected rows: 0 CREATE TABLE t1(f1 INT PRIMARY KEY, f2 INT NOT NULL, f3 INT AS (f2 * f2) VIRTUAL, f4 INT NOT NULL UNIQUE, f5 INT NOT NULL, -INDEX idx(f2))ENGINE=INNODB; +INDEX idx(f2)) PAGE_COMPRESSED=1, ENGINE=INNODB; CREATE TABLE t2(f1 INT NOT NULL, f2 INT NOT NULL, INDEX(f1), FOREIGN KEY fidx(f1) REFERENCES t1(f1))ENGINE=INNODB; INSERT INTO t1(f1, f2, f4, f5) VALUES(1, 2, 3, 4); -ALTER TABLE t1 ADD INDEX idx1(f4), page_compressed=1, ALGORITHM=INSTANT; +ALTER TABLE t1 ADD INDEX idx1(f4), page_compression_level=7, ALGORITHM=INSTANT; ERROR 0A000: ALGORITHM=INSTANT is not supported. Reason: ADD INDEX. Try ALGORITHM=NOCOPY ALTER TABLE t1 DROP INDEX idx, page_compression_level=5, ALGORITHM=INSTANT; ERROR 0A000: ALGORITHM=INSTANT is not supported. Reason: DROP INDEX. Try ALGORITHM=NOCOPY diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/alter_copy_bulk.result mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_bulk.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/alter_copy_bulk.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_bulk.result 2026-05-24 09:58:31.000000000 +0000 @@ -139,8 +139,7 @@ # CREATE TABLE t (a INT) ENGINE=InnoDB; START TRANSACTION; -SELECT * FROM t; -a +INSERT t VALUES (0),(1); SAVEPOINT A; select @@in_transaction; @@in_transaction @@ -149,8 +148,12 @@ ERROR 22003: Out of range value for column 'a' at row 1 select @@in_transaction; @@in_transaction -0 +1 ROLLBACK TO SAVEPOINT A; -ERROR 42000: SAVEPOINT A does not exist +COMMIT; +SELECT * FROM t; +a +0 +1 DROP TABLE t; # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/alter_copy_stats.result mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_stats.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/alter_copy_stats.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/alter_copy_stats.result 2026-05-24 09:58:31.000000000 +0000 @@ -106,10 +106,16 @@ # # MDEV-38667 Assertion in diagnostics area on DDL stats timeout # -set @lock_wait_timeout= @@global.innodb_lock_wait_timeout; -SET innodb_lock_wait_timeout = 1; CREATE TABLE t ENGINE=InnoDB AS SELECT * FROM mysql.innodb_table_stats; -Warnings: -Warning 1088 Error updating stats for table after table rebuild: Lock wait timeout -SET innodb_lock_wait_timeout = @lock_wait_timeout; DROP TABLE t; +# +# MDEV-38882 Assertion in diagnostics area on DDL stats +# +CREATE TABLE t1 (a INT) ENGINE=InnoDB; +CREATE TABLE t2 (pk INT PRIMARY KEY) ENGINE=InnoDB; +connect con1,localhost,root,,; +ALTER TABLE t1 NOWAIT FORCE, ALGORITHM=COPY;; +connection default; +ALTER TABLE t2 FORCE, ALGORITHM=COPY; +connection con1; +DROP TABLE t1, t2; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/alter_crash.result mariadb-11.8.8/mysql-test/suite/innodb/r/alter_crash.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/alter_crash.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/alter_crash.result 2026-05-24 09:58:31.000000000 +0000 @@ -243,3 +243,35 @@ 1 1 2 1 DROP TABLE t1; +# +# MDEV-38079 Crash recovery fails after ALTER TABLE…PAGE_COMPRESSED=1 +# +CREATE TABLE t1(a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=INSTANT; +ERROR 0A000: ALGORITHM=INSTANT is not supported. Reason: Changing table options requires the table to be rebuilt. Try ALGORITHM=INPLACE +DROP TABLE t1; +# +# MDEV-38928 Assertion undo_no <= 1 in reset_and_truncate_undo +# during ALTER IGNORE on temporary table +# +CREATE TEMPORARY TABLE t1 (f1 INT) ENGINE=INNODB; +INSERT INTO t1 (f1) VALUES (0),(0); +ALTER IGNORE TABLE t1 FORCE; +DROP TABLE t1; +# +# MDEV-38951 Assertion `0' upon ALTER IGNORE handling duplicate keys +# +CREATE TABLE t1(f1 INT)ENGINE=InnoDB; +INSERT INTO t1 VALUES(1), (1); +ALTER IGNORE TABLE t1 ADD UNIQUE(f1); +CHECK TABLE t1 EXTENDED; +Table Op Msg_type Msg_text +test.t1 check status OK +DROP TABLE t1; +# +# MDEV-38993 Assertion `trx->undo_no == 1' fails upon ALTER IGNORE +# +CREATE TABLE t (a INT) ENGINE=InnoDB; +INSERT INTO t VALUES (1),(2),(1),(2); +ALTER IGNORE TABLE t ADD UNIQUE(a); +DROP TABLE t; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/autoinc_import.result mariadb-11.8.8/mysql-test/suite/innodb/r/autoinc_import.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/autoinc_import.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/autoinc_import.result 2026-05-24 09:58:31.000000000 +0000 @@ -68,13 +68,13 @@ test.t1b check status OK test.t1t check status OK test.t1z check status OK -test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7 check status OK -test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7b check status OK -test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1 check status OK -test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1b check status OK CHECK TABLE t1, t1b, t1t, t1z, t5_7, t5_7b, t10_1, t10_1b FOR UPGRADE; Table Op Msg_type Msg_text @@ -82,13 +82,13 @@ test.t1b check status OK test.t1t check status OK test.t1z check status OK -test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7 check status OK -test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7b check status OK -test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1 check status OK -test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1b check status OK # restart: --innodb-read-only --read-only CHECK TABLE t1, t1b, t1t, t1z, t5_7, t5_7b, t10_1, t10_1b; @@ -97,13 +97,13 @@ test.t1b check status OK test.t1t check status OK test.t1z check status OK -test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7 check status OK -test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7b check status OK -test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1 check status OK -test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1b check status OK CHECK TABLE t1, t1b, t1t, t1z, t5_7, t5_7b, t10_1, t10_1b FOR UPGRADE; Table Op Msg_type Msg_text @@ -111,13 +111,13 @@ test.t1b check status OK test.t1t check status OK test.t1z check status OK -test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7 check status OK -test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t5_7b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t5_7b check status OK -test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1 check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1 check status OK -test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed +test.t10_1b check note Auto_increment will be checked on each open until CHECK TABLE FOR UPGRADE is executed when the server is not in a read-only state test.t10_1b check status OK # restart: --innodb-read-only CHECK TABLE t1, t1b, t1t, t1z, t5_7, t5_7b, t10_1, t10_1b; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/buffer_pool_in_core_dump.result mariadb-11.8.8/mysql-test/suite/innodb/r/buffer_pool_in_core_dump.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/buffer_pool_in_core_dump.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/buffer_pool_in_core_dump.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,31 @@ +set @old_innodb_buffer_pool_in_core_dump = @@innodb_buffer_pool_in_core_dump; +# +# Confirm innodb_buffer_pool_in_core_dump works +# +SELECT @@global.innodb_buffer_pool_in_core_dump; +@@global.innodb_buffer_pool_in_core_dump +0 +Buffer pool not part of core dump. +# +# Confirm dynamicity of innodb_buffer_pool_in_core_dump +# +SET GLOBAL innodb_buffer_pool_in_core_dump = ON; +Buffer pool part of core dump. +SET GLOBAL innodb_buffer_pool_in_core_dump = OFF; +Buffer pool not part of core dump. +SET GLOBAL innodb_buffer_pool_in_core_dump = ON; +Buffer pool part of core dump. +SET GLOBAL innodb_buffer_pool_in_core_dump = OFF; +Buffer pool not part of core dump. +# +# Confirm innodb_pool_in_core_dump works even +# after resizing of buffer pool. +# +set @old_innodb_buffer_pool_size = @@innodb_buffer_pool_size; +set global innodb_buffer_pool_size = 64*1024*1024; +Buffer pool not part of core dump. +set global innodb_buffer_pool_size = 96*1024*1024; +Buffer pool not part of core dump. +set global innodb_buffer_pool_size = @old_innodb_buffer_pool_size; +set global innodb_buffer_pool_in_core_dump = @old_innodb_buffer_pool_in_core_dump; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/foreign_key.result mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/foreign_key.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key.result 2026-05-24 09:58:31.000000000 +0000 @@ -258,6 +258,7 @@ CREATE TABLE t2 (b INT PRIMARY KEY, FOREIGN KEY fk1 (b) REFERENCES t1 (a)) ENGINE=InnoDB; ALTER TABLE t2 DROP FOREIGN KEY fk1, DROP FOREIGN KEY fk1; +ERROR 42000: Can't DROP FOREIGN KEY `fk1`; check that it exists DROP TABLE t2, t1; CREATE TABLE t1 (f VARCHAR(256)) ENGINE=InnoDB; SET SESSION FOREIGN_KEY_CHECKS = OFF; @@ -1204,6 +1205,36 @@ # restart ALTER TABLE t2 FORCE; DROP TABLE t2, t1, t3; +# +# MDEV-19194 ASAN use-after-poison in +# fk_prepare_copy_alter_table upon dropping FK +# +CREATE TABLE t1(f1 INT NOT NULL, KEY(f1))ENGINE=InnoDB; +CREATE TABLE t2(f1 INT NOT NULL, +FOREIGN KEY `f1`(f1) REFERENCES t1(f1))ENGINE=InnoDB; +ALTER TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f0, DROP FOREIGN KEY f0, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f0`; check that it exists +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f0, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f0`; check that it exists +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +Warnings: +Note 1091 Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER TABLE t2 DROP FOREIGN KEY f1, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +Warnings: +Note 1091 Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +ERROR 42000: Can't DROP FOREIGN KEY `f1`; check that it exists +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +Warnings: +Note 1091 Can't DROP FOREIGN KEY `f1`; check that it exists +Note 1091 Can't DROP FOREIGN KEY `f1`; check that it exists +DROP TABLE t2, t1; # End of 10.6 tests CREATE TABLE t1 ( diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/foreign_key_not_windows.result mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key_not_windows.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/foreign_key_not_windows.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/foreign_key_not_windows.result 2026-05-24 09:58:31.000000000 +0000 @@ -29,3 +29,14 @@ DROP TABLE u; DROP DATABASE `d255`; # End of 10.3 tests +# +# MDEV-24356 InnoDB: Failing assertion: len < sizeof(tmp_buff) +# in get_foreign_key_info +# +CREATE DATABASE `db_new..............................................end`; +USE `db_new..............................................end`; +SET STATEMENT foreign_key_checks=0 for +CREATE TABLE t1(f1 INT UNSIGNED,f2 INT UNSIGNED, +FOREIGN KEY (f2)REFERENCES t2 (f1))ENGINE=InnoDB; +ALTER TABLE t1 FORCE; +DROP DATABASE `db_new..............................................end`; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/import_cfg_corrupt.result mariadb-11.8.8/mysql-test/suite/innodb/r/import_cfg_corrupt.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/import_cfg_corrupt.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/import_cfg_corrupt.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,71 @@ +# +# MDEV-39278 Validate .cfg file parser string lengths +# +# Test that IMPORT TABLESPACE rejects .cfg files with +# invalid string lengths in the metadata header. +# +call mtr.add_suppression("InnoDB: Importing tablespace for table `test`\\.`t1`"); +call mtr.add_suppression("Index for table 't1' is corrupt; try to repair it"); +call mtr.add_suppression("InnoDB: Discarding tablespace of table `test`\\.`t1`"); +# Export a valid .ibd/.cfg pair to reuse across tests. +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +INSERT INTO t1 VALUES (1), (2), (3); +FLUSH TABLES t1 FOR EXPORT; +UNLOCK TABLES; +DROP TABLE t1; +# +# Test 1: Corrupt hostname length in .cfg +# .cfg format: [4 bytes version][4 bytes hostname_len]... +# Patch offset 4 to 0x00001000 (4096), exceeding +# HOSTNAME_LENGTH + 1 (256). +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg hostname length. +DROP TABLE t1; +# +# Test 2: Zero hostname length in .cfg +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg hostname length. +DROP TABLE t1; +# +# Test 3: Table name length zero in .cfg +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg table name length. +DROP TABLE t1; +# +# Test 4: Hostname length just over limit (257) +# HOSTNAME_LENGTH + 1 = 256 is the max valid value. +# 257 should be rejected. +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg hostname length. +DROP TABLE t1; +# +# Test 5: Hostname length 0xFFFFFFFF (max uint32) +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg hostname length. +DROP TABLE t1; +# +# Test 6: Corrupt table name length in .cfg +# The table name length field follows the hostname string. +# We need to find and patch it dynamically. +# +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; +ALTER TABLE t1 IMPORT TABLESPACE; +ERROR HY000: IO Read error: (0, Invalid argument) while reading .cfg table name length. +DROP TABLE t1; +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/innodb.result mariadb-11.8.8/mysql-test/suite/innodb/r/innodb.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/innodb.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/innodb.result 2026-05-24 09:58:31.000000000 +0000 @@ -1862,10 +1862,7 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref v v 13 const # Using where; Using index alter table t1 add unique(v); -ERROR 23000: Duplicate entry '{ ' for key 'v_2' -show warnings; -Level Code Message -Error 1062 Duplicate entry 'v' for key 'v_2' +ERROR 23000: Duplicate entry 'v' for key 'v_2' alter table t1 add key(v); Warnings: Note 1831 Duplicate index `v_2`. This is deprecated and will be disallowed in a future release diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/innodb_ctype_ldml.result mariadb-11.8.8/mysql-test/suite/innodb/r/innodb_ctype_ldml.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/innodb_ctype_ldml.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/innodb_ctype_ldml.result 2026-05-24 09:58:31.000000000 +0000 @@ -474,8 +474,8 @@ SELECT hex(weight_string(_utf8mb4'a' collate utf8mb4_test_400_ci)); hex(weight_string(_utf8mb4'a' collate utf8mb4_test_400_ci)) 0E33 -SELECT hex(weight_string(convert(_utf32 0x10002 using utf8mb4) collate utf8mb4_test_400_ci)); -hex(weight_string(convert(_utf32 0x10002 using utf8mb4) collate utf8mb4_test_400_ci)) +SELECT hex(weight_string(convert(_utf32 0x10002 using utf8mb4) collate utf8mb4_test_400_ci)) AS hex_ws; +hex_ws FFFD SELECT hex(@a:=convert(_utf32 0x10400 using utf8mb4) collate utf8mb4_test_400_ci), hex(lower(@a)); hex(@a:=convert(_utf32 0x10400 using utf8mb4) collate utf8mb4_test_400_ci) hex(lower(@a)) @@ -951,9 +951,9 @@ 15D3 09B809CD E0A6B8E0A78D 15D4 09B909CD E0A6B9E0A78D SELECT HEX(WEIGHT_STRING(a)) as wa, -GROUP_CONCAT(HEX(CONVERT(a USING ucs2)) ORDER BY LENGTH(a), BINARY a) +GROUP_CONCAT(HEX(CONVERT(a USING ucs2)) ORDER BY LENGTH(a), BINARY a) AS gc FROM t1 GROUP BY a ORDER BY a; -wa GROUP_CONCAT(HEX(CONVERT(a USING ucs2)) ORDER BY LENGTH(a), BINARY a) +wa gc 15A2 0985 15A3 0986 15A4 0987 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/lock_isolation.result mariadb-11.8.8/mysql-test/suite/innodb/r/lock_isolation.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/lock_isolation.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/lock_isolation.result 2026-05-24 09:58:31.000000000 +0000 @@ -32,7 +32,7 @@ COMMIT; connection consistent; UPDATE t SET b=3; -ERROR HY000: Record has changed since last read in table 't' +ERROR HY000: Record has changed since last read in table 't'; try restarting transaction SELECT * FROM t; a b 1 1 @@ -148,7 +148,7 @@ connection consistent; SAVEPOINT sp1; SELECT * FROM t FORCE INDEX (b) FOR UPDATE; -ERROR HY000: Record has changed since last read in table 't' +ERROR HY000: Record has changed since last read in table 't'; try restarting transaction SAVEPOINT sp1; connection default; BEGIN; @@ -197,7 +197,7 @@ SET DEBUG_SYNC="now WAIT_FOR select_blocked"; COMMIT; connection consistent; -ERROR HY000: Record has changed since last read in table 't' +ERROR HY000: Record has changed since last read in table 't'; try restarting transaction # Case 2: Transaction A modifies a record, transaction B with snapshot # isolation level is blocked by A, then A is rolled back. # Expected behaviour: B continues execution. @@ -229,7 +229,7 @@ UPDATE t SET b=4 WHERE a=1; connection consistent; SELECT * FROM t WHERE a=1 FOR UPDATE; -ERROR HY000: Record has changed since last read in table 't' +ERROR HY000: Record has changed since last read in table 't'; try restarting transaction disconnect disable_purging; connection default; SET DEBUG_SYNC="RESET"; @@ -255,7 +255,7 @@ COMMIT; connection consistent; SELECT * FROM t1; -ERROR HY000: Record has changed since last read in table 't1' +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction COMMIT; connection default; BEGIN; @@ -279,9 +279,8 @@ disconnect con_weird; connection consistent; SELECT * FROM t1; -ERROR HY000: Record has changed since last read in table 't1' +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction COMMIT; -disconnect consistent; connection default; DROP TABLE t1,t2; # @@ -293,4 +292,25 @@ a DROP TABLE t1; SET SESSION TRANSACTION ISOLATION LEVEL REPEATABLE READ; +# +# MDEV-39263 Lost update despite innodb_snapshot_isolation +# +CREATE TABLE t1 (f1 INT PRIMARY KEY, val TEXT) ENGINE=InnoDB; +connection consistent; +START TRANSACTION WITH CONSISTENT SNAPSHOT; +SELECT * FROM t1 WHERE f1 = 1; +f1 val +connection default; +SET DEBUG_SYNC="trx_after_commit_state SIGNAL committed WAIT_FOR cleanup"; +SET STATEMENT innodb_lock_wait_timeout=3 FOR INSERT INTO t1 VALUES(1,'6'); +connection consistent; +SET DEBUG_SYNC="now WAIT_FOR committed"; +SET STATEMENT innodb_lock_wait_timeout=3 FOR +UPDATE t1 SET val = CONCAT(val, ',', '3') WHERE f1 = 1; +ERROR HY000: Record has changed since last read in table 't1'; try restarting transaction +SET DEBUG_SYNC="now SIGNAL cleanup"; +disconnect consistent; +connection default; +SET DEBUG_SYNC="RESET"; +DROP TABLE t1; # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/log_corruption_recovery.result mariadb-11.8.8/mysql-test/suite/innodb/r/log_corruption_recovery.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/log_corruption_recovery.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/log_corruption_recovery.result 2026-05-24 09:58:31.000000000 +0000 @@ -5,7 +5,7 @@ call mtr.add_suppression("InnoDB: Set innodb_force_recovery=1"); call mtr.add_suppression("InnoDB: Cannot apply log to \\[page id: space=127, page number=0\\] of corrupted file '.*test/t\\.ibd"); call mtr.add_suppression("(InnoDB: Plugin|Plugin 'InnoDB')"); -call mtr.add_suppression("InnoDB: Page .* Current system log sequence number 12(3(38|54|70|86)|4(02|18|34|50|66|82|98))"); +call mtr.add_suppression("InnoDB: Page .* Current system log sequence number 123(38|54)"); SET GLOBAL innodb_fast_shutdown=0; # restart SELECT * FROM INFORMATION_SCHEMA.ENGINES diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/log_file_size,release.rdiff mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size,release.rdiff --- mariadb-11.8.6/mysql-test/suite/innodb/r/log_file_size,release.rdiff 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size,release.rdiff 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,37 @@ +--- log_file_size.result ++++ log_file_size,release.result +@@ -21,8 +21,6 @@ + 42 + INSERT INTO t1 VALUES (0),(123); + BEGIN; +-SET GLOBAL innodb_limit_optimistic_insert_debug=2; +-INSERT INTO t1 VALUES (124),(125),(126),(127),(128),(129); + DELETE FROM t1 WHERE a>0; + # Persist the state of the above incomplete transaction by + # causing a redo log write for another transaction. +@@ -36,19 +34,6 @@ + SELECT * FROM t1; + ERROR 42000: Unknown storage engine 'InnoDB' + FOUND 1 /syntax error in innodb_log_group_home_dir/ in mysqld.1.err +-# restart: --debug-dbug=d,innodb_log_abort_1 +-SELECT * FROM t1; +-ERROR 42000: Unknown storage engine 'InnoDB' +-FOUND 1 /InnoDB: Starting crash recovery from checkpoint LSN=.*/ in mysqld.1.err +-# restart: --innodb-log-file-size=5M +-SELECT * FROM t1; +-a +-42 +-123 +-# restart: --debug-dbug=d,innodb_log_abort_5 +-SELECT * FROM t1; +-ERROR 42000: Unknown storage engine 'InnoDB' +-FOUND 1 /redo log from 5\.000MiB to [0-9.]*[KMGT]iB/ in mysqld.1.err + # restart + SELECT * FROM t1; + a +@@ -70,4 +55,4 @@ + 42 + 123 + DROP TABLE t1; +-FOUND 2 /InnoDB: Resizing redo log from 5\.000MiB to [0-9.]*[KMGT]iB; LSN=\d+\b/ in mysqld.1.err ++FOUND 1 /InnoDB: Resizing redo log from 5\.000MiB to [0-9.]*[KMGT]iB; LSN=\d+\b/ in mysqld.1.err diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/log_file_size.result mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/log_file_size.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/log_file_size.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,3 +1,6 @@ +SET GLOBAL innodb_file_per_table=0; +Warnings: +Warning 1287 '@@innodb_file_per_table' is deprecated and will be removed in a future release CREATE TABLE t1(a INT PRIMARY KEY) ENGINE=InnoDB; # restart: --innodb-log-file-size=4m CHECK TABLE t1; @@ -18,6 +21,8 @@ 42 INSERT INTO t1 VALUES (0),(123); BEGIN; +SET GLOBAL innodb_limit_optimistic_insert_debug=2; +INSERT INTO t1 VALUES (124),(125),(126),(127),(128),(129); DELETE FROM t1 WHERE a>0; # Persist the state of the above incomplete transaction by # causing a redo log write for another transaction. @@ -35,18 +40,20 @@ SELECT * FROM t1; ERROR 42000: Unknown storage engine 'InnoDB' FOUND 1 /InnoDB: Starting crash recovery from checkpoint LSN=.*/ in mysqld.1.err -# restart: --innodb-read-only +# restart: --innodb-log-file-size=5M SELECT * FROM t1; -ERROR 42000: Unknown storage engine 'InnoDB' -FOUND 1 /InnoDB: innodb_read_only prevents crash recovery/ in mysqld.1.err +a +42 +123 # restart: --debug-dbug=d,innodb_log_abort_5 SELECT * FROM t1; ERROR 42000: Unknown storage engine 'InnoDB' FOUND 1 /redo log from 5\.000MiB to [0-9.]*[KMGT]iB/ in mysqld.1.err -# restart: --innodb-read-only +# restart SELECT * FROM t1; -ERROR 42000: Unknown storage engine 'InnoDB' -FOUND 2 /InnoDB: innodb_read_only prevents crash recovery/ in mysqld.1.err +a +42 +123 # restart SELECT * FROM t1; ERROR 42000: Unknown storage engine 'InnoDB' diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/mem_pressure,32bit.rdiff mariadb-11.8.8/mysql-test/suite/innodb/r/mem_pressure,32bit.rdiff --- mariadb-11.8.6/mysql-test/suite/innodb/r/mem_pressure,32bit.rdiff 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/mem_pressure,32bit.rdiff 2026-05-24 09:58:31.000000000 +0000 @@ -6,6 +6,6 @@ @@GLOBAL.innodb_buffer_pool_size @@GLOBAL.innodb_buffer_pool_size_auto_min @@GLOBAL.innodb_buffer_pool_size_max -17825792 16777216 25165824 +17825792 16777216 18874368 - CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; + CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB CHARSET=latin1; SET GLOBAL innodb_limit_optimistic_insert_debug=2; SET STATEMENT unique_checks=0, foreign_key_checks=0 FOR diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/snapshot_isolation_race.result mariadb-11.8.8/mysql-test/suite/innodb/r/snapshot_isolation_race.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/snapshot_isolation_race.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/snapshot_isolation_race.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,37 @@ +# +# MDEV-39263 Lost update despite innodb_snapshot_isolation +# +CREATE TABLE si_log(seq SERIAL, val INT UNSIGNED) +ENGINE=InnoDB STATS_PERSISTENT=0; +CREATE TABLE si_counter(val INT UNSIGNED) ENGINE=InnoDB STATS_PERSISTENT=0; +INSERT INTO si_counter VALUES(0); +CREATE PROCEDURE step() +BEGIN NOT ATOMIC +DECLARE EXIT HANDLER FOR 1020, 1213, 1205 BEGIN ROLLBACK; END; +START TRANSACTION WITH CONSISTENT SNAPSHOT; +SELECT val INTO @val FROM si_counter; +UPDATE si_counter SET val=@val+1; +INSERT INTO si_log (val) VALUES (@val); +DO SLEEP(0.0001); +COMMIT; +END| +CREATE PROCEDURE test(c INT UNSIGNED) +BEGIN +WHILE c DO +SET c=c-1; +call step(); +START TRANSACTION; +SELECT COUNT(*) INTO @count FROM si_log; +SELECT SUM(val) INTO @sum FROM si_counter; +COMMIT; +IF (@count != @sum) THEN shutdown; END IF; +END WHILE; +END| +connect stop_purge,localhost,root; +START TRANSACTION WITH CONSISTENT SNAPSHOT; +connection default; +SET innodb_snapshot_isolation=ON; +disconnect stop_purge; +DROP TABLE si_log, si_counter; +DROP PROCEDURE test; +DROP PROCEDURE step; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/stat_tables.result mariadb-11.8.8/mysql-test/suite/innodb/r/stat_tables.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/stat_tables.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/stat_tables.result 2026-05-24 09:58:31.000000000 +0000 @@ -111,3 +111,16 @@ test.t1 analyze status OK DROP TABLE t1; # End of 10.11 tests +# +# MDEV-38832 Assertion `!commit_lsn' failed in void trx_t::free() +# +CREATE DATABASE test_1; +CREATE TABLE test_1.t1(f1 INT NOT NULL)Engine=InnoDB; +SET @old_stats=@@global.innodb_stats_persistent; +SET @flush_log_at_commit=@@global.innodb_flush_log_at_trx_commit; +SET GLOBAL innodb_stats_persistent=OFF; +SET GLOBAL innodb_flush_log_at_trx_commit=0; +DROP TABLE test_1.t1; +DROP DATABASE test_1; +SET GLOBAL innodb_stats_persistent=@old_stats; +SET GLOBAL innodb_flush_log_at_trx_commit=@flush_log_at_commit; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/sys_defragment_fail.result mariadb-11.8.8/mysql-test/suite/innodb/r/sys_defragment_fail.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/sys_defragment_fail.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/sys_defragment_fail.result 2026-05-24 09:58:31.000000000 +0000 @@ -18,7 +18,6 @@ InnoDB 0 transactions not purged # restart FOUND 1 /InnoDB: Found unexpected table in system tablespace: test\/t1/ in mysqld.1.err -FOUND 1 /InnoDB: Unexpected table exists in the system tablespace/ in mysqld.1.err DROP TABLE t1; InnoDB 0 transactions not purged # restart: --debug_dbug=+d,fail_after_level_defragment diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/sys_truncate_debug.result mariadb-11.8.8/mysql-test/suite/innodb/r/sys_truncate_debug.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/sys_truncate_debug.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/sys_truncate_debug.result 2026-05-24 09:58:31.000000000 +0000 @@ -54,3 +54,42 @@ SELECT NAME, FILE_SIZE FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE SPACE=0; NAME FILE_SIZE innodb_system 3145728 +# +# MDEV-38412 System tablespace fails to shrink due to legacy tables +# +# restart: --innodb-data-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb-log-group-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb_undo_directory=MYSQLTEST_VARDIR/tmp/old_datadir --debug_dbug=d,create_sys_tablespaces +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_TABLES WHERE SPACE= 0; +NAME +SYS_FOREIGN +SYS_FOREIGN_COLS +SYS_TABLESPACES +SYS_VIRTUAL +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_INDEXES WHERE SPACE=0 AND NAME LIKE 'DUMMY_IND%'; +NAME +DUMMY_IND +DUMMY_IND_1 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_FIELDS WHERE NAME LIKE 'DUMMY_ID%'; +NAME +DUMMY_ID +DUMMY_ID_1 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_COLUMNS WHERE NAME LIKE 'DUMMY_ID%'; +NAME +DUMMY_ID +DUMMY_ID_1 +# restart: --innodb-data-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb-log-group-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb_undo_directory=MYSQLTEST_VARDIR/tmp/old_datadir --innodb_data_file_path=ibdata1:10M:autoextend:autoshrink --innodb_fast_shutdown=0 +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_TABLES WHERE SPACE= 0; +NAME +SYS_FOREIGN +SYS_FOREIGN_COLS +SYS_VIRTUAL +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_INDEXES WHERE SPACE=0 AND NAME LIKE 'DUMMY_IND%'; +NAME +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_FIELDS WHERE NAME LIKE 'DUMMY_ID%'; +NAME +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_COLUMNS WHERE NAME LIKE 'DUMMY_ID%'; +NAME +FOUND 1 /InnoDB: Found an unknown table SYS_TABLESPACES/ in mysqld.1.err +FOUND 1 /InnoDB: Found orphaned index for table_id .*/ in mysqld.1.err +FOUND 1 /InnoDB: Dropping 2 orphaned table/ in mysqld.1.err +# restart: --innodb-data-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb-log-group-home-dir=MYSQLTEST_VARDIR/tmp/old_datadir --innodb_undo_directory=MYSQLTEST_VARDIR/tmp/old_datadir --innodb_data_file_path=ibdata1:10M:autoextend:autoshrink +# restart diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/table_flags.result mariadb-11.8.8/mysql-test/suite/innodb/r/table_flags.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/table_flags.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/table_flags.result 2026-05-24 09:58:31.000000000 +0000 @@ -187,13 +187,16 @@ # restart DROP TABLE t1; # -# MDEV-34222 Alter operation on redundant table aborts the server +# MDEV-38079 Crash recovery fails after ALTER TABLE…PAGE_COMPRESSED=1 # SET @df_row = @@global.INNODB_DEFAULT_ROW_FORMAT; SET GLOBAL INNODB_DEFAULT_ROW_FORMAT=REDUNDANT; CREATE TABLE t1 (c CHAR(1)) ENGINE=InnoDB; +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=INPLACE; +ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'PAGE_COMPRESSED' +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=COPY; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") SET GLOBAL INNODB_DEFAULT_ROW_FORMAT=compact; -ALTER TABLE t1 PAGE_COMPRESSED=1; -ERROR HY000: Table storage engine 'InnoDB' does not support the create option 'PAGE_COMPRESSED=1 ROW_FORMAT=REDUNDANT' +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=COPY; DROP TABLE t1; SET @@global.INNODB_DEFAULT_ROW_FORMAT = @df_row; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/undo_upgrade_debug.result mariadb-11.8.8/mysql-test/suite/innodb/r/undo_upgrade_debug.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/undo_upgrade_debug.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/undo_upgrade_debug.result 2026-05-24 09:58:31.000000000 +0000 @@ -27,16 +27,12 @@ undo001 undo002 undo003 -# case 4: Abort after re-creating new undo tablespaces -# restart: --innodb_undo_tablespaces=4 --debug_dbug=+d,after_reinit_undo_abort # restart: --innodb_undo_tablespaces=4 # Should list 4 undo log tablespaces undo001 undo002 undo003 undo004 -# case 5: Abort after re-creating new undo tablespaces successfully -# restart: --innodb_undo_tablespaces=2 --debug_dbug=+d,after_reinit_undo_success # restart: --innodb_undo_tablespaces=2 # Should list 2 undo log tablespaces undo001 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/r/xa_recovery.result mariadb-11.8.8/mysql-test/suite/innodb/r/xa_recovery.result --- mariadb-11.8.6/mysql-test/suite/innodb/r/xa_recovery.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/r/xa_recovery.result 2026-05-24 09:58:31.000000000 +0000 @@ -16,6 +16,7 @@ disconnect con1; disconnect con2; connect con1,localhost,root; +SET STATEMENT innodb_lock_wait_timeout=1 FOR # work around MDEV-38741 SELECT * FROM t1 LOCK IN SHARE MODE; connection default; SET innodb_lock_wait_timeout=1; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/alter_algorithm.inc mariadb-11.8.8/mysql-test/suite/innodb/t/alter_algorithm.inc --- mariadb-11.8.6/mysql-test/suite/innodb/t/alter_algorithm.inc 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/alter_algorithm.inc 2026-05-24 09:58:31.000000000 +0000 @@ -21,6 +21,13 @@ PRIMARY KEY(f1))ROW_FORMAT=COMPRESSED, ENGINE=INNODB; INSERT INTO t1(f1, f2, f3) VALUES(1, 1, 1); +CREATE TABLE t2(f1 INT PRIMARY KEY, f2 INT NOT NULL, + f3 INT AS (f2 * f2) VIRTUAL, + f4 INT NOT NULL UNIQUE, + f5 INT NOT NULL, + INDEX idx(f2))ENGINE=INNODB; +INSERT INTO t2(f1, f2, f4, f5) VALUES(1, 2, 3, 4); + --enable_info --echo # All the following cases needs table rebuild @@ -58,7 +65,11 @@ ALTER TABLE t1 FORCE, ALGORITHM=DEFAULT; +--error $error_code +eval ALTER TABLE t2 page_compressed=1, ALGORITHM=$alter_algorithm; + DROP TABLE t1; +DROP TABLE t2; --disable_info if ($algorithm == "NOCOPY") { @@ -73,7 +84,7 @@ f3 INT AS (f2 * f2) VIRTUAL, f4 INT NOT NULL UNIQUE, f5 INT NOT NULL, - INDEX idx(f2))ENGINE=INNODB; + INDEX idx(f2)) PAGE_COMPRESSED=1, ENGINE=INNODB; CREATE TABLE t2(f1 INT NOT NULL, f2 INT NOT NULL, INDEX(f1), @@ -83,7 +94,7 @@ --enable_info --error $error_code ---eval ALTER TABLE t1 ADD INDEX idx1(f4), page_compressed=1, ALGORITHM=$alter_algorithm +--eval ALTER TABLE t1 ADD INDEX idx1(f4), page_compression_level=7, ALGORITHM=$alter_algorithm --error $error_code --eval ALTER TABLE t1 DROP INDEX idx, page_compression_level=5, ALGORITHM=$alter_algorithm diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/alter_copy_bulk.test mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_bulk.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/alter_copy_bulk.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_bulk.test 2026-05-24 09:58:31.000000000 +0000 @@ -148,14 +148,15 @@ --echo # CREATE TABLE t (a INT) ENGINE=InnoDB; START TRANSACTION; -SELECT * FROM t; +INSERT t VALUES (0),(1); SAVEPOINT A; select @@in_transaction; --error ER_WARN_DATA_OUT_OF_RANGE CREATE TEMPORARY TABLE tmp (a TINYINT) ENGINE=InnoDB AS SELECT 256 AS a; select @@in_transaction; ---error ER_SP_DOES_NOT_EXIST ROLLBACK TO SAVEPOINT A; +COMMIT; +SELECT * FROM t; DROP TABLE t; --echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/alter_copy_stats.test mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_stats.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/alter_copy_stats.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/alter_copy_stats.test 2026-05-24 09:58:31.000000000 +0000 @@ -92,8 +92,21 @@ --echo # --echo # MDEV-38667 Assertion in diagnostics area on DDL stats timeout --echo # -set @lock_wait_timeout= @@global.innodb_lock_wait_timeout; -SET innodb_lock_wait_timeout = 1; CREATE TABLE t ENGINE=InnoDB AS SELECT * FROM mysql.innodb_table_stats; -SET innodb_lock_wait_timeout = @lock_wait_timeout; DROP TABLE t; + +--echo # +--echo # MDEV-38882 Assertion in diagnostics area on DDL stats +--echo # +CREATE TABLE t1 (a INT) ENGINE=InnoDB; +CREATE TABLE t2 (pk INT PRIMARY KEY) ENGINE=InnoDB; +--connect (con1,localhost,root,,) +--send ALTER TABLE t1 NOWAIT FORCE, ALGORITHM=COPY; +--connection default +ALTER TABLE t2 FORCE, ALGORITHM=COPY; +--disable_warnings +--connection con1 +--error 0,ER_LOCK_WAIT_TIMEOUT +--reap +--enable_warnings +DROP TABLE t1, t2; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/alter_crash.test mariadb-11.8.8/mysql-test/suite/innodb/t/alter_crash.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/alter_crash.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/alter_crash.test 2026-05-24 09:58:31.000000000 +0000 @@ -241,3 +241,37 @@ SHOW CREATE TABLE t1; SELECT * FROM t1; DROP TABLE t1; + +--echo # +--echo # MDEV-38079 Crash recovery fails after ALTER TABLE…PAGE_COMPRESSED=1 +--echo # +CREATE TABLE t1(a INT PRIMARY KEY) ENGINE=InnoDB; +--error ER_ALTER_OPERATION_NOT_SUPPORTED_REASON +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=INSTANT; +DROP TABLE t1; + +--echo # +--echo # MDEV-38928 Assertion undo_no <= 1 in reset_and_truncate_undo +--echo # during ALTER IGNORE on temporary table +--echo # +CREATE TEMPORARY TABLE t1 (f1 INT) ENGINE=INNODB; +INSERT INTO t1 (f1) VALUES (0),(0); +ALTER IGNORE TABLE t1 FORCE; +DROP TABLE t1; + +--echo # +--echo # MDEV-38951 Assertion `0' upon ALTER IGNORE handling duplicate keys +--echo # +CREATE TABLE t1(f1 INT)ENGINE=InnoDB; +INSERT INTO t1 VALUES(1), (1); +ALTER IGNORE TABLE t1 ADD UNIQUE(f1); +CHECK TABLE t1 EXTENDED; +DROP TABLE t1; + +--echo # +--echo # MDEV-38993 Assertion `trx->undo_no == 1' fails upon ALTER IGNORE +--echo # +CREATE TABLE t (a INT) ENGINE=InnoDB; +INSERT INTO t VALUES (1),(2),(1),(2); +ALTER IGNORE TABLE t ADD UNIQUE(a); +DROP TABLE t; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.opt mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.opt --- mariadb-11.8.6/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.opt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.opt 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,2 @@ +--loose-skip-innodb-buffer-pool-in-core-dump +--innodb-buffer-pool-size=128M diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.test mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/buffer_pool_in_core_dump.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,56 @@ +# +# MDEV-22186 : Add innodb_buffer_pool_in_core_dump option to trim buffer pool from core file +# + +--source include/not_windows.inc +--source include/linux.inc +--source include/have_innodb.inc +--source include/not_valgrind.inc +--source include/not_embedded.inc + +# Disable test on sanitizer builds (MSAN and ASAN) because sanitizers +# introduce additional VMAs marked with the `dd` (VM_DONTDUMP) flag +# in /proc//smaps, which breaks the assumptions in +# include/check_core_dump_trim.inc. +--source include/not_msan.inc +--source include/not_asan.inc + +set @old_innodb_buffer_pool_in_core_dump = @@innodb_buffer_pool_in_core_dump; + +--echo # +--echo # Confirm innodb_buffer_pool_in_core_dump works +--echo # +SELECT @@global.innodb_buffer_pool_in_core_dump; +--source include/check_core_dump_trim.inc + +--echo # +--echo # Confirm dynamicity of innodb_buffer_pool_in_core_dump +--echo # +SET GLOBAL innodb_buffer_pool_in_core_dump = ON; +--source include/check_core_dump_trim.inc + +SET GLOBAL innodb_buffer_pool_in_core_dump = OFF; +--source include/check_core_dump_trim.inc + +SET GLOBAL innodb_buffer_pool_in_core_dump = ON; +--source include/check_core_dump_trim.inc + +SET GLOBAL innodb_buffer_pool_in_core_dump = OFF; +--source include/check_core_dump_trim.inc + +--echo # +--echo # Confirm innodb_pool_in_core_dump works even +--echo # after resizing of buffer pool. +--echo # + +set @old_innodb_buffer_pool_size = @@innodb_buffer_pool_size; + +set global innodb_buffer_pool_size = 64*1024*1024; +--source include/check_core_dump_trim.inc + +set global innodb_buffer_pool_size = 96*1024*1024; +--source include/check_core_dump_trim.inc + +set global innodb_buffer_pool_size = @old_innodb_buffer_pool_size; +set global innodb_buffer_pool_in_core_dump = @old_innodb_buffer_pool_in_core_dump; +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/foreign_key.test mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/foreign_key.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key.test 2026-05-24 09:58:31.000000000 +0000 @@ -256,6 +256,7 @@ CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; CREATE TABLE t2 (b INT PRIMARY KEY, FOREIGN KEY fk1 (b) REFERENCES t1 (a)) ENGINE=InnoDB; +--error ER_CANT_DROP_FIELD_OR_KEY ALTER TABLE t2 DROP FOREIGN KEY fk1, DROP FOREIGN KEY fk1; DROP TABLE t2, t1; @@ -1271,6 +1272,30 @@ ALTER TABLE t2 FORCE; DROP TABLE t2, t1, t3; +--echo # +--echo # MDEV-19194 ASAN use-after-poison in +--echo # fk_prepare_copy_alter_table upon dropping FK +--echo # +CREATE TABLE t1(f1 INT NOT NULL, KEY(f1))ENGINE=InnoDB; +CREATE TABLE t2(f1 INT NOT NULL, + FOREIGN KEY `f1`(f1) REFERENCES t1(f1))ENGINE=InnoDB; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f0, DROP FOREIGN KEY f0, ALGORITHM=COPY; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f0, ALGORITHM=COPY; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +ALTER IGNORE TABLE t2 DROP FOREIGN KEY f1, DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER TABLE t2 DROP FOREIGN KEY f1, ALGORITHM=COPY; +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +--error ER_CANT_DROP_FIELD_OR_KEY +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, DROP FOREIGN KEY f1, ALGORITHM=COPY; +ALTER TABLE t2 DROP FOREIGN KEY IF EXISTS f1, DROP FOREIGN KEY IF EXISTS f1, ALGORITHM=COPY; +DROP TABLE t2, t1; + --echo # End of 10.6 tests CREATE TABLE t1 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/foreign_key_not_windows.test mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key_not_windows.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/foreign_key_not_windows.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/foreign_key_not_windows.test 2026-05-24 09:58:31.000000000 +0000 @@ -75,3 +75,15 @@ eval DROP DATABASE `$d255`; --echo # End of 10.3 tests + +--echo # +--echo # MDEV-24356 InnoDB: Failing assertion: len < sizeof(tmp_buff) +--echo # in get_foreign_key_info +--echo # +CREATE DATABASE `db_new..............................................end`; +USE `db_new..............................................end`; +SET STATEMENT foreign_key_checks=0 for +CREATE TABLE t1(f1 INT UNSIGNED,f2 INT UNSIGNED, + FOREIGN KEY (f2)REFERENCES t2 (f1))ENGINE=InnoDB; +ALTER TABLE t1 FORCE; +DROP DATABASE `db_new..............................................end`; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/import_cfg_corrupt.test mariadb-11.8.8/mysql-test/suite/innodb/t/import_cfg_corrupt.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/import_cfg_corrupt.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/import_cfg_corrupt.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,220 @@ +--source include/have_innodb.inc + +--echo # +--echo # MDEV-39278 Validate .cfg file parser string lengths +--echo # +--echo # Test that IMPORT TABLESPACE rejects .cfg files with +--echo # invalid string lengths in the metadata header. +--echo # + +call mtr.add_suppression("InnoDB: Importing tablespace for table `test`\\.`t1`"); +call mtr.add_suppression("Index for table 't1' is corrupt; try to repair it"); +call mtr.add_suppression("InnoDB: Discarding tablespace of table `test`\\.`t1`"); + +let MYSQLD_DATADIR = `SELECT @@datadir`; + +--echo # Export a valid .ibd/.cfg pair to reuse across tests. + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +INSERT INTO t1 VALUES (1), (2), (3); + +FLUSH TABLES t1 FOR EXPORT; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd $MYSQLD_DATADIR/test/t1.ibd.bak +--copy_file $MYSQLD_DATADIR/test/t1.cfg $MYSQLD_DATADIR/test/t1.cfg.bak + +UNLOCK TABLES; +DROP TABLE t1; + +--echo # +--echo # Test 1: Corrupt hostname length in .cfg +--echo # .cfg format: [4 bytes version][4 bytes hostname_len]... +--echo # Patch offset 4 to 0x00001000 (4096), exceeding +--echo # HOSTNAME_LENGTH + 1 (256). +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +seek(FILE, 4, 0) or die "Cannot seek: $!"; +# Write 0x00001000 (4096) in big-endian +print FILE pack("N", 4096); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--echo # +--echo # Test 2: Zero hostname length in .cfg +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +seek(FILE, 4, 0) or die "Cannot seek: $!"; +# Write 0 in big-endian +print FILE pack("N", 0); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--echo # +--echo # Test 3: Table name length zero in .cfg +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +# Read hostname length at offset 4 +seek(FILE, 4, 0) or die "Cannot seek: $!"; +my $buf; +read(FILE, $buf, 4) == 4 or die "Cannot read: $!"; +my $hostname_len = unpack("N", $buf); +# Table name length is at offset 4 + 4 + hostname_len +my $tablename_offset = 4 + 4 + $hostname_len; +seek(FILE, $tablename_offset, 0) or die "Cannot seek: $!"; +# Write 0 in big-endian +print FILE pack("N", 0); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--echo # +--echo # Test 4: Hostname length just over limit (257) +--echo # HOSTNAME_LENGTH + 1 = 256 is the max valid value. +--echo # 257 should be rejected. +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +seek(FILE, 4, 0) or die "Cannot seek: $!"; +# Write 257 (HOSTNAME_LENGTH + 2) in big-endian +print FILE pack("N", 257); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--echo # +--echo # Test 5: Hostname length 0xFFFFFFFF (max uint32) +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +seek(FILE, 4, 0) or die "Cannot seek: $!"; +# Write 0xFFFFFFFF in big-endian +print FILE pack("N", 0xFFFFFFFF); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--echo # +--echo # Test 6: Corrupt table name length in .cfg +--echo # The table name length field follows the hostname string. +--echo # We need to find and patch it dynamically. +--echo # + +--copy_file $MYSQLD_DATADIR/test/t1.cfg.bak $MYSQLD_DATADIR/test/t1.cfg.corrupt + +perl; +use strict; +my $file = "$ENV{MYSQLD_DATADIR}/test/t1.cfg.corrupt"; +open(FILE, "+<", $file) or die "Cannot open $file: $!"; +binmode FILE; +# Read hostname length at offset 4 +seek(FILE, 4, 0) or die "Cannot seek: $!"; +my $buf; +read(FILE, $buf, 4) == 4 or die "Cannot read: $!"; +my $hostname_len = unpack("N", $buf); +# Table name length is at offset 4 + 4 + hostname_len +my $tablename_offset = 4 + 4 + $hostname_len; +seek(FILE, $tablename_offset, 0) or die "Cannot seek: $!"; +# Write 0x10000000 (268 million) in big-endian +print FILE pack("N", 0x10000000); +close FILE or die "Cannot close: $!"; +EOF + +CREATE TABLE t1 (a INT PRIMARY KEY) ENGINE=InnoDB; +ALTER TABLE t1 DISCARD TABLESPACE; + +--copy_file $MYSQLD_DATADIR/test/t1.ibd.bak $MYSQLD_DATADIR/test/t1.ibd +--move_file $MYSQLD_DATADIR/test/t1.cfg.corrupt $MYSQLD_DATADIR/test/t1.cfg + +--error ER_IO_READ_ERROR +ALTER TABLE t1 IMPORT TABLESPACE; + +DROP TABLE t1; + +--remove_files_wildcard $MYSQLD_DATADIR/test t1.* + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/innodb_ctype_ldml.test mariadb-11.8.8/mysql-test/suite/innodb/t/innodb_ctype_ldml.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/innodb_ctype_ldml.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/innodb_ctype_ldml.test 2026-05-24 09:58:31.000000000 +0000 @@ -181,10 +181,12 @@ show create table t1; insert into t1 values (0x0061); +--disable_view_protocol --enable_metadata set @@character_set_results=NULL; select * from t1; --disable_metadata +--enable_view_protocol drop table t1; # @@ -205,7 +207,7 @@ # make sure utf8mb4_test_400_ci is Unicode-4.0.0 based SELECT hex(weight_string(_utf8mb4'a' collate utf8mb4_test_400_ci)); -SELECT hex(weight_string(convert(_utf32 0x10002 using utf8mb4) collate utf8mb4_test_400_ci)); +SELECT hex(weight_string(convert(_utf32 0x10002 using utf8mb4) collate utf8mb4_test_400_ci)) AS hex_ws; SELECT hex(@a:=convert(_utf32 0x10400 using utf8mb4) collate utf8mb4_test_400_ci), hex(lower(@a)); SELECT hex(@a:=convert(_utf32 0x10428 using utf8mb4) collate utf8mb4_test_400_ci), hex(upper(@a)); SELECT hex(@a:=convert(_utf32 0x2C00 using utf8mb4) collate utf8mb4_test_400_ci), hex(lower(@a)); @@ -342,7 +344,7 @@ SELECT HEX(WEIGHT_STRING(a)), HEX(CONVERT(a USING ucs2)), HEX(a) FROM t1 ORDER BY a, BINARY(a); SELECT HEX(WEIGHT_STRING(a)) as wa, -GROUP_CONCAT(HEX(CONVERT(a USING ucs2)) ORDER BY LENGTH(a), BINARY a) +GROUP_CONCAT(HEX(CONVERT(a USING ucs2)) ORDER BY LENGTH(a), BINARY a) AS gc FROM t1 GROUP BY a ORDER BY a; DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/lock_isolation.test mariadb-11.8.8/mysql-test/suite/innodb/t/lock_isolation.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/lock_isolation.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/lock_isolation.test 2026-05-24 09:58:31.000000000 +0000 @@ -292,7 +292,6 @@ SELECT * FROM t1; --enable_ps2_protocol COMMIT; ---disconnect consistent --connection default DROP TABLE t1,t2; @@ -306,5 +305,36 @@ DROP TABLE t1; SET SESSION TRANSACTION ISOLATION LEVEL REPEATABLE READ; +--echo # +--echo # MDEV-39263 Lost update despite innodb_snapshot_isolation +--echo # + +CREATE TABLE t1 (f1 INT PRIMARY KEY, val TEXT) ENGINE=InnoDB; + +--connection consistent +START TRANSACTION WITH CONSISTENT SNAPSHOT; +SELECT * FROM t1 WHERE f1 = 1; + +# Stop autocommit INSERT execution in commit_in_memory() between commit_state() +# and trx_sys.deregister_rw(), before locks are released +--connection default +SET DEBUG_SYNC="trx_after_commit_state SIGNAL committed WAIT_FOR cleanup"; +send SET STATEMENT innodb_lock_wait_timeout=3 FOR INSERT INTO t1 VALUES(1,'6'); + +--connection consistent +SET DEBUG_SYNC="now WAIT_FOR committed"; +--error ER_CHECKREAD +SET STATEMENT innodb_lock_wait_timeout=3 FOR +UPDATE t1 SET val = CONCAT(val, ',', '3') WHERE f1 = 1; + +SET DEBUG_SYNC="now SIGNAL cleanup"; +--disconnect consistent + +--connection default + +--reap +SET DEBUG_SYNC="RESET"; +DROP TABLE t1; + --source include/wait_until_count_sessions.inc --echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/log_corruption_recovery.test mariadb-11.8.8/mysql-test/suite/innodb/t/log_corruption_recovery.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/log_corruption_recovery.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/log_corruption_recovery.test 2026-05-24 09:58:31.000000000 +0000 @@ -15,7 +15,7 @@ call mtr.add_suppression("InnoDB: Cannot apply log to \\[page id: space=127, page number=0\\] of corrupted file '.*test/t\\.ibd"); call mtr.add_suppression("(InnoDB: Plugin|Plugin 'InnoDB')"); # Allow innodb_force_recovery=1 to write up to 10 FILE_CHECKPOINT records -call mtr.add_suppression("InnoDB: Page .* Current system log sequence number 12(3(38|54|70|86)|4(02|18|34|50|66|82|98))"); +call mtr.add_suppression("InnoDB: Page .* Current system log sequence number 123(38|54)"); SET GLOBAL innodb_fast_shutdown=0; --source include/shutdown_mysqld.inc --move_file $DATADIR/ib_logfile0 $DATADIR/ib_logfile0.old diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/log_file_size.test mariadb-11.8.8/mysql-test/suite/innodb/t/log_file_size.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/log_file_size.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/log_file_size.test 2026-05-24 09:58:31.000000000 +0000 @@ -2,8 +2,7 @@ --source include/innodb_page_size_small.inc # Embedded server tests do not support restarting --source include/not_embedded.inc -# DBUG_EXECUTE_IF is needed ---source include/have_debug.inc +--source include/maybe_debug.inc # This test is slow on buildbot. --source include/big_test.inc @@ -20,6 +19,7 @@ FLUSH TABLES; --enable_query_log let MYSQLD_DATADIR= `select @@datadir`; +SET GLOBAL innodb_file_per_table=0; CREATE TABLE t1(a INT PRIMARY KEY) ENGINE=InnoDB; --source include/shutdown_mysqld.inc @@ -89,6 +89,10 @@ let SEARCH_ABORT = NOT FOUND; BEGIN; +if ($have_debug) { +SET GLOBAL innodb_limit_optimistic_insert_debug=2; +INSERT INTO t1 VALUES (124),(125),(126),(127),(128),(129); +} DELETE FROM t1 WHERE a>0; --echo # Persist the state of the above incomplete transaction by @@ -107,22 +111,23 @@ SELECT * FROM t1; let SEARCH_PATTERN= syntax error in innodb_log_group_home_dir; --source include/search_pattern_in_file.inc +--let $restart_parameters= +if ($have_debug) { --let $restart_parameters= --debug-dbug=d,innodb_log_abort_1 --source include/restart_mysqld.inc --error ER_UNKNOWN_STORAGE_ENGINE SELECT * FROM t1; let SEARCH_PATTERN= InnoDB: Starting crash recovery from checkpoint LSN=.*; --source include/search_pattern_in_file.inc +let $restart_parameters = --innodb-log-file-size=5M; +} ---let $restart_parameters= --innodb-read-only --source include/restart_mysqld.inc ---error ER_UNKNOWN_STORAGE_ENGINE SELECT * FROM t1; -let SEARCH_PATTERN= InnoDB: innodb_read_only prevents crash recovery; ---source include/search_pattern_in_file.inc +if ($have_debug) { --let $restart_parameters= --debug-dbug=d,innodb_log_abort_5 --source include/restart_mysqld.inc --error ER_UNKNOWN_STORAGE_ENGINE @@ -130,12 +135,10 @@ let SEARCH_PATTERN= redo log from 5\\.000MiB to [0-9.]*[KMGT]iB; --source include/search_pattern_in_file.inc ---let $restart_parameters= --innodb-read-only +--let $restart_parameters= --source include/restart_mysqld.inc ---error ER_UNKNOWN_STORAGE_ENGINE SELECT * FROM t1; -let SEARCH_PATTERN= InnoDB: innodb_read_only prevents crash recovery; ---source include/search_pattern_in_file.inc +} # Trigger an error in recovery. diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/snapshot_isolation_race.test mariadb-11.8.8/mysql-test/suite/innodb/t/snapshot_isolation_race.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/snapshot_isolation_race.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/snapshot_isolation_race.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,58 @@ +--source include/have_innodb.inc + +--echo # +--echo # MDEV-39263 Lost update despite innodb_snapshot_isolation +--echo # + +CREATE TABLE si_log(seq SERIAL, val INT UNSIGNED) +ENGINE=InnoDB STATS_PERSISTENT=0; + +CREATE TABLE si_counter(val INT UNSIGNED) ENGINE=InnoDB STATS_PERSISTENT=0; +INSERT INTO si_counter VALUES(0); + +delimiter |; +CREATE PROCEDURE step() +BEGIN NOT ATOMIC + DECLARE EXIT HANDLER FOR 1020, 1213, 1205 BEGIN ROLLBACK; END; + START TRANSACTION WITH CONSISTENT SNAPSHOT; + SELECT val INTO @val FROM si_counter; + UPDATE si_counter SET val=@val+1; + INSERT INTO si_log (val) VALUES (@val); + DO SLEEP(0.0001); + COMMIT; +END| + +CREATE PROCEDURE test(c INT UNSIGNED) +BEGIN + WHILE c DO + SET c=c-1; + call step(); + START TRANSACTION; + SELECT COUNT(*) INTO @count FROM si_log; + SELECT SUM(val) INTO @sum FROM si_counter; + COMMIT; + IF (@count != @sum) THEN shutdown; END IF; + END WHILE; +END| +delimiter ;| + +--connect stop_purge,localhost,root +START TRANSACTION WITH CONSISTENT SNAPSHOT; +--connection default +SET innodb_snapshot_isolation=ON; + +--disable_query_log +send call test(800); +--connect con1,localhost,root +SET innodb_snapshot_isolation=ON; +call test(800); +--disconnect con1 +--connection default +--reap + +--enable_query_log +--disconnect stop_purge + +DROP TABLE si_log, si_counter; +DROP PROCEDURE test; +DROP PROCEDURE step; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/stat_tables.test mariadb-11.8.8/mysql-test/suite/innodb/t/stat_tables.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/stat_tables.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/stat_tables.test 2026-05-24 09:58:31.000000000 +0000 @@ -119,3 +119,17 @@ DROP TABLE t1; --echo # End of 10.11 tests + +--echo # +--echo # MDEV-38832 Assertion `!commit_lsn' failed in void trx_t::free() +--echo # +CREATE DATABASE test_1; +CREATE TABLE test_1.t1(f1 INT NOT NULL)Engine=InnoDB; +SET @old_stats=@@global.innodb_stats_persistent; +SET @flush_log_at_commit=@@global.innodb_flush_log_at_trx_commit; +SET GLOBAL innodb_stats_persistent=OFF; +SET GLOBAL innodb_flush_log_at_trx_commit=0; +DROP TABLE test_1.t1; +DROP DATABASE test_1; +SET GLOBAL innodb_stats_persistent=@old_stats; +SET GLOBAL innodb_flush_log_at_trx_commit=@flush_log_at_commit; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/sys_defragment_fail.test mariadb-11.8.8/mysql-test/suite/innodb/t/sys_defragment_fail.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/sys_defragment_fail.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/sys_defragment_fail.test 2026-05-24 09:58:31.000000000 +0000 @@ -31,8 +31,6 @@ let SEARCH_FILE= $MYSQLTEST_VARDIR/log/mysqld.1.err; let SEARCH_PATTERN=InnoDB: Found unexpected table in system tablespace: test\/t1; --source include/search_pattern_in_file.inc -let SEARCH_PATTERN=InnoDB: Unexpected table exists in the system tablespace; ---source include/search_pattern_in_file.inc DROP TABLE t1; --source include/wait_all_purged.inc diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/sys_truncate_debug.test mariadb-11.8.8/mysql-test/suite/innodb/t/sys_truncate_debug.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/sys_truncate_debug.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/sys_truncate_debug.test 2026-05-24 09:58:31.000000000 +0000 @@ -74,3 +74,45 @@ WHERE engine = 'innodb' AND support IN ('YES', 'DEFAULT', 'ENABLED'); SELECT NAME, FILE_SIZE FROM INFORMATION_SCHEMA.INNODB_SYS_TABLESPACES WHERE SPACE=0; + +--echo # +--echo # MDEV-38412 System tablespace fails to shrink due to legacy tables +--echo # +let bugdir= $MYSQLTEST_VARDIR/tmp/old_datadir; +--mkdir $bugdir +let $dirs= --innodb-data-home-dir=$bugdir --innodb-log-group-home-dir=$bugdir --innodb_undo_directory=$bugdir; +# Create a new data directory +let $restart_parameters=$dirs --debug_dbug=d,create_sys_tablespaces; +--source include/restart_mysqld.inc + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_TABLES WHERE SPACE= 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_INDEXES WHERE SPACE=0 AND NAME LIKE 'DUMMY_IND%'; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_FIELDS WHERE NAME LIKE 'DUMMY_ID%'; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_COLUMNS WHERE NAME LIKE 'DUMMY_ID%'; + +# Drop the unknown table during slow shutdown +let $restart_parameters=$dirs --innodb_data_file_path=ibdata1:10M:autoextend:autoshrink --innodb_fast_shutdown=0; +--source include/restart_mysqld.inc + +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_TABLES WHERE SPACE= 0; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_INDEXES WHERE SPACE=0 AND NAME LIKE 'DUMMY_IND%'; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_FIELDS WHERE NAME LIKE 'DUMMY_ID%'; +SELECT NAME FROM INFORMATION_SCHEMA.INNODB_SYS_COLUMNS WHERE NAME LIKE 'DUMMY_ID%'; + +let SEARCH_PATTERN=InnoDB: Found an unknown table SYS_TABLESPACES; +--source include/search_pattern_in_file.inc + +let SEARCH_PATTERN=InnoDB: Found orphaned index for table_id .*; +--source include/search_pattern_in_file.inc + +let SEARCH_PATTERN=InnoDB: Dropping 2 orphaned table; +--source include/search_pattern_in_file.inc + +# Shrink the system tablespace further +let $restart_parameters=$dirs --innodb_data_file_path=ibdata1:10M:autoextend:autoshrink; +--source include/restart_mysqld.inc + +# Cleanup +let $restart_parameters=; +--source include/restart_mysqld.inc +rmdir $bugdir; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/table_flags.test mariadb-11.8.8/mysql-test/suite/innodb/t/table_flags.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/table_flags.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/table_flags.test 2026-05-24 09:58:31.000000000 +0000 @@ -257,13 +257,16 @@ DROP TABLE t1; --echo # ---echo # MDEV-34222 Alter operation on redundant table aborts the server +--echo # MDEV-38079 Crash recovery fails after ALTER TABLE…PAGE_COMPRESSED=1 --echo # SET @df_row = @@global.INNODB_DEFAULT_ROW_FORMAT; SET GLOBAL INNODB_DEFAULT_ROW_FORMAT=REDUNDANT; CREATE TABLE t1 (c CHAR(1)) ENGINE=InnoDB; -SET GLOBAL INNODB_DEFAULT_ROW_FORMAT=compact; --error ER_ILLEGAL_HA_CREATE_OPTION -ALTER TABLE t1 PAGE_COMPRESSED=1; +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=INPLACE; +--error ER_CANT_CREATE_TABLE +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=COPY; +SET GLOBAL INNODB_DEFAULT_ROW_FORMAT=compact; +ALTER TABLE t1 PAGE_COMPRESSED=1, ALGORITHM=COPY; DROP TABLE t1; SET @@global.INNODB_DEFAULT_ROW_FORMAT = @df_row; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/undo_upgrade_debug.test mariadb-11.8.8/mysql-test/suite/innodb/t/undo_upgrade_debug.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/undo_upgrade_debug.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/undo_upgrade_debug.test 2026-05-24 09:58:31.000000000 +0000 @@ -47,22 +47,12 @@ --echo # Should list 3 undo log tablespaces list_files $MYSQLD_DATADIR undo*; ---echo # case 4: Abort after re-creating new undo tablespaces -let $restart_parameters=--innodb_undo_tablespaces=4 --debug_dbug="+d,after_reinit_undo_abort"; - ---source include/restart_mysqld.inc - let $restart_parameters=--innodb_undo_tablespaces=4; --source include/restart_mysqld.inc --echo # Should list 4 undo log tablespaces list_files $MYSQLD_DATADIR undo*; ---echo # case 5: Abort after re-creating new undo tablespaces successfully -let $restart_parameters=--innodb_undo_tablespaces=2 --debug_dbug="+d,after_reinit_undo_success"; - ---source include/restart_mysqld.inc - let $restart_parameters=--innodb_undo_tablespaces=2; --source include/restart_mysqld.inc diff -Nru mariadb-11.8.6/mysql-test/suite/innodb/t/xa_recovery.test mariadb-11.8.8/mysql-test/suite/innodb/t/xa_recovery.test --- mariadb-11.8.6/mysql-test/suite/innodb/t/xa_recovery.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb/t/xa_recovery.test 2026-05-24 09:58:31.000000000 +0000 @@ -31,13 +31,15 @@ disconnect con1; disconnect con2; connect (con1,localhost,root); ---send SELECT * FROM t1 LOCK IN SHARE MODE +send +SET STATEMENT innodb_lock_wait_timeout=1 FOR # work around MDEV-38741 +SELECT * FROM t1 LOCK IN SHARE MODE; connection default; let $wait_condition= select count(*) = 1 from information_schema.processlist where state = 'Sending data' and - info = 'SELECT * FROM t1 LOCK IN SHARE MODE'; + info LIKE 'SET STATEMENT innodb_lock_wait_timeout%'; --source include/wait_condition.inc SET innodb_lock_wait_timeout=1; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/1.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/1.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/1.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/1.result 2026-05-24 09:58:31.000000000 +0000 @@ -584,7 +584,7 @@ drop table t1; SET sql_mode = 'NO_ENGINE_SUBSTITUTION'; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default '') ENGINE=InnoDB ; +geometry NOT NULL) ENGINE=InnoDB ; SET sql_mode = default; insert into t1 values ('85984',ST_GeomFromText('MULTIPOLYGON(((-115.006363 36.305435,-114.992394 36.305202,-114.991219 36.305975,-114.991163 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/alter_spatial_index.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/alter_spatial_index.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/alter_spatial_index.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/alter_spatial_index.result 2026-05-24 09:58:31.000000000 +0000 @@ -140,14 +140,10 @@ SET @g1 = ST_GeomFromText('POLYGON((20 20,30 30,40 40,50 50,40 50,30 40,30 30,20 20))'); SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) -2 POINT(20 20) POLYGON((40 50,40 70,50 100,70 100,80 80,70 50,40 50)) -1 POINT(10 10) POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) UPDATE tab SET C2 = ST_GeomFromText('POINT(1000 1000)') WHERE ST_Crosses(tab.c4, @g1); SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) -2 POINT(1000 1000) POLYGON((40 50,40 70,50 100,70 100,80 80,70 50,40 50)) -1 POINT(1000 1000) POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) DELETE FROM tab WHERE ST_Crosses(tab.c4, @g1); ALTER TABLE tab CHANGE COLUMN c2 c22 POINT NOT NULL; affected rows: 0 @@ -232,18 +228,20 @@ SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE MBREquals(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) ALTER TABLE tab DROP PRIMARY KEY; -affected rows: 4 -info: Records: 4 Duplicates: 0 Warnings: 0 +affected rows: 6 +info: Records: 6 Duplicates: 0 Warnings: 0 ALTER TABLE tab ADD PRIMARY KEY(c2) ; affected rows: 0 info: Records: 0 Duplicates: 0 Warnings: 0 SET @g1 = ST_GeomFromText( 'POLYGON((0 0,0 30,30 40,40 50,50 30,0 0))'); SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE ST_Touches(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) +2 POINT(20 20) POLYGON((40 50,40 70,50 100,70 100,80 80,70 50,40 50)) UPDATE tab SET C2 = ST_GeomFromText('POINT(3000 3000)') WHERE ST_Touches(tab.c4, @g1); SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE ST_Touches(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) +2 POINT(3000 3000) POLYGON((40 50,40 70,50 100,70 100,80 80,70 50,40 50)) DELETE FROM tab WHERE ST_Touches(tab.c4, @g1); SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab WHERE ST_Touches(tab.c4, @g1); c1 ST_Astext(c2) ST_Astext(c4) @@ -267,6 +265,7 @@ test.tab check status OK SELECT c1,ST_Astext(c2),ST_Astext(c4) FROM tab ORDER BY c1; c1 ST_Astext(c2) ST_Astext(c4) +1 POINT(10 10) POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) 6 POINT(3 3) POLYGON((2010 2010,2020 2020,2030 2030,2040 2030,2020 2010,2010 2010)) 7 POINT(60 70) POLYGON((3010 3010,3020 3020,3030 3030,3040 3030,3020 3010,3010 3010)) 8 POINT(0 0) POLYGON((3010 3010,3020 3020,3030 3030,3040 3030,3020 3010,3010 3010)) @@ -290,8 +289,8 @@ c1 ST_Astext(c2) ST_Astext(c4) INSERT INTO tab SELECT * FROM tab1; ALTER TABLE tab DROP PRIMARY KEY; -affected rows: 1 -info: Records: 1 Duplicates: 0 Warnings: 0 +affected rows: 2 +info: Records: 2 Duplicates: 0 Warnings: 0 SET STATEMENT sql_mode = 'NO_ENGINE_SUBSTITUTION' FOR CREATE TEMPORARY TABLE temp_tab AS SELECT * FROM tab where c1 = c2; ERROR HY000: Illegal parameter data types int and point for operation '=' diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/create_spatial_index.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/create_spatial_index.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/create_spatial_index.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/create_spatial_index.result 2026-05-24 09:58:31.000000000 +0000 @@ -111,7 +111,6 @@ 1 SIMPLE tab index idx3 PRIMARY 4 NULL 10 Using where SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -4 POLYGON((300 300,400 400,500 500,300 500,300 400,300 300)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra @@ -125,7 +124,6 @@ 1 SIMPLE tab index idx3 PRIMARY 4 NULL 10 Using where SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -1 POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra @@ -429,7 +427,6 @@ SET @g1 = ST_GeomFromText('POLYGON((100 200,1010 1010,1020 1020,500 300,300 200,100 300,100 200))'); SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -5 POLYGON((1010 1010,1020 1020,1030 1030,1040 1030,1020 1010,1010 1010)) DELETE FROM tab WHERE ST_Crosses(tab.c4, @g1); SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) @@ -555,7 +552,6 @@ 1 SIMPLE tab range idx3 idx3 34 NULL 1 Using where; Using filesort SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -4 POLYGON((300 300,400 400,500 500,300 500,300 400,300 300)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra @@ -569,7 +565,6 @@ 1 SIMPLE tab range idx3 idx3 34 NULL 1 Using where; Using filesort SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -1 POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra @@ -864,7 +859,6 @@ SET @g1 = ST_GeomFromText('POLYGON((100 200,200 300,400 500,500 300,300 200,100 300,100 200))'); SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -4 POLYGON((300 300,400 400,500 500,300 500,300 400,300 300)) DELETE FROM tab WHERE ST_Crosses(tab.c4, @g1); SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) @@ -989,7 +983,6 @@ 1 SIMPLE tab index idx3 PRIMARY 4 NULL 10 Using where SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -4 POLYGON((300 300,400 400,500 500,300 500,300 400,300 300)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra @@ -1003,7 +996,6 @@ 1 SIMPLE tab index idx3 PRIMARY 4 NULL 10 Using where SELECT c1,ST_Astext(c4) FROM tab WHERE ST_Crosses(tab.c4, @g1) ORDER BY c1; c1 ST_Astext(c4) -1 POLYGON((30 30,40 40,50 50,30 50,30 40,30 30)) EXPLAIN UPDATE tab SET C2 = ST_GeomFromText('POINT(0 0)') WHERE ST_Crosses(tab.c4, @g1); id select_type table type possible_keys key key_len ref rows Extra diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/gis.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/gis.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/gis.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/gis.result 2026-05-24 09:58:31.000000000 +0000 @@ -585,7 +585,7 @@ drop table t1; SET sql_mode = 'NO_ENGINE_SUBSTITUTION'; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default ''); +geometry NOT NULL); SET sql_mode = default; insert into t1 values ('85984',ST_GeomFromText('MULTIPOLYGON(((-115.006363 36.305435,-114.992394 36.305202,-114.991219 36.305975,-114.991163 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/innodb_gis_rtree.result 2026-05-24 09:58:31.000000000 +0000 @@ -826,7 +826,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL, SPATIAL KEY `gndx` (`geometry`)) DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 -66.8158332999, -18.7186111000 -66.8102777000, -18.7211111000 -66.9269443999, @@ -840,7 +840,7 @@ test.t1 check status OK drop table t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -854,7 +854,7 @@ test.t1 check status OK DROP TABLE t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/point_big.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/point_big.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/point_big.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/point_big.result 2026-05-24 09:58:31.000000000 +0000 @@ -391,7 +391,7 @@ SELECT COUNT(*), ST_AsText(p1), ST_AsText(p2) FROM p GROUP BY p1, p2; COUNT(*) ST_AsText(p1) ST_AsText(p2) 2 POINT(1000 -1000) POINT(-201 203.56) -2 POINT(20.5 43.9832) POINT(-0 0) +2 POINT(20.5 43.9832) POINT(0 0) 2 POINT(-4.2 -6.98) POINT(-120.5 343.9832) INSERT INTO gis_point SELECT * FROM p; INSERT INTO gis_point SELECT * FROM p; @@ -418,7 +418,7 @@ 1024 POINT(26.25 57) POINT(1 2) 14 POINT(1000 -1000) POINT(-201 203.56) 1024 POINT(20.5 41) POINT(-8 4) -14 POINT(20.5 43.9832) POINT(-0 0) +14 POINT(20.5 43.9832) POINT(0 0) 1024 POINT(32.1234 64.2468) POINT(-1 -1) 14 POINT(-4.2 -6.98) POINT(-120.5 343.9832) SELECT COUNT(*), ST_AsText(p1) FROM gis_point WHERE ST_TOUCHES(@poly3, p1) AND MBRWithin(p2, @poly4) GROUP BY p1; @@ -454,7 +454,7 @@ 1024 POINT(26.25 57) POINT(1 2) 14 POINT(1000 -1000) POINT(-201 203.56) 1024 POINT(20.5 41) POINT(-8 4) -14 POINT(20.5 43.9832) POINT(-0 0) +14 POINT(20.5 43.9832) POINT(0 0) 1024 POINT(32.1234 64.2468) POINT(-1 -1) 14 POINT(-4.2 -6.98) POINT(-120.5 343.9832) UPDATE gis_point SET p2 = ST_PointFromText('POINT(2000 2000)') WHERE ST_Contains(ST_GeomFromText('POLYGON((-100 100, -400 100, -400 400, -100 400, -100 100))'), p2) OR ST_Contains(ST_GeomFromText('POLYGON((-0.0001 -0.0002, -0.0001 0.00002, 0.00000005 0.000001, 0.0000025 -0.001, -0.0001 -0.0002))'), p2); diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/r/rtree_add_index.result mariadb-11.8.8/mysql-test/suite/innodb_gis/r/rtree_add_index.result --- mariadb-11.8.6/mysql-test/suite/innodb_gis/r/rtree_add_index.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/r/rtree_add_index.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,5 +1,5 @@ CREATE TABLE t1 (g MULTIPOINT NOT NULL) ENGINE=InnoDB STATS_PERSISTENT=0; -INSERT INTO t1 VALUES (''); +INSERT INTO t1 VALUES (MultiPointFromText('MULTIPOINT(0 0,10 10,10 20,20 20)')); connect purge_control,localhost,root; START TRANSACTION WITH CONSISTENT SNAPSHOT; connection default; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/t/1.test mariadb-11.8.8/mysql-test/suite/innodb_gis/t/1.test --- mariadb-11.8.6/mysql-test/suite/innodb_gis/t/1.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/t/1.test 2026-05-24 09:58:31.000000000 +0000 @@ -307,7 +307,7 @@ SET sql_mode = 'NO_ENGINE_SUBSTITUTION'; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default '') ENGINE=InnoDB ; +geometry NOT NULL) ENGINE=InnoDB ; SET sql_mode = default; diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/t/gis.test mariadb-11.8.8/mysql-test/suite/innodb_gis/t/gis.test --- mariadb-11.8.6/mysql-test/suite/innodb_gis/t/gis.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/t/gis.test 2026-05-24 09:58:31.000000000 +0000 @@ -301,7 +301,7 @@ SET sql_mode = 'NO_ENGINE_SUBSTITUTION'; CREATE TABLE `t1` (`object_id` bigint(20) unsigned NOT NULL default '0', `geo` -geometry NOT NULL default ''); +geometry NOT NULL); SET sql_mode = default; insert into t1 values ('85984',ST_GeomFromText('MULTIPOLYGON(((-115.006363 diff -Nru mariadb-11.8.6/mysql-test/suite/innodb_gis/t/rtree_add_index.test mariadb-11.8.8/mysql-test/suite/innodb_gis/t/rtree_add_index.test --- mariadb-11.8.6/mysql-test/suite/innodb_gis/t/rtree_add_index.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/innodb_gis/t/rtree_add_index.test 2026-05-24 09:58:31.000000000 +0000 @@ -1,7 +1,7 @@ --source include/have_innodb.inc CREATE TABLE t1 (g MULTIPOINT NOT NULL) ENGINE=InnoDB STATS_PERSISTENT=0; -INSERT INTO t1 VALUES (''); +INSERT INTO t1 VALUES (MultiPointFromText('MULTIPOINT(0 0,10 10,10 20,20 20)')); connect purge_control,localhost,root; START TRANSACTION WITH CONSISTENT SNAPSHOT; diff -Nru mariadb-11.8.6/mysql-test/suite/json/r/json_table_notembedded.result mariadb-11.8.8/mysql-test/suite/json/r/json_table_notembedded.result --- mariadb-11.8.6/mysql-test/suite/json/r/json_table_notembedded.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/json/r/json_table_notembedded.result 2026-05-24 09:58:31.000000000 +0000 @@ -12,7 +12,7 @@ a f {"foo":"bar"} bar select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q; -ERROR 28000: Access denied for user 'u'@'localhost' (using password: NO) +ERROR 42000: Access denied; you need (at least one of) the FILE privilege(s) for this operation connection default; disconnect con1; drop user u@localhost; diff -Nru mariadb-11.8.6/mysql-test/suite/json/t/json_table_notembedded.test mariadb-11.8.8/mysql-test/suite/json/t/json_table_notembedded.test --- mariadb-11.8.6/mysql-test/suite/json/t/json_table_notembedded.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/json/t/json_table_notembedded.test 2026-05-24 09:58:31.000000000 +0000 @@ -18,7 +18,7 @@ # # MDEV-25141 JSON_TABLE: SELECT into outfile bypasses file privilege check # ---error ER_ACCESS_DENIED_ERROR +--error ER_SPECIFIC_ACCESS_DENIED_ERROR select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q; connection default; diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-dynamic.result mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.result --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-dynamic.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.result 2026-05-24 09:58:31.000000000 +0000 @@ -805,7 +805,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) row_format=dynamic DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL, SPATIAL KEY `gndx` (`geometry`)) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 -66.8158332999, -18.7186111000 -66.8102777000, -18.7211111000 -66.9269443999, @@ -819,7 +819,7 @@ test.t1 check status OK drop table t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -833,7 +833,7 @@ test.t1 check status OK DROP TABLE t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-dynamic.test mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.test --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-dynamic.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-dynamic.test 2026-05-24 09:58:31.000000000 +0000 @@ -176,7 +176,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) row_format=dynamic DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL, SPATIAL KEY `gndx` (`geometry`)) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 @@ -195,7 +195,7 @@ # Bug#17877 - Corrupted spatial index # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -209,7 +209,7 @@ DROP TABLE t1; # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) row_format=dynamic DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-trans.result mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.result --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-trans.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.result 2026-05-24 09:58:31.000000000 +0000 @@ -805,7 +805,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) transactional=1 row_format=page DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL,SPATIAL KEY `gndx` (`geometry`)) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 -66.8158332999, -18.7186111000 -66.8102777000, -18.7211111000 -66.9269443999, @@ -819,7 +819,7 @@ test.t1 check status OK drop table t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -833,7 +833,7 @@ test.t1 check status OK DROP TABLE t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-trans.test mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.test --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree-trans.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree-trans.test 2026-05-24 09:58:31.000000000 +0000 @@ -179,7 +179,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) transactional=1 row_format=page DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL,SPATIAL KEY `gndx` (`geometry`)) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 @@ -198,7 +198,7 @@ # Bug#17877 - Corrupted spatial index # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -212,7 +212,7 @@ DROP TABLE t1; # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=1 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree.result mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.result --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.result 2026-05-24 09:58:31.000000000 +0000 @@ -805,7 +805,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; ERROR 22003: Cannot get geometry object from data you send to the GEOMETRY field drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) transactional=0 row_format=page DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL,SPATIAL KEY `gndx` (`geometry`)) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 -66.8158332999, -18.7186111000 -66.8102777000, -18.7211111000 -66.9269443999, @@ -819,7 +819,7 @@ test.t1 check status OK drop table t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -833,7 +833,7 @@ test.t1 check status OK DROP TABLE t1; CREATE TABLE t1 ( -c1 geometry NOT NULL default '', +c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree.test mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.test --- mariadb-11.8.6/mysql-test/suite/maria/maria-gis-rtree.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria-gis-rtree.test 2026-05-24 09:58:31.000000000 +0000 @@ -176,7 +176,7 @@ INSERT IGNORE INTO t2 SELECT GeomFromText(st) FROM t1; drop table t1, t2; -CREATE TABLE t1 (`geometry` geometry NOT NULL default '',SPATIAL KEY `gndx` (`geometry`)) transactional=0 row_format=page DEFAULT CHARSET=latin1; +CREATE TABLE t1 (`geometry` geometry NOT NULL,SPATIAL KEY `gndx` (`geometry`)) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (geometry) VALUES (PolygonFromText('POLYGON((-18.6086111000 -66.9327777000, -18.6055555000 @@ -195,7 +195,7 @@ # Bug#17877 - Corrupted spatial index # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( @@ -209,7 +209,7 @@ DROP TABLE t1; # CREATE TABLE t1 ( - c1 geometry NOT NULL default '', + c1 geometry NOT NULL, SPATIAL KEY i1 (c1) ) transactional=0 row_format=page DEFAULT CHARSET=latin1; INSERT INTO t1 (c1) VALUES ( diff -Nru mariadb-11.8.6/mysql-test/suite/maria/maria.result mariadb-11.8.8/mysql-test/suite/maria/maria.result --- mariadb-11.8.6/mysql-test/suite/maria/maria.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/maria/maria.result 2026-05-24 09:58:31.000000000 +0000 @@ -1152,10 +1152,7 @@ id select_type table type possible_keys key key_len ref rows Extra 1 SIMPLE t1 ref v v 13 const # Using where; Using index alter table t1 add unique(v); -ERROR 23000: Duplicate entry '{ ' for key 'v_2' -show warnings; -Level Code Message -Error 1062 Duplicate entry 'a\0001' for key 'v_2' +ERROR 23000: Duplicate entry 'a ' for key 'v_2' alter table t1 add key(v); Warnings: Note 1831 Duplicate index `v_2`. This is deprecated and will be disallowed in a future release diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/error_during_copyback.result mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.result --- mariadb-11.8.6/mysql-test/suite/mariabackup/error_during_copyback.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.result 2026-05-24 09:58:31.000000000 +0000 @@ -8,3 +8,12 @@ i 1 DROP TABLE t; +# +# MDEV-38562: mariabackup exits with success (0) despite "No space left on device" errors +# +# Simulate close() failure (Disk Full / ENOSPC) +# Verify that "completed OK!" is NOT in the log +NOT FOUND /completed OK!/ in backup.log +# Verify that "FATAL ERROR" is in the log +FOUND 1 /FATAL ERROR/ in backup.log +# End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/error_during_copyback.test mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.test --- mariadb-11.8.6/mysql-test/suite/mariabackup/error_during_copyback.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/error_during_copyback.test 2026-05-24 09:58:31.000000000 +0000 @@ -23,3 +23,27 @@ DROP TABLE t; rmdir $targetdir; +--echo # +--echo # MDEV-38562: mariabackup exits with success (0) despite "No space left on device" errors +--echo # + +--let $targetdir=$MYSQLTEST_VARDIR/tmp/backup + +--echo # Simulate close() failure (Disk Full / ENOSPC) +--error 1 +--exec $XTRABACKUP --defaults-file=$MYSQLTEST_VARDIR/my.cnf --backup --target-dir=$targetdir --dbug=+d,my_close_fail >$MYSQLTEST_VARDIR/tmp/backup.log 2>&1 + +--echo # Verify that "completed OK!" is NOT in the log +--let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log +--let SEARCH_PATTERN=completed OK! +--source include/search_pattern_in_file.inc + +--echo # Verify that "FATAL ERROR" is in the log +--let SEARCH_FILE=$MYSQLTEST_VARDIR/tmp/backup.log +--let SEARCH_PATTERN=FATAL ERROR +--source include/search_pattern_in_file.inc + +--remove_file $MYSQLTEST_VARDIR/tmp/backup.log +rmdir $targetdir; + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/options_check.result mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.result --- mariadb-11.8.6/mysql-test/suite/mariabackup/options_check.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.result 2026-05-24 09:58:31.000000000 +0000 @@ -6,3 +6,12 @@ # Check if uknown options that follow --mysqld-args are ingored # Check if [mariadb-client] group is not loaded (MDEV-22894) # Check if --help presents +# +# MDEV-39565 missing filename check in mariadb-backup --decompress +# +[##] ####-##-## ##:##:## decompressing ./a;touch b.qp + +[##] ####-##-## ##:##:## Error: invalid file name + +[##] ####-##-## ##:##:## Error: thread # failed. +# End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/options_check.test mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.test --- mariadb-11.8.6/mysql-test/suite/mariabackup/options_check.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/options_check.test 2026-05-24 09:58:31.000000000 +0000 @@ -67,3 +67,16 @@ exec $XTRABACKUP -?; --enable_result_log +--echo # +--echo # MDEV-39565 missing filename check in mariadb-backup --decompress +--echo # +--write_file "$MYSQL_TMP_DIR/a;touch b.qp" +foo +EOF + +--replace_regex /.*based.*\n// /\d/#/ /[\\]/\// +--error 1 +exec $XTRABACKUP --decompress --target-dir=$MYSQL_TMP_DIR 2>&1; +--list_files $MYSQL_TMP_DIR b.qp + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/xb_fulltext_encrypted.test mariadb-11.8.8/mysql-test/suite/mariabackup/xb_fulltext_encrypted.test --- mariadb-11.8.6/mysql-test/suite/mariabackup/xb_fulltext_encrypted.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/xb_fulltext_encrypted.test 2026-05-24 09:58:31.000000000 +0000 @@ -16,7 +16,7 @@ --disable_result_log exec $INNOBACKUPEX --defaults-file=$MYSQLTEST_VARDIR/my.cnf --no-timestamp $targetdir; -exec $INNOBACKUPEX --apply-log $targetdir; +exec $INNOBACKUPEX --Apply_log -u root $targetdir; --source include/restart_and_restore.inc --enable_result_log diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/xbstream.result mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.result --- mariadb-11.8.6/mysql-test/suite/mariabackup/xbstream.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.result 2026-05-24 09:58:31.000000000 +0000 @@ -35,3 +35,8 @@ 4 DROP TABLE t; DROP TABLE mysql.mariadb_backup_history; +# +# MDEV-39408 mbstream insufficient path validation +# +[00] mbstream: invalid filename ../../data.dat +# End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/mariabackup/xbstream.test mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.test --- mariadb-11.8.6/mysql-test/suite/mariabackup/xbstream.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/mariabackup/xbstream.test 2026-05-24 09:58:31.000000000 +0000 @@ -49,3 +49,11 @@ rmdir $targetdir; remove_file $streamfile; remove_file $stream_incr_file; + +--echo # +--echo # MDEV-39408 mbstream insufficient path validation +--echo # +--replace_regex /\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d .*:/mbstream:/ +exec $XBSTREAM -x -C $MYSQL_TMP_DIR < $MYSQL_TEST_DIR/std_data/mdev-39408.mb 2>&1; + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/mysql-test/suite/merge/merge.result mariadb-11.8.8/mysql-test/suite/merge/merge.result --- mariadb-11.8.6/mysql-test/suite/merge/merge.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/merge/merge.result 2026-05-24 09:58:31.000000000 +0000 @@ -3958,19 +3958,8 @@ 4 5 DROP TABLE t1; -# End of 10.11 tests -# -# MDEV-30088 Assertion `cond_selectivity <= 1.0' failed in get_range_limit_read_cost # -CREATE TABLE t1 (a TIMESTAMP, KEY(a)) ENGINE=MRG_MyISAM; -explain SELECT a, COUNT(*) FROM t1 WHERE a >= '2000-01-01 00:00:00' GROUP BY a; -id select_type table type possible_keys key key_len ref rows Extra -1 SIMPLE NULL NULL NULL NULL NULL NULL NULL Impossible WHERE noticed after reading const tables -SELECT a, COUNT(*) FROM t1 WHERE a >= '2000-01-01 00:00:00' GROUP BY a; -a COUNT(*) -DROP TABLE t1; -# -# MDEV-30525: Assertion `ranges > 0' fails in IO_AND_CPU_COST handler::keyread_time +# MDEV-39494 UBSAN failure # CREATE TABLE t1 (a INT, KEY(a)) ENGINE=MyISAM; CREATE TABLE t2 (a INT, KEY(a)) ENGINE=MyISAM; @@ -3978,48 +3967,32 @@ SELECT DISTINCT a FROM tm WHERE a > 50; a DROP TABLE tm, t1, t2; -# Testcase 2: -CREATE TABLE t1 (a INT, KEY(a)) ENGINE=MyISAM; -CREATE TABLE t2 (a INT, KEY(a)) ENGINE=MyISAM; -CREATE TABLE tm (a INT, KEY(a)) ENGINE=MERGE UNION = (t1, t2) INSERT_METHOD=FIRST; -ANALYZE TABLE tm PERSISTENT FOR ALL; -Table Op Msg_type Msg_text -test.tm analyze status Engine-independent statistics collected -test.tm analyze note The storage engine for the table doesn't support analyze -SELECT DISTINCT a FROM (SELECT * FROM tm WHERE a iS NOT NULL) AS sq; -a -DROP TABLE tm, t1, t2; # -# MDEV-30568 Assertion `cond_selectivity <= 1.000000001' failed in get_range_limit_read_cost +# MDEV-38474 Double free or corruption, ASAN heap-use-after-free in st_join_table::cleanup # -CREATE TABLE t1 (f INT, KEY(f)) ENGINE=MyISAM; -CREATE TABLE t2 (f INT, KEY(f)) ENGINE=MyISAM; -CREATE TABLE tm (f INT, KEY(f)) ENGINE=MERGE UNION = (t1, t2); -SELECT DISTINCT f FROM tm WHERE f IN (47, 126, 97, 48, 73, 0); -f -DROP TABLE tm, t1, t2; +# Test case 1, fails on 10.11+ +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (b INT); +CREATE TABLE t3 (c INT); +# Inserts are optional, fails with and without data +INSERT INTO t1 VALUES (1),(2); +INSERT INTO t2 VALUES (3),(4); +INSERT INTO t3 VALUES (5),(6); +EXPLAIN SELECT * FROM t1 WHERE a IN (SELECT b FROM t2 WHERE a IN ((SELECT c FROM t3 WHERE FALSE HAVING c < 0))); +id select_type table type possible_keys key key_len ref rows Extra +1 PRIMARY NULL NULL NULL NULL NULL NULL NULL Impossible WHERE noticed after reading const tables +3 MATERIALIZED NULL NULL NULL NULL NULL NULL NULL Impossible WHERE +DROP TABLE t1, t2, t3; +# Test case 2, fails on 11.4 but not on 10.11 +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (b INT); +CREATE TABLE t3 (c INT); +CREATE TABLE t4 (d INT PRIMARY KEY); +SET SQL_SAFE_UPDATES=1; +UPDATE t1 STRAIGHT_JOIN t2 SET a = 89 WHERE 9 IN (SELECT c FROM t3 WHERE c IN (SELECT MAX(d) FROM t4)); +ERROR HY000: You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column +DROP TABLE t1, t2, t3, t4; # -# MDEV-30786 SIGFPE in cost_group_min_max on EXP +# End of 10.11 tests # -SET use_stat_tables='preferably'; -CREATE TABLE t1 (a INT,b INT,KEY i1 (a),KEY i2 (b)) ENGINE=MRG_MyISAM; -ANALYZE LOCAL TABLE t1; -Table Op Msg_type Msg_text -test.t1 analyze status Engine-independent statistics collected -test.t1 analyze note The storage engine for the table doesn't support analyze -EXPLAIN SELECT DISTINCT a FROM t1; -id select_type table type possible_keys key key_len ref rows Extra -1 SIMPLE t1 range NULL i1 5 NULL 1 Using index for group-by -drop table t1; -set use_stat_tables=default; -# End of 11.0 tests -# -# MDEV-29174: UPDATE of view that uses MERGE table -# -CREATE TABLE t1 (a int) ENGINE=MERGE; -CREATE VIEW v1 AS SELECT a FROM t1; -UPDATE v1 SET a=0; -DROP VIEW v1; -DROP TABLE t1; -# End of 11.1 tests ALTER DATABASE test CHARACTER SET utf8mb4 COLLATE utf8mb4_uca1400_ai_ci; diff -Nru mariadb-11.8.6/mysql-test/suite/merge/merge.test mariadb-11.8.8/mysql-test/suite/merge/merge.test --- mariadb-11.8.6/mysql-test/suite/merge/merge.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/merge/merge.test 2026-05-24 09:58:31.000000000 +0000 @@ -2896,64 +2896,48 @@ EXECUTE nested; DROP TABLE t1; ---echo # End of 10.11 tests - ---echo # ---echo # MDEV-30088 Assertion `cond_selectivity <= 1.0' failed in get_range_limit_read_cost --echo # - -CREATE TABLE t1 (a TIMESTAMP, KEY(a)) ENGINE=MRG_MyISAM; -explain SELECT a, COUNT(*) FROM t1 WHERE a >= '2000-01-01 00:00:00' GROUP BY a; -SELECT a, COUNT(*) FROM t1 WHERE a >= '2000-01-01 00:00:00' GROUP BY a; -DROP TABLE t1; - ---echo # ---echo # MDEV-30525: Assertion `ranges > 0' fails in IO_AND_CPU_COST handler::keyread_time +--echo # MDEV-39494 UBSAN failure --echo # CREATE TABLE t1 (a INT, KEY(a)) ENGINE=MyISAM; CREATE TABLE t2 (a INT, KEY(a)) ENGINE=MyISAM; CREATE TABLE tm (a INT, KEY(a)) ENGINE=MRG_MyISAM UNION=(t1,t2); +# Must have zero records to produce UBSAN failure on divide-by-zero. SELECT DISTINCT a FROM tm WHERE a > 50; DROP TABLE tm, t1, t2; ---echo # Testcase 2: -CREATE TABLE t1 (a INT, KEY(a)) ENGINE=MyISAM; -CREATE TABLE t2 (a INT, KEY(a)) ENGINE=MyISAM; -CREATE TABLE tm (a INT, KEY(a)) ENGINE=MERGE UNION = (t1, t2) INSERT_METHOD=FIRST; -ANALYZE TABLE tm PERSISTENT FOR ALL; -SELECT DISTINCT a FROM (SELECT * FROM tm WHERE a iS NOT NULL) AS sq; -DROP TABLE tm, t1, t2; - --echo # ---echo # MDEV-30568 Assertion `cond_selectivity <= 1.000000001' failed in get_range_limit_read_cost +--echo # MDEV-38474 Double free or corruption, ASAN heap-use-after-free in st_join_table::cleanup --echo # -CREATE TABLE t1 (f INT, KEY(f)) ENGINE=MyISAM; -CREATE TABLE t2 (f INT, KEY(f)) ENGINE=MyISAM; -CREATE TABLE tm (f INT, KEY(f)) ENGINE=MERGE UNION = (t1, t2); -SELECT DISTINCT f FROM tm WHERE f IN (47, 126, 97, 48, 73, 0); -DROP TABLE tm, t1, t2; ---echo # ---echo # MDEV-30786 SIGFPE in cost_group_min_max on EXP ---echo # -SET use_stat_tables='preferably'; -CREATE TABLE t1 (a INT,b INT,KEY i1 (a),KEY i2 (b)) ENGINE=MRG_MyISAM; -ANALYZE LOCAL TABLE t1; -EXPLAIN SELECT DISTINCT a FROM t1; -drop table t1; -set use_stat_tables=default; +--echo # Test case 1, fails on 10.11+ +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (b INT); +CREATE TABLE t3 (c INT); + +--echo # Inserts are optional, fails with and without data +INSERT INTO t1 VALUES (1),(2); +INSERT INTO t2 VALUES (3),(4); +INSERT INTO t3 VALUES (5),(6); + +EXPLAIN SELECT * FROM t1 WHERE a IN (SELECT b FROM t2 WHERE a IN ((SELECT c FROM t3 WHERE FALSE HAVING c < 0))); + +DROP TABLE t1, t2, t3; ---echo # End of 11.0 tests +--echo # Test case 2, fails on 11.4 but not on 10.11 +CREATE TABLE t1 (a INT); +CREATE TABLE t2 (b INT); +CREATE TABLE t3 (c INT); +CREATE TABLE t4 (d INT PRIMARY KEY); + +SET SQL_SAFE_UPDATES=1; +--error ER_UPDATE_WITHOUT_KEY_IN_SAFE_MODE +UPDATE t1 STRAIGHT_JOIN t2 SET a = 89 WHERE 9 IN (SELECT c FROM t3 WHERE c IN (SELECT MAX(d) FROM t4)); + +DROP TABLE t1, t2, t3, t4; --echo # ---echo # MDEV-29174: UPDATE of view that uses MERGE table +--echo # End of 10.11 tests --echo # -CREATE TABLE t1 (a int) ENGINE=MERGE; -CREATE VIEW v1 AS SELECT a FROM t1; -UPDATE v1 SET a=0; -DROP VIEW v1; -DROP TABLE t1; - ---echo # End of 11.1 tests --source include/test_db_charset_restore.inc diff -Nru mariadb-11.8.6/mysql-test/suite/parts/r/alter_table.result mariadb-11.8.8/mysql-test/suite/parts/r/alter_table.result --- mariadb-11.8.6/mysql-test/suite/parts/r/alter_table.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/parts/r/alter_table.result 2026-05-24 09:58:31.000000000 +0000 @@ -51,6 +51,24 @@ drop table t1; # End of 10.5 tests # +# MDEV-34951: InnoDB index corruption when renaming key name with same letter to upper case. +# +# Tests on partitioned tables +# partitioned table with index 'idx' (lowercase) +CREATE TABLE t_part (a INT, KEY idx(a)) ENGINE=InnoDB +PARTITION BY HASH(a) PARTITIONS 1; +# non-partitioned table with index 'IDX' (uppercase) +CREATE TABLE t_nonpart (a INT, KEY IDX(a)) ENGINE=InnoDB; +INSERT INTO t_part VALUES (1); +# Exchange partition +# ALTER TABLE should fail. Without fix, ALTER TABLE succeeds, SELECT fails. +ALTER TABLE t_part EXCHANGE PARTITION p0 WITH TABLE t_nonpart; +ERROR HY000: Tables have different definitions +SELECT * FROM t_nonpart; +a +DROP TABLE t_part, t_nonpart; +# End of 10.6 tests +# # MDEV-22165 CONVERT PARTITION: move in partition from existing table # create or replace table tp1 (a int); @@ -311,14 +329,14 @@ # Privileges create user alan; grant usage on *.* to alan; -grant create, insert, drop on test.* to alan; +grant create, insert on test.* to alan; connect alan,localhost,alan,,test; show grants for current_user; Grants for alan@% GRANT USAGE ON *.* TO `alan`@`%` -GRANT INSERT, CREATE, DROP ON `test`.* TO `alan`@`%` +GRANT INSERT, CREATE ON `test`.* TO `alan`@`%` alter table t1 convert partition p1 to table tp1; -ERROR 42000: ALTER command denied to user 'alan'@'localhost' for table `test`.`t1` +ERROR 42000: DROP command denied to user 'alan'@'localhost' for table `test`.`t1` connection default; revoke all on test.* from alan; grant create, insert, alter on test.* to alan; diff -Nru mariadb-11.8.6/mysql-test/suite/parts/r/partition_alter_innodb.result mariadb-11.8.8/mysql-test/suite/parts/r/partition_alter_innodb.result --- mariadb-11.8.6/mysql-test/suite/parts/r/partition_alter_innodb.result 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/parts/r/partition_alter_innodb.result 2026-05-24 09:58:31.000000000 +0000 @@ -77,3 +77,12 @@ InnoDB 0 transactions not purged DROP TABLE t1; # End of 10.6 tests +# +# MDEV-38948 Assertion `time.valid(undo->top_undo_no)' fails +# upon ALTER IGNORE on partitioned table +# +CREATE TABLE t1(a INT) ENGINE=InnoDB PARTITION BY LIST (a) +(PARTITION p0 VALUES IN (1,2), PARTITION pdef DEFAULT); +INSERT INTO t1 VALUES (1),(6); +ALTER IGNORE TABLE t1 FORCE, ALGORITHM=COPY; +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/suite/parts/t/alter_table.test mariadb-11.8.8/mysql-test/suite/parts/t/alter_table.test --- mariadb-11.8.6/mysql-test/suite/parts/t/alter_table.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/parts/t/alter_table.test 2026-05-24 09:58:31.000000000 +0000 @@ -62,6 +62,30 @@ --echo # End of 10.5 tests --echo # +--echo # MDEV-34951: InnoDB index corruption when renaming key name with same letter to upper case. +--echo # + +--echo # Tests on partitioned tables +--echo # partitioned table with index 'idx' (lowercase) +CREATE TABLE t_part (a INT, KEY idx(a)) ENGINE=InnoDB +PARTITION BY HASH(a) PARTITIONS 1; + +--echo # non-partitioned table with index 'IDX' (uppercase) +CREATE TABLE t_nonpart (a INT, KEY IDX(a)) ENGINE=InnoDB; + +INSERT INTO t_part VALUES (1); + +--echo # Exchange partition +--echo # ALTER TABLE should fail. Without fix, ALTER TABLE succeeds, SELECT fails. +--error ER_TABLES_DIFFERENT_METADATA +ALTER TABLE t_part EXCHANGE PARTITION p0 WITH TABLE t_nonpart; + +SELECT * FROM t_nonpart; +DROP TABLE t_part, t_nonpart; + +--echo # End of 10.6 tests + +--echo # --echo # MDEV-22165 CONVERT PARTITION: move in partition from existing table --echo # create or replace table tp1 (a int); @@ -283,7 +307,7 @@ --echo # Privileges create user alan; grant usage on *.* to alan; -grant create, insert, drop on test.* to alan; +grant create, insert on test.* to alan; --connect alan,localhost,alan,,test show grants for current_user; --error ER_TABLEACCESS_DENIED_ERROR diff -Nru mariadb-11.8.6/mysql-test/suite/parts/t/partition_alter_innodb.test mariadb-11.8.8/mysql-test/suite/parts/t/partition_alter_innodb.test --- mariadb-11.8.6/mysql-test/suite/parts/t/partition_alter_innodb.test 2026-01-31 13:27:47.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/parts/t/partition_alter_innodb.test 2026-05-24 09:58:31.000000000 +0000 @@ -18,3 +18,13 @@ --source ../innodb/include/wait_all_purged.inc DROP TABLE t1; --echo # End of 10.6 tests + +--echo # +--echo # MDEV-38948 Assertion `time.valid(undo->top_undo_no)' fails +--echo # upon ALTER IGNORE on partitioned table +--echo # +CREATE TABLE t1(a INT) ENGINE=InnoDB PARTITION BY LIST (a) +(PARTITION p0 VALUES IN (1,2), PARTITION pdef DEFAULT); +INSERT INTO t1 VALUES (1),(6); +ALTER IGNORE TABLE t1 FORCE, ALGORITHM=COPY; +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/suite/perfschema/r/sxlock_func.result mariadb-11.8.8/mysql-test/suite/perfschema/r/sxlock_func.result --- mariadb-11.8.6/mysql-test/suite/perfschema/r/sxlock_func.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/perfschema/r/sxlock_func.result 2026-05-24 09:58:31.000000000 +0000 @@ -10,7 +10,6 @@ wait/synch/rwlock/innodb/dict_operation_lock wait/synch/rwlock/innodb/fil_space_latch wait/synch/rwlock/innodb/lock_latch -wait/synch/rwlock/innodb/log_latch wait/synch/rwlock/innodb/trx_i_s_cache_lock wait/synch/rwlock/innodb/trx_purge_latch wait/synch/rwlock/innodb/trx_rseg_latch @@ -44,7 +43,6 @@ event_name wait/synch/rwlock/innodb/fil_space_latch wait/synch/rwlock/innodb/lock_latch -wait/synch/rwlock/innodb/log_latch SELECT event_name FROM performance_schema.events_waits_history_long WHERE event_name = 'wait/synch/sxlock/innodb/index_tree_rw_lock' AND operation IN ('try_shared_lock','shared_lock') LIMIT 1; diff -Nru mariadb-11.8.6/mysql-test/suite/perfschema/r/table_schema.result mariadb-11.8.8/mysql-test/suite/perfschema/r/table_schema.result --- mariadb-11.8.6/mysql-test/suite/perfschema/r/table_schema.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/perfschema/r/table_schema.result 2026-05-24 09:58:31.000000000 +0000 @@ -700,7 +700,7 @@ def performance_schema file_summary_by_instance AVG_TIMER_MISC 24 NULL NO bigint NULL NULL 20 0 NULL NULL NULL bigint(20) unsigned select,insert,update,references Average wait time of all miscellaneous operations that are timed. NEVER NULL NO NO def performance_schema file_summary_by_instance MAX_TIMER_MISC 25 NULL NO bigint NULL NULL 20 0 NULL NULL NULL bigint(20) unsigned select,insert,update,references Maximum wait time of all miscellaneous operations that are timed. NEVER NULL NO NO def performance_schema global_status VARIABLE_NAME 1 NULL NO varchar 64 192 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(64) select,insert,update,references The global status variable name. NEVER NULL NO NO -def performance_schema global_status VARIABLE_VALUE 2 NULL YES varchar 1024 3072 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(1024) select,insert,update,references The global status variable value. NEVER NULL NO NO +def performance_schema global_status VARIABLE_VALUE 2 NULL YES varchar 4096 12288 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(4096) select,insert,update,references The global status variable value. NEVER NULL NO NO def performance_schema hosts HOST 1 NULL YES char 255 765 NULL NULL NULL utf8mb3 utf8mb3_bin char(255) select,insert,update,references Host name used by the client to connect, NULL for internal threads or user sessions that failed to authenticate. NEVER NULL NO NO def performance_schema hosts CURRENT_CONNECTIONS 2 NULL NO bigint NULL NULL 19 0 NULL NULL NULL bigint(20) select,insert,update,references Current number of the host's connections. NEVER NULL NO NO def performance_schema hosts TOTAL_CONNECTIONS 3 NULL NO bigint NULL NULL 19 0 NULL NULL NULL bigint(20) select,insert,update,references Total number of the host's connections NEVER NULL NO NO @@ -909,7 +909,7 @@ def performance_schema session_connect_attrs ATTR_VALUE 3 NULL YES varchar 1024 3072 NULL NULL NULL utf8mb3 utf8mb3_bin varchar(1024) select,insert,update,references Attribute value. NEVER NULL NO NO def performance_schema session_connect_attrs ORDINAL_POSITION 4 NULL YES int NULL NULL 10 0 NULL NULL NULL int(11) select,insert,update,references Order in which attribute was added to the connection attributes. NEVER NULL NO NO def performance_schema session_status VARIABLE_NAME 1 NULL NO varchar 64 192 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(64) select,insert,update,references The session status variable name. NEVER NULL NO NO -def performance_schema session_status VARIABLE_VALUE 2 NULL YES varchar 1024 3072 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(1024) select,insert,update,references The session status variable value. NEVER NULL NO NO +def performance_schema session_status VARIABLE_VALUE 2 NULL YES varchar 4096 12288 NULL NULL NULL utf8mb3 utf8mb3_general_ci varchar(4096) select,insert,update,references The session status variable value. NEVER NULL NO NO def performance_schema setup_actors HOST 1 '%' NO char 255 765 NULL NULL NULL utf8mb3 utf8mb3_bin char(255) select,insert,update,references Host name, either a literal, or the % wildcard representing any host. NEVER NULL NO NO def performance_schema setup_actors USER 2 '%' NO char 128 384 NULL NULL NULL utf8mb3 utf8mb3_bin char(128) select,insert,update,references User name, either a literal or the % wildcard representing any name. NEVER NULL NO NO def performance_schema setup_actors ROLE 3 '%' NO char 128 384 NULL NULL NULL utf8mb3 utf8mb3_bin char(128) select,insert,update,references Unused NEVER NULL NO NO diff -Nru mariadb-11.8.6/mysql-test/suite/perfschema/r/threads_mysql.result mariadb-11.8.8/mysql-test/suite/perfschema/r/threads_mysql.result --- mariadb-11.8.6/mysql-test/suite/perfschema/r/threads_mysql.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/perfschema/r/threads_mysql.result 2026-05-24 09:58:31.000000000 +0000 @@ -60,6 +60,17 @@ unified_parent_thread_id unified parent_thread_id role NULL instrumented YES +name thread/sql/slave_deadlock_handler +type BACKGROUND +processlist_user NULL +processlist_host NULL +processlist_db NULL +processlist_command NULL +processlist_info NULL +connection_type NULL +unified_parent_thread_id unified parent_thread_id +role NULL +instrumented YES CREATE TEMPORARY TABLE t1 AS SELECT thread_id FROM performance_schema.threads WHERE name LIKE 'thread/sql%'; @@ -123,4 +134,5 @@ thread/sql/main thread/sql/manager thread/sql/main thread/sql/one_connection thread/sql/main thread/sql/signal_handler +thread/sql/main thread/sql/slave_deadlock_handler thread/sql/one_connection thread/sql/event_scheduler diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/r/feedback_os_release.result mariadb-11.8.8/mysql-test/suite/plugins/r/feedback_os_release.result --- mariadb-11.8.6/mysql-test/suite/plugins/r/feedback_os_release.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/r/feedback_os_release.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,5 @@ +# +# MDEV-39126: Feedback plugin to use /etc/os-release +# +Uname_distribution matches /etc/os-release +# End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/r/mdev38431.result mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38431.result --- mariadb-11.8.6/mysql-test/suite/plugins/r/mdev38431.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38431.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,9 +1,6 @@ # # Setup # -INSTALL PLUGIN IF NOT EXISTS cleartext_plugin_server SONAME ''; -Warnings: -Note 1968 Plugin 'cleartext_plugin_server' already installed CREATE DATABASE mdev38431_db; # # Test 1: Short password - baseline test diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/r/mdev38550.result mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38550.result --- mariadb-11.8.6/mysql-test/suite/plugins/r/mdev38550.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/r/mdev38550.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,45 @@ +# +# Setup +# +CREATE DATABASE mdev38550_db; +# +# Test 1: COM_CHANGE_USER with short password +# Verify mysql_change_user() works correctly with database parameter +# +CREATE USER changeusertest IDENTIFIED VIA cleartext_plugin_server USING 'changepwd'; +GRANT ALL ON *.* TO changeusertest; +SELECT DATABASE() AS db; +db +mdev38550_db +# +# Test 2: COM_CHANGE_USER with long password (260 bytes) +# This works because auth plugin switching sends password in a SECOND packet +# (via ma_net_write), bypassing the 255-byte limit in send_change_user_packet() +# +# Note: If connection used cleartext directly (no auth switch), it would fail +# due to libmariadb's 255-byte limit in send_change_user_packet() +# +CREATE USER changeuserlongpwd IDENTIFIED VIA cleartext_plugin_server USING 'cccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccccc'; +GRANT ALL ON *.* TO changeuserlongpwd; +SELECT DATABASE() AS db; +db +mdev38550_db +# +# Test 3: COM_CHANGE_USER with long password - no auth switch +# Connection uses cleartext directly, password goes in first packet +# Requires LENENC support in both client and server for COM_CHANGE_USER +# +connect cleartext_con, 127.0.0.1, changeuserlongpwd, $change_pwd, mdev38550_db, $MASTER_MYPORT, , , mysql_clear_password; +SELECT DATABASE() AS db, CURRENT_USER() AS user; +db user +mdev38550_db changeuserlongpwd@% +SELECT DATABASE() AS db, CURRENT_USER() AS user; +db user +mdev38550_db changeuserlongpwd@% +connection default; +disconnect cleartext_con; +# +# Cleanup +# +DROP USER changeusertest, changeuserlongpwd; +DROP DATABASE mdev38550_db; diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/t/feedback_os_release.opt mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.opt --- mariadb-11.8.6/mysql-test/suite/plugins/t/feedback_os_release.opt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.opt 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,2 @@ +--loose-feedback +--plugin-load-add=$FEEDBACK_SO diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/t/feedback_os_release.test mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.test --- mariadb-11.8.6/mysql-test/suite/plugins/t/feedback_os_release.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/t/feedback_os_release.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,68 @@ +--source include/not_embedded.inc + +--echo # +--echo # MDEV-39126: Feedback plugin to use /etc/os-release +--echo # + +if (`select count(*) = 0 from information_schema.plugins + where plugin_name = 'feedback' and plugin_status='active'`) +{ + --skip Feedback plugin is not active +} + +if (`select @@feedback_url = ""`) +{ + --skip Feedback plugin is not active +} + +perl; + if (! -f '/etc/os-release') { + open(FILE, '>', $ENV{MYSQLTEST_VARDIR} . '/tmp/skip_mdev39126') or die; + close(FILE); + } else { + open(my $fh, '<', '/etc/os-release') or die "Cannot open /etc/os-release: $!"; + my $pretty_name = ''; + while (my $line = <$fh>) { + chomp $line; + if ($line =~ /^PRETTY_NAME=(.+)$/) { + $pretty_name = $1; + $pretty_name =~ s/^"(.*)"$/$1/; + last; + } + } + close($fh); + open(my $out, '>', $ENV{MYSQLTEST_VARDIR} . '/tmp/mdev39126_pretty_name') or die; + print $out "os-release: $pretty_name"; + close($out); + } +EOF + +# Skip if /etc/os-release was not found (written by perl block above) +if (!`select LOAD_FILE('$MYSQLTEST_VARDIR/tmp/skip_mdev39126') IS NULL`) +{ + --skip /etc/os-release not available on this platform +} + +let $plugin_val= `select variable_value from information_schema.feedback + where variable_name = 'Uname_distribution'`; + +# Skip if plugin returned empty (e.g. FreeBSD with MTR_FEEDBACK_PLUGIN=0) +if (`select '$plugin_val' = ''`) +{ + --skip Uname_distribution not available on this platform +} + +let $expected_val= `select TRIM(LOAD_FILE('$MYSQLTEST_VARDIR/tmp/mdev39126_pretty_name'))`; + +if (`select '$plugin_val' != '$expected_val'`) +{ + --echo Mismatch! Plugin: '$plugin_val' + --echo Expected: '$expected_val' + --die Uname_distribution does not match /etc/os-release PRETTY_NAME +} + +--echo Uname_distribution matches /etc/os-release + +--remove_file $MYSQLTEST_VARDIR/tmp/mdev39126_pretty_name + +--echo # End of 10.11 tests diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/t/mdev38431.test mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38431.test --- mariadb-11.8.6/mysql-test/suite/plugins/t/mdev38431.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38431.test 2026-05-24 09:58:31.000000000 +0000 @@ -14,7 +14,6 @@ --echo # --echo # Setup --echo # -eval INSTALL PLUGIN IF NOT EXISTS cleartext_plugin_server SONAME '$PLUGIN_AUTH'; CREATE DATABASE mdev38431_db; --echo # @@ -56,4 +55,3 @@ --echo # DROP USER shortuser, longuser, verylonguser; DROP DATABASE mdev38431_db; -# Note: Do not uninstall cleartext_plugin_server as it was pre-loaded by MTR diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/t/mdev38550.test mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38550.test --- mariadb-11.8.6/mysql-test/suite/plugins/t/mdev38550.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/t/mdev38550.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,64 @@ +# +# MDEV-38550: COM_CHANGE_USER with Long Password Corrupts Database Name +# +# When password > 255 bytes with COM_CHANGE_USER, the password length was +# truncated to a single byte, causing the server to read garbage as the +# database name. +# +# Fix: Add LENENC support for COM_CHANGE_USER password field in both +# client (libmariadb) and server (sql_acl.cc). +# + +--source include/not_embedded.inc +--source include/have_plugin_auth.inc + +--echo # +--echo # Setup +--echo # +CREATE DATABASE mdev38550_db; + +--echo # +--echo # Test 1: COM_CHANGE_USER with short password +--echo # Verify mysql_change_user() works correctly with database parameter +--echo # +CREATE USER changeusertest IDENTIFIED VIA cleartext_plugin_server USING 'changepwd'; +GRANT ALL ON *.* TO changeusertest; + +# Use change_user command to switch user with password and database +change_user changeusertest,changepwd,mdev38550_db; +SELECT DATABASE() AS db; +change_user root; + +--echo # +--echo # Test 2: COM_CHANGE_USER with long password (260 bytes) +--echo # This works because auth plugin switching sends password in a SECOND packet +--echo # (via ma_net_write), bypassing the 255-byte limit in send_change_user_packet() +--echo # +--echo # Note: If connection used cleartext directly (no auth switch), it would fail +--echo # due to libmariadb's 255-byte limit in send_change_user_packet() +--echo # +--let $change_pwd=`SELECT REPEAT('c', 260)` +eval CREATE USER changeuserlongpwd IDENTIFIED VIA cleartext_plugin_server USING '$change_pwd'; +GRANT ALL ON *.* TO changeuserlongpwd; + +change_user changeuserlongpwd,$change_pwd,mdev38550_db; +SELECT DATABASE() AS db; +change_user root; + +--echo # +--echo # Test 3: COM_CHANGE_USER with long password - no auth switch +--echo # Connection uses cleartext directly, password goes in first packet +--echo # Requires LENENC support in both client and server for COM_CHANGE_USER +--echo # +--connect (cleartext_con, 127.0.0.1, changeuserlongpwd, $change_pwd, mdev38550_db, $MASTER_MYPORT, , , mysql_clear_password) +SELECT DATABASE() AS db, CURRENT_USER() AS user; +change_user changeuserlongpwd,$change_pwd,mdev38550_db; +SELECT DATABASE() AS db, CURRENT_USER() AS user; +--connection default +--disconnect cleartext_con + +--echo # +--echo # Cleanup +--echo # +DROP USER changeusertest, changeuserlongpwd; +DROP DATABASE mdev38550_db; diff -Nru mariadb-11.8.6/mysql-test/suite/plugins/t/show_all_plugins.test mariadb-11.8.8/mysql-test/suite/plugins/t/show_all_plugins.test --- mariadb-11.8.6/mysql-test/suite/plugins/t/show_all_plugins.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/plugins/t/show_all_plugins.test 2026-05-24 09:58:31.000000000 +0000 @@ -4,6 +4,7 @@ if (!$LIBDAEMON_EXAMPLE_SO) { skip requires libdaemon_examples.so; } if (!$EXAMPLE_KEY_MANAGEMENT_SO) { skip requires example_key_management.so; } if (`SELECT VERSION() LIKE '%embedded%'`) { skip Disabled for embedded until MDEV-8664 is resolved; } +--source include/not_asan.inc # because of STB_GNU_UNIQUE symbols flush global status; show status like '%libraries%'; diff -Nru mariadb-11.8.6/mysql-test/suite/roles/definer.result mariadb-11.8.8/mysql-test/suite/roles/definer.result --- mariadb-11.8.6/mysql-test/suite/roles/definer.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/roles/definer.result 2026-05-24 09:58:31.000000000 +0000 @@ -288,33 +288,33 @@ SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v1` AS SELECT - 1 AS `a+b`, - 1 AS `c` */; + NULL AS `a+b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v2` AS SELECT - 1 AS `a+b`, - 1 AS `c`, - 1 AS `current_role()` */; + NULL AS `a+b`, + NULL AS `c`, + NULL AS `current_role()` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v3` AS SELECT - 1 AS `a+b`, - 1 AS `c` */; + NULL AS `a+b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v4` AS SELECT - 1 AS `a+b`, - 1 AS `c` */; + NULL AS `a+b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; SET @saved_cs_client = @@character_set_client; SET character_set_client = utf8mb4; /*!50001 CREATE VIEW `v5` AS SELECT - 1 AS `a+b`, - 1 AS `c` */; + NULL AS `a+b`, + NULL AS `c` */; SET character_set_client = @saved_cs_client; CREATE DATABASE /*!32312 IF NOT EXISTS*/ `mysqltest1` /*!40100 DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_uca1400_ai_ci */; @@ -351,7 +351,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`role1`*/ /*!50003 trigger tr1 before insert on t2 for each row -insert t1 values (111, 222, 333) */;; +insert t1 values (111, 222, 333) +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -367,7 +368,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`role3`@`%`*/ /*!50003 trigger tr3 before update on t2 for each row -insert t1 values (111, 222, 333) */;; +insert t1 values (111, 222, 333) +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -383,7 +385,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ; DELIMITER ;; /*!50003 CREATE*/ /*!50017 DEFINER=`role2`@``*/ /*!50003 trigger tr2 before delete on t2 for each row -insert t1 values (111, 222, 333) */;; +insert t1 values (111, 222, 333) +*/;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -401,7 +404,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ;; /*!50003 SET @saved_time_zone = @@time_zone */ ;; /*!50003 SET time_zone = 'SYSTEM' */ ;; -/*!50106 CREATE*/ /*!50117 DEFINER=`role1`*/ /*!50106 EVENT `e1` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 2, 0) */ ;; +/*!50106 CREATE*/ /*!50117 DEFINER=`role1`*/ /*!50106 EVENT `e1` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 2, 0) +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -418,7 +422,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ;; /*!50003 SET @saved_time_zone = @@time_zone */ ;; /*!50003 SET time_zone = 'SYSTEM' */ ;; -/*!50106 CREATE*/ /*!50117 DEFINER=`role2`*/ /*!50106 EVENT `e2` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 4, 0) */ ;; +/*!50106 CREATE*/ /*!50117 DEFINER=`role2`*/ /*!50106 EVENT `e2` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 4, 0) +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -435,7 +440,8 @@ /*!50003 SET sql_mode = 'STRICT_TRANS_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION' */ ;; /*!50003 SET @saved_time_zone = @@time_zone */ ;; /*!50003 SET time_zone = 'SYSTEM' */ ;; -/*!50106 CREATE*/ /*!50117 DEFINER=`role3`@`%`*/ /*!50106 EVENT `e3` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 3, 0) */ ;; +/*!50106 CREATE*/ /*!50117 DEFINER=`role3`@`%`*/ /*!50106 EVENT `e3` ON SCHEDULE EVERY 1 SECOND STARTS '2000-01-01 00:00:00' ON COMPLETION NOT PRESERVE ENABLE DO insert t1 values (111, 3, 0) +*/ ;; /*!50003 SET time_zone = @saved_time_zone */ ;; /*!50003 SET sql_mode = @saved_sql_mode */ ;; /*!50003 SET character_set_client = @saved_cs_client */ ;; @@ -453,7 +459,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role1` FUNCTION `fn1`() RETURNS int(11) -return (select sum(a+b) from t1) ;; +return (select sum(a+b) from t1) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -469,7 +476,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role2` FUNCTION `fn2`() RETURNS int(11) -return (select sum(a+b) from t1) ;; +return (select sum(a+b) from t1) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -485,7 +493,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role3`@`%` FUNCTION `fn3`() RETURNS int(11) -return (select sum(a+b) from t1) ;; +return (select sum(a+b) from t1) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -501,7 +510,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role1` PROCEDURE `pr1`() -insert t1 values (111, 222, 333) ;; +insert t1 values (111, 222, 333) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -517,7 +527,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role2`@`%` PROCEDURE `pr2`() -insert t1 values (111, 222, 333) ;; +insert t1 values (111, 222, 333) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; @@ -533,7 +544,8 @@ /*!50003 SET collation_connection = latin1_swedish_ci */ ; DELIMITER ;; CREATE DEFINER=`role3`@`%` PROCEDURE `pr3`() -insert t1 values (111, 222, 333) ;; +insert t1 values (111, 222, 333) +;; DELIMITER ; /*!50003 SET sql_mode = @saved_sql_mode */ ; /*!50003 SET character_set_client = @saved_cs_client */ ; diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/include/check_slave_skip_errors.inc mariadb-11.8.8/mysql-test/suite/rpl/include/check_slave_skip_errors.inc --- mariadb-11.8.6/mysql-test/suite/rpl/include/check_slave_skip_errors.inc 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/include/check_slave_skip_errors.inc 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,23 @@ +# ==== Purpose ==== +# +# MDEV-38624: Verify that ER_CONNECTION_KILLED (1927) cannot be added to +# --slave-skip-errors, even when explicitly specified or when using "all". +# +# Called from tests that configure --slave-skip-errors with 1927 or "all". +# Checks that 1927 is absent from slave_skip_errors and that the expected +# warning appears in the slave error log. + +--connection slave +call mtr.add_suppression("Slave: ER_CONNECTION_KILLED .* is not allowed in --slave-skip-errors"); + +--let $skip_errors= query_get_value(SHOW VARIABLES LIKE 'slave_skip_errors', Value, 1) +if (`SELECT '$skip_errors' LIKE '%1927%'`) +{ + --die MDEV-38624: Error 1927 must not be added to slave_skip_errors +} + +--let $assert_file= $MYSQLTEST_VARDIR/log/mysqld.2.err +--let $assert_select= ER_CONNECTION_KILLED .* is not allowed in --slave-skip-errors +--let $assert_count= 1 +--let $assert_text= Warning about ER_CONNECTION_KILLED should appear in error log +--source include/assert_grep.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/include/check_type.inc mariadb-11.8.8/mysql-test/suite/rpl/include/check_type.inc --- mariadb-11.8.6/mysql-test/suite/rpl/include/check_type.inc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/include/check_type.inc 2026-05-24 09:58:31.000000000 +0000 @@ -35,7 +35,7 @@ sync_slave_with_master; if ($target_temp_format) { - --eval SET @@global.mysql56_temporal_format= $source_temp_format + --eval SET @@global.mysql56_temporal_format= $target_temp_format } eval ALTER TABLE t1 MODIFY a $target_type; @@ -60,13 +60,13 @@ if (!$can_convert) { connection slave; wait_for_slave_to_stop; - let $error = query_get_value("SHOW SLAVE STATUS", Last_SQL_Error, 1); + let $error = query_get_value("SHOW SLAVE STATUS", Last_SQL_Errno, 1); eval INSERT INTO type_conversions SET Source = "$source_type", Target = "$target_type", Flags = @@slave_type_conversions, On_Master = $source_value, - Error = "$error"; + Error = $error; SET GLOBAL SQL_SLAVE_SKIP_COUNTER = 1; START SLAVE; } diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/binlog_check_constraint_checks_flag.result mariadb-11.8.8/mysql-test/suite/rpl/r/binlog_check_constraint_checks_flag.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/binlog_check_constraint_checks_flag.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/binlog_check_constraint_checks_flag.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,24 @@ +include/master-slave.inc +[connection master] +connection master; +create table t10( +pk int primary key, +a int, +constraint a_big check (a>10) +); +insert into t10 values (1, 20); +set check_constraint_checks=off; +update t10 set a=a-15 where pk=1; +update t10 set a=a+100 where pk=1; +set check_constraint_checks=on ; +select * from t10; +pk a +1 105 +connection slave; +select * from t10; +pk a +1 105 +connection master; +drop table t10; +connection slave; +include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_alter_rollback.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_alter_rollback.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_alter_rollback.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_alter_rollback.result 2026-05-24 09:58:31.000000000 +0000 @@ -42,9 +42,9 @@ master-bin.000001 # Gtid # # GTID #-#-# ROLLBACK ALTER id=# master-bin.000001 # Query # # use `test`; alter table t2 add constraint c1 foreign key (f1) references t1(f1) master-bin.000001 # Gtid # # GTID #-#-# START ALTER -master-bin.000001 # Query # # use `test`; set foreign_key_checks=1; alter table t2 add constraint c1 foreign key (f1) references t1(f1) +master-bin.000001 # Query # # use `test`; set foreign_key_checks=0; alter table t2 add constraint c1 foreign key (f1) references t1(f1) master-bin.000001 # Gtid # # GTID #-#-# ROLLBACK ALTER id=# -master-bin.000001 # Query # # use `test`; set foreign_key_checks=1; alter table t2 add constraint c1 foreign key (f1) references t1(f1) +master-bin.000001 # Query # # use `test`; set foreign_key_checks=0; alter table t2 add constraint c1 foreign key (f1) references t1(f1) connection slave; connection master; drop table t2, t1; diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_change_master_implicit_gtid_warning.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_change_master_implicit_gtid_warning.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_change_master_implicit_gtid_warning.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_change_master_implicit_gtid_warning.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,36 @@ +include/master-slave.inc +[connection master] +connection slave; +include/stop_slave.inc +# +# Test 1: CHANGE MASTER TO with relay_log_pos when Using_Gtid is +# already No should NOT produce a spurious 'from No to No' warning +# +CHANGE MASTER TO MASTER_USE_GTID=NO; +CHANGE MASTER TO relay_log_pos=0; +SHOW WARNINGS; +Level Code Message +# +# Test 2: CHANGE MASTER TO with master_log_file/pos when Using_Gtid +# is already No should NOT produce a warning +# +CHANGE MASTER TO master_log_pos=IO_LOG_POS, master_log_file='IO_LOG_FILE'; +SHOW WARNINGS; +Level Code Message +# +# Test 3: CHANGE MASTER TO with log coordinates when Using_Gtid is +# Slave_Pos SHOULD produce a warning (value actually changes) +# +CHANGE MASTER TO MASTER_USE_GTID=Slave_Pos; +CHANGE MASTER TO master_log_pos=IO_LOG_POS, master_log_file='IO_LOG_FILE'; +Warnings: +Note 4190 CHANGE MASTER TO is implicitly changing the value of 'Using_Gtid' from 'Slave_Pos' to 'No' +SHOW WARNINGS; +Level Code Message +Note 4190 CHANGE MASTER TO is implicitly changing the value of 'Using_Gtid' from 'Slave_Pos' to 'No' +# +# Cleanup +# +CHANGE MASTER TO MASTER_USE_GTID=Slave_Pos; +include/start_slave.inc +include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_from_mysql80.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_from_mysql80.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_from_mysql80.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_from_mysql80.result 2026-05-24 09:58:31.000000000 +0000 @@ -22,8 +22,6 @@ STOP SLAVE IO_THREAD; include/wait_for_slave_io_to_stop.inc CHANGE MASTER TO Master_log_file='master-bin.000001', Master_log_pos=2297; -Warnings: -Note 4190 CHANGE MASTER TO is implicitly changing the value of 'Using_Gtid' from 'No' to 'No' START SLAVE IO_THREAD; START SLAVE SQL_THREAD; include/wait_for_slave_io_to_start.inc @@ -41,8 +39,6 @@ STOP SLAVE IO_THREAD; include/wait_for_slave_io_to_stop.inc CHANGE MASTER TO Master_log_file='master-bin.000002', Master_log_pos=4; -Warnings: -Note 4190 CHANGE MASTER TO is implicitly changing the value of 'Using_Gtid' from 'No' to 'No' START SLAVE IO_THREAD; START SLAVE SQL_THREAD; include/wait_for_slave_io_to_start.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_gtid_excess_initial_delay.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_gtid_excess_initial_delay.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_gtid_excess_initial_delay.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_gtid_excess_initial_delay.result 2026-05-24 09:58:31.000000000 +0000 @@ -5,6 +5,8 @@ include/stop_slave.inc CHANGE MASTER TO MASTER_DELAY= 10; include/start_slave.inc +SQL_Remaining_Delay = 'NULL' +Slave_SQL_Running_State = 'Slave has read all relay log; waiting for more updates' connection master; INSERT INTO t1 VALUES (1); include/sync_slave_io_with_master.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_heartbeat_basic.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_heartbeat_basic.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_heartbeat_basic.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_heartbeat_basic.result 2026-05-24 09:58:31.000000000 +0000 @@ -182,6 +182,18 @@ ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '''' at line 1 RESET SLAVE; +*** MDEV-38454: MASTER_HEARTBEAT_PERIOD should accept + sign *** +CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=MASTER_PORT, MASTER_USER='root', MASTER_CONNECT_RETRY=20, MASTER_HEARTBEAT_PERIOD=+60; +SHOW GLOBAL STATUS LIKE 'slave_heartbeat_period'; +Variable_name Value +Slave_heartbeat_period 60.000 +RESET SLAVE; +CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=MASTER_PORT, MASTER_USER='root', MASTER_CONNECT_RETRY=20, MASTER_HEARTBEAT_PERIOD=60; +SHOW GLOBAL STATUS LIKE 'slave_heartbeat_period'; +Variable_name Value +Slave_heartbeat_period 60.000 +RESET SLAVE; + *** Running slave *** CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=MASTER_PORT, MASTER_USER='root', MASTER_CONNECT_RETRY=20, MASTER_HEARTBEAT_PERIOD=0.1; include/start_slave.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev382.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev382.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev382.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev382.result 2026-05-24 09:58:31.000000000 +0000 @@ -355,7 +355,7 @@ show binlog events in 'master-bin.000002' from ; Log_name Pos Event_type Server_id End_log_pos Info master-bin.000002 # Gtid 1 # GTID #-#-# -master-bin.000002 # Query 1 # TRUNCATE TABLE `db1``; select 'oops!'`.`t``1` +master-bin.000002 # Query 1 # TRUNCATE TABLE `db1``; select 'oops!'`.`t``1` /* generated by server for memory table after a restart */ connection slave; include/start_slave.inc connection master; diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev38731.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38731.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev38731.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38731.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,20 @@ +include/master-slave.inc +[connection master] +CREATE TABLE t (a int, b int, c int, d int, KEY (d)) ENGINE=InnoDB; +INSERT INTO t (a,b,d) VALUES +(1,NULL,4),(2,NULL,1),(3,NULL,1), +(4,NULL,1),(5,NULL,1),(6,NULL,1), +(7,0,NULL),(8,NULL,NULL); +ALTER TABLE t ADD UNIQUE (b); +connection slave; +ANALYZE TABLE t; +Table Op Msg_type Msg_text +test.t analyze status Engine-independent statistics collected +test.t analyze status OK +connection master; +UPDATE t SET c = 1; +ALTER TABLE t ADD UNIQUE (a); +connection slave; +connection master; +DROP TABLE t; +include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev38734.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38734.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_mdev38734.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_mdev38734.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,17 @@ +include/master-slave.inc +[connection master] +connection slave; +SET @row_image_save = @@global.binlog_row_image; +SET GLOBAL binlog_row_image=MINIMAL; +include/stop_slave.inc +include/start_slave.inc +connection master; +SET binlog_row_image=MINIMAL; +CREATE TABLE t (pk int primary key, a text, b text, unique(b)); +INSERT INTO t VALUES (1,'foo', 'bar'); +UPDATE t SET a = 'baz'; +connection slave; +SET GLOBAL binlog_row_image = @row_image_save; +connection master; +DROP TABLE t; +include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_read_old_relay_log_info.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_read_old_relay_log_info.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_read_old_relay_log_info.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_read_old_relay_log_info.result 2026-05-24 09:58:31.000000000 +0000 @@ -12,4 +12,11 @@ include/wait_for_slave_io_to_start.inc # Check that relay log coordinates are equal to those we saved in old-format_relay-log.info = , 0, slave-relay-bin.000001, 4 +# +# MDEV-38020: Master & relay log info files read 2^31 and above incorrectly +# +connection server_2; +include/stop_slave.inc +include/rpl_restart_server.inc [server_number=2 parameters: --skip-slave-start] +include/assert.inc [relay_log_pos should be 2147483648 after restart] include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_skip_error.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_skip_error.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_skip_error.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_skip_error.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,6 +1,9 @@ include/master-slave.inc [connection master] connection slave; +call mtr.add_suppression("Slave: ER_CONNECTION_KILLED .* is not allowed in --slave-skip-errors"); +include/assert_grep.inc [Warning about ER_CONNECTION_KILLED should appear in error log] +connection slave; connection master; ==== Test Without sql_mode=strict_trans_tables ==== create table t1 (n int not null primary key); diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_temporary_error2_skip_all.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_temporary_error2_skip_all.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_temporary_error2_skip_all.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_temporary_error2_skip_all.result 2026-05-24 09:58:31.000000000 +0000 @@ -1,5 +1,8 @@ include/master-slave.inc [connection master] +connection slave; +call mtr.add_suppression("Slave: ER_CONNECTION_KILLED .* is not allowed in --slave-skip-errors"); +include/assert_grep.inc [Warning about ER_CONNECTION_KILLED should appear in error log] call mtr.add_suppression("Deadlock found when trying to get lock; try restarting transaction"); *** Provoke a deadlock on the slave, check that transaction retry succeeds. *** connection master; diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_typeconv.result mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_typeconv.result --- mariadb-11.8.6/mysql-test/suite/rpl/r/rpl_typeconv.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/r/rpl_typeconv.result 2026-05-24 09:58:31.000000000 +0000 @@ -12,7 +12,7 @@ On_Slave LONGTEXT, Expected LONGTEXT, Compare INT, -Error TEXT); +Error INT2); SELECT @@global.slave_type_conversions; @@global.slave_type_conversions diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/binlog_check_constraint_checks_flag.test mariadb-11.8.8/mysql-test/suite/rpl/t/binlog_check_constraint_checks_flag.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/binlog_check_constraint_checks_flag.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/binlog_check_constraint_checks_flag.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,36 @@ +--source include/master-slave.inc + +# References: +# +# MDEV-32447 Using check_constraint_checks=OFF can break replication +# +# check_constraint_checks was added in MDEV-7563 but its addition +# to OPTIONS_WRITTEN_TO_BINLOG was missed and therefore it was breaking +# replication in binlog formats other than ROW. + + +--connection master + +create table t10( + pk int primary key, + a int, + constraint a_big check (a>10) +); + +insert into t10 values (1, 20); +set check_constraint_checks=off; +update t10 set a=a-15 where pk=1; +update t10 set a=a+100 where pk=1; +set check_constraint_checks=on ; +select * from t10; + +--sync_slave_with_master + +# Here we are on the slave +select * from t10; +--connection master + +drop table t10; +--sync_slave_with_master + +--source include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_change_master_implicit_gtid_warning.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_change_master_implicit_gtid_warning.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_change_master_implicit_gtid_warning.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_change_master_implicit_gtid_warning.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,52 @@ +# +# Purpose: +# This test validates that CHANGE MASTER TO does not emit a spurious +# warning about implicitly changing Using_Gtid when the value is not +# actually changing. +# +# References: +# MDEV-37842: CHANGE MASTER TO is implicitly changing the value of +# 'Using_Gtid' from 'No' to 'No' +# + +# Format independent test so just use one +--source include/have_binlog_format_mixed.inc +--source include/master-slave.inc + +--connection slave +--source include/stop_slave.inc + +--echo # +--echo # Test 1: CHANGE MASTER TO with relay_log_pos when Using_Gtid is +--echo # already No should NOT produce a spurious 'from No to No' warning +--echo # +CHANGE MASTER TO MASTER_USE_GTID=NO; +CHANGE MASTER TO relay_log_pos=0; +SHOW WARNINGS; + +--echo # +--echo # Test 2: CHANGE MASTER TO with master_log_file/pos when Using_Gtid +--echo # is already No should NOT produce a warning +--echo # +--let $io_log_pos= query_get_value('SHOW SLAVE STATUS', Read_Master_Log_Pos, 1) +--let $io_log_file= query_get_value('SHOW SLAVE STATUS', Master_Log_File, 1) +--replace_result $io_log_file IO_LOG_FILE $io_log_pos IO_LOG_POS +--eval CHANGE MASTER TO master_log_pos=$io_log_pos, master_log_file='$io_log_file' +SHOW WARNINGS; + +--echo # +--echo # Test 3: CHANGE MASTER TO with log coordinates when Using_Gtid is +--echo # Slave_Pos SHOULD produce a warning (value actually changes) +--echo # +CHANGE MASTER TO MASTER_USE_GTID=Slave_Pos; +--replace_result $io_log_file IO_LOG_FILE $io_log_pos IO_LOG_POS +--eval CHANGE MASTER TO master_log_pos=$io_log_pos, master_log_file='$io_log_file' +SHOW WARNINGS; + +--echo # +--echo # Cleanup +--echo # +CHANGE MASTER TO MASTER_USE_GTID=Slave_Pos; +--source include/start_slave.inc + +--source include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_gtid_excess_initial_delay.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_gtid_excess_initial_delay.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_gtid_excess_initial_delay.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_gtid_excess_initial_delay.test 2026-05-24 09:58:31.000000000 +0000 @@ -8,13 +8,15 @@ # Steps: # 0 - Stop the slave and execute CHANGE MASTER command with # master_delay= 10 -# 1 - On slave introduce a sleep of 15 seconds and check that the +# 1 - Restart the slave and, after a brief moment, assert no ongoing delay. +# 2 - On the slave, introduce a sleep of 15 seconds and check that the # Seconds_Behind_Master is within specified master_delay limit. It should # not be more that "10" seconds. # # ==== References ==== # # MDEV-13895: GTID and Master_Delay causes excessive initial delay +# MDEV-38825: Slave delays when there is "nothing" to replicate --source include/have_binlog_format_mixed.inc --source include/master-slave.inc @@ -26,6 +28,11 @@ CHANGE MASTER TO MASTER_DELAY= 10; --source include/start_slave.inc +--sleep 3 +# Should be NULL and idle +--let $status_items= SQL_Remaining_Delay, Slave_SQL_Running_State +--source include/show_slave_status.inc + --connection master INSERT INTO t1 VALUES (1); --source include/sync_slave_io_with_master.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_heartbeat_basic.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_heartbeat_basic.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_heartbeat_basic.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_heartbeat_basic.test 2026-05-24 09:58:31.000000000 +0000 @@ -239,6 +239,22 @@ --echo # +# MDEV-38454: MASTER_HEARTBEAT_PERIOD should accept values with + sign +# +--echo *** MDEV-38454: MASTER_HEARTBEAT_PERIOD should accept + sign *** +# Test with + sign (was broken before fix) +--replace_result $MASTER_MYPORT MASTER_PORT +eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=$MASTER_MYPORT, MASTER_USER='root', MASTER_CONNECT_RETRY=$connect_retry, MASTER_HEARTBEAT_PERIOD=+60; +SHOW GLOBAL STATUS LIKE 'slave_heartbeat_period'; +RESET SLAVE; +# Test without + sign (should still work) +--replace_result $MASTER_MYPORT MASTER_PORT +eval CHANGE MASTER TO MASTER_HOST='127.0.0.1', MASTER_PORT=$MASTER_MYPORT, MASTER_USER='root', MASTER_CONNECT_RETRY=$connect_retry, MASTER_HEARTBEAT_PERIOD=60; +SHOW GLOBAL STATUS LIKE 'slave_heartbeat_period'; +RESET SLAVE; +--echo + +# # Testing heartbeat # diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_mdev38731.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38731.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_mdev38731.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38731.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,21 @@ +--source include/have_innodb.inc +--source include/have_binlog_format_row.inc +--source include/master-slave.inc + +CREATE TABLE t (a int, b int, c int, d int, KEY (d)) ENGINE=InnoDB; +INSERT INTO t (a,b,d) VALUES + (1,NULL,4),(2,NULL,1),(3,NULL,1), + (4,NULL,1),(5,NULL,1),(6,NULL,1), + (7,0,NULL),(8,NULL,NULL); +ALTER TABLE t ADD UNIQUE (b); +--sync_slave_with_master +ANALYZE TABLE t; +--connection master +UPDATE t SET c = 1; +ALTER TABLE t ADD UNIQUE (a); + +--sync_slave_with_master + +--connection master +DROP TABLE t; +--source include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_mdev38734.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38734.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_mdev38734.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_mdev38734.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,21 @@ +--source include/have_binlog_format_row.inc +--source include/master-slave.inc + +--connection slave +SET @row_image_save = @@global.binlog_row_image; +SET GLOBAL binlog_row_image=MINIMAL; +--source include/stop_slave.inc +--source include/start_slave.inc + +--connection master +SET binlog_row_image=MINIMAL; +CREATE TABLE t (pk int primary key, a text, b text, unique(b)); +INSERT INTO t VALUES (1,'foo', 'bar'); +UPDATE t SET a = 'baz'; + +--sync_slave_with_master +SET GLOBAL binlog_row_image = @row_image_save; + +--connection master +DROP TABLE t; +--source include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_memory_engine_truncate_on_restart.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_memory_engine_truncate_on_restart.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_memory_engine_truncate_on_restart.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_memory_engine_truncate_on_restart.test 2026-05-24 09:58:31.000000000 +0000 @@ -54,7 +54,7 @@ --let assert_text= Query to truncate the MEMORY table should be the contents of the new event --let assert_count= 1 ---let assert_select= TRUNCATE TABLE +--let assert_select= ^TRUNCATE TABLE .+generated.+memory table --source include/assert_grep.inc --echo # Ensuring slave MEMORY table is empty diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_read_old_relay_log_info.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_read_old_relay_log_info.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_read_old_relay_log_info.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_read_old_relay_log_info.test 2026-05-24 09:58:31.000000000 +0000 @@ -44,5 +44,30 @@ --die log coordinates changed } +--echo # +--echo # MDEV-38020: Master & relay log info files read 2^31 and above incorrectly +--echo # + +--connection server_2 +--source include/stop_slave.inc + +# Create a relay-log.info file with a position value > 2^31 +--let $MYSQLD_DATADIR= `select @@datadir` +--remove_file $MYSQLD_DATADIR/relay-log.info +--write_file $MYSQLD_DATADIR/relay-log.info +./slave-relay-bin.000001 +2147483648 + +0 +EOF + +--let $rpl_server_number= 2 +--let $rpl_server_parameters= --skip-slave-start +--source include/rpl_restart_server.inc + +--let $assert_text= relay_log_pos should be 2147483648 after restart +--let $assert_cond= [SHOW SLAVE STATUS, Relay_Log_Pos, 1] = 2147483648 +--source include/assert.inc + --let $rpl_only_running_threads= 1 --source include/rpl_end.inc diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_row_foreign_key_mdl.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_row_foreign_key_mdl.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_row_foreign_key_mdl.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_row_foreign_key_mdl.test 2026-05-24 09:58:31.000000000 +0000 @@ -8,6 +8,7 @@ # MDEV-25039: MDL BF-BF conflict because of foreign key # source include/have_innodb.inc; +source include/have_perfschema.inc; source include/have_debug_sync.inc; source include/have_binlog_format_row.inc; source include/master-slave.inc; diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_skip_error-slave.opt mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error-slave.opt --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_skip_error-slave.opt 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error-slave.opt 2026-05-24 09:58:31.000000000 +0000 @@ -1 +1 @@ ---slave-skip-errors=1062 +--slave-skip-errors=1062,1927 diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_skip_error.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_skip_error.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_skip_error.test 2026-05-24 09:58:31.000000000 +0000 @@ -26,9 +26,11 @@ # BUG#28839: Errors in strict mode silently stop SQL thread if --slave-skip-errors exists # bug in this test: BUG#30594: rpl.rpl_skip_error is nondeterministic: # BUG#39393: slave-skip-errors does not work when using ROW based replication +# BUG#38624: ER_CONNECTION_KILLED must not be skippable via --slave-skip-errors source include/have_innodb.inc; source include/master-slave.inc; +--source include/check_slave_skip_errors.inc --connection slave let $initial_skipped_error= query_get_value(show global status like "Slave_skipped_errors", Value, 1); diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_temporary_error2.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_temporary_error2.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2.test 2026-05-24 09:58:31.000000000 +0000 @@ -1,6 +1,11 @@ --source include/have_innodb.inc --source include/master-slave.inc +if ($check_mdev_38624) +{ + --source include/check_slave_skip_errors.inc +} + call mtr.add_suppression("Deadlock found when trying to get lock; try restarting transaction"); --disable_query_log call mtr.add_suppression("InnoDB: Transaction was aborted due to "); diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_temporary_error2_skip_all.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2_skip_all.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_temporary_error2_skip_all.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_temporary_error2_skip_all.test 2026-05-24 09:58:31.000000000 +0000 @@ -1,3 +1,4 @@ --source include/have_binlog_format_row.inc --let $ignored_db_deadlock= 1 +--let $check_mdev_38624= 1 --source rpl_temporary_error2.test diff -Nru mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_typeconv.test mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_typeconv.test --- mariadb-11.8.6/mysql-test/suite/rpl/t/rpl_typeconv.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/rpl/t/rpl_typeconv.test 2026-05-24 09:58:31.000000000 +0000 @@ -20,7 +20,7 @@ On_Slave LONGTEXT, Expected LONGTEXT, Compare INT, - Error TEXT); + Error INT2); SELECT @@global.slave_type_conversions; SET GLOBAL SLAVE_TYPE_CONVERSIONS=''; @@ -61,7 +61,7 @@ SELECT RPAD(Source, 15, ' ') AS Source_Type, RPAD(Target, 15, ' ') AS Target_Type, RPAD(Flags, 25, ' ') AS All_Type_Conversion_Flags, - IF(Compare IS NULL AND Error IS NOT NULL, '', + IF(Compare IS NULL AND Error, '', IF(Compare, '', CONCAT("'", On_Slave, "' != '", Expected, "'"))) AS Value_On_Slave diff -Nru mariadb-11.8.6/mysql-test/suite/s3/debug.result mariadb-11.8.8/mysql-test/suite/s3/debug.result --- mariadb-11.8.6/mysql-test/suite/s3/debug.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/s3/debug.result 2026-05-24 09:58:31.000000000 +0000 @@ -26,9 +26,9 @@ count(*) 100 set @@global.s3_debug=0; -FOUND 6 /s3_test_/ in mysqld.1.err +FOUND 8 /s3_test_/ in mysqld.1.err select count(*) from t1; count(*) 100 drop table t1; -FOUND 6 /s3_test_/ in mysqld.1.err +FOUND 8 /s3_test_/ in mysqld.1.err diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/create.result mariadb-11.8.8/mysql-test/suite/sql_sequence/create.result --- mariadb-11.8.6/mysql-test/suite/sql_sequence/create.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/create.result 2026-05-24 09:58:31.000000000 +0000 @@ -58,10 +58,6 @@ select * from t1; next_not_cached_value minimum_value maximum_value start_value increment cache_size cycle_option cycle_count 1 1 9223372036854775806 1 1 1000 0 0 -create or replace sequence t1 engine=archive; -ERROR HY000: Table storage engine 'ARCHIVE' does not support the create option 'SEQUENCE' -show create table t1; -ERROR 42S02: Table 'test.t1' doesn't exist create or replace sequence t1 start with 10; show create sequence t1; Table Create Table diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/create.test mariadb-11.8.8/mysql-test/suite/sql_sequence/create.test --- mariadb-11.8.6/mysql-test/suite/sql_sequence/create.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/create.test 2026-05-24 09:58:31.000000000 +0000 @@ -2,7 +2,6 @@ # Test create options with sequences # --source include/have_innodb.inc ---source include/have_archive.inc drop table if exists t1; @@ -22,14 +21,6 @@ show create sequence t1; show create table t1; select * from t1; ---error ER_ILLEGAL_HA_CREATE_OPTION -create or replace sequence t1 engine=archive; -# -# The following error should be fixed. We shouldn't delete old table on errors -# ---error ER_NO_SUCH_TABLE -show create table t1; - # Check start values create or replace sequence t1 start with 10; diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/create_archive.result mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.result --- mariadb-11.8.6/mysql-test/suite/sql_sequence/create_archive.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,23 @@ +create or replace sequence t1 engine=maria; +show create sequence t1; +Table Create Table +t1 CREATE SEQUENCE `t1` start with 1 minvalue 1 maxvalue 9223372036854775806 increment by 1 cache 1000 nocycle ENGINE=Aria +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `next_not_cached_value` bigint(21) NOT NULL, + `minimum_value` bigint(21) NOT NULL, + `maximum_value` bigint(21) NOT NULL, + `start_value` bigint(21) NOT NULL COMMENT 'start value when sequences is created or value if RESTART is used', + `increment` bigint(21) NOT NULL COMMENT 'increment value', + `cache_size` bigint(21) unsigned NOT NULL, + `cycle_option` tinyint(1) unsigned NOT NULL COMMENT '0 if no cycles are allowed, 1 if the sequence should begin a new cycle when maximum_value is passed', + `cycle_count` bigint(21) NOT NULL COMMENT 'How many cycles have been done' +) ENGINE=Aria SEQUENCE=1 +select * from t1; +next_not_cached_value minimum_value maximum_value start_value increment cache_size cycle_option cycle_count +1 1 9223372036854775806 1 1 1000 0 0 +create or replace sequence t1 engine=archive; +ERROR HY000: Table storage engine 'ARCHIVE' does not support the create option 'SEQUENCE' +show create table t1; +ERROR 42S02: Table 'test.t1' doesn't exist diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/create_archive.test mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.test --- mariadb-11.8.6/mysql-test/suite/sql_sequence/create_archive.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/create_archive.test 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,12 @@ +--source include/have_archive.inc +create or replace sequence t1 engine=maria; +show create sequence t1; +show create table t1; +select * from t1; +--error ER_ILLEGAL_HA_CREATE_OPTION +create or replace sequence t1 engine=archive; +# +# The following error should be fixed. We shouldn't delete old table on errors +# +--error ER_NO_SUCH_TABLE +show create table t1; diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/next.result mariadb-11.8.8/mysql-test/suite/sql_sequence/next.result --- mariadb-11.8.6/mysql-test/suite/sql_sequence/next.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/next.result 2026-05-24 09:58:31.000000000 +0000 @@ -611,6 +611,17 @@ select next value for s1 from s as s1; ERROR 42S02: Table 'test.s1' doesn't exist drop sequence s; +# +# MDEV-38815 Server crashes in Item_func_nextval::val_int upon update on a view +# +create sequence s; +create table t (a int default(nextval(s))); +create view v as select * from t; +insert into t values (1); +update v set a= default; +drop view v; +drop table t; +drop sequence s; # End of 10.11 tests # # MDEV-28152 Features for sequence diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/next.test mariadb-11.8.8/mysql-test/suite/sql_sequence/next.test --- mariadb-11.8.6/mysql-test/suite/sql_sequence/next.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/next.test 2026-05-24 09:58:31.000000000 +0000 @@ -339,6 +339,19 @@ select next value for s1 from s as s1; drop sequence s; +--echo # +--echo # MDEV-38815 Server crashes in Item_func_nextval::val_int upon update on a view +--echo # +create sequence s; +create table t (a int default(nextval(s))); +create view v as select * from t; +insert into t values (1); +update v set a= default; + +drop view v; +drop table t; +drop sequence s; + --echo # End of 10.11 tests --echo # diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/other.result mariadb-11.8.8/mysql-test/suite/sql_sequence/other.result --- mariadb-11.8.6/mysql-test/suite/sql_sequence/other.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/other.result 2026-05-24 09:58:31.000000000 +0000 @@ -185,11 +185,11 @@ # CREATE SEQUENCE s1 nocache engine=myisam; CREATE table t1 (a int check (next value for s1 > 0)); -ERROR HY000: Function or expression 'nextval()' cannot be used in the CHECK clause of `a` +ERROR 42000: CHECK does not support subqueries or stored functions CREATE table t1 (a int check (previous value for s1 > 0)); -ERROR HY000: Function or expression 'lastval()' cannot be used in the CHECK clause of `a` +ERROR 42000: CHECK does not support subqueries or stored functions CREATE table t1 (a int check (setval(s1,10))); -ERROR HY000: Function or expression 'setval()' cannot be used in the CHECK clause of `a` +ERROR 42000: CHECK does not support subqueries or stored functions CREATE TABLE t1 (a int, b int as (next value for s1 > 0)); ERROR HY000: Function or expression 'nextval()' cannot be used in the GENERATED ALWAYS AS clause of `b` drop sequence s1; diff -Nru mariadb-11.8.6/mysql-test/suite/sql_sequence/other.test mariadb-11.8.8/mysql-test/suite/sql_sequence/other.test --- mariadb-11.8.6/mysql-test/suite/sql_sequence/other.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sql_sequence/other.test 2026-05-24 09:58:31.000000000 +0000 @@ -158,11 +158,11 @@ --echo # CREATE SEQUENCE s1 nocache engine=myisam; ---error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED +--error ER_SUBQUERIES_NOT_SUPPORTED CREATE table t1 (a int check (next value for s1 > 0)); ---error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED +--error ER_SUBQUERIES_NOT_SUPPORTED CREATE table t1 (a int check (previous value for s1 > 0)); ---error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED +--error ER_SUBQUERIES_NOT_SUPPORTED CREATE table t1 (a int check (setval(s1,10))); --error ER_GENERATED_COLUMN_FUNCTION_IS_NOT_ALLOWED CREATE TABLE t1 (a int, b int as (next value for s1 > 0)); diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/group_concat_max_len_func.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/group_concat_max_len_func.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/group_concat_max_len_func.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/group_concat_max_len_func.result 2026-05-24 09:58:31.000000000 +0000 @@ -118,29 +118,11 @@ nested bar,foo SET group_concat_max_len = 1073741825; +Warnings: +Warning 1292 Truncated incorrect group_concat_max_len value: '1073741825' SHOW VARIABLES LIKE 'group_concat_max_len'; Variable_name Value -group_concat_max_len 1073741825 -SELECT GROUP_CONCAT(val) AS simple FROM t1; -simple -bar,foo -SELECT * FROM ( SELECT GROUP_CONCAT(val) AS nested FROM t1) As tmp; -nested -bar,foo -SET group_concat_max_len = 1073741826; -SHOW VARIABLES LIKE 'group_concat_max_len'; -Variable_name Value -group_concat_max_len 1073741826 -SELECT GROUP_CONCAT(val) AS simple FROM t1; -simple -bar,foo -SELECT * FROM ( SELECT GROUP_CONCAT(val) AS nested FROM t1) As tmp; -nested -bar,foo -SET group_concat_max_len = 2147483649; -SHOW VARIABLES LIKE 'group_concat_max_len'; -Variable_name Value -group_concat_max_len 2147483649 +group_concat_max_len 1073741824 SELECT GROUP_CONCAT(val) AS simple FROM t1; simple bar,foo diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/innodb_buffer_pool_in_core_dump_basic.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/innodb_buffer_pool_in_core_dump_basic.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/innodb_buffer_pool_in_core_dump_basic.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/innodb_buffer_pool_in_core_dump_basic.result 2026-05-24 09:58:31.000000000 +0000 @@ -0,0 +1,24 @@ +set @old_innodb_buffer_pool_in_core_dump = @@innodb_buffer_pool_in_core_dump; +SET GLOBAL innodb_buffer_pool_in_core_dump=OFF; +SELECT @@global.innodb_buffer_pool_in_core_dump; +@@global.innodb_buffer_pool_in_core_dump +0 +SELECT @@session.innodb_buffer_pool_in_core_dump; +ERROR HY000: Variable 'innodb_buffer_pool_in_core_dump' is a GLOBAL variable +SHOW GLOBAL VARIABLES LIKE 'innodb_buffer_pool_in_core_dump'; +Variable_name Value +innodb_buffer_pool_in_core_dump OFF +SHOW SESSION VARIABLES LIKE 'innodb_buffer_pool_in_core_dump'; +Variable_name Value +innodb_buffer_pool_in_core_dump OFF +SELECT * FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES WHERE variable_name='innodb_buffer_pool_in_core_dump'; +VARIABLE_NAME VARIABLE_VALUE +INNODB_BUFFER_POOL_IN_CORE_DUMP OFF +SELECT * FROM INFORMATION_SCHEMA.SESSION_VARIABLES WHERE variable_name='innodb_buffer_pool_in_core_dump'; +VARIABLE_NAME VARIABLE_VALUE +INNODB_BUFFER_POOL_IN_CORE_DUMP OFF +SET SESSION innodb_buffer_pool_in_core_dump=ON; +ERROR HY000: Variable 'innodb_buffer_pool_in_core_dump' is a GLOBAL variable and should be set with SET GLOBAL +SET GLOBAL innodb_buffer_pool_in_core_dump=ON; +SET GLOBAL innodb_buffer_pool_in_core_dump=OFF; +SET GLOBAL innodb_buffer_pool_in_core_dump = @old_innodb_buffer_pool_in_core_dump; diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/proxy_protocol_networks_grant.result 2026-05-24 09:58:32.000000000 +0000 @@ -7,7 +7,6 @@ GRANT ALL PRIVILEGES ON *.* TO user1@localhost; REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; connect user1,localhost,user1,,; -connection user1; SET GLOBAL proxy_protocol_networks=""; ERROR 42000: Access denied; you need (at least one of) the CONNECTION ADMIN privilege(s) for this operation SET proxy_protocol_networks=""; @@ -21,7 +20,6 @@ CREATE USER user1@localhost; GRANT CONNECTION ADMIN ON *.* TO user1@localhost; connect user1,localhost,user1,,; -connection user1; SET GLOBAL proxy_protocol_networks=""; SET proxy_protocol_networks=""; ERROR HY000: Variable 'proxy_protocol_networks' is a GLOBAL variable and should be set with SET GLOBAL @@ -30,4 +28,10 @@ disconnect user1; connection default; DROP USER user1@localhost; +# +# MDEV-39658 ASAN crash on invalid proxy_protocol_networks value +# +SET GLOBAL proxy_protocol_networks='1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0'; +ERROR 42000: Error parsing proxy_protocol_networks parameter, near '1' +# End of 10.6 tests SET @@global.proxy_protocol_networks=@global; diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/session_track_system_variables_basic.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/session_track_system_variables_basic.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/session_track_system_variables_basic.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/session_track_system_variables_basic.result 2026-05-24 09:58:32.000000000 +0000 @@ -151,6 +151,42 @@ SET SESSION session_track_system_variables="sql_slave_skip_counter", sql_slave_skip_counter= 0; # Restoring the original values. SET @@global.session_track_system_variables = @global_saved_tmp; +# End of 10.2 tests. +# +# MDEV-39207 plugin variables disappear from session_track_system_variables list +# +install soname 'ha_example.so'; +# Plugin global vars are not included +set global session_track_system_variables='myisam_block_size'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables + +set global session_track_system_variables='example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +example_int_var +set global session_track_system_variables='myisam_sort_buffer_size,example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +example_int_var,myisam_sort_buffer_size +set global session_track_system_variables='myisam_block_size,myisam_sort_buffer_size,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +character_set_client,example_int_var,myisam_sort_buffer_size +# Session tracking works as expected for plugin session var +connect foo,localhost,root; +select @@session.session_track_system_variables; +@@session.session_track_system_variables +character_set_client,example_int_var,myisam_sort_buffer_size +set session example_int_var = -1; +-- Tracker : SESSION_TRACK_SYSTEM_VARIABLES +-- example_int_var: -1 + +connection default; +disconnect foo; +uninstall soname 'ha_example.so'; +SET @@global.session_track_system_variables = @global_saved_tmp; +# End of 10.11 tests # # MDEV-31609 Send initial values of system variables in first OK packet # @@ -166,3 +202,69 @@ connection default; disconnect foo; # End of tests 11.5 +# +# MDEV-38179 regression in t_connect +# +# myisam_block_size is a global only plugin var and is not +# added to the session_track_system_variables. +# example_int_var is a session plugin var and is included. +install soname 'ha_example.so'; +set global session_track_system_variables='sql_slave_skip_counter,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +character_set_client,example_int_var,sql_slave_skip_counter +connect foo,localhost,root; +-- Tracker : SESSION_TRACK_SYSTEM_VARIABLES +-- character_set_client: latin1 +-- example_int_var: 0 +-- sql_slave_skip_counter: 0 + +select @@session.session_track_system_variables; +@@session.session_track_system_variables +character_set_client,example_int_var,sql_slave_skip_counter +connection default; +disconnect foo; +set global session_track_system_variables='sql_slave_skip_counter,myisam_block_size,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +character_set_client,example_int_var,sql_slave_skip_counter +connect foo,localhost,root; +-- Tracker : SESSION_TRACK_SYSTEM_VARIABLES +-- character_set_client: latin1 +-- example_int_var: 0 +-- sql_slave_skip_counter: 0 + +select @@session.session_track_system_variables; +@@session.session_track_system_variables +character_set_client,example_int_var,sql_slave_skip_counter +connection default; +disconnect foo; +set global session_track_system_variables='sql_slave_skip_counter,myisam_block_size,max_connections,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +character_set_client,example_int_var,max_connections,sql_slave_skip_counter +connect foo,localhost,root; +-- Tracker : SESSION_TRACK_SYSTEM_VARIABLES +-- character_set_client: latin1 +-- example_int_var: 0 +-- max_connections: 151 +-- sql_slave_skip_counter: 0 + +select @@session.session_track_system_variables; +@@session.session_track_system_variables +character_set_client,example_int_var,max_connections,sql_slave_skip_counter +connection default; +disconnect foo; +set global session_track_system_variables='sql_slave_skip_counter,*'; +select @@global.session_track_system_variables; +@@global.session_track_system_variables +* +connect foo,localhost,root; +select @@session.session_track_system_variables; +@@session.session_track_system_variables +* +connection default; +SET global session_track_system_variables = @global_saved_tmp; +disconnect foo; +uninstall soname 'ha_example.so'; +# End of tests 11.8 diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit.rdiff mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit.rdiff --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit.rdiff 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb,32bit.rdiff 2026-05-24 09:58:32.000000000 +0000 @@ -1,6 +1,6 @@ --- a/mysql-test/suite/sys_vars/r/sysvars_innodb.result +++ b/mysql-test/suite/sys_vars/r/sysvars_innodb.result -@@ -51,7 +51,7 @@ +@@ -52,7 +52,7 @@ VARIABLE_TYPE INT UNSIGNED VARIABLE_COMMENT Number of adaptive hash table cells in each partition; 16381 at start defaults to being derived from innodb_buffer_pool_size NUMERIC_MIN_VALUE 16381 @@ -9,7 +9,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -60,7 +60,7 @@ +@@ -61,7 +61,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 8 VARIABLE_SCOPE GLOBAL @@ -18,7 +18,7 @@ VARIABLE_COMMENT Number of InnoDB Adaptive Hash Index Partitions (default 8) NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 512 -@@ -96,7 +96,7 @@ +@@ -97,7 +97,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 1 VARIABLE_SCOPE GLOBAL @@ -27,7 +27,7 @@ VARIABLE_COMMENT The AUTOINC lock modes supported by InnoDB: 0 => Old style AUTOINC locking (for backward compatibility); 1 => New style AUTOINC locking; 2 => No AUTOINC locking (unsafe for SBR) NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 2 -@@ -108,10 +108,10 @@ +@@ -109,10 +109,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -40,7 +40,7 @@ NUMERIC_BLOCK_SIZE 1048576 ENUM_VALUE_LIST NULL READ_ONLY YES -@@ -144,7 +144,7 @@ +@@ -145,7 +145,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 25 VARIABLE_SCOPE GLOBAL @@ -49,7 +49,7 @@ VARIABLE_COMMENT Dump only the hottest N% of each buffer pool, defaults to 25 NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 100 -@@ -216,10 +216,10 @@ +@@ -217,10 +217,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 134217728 VARIABLE_SCOPE GLOBAL @@ -62,7 +62,7 @@ NUMERIC_BLOCK_SIZE 1048576 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -228,11 +228,11 @@ +@@ -229,11 +229,11 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -77,22 +77,7 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED -@@ -240,11 +240,11 @@ - SESSION_VALUE NULL - DEFAULT_VALUE 0 - VARIABLE_SCOPE GLOBAL --VARIABLE_TYPE BIGINT UNSIGNED -+VARIABLE_TYPE INT UNSIGNED - VARIABLE_COMMENT Maximum innodb_buffer_pool_size - NUMERIC_MIN_VALUE 0 --NUMERIC_MAX_VALUE 18446744073701163008 --NUMERIC_BLOCK_SIZE 8388608 -+NUMERIC_MAX_VALUE 4292870144 -+NUMERIC_BLOCK_SIZE 2097152 - ENUM_VALUE_LIST NULL - READ_ONLY YES - COMMAND_LINE_ARGUMENT REQUIRED -@@ -252,7 +252,7 @@ +@@ -241,7 +241,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -101,7 +86,7 @@ VARIABLE_COMMENT A number that tells how often buffer pool dump status in percentages should be printed. E.g. 10 means that buffer pool dump status is printed when every 10% of number of buffer pool pages are dumped. Default is 0 (only start and end status is printed) NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 100 -@@ -324,7 +324,7 @@ +@@ -313,7 +313,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 5 VARIABLE_SCOPE GLOBAL @@ -110,7 +95,7 @@ VARIABLE_COMMENT If the compression failure rate of a table is greater than this number more padding is added to the pages to reduce the failures. A value of zero implies no padding NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 100 -@@ -348,7 +348,7 @@ +@@ -337,7 +337,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 50 VARIABLE_SCOPE GLOBAL @@ -119,7 +104,7 @@ VARIABLE_COMMENT Percentage of empty space on a data page that can be reserved to make the page compressible NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 75 -@@ -588,7 +588,7 @@ +@@ -577,7 +577,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 600 VARIABLE_SCOPE GLOBAL @@ -128,7 +113,7 @@ VARIABLE_COMMENT Maximum number of seconds that semaphore times out in InnoDB NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 4294967295 -@@ -636,7 +636,7 @@ +@@ -625,7 +625,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 30 VARIABLE_SCOPE GLOBAL @@ -137,7 +122,7 @@ VARIABLE_COMMENT Number of iterations over which the background flushing is averaged NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 1000 -@@ -660,7 +660,7 @@ +@@ -649,7 +649,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 1 VARIABLE_SCOPE GLOBAL @@ -146,7 +131,7 @@ VARIABLE_COMMENT Controls the durability/speed trade-off for commits. Set to 0 (write and flush redo log to disk only once per second), 1 (flush to disk at each commit), 2 (write to log at commit but flush to disk only once per second) or 3 (flush to disk at prepare and at commit, slower and usually redundant). 1 and 3 guarantees that after a crash, committed transactions will not be lost and will be consistent with the binlog and other transactional engines. 2 can get inconsistent and lose transactions if there is a power failure or kernel crash but not if mysqld crashes. 0 has no guarantees in case of crash. 0 and 2 can be faster than 1 or 3 NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 3 -@@ -684,7 +684,7 @@ +@@ -673,7 +673,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 1 VARIABLE_SCOPE GLOBAL @@ -155,7 +140,7 @@ VARIABLE_COMMENT Set to 0 (don't flush neighbors from buffer pool), 1 (flush contiguous neighbors from buffer pool) or 2 (flush neighbors from buffer pool), when flushing a block NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 2 -@@ -720,7 +720,7 @@ +@@ -709,7 +709,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -164,7 +149,7 @@ VARIABLE_COMMENT Helps to save your data in case the disk image of the database becomes corrupt. Value 5 can return bogus data, and 6 can permanently corrupt data NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 6 -@@ -744,10 +744,10 @@ +@@ -733,10 +733,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 8000000 VARIABLE_SCOPE GLOBAL @@ -177,7 +162,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -780,7 +780,7 @@ +@@ -769,7 +769,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 84 VARIABLE_SCOPE GLOBAL @@ -186,16 +171,16 @@ VARIABLE_COMMENT InnoDB Fulltext search maximum token size in characters NUMERIC_MIN_VALUE 10 NUMERIC_MAX_VALUE 84 -@@ -792,7 +792,7 @@ +@@ -781,7 +781,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 3 VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BIGINT UNSIGNED +VARIABLE_TYPE INT UNSIGNED VARIABLE_COMMENT InnoDB Fulltext search minimum token size in characters - NUMERIC_MIN_VALUE 0 + NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 16 -@@ -804,7 +804,7 @@ +@@ -793,7 +793,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 2000 VARIABLE_SCOPE GLOBAL @@ -204,7 +189,7 @@ VARIABLE_COMMENT InnoDB Fulltext search number of words to optimize for each optimize table call NUMERIC_MIN_VALUE 1000 NUMERIC_MAX_VALUE 10000 -@@ -816,10 +816,10 @@ +@@ -805,10 +805,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 2000000000 VARIABLE_SCOPE GLOBAL @@ -217,7 +202,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -840,7 +840,7 @@ +@@ -829,7 +829,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 2 VARIABLE_SCOPE GLOBAL @@ -226,7 +211,7 @@ VARIABLE_COMMENT InnoDB Fulltext search parallel sort degree, will round up to nearest power of 2 number NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 16 -@@ -852,10 +852,10 @@ +@@ -841,10 +841,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 640000000 VARIABLE_SCOPE GLOBAL @@ -239,7 +224,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -900,7 +900,7 @@ +@@ -889,7 +889,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 200 VARIABLE_SCOPE GLOBAL @@ -248,7 +233,7 @@ VARIABLE_COMMENT Number of IOPs the server can do. Tunes the background IO rate NUMERIC_MIN_VALUE 100 NUMERIC_MAX_VALUE 4294967295 -@@ -912,7 +912,7 @@ +@@ -901,7 +901,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 4294967295 VARIABLE_SCOPE GLOBAL @@ -257,7 +242,7 @@ VARIABLE_COMMENT Limit to which innodb_io_capacity can be inflated NUMERIC_MIN_VALUE 100 NUMERIC_MAX_VALUE 4294967295 -@@ -1044,10 +1044,10 @@ +@@ -1033,10 +1033,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 32 VARIABLE_SCOPE GLOBAL @@ -270,7 +255,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -1056,10 +1056,10 @@ +@@ -1045,10 +1045,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 1536 VARIABLE_SCOPE GLOBAL @@ -283,7 +268,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -1092,10 +1092,10 @@ +@@ -1081,10 +1081,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -296,7 +281,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY NO -@@ -1104,7 +1104,7 @@ +@@ -1093,7 +1093,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -305,7 +290,7 @@ VARIABLE_COMMENT Maximum delay of user threads in micro-seconds NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 10000000 -@@ -1236,10 +1236,10 @@ +@@ -1225,10 +1225,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL @@ -318,7 +303,7 @@ NUMERIC_BLOCK_SIZE 0 ENUM_VALUE_LIST NULL READ_ONLY YES -@@ -1260,7 +1260,7 @@ +@@ -1249,7 +1249,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 16384 VARIABLE_SCOPE GLOBAL @@ -327,7 +312,7 @@ VARIABLE_COMMENT Page size to use for all InnoDB tablespaces NUMERIC_MIN_VALUE 4096 NUMERIC_MAX_VALUE 65536 -@@ -1296,7 +1296,7 @@ +@@ -1285,7 +1285,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 127 VARIABLE_SCOPE GLOBAL @@ -336,7 +321,7 @@ VARIABLE_COMMENT Number of UNDO log pages to purge in one batch from the history list NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 5000 -@@ -1308,7 +1308,7 @@ +@@ -1297,7 +1297,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 128 VARIABLE_SCOPE GLOBAL @@ -345,7 +330,7 @@ VARIABLE_COMMENT Unused NUMERIC_MIN_VALUE 1 NUMERIC_MAX_VALUE 128 -@@ -1344,7 +1344,7 @@ +@@ -1333,7 +1333,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 56 VARIABLE_SCOPE GLOBAL @@ -354,7 +339,7 @@ VARIABLE_COMMENT Number of pages that must be accessed sequentially for InnoDB to trigger a readahead NUMERIC_MIN_VALUE 0 NUMERIC_MAX_VALUE 64 -@@ -1428,7 +1428,7 @@ +@@ -1417,7 +1417,7 @@ SESSION_VALUE NULL DEFAULT_VALUE 1048576 VARIABLE_SCOPE GLOBAL @@ -363,7 +348,7 @@ VARIABLE_COMMENT Memory buffer size for index creation NUMERIC_MIN_VALUE 65536 NUMERIC_MAX_VALUE 67108864 -@@ -1596,10 +1596,10 @@ +@@ -1585,10 +1585,10 @@ SESSION_VALUE NULL DEFAULT_VALUE 30 VARIABLE_SCOPE GLOBAL diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_innodb.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_innodb.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_innodb.result 2026-05-24 09:58:32.000000000 +0000 @@ -4,6 +4,8 @@ 'innodb_numa_interleave', # only available WITH_NUMA 'innodb_evict_tables_on_commit_debug', # one may want to override this 'innodb_use_native_aio', # default value depends on OS +'innodb_buffer_pool_size_max', # default value depends on OS +'innodb_buffer_pool_in_core_dump', # only available on Linux and FreeBSD 'innodb_log_file_buffering', # only available on Linux and Windows 'innodb_linux_aio', # existence depends on OS 'innodb_buffer_pool_load_pages_abort') # debug build only, and is only for testing @@ -236,18 +238,6 @@ ENUM_VALUE_LIST NULL READ_ONLY NO COMMAND_LINE_ARGUMENT REQUIRED -VARIABLE_NAME INNODB_BUFFER_POOL_SIZE_MAX -SESSION_VALUE NULL -DEFAULT_VALUE 0 -VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BIGINT UNSIGNED -VARIABLE_COMMENT Maximum innodb_buffer_pool_size -NUMERIC_MIN_VALUE 0 -NUMERIC_MAX_VALUE 18446744073701163008 -NUMERIC_BLOCK_SIZE 8388608 -ENUM_VALUE_LIST NULL -READ_ONLY YES -COMMAND_LINE_ARGUMENT REQUIRED VARIABLE_NAME INNODB_BUF_DUMP_STATUS_FREQUENCY SESSION_VALUE NULL DEFAULT_VALUE 0 diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_embedded.result 2026-05-24 09:58:32.000000000 +0000 @@ -1147,7 +1147,7 @@ VARIABLE_TYPE INT UNSIGNED VARIABLE_COMMENT The maximum length of the result of function GROUP_CONCAT() NUMERIC_MIN_VALUE 4 -NUMERIC_MAX_VALUE 4294967295 +NUMERIC_MAX_VALUE 1073741824 NUMERIC_BLOCK_SIZE 1 ENUM_VALUE_LIST NULL READ_ONLY NO diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_server_notembedded.result 2026-05-24 09:58:32.000000000 +0000 @@ -1217,7 +1217,7 @@ VARIABLE_TYPE INT UNSIGNED VARIABLE_COMMENT The maximum length of the result of function GROUP_CONCAT() NUMERIC_MIN_VALUE 4 -NUMERIC_MAX_VALUE 4294967295 +NUMERIC_MAX_VALUE 1073741824 NUMERIC_BLOCK_SIZE 1 ENUM_VALUE_LIST NULL READ_ONLY NO diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_wsrep.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_wsrep.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/sysvars_wsrep.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/sysvars_wsrep.result 2026-05-24 09:58:32.000000000 +0000 @@ -548,7 +548,7 @@ DEFAULT_VALUE ON VARIABLE_SCOPE GLOBAL VARIABLE_TYPE BOOLEAN -VARIABLE_COMMENT Should slave thread do foreign key constraint checks +VARIABLE_COMMENT Should slave thread do foreign key constraint checks (deprecated, has no effect) NUMERIC_MIN_VALUE NULL NUMERIC_MAX_VALUE NULL NUMERIC_BLOCK_SIZE NULL diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/wsrep_slave_fk_checks_basic.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_slave_fk_checks_basic.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/wsrep_slave_fk_checks_basic.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_slave_fk_checks_basic.result 2026-05-24 09:58:32.000000000 +0000 @@ -12,24 +12,34 @@ SELECT @@session.wsrep_slave_fk_checks; ERROR HY000: Variable 'wsrep_slave_FK_checks' is a GLOBAL variable SET @@global.wsrep_slave_fk_checks=OFF; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release SELECT @@global.wsrep_slave_fk_checks; @@global.wsrep_slave_fk_checks 0 SET @@global.wsrep_slave_fk_checks=ON; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release SELECT @@global.wsrep_slave_fk_checks; @@global.wsrep_slave_fk_checks 1 # valid values SET @@global.wsrep_slave_fk_checks='OFF'; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release SELECT @@global.wsrep_slave_fk_checks; @@global.wsrep_slave_fk_checks 0 SET @@global.wsrep_slave_fk_checks=ON; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release SELECT @@global.wsrep_slave_fk_checks; @@global.wsrep_slave_fk_checks 1 SET @@global.wsrep_slave_fk_checks=default; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release SELECT @@global.wsrep_slave_fk_checks; @@global.wsrep_slave_fk_checks 1 @@ -42,4 +52,6 @@ # restore the initial value SET @@global.wsrep_slave_fk_checks = @wsrep_slave_fk_checks_global_saved; +Warnings: +Warning 1287 '@@wsrep_slave_FK_checks' is deprecated and will be removed in a future release # End of test diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/r/wsrep_sst_receive_address_basic.result mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_sst_receive_address_basic.result --- mariadb-11.8.6/mysql-test/suite/sys_vars/r/wsrep_sst_receive_address_basic.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/r/wsrep_sst_receive_address_basic.result 2026-05-24 09:58:32.000000000 +0000 @@ -28,16 +28,19 @@ SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address 192.168.2.254 - -# invalid values +SET @@global.wsrep_sst_receive_address=NULL; SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address -192.168.2.254 -SET @@global.wsrep_sst_receive_address=NULL; -ERROR 42000: Variable 'wsrep_sst_receive_address' can't be set to the value of 'NULL' +NULL +SET @@global.wsrep_sst_receive_address=''; SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address -192.168.2.254 + + +# invalid values +SELECT @@global.wsrep_sst_receive_address; +@@global.wsrep_sst_receive_address + SET @@global.wsrep_sst_receive_address='OFF'; SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address @@ -46,10 +49,6 @@ SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address ON -SET @@global.wsrep_sst_receive_address=''; -SELECT @@global.wsrep_sst_receive_address; -@@global.wsrep_sst_receive_address - SET @@global.wsrep_sst_receive_address='junk'; SELECT @@global.wsrep_sst_receive_address; @@global.wsrep_sst_receive_address diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/group_concat_max_len_func.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/group_concat_max_len_func.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/group_concat_max_len_func.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/group_concat_max_len_func.test 2026-05-24 09:58:32.000000000 +0000 @@ -155,16 +155,6 @@ SELECT GROUP_CONCAT(val) AS simple FROM t1; SELECT * FROM ( SELECT GROUP_CONCAT(val) AS nested FROM t1) As tmp; -SET group_concat_max_len = 1073741826; -SHOW VARIABLES LIKE 'group_concat_max_len'; -SELECT GROUP_CONCAT(val) AS simple FROM t1; -SELECT * FROM ( SELECT GROUP_CONCAT(val) AS nested FROM t1) As tmp; - -SET group_concat_max_len = 2147483649; -SHOW VARIABLES LIKE 'group_concat_max_len'; -SELECT GROUP_CONCAT(val) AS simple FROM t1; -SELECT * FROM ( SELECT GROUP_CONCAT(val) AS nested FROM t1) As tmp; - DROP TABLE t1; SET @@global.group_concat_max_len = @save; diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/innodb_buffer_pool_in_core_dump_basic.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/innodb_buffer_pool_in_core_dump_basic.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/innodb_buffer_pool_in_core_dump_basic.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/innodb_buffer_pool_in_core_dump_basic.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,31 @@ +# +# Basic test for innodb_buffer_pool_in_core_dump +# + +--source include/have_innodb.inc +if (`SELECT COUNT(*) = 0 from INFORMATION_SCHEMA.GLOBAL_VARIABLES WHERE LOWER(variable_name) ='innodb_buffer_pool_in_core_dump'`) +{ + --skip Test requires innodb_buffer_pool_in_core_dump variable. +} + +set @old_innodb_buffer_pool_in_core_dump = @@innodb_buffer_pool_in_core_dump; +SET GLOBAL innodb_buffer_pool_in_core_dump=OFF; + +SELECT @@global.innodb_buffer_pool_in_core_dump; + +--error ER_INCORRECT_GLOBAL_LOCAL_VAR +SELECT @@session.innodb_buffer_pool_in_core_dump; + +SHOW GLOBAL VARIABLES LIKE 'innodb_buffer_pool_in_core_dump'; +SHOW SESSION VARIABLES LIKE 'innodb_buffer_pool_in_core_dump'; + +SELECT * FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES WHERE variable_name='innodb_buffer_pool_in_core_dump'; +SELECT * FROM INFORMATION_SCHEMA.SESSION_VARIABLES WHERE variable_name='innodb_buffer_pool_in_core_dump'; + +--error ER_GLOBAL_VARIABLE +SET SESSION innodb_buffer_pool_in_core_dump=ON; + +SET GLOBAL innodb_buffer_pool_in_core_dump=ON; +SET GLOBAL innodb_buffer_pool_in_core_dump=OFF; + +SET GLOBAL innodb_buffer_pool_in_core_dump = @old_innodb_buffer_pool_in_core_dump; diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/proxy_protocol_networks_grant.test 2026-05-24 09:58:32.000000000 +0000 @@ -12,7 +12,6 @@ GRANT ALL PRIVILEGES ON *.* TO user1@localhost; REVOKE CONNECTION ADMIN ON *.* FROM user1@localhost; --connect(user1,localhost,user1,,) ---connection user1 --error ER_SPECIFIC_ACCESS_DENIED_ERROR SET GLOBAL proxy_protocol_networks=""; --error ER_GLOBAL_VARIABLE @@ -28,7 +27,6 @@ CREATE USER user1@localhost; GRANT CONNECTION ADMIN ON *.* TO user1@localhost; --connect(user1,localhost,user1,,) ---connection user1 SET GLOBAL proxy_protocol_networks=""; --error ER_GLOBAL_VARIABLE SET proxy_protocol_networks=""; @@ -38,4 +36,12 @@ --connection default DROP USER user1@localhost; +--echo # +--echo # MDEV-39658 ASAN crash on invalid proxy_protocol_networks value +--echo # +--error ER_PARSE_ERROR +SET GLOBAL proxy_protocol_networks='1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0'; + +--echo # End of 10.6 tests + SET @@global.proxy_protocol_networks=@global; diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/session_track_system_variables_basic.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/session_track_system_variables_basic.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/session_track_system_variables_basic.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/session_track_system_variables_basic.test 2026-05-24 09:58:32.000000000 +0000 @@ -125,6 +125,41 @@ --echo # Restoring the original values. SET @@global.session_track_system_variables = @global_saved_tmp; +--echo # End of 10.2 tests. + +--echo # +--echo # MDEV-39207 plugin variables disappear from session_track_system_variables list +--echo # + +install soname 'ha_example.so'; + +--echo # Plugin global vars are not included +set global session_track_system_variables='myisam_block_size'; +select @@global.session_track_system_variables; +set global session_track_system_variables='example_int_var'; +select @@global.session_track_system_variables; +set global session_track_system_variables='myisam_sort_buffer_size,example_int_var'; +select @@global.session_track_system_variables; +set global session_track_system_variables='myisam_block_size,myisam_sort_buffer_size,character_set_client,example_int_var'; +select @@global.session_track_system_variables; + +--echo # Session tracking works as expected for plugin session var +connect foo,localhost,root; +enable_session_track_info; +select @@session.session_track_system_variables; +set session example_int_var = -1; +disable_session_track_info; + +connection default; +--disable_ps_protocol +--disable_cursor_protocol +disconnect foo; +uninstall soname 'ha_example.so'; +--enable_cursor_protocol +--enable_ps_protocol +SET @@global.session_track_system_variables = @global_saved_tmp; + +--echo # End of 10.11 tests --echo # --echo # MDEV-31609 Send initial values of system variables in first OK packet --echo # @@ -138,3 +173,55 @@ disconnect foo; --echo # End of tests 11.5 + +--echo # +--echo # MDEV-38179 regression in t_connect +--echo # + +--echo # myisam_block_size is a global only plugin var and is not +--echo # added to the session_track_system_variables. +--echo # example_int_var is a session plugin var and is included. +install soname 'ha_example.so'; +set global session_track_system_variables='sql_slave_skip_counter,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +enable_session_track_info; + +connect foo,localhost,root; +select @@session.session_track_system_variables; + +connection default; +disconnect foo; + +set global session_track_system_variables='sql_slave_skip_counter,myisam_block_size,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +enable_session_track_info; + +connect foo,localhost,root; +select @@session.session_track_system_variables; + +connection default; +disconnect foo; + +set global session_track_system_variables='sql_slave_skip_counter,myisam_block_size,max_connections,character_set_client,example_int_var'; +select @@global.session_track_system_variables; +enable_session_track_info; + +connect foo,localhost,root; +select @@session.session_track_system_variables; + +connection default; +disconnect foo; + +set global session_track_system_variables='sql_slave_skip_counter,*'; +select @@global.session_track_system_variables; +enable_session_track_info; + +connect foo,localhost,root; +select @@session.session_track_system_variables; + +connection default; + +SET global session_track_system_variables = @global_saved_tmp; +disconnect foo; +uninstall soname 'ha_example.so'; +--echo # End of tests 11.8 diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/sysvars_innodb.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/sysvars_innodb.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/sysvars_innodb.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/sysvars_innodb.test 2026-05-24 09:58:32.000000000 +0000 @@ -15,6 +15,8 @@ 'innodb_numa_interleave', # only available WITH_NUMA 'innodb_evict_tables_on_commit_debug', # one may want to override this 'innodb_use_native_aio', # default value depends on OS + 'innodb_buffer_pool_size_max', # default value depends on OS + 'innodb_buffer_pool_in_core_dump', # only available on Linux and FreeBSD 'innodb_log_file_buffering', # only available on Linux and Windows 'innodb_linux_aio', # existence depends on OS 'innodb_buffer_pool_load_pages_abort') # debug build only, and is only for testing diff -Nru mariadb-11.8.6/mysql-test/suite/sys_vars/t/wsrep_sst_receive_address_basic.test mariadb-11.8.8/mysql-test/suite/sys_vars/t/wsrep_sst_receive_address_basic.test --- mariadb-11.8.6/mysql-test/suite/sys_vars/t/wsrep_sst_receive_address_basic.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sys_vars/t/wsrep_sst_receive_address_basic.test 2026-05-24 09:58:32.000000000 +0000 @@ -24,21 +24,20 @@ SELECT @@global.wsrep_sst_receive_address; SET @@global.wsrep_sst_receive_address='192.168.2.254'; SELECT @@global.wsrep_sst_receive_address; +SET @@global.wsrep_sst_receive_address=NULL; +SELECT @@global.wsrep_sst_receive_address; +SET @@global.wsrep_sst_receive_address=''; +SELECT @@global.wsrep_sst_receive_address; --echo --echo # invalid values SELECT @@global.wsrep_sst_receive_address; ---error ER_WRONG_VALUE_FOR_VAR -SET @@global.wsrep_sst_receive_address=NULL; -SELECT @@global.wsrep_sst_receive_address; # Currently there is no strict checking performed for wsrep_sst_receive_address # so following values jusr pass through. SET @@global.wsrep_sst_receive_address='OFF'; SELECT @@global.wsrep_sst_receive_address; SET @@global.wsrep_sst_receive_address=ON; SELECT @@global.wsrep_sst_receive_address; -SET @@global.wsrep_sst_receive_address=''; -SELECT @@global.wsrep_sst_receive_address; SET @@global.wsrep_sst_receive_address='junk'; SELECT @@global.wsrep_sst_receive_address; diff -Nru mariadb-11.8.6/mysql-test/suite/sysschema/r/pr_ps_setup_show_enabled.result mariadb-11.8.8/mysql-test/suite/sysschema/r/pr_ps_setup_show_enabled.result --- mariadb-11.8.6/mysql-test/suite/sysschema/r/pr_ps_setup_show_enabled.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sysschema/r/pr_ps_setup_show_enabled.result 2026-05-24 09:58:32.000000000 +0000 @@ -211,6 +211,7 @@ root@localhost FOREGROUND sql/main BACKGROUND sql/manager BACKGROUND +sql/slave_deadlock_handler BACKGROUND CALL sys.ps_setup_show_enabled(TRUE, TRUE); performance_schema_enabled 1 @@ -242,6 +243,7 @@ root@localhost FOREGROUND sql/main BACKGROUND sql/manager BACKGROUND +sql/slave_deadlock_handler BACKGROUND enabled_instruments timed idle YES memory/performance_schema/accounts NO diff -Nru mariadb-11.8.6/mysql-test/suite/sysschema/r/v_metrics.result mariadb-11.8.8/mysql-test/suite/sysschema/r/v_metrics.result --- mariadb-11.8.6/mysql-test/suite/sysschema/r/v_metrics.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sysschema/r/v_metrics.result 2026-05-24 09:58:32.000000000 +0000 @@ -1,7 +1,7 @@ DESC sys.metrics; Field Type Null Key Default Extra Variable_name varchar(193) YES NULL -Variable_value varchar(1024) YES NULL +Variable_value varchar(4096) YES NULL Type varchar(210) YES NULL Enabled varchar(3) NO SELECT * FROM sys.metrics; diff -Nru mariadb-11.8.6/mysql-test/suite/sysschema/r/v_ps_check_lost_instrumentation.result mariadb-11.8.8/mysql-test/suite/sysschema/r/v_ps_check_lost_instrumentation.result --- mariadb-11.8.6/mysql-test/suite/sysschema/r/v_ps_check_lost_instrumentation.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sysschema/r/v_ps_check_lost_instrumentation.result 2026-05-24 09:58:32.000000000 +0000 @@ -1,5 +1,5 @@ DESC sys.ps_check_lost_instrumentation; Field Type Null Key Default Extra variable_name varchar(64) NO NULL -variable_value varchar(1024) YES NULL +variable_value varchar(4096) YES NULL SELECT * FROM sys.ps_check_lost_instrumentation; diff -Nru mariadb-11.8.6/mysql-test/suite/sysschema/r/v_schema_redundant_indexes.result mariadb-11.8.8/mysql-test/suite/sysschema/r/v_schema_redundant_indexes.result --- mariadb-11.8.6/mysql-test/suite/sysschema/r/v_schema_redundant_indexes.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/sysschema/r/v_schema_redundant_indexes.result 2026-05-24 09:58:32.000000000 +0000 @@ -8,7 +8,7 @@ dominant_index_name varchar(64) NO NULL dominant_index_columns mediumtext YES NULL dominant_index_non_unique bigint(1) YES NULL -subpart_exists int(1) YES NULL +subpart_exists int(2) YES NULL sql_drop_index varchar(223) YES NULL SELECT * FROM sys.schema_redundant_indexes; DESC sys.x$schema_flattened_keys; @@ -17,7 +17,7 @@ table_name varchar(64) NO NULL index_name varchar(64) NO NULL non_unique bigint(1) YES NULL -subpart_exists bigint(1) YES NULL +subpart_exists bigint(2) YES NULL index_columns mediumtext YES NULL SELECT * FROM sys.x$schema_flattened_keys; CREATE DATABASE rkey; diff -Nru mariadb-11.8.6/mysql-test/suite/vcol/r/races.result mariadb-11.8.8/mysql-test/suite/vcol/r/races.result --- mariadb-11.8.6/mysql-test/suite/vcol/r/races.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/vcol/r/races.result 2026-05-24 09:58:32.000000000 +0000 @@ -14,3 +14,17 @@ connection default; drop table t1; set debug_sync='reset'; +# +# MDEV-39261 MariaDB crash on startup in presence of +# indexed virtual columns +# +# Create 33 tables with virtual index +InnoDB 0 transactions not purged +connect purge_control,localhost,root; +START TRANSACTION WITH CONSISTENT SNAPSHOT; +connection default; +# Do update on all 33 tables +# restart: --innodb_purge_threads=1 --debug_dbug=d,ib_purge_virtual_index_callback +InnoDB 0 transactions not purged +# Drop all 33 tables +# restart diff -Nru mariadb-11.8.6/mysql-test/suite/vcol/r/vcol_keys_innodb.result mariadb-11.8.8/mysql-test/suite/vcol/r/vcol_keys_innodb.result --- mariadb-11.8.6/mysql-test/suite/vcol/r/vcol_keys_innodb.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/vcol/r/vcol_keys_innodb.result 2026-05-24 09:58:32.000000000 +0000 @@ -303,3 +303,23 @@ GOOD alter table t1 drop column va; drop table t1; +# +# MDEV-39081 InnoDB: tried to purge non-delete-marked record, +# assertion fails in row_purge_del_mark_error +# +CREATE TABLE t1( +pk INT AUTO_INCREMENT, +f1 INT DEFAULT 0, +f2 INT as (1 + 1) VIRTUAL, +KEY (f1), PRIMARY KEY (pk), UNIQUE (f2)) ENGINE=InnoDB; +START TRANSACTION WITH CONSISTENT SNAPSHOT; +CONNECT con1,localhost,root,,; +INSERT INTO t1 (pk) VALUES(1); +DELETE FROM t1; +INSERT INTO t1 (pk) VALUES(1); +UPDATE t1 set f1 = 2; +disconnect con1; +connection default; +COMMIT; +InnoDB 0 transactions not purged +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/suite/vcol/t/races.test mariadb-11.8.8/mysql-test/suite/vcol/t/races.test --- mariadb-11.8.6/mysql-test/suite/vcol/t/races.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/vcol/t/races.test 2026-05-24 09:58:32.000000000 +0000 @@ -20,3 +20,59 @@ connection default; drop table t1; set debug_sync='reset'; + +--echo # +--echo # MDEV-39261 MariaDB crash on startup in presence of +--echo # indexed virtual columns +--echo # +# To make purge thread to work on multiple tables on the same batch, +# we need 33 tables because there are 32 pre-existing purge_node exists. + +--echo # Create 33 tables with virtual index +--disable_query_log +let $i = 33; +while ($i) +{ + eval CREATE TABLE t$i( + a INT PRIMARY KEY, + b INT DEFAULT 1, INDEX(b), + c INT GENERATED ALWAYS AS (a + b) VIRTUAL, + INDEX(c) + ) ENGINE=InnoDB; + eval INSERT INTO t$i(a) VALUES(1); + dec $i; +} +--enable_query_log +--source ../../innodb/include/wait_all_purged.inc +--connect purge_control,localhost,root +START TRANSACTION WITH CONSISTENT SNAPSHOT; + +--connection default +--echo # Do update on all 33 tables +--disable_query_log +let $i = 33; +while ($i) +{ + eval UPDATE t$i SET b = 11 WHERE a = 1; + dec $i; +} +--enable_query_log + +let $shutdown_timeout=0; +let $restart_parameters=--innodb_purge_threads=1 --debug_dbug=d,ib_purge_virtual_index_callback; +--source include/restart_mysqld.inc +--source ../../innodb/include/wait_all_purged.inc + +--echo # Drop all 33 tables +--disable_query_log +let $i = 33; +while ($i) +{ + eval DROP TABLE t$i; + dec $i; +} +--enable_query_log + +let $restart_parameters=; +let $shutdown_timeout=; +--source include/restart_mysqld.inc diff -Nru mariadb-11.8.6/mysql-test/suite/vcol/t/vcol_keys_innodb.test mariadb-11.8.8/mysql-test/suite/vcol/t/vcol_keys_innodb.test --- mariadb-11.8.6/mysql-test/suite/vcol/t/vcol_keys_innodb.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/vcol/t/vcol_keys_innodb.test 2026-05-24 09:58:32.000000000 +0000 @@ -135,3 +135,25 @@ select IF(@@innodb_sort_buffer_size < count(*)*200, 'GOOD', 'WRONG SIZE') from t1; alter table t1 drop column va; drop table t1; + +--echo # +--echo # MDEV-39081 InnoDB: tried to purge non-delete-marked record, +--echo # assertion fails in row_purge_del_mark_error +--echo # +CREATE TABLE t1( + pk INT AUTO_INCREMENT, + f1 INT DEFAULT 0, + f2 INT as (1 + 1) VIRTUAL, + KEY (f1), PRIMARY KEY (pk), UNIQUE (f2)) ENGINE=InnoDB; +START TRANSACTION WITH CONSISTENT SNAPSHOT; + +CONNECT(con1,localhost,root,,); +INSERT INTO t1 (pk) VALUES(1); +DELETE FROM t1; +INSERT INTO t1 (pk) VALUES(1); +UPDATE t1 set f1 = 2; +DISCONNECT con1; +CONNECTION default; +COMMIT; +--source ../innodb/include/wait_all_purged.inc +DROP TABLE t1; diff -Nru mariadb-11.8.6/mysql-test/suite/versioning/r/partition.result mariadb-11.8.8/mysql-test/suite/versioning/r/partition.result --- mariadb-11.8.6/mysql-test/suite/versioning/r/partition.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/versioning/r/partition.result 2026-05-24 09:58:32.000000000 +0000 @@ -3571,6 +3571,19 @@ 1 drop table t1; # +# MDEV-36362 MariaDB crashes when parsing fuzzer generated PARTITION +# +create table t +partition by system_time +interval setval(a, 1) second_microsecond; +ERROR 42000: INTERVAL does not support subqueries or stored functions +create table t (x int) with system versioning +partition by system_time interval nextval(s) hour; +ERROR 42000: INTERVAL does not support subqueries or stored functions +create table t (x int) with system versioning +partition by system_time interval lastval(s) hour; +ERROR 42000: INTERVAL does not support subqueries or stored functions +# # MDEV-33289 INTERVAL partitioning by system time does not work close to # the end of timestamp range # diff -Nru mariadb-11.8.6/mysql-test/suite/versioning/t/partition.test mariadb-11.8.8/mysql-test/suite/versioning/t/partition.test --- mariadb-11.8.6/mysql-test/suite/versioning/t/partition.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/versioning/t/partition.test 2026-05-24 09:58:32.000000000 +0000 @@ -2817,6 +2817,22 @@ drop table t1; --echo # +--echo # MDEV-36362 MariaDB crashes when parsing fuzzer generated PARTITION +--echo # +--error ER_SUBQUERIES_NOT_SUPPORTED +create table t +partition by system_time +interval setval(a, 1) second_microsecond; + +--error ER_SUBQUERIES_NOT_SUPPORTED +create table t (x int) with system versioning +partition by system_time interval nextval(s) hour; + +--error ER_SUBQUERIES_NOT_SUPPORTED +create table t (x int) with system versioning +partition by system_time interval lastval(s) hour; + +--echo # --echo # MDEV-33289 INTERVAL partitioning by system time does not work close to --echo # the end of timestamp range --echo # diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/r/variables.result mariadb-11.8.8/mysql-test/suite/wsrep/r/variables.result --- mariadb-11.8.6/mysql-test/suite/wsrep/r/variables.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/r/variables.result 2026-05-24 09:58:32.000000000 +0000 @@ -57,6 +57,8 @@ wsrep_evs_state # wsrep_gcomm_uuid # wsrep_gmcast_segment # +wsrep_checkpoint_position # +wsrep_se_checkpoint # wsrep_applier_thread_count # wsrep_cluster_capabilities # wsrep_cluster_conf_id # diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/r/variables_debug.result mariadb-11.8.8/mysql-test/suite/wsrep/r/variables_debug.result --- mariadb-11.8.6/mysql-test/suite/wsrep/r/variables_debug.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/r/variables_debug.result 2026-05-24 09:58:32.000000000 +0000 @@ -58,6 +58,8 @@ wsrep_evs_state # wsrep_gcomm_uuid # wsrep_gmcast_segment # +wsrep_checkpoint_position # +wsrep_se_checkpoint # wsrep_applier_thread_count # wsrep_cluster_capabilities # wsrep_cluster_conf_id # diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/r/wsrep_provider_plugin_defaults.result mariadb-11.8.8/mysql-test/suite/wsrep/r/wsrep_provider_plugin_defaults.result --- mariadb-11.8.6/mysql-test/suite/wsrep/r/wsrep_provider_plugin_defaults.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/r/wsrep_provider_plugin_defaults.result 2026-05-24 09:58:32.000000000 +0000 @@ -89,16 +89,16 @@ GLOBAL_VALUE_PATH NULL VARIABLE_NAME WSREP_PROVIDER_EVS_AUTO_EVICT SESSION_VALUE NULL -GLOBAL_VALUE OFF +GLOBAL_VALUE 0 GLOBAL_VALUE_ORIGIN COMPILE-TIME -DEFAULT_VALUE OFF +DEFAULT_VALUE 0 VARIABLE_SCOPE GLOBAL -VARIABLE_TYPE BOOLEAN +VARIABLE_TYPE BIGINT VARIABLE_COMMENT Wsrep provider option -NUMERIC_MIN_VALUE NULL -NUMERIC_MAX_VALUE NULL -NUMERIC_BLOCK_SIZE NULL -ENUM_VALUE_LIST OFF,ON +NUMERIC_MIN_VALUE -9223372036854775808 +NUMERIC_MAX_VALUE 9223372036854775807 +NUMERIC_BLOCK_SIZE 0 +ENUM_VALUE_LIST NULL READ_ONLY YES COMMAND_LINE_ARGUMENT REQUIRED GLOBAL_VALUE_PATH NULL diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/t/variables.test mariadb-11.8.8/mysql-test/suite/wsrep/t/variables.test --- mariadb-11.8.6/mysql-test/suite/wsrep/t/variables.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/t/variables.test 2026-05-24 09:58:32.000000000 +0000 @@ -3,7 +3,7 @@ --source include/have_innodb.inc --source include/galera_no_debug_sync.inc ---let $galera_version=26.4.25 +--let $galera_version=26.4.27 source include/check_galera_version.inc; source include/galera_variables_ok.inc; diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/t/variables_debug.test mariadb-11.8.8/mysql-test/suite/wsrep/t/variables_debug.test --- mariadb-11.8.6/mysql-test/suite/wsrep/t/variables_debug.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/t/variables_debug.test 2026-05-24 09:58:32.000000000 +0000 @@ -5,7 +5,7 @@ --source include/have_debug_sync.inc --source include/galera_have_debug_sync.inc ---let $galera_version=26.4.25 +--let $galera_version=26.4.27 source include/check_galera_version.inc; --let $galera_variables_delta=1 diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/t/wsrep_protocol_versions.test mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_protocol_versions.test --- mariadb-11.8.6/mysql-test/suite/wsrep/t/wsrep_protocol_versions.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_protocol_versions.test 2026-05-24 09:58:32.000000000 +0000 @@ -2,7 +2,7 @@ --source include/force_restart.inc --source include/have_innodb.inc ---let $galera_version=26.4.25 +--let $galera_version=26.4.27 source include/check_galera_version.inc; --sorted_result diff -Nru mariadb-11.8.6/mysql-test/suite/wsrep/t/wsrep_provider_plugin.test mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_provider_plugin.test --- mariadb-11.8.6/mysql-test/suite/wsrep/t/wsrep_provider_plugin.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysql-test/suite/wsrep/t/wsrep_provider_plugin.test 2026-05-24 09:58:32.000000000 +0000 @@ -6,7 +6,7 @@ --source include/have_wsrep.inc --source include/have_innodb.inc ---let $galera_version=26.4.14 +--let $galera_version=26.4.26 source include/check_galera_version.inc; CREATE TABLE t1 (f1 INT PRIMARY KEY) ENGINE=InnoDB; diff -Nru mariadb-11.8.6/mysys/file_logger.c mariadb-11.8.8/mysys/file_logger.c --- mariadb-11.8.6/mysys/file_logger.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/file_logger.c 2026-05-24 09:58:32.000000000 +0000 @@ -109,9 +109,11 @@ } -static char *logname(LOGGER_HANDLE *log, char *buf, unsigned int n_log) +static char *logname(LOGGER_HANDLE *log, char *buf, size_t buf_size, + unsigned int n_log) { - sprintf(buf+log->path_len, ".%0*u", n_dig(log->rotations), n_log); + snprintf(buf + log->path_len, buf_size - log->path_len, + ".%0*u", n_dig(log->rotations), n_log); return buf; } @@ -128,11 +130,11 @@ memcpy(namebuf, log->path, log->path_len); - buf_new= logname(log, namebuf, log->rotations); + buf_new= logname(log, namebuf, sizeof(namebuf), log->rotations); buf_old= log->path; for (i=log->rotations-1; i>0; i--) { - logname(log, buf_old, i); + logname(log, buf_old, FN_REFLEN, i); if (!access(buf_old, F_OK) && (result= my_rename(buf_old, buf_new, MYF(0)))) goto exit; @@ -143,7 +145,7 @@ if ((result= my_close(log->file, MYF(0)))) goto exit; namebuf[log->path_len]= 0; - result= my_rename(namebuf, logname(log, log->path, 1), MYF(0)); + result= my_rename(namebuf, logname(log, log->path, FN_REFLEN, 1), MYF(0)); log->file= my_open(namebuf, LOG_FLAGS, MYF(0)); exit: errno= my_errno; diff -Nru mariadb-11.8.6/mysys/ma_dyncol.c mariadb-11.8.8/mysys/ma_dyncol.c --- mariadb-11.8.6/mysys/ma_dyncol.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/ma_dyncol.c 2026-05-24 09:58:32.000000000 +0000 @@ -658,6 +658,7 @@ static enum enum_dyncol_func_result init_read_hdr(DYN_HEADER *hdr, DYNAMIC_COLUMN *str) { + size_t nodata_size; if (read_fixed_header(hdr, str)) return ER_DYNCOL_FORMAT; hdr->header= (uchar*)str->str + fmt_data[hdr->format].fixed_hdr; @@ -666,8 +667,11 @@ hdr->column_count); hdr->nmpool= hdr->header + hdr->header_size; hdr->dtpool= hdr->nmpool + hdr->nmpool_size; - hdr->data_size= str->length - fmt_data[hdr->format].fixed_hdr - - hdr->header_size - hdr->nmpool_size; + nodata_size= fmt_data[hdr->format].fixed_hdr + hdr->header_size + + hdr->nmpool_size; + if (str->length < nodata_size) + return ER_DYNCOL_FORMAT; + hdr->data_size= str->length - nodata_size; hdr->data_end= (uchar*)str->str + str->length; return ER_DYNCOL_OK; } @@ -2018,7 +2022,7 @@ else { size_t next_nmoffset= uint2korr(next_entry); - if (next_nmoffset > hdr->nmpool_size) + if (next_nmoffset > hdr->nmpool_size || next_nmoffset < nmoffset) return 1; name->length= next_nmoffset - nmoffset; } diff -Nru mariadb-11.8.6/mysys/mf_getdate.c mariadb-11.8.8/mysys/mf_getdate.c --- mariadb-11.8.6/mysys/mf_getdate.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/mf_getdate.c 2026-05-24 09:58:32.000000000 +0000 @@ -35,7 +35,7 @@ */ -void get_date(register char * to, int flag, time_t date) +void get_date(register char * to, size_t to_len, int flag, time_t date) { reg2 struct tm *start_time; time_t skr; @@ -57,26 +57,33 @@ start_time= localtime(&skr); #endif if (flag & GETDATE_SHORT_DATE) - sprintf(to,"%02d%02d%02d", - start_time->tm_year % 100, - start_time->tm_mon+1, - start_time->tm_mday); + snprintf(to, to_len, "%02d%02d%02d", + start_time->tm_year % 100, + start_time->tm_mon+1, + start_time->tm_mday); else - sprintf(to, ((flag & GETDATE_FIXEDLENGTH) ? - "%4d-%02d-%02d" : "%d-%02d-%02d"), - start_time->tm_year+1900, - start_time->tm_mon+1, - start_time->tm_mday); + snprintf(to, to_len, + ((flag & GETDATE_FIXEDLENGTH) ? + "%4d-%02d-%02d" : "%d-%02d-%02d"), + start_time->tm_year+1900, + start_time->tm_mon+1, + start_time->tm_mday); if (flag & GETDATE_DATE_TIME) - sprintf(strend(to), - ((flag & GETDATE_FIXEDLENGTH) ? - " %02d:%02d:%02d" : " %2d:%02d:%02d"), - start_time->tm_hour, - start_time->tm_min, - start_time->tm_sec); + { + size_t l= strlen(to); + snprintf(to + l, to_len - l, + ((flag & GETDATE_FIXEDLENGTH) ? + " %02d:%02d:%02d" : " %2d:%02d:%02d"), + start_time->tm_hour, + start_time->tm_min, + start_time->tm_sec); + } else if (flag & GETDATE_HHMMSSTIME) - sprintf(strend(to),"%02d%02d%02d", - start_time->tm_hour, - start_time->tm_min, - start_time->tm_sec); + { + size_t l= strlen(to); + snprintf(to + l, to_len - l, "%02d%02d%02d", + start_time->tm_hour, + start_time->tm_min, + start_time->tm_sec); + } } /* get_date */ diff -Nru mariadb-11.8.6/mysys/mf_path.c mariadb-11.8.8/mysys/mf_path.c --- mariadb-11.8.6/mysys/mf_path.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/mf_path.c 2026-05-24 09:58:32.000000000 +0000 @@ -16,8 +16,6 @@ #include "mysys_priv.h" #include -static char *find_file_in_path(char *to,const char *name); - /* Finds where program can find it's files. pre_pathname is found by first locking at progname (argv[0]). if progname contains path the path is returned. @@ -82,7 +80,7 @@ #define PATH_SEP ':' #endif -static char *find_file_in_path(char *to, const char *name) +char *find_file_in_path(char *to, const char *name) { char *path,*pos,dir[2]; const char *ext=""; diff -Nru mariadb-11.8.6/mysys/my_atomic_writes.c mariadb-11.8.8/mysys/my_atomic_writes.c --- mariadb-11.8.6/mysys/my_atomic_writes.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_atomic_writes.c 2026-05-24 09:58:32.000000000 +0000 @@ -310,8 +310,9 @@ { struct stat stat_buff; - sprintf(sfx_devices[sfx_found_devices].dev_name, "/dev/sfdv%dn1", - dev_num); + snprintf(sfx_devices[sfx_found_devices].dev_name, + sizeof(sfx_devices[sfx_found_devices].dev_name), + "/dev/sfdv%dn1", dev_num); if (stat(sfx_devices[sfx_found_devices].dev_name, &stat_buff) < 0) break; diff -Nru mariadb-11.8.6/mysys/my_copy.c mariadb-11.8.8/mysys/my_copy.c --- mariadb-11.8.6/mysys/my_copy.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_copy.c 2026-05-24 09:58:32.000000000 +0000 @@ -86,7 +86,7 @@ file_created= 1; while ((Count=my_read(from_file, buff, sizeof(buff), MyFlags)) != 0) { - if (Count == (uint) -1 || + if (Count == MY_FILE_ERROR || my_write(to_file,buff,Count,MYF(MyFlags | MY_NABP))) goto err; } diff -Nru mariadb-11.8.6/mysys/my_default.c mariadb-11.8.8/mysys/my_default.c --- mariadb-11.8.6/mysys/my_default.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_default.c 2026-05-24 09:58:32.000000000 +0000 @@ -52,12 +52,14 @@ */ static char *file_marker= (char*)"----file-marker----"; my_bool my_defaults_mark_files= FALSE; + my_bool is_file_marker(const char* arg) { return arg == file_marker; } -my_bool my_no_defaults=FALSE, my_print_defaults= FALSE; +static my_bool my_print_defaults= FALSE; +my_bool my_no_defaults=FALSE; const char *my_defaults_file=0; const char *my_defaults_group_suffix=0; const char *my_defaults_extra_file=0; @@ -160,6 +162,7 @@ const char **dirs; int error= 0; DBUG_ENTER("my_search_option_files"); + DBUG_ASSERT(default_directories); if (my_defaults_group_suffix) { @@ -198,8 +201,8 @@ if (my_defaults_file) { - if ((error= search_default_file_with_ext(ctx, "", "", - my_defaults_file, 0)) < 0) + error= search_default_file_with_ext(ctx, "", "", my_defaults_file, 0); + if (error < 0) goto err; if (error > 0) { @@ -378,8 +381,8 @@ Points to an null terminated array of pointers argc Pointer to argc of original program argv Pointer to argv of original program - default_directories Pointer to a location where a pointer to the list - of default directories will be stored + default_directories Pointer to a location where a pointer to the + list of default directories will be stored IMPLEMENTATION @@ -401,6 +404,8 @@ - 1 is returned if the given conf_file didn't exist. In this case, the value pointed to by default_directories is undefined. + - 4 is returned --print-defaults was used. The caller should just do + exit(0) in this case */ @@ -432,7 +437,7 @@ if (!my_no_defaults) { - TYPELIB group; // XXX + TYPELIB group; struct handle_option_ctx ctx; group.count=0; diff -Nru mariadb-11.8.6/mysys/my_file.c mariadb-11.8.8/mysys/my_file.c --- mariadb-11.8.6/mysys/my_file.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_file.c 2026-05-24 09:58:32.000000000 +0000 @@ -50,23 +50,37 @@ { old_cur= (uint) rlimit.rlim_cur; DBUG_PRINT("info", ("rlim_cur: %u rlim_max: %u", - (uint) rlimit.rlim_cur, - (uint) rlimit.rlim_max)); + (uint) rlimit.rlim_cur, + (uint) rlimit.rlim_max)); if ((ulonglong) rlimit.rlim_cur == (ulonglong) RLIM_INFINITY || rlimit.rlim_cur >= max_file_limit) DBUG_RETURN(max_file_limit); - rlimit.rlim_cur= rlimit.rlim_max= max_file_limit; - if (setrlimit(RLIMIT_NOFILE, &rlimit)) + + /* Never lower the hard limit (rlim_max): lowering is irreversible for + non-privileged users and can prevent later increases. */ + if ((ulonglong) rlimit.rlim_max != (ulonglong) RLIM_INFINITY && + max_file_limit > rlimit.rlim_max) + { + /* Best effort: try raising hard limit only when needed. */ + rlimit.rlim_max= max_file_limit; + } + + /* Soft limit cannot exceed hard limit. */ + rlimit.rlim_cur= max_file_limit; + + if (setrlimit(RLIMIT_NOFILE, &rlimit)) { max_file_limit= old_cur; /* Use original value */ + } else { rlimit.rlim_cur= 0; /* Safety if next call fails */ (void) getrlimit(RLIMIT_NOFILE,&rlimit); DBUG_PRINT("info", ("rlim_cur: %u", (uint) rlimit.rlim_cur)); if (rlimit.rlim_cur) /* If call didn't fail */ - max_file_limit= (uint) rlimit.rlim_cur; + max_file_limit= (uint) rlimit.rlim_cur; } } + DBUG_PRINT("exit",("max_file_limit: %u", max_file_limit)); DBUG_RETURN(max_file_limit); } diff -Nru mariadb-11.8.6/mysys/my_getopt.c mariadb-11.8.8/mysys/my_getopt.c --- mariadb-11.8.6/mysys/my_getopt.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_getopt.c 2026-05-24 09:58:32.000000000 +0000 @@ -822,7 +822,7 @@ *((long*) value)= (long) getopt_ll(argument, opts, &err); break; case GET_ULONG: - *((long*) value)= (long) getopt_ull(argument, opts, &err); + *((ulong*) value)= (ulong) getopt_ull(argument, opts, &err); break; case GET_LL: *((longlong*) value)= getopt_ll(argument, opts, &err); diff -Nru mariadb-11.8.6/mysys/my_getwd.c mariadb-11.8.8/mysys/my_getwd.c --- mariadb-11.8.6/mysys/my_getwd.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_getwd.c 2026-05-24 09:58:32.000000000 +0000 @@ -132,7 +132,7 @@ int test_if_hard_path(register const char *dir_name) { if (dir_name[0] == FN_HOMELIB && dir_name[1] == FN_LIBCHAR) - return (home_dir != NullS && test_if_hard_path(home_dir)); + return (home_dir != NullS && home_dir != dir_name && test_if_hard_path(home_dir)); if (dir_name[0] == FN_LIBCHAR) return (TRUE); #ifdef FN_DEVCHAR diff -Nru mariadb-11.8.6/mysys/my_largepage.c mariadb-11.8.8/mysys/my_largepage.c --- mariadb-11.8.6/mysys/my_largepage.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_largepage.c 2026-05-24 09:58:32.000000000 +0000 @@ -482,15 +482,20 @@ DBUG_RETURN(ptr); } } + + my_use_large_pages= FALSE; } +# ifdef _AIX + /* On IBM AIX, my_virtual_mem_commit() relies on mprotect(2) rather than + a subsequent mmap(2) with MAP_FIXED. */ ptr= mmap(NULL, *size, PROT_READ | PROT_WRITE, MAP_PRIVATE | OS_MAP_ANON, -1, 0); +# else + ptr= mmap(NULL, *size, PROT_NONE, MAP_PRIVATE | OS_MAP_ANON, -1, 0); +# endif if (ptr == MAP_FAILED) - { - my_error(EE_OUTOFMEMORY, MYF(ME_BELL + ME_ERROR_LOG), size); ptr= NULL; - } DBUG_RETURN(ptr); } diff -Nru mariadb-11.8.6/mysys/my_lib.c mariadb-11.8.8/mysys/my_lib.c --- mariadb-11.8.6/mysys/my_lib.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_lib.c 2026-05-24 09:58:32.000000000 +0000 @@ -144,7 +144,15 @@ dp= (struct dirent*) dirent_tmp; + /* readdir_r is deprecated on macOS but still used for older platforms */ +#ifdef __APPLE__ +#pragma GCC diagnostic push +#pragma GCC diagnostic ignored "-Wdeprecated-declarations" +#endif while (!(READDIR(dirp,(struct dirent*) dirent_tmp,dp))) +#ifdef __APPLE__ +#pragma GCC diagnostic pop +#endif { MY_STAT statbuf, *mystat= 0; @@ -350,12 +358,10 @@ if ((m_used= (stat_area == NULL))) if (!(stat_area= (MY_STAT *) my_malloc(key_memory_MY_STAT, sizeof(MY_STAT), my_flags))) - goto error; + goto err; #ifndef _WIN32 if (!stat((char *) path, (struct stat *) stat_area)) - { DBUG_RETURN(stat_area); - } #else if (!my_win_stat(path, stat_area)) DBUG_RETURN(stat_area); @@ -365,7 +371,7 @@ if (m_used) /* Free if new area */ my_free(stat_area); -error: +err: if (my_flags & (MY_FAE+MY_WME)) { my_error(EE_STAT, MYF(ME_BELL), path, my_errno); diff -Nru mariadb-11.8.6/mysys/my_open.c mariadb-11.8.8/mysys/my_open.c --- mariadb-11.8.6/mysys/my_open.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_open.c 2026-05-24 09:58:32.000000000 +0000 @@ -94,6 +94,9 @@ #else err= my_win_close(fd); #endif + + DBUG_EXECUTE_IF("my_close_fail", { errno=28; err=-1; }); + if (err) { DBUG_PRINT("error",("Got error %d on close",err)); diff -Nru mariadb-11.8.6/mysys/my_redel.c mariadb-11.8.8/mysys/my_redel.c --- mariadb-11.8.6/mysys/my_redel.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_redel.c 2026-05-24 09:58:32.000000000 +0000 @@ -149,7 +149,8 @@ { char ext[MY_BACKUP_NAME_EXTRA_LENGTH+1]; ext[0]='-'; - get_date(ext+1, GETDATE_SHORT_DATE | GETDATE_HHMMSSTIME, backup_start); + get_date(ext+1, sizeof(ext) - 1, GETDATE_SHORT_DATE | GETDATE_HHMMSSTIME, + backup_start); strmov(strend(ext),REDEL_EXT); strmov(strmov(to, from), ext); } diff -Nru mariadb-11.8.6/mysys/my_symlink.c mariadb-11.8.8/mysys/my_symlink.c --- mariadb-11.8.6/mysys/my_symlink.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_symlink.c 2026-05-24 09:58:32.000000000 +0000 @@ -126,14 +126,19 @@ } /* - Resolve all symbolic links in path - 'to' may be equal to 'filename' + Resolve all symbolic links in path. - to is guaranteed to never set to a string longer than FN_REFLEN - (including the end \0) + If path is relative, assume current directory and replace with absolute. + If filename is empty string, resolve path to current directory. + + Resolved path is placed in the 'to' buffer, and is guaranteed to never + be longer than FN_REFLEN (including the end \0); 'to' may be equal to + 'filename'. On error returns -1, unless error is file not found, in which case it - is 1. + is 1; 'to' will then be populated with a fallback value as specified by + my_load_path() with null own_path_prefix; symlinks will not be + resolved. Sets my_errno to specific error number. */ @@ -144,10 +149,12 @@ int result=0; char buff[BUFF_LEN]; char *ptr; + static const char cur_dir[] = {FN_CURLIB, '\0'}; DBUG_ENTER("my_realpath"); DBUG_PRINT("info",("executing realpath")); - if ((ptr=realpath(filename,buff))) + /* realpath won't accept empty string - use "." instead */ + if ((ptr=realpath(filename[0] ? filename : cur_dir, buff))) strmake(to, ptr, FN_REFLEN-1); else { diff -Nru mariadb-11.8.6/mysys/my_virtual_mem.c mariadb-11.8.8/mysys/my_virtual_mem.c --- mariadb-11.8.6/mysys/my_virtual_mem.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/my_virtual_mem.c 2026-05-24 09:58:32.000000000 +0000 @@ -103,9 +103,6 @@ # else void *p= 0; const int flags= -# ifdef MAP_POPULATE - MAP_POPULATE | -# endif MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED; p= mmap(ptr, size, PROT_READ | PROT_WRITE, flags, -1, 0); if (p == MAP_FAILED) @@ -128,9 +125,6 @@ { #ifdef _WIN32 DBUG_ASSERT(is_memory_committed(ptr, size)); -# ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT -# error "VirtualFree(MEM_DECOMMIT) will not allow subsequent reads!" -# endif if (!my_use_large_pages) { if (!VirtualFree(ptr, size, MEM_DECOMMIT)) @@ -141,19 +135,6 @@ } } #else - const int prot= -# ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT - /* - In InnoDB, buf_pool_t::page_guess() may deference pointers to - this, assuming that either the original contents or zeroed - contents is available. - */ - PROT_READ -# else - /* We will explicitly mark the memory unaccessible. */ - PROT_NONE -# endif - ; # ifdef _AIX disclaim(ptr, size, DISCLAIM_ZEROMEM); # elif defined __linux__ || defined __osf__ @@ -172,7 +153,7 @@ # else # warning "Do not know how to decommit memory" # endif - if (mprotect(ptr, size, prot)) + if (mprotect(ptr, size, PROT_NONE)) { my_error(EE_BADMEMORYRELEASE, MYF(ME_ERROR_LOG_ONLY), ptr, size, errno); DBUG_ASSERT(0); diff -Nru mariadb-11.8.6/mysys/testhash.c mariadb-11.8.8/mysys/testhash.c --- mariadb-11.8.6/mysys/testhash.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/mysys/testhash.c 2026-05-24 09:58:32.000000000 +0000 @@ -81,7 +81,7 @@ { n1=rnd(1000); n2=rnd(100); n3=rnd(MY_MIN(recant*5,MAX_RECORDS)); record= (char*) my_malloc(reclength,MYF(MY_FAE)); - sprintf(record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf(record, reclength, "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); if (my_hash_insert(&hash,record)) { printf("Error: %d in write at record: %d\n",my_errno,i); @@ -102,7 +102,7 @@ for (j=rnd(1000) ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); if (!(recpos=hash_search(&hash,key,0))) { printf("can't find key1: \"%s\"\n",key); @@ -137,7 +137,7 @@ for (j=rnd(1000) ; j>0 && key1[j] == 0 ; j--) ; if (j) { - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); if (!(recpos=hash_search(&hash,key,0))) { printf("can't find key1: \"%s\"\n",key); @@ -146,7 +146,7 @@ key1[atoi(recpos)]--; key_check=key_check-atoi(recpos)+n1; key1[n1]++; - sprintf(recpos,"%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); + snprintf(recpos, reclength, "%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); update++; if (hash_update(&hash,recpos,key,0)) { @@ -175,7 +175,7 @@ { HASH_SEARCH_STATE state; printf("- Testing identical read\n"); - sprintf(key,"%6d",j); + snprintf(key, sizeof(key), "%6d",j); pos=1; if (!(recpos= hash_first(&hash, key, 0, &state))) { diff -Nru mariadb-11.8.6/plugin/auth_mysql_sha2/mysql_sha2.c mariadb-11.8.8/plugin/auth_mysql_sha2/mysql_sha2.c --- mariadb-11.8.6/plugin/auth_mysql_sha2/mysql_sha2.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/auth_mysql_sha2/mysql_sha2.c 2026-05-24 09:58:32.000000000 +0000 @@ -251,6 +251,6 @@ status_variables, sysvars, "1.0", - MariaDB_PLUGIN_MATURITY_GAMMA + MariaDB_PLUGIN_MATURITY_STABLE } maria_declare_plugin_end; diff -Nru mariadb-11.8.6/plugin/auth_pam/testing/CMakeLists.txt mariadb-11.8.8/plugin/auth_pam/testing/CMakeLists.txt --- mariadb-11.8.6/plugin/auth_pam/testing/CMakeLists.txt 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/auth_pam/testing/CMakeLists.txt 2026-05-24 09:58:32.000000000 +0000 @@ -10,8 +10,7 @@ PROPERTY COMPILE_FLAGS "-Wno-incompatible-pointer-types-discards-qualifiers") ENDIF() -IF (NOT DEB) # avoid arch-dependent-file-in-usr-share error - SET(dest DESTINATION "${INSTALL_MYSQLTESTDIR}/suite/plugins/pam" COMPONENT Test) - INSTALL(TARGETS pam_mariadb_mtr ${dest}) - INSTALL(FILES mariadb_mtr.conf RENAME mariadb_mtr ${dest}) -ENDIF() +SET(PAM_MARIADB_MTR_LOCATON ${INSTALL_PLUGINDIR}/test_pam_modules) +INSTALL(TARGETS pam_mariadb_mtr DESTINATION ${PAM_MARIADB_MTR_LOCATON} COMPONENT Test) +CONFIGURE_FILE(mariadb_mtr.conf mariadb_mtr) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/mariadb_mtr DESTINATION "${INSTALL_MYSQLTESTDIR}/suite/plugins/pam" COMPONENT Test) diff -Nru mariadb-11.8.6/plugin/auth_pam/testing/mariadb_mtr.conf mariadb-11.8.8/plugin/auth_pam/testing/mariadb_mtr.conf --- mariadb-11.8.6/plugin/auth_pam/testing/mariadb_mtr.conf 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/auth_pam/testing/mariadb_mtr.conf 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,4 @@ # Put it in /etc/pam.d/mariadb_mtr -auth required pam_mariadb_mtr.so pam_test +auth required @CMAKE_INSTALL_PREFIX@/@PAM_MARIADB_MTR_LOCATON@/pam_mariadb_mtr.so pam_test account required pam_permit.so diff -Nru mariadb-11.8.6/plugin/auth_parsec/server_parsec.cc mariadb-11.8.8/plugin/auth_parsec/server_parsec.cc --- mariadb-11.8.6/plugin/auth_parsec/server_parsec.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/auth_parsec/server_parsec.cc 2026-05-24 09:58:32.000000000 +0000 @@ -315,6 +315,6 @@ NULL, NULL, "1.0", - MariaDB_PLUGIN_MATURITY_GAMMA + MariaDB_PLUGIN_MATURITY_STABLE } maria_declare_plugin_end; diff -Nru mariadb-11.8.6/plugin/feedback/feedback.cc mariadb-11.8.8/plugin/feedback/feedback.cc --- mariadb-11.8.6/plugin/feedback/feedback.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/feedback/feedback.cc 2026-05-24 09:58:32.000000000 +0000 @@ -66,7 +66,7 @@ static ST_FIELD_INFO feedback_fields[] = { Show::Column("VARIABLE_NAME", Show::Varchar(255), NOT_NULL), - Show::Column("VARIABLE_VALUE", Show::Varchar(1024), NOT_NULL), + Show::Column("VARIABLE_VALUE", Show::Varchar(4096), NOT_NULL), Show::CEnd() }; diff -Nru mariadb-11.8.6/plugin/feedback/utils.cc mariadb-11.8.8/plugin/feedback/utils.cc --- mariadb-11.8.6/plugin/feedback/utils.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/feedback/utils.cc 2026-05-24 09:58:32.000000000 +0000 @@ -104,15 +104,15 @@ buf->nodename[0]= 0; strcpy(buf->sysname, "Windows"); - sprintf(buf->release, "%d.%d", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion); + snprintf(buf->release, sizeof(buf->release), "%d.%d", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion); const char *version_str= get_os_version_name(&ver); if(version_str && version_str[0]) - sprintf(buf->version, "%s %s",version_str, ver.szCSDVersion); + snprintf(buf->version, sizeof(buf->version), "%s %s",version_str, ver.szCSDVersion); else { /* Fallback for unknown versions, e.g "Windows ." */ - sprintf(buf->version, "Windows %d.%d%s", + snprintf(buf->version, sizeof(buf->version), "Windows %d.%d%s", (int)ver.dwMajorVersion, (int)ver.dwMinorVersion, (ver.wProductType == VER_NT_WORKSTATION ? "" : " Server")); } @@ -141,7 +141,7 @@ #ifdef TARGET_OS_LINUX #include static bool have_distribution= false; -static char distribution[256]; +static char distribution[1024]; static const char *masks[]= { "/etc/*-version", "/etc/*-release", @@ -266,27 +266,61 @@ #ifdef TARGET_OS_LINUX /* - let's try to find what linux distribution it is - we read *[-_]{release,version} file in /etc. + Let's try to find what Linux distribution it is. + We first check for the modern and portable /etc/os-release: - Either it will be /etc/lsb-release, such as + ==> /etc/os-release <== + PRETTY_NAME="Ubuntu 22.04.2 LTS" + + If not found, we fall back to /etc/lsb-release: ==> /etc/lsb-release <== - DISTRIB_ID=Ubuntu - DISTRIB_RELEASE=8.04 - DISTRIB_CODENAME=hardy DISTRIB_DESCRIPTION="Ubuntu 8.04.4 LTS" - Or a one-liner with the description (/etc/SuSE-release has more - than one line, but the description is the first, so it can be - treated as a one-liner). - - We'll read lsb-release first, and if it's not found will search - for other files (*-version *-release *_version *_release) -*/ + Or a one-liner with the description (/etc/SuSE-release has more + than one line, but the description is the first, so it can be + treated as a one-liner). + + We'll read os-release first, then lsb-release, and if neither is found + we will search for other files (*-version *-release *_version *_release). + */ int fd; have_distribution= false; - if ((fd= my_open("/etc/lsb-release", O_RDONLY, MYF(0))) != -1) + + /* 1. First try the modern portable way: /etc/os-release */ + if ((fd= my_open("/etc/os-release", O_RDONLY, MYF(0))) != -1) + { + size_t len= my_read(fd, (uchar*)distribution, sizeof(distribution)-1, MYF(0)); + my_close(fd, MYF(0)); + if (len != (size_t)-1) + { + distribution[len]= 0; // safety + char *found= strstr(distribution, "PRETTY_NAME="); + if (found) + { + have_distribution= true; + char *end= strstr(found, "\n"); + if (end == NULL) + end= distribution + len; + found+= 12; // Length of "PRETTY_NAME=" + + if (*found == '"' && end[-1] == '"') + { + found++; + end--; + } + *end= 0; + + size_t val_len= (size_t)(end - found); + memmove(distribution + 12, found, val_len); + distribution[12 + val_len]= '\0'; + memcpy(distribution, "os-release: ", 12); + } + } + } + + /* 2. Fallback to older /etc/lsb-release if os-release is not found */ + if (!have_distribution && (fd= my_open("/etc/lsb-release", O_RDONLY, MYF(0))) != -1) { /* Cool, LSB-compliant distribution! */ size_t len= my_read(fd, (uchar*)distribution, sizeof(distribution)-1, MYF(0)); @@ -301,7 +335,7 @@ char *end= strstr(found, "\n"); if (end == NULL) end= distribution + len; - found+= 20; + found+= 20; // Length of "DISTRIB_DESCRIPTION=" if (*found == '"' && end[-1] == '"') { @@ -316,6 +350,7 @@ } } + /* if not an LSB-compliant distribution */ for (uint i= 0; !have_distribution && i < array_elements(masks); i++) { diff -Nru mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/suite.pm mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/suite.pm --- mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/suite.pm 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/suite.pm 2026-05-24 09:58:32.000000000 +0000 @@ -5,8 +5,16 @@ use strict; -return "Hashicorp Key Management plugin tests are currently not available on Windows" - if IS_WINDOWS; + +if (IS_WINDOWS) { + # On Windows, use 'where' to check for vault binary + return "Hashicorp Vault key management utility not found" + unless `where vault 2> NUL`; +} else { + # On Unix, use 'command -v' + return "Hashicorp Vault key management utility not found" + unless `sh -c "command -v vault"`; +} return "You need to set the value of the VAULT_ADDR variable" unless $ENV{VAULT_ADDR}; @@ -14,7 +22,4 @@ return "You need to set the value of the VAULT_TOKEN variable" unless $ENV{VAULT_TOKEN}; -return "Hashicorp Vault key management utility not found" - unless `sh -c "command -v vault"`; - bless {}; diff -Nru mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test --- mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_check_kv_version.test 2026-05-24 09:58:32.000000000 +0000 @@ -5,6 +5,8 @@ --source include/have_innodb.inc --source hashicorp_plugin.inc +# Unixism - exec grep +--source include/not_windows.inc --exec vault secrets disable bug1 > /dev/null --exec vault secrets disable good > /dev/null diff -Nru mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_plugin.inc mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_plugin.inc --- mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_plugin.inc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_plugin.inc 2026-05-24 09:58:32.000000000 +0000 @@ -1,2 +1 @@ --source include/have_hashicorp_key_management_plugin.inc ---source include/not_windows.inc diff -Nru mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test --- mariadb-11.8.6/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/hashicorp_key_management/mysql-test/vault/t/hashicorp_url_prefix.test 2026-05-24 09:58:32.000000000 +0000 @@ -5,6 +5,8 @@ --source include/have_innodb.inc --source hashicorp_plugin.inc +# Unixism - "exec grep" +--source include/not_windows.inc --exec vault secrets disable bug > /dev/null --exec vault secrets enable -path /bug -version=2 kv > /dev/null diff -Nru mariadb-11.8.6/plugin/type_inet/sql_type_inet.cc mariadb-11.8.8/plugin/type_inet/sql_type_inet.cc --- mariadb-11.8.6/plugin/type_inet/sql_type_inet.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/plugin/type_inet/sql_type_inet.cc 2026-05-24 09:58:32.000000000 +0000 @@ -500,7 +500,7 @@ // // If it is not the last field, append closing ':'. - p += sprintf(p, "%x", ipv6_words[i]); + p += snprintf(p, dstend - p, "%x", ipv6_words[i]); if (i + 1 != IN6_ADDR_NUM_WORDS) { diff -Nru mariadb-11.8.6/scripts/galera_new_cluster.sh mariadb-11.8.8/scripts/galera_new_cluster.sh --- mariadb-11.8.6/scripts/galera_new_cluster.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/scripts/galera_new_cluster.sh 2026-05-24 09:58:32.000000000 +0000 @@ -22,7 +22,7 @@ fi echo _WSREP_NEW_CLUSTER='--wsrep-new-cluster' > "@INSTALL_RUNDATADIR@/wsrep-new-cluster" && \ - systemctl restart mariadb.service + systemctl restart "${1:-mariadb.service}" extcode=$? diff -Nru mariadb-11.8.6/scripts/mariadb_system_tables_fix.sql mariadb-11.8.8/scripts/mariadb_system_tables_fix.sql --- mariadb-11.8.6/scripts/mariadb_system_tables_fix.sql 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/scripts/mariadb_system_tables_fix.sql 2026-05-24 09:58:32.000000000 +0000 @@ -887,7 +887,20 @@ DROP TABLE user; END IF// -IF 1 = (SELECT count(*) FROM information_schema.VIEWS WHERE TABLE_CATALOG = 'def' and TABLE_SCHEMA = 'mysql' and TABLE_NAME='user' and (DEFINER = 'root@localhost' or (DEFINER = 'mariadb.sys@localhost' and VIEW_DEFINITION LIKE "%'N' AS `password_expired`%"))) THEN +IF 1 = (SELECT count(*) FROM information_schema.VIEWS + WHERE TABLE_CATALOG = 'def' + AND TABLE_SCHEMA = 'mysql' + AND TABLE_NAME = 'user' + AND (DEFINER = 'root@localhost' + OR (DEFINER = 'mariadb.sys@localhost' + AND (VIEW_DEFINITION LIKE "%'N' AS `password_expired`%" + OR CHARACTER_SET_CLIENT <> 'latin1' + OR COLLATION_CONNECTION <> 'latin1_swedish_ci' + ) + ) + ) + ) +THEN DROP VIEW IF EXISTS mysql.user; END IF// diff -Nru mariadb-11.8.6/scripts/wsrep_sst_common.sh mariadb-11.8.8/scripts/wsrep_sst_common.sh --- mariadb-11.8.6/scripts/wsrep_sst_common.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/scripts/wsrep_sst_common.sh 2026-05-24 09:58:32.000000000 +0000 @@ -29,6 +29,15 @@ export LD_LIBRARY_PATH="${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}/usr/local/lib:/lib:/usr/lib:/opt/lib" fi +safe() +{ + if [[ "${!1}" = *[\ \'\`\$]* ]]; then + wsrep_log_error "Invalid value for $1: ${!1}" + exit 21 + fi + echo "${!1}" +} + commandex() { if [ -n "$BASH_VERSION" ]; then diff -Nru mariadb-11.8.6/scripts/wsrep_sst_mariabackup.sh mariadb-11.8.8/scripts/wsrep_sst_mariabackup.sh --- mariadb-11.8.6/scripts/wsrep_sst_mariabackup.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/scripts/wsrep_sst_mariabackup.sh 2026-05-24 09:58:32.000000000 +0000 @@ -279,7 +279,7 @@ wsrep_log_info "Using traditional netcat as streamer" tcmd="$tcmd -q0" fi - tcmd="$tcmd $WSREP_SST_OPT_HOST_UNESCAPED $SST_PORT" + tcmd="$tcmd $(safe WSREP_SST_OPT_HOST_UNESCAPED) $SST_PORT" fi else tfmt='socat' @@ -404,14 +404,14 @@ # CA verification verify_ca_matches_cert "$tpem" "$tcert" "$tcap" if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then - CN_option=",commonname='$WSREP_SST_OPT_REMOTE_USER'" + CN_option=",commonname='$(safe WSREP_SST_OPT_REMOTE_USER)'" elif [ "$WSREP_SST_OPT_ROLE" = 'joiner' -o $encrypt -eq 4 ] then CN_option=",commonname=''" elif is_local_ip "$WSREP_SST_OPT_HOST_UNESCAPED"; then CN_option=',commonname=localhost' else - CN_option=",commonname='$WSREP_SST_OPT_HOST_UNESCAPED'" + CN_option=",commonname='$(safe WSREP_SST_OPT_HOST_UNESCAPED)'" fi tcmd="$tcmd,cert='$tpem',key='$tkey'" if [ -n "$tcert" ]; then @@ -757,11 +757,11 @@ setup_ports() { - SST_PORT="$WSREP_SST_OPT_PORT" + SST_PORT="$(safe WSREP_SST_OPT_PORT)" if [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then - REMOTEIP="$WSREP_SST_OPT_HOST" - lsn="$WSREP_SST_OPT_LSN" - sst_ver="$WSREP_SST_OPT_SST_VER" + REMOTEIP="$(safe WSREP_SST_OPT_HOST)" + lsn="$(safe WSREP_SST_OPT_LSN)" + sst_ver="$(safe WSREP_SST_OPT_SST_VER)" fi } diff -Nru mariadb-11.8.6/scripts/wsrep_sst_rsync.sh mariadb-11.8.8/scripts/wsrep_sst_rsync.sh --- mariadb-11.8.6/scripts/wsrep_sst_rsync.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/scripts/wsrep_sst_rsync.sh 2026-05-24 09:58:32.000000000 +0000 @@ -251,7 +251,7 @@ exit 22 # EINVAL fi if [ -n "$WSREP_SST_OPT_REMOTE_USER" ]; then - CHECK_OPT="checkHost = $WSREP_SST_OPT_REMOTE_USER" + CHECK_OPT="checkHost = $(safe WSREP_SST_OPT_REMOTE_USER)" elif [ "$WSREP_SST_OPT_ROLE" = 'donor' ]; then # check if the address is an ip-address (v4 or v6): if echo "$WSREP_SST_OPT_HOST_UNESCAPED" | \ @@ -645,8 +645,9 @@ echo "$STATE" > "$MAGIC_FILE" if [ -n "$WSREP_SST_OPT_REMOTE_PSWD" ]; then - # Let joiner know that we know its secret - echo "$SECRET_TAG $WSREP_SST_OPT_REMOTE_PSWD" >> "$MAGIC_FILE" + # Let joiner know that we know its secret. + WSREP_SST_OPT_REMOTE_PSWD_=$(safe WSREP_SST_OPT_REMOTE_PSWD) + echo "$SECRET_TAG $WSREP_SST_OPT_REMOTE_PSWD_" >> "$MAGIC_FILE" fi if [ $WSREP_SST_OPT_BYPASS -ne 0 ]; then diff -Nru mariadb-11.8.6/sql/field.cc mariadb-11.8.8/sql/field.cc --- mariadb-11.8.6/sql/field.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/field.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4845,6 +4845,10 @@ int Field_float::store(double nr) { + if (nr == 0.0) + { + nr= 0.0; // correct negative zero + } DBUG_ASSERT(marked_for_write_or_computed()); int error= truncate_double(&nr, field_length, not_fixed ? NOT_FIXED_DEC : dec, @@ -4989,6 +4993,10 @@ int Field_double::store(double nr) { + if (nr == 0.0) + { + nr= 0.0; // correct negative zero + } DBUG_ASSERT(marked_for_write_or_computed()); int error= truncate_double(&nr, field_length, not_fixed ? NOT_FIXED_DEC : dec, @@ -6748,11 +6756,15 @@ String *Field_year::val_str(String *val_buffer, String *val_ptr __attribute__((unused))) { - DBUG_ASSERT(field_length < 5); - val_buffer->alloc(5); + /* "YYYY" + NUL terminator */ + static const size_t YEAR_STR_BUFF_LEN= 5; + DBUG_ASSERT(field_length < YEAR_STR_BUFF_LEN); + val_buffer->alloc(YEAR_STR_BUFF_LEN); val_buffer->length(field_length); char *to=(char*) val_buffer->ptr(); - sprintf(to,field_length == 2 ? "%02d" : "%04d",(int) Field_year::val_int()); + snprintf(to, YEAR_STR_BUFF_LEN, + field_length == 2 ? "%02d" : "%04d", + (int) Field_year::val_int()); val_buffer->set_charset(&my_charset_numeric); return val_buffer; } @@ -8924,7 +8936,7 @@ DBUG_ASSERT(length <= max_data_length()); new_length= length; - copy_length= table->in_use->variables.group_concat_max_len; + copy_length= table->in_use->gconcat_max_len(); if (new_length > copy_length) { new_length= Well_formed_prefix(cs, @@ -9562,7 +9574,7 @@ /* This is for reading numbers with LOAD DATA INFILE */ char *end; tmp=(uint) cs->strntoul(from,length,10,&end,&err); - if (err || end != from + length || tmp > m_typelib->count) + if (err || end != from + length || !tmp || tmp > m_typelib->count) { tmp=0; set_warning(WARN_DATA_TRUNCATED, 1); diff -Nru mariadb-11.8.6/sql/filesort.cc mariadb-11.8.8/sql/filesort.cc --- mariadb-11.8.6/sql/filesort.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/filesort.cc 2026-05-24 09:58:32.000000000 +0000 @@ -999,7 +999,7 @@ select->cond : select->pre_idx_push_select_cond)); if (sort_cond) sort_cond->walk(&Item::register_field_in_read_map, 1, sort_form); - sort_form->file->column_bitmaps_signal(); + sort_form->file->column_bitmaps_signal(false); if (quick_select) { diff -Nru mariadb-11.8.6/sql/gcalc_slicescan.cc mariadb-11.8.8/sql/gcalc_slicescan.cc --- mariadb-11.8.6/sql/gcalc_slicescan.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/gcalc_slicescan.cc 2026-05-24 09:58:32.000000000 +0000 @@ -98,9 +98,10 @@ } -static int gcalc_pi_str(char *str, const Gcalc_heap::Info *pi, const char *postfix) +static int gcalc_pi_str(char *str, size_t size, + const Gcalc_heap::Info *pi, const char *postfix) { - return sprintf(str, "%s %d %d | %s %d %d%s", + return snprintf(str, size, "%s %d %d | %s %d %d%s", GCALC_SIGN(pi->node.shape.ix[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.ix[0]),pi->node.shape.ix[1], GCALC_SIGN(pi->node.shape.iy[0]) ? "-":"", FIRST_DIGIT(pi->node.shape.iy[0]),pi->node.shape.iy[1], postfix); @@ -130,7 +131,7 @@ #endif return; } - n_buf= gcalc_pi_str(buf, pi, ""); + n_buf= gcalc_pi_str(buf, sizeof(buf), pi, ""); buf[n_buf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } @@ -146,14 +147,16 @@ for (; slice; slice= slice->get_next()) { size_t lnbuf= nbuf; - lnbuf+= sprintf(buf + lnbuf, "%d\t", slice->thread); - lnbuf+= sprintf(buf + lnbuf, "%s\t", gcalc_ev_name(slice->event)); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%d\t", slice->thread); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "%s\t", + gcalc_ev_name(slice->event)); - lnbuf+= gcalc_pi_str(buf + lnbuf, slice->pi, "\t"); + lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - lnbuf, slice->pi, "\t"); if (slice->is_bottom()) - lnbuf+= sprintf(buf+lnbuf, "bt\t"); + lnbuf+= snprintf(buf + lnbuf, sizeof(buf) - lnbuf, "bt\t"); else - lnbuf+= gcalc_pi_str(buf+lnbuf, slice->next_pi, "\t"); + lnbuf+= gcalc_pi_str(buf + lnbuf, sizeof(buf) - lnbuf, + slice->next_pi, "\t"); buf[lnbuf]= 0; GCALC_DBUG_PRINT(("%s", buf)); } @@ -900,14 +903,18 @@ } -void Gcalc_heap::Info::calc_xy(double *x, double *y) const +void Gcalc_heap::Info::calc_intersection_xy(double *x, double *y) const { + GCALC_DBUG_ASSERT(type == nt_intersection); double b0_x= node.intersection.p2->node.shape.x - node.intersection.p1->node.shape.x; double b0_y= node.intersection.p2->node.shape.y - node.intersection.p1->node.shape.y; double b1_x= node.intersection.p4->node.shape.x - node.intersection.p3->node.shape.x; double b1_y= node.intersection.p4->node.shape.y - node.intersection.p3->node.shape.y; double b0xb1= b0_x * b1_y - b0_y * b1_x; - double t= (node.intersection.p3->node.shape.x - node.intersection.p1->node.shape.x) * b1_y - (node.intersection.p3->node.shape.y - node.intersection.p1->node.shape.y) * b1_x; + double t=(node.intersection.p3->node.shape.x - + node.intersection.p1->node.shape.x) * b1_y - + (node.intersection.p3->node.shape.y - + node.intersection.p1->node.shape.y) * b1_x; t/= b0xb1; @@ -916,6 +923,19 @@ } +void Gcalc_heap::Info::get_xy(double *x, double *y) const +{ + if (type == nt_intersection) + calc_intersection_xy(x, y); + else + { + GCALC_DBUG_ASSERT(type == nt_shape_node); + *x= node.shape.x; + *y= node.shape.y; + } +} + + #ifdef GCALC_CHECK_WITH_FLOAT void Gcalc_heap::Info::calc_xy_ld(long double *x, long double *y) const { @@ -1923,7 +1943,8 @@ Gcalc_coord2 t_a, t_b; Gcalc_coord3 a_tb, b_ta, y_exp; calc_t(t_a, t_b, dxa, dya, - state.pi->node.intersection.p1, state.pi->node.intersection.p2, state.pi->node.intersection.p3, state.pi->node.intersection.p4); + state.pi->node.intersection.p1, state.pi->node.intersection.p2, + state.pi->node.intersection.p3, state.pi->node.intersection.p4); gcalc_mul_coord(a_tb, GCALC_COORD_BASE3, @@ -1969,14 +1990,12 @@ double Gcalc_scan_iterator::get_h() const { double cur_y= get_y(); - double next_y; - if (state.pi->type == Gcalc_heap::nt_intersection) - { - double x; - state.pi->calc_xy(&x, &next_y); - } - else - next_y= state.pi->next ? state.pi->get_next()->node.shape.y : 0.0; + double x, next_y; + + GCALC_DBUG_ASSERT(m_cur_pi); + + m_cur_pi->get_xy(&x, &next_y); + return next_y - cur_y; } diff -Nru mariadb-11.8.6/sql/gcalc_slicescan.h mariadb-11.8.8/sql/gcalc_slicescan.h --- mariadb-11.8.6/sql/gcalc_slicescan.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/gcalc_slicescan.h 2026-05-24 09:58:32.000000000 +0000 @@ -216,7 +216,8 @@ bool is_single_node() const { return is_bottom() && is_top(); } - void calc_xy(double *x, double *y) const; + void calc_intersection_xy(double *x, double *y) const; + void get_xy(double *x, double *y) const; int equal_pi(const Info *pi) const; #ifdef GCALC_CHECK_WITH_FLOAT void calc_xy_ld(long double *x, long double *y) const; diff -Nru mariadb-11.8.6/sql/gcalc_tools.cc mariadb-11.8.8/sql/gcalc_tools.cc --- mariadb-11.8.6/sql/gcalc_tools.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/gcalc_tools.cc 2026-05-24 09:58:32.000000000 +0000 @@ -227,7 +227,7 @@ if (result == result_true) { c_op= (c_op & ~v_mask) | v_t_found; - int4store(sav_cur_func, c_op); + int4store(const_cast(sav_cur_func), c_op); } else { @@ -239,7 +239,7 @@ if (result == result_false) { c_op= (c_op & ~v_mask) | v_f_found; - int4store(sav_cur_func, c_op); + int4store(const_cast(sav_cur_func), c_op); } else { @@ -1283,7 +1283,7 @@ if (res->intersection_point) { double x, y; - res->pi->calc_xy(&x, &y); + res->pi->calc_intersection_xy(&x, &y); if (storage->single_point(x,y)) GCALC_DBUG_RETURN(1); } @@ -1310,7 +1310,7 @@ { if (cur->intersection_point) { - cur->pi->calc_xy(&x, &y); + cur->pi->calc_intersection_xy(&x, &y); } else { diff -Nru mariadb-11.8.6/sql/ha_partition.cc mariadb-11.8.8/sql/ha_partition.cc --- mariadb-11.8.6/sql/ha_partition.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/ha_partition.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2163,12 +2163,12 @@ DBUG_ASSERT(m_new_file == 0); m_new_file= new_file_array; for (i= 0; i < part_count; i++) - m_added_file[i]->extra(HA_EXTRA_BEGIN_ALTER_COPY); + m_added_file[i]->extra(HA_EXTRA_BEGIN_COPY); error= copy_partitions(copied, deleted); for (i= 0; i < part_count; i++) m_added_file[i]->extra(error - ? HA_EXTRA_ABORT_ALTER_COPY - : HA_EXTRA_END_ALTER_COPY); + ? HA_EXTRA_ABORT_COPY + : HA_EXTRA_END_COPY); if (unlikely(error)) { /* @@ -9532,9 +9532,10 @@ */ DBUG_RETURN(ER_UNSUPORTED_LOG_ENGINE); case HA_EXTRA_STARTING_ORDERED_INDEX_SCAN: - case HA_EXTRA_BEGIN_ALTER_COPY: - case HA_EXTRA_END_ALTER_COPY: - case HA_EXTRA_ABORT_ALTER_COPY: + case HA_EXTRA_BEGIN_COPY: + case HA_EXTRA_END_COPY: + case HA_EXTRA_ABORT_COPY: + case HA_EXTRA_BEGIN_ALTER_IGNORE_COPY: DBUG_RETURN(loop_partitions(extra_cb, &operation)); default: { diff -Nru mariadb-11.8.6/sql/ha_partition.h mariadb-11.8.8/sql/ha_partition.h --- mariadb-11.8.6/sql/ha_partition.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/ha_partition.h 2026-05-24 09:58:32.000000000 +0000 @@ -569,13 +569,13 @@ m_file[part_id]->update_create_info(create_info); } - void column_bitmaps_signal() override + void column_bitmaps_signal(bool mark_for_update) override { for (uint i= bitmap_get_first_set(&m_opened_partitions); i < m_tot_parts; i= bitmap_get_next_set(&m_opened_partitions, i)) { - m_file[i]->column_bitmaps_signal(); + m_file[i]->column_bitmaps_signal(mark_for_update); } } diff -Nru mariadb-11.8.6/sql/ha_sequence.h mariadb-11.8.8/sql/ha_sequence.h --- mariadb-11.8.6/sql/ha_sequence.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/ha_sequence.h 2026-05-24 09:58:32.000000000 +0000 @@ -157,8 +157,8 @@ { return file->check_and_repair(thd); } bool is_crashed() const override { return file->is_crashed(); } - void column_bitmaps_signal() override - { return file->column_bitmaps_signal(); } + void column_bitmaps_signal(bool mark_for_update) override + { return file->column_bitmaps_signal(mark_for_update); } /* New methods */ void register_original_handler(handler *file_arg) diff -Nru mariadb-11.8.6/sql/handler.cc mariadb-11.8.8/sql/handler.cc --- mariadb-11.8.6/sql/handler.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/handler.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4549,6 +4549,8 @@ /** @brief MySQL signal that it changed the column bitmap + @param mark_for_update whether to mark indexed virtual columns + for UPDATE operations USAGE This is for handlers that needs to setup their own column bitmaps. Normally the handler should set up their own column bitmaps in @@ -4559,7 +4561,7 @@ rnd_init() call is made as after this, MySQL will not use the bitmap for any program logic checking. */ -void handler::column_bitmaps_signal() +void handler::column_bitmaps_signal(bool mark_for_update) { DBUG_ENTER("column_bitmaps_signal"); if (table) @@ -5859,12 +5861,15 @@ : create_info(create_info_arg), alter_info(alter_info_arg), key_info_buffer(key_info_arg), - key_count(key_count_arg), - rename_keys(current_thd->mem_root), modified_part_info(modified_part_info_arg), - ignore(ignore_arg), + rename_keys(current_thd->mem_root), + key_count(key_count_arg), inplace_supported(HA_ALTER_ERROR), - error_if_not_empty(error_non_empty) + online(false), + file_per_table(false), + ignore(ignore_arg), + error_if_not_empty(error_non_empty), + mdl_exclusive_after_prepare(false) {} void Alter_inplace_info::report_unsupported_error(const char *not_supported, diff -Nru mariadb-11.8.6/sql/handler.h mariadb-11.8.8/sql/handler.h --- mariadb-11.8.6/sql/handler.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/handler.h 2026-05-24 09:58:32.000000000 +0000 @@ -2579,21 +2579,12 @@ */ KEY *key_info_buffer; - /** Size of key_info_buffer array. */ - uint key_count; - - /** Size of index_drop_buffer array. */ - uint index_drop_count= 0; - /** Array of pointers to KEYs to be dropped belonging to the TABLE instance for the old version of the table. */ KEY **index_drop_buffer= nullptr; - /** Size of index_add_buffer array. */ - uint index_add_count= 0; - /** Array of indexes into key_info_buffer for KEYs to be added, sorted in increasing order. @@ -2602,32 +2593,6 @@ KEY_PAIR *index_altered_ignorability_buffer= nullptr; - /** Size of index_altered_ignorability_buffer array. */ - uint index_altered_ignorability_count= 0; - - /** - Old and new index names. Used for index rename. - */ - struct Rename_key_pair - { - Rename_key_pair(const KEY *old_key, const KEY *new_key) - : old_key(old_key), new_key(new_key) - { - } - const KEY *old_key; - const KEY *new_key; - }; - /** - Vector of key pairs from DROP/ADD index which can be renamed. - */ - typedef Mem_root_array Rename_keys_vector; - - /** - A list of indexes which should be renamed. - Index definitions stays the same. - */ - Rename_keys_vector rename_keys; - /** Context information to allow handlers to keep context between in-place alter API calls. @@ -2654,9 +2619,6 @@ */ alter_table_operations handler_flags= 0; - /* Alter operations involving parititons are strored here */ - ulong partition_flags; - /** Partition_info taking into account the partition changes to be performed. Contains all partitions which are present in the old version of the table @@ -2665,12 +2627,6 @@ */ partition_info * const modified_part_info; - /** true for ALTER IGNORE TABLE ... */ - const bool ignore; - - /** true for online operation (LOCK=NONE) */ - bool online= false; - /** When ha_commit_inplace_alter_table() is called the engine can set this to a function to be called after the ddl log @@ -2682,9 +2638,6 @@ /* This will be used as the argument to the above function when called */ void *inplace_alter_table_committed_argument= nullptr; - /** which ALGORITHM and LOCK are supported by the storage engine */ - enum_alter_inplace_result inplace_supported; - /** Can be set by handler to describe why a given operation cannot be done in-place (HA_ALTER_INPLACE_NOT_SUPPORTED) or why it cannot be done @@ -2699,11 +2652,57 @@ */ const char *unsupported_reason= nullptr; - /** true when InnoDB should abort the alter when table is not empty */ - const bool error_if_not_empty; + /* Alter operations involving parititons are strored here */ + ulong partition_flags; + + /** + Old and new index names. Used for index rename. + */ + struct Rename_key_pair + { + Rename_key_pair(const KEY *old_key, const KEY *new_key) + : old_key(old_key), new_key(new_key) + { + } + const KEY *old_key; + const KEY *new_key; + }; + /** + Vector of key pairs from DROP/ADD index which can be renamed. + */ + typedef Mem_root_array Rename_keys_vector; + /** + A list of indexes which should be renamed. + Index definitions stays the same. + */ + Rename_keys_vector rename_keys; + + /** Size of key_info_buffer array. */ + uint key_count; + + /** Size of index_drop_buffer array. */ + uint index_drop_count= 0; + + /** Size of index_add_buffer array. */ + uint index_add_count= 0; + + /** Size of index_altered_ignorability_buffer array. */ + uint index_altered_ignorability_count= 0; + + /** which ALGORITHM and LOCK are supported by the storage engine */ + enum_alter_inplace_result inplace_supported; + + /** TRUE for online operation (LOCK=NONE) */ + unsigned online : 1; + /** TRUE when innodb_file_per_table is set */ + unsigned file_per_table : 1; + /** TRUE for ALTER IGNORE TABLE ... */ + unsigned ignore : 1; + /** true when InnoDB should abort the alter when table is not empty */ + unsigned error_if_not_empty : 1; /** True when DDL should avoid downgrading the MDL */ - bool mdl_exclusive_after_prepare= false; + unsigned mdl_exclusive_after_prepare : 1; Alter_inplace_info(HA_CREATE_INFO *create_info_arg, Alter_info *alter_info_arg, @@ -4093,8 +4092,11 @@ call. Normally the handler should ignore all calls until we have done a ha_rnd_init() or ha_index_init(), write_row(), update_row or delete_row() as there may be several calls to this routine. + + @param mark_for_update whether to mark indexed virtual columns + for UPDATE operations */ - virtual void column_bitmaps_signal(); + virtual void column_bitmaps_signal(bool mark_for_update); /* We have to check for inited as some engines, like innodb, sets active_index during table scan. diff -Nru mariadb-11.8.6/sql/item.cc mariadb-11.8.8/sql/item.cc --- mariadb-11.8.6/sql/item.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item.cc 2026-05-24 09:58:32.000000000 +0000 @@ -5419,9 +5419,14 @@ { DBUG_ASSERT(copied_in); int err; - return null_value ? 0 : str_value.charset()->strntoll(str_value.ptr(), - str_value.length(), 10, - (char**) 0, &err); + if (null_value) + return 0; + if (unsigned_flag) + return (longlong) + str_value.charset()->strntoull(str_value.ptr(), str_value.length(), + 10, 0, &err); + return str_value.charset()->strntoll(str_value.ptr(), str_value.length(), + 10, 0, &err); } @@ -8197,6 +8202,20 @@ } +/* + @brief + Given an @p item from this select, check if it originates from + derived table made from select @p sel. If yes, return the item + expression from select @p sel that produces it. + + @note + Also check the multiple equality that @p item is a member of. + + @return + The item in sel's select list that is the source for @p item. + NULL if the item is not found. +*/ + static Item *find_producing_item(Item *item, st_select_lex *sel) { @@ -8246,6 +8265,16 @@ producing_clone->marker|= MARKER_SUBSTITUTION; return producing_clone; } + /* + This item doesn't come from the SELECT that we're pushing condition into. + This can be due to: + - This item refers to a constant expression. Currently we push those + down anyway. + - This item is inside Item_direct_view_ref object, call it $REF. $REF + participates in multiple equality which includes a pushable item $PI. + $REF->derived_field_transformer_for_where() will make sure that $PI + is pushed down instead. + */ return this; } @@ -8277,6 +8306,17 @@ producing_clone->marker|= MARKER_SUBSTITUTION; return producing_clone; } + /* + We get here in two cases: + 1. This is DEFAULT(field). TODO: Should this be pushed? + 2. This item doesn't come from the SELECT that we're pushing condition + - This item refers to a constant expression. Currently we push those + down anyway. + - This item is inside Item_direct_view_ref object, call it $REF. $REF + participates in multiple equality which includes a pushable item $PI. + $REF->derived_field_transformer_for_where() will make sure that $PI + is pushed down instead. + */ return this; } @@ -8982,7 +9022,7 @@ bool Item_ref::val_native(THD *thd, Native *to) { - return val_native_from_item(thd, *ref, to); + return val_native_result_from_item(thd, *ref, to); } @@ -9919,7 +9959,12 @@ if (args[i]->type() == Item::FUNC_ITEM && ((Item_func *)args[i])->functype() == Item_func::UDF_FUNC) return false; - if (args[i]->const_item()) + /* + Constant expression doesn't need to be checked. + BUT if it still reports to have references to tables, we must check that + only allowed columns are referred. + */ + if (args[i]->const_item() && !args[i]->used_tables()) continue; if (!args[i]->excl_dep_on_grouping_fields(sel)) return false; @@ -11040,6 +11085,7 @@ } else value_buff.copy(); + value_buff.mark_as_const(); return TRUE; } diff -Nru mariadb-11.8.6/sql/item.h mariadb-11.8.8/sql/item.h --- mariadb-11.8.6/sql/item.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item.h 2026-05-24 09:58:32.000000000 +0000 @@ -95,12 +95,6 @@ }; -#ifdef DBUG_OFF -static inline const char *dbug_print_item(Item *item) { return NULL; } -#else -const char *dbug_print_item(Item *item); -#endif - class Virtual_tmp_table; class sp_head; class Protocol; @@ -986,6 +980,13 @@ res= NULL; return res; } + bool val_native_result_from_item(THD *thd, Item *item, Native *to) + { + DBUG_ASSERT(fixed()); + null_value= item->val_native_result(thd, to); + DBUG_ASSERT(null_value == item->null_value); + return null_value; + } bool val_native_from_item(THD *thd, Item *item, Native *to) { DBUG_ASSERT(fixed()); @@ -2923,7 +2924,12 @@ { for (uint i= 0; i < arg_count; i++) { - if (args[i]->const_item()) + /* + Constant expression doesn't need to be checked. + BUT if it still reports to have references to tables, we must check + that only allowed table is referred. + */ + if (args[i]->const_item() && !args[i]->used_tables()) continue; if (!args[i]->excl_dep_on_table(tab_map)) return false; @@ -7243,6 +7249,10 @@ { return NULL; } Item *derived_field_transformer_for_where(THD *thd, uchar *arg) override { return NULL; } + /* + Note that grouping_field_transformer_for_where() is not implemented for + some reason. + */ Field *create_tmp_field_ex(MEM_ROOT *root, TABLE *table, Tmp_field_src *src, const Tmp_field_param *param) override; @@ -8526,7 +8536,11 @@ bool excl_dep_on_grouping_fields(st_select_lex *sel) override { return m_item->excl_dep_on_grouping_fields(sel); } bool is_expensive() override { return m_item->is_expensive(); } - void set_item(Item *item) { m_item= item; } + void set_item(Item *item) + { + m_item= item; + ref= &m_item; + } Item *deep_copy(THD *thd) const override { Item *clone_item= m_item->deep_copy_with_checks(thd); diff -Nru mariadb-11.8.6/sql/item_cmpfunc.h mariadb-11.8.8/sql/item_cmpfunc.h --- mariadb-11.8.6/sql/item_cmpfunc.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_cmpfunc.h 2026-05-24 09:58:32.000000000 +0000 @@ -1250,9 +1250,9 @@ bool fix_length_and_dec(THD *thd) override { update_nullability_post_fix_fields(); - if (aggregate_for_result(func_name_cstring(), args, arg_count, true)) + if (aggregate_for_result(func_name_cstring(), args, arg_count, true) || + fix_attributes(args, arg_count)) return TRUE; - fix_attributes(args, arg_count); return FALSE; } LEX_CSTRING func_name_cstring() const override @@ -1279,9 +1279,9 @@ protected: bool fix_length_and_dec2(Item **items) { - if (aggregate_for_result(func_name_cstring(), items, 2, true)) + if (aggregate_for_result(func_name_cstring(), items, 2, true) || + fix_attributes(items, 2)) return TRUE; - fix_attributes(items, 2); return FALSE; } @@ -2895,17 +2895,19 @@ /* Optimize case of not_null_column IS NULL */ void update_used_tables() override { + args[0]->update_used_tables(); + used_tables_cache= args[0]->used_tables(); + const_item_cache= args[0]->const_item(); + if (!args[0]->maybe_null() && !arg_is_datetime_notnull_field()) { - used_tables_cache= 0; /* is always false */ + /* + The result is always false. + But do NOT set used_tables_cache=0 as that will confuse derived + condition pushdown. + */ const_item_cache= 1; } - else - { - args[0]->update_used_tables(); - used_tables_cache= args[0]->used_tables(); - const_item_cache= args[0]->const_item(); - } } COND *remove_eq_conds(THD *thd, Item::cond_result *cond_value, bool top_level) override; diff -Nru mariadb-11.8.6/sql/item_geofunc.cc mariadb-11.8.8/sql/item_geofunc.cc --- mariadb-11.8.6/sql/item_geofunc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_geofunc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -60,7 +60,7 @@ Gis_read_stream trs(wkt->charset(), wkt->ptr(), wkt->length()); uint32 srid= 0; - if ((arg_count == 2) && !args[1]->null_value) + if (arg_count == 2) srid= (uint32)args[1]->val_int(); str->set_charset(&my_charset_bin); @@ -86,13 +86,14 @@ { String *str_ret= args[0]->val_str(str); null_value= args[0]->null_value; - if (!null_value && arg_count == 2 && !args[1]->null_value) { + if (!null_value && arg_count == 2) + { srid= (uint32)args[1]->val_int(); if (str->copy(*str_ret)) return 0; - int4store(str->ptr(), srid); + int4store(const_cast(str->ptr()), srid); return str; } return str_ret; @@ -100,7 +101,7 @@ wkb= args[0]->val_str(&arg_val); - if ((arg_count == 2) && !args[1]->null_value) + if (arg_count == 2) srid= (uint32)args[1]->val_int(); str->set_charset(&my_charset_bin); @@ -131,10 +132,10 @@ if ((null_value= args[0]->null_value)) return 0; - if (arg_count > 1 && !args[1]->null_value) + if (arg_count > 1) { options= args[1]->val_int(); - if (options > 4 || options < 1) + if (!args[1]->null_value && (options > 4 || options < 1)) { String *sv= args[1]->val_str(&tmp_js); my_error(ER_WRONG_VALUE_FOR_TYPE, MYF(0), @@ -144,7 +145,7 @@ } } - if ((arg_count == 3) && !args[2]->null_value) + if (arg_count == 3) srid= (uint32)args[2]->val_int(); str->set_charset(&my_charset_bin); @@ -276,11 +277,7 @@ if (args[1]->null_value) max_dec= FLOATING_POINT_DECIMALS; if (arg_count > 2) - { options= args[2]->val_int(); - if (args[2]->null_value) - options= 0; - } } str->length(0); @@ -1363,6 +1360,8 @@ } int store_shapes(Gcalc_shape_transporter *trn) const { return geom->store_shapes(trn); } + int shape_type() const + { return geom->get_class_info()->m_type_id; } }; @@ -1495,6 +1494,16 @@ Gcalc_function::op_intersection, 2); null_value= g1.store_shapes(&trn) || g2.store_shapes(&trn); break; + case SP_CROSSES_FUNC: + if (g1.shape_type() == Geometry::wkb_polygon || + g1.shape_type() == Geometry::wkb_multipolygon || + g2.shape_type() == Geometry::wkb_point || + g2.shape_type() == Geometry::wkb_multipoint) + { + null_value= true; + goto exit; + } + /* fall through */ case SP_OVERLAPS_FUNC: { // Both geometries must have the same number of dimensions. @@ -1508,10 +1517,6 @@ shape_a, shape_b, null_value); break; } - case SP_CROSSES_FUNC: - handle_sp_crosses_func_case(func, trn, g1, g2, - shape_a, shape_b, null_value); - break; case SP_TOUCHES_FUNC: if (func.reserve_op_buffer(5)) break; @@ -2685,6 +2690,16 @@ } +static double count_h_x(double x1, double y1, double x2, double y2, double h) +{ + double dy= y2 - y1; + double dx= x2 - x1; + double dh= h - y1; + + return x1 + dx * dh / dy; +} + + String *Item_func_pointonsurface::val_str(String *str) { Gcalc_operation_transporter trn(&func, &collector); @@ -2693,7 +2708,7 @@ Geometry *g; MBR mbr; const char *c_end; - double UNINIT_VAR(px), UNINIT_VAR(py), x0, UNINIT_VAR(y0); + double UNINIT_VAR(px), UNINIT_VAR(py); String *result= 0; const Gcalc_scan_iterator::point *pprev= NULL; uint32 srid; @@ -2716,54 +2731,54 @@ while (scan_it.more_points()) { + double h; + if (scan_it.step()) goto mem_error; - if (scan_it.get_h() > GIS_ZERO) - { - y0= scan_it.get_y(); - break; - } - } + if (!scan_it.more_points()) + goto exit; - if (!scan_it.more_points()) - { - goto exit; - } + if ((h= scan_it.get_h()) <= GIS_ZERO) + continue; - if (scan_it.step()) - goto mem_error; + py= scan_it.get_y() + h/2.0; - for (Gcalc_point_iterator pit(&scan_it); pit.point(); ++pit) - { - if (pprev == NULL) + for (Gcalc_point_iterator pit(&scan_it); pit.point(); ++pit) { - pprev= pit.point(); - continue; - } - x0= scan_it.get_sp_x(pprev); - px= scan_it.get_sp_x(pit.point()); - if (px - x0 > GIS_ZERO) - { - if (scan_it.get_h() > GIS_ZERO) + const Gcalc_scan_iterator::point *p= pit.point(); + double x1, y1, x2, y2, xa, xb; + + if (pprev == NULL) { - px= (px + x0) / 2.0; - py= scan_it.get_y(); + pprev= pit.point(); + continue; } - else + + pprev->pi->get_xy(&x1, &y1); + pprev->next_pi->get_xy(&x2, &y2); + + xa= count_h_x(x1, y1, x2, y2, py); + + p->pi->get_xy(&x1, &y1); + p->next_pi->get_xy(&x2, &y2); + xb= count_h_x(x1, y1, x2, y2, py); + + if (xb - xa > GIS_ZERO) { - px= (px + x0) / 2.0; - py= (y0 + scan_it.get_y()) / 2.0; + px= (xa + xb) / 2.0; + null_value= 0; + goto point_found; } - null_value= 0; - break; + + pprev= NULL; } - pprev= NULL; } if (null_value) goto exit; +point_found: str->set_charset(&my_charset_bin); str->length(0); if (str->reserve(SRID_SIZE, 512)) diff -Nru mariadb-11.8.6/sql/item_jsonfunc.cc mariadb-11.8.8/sql/item_jsonfunc.cc --- mariadb-11.8.6/sql/item_jsonfunc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_jsonfunc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -140,7 +140,7 @@ Appends arbitrary String to the JSON string taking charsets in consideration. */ -static int st_append_escaped(String *s, const String *a) +int st_append_escaped(String *s, const String *a) { /* In the worst case one character from the 'a' string @@ -672,7 +672,7 @@ bool Item_func_json_exists::val_bool() { json_engine_t je; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; String *js= args[0]->val_json(&tmp_js); @@ -733,19 +733,39 @@ bool Json_path_extractor::extract(String *str, Item *item_js, Item *item_jp, - CHARSET_INFO *cs) + CHARSET_INFO *cs, const char *func_name, + bool allow_wildcard) { String *js= item_js->val_json(&tmp_js); int error= 0; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; if (!parsed) { String *s_p= item_jp->val_str(&tmp_path); - if (s_p && + + if (allow_wildcard) + { + if (s_p && + json_path_setup(&p, s_p->charset(), (const uchar *) s_p->ptr(), + (const uchar *) s_p->ptr() + s_p->length())) + error= true; + } + else + { + if (s_p && path_setup_nwc(&p, s_p->charset(), (const uchar *) s_p->ptr(), (const uchar *) s_p->ptr() + s_p->length())) + error= true; + } + + if (error) + { + report_path_error_ex(s_p->ptr(), &p, func_name, 1, + Sql_condition::WARN_LEVEL_WARN); return true; + } + parsed= constant; } @@ -1049,8 +1069,18 @@ bool Item_func_json_extract::fix_length_and_dec(THD *thd) { collation.set(args[0]->collation); - max_length= args[0]->max_length * (arg_count - 1); + /* *2 accounts for LOOSE json_nice() formatting (spaces after : and ,). */ + ulonglong char_length= + (ulonglong) args[0]->max_char_length() * (arg_count - 1) * 2; + + if (arg_count > 2) + { + /* Multiple paths: result is wrapped as [val1, val2, ...]. */ + char_length+= 2 + (arg_count - 2) * 2; + } + + fix_char_length_ulonglong(char_length); mark_constant_paths(paths, args+1, arg_count-1); set_maybe_null(); return FALSE; @@ -1342,6 +1372,36 @@ } +bool Item_func_json_extract::val_bool() +{ + json_value_types type; + char *value; + int value_len; + longlong i= 0; + + if (read_json(NULL, &type, &value, &value_len) != NULL) + { + switch (type) + { + case JSON_VALUE_NUMBER: + case JSON_VALUE_STRING: + { + char *end; + int err; + i= collation.collation->strntoll(value, value_len, 10, &end, &err); + break; + } + case JSON_VALUE_TRUE: + i= 1; + break; + default: + i= 0; + break; + }; + } + return i != 0; +} + bool Item_func_json_contains::fix_length_and_dec(THD *thd) { @@ -1537,7 +1597,7 @@ if (arg_count>2) /* Path specified. */ { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; if (!path.parsed) { String *s_p= args[2]->val_str(&tmp_path); @@ -1674,7 +1734,7 @@ result= !mode_one; for (n_arg=2; n_arg < arg_count; n_arg++) { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; json_path_with_flags *c_path= paths + n_arg - 2; if (!c_path->parsed) { @@ -2084,7 +2144,7 @@ for (n_arg=1, n_path=0; n_arg < arg_count; n_arg+=2, n_path++) { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; json_path_with_flags *c_path= paths + n_path; if (!c_path->parsed) { @@ -2216,7 +2276,7 @@ for (n_arg=1, n_path=0; n_arg < arg_count; n_arg+=2, n_path++) { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; json_path_with_flags *c_path= paths + n_path; const char *item_pos; int n_item, corrected_n_item; @@ -2224,11 +2284,13 @@ if (!c_path->parsed) { String *s_p= args[n_arg]->val_str(tmp_paths+n_path); - if (s_p && - (path_setup_nwc(&c_path->p,s_p->charset(),(const uchar *) s_p->ptr(), + if (!s_p) + goto return_null; + + if (path_setup_nwc(&c_path->p,s_p->charset(),(const uchar *) s_p->ptr(), (const uchar *) s_p->ptr() + s_p->length()) || c_path->p.last_step - 1 < c_path->p.steps || - c_path->p.last_step->type != JSON_PATH_ARRAY)) + c_path->p.last_step->type != JSON_PATH_ARRAY) { if (c_path->p.s.error == 0) c_path->p.s.error= SHOULD_END_WITH_ARRAY; @@ -3067,7 +3129,7 @@ String *js= args[0]->val_json(&tmp_js); json_engine_t je; uint length= 0; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; int err; if ((null_value= args[0]->null_value)) @@ -3308,7 +3370,7 @@ for (n_arg=1, n_path=0; n_arg < arg_count; n_arg+=2, n_path++) { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; json_path_with_flags *c_path= paths + n_path; const char *v_to; json_path_step_t *lp; @@ -3573,7 +3635,7 @@ for (n_arg=1, n_path=0; n_arg < arg_count; n_arg++, n_path++) { - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; json_path_with_flags *c_path= paths + n_path; const char *rem_start= 0, *rem_end; json_path_step_t *lp; @@ -3796,7 +3858,7 @@ json_engine_t je; String *js= args[0]->val_json(&tmp_js); uint n_keys= 0; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; if ((args[0]->null_value)) goto null_return; @@ -3841,6 +3903,7 @@ goto null_return; str->length(0); + str->set_charset(collation.collation); if (str->append('[')) goto err_return; /* Out of memory. */ /* Parse the OBJECT collecting the keys. */ @@ -4432,9 +4495,10 @@ result.set_charset(collation.collation); result_field= 0; null_value= 1; - max_length= (uint32)(thd->variables.group_concat_max_len - / collation.collation->mbminlen - * collation.collation->mbmaxlen); + max_length= (uint32) MY_MIN((ulonglong) thd->gconcat_max_len() + / collation.collation->mbminlen + * collation.collation->mbmaxlen, UINT_MAX32); + if (check_sum_func(thd, ref)) return TRUE; @@ -4527,6 +4591,7 @@ } buf->length(0); + buf->set_charset(collation.collation); if (buf->append(normalized_json.str, normalized_json.length)) { null_value= 1; @@ -5194,12 +5259,11 @@ if ((null_value= args[0]->null_value) || (null_value= args[1]->null_value)) - { - goto return_null; - } + return NULL; null_value= Json_path_extractor::extract(&tmp_str, args[0], args[1], - collation.collation); + collation.collation, + func_name(), true); if (null_value) return NULL; @@ -5435,7 +5499,7 @@ prepare_json_and_create_hash(&je1, js1); } - if (null_value || args[1]->null_value) + if (!is_array || args[1]->null_value) goto null_return; str->set_charset(js2->charset()); @@ -5491,12 +5555,12 @@ init_alloc_root(PSI_NOT_INSTRUMENTED, &hash_root, 1024, 0, MYF(0)); root_inited= true; - if (json_read_value(je1) || je1->value_type != JSON_VALUE_ARRAY || + if (json_read_value(je1) + || !(is_array= (je1->value_type == JSON_VALUE_ARRAY)) || create_hash(je1, &items, item_hash_inited, &hash_root)) { if (je1->s.error) report_json_error(js, je1, 0); - null_value= 1; } max_length= 2*(args[0]->max_length < args[1]->max_length ? diff -Nru mariadb-11.8.6/sql/item_jsonfunc.h mariadb-11.8.8/sql/item_jsonfunc.h --- mariadb-11.8.6/sql/item_jsonfunc.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_jsonfunc.h 2026-05-24 09:58:32.000000000 +0000 @@ -48,6 +48,7 @@ void report_json_error_ex(const char *js, json_engine_t *je, const char *fname, int n_param, Sql_condition::enum_warning_level lv); +int st_append_escaped(String *s, const String *a); class Json_engine_scan: public json_engine_t { @@ -74,7 +75,8 @@ virtual ~Json_path_extractor() { } virtual bool check_and_get_value(Json_engine_scan *je, String *to, int *error)=0; - bool extract(String *to, Item *js, Item *jp, CHARSET_INFO *cs); + bool extract(String *to, Item *js, Item *jp, CHARSET_INFO *cs, + const char *func_name, bool allow_wildcard); }; @@ -186,7 +188,8 @@ String *val_str(String *to) override { null_value= Json_path_extractor::extract(to, args[0], args[1], - collation.collation); + collation.collation, func_name(), + false); return null_value ? NULL : to; } bool check_and_get_value(Json_engine_scan *je, @@ -216,7 +219,8 @@ String *val_str(String *to) override { null_value= Json_path_extractor::extract(to, args[0], args[1], - collation.collation); + collation.collation, func_name(), + true); return null_value ? NULL : to; } bool check_and_get_value(Json_engine_scan *je, @@ -320,6 +324,7 @@ bool fix_length_and_dec(THD *thd) override; String *val_str(String *) override; longlong val_int() override; + bool val_bool() override; double val_real() override; my_decimal *val_decimal(my_decimal *) override; uint get_n_paths() const override { return arg_count - 1; } @@ -834,6 +839,8 @@ longlong val_int() override { return 0; } my_decimal *val_decimal(my_decimal *decimal_value) override { + if (null_value) + return 0; my_decimal_set_zero(decimal_value); return decimal_value; } @@ -935,11 +942,11 @@ bool item_hash_inited, seen_hash_inited, root_inited; HASH items, seen; MEM_ROOT hash_root; - bool parse_for_each_row; + bool parse_for_each_row, is_array; public: Item_func_json_array_intersect(THD *thd, Item *a, Item *b): Item_str_func(thd, a, b) - { item_hash_inited= seen_hash_inited= root_inited= parse_for_each_row= false; } + { item_hash_inited= seen_hash_inited= root_inited= parse_for_each_row= is_array= false; } String *val_str(String *) override; bool fix_length_and_dec(THD *thd) override; LEX_CSTRING func_name_cstring() const override diff -Nru mariadb-11.8.6/sql/item_strfunc.cc mariadb-11.8.8/sql/item_strfunc.cc --- mariadb-11.8.6/sql/item_strfunc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_strfunc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -3788,8 +3788,10 @@ } if (count <= (res_char_length= res->numchars())) - { // String to pad is big enough - res->length(res->charpos((int) count)); // Shorten result if longer + { // String to pad is big enough + int len= res->charpos((int) count); + res= copy_if_not_alloced(str, res, len); + res->length(len); // Shorten result if longer return (res); } @@ -3884,7 +3886,9 @@ if (count <= res_char_length) { - res->length(res->charpos((int) count)); + int len= res->charpos((int) count); + res= copy_if_not_alloced(str, res, len); + res->length(len); return res; } @@ -4590,7 +4594,7 @@ ulong max_allowed_packet= current_thd->variables.max_allowed_packet; char *from, *to, *end, *start; String *arg= args[0]->val_str(&tmp_value); - uint arg_length, new_length; + size_t arg_length, new_length; if (!arg) // Null argument { /* Return the string 'NULL' */ @@ -5235,9 +5239,9 @@ if ((rc= mariadb_dyncol_json(&col, &json))) { dynamic_column_error_message(rc); + dynstr_free(&json); goto null; } - bzero(&col, sizeof(col)); { /* Move result from DYNAMIC_COLUMN to str */ char *ptr; @@ -5250,7 +5254,6 @@ return str; null: - bzero(&col, sizeof(col)); null_value= TRUE; return NULL; } diff -Nru mariadb-11.8.6/sql/item_strfunc.h mariadb-11.8.8/sql/item_strfunc.h --- mariadb-11.8.6/sql/item_strfunc.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_strfunc.h 2026-05-24 09:58:32.000000000 +0000 @@ -881,7 +881,11 @@ if (length == 0) return make_empty_result(&tmp_value); - tmp_value.set(*res, offset, length); + if (tmp_value.copy(res->ptr() + offset, length, res->charset())) + { + my_error(ER_OUTOFMEMORY, length); + return NULL; + } /* Make sure to return correct charset and collation: TRIM(0x000000 FROM _ucs2 0x0061) @@ -2019,6 +2023,7 @@ return name; } String *val_str(String *) override; + table_map not_null_tables() const override { return 0; } bool fix_length_and_dec(THD *thd) override { collation.set(args[0]->collation); diff -Nru mariadb-11.8.6/sql/item_subselect.cc mariadb-11.8.8/sql/item_subselect.cc --- mariadb-11.8.6/sql/item_subselect.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_subselect.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1276,8 +1276,8 @@ if (thd->lex->describe) { char warn_buff[MYSQL_ERRMSG_SIZE]; - sprintf(warn_buff, ER_THD(thd, ER_SELECT_REDUCED), - select_lex->select_number); + snprintf(warn_buff, sizeof(warn_buff), ER_THD(thd, ER_SELECT_REDUCED), + select_lex->select_number); push_warning(thd, Sql_condition::WARN_LEVEL_NOTE, ER_SELECT_REDUCED, warn_buff); } @@ -2109,8 +2109,8 @@ if (thd->lex->describe) { char warn_buff[MYSQL_ERRMSG_SIZE]; - sprintf(warn_buff, ER_THD(thd, ER_SELECT_REDUCED), - select_lex->select_number); + snprintf(warn_buff, sizeof(warn_buff), ER_THD(thd, ER_SELECT_REDUCED), + select_lex->select_number); push_warning(thd, Sql_condition::WARN_LEVEL_NOTE, ER_SELECT_REDUCED, warn_buff); } diff -Nru mariadb-11.8.6/sql/item_sum.cc mariadb-11.8.8/sql/item_sum.cc --- mariadb-11.8.6/sql/item_sum.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_sum.cc 2026-05-24 09:58:32.000000000 +0000 @@ -3808,7 +3808,7 @@ { Item_func_group_concat *item= (Item_func_group_concat *) item_arg; TABLE *table= item->table; - uint max_length= table->in_use->variables.group_concat_max_len; + uint max_length= table->in_use->gconcat_max_len(); String tmp((char *)table->record[1], table->s->reclength, default_charset_info); String tmp2; @@ -4138,7 +4138,7 @@ DBUG_ASSERT(tree->size_of_element == st.tree.size_of_element); st.table= table; st.len= 0; - st.maxlen= thd->variables.group_concat_max_len; + st.maxlen= thd->gconcat_max_len(); tree_walk(tree, ©_to_tree, &st, left_root_right); if (st.len <= st.maxlen) // Copying aborted. Must be OOM { @@ -4217,7 +4217,7 @@ { THD *thd= table->in_use; table->field[0]->store(row_str_len, FALSE); - if ((tree_len >> GCONCAT_REPACK_FACTOR) > thd->variables.group_concat_max_len + if ((tree_len >> GCONCAT_REPACK_FACTOR) > thd->gconcat_max_len() && tree->elements_in_tree > 1) if (repack_tree(thd)) return 1; @@ -4270,7 +4270,7 @@ result.set_charset(collation.collation); result_field= 0; null_value= 1; - max_length= (uint32) MY_MIN((ulonglong) thd->variables.group_concat_max_len + max_length= (uint32) MY_MIN((ulonglong) thd->gconcat_max_len() / collation.collation->mbminlen * collation.collation->mbmaxlen, UINT_MAX32); @@ -4362,8 +4362,7 @@ Prepend the field to store the length of the string representation of this row. Used to detect when the tree goes over group_concat_max_len */ - Item *item= new (thd->mem_root) - Item_uint(thd, thd->variables.group_concat_max_len); + Item *item= new (thd->mem_root) Item_uint(thd, thd->gconcat_max_len()); if (!item || all_fields.push_front(item, thd->mem_root)) DBUG_RETURN(TRUE); } diff -Nru mariadb-11.8.6/sql/item_timefunc.cc mariadb-11.8.8/sql/item_timefunc.cc --- mariadb-11.8.6/sql/item_timefunc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_timefunc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -627,11 +627,12 @@ str->append(hours_i < 12 ? "AM" : "PM",2); break; case 'r': - length= sprintf(intbuff, ((l_time->hour % 24) < 12) ? - "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", - (l_time->hour+11)%12+1, - l_time->minute, - l_time->second); + length= snprintf(intbuff, sizeof(intbuff), + ((l_time->hour % 24) < 12) ? + "%02d:%02d:%02d AM" : "%02d:%02d:%02d PM", + (l_time->hour+11)%12+1, + l_time->minute, + l_time->second); str->append(intbuff, length); break; case 'S': @@ -639,8 +640,8 @@ str->append_zerofill(l_time->second, 2); break; case 'T': - length= sprintf(intbuff, "%02d:%02d:%02d", - l_time->hour, l_time->minute, l_time->second); + length= snprintf(intbuff, sizeof(intbuff), "%02d:%02d:%02d", + l_time->hour, l_time->minute, l_time->second); str->append(intbuff, length); break; case 'U': @@ -2267,6 +2268,8 @@ goto error; break; case 'P': // PM or P.M. + if (ptr + 1 == end) + goto error; next_char= my_toupper(system_charset_info, *(ptr+1)); if (next_char == 'M') { @@ -2274,7 +2277,7 @@ ptr+= 1; tmp_len+= 2; } - else if (next_char == '.' && + else if (next_char == '.' && ptr + 3 < end && my_toupper(system_charset_info, *(ptr+2)) == 'M' && my_toupper(system_charset_info, *(ptr+3)) == '.') { @@ -3669,8 +3672,9 @@ check_time_range(ltime, decimals, &unused); char buf[28]; char *ptr= longlong10_to_str(hour.value(), buf, hour.is_unsigned() ? 10 : -10); - int len = (int)(ptr - buf) + sprintf(ptr, ":%02u:%02u", - (uint) minute, (uint) sec.sec()); + int len = (int)(ptr - buf) + snprintf(ptr, buf + sizeof(buf) - ptr, + ":%02u:%02u", + (uint) minute, (uint) sec.sec()); ErrConvString err(buf, len, &my_charset_bin); thd->push_warning_truncated_wrong_value("time", err.ptr()); } diff -Nru mariadb-11.8.6/sql/item_vectorfunc.h mariadb-11.8.8/sql/item_vectorfunc.h --- mariadb-11.8.6/sql/item_vectorfunc.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_vectorfunc.h 2026-05-24 09:58:32.000000000 +0000 @@ -21,6 +21,7 @@ #include "item.h" #include "lex_string.h" #include "item_func.h" +#include "sql_type_vector.h" class Item_func_vec_distance: public Item_real_func { @@ -94,6 +95,10 @@ bool fix_length_and_dec(THD *thd) override; Item_func_vec_fromtext(THD *thd, Item *a); String *val_str(String *buf) override; + const Type_handler *type_handler() const override + { return &type_handler_vector; } + Field *create_field_for_create_select(MEM_ROOT *root, TABLE *table) override + { return create_table_field_from_handler(root, table); } LEX_CSTRING func_name_cstring() const override { static LEX_CSTRING name= { STRING_WITH_LEN("VEC_FromText") }; diff -Nru mariadb-11.8.6/sql/item_windowfunc.cc mariadb-11.8.8/sql/item_windowfunc.cc --- mariadb-11.8.6/sql/item_windowfunc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_windowfunc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -123,7 +123,8 @@ const_item_cache= false; - with_flags= (with_flags & ~item_with_t::SUM_FUNC) | item_with_t::WINDOW_FUNC; + DBUG_ASSERT((bool) (with_flags & item_with_t::WINDOW_FUNC)); + with_flags&= ~item_with_t::SUM_FUNC; if (fix_length_and_dec(thd)) return TRUE; diff -Nru mariadb-11.8.6/sql/item_windowfunc.h mariadb-11.8.8/sql/item_windowfunc.h --- mariadb-11.8.6/sql/item_windowfunc.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/item_windowfunc.h 2026-05-24 09:58:32.000000000 +0000 @@ -1086,13 +1086,19 @@ : Item_func_or_sum(thd, (Item *) win_func), window_name(win_name), window_spec(NULL), force_return_blank(true), - read_value_from_result_field(false) {} + read_value_from_result_field(false) + { + with_flags|= item_with_t::WINDOW_FUNC; + } Item_window_func(THD *thd, Item_sum *win_func, Window_spec *win_spec) : Item_func_or_sum(thd, (Item *) win_func), window_name(NULL), window_spec(win_spec), force_return_blank(true), - read_value_from_result_field(false) {} + read_value_from_result_field(false) + { + with_flags|= item_with_t::WINDOW_FUNC; + } Item_sum *window_func() const { return (Item_sum *) args[0]; } diff -Nru mariadb-11.8.6/sql/json_table.cc mariadb-11.8.8/sql/json_table.cc --- mariadb-11.8.6/sql/json_table.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/json_table.cc 2026-05-24 09:58:32.000000000 +0000 @@ -540,7 +540,7 @@ { json_engine_t je; json_path_step_t *cur_step; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; int not_found; const uchar* node_start; const uchar* node_end; diff -Nru mariadb-11.8.6/sql/lex_ident.h mariadb-11.8.8/sql/lex_ident.h --- mariadb-11.8.6/sql/lex_ident.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/lex_ident.h 2026-05-24 09:58:32.000000000 +0000 @@ -128,6 +128,37 @@ DBUG_ASSERT(b.is_valid_ident()); return Compare().charset_info()->streq(*this, b); } + /* + Compare two identifiers safely, handling NULL and empty identifiers. + + Returns true if both are empty (length=0), false if one of them is empty. + Otherwise calls streq() for a deep character-set based comparison. + Treats "NULL identifier" and "empty identifier" as equal. + + Replacement for streq calls that resulted in UBSAN error: applying + zero/non-zero offset to null pointer. + */ + static bool streq_safe(const LEX_CSTRING &a, const LEX_CSTRING &b) + { + if (a.length == 0 || b.length == 0) + return a.length == b.length; + return Lex_ident::streq(a, b); + } + bool streq_safe(const LEX_CSTRING &rhs) const + { + DBUG_ASSERT(is_valid_ident()); + if (length == 0 || rhs.length == 0) + return length == rhs.length; + return streq(rhs); + } + bool streq_safe(const Lex_ident &b) const + { + DBUG_ASSERT(is_valid_ident()); + DBUG_ASSERT(b.is_valid_ident()); + if (length == 0 || b.length == 0) + return length == b.length; + return streq(b); + } }; extern MYSQL_PLUGIN_IMPORT CHARSET_INFO *table_alias_charset; diff -Nru mariadb-11.8.6/sql/log.cc mariadb-11.8.8/sql/log.cc --- mariadb-11.8.6/sql/log.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2922,7 +2922,8 @@ nonzero if not possible to get unique filename. */ -static int find_uniq_filename(char *name, ulong min_log_number_to_use, +static int find_uniq_filename(char *name, size_t name_size, + ulong min_log_number_to_use, ulong *last_used_log_number) { char buff[FN_REFLEN], ext_buf[FN_REFLEN]; @@ -2981,7 +2982,7 @@ } next= max_found + 1; - if (sprintf(ext_buf, "%06lu", next)<0) + if (snprintf(ext_buf, sizeof(ext_buf), "%06lu", next)<0) { error= 1; goto end; @@ -3002,7 +3003,7 @@ goto end; } - if (sprintf(end, "%06lu", next)<0) + if (snprintf(end, name + name_size - end, "%06lu", next)<0) { error= 1; goto end; @@ -3033,8 +3034,9 @@ { strmov(log_file_name, new_name); } - else if (!new_name && generate_new_name(log_file_name, log_name, - next_log_number)) + else if (!new_name && generate_new_name(log_file_name, + sizeof(log_file_name), + log_name, next_log_number)) return TRUE; return FALSE; @@ -3248,21 +3250,23 @@ } -int MYSQL_LOG::generate_new_name(char *new_name, const char *log_name, +int MYSQL_LOG::generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) { fn_format(new_name, log_name, mysql_data_home, "", 4); return 0; } -int MYSQL_BIN_LOG::generate_new_name(char *new_name, const char *log_name, +int MYSQL_BIN_LOG::generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) { fn_format(new_name, log_name, mysql_data_home, "", 4); if (!fn_ext(log_name)[0]) { if (DBUG_IF("binlog_inject_new_name_error") || - unlikely(find_uniq_filename(new_name, next_log_number, + unlikely(find_uniq_filename(new_name, name_size, next_log_number, &last_used_log_number))) { THD *thd= current_thd; @@ -3494,8 +3498,8 @@ my_b_write(&log_file, (uchar*) "\n", 1)) goto err; - sprintf(query_time_buff, "%.6f", ulonglong2double(query_utime)/1000000.0); - sprintf(lock_time_buff, "%.6f", ulonglong2double(lock_utime)/1000000.0); + snprintf(query_time_buff, sizeof(query_time_buff), "%.6f", ulonglong2double(query_utime)/1000000.0); + snprintf(lock_time_buff, sizeof(lock_time_buff), "%.6f", ulonglong2double(lock_utime)/1000000.0); if (my_b_printf(&log_file, "# Thread_id: %lu Schema: %s QC_hit: %s\n" "# Query_time: %s Lock_time: %s Rows_sent: %lu Rows_examined: %lu\n" @@ -3515,12 +3519,12 @@ { ha_handler_stats *stats= &thd->handler_stats; double tracker_frequency= timer_tracker_frequency(); - sprintf(query_time_buff, "%.4f", - 1000.0 * ulonglong2double(stats->pages_read_time)/ - tracker_frequency); - sprintf(lock_time_buff, "%.4f", - 1000.0 * ulonglong2double(stats->engine_time)/ - tracker_frequency); + snprintf(query_time_buff, sizeof(query_time_buff), "%.4f", + 1000.0 * ulonglong2double(stats->pages_read_time)/ + tracker_frequency); + snprintf(lock_time_buff, sizeof(lock_time_buff), "%.4f", + 1000.0 * ulonglong2double(stats->engine_time)/ + tracker_frequency); if (my_b_printf(&log_file, "# Pages_accessed: %lu Pages_read: %lu " @@ -4521,13 +4525,15 @@ error= reinit_io_cache(&index_file, READ_CACHE, (my_off_t) 0, 0, 0); DBUG_ASSERT(!error); + DBUG_EXECUTE_IF("simulate_find_log_pos_error", + error= LOG_INFO_EOF; + goto end; + ); for (;;) { size_t length; my_off_t offset= my_b_tell(&index_file); - DBUG_EXECUTE_IF("simulate_find_log_pos_error", - error= LOG_INFO_EOF; break;); /* If we get 0 or 1 characters, this is the end of the file */ if ((length= my_b_gets(&index_file, fname, FN_REFLEN)) <= 1) { @@ -6011,7 +6017,8 @@ We have to do this here and not in open as we want to store the new file name in the current binary log file. */ - if (unlikely((error= generate_new_name(new_name, name, 0)))) + if (unlikely((error= generate_new_name(new_name, sizeof(new_name), + name, 0)))) { mysql_mutex_unlock(&LOCK_index); DBUG_RETURN(error); @@ -8157,7 +8164,8 @@ if (errmsg) goto end; errmsg= rpl_global_gtid_binlog_state.drop_domain(domain_drop_lex, - glev, errbuf); + glev, errbuf, + sizeof(errbuf)); end: if (errmsg) diff -Nru mariadb-11.8.6/sql/log.h mariadb-11.8.8/sql/log.h --- mariadb-11.8.6/sql/log.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log.h 2026-05-24 09:58:32.000000000 +0000 @@ -327,7 +327,8 @@ const char *generate_name(const char *log_name, const char *suffix, bool strip_ext, char *buff); - virtual int generate_new_name(char *new_name, const char *log_name, + virtual int generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number); inline mysql_mutex_t* get_log_lock() { return &LOCK_log; } protected: @@ -916,7 +917,8 @@ int open(const char *opt_name) override; void close() override; - int generate_new_name(char *new_name, const char *log_name, + int generate_new_name(char *new_name, size_t name_size, + const char *log_name, ulong next_log_number) override; int log_and_order(THD *thd, my_xid xid, bool all, bool need_prepare_ordered, bool need_commit_ordered) override; diff -Nru mariadb-11.8.6/sql/log_event.cc mariadb-11.8.8/sql/log_event.cc --- mariadb-11.8.6/sql/log_event.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log_event.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1368,7 +1368,7 @@ case Q_GTID_FLAGS3: return "Q_GTID_FLAGS3"; case Q_CHARACTER_SET_COLLATIONS: return "Q_CHARACTER_SET_COLLATIONS"; } - sprintf(buf, "CODE#%d", code); + snprintf(buf, sizeof(buf), "CODE#%d", code); return buf; } #endif @@ -2303,7 +2303,7 @@ { options_written_to_bin_log= OPTION_AUTO_IS_NULL | OPTION_NOT_AUTOCOMMIT | OPTION_NO_FOREIGN_KEY_CHECKS | OPTION_RELAXED_UNIQUE_CHECKS | - OPTION_INSERT_HISTORY; + OPTION_INSERT_HISTORY | OPTION_NO_CHECK_CONSTRAINT_CHECKS; if (!server_version_split.version_is_valid() || server_version_split.kind == master_version_split::KIND_MYSQL || server_version_split < Version(10,5,2)) @@ -2489,8 +2489,10 @@ buf+= 2; long data_length= xid.bqual_length + xid.gtrid_length; - if (event_len < static_cast(buf - buf_0) + data_length) + if (event_len < static_cast(buf - buf_0) + data_length || + xid.gtrid_length > MAXGTRIDSIZE || xid.bqual_length > MAXBQUALSIZE) { + xid.formatID= -1; seq_no= 0; return; } diff -Nru mariadb-11.8.6/sql/log_event.h mariadb-11.8.8/sql/log_event.h --- mariadb-11.8.6/sql/log_event.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log_event.h 2026-05-24 09:58:32.000000000 +0000 @@ -551,7 +551,7 @@ #define OPTIONS_WRITTEN_TO_BIN_LOG (OPTION_EXPLICIT_DEF_TIMESTAMP |\ OPTION_AUTO_IS_NULL | OPTION_NO_FOREIGN_KEY_CHECKS | \ OPTION_RELAXED_UNIQUE_CHECKS | OPTION_NOT_AUTOCOMMIT | OPTION_IF_EXISTS |\ - OPTION_INSERT_HISTORY) + OPTION_INSERT_HISTORY | OPTION_NO_CHECK_CONSTRAINT_CHECKS) #define CHECKSUM_CRC32_SIGNATURE_LEN 4 /** @@ -2901,8 +2901,8 @@ @return the value of the buffer pointer */ -inline char *serialize_xid(char *buf, long fmt, long gln, long bln, - const char *dat) +inline char *serialize_xid(char *buf, size_t bufsize, long fmt, long gln, + long bln, const char *dat) { int i; char *c= buf; @@ -2934,7 +2934,7 @@ c+= 2; } c[0]= '\''; - sprintf(c+1, ",%lu", fmt); + snprintf(c + 1, bufsize - (size_t)(c + 1 - buf), ",%lu", fmt); return buf; } @@ -2955,7 +2955,8 @@ char buf[ser_buf_size]; char *serialize() { - return serialize_xid(buf, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf, sizeof(buf), formatID, gtrid_length, + bqual_length, data); } }; @@ -2966,7 +2967,8 @@ char *serialize(char *buf_arg) { - return serialize_xid(buf_arg, formatID, gtrid_length, bqual_length, data); + return serialize_xid(buf_arg, ser_buf_size, formatID, gtrid_length, + bqual_length, data); } char *serialize() { @@ -3018,9 +3020,9 @@ int do_commit() override; const char* get_query() override { - sprintf(query, - (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), - m_xid.serialize()); + snprintf(query, sizeof(query), + (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), + m_xid.serialize()); return query; } #endif diff -Nru mariadb-11.8.6/sql/log_event_client.cc mariadb-11.8.8/sql/log_event_client.cc --- mariadb-11.8.6/sql/log_event_client.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log_event_client.cc 2026-05-24 09:58:32.000000000 +0000 @@ -633,7 +633,7 @@ goto return_null; char tmp[320]; - sprintf(tmp, "%-20g", (double) get_float(ptr)); + snprintf(tmp, sizeof(tmp), "%-20g", (double) get_float(ptr)); my_b_printf(file, "%s", tmp); /* my_snprintf doesn't support %-20g */ return 4; } @@ -647,7 +647,7 @@ float8get(dbl, ptr); char tmp[320]; - sprintf(tmp, "%-.20g", dbl); /* strmake doesn't support %-20g */ + snprintf(tmp, sizeof(tmp), "%-.20g", dbl); /* strmake doesn't support %-20g */ my_b_printf(file, tmp, "%s"); return 8; } @@ -2506,7 +2506,7 @@ double real_val; char real_buf[FMT_G_BUFSIZE(14)]; float8get(real_val, val); - sprintf(real_buf, "%.14g", real_val); + snprintf(real_buf, sizeof(real_buf), "%.14g", real_val); if (my_b_printf(&cache, ":=%s%s\n", real_buf, print_event_info->delimiter)) goto err; @@ -2837,10 +2837,13 @@ sizeof(fmt_binlog2) + 3*PRINT_EVENT_INFO::max_delimiter_size; + size_t buf_alloc_size; + if (reinit_io_cache(cache, READ_CACHE, 0L, FALSE, FALSE)) goto err; - if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, (size_t)cache->end_of_file + fmt_size, + buf_alloc_size= (size_t)cache->end_of_file + fmt_size; + if (!(to->str= (char*) my_malloc(PSI_NOT_INSTRUMENTED, buf_alloc_size, MYF(0)))) { perror("Out of memory: can't allocate memory in " @@ -2869,38 +2872,45 @@ contribution of non-compressed packet. */ char *str= to->str; + const char *buf_end= to->str + buf_alloc_size; size_t add_to_len; - str += (to->length= sprintf(str, fmt_frag, 0)); + str += (to->length= snprintf(str, (size_t)(buf_end - str), fmt_frag, 0)); if (my_b_read(cache, (uchar*) str, (uint32) (cache_size/2 + 1))) goto err; str += (add_to_len = (uint32) (cache_size/2 + 1)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_n_delim, delimiter)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_n_delim, delimiter)); to->length += add_to_len; - str += (add_to_len= sprintf(str, fmt_frag, 1)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_frag, 1)); to->length += add_to_len; if (my_b_read(cache, (uchar*) str, uint32(cache->end_of_file - (cache_size/2 + 1)))) goto err; str += (add_to_len= uint32(cache->end_of_file - (cache_size/2 + 1))); to->length += add_to_len; { - str += (add_to_len= sprintf(str , fmt_delim, delimiter)); + str += (add_to_len= snprintf(str, (size_t)(buf_end - str), + fmt_delim, delimiter)); to->length += add_to_len; } - to->length += sprintf(str, fmt_binlog2, delimiter); + to->length += snprintf(str, (size_t)(buf_end - str), + fmt_binlog2, delimiter); } else { char *str= to->str; + const char *buf_end= to->str + buf_alloc_size; - str += (to->length= sprintf(str, str_binlog)); + str += (to->length= snprintf(str, (size_t)(buf_end - str), str_binlog)); if (my_b_read(cache, (uchar*) str, (size_t)cache->end_of_file)) goto err; str += cache->end_of_file; to->length += (size_t)cache->end_of_file; - to->length += sprintf(str , fmt_delim, delimiter); + to->length += snprintf(str, (size_t)(buf_end - str), + fmt_delim, delimiter); } reinit_io_cache(cache, WRITE_CACHE, 0, FALSE, TRUE); diff -Nru mariadb-11.8.6/sql/log_event_server.cc mariadb-11.8.8/sql/log_event_server.cc --- mariadb-11.8.6/sql/log_event_server.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/log_event_server.cc 2026-05-24 09:58:32.000000000 +0000 @@ -948,13 +948,13 @@ { buf.append(STRING_WITH_LEN("set ")); if (flags2 & OPTION_NO_FOREIGN_KEY_CHECKS) - buf.append(STRING_WITH_LEN("foreign_key_checks=1, ")); + buf.append(STRING_WITH_LEN("foreign_key_checks=0, ")); if (flags2 & OPTION_AUTO_IS_NULL) - buf.append(STRING_WITH_LEN("sql_auto_is_null, ")); + buf.append(STRING_WITH_LEN("sql_auto_is_null=1, ")); if (flags2 & OPTION_RELAXED_UNIQUE_CHECKS) - buf.append(STRING_WITH_LEN("unique_checks=1, ")); + buf.append(STRING_WITH_LEN("unique_checks=0, ")); if (flags2 & OPTION_NO_CHECK_CONSTRAINT_CHECKS) - buf.append(STRING_WITH_LEN("check_constraint_checks=1, ")); + buf.append(STRING_WITH_LEN("check_constraint_checks=0, ")); if (flags2 & OPTION_IF_EXISTS) buf.append(STRING_WITH_LEN("@@sql_if_exists=1, ")); if (flags2 & OPTION_INSERT_HISTORY) @@ -3123,7 +3123,7 @@ flags2 & FL_PREPARED_XA ? "XA START " : "BEGIN GTID ")); if (flags2 & FL_PREPARED_XA) { - p+= sprintf(p, "%s GTID ", xid.serialize()); + p+= snprintf(p, buf + sizeof(buf) - p, "%s GTID ", xid.serialize()); } p= longlong10_to_str(domain_id, p, 10); *p++= '-'; @@ -3224,7 +3224,7 @@ thd->lex->xid= &xid; thd->lex->xa_opt= XA_NONE; - sprintf(buf_xa, fmt, xid.serialize()); + snprintf(buf_xa, sizeof(buf_xa), fmt, xid.serialize()); thd->set_query_and_id(buf_xa, static_cast(strlen(buf_xa)), &my_charset_bin, next_query_id()); thd->lex->sql_command= SQLCOM_XA_START; @@ -3869,9 +3869,9 @@ { char query[sizeof("XA COMMIT ONE PHASE") + 1 + ser_buf_size]; - sprintf(query, - (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), - m_xid.serialize()); + snprintf(query, sizeof(query), + (one_phase ? "XA COMMIT %s ONE PHASE" : "XA PREPARE %s"), + m_xid.serialize()); protocol->store(query, strlen(query), &my_charset_bin); } @@ -4349,7 +4349,7 @@ { char buf[256]; uint length; - length= (uint) sprintf(buf, ";file_id=%u;block_len=%u", file_id, block_len); + length= (uint) snprintf(buf, sizeof(buf), ";file_id=%u;block_len=%u", file_id, block_len); protocol->store(buf, length, &my_charset_bin); } @@ -4458,7 +4458,7 @@ { char buf[64]; uint length; - length= (uint) sprintf(buf, ";file_id=%u", (uint) file_id); + length= (uint) snprintf(buf, sizeof(buf), ";file_id=%u", (uint) file_id); protocol->store(buf, (int32) length, &my_charset_bin); } #endif @@ -7656,17 +7656,17 @@ found. I can see no scenario where it would be incorrect to chose the row to change only using a PK or an UNNI. */ - if (find_flag == HA_READ_KEY_EXACT && table->key_info->flags & HA_NOSAME) + if (find_flag == HA_READ_KEY_EXACT && m_key_info->flags & HA_NOSAME) { /* Unique does not have non nullable part */ - if (!(table->key_info->flags & HA_NULL_PART_KEY)) + if (!(m_key_info->flags & HA_NULL_PART_KEY)) { error= 0; goto end; } else { - KEY *keyinfo= table->key_info; + KEY *keyinfo= m_key_info; /* Unique has nullable part. We need to check if there is any field in the BI image that is null and part of UNNI. diff -Nru mariadb-11.8.6/sql/mdl.h mariadb-11.8.8/sql/mdl.h --- mariadb-11.8.6/sql/mdl.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/mdl.h 2026-05-24 09:58:32.000000000 +0000 @@ -126,6 +126,11 @@ enum enum_mdl_type { /* This means that the MDL_request is not initialized */ + /* + TODO (newbie): should be MDL_NOT_INITIALIZED= 0, as it is strange + that not-inited request has MDL_INTENTION_EXCLUSIVE. + Must fix tests, as at least mysql_rm_table_no_locks() depends on this. + */ MDL_NOT_INITIALIZED= -1, /* An intention exclusive metadata lock (IX). Used only for scoped locks. @@ -382,6 +387,10 @@ Note that although there isn't metadata locking on triggers, it's necessary to have a separate namespace for them since MDL_key is also used outside of the MDL subsystem. + + TODO (newbie): NOT_INITIALIZED=0 as default bzero() sets wrongly type to + BACKUP. But dozens switch() cases for NOT_INITIALIZED must be added to + pacify the compiler. */ enum enum_mdl_namespace { BACKUP=0, SCHEMA, diff -Nru mariadb-11.8.6/sql/multi_range_read.cc mariadb-11.8.8/sql/multi_range_read.cc --- mariadb-11.8.6/sql/multi_range_read.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/multi_range_read.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1605,7 +1605,7 @@ void DsMrr_impl::redistribute_buffer_space(void *dsmrr_arg) { DsMrr_impl *dsmrr= (DsMrr_impl*)dsmrr_arg; - uchar *unused_start, *unused_end; + uchar *unused_start, *unused_end= nullptr; dsmrr->key_buffer->remove_unused_space(&unused_start, &unused_end); dsmrr->rowid_buffer.grow(unused_start, unused_end); } diff -Nru mariadb-11.8.6/sql/my_decimal.cc mariadb-11.8.8/sql/my_decimal.cc --- mariadb-11.8.6/sql/my_decimal.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/my_decimal.cc 2026-05-24 09:58:32.000000000 +0000 @@ -397,14 +397,16 @@ print_decimal(const my_decimal *dec) { int i, end; - char buff[512], *pos; + char buff[512], *pos, *buf_end; pos= buff; - pos+= sprintf(buff, "Decimal: sign: %d intg: %d frac: %d { ", - dec->sign(), dec->intg, dec->frac); + buf_end= buff + sizeof(buff); + pos+= snprintf(buff, sizeof(buff), + "Decimal: sign: %d intg: %d frac: %d { ", + dec->sign(), dec->intg, dec->frac); end= ROUND_UP(dec->frac)+ROUND_UP(dec->intg)-1; for (i=0; i < end; i++) - pos+= sprintf(pos, "%09d, ", dec->buf[i]); - pos+= sprintf(pos, "%09d }\n", dec->buf[i]); + pos+= snprintf(pos, buf_end - pos, "%09d, ", dec->buf[i]); + pos+= snprintf(pos, buf_end - pos, "%09d }\n", dec->buf[i]); fputs(buff, DBUG_FILE); } diff -Nru mariadb-11.8.6/sql/my_json_writer.cc mariadb-11.8.8/sql/my_json_writer.cc --- mariadb-11.8.6/sql/my_json_writer.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/my_json_writer.cc 2026-05-24 09:58:32.000000000 +0000 @@ -212,7 +212,7 @@ } -/* Add a memory size, printing in Kb, Mb if necessary */ +/* Add a memory size, printing in KiB, MiB if necessary */ void Json_writer::add_size(longlong val) { char buf[64]; @@ -220,10 +220,10 @@ if (val < 1024) len= my_snprintf(buf, sizeof(buf), "%lld", val); else if (val < 1024*1024*16) - /* Values less than 16MB are specified in KB for precision */ - len= my_snprintf(buf, sizeof(buf), "%lldKb", val/1024); + /* Values less than 16MB are specified in KiB for precision */ + len= my_snprintf(buf, sizeof(buf), "%lldKiB", val/1024); else - len= my_snprintf(buf, sizeof(buf), "%lldMb", val/(1024*1024)); + len= my_snprintf(buf, sizeof(buf), "%lldMiB", val/(1024*1024)); add_str(buf, len); } @@ -326,6 +326,8 @@ size_t len) { DBUG_ASSERT(state== INACTIVE || state == DISABLED); + if (memchr(name, 0, len)) + return false; if (state != DISABLED) { // remove everything from the array @@ -389,6 +391,12 @@ { if (state == IN_ARRAY) { + if (memchr(str, 0, len)) + { + disable_and_flush(); + return false; + } + // New length will be: // "$string", // quote + quote + comma + space = 4 @@ -485,4 +493,3 @@ buf_ptr= buffer; state= INACTIVE; } - diff -Nru mariadb-11.8.6/sql/my_json_writer.h mariadb-11.8.8/sql/my_json_writer.h --- mariadb-11.8.6/sql/my_json_writer.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/my_json_writer.h 2026-05-24 09:58:32.000000000 +0000 @@ -32,7 +32,11 @@ #else #include "sql_class.h" // For class THD #include "log.h" // for sql_print_error +#ifndef NDEBUG #define VALIDITY_ASSERT(x) DBUG_ASSERT(x) +#else +#define VALIDITY_ASSERT(x) do { } while (0) +#endif #endif #include @@ -523,8 +527,12 @@ } Json_writer_object& add(const char *name, const char *value, size_t num_bytes) { - add_member(name); - context.add_str(value, num_bytes); + DBUG_ASSERT(!closed); + if (my_writer) + { + add_member(name); + context.add_str(value, num_bytes); + } return *this; } Json_writer_object& add(const char *name, const LEX_CSTRING &value) diff -Nru mariadb-11.8.6/sql/mysql_upgrade_service.cc mariadb-11.8.8/sql/mysql_upgrade_service.cc --- mariadb-11.8.6/sql/mysql_upgrade_service.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/mysql_upgrade_service.cc 2026-05-24 09:58:32.000000000 +0000 @@ -373,10 +373,11 @@ */ sprintf_s(service_properties.inifile, MAX_PATH, "%s\\my.ini", service_properties.datadir); } - sprintf(defaults_file_param, "--defaults-file=%s", service_properties.inifile); + snprintf(defaults_file_param, sizeof(defaults_file_param), + "--defaults-file=%s", service_properties.inifile); } /* - Change service configuration (binPath) to point to mysqld from + Change service configuration (binPath) to point to mysqld from this installation. */ static void change_service_config() @@ -407,7 +408,8 @@ */ WritePrivateProfileString("mysqld", "basedir",NULL, service_properties.inifile); - sprintf(defaults_file_param,"--defaults-file=%s", service_properties.inifile); + snprintf(defaults_file_param, sizeof(defaults_file_param), + "--defaults-file=%s", service_properties.inifile); sprintf_s(commandline, "\"%s\" \"%s\" \"%s\"", mysqld_path, defaults_file_param, opt_service); if (!ChangeServiceConfig(service, SERVICE_NO_CHANGE, SERVICE_NO_CHANGE, diff -Nru mariadb-11.8.6/sql/mysqld.cc mariadb-11.8.8/sql/mysqld.cc --- mariadb-11.8.6/sql/mysqld.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/mysqld.cc 2026-05-24 09:58:32.000000000 +0000 @@ -338,7 +338,7 @@ static bool lower_case_table_names_used= 0; static bool volatile select_thread_in_use, signal_thread_in_use; static my_bool opt_debugging= 0, opt_external_locking= 0, opt_console= 0; -static my_bool opt_short_log_format= 0, opt_silent_startup= 0; +static my_bool opt_short_log_format= 0; ulong max_used_connections; time_t max_used_connections_time; @@ -361,6 +361,7 @@ Thread_cache thread_cache; static bool binlog_format_used= false; LEX_STRING opt_init_connect, opt_init_slave; +mysql_cond_t COND_slave_deadlock_handler; static DYNAMIC_ARRAY all_options; static longlong start_memory_used; @@ -374,6 +375,7 @@ my_bool opt_log, debug_assert_if_crashed_table= 0, opt_help= 0; my_bool debug_assert_on_not_freed_memory= 0; my_bool disable_log_notes, opt_support_flashback= 0; +my_bool opt_silent_startup= 0; static my_bool opt_abort; ulonglong log_output_options; my_bool opt_userstat_running; @@ -749,7 +751,8 @@ LOCK_crypt, LOCK_global_system_variables, LOCK_user_conn, - LOCK_error_messages; + LOCK_error_messages, + LOCK_slave_deadlock_handler; mysql_mutex_t LOCK_stats, LOCK_global_user_client_stats, LOCK_global_table_stats, LOCK_global_index_stats; @@ -980,7 +983,8 @@ PSI_mutex_key key_LOCK_gtid_waiting; PSI_mutex_key key_LOCK_after_binlog_sync; -PSI_mutex_key key_LOCK_prepare_ordered, key_LOCK_commit_ordered; +PSI_mutex_key key_LOCK_prepare_ordered, key_LOCK_commit_ordered, + key_LOCK_slave_deadlock_handler; PSI_mutex_key key_TABLE_SHARE_LOCK_share; PSI_mutex_key key_TABLE_SHARE_LOCK_statistics; PSI_mutex_key key_LOCK_ack_receiver; @@ -1061,6 +1065,7 @@ { &key_LOCK_prepare_ordered, "LOCK_prepare_ordered", PSI_FLAG_GLOBAL}, { &key_LOCK_after_binlog_sync, "LOCK_after_binlog_sync", PSI_FLAG_GLOBAL}, { &key_LOCK_commit_ordered, "LOCK_commit_ordered", PSI_FLAG_GLOBAL}, + { &key_LOCK_slave_deadlock_handler, "LOCK_slave_deadlock_handler", PSI_FLAG_GLOBAL}, { &key_PARTITION_LOCK_auto_inc, "HA_DATA_PARTITION::LOCK_auto_inc", 0}, { &key_LOCK_slave_state, "LOCK_slave_state", 0}, { &key_LOCK_start_thread, "LOCK_start_thread", PSI_FLAG_GLOBAL}, @@ -1129,7 +1134,7 @@ PSI_cond_key key_COND_rpl_thread_queue, key_COND_rpl_thread, key_COND_rpl_thread_stop, key_COND_rpl_thread_pool, key_COND_parallel_entry, key_COND_group_commit_orderer, - key_COND_prepare_ordered; + key_COND_prepare_ordered, key_COND_slave_deadlock_handler; PSI_cond_key key_COND_wait_gtid, key_COND_gtid_ignore_duplicates; PSI_cond_key key_COND_ack_receiver; @@ -1175,6 +1180,7 @@ { &key_COND_parallel_entry, "COND_parallel_entry", 0}, { &key_COND_group_commit_orderer, "COND_group_commit_orderer", 0}, { &key_COND_prepare_ordered, "COND_prepare_ordered", 0}, + { &key_COND_slave_deadlock_handler, "COND_slave_deadlock_handler", 0}, { &key_COND_start_thread, "COND_start_thread", PSI_FLAG_GLOBAL}, { &key_COND_wait_gtid, "COND_wait_gtid", 0}, { &key_COND_gtid_ignore_duplicates, "COND_gtid_ignore_duplicates", 0}, @@ -1186,7 +1192,7 @@ PSI_thread_key key_thread_delayed_insert, key_thread_handle_manager, key_thread_main, key_thread_one_connection, key_thread_signal_hand, - key_thread_slave_background, key_rpl_parallel_thread; + key_thread_slave_deadlock_handler, key_rpl_parallel_thread; PSI_thread_key key_thread_ack_receiver; static PSI_thread_info all_server_threads[]= @@ -1196,7 +1202,7 @@ { &key_thread_main, "main", PSI_FLAG_GLOBAL}, { &key_thread_one_connection, "one_connection", 0}, { &key_thread_signal_hand, "signal_handler", PSI_FLAG_GLOBAL}, - { &key_thread_slave_background, "slave_bg", PSI_FLAG_GLOBAL}, + { &key_thread_slave_deadlock_handler, "slave_deadlock_handler", PSI_FLAG_GLOBAL}, { &key_thread_ack_receiver, "Ack_receiver", PSI_FLAG_GLOBAL}, { &key_rpl_parallel_thread, "rpl_parallel", 0} }; @@ -1953,6 +1959,11 @@ shutdown_performance_schema(); // we do it as late as possible #endif set_malloc_size_cb(NULL); +#ifdef HAVE_OPENSSL +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + OPENSSL_cleanup(); +#endif +#endif if (global_status_var.global_memory_used) fprintf(stderr, "Warning: Internal memory accounting error of %lld bytes\n", (longlong) global_status_var.global_memory_used); @@ -2180,6 +2191,8 @@ mysql_cond_destroy(&COND_prepare_ordered); mysql_mutex_destroy(&LOCK_after_binlog_sync); mysql_mutex_destroy(&LOCK_commit_ordered); + mysql_mutex_destroy(&LOCK_slave_deadlock_handler); + mysql_cond_destroy(&COND_slave_deadlock_handler); #ifndef EMBEDDED_LIBRARY mysql_mutex_destroy(&LOCK_error_log); #endif @@ -2490,8 +2503,8 @@ { char buff[100]; int s_errno= socket_errno; - sprintf(buff, "Can't start server: Bind on TCP/IP port. Got error: %d", - (int) s_errno); + snprintf(buff, sizeof(buff), "Can't start server: Bind on TCP/IP port. Got error: %d", + (int) s_errno); sql_perror(buff); /* Linux will quite happily bind to addresses not present. The @@ -2689,6 +2702,57 @@ } +#ifdef HAVE_SYS_UN_H +/* + Unlink an existing Unix socket file if no process is listening + on it, or abort startup if the socket is still active. +*/ +static void unlink_socket_or_abort(const char *path) +{ + struct sockaddr_un addr; + MY_STAT stat_buf; + int fd; + + if (!my_stat(path, &stat_buf, MYF(0))) + return; + + if (!S_ISSOCK(stat_buf.st_mode)) + goto do_unlink; + + fd= socket(AF_UNIX, SOCK_STREAM, 0); + if (fd < 0) + { + sql_print_error("Cannot create a socket: %iE. Aborting.", + errno); + unireg_abort(1); + } + + bzero((char*) &addr, sizeof(addr)); + addr.sun_family= AF_UNIX; + strmov(addr.sun_path, path); + if (connect(fd, (struct sockaddr *) &addr, sizeof(addr)) == 0) + { + close(fd); + sql_print_error("Another process is already listening " + "on the socket file '%s'. Aborting.", + path); + unireg_abort(1); + } + if (errno != ECONNREFUSED && errno != ENOENT) + { + close(fd); + sql_print_error("Error checking socket file '%s': %iE. " + "Aborting.", path, errno); + unireg_abort(1); + } + close(fd); + +do_unlink: + (void) unlink(path); +} +#endif /* HAVE_SYS_UN_H */ + + static void network_init(void) { #ifdef HAVE_SYS_UN_H @@ -2766,7 +2830,7 @@ else #endif { - (void) unlink(mysqld_unix_port); + unlink_socket_or_abort(mysqld_unix_port); port_len= sizeof(UNIXaddr); } arg= 1; @@ -4536,6 +4600,9 @@ MY_MUTEX_INIT_SLOW); mysql_mutex_init(key_LOCK_commit_ordered, &LOCK_commit_ordered, MY_MUTEX_INIT_SLOW); + mysql_mutex_init(key_LOCK_slave_deadlock_handler, &LOCK_slave_deadlock_handler, + MY_MUTEX_INIT_SLOW); + mysql_cond_init(key_COND_slave_deadlock_handler, &COND_slave_deadlock_handler, NULL); mysql_mutex_init(key_LOCK_backup_log, &LOCK_backup_log, MY_MUTEX_INIT_FAST); mysql_mutex_init(key_LOCK_optimizer_costs, &LOCK_optimizer_costs, MY_MUTEX_INIT_FAST); @@ -6149,6 +6216,12 @@ mysqld_port, MYSQL_COMPILATION_COMMENT); } +#ifdef HAVE_PAUSE_INSTRUCTION + if (global_system_variables.log_warnings > 2) + sql_print_information("Using PAUSE multiplier %u", + my_cpu_relax_multiplier); +#endif + #ifndef _WIN32 // try to keep fd=0 busy if (please_close_stdin && !freopen("/dev/null", "r", stdin)) @@ -6180,11 +6253,7 @@ my_free(user); #ifdef WITH_WSREP - /* Stop wsrep threads in case they are running. */ - if (wsrep_running_threads > 0) - { - wsrep_shutdown_replication(); - } + wsrep_shutdown(); /* Release threads if they are waiting in WSREP_SYNC_WAIT_UPTO_GTID */ wsrep_gtid_server.signal_waiters(0, true); #endif @@ -6911,8 +6980,10 @@ "Show user and password in SHOW SLAVE HOSTS on this master", &opt_show_slave_auth_info, &opt_show_slave_auth_info, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, - {"silent-startup", OPT_SILENT, "Don't print [Note] to the error log during startup", - &opt_silent_startup, &opt_silent_startup, 0, GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, + {"silent-startup", OPT_SILENT, "Don't print [Note] or failed plugin_loads " + "to the error log during startup", + &opt_silent_startup, &opt_silent_startup, 0, + GET_BOOL, NO_ARG, 0, 0, 0, 0, 0, 0}, {"skip-host-cache", OPT_SKIP_HOST_CACHE, "Don't cache host names", 0, 0, 0, GET_NO_ARG, NO_ARG, 0, 0, 0, 0, 0, 0}, {"skip-slave-start", 0, @@ -7130,7 +7201,8 @@ get_master_info(&thd->variables.default_master_connection, Sql_condition::WARN_LEVEL_NOTE)) { - sprintf(static_cast(buff), "%.3f", mi->heartbeat_period); + snprintf(static_cast(buff), SHOW_VAR_FUNC_BUFF_SIZE, "%.3f", + mi->heartbeat_period); mi->release(); var->type= SHOW_CHAR; var->value= buff; @@ -7149,7 +7221,7 @@ var->type= SHOW_CHAR; var->value= buff; - get_date(static_cast(buff), + get_date(static_cast(buff), SHOW_VAR_FUNC_BUFF_SIZE, GETDATE_DATE_TIME | GETDATE_FIXEDLENGTH, max_used_connections_time); return 0; } @@ -7920,14 +7992,15 @@ static void usage(void) { DBUG_ENTER("usage"); - myf utf8_flag= global_system_variables.old_behavior & - OLD_MODE_UTF8_IS_UTF8MB3 ? MY_UTF8_IS_UTF8MB3 : 0; - if (!(default_charset_info= get_charset_by_csname(default_character_set_name, - MY_CS_PRIMARY, - MYF(utf8_flag | MY_WME)))) - exit(1); if (!default_collation_name) - default_collation_name= (char*) default_charset_info->coll_name.str; + { + myf utf8_flag= global_system_variables.old_behavior & + OLD_MODE_UTF8_IS_UTF8MB3 ? MY_UTF8_IS_UTF8MB3 : 0; + default_charset_info= get_charset_by_csname(default_character_set_name, + MY_CS_PRIMARY, MYF(utf8_flag | MY_WME)); + if (default_charset_info) + default_collation_name= (char*) default_charset_info->coll_name.str; + } print_version(); puts(ORACLE_WELCOME_COPYRIGHT_NOTICE("2000")); puts("Starts the MariaDB database server.\n"); diff -Nru mariadb-11.8.6/sql/mysqld.h mariadb-11.8.8/sql/mysqld.h --- mariadb-11.8.6/sql/mysqld.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/mysqld.h 2026-05-24 09:58:32.000000000 +0000 @@ -122,6 +122,7 @@ extern my_bool opt_safe_user_create; extern my_bool opt_local_infile, opt_myisam_use_mmap; extern my_bool opt_slave_compressed_protocol, use_temp_pool; +extern my_bool opt_silent_startup; extern ulong slave_exec_mode_options, slave_ddl_exec_mode_options; extern ulong slave_retried_transactions; extern ulong transactions_multi_engine; @@ -386,7 +387,7 @@ extern PSI_thread_key key_thread_delayed_insert, key_thread_handle_manager, key_thread_main, key_thread_one_connection, key_thread_signal_hand, - key_thread_slave_background, key_rpl_parallel_thread; + key_thread_slave_deadlock_handler, key_rpl_parallel_thread; extern PSI_file_key key_file_binlog, key_file_binlog_cache, key_file_binlog_index, key_file_binlog_index_cache, key_file_casetest, @@ -717,7 +718,8 @@ LOCK_error_log, LOCK_delayed_insert, LOCK_short_uuid_generator, LOCK_delayed_status, LOCK_delayed_create, LOCK_crypt, LOCK_timezone, LOCK_active_mi, LOCK_manager, LOCK_user_conn, - LOCK_prepared_stmt_count, LOCK_error_messages, LOCK_backup_log, + LOCK_prepared_stmt_count, LOCK_error_messages, + LOCK_slave_deadlock_handler, LOCK_backup_log, LOCK_optimizer_costs; extern MYSQL_PLUGIN_IMPORT mysql_mutex_t LOCK_global_system_variables; extern mysql_rwlock_t LOCK_all_status_vars; @@ -729,6 +731,7 @@ extern mysql_prlock_t LOCK_system_variables_hash; extern mysql_cond_t COND_start_thread; extern mysql_cond_t COND_manager; +extern mysql_cond_t COND_slave_deadlock_handler; extern my_bool opt_use_ssl; extern char *opt_ssl_ca, *opt_ssl_capath, *opt_ssl_cert, *opt_ssl_cipher, diff -Nru mariadb-11.8.6/sql/opt_range.cc mariadb-11.8.8/sql/opt_range.cc --- mariadb-11.8.6/sql/opt_range.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/opt_range.cc 2026-05-24 09:58:32.000000000 +0000 @@ -15726,6 +15726,9 @@ else num_groups= records; + DBUG_ASSERT(keys_per_group > 0); + DBUG_ASSERT(num_groups > 0); + /* Apply the selectivity of the quick select for group prefixes. */ if (range_tree && (quick_prefix_records != HA_POS_ERROR)) { diff -Nru mariadb-11.8.6/sql/opt_subselect.cc mariadb-11.8.8/sql/opt_subselect.cc --- mariadb-11.8.6/sql/opt_subselect.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/opt_subselect.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4792,13 +4792,14 @@ temp_pool_slot = temp_pool_set_next(); if (temp_pool_slot != MY_BIT_NONE) // we got a slot - sprintf(path, "%s-subquery-%lx-%i", tmp_file_prefix, - current_pid, temp_pool_slot); + snprintf(path, sizeof(path), "%s-subquery-%lx-%i", tmp_file_prefix, + current_pid, temp_pool_slot); else { /* if we run out of slots or we are not using tempool */ - sprintf(path,"%s-subquery-%lx-%lx-%x", tmp_file_prefix,current_pid, - (ulong) thd->thread_id, thd->tmp_table++); + snprintf(path, sizeof(path), "%s-subquery-%lx-%lx-%x", + tmp_file_prefix, current_pid, + (ulong) thd->thread_id, thd->tmp_table++); } fn_format(path, path, mysql_tmpdir, "", MY_REPLACE_EXT|MY_UNPACK_FILENAME); @@ -5122,7 +5123,7 @@ } // 3. Put the rowids - for (uint i=0; tab != tab_end; tab++, i++) + for (; tab != tab_end; tab++) { handler *h= tab->join_tab->table->file; if (tab->join_tab->table->maybe_null && tab->join_tab->table->null_row) @@ -7083,7 +7084,7 @@ NULL if the matching Field_pair wasn't found. */ -Field_pair *find_matching_field_pair(Item *item, List pair_list) +Field_pair *find_matching_field_pair(Item *item, List &pair_list) { Field_pair *field_pair= get_corresponding_field_pair(item, pair_list); if (field_pair) diff -Nru mariadb-11.8.6/sql/opt_trace.cc mariadb-11.8.8/sql/opt_trace.cc --- mariadb-11.8.6/sql/opt_trace.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/opt_trace.cc 2026-05-24 09:58:32.000000000 +0000 @@ -23,6 +23,7 @@ #include "set_var.h" #include "my_json_writer.h" #include "sp_head.h" +#include "item_jsonfunc.h" #include "rowid_filter.h" @@ -126,7 +127,18 @@ The output is not very pretty lots of back-ticks, the output is as the one in explain extended , lets try to improved it here. */ - writer->add("expanded_query", str.c_ptr_safe(), str.length()); + + StringBuffer<1024> escaped_str(system_charset_info); + if (st_append_escaped(&escaped_str, &str) == 0) + { + writer->add("expanded_query", escaped_str.c_ptr_safe(), + escaped_str.length()); + } + else + { + writer->add("expanded_query", + "Error: failed to escape query string for JSON output"); + } } void opt_trace_disable_if_no_security_context_access(THD *thd) diff -Nru mariadb-11.8.6/sql/password.c mariadb-11.8.8/sql/password.c --- mariadb-11.8.6/sql/password.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/password.c 2026-05-24 09:58:32.000000000 +0000 @@ -122,7 +122,8 @@ { ulong hash_res[2]; hash_password(hash_res, password, (uint) pass_len); - sprintf(to, "%08lx%08lx", hash_res[0], hash_res[1]); + snprintf(to, SCRAMBLED_PASSWORD_CHAR_LENGTH_323 + 1, + "%08lx%08lx", hash_res[0], hash_res[1]); } @@ -270,7 +271,8 @@ void make_password_from_salt_323(char *to, const ulong *salt) { - sprintf(to,"%08lx%08lx", salt[0], salt[1]); + snprintf(to, SCRAMBLED_PASSWORD_CHAR_LENGTH_323 + 1, + "%08lx%08lx", salt[0], salt[1]); } diff -Nru mariadb-11.8.6/sql/privilege.h mariadb-11.8.8/sql/privilege.h --- mariadb-11.8.6/sql/privilege.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/privilege.h 2026-05-24 09:58:32.000000000 +0000 @@ -660,6 +660,7 @@ constexpr privilege_t PRIV_STMT_ALTER_SERVER= FEDERATED_ADMIN_ACL; // Was SUPER_ACL prior to 10.5.2 constexpr privilege_t PRIV_STMT_DROP_SERVER= FEDERATED_ADMIN_ACL; +constexpr privilege_t PRIV_STMT_SHOW_CREATE_SERVER= FEDERATED_ADMIN_ACL; /* Privileges related to processes */ diff -Nru mariadb-11.8.6/sql/protocol.cc mariadb-11.8.8/sql/protocol.cc --- mariadb-11.8.6/sql/protocol.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/protocol.cc 2026-05-24 09:58:32.000000000 +0000 @@ -271,7 +271,7 @@ if (unlikely(server_status & SERVER_SESSION_STATE_CHANGED)) { - store.set_charset(thd->variables.collation_database); + store.set_charset(&my_charset_bin); thd->session_tracker.store(thd, &store); thd->server_status&= ~SERVER_SESSION_STATE_CHANGED; } @@ -1814,6 +1814,10 @@ char *to= packet->prep_append(4, PACKET_BUFFER_EXTRA_ALLOC); if (!to) return 1; + if (from == 0.0) + { + from= 0.0; // correct negative zero + } float4store(to, from); return 0; } @@ -1825,6 +1829,10 @@ char *to= packet->prep_append(8, PACKET_BUFFER_EXTRA_ALLOC); if (!to) return 1; + if (from == 0.0) + { + from= 0.0; // correct negative zero + } float8store(to, from); return 0; } diff -Nru mariadb-11.8.6/sql/proxy_protocol.cc mariadb-11.8.8/sql/proxy_protocol.cc --- mariadb-11.8.6/sql/proxy_protocol.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/proxy_protocol.cc 2026-05-24 09:58:32.000000000 +0000 @@ -129,11 +129,15 @@ switch (fam) { case 0x11: /* TCPv4 */ + if (len < 25) + return -1; sin->sin_family= AF_INET; memcpy(&(sin->sin_addr), hdr + 16, 4); peer_info->port= (hdr[24] << 8) + hdr[25]; break; case 0x21: /* TCPv6 */ + if (len < 49) + return -1; sin6->sin6_family= AF_INET6; memcpy(&(sin6->sin6_addr), hdr + 16, 16); peer_info->port= (hdr[48] << 8) + hdr[49]; @@ -195,7 +199,7 @@ if (have_v1_header) { /* Read until end of header (newline character)*/ - while(pos < sizeof(hdr)) + while(pos < sizeof(hdr) - 1) { long len= (long)vio_read(vio, hdr + pos, 1); if (len < 0) @@ -204,6 +208,7 @@ if (hdr[pos-1] == '\n') break; } + DBUG_ASSERT(pos < sizeof(hdr)); hdr[pos]= 0; if (parse_v1_header((char *)hdr, pos, peer_info)) @@ -217,7 +222,7 @@ if (len < 0) return -1; // 2 last bytes are the length in network byte order of the part following header - ushort trail_len= ((ushort)hdr[PROXY_V2_HEADER_LEN-2] >> 8) + hdr[PROXY_V2_HEADER_LEN-1]; + ushort trail_len= ((ushort)hdr[PROXY_V2_HEADER_LEN-2] << 8) + hdr[PROXY_V2_HEADER_LEN-1]; if (trail_len > sizeof(hdr) - PROXY_V2_HEADER_LEN) return -1; if (trail_len > 0) @@ -303,6 +308,8 @@ subnet->bits= 0; return 0; } + else + return -1; char *pmask= strchr(addr_str, '/'); if (!pmask) @@ -363,7 +370,7 @@ goto end; } - max_subnets= MY_MAX(3,strlen(subnets_str)/2); + max_subnets= MY_MAX(3,strlen(subnets_str)/3+1); subnets= (subnet *)my_malloc(PSI_INSTRUMENT_ME, max_subnets * sizeof(subnet), MY_ZEROFILL); diff -Nru mariadb-11.8.6/sql/rpl_gtid.cc mariadb-11.8.8/sql/rpl_gtid.cc --- mariadb-11.8.6/sql/rpl_gtid.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/rpl_gtid.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2315,7 +2315,7 @@ const char* rpl_binlog_state::drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, - char* errbuf) + char* errbuf, size_t errbuf_size) { DYNAMIC_ARRAY domain_unique; // sequece (unsorted) of unique element*:s rpl_binlog_state::element* domain_unique_buffer[16]; @@ -2351,21 +2351,21 @@ rpl_gtid* rb_state_gtid= find_nolock(glev->list[l].domain_id, glev->list[l].server_id); if (!rb_state_gtid) - sprintf(errbuf, - "missing gtids from the '%u-%u' domain-server pair which is " - "referred to in the gtid list describing an earlier state. Ignore " - "if the domain ('%u') was already explicitly deleted", - glev->list[l].domain_id, glev->list[l].server_id, - glev->list[l].domain_id); + snprintf(errbuf, errbuf_size, + "missing gtids from the '%u-%u' domain-server pair which is " + "referred to in the gtid list describing an earlier state. Ignore " + "if the domain ('%u') was already explicitly deleted", + glev->list[l].domain_id, glev->list[l].server_id, + glev->list[l].domain_id); else if (rb_state_gtid->seq_no < glev->list[l].seq_no) - sprintf(errbuf, - "having a gtid '%u-%u-%llu' which is less than " - "the '%u-%u-%llu' of the gtid list describing an earlier state. " - "The state may have been affected by manually injecting " - "a lower sequence number gtid or via replication", - rb_state_gtid->domain_id, rb_state_gtid->server_id, - rb_state_gtid->seq_no, glev->list[l].domain_id, - glev->list[l].server_id, glev->list[l].seq_no); + snprintf(errbuf, errbuf_size, + "having a gtid '%u-%u-%llu' which is less than " + "the '%u-%u-%llu' of the gtid list describing an earlier state. " + "The state may have been affected by manually injecting " + "a lower sequence number gtid or via replication", + rb_state_gtid->domain_id, rb_state_gtid->server_id, + rb_state_gtid->seq_no, glev->list[l].domain_id, + glev->list[l].server_id, glev->list[l].seq_no); if (strlen(errbuf)) // use strlen() as cheap flag push_warning_printf(current_thd, Sql_condition::WARN_LEVEL_WARN, ER_BINLOG_CANT_DELETE_GTID_DOMAIN, @@ -2412,9 +2412,10 @@ if (!all_found) { - sprintf(errbuf, "binlog files may contain gtids from the domain ('%u') " - "being deleted. Make sure to first purge those files", - *ptr_domain_id); + snprintf(errbuf, errbuf_size, + "binlog files may contain gtids from the domain ('%u') " + "being deleted. Make sure to first purge those files", + *ptr_domain_id); errmsg= errbuf; goto end; } diff -Nru mariadb-11.8.6/sql/rpl_gtid.h mariadb-11.8.8/sql/rpl_gtid.h --- mariadb-11.8.6/sql/rpl_gtid.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/rpl_gtid.h 2026-05-24 09:58:32.000000000 +0000 @@ -370,7 +370,8 @@ bool append_state(String *str); rpl_gtid *find(uint32 domain_id, uint32 server_id); rpl_gtid *find_most_recent(uint32 domain_id); - const char* drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, char*); + const char* drop_domain(DYNAMIC_ARRAY *ids, Gtid_list_log_event *glev, + char*, size_t errbuf_size); }; diff -Nru mariadb-11.8.6/sql/rpl_mi.cc mariadb-11.8.8/sql/rpl_mi.cc --- mariadb-11.8.6/sql/rpl_mi.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/rpl_mi.cc 2026-05-24 09:58:32.000000000 +0000 @@ -50,6 +50,8 @@ { char *tmp; host[0] = 0; user[0] = 0; password[0] = 0; + master_log_pos = 0; + master_log_name[0] = 0; ssl_ca[0]= 0; ssl_capath[0]= 0; ssl_cert[0]= 0; ssl_cipher[0]= 0; ssl_key[0]= 0; ssl_crl[0]= 0; ssl_crlpath[0]= 0; @@ -453,7 +455,8 @@ } mi->fd = fd; - int port, connect_retry, master_log_pos, lines; + int port, connect_retry, lines; + ulonglong master_log_pos; int ssl= 0, ssl_verify_server_cert= 0; float master_heartbeat_period= 0.0; char *first_non_digit; @@ -501,7 +504,7 @@ else lines= 7; - if (init_intvar_from_file(&master_log_pos, &mi->file, 4) || + if (init_ulonglongvar_from_file(&master_log_pos, &mi->file, 4) || init_strvar_from_file(mi->host, sizeof(mi->host), &mi->file, 0) || init_strvar_from_file(mi->user, sizeof(mi->user), &mi->file, "test") || init_strvar_from_file(mi->password, sizeof(mi->password), @@ -765,19 +768,21 @@ */ char* ignore_server_ids_buf; { + size_t ignore_buf_size= + (sizeof(global_system_variables.server_id) * 3 + 1) * + (1 + mi->ignore_server_ids.elements); ignore_server_ids_buf= - (char *) my_malloc(PSI_INSTRUMENT_ME, - (sizeof(global_system_variables.server_id) * 3 + 1) * - (1 + mi->ignore_server_ids.elements), MYF(MY_WME)); + (char *) my_malloc(PSI_INSTRUMENT_ME, ignore_buf_size, MYF(MY_WME)); if (!ignore_server_ids_buf) DBUG_RETURN(1); /* error */ - ulong cur_len= sprintf(ignore_server_ids_buf, "%zu", - mi->ignore_server_ids.elements); + ulong cur_len= snprintf(ignore_server_ids_buf, ignore_buf_size, + "%zu", mi->ignore_server_ids.elements); for (ulong i= 0; i < mi->ignore_server_ids.elements; i++) { ulong s_id; get_dynamic(&mi->ignore_server_ids, (uchar*) &s_id, i); - cur_len+= sprintf(ignore_server_ids_buf + cur_len, " %lu", s_id); + cur_len+= snprintf(ignore_server_ids_buf + cur_len, + ignore_buf_size - cur_len, " %lu", s_id); } } @@ -1967,7 +1972,7 @@ return NULL; // Store the total number of elements followed by the individual elements. - size_t cur_len= sprintf(buf, "%zu", ids->elements); + size_t cur_len= snprintf(buf, sz, "%zu", ids->elements); sz-= cur_len; for (uint i= 0; i < ids->elements; i++) @@ -2011,17 +2016,17 @@ ulong id, len; char dbuff[FN_REFLEN]; get_dynamic(ids, (void *) &id, i); - len= sprintf(dbuff, (i == 0 ? "%lu" : ", %lu"), id); + len= snprintf(dbuff, sizeof(dbuff), (i == 0 ? "%lu" : ", %lu"), id); if (cur_len + len + 4 > buff_len) { /* break the loop whenever remained space could not fit ellipses on the next cycle */ - cur_len+= sprintf(dbuff + cur_len, "..."); + cur_len+= snprintf(dbuff + cur_len, sizeof(dbuff) - cur_len, "..."); break; } - cur_len+= sprintf(buff + cur_len, "%s", dbuff); + cur_len+= snprintf(buff + cur_len, sizeof(dbuff) - cur_len, "%s", dbuff); } return cur_len; } diff -Nru mariadb-11.8.6/sql/rpl_rli.cc mariadb-11.8.8/sql/rpl_rli.cc --- mariadb-11.8.6/sql/rpl_rli.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/rpl_rli.cc 2026-05-24 09:58:32.000000000 +0000 @@ -324,7 +324,8 @@ } } - int relay_log_pos, master_log_pos, lines; + ulonglong relay_log_pos, master_log_pos; + int lines; char *first_non_digit; /* @@ -377,12 +378,12 @@ else DBUG_PRINT("info", ("relay_log_info file is in old format.")); - if (init_intvar_from_file(&relay_log_pos, + if (init_ulonglongvar_from_file(&relay_log_pos, &info_file, BIN_LOG_HEADER_SIZE) || init_strvar_from_file(group_master_log_name, sizeof(group_master_log_name), &info_file, "") || - init_intvar_from_file(&master_log_pos, &info_file, 0) || + init_ulonglongvar_from_file(&master_log_pos, &info_file, 0) || (lines >= LINES_IN_RELAY_LOG_INFO_WITH_DELAY && init_intvar_from_file(&sql_delay, &info_file, 0))) { diff -Nru mariadb-11.8.6/sql/service_wsrep.cc mariadb-11.8.8/sql/service_wsrep.cc --- mariadb-11.8.6/sql/service_wsrep.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/service_wsrep.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,5 @@ /* Copyright 2018-2025 Codership Oy + Copyright 2025-2026 MariaDB plc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -21,6 +22,7 @@ #include "sql_class.h" #include "debug_sync.h" #include "log.h" +#include "wsrep_schema.h" // WSREP_SCHEMA, WSREP_STREAMING_TABLE extern "C" my_bool wsrep_on(const THD *thd) { @@ -117,7 +119,7 @@ extern "C" const char* wsrep_get_sr_table_name() { - return wsrep_sr_table_name_full; + return WSREP_SCHEMA "/" WSREP_STREAMING_TABLE; } extern "C" my_bool wsrep_get_debug() diff -Nru mariadb-11.8.6/sql/session_tracker.cc mariadb-11.8.8/sql/session_tracker.cc --- mariadb-11.8.6/sql/session_tracker.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/session_tracker.cc 2026-05-24 09:58:32.000000000 +0000 @@ -63,6 +63,11 @@ Session_sysvars_tracker:: sysvar_node_st *Session_sysvars_tracker::vars_list::search(const sys_var *svar) { + if (((sys_var *)svar)->cast_pluginvar()) + return reinterpret_cast( + my_hash_search(&m_registered_sysvars, + reinterpret_cast(&svar), + sizeof(sys_var*))); return reinterpret_cast( my_hash_search(&m_registered_sysvars, reinterpret_cast(&svar->offset), @@ -92,6 +97,22 @@ node->m_svar= (sys_var *)svar; node->test_load= node->m_svar->test_load; node->m_changed= false; + /* + No need to lock LOCK_plugin for non-plugin variables. + */ + node->skip_plugin_lock= !node->m_svar->cast_pluginvar(); + /* + No need to lock LOCK_global_system_variables for session or + session/global variables. Note that + + 1. Plugin global-only variables are not included in the session + sysvar tracker even if specified by the user + 2. Plugin session variables require LOCK_global_system_variables + because of sync_dynamic_session_variables + */ + node->skip_global_lock= (node->skip_plugin_lock && + node->m_svar->scope() == sys_var::SESSION); + if (my_hash_insert(&m_registered_sysvars, (uchar *) node)) { my_free(node); @@ -145,6 +166,7 @@ token= var_list.str; track_all= false; + mysql_prlock_rdlock(&LOCK_system_variables_hash); for (;;) { sys_var *svar; @@ -168,7 +190,8 @@ { track_all= true; } - else if ((svar= find_sys_var(thd, var.str, var.length, throw_error))) + else if ((svar= find_sys_var(thd, var.str, var.length, throw_error, + /*hash_already_locked=*/true))) { if (insert(svar) == TRUE) return true; @@ -188,6 +211,7 @@ else break; } + mysql_prlock_unlock(&LOCK_system_variables_hash); return false; } @@ -294,6 +318,7 @@ for (ulong i= 0; i < m_registered_sysvars.records; i++) { sysvar_node_st *node= at(i); + /* Global plugin variables are not included */ if (*node->test_load) names[idx++]= &node->m_svar->name; } @@ -329,7 +354,9 @@ } mysql_mutex_unlock(&LOCK_plugin); - buf--; buf[0]= '\0'; + if (idx > 0) + buf--; + buf[0]= '\0'; my_safe_afree(names, names_size); return false; @@ -438,30 +465,34 @@ SHOW_VAR show; CHARSET_INFO *charset; size_t val_length, length; - mysql_mutex_lock(&LOCK_global_system_variables); - mysql_mutex_lock(&LOCK_plugin); + if (!node->skip_global_lock) + mysql_mutex_lock(&LOCK_global_system_variables); + if (!node->skip_plugin_lock) + mysql_mutex_lock(&LOCK_plugin); + /* Happens if the corresponding plugin has been unloaded */ if (!*node->test_load) { + DBUG_ASSERT(!node->skip_plugin_lock); mysql_mutex_unlock(&LOCK_plugin); mysql_mutex_unlock(&LOCK_global_system_variables); continue; } sys_var *svar= node->m_svar; - bool is_plugin= svar->cast_pluginvar(); - if (!is_plugin) - mysql_mutex_unlock(&LOCK_plugin); /* As its always system variable. */ show.type= SHOW_SYS; show.name= svar->name.str; show.value= (char *) svar; - const char *value= get_one_variable(thd, &show, OPT_SESSION, SHOW_SYS, NULL, + const enum enum_var_type vtype= + node->skip_global_lock ? SHOW_OPT_SESSION_NO_LOCK : OPT_SESSION; + const char *value= get_one_variable(thd, &show, vtype, SHOW_SYS, NULL, &charset, val_buf, &val_length); - if (is_plugin) + if (!node->skip_plugin_lock) mysql_mutex_unlock(&LOCK_plugin); - mysql_mutex_unlock(&LOCK_global_system_variables); + if (!node->skip_global_lock) + mysql_mutex_unlock(&LOCK_global_system_variables); length= net_length_size(svar->name.length) + svar->name.length + @@ -591,8 +622,13 @@ const uchar *Session_sysvars_tracker::sysvars_get_key(const void *entry, size_t *length, my_bool) { - ptrdiff_t *key= - &((static_cast(entry))->m_svar->offset); + sys_var *svar= (static_cast(entry))->m_svar; + if (svar->cast_pluginvar()) + { + *length= sizeof(sys_var *); + return (uchar *) &(((sysvar_node_st *) entry)->m_svar); + } + ptrdiff_t *key= &(svar->offset); *length= sizeof(*key); return reinterpret_cast(key); } diff -Nru mariadb-11.8.6/sql/session_tracker.h mariadb-11.8.8/sql/session_tracker.h --- mariadb-11.8.6/sql/session_tracker.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/session_tracker.h 2026-05-24 09:58:32.000000000 +0000 @@ -128,6 +128,8 @@ sys_var *m_svar; bool *test_load; bool m_changed; + bool skip_plugin_lock; + bool skip_global_lock; }; class vars_list diff -Nru mariadb-11.8.6/sql/set_var.cc mariadb-11.8.8/sql/set_var.cc --- mariadb-11.8.6/sql/set_var.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/set_var.cc 2026-05-24 09:58:32.000000000 +0000 @@ -241,6 +241,11 @@ return session_var_ptr(thd); } +const uchar *sys_var::session_no_lock_value_ptr(THD *thd, const LEX_CSTRING *base) const +{ + return session_value_ptr(thd, base); +} + const uchar *sys_var::global_value_ptr(THD *thd, const LEX_CSTRING *base) const { return global_var_ptr(); @@ -284,6 +289,8 @@ AutoRLock lock(guard); return global_value_ptr(thd, base); } + else if (type == SHOW_OPT_SESSION_NO_LOCK) + return session_no_lock_value_ptr(thd, base); else return session_value_ptr(thd, base); } @@ -806,6 +813,7 @@ switch (type) { case SHOW_OPT_DEFAULT: case SHOW_OPT_SESSION: + case SHOW_OPT_SESSION_NO_LOCK: DBUG_ASSERT(var->scope() != sys_var::GLOBAL); if (var->on_check_access_session(thd)) return -1; diff -Nru mariadb-11.8.6/sql/set_var.h mariadb-11.8.8/sql/set_var.h --- mariadb-11.8.6/sql/set_var.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/set_var.h 2026-05-24 09:58:32.000000000 +0000 @@ -58,6 +58,13 @@ public: sys_var *next; LEX_CSTRING name; + + /* + - For non-plugin system variables: always true (static_test_load) + - For plugin global var: always false (static_unload) + - For plugin session var: true on plugin init, false on plugin + deinit + */ bool *test_load; enum flag_enum { GLOBAL, SESSION, ONLY_SESSION, SCOPE_MASK=1023, READONLY=1024, ALLOCATED=2048, PARSE_EARLY=4096, @@ -238,6 +245,7 @@ int for SHOW_INT, longlong for SHOW_LONGLONG, etc). */ virtual const uchar *session_value_ptr(THD *thd, const LEX_CSTRING *base) const; + virtual const uchar *session_no_lock_value_ptr(THD *thd, const LEX_CSTRING *base) const; virtual const uchar *global_value_ptr(THD *thd, const LEX_CSTRING *base) const; /** @@ -431,7 +439,7 @@ int fill_sysvars(THD *thd, TABLE_LIST *tables, COND *cond); sys_var *find_sys_var(THD *thd, const char *str, size_t length= 0, - bool throw_error= false); + bool throw_error= false, bool hash_already_locked= false); int sql_set_variables(THD *thd, List *var_list, bool free); #define SYSVAR_AUTOSIZE(VAR,VAL) \ diff -Nru mariadb-11.8.6/sql/share/charsets/Index.xml mariadb-11.8.8/sql/share/charsets/Index.xml --- mariadb-11.8.6/sql/share/charsets/Index.xml 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/share/charsets/Index.xml 2026-05-24 09:58:32.000000000 +0000 @@ -72,7 +72,10 @@ - + + binary + nopad + @@ -94,7 +97,10 @@ - + + binary + nopad + @@ -119,7 +125,10 @@ - + + binary + nopad + @@ -186,7 +195,10 @@ - + + binary + nopad + @@ -201,7 +213,10 @@ - + + binary + nopad + @@ -215,7 +230,10 @@ - + + binary + nopad + @@ -233,7 +251,10 @@ - + + binary + nopad + @@ -306,7 +327,10 @@ - + + binary + nopad + @@ -322,7 +346,10 @@ - + + binary + nopad + @@ -378,7 +405,10 @@ - + + binary + nopad + @@ -392,7 +422,10 @@ - + + binary + nopad + @@ -425,7 +458,10 @@ - + + binary + nopad + @@ -457,7 +493,10 @@ - + + binary + nopad + @@ -490,7 +529,10 @@ - + + binary + nopad + @@ -511,7 +553,10 @@ - + + binary + nopad + @@ -525,7 +570,10 @@ - + + binary + nopad + @@ -569,7 +617,10 @@ - + + binary + nopad + @@ -582,7 +633,10 @@ - + + binary + nopad + @@ -604,7 +658,10 @@ - + + binary + nopad + @@ -632,7 +689,10 @@ - + + binary + nopad + @@ -656,7 +716,10 @@ - + + binary + nopad + @@ -676,7 +739,10 @@ - + + binary + nopad + @@ -689,7 +755,10 @@ - + + binary + nopad + diff -Nru mariadb-11.8.6/sql/share/errmsg-utf8.txt mariadb-11.8.8/sql/share/errmsg-utf8.txt --- mariadb-11.8.6/sql/share/errmsg-utf8.txt 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/share/errmsg-utf8.txt 2026-05-24 09:58:32.000000000 +0000 @@ -507,33 +507,33 @@ swe "Kan inte byta till '%-.192s' (Felkod: %iE)" ukr "Ðе можу перейти у теку '%-.192s' (помилка: %iE)" ER_CHECKREAD - chi "è¿™ä¸ªè¡¨è‡ªä¸Šæ¬¡è¯»åŽæ•°æ®æœ‰å˜åŒ–'%-.192s'" + chi "è¿™ä¸ªè¡¨è‡ªä¸Šæ¬¡è¯»åŽæ•°æ®æœ‰å˜åŒ–'%-.192s';å°è¯•釿–°å¯åŠ¨äº‹åŠ¡" cze "Záznam byl zmÄ›nÄ›n od posledního Ätení v tabulce '%-.192s'" - dan "Posten er ændret siden sidste læsning '%-.192s'" - eng "Record has changed since last read in table '%-.192s'" - est "Kirje tabelis '%-.192s' on muutunud viimasest lugemisest saadik" - fre "Enregistrement modifié depuis sa dernière lecture dans la table '%-.192s'" - ger "Datensatz hat sich seit dem letzten Zugriff auf Tabelle '%-.192s' geändert" - geo "ცხრილში '%-.192s' ჩáƒáƒœáƒáƒ¬áƒ”რი შეიცვáƒáƒšáƒ ბáƒáƒšáƒ წáƒáƒ™áƒ˜áƒ—ხვის შემდეგ" + dan "Posten er ændret siden sidste læsning '%-.192s'; Prøv at genstarte transaktionen" + eng "Record has changed since last read in table '%-.192s'; try restarting transaction" + est "Kirje tabelis '%-.192s' on muutunud viimasest lugemisest saadik; alusta transaktsiooni otsast" + fre "Enregistrement modifié depuis sa dernière lecture dans la table '%-.192s' : essayez de redémarrer la transaction" + ger "Datensatz hat sich seit dem letzten Zugriff auf Tabelle '%-.192s' geändert. Versuchen Sie, die Transaktion neu zu starten" + geo "ცხრილში '%-.192s' ჩáƒáƒœáƒáƒ¬áƒ”რი შეიცვáƒáƒšáƒ ბáƒáƒšáƒ წáƒáƒ™áƒ˜áƒ—ხვის შემდეგ. სცáƒáƒ“ეთ, ტრáƒáƒœáƒ–áƒáƒ¥áƒªáƒ˜áƒ თáƒáƒ•იდáƒáƒœ გáƒáƒ£áƒ¨áƒ•áƒáƒ—" greek "Η εγγÏαφή έχει αλλάξει από την τελευταία φοÏά που ανασÏÏθηκε από τον πίνακα '%-.192s'" hindi "रिकॉरà¥à¤¡ टेबल '%-.192s' पिछली बार पà¥à¥‡ जाने के बाद से बदल गया है" hun "A(z) '%-.192s' tablaban talalhato rekord megvaltozott az utolso olvasas ota" - ita "Il record e` cambiato dall'ultima lettura della tabella '%-.192s'" - jpn "表 '%-.192s' ã®æœ€å¾Œã®èª­ã¿è¾¼ã¿æ™‚点ã‹ã‚‰ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ãŒå¤‰åŒ–ã—ã¾ã—ãŸã€‚" + ita "Il record e` cambiato dall'ultima lettura della tabella '%-.192s'; Provare a far ripartire la transazione" + jpn "表 '%-.192s' ã®æœ€å¾Œã®èª­ã¿è¾¼ã¿æ™‚点ã‹ã‚‰ã€ãƒ¬ã‚³ãƒ¼ãƒ‰ãŒå¤‰åŒ–ã—ã¾ã—ãŸã€‚トランザクションをå†è©¦è¡Œã—ã¦ãã ã•ã„。" kor "í…Œì´ë¸” '%-.192s'ì—서 마지막으로 ì½ì€ 후 Recordê°€ 변경ë˜ì—ˆìŠµë‹ˆë‹¤." - nla "Record is veranderd sinds de laatste lees activiteit in de tabel '%-.192s'" + nla "Record is veranderd sinds de laatste lees activiteit in de tabel '%-.192s'; Probeer herstart van de transactie" nor "Posten har blitt endret siden den ble lest '%-.192s'" - norwegian-ny "Posten har vorte endra sidan den sist vart lesen '%-.192s'" + norwegian-ny "Posten har vorte endra sidan den sist vart lesen '%-.192s'; Prøv Ã¥ starte transaksjonen pÃ¥ nytt" pol "Rekord zostaÅ‚ zmieniony od ostaniego odczytania z tabeli '%-.192s'" - por "Registro alterado desde a última leitura da tabela '%-.192s'" + por "Registro alterado desde a última leitura da tabela '%-.192s'. Tente reiniciar a transação" rum "Cimpul a fost schimbat de la ultima citire a tabelei '%-.192s'" - rus "ЗапиÑÑŒ изменилаÑÑŒ Ñ Ð¼Ð¾Ð¼ÐµÐ½Ñ‚Ð° поÑледней выборки в таблице '%-.192s'" - serbian "Slog je promenjen od zadnjeg Äitanja tabele '%-.192s'" + rus "ЗапиÑÑŒ изменилаÑÑŒ Ñ Ð¼Ð¾Ð¼ÐµÐ½Ñ‚Ð° поÑледней выборки в таблице '%-.192s'; Попробуйте перезапуÑтить транзакцию" + serbian "Slog je promenjen od zadnjeg Äitanja tabele '%-.192s'; Probajte da restartujete transakciju" slo "Záznam bol zmenený od posledného Äítania v tabuľke '%-.192s'" - spa "El registro ha cambiado desde la ultima lectura de la tabla '%-.192s'" - sw "Rekodi imebadilika tangu kusomeka mara ya mwisho kwenye jedwali '%-.192s'" - swe "Posten har förändrats sedan den lästes i register '%-.192s'" - ukr "Ð—Ð°Ð¿Ð¸Ñ Ð±ÑƒÐ»Ð¾ змінено з чаÑу оÑтаннього Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· таблиці '%-.192s'" + spa "El registro ha cambiado desde la ultima lectura de la tabla '%-.192s'; intente volver a comenzar la transacción" + swe "Posten har förändrats sedan den lästes i register '%-.192s'. Försök att starta om transaktionen" + sw "Rekodi imebadilika tangu kusomeka mara ya mwisho kwenye jedwali '%-.192s'; jaribu kuanzisha upya muamala" + ukr "Ð—Ð°Ð¿Ð¸Ñ Ð±ÑƒÐ»Ð¾ змінено з чаÑу оÑтаннього Ñ‡Ð¸Ñ‚Ð°Ð½Ð½Ñ Ð· таблиці '%-.192s'; Ñпробуйте перезапуÑтити транзакцію." ER_DISK_FULL chi "ç£ç›˜å·²æ»¡(%s);等待释放一些空间...(错误å·ç ï¼š%iE)" cze "Disk je plný (%s), Äekám na uvolnÄ›ní nÄ›jakého místa ... (chybový kód: %iE)" diff -Nru mariadb-11.8.6/sql/slave.cc mariadb-11.8.8/sql/slave.cc --- mariadb-11.8.6/sql/slave.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/slave.cc 2026-05-24 09:58:32.000000000 +0000 @@ -476,8 +476,114 @@ plugin_unlock(NULL, engine); } +static bool slave_deadlock_handler_thread_running; +static bool slave_deadlock_handler_thread_stop; static bool slave_background_thread_gtid_loaded; +struct slave_deadlock_kill_t { + slave_deadlock_kill_t *next; + THD *to_kill; +} *slave_deadlock_kill_list; + + +pthread_handler_t +slave_deadlock_handler(void *arg __attribute__((unused))) +{ + bool stop; + + my_thread_init(); + + mysql_mutex_lock(&LOCK_slave_deadlock_handler); + slave_deadlock_handler_thread_running= true; + mysql_cond_broadcast(&COND_slave_deadlock_handler); + do + { + slave_deadlock_kill_t *kill_list; + + for (;;) + { + stop= abort_loop || slave_deadlock_handler_thread_stop; + kill_list= slave_deadlock_kill_list; + if (stop || kill_list) + break; + mysql_cond_wait(&COND_slave_deadlock_handler, &LOCK_slave_deadlock_handler); + } + + slave_deadlock_kill_list= NULL; + mysql_mutex_unlock(&LOCK_slave_deadlock_handler); + + while (kill_list) + { + slave_deadlock_kill_t *p = kill_list; + THD *to_kill= p->to_kill; + kill_list= p->next; + + DBUG_EXECUTE_IF("rpl_delay_deadlock_kill", my_sleep(1500000);); + to_kill->awake(KILL_CONNECTION); + mysql_mutex_lock(&to_kill->LOCK_wakeup_ready); + to_kill->rgi_slave->killed_for_retry= + rpl_group_info::RETRY_KILL_KILLED; + mysql_cond_broadcast(&to_kill->COND_wakeup_ready); + mysql_mutex_unlock(&to_kill->LOCK_wakeup_ready); + my_free(p); + } + mysql_mutex_lock(&LOCK_slave_deadlock_handler); + } while (!stop); + + slave_deadlock_handler_thread_running= false; + mysql_cond_broadcast(&COND_slave_deadlock_handler); + mysql_mutex_unlock(&LOCK_slave_deadlock_handler); + + my_thread_end(); + return 0; +} + + +/* + Start the slave deadlock handler thread. + + This thread is used to kill worker thread transactions during parallel + replication, when a storage engine attempts to take an errorneous + conflicting lock that would cause a deadlock. Killing is done + asynchroneously, as the kill may not be safe within the context of a + callback from inside storage engine locking code. +*/ +static int +start_slave_deadlock_handler_thread() +{ + pthread_t th; + + mysql_mutex_lock(&LOCK_slave_deadlock_handler); + slave_deadlock_handler_thread_running= false; + slave_deadlock_handler_thread_stop= false; + if (mysql_thread_create(key_thread_slave_deadlock_handler, + &th, &connection_attrib, slave_deadlock_handler, + NULL)) + { + sql_print_error("Failed to create thread while initialising slave"); + return 1; + } + + while (!slave_deadlock_handler_thread_running) + mysql_cond_wait(&COND_slave_deadlock_handler, &LOCK_slave_deadlock_handler); + mysql_mutex_unlock(&LOCK_slave_deadlock_handler); + + return 0; +} + + +static void +stop_slave_deadlock_handler_thread() +{ + mysql_mutex_lock(&LOCK_slave_deadlock_handler); + slave_deadlock_handler_thread_stop= true; + mysql_cond_broadcast(&COND_slave_deadlock_handler); + while (slave_deadlock_handler_thread_running) + mysql_cond_wait(&COND_slave_deadlock_handler, &LOCK_slave_deadlock_handler); + mysql_mutex_unlock(&LOCK_slave_deadlock_handler); +} + + static void bg_rpl_load_gtid_slave_state(void *) { THD *thd= new_bg_THD(); @@ -498,25 +604,27 @@ delete thd; } -static void bg_slave_kill(void *victim) -{ - THD *to_kill= (THD *)victim; - DBUG_EXECUTE_IF("rpl_delay_deadlock_kill", my_sleep(1500000);); - to_kill->awake(KILL_CONNECTION); - mysql_mutex_lock(&to_kill->LOCK_wakeup_ready); - to_kill->rgi_slave->killed_for_retry= rpl_group_info::RETRY_KILL_KILLED; - mysql_cond_broadcast(&to_kill->COND_wakeup_ready); - mysql_mutex_unlock(&to_kill->LOCK_wakeup_ready); -} void slave_background_kill_request(THD *to_kill) { if (to_kill->rgi_slave->killed_for_retry) return; // Already deadlock killed. - to_kill->rgi_slave->killed_for_retry= rpl_group_info::RETRY_KILL_PENDING; - mysql_manager_submit(bg_slave_kill, to_kill); + slave_deadlock_kill_t *p= (slave_deadlock_kill_t *) + my_malloc(PSI_INSTRUMENT_ME, sizeof(*p), MYF(MY_WME)); + if (p) + { + p->to_kill= to_kill; + to_kill->rgi_slave->killed_for_retry= + rpl_group_info::RETRY_KILL_PENDING; + mysql_mutex_lock(&LOCK_slave_deadlock_handler); + p->next= slave_deadlock_kill_list; + slave_deadlock_kill_list= p; + mysql_cond_signal(&COND_slave_deadlock_handler); + mysql_mutex_unlock(&LOCK_slave_deadlock_handler); + } } + /* This function must only be called from a slave SQL thread (or worker thread), to ensure that the table_entry will not go away before we can lock the @@ -561,6 +669,9 @@ init_slave_psi_keys(); #endif + if (start_slave_deadlock_handler_thread()) + return 1; + if (global_rpl_thread_pool.init(opt_slave_parallel_threads)) return 1; @@ -789,6 +900,10 @@ if (!system_charset_info->strnncoll((uchar*)arg,4,(const uchar*)"all",4)) { bitmap_set_all(&slave_error_mask); + bitmap_clear_bit(&slave_error_mask,ER_CONNECTION_KILLED); + sql_print_warning("Slave: ER_CONNECTION_KILLED (%d) is not allowed in " + "--slave-skip-errors=all. This error will never be skipped " + "by the slave.", ER_CONNECTION_KILLED); goto end; } for (p= arg ; *p; ) @@ -797,7 +912,18 @@ if (!(p= str2int(p, 10, 0, LONG_MAX, &err_code))) break; if (err_code < MAX_SLAVE_ERROR) - bitmap_set_bit(&slave_error_mask,(uint)err_code); + { + if (err_code == ER_CONNECTION_KILLED) + { + sql_print_warning("Slave: ER_CONNECTION_KILLED (%d) is not allowed in " + "--slave-skip-errors. This error will never be skipped " + "by the slave.", ER_CONNECTION_KILLED); + } + else + { + bitmap_set_bit(&slave_error_mask,(uint)err_code); + } + } while (!my_isdigit(system_charset_info,*p) && *p) p++; } @@ -1279,6 +1405,7 @@ mysql_mutex_lock(&LOCK_active_mi); master_info_index->free_connections(); mysql_mutex_unlock(&LOCK_active_mi); + stop_slave_deadlock_handler_thread(); // It's safe to destruct worker pool now when // all driver threads are gone. global_rpl_thread_pool.deactivate(); @@ -1312,6 +1439,8 @@ active_mi= 0; mysql_mutex_unlock(&LOCK_active_mi); + stop_slave_deadlock_handler_thread(); + global_rpl_thread_pool.destroy(); free_all_rpl_filters(); DBUG_VOID_RETURN; @@ -1503,48 +1632,99 @@ DBUG_RETURN(1); } -/* - when moving these functions to mysys, don't forget to - remove slave.cc from libmysqld/CMakeLists.txt -*/ +/* Check if numeric string parsing has trailing garbage */ +static bool is_string_blank_or_empty(const char *endptr) +{ + while (*endptr != '\0' && + (my_isspace(system_charset_info, *endptr) || + my_iscntrl(system_charset_info, *endptr))) + { + endptr++; + } + + return *endptr != '\0'; +} + int init_intvar_from_file(int* var, IO_CACHE* f, int default_val) { - char buf[32]; + char buf[32]= {0}; DBUG_ENTER("init_intvar_from_file"); + *var= 0; - if (my_b_gets(f, buf, sizeof(buf))) + if (!my_b_gets(f, buf, sizeof(buf))) { - *var = atoi(buf); + if (!default_val) + DBUG_RETURN(1); + *var= default_val; DBUG_RETURN(0); } - else if (default_val) + + char *endptr= buf + strlen(buf); + int error= 0; + longlong val= my_strtoll10(buf, &endptr, &error); + + if (error || is_string_blank_or_empty(endptr)) + DBUG_RETURN(1); + + if (val < 0 || val > UINT_MAX) + DBUG_RETURN(1); + + *var= (int) val; + DBUG_RETURN(0); +} + +int init_ulonglongvar_from_file(ulonglong* var, IO_CACHE* f, + ulonglong default_val) +{ + char buf[MY_INT64_NUM_DECIMAL_DIGITS]= {0}; + int error= 0; + DBUG_ENTER("init_ulonglongvar_from_file"); + + *var= 0; + + if (!my_b_gets(f, buf, sizeof(buf))) { - *var = default_val; + if (!default_val) + DBUG_RETURN(1); + *var= default_val; DBUG_RETURN(0); } - DBUG_RETURN(1); + + char *endptr= buf + strlen(buf); + ulonglong val= (ulonglong) my_strtoll10(buf, &endptr, &error); + + if (error || is_string_blank_or_empty(endptr)) + DBUG_RETURN(1); + + *var= val; + DBUG_RETURN(0); } int init_floatvar_from_file(float* var, IO_CACHE* f, float default_val) { - char buf[16]; + char buf[16]= {0}; DBUG_ENTER("init_floatvar_from_file"); + *var= 0.0; - if (my_b_gets(f, buf, sizeof(buf))) + if (!my_b_gets(f, buf, sizeof(buf))) { - if (sscanf(buf, "%f", var) != 1) + if (default_val == 0.0) DBUG_RETURN(1); - else - DBUG_RETURN(0); - } - else if (default_val != 0.0) - { - *var = default_val; + *var= default_val; DBUG_RETURN(0); } - DBUG_RETURN(1); + + char *endptr= buf + strlen(buf); + int error= 0; + double val= my_strtod(buf, &endptr, &error); + + if (error || is_string_blank_or_empty(endptr)) + DBUG_RETURN(1); + + *var= (float) val; + DBUG_RETURN(0); } @@ -1709,7 +1889,7 @@ "Master reported unrecognized MariaDB version: %s", mysql->server_version); err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), err_buff2); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), err_buff2); } else { @@ -1730,7 +1910,7 @@ "Master reported unrecognized MariaDB version: %s", mysql->server_version); err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), err_buff2); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), err_buff2); break; default: /* @@ -1763,7 +1943,7 @@ { errmsg= "default Format_description_log_event"; err_code= ER_SLAVE_CREATE_EVENT_FAILURE; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } @@ -1898,7 +2078,7 @@ the --replicate-same-server-id option must be used on slave but this does \ not always make sense; please check the manual before using it)."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -1916,7 +2096,7 @@ errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of SERVER_ID variable from master."; err_code= mysql_errno(mysql); - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } else if (!master_row && master_res) @@ -1934,7 +2114,7 @@ { errmsg= "Slave configured with server id filtering could not detect the master server id."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } @@ -1974,7 +2154,7 @@ different values for the COLLATION_SERVER global variable. The values must \ be equal for the Statement-format replication to work"; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -1992,7 +2172,7 @@ errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of COLLATION_SERVER global variable from master."; err_code= mysql_errno(mysql); - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } else @@ -2037,7 +2217,7 @@ different values for the TIME_ZONE global variable. The values must \ be equal for the Statement-format replication to work"; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, ER_DEFAULT(err_code), errmsg); + snprintf(err_buff, sizeof(err_buff), ER_DEFAULT(err_code), errmsg); goto err; } } @@ -2064,7 +2244,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is encountered \ when it try to get the value of TIME_ZONE global variable from master."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } if (master_res) @@ -2109,7 +2289,7 @@ errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tries to SET @master_heartbeat_period on master."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2169,7 +2349,7 @@ errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tried to SET @master_binlog_checksum on master."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2203,7 +2383,7 @@ errmsg= "The slave I/O thread stops because a fatal error is encountered " "when it tried to SELECT @master_binlog_checksum."; err_code= ER_SLAVE_FATAL_ERROR; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); mysql_free_result(mysql_store_result(mysql)); goto err; } @@ -2260,7 +2440,7 @@ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to request filtering of events marked " "with the @@skip_replication flag."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2292,7 +2472,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @mariadb_slave_capability."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2344,7 +2524,7 @@ errmsg= "The slave I/O thread stops because master does not support " "MariaDB global transaction id. A fatal error is encountered when " "it tries to SELECT @@GLOBAL.gtid_domain_id."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2358,7 +2538,7 @@ err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to compute @slave_connect_state."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } query_str.append(STRING_WITH_LEN("'"), system_charset_info); @@ -2382,7 +2562,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_connect_state."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2395,7 +2575,7 @@ err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to set @slave_gtid_strict_mode."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } @@ -2418,7 +2598,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_gtid_strict_mode."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2431,7 +2611,7 @@ err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory error " "is encountered when it tries to set @slave_gtid_ignore_duplicates."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } @@ -2454,7 +2634,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_gtid_ignore_duplicates."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -2469,7 +2649,7 @@ err_code= ER_OUTOFMEMORY; errmsg= "The slave I/O thread stops because a fatal out-of-memory " "error is encountered when it tries to compute @slave_until_gtid."; - sprintf(err_buff, "%s Error: Out of memory", errmsg); + snprintf(err_buff, sizeof(err_buff), "%s Error: Out of memory", errmsg); goto err; } query_str.append(STRING_WITH_LEN("'"), system_charset_info); @@ -2493,7 +2673,7 @@ /* Fatal error */ errmsg= "The slave I/O thread stops because a fatal error is " "encountered when it tries to set @slave_until_gtid."; - sprintf(err_buff, "%s Error: %s", errmsg, mysql_error(mysql)); + snprintf(err_buff, sizeof(err_buff), "%s Error: %s", errmsg, mysql_error(mysql)); goto err; } } @@ -3484,9 +3664,8 @@ mysql_mutex_assert_owner(&rli->data_lock); DBUG_ASSERT(!rli->belongs_to_client()); - int type= ev->get_type_code(); - if (sql_delay && type != ROTATE_EVENT && - type != FORMAT_DESCRIPTION_EVENT && type != START_EVENT_V3) + Log_event_type type= ev->get_type_code(); + if (sql_delay && Log_event::is_group_event(type)) { // The time when we should execute the event. time_t sql_delay_end= @@ -5269,6 +5448,15 @@ DBUG_ASSERT(debug_sync_service); DBUG_ASSERT(!debug_sync_set_action(current_thd, STRING_WITH_LEN(act))); };); +#ifdef WITH_WSREP + DBUG_EXECUTE_IF("wsrep_async_slave_node_dropped_error", + if (WSREP(thd)) + { + wsrep_node_dropped= TRUE; + goto err_before_start; + } + ); +#endif /* WITH_WSREP */ #endif rli->parallel.reset(); @@ -5442,8 +5630,8 @@ mysql_mutex_unlock(&rli->data_lock); #ifdef WITH_WSREP wsrep_open(thd); - if (WSREP_ON_) - wsrep_wait_ready(thd); + if (WSREP_ON_ && !wsrep_wait_ready(thd)) + goto err; if (wsrep_before_command(thd)) { WSREP_WARN("Slave SQL wsrep_before_command() failed"); @@ -5666,21 +5854,25 @@ */ if (WSREP(thd) && wsrep_node_dropped && wsrep_restart_slave) { - if (wsrep_ready_get()) - { - WSREP_INFO("Slave error due to node temporarily non-primary" - "SQL slave will continue"); wsrep_node_dropped= FALSE; mysql_mutex_unlock(&rli->run_lock); - goto wsrep_restart_point; - } - else - { WSREP_INFO("Slave error due to node going non-primary"); WSREP_INFO("wsrep_restart_slave was set and therefore slave will be " "automatically restarted when node joins back to cluster"); - wsrep_restart_slave_activated= TRUE; - } + if (wsrep_wait_ready(thd)) + { + wsrep_close(thd); + delete serial_rgi; + if (thd_initialized) + server_threads.erase(thd); + delete thd; + goto wsrep_restart_point; + } + else + { + /* The node is being shutdown. Fallthrough. */ + mysql_mutex_lock(&rli->run_lock); + } } wsrep_close(thd); #endif /* WITH_WSREP */ @@ -6782,7 +6974,7 @@ crc= my_checksum(crc, (const uchar *) buf, event_len - BINLOG_CHECKSUM_LEN); - int4store(&buf[event_len - BINLOG_CHECKSUM_LEN], crc); + int4store(const_cast(& buf[event_len - BINLOG_CHECKSUM_LEN]), crc); } } if (likely(!rli->relay_log.write_event_buffer((uchar*)buf, event_len))) diff -Nru mariadb-11.8.6/sql/slave.h mariadb-11.8.8/sql/slave.h --- mariadb-11.8.6/sql/slave.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/slave.h 2026-05-24 09:58:32.000000000 +0000 @@ -266,6 +266,8 @@ struct rpl_group_info *rgi); int init_intvar_from_file(int* var, IO_CACHE* f, int default_val); +int init_ulonglongvar_from_file(ulonglong* var, IO_CACHE* f, + ulonglong default_val); int init_floatvar_from_file(float* var, IO_CACHE* f, float default_val); int init_strvar_from_file(char *var, int max_size, IO_CACHE *f, const char *default_val); diff -Nru mariadb-11.8.6/sql/sp_instr.cc mariadb-11.8.8/sql/sp_instr.cc --- mariadb-11.8.6/sql/sp_instr.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sp_instr.cc 2026-05-24 09:58:32.000000000 +0000 @@ -534,7 +534,19 @@ m_first_execution= false; if (!rc) + { + /* + sp_lex_instr is re-parsed after the metadata change, which sets up a new + mem_root for reparsing. Once the sp_lex_instr is reparsed and re-executed + (via reset_lex_and_exec_core) it should be marked as read-only to enforce + sp memory root protection. + */ +#ifdef PROTECT_STATEMENT_MEMROOT + if (rerun_the_same_instr && instr->mem_root) + instr->mem_root->flags |= ROOT_FLAG_READ_ONLY; +#endif break; + } /* Raise the error upper level in case: diff -Nru mariadb-11.8.6/sql/spatial.cc mariadb-11.8.8/sql/spatial.cc --- mariadb-11.8.6/sql/spatial.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/spatial.cc 2026-05-24 09:58:32.000000000 +0000 @@ -25,6 +25,8 @@ double my_double_round(double value, longlong dec, bool dec_unsigned, bool truncate); +#define advance(wkb,len,N) do { wkb+=(N); len-=(N); } while(0) + /* exponential notation : 1 sign @@ -470,7 +472,8 @@ if (len < WKB_HEADER_SIZE) return NULL; - geom_type= wkb_get_uint(wkb+1, (wkbByteOrder)wkb[0]); + wkbByteOrder bo= (wkbByteOrder)wkb[0]; + geom_type= wkb_get_uint(wkb+1, bo); if (!(geom= create_by_typeid(buffer, (int) geom_type)) || res->reserve(WKB_HEADER_SIZE, 512)) return NULL; @@ -478,8 +481,8 @@ res->q_append((char) wkb_ndr); res->q_append(geom_type); - return geom->init_from_wkb(wkb + WKB_HEADER_SIZE, len - WKB_HEADER_SIZE, - (wkbByteOrder) wkb[0], res) ? geom : NULL; + advance(wkb,len,WKB_HEADER_SIZE); + return geom->init_from_wkb(wkb, len, bo, res) ? geom : 0; } @@ -853,15 +856,18 @@ static const char *append_json_points(String *txt, uint max_dec, uint32 n_points, const char *data, uint32 offset) { + bool any_points= false; txt->qs_append('['); while (n_points--) { + any_points= true; data+= offset; append_json_point(txt, max_dec, data); data+= POINT_DATA_SIZE; txt->qs_append(", ", 2); } - txt->length(txt->length() - 2);// Remove ending ', ' + if (any_points) + txt->length(txt->length() - 2);// Remove ending ', ' txt->qs_append(']'); return data; } @@ -908,7 +914,7 @@ uint32 Gis_point::get_data_size() const { - return POINT_DATA_SIZE; + return no_data(m_data, POINT_DATA_SIZE) ? GET_SIZE_ERROR : POINT_DATA_SIZE; } @@ -1431,6 +1437,8 @@ int Gis_line_string::num_points(uint32 *n_points) const { + if (no_data(m_data, 4)) + return 1; *n_points= uint4korr(m_data); return 0; } @@ -1627,8 +1635,7 @@ if (res->reserve(4, 512)) return 0; - wkb+= 4; - len-= 4; + advance(wkb,len,4); res->q_append(n_linear_rings); while (n_linear_rings--) @@ -1645,7 +1652,7 @@ if (ls.is_closed(&closed) || !closed) return 0; - wkb+= ls_len; + advance(wkb,len,ls_len); } return (uint) (wkb - wkb_orig); @@ -1745,9 +1752,11 @@ n_linear_rings= uint4korr(data); data+= 4; + bool any_rings= false; txt->qs_append('['); while (n_linear_rings--) { + any_rings= true; uint32 n_points; if (no_data(data, 4)) return 1; @@ -1759,7 +1768,8 @@ data= append_json_points(txt, max_dec_digits, n_points, data, 0); txt->qs_append(", ", 2); } - txt->length(txt->length() - 2);// Remove ending ', ' + if (any_rings) + txt->length(txt->length() - 2);// Remove ending ', ' txt->qs_append(']'); *end= data; return 0; @@ -2258,6 +2268,8 @@ int Gis_multi_point::num_geometries(uint32 *num) const { + if (no_data(m_data, 4)) + return 1; *num= uint4korr(m_data); return 0; } @@ -2344,7 +2356,8 @@ we are sure that there will be multiple points and we have to construct Point geometry and return the smallest result. */ - num_geometries(&num_of_points1); + if (num_geometries(&num_of_points1)) + return 1; DBUG_ASSERT(num_of_points1 >= 1); g->num_geometries(&num_of_points2); DBUG_ASSERT(num_of_points2 >= 1); @@ -2504,7 +2517,7 @@ return 0; res->q_append(n_line_strings); - wkb+= 4; + advance(wkb,len,4); while (n_line_strings--) { Gis_line_string ls; @@ -2516,13 +2529,12 @@ res->q_append((char) wkb_ndr); res->q_append((uint32) wkb_linestring); + wkbByteOrder bo= (wkbByteOrder)wkb[0]; + advance(wkb,len,WKB_HEADER_SIZE); - if (!(ls_len= ls.init_from_wkb(wkb + WKB_HEADER_SIZE, len, - (wkbByteOrder) wkb[0], res))) + if (!(ls_len= ls.init_from_wkb(wkb, len, bo, res))) return 0; - ls_len+= WKB_HEADER_SIZE;; - wkb+= ls_len; - len-= ls_len; + advance(wkb,len,ls_len); } return (uint) (wkb - wkb_orig); } @@ -2620,9 +2632,11 @@ n_line_strings= uint4korr(data); data+= 4; + bool any_ls= false; txt->qs_append('['); while (n_line_strings--) { + any_ls= true; uint32 n_points; if (no_data(data, (WKB_HEADER_SIZE + 4))) return 1; @@ -2634,7 +2648,8 @@ data= append_json_points(txt, max_dec_digits, n_points, data, 0); txt->qs_append(", ", 2); } - txt->length(txt->length() - 2); + if (any_ls) + txt->length(txt->length() - 2); txt->qs_append(']'); *end= data; return 0; @@ -2664,6 +2679,8 @@ int Gis_multi_line_string::num_geometries(uint32 *num) const { + if (no_data(m_data, 4)) + return 1; *num= uint4korr(m_data); return 0; } @@ -2874,7 +2891,7 @@ return 0; res->q_append(n_poly); - wkb+=4; + advance(wkb,len,4); while (n_poly--) { Gis_polygon p; @@ -2886,12 +2903,11 @@ res->q_append((char) wkb_ndr); res->q_append((uint32) wkb_polygon); - if (!(p_len= p.init_from_wkb(wkb + WKB_HEADER_SIZE, len, - (wkbByteOrder) wkb[0], res))) + wkbByteOrder bo= (wkbByteOrder)wkb[0]; + advance(wkb,len,WKB_HEADER_SIZE); + if (!(p_len= p.init_from_wkb(wkb, len, bo, res))) return 0; - p_len+= WKB_HEADER_SIZE; - wkb+= p_len; - len-= p_len; + advance(wkb,len,p_len); } return (uint) (wkb - wkb_orig); } @@ -3030,9 +3046,11 @@ n_polygons= uint4korr(data); data+= 4; + bool any_polygons= false; txt->q_append('['); while (n_polygons--) { + any_polygons= true; uint32 n_linear_rings; if (no_data(data, 4 + WKB_HEADER_SIZE) || txt->reserve(1, 512)) @@ -3041,8 +3059,10 @@ data+= 4 + WKB_HEADER_SIZE; txt->q_append('['); + bool any_rings= false; while (n_linear_rings--) { + any_rings= true; if (no_data(data, 4)) return 1; uint32 n_points= uint4korr(data); @@ -3054,10 +3074,12 @@ data= append_json_points(txt, max_dec_digits, n_points, data, 0); txt->qs_append(", ", 2); } - txt->length(txt->length() - 2); + if (any_rings) + txt->length(txt->length() - 2); txt->qs_append("], ", 3); } - txt->length(txt->length() - 2); + if (any_polygons) + txt->length(txt->length() - 2); txt->q_append(']'); *end= data; return 0; @@ -3095,6 +3117,8 @@ int Gis_multi_polygon::num_geometries(uint32 *num) const { + if (no_data(m_data, 4)) + return 1; *num= uint4korr(m_data); return 0; } @@ -3320,10 +3344,9 @@ const char *opres, uint res_len) { - const char *opres_orig= opres; Geometry_buffer buffer; Geometry *geom; - int g_len; + uint g_len, result= 0; uint32 wkb_type; int no_pos= bin->length(); uint32 n_objects= 0; @@ -3335,7 +3358,7 @@ if (res_len == 0) { /* Special case of GEOMETRYCOLLECTION EMPTY. */ - opres+= 1; + result= 1; goto empty_geom; } @@ -3360,11 +3383,12 @@ return 0; opres+= g_len; res_len-= g_len; + result+= g_len; n_objects++; } empty_geom: bin->write_at_position(no_pos, n_objects); - return (uint) (opres - opres_orig); + return result; } @@ -3382,7 +3406,7 @@ return 0; res->q_append(n_geom); - wkb+= 4; + advance(wkb,len,4); while (n_geom--) { Geometry_buffer buffer; @@ -3394,17 +3418,16 @@ res->reserve(WKB_HEADER_SIZE, 512)) return 0; + wkbByteOrder bo= (wkbByteOrder)wkb[0]; res->q_append((char) wkb_ndr); - wkb_type= wkb_get_uint(wkb+1, (wkbByteOrder) wkb[0]); + wkb_type= wkb_get_uint(wkb+1, bo); res->q_append(wkb_type); + advance(wkb,len,WKB_HEADER_SIZE); if (!(geom= create_by_typeid(&buffer, wkb_type)) || - !(g_len= geom->init_from_wkb(wkb + WKB_HEADER_SIZE, len, - (wkbByteOrder) wkb[0], res))) + !(g_len= geom->init_from_wkb(wkb, len, bo, res))) return 0; - g_len+= WKB_HEADER_SIZE; - wkb+= g_len; - len-= g_len; + advance(wkb,len,g_len); } return (uint) (wkb - wkb_orig); } @@ -3509,9 +3532,11 @@ n_objects= uint4korr(data); data+= 4; + bool any_objects= false; txt->qs_append('['); while (n_objects--) { + any_objects= true; uint32 wkb_type; if (no_data(data, WKB_HEADER_SIZE)) @@ -3527,7 +3552,8 @@ txt->append(STRING_WITH_LEN("}, "), 512)) return 1; } - txt->length(txt->length() - 2); + if (any_objects) + txt->length(txt->length() - 2); if (txt->append(']')) return 1; diff -Nru mariadb-11.8.6/sql/sql_acl.cc mariadb-11.8.8/sql/sql_acl.cc --- mariadb-11.8.6/sql/sql_acl.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_acl.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1770,7 +1770,7 @@ const char *value_start; if (get_value(key, JSV_STRING, &value_start, &value_len)) return ""; - char *ptr= (char*)alloca(value_len); + char *ptr= (char*)my_safe_alloca(value_len); if (!ptr) return NULL; int len= json_unescape(m_table->field[2]->charset(), @@ -1778,9 +1778,9 @@ (const uchar*)value_start + value_len, system_charset_info, (uchar*)ptr, (uchar*)ptr + value_len); - if (len < 0) - return NULL; - return strmake_root(root, ptr, len); + const char *js= len < 0 ? NULL : strmake_root(root, ptr, len); + my_safe_afree(ptr, value_len); + return js; } longlong get_int_value(const char *key, longlong def_val= 0) const { @@ -3927,6 +3927,9 @@ privilege_t acl_get_all3(Security_context *sctx, const char *db, bool db_is_patern) { + if (!initialized) + return DB_ACLS; + privilege_t access= acl_get(sctx->host, sctx->ip, sctx->priv_user, db, db_is_patern); if (sctx->priv_role[0]) @@ -4354,8 +4357,8 @@ result= acl_cache_is_locked= 0; if (mysql_bin_log.is_open()) { - query_length= sprintf(buff, "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'", - user->user.str, safe_str(user->host.str), auth.auth_string.str); + query_length= snprintf(buff, sizeof(buff), "SET PASSWORD FOR '%-.120s'@'%-.120s'='%-.120s'", + user->user.str, safe_str(user->host.str), auth.auth_string.str); DBUG_ASSERT(query_length); thd->clear_error(); result= thd->binlog_query(THD::STMT_QUERY_TYPE, buff, query_length, @@ -4427,8 +4430,9 @@ (WSREP(thd) && !IF_WSREP(thd->wsrep_applier, 0))) { query_length= - sprintf(buff,"SET DEFAULT ROLE '%-.120s' FOR '%-.120s'@'%-.120s'", - safe_str(rolename.str), user.str, safe_str(host.str)); + snprintf(buff, sizeof(buff), + "SET DEFAULT ROLE '%-.120s' FOR '%-.120s'@'%-.120s'", + safe_str(rolename.str), user.str, safe_str(host.str)); } /* @@ -9194,7 +9198,7 @@ NULL, db, sctx->priv_role, name, sph, 0))) - no_routine_acl= !(grant_proc->privs & SHOW_PROC_WITHOUT_DEFINITION_ACLS); + no_routine_acl= !(grant_proc->privs & acl); } mysql_rwlock_unlock(&LOCK_grant); return no_routine_acl; @@ -13980,10 +13984,36 @@ Cast *passwd to an unsigned char, so that it doesn't extend the sign for *passwd > 127 and become 2**32-127+ after casting to uint. */ - uint passwd_len= (thd->client_capabilities & CLIENT_SECURE_CONNECTION ? - (uchar) (*passwd++) : (uint)strlen(passwd)); - - db+= passwd_len + 1; + size_t passwd_len; + if (!(thd->client_capabilities & CLIENT_SECURE_CONNECTION)) + { + passwd_len= strlen(passwd); + db= passwd + passwd_len + 1; /* +1 to skip null terminator */ + } + else + { + if (thd->client_capabilities & CLIENT_PLUGIN_AUTH_LENENC_CLIENT_DATA) + { + ulonglong len= safe_net_field_length_ll((uchar**)&passwd, + end - passwd); + if (!passwd || len > (ulonglong)(end - passwd)) + { + my_message(ER_UNKNOWN_COM_ERROR, ER_THD(thd, ER_UNKNOWN_COM_ERROR), + MYF(0)); + DBUG_RETURN(1); + } + passwd_len= (size_t)len; + } + else + passwd_len= (uchar)(*passwd++); + if (passwd_len > (size_t)(end - passwd)) + { + my_message(ER_UNKNOWN_COM_ERROR, ER_THD(thd, ER_UNKNOWN_COM_ERROR), + MYF(0)); + DBUG_RETURN(1); + } + db= passwd + passwd_len; + } /* Database name is always NUL-terminated, so in case of empty database the packet must contain at least the trailing '\0'. @@ -14086,7 +14116,7 @@ read_packet() */ mpvio->cached_client_reply.pkt= passwd; - mpvio->cached_client_reply.pkt_len= passwd_len; + mpvio->cached_client_reply.pkt_len= (uint)passwd_len; mpvio->cached_client_reply.plugin= client_plugin; mpvio->status= MPVIO_EXT::RESTART; #endif diff -Nru mariadb-11.8.6/sql/sql_admin.cc mariadb-11.8.8/sql/sql_admin.cc --- mariadb-11.8.6/sql/sql_admin.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_admin.cc 2026-05-24 09:58:32.000000000 +0000 @@ -993,7 +993,7 @@ /* Fields we want to have statistics for */ bitmap_clear_all(&tab->has_value_set); - for (uint fields= 0; *field_ptr; field_ptr++, fields++) + for (; *field_ptr; field_ptr++) { Field *field= *field_ptr; if (field->flags & LONG_UNIQUE_HASH_FIELD) @@ -1063,7 +1063,7 @@ ER_THD(thd, ER_NO_EIS_FOR_FIELD), column_name->str); } - tab->file->column_bitmaps_signal(); + tab->file->column_bitmaps_signal(false); } if (!lex->index_list) tab->keys_in_use_for_query.init(tab->s->keys); @@ -1552,6 +1552,15 @@ KEY_CACHE *key_cache; DBUG_ENTER("mysql_assign_to_keycache"); + if (check_some_access(thd, TABLE_ACLS, tables)) + { + my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0), "CACHE INDEX", + thd->security_ctx->priv_user, + thd->security_ctx->host_or_ip, + tables->db.str, tables->table_name.str); + DBUG_RETURN(TRUE); + } + THD_STAGE_INFO(thd, stage_finding_key_cache); check_opt.init(); mysql_mutex_lock(&LOCK_global_system_variables); @@ -1591,6 +1600,16 @@ bool mysql_preload_keys(THD* thd, TABLE_LIST* tables) { DBUG_ENTER("mysql_preload_keys"); + + if (check_some_access(thd, TABLE_ACLS, tables)) + { + my_error(ER_TABLEACCESS_DENIED_ERROR, MYF(0), "LOAD INDEX INTO CACHE", + thd->security_ctx->priv_user, + thd->security_ctx->host_or_ip, + tables->db.str, tables->table_name.str); + DBUG_RETURN(TRUE); + } + /* We cannot allow concurrent inserts. The storage engine reads directly from the index file, bypassing the cache. It could read diff -Nru mariadb-11.8.6/sql/sql_alter.cc mariadb-11.8.8/sql/sql_alter.cc --- mariadb-11.8.6/sql/sql_alter.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_alter.cc 2026-05-24 09:58:32.000000000 +0000 @@ -306,7 +306,7 @@ } for (Create_field &cf: create_list) { - if (item->field_name.streq(cf.field_name)) + if (item->field_name.streq_safe(cf.field_name)) return cf.vcol_info ? cf.vcol_info->flags : 0; } return 0; @@ -558,13 +558,15 @@ DBUG_RETURN(TRUE); } /* - We also require DROP priv for ALTER TABLE ... DROP PARTITION, as well - as for RENAME TO, as being done by SQLCOM_RENAME_TABLE + DROP PARTITION, CONVERT OUT require DROP privilege only (not ALTER), + consistent with TRUNCATE PARTITION; but CONVERT IN, RENAME TO require both + ALTER and DROP. */ if ((alter_info.partition_flags & ALTER_PARTITION_DROP) || - (alter_info.partition_flags & ALTER_PARTITION_CONVERT_IN) || - (alter_info.partition_flags & ALTER_PARTITION_CONVERT_OUT) || - (alter_info.flags & ALTER_RENAME)) + (alter_info.partition_flags & ALTER_PARTITION_CONVERT_OUT)) + priv_needed= DROP_ACL; + else if ((alter_info.partition_flags & ALTER_PARTITION_CONVERT_IN) || + (alter_info.flags & ALTER_RENAME)) priv_needed|= DROP_ACL; /* Must be set in the parser */ diff -Nru mariadb-11.8.6/sql/sql_base.cc mariadb-11.8.8/sql/sql_base.cc --- mariadb-11.8.6/sql/sql_base.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_base.cc 2026-05-24 09:58:32.000000000 +0000 @@ -56,6 +56,7 @@ #include "rpl_filter.h" #include "sql_table.h" // build_table_filename #include "datadict.h" // dd_frm_is_view() +#include "rpl_mi.h" // Master_info_index #include "rpl_rli.h" // rpl_group_info #include "vector_mhnsw.h" #ifdef _WIN32 @@ -836,7 +837,7 @@ leave prelocked mode if needed. */ -int close_thread_tables(THD *thd) +int close_thread_tables(THD *thd) noexcept { TABLE *table; int error= 0; @@ -3318,15 +3319,19 @@ entry->file->implicit_emptied= 0; if (mysql_bin_log.is_open()) { - char query_buf[2*FN_REFLEN + 21]; - String query(query_buf, sizeof(query_buf), system_charset_info); - - query.length(0); - query.append(STRING_WITH_LEN("TRUNCATE TABLE ")); + static const char + QUERY_START[]= "TRUNCATE TABLE ", + QUERY_COMMENT[]= + " /* generated by server for memory table after a restart */"; + StringBuffer< + (sizeof(QUERY_START)-1) + (sizeof(QUERY_COMMENT)-1) + + 2 * (FN_REFLEN+3) // identifiers, quotes, and '.' & '\0' + > query(system_charset_info); + query.append(STRING_WITH_LEN(QUERY_START)); append_identifier(thd, &query, &share->db); query.append('.'); append_identifier(thd, &query, &share->table_name); - + query.append(STRING_WITH_LEN(QUERY_COMMENT)); /* we bypass thd->binlog_query() here, as it does a lot of extra work, that is simply wrong in this case @@ -3335,6 +3340,34 @@ FALSE, TRUE, TRUE, 0); if (mysql_bin_log.write(&qinfo)) return TRUE; +#ifdef HAVE_REPLICATION + // Verbosity Level "Binlog/Replication" + if (opt_readonly && global_system_variables.log_warnings >= 1) + { + extern Master_info_index *master_info_index; + extern Master_info *active_mi; + /* + Use the count to tell whether this server is a slave (candidate). + Though currently this count is always at least 1, + with a permanent @ref active_mi entry that's invalidated when + @ref Master_info::host is empty. + The atomicity of this check is not important here, since results are + influenced by the timing of any concurrent CHANGE MASTER regardless. + */ + if (active_mi->host[0] || + master_info_index->master_info_hash.records > 1) + { + rpl_gtid gtid= thd->get_last_commit_gtid(); + sql_print_warning( + "A server restart has recreated the memory table %sQ.%sQ; " + "a TRUNCATE query is written to the binary log at GTID %u-%u-%llu. " + "As this server is a read-only slave, " + "this event may diverge replication in domain %u.", + share->db.str, share->table_name.str, + PARAM_GTID(gtid), gtid.domain_id); + } + } +#endif } } return FALSE; @@ -3693,7 +3726,8 @@ on table which was discovered but preserve locks from previous statements in current transaction. */ - m_thd->mdl_context.rollback_to_savepoint(start_of_statement_svp()); + if (!result) + m_thd->mdl_context.rollback_to_savepoint(start_of_statement_svp()); break; case OT_NO_ACTION: DBUG_ASSERT(0); @@ -5084,7 +5118,29 @@ continue; } + /* + Debug hook: Verify we only allocate once per internal table. + */ + DBUG_EXECUTE_IF("assert_no_alloc_internal_tables", { DBUG_ASSERT(0); }); + + /* + When a prepared statement uses DEFAULT (like sequence tables) in its + second or further execution AND if the table is not already on statement's + mem_root, temporarily allow allocating on statement mem_root. + */ +#ifdef PROTECT_STATEMENT_MEMROOT + const bool read_only_mem_root= (thd->mem_root->flags & ROOT_FLAG_READ_ONLY); + if (read_only_mem_root) + thd->mem_root->flags&= ~ROOT_FLAG_READ_ONLY; +#endif + TABLE_LIST *tl= thd->alloc(1); + +#ifdef PROTECT_STATEMENT_MEMROOT + if (read_only_mem_root) + thd->mem_root->flags|= ROOT_FLAG_READ_ONLY; +#endif + if (!tl) DBUG_RETURN(TRUE); tl->init_one_table_for_prelocking(&tables->db, @@ -8211,7 +8267,24 @@ while ((item= it++)) { if (make_pre_fix) - pre_fix->push_back(item, thd->active_stmt_arena_to_use()->mem_root); + { + DBUG_EXECUTE_IF("assert_no_alloc_pre_fix", { DBUG_ASSERT(0); }); + Query_arena *arena= thd->active_stmt_arena_to_use(); + +#ifdef PROTECT_STATEMENT_MEMROOT + const bool read_only_mem_root= !arena->is_conventional() && + (arena->mem_root->flags & ROOT_FLAG_READ_ONLY); + if (read_only_mem_root) + arena->mem_root->flags&= ~ROOT_FLAG_READ_ONLY; +#endif + + pre_fix->push_back(item, arena->mem_root); + +#ifdef PROTECT_STATEMENT_MEMROOT + if (read_only_mem_root) + arena->mem_root->flags|= ROOT_FLAG_READ_ONLY; +#endif + } if (item->fix_fields_if_needed_for_scalar(thd, it.ref())) { diff -Nru mariadb-11.8.6/sql/sql_base.h mariadb-11.8.8/sql/sql_base.h --- mariadb-11.8.6/sql/sql_base.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_base.h 2026-05-24 09:58:32.000000000 +0000 @@ -165,7 +165,7 @@ TABLE_LIST *TABLE_LIST::*link, const LEX_CSTRING *db_name, const LEX_CSTRING *table_name); -int close_thread_tables(THD *thd); +int close_thread_tables(THD *thd) noexcept; int close_thread_tables_for_query(THD *thd); void switch_to_nullable_trigger_fields(List &items, TABLE *); void switch_defaults_to_nullable_trigger_fields(TABLE *table); diff -Nru mariadb-11.8.6/sql/sql_cache.cc mariadb-11.8.8/sql/sql_cache.cc --- mariadb-11.8.6/sql/sql_cache.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_cache.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4319,7 +4319,8 @@ DBUG_PRINT("qcache", ("block %p TABLE", block)); if (*border == 0) break; - size_t len = block->length, used = block->used; + DBUG_ASSERT(*gap > 0); + const size_t len = block->length, used = block->used; Query_cache_block_table *list_root = block->table(0); Query_cache_block_table *tprev = list_root->prev, *tnext = list_root->next; @@ -4352,9 +4353,8 @@ nlist_root->prev = tprev; tprev->next = nlist_root; DBUG_PRINT("qcache", - ("list_root: %p tnext %p tprev %p tprev->next %p tnext->prev %p", - list_root, tnext, tprev, - tprev->next,tnext->prev)); + ("list_root: %p parent %p tnext %p tprev %p tprev->next %p tnext->prev %p", + list_root, tnext->parent, tnext, tprev, tprev->next, tnext->prev)); /* Go through all queries that uses this table and change them to point to the new table object @@ -4362,6 +4362,7 @@ Query_cache_table *new_block_table=new_block->table(); for (;tnext != nlist_root; tnext=tnext->next) tnext->parent= new_block_table; + DBUG_PRINT("qcache", ("nlist_root: %p parent %p", nlist_root, new_block_table)); *border += len; *before = new_block; /* Fix pointer to table name */ @@ -4376,11 +4377,12 @@ case Query_cache_block::QUERY: { HASH_SEARCH_STATE record_idx; - DBUG_PRINT("qcache", ("block %p QUERY", block)); + DBUG_PRINT("qcache", ("block %p (%zu bytes) QUERY", block, block->length)); if (*border == 0) break; + DBUG_ASSERT(*gap > 0); BLOCK_LOCK_WR(block); - size_t len = block->length, used = block->used; + const size_t len = block->length, used = block->used; TABLE_COUNTER_TYPE n_tables = block->n_tables; Query_cache_block *prev = block->prev, *next = block->next, @@ -4396,9 +4398,14 @@ my_hash_first(&queries, key, key_length, &record_idx); block->query()->unlock_n_destroy(); block->destroy(); + const Query_cache_block_table *table_0= block->table(0), + *table_n= block->table(n_tables), + *ntable_0= new_block->table(0); + Query_cache_block_table *shifted, *table_j, *ntable_j; + const size_t move_size= (uchar *) table_n - (uchar *) table_0; + DBUG_ASSERT(move_size == n_tables * sizeof(Query_cache_block_table)); // Move table of used tables - memmove((char*) new_block->table(0), (char*) block->table(0), - ALIGN_SIZE(n_tables*sizeof(Query_cache_block_table))); + memmove((char*) ntable_0, (char*) table_0, ALIGN_SIZE(move_size)); new_block->init(len); new_block->type=Query_cache_block::QUERY; new_block->used=used; @@ -4407,33 +4414,44 @@ relink(block, new_block, next, prev, pnext, pprev); if (queries_blocks == block) queries_blocks = new_block; - Query_cache_block_table *beg_of_table_table= block->table(0), - *end_of_table_table= block->table(n_tables); - uchar *beg_of_new_table_table= (uchar*) new_block->table(0); - + longlong move_distance= (uchar *) ntable_0 - (uchar *) table_0; + + DBUG_PRINT("qcache", ("move_distance: %lld", move_distance)); + for (TABLE_COUNTER_TYPE j=0; j < n_tables; j++) { - Query_cache_block_table *block_table = new_block->table(j); - - // use aligment from beginning of table if 'next' is in same block - if ((beg_of_table_table <= block_table->next) && - (block_table->next < end_of_table_table)) - ((Query_cache_block_table *)(beg_of_new_table_table + - (((uchar*)block_table->next) - - ((uchar*)beg_of_table_table))))->prev= - block_table; - else - block_table->next->prev= block_table; + table_j= block->table(j); + ntable_j= new_block->table(j); + DBUG_PRINT("qcache", ("Updating new_block->table(%u): %p; intra-block range: [%p, %p)", + j, ntable_j, table_j, table_n)); + + /* + Use aligment from beginning of table if 'next' is in same block: + + If ntable_j->next is intra-block (inside old block->table() elements), + then shift it by memmove() distance. + */ + if ((table_j <= ntable_j->next) && (ntable_j->next < table_n)) + { + shifted= (Query_cache_block_table *) ((uchar *) ntable_j->next + move_distance); + DBUG_PRINT("qcache", ("Intra-block next:%p = %p", ntable_j->next, shifted)); + ntable_j->next= shifted; + } // use aligment from beginning of table if 'prev' is in same block - if ((beg_of_table_table <= block_table->prev) && - (block_table->prev < end_of_table_table)) - ((Query_cache_block_table *)(beg_of_new_table_table + - (((uchar*)block_table->prev) - - ((uchar*)beg_of_table_table))))->next= - block_table; - else - block_table->prev->next = block_table; + if ((table_j <= ntable_j->prev) && (ntable_j->prev < table_n)) + { + shifted= (Query_cache_block_table *) ((uchar *) ntable_j->prev + move_distance); + DBUG_PRINT("qcache", ("Intra-block prev:%p = %p", ntable_j->prev, shifted)); + ntable_j->prev= shifted; + } + + DBUG_PRINT("qcache", ("n:%p->p:%p = %p", ntable_j->next, + ntable_j->next->prev, ntable_j)); + DBUG_PRINT("qcache", ("p:%p->n:%p = %p", ntable_j->prev, + ntable_j->prev->next, ntable_j)); + ntable_j->next->prev= ntable_j; + ntable_j->prev->next= ntable_j; } DBUG_PRINT("qcache", ("after circle tt")); *border += len; @@ -4475,11 +4493,12 @@ (int) block->type)); if (*border == 0) break; + DBUG_ASSERT(*gap > 0); Query_cache_block *query_block= block->result()->parent(); BLOCK_LOCK_WR(query_block); Query_cache_block *next= block->next, *prev= block->prev; Query_cache_block::block_type type= block->type; - size_t len = block->length, used = block->used; + const size_t len = block->length, used = block->used; Query_cache_block *pprev = block->pprev, *pnext = block->pnext, *new_block =(Query_cache_block*) *border; diff -Nru mariadb-11.8.6/sql/sql_class.cc mariadb-11.8.8/sql/sql_class.cc --- mariadb-11.8.6/sql/sql_class.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_class.cc 2026-05-24 09:58:32.000000000 +0000 @@ -5179,10 +5179,10 @@ have only one table open at any given time. */ TABLE *open_purge_table(THD *thd, const char *db, size_t dblen, - const char *tb, size_t tblen) + const char *tb, size_t tblen, + MDL_ticket *mdl_ticket) noexcept { DBUG_ENTER("open_purge_table"); - DBUG_ASSERT(thd->open_tables == NULL); DBUG_ASSERT(thd->locked_tables_mode < LTM_PRELOCKED); /* Purge already hold the MDL for the table */ @@ -5193,23 +5193,20 @@ tl->init_one_table(&db_name, &table_name, 0, TL_READ); tl->i_s_requested_object= OPEN_TABLE_ONLY; + tl->mdl_request.ticket= mdl_ticket; bool error= open_table(thd, tl, &ot_ctx); - /* we don't recover here */ - DBUG_ASSERT(!error || !ot_ctx.can_recover_from_failed_open()); - - if (unlikely(error)) - close_thread_tables(thd); + /* FLUSH TABLES is executed concurrently - the TABLE_SHARE is marked + as flushed and open_table() requests OT_REOPEN_TABLES backoff. + So removed the assert */ DBUG_RETURN(error ? NULL : tl->table); } -TABLE *get_purge_table(THD *thd) +MDL_ticket *get_mdl_ticket(TABLE *table) { - /* see above, at most one table can be opened */ - DBUG_ASSERT(thd->open_tables == NULL || thd->open_tables->next == NULL); - return thd->open_tables; + return table->mdl_ticket; } /** Find an open table in the list of prelocked tabled @@ -5371,10 +5368,13 @@ void reset_thd(MYSQL_THD thd) { + const char *proc_info= thd->proc_info; + thd->proc_info="reset"; close_thread_tables(thd); thd->release_transactional_locks(); thd->free_items(); free_root(thd->mem_root, MYF(MY_KEEP_PREALLOC)); + thd->proc_info= proc_info; } /** @@ -7784,11 +7784,11 @@ Auxiliary function to print warning in the error log. */ static void print_unsafe_warning_to_log(THD *thd, int unsafe_type, char* buf, - char* query) + size_t buf_size, char* query) { DBUG_ENTER("print_unsafe_warning_in_log"); - sprintf(buf, ER_THD(thd, ER_BINLOG_UNSAFE_STATEMENT), - ER_THD(thd, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); + snprintf(buf, buf_size, ER_THD(thd, ER_BINLOG_UNSAFE_STATEMENT), + ER_THD(thd, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); sql_print_warning(ER_DEFAULT(ER_MESSAGE_AND_STATEMENT), buf, query); DBUG_VOID_RETURN; } @@ -7930,7 +7930,8 @@ ER_THD(this, LEX::binlog_stmt_unsafe_errcode[unsafe_type])); if (global_system_variables.log_warnings > 0 && !protect_against_unsafe_warning_flood(unsafe_type)) - print_unsafe_warning_to_log(this, unsafe_type, buf, query()); + print_unsafe_warning_to_log(this, unsafe_type, buf, + sizeof(buf), query()); } } DBUG_VOID_RETURN; diff -Nru mariadb-11.8.6/sql/sql_class.h mariadb-11.8.8/sql/sql_class.h --- mariadb-11.8.6/sql/sql_class.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_class.h 2026-05-24 09:58:32.000000000 +0000 @@ -1215,7 +1215,7 @@ done before any other THD constructors and decrement - after any other THD destructors. - Destructor unblocks close_conneciton() if there are no more THD's left. + Destructor unblocks close_connection() if there are no more THD's left. */ struct THD_count { @@ -6187,6 +6187,12 @@ (variables.note_verbosity & NOTE_VERBOSITY_EXPLAIN))); } + uint gconcat_max_len() + { + return MY_MIN(variables.group_concat_max_len, + (uint)variables.max_allowed_packet); + } + bool vers_insert_history_fast(const TABLE *table) { DBUG_ASSERT(table->versioned()); diff -Nru mariadb-11.8.6/sql/sql_const.h mariadb-11.8.8/sql/sql_const.h --- mariadb-11.8.6/sql/sql_const.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_const.h 2026-05-24 09:58:32.000000000 +0000 @@ -175,6 +175,12 @@ #ifndef __has_feature #define __has_feature(x) 0 #endif +/* + Note, rather than trying to micro adjust these every time + slightly different test fails, potentially on slightly different + compiler, look at adjusting the test. For example main.sp-error + at Bug#15192. +*/ #if defined(__clang__) && __has_feature(memory_sanitizer) && !defined(DBUG_OFF) #define STACK_MIN_SIZE 44000 #else diff -Nru mariadb-11.8.6/sql/sql_db.cc mariadb-11.8.8/sql/sql_db.cc --- mariadb-11.8.6/sql/sql_db.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_db.cc 2026-05-24 09:58:32.000000000 +0000 @@ -100,7 +100,7 @@ cmp_db_names(const Lex_ident_db &db1_name, const Lex_ident_db &db2_name) { return (db1_name.length == 0 && db2_name.length == 0) || - db1_name.streq(db2_name); + db1_name.streq_safe(db2_name); } #ifdef HAVE_PSI_INTERFACE diff -Nru mariadb-11.8.6/sql/sql_debug.h mariadb-11.8.8/sql/sql_debug.h --- mariadb-11.8.6/sql/sql_debug.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_debug.h 2026-05-24 09:58:32.000000000 +0000 @@ -19,6 +19,9 @@ */ +/* + Used in mtr tests to check index flags and key part flags and datatypes. +*/ class Debug_key: public String { public: diff -Nru mariadb-11.8.6/sql/sql_derived.cc mariadb-11.8.8/sql/sql_derived.cc --- mariadb-11.8.6/sql/sql_derived.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_derived.cc 2026-05-24 09:58:32.000000000 +0000 @@ -925,6 +925,7 @@ if (derived->table && derived->table->s->tmp_table) free_tmp_table(thd, derived->table); delete derived->derived_result; + derived->derived_result= NULL; } } else diff -Nru mariadb-11.8.6/sql/sql_explain.cc mariadb-11.8.8/sql/sql_explain.cc --- mariadb-11.8.6/sql/sql_explain.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_explain.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1840,13 +1840,13 @@ /* Handled in full_scan_on_null_key */ break; case ET_FIRST_MATCH: - writer->add_member("first_match").add_str(firstmatch_table_name.c_ptr()); + writer->add_member("first_match").add_str(firstmatch_table_name); break; case ET_LOOSESCAN: writer->add_member("loose_scan").add_bool(true); break; case ET_USING_MRR: - writer->add_member("mrr_type").add_str(mrr_type.c_ptr()); + writer->add_member("mrr_type").add_str(mrr_type); break; case ET_USING_INDEX_FOR_GROUP_BY: writer->add_member("using_index_for_group_by"); @@ -2994,7 +2994,7 @@ writer->add_member("query_block").start_object(); writer->add_member("select_id").add_ll(1); writer->add_member("table").start_object(); - writer->add_member("table_name").add_str(table_name.c_ptr()); + writer->add_member("table_name").add_str(table_name); writer->end_object(); // table print_explain_json_for_children(query, writer, is_analyze); writer->end_object(); // query_block diff -Nru mariadb-11.8.6/sql/sql_insert.cc mariadb-11.8.8/sql/sql_insert.cc --- mariadb-11.8.6/sql/sql_insert.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_insert.cc 2026-05-24 09:58:32.000000000 +0000 @@ -988,7 +988,8 @@ #endif /* EMBEDDED_LIBRARY */ { if (prepare_for_replace(table, info.handle_duplicates, info.ignore)) - DBUG_RETURN(1); + goto abort; + /** This is a simple check for the case when the table has a trigger that reads from it, or when the statement invokes a stored function @@ -1455,14 +1456,14 @@ info.touched : info.updated); if (ignore) - sprintf(buff, ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, - (lock_type == TL_WRITE_DELAYED) ? (ulong) 0 : - (ulong) (info.records - info.copied), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(buff, sizeof(buff), ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, + (lock_type == TL_WRITE_DELAYED) ? (ulong) 0 : + (ulong) (info.records - info.copied), + (long) thd->get_stmt_da()->current_statement_warn_count()); else - sprintf(buff, ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, - (ulong) (info.deleted + updated), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(buff, sizeof(buff), ER_THD(thd, ER_INSERT_INFO), (ulong) info.records, + (ulong) (info.deleted + updated), + (long) thd->get_stmt_da()->current_statement_warn_count()); if (returning) result->send_eof(); else if (!(thd->in_sub_stmt & SUB_STMT_TRIGGER)) @@ -2322,14 +2323,13 @@ insert_id_for_cur_row= table->file->insert_id_for_cur_row= 0; ++*inserted; // Conforms the older behavior; - - if (use_triggers - && table->triggers->process_triggers(thd, TRG_EVENT_UPDATE, - TRG_ACTION_AFTER, true, - nullptr)) - return restore_on_error(); } + if (use_triggers && + table->triggers->process_triggers(thd, TRG_EVENT_UPDATE, + TRG_ACTION_AFTER, true, nullptr)) + return restore_on_error(); + /* Only update next_insert_id if the AUTO_INCREMENT value was explicitly updated, so we don't update next_insert_id with the value from the @@ -4592,7 +4592,7 @@ /* Don't convert the warning to error in case statistics updation fails */ Abort_on_warning_instant_set save_abort_on_warning(thd, false); - error= table->file->extra(HA_EXTRA_END_ALTER_COPY); + error= table->file->extra(HA_EXTRA_END_COPY); if (error == HA_ERR_FOUND_DUPP_KEY) { uint key_nr= table->file->get_dup_key(error); @@ -4738,7 +4738,7 @@ finalize_replace(table, info.handle_duplicates, info.ignore); table->file->extra(HA_EXTRA_NO_IGNORE_DUP_KEY); table->file->extra(HA_EXTRA_WRITE_CANNOT_REPLACE); - if (table->file->extra(HA_EXTRA_ABORT_ALTER_COPY) == HA_ERR_ROLLBACK) + if (table->file->extra(HA_EXTRA_ABORT_COPY) == HA_ERR_ROLLBACK) thd->transaction_rollback_request= true; /* If at least one row has been inserted/modified and will stay in @@ -5215,8 +5215,13 @@ !table->s->long_unique_table && !table->s->hlindexes()) { table->file->ha_start_bulk_insert((ha_rows) 0); - if (thd->lex->duplicates == DUP_ERROR && !thd->lex->ignore) - table->file->extra(HA_EXTRA_BEGIN_ALTER_COPY); + if (thd->lex->duplicates == DUP_ERROR) + { + static_assert(int{HA_EXTRA_BEGIN_ALTER_IGNORE_COPY} == + int{HA_EXTRA_BEGIN_COPY} + 1, ""); + table->file->extra(ha_extra_function(int{HA_EXTRA_BEGIN_COPY} + + thd->lex->ignore)); + } table->file->extra(HA_EXTRA_WRITE_CACHE); } thd->abort_on_warning= !info.ignore && thd->is_strict_mode(); diff -Nru mariadb-11.8.6/sql/sql_lex.cc mariadb-11.8.8/sql/sql_lex.cc --- mariadb-11.8.6/sql/sql_lex.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_lex.cc 2026-05-24 09:58:32.000000000 +0000 @@ -41,6 +41,7 @@ #ifdef WITH_WSREP #include "mysql/service_wsrep.h" #endif +#include "item_windowfunc.h" void LEX::parse_error(uint err_number) { @@ -1334,6 +1335,7 @@ wild= 0; exchange= 0; + clause_winfuncs.empty(); table_count_update= 0; needs_reprepare= false; @@ -3005,7 +3007,7 @@ into the front of the stranded_clean_list: before: root -> B -> A after: root -> this -> B -> A - During cleanup, the stranded units are cleaned in FIFO order. + During cleanup, the stranded units are cleaned in LIFO order (parent-first). */ void st_select_lex_unit::remember_my_cleanup() { @@ -3024,11 +3026,16 @@ void st_select_lex_unit::cleanup_stranded_units() { - if (!stranded_clean_list) - return; - - stranded_clean_list->cleanup(); + st_select_lex_unit *cur= stranded_clean_list; stranded_clean_list= nullptr; + + while (cur) + { + st_select_lex_unit *next= cur->stranded_clean_list; + cur->stranded_clean_list= nullptr; + cur->cleanup(); + cur= next; + } } @@ -3731,7 +3738,23 @@ if (!ref_pointer_array.is_null()) return false; - Item **array= thd->active_stmt_arena_to_use()->calloc(n_elems); + DBUG_EXECUTE_IF("assert_no_alloc_ref_array", { DBUG_ASSERT(0); }); + Query_arena *arena= thd->active_stmt_arena_to_use(); + +#ifdef PROTECT_STATEMENT_MEMROOT + const bool read_only_mem_root= !arena->is_conventional() && + (arena->mem_root->flags & ROOT_FLAG_READ_ONLY); + if (read_only_mem_root) + arena->mem_root->flags&= ~ROOT_FLAG_READ_ONLY; +#endif + + Item **array= arena->calloc(n_elems); + +#ifdef PROTECT_STATEMENT_MEMROOT + if (read_only_mem_root) + arena->mem_root->flags|= ROOT_FLAG_READ_ONLY; +#endif + if (likely(array != NULL)) ref_pointer_array= Ref_ptr_array(array, n_elems); return array == NULL; @@ -6476,6 +6499,7 @@ SELECT_LEX *dummy_select; SELECT_LEX_UNIT *unit; Table_ident *ti; + Item *sel_item; DBUG_ENTER("LEX::wrap_select_chain_into_derived"); if (!(dummy_select= alloc_select(TRUE))) @@ -6493,6 +6517,19 @@ DBUG_RETURN(NULL); /* add SELECT list*/ + if (sel->item_list.elements) + { + List_iterator li(sel->item_list); + while ((sel_item= li++)) + { + Item *item= new (thd->mem_root) Item_field(thd, context, sel_item->name); + if (item == NULL || + add_item_to_list(thd, item)) + goto err; + } + dummy_select->with_wild= sel->with_wild; + } + else { Item *item= new (thd->mem_root) Item_field(thd, context, star_clex_str); if (item == NULL) @@ -8674,6 +8711,12 @@ Item *LEX::create_item_func_nextval(THD *thd, Table_ident *table_ident) { TABLE_LIST *table; + if (clause_that_disallows_subselect) + { + my_error(ER_SUBQUERIES_NOT_SUPPORTED, MYF(0), + clause_that_disallows_subselect); + return NULL; + } if (unlikely(!(table= current_select->add_table_to_list(thd, table_ident, 0, TL_OPTION_SEQUENCE, TL_WRITE_ALLOW_WRITE, @@ -8687,6 +8730,12 @@ Item *LEX::create_item_func_lastval(THD *thd, Table_ident *table_ident) { TABLE_LIST *table; + if (clause_that_disallows_subselect) + { + my_error(ER_SUBQUERIES_NOT_SUPPORTED, MYF(0), + clause_that_disallows_subselect); + return NULL; + } if (unlikely(!(table= current_select->add_table_to_list(thd, table_ident, 0, TL_OPTION_SEQUENCE, TL_READ, @@ -8702,6 +8751,12 @@ const LEX_CSTRING *name) { Table_ident *table_ident; + if (clause_that_disallows_subselect) + { + my_error(ER_SUBQUERIES_NOT_SUPPORTED, MYF(0), + clause_that_disallows_subselect); + return NULL; + } if (unlikely(!(table_ident= new (thd->mem_root) Table_ident(thd, db, name, false)))) return NULL; @@ -8714,6 +8769,12 @@ const LEX_CSTRING *name) { Table_ident *table_ident; + if (clause_that_disallows_subselect) + { + my_error(ER_SUBQUERIES_NOT_SUPPORTED, MYF(0), + clause_that_disallows_subselect); + return NULL; + } if (unlikely(!(table_ident= new (thd->mem_root) Table_ident(thd, db, name, false)))) return NULL; @@ -8726,6 +8787,12 @@ bool is_used) { TABLE_LIST *table; + if (clause_that_disallows_subselect) + { + my_error(ER_SUBQUERIES_NOT_SUPPORTED, MYF(0), + clause_that_disallows_subselect); + return NULL; + } if (unlikely(!(table= current_select->add_table_to_list(thd, table_ident, 0, TL_OPTION_SEQUENCE, TL_WRITE_ALLOW_WRITE, @@ -9267,6 +9334,10 @@ /** Collect fields that are used in the GROUP BY of this SELECT + + @retval + true - no grouping fields or an error + false - collected group fields successfully */ bool st_select_lex::collect_grouping_fields(THD *thd) @@ -9286,7 +9357,7 @@ Field_pair *grouping_tmp_field= new Field_pair(((Item_field *)item->real_item())->field, item); if (grouping_tmp_fields.push_back(grouping_tmp_field, thd->mem_root)) - return false; + return true; } if (grouping_tmp_fields.elements) return false; @@ -11651,7 +11722,7 @@ */ Field_pair *get_corresponding_field_pair(Item *item, - List pair_list) + List &pair_list) { DBUG_ASSERT(item->type() == Item::DEFAULT_VALUE_ITEM || item->type() == Item::FIELD_ITEM || @@ -12789,6 +12860,37 @@ } +void st_select_lex::optimize_out_order_list() +{ + /* Cleanup first related window funcs */ + for (ORDER *ord= order_list.first; ord; ord= ord->next) + { + if (ord->window_funcs.is_empty()) + continue; + + List_iterator it_sl(window_funcs); + List_iterator it_ord(ord->window_funcs); + Item_window_func *wf_sl, *wf_ord; + while ((wf_sl= it_sl++)) + { + it_ord.rewind(); + while ((wf_ord= it_ord++)) + { + if (wf_ord == wf_sl) + { + it_sl.remove(); + it_ord.remove(); + break; + } + } + if (ord->window_funcs.is_empty()) + break; + } + } + order_list.empty(); +} + + /* Determines whether the derived table was eliminated during the call of eliminate_tables(JOIN *) made at the optimization stage diff -Nru mariadb-11.8.6/sql/sql_lex.h mariadb-11.8.8/sql/sql_lex.h --- mariadb-11.8.6/sql/sql_lex.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_lex.h 2026-05-24 09:58:32.000000000 +0000 @@ -961,8 +961,8 @@ }; Field_pair *get_corresponding_field_pair(Item *item, - List pair_list); -Field_pair *find_matching_field_pair(Item *item, List pair_list); + List &pair_list); +Field_pair *find_matching_field_pair(Item *item, List & pair_list); #define TOUCHED_SEL_COND 1/* WHERE/HAVING/ON should be reinited before use */ @@ -1514,7 +1514,7 @@ SQL_I_List win_order_list, Window_frame *win_frame); List window_funcs; - bool add_window_func(Item_window_func *win_func); + bool add_window_func(THD *thd, Item_window_func *win_func); bool have_window_funcs() const { return (window_funcs.elements !=0); } ORDER *find_common_window_func_partition_fields(THD *thd); @@ -1579,6 +1579,7 @@ const LEX_CSTRING *db_name, const LEX_CSTRING *table_name); bool optimize_constant_subqueries(); + void optimize_out_order_list(); }; typedef class st_select_lex SELECT_LEX; @@ -3400,6 +3401,8 @@ not support subqueries which comes standard with this rule, like KILL, HA_READ, CREATE/ALTER EVENT etc. Set this to a non-NULL clause name to get an error. + + Note: see also table_or_sp_used(). */ const char *clause_that_disallows_subselect; @@ -3567,6 +3570,7 @@ Window_frame_bound *frame_top_bound; Window_frame_bound *frame_bottom_bound; Window_spec *win_spec; + List clause_winfuncs; Item *upd_del_where; @@ -4702,7 +4706,7 @@ Table_period_info &info= create_info.period_info; - if (check_exists && info.name.streq(name)) + if (check_exists && info.name.streq_safe(name)) return 0; if (info.is_set()) diff -Nru mariadb-11.8.6/sql/sql_load.cc mariadb-11.8.8/sql/sql_load.cc --- mariadb-11.8.6/sql/sql_load.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_load.cc 2026-05-24 09:58:32.000000000 +0000 @@ -796,10 +796,10 @@ error= -1; // Error on read goto err; } - sprintf(name, ER_THD(thd, ER_LOAD_INFO), - (ulong) info.records, (ulong) info.deleted, - (ulong) (info.records - info.copied), - (long) thd->get_stmt_da()->current_statement_warn_count()); + snprintf(name, sizeof(name), ER_THD(thd, ER_LOAD_INFO), + (ulong) info.records, (ulong) info.deleted, + (ulong) (info.records - info.copied), + (long) thd->get_stmt_da()->current_statement_warn_count()); if (thd->transaction->stmt.modified_non_trans_table) thd->transaction->all.modified_non_trans_table= TRUE; diff -Nru mariadb-11.8.6/sql/sql_parse.cc mariadb-11.8.8/sql/sql_parse.cc --- mariadb-11.8.6/sql/sql_parse.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_parse.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1598,8 +1598,10 @@ 1 request of thread shutdown, i. e. if command is COM_QUIT/COM_SHUTDOWN */ -dispatch_command_return dispatch_command(enum enum_server_command command, THD *thd, - char* packet, uint packet_length, bool blocking) +dispatch_command_return dispatch_command(enum enum_server_command command, + THD *thd, + char* packet, uint packet_length, + bool blocking) { NET *net= &thd->net; bool error= 0; @@ -2537,6 +2539,11 @@ /* Check that some variables are reset properly */ DBUG_ASSERT(thd->abort_on_warning == 0); thd->lex->restore_set_statement_var(); + /* + Reset limit_rows_examined_cnt as it may be used by general_log_write() + before next lex::start() call. + */ + thd->lex->limit_rows_examined_cnt= ULONGLONG_MAX; DBUG_RETURN(error?DISPATCH_COMMAND_CLOSE_CONNECTION: DISPATCH_COMMAND_SUCCESS); } @@ -3995,15 +4002,13 @@ lex->exchange != NULL implies SELECT .. INTO OUTFILE and this requires FILE_ACL access. */ - privilege_t privileges_requested= lex->exchange ? SELECT_ACL | FILE_ACL : - SELECT_ACL; + if (lex->exchange && (res= check_global_access(thd, FILE_ACL, false))) + break; if (all_tables) - res= check_table_access(thd, - privileges_requested, - all_tables, FALSE, UINT_MAX, FALSE); + res= check_table_access(thd, SELECT_ACL, all_tables, 0, UINT_MAX, 0); else - res= check_access(thd, privileges_requested, any_db.str, NULL,NULL,0,0); + res= check_access(thd, SELECT_ACL, any_db.str, NULL,NULL, 0, 0); if (!res) res= execute_sqlcom_select(thd, all_tables); @@ -5174,6 +5179,8 @@ res= show_create_db(thd, lex); break; case SQLCOM_SHOW_CREATE_SERVER: + if (check_global_access(thd, PRIV_STMT_SHOW_CREATE_SERVER)) + break; WSREP_SYNC_WAIT(thd, WSREP_SYNC_WAIT_BEFORE_SHOW); res= mysql_show_create_server(thd, &lex->name); break; @@ -8054,7 +8061,12 @@ order->direction= (asc ? ORDER::ORDER_ASC : ORDER::ORDER_DESC); order->used=0; order->counter_used= 0; - order->fast_field_copier_setup= 0; + order->fast_field_copier_setup= 0; + if (thd->lex->clause_winfuncs.is_empty()) + order->window_funcs.empty(); + else if (order->window_funcs.copy(&thd->lex->clause_winfuncs, thd->mem_root)) + DBUG_RETURN(1); + order->in_field_list= false; list.insert(order, &order->next); DBUG_RETURN(0); } @@ -8248,6 +8260,8 @@ MDL_REQUEST_INIT(&ptr->mdl_request, MDL_key::TABLE, ptr->db.str, ptr->table_name.str, mdl_type, MDL_TRANSACTION); } + else + ptr->mdl_request.type= MDL_NOT_INITIALIZED; DBUG_RETURN(ptr); } diff -Nru mariadb-11.8.6/sql/sql_partition.cc mariadb-11.8.8/sql/sql_partition.cc --- mariadb-11.8.6/sql/sql_partition.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_partition.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4256,7 +4256,6 @@ { partition_info *part_info= table->part_info; uint num_parts= part_info->get_tot_partitions(); - uint i, part_id; uint sub_part= num_parts; uint32 part_part= num_parts; KEY *key_info= NULL; @@ -4404,9 +4403,11 @@ part_spec->start_part= sub_part; part_spec->end_part=sub_part+ (part_info->num_subparts*(part_info->num_parts-1)); - for (i= 0, part_id= sub_part; i < part_info->num_parts; +#if 0 // FIXME: empty loop! + for (uint i= 0; part_id= sub_part; i < part_info->num_parts; i++, part_id+= part_info->num_subparts) ; //Set bit part_id in bit array +#endif } } if (found_part_field) diff -Nru mariadb-11.8.6/sql/sql_plugin.cc mariadb-11.8.8/sql/sql_plugin.cc --- mariadb-11.8.6/sql/sql_plugin.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_plugin.cc 2026-05-24 09:58:32.000000000 +0000 @@ -545,7 +545,9 @@ /* Determine interface version */ if (!sym) { - my_error(ER_CANT_FIND_DL_ENTRY, MyFlags, plugin_interface_version_sym, dlpath); + if (!opt_silent_startup) + my_error(ER_CANT_FIND_DL_ENTRY, MyFlags, plugin_interface_version_sym, + dlpath); DBUG_RETURN(TRUE); } plugin_dl->mariaversion= 0; @@ -664,8 +666,9 @@ Actually this branch impossible because in case of absence of maria version we try mysql version. */ - my_error(ER_CANT_FIND_DL_ENTRY, MyFlags, - maria_plugin_interface_version_sym, dlpath); + if (!opt_silent_startup) + my_error(ER_CANT_FIND_DL_ENTRY, MyFlags, + maria_plugin_interface_version_sym, dlpath); DBUG_RETURN(TRUE); } plugin_dl->mariaversion= *(int *)sym; @@ -779,7 +782,9 @@ /* Open new dll handle */ if (!(plugin_dl.handle= dlopen(dlpath, RTLD_NOW))) { - my_error(ER_CANT_OPEN_LIBRARY, MyFlags, dlpath, errno, my_dlerror(dlpath)); + if (!opt_silent_startup) + my_error(ER_CANT_OPEN_LIBRARY, MyFlags, dlpath, errno, + my_dlerror(dlpath)); goto ret; } dlopen_count++; @@ -822,7 +827,8 @@ my_snprintf(buf, sizeof(buf), "service '%s' interface version mismatch", list_of_services[i].name); - my_error(ER_CANT_OPEN_LIBRARY, MyFlags, dlpath, ENOEXEC, buf); + if (!opt_silent_startup) + my_error(ER_CANT_OPEN_LIBRARY, MyFlags, dlpath, ENOEXEC, buf); goto ret; } tmp_backup[plugin_dl.nbackups++].save(ptr); @@ -1113,7 +1119,7 @@ Requires that a write-lock is held on LOCK_system_variables_hash */ static enum install_status plugin_add(MEM_ROOT *tmp_root, bool if_not_exists, - const LEX_CSTRING *name, LEX_CSTRING *dl, myf MyFlags) + const LEX_CSTRING *name, LEX_CSTRING *dl, myf MyFlags) { struct st_plugin_int tmp, *maybe_dupe; struct st_maria_plugin *plugin; @@ -1153,7 +1159,7 @@ if (!name->str && (maybe_dupe= plugin_find_internal(&tmp.name, MYSQL_ANY_PLUGIN))) { - if (plugin->name != maybe_dupe->plugin->name) + if (plugin->name != maybe_dupe->plugin->name && !opt_silent_startup) { my_error(ER_UDF_EXISTS, MyFlags, plugin->name); DBUG_RETURN(INSTALL_FAIL_NOT_OK); @@ -1190,10 +1196,11 @@ } else if (plugin_maturity_map[plugin->maturity] < SERVER_MATURITY_LEVEL) { - sql_print_warning("Plugin '%s' is of maturity level %s while the server is %s", - tmp.name.str, - plugin_maturity_names[plugin->maturity], - plugin_maturity_names[SERVER_MATURITY_LEVEL]); + if (!opt_silent_startup) + sql_print_warning("Plugin '%s' is of maturity level %s while the server is %s", + tmp.name.str, + plugin_maturity_names[plugin->maturity], + plugin_maturity_names[SERVER_MATURITY_LEVEL]); } tmp.plugin= plugin; @@ -1800,7 +1807,8 @@ } /* load and init plugins from the plugin table (unless done already) */ - if (flags & PLUGIN_INIT_SKIP_PLUGIN_TABLE) + if (flags & PLUGIN_INIT_SKIP_PLUGIN_TABLE || + plugin_table_engine_name.length == 0) break; mysql_mutex_unlock(&LOCK_plugin); @@ -1910,14 +1918,10 @@ if (result) { DBUG_PRINT("error",("Can't open plugin table")); - if (!opt_help) + if (!opt_silent_startup) sql_print_error("Could not open mysql.plugin table: \"%s\". " "Some plugins may be not loaded", new_thd->get_stmt_da()->message()); - else - sql_print_warning("Could not open mysql.plugin table: \"%s\". " - "Some options may be missing from the help text", - new_thd->get_stmt_da()->message()); goto end; } @@ -2003,8 +2007,10 @@ { char buffer[FN_REFLEN]; LEX_CSTRING name= {buffer, 0}, dl= {NULL, 0}, *str= &name; + bool got_error= 0; char *p= buffer; DBUG_ENTER("plugin_load_list"); + while (list) { if (p == buffer + sizeof(buffer) - 1) @@ -2018,9 +2024,7 @@ list= NULL; /* terminate the loop */ /* fall through */ case ';': -#ifndef _WIN32 - case ':': /* can't use this as delimiter as it may be drive letter */ -#endif + case ':': p[-1]= 0; if (str == &name) // load all plugins in named module { @@ -2065,16 +2069,23 @@ str->length++; continue; } - } - DBUG_RETURN(FALSE); + error: - mysql_mutex_unlock(&LOCK_plugin); - if (name.str) - sql_print_error("Couldn't load plugin '%s' from '%s'.", - name.str, dl.str); - else - sql_print_error("Couldn't load plugins from '%s'.", dl.str); - DBUG_RETURN(TRUE); + got_error= 1; + mysql_mutex_unlock(&LOCK_plugin); + if (!opt_silent_startup) + { + if (name.str) + sql_print_error("Couldn't load plugin '%s' from '%s'.", + name.str, dl.str); + else + sql_print_error("Couldn't load plugins from '%s'.", dl.str); + } + name.length= dl.length= 0; + dl.str= NULL; name.str= p= buffer; + str= &name; + } // Continue with next plugin + DBUG_RETURN(got_error); } @@ -2963,14 +2974,15 @@ ****************************************************************************/ sys_var *find_sys_var(THD *thd, const char *str, size_t length, - bool throw_error) + bool throw_error, bool hash_already_locked) { sys_var *var; sys_var_pluginvar *pi; DBUG_ENTER("find_sys_var"); DBUG_PRINT("enter", ("var '%.*s'", (int)length, str)); - mysql_prlock_rdlock(&LOCK_system_variables_hash); + if (!hash_already_locked) + mysql_prlock_rdlock(&LOCK_system_variables_hash); if ((var= intern_find_sys_var(str, length)) && (pi= var->cast_pluginvar())) { @@ -2980,7 +2992,8 @@ var= NULL; /* failed to lock it, it must be uninstalling */ mysql_mutex_unlock(&LOCK_plugin); } - mysql_prlock_unlock(&LOCK_system_variables_hash); + if (!hash_already_locked) + mysql_prlock_unlock(&LOCK_system_variables_hash); if (unlikely(!throw_error && !var)) my_error(ER_UNKNOWN_SYSTEM_VARIABLE, MYF(0), @@ -3857,7 +3870,7 @@ char *comment= static_cast(alloc_root(mem_root, max_comment_len + 1)); char *optname; - int index= 0, UNINIT_VAR(offset); + int UNINIT_VAR(offset); st_mysql_sys_var *opt, **plugin_option; st_bookmark *v; @@ -3910,7 +3923,7 @@ */ for (plugin_option= tmp->plugin->system_vars; - plugin_option && *plugin_option; plugin_option++, index++) + plugin_option && *plugin_option; plugin_option++) { opt= *plugin_option; @@ -3967,7 +3980,7 @@ } for (plugin_option= tmp->plugin->system_vars; - plugin_option && *plugin_option; plugin_option++, index++) + plugin_option && *plugin_option; plugin_option++) { switch ((opt= *plugin_option)->flags & PLUGIN_VAR_TYPEMASK) { case PLUGIN_VAR_BOOL: @@ -4059,12 +4072,13 @@ if (opt->flags & PLUGIN_VAR_NOCMDOPT) { - char *val= global_system_variables.dynamic_variables_ptr + offset; + char **val= (char**)(global_system_variables.dynamic_variables_ptr + offset); if (((opt->flags & PLUGIN_VAR_TYPEMASK) == PLUGIN_VAR_STR) && (opt->flags & PLUGIN_VAR_MEMALLOC)) { char *def_val= *(char**)var_def_ptr(opt); - *(char**)val= def_val ? my_strdup(PSI_INSTRUMENT_ME, def_val, MYF(0)) : NULL; + my_free(*val); + *val= def_val ? my_strdup(PSI_INSTRUMENT_ME, def_val, MYF(0)) : NULL; } else memcpy(val, var_def_ptr(opt), var_storage_size(opt->flags)); @@ -4200,9 +4214,14 @@ struct st_bookmark *var; size_t len=0, count= EXTRA_OPTIONS; st_ptr_backup *tmp_backup= 0; + const char *plugin_name= tmp->plugin->name; + size_t plugin_name_len= strlen(plugin_name); DBUG_ENTER("test_plugin_options"); DBUG_ASSERT(tmp->plugin && tmp->name.str); + char *plugin_name_ptr= static_cast(alloc_root(mem_root, plugin_name_len + 1)); + safe_strcpy(plugin_name_ptr, plugin_name_len + 1, plugin_name); + my_casedn_str_latin1(plugin_name_ptr); if (tmp->plugin->system_vars || (*argc > 1)) { for (opt= tmp->plugin->system_vars; opt && *opt; opt++) @@ -4238,7 +4257,7 @@ sys_var *v; tmp_backup[tmp->nbackups++].save(&o->name); - if ((var= find_bookmark(tmp->name.str, o->name, o->flags))) + if ((var= find_bookmark(plugin_name_ptr, o->name, o->flags))) { varname= var->key + 1; var->loaded= TRUE; diff -Nru mariadb-11.8.6/sql/sql_prepare.cc mariadb-11.8.8/sql/sql_prepare.cc --- mariadb-11.8.6/sql/sql_prepare.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_prepare.cc 2026-05-24 09:58:32.000000000 +0000 @@ -414,38 +414,46 @@ static ulong get_param_length(uchar **packet, ulong len) { uchar *pos= *packet; + ulong length; + if (len < 1) return 0; if (*pos < 251) { (*packet)++; - return (ulong) *pos; + length= *pos; } - if (len < 3) - return 0; - if (*pos == 252) + else if (*pos == 252) { + if (len < 3) + return 0; (*packet)+=3; - return (ulong) uint2korr(pos+1); + length= uint2korr(pos+1); } - if (len < 4) - return 0; - if (*pos == 253) + else if (*pos == 253) { + if (len < 4) + return 0; (*packet)+=4; - return (ulong) uint3korr(pos+1); + length= uint3korr(pos+1); + } + else + { + if (len < 9) + return 0; + (*packet)+=9; // Must be 254 when here + /* + In our client-server protocol all numbers bigger than 2^24 + stored as 8 bytes with uint8korr. Here we always know that + parameter length is less than 2^32 so don't look at the second + 4 bytes. But still we need to obey the protocol hence 9 in the + assignment above. + */ + length= uint4korr(pos+1); } - if (len < 5) + if (pos + len < *packet + length) return 0; - (*packet)+=9; // Must be 254 when here - /* - In our client-server protocol all numbers bigger than 2^24 - stored as 8 bytes with uint8korr. Here we always know that - parameter length is less than 2^4 so don't look at the second - 4 bytes. But still we need to obey the protocol hence 9 in the - assignment above. - */ - return (ulong) uint4korr(pos+1); + return length; } #else #define get_param_length(packet, len) len @@ -660,7 +668,12 @@ */ void Item_param::set_param_time(uchar **pos, ulong len) { - MYSQL_TIME tm= *((MYSQL_TIME*)*pos); + MYSQL_TIME tm; + if (len >= sizeof (MYSQL_TIME)) + tm= *((MYSQL_TIME*)*pos); + else + set_zero_time(&tm, MYSQL_TIMESTAMP_TIME); + tm.hour+= tm.day * 24; tm.day= tm.year= tm.month= 0; if (tm.hour > 838) @@ -675,15 +688,23 @@ void Item_param::set_param_datetime(uchar **pos, ulong len) { - MYSQL_TIME tm= *((MYSQL_TIME*)*pos); + MYSQL_TIME tm; + if (len >= sizeof (MYSQL_TIME)) + tm= *((MYSQL_TIME*)*pos); + else + set_zero_time(&tm, MYSQL_TIMESTAMP_DATETIME); tm.neg= 0; set_time(&tm, MYSQL_TIMESTAMP_DATETIME, MAX_DATETIME_WIDTH); } void Item_param::set_param_date(uchar **pos, ulong len) { - MYSQL_TIME *to= (MYSQL_TIME*)*pos; - set_time(to, MYSQL_TIMESTAMP_DATE, MAX_DATE_WIDTH); + MYSQL_TIME tm; + if (len >= sizeof (MYSQL_TIME)) + tm= *((MYSQL_TIME*)*pos); + else + set_zero_time(&tm, MYSQL_TIMESTAMP_DATE); + set_time(&tm, MYSQL_TIMESTAMP_DATE, MAX_DATE_WIDTH); } #endif /*!EMBEDDED_LIBRARY*/ @@ -695,8 +716,6 @@ set_null(); else { - if (length > len) - length= len; /* We use &my_charset_bin here. Conversion and setting real character sets will be done in Item_param::convert_str_value(), after the @@ -1450,13 +1469,15 @@ lex->first_select_lex()->context.resolve_in_select_list= TRUE; - privilege_t privilege(lex->exchange ? SELECT_ACL | FILE_ACL : SELECT_ACL); + if (lex->exchange && check_global_access(thd, FILE_ACL, false)) + goto error; + if (tables) { - if (check_table_access(thd, privilege, tables, FALSE, UINT_MAX, FALSE)) + if (check_table_access(thd, SELECT_ACL, tables, FALSE, UINT_MAX, FALSE)) goto error; } - else if (check_access(thd, privilege, any_db.str, NULL, NULL, 0, 0)) + else if (check_access(thd, SELECT_ACL, any_db.str, NULL, NULL, 0, 0)) goto error; if (!lex->result && !(lex->result= new (stmt->mem_root) select_send(thd))) @@ -3699,8 +3720,9 @@ /* Error will be sent in execute call */ stmt->state= Query_arena::STMT_ERROR; stmt->last_errno= ER_WRONG_ARGUMENTS; - sprintf(stmt->last_error, ER_THD(thd, ER_WRONG_ARGUMENTS), - "mysqld_stmt_send_long_data"); + snprintf(stmt->last_error, sizeof(stmt->last_error), + ER_THD(thd, ER_WRONG_ARGUMENTS), + "mysqld_stmt_send_long_data"); DBUG_VOID_RETURN; } #endif diff -Nru mariadb-11.8.6/sql/sql_profile.cc mariadb-11.8.8/sql/sql_profile.cc --- mariadb-11.8.6/sql/sql_profile.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_profile.cc 2026-05-24 09:58:32.000000000 +0000 @@ -471,7 +471,6 @@ { DBUG_ENTER("PROFILING::fill_statistics_info"); TABLE *table= tables->table; - ulonglong row_number= 0; QUERY_PROFILE *query; /* Go through each query in this thread's stored history... */ @@ -495,7 +494,7 @@ for (entry_iterator= query->entries.new_iterator(); entry_iterator != NULL; entry_iterator= query->entries.iterator_next(entry_iterator), - previous=entry, row_number++) + previous=entry) { entry= query->entries.iterator_value(entry_iterator); seq= entry->m_seq; diff -Nru mariadb-11.8.6/sql/sql_repl.cc mariadb-11.8.8/sql/sql_repl.cc --- mariadb-11.8.6/sql/sql_repl.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_repl.cc 2026-05-24 09:58:32.000000000 +0000 @@ -449,7 +449,7 @@ ha_checksum crc; crc= my_checksum(0, (uchar *)packet->ptr() + ev_offset, data_len - BINLOG_CHECKSUM_LEN); - int4store(packet->ptr() + ev_offset + data_len - BINLOG_CHECKSUM_LEN, crc); + int4store(const_cast(packet->ptr() + ev_offset + data_len - BINLOG_CHECKSUM_LEN), crc); } @@ -4138,7 +4138,8 @@ lex_mi->log_file_name || lex_mi->pos || lex_mi->relay_log_name || lex_mi->relay_log_pos) { - if (lex_mi->use_gtid_opt != LEX_MASTER_INFO::LEX_GTID_NO) + if (lex_mi->use_gtid_opt != LEX_MASTER_INFO::LEX_GTID_NO && + mi->using_gtid != Master_info::USE_GTID_NO) { push_warning_printf( thd, Sql_condition::WARN_LEVEL_NOTE, WARN_OPTION_CHANGING, diff -Nru mariadb-11.8.6/sql/sql_select.cc mariadb-11.8.8/sql/sql_select.cc --- mariadb-11.8.6/sql/sql_select.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_select.cc 2026-05-24 09:58:32.000000000 +0000 @@ -662,7 +662,7 @@ ER_QUERY_RESULT_INCOMPLETE, ER_THD(thd, ER_QUERY_RESULT_INCOMPLETE), "LIMIT ROWS EXAMINED", - thd->lex->limit_rows_examined->val_uint()); + thd->lex->limit_rows_examined_cnt); thd->abort_on_warning= saved_abort_on_warning; thd->reset_killed(); } @@ -1174,7 +1174,7 @@ if (!table->table) continue; vers_select_conds_t &conds= table->period_conditions; - if (!table->table->s->period.name.streq(conds.name)) + if (!table->table->s->period.name.streq_safe(conds.name)) { my_error(ER_PERIOD_NOT_FOUND, MYF(0), conds.name.str); if (arena) @@ -7644,7 +7644,7 @@ { uint and_level,i; KEY_FIELD *key_fields, *end, *field; - uint sz; + size_t sz; uint m= MY_MAX(select_lex->max_equal_elems,1); DBUG_ENTER("update_ref_and_keys"); DBUG_PRINT("enter", ("normal_tables: %llx", normal_tables)); @@ -14324,15 +14324,9 @@ { Json_writer_object trace_const_cond(thd); trace_const_cond.add("condition_on_constant_tables", const_cond); - if (const_cond->is_expensive()) - { - if (unlikely(trace_const_cond.trace_started())) - trace_const_cond. - add("evalualted", "false"). - add("cause", "expensive cond"); - } - else + if (const_cond->can_eval_in_optimize()) { + bool const_cond_result; { Json_writer_array a(thd, "computing_condition"); @@ -14349,6 +14343,11 @@ DBUG_RETURN(1); } } + else + { + trace_const_cond.add("evaluated", "false") + .add("cause", "expensive cond"); + } join->exec_const_cond= const_cond; } @@ -21895,13 +21894,14 @@ m_temp_pool_slot = temp_pool_set_next(); if (m_temp_pool_slot != MY_BIT_NONE) // we got a slot - sprintf(path, "%s-%s-%lx-%i", tmp_file_prefix, param->tmp_name, - current_pid, m_temp_pool_slot); + snprintf(path, sizeof(path), "%s-%s-%lx-%i", tmp_file_prefix, param->tmp_name, + current_pid, m_temp_pool_slot); else { /* if we run out of slots or we are not using tempool */ - sprintf(path, "%s-%s-%lx-%llx-%x", tmp_file_prefix, param->tmp_name, - current_pid, thd->thread_id, thd->tmp_table++); + snprintf(path, sizeof(path), "%s-%s-%lx-%llx-%x", + tmp_file_prefix, param->tmp_name, + current_pid, thd->thread_id, thd->tmp_table++); } /* @@ -22439,7 +22439,7 @@ /* Get the value from default_values */ if (orig_field->is_null_in_record(orig_field->table->s->default_values)) field->set_null(); - else + else if (orig_field->default_value == NULL) { /* Copy default value. We have to use field_conv() for copy, instead of diff -Nru mariadb-11.8.6/sql/sql_sequence.cc mariadb-11.8.8/sql/sql_sequence.cc --- mariadb-11.8.6/sql/sql_sequence.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_sequence.cc 2026-05-24 09:58:32.000000000 +0000 @@ -884,14 +884,14 @@ save_write_set= table->write_set; save_read_set= table->read_set; table->read_set= table->write_set= &table->s->all_set; - table->file->column_bitmaps_signal(); + table->file->column_bitmaps_signal(false); store_fields(table); if (unlikely((error= table->file->ha_write_row(table->record[0])))) table->file->print_error(error, MYF(0)); table->rpl_write_set= save_rpl_write_set; table->read_set= save_read_set; table->write_set= save_write_set; - table->file->column_bitmaps_signal(); + table->file->column_bitmaps_signal(false); return error; } diff -Nru mariadb-11.8.6/sql/sql_servers.cc mariadb-11.8.8/sql/sql_servers.cc --- mariadb-11.8.6/sql/sql_servers.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_servers.cc 2026-05-24 09:58:32.000000000 +0000 @@ -370,8 +370,8 @@ if an error condition has been raised. */ if (thd->get_stmt_da()->is_error()) - sql_print_error("Can't open and lock privilege tables: %s", - thd->get_stmt_da()->message()); + sql_print_warning("Can't open and lock privilege tables: %s", + thd->get_stmt_da()->message()); return_val= FALSE; goto end; } diff -Nru mariadb-11.8.6/sql/sql_show.cc mariadb-11.8.8/sql/sql_show.cc --- mariadb-11.8.6/sql/sql_show.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_show.cc 2026-05-24 09:58:32.000000000 +0000 @@ -85,6 +85,12 @@ extern Native_func_registry_array native_func_registry_array; +/* + This is needed for gcc 15.1.1 as it also count static structures in + the limits +*/ +PRAGMA_DISABLE_CHECK_STACK_FRAME; + enum enum_i_s_events_fields { ISE_EVENT_CATALOG= 0, @@ -2586,7 +2592,7 @@ { Virtual_column_info *check= table->check_constraints[i]; // period constraint is implicit - if (share->period.constr_name.streq(check->name)) + if (share->period.constr_name.streq_safe(check->name)) continue; str.set_buffer_if_not_allocated(&my_charset_utf8mb4_general_ci); @@ -2906,6 +2912,39 @@ } +/* + Check if user can see a THD in "show processlist" or in I_S.processlist. + + Non-privileged users can see own foreground THDs and also event worker + threads that run in user's security context. + + Privileged users can see all THDs. + + @param user - user name or NULL for privileged users. + @param thd - THD + + @retval true - THD visible in processlist + @retval false - THD not visible in processlist +*/ +static bool thd_visible_in_processlist(const char *user, THD *thd) +{ + if (!thd->vio_ok() && !thd->system_thread) + return false; // "something bad happened" thread, don't show it + + if (!user) + return true; // privileged user can see all threads + + const char *thd_user= thd->security_ctx->user; + if (!thd_user) + return false; // dunno if this ever happens, safety first + + bool user_or_event_worker_thread= + !thd->system_thread || thd->system_thread & SYSTEM_THREAD_EVENT_WORKER; + + return user_or_event_worker_thread && !strcmp(thd_user, user); +} + + struct list_callback_arg { list_callback_arg(const char *u, THD *t, ulong m): @@ -2922,9 +2961,7 @@ Security_context *tmp_sctx= tmp->security_ctx; bool got_thd_data; - if ((tmp->vio_ok() || tmp->system_thread) && - (!arg->user || (!tmp->system_thread && - tmp_sctx->user && !strcmp(tmp_sctx->user, arg->user)))) + if (thd_visible_in_processlist(arg->user, tmp)) { thread_info *thd_info= new (arg->thd->mem_root) thread_info; @@ -3431,9 +3468,7 @@ arg->thd->security_ctx->master_access & PRIV_STMT_SHOW_PROCESSLIST ? NullS : arg->thd->security_ctx->priv_user; - if ((!tmp->vio_ok() && !tmp->system_thread) || - (user && (tmp->system_thread || !tmp_sctx->user || - strcmp(tmp_sctx->user, user)))) + if (!thd_visible_in_processlist(user, tmp)) return 0; restore_record(arg->table, s->default_values); @@ -6043,6 +6078,17 @@ goto err; } + if (show_table->s->hlindexes()) + { + // make sure hlindex is opened + if (show_table->hlindex || !show_table->hlindex_open(show_table->s->keys)) + { + handler *hi= show_table->hlindex->file; + if (!hi->info(HA_STATUS_VARIABLE)) + file->stats.index_file_length+= hi->stats.data_file_length; + } + } + enum row_type row_type = file->get_row_type(); switch (row_type) { case ROW_TYPE_NOT_USED: diff -Nru mariadb-11.8.6/sql/sql_statistics.h mariadb-11.8.8/sql/sql_statistics.h --- mariadb-11.8.6/sql/sql_statistics.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_statistics.h 2026-05-24 09:58:32.000000000 +0000 @@ -324,7 +324,7 @@ ((uint8 *) values)[i]= (uint8) (val * prec_factor()); return; case DOUBLE_PREC_HB: - int2store(values + i * 2, val * prec_factor()); + int2store(values + i * 2, (uint16)(val * prec_factor())); return; default: DBUG_ASSERT(0); diff -Nru mariadb-11.8.6/sql/sql_table.cc mariadb-11.8.8/sql/sql_table.cc --- mariadb-11.8.6/sql/sql_table.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_table.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4072,7 +4072,7 @@ key->type != Key::FOREIGN_KEY) continue; - if (check->name.streq(key->name)) + if (check->name.streq_safe(key->name)) { my_error(ER_DUP_CONSTRAINT_NAME, MYF(0), "CHECK", check->name.str); DBUG_RETURN(TRUE); @@ -6441,7 +6441,7 @@ } else if (drop->type == Alter_drop::PERIOD) { - if (table->s->period.name.streq(Lex_ident(drop->name))) + if (table->s->period.name.streq_safe(Lex_ident(drop->name))) remove_drop= FALSE; } else /* Alter_drop::KEY and Alter_drop::FOREIGN_KEY */ @@ -6752,7 +6752,7 @@ c < share->table_check_constraints ; c++) { Virtual_column_info *dup= table->check_constraints[c]; - if (check->name.streq(dup->name)) + if (check->name.streq_safe(dup->name)) { push_warning_printf(thd, Sql_condition::WARN_LEVEL_NOTE, ER_DUP_CONSTRAINT_NAME, ER_THD(thd, ER_DUP_CONSTRAINT_NAME), @@ -7352,7 +7352,7 @@ new_key < new_key_end; new_key++) { - if (table_key->name.streq(new_key->name)) + if (!cmp(&table_key->name, &new_key->name)) break; } if (new_key >= new_key_end) @@ -7402,7 +7402,7 @@ /* Search an old key with the same name. */ for (table_key= table->key_info; table_key < table_key_end; table_key++) { - if (table_key->name.streq(new_key->name)) + if (!cmp(&table_key->name, &new_key->name)) break; } if (table_key >= table_key_end) @@ -7434,7 +7434,7 @@ continue; } - DBUG_ASSERT(!old_key->name.streq(new_key->name)); + DBUG_ASSERT(cmp(&old_key->name, &new_key->name)); ha_alter_info->handler_flags|= ALTER_RENAME_INDEX; ha_alter_info->rename_keys.push_back( @@ -7720,7 +7720,7 @@ /* Search a key with the same name. */ for (new_key= key_info_buffer; new_key < new_key_end; new_key++) { - if (table_key->name.streq(new_key->name)) + if (!cmp(&table_key->name, &new_key->name)) break; } if (new_key >= new_key_end) @@ -7760,7 +7760,7 @@ /* Search a key with the same name. */ for (table_key= table->s->key_info; table_key < table_key_end; table_key++) { - if (table_key->name.streq(new_key->name)) + if (!cmp(&table_key->name, &new_key->name)) break; } if (table_key >= table_key_end) @@ -9477,7 +9477,7 @@ } } - if (share->period.constr_name.streq(check->name)) + if (share->period.constr_name.streq_safe(check->name)) { if (!drop_period && !keep) { @@ -9561,6 +9561,7 @@ { Alter_drop *drop; drop_it.rewind(); + List dropped_fk; while ((drop=drop_it++)) { switch (drop->type) { case Alter_drop::KEY: @@ -9589,7 +9590,14 @@ while (FOREIGN_KEY_INFO *f_key= fk_key_it++) { if (Lex_ident_column(*f_key->foreign_id).streq(drop->name)) + { + List_iterator check_it(dropped_fk); + while (LEX_CSTRING *dropped_name = check_it++) + if (Lex_ident_column(*f_key->foreign_id).streq(*dropped_name)) + goto fk_not_found; + dropped_fk.push_back(f_key->foreign_id); goto fk_found; + } } goto fk_not_found; fk_found: @@ -9881,6 +9889,7 @@ when a foreign key has the same table as child and parent. */ List_iterator fk_parent_key_it(fk_parent_key_list); + List keys_to_remove; while ((f_key= fk_parent_key_it++)) { @@ -9900,10 +9909,31 @@ drop->name.streq(*f_key->foreign_id) && table->s->db.streq(*f_key->foreign_db) && table->s->table_name.streq(*f_key->foreign_table)) - fk_parent_key_it.remove(); + { + keys_to_remove.push_back(f_key); + break; + } } } + IF_DBUG(uint removed= 0,); + /* Remove the identified keys */ + List_iterator remove_it(keys_to_remove); + while ((f_key = remove_it++)) + { + fk_parent_key_it.rewind(); + while (FOREIGN_KEY_INFO *fk= fk_parent_key_it++) + { + if (fk == f_key) + { + fk_parent_key_it.remove(); + IF_DBUG(removed++,); + break; + } + } + } + DBUG_ASSERT(keys_to_remove.elements == removed); + IF_DBUG(removed= 0,); /* If there are FKs in which this table is parent which were not dropped we need to prevent ALTER deleting rows from the table, @@ -9974,6 +10004,7 @@ by this ALTER TABLE. */ List_iterator fk_key_it(fk_child_key_list); + keys_to_remove.empty(); while ((f_key= fk_key_it++)) { @@ -9985,10 +10016,31 @@ /* Names of foreign keys in InnoDB are case-insensitive. */ if ((drop->type == Alter_drop::FOREIGN_KEY) && (Lex_ident_column(*f_key->foreign_id).streq(drop->name))) + { + keys_to_remove.push_back(f_key); + break; + } + } + } + + /* Remove the identified keys */ + List_iterator remove_it2(keys_to_remove); + while ((f_key = remove_it2++)) + { + fk_key_it.rewind(); + while (FOREIGN_KEY_INFO *fk= fk_key_it++) + { + if (fk == f_key) + { fk_key_it.remove(); + IF_DBUG(removed++,); + break; + } } } + DBUG_ASSERT(keys_to_remove.elements == removed); + fk_key_it.rewind(); while ((f_key= fk_key_it++)) { @@ -12734,7 +12786,7 @@ if (from_row_end) bitmap_set_bit(from->read_set, from_row_end->field_index); - from->file->column_bitmaps_signal(); + from->file->column_bitmaps_signal(false); to->file->prepare_for_modify(true, false); DBUG_ASSERT(to->file->inited == handler::NONE); @@ -12757,9 +12809,10 @@ thd->progress.max_counter= from->file->records(); time_to_report_progress= MY_HOW_OFTEN_TO_WRITE/10; - /* for now, InnoDB needs the undo log for ALTER IGNORE */ - if (!ignore && !to->s->hlindexes()) - to->file->extra(HA_EXTRA_BEGIN_ALTER_COPY); + static_assert(int{HA_EXTRA_BEGIN_ALTER_IGNORE_COPY} == + int{HA_EXTRA_BEGIN_COPY} + 1, ""); + if (!to->s->hlindexes()) + to->file->extra(ha_extra_function(int{HA_EXTRA_BEGIN_COPY} + ignore)); if (!(error= info.read_record())) { @@ -12947,13 +13000,14 @@ } bulk_insert_started= 0; - if (!ignore && !to->s->hlindexes() && error <= 0) + if (error <= 0 && !to->s->hlindexes()) { - int alt_error= to->file->extra(HA_EXTRA_END_ALTER_COPY); + Abort_on_warning_instant_set save_abort_on_warning(thd, false); + int alt_error= to->file->extra(HA_EXTRA_END_COPY); if (alt_error > 0) { error= alt_error; - to->file->extra(HA_EXTRA_ABORT_ALTER_COPY); + to->file->extra(HA_EXTRA_ABORT_COPY); copy_data_error_ignore(error, false, to, thd, alter_ctx); } } @@ -13040,6 +13094,9 @@ if (error > 0 && !from->s->tmp_table) { + /* Abort the operation which invoked extra(HA_EXTRA_BEGIN_COPY) + or extra(HA_EXTRA_BEGIN_ALTER_IGNORE_COPY) */ + to->file->extra(HA_EXTRA_ABORT_COPY); /* We are going to drop the temporary table */ to->file->extra(HA_EXTRA_PREPARE_FOR_DROP); } diff -Nru mariadb-11.8.6/sql/sql_test.cc mariadb-11.8.8/sql/sql_test.cc --- mariadb-11.8.6/sql/sql_test.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_test.cc 2026-05-24 09:58:32.000000000 +0000 @@ -707,3 +707,47 @@ add("null_rejecting",keyuse->null_rejecting); } } + + +#ifndef DBUG_OFF + +/* Check if ptr points to memory on the mem_root */ + +bool dbug_is_mem_on_mem_root(const MEM_ROOT *mem_root, void *ptr) +{ + const USED_MEM *ptrs[]= {mem_root->free, mem_root->used}; + for (const USED_MEM **p= ptrs; p!=ptrs + 2; p++) + { + for (const USED_MEM *block= *p; block; block= block->next) + { + const char *start= (const char*)block; + const char *end= start + block->size - block->left; + DBUG_ASSERT(end >= start); + if (ptr >= start && ptr < end) + return true; + } + } + return false; +} + + +/* + Check whether ptr has been allocated on a statement mem_root + or transient mem_root or somewhere else. +*/ +const char *dbug_which_mem_root(THD *thd, void *ptr) +{ + if (dbug_is_mem_on_mem_root(thd->mem_root, ptr)) + { + if (thd->mem_root == thd->stmt_arena->mem_root) + return "thd->mem_root, same as stmt_arena->mem_root"; + return "thd->mem_root"; + } + + if (dbug_is_mem_on_mem_root(thd->stmt_arena->mem_root, ptr)) + return "thd->stmt_arena->mem_root"; + + return "Unknown"; +} + +#endif diff -Nru mariadb-11.8.6/sql/sql_test.h mariadb-11.8.8/sql/sql_test.h --- mariadb-11.8.6/sql/sql_test.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_test.h 2026-05-24 09:58:32.000000000 +0000 @@ -23,9 +23,42 @@ struct TABLE_LIST; typedef class Item COND; typedef class st_select_lex SELECT_LEX; +typedef class st_select_lex_unit SELECT_LEX_UNIT; struct SORT_FIELD; +class SEL_ARG; + + +#ifndef DBUG_OFF +/* + Functions intended for manual use in debugger. NOT thread-safe. +*/ + +/* Print various data structures */ +const char *dbug_print_item(Item *item); +const char *dbug_print_select(SELECT_LEX *sl); +const char *dbug_print_unit(SELECT_LEX_UNIT *un); +const char *dbug_print_sel_arg(SEL_ARG *sel_arg); + +/* A single overloaded function (not inline so debugger sees them): */ +const char *dbug_print(Item *x); +const char *dbug_print(SELECT_LEX *x); +const char *dbug_print(SELECT_LEX_UNIT *x); + +/* Print current table row */ +const char* dbug_print_table_row(TABLE *table); +const char *dbug_print_row(TABLE *table, const uchar *rec); + +/* Check which MEM_ROOT the data is on */ +bool dbug_is_mem_on_mem_root(const MEM_ROOT *mem_root, void *ptr); +const char *dbug_which_mem_root(THD *thd, void *ptr); + +#else +// A dummy implementation is used in release builds +inline const char *dbug_print_item(Item *item) { return NULL; } +#endif #ifndef DBUG_OFF +/* Functions that print into DBUG_FILE (/tmp/mariadb.trace by default) */ void print_where(COND *cond,const char *info, enum_query_type query_type); void TEST_filesort(SORT_FIELD *sortorder,uint s_length); void TEST_join(JOIN *join); diff -Nru mariadb-11.8.6/sql/sql_trigger.cc mariadb-11.8.8/sql/sql_trigger.cc --- mariadb-11.8.6/sql/sql_trigger.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_trigger.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2878,7 +2878,7 @@ ); } } - trigger_table->file->column_bitmaps_signal(); + trigger_table->file->column_bitmaps_signal(false); DBUG_VOID_RETURN; } diff -Nru mariadb-11.8.6/sql/sql_tvc.cc mariadb-11.8.8/sql/sql_tvc.cc --- mariadb-11.8.6/sql/sql_tvc.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_tvc.cc 2026-05-24 09:58:32.000000000 +0000 @@ -588,7 +588,7 @@ { if (i == 1) { - sprintf(col_name, "_col_%i", j+1); + snprintf(col_name, sizeof(col_name), "_col_%i", j+1); row_list->element_index(j)->set_name(thd, col_name, strlen(col_name), thd->charset()); } @@ -601,7 +601,7 @@ { if (i == 1) { - sprintf(col_name, "_col_%i", 1); + snprintf(col_name, sizeof(col_name), "_col_%i", 1); args[i]->set_name(thd, col_name, strlen(col_name), thd->charset()); } if (tvc_value->push_back(args[i])) diff -Nru mariadb-11.8.6/sql/sql_type.cc mariadb-11.8.8/sql/sql_type.cc --- mariadb-11.8.6/sql/sql_type.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_type.cc 2026-05-24 09:58:32.000000000 +0000 @@ -232,9 +232,15 @@ const Type_handler *b) const override { - DBUG_ASSERT(a == &type_handler_row); - DBUG_ASSERT(b == &type_handler_row); - return &type_handler_row; + /* + The 11.8 changes for MDEV-36792 not to be merged to 12.3, + as MDEV-36792 is already fixed in 12.3. See sql_type_row.cc. + */ + if ((a == &type_handler_row || a == &type_handler_null) && + (b == &type_handler_row || b == &type_handler_null) && + (a == &type_handler_row || b == &type_handler_row)) + return &type_handler_row; + return NULL; } const Type_handler *aggregate_for_min_max(const Type_handler *a, const Type_handler *b) @@ -662,7 +668,7 @@ } -uint Year::year_precision(const Item *item) const +uint Year::year_precision(const Item *item) { return item->type_handler() == &type_handler_year2 ? 2 : 4; } diff -Nru mariadb-11.8.6/sql/sql_type.h mariadb-11.8.8/sql/sql_type.h --- mariadb-11.8.6/sql/sql_type.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_type.h 2026-05-24 09:58:32.000000000 +0000 @@ -862,7 +862,7 @@ protected: uint m_year; bool m_truncated; - uint year_precision(const Item *item) const; + static uint year_precision(const Item *item); public: Year(): m_year(0), m_truncated(false) { } Year(longlong value, bool unsigned_flag, uint length); @@ -3341,8 +3341,9 @@ void aggregate_attributes_int(Item **items, uint nitems) { collation= DTCollation_numeric(); - fix_char_length(find_max_char_length(items, nitems)); unsigned_flag= count_unsigned(items, nitems) > 0; + fix_char_length(find_max_decimal_int_part(items, nitems) + + (unsigned_flag ? 0 : 1)); decimals= 0; } void aggregate_attributes_real(Item **items, uint nitems) diff -Nru mariadb-11.8.6/sql/sql_type_geom.cc mariadb-11.8.8/sql/sql_type_geom.cc --- mariadb-11.8.6/sql/sql_type_geom.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_type_geom.cc 2026-05-24 09:58:32.000000000 +0000 @@ -879,57 +879,50 @@ int Field_geom::store(const char *from, size_t length, CHARSET_INFO *cs) { - if (!length) - bzero(ptr, Field_blob::pack_length()); - else + const char *dummy; + Geometry_buffer buffer; + Geometry *geom; + + // Check given WKB + if (length < SRID_SIZE + WKB_HEADER_SIZE + 4) + goto err; + + geom= Geometry::construct(&buffer, from, uint32(length)); + if (!geom || !geom->is_binary_valid()) + goto err; + + if (m_type_handler->geometry_type() != Type_handler_geometry::GEOM_GEOMETRY && + m_type_handler->geometry_type() != Type_handler_geometry::GEOM_GEOMETRYCOLLECTION && + m_type_handler->geometry_type() != geom->get_class_info()->m_type_id) { - // Check given WKB - uint32 wkb_type; - if (length < SRID_SIZE + WKB_HEADER_SIZE + 4) - goto err; - wkb_type= uint4korr(from + SRID_SIZE + 1); - if (wkb_type < (uint32) Geometry::wkb_point || - wkb_type > (uint32) Geometry::wkb_last) - goto err; + const char *db= table->s->db.str; + const char *tab_name= table->s->table_name.str; + + if (!db) + db= ""; + if (!tab_name) + tab_name= ""; - const char *dummy; - Geometry_buffer buffer; - Geometry *geom= Geometry::construct(&buffer, from, uint32(length)); - if (!geom || !geom->is_binary_valid()) + StringBuffer wkt(&my_charset_latin1); + if (geom->as_wkt(&wkt, &dummy)) goto err; - if (m_type_handler->geometry_type() != Type_handler_geometry::GEOM_GEOMETRY && - m_type_handler->geometry_type() != Type_handler_geometry::GEOM_GEOMETRYCOLLECTION && - (uint32) m_type_handler->geometry_type() != wkb_type) - { - const char *db= table->s->db.str; - const char *tab_name= table->s->table_name.str; - - if (!db) - db= ""; - if (!tab_name) - tab_name= ""; - - StringBuffer wkt(&my_charset_latin1); - if (geom->as_wkt(&wkt, &dummy)) - goto err; - - my_error(ER_TRUNCATED_WRONG_VALUE_FOR_FIELD, MYF(0), - Geometry::ci_collection[m_type_handler->geometry_type()]->m_name.str, - wkt.c_ptr_safe(), db, tab_name, field_name.str, - (ulong) table->in_use->get_stmt_da()->current_row_for_warning()); - goto err_exit; - } - - Field_blob::store_length(length); - if ((table->copy_blobs || length <= MAX_FIELD_WIDTH) && - from != value.ptr()) - { // Must make a copy - value.copy(from, length, cs); - from= value.ptr(); - } - bmove(ptr + packlength, &from, sizeof(char*)); + my_error(ER_TRUNCATED_WRONG_VALUE_FOR_FIELD, MYF(0), + Geometry::ci_collection[m_type_handler->geometry_type()]->m_name.str, + wkt.c_ptr_safe(), db, tab_name, field_name.str, + (ulong) table->in_use->get_stmt_da()->current_row_for_warning()); + goto err_exit; } + + Field_blob::store_length(length); + if ((table->copy_blobs || length <= MAX_FIELD_WIDTH) && + from != value.ptr()) + { // Must make a copy + value.copy(from, length, cs); + from= value.ptr(); + } + bmove(ptr + packlength, &from, sizeof(char*)); + return 0; err: diff -Nru mariadb-11.8.6/sql/sql_union.cc mariadb-11.8.8/sql/sql_union.cc --- mariadb-11.8.6/sql/sql_union.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_union.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1512,8 +1512,7 @@ if (item && is_unit_op() && (item->is_in_predicate() || item->is_exists_predicate())) { - global_parameters()->order_list.first= NULL; - global_parameters()->order_list.elements= 0; + global_parameters()->optimize_out_order_list(); } /* will only optimize once */ @@ -2738,8 +2737,6 @@ bool st_select_lex_unit::cleanup() { - cleanup_stranded_units(); - bool error= 0; DBUG_ENTER("st_select_lex_unit::cleanup"); @@ -2828,6 +2825,17 @@ delete pushdown_unit; pushdown_unit= nullptr; + /* + Cleanup stranded units only after this unit has completed its own + cleanup, ensuring a parent-first (LIFO) cleanup order for merged tables. + */ + cleanup_stranded_units(); + /* + Cleanup stranded units only after this unit has completed its own + cleanup, ensuring a parent-first (LIFO) cleanup order for merged tables. + */ + cleanup_stranded_units(); + DBUG_RETURN(error); } diff -Nru mariadb-11.8.6/sql/sql_update.cc mariadb-11.8.8/sql/sql_update.cc --- mariadb-11.8.6/sql/sql_update.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_update.cc 2026-05-24 09:58:32.000000000 +0000 @@ -49,6 +49,11 @@ #include "wsrep_mysqld.h" #endif +#ifdef WITH_WSREP +#include "wsrep_mysqld.h" // wsrep_max_ws_rows, wsrep_max_ws_size +#include "wsrep_binlog.h" // WSREP_MAX_WS_SIZE +#endif + /** True if the table's input and output record buffers are comparable using compare_record(TABLE*). @@ -288,7 +293,7 @@ /* Add all fields used by unique index to read_set. */ bitmap_union(table->read_set, &unique_map); /* Tell the engine about the new set. */ - table->file->column_bitmaps_signal(); + table->file->column_bitmaps_signal(false); if ((error= table->file->ha_index_or_rnd_end()) || (error= table->file->ha_rnd_init(0))) @@ -1783,8 +1788,7 @@ } -multi_update::multi_update(THD *thd_arg, - TABLE_LIST *table_list, +multi_update::multi_update(THD *thd_arg, TABLE_LIST *table_list, List *leaves_list, List *field_list, List *value_list, @@ -1896,6 +1900,30 @@ thd->cuted_fields=0L; THD_STAGE_INFO(thd, stage_updating_main_table); +#ifdef WITH_WSREP + if (WSREP(thd) && + (wsrep_max_ws_rows || wsrep_max_ws_size != WSREP_MAX_WS_SIZE)) + { + int trans{0}; + while (TABLE_LIST *tablel= update_targets_iter++) + trans|= 1 << tablel->table->file->has_transactions_and_rollback(); + update_targets_iter.rewind(); + /* In multi-table update Galera does not support update to both + transactional and non-transactional engines if write-set + size is limited. */ + if (trans == 3) + { + my_error(ER_GALERA_REPLICATION_NOT_SUPPORTED, MYF(0)); + push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, + ER_GALERA_REPLICATION_NOT_SUPPORTED, + "Galera does not support multi-table update" + " to both transactional and non-transactional engines" + " if write-set size is limited."); + DBUG_RETURN(1); + } + } +#endif /* WITH_WSREP */ + /* We gather the set of columns read during evaluation of SET expression in TABLE::tmp_set by pointing TABLE::read_set to it and then restore it after diff -Nru mariadb-11.8.6/sql/sql_view.cc mariadb-11.8.8/sql/sql_view.cc --- mariadb-11.8.6/sql/sql_view.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_view.cc 2026-05-24 09:58:32.000000000 +0000 @@ -39,8 +39,6 @@ #include "debug.h" // debug_crash_here #include "wsrep_mysqld.h" -#define MD5_BUFF_LENGTH 33 - const LEX_CSTRING view_type= { STRING_WITH_LEN("VIEW") }; static int mysql_register_view(THD *thd, DDL_LOG_STATE *ddl_log_state, @@ -922,7 +920,7 @@ { if (view->md5.length != VIEW_MD5_LEN) { - if ((view->md5.str= thd->alloc(VIEW_MD5_LEN + 1)) == NULL) + if ((view->md5.str= thd->alloc(MD5_BUFF_LENGTH)) == NULL) DBUG_RETURN(HA_ADMIN_FAILED); } view->calc_md5(const_cast(view->md5.str)); @@ -1690,8 +1688,12 @@ /* We have to keep the lock type for sequence tables */ if (!tbl->sequence) tbl->lock_type= table->lock_type; - tbl->mdl_request.set_type(table->mdl_request.type); - tbl->updating= table->updating; + /* VIEWs with derived are non-writable */ + if (!tbl->is_pure_alias()) + { + tbl->mdl_request.set_type(table->mdl_request.type); + tbl->updating= table->updating; + } } /* If the view is mergeable, we might want to @@ -1729,7 +1731,7 @@ if (lex->first_select_lex()->options & OPTION_TO_QUERY_CACHE) old_lex->first_select_lex()->options|= OPTION_TO_QUERY_CACHE; - old_lex->default_used= lex->default_used; + old_lex->default_used|= lex->default_used; #ifndef NO_EMBEDDED_ACCESS_CHECKS if (table->view_suid) @@ -1828,7 +1830,7 @@ { table->select_lex->order_list. push_back(&lex->first_select_lex()->order_list); - lex->first_select_lex()->order_list.empty(); + lex->first_select_lex()->optimize_out_order_list(); } else { diff -Nru mariadb-11.8.6/sql/sql_window.cc mariadb-11.8.8/sql/sql_window.cc --- mariadb-11.8.6/sql/sql_window.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_window.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2994,7 +2994,7 @@ for (ORDER *cur= cur_list; cur; cur= cur->next) { ORDER *copy= (ORDER*)alloc_root(mem_root, sizeof(ORDER)); - memcpy(copy, cur, sizeof(ORDER)); + memcpy((void *) copy, (void *) cur, sizeof(ORDER)); if (prev) prev->next= copy; prev= copy; @@ -3169,7 +3169,7 @@ field. We don't care of the particular sorting result in this case. */ ORDER *order= (ORDER *)alloc_root(thd->mem_root, sizeof(ORDER)); - memset(order, 0, sizeof(*order)); + memset((void *) order, 0, sizeof(*order)); Item_field *item= new (thd->mem_root) Item_field(thd, join_tab->table->field[0]); if (item) @@ -3274,10 +3274,13 @@ } -bool st_select_lex::add_window_func(Item_window_func *win_func) +bool st_select_lex::add_window_func(THD *thd, Item_window_func *win_func) { if (parsing_place != SELECT_LIST) fields_in_window_functions+= win_func->window_func()->argument_count(); + /* We may use it later for other clauses, now just ORDER_CLAUSE */ + if (thd->where == THD_WHERE::ORDER_CLAUSE) + parent_lex->clause_winfuncs.push_back(win_func, thd->mem_root); return window_funcs.push_back(win_func); } diff -Nru mariadb-11.8.6/sql/sql_yacc.yy mariadb-11.8.8/sql/sql_yacc.yy --- mariadb-11.8.6/sql/sql_yacc.yy 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sql_yacc.yy 2026-05-24 09:58:32.000000000 +0000 @@ -198,11 +198,6 @@ ulonglong ulonglong_number; longlong longlong_number; uint sp_instr_addr; - /* - Longlong_hybrid does not have a default constructor, hence the - default value below. - */ - Longlong_hybrid longlong_hybrid_number= Longlong_hybrid(0, false); /* structs */ LEX_CSTRING lex_str; @@ -240,6 +235,11 @@ Lex_select_lock select_lock; Lex_select_limit select_limit; Lex_order_limit_lock *order_limit_lock; + struct + { + longlong num; + bool is_unsigned; + } longlong_hybrid_number; /* pointers */ Lex_ident_sys *ident_sys_ptr; @@ -2332,9 +2332,9 @@ Lex->mi.ssl_crlpath= $3.str; } - | MASTER_HEARTBEAT_PERIOD_SYM '=' NUM_literal + | MASTER_HEARTBEAT_PERIOD_SYM '=' opt_plus NUM_literal { - Lex->mi.heartbeat_period= (float) $3->val_real(); + Lex->mi.heartbeat_period= (float) $4->val_real(); if (unlikely(Lex->mi.heartbeat_period > SLAVE_MAX_HEARTBEAT_PERIOD) || unlikely(Lex->mi.heartbeat_period < 0.0)) @@ -2795,7 +2795,7 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_min_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); - seq->min_value_from_parser= $3; + seq->min_value_from_parser= Longlong_hybrid($3.num, $3.is_unsigned); seq->used_fields|= seq_field_used_min_value; seq->used_fields|= @@ -2820,7 +2820,7 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_max_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); - seq->max_value_from_parser= $3; + seq->max_value_from_parser= Longlong_hybrid($3.num, $3.is_unsigned); seq->used_fields|= seq_field_used_max_value; seq->used_fields|= seq_field_specified_max_value; } @@ -2843,7 +2843,7 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_start)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "START")); - seq->start_from_parser= $3; + seq->start_from_parser= Longlong_hybrid($3.num, $3.is_unsigned); seq->used_fields|= seq_field_used_start; } | INCREMENT_SYM opt_by sequence_value_num @@ -2908,7 +2908,7 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_restart)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "RESTART")); - seq->restart_from_parser= $3; + seq->restart_from_parser= Longlong_hybrid($3.num, $3.is_unsigned); seq->used_fields|= seq_field_used_restart | seq_field_used_restart_value; } @@ -10312,21 +10312,27 @@ } | SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ')' { - if (unlikely(!($$= Lex->create_item_func_setval(thd, $3, $5, 0, - 1)))) + if (unlikely(!($$= Lex->create_item_func_setval( + thd, $3, + Longlong_hybrid($5.num, $5.is_unsigned), + 0, 1)))) MYSQL_YYABORT; } | SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ')' { - if (unlikely(!($$= Lex->create_item_func_setval(thd, $3, $5, 0, - $7)))) + if (unlikely(!($$= Lex->create_item_func_setval( + thd, $3, + Longlong_hybrid($5.num, $5.is_unsigned), + 0, $7)))) MYSQL_YYABORT; } | SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ',' ulonglong_num ')' { - if (unlikely(!($$= Lex->create_item_func_setval(thd, $3, $5, $9, - $7)))) + if (unlikely(!($$= Lex->create_item_func_setval( + thd, $3, + Longlong_hybrid($5.num, $5.is_unsigned), + $9, $7)))) MYSQL_YYABORT; } ; @@ -11333,7 +11339,7 @@ $$= new (thd->mem_root) Item_window_func(thd, (Item_sum *) $1, $3); if (unlikely($$ == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) $$))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) $$))) MYSQL_YYABORT; } | @@ -11349,7 +11355,7 @@ thd->lex->win_spec); if (unlikely($$ == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) $$))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) $$))) MYSQL_YYABORT; } ; @@ -11490,7 +11496,7 @@ thd->lex->win_spec); if (unlikely($$ == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) $$))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) $$))) MYSQL_YYABORT; } ; @@ -12612,7 +12618,7 @@ opt_window_order_clause: /* empty */ { } - | ORDER_SYM BY order_list { Select->order_list= *($3); } + | ORDER_SYM BY order_list { Select->order_list= *($3); } ; opt_window_frame_clause: @@ -12747,6 +12753,7 @@ ORDER_SYM BY { thd->where= THD_WHERE::ORDER_CLAUSE; + thd->lex->clause_winfuncs.empty(); } order_list { @@ -13123,39 +13130,42 @@ opt_plus NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | opt_plus LONG_NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | opt_plus ULONGLONG_NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - true); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= true; } | '-' NUM { int error; - $$= Longlong_hybrid(- my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= - my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | '-' LONG_NUM { int error; - $$= Longlong_hybrid(- my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= - my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | '-' ULONGLONG_NUM { int error; const ulonglong abs= my_strtoll10($2.str, (char**) 0, &error); if (abs == 1 + (ulonglong) LONGLONG_MAX) - $$= Longlong_hybrid(LONGLONG_MIN, false); + { + $$.num= LONGLONG_MIN; + $$.is_unsigned= false; + } else thd->parse_error(ER_DATA_OUT_OF_RANGE); } @@ -13169,36 +13179,48 @@ opt_plus NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | opt_plus LONG_NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | opt_plus ULONGLONG_NUM { int error; - $$= Longlong_hybrid(my_strtoll10($2.str, (char**) 0, &error), - true); + $$.num= my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= true; + } + | opt_plus DECIMAL_NUM + { + $$.num= ULONGLONG_MAX; + $$.is_unsigned= true; } - | opt_plus DECIMAL_NUM { $$= Longlong_hybrid(ULONGLONG_MAX, true); } | '-' NUM { int error; - $$= Longlong_hybrid(- my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= - my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; } | '-' LONG_NUM { int error; - $$= Longlong_hybrid(- my_strtoll10($2.str, (char**) 0, &error), - false); + $$.num= - my_strtoll10($2.str, (char**) 0, &error); + $$.is_unsigned= false; + } + | '-' ULONGLONG_NUM + { + $$.num= LONGLONG_MIN; + $$.is_unsigned= false; + } + | '-' DECIMAL_NUM + { + $$.num= LONGLONG_MIN; + $$.is_unsigned= false; } - | '-' ULONGLONG_NUM { $$= Longlong_hybrid(LONGLONG_MIN, false); } - | '-' DECIMAL_NUM { $$= Longlong_hybrid(LONGLONG_MIN, false); } ; ulonglong_num: diff -Nru mariadb-11.8.6/sql/sys_vars.cc mariadb-11.8.8/sql/sys_vars.cc --- mariadb-11.8.6/sql/sys_vars.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sys_vars.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1800,7 +1800,7 @@ "max_allowed_packet", "Max packet length to send to or receive from the server", SESSION_VAR(max_allowed_packet), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(1024, 1024*1024*1024), DEFAULT(16*1024*1024), + VALID_RANGE(1024, MAX_MAX_ALLOWED_PACKET), DEFAULT(16*1024*1024), BLOCK_SIZE(1024), NO_MUTEX_GUARD, NOT_IN_BINLOG, ON_CHECK(check_max_allowed_packet)); @@ -5257,7 +5257,8 @@ "group_concat_max_len", "The maximum length of the result of function GROUP_CONCAT()", SESSION_VAR(group_concat_max_len), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(4, UINT_MAX32), DEFAULT(1024*1024), BLOCK_SIZE(1)); + VALID_RANGE(4, MAX_MAX_ALLOWED_PACKET), DEFAULT(1024*1024), + BLOCK_SIZE(1)); static char *glob_hostname_ptr; static Sys_var_charptr Sys_hostname( @@ -5959,18 +5960,20 @@ */ ulonglong Sys_var_multi_source_ulonglong:: -get_master_info_ulonglong_value(THD *thd) const +get_master_info_ulonglong_value(THD *thd, bool with_lock) const { Master_info *mi; ulonglong res= 0; // Default value - mysql_mutex_unlock(&LOCK_global_system_variables); + if (with_lock) + mysql_mutex_unlock(&LOCK_global_system_variables); if ((mi= get_master_info(&thd->variables.default_master_connection, Sql_condition::WARN_LEVEL_WARN))) { res= (mi->*mi_accessor_func)(); mi->release(); } - mysql_mutex_lock(&LOCK_global_system_variables); + if (with_lock) + mysql_mutex_lock(&LOCK_global_system_variables); return res; } @@ -6431,7 +6434,7 @@ CMD_LINE(REQUIRED_ARG), DEFAULT(WSREP_START_POSITION_ZERO), NO_MUTEX_GUARD, NOT_IN_BINLOG, - ON_CHECK(wsrep_start_position_check), + ON_CHECK(wsrep_start_position_check), ON_UPDATE(wsrep_start_position_update)); static Sys_var_ulong Sys_wsrep_max_ws_size ( @@ -6444,7 +6447,9 @@ static Sys_var_ulong Sys_wsrep_max_ws_rows ( "wsrep_max_ws_rows", "Max number of rows in write set", GLOBAL_VAR(wsrep_max_ws_rows), CMD_LINE(REQUIRED_ARG), - VALID_RANGE(0, 1048576), DEFAULT(0), BLOCK_SIZE(1)); + VALID_RANGE(0, 1048576), DEFAULT(0), + BLOCK_SIZE(1), NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(wsrep_max_ws_rows_check), ON_UPDATE(0)); static Sys_var_charptr Sys_wsrep_notify_cmd( "wsrep_notify_cmd", "", @@ -6553,9 +6558,10 @@ static Sys_var_mybool Sys_wsrep_slave_FK_checks( "wsrep_slave_FK_checks", "Should slave thread do " - "foreign key constraint checks", + "foreign key constraint checks (deprecated, has no effect)", GLOBAL_VAR(wsrep_slave_FK_checks), - CMD_LINE(OPT_ARG), DEFAULT(TRUE)); + CMD_LINE(OPT_ARG), DEFAULT(TRUE), NO_MUTEX_GUARD, NOT_IN_BINLOG, + ON_CHECK(0), ON_UPDATE(0), DEPRECATED(1010, "")); // since 10.6.26 static Sys_var_mybool Sys_wsrep_slave_UK_checks( "wsrep_slave_UK_checks", "Should slave thread do " diff -Nru mariadb-11.8.6/sql/sys_vars.inl mariadb-11.8.8/sql/sys_vars.inl --- mariadb-11.8.6/sql/sys_vars.inl 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/sys_vars.inl 2026-05-24 09:58:32.000000000 +0000 @@ -2571,19 +2571,27 @@ /* Use value given in variable declaration */ global_save_default(thd, var); } - const uchar *session_value_ptr(THD *thd, const LEX_CSTRING *base) const override + uchar *value_ptr_internal(THD *thd, const LEX_CSTRING *base, bool with_lock) const { ulonglong *tmp, res; tmp= (ulonglong*) (((uchar*)&(thd->variables)) + offset); - res= get_master_info_ulonglong_value(thd); + res= get_master_info_ulonglong_value(thd, with_lock); *tmp= res; return (uchar*) tmp; } + const uchar *session_value_ptr(THD *thd, const LEX_CSTRING *base) const override + { + return value_ptr_internal(thd, base, true); + } const uchar *global_value_ptr(THD *thd, const LEX_CSTRING *base) const override { - return session_value_ptr(thd, base); + return value_ptr_internal(thd, base, true); + } + const uchar *session_no_lock_value_ptr(THD *thd, const LEX_CSTRING *base) const override + { + return value_ptr_internal(thd, base, false); } - ulonglong get_master_info_ulonglong_value(THD *thd) const; + ulonglong get_master_info_ulonglong_value(THD *thd, bool with_lock) const; bool update_variable(THD *thd, Master_info *mi) { return update_multi_source_variable_func(this, thd, mi); diff -Nru mariadb-11.8.6/sql/table.cc mariadb-11.8.8/sql/table.cc --- mariadb-11.8.6/sql/table.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/table.cc 2026-05-24 09:58:32.000000000 +0000 @@ -3573,7 +3573,6 @@ else { bzero(&optimizer_costs, sizeof(optimizer_costs)); - MEM_UNDEFINED(&optimizer_costs, sizeof(optimizer_costs)); } } @@ -6092,7 +6091,7 @@ SYNOPSIS TABLE_LIST::calc_md5() - buffer buffer for md5 writing + buffer buffer for md5 writing, must be at least MD5_BUFF_LENGTH bytes */ void TABLE_LIST::calc_md5(char *buffer) @@ -6100,12 +6099,12 @@ uchar digest[16]; compute_md5_hash(digest, select_stmt.str, select_stmt.length); - sprintf(buffer, - "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", - digest[0], digest[1], digest[2], digest[3], - digest[4], digest[5], digest[6], digest[7], - digest[8], digest[9], digest[10], digest[11], - digest[12], digest[13], digest[14], digest[15]); + snprintf(buffer, MD5_BUFF_LENGTH, + "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x", + digest[0], digest[1], digest[2], digest[3], + digest[4], digest[5], digest[6], digest[7], + digest[8], digest[9], digest[10], digest[11], + digest[12], digest[13], digest[14], digest[15]); } @@ -6652,6 +6651,8 @@ field_error.append('.'); } field_error.append((*chk)->name); + if (ignore_failure) + in_use->clear_error(); my_error(ER_CONSTRAINT_FAILED, MYF(ignore_failure ? ME_WARNING : 0), field_error.c_ptr(), s->db.str, s->table_name.str); @@ -7715,7 +7716,7 @@ { mark_index_columns_for_read(s->primary_key); /* signal change */ - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } DBUG_VOID_RETURN; } @@ -7765,7 +7766,7 @@ DBUG_ENTER("TABLE::restore_column_maps_after_mark_index"); file->ha_end_keyread(); read_set= backup; - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); DBUG_VOID_RETURN; } @@ -7824,7 +7825,7 @@ bitmap_set_bit(write_set, found_next_number_field->field_index); if (s->next_number_keypart) mark_index_columns_for_read(s->next_number_index); - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } @@ -7899,7 +7900,7 @@ #endif if (need_signal) - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } @@ -8016,7 +8017,7 @@ } mark_columns_per_binlog_row_image(); if (need_signal) - file->column_bitmaps_signal(); + file->column_bitmaps_signal(true); DBUG_VOID_RETURN; } @@ -8204,13 +8205,13 @@ DBUG_ASSERT(FALSE); } } - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } else { /* If not using row format */ rpl_write_set= write_set; - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } DBUG_VOID_RETURN; @@ -8246,8 +8247,7 @@ be added to read_set either. */ -bool TABLE::mark_virtual_columns_for_write(bool insert_fl - __attribute__((unused))) +bool TABLE::mark_virtual_columns_for_write(bool insert_fl) { Field **vfield_ptr, *tmp_vfield; bool bitmap_updated= false; @@ -8262,13 +8262,33 @@ (tmp_vfield->flags & (PART_KEY_FLAG | FIELD_IN_PART_FUNC_FLAG | PART_INDIRECT_KEY_FLAG))) { - bitmap_set_bit(write_set, tmp_vfield->field_index); - mark_virtual_column_with_deps(tmp_vfield); - bitmap_updated= true; + if (insert_fl) + { + bitmap_set_bit(write_set, tmp_vfield->field_index); + mark_virtual_column_with_deps(tmp_vfield); + bitmap_updated= true; + } + else + { + MY_BITMAP *save_read_set= read_set; + Item *vcol_item= tmp_vfield->vcol_info->expr; + DBUG_ASSERT(vcol_item); + bitmap_clear_all(&tmp_set); + read_set= &tmp_set; + vcol_item->walk(&Item::register_field_in_read_map, 1, 0); + read_set= save_read_set; + if (bitmap_is_overlapping(&tmp_set, write_set)) + { + bitmap_set_bit(write_set, tmp_vfield->field_index); + bitmap_set_bit(read_set, tmp_vfield->field_index); + bitmap_union(read_set, &tmp_set); + bitmap_updated= true; + } + } } } if (bitmap_updated) - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); DBUG_RETURN(bitmap_updated); } @@ -8676,7 +8696,7 @@ uint i; bool key_start= TRUE; - keyinfo->name.length= sprintf(buf, "key%i", key); + keyinfo->name.length= snprintf(buf, sizeof(buf), "key%i", key); if (!multi_alloc_root(&mem_root, &key_part_info, sizeof(KEY_PART_INFO)*key_parts, @@ -8899,6 +8919,7 @@ parent_embedding->nested_join->join_list.head() == embedded); mdl_request.ticket= NULL; + derived_result= NULL; } @@ -9326,7 +9347,7 @@ /* Read indexed fields that was not updated in VCOL_UPDATE_FOR_READ */ update= (!vcol_info->is_stored() && (vf->flags & (PART_KEY_FLAG | PART_INDIRECT_KEY_FLAG)) && - !bitmap_is_set(read_set, vf->field_index)); + bitmap_is_set(read_set, vf->field_index)); swap_values= 1; break; } diff -Nru mariadb-11.8.6/sql/table.h mariadb-11.8.8/sql/table.h --- mariadb-11.8.6/sql/table.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/table.h 2026-05-24 09:58:32.000000000 +0000 @@ -93,6 +93,7 @@ typedef ulonglong nested_join_map; #define VIEW_MD5_LEN 32 +#define MD5_BUFF_LENGTH (VIEW_MD5_LEN + 1) /* hex digest + NUL */ #define tmp_file_prefix "#sql" /**< Prefix for tmp tables */ @@ -237,6 +238,7 @@ /* Order clause list element */ typedef int (*fast_field_copier)(Field *to, Field *from); +class Item_window_func; typedef struct st_order { @@ -265,6 +267,7 @@ char *buff; /* If tmp-table group */ table_map used; /* NOTE: the below is only set to 0 but is still used by eq_ref_table */ table_map depend_map; + List window_funcs; } ORDER; /** @@ -1694,7 +1697,7 @@ { read_set= read_set_arg; if (file) - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } inline void column_bitmaps_set(MY_BITMAP *read_set_arg, MY_BITMAP *write_set_arg) @@ -1702,7 +1705,7 @@ read_set= read_set_arg; write_set= write_set_arg; if (file) - file->column_bitmaps_signal(); + file->column_bitmaps_signal(false); } inline void column_bitmaps_set_no_signal(MY_BITMAP *read_set_arg, MY_BITMAP *write_set_arg) @@ -2999,6 +3002,7 @@ List *partition_names; #endif /* WITH_PARTITION_STORAGE_ENGINE */ + /* buffer must be at least MD5_BUFF_LENGTH bytes long */ void calc_md5(char *buffer); int view_check_option(THD *thd, bool ignore_failure); bool create_field_translation(THD *thd); @@ -3616,12 +3620,14 @@ inline bool is_infoschema_db(const LEX_CSTRING *name) { - return INFORMATION_SCHEMA_NAME.streq(*name); + DBUG_ASSERT(name->str || !name->length); + return name->length && INFORMATION_SCHEMA_NAME.streq(*name); } inline bool is_perfschema_db(const LEX_CSTRING *name) { - return PERFORMANCE_SCHEMA_DB_NAME.streq(*name); + DBUG_ASSERT(name->str || !name->length); + return name->length && PERFORMANCE_SCHEMA_DB_NAME.streq(*name); } inline void mark_as_null_row(TABLE *table) diff -Nru mariadb-11.8.6/sql/threadpool_generic.cc mariadb-11.8.8/sql/threadpool_generic.cc --- mariadb-11.8.6/sql/threadpool_generic.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/threadpool_generic.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1140,7 +1140,7 @@ static bool too_many_threads(thread_group_t *thread_group) { - return (thread_group->active_thread_count >= 1+(int)threadpool_oversubscribe + return (thread_group->active_thread_count > 1+(int)threadpool_oversubscribe && !thread_group->stalled); } diff -Nru mariadb-11.8.6/sql/udf_example.c mariadb-11.8.8/sql/udf_example.c --- mariadb-11.8.6/sql/udf_example.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/udf_example.c 2026-05-24 09:58:32.000000000 +0000 @@ -849,11 +849,11 @@ *null_value=1; return 0; } - sprintf(result,"%d.%d.%d.%d", - (int) *((longlong*) args->args[0]), - (int) *((longlong*) args->args[1]), - (int) *((longlong*) args->args[2]), - (int) *((longlong*) args->args[3])); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "%d.%d.%d.%d", + (int) *((longlong*) args->args[0]), + (int) *((longlong*) args->args[1]), + (int) *((longlong*) args->args[2]), + (int) *((longlong*) args->args[3])); } else { /* string argument */ @@ -1245,9 +1245,9 @@ uchar *is_null,uchar *error __attribute__((unused))) { if (initid->ptr != 0) { - sprintf(result, "const"); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "const"); } else { - sprintf(result, "not const"); + snprintf(result, MYSQL_UDF_MAX_RESULT_LENGTH, "not const"); } *is_null= 0; *length= (uint) strlen(result); diff -Nru mariadb-11.8.6/sql/unireg.cc mariadb-11.8.8/sql/unireg.cc --- mariadb-11.8.6/sql/unireg.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/unireg.cc 2026-05-24 09:58:32.000000000 +0000 @@ -782,7 +782,7 @@ my_error(ER_EXPRESSION_IS_TOO_BIG, MYF(0), vcol_type_name(type)); return 1; } - int2store(buf->ptr() + len_off, expr_len); + int2store(const_cast(buf->ptr() + len_off), expr_len); return 0; } diff -Nru mariadb-11.8.6/sql/wsrep_applier.cc mariadb-11.8.8/sql/wsrep_applier.cc --- mariadb-11.8.6/sql/wsrep_applier.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_applier.cc 2026-05-24 09:58:32.000000000 +0000 @@ -100,8 +100,8 @@ } os << " Error_code: " << error.number << ';'; std::string const err_str= os.str(); - dst.resize(err_str.length() + 1); - sprintf(dst.data(), "%s", err_str.c_str()); + dst.clear(); + dst.push_back(err_str); WSREP_DEBUG("Error buffer (RLI) for thd %u seqno %lld, %zu bytes: '%s'", thd->thread_id, (long long)wsrep_thd_trx_seqno(thd), diff -Nru mariadb-11.8.6/sql/wsrep_high_priority_service.cc mariadb-11.8.8/sql/wsrep_high_priority_service.cc --- mariadb-11.8.6/sql/wsrep_high_priority_service.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_high_priority_service.cc 2026-05-24 09:58:32.000000000 +0000 @@ -115,10 +115,7 @@ else thd->variables.option_bits&= ~OPTION_RELAXED_UNIQUE_CHECKS; - if (wsrep_slave_FK_checks == FALSE) - thd->variables.option_bits|= OPTION_NO_FOREIGN_KEY_CHECKS; - else - thd->variables.option_bits&= ~OPTION_NO_FOREIGN_KEY_CHECKS; + thd->variables.option_bits&= ~OPTION_NO_FOREIGN_KEY_CHECKS; } static int apply_events(THD* thd, diff -Nru mariadb-11.8.6/sql/wsrep_mysqld.cc mariadb-11.8.8/sql/wsrep_mysqld.cc --- mariadb-11.8.6/sql/wsrep_mysqld.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_mysqld.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,5 +1,6 @@ /* Copyright (c) 2008, 2025, Codership Oy Copyright (c) 2020, 2026, MariaDB + Copyright (c) 2026, MariaDB plc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -116,8 +117,6 @@ /* Other configuration variables and their default values. */ my_bool wsrep_incremental_data_collection= 0; // Incremental data collection -my_bool wsrep_restart_slave_activated= 0; // Node has dropped, and slave - // restart will be needed bool wsrep_new_cluster= false; // Bootstrap the cluster? int wsrep_slave_count_change= 0; // No. of appliers to stop/start int wsrep_to_isolation= 0; // No. of active TO isolation threads @@ -270,11 +269,17 @@ static char provider_version[256]= { 0, }; static char provider_vendor[256]= { 0, }; +enum WsrepState { + NOT_READY, + READY, + IN_SHUTDOWN, +}; +static std::atomic wsrep_state(NOT_READY); + /* * Wsrep status variables. LOCK_status must be locked When modifying * these variables, */ -std::atomic wsrep_ready(false); my_bool wsrep_connected = FALSE; const char* wsrep_cluster_state_uuid= cluster_uuid_str; long long wsrep_cluster_conf_id = WSREP_SEQNO_UNDEFINED; @@ -581,7 +586,7 @@ */ my_bool wsrep_ready_get (void) { - return wsrep_ready; + return wsrep_state == READY; } int wsrep_show_ready(THD *thd, SHOW_VAR *var, void *buff, @@ -1167,12 +1172,23 @@ wsrep_stop_replication_common(thd); } -void wsrep_shutdown_replication() +void wsrep_shutdown() { - WSREP_INFO("Shutdown replication"); - wsrep_stop_replication_common(nullptr); - /* Undocking the thread specific data. */ - set_current_thd(nullptr); + /* Signal ready state waiters that we're shutting down. */ + mysql_mutex_lock(&LOCK_wsrep_ready); + DBUG_ASSERT(wsrep_state != IN_SHUTDOWN); + wsrep_state = IN_SHUTDOWN; + mysql_cond_signal(&COND_wsrep_ready); + mysql_mutex_unlock(&LOCK_wsrep_ready); + + /* Stop wsrep threads in case they are running. */ + if (wsrep_running_threads > 0) + { + WSREP_INFO("Shutdown replication"); + wsrep_stop_replication_common(nullptr); + /* Undocking the thread specific data. */ + set_current_thd(nullptr); + } } bool wsrep_start_replication(const char *wsrep_cluster_address) @@ -2863,11 +2879,11 @@ WSREP_DEBUG("TOI Begin: %s", wsrep_thd_query(thd)); DEBUG_SYNC(thd, "wsrep_toi_begin"); - if (!wsrep_ready || + if (!wsrep_ready_get() || wsrep_can_run_in_toi(thd, db, table, table_list, create_info) == false) { WSREP_DEBUG("No TOI for %s", wsrep_thd_query(thd)); - if (!wsrep_ready) + if (!wsrep_ready_get()) { my_error(ER_GALERA_REPLICATION_NOT_SUPPORTED, MYF(0)); push_warning_printf(thd, Sql_condition::WARN_LEVEL_WARN, @@ -3260,14 +3276,276 @@ req->thread_id, wsrep_thd_trx_seqno(req), \ wsrep_thd_client_mode_str(req), wsrep_thd_client_state_str(req), \ wsrep_thd_transaction_state_str(req), wsrep_thd_is_BF(req, false), \ - req->get_command(), req->lex->sql_command, req->query(), \ + req->get_command(), req->lex->sql_command, wsrep_thd_query(req), \ gra->thread_id, wsrep_thd_trx_seqno(gra), \ wsrep_thd_client_mode_str(gra), wsrep_thd_client_state_str(gra), \ wsrep_thd_transaction_state_str(gra), wsrep_thd_is_BF(gra, false), \ - gra->get_command(), gra->lex->sql_command, gra->query()); + gra->get_command(), gra->lex->sql_command, wsrep_thd_query(gra)); + +/** Helper function to output wsrep state to a string. + +@param thd thread handle +@param granted true if this thread same as thread holding MDL-lock +@param str string containing wsrep state +*/ +static void wsrep_get_state(const THD* thd, const bool granted, String *str) +{ + str->append(STRING_WITH_LEN(granted ? "granted " : "request ")); + str->append_ulonglong((unsigned long long)thd->thread_id); + str->append(STRING_WITH_LEN(":")); + + if (WSREP(thd)) + str->append(STRING_WITH_LEN("WSREP ")); + if (wsrep_thd_is_BF(thd, false)) + str->append(STRING_WITH_LEN("BF ")); + else + str->append(STRING_WITH_LEN("LOCAL ")); + if (thd->wsrep_aborter || wsrep_thd_is_aborting(thd)) + str->append(STRING_WITH_LEN("ABORTING ")); + if (wsrep_thd_is_SR(thd)) + str->append(STRING_WITH_LEN("SR ")); + if (thd->wsrep_trx().active()) + str->append(STRING_WITH_LEN("WSREP TRX ")); + if (wsrep_thd_is_toi(thd)) + str->append(STRING_WITH_LEN("TOI ")); + if (wsrep_thd_is_applying(thd)) + str->append(STRING_WITH_LEN("APPLYING ")); + if (thd->current_backup_stage != BACKUP_FINISHED) + str->append(STRING_WITH_LEN("BACKUP ")); + if (thd->global_read_lock.is_acquired()) + { + if (thd->lex->type & (REFRESH_READ_LOCK|REFRESH_FOR_EXPORT)) + str->append(STRING_WITH_LEN("FTFE ")); + else + str->append(STRING_WITH_LEN("FTWRL ")); + } + if (thd->locked_tables_mode == LTM_LOCK_TABLES || + thd->variables.option_bits & OPTION_TABLE_LOCK) + str->append(STRING_WITH_LEN("LOCK TABLES ")); + + str->append(STRING_WITH_LEN(": ")); + const char* query= wsrep_thd_query(thd); + str->append(query, strlen(query)); +} + +/* MDL-log mode */ +typedef enum +{ + WSREP_MDL_DEBUG=0, + WSREP_MDL_INFO, + WSREP_MDL_ERROR +} wsrep_mdl_log_t; + +/** Helper function to log MDL-conflict. + +@param level log level either DEBUG, INFO or ERROR +@param msg log message +@param request_thd requestor thread +@param granted_thd thread holding MDL-lock +@param ticket conflicting MDL-ticket +@param key MDL-key +*/ +static void wsrep_mdl_log(wsrep_mdl_log_t level, + const char* msg, + const THD* request_thd, + const THD* granted_thd, + const MDL_ticket *ticket, + const MDL_key *key) +{ + const char* schema= key->db_name(); + const int schema_len= key->db_name_length(); + const char* name= key->name(); + const int name_len= key->name_length(); + + switch(level) + { + case WSREP_MDL_DEBUG: + WSREP_MDL_LOG(DEBUG, msg, + schema, schema_len, name, name_len, + request_thd, granted_thd); + ticket->wsrep_report(wsrep_debug); + break; + case WSREP_MDL_INFO: + WSREP_MDL_LOG(INFO, msg, + schema, schema_len, name, name_len, + request_thd, granted_thd); + ticket->wsrep_report(wsrep_debug); + break; + case WSREP_MDL_ERROR: + WSREP_MDL_LOG(ERROR, msg, + schema, schema_len, name, name_len, + request_thd, granted_thd); + ticket->wsrep_report(true); + break; + default: + DBUG_ASSERT(0); // bug + break; + } +} + +/** Helper function to dump wsrep state to error log. + +@param msg Message for error log +@param thd Thread handle +@param granted true if this thread is holding MDL-lock +*/ +static void wsrep_log_state(const char *msg, const THD *thd, bool granted) +{ + char buff[2048]; + String buffer(buff, sizeof(buff), system_charset_info); + wsrep_get_state(thd, granted, &buffer); + WSREP_DEBUG(msg, buffer.c_ptr()); +} + +/** This function handles MDL-conflict when thread holding MDL-lock + (granted_thd) is TOI or applying i.e BF. + + If granted_thd is aborting + wait for MDL-locks to be released + else if granted_thd is SR and requestor is DDL + abort granted_thd + else + not possible BF-BF case + +@param request_thd requestor thread +@param granted_thd thread holding conflicting MDL-lock +@param ticket conflicting MDL-ticket +@param key MDL key +*/ +static void wsrep_handle_granted_bf( + THD* request_thd, + THD* granted_thd, + const MDL_ticket *ticket, + const MDL_key *key) +{ + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_kill); + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_data); + + if (wsrep_debug) + { + wsrep_log_state("wsrep_handle_granted_bf() : (%s)", request_thd, false); + wsrep_log_state("wsrep_handle_granted_bf() : (%s)", granted_thd, true); + } + + if (wsrep_thd_is_aborting(granted_thd)) + { + // Granted thread is aborting, we wait it to release MDL-locs + } + else if (wsrep_thd_is_SR(granted_thd) && wsrep_thd_is_toi(request_thd)) + { + // Granted thread is executing streaming replication and request is DDL, + // abort granted + wsrep_mdl_log(WSREP_MDL_INFO, "MDL conflict, DDL vs SR", + request_thd, granted_thd, ticket, key); + wsrep_abort_thd(request_thd, granted_thd, 1); + } + else + { + // This case BF-BF is not possible so fail on debug + wsrep_mdl_log(WSREP_MDL_ERROR, "MDL BF-BF conflict", + request_thd, granted_thd, ticket, key); + DBUG_ASSERT(!(wsrep_thd_is_BF(granted_thd, false) && + wsrep_thd_is_BF(request_thd, false))); + } +} + +/** This function handles MDL-conflict when thread holding MDL-lock + (granted_thd) has ongoing + BACKUP + OR FLUSH TABLES WITH READ LOCK + OR FLUSH TABLES FOR EXPORT + OR LOCK TABLES + + Requestor may kill only ongoing BACKUP if user has so configured, + all other cases it must wait MDL-lock to be released. + +@param request_thd requestor thread +@param granted_thd thread holding conflicting MDL-lock +@param ticket conflicting MDL-ticket +@param key MDL key +*/ +static void wsrep_handle_locked(THD* request_thd, + THD* granted_thd, + const MDL_ticket *ticket, + const MDL_key *key) +{ + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_kill); + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_data); + DBUG_ASSERT(!wsrep_thd_is_BF(granted_thd, false)); + + if (wsrep_debug) + { + wsrep_log_state("wsrep_handle_locked() : (%s)", request_thd, false); + wsrep_log_state("wsrep_handle_locked() : (%s)", granted_thd, true); + } + + if (granted_thd->current_backup_stage != BACKUP_FINISHED && + wsrep_check_mode(WSREP_MODE_BF_MARIABACKUP)) + { + // User has allowed killing mariabackup + wsrep_mdl_log(WSREP_MDL_INFO, "MDL conflict, ongoing backup", + request_thd, granted_thd, ticket, key); + wsrep_abort_thd(request_thd, granted_thd, true); + } + // else requestor must wait for MDL-lock to be released +} + +/** This function handles MDL-conflict when thread holding MDL-lock + (granted_thd) is not BF (brute force) and requestor is + BF. + +If thread has active wsrep transaction it can be wsrep aborted +else + send KILL_QUERY_HARD and handler abort transaction + +@param request_thd requestor thread +@param granted_thd thread holding conflicting MDL-lock +@param ticket conflicting MDL-ticket +@param key MDL key +*/ +static void wsrep_abort_granted(THD* request_thd, + THD* granted_thd, + const MDL_ticket *ticket, + const MDL_key *key) +{ + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_kill); + mysql_mutex_assert_owner(&granted_thd->LOCK_thd_data); + DBUG_ASSERT(!wsrep_thd_is_BF(granted_thd, false)); + DBUG_ASSERT(wsrep_thd_is_BF(request_thd, false)); + + if (wsrep_debug) + { + wsrep_log_state("wsrep_abort_granted() : (%s)", request_thd, false); + wsrep_log_state("wsrep_abort_granted() : (%s)", granted_thd, true); + } + + wsrep_mdl_log(WSREP_MDL_DEBUG, "MDL conflict-> BF abort", + request_thd, granted_thd, ticket, key); + + if (granted_thd->wsrep_trx().active()) + { + // Granted thread has active wsrep transaction, abort it + wsrep_abort_thd(request_thd, granted_thd, 1); + } + else + { + // Granted thread is not wsrep transaction or it has no + // active transaction e.g. CREATE TABLE X AS SELECT, + // signal KILL_QUERY and abort transaction + granted_thd->awake_no_mutex(KILL_QUERY_HARD); + ha_abort_transaction(request_thd, granted_thd, TRUE); + } +} /** - Check if request for the metadata lock should be granted to the requester. + This function handles MDL-conflict between thread requesting MDL-lock + and thread that already has acquired MDL-lock i.e. granted thread. + Either requesting thread will wait for MDL-lock to be released or + granted thread will be BF-killed, aborted or signaled with + KILL_QUERY_HARD. + + * If requester is not wsrep thread it must wait for MDL to be released. + * If requester is not TOI or applying it must wait for MDL to be released. @param requestor_ctx The MDL context of the requestor @param ticket MDL ticket for the requested lock @@ -3280,145 +3558,74 @@ { THD *request_thd= requestor_ctx->get_thd(); + /* Note here request_thd == current_thd */ /* Fallback to the non-wsrep behaviour */ if (!WSREP(request_thd)) return; - mysql_mutex_lock(&request_thd->LOCK_thd_data); - - // If requestor is not BF it has to wait for - // release of MDL-lock. - if (wsrep_thd_is_toi(request_thd) || - wsrep_thd_is_applying(request_thd)) - { - THD *granted_thd= ticket->get_ctx()->get_thd(); - - const char* schema= key->db_name(); - int schema_len= key->db_name_length(); - const char* name= key->name(); - int name_len= key->name_length(); - - THD_STAGE_INFO(request_thd, stage_waiting_isolation); - mysql_mutex_unlock(&request_thd->LOCK_thd_data); - WSREP_MDL_LOG(DEBUG, "MDL conflict ", schema, schema_len, - name, name_len, request_thd, granted_thd); - ticket->wsrep_report(wsrep_debug); + /* Fallback to non-wsrep behaviour if request is not TOI or + applying. + */ + if (!wsrep_thd_is_BF(request_thd, FALSE)) return; // requestor needs to wait - DEBUG_SYNC(request_thd, "before_wsrep_thd_abort"); - DBUG_EXECUTE_IF("sync.before_wsrep_thd_abort", { - const char act[]= "now " - "SIGNAL sync.before_wsrep_thd_abort_reached " - "WAIT_FOR signal.before_wsrep_thd_abort"; - DBUG_ASSERT(!debug_sync_set_action(request_thd, STRING_WITH_LEN(act))); - };); - - /* Here we will call wsrep_abort_transaction so we should hold - THD::LOCK_thd_data to protect victim from concurrent usage - and THD::LOCK_thd_kill to protect from disconnect or delete. - */ - mysql_mutex_lock(&granted_thd->LOCK_thd_kill); - mysql_mutex_lock(&granted_thd->LOCK_thd_data); + THD *granted_thd= ticket->get_ctx()->get_thd(); - if (granted_thd->wsrep_aborter != 0) - { - // Granted thread has being already selected as a victim for - // BF kill, we can wait until it releases MDL-lock - DBUG_ASSERT(granted_thd->wsrep_aborter == request_thd->thread_id); - WSREP_DEBUG("BF thread waiting for a victim to release locks"); - } - else if (wsrep_thd_is_toi(granted_thd) || - wsrep_thd_is_applying(granted_thd)) - { - // Here both request thread and granted thread are either TOI - // or applying. - if (wsrep_thd_is_aborting(granted_thd)) - { - // Granted thread is aborting, we wait it to release MDL-locs - WSREP_DEBUG("BF thread for %s waiting for thread in aborting state for %s", - wsrep_thd_query(request_thd), - wsrep_thd_query(granted_thd)); - ticket->wsrep_report(wsrep_debug); - } - else if (wsrep_thd_is_SR(granted_thd) && !wsrep_thd_is_SR(request_thd)) - { - // Granted thread is executing streaming replication and request is DDL, - // abort granted - WSREP_MDL_LOG(INFO, "MDL conflict, DDL vs SR", - schema, schema_len, name, name_len, - request_thd, granted_thd); - wsrep_abort_thd(request_thd, granted_thd, 1); - } - else - { - DBUG_ASSERT(0); - // In this case request thread waits - WSREP_MDL_LOG(INFO, "MDL BF-BF conflict", schema, schema_len, - name, name_len, request_thd, granted_thd); - ticket->wsrep_report(true); - } - } - /* If granted thread has - ongoing BACKUP OR - ongoing FLUSH TABLES WITH READ LOCK OR - ongoing FLUSH TABLES FOR EXPORT OR LOCK TABLES - */ - else if (granted_thd->current_backup_stage != BACKUP_FINISHED || - granted_thd->global_read_lock.is_acquired() || - granted_thd->locked_tables_mode == LTM_LOCK_TABLES) - { - WSREP_DEBUG("BF thread waiting for %s", - (granted_thd->current_backup_stage != BACKUP_FINISHED ? "BACKUP" : - (granted_thd->global_read_lock.is_acquired() ? "FTWRL" : "LOCK TABLES"))); - ticket->wsrep_report(wsrep_debug); + THD_STAGE_INFO(request_thd, stage_waiting_isolation); - if (granted_thd->current_backup_stage != BACKUP_FINISHED && - wsrep_check_mode(WSREP_MODE_BF_MARIABACKUP)) - { - // User has allowed killing mariabackup - wsrep_abort_thd(request_thd, granted_thd, 1); - } - } - else - { - WSREP_MDL_LOG(DEBUG, "MDL conflict-> BF abort", schema, schema_len, - name, name_len, request_thd, granted_thd); - WSREP_DEBUG("wsrep_handle_mdl_conflict -> BF abort for %s", - wsrep_thd_query(granted_thd)); - ticket->wsrep_report(wsrep_debug); + // Thread should not hold any mutexes below debug sync point + DEBUG_SYNC(request_thd, "before_wsrep_thd_abort"); + DBUG_EXECUTE_IF("sync.before_wsrep_thd_abort", { + const char act[]= "now " + "SIGNAL sync.before_wsrep_thd_abort_reached " + "WAIT_FOR signal.before_wsrep_thd_abort"; + DBUG_ASSERT(!debug_sync_set_action(request_thd, STRING_WITH_LEN(act))); + };); + + /* We should hold + THD::LOCK_thd_data to protect granted from concurrent usage + and THD::LOCK_thd_kill to protect it from disconnect or delete. + */ + mysql_mutex_lock(&granted_thd->LOCK_thd_kill); + mysql_mutex_lock(&granted_thd->LOCK_thd_data); - if (granted_thd->wsrep_trx().active()) - { - // Granted thread has active wsrep transaction - wsrep_abort_thd(request_thd, granted_thd, 1); - } - else if (!WSREP(granted_thd) || - wsrep_thd_is_BF(granted_thd, false)) - { - // Granted thread is not wsrep transaction or it is not BF kill it - WSREP_MDL_LOG(DEBUG, "MDL conflict-> kill", schema, schema_len, - name, name_len, request_thd, granted_thd); - granted_thd->awake_no_mutex(KILL_QUERY_HARD); - ha_abort_transaction(request_thd, granted_thd, TRUE); - } - else - { - WSREP_DEBUG("MDL conflig-> wait request BF:%ld:%s granted %s:%ld query %s", - request_thd->thread_id, - wsrep_thd_query(request_thd), - (wsrep_thd_is_BF(granted_thd, FALSE) ? "LOCAL" : "BF"), - granted_thd->thread_id, - wsrep_thd_query(granted_thd)); - } - } + if (wsrep_debug) + { + wsrep_log_state("wsrep_handle_mdl_conflict() : (%s)", request_thd, false); + wsrep_log_state("wsrep_handle_mdl_conflict() : (%s)", granted_thd, true); + } - mysql_mutex_unlock(&granted_thd->LOCK_thd_data); - mysql_mutex_unlock(&granted_thd->LOCK_thd_kill); - DEBUG_SYNC(request_thd, "after_wsrep_thd_abort"); + if (granted_thd->wsrep_aborter != 0) + { + // Granted thread has being already selected as a victim for + // BF kill, we can wait until it releases MDL-lock + DBUG_ASSERT(granted_thd->wsrep_aborter == request_thd->thread_id); + } + else if (granted_thd->current_backup_stage != BACKUP_FINISHED || + granted_thd->global_read_lock.is_acquired() || + granted_thd->locked_tables_mode == LTM_LOCK_TABLES || + granted_thd->variables.option_bits & OPTION_TABLE_LOCK) + { + /* Granted thread has + ongoing BACKUP OR + ongoing FLUSH TABLES WITH READ LOCK OR + ongoing FLUSH TABLES FOR EXPORT OR + ongoing LOCK TABLES + */ + wsrep_handle_locked(request_thd, granted_thd, ticket, key); + } + else if (wsrep_thd_is_BF(granted_thd, FALSE)) + { + // Granted thread is either TOI or applying + wsrep_handle_granted_bf(request_thd, granted_thd, ticket, key); } else { - // Request thread is normal local transaction it has to wait - mysql_mutex_unlock(&request_thd->LOCK_thd_data); + // Granted thread is not brute-force thread, we can abort it + wsrep_abort_granted(request_thd, granted_thd, ticket, key); } + + mysql_mutex_unlock(&granted_thd->LOCK_thd_data); + mysql_mutex_unlock(&granted_thd->LOCK_thd_kill); + DEBUG_SYNC(request_thd, "after_wsrep_thd_abort"); } /**/ @@ -3769,25 +3976,25 @@ int wsrep_create_trigger_query(THD *thd, uchar** buf, size_t* buf_len) { - LEX *lex= thd->lex; String stmt_query; LEX_CSTRING definer_user; LEX_CSTRING definer_host; - if (!lex->definer) + LEX_USER *definer= thd->lex->definer; + if (!definer) { if (!thd->slave_thread) { - if (!(lex->definer= create_default_definer(thd, false))) + if (!(definer= create_default_definer(thd, false))) return 1; } } - if (lex->definer) + if (definer) { /* SUID trigger. */ - LEX_USER *d= get_current_user(thd, lex->definer); + LEX_USER *d= get_current_user(thd, definer); if (!d) return 1; @@ -4026,31 +4233,45 @@ return thd->wsrep_consistency_check == CONSISTENCY_CHECK_RUNNING; } -// Wait until wsrep has reached ready state -void wsrep_wait_ready(THD *thd) +bool wsrep_wait_ready(THD *thd) { // First check not locking the mutex. - if (wsrep_ready) - return; + switch (wsrep_state.load()) { + case NOT_READY: + break; + case READY: + return true; + case IN_SHUTDOWN: + return false; + } mysql_mutex_lock(&LOCK_wsrep_ready); - while(!wsrep_ready) + while(!wsrep_state) { WSREP_INFO("Waiting to reach ready state"); mysql_cond_wait(&COND_wsrep_ready, &LOCK_wsrep_ready); } - WSREP_INFO("ready state reached"); mysql_mutex_unlock(&LOCK_wsrep_ready); + WSREP_INFO("ready state reached"); + /* It may happen we stop waiting and immediately transition + to not ready state when we reach this line. It's a spurious + wakeup we cannot deal with, but the best we can do is to return + readiness indication. That's why we should compare to + IN_SHUTDOWN rather than returning wsrep_ready_get(). */ + return wsrep_state != IN_SHUTDOWN; } void wsrep_ready_set(bool ready_value) { WSREP_DEBUG("Setting wsrep_ready to %d", ready_value); mysql_mutex_lock(&LOCK_wsrep_ready); - wsrep_ready= ready_value; - // Signal if we have reached ready state - if (ready_value) - mysql_cond_signal(&COND_wsrep_ready); + /* Only transition if we're not shutting down. */ + if (wsrep_state != IN_SHUTDOWN) { + wsrep_state= ready_value ? READY : NOT_READY; + // Signal if we have reached ready state + if (ready_value) + mysql_cond_signal(&COND_wsrep_ready); + } mysql_mutex_unlock(&LOCK_wsrep_ready); } @@ -4197,3 +4418,26 @@ thd->killed); } } + +const std::string wsrep_get_server_uuid() +{ + std::string server_uuid; + const wsrep::gtid& gtid= Wsrep_server_state::instance().provider().last_committed_gtid(); + std::ostringstream uuid_oss; + uuid_oss << gtid.id(); + server_uuid= uuid_oss.str(); + return server_uuid; +} + +const std::string wsrep_get_checkpoint() +{ + const Wsrep_server_state& server_state= Wsrep_server_state::instance(); + const wsrep::gtid& gtid= server_state.provider().last_committed_gtid(); + std::ostringstream gtid_oss; + gtid_oss << gtid; + + // Build checkpoint using wsrep_start_posistion format + std::string wsrep_checkpoint= gtid_oss.str(); + + return wsrep_checkpoint; +} diff -Nru mariadb-11.8.6/sql/wsrep_mysqld.h mariadb-11.8.8/sql/wsrep_mysqld.h --- mariadb-11.8.6/sql/wsrep_mysqld.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_mysqld.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,4 @@ -/* Copyright 2008-2025 Codership Oy +/* Copyright 2008-2026 Codership Oy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -78,7 +78,6 @@ extern ulong wsrep_mysql_replication_bundle; extern my_bool wsrep_load_data_splitting; extern my_bool wsrep_restart_slave; -extern my_bool wsrep_restart_slave_activated; extern my_bool wsrep_slave_FK_checks; extern my_bool wsrep_slave_UK_checks; extern ulong wsrep_trx_fragment_unit; @@ -209,7 +208,7 @@ /* new defines */ extern void wsrep_stop_replication(THD *thd); extern bool wsrep_start_replication(const char *wsrep_cluster_address); -extern void wsrep_shutdown_replication(); +extern void wsrep_shutdown(); extern bool wsrep_check_mode (enum_wsrep_mode mask); extern bool wsrep_check_mode_after_open_table (THD *thd, const handlerton *hton, TABLE_LIST *tables); @@ -278,7 +277,6 @@ } extern my_bool wsrep_ready_get(); -extern void wsrep_ready_wait(); extern mysql_mutex_t LOCK_wsrep_ready; extern mysql_cond_t COND_wsrep_ready; @@ -591,7 +589,17 @@ wsrep::key wsrep_prepare_key_for_toi(const char* db, const char* table, enum wsrep::key::type type); -void wsrep_wait_ready(THD *thd); +/** + * Wait until wsrep has reached ready state + * @return true if the node is ready, false if it's in shutdown + * + * @note The function may spuriously stop waiting and return + * readiness indication while in reality the node is not being + * ready. It's the best effort, and it's false-positive. + * In contrast, returning false is guaranteed to only happen + * when the node is indeed in shutdown. + */ +bool wsrep_wait_ready(THD *thd); void wsrep_ready_set(bool ready_value); /** @@ -612,6 +620,14 @@ void wsrep_report_query_interrupted(const THD *thd, const char* file, const int line); +/** Return wsrep server uuid. + */ +const std::string wsrep_get_server_uuid(); + +/** Return full wsrep strorage engine checkpoint. + */ +const std::string wsrep_get_checkpoint(); + #else /* !WITH_WSREP */ /* These macros are needed to compile MariaDB without WSREP support diff -Nru mariadb-11.8.6/sql/wsrep_notify.cc mariadb-11.8.8/sql/wsrep_notify.cc --- mariadb-11.8.6/sql/wsrep_notify.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_notify.cc 2026-05-24 09:58:32.000000000 +0000 @@ -14,11 +14,39 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA */ #include "mariadb.h" +#include #include #include "wsrep_priv.h" #include "wsrep_utils.h" #include "wsrep_status.h" +/* Allow only alnum and -_. */ +static bool is_valid_node_name(const char* s) +{ + if (!s) return true; + for (; *s; ++s) + { + unsigned char c= (unsigned char) *s; + if (!isalnum(c) && c != '-' && c != '_' && c != '.') + return false; + } + return true; +} + +/* Allow alnum and -_.:[]/ (host:port and [ipv6] forms). */ +static bool is_valid_node_addr(const char* s) +{ + if (!s) return true; + for (; *s; ++s) + { + unsigned char c= (unsigned char) *s; + if (!isalnum(c) && c != '-' && c != '_' && c != '.' && + c != ':' && c != '[' && c != ']' && c != '/') + return false; + } + return true; +} + void wsrep_notify_status(enum wsrep::server_state::state status, const wsrep::view* view) { @@ -71,13 +99,22 @@ for (unsigned int i= 0; i < members.size(); i++) { + const char* name= members[i].name().c_str(); + const char* incoming= members[i].incoming().c_str(); + if (!is_valid_node_name(name) || !is_valid_node_addr(incoming)) + { + WSREP_ERROR("Unsafe characters in cluster member %u " + "wsrep_node_name or wsrep_node_incoming_address, " + "aborting notification.", i); + my_free(cmd_ptr); + return; + } std::ostringstream id; id << members[i].id(); cmd_off += snprintf(cmd_ptr + cmd_off, cmd_len - cmd_off, "%c%s/%s/%s", i > 0 ? ',' : ' ', id.str().c_str(), - members[i].name().c_str(), - members[i].incoming().c_str()); + name, incoming); } } } diff -Nru mariadb-11.8.6/sql/wsrep_schema.cc mariadb-11.8.8/sql/wsrep_schema.cc --- mariadb-11.8.6/sql/wsrep_schema.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_schema.cc 2026-05-24 09:58:32.000000000 +0000 @@ -37,102 +37,72 @@ #include #include -#define WSREP_SCHEMA "mysql" -#define WSREP_STREAMING_TABLE "wsrep_streaming_log" -#define WSREP_CLUSTER_TABLE "wsrep_cluster" -#define WSREP_MEMBERS_TABLE "wsrep_cluster_members" -#define WSREP_ALLOWLIST_TABLE "wsrep_allowlist" - LEX_CSTRING WSREP_LEX_SCHEMA= {STRING_WITH_LEN(WSREP_SCHEMA)}; LEX_CSTRING WSREP_LEX_STREAMING= {STRING_WITH_LEN(WSREP_STREAMING_TABLE)}; LEX_CSTRING WSREP_LEX_CLUSTER= {STRING_WITH_LEN(WSREP_CLUSTER_TABLE)}; LEX_CSTRING WSREP_LEX_MEMBERS= {STRING_WITH_LEN(WSREP_MEMBERS_TABLE)}; LEX_CSTRING WSREP_LEX_ALLOWLIST= {STRING_WITH_LEN(WSREP_ALLOWLIST_TABLE)}; -const char* wsrep_sr_table_name_full= WSREP_SCHEMA "/" WSREP_STREAMING_TABLE; - -static const std::string wsrep_schema_str= WSREP_SCHEMA; -static const std::string sr_table_str= WSREP_STREAMING_TABLE; -static const std::string cluster_table_str= WSREP_CLUSTER_TABLE; -static const std::string members_table_str= WSREP_MEMBERS_TABLE; -static const std::string allowlist_table_str= WSREP_ALLOWLIST_TABLE; - -static const std::string create_cluster_table_str= - "CREATE TABLE IF NOT EXISTS " + wsrep_schema_str + "." + cluster_table_str + - "(" - "cluster_uuid CHAR(36) PRIMARY KEY," - "view_id BIGINT NOT NULL," - "view_seqno BIGINT NOT NULL," - "protocol_version INT NOT NULL," - "capabilities INT NOT NULL" - ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1"; - -static const std::string create_members_table_str= - "CREATE TABLE IF NOT EXISTS " + wsrep_schema_str + "." + members_table_str + - "(" - "node_uuid CHAR(36) PRIMARY KEY," - "cluster_uuid CHAR(36) NOT NULL," - "node_name CHAR(32) NOT NULL," - "node_incoming_address VARCHAR(256) NOT NULL" - ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1"; - -#ifdef WSREP_SCHEMA_MEMBERS_HISTORY -static const std::string cluster_member_history_table_str= "wsrep_cluster_member_history"; -static const std::string create_members_history_table_str= - "CREATE TABLE IF NOT EXISTS " + wsrep_schema_str + "." + cluster_member_history_table_str + - "(" - "node_uuid CHAR(36) PRIMARY KEY," - "cluster_uuid CHAR(36) NOT NULL," - "last_view_id BIGINT NOT NULL," - "last_view_seqno BIGINT NOT NULL," - "node_name CHAR(32) NOT NULL," - "node_incoming_address VARCHAR(256) NOT NULL" - ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1"; -#endif /* WSREP_SCHEMA_MEMBERS_HISTORY */ - -static const std::string create_frag_table_str= - "CREATE TABLE IF NOT EXISTS " + wsrep_schema_str + "." + sr_table_str + - "(" - "node_uuid CHAR(36), " - "trx_id BIGINT, " - "seqno BIGINT, " - "flags INT NOT NULL, " - "frag LONGBLOB NOT NULL, " - "PRIMARY KEY (node_uuid, trx_id, seqno)" - ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1"; - -static const std::string create_allowlist_table_str= - "CREATE TABLE IF NOT EXISTS " + wsrep_schema_str + "." + allowlist_table_str + - "(" - "ip CHAR(64) NOT NULL," - "PRIMARY KEY (ip)" - ") ENGINE=InnoDB STATS_PERSISTENT=0"; +#define create_cluster_table_str \ + "CREATE TABLE IF NOT EXISTS " WSREP_SCHEMA "." WSREP_CLUSTER_TABLE \ + "(" \ + "cluster_uuid CHAR(36) PRIMARY KEY," \ + "view_id BIGINT NOT NULL," \ + "view_seqno BIGINT NOT NULL," \ + "protocol_version INT NOT NULL," \ + "capabilities INT NOT NULL" \ + ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1" + +#define create_members_table_str \ + "CREATE TABLE IF NOT EXISTS " WSREP_SCHEMA "." WSREP_MEMBERS_TABLE \ + "(" \ + "node_uuid CHAR(36) PRIMARY KEY," \ + "cluster_uuid CHAR(36) NOT NULL," \ + "node_name CHAR(32) NOT NULL," \ + "node_incoming_address VARCHAR(256) NOT NULL" \ + ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1" + +#define create_frag_table_str \ + "CREATE TABLE IF NOT EXISTS " WSREP_SCHEMA "." WSREP_STREAMING_TABLE \ + "(" \ + "node_uuid CHAR(36), " \ + "trx_id BIGINT, " \ + "seqno BIGINT, " \ + "flags INT NOT NULL, " \ + "frag LONGBLOB NOT NULL, " \ + "PRIMARY KEY (node_uuid, trx_id, seqno)" \ + ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1" + +#define create_allowlist_table_str \ + "CREATE TABLE IF NOT EXISTS " WSREP_SCHEMA "." WSREP_ALLOWLIST_TABLE \ + "(" \ + "ip CHAR(64) NOT NULL," \ + "PRIMARY KEY (ip)" \ + ") ENGINE=InnoDB STATS_PERSISTENT=0 CHARSET=latin1" -static const std::string delete_from_cluster_table= - "DELETE FROM " + wsrep_schema_str + "." + cluster_table_str; +#define delete_from_cluster_table \ + "DELETE FROM " WSREP_SCHEMA "." WSREP_CLUSTER_TABLE -static const std::string delete_from_members_table= - "DELETE FROM " + wsrep_schema_str + "." + members_table_str; +#define delete_from_members_table \ + "DELETE FROM " WSREP_SCHEMA "." WSREP_MEMBERS_TABLE /* For rolling upgrade we need to use ALTER. We do not want persistent statistics to be collected from these tables. */ -static const std::string alter_cluster_table= - "ALTER TABLE " + wsrep_schema_str + "." + cluster_table_str + - " STATS_PERSISTENT=0 CHARSET=latin1"; - -static const std::string alter_members_table= - "ALTER TABLE " + wsrep_schema_str + "." + members_table_str + - " STATS_PERSISTENT=0 CHARSET=latin1"; - -#ifdef WSREP_SCHEMA_MEMBERS_HISTORY -static const std::string alter_members_history_table= - "ALTER TABLE " + wsrep_schema_str + "." + members_history_table_str + - " STATS_PERSISTENT=0 CHARSET=latin1"; -#endif - -static const std::string alter_frag_table= - "ALTER TABLE " + wsrep_schema_str + "." + sr_table_str + - " STATS_PERSISTENT=0 CHARSET=latin1"; +#define alter_frag_table \ + "ALTER TABLE " WSREP_SCHEMA "." WSREP_STREAMING_TABLE \ + " STATS_PERSISTENT=0 CHARSET=latin1" + +#define alter_cluster_table \ + "ALTER TABLE " WSREP_SCHEMA "." WSREP_CLUSTER_TABLE \ + " STATS_PERSISTENT=0 CHARSET=latin1" + +#define alter_members_table \ + "ALTER TABLE " WSREP_SCHEMA "." WSREP_MEMBERS_TABLE \ + " STATS_PERSISTENT=0 CHARSET=latin1" + +#define alter_allowlist_table \ + "ALTER TABLE " WSREP_SCHEMA "." WSREP_ALLOWLIST_TABLE \ + " STATS_PERSISTENT=0 CHARSET=latin1" namespace Wsrep_schema_impl { @@ -356,7 +326,7 @@ static int open_for_write(THD* thd, const char* table_name, TABLE_LIST* table_list) { - LEX_CSTRING schema_str= { wsrep_schema_str.c_str(), wsrep_schema_str.length() }; + LEX_CSTRING schema_str= { STRING_WITH_LEN(WSREP_SCHEMA) }; LEX_CSTRING table_str= { table_name, strlen(table_name) }; if (Wsrep_schema_impl::open_table(thd, &schema_str, &table_str, TL_WRITE, table_list)) @@ -527,7 +497,7 @@ static int open_for_read(THD *thd, const char *table_name, TABLE_LIST *table_list) { - LEX_CSTRING schema_str= { wsrep_schema_str.c_str(), wsrep_schema_str.length() }; + LEX_CSTRING schema_str= { STRING_WITH_LEN(WSREP_SCHEMA)}; LEX_CSTRING table_str= { table_name, strlen(table_name) }; if (Wsrep_schema_impl::open_table(thd, &schema_str, &table_str, TL_READ, table_list)) @@ -760,33 +730,15 @@ } wsrep_init_thd_for_schema(thd); - if (Wsrep_schema_impl::execute_SQL(thd, create_cluster_table_str.c_str(), - create_cluster_table_str.size()) || - Wsrep_schema_impl::execute_SQL(thd, create_members_table_str.c_str(), - create_members_table_str.size()) || -#ifdef WSREP_SCHEMA_MEMBERS_HISTORY - Wsrep_schema_impl::execute_SQL(thd, - create_members_history_table_str.c_str(), - create_members_history_table_str.size()) || - Wsrep_schema_impl::execute_SQL(thd, - alter_members_history_table.c_str(), - alter_members_history_table.size()) || -#endif /* WSREP_SCHEMA_MEMBERS_HISTORY */ - Wsrep_schema_impl::execute_SQL(thd, - create_frag_table_str.c_str(), - create_frag_table_str.size()) || - Wsrep_schema_impl::execute_SQL(thd, - alter_cluster_table.c_str(), - alter_cluster_table.size()) || - Wsrep_schema_impl::execute_SQL(thd, - alter_members_table.c_str(), - alter_members_table.size()) || - Wsrep_schema_impl::execute_SQL(thd, - alter_frag_table.c_str(), - alter_frag_table.size()) || - Wsrep_schema_impl::execute_SQL(thd, - create_allowlist_table_str.c_str(), - create_allowlist_table_str.size())) + if (Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(create_cluster_table_str)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(create_members_table_str)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(create_frag_table_str)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(create_allowlist_table_str)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(alter_frag_table)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(alter_cluster_table)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(alter_members_table)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(alter_allowlist_table)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN("SET GLOBAL innodb_log_checkpoint_now=1"))) { ret= 1; } @@ -833,12 +785,8 @@ /* Clean up cluster table and members table. */ - if (Wsrep_schema_impl::execute_SQL(thd, - delete_from_cluster_table.c_str(), - delete_from_cluster_table.size()) || - Wsrep_schema_impl::execute_SQL(thd, - delete_from_members_table.c_str(), - delete_from_members_table.size())) { + if (Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(delete_from_cluster_table)) || + Wsrep_schema_impl::execute_SQL(thd, STRING_WITH_LEN(delete_from_members_table))) { goto out; } @@ -846,7 +794,7 @@ Store cluster view info */ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_write(thd, cluster_table_str.c_str(), &cluster_table_l)) + if (Wsrep_schema_impl::open_for_write(thd, WSREP_CLUSTER_TABLE, &cluster_table_l)) { goto out; } @@ -871,8 +819,7 @@ Store info about current members */ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_write(thd, members_table_str.c_str(), - &members_table_l)) + if (Wsrep_schema_impl::open_for_write(thd, WSREP_MEMBERS_TABLE, &members_table_l)) { WSREP_ERROR("failed to open wsrep.members table"); goto out; @@ -984,7 +931,7 @@ Read cluster info from cluster table */ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_read(thd, cluster_table_str.c_str(), &cluster_table_l)) { + if (Wsrep_schema_impl::open_for_read(thd, WSREP_CLUSTER_TABLE, &cluster_table_l)) { goto out; } cluster_table = cluster_table_l.table; @@ -1013,8 +960,7 @@ Read members from members table */ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_read(thd, members_table_str.c_str(), - &members_table_l)) + if (Wsrep_schema_impl::open_for_read(thd, WSREP_MEMBERS_TABLE, &members_table_l)) { goto out; } @@ -1127,7 +1073,7 @@ Wsrep_schema_impl::init_stmt(thd); TABLE_LIST frag_table_l; - if (Wsrep_schema_impl::open_for_write(thd, sr_table_str.c_str(), &frag_table_l)) + if (Wsrep_schema_impl::open_for_write(thd, WSREP_STREAMING_TABLE, &frag_table_l)) { trans_rollback_stmt(thd); thd->lex->restore_backup_query_tables_list(&query_tables_list_backup); @@ -1181,7 +1127,7 @@ TABLE_LIST frag_table_l; Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_write(thd, sr_table_str.c_str(), &frag_table_l)) + if (Wsrep_schema_impl::open_for_write(thd, WSREP_STREAMING_TABLE, &frag_table_l)) { thd->lex->restore_backup_query_tables_list(&query_tables_list_backup); DBUG_RETURN(1); @@ -1311,7 +1257,7 @@ TABLE* frag_table= 0; TABLE_LIST frag_table_l; - if (Wsrep_schema_impl::open_for_write(thd, sr_table_str.c_str(), &frag_table_l)) + if (Wsrep_schema_impl::open_for_write(thd, WSREP_STREAMING_TABLE, &frag_table_l)) { ret= 1; } @@ -1379,7 +1325,7 @@ i != fragments.end(); ++i) { Wsrep_schema_impl::init_stmt(thd); - if ((error= Wsrep_schema_impl::open_for_read(thd, sr_table_str.c_str(), &frag_table_l))) + if ((error= Wsrep_schema_impl::open_for_read(thd, WSREP_STREAMING_TABLE, &frag_table_l))) { WSREP_WARN("Could not open SR table for read: %d", error); Wsrep_schema_impl::finish_stmt(thd); @@ -1430,7 +1376,7 @@ Wsrep_schema_impl::init_stmt(thd); if ((error= Wsrep_schema_impl::open_for_write(thd, - sr_table_str.c_str(), + WSREP_STREAMING_TABLE, &frag_table_l))) { WSREP_WARN("Could not open SR table for write: %d", error); @@ -1522,7 +1468,7 @@ Wsrep_schema_impl::init_stmt(storage_thd); storage_thd->wsrep_skip_locking= FALSE; - if (Wsrep_schema_impl::open_for_read(storage_thd, cluster_table_str.c_str(), + if (Wsrep_schema_impl::open_for_read(storage_thd, WSREP_CLUSTER_TABLE, &cluster_table_l)) { Wsrep_schema_impl::finish_stmt(storage_thd); @@ -1568,7 +1514,7 @@ Open the table for reading and writing so that fragments without valid seqno can be deleted. */ - if (Wsrep_schema_impl::open_for_write(storage_thd, sr_table_str.c_str(), + if (Wsrep_schema_impl::open_for_write(storage_thd, WSREP_STREAMING_TABLE, &frag_table_l)) { WSREP_ERROR("Failed to open SR table for write"); @@ -1755,7 +1701,7 @@ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_write(thd, allowlist_table_str.c_str(), + if (Wsrep_schema_impl::open_for_write(thd, WSREP_ALLOWLIST_TABLE, &allowlist_table_l) || (allowlist_table= allowlist_table_l.table, Wsrep_schema_impl::init_for_scan(allowlist_table))) @@ -1802,7 +1748,7 @@ int error; Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_write(thd, allowlist_table_str.c_str(), + if (Wsrep_schema_impl::open_for_write(thd, WSREP_ALLOWLIST_TABLE, &allowlist_table_l)) { WSREP_ERROR("Failed to open mysql.wsrep_allowlist table"); @@ -1863,7 +1809,7 @@ * Read allowlist table */ Wsrep_schema_impl::init_stmt(thd); - if (Wsrep_schema_impl::open_for_read(thd, allowlist_table_str.c_str(), + if (Wsrep_schema_impl::open_for_read(thd, WSREP_ALLOWLIST_TABLE, &allowlist_table_l) || (allowlist_table= allowlist_table_l.table, Wsrep_schema_impl::init_for_scan(allowlist_table))) diff -Nru mariadb-11.8.6/sql/wsrep_schema.h mariadb-11.8.8/sql/wsrep_schema.h --- mariadb-11.8.6/sql/wsrep_schema.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_schema.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,5 @@ -/* Copyright (C) 2015-2025 Codership Oy +/* Copyright (C) 2015-2024 Codership Oy + Copyright (C) 2025-2026 MariaDB plc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -170,6 +171,12 @@ Wsrep_schema& operator=(const Wsrep_schema&); }; +#define WSREP_SCHEMA "mysql" +#define WSREP_STREAMING_TABLE "wsrep_streaming_log" +#define WSREP_CLUSTER_TABLE "wsrep_cluster" +#define WSREP_MEMBERS_TABLE "wsrep_cluster_members" +#define WSREP_ALLOWLIST_TABLE "wsrep_allowlist" + extern Wsrep_schema* wsrep_schema; extern LEX_CSTRING WSREP_LEX_SCHEMA; diff -Nru mariadb-11.8.6/sql/wsrep_sst.cc mariadb-11.8.8/sql/wsrep_sst.cc --- mariadb-11.8.6/sql/wsrep_sst.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_sst.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,5 +1,5 @@ -/* Copyright 2008-2022 Codership Oy - Copyright (c) 2008, 2022, MariaDB +/* Copyright (C) 2008, 2025 Codership Oy + Copyright (c) 2008, 2026, MariaDB This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -192,6 +192,12 @@ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); } +/* return true if string is comma seprated list */ +static bool comma_char(int const c) +{ + return (c == ','); +} + /* return true if character can be a part of an address string */ static bool address_char(int const c) { @@ -199,6 +205,12 @@ (c == ':') || (c == '[') || (c == ']') || (c == '/'); } +/* return true if character can be a part of an address string list */ +static bool names_list(int const c) +{ + return address_char(c) || comma_char(c); +} + static bool check_request_str(const char* const str, bool (*check) (int c), bool log_warn = true) @@ -270,8 +282,19 @@ bool wsrep_sst_receive_address_check (sys_var *self, THD* thd, set_var* var) { - if ((! var->save_result.string_value.str) || - (var->save_result.string_value.length > (FN_REFLEN - 1))) // safety + /* Allow empty value */ + if (!var->save_result.string_value.str || var->save_result.string_value.length == 0) + return 0; + + /* Check length */ + if ((var->save_result.string_value.length > (FN_REFLEN - 1))) // safety + { + goto err; + } + + /* check also that address contains only accepted characters */ + if (check_request_str(var->save_result.string_value.str, + address_char, false)) { goto err; } @@ -337,16 +360,29 @@ bool wsrep_sst_donor_check (sys_var *self, THD* thd, set_var* var) { - if ((! var->save_result.string_value.str) || - (var->save_result.string_value.length > (FN_REFLEN -1))) // safety + /* Check length */ + if (!var->save_result.string_value.str || + var->save_result.string_value.length > FN_REFLEN-1) // safety + goto err; + + /* Allow empty value */ + if (var->save_result.string_value.length == 0) + return 0; + + /* check also that donor string contains only accepted characters */ + if (check_request_str(var->save_result.string_value.str, + names_list, false)) { - my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), var->var->name.str, - var->save_result.string_value.str ? - var->save_result.string_value.str : "NULL"); - return 1; + goto err; } return 0; + +err: + my_error(ER_WRONG_VALUE_FOR_VAR, MYF(0), var->var->name.str, + var->save_result.string_value.str ? + var->save_result.string_value.str : "NULL"); + return 1; } bool wsrep_sst_donor_update (sys_var *self, THD* thd, enum_var_type type) @@ -1975,9 +2011,9 @@ const char base_name[]= "tables_flushed"; ssize_t const full_len= strlen(mysql_real_data_home) + strlen(base_name)+2; char *real_name= (char*) my_malloc(key_memory_WSREP, full_len, 0); - sprintf(real_name, "%s/%s", mysql_real_data_home, base_name); + snprintf(real_name, full_len, "%s/%s", mysql_real_data_home, base_name); char *tmp_name= (char*) my_malloc(key_memory_WSREP, full_len + 4, 0); - sprintf(tmp_name, "%s.tmp", real_name); + snprintf(tmp_name, full_len + 4, "%s.tmp", real_name); FILE* file= fopen(tmp_name, "w+"); if (0 == file) diff -Nru mariadb-11.8.6/sql/wsrep_var.cc mariadb-11.8.8/sql/wsrep_var.cc --- mariadb-11.8.6/sql/wsrep_var.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_var.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,5 @@ -/* Copyright 2008-2025 Codership Oy +/* Copyright 2008-2026 Codership Oy + Copyright 2025-2026 MariaDB plc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -995,6 +996,11 @@ my_message(ER_WRONG_ARGUMENTS, "WSREP (galera) not started", MYF(0)); return true; } + if (thd->wsrep_trx().active()) + { + my_message(ER_WRONG_ARGUMENTS, "WSREP transaction is active", MYF(0)); + return true; + } return false; } @@ -1033,55 +1039,6 @@ return false; } -#if UNUSED /* eaec266eb16c (Sergei Golubchik 2014-09-28) */ -static SHOW_VAR wsrep_status_vars[]= -{ - {"connected", (char*) &wsrep_connected, SHOW_BOOL}, - {"ready", (char*) &wsrep_show_ready, SHOW_FUNC}, - {"cluster_state_uuid",(char*) &wsrep_cluster_state_uuid,SHOW_CHAR_PTR}, - {"cluster_conf_id", (char*) &wsrep_cluster_conf_id, SHOW_LONGLONG}, - {"cluster_status", (char*) &wsrep_cluster_status, SHOW_CHAR_PTR}, - {"cluster_size", (char*) &wsrep_cluster_size, SHOW_LONG_NOFLUSH}, - {"local_index", (char*) &wsrep_local_index, SHOW_LONG_NOFLUSH}, - {"local_bf_aborts", (char*) &wsrep_show_bf_aborts, SHOW_FUNC}, - {"provider_name", (char*) &wsrep_provider_name, SHOW_CHAR_PTR}, - {"provider_version", (char*) &wsrep_provider_version, SHOW_CHAR_PTR}, - {"provider_vendor", (char*) &wsrep_provider_vendor, SHOW_CHAR_PTR}, - {"provider_capabilities", (char*) &wsrep_provider_capabilities, SHOW_CHAR_PTR}, - {"thread_count", (char*) &wsrep_running_threads, SHOW_LONG_NOFLUSH}, - {"applier_thread_count", (char*)&wsrep_running_applier_threads, SHOW_LONG_NOFLUSH}, - {"rollbacker_thread_count", (char *)&wsrep_running_rollbacker_threads, SHOW_LONG_NOFLUSH}, -}; - -static int show_var_cmp(const void *var1, const void *var2) -{ - return strcasecmp(((SHOW_VAR*)var1)->name, ((SHOW_VAR*)var2)->name); -} - -/* - * Status variables stuff below - */ -static inline void -wsrep_assign_to_mysql (SHOW_VAR* mysql, wsrep_stats_var* wsrep_var) -{ - mysql->name= wsrep_var->name; - switch (wsrep_var->type) { - case WSREP_VAR_INT64: - mysql->value= (char*) &wsrep_var->value._int64; - mysql->type= SHOW_LONGLONG; - break; - case WSREP_VAR_STRING: - mysql->value= (char*) &wsrep_var->value._string; - mysql->type= SHOW_CHAR_PTR; - break; - case WSREP_VAR_DOUBLE: - mysql->value= (char*) &wsrep_var->value._double; - mysql->type= SHOW_DOUBLE; - break; - } -} -#endif /* UNUSED */ - #if DYNAMIC // somehow this mysql status thing works only with statically allocated arrays. static SHOW_VAR* mysql_status_vars= NULL; @@ -1097,6 +1054,17 @@ thd->wsrep_status_vars= Wsrep_server_state::instance().status(); + /* Add wsrep_checkpoint_position and SE checkpoint */ + wsrep::provider::status_variable checkpoint("checkpoint_position", + wsrep_get_checkpoint()); + thd->wsrep_status_vars.push_back(checkpoint); + XID xid; + wsrep_get_SE_checkpoint(xid); + const std::string se_checkpoint= wsrep_xid_print(&xid); + wsrep::provider::status_variable se_chkpoint("se_checkpoint", + se_checkpoint); + thd->wsrep_status_vars.push_back(se_chkpoint); + wsrep_status_len= thd->wsrep_status_vars.size(); #if DYNAMIC @@ -1221,3 +1189,20 @@ return false; } + +bool wsrep_max_ws_rows_check(sys_var *self, THD* thd, set_var* var) +{ + unsigned long long max_rows= (unsigned long long)var->save_result.ulonglong_value; + + // Default 0 is always allowed + if (max_rows == 0) + return false; + + // Note that we allow changing this even when WSREP is not on + if (thd->wsrep_trx().active()) + { + my_message(ER_WRONG_ARGUMENTS, "WSREP transaction is active", MYF(0)); + return true; + } + return false; +} diff -Nru mariadb-11.8.6/sql/wsrep_var.h mariadb-11.8.8/sql/wsrep_var.h --- mariadb-11.8.6/sql/wsrep_var.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_var.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,5 @@ /* Copyright (C) 2013-2025 Codership Oy + Copyright (C) 2025-2026 MariaDB plc This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -100,6 +101,7 @@ extern bool wsrep_max_ws_size_check CHECK_ARGS; extern bool wsrep_max_ws_size_update UPDATE_ARGS; +extern bool wsrep_max_ws_rows_check CHECK_ARGS; extern bool wsrep_reject_queries_update UPDATE_ARGS; diff -Nru mariadb-11.8.6/sql/wsrep_xid.h mariadb-11.8.8/sql/wsrep_xid.h --- mariadb-11.8.6/sql/wsrep_xid.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql/wsrep_xid.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,4 @@ -/* Copyright (C) 2015-2025 Codership Oy +/* Copyright (C) 2015-2026 Codership Oy This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -30,7 +30,7 @@ template T wsrep_get_SE_checkpoint(); bool wsrep_set_SE_checkpoint(const wsrep::gtid& gtid, const wsrep_server_gtid_t&); -//void wsrep_get_SE_checkpoint(XID&); /* uncomment if needed */ +bool wsrep_get_SE_checkpoint(XID&); //void wsrep_set_SE_checkpoint(XID&); /* uncomment if needed */ void wsrep_sort_xid_array(XID *array, int len); diff -Nru mariadb-11.8.6/sql/yy_mariadb.cc mariadb-11.8.8/sql/yy_mariadb.cc --- mariadb-11.8.6/sql/yy_mariadb.cc 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/sql/yy_mariadb.cc 2026-05-24 09:58:35.000000000 +0000 @@ -2716,7 +2716,7 @@ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 750 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 115216 +#define YYLAST 115755 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 798 @@ -2725,7 +2725,7 @@ /* YYNRULES -- Number of rules. */ #define YYNRULES 3834 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 6431 +#define YYNSTATES 6432 /* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 1030 @@ -3007,235 +3007,235 @@ 10156, 10157, 10158, 10159, 10160, 10161, 10193, 10194, 10195, 10196, 10197, 10198, 10199, 10200, 10201, 10209, 10217, 10218, 10225, 10231, 10236, 10246, 10251, 10256, 10262, 10267, 10275, 10286, 10293, 10298, - 10303, 10308, 10313, 10319, 10325, 10335, 10336, 10337, 10338, 10346, - 10347, 10356, 10357, 10363, 10367, 10373, 10379, 10388, 10389, 10398, - 10405, 10419, 10425, 10433, 10442, 10451, 10458, 10464, 10470, 10476, - 10491, 10502, 10508, 10514, 10521, 10527, 10533, 10541, 10549, 10556, - 10560, 10566, 10574, 10584, 10585, 10589, 10593, 10600, 10604, 10624, - 10631, 10637, 10644, 10651, 10657, 10663, 10669, 10675, 10682, 10689, - 10695, 10706, 10713, 10719, 10732, 10737, 10742, 10748, 10754, 10759, - 10766, 10773, 10781, 10788, 10795, 10802, 10817, 10823, 10829, 10838, - 10849, 10856, 10862, 10870, 10876, 10882, 10888, 10894, 10902, 10914, - 10934, 10933, 11015, 11021, 11027, 11033, 11038, 11043, 11048, 11053, - 11058, 11063, 11083, 11085, 11090, 11091, 11095, 11096, 11100, 11101, - 11105, 11112, 11120, 11147, 11153, 11159, 11165, 11171, 11177, 11186, - 11193, 11195, 11192, 11202, 11213, 11219, 11225, 11231, 11237, 11243, - 11249, 11255, 11261, 11268, 11267, 11288, 11287, 11318, 11317, 11331, - 11340, 11358, 11360, 11362, 11377, 11384, 11391, 11398, 11405, 11412, - 11419, 11426, 11433, 11440, 11451, 11458, 11469, 11480, 11500, 11499, - 11505, 11522, 11528, 11537, 11546, 11556, 11555, 11567, 11582, 11595, - 11600, 11608, 11609, 11614, 11619, 11622, 11624, 11628, 11633, 11641, - 11642, 11647, 11654, 11664, 11663, 11680, 11682, 11689, 11696, 11703, - 11707, 11708, 11709, 11717, 11718, 11719, 11720, 11721, 11722, 11723, - 11724, 11728, 11729, 11730, 11731, 11738, 11739, 11743, 11748, 11756, - 11757, 11761, 11768, 11776, 11785, 11795, 11796, 11807, 11808, 11824, - 11825, 11826, 11833, 11837, 11842, 11843, 11849, 11848, 11877, 11876, - 11892, 11901, 11913, 11925, 11926, 11927, 11928, 11933, 11934, 11935, - 11936, 11937, 11941, 11942, 11947, 11951, 11955, 11963, 11970, 11978, - 11984, 11977, 12030, 12031, 12037, 12042, 12056, 12064, 12062, 12082, - 12080, 12093, 12105, 12103, 12123, 12122, 12134, 12147, 12145, 12166, - 12165, 12178, 12192, 12193, 12194, 12198, 12199, 12207, 12208, 12212, - 12221, 12222, 12223, 12228, 12229, 12233, 12234, 12238, 12239, 12243, - 12244, 12252, 12260, 12268, 12269, 12282, 12298, 12302, 12323, 12324, - 12329, 12333, 12334, 12335, 12339, 12340, 12345, 12344, 12350, 12349, - 12357, 12358, 12361, 12363, 12363, 12367, 12367, 12372, 12373, 12377, - 12379, 12384, 12385, 12389, 12400, 12414, 12415, 12416, 12417, 12418, - 12419, 12420, 12421, 12422, 12423, 12424, 12425, 12429, 12430, 12431, - 12432, 12433, 12434, 12435, 12436, 12437, 12441, 12442, 12443, 12444, - 12447, 12449, 12450, 12454, 12455, 12459, 12467, 12469, 12473, 12475, - 12474, 12486, 12489, 12488, 12506, 12508, 12512, 12517, 12525, 12526, - 12543, 12566, 12567, 12573, 12574, 12578, 12591, 12590, 12599, 12600, - 12609, 12610, 12614, 12615, 12619, 12620, 12634, 12635, 12639, 12649, - 12658, 12665, 12672, 12682, 12683, 12690, 12700, 12701, 12703, 12705, - 12707, 12709, 12718, 12722, 12723, 12727, 12741, 12742, 12748, 12747, - 12758, 12764, 12773, 12774, 12775, 12781, 12782, 12787, 12794, 12800, - 12805, 12816, 12826, 12837, 12844, 12852, 12862, 12863, 12867, 12868, - 12872, 12873, 12878, 12885, 12892, 12899, 12909, 12914, 12919, 12923, - 12929, 12935, 12944, 12952, 12956, 12963, 12964, 12968, 12973, 12978, - 12991, 12995, 12999, 13003, 13008, 13011, 13015, 13024, 13028, 13036, - 13044, 13055, 13057, 13061, 13062, 13066, 13067, 13068, 13069, 13070, - 13071, 13075, 13076, 13077, 13078, 13079, 13087, 13092, 13097, 13102, - 13107, 13123, 13129, 13135, 13141, 13147, 13153, 13169, 13175, 13181, - 13187, 13188, 13194, 13200, 13201, 13205, 13206, 13207, 13208, 13209, - 13213, 13214, 13215, 13216, 13217, 13221, 13226, 13227, 13231, 13232, - 13236, 13237, 13238, 13243, 13242, 13274, 13275, 13279, 13280, 13284, - 13294, 13294, 13306, 13307, 13310, 13330, 13340, 13345, 13353, 13359, - 13371, 13358, 13373, 13388, 13401, 13400, 13423, 13422, 13432, 13431, - 13454, 13460, 13464, 13469, 13468, 13477, 13482, 13488, 13495, 13493, - 13504, 13508, 13509, 13513, 13525, 13538, 13539, 13543, 13557, 13561, - 13569, 13573, 13580, 13581, 13589, 13596, 13588, 13609, 13616, 13608, - 13627, 13636, 13645, 13653, 13654, 13658, 13659, 13663, 13664, 13672, - 13672, 13675, 13675, 13688, 13689, 13691, 13690, 13703, 13709, 13711, - 13715, 13717, 13723, 13727, 13728, 13732, 13733, 13737, 13747, 13748, - 13752, 13753, 13757, 13758, 13762, 13763, 13768, 13767, 13784, 13783, - 13799, 13800, 13804, 13805, 13809, 13814, 13822, 13830, 13841, 13842, - 13851, 13852, 13861, 13863, 13865, 13863, 13875, 13887, 13894, 13904, - 13931, 13893, 13938, 13939, 13943, 13951, 13959, 13960, 13964, 13974, - 13975, 13982, 13981, 14001, 14004, 14011, 14013, 14012, 14028, 14058, - 14071, 14066, 14084, 14095, 14083, 14105, 14116, 14104, 14129, 14133, - 14132, 14167, 14168, 14172, 14173, 14177, 14178, 14179, 14184, 14195, - 14183, 14205, 14207, 14210, 14212, 14215, 14216, 14219, 14223, 14227, - 14231, 14235, 14239, 14243, 14247, 14251, 14259, 14262, 14272, 14271, - 14290, 14297, 14305, 14313, 14321, 14329, 14337, 14344, 14351, 14357, - 14359, 14361, 14370, 14374, 14379, 14378, 14385, 14384, 14391, 14400, - 14407, 14412, 14417, 14422, 14427, 14432, 14434, 14436, 14438, 14445, - 14453, 14455, 14463, 14470, 14477, 14484, 14490, 14495, 14503, 14511, - 14519, 14523, 14527, 14537, 14547, 14554, 14561, 14567, 14573, 14579, - 14585, 14591, 14597, 14604, 14609, 14616, 14623, 14630, 14637, 14644, - 14651, 14656, 14661, 14667, 14673, 14678, 14690, 14698, 14720, 14722, - 14724, 14729, 14730, 14733, 14735, 14739, 14740, 14744, 14745, 14749, - 14750, 14754, 14755, 14759, 14760, 14764, 14765, 14774, 14786, 14785, - 14804, 14803, 14813, 14814, 14815, 14816, 14817, 14818, 14822, 14823, - 14827, 14834, 14835, 14837, 14838, 14842, 14843, 14856, 14857, 14858, - 14875, 14874, 14902, 14901, 14913, 14912, 14924, 14929, 14930, 14943, - 14946, 14945, 14958, 14959, 14964, 14966, 14968, 14970, 14972, 14974, - 14982, 14984, 14986, 14988, 14993, 15000, 15002, 15004, 15012, 15014, - 15016, 15018, 15020, 15022, 15039, 15040, 15044, 15048, 15061, 15060, - 15075, 15085, 15086, 15089, 15091, 15092, 15096, 15112, 15113, 15118, - 15117, 15127, 15128, 15132, 15132, 15137, 15136, 15142, 15146, 15147, - 15151, 15152, 15159, 15164, 15163, 15178, 15177, 15194, 15195, 15196, - 15200, 15201, 15202, 15211, 15212, 15216, 15220, 15228, 15228, 15233, - 15234, 15243, 15255, 15269, 15280, 15293, 15254, 15304, 15305, 15309, - 15310, 15314, 15315, 15323, 15327, 15328, 15329, 15332, 15334, 15338, - 15339, 15343, 15348, 15355, 15360, 15367, 15369, 15373, 15374, 15378, - 15383, 15391, 15392, 15396, 15398, 15406, 15407, 15411, 15412, 15413, - 15417, 15419, 15424, 15425, 15440, 15441, 15445, 15446, 15450, 15463, - 15468, 15473, 15480, 15488, 15496, 15501, 15509, 15517, 15532, 15539, - 15545, 15555, 15556, 15564, 15565, 15566, 15567, 15581, 15587, 15593, - 15599, 15605, 15611, 15634, 15644, 15654, 15660, 15667, 15677, 15684, - 15691, 15702, 15701, 15726, 15727, 15732, 15733, 15737, 15741, 15765, - 15768, 15767, 15782, 15786, 15791, 15798, 15804, 15813, 15830, 15831, - 15835, 15840, 15848, 15853, 15861, 15866, 15871, 15876, 15882, 15887, - 15895, 15900, 15905, 15910, 15916, 15924, 15925, 15934, 15941, 15945, - 15951, 15957, 15967, 15973, 15982, 15992, 15993, 15997, 15998, 15999, - 16003, 16011, 16012, 16013, 16014, 16018, 16027, 16035, 16043, 16051, - 16052, 16060, 16061, 16065, 16066, 16071, 16080, 16081, 16089, 16090, - 16098, 16099, 16100, 16104, 16115, 16139, 16147, 16147, 16149, 16159, - 16160, 16161, 16162, 16163, 16164, 16165, 16166, 16167, 16168, 16169, - 16170, 16175, 16176, 16177, 16178, 16179, 16180, 16181, 16182, 16183, - 16184, 16185, 16186, 16187, 16194, 16195, 16196, 16197, 16198, 16199, - 16200, 16201, 16202, 16203, 16204, 16205, 16206, 16210, 16211, 16212, - 16213, 16214, 16215, 16216, 16217, 16218, 16219, 16220, 16221, 16222, - 16226, 16227, 16228, 16229, 16230, 16231, 16232, 16233, 16246, 16247, - 16248, 16249, 16250, 16251, 16252, 16253, 16254, 16255, 16256, 16257, - 16258, 16259, 16260, 16261, 16262, 16263, 16264, 16265, 16266, 16267, - 16268, 16269, 16270, 16271, 16272, 16273, 16274, 16275, 16276, 16277, - 16278, 16279, 16280, 16281, 16282, 16283, 16284, 16285, 16286, 16287, - 16288, 16289, 16290, 16291, 16292, 16293, 16294, 16295, 16296, 16297, - 16298, 16339, 16340, 16341, 16342, 16343, 16344, 16355, 16356, 16357, - 16358, 16359, 16360, 16361, 16362, 16363, 16364, 16368, 16369, 16370, - 16374, 16375, 16376, 16385, 16386, 16387, 16388, 16389, 16390, 16391, - 16392, 16393, 16394, 16395, 16396, 16397, 16398, 16399, 16400, 16401, - 16402, 16403, 16404, 16405, 16406, 16407, 16408, 16409, 16410, 16415, - 16420, 16421, 16422, 16423, 16424, 16425, 16426, 16427, 16428, 16429, - 16430, 16431, 16432, 16433, 16434, 16435, 16436, 16437, 16438, 16439, - 16440, 16441, 16442, 16443, 16444, 16445, 16446, 16447, 16448, 16449, - 16450, 16451, 16452, 16453, 16454, 16455, 16456, 16457, 16458, 16459, - 16460, 16461, 16462, 16463, 16468, 16469, 16470, 16471, 16472, 16473, - 16474, 16475, 16476, 16477, 16478, 16479, 16480, 16481, 16482, 16483, - 16484, 16485, 16486, 16487, 16488, 16489, 16490, 16491, 16492, 16493, - 16494, 16495, 16496, 16497, 16498, 16499, 16500, 16501, 16502, 16503, - 16504, 16505, 16506, 16507, 16508, 16509, 16510, 16511, 16512, 16513, - 16514, 16515, 16516, 16517, 16518, 16519, 16520, 16521, 16522, 16523, - 16524, 16525, 16526, 16527, 16528, 16529, 16530, 16531, 16532, 16533, - 16534, 16535, 16536, 16537, 16538, 16539, 16540, 16541, 16542, 16543, - 16544, 16545, 16546, 16547, 16548, 16549, 16550, 16551, 16552, 16553, - 16554, 16555, 16556, 16557, 16558, 16559, 16560, 16561, 16562, 16563, - 16564, 16565, 16566, 16567, 16568, 16569, 16570, 16571, 16572, 16573, - 16574, 16575, 16576, 16577, 16578, 16579, 16581, 16583, 16584, 16585, + 10303, 10308, 10313, 10321, 10329, 10341, 10342, 10343, 10344, 10352, + 10353, 10362, 10363, 10369, 10373, 10379, 10385, 10394, 10395, 10404, + 10411, 10425, 10431, 10439, 10448, 10457, 10464, 10470, 10476, 10482, + 10497, 10508, 10514, 10520, 10527, 10533, 10539, 10547, 10555, 10562, + 10566, 10572, 10580, 10590, 10591, 10595, 10599, 10606, 10610, 10630, + 10637, 10643, 10650, 10657, 10663, 10669, 10675, 10681, 10688, 10695, + 10701, 10712, 10719, 10725, 10738, 10743, 10748, 10754, 10760, 10765, + 10772, 10779, 10787, 10794, 10801, 10808, 10823, 10829, 10835, 10844, + 10855, 10862, 10868, 10876, 10882, 10888, 10894, 10900, 10908, 10920, + 10940, 10939, 11021, 11027, 11033, 11039, 11044, 11049, 11054, 11059, + 11064, 11069, 11089, 11091, 11096, 11097, 11101, 11102, 11106, 11107, + 11111, 11118, 11126, 11153, 11159, 11165, 11171, 11177, 11183, 11192, + 11199, 11201, 11198, 11208, 11219, 11225, 11231, 11237, 11243, 11249, + 11255, 11261, 11267, 11274, 11273, 11294, 11293, 11324, 11323, 11337, + 11346, 11364, 11366, 11368, 11383, 11390, 11397, 11404, 11411, 11418, + 11425, 11432, 11439, 11446, 11457, 11464, 11475, 11486, 11506, 11505, + 11511, 11528, 11534, 11543, 11552, 11562, 11561, 11573, 11588, 11601, + 11606, 11614, 11615, 11620, 11625, 11628, 11630, 11634, 11639, 11647, + 11648, 11653, 11660, 11670, 11669, 11686, 11688, 11695, 11702, 11709, + 11713, 11714, 11715, 11723, 11724, 11725, 11726, 11727, 11728, 11729, + 11730, 11734, 11735, 11736, 11737, 11744, 11745, 11749, 11754, 11762, + 11763, 11767, 11774, 11782, 11791, 11801, 11802, 11813, 11814, 11830, + 11831, 11832, 11839, 11843, 11848, 11849, 11855, 11854, 11883, 11882, + 11898, 11907, 11919, 11931, 11932, 11933, 11934, 11939, 11940, 11941, + 11942, 11943, 11947, 11948, 11953, 11957, 11961, 11969, 11976, 11984, + 11990, 11983, 12036, 12037, 12043, 12048, 12062, 12070, 12068, 12088, + 12086, 12099, 12111, 12109, 12129, 12128, 12140, 12153, 12151, 12172, + 12171, 12184, 12198, 12199, 12200, 12204, 12205, 12213, 12214, 12218, + 12227, 12228, 12229, 12234, 12235, 12239, 12240, 12244, 12245, 12249, + 12250, 12258, 12266, 12274, 12275, 12288, 12304, 12308, 12329, 12330, + 12335, 12339, 12340, 12341, 12345, 12346, 12351, 12350, 12356, 12355, + 12363, 12364, 12367, 12369, 12369, 12373, 12373, 12378, 12379, 12383, + 12385, 12390, 12391, 12395, 12406, 12420, 12421, 12422, 12423, 12424, + 12425, 12426, 12427, 12428, 12429, 12430, 12431, 12435, 12436, 12437, + 12438, 12439, 12440, 12441, 12442, 12443, 12447, 12448, 12449, 12450, + 12453, 12455, 12456, 12460, 12461, 12465, 12473, 12475, 12479, 12481, + 12480, 12492, 12495, 12494, 12512, 12514, 12518, 12523, 12531, 12532, + 12549, 12572, 12573, 12579, 12580, 12584, 12597, 12596, 12605, 12606, + 12615, 12616, 12620, 12621, 12625, 12626, 12640, 12641, 12645, 12655, + 12664, 12671, 12678, 12688, 12689, 12696, 12706, 12707, 12709, 12711, + 12713, 12715, 12724, 12728, 12729, 12733, 12747, 12748, 12754, 12753, + 12765, 12771, 12780, 12781, 12782, 12788, 12789, 12794, 12801, 12807, + 12812, 12823, 12833, 12844, 12851, 12859, 12869, 12870, 12874, 12875, + 12879, 12880, 12885, 12892, 12899, 12906, 12916, 12921, 12926, 12930, + 12936, 12942, 12951, 12959, 12963, 12970, 12971, 12975, 12980, 12985, + 12998, 13002, 13006, 13010, 13015, 13018, 13022, 13031, 13035, 13043, + 13051, 13062, 13064, 13068, 13069, 13073, 13074, 13075, 13076, 13077, + 13078, 13082, 13083, 13084, 13085, 13086, 13094, 13099, 13104, 13109, + 13114, 13130, 13136, 13142, 13148, 13154, 13160, 13179, 13185, 13191, + 13197, 13202, 13208, 13214, 13219, 13227, 13228, 13229, 13230, 13231, + 13235, 13236, 13237, 13238, 13239, 13243, 13248, 13249, 13253, 13254, + 13258, 13259, 13260, 13265, 13264, 13296, 13297, 13301, 13302, 13306, + 13316, 13316, 13328, 13329, 13332, 13352, 13362, 13367, 13375, 13381, + 13393, 13380, 13395, 13410, 13423, 13422, 13445, 13444, 13454, 13453, + 13476, 13482, 13486, 13491, 13490, 13499, 13504, 13510, 13517, 13515, + 13526, 13530, 13531, 13535, 13547, 13560, 13561, 13565, 13579, 13583, + 13591, 13595, 13602, 13603, 13611, 13618, 13610, 13631, 13638, 13630, + 13649, 13658, 13667, 13675, 13676, 13680, 13681, 13685, 13686, 13694, + 13694, 13697, 13697, 13710, 13711, 13713, 13712, 13725, 13731, 13733, + 13737, 13739, 13745, 13749, 13750, 13754, 13755, 13759, 13769, 13770, + 13774, 13775, 13779, 13780, 13784, 13785, 13790, 13789, 13806, 13805, + 13821, 13822, 13826, 13827, 13831, 13836, 13844, 13852, 13863, 13864, + 13873, 13874, 13883, 13885, 13887, 13885, 13897, 13909, 13916, 13926, + 13953, 13915, 13960, 13961, 13965, 13973, 13981, 13982, 13986, 13996, + 13997, 14004, 14003, 14023, 14026, 14033, 14035, 14034, 14050, 14080, + 14093, 14088, 14106, 14117, 14105, 14127, 14138, 14126, 14151, 14155, + 14154, 14189, 14190, 14194, 14195, 14199, 14200, 14201, 14206, 14217, + 14205, 14227, 14229, 14232, 14234, 14237, 14238, 14241, 14245, 14249, + 14253, 14257, 14261, 14265, 14269, 14273, 14281, 14284, 14294, 14293, + 14312, 14319, 14327, 14335, 14343, 14351, 14359, 14366, 14373, 14379, + 14381, 14383, 14392, 14396, 14401, 14400, 14407, 14406, 14413, 14422, + 14429, 14434, 14439, 14444, 14449, 14454, 14456, 14458, 14460, 14467, + 14475, 14477, 14485, 14492, 14499, 14506, 14512, 14517, 14525, 14533, + 14541, 14545, 14549, 14559, 14569, 14576, 14583, 14589, 14595, 14601, + 14607, 14613, 14619, 14626, 14631, 14638, 14645, 14652, 14659, 14666, + 14673, 14678, 14683, 14689, 14695, 14700, 14712, 14720, 14742, 14744, + 14746, 14751, 14752, 14755, 14757, 14761, 14762, 14766, 14767, 14771, + 14772, 14776, 14777, 14781, 14782, 14786, 14787, 14796, 14808, 14807, + 14826, 14825, 14835, 14836, 14837, 14838, 14839, 14840, 14844, 14845, + 14849, 14856, 14857, 14859, 14860, 14864, 14865, 14878, 14879, 14880, + 14897, 14896, 14924, 14923, 14935, 14934, 14946, 14951, 14952, 14965, + 14968, 14967, 14980, 14981, 14986, 14988, 14990, 14992, 14994, 14996, + 15004, 15006, 15008, 15010, 15015, 15022, 15024, 15026, 15034, 15036, + 15038, 15040, 15042, 15044, 15061, 15062, 15066, 15070, 15083, 15082, + 15097, 15107, 15108, 15111, 15113, 15114, 15118, 15134, 15135, 15140, + 15139, 15149, 15150, 15154, 15154, 15159, 15158, 15164, 15168, 15169, + 15173, 15174, 15181, 15186, 15185, 15200, 15199, 15216, 15217, 15218, + 15222, 15223, 15224, 15233, 15234, 15238, 15242, 15250, 15250, 15255, + 15256, 15265, 15277, 15291, 15302, 15315, 15276, 15326, 15327, 15331, + 15332, 15336, 15337, 15345, 15349, 15350, 15351, 15354, 15356, 15360, + 15361, 15365, 15370, 15377, 15382, 15389, 15391, 15395, 15396, 15400, + 15405, 15413, 15414, 15418, 15420, 15428, 15429, 15433, 15434, 15435, + 15439, 15441, 15446, 15447, 15462, 15463, 15467, 15468, 15472, 15485, + 15490, 15495, 15502, 15510, 15518, 15523, 15531, 15539, 15554, 15561, + 15567, 15577, 15578, 15586, 15587, 15588, 15589, 15603, 15609, 15615, + 15621, 15627, 15633, 15656, 15666, 15676, 15682, 15689, 15699, 15706, + 15713, 15724, 15723, 15748, 15749, 15754, 15755, 15759, 15763, 15787, + 15790, 15789, 15804, 15808, 15813, 15820, 15826, 15835, 15852, 15853, + 15857, 15862, 15870, 15875, 15883, 15888, 15893, 15898, 15904, 15909, + 15917, 15922, 15927, 15932, 15938, 15946, 15947, 15956, 15963, 15967, + 15973, 15979, 15989, 15995, 16004, 16014, 16015, 16019, 16020, 16021, + 16025, 16033, 16034, 16035, 16036, 16040, 16049, 16057, 16065, 16073, + 16074, 16082, 16083, 16087, 16088, 16093, 16102, 16103, 16111, 16112, + 16120, 16121, 16122, 16126, 16137, 16161, 16169, 16169, 16171, 16181, + 16182, 16183, 16184, 16185, 16186, 16187, 16188, 16189, 16190, 16191, + 16192, 16197, 16198, 16199, 16200, 16201, 16202, 16203, 16204, 16205, + 16206, 16207, 16208, 16209, 16216, 16217, 16218, 16219, 16220, 16221, + 16222, 16223, 16224, 16225, 16226, 16227, 16228, 16232, 16233, 16234, + 16235, 16236, 16237, 16238, 16239, 16240, 16241, 16242, 16243, 16244, + 16248, 16249, 16250, 16251, 16252, 16253, 16254, 16255, 16268, 16269, + 16270, 16271, 16272, 16273, 16274, 16275, 16276, 16277, 16278, 16279, + 16280, 16281, 16282, 16283, 16284, 16285, 16286, 16287, 16288, 16289, + 16290, 16291, 16292, 16293, 16294, 16295, 16296, 16297, 16298, 16299, + 16300, 16301, 16302, 16303, 16304, 16305, 16306, 16307, 16308, 16309, + 16310, 16311, 16312, 16313, 16314, 16315, 16316, 16317, 16318, 16319, + 16320, 16361, 16362, 16363, 16364, 16365, 16366, 16377, 16378, 16379, + 16380, 16381, 16382, 16383, 16384, 16385, 16386, 16390, 16391, 16392, + 16396, 16397, 16398, 16407, 16408, 16409, 16410, 16411, 16412, 16413, + 16414, 16415, 16416, 16417, 16418, 16419, 16420, 16421, 16422, 16423, + 16424, 16425, 16426, 16427, 16428, 16429, 16430, 16431, 16432, 16437, + 16442, 16443, 16444, 16445, 16446, 16447, 16448, 16449, 16450, 16451, + 16452, 16453, 16454, 16455, 16456, 16457, 16458, 16459, 16460, 16461, + 16462, 16463, 16464, 16465, 16466, 16467, 16468, 16469, 16470, 16471, + 16472, 16473, 16474, 16475, 16476, 16477, 16478, 16479, 16480, 16481, + 16482, 16483, 16484, 16485, 16490, 16491, 16492, 16493, 16494, 16495, + 16496, 16497, 16498, 16499, 16500, 16501, 16502, 16503, 16504, 16505, + 16506, 16507, 16508, 16509, 16510, 16511, 16512, 16513, 16514, 16515, + 16516, 16517, 16518, 16519, 16520, 16521, 16522, 16523, 16524, 16525, + 16526, 16527, 16528, 16529, 16530, 16531, 16532, 16533, 16534, 16535, + 16536, 16537, 16538, 16539, 16540, 16541, 16542, 16543, 16544, 16545, + 16546, 16547, 16548, 16549, 16550, 16551, 16552, 16553, 16554, 16555, + 16556, 16557, 16558, 16559, 16560, 16561, 16562, 16563, 16564, 16565, + 16566, 16567, 16568, 16569, 16570, 16571, 16572, 16573, 16574, 16575, + 16576, 16577, 16578, 16579, 16580, 16581, 16582, 16583, 16584, 16585, 16586, 16587, 16588, 16589, 16590, 16591, 16592, 16593, 16594, 16595, - 16596, 16597, 16598, 16599, 16600, 16601, 16602, 16603, 16604, 16605, - 16606, 16607, 16608, 16609, 16610, 16611, 16612, 16613, 16614, 16615, - 16616, 16617, 16618, 16619, 16620, 16621, 16622, 16623, 16624, 16625, - 16626, 16627, 16628, 16629, 16630, 16631, 16632, 16633, 16634, 16635, - 16636, 16637, 16638, 16639, 16640, 16641, 16642, 16643, 16644, 16645, - 16646, 16647, 16648, 16649, 16650, 16651, 16652, 16653, 16654, 16655, - 16656, 16657, 16658, 16659, 16660, 16661, 16662, 16663, 16664, 16665, - 16666, 16667, 16668, 16669, 16670, 16671, 16672, 16673, 16674, 16675, - 16676, 16677, 16678, 16679, 16680, 16681, 16682, 16683, 16684, 16685, - 16686, 16687, 16688, 16689, 16690, 16691, 16692, 16693, 16694, 16695, - 16696, 16697, 16698, 16699, 16700, 16701, 16702, 16703, 16704, 16705, - 16706, 16707, 16709, 16711, 16712, 16713, 16714, 16715, 16716, 16717, + 16596, 16597, 16598, 16599, 16600, 16601, 16603, 16605, 16606, 16607, + 16608, 16609, 16610, 16611, 16612, 16613, 16614, 16615, 16616, 16617, + 16618, 16619, 16620, 16621, 16622, 16623, 16624, 16625, 16626, 16627, + 16628, 16629, 16630, 16631, 16632, 16633, 16634, 16635, 16636, 16637, + 16638, 16639, 16640, 16641, 16642, 16643, 16644, 16645, 16646, 16647, + 16648, 16649, 16650, 16651, 16652, 16653, 16654, 16655, 16656, 16657, + 16658, 16659, 16660, 16661, 16662, 16663, 16664, 16665, 16666, 16667, + 16668, 16669, 16670, 16671, 16672, 16673, 16674, 16675, 16676, 16677, + 16678, 16679, 16680, 16681, 16682, 16683, 16684, 16685, 16686, 16687, + 16688, 16689, 16690, 16691, 16692, 16693, 16694, 16695, 16696, 16697, + 16698, 16699, 16700, 16701, 16702, 16703, 16704, 16705, 16706, 16707, + 16708, 16709, 16710, 16711, 16712, 16713, 16714, 16715, 16716, 16717, 16718, 16719, 16720, 16721, 16722, 16723, 16724, 16725, 16726, 16727, - 16728, 16729, 16730, 16731, 16732, 16736, 16737, 16743, 16744, 16745, - 16746, 16747, 16748, 16749, 16750, 16751, 16752, 16753, 16754, 16755, - 16756, 16757, 16758, 16760, 16762, 16763, 16764, 16765, 16767, 16769, - 16770, 16771, 16772, 16773, 16774, 16775, 16780, 16781, 16782, 16783, - 16784, 16785, 16786, 16787, 16788, 16789, 16790, 16791, 16792, 16793, - 16794, 16795, 16796, 16797, 16798, 16799, 16800, 16801, 16802, 16803, - 16804, 16805, 16806, 16807, 16808, 16809, 16810, 16811, 16812, 16813, - 16814, 16815, 16816, 16817, 16818, 16819, 16820, 16821, 16822, 16823, - 16824, 16825, 16826, 16827, 16828, 16829, 16830, 16831, 16832, 16833, - 16834, 16835, 16836, 16837, 16838, 16839, 16840, 16841, 16842, 16843, - 16844, 16845, 16846, 16847, 16848, 16849, 16850, 16851, 16852, 16853, - 16854, 16855, 16856, 16857, 16858, 16859, 16860, 16861, 16862, 16863, - 16864, 16865, 16866, 16867, 16868, 16869, 16870, 16871, 16872, 16873, - 16874, 16875, 16876, 16877, 16878, 16879, 16880, 16881, 16882, 16883, - 16884, 16885, 16886, 16887, 16888, 16889, 16890, 16891, 16892, 16893, - 16894, 16895, 16896, 16897, 16898, 16902, 16903, 16904, 16905, 16906, - 16907, 16908, 16909, 16910, 16911, 16912, 16913, 16914, 16915, 16916, - 16917, 16918, 16919, 16920, 16921, 16922, 16923, 16924, 16925, 16926, - 16927, 16928, 16929, 16930, 16931, 16932, 16933, 16934, 16935, 16936, - 16937, 16938, 16939, 16940, 16941, 16942, 16943, 16944, 16945, 16946, - 16947, 16948, 16949, 16950, 16951, 16952, 16953, 16954, 16955, 16956, - 16957, 16958, 16959, 16960, 16961, 16962, 16963, 16964, 16965, 16966, - 16967, 16968, 16969, 16970, 16971, 16972, 16973, 16974, 16975, 16976, - 16977, 16978, 16979, 16980, 16981, 16982, 16983, 16984, 16985, 16986, - 16987, 16988, 16989, 16990, 16991, 16992, 16993, 16994, 16995, 16996, - 16997, 16998, 16999, 17000, 17001, 17002, 17003, 17004, 17005, 17006, - 17007, 17008, 17009, 17010, 17011, 17012, 17013, 17014, 17015, 17016, - 17017, 17029, 17028, 17041, 17042, 17044, 17043, 17055, 17054, 17061, - 17059, 17079, 17080, 17085, 17086, 17088, 17087, 17101, 17102, 17108, - 17107, 17112, 17116, 17117, 17118, 17122, 17123, 17124, 17125, 17129, - 17130, 17131, 17132, 17141, 17140, 17155, 17154, 17169, 17168, 17186, - 17185, 17200, 17199, 17214, 17213, 17230, 17229, 17244, 17243, 17258, - 17257, 17271, 17270, 17296, 17295, 17307, 17306, 17319, 17318, 17329, - 17347, 17358, 17365, 17371, 17393, 17409, 17421, 17420, 17435, 17434, - 17446, 17445, 17459, 17460, 17461, 17462, 17466, 17485, 17503, 17504, - 17508, 17509, 17510, 17511, 17516, 17521, 17526, 17537, 17550, 17556, - 17563, 17564, 17565, 17572, 17571, 17585, 17586, 17592, 17601, 17602, - 17606, 17607, 17611, 17630, 17631, 17632, 17637, 17638, 17643, 17642, - 17660, 17659, 17671, 17680, 17690, 17689, 17732, 17733, 17737, 17738, - 17742, 17743, 17744, 17745, 17747, 17746, 17759, 17760, 17761, 17762, - 17763, 17769, 17774, 17779, 17784, 17788, 17793, 17802, 17804, 17809, - 17814, 17820, 17826, 17831, 17843, 17844, 17848, 17849, 17853, 17858, - 17866, 17875, 17896, 17896, 17899, 17900, 17904, 17905, 17912, 17914, - 17918, 17923, 17930, 17934, 17943, 17950, 17951, 17952, 17953, 17957, - 17958, 17959, 17960, 17961, 17962, 17963, 17964, 17965, 17966, 17967, - 17968, 17969, 17970, 17971, 17972, 17973, 17974, 17975, 17976, 17977, - 17978, 17979, 17980, 17981, 17982, 17983, 17984, 17985, 17986, 17987, - 17988, 17989, 17990, 17991, 17992, 17993, 17994, 17995, 17996, 17997, - 17998, 17999, 18003, 18004, 18008, 18009, 18013, 18020, 18027, 18037, - 18046, 18052, 18059, 18067, 18072, 18080, 18085, 18093, 18098, 18105, - 18105, 18106, 18106, 18109, 18115, 18121, 18126, 18133, 18139, 18146, - 18155, 18159, 18165, 18173, 18175, 18179, 18183, 18187, 18194, 18199, - 18204, 18209, 18214, 18222, 18223, 18227, 18228, 18233, 18234, 18238, - 18239, 18243, 18244, 18248, 18249, 18254, 18253, 18263, 18272, 18273, - 18277, 18278, 18283, 18284, 18285, 18290, 18291, 18292, 18296, 18308, - 18317, 18323, 18332, 18341, 18354, 18356, 18358, 18366, 18367, 18368, - 18372, 18373, 18379, 18380, 18381, 18382, 18383, 18384, 18385, 18395, - 18396, 18401, 18414, 18428, 18429, 18430, 18434, 18435, 18439, 18440, - 18445, 18446, 18450, 18456, 18465, 18465, 18479, 18480, 18481, 18482, - 18492, 18494, 18500, 18505, 18514, 18517, 18528, 18545, 18561, 18571, - 18577, 18582, 18586, 18559, 18635, 18637, 18642, 18643, 18647, 18648, - 18652, 18652, 18659, 18663, 18667, 18671, 18675, 18679, 18687, 18688, - 18704, 18711, 18718, 18731, 18732, 18733, 18737, 18738, 18739, 18743, - 18744, 18749, 18751, 18750, 18756, 18757, 18761, 18766, 18773, 18778, - 18787, 18793, 18801, 18805, 18809, 18813, 18817, 18821, 18825, 18829, - 18833, 18834, 18838, 18842, 18847, 18846, 18855, 18860, 18865, 18871, - 18877, 18883, 18892, 18899, 18900, 18901, 18907, 18911, 18919, 18920, - 18921, 18925, 18926, 18931, 18932, 18938, 18939, 18940, 18941, 18942, - 18943, 18944, 18948, 18949, 18950, 18951, 18952, 18953, 18954, 18955, - 18956, 18957, 18958, 18959, 18963, 18968, 18972, 18981, 18980, 18993, - 18998, 19002, 19006, 19015, 19016, 19032, 19041, 19053, 19058, 19062, - 19067, 19072, 19076, 19083, 19089, 19094, 19104, 19103, 19118, 19126, - 19117, 19139, 19143, 19155, 19160, 19161, 19170, 19172, 19171, 19199, - 19200, 19201, 19202, 19203, 19207, 19208, 19209, 19210, 19211, 19212, - 19213, 19214, 19218, 19219, 19220, 19221, 19228, 19226, 19243, 19242, - 19257, 19256, 19764, 19765, 19771, 19772, 19780, 19779, 19800, 19799, - 19819, 19828, 19837, 19843, 19842, 19862, 19861, 19881, 19882, 19886, - 19887, 19891, 19898, 20019, 20018, 20029, 20027, 20043, 20041, 20055, - 20064, 20062, 20082, 20095, 20080 + 16728, 16729, 16731, 16733, 16734, 16735, 16736, 16737, 16738, 16739, + 16740, 16741, 16742, 16743, 16744, 16745, 16746, 16747, 16748, 16749, + 16750, 16751, 16752, 16753, 16754, 16758, 16759, 16765, 16766, 16767, + 16768, 16769, 16770, 16771, 16772, 16773, 16774, 16775, 16776, 16777, + 16778, 16779, 16780, 16782, 16784, 16785, 16786, 16787, 16789, 16791, + 16792, 16793, 16794, 16795, 16796, 16797, 16802, 16803, 16804, 16805, + 16806, 16807, 16808, 16809, 16810, 16811, 16812, 16813, 16814, 16815, + 16816, 16817, 16818, 16819, 16820, 16821, 16822, 16823, 16824, 16825, + 16826, 16827, 16828, 16829, 16830, 16831, 16832, 16833, 16834, 16835, + 16836, 16837, 16838, 16839, 16840, 16841, 16842, 16843, 16844, 16845, + 16846, 16847, 16848, 16849, 16850, 16851, 16852, 16853, 16854, 16855, + 16856, 16857, 16858, 16859, 16860, 16861, 16862, 16863, 16864, 16865, + 16866, 16867, 16868, 16869, 16870, 16871, 16872, 16873, 16874, 16875, + 16876, 16877, 16878, 16879, 16880, 16881, 16882, 16883, 16884, 16885, + 16886, 16887, 16888, 16889, 16890, 16891, 16892, 16893, 16894, 16895, + 16896, 16897, 16898, 16899, 16900, 16901, 16902, 16903, 16904, 16905, + 16906, 16907, 16908, 16909, 16910, 16911, 16912, 16913, 16914, 16915, + 16916, 16917, 16918, 16919, 16920, 16924, 16925, 16926, 16927, 16928, + 16929, 16930, 16931, 16932, 16933, 16934, 16935, 16936, 16937, 16938, + 16939, 16940, 16941, 16942, 16943, 16944, 16945, 16946, 16947, 16948, + 16949, 16950, 16951, 16952, 16953, 16954, 16955, 16956, 16957, 16958, + 16959, 16960, 16961, 16962, 16963, 16964, 16965, 16966, 16967, 16968, + 16969, 16970, 16971, 16972, 16973, 16974, 16975, 16976, 16977, 16978, + 16979, 16980, 16981, 16982, 16983, 16984, 16985, 16986, 16987, 16988, + 16989, 16990, 16991, 16992, 16993, 16994, 16995, 16996, 16997, 16998, + 16999, 17000, 17001, 17002, 17003, 17004, 17005, 17006, 17007, 17008, + 17009, 17010, 17011, 17012, 17013, 17014, 17015, 17016, 17017, 17018, + 17019, 17020, 17021, 17022, 17023, 17024, 17025, 17026, 17027, 17028, + 17029, 17030, 17031, 17032, 17033, 17034, 17035, 17036, 17037, 17038, + 17039, 17051, 17050, 17063, 17064, 17066, 17065, 17077, 17076, 17083, + 17081, 17101, 17102, 17107, 17108, 17110, 17109, 17123, 17124, 17130, + 17129, 17134, 17138, 17139, 17140, 17144, 17145, 17146, 17147, 17151, + 17152, 17153, 17154, 17163, 17162, 17177, 17176, 17191, 17190, 17208, + 17207, 17222, 17221, 17236, 17235, 17252, 17251, 17266, 17265, 17280, + 17279, 17293, 17292, 17318, 17317, 17329, 17328, 17341, 17340, 17351, + 17369, 17380, 17387, 17393, 17415, 17431, 17443, 17442, 17457, 17456, + 17468, 17467, 17481, 17482, 17483, 17484, 17488, 17507, 17525, 17526, + 17530, 17531, 17532, 17533, 17538, 17543, 17548, 17559, 17572, 17578, + 17585, 17586, 17587, 17594, 17593, 17607, 17608, 17614, 17623, 17624, + 17628, 17629, 17633, 17652, 17653, 17654, 17659, 17660, 17665, 17664, + 17682, 17681, 17693, 17702, 17712, 17711, 17754, 17755, 17759, 17760, + 17764, 17765, 17766, 17767, 17769, 17768, 17781, 17782, 17783, 17784, + 17785, 17791, 17796, 17801, 17806, 17810, 17815, 17824, 17826, 17831, + 17836, 17842, 17848, 17853, 17865, 17866, 17870, 17871, 17875, 17880, + 17888, 17897, 17918, 17918, 17921, 17922, 17926, 17927, 17934, 17936, + 17940, 17945, 17952, 17956, 17965, 17972, 17973, 17974, 17975, 17979, + 17980, 17981, 17982, 17983, 17984, 17985, 17986, 17987, 17988, 17989, + 17990, 17991, 17992, 17993, 17994, 17995, 17996, 17997, 17998, 17999, + 18000, 18001, 18002, 18003, 18004, 18005, 18006, 18007, 18008, 18009, + 18010, 18011, 18012, 18013, 18014, 18015, 18016, 18017, 18018, 18019, + 18020, 18021, 18025, 18026, 18030, 18031, 18035, 18042, 18049, 18059, + 18068, 18074, 18081, 18089, 18094, 18102, 18107, 18115, 18120, 18127, + 18127, 18128, 18128, 18131, 18137, 18143, 18148, 18155, 18161, 18168, + 18177, 18181, 18187, 18195, 18197, 18201, 18205, 18209, 18216, 18221, + 18226, 18231, 18236, 18244, 18245, 18249, 18250, 18255, 18256, 18260, + 18261, 18265, 18266, 18270, 18271, 18276, 18275, 18285, 18294, 18295, + 18299, 18300, 18305, 18306, 18307, 18312, 18313, 18314, 18318, 18330, + 18339, 18345, 18354, 18363, 18376, 18378, 18380, 18388, 18389, 18390, + 18394, 18395, 18401, 18402, 18403, 18404, 18405, 18406, 18407, 18417, + 18418, 18423, 18436, 18450, 18451, 18452, 18456, 18457, 18461, 18462, + 18467, 18468, 18472, 18478, 18487, 18487, 18501, 18502, 18503, 18504, + 18514, 18516, 18522, 18527, 18536, 18539, 18550, 18567, 18583, 18593, + 18599, 18604, 18608, 18581, 18657, 18659, 18664, 18665, 18669, 18670, + 18674, 18674, 18681, 18685, 18689, 18693, 18697, 18701, 18709, 18710, + 18726, 18733, 18740, 18753, 18754, 18755, 18759, 18760, 18761, 18765, + 18766, 18771, 18773, 18772, 18778, 18779, 18783, 18788, 18795, 18800, + 18809, 18815, 18823, 18827, 18831, 18835, 18839, 18843, 18847, 18851, + 18855, 18856, 18860, 18864, 18869, 18868, 18877, 18882, 18887, 18893, + 18899, 18905, 18914, 18921, 18922, 18923, 18929, 18933, 18941, 18942, + 18943, 18947, 18948, 18953, 18954, 18960, 18961, 18962, 18963, 18964, + 18965, 18966, 18970, 18971, 18972, 18973, 18974, 18975, 18976, 18977, + 18978, 18979, 18980, 18981, 18985, 18990, 18994, 19003, 19002, 19015, + 19020, 19024, 19028, 19037, 19038, 19054, 19063, 19075, 19080, 19084, + 19089, 19094, 19098, 19105, 19111, 19116, 19126, 19125, 19140, 19148, + 19139, 19161, 19165, 19177, 19182, 19183, 19192, 19194, 19193, 19221, + 19222, 19223, 19224, 19225, 19229, 19230, 19231, 19232, 19233, 19234, + 19235, 19236, 19240, 19241, 19242, 19243, 19250, 19248, 19265, 19264, + 19279, 19278, 19786, 19787, 19793, 19794, 19802, 19801, 19822, 19821, + 19841, 19850, 19859, 19865, 19864, 19884, 19883, 19903, 19904, 19908, + 19909, 19913, 19920, 20041, 20040, 20051, 20049, 20065, 20063, 20077, + 20086, 20084, 20104, 20117, 20102 }; #endif @@ -3802,7 +3802,7 @@ } #endif -#define YYPACT_NINF (-5698) +#define YYPACT_NINF (-5502) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) @@ -3816,650 +3816,650 @@ STATE-NUM. */ static const int yypact[] = { - 8706, -5698, -5698, 3167, 1298, 94671, -5698, 677, -5698, 1144, - -5698, -5698, -5698, 4065, -5698, -5698, -5698, -5698, -5698, 394, - 165, -5698, 1047, -5698, -5698, 529, 81189, 876, 445, -5698, - 84185, -5698, -5698, -5698, -5698, 84185, -5698, -5698, 94671, -5698, - -5698, 1345, -5698, 177, 523, 2256, 1512, 165, 1354, -5698, - -5698, 95420, 1047, 1741, -5698, -5698, 895, 94671, 1047, -5698, - 1354, 94671, -5698, 443, 265, -5698, 1483, 2822, 197, 2237, - 2253, -5698, -5698, 1687, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 4899, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 2227, -5698, -5698, - -5698, -5698, 3864, 1911, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 45116, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 197, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 96169, 94671, 1499, 1591, - 94671, 2270, 81938, 2270, -5698, 126, -5698, -5698, 2007, -5698, - 1663, -5698, 165, 3172, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 1644, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 2207, 2568, 559, 2251, 300, 2270, -5698, - 2548, -5698, 2270, 2327, 2270, -5698, 2270, 2270, -5698, 2270, - 2270, 2270, -5698, -5698, 967, 94671, 68456, -5698, -5698, 875, - 2532, -5698, -5698, -5698, -5698, -5698, -5698,110121, 165, 22965, - 2641, -5698, -5698, 2181, 4854, 1966, -5698, 2456, -5698, -5698, - 94671, -5698, 2270,110121, -5698, 2456, 69205, 3485, 49621, 6906, - 2456, 165, 2541, -5698, 1938, -5698, -5698, -5698, -5698, -5698, - -5698, 94671, -5698, -5698, -5698, 2384, 1354, 81938, -5698, -5698, - -5698, -5698, -5698, 2701, 22965, 247, 2457, -5698, -5698, 2357, - 45865, 81938, 2649, 2568, 2654, -5698, 1551, 1376, -5698, 2040, - 2154, 2568, 1831, 2158, 2568, 2518, 2270, 2270, -5698, -5698, - 2735, 2735, 2735, 2360, 2735, -5698, 2735, 2733, 2058, 173, - -5698, -5698, 2071, 94671, 2649, -5698, 2649, -5698, 2724, -5698, - 2649, 2649, 2224, 2750, 2758, 162, 2753, 1698, 1698, 2007, - 40622, 1419, 2586, -5698, 2733, 2400, 1172, 571, 571, 571, - 2400, 197, 2400, -5698, 1447, 1663, 3351, 94671, -5698, 2787, - -5698, 2128, -5698, -5698, 266, -5698, 2192, -5698, 2134, 1335, - 70703, -5698, 2817, -5698, -5698, -5698, -5698, -5698, -5698, 2661, - 339, 2291, 2520, 2222, -5698, 2718, 81938, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 94671, 2219, -5698, -5698, -5698, - 2911, 2207, -5698, 2695, -5698, -5698, -5698, -5698, 45865, -5698, - -5698, -5698, 2916, -5698, -5698, 84934, 642, 94671, 2917, -5698, - 94671, -5698, 94671, -5698, 81938, -5698, -5698, 94671, 2270, 2270, - -5698, -5698, 2896, 2458, 2423, 2108, 2295, 2609, -5698, 2504, - -5698, 2316, 2389, 2524, 2324, 2336, 2413, 448, -5698, 2354, - -5698, 990, 2825, 129, 137, 2829, 151, 161, 2965, 2839, - 370, 1063, 385, 2624, 388, -5698, -5698, -5698, -5698, 2897, - 2999, 2432, -5698, 2446, -5698, 2957, 2811, 1421, -5698, -5698, - 994, 2882, 1430, 45865,112275, 82687,113711, -5698,113711,113711, - -5698, 253, -5698, 523, 94671,112993, -5698, 94671,105095, -5698, - 9785, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 94671, -5698, -5698, -5698, -5698, -5698, 2455, -5698, -5698, -5698, - -5698, -5698, 2912, 2093, 2915, -5698, 2476, -5698, -5698, -5698, - -5698, -5698, 85683, -5698, 207, 208, 2894, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 29165, 2502, - 2521, 2535, 18315, 2536, 2547, 2550, 2571, 2581, 2295, 2295, - 2295, 2597, 2608, 2627, 2632, 2637, 2638, 2642, -5698, 2653, - 2662, 2665, 2678, 2679, 2711, 23740, 2723, 2726, 2749, 2597, - 36865, 2771, 2779, 2790, 2791, 22965, 2597, 2793, 2795, -5698, - 2797, 2806, 2807, 2810, 2813, 2814, 2815, 2820, 3259, 2823, - 2824, 2827, 2828, -5698, 2295, 2597, 2597, 2831, 2835, 2837, - 2840, 2842, 2847, 2850, 2852, 2853, 2854, 2856, 2857, 2859, - 2862, 2864, 232, 2865, 2868, 2877, 2880, 2881, 2889, 2891, - 2596, 2893, 2900, 2901, 2611, 2902, 2903, 2907, 2910, 2918, - 239, 2940, 2949, 243, 2958, 2959, 2961, 2963, 2967, 2969, - 2972, 29940, 30715, 29165, 15990, -5698, 94671, 96918, -5698, -5698, - 3225, 513, 416, 1528, 29165, -5698, -5698, -5698, 3319, -5698, - 3372, -5698, -5698, -5698, -5698, 3223, 3232, -5698, 3242, -5698, - -5698, 3247, 2784, -5698, 3486, -5698, -5698, -5698, -5698, -5698, - 2772, -5698, 2974, 3525, 3548, 2977, 2978, -5698, -5698, 1408, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 2782, 2834, -5698, 3486, -5698, -5698, 75946, - -5698,110839, -5698, -5698, 2458, 3005, 3392, -5698, 3503, -5698, - 3409, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 3485, -5698, -5698, 51141, 3411, 1237, -5698, - -5698, 198, -5698, 236, 237, 63213, -5698, 318, 63962, 308, - 86432, 323, -5698, 71452, -5698, 314, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 2909, -5698, 2998, 3230, - 2984, 4172, 1640, -5698, -5698, 437, 101, 3008, 131, -5698, - 781, -5698, 1640, -5698, 76695, 666, 1721, -5698, 971, -5698, - 3577, -5698, -5698, 3010, 3034, 3028, -5698, 2968, -5698, 2568, - -5698, 375, -5698, 666, 1640, 1721, -5698, 3261, 3353, 1024, - 3230, -5698, -69, -5698, -5698, -5698, 3641, -5698, 2997, -5698, - 3365, -5698, 94671, 398, 45865, -5698, -5698, -5698, 3001, 45865, - 45865, 1218, 259, 3225, 3003, 22965, -5698, -5698, 4283, -5698, - 3209, 1145, 973, -5698, -5698, 523, 94671, -5698, -5698, 590, - -5698, 3433, -5698, 3007, -5698, 97667, 259, 3673, -5698, -5698, - -5698, -77, 3406, -5698, 3017, -5698, -5698, -5698, -5698, 45865, - 94671, 2568, -5698, -5698, -5698, -5698, 3024, -5698, -5698, 3231, - 3107, -5698, 3047, -5698, -5698, 228, -5698, -5698, 3812, -5698, - 94671, -5698, 2649, -5698, -5698, 2649, -5698, -5698, -5698, 2649, - 2649, 2649, -5698, -5698, 2649, 2649, 3069, -5698, 3357, 3358, - 2718, -5698, 3038, 39873, 94671, 3818, -5698, 4231, -5698, -5698, - -5698, 3039, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 3619, 3809, 3809, -5698, 51901, -5698, -5698, 3705, 2586, 1521, - 3550, 54941, 3694, 3788, 57221, -5698, 666, -5698, -5698, -5698, - -5698, 2142, 94671, -5698, 2142, 2142, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 197, -5698, - -5698, 3172, 3732, 72201, 94671, 2400, 1172, -5698, -5698, -5698, - 2568, 1214, 3448, -5698, 94671, -5698, -5698, -5698, 2295, 3862, - -5698, -5698, -5698, -5698, -5698, 45865, 3284, 70703, 2270, -5698, - -5698, -5698, 339, -5698, 178, 94671, 45865, 3121, -5698, 45865, - 3077, -5698, -5698, -5698, 3562, 22965,110121, 3445, -5698, -5698, - 45865, 1838, -5698, -5698, 45865, 3824, 45865, 3090, -5698, 3757, - 2586, -5698, -5698, 3089, -5698, -5698, 3766, 94671, -5698, -5698, - 77444, -5698, 75946, 45865, 3091, -5698, -5698, 3462, 3246, -5698, - -5698, -5698, -5698, -5698, -5698, 3184, -5698, -5698, 3109, -5698, - -5698, -5698, -5698, 3559, -5698, 3250, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 75946, -5698, -5698, 3563, 3566, -5698, 70703, - 2265, 8247, 96918, -5698, 3765, -5698, -5698, -5698, 3641, -5698, - -5698, 24515, -5698, 25290, -5698, -5698, -5698, 3397, 1350, -53, - -5698, -5698, 3595, 94671, 3347, 3792, 3767, -5698, -5698, -5698, - -5698, -5698, -5698, 3612, 3138, 3755, 3139, -5698, -5698, -5698, - 3153, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 45865, - 52661, -5698, -5698, -5698, 3149, -5698, -5698, -5698, 3179, 29165, - 29165, -5698, 3918, 3918, 3918, 22965, 3177, 1313, 3539, 22965, - 22965, 22965, 2211, 3182, -5698, -5698, -5698, 261, -5698, 22965, - 22965, 37620, 3183, 935, 4792, 22965, 3867, 3867, -5698, 22965, - 22965, 15990, 5438, 22965, 22965, 22965, -5698, 96918, 37620, 3635, - 3191, -5698, 3181, 2248, 22965, 2268, 22965, -5698, -5698, 22965, - 22965, 22965, 22965, 3199, 31490, 3201, 22965, 22965, 3203, 3341, - 3918, 3918, 2317, 275, -5698, -5698, -5698, 3918, 3918, 3205, - 22965, 22965, 16765, 22965, 22965, 2330, 22965, 22965, 22965, 22965, - 22965, 22965, -5698, 22965, 22965, 1188, 22965, 22965, 45865, 22965, - 22965, 3872, 45865, 22965, 22965, 3875, 22965, 22965, 3214, 45865, - 22965, -5698, 22965, 2805, 2805, -5698, 22965, 16765, 22965, 3216, - 38375, 22965, 22965, 22965, 23740, -5698, 23740, -5698, -5698, 3217, - 3510, 805, 197, 22965, 3213, -5698, -5698, -5698, -5698, 22965, - 22965, 22965, 31490, -5698, -5698, -5698, 438, -5698, -5698, -5698, - 26065, 31490, 3222, 31490, 31490, 3846, 2059, 31490, 31490, 31490, - 31490, 31490, 31490, 31490, 32265, 33040, 31490, 31490, 31490, 31490, - -5698, 81938, 29165, 48861, 3233, 3884, -5698, 78193, -5698, 1611, - 1079, -5698, 2568, 4854, 34590, -5698, 3238, -5698, 3734, 45865, - 3236, 3239, 3907, 75946, 70703, 2265, 3266, -5698, 1385, 340, - -5698, 77444, 94671, -5698, -5698, -5698, 3966, 22965, -5698, -5698, - -5698, -5698, -5698, 3252, 316, 3262, -5698, 1097, -5698, -5698, - -5698, -5698, -5698, 94671, -5698, 87181, 50381, 3361, 3925, 3282, - 2649, 87930, 94671, 45865, 94671, 98416, 94671, 94671, 45865, 81938, - 75946, 45865, -5698, -5698, -5698, 995, 1640, 94671, 1640, 1721, - 1006, 1640, 3916, -5698, -5698, 1268, 1268, -5698, -5698, -5698, - -5698, -5698, -5698, 1640, 94671, 94671, 1640, 70703, -5698, 1721, - 480, -5698, 3574, 3368, -5698, -5698, -5698, 3622, -5698, -5698, - 3953, 3290, -5698, 3650, -5698, 3388, -5698, -5698, 45865, -5698, - -5698, 1721, -5698, 1721, 1721, 3963, 1640, 1640, 1640, -5698, - 41371, 3315, 3317, -5698, 3320, -5698, 3318, -5698, 3954, -5698, - -5698, -5698, 4107, 3965, 3323, -5698, -5698, 3902, -10, -5698, - 3756, -5698, 3882, -5698, 22965, 3225, 19090, 3611, -5698, -5698, - 3618, 3620, 3626, 3447, -5698, -5698, -5698, -5698, 3779, 3633, - -5698, 3449, 2568, 3636, -5698, -5698, -5698, 3360, -5698, -5698, - -5698, 53421, 227, -5698, -5698, 4035, 3475, 22965, -5698, -5698, - 45865, 3873, -5698, 2568, 1551, 94671, -5698, -5698, 4116, -5698, - -26, 4043, -5698, -5698, 3498, 1831, -5698, 4043, 1023, -5698, - -5698, 2735, 3578, -5698, -5698, -5698, 81938, -5698, -5698, -5698, - -5698, -5698, -5698, 94671, -5698, 77444, 70703, 81938, 2649, 2649, - -5698, 45865, -5698, -5698, -5698, 94671, 94671, 2649, 2649, 2649, - 3426, -5698, 268, 3394, 3401, 3405, 3407, 648, 3414, 42120, - 2484, 242, 4023, 4046, -5698, 3984, 2812, 3984, -5698, -5698, - 42120, 41371, 3423, 3818, -5698, -5698, -5698, -5698, 81938, 3422, - -5698, -5698, 3419, -5698, 22965, 4152, 4083, 3705, -5698, -5698, - 55701, 1210, 85683, -5698, -5698, -5698, 3780, 3974, -48, -5698, - 3434, 3564, -5698, 510, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 3834, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 340, 241, -5698, -5698, -5698, 1702, 3810, 1378, -5698, - -5698, 81938, 1378, -5698, 3446, 3751, -5698, 3754, 125, -5698, - 45865, -5698, -5698, -5698, -5698, -5698, 45865, 3450, -5698, 3637, - 94671, 2219, 22965, 3955, -5698, 3562, -5698, 3225,104377, -5698, - 4174, 7092, 155, 3504, -5698, -5698, -5698, -5698, -5698, 45865, - -5698, -5698, 1545, 270, 3540, -5698, 3090, 471, 94671, 4121, - 4029, -5698, -5698, 4047, 58719, -5698, -5698, 4051, 3465, -5698, - -5698, 3466, 286, 94671, 45865, 45865,110121, -5698, -5698, 3473, - -5698, -5698, -5698, -5698, 3976, -5698, -5698, 377, -5698, 42869, - 42869, 990, 2825, -5698, -5698, 2829, -5698, -5698, 2839, -5698, - 1063, -5698, 2624, -5698, -5698, -5698, -5698, 1775, -5698,110121, - -5698, 3954, 22965, 48112, 3225, -5698, -5698, 45865, -5698, 4124, - -5698, -5698,101412, 168, -5698, -5698, 276, 45865, -5698, -5698, - -5698, 4120, 3625, 94671, -5698, -5698, 4182, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 94671, 94671,110121,110121, -5698, -5698, - 1275, 1385, -5698, 4239, 96918, 22965, -5698, 3494, -5698, 3496, - 3497, 3293, 3858, 22965, 22965, -5698, 3841, 103, 366, -5698, - 3501, 3513, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 3515, -5698, -5698, 939, 1256, 3516, -5698, -5698, -5698, 3517, - 197, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 4160, -5698, 311, -5698, -5698, -5698, 22965, 1270, 1290, - 1506, 3532, 413, 424, 1619, 3149, 1863, 3526, 37620, 96918, - 3918, 3522, 344, 3918, 3527, 1638, 1684, 389, 400, 658, - -5698, 361, -5698, 1731, 1737, -5698, -5698, 3529, 3530, 3918, - 3533, -5698, 3536, 3538, 3543, -5698, 1743, 579, 3544, -5698, - -5698, 19865, 20640, 21415, 3630, 3545, -5698, -5698, 1809, 1327, - 3918, 3549, 2563, 1882, 1936, -5698, 1888, 1950, 1972, 3569, - 3003, 2565, 2628, -5698, -5698, -5698, -5698, 3524, 2630, 2634, - 3546, 3572, 2658, 2659, 45865, 3576, 3579, 2669, 45865, 2090, - 2683, -5698, 3575, 2110, 904, 3584, 3594, 2714, 3605, 2120, - -5698, 96918, 94671, 3606, 3557, 367, 3607, 2719, 5438, 5438, - -5698, 22965, 3614, 313, 96918, 2399, 1707, -5698, 416, -5698, - -5698, -5698, -5698, 606, -5698, 3541, 416, 3616, 640, 15990, - -5698, 397, 523, 31490, 31490, 3617, 31490, 31490, 1057, 969, - 969, 3629, 3629, 558, 1546, 23740, 1057, 23740, 1057, 3629, - 3629, 3629, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 4188, 3624, 3631, 3632, 3634, 1570, 3628, -5698, -5698, -5698, - -5698, -5698, -5698, 252, 4025, -5698, 3823, 310, 22965, -5698, - 3642, 4398, 4399, 4404, -5698, -5698, -5698, -5698, 75946, 75946, - 3646, -5698, 1023, 4009, 4310, 77444, 4316, -5698, 3655, 42869, - 42869, -5698, 3657, -5698, 22965, 3654, 3659, 3660, 99165, -5698, - 4331, 340, 72950, 3225, 75946, 573, -5698, 94671, 94671, -5698, - 86432, 4333, -39, 3956, -5698, 3670, 3674, -5698, 340, -5698, - 3672, 1110, 320, -5698, 3675, 3678, -5698, -5698, -5698, -5698, - 22965, 3681, 94671, 94671, -5698, -5698, -5698, -5698, 94671, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 2568, 22965, 94671, 1640, - -5698, -5698, -5698, 1640, 94671, 1640, -5698, 2568, 4343, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 1640, - -5698, -5698, -5698, -5698, -5698, 3855, 666, 2968, 3916, 4043, - 1721, 45865, 1640, 1640, 22965, -5698, -5698, -5698, -5698, 4214, - 3619, 19090, 3686, 3685, -5698, -5698,110121, 94671, 96918, 4426, - -5698, -5698, -5698, 4182, 81938, 88679, 45865, -5698, -5698, -5698, - 1722, -5698, -5698, -5698, -5698, -5698, 3225, 2457, 2632, -5698, - 3695, 3225, -5698, -5698, 4388, -5698, -5698, -5698, -5698, -5698, - 2568, -5698, -5698, -5698, 5544, -5698, 45865, 81938, 34590, -5698, - 3700, -5698, 3722, -5698, -5698, 99914, -5698, 2568, 3225, 45865, - 1202, 276, -5698, 4448, -5698, -5698, 3821, -5698, -5698, -5698, - 3706, -5698, 4129, -5698, -5698, -5698, -5698, -5698, -5698, 3709, - -5698, 4374, -5698, 1921, 140, 94671, 384, 125, -5698, 94671, - 94671, 45865, -5698, 94671, 2649, -5698, -5698, 2649, -5698, -5698, - 45865, 94671, 94671, 2649, 22965, 42120, -5698, -5698, -5698, -5698, - -5698, 42120, -5698, 1420, -5698, 3922, 1902, 1902, -5698, 3318, - -5698, -5698, -5698, 4345, 3984, 3984, 42120, 4346, 4430, -5698, - 94671, 3994, 1322, -5698, 51901, 94671, -5698, 3225, 22965, -5698, - 3749, 4083, -5698, 1038, 1134, 510, -5698, 4002, 276, -5698, - -5698, 57221, 4073, 57221, 57221, 96918, 3964, 22965, -5698, 4400, - 3733, 22965, 1921, 2568, -5698, 340, 340, 3968, 4255, 4259, - 3869, 2568, 4268, 4269, 4270, -5698, -5698, -5698, -5698, -5698, - 4006, 1631, 199, 2151, 70703, 4217, 1023, 4336, 3758, -5698, - 45865, 4415, -5698, -5698, -5698, 3759, 3761, 3225,110121, -5698, - -5698, -5698, -5698, 3772, 3778, 3782, 3784, 3789, 3790, 3793, - 3796, 3797, 3799, 3800, 3811, 3813, 3814, 3815, 3816, 3819, - 3820, 3827, 3828, 3829, 3830, 3831, 3833, 3835, 183, -5698, - -5698, 3842, -5698, -5698, -5698, -5698, -5698, 1902, -5698, 4250, - 58719, -5698, 41371, 3979, 4421, -5698, -5698, 3798, 45865, 77444, - 75946, -5698, -5698, -5698, -5698, 3801, 1275,105813, -5698, -5698, - 4561, 70703, 4271, -5698, 3822, -5698, 3832, 4317, 4321, -5698, - 96918,103659, -5698, -5698, 3225, -5698, -5698, 3825, -5698, -5698, - 3902, 3809, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3851, 4105, 4223, - -5698, -5698, -5698, 2552, -5698, -5698, -5698, -5698, -5698, -5698, - 4466, 78942,106531, 3843, -5698, -5698, -5698, -5698, 2020, -5698, - -5698,113711,113711,113711, 4182, -5698,102161, 22965, -5698, 2143, - -5698, 22965, -5698, -5698, 22965, -5698, 3225, 3802,114450, 79691, - -5698, 79691,114450, 22965, -5698, 3840, -5698, 4470, 4472, -5698, - -5698, -5698, 22965, -5698, 22965, 22965, 2167, 22965, 22965, 22965, - 22965, -5698, 22965, -5698, 22965, 22965, -5698, 31490, -5698, 3844, - 3847, -5698, -5698, 3848, -5698, 22965, 22965, -5698, -5698, -5698, - 22965, 22965, 22965, -5698, -5698, 3853, -5698, -5698, -5698, -5698, - 22965, 22965, 22965, -5698, 22965, 3723, 22965, 3752, 22965, 4037, - 22965, -5698, 26840, -5698, 3854, -5698, -5698, 22965, 22965, -5698, - 22965, 22965, 22965, -5698, -5698, -5698, 22965, -5698, 4434, 22965, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 22965, -5698, - 1685, 27615, -5698, 22965, 22965, 22965, -5698, -5698, 22965, 3859, - 3860, -5698, 94671, 575, 3126, 276, 3865, -5698, -5698, 3876, - 3880, 3003, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 935, - 31490, 914, 31490, 523, 2486, 15990, -5698, 465, 523, 5438, - 5438, 94671, 4579, 3874, -5698, 22965, 22965, 16765, 22965, 96918, - 22965, 3877, 3871, -5698, 3861, 31490, -5698, -5698, 3879, -5698, - 2311, 3126, 3969, 4326, -5698, 3225, 34590, 4381, -5698, 45865, - 4386, 4439, 4088, -5698, 75946, 70703, 4554, 4555, -5698, 3225, - -5698, 3889, -5698, -5698, -5698, 3890, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 330, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 75946, -5698, -5698, -5698, -5698, -5698, - 340, -5698, 3900, 3903, -5698, 17540, -5698, 340, 340, -5698, - -5698, 13044, -5698, -5698, 580, 4194, 4459, -5698, -5698, 94671, - 1097, 94671, -5698, 50381, 50381, 89428, 3225, 687, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3917, - -5698, -5698, -5698, 4663, -5698, -5698, 4343, -5698, 2586, 1721, - -5698, -5698, 3225, 38375, 547, -5698, -5698, -5698, 19090,107249, - -5698, 2021, 3908, -5698, 45865,107967, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 3919, -5698, -5698, 19090, - 3924, -5698, 4043, -5698, 3801, 1557, -5698, -5698, 54181, 54181, - 1767, 244, 251, 3151, 2586, -5698, -5698, 186, -5698, -5698, - -5698, -5698, -5698, -5698, 1569, -5698, -5698, 4043, -5698, -26, - 2568, 3970, -5698, 276, 4155, -5698, -5698, 1921, 1027, 1027, - 4502, 140, 4372, -5698, 4217, 4588, 4511, 4512, -5698, 4006, - -5698, -5698, -5698, 94671, -5698, 1365, -5698, -5698, -5698, 1088, - -5698, 45865, 2244, 4231, 4231, -5698, 1902, 263, -5698, 31490, - 4668, -5698, 4432, -5698, -5698, 42120, 4563, 4567, -5698, 42120, - -5698, -5698, 2049, -5698, -5698, 73699, -5698, -5698, -5698, 3225, - 256, 2048, 22965, 94671, -5698, 3749, 4007, -5698, -5698, 1134, - -5698, -5698, -5698, -5698, 57221, -5698, -5698, -5698, 1210, 3937, - 2048, 1521, 3940, 3225, -5698, -5698, 72950, 73699, -5698, 4325, - 4328, 1712, -5698, -5698, -5698, -5698, 1630, 340, 340, -5698, - 360, 340, -5698, -5698, 390, -5698, -5698, 1502, 347, 4006, - -5698, 2568, 2568, 2568, 2568, 280, 2568, 2568, 2094, -5698, - 2568, 328, -5698, -5698, 81938, -5698, 4702, 4707, -5698, 4710, - -5698, -5698, 254, -5698, 2702, 145, -5698, 99, -5698, 4504, - 94671, 4690, 3758, -5698, 408, 2219, -5698, 22965, -5698, 4462, - 3959, 3961, 276, 3962, 276, 276, 2568, 2568, 3917, 2568, - 276, 2568, 2568, 2568, 2568, 2568, 2568, 2568, 276, 2568, - 1084, 3374, 249, 2568, 276, 7092, -5698, -5698, 3619, 342, - -5698, -5698, 41371, 497, 2586, -5698, 56461, 4507, 3978, -5698, - 1023, -5698, -5698, 1649, 4627, -5698, 3971, -5698, -5698, 395, - 4169, 3980, 59468, 70703, 70703, -5698, 2622, -5698, 45865, -5698, - 4616, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 65460, - -5698, -5698, 4287, 2359, 3975, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3977, - -5698, -5698, -5698, -5698, -5698, 3462, -5698, -5698, -5698, -5698, - -5698,108685, 3973, 3225, 22965, 3225, 3225, 22965, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3985, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 3985, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 3986, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 3987, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 4667, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 4621, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3985, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 3985, -5698, 3985, -5698, 4622, 3985, - 3985, -5698, 3989, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3990, 3995, 3997, - 3003, -5698, 22965, 22965, 2752, 132, 132, 22965, 2280, 2342, - 937, -5698, 2765, 2780, 2781, 417, 96918, -5698, -5698, 2785, - 2786, 2801, 2808, 2843, -5698, 2345, 3945, 2376, 3225, 22965, - 3225, 22965, 3225, 22965, 3225, 23740, 2866, -5698, 2097, 4175, - -5698, 2117, 4218, 2869, 2872, 2149, 3063, 3249, 2155, 23740, - 2885, 2898, 2433, 2540, 2921, 96918, 94671, 3991, 4004, 4004, - 425, -5698, 4005, -5698, -5698, -5698, 4008, -5698, 22965, 22965, - 4011, 416, -5698, 22965, 523, 31490, 938, 31490, -5698, -5698, - 4188, -5698, 22965, -5698, 4586, 4012, 4280, 4013, 4015, 3630, - 4016, 4017, 4020, 4010, 3225, -5698, -5698, 94671, 4021, 1528, - -5698, 3917, -5698, 4642, -5698, 4746, 4024, 4042, 4026, 3879, - -5698, 75946, -5698, 45865, -5698, 4689, 3466, -5698, 70703, 70703, - -5698, 83436, -5698, 57970, 94671, 94671, -5698, 22965, -5698, -5698, - 573, 4788, 4790, -5698, 29165, 2632, -5698, 3225, -5698, -5698, - -5698, -5698, -5698, 95, 4589, -5698, -5698, -5698, -5698, -5698, - 340, -5698, 340, -5698, 3678, -5698, -5698, -5698, -5698, 3911, - -5698, 666, -5698, -5698, -5698, 1640, 4038, -5698, 340, 1515, - -5698, 19090, 4041, 4040, -5698, 4517, -5698, 935, 255, -5698, - 3619, -5698, 4045, 90177, -5698, 4049, -5698, -5698, 4605, -5698, - -5698, 4069, 4050, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 666, 4103, 4289, -5698, -5698, -5698, -5698, -5698, 4141, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 45865, - 4641, 70703, 145, 4436, 45865, 45865, 9346, 8070, 4006, 4061, - 94671, -5698, -5698, 2568, -5698, -5698, 1365, -5698, -5698, 3758, - 4062, 564, 4062, -5698, -5698, -5698, -5698, 1528, 1902, 1902, - 3857, 4556, 42120, 42120, 3888, 4557, 22965, 4080, -5698, 94671, - -5698, -5698, 4489, -5698, -5698, 22965, -5698, -5698, -5698, -5698, - -5698, 4820, 4087, -5698, -5698, -5698, -5698, -5698, -5698, 22965, - -5698, 55701, 22965, 4085, 4089, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 555, 1991, 2189, - -5698, -5698, 2189, 1991, -5698, -5698, -5698, -5698, 1685, 1685, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 1631, -5698, -5698, 4848, 453, -5698, 4672, -5698, -5698, - -5698, -5698, 1007, 276, 276, 276, 3374, 2215, -5698, 2702, - 1851, 4433, -5698, 6729, 523, 1448, 4594, 2125, -5698, 2193, - -5698, 4835, -5698, 341, -5698, -5698, 3225,110121, 293, 301, - -5698, 317, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 355, 2586, 1236, 94671, 4449, 4643, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 22965, -5698, 4763, -5698, -5698, -5698, - -5698, 125, 125, -5698,110121, -5698, -5698, 255, -5698, -5698, - 4616, 4390, -5698, 1676, 3985, 3985, 74, -5698, 3986, 4673, - 3986, -5698, 4506, 3547, 2775, 4506, 2775, 3986, -5698, 4109, - 4506, 2775, 3985, -5698, 3985, -5698, -5698, 2775, 3985, -5698, - 4115, 3986, 4506, 1414, 2393, 3986, -5698, 3985, -140, 3985, - 3985, 3985, 4327, 3985, 3985, 3986, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 116, 3985, 3985, 3985, 3985, 3987, 4781, - 4782, -5698, 94671, -5698, 22965, -5698, -5698,113711, 94671, 937, - 3225, 2463, -5698, -5698, -5698, 2195, 2925, -5698, -5698, -5698, - 4881, -5698, -5698, 3985, -5698, 2195, -5698, -5698, -5698, -5698, - -5698, -5698, 2195, -5698, -5698, -5698, -5698, 4123, 5438, 5438, - -5698, 4850, 4656, 4748, 2955, 22965, 22965, -5698, 22965, -5698, - -5698, -5698, 1658, 4128, 4602, -5698, -5698, -5698, -5698, -5698, - -5698, 22965, 22965, 22965, 3225, 3225, 3225, 5438, -5698, -5698, - 3644, -5698, -5698,114450, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 249, 5438, -5698, -5698, 22965, 22965, - -5698, -5698, -5698, 94671, 3126, 4131, 4414, -5698, -5698, -5698, - 3126, 4278, -5698, -5698, 3126, 276, -5698, -5698, -5698, 2223, - 416, -5698, 22965, 523, 4719, 4138, 4868, 4145, -5698, -5698, - -5698, -5698, -5698, -5698, 22965, 83436, -5698, 4147, 4149, -5698, - -5698, -5698, 4587, 22965, 4772, 4724, -5698, 3126, 94671, -5698, - -5698, -5698, 70703, 3655, 3655, 90926, -5698, -5698, -5698, -5698, - 1720, 340, 340, -5698, 3225, -5698, -5698, 4154, 4157, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 666, -5698, 38375, - 2586, 22190, -5698, -5698, -5698, 19090, -5698, 4162, 38375, 4633, - -5698, -5698, -5698, 4507, 203, -5698, -5698, 91675, -5698, 4164, - -5698, 4170, -5698, 1674, 4513, 4789, 4921, 54181, 4177, -5698, - -5698, -5698, 4191, 4196, 4198, -5698, 4179, -5698, 45865, -5698, - -5698, 4210, -5698, -5698, 39124, 4807, 4226, 4564, 45865, 340, - 340, 340, 340, 340, 340, 340, 340, 340, 340, 4566, - 340, 340, 340, 340, 340, 340, 340, 340, -5698, 340, - 340, 113, 94671, 340, 340, -5698, -5698, -5698, 4767, -5698, - 7761, -5698, 340, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 421, 4785, 1136, -5698, -5698, 1201, 4939, 4204, - -5698, 4350, -5698, -5698, -5698, -5698, 4315, 4350, 3758, 2587, - -5698, -5698, -5698, 4697, -5698, -5698, -5698, 4699, 3225, 94671, - -5698, -5698, 2242, 4830, 2048, 4213, 94671, 2048, 1134, 510, - 3225, -5698, -5698, 4683, 4708, -5698, -5698, 3018, 3133, -5698, - 3348, 608, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 333, -5698, 81938, -5698, -5698, -5698, -5698, -5698, - 4973, 4975, -5698, -5698, -5698, -5698, 4409, 492, 4264, 1383, - 4793, 4619, 4794, 1915, 3771, 340, 4795, 4943, -5698, 451, - 340, 4796, 4851, 4303, 4857, 4799, -5698, 4306, 4619, 4801, - 4424, 4803, 4804, 4805, -5698, -5698, 8070, -5698, -5698, -5698, - -5698, 419, 43618, -5698, -5698, -5698, -5698, -5698, 4417, 22965, - 22965, 4821, 94671, 4822, -5698, 4637, -5698, 94671, -5698, 935, - -5698, -5698, -5698, 4541, -5698, 2243, -5698, -5698, 2288, -5698, - -5698, 2310, -5698, -5698, -5698, 1722, -5698, 1722, -5698, 355, - 1236, -5698, -5698, 4903, -5698, 4590, 3266, -5698, 935, 3225, - 4444, 4718, 4718, -5698, -5698, -5698, 4834, -5698, -5698, -5698, - -5698, 4888, -5698, 4506, 340, 4506, -5698, -5698, 555, -5698, - 555, -5698, 343, 3411, 74448, 4506, -5698, -5698, -5698, -5698, - 4734, 2775, 2195, 79691, 2312, -5698, -5698, -5698, -5698, 555, - 2735, -5698, -5698, 4506, -5698, -5698, -5698, 2735, 555, -5698, - 4736, -5698, -5698, -5698, 555, 4506, 4468, 94671, 4954, 2775, - -5698, -5698,102910, 2775, 555, 4816, 4954, -5698, 2195, 4998, - 2775, 4506, 555, 555, -5698, 216, 4272, -5698, 3225,113711, - -5698, -5698, 4267, 4273, 4275, 4276, -5698, -5698, 2328, 4277, - -5698, -5698, -5698, -5698, 4284, 4285, 22965, 2735, 4748, 57221, - 4286, -5698, -5698, 2987, 2545, 2340, 4575, 4516, -5698, 4442, - -5698, 3016, 3225, 3225, 1725, 3986, -5698, -5698, -5698, -5698, - 4911, 3985, -5698, 5007, -5698, 3985, 2195, -5698, -5698, -5698, - -5698, -5698, 4291, 2343, 1761, 3020, 3022, -5698, -5698, -5698, - 4292, -5698, -5698, 474, -5698, 4293, -5698, 2350, 5020, 2168, - 22965, -5698, 4297, -5698, -5698, 94671, -5698, -5698, 5438, 1164, - -5698, 2428, -5698, -5698, -5698, 4298, 3655, -5698, -5698, 60217, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 4043, -5698, 4047, 2632, -5698, -5698, -5698, -5698, 4680, 4305, - 4304, -5698, -5698, -5698, 4300, 197, 38375, -5698, -5698, -5698, - 4308, 4307, -5698, -5698, -5698, 90177, -5698, 2444, -5698, -5698, - 5049, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, 19090, 2568, 2568, - 2568, 2100, 4312, -5698, 81938, 4313, 4314, 46614, 570, 94671, - 2472, -5698, -5698, -5698, -5698, -5698, 1816, -5698, 484, 2649, - 1722, 1722, -5698, 4311, 45865, -5698, 340, -5698, 258, 292, - 319, 322, -5698, 3917, 276, 276, 2568, 2568, 340, 276, - 81938, 1666, 276, 3917, 3917, 350, 2568, 1230, 258, -5698, - -5698, -5698, 276, 258, 230, -5698, -5698, 9076, -5698, 69954, - 8070, 80440, 4334, -5698, -5698, 1547, 4446, -5698, -5698, -5698, - 4675, 1136, -5698,102910, -5698, -5698, -5698, -5698, -5698, 1201, - 1239, -5698, -5698, -5698, 4322, 80440, -5698, -5698, 2568, -5698, - 5056, 5081, -5698, -5698, 4731, 22965, 4329, 22965, 4330, 2491, - 5050, 5051, 4997, 5054, 2242, -5698, 1872, -5698, -5698, -5698, - -5698, -5698, -5698, 1134, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 4335, -5698, -5698, -5698, -5698, 4671, -5698, 5095, -5698, - 4791, 44367, 2649, -5698, 1949, 4380, -5698, -5698, -5698, 4989, - 2917, 2917, 1047, 2917, 91675, 94671, 45865, 1322, 1986, 4971, - 2270, 2047, 4384, 4908, 2917, 2917, 92424, 1047, 38375, -5698, - -5698, -5698, 2917, -5698, 2917, 45865, 93173, 1047, -5698, -5698, - -5698, 94671, -5698, 2917, 1047, -5698, 1047, 1047, 91675, -5698, - 10831, -5698, -5698, 39124, 1648, -5698, 3225, 5438, 4741, -5698, - -5698, 4463, 2568, 4713, -5698, -5698, 4824, -5698, 94671, 362, - -5698, 276, -5698, 276, -5698, 276, 5014, 5014, -5698, -5698, - -5698, 31490, -5698, 3657, -5698, -5698, 197, -5698, -5698, 1406, - -5698, -5698, 4714, 4507, 4862, -5698, -5698, 94671, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 75197, -5698, 2508, -5698, -5698, 2539, -5698, -5698, -5698, - -5698,102910, -5698, 2553, -5698, 67707, -5698, -5698, -5698, -5698, - 4954, 4349, -5698, -5698, 4376, -5698, -5698, -5698, -5698, -5698, - -5698, 4998, -5698, -5698, 62464, -5698, -5698, -5698, 80440, 5021, - -5698, -5698, -5698, -5698, -5698, -5698, 5119, -5698, -5698, 4359, - 2048, -5698, 4362, -5698, -5698, -5698, -5698, 22965, -5698, 4600, - -5698, 4705, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 3917, -5698, -5698, -5698, 4366, -5698, 276, -5698, - 22965, -5698, -5698, 4367, 4071, 2048, -5698, -5698, 4465, 4326, - 4370, -5698, 4724, 94671, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 4421, -5698, -5698, -5698, 38375, 60966, 4375, 4368, -5698, - 340, -5698, -5698, 94671, -5698, -5698, 3917, 4738, -5698, 2559, - -5698, -5698, -5698, -5698, 94671, 4377, 4576, 94671, 94671, -5698, - -5698, 4379, 94671, -5698, -5698, -5698, 39124, 4389, 5008, 5009, - 1722, -5698, 2649, 4941, 46614, -5698, 2649, 2649, 64711, 94671, - 4391, 2568, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 4394, -5698, -5698, -5698, -5698, -5698, 2568, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 5131, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 4767, -5698, -5698, -5698, -5698, 66209, 4396, - 4395, 94671, -5698, -5698, -5698, 4954, -5698, -5698, -5698, 5082, - 110121, -5698, -5698, -5698, 4608, 1448, 94671, 4401, 94671, 4403, - -5698, -5698, 4405, -5698, 4401, 4403,109403, -5698, -5698, 1239, - -5698, -5698, -5698, 4411, -5698, 66958, 4334, -5698, -5698, -5698, - -5698, -5698, 4402, 4406, -5698, 94671, 3225, 94671, -5698, 2735, - 2735, 5124, 2735, -5698, 5126, 5129, 1872, -5698, -5698, 5172, - 492, 4797, 1851, 523, 1047, 523, 5077, -5698, -5698, 94671, - 46614, 91675, 46614, -5698, 4917, -5698, 73699, 46614, 2917, 94671, - -5698, 5079, -5698, 5048, 46614, 46614, -5698, -5698, 91675, 4418, - -5698, 2048, 2641, 94671, 46614, -5698, -5698, -5698, 3126, 4897, - 46614, 91675, -5698, 91675, -5698, 4137, 4926, 3836, -5698, 4427, - 4428, 94671, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 1170, - -5698, -5698, 2560, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 2107, -5698, -5698, -5698, -5698, 499, -5698, 4634, -5698, 1406, - -5698, -5698, -5698, 45865, -5698, -5698, -5698, -5698, 2195, 2735, - 2195, 4954, -5698, 94671, -5698, 3986, -5698, -5698, 22965, -5698, - 94671, 5185, -5698, -5698, -5698, -5698, 47363, -5698, -5698, -5698, - 4756, -5698, 2588, -5698, -5698, -5698, 4435, 22965, -5698, -5698, - 3023, -5698, -5698, 4437, -5698, 4438, 3937, -5698, 4320, 4570, - 4398, 4399, 4404, 4620, 4786, -5698, 4624, -5698, 3927, 4587, - 4443, 31490, -5698, -5698, 1600, -5698, -5698, -5698, -5698, 96918, - -5698, -5698, 4440, -5698, 38375, 19090, -5698, -5698, 4861, -5698, - 2600, 2048, -5698, 4445, 94671, 4447, 2604, 4450, -5698, 94671, - 4452, -5698, -5698, 2649, -5698, -5698, 46614, 45865, -5698, 4934, - 1400, 46614, 46614, 4441, 1733, 4451, 4456, 2906, 1791, 4460, - 4115, 1829, 106, 1414, 121, 1843, 4461, 1862, 4464, 1880, - 1886, 1900, 1909, 1952, 4469, 5170, -5698, -5698, 4471, 4474, - 4475, 4479, 4480, 4483, 4484, 4488, 4490, -5698, -5698, 45865, - -5698, -5698, 203, 230, 1486, 4664, -5698, -5698, 80440, -5698, - -5698, -5698, 5239, 94671, 5042, 4821, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 4453, -5698, 4467, -5698, -5698, 80440, 1601, - 4679, -5698, -5698,111557, -5698, -5698, -5698,100663, 6566, 2614, - 2625, -5698, -5698, 2735, -5698, 2735, 2735, -5698, 4477, -5698, - -5698, -5698, 5141, -5698, 5144, -5698, 2033, 1799, -5698, 46614, - 1545, 4986, 5000, 5212, -5698, 46614, 4307, 94671, -5698, -5698, - 1649, -5698, 38375, -5698, -5698, 5002, 5005, -5698, 5015, 1648, - -5698, 94671, -5698, -5698, -5698, 4604, -5698,110121, 4711, 5228, - 5230, -5698, 94671, 93922, 5238, -5698, 5240, 4518, 4519, -5698, - 31490, -5698, -5698, 5151, -5698, 3619, -5698, -5698, -5698, -5698, - -5698, 4816, 3225, 4508, -5698, 62464, -5698, -5698, -5698, 80440, - -5698, -5698, 2048, -5698, -5698, -5698, 1371, -5698, 5263, 1399, - -5698, -5698, 727, -5698, -5698, -5698, -5698, 94671, 4526, 4614, - -5698, -5698, 4601, -5698, -5698, 3202, -5698, 90, 61715, -5698, - -5698, -5698, 1023, 94671, -5698, 5288, 4532, 1631, 1023, 1023, - 4533, 94671, 22965, 46614, 4934, 1485, 4537, 1027, -5698, 1027, - -5698, -5698, 3467, 67707, -5698, -5698, 3420, 94671, 4538, 5308, - -5698, 4749, -5698, 94671, -5698, -5698, -5698, -5698, 4540, -5698, - 2125, -5698, 4061, 4062, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 4753, -5698, 94671, 5239, 5109, 2640, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 46614, 912, -5698, -5698, - 5190, -5698, 5236, 5237, 1648, -5698, 45865, 5120, 72950, -5698, - -5698, -5698, 1047, -5698, 94671, 46614, 45865, -5698, -5698, 4307, - 1569, 22965, 4905, 5239, -5698, 4751, 4755, -5698, -5698, 2660, - -5698, -5698, -5698, -5698, 90177, 90177, 1528, 5044, -5698, -5698, - -5698, 94671, -5698, -5698, -5698, -5698, 4320, -5698, -5698, 4691, - 1664, -5698, 2668, -5698, -5698, -5698, 3126, -5698, 4558, -5698, - 4923, 340, 340, 4927, 340, 340, 340, 340, 4562, 3202, - -5698, -5698, -5698, 4918, -5698, -5698, -5698, 3175, 2048, 4568, - 94671, 4571, 2673, 3065, 3086, 94671, 4560, 3094, -5698, -5698, - 1027, 94671, 5178, -5698, 4565, -5698, 4573, 4574, -5698, -5698, - 5203, 2568, -5698, 4655, -5698, -5698, 3467, -5698, -5698, -5698, - 4617, 5205, 5165, -5698, 81938, 33815, -5698, 5071, -5698, 5026, - 5273, -5698, 5321, 3186, -5698, -5698, -5698, -5698, -5698, -5698, - 94671, 4580, 94671, -5698, 4637, -5698, -5698, 4350,110121,111557, - -5698, 94671, 4581, -5698, 2587, -5698,100663, 11952, 5170, 3126, - 4724, -5698, -5698, -5698, 33815, -5698, 120, 4724, -5698, -5698, - -5698, -5698, 120, 5221, -5698, 3225, 22965, -5698, -5698, -5698, - -5698, -5698, 93922, 4591, 2688, -5698, 1322, -5698, -5698, -5698, - -5698, -5698, -5698, 94671, -5698, 4593, -5698, -5698, 139, 340, - 2568, 2568, 340, 3523, 3523, 3126, 81938, 4674, -5698, -5698, - 340, 1027, 2568, 340, 1027, -5698, -5698, 381, 3175, -5698, - -5698, -5698, -5698, -5698, -5698, 1624, 1023, -5698, 4798, 381, - 3065, -5698, -5698, 381, 3086, -5698, -5698, 4596, 94671, -5698, - 4595, 4598, -5698, 2692, -5698, 1247, 5175, 94671, 4599, 94671, - 94671, -5698, -5698, -5698, -5698, -5698, -5698, 4958, -5698, 4606, - 4609, 3374, 3374, 15990, -5698, -5698, -5698, -5698, -5698, -5698, - 5191, -5698, 4644, 1434, -5698, 4597, 94671, -5698, 45865, 4966, - 4334, -5698, 5390, -5698, 5390, -5698, 4603, 94671, -5698, -5698, - 5195, -5698, -5698, -5698, -5698, -5698, 2012, -5698, -5698, 2693, - -5698, 4654, 4660, -5698, 120, -5698, 4618, 3225, -5698, -5698, - -5698, 38375, -5698, 4614, -5698, -5698, 2700, -5698, 28390, -5698, - -5698, -5698, 2568, -5698, -5698, 2568, -5698, -5698, -5698, -5698, - -5698, 2706, -5698, 81938, -5698, -5698, 276, -5698, -5698, 5231, - 5065, -5698, 4823, 3175, 2645, -5698, -5698, -5698, -5698, -5698, - 4625, 94671, 94671, 4623, -5698, 94671, -5698, -5698, -5698, 429, - -5698, 2709, 94671, 2729, 4626, -5698, -5698, -5698, -5698, 4628, - 4630, -5698, 166, -5698, 94671, 4613, 5283, -5698, 4334, -5698, - -5698, -5698, 94671, 4632, 4731, -5698, 5197, 2587, -5698, -5698, - -5698, -5698, -5698, -5698, 4724, 4629, -5698, 340, 5167, -5698, - -5698, 4593, -5698, 4631, -5698, 1528, -5698, -5698, 81938, -5698, - 4674, -5698, -5698, -5698, -5698, -5698, -5698, 381, -5698, -5698, - 2744, 4532, 94671, -5698, 1241, 1241, 3175, 2755, 3065, 3086, - -5698, 306, -5698, 3011, 3011, 1386, -5698, 94671, -5698, -5698, - -5698, 94671, -5698, 2587, 1115, -5698, 2761, 38375, 19090, 4937, - 4489, -5698, 28390, 4646, 3967, -5698, -5698, -5698, 4941, 4647, - 4532, -5698, -5698, 2005, 5087, 5226, 5229, -5698, 3175, -5698, - -5698, -5698, 4648, -5698, 3011, -5698, -5698, -5698, -5698, -5698, - 1458, -5698, -5698, -5698, -5698, 3499, -5698, -5698, -5698, 5234, - 1115, 1115, -5698, -5698, -5698, 5376, 4830, -5698, -5698, -5698, - 3967, -5698, -5698, 3175, 4653, -5698, -5698, -5698, 5147, 5344, - -5698, -5698, -5698, -5698, 1458, -5698, 5334, -5698, -5698, -5698, - 1240, 5243, -5698, 5246, -5698, 2735, 5310, -5698, -5698, 3175, - 1241, 1241, -5698, 4806, -5698, -5698, 5335, 5018, -5698, 5427, - 4677, -5698, -5698, -5698, -5698, 1885, 35350, 5201, 1473, -5698, - -5698, -5698, 81938, -5698, 2767, -5698, -5698, 38375, -5698, -5698, - -5698, 81938, -5698, -5698, -5698, 36110, 4670, -5698, 340, -5698, - -5698,110121, -5698, 38375, -5698, 5239, -5698, 19090, -5698, -5698, - -5698 + 9160, -5502, -5502, 3529, 1252, 95928, -5502, 78, -5502, 420, + -5502, -5502, -5502, 3735, -5502, -5502, -5502, -5502, -5502, 400, + 954, -5502, 1143, -5502, -5502, 368, 82446, 682, 973, -5502, + 85442, -5502, -5502, -5502, -5502, 85442, -5502, -5502, 95928, -5502, + -5502, 1130, -5502, 284, 479, 593, 1832, 954, 1326, -5502, + -5502, 96677, 1143, 1697, -5502, -5502, 1668, 95928, 1143, -5502, + 1326, 95928, -5502, 228, 257, -5502, 1756, 4015, 148, 2182, + 2157, -5502, -5502, 1603, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 3390, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 1956, -5502, -5502, + -5502, -5502, 3837, 1902, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 46373, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 148, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 97426, 95928, 1522, 1722, + 95928, 2242, 83195, 2242, -5502, 147, -5502, -5502, 2085, -5502, + 1743, -5502, 954, 588, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 1731, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 2220, 2542, 115, 2255, 1096, 2242, -5502, + 2546, -5502, 2242, 2301, 2242, -5502, 2242, 2242, -5502, 2242, + 2242, 2242, -5502, -5502, 972, 95928, 69713, -5502, -5502, 853, + 2479, -5502, -5502, -5502, -5502, -5502, -5502,111378, 954, 24222, + 2615, -5502, -5502, 2192, 4612, 1992, -5502, 2487, -5502, -5502, + 95928, -5502, 2242,111378, -5502, 2487, 70462, 2767, 50878, 11722, + 2487, 954, 2570, -5502, 1968, -5502, -5502, -5502, -5502, -5502, + -5502, 95928, -5502, -5502, -5502, 2412, 1326, 83195, -5502, -5502, + -5502, -5502, -5502, 2719, 24222, 232, 2481, -5502, -5502, 2366, + 47122, 83195, 2666, 2542, 2682, -5502, 1479, 456, -5502, 2066, + 2150, 2542, 1584, 2188, 2542, 2557, 2242, 2242, -5502, -5502, + 2745, 2745, 2745, 2402, 2745, -5502, 2745, 2741, 2104, 314, + -5502, -5502, 2113, 95928, 2666, -5502, 2666, -5502, 2773, -5502, + 2666, 2666, 2278, 2820, 2832, 146, 3766, 215, 215, 2085, + 41879, 1079, 2690, -5502, 2741, 1654, 1870, 526, 526, 526, + 1654, 148, 1654, -5502, 3279, 1743, 1900, 95928, -5502, 2864, + -5502, 2215, -5502, -5502, 212, -5502, 2284, -5502, 2234, 1593, + 71960, -5502, 2916, -5502, -5502, -5502, -5502, -5502, -5502, 2775, + 274, 2404, 2612, 2317, -5502, 2800, 83195, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 95928, 2294, -5502, -5502, -5502, + 2976, 2220, -5502, 2805, -5502, -5502, -5502, -5502, 47122, -5502, + -5502, -5502, 2966, -5502, -5502, 86191, 651, 95928, 2956, -5502, + 95928, -5502, 95928, -5502, 83195, -5502, -5502, 95928, 2242, 2242, + -5502, -5502, 2947, 2492, 2461, 1869, 2334, 2650, -5502, 2547, + -5502, 2346, 2427, 2566, 2373, 2384, 2425, 197, -5502, 2389, + -5502, 1209, 2846, 102, 116, 2847, 152, 154, 2996, 2888, + 164, 1051, 173, 2686, 180, -5502, -5502, -5502, -5502, 2967, + 3040, 2457, -5502, 2459, -5502, 2972, 2831, 1451, -5502, -5502, + 88, 2899, 321, 47122,112814, 83944,114250, -5502,114250,114250, + -5502, 246, -5502, 479, 95928,113532, -5502, 95928,106352, -5502, + 11372, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 95928, -5502, -5502, -5502, -5502, -5502, 2497, -5502, -5502, -5502, + -5502, -5502, 2945, 1826, 2954, -5502, 2502, -5502, -5502, -5502, + -5502, -5502, 86940, -5502, 217, 220, 3057, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 30422, 2531, + 2535, 2543, 19572, 2554, 2555, 2558, 2559, 2567, 2334, 2334, + 2334, 2571, 2581, 2601, 2602, 2607, 2616, 2632, -5502, 2654, + 2675, 2685, 2689, 2699, 2703, 24997, 2709, 2720, 2723, 2571, + 38122, 2727, 2748, 2752, 2753, 24222, 2571, 2756, 2774, -5502, + 2780, 2789, 2795, 2810, 2848, 2853, 2860, 2866, 3357, 2869, + 2870, 2871, 2873, -5502, 2334, 2571, 2571, 2875, 2889, 2893, + 2898, 2900, 2901, 2902, 2904, 2905, 2913, 2917, 2920, 2928, + 2931, 2935, 211, 2937, 2938, 2948, 2949, 2950, 2965, 2974, + 2679, 2982, 2983, 2987, 2737, 2988, 2993, 2994, 2995, 2997, + 213, 2998, 3001, 256, 3002, 3003, 3011, 3014, 3018, 3021, + 3022, 31197, 31972, 30422, 17247, -5502, 95928, 98175, -5502, -5502, + 3728, 1508, 2396, 433, 30422, -5502, -5502, -5502, 3434, -5502, + 3499, -5502, -5502, -5502, -5502, 3335, 3349, -5502, 3360, -5502, + -5502, 3379, 2844, -5502, 3581, -5502, -5502, -5502, -5502, -5502, + 2827, -5502, 3024, 3611, 3615, 3025, 3026, -5502, -5502, 1449, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 2859, 2908, -5502, 3581, -5502, -5502, 77203, + -5502,112096, -5502, -5502, 2492, 3076, 3463, -5502, 3548, -5502, + 3526, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 2767, -5502, -5502, 52398, 3476, 1084, -5502, + -5502, 336, -5502, 363, 369, 64470, -5502, 323, 65219, 371, + 87689, 1070, -5502, 72709, -5502, 397, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 2973, -5502, 3085, 3320, + 3029, 3185, 1167, -5502, -5502, 234, 957, 3127, 673, -5502, + 31, -5502, 1167, -5502, 77952, 1163, 2297, -5502, 1023, -5502, + 3697, -5502, -5502, 3130, 3128, 3157, -5502, 3592, -5502, 2542, + -5502, 357, -5502, 1163, 1167, 2297, -5502, 3326, 3408, 1115, + 3320, -5502, 1723, -5502, -5502, -5502, 3700, -5502, 3053, -5502, + 3419, -5502, 95928, 343, 47122, -5502, -5502, -5502, 3055, 47122, + 47122, 1170, 1006, 3728, 3058, 24222, -5502, -5502, 4568, -5502, + 3264, 1711, 736, -5502, -5502, 479, 95928, -5502, -5502, 555, + -5502, 3496, -5502, 3070, -5502, 98924, 1006, 3740, -5502, -5502, + -5502, 1275, 3470, -5502, 3082, -5502, -5502, -5502, -5502, 47122, + 95928, 2542, -5502, -5502, -5502, -5502, 3087, -5502, -5502, 3296, + 3178, -5502, 3115, -5502, -5502, 548, -5502, -5502, 3880, -5502, + 95928, -5502, 2666, -5502, -5502, 2666, -5502, -5502, -5502, 2666, + 2666, 2666, -5502, -5502, 2666, 2666, 3137, -5502, 3422, 3423, + 2800, -5502, 3114, 41130, 95928, 3908, -5502, 2959, -5502, -5502, + -5502, 3131, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 3707, 3904, 3904, -5502, 53158, -5502, -5502, 3796, 2690, 866, + 3641, 56198, 3788, 3875, 58478, -5502, 1163, -5502, -5502, -5502, + -5502, 2318, 95928, -5502, 2318, 2318, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 148, -5502, + -5502, 588, 3816, 73458, 95928, 1654, 1870, -5502, -5502, -5502, + 2542, 372, 3532, -5502, 95928, -5502, -5502, -5502, 2334, 3944, + -5502, -5502, -5502, -5502, -5502, 47122, 3361, 71960, 2242, -5502, + -5502, -5502, 274, -5502, 1674, 95928, 47122, 3198, -5502, 47122, + 3156, -5502, -5502, -5502, 3644, 24222,111378, 3523, -5502, -5502, + 47122, 1219, -5502, -5502, 47122, 3905, 47122, 3170, -5502, 3836, + 2690, -5502, -5502, 3171, -5502, -5502, 3845, 95928, -5502, -5502, + 78701, -5502, 77203, 47122, 3172, -5502, -5502, 3540, 3323, -5502, + -5502, -5502, -5502, -5502, -5502, 3262, -5502, -5502, 3186, -5502, + -5502, -5502, -5502, 3645, -5502, 3332, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 77203, -5502, -5502, 3649, 3650, -5502, 71960, + 1641, 7905, 98175, -5502, 3847, -5502, -5502, -5502, 3700, -5502, + -5502, 25772, -5502, 26547, -5502, -5502, -5502, 3480, 367, 1184, + -5502, -5502, 3678, 95928, 3435, 3874, 3850, -5502, -5502, -5502, + -5502, -5502, -5502, 3699, 3225, 3843, 3220, -5502, -5502, -5502, + 3238, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 47122, + 53918, -5502, -5502, -5502, 3234, -5502, -5502, -5502, 3245, 30422, + 30422, -5502, 3987, 3987, 3987, 24222, 3182, 388, 3608, 24222, + 24222, 24222, 531, 3253, -5502, -5502, -5502, 239, -5502, 24222, + 24222, 38877, 3254, 501, 5128, 24222, 3934, 3934, -5502, 24222, + 24222, 17247, 6774, 24222, 24222, 24222, -5502, 98175, 38877, 3706, + 3256, -5502, 3259, 542, 24222, 557, 24222, -5502, -5502, 24222, + 24222, 24222, 24222, 3261, 32747, 3277, 24222, 24222, 3281, 3399, + 3987, 3987, 572, 308, -5502, -5502, -5502, 3987, 3987, 3282, + 24222, 24222, 18022, 24222, 24222, 1300, 24222, 24222, 24222, 24222, + 24222, 24222, -5502, 24222, 24222, 1617, 24222, 24222, 47122, 24222, + 24222, 3926, 47122, 24222, 24222, 3945, 24222, 24222, 3284, 47122, + 24222, -5502, 24222, 3762, 3762, -5502, 24222, 18022, 24222, 3285, + 39632, 24222, 24222, 24222, 24997, -5502, 24997, -5502, -5502, 3287, + 3291, 522, 148, 24222, 3289, -5502, -5502, -5502, -5502, 24222, + 24222, 24222, 32747, -5502, -5502, -5502, 1351, -5502, -5502, -5502, + 27322, 32747, 3290, 32747, 32747, 3916, 2210, 32747, 32747, 32747, + 32747, 32747, 32747, 32747, 33522, 34297, 32747, 32747, 32747, 32747, + -5502, 83195, 30422, 50118, 3301, 3954, -5502, 79450, -5502, 1930, + 1082, -5502, 2542, 4612, 35847, -5502, 3300, -5502, 3806, 47122, + 3295, 3305, 3970, 77203, 71960, 1641, 3324, -5502, 1399, 325, + -5502, 78701, 95928, -5502, -5502, -5502, 4031, 24222, -5502, -5502, + -5502, -5502, -5502, 3310, 419, 3317, -5502, 1185, -5502, -5502, + -5502, -5502, -5502, 95928, -5502, 88438, 51638, 3416, 3986, 3336, + 2666, 89187, 95928, 47122, 95928, 99673, 95928, 95928, 47122, 83195, + 77203, 47122, -5502, -5502, -5502, 1062, 1167, 95928, 1167, 2297, + 1088, 1167, 3971, -5502, -5502, 1400, 1400, -5502, -5502, -5502, + -5502, -5502, -5502, 1167, 95928, 95928, 1167, 71960, -5502, 2297, + 1721, -5502, 3627, 3418, -5502, -5502, -5502, 3673, -5502, -5502, + 4002, 3348, -5502, 3702, -5502, 3447, -5502, -5502, 47122, -5502, + -5502, 2297, -5502, 2297, 2297, 4016, 1167, 1167, 1167, -5502, + 42628, 3355, 3358, -5502, 3354, -5502, 3359, -5502, 3994, -5502, + -5502, -5502, 4148, 4003, 3362, -5502, -5502, 3937, 886, -5502, + 3791, -5502, 3924, -5502, 24222, 3728, 20347, 3655, -5502, -5502, + 3656, 3657, 3660, 3481, -5502, -5502, -5502, -5502, 3814, 3666, + -5502, 3486, 2542, 3668, -5502, -5502, -5502, 3392, -5502, -5502, + -5502, 54678, 250, -5502, -5502, 4067, 3504, 24222, -5502, -5502, + 47122, 3900, -5502, 2542, 1479, 95928, -5502, -5502, 4143, -5502, + 1182, 4066, -5502, -5502, 3516, 1584, -5502, 4066, 1376, -5502, + -5502, 2745, 3597, -5502, -5502, -5502, 83195, -5502, -5502, -5502, + -5502, -5502, -5502, 95928, -5502, 78701, 71960, 83195, 2666, 2666, + -5502, 47122, -5502, -5502, -5502, 95928, 95928, 2666, 2666, 2666, + 3450, -5502, 2120, 3409, 3414, 3415, 3424, 2022, 3425, 43377, + 2576, 209, 4050, 4053, -5502, 4005, 2164, 4005, -5502, -5502, + 43377, 42628, 3432, 3908, -5502, -5502, -5502, -5502, 83195, 3430, + -5502, -5502, 3431, -5502, 24222, 4163, 4087, 3796, -5502, -5502, + 56958, 1587, 86940, -5502, -5502, -5502, 3787, 3979, 1142, -5502, + 3439, 3567, -5502, 898, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 3841, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 325, 230, -5502, -5502, -5502, 1262, 3817, 3247, -5502, + -5502, 83195, 3247, -5502, 3453, 3758, -5502, 3772, 114, -5502, + 47122, -5502, -5502, -5502, -5502, -5502, 47122, 3466, -5502, 3661, + 95928, 2294, 24222, 3978, -5502, 3644, -5502, 3728,105634, -5502, + 4195, 5033, 181, 3524, -5502, -5502, -5502, -5502, -5502, 47122, + -5502, -5502, 2211, 272, 3554, -5502, 3170, 62, 95928, 4139, + 4045, -5502, -5502, 4069, 59976, -5502, -5502, 4074, 3482, -5502, + -5502, 3488, 203, 95928, 47122, 47122,111378, -5502, -5502, 3493, + -5502, -5502, -5502, -5502, 3996, -5502, -5502, 127, -5502, 44126, + 44126, 1209, 2846, -5502, -5502, 2847, -5502, -5502, 2888, -5502, + 1051, -5502, 2686, -5502, -5502, -5502, -5502, 2093, -5502,111378, + -5502, 3994, 24222, 49369, 3728, -5502, -5502, 47122, -5502, 4142, + -5502, -5502,102669, 373, -5502, -5502, 302, 47122, -5502, -5502, + -5502, 4131, 3652, 95928, -5502, -5502, 4197, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 95928, 95928,111378,111378, -5502, -5502, + 1301, 1399, -5502, 4256, 98175, 24222, -5502, 3517, -5502, 3518, + 3519, 2786, 3878, 24222, 24222, -5502, 3193, 124, 352, -5502, + 3525, 3543, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 3534, -5502, -5502, 551, 928, 3537, -5502, -5502, -5502, 3542, + 148, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 4207, -5502, 311, -5502, -5502, -5502, 24222, 1267, 1461, + 1519, 3559, 561, 589, 1521, 3234, 2101, 3551, 38877, 98175, + 3987, 3553, 381, 3987, 3555, 1561, 1598, 483, 564, 594, + -5502, 337, -5502, 1672, 1858, -5502, -5502, 3557, 3558, 3987, + 3562, -5502, 3563, 3570, 3578, -5502, 1914, 298, 3580, -5502, + -5502, 21122, 21897, 22672, 3228, 3583, -5502, -5502, 1972, 751, + 3987, 3593, 1562, 1979, 2052, -5502, 2115, 2096, 2109, 3598, + 3058, 1800, 1807, -5502, -5502, -5502, -5502, 3549, 1863, 2177, + 3552, 3601, 2545, 2584, 47122, 3602, 3604, 2617, 47122, 2225, + 2661, -5502, 3603, 2244, 716, 3605, 3606, 2677, 3610, 2251, + -5502, 98175, 95928, 3614, 3613, 342, 3621, 2707, 6774, 6774, + -5502, 24222, 3623, 248, 98175, 1825, 1467, -5502, 2396, -5502, + -5502, -5502, -5502, 623, -5502, 3560, 2396, 3616, 3321, 17247, + -5502, 1231, 479, 32747, 32747, 3632, 32747, 32747, 1320, 377, + 377, 3634, 3634, 970, 1893, 24997, 1320, 24997, 1320, 3634, + 3634, 3634, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 4198, 3633, 3639, 3642, 3647, 1106, 3640, -5502, -5502, -5502, + -5502, -5502, -5502, 99, 4055, -5502, 3846, 244, 24222, -5502, + 3669, 4412, 4416, 4418, -5502, -5502, -5502, -5502, 77203, 77203, + 3664, -5502, 1376, 4020, 4326, 78701, 4330, -5502, 3670, 44126, + 44126, -5502, 3671, -5502, 24222, 3672, 3676, 3677,100422, -5502, + 4333, 325, 74207, 3728, 77203, 636, -5502, 95928, 95928, -5502, + 87689, 4340, 1280, 3961, -5502, 3690, 3691, -5502, 325, -5502, + 3688, 1389, 426, -5502, 3701, 3703, -5502, -5502, -5502, -5502, + 24222, 3708, 95928, 95928, -5502, -5502, -5502, -5502, 95928, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 2542, 24222, 95928, 1167, + -5502, -5502, -5502, 1167, 95928, 1167, -5502, 2542, 4367, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 1167, + -5502, -5502, -5502, -5502, -5502, 3879, 1163, 3592, 3971, 4066, + 2297, 47122, 1167, 1167, 24222, -5502, -5502, -5502, -5502, 4240, + 3707, 20347, 3712, 3711, -5502, -5502,111378, 95928, 98175, 4450, + -5502, -5502, -5502, 4197, 83195, 89936, 47122, -5502, -5502, -5502, + 2420, -5502, -5502, -5502, -5502, -5502, 3728, 2481, 2602, -5502, + 3713, 3728, -5502, -5502, 4405, -5502, -5502, -5502, -5502, -5502, + 2542, -5502, -5502, -5502, 5679, -5502, 47122, 83195, 35847, -5502, + 3717, -5502, 3738, -5502, -5502,101171, -5502, 2542, 3728, 47122, + 1330, 302, -5502, 4459, -5502, -5502, 3851, -5502, -5502, -5502, + 3721, -5502, 4147, -5502, -5502, -5502, -5502, -5502, -5502, 3737, + -5502, 4403, -5502, 1528, 411, 95928, 135, 114, -5502, 95928, + 95928, 47122, -5502, 95928, 2666, -5502, -5502, 2666, -5502, -5502, + 47122, 95928, 95928, 2666, 24222, 43377, -5502, -5502, -5502, -5502, + -5502, 43377, -5502, 2070, -5502, 3952, 1919, 1919, -5502, 3359, + -5502, -5502, -5502, 4375, 4005, 4005, 43377, 4377, 4389, -5502, + 95928, 3428, 1285, -5502, 53158, 95928, -5502, 3728, 24222, -5502, + 3779, 4087, -5502, 196, 971, 898, -5502, 4027, 302, -5502, + -5502, 58478, 4096, 58478, 58478, 98175, 3989, 24222, -5502, 4420, + 3756, 24222, 1528, 2542, -5502, 325, 325, 3984, 4279, 4280, + 3891, 2542, 4285, 4288, 4289, -5502, -5502, -5502, -5502, -5502, + 3589, 3117, 227, 2245, 71960, 4243, 1376, 4356, 3773, -5502, + 47122, 4435, -5502, -5502, -5502, 3775, 3774, 3728,111378, -5502, + -5502, -5502, -5502, 3797, 3799, 3801, 3803, 3805, 3807, 3808, + 3813, 3815, 3818, 3819, 3820, 3821, 3825, 3826, 3827, 3828, + 3829, 3830, 3831, 3832, 3833, 3835, 3840, 3844, 190, -5502, + -5502, 3834, -5502, -5502, -5502, -5502, -5502, 1919, -5502, 4307, + 59976, -5502, 42628, 4034, 4448, -5502, -5502, 3822, 47122, 78701, + 77203, -5502, -5502, -5502, -5502, 3839, 1301,107070, -5502, -5502, + 4585, 71960, 4283, -5502, 3849, -5502, 3853, 4338, 4347, -5502, + 98175,104916, -5502, -5502, 3728, -5502, -5502, 3852, -5502, -5502, + 3937, 3904, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 3883, 4132, 4251, + -5502, -5502, -5502, 3308, -5502, -5502, -5502, -5502, -5502, -5502, + 4497, 80199,107788, 3858, -5502, -5502, -5502, -5502, 2116, -5502, + -5502,114250,114250,114250, 4197, -5502,103418, 24222, -5502, 2282, + -5502, 24222, -5502, -5502, 24222, -5502, 3728, 3255,114989, 80948, + -5502, 80948,114989, 24222, -5502, 3866, -5502, 4503, 4504, -5502, + -5502, -5502, 24222, -5502, 24222, 24222, 2379, 24222, 24222, 24222, + 24222, -5502, 24222, -5502, 24222, 24222, -5502, 32747, -5502, 3862, + 3870, -5502, -5502, 3871, -5502, 24222, 24222, -5502, -5502, -5502, + 24222, 24222, 24222, -5502, -5502, 3876, -5502, -5502, -5502, -5502, + 24222, 24222, 24222, -5502, 24222, 4159, 24222, 4233, 24222, 4236, + 24222, -5502, 28097, -5502, 3877, -5502, -5502, 24222, 24222, -5502, + 24222, 24222, 24222, -5502, -5502, -5502, 24222, -5502, 4456, 24222, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 24222, -5502, + 625, 28872, -5502, 24222, 24222, 24222, -5502, -5502, 24222, 3884, + 3885, -5502, 95928, 2453, 3500, 302, 3886, -5502, -5502, 3899, + 3902, 3058, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 501, + 32747, 900, 32747, 479, 3376, 17247, -5502, 1283, 479, 6774, + 6774, 95928, 4617, 3894, -5502, 24222, 24222, 18022, 24222, 98175, + 24222, 3895, 3897, -5502, 3898, 32747, -5502, -5502, 3903, -5502, + 2383, 3500, 3988, 4351, -5502, 3728, 35847, 4406, -5502, 47122, + 4407, 4454, 4110, -5502, 77203, 71960, 4572, 4573, -5502, 3728, + -5502, 3906, -5502, -5502, -5502, 3907, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 472, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 77203, -5502, -5502, -5502, -5502, -5502, + 325, -5502, 3918, 3922, -5502, 18797, -5502, 325, 325, -5502, + -5502, 10296, -5502, -5502, 961, 4215, 4480, -5502, -5502, 95928, + 1185, 95928, -5502, 51638, 51638, 90685, 3728, 843, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 3938, + -5502, -5502, -5502, 4687, -5502, -5502, 4367, -5502, 2690, 2297, + -5502, -5502, 3728, 39632, 2067, -5502, -5502, -5502, 20347,108506, + -5502, 2142, 3930, -5502, 47122,109224, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 3931, -5502, -5502, 20347, + 3949, -5502, 4066, -5502, 3839, 1662, -5502, -5502, 55438, 55438, + 1548, 240, 253, 2925, 2690, -5502, -5502, 245, -5502, -5502, + -5502, -5502, -5502, -5502, 1565, -5502, -5502, 4066, -5502, 1182, + 2542, 3982, -5502, 302, 4177, -5502, -5502, 1528, 1378, 1378, + 4523, 411, 4391, -5502, 4243, 4603, 4530, 4531, -5502, 3589, + -5502, -5502, -5502, 95928, -5502, 1618, -5502, -5502, -5502, 1551, + -5502, 47122, 2391, 2959, 2959, -5502, 1919, 287, -5502, 32747, + 4686, -5502, 4451, -5502, -5502, 43377, 4580, 4582, -5502, 43377, + -5502, -5502, 2165, -5502, -5502, 74956, -5502, -5502, -5502, 3728, + 224, 2382, 24222, 95928, -5502, 3779, 4022, -5502, -5502, 971, + -5502, -5502, -5502, -5502, 58478, -5502, -5502, -5502, 1587, 3951, + 2382, 866, 3956, 3728, -5502, -5502, 74207, 74956, -5502, 4334, + 4336, 1851, -5502, -5502, -5502, -5502, 1871, 325, 325, -5502, + 322, 325, -5502, -5502, 290, -5502, -5502, 1558, 267, 3589, + -5502, 2542, 2542, 2542, 2542, 392, 2542, 2542, 2198, -5502, + 2542, 292, -5502, -5502, 83195, -5502, 4719, 4722, -5502, 4724, + -5502, -5502, 524, -5502, 2729, 139, -5502, 915, -5502, 4517, + 95928, 4708, 3773, -5502, 1214, 2294, -5502, 24222, -5502, 4478, + 3975, 3983, 302, 3990, 302, 302, 2542, 2542, 3938, 2542, + 302, 2542, 2542, 2542, 2542, 2542, 2542, 2542, 302, 2542, + 74, 3938, 327, 2542, 302, 5033, -5502, -5502, 3707, 355, + -5502, -5502, 42628, 69, 2690, -5502, 57718, 4521, 3998, -5502, + 1376, -5502, -5502, 448, 4647, -5502, 3991, -5502, -5502, 205, + 4189, 4004, 60725, 71960, 71960, -5502, 2784, -5502, 47122, -5502, + 4641, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 66717, + -5502, -5502, 4324, 1321, 4006, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 4009, + -5502, -5502, -5502, -5502, -5502, 3540, -5502, -5502, -5502, -5502, + -5502,109942, 4010, 3728, 24222, 3728, 3728, 24222, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 4011, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 4011, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 4012, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 4014, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 4710, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 4648, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 4011, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 4011, -5502, 4011, -5502, 4665, 4011, + 4011, -5502, 4036, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 4039, 4040, 4041, + 3058, -5502, 24222, 24222, 2711, 175, 175, 24222, 2467, 2489, + 1058, -5502, 2733, 2749, 2790, 346, 98175, -5502, -5502, 2824, + 2835, 2838, 2839, 2862, -5502, 2504, 3451, 2507, 3728, 24222, + 3728, 24222, 3728, 24222, 3728, 24997, 2876, -5502, 2199, 3249, + -5502, 2209, 3568, 2891, 2896, 2248, 3091, 3257, 2288, 24997, + 2942, 2969, 2517, 2533, 3005, 98175, 95928, 4035, 4047, 4047, + 210, -5502, 4032, -5502, -5502, -5502, 4046, -5502, 24222, 24222, + 4049, 2396, -5502, 24222, 479, 32747, 1154, 32747, -5502, -5502, + 4198, -5502, 24222, -5502, 4638, 4057, 4316, 4058, 4062, 3228, + 4071, 4072, 4076, 4068, 3728, -5502, -5502, 95928, 4077, 433, + -5502, 3938, -5502, 4701, -5502, 4790, 4070, 4101, 4079, 3903, + -5502, 77203, -5502, 47122, -5502, 4748, 3488, -5502, 71960, 71960, + -5502, 84693, -5502, 59227, 95928, 95928, -5502, 24222, -5502, -5502, + 636, 4846, 4848, -5502, 30422, 2602, -5502, 3728, -5502, -5502, + -5502, -5502, -5502, 885, 4649, -5502, -5502, -5502, -5502, -5502, + 325, -5502, 325, -5502, 3703, -5502, -5502, -5502, -5502, 3715, + -5502, 1163, -5502, -5502, -5502, 1167, 4090, -5502, 325, 414, + -5502, 20347, 4094, 4093, -5502, 4571, -5502, 501, 282, -5502, + 3707, -5502, 4100, 91434, -5502, 4106, -5502, -5502, 4656, -5502, + -5502, 4124, 4105, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 1163, 4156, 4341, -5502, -5502, -5502, -5502, -5502, 4323, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 47122, + 4694, 71960, 139, 4489, 47122, 47122, 6752, 6987, 3589, 4114, + 95928, -5502, -5502, 2542, -5502, -5502, 1618, -5502, -5502, 3773, + 4120, 453, 4120, -5502, -5502, -5502, -5502, 433, 1919, 1919, + 4419, 4609, 43377, 43377, 4746, 4610, 24222, 4123, -5502, 95928, + -5502, -5502, 4532, -5502, -5502, 24222, -5502, -5502, -5502, -5502, + -5502, 4860, 4125, -5502, -5502, -5502, -5502, -5502, -5502, 24222, + -5502, 56958, 24222, 4126, 4127, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 966, 1590, 2082, + -5502, -5502, 2082, 1590, -5502, -5502, -5502, -5502, 625, 625, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 3117, -5502, -5502, 4886, 410, -5502, 4712, -5502, -5502, + -5502, -5502, 986, 302, 302, 302, 3727, 2138, -5502, 2729, + 1215, 4469, -5502, 7914, 479, 1735, 4635, 2108, -5502, 2355, + -5502, 4871, -5502, 201, -5502, -5502, 3728,111378, 262, 270, + -5502, 273, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 3727, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 1413, 2690, 1438, 95928, 4482, 4675, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 24222, -5502, 4799, -5502, -5502, -5502, + -5502, 114, 114, -5502,111378, -5502, -5502, 282, -5502, -5502, + 4641, 4425, -5502, 1719, 4011, 4011, 376, -5502, 4012, 4709, + 4012, -5502, 4538, 2879, 1222, 4538, 1222, 4012, -5502, 4149, + 4538, 1222, 4011, -5502, 4011, -5502, -5502, 1222, 4011, -5502, + 4151, 4012, 4538, 1453, 2319, 4012, -5502, 4011, -114, 4011, + 4011, 4011, 4355, 4011, 4011, 4012, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 63, 4011, 4011, 4011, 4011, 4014, 4814, + 4817, -5502, 95928, -5502, 24222, -5502, -5502,114250, 95928, 1058, + 3728, 2939, -5502, -5502, -5502, 1609, 2990, -5502, -5502, -5502, + 4915, -5502, -5502, 4011, -5502, 1609, -5502, -5502, -5502, -5502, + -5502, -5502, 1609, -5502, -5502, -5502, -5502, 4158, 6774, 6774, + -5502, 4883, 4692, 4786, 3008, 24222, 24222, -5502, 24222, -5502, + -5502, -5502, 334, 4169, 4643, -5502, -5502, -5502, -5502, -5502, + -5502, 24222, 24222, 24222, 3728, 3728, 3728, 6774, -5502, -5502, + 3696, -5502, -5502,114989, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 327, 6774, -5502, -5502, 24222, 24222, + -5502, -5502, -5502, 95928, 3500, 4172, 4455, -5502, -5502, -5502, + 3500, 4315, -5502, -5502, 3500, 302, -5502, -5502, -5502, 2356, + 2396, -5502, 24222, 479, 4757, 4175, 4902, 4180, -5502, -5502, + -5502, -5502, -5502, -5502, 24222, 84693, -5502, 4182, 4184, -5502, + -5502, -5502, 4625, 24222, 4815, 4765, -5502, 3500, 95928, -5502, + -5502, -5502, 71960, 3670, 3670, 92183, -5502, -5502, -5502, -5502, + 1620, 325, 325, -5502, 3728, -5502, -5502, 4200, 4202, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 1163, -5502, 39632, + 2690, 23447, -5502, -5502, -5502, 20347, -5502, 4203, 39632, 4677, + -5502, -5502, -5502, 4521, 207, -5502, -5502, 92932, -5502, 4205, + -5502, 4204, -5502, 2056, 4547, 4825, 4065, 55438, 4212, -5502, + -5502, -5502, 4232, 4234, 4235, -5502, 4219, -5502, 47122, -5502, + -5502, 4252, -5502, -5502, 40381, 4849, 4266, 4595, 47122, 325, + 325, 325, 325, 325, 325, 325, 325, 325, 325, 4596, + 325, 325, 325, 325, 325, 325, 325, 325, -5502, 325, + 325, 119, 95928, 325, 325, -5502, -5502, -5502, 4801, -5502, + 4335, -5502, 325, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 1265, 4816, 1236, -5502, -5502, 348, 4969, 4237, + -5502, 4378, -5502, -5502, -5502, -5502, 4344, 4378, 3773, 2664, + -5502, -5502, -5502, 4727, -5502, -5502, -5502, 4728, 3728, 95928, + -5502, -5502, 2014, 4859, 2382, 4245, 95928, 2382, 971, 898, + 3728, -5502, -5502, 4715, 4735, -5502, -5502, 3203, 3251, -5502, + 3309, 2436, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 304, -5502, 83195, -5502, -5502, -5502, -5502, -5502, + 5005, 5008, -5502, -5502, -5502, -5502, 4442, 571, 4007, 1675, + 4823, 4655, 4826, 2331, 2099, 325, 4827, 4981, -5502, 476, + 325, 4835, 4896, 4345, 4897, 4843, -5502, 4353, 4655, 4845, + 4470, 4850, 4851, 4852, -5502, -5502, 6987, -5502, -5502, -5502, + -5502, 605, 44875, -5502, -5502, -5502, -5502, -5502, 4460, 24222, + 24222, 4870, 95928, 4875, -5502, 4685, -5502, 95928, -5502, 501, + -5502, -5502, -5502, 4591, -5502, 2369, -5502, -5502, 2375, -5502, + -5502, 2405, -5502, -5502, -5502, -5502, 2420, -5502, 2420, -5502, + 1413, 1438, -5502, -5502, 4953, -5502, 4642, 3324, -5502, 501, + 3728, 4498, 4771, 4771, -5502, -5502, -5502, 4884, -5502, -5502, + -5502, -5502, 4937, -5502, 4538, 325, 4538, -5502, -5502, 966, + -5502, 966, -5502, 242, 3476, 75705, 4538, -5502, -5502, -5502, + -5502, 4788, 1222, 1609, 80948, 2269, -5502, -5502, -5502, -5502, + 966, 2745, -5502, -5502, 4538, -5502, -5502, -5502, 2745, 966, + -5502, 4791, -5502, -5502, -5502, 966, 4538, 4516, 95928, 5002, + 1222, -5502, -5502,104167, 1222, 966, 4867, 5002, -5502, 1609, + 5049, 1222, 4538, 966, 966, -5502, 301, 4319, -5502, 3728, + 114250, -5502, -5502, 4321, 4322, 4325, 4327, -5502, -5502, 2406, + 4317, -5502, -5502, -5502, -5502, 4328, 4329, 24222, 2745, 4786, + 58478, 4331, -5502, -5502, 3031, 2544, 2429, 4611, 4559, -5502, + 4502, -5502, 3068, 3728, 3728, 1050, 4012, -5502, -5502, -5502, + -5502, 4960, 4011, -5502, 5051, -5502, 4011, 1609, -5502, -5502, + -5502, -5502, -5502, 4342, 2512, 1681, 3135, 3169, -5502, -5502, + -5502, 4343, -5502, -5502, 558, -5502, 4332, -5502, 2515, 5059, + 1141, 24222, -5502, 4346, -5502, -5502, 95928, -5502, -5502, 6774, + 1160, -5502, 2539, -5502, -5502, -5502, 4348, 3670, -5502, -5502, + 61474, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 4066, -5502, 4069, 2602, -5502, -5502, -5502, -5502, 4717, + 4349, 4339, -5502, -5502, -5502, 4350, 148, 39632, -5502, -5502, + -5502, 4354, 4357, -5502, -5502, -5502, 91434, -5502, 2562, -5502, + -5502, 5075, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 20347, 2542, + 2542, 2542, 1854, 4352, -5502, 83195, 4362, 4363, 47871, 2144, + 95928, 2563, -5502, -5502, -5502, -5502, -5502, 1910, -5502, 1255, + 2666, 2420, 2420, -5502, 4358, 47122, -5502, 325, -5502, 404, + 409, 439, 443, -5502, 3938, 302, 302, 2542, 2542, 325, + 302, 83195, 100, 302, 3938, 3938, 454, 2542, 1164, 404, + -5502, -5502, -5502, 302, 404, 216, -5502, -5502, 6369, -5502, + 71211, 6987, 81697, 3244, -5502, -5502, 430, 4476, -5502, -5502, + -5502, 4711, 1236, -5502,104167, -5502, -5502, -5502, -5502, -5502, + 348, 1445, -5502, -5502, -5502, 4364, 81697, -5502, -5502, 2542, + -5502, 5086, 5124, -5502, -5502, 4775, 24222, 4370, 24222, 4372, + 2590, 5096, 5097, 5046, 5099, 2014, -5502, 351, -5502, -5502, + -5502, -5502, -5502, -5502, 971, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 4384, -5502, -5502, -5502, -5502, 4716, -5502, 5135, + -5502, 4838, 45624, 2666, -5502, 2146, 4427, -5502, -5502, -5502, + 5038, 2956, 2956, 1143, 2956, 92932, 95928, 47122, 1285, 427, + 5014, 2242, 2190, 4432, 4956, 2956, 2956, 93681, 1143, 39632, + -5502, -5502, -5502, 2956, -5502, 2956, 47122, 94430, 1143, -5502, + -5502, -5502, 95928, -5502, 2956, 1143, -5502, 1143, 1143, 92932, + -5502, 10068, -5502, -5502, 40381, 1740, -5502, 3728, 6774, 4792, + -5502, -5502, 4513, 2542, 4762, -5502, -5502, 4873, -5502, 95928, + 307, -5502, 302, -5502, 302, -5502, 302, 5063, 5063, -5502, + -5502, -5502, 32747, -5502, 3671, -5502, -5502, 148, -5502, -5502, + 1119, -5502, -5502, 4766, 4521, 4909, -5502, -5502, 95928, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 76454, -5502, 2593, -5502, -5502, 2597, -5502, -5502, + -5502, -5502,104167, -5502, 2605, -5502, 68964, -5502, -5502, -5502, + -5502, 5002, 4397, -5502, -5502, 4426, -5502, -5502, -5502, -5502, + -5502, -5502, 5049, -5502, -5502, 63721, -5502, -5502, -5502, 81697, + 5069, -5502, -5502, -5502, -5502, -5502, -5502, 5168, -5502, -5502, + 4409, 2382, -5502, 4413, -5502, -5502, -5502, -5502, 24222, -5502, + 4650, -5502, 4752, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 3938, -5502, -5502, -5502, 4415, -5502, 302, + -5502, 24222, -5502, -5502, 4417, 4763, 2382, -5502, -5502, 4515, + 4351, 4423, -5502, 4765, 95928, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 4448, -5502, -5502, -5502, 39632, 62223, 4428, 4421, + -5502, 325, -5502, -5502, 95928, -5502, -5502, 3938, 4795, -5502, + 2610, -5502, -5502, -5502, -5502, 95928, 4436, 4621, 95928, 95928, + -5502, -5502, 4437, 95928, -5502, -5502, -5502, 40381, 4438, 5054, + 5055, 2420, -5502, 2666, 4990, 47871, -5502, 2666, 2666, 65968, + 95928, 4439, 2542, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 4441, -5502, -5502, -5502, -5502, -5502, 2542, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 5177, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 4801, -5502, -5502, -5502, -5502, 67466, + 4443, 4440, 95928, -5502, -5502, -5502, 5002, -5502, -5502, -5502, + 5129,111378, -5502, -5502, -5502, 4657, 1735, 95928, 4445, 95928, + 4446, -5502, -5502, 4449, -5502, 4445, 4446,110660, -5502, -5502, + 1445, -5502, -5502, -5502, 4444, -5502, 68215, 3244, -5502, -5502, + -5502, -5502, -5502, 4458, 4447, -5502, 95928, 3728, 95928, -5502, + 2745, 2745, 5173, 2745, -5502, 5178, 5182, 351, -5502, -5502, + 5217, 571, 4839, 1215, 479, 1143, 479, 5123, -5502, -5502, + 95928, 47871, 92932, 47871, -5502, 4965, -5502, 74956, 47871, 2956, + 95928, -5502, 5131, -5502, 5100, 47871, 47871, -5502, -5502, 92932, + 4465, -5502, 2382, 2615, 95928, 47871, -5502, -5502, -5502, 3500, + 4945, 47871, 92932, -5502, 92932, -5502, 5023, 4974, 3628, -5502, + 4475, 4474, 95928, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 374, -5502, -5502, 2630, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 2223, -5502, -5502, -5502, -5502, 398, -5502, 4681, -5502, + 1119, -5502, -5502, -5502, 47122, -5502, -5502, -5502, -5502, 1609, + 2745, 1609, 5002, -5502, 95928, -5502, 4012, -5502, -5502, 24222, + -5502, 95928, 5242, -5502, -5502, -5502, -5502, 48620, -5502, -5502, + -5502, 4810, -5502, 2636, -5502, -5502, -5502, 4487, 24222, -5502, + -5502, 3188, -5502, -5502, 4488, -5502, 4491, 3951, -5502, 4785, + 4628, 4412, 4416, 4418, 4679, 4841, -5502, 4682, -5502, 4223, + 4625, 4501, 32747, -5502, -5502, 1490, -5502, -5502, -5502, -5502, + 98175, -5502, -5502, 4495, -5502, 39632, 20347, -5502, -5502, 4926, + -5502, 2649, 2382, -5502, 4510, 95928, 4511, 2656, 4512, -5502, + 95928, 4514, -5502, -5502, 2666, -5502, -5502, 47871, 47122, -5502, + 5000, -153, 47871, 47871, 4507, 1694, 4508, 4509, 2314, 1768, + 4518, 4151, 1816, 296, 1453, 167, 1819, 4520, 1887, 4524, + 1903, 1936, 1940, 1990, 2000, 4525, 5234, -5502, -5502, 4526, + 4527, 4528, 4529, 4533, 4534, 4535, 4537, 4540, -5502, -5502, + 47122, -5502, -5502, 207, 216, 1591, 4730, -5502, -5502, 81697, + -5502, -5502, -5502, 5301, 95928, 5104, 4870, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 4539, -5502, 4542, -5502, -5502, 81697, + 1594, 4731, -5502, -5502, 15997, -5502, -5502, -5502,101920, 2849, + 2660, 2671, -5502, -5502, 2745, -5502, 2745, 2745, -5502, 4549, + -5502, -5502, -5502, 5193, -5502, 5207, -5502, 2312, 1706, -5502, + 47871, 2211, 5057, 5040, 5267, -5502, 47871, 4357, 95928, -5502, + -5502, 448, -5502, 39632, -5502, -5502, 5053, 5056, -5502, 5060, + 1740, -5502, 95928, -5502, -5502, -5502, 4651, -5502,111378, 4759, + 5280, 5281, -5502, 95928, 95179, 5289, -5502, 5290, 4570, 4574, + -5502, 32747, -5502, -5502, 5199, -5502, 3707, -5502, -5502, -5502, + -5502, -5502, 4867, 3728, 4565, -5502, 63721, -5502, -5502, -5502, + 81697, -5502, -5502, 2382, -5502, -5502, -5502, 85, -5502, 5313, + 1382, -5502, -5502, 738, -5502, -5502, -5502, -5502, 95928, 4576, + 4663, -5502, -5502, 4652, -5502, -5502, 3403, -5502, 79, 62972, + -5502, -5502, -5502, 1376, 95928, -5502, 5337, 4577, 3117, 1376, + 1376, 4578, 95928, 24222, 47871, 5000, 1606, 4583, 1378, -5502, + 1378, -5502, -5502, 3901, 68964, -5502, -5502, 3651, 95928, 4584, + 5357, -5502, 4796, -5502, 95928, -5502, -5502, -5502, -5502, 4586, + -5502, 2108, -5502, 4114, 4120, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 4798, -5502, 95928, 5301, 5160, 2680, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, 47871, 1158, -5502, + -5502, 5236, -5502, 5282, 5285, 1740, -5502, 47122, 5169, 74207, + -5502, -5502, -5502, 1143, -5502, 95928, 47871, 47122, -5502, -5502, + 4357, 1565, 24222, 4954, 5301, -5502, 4800, 4802, -5502, -5502, + 2694, -5502, -5502, -5502, -5502, 91434, 91434, 433, 5092, -5502, + -5502, -5502, 95928, -5502, -5502, -5502, -5502, 4785, -5502, -5502, + 4738, 1605, -5502, 2713, -5502, -5502, -5502, 3500, -5502, 4604, + -5502, 4971, 325, 325, 4972, 325, 325, 325, 325, 4607, + 3403, -5502, -5502, -5502, 4962, -5502, -5502, -5502, 3373, 2382, + 4608, 95928, 4613, 2732, 2960, 3113, 95928, 4614, 3189, -5502, + -5502, 1378, 95928, 5218, -5502, 4616, -5502, 4618, 4619, -5502, + -5502, 5238, 2542, -5502, 4691, -5502, -5502, 3901, -5502, -5502, + -5502, 4659, 5249, 5208, -5502, 83195, 35072, -5502, 5115, -5502, + 5070, 5315, -5502, 5362, 4008, -5502, -5502, -5502, -5502, -5502, + -5502, 95928, 4620, 95928, -5502, 4685, -5502, -5502, 4378,111378, + 15997, -5502, 95928, 4622, -5502, 2664, -5502,101920, 7710, 5234, + 3500, 4765, -5502, -5502, -5502, 35072, -5502, 111, 4765, -5502, + -5502, -5502, -5502, 111, 5263, -5502, 3728, 24222, -5502, -5502, + -5502, -5502, -5502, 95179, 4630, 2740, -5502, 1285, -5502, -5502, + -5502, -5502, -5502, -5502, 95928, -5502, 4632, -5502, -5502, 136, + 325, 2542, 2542, 325, 3685, 3685, 3500, 83195, 4718, -5502, + -5502, 325, 1378, 2542, 325, 1378, -5502, -5502, 1120, 3373, + -5502, -5502, -5502, -5502, -5502, -5502, 1494, 1376, -5502, 4828, + 1120, 2960, -5502, -5502, 1120, 3113, -5502, -5502, 4634, 95928, + -5502, 4636, 4646, -5502, 2761, -5502, 1468, 5225, 95928, 4654, + 95928, 95928, -5502, -5502, -5502, -5502, -5502, -5502, 5001, -5502, + 4660, 4664, 3727, 3727, 17247, -5502, -5502, -5502, -5502, -5502, + -5502, 5237, -5502, 4693, -103, -5502, 4658, 95928, -5502, 47122, + 5011, 3244, -5502, 5433, -5502, 5433, -5502, 4662, 95928, -5502, + -5502, 5235, -5502, -5502, -5502, -5502, -5502, 442, -5502, -5502, + 2765, -5502, 4703, 4707, -5502, 111, -5502, 4667, 3728, -5502, + -5502, -5502, 39632, -5502, 4663, -5502, -5502, 2770, -5502, 29647, + -5502, -5502, -5502, 2542, -5502, -5502, 2542, -5502, -5502, -5502, + -5502, -5502, 2778, -5502, 83195, -5502, -5502, 302, -5502, -5502, + 5271, 5111, -5502, 4872, 3373, 2903, -5502, -5502, -5502, -5502, + -5502, 4671, 95928, 95928, 4674, -5502, 95928, -5502, -5502, -5502, + 424, -5502, 2798, 95928, 2799, 4680, -5502, -5502, -5502, -5502, + 4683, 4676, -5502, 1132, -5502, 95928, 4670, 5336, -5502, 3244, + -5502, -5502, -5502, 95928, 4672, 4775, -5502, 5251, 2664, -5502, + -5502, -5502, -5502, -5502, -5502, 4765, 4688, -5502, 325, 5222, + -5502, -5502, 4632, -5502, 4689, -5502, 433, -5502, -5502, 83195, + -5502, 4718, -5502, -5502, -5502, -5502, -5502, -5502, 1120, -5502, + -5502, 2815, 4577, 95928, -5502, 1129, 1129, 3373, 2819, 2960, + 3113, -5502, 317, -5502, 2456, 2456, 1545, -5502, 95928, -5502, + -5502, -5502, 95928, -5502, 2664, 1197, -5502, 2842, 39632, 20347, + 4993, 4532, -5502, 29647, 4696, 3620, -5502, -5502, -5502, 4990, + 4699, 4577, -5502, -5502, 1227, 5142, 5286, 5287, -5502, 3373, + -5502, -5502, -5502, 4700, -5502, 2456, -5502, -5502, -5502, -5502, + -5502, 1612, -5502, -5502, -5502, -5502, 3804, -5502, -5502, -5502, + 5288, 1197, 1197, -5502, -5502, -5502, 5428, 4859, -5502, -5502, + -5502, 3620, -5502, -5502, 3373, 4705, -5502, -5502, -5502, 5200, + 5395, -5502, -5502, -5502, -5502, 1612, -5502, 5386, -5502, -5502, + -5502, 339, 5296, -5502, 5297, -5502, 2745, 5360, -5502, -5502, + 3373, 1129, 1129, -5502, 4853, -5502, -5502, 5388, 5071, -5502, + 5481, 4725, -5502, -5502, -5502, -5502, 406, 36607, 5253, 1456, + -5502, -5502, -5502, 83195, -5502, 2856, -5502, -5502, 39632, -5502, + -5502, -5502, 83195, -5502, -5502, -5502, 37367, 4723, -5502, 325, + -5502, -5502,111378, -5502, 39632, -5502, 5301, -5502, 20347, -5502, + -5502, -5502 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -4805,7 +4805,7 @@ 0, 0, 3630, 1248, 0, 259, 261, 0, 458, 0, 0, 0, 2011, 0, 2011, 2011, 0, 0, 2011, 0, 2011, 0, 0, 0, 0, 0, 0, 0, 2011, 0, - 0, 0, 2011, 0, 2011, 0, 88, 1286, 1827, 1862, + 0, 2011, 2011, 0, 2011, 0, 88, 1286, 1827, 1862, 2194, 2197, 0, 2550, 1908, 1403, 0, 2208, 0, 2553, 3415, 3469, 3544, 1186, 0, 308, 0, 1406, 418, 3579, 0, 0, 0, 0, 0, 2526, 442, 2115, 0, 1320, @@ -4881,7 +4881,7 @@ 3634, 0, 1252, 0, 1251, 258, 264, 394, 2011, 2011, 103, 2011, 95, 96, 91, 123, 124, 93, 94, 99, 98, 100, 101, 104, 105, 102, 97, 92, 127, 129, - 128, 106, 2062, 2061, 2060, 130, 125, 126, 90, 2198, + 128, 0, 2062, 2061, 2060, 130, 125, 126, 90, 2198, 1866, 0, 1908, 2007, 0, 0, 1994, 2209, 2200, 2089, 2087, 3749, 1404, 468, 0, 466, 0, 3462, 3467, 3541, 3540, 3563, 3563, 416, 394, 416, 441, 0, 1315, 1320, @@ -4932,322 +4932,322 @@ 1105, 507, 0, 1126, 1156, 1157, 1155, 3589, 0, 0, 0, 1077, 0, 211, 209, 219, 3631, 0, 2121, 0, 3634, 1254, 1255, 0, 456, 0, 116, 118, 0, 120, - 122, 0, 112, 114, 1855, 0, 1854, 0, 1860, 1864, - 2007, 2203, 2008, 0, 1995, 0, 1404, 2121, 0, 1405, - 0, 3577, 3577, 443, 445, 444, 2172, 1317, 1325, 2446, - 2445, 0, 813, 895, 893, 895, 827, 896, 865, 858, - 865, 829, 934, 841, 0, 895, 927, 931, 928, 837, - 0, 808, 929, 0, 932, 809, 835, 828, 834, 865, - 0, 824, 832, 895, 801, 836, 823, 0, 865, 838, - 843, 846, 848, 850, 865, 895, 0, 0, 3691, 808, - 822, 821, 0, 808, 865, 859, 3691, 844, 929, 942, - 808, 895, 865, 865, 303, 2011, 305, 391, 1405, 461, - 3797, 1720, 0, 0, 0, 0, 1736, 930, 0, 0, - 1754, 1737, 1738, 1672, 0, 0, 0, 0, 1729, 0, - 0, 1730, 1688, 0, 0, 0, 0, 0, 1540, 0, - 1652, 0, 1597, 1595, 0, 861, 1499, 1501, 1497, 1500, - 0, 880, 1503, 0, 842, 880, 929, 1507, 1493, 1494, - 1495, 1496, 0, 0, 0, 0, 0, 2544, 944, 1638, - 0, 957, 951, 949, 956, 0, 1444, 0, 0, 1934, - 0, 1709, 0, 1662, 535, 0, 614, 610, 0, 0, - 556, 0, 557, 553, 529, 0, 3454, 1412, 1411, 0, - 3377, 3375, 3374, 3372, 3406, 3405, 3358, 3356, 1406, 1406, - 134, 2182, 1956, 2184, 2185, 2176, 2166, 2164, 2519, 0, - 2139, 2141, 2529, 2528, 2540, 0, 0, 2121, 2134, 1111, - 0, 1112, 1123, 1125, 1323, 0, 2396, 0, 2394, 2361, - 2397, 387, 379, 374, 382, 376, 378, 377, 383, 384, - 385, 386, 380, 375, 381, 373, 372, 0, 0, 0, - 0, 0, 0, 146, 0, 0, 0, 1036, 2677, 0, - 0, 704, 706, 707, 708, 709, 0, 737, 711, 626, - 987, 987, 739, 2545, 0, 683, 2150, 500, 2011, 2011, - 2011, 2011, 657, 2011, 2011, 2011, 0, 0, 2150, 2011, - 0, 0, 2011, 2011, 2011, 2011, 0, 0, 2011, 665, - 666, 664, 2011, 2011, 2444, 506, 508, 924, 635, 0, - 630, 275, 3769, 491, 492, 0, 0, 1409, 1409, 3817, - 0, 3818, 3819, 0, 1409, 1409, 3802, 3716, 287, 3713, - 3714, 3804, 3812, 3634, 0, 0, 3704, 240, 0, 240, - 0, 0, 1770, 1769, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 2448, 2450, 0, 2081, 1916, 1925, - 1923, 1960, 1972, 0, 2069, 2067, 869, 870, 2044, 2042, - 2041, 2043, 2040, 2038, 2037, 2039, 2029, 2028, 2030, 2027, - 2026, 0, 3561, 3557, 2014, 2013, 0, 1069, 0, 1068, - 1073, 1036, 626, 1175, 624, 0, 1130, 1134, 1131, 624, - 2108, 2108, 1289, 2108, 0, 0, 0, 0, 2108, 0, - 2110, 2108, 0, 0, 2108, 2108, 0, 1289, 0, 509, - 1195, 1193, 2108, 1194, 2108, 0, 0, 1289, 1143, 1087, - 1144, 0, 1088, 2108, 1289, 1110, 1289, 1289, 0, 633, - 924, 1089, 1090, 736, 1189, 218, 207, 0, 0, 1079, - 1081, 0, 0, 1082, 3633, 1055, 3636, 2121, 1260, 0, - 108, 2011, 109, 2011, 107, 2011, 1850, 1850, 1861, 2206, - 2121, 0, 1996, 2210, 2201, 1405, 0, 422, 3580, 0, - 3461, 3460, 0, 2208, 0, 825, 899, 0, 826, 871, - 804, 800, 935, 941, 939, 938, 830, 831, 810, 926, - 933, 0, 806, 0, 1038, 817, 0, 807, 849, 805, - 818, 0, 295, 0, 3746, 0, 1406, 3753, 301, 833, - 3691, 291, 815, 819, 0, 797, 300, 811, 943, 812, - 814, 942, 798, 799, 2011, 3775, 318, 317, 0, 0, - 420, 479, 874, 872, 875, 873, 0, 1603, 1604, 1726, - 1962, 1724, 0, 1731, 1732, 1686, 1628, 0, 1580, 0, - 1653, 0, 1634, 1600, 1502, 1498, 1505, 843, 1504, 1506, - 1625, 1553, 2011, 1612, 1616, 1617, 0, 1637, 2011, 1446, - 0, 1937, 1936, 0, 0, 1962, 1646, 533, 611, 528, - 0, 552, 555, 0, 516, 2533, 1406, 1406, 3364, 3362, - 2257, 1993, 2520, 2518, 2137, 0, 0, 0, 2136, 2146, - 0, 2119, 1319, 0, 1872, 2392, 2011, 0, 2359, 0, - 1219, 1220, 1221, 1223, 0, 0, 0, 0, 0, 738, - 1037, 0, 0, 710, 2548, 703, 736, 0, 0, 0, - 987, 727, 626, 0, 1036, 988, 626, 626, 0, 0, - 0, 0, 2059, 2058, 654, 647, 646, 649, 648, 651, - 650, 0, 643, 640, 652, 642, 667, 0, 655, 637, - 696, 697, 695, 661, 668, 638, 639, 645, 644, 641, - 688, 693, 691, 690, 689, 694, 692, 656, 671, 653, - 669, 498, 615, 636, 2052, 2053, 2050, 2051, 676, 675, - 2054, 673, 674, 507, 281, 279, 280, 3758, 0, 0, - 276, 0, 278, 273, 274, 3691, 3761, 249, 241, 0, - 394, 495, 493, 494, 3644, 0, 0, 0, 0, 0, - 1408, 3820, 0, 390, 3696, 3696, 394, 3833, 3803, 3715, - 3805, 157, 286, 268, 270, 0, 3766, 3699, 3829, 3699, - 3634, 1771, 0, 0, 1813, 0, 1818, 0, 1810, 0, - 0, 0, 0, 2449, 0, 0, 2456, 2458, 1974, 0, - 1067, 0, 0, 0, 1289, 0, 0, 1158, 1128, 0, - 0, 0, 0, 1099, 0, 1108, 0, 0, 2108, 0, - 1160, 0, 1159, 0, 0, 0, 1172, 1173, 0, 1952, - 1954, 1962, 0, 0, 0, 1148, 1170, 1171, 0, 0, - 0, 0, 1118, 0, 1104, 1174, 0, 1174, 1127, 0, - 702, 0, 1191, 1129, 205, 210, 220, 221, 1057, 0, - 3635, 1053, 0, 1261, 1257, 1258, 1253, 117, 121, 113, - 0, 1858, 1856, 2121, 2204, 0, 309, 0, 3584, 3578, - 3582, 2173, 2121, 0, 894, 940, 936, 937, 929, 0, - 929, 3691, 297, 0, 294, 861, 794, 783, 0, 3755, - 0, 0, 816, 327, 326, 324, 394, 314, 322, 316, - 0, 323, 0, 272, 285, 307, 0, 0, 1728, 1684, - 0, 1655, 1657, 0, 945, 0, 1933, 1927, 0, 0, - 0, 0, 0, 0, 1946, 1938, 0, 1713, 0, 613, - 0, 0, 541, 554, 560, 559, 3378, 3376, 2180, 0, - 2140, 2530, 2541, 505, 0, 0, 1124, 2395, 0, 3445, - 0, 1962, 1033, 1035, 0, 0, 0, 0, 1035, 0, - 0, 705, 732, 626, 983, 984, 1036, 0, 712, 1007, - 2545, 1036, 1036, 3171, 878, 802, 803, 808, 878, 820, - 2730, 861, 895, 2734, 842, 861, 847, 878, 743, 878, - 878, 878, 878, 878, 0, 730, 741, 784, 786, 2640, - 2641, 2642, 2643, 2645, 2646, 2644, 2547, 501, 663, 2384, - 662, 616, 0, 2444, 0, 3032, 3759, 283, 0, 3757, - 284, 250, 188, 0, 0, 216, 3808, 3822, 3806, 3821, - 3699, 3712, 1409, 0, 1409, 0, 3717, 1408, 0, 0, - 3032, 3706, 3705, 0, 3828, 3826, 159, 0, 1900, 0, - 0, 2453, 2454, 0, 2451, 0, 0, 2457, 0, 1074, - 1070, 1075, 0, 1113, 0, 1132, 0, 0, 1098, 0, - 1275, 0, 0, 1151, 1139, 0, 1094, 0, 1141, 1142, - 1186, 1096, 0, 1955, 510, 0, 0, 1103, 0, 1189, - 1095, 1120, 1101, 1133, 1190, 212, 1083, 394, 0, 0, - 0, 1256, 0, 1263, 0, 1851, 0, 0, 0, 2207, - 0, 3583, 3581, 0, 2116, 1827, 840, 1039, 839, 3756, - 296, 859, 1405, 292, 860, 2011, 304, 325, 306, 0, - 3778, 864, 1962, 1578, 1554, 1639, 0, 1943, 0, 0, - 1941, 1940, 0, 1935, 1942, 612, 609, 0, 0, 549, - 567, 563, 0, 565, 566, 588, 2121, 0, 0, 2145, - 2147, 2398, 3415, 0, 1030, 0, 1031, 0, 3415, 3415, - 0, 0, 0, 1036, 1007, 2545, 965, 0, 713, 0, - 717, 719, 745, 0, 740, 731, 753, 0, 0, 681, - 497, 0, 3760, 0, 277, 189, 3770, 3646, 3645, 1404, - 208, 217, 0, 0, 3831, 3815, 3811, 3813, 3810, 3699, - 269, 0, 3707, 0, 188, 2916, 0, 1774, 1776, 1801, - 1815, 1820, 2452, 2460, 2459, 3562, 0, 1115, 625, 1027, - 0, 1146, 0, 0, 1189, 1100, 0, 0, 0, 1140, - 1161, 1138, 1289, 1953, 0, 0, 0, 1137, 1119, 1121, - 1234, 0, 214, 188, 3637, 0, 0, 1262, 1267, 0, - 1264, 1266, 1853, 1852, 1867, 0, 1376, 0, 2434, 795, - 3754, 0, 315, 271, 1727, 1944, 0, 1945, 1948, 0, - 0, 1949, 0, 545, 547, 537, 0, 542, 0, 561, - 0, 2150, 2150, 0, 2150, 2150, 2150, 2150, 581, 589, - 591, 592, 593, 0, 2181, 2521, 2531, 995, 1962, 0, - 0, 0, 0, 997, 999, 0, 0, 0, 725, 721, - 0, 0, 969, 1008, 0, 715, 0, 0, 906, 963, - 769, 0, 772, 0, 904, 744, 746, 902, 903, 748, - 0, 0, 0, 785, 0, 0, 886, 0, 889, 0, - 0, 742, 0, 754, 885, 892, 2546, 658, 503, 682, - 0, 0, 0, 3649, 219, 3703, 240, 0, 394, 0, - 3834, 0, 0, 3767, 0, 1773, 0, 0, 0, 0, - 555, 1114, 1028, 1147, 0, 1136, 1162, 555, 1152, 1097, - 1149, 1150, 1162, 0, 1102, 213, 0, 206, 222, 3638, - 3639, 1259, 0, 0, 0, 2174, 914, 293, 1939, 1947, - 1951, 1950, 543, 0, 550, 574, 564, 570, 0, 2150, - 0, 0, 2150, 0, 0, 0, 0, 0, 558, 590, - 2150, 0, 0, 2150, 0, 1016, 1018, 1165, 996, 1020, - 1019, 1001, 1017, 1029, 1034, 1035, 3415, 191, 0, 1165, - 998, 1022, 1005, 1165, 1000, 1021, 1003, 0, 0, 733, - 0, 0, 723, 0, 968, 0, 973, 0, 0, 0, - 0, 770, 771, 907, 747, 905, 901, 897, 891, 2557, - 2558, 0, 0, 0, 781, 782, 887, 778, 779, 780, - 0, 760, 0, 0, 884, 3764, 0, 3647, 0, 0, - 3809, 240, 3700, 3698, 3700, 3697, 3708, 0, 1778, 1775, - 0, 1783, 1785, 1784, 1786, 1777, 0, 1135, 1117, 0, - 1145, 0, 0, 511, 1162, 511, 0, 215, 1265, 1859, - 1857, 0, 2435, 549, 546, 574, 0, 572, 0, 568, - 562, 569, 0, 606, 600, 0, 602, 603, 601, 598, - 585, 0, 583, 0, 1012, 1015, 2011, 1013, 144, 1167, - 1166, 1002, 0, 995, 0, 150, 1006, 153, 1004, 728, - 0, 0, 0, 0, 966, 0, 970, 971, 972, 0, - 964, 0, 0, 0, 0, 898, 900, 2492, 2491, 0, - 1415, 890, 0, 755, 0, 3762, 0, 221, 3807, 3701, - 3816, 3814, 0, 3710, 0, 1780, 0, 0, 1116, 1163, - 1164, 1107, 511, 1106, 555, 2175, 2187, 0, 2461, 544, - 571, 0, 579, 575, 577, 580, 605, 604, 0, 582, - 0, 599, 686, 1014, 1169, 1168, 1032, 1165, 1023, 729, - 0, 1031, 0, 967, 0, 0, 995, 0, 997, 999, - 777, 0, 888, 749, 749, 761, 3765, 0, 1404, 204, - 3709, 0, 1779, 0, 1787, 1109, 0, 0, 0, 0, - 2447, 573, 0, 0, 594, 587, 584, 147, 0, 0, - 1031, 979, 978, 0, 0, 975, 974, 714, 995, 718, - 720, 1416, 0, 758, 750, 752, 757, 763, 764, 762, - 765, 3763, 3650, 3711, 1782, 0, 1795, 1794, 1781, 0, - 1788, 1790, 1122, 2186, 2188, 0, 2455, 578, 576, 586, - 595, 597, 726, 995, 0, 982, 980, 981, 0, 0, - 716, 1417, 751, 756, 766, 768, 0, 1796, 1793, 1792, - 0, 0, 1789, 0, 1791, 0, 2463, 596, 722, 995, - 0, 0, 767, 0, 1798, 1797, 0, 0, 2462, 0, - 2467, 724, 977, 976, 3651, 0, 0, 2474, 3642, 2465, - 2466, 2464, 0, 2469, 0, 2471, 2472, 0, 2121, 3640, - 3641, 0, 3652, 2473, 2468, 0, 2475, 2477, 0, 2436, - 3643, 394, 2470, 0, 1404, 188, 2476, 0, 3653, 1405, - 2478 + 122, 0, 112, 114, 106, 1855, 0, 1854, 0, 1860, + 1864, 2007, 2203, 2008, 0, 1995, 0, 1404, 2121, 0, + 1405, 0, 3577, 3577, 443, 445, 444, 2172, 1317, 1325, + 2446, 2445, 0, 813, 895, 893, 895, 827, 896, 865, + 858, 865, 829, 934, 841, 0, 895, 927, 931, 928, + 837, 0, 808, 929, 0, 932, 809, 835, 828, 834, + 865, 0, 824, 832, 895, 801, 836, 823, 0, 865, + 838, 843, 846, 848, 850, 865, 895, 0, 0, 3691, + 808, 822, 821, 0, 808, 865, 859, 3691, 844, 929, + 942, 808, 895, 865, 865, 303, 2011, 305, 391, 1405, + 461, 3797, 1720, 0, 0, 0, 0, 1736, 930, 0, + 0, 1754, 1737, 1738, 1672, 0, 0, 0, 0, 1729, + 0, 0, 1730, 1688, 0, 0, 0, 0, 0, 1540, + 0, 1652, 0, 1597, 1595, 0, 861, 1499, 1501, 1497, + 1500, 0, 880, 1503, 0, 842, 880, 929, 1507, 1493, + 1494, 1495, 1496, 0, 0, 0, 0, 0, 2544, 944, + 1638, 0, 957, 951, 949, 956, 0, 1444, 0, 0, + 1934, 0, 1709, 0, 1662, 535, 0, 614, 610, 0, + 0, 556, 0, 557, 553, 529, 0, 3454, 1412, 1411, + 0, 3377, 3375, 3374, 3372, 3406, 3405, 3358, 3356, 1406, + 1406, 134, 2182, 1956, 2184, 2185, 2176, 2166, 2164, 2519, + 0, 2139, 2141, 2529, 2528, 2540, 0, 0, 2121, 2134, + 1111, 0, 1112, 1123, 1125, 1323, 0, 2396, 0, 2394, + 2361, 2397, 387, 379, 374, 382, 376, 378, 377, 383, + 384, 385, 386, 380, 375, 381, 373, 372, 0, 0, + 0, 0, 0, 0, 146, 0, 0, 0, 1036, 2677, + 0, 0, 704, 706, 707, 708, 709, 0, 737, 711, + 626, 987, 987, 739, 2545, 0, 683, 2150, 500, 2011, + 2011, 2011, 2011, 657, 2011, 2011, 2011, 0, 0, 2150, + 2011, 0, 0, 2011, 2011, 2011, 2011, 0, 0, 2011, + 665, 666, 664, 2011, 2011, 2444, 506, 508, 924, 635, + 0, 630, 275, 3769, 491, 492, 0, 0, 1409, 1409, + 3817, 0, 3818, 3819, 0, 1409, 1409, 3802, 3716, 287, + 3713, 3714, 3804, 3812, 3634, 0, 0, 3704, 240, 0, + 240, 0, 0, 1770, 1769, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2448, 2450, 0, 2081, 1916, + 1925, 1923, 1960, 1972, 0, 2069, 2067, 869, 870, 2044, + 2042, 2041, 2043, 2040, 2038, 2037, 2039, 2029, 2028, 2030, + 2027, 2026, 0, 3561, 3557, 2014, 2013, 0, 1069, 0, + 1068, 1073, 1036, 626, 1175, 624, 0, 1130, 1134, 1131, + 624, 2108, 2108, 1289, 2108, 0, 0, 0, 0, 2108, + 0, 2110, 2108, 0, 0, 2108, 2108, 0, 1289, 0, + 509, 1195, 1193, 2108, 1194, 2108, 0, 0, 1289, 1143, + 1087, 1144, 0, 1088, 2108, 1289, 1110, 1289, 1289, 0, + 633, 924, 1089, 1090, 736, 1189, 218, 207, 0, 0, + 1079, 1081, 0, 0, 1082, 3633, 1055, 3636, 2121, 1260, + 0, 108, 2011, 109, 2011, 107, 2011, 1850, 1850, 1861, + 2206, 2121, 0, 1996, 2210, 2201, 1405, 0, 422, 3580, + 0, 3461, 3460, 0, 2208, 0, 825, 899, 0, 826, + 871, 804, 800, 935, 941, 939, 938, 830, 831, 810, + 926, 933, 0, 806, 0, 1038, 817, 0, 807, 849, + 805, 818, 0, 295, 0, 3746, 0, 1406, 3753, 301, + 833, 3691, 291, 815, 819, 0, 797, 300, 811, 943, + 812, 814, 942, 798, 799, 2011, 3775, 318, 317, 0, + 0, 420, 479, 874, 872, 875, 873, 0, 1603, 1604, + 1726, 1962, 1724, 0, 1731, 1732, 1686, 1628, 0, 1580, + 0, 1653, 0, 1634, 1600, 1502, 1498, 1505, 843, 1504, + 1506, 1625, 1553, 2011, 1612, 1616, 1617, 0, 1637, 2011, + 1446, 0, 1937, 1936, 0, 0, 1962, 1646, 533, 611, + 528, 0, 552, 555, 0, 516, 2533, 1406, 1406, 3364, + 3362, 2257, 1993, 2520, 2518, 2137, 0, 0, 0, 2136, + 2146, 0, 2119, 1319, 0, 1872, 2392, 2011, 0, 2359, + 0, 1219, 1220, 1221, 1223, 0, 0, 0, 0, 0, + 738, 1037, 0, 0, 710, 2548, 703, 736, 0, 0, + 0, 987, 727, 626, 0, 1036, 988, 626, 626, 0, + 0, 0, 0, 2059, 2058, 654, 647, 646, 649, 648, + 651, 650, 0, 643, 640, 652, 642, 667, 0, 655, + 637, 696, 697, 695, 661, 668, 638, 639, 645, 644, + 641, 688, 693, 691, 690, 689, 694, 692, 656, 671, + 653, 669, 498, 615, 636, 2052, 2053, 2050, 2051, 676, + 675, 2054, 673, 674, 507, 281, 279, 280, 3758, 0, + 0, 276, 0, 278, 273, 274, 3691, 3761, 249, 241, + 0, 394, 495, 493, 494, 3644, 0, 0, 0, 0, + 0, 1408, 3820, 0, 390, 3696, 3696, 394, 3833, 3803, + 3715, 3805, 157, 286, 268, 270, 0, 3766, 3699, 3829, + 3699, 3634, 1771, 0, 0, 1813, 0, 1818, 0, 1810, + 0, 0, 0, 0, 2449, 0, 0, 2456, 2458, 1974, + 0, 1067, 0, 0, 0, 1289, 0, 0, 1158, 1128, + 0, 0, 0, 0, 1099, 0, 1108, 0, 0, 2108, + 0, 1160, 0, 1159, 0, 0, 0, 1172, 1173, 0, + 1952, 1954, 1962, 0, 0, 0, 1148, 1170, 1171, 0, + 0, 0, 0, 1118, 0, 1104, 1174, 0, 1174, 1127, + 0, 702, 0, 1191, 1129, 205, 210, 220, 221, 1057, + 0, 3635, 1053, 0, 1261, 1257, 1258, 1253, 117, 121, + 113, 0, 1858, 1856, 2121, 2204, 0, 309, 0, 3584, + 3578, 3582, 2173, 2121, 0, 894, 940, 936, 937, 929, + 0, 929, 3691, 297, 0, 294, 861, 794, 783, 0, + 3755, 0, 0, 816, 327, 326, 324, 394, 314, 322, + 316, 0, 323, 0, 272, 285, 307, 0, 0, 1728, + 1684, 0, 1655, 1657, 0, 945, 0, 1933, 1927, 0, + 0, 0, 0, 0, 0, 1946, 1938, 0, 1713, 0, + 613, 0, 0, 541, 554, 560, 559, 3378, 3376, 2180, + 0, 2140, 2530, 2541, 505, 0, 0, 1124, 2395, 0, + 3445, 0, 1962, 1033, 1035, 0, 0, 0, 0, 1035, + 0, 0, 705, 732, 626, 983, 984, 1036, 0, 712, + 1007, 2545, 1036, 1036, 3171, 878, 802, 803, 808, 878, + 820, 2730, 861, 895, 2734, 842, 861, 847, 878, 743, + 878, 878, 878, 878, 878, 0, 730, 741, 784, 786, + 2640, 2641, 2642, 2643, 2645, 2646, 2644, 2547, 501, 663, + 2384, 662, 616, 0, 2444, 0, 3032, 3759, 283, 0, + 3757, 284, 250, 188, 0, 0, 216, 3808, 3822, 3806, + 3821, 3699, 3712, 1409, 0, 1409, 0, 3717, 1408, 0, + 0, 3032, 3706, 3705, 0, 3828, 3826, 159, 0, 1900, + 0, 0, 2453, 2454, 0, 2451, 0, 0, 2457, 0, + 1074, 1070, 1075, 0, 1113, 0, 1132, 0, 0, 1098, + 0, 1275, 0, 0, 1151, 1139, 0, 1094, 0, 1141, + 1142, 1186, 1096, 0, 1955, 510, 0, 0, 1103, 0, + 1189, 1095, 1120, 1101, 1133, 1190, 212, 1083, 394, 0, + 0, 0, 1256, 0, 1263, 0, 1851, 0, 0, 0, + 2207, 0, 3583, 3581, 0, 2116, 1827, 840, 1039, 839, + 3756, 296, 859, 1405, 292, 860, 2011, 304, 325, 306, + 0, 3778, 864, 1962, 1578, 1554, 1639, 0, 1943, 0, + 0, 1941, 1940, 0, 1935, 1942, 612, 609, 0, 0, + 549, 567, 563, 0, 565, 566, 588, 2121, 0, 0, + 2145, 2147, 2398, 3415, 0, 1030, 0, 1031, 0, 3415, + 3415, 0, 0, 0, 1036, 1007, 2545, 965, 0, 713, + 0, 717, 719, 745, 0, 740, 731, 753, 0, 0, + 681, 497, 0, 3760, 0, 277, 189, 3770, 3646, 3645, + 1404, 208, 217, 0, 0, 3831, 3815, 3811, 3813, 3810, + 3699, 269, 0, 3707, 0, 188, 2916, 0, 1774, 1776, + 1801, 1815, 1820, 2452, 2460, 2459, 3562, 0, 1115, 625, + 1027, 0, 1146, 0, 0, 1189, 1100, 0, 0, 0, + 1140, 1161, 1138, 1289, 1953, 0, 0, 0, 1137, 1119, + 1121, 1234, 0, 214, 188, 3637, 0, 0, 1262, 1267, + 0, 1264, 1266, 1853, 1852, 1867, 0, 1376, 0, 2434, + 795, 3754, 0, 315, 271, 1727, 1944, 0, 1945, 1948, + 0, 0, 1949, 0, 545, 547, 537, 0, 542, 0, + 561, 0, 2150, 2150, 0, 2150, 2150, 2150, 2150, 581, + 589, 591, 592, 593, 0, 2181, 2521, 2531, 995, 1962, + 0, 0, 0, 0, 997, 999, 0, 0, 0, 725, + 721, 0, 0, 969, 1008, 0, 715, 0, 0, 906, + 963, 769, 0, 772, 0, 904, 744, 746, 902, 903, + 748, 0, 0, 0, 785, 0, 0, 886, 0, 889, + 0, 0, 742, 0, 754, 885, 892, 2546, 658, 503, + 682, 0, 0, 0, 3649, 219, 3703, 240, 0, 394, + 0, 3834, 0, 0, 3767, 0, 1773, 0, 0, 0, + 0, 555, 1114, 1028, 1147, 0, 1136, 1162, 555, 1152, + 1097, 1149, 1150, 1162, 0, 1102, 213, 0, 206, 222, + 3638, 3639, 1259, 0, 0, 0, 2174, 914, 293, 1939, + 1947, 1951, 1950, 543, 0, 550, 574, 564, 570, 0, + 2150, 0, 0, 2150, 0, 0, 0, 0, 0, 558, + 590, 2150, 0, 0, 2150, 0, 1016, 1018, 1165, 996, + 1020, 1019, 1001, 1017, 1029, 1034, 1035, 3415, 191, 0, + 1165, 998, 1022, 1005, 1165, 1000, 1021, 1003, 0, 0, + 733, 0, 0, 723, 0, 968, 0, 973, 0, 0, + 0, 0, 770, 771, 907, 747, 905, 901, 897, 891, + 2557, 2558, 0, 0, 0, 781, 782, 887, 778, 779, + 780, 0, 760, 0, 0, 884, 3764, 0, 3647, 0, + 0, 3809, 240, 3700, 3698, 3700, 3697, 3708, 0, 1778, + 1775, 0, 1783, 1785, 1784, 1786, 1777, 0, 1135, 1117, + 0, 1145, 0, 0, 511, 1162, 511, 0, 215, 1265, + 1859, 1857, 0, 2435, 549, 546, 574, 0, 572, 0, + 568, 562, 569, 0, 606, 600, 0, 602, 603, 601, + 598, 585, 0, 583, 0, 1012, 1015, 2011, 1013, 144, + 1167, 1166, 1002, 0, 995, 0, 150, 1006, 153, 1004, + 728, 0, 0, 0, 0, 966, 0, 970, 971, 972, + 0, 964, 0, 0, 0, 0, 898, 900, 2492, 2491, + 0, 1415, 890, 0, 755, 0, 3762, 0, 221, 3807, + 3701, 3816, 3814, 0, 3710, 0, 1780, 0, 0, 1116, + 1163, 1164, 1107, 511, 1106, 555, 2175, 2187, 0, 2461, + 544, 571, 0, 579, 575, 577, 580, 605, 604, 0, + 582, 0, 599, 686, 1014, 1169, 1168, 1032, 1165, 1023, + 729, 0, 1031, 0, 967, 0, 0, 995, 0, 997, + 999, 777, 0, 888, 749, 749, 761, 3765, 0, 1404, + 204, 3709, 0, 1779, 0, 1787, 1109, 0, 0, 0, + 0, 2447, 573, 0, 0, 594, 587, 584, 147, 0, + 0, 1031, 979, 978, 0, 0, 975, 974, 714, 995, + 718, 720, 1416, 0, 758, 750, 752, 757, 763, 764, + 762, 765, 3763, 3650, 3711, 1782, 0, 1795, 1794, 1781, + 0, 1788, 1790, 1122, 2186, 2188, 0, 2455, 578, 576, + 586, 595, 597, 726, 995, 0, 982, 980, 981, 0, + 0, 716, 1417, 751, 756, 766, 768, 0, 1796, 1793, + 1792, 0, 0, 1789, 0, 1791, 0, 2463, 596, 722, + 995, 0, 0, 767, 0, 1798, 1797, 0, 0, 2462, + 0, 2467, 724, 977, 976, 3651, 0, 0, 2474, 3642, + 2465, 2466, 2464, 0, 2469, 0, 2471, 2472, 0, 2121, + 3640, 3641, 0, 3652, 2473, 2468, 0, 2475, 2477, 0, + 2436, 3643, 394, 2470, 0, 1404, 188, 2476, 0, 3653, + 1405, 2478 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -5698, -5698, -5698, -5698, 2351, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 2886, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 2082, -5698, 354, -5698, 364, -5698, 359, -3781, -618, - -5698, -1900, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 2247, -3038, -5244, -5698, -5698, -320, 1397, -5698, - -5698, 107, -5698, -349, -5698, -5698, -5698, -4482, -511, -743, - -5698, 83, 4717, -248, 4720, 4721, -5698, 210, 4056, -4421, - 491, -5698, -2967, -5698, -5698, -5698, -5698, -1953, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 130, -5698, -5698, -5698, -5698, - -342, -5698, -4695, -267, -5698, -2492, -635, 332, -19, -5698, - -3256, -5698, 522, -5698, -5698, -5698, -5698, -5698, -38, -5698, - -5698, -5698, -259, 754, -4581, -5698, -5698, -5698, -5698, 2500, - -5698, 1811, -5698, -2198, 3747, -5698, -5698, -5698, -5698, -5698, - -5698, 2314, -3046, -5698, -5698, -5698, 1058, -5698, -2794, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -507, -5698, -2066, 2042, - -5698, 2096, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -611, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 3424, -5698, 4676, -5698, -5698, 1263, -5698, 3316, -5698, - 3321, 3322, -2781, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -131, -128, 163, 897, 1417, -5698, -3942, -5698, -5698, - 70, -5698, -5698, -5698, -5698, -5698, 1149, 285, 1147, -5698, - 701, 3093, -2838, -5698, -5698, -5698, -5698, -5698, -5698, -515, - -27, -634, -5698, -4461, -5698, -4993, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -4253, -5698, -5698, -5698, -767, -5698, - -5698, -724, -5698, -5698, -5698, -5698, -391, -5698, -5698, -5697, - -5698, -5698, -5698, -22, -5698, 2818, 4118, -1889, 493, -595, - -5698, -3807, 925, -4104, -3931, -5698, -3451, -5698, -5698, -5698, - -276, -1297, -1291, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - 452, 264, 922, -4407, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -4397, -4382, 123, -5698, -4808, -5698, -5698, 633, -5698, - -4276, -5698, -5698, -5698, -5698, -5698, -5698, -732, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -4103, -5698, -5698, -560, -567, - -5698, -457, -3016, -5698, -2767, 2119, -4920, -5698, -447, -1195, - -445, -440, -437, -5698, -3600, 1261, 1379, -5698, 2267, -5698, - -177, -3361, -3275, 1518, -1845, -3504, -3413, 1318, -3218, -3562, - 1344, -5698, -400, -5698, -418, -5698, -3966, -3842, -4323, -5698, - -666, -2796, -3180, -451, -5698, -5698, -1727, -3245, -5698, 894, - -4020, -4026, 406, 1779, -5698, -5698, 1248, -5698, -1777, 1246, - -5698, -5698, -5698, 1257, -5698, -714, -5698, -5698, -5698, -5698, - -4133, -5698, -2482, -4395, -5698, 5506, 5509, -3349, -679, -676, - -5698, -5698, -5698, -204, 2381, -5698, -3848, -464, -479, -474, - -3174, -88, -5087, -4392, -4358, -5089, -3725, 892, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 188, 191, 1633, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, 991, -3534, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -4907, -3114, -5698, -5698, 526, -4182, -4221, - -4016, -4023, -4370, 4090, -5698, -5698, -5698, -5698, 4171, -3330, - -3784, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3679, 1481, - -5698, -5698, 2410, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -257, 2421, -5698, -5698, -5698, -5698, -5698, 2876, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -405, -5698, - -5698, -5698, -5698, -5698, -70, 3531, -5698, -5698, -5698, -5698, - 5, -5698, -5698, -5698, -5698, 2572, -5698, -5698, -5698, -5698, - 3056, -5698, -5698, -5698, -5698, -5698, -5698, 2218, -5698, 2798, - -5698, -2471, -5698, -5698, 1457, -153, -5698, -5698, -40, -5698, - -5698, -5698, -5698, -5698, 38, -5698, -5698, -5698, 5504, -1574, - 10, -61, -5698, -5698, 2, -5698, -5698, 4232, -465, 2623, - -765, 4871, -5698, -5698, -5698, -5698, -2541, 2492, -5698, 4295, - -5698, -5698, 4478, 1461, 4257, 2365, 988, 2589, -1701, -164, - -2987, -3009, -5698, -12, -4424, 1291, -5698, -392, 468, -2462, - 9981, -5698, -1507, -1535, -5698, -5698, -41, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 2689, 2691, -5698, -5698, 3981, - -5698, 2629, -3674, -5698, -5698, -912, -5698, -2468, -5698, -5698, - -5698, 2626, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 1814, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, 3921, -1627, -5698, -5698, - 4054, -5698, 1913, -5698, 902, -5698, -5698, 2544, -5698, -2782, - -5698, -5698, -1584, -639, -5698, 4053, -5698, 4091, -1253, -4685, - -1764, -561, -5698, -331, -5698, -5698, -5698, -5698, -5698, -5698, - -3338, -665, -662, -5698, -5698, -5698, 3680, -5698, 4332, -5698, - -5698, -5698, -5698, -5698, -5698, 3684, -5698, -2545, -5698, -2501, - 4337, 4338, 4340, -5698, 4344, -5698, -5698, -5698, -1533, 566, - -5698, 1025, -5698, -5698, -5698, -5698, -5698, -3104, -5698, -208, - 812, -207, -4332, -1508, 1357, -5698, -5698, -1891, 3698, 4104, - -1324, -5698, 3000, -5698, 3688, 1866, -5698, 2431, -5698, 1157, - 1163, -5698, -5698, 1879, -5698, -5698, -5698, -5698, 476, -195, - -5698, -5698, -5698, 0, 861, -2063, -5698, 485, -3064, 4339, - -756, -5698, 2426, -1974, -3186, -1204, 949, -1240, 2435, 469, - 4942, -371, -5698, -5698, 4318, 1061, -3787, -2851, -5698, -76, - -1581, 1661, -1050, 1667, -3042, -2881, -4785, -5698, -2310, 1402, - -5698, -5698, -5698, -5698, 1177, -5698, -5698, -5698, 3030, -5698, - 5624, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -691, -1184, -5698, 4266, 3627, -106, -155, 5644, -35, - -5698, -5698, -32, -5698, -5698, 5038, -1997, -5698, -5698, 4476, - 3580, 2904, -5698, 1561, -5698, -5698, -5698, -5698, 1306, -5698, - -5698, 169, -1127, -751, 2424, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 847, -5698, 1324, -1883, -5698, -5698, -5698, -5698, - -30, -5698, -5698, -5698, -5698, 1329, -5698, -548, -5698, -23, - -5698, -5698, -5698, -5698, 4906, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -4124, -5698, -2486, 4907, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 3210, -5698, -5698, -5698, -5698, -5698, -5698, - 3926, 5069, 5070, -1685, -5698, -903, 3212, 2615, -907, -5698, - -5698, -5698, 4351, 5074, -5698, -5698, 62, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 3160, 127, - -5698, -5698, -5698, -5698, -5698, 501, -5698, -5698, -5698, -5698, - 3839, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 4235, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, 1582, -531, -5698, 766, -572, - -5698, 363, -5698, -5698, -5698, -5698, -5698, -638, -5698, -5698, - -645, -5698, -1385, 4810, -1347, -555, -1742, -3328, -5698, 4, - -5698, -5698, -5698, -5698, 3215, -5698, -5698, 3102, 2954, -2524, - -5698, 530, -5698, -5698, -2625, -931, -1684, -2421, 52, -5698, - -5698, -624, 3600, 8239, -5698, -5698, -9, 1224, -1257, -5698, - -5698, 2905, -5, -847, -122, -671, -782, -1054, -5698, 4832, - -5698, -5698, -5698, -653, -647, -614, 1500, 309, 950, -677, - 6587, 9006, -535, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, 2663, 2666, -5698, 5099, -5698, 3588, 3312, - -5698, -5698, -5698, 2670, -5698, -5698, -5698, 5105, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 2677, 2684, - 2686, -5698, -5698, 1919, -2305, -5698, -5698, -5698, -1931, 215, - -5698, 3639, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, - -5698, 3837, -568, 4615, -565, 4044, 5121, 4651, -5698, 4290, - -5698, 4296, -5698, 1714, -5698, -718, 2756, -1425, -3254, -5698, - -5698, 3064, 1245, -5698, -5698, -2551, -3113, -5698, 2598, 1151, - -5698, -5698, 325, -5698, -5698, -5698, 1717, 238, 5098, 4530, - -5698, -5698, -5698, -5698, 5714, 2478, -5698, 334, 5739, 5740, - 5741, -196, -5698, -3196, -5698, -4396, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -5698, -5698, -5698, 1835, -5698, - -5698, 3173, -5698, -5698, -5698, 2554, -5698, -5698, -5698, -5698, - -5698, -5698, -5698, -5698, -5698, -1501, 4904, -5698, 1659, -2636, - -3858, -5698, -5698, -4926, -298, -3916, -5698, -4418, -5698, -5698, - 860, -5698, -5698, -5698, -5698, -5698, -530, -5698, -5698, -5698, - -5698, -5698, 3643, -5698, 2375, -5698, -5698, -5698, -4481, -5698, - -5698, -4860, -5698, 854, -5698, -5698, -5698, -5698, -736, -5698, - -5698, -5698, -5206, -919, 42, -5698, -5698, -5698, -5698, -5698, - -5698, -5698, 865, 870, -5698, 872, -5698, -4545, -5698, -5698, - -5698, -5698, -5698, -5698, -4066, -5698, -5698, -5698, -5698, -5698, - -5698, -5698 + -5502, -5502, -5502, -5502, 2408, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 2933, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 2130, -5502, 405, -5502, 412, -5502, 408, -3771, -601, + -5502, -1900, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 2296, -3061, -5228, -5502, -5502, -275, 1446, -5502, + -5502, 153, -5502, -303, -5502, -5502, -5502, -4450, -465, -697, + -5502, 104, 4764, -139, 4767, 4768, -5502, -109, 4102, -4415, + 606, -5502, -3008, -5502, -5502, -5502, -5502, -1910, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 174, -5502, -5502, -5502, -5502, + -296, -5502, -4487, -222, -5502, -2514, -617, 378, 25, -5502, + -3493, -5502, 567, -5502, -5502, -5502, -5502, -5502, 6, -5502, + -5502, -5502, -212, 799, -4554, -5502, -5502, -5502, -5502, 2525, + -5502, 2030, -5502, -2176, 3793, -5502, -5502, -5502, -5502, -5502, + -5502, 2361, -3030, -5502, -5502, -5502, 1118, -5502, -2795, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -512, -5502, -2017, 2110, + -5502, 2163, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -1002, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 3487, -5502, 4742, -5502, -5502, 1328, -5502, 3381, -5502, + 3382, 3384, -2759, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -65, -60, 233, 963, 1483, -5502, -3943, -5502, -5502, + 129, -5502, -5502, -5502, -5502, -5502, 1216, 349, 1210, -5502, + 765, 3160, -2828, -5502, -5502, -5502, -5502, -5502, -5502, -448, + 33, -565, -5502, -4305, -5502, -5028, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -3980, -5502, -5502, -5502, -703, -5502, + -5502, -660, -5502, -5502, -5502, -5502, -328, -5502, -5502, -4118, + -5502, -5502, -5502, 43, -5502, 2882, 4185, -1888, 559, -449, + -5502, -3801, 989, -4114, -3907, -5502, -3737, -5502, -5502, -5502, + -213, -1276, -1243, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + 517, 326, 990, -4394, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -4393, -4376, 188, -5502, -5190, -5502, -5502, 699, -5502, + -4960, -5502, -5502, -5502, -5502, -5502, -5502, -666, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -4204, -5502, -5502, -491, -500, + -5502, -390, -4014, -5502, -2755, 2187, -4953, -5502, -381, -1188, + -380, -379, -377, -5502, -1994, 1322, 1440, -5502, 2332, -5502, + -115, -3401, -3268, 1582, -1800, -3508, -3409, 1377, -3217, -3536, + 1403, -5502, -342, -5502, 138, -5502, -3983, -3606, -5287, -5502, + -677, -2788, -3181, -394, -5502, -5502, -1735, -3231, -5502, 953, + -3935, -3970, 465, 1839, -5502, -5502, 1310, -5502, -1619, 1308, + -5502, -5502, -5502, 1317, -5502, -655, -5502, -5502, -5502, -5502, + -3920, -5502, -2511, -4436, -5502, 5566, 5567, -3839, -622, -621, + -5502, -5502, -5502, -147, 2439, -5502, -4294, -408, -420, -414, + -3184, -28, -5074, -4421, -3720, -5071, -3903, 952, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 249, 254, 1689, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, 1053, -2632, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -4191, -4546, -5502, -5502, 590, -4128, -4152, + -4026, -4022, -4363, 4154, -5502, -5502, -5502, -5502, 4241, -3336, + -3722, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 3734, 1535, + -5502, -5502, 2477, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -196, 2483, -5502, -5502, -5502, -5502, -5502, 2940, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -345, -5502, + -5502, -5502, -5502, -5502, -12, 3590, -5502, -5502, -5502, -5502, + 5, -5502, -5502, -5502, -5502, 2634, -5502, -5502, -5502, -5502, + 3118, -5502, -5502, -5502, -5502, -5502, -5502, 2273, -5502, 2857, + -5502, -2446, -5502, -5502, 1520, -158, -5502, -5502, -14, -5502, + -5502, -5502, -5502, -5502, 28, -5502, -5502, -5502, 5569, -1565, + 9, -61, -5502, -5502, 2, -5502, -5502, 4294, -459, 2687, + -760, 4933, -5502, -5502, -5502, -5502, -2523, 2556, -5502, 4359, + -5502, -5502, 4536, 1407, 4318, 2423, 1045, 2648, -1686, -164, + -2941, -2998, -5502, 50, -4517, 1354, -5502, 2153, 784, -2462, + 11237, -5502, -1521, -1629, -5502, -5502, -41, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 2750, 2754, -5502, -5502, 4038, + -5502, 2693, -3792, -5502, -5502, -914, -5502, -2487, -5502, -5502, + -5502, 2691, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 1876, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, 3980, -1598, -5502, -5502, + 4119, -5502, 1975, -5502, 964, -5502, -5502, 2476, -5502, -2764, + -5502, -5502, -1602, -669, -5502, 4116, -5502, 4152, -1222, -5501, + -1745, -498, -5502, -272, -5502, -5502, -5502, -5502, -5502, -5502, + -3414, -603, -600, -5502, -5502, -5502, 3739, -5502, 4390, -5502, + -5502, -5502, -5502, -5502, -5502, 3746, -5502, -2540, -5502, -2547, + 4392, 4393, 4395, -5502, 4396, -5502, -5502, -5502, -1731, 634, + -5502, 1093, -5502, -5502, -5502, -5502, -5502, -3104, -5502, -141, + 880, -138, -4332, -1578, 1290, -5502, -5502, -1905, 3768, 4165, + -1324, -5502, 3059, -5502, 3744, 1931, -5502, 2490, -5502, 1218, + 1217, -5502, -5502, 1937, -5502, -5502, -5502, -5502, 533, -137, + -5502, -5502, -5502, 53, 916, -2064, -5502, 540, -3204, 4388, + -738, -5502, 2484, -1959, -3162, -1219, 1007, -1223, 2494, 527, + 5003, -492, -5502, -5502, 4366, 1124, -3724, -2283, -5502, 2252, + -1525, 1718, -1130, 1724, -3052, -3106, -4781, -5502, -2189, 1462, + -5502, -5502, -5502, -5502, 1238, -5502, -5502, -5502, 3097, -5502, + 5685, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -629, -1169, -5502, 4337, 3686, -762, -155, 5704, -7, + -5502, -5502, 1, -5502, -5502, 5098, -2046, -5502, -5502, 4541, + 3637, 2968, -5502, 1623, -5502, -5502, -5502, -5502, 1368, -5502, + -5502, 231, -1127, -577, 2491, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 907, -5502, 1386, -1882, -5502, -5502, -5502, -5502, + 11, -5502, -5502, -5502, -5502, 1391, -5502, -490, -5502, 14, + -5502, -5502, -5502, -5502, 4967, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -4160, -5502, -2335, 4968, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 3270, -5502, -5502, -5502, -5502, -5502, -5502, + 3992, 5132, 5133, -1634, -5502, -944, 3272, 2678, -784, -5502, + -5502, -5502, 4414, 5134, -5502, -5502, 49, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 3222, 189, + -5502, -5502, -5502, -5502, -5502, 560, -5502, -5502, -5502, -5502, + 3896, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 4295, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, 1648, -469, -5502, 828, -513, + -5502, 418, -5502, -5502, -5502, -5502, -5502, -579, -5502, -5502, + -584, -5502, -1391, 4876, -1290, -495, -1741, -3999, -5502, 4, + -5502, -5502, -5502, -5502, 3278, -5502, -5502, 3165, 3016, -2539, + -5502, 591, -5502, -5502, -2655, -918, -1664, -3817, 52, -5502, + -5502, -635, 4995, 4054, -5502, -5502, -9, -501, -1231, -5502, + -5502, 2963, -5, -836, -122, -777, -782, -1076, -5502, 4833, + -5502, -5502, -5502, -647, -645, -595, 1503, 309, 1607, -649, + 7233, 9680, -518, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, 2728, 2726, -5502, 5167, -5502, 3658, 3377, + -5502, -5502, -5502, 2731, -5502, -5502, -5502, 5170, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 2743, 2744, + 2746, -5502, -5502, 1985, -2410, -5502, -5502, -5502, -1917, 178, + -5502, 3689, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, + -5502, 3909, -571, 4695, -536, 4103, 5181, 4721, -5502, 4360, + -5502, 4361, -5502, 1777, -5502, -1706, 2809, -1407, -3140, -5502, + -5502, 3132, 1303, -5502, -5502, -2513, -3053, -5502, 2655, 1207, + -5502, -5502, 385, -5502, -5502, -5502, 1782, 222, 5161, 4593, + -5502, -5502, -5502, -5502, 5774, 2203, -5502, 187, 5803, 5804, + 5805, -249, -5502, -3164, -5502, -4389, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -5502, -5502, -5502, 1904, -5502, + -5502, 3237, -5502, -5502, -5502, 2107, -5502, -5502, -5502, -5502, + -5502, -5502, -5502, -5502, -5502, -1502, 4973, -5502, 1725, -2605, + -3850, -5502, -5502, -4197, -237, -3914, -5502, -4391, -5502, -5502, + 921, -5502, -5502, -5502, -5502, -5502, -526, -5502, -5502, -5502, + -5502, -5502, 3704, -5502, 2440, -5502, -5502, -5502, -4503, -5502, + -5502, -4818, -5502, 917, -5502, -5502, -5502, -5502, -1425, -5502, + -5502, -5502, -4360, -896, 19, -5502, -5502, -5502, -5502, -5502, + -5502, -5502, 926, 932, -5502, 934, -5502, -4310, -5502, -5502, + -5502, -5502, -5502, -5502, -4021, -5502, -5502, -5502, -5502, -5502, + -5502, -5502 }; /* YYDEFGOTO[NTERM-NUM]. */ @@ -5256,57 +5256,57 @@ 0, 69, 752, 1961, 70, 71, 72, 73, 74, 1927, 75, 1275, 2587, 1277, 1896, 2590, 76, 721, 77, 2091, 2788, 2789, 4651, 4652, 4645, 4646, 4648, 4649, 2790, 833, - 834, 2633, 2634, 78, 2651, 3986, 3229, 1963, 4902, 2645, - 5275, 1968, 4905, 1969, 4906, 2643, 3999, 4528, 1973, 1974, - 762, 3987, 3319, 3320, 5826, 1336, 3225, 3328, 3329, 2656, - 4513, 4631, 5725, 4635, 5882, 6027, 5830, 3348, 5103, 5726, - 5727, 656, 1348, 651, 652, 653, 79, 797, 2058, 5396, - 5367, 5368, 2736, 80, 826, 2081, 3355, 1452, 2082, 2755, - 2756, 4984, 4985, 5393, 5532, 5357, 5358, 5359, 5360, 5361, - 4511, 4961, 5362, 5533, 4520, 2872, 2088, 5170, 5162, 5163, - 4728, 3439, 3440, 4736, 3441, 5184, 5189, 3405, 3406, 4162, - 3442, 5526, 5527, 5528, 676, 1146, 5529, 81, 82, 677, + 834, 2633, 2634, 78, 2651, 3986, 3229, 1963, 4903, 2645, + 5276, 1968, 4906, 1969, 4907, 2643, 3999, 4528, 1973, 1974, + 762, 3987, 3319, 3320, 5827, 1336, 3225, 3328, 3329, 2656, + 4513, 4631, 5726, 4635, 5883, 6028, 5831, 3348, 5104, 5727, + 5728, 656, 1348, 651, 652, 653, 79, 797, 2058, 5397, + 5368, 5369, 2736, 80, 826, 2081, 3355, 1452, 2082, 2755, + 2756, 4985, 4986, 5394, 5533, 5358, 5359, 5360, 5361, 5362, + 4511, 4962, 5363, 5534, 4520, 2872, 2088, 5171, 5163, 5164, + 4729, 3439, 3440, 4737, 3441, 5185, 5190, 3405, 3406, 4162, + 3442, 5527, 5528, 5529, 676, 1146, 5530, 81, 82, 677, 685, 678, 1143, 2444, 1144, 83, 84, 1921, 719, 2609, - 2610, 2611, 2612, 3948, 3188, 3942, 3943, 4895, 5171, 3444, + 2610, 2611, 2612, 3948, 3188, 3942, 3943, 4896, 5172, 3444, 85, 657, 929, 930, 931, 932, 2193, 933, 2874, 3461, 934, 2866, 3430, 935, 936, 937, 905, 829, 2819, 2877, 3462, 2820, 3407, 2878, 2190, 938, 939, 940, 941, 942, 1560, 906, 2159, 3416, 4176, 86, 633, 830, 1454, 2085, 831, 2086, 3359, 832, 2083, 1457, 3466, 2129, 860, 1489, - 943, 1152, 3467, 944, 2196, 2198, 2195, 3465, 4749, 2197, - 87, 667, 695, 655, 1487, 683, 4965, 5374, 4496, 4960, - 4497, 5341, 4431, 4954, 4955, 4956, 5452, 3172, 88, 670, + 943, 1152, 3467, 944, 2196, 2198, 2195, 3465, 4750, 2197, + 87, 667, 695, 655, 1487, 683, 4966, 5375, 4496, 4961, + 4497, 5342, 4431, 4955, 4956, 4957, 5453, 3172, 88, 670, 1128, 1750, 2436, 3859, 3048, 3050, 2437, 3858, 4367, 4368, - 4369, 3046, 3047, 5562, 3052, 3856, 5779, 6163, 5912, 5913, - 3848, 5917, 4376, 4831, 4832, 4833, 5243, 5564, 5785, 6048, - 5918, 6170, 6046, 6166, 6047, 6168, 6303, 6253, 6254, 6058, - 6181, 6182, 6258, 6304, 5928, 5929, 5930, 6349, 6350, 5931, - 3852, 3853, 5559, 4827, 5642, 3216, 3217, 2053, 5426, 1286, - 89, 4498, 4615, 4499, 4500, 5311, 6066, 4502, 4503, 5988, - 4504, 4505, 4506, 6261, 1826, 5337, 5323, 4526, 5469, 4507, - 4910, 4911, 4912, 4913, 5954, 6098, 5956, 5957, 6091, 6203, - 6090, 4914, 4915, 5283, 5814, 5291, 5802, 5063, 4916, 4917, - 4918, 5298, 5625, 5816, 5812, 5965, 5966, 6323, 6324, 5981, - 6285, 5982, 6330, 6363, 6364, 5967, 90, 669, 1699, 6114, - 6115, 6116, 5514, 5626, 5515, 5516, 5517, 4227, 4228, 4715, + 4369, 3046, 3047, 5563, 3052, 3856, 5780, 6164, 5913, 5914, + 3848, 5918, 4376, 4832, 4833, 4834, 5244, 5565, 5786, 6049, + 5919, 6171, 6047, 6167, 6048, 6169, 6304, 6254, 6255, 6059, + 6182, 6183, 6259, 6305, 5929, 5930, 5931, 6350, 6351, 5932, + 3852, 3853, 5560, 4828, 5643, 3216, 3217, 2053, 5427, 1286, + 89, 4498, 4615, 4499, 4500, 5312, 6067, 4502, 4503, 5989, + 4504, 4505, 4506, 6262, 1826, 5338, 5324, 4526, 5470, 4507, + 4911, 4912, 4913, 4914, 5955, 6099, 5957, 5958, 6092, 6204, + 6091, 4915, 4916, 5284, 5815, 5292, 5803, 5064, 4917, 4918, + 4919, 5299, 5626, 5817, 5813, 5966, 5967, 6324, 6325, 5982, + 6286, 5983, 6331, 6364, 6365, 5968, 90, 669, 1699, 6115, + 6116, 6117, 5515, 5627, 5516, 5517, 5518, 4227, 4228, 4716, 4229, 4230, 4231, 4232, 4233, 4234, 4235, 4236, 4237, 4238, - 5175, 4718, 4258, 5139, 5140, 4252, 4253, 4267, 4714, 4268, - 4262, 5983, 5984, 5136, 4719, 6216, 4687, 5968, 5985, 5970, - 4703, 1775, 1776, 3266, 1790, 1791, 3098, 3099, 2056, 4704, - 4756, 4705, 5179, 4335, 5226, 4341, 4342, 4343, 3810, 3811, - 3812, 3813, 3814, 3006, 5971, 5598, 5952, 6093, 6096, 6210, - 6315, 5292, 4919, 5296, 1245, 4920, 4921, 6067, 6079, 6083, - 6068, 6084, 6080, 5808, 3220, 6069, 6070, 6071, 6086, 6082, - 3977, 6072, 5580, 5941, 5581, 5582, 5279, 5153, 91, 164, + 5176, 4719, 4258, 5140, 5141, 4252, 4253, 4267, 4715, 4268, + 4262, 5984, 5985, 5137, 4720, 6217, 4688, 5969, 5986, 5971, + 4704, 1775, 1776, 3266, 1790, 1791, 3098, 3099, 2056, 4705, + 4757, 4706, 5180, 4335, 5227, 4341, 4342, 4343, 3810, 3811, + 3812, 3813, 3814, 3006, 5972, 5599, 5953, 6094, 6097, 6211, + 6316, 5293, 4920, 5297, 1245, 4921, 4922, 6068, 6080, 6084, + 6069, 6085, 6081, 5809, 3220, 6070, 6071, 6072, 6087, 6083, + 3977, 6073, 5581, 5942, 5582, 5583, 5280, 5154, 91, 164, 4103, 1421, 2722, 1423, 1433, 3352, 2748, 2747, 1436, 1435, - 2740, 4071, 4586, 5040, 4102, 3349, 4107, 5478, 795, 4617, - 5872, 5700, 5880, 5702, 4618, 4870, 4619, 5857, 6011, 4620, - 5721, 5878, 6023, 4871, 4872, 4621, 4622, 4623, 6153, 6188, - 6189, 6190, 5049, 1870, 809, 810, 1441, 1442, 1443, 2813, - 5473, 5075, 92, 3211, 2627, 93, 1303, 1304, 1305, 1939, + 2740, 4071, 4586, 5041, 4102, 3349, 4107, 5479, 795, 4617, + 5873, 5701, 5881, 5703, 4618, 4871, 4619, 5858, 6012, 4620, + 5722, 5879, 6024, 4872, 4873, 4621, 4622, 4623, 6154, 6189, + 6190, 6191, 5050, 1870, 809, 810, 1441, 1442, 1443, 2813, + 5474, 5076, 92, 3211, 2627, 93, 1303, 1304, 1305, 1939, 1940, 2630, 2631, 3969, 4456, 94, 1270, 2583, 1929, 2619, 95, 1289, 3202, 3203, 3204, 3963, 96, 1449, 2077, 2078, - 2752, 4114, 4643, 5108, 5486, 5733, 5482, 5889, 5890, 97, + 2752, 4114, 4643, 5109, 5487, 5734, 5483, 5890, 5891, 97, 837, 1460, 98, 635, 2100, 2101, 2102, 2792, 99, 1569, 172, 100, 1759, 1756, 2450, 2451, 101, 1269, 1883, 1884, 1885, 1886, 3168, 102, 2167, 2836, 2837, 2838, 2839, 2578, @@ -5315,76 +5315,76 @@ 2238, 111, 782, 780, 1088, 113, 1408, 1404, 114, 2239, 1089, 772, 773, 1356, 1172, 3249, 3250, 2111, 2112, 2691, 2678, 1173, 1174, 1385, 2038, 2709, 2462, 2463, 1866, 2464, - 2761, 3105, 1455, 5660, 5376, 4386, 6282, 1598, 1499, 2696, + 2761, 3105, 1455, 5661, 5377, 4386, 6283, 1598, 1499, 2696, 1273, 1091, 1092, 1093, 1710, 1711, 1726, 1094, 1720, 2387, - 4311, 4798, 4799, 4800, 4801, 2325, 2326, 2431, 1095, 2315, + 4311, 4799, 4800, 4801, 4802, 2325, 2326, 2431, 1095, 2315, 2316, 2317, 1096, 1097, 1098, 1099, 1100, 1101, 1102, 2308, - 2309, 2310, 1103, 1104, 1105, 2426, 4293, 4294, 4780, 3041, + 2309, 2310, 1103, 1104, 1105, 2426, 4293, 4294, 4781, 3041, 3042, 3043, 1106, 2903, 4277, 2914, 2915, 2267, 1107, 1108, 1109, 1110, 1111, 3834, 1112, 4357, 4031, 1113, 1570, 2202, - 2265, 4768, 4282, 5199, 4770, 4771, 5203, 2207, 2891, 3732, - 3733, 3734, 2329, 2330, 1619, 1620, 1587, 1588, 1357, 4994, - 1358, 5403, 5846, 5847, 6007, 6234, 6145, 6146, 6338, 6367, - 6339, 6340, 6341, 1359, 2664, 4529, 1360, 1361, 1362, 4016, - 4017, 4995, 4533, 4997, 4537, 1999, 2000, 2003, 2004, 1363, - 1364, 1365, 1366, 1987, 1367, 1368, 3253, 1369, 2683, 5491, - 4657, 4658, 5738, 5737, 4659, 4150, 4151, 3388, 3389, 4439, + 2265, 4769, 4282, 5200, 4771, 4772, 5204, 2207, 2891, 3732, + 3733, 3734, 2329, 2330, 1619, 1620, 1587, 1588, 1357, 4995, + 1358, 5404, 5847, 5848, 6008, 6235, 6146, 6147, 6339, 6368, + 6340, 6341, 6342, 1359, 2664, 4529, 1360, 1361, 1362, 4016, + 4017, 4996, 4533, 4998, 4537, 1999, 2000, 2003, 2004, 1363, + 1364, 1365, 1366, 1987, 1367, 1368, 3253, 1369, 2683, 5492, + 4658, 4659, 5739, 5738, 4660, 4150, 4151, 3388, 3389, 4439, 4440, 4441, 3262, 2261, 2262, 2337, 2172, 2173, 2174, 2208, 1377, 2014, 2700, 3272, 2016, 3270, 4026, 3274, 4032, 4033, - 2418, 3031, 3830, 3033, 4819, 5233, 5234, 5554, 5767, 5768, - 5773, 4626, 5449, 5450, 2804, 1386, 2717, 3289, 4029, 1828, + 2418, 3031, 3830, 3033, 4820, 5234, 5235, 5555, 5768, 5769, + 5774, 4626, 5450, 5451, 2804, 1386, 2717, 3289, 4029, 1828, 1829, 1388, 2020, 2704, 3278, 1830, 2027, 2028, 3283, 3397, - 1389, 1390, 1402, 1407, 1393, 4661, 1391, 2863, 4582, 5187, - 3815, 4562, 3798, 4559, 4876, 5349, 2231, 2232, 5304, 4145, + 1389, 1390, 1402, 1407, 1393, 4662, 1391, 2863, 4582, 5188, + 3815, 4562, 3798, 4559, 4877, 5350, 2231, 2232, 5305, 4145, 1394, 2720, 4043, 4044, 4045, 1373, 1374, 2009, 2010, 2011, 1395, 1375, 2692, 4022, 115, 714, 116, 2125, 848, 1483, 2124, 3184, 1462, 3929, 1467, 1468, 1477, 803, 654, 117, 658, 4177, 118, 698, 3928, 907, 2737, 1528, 1878, 1529, - 2572, 3163, 3164, 4433, 4866, 4434, 4859, 4860, 4435, 1258, - 5258, 5259, 1419, 4067, 4068, 4062, 2565, 3158, 1259, 1871, - 3922, 2562, 3923, 2563, 2592, 3924, 5133, 5743, 6161, 2559, - 119, 692, 4420, 5786, 3916, 3917, 6245, 6246, 1256, 120, - 637, 2105, 844, 2798, 1465, 1470, 1471, 4667, 2109, 5120, - 2799, 5493, 4158, 4666, 2115, 845, 846, 121, 735, 3212, + 2572, 3163, 3164, 4433, 4867, 4434, 4860, 4861, 4435, 1258, + 5259, 5260, 1419, 4067, 4068, 4062, 2565, 3158, 1259, 1871, + 3922, 2562, 3923, 2563, 2592, 3924, 5134, 5744, 6162, 2559, + 119, 692, 4420, 5787, 3916, 3917, 6246, 6247, 1256, 120, + 637, 2105, 844, 2798, 1465, 1470, 1471, 4668, 2109, 5121, + 2799, 5494, 4158, 4667, 2115, 845, 846, 121, 735, 3212, 1309, 1850, 1851, 1852, 2546, 122, 689, 1246, 3911, 4417, - 2532, 673, 5933, 1833, 1249, 1834, 2528, 3140, 1814, 123, + 2532, 673, 5934, 1833, 1249, 1834, 2528, 3140, 1814, 123, 1413, 1411, 824, 124, 125, 788, 173, 2043, 126, 1412, 127, 1278, 1916, 2606, 3939, 3940, 4444, 1917, 1918, 3185, - 128, 702, 1264, 3181, 4877, 4878, 5268, 129, 726, 1293, + 128, 702, 1264, 3181, 4878, 4879, 5269, 129, 726, 1293, 1294, 1933, 1931, 3207, 2622, 130, 2438, 131, 659, 910, 1532, 1533, 2165, 132, 729, 1298, 133, 134, 912, 4183, - 6036, 6248, 663, 2169, 1537, 5342, 4543, 5004, 5005, 5007, - 5416, 5417, 6300, 6390, 6401, 6397, 6404, 6405, 6408, 6416, - 6417, 1114, 1316, 1317, 1115, 6119, 1116, 1117, 1118, 2240, - 1262, 697, 1874, 2569, 1875, 5253, 5569, 2570, 2156, 2157, - 1876, 4861, 4862, 3070, 3271, 1119, 3918, 5280, 1463, 1472, + 6037, 6249, 663, 2169, 1537, 5343, 4543, 5005, 5006, 5008, + 5417, 5418, 6301, 6391, 6402, 6398, 6405, 6406, 6409, 6417, + 6418, 1114, 1316, 1317, 1115, 6120, 1116, 1117, 1118, 2240, + 1262, 697, 1874, 2569, 1875, 5254, 5570, 2570, 2156, 2157, + 1876, 4862, 4863, 3070, 3271, 1119, 3918, 5281, 1463, 1472, 1281, 618, 1120, 619, 1121, 1122, 805, 1318, 2006, 2846, 1195, 3083, 1123, 946, 1429, 1757, 2066, 2067, 2847, 621, 3084, 1196, 3736, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 3743, 136, 688, 1204, 1787, 1795, 2481, 1785, 2493, 3120, 2495, 2496, 3125, 2497, 1252, 2468, 1786, - 3109, 4403, 4402, 2494, 3903, 4849, 4848, 2498, 2489, 3899, - 3879, 3093, 4393, 5247, 5246, 2476, 2475, 2474, 2484, 2485, + 3109, 4403, 4402, 2494, 3903, 4850, 4849, 2498, 2489, 3899, + 3879, 3093, 4393, 5248, 5247, 2476, 2475, 2474, 2484, 2485, 2486, 2487, 3896, 3104, 3106, 3888, 137, 913, 2178, 666, 1539, 1540, 2860, 138, 691, 139, 720, 1283, 2615, 3194, 3195, 3958, 4448, 3959, 140, 1157, 1158, 141, 896, 3223, 2823, 2118, 1432, 898, 2119, 2140, 900, 1491, 901, 902, 903, 904, 4092, 3341, 3342, 2827, 2121, 2068, 2458, 3334, - 4572, 2069, 4086, 4087, 4573, 2745, 5498, 4099, 3345, 5130, - 4167, 5499, 5500, 142, 706, 143, 5369, 713, 1272, 1893, + 4572, 2069, 4086, 4087, 4573, 2745, 5499, 4099, 3345, 5131, + 4167, 5500, 5501, 142, 706, 143, 5370, 713, 1272, 1893, 144, 145, 146, 147, 781, 1398, 1175, 165, 166, 167, - 168, 813, 814, 3351, 4109, 4638, 4639, 5480, 6411, 6412, - 5654, 5828, 2655, 3990, 6128, 6366, 6398, 6421, 3995, 3996, + 168, 813, 814, 3351, 4109, 4638, 4639, 5481, 6412, 6413, + 5655, 5829, 2655, 3990, 6129, 6367, 6399, 6422, 3995, 3996, 3997, 3234, 3235, 148, 1323, 1319, 746, 1959, 1953, 1955, - 2641, 3215, 149, 150, 151, 5167, 152, 1558, 2832, 2089, - 4514, 6134, 6132, 5674, 6230, 4521, 5996, 4987, 5395, 5672, - 4976, 4977, 4978, 5387, 3744, 3745, 632, 951, 3455, 3971, - 862, 5165, 1261, 2566, 2127, 952, 953, 954, 5168, 3456, - 5364, 5365, 5366, 5397, 5673, 3231, 3989, 5370, 2186, 2873, - 3457, 4746, 955, 956, 957, 958, 2199, 959, 1550, 154, - 1881, 4979, 4980, 5379, 5833, 5377, 5832, 4981, 5665, 5999, - 5663, 5998, 4970, 4971, 4982, 155, 2653, 4002, 4000, 3992, - 3998, 5667 + 2641, 3215, 149, 150, 151, 5168, 152, 1558, 2832, 2089, + 4514, 6135, 6133, 5675, 6231, 4521, 5997, 4988, 5396, 5673, + 4977, 4978, 4979, 5388, 3744, 3745, 632, 951, 3455, 3971, + 862, 5166, 1261, 2566, 2127, 952, 953, 954, 5169, 3456, + 5365, 5366, 5367, 5398, 5674, 3231, 3989, 5371, 2186, 2873, + 3457, 4747, 955, 956, 957, 958, 2199, 959, 1550, 154, + 1881, 4980, 4981, 5380, 5834, 5378, 5833, 4982, 5666, 6000, + 5664, 5999, 4971, 4972, 4983, 155, 2653, 4002, 4000, 3992, + 3998, 5668 }; /* YYTABLE[YYPACT[STATE-NUM]] -- What to do in state STATE-NUM. If @@ -5392,1537 +5392,1538 @@ number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int16 yytable[] = { - 620, 812, 112, 705, 135, 1355, 2363, 748, 808, 1556, - 110, 1202, 2446, 2593, 2413, 3154, 2230, 2638, 1431, 1387, - 818, 679, 1193, 1244, 1387, 679, 1387, 668, 2044, 2237, - 679, 2614, 928, 693, 2029, 1197, 709, 2029, 107, 1856, - 807, 1198, 153, 1420, 3161, 3978, 716, 2637, 1151, 2185, - 2805, 4046, 724, 4141, 2017, 3132, 728, 717, 1777, 2719, - 1780, 1781, 2302, 725, 1194, 2739, 1581, 1542, 1794, 1547, - 749, 1548, 1549, 4160, 1199, 1274, 4540, 3443, 1553, 1621, - 4625, 3165, 3871, 3872, 3877, 4021, 4527, 4624, 897, 2346, - 4962, 899, 3290, 4036, 2137, 1758, 3224, 3910, 3176, 2291, - 1982, 3469, 3470, 3747, 2271, 3748, 2558, 3173, 2366, 4989, - 4259, 2516, 2517, 1300, 686, 2007, 1307, 4047, 897, 791, - 3749, 1159, 3358, 2876, 2054, 1948, 828, 2445, 2754, 1430, - 2055, 3731, 950, 819, 2523, 3731, 3252, 112, 820, 3797, - 4517, 821, 3941, 822, 2033, 793, 2113, 1461, 950, 5099, - 823, 796, 798, 1203, 2539, 798, 4111, 806, 1207, 1330, - 4020, 1331, 4257, 2724, 5186, 1333, 1334, 4271, 3920, 1695, - 1697, 1698, 4616, 107, 5350, 112, 790, 135, 2552, 2553, - 4509, 5046, 1740, 110, 3118, 3258, 789, 4455, 1260, 5587, - 5586, 5047, 2398, 2399, 2400, 2401, 2402, 2403, 2404, 2406, - 2408, 2409, 2410, 2411, 2412, 2378, 5048, 4999, 3251, 3251, - 3850, 107, 2796, 2386, 2388, 4429, 2391, 2392, 2605, 5051, - 4266, 5053, -2555, -2556, 5065, 4266, 4040, 4702, 4702, 4757, - 4702, 4098, 1556, -1903, -1903, 4702, -502, -502, 5083, 4757, - -2704, 4702, 2861, 682, 5107, 4761, 4757, -1044, -1044, 5563, - -3438, -3438, 4762, -2849, -2849, 5176, 3390, -3439, -3439, -400, - -400, 4261, 711, 1662, 3331, 2079, 4428, 4429, 3994, 2885, - 1681, 4254, 4023, 4024, 1685, 2861, -1903, -1903, -2720, -2721, - 2170, 4070, 2791, 4255, 2861, 2223, 2224, 2225, 3909, 2226, - 5394, 2227, 777, 2228, 4006, 2170, 4265, -2150, 727, 2223, - 2224, 2225, 2861, 2226, 4091, 2227, 2861, 2228, 1417, 4867, - 2632, 708, 733, 3961, 3962, 1824, 1405, 4272, 2861, 2861, - 1453, 3399, 6169, 2170, -1903, 778, 4126, 2861, 5534, 3251, - 2223, 2224, 2225, -3516, 2226, 5935, 2227, 1857, 2228, 4281, - 2050, -3499, 1858, 2861, 1705, 2861, 1705, 2857, 2861, 1992, - -2722, 699, 1706, 2811, 1706, -3503, 1417, 5302, 1417, 4083, - 1417, 1707, 1417, 1707, 708, -3502, 4662, -3438, 2743, 3420, - 801, 4142, 1417, 4679, -3439, 1727, 2861, 1705, 5627, 950, - 2185, 950, 1417, 950, 950, 1706, 1957, 817, 4641, 1417, - 950, 5305, 3471, 950, 1707, 811, 4958, -1903, 4164, 1705, - 1705, 2858, 1417, 2899, 1728, 1729, 708, 1706, 1706, 5484, - 3187, 1406, -3438, -1903, 1177, 1993, 1707, 1707, 5307, -3439, - 3003, 5309, 1705, 766, 1559, 4060, 1994, 4737, 2120, 4722, - 1706, 1727, 4723, 1705, 1995, 5390, 6151, 703, -1903, 1707, - 3218, 1706, 2581, 840, 1339, 1779, 1705, 664, 4972, 5327, - 1707, 1820, 32, 4244, 1706, 4112, 703, 1705, 32, 2134, - 1728, 1729, 1996, 1707, 2687, 1706, 779, 5844, 1730, 4684, - 3053, 1721, 700, 5675, 1707, 4963, 4337, -1903, 703, 841, - 4100, 1817, 1439, 847, 675, -1863, 4404, 850, -1903, 852, - 730, 853, 854, 4104, 855, 856, 857, 5796, 4654, 1891, - 1815, 4684, 815, 39, 5070, 703, 4570, 1942, 4269, 39, - 32, 708, 2940, 1727, 4430, 3332, -1903, 3909, 1997, 41, - 1708, 3060, 1708, 2175, 1730, 4337, 5297, 1150, 1505, 4338, - 6274, 2812, 5706, 2713, 895, 4501, 4501, 1506, 4949, 660, - 4143, 2647, 1728, 1729, 5378, 3112, 1998, -2849, 1712, 1713, - 1714, 5378, 1715, 1708, 1731, 4595, -3325, 1990, -3438, 4907, - 2379, 39, 4680, 703, 895, -3439, 2639, 1722, 4292, -1903, - 1346, 41, 1727, 4064, -3500, 1708, 1708, 1525, 4338, 1888, - 5281, 1310, 1311, 1723, -1903, 1268, 671, 5391, 1355, -3501, - 4726, 5037, -3506, 4700, 704, 2072, 3174, 6283, 1708, 1284, - 6003, 1728, 1729, 5186, 3101, 2628, 1730, 6351, 2582, 1708, - 1731, 3175, 1705, 704, 4383, 4384, 950, 1616, 1396, 1447, - 1706, 1853, 1708, 1855, 1628, 835, 1867, -3532, 1709, 1707, - 1709, 2051, 3808, 1708, 3044, 704, 5029, 4598, 5030, 6028, - 2380, -1863, 2469, 1645, 1646, 5038, 3809, 1812, 4727, 3147, - 861, 806, 4501, 6377, 4655, 1724, 5069, 2479, 4950, 1387, - 4522, 1709, 704, 4066, 2629, 1730, 2901, 1695, 1697, 1716, - 2235, 2073, 4225, 2029, 2110, 1148, 4757, 1397, 3155, 1868, - 703, 806, 5148, 1709, 1709, 4616, 1943, 1621, 4696, 5519, - 3020, 1705, 1731, 2822, 1448, 1721, 1265, 5282, 2185, 1706, - 3222, 2176, 806, 1485, 1486, 4005, 1709, 2951, 1707, 2456, - 4796, 4166, 4757, 1221, 1287, 1282, 806, 1709, 5177, 4523, - 704, -736, 835, 4600, 3113, 835, 6275, 664, 3015, 2381, - 1709, 3279, 1481, -1903, 5834, 4702, 2673, 1964, 2177, 5071, - 1967, 1709, 4101, 2714, 1970, 1971, 1972, 2688, 1329, 1975, - 1976, 1731, -3532, 4571, 4011, 2054, 2514, 4105, 4015, 4266, - 4964, 2055, 2702, 4702, 1149, 791, 2065, 4702, 4579, 2092, - 4757, -2211, 1280, 4685, 4702, 4259, 5219, 4259, 3251, 842, - 2705, 2099, 1410, 1403, 4259, 840, 3054, 5740, 1708, 1379, - 4113, 1722, 2122, 6135, 1813, 806, 1818, -2211, 4259, 4524, - 3264, 3391, 4259, 4518, 3891, -1863, 661, 1723, 3016, 4372, - 4030, 806, 4259, 3893, 5879, 3346, 1526, 5815, 4656, -3325, - 1450, 841, 1370, 2447, 1340, -3438, 1821, 4688, 4405, 4690, - 2415, 1892, -3439, 791, 1381, 3022, 4709, 704, 1705, 5072, - 1473, 664, 1475, 4149, 5390, 798, 1706, 798, 2065, 806, - 838, 4553, 1484, 5343, 4724, 1707, 1854, 4365, 3860, 6284, - 3009, 3010, 4251, 5908, 4735, 3148, 2446, 1708, 701, 859, - 3219, 1958, 664, 4662, 4554, 3004, 665, -3626, 2200, 1724, - 6152, 2830, 705, 960, 5650, 3403, 3023, 3024, 3386, 3027, - 3028, 1437, 2900, 5973, 1894, 5595, 1709, 3017, 4399, 5534, - 4400, 4401, -2732, 3827, 4251, 5381, 1254, 3399, 791, 2520, - 1546, 2522, 897, 6000, 2526, 2794, 2744, -2735, 843, 1551, - -3516, 950, 1554, 1894, 1440, 4084, 2534, 6165, -3499, 2537, - 5031, 2859, 112, 2540, 135, 1561, 1480, 1705, 1482, 734, - 110, 4065, -3503, 1405, 1267, 1706, 2099, 1705, 4180, 3333, - 4070, 2217, -3502, 5824, 1707, 1706, -3532, 2390, 2551, 2555, - 2556, 2557, 1327, 4261, 1707, 1538, 4682, 4683, 107, -2704, - 1705, 1705, 1705, 5840, 3385, 1709, 948, 2099, 1706, 1706, - 1706, 2445, 2457, 1727, 4713, 68, 4583, 1707, 1707, 1707, - 4716, 68, 948, 2862, -2704, -2561, -2562, 1200, 2171, 4725, - 3909, 4729, 4730, 4731, 5676, 4733, 4734, -2720, -2721, 5502, - 6211, 6214, 6213, 2171, 1708, 4738, 4739, 4740, 4741, 4742, - 1663, 4379, -1903, 748, 6154, -502, 2862, 1682, 2340, 3994, - 5749, 1686, -2720, -2721, 2179, 2862, -1044, 1418, 3394, -3438, - 3045, 2171, -2849, 68, 2047, 2187, -3439, 4025, -400, 4501, - 2229, 1682, 4610, 2862, 1769, 2538, 5039, 2862, 5046, 2665, - 1478, 672, 1479, 1778, 2301, -1903, 895, 4625, 5047, 2862, - 2862, 1792, 4339, 5679, 4624, 5680, 1730, 2099, 2862, -2722, - 4698, 1703, -115, 5048, -115, 1418, 1700, 1418, 1702, 1418, - -119, 1418, -119, 1430, 2862, 6321, 2862, 5065, 1725, 2862, - 2913, 1418, 1827, 1350, -2722, 1355, -111, 3013, -111, 2835, - 1793, 1418, 2478, 1708, 6270, 6271, 3121, 731, 1418, 1202, - 5273, 4339, 1709, 1708, 3907, 6277, 3875, 2862, 4836, 4642, - 1193, 1418, 1816, 2932, 5909, 1732, 1733, 1734, 1735, 1736, - 1737, 1738, 1739, 1197, 806, 2573, 1708, 1708, 1708, 1198, - 5485, 3256, 3257, 5353, 1980, 3102, 665, 2902, 3005, 4616, - 662, -3500, 1731, 2718, 1730, 4501, 1430, 732, 2744, 1556, - 3103, 806, 1194, 5831, 5186, 2809, -3501, 2382, 2937, -3506, - 806, 6428, 1199, 806, 5719, 6310, 2744, 681, 806, 2938, - 32, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 1507, - 6147, 4340, 2921, 897, 2922, 2502, 2470, 4558, 4561, 634, - 5090, 4561, 4558, 2923, 6335, 2924, 3894, 3797, 3797, 806, - 1822, 1709, 5073, 948, 1355, 948, 4555, 948, 948, 5216, - 835, 1709, 835, 5218, 948, 1355, 1355, 948, 5835, 2620, - 5837, 39, 5728, 3895, 1925, 169, 4581, 1384, 2432, 664, - 1731, 41, 2013, 2453, 1709, 1709, 1709, 1877, 818, 791, - 843, 1203, -2211, 4525, 791, 791, 1207, 2800, 5350, 5350, - 665, 1798, 2139, 1732, 1733, 1734, 1735, 1736, 1737, 1738, - 1739, 1926, 3936, 2070, 1717, 1718, 1719, 4266, -2211, 1705, - 1936, 4266, 748, 3398, 2602, 2065, 3934, 1706, 4973, 5910, - 2723, 665, 1950, 1705, 791, 1949, 1707, 3965, 6311, 2433, - 836, 1706, 1865, 2050, 2446, 2623, 1880, 6336, 4855, 6138, - 1707, 1887, 1725, 1705, 5239, 1962, 771, 1508, 2724, 5330, - 2482, 1706, 4990, 1733, 1734, 1735, 1736, 1737, 1738, 1739, - 1707, 1928, 3144, -3335, 3095, 3018, 2054, 2928, 791, 1989, - 908, 1835, 2055, 636, -1978, 1700, 6384, 1702, 895, 1379, - 1705, 3117, 5012, 4967, 2029, 3122, 2029, 2029, 1706, 2012, - 2952, 819, 4259, 2649, 2650, 2518, 820, 1707, 1923, 821, - 3336, 822, 2660, 2661, 2662, 4436, 2524, 2036, 823, 3974, - 2726, 1530, 3765, 1177, 3057, 3058, 3409, 897, 2876, 1392, - 4544, 3941, 4115, 2170, 1381, 1370, 1861, 4843, 2045, 2046, - 1403, 2049, 3243, 112, 4547, 135, 1965, 1966, 3244, 2059, - 3100, 110, 2828, 5864, 5214, 2054, 1271, 2213, 4974, 2445, - 791, 2055, 806, 2815, 2816, 5938, 4856, 2670, 1515, 2671, - 798, 791, 3908, 1383, 791, 2237, 5911, 2939, 2203, 107, - 3276, 3835, 3838, 3841, 3842, 791, 1594, 1595, 1596, 791, - 948, 2107, 1751, 2884, 3915, 1708, 4974, 4530, 4531, 4159, - 3854, 3282, 2117, 3285, 3286, 806, 1823, 806, 791, 1708, - 5008, 4644, 4757, 5011, 4757, 4720, 6312, 2063, 5746, 5969, - 5748, 2817, 4138, 1920, 1409, 2854, 169, 722, 2075, 1708, - 6313, 1992, 1644, 3975, 1930, 3337, 4501, 6009, 806, 4501, - 3849, 4534, 4535, 3821, 806, 3824, 2103, 2459, 2103, 2848, - 5433, 3828, 3829, 1924, 2831, 2849, 5662, 5664, 3174, -1903, - -2150, 4802, -2150, 680, -2150, 5729, 1708, 5497, 2181, 1705, - 3251, 3251, 1727, 3175, 1417, 1509, 3731, 1706, -2341, 6149, - 748, 6337, 6294, 950, 5464, 909, 1707, 171, 2850, -2549, - 1727, 928, 1151, 5014, 791, 806, 2079, 1993, 2170, 5599, - 2728, 1728, 1729, 1709, 4395, 6130, 723, 2759, 1994, 6131, - -1289, 696, 5938, -1903, 3421, 1889, 1995, 1709, 2434, 1728, - 1729, 950, 3909, 2483, 4407, 1516, 2371, -2341, 4410, 2175, - 1525, 2333, 2334, 4968, 2051, 112, -3335, 1709, 6334, 1535, - 2729, 1531, 3134, 1700, 1996, 1702, 3135, 949, 3137, 2414, - 4671, 4672, -1978, 5331, 950, 5332, 2214, 1510, 4152, 858, - 3026, 1371, 3142, 949, 2730, 1730, 1862, 2855, 1201, 4501, - 5240, 4702, 2856, 6104, 1709, 3150, 3151, 2730, 5371, 895, - 174, 175, 1705, 1730, 3198, 2074, 4139, 710, -1903, 5333, - 1706, 950, 950, 791, 1295, 3199, 1836, 791, 4975, 1707, - 1997, 1705, 2093, 2867, 791, 2383, 6385, 2447, 665, 1706, - 5730, 2875, 5127, 3976, 3937, 2364, 4052, 2513, 1707, 5334, - 2519, 1260, 1221, 2992, 4154, 2993, 1752, 5372, 1998, 5780, - 6010, 2525, -2341, 3822, 112, 3823, 4975, 2561, 3420, 3339, - 6228, 3970, 2372, 6206, 4007, 1708, 2811, 1705, 3277, 3321, - 2341, 1731, 4721, 68, 2345, 1706, 4287, 4351, 4288, 4352, - 2907, 2352, 3011, 4001, 1707, 1863, 806, 1517, 2419, 1731, - 1705, 3066, 3067, 2439, -2341, 1734, 1735, 1736, 1737, 1738, - 1739, 1864, 5960, -2341, 791, 3993, 3402, 1707, 806, 806, - 4140, 5190, 170, -2341, 1705, 948, 806, 2471, 2731, 1414, - 1705, 5043, 1706, 1177, -1903, 2725, 1705, 2176, 1706, -2341, - 2732, 1707, 2529, 6296, 1706, 4053, 2706, 1707, 2488, 2435, - 1890, 3090, 6167, 1707, 4629, 6171, 798, 798, 791, 798, - 798, 798, 798, 791, 806, 806, 791, 1812, 171, 2654, - 2657, 2452, 798, 6314, -1903, 3085, 4054, 1384, 4066, 4679, - 3200, 3086, 5335, 1709, 3914, 2530, 1536, 5418, 1708, 2535, - 798, 2541, 806, 5905, 2642, 1736, 1737, 1738, 1739, 1526, - 6155, 6207, 1705, 895, 5373, 2648, 1372, 1708, 5961, 1831, - 1706, 2175, 4776, 791, 3087, 2506, 5336, 2465, 6195, 1707, - 2512, 5907, 6197, 2515, 949, 791, 949, 3174, 949, 949, - 3960, 5804, 1832, 3938, 6040, 949, 5810, 5811, 949, 6309, - 2733, 1425, 3175, 2707, 1424, 1771, 2693, 897, 5287, 4630, - 3063, 5312, 4055, 1708, 2812, 2466, 2060, 5698, 1556, 1527, - 1355, 5325, 5326, 835, 5781, 5782, 1355, 5149, 2335, 5862, - 2550, 2336, 1556, 2094, 5711, 1705, 4056, 5997, 6354, 6208, - 2054, 1355, 2560, 1706, 835, 791, 2055, 5720, 3197, 5722, - 2625, 3159, 1707, 3091, 6409, 5877, 1709, 2029, 3092, 2738, - 1708, 5434, 5288, 4093, 4094, 3201, 1708, 4095, 4096, 4097, - 2734, 806, 1708, 3459, 1813, 1709, 3876, 5962, 2644, 5281, - 806, 806, 806, 2531, 2708, 2093, 791, 5459, 5191, 1705, - 798, 798, 6242, 3880, 3296, 3297, 5771, 1706, -1903, 2018, - 3889, 3890, 3182, 1705, 791, 6327, 1707, 5471, 4171, 4172, - 6041, 1706, -924, 2099, -924, 791, 791, 2095, 6301, 2096, - 1707, 1709, 4010, 806, 5774, 1705, 4014, 5783, 4680, -1289, - 2120, 2504, 2505, 1706, 2507, 2509, 2510, 2511, 1708, 4777, - 2050, 3198, 1707, 2652, 1709, 4584, 3265, 2521, 4422, 2176, - 777, 950, 3199, 1772, 3468, 3468, 3468, 1355, 4423, 1347, - 3878, 1370, 5289, 4922, 3282, 2536, 6307, 2908, 1709, 2029, - 2467, 1426, 1370, 1370, 1709, 6399, 806, 5440, 5863, 3232, - 1709, 2917, 3233, 778, 1301, 791, 2099, 4548, 3241, 1427, - 4153, 791, 1221, 2065, 4567, 2753, 2427, 6410, 5948, 5784, - 6015, 2918, 3909, 1290, 6328, 736, 2019, 6222, 4842, 2097, - 5425, 1708, 3909, 3909, 791, 6081, 6085, 4846, 4847, 4027, - 2864, 949, 4259, 1473, 6355, 1200, 5472, 5050, 2428, 2807, - 5290, 3322, 5064, -1903, 2394, 712, 2963, 5074, 2814, 791, - 791, 2171, 2746, 1705, 5320, 2447, 1709, 1476, 2749, 4050, - 5809, 1706, 6236, 5055, 2826, 2826, 5538, 6400, 5496, 6329, - 1707, 5200, 6316, 1705, 5414, 1708, 4585, 1302, 718, 5576, - 2065, 1706, 4028, 1705, 5751, 5415, 4156, 5518, 806, 1708, - 1707, 1706, 791, 2098, 737, -224, 6264, 947, 1291, 5321, - 1707, 5557, 791, 5116, 6265, 5117, 1705, 5859, 2870, 5383, - 5543, 1708, 2429, 947, 1706, 2658, 2659, 3200, 1476, 2879, - 861, 2825, 2825, 1707, 3452, 5235, 5299, 5056, 4259, 1709, - 1705, 4922, 4259, 5057, 779, 4051, 2094, 6356, 1706, 3090, - 2395, 6241, -735, 6243, 3245, 5950, 5821, 1707, 3446, 2840, - 1563, 3323, 6113, 950, 3447, 1292, 2396, 6365, 3324, 1538, - 5860, 6237, 6081, 3085, 3325, -2341, 6085, 750, 5322, 3086, - 1556, 897, 112, 5734, 3401, 3737, 3459, 6392, 6393, 3737, - 2911, 3738, 4692, 1709, 4724, 3738, 5703, 3448, 2206, 707, - 751, 6382, 3040, 2430, 3750, 5735, 1177, 1709, 4694, 1380, - 799, 1564, 3087, 1418, 4727, 3755, 3756, 1705, -2150, -2150, - 3011, 5299, 950, 3867, 3739, 1706, 2171, 708, 3739, 1709, - 2095, -924, 2096, 753, 1707, 2206, 950, 2919, 2397, 1708, - 6295, 6118, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, - 3326, 2051, 3201, 1705, 5736, 2206, 1382, 2219, 4350, 1708, - 4353, 1706, 1734, 1735, 1736, 1737, 1738, 1739, 748, 1708, - 1707, 5841, 3791, 895, 5932, 1565, 3453, 950, 1746, 791, - 6118, 3454, 5646, 791, 3945, 3946, 950, 950, 950, 3795, - 2414, 3091, 1708, 4427, 2280, 770, 3092, 3000, 3038, 5000, - 5001, 5964, 800, 3742, 2206, 5964, 3039, 3742, 3746, 5150, - 1755, 3909, 3746, 3327, 2283, 1705, 1708, 2206, 1705, 5671, - 5871, 771, 2097, 1706, 6192, 5151, 1706, 5713, 5822, 4727, - 4716, 1700, 1707, 1702, 1430, 1707, 2983, 948, 5231, 4725, - 2987, 4729, 4730, 4731, 4733, 4734, 949, 1709, 1566, 1705, - 2925, 802, 5795, 5842, 947, 3909, 947, 1706, 947, 947, - 5232, 3947, 3335, 2299, 159, 947, 1707, 1709, 947, 2935, - 6081, 6085, 1705, 4240, 816, 948, 2320, 1709, 5295, 5295, - 825, 6325, 6325, 806, 806, 4241, 1202, 1202, 5002, 1707, - 806, 2862, 3166, 1708, 2826, 2826, 2098, 1193, 1193, 3082, - 1709, 3796, 2862, -2393, -608, -2393, 1705, 806, 948, 806, - 1197, 1197, 3107, 3108, 1706, 2936, 1198, 1198, 5932, 3851, - 640, 2852, 6362, 1707, 1709, 3186, 5386, 4752, 1147, 1708, - 1355, 4753, 641, 4754, 1355, 4755, 1153, 3128, 798, 1194, - 1194, 1253, 2920, 798, 5624, 948, 948, 3131, 3038, 1199, - 1199, 2825, 2825, 798, 5213, 5964, 4839, 5794, 3138, 798, - 827, 4251, 2941, 1379, 3336, 5003, 703, 1380, 2942, -2723, - 684, 2674, 5964, 5404, 2950, 690, 3825, 2675, 2920, 2676, - 4696, 1721, 4857, 5248, 5249, 3205, 791, 2138, 4633, 2735, - 5223, 1708, 3459, 2735, 1708, 4634, 4058, 4059, 4697, 4061, - 4063, 1709, 1877, 4811, 2829, 1221, 2830, 4813, 1381, 806, - 3169, 791, 2013, 1705, 1382, 5013, 3425, 3426, 1705, 4251, - 3427, 1706, 3428, 839, 3429, 1708, 1706, -2729, 1203, 1203, - 1707, 835, 643, 1207, 1207, 1707, 1705, 1709, 1705, 708, - 2962, 791, 806, 3149, 1706, 3290, 1706, 1383, 3196, 4991, - 3193, 849, 2677, 1707, 791, 1707, 4992, 4256, 4993, 2770, - 2771, 3141, 3247, 6018, 950, -2731, 3248, 1355, 3171, 2099, - 950, 4256, 3281, 5953, 2783, 5955, 2785, 1722, 5338, -2737, - 3221, 5105, 1708, 5340, 3226, 3227, 791, 851, 798, 3337, - 4251, 947, 2926, 1723, 2278, 791, 3239, 798, -2740, 1709, - 791, 1705, 1709, 1705, 174, 175, 791, 1705, 4251, 1706, - 5124, 1706, 4922, 2967, 4251, 1706, -2743, 2969, 1707, 2970, - 1707, 791, -2744, 704, 1707, 3263, 911, 895, 4251, 2012, - 3268, 1705, 1705, 1709, 2029, 1129, -2745, 4251, 5904, 1706, - 1706, 4722, 1705, 3228, 4723, -2747, 1127, 4416, 1707, 1707, - 1706, 1145, 3237, 3129, 3295, 674, 1705, 1370, 3130, 1707, - 1255, 3338, 3302, 1370, 1706, 1724, 1257, 2968, 3133, 2786, - 2787, 1266, 645, 1707, 3136, 4173, 4174, 4175, 1370, 806, - 4251, 2971, 2065, 2065, 4863, 791, 1201, 1705, -2748, 1708, - 1709, 1271, 1705, 4808, 1708, 1706, 4449, 1276, 1312, 1493, - 1706, 1313, 1314, 2972, 1707, 5900, 1315, 4557, 2862, 1707, - 4764, 4765, 1708, 4408, 1708, 4409, 6092, 1778, 1279, 1778, - 4822, 1941, 1288, 6217, 6218, 1705, 3737, 1946, 1947, 2805, - 1285, 4421, 3738, 1706, 1297, 3393, 4834, 791, 1705, 4784, - 1308, 4549, 1707, 791, 806, 806, 1706, 4380, 5295, 3463, - 3926, 3464, 2830, 1705, 1705, 1707, 806, 4804, 1705, 1705, - 1494, 1706, 1706, 1495, 1322, 3739, 1706, 1706, 4660, 1299, - 1707, 1707, 4692, 1306, 1705, 1707, 1707, 1708, 4018, 1708, - 4019, 1705, 1706, 1708, 6267, 5141, 1177, 1326, 4694, 1706, - 1496, 1707, 2035, 3339, 1370, 2037, 2037, 1709, 1707, 1497, - 3400, 770, 1709, 3230, 5152, 4922, 1328, 1708, 1708, 1332, - 5261, 3238, 3240, 5157, 6073, 948, 1705, 3082, 1708, 5159, - 1709, 2988, 1709, 4080, 1706, 4081, 4309, 6184, 2970, 5173, - 6187, 1335, 1708, 1707, 806, 1337, 806, 5182, 5183, 1705, - 1376, 2991, 1705, 1338, 3742, 1705, 4312, 1706, 1894, 3746, - 1706, 2998, 5762, 1706, -2350, 3340, 1707, 1312, 1705, 1707, - 1313, 1314, 1707, 1708, 1414, 1576, 1706, 6317, 1708, 3816, - 1424, 1705, 4698, 1422, 3474, 1707, 950, 1434, 4316, 1706, - 1894, 5566, 5567, 1438, 4323, 1709, 4324, 1709, 1707, 4752, - 5250, 1709, 1444, 4753, 1705, 4758, 947, 4755, 3757, 1993, - 1445, 1708, 1706, 4692, 748, 4560, 2862, 5145, 640, 6360, - 1994, 1707, 1581, 1446, 1708, 1709, 1709, 1177, 2684, 4694, - 1341, 1384, 4636, 1459, 4637, 5064, 1709, 811, 1705, 1708, - 1708, 4580, 2862, 3921, 1708, 1708, 1706, 3807, 4699, 4706, - 1709, 4708, 6371, 6373, 6378, 1707, 4712, 1451, 4418, 5697, - 1708, 5699, 4816, 4969, 1894, 1841, 5704, 1708, 4565, 4566, - 1705, 112, 811, 5709, 5710, 1456, 3831, 1700, 1706, 1702, - 6391, 1709, 5110, 5716, 5111, 4004, 1709, 1707, 949, 4922, - 2355, 2356, 5018, 1342, 1464, 5787, 5019, 1488, 5020, 1705, - 5021, 703, 1708, 1705, 791, 1705, 1705, 1706, 1476, 806, - 806, 1706, 2685, 1706, 1706, 5106, 1707, 948, 1490, 1709, - 1707, 4285, 1707, 1707, 1492, 1708, 949, 5112, 1708, 5113, - 643, 1708, 1709, 1498, 174, 175, 2457, 2457, 1500, 806, - 1998, 4317, 1501, 4318, 1708, 4319, 4852, 1709, 1709, 5114, - 1502, 5115, 1709, 1709, -3486, 174, 175, 1708, 1503, 949, - 5481, 2452, -3488, 112, 3900, 135, 3902, 5194, 1709, 5196, - 4696, 110, 2853, 5494, -3485, 1709, 948, 1705, 4042, 5208, - 1708, 1894, 5221, 4286, 5222, 1706, 4301, 3972, 4697, 5229, - 948, 1894, -3487, 1778, 1707, 1221, 949, 949, 2364, 107, - 2223, 2224, 2225, 153, 2226, 1504, 2227, 5022, 2228, 791, - 1709, 5023, 1511, 5024, 1708, 5025, 1512, 4303, 1725, 1513, - 4684, -962, 6176, 6177, 2414, 1778, 1514, 738, 739, 1518, - 3450, 948, 5260, 1709, 4349, 1519, 1709, 3949, 3950, 1709, - 948, 948, 948, 1343, 174, 175, 1708, 1430, 1430, 4459, - 5898, 3967, 1709, 1520, 5958, 174, 175, 3741, 704, 5859, - 1705, 3741, 4085, 4850, 740, 1709, 3930, 5241, 1706, 5242, - 2252, 174, 175, 1521, 4328, 1708, 703, 1707, 798, 1708, - 5859, 1708, 1708, 5265, 1522, 5266, 791, 5959, 1709, 4093, - 4094, 1523, 1524, 4095, 4096, 4097, 1534, 1355, 1355, 4076, - 791, 4696, 1562, 741, 791, 156, 1399, 1400, 1705, 5974, - 806, 5285, 5860, 5286, 4840, 4841, 1706, -3752, 2419, 4697, - 1567, 1568, 1709, 10, 1639, 1707, 1221, 4320, 4922, 4321, - 5408, 4322, 4019, 5860, 5869, 5975, 4120, 2253, 4122, 4123, - 1582, 806, 806, 4003, 4128, 1320, 1321, 5508, 1324, 5509, - 1325, 4684, 4136, 1708, 1709, 5960, 4144, 1370, 4147, 1583, - 1430, 1370, 4072, 4073, 4074, 4075, 4077, 4078, 4079, 5859, - 5238, 4082, 17, 1584, 1589, 5154, 1705, 1842, 5510, 806, - 5509, 4329, 5154, 1709, 1706, 1590, 5207, 1709, 1591, 1709, - 1709, 1671, 5512, 1707, 5513, 4108, -962, 5920, 5579, 5731, - 4425, 5732, 2966, 2254, 2974, 2255, 1675, 4124, 4125, 1592, - 4127, 2256, 4129, 4130, 4131, 4132, 4133, 4134, 4135, 1593, - 4137, 1843, 5860, 1844, 4146, 4959, 5026, 5758, 5027, 5759, - 5028, 6078, 5201, 704, 5451, 1597, 1708, 791, 5976, 5792, - 5977, 5793, 1741, 5798, 157, 5793, 1599, 1387, 968, 969, - 3468, 5961, 972, 5850, 974, 4019, 976, 2046, 806, 806, - 1742, 1709, 5959, 791, 5851, 1600, 4019, 2975, 3089, 2977, - 1601, 2257, 2029, 2978, 5507, 1602, 1603, 32, 742, 6005, - 1604, 6006, 1200, 1200, 1708, 6008, -3621, -1693, 5958, 174, - 175, 1605, 6430, 3991, 1370, 743, -1692, 2981, 2982, 6031, - 1606, 6032, -2343, 1607, 6021, 6062, 1743, 6042, 2986, 6043, - 703, 1744, 6077, 1845, 4081, 2258, 1608, 1609, 948, 37, - 4179, 744, 2989, -759, 948, 6061, 6062, 6160, 39, 4875, - 5960, 6204, 6238, 6205, 5242, 5958, 174, 175, 41, 6250, - 1585, 6251, 5556, 5974, 1709, 6259, 5739, 6260, 6276, 1610, - 5793, -2343, 1708, 2996, 42, 5744, 5147, 703, 3008, 158, - 5962, 1613, 4698, 1846, 1614, 745, 949, 1315, 6278, 5975, - 5793, 966, 967, 968, 969, 970, 971, 972, 973, 974, - 975, 976, 1161, 6308, 5169, 5793, 5978, 1615, 5172, 2831, - 1749, 4280, 1709, 1745, 6318, 5180, 5793, 2223, 2224, 5344, - 6342, 5345, 5242, 5346, 4289, 5347, 6414, 5137, 6415, 1623, - 1847, 2259, 4673, -2577, 4675, 6062, 6063, 1624, 1747, 4290, - 4291, 4863, 2260, 1753, 4296, 4297, 5961, 2894, 1625, 1626, - -962, 1629, 950, 1630, 159, 1631, 5495, 6063, 947, 5474, - 4298, 1162, 5921, 1762, 1632, 1633, 1763, 4299, 1634, 5922, - 2457, 1635, 1636, 1637, 4692, 1754, -2343, -3621, 1638, 3951, - 1709, 1640, 1641, 1765, 5923, 1642, 1643, 704, 4693, 1647, - 4694, 998, 5976, 1648, 5977, 1649, 947, -962, 1650, 777, - 1651, 1764, 4300, -1349, 160, 1652, -2313, -1349, 1653, 950, - 1654, 1655, 1656, 4698, 1657, 1658, 5959, 1659, -2343, 4775, - 1660, 1848, 1661, 1664, 3952, 4308, 1665, -2343, 4314, 947, - 3737, 4315, 778, 1705, 704, 1666, 3738, -2343, 1667, 1668, - 1770, 1706, 2851, 1797, 4326, 1849, 6063, 1669, -1349, 1670, - 1707, 1672, 3040, -2343, -1349, 5962, 4488, 4327, 1673, 1674, - 1676, 1677, 5790, 5959, 170, 1678, 947, 947, 1679, 3739, - 1796, 1019, -2727, 1819, 1837, 1838, 1680, 4488, 949, 1840, - 4330, 1430, 950, 4817, 5960, 4187, 3953, -1349, 4928, 4929, - 4930, 4931, 4932, 4933, 4934, 4935, 4936, 4937, 1683, 4939, - 4940, 4941, 4942, 4943, 4944, 4945, 4946, 1684, 4947, 4948, - 4785, 5924, 4952, 4953, 4772, 1839, 1687, 1688, 3741, 1689, - 1163, 1690, 1164, 4786, 5925, 1691, 1705, 1692, 2960, 3954, - 1693, 5960, 1748, 1165, 1706, -2563, -2564, 949, 4686, 4787, - 5978, 5926, 1799, 1707, 4691, 1859, 5206, 4707, 3742, 1166, - 948, 949, 4711, 3746, 1869, 1705, 1860, 5849, 1872, 5934, - 1033, 1873, 1882, 1706, 1894, 1922, 4488, 1932, 1934, 4788, - 1938, 4332, 1707, 779, 1944, 5212, 5769, 4488, 1945, 5224, - 5961, 5225, 5763, 1954, 1952, 1951, 5775, 6065, 1956, 1960, - 1977, 3451, 949, 4488, 1978, 1979, 1981, 4495, 1990, 161, - 2001, 949, 949, 949, 162, 1705, 3089, 2002, 6065, 1708, - 2005, 2015, 4370, 1706, 5066, 2031, 5058, 2021, 4495, 5076, - 5980, 3779, 1707, 2032, 4695, 4203, 806, 5961, 791, 2042, - 2057, 5937, 4387, 806, 806, 2061, 4388, 5943, 5944, 4391, - 4392, 2064, 2076, 2080, 1705, 2084, 2090, 5717, 2104, 4789, - 3781, 2108, 1706, 6089, 2110, 2114, 2116, 2123, 2126, 5979, - 5260, 1707, 4696, 2128, 2898, 2130, 2132, 5059, 2131, 1242, - 2135, 2133, 3468, 2136, 1387, 6064, 2160, 2168, 2180, 163, - 4697, 5058, 2182, 5550, 5927, 4381, 3174, 1221, -3621, 5962, - 2183, 2184, 3955, 3956, 3957, 2188, 2189, 6065, 4442, 112, - 112, 3175, 1708, 2191, 2192, 4411, 4412, 4495, 1992, 4413, - 4790, 4414, 4684, 4415, 2194, 2204, 5963, 1709, 4495, 966, - 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, - 68, 1708, 5059, 1167, 4495, 2206, 5962, 2205, 3088, 1992, - 2215, 2222, 2236, 2264, 791, 2277, 806, 2279, 1705, 791, - 791, 3174, 2278, 777, 4515, 798, 1706, -1349, 2290, 5060, - 2292, -1349, 2295, 2296, 2305, 1707, 3175, -734, 4668, 2344, - -1903, -1903, 2348, 2351, 1993, 2360, 2370, 791, 791, 2374, - 2389, 1708, -1903, 2393, 4541, 1994, 778, 4576, 4577, 4578, - 2421, 2420, 2449, 1995, 5681, 5682, 3849, 5684, 5451, 2448, - 2454, 4457, -1349, -3039, 2455, 1993, 4462, 4463, -1349, 2472, - 1709, 4488, 4647, 4650, 2461, 4653, 1994, 2170, 2477, 998, - 1708, 1996, 2500, 2480, 1995, 3452, 2499, 4791, 4792, 3306, - 2501, 4532, -734, 4627, 1370, 1370, 947, 2527, 2542, 1709, - 1705, -1349, 4302, 1201, 1201, -1903, 2543, 2544, 1706, 3446, - 2545, 2547, 1996, 2549, 5980, 3447, 3477, 1707, 4488, 2548, - 2554, -1349, 4536, 966, 967, 968, 969, 970, 971, 972, - 973, 974, 975, 976, -2162, 2564, 2568, 1997, 2571, 949, - 2574, 2567, 5920, -1903, 2576, 949, 2575, -1903, 3448, 1709, - 2577, -1903, 2585, 2584, 5747, 2594, 5548, 2209, 2210, 1019, - -1903, -1903, 2595, 5575, 2596, 1998, 2220, -1903, 1997, -2343, - 2597, -1903, 2598, 2599, 2601, 6193, -1903, 2600, -1903, 4663, - 2603, 2604, -1903, 638, 1708, 2616, 2617, 779, 1709, 5043, - -1903, 2621, -1903, 2626, 5769, 3783, 1998, 2281, -1903, 2284, - 2632, 1168, 1169, 1170, 1171, 5301, 2635, 2663, 2640, 112, - 5963, 2680, 4495, 2666, 2297, 2298, 2300, 5317, -1903, 3307, - 2667, 2303, 2304, 998, 2668, 2682, 2669, 3453, -1903, 2321, - 4512, -1903, 3454, 2672, 2681, 5896, 4793, 4794, 1705, -736, - 639, 2690, 5041, 2694, 950, 2695, 1706, 2698, 1033, 5551, - 2699, -1903, 5552, 2711, 5043, 1707, 2712, 5963, 4310, 4495, - 2715, 2721, 2727, 2716, 2741, -2588, 2751, 4747, 2742, 2758, - -1903, 2750, 2762, 4751, -1903, 2793, 1708, 6108, 4144, 2802, - 2797, 1705, 2803, -1903, 1383, 2808, 2809, 2810, 947, 1706, - 1800, 2818, 1709, -736, 2821, 5135, 755, 5138, 1707, 4815, - 2841, 4313, -1903, 1019, 2868, 6111, 6112, 5146, 2869, 2871, - 640, 2887, 3174, 2890, 4698, 2892, 2893, -1903, 2912, 2895, - 2904, 2905, 641, -1903, -1903, 5155, 3452, 3175, 5852, 1327, - 5853, 5854, 174, 175, 2906, 2909, 2910, 5160, -1903, 2920, - -1903, 2931, 1992, 1705, 2927, 2976, 2934, 947, 2943, 2944, - 3446, 1706, 2946, 5181, 5294, 2947, 3447, 2948, 4807, -1491, - 1707, 947, 2949, 2953, 2961, 6044, -736, 2979, 2965, 5041, - 1897, 5550, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 3002, 1709, 642, 4387, 5921, 2973, 3448, - 4388, 2980, 1033, -736, 5922, 2984, 2990, 4795, 2985, 5061, - 3308, 3449, 947, 4370, 703, 2994, 4837, 806, 1993, 5923, - 4838, 947, 947, 947, 1708, 2995, 3088, 1801, 4042, 1994, - -736, 5436, 643, 755, 2997, 3001, 3007, 1995, 3740, 1802, - 757, -2313, 3740, 3012, 3019, 3025, 3032, 3044, 2951, 3174, - 1739, 6419, 3034, 3056, 2364, 6344, 3309, -1658, 3051, 3035, - 3036, 949, 3037, 4864, 3175, 1996, 948, 1708, 6148, 1662, - 1681, -736, 4873, 4865, 5061, 1685, 112, 3059, 3453, -3588, - 3061, 3062, 998, 3454, 3064, -1349, 3065, 5424, 3068, 759, - 3072, 5652, 4085, 791, 1803, 3073, 3074, -1903, 3094, 4923, - 3111, 3115, 1804, 791, 3114, 3116, 3123, 3459, 3119, 3124, - 3127, 3139, 3143, 3153, 6178, 3156, 3157, 6247, 5549, 3162, - 5062, 1997, 5042, 948, 3452, 5550, 3179, 4951, 3180, 1708, - -736, 3189, 1709, 3190, 3310, 3206, 3208, 3209, 3210, 1805, - 3213, 3214, 3246, 3255, 3259, 644, 5924, 3273, 3446, 1998, - 4903, 1992, 3737, 3280, 3447, 5125, 3284, 3288, 3738, 5925, - 4927, 3292, 1019, 3291, 3299, 5043, 2728, 757, 3300, 3298, - 3301, 704, 645, 3344, 3263, 1709, 5926, 3303, 3304, 3305, - 3347, 2419, 3354, 3360, 6429, 5062, 3350, 3448, 3356, 3361, - 3392, 3739, 3357, 3362, 1898, 3363, 948, 3311, -736, 3395, - 3364, 3365, 1574, 5032, 3366, 664, 2729, 3367, 3368, 806, - 3369, 3370, 2414, 3312, 3313, -1903, 759, 1993, 3314, 3315, - 3316, 1778, 3371, 3387, 3372, 3373, 3374, 3375, 1994, 3396, - 3376, 3377, 2099, 6369, 3398, 3408, 1995, 1709, 3378, 3379, - 3380, 3381, 3382, 2730, 3383, 3413, 3384, 5756, 3410, 3414, - 1622, 1033, 1806, 6247, 3422, 3423, 3418, 4923, 3411, 3424, - 3431, 3452, 3741, 3752, 1996, 3753, 3453, 798, 3412, 3751, - 3742, 3454, 5104, 6255, 3260, 3746, 3767, 3768, 3460, 1807, - 3766, 112, 3774, 3787, 3832, 5629, 3317, 5551, -1701, 3847, - 5552, 5630, 5043, 3818, 3817, 3805, 3806, 3819, 4452, 947, - 2770, 2771, 3846, 3833, 1242, 947, 3845, 3045, 3857, 3861, - 112, -73, 5126, 3855, 3863, 2783, 3865, 2785, 110, 5927, - 1997, 3864, 3868, 3869, 5631, 3873, 3874, 1704, 3881, 806, - 2483, 3882, 2482, 3912, 2862, 3935, 3927, 5596, 806, 3318, - 6322, 5601, 5602, 1899, 3973, 3737, 3979, 3933, 1998, 3981, - 3968, 3738, 6406, 646, 3983, 3984, 3985, 1900, 4008, 1901, - 4009, 4012, 5164, 6418, 2731, 4013, 4035, 5549, 4039, -2065, - 3261, 6406, 647, 4088, 5550, 5044, 2732, 4048, 4089, 6418, - 4049, 4090, 3737, 4110, 3739, 4106, 4117, 4118, 3738, 4119, - 4121, 1902, -1903, 4157, 4161, 1903, 2806, 4168, 4169, 4181, - 4163, 4239, 4263, 5634, 1904, 2171, 4242, 6255, 5635, 4248, - 2786, 2787, 4243, 4251, 4256, 4260, 4264, 4270, 4273, 4274, - 648, 3739, 5276, -1903, 4275, -1903, 4276, 4333, -1903, -1903, - 1784, 5551, 4334, 4356, 5552, 4373, 4344, 1905, 4364, 4345, - 4348, 4358, 4359, 5553, 4360, 4361, 4362, 649, 5883, 4363, - 4371, 4374, 4375, 4377, 4378, 1906, 650, 4382, 5319, 4397, - 4370, 4398, 4406, 3742, 2930, 4453, 4454, 2933, 3746, 4419, - 4424, 4425, 4426, 4437, 1808, 950, 2733, 4443, 4445, 1809, - 4446, 4447, 5100, 2945, 4450, 4458, 5045, 4451, 4461, 4510, - 4519, 950, 5303, 5306, 5308, 5310, -1814, -1819, 5313, 5314, - 3742, 2364, 5044, 5318, 2964, 3746, 5324, 112, 4539, 5328, - 4442, 4542, 5303, 4545, 4551, 5257, 5339, 5303, 4546, 4569, - 4552, 4574, 4632, 4587, 2241, 2242, 2243, 2244, 4640, 5270, - 5271, 5272, 4664, 1907, 4670, 4665, 4678, 4710, 4689, 806, - 1908, 4684, 4923, 4717, 5284, 5439, 2734, 4732, 4744, 4745, - 1909, 4759, 4763, 4767, 1810, 4766, 4769, 4778, 4779, 791, - 4809, 4627, 3004, 1811, 1910, 4339, 4818, 5315, 5316, 4025, - 2245, 2246, 2247, 4820, 4821, 806, 4824, 5329, 4826, 3740, - 4825, 2432, 4830, 4844, 5429, 5430, 4845, 5432, 1911, 41, - 5351, 4858, 5437, 4874, 5352, 5441, 5363, 1912, 5444, 5445, - 1913, 4875, 4898, 4880, 4879, 4897, 5453, 4899, 5454, 4900, - 4901, 947, 4904, 5045, 4924, 4925, 5300, 5460, 1914, 5398, - 5363, 2030, 2248, 2249, 2030, 4598, 4926, 754, 4938, 4966, - 6388, 950, 4983, -266, 665, 4986, 4988, 4996, 5803, 4998, - 5006, 2416, 5016, 5034, 5017, 5035, 5036, 5043, 5068, 1915, - 5078, 5052, 5054, 5067, 5077, 5079, 5080, 5081, 5082, 5084, - 5085, 5086, 5087, 5088, 5095, 5098, 5101, 5102, 755, 2414, - 5109, 5121, 5128, 5122, 5129, 4647, 4923, 4650, 5132, 4653, - 5551, 3450, 5134, 5552, 756, 4737, 2250, 5158, 5161, 4873, - 4873, 791, 5766, 5166, 5174, 5178, 5192, 5431, 948, 5211, - 5188, 5447, 5193, 2364, 5194, 5195, 5215, 949, 5196, 5210, - 791, 5457, 5448, 5197, 5198, 5205, 4873, 5209, 5217, 6133, - 5220, 5227, 5458, 4873, 5228, 5230, 5236, 5244, 4923, 5461, - 5252, 5462, 5463, 5476, 5254, 5255, 5256, 5262, 5263, 5267, - 5274, 5277, 5278, 5483, 5375, 1130, 5380, 5299, 5435, 5400, - 2251, 5392, 5401, 5402, 5411, 5409, 5410, 5405, 5407, 5412, - 6298, 5420, 2158, 5419, 949, 5421, 5422, 5455, 112, 5427, - 5425, 5438, 5504, 5442, 5443, 4104, 793, 5475, 950, 5477, - 5479, 5490, 5501, 5530, 5503, 5520, 806, 5521, 5535, 5536, - 5537, 5539, 5545, 5541, 5542, 5544, 5547, 5558, 5561, 5574, - 3737, 5578, 757, 5585, 5573, 5584, 3738, 5589, 5593, 5594, - 6050, 6051, 4881, 6053, 6054, 6055, 6056, 5592, 5597, 5531, - 5637, -2112, 5639, 5363, 5641, 5647, 5648, 5651, 5653, 5683, - 5677, 5685, 950, 758, 5686, 5678, 5657, 949, 5659, 3739, - 5661, 1622, 5668, 5688, 5282, 5701, 5707, 2252, 5708, 5712, - 6117, 759, 5690, 5718, 5057, 5754, 5723, 2275, 1622, 5286, - 1131, 5757, 5741, 5770, 5761, 5771, 5764, 5765, 1132, 5774, - 5772, 5777, 5791, 5795, 5807, 5797, 5788, -3743, 5565, 5799, - 5801, 158, 5287, 1133, 5823, 5825, 5829, -2725, 5836, 6117, - 4864, 5572, -2724, 1134, 1135, 1136, -2728, -2738, 4873, 5843, - -2742, 5856, 5838, 1137, 5858, 5813, 5855, -388, 5866, 5583, - -3738, -3736, 5583, 5588, 2253, -3740, -3734, 5590, 3742, -3739, - -3737, 4923, 3450, 3746, -3735, 5868, 5817, 4882, 5867, 5600, - 5874, 6424, 5638, 5875, 5636, 4883, 5881, 5876, 6172, 5884, - 5885, 6175, 5886, 5892, 5901, 5893, 5894, 5895, 5640, 6183, - 4884, 5897, 6186, 5906, 1778, 5915, 159, 5916, 5939, 5919, - 4885, 4886, 4887, 5940, 5945, 5951, 4466, 5987, 6004, 5990, - 4888, 5992, 5705, 6001, 6012, 6013, 6014, 6026, 6017, 6029, - 2254, 6035, 2255, 6030, 6039, 6049, 6045, 2425, 2256, 6052, - 6057, 6088, 6060, 6097, 1622, 4627, 5363, 6074, 6117, 6095, - 6076, 6099, 6100, 6101, 6103, 6106, 6105, 6107, 6120, 6121, - 3265, 5656, 6122, 5658, 6123, 6156, 6126, 6137, 6180, 6209, - 6159, 6165, 5692, 6201, 5694, 6199, 6202, 6212, 6215, 6221, - 6220, 6194, 6227, 6224, -2561, 2492, 6229, -2562, 6239, 6232, - 3263, 1138, 3263, 6235, 6240, 4595, 6244, 4600, 2257, 6287, - 6288, 6272, 6266, 1139, 6269, 6279, 6293, 6280, 6281, 6299, - 6297, 6345, 6302, 6357, 5696, 4923, 4873, 4923, 6291, 5693, - 6358, 806, 4923, 6359, 4873, 6348, 6353, 6361, 6370, 4923, - 4923, 6375, 6379, 4873, 6380, 6381, 6383, 6386, 5715, 4923, - 6387, 6384, 2258, 6389, 6385, 4923, 4873, 6395, 4873, 6394, - 6407, 6423, 3892, 950, 950, 6396, 5724, 4148, 4889, 5489, - 3450, 1705, 5488, 3178, 3741, 5487, 3988, 5942, 4568, 1706, - 4890, 5994, 5655, 6129, 6289, 1349, 1344, 1345, 1707, 2062, - 5995, 5649, 5903, 5511, 5750, 5382, 5902, 5760, 791, 5185, - 2440, 1124, 6425, 3944, 4165, 4896, 4245, 1458, 5164, 2760, - 4750, 2880, 5820, 1140, 5819, 5753, 5643, 2881, 5091, 2882, - 4614, 2613, 5714, 4829, 5560, 4835, 5237, 3049, 6164, 6249, - 2241, 2242, 2243, 2244, 5778, 6347, 6306, 5776, 6059, 2052, - 3294, 5089, 5428, 5989, 5094, 5470, 1124, 760, 2259, 5695, - 5591, 5293, 6326, 6219, 1141, 5745, 6223, 6150, 4226, 2260, - 6141, -2112, 6142, 174, 175, 4891, -166, 6143, 1142, 2364, - 6144, 4797, 4701, 4057, 5899, 4556, 2245, 2246, 2247, 5583, - 4892, 4760, 4743, 6124, 5800, 6162, 5142, 5522, 4336, 4812, - 4814, 5805, 791, 4810, 6352, 763, 4923, 4923, 764, 6319, - 5949, 1897, 3980, 6320, 6191, 6198, 6196, 5633, 5861, 5156, - 5691, 5689, 5092, 2071, 648, 4460, 5468, 947, 2161, 3966, - 2030, 4893, 2710, 6024, 2636, 3964, 3353, 6158, 2248, 2249, - 5865, 3862, 3170, 2795, 791, 4894, 4178, 4677, 3419, 792, - 2040, 761, 3820, 5363, 112, 1378, 3919, 1708, 5827, 5806, - 1991, 1767, 2039, 4038, 5123, 5839, 4823, 3870, 3788, 3790, - 4366, 2266, 3837, 5363, 2417, 5993, 3840, 3741, 2358, 4283, - 5202, 2276, 5848, 6292, 947, 6139, 6374, 2212, 6372, 948, - 2686, 2689, 3451, 5492, 5118, 1983, 6033, 5264, 6034, 2679, - 1984, 1985, 2250, 1986, 4923, 948, 2221, 1988, 4355, 949, - 4923, 3275, 5870, 5010, 3741, 2701, 4034, 2364, 5009, 4354, - 5555, 6038, 5873, 5251, 5530, 5546, 4873, 4041, 5204, 4037, - 5568, 5119, 1401, 4563, 3267, 2034, 4803, 5887, 5891, 5015, - 4564, 774, 2106, 765, 2048, 2801, 1263, 3417, 4676, 1879, - 4868, 2833, 4069, 5789, 5269, 4854, 2414, 947, 4851, 6343, - 5531, 1469, 2533, 1474, 5363, 1709, 2251, 3145, 1247, 1248, - 3146, 3913, 2041, 1250, 3183, 4681, 5818, 5577, 2166, 6346, - 5413, 5972, 5914, 2624, 6376, 5972, 1577, 6422, 6426, 5687, - 6368, 3254, 3160, 4807, 3415, 5570, 3904, 1205, 5583, 2886, - 3905, 3472, 3110, 1206, 1575, 3906, 5946, 3901, 4923, 4396, - 3898, 3897, 2646, 1782, 2888, 1761, 4575, 1160, 3343, 2460, - 1124, 2154, 5986, 3740, 1124, 1898, 2865, 2155, 5991, 5033, - 3866, 4628, 3982, 5131, 5742, 1296, 1937, 783, 767, 768, - 769, 4516, 3236, 4674, 1557, 948, 6231, 1124, 6002, 5388, - 4246, 2883, 1575, 5399, 5389, 5385, 5384, 1124, 0, 0, - 0, 4923, 2414, 2252, 0, 0, 0, 0, 0, 0, - 0, 791, 0, 806, 0, 0, 0, 0, 0, 6020, - 4923, 791, 0, 0, 0, 0, 0, 6019, 1622, 2929, - 0, 0, 0, 0, 0, 0, 950, 0, 0, 4442, - 4442, 0, 0, 0, 0, 0, 6037, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1124, 1124, 1124, 1124, 0, 6016, 1575, - 2253, 0, 0, 3451, 0, 5972, 1124, 0, 6022, 0, - 0, 0, 0, 0, 6179, 6075, 0, 0, 0, 0, - 6087, 0, 5972, 0, 0, 0, 6094, 0, 0, 0, - 0, 0, 6102, 0, 0, 0, 0, 0, 0, 0, - 0, 2999, 0, 0, 1899, 0, 0, 0, 0, 806, - 0, 0, 0, 0, 3014, 0, 0, 0, 1900, 0, - 1901, 0, 948, 0, 0, 6125, 2254, 6127, 2255, 0, - 0, 0, 0, 0, 2256, 0, 6136, 0, 0, 0, - 0, 5848, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1902, 0, 0, 0, 1903, 0, 0, 0, - 0, 0, 1575, 0, 0, 1904, 0, 5891, 0, 0, - 0, 0, 0, 0, 0, 0, 948, 0, 5914, 0, - 0, 6173, 6174, 0, 0, 0, 0, 0, 0, 0, - 0, 806, 748, 6185, 2257, 0, 0, 0, 1905, 0, - 0, 6262, 0, 0, 3071, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1906, 0, 0, 0, - 1784, 0, 0, 6200, 0, 0, 0, 0, 0, 4627, - 0, 0, 5583, 0, 5583, 5588, 0, 0, 2258, 0, - 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, - 6263, 3451, 0, 0, 0, 1700, 0, 1702, 0, 0, - 0, 6225, 3741, 791, 6332, 0, 0, 0, 0, 0, - 0, 0, 6233, 0, 0, 0, 6305, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1907, 0, 2364, 0, 0, 0, - 0, 1908, 0, 6256, 0, 0, 6257, 0, 2158, 0, - 0, 1909, 0, 0, 0, 0, 0, 0, 806, 0, - 6226, 0, 0, 0, 0, 1910, 0, 4627, 0, 0, - 0, 0, 0, 0, 2259, 0, 5583, 5583, 0, 0, - 6273, 0, 0, 0, 0, 2260, 0, 5583, 1622, 1911, - 0, 0, 0, 1575, 0, 0, 1575, 0, 1912, 6286, - 0, 1913, 0, 0, 0, 0, 0, 6290, 0, 0, - 0, 0, 3449, 0, 0, 0, 0, 0, 0, 1914, - 0, 0, 5972, 5972, 0, 0, 0, 0, 3451, 947, - 0, 0, 0, 806, 0, 0, 0, 0, 0, 0, - 6427, 0, 0, 0, 0, 0, 0, 5583, 0, 0, - 1915, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 6413, 0, 6331, 5972, 0, 0, 6333, 1124, 0, 6420, - 0, 0, 2364, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 948, 948, 0, - 0, 2030, 0, 2030, 2030, 3287, 0, 0, 0, 0, - 949, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 949, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1575, 0, 0, 0, 0, 0, - 0, 0, 0, 1124, 0, 1124, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 2364, 0, 0, 0, 0, 0, 806, 0, 0, - 0, 0, 2364, 0, 0, 0, 806, 0, 0, 0, - 2364, 1124, 1124, 0, 0, 0, 0, 1124, 2364, 0, - 0, 1124, 1124, 1124, 0, 0, 0, 0, 0, 0, - 2158, 1124, 1124, 1575, 0, 0, 0, 1124, 0, 0, - 0, 1124, 1124, 1124, 0, 1124, 1124, 1124, 0, 1575, - 1575, 0, 0, 0, 0, 0, 1124, 0, 1124, 0, - 0, 1124, 1124, 1124, 1124, 0, 1124, 0, 1124, 1124, - 0, 0, 0, 3449, 0, 0, 949, 0, 0, 0, - 0, 0, 1124, 1124, 1124, 1124, 1124, 0, 1124, 1124, - 1124, 1124, 1124, 1124, 0, 1124, 1124, 0, 1124, 1124, - 0, 1124, 1124, 0, 0, 1124, 1124, 0, 1124, 1124, - 0, 0, 1124, 0, 1124, 0, 0, 0, 1124, 1124, - 1124, 0, 0, 1124, 1124, 1124, 1124, 0, 1124, 0, - 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, - 0, 1124, 1124, 1124, 1124, 0, 0, 0, 0, 0, - 0, 0, 1124, 1124, 0, 1124, 1124, 0, 0, 1124, + 620, 812, 112, 705, 135, 2291, 2413, 748, 808, 110, + 1355, 1193, 1244, 2446, 2593, 818, 2739, 2614, 1431, 153, + 3154, 679, 2044, 1430, 1856, 679, 2363, 668, 107, 3161, + 679, 2638, 1556, 693, 2271, 3978, 709, 1387, 2237, 1202, + 807, 1197, 1387, 1198, 1387, 1274, 716, 2637, 2185, 2805, + 928, 801, 724, 1194, 2017, 3132, 728, 717, 1777, 3165, + 1780, 1781, 3290, 725, 1581, 4046, 1151, 4160, 1794, 3176, + 749, 2346, 2230, 1758, 2719, 4540, 3443, 4624, 1542, 3118, + 1547, 4625, 1548, 1549, 4021, 897, 4040, 3910, 4527, 1553, + 2366, 2029, 1621, 1199, 2029, 3877, 4963, 4579, 2398, 2399, + 2400, 2401, 2402, 2403, 2404, 2406, 2408, 2409, 2410, 2411, + 2412, 3747, 2137, 3748, 4259, 897, 4047, 4036, 2302, 791, + 899, 828, 4257, 3469, 3470, 2558, 2516, 2517, 3871, 3872, + 1300, 1982, 3173, 1307, 3224, 686, 4990, 112, 3749, 3258, + 1948, 2007, 4654, 3731, 793, 2054, 2113, 3731, 4517, 950, + 1159, 796, 798, 3358, 3252, 798, 2445, 806, 3941, 819, + 4020, 2033, 1207, 107, 2724, 950, 820, 1695, 1697, 1698, + 1203, 2754, 2876, 789, 821, 112, 790, 135, 2055, 5351, + 1740, 5100, 110, 1260, 822, 2523, 4509, 823, 4111, 3251, + 3251, 2378, 5187, 4271, 5047, 5048, 4616, 4455, 2796, 2386, + 2388, 107, 2391, 2392, 5587, 2539, 682, 5000, 5588, 1461, + 4703, 4703, 5049, 4703, 3920, 5564, 4266, 1420, 4703, 4429, + 3850, 4266, -502, -502, 4703, 711, 5052, 3994, 5054, 2552, + 2553, 5066, -2555, 2605, 5177, -2556, -1044, -1044, -2849, -2849, + 4023, 4024, 1662, -2150, 1681, 5084, -3438, -3438, 4641, 4501, + 4501, 5108, -400, -400, 1417, 1556, -1903, -1903, 4070, -3439, + -3439, 4337, 2170, 2223, 2224, 2225, 2687, 2226, 4261, 2227, + 2811, 2228, 4254, 4868, 3390, 730, 766, 1505, -1903, -1903, + 2079, 1705, 727, 2885, 4255, 4758, 1506, 1685, 2861, 1706, + 1406, 4098, 3331, 4428, 4429, 4758, 2861, 1815, 1707, 2861, + 4265, 1858, 4758, 2170, 733, 1330, -3516, 1331, 2791, 1417, + 3251, 1333, 1334, 1177, 4338, 1453, 4126, 2632, 4006, 6170, + -3499, 4272, 1405, 4083, 5936, 2170, -1903, 2861, 2861, 2050, + 4762, 1705, 2223, 2224, 2225, 708, 2226, 4763, 2227, 1706, + 2228, 2223, 2224, 2225, 1705, 2226, 5628, 2227, 1707, 2228, + 817, 1727, 1706, 2861, 5485, 815, -3503, 2743, -3502, 4680, + 1727, 1707, -2211, -3438, 1417, 1417, 4501, 1417, -3500, -2211, + 3471, 5535, 3961, 3962, 4738, 1705, -3439, -3501, -2704, 2185, + 1728, 1729, 4281, 1706, -3506, 1705, 4959, 4060, 708, 1728, + 1729, 1727, 1707, 1706, 3420, 3003, 950, 664, 950, -1903, + 950, 950, 1707, 32, 3053, -2720, 2120, 950, -3438, 4164, + 950, -2721, 1727, -2722, 1705, -1903, 811, 1439, 2861, 1559, + 2170, -3439, 1706, 708, 2899, 671, 2951, 6152, 1339, 4663, + 2861, 1707, 3187, 777, 2828, 2861, 5816, 2134, 1824, 1417, + -1903, 1728, 1729, 2822, 1730, 4974, 5729, 1727, 2812, 4142, + 1779, 3222, 5379, 1730, 39, 6385, 2573, 1708, 699, 5379, + 1857, 1417, 32, 4570, 4244, 2861, 778, 2170, 1417, 2861, + 1822, 2050, 3399, 4064, 4100, 4723, 1728, 1729, 4724, -1903, + 2861, 3044, 4138, 847, 1730, 1530, 5298, 850, 2940, 852, + -1903, 853, 854, 4973, 855, 856, 857, 4292, -1863, 5395, + 1535, 5720, 2213, 5303, 6139, 1730, 1271, 1708, 5306, 4269, + 5435, 5797, -1978, 39, 1417, 2811, 1705, 1346, -1903, 703, + 1708, 4166, 1525, 41, 1706, 6275, 5970, 1150, 4777, 5071, + 1731, 5372, -2849, 1707, 895, 3060, 5460, 32, 5308, 1731, + 1730, 4430, 5310, 3332, 4950, 660, -1903, 5906, 4681, 4522, + 6223, 1708, 2857, 5328, -3438, 1705, 1347, -1903, 5321, 2647, + 2639, 1708, 6237, 1706, 895, 1709, 1447, -3439, 1476, 675, + 1731, -1903, 1707, 1396, 4091, 4975, 6400, 5810, 2206, 700, + 5373, 1310, 1311, 4066, 1705, 1268, -1903, 4697, 39, 2206, + 1708, 1731, 1706, 1355, 1705, 5392, 707, 1705, 41, 1284, + -1903, 1707, 1706, 5322, 2206, 1706, 2858, 779, 4523, 4337, + 634, 1707, 1221, 1746, 1707, 1709, 4727, 6004, 4143, 2206, + 2051, 3174, 1705, 5415, 708, 835, 1731, 1705, 1709, 636, + 1706, 5187, 1397, 950, 5416, 1706, 3175, 2219, 1853, 1707, + 1855, 1888, 2469, 5300, 1707, 1755, 4139, 4923, 2280, 3147, + 861, 806, 2901, -735, -1863, 5070, 6029, 2479, 6401, 1709, + 2065, 6238, 4338, 2283, 4951, 1695, 1697, 3101, 5520, 1709, + 5038, 5391, 5323, -1903, 4728, 1148, 704, 1387, 2299, 3155, + 6105, 806, -224, 2235, 4225, 6114, 5741, 2456, 4524, 10, + 5772, 4685, 1708, 2812, 1448, 4778, 1265, 2185, 1709, 3891, + 1621, 2214, 806, 1485, 1486, 1531, 1957, 3797, 4011, 4616, + 4571, 3218, 4015, -1903, 1287, 1282, 806, 1536, 5577, 4703, + 3054, 6276, 835, 4005, 5039, 835, 1823, 5374, 4383, 4384, + 2029, 1708, 1481, 4758, 2514, -1903, 4101, 6295, 17, 5730, + 5865, 1478, 2065, 1479, 1295, 3015, 3279, 4703, 1329, 1705, + 4140, 4703, 3391, 3066, 3067, 4266, 32, 1706, 4703, 3251, + 1708, 1526, 2051, 4501, 5072, 791, 1707, 2673, 5149, 4758, + 1708, 4685, 1280, 1708, 2884, 6386, 2054, 4686, 2688, 4259, + -1978, 4259, 1410, 1403, 1705, 1149, 3264, 4689, 4259, 4691, + 3009, 3010, 1706, 6335, 840, 806, 4710, 2705, 1708, 4372, + 1709, 1707, 4259, 1708, 5178, 4923, 4259, 39, 1340, 2055, + 4030, 806, 661, 838, 4725, 4976, 4259, 41, -1863, 6148, + 1450, -3438, 1370, 4598, 4736, 3016, 665, 4758, 2415, 3346, + 841, 2092, 859, 791, -3439, 4518, 2447, 664, 1854, 1709, + 1473, 4065, 1475, 32, 5344, 798, 960, 798, 4149, 806, + 3004, 4251, 1484, -2211, 2122, 5596, 3909, 4339, 2800, 1440, + -2211, 5974, 5220, 5651, 5073, 3398, 836, 2446, 1709, 1254, + 2830, 6153, 3023, 3024, 5909, 3027, 3028, -1903, 1709, 4501, + 3860, 1709, 705, 1964, 5731, 37, 1967, 3045, 3386, 4084, + 1970, 1971, 1972, -3516, 39, 1975, 1976, -3532, -3626, 3403, + 672, 5032, 731, 4365, 41, 2744, 1709, -3499, 791, 897, + 1546, 1709, 1437, 2900, 3017, 1894, 3148, 2551, 2744, 1551, + 42, 2217, 1554, 2047, 6166, 1708, 2809, 4070, 1267, 1816, + 2794, 734, 112, 1705, 135, 1561, 68, 4663, 950, 110, + 2200, 1706, 5535, -3503, 4399, -3502, 4400, 4401, 1507, 1405, + 1707, 5382, 732, 3256, 3257, -3500, 1350, 1480, 107, 1482, + 1708, 1705, 2390, -2735, -3501, 1538, 1894, 4683, 4684, 1706, + 4261, -3506, 2099, 4180, 5503, 701, 948, 3333, 1707, 4699, + 2171, 3385, 2457, 1418, 1727, 4714, 4340, 1430, 3994, 4642, + 6155, 4717, 948, 1820, 2099, 68, 2744, 1200, 2340, 1663, + 4726, 1682, 4730, 4731, 4732, -2561, 4734, 4735, -2562, 5750, + 2445, -502, 5677, 1728, 1729, 4025, 4739, 4740, 4741, 4742, + 4743, 2171, -3532, 748, 6212, -1044, 6214, -2849, 2229, 2179, + 6215, 4379, 2520, 1709, 2522, -3438, 2099, 2526, 1418, 2862, + 2187, -400, 3013, 2171, 1686, -1903, 4583, 2862, -3439, 2534, + 2862, -115, 2537, -115, 1769, 2538, 2540, 3394, 3399, -119, + 1430, -119, -111, 1778, -111, 4624, 895, -1903, 1709, 4625, + 68, 1792, 5047, 5048, 5680, 1682, 5681, 1730, 2862, 2862, + 5391, 1703, 2555, 2556, 2557, 3909, 1700, 2835, 1702, 2952, + 5049, 1705, -2732, 1418, 1418, 5486, 1418, 2301, 4141, 1706, + 2913, 1980, 1827, 1327, 2862, 5066, 6322, -2704, 1707, 1708, + 1355, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 1193, + 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, 6271, 6272, + -1903, 5274, -2704, 3005, -2720, 5040, 2859, 1708, 2171, 6278, + -2721, 3219, -2722, 2902, 806, 5910, 5836, 1202, 5838, 1197, + 2702, 1198, 4525, 1734, 1735, 1736, 1737, 1738, 1739, -2720, + 5354, 1194, 5825, 1731, 4251, -2721, 662, -2722, 1418, 2862, + 2932, 806, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, + 806, 2862, 5841, 806, 4616, 2171, 2862, 1705, 806, 2065, + 1418, 1958, 1556, 1793, 3893, 1706, 6312, 1418, 6429, 6311, + 897, 1199, 5187, 5676, 1707, 4339, 5832, 1732, 1733, 1734, + 1735, 1736, 1737, 1738, 1739, 2478, 2862, 1709, 3102, 806, + 2862, 4501, 3121, 948, 4501, 948, -3532, 948, 948, 1355, + 835, 2862, 835, 3103, 948, 2470, 664, 948, 4610, 840, + 1355, 1355, 4837, 1418, 1925, 1709, 1891, 5074, 2453, 5707, + 5498, 2432, 2013, 818, 664, 664, 5217, 1877, 1798, 791, + 5219, 4112, 4553, 5331, 791, 791, 665, 1708, 3875, 843, + 1207, 703, 2937, 5351, 5351, 841, 4404, 4923, 1203, 4693, + 3907, 1926, 3936, 2070, 4266, 4554, 1379, 3276, 4266, 68, + 1936, 1371, 748, 1177, 4595, 4695, 6336, 3934, 3765, 1865, + 1705, 2620, 1950, -3325, 791, 1949, 1928, 3965, 1706, 4104, + 5911, 2602, 2433, 2371, 5845, 2446, 1880, 1707, 4856, 4964, + 5240, 1887, -2549, 703, 2018, 1962, 6356, 3144, 908, 2724, + 4908, 1381, 2623, 1177, 1812, 2725, 2074, 1817, 2581, 680, + 5009, 169, 2907, 5012, 3095, 5647, 2093, 2206, 791, 1989, + 2921, 2502, 2922, 2938, 4501, 1700, 1177, 1702, 895, 3336, + 2928, 3117, 3018, 1708, 4991, 3122, 696, 2054, 1821, 2012, + 4544, 5232, 3057, 3058, 6313, 1709, 68, 4259, 2923, 2726, + 2924, 2139, 5672, 2939, 4547, 5215, 5013, 2036, 6314, 4584, + 4436, 703, 5600, 5233, 897, 4240, 5091, 819, 3100, 6337, + 2055, 3796, 2862, 1835, 820, 1370, 2320, 4241, 2045, 2046, + 1403, 2049, 821, 112, 3409, 135, 3849, 3941, 2482, 2059, + 110, 2029, 822, 2029, 2029, 823, 1515, 1730, 704, 6357, + 791, 2019, 806, 3835, 3838, 3841, 3842, 1965, 1966, 107, + 798, 791, 2518, 3243, 791, 4115, 2054, 2876, 2203, 3244, + 169, 3828, 3829, 4844, 2237, 791, 1920, 5912, 2445, 791, + 948, 2107, 4600, 4968, 5835, 4534, 4535, 1930, 2524, 4395, + 4923, 1709, 2117, 2379, 2723, 806, 1708, 806, 791, 2055, + 704, 1813, 4857, 4159, 3337, 4530, 4531, 2063, 3282, 4407, + 3285, 3286, -736, 4410, 1705, 2815, 2816, 1861, 2075, 3821, + 1705, 3824, 1706, 1751, 2582, 2992, 1372, 2993, 806, 2817, + 4585, 1707, 4644, 1731, 806, 3915, 2103, 1707, 2103, 2649, + 2650, 3251, 3251, 2854, 4721, 2848, 3854, 2849, 2660, 2661, + 2662, 5880, 1414, 909, -1289, 5663, 5665, 1889, 2181, 4758, + 2963, 4758, 2831, 1712, 1713, 1714, 1508, 1715, 704, 4803, + 748, 2718, 1705, 2380, 1705, 3277, 4655, 5332, 3731, 5333, + 1706, 1379, 1706, 6284, 791, 806, -3325, 4697, 3909, 1707, + 950, 1707, 2759, 4105, 5747, 842, 5749, 2850, 1892, 928, + 1151, 2079, 6131, 1516, 1709, 4698, -2150, 2094, -2150, 5781, + -2150, 2434, 1221, 5334, 1705, 1705, 4113, 3894, 3908, -924, + 1417, -924, 1706, 1706, 4965, 112, 1381, 6132, 950, 5015, + 3421, 1707, 1707, 1700, 5698, 1702, 5700, 4685, 4405, 2414, + 4007, 5705, -3335, 5335, 3895, 4703, 2459, 2050, 5710, 5711, + 1525, 1705, 1221, 6338, 858, 3026, 5241, 4555, 5717, 1706, + 6136, 950, 2381, 6001, 4923, 1383, 2856, 4152, 1707, 895, + 6082, 6086, 1818, 171, 2855, 1221, 4093, 4094, 4672, 4673, + 4095, 4096, 4097, 791, 1716, 665, 4693, 791, 2867, 3022, + 1708, 2095, 4975, 2096, 791, 2383, 2875, 2099, 950, 950, + 1177, 2483, 4695, 665, 665, 2364, 1260, 2513, 3339, 3822, + 2447, 3823, 2504, 2505, 5805, 2507, 2509, 2510, 2511, 5811, + 5812, 6315, 3011, 4969, 112, 1705, 6150, 2561, 2521, 4154, + 3970, 2372, 4656, 1706, 843, 681, 170, 6229, 1836, 2908, + 2341, 3827, 1707, 2713, 2345, 1517, 2536, 1862, 1708, 5128, + 1708, 2352, 1771, 3420, 3402, 3134, 806, 1752, 2419, 3135, + 3974, 3137, 1890, 2439, 1384, 1733, 1734, 1735, 1736, 1737, + 1738, 1739, 708, 6010, 791, 3142, 5336, 2519, 806, 806, + 2175, 4722, 171, 2097, 1509, 948, 806, 2471, 3150, 3151, + 1708, 1708, 1594, 1595, 1596, 4558, 4561, 1379, 1709, 4561, + 4558, 1380, 3198, 2525, 1709, 3797, 3797, 6082, 2488, 3937, + 5337, 6086, 2435, 3199, 5782, 5783, 798, 798, 791, 798, + 798, 798, 798, 791, 806, 806, 791, 1708, 5191, 2654, + 2657, 2452, 798, 2628, 4581, 6041, 5863, 1301, 1644, 3090, + 3174, 3085, 1381, 3086, 3914, 6285, 1863, 2920, 1382, 2535, + 798, 2541, 806, 1705, 2642, 3175, 1709, 2098, 1709, 5214, + 1705, 1706, 1864, 895, 5908, 2648, 1510, 4287, 1706, 4288, + 1707, 6310, 5419, 791, 3975, 2506, 640, 1707, 1705, 1942, + 2512, 1383, 4680, 2515, 3112, 791, 2658, 2659, 641, 1526, + 3960, 2465, 2629, 3087, 4066, 1707, 4657, 2175, 1709, 1709, + 1772, 1708, 5313, 4923, 897, -3335, 2693, 2730, 1812, 5870, + 6355, 1705, 5326, 5327, 3038, 6156, 1705, 5784, -924, 1706, + 1302, 5949, 3039, 835, 1706, 1355, 5961, 1727, 1707, 2466, + 2550, 1355, 4976, 1707, 2529, 1709, 5150, 6410, 2051, 3063, + 5998, 1556, 2560, 2138, 835, 791, 1355, 4052, 6196, 1527, + 2625, 6042, 6198, 2714, 6207, 1556, 1728, 1729, 2176, 2738, + 6297, 2054, 3092, 4351, 1923, 4352, 6011, 1705, 3200, 3159, + 3091, 806, 2175, 1563, 4697, 1706, 3876, 2530, 2644, 4699, + 806, 806, 806, -1289, 1707, 5864, 791, 2065, 643, 5785, + 798, 798, 4698, 3880, 2055, 2177, 3459, 710, 3938, 1221, + 3889, 3890, 5288, 4843, 791, 6082, 6086, 5775, 2120, 1709, + 3197, 5192, 4847, 4848, 2029, 791, 791, 5539, 5878, 3182, + 1730, -2343, 5962, 806, 1564, 1705, 4171, 4172, 3993, 1708, + 2099, 1290, 1705, 1706, 4422, 3265, 1708, 3198, 3878, 1384, + 1706, 777, 1707, 2652, 771, 4567, 4053, 6243, 3199, 1707, + 2333, 2334, 5558, 4010, 3976, 1813, 5289, 4014, 1943, 4423, + 6009, 1370, 1355, 3113, 2065, 3468, 3468, 3468, 950, 5933, + -2343, 4681, 1370, 1370, 778, 2176, 806, 4054, 2917, 6022, + 6411, 3282, 6208, 5044, 2467, 791, 6168, 1708, 1565, 6172, + 4153, 791, 1708, 3201, 5939, 2753, 5965, 1990, 5051, 5472, + 5965, 4629, 4548, 5065, 770, 1705, 1731, 712, 5075, 1924, + 2382, 2072, 2099, 1706, 791, 2531, 1291, 1392, 1736, 1737, + 1738, 1739, 1707, 1473, 718, 1200, 2029, 4259, 645, 2807, + 771, 5963, 5201, 6218, 6219, 5752, 6308, 1709, 2814, 791, + 791, 2099, 2746, 1708, 1709, 3945, 3946, 6366, 2749, 1705, + 2176, 5001, 5002, 4055, 2826, 2826, 5290, 1706, 2447, 1425, + 6209, 1566, 1705, 6016, 6328, 5117, 1707, 5118, 3296, 3297, + 1706, 1992, 5823, 1292, 5282, -2343, 5282, 4056, 806, 1707, + 3909, 6383, 791, 2706, 751, 6266, 5236, 2073, 6265, 5519, + 947, 5544, 791, 4156, 5059, 1709, 4630, 5843, 2870, 5384, + 1709, 1708, 750, 3200, 6119, 5497, 947, 6352, 1708, 2879, + 861, 2825, 2825, 5933, 2110, 779, 4001, -2343, 5473, 4701, + 5441, 1992, 3947, 4259, 5291, 3232, -2343, 4259, 3233, 753, + 1705, 6242, 2060, 6244, 3241, 4725, -2343, 1993, 1706, 2840, + 5003, 5939, 3452, 6119, 3446, 5060, 3447, 1707, 1994, 1538, + 5965, 1709, -2343, 6378, 3750, 1384, 1995, 3090, 897, 3085, + 950, 3086, 112, 6329, 3174, 3755, 3756, 5965, 5714, 2911, + 3011, 3737, 2918, 3738, 6193, 3737, 5704, 3738, 1705, 3175, + 2707, 1708, 3040, 1556, 1996, 2394, 1706, 1993, 4050, 3459, + 722, 5283, 6302, 3401, 949, 1707, 3448, 1705, 1994, 1717, + 1718, 1719, 5796, 3867, 1705, 1706, 1995, 5426, 1430, 1709, + 949, 3087, 1706, 799, 1707, 1201, 1709, 5004, 6330, 950, + 6296, 1707, 3791, 3739, 4350, 1708, 4353, 3739, 3201, 1426, + 2919, 1993, 2925, 950, 1996, 1705, 4797, 5061, 1708, 3795, + 1997, 5822, 1994, 1706, 5842, -734, 5151, 1427, 748, 1418, + 2684, 1476, 1707, 895, -2150, -2150, 5951, 2335, 2093, 791, + 2336, 2708, 5152, 791, 4051, 3454, 4699, 1424, 1998, 723, + 2414, 2966, 2935, 3453, 950, 6268, 6317, 3000, 736, 5735, + 3092, 2395, 4427, 950, 950, 950, 4557, 2862, 3091, 1709, + 1997, 4693, 3746, 2770, 2771, 5872, 3746, 2396, 5795, 4728, + 3742, 5736, 4728, 802, 3742, 1177, 1708, 4695, 2783, 2936, + 2785, 1700, 4717, 1702, 3129, 2427, 2983, 948, 1998, 3130, + 2987, 4726, 5300, 4730, 4731, 4732, 4734, 4735, 3038, 3133, + 5296, 5296, 1705, 1709, 2685, 3136, 4840, 947, 1867, 947, + 1706, 947, 947, 5434, 1705, 1831, 1709, 2428, 947, 1707, + 5737, 947, 1706, 4027, 1708, 948, 703, 737, 6318, 5249, + 5250, 1707, 1998, 806, 806, 1380, 1193, 1193, 1832, 2397, + 806, 1721, 3166, 1708, 2826, 2826, 5860, 5465, 2920, 3082, + 1708, 6393, 6394, 2941, 5030, 5387, 5031, 806, 948, 806, + 5224, 1868, 3107, 3108, 1202, 1202, 1197, 1197, 1198, 1198, + 6361, 2852, 4251, 2786, 2787, 3186, 4028, 5044, 1194, 1194, + -2723, 1708, 1382, 800, 1709, 1355, 703, 3128, 798, 1355, + 1705, 2429, 159, 798, 5625, 948, 948, 3131, 1706, 5861, + 3808, 2825, 2825, 798, 816, 6379, 3335, 1707, 3138, 798, + 1493, 949, 1705, 949, 3809, 949, 949, 825, 1199, 1199, + 1706, 4633, 949, 827, 5405, 949, -608, 1705, 4634, 1707, + 1705, 6392, 1709, 4858, 3230, 1706, 791, 1722, 1706, 5056, + 1705, 3851, 3238, 3240, 1707, 684, 4251, 1707, 1706, 5905, + 690, 1709, 1877, 1723, -2729, 3174, 1705, 1707, 1709, 806, + 3169, 791, 2013, 708, 1706, 3459, 3290, 1705, 1705, 2094, + 3175, 1494, 2430, 1707, 1495, 1706, 1706, 839, 1708, 2974, + 5014, 835, 5106, 704, 1707, 1707, 2975, 1207, 1207, 1709, + 1708, 791, 806, 3149, 4256, 1203, 1203, 4256, 3196, 849, + 3193, 1496, -2731, 5057, 791, -2737, -962, 1705, 3336, 5058, + 1497, 851, 5125, 2674, 5954, 1706, 5956, 4723, 3171, 2675, + 4724, 2676, 1355, 911, 1707, 1724, 2065, 2065, 6019, 3247, + 3221, 950, 3141, 3248, 3226, 3227, 791, 950, 798, 2942, + 1705, 3909, 2977, 704, 947, 791, 3239, 798, 1706, 4697, + 791, 3909, 3909, 2095, 2735, 2096, 791, 1707, 2735, 1734, + 1735, 1736, 1737, 1738, 1739, 4251, 1708, 4698, 6326, 6326, + 1127, 791, 5960, -2740, 1221, 3263, 4992, 895, -2343, 2012, + 3268, 4251, 4416, 4993, 1705, 4994, 1709, 5062, 1708, -2743, + 4765, 4766, 1706, 3228, 2677, 2950, 1129, 1147, 1709, 4685, + 1705, 1707, 3237, 1708, 3295, 1153, 1708, 1370, 1706, 6363, + 1253, 4812, 3302, 1370, 4251, 4814, 1708, 1707, 4251, 4785, + 4058, 4059, -2744, 4061, 4063, 6074, -2745, 1145, 1370, 806, + 1705, 4449, 1708, 3337, 1705, 791, 674, 4805, 1706, 1255, + 5961, 2029, 1706, 1708, 1708, 2097, 1257, 1707, 949, 1266, + 5339, 1707, 4823, 2962, 4864, 5341, 1705, 6093, 1312, 1271, + 2967, 1313, 1314, 4408, 1706, 4409, 1315, 1778, 4251, 1778, + 5296, 1276, 1705, 1707, 1709, 4380, -2747, 1279, 4251, 2805, + 1706, 4421, 3737, 1708, 3738, 3393, -2748, 791, 2035, 1707, + 5699, 2037, 2037, 791, 806, 806, 1709, 1285, 5063, 4809, + 1288, 2670, 5901, 2671, 1161, 3338, 806, 5712, 4549, 1705, + 1297, 1709, 5262, 1705, 1709, 1299, 1708, 1706, 4661, 2098, + 5721, 1706, 5723, 2862, 1709, 1941, 1707, 5567, 5568, 1308, + 1707, 1946, 1947, 2968, 3739, -2393, 5962, -2393, 1320, 1321, + 1709, 1324, 4835, 1325, 1370, -1903, -1903, 1705, 4560, 2862, + 3400, 1709, 1709, 1306, 3245, 1706, 1322, -1903, 1705, 770, + 1708, 1705, 1705, 1162, 1707, 948, 1706, 3082, 6185, 1706, + 1706, 6188, 2829, 5763, 2830, 1707, 1708, 2971, 1707, 1707, + 2926, 5142, 2278, 1326, 806, 1705, 806, 4173, 4174, 4175, + 2972, 1709, 2170, 1706, 2969, 3463, 2970, 3464, 1328, 1705, + 5153, 2665, 1707, 3746, 4580, 2862, 1708, 1706, 1332, 5158, + 1708, 3742, 174, 175, 1705, 5160, 1707, 6372, 6374, 1705, + -1903, 3926, 1706, 2830, 1709, 5174, 4693, 1706, 4565, 4566, + 3909, 1707, 1708, 5183, 5184, 1335, 1707, 3339, 6177, 6178, + 4694, 5251, 4695, 950, 4018, 5963, 4019, 5065, 1708, 947, + 5146, 3949, 3950, 4753, 748, 1337, 2978, 4754, -1903, 4755, + 1581, 4756, -1903, 2355, 2356, 1705, -1903, 1338, 1709, 174, + 175, 1399, 1400, 1706, 3909, -1903, -1903, 4080, 4309, 4081, + 2970, -2350, 1707, 3921, 1709, 1708, -1903, 3807, 4312, 1708, + 1894, -1903, 1705, -1903, 1376, 4700, 4707, -1903, 4709, 3340, + 1706, 1414, 4970, 4713, 4753, -1903, 2988, -1903, 4754, 1707, + 4759, 112, 4756, -1903, 1709, 1422, 3831, 1700, 1709, 1702, + 1424, 5788, 1163, 1708, 1164, 2991, 1434, 4316, 1705, 1894, + 1992, 1705, 2998, -1903, 1708, 1165, 1706, 1708, 1708, 1706, + 1709, 4699, 1445, -1903, 791, 1707, -1903, 1438, 1707, 806, + 806, 1166, 5482, 949, 1705, 1444, 1709, 948, 1446, 811, + 2894, 1708, 1706, 3474, 5107, 5495, -1903, 4323, 1725, 4324, + 1312, 1707, 1451, 1313, 1314, 1708, 2457, 2457, 1576, 806, + 1456, 1430, 1430, 1459, 1464, -1903, 4853, 1476, 1488, -1903, + 1708, 1705, 1490, 1709, 5860, 1708, 1993, 1709, -1903, 1706, + -2727, 2452, 1492, 112, 3900, 135, 3902, 1994, 1707, 4317, + 110, 4318, 1498, 4319, 3991, 1995, 948, -1903, 4042, 1500, + 153, 4418, 174, 175, -3486, 1501, 174, 175, 1502, 107, + 948, 1709, -1903, 1778, 4636, 4817, 4637, 1894, 2364, -1903, + 1503, 1708, 1709, 1996, 4349, 1709, 1709, 5861, 5111, 791, + 5112, -3488, 1616, -1903, 5113, -1903, 5114, 1504, 1705, 1628, + 3757, 4674, -3485, 4676, 2414, 1778, 1706, -3487, 1708, 1709, + 3450, 948, 4004, 1511, 1512, 1707, 4696, 4203, 1645, 1646, + 948, 948, 948, 1709, 5115, 5195, 5116, 5197, 4851, 4459, + 1513, 3967, 1705, 5261, 1430, 3321, 5899, 3741, 1709, 1997, + 1706, 3741, 4085, 1709, 1708, 1705, 3930, 1708, 5209, 1707, + 1894, 1705, 1705, 1706, 4697, 1514, 1705, 5019, 798, 1706, + 1706, 5020, 1707, 5021, 1706, 5022, 791, 1998, 1707, 1707, + 1708, 1518, 4698, 1707, 1520, 1167, 2898, 1522, 1521, 1221, + 791, 5239, 1355, 1355, 791, 1519, 1523, 5860, 4285, 1709, + 806, 1705, 1524, 1534, 4841, 4842, 4093, 4094, 2419, 1706, + 4095, 4096, 4097, 1800, 4685, 5023, 6079, 1708, 1707, 5024, + 4286, 5025, 1705, 5026, 703, 4320, 1709, 4321, 1705, 4322, + 1706, 806, 806, 4003, 1562, 4301, 1706, 1568, 4303, 1707, + -3752, 5222, 4310, 5223, 5230, 1707, 1894, 1370, 4328, 1567, + 5861, 1370, 4072, 4073, 4074, 4075, 4077, 4078, 4079, 1582, + 5155, 4082, 1709, 1583, 4329, 1709, 1409, 5155, 5242, 806, + 5243, 1584, 3425, 3426, 2981, 5208, 3427, 5027, 3428, 5028, + 3429, 5029, 1589, 1590, 1708, 4108, 1591, 1592, 1709, -3588, + 6063, 5266, 5286, 5267, 5287, 1593, 2960, 4124, 4125, 1597, + 4127, 703, 4129, 4130, 4131, 4132, 4133, 4134, 4135, 1599, + 4137, 3020, 1639, 2982, 4146, 4960, 1721, 5202, 1708, 5409, + -2341, 4019, 5509, 3951, 5510, 1709, 5511, 791, 5510, 1600, + 1601, 1708, 174, 175, 5513, 1602, 5514, 1708, 1708, 5580, + 1801, 4425, 1708, 1201, 1603, 5452, 2986, 2046, 806, 806, + 777, 3468, 1802, 791, -1349, 1387, 703, 5508, -1349, 5732, + 1604, 5733, 174, 175, 1671, 5759, 3825, 5760, 3952, -2341, + -1903, 1721, 1200, 1200, -1903, -1903, 2728, 1708, 5793, 2728, + 5794, 704, 1605, 778, 1370, 5799, -1903, 5794, 5740, 5851, + 2989, 4019, 1709, 1168, 1169, 1170, 1171, 5745, 1708, -1349, + 5852, 6064, 4019, 1606, 1708, -1349, 2996, 1803, 948, 6006, + 4179, 6007, 1722, 1607, 948, 1804, 2729, 1608, 754, 2729, + 2029, 2170, 1675, 6032, 1705, 6033, 1709, 1609, 1723, 6431, + 3953, 1610, 1706, 5496, 5557, 1585, 3008, 1613, -1349, 1709, + 4280, 1707, 6043, 6063, 6044, 1709, 1709, 1741, 1614, -1903, + 1709, 1615, 1805, 2730, 5148, 1623, 2730, 5860, 704, 755, + 5475, 6078, 4289, 4081, 2223, 2224, 2225, 1722, 2226, 6161, + 2227, 4876, 2228, 3954, -2341, 756, 1624, 1742, 4290, 3477, + 1625, 1626, 5170, 1723, 1629, 1709, 5173, -1903, 5921, -1693, + 6205, -1903, 6206, 5181, 6239, -1903, 5243, 2831, 5138, 6251, + 1724, 6252, 1630, -1692, -1903, -1903, 1709, 6260, 1631, 6261, + 5861, -1903, 1709, 704, 1743, -1903, -2341, 1632, 4302, 4291, + -1903, 4488, -1903, 1633, 779, -2341, -1903, 6277, 6279, 5794, + 5794, 947, 4864, 1744, -1903, -2341, -1903, 3322, 1634, 950, + 2457, 1705, -1903, 1745, 6309, 1430, 5794, -1903, 6319, 1706, + 5794, -2341, 1315, 4296, 6064, 1724, 4699, 156, 1707, 4776, + 2171, 4313, -1903, 1747, 4297, 1806, 1749, 4298, 4299, 947, + -2577, 6343, -1903, 5243, 2731, -1903, 1635, 2731, -1903, 1841, + -1903, 1636, 3306, -1903, -1903, 6415, 2732, 6416, 1637, 2732, + 1753, 4300, 1807, 757, 1638, -1903, 950, 1640, 1641, 1642, + 1708, 1643, 947, 1647, 1762, 4308, 3737, 1763, 3738, 5959, + 174, 175, -2112, 6062, -1903, 2851, 1764, 1648, -1903, 1754, + 4314, 1649, 3040, 4818, 758, 4315, 1650, -1903, 1651, 1652, + 1653, 703, 1654, 1655, 5791, 949, 3955, 3956, 3957, 947, + 947, 1656, 759, 5059, -759, 1657, -1903, 3323, 1658, 2223, + 2224, 5345, 6066, 5346, 3324, 5347, 1659, 5348, 3739, 1660, + 3325, -1903, 4495, 1661, 5975, 1664, 1665, -1903, -1903, 950, + 1765, 4326, 158, 949, 4488, 1770, 1666, 1667, 1668, 4411, + 4412, 5935, -1903, 4413, -1903, 4414, 2733, 4415, 3741, 2733, + 5976, 968, 969, 1669, 5060, 972, 157, 974, 4327, 976, + 1797, 1705, 1670, 6063, 1796, 5921, 949, 4187, 1709, 1706, + 1672, 1673, 3307, 3174, 5850, 1674, 1676, 1708, 1707, 2853, + 948, 1677, 1678, 1679, 170, 1680, 1683, 3746, 3175, 1684, + 1687, 1688, 4786, 5922, 4330, 3742, 3326, 4773, -3621, 1689, + 5923, 4332, 1690, 949, 949, 4787, 1691, 159, 5770, 1692, + 1693, -962, 1748, -2563, -2564, 5924, 2734, 1799, 5776, 2734, + 5207, 4788, 1819, 638, 1837, 1838, 966, 967, 968, 969, + 970, 971, 972, 973, 974, 975, 976, -2313, 1840, 1839, + 1859, 1860, 4370, 1869, 1872, 1873, 1882, 1808, 704, 1894, + 1922, 4789, 1809, 5977, -734, 5978, 806, 5213, 791, 3327, + 1932, 1934, 4387, 806, 806, 6066, 4388, 1938, 1944, 4391, + 4392, 158, -1349, 1945, 6064, 4495, 5938, 5960, 1951, 1952, + 639, 4512, 5944, 5945, 1954, 1709, 1956, 1960, 1977, 1978, + 1979, -1903, 4929, 4930, 4931, 4932, 4933, 4934, 4935, 4936, + 4937, 4938, 1981, 4940, 4941, 4942, 4943, 4944, 4945, 4946, + 4947, 5261, 4948, 4949, 3468, 4381, 4953, 4954, 1990, 5959, + 174, 175, 2001, 1387, 5225, 2002, 998, 1810, 4442, 112, + 112, 4790, 2015, 3849, 5718, 2005, 1811, 1708, 2021, 2031, + 2032, 703, 5925, 2042, 2057, 5961, 159, 2061, 2064, 2076, + 640, 1842, 2080, 3308, 2090, 5926, 777, 2084, 5226, 2104, + -1349, 2108, 641, 2110, -1349, 2116, 2126, 2114, 2123, -3621, + 2128, 3088, 5927, 2130, 791, 2131, 806, 5764, 6090, 791, + 791, 640, 2132, 2133, 4515, 798, 2135, 2136, 2160, 778, + 2168, 2180, 4791, 1341, 4488, 1843, 160, 1844, 4669, 3309, + 2182, 5979, 2183, 1725, 2184, -1349, 1019, 791, 791, -1903, + 5922, -1349, 2188, 2189, 4541, 2192, 5044, 5923, 5067, 5682, + 5683, 2191, 5685, 5077, 4488, 642, 5959, 174, 175, 2194, + 2204, 4457, 5924, 2205, 2206, 811, 4462, 4463, 760, 2215, + 2264, 5962, 2222, 2236, -1349, 1709, 2277, 2278, 703, 5452, + 2290, 2296, -2112, 2344, -2313, 2279, 1342, -166, 1725, 2209, + 2210, -962, 643, 4627, 1370, 1370, 2292, -2341, 2220, 947, + 2295, 2305, 2348, 2351, 2360, 3089, 2370, 3310, 2389, -736, + 1327, 5975, 5042, 2393, 3452, 2374, 3446, 1845, 3447, 2420, + 2421, 2448, -3039, 643, 2449, 1033, 2454, 2455, 704, 2281, + 1242, 2284, 2461, 6065, 2472, 648, 2477, 5976, 2480, 4792, + 4793, 2499, 5897, 2500, 2501, 5928, 2297, 2298, 2300, 5748, + 5980, 2542, 2527, 2303, 2304, 6066, 2543, 5960, 2544, 2545, + 779, 2321, 761, -736, 5576, 4495, 755, 1846, 3448, 2547, + 3311, 2548, 2549, 2554, -2162, 2567, 2564, 2568, 2571, 4664, + 5963, 2574, 3174, 2576, 2575, 2577, 3312, 3313, 2584, 5925, + 6194, 3314, 3315, 3316, 2585, 4495, 5770, 3175, -962, 2594, + 2595, 2596, 5926, 949, 2597, 644, 2598, 2252, 2599, 112, + 2600, 2601, 2603, 2604, 1847, 2617, -1903, 2616, 2621, 5927, + 2626, 161, 1705, 2632, 2635, 5961, 162, 2640, 2666, 2171, + 1706, 2663, 645, 2667, 2668, 704, 1343, 3454, 2680, 1707, + 5977, 2681, 5978, 2669, 2672, 3453, 2682, -1903, 5551, -1903, + 2690, 2694, -1903, -1903, 2699, 5043, 5062, 2695, 2698, 3317, + 2711, 2712, 950, -736, 5960, 2715, 2716, 4748, 2721, 2727, + 6109, 2741, -2588, 4752, 2253, 966, 967, 968, 969, 970, + 971, 972, 973, 974, 975, 976, 2742, 2750, 4794, 4795, + 2751, 947, 2758, 2762, 2797, 2793, 1705, 2802, 2803, 1705, + 757, 163, 4488, 2809, 1706, 1848, 1383, 1706, 2808, 2810, + -3621, 2818, 3318, 1707, 2821, 2868, 1707, 3779, 2841, 5430, + 5431, 5962, 5433, 5853, 2871, 5854, 5855, 5438, 2887, 1849, + 5442, -736, 5961, 5445, 5446, 2869, 2890, 2892, 2893, 2895, + 2254, 5454, 2255, 5455, 2904, 5981, 4882, 1242, 2256, 759, + 947, 2905, 5461, 2906, 4687, 3452, 2909, 3446, 4808, 3447, + 4692, 2910, 5928, 4708, 947, 2912, 2920, 5063, 4712, 2927, + 2976, -73, 2931, 2979, 2934, 998, 2943, 2944, -1491, 1705, + 5302, 2946, 2947, 4466, 174, 175, 4387, 1706, 5979, 2948, + 4388, 3781, 5318, 6420, 3783, 949, 1707, 2949, 1708, 2953, + 738, 739, 2961, 4370, 3449, 947, 4838, 806, 2257, 3448, + 4839, 5437, 2965, 646, 947, 947, 947, 2973, 4042, 3088, + 2980, 2984, 6045, 2985, 2990, 5044, 2994, 2995, 5962, 2997, + 5963, 3740, 647, 3001, 3019, 3740, -924, 740, -924, 3002, + 3007, 5964, 3012, 4495, 2364, 1739, 3032, 6345, -1349, 4796, + 3025, 3034, 2258, 4865, 949, 1019, 948, 3035, 2864, -1658, + 3036, 4883, 4874, 4866, 2050, 3037, 112, 3044, 949, 4884, + 3056, 3051, 1708, 1662, 2951, 1708, 741, 1681, 3454, 1685, + 648, 3061, 4085, 791, 4885, 3059, 3453, 3062, 3064, 4924, + 3094, 3065, 3068, 791, 4886, 4887, 4888, 3111, 3072, 3114, + 1992, 5295, 3073, 3074, 4889, 5653, 1709, 649, 3451, 949, + 4467, 3115, 3116, 948, 3119, 6149, 650, 4952, 949, 949, + 949, 3459, 3123, 3089, 3124, 3139, 3143, 3127, 6248, 3153, + 1992, 3156, 3157, 3162, 3179, 3180, 3206, 5963, 3189, 3190, + 4904, 5126, 3209, 3452, 1033, 3446, 3210, 3447, 2259, 3737, + 4928, 3738, 4488, 5101, 5552, 1708, 3208, 5553, 3213, 2260, + 3214, 6179, 3246, 3255, 3263, 3259, 1993, 3273, 3280, 3284, + 6256, 2419, 3288, 3291, 3292, 3298, 6430, 1994, 3299, 3300, + 1709, 4469, 3301, 1709, 3303, 1995, 948, 3304, 3305, 3344, + 3347, 3350, 3354, 5033, 3356, 3357, 1993, 3448, 3360, 806, + 3361, 3739, 3362, 2414, 3363, 3387, 3364, 1994, 3365, 3366, + 6112, 6113, 1778, 1996, 3367, 1995, 3368, 174, 175, 3369, + 3370, 3371, 3372, 3260, 5425, 6370, 3373, 3374, 3375, 3376, + 3377, 3378, 3379, 3380, 3381, 5045, 3382, 3392, 4470, 4471, + 4472, 3383, 4890, 1996, 3395, 3384, 3396, 4924, 3398, 3408, + 3410, 742, 3741, 4532, 4891, 1897, 3413, 798, 4473, 4488, + 2099, 5757, 5105, 1709, 6248, 3414, 3454, 5551, 743, 1997, + 3746, 112, 3423, 3418, 3453, 3411, 3422, 3424, 3742, 3412, + 3452, 3431, 5630, 3460, 5631, 3751, 3752, 3753, 3766, 3767, + 3768, 5964, 947, 4495, 744, 3774, 3787, 1998, 947, 1997, + -1701, 112, 5981, 5127, 6256, 3817, 3818, 5706, 110, 3819, + 3805, 3806, 3832, 3833, 3845, 4474, 3847, 4475, 3846, 3261, + 806, 3045, 3855, 3857, 3861, 3863, 3864, 1998, 3865, 806, + 3868, 3869, 3873, 3874, 5632, -924, 3881, 4476, 745, 4892, + 3882, 2483, 3737, 2482, 3738, 2862, 5046, 3912, 3927, 3933, + 3935, 945, 3968, 5165, 4893, 4477, 3973, 3979, 3981, 3983, + 1201, 1201, 4478, 6407, 3984, 3985, 4008, 945, 4012, 4009, + 4013, 4035, 4039, 1251, 6419, -2065, 4048, 4479, 4049, 3737, + 4088, 3738, 6407, 4089, 4480, 4090, 2930, 6323, 4106, 2933, + 6419, 4110, 4117, 4118, 3739, 4894, 949, 4157, 5964, 4481, + 4495, 4119, 949, 5636, 4161, 2945, 2806, 4168, 4121, 4895, + 4163, 5635, 4169, 5277, 4181, 966, 967, 968, 969, 970, + 971, 972, 973, 974, 975, 976, 2964, 4242, 4239, 4251, + 4256, 3739, 4260, 4264, 4243, 4263, 4248, 966, 967, 968, + 969, 970, 971, 972, 973, 974, 975, 976, 5549, 5320, + 4270, 4370, 5136, 4344, 5139, 4273, 4482, 1992, 4274, 4275, + 4276, 4333, 5884, 3746, 5147, 4334, 4483, 4345, 4348, 1898, + 4452, 3742, 2770, 2771, 5597, 4356, 4358, 4359, 5602, 5603, + 664, 4360, 5156, 950, 4373, 4374, 4364, 2783, 4375, 2785, + 4361, 4362, 2364, 1130, 5161, 4363, 4371, 4378, 112, 950, + 3746, 4442, 4377, 3205, 4484, 5258, 4382, 4397, 3742, 4398, + 5182, 4419, 4406, 4424, 4425, 998, 4426, 4485, 4437, 4445, + 5271, 5272, 5273, 1993, 4443, 4446, 4447, 4450, 4458, 4451, + 806, 4461, 4510, 4924, 1994, 5285, 5440, 998, 4519, -1814, + -1819, 4539, 1995, 4545, 4542, 4551, 4546, 4569, 4552, 4587, + 791, 4574, 4627, 4632, 4640, 4665, 4486, 4666, 5316, 5317, + 4671, 4679, 4487, 4685, 4690, 4733, 806, 4711, 5330, 4718, + 1996, 4745, 3740, 5552, 4746, 4760, 5553, 4764, 4767, 4768, + 4536, 5352, 2786, 2787, 4770, 5353, 4488, 5364, 4779, 4780, + 3281, 4810, 4339, 3004, 4819, 1019, 4025, 4821, 945, 4822, + 945, 4825, 945, 945, 947, 4826, 4827, 5301, 1131, 945, + 5399, 5364, 945, 4831, 2432, 6389, 1132, 1019, 1899, 4845, + 4489, 4846, 4859, 41, 4875, 4876, 1997, 4490, 4880, 4881, + 4898, 1133, 1900, 4899, 1901, 4900, 4901, 4453, 4454, 950, + 4902, 1134, 1135, 1136, 4905, 4926, 4925, 4927, 4939, 4598, + 4967, 1137, 4984, 4987, 1998, 4989, -266, 4997, 4999, 5007, + 2414, 5018, 4491, 2416, 5017, 5035, 1902, 4924, 5036, 5037, + 1903, 5053, 3450, 5044, 5055, 5068, 5069, 4492, 4493, 1904, + 4874, 4874, 791, 5078, 1033, 5079, 5081, 5080, 5432, 948, + 4494, 5082, 5448, 5085, 2364, 5083, 5086, 5096, 5087, 5088, + 5089, 791, 5458, 5449, 5099, 5103, 1033, 4874, 949, 5102, + 5110, 5122, 1905, 5459, 4874, 5123, 5129, 5130, 5133, 4924, + 5462, 5135, 5463, 5464, 5477, -736, 5162, 4495, 5042, 4738, + 1906, 5167, 5159, 6134, 5484, 5175, 5179, 5189, 5197, 5436, + 5193, 5194, 5211, 5210, 5195, 5216, 5196, 5198, 5199, 5212, + 5206, 6299, 5218, 5229, 5231, 5268, 4958, 5253, 5456, 112, + 5256, 5221, 5228, 5505, 5376, 5237, 793, 5245, 5255, 5401, + 5275, 2763, 5381, 5263, 5531, 5804, 5257, 806, 5264, -736, + 5278, 5279, 755, 5393, 5300, 5402, 950, 5403, 5406, 1138, + 5408, 5410, 5411, 5412, 5413, 5422, 5421, 3737, 3174, 3738, + 5550, 1139, 5420, 5423, 5439, 2764, 5428, 5551, 1907, 5426, + 5532, 5443, 5444, 3175, 5364, 1908, 4104, 5476, 5478, 5480, + 5491, 5504, 5550, 5521, 5502, 1909, 5536, 5522, 5537, 5551, + 5538, 5543, 5540, 5542, 5545, 945, 5548, 5559, 5586, 1910, + 950, 5562, 5575, 2765, 5594, 5595, 6118, 5574, 5579, 3739, + 2241, 2242, 2243, 2244, 5585, 5590, 5593, 5598, 5638, 5640, + 5642, 5649, 5648, 1911, 5652, 5669, 5679, 5654, 5684, 5566, + 5658, 5660, 1912, 5686, 5662, 1913, 5678, 5687, 5689, -736, + 5283, 4865, 5573, 5702, 5691, 6118, 5713, 3816, 5708, 4874, + 5709, 5719, 5058, 1914, 5724, 5287, 2245, 2246, 2247, 5742, + 5584, 1140, 5755, 5584, 5589, 5758, 5762, 5765, 5591, 665, + 5766, 5771, 4924, 3450, 5772, 5773, 757, 5775, 3746, 5778, + 5601, 5789, 6425, 5639, 1915, 5637, 3742, 5792, 5796, 5798, + 5808, 5800, 5802, -3743, -2725, -2724, 5288, 5826, 5830, 5641, + 5824, 5844, 1141, 5857, -2728, 1778, -2738, -736, 2248, 2249, + -2742, 5814, -388, -3738, -3736, -3740, 1142, 5859, 5868, -3734, + -3739, -3737, 1919, -3735, 5837, 759, 5818, 5839, 5856, 5867, + 5869, 5875, 5877, 5882, 5876, 6051, 6052, 5885, 6054, 6055, + 6056, 6057, 5886, 5887, 5893, 5894, 4627, 5364, 5895, 5898, + 3265, 5902, 5896, 5907, 6118, 5916, 5917, 5940, 5941, 5946, + 5920, 5952, 5657, 5988, 5659, 4466, 5991, 5993, 6002, 6005, + 6013, 6014, 2250, 5693, 6015, 5695, 6027, 6018, 6030, 6036, + 6031, 6040, 6046, 6050, 6053, 6058, 6061, 6075, 6102, 6096, + 6104, 3263, 6077, 3263, 6098, 6089, 6100, 6101, 6106, 6107, + 6108, 5044, 6121, 6122, 6123, 6124, 6127, 6157, 6138, 6160, + 6166, 6195, 6181, 6200, 6202, 5697, 4924, 4874, 4924, 6210, + 5694, 6216, 806, 4924, 6203, 4874, 6221, 6228, 6222, 6230, + 4924, 4924, 6213, 6236, 4874, 4595, 2251, 6240, -2561, 5716, + 4924, 6241, -2562, 4600, 6225, 6245, 4924, 4874, 6233, 4874, + 6270, 6267, 6273, 6289, 6282, 3972, 6288, 5725, 6292, 6280, + 6294, 3450, 6281, 6173, 6300, 3741, 6176, 6346, 6358, 6298, + 6303, 950, 950, 5552, 6184, 6349, 5553, 6187, 6354, 6362, + 6359, 6360, 6371, 6376, 6380, 5554, 6382, 6381, 6384, 791, + 6387, 6388, 1124, 6390, 6385, 5552, 6395, 6386, 5553, 5165, + 945, 6396, 6408, 6397, 6424, 4148, 5754, 5767, 2766, 3892, + 3178, 5490, 5489, 5943, 5488, 3988, 6426, 4568, 5995, 5656, + 6130, 6290, 1349, 1344, 1345, 2062, 5650, 5996, 5904, 5751, + 5512, 5383, 5761, 2252, 5903, 5186, 2440, 1124, 2767, 2768, + 3944, 2769, 2770, 2771, 2772, 2773, 5746, 2774, 2775, 2776, + 2777, 2778, 2779, 2780, 2781, 4897, 2782, 2783, 2784, 2785, + 2364, 4165, 2760, 1458, 4245, 4751, 2880, 4076, 2881, 5821, + 5584, 2882, 5715, 5820, 5092, 5801, 4614, 5644, 4836, 5561, + 4830, 5238, 5806, 791, 3049, 5779, 6165, 4924, 4924, 6250, + 6348, 6307, 6060, 5777, 3294, 5090, 2052, 5990, 5634, 5429, + 2253, 5471, 5095, 5592, 4120, 5696, 4122, 4123, 5294, 6327, + 947, 5045, 4128, 6220, 6224, 6151, 4226, 6142, 6143, 6144, + 4136, 6145, 4798, 4702, 4144, 791, 4147, 5900, 4057, 4556, + 4761, 4744, 6125, 6163, 5364, 112, 5143, 5523, 4336, 5828, + 5807, 4813, 4815, 4811, 6353, 763, 764, 6320, 5950, 6321, + 3980, 6192, 2786, 2787, 5364, 6199, 5994, 6197, 3741, 5862, + 5157, 4460, 5692, 5849, 5093, 5690, 2254, 947, 2255, 2636, + 948, 5469, 2161, 2071, 2256, 6025, 3966, 3964, 6159, 5866, + 3353, 4178, 2795, 3862, 3170, 4924, 948, 3419, 174, 175, + 4678, 4924, 2040, 5871, 792, 3741, 3820, 1378, 2364, 1767, + 3919, 4038, 5124, 2039, 1991, 5531, 3870, 4874, 5840, 4824, + 3790, 3788, 4366, 2417, 949, 2358, 2266, 3837, 5888, 5892, + 3840, 4283, 5046, 5203, 2276, 6140, 1897, 6293, 2212, 6375, + 2689, 6373, 2686, 1983, 2257, 1984, 1985, 2414, 1986, 1988, + 947, 5532, 5493, 5119, 6034, 5364, 5265, 2221, 6035, 2679, + 3275, 2701, 5010, 4355, 5011, 4034, 5874, 4354, 5556, 5252, + 6039, 5547, 5973, 5915, 2034, 4041, 5973, 5205, 4037, 5569, + 4563, 949, 2048, 1401, 4808, 5120, 4804, 4564, 2258, 5584, + 5016, 3267, 774, 765, 2801, 1575, 1263, 5947, 2833, 4924, + 4677, 3417, 4869, 2106, 1879, 5270, 5790, 4855, 6344, 4069, + 4852, 1124, 1469, 5987, 1474, 1124, 3740, 3145, 2533, 5992, + 3146, 1247, 1248, 1250, 3913, 2041, 3183, 5578, 2166, 5819, + 2624, 4682, 6347, 5414, 6377, 5688, 948, 6423, 1124, 6003, + 6427, 6369, 1577, 1575, 3254, 3160, 3415, 5571, 1124, 3472, + 3905, 3904, 4924, 2414, 949, 1205, 3906, 3110, 1206, 2886, + 3898, 3897, 791, 3901, 806, 4396, 2865, 1160, 2460, 4575, + 6021, 4924, 791, 3866, 2646, 1761, 3343, 5034, 6020, 3982, + 5132, 2154, 2155, 1782, 2259, 5743, 4628, 783, 1296, 1937, + 4442, 4442, 767, 768, 769, 2260, 3236, 6038, 6232, 4675, + 4516, 5389, 2883, 1557, 950, 4246, 5390, 5400, 5386, 5385, + 0, 0, 0, 0, 1124, 1124, 1124, 1124, 0, 6017, + 1575, 0, 0, 0, 0, 0, 5973, 1124, 0, 6023, + 0, 0, 0, 0, 0, 6180, 6076, 0, 0, 0, + 0, 6088, 0, 5973, 0, 0, 0, 6095, 0, 0, + 1898, 0, 0, 6103, 0, 0, 0, 1574, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 806, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 948, 0, 0, 6126, 0, 6128, 0, + 0, 0, 0, 0, 0, 0, 0, 6137, 0, 0, + 0, 0, 5849, 0, 0, 1622, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1575, 0, 0, 0, 0, 5892, 0, + 0, 0, 0, 0, 0, 0, 0, 948, 0, 5915, + 0, 0, 6174, 6175, 0, 0, 0, 0, 0, 0, + 0, 0, 806, 748, 6186, 0, 0, 0, 0, 0, + 0, 0, 6263, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1704, 0, 6201, 0, 0, 0, 0, 0, + 4627, 0, 0, 5584, 0, 5584, 5589, 0, 0, 1899, + 0, 0, 0, 0, 0, 0, 0, 0, 1124, 0, + 0, 0, 0, 1900, 0, 1901, 1700, 0, 1702, 0, + 0, 0, 6226, 3741, 791, 6333, 0, 0, 0, 0, + 0, 0, 0, 6234, 0, 0, 0, 6306, 0, 0, + 0, 0, 945, 0, 0, 0, 0, 1902, 0, 0, + 0, 1903, 0, 0, 0, 0, 0, 2364, 0, 0, + 1904, 0, 0, 0, 6257, 0, 0, 6258, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 806, + 945, 6227, 0, 0, 0, 1784, 0, 0, 4627, 0, + 0, 0, 0, 1905, 0, 0, 0, 5584, 5584, 0, + 0, 6274, 0, 0, 0, 0, 0, 0, 5584, 0, + 0, 1906, 0, 945, 1575, 0, 0, 1575, 0, 0, + 6287, 0, 0, 0, 0, 0, 2845, 0, 6291, 0, + 0, 0, 0, 0, 0, 0, 3449, 0, 0, 0, + 0, 0, 0, 5973, 5973, 0, 0, 0, 0, 0, + 945, 945, 0, 947, 806, 0, 0, 0, 0, 0, + 0, 6428, 0, 0, 0, 0, 0, 0, 5584, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 6414, 0, 6332, 5973, 0, 0, 6334, 1124, 1907, + 6421, 0, 0, 2364, 0, 0, 1908, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1909, 0, 948, 948, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1910, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3451, 0, 0, 0, 1911, 4576, 4577, 4578, 0, 0, + 0, 0, 0, 1912, 0, 1575, 1913, 949, 0, 0, + 0, 0, 0, 0, 1124, 0, 1124, 0, 0, 0, + 4647, 4650, 0, 4653, 1914, 0, 2030, 0, 0, 2030, + 0, 0, 0, 0, 0, 0, 0, 4466, 174, 175, + 0, 0, 2364, 0, 0, 0, 0, 0, 806, 0, + 0, 0, 0, 2364, 0, 1915, 0, 806, 0, 0, + 0, 2364, 1124, 1124, 0, 0, 0, 0, 1124, 2364, + 0, 0, 1124, 1124, 1124, 0, 0, 0, 0, 0, + 0, 0, 1124, 1124, 1575, 0, 0, 0, 1124, 0, + 0, 0, 1124, 1124, 1124, 0, 1124, 1124, 1124, 0, + 1575, 1575, 0, 0, 0, 0, 0, 1124, 0, 1124, + 0, 0, 1124, 1124, 1124, 1124, 0, 1124, 2050, 1124, + 1124, 0, 0, 0, 0, 0, 0, 3449, 0, 0, + 0, 0, 0, 1124, 1124, 1124, 1124, 1124, 0, 1124, + 1124, 1124, 1124, 1124, 1124, 0, 1124, 1124, 0, 1124, + 1124, 0, 1124, 1124, 0, 0, 1124, 1124, 0, 1124, + 1124, 0, 0, 1124, 4467, 1124, 0, 2158, 0, 1124, + 1124, 1124, 3081, 0, 1124, 1124, 1124, 1124, 0, 1124, + 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, + 0, 0, 1124, 1124, 1124, 1124, 0, 0, 0, 0, + 0, 0, 0, 1124, 1124, 0, 1124, 1124, 0, 0, 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, 1124, - 1124, 1124, -1903, -1903, 1124, 0, 0, 0, 0, 1575, - 0, 0, 0, 0, -1903, 0, 1575, 0, 0, 0, + 1124, 1124, 1124, 0, 0, 1124, 4144, 0, 0, 0, + 1575, 3451, 0, 0, 0, 4469, 0, 1575, 0, 0, + 0, 0, 0, 0, 0, 0, 1622, 4816, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1124, 0, 2275, 1622, 0, 0, 0, 0, 0, 0, + 945, 0, 0, 0, 0, 0, 0, 0, 1575, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 4470, 4471, 4472, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1919, 0, + 0, 0, 4473, 0, 0, 3449, 0, 0, 0, 3740, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1124, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 2170, - 0, 0, 0, 949, 0, 0, 0, 1575, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 3843, - 0, 0, 0, 0, 0, 0, 0, -1903, 0, 0, - 0, 0, 0, 0, 0, 0, 1622, 0, 0, 0, - 0, 3449, 0, 0, 0, 3740, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 949, 0, 0, - 0, 0, 0, 0, 0, -1903, 0, 0, 0, -1903, - 0, 0, 0, -1903, 0, 0, 0, 0, 0, 0, - 0, 0, -1903, -1903, 0, 0, 0, 0, 0, 0, - 0, 0, 0, -1903, 0, 0, 0, 0, -1903, 0, - -1903, 0, 0, 0, -1903, 2492, 1124, 0, 1124, 0, - 948, 0, -1903, 0, -1903, -1086, -1086, 0, 0, 0, - -1903, 0, 0, 0, 0, 0, 0, 4466, 174, 175, - 0, 0, 0, 1575, 0, 0, 0, 0, 0, 1124, - -1903, 0, 0, 0, 0, 0, 0, 0, 0, 0, - -1903, 0, 0, -1903, 0, 4588, 0, 4589, 4590, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2613, 2613, - 0, 0, 0, -1903, 0, 0, 0, 0, 5632, 4591, - 0, 4592, 0, 0, 0, 0, 0, 4593, 0, 0, - 0, 0, -1903, 0, 0, 0, -1903, 0, 0, 0, - 0, 0, 0, 0, 0, -1903, 0, 0, 2050, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4594, - 0, 0, 0, 0, -1903, 0, 1124, 0, 0, 0, - 0, 0, 1575, 0, 1575, 0, 0, 0, 3740, -1903, - 0, 0, 0, 0, 0, 0, -1903, 0, 0, 0, - 947, 0, 0, 0, 4467, 0, 0, 0, 0, 0, - -1903, 0, -1903, 0, 2030, 0, 947, 0, 0, 0, - 0, 0, 0, 0, 0, 3740, 0, 0, 0, 0, - 0, 0, 0, 4595, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 174, 175, 0, 0, 0, - 0, 0, 0, 0, 4596, 0, 4597, 0, 0, 0, - 0, 0, 0, 0, 0, 4469, 0, 4598, 949, 949, - 0, 0, 0, 1208, 0, 1209, 0, 0, 0, 0, - 0, 0, 0, 671, 0, 0, 0, 0, 0, 0, - 4599, 0, 0, 0, 0, 0, 0, 1177, 0, 0, - 0, 0, 0, 0, 0, 1210, 1211, 0, 0, 0, - 0, 0, 0, 0, 1124, 1212, 2030, 0, 0, 0, - 0, 0, 4470, 4471, 4472, 0, 0, 0, 0, 11, - 12, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4473, 0, 0, 0, 947, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1575, 1124, 0, 0, - 0, 0, 0, 0, 0, 1124, 1124, 0, 0, 0, - 0, 1213, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1214, 0, 0, 0, 0, - 0, 4600, 0, 0, 0, 0, 0, 0, 0, 4474, - 0, 4475, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1124, - 0, 4476, 0, 0, 0, 0, 0, 0, 4601, 0, - 1575, 1575, 0, 0, 0, 0, 0, 0, 0, 4477, - 0, 1215, 0, 0, 0, 0, 4478, 0, 0, 0, - 0, 0, 0, 1216, 0, 0, 0, 0, 0, 0, - 0, 4479, 0, 1124, 1124, 1124, 0, -1903, 4480, 0, - 0, 0, 4602, 4603, 0, 0, 0, 0, 0, 4604, - 0, 0, 0, 4481, 0, 0, 0, 0, 0, 0, - 0, 4605, 0, 947, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1217, 0, - 0, 0, 4606, 1575, 0, 0, 0, 0, 0, 0, - 2763, 0, 0, 1124, 0, 0, 1575, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4607, 0, 0, 0, - 4482, 1124, 0, 0, 0, 1124, 1124, 947, 1124, 1124, - 4483, 0, 0, 1218, 2764, 0, 0, 1124, 0, 1124, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1219, 0, 1125, 0, 0, 0, - 0, 0, 0, 1220, 0, 0, 0, 0, 4484, 0, - 1124, 0, 2765, 0, 0, 0, 1221, 0, 0, 0, - 0, 4485, 0, 4608, 0, 0, 0, 1222, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4474, + 0, 4475, 0, 0, 0, 0, 0, 1124, 0, 1124, + 0, 948, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4476, 2425, 0, 0, 0, 0, 0, 0, 1622, + 0, 0, 0, 0, 1575, 0, 0, 0, 0, 4477, + 1124, 0, 0, 4464, 0, 4465, 4478, 0, 0, 3451, + 4466, 174, 175, 0, 0, 0, 0, 0, 0, 0, + 0, 4479, 0, 0, 0, 0, 0, 0, 4480, 0, + 2492, 0, 0, 0, 0, 3330, 0, 0, 0, 0, + 0, 0, 5633, 4481, 0, 0, 0, 1705, 0, 0, + 0, 0, 945, 0, 0, 1706, 0, 0, 0, 0, + 0, 0, 0, -924, 1707, -924, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, + 0, 2050, 0, 1575, 0, 1575, 0, 0, 0, 0, + 4482, 0, 3740, 0, 0, 0, 2241, 2242, 2243, 2244, + 4483, 945, 0, 0, 947, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 945, 0, 0, 0, 0, + 947, 0, 0, 0, 0, 0, 0, 4467, 0, 3740, + 0, 0, 0, 0, 0, 0, 3451, 0, 4484, 0, + 0, 0, 2245, 2246, 2247, 1124, 2613, 0, 0, 4468, + 0, 4485, 0, 0, 0, 3445, 945, 0, 0, 0, + 0, 0, 0, 0, 0, 945, 945, 945, 0, 0, + 3081, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3735, 0, 0, 0, 3735, 0, 0, 0, + 4486, 0, 0, 0, 2248, 2249, 4487, 0, 4469, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 949, 0, + 0, 0, 0, 1708, 0, 0, 0, 0, 0, 0, + 4488, 0, 0, 0, 949, 1124, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4466, 174, 175, 0, 0, + 0, 0, 0, 0, 0, 2030, 0, 2710, 0, 0, + 0, 0, 0, 0, 4489, 4470, 4471, 4472, 2250, 0, + 947, 4490, 0, 0, 0, 0, 0, 1575, 1124, 0, + 0, 0, 0, 0, 0, 4473, 1124, 1124, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, -924, 0, + -924, 0, 0, 0, 0, 0, 4491, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4492, 4493, 0, 0, 0, 2050, 0, 0, 0, + 0, 1709, 2251, 0, 4494, 0, 0, 0, 0, 0, + 1124, 0, 4474, 0, 4475, 0, 0, 0, 0, 0, + 0, 1575, 1575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, -924, 0, 4476, 0, 0, 0, 0, 0, + 0, 4495, 4467, 0, 949, 0, 0, 0, 0, 0, + 0, 0, 4477, 0, 1124, 1124, 1124, 0, 0, 4478, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4479, 0, 0, 0, 0, 0, + 0, 4480, 0, 0, 0, 0, 0, 947, 0, 0, + 0, 5304, 5307, 5309, 5311, 0, 4481, 5314, 5315, 2252, + 0, 0, 5319, 0, 1575, 5325, 0, 0, 5329, 2888, + 0, 5304, 0, 4469, 1124, 5340, 5304, 1575, 0, 0, + 0, 0, 0, 945, 0, 0, 0, 0, 0, 945, + 0, 0, 1124, 0, 0, 0, 1124, 1124, 0, 1124, + 1124, 947, 0, 0, 0, 0, 0, 0, 1124, 0, + 1124, 0, 0, 4482, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4483, 0, 0, 2253, 0, 0, 0, + 4470, 4471, 4472, 0, 0, 0, 0, 0, 0, 0, + 0, 1124, 0, 1622, 2929, 0, 0, 0, 0, 0, + 4473, 949, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4484, 0, 0, 0, 0, 0, 1124, 0, 0, + 0, 0, 0, 0, 4485, 0, 0, 0, 0, 0, + 0, 0, 0, 1575, 0, 0, 0, 3740, 0, 0, + 0, 0, 2254, 0, 2255, 0, 0, 0, 0, 0, + 2256, 0, 0, 1124, 0, 949, 0, 4474, 0, 4475, + 0, 0, 0, 4486, 0, 0, 0, 0, 0, 4487, + 1124, 0, 0, 0, 0, 0, 2999, -924, 0, 4476, + 0, 0, 0, 0, 4647, 0, 4650, 0, 4653, 3014, + 0, 0, 0, 4488, 0, 0, 0, 4477, 0, 0, + 0, 0, 0, 0, 4478, 0, 0, 1124, 0, 0, + 2257, 0, 0, 0, 1124, 0, 0, 0, 0, 4479, + 0, 1575, 0, 0, 0, 0, 4480, 4489, 0, 0, + 0, 0, 0, 0, 4490, 0, 0, 0, 0, 0, + 0, 4481, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2258, 0, 0, 0, 0, 0, + 0, 1575, 0, 0, 0, 0, 0, 0, 0, 4491, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3071, + 0, 0, 0, 0, 4492, 4493, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1784, 0, 4494, 4482, 0, + 0, 5546, 0, 0, 0, 0, 0, 0, 4483, 0, + 0, 0, 0, 3735, 0, 0, 0, 1124, 0, 0, + 0, 0, 947, 947, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4495, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 945, 4484, 0, 0, 0, + 2259, 1124, 0, 0, 0, 0, 0, 0, 0, 4485, + 0, 2260, 0, 0, 1575, 0, 1575, 1575, 1575, 0, + 1124, 0, 0, 0, 1124, 0, 0, 0, 0, 0, + 0, 0, 0, 2158, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4486, 0, + 0, 0, 0, 0, 4487, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1622, 0, 0, 949, 949, 4488, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 4489, 0, 0, 0, 0, 0, 0, 4490, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1575, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4491, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4492, + 4493, 0, 0, 0, 0, 0, 2030, 0, 2030, 2030, + 3287, 0, 4494, 0, 0, 0, 0, 0, 0, 0, + 1124, 0, 0, 0, 1124, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 1223, 0, 1575, 3740, 0, 0, 0, 0, 0, 0, - 4486, 0, 0, 0, -1903, 0, 4487, 0, 0, 0, - 0, 0, 1124, 0, 0, 0, 0, 2171, 0, -2313, - 1224, 0, 0, 1225, 0, 1226, 0, 0, 0, 1124, - 4488, 4609, 0, 0, 0, -1903, 0, -1903, 0, 0, - -1903, -1903, 4610, 4611, 4612, 0, 4295, 0, 0, 0, - 0, 949, 1227, 1228, 0, 0, 0, 0, 1229, 1230, - 0, 0, 0, 0, 4489, 0, 1124, 0, 0, 0, - 0, 4490, 0, 1124, 0, 1231, 0, 0, 0, 0, - 1575, 0, 0, 0, 0, 4331, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1232, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4491, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1233, 0, - 1575, 4492, 4493, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4494, 0, 0, 0, 4613, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4390, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4495, 1234, 0, 0, 0, 1124, 0, 947, 947, - 0, 0, 0, 0, 0, 0, 0, 1235, 0, 0, - 0, 0, 0, 0, 0, 0, 1236, 0, 0, 1237, - 1238, 0, 0, 0, -1086, 0, 0, 0, 0, 0, - 1124, 0, 0, 0, 1239, 0, 0, 0, 0, 0, - 0, 0, 0, 1575, 0, 1575, 1575, 1575, 0, 1124, - 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1125, 0, 0, 0, 1125, - 0, 1240, 0, 0, 0, 0, 0, 2766, 0, 0, - 1241, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1124, 0, 1124, 1124, 4495, + 1124, 1124, 1124, 1124, 0, 1124, 0, 1124, 1124, 0, + 1124, 0, 0, 0, 0, 0, 4052, 4184, 1124, 1124, + 0, 4185, 4186, 1124, 1124, 1124, 0, 0, 0, 0, + 0, 4187, 0, 1124, 1124, 1124, 0, 1124, 0, 1124, + 0, 1124, 0, 1124, 0, 1124, 0, 0, 0, 0, + 1124, 1124, 0, 1124, 1124, 1124, 4188, 0, 0, 1124, + 0, 0, 1124, 0, 0, 0, 0, 0, 0, 4189, + 0, 1124, 0, 0, 1124, 2158, 1124, 1124, 1124, 0, + 0, 1124, 0, 0, 0, 4190, 0, 6141, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1124, 0, 1124, 0, 0, 1124, 0, + 0, 0, 0, 0, 0, 4053, 0, 0, 1124, 1124, + 1124, 1124, 1575, 1124, 0, 0, 0, 0, 1124, 0, + 0, 0, 0, 0, 0, 4192, 4193, 4194, 0, 1575, + 0, 0, 0, 0, 0, 4195, 4054, 4196, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, - 0, -3345, 1125, 1242, 0, 0, 0, 2767, 2768, 0, - 2769, 2770, 2771, 2772, 2773, 0, 2774, 2775, 2776, 2777, - 2778, 2779, 2780, 2781, 0, 2782, 2783, 2784, 2785, 0, + 0, 0, 0, 4197, 0, 0, 0, 0, 0, 0, + -1086, -1086, 0, 0, 0, 947, 0, 0, 0, 0, + 0, 0, 4466, 174, 175, 0, 0, 0, 1124, 0, + 0, 0, 0, 0, 0, 4198, 0, 1125, 0, 0, + 0, 0, 0, 864, 0, 0, 0, 0, 1575, 0, + 4588, 0, 4589, 4590, 0, 0, 0, 0, 0, 0, + 0, 0, 4055, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4591, 865, 4592, 0, 0, 0, + 0, 1124, 4593, 0, 0, 4200, 4056, 4201, 0, 0, + 0, 0, 0, 0, 0, 0, 867, 0, 0, 0, + 0, 0, 1124, 2050, 0, 868, 0, 4202, 4203, 0, + 0, 1575, 1575, 0, 4594, 0, 0, 0, 0, 949, + 0, 0, 0, 0, 3843, 0, 869, 0, 0, 0, + 4508, 4508, 0, 0, 0, 0, 0, 0, 0, 0, + 870, 1622, 0, 0, 0, 871, 0, 0, 0, 4467, + 0, 0, 0, 0, 0, 0, 0, 0, 4204, 0, + 4205, 4206, 0, 0, 0, 0, 0, 0, 0, 872, + 0, 0, 1124, 0, 0, 0, 0, 4207, 4595, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1575, 0, 4596, + 2492, 4597, 0, 4208, 4209, 0, 0, 0, 0, 0, + 4469, 0, 4598, 0, 0, 3330, 0, 0, 873, 0, + 0, 0, 874, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4599, 0, 4508, 0, 0, + 875, 0, 0, 0, 876, 877, 0, 0, 0, 4211, + 0, 945, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 2613, 2613, 0, 0, 4470, 4471, 4472, + 1124, 0, 0, 0, 0, 878, 0, 0, 0, 0, + 0, 0, 879, 880, 0, 0, 0, 4473, 0, 0, + 4212, 1125, 0, 0, 0, 1125, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 945, 1575, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 4600, 0, 0, 0, + 0, 0, 2141, 0, 4474, 0, 4475, 0, 0, 0, + 0, 0, 4213, 4214, 0, 0, 0, 0, 0, 2030, + 0, 0, 0, 0, 0, 0, 4476, 0, 4215, 4216, + 0, 0, 0, 4601, 0, 0, 0, 0, 0, 0, + 0, 945, 2142, 0, 4477, 0, 0, 1124, 0, 0, + 1124, 4478, 0, 0, 1125, 1125, 1125, 1125, 0, 0, + 0, 0, 0, 0, 0, 0, 4479, 1125, 0, 0, + 4217, 0, 0, 4480, 0, 0, 0, 4602, 4603, 0, + 0, 0, 0, 0, 4604, 2143, 0, 0, 4481, 0, + 2144, 0, 0, 0, 0, 0, 4605, 0, 0, 0, + 0, 2145, 2146, 0, 0, 0, 0, 3735, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4606, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2030, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, -3345, 0, 0, 0, 0, 0, - 0, 1243, 1575, 0, 0, 0, 0, 0, 1125, 1125, - 1125, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4607, 0, 0, 0, 4482, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4483, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4219, 0, 0, + 4220, 0, 0, 4221, 0, 0, 0, 0, 0, 6264, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4484, 0, 0, 0, 4223, 0, 0, + 0, 0, 0, 0, 0, 0, 4485, 0, 4608, 0, + 0, 0, 0, 0, 0, 0, 0, 4224, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4486, 0, 0, 1125, 0, + 0, 4487, 0, 0, 0, 0, 2147, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2148, 0, 0, 0, + 0, 0, 0, 0, 0, 4488, 4609, 2149, 0, 0, + 0, 0, 0, 2150, 0, 0, 0, 4610, 4611, 4612, + 0, 0, 0, 0, 4508, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4489, + 0, 0, 0, 0, 0, 2151, 4490, 0, 0, 2152, + 0, 0, 0, 0, 0, 1124, 1124, 0, 0, 0, + 1124, 0, 0, 0, 0, 0, 0, 0, 0, 1575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2153, 4491, 1124, 0, 1124, 0, 1124, 0, 1124, 0, + 0, 0, 0, 0, 0, 0, 4492, 4493, 0, 0, + 0, 0, 1124, 0, 0, 0, 0, 0, 1575, 4494, + 0, 0, 0, 4613, 0, 0, 0, 0, 0, 0, + 0, 1124, 1124, 0, 0, 0, 1124, 0, 1124, 0, + 1124, 0, 0, 0, 0, 1124, 0, 0, 0, 0, + 4508, 0, 0, 0, 0, 0, 4495, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1575, 0, 0, -1086, + 1124, 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1124, - 0, 2786, 2787, 1124, 0, 0, 1124, 0, 0, 0, - 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, - 0, 0, 0, 0, 1124, 0, 1124, 1124, 0, 1124, - 1124, 1124, 1124, 0, 1124, 0, 1124, 1124, 0, 1124, - 0, 0, 0, 0, 0, 0, 0, 1124, 1124, 0, - 0, 0, 1124, 1124, 1124, 0, 0, 0, 0, 4466, - 174, 175, 1124, 1124, 1124, 0, 1124, 0, 1124, 0, - 1124, 0, 1124, 0, 1124, 0, 0, 0, 0, 1124, - 1124, 0, 1124, 1124, 1124, 0, 0, 0, 1124, 0, - 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, - 1124, 0, 0, 1124, 0, 1124, 1124, 1124, 0, 0, - 1124, 0, -924, 0, -924, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1124, 0, 1124, 0, 0, 1124, 0, 0, - 2050, 0, 1125, 0, 0, 0, 0, 1124, 1124, 1124, - 1124, 1575, 1124, 0, 0, 0, 0, 1124, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4467, 0, 0, 0, + 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, + 0, 4295, 0, 0, 1125, 0, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3445, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 4331, 0, 0, 0, 945, 0, 0, 0, 0, 0, + 0, 0, 1125, 1125, 0, 0, 0, 0, 1125, 0, + 0, 0, 1125, 1125, 1125, 0, 0, 0, 0, 0, + 0, 0, 1125, 1125, 0, 0, 0, 0, 1125, 0, + 0, 0, 1125, 1125, 1125, 0, 1125, 1125, 1125, 1124, + 0, 0, 0, 0, 0, 0, 0, 1125, 1124, 1125, + 0, 0, 1125, 1125, 1125, 1125, 0, 1125, 4390, 1125, + 1125, 0, 1124, 0, 1575, 1124, 0, 0, 0, 0, + 0, 0, 0, 1125, 1125, 1125, 1125, 1125, 0, 1125, + 1125, 1125, 1125, 1125, 1125, 0, 1125, 1125, 0, 1125, + 1125, 0, 1125, 1125, 0, 0, 1125, 1125, 0, 1125, + 1125, 0, 0, 1125, 0, 1125, 0, 0, 0, 1125, + 1125, 1125, 0, 0, 1125, 1125, 1125, 1125, 0, 1125, + 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, + 0, 0, 1125, 1125, 1125, 1125, 0, 0, 0, 0, + 0, 0, 0, 1125, 1125, 0, 1125, 1125, 0, 0, + 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, 1125, + 1125, 1125, 1125, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 947, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1575, 0, 0, + 1125, 0, 4508, 0, 0, 4508, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3445, 0, + 0, 0, 0, 0, 0, 0, 2030, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4469, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, - 1575, 1575, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4470, 4471, 4472, 0, 0, 0, - 0, 0, 1125, 0, 0, 0, 0, 2613, 0, 0, - 0, 0, 0, 0, 4473, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1124, 0, 0, 0, 0, 0, 0, 4466, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, - 0, 4474, 0, 4475, 0, 0, 1575, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1124, 1124, + 0, 1124, 0, 0, 0, 0, 0, 1125, 0, 1125, + 0, 0, 0, 0, 1124, 1124, 1124, 0, 0, 0, + 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1125, 1124, 1124, 0, 0, 1, 0, 2, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1124, 0, 0, + 0, 0, 0, 0, 0, 0, 1124, 0, 3, 4, + 0, 0, 0, 0, 0, 0, 3445, 0, 0, 0, + 3735, 0, 0, 0, 0, 0, 5, 0, 6, 0, + 7, 0, 8, 0, 0, 0, 0, 0, 0, 0, + 9, 0, 0, 0, 0, 0, 0, 1125, 0, 0, + 0, 0, 0, 0, 1124, 0, 0, 0, 1124, 0, + 0, 10, 0, 11, 12, 0, 0, 0, 0, 0, + 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1575, 0, 0, 0, 0, 0, 0, 14, 0, 0, + 0, 15, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 16, 0, 0, 0, 0, 0, 0, 0, 0, + 17, 0, 0, 0, 0, 1125, 0, 0, 0, 0, + 0, 18, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 20, 0, 0, 0, 21, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5629, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 23, 24, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 25, 26, + 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, + 27, 28, 29, 0, 30, 0, 0, 0, 0, 31, + 0, 0, 0, 3735, 0, 32, 0, 0, 0, 33, + 34, 35, 0, 0, 0, 945, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 945, 2613, 0, 0, 0, 1125, 1125, 0, 0, + 3735, 0, 0, 0, 0, 36, 0, 37, 0, 38, + 0, 0, 1124, 1124, 0, 0, 39, 0, 0, 0, + 0, 0, 0, 0, 0, 40, 41, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 42, 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, -924, 0, 4476, 0, 0, 0, 0, 0, 0, - 0, -924, 0, -924, 0, 0, 0, 0, 0, 0, - 0, 4477, 0, 0, 0, 0, 0, 0, 4478, 0, - 0, 0, 0, 0, 0, 0, 1125, 1125, 0, 2050, - 0, 0, 1125, 4479, 0, 0, 1125, 1125, 1125, 0, - 4480, 0, 0, 0, 0, 0, 1125, 1125, 0, 1124, - 0, 0, 1125, 0, 0, 4481, 1125, 1125, 1125, 0, - 1125, 1125, 1125, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 1125, 0, 4467, 1125, 1125, 1125, 1125, - 0, 1125, 0, 1125, 1125, 0, 0, 0, 1575, 0, - 0, 0, 0, 0, 0, 0, 0, 1125, 1125, 1125, - 1125, 1125, 0, 1125, 1125, 1125, 1125, 1125, 1125, 0, - 1125, 1125, 4482, 1125, 1125, 0, 1125, 1125, 0, 0, - 1125, 1125, 4483, 1125, 1125, 0, 0, 1125, 0, 1125, - 0, 0, 0, 1125, 1125, 1125, 0, 0, 1125, 1125, - 1125, 1125, 0, 1125, 0, 0, 4469, 0, 0, 0, - 1125, 0, 0, 0, 0, 864, 1125, 1125, 1125, 1125, - 4484, 0, 0, 0, 0, 0, 1124, 1125, 1125, 1124, - 1125, 1125, 0, 4485, 1125, 1125, 1125, 1125, 1125, 1125, - 1125, 1125, 1125, 1125, 1125, 1125, 1125, 865, 0, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4470, 4471, 4472, 0, 0, 867, 0, - 0, 0, 4486, 0, 0, 0, 0, 868, 4487, 0, - 0, 0, 0, 4473, 1125, 0, 0, 0, 0, 2030, - 0, 0, 0, 0, 0, 0, 0, 0, 869, 0, - 0, 0, 4488, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 870, 0, 0, 0, 0, 871, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4489, 0, 0, 0, - 4474, 872, 4475, 4490, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 3843, - -924, 0, 4476, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4491, 0, - 4477, 0, 0, 0, 0, 0, 0, 4478, 0, 0, - 0, 0, 0, 4492, 4493, 0, 0, 0, 0, 0, - 873, 1125, 4479, 1125, 874, 0, 4494, 0, 0, 4480, + 0, 0, 0, 0, 43, 44, 0, 45, 0, 0, + 0, 0, 0, 0, 46, 0, 0, 0, 0, 0, + 0, 0, 47, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1125, 1125, 1125, 0, 0, 0, + 0, 0, 48, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 875, 0, 4481, 0, 876, 877, 0, 0, - 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 4495, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 878, 0, 0, - 0, 0, 0, 0, 879, 880, 0, 0, 0, 0, - 0, 0, 4957, 0, 0, 0, 0, 0, 0, 0, - 0, 4482, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4483, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1124, 1124, 0, 0, 0, 1124, - 0, 0, 0, 0, 0, 0, 0, 0, 1575, 0, - 0, 1125, 0, 0, 2141, 0, 0, 0, 0, 4484, - 0, 1124, 0, 1124, 0, 1124, 0, 1124, 0, 0, - 0, 0, 4485, 0, 0, 0, 0, 0, 0, 0, - 0, 1124, 0, 0, 0, 0, 0, 1575, 0, 0, - 0, 0, 0, 0, 2142, 0, 0, 0, 0, 0, - 1124, 1124, 0, 0, 0, 1124, 0, 1124, 0, 1124, - 0, 4486, 0, 0, 1124, 0, 0, 4487, 0, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2143, 0, 0, - 0, 4488, 2144, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2145, 2146, 1575, 0, 0, 0, 1124, - 0, 1, 0, 2, 0, 0, 1124, 0, 0, 0, - 0, 0, 0, 0, 0, 4489, 0, 0, 0, 0, - 0, 0, 4490, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, - 0, 0, 0, 1124, 3, 4, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4491, 0, 0, - 0, 0, 5, 0, 6, 0, 7, 0, 8, 0, - 0, 0, 4492, 4493, 0, 0, 9, 0, 0, 0, - 0, 0, 1125, 0, 0, 4494, 0, 0, 0, 0, - 1125, 1125, 0, 0, 0, 0, 0, 10, 0, 11, - 12, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4495, 14, 0, 0, 0, 15, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 16, 1124, 0, - 0, 0, 0, 0, 1125, 0, 17, 1124, 2147, 0, - 0, 0, 0, 0, 0, 0, 0, 18, 2148, 0, - 0, 1124, 0, 1575, 1124, 0, 0, 19, 0, 2149, - 20, 0, 0, 0, 21, 2150, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 49, 0, 0, 0, + 0, 945, 0, 0, 0, 0, 50, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1124, 0, 0, 1575, 1125, 51, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 52, 0, 1125, 0, 0, 0, 1125, 1125, 0, 1125, + 1125, 53, 0, 0, 54, 0, 0, 55, 1125, 0, + 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 56, 0, 1124, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1125, 0, 1575, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 945, 0, + 0, 1124, 0, 1125, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2030, 57, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 945, 0, 0, 0, 0, 1125, 0, 0, + 0, 0, 0, 0, 1125, 58, 0, 0, 0, 59, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 60, + 0, 0, 0, 0, 0, 0, 0, 61, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1124, + 62, 1124, 0, 0, 0, 3843, 0, 0, 0, 0, + 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3330, 63, 0, 0, 64, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4508, 3735, 0, + 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 65, + 0, 0, 0, 0, 0, 0, 0, 1125, 66, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 67, 0, 0, 0, 0, + 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 68, 0, + 1125, 0, 0, 0, 1125, 1124, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4508, 0, 0, 0, 0, 0, + 0, 0, 4508, 0, 0, 0, 0, 0, 4508, 4508, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4508, 0, + 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 945, 945, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4466, 174, 175, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 5466, 0, 4589, 0, 0, 0, + 1125, 0, 0, 4508, 1125, 0, 0, 1125, 0, 0, + 0, 0, 0, 0, 0, 4508, 1125, 0, 4591, 4508, + 0, 0, 0, 0, 0, 1125, 5467, 1125, 1125, 0, + 1125, 1125, 1125, 1125, 0, 1125, 0, 1125, 1125, 0, + 1125, 0, 0, 0, 0, 0, 0, 2050, 1125, 1125, + 0, 0, 0, 1125, 1125, 1125, 0, 0, 5468, 0, + 0, 0, 0, 1125, 1125, 1125, 0, 1125, 0, 1125, + 0, 1125, 0, 1125, 0, 1125, 0, 0, 0, 0, + 1125, 1125, 0, 1125, 1125, 1125, 0, 0, 0, 1125, + 0, 0, 1125, 4467, 0, 0, 0, 0, 0, 0, + 0, 1125, 0, 0, 1125, 0, 1125, 1125, 1125, 0, + 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 4595, 0, 0, 0, 0, 0, 4508, 6269, + 0, 0, 0, 1125, 0, 1125, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 1125, - 1125, 0, 0, 0, 0, 0, 945, 0, 0, 0, - 0, 22, 0, 0, 0, 0, 0, 2151, 0, 0, - 0, 2152, 945, 23, 24, 0, 0, 0, 1251, 0, + 1125, 1125, 0, 1125, 0, 4597, 0, 0, 1125, 0, + 0, 0, 0, 0, 4469, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1, 0, 0, 0, 0, 0, 0, 0, 4599, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4508, 0, 4508, 4508, 0, 0, 0, 1125, 0, + 0, 4470, 4471, 4472, 3, 4, 0, 0, 0, 1126, + 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, + 0, 4473, 5, 0, 6, 0, 7, 0, 8, 0, + 0, 1124, 0, 4508, 0, 0, 9, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1125, 0, 0, 1126, 1124, 0, 10, 0, 11, + 12, 0, 0, 1575, 0, 0, 13, 0, 4508, 1124, + 4600, 0, 1125, 0, 0, 0, 0, 0, 4474, 0, + 4475, 0, 0, 14, 0, 0, 0, 15, 0, 0, + 0, 0, 0, 0, 4508, 0, 0, 16, 0, 0, + 4476, 0, 0, 0, 0, 0, 17, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 18, 4477, 0, + 0, 0, 0, 0, 0, 4478, 0, 19, 0, 0, + 20, 0, 0, 0, 21, 0, 945, 0, 0, 0, + 4479, 0, 1125, 0, 0, 0, 0, 4480, 0, 0, + 0, 4602, 0, 0, 0, 0, 0, 0, 4604, 0, + 0, 22, 4481, 0, 0, 1125, 0, 0, 0, 0, + 0, 0, 0, 23, 24, 0, 0, 0, 0, 0, 0, 0, 0, 0, 25, 26, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 27, 28, 29, 0, - 30, 0, 2153, 0, 0, 31, 0, 0, 1125, 0, - 0, 32, 0, 0, 0, 33, 34, 35, 0, 0, - 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, - 1125, 1125, 0, 1125, 1125, 0, 0, 0, 0, 0, - 0, 0, 1125, 0, 1125, 0, 1124, 0, 0, 0, - 0, 36, 0, 37, 0, 38, 0, 0, 0, 0, - 0, 0, 39, 0, 0, 0, 0, 0, 0, 0, - 0, 40, 41, 0, 0, 1125, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 42, 0, + 0, 4606, 0, 0, 0, 0, 27, 28, 29, 0, + 30, 0, 0, 0, 0, 31, 0, 0, 0, 0, + 0, 32, 0, 0, 0, 33, 34, 35, 0, 4482, + 0, 0, 0, 0, 0, 2158, 0, 0, 0, 4483, + 0, 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 43, 44, 0, 45, 0, 0, 0, 0, 0, 0, - 46, 0, 0, 0, 0, 0, 1124, 0, 47, 0, + 1125, 36, 0, 37, 0, 38, 0, 0, 0, 0, + 0, 0, 39, 0, 0, 0, 0, 4484, 0, 0, + 0, 40, 41, 0, 0, 0, 0, 0, 0, 0, + 4485, 0, 4608, 0, 0, 0, 0, 0, 42, 0, + 0, 0, 0, 0, 0, 0, 1124, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 43, 44, 0, 45, 0, 0, 0, 0, 1126, 4486, + 46, 0, 1126, 0, 0, 4487, 0, 0, 47, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 0, 0, 48, 4488, + 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, - 0, 0, 0, 0, 4466, 174, 175, 0, 48, 0, - 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1124, 1124, 0, - 1124, 0, 49, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 50, 1124, 1124, 1124, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 1125, 0, - 0, 51, 0, 945, 0, 945, 0, 945, 945, 0, - 1124, 1124, 0, 0, 945, 0, 52, 945, 0, 2158, - 0, 0, 0, 0, 0, 2050, 0, 53, 0, 0, - 54, 0, 0, 55, 1124, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1124, 0, 56, 0, - 0, 0, 0, 0, 0, 1124, 0, 0, 0, 0, + 1125, 0, 49, 0, 0, 1124, 0, 0, 0, 0, + 0, 0, 50, 4489, 0, 0, 0, 0, 0, 0, + 4490, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 51, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 52, 0, 0, 0, + 0, 1126, 1126, 1126, 1126, 4491, 0, 53, 0, 0, + 54, 0, 0, 55, 1126, 0, 0, 0, 0, 0, + 4492, 4493, 0, 0, 0, 0, 0, 0, 56, 0, + 0, 0, 0, 4494, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4467, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 4495, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1575, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 1124, 0, 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1575, - 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, - 0, 0, 4469, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1125, 0, 0, 0, 1125, 0, 0, 0, 57, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 58, 0, 0, 0, 59, 0, 0, 0, 4470, - 4471, 4472, 0, 0, 0, 60, 0, 4464, 0, 4465, - 0, 0, 0, 61, 4466, 174, 175, 0, 0, 4473, + 0, 58, 0, 0, 0, 59, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 60, 0, 1124, 0, 0, + 0, 0, 0, 61, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 62, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 945, 0, 0, 0, 0, 0, 0, 0, 0, 63, - 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, -924, 0, -924, - 0, 0, 0, 0, 0, 0, 4474, 0, 4475, 0, + 0, 0, 0, 0, 0, 1125, 1125, 0, 0, 63, + 1125, 0, 64, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1125, 0, 1125, 0, 1125, 0, 1125, 0, 0, 0, 0, 0, 0, 65, 0, 0, 0, 0, - 0, 0, 0, 0, 66, 2050, 0, 0, 4476, 0, + 0, 0, 1125, 0, 66, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1124, 1124, 0, 0, 0, 4477, 0, 0, 0, - 0, 67, 0, 4478, 1125, 0, 0, 0, 1125, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 4479, 0, - 1125, 4467, 0, 0, 68, 4480, 0, 0, 0, 1125, - 0, 1125, 1125, 0, 1125, 1125, 1125, 1125, 0, 1125, - 4481, 1125, 1125, 4468, 1125, 0, 0, 1919, 0, 0, - 0, 0, 1125, 1125, 0, 0, 0, 1125, 1125, 1125, - 0, 0, 0, 0, 0, 0, 0, 1125, 1125, 1125, - 0, 1125, 0, 1125, 0, 1125, 0, 1125, 0, 1125, - 0, 0, 0, 0, 1125, 1125, 0, 1125, 1125, 1125, - 0, 0, 4469, 1125, 0, 0, 1125, 4482, 0, 0, - 0, 0, 0, 0, 0, 1125, 0, 4483, 1125, 0, - 1125, 1125, 1125, 0, 0, 1125, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1124, 0, - 0, 1575, 0, 0, 0, 0, 0, 1125, 0, 1125, - 0, 0, 1125, 0, 0, 4484, 0, 0, 0, 4470, - 4471, 4472, 1125, 1125, 1125, 1125, 0, 1125, 4485, 0, - 0, 0, 1125, 0, 0, 0, 0, 0, 0, 4473, + 0, 1125, 1125, 0, 0, 0, 1125, 0, 1125, 0, + 1125, 67, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1124, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4486, 0, 0, - 0, 1575, 0, 4487, 0, 1126, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1125, 0, 0, 945, 4474, 4488, 4475, 0, + 0, 0, 0, 0, 68, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, -924, 0, 4476, 0, - 1126, 0, 0, 0, 0, 0, 0, 0, 0, 1124, - 0, 4489, 0, 0, 0, 0, 4477, 0, 4490, 0, - 0, 0, 0, 4478, 0, 1125, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4479, 0, - 0, 0, 0, 0, 0, 4480, 1125, 0, 0, 0, - 0, 0, 0, 4491, 0, 0, 0, 0, 0, 0, - 4481, 0, 0, 0, 0, 0, 0, 0, 4492, 4493, - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4494, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1124, 0, 1124, - 0, 0, 0, 3, 4, 0, 1125, 4482, 4495, 0, - 0, 0, 0, 0, 0, 0, 0, 4483, 0, 0, - 0, 5, 0, 0, 0, 7, 0, 8, 0, 1125, - 0, 0, 0, 0, 0, 9, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4484, 10, 0, 11, 12, - 0, 0, 0, 0, 0, 13, 0, 0, 4485, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 15, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 17, 0, 4486, 0, 0, - 0, 0, 0, 4487, 1125, 0, 18, 0, 0, 0, - 0, 0, 0, 1124, 0, 0, 19, 0, 0, 20, - 0, 0, 0, 0, 0, 0, 0, 4488, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 0, 0, 0, 1126, 0, - 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4489, 23, 24, 0, 0, 0, 0, 4490, 0, - 0, 1126, 0, 25, 26, 0, 0, 0, 0, 0, - 0, 1126, 0, 0, 0, 27, 28, 0, 0, 30, - 0, 0, 0, 0, 31, 0, 0, 0, 0, 1124, - 32, 0, 0, 4491, 33, 34, 35, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4492, 4493, - 0, 1125, 1124, 0, 1125, 0, 0, 0, 0, 0, - 0, 4494, 0, 0, 0, 0, 0, 0, 0, 0, - 36, 0, 37, 0, 38, 0, 0, 1126, 1126, 1126, - 1126, 39, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 41, 0, 0, 0, 0, 0, 0, 4495, 0, - 0, 0, 0, 0, 0, 0, 0, 42, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 43, - 0, 0, 45, 0, 0, 0, 0, 0, 0, 46, - 0, 0, 0, 0, 0, 0, 0, 47, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 48, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 49, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 50, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 51, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 52, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 53, 0, 0, 54, - 0, 0, 55, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 56, 0, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1125, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1124, 0, 0, 1126, 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 945, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, - 1125, 0, 0, 0, 1125, 0, 0, 0, 0, 0, - 1124, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 945, 1125, 0, 1125, 1124, - 1125, 0, 1125, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, - 0, 57, 0, 1124, 0, 0, 0, 0, 945, 0, - 0, 1575, 0, 0, 0, 1125, 1125, 1124, 0, 0, - 1125, 2845, 1125, 0, 1125, 0, 0, 0, 0, 1125, - 58, 0, 0, 0, 59, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 60, 945, 945, 0, 0, 0, - 0, 0, 61, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 62, 0, 0, 0, 0, - 0, 1126, 0, 0, 1125, 0, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 63, 0, - 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, - 0, 0, 0, 0, 65, 0, 0, 0, 0, 0, - 0, 0, 0, 66, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 67, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1124, 68, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 1126, 0, 0, 0, - 0, 1126, 0, 0, 0, 1126, 1126, 1126, 0, 0, - 0, 0, 0, 1125, 0, 1126, 1126, 0, 0, 0, - 0, 1126, 1125, 0, 0, 1126, 1126, 1126, 0, 1126, - 1126, 1126, 0, 0, 0, 0, 1125, 0, 0, 1125, - 1126, 0, 1126, 0, 1124, 1126, 1126, 1126, 1126, 0, - 1126, 0, 1126, 1126, 0, 0, 0, 0, 0, 0, - 1090, 0, 0, 0, 0, 0, 1126, 1126, 1126, 1126, - 1126, 0, 1126, 1126, 1126, 1126, 1126, 1126, 0, 1126, - 1126, 0, 1126, 1126, 0, 1126, 1126, 0, 0, 1126, - 1126, 0, 1126, 1126, 0, 0, 1126, 0, 1126, 0, - 0, 0, 1126, 1126, 1126, 0, 0, 1126, 1126, 1126, - 1126, 0, 1126, 0, 0, 0, 0, 3081, 0, 1126, - 0, 0, 0, 1124, 0, 1126, 1126, 1126, 1126, 0, - 0, 0, 0, 0, 0, 0, 1126, 1126, 0, 1126, - 1126, 0, 0, 1126, 1126, 1126, 1126, 1126, 1126, 1126, - 1126, 1126, 1126, 1126, 1126, 1126, 0, 0, 1126, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, + 0, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 945, 0, 1575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 1126, + 1126, 1124, 0, 0, 0, 1126, 0, 0, 0, 1126, + 1126, 1126, 1125, 0, 0, 1125, 0, 0, 0, 1126, + 1126, 0, 0, 0, 0, 1126, 0, 0, 0, 1126, + 1126, 1126, 0, 1126, 1126, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 1126, 0, 0, 1126, + 1126, 1126, 1126, 0, 1126, 0, 1126, 1126, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1126, 1126, 1126, 1126, 0, 1126, 1126, 1126, 1126, + 1126, 1126, 0, 1126, 1126, 0, 1126, 1126, 0, 1126, + 1126, 0, 0, 1126, 1126, 0, 1126, 1126, 0, 0, + 1126, 0, 1126, 0, 0, 0, 1126, 1126, 1126, 0, + 0, 1126, 1126, 1126, 1126, 0, 1126, 1, 0, 0, + 0, 0, 0, 1126, 0, 0, 0, 0, 0, 1126, + 1126, 1126, 1126, 0, 0, 0, 0, 1125, 0, 0, + 1126, 1126, 0, 1126, 1126, 0, 0, 1126, 1126, 1126, + 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, 1126, + 3, 4, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 5, 0, + 0, 0, 7, 0, 8, 0, 0, 0, 0, 0, + 0, 0, 9, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1919, 0, 0, 1575, 0, 0, 4466, - 174, 175, 0, 0, 0, 0, 0, 0, 1124, 0, + 0, 0, 0, 10, 0, 11, 12, 1125, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1125, 1125, 0, 1125, 0, 5465, 0, 4589, + 0, 0, 0, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 1125, - 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 4591, 1126, 0, 0, 0, 0, 0, 0, 5466, - 0, 0, 0, 0, 0, 1125, 1125, 0, 0, 0, + 0, 1125, 17, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 18, 1125, 1125, 1125, 0, 0, 0, + 0, 0, 0, 19, 0, 0, 20, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1125, 1125, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 1126, 22, 0, 0, + 0, 0, 0, 0, 0, 1125, 0, 0, 0, 23, + 24, 0, 0, 0, 0, 0, 0, 1125, 0, 0, + 25, 26, 0, 0, 0, 0, 1125, 1126, 0, 0, + 0, 0, 27, 28, 0, 0, 30, 0, 0, 0, + 0, 31, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 33, 34, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2050, 0, 0, 1126, 0, 0, 0, 0, 0, 1125, - 0, 5467, 0, 0, 0, 1124, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 1125, 0, 0, 1586, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4467, 0, 0, 0, - 3330, 0, 0, 0, 0, 0, 1612, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1627, 945, 0, 0, - 1124, 0, 0, 0, 0, 4595, 0, 0, 1125, 0, - 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, - 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4597, 0, - 0, 0, 0, 0, 0, 0, 0, 4469, 0, 0, - 0, 0, 0, 0, 0, 0, 945, 0, 0, 0, - 0, 0, 0, 0, 0, 1701, 0, 0, 0, 0, - 945, 0, 4599, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, + 0, 0, 0, 0, 1125, 0, 0, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 0, 36, 0, 37, + 0, 38, 0, 0, 0, 0, 0, 0, 39, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 41, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 42, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4470, 4471, 4472, 0, 0, 0, - 3445, 945, 0, 0, 0, 0, 0, 0, 0, 0, - 945, 945, 945, 0, 4473, 3081, 0, 0, 0, 0, - 1124, 0, 0, 0, 1124, 0, 0, 3735, 0, 0, - 0, 3735, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 43, 0, 0, 45, + 0, 0, 0, 0, 0, 0, 46, 0, 0, 0, + 0, 174, 175, 0, 47, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, - 0, 0, 0, 4600, 0, 0, 0, 0, 0, 0, - 0, 4474, 0, 4475, 0, 0, 0, 0, 0, 0, + 0, 0, 1126, 0, 48, 0, 0, 0, 0, 1208, + 0, 1209, 0, 0, 0, 0, 0, 0, 0, 671, + 0, 0, 0, 0, 0, 0, 0, 0, 49, 0, + 0, 0, 0, 1177, 0, 0, 0, 0, 50, 0, + 0, 1210, 1211, 0, 0, 0, 0, 0, 0, 0, + 0, 1212, 0, 0, 0, 0, 0, 51, 0, 0, + 0, 0, 0, 0, 0, 11, 12, 0, 0, 0, + 0, 0, 52, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1126, 53, 0, 0, 54, 0, 0, 55, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4476, 0, 0, 0, 0, 0, 0, - 0, 1126, 0, 0, 0, 0, 1125, 1125, 0, 1126, - 1126, 4477, 0, 0, 0, 0, 0, 0, 4478, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4479, 0, 0, 0, 0, 0, 0, - 4480, 0, 0, 0, 4602, 0, 1895, 0, 0, 1124, - 0, 4604, 0, 0, 0, 4481, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, + 0, 0, 1125, 1125, 56, 0, 0, 1213, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4606, 0, 0, 0, 0, 0, + 0, 1214, 0, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 1126, 1126, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1090, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1126, 1126, 1126, - 0, 0, 4482, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4483, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4484, 0, 0, 0, 0, 0, 0, 1126, 0, 0, - 0, 0, 0, 4485, 0, 4608, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 0, 0, 945, 1126, - 1126, 0, 1126, 1126, 945, 0, 0, 1125, 0, 0, - 0, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, - 0, 0, 4486, 0, 0, 0, 0, 0, 4487, 0, - 0, 0, 0, 0, 0, 0, 2087, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1215, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1126, 0, 1216, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 57, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1126, 1126, 1126, 0, 0, 0, 0, 0, 0, + 1125, 0, 0, 0, 1217, 0, 0, 58, 0, 0, + 0, 59, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 60, 0, 0, 0, 0, 0, 0, 0, 61, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 62, 0, 0, 0, 0, 0, 0, 1218, + 0, 1126, 0, 0, 1125, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 63, 0, 0, 64, 1126, + 1219, 0, 0, 1126, 1126, 0, 1126, 1126, 0, 1220, + 0, 0, 0, 0, 0, 1126, 0, 1126, 0, 0, + 0, 0, 1221, 0, 0, 0, 0, 0, 0, 0, + 0, 65, 0, 1222, 0, 0, 0, 0, 0, 0, + 66, 0, 0, 0, 0, 0, 0, 0, 1126, 0, + 0, 0, 0, 0, 0, 0, 1223, 0, 0, 0, + 0, 1125, 0, 0, 0, 0, 0, 67, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, - 0, 0, 4488, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, -2313, 1224, 0, 0, 1225, + 68, 1226, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1125, 0, 4489, 0, 0, 0, - 0, 0, 0, 4490, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, - 0, 0, 2164, 0, 2164, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 4491, 0, + 1126, 0, 0, 0, 0, 0, 0, 0, 1227, 1228, + 0, 0, 0, 0, 1229, 1230, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4492, 4493, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4494, 0, 0, 0, - 1126, 0, 0, 0, 0, 0, 2211, 1126, 0, 0, - 2216, 0, 2218, 0, 0, 0, 0, 0, 0, 0, - 2233, 2234, 1125, 0, 1125, 0, 2263, 0, 0, 0, - 2268, 2269, 2270, 4495, 2272, 2273, 2274, 0, 0, 0, - 0, 0, 0, 0, 0, 2282, 0, 2285, 0, 0, - 2286, 2287, 2288, 2289, 0, 0, 0, 2293, 2294, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 2306, 2307, 2314, 2318, 2319, 0, 2322, 2323, 2324, - 2327, 2328, 0, 0, 2331, 2332, 0, 2338, 2339, 0, - 2342, 2343, 0, 0, 0, 2347, 0, 2349, 2350, 0, - 0, 2353, 0, 2354, 0, 0, 0, 2357, 2314, 2359, - 1126, 0, 2365, 0, 2367, 2368, 0, 2369, 3735, 0, - 0, 0, 0, 0, 2373, 0, 0, 0, 0, 0, - 2375, 2376, 2377, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 0, 0, 0, 1125, 0, - 945, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 1126, 0, 0, + 0, 1231, 0, 0, 0, 0, 0, 0, 0, 1586, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, + 0, 1125, 1232, 0, 1126, 0, 0, 0, 0, 0, + 0, 1126, 1612, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1627, 0, 1233, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2473, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1234, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1701, 0, 1235, 0, 0, 0, 0, 0, 0, + 0, 0, 1236, 0, 0, 1237, 1238, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, + 1239, 0, 0, 0, 0, 1125, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, + 0, 0, 0, 0, 0, 0, 0, 1240, 0, 0, + 0, 0, 0, 0, 0, 0, 1241, 1126, 0, 0, + 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -3345, 0, 1242, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, + -3345, 0, 0, 0, 0, 0, 0, 1243, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1895, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 2586, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 1126, 0, 0, - 1126, 0, 0, 0, 0, 0, 0, 0, 2618, 1126, + 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, + 0, 1126, 0, 0, 1126, 0, 0, 0, 0, 0, + 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, + 0, 0, 1126, 0, 1126, 1126, 0, 1126, 1126, 1126, + 1126, 0, 1126, 0, 1126, 1126, 0, 1126, 0, 0, + 0, 0, 0, 0, 0, 1126, 1126, 0, 0, 0, + 1126, 1126, 1126, 0, 0, 0, 0, 0, 0, 0, + 1126, 1126, 1126, 0, 1126, 0, 1126, 0, 1126, 0, + 1126, 0, 1126, 0, 0, 0, 0, 1126, 1126, 0, + 1126, 1126, 1126, 0, 0, 0, 1126, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, - 1126, 1126, 0, 1126, 1126, 1126, 1126, 0, 1126, 0, - 1126, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, - 0, 1126, 1126, 0, 0, 0, 1126, 1126, 1126, 0, - 0, 0, 0, 0, 0, 0, 1126, 1126, 1126, 0, - 1126, 0, 1126, 0, 1126, 0, 1126, 0, 1126, 0, - 0, 0, 0, 1126, 1126, 0, 1126, 1126, 1126, 0, - 0, 0, 1126, 0, 0, 1126, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 2697, 0, 1126, 0, 1126, - 1126, 1126, 0, 0, 1126, 0, 0, 0, 4052, 4184, - 0, 0, 0, 4185, 4186, 0, 0, 0, 0, 0, - 0, 0, 0, 4187, 0, 0, 1126, 0, 1126, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1126, 1126, 1126, 1126, 0, 1126, 0, 4188, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4189, 0, 2757, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4190, 0, 6140, + 0, 1126, 0, 1126, 1126, 1126, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2087, 0, 0, 0, 0, 0, 0, 0, + 1126, 0, 1126, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1126, 1126, 1126, 0, + 1126, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1125, 0, 4053, 0, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1125, 0, 0, 4192, 4193, 4194, - 0, 0, 0, 0, 0, 0, 0, 4195, 4054, 4196, - 0, 0, 0, 2834, 0, 0, 0, 0, 1125, 0, - 0, 0, 0, 0, 0, 4197, 0, 0, 0, 0, - 0, 0, 1125, 0, 1126, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 2889, 4198, 0, 0, - 0, 0, 0, 0, 2896, 2897, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4055, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4508, 4508, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4200, 4056, 4201, - 0, 0, 0, 0, 0, 0, 0, 0, 2916, 0, - 0, 0, 0, 0, 0, 1126, 0, 0, 0, 4202, - 4203, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 2955, 2957, 2959, 0, 0, 0, 0, 0, + 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 2164, 0, + 2164, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4204, 0, 4205, 4206, 0, 0, 0, 0, 0, 0, - 3330, 0, 0, 0, 0, 0, 0, 1125, 0, 4207, + 0, 0, 2211, 0, 0, 0, 2216, 0, 2218, 0, + 0, 0, 0, 0, 0, 0, 2233, 2234, 1126, 0, + 0, 0, 2263, 0, 0, 0, 2268, 2269, 2270, 0, + 2272, 2273, 2274, 0, 0, 0, 0, 0, 0, 1126, + 0, 2282, 0, 2285, 0, 0, 2286, 2287, 2288, 2289, + 0, 0, 0, 2293, 2294, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2306, 2307, 2314, + 2318, 2319, 0, 2322, 2323, 2324, 2327, 2328, 0, 0, + 2331, 2332, 0, 2338, 2339, 0, 2342, 2343, 0, 0, + 0, 2347, 0, 2349, 2350, 0, 0, 2353, 0, 2354, + 0, 0, 0, 2357, 2314, 2359, 0, 0, 2365, 1126, + 2367, 2368, 0, 2369, 0, 0, 0, 0, 0, 0, + 2373, 0, 0, 0, 0, 0, 2375, 2376, 2377, 0, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 945, 0, 0, 0, - 0, 0, 0, 1126, 0, 4208, 4209, 0, 0, 0, - 3021, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3029, 0, 3030, 1125, + 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4211, 0, 945, 0, 0, 0, 0, 0, 3055, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2473, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3069, 0, 0, 0, 0, - 0, 0, 4212, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 0, 0, 0, 0, 0, 1125, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 3126, 0, 1126, 0, 0, 945, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2697, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4213, 4214, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4215, 4216, 0, 0, 0, 3152, 0, 0, 0, 0, - 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3735, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4217, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3242, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4219, - 0, 0, 4220, 0, 0, 4221, 0, 0, 0, 3269, + 0, 2586, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3269, 4223, - 1125, 0, 3293, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4224, + 0, 0, 0, 0, 1126, 0, 0, 1126, 0, 0, + 0, 0, 0, 0, 2618, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1125, 0, 0, 1126, 1126, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 0, 1126, 0, 1126, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 1126, 0, 0, 0, 1126, - 0, 1126, 0, 1126, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3473, 0, - 0, 0, 3475, 0, 0, 3476, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 1125, 0, 0, 0, 1125, - 1126, 0, 0, 3754, 0, 0, 0, 0, 3758, 3759, - 3760, 3761, 0, 3762, 0, 3763, 3764, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3769, 3770, 0, 0, - 0, 3771, 3772, 3773, 0, 0, 0, 1126, 0, 0, - 0, 3775, 3776, 3777, 0, 3778, 0, 3780, 0, 3782, - 0, 3784, 0, 3786, 0, 0, 0, 0, 2324, 3789, - 0, 2324, 0, 3792, 0, 0, 0, 3793, 0, 0, - 3794, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3445, 3800, 0, 3801, 3802, 3803, 0, 0, 3804, - 0, 0, 0, 0, 0, 0, 0, 0, 945, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3826, 0, 0, 0, - 0, 0, 0, 0, 1125, 0, 0, 3836, 3839, 0, - 0, 3844, 1126, 0, 0, 0, 0, 0, 0, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1126, 0, 0, 1126, 1, + 0, 0, 0, 0, 0, 0, 0, 0, 1125, 0, + 0, 2697, 0, 0, 0, 0, 0, 0, 0, 0, + 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3887, 0, 0, 0, - 0, 0, 3, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 5, 0, 6, 0, 7, 0, 8, 0, 0, 0, - 0, 0, 0, 0, 9, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 2591, - 0, 0, 0, 0, 0, 10, 0, 11, 12, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, - 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 14, 0, 0, 0, 15, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 16, 0, 0, 0, 0, - 0, 0, 0, 0, 17, 0, 4508, 0, 0, 4508, - 0, 0, 0, 0, 0, 18, 0, 0, 0, 0, - 0, 0, 3445, 0, 0, 19, 0, 0, 20, 0, - 0, 0, 21, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, - 1126, 0, 0, 2697, 0, 0, 0, 0, 0, 0, - 0, 23, 24, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 25, 26, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 27, 28, 29, 0, 30, 0, - 0, 1126, 1126, 31, 1126, 0, 0, 0, 0, 32, - 0, 0, 0, 33, 34, 35, 0, 1126, 1126, 1126, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4508, - 0, 0, 0, 0, 1126, 1126, 0, 0, 4116, 36, - 0, 37, 0, 38, 0, 0, 0, 0, 0, 0, - 39, 0, 0, 0, 0, 0, 0, 0, 1126, 40, - 41, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 0, 0, 0, 0, 0, 42, 0, 0, 1126, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 43, 44, - 3445, 45, 0, 0, 3735, 0, 0, 0, 46, 0, - 0, 0, 0, 0, 0, 0, 47, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, - 0, 1126, 0, 0, 0, 0, 48, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 2757, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4249, 0, 0, 4250, 0, - 49, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 50, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 51, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 52, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 53, 0, 0, 54, 0, - 0, 55, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 56, 5628, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 2834, + 0, 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3735, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 945, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 945, 0, 0, 0, 0, - 0, 0, 0, 0, 3735, 1126, 1126, 0, 0, 0, + 0, 0, 1126, 1126, 0, 0, 0, 1126, 0, 0, + 0, 0, 2889, 0, 0, 0, 0, 0, 0, 0, + 2896, 2897, 0, 0, 0, 0, 0, 0, 0, 1126, + 0, 1126, 0, 1126, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 57, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1126, + 0, 0, 0, 1126, 2916, 1126, 0, 1126, 0, 0, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1125, 0, 0, 0, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 2955, 2957, + 2959, 0, 0, 0, 0, 0, 0, 1126, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 58, - 0, 0, 0, 59, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 60, 0, 0, 0, 0, 0, 0, - 0, 61, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 62, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4278, 4279, 0, 0, 63, 4284, 0, - 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4304, 0, 4305, 0, 4306, 945, 4307, 0, 0, 0, - 0, 0, 1126, 65, 0, 0, 0, 0, 0, 0, - 4325, 0, 66, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4346, - 4347, 0, 0, 0, 0, 0, 0, 0, 0, 67, - 0, 0, 0, 3269, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, - 0, 0, 68, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4394, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3021, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3029, 0, 3030, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 2591, 1126, 0, 0, 0, 0, 0, 0, - 0, 0, 945, 0, 0, 0, 0, 0, 0, 0, + 0, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3055, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, + 0, 3069, 0, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2697, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 945, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3152, 0, 0, 0, 0, 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4538, 0, 0, - 0, 1126, 0, 1126, 0, 0, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3269, 0, 0, 4550, 4508, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3330, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4508, 3735, 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, + 0, 3242, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4669, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4508, 0, - 0, 0, 0, 0, 0, 0, 4508, 0, 0, 0, - 0, 0, 4508, 4508, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3269, 0, 0, 0, 3293, 0, + 0, 0, 0, 0, 0, 1126, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, - 0, 0, 4508, 0, 0, 4748, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1126, 945, 945, 0, + 0, 1126, 1126, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4773, 4774, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4781, 4782, 4783, 0, 0, 0, 0, 0, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, + 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4508, 0, 4805, - 4806, 0, 0, 0, 0, 0, 0, 0, 0, 4508, - 0, 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4828, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1126, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3473, 0, 0, 0, 3475, 0, + 0, 3476, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3754, + 0, 0, 0, 0, 3758, 3759, 3760, 3761, 0, 3762, + 0, 3763, 3764, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3769, 3770, 0, 0, 0, 3771, 3772, 3773, + 0, 0, 0, 0, 0, 0, 0, 3775, 3776, 3777, + 0, 3778, 0, 3780, 0, 3782, 0, 3784, 0, 3786, + 0, 0, 0, 0, 2324, 3789, 0, 2324, 0, 3792, + 0, 0, 0, 3793, 0, 0, 3794, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3800, 0, + 3801, 3802, 3803, 0, 0, 3804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 2591, 0, 0, 0, 2591, 0, 0, 0, + 0, 0, 3826, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 3836, 3839, 0, 0, 3844, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4508, 6268, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, + 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3887, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2591, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4508, 0, 4508, 4508, 0, - 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 5096, 5097, 0, 0, 0, 0, 0, 0, 4508, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1126, 0, 0, 0, 0, 0, 0, 0, 2697, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 945, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4116, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1126, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3269, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1126, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4249, 0, 0, 4250, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2591, 0, - 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 2697, 0, 5406, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4278, + 4279, 0, 0, 0, 4284, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4304, 0, 4305, 0, + 4306, 0, 4307, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4325, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4346, 4347, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4394, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 5540, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4538, 0, 0, 1126, 0, 0, 0, + 0, 0, 3269, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3269, 0, 0, 4550, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1126, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -6931,29 +6932,37 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4670, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4749, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5752, + 0, 0, 4774, 4775, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4782, 4783, + 4784, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3269, 0, + 0, 0, 1126, 0, 0, 4806, 4807, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 4829, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1126, 0, 2591, 0, + 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -6962,15 +6971,17 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5097, 5098, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 5947, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -6978,2496 +6989,2386 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 6025, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1126, + 0, 0, 0, 1126, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3269, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3269, 0, + 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1126, 0, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 14, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 2591, 0, 0, 16, 0, + 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 21, 0, 180, 0, 0, + 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, + 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 2697, 0, 5407, 0, 0, 0, 29, + 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 961, 0, 0, 0, 0, 962, 963, - 0, 0, 0, 0, 0, 0, 0, 6157, 0, 964, - 965, 0, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 1701, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 2591, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 39, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 41, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 2591, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 2311, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 2312, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 2313, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 3883, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3884, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 3885, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 3886, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 1585, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 2588, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 2589, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 2954, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 2956, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 2958, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 4853, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 2589, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1611, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 2162, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 2163, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 2163, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 2384, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1005, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 0, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 2385, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 3785, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 1015, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 3799, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 1015, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 6252, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 0, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1578, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 0, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1579, 1580, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1694, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 0, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1579, 1580, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1696, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 0, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1579, 1580, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 1005, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 0, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 964, 965, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 978, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 2405, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 0, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 1081, 1082, 961, 0, 0, 0, 1083, 962, 963, - 0, 0, 0, 1084, 0, 0, 0, 1085, 1086, 964, - 965, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, - 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 978, 979, 980, - 981, 0, 0, 0, 0, 0, 0, 0, 982, 983, - 0, 984, 0, 0, 0, 0, 0, 0, 985, 986, - 0, 0, 987, 988, 989, 990, 0, 991, 176, 0, - 992, 993, 0, 0, 0, 0, 0, 0, 0, 994, - 0, 0, 995, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 996, 997, 998, 0, 999, 0, 0, 0, 0, 0, - 0, 0, 1000, 1001, 1002, 178, 0, 0, 0, 0, - 0, 1003, 0, 0, 179, 0, 0, 0, 0, 0, - 1004, 0, 0, 2407, 0, 0, 0, 0, 0, 0, - 0, 0, 1006, 0, 1007, 0, 1008, 0, 0, 0, - 0, 0, 1009, 0, 0, 0, 0, 0, 0, 0, - 180, 1010, 1011, 0, 1012, 0, 0, 0, 1013, 181, - 0, 0, 0, 1014, 0, 0, 182, 0, 0, 1016, - 1017, 1018, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, - 1020, 1021, 1022, 0, 1023, 0, 0, 0, 0, 0, - 0, 1024, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1025, 0, 0, 0, 0, 0, 0, 0, - 1026, 1027, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1028, - 0, 0, 0, 0, 0, 0, 1029, 1030, 0, 1031, - 1032, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1034, 1035, 1036, 0, 0, 0, 0, 0, 1037, - 1038, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 1039, 1040, 1041, 1042, 198, 199, 200, 1043, 202, - 203, 204, 205, 206, 207, 1044, 209, 210, 211, 212, - 213, 214, 215, 1045, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 1046, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 1047, 246, 1048, 1049, 1050, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 1051, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 1052, 1053, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 1054, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 1055, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 1056, 1057, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 1058, 406, 407, 408, 409, 410, 1059, 412, 413, 414, - 415, 416, 417, 418, 419, 1060, 1061, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 1062, - 444, 445, 446, 447, 448, 449, 450, 1063, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 1064, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 1065, 508, 509, 510, 511, 512, 513, - 1066, 515, 516, 517, 518, 519, 1067, 521, 1068, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 1069, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 1070, 1071, 1072, 1073, 575, 576, 577, 578, 1074, 1075, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 1076, 594, 595, 1077, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 1078, 609, 1079, - 611, 612, 613, 0, 614, 615, 616, 1080, 0, 0, - 0, 0, 0, 0, 0, 0, 1081, 1082, 961, 0, - 0, 0, 1083, 962, 963, 0, 0, 0, 1084, 0, - 0, 0, 1085, 1086, 6109, 6110, 1087, 966, 967, 968, - 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 979, 980, 981, 0, 0, 0, 0, - 0, 0, 0, 982, 983, 0, 984, 0, 0, 0, - 0, 0, 0, 985, 986, 0, 0, 987, 988, 989, - 990, 0, 991, 176, 0, 992, 993, 0, 0, 0, - 0, 0, 0, 0, 994, 0, 0, 995, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 996, 997, 998, 0, 999, - 0, 0, 0, 0, 0, 0, 0, 1000, 1001, 1002, - 178, 0, 0, 0, 0, 0, 1003, 0, 0, 179, - 0, 0, 0, 0, 0, 1004, 0, 0, 1578, 0, - 0, 0, 0, 0, 0, 0, 0, 1006, 0, 1007, - 0, 1008, 0, 0, 0, 0, 0, 1009, 0, 0, - 0, 0, 0, 0, 0, 180, 1010, 1011, 0, 1012, - 0, 0, 0, 1013, 181, 0, 0, 0, 1014, 0, - 0, 182, 0, 0, 1016, 1017, 1018, 1019, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 1020, 1021, 1022, 0, 1023, - 0, 0, 0, 0, 0, 0, 1024, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1025, 0, 0, - 0, 0, 0, 0, 0, 1026, 1027, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1028, 0, 0, 0, 0, 0, - 0, 1029, 1030, 0, 1031, 1032, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1034, 1035, 1036, 0, - 0, 0, 0, 0, 1037, 1038, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 1039, 1040, 1041, 1042, - 198, 199, 200, 1043, 202, 203, 204, 205, 206, 207, - 1044, 209, 210, 211, 212, 213, 214, 215, 1045, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 1046, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 1047, 246, - 1048, 1049, 1050, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 1051, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 1052, - 1053, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 1054, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 1055, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 1056, - 1057, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 1058, 406, 407, 408, 409, - 410, 1059, 412, 413, 414, 415, 416, 417, 418, 419, - 1060, 1061, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 1062, 444, 445, 446, 447, 448, - 449, 450, 1063, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 1064, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 1065, 508, - 509, 510, 511, 512, 513, 1066, 515, 516, 517, 518, - 519, 1067, 521, 1068, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 1069, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 1070, 1071, 1072, 1073, 575, - 576, 577, 578, 1074, 1075, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 1076, 594, 595, - 1077, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 1078, 609, 1079, 611, 612, 613, 0, 614, - 615, 616, 1080, 0, 0, 0, 0, 0, 0, 0, - 0, 6111, 6112, 961, 0, 0, 0, 0, 1617, 0, - 0, 0, 0, 6113, 0, 0, 0, 0, 1086, 1571, - 1572, 1087, 966, 967, 968, 969, 970, 971, 972, 973, - 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 40, 0, 0, 0, 0, 186, 187, 188, + 922, 190, 191, 0, 193, 194, 195, 196, 197, 0, + 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 0, 209, 210, 211, 212, 213, 214, 215, + 216, 0, 923, 0, 0, 220, 221, 222, 223, 224, + 0, 0, 227, 228, 229, 230, 231, 0, 0, 0, + 235, 236, 237, 238, 239, 0, 241, 242, 243, 244, + 0, 0, 0, 0, 0, 0, 250, 0, 252, 0, + 254, 255, 0, 257, 258, 259, 260, 261, 262, 0, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 0, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 0, 287, 288, 289, 290, 0, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 0, 0, 0, 306, 0, 5541, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 0, 0, 0, + 0, 0, 322, 323, 926, 325, 326, 327, 3269, 329, + 330, 0, 332, 333, 0, 0, 335, 0, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 0, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 0, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 0, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 0, 0, 0, 443, 0, 445, 446, + 0, 448, 449, 450, 451, 0, 453, 454, 455, 456, + 0, 0, 0, 0, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 0, 488, 0, 490, 491, 492, 0, 494, 495, 0, + 497, 498, 499, 500, 501, 502, 0, 504, 505, 506, + 507, 508, 509, 510, 0, 512, 513, 514, 0, 516, + 517, 518, 519, 520, 0, 522, 523, 0, 0, 526, + 527, 0, 0, 530, 531, 532, 0, 534, 0, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 0, 545, 546, 0, 548, 0, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 0, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 0, 581, 582, 0, + 584, 585, 586, 587, 0, 0, 590, 591, 0, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 0, 5753, 611, 612, 0, + 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3269, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 2591, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, - 0, 0, 998, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, - 0, 0, 1019, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 2441, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 2442, 572, 573, 2443, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 6402, 614, 615, 616, 617, 2361, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, + 5948, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 6026, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 6402, 614, 615, 616, 617, 2361, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 6403, - 0, 0, 0, 0, 0, 0, 2362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, + 961, 0, 0, 0, 0, 962, 963, 0, 0, 0, + 0, 0, 0, 0, 6158, 0, 964, 965, 0, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 1701, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 2591, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 39, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 41, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 2591, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 2311, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 2312, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 2313, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, + 0, 0, 0, 0, 3883, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3884, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 3885, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 3886, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 1585, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 2588, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 2589, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 2954, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 2956, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 2958, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 4854, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 2589, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1611, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 2162, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 2163, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 2163, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 2384, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1005, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 0, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 2385, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 3785, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 1015, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 3799, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 1015, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 6253, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 0, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1578, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 0, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1579, 1580, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 1617, 614, 615, 616, 617, 0, 0, - 0, 0, 0, 0, 1571, 1572, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1694, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 0, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1579, 1580, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1696, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 0, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1579, 1580, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 2362, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 1005, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 0, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 964, 965, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 978, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 2405, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 0, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 1081, 1082, + 961, 0, 0, 0, 1083, 962, 963, 0, 0, 0, + 1084, 0, 0, 0, 1085, 1086, 964, 965, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, + 0, 0, 0, 0, 0, 0, 0, 977, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 978, 979, 980, 981, 0, 0, + 0, 0, 0, 0, 0, 982, 983, 0, 984, 0, + 0, 0, 0, 0, 0, 985, 986, 0, 0, 987, + 988, 989, 990, 0, 991, 176, 0, 992, 993, 0, + 0, 0, 0, 0, 0, 0, 994, 0, 0, 995, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 996, 997, 998, + 0, 999, 0, 0, 0, 0, 0, 0, 0, 1000, + 1001, 1002, 178, 0, 0, 0, 0, 0, 1003, 0, + 0, 179, 0, 0, 0, 0, 0, 1004, 0, 0, + 2407, 0, 0, 0, 0, 0, 0, 0, 0, 1006, + 0, 1007, 0, 1008, 0, 0, 0, 0, 0, 1009, + 0, 0, 0, 0, 0, 0, 0, 180, 1010, 1011, + 0, 1012, 0, 0, 0, 1013, 181, 0, 0, 0, + 1014, 0, 0, 182, 0, 0, 1016, 1017, 1018, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 1020, 1021, 1022, + 0, 1023, 0, 0, 0, 0, 0, 0, 1024, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1025, + 0, 0, 0, 0, 0, 0, 0, 1026, 1027, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1028, 0, 0, 0, + 0, 0, 0, 1029, 1030, 0, 1031, 1032, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1034, 1035, + 1036, 0, 0, 0, 0, 0, 1037, 1038, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 1039, 1040, + 1041, 1042, 198, 199, 200, 1043, 202, 203, 204, 205, + 206, 207, 1044, 209, 210, 211, 212, 213, 214, 215, + 1045, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 1046, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 1047, 246, 1048, 1049, 1050, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 1051, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 1052, 1053, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 1054, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 1055, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 1056, 1057, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 1058, 406, 407, + 408, 409, 410, 1059, 412, 413, 414, 415, 416, 417, + 418, 419, 1060, 1061, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 1062, 444, 445, 446, + 447, 448, 449, 450, 1063, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 1064, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 1065, 508, 509, 510, 511, 512, 513, 1066, 515, 516, + 517, 518, 519, 1067, 521, 1068, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 1069, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 1070, 1071, 1072, + 1073, 575, 576, 577, 578, 1074, 1075, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 1076, + 594, 595, 1077, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 1078, 609, 1079, 611, 612, 613, + 0, 614, 615, 616, 1080, 0, 0, 0, 0, 0, + 0, 0, 0, 1081, 1082, 961, 0, 0, 0, 1083, + 962, 963, 0, 0, 0, 1084, 0, 0, 0, 1085, + 1086, 6110, 6111, 1087, 966, 967, 968, 969, 970, 971, + 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 979, 980, 981, 0, 0, 0, 0, 0, 0, 0, + 982, 983, 0, 984, 0, 0, 0, 0, 0, 0, + 985, 986, 0, 0, 987, 988, 989, 990, 0, 991, + 176, 0, 992, 993, 0, 0, 0, 0, 0, 0, + 0, 994, 0, 0, 995, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 996, 997, 998, 0, 999, 0, 0, 0, + 0, 0, 0, 0, 1000, 1001, 1002, 178, 0, 0, + 0, 0, 0, 1003, 0, 0, 179, 0, 0, 0, + 0, 0, 1004, 0, 0, 1578, 0, 0, 0, 0, + 0, 0, 0, 0, 1006, 0, 1007, 0, 1008, 0, + 0, 0, 0, 0, 1009, 0, 0, 0, 0, 0, + 0, 0, 180, 1010, 1011, 0, 1012, 0, 0, 0, + 1013, 181, 0, 0, 0, 1014, 0, 0, 182, 0, + 0, 1016, 1017, 1018, 1019, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 1020, 1021, 1022, 0, 1023, 0, 0, 0, + 0, 0, 0, 1024, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1025, 0, 0, 0, 0, 0, + 0, 0, 1026, 1027, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1028, 0, 0, 0, 0, 0, 0, 1029, 1030, + 0, 1031, 1032, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1034, 1035, 1036, 0, 0, 0, 0, + 0, 1037, 1038, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 1039, 1040, 1041, 1042, 198, 199, 200, + 1043, 202, 203, 204, 205, 206, 207, 1044, 209, 210, + 211, 212, 213, 214, 215, 1045, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 1046, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 1047, 246, 1048, 1049, 1050, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 1051, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 1052, 1053, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 1054, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 1055, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 1056, 1057, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 1058, 406, 407, 408, 409, 410, 1059, 412, + 413, 414, 415, 416, 417, 418, 419, 1060, 1061, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 1062, 444, 445, 446, 447, 448, 449, 450, 1063, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 1064, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 1065, 508, 509, 510, 511, + 512, 513, 1066, 515, 516, 517, 518, 519, 1067, 521, + 1068, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 1069, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 1070, 1071, 1072, 1073, 575, 576, 577, 578, + 1074, 1075, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 1076, 594, 595, 1077, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 1078, + 609, 1079, 611, 612, 613, 0, 614, 615, 616, 1080, + 0, 0, 0, 0, 0, 0, 0, 0, 6112, 6113, + 961, 0, 0, 0, 0, 1617, 0, 0, 0, 0, + 6114, 0, 0, 0, 0, 1086, 1571, 1572, 1087, 966, + 967, 968, 969, 970, 971, 972, 973, 974, 975, 976, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 998, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, + 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, + 0, 0, 0, 182, 0, 0, 0, 0, 0, 1019, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1033, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 1617, 614, - 615, 616, 617, 0, 0, 0, 0, 0, 0, 1571, - 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1618, 0, 0, 0, 0, 0, 0, - 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, + 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 2441, 276, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 2442, 572, 573, + 2443, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 6403, 614, 615, 616, 617, 2361, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, + 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, + 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 2361, 614, 615, 616, 617, 0, 0, - 0, 0, 0, 0, 174, 175, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, + 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 6403, 614, 615, 616, 617, 2361, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 174, 175, 0, 0, + 0, 0, 0, 0, 0, 0, 6404, 0, 0, 0, + 0, 0, 0, 2362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, + 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, + 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, + 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 1617, 614, 615, 616, 617, 0, 0, 0, 0, 0, + 0, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 2362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, - 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 2362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4907, + 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, + 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 755, 0, 0, 0, 0, 0, 178, - 0, 0, 0, 0, 0, 0, 0, 0, 179, 3174, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, - 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, - 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, + 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, + 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 757, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 759, 0, 0, 0, - 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, - 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, - 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, - 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, - 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, - 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, - 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, - 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, - 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, - 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 317, 318, 319, 320, 0, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, - 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, - 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, - 450, 451, 4908, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, - 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, - 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, - 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, - 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, - 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, - 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, + 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4909, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, + 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, + 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, + 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, + 609, 610, 611, 612, 613, 1617, 614, 615, 616, 617, + 0, 0, 0, 0, 0, 0, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1618, 0, 0, 0, 0, 0, 0, 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1352, 0, - 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, - 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, + 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, + 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, + 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 39, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 41, - 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, - 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, - 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, - 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 0, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, - 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, - 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, - 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, - 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, - 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, - 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, - 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1353, 0, 0, 0, 0, 0, 0, 0, 787, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, + 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, + 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, + 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, + 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, + 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, + 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 2361, 614, 615, 616, 617, 0, 0, 0, 0, 0, + 0, 174, 175, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1087, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1351, 0, 0, 0, 0, 177, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1352, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9533,19 +9434,19 @@ 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1353, 0, 0, 0, 0, 1354, 0, 0, 787, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 2362, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4908, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1352, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 755, 0, 0, 0, 0, 0, 178, 0, 0, 0, + 0, 0, 0, 0, 0, 179, 3174, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, @@ -9555,12 +9456,12 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 757, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 759, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, @@ -9588,7 +9489,7 @@ 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, + 443, 444, 445, 446, 447, 448, 449, 450, 451, 4909, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, @@ -9607,8 +9508,8 @@ 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1353, - 0, 0, 0, 0, 1354, 0, 0, 787, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4910, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9629,13 +9530,13 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 39, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 41, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, @@ -9690,9 +9591,9 @@ 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, + 1351, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1352, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9756,9 +9657,9 @@ 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, - 0, 0, 0, 0, 0, 0, 0, 2824, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 787, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1353, 0, 0, + 0, 0, 1354, 0, 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9767,7 +9668,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1352, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9832,8 +9733,8 @@ 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 5093, 0, 0, 0, - 0, 0, 0, 0, 4909, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1353, 0, 0, 0, + 0, 1354, 0, 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9842,7 +9743,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 178, 0, 0, 0, 0, 0, 5423, 0, + 0, 0, 1352, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9907,8 +9808,8 @@ 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4909, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1353, 0, 0, 0, 0, + 0, 0, 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9948,9 +9849,9 @@ 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, - 304, 305, 306, 0, 0, 307, 308, 309, 784, 311, + 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 0, - 785, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, @@ -9963,7 +9864,7 @@ 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, - 448, 786, 450, 451, 452, 453, 454, 455, 456, 457, + 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, @@ -9981,7 +9882,7 @@ 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2824, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10057,8 +9958,8 @@ 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5094, 0, 0, 0, 0, 0, 0, + 0, 4910, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10067,7 +9968,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, - 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, + 0, 0, 0, 0, 0, 5424, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10133,85 +10034,85 @@ 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4909, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 4910, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, - 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, - 0, 0, 0, 0, 0, 0, 915, 0, 0, 0, - 14, 0, 0, 916, 0, 0, 0, 0, 178, 0, - 0, 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 918, 0, 0, 0, 0, 0, 0, 0, 919, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, + 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 21, 0, 180, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, - 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, - 0, 0, 0, 186, 187, 188, 922, 190, 191, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 0, 209, - 210, 211, 212, 213, 214, 215, 216, 0, 923, 0, - 0, 220, 221, 222, 223, 224, 0, 0, 227, 228, - 229, 230, 231, 0, 0, 0, 235, 236, 237, 238, - 239, 924, 241, 242, 243, 244, 0, 0, 0, 0, - 0, 0, 250, 0, 252, 0, 254, 255, 0, 257, - 258, 259, 260, 261, 262, 0, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 0, - 278, 0, 279, 280, 281, 282, 283, 284, 285, 0, - 287, 288, 289, 290, 0, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 0, 0, 0, 306, - 0, 925, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 0, 0, 0, 0, 0, 322, 323, - 926, 325, 326, 327, 0, 329, 330, 0, 332, 333, - 0, 0, 335, 0, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 0, 349, 350, 351, 352, - 353, 354, 355, 356, 357, 0, 359, 360, 361, 362, + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, + 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, + 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, + 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, + 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, + 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, + 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, + 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, + 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, + 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, + 0, 0, 307, 308, 309, 784, 311, 312, 313, 314, + 315, 316, 317, 318, 319, 320, 0, 785, 322, 323, + 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, + 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 0, 428, 429, 430, 431, - 432, 433, 434, 435, 0, 436, 437, 438, 439, 927, - 0, 0, 443, 0, 445, 446, 0, 448, 449, 450, - 451, 0, 453, 454, 455, 456, 0, 0, 0, 0, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, 447, 448, 786, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 0, 488, 0, 490, - 491, 492, 0, 494, 495, 0, 497, 498, 499, 500, - 501, 502, 0, 504, 505, 506, 507, 508, 509, 510, - 0, 512, 513, 514, 0, 516, 517, 518, 519, 520, - 0, 522, 523, 0, 0, 526, 527, 0, 0, 530, - 531, 532, 0, 534, 0, 536, 537, 0, 0, 538, - 539, 0, 540, 541, 542, 543, 0, 545, 546, 0, - 548, 0, 550, 551, 552, 553, 554, 555, 556, 557, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, + 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 0, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 0, 581, 582, 0, 584, 585, 586, 587, - 0, 0, 590, 591, 0, 593, 594, 595, 596, 597, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 0, 0, 611, 612, 0, 0, 614, 0, 616, - 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 5755, 0, 0, 0, 0, 0, + 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, + 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 787, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1428, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, @@ -10271,7 +10172,7 @@ 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, 0, 537, 0, 0, 538, 539, + 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, @@ -10282,7 +10183,7 @@ 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1689, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10354,995 +10255,995 @@ 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 1176, 614, 615, 616, 617, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 174, 175, 0, 0, 0, 0, 0, 0, 0, 2416, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1177, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1178, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 1179, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 1180, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 1181, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 1182, 325, - 326, 327, 328, 1183, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 1184, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 1185, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 1186, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 1187, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 1188, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 1189, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 1190, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 1191, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 1192, - 610, 611, 612, 613, 1176, 614, 615, 616, 617, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1177, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1178, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 1179, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, + 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4910, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, + 0, 0, 0, 0, 0, 0, 0, 914, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 1180, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 1181, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 1182, 325, - 326, 327, 328, 1183, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 1184, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 1185, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 1186, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 1187, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 1188, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 1189, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 1192, - 610, 611, 612, 613, 1768, 614, 615, 616, 617, 0, + 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, + 0, 0, 0, 915, 0, 0, 0, 14, 0, 0, + 916, 0, 0, 0, 0, 178, 0, 0, 0, 0, + 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 918, 0, 0, + 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 21, 0, + 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, + 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, + 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 40, 0, 0, 0, 0, + 186, 187, 188, 922, 190, 191, 0, 193, 194, 195, + 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 0, 209, 210, 211, 212, + 213, 214, 215, 216, 0, 923, 0, 0, 220, 221, + 222, 223, 224, 0, 0, 227, 228, 229, 230, 231, + 0, 0, 0, 235, 236, 237, 238, 239, 924, 241, + 242, 243, 244, 0, 0, 0, 0, 0, 0, 250, + 0, 252, 0, 254, 255, 0, 257, 258, 259, 260, + 261, 262, 0, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 0, 278, 0, 279, + 280, 281, 282, 283, 284, 285, 0, 287, 288, 289, + 290, 0, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 0, 0, 0, 306, 0, 925, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 0, 0, 0, 0, 0, 322, 323, 926, 325, 326, + 327, 0, 329, 330, 0, 332, 333, 0, 0, 335, + 0, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 0, 349, 350, 351, 352, 353, 354, 355, + 356, 357, 0, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 0, 428, 429, 430, 431, 432, 433, 434, + 435, 0, 436, 437, 438, 439, 927, 0, 0, 443, + 0, 445, 446, 0, 448, 449, 450, 451, 0, 453, + 454, 455, 456, 0, 0, 0, 0, 461, 462, 463, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 484, 485, 486, 0, 488, 0, 490, 491, 492, 0, + 494, 495, 0, 497, 498, 499, 500, 501, 502, 0, + 504, 505, 506, 507, 508, 509, 510, 0, 512, 513, + 514, 0, 516, 517, 518, 519, 520, 0, 522, 523, + 0, 0, 526, 527, 0, 0, 530, 531, 532, 0, + 534, 0, 536, 537, 0, 0, 538, 539, 0, 540, + 541, 542, 543, 0, 545, 546, 0, 548, 0, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 0, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 0, + 581, 582, 0, 584, 585, 586, 587, 0, 0, 590, + 591, 0, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 0, 0, + 611, 612, 0, 0, 614, 0, 616, 617, 174, 175, + 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 5756, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1428, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, + 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, + 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, + 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 2008, 614, 615, 616, 617, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, + 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, + 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, + 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, + 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, + 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 0, 537, 0, 0, 538, 539, 0, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1689, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 2201, 614, 615, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 1176, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 174, 175, 0, + 0, 0, 0, 0, 0, 0, 2416, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1178, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 1179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 1180, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 1181, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 1182, 325, 326, 327, 328, + 1183, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 1184, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 1185, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 1186, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 1187, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 1188, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 1189, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 1190, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 1191, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 1192, 610, 611, 612, + 613, 1176, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 2607, 614, 615, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1178, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 1179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 2608, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 1180, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 1181, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 1182, 325, 326, 327, 328, + 1183, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 1184, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 1185, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 1186, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 1187, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 1188, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 1189, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 1192, 610, 611, 612, + 613, 1768, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 174, 175, 804, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 2607, 614, 615, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 2008, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 174, 175, 804, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 2022, - 963, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 2023, - 0, 2024, 0, 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 2201, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 174, 175, 804, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2026, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 2022, - 963, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 2023, - 0, 2024, 0, 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 2607, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2702, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2608, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 2703, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 2022, - 963, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 2023, - 0, 2024, 0, 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 2607, 614, 615, 616, 617, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 2022, - 963, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 2023, - 0, 2024, 0, 2025, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 0, 614, 615, 616, 617, 2022, 963, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, + 0, 0, 0, 0, 0, 0, 2023, 0, 2024, 0, + 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 1571, - 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2026, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 0, 614, 615, 616, 617, 2022, 963, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, + 0, 0, 0, 0, 0, 0, 2023, 0, 2024, 0, + 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2702, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 2422, 2423, 2424, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, - 0, 0, 0, 0, 0, 0, 0, 0, 4389, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 2703, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 0, 614, 615, 616, 617, 2022, 963, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, + 0, 0, 0, 0, 0, 0, 2023, 0, 2024, 0, + 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, - 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, - 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, - 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, + 4155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, - 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, - 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, - 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, - 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, - 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, - 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, - 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, - 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, - 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, - 0, 0, 0, 0, 0, 0, 0, 2806, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 0, 614, 615, 616, 617, 2022, 963, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1571, 1572, 0, + 0, 0, 0, 0, 0, 0, 2023, 0, 2024, 0, + 2025, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11416,7 +11317,7 @@ 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 1571, 1572, 0, 0, - 0, 0, 0, 0, 0, 0, 4170, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11446,8 +11347,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, - 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, - 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 2422, + 2423, 2424, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, @@ -11491,7 +11392,7 @@ 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, - 0, 0, 0, 0, 0, 5245, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4389, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11566,7 +11467,7 @@ 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, - 0, 0, 0, 0, 5571, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2806, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11640,9 +11541,9 @@ 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, - 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, - 2861, 0, 0, 5936, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 703, 0, 0, 0, 0, 0, + 615, 616, 617, 1571, 1572, 0, 0, 0, 0, 0, + 0, 0, 0, 4170, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11658,14 +11559,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, - 182, 704, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 183, 0, 5523, 0, 0, 0, 0, 0, + 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 5524, 0, 675, 0, 5525, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11715,15 +11616,15 @@ 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, - 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, - 0, 2862, 0, 0, 708, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1417, 0, 0, 0, 0, + 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, + 0, 0, 5246, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1773, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1774, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, @@ -11790,9 +11691,9 @@ 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, - 617, 174, 175, 804, 1418, 0, 0, 0, 0, 0, - 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1417, 0, 0, 0, 0, 0, + 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, + 0, 5572, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11865,232 +11766,232 @@ 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, - 174, 175, 0, 1418, 0, 0, 0, 0, 0, 0, + 174, 175, 0, 0, 0, 0, 0, 2861, 0, 0, + 5937, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 703, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 3478, 3479, 3480, 3481, - 3482, 3483, 3484, 3485, 3486, 3487, 3488, 4052, 4184, 3490, - 3491, 3492, 4185, 4186, 3493, 3494, 3495, 3496, 3497, 3498, - 3499, 3500, 4187, 3502, 3503, 0, 3504, 3505, 3506, 3507, - 3508, 3509, 3510, 3511, 3512, 3513, 3514, 0, 3515, 176, - 3516, 3517, 3518, 3519, 3520, 3521, 3522, 4188, 3524, 3525, - 3526, 3527, 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, - 4189, 3537, 3538, 3539, 3540, 3541, 3542, 177, 3543, 3544, - 3545, 3546, 3547, 3548, 3549, 3550, 4190, 3552, 0, 3553, - 3554, 3555, 3556, 3557, 0, 0, 178, 3558, 3559, 3560, - 3561, 3562, 3563, 3564, 3565, 5603, 3567, 3568, 3569, 3570, - 3571, 3572, 3573, 3574, 4191, 3576, 4053, 3578, 3579, 3580, - 3581, 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, - 3591, 3592, 3593, 0, 3594, 3595, 4192, 4193, 4194, 3596, - 3597, 180, 3598, 3599, 3600, 3601, 4195, 4054, 4196, 3602, - 181, 3603, 3604, 3605, 3606, 3607, 3608, 182, 3609, 3610, - 3611, 3612, 3613, 3614, 4197, 3615, 3616, 3617, 3618, 183, - 3619, 3620, 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, - 184, 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, - 3638, 3639, 3640, 3641, 3642, 3643, 4198, 3644, 3645, 3646, - 3647, 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, - 3657, 3658, 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, - 4199, 3667, 3668, 4055, 3669, 3670, 3671, 3672, 3673, 3674, - 3675, 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, - 3685, 185, 3686, 3687, 3688, 3689, 4200, 4056, 4201, 3690, - 3691, 3692, 3693, 3694, 3695, 3696, 3697, 0, 3699, 3700, - 3701, 3702, 3703, 3704, 3705, 3706, 3707, 3708, 4202, 4203, - 3710, 3711, 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, - 3720, 186, 187, 188, 0, 190, 191, 192, 193, 194, - 195, 196, 197, 3721, 3722, 3723, 198, 199, 200, 201, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, + 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, + 181, 0, 0, 0, 0, 0, 0, 182, 704, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 5524, 0, 0, 0, 0, 0, 0, 0, 0, + 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 5525, 0, 675, + 0, 5526, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, 213, 214, 215, 216, 217, 218, 0, 219, 5604, - 221, 5605, 5606, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 5607, 240, + 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, + 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, + 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 5608, 5609, 276, 277, 278, 0, + 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 5610, 296, 297, 298, + 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 5611, 318, 319, 320, 0, 321, 322, 323, 3437, 325, + 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 5612, 357, 358, 359, 360, 361, 362, 363, 364, + 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 5613, 5614, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 5615, - 5616, 435, 3727, 436, 437, 438, 439, 440, 441, 442, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 5617, 475, 476, 477, 478, 479, 480, 481, 482, + 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 5618, 519, 520, 521, 522, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 5619, 569, - 570, 5620, 572, 573, 5621, 575, 576, 577, 578, 579, + 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, + 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 5622, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 3438, - 610, 611, 612, 613, 0, 614, 615, 616, 5623, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, + 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, + 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, + 175, 804, 0, 0, 0, 0, 0, 0, 2862, 0, + 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1417, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1773, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1774, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, - 3483, 3484, 3485, 3486, 3487, 3488, 4052, 4184, 3490, 3491, - 3492, 4185, 4186, 3493, 3494, 3495, 3496, 3497, 3498, 3499, - 3500, 4187, 3502, 3503, 0, 3504, 3505, 3506, 3507, 3508, - 3509, 3510, 3511, 3512, 3513, 3514, 0, 3515, 176, 3516, - 3517, 3518, 3519, 3520, 3521, 3522, 4188, 3524, 3525, 3526, - 3527, 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, 4189, - 3537, 3538, 3539, 3540, 3541, 3542, 177, 3543, 3544, 3545, - 3546, 3547, 3548, 3549, 3550, 4190, 3552, 0, 3553, 3554, - 3555, 3556, 3557, 0, 0, 178, 3558, 3559, 3560, 3561, - 3562, 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, - 3572, 3573, 3574, 4191, 3576, 4053, 3578, 3579, 3580, 3581, - 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, - 3592, 3593, 0, 3594, 3595, 4192, 4193, 4194, 3596, 3597, - 180, 3598, 3599, 3600, 3601, 4195, 4054, 4196, 3602, 181, - 3603, 3604, 3605, 3606, 3607, 3608, 182, 3609, 3610, 3611, - 3612, 3613, 3614, 4197, 3615, 3616, 3617, 3618, 183, 3619, - 3620, 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, 184, - 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, - 3639, 3640, 3641, 3642, 3643, 4198, 3644, 3645, 3646, 3647, - 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, - 3658, 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 4199, - 3667, 3668, 4055, 3669, 3670, 3671, 3672, 3673, 3674, 3675, - 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, - 185, 3686, 3687, 3688, 3689, 4200, 4056, 4201, 3690, 3691, - 3692, 3693, 3694, 3695, 3696, 3697, 0, 3699, 3700, 3701, - 3702, 3703, 3704, 3705, 3706, 3707, 3708, 4202, 4203, 3710, - 3711, 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, - 186, 187, 188, 0, 190, 191, 192, 193, 194, 195, - 196, 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, + 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, + 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, + 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, + 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 4204, 221, - 4205, 4206, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 0, 4207, 240, 241, + 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 4208, 4209, 276, 277, 278, 0, 279, + 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 4210, 296, 297, 298, 299, + 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 4211, - 318, 319, 320, 0, 321, 322, 323, 0, 325, 326, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 4212, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 0, 400, 401, 402, 403, 404, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 4213, 4214, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 0, 4215, 4216, - 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 0, - 4217, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 4218, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 0, 519, 520, 521, 522, 523, - 524, 0, 526, 527, 528, 529, 530, 531, 532, 533, + 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, + 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, + 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 4219, 569, 570, - 4220, 572, 573, 4221, 575, 576, 577, 578, 579, 580, - 4222, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 0, 4223, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 0, 610, - 611, 612, 613, 0, 614, 615, 616, 4224, 174, 175, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, + 804, 1418, 0, 0, 0, 0, 0, 0, 0, 0, + 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1417, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, 3483, - 3484, 3485, 3486, 3487, 3488, 4052, 4184, 3490, 3491, 3492, - 4185, 4186, 3493, 3494, 3495, 3496, 3497, 3498, 3499, 3500, - 4187, 3502, 3503, 0, 3504, 3505, 3506, 3507, 3508, 3509, - 3510, 3511, 3512, 3513, 3514, 0, 3515, 176, 3516, 3517, - 3518, 3519, 3520, 3521, 3522, 4188, 3524, 3525, 3526, 3527, - 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, 4189, 3537, - 3538, 3539, 3540, 3541, 3542, 177, 3543, 3544, 3545, 3546, - 3547, 3548, 3549, 3550, 4190, 3552, 0, 3553, 3554, 3555, - 3556, 3557, 0, 0, 178, 3558, 3559, 3560, 3561, 3562, - 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, 3572, - 3573, 3574, 4191, 3576, 4053, 3578, 3579, 3580, 3581, 3582, - 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, 3592, - 3593, 0, 3594, 3595, 4192, 4193, 4194, 3596, 3597, 180, - 3598, 3599, 3600, 3601, 4195, 4054, 4196, 3602, 181, 3603, - 3604, 3605, 3606, 3607, 3608, 182, 3609, 3610, 3611, 3612, - 3613, 3614, 4197, 3615, 3616, 3617, 3618, 183, 3619, 3620, - 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, 184, 3629, - 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, 3639, - 3640, 3641, 3642, 3643, 4198, 3644, 3645, 3646, 3647, 3648, - 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, - 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 4199, 3667, - 3668, 4055, 3669, 3670, 3671, 3672, 3673, 3674, 3675, 3676, - 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, 185, - 3686, 3687, 3688, 3689, 4200, 4056, 4201, 3690, 3691, 3692, - 3693, 3694, 3695, 3696, 3697, 0, 3699, 3700, 3701, 3702, - 3703, 3704, 3705, 3706, 3707, 3708, 4202, 4203, 3710, 3711, - 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, 186, - 187, 188, 0, 190, 191, 192, 193, 194, 195, 196, - 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, 203, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, + 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, + 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, + 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, + 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, + 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, - 214, 215, 216, 217, 218, 0, 219, 4204, 221, 4205, - 4206, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 0, 4207, 240, 241, 242, + 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 4208, 4209, 276, 277, 278, 0, 279, 280, + 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, - 291, 292, 293, 294, 4210, 296, 297, 298, 299, 300, + 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 4211, 318, - 319, 320, 0, 321, 322, 323, 0, 325, 326, 327, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, 4212, + 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, - 396, 397, 398, 0, 400, 401, 402, 403, 404, 405, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 4213, 4214, 419, 420, 421, 422, 423, 424, 425, - 426, 427, 428, 429, 430, 431, 0, 4215, 4216, 435, - 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 0, 4217, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 5644, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 0, 519, 520, 521, 522, 523, 524, - 0, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 4219, 569, 570, 4220, - 572, 573, 4221, 575, 576, 577, 578, 579, 580, 5645, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 0, 4223, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 0, 610, 611, - 612, 613, 0, 614, 615, 616, 4224, 174, 175, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, + 1418, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3486, 3487, 3488, 4052, 4184, 3490, 3491, 3492, 4185, @@ -12102,7 +12003,7 @@ 3539, 3540, 3541, 3542, 177, 3543, 3544, 3545, 3546, 3547, 3548, 3549, 3550, 4190, 3552, 0, 3553, 3554, 3555, 3556, 3557, 0, 0, 178, 3558, 3559, 3560, 3561, 3562, 3563, - 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, 3572, 3573, + 3564, 3565, 5604, 3567, 3568, 3569, 3570, 3571, 3572, 3573, 3574, 4191, 3576, 4053, 3578, 3579, 3580, 3581, 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, 3592, 3593, 0, 3594, 3595, 4192, 4193, 4194, 3596, 3597, 180, 3598, @@ -12123,48 +12024,48 @@ 188, 0, 190, 191, 192, 193, 194, 195, 196, 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, - 215, 216, 217, 218, 0, 219, 4204, 221, 4205, 4206, + 215, 216, 217, 218, 0, 219, 5605, 221, 5606, 5607, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 237, 0, 4207, 240, 241, 242, 243, + 234, 235, 236, 237, 238, 5608, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, - 273, 4208, 4209, 276, 277, 278, 0, 279, 280, 281, + 273, 5609, 5610, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, - 292, 293, 294, 4210, 296, 297, 298, 299, 300, 301, + 292, 293, 294, 5611, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, - 310, 311, 312, 313, 314, 315, 316, 4211, 318, 319, - 320, 0, 321, 322, 323, 0, 325, 326, 327, 328, + 310, 311, 312, 313, 314, 315, 316, 5612, 318, 319, + 320, 0, 321, 322, 323, 3437, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, 355, 4212, 357, + 348, 349, 350, 351, 352, 353, 354, 355, 5613, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, - 397, 398, 0, 400, 401, 402, 403, 404, 405, 406, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, - 4213, 4214, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 429, 430, 431, 0, 4215, 4216, 435, 3727, + 5614, 5615, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 5616, 5617, 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 0, 4217, 475, + 466, 467, 468, 469, 470, 471, 472, 473, 5618, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, - 506, 5669, 508, 509, 510, 511, 512, 513, 514, 515, - 516, 517, 0, 519, 520, 521, 522, 523, 524, 0, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 5619, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 4219, 569, 570, 4220, 572, - 573, 4221, 575, 576, 577, 578, 579, 580, 5670, 582, + 563, 564, 565, 566, 567, 5620, 569, 570, 5621, 572, + 573, 5622, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 0, 4223, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 0, 610, 611, 612, - 613, 0, 614, 615, 616, 4224, 174, 175, 0, 0, + 593, 594, 595, 596, 597, 5623, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 3438, 610, 611, 612, + 613, 0, 614, 615, 616, 5624, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, 3483, 3484, 3485, @@ -12228,287 +12129,287 @@ 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, - 0, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 4218, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 0, 519, 520, 521, 522, 523, 524, 0, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 4219, 569, 570, 4220, 572, 573, - 4221, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 4221, 575, 576, 577, 578, 579, 580, 4222, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 0, 4223, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 0, 610, 611, 612, 613, - 0, 614, 615, 616, 4224, 174, 175, 804, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 863, 864, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 865, 0, 0, 0, - 866, 0, 0, 0, 176, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 867, 0, 0, - 0, 0, 0, 0, 0, 0, 868, 0, 0, 0, - 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 869, 0, 0, - 0, 178, 0, 0, 0, 0, 0, 0, 0, 0, - 179, 870, 0, 0, 0, 0, 871, 0, 0, 0, + 0, 614, 615, 616, 4224, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 872, 0, 0, 0, 0, 0, 180, 0, 0, 0, - 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, - 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 873, - 0, 0, 0, 874, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 875, 0, 0, 0, 876, 877, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 878, 0, 0, 0, - 0, 0, 0, 879, 880, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, - 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 0, 3478, 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3486, + 3487, 3488, 4052, 4184, 3490, 3491, 3492, 4185, 4186, 3493, + 3494, 3495, 3496, 3497, 3498, 3499, 3500, 4187, 3502, 3503, + 0, 3504, 3505, 3506, 3507, 3508, 3509, 3510, 3511, 3512, + 3513, 3514, 0, 3515, 176, 3516, 3517, 3518, 3519, 3520, + 3521, 3522, 4188, 3524, 3525, 3526, 3527, 3528, 3529, 3530, + 3531, 3532, 3533, 3534, 3535, 4189, 3537, 3538, 3539, 3540, + 3541, 3542, 177, 3543, 3544, 3545, 3546, 3547, 3548, 3549, + 3550, 4190, 3552, 0, 3553, 3554, 3555, 3556, 3557, 0, + 0, 178, 3558, 3559, 3560, 3561, 3562, 3563, 3564, 3565, + 3566, 3567, 3568, 3569, 3570, 3571, 3572, 3573, 3574, 4191, + 3576, 4053, 3578, 3579, 3580, 3581, 3582, 3583, 3584, 3585, + 3586, 3587, 3588, 3589, 3590, 3591, 3592, 3593, 0, 3594, + 3595, 4192, 4193, 4194, 3596, 3597, 180, 3598, 3599, 3600, + 3601, 4195, 4054, 4196, 3602, 181, 3603, 3604, 3605, 3606, + 3607, 3608, 182, 3609, 3610, 3611, 3612, 3613, 3614, 4197, + 3615, 3616, 3617, 3618, 183, 3619, 3620, 3621, 3622, 3623, + 3624, 3625, 3626, 3627, 3628, 184, 3629, 3630, 3631, 3632, + 3633, 3634, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, + 3643, 4198, 3644, 3645, 3646, 3647, 3648, 3649, 3650, 3651, + 3652, 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, + 3662, 3663, 3664, 3665, 3666, 4199, 3667, 3668, 4055, 3669, + 3670, 3671, 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, + 3680, 3681, 3682, 3683, 3684, 3685, 185, 3686, 3687, 3688, + 3689, 4200, 4056, 4201, 3690, 3691, 3692, 3693, 3694, 3695, + 3696, 3697, 0, 3699, 3700, 3701, 3702, 3703, 3704, 3705, + 3706, 3707, 3708, 4202, 4203, 3710, 3711, 3712, 3713, 3714, + 3715, 3716, 3717, 3718, 3719, 3720, 186, 187, 188, 0, + 190, 191, 192, 193, 194, 195, 196, 197, 3721, 3722, + 3723, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, - 217, 218, 0, 881, 220, 221, 222, 223, 224, 225, + 217, 218, 0, 219, 4204, 221, 4205, 4206, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, - 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, + 236, 237, 0, 4207, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, - 255, 256, 257, 882, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, + 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 4208, + 4209, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, - 294, 295, 296, 297, 298, 299, 883, 301, 302, 303, - 304, 884, 306, 0, 0, 307, 308, 309, 310, 311, - 312, 313, 885, 886, 316, 317, 318, 319, 320, 0, - 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 294, 4210, 296, 297, 298, 299, 300, 301, 302, 303, + 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, + 312, 313, 314, 315, 316, 4211, 318, 319, 320, 0, + 321, 322, 323, 0, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, + 350, 351, 352, 353, 354, 355, 4212, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 0, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 4213, 4214, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, + 429, 430, 431, 0, 4215, 4216, 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, 463, 464, 887, 466, 467, - 468, 888, 470, 471, 472, 473, 474, 889, 476, 477, - 478, 479, 480, 481, 482, 483, 484, 485, 890, 487, - 488, 489, 490, 491, 891, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 0, 4217, 475, 476, 477, + 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 5645, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 892, 525, 526, 527, - 893, 529, 530, 531, 532, 533, 534, 535, 536, 537, + 0, 519, 520, 521, 522, 523, 524, 0, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 894, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 4219, 569, 570, 4220, 572, 573, 4221, + 575, 576, 577, 578, 579, 580, 5646, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, - 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1154, 864, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 865, 0, 0, 0, 866, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 867, 0, 0, 0, - 0, 0, 0, 0, 0, 868, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 869, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, - 870, 0, 0, 0, 0, 871, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 872, - 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 873, 0, - 0, 0, 874, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 875, 0, 0, 0, 876, 877, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 878, 0, 0, 0, 0, - 0, 0, 879, 880, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 1155, 201, 202, 203, 204, 205, 206, 207, + 595, 596, 0, 4223, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 0, 610, 611, 612, 613, 0, + 614, 615, 616, 4224, 174, 175, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3478, 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3486, 3487, + 3488, 4052, 4184, 3490, 3491, 3492, 4185, 4186, 3493, 3494, + 3495, 3496, 3497, 3498, 3499, 3500, 4187, 3502, 3503, 0, + 3504, 3505, 3506, 3507, 3508, 3509, 3510, 3511, 3512, 3513, + 3514, 0, 3515, 176, 3516, 3517, 3518, 3519, 3520, 3521, + 3522, 4188, 3524, 3525, 3526, 3527, 3528, 3529, 3530, 3531, + 3532, 3533, 3534, 3535, 4189, 3537, 3538, 3539, 3540, 3541, + 3542, 177, 3543, 3544, 3545, 3546, 3547, 3548, 3549, 3550, + 4190, 3552, 0, 3553, 3554, 3555, 3556, 3557, 0, 0, + 178, 3558, 3559, 3560, 3561, 3562, 3563, 3564, 3565, 3566, + 3567, 3568, 3569, 3570, 3571, 3572, 3573, 3574, 4191, 3576, + 4053, 3578, 3579, 3580, 3581, 3582, 3583, 3584, 3585, 3586, + 3587, 3588, 3589, 3590, 3591, 3592, 3593, 0, 3594, 3595, + 4192, 4193, 4194, 3596, 3597, 180, 3598, 3599, 3600, 3601, + 4195, 4054, 4196, 3602, 181, 3603, 3604, 3605, 3606, 3607, + 3608, 182, 3609, 3610, 3611, 3612, 3613, 3614, 4197, 3615, + 3616, 3617, 3618, 183, 3619, 3620, 3621, 3622, 3623, 3624, + 3625, 3626, 3627, 3628, 184, 3629, 3630, 3631, 3632, 3633, + 3634, 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, + 4198, 3644, 3645, 3646, 3647, 3648, 3649, 3650, 3651, 3652, + 3653, 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, 3662, + 3663, 3664, 3665, 3666, 4199, 3667, 3668, 4055, 3669, 3670, + 3671, 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, 3680, + 3681, 3682, 3683, 3684, 3685, 185, 3686, 3687, 3688, 3689, + 4200, 4056, 4201, 3690, 3691, 3692, 3693, 3694, 3695, 3696, + 3697, 0, 3699, 3700, 3701, 3702, 3703, 3704, 3705, 3706, + 3707, 3708, 4202, 4203, 3710, 3711, 3712, 3713, 3714, 3715, + 3716, 3717, 3718, 3719, 3720, 186, 187, 188, 0, 190, + 191, 192, 193, 194, 195, 196, 197, 3721, 3722, 3723, + 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, - 218, 0, 881, 220, 221, 222, 223, 224, 225, 226, + 218, 0, 219, 4204, 221, 4205, 4206, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, + 237, 0, 4207, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, - 256, 257, 882, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, + 266, 267, 268, 269, 270, 271, 272, 273, 4208, 4209, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 883, 301, 302, 303, 304, - 884, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 885, 886, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + 4210, 296, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, + 313, 314, 315, 316, 4211, 318, 319, 320, 0, 321, + 322, 323, 0, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, + 351, 352, 353, 354, 355, 4212, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, + 391, 0, 392, 393, 394, 395, 396, 397, 398, 0, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 410, 411, 412, 413, 414, 415, 416, 4213, 4214, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, + 430, 431, 0, 4215, 4216, 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 887, 466, 467, 468, - 1156, 470, 471, 472, 473, 474, 889, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 890, 487, 488, - 489, 490, 491, 891, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 892, 525, 526, 527, 893, + 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, + 469, 470, 471, 472, 0, 4217, 475, 476, 477, 478, + 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, + 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, + 499, 500, 501, 502, 503, 504, 505, 506, 5670, 508, + 509, 510, 511, 512, 513, 514, 515, 516, 517, 0, + 519, 520, 521, 522, 523, 524, 0, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, - 894, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 4219, 569, 570, 4220, 572, 573, 4221, 575, + 576, 577, 578, 579, 580, 5671, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, - 615, 616, 617, 174, 175, 0, 0, 0, 2223, 2224, - 5344, 0, 5345, 0, 5346, 708, 5347, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 5348, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, - 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, - 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, - 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, + 596, 0, 4223, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 0, 610, 611, 612, 613, 0, 614, + 615, 616, 4224, 174, 175, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3478, + 3479, 3480, 3481, 3482, 3483, 3484, 3485, 3486, 3487, 3488, + 4052, 4184, 3490, 3491, 3492, 4185, 4186, 3493, 3494, 3495, + 3496, 3497, 3498, 3499, 3500, 4187, 3502, 3503, 0, 3504, + 3505, 3506, 3507, 3508, 3509, 3510, 3511, 3512, 3513, 3514, + 0, 3515, 176, 3516, 3517, 3518, 3519, 3520, 3521, 3522, + 4188, 3524, 3525, 3526, 3527, 3528, 3529, 3530, 3531, 3532, + 3533, 3534, 3535, 4189, 3537, 3538, 3539, 3540, 3541, 3542, + 177, 3543, 3544, 3545, 3546, 3547, 3548, 3549, 3550, 4190, + 3552, 0, 3553, 3554, 3555, 3556, 3557, 0, 0, 178, + 3558, 3559, 3560, 3561, 3562, 3563, 3564, 3565, 3566, 3567, + 3568, 3569, 3570, 3571, 3572, 3573, 3574, 4191, 3576, 4053, + 3578, 3579, 3580, 3581, 3582, 3583, 3584, 3585, 3586, 3587, + 3588, 3589, 3590, 3591, 3592, 3593, 0, 3594, 3595, 4192, + 4193, 4194, 3596, 3597, 180, 3598, 3599, 3600, 3601, 4195, + 4054, 4196, 3602, 181, 3603, 3604, 3605, 3606, 3607, 3608, + 182, 3609, 3610, 3611, 3612, 3613, 3614, 4197, 3615, 3616, + 3617, 3618, 183, 3619, 3620, 3621, 3622, 3623, 3624, 3625, + 3626, 3627, 3628, 184, 3629, 3630, 3631, 3632, 3633, 3634, + 3635, 3636, 3637, 3638, 3639, 3640, 3641, 3642, 3643, 4198, + 3644, 3645, 3646, 3647, 3648, 3649, 3650, 3651, 3652, 3653, + 3654, 3655, 3656, 3657, 3658, 3659, 3660, 3661, 3662, 3663, + 3664, 3665, 3666, 4199, 3667, 3668, 4055, 3669, 3670, 3671, + 3672, 3673, 3674, 3675, 3676, 3677, 3678, 3679, 3680, 3681, + 3682, 3683, 3684, 3685, 185, 3686, 3687, 3688, 3689, 4200, + 4056, 4201, 3690, 3691, 3692, 3693, 3694, 3695, 3696, 3697, + 0, 3699, 3700, 3701, 3702, 3703, 3704, 3705, 3706, 3707, + 3708, 4202, 4203, 3710, 3711, 3712, 3713, 3714, 3715, 3716, + 3717, 3718, 3719, 3720, 186, 187, 188, 0, 190, 191, + 192, 193, 194, 195, 196, 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, - 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 0, 219, 4204, 221, 4205, 4206, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 0, 4207, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, - 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 267, 268, 269, 270, 271, 272, 273, 4208, 4209, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, + 286, 287, 288, 289, 290, 291, 292, 293, 294, 4210, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 317, 318, 319, 320, 0, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 314, 315, 316, 4211, 318, 319, 320, 0, 321, 322, + 323, 0, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, + 352, 353, 354, 355, 4212, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, - 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 0, 392, 393, 394, 395, 396, 397, 398, 0, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 411, 412, 413, 414, 415, 416, 4213, 4214, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, + 431, 0, 4215, 4216, 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, + 470, 471, 472, 0, 4217, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 500, 501, 502, 503, 504, 505, 506, 0, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 0, 519, + 520, 521, 522, 523, 524, 0, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, + 567, 4219, 569, 570, 4220, 572, 573, 4221, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, - 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, - 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, - 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, + 0, 4223, 599, 600, 601, 602, 603, 604, 605, 606, + 607, 608, 0, 610, 611, 612, 613, 0, 614, 615, + 616, 4224, 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 863, 864, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 866, 1428, 0, + 0, 0, 0, 865, 0, 0, 0, 866, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 867, 0, 0, 0, 0, 0, + 0, 0, 0, 868, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, - 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 869, 0, 0, 0, 178, 0, + 0, 0, 0, 0, 0, 0, 0, 179, 870, 0, + 0, 0, 0, 871, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 872, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 873, 0, 0, 0, + 874, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 875, 0, + 0, 0, 876, 877, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 878, 0, 0, 0, 0, 0, 0, + 879, 880, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, - 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, + 881, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, + 882, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, - 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 0, 321, 322, 323, + 297, 298, 299, 883, 301, 302, 303, 304, 884, 306, + 0, 0, 307, 308, 309, 310, 311, 312, 313, 885, + 886, 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, @@ -12523,16 +12424,16 @@ 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 461, 462, 463, 464, 887, 466, 467, 468, 888, 470, + 471, 472, 473, 474, 889, 476, 477, 478, 479, 480, + 481, 482, 483, 484, 485, 890, 487, 488, 489, 490, + 491, 891, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, - 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 521, 522, 523, 892, 525, 526, 527, 893, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 548, 549, 550, 551, 552, 553, 554, 555, 894, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, @@ -12541,48 +12442,48 @@ 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1788, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1154, + 864, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 865, 0, 0, 0, 866, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1789, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, - 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 867, 0, 0, 0, 0, 0, 0, + 0, 0, 868, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 869, 0, 0, 0, 178, 0, 0, + 0, 0, 0, 0, 0, 0, 179, 870, 0, 0, + 0, 0, 871, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 872, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 873, 0, 0, 0, 874, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 875, 0, 0, + 0, 876, 877, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 878, 0, 0, 0, 0, 0, 0, 879, + 880, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, - 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, + 194, 195, 196, 197, 0, 0, 0, 198, 199, 1155, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, + 211, 212, 213, 214, 215, 216, 217, 218, 0, 881, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 0, 250, 251, 252, 253, 254, 255, 256, 257, 882, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, - 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, - 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 298, 299, 883, 301, 302, 303, 304, 884, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 885, 886, 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, @@ -12598,31 +12499,31 @@ 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 462, 463, 464, 887, 466, 467, 468, 1156, 470, 471, + 472, 473, 474, 889, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 890, 487, 488, 489, 490, 491, + 891, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 522, 523, 892, 525, 526, 527, 893, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 549, 550, 551, 552, 553, 554, 555, 894, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, - 174, 175, 0, 0, 1312, 0, 0, 1313, 1314, 0, - 0, 0, 1315, 0, 0, 0, 0, 0, 0, 0, + 174, 175, 0, 0, 0, 2223, 2224, 5345, 0, 5346, + 0, 5347, 708, 5348, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 5349, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, @@ -12692,11 +12593,11 @@ 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3096, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 3097, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 866, 1428, 0, 0, 176, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12767,11 +12668,11 @@ 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1773, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1788, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1774, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1789, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12838,15 +12739,15 @@ 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 0, 614, 615, 616, 617, 174, 175, 804, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, + 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, + 0, 1312, 0, 0, 1313, 1314, 0, 0, 0, 1315, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 5143, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 5144, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12917,11 +12818,11 @@ 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 5505, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3096, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 5506, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3097, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12992,11 +12893,11 @@ 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1773, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1428, 0, 0, 176, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1774, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13066,12 +12967,12 @@ 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1825, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 5144, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 5145, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13142,11 +13043,11 @@ 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 5506, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 866, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5507, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, @@ -13213,13 +13114,13 @@ 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, - 616, 617, 1571, 1572, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1428, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, @@ -13244,7 +13145,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 2422, 2423, 2424, 198, 199, + 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, @@ -13288,19 +13189,19 @@ 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, - 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1825, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3432, 3433, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, - 0, 0, 0, 0, 0, 0, 3434, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13318,7 +13219,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 186, 187, 188, 0, 190, 191, 192, 193, + 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, @@ -13330,9 +13231,9 @@ 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, - 298, 299, 300, 301, 302, 303, 304, 305, 306, 3435, - 3436, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 0, 321, 322, 323, 3437, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, @@ -13362,14 +13263,14 @@ 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 3438, 610, 611, 612, 613, 0, 614, 615, 616, 617, + 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1773, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 866, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, @@ -13437,8 +13338,8 @@ 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 610, 611, 612, 613, 0, 614, 615, 616, 617, 1571, + 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13450,14 +13351,14 @@ 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 179, 0, 0, 0, 5354, 0, - 0, 5355, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, - 0, 0, 0, 5356, 0, 0, 0, 0, 0, 184, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13469,7 +13370,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, - 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, + 196, 197, 2422, 2423, 2424, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, @@ -13518,14 +13419,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3432, 3433, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, - 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 3434, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, @@ -13536,14 +13437,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 674, 0, - 0, 0, 0, 0, 0, 0, 0, 675, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, - 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, + 187, 188, 0, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, @@ -13555,9 +13456,9 @@ 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, + 301, 302, 303, 304, 305, 306, 3435, 3436, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, + 319, 320, 0, 321, 322, 323, 3437, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, @@ -13586,12 +13487,12 @@ 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 602, 603, 604, 605, 606, 607, 608, 3438, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1773, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, @@ -13673,16 +13574,16 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1543, 0, 0, 0, 0, - 0, 0, 178, 1544, 0, 0, 0, 0, 0, 0, - 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 179, 0, 0, 0, 5355, 0, 0, 5356, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, + 5357, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13717,7 +13618,7 @@ 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 1545, 421, 422, 423, 424, 425, 426, 427, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, @@ -13738,9 +13639,9 @@ 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4385, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13761,8 +13662,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 674, 0, 0, 0, 0, + 0, 0, 0, 0, 675, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13812,8 +13713,8 @@ 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, - 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 614, 615, 616, 617, 174, 175, 804, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13837,7 +13738,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 675, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13898,8 +13799,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1466, 0, 0, 0, 0, 0, 0, 178, - 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, + 0, 0, 1543, 0, 0, 0, 0, 0, 0, 178, + 1544, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13941,7 +13842,7 @@ 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 1545, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, @@ -13962,10 +13863,10 @@ 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, - 616, 617, 1571, 1572, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1573, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4385, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14037,7 +13938,7 @@ 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, - 617, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, + 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14045,7 +13946,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1783, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, @@ -14062,7 +13963,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 675, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14112,7 +14013,7 @@ 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, - 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, + 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14120,9 +14021,9 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2490, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1466, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14182,16 +14083,16 @@ 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 2491, 576, 577, 578, 579, + 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, - 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 610, 611, 612, 613, 0, 614, 615, 616, 617, 1571, + 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1573, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2503, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14261,7 +14162,7 @@ 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, + 611, 612, 613, 0, 614, 615, 616, 617, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14269,7 +14170,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3167, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1783, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14407,7 +14308,7 @@ 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 573, 574, 2491, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, @@ -14416,7 +14317,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2503, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14432,7 +14333,7 @@ 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, - 0, 0, 0, 4438, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14487,14 +14388,14 @@ 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3167, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14561,15 +14462,15 @@ 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, - 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, + 614, 615, 616, 617, 1571, 1572, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4869, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2490, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14644,7 +14545,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 5446, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, @@ -14657,7 +14558,7 @@ 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 4438, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14712,14 +14613,14 @@ 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 5456, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, @@ -14788,7 +14689,7 @@ 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4870, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14806,7 +14707,7 @@ 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 184, 0, 0, 0, 0, 0, 0, 5888, 0, + 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14869,7 +14770,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 5447, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, @@ -14943,7 +14844,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 5457, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14982,7 +14883,7 @@ 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 715, 343, 344, 345, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, @@ -15031,7 +14932,7 @@ 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 5889, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15047,7 +14948,7 @@ 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, - 243, 244, 245, 246, 247, 248, 249, 0, 250, 794, + 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, @@ -15085,7 +14986,7 @@ 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 0, 614, 615, 616, 617, 1571, 1572, 0, + 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15207,7 +15108,7 @@ 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 339, 340, 341, 715, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, @@ -15224,7 +15125,7 @@ 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, - 507, 508, 509, 510, 1935, 512, 513, 514, 515, 516, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, @@ -15265,14 +15166,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 2508, 187, 188, 189, + 0, 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 0, 250, 251, 252, 253, 254, + 246, 247, 248, 249, 0, 250, 794, 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, 283, @@ -15310,19 +15211,19 @@ 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, - 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 708, 0, 0, 0, + 614, 615, 616, 617, 1571, 1572, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3075, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 0, 0, 0, 3076, + 178, 0, 0, 0, 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15340,7 +15241,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 3077, 190, + 0, 0, 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, @@ -15355,18 +15256,18 @@ 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, 0, 321, - 322, 323, 3078, 325, 326, 327, 328, 0, 330, 331, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 0, 367, 368, 369, 370, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 3079, 436, 437, 438, + 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, @@ -15375,7 +15276,7 @@ 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 0, 520, 521, 522, 523, 524, 525, 526, 527, 528, + 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, @@ -15384,7 +15285,7 @@ 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 3080, 610, 611, 612, 613, 0, 614, + 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15429,7 +15330,7 @@ 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 3191, 317, 318, 319, 320, 0, 321, 322, + 314, 315, 316, 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, @@ -15439,7 +15340,7 @@ 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 3192, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, @@ -15449,7 +15350,7 @@ 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 510, 1935, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, @@ -15477,7 +15378,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, - 0, 0, 181, 0, 0, 0, 0, 0, 0, 5845, + 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, @@ -15490,7 +15391,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 186, 187, 188, 189, 190, 191, 192, + 0, 0, 0, 2508, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, @@ -15536,18 +15437,18 @@ 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3075, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, - 0, 0, 0, 0, 0, 0, 2842, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3076, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15565,7 +15466,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 186, 187, 188, 2843, 190, 191, 192, 193, + 0, 0, 186, 187, 188, 3077, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, @@ -15579,19 +15480,19 @@ 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 317, 318, 319, 320, 0, 321, 322, 323, 2844, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 316, 317, 318, 319, 320, 0, 321, 322, 323, 3078, + 325, 326, 327, 328, 0, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 364, 365, 0, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 0, 436, 437, 438, 439, 440, 441, + 433, 434, 435, 3079, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, @@ -15599,7 +15500,7 @@ 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 512, 513, 514, 515, 516, 517, 518, 0, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, @@ -15609,9 +15510,9 @@ 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 0, 610, 611, 612, 613, 0, 614, 615, 616, 617, + 3080, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 708, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15622,7 +15523,7 @@ 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 3076, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15640,7 +15541,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 3077, 190, 191, 192, 193, 194, + 0, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, @@ -15653,20 +15554,20 @@ 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 318, 319, 320, 0, 321, 322, 323, 3078, 325, - 326, 327, 328, 0, 330, 331, 332, 333, 334, 0, + 307, 308, 309, 310, 311, 312, 313, 314, 315, 3191, + 317, 318, 319, 320, 0, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 0, 367, 368, 369, 370, 371, 372, 373, 374, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 414, 415, 416, 417, 418, 419, 3192, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 3079, 436, 437, 438, 439, 440, 441, 442, + 434, 435, 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, @@ -15674,7 +15575,7 @@ 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 0, 520, 521, 522, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, @@ -15683,7 +15584,7 @@ 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 3080, + 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15697,12 +15598,12 @@ 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, - 0, 0, 0, 0, 3434, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 179, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, - 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5846, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15715,7 +15616,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 186, 187, 188, 0, 190, 191, 192, 193, 194, 195, + 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 0, 219, 220, 221, @@ -15729,7 +15630,7 @@ 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, - 318, 319, 320, 0, 321, 322, 323, 3437, 325, 326, + 318, 319, 320, 0, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, @@ -15758,2756 +15659,2906 @@ 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 3438, 610, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, - 0, 0, 0, 0, 0, 0, 914, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, -3694, -3694, -3694, 177, 0, 0, 0, 0, - 0, 0, 915, 0, 0, 0, 14, 0, 0, 916, + 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, - 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 918, 0, 0, 0, - 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 21, 0, 180, + 0, 0, 0, 2842, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 40, 0, 0, 0, 0, 186, - 187, 188, 922, 190, 191, 0, 193, 194, 195, 196, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 186, + 187, 188, 2843, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 0, 209, 210, 211, 212, 213, - 214, 215, 216, 0, 923, 0, 0, 220, 221, 222, - 223, 224, 0, 0, 227, 228, 229, 230, 231, 0, - 0, 0, 235, 236, 237, 238, 239, 924, 241, 242, - 243, 244, 0, 0, 0, 0, 0, 0, 250, 0, - 252, 0, 254, 255, 0, 257, 258, 259, 260, 261, - 262, 0, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 0, 278, 0, 279, 280, - 281, 282, 283, 284, 285, 0, 287, 288, 289, 290, - -3694, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 0, 0, 0, 306, 0, 925, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 0, - 0, 0, 0, 0, 322, 323, 926, 325, 326, 327, - 0, 329, 330, 0, 332, 333, 0, 0, 335, 0, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, + 214, 215, 216, 217, 218, 0, 219, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 0, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, + 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, + 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 0, 321, 322, 323, 2844, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 0, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 0, 359, 360, 361, 362, 363, 364, 365, 366, + 347, 348, 349, 350, 351, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 0, 428, 429, 430, 431, 432, 433, 434, 435, - 0, 436, 437, 438, 439, 927, 0, 0, 443, 0, - 445, 446, 0, 448, 449, 450, 451, 0, 453, 454, - 455, 456, 0, 0, 0, 0, 461, 462, 463, 464, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 0, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 0, 488, 0, 490, 491, 492, 0, 494, - 495, 0, 497, 498, 499, 500, 501, 502, 0, 504, - 505, 506, 507, 508, 509, 510, 0, 512, 513, 514, - 0, 516, 517, 518, 519, 520, 0, 522, 523, 0, - 0, 526, 527, 0, 0, 530, 531, 532, 0, 534, - 0, 536, 537, 0, 0, 538, 539, 0, 540, 541, - 542, 543, 0, 545, 546, 0, 548, 0, 550, 551, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 0, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 0, 581, - 582, 0, 584, 585, 586, 587, 174, 175, 590, 591, - 0, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 0, 0, 611, - 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 0, 610, 611, + 612, 613, 0, 614, 615, 616, 617, 174, 175, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 708, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 0, + 0, 0, 3076, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 186, 187, + 188, 3077, 190, 191, 192, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 0, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 0, 250, 251, 252, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 303, 304, 305, 306, 0, 0, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 0, 321, 322, 323, 3078, 325, 326, 327, 328, + 0, 330, 331, 332, 333, 334, 0, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 0, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 3079, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 0, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 3080, 610, 611, 612, + 613, 0, 614, 615, 616, 617, 174, 175, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, - 0, 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, -3695, 0, 177, 0, 0, 0, 0, 0, 0, - 915, 0, 0, 0, 14, 0, 0, 916, 0, 0, - 0, 0, 178, 0, 0, 0, 0, 0, 16, 0, - 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 918, 0, 0, 0, 0, 0, - 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 21, 0, 180, 0, 0, + 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 178, 0, 0, 0, 0, 0, 0, 0, + 0, 3434, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, - 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - -3695, 0, 40, 0, 0, 0, 0, 186, 187, 188, - 922, 190, 191, 0, 193, 194, 195, 196, 197, 0, + 0, 0, 0, 0, 0, 0, 0, 186, 187, 188, + 0, 190, 191, 192, 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 0, 209, 210, 211, 212, 213, 214, 215, - 216, 0, 923, 0, 0, 220, 221, 222, 223, 224, - 0, 0, 227, 228, 229, 230, 231, 0, 0, 0, - 235, 236, 237, 238, 239, 924, 241, 242, 243, 244, - 0, 0, 0, 0, 0, 0, 250, 0, 252, 0, - 254, 255, 0, 257, 258, 259, 260, 261, 262, 0, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 0, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 0, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 0, 278, 0, 279, 280, 281, 282, - 283, 284, 285, 0, 287, 288, 289, 290, -3695, 292, + 274, 275, 276, 277, 278, 0, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, - 0, 0, 0, 306, 0, 925, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 317, 0, 0, 0, - 0, 0, 322, 323, 926, 325, 326, 327, 0, 329, - 330, 0, 332, 333, 0, 0, 335, 0, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 0, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 0, + 303, 304, 305, 306, 0, 0, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 0, 321, 322, 323, 3437, 325, 326, 327, 328, 329, + 330, 331, 332, 333, 334, 0, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, + 349, 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 0, + 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, - 437, 438, 439, 927, 0, 0, 443, 0, 445, 446, - 0, 448, 449, 450, 451, 0, 453, 454, 455, 456, - 0, 0, 0, 0, 461, 462, 463, 464, 465, 466, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, - 0, 488, 0, 490, 491, 492, 0, 494, 495, 0, - 497, 498, 499, 500, 501, 502, 0, 504, 505, 506, - 507, 508, 509, 510, 0, 512, 513, 514, 0, 516, - 517, 518, 519, 520, 0, 522, 523, 0, 0, 526, - 527, 0, 0, 530, 531, 532, 0, 534, 0, 536, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, - 0, 545, 546, 0, 548, 0, 550, 551, 552, 553, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 0, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 0, 581, 582, 0, - 584, 585, 586, 587, 174, 175, 590, 591, 0, 593, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 0, 0, 611, 612, 0, - 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, + 604, 605, 606, 607, 608, 3438, 610, 611, 612, 613, + 0, 614, 615, 616, 617, 174, 175, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, - 0, 0, 914, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 915, 0, - 0, 0, 14, 0, 0, 916, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 16, 0, 0, 917, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 918, 0, 0, 0, 0, 0, 0, 0, - 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 21, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, - 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, + 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, -3694, + -3694, -3694, 177, 0, 0, 0, 0, 0, 0, 915, + 0, 0, 0, 14, 0, 0, 916, 0, 0, 0, + 0, 178, 0, 0, 0, 0, 0, 16, 0, 0, + 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 918, 0, 0, 0, 0, 0, 0, + 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 21, 0, 180, 0, 0, 0, + 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, + 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 40, 0, 0, 0, 0, 186, 187, 188, 922, 190, - 191, 0, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 0, 209, 210, 211, 212, 213, 214, 215, 216, 0, - 923, 0, 0, 220, 221, 222, 223, 224, 0, 0, - 227, 228, 229, 230, 231, 0, 0, 0, 235, 236, - 237, 238, 239, 924, 241, 242, 243, 244, 0, 0, - 0, 0, 0, 0, 250, 0, 252, 0, 254, 255, - 0, 257, 258, 259, 260, 261, 262, 0, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 0, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 0, 287, 288, 289, 290, 1555, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 0, 0, - 0, 306, 0, 925, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 0, 0, 0, 0, 0, - 322, 323, 926, 325, 326, 327, 0, 329, 330, 0, - 332, 333, 0, 0, 335, 0, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 0, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 0, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 0, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 927, 0, 0, 443, 0, 445, 446, 0, 448, - 449, 450, 451, 0, 453, 454, 455, 456, 0, 0, - 0, 0, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 0, 488, - 0, 490, 491, 492, 0, 494, 495, 0, 497, 498, - 499, 500, 501, 502, 0, 504, 505, 506, 507, 508, - 509, 510, 0, 512, 513, 514, 0, 516, 517, 518, - 519, 520, 0, 522, 523, 0, 0, 526, 527, 0, - 0, 530, 531, 532, 0, 534, 0, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 0, 545, - 546, 0, 548, 0, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 0, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 0, 581, 582, 0, 584, 585, - 586, 587, 174, 175, 590, 591, 0, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 0, 0, 611, 612, 0, 0, 614, - 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, - 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, - 0, 0, 0, 0, 0, 0, 915, 0, 0, 0, - 14, 0, 0, 916, 0, 0, 0, 0, 178, 0, - 0, 0, 0, 0, 16, 0, 0, 917, 0, 0, + 0, 40, 0, 0, 0, 0, 186, 187, 188, 922, + 190, 191, 0, 193, 194, 195, 196, 197, 0, 0, + 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 207, 0, 209, 210, 211, 212, 213, 214, 215, 216, + 0, 923, 0, 0, 220, 221, 222, 223, 224, 0, + 0, 227, 228, 229, 230, 231, 0, 0, 0, 235, + 236, 237, 238, 239, 924, 241, 242, 243, 244, 0, + 0, 0, 0, 0, 0, 250, 0, 252, 0, 254, + 255, 0, 257, 258, 259, 260, 261, 262, 0, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 0, 278, 0, 279, 280, 281, 282, 283, + 284, 285, 0, 287, 288, 289, 290, -3694, 292, 293, + 294, 295, 296, 297, 298, 299, 300, 301, 302, 0, + 0, 0, 306, 0, 925, 307, 308, 309, 310, 311, + 312, 313, 314, 315, 316, 317, 0, 0, 0, 0, + 0, 322, 323, 926, 325, 326, 327, 0, 329, 330, + 0, 332, 333, 0, 0, 335, 0, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 0, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 0, 359, + 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, + 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 0, 428, + 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, + 438, 439, 927, 0, 0, 443, 0, 445, 446, 0, + 448, 449, 450, 451, 0, 453, 454, 455, 456, 0, + 0, 0, 0, 461, 462, 463, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + 478, 479, 480, 481, 482, 483, 484, 485, 486, 0, + 488, 0, 490, 491, 492, 0, 494, 495, 0, 497, + 498, 499, 500, 501, 502, 0, 504, 505, 506, 507, + 508, 509, 510, 0, 512, 513, 514, 0, 516, 517, + 518, 519, 520, 0, 522, 523, 0, 0, 526, 527, + 0, 0, 530, 531, 532, 0, 534, 0, 536, 537, + 0, 0, 538, 539, 0, 540, 541, 542, 543, 0, + 545, 546, 0, 548, 0, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 0, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 0, 581, 582, 0, 584, + 585, 586, 587, 174, 175, 590, 591, 0, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 0, 0, 611, 612, 0, 0, + 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 918, 0, 0, 0, 0, 0, 0, 0, 919, 0, + 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, + 0, 914, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 21, 0, 180, 0, 0, 0, 0, 0, 0, - 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, + 0, 0, 0, 0, 0, 0, 0, 0, -3695, 0, + 177, 0, 0, 0, 0, 0, 0, 915, 0, 0, + 0, 14, 0, 0, 916, 0, 0, 0, 0, 178, + 0, 0, 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, + 0, 918, 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, - 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 21, 0, 180, 0, 0, 0, 0, 0, + 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, + 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, + 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, - 0, 0, 0, 186, 187, 188, 922, 190, 191, 0, - 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 0, 209, - 210, 211, 212, 213, 214, 215, 216, 0, 923, 0, - 0, 220, 221, 222, 223, 224, 0, 0, 227, 228, - 229, 230, 231, 0, 0, 0, 235, 236, 237, 238, - 239, 924, 241, 242, 243, 244, 0, 0, 0, 0, - 0, 0, 250, 0, 252, 0, 254, 255, 0, 257, - 258, 259, 260, 261, 262, 0, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 0, - 278, 0, 279, 280, 281, 282, 283, 284, 285, 0, - 287, 288, 289, 290, 3404, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 0, 0, 0, 306, - 0, 925, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 0, 0, 0, 0, 0, 322, 323, - 926, 325, 326, 327, 0, 329, 330, 0, 332, 333, - 0, 0, 335, 0, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 0, 349, 350, 351, 352, - 353, 354, 355, 356, 357, 0, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 0, 428, 429, 430, 431, - 432, 433, 434, 435, 0, 436, 437, 438, 439, 927, - 0, 0, 443, 0, 445, 446, 0, 448, 449, 450, - 451, 0, 453, 454, 455, 456, 0, 0, 0, 0, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 0, 488, 0, 490, - 491, 492, 0, 494, 495, 0, 497, 498, 499, 500, - 501, 502, 0, 504, 505, 506, 507, 508, 509, 510, - 0, 512, 513, 514, 0, 516, 517, 518, 519, 520, - 0, 522, 523, 0, 0, 526, 527, 0, 0, 530, - 531, 532, 0, 534, 0, 536, 537, 0, 0, 538, - 539, 0, 540, 541, 542, 543, 0, 545, 546, 0, - 548, 0, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 0, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 0, 581, 582, 0, 584, 585, 586, 587, - 174, 175, 590, 591, 0, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 0, 0, 611, 612, 0, 0, 614, 0, 616, - 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, - 0, 0, 0, 0, 0, 0, 0, 0, 914, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, -3695, 0, 40, + 0, 0, 0, 0, 186, 187, 188, 922, 190, 191, + 0, 193, 194, 195, 196, 197, 0, 0, 0, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 0, + 209, 210, 211, 212, 213, 214, 215, 216, 0, 923, + 0, 0, 220, 221, 222, 223, 224, 0, 0, 227, + 228, 229, 230, 231, 0, 0, 0, 235, 236, 237, + 238, 239, 924, 241, 242, 243, 244, 0, 0, 0, + 0, 0, 0, 250, 0, 252, 0, 254, 255, 0, + 257, 258, 259, 260, 261, 262, 0, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 0, 278, 0, 279, 280, 281, 282, 283, 284, 285, + 0, 287, 288, 289, 290, -3695, 292, 293, 294, 295, + 296, 297, 298, 299, 300, 301, 302, 0, 0, 0, + 306, 0, 925, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 317, 0, 0, 0, 0, 0, 322, + 323, 926, 325, 326, 327, 0, 329, 330, 0, 332, + 333, 0, 0, 335, 0, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 0, 349, 350, 351, + 352, 353, 354, 355, 356, 357, 0, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, + 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 424, 425, 426, 0, 428, 429, 430, + 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, + 927, 0, 0, 443, 0, 445, 446, 0, 448, 449, + 450, 451, 0, 453, 454, 455, 456, 0, 0, 0, + 0, 461, 462, 463, 464, 465, 466, 467, 468, 469, + 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, + 480, 481, 482, 483, 484, 485, 486, 0, 488, 0, + 490, 491, 492, 0, 494, 495, 0, 497, 498, 499, + 500, 501, 502, 0, 504, 505, 506, 507, 508, 509, + 510, 0, 512, 513, 514, 0, 516, 517, 518, 519, + 520, 0, 522, 523, 0, 0, 526, 527, 0, 0, + 530, 531, 532, 0, 534, 0, 536, 537, 0, 0, + 538, 539, 0, 540, 541, 542, 543, 0, 545, 546, + 0, 548, 0, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 0, 571, 572, 573, 574, 575, 576, + 577, 578, 579, 0, 581, 582, 0, 584, 585, 586, + 587, 174, 175, 590, 591, 0, 593, 594, 595, 596, + 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, + 607, 608, 0, 0, 611, 612, 0, 0, 614, 0, + 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, - 0, 0, 0, 0, 915, 0, 0, 0, 14, 0, - 0, 916, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 918, 0, - 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 21, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 6, 0, 0, 0, 0, 0, 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 29, 0, 0, 0, 0, 920, 921, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 0, 0, 0, 915, 0, 0, 0, 14, + 0, 0, 916, 0, 0, 0, 0, 178, 0, 0, + 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 918, + 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 21, 0, 180, 0, 0, 0, 0, 0, 0, 0, + 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 920, + 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, - 0, 186, 187, 188, 922, 190, 191, 0, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 0, 209, 210, 211, - 212, 213, 214, 215, 216, 0, 923, 0, 0, 220, - 221, 222, 223, 224, 0, 0, 227, 228, 229, 230, - 231, 0, 0, 0, 235, 236, 237, 238, 239, 924, - 241, 242, 243, 244, 0, 0, 0, 0, 0, 0, - 250, 0, 252, 0, 254, 255, 0, 257, 258, 259, - 260, 261, 262, 0, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 0, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 0, 287, 288, - 289, 290, 3458, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 0, 0, 0, 306, 0, 925, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 0, 0, 0, 0, 0, 322, 323, 926, 325, - 326, 327, 0, 329, 330, 0, 332, 333, 0, 0, - 335, 0, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 0, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 0, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 0, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 927, 0, 0, - 443, 0, 445, 446, 0, 448, 449, 450, 451, 0, - 453, 454, 455, 456, 0, 0, 0, 0, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 0, 488, 0, 490, 491, 492, - 0, 494, 495, 0, 497, 498, 499, 500, 501, 502, - 0, 504, 505, 506, 507, 508, 509, 510, 0, 512, - 513, 514, 0, 516, 517, 518, 519, 520, 0, 522, - 523, 0, 0, 526, 527, 0, 0, 530, 531, 532, - 0, 534, 0, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 0, 545, 546, 0, 548, 0, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 0, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 0, 581, 582, 0, 584, 585, 586, 587, 174, 175, - 590, 591, 0, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 0, - 0, 611, 612, 0, 0, 614, 0, 616, 617, 0, + 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, - 0, 0, 0, 0, 0, 0, 914, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, + 0, 0, 186, 187, 188, 922, 190, 191, 0, 193, + 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 0, 209, 210, + 211, 212, 213, 214, 215, 216, 0, 923, 0, 0, + 220, 221, 222, 223, 224, 0, 0, 227, 228, 229, + 230, 231, 0, 0, 0, 235, 236, 237, 238, 239, + 924, 241, 242, 243, 244, 0, 0, 0, 0, 0, + 0, 250, 0, 252, 0, 254, 255, 0, 257, 258, + 259, 260, 261, 262, 0, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 0, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 0, 287, + 288, 289, 290, 1555, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 0, 0, 0, 306, 0, + 925, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 0, 0, 0, 0, 0, 322, 323, 926, + 325, 326, 327, 0, 329, 330, 0, 332, 333, 0, + 0, 335, 0, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 0, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 0, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 0, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 927, 0, + 0, 443, 0, 445, 446, 0, 448, 449, 450, 451, + 0, 453, 454, 455, 456, 0, 0, 0, 0, 461, + 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 0, 488, 0, 490, 491, + 492, 0, 494, 495, 0, 497, 498, 499, 500, 501, + 502, 0, 504, 505, 506, 507, 508, 509, 510, 0, + 512, 513, 514, 0, 516, 517, 518, 519, 520, 0, + 522, 523, 0, 0, 526, 527, 0, 0, 530, 531, + 532, 0, 534, 0, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 0, 545, 546, 0, 548, + 0, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 0, 571, 572, 573, 574, 575, 576, 577, 578, + 579, 0, 581, 582, 0, 584, 585, 586, 587, 174, + 175, 590, 591, 0, 593, 594, 595, 596, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, + 0, 0, 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, - 0, 0, 915, 0, 0, 0, 14, 0, 0, 916, - 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, - 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 918, 0, 0, 0, - 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 21, 0, 180, - 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, - 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, + 0, 0, 0, 0, 0, 0, 0, 914, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, + 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, + 0, 0, 0, 915, 0, 0, 0, 14, 0, 0, + 916, 0, 0, 0, 0, 178, 0, 0, 0, 0, + 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 918, 0, 0, + 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 21, 0, + 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, + 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, + 0, 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 40, 0, 0, 0, 0, 186, - 187, 188, 922, 190, 191, 0, 193, 194, 195, 196, - 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 0, 209, 210, 211, 212, 213, - 214, 215, 216, 0, 923, 0, 0, 220, 221, 222, - 223, 224, 0, 0, 227, 228, 229, 230, 231, 0, - 0, 0, 235, 236, 237, 238, 239, 924, 241, 242, - 243, 244, 0, 0, 0, 0, 0, 0, 250, 0, - 252, 0, 254, 255, 0, 257, 258, 259, 260, 261, - 262, 0, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 0, 278, 0, 279, 280, - 281, 282, 283, 284, 285, 0, 287, 288, 289, 290, - 3925, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 0, 0, 0, 306, 0, 925, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 0, - 0, 0, 0, 0, 322, 323, 926, 325, 326, 327, - 0, 329, 330, 0, 332, 333, 0, 0, 335, 0, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 0, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 0, 359, 360, 361, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 0, 428, 429, 430, 431, 432, 433, 434, 435, - 0, 436, 437, 438, 439, 927, 0, 0, 443, 0, - 445, 446, 0, 448, 449, 450, 451, 0, 453, 454, - 455, 456, 0, 0, 0, 0, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 0, 488, 0, 490, 491, 492, 0, 494, - 495, 0, 497, 498, 499, 500, 501, 502, 0, 504, - 505, 506, 507, 508, 509, 510, 0, 512, 513, 514, - 0, 516, 517, 518, 519, 520, 0, 522, 523, 0, - 0, 526, 527, 0, 0, 530, 531, 532, 0, 534, - 0, 536, 537, 0, 0, 538, 539, 0, 540, 541, - 542, 543, 0, 545, 546, 0, 548, 0, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 0, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 0, 581, - 582, 0, 584, 585, 586, 587, 174, 175, 590, 591, - 0, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 0, 0, 611, - 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, + 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, - 0, 0, 0, 0, 914, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 40, 0, 0, 0, 0, + 186, 187, 188, 922, 190, 191, 0, 193, 194, 195, + 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 0, 209, 210, 211, 212, + 213, 214, 215, 216, 0, 923, 0, 0, 220, 221, + 222, 223, 224, 0, 0, 227, 228, 229, 230, 231, + 0, 0, 0, 235, 236, 237, 238, 239, 924, 241, + 242, 243, 244, 0, 0, 0, 0, 0, 0, 250, + 0, 252, 0, 254, 255, 0, 257, 258, 259, 260, + 261, 262, 0, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 0, 278, 0, 279, + 280, 281, 282, 283, 284, 285, 0, 287, 288, 289, + 290, 3404, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 0, 0, 0, 306, 0, 925, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 0, 0, 0, 0, 0, 322, 323, 926, 325, 326, + 327, 0, 329, 330, 0, 332, 333, 0, 0, 335, + 0, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 0, 349, 350, 351, 352, 353, 354, 355, + 356, 357, 0, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 0, 428, 429, 430, 431, 432, 433, 434, + 435, 0, 436, 437, 438, 439, 927, 0, 0, 443, + 0, 445, 446, 0, 448, 449, 450, 451, 0, 453, + 454, 455, 456, 0, 0, 0, 0, 461, 462, 463, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 484, 485, 486, 0, 488, 0, 490, 491, 492, 0, + 494, 495, 0, 497, 498, 499, 500, 501, 502, 0, + 504, 505, 506, 507, 508, 509, 510, 0, 512, 513, + 514, 0, 516, 517, 518, 519, 520, 0, 522, 523, + 0, 0, 526, 527, 0, 0, 530, 531, 532, 0, + 534, 0, 536, 537, 0, 0, 538, 539, 0, 540, + 541, 542, 543, 0, 545, 546, 0, 548, 0, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 0, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 0, + 581, 582, 0, 584, 585, 586, 587, 174, 175, 590, + 591, 0, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 0, 0, + 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, - 915, 0, 0, 0, 14, 0, 0, 916, 0, 0, - 0, 0, 178, 0, 0, 0, 0, 0, 16, 0, - 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 918, 0, 0, 0, 0, 0, - 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 21, 0, 180, 0, 0, - 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, - 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, + 0, 0, 0, 0, 0, 914, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, - 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, + 0, 915, 0, 0, 0, 14, 0, 0, 916, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 16, + 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 918, 0, 0, 0, 0, + 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 21, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 29, 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 40, 0, 0, 0, 0, 186, 187, 188, - 922, 190, 191, 0, 193, 194, 195, 196, 197, 0, - 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 0, 209, 210, 211, 212, 213, 214, 215, - 216, 0, 923, 0, 0, 220, 221, 222, 223, 224, - 0, 0, 227, 228, 229, 230, 231, 0, 0, 0, - 235, 236, 237, 238, 239, 924, 241, 242, 243, 244, - 0, 0, 0, 0, 0, 0, 250, 0, 252, 0, - 254, 255, 0, 257, 258, 259, 260, 261, 262, 0, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 0, 278, 0, 279, 280, 281, 282, - 283, 284, 285, 0, 287, 288, 289, 290, 3931, 292, - 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, - 0, 0, 0, 306, 0, 925, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 317, 0, 0, 0, - 0, 0, 322, 323, 926, 325, 326, 327, 0, 329, - 330, 0, 332, 333, 0, 0, 335, 0, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 0, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 0, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 0, - 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, - 437, 438, 439, 927, 0, 0, 443, 0, 445, 446, - 0, 448, 449, 450, 451, 0, 453, 454, 455, 456, - 0, 0, 0, 0, 461, 462, 463, 464, 465, 466, - 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, - 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, - 0, 488, 0, 490, 491, 492, 0, 494, 495, 0, - 497, 498, 499, 500, 501, 502, 0, 504, 505, 506, - 507, 508, 509, 510, 0, 512, 513, 514, 0, 516, - 517, 518, 519, 520, 0, 522, 523, 0, 0, 526, - 527, 0, 0, 530, 531, 532, 0, 534, 0, 536, - 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, - 0, 545, 546, 0, 548, 0, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 0, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 0, 581, 582, 0, - 584, 585, 586, 587, 174, 175, 590, 591, 0, 593, - 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 0, 0, 611, 612, 0, - 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, - 0, 0, 914, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 915, 0, - 0, 0, 14, 0, 0, 916, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 16, 0, 0, 917, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 918, 0, 0, 0, 0, 0, 0, 0, - 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 21, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, + 0, 0, 0, 40, 0, 0, 0, 0, 186, 187, + 188, 922, 190, 191, 0, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 0, 209, 210, 211, 212, 213, 214, + 215, 216, 0, 923, 0, 0, 220, 221, 222, 223, + 224, 0, 0, 227, 228, 229, 230, 231, 0, 0, + 0, 235, 236, 237, 238, 239, 924, 241, 242, 243, + 244, 0, 0, 0, 0, 0, 0, 250, 0, 252, + 0, 254, 255, 0, 257, 258, 259, 260, 261, 262, + 0, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 0, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 0, 287, 288, 289, 290, 3458, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 0, 0, 0, 306, 0, 925, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 0, 0, + 0, 0, 0, 322, 323, 926, 325, 326, 327, 0, + 329, 330, 0, 332, 333, 0, 0, 335, 0, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 0, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 0, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 0, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 927, 0, 0, 443, 0, 445, + 446, 0, 448, 449, 450, 451, 0, 453, 454, 455, + 456, 0, 0, 0, 0, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 0, 488, 0, 490, 491, 492, 0, 494, 495, + 0, 497, 498, 499, 500, 501, 502, 0, 504, 505, + 506, 507, 508, 509, 510, 0, 512, 513, 514, 0, + 516, 517, 518, 519, 520, 0, 522, 523, 0, 0, + 526, 527, 0, 0, 530, 531, 532, 0, 534, 0, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 0, 545, 546, 0, 548, 0, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 0, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 0, 581, 582, + 0, 584, 585, 586, 587, 174, 175, 590, 591, 0, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 0, 0, 611, 612, + 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, - 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, + 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, + 0, 0, 177, 0, 0, 0, 0, 0, 0, 915, + 0, 0, 0, 14, 0, 0, 916, 0, 0, 0, + 0, 178, 0, 0, 0, 0, 0, 16, 0, 0, + 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 918, 0, 0, 0, 0, 0, 0, + 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 21, 0, 180, 0, 0, 0, + 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, + 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 40, 0, 0, 0, 0, 186, 187, 188, 922, 190, - 191, 0, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 0, 209, 210, 211, 212, 213, 214, 215, 216, 0, - 923, 0, 0, 220, 221, 222, 223, 224, 0, 0, - 227, 228, 229, 230, 231, 0, 0, 0, 235, 236, - 237, 238, 239, 924, 241, 242, 243, 244, 0, 0, - 0, 0, 0, 0, 250, 0, 252, 0, 254, 255, - 0, 257, 258, 259, 260, 261, 262, 0, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 0, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 0, 287, 288, 289, 290, 4247, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 0, 0, - 0, 306, 0, 925, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 0, 0, 0, 0, 0, - 322, 323, 926, 325, 326, 327, 0, 329, 330, 0, - 332, 333, 0, 0, 335, 0, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 0, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 0, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 0, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 927, 0, 0, 443, 0, 445, 446, 0, 448, - 449, 450, 451, 0, 453, 454, 455, 456, 0, 0, - 0, 0, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 0, 488, - 0, 490, 491, 492, 0, 494, 495, 0, 497, 498, - 499, 500, 501, 502, 0, 504, 505, 506, 507, 508, - 509, 510, 0, 512, 513, 514, 0, 516, 517, 518, - 519, 520, 0, 522, 523, 0, 0, 526, 527, 0, - 0, 530, 531, 532, 0, 534, 0, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 0, 545, - 546, 0, 548, 0, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 0, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 0, 581, 582, 0, 584, 585, - 586, 587, 174, 175, 590, 591, 0, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 0, 0, 611, 612, 0, 0, 614, - 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, - 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, - 0, 0, 0, 0, 0, 0, 915, 0, 0, 0, - 14, 0, 0, 916, 0, 0, 0, 0, 178, 0, - 0, 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 918, 0, 0, 0, 0, 0, 0, 0, 919, 0, + 0, 40, 0, 0, 0, 0, 186, 187, 188, 922, + 190, 191, 0, 193, 194, 195, 196, 197, 0, 0, + 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 207, 0, 209, 210, 211, 212, 213, 214, 215, 216, + 0, 923, 0, 0, 220, 221, 222, 223, 224, 0, + 0, 227, 228, 229, 230, 231, 0, 0, 0, 235, + 236, 237, 238, 239, 924, 241, 242, 243, 244, 0, + 0, 0, 0, 0, 0, 250, 0, 252, 0, 254, + 255, 0, 257, 258, 259, 260, 261, 262, 0, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 0, 278, 0, 279, 280, 281, 282, 283, + 284, 285, 0, 287, 288, 289, 290, 3925, 292, 293, + 294, 295, 296, 297, 298, 299, 300, 301, 302, 0, + 0, 0, 306, 0, 925, 307, 308, 309, 310, 311, + 312, 313, 314, 315, 316, 317, 0, 0, 0, 0, + 0, 322, 323, 926, 325, 326, 327, 0, 329, 330, + 0, 332, 333, 0, 0, 335, 0, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 0, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 0, 359, + 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, + 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 0, 428, + 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, + 438, 439, 927, 0, 0, 443, 0, 445, 446, 0, + 448, 449, 450, 451, 0, 453, 454, 455, 456, 0, + 0, 0, 0, 461, 462, 463, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + 478, 479, 480, 481, 482, 483, 484, 485, 486, 0, + 488, 0, 490, 491, 492, 0, 494, 495, 0, 497, + 498, 499, 500, 501, 502, 0, 504, 505, 506, 507, + 508, 509, 510, 0, 512, 513, 514, 0, 516, 517, + 518, 519, 520, 0, 522, 523, 0, 0, 526, 527, + 0, 0, 530, 531, 532, 0, 534, 0, 536, 537, + 0, 0, 538, 539, 0, 540, 541, 542, 543, 0, + 545, 546, 0, 548, 0, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 0, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 0, 581, 582, 0, 584, + 585, 586, 587, 174, 175, 590, 591, 0, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 0, 0, 611, 612, 0, 0, + 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 21, 0, 180, 0, 0, 0, 0, 0, 0, - 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, + 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, + 0, 914, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, - 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, + 177, 0, 0, 0, 0, 0, 0, 915, 0, 0, + 0, 14, 0, 0, 916, 0, 0, 0, 0, 178, + 0, 0, 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 918, 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, + 0, 0, 21, 0, 180, 0, 0, 0, 0, 0, + 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, + 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, + 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 40, 0, - 0, 0, 0, 186, 187, 188, 922, 190, 191, 0, - 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 0, 209, - 210, 211, 212, 213, 214, 215, 216, 0, 923, 0, - 0, 220, 221, 222, 223, 224, 0, 0, 227, 228, - 229, 230, 231, 0, 0, 0, 235, 236, 237, 238, - 239, 924, 241, 242, 243, 244, 0, 0, 0, 0, - 0, 0, 250, 0, 252, 0, 254, 255, 0, 257, - 258, 259, 260, 261, 262, 0, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 0, - 278, 0, 279, 280, 281, 282, 283, 284, 285, 0, - 287, 288, 289, 290, 5666, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 0, 0, 0, 306, - 0, 925, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 0, 0, 0, 0, 0, 322, 323, - 926, 325, 326, 327, 0, 329, 330, 0, 332, 333, - 0, 0, 335, 0, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 0, 349, 350, 351, 352, - 353, 354, 355, 356, 357, 0, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 0, 428, 429, 430, 431, - 432, 433, 434, 435, 0, 436, 437, 438, 439, 927, - 0, 0, 443, 0, 445, 446, 0, 448, 449, 450, - 451, 0, 453, 454, 455, 456, 0, 0, 0, 0, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 0, 488, 0, 490, - 491, 492, 0, 494, 495, 0, 497, 498, 499, 500, - 501, 502, 0, 504, 505, 506, 507, 508, 509, 510, - 0, 512, 513, 514, 0, 516, 517, 518, 519, 520, - 0, 522, 523, 0, 0, 526, 527, 0, 0, 530, - 531, 532, 0, 534, 0, 536, 537, 0, 0, 538, - 539, 0, 540, 541, 542, 543, 0, 545, 546, 0, - 548, 0, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 0, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 0, 581, 582, 0, 584, 585, 586, 587, - 174, 175, 590, 591, 0, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 0, 0, 611, 612, 0, 0, 614, 0, 616, - 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, - 0, 0, 0, 0, 0, 0, 0, 0, 914, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, - 0, 0, 0, 0, 915, 0, 0, 0, 14, 0, - 0, 916, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 16, 0, 0, 917, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 918, 0, - 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 21, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 40, + 0, 0, 0, 0, 186, 187, 188, 922, 190, 191, + 0, 193, 194, 195, 196, 197, 0, 0, 0, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 0, + 209, 210, 211, 212, 213, 214, 215, 216, 0, 923, + 0, 0, 220, 221, 222, 223, 224, 0, 0, 227, + 228, 229, 230, 231, 0, 0, 0, 235, 236, 237, + 238, 239, 924, 241, 242, 243, 244, 0, 0, 0, + 0, 0, 0, 250, 0, 252, 0, 254, 255, 0, + 257, 258, 259, 260, 261, 262, 0, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 0, 278, 0, 279, 280, 281, 282, 283, 284, 285, + 0, 287, 288, 289, 290, 3931, 292, 293, 294, 295, + 296, 297, 298, 299, 300, 301, 302, 0, 0, 0, + 306, 0, 925, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 317, 0, 0, 0, 0, 0, 322, + 323, 926, 325, 326, 327, 0, 329, 330, 0, 332, + 333, 0, 0, 335, 0, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 0, 349, 350, 351, + 352, 353, 354, 355, 356, 357, 0, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, + 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 424, 425, 426, 0, 428, 429, 430, + 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, + 927, 0, 0, 443, 0, 445, 446, 0, 448, 449, + 450, 451, 0, 453, 454, 455, 456, 0, 0, 0, + 0, 461, 462, 463, 464, 465, 466, 467, 468, 469, + 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, + 480, 481, 482, 483, 484, 485, 486, 0, 488, 0, + 490, 491, 492, 0, 494, 495, 0, 497, 498, 499, + 500, 501, 502, 0, 504, 505, 506, 507, 508, 509, + 510, 0, 512, 513, 514, 0, 516, 517, 518, 519, + 520, 0, 522, 523, 0, 0, 526, 527, 0, 0, + 530, 531, 532, 0, 534, 0, 536, 537, 0, 0, + 538, 539, 0, 540, 541, 542, 543, 0, 545, 546, + 0, 548, 0, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 0, 571, 572, 573, 574, 575, 576, + 577, 578, 579, 0, 581, 582, 0, 584, 585, 586, + 587, 174, 175, 590, 591, 0, 593, 594, 595, 596, + 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, + 607, 608, 0, 0, 611, 612, 0, 0, 614, 0, + 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 29, 0, 0, 0, 0, 920, 921, + 6, 0, 0, 0, 0, 0, 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, + 0, 0, 0, 0, 0, 915, 0, 0, 0, 14, + 0, 0, 916, 0, 0, 0, 0, 178, 0, 0, + 0, 0, 0, 16, 0, 0, 917, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 918, + 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 21, 0, 180, 0, 0, 0, 0, 0, 0, 0, + 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 40, 0, 0, 0, - 0, 186, 187, 188, 922, 190, 191, 0, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 0, 209, 210, 211, - 212, 213, 214, 215, 216, 0, 923, 0, 0, 220, - 221, 222, 223, 224, 0, 0, 227, 228, 229, 230, - 231, 0, 0, 0, 235, 236, 237, 238, 239, 924, - 241, 242, 243, 244, 0, 0, 0, 0, 0, 0, - 250, 0, 252, 0, 254, 255, 0, 257, 258, 259, - 260, 261, 262, 0, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 0, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 0, 287, 288, - 289, 290, 0, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 0, 0, 0, 306, 0, 925, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 0, 0, 0, 0, 0, 322, 323, 926, 325, - 326, 327, 0, 329, 330, 0, 332, 333, 0, 0, - 335, 0, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 0, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 0, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 0, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 927, 0, 0, - 443, 0, 445, 446, 0, 448, 449, 450, 451, 0, - 453, 454, 455, 456, 0, 0, 0, 0, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 0, 488, 0, 490, 491, 492, - 0, 494, 495, 0, 497, 498, 499, 500, 501, 502, - 0, 504, 505, 506, 507, 508, 509, 510, 0, 512, - 513, 514, 0, 516, 517, 518, 519, 520, 0, 522, - 523, 0, 0, 526, 527, 0, 0, 530, 531, 532, - 0, 534, 0, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 0, 545, 546, 0, 548, 0, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 0, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 0, 581, 582, 0, 584, 585, 586, 587, 174, 175, - 590, 591, 0, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 0, - 0, 611, 612, 0, 0, 614, 0, 616, 617, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 920, + 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, - 0, 0, 0, 0, 0, 0, 914, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, - 0, 0, 915, 0, 0, 0, 14, 0, 0, 916, - 0, 0, 0, 0, 178, 0, 0, 0, 0, 0, - 16, 0, 0, 917, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 918, 0, 0, 0, - 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 21, 0, 180, - 0, 0, 0, 0, 0, 0, 0, 0, 181, 0, - 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 183, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 40, 0, 0, + 0, 0, 186, 187, 188, 922, 190, 191, 0, 193, + 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 0, 209, 210, + 211, 212, 213, 214, 215, 216, 0, 923, 0, 0, + 220, 221, 222, 223, 224, 0, 0, 227, 228, 229, + 230, 231, 0, 0, 0, 235, 236, 237, 238, 239, + 924, 241, 242, 243, 244, 0, 0, 0, 0, 0, + 0, 250, 0, 252, 0, 254, 255, 0, 257, 258, + 259, 260, 261, 262, 0, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 0, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 0, 287, + 288, 289, 290, 4247, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 0, 0, 0, 306, 0, + 925, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 0, 0, 0, 0, 0, 322, 323, 926, + 325, 326, 327, 0, 329, 330, 0, 332, 333, 0, + 0, 335, 0, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 0, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 0, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 0, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 927, 0, + 0, 443, 0, 445, 446, 0, 448, 449, 450, 451, + 0, 453, 454, 455, 456, 0, 0, 0, 0, 461, + 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 0, 488, 0, 490, 491, + 492, 0, 494, 495, 0, 497, 498, 499, 500, 501, + 502, 0, 504, 505, 506, 507, 508, 509, 510, 0, + 512, 513, 514, 0, 516, 517, 518, 519, 520, 0, + 522, 523, 0, 0, 526, 527, 0, 0, 530, 531, + 532, 0, 534, 0, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 0, 545, 546, 0, 548, + 0, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 0, 571, 572, 573, 574, 575, 576, 577, 578, + 579, 0, 581, 582, 0, 584, 585, 586, 587, 174, + 175, 590, 591, 0, 593, 594, 595, 596, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, + 0, 0, 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 6, 0, + 0, 0, 0, 0, 0, 0, 0, 914, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 185, + 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, + 0, 0, 0, 915, 0, 0, 0, 14, 0, 0, + 916, 0, 0, 0, 0, 178, 0, 0, 0, 0, + 0, 16, 0, 0, 917, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 918, 0, 0, + 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 21, 0, + 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, + 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 29, 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 40, 0, 0, 0, 0, 186, - 187, 188, 922, 190, 191, 0, 193, 194, 195, 196, - 197, 0, 0, 0, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 0, 209, 210, 211, 212, 213, - 214, 215, 216, 0, 923, 0, 0, 220, 221, 222, - 223, 224, 0, 0, 227, 228, 229, 230, 231, 0, - 0, 0, 235, 236, 237, 238, 239, 924, 241, 242, - 243, 244, 0, 0, 0, 0, 0, 0, 250, 0, - 252, 0, 254, 255, 0, 257, 258, 259, 260, 261, - 262, 0, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 0, 278, 0, 279, 280, - 281, 282, 283, 284, 285, 0, 287, 288, 289, 290, - 0, 292, 293, 294, 295, 296, 297, 298, 299, 300, - 301, 302, 0, 0, 0, 306, 0, 925, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 0, - 0, 0, 0, 0, 322, 323, 926, 325, 326, 327, - 0, 329, 330, 0, 332, 333, 0, 0, 335, 0, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 0, 349, 350, 351, 352, 353, 354, 355, 356, - 357, 0, 359, 360, 361, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 426, 0, 428, 429, 430, 431, 432, 433, 434, 435, - 0, 436, 437, 438, 439, 927, 0, 0, 443, 0, - 445, 446, 0, 448, 449, 450, 451, 0, 453, 454, - 455, 456, 0, 0, 0, 0, 461, 462, 463, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, - 485, 486, 0, 488, 0, 490, 491, 492, 0, 494, - 495, 0, 497, 498, 499, 500, 501, 502, 0, 504, - 505, 506, 507, 508, 509, 510, 0, 512, 513, 514, - 0, 516, 517, 518, 519, 520, 0, 522, 523, 0, - 0, 526, 527, 0, 0, 530, 531, 532, 0, 534, - 0, 536, 537, 0, 0, 538, 539, 0, 540, 541, - 542, 543, 0, 545, 546, 0, 548, 0, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 0, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 0, 581, - 582, 0, 584, 585, 586, 587, 174, 175, 590, 1760, - 0, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 0, 0, 611, - 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, + 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 14, 0, 0, 0, 0, 0, - 0, 0, 178, 0, 0, 0, 0, 0, 16, 0, - 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 40, 0, 0, 0, 0, + 186, 187, 188, 922, 190, 191, 0, 193, 194, 195, + 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 0, 209, 210, 211, 212, + 213, 214, 215, 216, 0, 923, 0, 0, 220, 221, + 222, 223, 224, 0, 0, 227, 228, 229, 230, 231, + 0, 0, 0, 235, 236, 237, 238, 239, 924, 241, + 242, 243, 244, 0, 0, 0, 0, 0, 0, 250, + 0, 252, 0, 254, 255, 0, 257, 258, 259, 260, + 261, 262, 0, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 0, 278, 0, 279, + 280, 281, 282, 283, 284, 285, 0, 287, 288, 289, + 290, 5667, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 0, 0, 0, 306, 0, 925, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 0, 0, 0, 0, 0, 322, 323, 926, 325, 326, + 327, 0, 329, 330, 0, 332, 333, 0, 0, 335, + 0, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 0, 349, 350, 351, 352, 353, 354, 355, + 356, 357, 0, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 0, 428, 429, 430, 431, 432, 433, 434, + 435, 0, 436, 437, 438, 439, 927, 0, 0, 443, + 0, 445, 446, 0, 448, 449, 450, 451, 0, 453, + 454, 455, 456, 0, 0, 0, 0, 461, 462, 463, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 484, 485, 486, 0, 488, 0, 490, 491, 492, 0, + 494, 495, 0, 497, 498, 499, 500, 501, 502, 0, + 504, 505, 506, 507, 508, 509, 510, 0, 512, 513, + 514, 0, 516, 517, 518, 519, 520, 0, 522, 523, + 0, 0, 526, 527, 0, 0, 530, 531, 532, 0, + 534, 0, 536, 537, 0, 0, 538, 539, 0, 540, + 541, 542, 543, 0, 545, 546, 0, 548, 0, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 0, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 0, + 581, 582, 0, 584, 585, 586, 587, 174, 175, 590, + 591, 0, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 0, 0, + 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, + 0, 0, 0, 0, 0, 914, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 21, 0, 180, 0, 0, - 0, 0, 0, 0, 0, 0, 181, 0, 0, 0, - 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 183, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, - 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, + 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, + 0, 915, 0, 0, 0, 14, 0, 0, 916, 0, + 0, 0, 0, 178, 0, 0, 0, 0, 0, 16, + 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 918, 0, 0, 0, 0, + 0, 0, 0, 919, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 21, 0, 180, 0, + 0, 0, 0, 0, 0, 0, 0, 181, 0, 0, + 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 183, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, + 29, 0, 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 40, 0, 0, 0, 0, 186, 187, 188, - 922, 190, 191, 0, 193, 194, 195, 196, 197, 0, - 0, 0, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 0, 209, 210, 211, 212, 213, 214, 215, - 216, 0, 923, 0, 0, 220, 221, 222, 223, 224, - 0, 0, 227, 228, 229, 230, 231, 0, 0, 0, - 235, 236, 237, 238, 239, 0, 241, 242, 243, 244, - 0, 0, 0, 0, 0, 0, 250, 0, 252, 0, - 254, 255, 0, 257, 258, 259, 260, 261, 262, 0, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 0, 278, 0, 279, 280, 281, 282, - 283, 284, 285, 0, 287, 288, 289, 290, 0, 292, - 293, 294, 295, 296, 297, 298, 299, 300, 301, 302, - 0, 0, 0, 306, 0, 0, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 317, 0, 0, 0, - 0, 0, 322, 323, 926, 325, 326, 327, 0, 329, - 330, 0, 332, 333, 0, 0, 335, 0, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 0, - 349, 350, 351, 352, 353, 354, 355, 356, 357, 0, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, - 389, 390, 391, 0, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 0, - 428, 429, 430, 431, 432, 433, 434, 435, 0, 436, - 437, 438, 439, 0, 0, 0, 443, 0, 445, 446, - 0, 448, 449, 450, 451, 0, 453, 454, 455, 456, - 0, 0, 0, 0, 461, 462, 463, 464, 465, 466, - 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, - 477, 478, 479, 480, 481, 482, 483, 484, 485, 486, - 0, 488, 0, 490, 491, 492, 0, 494, 495, 0, - 497, 498, 499, 500, 501, 502, 0, 504, 505, 506, - 507, 508, 509, 510, 0, 512, 513, 514, 0, 516, - 517, 518, 519, 520, 0, 522, 523, 0, 0, 526, - 527, 0, 0, 530, 531, 532, 0, 534, 0, 536, - 537, 0, 0, 538, 539, 0, 540, 541, 542, 543, - 0, 545, 546, 0, 548, 0, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 0, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 0, 581, 582, 0, - 584, 585, 586, 587, 174, 175, 590, 591, 0, 593, - 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 0, 0, 611, 612, 0, - 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 40, 0, 0, 0, 0, 186, 187, + 188, 922, 190, 191, 0, 193, 194, 195, 196, 197, + 0, 0, 0, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 0, 209, 210, 211, 212, 213, 214, + 215, 216, 0, 923, 0, 0, 220, 221, 222, 223, + 224, 0, 0, 227, 228, 229, 230, 231, 0, 0, + 0, 235, 236, 237, 238, 239, 924, 241, 242, 243, + 244, 0, 0, 0, 0, 0, 0, 250, 0, 252, + 0, 254, 255, 0, 257, 258, 259, 260, 261, 262, + 0, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 0, 278, 0, 279, 280, 281, + 282, 283, 284, 285, 0, 287, 288, 289, 290, 0, + 292, 293, 294, 295, 296, 297, 298, 299, 300, 301, + 302, 0, 0, 0, 306, 0, 925, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 0, 0, + 0, 0, 0, 322, 323, 926, 325, 326, 327, 0, + 329, 330, 0, 332, 333, 0, 0, 335, 0, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 0, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 0, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 0, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, + 0, 428, 429, 430, 431, 432, 433, 434, 435, 0, + 436, 437, 438, 439, 927, 0, 0, 443, 0, 445, + 446, 0, 448, 449, 450, 451, 0, 453, 454, 455, + 456, 0, 0, 0, 0, 461, 462, 463, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, 478, 479, 480, 481, 482, 483, 484, 485, + 486, 0, 488, 0, 490, 491, 492, 0, 494, 495, + 0, 497, 498, 499, 500, 501, 502, 0, 504, 505, + 506, 507, 508, 509, 510, 0, 512, 513, 514, 0, + 516, 517, 518, 519, 520, 0, 522, 523, 0, 0, + 526, 527, 0, 0, 530, 531, 532, 0, 534, 0, + 536, 537, 0, 0, 538, 539, 0, 540, 541, 542, + 543, 0, 545, 546, 0, 548, 0, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 0, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 0, 581, 582, + 0, 584, 585, 586, 587, 174, 175, 590, 591, 0, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 0, 0, 611, 612, + 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, + 0, 0, 0, 914, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 177, 0, 0, 0, 0, 0, 0, 915, + 0, 0, 0, 14, 0, 0, 916, 0, 0, 0, + 0, 178, 0, 0, 0, 0, 0, 16, 0, 0, + 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 918, 0, 0, 0, 0, 0, 0, + 0, 919, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 21, 0, 180, 0, 0, 0, + 0, 0, 0, 0, 0, 181, 0, 0, 0, 0, + 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 183, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 178, 0, 0, 0, 0, 0, 0, 0, 0, 917, + 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 920, 921, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 180, 0, 0, 0, 0, - 0, 0, 0, 0, 181, 0, 0, 0, 0, 0, - 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 183, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 40, 0, 0, 0, 0, 186, 187, 188, 922, + 190, 191, 0, 193, 194, 195, 196, 197, 0, 0, + 0, 198, 199, 200, 201, 202, 203, 204, 205, 206, + 207, 0, 209, 210, 211, 212, 213, 214, 215, 216, + 0, 923, 0, 0, 220, 221, 222, 223, 224, 0, + 0, 227, 228, 229, 230, 231, 0, 0, 0, 235, + 236, 237, 238, 239, 924, 241, 242, 243, 244, 0, + 0, 0, 0, 0, 0, 250, 0, 252, 0, 254, + 255, 0, 257, 258, 259, 260, 261, 262, 0, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 0, 278, 0, 279, 280, 281, 282, 283, + 284, 285, 0, 287, 288, 289, 290, 0, 292, 293, + 294, 295, 296, 297, 298, 299, 300, 301, 302, 0, + 0, 0, 306, 0, 925, 307, 308, 309, 310, 311, + 312, 313, 314, 315, 316, 317, 0, 0, 0, 0, + 0, 322, 323, 926, 325, 326, 327, 0, 329, 330, + 0, 332, 333, 0, 0, 335, 0, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 0, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 0, 359, + 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, + 390, 391, 0, 392, 393, 394, 395, 396, 397, 398, + 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 426, 0, 428, + 429, 430, 431, 432, 433, 434, 435, 0, 436, 437, + 438, 439, 927, 0, 0, 443, 0, 445, 446, 0, + 448, 449, 450, 451, 0, 453, 454, 455, 456, 0, + 0, 0, 0, 461, 462, 463, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + 478, 479, 480, 481, 482, 483, 484, 485, 486, 0, + 488, 0, 490, 491, 492, 0, 494, 495, 0, 497, + 498, 499, 500, 501, 502, 0, 504, 505, 506, 507, + 508, 509, 510, 0, 512, 513, 514, 0, 516, 517, + 518, 519, 520, 0, 522, 523, 0, 0, 526, 527, + 0, 0, 530, 531, 532, 0, 534, 0, 536, 537, + 0, 0, 538, 539, 0, 540, 541, 542, 543, 0, + 545, 546, 0, 548, 0, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 0, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 0, 581, 582, 0, 584, + 585, 586, 587, 174, 175, 590, 1760, 0, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 0, 0, 611, 612, 0, 0, + 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 185, 0, 0, 0, 0, + 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1541, 0, - 0, 0, 0, 0, 0, 186, 187, 188, 922, 190, - 191, 0, 193, 194, 195, 196, 197, 0, 0, 0, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 0, 209, 210, 211, 212, 213, 214, 215, 216, 0, - 0, 0, 0, 220, 221, 222, 223, 224, 0, 0, - 227, 228, 229, 230, 231, 0, 0, 0, 235, 236, - 237, 238, 239, 0, 241, 242, 243, 244, 0, 0, - 0, 0, 0, 0, 250, 0, 252, 0, 254, 255, - 0, 257, 258, 259, 260, 261, 262, 0, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 0, 278, 0, 279, 280, 281, 282, 283, 284, - 285, 0, 287, 288, 289, 290, 0, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 0, 0, - 0, 306, 0, 0, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 0, 0, 0, 0, 0, - 322, 323, 926, 325, 326, 327, 0, 329, 330, 0, - 332, 333, 0, 0, 335, 0, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 0, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 0, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 0, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 0, 428, 429, - 430, 431, 432, 433, 434, 435, 0, 436, 437, 438, - 439, 0, 0, 0, 443, 0, 445, 446, 0, 448, - 449, 450, 451, 0, 453, 454, 455, 456, 0, 0, - 0, 0, 461, 462, 463, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, 478, - 479, 480, 481, 482, 483, 484, 485, 486, 0, 488, - 0, 490, 491, 492, 0, 494, 495, 0, 497, 498, - 499, 500, 501, 502, 0, 504, 505, 506, 507, 508, - 509, 510, 0, 512, 513, 514, 0, 516, 517, 518, - 519, 520, 0, 522, 523, 0, 0, 526, 527, 0, - 0, 530, 531, 532, 0, 534, 0, 536, 537, 0, - 0, 538, 539, 0, 540, 541, 542, 543, 0, 545, - 546, 0, 548, 0, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 0, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 0, 581, 582, 0, 584, 585, - 586, 587, 174, 175, 590, 591, 0, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 0, 0, 611, 612, 0, 0, 614, - 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, + 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 178, + 0, 0, 0, 0, 0, 0, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 180, 0, 0, 0, 0, 0, + 0, 0, 0, 181, 0, 0, 0, 0, 0, 0, + 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 183, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 178, 0, - 0, 0, 0, 0, 0, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 180, 0, 0, 0, 0, 0, 0, - 0, 0, 181, 0, 0, 0, 0, 0, 0, 182, + 0, 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 183, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1541, 0, 0, + 0, 0, 0, 0, 186, 187, 188, 922, 190, 191, + 0, 193, 194, 195, 196, 197, 0, 0, 0, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 0, + 209, 210, 211, 212, 213, 214, 215, 216, 0, 0, + 0, 0, 220, 221, 222, 223, 224, 0, 0, 227, + 228, 229, 230, 231, 0, 0, 0, 235, 236, 237, + 238, 239, 0, 241, 242, 243, 244, 0, 0, 0, + 0, 0, 0, 250, 0, 252, 0, 254, 255, 0, + 257, 258, 259, 260, 261, 262, 0, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 0, 278, 0, 279, 280, 281, 282, 283, 284, 285, + 0, 287, 288, 289, 290, 0, 292, 293, 294, 295, + 296, 297, 298, 299, 300, 301, 302, 0, 0, 0, + 306, 0, 0, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 317, 0, 0, 0, 0, 0, 322, + 323, 926, 325, 326, 327, 0, 329, 330, 0, 332, + 333, 0, 0, 335, 0, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 0, 349, 350, 351, + 352, 353, 354, 355, 356, 357, 0, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, + 0, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 421, 422, 423, 424, 425, 426, 0, 428, 429, 430, + 431, 432, 433, 434, 435, 0, 436, 437, 438, 439, + 0, 0, 0, 443, 0, 445, 446, 0, 448, 449, + 450, 451, 0, 453, 454, 455, 456, 0, 0, 0, + 0, 461, 462, 463, 464, 465, 466, 467, 468, 469, + 470, 471, 472, 473, 474, 475, 476, 477, 478, 479, + 480, 481, 482, 483, 484, 485, 486, 0, 488, 0, + 490, 491, 492, 0, 494, 495, 0, 497, 498, 499, + 500, 501, 502, 0, 504, 505, 506, 507, 508, 509, + 510, 0, 512, 513, 514, 0, 516, 517, 518, 519, + 520, 0, 522, 523, 0, 0, 526, 527, 0, 0, + 530, 531, 532, 0, 534, 0, 536, 537, 0, 0, + 538, 539, 0, 540, 541, 542, 543, 0, 545, 546, + 0, 548, 0, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 0, 571, 572, 573, 574, 575, 576, + 577, 578, 579, 0, 581, 582, 0, 584, 585, 586, + 587, 174, 175, 590, 591, 0, 593, 594, 595, 596, + 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, + 607, 608, 0, 0, 611, 612, 0, 0, 614, 0, + 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 185, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 178, 0, 0, + 0, 0, 0, 0, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1552, 0, 0, 0, - 0, 0, 0, 186, 187, 188, 922, 190, 191, 0, - 193, 194, 195, 196, 197, 0, 0, 0, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 0, 209, - 210, 211, 212, 213, 214, 215, 216, 0, 0, 0, - 0, 220, 221, 222, 223, 224, 0, 0, 227, 228, - 229, 230, 231, 0, 0, 0, 235, 236, 237, 238, - 239, 0, 241, 242, 243, 244, 0, 0, 0, 0, - 0, 0, 250, 0, 252, 0, 254, 255, 0, 257, - 258, 259, 260, 261, 262, 0, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 0, - 278, 0, 279, 280, 281, 282, 283, 284, 285, 0, - 287, 288, 289, 290, 0, 292, 293, 294, 295, 296, - 297, 298, 299, 300, 301, 302, 0, 0, 0, 306, - 0, 0, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 0, 0, 0, 0, 0, 322, 323, - 926, 325, 326, 327, 0, 329, 330, 0, 332, 333, - 0, 0, 335, 0, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 0, 349, 350, 351, 352, - 353, 354, 355, 356, 357, 0, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 0, 428, 429, 430, 431, - 432, 433, 434, 435, 0, 436, 437, 438, 439, 0, - 0, 0, 443, 0, 445, 446, 0, 448, 449, 450, - 451, 0, 453, 454, 455, 456, 0, 0, 0, 0, - 461, 462, 463, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, 478, 479, 480, - 481, 482, 483, 484, 485, 486, 0, 488, 0, 490, - 491, 492, 0, 494, 495, 0, 497, 498, 499, 500, - 501, 502, 0, 504, 505, 506, 507, 508, 509, 510, - 0, 512, 513, 514, 0, 516, 517, 518, 519, 520, - 0, 522, 523, 0, 0, 526, 527, 0, 0, 530, - 531, 532, 0, 534, 0, 536, 537, 0, 0, 538, - 539, 0, 540, 541, 542, 543, 0, 545, 546, 0, - 548, 0, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 0, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 0, 581, 582, 0, 584, 585, 586, 587, - 174, 175, 590, 591, 0, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 0, 0, 611, 612, 0, 0, 614, 0, 616, - 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 176, + 0, 0, 180, 0, 0, 0, 0, 0, 0, 0, + 0, 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 183, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 178, 0, 0, 0, - 0, 0, 0, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 180, 0, 0, 0, 0, 0, 0, 0, 0, - 181, 0, 0, 0, 0, 0, 0, 182, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 183, + 0, 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 184, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1552, 0, 0, 0, 0, + 0, 0, 186, 187, 188, 922, 190, 191, 0, 193, + 194, 195, 196, 197, 0, 0, 0, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 0, 209, 210, + 211, 212, 213, 214, 215, 216, 0, 0, 0, 0, + 220, 221, 222, 223, 224, 0, 0, 227, 228, 229, + 230, 231, 0, 0, 0, 235, 236, 237, 238, 239, + 0, 241, 242, 243, 244, 0, 0, 0, 0, 0, + 0, 250, 0, 252, 0, 254, 255, 0, 257, 258, + 259, 260, 261, 262, 0, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 0, 278, + 0, 279, 280, 281, 282, 283, 284, 285, 0, 287, + 288, 289, 290, 0, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 0, 0, 0, 306, 0, + 0, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 0, 0, 0, 0, 0, 322, 323, 926, + 325, 326, 327, 0, 329, 330, 0, 332, 333, 0, + 0, 335, 0, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 0, 349, 350, 351, 352, 353, + 354, 355, 356, 357, 0, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 0, 428, 429, 430, 431, 432, + 433, 434, 435, 0, 436, 437, 438, 439, 0, 0, + 0, 443, 0, 445, 446, 0, 448, 449, 450, 451, + 0, 453, 454, 455, 456, 0, 0, 0, 0, 461, + 462, 463, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, 478, 479, 480, 481, + 482, 483, 484, 485, 486, 0, 488, 0, 490, 491, + 492, 0, 494, 495, 0, 497, 498, 499, 500, 501, + 502, 0, 504, 505, 506, 507, 508, 509, 510, 0, + 512, 513, 514, 0, 516, 517, 518, 519, 520, 0, + 522, 523, 0, 0, 526, 527, 0, 0, 530, 531, + 532, 0, 534, 0, 536, 537, 0, 0, 538, 539, + 0, 540, 541, 542, 543, 0, 545, 546, 0, 548, + 0, 550, 551, 552, 553, 554, 555, 556, 557, 558, + 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, + 569, 0, 571, 572, 573, 574, 575, 576, 577, 578, + 579, 0, 581, 582, 0, 584, 585, 586, 587, 174, + 175, 590, 591, 0, 593, 594, 595, 596, 597, 598, + 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, + 0, 0, 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 176, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 185, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 177, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 178, 0, 0, 0, 0, + 0, 0, 0, 0, 917, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 186, 187, 188, 922, 190, 191, 0, 193, 194, - 195, 196, 197, 0, 0, 0, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 0, 209, 210, 211, - 212, 213, 214, 215, 216, 0, 0, 0, 0, 220, - 221, 222, 223, 224, 0, 0, 227, 228, 229, 230, - 231, 0, 0, 0, 235, 236, 237, 238, 239, 0, - 241, 242, 243, 244, 0, 0, 0, 0, 0, 0, - 250, 0, 252, 0, 254, 255, 0, 257, 258, 259, - 260, 261, 262, 0, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 0, 278, 0, - 279, 280, 281, 282, 283, 284, 285, 0, 287, 288, - 289, 290, 0, 292, 293, 294, 295, 296, 297, 298, - 299, 300, 301, 302, 0, 0, 0, 306, 0, 0, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 317, 0, 0, 0, 0, 0, 322, 323, 926, 325, - 326, 327, 0, 329, 330, 0, 332, 333, 0, 0, - 335, 0, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 0, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 0, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 0, 428, 429, 430, 431, 432, 433, - 434, 435, 0, 436, 437, 438, 439, 0, 0, 0, - 443, 0, 445, 446, 0, 448, 449, 450, 451, 0, - 453, 454, 455, 456, 0, 0, 0, 0, 461, 462, - 463, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, 478, 479, 480, 481, 482, - 483, 484, 485, 486, 0, 488, 0, 490, 491, 492, - 0, 494, 495, 0, 497, 498, 499, 500, 501, 502, - 0, 504, 505, 506, 507, 508, 509, 510, 0, 512, - 513, 514, 0, 516, 517, 518, 519, 520, 0, 522, - 523, 0, 0, 526, 527, 0, 0, 530, 531, 532, - 0, 534, 0, 536, 537, 0, 0, 538, 539, 0, - 540, 541, 542, 543, 0, 545, 546, 0, 548, 0, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 0, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 0, 581, 582, 0, 584, 585, 586, 587, 0, 0, - 590, 591, 0, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 174, - 175, 611, 612, 0, 0, 614, 0, 616, 617, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, - 3483, 3484, 3485, 3486, 3487, 3488, 0, 3489, 3490, 3491, - 3492, 0, 0, 3493, 3494, 3495, 3496, 3497, 3498, 3499, - 3500, 3501, 3502, 3503, 0, 3504, 3505, 3506, 3507, 3508, - 3509, 3510, 3511, 3512, 3513, 3514, 0, 3515, 176, 3516, - 3517, 3518, 3519, 3520, 3521, 3522, 3523, 3524, 3525, 3526, - 3527, 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, 3536, - 3537, 3538, 3539, 3540, 3541, 3542, 177, 3543, 3544, 3545, - 3546, 3547, 3548, 3549, 3550, 3551, 3552, 0, 3553, 3554, - 3555, 3556, 3557, 0, 0, 178, 3558, 3559, 3560, 3561, - 3562, 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, - 3572, 3573, 3574, 3575, 3576, 3577, 3578, 3579, 3580, 3581, - 3582, 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, - 3592, 3593, 0, 3594, 3595, 0, 0, 0, 3596, 3597, - 180, 3598, 3599, 3600, 3601, 0, 0, 0, 3602, 181, - 3603, 3604, 3605, 3606, 3607, 3608, 182, 3609, 3610, 3611, - 3612, 3613, 3614, 0, 3615, 3616, 3617, 3618, 183, 3619, - 3620, 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, 184, - 3629, 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, - 3639, 3640, 3641, 3642, 3643, 0, 3644, 3645, 3646, 3647, - 3648, 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, - 3658, 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 0, - 3667, 3668, 0, 3669, 3670, 3671, 3672, 3673, 3674, 3675, - 3676, 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, - 185, 3686, 3687, 3688, 3689, 0, 0, 0, 3690, 3691, - 3692, 3693, 3694, 3695, 3696, 3697, 3698, 3699, 3700, 3701, - 3702, 3703, 3704, 3705, 3706, 3707, 3708, 0, 3709, 3710, - 3711, 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, - 186, 187, 188, 0, 190, 191, 192, 193, 194, 195, - 196, 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - 213, 214, 215, 216, 217, 218, 0, 219, 0, 221, - 0, 0, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 0, 0, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 0, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 3724, 3725, 276, 277, 278, 0, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 0, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 0, 0, 307, - 308, 309, 310, 311, 312, 313, 314, 315, 316, 0, - 318, 319, 320, 0, 321, 322, 323, 0, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 0, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - 0, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 180, 0, 0, 0, 0, 0, 0, 0, 0, 181, + 0, 0, 0, 0, 0, 0, 182, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 183, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 184, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 185, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 186, 187, 188, 922, 190, 191, 0, 193, 194, 195, + 196, 197, 0, 0, 0, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 0, 209, 210, 211, 212, + 213, 214, 215, 216, 0, 0, 0, 0, 220, 221, + 222, 223, 224, 0, 0, 227, 228, 229, 230, 231, + 0, 0, 0, 235, 236, 237, 238, 239, 0, 241, + 242, 243, 244, 0, 0, 0, 0, 0, 0, 250, + 0, 252, 0, 254, 255, 0, 257, 258, 259, 260, + 261, 262, 0, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 0, 278, 0, 279, + 280, 281, 282, 283, 284, 285, 0, 287, 288, 289, + 290, 0, 292, 293, 294, 295, 296, 297, 298, 299, + 300, 301, 302, 0, 0, 0, 306, 0, 0, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 0, 0, 0, 0, 0, 322, 323, 926, 325, 326, + 327, 0, 329, 330, 0, 332, 333, 0, 0, 335, + 0, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 0, 349, 350, 351, 352, 353, 354, 355, + 356, 357, 0, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 0, 392, 393, 394, - 395, 396, 397, 398, 0, 400, 401, 402, 403, 404, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 0, 3726, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 0, 0, 0, - 435, 3727, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 0, - 0, 475, 476, 477, 478, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 0, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 0, 519, 520, 521, 522, 523, - 524, 3728, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, 536, 537, 0, 0, 538, 539, 0, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 0, 428, 429, 430, 431, 432, 433, 434, + 435, 0, 436, 437, 438, 439, 0, 0, 0, 443, + 0, 445, 446, 0, 448, 449, 450, 451, 0, 453, + 454, 455, 456, 0, 0, 0, 0, 461, 462, 463, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, 478, 479, 480, 481, 482, 483, + 484, 485, 486, 0, 488, 0, 490, 491, 492, 0, + 494, 495, 0, 497, 498, 499, 500, 501, 502, 0, + 504, 505, 506, 507, 508, 509, 510, 0, 512, 513, + 514, 0, 516, 517, 518, 519, 520, 0, 522, 523, + 0, 0, 526, 527, 0, 0, 530, 531, 532, 0, + 534, 0, 536, 537, 0, 0, 538, 539, 0, 540, + 541, 542, 543, 0, 545, 546, 0, 548, 0, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 0, 569, 570, - 0, 572, 573, 3729, 575, 576, 577, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 0, 3730, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 0, 610, - 611, 612, 613, 0, 614, 615, 616 + 561, 562, 563, 564, 565, 566, 567, 568, 569, 0, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 0, + 581, 582, 0, 584, 585, 586, 587, 0, 0, 590, + 591, 0, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 174, 175, + 611, 612, 0, 0, 614, 0, 616, 617, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3478, 3479, 3480, 3481, 3482, 3483, + 3484, 3485, 3486, 3487, 3488, 0, 3489, 3490, 3491, 3492, + 0, 0, 3493, 3494, 3495, 3496, 3497, 3498, 3499, 3500, + 3501, 3502, 3503, 0, 3504, 3505, 3506, 3507, 3508, 3509, + 3510, 3511, 3512, 3513, 3514, 0, 3515, 176, 3516, 3517, + 3518, 3519, 3520, 3521, 3522, 3523, 3524, 3525, 3526, 3527, + 3528, 3529, 3530, 3531, 3532, 3533, 3534, 3535, 3536, 3537, + 3538, 3539, 3540, 3541, 3542, 177, 3543, 3544, 3545, 3546, + 3547, 3548, 3549, 3550, 3551, 3552, 0, 3553, 3554, 3555, + 3556, 3557, 0, 0, 178, 3558, 3559, 3560, 3561, 3562, + 3563, 3564, 3565, 3566, 3567, 3568, 3569, 3570, 3571, 3572, + 3573, 3574, 3575, 3576, 3577, 3578, 3579, 3580, 3581, 3582, + 3583, 3584, 3585, 3586, 3587, 3588, 3589, 3590, 3591, 3592, + 3593, 0, 3594, 3595, 0, 0, 0, 3596, 3597, 180, + 3598, 3599, 3600, 3601, 0, 0, 0, 3602, 181, 3603, + 3604, 3605, 3606, 3607, 3608, 182, 3609, 3610, 3611, 3612, + 3613, 3614, 0, 3615, 3616, 3617, 3618, 183, 3619, 3620, + 3621, 3622, 3623, 3624, 3625, 3626, 3627, 3628, 184, 3629, + 3630, 3631, 3632, 3633, 3634, 3635, 3636, 3637, 3638, 3639, + 3640, 3641, 3642, 3643, 0, 3644, 3645, 3646, 3647, 3648, + 3649, 3650, 3651, 3652, 3653, 3654, 3655, 3656, 3657, 3658, + 3659, 3660, 3661, 3662, 3663, 3664, 3665, 3666, 0, 3667, + 3668, 0, 3669, 3670, 3671, 3672, 3673, 3674, 3675, 3676, + 3677, 3678, 3679, 3680, 3681, 3682, 3683, 3684, 3685, 185, + 3686, 3687, 3688, 3689, 0, 0, 0, 3690, 3691, 3692, + 3693, 3694, 3695, 3696, 3697, 3698, 3699, 3700, 3701, 3702, + 3703, 3704, 3705, 3706, 3707, 3708, 0, 3709, 3710, 3711, + 3712, 3713, 3714, 3715, 3716, 3717, 3718, 3719, 3720, 186, + 187, 188, 0, 190, 191, 192, 193, 194, 195, 196, + 197, 3721, 3722, 3723, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, + 214, 215, 216, 217, 218, 0, 219, 0, 221, 0, + 0, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 0, 0, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 0, 250, 251, + 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 3724, 3725, 276, 277, 278, 0, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, + 291, 292, 293, 294, 0, 296, 297, 298, 299, 300, + 301, 302, 303, 304, 305, 306, 0, 0, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 0, 318, + 319, 320, 0, 321, 322, 323, 0, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 0, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 347, 348, 349, 350, 351, 352, 353, 354, 355, 0, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 0, 392, 393, 394, 395, + 396, 397, 398, 0, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 0, 3726, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 0, 0, 0, 435, + 3727, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 0, 0, + 475, 476, 477, 478, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 0, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 0, 519, 520, 521, 522, 523, 524, + 3728, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, 536, 537, 0, 0, 538, 539, 0, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 0, 569, 570, 0, + 572, 573, 3729, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 0, 3730, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 0, 610, 611, + 612, 613, 0, 614, 615, 616 }; static const yytype_int16 yycheck[] = { - 5, 165, 0, 44, 0, 770, 1690, 68, 163, 928, - 0, 688, 1754, 1896, 1741, 2560, 1597, 1948, 800, 775, - 173, 26, 688, 689, 780, 30, 782, 22, 1413, 1603, - 35, 1922, 667, 38, 1381, 688, 45, 1384, 0, 1243, - 162, 688, 0, 794, 2568, 3219, 51, 1947, 683, 1550, - 2113, 3296, 57, 3381, 1378, 2517, 61, 52, 1185, 2033, - 1187, 1188, 1643, 58, 688, 2062, 978, 914, 1195, 916, - 68, 918, 919, 3403, 688, 714, 4018, 2871, 925, 1010, - 4103, 2573, 3069, 3070, 3093, 3265, 4002, 4103, 656, 1673, - 4511, 656, 2717, 3279, 1519, 1149, 2647, 3139, 2580, 1634, - 1353, 2882, 2883, 2899, 1612, 2901, 1870, 2578, 1692, 4527, - 3523, 1812, 1813, 731, 31, 1372, 734, 3297, 686, 124, - 2902, 686, 2758, 2189, 1421, 1309, 633, 1754, 2081, 800, - 1421, 2898, 667, 173, 1819, 2902, 2677, 135, 173, 2990, - 3998, 173, 3188, 173, 1384, 135, 1470, 838, 683, 4631, - 173, 156, 157, 688, 1839, 160, 3352, 162, 688, 754, - 3264, 756, 3523, 2052, 4745, 760, 761, 3729, 3155, 1081, - 1082, 1083, 4103, 135, 4959, 173, 124, 173, 1863, 1864, - 3987, 4588, 1094, 173, 2489, 2686, 124, 3968, 695, 5278, - 5277, 4588, 1727, 1728, 1729, 1730, 1731, 1732, 1733, 1734, - 1735, 1736, 1737, 1738, 1739, 1712, 4588, 4539, 2676, 2677, - 3048, 173, 2103, 1720, 1721, 12, 1723, 1724, 1919, 4589, - 3724, 4591, 15, 15, 4594, 3729, 3290, 4193, 4194, 4255, - 4196, 3344, 1151, 6, 7, 4201, 6, 7, 4608, 4265, - 42, 4207, 26, 28, 4640, 4265, 4272, 6, 7, 5242, - 6, 7, 4272, 6, 7, 4736, 2797, 6, 7, 6, - 7, 3536, 47, 31, 65, 1449, 11, 12, 3235, 2200, - 31, 3489, 16, 17, 31, 26, 6, 7, 42, 42, - 53, 3319, 127, 3501, 26, 24, 25, 26, 3139, 28, - 4985, 30, 119, 32, 31, 53, 3709, 31, 60, 24, - 25, 26, 26, 28, 50, 30, 26, 32, 42, 4433, - 127, 31, 47, 127, 128, 1222, 781, 3730, 26, 26, - 827, 2807, 183, 53, 54, 152, 3368, 26, 5188, 2797, - 24, 25, 26, 204, 28, 245, 30, 1244, 32, 207, - 99, 204, 1245, 26, 33, 26, 33, 179, 26, 81, - 42, 174, 41, 67, 41, 204, 42, 99, 42, 31, - 42, 50, 42, 50, 31, 204, 4153, 123, 243, 2840, - 160, 122, 42, 143, 123, 14, 26, 33, 5298, 914, - 1881, 916, 42, 918, 919, 41, 158, 172, 47, 42, - 925, 99, 2884, 928, 50, 269, 4500, 127, 3407, 33, - 33, 233, 42, 300, 43, 44, 31, 41, 41, 47, - 2608, 782, 168, 143, 71, 147, 50, 50, 99, 168, - 53, 99, 33, 89, 931, 65, 158, 311, 1482, 308, - 41, 14, 311, 33, 166, 4980, 316, 40, 168, 50, - 300, 41, 452, 143, 282, 127, 33, 282, 4514, 99, - 50, 320, 255, 3462, 41, 47, 40, 33, 255, 1513, - 43, 44, 194, 50, 1997, 41, 293, 5673, 107, 395, - 160, 55, 295, 5399, 50, 54, 51, 207, 40, 179, - 335, 380, 143, 638, 268, 143, 391, 642, 218, 644, - 47, 646, 647, 394, 649, 650, 651, 5584, 143, 240, - 63, 395, 168, 306, 53, 40, 53, 584, 3726, 306, - 255, 31, 151, 14, 259, 316, 246, 3368, 250, 316, - 209, 2452, 209, 576, 107, 51, 4921, 682, 80, 104, - 101, 245, 5439, 581, 656, 3986, 3987, 89, 425, 145, - 291, 1966, 43, 44, 4968, 584, 278, 300, 35, 36, - 37, 4975, 39, 209, 193, 174, 233, 10, 314, 75, - 122, 306, 332, 40, 686, 314, 1951, 151, 151, 299, - 766, 316, 14, 183, 204, 209, 209, 179, 104, 1270, - 10, 736, 737, 167, 314, 707, 57, 4983, 1353, 204, - 730, 99, 204, 4193, 197, 417, 145, 431, 209, 721, - 5844, 43, 44, 5184, 31, 631, 107, 6304, 618, 209, - 193, 160, 33, 197, 3868, 3869, 1151, 1009, 47, 815, - 41, 1239, 209, 1241, 1016, 634, 695, 373, 317, 50, - 317, 390, 57, 209, 382, 197, 28, 218, 30, 5883, - 202, 299, 1769, 1035, 1036, 153, 71, 167, 788, 2549, - 655, 656, 4103, 6350, 299, 239, 4598, 1784, 545, 1415, - 96, 317, 197, 316, 690, 107, 300, 1579, 1580, 156, - 1601, 493, 3439, 2020, 127, 680, 4702, 106, 2561, 748, - 40, 686, 4702, 317, 317, 4616, 763, 1618, 345, 5170, - 50, 33, 193, 316, 816, 55, 701, 127, 2199, 41, - 316, 754, 707, 858, 859, 3246, 317, 128, 50, 1763, - 4310, 316, 4738, 370, 723, 720, 721, 317, 4738, 155, - 197, 237, 731, 342, 763, 734, 297, 282, 122, 291, - 317, 2705, 854, 463, 5660, 4701, 1989, 1332, 791, 288, - 1335, 317, 597, 791, 1339, 1340, 1341, 2000, 753, 1344, - 1345, 193, 498, 300, 3255, 2052, 1810, 658, 3259, 4263, - 339, 2052, 252, 4729, 681, 770, 1437, 4733, 4096, 1460, - 4796, 300, 720, 4186, 4740, 4188, 4796, 4190, 3246, 479, - 2020, 791, 787, 781, 4197, 143, 476, 288, 209, 123, - 382, 151, 1483, 5999, 314, 800, 695, 300, 4211, 235, - 2691, 2798, 4215, 3999, 3109, 463, 412, 167, 202, 3851, - 3272, 816, 4225, 233, 5721, 2746, 418, 5625, 463, 496, - 825, 179, 770, 1754, 662, 581, 695, 4188, 733, 4190, - 1742, 572, 581, 838, 168, 438, 4197, 197, 33, 388, - 845, 282, 847, 3388, 5389, 850, 41, 852, 1519, 854, - 635, 296, 857, 4957, 4215, 50, 481, 3844, 3056, 693, - 2368, 2369, 788, 136, 4225, 2550, 2608, 209, 691, 654, - 730, 643, 282, 4660, 319, 508, 711, 751, 1569, 239, - 760, 791, 923, 668, 5365, 2816, 2393, 2394, 2788, 2396, - 2397, 808, 789, 5813, 791, 5290, 317, 291, 3885, 5759, - 3887, 3888, 796, 438, 788, 4971, 691, 3393, 913, 1816, - 915, 1818, 1480, 5839, 1821, 2099, 791, 796, 618, 924, - 791, 1456, 927, 791, 585, 597, 1833, 788, 791, 1836, - 597, 763, 930, 1840, 930, 940, 853, 33, 855, 674, - 930, 551, 791, 1408, 706, 41, 791, 33, 3419, 750, - 3988, 1590, 791, 5648, 50, 41, 702, 1722, 1861, 1866, - 1867, 1868, 789, 4238, 50, 913, 4184, 4185, 930, 771, - 33, 33, 33, 5668, 791, 317, 667, 791, 41, 41, - 41, 2608, 1764, 14, 4202, 788, 4099, 50, 50, 50, - 4208, 788, 683, 777, 796, 788, 788, 688, 771, 4217, - 3851, 4219, 4220, 4221, 5400, 4223, 4224, 771, 771, 5133, - 6097, 6100, 6099, 771, 209, 4233, 4234, 4235, 4236, 4237, - 788, 3859, 795, 1084, 6017, 795, 777, 788, 1667, 3996, - 5511, 788, 796, 796, 1541, 777, 795, 771, 2802, 795, - 788, 771, 795, 788, 1415, 1552, 795, 791, 795, 4500, - 789, 788, 633, 777, 1176, 1837, 564, 777, 5465, 791, - 850, 532, 852, 1185, 789, 795, 1188, 5090, 5465, 777, - 777, 1193, 647, 5405, 5090, 5407, 107, 791, 777, 771, - 737, 1086, 789, 5465, 791, 771, 1084, 771, 1084, 771, - 789, 771, 791, 1764, 777, 789, 777, 5467, 682, 777, - 789, 771, 1224, 769, 796, 1870, 789, 794, 791, 2163, - 796, 771, 796, 209, 6201, 6202, 796, 674, 771, 1796, - 4901, 647, 317, 209, 437, 6212, 796, 777, 4382, 788, - 1796, 771, 695, 789, 407, 774, 775, 776, 777, 778, - 779, 780, 781, 1796, 1149, 1881, 209, 209, 209, 1796, - 788, 2684, 2685, 4960, 1350, 582, 711, 791, 791, 5090, - 766, 791, 193, 653, 107, 4616, 1837, 724, 791, 2088, - 597, 1176, 1796, 5655, 5755, 791, 791, 739, 789, 791, - 1185, 6425, 1796, 1188, 5460, 6272, 791, 742, 1193, 789, - 255, 774, 775, 776, 777, 778, 779, 780, 781, 751, - 6008, 776, 789, 1771, 791, 1800, 1771, 4058, 4059, 532, - 791, 4062, 4063, 789, 99, 791, 636, 4068, 4069, 1224, - 439, 317, 771, 914, 1989, 916, 671, 918, 919, 4791, - 1239, 317, 1241, 4795, 925, 2000, 2001, 928, 5662, 1930, - 5664, 306, 72, 663, 1285, 198, 4097, 581, 169, 282, - 193, 316, 1374, 1760, 317, 317, 317, 1262, 1411, 1264, - 618, 1796, 791, 699, 1269, 1270, 1796, 796, 6053, 6054, - 711, 1209, 1520, 774, 775, 776, 777, 778, 779, 780, - 781, 1286, 3182, 1438, 771, 772, 773, 4791, 791, 33, - 1295, 4795, 1353, 796, 1912, 1966, 3179, 41, 97, 572, - 2051, 711, 1311, 33, 1309, 1310, 50, 3207, 67, 230, - 751, 41, 1250, 99, 3056, 1933, 1264, 202, 4422, 6004, - 50, 1269, 682, 33, 160, 1330, 154, 337, 3217, 99, - 233, 41, 4528, 775, 776, 777, 778, 779, 780, 781, - 50, 751, 2546, 233, 2471, 739, 2643, 2278, 1353, 1354, - 475, 380, 2643, 209, 316, 1353, 116, 1353, 1480, 123, - 33, 2488, 4548, 227, 2711, 2492, 2713, 2714, 41, 1374, - 791, 1411, 4785, 1968, 1969, 380, 1411, 50, 233, 1411, - 373, 1411, 1977, 1978, 1979, 3930, 380, 1392, 1411, 362, - 2056, 397, 2927, 71, 2448, 2449, 2821, 1965, 3464, 227, - 4025, 4447, 3355, 53, 168, 1353, 382, 4394, 1413, 1414, - 1408, 1420, 2665, 1411, 4039, 1411, 1333, 1334, 2671, 1424, - 2474, 1411, 2140, 5699, 4785, 2722, 50, 114, 227, 3056, - 1435, 2722, 1437, 2124, 2125, 5793, 4423, 789, 375, 791, - 1445, 1446, 755, 207, 1449, 3019, 719, 789, 1570, 1411, - 316, 3035, 3036, 3037, 3038, 1460, 988, 989, 990, 1464, - 1151, 1466, 54, 2199, 3149, 209, 227, 4008, 4009, 3400, - 3051, 2711, 1477, 2713, 2714, 1480, 695, 1482, 1483, 209, - 4544, 4117, 5508, 4547, 5510, 71, 245, 1435, 5508, 5812, - 5510, 2126, 408, 1278, 47, 2172, 198, 602, 1446, 209, - 259, 81, 1034, 476, 1289, 498, 4957, 595, 1513, 4960, - 3045, 4012, 4013, 3020, 1519, 3022, 1464, 1765, 1466, 2172, - 5054, 3029, 3030, 378, 2159, 2172, 5384, 5385, 145, 179, - 28, 4313, 30, 657, 32, 365, 209, 131, 1543, 33, - 4008, 4009, 14, 160, 42, 555, 4313, 41, 101, 6010, - 1611, 436, 6237, 2088, 5088, 680, 50, 510, 2172, 586, - 14, 2196, 2197, 4550, 1569, 1570, 2750, 147, 53, 5294, - 192, 43, 44, 317, 3879, 5996, 681, 2084, 158, 5997, - 282, 236, 5940, 233, 2841, 367, 166, 317, 509, 43, - 44, 2126, 4443, 496, 3899, 532, 791, 150, 3903, 576, - 179, 413, 414, 467, 390, 1603, 496, 317, 6293, 179, - 232, 617, 2519, 1611, 194, 1611, 2523, 667, 2525, 1741, - 4171, 4172, 584, 393, 2159, 395, 313, 637, 3392, 662, - 2395, 212, 2539, 683, 269, 107, 612, 2172, 688, 5090, - 476, 5607, 2172, 5966, 317, 2552, 2553, 269, 101, 1771, - 19, 20, 33, 107, 452, 1445, 572, 145, 143, 429, - 41, 2196, 2197, 1668, 288, 463, 695, 1672, 467, 50, - 250, 33, 127, 2180, 1679, 1716, 436, 2608, 711, 41, - 510, 2188, 4669, 656, 127, 1690, 56, 1809, 50, 459, - 695, 2198, 370, 789, 3395, 791, 288, 150, 278, 99, - 788, 695, 255, 789, 1702, 791, 467, 1871, 4179, 702, - 6131, 3212, 1702, 466, 3249, 209, 67, 33, 584, 88, - 1668, 193, 308, 788, 1672, 41, 789, 789, 791, 791, - 791, 1679, 2371, 645, 50, 711, 1741, 674, 1743, 193, - 33, 2459, 2460, 1752, 297, 776, 777, 778, 779, 780, - 781, 727, 294, 306, 1759, 390, 2810, 50, 1763, 1764, - 676, 4748, 464, 316, 33, 1456, 1771, 1772, 390, 796, - 33, 388, 41, 71, 259, 73, 33, 754, 41, 332, - 402, 50, 514, 6244, 41, 155, 576, 50, 1793, 710, - 572, 2468, 6045, 50, 346, 6048, 1801, 1802, 1803, 1804, - 1805, 1806, 1807, 1808, 1809, 1810, 1811, 167, 510, 1973, - 1974, 1759, 1817, 572, 299, 2468, 186, 581, 316, 143, - 618, 2468, 592, 317, 3148, 557, 396, 5013, 209, 1834, - 1835, 1840, 1837, 462, 1956, 778, 779, 780, 781, 418, - 6022, 594, 33, 1965, 297, 1967, 427, 209, 390, 128, - 41, 576, 194, 1858, 2468, 1803, 626, 472, 6079, 50, - 1808, 462, 6083, 1811, 914, 1870, 916, 145, 918, 919, - 3194, 5596, 151, 316, 210, 925, 5601, 5602, 928, 6271, - 502, 546, 160, 673, 796, 648, 2008, 2455, 72, 441, - 2455, 4933, 262, 209, 245, 510, 1428, 5431, 2817, 478, - 2665, 4943, 4944, 1912, 304, 305, 2671, 4703, 720, 110, - 1858, 723, 2831, 368, 5448, 33, 286, 5833, 6310, 672, - 3217, 2686, 1870, 41, 1933, 1930, 3217, 5461, 2619, 5463, - 1935, 2566, 50, 2468, 461, 5719, 317, 3284, 2468, 2061, - 209, 5055, 126, 537, 538, 743, 209, 541, 542, 543, - 572, 1956, 209, 2872, 314, 317, 3083, 499, 1963, 10, - 1965, 1966, 1967, 695, 754, 127, 1971, 5081, 4749, 33, - 1975, 1976, 6154, 3100, 2725, 2726, 605, 41, 463, 458, - 3107, 3108, 2600, 33, 1989, 599, 50, 339, 3413, 3414, - 326, 41, 71, 791, 73, 2000, 2001, 452, 6251, 454, - 50, 317, 3255, 2008, 605, 33, 3259, 407, 332, 711, - 3064, 1801, 1802, 41, 1804, 1805, 1806, 1807, 209, 361, - 99, 452, 50, 1971, 317, 174, 2692, 1817, 3919, 754, - 119, 2566, 463, 796, 2881, 2882, 2883, 2802, 3921, 341, - 3094, 1989, 226, 4464, 3284, 1835, 6267, 791, 317, 3396, - 665, 716, 2000, 2001, 317, 170, 2061, 10, 259, 2654, - 317, 791, 2657, 152, 233, 2070, 791, 4041, 2663, 734, - 3394, 2076, 370, 2744, 4071, 2080, 465, 604, 5803, 479, - 5864, 791, 4933, 532, 698, 602, 565, 653, 4393, 544, - 141, 209, 4943, 4944, 2099, 5943, 5944, 4402, 4403, 51, - 2176, 1151, 5515, 2108, 99, 1796, 458, 4589, 497, 2114, - 294, 480, 4594, 763, 55, 761, 789, 4599, 2123, 2124, - 2125, 771, 2070, 33, 458, 3056, 317, 141, 2076, 417, - 730, 41, 120, 218, 2139, 2140, 5200, 252, 5125, 753, - 50, 4766, 6275, 33, 272, 209, 295, 316, 407, 5263, - 2821, 41, 104, 33, 5515, 283, 3396, 5166, 2163, 209, - 50, 41, 2167, 618, 681, 467, 6189, 667, 617, 503, - 50, 5235, 2177, 4655, 6190, 4657, 33, 144, 2183, 4973, - 5222, 209, 571, 683, 41, 1975, 1976, 618, 141, 2194, - 2195, 2139, 2140, 50, 2871, 4820, 796, 282, 5611, 317, - 33, 4622, 5615, 288, 293, 493, 368, 202, 41, 2886, - 151, 6153, 226, 6155, 794, 730, 730, 50, 2871, 2167, - 127, 590, 788, 2758, 2871, 674, 167, 6330, 597, 2177, - 197, 219, 6080, 2886, 603, 788, 6084, 0, 572, 2886, - 3159, 2809, 2240, 136, 2809, 2898, 3165, 6380, 6381, 2902, - 2240, 2898, 57, 317, 5615, 2902, 5436, 2871, 47, 3, - 7, 6364, 2426, 652, 2903, 158, 71, 317, 73, 127, - 771, 178, 2886, 771, 788, 2914, 2915, 33, 776, 777, - 2919, 796, 2817, 3065, 2898, 41, 771, 31, 2902, 317, - 452, 370, 454, 606, 50, 47, 2831, 791, 239, 209, - 6242, 5975, 774, 775, 776, 777, 778, 779, 780, 781, - 679, 390, 743, 33, 207, 47, 174, 106, 3825, 209, - 3827, 41, 776, 777, 778, 779, 780, 781, 2389, 209, - 50, 730, 2971, 2455, 5785, 242, 2871, 2872, 1114, 2344, - 6014, 2871, 5358, 2348, 577, 578, 2881, 2882, 2883, 2988, - 2472, 2886, 209, 3927, 106, 128, 2886, 2362, 788, 117, - 118, 5812, 771, 2898, 47, 5816, 796, 2902, 2898, 57, - 1146, 5222, 2902, 742, 106, 33, 209, 47, 33, 5395, - 5710, 154, 544, 41, 760, 73, 41, 5451, 5644, 788, - 5608, 2389, 50, 2389, 3065, 50, 2344, 2088, 230, 5617, - 2348, 5619, 5620, 5621, 5622, 5623, 1456, 317, 315, 33, - 791, 141, 788, 5669, 914, 5266, 916, 41, 918, 919, - 252, 654, 271, 106, 417, 925, 50, 317, 928, 791, - 6278, 6279, 33, 74, 771, 2126, 106, 317, 4920, 4921, - 796, 6283, 6284, 2448, 2449, 86, 3123, 3124, 206, 50, - 2455, 777, 2574, 209, 2459, 2460, 618, 3123, 3124, 2468, - 317, 776, 777, 789, 153, 791, 33, 2472, 2159, 2474, - 3123, 3124, 2477, 2478, 41, 791, 3123, 3124, 5929, 168, - 215, 2172, 6324, 50, 317, 2607, 4978, 24, 677, 209, - 3255, 28, 227, 30, 3259, 32, 685, 2502, 2503, 3123, - 3124, 690, 777, 2508, 5298, 2196, 2197, 2516, 788, 3123, - 3124, 2459, 2460, 2518, 789, 5966, 796, 5581, 2527, 2524, - 313, 788, 791, 123, 373, 283, 40, 127, 791, 796, - 30, 47, 5983, 4995, 791, 35, 50, 53, 777, 55, - 345, 55, 4425, 4848, 4849, 2621, 2551, 282, 423, 2058, - 789, 209, 3471, 2062, 209, 430, 3307, 3308, 363, 3310, - 3311, 317, 2567, 4340, 789, 370, 791, 4344, 168, 2574, - 2575, 2576, 2694, 33, 174, 4549, 24, 25, 33, 788, - 28, 41, 30, 332, 32, 209, 41, 796, 3123, 3124, - 50, 2600, 327, 3123, 3124, 50, 33, 317, 33, 31, - 791, 2606, 2607, 2551, 41, 5230, 41, 207, 2617, 22, - 2615, 63, 128, 50, 2619, 50, 29, 788, 31, 519, - 520, 2538, 720, 5868, 3159, 796, 724, 3392, 2576, 791, - 3165, 788, 2708, 5807, 534, 5809, 536, 151, 4948, 796, - 2645, 4638, 209, 4953, 2649, 2650, 2651, 320, 2653, 498, - 788, 1151, 789, 167, 791, 2660, 2661, 2662, 796, 317, - 2665, 33, 317, 33, 19, 20, 2671, 33, 788, 41, - 4667, 41, 5093, 791, 788, 41, 796, 789, 50, 791, - 50, 2686, 796, 197, 50, 2690, 154, 2809, 788, 2694, - 2695, 33, 33, 317, 4041, 514, 796, 788, 5762, 41, - 41, 308, 33, 2651, 311, 796, 65, 3911, 50, 50, - 41, 745, 2660, 2503, 2723, 259, 33, 2665, 2508, 50, - 179, 570, 2731, 2671, 41, 239, 788, 791, 2518, 629, - 630, 347, 467, 50, 2524, 113, 114, 115, 2686, 2744, - 788, 791, 3413, 3414, 4428, 2750, 1796, 33, 796, 209, - 317, 50, 33, 4334, 209, 41, 3960, 300, 23, 651, - 41, 26, 27, 791, 50, 5752, 31, 776, 777, 50, - 4278, 4279, 209, 3900, 209, 3902, 5950, 2899, 421, 2901, - 4364, 1300, 128, 6111, 6112, 33, 3439, 1306, 1307, 4852, - 141, 3918, 3439, 41, 754, 2800, 4377, 2802, 33, 4307, - 282, 4041, 50, 2808, 2809, 2810, 41, 3861, 5290, 789, - 789, 791, 791, 33, 33, 50, 2821, 4325, 33, 33, - 712, 41, 41, 715, 464, 3439, 41, 41, 4152, 675, - 50, 50, 57, 675, 33, 50, 50, 209, 789, 209, - 791, 33, 41, 209, 6193, 4690, 71, 789, 73, 41, - 742, 50, 1391, 702, 2802, 1394, 1395, 317, 50, 751, - 2808, 128, 317, 2653, 4709, 5286, 795, 209, 209, 145, - 4867, 2661, 2662, 4718, 5938, 2566, 33, 2886, 209, 4724, - 317, 791, 317, 789, 41, 791, 789, 6061, 791, 4734, - 6064, 667, 209, 50, 2899, 145, 2901, 4742, 4743, 33, - 314, 791, 33, 145, 3439, 33, 789, 41, 791, 3439, - 41, 791, 5537, 41, 127, 764, 50, 23, 33, 50, - 26, 27, 50, 209, 796, 31, 41, 6276, 209, 3005, - 796, 33, 737, 741, 791, 50, 3471, 120, 789, 41, - 791, 5246, 5247, 282, 789, 317, 791, 317, 50, 24, - 4850, 317, 661, 28, 33, 30, 1456, 32, 791, 147, - 440, 209, 41, 57, 3025, 776, 777, 4694, 215, 6318, - 158, 50, 3884, 751, 209, 317, 317, 71, 166, 73, - 227, 581, 789, 288, 791, 5467, 317, 269, 33, 209, - 209, 776, 777, 3157, 209, 209, 41, 3002, 4193, 4194, - 317, 4196, 6340, 6341, 6353, 50, 4201, 788, 3915, 5430, - 209, 5432, 789, 4514, 791, 47, 5437, 209, 4068, 4069, - 33, 3019, 269, 5444, 5445, 114, 3031, 3025, 41, 3025, - 6379, 317, 789, 5454, 791, 791, 317, 50, 2088, 5460, - 1683, 1684, 24, 290, 128, 5569, 28, 151, 30, 33, - 32, 40, 209, 33, 3059, 33, 33, 41, 141, 3064, - 3065, 41, 250, 41, 41, 4639, 50, 2758, 610, 317, - 50, 791, 50, 50, 651, 209, 2126, 789, 209, 791, - 327, 209, 317, 788, 19, 20, 3868, 3869, 479, 3094, - 278, 28, 588, 30, 209, 32, 4420, 317, 317, 789, - 711, 791, 317, 317, 788, 19, 20, 209, 584, 2159, - 5107, 3059, 788, 3111, 3119, 3111, 3121, 789, 317, 791, - 345, 3111, 2172, 5120, 788, 317, 2817, 33, 3292, 789, - 209, 791, 789, 791, 791, 41, 791, 3213, 363, 789, - 2831, 791, 788, 3265, 50, 370, 2196, 2197, 3153, 3111, - 24, 25, 26, 3111, 28, 742, 30, 24, 32, 3164, - 317, 28, 337, 30, 209, 32, 337, 791, 682, 204, - 395, 160, 6053, 6054, 3296, 3297, 337, 355, 356, 555, - 2871, 2872, 4866, 317, 3823, 288, 317, 36, 37, 317, - 2881, 2882, 2883, 440, 19, 20, 209, 3868, 3869, 3981, - 5745, 3210, 317, 204, 18, 19, 20, 2898, 197, 144, - 33, 2902, 3334, 4417, 392, 317, 3164, 789, 41, 791, - 415, 19, 20, 791, 791, 209, 40, 50, 3233, 209, - 144, 209, 209, 789, 788, 791, 3241, 226, 317, 537, - 538, 284, 431, 541, 542, 543, 364, 4012, 4013, 3325, - 3255, 345, 797, 431, 3259, 88, 778, 779, 33, 73, - 3265, 789, 197, 791, 4391, 4392, 41, 355, 3273, 363, - 355, 795, 317, 101, 15, 50, 370, 28, 5699, 30, - 789, 32, 791, 197, 5705, 99, 3362, 482, 3364, 3365, - 788, 3296, 3297, 3241, 3370, 741, 742, 789, 744, 791, - 746, 395, 3378, 209, 317, 294, 3382, 3255, 3384, 788, - 3981, 3259, 3321, 3322, 3323, 3324, 3325, 3326, 3327, 144, - 4828, 3330, 150, 788, 788, 4710, 33, 359, 789, 3334, - 791, 791, 4717, 317, 41, 788, 791, 317, 788, 317, - 317, 745, 789, 50, 791, 3350, 160, 145, 789, 789, - 791, 791, 789, 548, 789, 550, 745, 3366, 3367, 788, - 3369, 556, 3371, 3372, 3373, 3374, 3375, 3376, 3377, 788, - 3379, 403, 197, 405, 3383, 4502, 28, 789, 30, 791, - 32, 316, 4767, 197, 5068, 788, 209, 3392, 202, 789, - 204, 791, 73, 789, 227, 791, 788, 4153, 24, 25, - 4247, 390, 28, 789, 30, 791, 32, 3412, 3413, 3414, - 38, 317, 226, 3418, 789, 788, 791, 789, 2468, 789, - 788, 616, 4769, 789, 5151, 788, 788, 255, 606, 789, - 788, 791, 3123, 3124, 209, 5856, 269, 214, 18, 19, - 20, 788, 6429, 3233, 3392, 623, 214, 789, 789, 789, - 788, 791, 101, 788, 5875, 390, 214, 789, 789, 791, - 40, 214, 789, 495, 791, 660, 788, 788, 3159, 297, - 3418, 649, 789, 53, 3165, 300, 390, 789, 306, 791, - 294, 789, 789, 791, 791, 18, 19, 20, 316, 789, - 313, 791, 5234, 73, 317, 789, 5493, 791, 789, 788, - 791, 150, 209, 789, 332, 5502, 4701, 40, 789, 342, - 499, 788, 737, 545, 788, 693, 2566, 31, 789, 99, - 791, 22, 23, 24, 25, 26, 27, 28, 29, 30, - 31, 32, 47, 789, 4729, 791, 350, 788, 4733, 4174, - 15, 789, 317, 759, 789, 4740, 791, 24, 25, 26, - 789, 28, 791, 30, 789, 32, 789, 4684, 791, 788, - 592, 756, 4173, 15, 4175, 390, 501, 788, 796, 789, - 789, 5255, 767, 791, 789, 789, 390, 284, 788, 788, - 160, 788, 4117, 788, 417, 788, 5121, 501, 2088, 5097, - 789, 106, 390, 588, 788, 788, 204, 789, 788, 397, - 4382, 788, 788, 788, 57, 771, 255, 440, 788, 458, - 317, 788, 788, 204, 412, 788, 788, 197, 71, 788, - 73, 122, 202, 788, 204, 788, 2126, 160, 788, 119, - 788, 128, 789, 123, 467, 788, 434, 127, 788, 4174, - 788, 788, 788, 737, 788, 788, 226, 788, 297, 4288, - 788, 683, 788, 788, 503, 789, 788, 306, 789, 2159, - 4313, 789, 152, 33, 197, 788, 4313, 316, 788, 788, - 259, 41, 2172, 675, 789, 707, 501, 788, 168, 788, - 50, 788, 3846, 332, 174, 499, 621, 789, 788, 788, - 788, 788, 5575, 226, 464, 788, 2196, 2197, 788, 4313, - 791, 202, 796, 695, 127, 695, 788, 621, 2758, 681, - 789, 4382, 4247, 4352, 294, 71, 565, 207, 4469, 4470, - 4471, 4472, 4473, 4474, 4475, 4476, 4477, 4478, 788, 4480, - 4481, 4482, 4483, 4484, 4485, 4486, 4487, 788, 4489, 4490, - 96, 539, 4493, 4494, 789, 711, 788, 788, 3439, 788, - 265, 788, 267, 109, 552, 788, 33, 788, 128, 608, - 788, 294, 788, 278, 41, 788, 788, 2817, 4186, 125, - 350, 569, 788, 50, 4192, 514, 789, 4195, 4313, 294, - 3471, 2831, 4200, 4313, 143, 33, 433, 5678, 791, 5786, - 291, 426, 791, 41, 791, 586, 621, 364, 791, 155, - 127, 3806, 50, 293, 398, 789, 5548, 621, 791, 789, - 390, 789, 789, 706, 583, 791, 5558, 752, 771, 7, - 751, 2871, 2872, 621, 467, 467, 788, 762, 10, 662, - 791, 2881, 2882, 2883, 667, 33, 2886, 218, 752, 209, - 31, 136, 3847, 41, 4595, 151, 75, 297, 762, 4600, - 664, 128, 50, 65, 307, 308, 3861, 390, 3863, 127, - 412, 5792, 3871, 3868, 3869, 3, 3871, 5798, 5799, 3874, - 3875, 587, 751, 796, 33, 313, 431, 5458, 54, 235, - 128, 791, 41, 789, 127, 796, 120, 796, 426, 469, - 5574, 50, 345, 647, 53, 711, 337, 126, 789, 697, - 337, 651, 4749, 337, 4660, 730, 141, 510, 313, 742, - 363, 75, 565, 414, 712, 3863, 145, 370, 751, 499, - 128, 154, 771, 772, 773, 313, 788, 752, 3933, 3927, - 3928, 160, 209, 178, 795, 24, 25, 762, 81, 28, - 296, 30, 395, 32, 791, 796, 760, 317, 762, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - 788, 209, 126, 478, 762, 47, 499, 788, 2468, 81, - 431, 789, 789, 106, 3979, 340, 3981, 796, 33, 3984, - 3985, 145, 791, 119, 3993, 3990, 41, 123, 789, 218, - 789, 127, 789, 652, 789, 50, 160, 226, 4162, 127, - 6, 7, 127, 789, 147, 789, 789, 4012, 4013, 796, - 788, 209, 18, 167, 4019, 158, 152, 4093, 4094, 4095, - 136, 788, 288, 166, 5409, 5410, 5561, 5412, 5712, 791, - 791, 3979, 168, 797, 127, 147, 3984, 3985, 174, 73, - 317, 621, 4118, 4119, 778, 4121, 158, 53, 796, 122, - 209, 194, 127, 791, 166, 4732, 695, 413, 414, 53, - 778, 204, 226, 4104, 4012, 4013, 2566, 151, 494, 317, - 33, 207, 127, 3123, 3124, 81, 708, 455, 41, 4732, - 127, 791, 194, 695, 664, 4732, 284, 50, 621, 439, - 127, 581, 204, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 789, 788, 788, 250, 154, 3159, - 3, 791, 145, 119, 791, 3165, 151, 123, 4732, 317, - 218, 127, 240, 367, 5509, 514, 55, 1583, 1584, 202, - 136, 137, 514, 5260, 514, 278, 1592, 143, 250, 788, - 514, 147, 695, 364, 695, 6076, 152, 514, 154, 4154, - 514, 791, 158, 88, 209, 120, 681, 293, 317, 388, - 166, 288, 168, 47, 5906, 128, 278, 1623, 174, 1625, - 127, 686, 687, 688, 689, 4926, 678, 751, 600, 4177, - 760, 158, 762, 789, 1640, 1641, 1642, 4938, 194, 183, - 789, 1647, 1648, 122, 789, 211, 789, 4732, 204, 1655, - 3990, 207, 4732, 789, 158, 5740, 562, 563, 33, 72, - 145, 788, 75, 791, 4749, 796, 41, 65, 291, 720, - 137, 227, 723, 443, 388, 50, 252, 760, 53, 762, - 796, 397, 422, 669, 788, 484, 599, 4242, 484, 284, - 246, 791, 68, 4248, 250, 741, 209, 5974, 4324, 128, - 710, 33, 223, 259, 207, 204, 791, 791, 2758, 41, - 88, 788, 317, 126, 288, 4683, 129, 4685, 50, 4345, - 146, 53, 278, 202, 154, 776, 777, 4695, 653, 97, - 215, 42, 145, 789, 737, 789, 789, 293, 128, 431, - 789, 778, 227, 299, 300, 4713, 4973, 160, 5683, 789, - 5685, 5686, 19, 20, 789, 789, 789, 4725, 314, 777, - 316, 789, 81, 33, 788, 791, 789, 2817, 789, 789, - 4973, 41, 789, 4741, 4919, 789, 4973, 789, 4333, 788, - 50, 2831, 789, 789, 789, 5916, 72, 791, 789, 75, - 57, 414, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, 796, 317, 290, 4365, 390, 789, 4973, - 4365, 789, 291, 226, 397, 789, 791, 723, 789, 598, - 364, 2871, 2872, 4378, 40, 791, 4385, 4382, 147, 412, - 4385, 2881, 2882, 2883, 209, 791, 2886, 215, 4552, 158, - 126, 5057, 327, 129, 789, 789, 789, 166, 2898, 227, - 263, 434, 2902, 789, 788, 788, 218, 382, 128, 145, - 781, 6408, 788, 771, 4419, 6298, 410, 789, 595, 788, - 788, 3471, 788, 4428, 160, 194, 4117, 209, 6009, 31, - 31, 294, 4437, 4429, 598, 31, 4434, 791, 4973, 105, - 431, 131, 122, 4973, 128, 581, 791, 5042, 791, 312, - 796, 5370, 4574, 4458, 282, 796, 796, 463, 127, 4464, - 127, 791, 290, 4468, 508, 791, 791, 5386, 796, 791, - 789, 128, 617, 259, 6055, 789, 791, 6161, 407, 53, - 709, 250, 218, 4174, 5161, 414, 791, 4492, 100, 209, - 226, 791, 317, 771, 488, 47, 675, 791, 369, 327, - 791, 127, 580, 158, 158, 440, 539, 758, 5161, 278, - 4458, 81, 5165, 511, 5161, 4668, 443, 553, 5165, 552, - 4468, 788, 202, 123, 269, 388, 192, 263, 269, 561, - 661, 197, 467, 316, 4539, 317, 569, 269, 269, 269, - 204, 4546, 127, 771, 6427, 709, 788, 5161, 789, 771, - 300, 5165, 791, 771, 271, 771, 4247, 551, 294, 580, - 771, 771, 962, 4572, 771, 282, 232, 771, 771, 4574, - 771, 771, 4694, 567, 568, 581, 312, 147, 572, 573, - 574, 4703, 771, 741, 771, 771, 771, 771, 158, 168, - 771, 771, 791, 6335, 796, 34, 166, 317, 771, 771, - 771, 771, 771, 269, 771, 288, 771, 5526, 337, 288, - 1010, 291, 440, 6297, 763, 510, 791, 4622, 796, 396, - 154, 5298, 4313, 153, 194, 153, 5161, 4632, 796, 789, - 5165, 5161, 4637, 6168, 204, 5165, 789, 789, 795, 467, - 796, 4639, 789, 789, 65, 5298, 640, 720, 214, 788, - 723, 5298, 388, 777, 789, 796, 796, 777, 517, 3159, - 519, 520, 791, 789, 697, 3165, 789, 788, 342, 288, - 4668, 606, 4668, 704, 288, 534, 588, 536, 4668, 712, - 250, 242, 128, 128, 5298, 796, 796, 1087, 788, 4694, - 496, 788, 233, 30, 777, 771, 788, 5292, 4703, 693, - 6281, 5296, 5297, 420, 549, 5358, 204, 788, 278, 337, - 740, 5358, 6396, 648, 126, 204, 204, 434, 50, 436, - 288, 158, 4727, 6407, 390, 158, 719, 407, 791, 789, - 300, 6415, 667, 31, 414, 598, 402, 412, 31, 6423, - 412, 31, 5395, 53, 5358, 241, 284, 788, 5395, 788, - 788, 468, 758, 246, 127, 472, 778, 588, 778, 143, - 789, 474, 95, 5298, 481, 771, 791, 6302, 5298, 796, - 629, 630, 795, 788, 788, 788, 155, 155, 789, 789, - 715, 5395, 4904, 789, 789, 791, 789, 796, 794, 795, - 1190, 720, 788, 207, 723, 153, 791, 514, 788, 791, - 789, 789, 789, 732, 789, 789, 789, 742, 5727, 789, - 789, 65, 788, 771, 788, 532, 751, 128, 4940, 31, - 4825, 31, 233, 5358, 2280, 684, 685, 2283, 5358, 791, - 789, 791, 315, 788, 662, 5370, 502, 788, 233, 667, - 771, 791, 4632, 2299, 741, 204, 709, 558, 412, 788, - 788, 5386, 4928, 4929, 4930, 4931, 300, 300, 4934, 4935, - 5395, 4866, 598, 4939, 2320, 5395, 4942, 4865, 788, 4945, - 4875, 382, 4948, 53, 789, 4865, 4952, 4953, 791, 31, - 791, 209, 288, 450, 92, 93, 94, 95, 53, 4898, - 4899, 4900, 443, 610, 131, 252, 506, 788, 225, 4904, - 617, 395, 4907, 788, 4909, 5060, 572, 580, 127, 127, - 627, 30, 789, 257, 742, 65, 168, 789, 316, 4924, - 789, 4962, 508, 751, 641, 647, 207, 4936, 4937, 791, - 138, 139, 140, 65, 789, 4940, 789, 4946, 351, 3439, - 791, 169, 218, 789, 5050, 5051, 789, 5053, 665, 316, - 4959, 789, 5058, 789, 4959, 5061, 4961, 674, 5064, 5065, - 677, 791, 771, 174, 451, 788, 5072, 771, 5074, 771, - 791, 3471, 762, 709, 167, 749, 4924, 5083, 695, 4988, - 4985, 1381, 190, 191, 1384, 218, 422, 88, 422, 204, - 6375, 5526, 53, 789, 711, 645, 681, 300, 5593, 300, - 170, 788, 319, 30, 296, 30, 597, 388, 65, 726, - 159, 218, 218, 218, 218, 712, 159, 218, 712, 218, - 596, 218, 218, 218, 607, 204, 204, 390, 129, 5151, - 489, 128, 588, 443, 316, 5111, 5041, 5113, 204, 5115, - 720, 4732, 154, 723, 145, 311, 254, 311, 580, 5054, - 5055, 5056, 732, 99, 238, 57, 789, 5052, 4749, 617, - 788, 5066, 789, 5068, 789, 789, 155, 4117, 791, 553, - 5075, 5076, 5067, 789, 789, 789, 5081, 502, 71, 5998, - 789, 789, 5077, 5088, 791, 65, 789, 789, 5093, 5084, - 410, 5086, 5087, 5102, 789, 791, 796, 789, 791, 50, - 788, 788, 788, 5108, 658, 251, 431, 796, 5056, 53, - 318, 789, 31, 382, 117, 65, 65, 788, 788, 65, - 6247, 450, 1522, 788, 4174, 30, 335, 5075, 5126, 749, - 141, 160, 5137, 749, 226, 394, 5126, 674, 5673, 426, - 316, 127, 428, 5184, 282, 796, 5151, 771, 127, 30, - 791, 789, 5228, 553, 449, 789, 789, 692, 788, 791, - 5813, 423, 263, 587, 789, 788, 5813, 788, 160, 160, - 5921, 5922, 251, 5924, 5925, 5926, 5927, 788, 237, 5184, - 789, 282, 788, 5188, 53, 789, 791, 105, 580, 65, - 788, 65, 5727, 294, 65, 789, 795, 4247, 795, 5813, - 795, 1601, 791, 31, 127, 288, 127, 415, 160, 791, - 5975, 312, 415, 316, 288, 30, 789, 1617, 1618, 791, - 366, 465, 588, 653, 789, 605, 789, 789, 374, 605, - 444, 788, 371, 788, 300, 788, 796, 796, 5243, 789, - 788, 342, 72, 389, 580, 6, 204, 796, 795, 6014, - 5255, 5256, 796, 399, 400, 401, 796, 796, 5263, 580, - 796, 120, 795, 409, 120, 796, 789, 796, 282, 5274, - 796, 796, 5277, 5278, 482, 796, 796, 5282, 5813, 796, - 796, 5286, 4973, 5813, 796, 73, 796, 366, 288, 5294, - 288, 6418, 5301, 288, 5299, 374, 692, 282, 6049, 588, - 72, 6052, 72, 65, 796, 65, 788, 788, 5317, 6060, - 389, 160, 6063, 50, 5436, 789, 417, 703, 30, 718, - 399, 400, 401, 791, 791, 788, 18, 789, 219, 580, - 409, 791, 5438, 580, 144, 99, 99, 432, 218, 588, - 548, 297, 550, 588, 653, 422, 788, 1747, 556, 422, - 788, 791, 434, 788, 1754, 5396, 5361, 789, 6123, 181, - 789, 788, 788, 160, 709, 160, 749, 202, 297, 343, - 6036, 5376, 99, 5378, 53, 154, 796, 796, 704, 204, - 789, 788, 5423, 788, 5425, 789, 788, 788, 430, 745, - 199, 593, 426, 796, 788, 1795, 6, 788, 744, 796, - 5405, 547, 5407, 208, 744, 174, 788, 342, 616, 796, - 127, 788, 589, 559, 789, 789, 219, 789, 788, 252, - 791, 484, 791, 336, 5429, 5430, 5431, 5432, 796, 5424, - 204, 5436, 5437, 204, 5439, 789, 789, 789, 204, 5444, - 5445, 65, 789, 5448, 297, 101, 112, 204, 5453, 5454, - 204, 116, 660, 143, 436, 5460, 5461, 30, 5463, 653, - 259, 791, 3111, 5998, 5999, 788, 5471, 3385, 547, 5115, - 5161, 33, 5113, 2587, 5165, 5111, 3229, 5797, 4081, 41, - 559, 5830, 5375, 5994, 6227, 768, 766, 766, 50, 1433, - 5832, 5361, 5759, 5161, 5513, 4973, 5755, 5535, 5503, 4745, - 1753, 669, 6421, 3189, 3408, 4447, 3464, 831, 5513, 2085, - 4247, 2195, 5643, 659, 5642, 5520, 5353, 2196, 4621, 2197, - 4103, 1921, 5452, 4374, 5239, 4378, 4825, 2434, 6043, 6163, - 92, 93, 94, 95, 5561, 6302, 6260, 5559, 5929, 1421, - 2722, 4616, 5049, 5819, 4622, 5093, 714, 648, 756, 5426, - 5286, 4918, 6284, 6113, 700, 5503, 6123, 6014, 3439, 767, - 6007, 662, 6007, 19, 20, 644, 667, 6007, 714, 5574, - 6007, 4310, 4193, 3306, 5751, 4057, 138, 139, 140, 5584, - 659, 4263, 4238, 5983, 5589, 6036, 4692, 5181, 3809, 4341, - 4344, 5596, 5597, 4336, 6308, 89, 5601, 5602, 89, 6278, - 5804, 57, 3221, 6279, 6068, 6084, 6080, 5298, 5696, 4717, - 5422, 5420, 4621, 1442, 715, 3982, 5090, 4117, 1528, 3209, - 2020, 700, 2022, 5880, 1945, 3204, 2750, 6032, 190, 191, - 5700, 3059, 2576, 2102, 5639, 714, 3418, 4180, 2840, 135, - 1408, 742, 3019, 5648, 5642, 774, 3154, 209, 5653, 5597, - 1355, 1173, 1395, 3288, 4666, 5667, 4365, 3068, 2967, 2970, - 3846, 1607, 3036, 5668, 1743, 5829, 3037, 5358, 1687, 3756, - 4768, 1618, 5677, 6234, 4174, 6006, 6341, 1586, 6340, 5370, - 1996, 2001, 4732, 5117, 4659, 1353, 5894, 4875, 5895, 1991, - 1353, 1353, 254, 1353, 5699, 5386, 1592, 1353, 3832, 4749, - 5705, 2701, 5707, 4546, 5395, 2017, 3275, 5712, 4545, 3830, - 5234, 5906, 5712, 4852, 5755, 5230, 5721, 3291, 4769, 3284, - 5251, 4660, 780, 4062, 2694, 1386, 4324, 5732, 5733, 4552, - 4063, 107, 1466, 89, 1416, 2108, 698, 2833, 4177, 1263, - 4434, 2161, 3318, 5574, 4897, 4421, 5868, 4247, 4419, 6297, - 5755, 845, 1826, 846, 5759, 317, 318, 2547, 689, 689, - 2548, 3146, 1411, 689, 2604, 4183, 5639, 5266, 1533, 6300, - 5004, 5812, 5777, 1934, 6346, 5816, 966, 6415, 6423, 5416, - 6335, 2679, 2567, 5788, 2830, 5255, 3123, 688, 5793, 2201, - 3124, 2886, 2480, 688, 962, 3125, 5801, 3120, 5803, 3880, - 3116, 3115, 1965, 1188, 2204, 1154, 4092, 686, 2744, 1765, - 978, 1521, 5817, 4313, 982, 271, 2177, 1521, 5823, 4574, - 3064, 4104, 3224, 4672, 5499, 727, 1296, 113, 89, 89, - 89, 3996, 2659, 4174, 930, 5526, 6134, 1005, 5843, 4979, - 3465, 2198, 1010, 4989, 4979, 4975, 4974, 1015, -1, -1, - -1, 5856, 5974, 415, -1, -1, -1, -1, -1, -1, - -1, 5866, -1, 5868, -1, -1, -1, -1, -1, 5874, - 5875, 5876, -1, -1, -1, -1, -1, 5872, 2278, 2279, - -1, -1, -1, -1, -1, -1, 6421, -1, -1, 5894, - 5895, -1, -1, -1, -1, -1, 5901, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 1081, 1082, 1083, 1084, -1, 5866, 1087, - 482, -1, -1, 4973, -1, 5966, 1094, -1, 5876, -1, - -1, -1, -1, -1, 6056, 5940, -1, -1, -1, -1, - 5945, -1, 5983, -1, -1, -1, 5951, -1, -1, -1, - -1, -1, 5961, -1, -1, -1, -1, -1, -1, -1, - -1, 2361, -1, -1, 420, -1, -1, -1, -1, 5974, - -1, -1, -1, -1, 2374, -1, -1, -1, 434, -1, - 436, -1, 5673, -1, -1, 5990, 548, 5992, 550, -1, - -1, -1, -1, -1, 556, -1, 6001, -1, -1, -1, - -1, 6006, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 468, -1, -1, -1, 472, -1, -1, -1, - -1, -1, 1190, -1, -1, 481, -1, 6032, -1, -1, - -1, -1, -1, -1, -1, -1, 5727, -1, 6043, -1, - -1, 6050, 6051, -1, -1, -1, -1, -1, -1, -1, - -1, 6056, 6113, 6062, 616, -1, -1, -1, 514, -1, - -1, 6183, -1, -1, 2464, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 532, -1, -1, -1, - 2480, -1, -1, 6088, -1, -1, -1, -1, -1, 6130, - -1, -1, 6097, -1, 6099, 6100, -1, -1, 660, -1, - -1, -1, -1, -1, -1, -1, -1, 1275, -1, -1, - 6186, 5161, -1, -1, -1, 6113, -1, 6113, -1, -1, - -1, 6126, 5813, 6128, 6288, -1, -1, -1, -1, -1, - -1, -1, 6137, -1, -1, -1, 6258, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 610, -1, 6161, -1, -1, -1, - -1, 617, -1, 6172, -1, -1, 6175, -1, 2568, -1, - -1, 627, -1, -1, -1, -1, -1, -1, 6183, -1, - 6128, -1, -1, -1, -1, 641, -1, 6228, -1, -1, - -1, -1, -1, -1, 756, -1, 6201, 6202, -1, -1, - 6205, -1, -1, -1, -1, 767, -1, 6212, 2608, 665, - -1, -1, -1, 1381, -1, -1, 1384, -1, 674, 6224, - -1, 677, -1, -1, -1, -1, -1, 6232, -1, -1, - -1, -1, 4732, -1, -1, -1, -1, -1, -1, 695, - -1, -1, 6283, 6284, -1, -1, -1, -1, 5298, 4749, - -1, -1, -1, 6258, -1, -1, -1, -1, -1, -1, - 6424, -1, -1, -1, -1, -1, -1, 6272, -1, -1, - 726, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6402, -1, 6287, 6324, -1, -1, 6291, 1455, -1, 6411, - -1, -1, 6297, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5998, 5999, -1, - -1, 2711, -1, 2713, 2714, 2715, -1, -1, -1, -1, - 5370, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5386, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 1522, -1, -1, -1, -1, -1, - -1, -1, -1, 1531, -1, 1533, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6396, -1, -1, -1, -1, -1, 6402, -1, -1, - -1, -1, 6407, -1, -1, -1, 6411, -1, -1, -1, - 6415, 1579, 1580, -1, -1, -1, -1, 1585, 6423, -1, - -1, 1589, 1590, 1591, -1, -1, -1, -1, -1, -1, - 2830, 1599, 1600, 1601, -1, -1, -1, 1605, -1, -1, - -1, 1609, 1610, 1611, -1, 1613, 1614, 1615, -1, 1617, - 1618, -1, -1, -1, -1, -1, 1624, -1, 1626, -1, - -1, 1629, 1630, 1631, 1632, -1, 1634, -1, 1636, 1637, - -1, -1, -1, 4973, -1, -1, 5526, -1, -1, -1, - -1, -1, 1650, 1651, 1652, 1653, 1654, -1, 1656, 1657, - 1658, 1659, 1660, 1661, -1, 1663, 1664, -1, 1666, 1667, - -1, 1669, 1670, -1, -1, 1673, 1674, -1, 1676, 1677, - -1, -1, 1680, -1, 1682, -1, -1, -1, 1686, 1687, - 1688, -1, -1, 1691, 1692, 1693, 1694, -1, 1696, -1, - -1, -1, -1, -1, -1, 1703, -1, -1, -1, -1, - -1, 1709, 1710, 1711, 1712, -1, -1, -1, -1, -1, - -1, -1, 1720, 1721, -1, 1723, 1724, -1, -1, 1727, - 1728, 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, 1737, - 1738, 1739, 6, 7, 1742, -1, -1, -1, -1, 1747, - -1, -1, -1, -1, 18, -1, 1754, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 1777, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 53, - -1, -1, -1, 5673, -1, -1, -1, 1795, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3039, - -1, -1, -1, -1, -1, -1, -1, 81, -1, -1, - -1, -1, -1, -1, -1, -1, 3056, -1, -1, -1, - -1, 5161, -1, -1, -1, 5165, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5727, -1, -1, - -1, -1, -1, -1, -1, 119, -1, -1, -1, 123, - -1, -1, -1, 127, -1, -1, -1, -1, -1, -1, - -1, -1, 136, 137, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 147, -1, -1, -1, -1, 152, -1, - 154, -1, -1, -1, 158, 3125, 1894, -1, 1896, -1, - 6421, -1, 166, -1, 168, 6, 7, -1, -1, -1, - 174, -1, -1, -1, -1, -1, -1, 18, 19, 20, - -1, -1, -1, 1921, -1, -1, -1, -1, -1, 1927, - 194, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 204, -1, -1, 207, -1, 46, -1, 48, 49, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3188, 3189, - -1, -1, -1, 227, -1, -1, -1, -1, 5298, 70, - -1, 72, -1, -1, -1, -1, -1, 78, -1, -1, - -1, -1, 246, -1, -1, -1, 250, -1, -1, -1, - -1, -1, -1, -1, -1, 259, -1, -1, 99, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 110, - -1, -1, -1, -1, 278, -1, 2014, -1, -1, -1, - -1, -1, 2020, -1, 2022, -1, -1, -1, 5358, 293, - -1, -1, -1, -1, -1, -1, 300, -1, -1, -1, - 5370, -1, -1, -1, 145, -1, -1, -1, -1, -1, - 314, -1, 316, -1, 3284, -1, 5386, -1, -1, -1, - -1, -1, -1, -1, -1, 5395, -1, -1, -1, -1, - -1, -1, -1, 174, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 2082, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, - -1, -1, -1, -1, 205, -1, 207, -1, -1, -1, - -1, -1, -1, -1, -1, 216, -1, 218, 5998, 5999, - -1, -1, -1, 47, -1, 49, -1, -1, -1, -1, - -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, - 241, -1, -1, -1, -1, -1, -1, 71, -1, -1, - -1, -1, -1, -1, -1, 79, 80, -1, -1, -1, - -1, -1, -1, -1, 2162, 89, 3396, -1, -1, -1, - -1, -1, 273, 274, 275, -1, -1, -1, -1, 103, - 104, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 293, -1, -1, -1, 5526, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2204, 2205, -1, -1, - -1, -1, -1, -1, -1, 2213, 2214, -1, -1, -1, - -1, 145, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 159, -1, -1, -1, -1, - -1, 342, -1, -1, -1, -1, -1, -1, -1, 350, - -1, 352, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 2267, - -1, 372, -1, -1, -1, -1, -1, -1, 379, -1, - 2278, 2279, -1, -1, -1, -1, -1, -1, -1, 390, - -1, 215, -1, -1, -1, -1, 397, -1, -1, -1, - -1, -1, -1, 227, -1, -1, -1, -1, -1, -1, - -1, 412, -1, 2311, 2312, 2313, -1, 581, 419, -1, - -1, -1, 423, 424, -1, -1, -1, -1, -1, 430, - -1, -1, -1, 434, -1, -1, -1, -1, -1, -1, - -1, 442, -1, 5673, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 282, -1, - -1, -1, 463, 2361, -1, -1, -1, -1, -1, -1, - 108, -1, -1, 2371, -1, -1, 2374, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 487, -1, -1, -1, - 491, 2389, -1, -1, -1, 2393, 2394, 5727, 2396, 2397, - 501, -1, -1, 327, 142, -1, -1, 2405, -1, 2407, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 348, -1, 669, -1, -1, -1, - -1, -1, -1, 357, -1, -1, -1, -1, 539, -1, - 2438, -1, 180, -1, -1, -1, 370, -1, -1, -1, - -1, 552, -1, 554, -1, -1, -1, 381, -1, -1, - -1, -1, -1, -1, -1, -1, 2464, -1, -1, -1, - -1, 714, -1, -1, -1, -1, -1, -1, -1, -1, - 404, -1, 2480, 5813, -1, -1, -1, -1, -1, -1, - 591, -1, -1, -1, 758, -1, 597, -1, -1, -1, - -1, -1, 2500, -1, -1, -1, -1, 771, -1, 433, - 434, -1, -1, 437, -1, 439, -1, -1, -1, 2517, - 621, 622, -1, -1, -1, 789, -1, 791, -1, -1, - 794, 795, 633, 634, 635, -1, 3766, -1, -1, -1, - -1, 6421, 466, 467, -1, -1, -1, -1, 472, 473, - -1, -1, -1, -1, 655, -1, 2554, -1, -1, -1, - -1, 662, -1, 2561, -1, 489, -1, -1, -1, -1, - 2568, -1, -1, -1, -1, 3805, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 510, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 697, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 532, -1, - 2608, 712, 713, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 725, -1, -1, -1, 729, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3873, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 762, 586, -1, -1, -1, 2664, -1, 5998, 5999, - -1, -1, -1, -1, -1, -1, -1, 601, -1, -1, - -1, -1, -1, -1, -1, -1, 610, -1, -1, 613, - 614, -1, -1, -1, 795, -1, -1, -1, -1, -1, - 2698, -1, -1, -1, 628, -1, -1, -1, -1, -1, - -1, -1, -1, 2711, -1, 2713, 2714, 2715, -1, 2717, - -1, -1, -1, 2721, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 978, -1, -1, -1, 982, - -1, 665, -1, -1, -1, -1, -1, 485, -1, -1, - 674, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 1005, -1, -1, -1, -1, -1, -1, -1, - -1, 695, 1015, 697, -1, -1, -1, 515, 516, -1, - 518, 519, 520, 521, 522, -1, 524, 525, 526, 527, - 528, 529, 530, 531, -1, 533, 534, 535, 536, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4041, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 748, -1, -1, -1, -1, -1, - -1, 755, 2830, -1, -1, -1, -1, -1, 1081, 1082, - 1083, 1084, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 1094, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 2887, - -1, 629, 630, 2891, -1, -1, 2894, -1, -1, -1, - -1, -1, -1, -1, -1, 2903, -1, -1, -1, -1, - -1, -1, -1, -1, 2912, -1, 2914, 2915, -1, 2917, - 2918, 2919, 2920, -1, 2922, -1, 2924, 2925, -1, 2927, - -1, -1, -1, -1, -1, -1, -1, 2935, 2936, -1, - -1, -1, 2940, 2941, 2942, -1, -1, -1, -1, 18, - 19, 20, 2950, 2951, 2952, -1, 2954, -1, 2956, -1, - 2958, -1, 2960, -1, 2962, -1, -1, -1, -1, 2967, - 2968, -1, 2970, 2971, 2972, -1, -1, -1, 2976, -1, - -1, 2979, -1, -1, -1, -1, -1, -1, -1, -1, - 2988, -1, -1, 2991, -1, 2993, 2994, 2995, -1, -1, - 2998, -1, 71, -1, 73, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3020, -1, 3022, -1, -1, 3025, -1, -1, - 99, -1, 1275, -1, -1, -1, -1, 3035, 3036, 3037, - 3038, 3039, 3040, -1, -1, -1, -1, 3045, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3056, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 145, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6421, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 3105, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 3125, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 216, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 3158, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 3179, -1, -1, -1, -1, -1, -1, -1, -1, - 3188, 3189, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 273, 274, 275, -1, -1, -1, - -1, -1, 1455, -1, -1, -1, -1, 4447, -1, -1, - -1, -1, -1, -1, 293, -1, -1, -1, -1, -1, + 5, 165, 0, 44, 0, 1634, 1741, 68, 163, 0, + 770, 688, 689, 1754, 1896, 173, 2062, 1922, 800, 0, + 2560, 26, 1413, 800, 1243, 30, 1690, 22, 0, 2568, + 35, 1948, 928, 38, 1612, 3219, 45, 775, 1603, 688, + 162, 688, 780, 688, 782, 714, 51, 1947, 1550, 2113, + 667, 160, 57, 688, 1378, 2517, 61, 52, 1185, 2573, + 1187, 1188, 2717, 58, 978, 3296, 683, 3403, 1195, 2580, + 68, 1673, 1597, 1149, 2033, 4018, 2871, 4103, 914, 2489, + 916, 4103, 918, 919, 3265, 656, 3290, 3139, 4002, 925, + 1692, 1381, 1010, 688, 1384, 3093, 4511, 4096, 1727, 1728, + 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, 1737, 1738, + 1739, 2899, 1519, 2901, 3523, 686, 3297, 3279, 1643, 124, + 656, 633, 3523, 2882, 2883, 1870, 1812, 1813, 3069, 3070, + 731, 1353, 2578, 734, 2647, 31, 4527, 135, 2902, 2686, + 1309, 1372, 4141, 2898, 135, 1421, 1470, 2902, 3998, 667, + 686, 156, 157, 2758, 2677, 160, 1754, 162, 3188, 173, + 3264, 1384, 688, 135, 2052, 683, 173, 1081, 1082, 1083, + 688, 2081, 2189, 124, 173, 173, 124, 173, 1421, 4960, + 1094, 4631, 173, 695, 173, 1819, 3987, 173, 3352, 2676, + 2677, 1712, 4746, 3729, 4588, 4588, 4103, 3968, 2103, 1720, + 1721, 173, 1723, 1724, 5278, 1839, 28, 4539, 5279, 838, + 4193, 4194, 4588, 4196, 3155, 5243, 3724, 794, 4201, 12, + 3048, 3729, 6, 7, 4207, 47, 4589, 3235, 4591, 1863, + 1864, 4594, 15, 1919, 4737, 15, 6, 7, 6, 7, + 16, 17, 31, 31, 31, 4608, 6, 7, 47, 3986, + 3987, 4640, 6, 7, 42, 1151, 6, 7, 3319, 6, + 7, 51, 53, 24, 25, 26, 1997, 28, 3536, 30, + 67, 32, 3489, 4433, 2797, 47, 89, 80, 6, 7, + 1449, 33, 60, 2200, 3501, 4255, 89, 31, 26, 41, + 782, 3344, 65, 11, 12, 4265, 26, 63, 50, 26, + 3709, 1245, 4272, 53, 47, 754, 204, 756, 127, 42, + 2797, 760, 761, 71, 104, 827, 3368, 127, 31, 183, + 204, 3730, 781, 31, 245, 53, 54, 26, 26, 99, + 4265, 33, 24, 25, 26, 31, 28, 4272, 30, 41, + 32, 24, 25, 26, 33, 28, 5299, 30, 50, 32, + 172, 14, 41, 26, 47, 168, 204, 243, 204, 143, + 14, 50, 300, 123, 42, 42, 4103, 42, 204, 300, + 2884, 5189, 127, 128, 311, 33, 123, 204, 42, 1881, + 43, 44, 207, 41, 204, 33, 4500, 65, 31, 43, + 44, 14, 50, 41, 2840, 53, 914, 282, 916, 127, + 918, 919, 50, 255, 160, 42, 1482, 925, 168, 3407, + 928, 42, 14, 42, 33, 143, 269, 143, 26, 931, + 53, 168, 41, 31, 300, 57, 128, 316, 282, 4153, + 26, 50, 2608, 119, 2140, 26, 5626, 1513, 1222, 42, + 168, 43, 44, 316, 107, 97, 72, 14, 245, 122, + 127, 316, 4969, 107, 306, 116, 1881, 209, 174, 4976, + 1244, 42, 255, 53, 3462, 26, 152, 53, 42, 26, + 439, 99, 2807, 183, 335, 308, 43, 44, 311, 207, + 26, 382, 408, 638, 107, 397, 4922, 642, 151, 644, + 218, 646, 647, 4514, 649, 650, 651, 151, 143, 4986, + 179, 5461, 114, 99, 6005, 107, 50, 209, 99, 3726, + 5056, 5585, 316, 306, 42, 67, 33, 766, 246, 40, + 209, 316, 179, 316, 41, 101, 5813, 682, 194, 53, + 193, 101, 300, 50, 656, 2452, 5082, 255, 99, 193, + 107, 259, 99, 316, 425, 145, 179, 462, 332, 96, + 653, 209, 179, 99, 314, 33, 341, 143, 458, 1966, + 1951, 209, 120, 41, 686, 317, 815, 314, 141, 268, + 193, 299, 50, 47, 50, 227, 170, 730, 47, 295, + 150, 736, 737, 316, 33, 707, 314, 345, 306, 47, + 209, 193, 41, 1353, 33, 4984, 3, 33, 316, 721, + 233, 50, 41, 503, 47, 41, 233, 293, 155, 51, + 532, 50, 370, 1114, 50, 317, 730, 5845, 291, 47, + 390, 145, 33, 272, 31, 634, 193, 33, 317, 209, + 41, 5185, 106, 1151, 283, 41, 160, 106, 1239, 50, + 1241, 1270, 1769, 796, 50, 1146, 572, 4464, 106, 2549, + 655, 656, 300, 226, 299, 4598, 5884, 1784, 252, 317, + 1437, 219, 104, 106, 545, 1579, 1580, 31, 5171, 317, + 99, 4981, 572, 259, 788, 680, 197, 1415, 106, 2561, + 5967, 686, 467, 1601, 3439, 788, 288, 1763, 235, 101, + 605, 395, 209, 245, 816, 361, 701, 2199, 317, 3109, + 1618, 313, 707, 858, 859, 617, 158, 2990, 3255, 4616, + 300, 300, 3259, 299, 723, 720, 721, 396, 5264, 4702, + 476, 297, 731, 3246, 153, 734, 695, 297, 3868, 3869, + 2020, 209, 854, 4703, 1810, 463, 597, 6238, 150, 365, + 5700, 850, 1519, 852, 288, 122, 2705, 4730, 753, 33, + 676, 4734, 2798, 2459, 2460, 4263, 255, 41, 4741, 3246, + 209, 418, 390, 4500, 288, 770, 50, 1989, 4703, 4739, + 209, 395, 720, 209, 2199, 436, 2052, 4186, 2000, 4188, + 584, 4190, 787, 781, 33, 681, 2691, 4188, 4197, 4190, + 2368, 2369, 41, 6294, 143, 800, 4197, 2020, 209, 3851, + 317, 50, 4211, 209, 4739, 4622, 4215, 306, 662, 2052, + 3272, 816, 412, 635, 4215, 467, 4225, 316, 463, 6009, + 825, 581, 770, 218, 4225, 202, 711, 4797, 1742, 2746, + 179, 1460, 654, 838, 581, 3999, 1754, 282, 481, 317, + 845, 551, 847, 255, 4958, 850, 668, 852, 3388, 854, + 508, 788, 857, 791, 1483, 5291, 3139, 647, 796, 585, + 791, 5814, 4797, 5366, 388, 796, 751, 2608, 317, 691, + 791, 760, 2393, 2394, 136, 2396, 2397, 463, 317, 4616, + 3056, 317, 923, 1332, 510, 297, 1335, 788, 2788, 597, + 1339, 1340, 1341, 791, 306, 1344, 1345, 373, 751, 2816, + 532, 597, 674, 3844, 316, 791, 317, 791, 913, 1480, + 915, 317, 808, 789, 291, 791, 2550, 1861, 791, 924, + 332, 1590, 927, 1415, 788, 209, 791, 3988, 706, 695, + 2099, 674, 930, 33, 930, 940, 788, 4661, 1456, 930, + 1569, 41, 5760, 791, 3885, 791, 3887, 3888, 751, 1408, + 50, 4972, 724, 2684, 2685, 791, 769, 853, 930, 855, + 209, 33, 1722, 796, 791, 913, 791, 4184, 4185, 41, + 4238, 791, 791, 3419, 5134, 691, 667, 750, 50, 737, + 771, 791, 1764, 771, 14, 4202, 776, 1764, 3996, 788, + 6018, 4208, 683, 320, 791, 788, 791, 688, 1667, 788, + 4217, 788, 4219, 4220, 4221, 788, 4223, 4224, 788, 5512, + 2608, 795, 5401, 43, 44, 791, 4233, 4234, 4235, 4236, + 4237, 771, 498, 1084, 6098, 795, 6100, 795, 789, 1541, + 6101, 3859, 1816, 317, 1818, 795, 791, 1821, 771, 777, + 1552, 795, 794, 771, 788, 795, 4099, 777, 795, 1833, + 777, 789, 1836, 791, 1176, 1837, 1840, 2802, 3393, 789, + 1837, 791, 789, 1185, 791, 5091, 1188, 795, 317, 5091, + 788, 1193, 5466, 5466, 5406, 788, 5408, 107, 777, 777, + 5390, 1086, 1866, 1867, 1868, 3368, 1084, 2163, 1084, 791, + 5466, 33, 796, 771, 771, 788, 771, 789, 3381, 41, + 789, 1350, 1224, 789, 777, 5468, 789, 771, 50, 209, + 1870, 774, 775, 776, 777, 778, 779, 780, 781, 1796, + 774, 775, 776, 777, 778, 779, 780, 781, 6202, 6203, + 763, 4902, 796, 791, 771, 564, 763, 209, 771, 6213, + 771, 730, 771, 791, 1149, 407, 5663, 1796, 5665, 1796, + 252, 1796, 699, 776, 777, 778, 779, 780, 781, 796, + 4961, 1796, 5649, 193, 788, 796, 766, 796, 771, 777, + 789, 1176, 774, 775, 776, 777, 778, 779, 780, 781, + 1185, 777, 5669, 1188, 5091, 771, 777, 33, 1193, 1966, + 771, 643, 2088, 796, 233, 41, 67, 771, 6426, 6273, + 1771, 1796, 5756, 5400, 50, 647, 5656, 774, 775, 776, + 777, 778, 779, 780, 781, 796, 777, 317, 582, 1224, + 777, 4958, 796, 914, 4961, 916, 702, 918, 919, 1989, + 1239, 777, 1241, 597, 925, 1771, 282, 928, 633, 143, + 2000, 2001, 4382, 771, 1285, 317, 240, 771, 1760, 5440, + 131, 169, 1374, 1411, 282, 282, 4792, 1262, 1209, 1264, + 4796, 47, 296, 99, 1269, 1270, 711, 209, 796, 618, + 1796, 40, 789, 6054, 6055, 179, 391, 5094, 1796, 57, + 437, 1286, 3182, 1438, 4792, 319, 123, 316, 4796, 788, + 1295, 212, 1353, 71, 174, 73, 99, 3179, 2927, 1250, + 33, 1930, 1311, 233, 1309, 1310, 751, 3207, 41, 394, + 572, 1912, 230, 791, 5674, 3056, 1264, 50, 4422, 54, + 160, 1269, 586, 40, 458, 1330, 99, 2546, 475, 3217, + 75, 168, 1933, 71, 167, 73, 1445, 380, 452, 657, + 4544, 198, 791, 4547, 2471, 5359, 127, 47, 1353, 1354, + 789, 1800, 791, 789, 5091, 1353, 71, 1353, 1480, 373, + 2278, 2488, 739, 209, 4528, 2492, 236, 2643, 695, 1374, + 4025, 230, 2448, 2449, 245, 317, 788, 4786, 789, 2056, + 791, 1520, 5396, 789, 4039, 4786, 4548, 1392, 259, 174, + 3930, 40, 5295, 252, 1965, 74, 791, 1411, 2474, 202, + 2643, 776, 777, 380, 1411, 1353, 106, 86, 1413, 1414, + 1408, 1420, 1411, 1411, 2821, 1411, 3045, 4447, 233, 1424, + 1411, 2711, 1411, 2713, 2714, 1411, 375, 107, 197, 202, + 1435, 565, 1437, 3035, 3036, 3037, 3038, 1333, 1334, 1411, + 1445, 1446, 380, 2665, 1449, 3355, 2722, 3464, 1570, 2671, + 198, 3029, 3030, 4394, 3019, 1460, 1278, 719, 3056, 1464, + 1151, 1466, 342, 227, 5661, 4012, 4013, 1289, 380, 3879, + 5287, 317, 1477, 122, 2051, 1480, 209, 1482, 1483, 2722, + 197, 314, 4423, 3400, 498, 4008, 4009, 1435, 2711, 3899, + 2713, 2714, 237, 3903, 33, 2124, 2125, 382, 1446, 3020, + 33, 3022, 41, 54, 618, 789, 427, 791, 1513, 2126, + 295, 50, 4117, 193, 1519, 3149, 1464, 50, 1466, 1968, + 1969, 4008, 4009, 2172, 71, 2172, 3051, 2172, 1977, 1978, + 1979, 5722, 796, 680, 282, 5385, 5386, 367, 1543, 5509, + 789, 5511, 2159, 35, 36, 37, 337, 39, 197, 4313, + 1611, 653, 33, 202, 33, 584, 143, 393, 4313, 395, + 41, 123, 41, 431, 1569, 1570, 496, 345, 3851, 50, + 2088, 50, 2084, 658, 5509, 479, 5511, 2172, 572, 2196, + 2197, 2750, 5997, 532, 317, 363, 28, 368, 30, 99, + 32, 509, 370, 429, 33, 33, 382, 636, 755, 71, + 42, 73, 41, 41, 339, 1603, 168, 5998, 2126, 4550, + 2841, 50, 50, 1611, 5431, 1611, 5433, 395, 733, 1741, + 3249, 5438, 233, 459, 663, 5608, 1765, 99, 5445, 5446, + 179, 33, 370, 436, 662, 2395, 476, 671, 5455, 41, + 6000, 2159, 291, 5840, 5461, 207, 2172, 3392, 50, 1771, + 5944, 5945, 695, 510, 2172, 370, 537, 538, 4171, 4172, + 541, 542, 543, 1668, 156, 711, 57, 1672, 2180, 438, + 209, 452, 227, 454, 1679, 1716, 2188, 791, 2196, 2197, + 71, 496, 73, 711, 711, 1690, 2198, 1809, 702, 789, + 2608, 791, 1801, 1802, 5597, 1804, 1805, 1806, 1807, 5602, + 5603, 572, 2371, 467, 1702, 33, 6011, 1871, 1817, 3395, + 3212, 1702, 299, 41, 618, 742, 464, 6132, 695, 791, + 1668, 438, 50, 581, 1672, 674, 1835, 612, 209, 4670, + 209, 1679, 648, 4179, 2810, 2519, 1741, 288, 1743, 2523, + 362, 2525, 572, 1752, 581, 775, 776, 777, 778, 779, + 780, 781, 31, 595, 1759, 2539, 592, 695, 1763, 1764, + 576, 308, 510, 544, 555, 1456, 1771, 1772, 2552, 2553, + 209, 209, 988, 989, 990, 4058, 4059, 123, 317, 4062, + 4063, 127, 452, 695, 317, 4068, 4069, 6081, 1793, 127, + 626, 6085, 710, 463, 304, 305, 1801, 1802, 1803, 1804, + 1805, 1806, 1807, 1808, 1809, 1810, 1811, 209, 4749, 1973, + 1974, 1759, 1817, 631, 4097, 210, 110, 233, 1034, 2468, + 145, 2468, 168, 2468, 3148, 693, 711, 777, 174, 1834, + 1835, 1840, 1837, 33, 1956, 160, 317, 618, 317, 789, + 33, 41, 727, 1965, 462, 1967, 637, 789, 41, 791, + 50, 6272, 5014, 1858, 476, 1803, 215, 50, 33, 584, + 1808, 207, 143, 1811, 584, 1870, 1975, 1976, 227, 418, + 3194, 472, 690, 2468, 316, 50, 463, 576, 317, 317, + 796, 209, 4934, 5700, 2455, 496, 2008, 269, 167, 5706, + 6311, 33, 4944, 4945, 788, 6023, 33, 407, 370, 41, + 316, 5804, 796, 1912, 41, 2665, 294, 14, 50, 510, + 1858, 2671, 467, 50, 514, 317, 4704, 461, 390, 2455, + 5834, 2817, 1870, 282, 1933, 1930, 2686, 56, 6080, 478, + 1935, 326, 6084, 791, 466, 2831, 43, 44, 754, 2061, + 6245, 3217, 2468, 789, 233, 791, 788, 33, 618, 2566, + 2468, 1956, 576, 127, 345, 41, 3083, 557, 1963, 737, + 1965, 1966, 1967, 711, 50, 259, 1971, 2744, 327, 479, + 1975, 1976, 363, 3100, 3217, 791, 2872, 145, 316, 370, + 3107, 3108, 72, 4393, 1989, 6279, 6280, 605, 3064, 317, + 2619, 4750, 4402, 4403, 3284, 2000, 2001, 5201, 5720, 2600, + 107, 101, 390, 2008, 178, 33, 3413, 3414, 390, 209, + 791, 532, 33, 41, 3919, 2692, 209, 452, 3094, 581, + 41, 119, 50, 1971, 154, 4071, 155, 6155, 463, 50, + 413, 414, 5236, 3255, 656, 314, 126, 3259, 763, 3921, + 5857, 1989, 2802, 763, 2821, 2881, 2882, 2883, 2566, 5786, + 150, 332, 2000, 2001, 152, 754, 2061, 186, 791, 5876, + 604, 3284, 594, 388, 665, 2070, 6046, 209, 242, 6049, + 3394, 2076, 209, 743, 5794, 2080, 5813, 10, 4589, 339, + 5817, 346, 4041, 4594, 128, 33, 193, 761, 4599, 378, + 739, 417, 791, 41, 2099, 695, 617, 227, 778, 779, + 780, 781, 50, 2108, 407, 1796, 3396, 5516, 467, 2114, + 154, 499, 4767, 6112, 6113, 5516, 6268, 317, 2123, 2124, + 2125, 791, 2070, 209, 317, 577, 578, 6331, 2076, 33, + 754, 117, 118, 262, 2139, 2140, 226, 41, 3056, 546, + 672, 315, 33, 5865, 599, 4656, 50, 4658, 2725, 2726, + 41, 81, 5645, 674, 10, 255, 10, 286, 2163, 50, + 4443, 6365, 2167, 576, 7, 6191, 4821, 493, 6190, 5167, + 667, 5223, 2177, 3396, 75, 317, 441, 5670, 2183, 4974, + 317, 209, 0, 618, 5976, 5126, 683, 6305, 209, 2194, + 2195, 2139, 2140, 5930, 127, 293, 645, 297, 458, 4193, + 10, 81, 654, 5612, 294, 2654, 306, 5616, 2657, 606, + 33, 6154, 1428, 6156, 2663, 5616, 316, 147, 41, 2167, + 206, 5941, 2871, 6015, 2871, 126, 2871, 50, 158, 2177, + 5967, 317, 332, 6351, 2903, 581, 166, 2886, 2809, 2886, + 2758, 2886, 2240, 698, 145, 2914, 2915, 5984, 5452, 2240, + 2919, 2898, 791, 2898, 760, 2902, 5437, 2902, 33, 160, + 673, 209, 2426, 3159, 194, 55, 41, 147, 417, 3165, + 602, 127, 6252, 2809, 667, 50, 2871, 33, 158, 771, + 772, 773, 788, 3065, 33, 41, 166, 141, 3065, 317, + 683, 2886, 41, 771, 50, 688, 317, 283, 753, 2817, + 6243, 50, 2971, 2898, 3825, 209, 3827, 2902, 743, 716, + 791, 147, 791, 2831, 194, 33, 4310, 218, 209, 2988, + 250, 730, 158, 41, 730, 226, 57, 734, 2389, 771, + 166, 141, 50, 2455, 776, 777, 730, 720, 127, 2344, + 723, 754, 73, 2348, 493, 2871, 737, 796, 278, 681, + 2472, 789, 791, 2871, 2872, 6194, 6276, 2362, 602, 136, + 2886, 151, 3927, 2881, 2882, 2883, 776, 777, 2886, 317, + 250, 57, 2898, 519, 520, 5711, 2902, 167, 5582, 788, + 2898, 158, 788, 141, 2902, 71, 209, 73, 534, 791, + 536, 2389, 5609, 2389, 2503, 465, 2344, 2088, 278, 2508, + 2348, 5618, 796, 5620, 5621, 5622, 5623, 5624, 788, 2518, + 4921, 4922, 33, 317, 250, 2524, 796, 914, 695, 916, + 41, 918, 919, 5055, 33, 128, 317, 497, 925, 50, + 207, 928, 41, 51, 209, 2126, 40, 681, 6277, 4849, + 4850, 50, 278, 2448, 2449, 127, 3123, 3124, 151, 239, + 2455, 55, 2574, 209, 2459, 2460, 144, 5089, 777, 2468, + 209, 6381, 6382, 791, 28, 4979, 30, 2472, 2159, 2474, + 789, 748, 2477, 2478, 3123, 3124, 3123, 3124, 3123, 3124, + 6319, 2172, 788, 629, 630, 2607, 104, 388, 3123, 3124, + 796, 209, 174, 771, 317, 3255, 40, 2502, 2503, 3259, + 33, 571, 417, 2508, 5299, 2196, 2197, 2516, 41, 197, + 57, 2459, 2460, 2518, 771, 6354, 271, 50, 2527, 2524, + 651, 914, 33, 916, 71, 918, 919, 796, 3123, 3124, + 41, 423, 925, 313, 4996, 928, 153, 33, 430, 50, + 33, 6380, 317, 4425, 2653, 41, 2551, 151, 41, 218, + 33, 168, 2661, 2662, 50, 30, 788, 50, 41, 5763, + 35, 317, 2567, 167, 796, 145, 33, 50, 317, 2574, + 2575, 2576, 2694, 31, 41, 3471, 5231, 33, 33, 368, + 160, 712, 652, 50, 715, 41, 41, 332, 209, 789, + 4549, 2600, 4638, 197, 50, 50, 789, 3123, 3124, 317, + 209, 2606, 2607, 2551, 788, 3123, 3124, 788, 2617, 63, + 2615, 742, 796, 282, 2619, 796, 160, 33, 373, 288, + 751, 320, 4668, 47, 5808, 41, 5810, 308, 2576, 53, + 311, 55, 3392, 154, 50, 239, 3413, 3414, 5869, 720, + 2645, 3159, 2538, 724, 2649, 2650, 2651, 3165, 2653, 791, + 33, 4934, 789, 197, 1151, 2660, 2661, 2662, 41, 345, + 2665, 4944, 4945, 452, 2058, 454, 2671, 50, 2062, 776, + 777, 778, 779, 780, 781, 788, 209, 363, 6284, 6285, + 65, 2686, 226, 796, 370, 2690, 22, 2809, 788, 2694, + 2695, 788, 3911, 29, 33, 31, 317, 598, 209, 796, + 4278, 4279, 41, 2651, 128, 791, 514, 677, 317, 395, + 33, 50, 2660, 209, 2723, 685, 209, 2665, 41, 6325, + 690, 4340, 2731, 2671, 788, 4344, 209, 50, 788, 4307, + 3307, 3308, 796, 3310, 3311, 5939, 796, 745, 2686, 2744, + 33, 3960, 209, 498, 33, 2750, 259, 4325, 41, 179, + 294, 4041, 41, 209, 209, 544, 788, 50, 1151, 347, + 4949, 50, 4364, 791, 4428, 4954, 33, 5951, 23, 50, + 791, 26, 27, 3900, 41, 3902, 31, 2899, 788, 2901, + 5291, 300, 33, 50, 317, 3861, 796, 421, 788, 4853, + 41, 3918, 3439, 209, 3439, 2800, 796, 2802, 1391, 50, + 5432, 1394, 1395, 2808, 2809, 2810, 317, 141, 709, 4334, + 128, 789, 5753, 791, 47, 570, 2821, 5449, 4041, 33, + 754, 317, 4868, 33, 317, 675, 209, 41, 4152, 618, + 5462, 41, 5464, 777, 317, 1300, 50, 5247, 5248, 282, + 50, 1306, 1307, 791, 3439, 789, 390, 791, 741, 742, + 317, 744, 4377, 746, 2802, 6, 7, 33, 776, 777, + 2808, 317, 317, 675, 794, 41, 464, 18, 33, 128, + 209, 33, 33, 106, 50, 2566, 41, 2886, 6062, 41, + 41, 6065, 789, 5538, 791, 50, 209, 791, 50, 50, + 789, 4691, 791, 789, 2899, 33, 2901, 113, 114, 115, + 791, 317, 53, 41, 789, 789, 791, 791, 795, 33, + 4710, 791, 50, 3439, 776, 777, 209, 41, 145, 4719, + 209, 3439, 19, 20, 33, 4725, 50, 6341, 6342, 33, + 81, 789, 41, 791, 317, 4735, 57, 41, 4068, 4069, + 5223, 50, 209, 4743, 4744, 667, 50, 702, 6054, 6055, + 71, 4851, 73, 3471, 789, 499, 791, 5468, 209, 1456, + 4695, 36, 37, 24, 3025, 145, 789, 28, 119, 30, + 3884, 32, 123, 1683, 1684, 33, 127, 145, 317, 19, + 20, 778, 779, 41, 5267, 136, 137, 789, 789, 791, + 791, 127, 50, 3157, 317, 209, 147, 3002, 789, 209, + 791, 152, 33, 154, 314, 4193, 4194, 158, 4196, 764, + 41, 796, 4514, 4201, 24, 166, 791, 168, 28, 50, + 30, 3019, 32, 174, 317, 741, 3031, 3025, 317, 3025, + 796, 5570, 265, 209, 267, 791, 120, 789, 33, 791, + 81, 33, 791, 194, 209, 278, 41, 209, 209, 41, + 317, 737, 440, 204, 3059, 50, 207, 282, 50, 3064, + 3065, 294, 5108, 1456, 33, 661, 317, 2758, 751, 269, + 284, 209, 41, 791, 4639, 5121, 227, 789, 682, 791, + 23, 50, 788, 26, 27, 209, 3868, 3869, 31, 3094, + 114, 3868, 3869, 288, 128, 246, 4420, 141, 151, 250, + 209, 33, 610, 317, 144, 209, 147, 317, 259, 41, + 796, 3059, 651, 3111, 3119, 3111, 3121, 158, 50, 28, + 3111, 30, 788, 32, 3233, 166, 2817, 278, 3292, 479, + 3111, 3915, 19, 20, 788, 588, 19, 20, 711, 3111, + 2831, 317, 293, 3265, 789, 789, 791, 791, 3153, 300, + 584, 209, 317, 194, 3823, 317, 317, 197, 789, 3164, + 791, 788, 1009, 314, 789, 316, 791, 742, 33, 1016, + 791, 4173, 788, 4175, 3296, 3297, 41, 788, 209, 317, + 2871, 2872, 791, 337, 337, 50, 307, 308, 1035, 1036, + 2881, 2882, 2883, 317, 789, 789, 791, 791, 4417, 3981, + 204, 3210, 33, 4867, 3981, 88, 5746, 2898, 317, 250, + 41, 2902, 3334, 317, 209, 33, 3164, 209, 789, 50, + 791, 33, 33, 41, 345, 337, 33, 24, 3233, 41, + 41, 28, 50, 30, 41, 32, 3241, 278, 50, 50, + 209, 555, 363, 50, 204, 478, 53, 788, 791, 370, + 3255, 4829, 4012, 4013, 3259, 288, 284, 144, 791, 317, + 3265, 33, 431, 364, 4391, 4392, 537, 538, 3273, 41, + 541, 542, 543, 88, 395, 24, 316, 209, 50, 28, + 791, 30, 33, 32, 40, 28, 317, 30, 33, 32, + 41, 3296, 3297, 3241, 797, 791, 41, 795, 791, 50, + 355, 789, 53, 791, 789, 50, 791, 3255, 791, 355, + 197, 3259, 3321, 3322, 3323, 3324, 3325, 3326, 3327, 788, + 4711, 3330, 317, 788, 791, 317, 47, 4718, 789, 3334, + 791, 788, 24, 25, 789, 791, 28, 28, 30, 30, + 32, 32, 788, 788, 209, 3350, 788, 788, 317, 105, + 390, 789, 789, 791, 791, 788, 128, 3366, 3367, 788, + 3369, 40, 3371, 3372, 3373, 3374, 3375, 3376, 3377, 788, + 3379, 50, 15, 789, 3383, 4502, 55, 4768, 209, 789, + 101, 791, 789, 458, 791, 317, 789, 3392, 791, 788, + 788, 209, 19, 20, 789, 788, 791, 209, 209, 789, + 215, 791, 209, 1796, 788, 5069, 789, 3412, 3413, 3414, + 119, 4247, 227, 3418, 123, 4153, 40, 5152, 127, 789, + 788, 791, 19, 20, 745, 789, 50, 791, 503, 150, + 581, 55, 3123, 3124, 6, 7, 192, 209, 789, 192, + 791, 197, 788, 152, 3392, 789, 18, 791, 5494, 789, + 789, 791, 317, 686, 687, 688, 689, 5503, 209, 168, + 789, 501, 791, 788, 209, 174, 789, 282, 3159, 789, + 3418, 791, 151, 788, 3165, 290, 232, 788, 88, 232, + 4770, 53, 745, 789, 33, 791, 317, 788, 167, 6430, + 565, 788, 41, 5122, 5235, 313, 789, 788, 207, 317, + 789, 50, 789, 390, 791, 317, 317, 73, 788, 81, + 317, 788, 327, 269, 4702, 788, 269, 144, 197, 129, + 5098, 789, 789, 791, 24, 25, 26, 151, 28, 789, + 30, 791, 32, 608, 255, 145, 788, 38, 789, 284, + 788, 788, 4730, 167, 788, 317, 4734, 119, 145, 214, + 789, 123, 791, 4741, 789, 127, 791, 4174, 4685, 789, + 239, 791, 788, 214, 136, 137, 317, 789, 788, 791, + 197, 143, 317, 197, 214, 147, 297, 788, 127, 789, + 152, 621, 154, 788, 293, 306, 158, 789, 789, 791, + 791, 2088, 5256, 214, 166, 316, 168, 480, 788, 4117, + 4382, 33, 174, 759, 789, 4382, 791, 758, 789, 41, + 791, 332, 31, 789, 501, 239, 737, 88, 50, 4288, + 771, 53, 194, 796, 789, 440, 15, 789, 789, 2126, + 15, 789, 204, 791, 390, 207, 788, 390, 789, 47, + 791, 788, 53, 794, 795, 789, 402, 791, 788, 402, + 791, 789, 467, 263, 788, 227, 4174, 788, 788, 788, + 209, 788, 2159, 788, 588, 789, 4313, 204, 4313, 18, + 19, 20, 282, 300, 246, 2172, 128, 788, 250, 771, + 789, 788, 3846, 4352, 294, 789, 788, 259, 788, 788, + 788, 40, 788, 788, 5576, 2088, 771, 772, 773, 2196, + 2197, 788, 312, 75, 53, 788, 278, 590, 788, 24, + 25, 26, 752, 28, 597, 30, 788, 32, 4313, 788, + 603, 293, 762, 788, 73, 788, 788, 299, 300, 4247, + 204, 789, 342, 2126, 621, 259, 788, 788, 788, 24, + 25, 5787, 314, 28, 316, 30, 502, 32, 3439, 502, + 99, 24, 25, 788, 126, 28, 227, 30, 789, 32, + 675, 33, 788, 390, 791, 145, 2159, 71, 317, 41, + 788, 788, 183, 145, 5679, 788, 788, 209, 50, 2172, + 3471, 788, 788, 788, 464, 788, 788, 4313, 160, 788, + 788, 788, 96, 390, 789, 4313, 679, 789, 269, 788, + 397, 3806, 788, 2196, 2197, 109, 788, 417, 5549, 788, + 788, 160, 788, 788, 788, 412, 572, 788, 5559, 572, + 789, 125, 695, 88, 127, 695, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, 434, 681, 711, + 514, 433, 3847, 143, 791, 426, 791, 662, 197, 791, + 586, 155, 667, 202, 226, 204, 3861, 789, 3863, 742, + 364, 791, 3871, 3868, 3869, 752, 3871, 127, 398, 3874, + 3875, 342, 581, 791, 501, 762, 5793, 226, 791, 583, + 145, 3990, 5799, 5800, 706, 317, 771, 7, 751, 467, + 467, 463, 4469, 4470, 4471, 4472, 4473, 4474, 4475, 4476, + 4477, 4478, 788, 4480, 4481, 4482, 4483, 4484, 4485, 4486, + 4487, 5575, 4489, 4490, 4750, 3863, 4493, 4494, 10, 18, + 19, 20, 791, 4661, 789, 218, 122, 742, 3933, 3927, + 3928, 235, 136, 5562, 5459, 31, 751, 209, 297, 151, + 65, 40, 539, 127, 412, 294, 417, 3, 587, 751, + 215, 359, 796, 364, 431, 552, 119, 313, 789, 54, + 123, 791, 227, 127, 127, 120, 426, 796, 796, 440, + 647, 2468, 569, 711, 3979, 789, 3981, 789, 789, 3984, + 3985, 215, 337, 651, 3993, 3990, 337, 337, 141, 152, + 510, 313, 296, 227, 621, 403, 467, 405, 4162, 410, + 565, 350, 128, 682, 154, 168, 202, 4012, 4013, 581, + 390, 174, 313, 788, 4019, 795, 388, 397, 4595, 5410, + 5411, 178, 5413, 4600, 621, 290, 18, 19, 20, 791, + 796, 3979, 412, 788, 47, 269, 3984, 3985, 648, 431, + 106, 390, 789, 789, 207, 317, 340, 791, 40, 5713, + 789, 652, 662, 127, 434, 796, 290, 667, 682, 1583, + 1584, 160, 327, 4104, 4012, 4013, 789, 788, 1592, 2566, + 789, 789, 127, 789, 789, 2468, 789, 488, 788, 72, + 789, 73, 75, 167, 4733, 796, 4733, 495, 4733, 788, + 136, 791, 797, 327, 288, 291, 791, 127, 197, 1623, + 697, 1625, 778, 730, 73, 715, 796, 99, 791, 413, + 414, 695, 5741, 127, 778, 712, 1640, 1641, 1642, 5510, + 469, 494, 151, 1647, 1648, 752, 708, 226, 455, 127, + 293, 1655, 742, 126, 5261, 762, 129, 545, 4733, 791, + 551, 439, 695, 127, 789, 791, 788, 788, 154, 4154, + 499, 3, 145, 791, 151, 218, 567, 568, 367, 539, + 6077, 572, 573, 574, 240, 762, 5907, 160, 160, 514, + 514, 514, 552, 2566, 514, 440, 695, 415, 364, 4177, + 514, 695, 514, 791, 592, 681, 758, 120, 288, 569, + 47, 662, 33, 127, 678, 294, 667, 600, 789, 771, + 41, 751, 467, 789, 789, 197, 440, 4733, 158, 50, + 202, 158, 204, 789, 789, 4733, 211, 789, 414, 791, + 788, 791, 794, 795, 137, 218, 598, 796, 65, 640, + 443, 252, 4750, 226, 226, 796, 669, 4242, 397, 422, + 5975, 788, 484, 4248, 482, 22, 23, 24, 25, 26, + 27, 28, 29, 30, 31, 32, 484, 791, 562, 563, + 599, 2758, 284, 68, 710, 741, 33, 128, 223, 33, + 263, 742, 621, 791, 41, 683, 207, 41, 204, 791, + 751, 788, 693, 50, 288, 154, 50, 128, 146, 5051, + 5052, 390, 5054, 5684, 97, 5686, 5687, 5059, 42, 707, + 5062, 294, 294, 5065, 5066, 653, 789, 789, 789, 431, + 548, 5073, 550, 5075, 789, 664, 251, 697, 556, 312, + 2817, 778, 5084, 789, 4186, 4974, 789, 4974, 4333, 4974, + 4192, 789, 712, 4195, 2831, 128, 777, 709, 4200, 788, + 791, 606, 789, 791, 789, 122, 789, 789, 788, 33, + 4927, 789, 789, 18, 19, 20, 4365, 41, 350, 789, + 4365, 128, 4939, 6409, 128, 2758, 50, 789, 209, 789, + 355, 356, 789, 4378, 2871, 2872, 4385, 4382, 616, 4974, + 4385, 5058, 789, 648, 2881, 2882, 2883, 789, 4552, 2886, + 789, 789, 5917, 789, 791, 388, 791, 791, 390, 789, + 499, 2898, 667, 789, 788, 2902, 71, 392, 73, 796, + 789, 760, 789, 762, 4419, 781, 218, 6299, 581, 723, + 788, 788, 660, 4428, 2817, 202, 4117, 788, 2176, 789, + 788, 366, 4437, 4429, 99, 788, 4434, 382, 2831, 374, + 771, 595, 209, 31, 128, 209, 431, 31, 4974, 31, + 715, 431, 4574, 4458, 389, 791, 4974, 131, 128, 4464, + 127, 791, 791, 4468, 399, 400, 401, 127, 796, 508, + 81, 4920, 796, 796, 409, 5371, 317, 742, 2871, 2872, + 145, 791, 791, 4174, 796, 6010, 751, 4492, 2881, 2882, + 2883, 5387, 791, 2886, 791, 128, 617, 789, 6162, 259, + 81, 789, 791, 53, 791, 100, 47, 499, 791, 771, + 4458, 4669, 791, 5162, 291, 5162, 369, 5162, 756, 5166, + 4468, 5166, 621, 4632, 720, 209, 675, 723, 791, 767, + 127, 6056, 580, 158, 4539, 158, 147, 758, 511, 443, + 6169, 4546, 553, 123, 788, 561, 6428, 158, 269, 269, + 317, 216, 661, 317, 269, 166, 4247, 269, 269, 316, + 204, 788, 127, 4572, 789, 791, 147, 5162, 771, 4574, + 771, 5166, 771, 4695, 771, 741, 771, 158, 771, 771, + 776, 777, 4704, 194, 771, 166, 771, 19, 20, 771, + 771, 771, 771, 204, 5043, 6336, 771, 771, 771, 771, + 771, 771, 771, 771, 771, 598, 771, 300, 273, 274, + 275, 771, 547, 194, 580, 771, 168, 4622, 796, 34, + 337, 606, 4313, 204, 559, 57, 288, 4632, 293, 621, + 791, 5527, 4637, 317, 6298, 288, 5162, 414, 623, 250, + 5166, 4639, 510, 791, 5162, 796, 763, 396, 5166, 796, + 5299, 154, 5299, 795, 5299, 789, 153, 153, 796, 789, + 789, 760, 3159, 762, 649, 789, 789, 278, 3165, 250, + 214, 4669, 664, 4669, 6303, 789, 777, 5439, 4669, 777, + 796, 796, 65, 789, 789, 350, 788, 352, 791, 300, + 4695, 788, 704, 342, 288, 288, 242, 278, 588, 4704, + 128, 128, 796, 796, 5299, 370, 788, 372, 693, 644, + 788, 496, 5359, 233, 5359, 777, 709, 30, 788, 788, + 771, 667, 740, 4728, 659, 390, 549, 204, 337, 126, + 3123, 3124, 397, 6397, 204, 204, 50, 683, 158, 288, + 158, 719, 791, 689, 6408, 789, 412, 412, 412, 5396, + 31, 5396, 6416, 31, 419, 31, 2280, 6282, 241, 2283, + 6424, 53, 284, 788, 5359, 700, 3159, 246, 760, 434, + 762, 788, 3165, 5299, 127, 2299, 778, 588, 788, 714, + 789, 5299, 778, 4905, 143, 22, 23, 24, 25, 26, + 27, 28, 29, 30, 31, 32, 2320, 791, 474, 788, + 788, 5396, 788, 155, 795, 95, 796, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 55, 4941, + 155, 4826, 4684, 791, 4686, 789, 491, 81, 789, 789, + 789, 796, 5728, 5359, 4696, 788, 501, 791, 789, 271, + 517, 5359, 519, 520, 5293, 207, 789, 789, 5297, 5298, + 282, 789, 4714, 5371, 153, 65, 788, 534, 788, 536, + 789, 789, 4867, 251, 4726, 789, 789, 788, 4866, 5387, + 5396, 4876, 771, 2621, 539, 4866, 128, 31, 5396, 31, + 4742, 791, 233, 789, 791, 122, 315, 552, 788, 233, + 4899, 4900, 4901, 147, 788, 771, 791, 741, 204, 558, + 4905, 412, 788, 4908, 158, 4910, 5061, 122, 788, 300, + 300, 788, 166, 53, 382, 789, 791, 31, 791, 450, + 4925, 209, 4963, 288, 53, 443, 591, 252, 4937, 4938, + 131, 506, 597, 395, 225, 580, 4941, 788, 4947, 788, + 194, 127, 3439, 720, 127, 30, 723, 789, 65, 257, + 204, 4960, 629, 630, 168, 4960, 621, 4962, 789, 316, + 2708, 789, 647, 508, 207, 202, 791, 65, 914, 789, + 916, 789, 918, 919, 3471, 791, 351, 4925, 366, 925, + 4989, 4986, 928, 218, 169, 6376, 374, 202, 420, 789, + 655, 789, 789, 316, 789, 791, 250, 662, 451, 174, + 788, 389, 434, 771, 436, 771, 771, 684, 685, 5527, + 791, 399, 400, 401, 762, 749, 167, 422, 422, 218, + 204, 409, 53, 645, 278, 681, 789, 300, 300, 170, + 5152, 296, 697, 788, 319, 30, 468, 5042, 30, 597, + 472, 218, 4733, 388, 218, 218, 65, 712, 713, 481, + 5055, 5056, 5057, 218, 291, 159, 159, 712, 5053, 4750, + 725, 218, 5067, 218, 5069, 712, 596, 607, 218, 218, + 218, 5076, 5077, 5068, 204, 390, 291, 5082, 3471, 204, + 489, 128, 514, 5078, 5089, 443, 588, 316, 204, 5094, + 5085, 154, 5087, 5088, 5103, 72, 580, 762, 75, 311, + 532, 99, 311, 5999, 5109, 238, 57, 788, 791, 5057, + 789, 789, 553, 502, 789, 155, 789, 789, 789, 617, + 789, 6248, 71, 791, 65, 50, 791, 410, 5076, 5127, + 791, 789, 789, 5138, 658, 789, 5127, 789, 789, 53, + 788, 108, 431, 789, 5185, 5594, 796, 5152, 791, 126, + 788, 788, 129, 789, 796, 31, 5674, 382, 788, 547, + 788, 65, 65, 117, 65, 30, 450, 5814, 145, 5814, + 407, 559, 788, 335, 160, 142, 749, 414, 610, 141, + 5185, 749, 226, 160, 5189, 617, 394, 674, 426, 316, + 127, 282, 407, 796, 428, 627, 127, 771, 30, 414, + 791, 449, 789, 553, 789, 1151, 789, 692, 587, 641, + 5728, 788, 791, 180, 160, 160, 5976, 789, 423, 5814, + 92, 93, 94, 95, 788, 788, 788, 237, 789, 788, + 53, 791, 789, 665, 105, 791, 789, 580, 65, 5244, + 795, 795, 674, 65, 795, 677, 788, 65, 31, 226, + 127, 5256, 5257, 288, 415, 6015, 791, 3005, 127, 5264, + 160, 316, 288, 695, 789, 791, 138, 139, 140, 588, + 5275, 659, 30, 5278, 5279, 465, 789, 789, 5283, 711, + 789, 653, 5287, 4974, 605, 444, 263, 605, 5814, 788, + 5295, 796, 6419, 5302, 726, 5300, 5814, 371, 788, 788, + 300, 789, 788, 796, 796, 796, 72, 6, 204, 5318, + 580, 580, 700, 120, 796, 5437, 796, 294, 190, 191, + 796, 796, 796, 796, 796, 796, 714, 120, 288, 796, + 796, 796, 1278, 796, 795, 312, 796, 795, 789, 282, + 73, 288, 282, 692, 288, 5922, 5923, 588, 5925, 5926, + 5927, 5928, 72, 72, 65, 65, 5397, 5362, 788, 160, + 6037, 796, 788, 50, 6124, 789, 703, 30, 791, 791, + 718, 788, 5377, 789, 5379, 18, 580, 791, 580, 219, + 144, 99, 254, 5424, 99, 5426, 432, 218, 588, 297, + 588, 653, 788, 422, 422, 788, 434, 789, 160, 181, + 709, 5406, 789, 5408, 788, 791, 788, 788, 749, 160, + 202, 388, 297, 343, 99, 53, 796, 154, 796, 789, + 788, 593, 704, 789, 788, 5430, 5431, 5432, 5433, 204, + 5425, 430, 5437, 5438, 788, 5440, 199, 426, 745, 6, + 5445, 5446, 788, 208, 5449, 174, 318, 744, 788, 5454, + 5455, 744, 788, 342, 796, 788, 5461, 5462, 796, 5464, + 789, 589, 788, 127, 788, 3213, 796, 5472, 796, 789, + 219, 5162, 789, 6050, 252, 5166, 6053, 484, 336, 791, + 791, 5999, 6000, 720, 6061, 789, 723, 6064, 789, 789, + 204, 204, 204, 65, 789, 732, 101, 297, 112, 5504, + 204, 204, 669, 143, 116, 720, 653, 436, 723, 5514, + 1456, 30, 259, 788, 791, 3385, 5521, 732, 485, 3111, + 2587, 5116, 5114, 5798, 5112, 3229, 6422, 4081, 5831, 5376, + 5995, 6228, 768, 766, 766, 1433, 5362, 5833, 5760, 5514, + 5162, 4974, 5536, 415, 5756, 4746, 1753, 714, 515, 516, + 3189, 518, 519, 520, 521, 522, 5504, 524, 525, 526, + 527, 528, 529, 530, 531, 4447, 533, 534, 535, 536, + 5575, 3408, 2085, 831, 3464, 4247, 2195, 3325, 2196, 5644, + 5585, 2197, 5453, 5643, 4621, 5590, 4103, 5354, 4378, 5240, + 4374, 4826, 5597, 5598, 2434, 5562, 6044, 5602, 5603, 6164, + 6303, 6261, 5930, 5560, 2722, 4616, 1421, 5820, 5299, 5050, + 482, 5094, 4622, 5287, 3362, 5427, 3364, 3365, 4919, 6285, + 4117, 598, 3370, 6114, 6124, 6015, 3439, 6008, 6008, 6008, + 3378, 6008, 4310, 4193, 3382, 5640, 3384, 5752, 3306, 4057, + 4263, 4238, 5984, 6037, 5649, 5643, 4693, 5182, 3809, 5654, + 5598, 4341, 4344, 4336, 6309, 89, 89, 6279, 5805, 6280, + 3221, 6069, 629, 630, 5669, 6085, 5830, 6081, 5359, 5697, + 4718, 3982, 5423, 5678, 4621, 5421, 548, 4174, 550, 1945, + 5371, 5091, 1528, 1442, 556, 5881, 3209, 3204, 6033, 5701, + 2750, 3418, 2102, 3059, 2576, 5700, 5387, 2840, 19, 20, + 4180, 5706, 1408, 5708, 135, 5396, 3019, 774, 5713, 1173, + 3154, 3288, 4667, 1395, 1355, 5756, 3068, 5722, 5668, 4365, + 2970, 2967, 3846, 1743, 4117, 1687, 1607, 3036, 5733, 5734, + 3037, 3756, 709, 4769, 1618, 6007, 57, 6235, 1586, 6342, + 2001, 6341, 1996, 1353, 616, 1353, 1353, 5869, 1353, 1353, + 4247, 5756, 5118, 4660, 5895, 5760, 4876, 1592, 5896, 1991, + 2701, 2017, 4545, 3832, 4546, 3275, 5713, 3830, 5235, 4853, + 5907, 5231, 5813, 5778, 1386, 3291, 5817, 4770, 3284, 5252, + 4062, 4174, 1416, 780, 5789, 4661, 4324, 4063, 660, 5794, + 4552, 2694, 107, 89, 2108, 962, 698, 5802, 2161, 5804, + 4177, 2833, 4434, 1466, 1263, 4898, 5575, 4421, 6298, 3318, + 4419, 978, 845, 5818, 846, 982, 4313, 2547, 1826, 5824, + 2548, 689, 689, 689, 3146, 1411, 2604, 5267, 1533, 5640, + 1934, 4183, 6301, 5005, 6347, 5417, 5527, 6416, 1005, 5844, + 6424, 6336, 966, 1010, 2679, 2567, 2830, 5256, 1015, 2886, + 3124, 3123, 5857, 5975, 4247, 688, 3125, 2480, 688, 2201, + 3116, 3115, 5867, 3120, 5869, 3880, 2177, 686, 1765, 4092, + 5875, 5876, 5877, 3064, 1965, 1154, 2744, 4574, 5873, 3224, + 4673, 1521, 1521, 1188, 756, 5500, 4104, 113, 727, 1296, + 5895, 5896, 89, 89, 89, 767, 2659, 5902, 6135, 4174, + 3996, 4980, 2198, 930, 6422, 3465, 4980, 4990, 4976, 4975, + -1, -1, -1, -1, 1081, 1082, 1083, 1084, -1, 5867, + 1087, -1, -1, -1, -1, -1, 5967, 1094, -1, 5877, + -1, -1, -1, -1, -1, 6057, 5941, -1, -1, -1, + -1, 5946, -1, 5984, -1, -1, -1, 5952, -1, -1, + 271, -1, -1, 5962, -1, -1, -1, 962, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 5975, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5674, -1, -1, 5991, -1, 5993, -1, + -1, -1, -1, -1, -1, -1, -1, 6002, -1, -1, + -1, -1, 6007, -1, -1, 1010, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 1190, -1, -1, -1, -1, 6033, -1, + -1, -1, -1, -1, -1, -1, -1, 5728, -1, 6044, + -1, -1, 6051, 6052, -1, -1, -1, -1, -1, -1, + -1, -1, 6057, 6114, 6063, -1, -1, -1, -1, -1, + -1, -1, 6184, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 1087, -1, 6089, -1, -1, -1, -1, -1, + 6131, -1, -1, 6098, -1, 6100, 6101, -1, -1, 420, + -1, -1, -1, -1, -1, -1, -1, -1, 1275, -1, + -1, -1, -1, 434, -1, 436, 6114, -1, 6114, -1, + -1, -1, 6127, 5814, 6129, 6289, -1, -1, -1, -1, + -1, -1, -1, 6138, -1, -1, -1, 6259, -1, -1, + -1, -1, 2088, -1, -1, -1, -1, 468, -1, -1, + -1, 472, -1, -1, -1, -1, -1, 6162, -1, -1, + 481, -1, -1, -1, 6173, -1, -1, 6176, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6184, + 2126, 6129, -1, -1, -1, 1190, -1, -1, 6229, -1, + -1, -1, -1, 514, -1, -1, -1, 6202, 6203, -1, + -1, 6206, -1, -1, -1, -1, -1, -1, 6213, -1, + -1, 532, -1, 2159, 1381, -1, -1, 1384, -1, -1, + 6225, -1, -1, -1, -1, -1, 2172, -1, 6233, -1, + -1, -1, -1, -1, -1, -1, 4733, -1, -1, -1, + -1, -1, -1, 6284, 6285, -1, -1, -1, -1, -1, + 2196, 2197, -1, 4750, 6259, -1, -1, -1, -1, -1, + -1, 6425, -1, -1, -1, -1, -1, -1, 6273, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 6403, -1, 6288, 6325, -1, -1, 6292, 1455, 610, + 6412, -1, -1, 6298, -1, -1, 617, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 627, -1, 5999, 6000, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 641, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4733, -1, -1, -1, 665, 4093, 4094, 4095, -1, -1, + -1, -1, -1, 674, -1, 1522, 677, 4750, -1, -1, + -1, -1, -1, -1, 1531, -1, 1533, -1, -1, -1, + 4118, 4119, -1, 4121, 695, -1, 1381, -1, -1, 1384, + -1, -1, -1, -1, -1, -1, -1, 18, 19, 20, + -1, -1, 6397, -1, -1, -1, -1, -1, 6403, -1, + -1, -1, -1, 6408, -1, 726, -1, 6412, -1, -1, + -1, 6416, 1579, 1580, -1, -1, -1, -1, 1585, 6424, + -1, -1, 1589, 1590, 1591, -1, -1, -1, -1, -1, + -1, -1, 1599, 1600, 1601, -1, -1, -1, 1605, -1, + -1, -1, 1609, 1610, 1611, -1, 1613, 1614, 1615, -1, + 1617, 1618, -1, -1, -1, -1, -1, 1624, -1, 1626, + -1, -1, 1629, 1630, 1631, 1632, -1, 1634, 99, 1636, + 1637, -1, -1, -1, -1, -1, -1, 4974, -1, -1, + -1, -1, -1, 1650, 1651, 1652, 1653, 1654, -1, 1656, + 1657, 1658, 1659, 1660, 1661, -1, 1663, 1664, -1, 1666, + 1667, -1, 1669, 1670, -1, -1, 1673, 1674, -1, 1676, + 1677, -1, -1, 1680, 145, 1682, -1, 1522, -1, 1686, + 1687, 1688, 2468, -1, 1691, 1692, 1693, 1694, -1, 1696, + -1, -1, -1, -1, -1, -1, 1703, -1, -1, -1, + -1, -1, 1709, 1710, 1711, 1712, -1, -1, -1, -1, + -1, -1, -1, 1720, 1721, -1, 1723, 1724, -1, -1, + 1727, 1728, 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, + 1737, 1738, 1739, -1, -1, 1742, 4324, -1, -1, -1, + 1747, 4974, -1, -1, -1, 216, -1, 1754, -1, -1, + -1, -1, -1, -1, -1, -1, 1601, 4345, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1777, -1, 1617, 1618, -1, -1, -1, -1, -1, -1, + 2566, -1, -1, -1, -1, -1, -1, -1, 1795, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 273, 274, 275, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2604, -1, + -1, -1, 293, -1, -1, 5162, -1, -1, -1, 5166, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 350, + -1, 352, -1, -1, -1, -1, -1, 1894, -1, 1896, + -1, 6422, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 372, 1747, -1, -1, -1, -1, -1, -1, 1754, + -1, -1, -1, -1, 1921, -1, -1, -1, -1, 390, + 1927, -1, -1, 11, -1, 13, 397, -1, -1, 5162, + 18, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, 412, -1, -1, -1, -1, -1, -1, 419, -1, + 1795, -1, -1, -1, -1, 2741, -1, -1, -1, -1, + -1, -1, 5299, 434, -1, -1, -1, 33, -1, -1, + -1, -1, 2758, -1, -1, 41, -1, -1, -1, -1, + -1, -1, -1, 71, 50, 73, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 2014, -1, -1, + -1, 99, -1, 2020, -1, 2022, -1, -1, -1, -1, + 491, -1, 5359, -1, -1, -1, 92, 93, 94, 95, + 501, 2817, -1, -1, 5371, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2831, -1, -1, -1, -1, + 5387, -1, -1, -1, -1, -1, -1, 145, -1, 5396, + -1, -1, -1, -1, -1, -1, 5299, -1, 539, -1, + -1, -1, 138, 139, 140, 2082, 1921, -1, -1, 167, + -1, 552, -1, -1, -1, 2871, 2872, -1, -1, -1, + -1, -1, -1, -1, -1, 2881, 2882, 2883, -1, -1, + 2886, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2898, -1, -1, -1, 2902, -1, -1, -1, + 591, -1, -1, -1, 190, 191, 597, -1, 216, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5371, -1, + -1, -1, -1, 209, -1, -1, -1, -1, -1, -1, + 621, -1, -1, -1, 5387, 2162, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 18, 19, 20, -1, -1, + -1, -1, -1, -1, -1, 2020, -1, 2022, -1, -1, + -1, -1, -1, -1, 655, 273, 274, 275, 254, -1, + 5527, 662, -1, -1, -1, -1, -1, 2204, 2205, -1, + -1, -1, -1, -1, -1, 293, 2213, 2214, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 71, -1, + 73, -1, -1, -1, -1, -1, 697, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 712, 713, -1, -1, -1, 99, -1, -1, -1, + -1, 317, 318, -1, 725, -1, -1, -1, -1, -1, + 2267, -1, 350, -1, 352, -1, -1, -1, -1, -1, + -1, 2278, 2279, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 370, -1, 372, -1, -1, -1, -1, -1, + -1, 762, 145, -1, 5527, -1, -1, -1, -1, -1, + -1, -1, 390, -1, 2311, 2312, 2313, -1, -1, 397, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 412, -1, -1, -1, -1, -1, + -1, 419, -1, -1, -1, -1, -1, 5674, -1, -1, + -1, 4929, 4930, 4931, 4932, -1, 434, 4935, 4936, 415, + -1, -1, 4940, -1, 2361, 4943, -1, -1, 4946, 2204, + -1, 4949, -1, 216, 2371, 4953, 4954, 2374, -1, -1, + -1, -1, -1, 3159, -1, -1, -1, -1, -1, 3165, + -1, -1, 2389, -1, -1, -1, 2393, 2394, -1, 2396, + 2397, 5728, -1, -1, -1, -1, -1, -1, 2405, -1, + 2407, -1, -1, 491, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 501, -1, -1, 482, -1, -1, -1, + 273, 274, 275, -1, -1, -1, -1, -1, -1, -1, + -1, 2438, -1, 2278, 2279, -1, -1, -1, -1, -1, + 293, 5674, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 539, -1, -1, -1, -1, -1, 2464, -1, -1, + -1, -1, -1, -1, 552, -1, -1, -1, -1, -1, + -1, -1, -1, 2480, -1, -1, -1, 5814, -1, -1, + -1, -1, 548, -1, 550, -1, -1, -1, -1, -1, + 556, -1, -1, 2500, -1, 5728, -1, 350, -1, 352, + -1, -1, -1, 591, -1, -1, -1, -1, -1, 597, + 2517, -1, -1, -1, -1, -1, 2361, 370, -1, 372, + -1, -1, -1, -1, 5112, -1, 5114, -1, 5116, 2374, + -1, -1, -1, 621, -1, -1, -1, 390, -1, -1, + -1, -1, -1, -1, 397, -1, -1, 2554, -1, -1, + 616, -1, -1, -1, 2561, -1, -1, -1, -1, 412, + -1, 2568, -1, -1, -1, -1, 419, 655, -1, -1, + -1, -1, -1, -1, 662, -1, -1, -1, -1, -1, + -1, 434, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 660, -1, -1, -1, -1, -1, + -1, 2608, -1, -1, -1, -1, -1, -1, -1, 697, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2464, + -1, -1, -1, -1, 712, 713, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2480, -1, 725, 491, -1, + -1, 5229, -1, -1, -1, -1, -1, -1, 501, -1, + -1, -1, -1, 3439, -1, -1, -1, 2664, -1, -1, + -1, -1, 5999, 6000, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 762, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3471, 539, -1, -1, -1, + 756, 2698, -1, -1, -1, -1, -1, -1, -1, 552, + -1, 767, -1, -1, 2711, -1, 2713, 2714, 2715, -1, + 2717, -1, -1, -1, 2721, -1, -1, -1, -1, -1, + -1, -1, -1, 2568, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 591, -1, + -1, -1, -1, -1, 597, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 2608, -1, -1, 5999, 6000, 621, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 655, -1, -1, -1, -1, -1, -1, 662, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 2830, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 697, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 712, + 713, -1, -1, -1, -1, -1, 2711, -1, 2713, 2714, + 2715, -1, 725, -1, -1, -1, -1, -1, -1, -1, + 2887, -1, -1, -1, 2891, -1, -1, 2894, -1, -1, + -1, -1, -1, -1, -1, -1, 2903, -1, -1, -1, + -1, -1, -1, -1, -1, 2912, -1, 2914, 2915, 762, + 2917, 2918, 2919, 2920, -1, 2922, -1, 2924, 2925, -1, + 2927, -1, -1, -1, -1, -1, 56, 57, 2935, 2936, + -1, 61, 62, 2940, 2941, 2942, -1, -1, -1, -1, + -1, 71, -1, 2950, 2951, 2952, -1, 2954, -1, 2956, + -1, 2958, -1, 2960, -1, 2962, -1, -1, -1, -1, + 2967, 2968, -1, 2970, 2971, 2972, 96, -1, -1, 2976, + -1, -1, 2979, -1, -1, -1, -1, -1, -1, 109, + -1, 2988, -1, -1, 2991, 2830, 2993, 2994, 2995, -1, + -1, 2998, -1, -1, -1, 125, -1, 127, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3020, -1, 3022, -1, -1, 3025, -1, + -1, -1, -1, -1, -1, 155, -1, -1, 3035, 3036, + 3037, 3038, 3039, 3040, -1, -1, -1, -1, 3045, -1, + -1, -1, -1, -1, -1, 175, 176, 177, -1, 3056, + -1, -1, -1, -1, -1, 185, 186, 187, -1, -1, + -1, -1, 669, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 203, -1, -1, -1, -1, -1, -1, + 6, 7, -1, -1, -1, 6422, -1, -1, -1, -1, + -1, -1, 18, 19, 20, -1, -1, -1, 3105, -1, + -1, -1, -1, -1, -1, 235, -1, 714, -1, -1, + -1, -1, -1, 48, -1, -1, -1, -1, 3125, -1, + 46, -1, 48, 49, -1, -1, -1, -1, -1, -1, + -1, -1, 262, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 70, 80, 72, -1, -1, -1, + -1, 3158, 78, -1, -1, 285, 286, 287, -1, -1, + -1, -1, -1, -1, -1, -1, 101, -1, -1, -1, + -1, -1, 3179, 99, -1, 110, -1, 307, 308, -1, + -1, 3188, 3189, -1, 110, -1, -1, -1, -1, 6422, + -1, -1, -1, -1, 3039, -1, 131, -1, -1, -1, + 3986, 3987, -1, -1, -1, -1, -1, -1, -1, -1, + 145, 3056, -1, -1, -1, 150, -1, -1, -1, 145, + -1, -1, -1, -1, -1, -1, -1, -1, 358, -1, + 360, 361, -1, -1, -1, -1, -1, -1, -1, 174, + -1, -1, 3249, -1, -1, -1, -1, 377, 174, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3272, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3284, -1, 205, + 3125, 207, -1, 413, 414, -1, -1, -1, -1, -1, + 216, -1, 218, -1, -1, 4081, -1, -1, 233, -1, + -1, -1, 237, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 241, -1, 4103, -1, -1, + 255, -1, -1, -1, 259, 260, -1, -1, -1, 459, + -1, 4117, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3188, 3189, -1, -1, 273, 274, 275, + 3357, -1, -1, -1, -1, 290, -1, -1, -1, -1, + -1, -1, 297, 298, -1, -1, -1, 293, -1, -1, + 500, 978, -1, -1, -1, 982, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4174, 3396, + -1, -1, -1, -1, -1, -1, -1, -1, 1005, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 1015, -1, + -1, -1, -1, -1, -1, -1, 342, -1, -1, -1, + -1, -1, 357, -1, 350, -1, 352, -1, -1, -1, + -1, -1, 562, 563, -1, -1, -1, -1, -1, 3284, + -1, -1, -1, -1, -1, -1, 372, -1, 578, 579, + -1, -1, -1, 379, -1, -1, -1, -1, -1, -1, + -1, 4247, 397, -1, 390, -1, -1, 3474, -1, -1, + 3477, 397, -1, -1, 1081, 1082, 1083, 1084, -1, -1, + -1, -1, -1, -1, -1, -1, 412, 1094, -1, -1, + 620, -1, -1, 419, -1, -1, -1, 423, 424, -1, + -1, -1, -1, -1, 430, 440, -1, -1, 434, -1, + 445, -1, -1, -1, -1, -1, 442, -1, -1, -1, + -1, 456, 457, -1, -1, -1, -1, 4313, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 463, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3396, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 487, -1, -1, -1, 491, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 501, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 717, -1, -1, + 720, -1, -1, 723, -1, -1, -1, -1, -1, 6187, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 539, -1, -1, -1, 747, -1, -1, + -1, -1, -1, -1, -1, -1, 552, -1, 554, -1, + -1, -1, -1, -1, -1, -1, -1, 767, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 591, -1, -1, 1275, -1, + -1, 597, -1, -1, -1, -1, 611, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 621, -1, -1, -1, + -1, -1, -1, -1, -1, 621, 622, 632, -1, -1, + -1, -1, -1, 638, -1, -1, -1, 633, 634, 635, + -1, -1, -1, -1, 4500, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 655, + -1, -1, -1, -1, -1, 670, 662, -1, -1, 674, + -1, -1, -1, -1, -1, 3752, 3753, -1, -1, -1, + 3757, -1, -1, -1, -1, -1, -1, -1, -1, 3766, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 705, 697, 3779, -1, 3781, -1, 3783, -1, 3785, -1, + -1, -1, -1, -1, -1, -1, 712, 713, -1, -1, + -1, -1, 3799, -1, -1, -1, -1, -1, 3805, 725, + -1, -1, -1, 729, -1, -1, -1, -1, -1, -1, + -1, 3818, 3819, -1, -1, -1, 3823, -1, 3825, -1, + 3827, -1, -1, -1, -1, 3832, -1, -1, -1, -1, + 4616, -1, -1, -1, -1, -1, 762, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 1455, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 3873, -1, -1, 795, + 3877, -1, -1, -1, -1, -1, -1, 3884, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3921, -1, -1, -1, -1, -1, + -1, 3766, -1, -1, 1531, -1, 1533, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4733, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3805, -1, -1, -1, 4750, -1, -1, -1, -1, -1, + -1, -1, 1579, 1580, -1, -1, -1, -1, 1585, -1, + -1, -1, 1589, 1590, 1591, -1, -1, -1, -1, -1, + -1, -1, 1599, 1600, -1, -1, -1, -1, 1605, -1, + -1, -1, 1609, 1610, 1611, -1, 1613, 1614, 1615, 4016, + -1, -1, -1, -1, -1, -1, -1, 1624, 4025, 1626, + -1, -1, 1629, 1630, 1631, 1632, -1, 1634, 3873, 1636, + 1637, -1, 4039, -1, 4041, 4042, -1, -1, -1, -1, + -1, -1, -1, 1650, 1651, 1652, 1653, 1654, -1, 1656, + 1657, 1658, 1659, 1660, 1661, -1, 1663, 1664, -1, 1666, + 1667, -1, 1669, 1670, -1, -1, 1673, 1674, -1, 1676, + 1677, -1, -1, 1680, -1, 1682, -1, -1, -1, 1686, + 1687, 1688, -1, -1, 1691, 1692, 1693, 1694, -1, 1696, + -1, -1, -1, -1, -1, -1, 1703, -1, -1, -1, + -1, -1, 1709, 1710, 1711, 1712, -1, -1, -1, -1, + -1, -1, -1, 1720, 1721, -1, 1723, 1724, -1, -1, + 1727, 1728, 1729, 1730, 1731, 1732, 1733, 1734, 1735, 1736, + 1737, 1738, 1739, -1, -1, 1742, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4164, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1777, -1, 4958, -1, -1, 4961, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4974, -1, + -1, -1, -1, -1, -1, -1, 4041, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4244, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4285, 4286, + -1, 4288, -1, -1, -1, -1, -1, 1894, -1, 1896, + -1, -1, -1, -1, 4301, 4302, 4303, -1, -1, -1, + -1, -1, -1, -1, -1, 5091, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1927, 4328, 4329, -1, -1, 5, -1, 7, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4352, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4364, -1, -1, + -1, -1, -1, -1, -1, -1, 4373, -1, 48, 49, + -1, -1, -1, -1, -1, -1, 5162, -1, -1, -1, + 5166, -1, -1, -1, -1, -1, 66, -1, 68, -1, + 70, -1, 72, -1, -1, -1, -1, -1, -1, -1, + 80, -1, -1, -1, -1, -1, -1, 2014, -1, -1, + -1, -1, -1, -1, 4421, -1, -1, -1, 4425, -1, + -1, 101, -1, 103, 104, -1, -1, -1, -1, -1, + 110, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4447, -1, -1, -1, -1, -1, -1, 127, -1, -1, + -1, 131, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 141, -1, -1, -1, -1, -1, -1, -1, -1, + 150, -1, -1, -1, -1, 2082, -1, -1, -1, -1, + -1, 161, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 171, -1, -1, 174, -1, -1, -1, 178, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5299, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 205, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 217, 218, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 228, 229, + -1, -1, -1, -1, -1, 2162, -1, -1, -1, -1, + 240, 241, 242, -1, 244, -1, -1, -1, -1, 249, + -1, -1, -1, 5359, -1, 255, -1, -1, -1, 259, + 260, 261, -1, -1, -1, 5371, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2205, -1, + -1, 5387, 4447, -1, -1, -1, 2213, 2214, -1, -1, + 5396, -1, -1, -1, -1, 295, -1, 297, -1, 299, + -1, -1, 4629, 4630, -1, -1, 306, -1, -1, -1, + -1, -1, -1, -1, -1, 315, 316, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 332, -1, -1, -1, -1, -1, -1, -1, + 2267, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 354, 355, -1, 357, -1, -1, + -1, -1, -1, -1, 364, -1, -1, -1, -1, -1, + -1, -1, 372, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 2311, 2312, 2313, -1, -1, -1, + -1, -1, 392, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 416, -1, -1, -1, + -1, 5527, -1, -1, -1, -1, 426, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4767, -1, -1, 4770, 2371, 445, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 460, -1, 2389, -1, -1, -1, 2393, 2394, -1, 2396, + 2397, 471, -1, -1, 474, -1, -1, 477, 2405, -1, + 2407, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 492, -1, 4821, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2438, -1, 4840, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 2464, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5674, -1, + -1, 4898, -1, 2500, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2517, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4770, 606, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5728, -1, -1, -1, -1, 2554, -1, -1, + -1, -1, -1, -1, 2561, 635, -1, -1, -1, 639, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 649, + -1, -1, -1, -1, -1, -1, -1, 657, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4996, + 670, 4998, -1, -1, -1, 4840, -1, -1, -1, -1, + 5786, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5798, 693, -1, -1, 696, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5813, 5814, -1, + -1, 5817, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 729, + -1, -1, -1, -1, -1, -1, -1, 2664, 738, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 3249, -1, -1, -1, -1, -1, -1, 18, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3272, -1, -1, -1, -1, -1, - -1, 350, -1, 352, -1, -1, 3284, -1, 1531, -1, - 1533, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 370, -1, 372, -1, -1, -1, -1, -1, -1, - -1, 71, -1, 73, -1, -1, -1, -1, -1, -1, - -1, 390, -1, -1, -1, -1, -1, -1, 397, -1, - -1, -1, -1, -1, -1, -1, 1579, 1580, -1, 99, - -1, -1, 1585, 412, -1, -1, 1589, 1590, 1591, -1, - 419, -1, -1, -1, -1, -1, 1599, 1600, -1, 3357, - -1, -1, 1605, -1, -1, 434, 1609, 1610, 1611, -1, - 1613, 1614, 1615, -1, -1, -1, -1, -1, -1, -1, - -1, 1624, -1, 1626, -1, 145, 1629, 1630, 1631, 1632, - -1, 1634, -1, 1636, 1637, -1, -1, -1, 3396, -1, - -1, -1, -1, -1, -1, -1, -1, 1650, 1651, 1652, - 1653, 1654, -1, 1656, 1657, 1658, 1659, 1660, 1661, -1, - 1663, 1664, 491, 1666, 1667, -1, 1669, 1670, -1, -1, - 1673, 1674, 501, 1676, 1677, -1, -1, 1680, -1, 1682, - -1, -1, -1, 1686, 1687, 1688, -1, -1, 1691, 1692, - 1693, 1694, -1, 1696, -1, -1, 216, -1, -1, -1, - 1703, -1, -1, -1, -1, 48, 1709, 1710, 1711, 1712, - 539, -1, -1, -1, -1, -1, 3474, 1720, 1721, 3477, - 1723, 1724, -1, 552, 1727, 1728, 1729, 1730, 1731, 1732, - 1733, 1734, 1735, 1736, 1737, 1738, 1739, 80, -1, 1742, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 273, 274, 275, -1, -1, 101, -1, - -1, -1, 591, -1, -1, -1, -1, 110, 597, -1, - -1, -1, -1, 293, 1777, -1, -1, -1, -1, 4769, - -1, -1, -1, -1, -1, -1, -1, -1, 131, -1, - -1, -1, 621, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 145, -1, -1, -1, -1, 150, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 655, -1, -1, -1, - 350, 174, 352, 662, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4839, - 370, -1, 372, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 697, -1, - 390, -1, -1, -1, -1, -1, -1, 397, -1, -1, - -1, -1, -1, 712, 713, -1, -1, -1, -1, -1, - 233, 1894, 412, 1896, 237, -1, 725, -1, -1, 419, + -1, -1, -1, -1, -1, 765, -1, -1, -1, -1, + -1, 2698, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 788, -1, + 2717, -1, -1, -1, 2721, 5122, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 255, -1, 434, -1, 259, 260, -1, -1, - -1, -1, -1, -1, 1927, -1, -1, -1, -1, -1, - -1, -1, -1, 762, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 290, -1, -1, - -1, -1, -1, -1, 297, 298, -1, -1, -1, -1, - -1, -1, 791, -1, -1, -1, -1, -1, -1, -1, - -1, 491, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 501, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3752, 3753, -1, -1, -1, 3757, - -1, -1, -1, -1, -1, -1, -1, -1, 3766, -1, - -1, 2014, -1, -1, 357, -1, -1, -1, -1, 539, - -1, 3779, -1, 3781, -1, 3783, -1, 3785, -1, -1, - -1, -1, 552, -1, -1, -1, -1, -1, -1, -1, - -1, 3799, -1, -1, -1, -1, -1, 3805, -1, -1, - -1, -1, -1, -1, 397, -1, -1, -1, -1, -1, - 3818, 3819, -1, -1, -1, 3823, -1, 3825, -1, 3827, - -1, 591, -1, -1, 3832, -1, -1, 597, -1, 2082, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 440, -1, -1, - -1, 621, 445, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 456, 457, 3873, -1, -1, -1, 3877, - -1, 5, -1, 7, -1, -1, 3884, -1, -1, -1, - -1, -1, -1, -1, -1, 655, -1, -1, -1, -1, - -1, -1, 662, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 2162, - -1, -1, -1, 3921, 48, 49, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 697, -1, -1, - -1, -1, 66, -1, 68, -1, 70, -1, 72, -1, - -1, -1, 712, 713, -1, -1, 80, -1, -1, -1, - -1, -1, 2205, -1, -1, 725, -1, -1, -1, -1, - 2213, 2214, -1, -1, -1, -1, -1, 101, -1, 103, - 104, -1, -1, -1, -1, -1, 110, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 762, 127, -1, -1, -1, 131, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 141, 4016, -1, - -1, -1, -1, -1, 2267, -1, 150, 4025, 611, -1, - -1, -1, -1, -1, -1, -1, -1, 161, 621, -1, - -1, 4039, -1, 4041, 4042, -1, -1, 171, -1, 632, - 174, -1, -1, -1, 178, 638, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2311, 2312, - 2313, -1, -1, -1, -1, -1, 667, -1, -1, -1, - -1, 205, -1, -1, -1, -1, -1, 670, -1, -1, - -1, 674, 683, 217, 218, -1, -1, -1, 689, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5930, -1, -1, -1, -1, -1, + -1, -1, 5938, -1, -1, -1, -1, -1, 5944, 5945, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5967, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5984, -1, + -1, 5208, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5999, 6000, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5231, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 18, 19, 20, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 46, -1, 48, -1, -1, -1, + 2887, -1, -1, 6069, 2891, -1, -1, 2894, -1, -1, + -1, -1, -1, -1, -1, 6081, 2903, -1, 70, 6085, + -1, -1, -1, -1, -1, 2912, 78, 2914, 2915, -1, + 2917, 2918, 2919, 2920, -1, 2922, -1, 2924, 2925, -1, + 2927, -1, -1, -1, -1, -1, -1, 99, 2935, 2936, + -1, -1, -1, 2940, 2941, 2942, -1, -1, 110, -1, + -1, -1, -1, 2950, 2951, 2952, -1, 2954, -1, 2956, + -1, 2958, -1, 2960, -1, 2962, -1, -1, -1, -1, + 2967, 2968, -1, 2970, 2971, 2972, -1, -1, -1, 2976, + -1, -1, 2979, 145, -1, -1, -1, -1, -1, -1, + -1, 2988, -1, -1, 2991, -1, 2993, 2994, 2995, -1, + -1, 2998, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 174, -1, -1, -1, -1, -1, 6194, 6195, + -1, -1, -1, 3020, -1, 3022, -1, -1, 3025, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3035, 3036, + 3037, 3038, -1, 3040, -1, 207, -1, -1, 3045, -1, + -1, -1, -1, -1, 216, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5, -1, -1, -1, -1, -1, -1, -1, 241, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 6277, -1, 6279, 6280, -1, -1, -1, 3105, -1, + -1, 273, 274, 275, 48, 49, -1, -1, -1, 669, + -1, -1, 5519, -1, -1, -1, -1, -1, -1, -1, + -1, 293, 66, -1, 68, -1, 70, -1, 72, -1, + -1, 5538, -1, 6319, -1, -1, 80, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3158, -1, -1, 714, 5562, -1, 101, -1, 103, + 104, -1, -1, 5570, -1, -1, 110, -1, 6354, 5576, + 342, -1, 3179, -1, -1, -1, -1, -1, 350, -1, + 352, -1, -1, 127, -1, -1, -1, 131, -1, -1, + -1, -1, -1, -1, 6380, -1, -1, 141, -1, -1, + 372, -1, -1, -1, -1, -1, 150, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 161, 390, -1, + -1, -1, -1, -1, -1, 397, -1, 171, -1, -1, + 174, -1, -1, -1, 178, -1, 6422, -1, -1, -1, + 412, -1, 3249, -1, -1, -1, -1, 419, -1, -1, + -1, 423, -1, -1, -1, -1, -1, -1, 430, -1, + -1, 205, 434, -1, -1, 3272, -1, -1, -1, -1, + -1, -1, -1, 217, 218, -1, -1, -1, -1, -1, -1, -1, -1, -1, 228, 229, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 240, 241, 242, -1, - 244, -1, 705, -1, -1, 249, -1, -1, 2371, -1, - -1, 255, -1, -1, -1, 259, 260, 261, -1, -1, - -1, -1, -1, -1, -1, -1, 2389, -1, -1, -1, - 2393, 2394, -1, 2396, 2397, -1, -1, -1, -1, -1, - -1, -1, 2405, -1, 2407, -1, 4164, -1, -1, -1, - -1, 295, -1, 297, -1, 299, -1, -1, -1, -1, - -1, -1, 306, -1, -1, -1, -1, -1, -1, -1, - -1, 315, 316, -1, -1, 2438, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 332, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2464, -1, -1, -1, -1, -1, -1, -1, -1, - 354, 355, -1, 357, -1, -1, -1, -1, -1, -1, - 364, -1, -1, -1, -1, -1, 4244, -1, 372, -1, - -1, -1, -1, -1, -1, -1, -1, 2500, -1, -1, - -1, -1, -1, -1, 18, 19, 20, -1, 392, -1, - -1, -1, -1, -1, 2517, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4285, 4286, -1, - 4288, -1, 416, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 426, 4301, 4302, 4303, -1, -1, -1, -1, - -1, 2554, -1, -1, -1, -1, -1, -1, 2561, -1, - -1, 445, -1, 914, -1, 916, -1, 918, 919, -1, - 4328, 4329, -1, -1, 925, -1, 460, 928, -1, 5569, - -1, -1, -1, -1, -1, 99, -1, 471, -1, -1, - 474, -1, -1, 477, 4352, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4364, -1, 492, -1, - -1, -1, -1, -1, -1, 4373, -1, -1, -1, -1, + -1, 463, -1, -1, -1, -1, 240, 241, 242, -1, + 244, -1, -1, -1, -1, 249, -1, -1, -1, -1, + -1, 255, -1, -1, -1, 259, 260, 261, -1, 491, + -1, -1, -1, -1, -1, 5570, -1, -1, -1, 501, + -1, -1, -1, -1, 5741, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3357, 295, -1, 297, -1, 299, -1, -1, -1, -1, + -1, -1, 306, -1, -1, -1, -1, 539, -1, -1, + -1, 315, 316, -1, -1, -1, -1, -1, -1, -1, + 552, -1, 554, -1, -1, -1, -1, -1, 332, -1, + -1, -1, -1, -1, -1, -1, 5803, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 354, 355, -1, 357, -1, -1, -1, -1, 978, 591, + 364, -1, 982, -1, -1, 597, -1, -1, 372, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 1005, -1, -1, 392, 621, + -1, -1, -1, -1, -1, 1015, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3474, -1, -1, + 3477, -1, 416, -1, -1, 5882, -1, -1, -1, -1, + -1, -1, 426, 655, -1, -1, -1, -1, -1, -1, + 662, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 445, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 460, -1, -1, -1, + -1, 1081, 1082, 1083, 1084, 697, -1, 471, -1, -1, + 474, -1, -1, 477, 1094, -1, -1, -1, -1, -1, + 712, 713, -1, -1, -1, -1, -1, -1, 492, -1, + -1, -1, -1, 725, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5976, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 145, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 762, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6015, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 6027, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2664, -1, 4421, -1, -1, -1, 4425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4447, - -1, -1, -1, -1, -1, 2698, -1, -1, -1, -1, - -1, -1, 216, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 2717, -1, -1, -1, 2721, -1, -1, -1, 606, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 635, -1, -1, -1, 639, -1, -1, -1, 273, - 274, 275, -1, -1, -1, 649, -1, 11, -1, 13, - -1, -1, -1, 657, 18, 19, 20, -1, -1, 293, + -1, 635, -1, -1, -1, 639, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 649, -1, 6114, -1, -1, + -1, -1, -1, 657, -1, 1275, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 670, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 1151, -1, -1, -1, -1, -1, -1, -1, -1, 693, - -1, -1, 696, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 71, -1, 73, - -1, -1, -1, -1, -1, -1, 350, -1, 352, -1, + -1, -1, -1, -1, -1, 3752, 3753, -1, -1, 693, + 3757, -1, 696, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 6169, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 3779, -1, 3781, -1, 3783, -1, 3785, -1, -1, -1, -1, -1, -1, 729, -1, -1, -1, -1, - -1, -1, -1, -1, 738, 99, -1, -1, 372, -1, + -1, -1, 3799, -1, 738, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4629, 4630, -1, -1, -1, 390, -1, -1, -1, - -1, 765, -1, 397, 2887, -1, -1, -1, 2891, -1, - -1, 2894, -1, -1, -1, -1, -1, -1, 412, -1, - 2903, 145, -1, -1, 788, 419, -1, -1, -1, 2912, - -1, 2914, 2915, -1, 2917, 2918, 2919, 2920, -1, 2922, - 434, 2924, 2925, 167, 2927, -1, -1, 1278, -1, -1, - -1, -1, 2935, 2936, -1, -1, -1, 2940, 2941, 2942, - -1, -1, -1, -1, -1, -1, -1, 2950, 2951, 2952, - -1, 2954, -1, 2956, -1, 2958, -1, 2960, -1, 2962, - -1, -1, -1, -1, 2967, 2968, -1, 2970, 2971, 2972, - -1, -1, 216, 2976, -1, -1, 2979, 491, -1, -1, - -1, -1, -1, -1, -1, 2988, -1, 501, 2991, -1, - 2993, 2994, 2995, -1, -1, 2998, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 4766, -1, - -1, 4769, -1, -1, -1, -1, -1, 3020, -1, 3022, - -1, -1, 3025, -1, -1, 539, -1, -1, -1, 273, - 274, 275, 3035, 3036, 3037, 3038, -1, 3040, 552, -1, - -1, -1, 3045, -1, -1, -1, -1, -1, -1, 293, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4820, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 591, -1, -1, - -1, 4839, -1, 597, -1, 669, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3105, -1, -1, 1456, 350, 621, 352, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 370, -1, 372, -1, - 714, -1, -1, -1, -1, -1, -1, -1, -1, 4897, - -1, 655, -1, -1, -1, -1, 390, -1, 662, -1, - -1, -1, -1, 397, -1, 3158, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 412, -1, - -1, -1, -1, -1, -1, 419, 3179, -1, -1, -1, - -1, -1, -1, 697, -1, -1, -1, -1, -1, -1, - 434, -1, -1, -1, -1, -1, -1, -1, 712, 713, - 5, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 725, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4995, -1, 4997, - -1, -1, -1, 48, 49, -1, 3249, 491, 762, -1, - -1, -1, -1, -1, -1, -1, -1, 501, -1, -1, - -1, 66, -1, -1, -1, 70, -1, 72, -1, 3272, - -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 539, 101, -1, 103, 104, - -1, -1, -1, -1, -1, 110, -1, -1, 552, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 131, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 150, -1, 591, -1, -1, - -1, -1, -1, 597, 3357, -1, 161, -1, -1, -1, - -1, -1, -1, 5121, -1, -1, 171, -1, -1, 174, - -1, -1, -1, -1, -1, -1, -1, 621, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 978, -1, -1, -1, 982, -1, - 205, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 655, 217, 218, -1, -1, -1, -1, 662, -1, - -1, 1005, -1, 228, 229, -1, -1, -1, -1, -1, - -1, 1015, -1, -1, -1, 240, 241, -1, -1, 244, - -1, -1, -1, -1, 249, -1, -1, -1, -1, 5207, - 255, -1, -1, 697, 259, 260, 261, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 712, 713, - -1, 3474, 5230, -1, 3477, -1, -1, -1, -1, -1, - -1, 725, -1, -1, -1, -1, -1, -1, -1, -1, - 295, -1, 297, -1, 299, -1, -1, 1081, 1082, 1083, - 1084, 306, -1, -1, -1, -1, -1, -1, -1, -1, - 1094, 316, -1, -1, -1, -1, -1, -1, 762, -1, - -1, -1, -1, -1, -1, -1, -1, 332, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 354, - -1, -1, 357, -1, -1, -1, -1, -1, -1, 364, - -1, -1, -1, -1, -1, -1, -1, 372, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 392, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 416, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 426, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 445, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 460, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 471, -1, -1, 474, - -1, -1, 477, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 492, -1, -1, - -1, 1275, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3818, 3819, -1, -1, -1, 3823, -1, 3825, -1, + 3827, 765, -1, -1, -1, 3832, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 2088, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3752, - 3753, -1, -1, -1, 3757, -1, -1, -1, -1, -1, - 5518, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2126, 3779, -1, 3781, 5537, - 3783, -1, 3785, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 3799, -1, -1, -1, - -1, 606, -1, 5561, -1, -1, -1, -1, 2159, -1, - -1, 5569, -1, -1, -1, 3818, 3819, 5575, -1, -1, - 3823, 2172, 3825, -1, 3827, -1, -1, -1, -1, 3832, - 635, -1, -1, -1, 639, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 649, 2196, 2197, -1, -1, -1, - -1, -1, 657, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 670, -1, -1, -1, -1, - -1, 1455, -1, -1, 3877, -1, -1, -1, -1, -1, - -1, 3884, -1, -1, -1, -1, -1, -1, 693, -1, - -1, 696, -1, -1, -1, -1, -1, -1, -1, -1, + 3877, -1, -1, -1, -1, -1, -1, 3884, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3921, -1, - -1, -1, -1, -1, 729, -1, -1, -1, -1, -1, - -1, -1, -1, 738, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 1531, -1, 1533, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 765, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5740, 788, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 1579, 1580, -1, -1, -1, - -1, 1585, -1, -1, -1, 1589, 1590, 1591, -1, -1, - -1, -1, -1, 4016, -1, 1599, 1600, -1, -1, -1, - -1, 1605, 4025, -1, -1, 1609, 1610, 1611, -1, 1613, - 1614, 1615, -1, -1, -1, -1, 4039, -1, -1, 4042, - 1624, -1, 1626, -1, 5802, 1629, 1630, 1631, 1632, -1, - 1634, -1, 1636, 1637, -1, -1, -1, -1, -1, -1, - 669, -1, -1, -1, -1, -1, 1650, 1651, 1652, 1653, - 1654, -1, 1656, 1657, 1658, 1659, 1660, 1661, -1, 1663, - 1664, -1, 1666, 1667, -1, 1669, 1670, -1, -1, 1673, - 1674, -1, 1676, 1677, -1, -1, 1680, -1, 1682, -1, - -1, -1, 1686, 1687, 1688, -1, -1, 1691, 1692, 1693, - 1694, -1, 1696, -1, -1, -1, -1, 2468, -1, 1703, - -1, -1, -1, 5881, -1, 1709, 1710, 1711, 1712, -1, - -1, -1, -1, -1, -1, -1, 1720, 1721, -1, 1723, - 1724, -1, -1, 1727, 1728, 1729, 1730, 1731, 1732, 1733, - 1734, 1735, 1736, 1737, 1738, 1739, -1, -1, 1742, -1, - -1, 4164, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 6299, -1, -1, 1455, 6303, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3921, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 1777, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2566, -1, 5975, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4244, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2604, -1, -1, 6014, -1, -1, 18, - 19, 20, -1, -1, -1, -1, -1, -1, 6026, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4285, 4286, -1, 4288, -1, 46, -1, 48, - -1, -1, -1, -1, -1, -1, -1, -1, 4301, 4302, - 4303, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 1894, 70, 1896, -1, -1, -1, -1, -1, -1, 78, - -1, -1, -1, -1, -1, 4328, 4329, -1, -1, -1, + -1, 1531, -1, 1533, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, -1, 1927, -1, -1, -1, -1, -1, 4352, - -1, 110, -1, -1, -1, 6113, -1, -1, -1, -1, - -1, 4364, -1, -1, -1, -1, -1, -1, -1, -1, - 4373, -1, -1, 982, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 145, -1, -1, -1, - 2741, -1, -1, -1, -1, -1, 1005, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 1015, 2758, -1, -1, - 6168, -1, -1, -1, -1, 174, -1, -1, 4421, -1, - -1, -1, 4425, -1, -1, -1, -1, -1, -1, -1, - 2014, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 207, -1, - -1, -1, -1, -1, -1, -1, -1, 216, -1, -1, - -1, -1, -1, -1, -1, -1, 2817, -1, -1, -1, - -1, -1, -1, -1, -1, 1084, -1, -1, -1, -1, - 2831, -1, 241, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2082, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 273, 274, 275, -1, -1, -1, - 2871, 2872, -1, -1, -1, -1, -1, -1, -1, -1, - 2881, 2882, 2883, -1, 293, 2886, -1, -1, -1, -1, - 6298, -1, -1, -1, 6302, -1, -1, 2898, -1, -1, - -1, 2902, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4016, + -1, -1, -1, -1, -1, -1, -1, -1, 4025, 1579, + 1580, 6428, -1, -1, -1, 1585, -1, -1, -1, 1589, + 1590, 1591, 4039, -1, -1, 4042, -1, -1, -1, 1599, + 1600, -1, -1, -1, -1, 1605, -1, -1, -1, 1609, + 1610, 1611, -1, 1613, 1614, 1615, -1, -1, -1, -1, + -1, -1, -1, -1, 1624, -1, 1626, -1, -1, 1629, + 1630, 1631, 1632, -1, 1634, -1, 1636, 1637, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2162, -1, - -1, -1, -1, 342, -1, -1, -1, -1, -1, -1, - -1, 350, -1, 352, -1, -1, -1, -1, -1, -1, + 1650, 1651, 1652, 1653, 1654, -1, 1656, 1657, 1658, 1659, + 1660, 1661, -1, 1663, 1664, -1, 1666, 1667, -1, 1669, + 1670, -1, -1, 1673, 1674, -1, 1676, 1677, -1, -1, + 1680, -1, 1682, -1, -1, -1, 1686, 1687, 1688, -1, + -1, 1691, 1692, 1693, 1694, -1, 1696, 5, -1, -1, + -1, -1, -1, 1703, -1, -1, -1, -1, -1, 1709, + 1710, 1711, 1712, -1, -1, -1, -1, 4164, -1, -1, + 1720, 1721, -1, 1723, 1724, -1, -1, 1727, 1728, 1729, + 1730, 1731, 1732, 1733, 1734, 1735, 1736, 1737, 1738, 1739, + 48, 49, 1742, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 66, -1, + -1, -1, 70, -1, 72, -1, -1, -1, -1, -1, + -1, -1, 80, -1, -1, -1, -1, 1777, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 372, -1, -1, -1, -1, -1, -1, - -1, 2205, -1, -1, -1, -1, 4629, 4630, -1, 2213, - 2214, 390, -1, -1, -1, -1, -1, -1, 397, -1, + -1, -1, -1, 101, -1, 103, 104, 4244, -1, -1, + -1, -1, 110, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 412, -1, -1, -1, -1, -1, -1, - 419, -1, -1, -1, 423, -1, 1275, -1, -1, 6427, - -1, 430, -1, -1, -1, 434, -1, -1, -1, -1, - -1, -1, -1, 2267, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 131, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4285, 4286, + -1, 4288, 150, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 161, 4301, 4302, 4303, -1, -1, -1, + -1, -1, -1, 171, -1, -1, 174, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 463, -1, -1, -1, -1, -1, + -1, 4328, 4329, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 1894, -1, 1896, 205, -1, -1, + -1, -1, -1, -1, -1, 4352, -1, -1, -1, 217, + 218, -1, -1, -1, -1, -1, -1, 4364, -1, -1, + 228, 229, -1, -1, -1, -1, 4373, 1927, -1, -1, + -1, -1, 240, 241, -1, -1, 244, -1, -1, -1, + -1, 249, -1, -1, -1, -1, -1, 255, -1, -1, + -1, 259, 260, 261, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 2311, 2312, 2313, - -1, -1, 491, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 501, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4421, -1, -1, -1, 4425, -1, + -1, -1, -1, -1, -1, -1, -1, 295, -1, 297, + -1, 299, -1, -1, -1, -1, -1, -1, 306, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 316, -1, + -1, -1, -1, -1, 2014, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 332, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4766, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 354, -1, -1, 357, + -1, -1, -1, -1, -1, -1, 364, -1, -1, -1, + -1, 19, 20, -1, 372, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 539, -1, -1, -1, -1, -1, -1, 2371, -1, -1, - -1, -1, -1, 552, -1, 554, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2389, -1, -1, 3159, 2393, - 2394, -1, 2396, 2397, 3165, -1, -1, 4820, -1, -1, - -1, 2405, -1, 2407, -1, -1, -1, -1, -1, -1, - -1, -1, 591, -1, -1, -1, -1, -1, 597, -1, - -1, -1, -1, -1, -1, -1, 1455, -1, -1, -1, - -1, -1, -1, -1, 2438, -1, -1, -1, -1, -1, - -1, -1, 621, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2082, -1, 392, -1, -1, -1, -1, 47, + -1, 49, -1, -1, -1, -1, -1, -1, -1, 57, + -1, -1, -1, -1, -1, -1, -1, -1, 416, -1, + -1, -1, -1, 71, -1, -1, -1, -1, 426, -1, + -1, 79, 80, -1, -1, -1, -1, -1, -1, -1, + -1, 89, -1, -1, -1, -1, -1, 445, -1, -1, + -1, -1, -1, -1, -1, 103, 104, -1, -1, -1, + -1, -1, 460, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2162, 471, -1, -1, 474, -1, -1, 477, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 2464, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4897, -1, 655, -1, -1, -1, - -1, -1, -1, 662, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2500, -1, -1, -1, - -1, -1, 1531, -1, 1533, -1, -1, -1, -1, -1, - -1, -1, -1, 2517, -1, -1, -1, -1, 697, -1, + -1, -1, 4629, 4630, 492, -1, -1, 145, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 712, 713, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 725, -1, -1, -1, - 2554, -1, -1, -1, -1, -1, 1585, 2561, -1, -1, - 1589, -1, 1591, -1, -1, -1, -1, -1, -1, -1, - 1599, 1600, 4995, -1, 4997, -1, 1605, -1, -1, -1, - 1609, 1610, 1611, 762, 1613, 1614, 1615, -1, -1, -1, - -1, -1, -1, -1, -1, 1624, -1, 1626, -1, -1, - 1629, 1630, 1631, 1632, -1, -1, -1, 1636, 1637, -1, + -1, 159, -1, -1, -1, 2205, -1, -1, -1, -1, + -1, -1, -1, 2213, 2214, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 669, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 1650, 1651, 1652, 1653, 1654, -1, 1656, 1657, 1658, - 1659, 1660, -1, -1, 1663, 1664, -1, 1666, 1667, -1, - 1669, 1670, -1, -1, -1, 1674, -1, 1676, 1677, -1, - -1, 1680, -1, 1682, -1, -1, -1, 1686, 1687, 1688, - 2664, -1, 1691, -1, 1693, 1694, -1, 1696, 3439, -1, - -1, -1, -1, -1, 1703, -1, -1, -1, -1, -1, - 1709, 1710, 1711, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 2698, -1, -1, -1, 5121, -1, - 3471, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2717, -1, -1, -1, 2721, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 215, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 2267, -1, 227, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 1777, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 606, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2311, 2312, 2313, -1, -1, -1, -1, -1, -1, + 4767, -1, -1, -1, 282, -1, -1, 635, -1, -1, + -1, 639, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 649, -1, -1, -1, -1, -1, -1, -1, 657, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 5207, -1, -1, -1, -1, -1, + -1, -1, 670, -1, -1, -1, -1, -1, -1, 327, + -1, 2371, -1, -1, 4821, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 693, -1, -1, 696, 2389, + 348, -1, -1, 2393, 2394, -1, 2396, 2397, -1, 357, + -1, -1, -1, -1, -1, 2405, -1, 2407, -1, -1, + -1, -1, 370, -1, -1, -1, -1, -1, -1, -1, + -1, 729, -1, 381, -1, -1, -1, -1, -1, -1, + 738, -1, -1, -1, -1, -1, -1, -1, 2438, -1, + -1, -1, -1, -1, -1, -1, 404, -1, -1, -1, + -1, 4898, -1, -1, -1, -1, -1, 765, -1, -1, + -1, -1, -1, -1, 2464, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 433, 434, -1, -1, 437, + 788, 439, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5230, -1, -1, + 2500, -1, -1, -1, -1, -1, -1, -1, 466, 467, + -1, -1, -1, -1, 472, 473, -1, 2517, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 489, -1, -1, -1, -1, -1, -1, -1, 982, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4996, + -1, 4998, 510, -1, 2554, -1, -1, -1, -1, -1, + -1, 2561, 1005, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 1015, -1, 532, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 1894, -1, 1896, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 586, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2887, -1, -1, -1, 2891, -1, -1, - 2894, -1, -1, -1, -1, -1, -1, -1, 1927, 2903, - -1, -1, -1, -1, -1, -1, -1, -1, 2912, -1, - 2914, 2915, -1, 2917, 2918, 2919, 2920, -1, 2922, -1, - 2924, 2925, -1, 2927, -1, -1, -1, -1, -1, -1, - -1, 2935, 2936, -1, -1, -1, 2940, 2941, 2942, -1, - -1, -1, -1, -1, -1, -1, 2950, 2951, 2952, -1, - 2954, -1, 2956, -1, 2958, -1, 2960, -1, 2962, -1, - -1, -1, -1, 2967, 2968, -1, 2970, 2971, 2972, -1, - -1, -1, 2976, -1, -1, 2979, -1, -1, -1, -1, - -1, -1, -1, -1, 2988, 2014, -1, 2991, -1, 2993, - 2994, 2995, -1, -1, 2998, -1, -1, -1, 56, 57, - -1, -1, -1, 61, 62, -1, -1, -1, -1, -1, - -1, -1, -1, 71, -1, -1, 3020, -1, 3022, -1, - -1, 3025, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 3035, 3036, 3037, 3038, -1, 3040, -1, 96, -1, - -1, 3045, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 109, -1, 2082, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 125, -1, 127, + -1, 1084, -1, 601, -1, -1, -1, -1, -1, -1, + -1, -1, 610, -1, -1, 613, 614, -1, -1, -1, + -1, -1, -1, -1, 2664, -1, -1, -1, -1, -1, + 628, -1, -1, -1, -1, 5122, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2698, -1, + -1, -1, -1, -1, -1, -1, -1, 665, -1, -1, + -1, -1, -1, -1, -1, -1, 674, 2717, -1, -1, + -1, 2721, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 695, -1, 697, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 5518, -1, 155, -1, -1, - -1, 3105, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 5537, -1, -1, 175, 176, 177, - -1, -1, -1, -1, -1, -1, -1, 185, 186, 187, - -1, -1, -1, 2162, -1, -1, -1, -1, 5561, -1, - -1, -1, -1, -1, -1, 203, -1, -1, -1, -1, - -1, -1, 5575, -1, 3158, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3179, 2205, 235, -1, -1, - -1, -1, -1, -1, 2213, 2214, -1, -1, -1, -1, + -1, 5208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 262, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3986, 3987, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 285, 286, 287, - -1, -1, -1, -1, -1, -1, -1, -1, 2267, -1, - -1, -1, -1, -1, -1, 3249, -1, -1, -1, 307, - 308, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3272, -1, + -1, -1, -1, -1, 5231, -1, -1, -1, -1, -1, + 748, -1, -1, -1, -1, -1, -1, 755, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2311, 2312, 2313, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 358, -1, 360, 361, -1, -1, -1, -1, -1, -1, - 4081, -1, -1, -1, -1, -1, -1, 5740, -1, 377, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4103, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4117, -1, -1, -1, - -1, -1, -1, 3357, -1, 413, 414, -1, -1, -1, - 2389, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2405, -1, 2407, 5802, + -1, -1, 1275, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 459, -1, 4174, -1, -1, -1, -1, -1, 2438, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2464, -1, -1, -1, -1, - -1, -1, 500, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5881, -1, + -1, -1, -1, -1, -1, -1, -1, 2887, -1, -1, + -1, 2891, -1, -1, 2894, -1, -1, -1, -1, -1, + -1, -1, -1, 2903, -1, -1, -1, -1, -1, -1, + -1, -1, 2912, -1, 2914, 2915, -1, 2917, 2918, 2919, + 2920, -1, 2922, -1, 2924, 2925, -1, 2927, -1, -1, + -1, -1, -1, -1, -1, 2935, 2936, -1, -1, -1, + 2940, 2941, 2942, -1, -1, -1, -1, -1, -1, -1, + 2950, 2951, 2952, -1, 2954, -1, 2956, -1, 2958, -1, + 2960, -1, 2962, -1, -1, -1, -1, 2967, 2968, -1, + 2970, 2971, 2972, -1, -1, -1, 2976, -1, -1, 2979, + -1, -1, -1, -1, -1, -1, -1, -1, 2988, -1, + -1, 2991, -1, 2993, 2994, 2995, -1, -1, 2998, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 3474, 2500, -1, 3477, -1, -1, 4247, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2517, -1, + -1, -1, 1455, -1, -1, -1, -1, -1, -1, -1, + 3020, -1, 3022, -1, -1, 3025, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3035, 3036, 3037, 3038, -1, + 3040, -1, -1, -1, -1, 3045, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 562, 563, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 578, 579, -1, -1, -1, 2554, -1, -1, -1, -1, - -1, -1, 2561, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4313, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5975, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 620, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5519, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 1531, -1, + 1533, 5538, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3105, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5562, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5576, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 1585, -1, -1, -1, 1589, -1, 1591, -1, + -1, -1, -1, -1, -1, -1, 1599, 1600, 3158, -1, + -1, -1, 1605, -1, -1, -1, 1609, 1610, 1611, -1, + 1613, 1614, 1615, -1, -1, -1, -1, -1, -1, 3179, + -1, 1624, -1, 1626, -1, -1, 1629, 1630, 1631, 1632, + -1, -1, -1, 1636, 1637, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 1650, 1651, 1652, + 1653, 1654, -1, 1656, 1657, 1658, 1659, 1660, -1, -1, + 1663, 1664, -1, 1666, 1667, -1, 1669, 1670, -1, -1, + -1, 1674, -1, 1676, 1677, -1, -1, 1680, -1, 1682, + -1, -1, -1, 1686, 1687, 1688, -1, -1, 1691, 3249, + 1693, 1694, -1, 1696, -1, -1, -1, -1, -1, -1, + 1703, -1, -1, -1, -1, -1, 1709, 1710, 1711, -1, + -1, -1, 3272, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6014, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 6026, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5741, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2664, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 717, - -1, -1, 720, -1, -1, 723, -1, -1, -1, 2698, + -1, -1, -1, -1, 1777, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2717, 747, - 6113, -1, 2721, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 767, + -1, -1, -1, -1, -1, -1, 5803, 3357, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4500, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 6168, -1, -1, 3752, 3753, - -1, -1, -1, 3757, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3779, -1, 3781, -1, 3783, - -1, 3785, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3799, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3818, 3819, -1, -1, -1, 3823, - -1, 3825, -1, 3827, -1, -1, -1, -1, 3832, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4616, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2887, -1, - -1, -1, 2891, -1, -1, 2894, -1, -1, -1, -1, - -1, -1, -1, 3877, -1, 6298, -1, -1, -1, 6302, - 3884, -1, -1, 2912, -1, -1, -1, -1, 2917, 2918, - 2919, 2920, -1, 2922, -1, 2924, 2925, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2935, 2936, -1, -1, - -1, 2940, 2941, 2942, -1, -1, -1, 3921, -1, -1, - -1, 2950, 2951, 2952, -1, 2954, -1, 2956, -1, 2958, - -1, 2960, -1, 2962, -1, -1, -1, -1, 2967, 2968, - -1, 2970, -1, 2972, -1, -1, -1, 2976, -1, -1, - 2979, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4732, 2991, -1, 2993, 2994, 2995, -1, -1, 2998, - -1, -1, -1, -1, -1, -1, -1, -1, 4749, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 3025, -1, -1, -1, - -1, -1, -1, -1, 6427, -1, -1, 3036, 3037, -1, - -1, 3040, 4016, -1, -1, -1, -1, -1, -1, -1, - -1, 4025, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4039, -1, -1, 4042, 5, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5882, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 1894, -1, 1896, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 3105, -1, -1, -1, - -1, -1, 48, 49, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3474, -1, -1, 3477, -1, -1, + -1, -1, -1, -1, 1927, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 66, -1, 68, -1, 70, -1, 72, -1, -1, -1, - -1, -1, -1, -1, 80, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3158, - -1, -1, -1, -1, -1, 101, -1, 103, 104, -1, - -1, -1, -1, -1, 110, -1, -1, -1, -1, -1, - 3179, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 4164, 127, -1, -1, -1, 131, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 141, -1, -1, -1, -1, - -1, -1, -1, -1, 150, -1, 4957, -1, -1, 4960, - -1, -1, -1, -1, -1, 161, -1, -1, -1, -1, - -1, -1, 4973, -1, -1, 171, -1, -1, 174, -1, - -1, -1, 178, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 205, - 4244, -1, -1, 3272, -1, -1, -1, -1, -1, -1, - -1, 217, 218, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 228, 229, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 240, 241, 242, -1, 244, -1, - -1, 4285, 4286, 249, 4288, -1, -1, -1, -1, 255, - -1, -1, -1, 259, 260, 261, -1, 4301, 4302, 4303, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 5090, - -1, -1, -1, -1, 4328, 4329, -1, -1, 3357, 295, - -1, 297, -1, 299, -1, -1, -1, -1, -1, -1, - 306, -1, -1, -1, -1, -1, -1, -1, 4352, 315, - 316, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 4364, -1, -1, -1, -1, -1, 332, -1, -1, 4373, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5976, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 354, 355, - 5161, 357, -1, -1, 5165, -1, -1, -1, 364, -1, - -1, -1, -1, -1, -1, -1, 372, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4421, -1, -1, - -1, 4425, -1, -1, -1, -1, 392, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3474, -1, -1, 3477, -1, - 416, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 426, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 445, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 460, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 471, -1, -1, 474, -1, - -1, 477, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 492, 5298, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6015, -1, + -1, 2014, -1, -1, -1, -1, -1, -1, -1, -1, + 6027, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2082, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5358, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 5370, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 5386, -1, -1, -1, -1, - -1, -1, -1, -1, 5395, 4629, 4630, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 6114, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 606, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 635, - -1, -1, -1, 639, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 649, -1, -1, -1, -1, -1, -1, - -1, 657, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 670, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3752, 3753, -1, -1, 693, 3757, -1, - 696, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 3779, -1, 3781, -1, 3783, 5526, 3785, -1, -1, -1, - -1, -1, 4766, 729, -1, -1, -1, -1, -1, -1, - 3799, -1, 738, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3818, - 3819, -1, -1, -1, -1, -1, -1, -1, -1, 765, - -1, -1, -1, 3832, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4820, -1, -1, -1, - -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2162, + -1, -1, 6169, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3877, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 3752, 3753, -1, -1, -1, 3757, -1, -1, + -1, -1, 2205, -1, -1, -1, -1, -1, -1, -1, + 2213, 2214, -1, -1, -1, -1, -1, -1, -1, 3779, + -1, 3781, -1, 3783, -1, 3785, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3799, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3818, 3819, + -1, -1, -1, 3823, 2267, 3825, -1, 3827, -1, -1, + -1, -1, 3832, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 6299, -1, -1, -1, 6303, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2311, 2312, + 2313, -1, -1, -1, -1, -1, -1, 3877, -1, -1, + -1, -1, -1, -1, 3884, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3921, 4897, -1, -1, -1, -1, -1, -1, - -1, -1, 5673, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3921, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 2389, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5727, -1, -1, -1, + -1, -1, 2405, -1, 2407, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 6428, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2438, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4016, -1, -1, - -1, 4995, -1, 4997, -1, -1, 4025, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4016, -1, -1, -1, + -1, 2464, -1, -1, -1, 4025, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4039, + -1, -1, 4042, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 2500, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 4039, -1, -1, 4042, 5785, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5797, -1, -1, -1, + -1, -1, -1, -1, 2517, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5812, 5813, -1, -1, 5816, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2554, -1, -1, -1, -1, -1, -1, 2561, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5121, -1, -1, + -1, -1, -1, -1, 4164, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4164, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5929, -1, - -1, -1, -1, -1, -1, -1, 5937, -1, -1, -1, - -1, -1, 5943, 5944, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 5966, -1, -1, -1, -1, - -1, -1, -1, 5207, -1, -1, -1, -1, -1, -1, - -1, -1, 5983, -1, -1, 4244, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5230, 5998, 5999, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4285, 4286, -1, -1, + -1, 2664, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4301, 4302, 4303, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4244, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2698, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 6068, -1, 4328, - 4329, -1, -1, -1, -1, -1, -1, -1, -1, 6080, - -1, -1, -1, 6084, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 2717, -1, -1, -1, 2721, -1, + -1, -1, -1, -1, -1, 4285, 4286, -1, 4288, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4301, 4302, 4303, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4373, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4328, 4329, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 4352, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4364, -1, -1, -1, -1, -1, + -1, -1, -1, 4373, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4421, -1, -1, -1, 4425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6193, 6194, -1, -1, -1, -1, -1, -1, + -1, 4421, -1, -1, -1, 4425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 2887, -1, -1, -1, 2891, -1, + -1, 2894, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2912, + -1, -1, -1, -1, 2917, 2918, 2919, 2920, -1, 2922, + -1, 2924, 2925, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2935, 2936, -1, -1, -1, 2940, 2941, 2942, + -1, -1, -1, -1, -1, -1, -1, 2950, 2951, 2952, + -1, 2954, -1, 2956, -1, 2958, -1, 2960, -1, 2962, + -1, -1, -1, -1, 2967, 2968, -1, 2970, -1, 2972, + -1, -1, -1, 2976, -1, -1, 2979, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2991, -1, + 2993, 2994, 2995, -1, -1, 2998, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 3025, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3036, 3037, -1, -1, 3040, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4629, + 4630, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 6276, -1, 6278, 6279, -1, - -1, -1, -1, -1, 5518, -1, -1, -1, -1, -1, + -1, -1, 3105, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 5537, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 6318, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5561, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5575, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6353, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 4629, 4630, -1, -1, -1, -1, -1, -1, 6379, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3158, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 3179, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6421, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4821, -1, -1, -1, -1, -1, -1, -1, 3272, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5740, 4766, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4898, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4820, -1, -1, -1, -1, -1, -1, 5802, -1, + -1, -1, -1, -1, 3357, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 4897, -1, - -1, -1, -1, -1, -1, -1, -1, 5881, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4996, -1, 4998, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3474, -1, -1, 3477, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4995, -1, 4997, -1, - -1, 5975, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6014, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6026, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5122, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 6113, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5231, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 6168, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5207, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5230, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3752, + 3753, -1, -1, -1, 3757, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 3779, -1, 3781, -1, + 3783, -1, 3785, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 3799, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3818, 3819, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3832, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 6298, -1, -1, -1, 6302, -1, + -1, -1, -1, -1, 3877, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3921, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5519, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5538, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5562, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4016, -1, -1, 5576, -1, -1, -1, + -1, -1, 4025, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4039, -1, -1, 4042, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 6427, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 5518, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5537, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5575, -1, -1, -1, + -1, 4164, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5741, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4244, -1, 5803, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 4285, 4286, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4301, 4302, + 4303, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5882, -1, -1, 4328, 4329, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4373, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 5976, -1, 4421, -1, + -1, -1, 4425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 6015, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 6027, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 5802, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 6114, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5881, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6169, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4629, 4630, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -18517,2481 +18568,2385 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3, -1, -1, -1, -1, 8, 9, - -1, -1, -1, -1, -1, -1, -1, 6026, -1, 19, - 20, -1, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, 6113, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, 255, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, 6298, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, 306, -1, -1, 309, - 310, -1, -1, -1, -1, -1, 316, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 6427, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, 64, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, 163, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, 289, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, 47, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, 204, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, 313, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, 143, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, 128, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, 128, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, 128, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, 143, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, -1, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, 197, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, 197, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, 183, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, -1, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, -1, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, -1, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, -1, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, -1, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 57, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, -1, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, 782, 8, 9, - -1, -1, -1, 788, -1, -1, -1, 792, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, 58, 59, - 60, -1, -1, -1, -1, -1, -1, -1, 68, 69, - -1, 71, -1, -1, -1, -1, -1, -1, 78, 79, - -1, -1, 82, 83, 84, 85, -1, 87, 88, -1, - 90, 91, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, 102, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - 120, 121, 122, -1, 124, -1, -1, -1, -1, -1, - -1, -1, 132, 133, 134, 135, -1, -1, -1, -1, - -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, - 150, -1, -1, 153, -1, -1, -1, -1, -1, -1, - -1, -1, 162, -1, 164, -1, 166, -1, -1, -1, - -1, -1, 172, -1, -1, -1, -1, -1, -1, -1, - 180, 181, 182, -1, 184, -1, -1, -1, 188, 189, - -1, -1, -1, 193, -1, -1, 196, -1, -1, 199, - 200, 201, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - 220, 221, 222, -1, 224, -1, -1, -1, -1, -1, - -1, 231, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 242, -1, -1, -1, -1, -1, -1, -1, - 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 269, - -1, -1, -1, -1, -1, -1, 276, 277, -1, 279, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 301, 302, 303, -1, -1, -1, -1, -1, 309, - 310, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, -1, -1, 776, 777, 3, -1, - -1, -1, 782, 8, 9, -1, -1, -1, 788, -1, - -1, -1, 792, 793, 19, 20, 796, 22, 23, 24, - 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 58, 59, 60, -1, -1, -1, -1, - -1, -1, -1, 68, 69, -1, 71, -1, -1, -1, - -1, -1, -1, 78, 79, -1, -1, 82, 83, 84, - 85, -1, 87, 88, -1, 90, 91, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, 102, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, 120, 121, 122, -1, 124, - -1, -1, -1, -1, -1, -1, -1, 132, 133, 134, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, 150, -1, -1, 153, -1, - -1, -1, -1, -1, -1, -1, -1, 162, -1, 164, - -1, 166, -1, -1, -1, -1, -1, 172, -1, -1, - -1, -1, -1, -1, -1, 180, 181, 182, -1, 184, - -1, -1, -1, 188, 189, -1, -1, -1, 193, -1, - -1, 196, -1, -1, 199, 200, 201, 202, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, 220, 221, 222, -1, 224, - -1, -1, -1, -1, -1, -1, 231, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 269, -1, -1, -1, -1, -1, - -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 301, 302, 303, -1, - -1, -1, -1, -1, 309, 310, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, 776, 777, 3, -1, -1, -1, -1, 8, -1, - -1, -1, -1, 788, -1, -1, -1, -1, 793, 19, - 20, 796, 22, 23, 24, 25, 26, 27, 28, 29, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6299, + -1, -1, -1, 6303, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4767, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4821, -1, + -1, -1, -1, -1, -1, 68, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - -1, -1, 122, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6428, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 127, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, 4898, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, 202, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, 178, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4996, -1, 4998, -1, -1, -1, 242, + -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 315, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, -1, 327, 328, 329, 330, 331, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, -1, 346, 347, 348, 349, 350, 351, 352, + 353, -1, 355, -1, -1, 358, 359, 360, 361, 362, + -1, -1, 365, 366, 367, 368, 369, -1, -1, -1, + 373, 374, 375, 376, 377, -1, 379, 380, 381, 382, + -1, -1, -1, -1, -1, -1, 389, -1, 391, -1, + 393, 394, -1, 396, 397, 398, 399, 400, 401, -1, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, -1, 417, -1, 419, 420, 421, 422, + 423, 424, 425, -1, 427, 428, 429, 430, -1, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + -1, -1, -1, 446, -1, 5208, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, -1, -1, -1, + -1, -1, 465, 466, 467, 468, 469, 470, 5231, 472, + 473, -1, 475, 476, -1, -1, 479, -1, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, -1, + 493, 494, 495, 496, 497, 498, 499, 500, 501, -1, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, -1, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, -1, -1, -1, 589, -1, 591, 592, + -1, 594, 595, 596, 597, -1, 599, 600, 601, 602, + -1, -1, -1, -1, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + -1, 634, -1, 636, 637, 638, -1, 640, 641, -1, + 643, 644, 645, 646, 647, 648, -1, 650, 651, 652, + 653, 654, 655, 656, -1, 658, 659, 660, -1, 662, + 663, 664, 665, 666, -1, 668, 669, -1, -1, 672, + 673, -1, -1, 676, 677, 678, -1, 680, -1, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + -1, 694, 695, -1, 697, -1, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, -1, 720, 721, 722, + 723, 724, 725, 726, 727, 728, -1, 730, 731, -1, + 733, 734, 735, 736, -1, -1, 739, 740, -1, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, -1, 5519, 760, 761, -1, + -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5538, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, 3, 764, 765, 766, 767, 8, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5576, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, 3, 764, 765, 766, 767, 8, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, 789, - -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, + 5803, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5882, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, 8, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3, -1, -1, -1, -1, 8, 9, -1, -1, -1, + -1, -1, -1, -1, 6027, -1, 19, 20, -1, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, 6114, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, + -1, -1, 255, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, 6299, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, 306, -1, -1, 309, 310, -1, -1, + -1, -1, -1, 316, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 6428, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, 64, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, 163, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, 289, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, + -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, 204, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, 313, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + 143, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + 128, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, 128, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + 128, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + 143, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, 47, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, -1, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, 197, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, 8, 764, - 765, 766, 767, -1, -1, -1, -1, -1, -1, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, - -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + 183, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, -1, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, -1, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, + -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, -1, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, + 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, + -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, + -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, + -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, + 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, + -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, + 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, + -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, + 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, + -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, + -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, + -1, 184, -1, -1, -1, 188, 189, -1, -1, -1, + 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, + -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, + -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, + -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, + 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, + 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, + 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, + 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, + 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, + 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, + -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, + -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, + -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, + -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, + 188, 189, -1, -1, -1, 193, -1, -1, 196, -1, + -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, + -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, + -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, + -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, + -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, + 3, -1, -1, -1, -1, 8, -1, -1, -1, -1, + 788, -1, -1, -1, -1, 793, 19, 20, 796, 22, + 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, 122, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, 8, 764, 765, 766, 767, -1, -1, - -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, 202, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + 3, 764, 765, 766, 767, 8, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 75, + -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 129, -1, -1, -1, -1, -1, 135, - -1, -1, -1, -1, -1, -1, -1, -1, 144, 145, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + 3, 764, 765, 766, 767, 8, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, + -1, -1, -1, -1, -1, -1, 789, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, - -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, - 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 263, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 312, -1, -1, -1, - -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, - -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, - 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, - 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, - 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, - 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, - 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, - 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, - 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, - 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, - 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, - 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, - 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, - 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, - 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, - 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, - 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, - -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, - 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, - 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, - 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, - 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, - 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, - 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, - 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, - 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, - 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, - 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, - 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, - 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, - 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, - 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, - 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, - 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, - 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, - 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, - 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, - 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, - 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, + -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + 8, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, + -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, + -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, 8, 764, 765, 766, 767, + -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, - -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 255, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 306, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 316, - -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, - 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, - 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, - 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, - 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, - -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, - 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, - 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, - 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, - 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, - 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, - 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, - 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, - 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, - 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, - 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, - 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, - 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, - 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, - 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, - 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, - 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, - 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, - 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, - 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, - 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, - 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, - 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, - 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 788, -1, -1, -1, -1, -1, -1, -1, 796, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + 8, 764, 765, 766, 767, -1, -1, -1, -1, -1, + -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 111, -1, -1, -1, -1, 116, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, @@ -21059,19 +21014,19 @@ 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 788, -1, -1, -1, -1, 793, -1, -1, 796, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 75, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 129, -1, -1, -1, -1, -1, 135, -1, -1, -1, + -1, -1, -1, -1, -1, 144, 145, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, @@ -21081,12 +21036,12 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 263, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 312, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, @@ -21133,8 +21088,8 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 788, - -1, -1, -1, -1, 793, -1, -1, 796, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21155,13 +21110,13 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 255, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 306, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 316, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, @@ -21216,7 +21171,7 @@ -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, + 111, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, @@ -21282,9 +21237,9 @@ 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, - -1, -1, -1, -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, + -1, -1, 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21359,7 +21314,7 @@ 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, - -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, + -1, 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21368,7 +21323,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, 141, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21433,7 +21388,7 @@ 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21507,7 +21462,7 @@ 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21583,7 +21538,7 @@ 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21593,7 +21548,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, - -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21661,83 +21616,83 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 68, -1, -1, -1, -1, -1, -1, -1, -1, - 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, - -1, -1, -1, -1, -1, -1, 123, -1, -1, -1, - 127, -1, -1, 130, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 157, -1, -1, -1, -1, -1, -1, -1, 165, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, + -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 178, -1, 180, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 242, -1, -1, -1, -1, - 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 315, -1, - -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, - 347, 348, 349, 350, 351, 352, 353, -1, 355, -1, - -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, - 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, -1, -1, -1, -1, - -1, -1, 389, -1, 391, -1, 393, 394, -1, 396, - 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, - 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, - 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, - 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, - -1, 448, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, - 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, - -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, - 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, + 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, + 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, + 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, + -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, + 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, + 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, - -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, - 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, + 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, + 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, - 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, - 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, - -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, - -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, - 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, - 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, - 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, + 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, + 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, + 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, + 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, + 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, + 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, + 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, + 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, - 727, 728, -1, 730, 731, -1, 733, 734, 735, 736, - -1, -1, 739, 740, -1, 742, 743, 744, 745, 746, + 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, + 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, + 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, - 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 791, -1, -1, -1, -1, -1, + 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, + 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, @@ -21797,7 +21752,7 @@ 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, -1, 683, -1, -1, 686, 687, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, @@ -21808,7 +21763,7 @@ 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21880,995 +21835,995 @@ 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, 788, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, + 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 68, -1, + -1, -1, -1, -1, -1, -1, -1, 77, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, 123, -1, -1, -1, 127, -1, -1, + 130, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 157, -1, -1, + -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 178, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, + 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, 315, -1, -1, -1, -1, + 320, 321, 322, 323, 324, 325, -1, 327, 328, 329, + 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, -1, 346, 347, 348, 349, + 350, 351, 352, 353, -1, 355, -1, -1, 358, 359, + 360, 361, 362, -1, -1, 365, 366, 367, 368, 369, + -1, -1, -1, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, -1, -1, -1, -1, -1, -1, 389, + -1, 391, -1, 393, 394, -1, 396, 397, 398, 399, + 400, 401, -1, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, -1, 417, -1, 419, + 420, 421, 422, 423, 424, 425, -1, 427, 428, 429, + 430, -1, 432, 433, 434, 435, 436, 437, 438, 439, + 440, 441, 442, -1, -1, -1, 446, -1, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + -1, -1, -1, -1, -1, 465, 466, 467, 468, 469, + 470, -1, 472, 473, -1, 475, 476, -1, -1, 479, + -1, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, -1, 493, 494, 495, 496, 497, 498, 499, + 500, 501, -1, 503, 504, 505, 506, 507, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, + 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, + 570, 571, -1, 573, 574, 575, 576, 577, 578, 579, + 580, -1, 582, 583, 584, 585, 586, -1, -1, 589, + -1, 591, 592, -1, 594, 595, 596, 597, -1, 599, + 600, 601, 602, -1, -1, -1, -1, 607, 608, 609, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 632, -1, 634, -1, 636, 637, 638, -1, + 640, 641, -1, 643, 644, 645, 646, 647, 648, -1, + 650, 651, 652, 653, 654, 655, 656, -1, 658, 659, + 660, -1, 662, 663, 664, 665, 666, -1, 668, 669, + -1, -1, 672, 673, -1, -1, 676, 677, 678, -1, + 680, -1, 682, 683, -1, -1, 686, 687, -1, 689, + 690, 691, 692, -1, 694, 695, -1, 697, -1, 699, + 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, + 710, 711, 712, 713, 714, 715, 716, 717, 718, -1, + 720, 721, 722, 723, 724, 725, 726, 727, 728, -1, + 730, 731, -1, 733, 734, 735, 736, -1, -1, 739, + 740, -1, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, -1, -1, + 760, 761, -1, -1, 764, -1, 766, 767, 19, 20, + 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 791, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, + -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, + -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, + -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, -1, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 74, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 8, - 9, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, 28, - -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 8, - 9, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, 28, - -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 74, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 8, - 9, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, 28, - -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 8, - 9, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, -1, -1, -1, 28, - -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, + 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, + 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, - -1, -1, -1, -1, -1, -1, -1, -1, 778, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, + 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, - -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, - -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, - -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, + 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, - 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, - 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, - 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, - 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, - 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, - 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, - 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, - 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, - 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, - 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, - -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, - 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, - 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, - 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, - 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, - 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, - 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, - 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, - 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, - 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, - 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, - 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, - 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, - 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, - 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, - 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, - 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, - 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, - -1, -1, -1, -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, + 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22942,7 +22897,7 @@ 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, - -1, -1, -1, -1, -1, -1, 778, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22972,8 +22927,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, @@ -23167,8 +23122,8 @@ 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, - 26, -1, -1, 778, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23184,14 +23139,14 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, - 196, 197, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 208, -1, 210, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 266, -1, 268, -1, 270, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23241,15 +23196,15 @@ 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, - 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, - -1, 777, -1, -1, 31, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 42, -1, -1, -1, -1, + 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, + -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, @@ -23316,9 +23271,9 @@ 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, - 767, 19, 20, 21, 771, -1, -1, -1, -1, -1, - -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 42, -1, -1, -1, -1, -1, + 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23391,38 +23346,38 @@ 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - 19, 20, -1, 771, -1, -1, -1, -1, -1, -1, + 19, 20, -1, -1, -1, -1, -1, 26, -1, -1, + 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 45, 46, 47, 48, - 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, - 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, -1, 75, 76, 77, 78, - 79, 80, 81, 82, 83, 84, 85, -1, 87, 88, - 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, - 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, - 119, 120, 121, 122, 123, 124, 125, 126, -1, 128, - 129, 130, 131, 132, -1, -1, 135, 136, 137, 138, - 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, - 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, - 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, - 169, 170, 171, -1, 173, 174, 175, 176, 177, 178, - 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, - 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, - 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, - 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, - 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, - 289, 290, 291, 292, 293, 294, 295, -1, 297, 298, - 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, - 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, - 319, 320, 321, 322, -1, 324, 325, 326, 327, 328, - 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, + -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, + 189, -1, -1, -1, -1, -1, -1, 196, 197, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + -1, 210, -1, -1, -1, -1, -1, -1, -1, -1, + 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 266, -1, 268, + -1, 270, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, @@ -23447,7 +23402,7 @@ 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, + 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, @@ -23466,42 +23421,42 @@ 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 20, 21, -1, -1, -1, -1, -1, -1, 777, -1, + -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 42, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 45, 46, 47, 48, 49, - 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, - 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, - 70, 71, 72, 73, -1, 75, 76, 77, 78, 79, - 80, 81, 82, 83, 84, 85, -1, 87, 88, 89, - 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, - 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, - 120, 121, 122, 123, 124, 125, 126, -1, 128, 129, - 130, 131, 132, -1, -1, 135, 136, 137, 138, 139, - 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, - 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, - 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, - 170, 171, -1, 173, 174, 175, 176, 177, 178, 179, - 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, - 290, 291, 292, 293, 294, 295, -1, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, - 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, - 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, -1, 377, 378, 379, + 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, @@ -23510,7 +23465,7 @@ 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, -1, 468, 469, + 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, @@ -23518,65 +23473,65 @@ 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, -1, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, + 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, + 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, -1, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, - 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, + 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, + 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, -1, 759, + 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, + 21, 771, -1, -1, -1, -1, -1, -1, -1, -1, + 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 42, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 45, 46, 47, 48, 49, 50, - 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, - 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, -1, 75, 76, 77, 78, 79, 80, - 81, 82, 83, 84, 85, -1, 87, 88, 89, 90, - 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, - 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, - 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, - 121, 122, 123, 124, 125, 126, -1, 128, 129, 130, - 131, 132, -1, -1, 135, 136, 137, 138, 139, 140, - 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, - 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, - 171, -1, 173, 174, 175, 176, 177, 178, 179, 180, - 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, - 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, - 281, 282, 283, 284, 285, 286, 287, 288, 289, 290, - 291, 292, 293, 294, 295, -1, 297, 298, 299, 300, - 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, - 321, 322, -1, 324, 325, 326, 327, 328, 329, 330, - 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, + -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, + -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, + -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, -1, 377, 378, 379, 380, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, @@ -23585,7 +23540,7 @@ 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, -1, 464, 465, 466, -1, 468, 469, 470, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, @@ -23593,30 +23548,30 @@ 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, - 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, 572, 573, 574, 575, 576, -1, 578, 579, 580, - 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 616, 617, 618, -1, 620, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, - 661, 662, 663, -1, 665, 666, 667, 668, 669, 670, - -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, - 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, - 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 771, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, @@ -23651,7 +23606,7 @@ 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, -1, 377, 378, 379, 380, 381, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, @@ -23660,7 +23615,7 @@ 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, -1, 468, 469, 470, 471, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, @@ -23668,19 +23623,19 @@ 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, -1, 578, 579, 580, 581, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, -1, 620, 621, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, -1, 665, 666, 667, 668, 669, 670, -1, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, @@ -23688,8 +23643,8 @@ 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, -1, 759, 760, 761, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23754,7 +23709,7 @@ 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - -1, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, @@ -23765,43 +23720,43 @@ 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, 761, 762, - -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 47, 48, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 80, -1, -1, -1, - 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 101, -1, -1, - -1, -1, -1, -1, -1, -1, 110, -1, -1, -1, - -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 131, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, - 144, 145, -1, -1, -1, -1, 150, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, - -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, - -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 233, - -1, -1, -1, 237, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 255, -1, -1, -1, 259, 260, -1, -1, -1, + -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 290, -1, -1, -1, - -1, -1, -1, 297, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, - -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + -1, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + -1, 75, 76, 77, 78, 79, 80, 81, 82, 83, + 84, 85, -1, 87, 88, 89, 90, 91, 92, 93, + 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, + 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, + 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, + 124, 125, 126, -1, 128, 129, 130, 131, 132, -1, + -1, 135, 136, 137, 138, 139, 140, 141, 142, 143, + 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, + 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 168, 169, 170, 171, -1, 173, + 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, + 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, + 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, + 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, + 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, + 294, 295, -1, 297, 298, 299, 300, 301, 302, 303, + 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 317, 318, 319, 320, 321, 322, -1, + 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, + 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 374, 375, -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, @@ -23810,7 +23765,7 @@ 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 464, 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, @@ -23818,19 +23773,19 @@ 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, + 574, 575, 576, -1, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, + 614, 615, 616, 617, 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, - 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, + -1, 665, 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, @@ -23838,45 +23793,45 @@ 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, - 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, - 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 47, 48, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 80, -1, -1, -1, 84, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 101, -1, -1, -1, - -1, -1, -1, -1, -1, 110, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 131, -1, -1, -1, - 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, - 145, -1, -1, -1, -1, 150, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 174, - -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 233, -1, - -1, -1, 237, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 255, -1, -1, -1, 259, 260, -1, -1, -1, -1, + 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, + 754, 755, 756, 757, -1, 759, 760, 761, 762, -1, + 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 290, -1, -1, -1, -1, - -1, -1, 297, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, + 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, -1, + 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, + 85, -1, 87, 88, 89, 90, 91, 92, 93, 94, + 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, + 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, + 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, + 125, 126, -1, 128, 129, 130, 131, 132, -1, -1, + 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, + 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, + 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, + 165, 166, 167, 168, 169, 170, 171, -1, 173, 174, + 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, + 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, + 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, + 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, + 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 285, 286, 287, 288, 289, 290, 291, 292, 293, 294, + 295, -1, 297, 298, 299, 300, 301, 302, 303, 304, + 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, + 315, 316, 317, 318, 319, 320, 321, 322, -1, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 375, -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, @@ -23885,27 +23840,27 @@ 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 535, -1, 537, 538, 539, 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 575, 576, -1, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 615, 616, 617, 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 655, 656, 657, 658, 659, 660, 661, 662, 663, -1, + 665, 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, @@ -23913,45 +23868,45 @@ 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, 19, 20, -1, -1, -1, 24, 25, - 26, -1, 28, -1, 30, 31, 32, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, - -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, - -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, - 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, -1, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 45, + 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, + 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, + 66, 67, 68, 69, 70, 71, 72, 73, -1, 75, + 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, + -1, 87, 88, 89, 90, 91, 92, 93, 94, 95, + 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, + 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, + 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, + 126, -1, 128, 129, 130, 131, 132, -1, -1, 135, + 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, + 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, + 166, 167, 168, 169, 170, 171, -1, 173, 174, 175, + 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, + 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, + 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, + 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, + 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, + 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, + 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, + 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, + 286, 287, 288, 289, 290, 291, 292, 293, 294, 295, + -1, 297, 298, 299, 300, 301, 302, 303, 304, 305, + 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 317, 318, 319, 320, 321, 322, -1, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, @@ -23960,27 +23915,27 @@ 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, - 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, - -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + -1, 537, 538, 539, 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, - 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 576, -1, 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, - 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 616, 617, 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, - 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, - 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, - 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 646, 647, 648, 649, 650, 651, 652, -1, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, -1, 665, + 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, @@ -23988,37 +23943,37 @@ 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, - 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, - 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + -1, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, -1, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 47, 48, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 84, 85, -1, + -1, -1, -1, 80, -1, -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 101, -1, -1, -1, -1, -1, + -1, -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 131, -1, -1, -1, 135, -1, + -1, -1, -1, -1, -1, -1, -1, 144, 145, -1, + -1, -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 233, -1, -1, -1, + 237, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 255, -1, + -1, -1, 259, 260, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 290, -1, -1, -1, -1, -1, -1, + 297, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, @@ -24067,33 +24022,33 @@ 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 47, + 48, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 80, -1, -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, - -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 101, -1, -1, -1, -1, -1, -1, + -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 131, -1, -1, -1, 135, -1, -1, + -1, -1, -1, -1, -1, -1, 144, 145, -1, -1, + -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 233, -1, -1, -1, 237, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 255, -1, -1, + -1, 259, 260, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 290, -1, -1, -1, -1, -1, -1, 297, + 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, @@ -24140,15 +24095,15 @@ 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - 19, 20, -1, -1, 23, -1, -1, 26, 27, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, + 19, 20, -1, -1, -1, 24, 25, 26, -1, 28, + -1, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, @@ -24218,11 +24173,11 @@ 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 84, 85, -1, -1, 88, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24364,15 +24319,15 @@ 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, - 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, + 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, + -1, 23, -1, -1, 26, 27, -1, -1, -1, 31, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24518,11 +24473,11 @@ -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24592,12 +24547,12 @@ 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24668,11 +24623,11 @@ -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, @@ -24739,13 +24694,13 @@ 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, - 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, @@ -24770,7 +24725,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, @@ -24814,12 +24769,12 @@ 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, - 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 76, 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24844,7 +24799,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, -1, 324, 325, 326, 327, + -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, @@ -24856,8 +24811,8 @@ 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, - 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, @@ -24892,10 +24847,10 @@ 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, @@ -24976,14 +24931,14 @@ -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, 148, -1, - -1, 151, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, 213, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24995,7 +24950,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, + 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, @@ -25044,7 +24999,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 76, 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25062,14 +25017,14 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 259, -1, - -1, -1, -1, -1, -1, -1, -1, 268, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, - 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 321, 322, -1, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, @@ -25081,7 +25036,7 @@ 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, @@ -25117,7 +25072,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, @@ -25199,16 +25154,16 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 128, -1, -1, -1, -1, - -1, -1, 135, 136, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, 148, -1, -1, 151, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + 213, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25264,9 +25219,9 @@ 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 53, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25287,8 +25242,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 259, -1, -1, -1, -1, + -1, -1, -1, -1, 268, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25338,8 +25293,8 @@ 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25363,7 +25318,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 268, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25425,7 +25380,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 128, -1, -1, -1, -1, -1, -1, 135, - -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, + 136, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25489,9 +25444,9 @@ 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 30, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 53, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25571,7 +25526,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, @@ -25588,7 +25543,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 268, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25646,9 +25601,9 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 128, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25714,10 +25669,10 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 30, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 63, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25942,7 +25897,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 63, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25958,7 +25913,7 @@ -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, - -1, -1, -1, 226, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26013,14 +25968,14 @@ 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26090,12 +26045,12 @@ 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26170,7 +26125,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, @@ -26183,7 +26138,7 @@ 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 226, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26238,14 +26193,14 @@ 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, @@ -26314,7 +26269,7 @@ 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26332,7 +26287,7 @@ -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, -1, -1, -1, -1, -1, -1, 226, -1, + -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26395,7 +26350,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, @@ -26469,7 +26424,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26557,7 +26512,7 @@ -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 226, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26837,14 +26792,14 @@ 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26881,18 +26836,18 @@ 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, -1, 473, 474, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, - 505, 506, 507, 508, 509, -1, 511, 512, 513, 514, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, @@ -26901,7 +26856,7 @@ 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - -1, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, @@ -27062,14 +27017,14 @@ 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, @@ -27106,18 +27061,18 @@ 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + 468, 469, 470, 471, -1, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 508, 509, -1, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, @@ -27125,7 +27080,7 @@ 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 658, 659, 660, 661, 662, 663, 664, -1, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, @@ -27135,9 +27090,9 @@ 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - -1, 759, 760, 761, 762, -1, 764, 765, 766, 767, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27181,18 +27136,18 @@ 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, -1, 473, 474, 475, 476, 477, -1, + 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, - 509, -1, 511, 512, 513, 514, 515, 516, 517, 518, + 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, + 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, @@ -27200,7 +27155,7 @@ 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, -1, 666, 667, 668, + 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, @@ -27241,7 +27196,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, + 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, 355, -1, 357, 358, 359, @@ -27290,1156 +27245,1309 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 68, -1, -1, - -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 113, 114, 115, 116, -1, -1, -1, -1, - -1, -1, 123, -1, -1, -1, 127, -1, -1, 130, + -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, - 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 157, -1, -1, -1, - -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 178, -1, 180, + -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 315, -1, -1, -1, -1, 320, - 321, 322, 323, 324, 325, -1, 327, 328, 329, 330, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, -1, 346, 347, 348, 349, 350, - 351, 352, 353, -1, 355, -1, -1, 358, 359, 360, - 361, 362, -1, -1, 365, 366, 367, 368, 369, -1, - -1, -1, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, -1, -1, -1, -1, -1, -1, 389, -1, - 391, -1, 393, 394, -1, 396, 397, 398, 399, 400, - 401, -1, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, -1, 417, -1, 419, 420, - 421, 422, 423, 424, 425, -1, 427, 428, 429, 430, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, 355, -1, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, -1, -1, -1, 446, -1, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, -1, - -1, -1, -1, -1, 465, 466, 467, 468, 469, 470, - -1, 472, 473, -1, 475, 476, -1, -1, 479, -1, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, -1, 493, 494, 495, 496, 497, 498, 499, 500, - 501, -1, 503, 504, 505, 506, 507, 508, 509, 510, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, -1, 573, 574, 575, 576, 577, 578, 579, 580, - -1, 582, 583, 584, 585, 586, -1, -1, 589, -1, - 591, 592, -1, 594, 595, 596, 597, -1, 599, 600, - 601, 602, -1, -1, -1, -1, 607, 608, 609, 610, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, - 631, 632, -1, 634, -1, 636, 637, 638, -1, 640, - 641, -1, 643, 644, 645, 646, 647, 648, -1, 650, - 651, 652, 653, 654, 655, 656, -1, 658, 659, 660, - -1, 662, 663, 664, 665, 666, -1, 668, 669, -1, - -1, 672, 673, -1, -1, 676, 677, 678, -1, 680, - -1, 682, 683, -1, -1, 686, 687, -1, 689, 690, - 691, 692, -1, 694, 695, -1, 697, -1, 699, 700, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, - 711, 712, 713, 714, 715, 716, 717, 718, -1, 720, - 721, 722, 723, 724, 725, 726, 727, 728, -1, 730, - 731, -1, 733, 734, 735, 736, 19, 20, 739, 740, - -1, 742, 743, 744, 745, 746, 747, 748, 749, 750, - 751, 752, 753, 754, 755, 756, 757, -1, -1, 760, - 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, + 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, + 352, 353, 354, 355, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, + 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, + 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, + -1, 473, 474, 475, 476, 477, -1, 479, 480, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, + 502, 503, 504, 505, 506, 507, 508, 509, -1, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, + 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, + 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, + 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, + 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, + 662, 663, 664, -1, 666, 667, 668, 669, 670, 671, + 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, + 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 68, -1, -1, -1, -1, - -1, -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 114, -1, 116, -1, -1, -1, -1, -1, -1, - 123, -1, -1, -1, 127, -1, -1, 130, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, 141, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 157, -1, -1, -1, -1, -1, - -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 178, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 313, -1, 315, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, -1, 327, 328, 329, 330, 331, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + -1, 324, 325, 326, 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, -1, 346, 347, 348, 349, 350, 351, 352, - 353, -1, 355, -1, -1, 358, 359, 360, 361, 362, - -1, -1, 365, 366, 367, 368, 369, -1, -1, -1, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, 355, -1, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - -1, -1, -1, -1, -1, -1, 389, -1, 391, -1, - 393, 394, -1, 396, 397, 398, 399, 400, 401, -1, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, -1, 417, -1, 419, 420, 421, 422, - 423, 424, 425, -1, 427, 428, 429, 430, 431, 432, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - -1, -1, -1, 446, -1, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, -1, -1, -1, - -1, -1, 465, 466, 467, 468, 469, 470, -1, 472, - 473, -1, 475, 476, -1, -1, 479, -1, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, -1, - 493, 494, 495, 496, 497, 498, 499, 500, 501, -1, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, -1, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, -1, -1, 589, -1, 591, 592, - -1, 594, 595, 596, 597, -1, 599, 600, 601, 602, - -1, -1, -1, -1, 607, 608, 609, 610, 611, 612, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - -1, 634, -1, 636, 637, 638, -1, 640, 641, -1, - 643, 644, 645, 646, 647, 648, -1, 650, 651, 652, - 653, 654, 655, 656, -1, 658, 659, 660, -1, 662, - 663, 664, 665, 666, -1, 668, 669, -1, -1, 672, - 673, -1, -1, 676, 677, 678, -1, 680, -1, 682, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - -1, 694, 695, -1, 697, -1, 699, 700, 701, 702, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, -1, 720, 721, 722, - 723, 724, 725, 726, 727, 728, -1, 730, 731, -1, - 733, 734, 735, 736, 19, 20, 739, 740, -1, 742, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, -1, -1, 760, 761, -1, - -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 68, -1, -1, -1, -1, -1, -1, - -1, -1, 77, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, 123, -1, - -1, -1, 127, -1, -1, 130, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 157, -1, -1, -1, -1, -1, -1, -1, - 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 178, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 68, -1, -1, -1, -1, -1, + -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 113, + 114, 115, 116, -1, -1, -1, -1, -1, -1, 123, + -1, -1, -1, 127, -1, -1, 130, -1, -1, -1, + -1, 135, -1, -1, -1, -1, -1, 141, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 157, -1, -1, -1, -1, -1, -1, + -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 178, -1, 180, -1, -1, -1, + -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, + -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 242, -1, + -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 315, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, -1, 327, 328, 329, 330, 331, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - -1, 346, 347, 348, 349, 350, 351, 352, 353, -1, - 355, -1, -1, 358, 359, 360, 361, 362, -1, -1, - 365, 366, 367, 368, 369, -1, -1, -1, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, -1, -1, - -1, -1, -1, -1, 389, -1, 391, -1, 393, 394, - -1, 396, 397, 398, 399, 400, 401, -1, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, -1, 417, -1, 419, 420, 421, 422, 423, 424, - 425, -1, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, -1, -1, - -1, 446, -1, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, -1, -1, -1, -1, -1, - 465, 466, 467, 468, 469, 470, -1, 472, 473, -1, - 475, 476, -1, -1, 479, -1, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, -1, 493, 494, - 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, -1, -1, 589, -1, 591, 592, -1, 594, - 595, 596, 597, -1, 599, 600, 601, 602, -1, -1, - -1, -1, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, -1, 634, - -1, 636, 637, 638, -1, 640, 641, -1, 643, 644, - 645, 646, 647, 648, -1, 650, 651, 652, 653, 654, - 655, 656, -1, 658, 659, 660, -1, 662, 663, 664, - 665, 666, -1, 668, 669, -1, -1, 672, 673, -1, - -1, 676, 677, 678, -1, 680, -1, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, -1, 694, - 695, -1, 697, -1, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, -1, 720, 721, 722, 723, 724, - 725, 726, 727, 728, -1, 730, 731, -1, 733, 734, - 735, 736, 19, 20, 739, 740, -1, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, -1, -1, 760, 761, -1, -1, 764, - -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 68, -1, -1, -1, -1, -1, -1, -1, -1, - 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, - -1, -1, -1, -1, -1, -1, 123, -1, -1, -1, - 127, -1, -1, 130, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, + -1, 315, -1, -1, -1, -1, 320, 321, 322, 323, + 324, 325, -1, 327, 328, 329, 330, 331, -1, -1, + -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, -1, 346, 347, 348, 349, 350, 351, 352, 353, + -1, 355, -1, -1, 358, 359, 360, 361, 362, -1, + -1, 365, 366, 367, 368, 369, -1, -1, -1, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, -1, + -1, -1, -1, -1, -1, 389, -1, 391, -1, 393, + 394, -1, 396, 397, 398, 399, 400, 401, -1, 403, + 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, -1, 417, -1, 419, 420, 421, 422, 423, + 424, 425, -1, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 438, 439, 440, 441, 442, -1, + -1, -1, 446, -1, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, -1, -1, -1, -1, + -1, 465, 466, 467, 468, 469, 470, -1, 472, 473, + -1, 475, 476, -1, -1, 479, -1, 481, 482, 483, + 484, 485, 486, 487, 488, 489, 490, 491, -1, 493, + 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, + 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, + 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, + 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, + 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, + 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, + 584, 585, 586, -1, -1, 589, -1, 591, 592, -1, + 594, 595, 596, 597, -1, 599, 600, 601, 602, -1, + -1, -1, -1, 607, 608, 609, 610, 611, 612, 613, + 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, + 624, 625, 626, 627, 628, 629, 630, 631, 632, -1, + 634, -1, 636, 637, 638, -1, 640, 641, -1, 643, + 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, + 654, 655, 656, -1, 658, 659, 660, -1, 662, 663, + 664, 665, 666, -1, 668, 669, -1, -1, 672, 673, + -1, -1, 676, 677, 678, -1, 680, -1, 682, 683, + -1, -1, 686, 687, -1, 689, 690, 691, 692, -1, + 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, + 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, + 714, 715, 716, 717, 718, -1, 720, 721, 722, 723, + 724, 725, 726, 727, 728, -1, 730, 731, -1, 733, + 734, 735, 736, 19, 20, 739, 740, -1, 742, 743, + 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, + 754, 755, 756, 757, -1, -1, 760, 761, -1, -1, + 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 157, -1, -1, -1, -1, -1, -1, -1, 165, -1, + -1, -1, 68, -1, -1, -1, -1, -1, -1, -1, + -1, 77, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 178, -1, 180, -1, -1, -1, -1, -1, -1, - -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, + -1, -1, -1, -1, -1, -1, -1, -1, 114, -1, + 116, -1, -1, -1, -1, -1, -1, 123, -1, -1, + -1, 127, -1, -1, 130, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, + -1, 157, -1, -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 242, -1, -1, -1, -1, - 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 178, -1, 180, -1, -1, -1, -1, -1, + -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 315, -1, - -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, - 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, - 347, 348, 349, 350, 351, 352, 353, -1, 355, -1, - -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, - 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, -1, -1, -1, -1, - -1, -1, 389, -1, 391, -1, 393, 394, -1, 396, - 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, - 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, - 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, - -1, 448, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, - 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, - -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, - 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, - 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, - 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, - 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, - 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, - 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, - -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, - 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, - 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, - 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, - 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, - -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, - -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, - 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, - 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, - 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, - 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, - 727, 728, -1, 730, 731, -1, 733, 734, 735, 736, - 19, 20, 739, 740, -1, 742, 743, 744, 745, 746, - 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, - 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 68, - -1, -1, -1, -1, -1, -1, -1, -1, 77, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 313, -1, 315, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + -1, 327, 328, 329, 330, 331, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, -1, + 346, 347, 348, 349, 350, 351, 352, 353, -1, 355, + -1, -1, 358, 359, 360, 361, 362, -1, -1, 365, + 366, 367, 368, 369, -1, -1, -1, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, -1, -1, -1, + -1, -1, -1, 389, -1, 391, -1, 393, 394, -1, + 396, 397, 398, 399, 400, 401, -1, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + -1, 417, -1, 419, 420, 421, 422, 423, 424, 425, + -1, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, -1, -1, -1, + 446, -1, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, -1, -1, -1, -1, -1, 465, + 466, 467, 468, 469, 470, -1, 472, 473, -1, 475, + 476, -1, -1, 479, -1, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, -1, 493, 494, 495, + 496, 497, 498, 499, 500, 501, -1, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, -1, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, -1, -1, 589, -1, 591, 592, -1, 594, 595, + 596, 597, -1, 599, 600, 601, 602, -1, -1, -1, + -1, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, -1, 634, -1, + 636, 637, 638, -1, 640, 641, -1, 643, 644, 645, + 646, 647, 648, -1, 650, 651, 652, 653, 654, 655, + 656, -1, 658, 659, 660, -1, 662, 663, 664, 665, + 666, -1, 668, 669, -1, -1, 672, 673, -1, -1, + 676, 677, 678, -1, 680, -1, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, -1, 694, 695, + -1, 697, -1, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, -1, 720, 721, 722, 723, 724, 725, + 726, 727, 728, -1, 730, 731, -1, 733, 734, 735, + 736, 19, 20, 739, 740, -1, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, -1, -1, 760, 761, -1, -1, 764, -1, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, 123, -1, -1, -1, 127, -1, - -1, 130, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 157, -1, - -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 178, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, + 68, -1, -1, -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 242, -1, -1, -1, -1, 247, 248, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, -1, -1, -1, 123, -1, -1, -1, 127, + -1, -1, 130, -1, -1, -1, -1, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 157, + -1, -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 178, -1, 180, -1, -1, -1, -1, -1, -1, -1, + -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, 247, + 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 315, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, -1, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, -1, 346, 347, 348, - 349, 350, 351, 352, 353, -1, 355, -1, -1, 358, - 359, 360, 361, 362, -1, -1, 365, 366, 367, 368, - 369, -1, -1, -1, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, -1, -1, -1, -1, -1, -1, - 389, -1, 391, -1, 393, 394, -1, 396, 397, 398, - 399, 400, 401, -1, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, -1, 417, -1, - 419, 420, 421, 422, 423, 424, 425, -1, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, -1, -1, -1, 446, -1, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, -1, -1, -1, -1, -1, 465, 466, 467, 468, - 469, 470, -1, 472, 473, -1, 475, 476, -1, -1, - 479, -1, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, -1, 493, 494, 495, 496, 497, 498, - 499, 500, 501, -1, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, -1, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, -1, -1, - 589, -1, 591, 592, -1, 594, 595, 596, 597, -1, - 599, 600, 601, 602, -1, -1, -1, -1, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, -1, 634, -1, 636, 637, 638, - -1, 640, 641, -1, 643, 644, 645, 646, 647, 648, - -1, 650, 651, 652, 653, 654, 655, 656, -1, 658, - 659, 660, -1, 662, 663, 664, 665, 666, -1, 668, - 669, -1, -1, 672, 673, -1, -1, 676, 677, 678, - -1, 680, -1, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, -1, 694, 695, -1, 697, -1, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - -1, 720, 721, 722, 723, 724, 725, 726, 727, 728, - -1, 730, 731, -1, 733, 734, 735, 736, 19, 20, - 739, 740, -1, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, -1, - -1, 760, 761, -1, -1, 764, -1, 766, 767, -1, + -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 68, -1, -1, - -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 315, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, -1, 327, + 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, -1, 346, 347, + 348, 349, 350, 351, 352, 353, -1, 355, -1, -1, + 358, 359, 360, 361, 362, -1, -1, 365, 366, 367, + 368, 369, -1, -1, -1, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, -1, -1, -1, -1, -1, + -1, 389, -1, 391, -1, 393, 394, -1, 396, 397, + 398, 399, 400, 401, -1, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, -1, 417, + -1, 419, 420, 421, 422, 423, 424, 425, -1, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, -1, -1, -1, 446, -1, + 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, -1, -1, -1, -1, -1, 465, 466, 467, + 468, 469, 470, -1, 472, 473, -1, 475, 476, -1, + -1, 479, -1, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, -1, 493, 494, 495, 496, 497, + 498, 499, 500, 501, -1, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, -1, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, -1, + -1, 589, -1, 591, 592, -1, 594, 595, 596, 597, + -1, 599, 600, 601, 602, -1, -1, -1, -1, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, -1, 634, -1, 636, 637, + 638, -1, 640, 641, -1, 643, 644, 645, 646, 647, + 648, -1, 650, 651, 652, 653, 654, 655, 656, -1, + 658, 659, 660, -1, 662, 663, 664, 665, 666, -1, + 668, 669, -1, -1, 672, 673, -1, -1, 676, 677, + 678, -1, 680, -1, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, -1, 694, 695, -1, 697, + -1, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, -1, 720, 721, 722, 723, 724, 725, 726, 727, + 728, -1, 730, 731, -1, 733, 734, 735, 736, 19, + 20, 739, 740, -1, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + -1, -1, 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, - -1, -1, 123, -1, -1, -1, 127, -1, -1, 130, - -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, - 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 157, -1, -1, -1, - -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 178, -1, 180, - -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, - -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 68, -1, + -1, -1, -1, -1, -1, -1, -1, 77, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, 123, -1, -1, -1, 127, -1, -1, + 130, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 157, -1, -1, + -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 178, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, + -1, -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 315, -1, -1, -1, -1, 320, - 321, 322, 323, 324, 325, -1, 327, 328, 329, 330, - 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, -1, 346, 347, 348, 349, 350, - 351, 352, 353, -1, 355, -1, -1, 358, 359, 360, - 361, 362, -1, -1, 365, 366, 367, 368, 369, -1, - -1, -1, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, -1, -1, -1, -1, -1, -1, 389, -1, - 391, -1, 393, 394, -1, 396, 397, 398, 399, 400, - 401, -1, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, -1, 417, -1, 419, 420, - 421, 422, 423, 424, 425, -1, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, -1, -1, -1, 446, -1, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, -1, - -1, -1, -1, -1, 465, 466, 467, 468, 469, 470, - -1, 472, 473, -1, 475, 476, -1, -1, 479, -1, - 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, -1, 493, 494, 495, 496, 497, 498, 499, 500, - 501, -1, 503, 504, 505, 506, 507, 508, 509, 510, - 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, - 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, - 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, -1, 573, 574, 575, 576, 577, 578, 579, 580, - -1, 582, 583, 584, 585, 586, -1, -1, 589, -1, - 591, 592, -1, 594, 595, 596, 597, -1, 599, 600, - 601, 602, -1, -1, -1, -1, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, - 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, - 631, 632, -1, 634, -1, 636, 637, 638, -1, 640, - 641, -1, 643, 644, 645, 646, 647, 648, -1, 650, - 651, 652, 653, 654, 655, 656, -1, 658, 659, 660, - -1, 662, 663, 664, 665, 666, -1, 668, 669, -1, - -1, 672, 673, -1, -1, 676, 677, 678, -1, 680, - -1, 682, 683, -1, -1, 686, 687, -1, 689, 690, - 691, 692, -1, 694, 695, -1, 697, -1, 699, 700, - 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, - 711, 712, 713, 714, 715, 716, 717, 718, -1, 720, - 721, 722, 723, 724, 725, 726, 727, 728, -1, 730, - 731, -1, 733, 734, 735, 736, 19, 20, 739, 740, - -1, 742, 743, 744, 745, 746, 747, 748, 749, 750, - 751, 752, 753, 754, 755, 756, 757, -1, -1, 760, - 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, + 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 68, -1, -1, -1, -1, - -1, -1, -1, -1, 77, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 315, -1, -1, -1, -1, + 320, 321, 322, 323, 324, 325, -1, 327, 328, 329, + 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, -1, 346, 347, 348, 349, + 350, 351, 352, 353, -1, 355, -1, -1, 358, 359, + 360, 361, 362, -1, -1, 365, 366, 367, 368, 369, + -1, -1, -1, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, -1, -1, -1, -1, -1, -1, 389, + -1, 391, -1, 393, 394, -1, 396, 397, 398, 399, + 400, 401, -1, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, -1, 417, -1, 419, + 420, 421, 422, 423, 424, 425, -1, 427, 428, 429, + 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, + 440, 441, 442, -1, -1, -1, 446, -1, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + -1, -1, -1, -1, -1, 465, 466, 467, 468, 469, + 470, -1, 472, 473, -1, 475, 476, -1, -1, 479, + -1, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, -1, 493, 494, 495, 496, 497, 498, 499, + 500, 501, -1, 503, 504, 505, 506, 507, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, + 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, + 570, 571, -1, 573, 574, 575, 576, 577, 578, 579, + 580, -1, 582, 583, 584, 585, 586, -1, -1, 589, + -1, 591, 592, -1, 594, 595, 596, 597, -1, 599, + 600, 601, 602, -1, -1, -1, -1, 607, 608, 609, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 632, -1, 634, -1, 636, 637, 638, -1, + 640, 641, -1, 643, 644, 645, 646, 647, 648, -1, + 650, 651, 652, 653, 654, 655, 656, -1, 658, 659, + 660, -1, 662, 663, 664, 665, 666, -1, 668, 669, + -1, -1, 672, 673, -1, -1, 676, 677, 678, -1, + 680, -1, 682, 683, -1, -1, 686, 687, -1, 689, + 690, 691, 692, -1, 694, 695, -1, 697, -1, 699, + 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, + 710, 711, 712, 713, 714, 715, 716, 717, 718, -1, + 720, 721, 722, 723, 724, 725, 726, 727, 728, -1, + 730, 731, -1, 733, 734, 735, 736, 19, 20, 739, + 740, -1, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, -1, -1, + 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, - 123, -1, -1, -1, 127, -1, -1, 130, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 157, -1, -1, -1, -1, -1, - -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 178, -1, 180, -1, -1, - -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 68, -1, -1, -1, + -1, -1, -1, -1, -1, 77, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, 123, -1, -1, -1, 127, -1, -1, 130, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, 141, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 157, -1, -1, -1, -1, + -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 178, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 315, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, -1, 327, 328, 329, 330, 331, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, -1, 346, 347, 348, 349, 350, 351, 352, - 353, -1, 355, -1, -1, 358, 359, 360, 361, 362, - -1, -1, 365, 366, 367, 368, 369, -1, -1, -1, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - -1, -1, -1, -1, -1, -1, 389, -1, 391, -1, - 393, 394, -1, 396, 397, 398, 399, 400, 401, -1, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, -1, 417, -1, 419, 420, 421, 422, - 423, 424, 425, -1, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - -1, -1, -1, 446, -1, 448, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, -1, -1, -1, - -1, -1, 465, 466, 467, 468, 469, 470, -1, 472, - 473, -1, 475, 476, -1, -1, 479, -1, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, -1, - 493, 494, 495, 496, 497, 498, 499, 500, 501, -1, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, -1, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, -1, -1, 589, -1, 591, 592, - -1, 594, 595, 596, 597, -1, 599, 600, 601, 602, - -1, -1, -1, -1, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - -1, 634, -1, 636, 637, 638, -1, 640, 641, -1, - 643, 644, 645, 646, 647, 648, -1, 650, 651, 652, - 653, 654, 655, 656, -1, 658, 659, 660, -1, 662, - 663, 664, 665, 666, -1, 668, 669, -1, -1, 672, - 673, -1, -1, 676, 677, 678, -1, 680, -1, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - -1, 694, 695, -1, 697, -1, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, -1, 720, 721, 722, - 723, 724, 725, 726, 727, 728, -1, 730, 731, -1, - 733, 734, 735, 736, 19, 20, 739, 740, -1, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, -1, -1, 760, 761, -1, - -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 68, -1, -1, -1, -1, -1, -1, - -1, -1, 77, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, 123, -1, - -1, -1, 127, -1, -1, 130, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, 141, -1, -1, 144, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 157, -1, -1, -1, -1, -1, -1, -1, - 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 178, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, + -1, -1, -1, 315, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, -1, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, -1, 346, 347, 348, 349, 350, 351, + 352, 353, -1, 355, -1, -1, 358, 359, 360, 361, + 362, -1, -1, 365, 366, 367, 368, 369, -1, -1, + -1, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, -1, -1, -1, -1, -1, -1, 389, -1, 391, + -1, 393, 394, -1, 396, 397, 398, 399, 400, 401, + -1, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, -1, 417, -1, 419, 420, 421, + 422, 423, 424, 425, -1, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, -1, -1, -1, 446, -1, 448, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, -1, -1, + -1, -1, -1, 465, 466, 467, 468, 469, 470, -1, + 472, 473, -1, 475, 476, -1, -1, 479, -1, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + -1, 493, 494, 495, 496, 497, 498, 499, 500, 501, + -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + -1, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, -1, -1, 589, -1, 591, + 592, -1, 594, 595, 596, 597, -1, 599, 600, 601, + 602, -1, -1, -1, -1, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, -1, 634, -1, 636, 637, 638, -1, 640, 641, + -1, 643, 644, 645, 646, 647, 648, -1, 650, 651, + 652, 653, 654, 655, 656, -1, 658, 659, 660, -1, + 662, 663, 664, 665, 666, -1, 668, 669, -1, -1, + 672, 673, -1, -1, 676, 677, 678, -1, 680, -1, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, -1, 694, 695, -1, 697, -1, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, -1, 720, 721, + 722, 723, 724, 725, 726, 727, 728, -1, 730, 731, + -1, 733, 734, 735, 736, 19, 20, 739, 740, -1, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, -1, -1, 760, 761, + -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 242, -1, -1, - -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 68, -1, -1, -1, -1, -1, + -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, + -1, -1, 116, -1, -1, -1, -1, -1, -1, 123, + -1, -1, -1, 127, -1, -1, 130, -1, -1, -1, + -1, 135, -1, -1, -1, -1, -1, 141, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 157, -1, -1, -1, -1, -1, -1, + -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 178, -1, 180, -1, -1, -1, + -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, + -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 242, -1, + -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 315, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, -1, 327, 328, 329, 330, 331, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - -1, 346, 347, 348, 349, 350, 351, 352, 353, -1, - 355, -1, -1, 358, 359, 360, 361, 362, -1, -1, - 365, 366, 367, 368, 369, -1, -1, -1, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 382, -1, -1, - -1, -1, -1, -1, 389, -1, 391, -1, 393, 394, - -1, 396, 397, 398, 399, 400, 401, -1, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, -1, 417, -1, 419, 420, 421, 422, 423, 424, - 425, -1, 427, 428, 429, 430, 431, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, -1, -1, - -1, 446, -1, 448, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, -1, -1, -1, -1, -1, - 465, 466, 467, 468, 469, 470, -1, 472, 473, -1, - 475, 476, -1, -1, 479, -1, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, -1, 493, 494, - 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, 586, -1, -1, 589, -1, 591, 592, -1, 594, - 595, 596, 597, -1, 599, 600, 601, 602, -1, -1, - -1, -1, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, -1, 634, - -1, 636, 637, 638, -1, 640, 641, -1, 643, 644, - 645, 646, 647, 648, -1, 650, 651, 652, 653, 654, - 655, 656, -1, 658, 659, 660, -1, 662, 663, 664, - 665, 666, -1, 668, 669, -1, -1, 672, 673, -1, - -1, 676, 677, 678, -1, 680, -1, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, -1, 694, - 695, -1, 697, -1, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, -1, 720, 721, 722, 723, 724, - 725, 726, 727, 728, -1, 730, 731, -1, 733, 734, - 735, 736, 19, 20, 739, 740, -1, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, -1, -1, 760, 761, -1, -1, 764, - -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 68, -1, -1, -1, -1, -1, -1, -1, -1, - 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, - -1, -1, -1, -1, -1, -1, 123, -1, -1, -1, - 127, -1, -1, 130, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 157, -1, -1, -1, -1, -1, -1, -1, 165, -1, + -1, 315, -1, -1, -1, -1, 320, 321, 322, 323, + 324, 325, -1, 327, 328, 329, 330, 331, -1, -1, + -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, -1, 346, 347, 348, 349, 350, 351, 352, 353, + -1, 355, -1, -1, 358, 359, 360, 361, 362, -1, + -1, 365, 366, 367, 368, 369, -1, -1, -1, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, -1, + -1, -1, -1, -1, -1, 389, -1, 391, -1, 393, + 394, -1, 396, 397, 398, 399, 400, 401, -1, 403, + 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, -1, 417, -1, 419, 420, 421, 422, 423, + 424, 425, -1, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 438, 439, 440, 441, 442, -1, + -1, -1, 446, -1, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, -1, -1, -1, -1, + -1, 465, 466, 467, 468, 469, 470, -1, 472, 473, + -1, 475, 476, -1, -1, 479, -1, 481, 482, 483, + 484, 485, 486, 487, 488, 489, 490, 491, -1, 493, + 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, + 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, + 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, + 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, + 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, + 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, + 584, 585, 586, -1, -1, 589, -1, 591, 592, -1, + 594, 595, 596, 597, -1, 599, 600, 601, 602, -1, + -1, -1, -1, 607, 608, 609, 610, 611, 612, 613, + 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, + 624, 625, 626, 627, 628, 629, 630, 631, 632, -1, + 634, -1, 636, 637, 638, -1, 640, 641, -1, 643, + 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, + 654, 655, 656, -1, 658, 659, 660, -1, 662, 663, + 664, 665, 666, -1, 668, 669, -1, -1, 672, 673, + -1, -1, 676, 677, 678, -1, 680, -1, 682, 683, + -1, -1, 686, 687, -1, 689, 690, 691, 692, -1, + 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, + 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, + 714, 715, 716, 717, 718, -1, 720, 721, 722, 723, + 724, 725, 726, 727, 728, -1, 730, 731, -1, 733, + 734, 735, 736, 19, 20, 739, 740, -1, 742, 743, + 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, + 754, 755, 756, 757, -1, -1, 760, 761, -1, -1, + 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 178, -1, 180, -1, -1, -1, -1, -1, -1, - -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, + -1, -1, 68, -1, -1, -1, -1, -1, -1, -1, + -1, 77, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 242, -1, -1, -1, -1, - 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, -1, 123, -1, -1, + -1, 127, -1, -1, 130, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 157, -1, -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, + -1, -1, 178, -1, 180, -1, -1, -1, -1, -1, + -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 315, -1, - -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, - 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, - 347, 348, 349, 350, 351, 352, 353, -1, 355, -1, - -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, - 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, - 377, 378, 379, 380, 381, 382, -1, -1, -1, -1, - -1, -1, 389, -1, 391, -1, 393, 394, -1, 396, - 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, - 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, - 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, - -1, 448, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, - 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, - -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, - 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, - 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, - 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, - 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, - 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, - 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, - -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, - 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, - 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, - 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, - 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, - -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, - -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, - 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, - 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, - 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, - 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, - 727, 728, -1, 730, 731, -1, 733, 734, 735, 736, - 19, 20, 739, 740, -1, 742, 743, 744, 745, 746, - 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, - 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 68, - -1, -1, -1, -1, -1, -1, -1, -1, 77, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, 123, -1, -1, -1, 127, -1, - -1, 130, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, 141, -1, -1, 144, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 157, -1, - -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 178, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 315, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + -1, 327, 328, 329, 330, 331, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, -1, + 346, 347, 348, 349, 350, 351, 352, 353, -1, 355, + -1, -1, 358, 359, 360, 361, 362, -1, -1, 365, + 366, 367, 368, 369, -1, -1, -1, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, -1, -1, -1, + -1, -1, -1, 389, -1, 391, -1, 393, 394, -1, + 396, 397, 398, 399, 400, 401, -1, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + -1, 417, -1, 419, 420, 421, 422, 423, 424, 425, + -1, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, -1, -1, -1, + 446, -1, 448, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, -1, -1, -1, -1, -1, 465, + 466, 467, 468, 469, 470, -1, 472, 473, -1, 475, + 476, -1, -1, 479, -1, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, -1, 493, 494, 495, + 496, 497, 498, 499, 500, 501, -1, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, -1, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, -1, -1, 589, -1, 591, 592, -1, 594, 595, + 596, 597, -1, 599, 600, 601, 602, -1, -1, -1, + -1, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, -1, 634, -1, + 636, 637, 638, -1, 640, 641, -1, 643, 644, 645, + 646, 647, 648, -1, 650, 651, 652, 653, 654, 655, + 656, -1, 658, 659, 660, -1, 662, 663, 664, 665, + 666, -1, 668, 669, -1, -1, 672, 673, -1, -1, + 676, 677, 678, -1, 680, -1, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, -1, 694, 695, + -1, 697, -1, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, -1, 720, 721, 722, 723, 724, 725, + 726, 727, 728, -1, 730, 731, -1, 733, 734, 735, + 736, 19, 20, 739, 740, -1, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, -1, -1, 760, 761, -1, -1, 764, -1, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 68, -1, -1, -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 242, -1, -1, -1, -1, 247, 248, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, + -1, -1, -1, -1, -1, 123, -1, -1, -1, 127, + -1, -1, 130, -1, -1, -1, -1, 135, -1, -1, + -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 157, + -1, -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 178, -1, 180, -1, -1, -1, -1, -1, -1, -1, + -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 242, -1, -1, -1, -1, 247, + 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 315, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, -1, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, -1, 346, 347, 348, - 349, 350, 351, 352, 353, -1, 355, -1, -1, 358, - 359, 360, 361, 362, -1, -1, 365, 366, 367, 368, - 369, -1, -1, -1, 373, 374, 375, 376, 377, 378, - 379, 380, 381, 382, -1, -1, -1, -1, -1, -1, - 389, -1, 391, -1, 393, 394, -1, 396, 397, 398, - 399, 400, 401, -1, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, -1, 417, -1, - 419, 420, 421, 422, 423, 424, 425, -1, 427, 428, - 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, -1, -1, -1, 446, -1, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, -1, -1, -1, -1, -1, 465, 466, 467, 468, - 469, 470, -1, 472, 473, -1, 475, 476, -1, -1, - 479, -1, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, -1, 493, 494, 495, 496, 497, 498, - 499, 500, 501, -1, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, -1, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, -1, -1, - 589, -1, 591, 592, -1, 594, 595, 596, 597, -1, - 599, 600, 601, 602, -1, -1, -1, -1, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, -1, 634, -1, 636, 637, 638, - -1, 640, 641, -1, 643, 644, 645, 646, 647, 648, - -1, 650, 651, 652, 653, 654, 655, 656, -1, 658, - 659, 660, -1, 662, 663, 664, 665, 666, -1, 668, - 669, -1, -1, 672, 673, -1, -1, 676, 677, 678, - -1, 680, -1, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, -1, 694, 695, -1, 697, -1, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - -1, 720, 721, 722, 723, 724, 725, 726, 727, 728, - -1, 730, 731, -1, 733, 734, 735, 736, 19, 20, - 739, 740, -1, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, -1, - -1, 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 68, -1, -1, - -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, + -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, - -1, -1, 123, -1, -1, -1, 127, -1, -1, 130, - -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, - 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 157, -1, -1, -1, - -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 178, -1, 180, - -1, -1, -1, -1, -1, -1, -1, -1, 189, -1, - -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, + -1, -1, -1, -1, -1, -1, -1, 315, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, -1, 327, + 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, -1, 346, 347, + 348, 349, 350, 351, 352, 353, -1, 355, -1, -1, + 358, 359, 360, 361, 362, -1, -1, 365, 366, 367, + 368, 369, -1, -1, -1, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 382, -1, -1, -1, -1, -1, + -1, 389, -1, 391, -1, 393, 394, -1, 396, 397, + 398, 399, 400, 401, -1, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, -1, 417, + -1, 419, 420, 421, 422, 423, 424, 425, -1, 427, + 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, -1, -1, -1, 446, -1, + 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, -1, -1, -1, -1, -1, 465, 466, 467, + 468, 469, 470, -1, 472, 473, -1, 475, 476, -1, + -1, 479, -1, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, -1, 493, 494, 495, 496, 497, + 498, 499, 500, 501, -1, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, -1, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, 586, -1, + -1, 589, -1, 591, 592, -1, 594, 595, 596, 597, + -1, 599, 600, 601, 602, -1, -1, -1, -1, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, -1, 634, -1, 636, 637, + 638, -1, 640, 641, -1, 643, 644, 645, 646, 647, + 648, -1, 650, 651, 652, 653, 654, 655, 656, -1, + 658, 659, 660, -1, 662, 663, 664, 665, 666, -1, + 668, 669, -1, -1, 672, 673, -1, -1, 676, 677, + 678, -1, 680, -1, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, -1, 694, 695, -1, 697, + -1, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, -1, 720, 721, 722, 723, 724, 725, 726, 727, + 728, -1, 730, 731, -1, 733, 734, 735, 736, 19, + 20, 739, 740, -1, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + -1, -1, 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 68, -1, + -1, -1, -1, -1, -1, -1, -1, 77, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, 123, -1, -1, -1, 127, -1, -1, + 130, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 157, -1, -1, + -1, -1, -1, -1, -1, 165, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 178, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 315, -1, -1, -1, -1, 320, - 321, 322, 323, 324, 325, -1, 327, 328, 329, 330, - 331, -1, -1, -1, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, -1, 346, 347, 348, 349, 350, - 351, 352, 353, -1, 355, -1, -1, 358, 359, 360, - 361, 362, -1, -1, 365, 366, 367, 368, 369, -1, - -1, -1, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, -1, -1, -1, -1, -1, -1, 389, -1, - 391, -1, 393, 394, -1, 396, 397, 398, 399, 400, - 401, -1, 403, 404, 405, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, -1, 417, -1, 419, 420, - 421, 422, 423, 424, 425, -1, 427, 428, 429, 430, - -1, 432, 433, 434, 435, 436, 437, 438, 439, 440, - 441, 442, -1, -1, -1, 446, -1, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, -1, - -1, -1, -1, -1, 465, 466, 467, 468, 469, 470, - -1, 472, 473, -1, 475, 476, -1, -1, 479, -1, - 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, - 491, -1, 493, 494, 495, 496, 497, 498, 499, 500, - 501, -1, 503, 504, 505, 506, 507, 508, 509, 510, - 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, - 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, - 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, - 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, - 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, - 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, - 571, -1, 573, 574, 575, 576, 577, 578, 579, 580, - -1, 582, 583, 584, 585, 586, -1, -1, 589, -1, - 591, 592, -1, 594, 595, 596, 597, -1, 599, 600, - 601, 602, -1, -1, -1, -1, 607, 608, 609, 610, - 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, - 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, - 631, 632, -1, 634, -1, 636, 637, 638, -1, 640, - 641, -1, 643, 644, 645, 646, 647, 648, -1, 650, - 651, 652, 653, 654, 655, 656, -1, 658, 659, 660, - -1, 662, 663, 664, 665, 666, -1, 668, 669, -1, - -1, 672, 673, -1, -1, 676, 677, 678, -1, 680, - -1, 682, 683, -1, -1, 686, 687, -1, 689, 690, - 691, 692, -1, 694, 695, -1, 697, -1, 699, 700, - 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, - 711, 712, 713, 714, 715, 716, 717, 718, -1, 720, - 721, 722, 723, 724, 725, 726, 727, 728, -1, 730, - 731, -1, 733, 734, 735, 736, 19, 20, 739, 740, - -1, 742, 743, 744, 745, 746, 747, 748, 749, 750, - 751, 752, 753, 754, 755, 756, 757, -1, -1, 760, - 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 68, -1, -1, -1, -1, + 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 315, -1, -1, -1, -1, + 320, 321, 322, 323, 324, 325, -1, 327, 328, 329, + 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, -1, 346, 347, 348, 349, + 350, 351, 352, 353, -1, 355, -1, -1, 358, 359, + 360, 361, 362, -1, -1, 365, 366, 367, 368, 369, + -1, -1, -1, 373, 374, 375, 376, 377, 378, 379, + 380, 381, 382, -1, -1, -1, -1, -1, -1, 389, + -1, 391, -1, 393, 394, -1, 396, 397, 398, 399, + 400, 401, -1, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, -1, 417, -1, 419, + 420, 421, 422, 423, 424, 425, -1, 427, 428, 429, + 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, + 440, 441, 442, -1, -1, -1, 446, -1, 448, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + -1, -1, -1, -1, -1, 465, 466, 467, 468, 469, + 470, -1, 472, 473, -1, 475, 476, -1, -1, 479, + -1, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, -1, 493, 494, 495, 496, 497, 498, 499, + 500, 501, -1, 503, 504, 505, 506, 507, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, + 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, + 570, 571, -1, 573, 574, 575, 576, 577, 578, 579, + 580, -1, 582, 583, 584, 585, 586, -1, -1, 589, + -1, 591, 592, -1, 594, 595, 596, 597, -1, 599, + 600, 601, 602, -1, -1, -1, -1, 607, 608, 609, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 632, -1, 634, -1, 636, 637, 638, -1, + 640, 641, -1, 643, 644, 645, 646, 647, 648, -1, + 650, 651, 652, 653, 654, 655, 656, -1, 658, 659, + 660, -1, 662, 663, 664, 665, 666, -1, 668, 669, + -1, -1, 672, 673, -1, -1, 676, 677, 678, -1, + 680, -1, 682, 683, -1, -1, 686, 687, -1, 689, + 690, 691, 692, -1, 694, 695, -1, 697, -1, 699, + 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, + 710, 711, 712, 713, 714, 715, 716, 717, 718, -1, + 720, 721, 722, 723, 724, 725, 726, 727, 728, -1, + 730, 731, -1, 733, 734, 735, 736, 19, 20, 739, + 740, -1, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, -1, -1, + 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 127, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 68, -1, -1, -1, + -1, -1, -1, -1, -1, 77, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 178, -1, 180, -1, -1, - -1, -1, -1, -1, -1, -1, 189, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, 123, -1, -1, -1, 127, -1, -1, 130, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, 141, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 157, -1, -1, -1, -1, + -1, -1, -1, 165, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 178, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, 189, -1, -1, + -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 242, -1, -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 315, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, -1, 327, 328, 329, 330, 331, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, -1, 346, 347, 348, 349, 350, 351, 352, - 353, -1, 355, -1, -1, 358, 359, 360, 361, 362, - -1, -1, 365, 366, 367, 368, 369, -1, -1, -1, - 373, 374, 375, 376, 377, -1, 379, 380, 381, 382, - -1, -1, -1, -1, -1, -1, 389, -1, 391, -1, - 393, 394, -1, 396, 397, 398, 399, 400, 401, -1, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, -1, 417, -1, 419, 420, 421, 422, - 423, 424, 425, -1, 427, 428, 429, 430, -1, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - -1, -1, -1, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, -1, -1, -1, - -1, -1, 465, 466, 467, 468, 469, 470, -1, 472, - 473, -1, 475, 476, -1, -1, 479, -1, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, -1, - 493, 494, 495, 496, 497, 498, 499, 500, 501, -1, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, -1, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, -1, -1, -1, 589, -1, 591, 592, - -1, 594, 595, 596, 597, -1, 599, 600, 601, 602, - -1, -1, -1, -1, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - -1, 634, -1, 636, 637, 638, -1, 640, 641, -1, - 643, 644, 645, 646, 647, 648, -1, 650, 651, 652, - 653, 654, 655, 656, -1, 658, 659, 660, -1, 662, - 663, 664, 665, 666, -1, 668, 669, -1, -1, 672, - 673, -1, -1, 676, 677, 678, -1, 680, -1, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - -1, 694, 695, -1, 697, -1, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, -1, 720, 721, 722, - 723, 724, 725, 726, 727, 728, -1, 730, 731, -1, - 733, 734, 735, 736, 19, 20, 739, 740, -1, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, -1, -1, 760, 761, -1, - -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 315, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, -1, 327, 328, 329, 330, 331, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, -1, 346, 347, 348, 349, 350, 351, + 352, 353, -1, 355, -1, -1, 358, 359, 360, 361, + 362, -1, -1, 365, 366, 367, 368, 369, -1, -1, + -1, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 382, -1, -1, -1, -1, -1, -1, 389, -1, 391, + -1, 393, 394, -1, 396, 397, 398, 399, 400, 401, + -1, 403, 404, 405, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, -1, 417, -1, 419, 420, 421, + 422, 423, 424, 425, -1, 427, 428, 429, 430, -1, + 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, + 442, -1, -1, -1, 446, -1, 448, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, -1, -1, + -1, -1, -1, 465, 466, 467, 468, 469, 470, -1, + 472, 473, -1, 475, 476, -1, -1, 479, -1, 481, + 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, + -1, 493, 494, 495, 496, 497, 498, 499, 500, 501, + -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, + 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, + 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, + 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, + 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, + 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, + -1, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, 586, -1, -1, 589, -1, 591, + 592, -1, 594, 595, 596, 597, -1, 599, 600, 601, + 602, -1, -1, -1, -1, 607, 608, 609, 610, 611, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, + 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, + 632, -1, 634, -1, 636, 637, 638, -1, 640, 641, + -1, 643, 644, 645, 646, 647, 648, -1, 650, 651, + 652, 653, 654, 655, 656, -1, 658, 659, 660, -1, + 662, 663, 664, 665, 666, -1, 668, 669, -1, -1, + 672, 673, -1, -1, 676, 677, 678, -1, 680, -1, + 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, + 692, -1, 694, 695, -1, 697, -1, 699, 700, 701, + 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, + 712, 713, 714, 715, 716, 717, 718, -1, 720, 721, + 722, 723, 724, 725, 726, 727, 728, -1, 730, 731, + -1, 733, 734, 735, 736, 19, 20, 739, 740, -1, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, + 752, 753, 754, 755, 756, 757, -1, -1, 760, 761, + -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 68, -1, -1, -1, -1, -1, + -1, -1, -1, 77, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 116, -1, -1, -1, -1, -1, -1, 123, + -1, -1, -1, 127, -1, -1, 130, -1, -1, -1, + -1, 135, -1, -1, -1, -1, -1, 141, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 157, -1, -1, -1, -1, -1, -1, + -1, 165, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 178, -1, 180, -1, -1, -1, + -1, -1, -1, -1, -1, 189, -1, -1, -1, -1, + -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 242, -1, + -1, -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 189, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 315, -1, -1, -1, -1, 320, 321, 322, 323, + 324, 325, -1, 327, 328, 329, 330, 331, -1, -1, + -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, -1, 346, 347, 348, 349, 350, 351, 352, 353, + -1, 355, -1, -1, 358, 359, 360, 361, 362, -1, + -1, 365, 366, 367, 368, 369, -1, -1, -1, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, -1, + -1, -1, -1, -1, -1, 389, -1, 391, -1, 393, + 394, -1, 396, 397, 398, 399, 400, 401, -1, 403, + 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, -1, 417, -1, 419, 420, 421, 422, 423, + 424, 425, -1, 427, 428, 429, 430, -1, 432, 433, + 434, 435, 436, 437, 438, 439, 440, 441, 442, -1, + -1, -1, 446, -1, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, -1, -1, -1, -1, + -1, 465, 466, 467, 468, 469, 470, -1, 472, 473, + -1, 475, 476, -1, -1, 479, -1, 481, 482, 483, + 484, 485, 486, 487, 488, 489, 490, 491, -1, 493, + 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, + 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, + 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, + 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, + 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, + 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, + 584, 585, 586, -1, -1, 589, -1, 591, 592, -1, + 594, 595, 596, 597, -1, 599, 600, 601, 602, -1, + -1, -1, -1, 607, 608, 609, 610, 611, 612, 613, + 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, + 624, 625, 626, 627, 628, 629, 630, 631, 632, -1, + 634, -1, 636, 637, 638, -1, 640, 641, -1, 643, + 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, + 654, 655, 656, -1, 658, 659, 660, -1, 662, 663, + 664, 665, 666, -1, 668, 669, -1, -1, 672, 673, + -1, -1, 676, 677, 678, -1, 680, -1, 682, 683, + -1, -1, 686, 687, -1, 689, 690, 691, 692, -1, + 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, + 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, + 714, 715, 716, 717, 718, -1, 720, 721, 722, 723, + 724, 725, 726, 727, 728, -1, 730, 731, -1, 733, + 734, 735, 736, 19, 20, 739, 740, -1, 742, 743, + 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, + 754, 755, 756, 757, -1, -1, 760, 761, -1, -1, + 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 313, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, -1, 327, 328, 329, 330, 331, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - -1, 346, 347, 348, 349, 350, 351, 352, 353, -1, - -1, -1, -1, 358, 359, 360, 361, 362, -1, -1, - 365, 366, 367, 368, 369, -1, -1, -1, 373, 374, - 375, 376, 377, -1, 379, 380, 381, 382, -1, -1, - -1, -1, -1, -1, 389, -1, 391, -1, 393, 394, - -1, 396, 397, 398, 399, 400, 401, -1, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, -1, 417, -1, 419, 420, 421, 422, 423, 424, - 425, -1, 427, 428, 429, 430, -1, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, -1, -1, - -1, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, -1, -1, -1, -1, -1, - 465, 466, 467, 468, 469, 470, -1, 472, 473, -1, - 475, 476, -1, -1, 479, -1, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, -1, 493, 494, - 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, -1, -1, -1, 589, -1, 591, 592, -1, 594, - 595, 596, 597, -1, 599, 600, 601, 602, -1, -1, - -1, -1, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, -1, 634, - -1, 636, 637, 638, -1, 640, 641, -1, 643, 644, - 645, 646, 647, 648, -1, 650, 651, 652, 653, 654, - 655, 656, -1, 658, 659, 660, -1, 662, 663, 664, - 665, 666, -1, 668, 669, -1, -1, 672, 673, -1, - -1, 676, 677, 678, -1, 680, -1, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, -1, 694, - 695, -1, 697, -1, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, -1, 720, 721, 722, 723, 724, - 725, 726, 727, 728, -1, 730, 731, -1, 733, 734, - 735, 736, 19, 20, 739, 740, -1, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, -1, -1, 760, 761, -1, -1, 764, - -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, + -1, -1, -1, 189, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, - -1, -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 313, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + -1, 327, 328, 329, 330, 331, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, -1, + 346, 347, 348, 349, 350, 351, 352, 353, -1, -1, + -1, -1, 358, 359, 360, 361, 362, -1, -1, 365, + 366, 367, 368, 369, -1, -1, -1, 373, 374, 375, + 376, 377, -1, 379, 380, 381, 382, -1, -1, -1, + -1, -1, -1, 389, -1, 391, -1, 393, 394, -1, + 396, 397, 398, 399, 400, 401, -1, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + -1, 417, -1, 419, 420, 421, 422, 423, 424, 425, + -1, 427, 428, 429, 430, -1, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, -1, -1, -1, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, -1, -1, -1, -1, -1, 465, + 466, 467, 468, 469, 470, -1, 472, 473, -1, 475, + 476, -1, -1, 479, -1, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, -1, 493, 494, 495, + 496, 497, 498, 499, 500, 501, -1, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, -1, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + -1, -1, -1, 589, -1, 591, 592, -1, 594, 595, + 596, 597, -1, 599, 600, 601, 602, -1, -1, -1, + -1, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, -1, 634, -1, + 636, 637, 638, -1, 640, 641, -1, 643, 644, 645, + 646, 647, 648, -1, 650, 651, 652, 653, 654, 655, + 656, -1, 658, 659, 660, -1, 662, 663, 664, 665, + 666, -1, 668, 669, -1, -1, 672, 673, -1, -1, + 676, 677, 678, -1, 680, -1, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, -1, 694, 695, + -1, 697, -1, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, -1, 720, 721, 722, 723, 724, 725, + 726, 727, 728, -1, 730, 731, -1, 733, 734, 735, + 736, 19, 20, 739, 740, -1, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, -1, -1, 760, 761, -1, -1, 764, -1, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 280, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, + -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 313, -1, -1, -1, - -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, - 327, 328, 329, 330, 331, -1, -1, -1, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, - 347, 348, 349, 350, 351, 352, 353, -1, -1, -1, - -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, - 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, - 377, -1, 379, 380, 381, 382, -1, -1, -1, -1, - -1, -1, 389, -1, 391, -1, 393, 394, -1, 396, - 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, - 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, - 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, - 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, - -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, - 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, - -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, - 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, - 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, - 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, - 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, - 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, - 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, - 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, - 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, - 577, 578, 579, 580, -1, 582, 583, 584, 585, -1, - -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, - 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, - 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, - 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, - 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, - -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, - -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, - 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, - 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, - 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, - 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, - 727, 728, -1, 730, 731, -1, 733, 734, 735, 736, - 19, 20, 739, 740, -1, 742, 743, 744, 745, 746, - 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, - 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, + -1, 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, + 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - 189, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 313, -1, -1, -1, -1, + -1, -1, 320, 321, 322, 323, 324, 325, -1, 327, + 328, 329, 330, 331, -1, -1, -1, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, -1, 346, 347, + 348, 349, 350, 351, 352, 353, -1, -1, -1, -1, + 358, 359, 360, 361, 362, -1, -1, 365, 366, 367, + 368, 369, -1, -1, -1, 373, 374, 375, 376, 377, + -1, 379, 380, 381, 382, -1, -1, -1, -1, -1, + -1, 389, -1, 391, -1, 393, 394, -1, 396, 397, + 398, 399, 400, 401, -1, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, -1, 417, + -1, 419, 420, 421, 422, 423, 424, 425, -1, 427, + 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, -1, -1, -1, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, -1, -1, -1, -1, -1, 465, 466, 467, + 468, 469, 470, -1, 472, 473, -1, 475, 476, -1, + -1, 479, -1, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, -1, 493, 494, 495, 496, 497, + 498, 499, 500, 501, -1, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, -1, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, -1, -1, + -1, 589, -1, 591, 592, -1, 594, 595, 596, 597, + -1, 599, 600, 601, 602, -1, -1, -1, -1, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, -1, 634, -1, 636, 637, + 638, -1, 640, 641, -1, 643, 644, 645, 646, 647, + 648, -1, 650, 651, 652, 653, 654, 655, 656, -1, + 658, 659, 660, -1, 662, 663, 664, 665, 666, -1, + 668, 669, -1, -1, 672, 673, -1, -1, 676, 677, + 678, -1, 680, -1, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, -1, 694, 695, -1, 697, + -1, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, -1, 720, 721, 722, 723, 724, 725, 726, 727, + 728, -1, 730, 731, -1, 733, 734, 735, 736, 19, + 20, 739, 740, -1, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + -1, -1, 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 280, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, -1, 327, 328, - 329, 330, 331, -1, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, -1, 346, 347, 348, - 349, 350, 351, 352, 353, -1, -1, -1, -1, 358, - 359, 360, 361, 362, -1, -1, 365, 366, 367, 368, - 369, -1, -1, -1, 373, 374, 375, 376, 377, -1, - 379, 380, 381, 382, -1, -1, -1, -1, -1, -1, - 389, -1, 391, -1, 393, 394, -1, 396, 397, 398, - 399, 400, 401, -1, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, -1, 417, -1, - 419, 420, 421, 422, 423, 424, 425, -1, 427, 428, - 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, -1, -1, -1, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, -1, -1, -1, -1, -1, 465, 466, 467, 468, - 469, 470, -1, 472, 473, -1, 475, 476, -1, -1, - 479, -1, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, -1, 493, 494, 495, 496, 497, 498, - 499, 500, 501, -1, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, -1, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, -1, -1, -1, - 589, -1, 591, 592, -1, 594, 595, 596, 597, -1, - 599, 600, 601, 602, -1, -1, -1, -1, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, -1, 634, -1, 636, 637, 638, - -1, 640, 641, -1, 643, 644, 645, 646, 647, 648, - -1, 650, 651, 652, 653, 654, 655, 656, -1, 658, - 659, 660, -1, 662, 663, 664, 665, 666, -1, 668, - 669, -1, -1, 672, 673, -1, -1, 676, 677, 678, - -1, 680, -1, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, -1, 694, 695, -1, 697, -1, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - -1, 720, 721, 722, 723, 724, 725, 726, 727, 728, - -1, 730, 731, -1, 733, 734, 735, 736, -1, -1, - 739, 740, -1, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 19, - 20, 760, 761, -1, -1, 764, -1, 766, 767, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 45, 46, 47, 48, 49, - 50, 51, 52, 53, 54, 55, -1, 57, 58, 59, - 60, -1, -1, 63, 64, 65, 66, 67, 68, 69, - 70, 71, 72, 73, -1, 75, 76, 77, 78, 79, - 80, 81, 82, 83, 84, 85, -1, 87, 88, 89, - 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, - 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, - 120, 121, 122, 123, 124, 125, 126, -1, 128, 129, - 130, 131, 132, -1, -1, 135, 136, 137, 138, 139, - 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, - 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, - 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, - 170, 171, -1, 173, 174, -1, -1, -1, 178, 179, - 180, 181, 182, 183, 184, -1, -1, -1, 188, 189, - 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, - 200, 201, 202, -1, 204, 205, 206, 207, 208, 209, - 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, -1, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 253, 254, 255, 256, 257, 258, -1, - 260, 261, -1, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, -1, -1, -1, 288, 289, - 290, 291, 292, 293, 294, 295, 296, 297, 298, 299, - 300, 301, 302, 303, 304, 305, 306, -1, 308, 309, - 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, - 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, 355, -1, 357, -1, 359, - -1, -1, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, -1, -1, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, -1, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, -1, - 460, 461, 462, -1, 464, 465, 466, -1, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - -1, 501, 502, 503, 504, 505, 506, 507, 508, 509, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, 189, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 320, 321, 322, 323, 324, 325, -1, 327, 328, 329, + 330, 331, -1, -1, -1, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, -1, 346, 347, 348, 349, + 350, 351, 352, 353, -1, -1, -1, -1, 358, 359, + 360, 361, 362, -1, -1, 365, 366, 367, 368, 369, + -1, -1, -1, 373, 374, 375, 376, 377, -1, 379, + 380, 381, 382, -1, -1, -1, -1, -1, -1, 389, + -1, 391, -1, 393, 394, -1, 396, 397, 398, 399, + 400, 401, -1, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, -1, 417, -1, 419, + 420, 421, 422, 423, 424, 425, -1, 427, 428, 429, + 430, -1, 432, 433, 434, 435, 436, 437, 438, 439, + 440, 441, 442, -1, -1, -1, 446, -1, -1, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + -1, -1, -1, -1, -1, 465, 466, 467, 468, 469, + 470, -1, 472, 473, -1, 475, 476, -1, -1, 479, + -1, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, -1, 493, 494, 495, 496, 497, 498, 499, + 500, 501, -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, + 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, -1, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, -1, -1, -1, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, -1, - -1, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, -1, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, + 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, + 570, 571, -1, 573, 574, 575, 576, 577, 578, 579, + 580, -1, 582, 583, 584, 585, -1, -1, -1, 589, + -1, 591, 592, -1, 594, 595, 596, 597, -1, 599, + 600, 601, 602, -1, -1, -1, -1, 607, 608, 609, + 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 632, -1, 634, -1, 636, 637, 638, -1, + 640, 641, -1, 643, 644, 645, 646, 647, 648, -1, + 650, 651, 652, 653, 654, 655, 656, -1, 658, 659, + 660, -1, 662, 663, 664, 665, 666, -1, 668, 669, + -1, -1, 672, 673, -1, -1, 676, 677, 678, -1, + 680, -1, 682, 683, -1, -1, 686, 687, -1, 689, + 690, 691, 692, -1, 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, -1, 718, 719, - -1, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, -1, 759, - 760, 761, 762, -1, 764, 765, 766 + 710, 711, 712, 713, 714, 715, 716, 717, 718, -1, + 720, 721, 722, 723, 724, 725, 726, 727, 728, -1, + 730, 731, -1, 733, 734, 735, 736, -1, -1, 739, + 740, -1, 742, 743, 744, 745, 746, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, 19, 20, + 760, 761, -1, -1, 764, -1, 766, 767, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 45, 46, 47, 48, 49, 50, + 51, 52, 53, 54, 55, -1, 57, 58, 59, 60, + -1, -1, 63, 64, 65, 66, 67, 68, 69, 70, + 71, 72, 73, -1, 75, 76, 77, 78, 79, 80, + 81, 82, 83, 84, 85, -1, 87, 88, 89, 90, + 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, + 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, + 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, + 121, 122, 123, 124, 125, 126, -1, 128, 129, 130, + 131, 132, -1, -1, 135, 136, 137, 138, 139, 140, + 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, + 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, + 171, -1, 173, 174, -1, -1, -1, 178, 179, 180, + 181, 182, 183, 184, -1, -1, -1, 188, 189, 190, + 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, + 201, 202, -1, 204, 205, 206, 207, 208, 209, 210, + 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, + 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, + 231, 232, 233, 234, -1, 236, 237, 238, 239, 240, + 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, + 251, 252, 253, 254, 255, 256, 257, 258, -1, 260, + 261, -1, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, -1, -1, -1, 288, 289, 290, + 291, 292, 293, 294, 295, 296, 297, 298, 299, 300, + 301, 302, 303, 304, 305, 306, -1, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 317, 318, 319, 320, + 321, 322, -1, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, 355, -1, 357, -1, 359, -1, + -1, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, -1, -1, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, -1, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, -1, 460, + 461, 462, -1, 464, 465, 466, -1, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, -1, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, -1, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, -1, -1, -1, 580, + 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, -1, -1, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, -1, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, -1, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, -1, 718, 719, -1, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, + 761, 762, -1, 764, 765, 766 }; /* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of @@ -28860,7 +28968,7 @@ 53, 2001, 47, 382, 1329, 885, 1428, 284, 788, 788, 1617, 788, 1617, 1617, 1854, 1854, 1622, 1854, 1617, 1854, 1854, 1854, 1854, 1854, 1854, 1854, 1617, 1854, 408, 572, - 676, 1825, 122, 291, 1617, 1627, 1854, 1617, 819, 1535, + 676, 1615, 122, 291, 1617, 1627, 1854, 1617, 819, 1535, 1553, 1554, 1508, 1568, 1416, 252, 1605, 246, 1720, 1926, 1297, 127, 917, 789, 1419, 969, 316, 1978, 588, 778, 778, 1965, 1965, 113, 114, 115, 982, 1659, 1365, 1846, @@ -28911,185 +29019,185 @@ 1277, 1283, 1284, 1285, 1288, 1289, 1589, 1434, 1984, 346, 441, 859, 288, 423, 430, 861, 789, 791, 2003, 2004, 53, 47, 788, 1330, 2037, 822, 823, 1617, 824, 825, - 1617, 820, 821, 1617, 143, 299, 463, 1548, 1549, 1552, - 1568, 1613, 1614, 1860, 443, 252, 1721, 1715, 1417, 1428, - 131, 1973, 1973, 979, 2036, 979, 1671, 1372, 506, 143, - 332, 1803, 1176, 1176, 395, 1174, 1182, 1184, 1169, 225, - 1169, 1182, 57, 71, 73, 307, 345, 363, 737, 1157, - 1162, 1164, 1184, 1188, 1197, 1199, 1157, 1182, 1157, 1169, - 788, 1182, 1157, 1176, 1176, 1157, 1176, 788, 1169, 1182, - 71, 308, 308, 311, 1169, 1176, 730, 788, 908, 1176, - 1176, 1176, 580, 1176, 1176, 1169, 911, 311, 1176, 1176, - 1176, 1176, 1176, 1178, 127, 127, 2079, 1860, 1428, 1006, - 994, 1860, 24, 28, 30, 32, 1198, 1199, 30, 30, - 1175, 1198, 1198, 789, 1561, 1561, 65, 257, 1489, 168, - 1492, 1493, 789, 1428, 1428, 1501, 194, 361, 789, 316, - 1466, 1428, 1428, 1428, 1561, 96, 109, 125, 155, 235, - 296, 413, 414, 562, 563, 723, 1162, 1163, 1439, 1440, - 1441, 1442, 1497, 1627, 1561, 1428, 1428, 1860, 1618, 789, - 1211, 1206, 1204, 1206, 1207, 1617, 789, 1501, 207, 1582, - 65, 789, 1500, 1423, 789, 791, 351, 1081, 1428, 1034, - 218, 1051, 1052, 1053, 1618, 1036, 1966, 1854, 1860, 796, - 1680, 1680, 1922, 1418, 789, 789, 1922, 1922, 1904, 1903, - 1603, 1703, 1568, 99, 1692, 1555, 1418, 1693, 789, 1674, - 1675, 1839, 1840, 1844, 1860, 1827, 1672, 1720, 1676, 47, - 1273, 1281, 1282, 1860, 789, 791, 1622, 1772, 1773, 451, - 174, 251, 366, 374, 389, 399, 400, 401, 409, 547, - 559, 644, 659, 700, 714, 945, 944, 788, 771, 771, - 771, 791, 836, 1846, 762, 840, 842, 75, 598, 796, - 1108, 1109, 1110, 1111, 1119, 1120, 1126, 1127, 1128, 1220, - 1223, 1224, 1845, 1860, 167, 749, 422, 1846, 1681, 1681, - 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 422, 1681, - 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 425, - 545, 1860, 1681, 1681, 1021, 1022, 1023, 791, 1091, 1680, - 1017, 899, 877, 54, 339, 1014, 204, 227, 467, 2033, - 2100, 2101, 2102, 97, 227, 467, 2048, 2049, 2050, 2089, - 2090, 2095, 2102, 53, 889, 890, 645, 2045, 681, 2045, - 2001, 22, 29, 31, 1507, 1529, 300, 1531, 300, 1560, - 117, 118, 206, 283, 1805, 1806, 170, 1807, 1596, 1578, - 1577, 1596, 1602, 1601, 1418, 1632, 319, 296, 24, 28, - 30, 32, 24, 28, 30, 32, 28, 30, 32, 28, - 30, 597, 1854, 1970, 30, 30, 597, 99, 153, 564, - 1261, 75, 218, 388, 598, 709, 1111, 1119, 1120, 1290, - 1220, 1290, 218, 1290, 218, 218, 282, 288, 75, 126, - 218, 598, 709, 1125, 1220, 1290, 1681, 218, 65, 1025, - 53, 288, 388, 771, 1220, 1299, 1681, 218, 159, 712, - 159, 218, 712, 1290, 218, 596, 218, 218, 218, 1090, - 791, 1022, 1272, 788, 1110, 607, 1428, 1428, 204, 865, - 875, 204, 390, 866, 1860, 1664, 1387, 2003, 1331, 489, - 789, 791, 789, 791, 789, 791, 1220, 1220, 1549, 1613, - 1717, 128, 443, 1414, 1664, 1373, 1827, 1418, 588, 316, - 1977, 1977, 204, 1694, 154, 1182, 1181, 1680, 1182, 1171, - 1172, 1172, 1197, 57, 99, 1194, 1182, 1157, 1198, 1189, - 57, 73, 1172, 1245, 1820, 1182, 1245, 1172, 311, 1172, - 1182, 580, 906, 907, 1860, 2059, 99, 2033, 2066, 1157, - 905, 946, 1157, 1172, 238, 1168, 2066, 1198, 57, 1200, - 1157, 1182, 1172, 1172, 913, 921, 922, 1617, 788, 914, - 1418, 1000, 789, 789, 789, 789, 791, 789, 789, 1491, - 1842, 1820, 1492, 1494, 1604, 789, 789, 791, 789, 502, - 553, 617, 789, 789, 1169, 155, 1177, 71, 1177, 1198, - 789, 789, 791, 789, 789, 789, 1202, 789, 791, 789, - 65, 230, 252, 1583, 1584, 1842, 789, 1038, 1561, 160, - 476, 789, 791, 1054, 789, 778, 1912, 1911, 1922, 1922, - 829, 1592, 410, 1833, 789, 791, 796, 1388, 1678, 1679, - 1844, 1664, 789, 791, 1558, 789, 791, 50, 1774, 1690, - 1854, 1854, 1854, 826, 788, 838, 1862, 788, 788, 1244, - 1845, 10, 127, 1121, 1860, 789, 791, 72, 126, 226, - 294, 1123, 1219, 1126, 1087, 1220, 1221, 1221, 1129, 796, - 1846, 1681, 99, 1617, 1626, 99, 1617, 99, 1617, 99, - 1617, 1093, 1622, 1617, 1617, 1854, 1854, 1681, 1617, 1862, - 458, 503, 572, 1104, 1617, 1622, 1622, 99, 1617, 1854, - 99, 393, 395, 429, 459, 592, 626, 1103, 1626, 1617, - 1626, 1019, 1803, 1091, 26, 28, 30, 32, 99, 1623, - 1624, 1854, 1860, 1089, 148, 151, 213, 893, 894, 895, - 896, 897, 900, 1860, 2068, 2069, 2070, 878, 879, 1984, - 2075, 101, 150, 297, 1015, 658, 1422, 2093, 1422, 2091, - 431, 2102, 910, 946, 2093, 2091, 903, 2051, 2048, 2090, - 2095, 2003, 789, 891, 900, 2046, 877, 2071, 1854, 2071, - 53, 31, 382, 1509, 1427, 788, 1428, 788, 789, 65, - 65, 117, 65, 1806, 272, 283, 1808, 1809, 1602, 788, - 450, 30, 335, 141, 1087, 141, 1086, 749, 1086, 1654, - 1654, 1348, 1654, 1273, 1282, 1846, 1188, 1654, 160, 1655, - 10, 1654, 749, 226, 1654, 1654, 99, 1860, 1348, 1590, - 1591, 1844, 1024, 1654, 1654, 1846, 99, 1860, 1348, 1282, - 1654, 1348, 1348, 1348, 1273, 46, 78, 110, 1285, 1106, - 1108, 339, 458, 1298, 1561, 674, 1854, 426, 1265, 316, - 2005, 1664, 1334, 1860, 47, 788, 1332, 823, 825, 821, - 127, 1547, 1547, 1719, 1664, 1431, 1418, 131, 1974, 1979, - 1980, 428, 1720, 282, 1860, 57, 99, 1194, 789, 791, - 789, 905, 789, 791, 1150, 1152, 1153, 1154, 1419, 2066, - 796, 771, 1200, 210, 266, 270, 919, 920, 921, 924, - 1434, 1860, 892, 901, 2069, 127, 30, 791, 1596, 789, - 1428, 553, 449, 1622, 789, 1617, 1595, 789, 55, 407, - 414, 720, 723, 732, 1585, 1586, 1824, 1596, 692, 1080, - 1035, 788, 1041, 1053, 1055, 1860, 1922, 1922, 1607, 1834, - 1839, 778, 1860, 789, 791, 1680, 1282, 1773, 423, 789, - 1240, 1242, 1243, 1860, 788, 587, 1240, 1243, 1860, 788, - 1860, 1109, 788, 160, 160, 1221, 1087, 237, 1213, 1244, - 1860, 1087, 1087, 144, 358, 360, 361, 377, 413, 414, - 435, 459, 500, 562, 563, 578, 579, 620, 664, 717, - 720, 723, 747, 767, 946, 1130, 1151, 1154, 1851, 1871, - 1872, 1873, 1874, 1875, 1880, 2054, 1860, 789, 1854, 788, - 1854, 53, 1082, 1021, 653, 730, 1150, 789, 791, 893, - 2066, 105, 2081, 580, 2008, 859, 1860, 795, 1860, 795, - 1421, 795, 2038, 2098, 2038, 2096, 431, 2109, 791, 653, - 730, 1150, 2047, 2072, 2041, 2041, 2003, 788, 789, 1560, - 1560, 1820, 1820, 65, 1820, 65, 65, 1809, 31, 1261, - 415, 1260, 1434, 1348, 1434, 1121, 1860, 1845, 1273, 1845, - 1269, 288, 1271, 1190, 1845, 1654, 1281, 127, 160, 1845, - 1845, 1273, 791, 1596, 1028, 1860, 1845, 1618, 316, 1128, - 1273, 1278, 1273, 789, 1860, 860, 867, 868, 72, 365, - 510, 789, 791, 1333, 136, 158, 207, 1551, 1550, 1664, - 288, 588, 1980, 1695, 1664, 1846, 1198, 1820, 1198, 2066, - 906, 1169, 1428, 1860, 30, 791, 2081, 465, 789, 791, - 916, 789, 1842, 789, 789, 789, 732, 1586, 1587, 1824, - 653, 605, 444, 1588, 605, 1824, 1081, 788, 1048, 1044, - 99, 304, 305, 407, 479, 1056, 1701, 1837, 796, 1679, - 1693, 371, 789, 791, 1596, 788, 1240, 788, 789, 789, - 1860, 788, 1124, 1087, 1244, 1860, 1846, 300, 1231, 730, - 1244, 1244, 1132, 796, 1122, 1123, 1131, 796, 1767, 1020, - 1019, 730, 908, 580, 900, 6, 852, 1860, 2009, 204, - 864, 865, 2094, 2092, 2041, 1422, 795, 1422, 795, 1421, - 900, 730, 908, 580, 2080, 196, 1510, 1511, 1860, 1565, - 789, 789, 1820, 1820, 1820, 789, 120, 1275, 120, 144, - 197, 1239, 110, 259, 1128, 1342, 282, 288, 73, 1845, - 1860, 1297, 1268, 1591, 288, 288, 282, 1298, 1279, 1281, - 1270, 692, 862, 2081, 588, 72, 72, 1860, 226, 1335, - 1336, 1860, 65, 65, 788, 788, 1431, 160, 1535, 1168, - 1418, 796, 920, 901, 1596, 462, 50, 462, 136, 407, - 572, 719, 1046, 1047, 1860, 789, 703, 1049, 1058, 718, - 145, 390, 397, 412, 539, 552, 569, 712, 1072, 1073, - 1074, 1077, 1094, 1740, 1664, 245, 778, 1926, 1242, 30, - 791, 1241, 855, 1926, 1926, 791, 1860, 1428, 1244, 1231, - 730, 788, 1214, 1238, 1112, 1238, 1114, 1115, 18, 226, - 294, 390, 499, 760, 1094, 1133, 1134, 1143, 1185, 1186, - 1187, 1212, 1434, 1154, 73, 99, 202, 204, 350, 469, - 664, 1137, 1139, 1179, 1180, 1186, 1860, 789, 1097, 1098, - 580, 1860, 791, 1417, 861, 898, 2044, 2043, 2099, 2097, - 2041, 580, 1860, 852, 219, 789, 791, 1512, 1845, 595, - 788, 1276, 144, 99, 99, 1298, 1846, 218, 1195, 1348, - 1860, 1845, 1846, 1280, 1320, 1428, 432, 863, 852, 588, - 588, 789, 791, 1557, 1559, 297, 1798, 1860, 1587, 653, - 210, 326, 789, 791, 1618, 788, 1060, 1062, 1057, 422, - 1681, 1681, 422, 1681, 1681, 1681, 1681, 788, 1067, 1074, - 434, 300, 390, 501, 730, 752, 1094, 1225, 1228, 1233, - 1234, 1235, 1239, 1596, 789, 1860, 789, 789, 316, 1226, - 1230, 1234, 1237, 1227, 1229, 1234, 1236, 1860, 791, 789, - 1118, 1116, 1238, 1215, 1860, 181, 1216, 788, 1113, 788, - 788, 160, 1854, 709, 1186, 749, 160, 202, 1194, 19, - 20, 776, 777, 788, 1147, 1148, 1149, 1398, 1450, 1823, - 297, 343, 99, 53, 1180, 1860, 796, 1860, 2012, 866, - 877, 2045, 2040, 2081, 2039, 2080, 1860, 796, 1507, 1511, - 127, 1156, 1158, 1159, 1160, 1514, 1515, 1123, 1618, 1051, - 1149, 316, 760, 1286, 1053, 1286, 154, 1428, 1336, 789, - 789, 1696, 1191, 1045, 1047, 788, 1061, 1062, 1063, 183, - 1059, 1062, 1681, 1854, 1854, 1681, 1623, 1623, 1618, 1862, - 704, 1068, 1069, 1681, 1238, 1854, 1681, 1238, 1287, 1288, - 1289, 1235, 760, 1926, 593, 1287, 1237, 1287, 1236, 789, - 1860, 788, 788, 1117, 789, 791, 466, 594, 672, 204, - 1217, 1240, 788, 1240, 1243, 430, 1183, 1825, 1825, 1146, - 199, 745, 653, 1147, 796, 1860, 1846, 426, 877, 6, - 2042, 2042, 796, 1860, 1513, 208, 120, 219, 789, 744, - 744, 1025, 1286, 1025, 788, 1704, 1705, 1844, 1799, 1049, - 789, 791, 183, 1065, 1066, 1431, 1854, 1854, 1070, 789, - 791, 1101, 1862, 1617, 1289, 1288, 589, 1225, 1851, 789, - 1240, 1240, 788, 1860, 101, 297, 789, 1240, 789, 789, - 789, 788, 1424, 431, 693, 1138, 1860, 796, 127, 867, - 1860, 796, 1509, 219, 1507, 1025, 1051, 791, 1680, 252, - 1810, 1062, 791, 1064, 1071, 1862, 1069, 1287, 789, 1241, - 1240, 67, 245, 259, 572, 1218, 1218, 1225, 789, 1226, - 1227, 789, 1618, 1135, 1136, 1185, 1135, 599, 698, 753, - 1140, 1860, 1417, 1860, 1507, 99, 202, 436, 1516, 1518, - 1519, 1520, 789, 1705, 1693, 484, 1804, 1066, 789, 1075, - 1076, 1077, 1213, 789, 1241, 99, 202, 336, 204, 204, - 1225, 789, 1185, 1141, 1142, 1143, 2013, 1517, 1823, 1824, - 204, 1518, 1520, 1518, 1519, 65, 1807, 1077, 1225, 789, - 297, 101, 1143, 112, 116, 436, 204, 204, 1820, 143, - 1811, 1225, 1218, 1218, 653, 30, 788, 1813, 2014, 170, - 252, 1812, 3, 789, 1814, 1815, 1844, 259, 1816, 461, - 604, 2006, 2007, 1862, 789, 791, 1817, 1818, 1844, 1664, - 1862, 2015, 1815, 791, 1680, 2081, 1818, 1417, 852, 1693, - 1418 + 1617, 820, 821, 1617, 1825, 143, 299, 463, 1548, 1549, + 1552, 1568, 1613, 1614, 1860, 443, 252, 1721, 1715, 1417, + 1428, 131, 1973, 1973, 979, 2036, 979, 1671, 1372, 506, + 143, 332, 1803, 1176, 1176, 395, 1174, 1182, 1184, 1169, + 225, 1169, 1182, 57, 71, 73, 307, 345, 363, 737, + 1157, 1162, 1164, 1184, 1188, 1197, 1199, 1157, 1182, 1157, + 1169, 788, 1182, 1157, 1176, 1176, 1157, 1176, 788, 1169, + 1182, 71, 308, 308, 311, 1169, 1176, 730, 788, 908, + 1176, 1176, 1176, 580, 1176, 1176, 1169, 911, 311, 1176, + 1176, 1176, 1176, 1176, 1178, 127, 127, 2079, 1860, 1428, + 1006, 994, 1860, 24, 28, 30, 32, 1198, 1199, 30, + 30, 1175, 1198, 1198, 789, 1561, 1561, 65, 257, 1489, + 168, 1492, 1493, 789, 1428, 1428, 1501, 194, 361, 789, + 316, 1466, 1428, 1428, 1428, 1561, 96, 109, 125, 155, + 235, 296, 413, 414, 562, 563, 723, 1162, 1163, 1439, + 1440, 1441, 1442, 1497, 1627, 1561, 1428, 1428, 1860, 1618, + 789, 1211, 1206, 1204, 1206, 1207, 1617, 789, 1501, 207, + 1582, 65, 789, 1500, 1423, 789, 791, 351, 1081, 1428, + 1034, 218, 1051, 1052, 1053, 1618, 1036, 1966, 1854, 1860, + 796, 1680, 1680, 1922, 1418, 789, 789, 1922, 1922, 1904, + 1903, 1603, 1703, 1568, 99, 1692, 1555, 1418, 1693, 789, + 1674, 1675, 1839, 1840, 1844, 1860, 1827, 1672, 1720, 1676, + 47, 1273, 1281, 1282, 1860, 789, 791, 1622, 1772, 1773, + 451, 174, 251, 366, 374, 389, 399, 400, 401, 409, + 547, 559, 644, 659, 700, 714, 945, 944, 788, 771, + 771, 771, 791, 836, 1846, 762, 840, 842, 75, 598, + 796, 1108, 1109, 1110, 1111, 1119, 1120, 1126, 1127, 1128, + 1220, 1223, 1224, 1845, 1860, 167, 749, 422, 1846, 1681, + 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 422, + 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, 1681, + 425, 545, 1860, 1681, 1681, 1021, 1022, 1023, 791, 1091, + 1680, 1017, 899, 877, 54, 339, 1014, 204, 227, 467, + 2033, 2100, 2101, 2102, 97, 227, 467, 2048, 2049, 2050, + 2089, 2090, 2095, 2102, 53, 889, 890, 645, 2045, 681, + 2045, 2001, 22, 29, 31, 1507, 1529, 300, 1531, 300, + 1560, 117, 118, 206, 283, 1805, 1806, 170, 1807, 1596, + 1578, 1577, 1596, 1602, 1601, 1418, 1632, 319, 296, 24, + 28, 30, 32, 24, 28, 30, 32, 28, 30, 32, + 28, 30, 597, 1854, 1970, 30, 30, 597, 99, 153, + 564, 1261, 75, 218, 388, 598, 709, 1111, 1119, 1120, + 1290, 1220, 1290, 218, 1290, 218, 218, 282, 288, 75, + 126, 218, 598, 709, 1125, 1220, 1290, 1681, 218, 65, + 1025, 53, 288, 388, 771, 1220, 1299, 1681, 218, 159, + 712, 159, 218, 712, 1290, 218, 596, 218, 218, 218, + 1090, 791, 1022, 1272, 788, 1110, 607, 1428, 1428, 204, + 865, 875, 204, 390, 866, 1860, 1664, 1387, 2003, 1331, + 489, 789, 791, 789, 791, 789, 791, 1220, 1220, 1549, + 1613, 1717, 128, 443, 1414, 1664, 1373, 1827, 1418, 588, + 316, 1977, 1977, 204, 1694, 154, 1182, 1181, 1680, 1182, + 1171, 1172, 1172, 1197, 57, 99, 1194, 1182, 1157, 1198, + 1189, 57, 73, 1172, 1245, 1820, 1182, 1245, 1172, 311, + 1172, 1182, 580, 906, 907, 1860, 2059, 99, 2033, 2066, + 1157, 905, 946, 1157, 1172, 238, 1168, 2066, 1198, 57, + 1200, 1157, 1182, 1172, 1172, 913, 921, 922, 1617, 788, + 914, 1418, 1000, 789, 789, 789, 789, 791, 789, 789, + 1491, 1842, 1820, 1492, 1494, 1604, 789, 789, 791, 789, + 502, 553, 617, 789, 789, 1169, 155, 1177, 71, 1177, + 1198, 789, 789, 791, 789, 789, 789, 1202, 789, 791, + 789, 65, 230, 252, 1583, 1584, 1842, 789, 1038, 1561, + 160, 476, 789, 791, 1054, 789, 778, 1912, 1911, 1922, + 1922, 829, 1592, 410, 1833, 789, 791, 796, 1388, 1678, + 1679, 1844, 1664, 789, 791, 1558, 789, 791, 50, 1774, + 1690, 1854, 1854, 1854, 826, 788, 838, 1862, 788, 788, + 1244, 1845, 10, 127, 1121, 1860, 789, 791, 72, 126, + 226, 294, 1123, 1219, 1126, 1087, 1220, 1221, 1221, 1129, + 796, 1846, 1681, 99, 1617, 1626, 99, 1617, 99, 1617, + 99, 1617, 1093, 1622, 1617, 1617, 1854, 1854, 1681, 1617, + 1862, 458, 503, 572, 1104, 1617, 1622, 1622, 99, 1617, + 1854, 99, 393, 395, 429, 459, 592, 626, 1103, 1626, + 1617, 1626, 1019, 1803, 1091, 26, 28, 30, 32, 99, + 1623, 1624, 1854, 1860, 1089, 148, 151, 213, 893, 894, + 895, 896, 897, 900, 1860, 2068, 2069, 2070, 878, 879, + 1984, 2075, 101, 150, 297, 1015, 658, 1422, 2093, 1422, + 2091, 431, 2102, 910, 946, 2093, 2091, 903, 2051, 2048, + 2090, 2095, 2003, 789, 891, 900, 2046, 877, 2071, 1854, + 2071, 53, 31, 382, 1509, 1427, 788, 1428, 788, 789, + 65, 65, 117, 65, 1806, 272, 283, 1808, 1809, 1602, + 788, 450, 30, 335, 141, 1087, 141, 1086, 749, 1086, + 1654, 1654, 1348, 1654, 1273, 1282, 1846, 1188, 1654, 160, + 1655, 10, 1654, 749, 226, 1654, 1654, 99, 1860, 1348, + 1590, 1591, 1844, 1024, 1654, 1654, 1846, 99, 1860, 1348, + 1282, 1654, 1348, 1348, 1348, 1273, 46, 78, 110, 1285, + 1106, 1108, 339, 458, 1298, 1561, 674, 1854, 426, 1265, + 316, 2005, 1664, 1334, 1860, 47, 788, 1332, 823, 825, + 821, 127, 1547, 1547, 1719, 1664, 1431, 1418, 131, 1974, + 1979, 1980, 428, 1720, 282, 1860, 57, 99, 1194, 789, + 791, 789, 905, 789, 791, 1150, 1152, 1153, 1154, 1419, + 2066, 796, 771, 1200, 210, 266, 270, 919, 920, 921, + 924, 1434, 1860, 892, 901, 2069, 127, 30, 791, 1596, + 789, 1428, 553, 449, 1622, 789, 1617, 1595, 789, 55, + 407, 414, 720, 723, 732, 1585, 1586, 1824, 1596, 692, + 1080, 1035, 788, 1041, 1053, 1055, 1860, 1922, 1922, 1607, + 1834, 1839, 778, 1860, 789, 791, 1680, 1282, 1773, 423, + 789, 1240, 1242, 1243, 1860, 788, 587, 1240, 1243, 1860, + 788, 1860, 1109, 788, 160, 160, 1221, 1087, 237, 1213, + 1244, 1860, 1087, 1087, 144, 358, 360, 361, 377, 413, + 414, 435, 459, 500, 562, 563, 578, 579, 620, 664, + 717, 720, 723, 747, 767, 946, 1130, 1151, 1154, 1851, + 1871, 1872, 1873, 1874, 1875, 1880, 2054, 1860, 789, 1854, + 788, 1854, 53, 1082, 1021, 653, 730, 1150, 789, 791, + 893, 2066, 105, 2081, 580, 2008, 859, 1860, 795, 1860, + 795, 1421, 795, 2038, 2098, 2038, 2096, 431, 2109, 791, + 653, 730, 1150, 2047, 2072, 2041, 2041, 2003, 788, 789, + 1560, 1560, 1820, 1820, 65, 1820, 65, 65, 1809, 31, + 1261, 415, 1260, 1434, 1348, 1434, 1121, 1860, 1845, 1273, + 1845, 1269, 288, 1271, 1190, 1845, 1654, 1281, 127, 160, + 1845, 1845, 1273, 791, 1596, 1028, 1860, 1845, 1618, 316, + 1128, 1273, 1278, 1273, 789, 1860, 860, 867, 868, 72, + 365, 510, 789, 791, 1333, 136, 158, 207, 1551, 1550, + 1664, 288, 588, 1980, 1695, 1664, 1846, 1198, 1820, 1198, + 2066, 906, 1169, 1428, 1860, 30, 791, 2081, 465, 789, + 791, 916, 789, 1842, 789, 789, 789, 732, 1586, 1587, + 1824, 653, 605, 444, 1588, 605, 1824, 1081, 788, 1048, + 1044, 99, 304, 305, 407, 479, 1056, 1701, 1837, 796, + 1679, 1693, 371, 789, 791, 1596, 788, 1240, 788, 789, + 789, 1860, 788, 1124, 1087, 1244, 1860, 1846, 300, 1231, + 730, 1244, 1244, 1132, 796, 1122, 1123, 1131, 796, 1767, + 1020, 1019, 730, 908, 580, 900, 6, 852, 1860, 2009, + 204, 864, 865, 2094, 2092, 2041, 1422, 795, 1422, 795, + 1421, 900, 730, 908, 580, 2080, 196, 1510, 1511, 1860, + 1565, 789, 789, 1820, 1820, 1820, 789, 120, 1275, 120, + 144, 197, 1239, 110, 259, 1128, 1342, 282, 288, 73, + 1845, 1860, 1297, 1268, 1591, 288, 288, 282, 1298, 1279, + 1281, 1270, 692, 862, 2081, 588, 72, 72, 1860, 226, + 1335, 1336, 1860, 65, 65, 788, 788, 1431, 160, 1535, + 1168, 1418, 796, 920, 901, 1596, 462, 50, 462, 136, + 407, 572, 719, 1046, 1047, 1860, 789, 703, 1049, 1058, + 718, 145, 390, 397, 412, 539, 552, 569, 712, 1072, + 1073, 1074, 1077, 1094, 1740, 1664, 245, 778, 1926, 1242, + 30, 791, 1241, 855, 1926, 1926, 791, 1860, 1428, 1244, + 1231, 730, 788, 1214, 1238, 1112, 1238, 1114, 1115, 18, + 226, 294, 390, 499, 760, 1094, 1133, 1134, 1143, 1185, + 1186, 1187, 1212, 1434, 1154, 73, 99, 202, 204, 350, + 469, 664, 1137, 1139, 1179, 1180, 1186, 1860, 789, 1097, + 1098, 580, 1860, 791, 1417, 861, 898, 2044, 2043, 2099, + 2097, 2041, 580, 1860, 852, 219, 789, 791, 1512, 1845, + 595, 788, 1276, 144, 99, 99, 1298, 1846, 218, 1195, + 1348, 1860, 1845, 1846, 1280, 1320, 1428, 432, 863, 852, + 588, 588, 789, 791, 1557, 1559, 297, 1798, 1860, 1587, + 653, 210, 326, 789, 791, 1618, 788, 1060, 1062, 1057, + 422, 1681, 1681, 422, 1681, 1681, 1681, 1681, 788, 1067, + 1074, 434, 300, 390, 501, 730, 752, 1094, 1225, 1228, + 1233, 1234, 1235, 1239, 1596, 789, 1860, 789, 789, 316, + 1226, 1230, 1234, 1237, 1227, 1229, 1234, 1236, 1860, 791, + 789, 1118, 1116, 1238, 1215, 1860, 181, 1216, 788, 1113, + 788, 788, 160, 1854, 709, 1186, 749, 160, 202, 1194, + 19, 20, 776, 777, 788, 1147, 1148, 1149, 1398, 1450, + 1823, 297, 343, 99, 53, 1180, 1860, 796, 1860, 2012, + 866, 877, 2045, 2040, 2081, 2039, 2080, 1860, 796, 1507, + 1511, 127, 1156, 1158, 1159, 1160, 1514, 1515, 1123, 1618, + 1051, 1149, 316, 760, 1286, 1053, 1286, 154, 1428, 1336, + 789, 789, 1696, 1191, 1045, 1047, 788, 1061, 1062, 1063, + 183, 1059, 1062, 1681, 1854, 1854, 1681, 1623, 1623, 1618, + 1862, 704, 1068, 1069, 1681, 1238, 1854, 1681, 1238, 1287, + 1288, 1289, 1235, 760, 1926, 593, 1287, 1237, 1287, 1236, + 789, 1860, 788, 788, 1117, 789, 791, 466, 594, 672, + 204, 1217, 1240, 788, 1240, 1243, 430, 1183, 1825, 1825, + 1146, 199, 745, 653, 1147, 796, 1860, 1846, 426, 877, + 6, 2042, 2042, 796, 1860, 1513, 208, 120, 219, 789, + 744, 744, 1025, 1286, 1025, 788, 1704, 1705, 1844, 1799, + 1049, 789, 791, 183, 1065, 1066, 1431, 1854, 1854, 1070, + 789, 791, 1101, 1862, 1617, 1289, 1288, 589, 1225, 1851, + 789, 1240, 1240, 788, 1860, 101, 297, 789, 1240, 789, + 789, 789, 788, 1424, 431, 693, 1138, 1860, 796, 127, + 867, 1860, 796, 1509, 219, 1507, 1025, 1051, 791, 1680, + 252, 1810, 1062, 791, 1064, 1071, 1862, 1069, 1287, 789, + 1241, 1240, 67, 245, 259, 572, 1218, 1218, 1225, 789, + 1226, 1227, 789, 1618, 1135, 1136, 1185, 1135, 599, 698, + 753, 1140, 1860, 1417, 1860, 1507, 99, 202, 436, 1516, + 1518, 1519, 1520, 789, 1705, 1693, 484, 1804, 1066, 789, + 1075, 1076, 1077, 1213, 789, 1241, 99, 202, 336, 204, + 204, 1225, 789, 1185, 1141, 1142, 1143, 2013, 1517, 1823, + 1824, 204, 1518, 1520, 1518, 1519, 65, 1807, 1077, 1225, + 789, 297, 101, 1143, 112, 116, 436, 204, 204, 1820, + 143, 1811, 1225, 1218, 1218, 653, 30, 788, 1813, 2014, + 170, 252, 1812, 3, 789, 1814, 1815, 1844, 259, 1816, + 461, 604, 2006, 2007, 1862, 789, 791, 1817, 1818, 1844, + 1664, 1862, 2015, 1815, 791, 1680, 2081, 1818, 1417, 852, + 1693, 1418 }; /* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ @@ -29494,7 +29602,7 @@ 1, 3, 1, 1, 0, 5, 3, 0, 0, 6, 0, 0, 3, 1, 3, 0, 3, 0, 7, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 5, 5, 5, + 3, 3, 3, 3, 3, 3, 4, 5, 5, 5, 1, 0, 1, 3, 1, 0, 1, 3, 1, 0, 1, 3, 1, 3, 3, 3, 3, 3, 3, 3, 3, 0, 1, 1, 0, 1, 3, 0, 0, 8, @@ -30085,7 +30193,7 @@ if (!((*yyvaluep).expr_lex)->sp_lex_in_use) delete ((*yyvaluep).expr_lex); } -#line 30089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case YYSYMBOL_cursor_actual_parameters: /* cursor_actual_parameters */ @@ -30102,7 +30210,7 @@ } } } -#line 30106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case YYSYMBOL_opt_parenthesized_cursor_actual_parameters: /* opt_parenthesized_cursor_actual_parameters */ @@ -30119,7 +30227,7 @@ } } } -#line 30123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; default: @@ -30402,7 +30510,7 @@ thd->lex->sql_command= SQLCOM_EMPTY_QUERY; YYLIP->found_semicolon= NULL; } -#line 30406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3: /* $@1: %empty */ @@ -30429,7 +30537,7 @@ lip->found_semicolon= NULL; } } -#line 30433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 5: /* query: directly_executable_statement END_OF_INPUT */ @@ -30438,7 +30546,7 @@ /* Single query, not terminated. */ YYLIP->found_semicolon= NULL; } -#line 30442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 71: /* deallocate: deallocate_or_drop PREPARE_SYM ident */ @@ -30446,7 +30554,7 @@ { Lex->stmt_deallocate_prepare((yyvsp[0].ident_sys)); } -#line 30450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 74: /* $@2: %empty */ @@ -30456,7 +30564,7 @@ thd->where_str= Lex->clause_that_disallows_subselect= "PREPARE..FROM"; } -#line 30460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 75: /* prepare: PREPARE_SYM ident FROM $@2 expr */ @@ -30466,7 +30574,7 @@ if (Lex->stmt_prepare((yyvsp[-3].ident_sys), (yyvsp[0].item))) MYSQL_YYABORT; } -#line 30470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 76: /* execute: EXECUTE_SYM ident execute_using */ @@ -30475,7 +30583,7 @@ if (Lex->stmt_execute((yyvsp[-1].ident_sys), (yyvsp[0].item_list))) MYSQL_YYABORT; } -#line 30479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 77: /* $@3: %empty */ @@ -30485,13 +30593,13 @@ thd->where_str= Lex->clause_that_disallows_subselect= "EXECUTE IMMEDIATE"; } -#line 30489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 78: /* $@4: %empty */ #line 2199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= NULL; } -#line 30495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 79: /* execute: EXECUTE_SYM IMMEDIATE_SYM $@3 expr $@4 execute_using */ @@ -30500,19 +30608,19 @@ if (Lex->stmt_execute_immediate((yyvsp[-2].item), (yyvsp[0].item_list))) MYSQL_YYABORT; } -#line 30504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 80: /* execute_using: %empty */ #line 2208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 30510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 81: /* $@5: %empty */ #line 2210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "EXECUTE..USING"; } -#line 30516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 82: /* execute_using: USING $@5 execute_params */ @@ -30521,7 +30629,7 @@ (yyval.item_list)= (yyvsp[0].item_list); Lex->clause_that_disallows_subselect= NULL; } -#line 30525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 83: /* execute_params: expr_or_ignore_or_default */ @@ -30530,7 +30638,7 @@ if (unlikely(!((yyval.item_list)= List::make(thd->mem_root, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 30534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 84: /* execute_params: execute_params ',' expr_or_ignore_or_default */ @@ -30539,7 +30647,7 @@ if (((yyval.item_list)= (yyvsp[-2].item_list))->push_back((yyvsp[0].item), thd->mem_root)) MYSQL_YYABORT; } -#line 30543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 85: /* $@6: %empty */ @@ -30548,7 +30656,7 @@ if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "HELP")); } -#line 30552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 86: /* help: HELP_SYM $@6 ident_or_text */ @@ -30558,7 +30666,7 @@ lex->sql_command= SQLCOM_HELP; lex->help_arg= (yyvsp[0].lex_str).str; } -#line 30562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 87: /* $@7: %empty */ @@ -30566,13 +30674,13 @@ { Lex->sql_command = SQLCOM_CHANGE_MASTER; } -#line 30570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 88: /* change: CHANGE MASTER_SYM optional_connection_name TO_SYM $@7 master_defs optional_for_channel */ #line 2257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 91: /* master_def: MASTER_HOST_SYM '=' TEXT_STRING_sys */ @@ -30580,7 +30688,7 @@ { Lex->mi.host = (yyvsp[0].lex_str).str; } -#line 30584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 92: /* master_def: MASTER_USER_SYM '=' TEXT_STRING_sys */ @@ -30588,7 +30696,7 @@ { Lex->mi.user = (yyvsp[0].lex_str).str; } -#line 30592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 93: /* master_def: MASTER_PASSWORD_SYM '=' TEXT_STRING_sys */ @@ -30596,7 +30704,7 @@ { Lex->mi.password = (yyvsp[0].lex_str).str; } -#line 30600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 94: /* master_def: MASTER_PORT_SYM '=' ulong_num */ @@ -30604,7 +30712,7 @@ { Lex->mi.port = (yyvsp[0].ulong_num); } -#line 30608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 95: /* master_def: MASTER_CONNECT_RETRY_SYM '=' ulong_num */ @@ -30612,7 +30720,7 @@ { Lex->mi.connect_retry = (yyvsp[0].ulong_num); } -#line 30616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 96: /* master_def: MASTER_DELAY_SYM '=' ulong_num */ @@ -30626,7 +30734,7 @@ else Lex->mi.sql_delay = (yyvsp[0].ulong_num); } -#line 30630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 97: /* master_def: MASTER_SSL_SYM '=' ulong_num */ @@ -30635,7 +30743,7 @@ Lex->mi.ssl= (yyvsp[0].ulong_num) ? LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE; } -#line 30639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 98: /* master_def: MASTER_SSL_CA_SYM '=' TEXT_STRING_sys */ @@ -30643,7 +30751,7 @@ { Lex->mi.ssl_ca= (yyvsp[0].lex_str).str; } -#line 30647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 99: /* master_def: MASTER_SSL_CAPATH_SYM '=' TEXT_STRING_sys */ @@ -30651,7 +30759,7 @@ { Lex->mi.ssl_capath= (yyvsp[0].lex_str).str; } -#line 30655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 100: /* master_def: MASTER_SSL_CERT_SYM '=' TEXT_STRING_sys */ @@ -30659,7 +30767,7 @@ { Lex->mi.ssl_cert= (yyvsp[0].lex_str).str; } -#line 30663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 101: /* master_def: MASTER_SSL_CIPHER_SYM '=' TEXT_STRING_sys */ @@ -30667,7 +30775,7 @@ { Lex->mi.ssl_cipher= (yyvsp[0].lex_str).str; } -#line 30671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 102: /* master_def: MASTER_SSL_KEY_SYM '=' TEXT_STRING_sys */ @@ -30675,7 +30783,7 @@ { Lex->mi.ssl_key= (yyvsp[0].lex_str).str; } -#line 30679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 103: /* master_def: MASTER_SSL_VERIFY_SERVER_CERT_SYM '=' ulong_num */ @@ -30684,7 +30792,7 @@ Lex->mi.ssl_verify_server_cert= (yyvsp[0].ulong_num) ? LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE; } -#line 30688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 104: /* master_def: MASTER_SSL_CRL_SYM '=' TEXT_STRING_sys */ @@ -30692,7 +30800,7 @@ { Lex->mi.ssl_crl= (yyvsp[0].lex_str).str; } -#line 30696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 105: /* master_def: MASTER_SSL_CRLPATH_SYM '=' TEXT_STRING_sys */ @@ -30700,10 +30808,10 @@ { Lex->mi.ssl_crlpath= (yyvsp[0].lex_str).str; } -#line 30704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; - case 106: /* master_def: MASTER_HEARTBEAT_PERIOD_SYM '=' NUM_literal */ + case 106: /* master_def: MASTER_HEARTBEAT_PERIOD_SYM '=' opt_plus NUM_literal */ #line 2336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.heartbeat_period= (float) (yyvsp[0].item_num)->val_real(); @@ -30732,7 +30840,7 @@ } Lex->mi.heartbeat_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 30736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 107: /* master_def: IGNORE_SERVER_IDS_SYM '=' '(' ignore_server_id_list ')' */ @@ -30740,7 +30848,7 @@ { Lex->mi.repl_ignore_server_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 30744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 108: /* master_def: DO_DOMAIN_IDS_SYM '=' '(' do_domain_id_list ')' */ @@ -30748,7 +30856,7 @@ { Lex->mi.repl_do_domain_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 30752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 109: /* master_def: IGNORE_DOMAIN_IDS_SYM '=' '(' ignore_domain_id_list ')' */ @@ -30756,7 +30864,7 @@ { Lex->mi.repl_ignore_domain_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 30760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 114: /* ignore_server_id: ulong_num */ @@ -30764,7 +30872,7 @@ { insert_dynamic(&Lex->mi.repl_ignore_server_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 30768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 118: /* do_domain_id: ulong_num */ @@ -30772,7 +30880,7 @@ { insert_dynamic(&Lex->mi.repl_do_domain_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 30776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 122: /* ignore_domain_id: ulong_num */ @@ -30780,7 +30888,7 @@ { insert_dynamic(&Lex->mi.repl_ignore_domain_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 30784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 123: /* master_file_def: MASTER_LOG_FILE_SYM '=' TEXT_STRING_sys */ @@ -30788,7 +30896,7 @@ { Lex->mi.log_file_name = (yyvsp[0].lex_str).str; } -#line 30792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 124: /* master_file_def: MASTER_LOG_POS_SYM '=' ulonglong_num */ @@ -30807,7 +30915,7 @@ */ Lex->mi.pos= MY_MAX(BIN_LOG_HEADER_SIZE, (yyvsp[0].ulonglong_number)); } -#line 30811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 125: /* master_file_def: RELAY_LOG_FILE_SYM '=' TEXT_STRING_sys */ @@ -30815,7 +30923,7 @@ { Lex->mi.relay_log_name = (yyvsp[0].lex_str).str; } -#line 30819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 126: /* master_file_def: RELAY_LOG_POS_SYM '=' ulong_num */ @@ -30825,7 +30933,7 @@ /* Adjust if < BIN_LOG_HEADER_SIZE (same comment as Lex->mi.pos) */ Lex->mi.relay_log_pos= MY_MAX(BIN_LOG_HEADER_SIZE, Lex->mi.relay_log_pos); } -#line 30829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 127: /* master_file_def: MASTER_USE_GTID_SYM '=' CURRENT_POS_SYM */ @@ -30835,7 +30943,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_CURRENT_POS; } -#line 30839 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 128: /* master_file_def: MASTER_USE_GTID_SYM '=' SLAVE_POS_SYM */ @@ -30845,7 +30953,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_SLAVE_POS; } -#line 30849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 129: /* master_file_def: MASTER_USE_GTID_SYM '=' NO_SYM */ @@ -30855,7 +30963,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_NO; } -#line 30859 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 130: /* master_file_def: MASTER_DEMOTE_TO_SLAVE_SYM '=' bool */ @@ -30863,7 +30971,7 @@ { Lex->mi.is_demotion_opt= (bool) (yyvsp[0].ulong_num); } -#line 30867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 131: /* optional_connection_name: %empty */ @@ -30872,7 +30980,7 @@ LEX *lex= thd->lex; lex->mi.connection_name= null_clex_str; } -#line 30876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 133: /* connection_name: TEXT_STRING_sys */ @@ -30884,7 +30992,7 @@ my_yyabort_error((ER_WRONG_ARGUMENTS, MYF(0), "MASTER_CONNECTION_NAME")); #endif } -#line 30888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 30996 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 134: /* optional_for_channel: %empty */ @@ -30892,7 +31000,7 @@ { /*do nothing */ } -#line 30896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 136: /* for_channel: FOR_SYM CHANNEL_SYM TEXT_STRING_sys */ @@ -30912,7 +31020,7 @@ } } -#line 30916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 137: /* $@8: %empty */ @@ -30928,7 +31036,7 @@ if (lex->set_command_with_check(SQLCOM_CREATE_TABLE, (yyvsp[-2].num), (yyvsp[-3].object_ddl_options) | (yyvsp[0].object_ddl_options))) MYSQL_YYABORT; } -#line 30932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 138: /* $@9: %empty */ @@ -30949,7 +31057,7 @@ lex->create_last_non_select_table= lex->last_table(); lex->inc_select_stack_outer_barrier(); } -#line 30953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 139: /* create: create_or_replace opt_temporary TABLE_SYM opt_if_not_exists $@8 table_ident $@9 create_body */ @@ -30959,7 +31067,7 @@ create_table_set_open_action_and_adjust_tables(lex); Lex->pop_select(); //main select } -#line 30963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 140: /* $@10: %empty */ @@ -30993,7 +31101,7 @@ new (thd->mem_root) sequence_definition()))) MYSQL_YYABORT; } -#line 30997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 141: /* create: create_or_replace opt_temporary SEQUENCE_SYM opt_if_not_exists table_ident $@10 opt_sequence opt_create_table_options */ @@ -31024,7 +31132,7 @@ create_table_set_open_action_and_adjust_tables(lex); Lex->pop_select(); //main select } -#line 31028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 142: /* $@11: %empty */ @@ -31033,7 +31141,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 31037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 143: /* $@12: %empty */ @@ -31044,7 +31152,7 @@ if (Lex->add_create_index(Key::MULTIPLE, &(yyvsp[-3].ident_sys), (yyvsp[-2].key_alg), (yyvsp[-7].object_ddl_options) | (yyvsp[-5].object_ddl_options))) MYSQL_YYABORT; } -#line 31048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 144: /* create: create_or_replace INDEX_SYM opt_if_not_exists $@11 ident opt_key_algorithm_clause ON table_ident $@12 '(' key_list ')' opt_lock_wait_timeout normal_key_options opt_index_lock_algorithm */ @@ -31052,7 +31160,7 @@ { Lex->pop_select(); //main select } -#line 31056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 145: /* $@13: %empty */ @@ -31061,7 +31169,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 31065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 146: /* $@14: %empty */ @@ -31072,7 +31180,7 @@ if (Lex->add_create_index(Key::UNIQUE, &(yyvsp[-3].ident_sys), (yyvsp[-2].key_alg), (yyvsp[-8].object_ddl_options) | (yyvsp[-5].object_ddl_options))) MYSQL_YYABORT; } -#line 31076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 147: /* create: create_or_replace UNIQUE_SYM INDEX_SYM opt_if_not_exists $@13 ident opt_key_algorithm_clause ON table_ident $@14 '(' key_list opt_without_overlaps ')' opt_lock_wait_timeout normal_key_options opt_index_lock_algorithm */ @@ -31080,7 +31188,7 @@ { Lex->pop_select(); //main select } -#line 31084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 148: /* $@15: %empty */ @@ -31089,7 +31197,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 31093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 149: /* $@16: %empty */ @@ -31100,7 +31208,7 @@ if (Lex->add_create_index((yyvsp[-6].key_type), &(yyvsp[-2].ident_sys), HA_KEY_ALG_UNDEF, (yyvsp[-7].object_ddl_options) | (yyvsp[-3].object_ddl_options))) MYSQL_YYABORT; } -#line 31104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 150: /* create: create_or_replace fulltext INDEX_SYM $@15 opt_if_not_exists ident ON table_ident $@16 '(' key_list ')' opt_lock_wait_timeout fulltext_key_options opt_index_lock_algorithm */ @@ -31108,7 +31216,7 @@ { Lex->pop_select(); //main select } -#line 31112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 151: /* $@17: %empty */ @@ -31117,7 +31225,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 31121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 152: /* $@18: %empty */ @@ -31128,7 +31236,7 @@ if (Lex->add_create_index((yyvsp[-6].key_type), &(yyvsp[-2].ident_sys), HA_KEY_ALG_UNDEF, (yyvsp[-7].object_ddl_options) | (yyvsp[-3].object_ddl_options))) MYSQL_YYABORT; } -#line 31132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 153: /* create: create_or_replace spatial_or_vector INDEX_SYM $@17 opt_if_not_exists ident ON table_ident $@18 '(' key_part_simple ')' opt_lock_wait_timeout spatial_key_options opt_index_lock_algorithm */ @@ -31137,7 +31245,7 @@ Lex->last_key->columns.push_back((yyvsp[-4].key_part), thd->mem_root); Lex->pop_select(); //main select } -#line 31141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 154: /* $@19: %empty */ @@ -31145,7 +31253,7 @@ { Lex->create_info.init(); } -#line 31149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 155: /* create: create_or_replace DATABASE opt_if_not_exists ident $@19 opt_create_database_options */ @@ -31157,7 +31265,7 @@ MYSQL_YYABORT; lex->name= (yyvsp[-2].ident_sys); } -#line 31161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 156: /* $@20: %empty */ @@ -31170,7 +31278,7 @@ DTYPE_ALGORITHM_UNDEFINED, (yyvsp[-3].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 31174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 157: /* create: create_or_replace definer_opt opt_view_suid VIEW_SYM opt_if_not_exists table_ident $@20 view_list_opt AS view_select */ @@ -31178,7 +31286,7 @@ { Lex->pop_select(); //main select } -#line 31182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 158: /* $@21: %empty */ @@ -31190,7 +31298,7 @@ MYSQL_YYABORT; Lex->inc_select_stack_outer_barrier(); } -#line 31194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 159: /* create: create_or_replace view_algorithm definer_opt opt_view_suid VIEW_SYM opt_if_not_exists table_ident $@21 view_list_opt AS view_select */ @@ -31198,7 +31306,7 @@ { Lex->pop_select(); //main select } -#line 31202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 160: /* $@22: %empty */ @@ -31208,7 +31316,7 @@ MYSQL_YYABORT; Lex->create_info.set((yyvsp[-2].object_ddl_options)); } -#line 31212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 161: /* create: create_or_replace definer_opt TRIGGER_SYM $@22 trigger_tail */ @@ -31216,7 +31324,7 @@ { Lex->pop_select(); //main select } -#line 31220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 162: /* $@23: %empty */ @@ -31226,7 +31334,7 @@ MYSQL_YYABORT; Lex->create_info.set((yyvsp[-2].object_ddl_options)); } -#line 31230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 163: /* create: create_or_replace definer_opt EVENT_SYM $@23 event_tail */ @@ -31234,7 +31342,7 @@ { Lex->pop_select(); //main select } -#line 31238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 164: /* create: create_or_replace USER_SYM opt_if_not_exists clear_privileges grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration */ @@ -31244,7 +31352,7 @@ (yyvsp[-7].object_ddl_options) | (yyvsp[-5].object_ddl_options)))) MYSQL_YYABORT; } -#line 31248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 165: /* create: create_or_replace ROLE_SYM opt_if_not_exists clear_privileges role_list opt_with_admin */ @@ -31254,25 +31362,25 @@ (yyvsp[-5].object_ddl_options) | (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 31258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 166: /* $@24: %empty */ #line 2764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_CREATE_SERVER, (yyvsp[0].object_ddl_options)); } -#line 31264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 167: /* create: create_or_replace $@24 server_def */ #line 2766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 31270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 169: /* opt_sequence: %empty */ #line 2771 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 31276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 173: /* sequence_def: AS int_type field_options */ @@ -31288,7 +31396,7 @@ seq->is_unsigned= (yyvsp[0].ulong_num) & UNSIGNED_FLAG ? true : false; seq->used_fields|= seq_field_used_as; } -#line 31292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 174: /* sequence_def: MINVALUE_SYM opt_equal sequence_truncated_value_hybrid_num */ @@ -31297,13 +31405,13 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_min_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); - seq->min_value_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->min_value_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_min_value; seq->used_fields|= seq_field_specified_min_value; } -#line 31307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 175: /* sequence_def: NO_SYM MINVALUE_SYM */ @@ -31314,7 +31422,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); seq->used_fields|= seq_field_used_min_value; } -#line 31318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 176: /* sequence_def: NOMINVALUE_SYM */ @@ -31325,7 +31433,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); seq->used_fields|= seq_field_used_min_value; } -#line 31329 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 177: /* sequence_def: MAXVALUE_SYM opt_equal sequence_truncated_value_hybrid_num */ @@ -31334,11 +31442,11 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_max_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); - seq->max_value_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->max_value_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_max_value; seq->used_fields|= seq_field_specified_max_value; } -#line 31342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 178: /* sequence_def: NO_SYM MAXVALUE_SYM */ @@ -31349,7 +31457,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); seq->used_fields|= seq_field_used_max_value; } -#line 31353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 179: /* sequence_def: NOMAXVALUE_SYM */ @@ -31360,7 +31468,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); seq->used_fields|= seq_field_used_max_value; } -#line 31364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 180: /* sequence_def: START_SYM opt_with sequence_value_hybrid_num */ @@ -31369,10 +31477,10 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_start)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "START")); - seq->start_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->start_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_start; } -#line 31376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 181: /* sequence_def: INCREMENT_SYM opt_by sequence_value_num */ @@ -31384,7 +31492,7 @@ seq->increment= (yyvsp[0].longlong_number); seq->used_fields|= seq_field_used_increment; } -#line 31388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 182: /* sequence_def: CACHE_SYM opt_equal sequence_value_num */ @@ -31396,7 +31504,7 @@ seq->cache= (yyvsp[0].longlong_number); seq->used_fields|= seq_field_used_cache; } -#line 31400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 183: /* sequence_def: NOCACHE_SYM */ @@ -31408,7 +31516,7 @@ seq->cache= 0; seq->used_fields|= seq_field_used_cache; } -#line 31412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 184: /* sequence_def: CYCLE_SYM */ @@ -31420,7 +31528,7 @@ seq->cycle= 1; seq->used_fields|= seq_field_used_cycle; } -#line 31424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 185: /* sequence_def: NOCYCLE_SYM */ @@ -31432,7 +31540,7 @@ seq->cycle= 0; seq->used_fields|= seq_field_used_cycle; } -#line 31436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 186: /* sequence_def: RESTART_SYM */ @@ -31448,7 +31556,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "RESTART")); seq->used_fields|= seq_field_used_restart; } -#line 31452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 187: /* sequence_def: RESTART_SYM opt_with sequence_value_hybrid_num */ @@ -31462,23 +31570,23 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_restart)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "RESTART")); - seq->restart_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->restart_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_restart | seq_field_used_restart_value; } -#line 31470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 188: /* force_lookahead: %empty */ #line 2918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 189: /* force_lookahead: FORCE_LOOKAHEAD */ #line 2918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 190: /* $@25: %empty */ @@ -31488,13 +31596,13 @@ MYSQL_YYABORT; Lex->server_options.reset((yyvsp[0].lex_str)); } -#line 31492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 191: /* server_def: SERVER_SYM opt_if_not_exists ident_or_text $@25 FOREIGN DATA_SYM WRAPPER_SYM ident_or_text OPTIONS_SYM '(' server_options_list ')' */ #line 2929 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->server_options.scheme= (yyvsp[-4].lex_str); } -#line 31498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 194: /* server_option: USER_SYM TEXT_STRING_sys */ @@ -31511,7 +31619,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 195: /* server_option: HOST_SYM TEXT_STRING_sys */ @@ -31528,7 +31636,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 196: /* server_option: DATABASE TEXT_STRING_sys */ @@ -31545,7 +31653,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 197: /* server_option: OWNER_SYM TEXT_STRING_sys */ @@ -31562,7 +31670,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 198: /* server_option: PASSWORD_SYM TEXT_STRING_sys */ @@ -31579,7 +31687,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 199: /* server_option: SOCKET_SYM TEXT_STRING_sys */ @@ -31596,7 +31704,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 200: /* server_option: PORT_SYM ulong_num */ @@ -31627,7 +31735,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 201: /* server_option: PORT_SYM TEXT_STRING_sys */ @@ -31652,7 +31760,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 202: /* server_option: IDENT_sys TEXT_STRING_sys */ @@ -31667,7 +31775,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 31671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 203: /* $@26: %empty */ @@ -31688,7 +31796,7 @@ lex->sql_command= SQLCOM_CREATE_EVENT; /* We need that for disallowing subqueries */ } -#line 31692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 204: /* event_tail: remember_name opt_if_not_exists sp_name $@26 ON SCHEDULE_SYM ev_schedule_time opt_ev_on_completion opt_ev_status opt_ev_comment DO_SYM ev_sql_stmt */ @@ -31700,7 +31808,7 @@ */ Lex->sql_command= SQLCOM_CREATE_EVENT; } -#line 31704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 205: /* $@27: %empty */ @@ -31709,7 +31817,7 @@ Lex->event_parse_data->item_expression= (yyvsp[-1].item); Lex->event_parse_data->interval= (yyvsp[0].interval); } -#line 31713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 207: /* ev_schedule_time: AT_SYM expr */ @@ -31717,13 +31825,13 @@ { Lex->event_parse_data->item_execute_at= (yyvsp[0].item); } -#line 31721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 208: /* opt_ev_status: %empty */ #line 3125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 31727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 209: /* opt_ev_status: ENABLE_SYM */ @@ -31733,7 +31841,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 31737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 210: /* opt_ev_status: DISABLE_SYM ON SLAVE */ @@ -31743,7 +31851,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 31747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 211: /* opt_ev_status: DISABLE_SYM */ @@ -31753,7 +31861,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 31757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 212: /* ev_starts: %empty */ @@ -31764,7 +31872,7 @@ MYSQL_YYABORT; Lex->event_parse_data->item_starts= item; } -#line 31768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 213: /* ev_starts: STARTS_SYM expr */ @@ -31772,7 +31880,7 @@ { Lex->event_parse_data->item_starts= (yyvsp[0].item); } -#line 31776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 215: /* ev_ends: ENDS_SYM expr */ @@ -31780,13 +31888,13 @@ { Lex->event_parse_data->item_ends= (yyvsp[0].item); } -#line 31784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 216: /* opt_ev_on_completion: %empty */ #line 3169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 31790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 218: /* ev_on_completion: ON COMPLETION_SYM opt_not PRESERVE_SYM */ @@ -31797,13 +31905,13 @@ : Event_parse_data::ON_COMPLETION_PRESERVE; (yyval.num)= 1; } -#line 31801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 219: /* opt_ev_comment: %empty */ #line 3184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 31807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 220: /* opt_ev_comment: COMMENT_SYM TEXT_STRING_sys */ @@ -31812,7 +31920,7 @@ Lex->comment= Lex->event_parse_data->comment= (yyvsp[0].lex_str); (yyval.num)= 1; } -#line 31816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 221: /* $@28: %empty */ @@ -31849,7 +31957,7 @@ lex->sphead->set_body_start(thd, lip->get_cpp_ptr()); } -#line 31853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 222: /* ev_sql_stmt: $@28 sp_proc_stmt force_lookahead */ @@ -31859,7 +31967,7 @@ if (Lex->sp_body_finalize_event(thd)) MYSQL_YYABORT; } -#line 31863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 223: /* clear_privileges: %empty */ @@ -31870,55 +31978,55 @@ lex->first_select_lex()->db= null_clex_str; lex->account_options.reset(); } -#line 31874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 224: /* opt_aggregate: %empty */ #line 3244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_aggregate_type)= NOT_AGGREGATE; } -#line 31880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 225: /* opt_aggregate: AGGREGATE_SYM */ #line 3245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_aggregate_type)= GROUP_AGGREGATE; } -#line 31886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 31994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 226: /* sp_handler: FUNCTION_SYM */ #line 3250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_function; } -#line 31892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 227: /* sp_handler: PROCEDURE_SYM */ #line 3251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_procedure; } -#line 31898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 230: /* sp_handler_package_spec: PACKAGE_ORACLE_SYM */ #line 3257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_spec; } -#line 31904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 231: /* sp_handler_package_spec: PACKAGE_MARIADB_SYM */ #line 3258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_spec; } -#line 31910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 232: /* sp_handler_package_body: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM */ #line 3262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_body; } -#line 31916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 233: /* sp_handler_package_body: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM */ #line 3263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_body; } -#line 31922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 234: /* drop_routine: DROP sp_handler opt_if_exists ident '.' ident */ @@ -31927,7 +32035,7 @@ if (Lex->stmt_drop_routine((yyvsp[-4].sp_handler), (yyvsp[-3].object_ddl_options), (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 31931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 235: /* drop_routine: DROP sp_handler opt_if_exists ident */ @@ -31936,7 +32044,7 @@ if (Lex->stmt_drop_routine((yyvsp[-2].sp_handler), (yyvsp[-1].object_ddl_options), Lex_ident_sys(), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 31940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 236: /* sp_name: ident '.' ident */ @@ -31945,7 +32053,7 @@ if (unlikely(!((yyval.spname)= Lex->make_sp_name(thd, (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 237: /* sp_name: ident */ @@ -31954,97 +32062,97 @@ if (unlikely(!((yyval.spname)= Lex->make_sp_name(thd, (yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31958 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 238: /* sp_a_chistics: %empty */ #line 3294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 239: /* sp_a_chistics: sp_a_chistics sp_chistic */ #line 3295 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 240: /* sp_c_chistics: %empty */ #line 3299 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31976 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 241: /* sp_c_chistics: sp_c_chistics sp_c_chistic */ #line 3300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 242: /* sp_chistic: COMMENT_SYM TEXT_STRING_sys */ #line 3306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.comment= (yyvsp[0].lex_str); } -#line 31988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 243: /* sp_chistic: LANGUAGE_SYM SQL_SYM */ #line 3308 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Just parse it, we only have one language for now. */ } -#line 31994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 244: /* sp_chistic: NO_SYM SQL_SYM */ #line 3310 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_NO_SQL; } -#line 32000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 245: /* sp_chistic: CONTAINS_SYM SQL_SYM */ #line 3312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_CONTAINS_SQL; } -#line 32006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 246: /* sp_chistic: READS_SYM SQL_SYM DATA_SYM */ #line 3314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_READS_SQL_DATA; } -#line 32012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 247: /* sp_chistic: MODIFIES_SYM SQL_SYM DATA_SYM */ #line 3316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_MODIFIES_SQL_DATA; } -#line 32018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 248: /* sp_chistic: sp_suid */ #line 3318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.suid= (yyvsp[0].sp_suid); } -#line 32024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 249: /* sp_c_chistic: sp_chistic */ #line 3323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 32030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 250: /* sp_c_chistic: opt_not DETERMINISTIC_SYM */ #line 3324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.detistic= ! (yyvsp[-1].num); } -#line 32036 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 251: /* sp_suid: SQL_SYM SECURITY_SYM DEFINER_SYM */ #line 3328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_suid)= SP_IS_SUID; } -#line 32042 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 252: /* sp_suid: SQL_SYM SECURITY_SYM INVOKER_SYM */ #line 3329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_suid)= SP_IS_NOT_SUID; } -#line 32048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 253: /* $@29: %empty */ @@ -32053,7 +32161,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 254: /* call: CALL_SYM ident $@29 opt_sp_cparam_list */ @@ -32062,7 +32170,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 32066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 255: /* $@30: %empty */ @@ -32071,7 +32179,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 256: /* call: CALL_SYM ident '.' ident $@30 opt_sp_cparam_list */ @@ -32080,7 +32188,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 32084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 257: /* $@31: %empty */ @@ -32089,7 +32197,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 258: /* call: CALL_SYM ident '.' ident '.' ident $@31 opt_sp_cparam_list */ @@ -32098,7 +32206,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 32102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 260: /* $@32: %empty */ @@ -32107,7 +32215,7 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "CALL"; } -#line 32111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 264: /* sp_cparams: sp_cparams ',' expr */ @@ -32115,7 +32223,7 @@ { Lex->value_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 32119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 265: /* sp_cparams: expr */ @@ -32123,7 +32231,7 @@ { Lex->value_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 32127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 266: /* sp_fdparam_list: %empty */ @@ -32132,7 +32240,7 @@ Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start(); Lex->sphead->m_param_end= Lex->sphead->m_param_begin; } -#line 32136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 267: /* $@33: %empty */ @@ -32140,7 +32248,7 @@ { Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start(); } -#line 32144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 268: /* sp_fdparam_list: $@33 sp_fdparams */ @@ -32148,7 +32256,7 @@ { Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start(); } -#line 32152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 273: /* sp_param_name: ident */ @@ -32157,7 +32265,7 @@ if (unlikely(!((yyval.spvar)= Lex->sp_param_init(&(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 32161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 274: /* sp_param_name_and_mode_init_vars: sp_param_name_and_mode */ @@ -32166,25 +32274,25 @@ Lex->sp_variable_declarations_init(thd, 1); (yyval.spvar)= (yyvsp[0].spvar); } -#line 32170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32278 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 279: /* sp_parameter_type: IN_SYM */ #line 3446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_IN; } -#line 32176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 280: /* sp_parameter_type: OUT_SYM */ #line 3447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_OUT; } -#line 32182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 281: /* sp_parameter_type: INOUT_SYM */ #line 3448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_INOUT; } -#line 32188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 282: /* $@34: %empty */ @@ -32192,7 +32300,7 @@ { Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start() + 1; } -#line 32196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 283: /* sp_parenthesized_pdparam_list: '(' $@34 sp_pdparam_list ')' */ @@ -32200,7 +32308,7 @@ { Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start(); } -#line 32204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 284: /* sp_param_default: sp_param_init_vars sp_opt_default */ @@ -32209,7 +32317,7 @@ if (unlikely(Lex->sp_param_set_default_and_finalize(((yyval.spvar)= (yyvsp[-1].spvar)), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; } -#line 32213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 285: /* sp_param: sp_param_init_vars */ @@ -32218,19 +32326,19 @@ if (unlikely(Lex->sp_param_set_default_and_finalize(((yyval.spvar)= (yyvsp[0].spvar)), nullptr, empty_clex_str))) MYSQL_YYABORT; } -#line 32222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 287: /* sp_proc_stmts: %empty */ #line 3484 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 32228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 289: /* sp_proc_stmts1: sp_proc_stmt ';' */ #line 3489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 32234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 291: /* optionally_qualified_column_ident: sp_decl_ident */ @@ -32240,7 +32348,7 @@ Qualified_column_ident(&(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 32244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 292: /* optionally_qualified_column_ident: sp_decl_ident '.' ident */ @@ -32250,7 +32358,7 @@ Qualified_column_ident(&(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 32254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 293: /* optionally_qualified_column_ident: sp_decl_ident '.' ident '.' ident */ @@ -32260,7 +32368,7 @@ Qualified_column_ident(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 32264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 294: /* row_field_definition: row_field_name field_type */ @@ -32269,7 +32377,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_ROUTINE_LOCAL); } -#line 32273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 295: /* row_field_definition_list: row_field_definition */ @@ -32278,7 +32386,7 @@ if (!((yyval.spvar_definition_list)= Row_definition_list::make(thd->mem_root, (yyvsp[0].spvar_definition)))) MYSQL_YYABORT; } -#line 32282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 296: /* row_field_definition_list: row_field_definition_list ',' row_field_definition */ @@ -32287,13 +32395,13 @@ if (((yyval.spvar_definition_list)= (yyvsp[-2].spvar_definition_list))->append_uniq(thd->mem_root, (yyvsp[0].spvar_definition))) MYSQL_YYABORT; } -#line 32291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 297: /* row_type_body: '(' row_field_definition_list ')' */ #line 3538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_definition_list)= (yyvsp[-1].spvar_definition_list); } -#line 32297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 298: /* sp_decl_idents_init_vars: sp_decl_idents */ @@ -32301,7 +32409,7 @@ { Lex->sp_variable_declarations_init(thd, (yyvsp[0].num)); } -#line 32305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 299: /* $@35: %empty */ @@ -32310,7 +32418,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_ROUTINE_LOCAL); } -#line 32314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 300: /* sp_decl_variable_list: sp_decl_idents_init_vars field_type_all_with_record $@35 sp_opt_default */ @@ -32323,7 +32431,7 @@ MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-3].num)); } -#line 32327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 301: /* sp_decl_variable_list: sp_decl_idents_init_vars ROW_SYM row_type_body sp_opt_default */ @@ -32335,7 +32443,7 @@ MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-3].num)); } -#line 32339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 303: /* $@36: %empty */ @@ -32344,7 +32452,7 @@ if (unlikely(Lex->sp_handler_declaration_init(thd, (yyvsp[-2].num)))) MYSQL_YYABORT; } -#line 32348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 304: /* sp_decl_handler: sp_handler_type HANDLER_SYM FOR_SYM $@36 sp_hcond_list sp_proc_stmt */ @@ -32355,7 +32463,7 @@ (yyval.spblock).vars= (yyval.spblock).conds= (yyval.spblock).curs= 0; (yyval.spblock).hndlrs= 1; } -#line 32359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 307: /* sp_cursor_stmt_lex: %empty */ @@ -32366,7 +32474,7 @@ sp_lex_cursor(thd, thd->lex)))) MYSQL_YYABORT; } -#line 32370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 308: /* $@37: %empty */ @@ -32377,7 +32485,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 32381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 309: /* sp_cursor_stmt: sp_cursor_stmt_lex $@37 remember_name select remember_end */ @@ -32400,43 +32508,43 @@ (yyval.sp_cursor_stmt)= (yyvsp[-4].sp_cursor_stmt); } -#line 32404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 310: /* sp_handler_type: EXIT_MARIADB_SYM */ #line 3682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::EXIT; } -#line 32410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 311: /* sp_handler_type: CONTINUE_MARIADB_SYM */ #line 3683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::CONTINUE; } -#line 32416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 312: /* sp_handler_type: EXIT_ORACLE_SYM */ #line 3684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::EXIT; } -#line 32422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 313: /* sp_handler_type: CONTINUE_ORACLE_SYM */ #line 3685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::CONTINUE; } -#line 32428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 314: /* sp_hcond_list: sp_hcond_element */ #line 3691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 32434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 315: /* sp_hcond_list: sp_hcond_list ',' sp_hcond_element */ #line 3693 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)+= 1; } -#line 32440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 316: /* sp_hcond_element: sp_hcond */ @@ -32452,7 +32560,7 @@ sp_instr_hpush_jump *i= (sp_instr_hpush_jump *)sp->last_instruction(); i->add_condition((yyvsp[0].spcondvalue)); } -#line 32456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 317: /* sp_cond: ulong_num */ @@ -32464,7 +32572,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 319: /* sqlstate: SQLSTATE_SYM opt_value TEXT_STRING_literal */ @@ -32485,19 +32593,19 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 320: /* opt_value: %empty */ #line 3744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 32495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 321: /* opt_value: VALUE_SYM */ #line 3745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 32501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 322: /* sp_hcond: sp_cond */ @@ -32505,7 +32613,7 @@ { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 32509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 323: /* sp_hcond: ident */ @@ -32515,7 +32623,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) my_yyabort_error((ER_SP_COND_MISMATCH, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 32519 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 324: /* sp_hcond: SQLWARNING_SYM */ @@ -32525,7 +32633,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 325: /* sp_hcond: not FOUND_SYM */ @@ -32535,7 +32643,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 326: /* sp_hcond: SQLEXCEPTION_SYM */ @@ -32545,7 +32653,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 327: /* sp_hcond: OTHERS_ORACLE_SYM */ @@ -32555,7 +32663,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 32559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 328: /* raise_stmt_oracle: RAISE_ORACLE_SYM opt_set_signal_information */ @@ -32564,7 +32672,7 @@ if (unlikely(Lex->add_resignal_statement(thd, NULL))) MYSQL_YYABORT; } -#line 32568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 329: /* raise_stmt_oracle: RAISE_ORACLE_SYM signal_value opt_set_signal_information */ @@ -32573,7 +32681,7 @@ if (unlikely(Lex->add_signal_statement(thd, (yyvsp[-1].spcondvalue)))) MYSQL_YYABORT; } -#line 32577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 330: /* signal_stmt: SIGNAL_SYM signal_value opt_set_signal_information */ @@ -32582,7 +32690,7 @@ if (Lex->add_signal_statement(thd, (yyvsp[-1].spcondvalue))) MYSQL_YYABORT; } -#line 32586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 331: /* signal_value: ident */ @@ -32591,25 +32699,25 @@ if (!((yyval.spcondvalue)= Lex->stmt_signal_value((yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 332: /* signal_value: sqlstate */ #line 3814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 32601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 333: /* opt_signal_value: %empty */ #line 3819 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= NULL; } -#line 32607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 334: /* opt_signal_value: signal_value */ #line 3821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 32613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 335: /* opt_set_signal_information: %empty */ @@ -32617,7 +32725,7 @@ { thd->m_parser_state->m_yacc.m_set_signal_info.clear(); } -#line 32621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 337: /* signal_information_item_list: signal_condition_information_item_name '=' signal_allowed_expr */ @@ -32629,7 +32737,7 @@ info->clear(); info->m_item[index]= (yyvsp[0].item); } -#line 32633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 338: /* signal_information_item_list: signal_information_item_list ',' signal_condition_information_item_name '=' signal_allowed_expr */ @@ -32643,13 +32751,13 @@ Diag_condition_item_names[index].str)); info->m_item[index]= (yyvsp[0].item); } -#line 32647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 339: /* signal_allowed_expr: literal */ #line 3859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 32653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 340: /* signal_allowed_expr: variable */ @@ -32671,91 +32779,91 @@ } (yyval.item)= (yyvsp[0].item); } -#line 32675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 341: /* signal_allowed_expr: simple_ident */ #line 3879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 32681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 342: /* signal_condition_information_item_name: CLASS_ORIGIN_SYM */ #line 3885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CLASS_ORIGIN; } -#line 32687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 343: /* signal_condition_information_item_name: SUBCLASS_ORIGIN_SYM */ #line 3887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_SUBCLASS_ORIGIN; } -#line 32693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 344: /* signal_condition_information_item_name: CONSTRAINT_CATALOG_SYM */ #line 3889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_CATALOG; } -#line 32699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 345: /* signal_condition_information_item_name: CONSTRAINT_SCHEMA_SYM */ #line 3891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_SCHEMA; } -#line 32705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 346: /* signal_condition_information_item_name: CONSTRAINT_NAME_SYM */ #line 3893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_NAME; } -#line 32711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 347: /* signal_condition_information_item_name: CATALOG_NAME_SYM */ #line 3895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CATALOG_NAME; } -#line 32717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 348: /* signal_condition_information_item_name: SCHEMA_NAME_SYM */ #line 3897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_SCHEMA_NAME; } -#line 32723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 349: /* signal_condition_information_item_name: TABLE_NAME_SYM */ #line 3899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_TABLE_NAME; } -#line 32729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 350: /* signal_condition_information_item_name: COLUMN_NAME_SYM */ #line 3901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_COLUMN_NAME; } -#line 32735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 351: /* signal_condition_information_item_name: CURSOR_NAME_SYM */ #line 3903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CURSOR_NAME; } -#line 32741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 352: /* signal_condition_information_item_name: MESSAGE_TEXT_SYM */ #line 3905 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_MESSAGE_TEXT; } -#line 32747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 353: /* signal_condition_information_item_name: MYSQL_ERRNO_SYM */ #line 3907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_MYSQL_ERRNO; } -#line 32753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 354: /* signal_condition_information_item_name: ROW_NUMBER_SYM */ #line 3909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_ROW_NUMBER; } -#line 32759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 355: /* resignal_stmt: RESIGNAL_SYM opt_signal_value opt_set_signal_information */ @@ -32764,7 +32872,7 @@ if (unlikely(Lex->add_resignal_statement(thd, (yyvsp[-1].spcondvalue)))) MYSQL_YYABORT; } -#line 32768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 356: /* $@38: %empty */ @@ -32773,7 +32881,7 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "GET DIAGNOSTICS"; } -#line 32777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 357: /* get_diagnostics: GET_SYM which_area DIAGNOSTICS_SYM $@38 diagnostics_information */ @@ -32789,19 +32897,19 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 32793 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 358: /* which_area: %empty */ #line 3942 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_area)= Diagnostics_information::CURRENT_AREA; } -#line 32799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 359: /* which_area: CURRENT_SYM */ #line 3944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_area)= Diagnostics_information::CURRENT_AREA; } -#line 32805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 360: /* diagnostics_information: statement_information */ @@ -32811,7 +32919,7 @@ if (unlikely((yyval.diag_info) == NULL)) MYSQL_YYABORT; } -#line 32815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 361: /* diagnostics_information: CONDITION_SYM condition_number condition_information */ @@ -32821,7 +32929,7 @@ if (unlikely((yyval.diag_info) == NULL)) MYSQL_YYABORT; } -#line 32825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 362: /* statement_information: statement_information_item */ @@ -32832,7 +32940,7 @@ unlikely((yyval.stmt_info_list)->push_back((yyvsp[0].stmt_info_item), thd->mem_root))) MYSQL_YYABORT; } -#line 32836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 363: /* statement_information: statement_information ',' statement_information_item */ @@ -32842,7 +32950,7 @@ MYSQL_YYABORT; (yyval.stmt_info_list)= (yyvsp[-2].stmt_info_list); } -#line 32846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 364: /* statement_information_item: simple_target_specification '=' statement_information_item_name */ @@ -32852,7 +32960,7 @@ if (unlikely((yyval.stmt_info_item) == NULL)) MYSQL_YYABORT; } -#line 32856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 365: /* simple_target_specification: ident_cli */ @@ -32861,7 +32969,7 @@ if (unlikely(!((yyval.item)= thd->lex->create_item_for_sp_var(&(yyvsp[0].ident_cli), NULL)))) MYSQL_YYABORT; } -#line 32865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 366: /* simple_target_specification: '@' ident_or_text */ @@ -32876,31 +32984,31 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 32880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 367: /* statement_information_item_name: NUMBER_MARIADB_SYM */ #line 4008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::NUMBER; } -#line 32886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 32994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 368: /* statement_information_item_name: NUMBER_ORACLE_SYM */ #line 4010 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::NUMBER; } -#line 32892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 369: /* statement_information_item_name: ROW_COUNT_SYM */ #line 4012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::ROW_COUNT; } -#line 32898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 370: /* condition_number: signal_allowed_expr */ #line 4021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 32904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 371: /* condition_information: condition_information_item */ @@ -32911,7 +33019,7 @@ unlikely((yyval.cond_info_list)->push_back((yyvsp[0].cond_info_item), thd->mem_root))) MYSQL_YYABORT; } -#line 32915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 372: /* condition_information: condition_information ',' condition_information_item */ @@ -32921,7 +33029,7 @@ MYSQL_YYABORT; (yyval.cond_info_list)= (yyvsp[-2].cond_info_list); } -#line 32925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 373: /* condition_information_item: simple_target_specification '=' condition_information_item_name */ @@ -32931,91 +33039,91 @@ if (unlikely((yyval.cond_info_item) == NULL)) MYSQL_YYABORT; } -#line 32935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 374: /* condition_information_item_name: CLASS_ORIGIN_SYM */ #line 4051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CLASS_ORIGIN; } -#line 32941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 375: /* condition_information_item_name: SUBCLASS_ORIGIN_SYM */ #line 4053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::SUBCLASS_ORIGIN; } -#line 32947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 376: /* condition_information_item_name: CONSTRAINT_CATALOG_SYM */ #line 4055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_CATALOG; } -#line 32953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 377: /* condition_information_item_name: CONSTRAINT_SCHEMA_SYM */ #line 4057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_SCHEMA; } -#line 32959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 378: /* condition_information_item_name: CONSTRAINT_NAME_SYM */ #line 4059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_NAME; } -#line 32965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 379: /* condition_information_item_name: CATALOG_NAME_SYM */ #line 4061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CATALOG_NAME; } -#line 32971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 380: /* condition_information_item_name: SCHEMA_NAME_SYM */ #line 4063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::SCHEMA_NAME; } -#line 32977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 381: /* condition_information_item_name: TABLE_NAME_SYM */ #line 4065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::TABLE_NAME; } -#line 32983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 382: /* condition_information_item_name: COLUMN_NAME_SYM */ #line 4067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::COLUMN_NAME; } -#line 32989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 383: /* condition_information_item_name: CURSOR_NAME_SYM */ #line 4069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CURSOR_NAME; } -#line 32995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 384: /* condition_information_item_name: MESSAGE_TEXT_SYM */ #line 4071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::MESSAGE_TEXT; } -#line 33001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 385: /* condition_information_item_name: MYSQL_ERRNO_SYM */ #line 4073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::MYSQL_ERRNO; } -#line 33007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 386: /* condition_information_item_name: RETURNED_SQLSTATE_SYM */ #line 4075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::RETURNED_SQLSTATE; } -#line 33013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 387: /* condition_information_item_name: ROW_NUMBER_SYM */ #line 4077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::ROW_NUMBER; } -#line 33019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 389: /* sp_decl_ident: keyword_sp_decl */ @@ -33024,7 +33132,7 @@ if (unlikely((yyval.ident_sys).copy_ident_cli(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 33028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 390: /* sp_decl_idents: sp_decl_ident */ @@ -33040,7 +33148,7 @@ spc->add_variable(thd, &(yyvsp[0].ident_sys)); (yyval.num)= 1; } -#line 33044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 391: /* sp_decl_idents: sp_decl_idents ',' ident */ @@ -33056,7 +33164,7 @@ spc->add_variable(thd, &(yyvsp[0].ident_sys)); (yyval.num)= (yyvsp[-2].num) + 1; } -#line 33060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 392: /* $@39: %empty */ @@ -33066,13 +33174,13 @@ MYSQL_YYABORT; Lex->sphead->new_cont_backpatch(NULL); } -#line 33070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 393: /* sp_proc_stmt_if: IF_SYM $@39 sp_if END IF_SYM */ #line 4124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sphead->do_cont_backpatch(); } -#line 33076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 394: /* $@40: %empty */ @@ -33089,7 +33197,7 @@ */ lex->sphead->m_tmp_query= lip->get_tok_start(); } -#line 33093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 395: /* sp_proc_stmt_statement: $@40 sp_statement */ @@ -33099,7 +33207,7 @@ Lex->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 33103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 398: /* $@41: %empty */ @@ -33110,13 +33218,13 @@ (yyvsp[0].expr_lex)->get_item(), (yyvsp[0].expr_lex)))) MYSQL_YYABORT; } -#line 33114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 399: /* sp_proc_stmt_return: RETURN_ALLMODES_SYM expr_lex $@41 */ #line 4162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 33120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 400: /* sp_proc_stmt_return: RETURN_ORACLE_SYM */ @@ -33128,7 +33236,7 @@ lex->spcont))) MYSQL_YYABORT; } -#line 33132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 401: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM */ @@ -33137,7 +33245,7 @@ if (unlikely(Lex->sp_exit_statement(thd, nullptr, empty_clex_str))) MYSQL_YYABORT; } -#line 33141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 402: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM label_ident */ @@ -33147,7 +33255,7 @@ empty_clex_str))) MYSQL_YYABORT; } -#line 33151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33259 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 403: /* $@42: %empty */ @@ -33157,13 +33265,13 @@ (yyvsp[0].expr_lex)->get_expr_str()))) MYSQL_YYABORT; } -#line 33161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 404: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM WHEN_SYM expr_lex $@42 */ #line 4191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 33167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 405: /* $@43: %empty */ @@ -33173,13 +33281,13 @@ (yyvsp[0].expr_lex)->get_expr_str()))) MYSQL_YYABORT; } -#line 33177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 406: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM label_ident WHEN_SYM expr_lex $@43 */ #line 4198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 33183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 407: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM */ @@ -33188,7 +33296,7 @@ if (unlikely(Lex->sp_continue_statement(thd))) MYSQL_YYABORT; } -#line 33192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 408: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM label_ident */ @@ -33197,7 +33305,7 @@ if (unlikely(Lex->sp_continue_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 33201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 409: /* $@44: %empty */ @@ -33206,13 +33314,13 @@ if (unlikely((yyvsp[0].expr_lex)->sp_continue_when_statement(thd))) MYSQL_YYABORT; } -#line 33210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 410: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM WHEN_SYM expr_lex $@44 */ #line 4217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 33216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 411: /* $@45: %empty */ @@ -33221,13 +33329,13 @@ if (unlikely((yyvsp[0].expr_lex)->sp_continue_when_statement(thd, &(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 33225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 412: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM label_ident WHEN_SYM expr_lex $@45 */ #line 4223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 33231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 413: /* sp_proc_stmt_leave: LEAVE_SYM label_ident */ @@ -33236,7 +33344,7 @@ if (unlikely(Lex->sp_leave_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 33240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 414: /* sp_proc_stmt_iterate: ITERATE_SYM label_ident */ @@ -33245,7 +33353,7 @@ if (unlikely(Lex->sp_iterate_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 33249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 415: /* sp_proc_stmt_goto_oracle: GOTO_ORACLE_SYM label_ident */ @@ -33254,7 +33362,7 @@ if (unlikely(Lex->sp_goto_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 33258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 416: /* @46: %empty */ @@ -33268,7 +33376,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 33272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 417: /* expr_lex: @46 remember_start_opt expr remember_end */ @@ -33292,7 +33400,7 @@ if ((yyval.expr_lex)->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 33296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 418: /* assignment_source_lex: %empty */ @@ -33303,7 +33411,7 @@ sp_assignment_lex(thd, thd->lex)))) MYSQL_YYABORT; } -#line 33307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 419: /* $@47: %empty */ @@ -33314,7 +33422,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 33318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 420: /* assignment_source_expr: assignment_source_lex $@47 remember_cpp_ptr expr remember_end */ @@ -33338,7 +33446,7 @@ if ((yyval.assignment_lex)->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 33342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 421: /* $@48: %empty */ @@ -33349,7 +33457,7 @@ MYSQL_YYABORT; Lex->current_select->parsing_place= FOR_LOOP_BOUND; } -#line 33353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 422: /* for_loop_bound_expr: assignment_source_lex $@48 remember_cpp_ptr expr remember_end */ @@ -33373,7 +33481,7 @@ MYSQL_YYABORT; Lex->current_select->parsing_place= NO_MATTER; } -#line 33377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 423: /* cursor_actual_parameters: assignment_source_expr */ @@ -33383,7 +33491,7 @@ MYSQL_YYABORT; (yyval.sp_assignment_lex_list)->push_back((yyvsp[0].assignment_lex), thd->mem_root); } -#line 33387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 424: /* cursor_actual_parameters: cursor_actual_parameters ',' assignment_source_expr */ @@ -33392,19 +33500,19 @@ (yyval.sp_assignment_lex_list)= (yyvsp[-2].sp_assignment_lex_list); (yyval.sp_assignment_lex_list)->push_back((yyvsp[0].assignment_lex), thd->mem_root); } -#line 33396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 425: /* opt_parenthesized_cursor_actual_parameters: %empty */ #line 4369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_assignment_lex_list)= NULL; } -#line 33402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 426: /* opt_parenthesized_cursor_actual_parameters: '(' cursor_actual_parameters ')' */ #line 4370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_assignment_lex_list)= (yyvsp[-1].sp_assignment_lex_list); } -#line 33408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 430: /* sp_proc_stmt_open: OPEN_SYM ident opt_parenthesized_cursor_actual_parameters */ @@ -33413,7 +33521,7 @@ if (unlikely(Lex->sp_open_cursor(thd, &(yyvsp[-1].ident_sys), (yyvsp[0].sp_assignment_lex_list)))) MYSQL_YYABORT; } -#line 33417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 431: /* sp_proc_stmt_fetch_head: FETCH_SYM ident INTO */ @@ -33422,7 +33530,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 33426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 432: /* sp_proc_stmt_fetch_head: FETCH_SYM FROM ident INTO */ @@ -33431,7 +33539,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 33435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 433: /* sp_proc_stmt_fetch_head: FETCH_SYM NEXT_SYM FROM ident INTO */ @@ -33440,7 +33548,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 33444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 434: /* sp_proc_stmt_fetch: sp_proc_stmt_fetch_head sp_fetch_list */ @@ -33448,7 +33556,7 @@ { (yyvsp[-1].instr_cfetch)->set_fetch_target_list((yyvsp[0].fetch_target_list)); } -#line 33452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 435: /* sp_proc_stmt_fetch: FETCH_SYM GROUP_SYM NEXT_SYM ROW_SYM */ @@ -33457,7 +33565,7 @@ if (unlikely(Lex->sp_add_agg_cfetch())) MYSQL_YYABORT; } -#line 33461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 436: /* sp_proc_stmt_close: CLOSE_SYM ident */ @@ -33476,7 +33584,7 @@ unlikely(sp->add_instr(i))) MYSQL_YYABORT; } -#line 33480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 437: /* sp_fetch_list: ident */ @@ -33487,7 +33595,7 @@ !((yyval.fetch_target_list)= List::make(thd->mem_root, target))) MYSQL_YYABORT; } -#line 33491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 438: /* sp_fetch_list: sp_fetch_list ',' ident */ @@ -33497,7 +33605,7 @@ if (!target || (yyvsp[-2].fetch_target_list)->push_back(target, thd->mem_root)) MYSQL_YYABORT; } -#line 33501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 439: /* $@49: %empty */ @@ -33506,7 +33614,7 @@ if (unlikely((yyvsp[-1].expr_lex)->sp_if_expr(thd))) MYSQL_YYABORT; } -#line 33510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 440: /* $@50: %empty */ @@ -33515,7 +33623,7 @@ if (unlikely((yyvsp[-3].expr_lex)->sp_if_after_statements(thd))) MYSQL_YYABORT; } -#line 33519 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 441: /* sp_if: expr_lex THEN_SYM $@49 sp_if_then_statements $@50 sp_elseifs */ @@ -33525,7 +33633,7 @@ lex->sphead->backpatch(lex->spcont->pop_label()); } -#line 33529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 446: /* $@51: %empty */ @@ -33579,7 +33687,7 @@ */ Lex->spcont->push_label(thd, &empty_clex_str, Lex->sphead->instructions()); } -#line 33583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 447: /* case_stmt_specification: CASE_SYM $@51 case_stmt_body else_clause_opt END CASE_SYM */ @@ -33597,7 +33705,7 @@ Lex->sphead->do_cont_backpatch(); } -#line 33601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 448: /* $@52: %empty */ @@ -33606,19 +33714,19 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_expr())) MYSQL_YYABORT; } -#line 33610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 449: /* case_stmt_body: expr_lex $@52 simple_when_clause_list */ #line 4554 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 33616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 450: /* case_stmt_body: searched_when_clause_list */ #line 4556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 33622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 455: /* $@53: %empty */ @@ -33628,7 +33736,7 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_when(true))) MYSQL_YYABORT; } -#line 33632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 456: /* simple_when_clause: WHEN_SYM expr_lex $@53 THEN_SYM sp_case_then_statements */ @@ -33637,7 +33745,7 @@ if (unlikely(Lex->case_stmt_action_then())) MYSQL_YYABORT; } -#line 33641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 457: /* $@54: %empty */ @@ -33647,7 +33755,7 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_when(false))) MYSQL_YYABORT; } -#line 33651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 458: /* searched_when_clause: WHEN_SYM expr_lex $@54 THEN_SYM sp_case_then_statements */ @@ -33656,7 +33764,7 @@ if (unlikely(Lex->case_stmt_action_then())) MYSQL_YYABORT; } -#line 33660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 459: /* else_clause_opt: %empty */ @@ -33671,31 +33779,31 @@ unlikely(sp->add_instr(i))) MYSQL_YYABORT; } -#line 33675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 461: /* sp_opt_label: %empty */ #line 4615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 33681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 462: /* sp_opt_label: label_ident */ #line 4616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 33687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 463: /* opt_sp_for_loop_direction: %empty */ #line 4621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 33693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 464: /* opt_sp_for_loop_direction: REVERSE_SYM */ #line 4622 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= -1; } -#line 33699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 465: /* sp_for_loop_index_and_bounds: ident_for_loop_index sp_for_loop_bounds */ @@ -33704,7 +33812,7 @@ if (unlikely(Lex->sp_for_loop_declarations(thd, &(yyval.for_loop), &(yyvsp[-1].ident_sys), (yyvsp[0].for_loop_bounds)))) MYSQL_YYABORT; } -#line 33708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 466: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction for_loop_bound_expr DOT_DOT_SYM for_loop_bound_expr */ @@ -33712,7 +33820,7 @@ { (yyval.for_loop_bounds)= Lex_for_loop_bounds_intrange((yyvsp[-3].num), (yyvsp[-2].assignment_lex), (yyvsp[0].assignment_lex)); } -#line 33716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 467: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction for_loop_bound_expr */ @@ -33723,7 +33831,7 @@ (yyval.for_loop_bounds).m_target_bound= NULL; (yyval.for_loop_bounds).m_implicit_cursor= false; } -#line 33727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 468: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction '(' sp_cursor_stmt ')' */ @@ -33733,7 +33841,7 @@ (yyvsp[-1].sp_cursor_stmt)))) MYSQL_YYABORT; } -#line 33737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 469: /* loop_body: sp_proc_stmts1 END LOOP_SYM */ @@ -33748,7 +33856,7 @@ unlikely(lex->sphead->add_instr(i))) MYSQL_YYABORT; } -#line 33752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 470: /* repeat_body: sp_proc_stmts1 UNTIL_SYM expr_lex END REPEAT_SYM */ @@ -33757,7 +33865,7 @@ if ((yyvsp[-2].expr_lex)->sp_repeat_loop_finalize(thd)) MYSQL_YYABORT; } -#line 33761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 471: /* pop_sp_loop_label: sp_opt_label */ @@ -33766,7 +33874,7 @@ if (unlikely(Lex->sp_pop_loop_label(thd, &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 33770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 472: /* $@55: %empty */ @@ -33775,13 +33883,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 33779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 473: /* sp_labeled_control: sp_control_label LOOP_SYM $@55 loop_body pop_sp_loop_label */ #line 4691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 33785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 474: /* $@56: %empty */ @@ -33790,13 +33898,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 33794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 475: /* sp_labeled_control: sp_control_label WHILE_SYM $@56 while_body pop_sp_loop_label */ #line 4698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 33800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 476: /* $@57: %empty */ @@ -33805,7 +33913,7 @@ // See "The FOR LOOP statement" comments in sql_lex.cc Lex->sp_block_init(thd); // The outer DECLARE..BEGIN..END block } -#line 33809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 477: /* $@58: %empty */ @@ -33816,7 +33924,7 @@ if (unlikely(Lex->sp_for_loop_condition_test(thd, (yyvsp[0].for_loop)))) MYSQL_YYABORT; } -#line 33820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 478: /* $@59: %empty */ @@ -33825,7 +33933,7 @@ if (unlikely(Lex->sp_for_loop_finalize(thd, (yyvsp[-2].for_loop)))) MYSQL_YYABORT; } -#line 33829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 479: /* sp_labeled_control: sp_control_label FOR_SYM $@57 sp_for_loop_index_and_bounds $@58 for_loop_statements $@59 pop_sp_loop_label */ @@ -33834,7 +33942,7 @@ if (unlikely(Lex->sp_for_loop_outer_block_finalize(thd, (yyvsp[-4].for_loop)))) MYSQL_YYABORT; } -#line 33838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 480: /* $@60: %empty */ @@ -33843,13 +33951,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 33847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 481: /* sp_labeled_control: sp_control_label REPEAT_SYM $@60 repeat_body pop_sp_loop_label */ #line 4727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 33853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 482: /* $@61: %empty */ @@ -33858,7 +33966,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 33862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 483: /* sp_unlabeled_control: LOOP_SYM $@61 loop_body */ @@ -33866,7 +33974,7 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 33870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 484: /* $@62: %empty */ @@ -33875,7 +33983,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 33879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 485: /* sp_unlabeled_control: WHILE_SYM $@62 while_body */ @@ -33883,7 +33991,7 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 33887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 33995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 486: /* $@63: %empty */ @@ -33894,7 +34002,7 @@ MYSQL_YYABORT; Lex->sp_block_init(thd); // The outer DECLARE..BEGIN..END block } -#line 33898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 487: /* $@64: %empty */ @@ -33905,7 +34013,7 @@ if (unlikely(Lex->sp_for_loop_condition_test(thd, (yyvsp[0].for_loop)))) MYSQL_YYABORT; } -#line 33909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 488: /* sp_unlabeled_control: FOR_SYM $@63 sp_for_loop_index_and_bounds $@64 for_loop_statements */ @@ -33917,7 +34025,7 @@ if (unlikely(Lex->sp_for_loop_outer_block_finalize(thd, (yyvsp[-2].for_loop)))) MYSQL_YYABORT; } -#line 33921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 489: /* $@65: %empty */ @@ -33926,7 +34034,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 33930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 490: /* sp_unlabeled_control: REPEAT_SYM $@65 repeat_body */ @@ -33934,55 +34042,55 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 33938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 491: /* trg_action_time: BEFORE_SYM */ #line 4784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.action_time= TRG_ACTION_BEFORE; } -#line 33944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 492: /* trg_action_time: AFTER_SYM */ #line 4786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.action_time= TRG_ACTION_AFTER; } -#line 33950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 493: /* trg_event: INSERT */ #line 4791 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_INSERT; } -#line 33956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 494: /* trg_event: UPDATE_SYM */ #line 4793 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_UPDATE; } -#line 33962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 495: /* trg_event: DELETE_SYM */ #line 4795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_DELETE; } -#line 33968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 496: /* $@66: %empty */ #line 4800 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.option_list= NULL; } -#line 33974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 497: /* create_body: create_field_list_parens $@66 opt_create_table_options opt_create_partitioning opt_create_select */ #line 4801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 498: /* create_body: opt_create_table_options opt_create_partitioning opt_create_select */ #line 4802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 499: /* create_body: create_like */ @@ -33997,25 +34105,25 @@ /* CREATE TABLE ... LIKE is not allowed for views. */ src_table->required_type= TABLE_TYPE_NORMAL; } -#line 34001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 500: /* create_like: LIKE table_ident */ #line 4817 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= (yyvsp[0].table); } -#line 34007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 501: /* create_like: LEFT_PAREN_LIKE LIKE table_ident ')' */ #line 4818 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= (yyvsp[-1].table); } -#line 34013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 502: /* opt_create_select: %empty */ #line 4822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 503: /* opt_create_select: opt_duplicate opt_as create_select_query_expression opt_versioning_option */ @@ -34025,7 +34133,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 34029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 504: /* create_select_query_expression: query_expression */ @@ -34034,7 +34142,7 @@ if (Lex->parsed_insert_select((yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 34038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 505: /* create_select_query_expression: LEFT_PAREN_WITH with_clause query_expression_no_with_clause ')' */ @@ -34046,7 +34154,7 @@ if (Lex->parsed_insert_select(first_select)) MYSQL_YYABORT; } -#line 34050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 506: /* opt_create_partitioning: opt_partitioning */ @@ -34060,13 +34168,13 @@ last_non_sel_table->next_global= 0; Lex->query_tables_last= &last_non_sel_table->next_global; } -#line 34064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 507: /* opt_partitioning: %empty */ #line 4886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 509: /* $@67: %empty */ @@ -34081,7 +34189,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_INFO; } } -#line 34085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34193 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 511: /* have_partitioning: %empty */ @@ -34097,7 +34205,7 @@ "--with-plugin-partition")); #endif } -#line 34101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 512: /* $@68: %empty */ @@ -34115,7 +34223,7 @@ partition info string into part_info data structure. */ } -#line 34119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 513: /* partition_entry: PARTITION_SYM $@68 partition */ @@ -34123,13 +34231,13 @@ { Lex->pop_select(); //main select } -#line 34127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 514: /* $@69: %empty */ #line 4943 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->safe_to_cache_query= 1; } -#line 34133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 516: /* part_type_def: opt_linear KEY_SYM opt_key_algo '(' part_field_list ')' */ @@ -34140,31 +34248,31 @@ part_info->column_list= FALSE; part_info->part_type= HASH_PARTITION; } -#line 34144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 517: /* $@70: %empty */ #line 4956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= HASH_PARTITION; } -#line 34150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 518: /* part_type_def: opt_linear HASH_SYM $@70 part_func */ #line 4957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 519: /* part_type_def: RANGE_SYM part_func */ #line 4959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= RANGE_PARTITION; } -#line 34162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 520: /* part_type_def: RANGE_SYM part_column_list */ #line 4961 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= RANGE_PARTITION; } -#line 34168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 521: /* $@71: %empty */ @@ -34172,7 +34280,7 @@ { Select->parsing_place= IN_PART_FUNC; } -#line 34176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 522: /* part_type_def: LIST_SYM $@71 part_func */ @@ -34181,13 +34289,13 @@ Lex->part_info->part_type= LIST_PARTITION; Select->parsing_place= NO_MATTER; } -#line 34185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 523: /* part_type_def: LIST_SYM part_column_list */ #line 4972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= LIST_PARTITION; } -#line 34191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 524: /* $@72: %empty */ @@ -34196,25 +34304,25 @@ if (unlikely(Lex->part_info->vers_init_info(thd))) MYSQL_YYABORT; } -#line 34200 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 526: /* opt_linear: %empty */ #line 4982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 527: /* opt_linear: LINEAR_SYM */ #line 4984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->linear_hash_ind= TRUE;} -#line 34212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 528: /* opt_key_algo: %empty */ #line 4989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->key_algorithm= partition_info::KEY_ALGORITHM_NONE;} -#line 34218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 529: /* opt_key_algo: ALGORITHM_SYM '=' real_ulong_num */ @@ -34232,31 +34340,31 @@ MYSQL_YYABORT; } } -#line 34236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 530: /* part_field_list: %empty */ #line 5007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 531: /* part_field_list: part_field_item_list */ #line 5008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 532: /* part_field_item_list: part_field_item */ #line 5012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 533: /* part_field_item_list: part_field_item_list ',' part_field_item */ #line 5013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 534: /* part_field_item: ident */ @@ -34271,7 +34379,7 @@ my_yyabort_error((ER_TOO_MANY_PARTITION_FUNC_FIELDS_ERROR, MYF(0), "list of partition fields")); } -#line 34275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 535: /* part_column_list: COLUMNS '(' part_field_list ')' */ @@ -34281,7 +34389,7 @@ part_info->column_list= TRUE; part_info->list_of_part_fields= TRUE; } -#line 34285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 536: /* part_func: '(' part_func_expr ')' */ @@ -34293,7 +34401,7 @@ part_info->num_columns= 1; part_info->column_list= FALSE; } -#line 34297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 537: /* sub_part_func: '(' part_func_expr ')' */ @@ -34302,13 +34410,13 @@ if (unlikely(Lex->part_info->set_part_expr(thd, (yyvsp[-1].item), TRUE))) MYSQL_YYABORT; } -#line 34306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 538: /* opt_num_parts: %empty */ #line 5061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 539: /* opt_num_parts: PARTITIONS_SYM real_ulong_num */ @@ -34322,25 +34430,25 @@ part_info->num_parts= num_parts; part_info->use_default_num_partitions= FALSE; } -#line 34326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 540: /* opt_sub_part: %empty */ #line 5075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 541: /* $@73: %empty */ #line 5077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->subpart_type= HASH_PARTITION; } -#line 34338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 542: /* opt_sub_part: SUBPARTITION_SYM BY opt_linear HASH_SYM sub_part_func $@73 opt_num_subparts */ #line 5078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 543: /* $@74: %empty */ @@ -34350,25 +34458,25 @@ part_info->subpart_type= HASH_PARTITION; part_info->list_of_subpart_fields= TRUE; } -#line 34354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 544: /* opt_sub_part: SUBPARTITION_SYM BY opt_linear KEY_SYM opt_key_algo '(' sub_part_field_list ')' $@74 opt_num_subparts */ #line 5086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 545: /* sub_part_field_list: sub_part_field_item */ #line 5090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 546: /* sub_part_field_list: sub_part_field_list ',' sub_part_field_item */ #line 5091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 547: /* sub_part_field_item: ident */ @@ -34383,7 +34491,7 @@ my_yyabort_error((ER_TOO_MANY_PARTITION_FUNC_FIELDS_ERROR, MYF(0), "list of subpartition fields")); } -#line 34387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 548: /* part_func_expr: bit_expr */ @@ -34396,13 +34504,13 @@ } (yyval.item)=(yyvsp[0].item); } -#line 34400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 549: /* opt_num_subparts: %empty */ #line 5121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 550: /* opt_num_subparts: SUBPARTITIONS_SYM real_ulong_num */ @@ -34415,7 +34523,7 @@ lex->part_info->num_subparts= num_parts; lex->part_info->use_default_num_subpartitions= FALSE; } -#line 34419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 551: /* part_defs: %empty */ @@ -34429,7 +34537,7 @@ my_yyabort_error((ER_PARTITIONS_MUST_BE_DEFINED_ERROR, MYF(0), "LIST")); } -#line 34433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 552: /* part_defs: '(' part_def_list ')' */ @@ -34452,19 +34560,19 @@ } part_info->count_curr_subparts= 0; } -#line 34456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 553: /* part_def_list: part_definition */ #line 5166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 554: /* part_def_list: part_def_list ',' part_definition */ #line 5167 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 557: /* $@75: %empty */ @@ -34484,13 +34592,13 @@ part_info->use_default_partitions= FALSE; part_info->use_default_num_partitions= FALSE; } -#line 34488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 558: /* part_definition: opt_partition $@75 part_name opt_part_values opt_part_options opt_sub_partition */ #line 5196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 559: /* part_name: ident */ @@ -34502,7 +34610,7 @@ MYSQL_YYABORT; p_elem->partition_name= Lex_ident_partition((yyvsp[0].ident_sys)); } -#line 34506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 560: /* opt_part_values: %empty */ @@ -34522,7 +34630,7 @@ else part_info->part_type= HASH_PARTITION; } -#line 34526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 561: /* $@76: %empty */ @@ -34539,13 +34647,13 @@ else part_info->part_type= RANGE_PARTITION; } -#line 34543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 562: /* opt_part_values: VALUES_LESS_SYM THAN_SYM $@76 part_func_max */ #line 5240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 563: /* $@77: %empty */ @@ -34562,13 +34670,13 @@ else part_info->part_type= LIST_PARTITION; } -#line 34566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 564: /* opt_part_values: VALUES_IN_SYM $@77 part_values_in */ #line 5254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 565: /* opt_part_values: CURRENT_SYM */ @@ -34579,7 +34687,7 @@ MYSQL_YYABORT; #endif } -#line 34583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 566: /* opt_part_values: HISTORY_SYM */ @@ -34590,7 +34698,7 @@ MYSQL_YYABORT; #endif } -#line 34594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 567: /* opt_part_values: DEFAULT */ @@ -34611,7 +34719,7 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 34615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 568: /* part_func_max: MAXVALUE_SYM */ @@ -34633,13 +34741,13 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 34637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 569: /* part_func_max: part_value_item */ #line 5307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 570: /* part_values_in: part_value_item */ @@ -34670,7 +34778,7 @@ MYSQL_YYABORT; } } -#line 34674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 571: /* part_values_in: '(' part_value_list ')' */ @@ -34683,19 +34791,19 @@ MYSQL_YYABORT; } } -#line 34687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 572: /* part_value_list: part_value_item */ #line 5350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 573: /* part_value_list: part_value_list ',' part_value_item */ #line 5351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 574: /* $@78: %empty */ @@ -34709,13 +34817,13 @@ part_info->init_column_part(thd))) MYSQL_YYABORT; } -#line 34713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 575: /* $@79: %empty */ #line 5365 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34719 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 576: /* part_value_item: '(' $@78 part_value_item_list $@79 ')' */ @@ -34740,19 +34848,19 @@ } part_info->curr_list_object= 0; } -#line 34744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 577: /* part_value_item_list: part_value_expr_item */ #line 5390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 578: /* part_value_item_list: part_value_item_list ',' part_value_expr_item */ #line 5391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 579: /* part_value_expr_item: MAXVALUE_SYM */ @@ -34767,7 +34875,7 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 34771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 580: /* part_value_expr_item: bit_expr */ @@ -34785,7 +34893,7 @@ if (unlikely(part_info->add_column_list_value(thd, part_expr))) MYSQL_YYABORT; } -#line 34789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 581: /* opt_sub_partition: %empty */ @@ -34803,7 +34911,7 @@ MYSQL_YYABORT; } } -#line 34807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 582: /* opt_sub_partition: '(' sub_part_list ')' */ @@ -34830,19 +34938,19 @@ } part_info->count_curr_subparts= 0; } -#line 34834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 583: /* sub_part_list: sub_part_definition */ #line 5464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 584: /* sub_part_list: sub_part_list ',' sub_part_definition */ #line 5465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 585: /* $@80: %empty */ @@ -34879,13 +34987,13 @@ part_info->use_default_num_subpartitions= FALSE; part_info->count_curr_subparts++; } -#line 34883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 586: /* sub_part_definition: SUBPARTITION_SYM $@80 sub_name opt_subpart_options */ #line 5502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 34997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 587: /* sub_name: ident_or_text */ @@ -34896,37 +35004,37 @@ Lex->part_info->curr_part_elem->partition_name= Lex_ident_partition((yyvsp[0].lex_str)); } -#line 34900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 588: /* opt_part_options: %empty */ #line 5516 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35014 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 589: /* opt_part_options: part_option_list */ #line 5517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 590: /* part_option_list: part_option_list part_option */ #line 5521 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 591: /* part_option_list: part_option */ #line 5522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 592: /* part_option: server_part_option */ #line 5526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 593: /* part_option: engine_defined_option */ @@ -34935,37 +35043,37 @@ (yyvsp[0].engine_option_value_ptr)->link(&Lex->part_info->curr_part_elem->option_list, &Lex->option_list_last); } -#line 34939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 594: /* opt_subpart_options: %empty */ #line 5535 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 595: /* opt_subpart_options: subpart_option_list */ #line 5536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 596: /* subpart_option_list: subpart_option_list server_part_option */ #line 5540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 597: /* subpart_option_list: server_part_option */ #line 5541 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 598: /* server_part_option: TABLESPACE opt_equal ident_or_text */ #line 5546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Compatibility with MySQL */ } -#line 34969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 599: /* server_part_option: opt_storage ENGINE_SYM opt_equal storage_engines */ @@ -34975,7 +35083,7 @@ part_info->curr_part_elem->engine_type= (yyvsp[0].db_type); part_info->default_engine_type= (yyvsp[0].db_type); } -#line 34979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 600: /* server_part_option: CONNECTION_SYM opt_equal TEXT_STRING_sys */ @@ -34985,55 +35093,55 @@ lex->part_info->curr_part_elem->connect_string.str= (yyvsp[0].lex_str).str; lex->part_info->curr_part_elem->connect_string.length= (yyvsp[0].lex_str).length; } -#line 34989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 601: /* server_part_option: NODEGROUP_SYM opt_equal real_ulong_num */ #line 5560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->nodegroup_id= (uint16) (yyvsp[0].ulong_num); } -#line 34995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 602: /* server_part_option: MAX_ROWS opt_equal real_ulonglong_num */ #line 5562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_max_rows= (ha_rows) (yyvsp[0].ulonglong_number); } -#line 35001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 603: /* server_part_option: MIN_ROWS opt_equal real_ulonglong_num */ #line 5564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_min_rows= (ha_rows) (yyvsp[0].ulonglong_number); } -#line 35007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 604: /* server_part_option: DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ #line 5566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->data_file_name= (yyvsp[0].lex_str).str; } -#line 35013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 605: /* server_part_option: INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ #line 5568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->index_file_name= (yyvsp[0].lex_str).str; } -#line 35019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 606: /* server_part_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ #line 5570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_comment= (yyvsp[0].lex_str).str; } -#line 35025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 607: /* opt_versioning_rotation: %empty */ #line 5574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 608: /* $@81: %empty */ #line 5575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "INTERVAL"; } -#line 35037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 609: /* opt_versioning_rotation: $@81 INTERVAL_SYM expr interval opt_versioning_interval_start opt_vers_auto_part */ @@ -35045,7 +35153,7 @@ table_name))) MYSQL_YYABORT; } -#line 35049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 610: /* opt_versioning_rotation: LIMIT ulonglong_num opt_vers_auto_part */ @@ -35056,7 +35164,7 @@ if (unlikely(part_info->vers_set_limit((yyvsp[-1].ulonglong_number), (yyvsp[0].num), table_name))) MYSQL_YYABORT; } -#line 35060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 611: /* opt_versioning_interval_start: %empty */ @@ -35064,7 +35172,7 @@ { (yyval.item)= NULL; } -#line 35068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 612: /* opt_versioning_interval_start: STARTS_SYM literal */ @@ -35072,7 +35180,7 @@ { (yyval.item)= (yyvsp[0].item); } -#line 35076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 613: /* opt_vers_auto_part: %empty */ @@ -35080,7 +35188,7 @@ { (yyval.num)= 0; } -#line 35084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 614: /* opt_vers_auto_part: AUTO_SYM */ @@ -35088,55 +35196,55 @@ { (yyval.num)= 1; } -#line 35092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35200 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 615: /* opt_as: %empty */ #line 5620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 616: /* opt_as: AS */ #line 5621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 617: /* opt_create_database_options: %empty */ #line 5625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35110 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 618: /* opt_create_database_options: create_database_options */ #line 5626 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 619: /* create_database_options: create_database_option */ #line 5630 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 620: /* create_database_options: create_database_options create_database_option */ #line 5631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 621: /* create_database_option: default_collation */ #line 5635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 622: /* create_database_option: default_charset */ #line 5636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 623: /* create_database_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ @@ -35145,7 +35253,7 @@ Lex->create_info.schema_comment= thd->make_clex_string((yyvsp[0].lex_str)); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 35149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 624: /* opt_if_not_exists_table_element: %empty */ @@ -35153,7 +35261,7 @@ { Lex->check_exists= FALSE; } -#line 35157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35265 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 625: /* opt_if_not_exists_table_element: IF_SYM not EXISTS */ @@ -35161,7 +35269,7 @@ { Lex->check_exists= TRUE; } -#line 35165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 626: /* opt_if_not_exists: %empty */ @@ -35169,7 +35277,7 @@ { (yyval.object_ddl_options).init(); } -#line 35173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 627: /* opt_if_not_exists: IF_SYM not EXISTS */ @@ -35177,7 +35285,7 @@ { (yyval.object_ddl_options).set(DDL_options_st::OPT_IF_NOT_EXISTS); } -#line 35181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 628: /* create_or_replace: CREATE */ @@ -35185,7 +35293,7 @@ { (yyval.object_ddl_options).init(); } -#line 35189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 629: /* create_or_replace: CREATE OR_SYM REPLACE */ @@ -35193,7 +35301,7 @@ { (yyval.object_ddl_options).set(DDL_options_st::OPT_OR_REPLACE); } -#line 35197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 637: /* create_table_option: ENGINE_SYM opt_equal ident_or_text */ @@ -35212,7 +35320,7 @@ *opt= Storage_engine_name((yyvsp[0].lex_str)); lex->create_info.used_fields|= HA_CREATE_USED_ENGINE; } -#line 35216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 638: /* create_table_option: MAX_ROWS opt_equal ulonglong_num */ @@ -35221,7 +35329,7 @@ Lex->create_info.max_rows= (yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_MAX_ROWS; } -#line 35225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 639: /* create_table_option: MIN_ROWS opt_equal ulonglong_num */ @@ -35230,7 +35338,7 @@ Lex->create_info.min_rows= (yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_MIN_ROWS; } -#line 35234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 640: /* create_table_option: AVG_ROW_LENGTH opt_equal ulong_num */ @@ -35239,7 +35347,7 @@ Lex->create_info.avg_row_length=(yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_AVG_ROW_LENGTH; } -#line 35243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 641: /* create_table_option: PASSWORD_SYM opt_equal TEXT_STRING_sys */ @@ -35248,7 +35356,7 @@ Lex->create_info.password=(yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_PASSWORD; } -#line 35252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 642: /* create_table_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ @@ -35257,7 +35365,7 @@ Lex->create_info.comment=(yyvsp[0].lex_str); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 35261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 643: /* create_table_option: AUTO_INC opt_equal ulonglong_num */ @@ -35266,7 +35374,7 @@ Lex->create_info.auto_increment_value=(yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_AUTO; } -#line 35270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 644: /* create_table_option: PACK_KEYS_SYM opt_equal ulong_num */ @@ -35285,7 +35393,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS; } -#line 35289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 645: /* create_table_option: PACK_KEYS_SYM opt_equal DEFAULT */ @@ -35295,7 +35403,7 @@ ~(HA_OPTION_PACK_KEYS | HA_OPTION_NO_PACK_KEYS); Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS; } -#line 35299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 646: /* create_table_option: STATS_AUTO_RECALC_SYM opt_equal ulong_num */ @@ -35314,7 +35422,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_STATS_AUTO_RECALC; } -#line 35318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 647: /* create_table_option: STATS_AUTO_RECALC_SYM opt_equal DEFAULT */ @@ -35323,7 +35431,7 @@ Lex->create_info.stats_auto_recalc= HA_STATS_AUTO_RECALC_DEFAULT; Lex->create_info.used_fields|= HA_CREATE_USED_STATS_AUTO_RECALC; } -#line 35327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 648: /* create_table_option: STATS_PERSISTENT_SYM opt_equal ulong_num */ @@ -35342,7 +35450,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_STATS_PERSISTENT; } -#line 35346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 649: /* create_table_option: STATS_PERSISTENT_SYM opt_equal DEFAULT */ @@ -35352,7 +35460,7 @@ ~(HA_OPTION_STATS_PERSISTENT | HA_OPTION_NO_STATS_PERSISTENT); Lex->create_info.used_fields|= HA_CREATE_USED_STATS_PERSISTENT; } -#line 35356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 650: /* create_table_option: STATS_SAMPLE_PAGES_SYM opt_equal ulong_num */ @@ -35374,7 +35482,7 @@ Lex->create_info.stats_sample_pages=(yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_STATS_SAMPLE_PAGES; } -#line 35378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 651: /* create_table_option: STATS_SAMPLE_PAGES_SYM opt_equal DEFAULT */ @@ -35383,7 +35491,7 @@ Lex->create_info.stats_sample_pages=0; Lex->create_info.used_fields|= HA_CREATE_USED_STATS_SAMPLE_PAGES; } -#line 35387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 652: /* create_table_option: CHECKSUM_SYM opt_equal ulong_num */ @@ -35392,7 +35500,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM; Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM; } -#line 35396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 653: /* create_table_option: TABLE_CHECKSUM_SYM opt_equal ulong_num */ @@ -35401,7 +35509,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM; Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM; } -#line 35405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 654: /* create_table_option: PAGE_CHECKSUM_SYM opt_equal choice */ @@ -35410,7 +35518,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_PAGE_CHECKSUM; Lex->create_info.page_checksum= (yyvsp[0].choice); } -#line 35414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 655: /* create_table_option: DELAY_KEY_WRITE_SYM opt_equal ulong_num */ @@ -35419,7 +35527,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_DELAY_KEY_WRITE : HA_OPTION_NO_DELAY_KEY_WRITE; Lex->create_info.used_fields|= HA_CREATE_USED_DELAY_KEY_WRITE; } -#line 35423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 656: /* create_table_option: ROW_FORMAT_SYM opt_equal row_types */ @@ -35428,7 +35536,7 @@ Lex->create_info.row_type= (yyvsp[0].row_type); Lex->create_info.used_fields|= HA_CREATE_USED_ROW_FORMAT; } -#line 35432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 657: /* $@82: %empty */ @@ -35436,7 +35544,7 @@ { Lex->first_select_lex()->table_list.save_and_clear(&Lex->save_list); } -#line 35440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 658: /* create_table_option: UNION_SYM opt_equal $@82 '(' opt_table_list ')' */ @@ -35462,7 +35570,7 @@ lex->create_info.used_fields|= HA_CREATE_USED_UNION; } -#line 35466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 661: /* create_table_option: INSERT_METHOD opt_equal merge_insert_types */ @@ -35471,7 +35579,7 @@ Lex->create_info.merge_insert_method= (yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_INSERT_METHOD; } -#line 35475 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 662: /* create_table_option: DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ @@ -35480,7 +35588,7 @@ Lex->create_info.data_file_name= (yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_DATADIR; } -#line 35484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 663: /* create_table_option: INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ @@ -35489,25 +35597,25 @@ Lex->create_info.index_file_name= (yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_INDEXDIR; } -#line 35493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 664: /* create_table_option: TABLESPACE ident */ #line 5893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Compatiblity with MySQL */ } -#line 35499 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 665: /* create_table_option: STORAGE_SYM DISK_SYM */ #line 5895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {Lex->create_info.storage_media= HA_SM_DISK;} -#line 35505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 666: /* create_table_option: STORAGE_SYM MEMORY_SYM */ #line 5897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {Lex->create_info.storage_media= HA_SM_MEMORY;} -#line 35511 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 667: /* create_table_option: CONNECTION_SYM opt_equal TEXT_STRING_sys */ @@ -35517,7 +35625,7 @@ Lex->create_info.connect_string.length= (yyvsp[0].lex_str).length; Lex->create_info.used_fields|= HA_CREATE_USED_CONNECTION; } -#line 35521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 668: /* create_table_option: KEY_BLOCK_SIZE opt_equal ulong_num */ @@ -35526,7 +35634,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_KEY_BLOCK_SIZE; Lex->create_info.key_block_size= (yyvsp[0].ulong_num); } -#line 35530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 669: /* create_table_option: TRANSACTIONAL_SYM opt_equal choice */ @@ -35535,7 +35643,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_TRANSACTIONAL; Lex->create_info.transactional= (yyvsp[0].choice); } -#line 35539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 670: /* create_table_option: engine_defined_option */ @@ -35543,7 +35651,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->create_info.option_list, &Lex->option_list_last); } -#line 35547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 671: /* create_table_option: SEQUENCE_SYM opt_equal choice */ @@ -35552,7 +35660,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_SEQUENCE; Lex->create_info.sequence= ((yyvsp[0].choice) == HA_CHOICE_YES); } -#line 35556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 673: /* engine_defined_option: ident_options equal TEXT_STRING_sys */ @@ -35565,7 +35673,7 @@ engine_option_value::Value((yyvsp[0].lex_str)), true); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 35569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 674: /* engine_defined_option: ident_options equal ident */ @@ -35578,7 +35686,7 @@ engine_option_value::Value((yyvsp[0].ident_sys)), false); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 35582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 675: /* engine_defined_option: ident_options equal real_ulonglong_num */ @@ -35589,7 +35697,7 @@ (yyvsp[0].ulonglong_number), thd->mem_root); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 35593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 676: /* engine_defined_option: ident_options equal DEFAULT */ @@ -35599,7 +35707,7 @@ engine_option_value::Name((yyvsp[-2].ident_sys))); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 35603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 678: /* ident_options: keyword_options */ @@ -35608,7 +35716,7 @@ if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 35612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 683: /* versioning_option: WITH_SYSTEM_SYM VERSIONING_SYM */ @@ -35628,7 +35736,7 @@ Lex->create_info.options|= HA_VERSIONED_TABLE; } } -#line 35632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 684: /* default_charset: opt_default charset opt_equal charset_name_or_default */ @@ -35638,7 +35746,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].charset)))) MYSQL_YYABORT; } -#line 35642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 685: /* default_collation: opt_default COLLATE_SYM opt_equal collation_name_or_default */ @@ -35649,7 +35757,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].Lex_extended_collation)))) MYSQL_YYABORT; } -#line 35653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 686: /* storage_engines: ident_or_text */ @@ -35660,7 +35768,7 @@ thd->lex->create_info.tmp_table())) MYSQL_YYABORT; } -#line 35664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 687: /* known_storage_engines: ident_or_text */ @@ -35672,91 +35780,91 @@ else my_yyabort_error((ER_UNKNOWN_STORAGE_ENGINE, MYF(0), (yyvsp[0].lex_str).str)); } -#line 35676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 688: /* row_types: DEFAULT */ #line 6042 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_DEFAULT; } -#line 35682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 689: /* row_types: FIXED_SYM */ #line 6043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_FIXED; } -#line 35688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 690: /* row_types: DYNAMIC_SYM */ #line 6044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_DYNAMIC; } -#line 35694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 691: /* row_types: COMPRESSED_SYM */ #line 6045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_COMPRESSED; } -#line 35700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 692: /* row_types: REDUNDANT_SYM */ #line 6046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_REDUNDANT; } -#line 35706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 693: /* row_types: COMPACT_SYM */ #line 6047 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_COMPACT; } -#line 35712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 694: /* row_types: PAGE_SYM */ #line 6048 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_PAGE; } -#line 35718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 695: /* merge_insert_types: NO_SYM */ #line 6052 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_DISABLED; } -#line 35724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 696: /* merge_insert_types: FIRST_SYM */ #line 6053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_TO_FIRST; } -#line 35730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 697: /* merge_insert_types: LAST_SYM */ #line 6054 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_TO_LAST; } -#line 35736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 698: /* udf_type: STRING_SYM */ #line 6058 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) STRING_RESULT; } -#line 35742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 699: /* udf_type: REAL */ #line 6059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) REAL_RESULT; } -#line 35748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 700: /* udf_type: DECIMAL_SYM */ #line 6060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) DECIMAL_RESULT; } -#line 35754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 701: /* udf_type: INT_SYM */ #line 6061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) INT_RESULT; } -#line 35760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 702: /* create_field_list: field_list */ @@ -35764,7 +35872,7 @@ { Lex->create_last_non_select_table= Lex->last_table(); } -#line 35768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 703: /* create_field_list_parens: LEFT_PAREN_ALT field_list ')' */ @@ -35772,25 +35880,25 @@ { Lex->create_last_non_select_table= Lex->last_table(); } -#line 35776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 706: /* field_list_item: column_def */ #line 6085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 710: /* field_list_item: PERIOD_SYM period_for_application_time */ #line 6089 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 711: /* column_def: field_spec */ #line 6094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.create_field)= (yyvsp[0].create_field); } -#line 35794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 712: /* column_def: field_spec opt_constraint references */ @@ -35801,7 +35909,7 @@ MYSQL_YYABORT; (yyval.create_field)= (yyvsp[-2].create_field); } -#line 35805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 713: /* $@83: %empty */ @@ -35811,13 +35919,13 @@ if (unlikely(Lex->add_key(Key::MULTIPLE, &(yyvsp[-1].lex_str), (yyvsp[0].key_alg), (yyvsp[-2].object_ddl_options)))) MYSQL_YYABORT; } -#line 35815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 714: /* key_def: key_or_index opt_if_not_exists opt_ident opt_USING_key_algorithm $@83 '(' key_list ')' normal_key_options */ #line 6111 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 715: /* $@84: %empty */ @@ -35827,13 +35935,13 @@ if (unlikely(Lex->add_key(Key::MULTIPLE, &(yyvsp[-2].ident_sys), (yyvsp[0].key_alg), (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 35831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 716: /* key_def: key_or_index opt_if_not_exists ident TYPE_SYM btree_or_rtree $@84 '(' key_list ')' normal_key_options */ #line 6118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 717: /* $@85: %empty */ @@ -35843,13 +35951,13 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), &(yyvsp[0].lex_str), HA_KEY_ALG_UNDEF, (yyvsp[-1].object_ddl_options)))) MYSQL_YYABORT; } -#line 35847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 718: /* key_def: fulltext opt_key_or_index opt_if_not_exists opt_ident $@85 '(' key_list ')' fulltext_key_options */ #line 6125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 719: /* $@86: %empty */ @@ -35859,7 +35967,7 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), &(yyvsp[0].lex_str), HA_KEY_ALG_UNDEF, (yyvsp[-1].object_ddl_options)))) MYSQL_YYABORT; } -#line 35863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 720: /* key_def: spatial_or_vector opt_key_or_index opt_if_not_exists opt_ident $@86 '(' key_part_simple ')' spatial_key_options */ @@ -35867,7 +35975,7 @@ { Lex->last_key->columns.push_back((yyvsp[-2].key_part), thd->mem_root); } -#line 35871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 721: /* $@87: %empty */ @@ -35877,13 +35985,13 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), (yyvsp[-1].lex_str).str ? &(yyvsp[-1].lex_str) : &(yyvsp[-4].lex_str), (yyvsp[0].key_alg), (yyvsp[-2].object_ddl_options)))) MYSQL_YYABORT; } -#line 35881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 722: /* key_def: opt_constraint constraint_key_type opt_if_not_exists opt_ident opt_USING_key_algorithm $@87 '(' key_list opt_without_overlaps ')' normal_key_options */ #line 6144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 35995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 723: /* $@88: %empty */ @@ -35893,13 +36001,13 @@ if (unlikely(Lex->add_key((yyvsp[-4].key_type), (yyvsp[-2].ident_sys).str ? &(yyvsp[-2].ident_sys) : &(yyvsp[-5].lex_str), (yyvsp[0].key_alg), (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 35897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 724: /* key_def: opt_constraint constraint_key_type opt_if_not_exists ident TYPE_SYM btree_or_rtree $@88 '(' key_list opt_without_overlaps ')' normal_key_options */ #line 6152 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 35903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 725: /* $@89: %empty */ @@ -35913,7 +36021,7 @@ MYSQL_YYABORT; Lex->option_list= NULL; } -#line 35917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 726: /* key_def: opt_constraint FOREIGN KEY_SYM opt_if_not_exists opt_ident $@89 '(' key_list ')' references */ @@ -35923,7 +36031,7 @@ (yyvsp[-9].lex_str).str ? &(yyvsp[-9].lex_str) : &(yyvsp[-5].lex_str), (yyvsp[0].table), (yyvsp[-6].object_ddl_options)))) MYSQL_YYABORT; } -#line 35927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 727: /* constraint_def: opt_constraint check_constraint */ @@ -35931,7 +36039,7 @@ { Lex->add_constraint((yyvsp[-1].lex_str), (yyvsp[0].virtual_column), FALSE); } -#line 35935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 728: /* period_for_system_time: PERIOD_SYM FOR_SYSTEM_TIME_SYM '(' ident ',' ident ')' */ @@ -35940,7 +36048,7 @@ Vers_parse_info &info= Lex->vers_get_info(); info.set_period(Lex_ident_column((yyvsp[-3].ident_sys)), Lex_ident_column((yyvsp[-1].ident_sys))); } -#line 35944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 729: /* period_for_application_time: FOR_SYM ident '(' ident ',' ident ')' */ @@ -35949,25 +36057,25 @@ if (Lex->add_period(Lex_ident_column((yyvsp[-5].ident_sys)), (yyvsp[-3].ident_sys), (yyvsp[-1].ident_sys))) MYSQL_YYABORT; } -#line 35953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 730: /* opt_check_constraint: %empty */ #line 6196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.virtual_column)= (Virtual_column_info*) 0; } -#line 35959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 731: /* opt_check_constraint: check_constraint */ #line 6197 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.virtual_column)= (yyvsp[0].virtual_column);} -#line 35965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 732: /* $@90: %empty */ #line 6202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "CHECK"; } -#line 35971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 733: /* check_constraint: CHECK_SYM '(' $@90 expr ')' */ @@ -35979,37 +36087,37 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 35983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 734: /* opt_constraint_no_id: %empty */ #line 6214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 735: /* opt_constraint_no_id: CONSTRAINT */ #line 6215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 736: /* opt_constraint: %empty */ #line 6219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 36001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 737: /* opt_constraint: constraint */ #line 6220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 36007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 738: /* constraint: CONSTRAINT opt_ident */ #line 6224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 36013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 739: /* @91: %empty */ @@ -36029,7 +36137,7 @@ (yyval.create_field)= f; lex->parsing_options.lookup_keywords_after_qualifier= true; } -#line 36033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 740: /* field_spec: field_ident @91 field_type_or_serial opt_check_constraint */ @@ -36052,7 +36160,7 @@ else if ((yyval.create_field)->flags & UNIQUE_KEY_FLAG) lex->add_key_to_list(&(yyvsp[-3].lex_str), Key::UNIQUE, lex->check_exists); } -#line 36056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 741: /* $@92: %empty */ @@ -36061,7 +36169,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); } -#line 36065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 742: /* field_type_or_serial: qualified_field_type $@92 field_def */ @@ -36075,7 +36183,7 @@ thd, thd->variables.character_set_collations, tmp); } -#line 36079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 743: /* $@93: %empty */ @@ -36086,49 +36194,49 @@ | UNSIGNED_FLAG | UNIQUE_KEY_FLAG; Lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 36090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 745: /* opt_serial_attribute: %empty */ #line 6292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 746: /* opt_serial_attribute: opt_serial_attribute_list */ #line 6293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 747: /* opt_serial_attribute_list: opt_serial_attribute_list serial_attribute */ #line 6297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 749: /* opt_asrow_attribute: %empty */ #line 6302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 750: /* opt_asrow_attribute: opt_asrow_attribute_list */ #line 6303 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 751: /* opt_asrow_attribute_list: opt_asrow_attribute_list asrow_attribute */ #line 6307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 753: /* field_def: %empty */ #line 6312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 755: /* $@94: %empty */ @@ -36136,7 +36244,7 @@ { Lex->last_field->vcol_info= (yyvsp[0].virtual_column); } -#line 36140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 756: /* field_def: opt_generated_always AS virtual_column_func $@94 vcol_opt_specifier vcol_opt_attribute */ @@ -36144,7 +36252,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 757: /* field_def: opt_generated_always AS ROW_SYM START_SYM opt_asrow_attribute */ @@ -36154,7 +36262,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 758: /* field_def: opt_generated_always AS ROW_SYM END opt_asrow_attribute */ @@ -36164,19 +36272,19 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 759: /* opt_generated_always: %empty */ #line 6337 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 760: /* opt_generated_always: GENERATED_SYM ALWAYS_SYM */ #line 6338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 761: /* vcol_opt_specifier: %empty */ @@ -36184,7 +36292,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_VIRTUAL); } -#line 36188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 762: /* vcol_opt_specifier: VIRTUAL_SYM */ @@ -36192,7 +36300,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_VIRTUAL); } -#line 36196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 763: /* vcol_opt_specifier: PERSISTENT_SYM */ @@ -36200,7 +36308,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_STORED); } -#line 36204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 764: /* vcol_opt_specifier: STORED_SYM */ @@ -36208,25 +36316,25 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_STORED); } -#line 36212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 765: /* vcol_opt_attribute: %empty */ #line 6361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 766: /* vcol_opt_attribute: vcol_opt_attribute_list */ #line 6362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 767: /* vcol_opt_attribute_list: vcol_opt_attribute_list vcol_attribute */ #line 6366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 769: /* vcol_attribute: UNIQUE_SYM */ @@ -36236,7 +36344,7 @@ lex->last_field->flags|= UNIQUE_KEY_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 36240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 770: /* vcol_attribute: UNIQUE_SYM KEY_SYM */ @@ -36246,13 +36354,13 @@ lex->last_field->flags|= UNIQUE_KEY_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 36250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 771: /* vcol_attribute: COMMENT_SYM TEXT_STRING_sys */ #line 6383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->comment= (yyvsp[0].lex_str); } -#line 36256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 772: /* vcol_attribute: INVISIBLE_SYM */ @@ -36260,7 +36368,7 @@ { Lex->last_field->invisible= INVISIBLE_USER; } -#line 36264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 773: /* $@95: %empty */ @@ -36275,7 +36383,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 36279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 774: /* parse_vcol_expr: PARSE_VCOL_EXPR_SYM $@95 expr */ @@ -36287,7 +36395,7 @@ Lex->last_field->vcol_info= v; Lex->pop_select(); //main select } -#line 36291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 776: /* parenthesized_expr: expr ',' expr_list */ @@ -36298,7 +36406,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 36302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 777: /* virtual_column_func: '(' parenthesized_expr ')' */ @@ -36310,7 +36418,7 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 36314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 778: /* virtual_column_func: subquery */ @@ -36324,7 +36432,7 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 36328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 782: /* column_default_expr: expr_or_literal */ @@ -36333,7 +36441,7 @@ if (unlikely(!((yyval.virtual_column)= add_virtual_expression(thd, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 36337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 783: /* field_type: field_type_all */ @@ -36341,7 +36449,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 36345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 784: /* qualified_field_type: field_type_all */ @@ -36349,7 +36457,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 36353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 785: /* qualified_field_type: sp_decl_ident '.' field_type_all */ @@ -36358,25 +36466,25 @@ if (Lex->map_data_type((yyvsp[-2].ident_sys), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 36362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 786: /* udt_name: IDENT_sys */ #line 6474 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 36368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 787: /* udt_name: reserved_keyword_udt */ #line 6475 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].kwd); } -#line 36374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 788: /* udt_name: non_reserved_keyword_udt */ #line 6476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].kwd); } -#line 36380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 795: /* field_type_all: udt_name float_options srid_option */ @@ -36385,7 +36493,7 @@ if (Lex->set_field_type_udt(&(yyval.Lex_field_type), (yyvsp[-2].lex_str), (yyvsp[-1].Lex_length_and_dec))) MYSQL_YYABORT; } -#line 36389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 796: /* field_type_all_with_record: field_type_all_builtin */ @@ -36393,7 +36501,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 36397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 797: /* field_type_all_with_record: udt_name float_options srid_option */ @@ -36414,7 +36522,7 @@ Lex->last_field->set_attr_const_void_ptr(0, sprec); } } -#line 36418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 798: /* field_type_numeric: int_type opt_field_length last_field_options */ @@ -36422,13 +36530,13 @@ { (yyval.Lex_field_type).set_handler_length_flags((yyvsp[-2].type_handler), (yyvsp[-1].Lex_length_and_dec), (uint32) (yyvsp[0].ulong_num)); } -#line 36426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 799: /* field_type_numeric: real_type opt_precision last_field_options */ #line 6525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set((yyvsp[-2].type_handler), (yyvsp[-1].Lex_length_and_dec)); } -#line 36432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 800: /* field_type_numeric: FLOAT_SYM float_options last_field_options */ @@ -36446,7 +36554,7 @@ (yyval.Lex_field_type).set(&type_handler_float); } } -#line 36450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 801: /* field_type_numeric: BIT_SYM opt_field_length */ @@ -36454,7 +36562,7 @@ { (yyval.Lex_field_type).set(&type_handler_bit, (yyvsp[0].Lex_length_and_dec)); } -#line 36458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 802: /* field_type_numeric: BOOL_SYM */ @@ -36462,7 +36570,7 @@ { (yyval.Lex_field_type).set_handler_length(&type_handler_stiny, 1); } -#line 36466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 803: /* field_type_numeric: BOOLEAN_SYM */ @@ -36470,13 +36578,13 @@ { (yyval.Lex_field_type).set_handler_length(&type_handler_stiny, 1); } -#line 36474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 804: /* field_type_numeric: DECIMAL_SYM float_options last_field_options */ #line 6553 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 36480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 805: /* field_type_numeric: NUMBER_ORACLE_SYM float_options last_field_options */ @@ -36487,37 +36595,37 @@ else (yyval.Lex_field_type).set(&type_handler_double); } -#line 36491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 806: /* field_type_numeric: NUMERIC_SYM float_options last_field_options */ #line 6562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 36497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 807: /* field_type_numeric: FIXED_SYM float_options last_field_options */ #line 6564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 36503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 808: /* opt_binary_and_compression: %empty */ #line 6569 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 809: /* opt_binary_and_compression: binary */ #line 6570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs)= (yyvsp[0].Lex_exact_charset_extended_collation_attrs); } -#line 36515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 810: /* opt_binary_and_compression: compressed opt_binary */ #line 6571 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs)= (yyvsp[0].Lex_exact_charset_extended_collation_attrs); } -#line 36521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 811: /* field_type_string: char opt_field_length opt_binary */ @@ -36525,7 +36633,7 @@ { (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 812: /* field_type_string: nchar opt_field_length opt_bin_mod */ @@ -36534,7 +36642,7 @@ (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[-1].Lex_length_and_dec), Lex_exact_charset_extended_collation_attrs::national((yyvsp[0].num))); } -#line 36538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 813: /* field_type_string: BINARY opt_field_length */ @@ -36542,7 +36650,7 @@ { (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[0].Lex_length_and_dec), &my_charset_bin); } -#line 36546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 814: /* field_type_string: varchar opt_field_length opt_binary_and_compression */ @@ -36550,7 +36658,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 815: /* field_type_string: VARCHAR2_ORACLE_SYM opt_field_length opt_binary_and_compression */ @@ -36558,7 +36666,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 816: /* field_type_string: nvarchar opt_field_length opt_compressed opt_bin_mod */ @@ -36567,7 +36675,7 @@ (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-2].Lex_length_and_dec), Lex_exact_charset_extended_collation_attrs::national((yyvsp[0].num))); } -#line 36571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 817: /* field_type_string: VARBINARY opt_field_length opt_compressed */ @@ -36575,7 +36683,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 36579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 818: /* field_type_string: RAW_ORACLE_SYM opt_field_length opt_compressed */ @@ -36583,7 +36691,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 36587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 819: /* field_type_temporal: YEAR_SYM opt_field_length last_field_options */ @@ -36600,13 +36708,13 @@ } (yyval.Lex_field_type).set(&type_handler_year, (yyvsp[-1].Lex_length_and_dec)); } -#line 36604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 820: /* field_type_temporal: DATE_SYM */ #line 6625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdate); } -#line 36610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 821: /* field_type_temporal: TIME_SYM opt_field_length */ @@ -36617,7 +36725,7 @@ static_cast(&type_handler_time), (yyvsp[0].Lex_length_and_dec)); } -#line 36621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 822: /* field_type_temporal: TIMESTAMP opt_field_length */ @@ -36628,7 +36736,7 @@ static_cast(&type_handler_timestamp), (yyvsp[0].Lex_length_and_dec)); } -#line 36632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 823: /* field_type_temporal: DATETIME opt_field_length */ @@ -36636,7 +36744,7 @@ { (yyval.Lex_field_type).set(thd->type_handler_for_datetime(), (yyvsp[0].Lex_length_and_dec)); } -#line 36640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 824: /* field_type_lob: TINYBLOB opt_compressed */ @@ -36644,7 +36752,7 @@ { (yyval.Lex_field_type).set(&type_handler_tiny_blob, &my_charset_bin); } -#line 36648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 825: /* field_type_lob: BLOB_MARIADB_SYM opt_field_length opt_compressed */ @@ -36652,7 +36760,7 @@ { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 36656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 826: /* field_type_lob: BLOB_ORACLE_SYM field_length opt_compressed */ @@ -36660,7 +36768,7 @@ { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 36664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 827: /* field_type_lob: BLOB_ORACLE_SYM opt_compressed */ @@ -36668,7 +36776,7 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob, &my_charset_bin); } -#line 36672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 828: /* field_type_lob: MEDIUMBLOB opt_compressed */ @@ -36676,7 +36784,7 @@ { (yyval.Lex_field_type).set(&type_handler_medium_blob, &my_charset_bin); } -#line 36680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 829: /* field_type_lob: LONGBLOB opt_compressed */ @@ -36684,7 +36792,7 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob, &my_charset_bin); } -#line 36688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 830: /* field_type_lob: LONG_SYM VARBINARY opt_compressed */ @@ -36692,49 +36800,49 @@ { (yyval.Lex_field_type).set(&type_handler_medium_blob, &my_charset_bin); } -#line 36696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 831: /* field_type_lob: LONG_SYM varchar opt_binary_and_compression */ #line 6677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 832: /* field_type_lob: TINYTEXT opt_binary_and_compression */ #line 6679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_tiny_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 833: /* field_type_lob: TEXT_SYM opt_field_length opt_binary_and_compression */ #line 6681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 834: /* field_type_lob: MEDIUMTEXT opt_binary_and_compression */ #line 6683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 835: /* field_type_lob: LONGTEXT opt_binary_and_compression */ #line 6685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_long_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 836: /* field_type_lob: CLOB_ORACLE_SYM opt_binary_and_compression */ #line 6687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_long_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 837: /* field_type_lob: LONG_SYM opt_binary_and_compression */ #line 6689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 838: /* field_type_lob: JSON_SYM opt_compressed */ @@ -36742,109 +36850,109 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob_json, &MY_CHARSET_UTF8MB4_BIN); } -#line 36746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 839: /* field_type_misc: ENUM '(' string_list ')' opt_binary */ #line 6698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_enum, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 840: /* field_type_misc: SET '(' string_list ')' opt_binary */ #line 6700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_set, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 36758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 841: /* char: CHAR_SYM */ #line 6704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 842: /* nchar: NCHAR_SYM */ #line 6708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 843: /* nchar: NATIONAL_SYM CHAR_SYM */ #line 6709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 844: /* varchar: char VARYING */ #line 6713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 845: /* varchar: VARCHAR */ #line 6714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 846: /* nvarchar: NATIONAL_SYM VARCHAR */ #line 6718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 847: /* nvarchar: NVARCHAR_SYM */ #line 6719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 848: /* nvarchar: NCHAR_SYM VARCHAR */ #line 6720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 849: /* nvarchar: NATIONAL_SYM CHAR_SYM VARYING */ #line 6721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 850: /* nvarchar: NCHAR_SYM VARYING */ #line 6722 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 851: /* int_type: INT_SYM */ #line 6726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_slong; } -#line 36824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 852: /* int_type: TINYINT */ #line 6727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_stiny; } -#line 36830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 853: /* int_type: SMALLINT */ #line 6728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_sshort; } -#line 36836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 854: /* int_type: MEDIUMINT */ #line 6729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_sint24; } -#line 36842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 855: /* int_type: BIGINT */ #line 6730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_slonglong; } -#line 36848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 856: /* real_type: REAL */ @@ -36854,25 +36962,25 @@ static_cast(&type_handler_float) : static_cast(&type_handler_double); } -#line 36858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 857: /* real_type: DOUBLE_SYM */ #line 6740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_double; } -#line 36864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 858: /* real_type: DOUBLE_SYM PRECISION */ #line 6741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_double; } -#line 36870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 859: /* srid_option: %empty */ #line 6746 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attr_uint32(0, 0); } -#line 36876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 860: /* srid_option: REF_SYSTEM_ID_SYM '=' NUM */ @@ -36880,121 +36988,121 @@ { Lex->last_field->set_attr_uint32(0, (uint32) atoi((yyvsp[0].lex_str).str)); } -#line 36884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 861: /* float_options: %empty */ #line 6755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 36890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 36998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 864: /* precision: '(' NUM ',' NUM ')' */ #line 6761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set((yyvsp[-3].lex_str).str, (yyvsp[-1].lex_str).str); } -#line 36896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 865: /* field_options: %empty */ #line 6765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 36902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 866: /* field_options: SIGNED_SYM */ #line 6766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 36908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 867: /* field_options: UNSIGNED */ #line 6767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG; } -#line 36914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 868: /* field_options: ZEROFILL */ #line 6768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 36920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 869: /* field_options: UNSIGNED ZEROFILL */ #line 6769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 36926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 870: /* field_options: ZEROFILL UNSIGNED */ #line 6770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 36932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 871: /* last_field_options: field_options */ #line 6774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->flags|= ((yyval.ulong_num)= (yyvsp[0].ulong_num)); } -#line 36938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 872: /* field_length_str: '(' LONG_NUM ')' */ #line 6778 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 36944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 873: /* field_length_str: '(' ULONGLONG_NUM ')' */ #line 6779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 36950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 874: /* field_length_str: '(' DECIMAL_NUM ')' */ #line 6780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 36956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 875: /* field_length_str: '(' NUM ')' */ #line 6781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 36962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 876: /* field_length: field_length_str */ #line 6784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set((yyvsp[0].const_simple_string), NULL); } -#line 36968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 877: /* field_scale: field_length_str */ #line 6788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set(NULL, (yyvsp[0].const_simple_string)); } -#line 36974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 878: /* opt_field_length: %empty */ #line 6793 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); /* use default length */ } -#line 36980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 880: /* opt_field_scale: %empty */ #line 6798 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 36986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 882: /* opt_precision: %empty */ #line 6803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 36992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 883: /* opt_precision: precision */ #line 6804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec)= (yyvsp[0].Lex_length_and_dec); } -#line 36998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 884: /* attribute_list: attribute_list attribute */ @@ -37004,7 +37112,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs))) MYSQL_YYABORT; } -#line 37008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 886: /* attribute: NULL_SYM */ @@ -37014,7 +37122,7 @@ Lex->last_field->explicitly_nullable= true; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 887: /* attribute: DEFAULT column_default_expr */ @@ -37023,7 +37131,7 @@ Lex->last_field->default_value= (yyvsp[0].virtual_column); (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 888: /* attribute: ON UPDATE_SYM NOW_SYM opt_default_time_precision */ @@ -37035,13 +37143,13 @@ Lex->last_field->on_update= item; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 889: /* attribute: AUTO_INC */ #line 6838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->flags|= AUTO_INCREMENT_FLAG | NOT_NULL_FLAG; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 890: /* attribute: SERIAL_SYM DEFAULT VALUE_SYM */ @@ -37052,7 +37160,7 @@ lex->alter_info.flags|= ALTER_ADD_INDEX; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 891: /* attribute: COLLATE_SYM collation_name */ @@ -37060,49 +37168,49 @@ { (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 37064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 892: /* attribute: serial_attribute */ #line 6850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 893: /* opt_compression_method: %empty */ #line 6854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= NULL; } -#line 37076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 894: /* opt_compression_method: equal ident */ #line 6855 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[0].ident_sys).str; } -#line 37082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 895: /* opt_compressed: %empty */ #line 6859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 896: /* opt_compressed: compressed */ #line 6860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 37094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 897: /* opt_enable: %empty */ #line 6864 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 898: /* opt_enable: ENABLE_SYM */ #line 6865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 37106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 899: /* compressed: COMPRESSED_SYM opt_compression_method */ @@ -37111,7 +37219,7 @@ if (unlikely(Lex->last_field->set_compressed((yyvsp[0].const_simple_string)))) MYSQL_YYABORT; } -#line 37115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 900: /* asrow_attribute: not NULL_SYM opt_enable */ @@ -37119,7 +37227,7 @@ { Lex->last_field->flags|= NOT_NULL_FLAG; } -#line 37123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 901: /* asrow_attribute: opt_primary KEY_SYM */ @@ -37129,7 +37237,7 @@ lex->last_field->flags|= PRI_KEY_FLAG | NOT_NULL_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 37133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 904: /* serial_attribute: engine_defined_option */ @@ -37137,7 +37245,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->last_field->option_list, &Lex->option_list_last); } -#line 37141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 905: /* serial_attribute: with_or_without_system VERSIONING_SYM */ @@ -37151,7 +37259,7 @@ Lex->create_last_non_select_table->table_name.str)); } } -#line 37155 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 906: /* with_or_without_system: WITH_SYSTEM_SYM */ @@ -37161,7 +37269,7 @@ Lex->create_info.vers_info.versioned_fields= true; (yyval.vers_column_versioning)= Column_definition::WITH_VERSIONING; } -#line 37165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 907: /* with_or_without_system: WITHOUT SYSTEM */ @@ -37171,19 +37279,19 @@ Lex->create_info.vers_info.unversioned_fields= true; (yyval.vers_column_versioning)= Column_definition::WITHOUT_VERSIONING; } -#line 37175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 908: /* charset: CHAR_SYM SET */ #line 6925 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.kwd)= (yyvsp[-1].kwd); } -#line 37181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 909: /* charset: CHARSET */ #line 6926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.kwd)= (yyvsp[0].kwd); } -#line 37187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 910: /* charset_name: ident_or_text */ @@ -37194,37 +37302,37 @@ MYF(utf8_flag))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), (yyvsp[0].lex_str).str)); } -#line 37198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 911: /* charset_name: BINARY */ #line 6937 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_bin; } -#line 37204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 912: /* charset_name_or_default: charset_name */ #line 6941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=(yyvsp[0].charset); } -#line 37210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 913: /* charset_name_or_default: DEFAULT */ #line 6942 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=NULL; } -#line 37216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 914: /* opt_load_data_charset: %empty */ #line 6946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= NULL; } -#line 37222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 915: /* opt_load_data_charset: charset charset_name_or_default */ #line 6947 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= (yyvsp[0].charset); } -#line 37228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 916: /* old_or_new_charset_name: ident_or_text */ @@ -37237,25 +37345,25 @@ !((yyval.charset)=get_old_charset_by_name((yyvsp[0].lex_str))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), (yyvsp[0].lex_str).str)); } -#line 37241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 917: /* old_or_new_charset_name: BINARY */ #line 6960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_bin; } -#line 37247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 918: /* old_or_new_charset_name_or_default: old_or_new_charset_name */ #line 6964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=(yyvsp[0].charset); } -#line 37253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 919: /* old_or_new_charset_name_or_default: DEFAULT */ #line 6965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=NULL; } -#line 37259 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 920: /* collation_name: ident_or_text */ @@ -37264,19 +37372,19 @@ if ((yyval.Lex_extended_collation).set_by_name((yyvsp[0].lex_str).str, thd->get_utf8_flag())) MYSQL_YYABORT; } -#line 37268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 921: /* collation_name_or_default: collation_name */ #line 6977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_extended_collation)=(yyvsp[0].Lex_extended_collation); } -#line 37274 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 922: /* collation_name_or_default: DEFAULT */ #line 6978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_extended_collation).set_collate_default(); } -#line 37280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 923: /* collation_name_or_default: BINARY */ @@ -37285,31 +37393,31 @@ const Lex_exact_collation bin(&my_charset_bin); (yyval.Lex_extended_collation)= Lex_extended_collation(bin); } -#line 37289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 924: /* opt_default: %empty */ #line 6987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 925: /* opt_default: DEFAULT */ #line 6988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 926: /* charset_or_alias: charset charset_name */ #line 6992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= (yyvsp[0].charset); } -#line 37307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 927: /* charset_or_alias: ASCII_SYM */ #line 6993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_latin1; } -#line 37313 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 928: /* charset_or_alias: UNICODE_SYM */ @@ -37318,13 +37426,13 @@ if (unlikely(!((yyval.charset)= get_charset_by_csname("ucs2", MY_CS_PRIMARY,MYF(0))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), "ucs2")); } -#line 37322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 929: /* opt_binary: %empty */ #line 7002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 37328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 931: /* binary: BYTE_SYM */ @@ -37332,7 +37440,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_charset(Lex_exact_charset(&my_charset_bin)); } -#line 37336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 932: /* binary: charset_or_alias */ @@ -37340,7 +37448,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_charset(Lex_exact_charset((yyvsp[0].charset))); } -#line 37344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 933: /* binary: charset_or_alias BINARY */ @@ -37349,13 +37457,13 @@ if ((yyval.Lex_exact_charset_extended_collation_attrs).set_charset_collate_binary(Lex_exact_charset((yyvsp[-1].charset)))) MYSQL_YYABORT; } -#line 37353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 934: /* binary: BINARY */ #line 7020 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).set_contextually_typed_binary_style(); } -#line 37359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 935: /* binary: BINARY charset_or_alias */ @@ -37364,7 +37472,7 @@ if ((yyval.Lex_exact_charset_extended_collation_attrs).set_charset_collate_binary(Lex_exact_charset((yyvsp[0].charset)))) MYSQL_YYABORT; } -#line 37368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 936: /* binary: charset_or_alias COLLATE_SYM DEFAULT */ @@ -37375,7 +37483,7 @@ thd->variables.character_set_collations, Lex_exact_charset((yyvsp[-2].charset))); } -#line 37379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 937: /* binary: charset_or_alias COLLATE_SYM collation_name */ @@ -37388,7 +37496,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 37392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 938: /* binary: COLLATE_SYM collation_name */ @@ -37396,7 +37504,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 37400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 939: /* binary: COLLATE_SYM DEFAULT */ @@ -37404,7 +37512,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_collate_default(); } -#line 37408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 940: /* binary: charset_or_alias COLLATE_SYM BINARY */ @@ -37418,7 +37526,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs(tmp); } -#line 37422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 941: /* binary: COLLATE_SYM BINARY */ @@ -37428,19 +37536,19 @@ const Lex_extended_collation tmp(bin); (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs(tmp); } -#line 37432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 942: /* opt_bin_mod: %empty */ #line 7069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 37438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 943: /* opt_bin_mod: BINARY */ #line 7070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 37444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 944: /* $@96: %empty */ @@ -37452,55 +37560,55 @@ MYSQL_YYABORT; } } -#line 37456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 945: /* ws_nweights: '(' real_ulong_num $@96 ')' */ #line 7083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[-2].ulong_num); } -#line 37462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 946: /* ws_level_flag_desc: ASC */ #line 7087 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 37468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 947: /* ws_level_flag_desc: DESC */ #line 7088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1 << MY_STRXFRM_DESC_SHIFT; } -#line 37474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 948: /* ws_level_flag_reverse: REVERSE_SYM */ #line 7092 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1 << MY_STRXFRM_REVERSE_SHIFT; } -#line 37480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 949: /* ws_level_flags: %empty */ #line 7095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 37486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 950: /* ws_level_flags: ws_level_flag_desc */ #line 7096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 37492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 951: /* ws_level_flags: ws_level_flag_desc ws_level_flag_reverse */ #line 7097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[-1].ulong_num) | (yyvsp[0].ulong_num); } -#line 37498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 952: /* ws_level_flags: ws_level_flag_reverse */ #line 7098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num) ; } -#line 37504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 953: /* ws_level_number: real_ulong_num */ @@ -37509,7 +37617,7 @@ (yyval.ulong_num)= (yyvsp[0].ulong_num) < 1 ? 1 : ((yyvsp[0].ulong_num) > MY_STRXFRM_NLEVELS ? MY_STRXFRM_NLEVELS : (yyvsp[0].ulong_num)); (yyval.ulong_num)--; } -#line 37513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 954: /* ws_level_list_item: ws_level_number ws_level_flags */ @@ -37517,19 +37625,19 @@ { (yyval.ulong_num)= (1 | (yyvsp[0].ulong_num)) << (yyvsp[-1].ulong_num); } -#line 37521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 955: /* ws_level_list: ws_level_list_item */ #line 7117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 37527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 956: /* ws_level_list: ws_level_list ',' ws_level_list_item */ #line 7118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)|= (yyvsp[0].ulong_num); } -#line 37533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 957: /* ws_level_range: ws_level_number '-' ws_level_number */ @@ -37540,31 +37648,31 @@ for ((yyval.ulong_num)= 0; start <= end; start++) (yyval.ulong_num)|= (1 << start); } -#line 37544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 958: /* ws_level_list_or_range: ws_level_list */ #line 7132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 37550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 959: /* ws_level_list_or_range: ws_level_range */ #line 7133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 37556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 960: /* opt_ws_levels: %empty */ #line 7137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 37562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 961: /* opt_ws_levels: LEVEL_SYM ws_level_list_or_range */ #line 7138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 37568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 964: /* references: REFERENCES table_ident opt_ref_list opt_match_clause opt_on_update_delete */ @@ -37572,13 +37680,13 @@ { (yyval.table)=(yyvsp[-3].table); } -#line 37576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 965: /* opt_ref_list: %empty */ #line 7159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ref_list.empty(); } -#line 37582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 967: /* ref_list: ref_list ',' ident */ @@ -37589,7 +37697,7 @@ MYSQL_YYABORT; Lex->ref_list.push_back(key, thd->mem_root); } -#line 37593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 968: /* ref_list: ident */ @@ -37602,31 +37710,31 @@ lex->ref_list.empty(); lex->ref_list.push_back(key, thd->mem_root); } -#line 37606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 969: /* opt_match_clause: %empty */ #line 7184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_UNDEF; } -#line 37612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 970: /* opt_match_clause: MATCH FULL */ #line 7186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_FULL; } -#line 37618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 971: /* opt_match_clause: MATCH PARTIAL */ #line 7188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_PARTIAL; } -#line 37624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 972: /* opt_match_clause: MATCH SIMPLE_SYM */ #line 7190 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_SIMPLE; } -#line 37630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 973: /* opt_on_update_delete: %empty */ @@ -37636,7 +37744,7 @@ lex->fk_update_opt= FK_OPTION_UNDEF; lex->fk_delete_opt= FK_OPTION_UNDEF; } -#line 37640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 974: /* opt_on_update_delete: ON UPDATE_SYM delete_option */ @@ -37646,7 +37754,7 @@ lex->fk_update_opt= (yyvsp[0].m_fk_option); lex->fk_delete_opt= FK_OPTION_UNDEF; } -#line 37650 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 975: /* opt_on_update_delete: ON DELETE_SYM delete_option */ @@ -37656,7 +37764,7 @@ lex->fk_update_opt= FK_OPTION_UNDEF; lex->fk_delete_opt= (yyvsp[0].m_fk_option); } -#line 37660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 976: /* opt_on_update_delete: ON UPDATE_SYM delete_option ON DELETE_SYM delete_option */ @@ -37666,7 +37774,7 @@ lex->fk_update_opt= (yyvsp[-3].m_fk_option); lex->fk_delete_opt= (yyvsp[0].m_fk_option); } -#line 37670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 977: /* opt_on_update_delete: ON DELETE_SYM delete_option ON UPDATE_SYM delete_option */ @@ -37676,91 +37784,91 @@ lex->fk_update_opt= (yyvsp[0].m_fk_option); lex->fk_delete_opt= (yyvsp[-3].m_fk_option); } -#line 37680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 978: /* delete_option: RESTRICT */ #line 7229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_RESTRICT; } -#line 37686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 979: /* delete_option: CASCADE */ #line 7230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_CASCADE; } -#line 37692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 980: /* delete_option: SET NULL_SYM */ #line 7231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_SET_NULL; } -#line 37698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 981: /* delete_option: NO_SYM ACTION */ #line 7232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_NO_ACTION; } -#line 37704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 982: /* delete_option: SET DEFAULT */ #line 7233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_SET_DEFAULT; } -#line 37710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 983: /* constraint_key_type: PRIMARY_SYM KEY_SYM */ #line 7237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::PRIMARY; } -#line 37716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 984: /* constraint_key_type: UNIQUE_SYM opt_key_or_index */ #line 7238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::UNIQUE; } -#line 37722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 985: /* key_or_index: KEY_SYM */ #line 7242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 986: /* key_or_index: INDEX_SYM */ #line 7243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 987: /* opt_key_or_index: %empty */ #line 7247 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 989: /* keys_or_index: KEYS */ #line 7252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 990: /* keys_or_index: INDEX_SYM */ #line 7253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 991: /* keys_or_index: INDEXES */ #line 7254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 992: /* fulltext: FULLTEXT_SYM */ #line 7258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::FULLTEXT;} -#line 37764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 993: /* spatial_or_vector: SPATIAL_SYM */ @@ -37768,91 +37876,91 @@ { (yyval.key_type)= Key::SPATIAL; } -#line 37772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 994: /* spatial_or_vector: VECTOR_SYM */ #line 7266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::VECTOR;} -#line 37778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 995: /* normal_key_options: %empty */ #line 7270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 996: /* normal_key_options: normal_key_opts */ #line 7271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 37790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 997: /* fulltext_key_options: %empty */ #line 7275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 998: /* fulltext_key_options: fulltext_key_opts */ #line 7276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 37802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 999: /* spatial_key_options: %empty */ #line 7280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1000: /* spatial_key_options: spatial_key_opts */ #line 7281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 37814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1007: /* opt_USING_key_algorithm: %empty */ #line 7300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_UNDEF; } -#line 37820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1008: /* opt_USING_key_algorithm: USING btree_or_rtree */ #line 7301 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 37826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1009: /* opt_key_algorithm_clause: %empty */ #line 7306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_UNDEF; } -#line 37832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1010: /* opt_key_algorithm_clause: USING btree_or_rtree */ #line 7307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 37838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1011: /* opt_key_algorithm_clause: TYPE_SYM btree_or_rtree */ #line 7308 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 37844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37952 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1012: /* key_using_alg: USING btree_or_rtree */ #line 7313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.algorithm= (yyvsp[0].key_alg); } -#line 37850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37958 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1013: /* key_using_alg: TYPE_SYM btree_or_rtree */ #line 7315 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.algorithm= (yyvsp[0].key_alg); } -#line 37856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1014: /* all_key_opt: KEY_BLOCK_SIZE opt_equal ulong_num */ @@ -37861,13 +37969,13 @@ Lex->last_key->key_create_info.block_size= (yyvsp[0].ulong_num); Lex->last_key->key_create_info.flags|= HA_USES_BLOCK_SIZE; } -#line 37865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1015: /* all_key_opt: COMMENT_SYM TEXT_STRING_sys */ #line 7325 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.comment= (yyvsp[0].lex_str); } -#line 37871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1016: /* all_key_opt: VISIBLE_SYM */ @@ -37875,7 +37983,7 @@ { /* This is mainly for MySQL 8.0 compatibility */ } -#line 37879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1017: /* all_key_opt: ignorability */ @@ -37883,7 +37991,7 @@ { Lex->last_key->key_create_info.is_ignored= (yyvsp[0].num); } -#line 37887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 37995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1018: /* all_key_opt: engine_defined_option */ @@ -37891,7 +37999,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->option_list, &Lex->option_list_last); } -#line 37895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1023: /* fulltext_key_opt: WITH PARSER_SYM IDENT_sys */ @@ -37902,37 +38010,37 @@ else my_yyabort_error((ER_FUNCTION_NOT_DEFINED, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 37906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38014 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1024: /* btree_or_rtree: BTREE_SYM */ #line 7361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_BTREE; } -#line 37912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1025: /* btree_or_rtree: RTREE_SYM */ #line 7362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_RTREE; } -#line 37918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1026: /* btree_or_rtree: HASH_SYM */ #line 7363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_HASH; } -#line 37924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1027: /* ignorability: IGNORED_SYM */ #line 7367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 37930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1028: /* ignorability: NOT_SYM IGNORED_SYM */ #line 7368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 37936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1029: /* key_list: key_list ',' key_part order_dir */ @@ -37941,7 +38049,7 @@ (yyvsp[-1].key_part)->asc= (yyvsp[0].num); Lex->last_key->columns.push_back((yyvsp[-1].key_part), thd->mem_root); } -#line 37945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1030: /* key_list: key_part order_dir */ @@ -37950,13 +38058,13 @@ (yyvsp[-1].key_part)->asc= (yyvsp[0].num); Lex->last_key->columns.push_back((yyvsp[-1].key_part), thd->mem_root); } -#line 37954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1031: /* opt_without_overlaps: %empty */ #line 7385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1032: /* opt_without_overlaps: ',' ident WITHOUT OVERLAPS_SYM */ @@ -37965,7 +38073,7 @@ Lex->last_key->without_overlaps= true; Lex->last_key->period= Lex_ident_column((yyvsp[-2].ident_sys)); } -#line 37969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1034: /* key_part: ident '(' NUM ')' */ @@ -37978,7 +38086,7 @@ if (unlikely((yyval.key_part) == NULL)) MYSQL_YYABORT; } -#line 37982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1035: /* key_part_simple: ident */ @@ -37988,31 +38096,31 @@ if (unlikely((yyval.key_part) == NULL)) MYSQL_YYABORT; } -#line 37992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1036: /* opt_ident: %empty */ #line 7416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 37998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1037: /* opt_ident: field_ident */ #line 7417 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 38004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1038: /* string_list: text_string */ #line 7422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->interval_list.push_back((yyvsp[0].string), thd->mem_root); } -#line 38010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1039: /* string_list: string_list ',' text_string */ #line 7424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->interval_list.push_back((yyvsp[0].string), thd->mem_root); } -#line 38016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1040: /* $@97: %empty */ @@ -38032,7 +38140,7 @@ MYSQL_YYABORT; DBUG_ASSERT(!Lex->m_sql_cmd); } -#line 38036 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1041: /* $@98: %empty */ @@ -38048,7 +38156,7 @@ Lex->create_last_non_select_table= Lex->last_table(); Lex->mark_first_table_as_inserting(); } -#line 38052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1042: /* alter: ALTER $@97 alter_options TABLE_SYM opt_if_exists table_ident opt_lock_wait_timeout $@98 alter_commands */ @@ -38063,7 +38171,7 @@ } Lex->pop_select(); //main select } -#line 38067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1043: /* $@99: %empty */ @@ -38073,7 +38181,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 38077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1044: /* alter: ALTER DATABASE ident_or_empty $@99 create_database_options */ @@ -38087,7 +38195,7 @@ MYSQL_YYABORT; Lex->pop_select(); //main select } -#line 38091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1045: /* $@100: %empty */ @@ -38097,7 +38205,7 @@ Lex->create_info.schema_comment= thd->make_clex_string((yyvsp[0].lex_str)); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 38101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1046: /* alter: ALTER DATABASE COMMENT_SYM opt_equal TEXT_STRING_sys $@100 opt_create_database_options */ @@ -38110,7 +38218,7 @@ unlikely(lex->copy_db_to(&lex->name))) MYSQL_YYABORT; } -#line 38114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1047: /* alter: ALTER DATABASE ident UPGRADE_SYM DATA_SYM DIRECTORY_SYM NAME_SYM */ @@ -38122,7 +38230,7 @@ lex->sql_command= SQLCOM_ALTER_DB_UPGRADE; lex->name= (yyvsp[-4].ident_sys); } -#line 38126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1048: /* $@101: %empty */ @@ -38131,13 +38239,13 @@ if (Lex->stmt_alter_procedure_start((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 38135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1049: /* alter: ALTER PROCEDURE_SYM sp_name $@101 sp_a_chistics stmt_end */ #line 7516 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1050: /* $@102: %empty */ @@ -38146,13 +38254,13 @@ if (Lex->stmt_alter_function_start((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 38150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1051: /* alter: ALTER FUNCTION_SYM sp_name $@102 sp_a_chistics stmt_end */ #line 7523 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1052: /* $@103: %empty */ @@ -38163,13 +38271,13 @@ if (Lex->add_alter_view(thd, (yyvsp[-4].num), (yyvsp[-2].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 38167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1053: /* alter: ALTER view_algorithm definer_opt opt_view_suid VIEW_SYM table_ident $@103 view_list_opt AS view_select stmt_end */ #line 7531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1054: /* $@104: %empty */ @@ -38180,13 +38288,13 @@ if (Lex->add_alter_view(thd, VIEW_ALGORITHM_INHERIT, (yyvsp[-2].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 38184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1055: /* alter: ALTER definer_opt opt_view_suid VIEW_SYM table_ident $@104 view_list_opt AS view_select stmt_end */ #line 7544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1056: /* $@105: %empty */ @@ -38209,7 +38317,7 @@ Lex->sql_command= SQLCOM_ALTER_EVENT; Lex->stmt_definition_begin= (yyvsp[-2].simple_string); } -#line 38213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1057: /* alter: ALTER definer_opt remember_name EVENT_SYM sp_name $@105 ev_alter_on_schedule_completion opt_ev_rename_to opt_ev_status opt_ev_comment opt_ev_sql_stmt */ @@ -38229,7 +38337,7 @@ Lex->pop_select(); //main select } -#line 38233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1058: /* $@106: %empty */ @@ -38239,13 +38347,13 @@ lex->sql_command= SQLCOM_ALTER_SERVER; lex->server_options.reset((yyvsp[0].lex_str)); } -#line 38243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1059: /* alter: ALTER SERVER_SYM ident_or_text $@106 OPTIONS_SYM '(' server_options_list ')' */ #line 7589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 38249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1060: /* alter: ALTER USER_SYM opt_if_exists clear_privileges grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration */ @@ -38254,7 +38362,7 @@ Lex->create_info.set((yyvsp[-5].object_ddl_options)); Lex->sql_command= SQLCOM_ALTER_USER; } -#line 38258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1061: /* $@107: %empty */ @@ -38267,7 +38375,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 38271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1062: /* $@108: %empty */ @@ -38281,7 +38389,7 @@ TL_WRITE, MDL_EXCLUSIVE)) MYSQL_YYABORT; } -#line 38285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1063: /* $@109: %empty */ @@ -38299,13 +38407,13 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1064: /* alter: ALTER SEQUENCE_SYM opt_if_exists $@107 table_ident $@108 sequence_defs $@109 stmt_end */ #line 7629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1065: /* account_locking_option: LOCK_SYM */ @@ -38313,7 +38421,7 @@ { Lex->account_options.account_locked= ACCOUNTLOCK_LOCKED; } -#line 38317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1066: /* account_locking_option: UNLOCK_SYM */ @@ -38321,7 +38429,7 @@ { Lex->account_options.account_locked= ACCOUNTLOCK_UNLOCKED; } -#line 38325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1067: /* opt_password_expire_option: %empty */ @@ -38329,7 +38437,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_NOW; } -#line 38333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1068: /* opt_password_expire_option: NEVER_SYM */ @@ -38337,7 +38445,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_NEVER; } -#line 38341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1069: /* opt_password_expire_option: DEFAULT */ @@ -38345,7 +38453,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_DEFAULT; } -#line 38349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1070: /* opt_password_expire_option: INTERVAL_SYM NUM DAY_SYM */ @@ -38355,37 +38463,37 @@ if (!(Lex->account_options.num_expiration_days= atoi((yyvsp[-1].lex_str).str))) my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", (yyvsp[-1].lex_str).str)); } -#line 38359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1076: /* ev_alter_on_schedule_completion: %empty */ #line 7673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 38365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1077: /* ev_alter_on_schedule_completion: ON SCHEDULE_SYM ev_schedule_time */ #line 7674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1078: /* ev_alter_on_schedule_completion: ev_on_completion */ #line 7675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1079: /* ev_alter_on_schedule_completion: ON SCHEDULE_SYM ev_schedule_time ev_on_completion */ #line 7676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1080: /* opt_ev_rename_to: %empty */ #line 7680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 38389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1081: /* opt_ev_rename_to: RENAME TO_SYM sp_name */ @@ -38398,25 +38506,25 @@ Lex->spname= (yyvsp[0].spname); (yyval.num)= 1; } -#line 38402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1082: /* opt_ev_sql_stmt: %empty */ #line 7693 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 38408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1083: /* opt_ev_sql_stmt: DO_SYM ev_sql_stmt */ #line 7694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1084: /* ident_or_empty: %empty */ #line 7699 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys)= Lex_ident_sys(); } -#line 38420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1087: /* alter_commands: DISCARD TABLESPACE */ @@ -38428,7 +38536,7 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1088: /* alter_commands: IMPORT TABLESPACE */ @@ -38441,7 +38549,7 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1094: /* alter_commands: DROP PARTITION_SYM opt_if_exists alt_part_name_list */ @@ -38451,7 +38559,7 @@ DBUG_ASSERT(!Lex->if_exists()); Lex->create_info.add((yyvsp[-1].object_ddl_options)); } -#line 38455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1095: /* alter_commands: REBUILD_SYM PARTITION_SYM opt_no_write_to_binlog all_or_alt_part_name_list */ @@ -38461,7 +38569,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_REBUILD; lex->no_write_to_binlog= (yyvsp[-1].num); } -#line 38465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38573 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1096: /* $@110: %empty */ @@ -38476,7 +38584,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1098: /* alter_commands: ANALYZE_SYM PARTITION_SYM opt_no_write_to_binlog all_or_alt_part_name_list */ @@ -38491,7 +38599,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1099: /* $@111: %empty */ @@ -38505,7 +38613,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1101: /* $@112: %empty */ @@ -38520,7 +38628,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1103: /* alter_commands: COALESCE PARTITION_SYM opt_no_write_to_binlog real_ulong_num */ @@ -38531,7 +38639,7 @@ lex->no_write_to_binlog= (yyvsp[-1].num); lex->alter_info.num_parts= (yyvsp[0].ulong_num); } -#line 38535 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1104: /* alter_commands: TRUNCATE_SYM PARTITION_SYM all_or_alt_part_name_list */ @@ -38545,7 +38653,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1106: /* alter_commands: EXCHANGE_SYM PARTITION_SYM alt_part_name_item WITH TABLE_SYM table_ident opt_without_validation have_partitioning */ @@ -38554,7 +38662,7 @@ if (Lex->stmt_alter_table_exchange_partition((yyvsp[-2].table))) MYSQL_YYABORT; } -#line 38558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1107: /* alter_commands: CONVERT_SYM PARTITION_SYM alt_part_name_item TO_SYM TABLE_SYM table_ident opt_without_validation have_partitioning */ @@ -38568,7 +38676,7 @@ MYSQL_YYABORT; lex->alter_info.partition_flags|= ALTER_PARTITION_CONVERT_OUT; } -#line 38572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1108: /* $@113: %empty */ @@ -38602,7 +38710,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_ADD | ALTER_PARTITION_CONVERT_IN; } -#line 38606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1109: /* alter_commands: CONVERT_SYM TABLE_SYM table_ident $@113 TO_SYM PARTITION_SYM part_definition opt_without_validation have_partitioning */ @@ -38613,7 +38721,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1110: /* remove_partitioning: REMOVE_SYM PARTITIONING_SYM */ @@ -38621,7 +38729,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_REMOVE; } -#line 38625 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1111: /* all_or_alt_part_name_list: ALL */ @@ -38629,7 +38737,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_ALL; } -#line 38633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1113: /* $@114: %empty */ @@ -38645,13 +38753,13 @@ lex->create_info.set((yyvsp[-1].object_ddl_options)); lex->no_write_to_binlog= (yyvsp[0].num); } -#line 38649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1114: /* add_partition_rule: ADD PARTITION_SYM opt_if_not_exists opt_no_write_to_binlog $@114 add_part_extra */ #line 7902 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1116: /* add_part_extra: '(' part_def_list ')' */ @@ -38660,7 +38768,7 @@ LEX *lex= Lex; lex->part_info->num_parts= lex->part_info->partitions.elements; } -#line 38664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1117: /* add_part_extra: PARTITIONS_SYM real_ulong_num */ @@ -38668,7 +38776,7 @@ { Lex->part_info->num_parts= (yyvsp[0].ulong_num); } -#line 38672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1118: /* $@115: %empty */ @@ -38681,7 +38789,7 @@ lex->no_write_to_binlog= (yyvsp[0].num); } -#line 38685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38793 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1120: /* reorg_parts_rule: %empty */ @@ -38689,7 +38797,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_TABLE_REORG; } -#line 38693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1121: /* $@116: %empty */ @@ -38697,7 +38805,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_REORGANIZE; } -#line 38701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1122: /* reorg_parts_rule: alt_part_name_list $@116 INTO '(' part_def_list ')' */ @@ -38706,19 +38814,19 @@ partition_info *part_info= Lex->part_info; part_info->num_parts= part_info->partitions.elements; } -#line 38710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1123: /* alt_part_name_list: alt_part_name_item */ #line 7948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1124: /* alt_part_name_list: alt_part_name_list ',' alt_part_name_item */ #line 7949 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1125: /* alt_part_name_item: ident */ @@ -38728,7 +38836,7 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 38732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1129: /* alter_list_item: add_column column_def opt_place */ @@ -38739,7 +38847,7 @@ lex->alter_info.flags|= ALTER_PARSER_ADD_COLUMN; (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 38743 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1130: /* alter_list_item: ADD key_def */ @@ -38748,7 +38856,7 @@ Lex->create_last_non_select_table= Lex->last_table(); Lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 38752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1131: /* alter_list_item: ADD period_for_system_time */ @@ -38756,7 +38864,7 @@ { Lex->alter_info.flags|= ALTER_ADD_PERIOD; } -#line 38760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1132: /* alter_list_item: ADD PERIOD_SYM opt_if_not_exists_table_element period_for_application_time */ @@ -38766,7 +38874,7 @@ period.create_if_not_exists= Lex->check_exists; Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; } -#line 38770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1133: /* alter_list_item: add_column '(' create_field_list ')' */ @@ -38777,7 +38885,7 @@ if (!lex->alter_info.key_list.is_empty()) lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 38781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1134: /* alter_list_item: ADD constraint_def */ @@ -38785,7 +38893,7 @@ { Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; } -#line 38789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1135: /* alter_list_item: ADD CONSTRAINT IF_SYM not EXISTS field_ident check_constraint */ @@ -38794,7 +38902,7 @@ Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; Lex->add_constraint((yyvsp[-1].lex_str), (yyvsp[0].virtual_column), TRUE); } -#line 38798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1136: /* alter_list_item: CHANGE opt_column opt_if_exists_table_element field_ident field_spec opt_place */ @@ -38805,7 +38913,7 @@ (yyvsp[-1].create_field)->change= Lex_ident_column((yyvsp[-2].lex_str)); (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 38809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1137: /* alter_list_item: MODIFY_SYM opt_column opt_if_exists_table_element field_spec opt_place */ @@ -38816,7 +38924,7 @@ (yyvsp[-1].create_field)->change= (yyvsp[-1].create_field)->field_name; (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 38820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1138: /* alter_list_item: DROP opt_column opt_if_exists_table_element field_ident opt_restrict */ @@ -38830,7 +38938,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_PARSER_DROP_COLUMN; } -#line 38834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1139: /* alter_list_item: DROP CONSTRAINT opt_if_exists_table_element field_ident */ @@ -38845,7 +38953,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_CHECK_CONSTRAINT; } -#line 38849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1140: /* alter_list_item: DROP FOREIGN KEY_SYM opt_if_exists_table_element field_ident */ @@ -38859,7 +38967,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_FOREIGN_KEY; } -#line 38863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1141: /* alter_list_item: DROP opt_constraint_no_id PRIMARY_SYM KEY_SYM */ @@ -38874,7 +38982,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_INDEX; } -#line 38878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 38986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1142: /* alter_list_item: DROP key_or_index opt_if_exists_table_element field_ident */ @@ -38888,7 +38996,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_INDEX; } -#line 38892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1143: /* alter_list_item: DISABLE_SYM KEYS */ @@ -38898,7 +39006,7 @@ lex->alter_info.keys_onoff= Alter_info::DISABLE; lex->alter_info.flags|= ALTER_KEYS_ONOFF; } -#line 38902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1144: /* alter_list_item: ENABLE_SYM KEYS */ @@ -38908,7 +39016,7 @@ lex->alter_info.keys_onoff= Alter_info::ENABLE; lex->alter_info.flags|= ALTER_KEYS_ONOFF; } -#line 38912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1145: /* alter_list_item: ALTER opt_column opt_if_exists_table_element field_ident SET DEFAULT column_default_expr */ @@ -38919,7 +39027,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-3].lex_str), (yyvsp[0].virtual_column), (yyvsp[-4].num)))) MYSQL_YYABORT; } -#line 38923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1146: /* alter_list_item: ALTER key_or_index opt_if_exists_table_element ident ignorability */ @@ -38933,7 +39041,7 @@ lex->alter_info.alter_index_ignorability_list.push_back(ac); lex->alter_info.flags|= ALTER_INDEX_IGNORABILITY; } -#line 38937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1147: /* alter_list_item: ALTER opt_column opt_if_exists_table_element field_ident DROP DEFAULT */ @@ -38942,7 +39050,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-2].lex_str), (Virtual_column_info*) 0, (yyvsp[-3].num)))) MYSQL_YYABORT; } -#line 38946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1148: /* alter_list_item: RENAME opt_to table_ident */ @@ -38952,7 +39060,7 @@ MYSQL_YYABORT; Lex->alter_info.flags|= ALTER_RENAME; } -#line 38956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1149: /* alter_list_item: RENAME COLUMN_SYM opt_if_exists_table_element ident TO_SYM ident */ @@ -38961,7 +39069,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-2].ident_sys), (yyvsp[0].ident_sys), (yyvsp[-3].num)))) MYSQL_YYABORT; } -#line 38965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1150: /* alter_list_item: RENAME key_or_index opt_if_exists_table_element field_ident TO_SYM field_ident */ @@ -38975,7 +39083,7 @@ lex->alter_info.alter_rename_key_list.push_back(ak); lex->alter_info.flags|= ALTER_RENAME_INDEX; } -#line 38979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1151: /* alter_list_item: CONVERT_SYM TO_SYM charset charset_name_or_default */ @@ -38985,7 +39093,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].charset))) MYSQL_YYABORT; } -#line 38989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1152: /* alter_list_item: CONVERT_SYM TO_SYM charset charset_name_or_default COLLATE_SYM collation_name_or_default */ @@ -38995,7 +39103,7 @@ thd, thd->variables.character_set_collations, (yyvsp[-2].charset), (yyvsp[0].Lex_extended_collation))) MYSQL_YYABORT; } -#line 38999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1153: /* alter_list_item: create_table_options_space_separated */ @@ -39004,7 +39112,7 @@ LEX *lex=Lex; lex->alter_info.flags|= ALTER_OPTIONS; } -#line 39008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1154: /* alter_list_item: FORCE_SYM */ @@ -39012,7 +39120,7 @@ { Lex->alter_info.flags|= ALTER_RECREATE; } -#line 39016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1155: /* alter_list_item: alter_order_clause */ @@ -39021,7 +39129,7 @@ LEX *lex=Lex; lex->alter_info.flags|= ALTER_ORDER; } -#line 39025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1158: /* alter_list_item: ADD SYSTEM VERSIONING_SYM */ @@ -39030,7 +39138,7 @@ Lex->alter_info.flags|= ALTER_ADD_SYSTEM_VERSIONING; Lex->create_info.options|= HA_VERSIONED_TABLE; } -#line 39034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1159: /* alter_list_item: DROP SYSTEM VERSIONING_SYM */ @@ -39039,7 +39147,7 @@ Lex->alter_info.flags|= ALTER_DROP_SYSTEM_VERSIONING; Lex->create_info.options&= ~HA_VERSIONED_TABLE; } -#line 39043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1160: /* alter_list_item: DROP PERIOD_SYM FOR_SYSTEM_TIME_SYM */ @@ -39047,7 +39155,7 @@ { Lex->alter_info.flags|= ALTER_DROP_PERIOD; } -#line 39051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1161: /* alter_list_item: DROP PERIOD_SYM opt_if_exists_table_element FOR_SYM ident */ @@ -39059,7 +39167,7 @@ Lex->alter_info.drop_list.push_back(ad, thd->mem_root); Lex->alter_info.flags|= ALTER_DROP_CHECK_CONSTRAINT; } -#line 39063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1163: /* opt_without_validation: WITH VALIDATION_SYM */ @@ -39067,7 +39175,7 @@ { Lex->without_validation= 0; } -#line 39071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1164: /* opt_without_validation: WITHOUT VALIDATION_SYM */ @@ -39075,7 +39183,7 @@ { Lex->without_validation= 1; } -#line 39079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1170: /* alter_algorithm_option: ALGORITHM_SYM opt_equal DEFAULT */ @@ -39083,7 +39191,7 @@ { Lex->alter_info.set_requested_algorithm(Alter_info::ALTER_TABLE_ALGORITHM_DEFAULT); } -#line 39087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1171: /* alter_algorithm_option: ALGORITHM_SYM opt_equal ident */ @@ -39092,7 +39200,7 @@ if (unlikely(Lex->alter_info.set_requested_algorithm(&(yyvsp[0].ident_sys)))) my_yyabort_error((ER_UNKNOWN_ALTER_ALGORITHM, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 39096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1172: /* alter_lock_option: LOCK_SYM opt_equal DEFAULT */ @@ -39101,7 +39209,7 @@ Lex->alter_info.requested_lock= Alter_info::ALTER_TABLE_LOCK_DEFAULT; } -#line 39105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1173: /* alter_lock_option: LOCK_SYM opt_equal ident */ @@ -39110,43 +39218,43 @@ if (unlikely(Lex->alter_info.set_requested_lock(&(yyvsp[0].ident_sys)))) my_yyabort_error((ER_UNKNOWN_ALTER_LOCK, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 39114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1174: /* opt_column: %empty */ #line 8236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1175: /* opt_column: COLUMN_SYM */ #line 8237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1176: /* opt_ignore: %empty */ #line 8241 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 0;} -#line 39132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1177: /* opt_ignore: IGNORE_SYM */ #line 8242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1;} -#line 39138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1178: /* $@117: %empty */ #line 8246 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 0;} -#line 39144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1184: /* alter_option: IGNORE_SYM */ #line 8260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1;} -#line 39150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1185: /* alter_option: ONLINE_SYM */ @@ -39155,31 +39263,31 @@ Lex->alter_info.requested_lock= Alter_info::ALTER_TABLE_LOCK_NONE; } -#line 39159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1186: /* opt_restrict: %empty */ #line 8269 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_DEFAULT; } -#line 39165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1187: /* opt_restrict: RESTRICT */ #line 8270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_RESTRICT; } -#line 39171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1188: /* opt_restrict: CASCADE */ #line 8271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_CASCADE; } -#line 39177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1189: /* opt_place: %empty */ #line 8275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 39183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1190: /* opt_place: AFTER_SYM ident */ @@ -39188,7 +39296,7 @@ (yyval.lex_str)= (yyvsp[0].ident_sys); Lex->alter_info.flags |= ALTER_COLUMN_ORDER; } -#line 39192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1191: /* opt_place: FIRST_SYM */ @@ -39198,31 +39306,31 @@ (yyval.lex_str).length= 5; /* Length of "first" */ Lex->alter_info.flags |= ALTER_COLUMN_ORDER; } -#line 39202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1192: /* opt_to: %empty */ #line 8290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1193: /* opt_to: TO_SYM */ #line 8291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1194: /* opt_to: '=' */ #line 8292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1195: /* opt_to: AS */ #line 8293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39226 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1196: /* $@118: %empty */ @@ -39233,13 +39341,13 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE START too */ } -#line 39237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1197: /* slave: START_SYM SLAVE optional_connection_name slave_thread_opts optional_for_channel $@118 slave_until */ #line 8305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1198: /* $@119: %empty */ @@ -39250,13 +39358,13 @@ lex->type = 0; /* If you change this code don't forget to update STOP SLAVE too */ } -#line 39254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1199: /* slave: START_SYM ALL SLAVES slave_thread_opts $@119 */ #line 8313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1200: /* slave: STOP_SYM SLAVE optional_connection_name slave_thread_opts optional_for_channel */ @@ -39267,7 +39375,7 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE STOP too */ } -#line 39271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1201: /* slave: STOP_SYM ALL SLAVES slave_thread_opts */ @@ -39278,7 +39386,7 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE STOP too */ } -#line 39282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1202: /* start: START_SYM TRANSACTION_SYM opt_start_transaction_option_list */ @@ -39295,7 +39403,7 @@ } lex->start_transaction_opt= (yyvsp[0].num); } -#line 39299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1203: /* opt_start_transaction_option_list: %empty */ @@ -39303,7 +39411,7 @@ { (yyval.num)= 0; } -#line 39307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1204: /* opt_start_transaction_option_list: start_transaction_option_list */ @@ -39311,7 +39419,7 @@ { (yyval.num)= (yyvsp[0].num); } -#line 39315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1205: /* start_transaction_option_list: start_transaction_option */ @@ -39319,7 +39427,7 @@ { (yyval.num)= (yyvsp[0].num); } -#line 39323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1206: /* start_transaction_option_list: start_transaction_option_list ',' start_transaction_option */ @@ -39327,7 +39435,7 @@ { (yyval.num)= (yyvsp[-2].num) | (yyvsp[0].num); } -#line 39331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1207: /* start_transaction_option: WITH CONSISTENT_SYM SNAPSHOT_SYM */ @@ -39335,7 +39443,7 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_WITH_CONS_SNAPSHOT; } -#line 39339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1208: /* start_transaction_option: READ_SYM ONLY_SYM */ @@ -39343,7 +39451,7 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_READ_ONLY; } -#line 39347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1209: /* start_transaction_option: READ_SYM WRITE_SYM */ @@ -39351,43 +39459,43 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_READ_WRITE; } -#line 39355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1210: /* $@120: %empty */ #line 8384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt= 0; } -#line 39361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1211: /* slave_thread_opts: $@120 slave_thread_opt_list */ #line 8386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39475 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1214: /* slave_thread_opt: %empty */ #line 8395 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1215: /* slave_thread_opt: SQL_THREAD */ #line 8396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt|=SLAVE_SQL; } -#line 39379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1216: /* slave_thread_opt: RELAY_THREAD */ #line 8397 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt|=SLAVE_IO; } -#line 39385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1217: /* slave_until: %empty */ #line 8401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39391 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39499 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1218: /* slave_until: UNTIL_SYM slave_until_opts */ @@ -39400,7 +39508,7 @@ (lex->mi.relay_log_name && lex->mi.relay_log_pos)))) my_yyabort_error((ER_BAD_SLAVE_UNTIL_COND, MYF(0))); } -#line 39404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1219: /* slave_until: UNTIL_SYM MASTER_GTID_POS_SYM '=' TEXT_STRING_sys */ @@ -39409,7 +39517,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= false; } -#line 39413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1220: /* slave_until: UNTIL_SYM SQL_AFTER_GTIDS_SYM '=' TEXT_STRING_sys */ @@ -39418,7 +39526,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= false; } -#line 39422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1221: /* slave_until: UNTIL_SYM SQL_BEFORE_GTIDS_SYM '=' TEXT_STRING_sys */ @@ -39427,7 +39535,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= true; } -#line 39431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1224: /* $@121: %empty */ @@ -39438,37 +39546,37 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 39442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1225: /* checksum: CHECKSUM_SYM table_or_tables $@121 table_list opt_checksum_type */ #line 8442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1226: /* opt_checksum_type: %empty */ #line 8446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= 0; } -#line 39454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1227: /* opt_checksum_type: QUICK */ #line 8447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= T_QUICK; } -#line 39460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1228: /* opt_checksum_type: EXTENDED_SYM */ #line 8448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= T_EXTEND; } -#line 39466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1230: /* $@122: %empty */ #line 8454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->table_type= TABLE_TYPE_VIEW; } -#line 39472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1232: /* $@123: %empty */ @@ -39482,7 +39590,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 39486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1233: /* repair: REPAIR opt_no_write_to_binlog $@123 repair_table_or_view */ @@ -39494,73 +39602,73 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 39498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1234: /* opt_mi_repair_type: %empty */ #line 8480 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags = T_MEDIUM; } -#line 39504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1235: /* opt_mi_repair_type: mi_repair_types */ #line 8481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1236: /* mi_repair_types: mi_repair_type */ #line 8485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1237: /* mi_repair_types: mi_repair_type mi_repair_types */ #line 8486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1238: /* mi_repair_type: QUICK */ #line 8490 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_QUICK; } -#line 39528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1239: /* mi_repair_type: EXTENDED_SYM */ #line 8491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_EXTEND; } -#line 39534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1240: /* mi_repair_type: USE_FRM */ #line 8492 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_USEFRM; } -#line 39540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1241: /* mi_repair_type: FORCE_SYM */ #line 8493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FORCE; } -#line 39546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1242: /* opt_view_repair_type: %empty */ #line 8497 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 39552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1243: /* opt_view_repair_type: FOR_SYM UPGRADE_SYM */ #line 8498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 39558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1244: /* opt_view_repair_type: FROM MYSQL_SYM */ #line 8499 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FROM_MYSQL; } -#line 39564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1245: /* $@124: %empty */ @@ -39574,7 +39682,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 39578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1246: /* analyze: ANALYZE_SYM opt_no_write_to_binlog table_or_tables $@124 analyze_table_list */ @@ -39586,13 +39694,13 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 39590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1250: /* opt_persistent_stat_clause: %empty */ #line 8534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1251: /* opt_persistent_stat_clause: PERSISTENT_SYM FOR_SYM persistent_stat_spec */ @@ -39600,25 +39708,25 @@ { thd->lex->with_persistent_for_clause= TRUE; } -#line 39604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1252: /* persistent_stat_spec: ALL */ #line 8543 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1253: /* persistent_stat_spec: COLUMNS persistent_column_stat_spec INDEXES persistent_index_stat_spec */ #line 8545 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1254: /* persistent_column_stat_spec: ALL */ #line 8549 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1255: /* $@125: %empty */ @@ -39629,19 +39737,19 @@ if (unlikely(lex->column_list == NULL)) MYSQL_YYABORT; } -#line 39633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1256: /* persistent_column_stat_spec: '(' $@125 table_column_list ')' */ #line 8559 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 39639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1257: /* persistent_index_stat_spec: ALL */ #line 8563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1258: /* $@126: %empty */ @@ -39652,19 +39760,19 @@ if (unlikely(lex->index_list == NULL)) MYSQL_YYABORT; } -#line 39656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1259: /* persistent_index_stat_spec: '(' $@126 table_index_list ')' */ #line 8573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 39662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1260: /* table_column_list: %empty */ #line 8578 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39668 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1261: /* table_column_list: ident */ @@ -39673,7 +39781,7 @@ Lex->column_list->push_back((LEX_STRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 39677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1262: /* table_column_list: table_column_list ',' ident */ @@ -39682,13 +39790,13 @@ Lex->column_list->push_back((LEX_STRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 39686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1263: /* table_index_list: %empty */ #line 8593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1266: /* table_index_name: ident */ @@ -39698,7 +39806,7 @@ thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 39702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1267: /* table_index_name: PRIMARY_SYM */ @@ -39709,7 +39817,7 @@ thd->memdup(&str, sizeof(LEX_STRING)), thd->mem_root); } -#line 39713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1268: /* binlog_base64_event: BINLOG_SYM TEXT_STRING_sys */ @@ -39720,7 +39828,7 @@ Lex->ident.str= NULL; Lex->ident.length= 0; } -#line 39724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1269: /* binlog_base64_event: BINLOG_SYM '@' ident_or_text ',' '@' ident_or_text */ @@ -39730,13 +39838,13 @@ Lex->comment= (yyvsp[-3].lex_str); Lex->ident= (yyvsp[0].lex_str); } -#line 39734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1271: /* $@127: %empty */ #line 8635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->table_type= TABLE_TYPE_VIEW; } -#line 39740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1273: /* $@128: %empty */ @@ -39750,7 +39858,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 39754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1274: /* check: CHECK_SYM $@128 check_view_or_table */ @@ -39764,79 +39872,79 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 39768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1275: /* opt_mi_check_type: %empty */ #line 8662 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags = T_MEDIUM; } -#line 39774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1276: /* opt_mi_check_type: mi_check_types */ #line 8663 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1277: /* mi_check_types: mi_check_type */ #line 8667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1278: /* mi_check_types: mi_check_type mi_check_types */ #line 8668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1279: /* mi_check_type: QUICK */ #line 8672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_QUICK; } -#line 39798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1280: /* mi_check_type: FAST_SYM */ #line 8673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_FAST; } -#line 39804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1281: /* mi_check_type: MEDIUM_SYM */ #line 8674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_MEDIUM; } -#line 39810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1282: /* mi_check_type: EXTENDED_SYM */ #line 8675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_EXTEND; } -#line 39816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1283: /* mi_check_type: CHANGED */ #line 8676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_CHECK_ONLY_CHANGED; } -#line 39822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1284: /* mi_check_type: FOR_SYM UPGRADE_SYM */ #line 8677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 39828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1285: /* opt_view_check_type: %empty */ #line 8681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 39834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1286: /* opt_view_check_type: FOR_SYM UPGRADE_SYM */ #line 8682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 39840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1287: /* $@129: %empty */ @@ -39850,7 +39958,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 39854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1288: /* optimize: OPTIMIZE opt_no_write_to_binlog table_or_tables $@129 table_list opt_lock_wait_timeout */ @@ -39862,25 +39970,25 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 39866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1289: /* opt_no_write_to_binlog: %empty */ #line 8707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 39872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1290: /* opt_no_write_to_binlog: NO_WRITE_TO_BINLOG */ #line 8708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 39878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1291: /* opt_no_write_to_binlog: LOCAL_SYM */ #line 8709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 39884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 39992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1292: /* $@130: %empty */ @@ -39891,7 +39999,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 39895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1293: /* rename: RENAME table_or_tables opt_if_exists $@130 table_to_table_list */ @@ -39899,7 +40007,7 @@ { Lex->pop_select(); //main select } -#line 39903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1294: /* rename: RENAME USER_SYM clear_privileges rename_list */ @@ -39907,7 +40015,7 @@ { Lex->sql_command = SQLCOM_RENAME_USER; } -#line 39911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1295: /* rename_list: user TO_SYM user */ @@ -39917,7 +40025,7 @@ Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 39921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1296: /* rename_list: rename_list ',' user TO_SYM user */ @@ -39927,7 +40035,7 @@ Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 39931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1299: /* table_to_table: table_ident opt_lock_wait_timeout TO_SYM table_ident */ @@ -39943,7 +40051,7 @@ TL_IGNORE, MDL_EXCLUSIVE))) MYSQL_YYABORT; } -#line 39947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1300: /* $@131: %empty */ @@ -39951,7 +40059,7 @@ { Lex->alter_info.reset(); } -#line 39955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1301: /* keycache: CACHE_SYM INDEX_SYM $@131 keycache_list_or_parts IN_SYM key_cache_name */ @@ -39961,7 +40069,7 @@ lex->sql_command= SQLCOM_ASSIGN_TO_KEYCACHE; lex->ident= (yyvsp[0].lex_str); } -#line 39965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1306: /* assign_to_keycache: table_ident cache_keys_spec */ @@ -39973,7 +40081,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1307: /* assign_to_keycache_parts: table_ident adm_partition cache_keys_spec */ @@ -39985,19 +40093,19 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1308: /* key_cache_name: ident */ #line 8811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 39995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1309: /* key_cache_name: DEFAULT */ #line 8812 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str) = default_base; } -#line 40001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1310: /* $@132: %empty */ @@ -40009,7 +40117,7 @@ if (lex->main_select_push()) MYSQL_YYABORT; } -#line 40013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1311: /* preload: LOAD INDEX_SYM INTO CACHE_SYM $@132 preload_list_or_parts */ @@ -40017,7 +40125,7 @@ { Lex->pop_select(); //main select } -#line 40021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1316: /* preload_keys: table_ident cache_keys_spec opt_ignore_leaves */ @@ -40029,7 +40137,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 40033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1317: /* preload_keys_parts: table_ident adm_partition cache_keys_spec opt_ignore_leaves */ @@ -40041,7 +40149,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 40045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1318: /* $@133: %empty */ @@ -40049,7 +40157,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_ADMIN; } -#line 40053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1320: /* $@134: %empty */ @@ -40059,25 +40167,25 @@ Select->set_index_hint_type(INDEX_HINT_USE, INDEX_HINT_MASK_ALL); } -#line 40063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1322: /* cache_key_list_or_empty: %empty */ #line 8880 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 40069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1324: /* opt_ignore_leaves: %empty */ #line 8886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 40075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1325: /* opt_ignore_leaves: IGNORE_SYM LEAVES */ #line 8887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_OPTION_IGNORE_LEAVES; } -#line 40081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1326: /* $@135: %empty */ @@ -40088,7 +40196,7 @@ (yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 40092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40200 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1327: /* select: query_expression_no_with_clause $@135 opt_procedure_or_into */ @@ -40099,7 +40207,7 @@ if (Lex->select_finalize((yyvsp[-2].select_lex_unit), (yyvsp[0].select_lock))) MYSQL_YYABORT; } -#line 40103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1328: /* $@136: %empty */ @@ -40110,7 +40218,7 @@ (yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 40114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1329: /* select: with_clause query_expression_no_with_clause $@136 opt_procedure_or_into */ @@ -40122,7 +40230,7 @@ if (Lex->select_finalize((yyvsp[-2].select_lex_unit), (yyvsp[0].select_lock))) MYSQL_YYABORT; } -#line 40126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1330: /* $@137: %empty */ @@ -40131,7 +40239,7 @@ if (Lex->push_select((yyvsp[0].select_lex))) MYSQL_YYABORT; } -#line 40135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1331: /* select_into: select_into_query_specification $@137 opt_order_limit_lock */ @@ -40145,7 +40253,7 @@ if (Lex->select_finalize(unit)) MYSQL_YYABORT; } -#line 40149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1332: /* $@138: %empty */ @@ -40154,7 +40262,7 @@ if (Lex->push_select((yyvsp[0].select_lex))) MYSQL_YYABORT; } -#line 40158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1333: /* select_into: with_clause select_into_query_specification $@138 opt_order_limit_lock */ @@ -40170,19 +40278,19 @@ if (Lex->select_finalize(unit)) MYSQL_YYABORT; } -#line 40174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1334: /* simple_table: query_specification */ #line 8964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 40180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1335: /* simple_table: table_value_constructor */ #line 8965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 40186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1336: /* $@139: %empty */ @@ -40191,7 +40299,7 @@ if (Lex->parsed_TVC_start()) MYSQL_YYABORT; } -#line 40195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1337: /* table_value_constructor: VALUES $@139 values_list */ @@ -40200,7 +40308,7 @@ if (!((yyval.select_lex)= Lex->parsed_TVC_end())) MYSQL_YYABORT; } -#line 40204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1338: /* $@140: %empty */ @@ -40213,7 +40321,7 @@ sel->init_select(); sel->braces= FALSE; } -#line 40217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1339: /* $@141: %empty */ @@ -40221,7 +40329,7 @@ { Select->parsing_place= SELECT_LIST; } -#line 40225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1340: /* query_specification_start: SELECT_SYM $@140 select_options $@141 select_item_list */ @@ -40229,7 +40337,7 @@ { Select->parsing_place= NO_MATTER; } -#line 40233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1341: /* query_specification: query_specification_start opt_from_clause opt_where_clause opt_group_clause opt_having_clause opt_window_clause */ @@ -40237,7 +40345,7 @@ { (yyval.select_lex)= Lex->pop_select(); } -#line 40241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1342: /* select_into_query_specification: query_specification_start into opt_from_clause opt_where_clause opt_group_clause opt_having_clause opt_window_clause */ @@ -40245,7 +40353,7 @@ { (yyval.select_lex)= Lex->pop_select(); } -#line 40249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1343: /* query_expression: query_expression_no_with_clause */ @@ -40254,7 +40362,7 @@ (yyvsp[0].select_lex_unit)->set_with_clause(NULL); (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 40258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1344: /* query_expression: with_clause query_expression_no_with_clause */ @@ -40264,19 +40372,19 @@ (yyvsp[-1].with_clause)->attach_to((yyvsp[0].select_lex_unit)->first_select()); (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 40268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1345: /* query_expression_no_with_clause: query_expression_body_ext */ #line 9098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 40274 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1346: /* query_expression_no_with_clause: query_expression_body_ext_parens */ #line 9099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 40280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1347: /* $@142: %empty */ @@ -40288,7 +40396,7 @@ MYSQL_YYABORT; } } -#line 40292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1348: /* query_expression_body_ext: query_expression_body $@142 opt_query_expression_tail */ @@ -40299,7 +40407,7 @@ else (yyval.select_lex_unit)= Lex->add_tail_to_query_expression_body((yyvsp[-2].select_lex_unit), (yyvsp[0].order_limit_lock)); } -#line 40303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1349: /* $@143: %empty */ @@ -40308,7 +40416,7 @@ Lex->push_select(!(yyvsp[0].select_lex_unit)->first_select()->next_select() ? (yyvsp[0].select_lex_unit)->first_select() : (yyvsp[0].select_lex_unit)->fake_select_lex); } -#line 40312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1350: /* query_expression_body_ext: query_expression_body_ext_parens $@143 query_expression_tail */ @@ -40317,13 +40425,13 @@ if (!((yyval.select_lex_unit)= Lex->add_tail_to_query_expression_body_ext_parens((yyvsp[-2].select_lex_unit), (yyvsp[0].order_limit_lock)))) MYSQL_YYABORT; } -#line 40321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1351: /* query_expression_body_ext_parens: '(' query_expression_body_ext_parens ')' */ #line 9142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[-1].select_lex_unit); } -#line 40327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1352: /* query_expression_body_ext_parens: '(' query_expression_body_ext ')' */ @@ -40334,7 +40442,7 @@ sel->braces= true; (yyval.select_lex_unit)= (yyvsp[-1].select_lex_unit); } -#line 40338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1353: /* query_expression_body: query_simple */ @@ -40344,7 +40452,7 @@ if (!((yyval.select_lex_unit)= Lex->create_unit((yyvsp[0].select_lex)))) MYSQL_YYABORT; } -#line 40348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1354: /* $@144: %empty */ @@ -40355,7 +40463,7 @@ Lex->pop_select(); } } -#line 40359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1355: /* query_expression_body: query_expression_body unit_type_decl $@144 query_primary */ @@ -40366,7 +40474,7 @@ (yyvsp[-2].unit_operation).distinct))) MYSQL_YYABORT; } -#line 40370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1356: /* query_expression_body: query_expression_body_ext_parens unit_type_decl query_primary */ @@ -40378,25 +40486,25 @@ (yyvsp[-1].unit_operation).distinct))) MYSQL_YYABORT; } -#line 40382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1357: /* query_primary: query_simple */ #line 9198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 40388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1358: /* query_primary: query_expression_body_ext_parens */ #line 9200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex_unit)->first_select(); } -#line 40394 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1359: /* query_simple: simple_table */ #line 9209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex);} -#line 40400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1360: /* subselect: query_expression */ @@ -40405,7 +40513,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[0].select_lex_unit)))) MYSQL_YYABORT; } -#line 40409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40517 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1361: /* subquery: query_expression_body_ext_parens */ @@ -40418,7 +40526,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[0].select_lex_unit)))) MYSQL_YYABORT; } -#line 40422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1362: /* subquery: '(' with_clause query_expression_no_with_clause ')' */ @@ -40429,7 +40537,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[-1].select_lex_unit)))) MYSQL_YYABORT; } -#line 40433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1366: /* table_reference_list: join_table_list */ @@ -40439,7 +40547,7 @@ Select->context.first_name_resolution_table= Select->table_list.first; } -#line 40443 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1369: /* select_options: select_option_list */ @@ -40449,7 +40557,7 @@ (Select->options & SELECT_ALL))) my_yyabort_error((ER_WRONG_USAGE, MYF(0), "ALL", "DISTINCT")); } -#line 40453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1370: /* opt_history_unit: %empty */ @@ -40457,7 +40565,7 @@ { (yyval.vers_range_unit)= VERS_TIMESTAMP; } -#line 40461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1371: /* opt_history_unit: TRANSACTION_SYM */ @@ -40465,7 +40573,7 @@ { (yyval.vers_range_unit)= VERS_TRX_ID; } -#line 40469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1372: /* opt_history_unit: TIMESTAMP */ @@ -40473,7 +40581,7 @@ { (yyval.vers_range_unit)= VERS_TIMESTAMP; } -#line 40477 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1373: /* history_point: TIMESTAMP TEXT_STRING */ @@ -40486,7 +40594,7 @@ MYSQL_YYABORT; (yyval.vers_history_point)= Vers_history_point(VERS_TIMESTAMP, item); } -#line 40490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1374: /* history_point: function_call_keyword_timestamp */ @@ -40494,7 +40602,7 @@ { (yyval.vers_history_point)= Vers_history_point(VERS_TIMESTAMP, (yyvsp[0].item)); } -#line 40498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1375: /* history_point: opt_history_unit bit_expr */ @@ -40502,7 +40610,7 @@ { (yyval.vers_history_point)= Vers_history_point((yyvsp[-1].vers_range_unit), (yyvsp[0].item)); } -#line 40506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1376: /* for_portion_of_time_clause: FOR_SYM PORTION_SYM OF_SYM remember_tok_start ident FROM bit_expr TO_SYM bit_expr */ @@ -40518,7 +40626,7 @@ Vers_history_point(VERS_TIMESTAMP, (yyvsp[0].item)), Lex_ident_column((yyvsp[-4].ident_sys))); } -#line 40522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1377: /* opt_for_portion_of_time_clause: %empty */ @@ -40526,7 +40634,7 @@ { (yyval.num)= false; } -#line 40530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1378: /* opt_for_portion_of_time_clause: for_portion_of_time_clause */ @@ -40534,7 +40642,7 @@ { (yyval.num)= true; } -#line 40538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1379: /* opt_for_system_time_clause: %empty */ @@ -40542,7 +40650,7 @@ { (yyval.num)= false; } -#line 40546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1380: /* opt_for_system_time_clause: FOR_SYSTEM_TIME_SYM system_time_expr */ @@ -40550,7 +40658,7 @@ { (yyval.num)= true; } -#line 40554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1381: /* system_time_expr: AS OF_SYM history_point */ @@ -40558,7 +40666,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_AS_OF, (yyvsp[0].vers_history_point)); } -#line 40562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1382: /* system_time_expr: ALL */ @@ -40566,7 +40674,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_ALL); } -#line 40570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1383: /* system_time_expr: FROM history_point TO_SYM history_point */ @@ -40574,7 +40682,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_FROM_TO, (yyvsp[-2].vers_history_point), (yyvsp[0].vers_history_point)); } -#line 40578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1384: /* system_time_expr: BETWEEN_SYM history_point AND_SYM history_point */ @@ -40582,7 +40690,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_BETWEEN, (yyvsp[-2].vers_history_point), (yyvsp[0].vers_history_point)); } -#line 40586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1388: /* select_option: SQL_NO_CACHE_SYM */ @@ -40595,7 +40703,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SQL_NO_CACHE")); Select->options|= OPTION_NO_QUERY_CACHE; } -#line 40599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40707 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1389: /* select_option: SQL_CACHE_SYM */ @@ -40608,7 +40716,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SQL_CACHE")); Select->options|= OPTION_TO_QUERY_CACHE; } -#line 40612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1390: /* select_lock_type: FOR_SYM UPDATE_SYM opt_lock_wait_timeout_new */ @@ -40618,7 +40726,7 @@ (yyval.select_lock).defined_lock= TRUE; (yyval.select_lock).update_lock= TRUE; } -#line 40622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1391: /* select_lock_type: LOCK_SYM IN_SYM SHARE_SYM MODE_SYM opt_lock_wait_timeout_new */ @@ -40628,7 +40736,7 @@ (yyval.select_lock).defined_lock= TRUE; (yyval.select_lock).update_lock= FALSE; } -#line 40632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1392: /* opt_select_lock_type: %empty */ @@ -40636,7 +40744,7 @@ { (yyval.select_lock).empty(); } -#line 40640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1393: /* opt_select_lock_type: select_lock_type */ @@ -40644,7 +40752,7 @@ { (yyval.select_lock)= (yyvsp[0].select_lock); } -#line 40648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1394: /* opt_lock_wait_timeout_new: %empty */ @@ -40652,7 +40760,7 @@ { (yyval.select_lock).empty(); } -#line 40656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1395: /* opt_lock_wait_timeout_new: WAIT_SYM ulong_num */ @@ -40662,7 +40770,7 @@ (yyval.select_lock).defined_timeout= TRUE; (yyval.select_lock).timeout= (yyvsp[0].ulong_num); } -#line 40666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1396: /* opt_lock_wait_timeout_new: NOWAIT_SYM */ @@ -40672,7 +40780,7 @@ (yyval.select_lock).defined_timeout= TRUE; (yyval.select_lock).timeout= 0; } -#line 40676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1397: /* opt_lock_wait_timeout_new: SKIP_SYM LOCKED_SYM */ @@ -40682,7 +40790,7 @@ (yyval.select_lock).skip_locked= 1; Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SKIP_LOCKED); } -#line 40686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1400: /* select_item_list: '*' */ @@ -40703,7 +40811,7 @@ MYSQL_YYABORT; correct_select->with_wild++; } -#line 40707 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1401: /* select_item: remember_name select_sublist_qualified_asterisk remember_end */ @@ -40712,7 +40820,7 @@ if (unlikely(add_item_to_list(thd, (yyvsp[-1].item)))) MYSQL_YYABORT; } -#line 40716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1402: /* select_item: remember_name expr remember_end select_alias */ @@ -40735,7 +40843,7 @@ (yyvsp[-2].item)->set_name(thd, (yyvsp[-3].simple_string), (uint) ((yyvsp[-1].simple_string) - (yyvsp[-3].simple_string)), thd->charset()); } } -#line 40739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1403: /* remember_tok_start: %empty */ @@ -40743,7 +40851,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_tok_start(); } -#line 40747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1404: /* remember_name: %empty */ @@ -40751,7 +40859,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_start(); } -#line 40755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1405: /* remember_end: %empty */ @@ -40759,7 +40867,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_end_rtrim(); } -#line 40763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1406: /* remember_cpp_ptr: %empty */ @@ -40767,7 +40875,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_ptr(); } -#line 40771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1407: /* remember_start_opt: %empty */ @@ -40778,7 +40886,7 @@ else (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_start(); } -#line 40782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1408: /* remember_end_opt: %empty */ @@ -40789,7 +40897,7 @@ else (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_end_rtrim(); } -#line 40793 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1409: /* remember_lex: %empty */ @@ -40797,91 +40905,91 @@ { (yyval.lex)= thd->lex; } -#line 40801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1410: /* select_alias: %empty */ #line 9575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=null_clex_str;} -#line 40807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1411: /* select_alias: AS ident */ #line 9576 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 40813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1412: /* select_alias: AS TEXT_STRING_sys */ #line 9577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 40819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1413: /* select_alias: ident */ #line 9578 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 40825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1414: /* select_alias: TEXT_STRING_sys */ #line 9579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 40831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1415: /* opt_default_time_precision: %empty */ #line 9583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= NOT_FIXED_DEC; } -#line 40837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1416: /* opt_default_time_precision: '(' ')' */ #line 9584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= NOT_FIXED_DEC; } -#line 40843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1417: /* opt_default_time_precision: '(' real_ulong_num ')' */ #line 9585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].ulong_num); } -#line 40849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1418: /* opt_time_precision: %empty */ #line 9589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 40855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1419: /* opt_time_precision: '(' ')' */ #line 9590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 40861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1420: /* opt_time_precision: '(' real_ulong_num ')' */ #line 9591 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].ulong_num); } -#line 40867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1421: /* optional_braces: %empty */ #line 9595 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 40873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1422: /* optional_braces: '(' ')' */ #line 9596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 40879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1423: /* search_condition: expr */ #line 9600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { ((yyval.item)= (yyvsp[0].item))->base_flags|= item_base_t::IS_COND ; } -#line 40885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 40993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1424: /* expr: expr or expr */ @@ -40936,7 +41044,7 @@ MYSQL_YYABORT; } } -#line 40940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1425: /* expr: expr XOR expr */ @@ -40947,7 +41055,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1426: /* expr: expr and expr */ @@ -40994,7 +41102,7 @@ MYSQL_YYABORT; } } -#line 40998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1427: /* expr: NOT_SYM expr */ @@ -41004,7 +41112,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1429: /* boolean_test: boolean_test IS TRUE_SYM */ @@ -41014,7 +41122,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1430: /* boolean_test: boolean_test IS not TRUE_SYM */ @@ -41024,7 +41132,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1431: /* boolean_test: boolean_test IS FALSE_SYM */ @@ -41034,7 +41142,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1432: /* boolean_test: boolean_test IS not FALSE_SYM */ @@ -41044,7 +41152,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1433: /* boolean_test: boolean_test IS UNKNOWN_SYM */ @@ -41054,7 +41162,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1434: /* boolean_test: boolean_test IS not UNKNOWN_SYM */ @@ -41064,7 +41172,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1435: /* boolean_test: boolean_test IS NULL_SYM */ @@ -41074,7 +41182,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1436: /* boolean_test: boolean_test IS not NULL_SYM */ @@ -41084,7 +41192,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1437: /* boolean_test: boolean_test EQUAL_SYM predicate */ @@ -41094,7 +41202,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1438: /* boolean_test: boolean_test comp_op predicate */ @@ -41104,7 +41212,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1439: /* boolean_test: boolean_test comp_op all_or_any '(' subselect ')' */ @@ -41114,7 +41222,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41226 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1441: /* predicate: predicate IN_SYM subquery */ @@ -41124,7 +41232,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 41128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1442: /* predicate: predicate not IN_SYM subquery */ @@ -41137,7 +41245,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 41141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1443: /* predicate: predicate IN_SYM '(' expr ')' */ @@ -41147,7 +41255,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41259 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1444: /* predicate: predicate IN_SYM '(' expr ',' expr_list ')' */ @@ -41159,7 +41267,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1445: /* predicate: predicate not IN_SYM '(' expr ')' */ @@ -41169,7 +41277,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1446: /* predicate: predicate not IN_SYM '(' expr ',' expr_list ')' */ @@ -41182,7 +41290,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 41186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1447: /* predicate: predicate BETWEEN_SYM predicate AND_SYM predicate */ @@ -41192,7 +41300,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1448: /* predicate: predicate not BETWEEN_SYM predicate AND_SYM predicate */ @@ -41204,7 +41312,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 41208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1449: /* predicate: predicate SOUNDS_SYM LIKE predicate */ @@ -41218,7 +41326,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1450: /* predicate: predicate LIKE predicate */ @@ -41228,7 +41336,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 41232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1451: /* predicate: predicate LIKE predicate ESCAPE_SYM predicate */ @@ -41239,7 +41347,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 41243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1452: /* predicate: predicate not LIKE predicate */ @@ -41250,7 +41358,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 41254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1453: /* predicate: predicate not LIKE predicate ESCAPE_SYM predicate */ @@ -41262,7 +41370,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 41266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1454: /* predicate: predicate REGEXP predicate */ @@ -41272,7 +41380,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1455: /* predicate: predicate not REGEXP predicate */ @@ -41285,7 +41393,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1457: /* bit_expr: bit_expr '|' bit_expr */ @@ -41295,7 +41403,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1458: /* bit_expr: bit_expr '&' bit_expr */ @@ -41305,7 +41413,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1459: /* bit_expr: bit_expr SHIFT_LEFT bit_expr */ @@ -41315,7 +41423,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1460: /* bit_expr: bit_expr SHIFT_RIGHT bit_expr */ @@ -41325,7 +41433,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41329 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1461: /* bit_expr: bit_expr ORACLE_CONCAT_SYM bit_expr */ @@ -41336,7 +41444,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1462: /* bit_expr: bit_expr '+' bit_expr */ @@ -41346,7 +41454,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1463: /* bit_expr: bit_expr '-' bit_expr */ @@ -41356,7 +41464,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1464: /* bit_expr: bit_expr '+' INTERVAL_SYM expr interval */ @@ -41366,7 +41474,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1465: /* bit_expr: bit_expr '-' INTERVAL_SYM expr interval */ @@ -41376,7 +41484,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1466: /* bit_expr: INTERVAL_SYM expr interval '+' expr */ @@ -41386,7 +41494,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1467: /* bit_expr: '+' INTERVAL_SYM expr interval '+' expr */ @@ -41396,7 +41504,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1468: /* bit_expr: '-' INTERVAL_SYM expr interval '+' expr */ @@ -41406,7 +41514,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1469: /* bit_expr: bit_expr '*' bit_expr */ @@ -41416,7 +41524,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1470: /* bit_expr: bit_expr '/' bit_expr */ @@ -41426,7 +41534,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1471: /* bit_expr: bit_expr '%' bit_expr */ @@ -41436,7 +41544,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1472: /* bit_expr: bit_expr DIV_SYM bit_expr */ @@ -41446,7 +41554,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1473: /* bit_expr: bit_expr MOD_SYM bit_expr */ @@ -41456,7 +41564,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1474: /* bit_expr: bit_expr '^' bit_expr */ @@ -41466,55 +41574,55 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1484: /* comp_op: '=' */ #line 10035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_eq_creator; } -#line 41476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1485: /* comp_op: GE */ #line 10036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_ge_creator; } -#line 41482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1486: /* comp_op: '>' */ #line 10037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_gt_creator; } -#line 41488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1487: /* comp_op: LE */ #line 10038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_le_creator; } -#line 41494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1488: /* comp_op: '<' */ #line 10039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_lt_creator; } -#line 41500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1489: /* comp_op: NE */ #line 10040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_ne_creator; } -#line 41506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1490: /* all_or_any: ALL */ #line 10044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 41512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1491: /* all_or_any: ANY_SYM */ #line 10045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 41518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1492: /* opt_dyncol_type: %empty */ @@ -41522,67 +41630,67 @@ { (yyval.Lex_dyncol_type).set(DYN_COL_NULL); /* automatic type */ } -#line 41526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1493: /* opt_dyncol_type: AS dyncol_type */ #line 10053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type)= (yyvsp[0].Lex_dyncol_type); } -#line 41532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1497: /* numeric_dyncol_type: INT_SYM */ #line 10063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_INT); } -#line 41538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1498: /* numeric_dyncol_type: UNSIGNED INT_SYM */ #line 10064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_UINT); } -#line 41544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1499: /* numeric_dyncol_type: DOUBLE_SYM */ #line 10065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 41550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1500: /* numeric_dyncol_type: REAL */ #line 10066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 41556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1501: /* numeric_dyncol_type: FLOAT_SYM */ #line 10067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 41562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1502: /* numeric_dyncol_type: DECIMAL_SYM float_options */ #line 10068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DECIMAL, (yyvsp[0].Lex_length_and_dec)); } -#line 41568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1503: /* temporal_dyncol_type: DATE_SYM */ #line 10072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DATE); } -#line 41574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1504: /* temporal_dyncol_type: TIME_SYM opt_field_scale */ #line 10073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_TIME, (yyvsp[0].Lex_length_and_dec)); } -#line 41580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1505: /* temporal_dyncol_type: DATETIME opt_field_scale */ #line 10074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DATETIME, (yyvsp[0].Lex_length_and_dec)); } -#line 41586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1506: /* string_dyncol_type: char opt_binary */ @@ -41593,7 +41701,7 @@ (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 41597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1507: /* string_dyncol_type: nchar */ @@ -41601,7 +41709,7 @@ { (yyval.Lex_dyncol_type).set(DYN_COL_STRING, national_charset_info); } -#line 41605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1508: /* dyncall_create_element: expr ',' expr opt_dyncol_type */ @@ -41624,7 +41732,7 @@ else (yyval.dyncol_def)->len= 0; } -#line 41628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1509: /* dyncall_create_list: dyncall_create_element */ @@ -41635,7 +41743,7 @@ MYSQL_YYABORT; (yyval.dyncol_def_list)->push_back((yyvsp[0].dyncol_def), thd->mem_root); } -#line 41639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1510: /* dyncall_create_list: dyncall_create_list ',' dyncall_create_element */ @@ -41644,31 +41752,31 @@ (yyvsp[-2].dyncol_def_list)->push_back((yyvsp[0].dyncol_def), thd->mem_root); (yyval.dyncol_def_list)= (yyvsp[-2].dyncol_def_list); } -#line 41648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1511: /* plsql_cursor_attr: ISOPEN_SYM */ #line 10130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_ISOPEN; } -#line 41654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1512: /* plsql_cursor_attr: FOUND_SYM */ #line 10131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_FOUND; } -#line 41660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1513: /* plsql_cursor_attr: NOTFOUND_SYM */ #line 10132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_NOTFOUND; } -#line 41666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1514: /* plsql_cursor_attr: ROWCOUNT_SYM */ #line 10133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_ROWCOUNT; } -#line 41672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1515: /* explicit_cursor_attr: ident PERCENT_ORACLE_SYM plsql_cursor_attr */ @@ -41677,61 +41785,61 @@ if (unlikely(!((yyval.item)= Lex->make_item_plsql_cursor_attr(thd, &(yyvsp[-2].ident_sys), (yyvsp[0].plsql_cursor_attr))))) MYSQL_YYABORT; } -#line 41681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1518: /* trim_operands_regular: expr */ #line 10151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[0].item)); } -#line 41687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1519: /* trim_operands_special: LEADING expr FROM expr */ #line 10155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_LEADING, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1520: /* trim_operands_special: TRAILING expr FROM expr */ #line 10156 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_TRAILING, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1521: /* trim_operands_special: BOTH expr FROM expr */ #line 10157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1522: /* trim_operands_special: LEADING FROM expr */ #line 10158 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_LEADING, (yyvsp[0].item)); } -#line 41711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1523: /* trim_operands_special: TRAILING FROM expr */ #line 10159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_TRAILING, (yyvsp[0].item)); } -#line 41717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1524: /* trim_operands_special: BOTH FROM expr */ #line 10160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[0].item)); } -#line 41723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1525: /* trim_operands_special: expr FROM expr */ #line 10161 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1532: /* column_default_non_parenthesized_expr: param_marker */ #line 10199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item_param); } -#line 41735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1534: /* column_default_non_parenthesized_expr: sum_expr */ @@ -41743,7 +41851,7 @@ MYSQL_YYABORT; } } -#line 41747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1535: /* column_default_non_parenthesized_expr: window_func_expr */ @@ -41755,7 +41863,7 @@ MYSQL_YYABORT; } } -#line 41759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1537: /* column_default_non_parenthesized_expr: ROW_SYM '(' expr ',' expr_list ')' */ @@ -41766,7 +41874,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1538: /* column_default_non_parenthesized_expr: EXISTS '(' subselect ')' */ @@ -41776,7 +41884,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1539: /* column_default_non_parenthesized_expr: '{' ident expr '}' */ @@ -41785,7 +41893,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].item)->make_odbc_literal(thd, &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 41789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1540: /* column_default_non_parenthesized_expr: MATCH ident_list_arg AGAINST '(' bit_expr fulltext_options ')' */ @@ -41799,7 +41907,7 @@ Select->add_ftfunc_to_list(thd, i1); (yyval.item)= i1; } -#line 41803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1541: /* column_default_non_parenthesized_expr: CAST_SYM '(' expr AS cast_type ')' */ @@ -41808,7 +41916,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].Lex_cast_type).create_typecast_item_or_error(thd, (yyvsp[-3].item))))) MYSQL_YYABORT; } -#line 41812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1542: /* column_default_non_parenthesized_expr: CASE_SYM when_list_opt_else END */ @@ -41817,7 +41925,7 @@ if (unlikely(!((yyval.item)= new(thd->mem_root) Item_func_case_searched(thd, *(yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1543: /* column_default_non_parenthesized_expr: CASE_SYM expr when_list_opt_else END */ @@ -41827,7 +41935,7 @@ if (unlikely(!((yyval.item)= new (thd->mem_root) Item_func_case_simple(thd, *(yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1544: /* column_default_non_parenthesized_expr: CONVERT_SYM '(' expr ',' cast_type ')' */ @@ -41836,7 +41944,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].Lex_cast_type).create_typecast_item_or_error(thd, (yyvsp[-3].item))))) MYSQL_YYABORT; } -#line 41840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1545: /* column_default_non_parenthesized_expr: CONVERT_SYM '(' expr USING charset_name ')' */ @@ -41848,7 +41956,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1546: /* column_default_non_parenthesized_expr: DEFAULT '(' simple_ident ')' */ @@ -41863,7 +41971,7 @@ MYSQL_YYABORT; Lex->default_used= TRUE; } -#line 41867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1547: /* column_default_non_parenthesized_expr: VALUE_SYM '(' simple_ident_nospvar ')' */ @@ -41874,7 +41982,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1548: /* column_default_non_parenthesized_expr: NEXT_SYM VALUE_SYM FOR_SYM table_ident */ @@ -41883,7 +41991,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_nextval(thd, (yyvsp[0].table))))) MYSQL_YYABORT; } -#line 41887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 41995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1549: /* column_default_non_parenthesized_expr: NEXTVAL_SYM '(' table_ident ')' */ @@ -41892,7 +42000,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_nextval(thd, (yyvsp[-1].table))))) MYSQL_YYABORT; } -#line 41896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1550: /* column_default_non_parenthesized_expr: PREVIOUS_SYM VALUE_SYM FOR_SYM table_ident */ @@ -41901,7 +42009,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_lastval(thd, (yyvsp[0].table))))) MYSQL_YYABORT; } -#line 41905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1551: /* column_default_non_parenthesized_expr: LASTVAL_SYM '(' table_ident ')' */ @@ -41910,155 +42018,161 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_lastval(thd, (yyvsp[-1].table))))) MYSQL_YYABORT; } -#line 41914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1552: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ')' */ #line 10314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-3].table), (yyvsp[-1].longlong_hybrid_number), 0, - 1)))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-3].table), + Longlong_hybrid((yyvsp[-1].longlong_hybrid_number).num, (yyvsp[-1].longlong_hybrid_number).is_unsigned), + 0, 1)))) MYSQL_YYABORT; } -#line 41924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1553: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ')' */ -#line 10320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10322 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-5].table), (yyvsp[-3].longlong_hybrid_number), 0, - (yyvsp[-1].ulong_num))))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-5].table), + Longlong_hybrid((yyvsp[-3].longlong_hybrid_number).num, (yyvsp[-3].longlong_hybrid_number).is_unsigned), + 0, (yyvsp[-1].ulong_num))))) MYSQL_YYABORT; } -#line 41934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1554: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ',' ulonglong_num ')' */ -#line 10327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-7].table), (yyvsp[-5].longlong_hybrid_number), (yyvsp[-1].ulonglong_number), - (yyvsp[-3].ulong_num))))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-7].table), + Longlong_hybrid((yyvsp[-5].longlong_hybrid_number).num, (yyvsp[-5].longlong_hybrid_number).is_unsigned), + (yyvsp[-1].ulonglong_number), (yyvsp[-3].ulong_num))))) MYSQL_YYABORT; } -#line 41944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1557: /* primary_expr: '(' parenthesized_expr ')' */ -#line 10337 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10343 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[-1].item); } -#line 41950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1558: /* primary_expr: subquery */ -#line 10339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->create_item_query_expression(thd, (yyvsp[0].select_lex)->master_unit()))) MYSQL_YYABORT; } -#line 41959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1560: /* string_factor_expr: string_factor_expr COLLATE_SYM collation_name */ -#line 10348 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10354 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= new (thd->mem_root) Item_func_set_collation(thd, (yyvsp[-2].item), (yyvsp[0].Lex_extended_collation))))) MYSQL_YYABORT; } -#line 41969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1562: /* simple_expr: BINARY simple_expr */ -#line 10358 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Type_cast_attributes at(&my_charset_bin); if (unlikely(!((yyval.item)= type_handler_long_blob.create_typecast_item(thd, (yyvsp[0].item), at)))) MYSQL_YYABORT; } -#line 41979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1563: /* simple_expr: '+' simple_expr */ -#line 10364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 41987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1564: /* simple_expr: '-' simple_expr */ -#line 10368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item)->neg(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1565: /* simple_expr: '~' simple_expr */ -#line 10374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_bit_neg(thd, (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1566: /* simple_expr: not2 simple_expr */ -#line 10380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= negate_expression(thd, (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1568: /* mysql_concatenation_expr: mysql_concatenation_expr MYSQL_CONCAT_SYM simple_expr */ -#line 10390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_concat(thd, (yyvsp[-2].item), (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1569: /* function_call_keyword_timestamp: TIMESTAMP '(' expr ')' */ -#line 10399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_datetime_typecast(thd, (yyvsp[-1].item), AUTO_SEC_PART_DIGITS); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1570: /* function_call_keyword_timestamp: TIMESTAMP '(' expr ',' expr ')' */ -#line 10406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_timestamp(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1571: /* function_call_keyword: CHAR_SYM '(' expr_list ')' */ -#line 10420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_char(thd, *(yyvsp[-1].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1572: /* function_call_keyword: CHAR_SYM '(' expr_list USING charset_name ')' */ -#line 10426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].charset)= thd->variables.character_set_collations. get_collation_for_charset(thd, (yyvsp[-1].charset)); @@ -42066,11 +42180,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1573: /* function_call_keyword: CURRENT_USER optional_braces */ -#line 10434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_user(thd, Lex->current_context()); @@ -42079,11 +42193,11 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 42083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1574: /* function_call_keyword: CURRENT_ROLE optional_braces */ -#line 10443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10449 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_role(thd, Lex->current_context()); @@ -42092,52 +42206,52 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 42096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1575: /* function_call_keyword: DATE_SYM '(' expr ')' */ -#line 10452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10458 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_typecast(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 42107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1576: /* function_call_keyword: DAY_SYM '(' expr ')' */ -#line 10459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_dayofmonth(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1577: /* function_call_keyword: HOUR_SYM '(' expr ')' */ -#line 10465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_hour(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1578: /* function_call_keyword: INSERT '(' expr ',' expr ',' expr ',' expr ')' */ -#line 10471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_insert(thd, (yyvsp[-7].item), (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1579: /* function_call_keyword: INTERVAL_SYM '(' expr ',' expr ')' */ -#line 10477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *list= new (thd->mem_root) List; if (unlikely(list == NULL)) @@ -42152,11 +42266,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1580: /* function_call_keyword: INTERVAL_SYM '(' expr ',' expr ',' expr_list ')' */ -#line 10492 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].item_list)->push_front((yyvsp[-3].item), thd->mem_root); (yyvsp[-1].item_list)->push_front((yyvsp[-5].item), thd->mem_root); @@ -42167,62 +42281,62 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1581: /* function_call_keyword: LEFT '(' expr ',' expr ')' */ -#line 10503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_left(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1582: /* function_call_keyword: MINUTE_SYM '(' expr ')' */ -#line 10509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_minute(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1583: /* function_call_keyword: MONTH_SYM '(' expr ')' */ -#line 10515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10521 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_month(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 42202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1584: /* function_call_keyword: RIGHT '(' expr ',' expr ')' */ -#line 10522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_right(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1585: /* function_call_keyword: SECOND_SYM '(' expr ')' */ -#line 10528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_second(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1586: /* function_call_keyword: SQL_SYM PERCENT_ORACLE_SYM ROWCOUNT_SYM */ -#line 10534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_oracle_sql_rowcount(thd); if (unlikely((yyval.item) == NULL)) @@ -42230,11 +42344,11 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 42234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1587: /* function_call_keyword: SESSION_USER_SYM '(' ')' */ -#line 10542 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_session_user(thd); if (unlikely((yyval.item) == NULL)) @@ -42242,40 +42356,40 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query=0; } -#line 42246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1588: /* function_call_keyword: TIME_SYM '(' expr ')' */ -#line 10550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_time_typecast(thd, (yyvsp[-1].item), AUTO_SEC_PART_DIGITS); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1589: /* function_call_keyword: function_call_keyword_timestamp */ -#line 10557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 42265 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1590: /* function_call_keyword: TRIM '(' trim_operands ')' */ -#line 10561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_trim(thd, (yyvsp[-1].trim))))) MYSQL_YYABORT; } -#line 42275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1591: /* function_call_keyword: USER_SYM '(' ')' */ -#line 10567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_user(thd); if (unlikely((yyval.item) == NULL)) @@ -42283,361 +42397,361 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query=0; } -#line 42287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1592: /* function_call_keyword: YEAR_SYM '(' expr ')' */ -#line 10575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10581 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_year(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 42298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1595: /* substring_operands_regular: expr ',' expr ',' expr */ -#line 10590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-4].item), (yyvsp[-2].item), (yyvsp[0].item)); } -#line 42306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1596: /* substring_operands_regular: expr ',' expr */ -#line 10594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-2].item), (yyvsp[0].item)); } -#line 42314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1597: /* substring_operands_special: expr FROM expr FOR_SYM expr */ -#line 10601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-4].item), (yyvsp[-2].item), (yyvsp[0].item)); } -#line 42322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1598: /* substring_operands_special: expr FROM expr */ -#line 10605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10611 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-2].item), (yyvsp[0].item)); } -#line 42330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1599: /* function_call_nonkeyword: ADDDATE_SYM '(' expr ',' expr ')' */ -#line 10625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-3].item), (yyvsp[-1].item), INTERVAL_DAY, 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1600: /* function_call_nonkeyword: ADDDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10632 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1601: /* function_call_nonkeyword: CURDATE optional_braces */ -#line 10638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10644 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curdate_local(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1602: /* function_call_nonkeyword: CURTIME opt_time_precision */ -#line 10645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10651 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curtime_local(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1603: /* function_call_nonkeyword: DATE_ADD_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1604: /* function_call_nonkeyword: DATE_SUB_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42507 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1605: /* function_call_nonkeyword: EXTRACT_SYM '(' interval FROM expr ')' */ -#line 10664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=new (thd->mem_root) Item_extract(thd, (yyvsp[-3].interval), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42517 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1606: /* function_call_nonkeyword: GET_FORMAT '(' date_time_type ',' expr ')' */ -#line 10670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_get_format(thd, (yyvsp[-3].date_time_type), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1607: /* function_call_nonkeyword: LOCALTIMESTAMP opt_time_precision */ -#line 10676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_now_local(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query= false; } -#line 42424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1608: /* function_call_nonkeyword: NOW_SYM opt_time_precision */ -#line 10683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_timestamp(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1609: /* function_call_nonkeyword: POSITION_SYM '(' bit_expr IN_SYM expr ')' */ -#line 10690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_locate(thd, (yyvsp[-1].item), (yyvsp[-3].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1610: /* function_call_nonkeyword: ROWNUM_SYM '(' ')' */ -#line 10701 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_rownum(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1611: /* function_call_nonkeyword: SUBDATE_SYM '(' expr ',' expr ')' */ -#line 10707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-3].item), (yyvsp[-1].item), INTERVAL_DAY, 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1612: /* function_call_nonkeyword: SUBDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1613: /* function_call_nonkeyword: SUBSTRING '(' substring_operands ')' */ -#line 10720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_substr(thd, (yyvsp[-1].substring_spec))))) MYSQL_YYABORT; } -#line 42486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1614: /* function_call_nonkeyword: SYSDATE '(' ')' */ -#line 10733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_sysdate(thd, 0)))) MYSQL_YYABORT; } -#line 42495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1615: /* function_call_nonkeyword: SYSDATE '(' real_ulong_num ')' */ -#line 10738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_sysdate(thd, (uint) (yyvsp[-1].ulong_num))))) MYSQL_YYABORT; } -#line 42504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1616: /* function_call_nonkeyword: TIMESTAMP_ADD '(' interval_time_stamp ',' expr ',' expr ')' */ -#line 10743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-1].item), (yyvsp[-3].item), (yyvsp[-5].interval_time_st), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1617: /* function_call_nonkeyword: TIMESTAMP_DIFF '(' interval_time_stamp ',' expr ',' expr ')' */ -#line 10749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_timestamp_diff(thd, (yyvsp[-3].item), (yyvsp[-1].item), (yyvsp[-5].interval_time_st)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1618: /* function_call_nonkeyword: TRIM_ORACLE '(' trim_operands ')' */ -#line 10755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= (yyvsp[-1].trim).make_item_func_trim_oracle(thd)))) MYSQL_YYABORT; } -#line 42533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1619: /* function_call_nonkeyword: UTC_DATE_SYM optional_braces */ -#line 10760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curdate_utc(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1620: /* function_call_nonkeyword: UTC_TIME_SYM opt_time_precision */ -#line 10767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curtime_utc(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1621: /* function_call_nonkeyword: UTC_TIMESTAMP_SYM opt_time_precision */ -#line 10774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_now_utc(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 42566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1622: /* function_call_nonkeyword: COLUMN_ADD_SYM '(' expr ',' dyncall_create_list ')' */ -#line 10782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_add(thd, (yyvsp[-3].item), *(yyvsp[-1].dyncol_def_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1623: /* function_call_nonkeyword: COLUMN_DELETE_SYM '(' expr ',' expr_list ')' */ -#line 10789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_delete(thd, (yyvsp[-3].item), *(yyvsp[-1].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1624: /* function_call_nonkeyword: COLUMN_CREATE_SYM '(' dyncall_create_list ')' */ -#line 10796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_create(thd, *(yyvsp[-1].dyncol_def_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1625: /* function_call_nonkeyword: COLUMN_GET_SYM '(' expr ',' expr AS cast_type ')' */ -#line 10803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_get(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].Lex_cast_type).type_handler(), (yyvsp[-1].Lex_cast_type), (yyvsp[-1].Lex_cast_type).charset()); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1626: /* function_call_conflict: ASCII_SYM '(' expr ')' */ -#line 10818 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_ascii(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42731 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1627: /* function_call_conflict: CHARSET '(' expr ')' */ -#line 10824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_charset(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1628: /* function_call_conflict: IF_SYM '(' expr ',' expr ',' expr ')' */ -#line 10830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_if(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1629: /* function_call_conflict: LAST_VALUE '(' expr ')' */ -#line 10839 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *list= new (thd->mem_root) List; if (unlikely(list == NULL)) @@ -42648,32 +42762,32 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1630: /* function_call_conflict: LAST_VALUE '(' expr_list ',' expr ')' */ -#line 10850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-3].item_list)->push_back((yyvsp[-1].item), thd->mem_root); (yyval.item)= new (thd->mem_root) Item_func_last_value(thd, *(yyvsp[-3].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1631: /* function_call_conflict: MOD_SYM '(' expr ',' expr ')' */ -#line 10857 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_mod(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1632: /* function_call_conflict: PASSWORD_SYM '(' expr ')' */ -#line 10863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10869 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item* i1; i1= new (thd->mem_root) Item_func_password(thd, (yyvsp[-1].item)); @@ -42681,51 +42795,51 @@ MYSQL_YYABORT; (yyval.item)= i1; } -#line 42685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1633: /* function_call_conflict: REPEAT_SYM '(' expr ',' expr ')' */ -#line 10871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_repeat(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1634: /* function_call_conflict: REPLACE '(' expr ',' expr ',' expr ')' */ -#line 10877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_replace(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item))))) MYSQL_YYABORT; } -#line 42705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1635: /* function_call_conflict: TRUNCATE_SYM '(' expr ',' expr ')' */ -#line 10883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_round(thd, (yyvsp[-3].item), (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1636: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr opt_ws_levels ')' */ -#line 10889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-2].item), 0, 0, (yyvsp[-1].ulong_num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42839 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1637: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr AS CHAR_SYM ws_nweights opt_ws_levels ')' */ -#line 10895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-5].item), 0, (yyvsp[-2].ulong_num), @@ -42733,11 +42847,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1638: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr AS BINARY ws_nweights ')' */ -#line 10903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *item= new (thd->mem_root) Item_char_typecast(thd, (yyvsp[-4].item), (yyvsp[-1].ulong_num), &my_charset_bin); @@ -42749,22 +42863,22 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1639: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr ',' ulong_num ',' ulong_num ',' ulong_num ')' */ -#line 10915 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10921 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-7].item), (yyvsp[-5].ulong_num), (yyvsp[-3].ulong_num), (yyvsp[-1].ulong_num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1640: /* @145: %empty */ -#line 10934 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10940 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { #ifdef HAVE_DLOPEN udf_func *udf= 0; @@ -42783,11 +42897,11 @@ (yyval.udf)= udf; #endif } -#line 42787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1641: /* function_call_generic: ident_func '(' @145 opt_udf_expr_list ')' */ -#line 10953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { const Type_handler *h; Create_func *builder; @@ -42850,172 +42964,172 @@ if (unlikely(! ((yyval.item)= item))) MYSQL_YYABORT; } -#line 42854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1642: /* function_call_generic: CONTAINS_SYM '(' opt_expr_list ')' */ -#line 11016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11022 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 42864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1643: /* function_call_generic: OVERLAPS_SYM '(' opt_expr_list ')' */ -#line 11022 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 42874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1644: /* function_call_generic: WITHIN '(' opt_expr_list ')' */ -#line 11028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 42884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 42998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1645: /* function_call_generic: ident_cli '.' ident_cli '(' opt_expr_list ')' */ -#line 11034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_call_generic(thd, &(yyvsp[-5].ident_cli), &(yyvsp[-3].ident_cli), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 42893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1646: /* function_call_generic: ident_cli '.' ident_cli '.' ident_cli '(' opt_expr_list ')' */ -#line 11039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_call_generic(thd, &(yyvsp[-7].ident_cli), &(yyvsp[-5].ident_cli), &(yyvsp[-3].ident_cli), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 42902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1647: /* function_call_generic: ident_cli '.' REPLACE '(' opt_expr_list ')' */ -#line 11044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_replace(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 42911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1648: /* function_call_generic: ident_cli '.' SUBSTRING '(' opt_expr_list ')' */ -#line 11049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_substr(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 42920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1649: /* function_call_generic: ident_cli '.' SUBSTRING '(' substring_operands_special ')' */ -#line 11054 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_substr(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].substring_spec))))) MYSQL_YYABORT; } -#line 42929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1650: /* function_call_generic: ident_cli '.' TRIM '(' opt_expr_list ')' */ -#line 11059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_trim(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 42938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1651: /* function_call_generic: ident_cli '.' TRIM '(' trim_operands_special ')' */ -#line 11064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_trim(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].trim))))) MYSQL_YYABORT; } -#line 42947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1652: /* fulltext_options: opt_natural_language_mode opt_query_expansion */ -#line 11084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].num) | (yyvsp[0].num); } -#line 42953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1653: /* fulltext_options: IN_SYM BOOLEAN_SYM MODE_SYM */ -#line 11086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11092 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_BOOL; } -#line 42959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1654: /* opt_natural_language_mode: %empty */ -#line 11090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_NL; } -#line 42965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1655: /* opt_natural_language_mode: IN_SYM NATURAL LANGUAGE_SYM MODE_SYM */ -#line 11091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_NL; } -#line 42971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1656: /* opt_query_expansion: %empty */ -#line 11095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 42977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1657: /* opt_query_expansion: WITH QUERY_SYM EXPANSION_SYM */ -#line 11096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11102 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_EXPAND; } -#line 42983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1658: /* opt_udf_expr_list: %empty */ -#line 11100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 42989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1659: /* opt_udf_expr_list: udf_expr_list */ -#line 11101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11107 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list); } -#line 42995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1660: /* udf_expr_list: udf_expr */ -#line 11106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL)) MYSQL_YYABORT; (yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root); } -#line 43006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1661: /* udf_expr_list: udf_expr_list ',' udf_expr */ -#line 11113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11119 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 43015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1662: /* udf_expr: remember_name expr remember_end select_alias */ -#line 11121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Use Item::name as a storage for the attribute value of user @@ -43039,61 +43153,61 @@ (yyvsp[-2].item)->set_name(thd, (yyvsp[-3].simple_string), (uint) ((yyvsp[-1].simple_string) - (yyvsp[-3].simple_string)), thd->charset()); (yyval.item)= (yyvsp[-2].item); } -#line 43043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1663: /* sum_expr: AVG_SYM '(' in_sum_expr ')' */ -#line 11148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_avg(thd, (yyvsp[-1].item), FALSE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1664: /* sum_expr: AVG_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_avg(thd, (yyvsp[-1].item), TRUE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1665: /* sum_expr: BIT_AND '(' in_sum_expr ')' */ -#line 11160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_and(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1666: /* sum_expr: BIT_OR '(' in_sum_expr ')' */ -#line 11166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_or(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1667: /* sum_expr: BIT_XOR '(' in_sum_expr ')' */ -#line 11172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_xor(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1668: /* sum_expr: COUNT_SYM '(' opt_all '*' ')' */ -#line 11178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *item= new (thd->mem_root) Item_int(thd, (int32) 0L, 1); if (unlikely(item == NULL)) @@ -43102,149 +43216,149 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1669: /* sum_expr: COUNT_SYM '(' in_sum_expr ')' */ -#line 11187 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_count(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1670: /* $@146: %empty */ -#line 11193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 43122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1671: /* $@147: %empty */ -#line 11195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr--; } -#line 43128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1672: /* sum_expr: COUNT_SYM '(' DISTINCT $@146 expr_list $@147 ')' */ -#line 11197 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_count(thd, *(yyvsp[-2].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1673: /* sum_expr: MIN_SYM '(' in_sum_expr ')' */ -#line 11203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_min(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1674: /* sum_expr: MIN_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_min(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1675: /* sum_expr: MAX_SYM '(' in_sum_expr ')' */ -#line 11220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11226 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_max(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1676: /* sum_expr: MAX_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11226 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_max(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1677: /* sum_expr: STD_SYM '(' in_sum_expr ')' */ -#line 11232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_std(thd, (yyvsp[-1].item), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1678: /* sum_expr: VARIANCE_SYM '(' in_sum_expr ')' */ -#line 11238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_variance(thd, (yyvsp[-1].item), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1679: /* sum_expr: STDDEV_SAMP_SYM '(' in_sum_expr ')' */ -#line 11244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_std(thd, (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1680: /* sum_expr: VAR_SAMP_SYM '(' in_sum_expr ')' */ -#line 11250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_variance(thd, (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1681: /* sum_expr: SUM_SYM '(' in_sum_expr ')' */ -#line 11256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_sum(thd, (yyvsp[-1].item), FALSE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1682: /* sum_expr: SUM_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_sum(thd, (yyvsp[-1].item), TRUE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1683: /* $@148: %empty */ -#line 11268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 43244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1684: /* sum_expr: GROUP_CONCAT_SYM '(' opt_distinct $@148 expr_list opt_gorder_clause opt_gconcat_separator opt_glimit_clause ')' */ -#line 11272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11278 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->in_sum_expr--; @@ -43260,17 +43374,17 @@ (yyvsp[-4].item_list)->empty(); sel->gorder_list.empty(); } -#line 43264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1685: /* $@149: %empty */ -#line 11288 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 43270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1686: /* sum_expr: JSON_ARRAYAGG_SYM '(' opt_distinct $@149 expr_list opt_gorder_clause opt_glimit_clause ')' */ -#line 11291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; List *args= (yyvsp[-3].item_list); @@ -43297,17 +43411,17 @@ (yyvsp[-3].item_list)->empty(); sel->gorder_list.empty(); } -#line 43301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1687: /* $@150: %empty */ -#line 11318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 43307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1688: /* sum_expr: JSON_OBJECTAGG_SYM '(' $@150 expr ',' expr ')' */ -#line 11320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11326 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->in_sum_expr--; @@ -43316,23 +43430,23 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1689: /* window_func_expr: window_func OVER_SYM window_name */ -#line 11332 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_window_func(thd, (Item_sum *) (yyvsp[-2].item), (yyvsp[0].lex_str_ptr)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 43332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1690: /* window_func_expr: window_func OVER_SYM window_spec */ -#line 11341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11347 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_spec(thd, lex->win_ref, @@ -43344,14 +43458,14 @@ thd->lex->win_spec); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 43351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1693: /* window_func: function_call_generic */ -#line 11363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item* item = (Item*)(yyvsp[0].item); /* Only UDF aggregate here possible */ @@ -43363,101 +43477,101 @@ MYSQL_YYABORT; } } -#line 43367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1694: /* simple_window_func: ROW_NUMBER_SYM '(' ')' */ -#line 11378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_row_number(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1695: /* simple_window_func: RANK_SYM '(' ')' */ -#line 11385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1696: /* simple_window_func: DENSE_RANK_SYM '(' ')' */ -#line 11392 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11398 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_dense_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43511 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1697: /* simple_window_func: PERCENT_RANK_SYM '(' ')' */ -#line 11399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percent_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1698: /* simple_window_func: CUME_DIST_SYM '(' ')' */ -#line 11406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_cume_dist(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1699: /* simple_window_func: NTILE_SYM '(' expr ')' */ -#line 11413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11419 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_ntile(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1700: /* simple_window_func: FIRST_VALUE_SYM '(' expr ')' */ -#line 11420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_first_value(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1701: /* simple_window_func: LAST_VALUE '(' expr ')' */ -#line 11427 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_last_value(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1702: /* simple_window_func: NTH_VALUE_SYM '(' expr ',' expr ')' */ -#line 11434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_nth_value(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1703: /* simple_window_func: LEAD_SYM '(' expr ')' */ -#line 11441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* No second argument defaults to 1. */ Item* item_offset= new (thd->mem_root) Item_uint(thd, 1); @@ -43467,21 +43581,21 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1704: /* simple_window_func: LEAD_SYM '(' expr ',' expr ')' */ -#line 11452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11458 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_lead(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1705: /* simple_window_func: LAG_SYM '(' expr ')' */ -#line 11459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* No second argument defaults to 1. */ Item* item_offset= new (thd->mem_root) Item_uint(thd, 1); @@ -43491,21 +43605,21 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1706: /* simple_window_func: LAG_SYM '(' expr ',' expr ')' */ -#line 11470 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_lag(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1707: /* inverse_distribution_function: percentile_function OVER_SYM '(' opt_window_partition_clause ')' */ -#line 11482 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11488 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_spec(thd, lex->win_ref, @@ -43517,28 +43631,28 @@ thd->lex->win_spec); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 43524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1708: /* $@151: %empty */ -#line 11500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->prepare_add_window_spec(thd); } -#line 43530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1709: /* percentile_function: inverse_distribution_function_def WITHIN GROUP_SYM '(' $@151 order_by_single_element_list ')' */ -#line 11502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[-6].item); } -#line 43538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1710: /* percentile_function: MEDIAN_SYM '(' expr ')' */ -#line 11506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11512 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *args= new (thd->mem_root) Item_decimal(thd, "0.5", 3, thd->charset()); @@ -43552,67 +43666,67 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1711: /* inverse_distribution_function_def: PERCENTILE_CONT_SYM '(' expr ')' */ -#line 11523 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percentile_cont(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1712: /* inverse_distribution_function_def: PERCENTILE_DISC_SYM '(' expr ')' */ -#line 11529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11535 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percentile_disc(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 43576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1713: /* order_by_single_element_list: ORDER_SYM BY order_ident order_dir */ -#line 11538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_order_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 43585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1714: /* window_name: ident */ -#line 11547 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11553 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (LEX_CSTRING *) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)); if (unlikely((yyval.lex_str_ptr) == NULL)) MYSQL_YYABORT; } -#line 43595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1715: /* $@152: %empty */ -#line 11556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(! Lex->parsing_options.allows_variable)) my_yyabort_error((ER_VIEW_SELECT_VARIABLE, MYF(0))); } -#line 43604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1716: /* variable: '@' $@152 variable_aux */ -#line 11561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 43612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1717: /* variable_aux: ident_or_text SET_VAR expr */ -#line 11568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item_func_set_user_var *item; if (!(yyvsp[-2].lex_str).length) @@ -43627,11 +43741,11 @@ lex->uncacheable(UNCACHEABLE_SIDEEFFECT); lex->set_var_list.push_back(item, thd->mem_root); } -#line 43631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1718: /* variable_aux: ident_or_text */ -#line 11583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -43644,103 +43758,103 @@ LEX *lex= Lex; lex->uncacheable(UNCACHEABLE_SIDEEFFECT); } -#line 43648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1719: /* variable_aux: '@' opt_var_ident_type ident_sysvar_name */ -#line 11596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_sysvar(thd, (yyvsp[-1].var_type), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 43657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1720: /* variable_aux: '@' opt_var_ident_type ident_sysvar_name '.' ident */ -#line 11601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_sysvar(thd, (yyvsp[-3].var_type), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 43666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1721: /* opt_distinct: %empty */ -#line 11608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 43672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1722: /* opt_distinct: DISTINCT */ -#line 11609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 43678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1723: /* opt_gconcat_separator: %empty */ -#line 11614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= new (thd->mem_root) String(",", 1, &my_charset_latin1); if (unlikely((yyval.string) == NULL)) MYSQL_YYABORT; } -#line 43688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1724: /* opt_gconcat_separator: SEPARATOR_SYM text_string */ -#line 11619 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string) = (yyvsp[0].string); } -#line 43694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1727: /* gorder_list: gorder_list ',' order_ident order_dir */ -#line 11629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_gorder_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 43703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43817 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1728: /* gorder_list: order_ident order_dir */ -#line 11634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_gorder_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 43712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1729: /* opt_glimit_clause: %empty */ -#line 11641 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11647 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 43718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1730: /* opt_glimit_clause: glimit_clause */ -#line 11642 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 43724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1731: /* glimit_clause: LIMIT glimit_options */ -#line 11648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11654 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 43732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1732: /* glimit_options: limit_options */ -#line 11655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11661 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->limit_params= (yyvsp[0].select_limit); } -#line 43740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1733: /* $@153: %empty */ -#line 11664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->current_select->inc_in_sum_expr())) @@ -43749,224 +43863,224 @@ MYSQL_YYABORT; } } -#line 43753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1734: /* in_sum_expr: opt_all $@153 expr */ -#line 11673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr--; (yyval.item)= (yyvsp[0].item); } -#line 43762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1735: /* cast_type: BINARY opt_field_length */ -#line 11681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[0].Lex_length_and_dec), &my_charset_bin); } -#line 43768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1736: /* cast_type: CHAR_SYM opt_field_length opt_binary */ -#line 11683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 43779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1737: /* cast_type: VARCHAR field_length opt_binary */ -#line 11690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 43790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1738: /* cast_type: VARCHAR2_ORACLE_SYM field_length opt_binary */ -#line 11697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11703 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 43801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1739: /* cast_type: NCHAR_SYM opt_field_length */ -#line 11704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[0].Lex_length_and_dec), national_charset_info); } -#line 43809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1740: /* cast_type: cast_type_numeric */ -#line 11707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type)= (yyvsp[0].Lex_cast_type); } -#line 43815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1741: /* cast_type: cast_type_temporal */ -#line 11708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type)= (yyvsp[0].Lex_cast_type); } -#line 43821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1742: /* cast_type: udt_name */ -#line 11710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_cast_type_udt(&(yyval.Lex_cast_type), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 43830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1743: /* cast_type_numeric: INT_SYM */ -#line 11717 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 43836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1744: /* cast_type_numeric: SIGNED_SYM */ -#line 11718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 43842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1745: /* cast_type_numeric: SIGNED_SYM INT_SYM */ -#line 11719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11725 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 43848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1746: /* cast_type_numeric: UNSIGNED */ -#line 11720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_ulonglong); } -#line 43854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1747: /* cast_type_numeric: UNSIGNED INT_SYM */ -#line 11721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_ulonglong); } -#line 43860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1748: /* cast_type_numeric: DECIMAL_SYM float_options */ -#line 11722 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_newdecimal, (yyvsp[0].Lex_length_and_dec)); } -#line 43866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1749: /* cast_type_numeric: FLOAT_SYM */ -#line 11723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_float); } -#line 43872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1750: /* cast_type_numeric: DOUBLE_SYM opt_precision */ -#line 11724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_double, (yyvsp[0].Lex_length_and_dec)); } -#line 43878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1751: /* cast_type_temporal: DATE_SYM */ -#line 11728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_newdate); } -#line 43884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 43998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1752: /* cast_type_temporal: TIME_SYM opt_field_scale */ -#line 11729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11735 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_time2, (yyvsp[0].Lex_length_and_dec)); } -#line 43890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1753: /* cast_type_temporal: DATETIME opt_field_scale */ -#line 11730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11736 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_datetime2, (yyvsp[0].Lex_length_and_dec)); } -#line 43896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1754: /* cast_type_temporal: INTERVAL_SYM DAY_SECOND_SYM field_scale */ -#line 11732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_interval_DDhhmmssff, (yyvsp[0].Lex_length_and_dec)); } -#line 43904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1755: /* opt_expr_list: %empty */ -#line 11738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 43910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1756: /* opt_expr_list: expr_list */ -#line 11739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list);} -#line 43916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1757: /* expr_list: expr */ -#line 11744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11750 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_list)= List::make(thd->mem_root, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 43925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1758: /* expr_list: expr_list ',' expr */ -#line 11749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 43934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1759: /* ident_list_arg: ident_list */ -#line 11756 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list); } -#line 43940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1760: /* ident_list_arg: '(' ident_list ')' */ -#line 11757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[-1].item_list); } -#line 43946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1761: /* ident_list: simple_ident */ -#line 11762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL) || unlikely((yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 43957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1762: /* ident_list: ident_list ',' simple_ident */ -#line 11769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 43966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1763: /* when_list: WHEN_SYM expr THEN_SYM expr */ -#line 11777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL)) @@ -43975,38 +44089,38 @@ (yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 43979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1764: /* when_list: when_list WHEN_SYM expr THEN_SYM expr */ -#line 11786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-4].item_list)->push_back((yyvsp[-2].item), thd->mem_root) || (yyvsp[-4].item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; (yyval.item_list)= (yyvsp[-4].item_list); } -#line 43990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1766: /* when_list_opt_else: when_list ELSE expr */ -#line 11797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; (yyval.item_list)= (yyvsp[-2].item_list); } -#line 44000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1767: /* table_ref: table_factor */ -#line 11807 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11813 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1768: /* table_ref: join_table */ -#line 11809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11815 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->current_select->table_list.elements > MAX_TABLES) { @@ -44019,37 +44133,37 @@ MYSQL_YYABORT; } } -#line 44023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1771: /* json_text_literal: UNDERSCORE_CHARSET TEXT_STRING */ -#line 11827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11833 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_string_with_metadata)= (yyvsp[0].lex_string_with_metadata); } -#line 44031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1772: /* join_table_list: derived_table_list */ -#line 11833 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11839 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyval.table_list)=(yyvsp[0].table_list)); } -#line 44037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1773: /* json_table_columns_clause: COLUMNS '(' json_table_columns_list ')' */ -#line 11838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1775: /* json_table_columns_list: json_table_columns_list ',' json_table_column */ -#line 11844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1776: /* $@154: %empty */ -#line 11849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11855 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Create_field *f= new (thd->mem_root) Create_field(); @@ -44068,11 +44182,11 @@ lex->init_last_field(f, &(yyvsp[0].ident_sys)); } -#line 44072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1777: /* json_table_column: ident $@154 json_table_column_type */ -#line 11868 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11874 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(lex->json_table-> @@ -44081,11 +44195,11 @@ lex->json_table->m_columns.push_back( lex->json_table->m_cur_json_table_column, thd->mem_root); } -#line 44085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1778: /* $@155: %empty */ -#line 11877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Json_table_nested_path *np= new (thd->mem_root) @@ -44093,20 +44207,20 @@ np->set_path(thd, (yyvsp[0].lex_string_with_metadata)); lex->json_table->start_nested_path(np); } -#line 44097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1779: /* json_table_column: NESTED_SYM PATH_SYM json_text_literal $@155 json_table_columns_clause */ -#line 11885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->json_table->end_nested_path(); } -#line 44106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1780: /* json_table_column_type: FOR_SYM ORDINALITY_SYM */ -#line 11893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_field_type_st type; type.set(&type_handler_slong); @@ -44115,11 +44229,11 @@ Lex->json_table->m_cur_json_table_column-> set(Json_table_column::FOR_ORDINALITY); } -#line 44119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1781: /* json_table_column_type: json_table_field_type PATH_SYM json_text_literal json_opt_on_empty_or_error */ -#line 11903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attributes(thd, (yyvsp[-3].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); @@ -44130,11 +44244,11 @@ MYSQL_YYABORT; } } -#line 44134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1782: /* json_table_column_type: json_table_field_type EXISTS PATH_SYM json_text_literal */ -#line 11914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11920 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attributes(thd, (yyvsp[-3].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); @@ -44143,68 +44257,68 @@ (yyvsp[-3].Lex_field_type).charset_collation_attrs())) MYSQL_YYABORT; } -#line 44147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1787: /* json_opt_on_empty_or_error: %empty */ -#line 11933 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11939 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1794: /* json_on_response: ERROR_SYM */ -#line 11948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11954 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_ERROR; } -#line 44161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1795: /* json_on_response: NULL_SYM */ -#line 11952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_NULL; } -#line 44169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1796: /* json_on_response: DEFAULT json_default_literal */ -#line 11956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11962 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_DEFAULT; (yyval.json_on_response).m_default= (yyvsp[0].item); } -#line 44178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1797: /* json_on_error_response: json_on_response ON ERROR_SYM */ -#line 11964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->json_table->m_cur_json_table_column->m_on_error= (yyvsp[-2].json_on_response); } -#line 44186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1798: /* json_on_empty_response: json_on_response ON EMPTY_SYM */ -#line 11971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->json_table->m_cur_json_table_column->m_on_empty= (yyvsp[-2].json_on_response); } -#line 44194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1799: /* $@156: %empty */ -#line 11978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { push_table_function_arg_context(Lex, thd->mem_root); //TODO: introduce IN_TABLE_FUNC_ARGUMENT? Select->parsing_place= IN_ON; } -#line 44204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1800: /* $@157: %empty */ -#line 11984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Table_function_json_table *jt= new (thd->mem_root) Table_function_json_table((yyvsp[-1].item)); @@ -44217,11 +44331,11 @@ Select->parsing_place= NO_MATTER; jt->set_name_resolution_context(Lex->pop_context()); } -#line 44221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1801: /* table_function: JSON_TABLE_SYM '(' $@156 expr ',' $@157 json_text_literal json_table_columns_clause ')' opt_table_alias_clause */ -#line 11997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; if (unlikely((yyvsp[0].lex_str_ptr) == NULL)) @@ -44245,51 +44359,51 @@ Lex->json_table= 0; status_var_increment(thd->status_var.feature_json); } -#line 44249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1802: /* esc_table_ref: table_ref */ -#line 12030 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[0].table_list); } -#line 44255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1803: /* esc_table_ref: '{' ident table_ref '}' */ -#line 12031 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[-1].table_list); } -#line 44261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1804: /* derived_table_list: esc_table_ref */ -#line 12038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[0].table_list); Select->add_joined_table((yyvsp[0].table_list)); } -#line 44270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1805: /* derived_table_list: derived_table_list ',' esc_table_ref */ -#line 12043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); Select->add_joined_table((yyvsp[0].table_list)); } -#line 44279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1806: /* join_table: table_ref normal_join table_ref */ -#line 12057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); if (unlikely(Select->add_cross_joined_table((yyvsp[-2].table_list), (yyvsp[0].table_list), (yyvsp[-1].num)))) MYSQL_YYABORT; } -#line 44289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1807: /* $@158: %empty */ -#line 12064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-3].table_list)); @@ -44299,42 +44413,42 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 44303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1808: /* join_table: table_ref normal_join table_ref ON $@158 expr */ -#line 12074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12080 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-3].table_list)->straight=(yyvsp[-4].num); add_join_on(thd, (yyvsp[-3].table_list), (yyvsp[0].item)); (yyvsp[-3].table_list)->on_context= Lex->pop_context(); Select->parsing_place= NO_MATTER; } -#line 44314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1809: /* $@159: %empty */ -#line 12082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-3].table_list)); Select->add_joined_table((yyvsp[-1].table_list)); } -#line 44324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1810: /* join_table: table_ref normal_join table_ref USING $@159 '(' using_list ')' */ -#line 12088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-5].table_list)->straight=(yyvsp[-6].num); add_join_natural((yyvsp[-7].table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); (yyval.table_list)=(yyvsp[-5].table_list); } -#line 44334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1811: /* join_table: table_ref NATURAL inner_join table_factor */ -#line 12094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); Select->add_joined_table((yyvsp[-3].table_list)); @@ -44342,11 +44456,11 @@ (yyvsp[0].table_list)->straight=(yyvsp[-1].num); add_join_natural((yyvsp[-3].table_list),(yyvsp[0].table_list),NULL,Select); } -#line 44346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1812: /* $@160: %empty */ -#line 12105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12111 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -44356,11 +44470,11 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 44360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1813: /* join_table: table_ref LEFT opt_outer JOIN_SYM table_ref ON $@160 search_condition */ -#line 12115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { add_join_on(thd, (yyvsp[-3].table_list), (yyvsp[0].item)); (yyvsp[-3].table_list)->on_context= Lex->pop_context(); @@ -44368,31 +44482,31 @@ (yyval.table_list)=(yyvsp[-3].table_list); Select->parsing_place= NO_MATTER; } -#line 44372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1814: /* $@161: %empty */ -#line 12123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-4].table_list)); Select->add_joined_table((yyvsp[0].table_list)); } -#line 44382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1815: /* join_table: table_ref LEFT opt_outer JOIN_SYM table_factor $@161 USING '(' using_list ')' */ -#line 12129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { add_join_natural((yyvsp[-9].table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); (yyvsp[-5].table_list)->outer_join|=JOIN_TYPE_LEFT; (yyval.table_list)=(yyvsp[-5].table_list); } -#line 44392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1816: /* join_table: table_ref NATURAL LEFT opt_outer JOIN_SYM table_factor */ -#line 12135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12141 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -44401,11 +44515,11 @@ (yyvsp[0].table_list)->outer_join|=JOIN_TYPE_LEFT; (yyval.table_list)=(yyvsp[0].table_list); } -#line 44405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44519 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1817: /* $@162: %empty */ -#line 12147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -44415,11 +44529,11 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 44419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1818: /* join_table: table_ref RIGHT opt_outer JOIN_SYM table_ref ON $@162 expr */ -#line 12157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12163 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) @@ -44428,32 +44542,32 @@ (yyvsp[-7].table_list)->on_context= Lex->pop_context(); Select->parsing_place= NO_MATTER; } -#line 44432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1819: /* $@163: %empty */ -#line 12166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-4].table_list)); Select->add_joined_table((yyvsp[0].table_list)); } -#line 44442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1820: /* join_table: table_ref RIGHT opt_outer JOIN_SYM table_factor $@163 USING '(' using_list ')' */ -#line 12172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) MYSQL_YYABORT; add_join_natural((yyval.table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); } -#line 44453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1821: /* join_table: table_ref NATURAL RIGHT opt_outer JOIN_SYM table_factor */ -#line 12179 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12185 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -44463,129 +44577,129 @@ if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) MYSQL_YYABORT; } -#line 44467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1822: /* inner_join: JOIN_SYM */ -#line 12192 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 44473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1823: /* inner_join: INNER_SYM JOIN_SYM */ -#line 12193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 44479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1824: /* inner_join: STRAIGHT_JOIN */ -#line 12194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 44485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1825: /* normal_join: inner_join */ -#line 12198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12204 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = (yyvsp[0].num); } -#line 44491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1826: /* normal_join: CROSS JOIN_SYM */ -#line 12199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 44497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1827: /* opt_use_partition: %empty */ -#line 12207 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string_list)= 0;} -#line 44503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1829: /* use_partition: PARTITION_SYM '(' using_list ')' have_partitioning */ -#line 12213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string_list)= (yyvsp[-2].string_list); Select->parsing_place= Select->save_parsing_place; Select->save_parsing_place= NO_MATTER; } -#line 44513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1830: /* table_factor: table_primary_ident_opt_parens */ -#line 12221 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44519 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1831: /* table_factor: table_primary_derived_opt_parens */ -#line 12222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1832: /* table_factor: join_table_parens */ -#line 12224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].table_list)->nested_join->nest_type= 0; (yyval.table_list)= (yyvsp[0].table_list); } -#line 44534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1833: /* table_factor: table_reference_list_parens */ -#line 12228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1834: /* table_factor: table_function */ -#line 12229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1835: /* table_primary_ident_opt_parens: table_primary_ident */ -#line 12233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1836: /* table_primary_ident_opt_parens: '(' table_primary_ident_opt_parens ')' */ -#line 12234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 44558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1837: /* table_primary_derived_opt_parens: table_primary_derived */ -#line 12238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 44564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1838: /* table_primary_derived_opt_parens: '(' table_primary_derived_opt_parens ')' */ -#line 12239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 44570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1839: /* table_reference_list_parens: '(' table_reference_list_parens ')' */ -#line 12243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 44576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1840: /* table_reference_list_parens: '(' nested_table_reference_list ')' */ -#line 12245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->end_nested_join(thd))) MYSQL_YYABORT; } -#line 44585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1841: /* nested_table_reference_list: table_ref ',' table_ref */ -#line 12253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Select->init_nested_join(thd)) MYSQL_YYABORT; @@ -44593,26 +44707,26 @@ Select->add_joined_table((yyvsp[0].table_list)); (yyval.table_list)= (yyvsp[-2].table_list)->embedding; } -#line 44597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1842: /* nested_table_reference_list: nested_table_reference_list ',' table_ref */ -#line 12261 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12267 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_joined_table((yyvsp[0].table_list)); (yyval.table_list)= (yyvsp[-2].table_list); } -#line 44606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1843: /* join_table_parens: '(' join_table_parens ')' */ -#line 12268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 44612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1844: /* join_table_parens: '(' join_table ')' */ -#line 12270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (!((yyval.table_list)= lex->current_select->nest_last_join(thd))) @@ -44621,11 +44735,11 @@ MYSQL_YYABORT; } } -#line 44625 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1845: /* table_primary_ident: table_ident opt_use_partition opt_for_system_time_clause opt_table_alias_clause opt_key_definition */ -#line 12284 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->add_table_to_list(thd, (yyvsp[-4].table), (yyvsp[-1].lex_str_ptr), 0, @@ -44637,123 +44751,123 @@ if ((yyvsp[-2].num)) (yyval.table_list)->vers_conditions= Lex->vers_conditions; } -#line 44641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1847: /* table_primary_derived: subquery opt_for_system_time_clause table_alias_clause derived_column_list */ -#line 12306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Lex->parsed_derived_table((yyvsp[-3].select_lex)->master_unit(), (yyvsp[-2].num), (yyvsp[-1].lex_str_ptr), (yyvsp[0].ident_sys_list)))) MYSQL_YYABORT; } -#line 44650 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1848: /* opt_outer: %empty */ -#line 12323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1849: /* opt_outer: OUTER */ -#line 12324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1850: /* index_hint_clause: %empty */ -#line 12329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12335 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (thd->variables.old_behavior & OLD_MODE_IGNORE_INDEX_ONLY_FOR_JOIN) ? INDEX_HINT_MASK_JOIN : INDEX_HINT_MASK_ALL; } -#line 44671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1851: /* index_hint_clause: FOR_SYM JOIN_SYM */ -#line 12333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_JOIN; } -#line 44677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1852: /* index_hint_clause: FOR_SYM ORDER_SYM BY */ -#line 12334 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_ORDER; } -#line 44683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1853: /* index_hint_clause: FOR_SYM GROUP_SYM BY */ -#line 12335 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_GROUP; } -#line 44689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1854: /* index_hint_type: FORCE_SYM */ -#line 12339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.index_hint)= INDEX_HINT_FORCE; } -#line 44695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1855: /* index_hint_type: IGNORE_SYM */ -#line 12340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.index_hint)= INDEX_HINT_IGNORE; } -#line 44701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1856: /* $@164: %empty */ -#line 12345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_index_hint_type((yyvsp[-2].index_hint), (yyvsp[0].num)); } -#line 44709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1858: /* $@165: %empty */ -#line 12350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12356 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_index_hint_type(INDEX_HINT_USE, (yyvsp[0].num)); } -#line 44717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1863: /* $@166: %empty */ -#line 12363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->alloc_index_hints(thd); } -#line 44723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1865: /* $@167: %empty */ -#line 12367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12373 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->clear_index_hints(); } -#line 44729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1867: /* opt_key_usage_list: %empty */ -#line 12372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, NULL, 0); } -#line 44735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1868: /* opt_key_usage_list: key_usage_list */ -#line 12373 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1869: /* key_usage_element: ident */ -#line 12378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length); } -#line 44747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1870: /* key_usage_element: PRIMARY_SYM */ -#line 12380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, "PRIMARY", 7); } -#line 44753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1873: /* using_list: ident */ -#line 12390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.string_list)= new (thd->mem_root) List))) MYSQL_YYABORT; @@ -44764,11 +44878,11 @@ MYSQL_YYABORT; (yyval.string_list)->push_back(s, thd->mem_root); } -#line 44768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1874: /* using_list: using_list ',' ident */ -#line 12401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { String *s= new (thd->mem_root) String((const char*) (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length, @@ -44779,215 +44893,215 @@ MYSQL_YYABORT; (yyval.string_list)= (yyvsp[-2].string_list); } -#line 44783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1875: /* interval: interval_time_stamp */ -#line 12414 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1876: /* interval: DAY_HOUR_SYM */ -#line 12415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_HOUR; } -#line 44795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1877: /* interval: DAY_MICROSECOND_SYM */ -#line 12416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_MICROSECOND; } -#line 44801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1878: /* interval: DAY_MINUTE_SYM */ -#line 12417 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_MINUTE; } -#line 44807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1879: /* interval: DAY_SECOND_SYM */ -#line 12418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_SECOND; } -#line 44813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1880: /* interval: HOUR_MICROSECOND_SYM */ -#line 12419 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12425 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_MICROSECOND; } -#line 44819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1881: /* interval: HOUR_MINUTE_SYM */ -#line 12420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_MINUTE; } -#line 44825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1882: /* interval: HOUR_SECOND_SYM */ -#line 12421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12427 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_SECOND; } -#line 44831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1883: /* interval: MINUTE_MICROSECOND_SYM */ -#line 12422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_MINUTE_MICROSECOND; } -#line 44837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1884: /* interval: MINUTE_SECOND_SYM */ -#line 12423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_MINUTE_SECOND; } -#line 44843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1885: /* interval: SECOND_MICROSECOND_SYM */ -#line 12424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_SECOND_MICROSECOND; } -#line 44849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1886: /* interval: YEAR_MONTH_SYM */ -#line 12425 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_YEAR_MONTH; } -#line 44855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1887: /* interval_time_stamp: DAY_SYM */ -#line 12429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_DAY; } -#line 44861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1888: /* interval_time_stamp: WEEK_SYM */ -#line 12430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12436 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_WEEK; } -#line 44867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1889: /* interval_time_stamp: HOUR_SYM */ -#line 12431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_HOUR; } -#line 44873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1890: /* interval_time_stamp: MINUTE_SYM */ -#line 12432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12438 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MINUTE; } -#line 44879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1891: /* interval_time_stamp: MONTH_SYM */ -#line 12433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MONTH; } -#line 44885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 44999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1892: /* interval_time_stamp: QUARTER_SYM */ -#line 12434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_QUARTER; } -#line 44891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1893: /* interval_time_stamp: SECOND_SYM */ -#line 12435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_SECOND; } -#line 44897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1894: /* interval_time_stamp: MICROSECOND_SYM */ -#line 12436 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MICROSECOND; } -#line 44903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1895: /* interval_time_stamp: YEAR_SYM */ -#line 12437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_YEAR; } -#line 44909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1896: /* date_time_type: DATE_SYM */ -#line 12441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATE;} -#line 44915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1897: /* date_time_type: TIME_SYM */ -#line 12442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_TIME;} -#line 44921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1898: /* date_time_type: DATETIME */ -#line 12443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12449 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATETIME;} -#line 44927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1899: /* date_time_type: TIMESTAMP */ -#line 12444 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATETIME;} -#line 44933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1903: /* opt_table_alias_clause: %empty */ -#line 12454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12460 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)=0; } -#line 44939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1904: /* opt_table_alias_clause: table_alias_clause */ -#line 12455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (yyvsp[0].lex_str_ptr); } -#line 44945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1905: /* table_alias_clause: table_alias ident_table_alias */ -#line 12460 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12466 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys),sizeof(LEX_STRING)); if (unlikely((yyval.lex_str_ptr) == NULL)) MYSQL_YYABORT; } -#line 44955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1908: /* opt_where_clause: %empty */ -#line 12473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->where= 0; } -#line 44961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1909: /* $@168: %empty */ -#line 12475 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_WHERE; } -#line 44969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1910: /* opt_where_clause: WHERE $@168 search_condition */ -#line 12479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item)->top_level_item(); Select->where= normalize_cond(thd, (yyvsp[0].item)); Select->parsing_place= NO_MATTER; } -#line 44979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1912: /* $@169: %empty */ -#line 12489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_HAVING; } -#line 44987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1913: /* opt_having_clause: HAVING $@169 search_condition */ -#line 12493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12499 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->having= normalize_cond(thd, (yyvsp[0].item)); @@ -44995,35 +45109,35 @@ if ((yyvsp[0].item)) (yyvsp[0].item)->top_level_item(); } -#line 44999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1916: /* group_list: group_list ',' order_ident order_dir */ -#line 12513 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12519 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_group_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 45008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1917: /* group_list: order_ident order_dir */ -#line 12518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_group_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 45017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1918: /* olap_opt: %empty */ -#line 12525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1919: /* olap_opt: WITH_CUBE_SYM */ -#line 12527 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* 'WITH CUBE' is reserved in the MySQL syntax, but not implemented, @@ -45040,11 +45154,11 @@ my_yyabort_error((ER_NOT_SUPPORTED_YET, MYF(0), "CUBE")); } -#line 45044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1920: /* olap_opt: WITH_ROLLUP_SYM */ -#line 12544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* 'WITH ROLLUP' is needed for backward compatibility, @@ -45059,23 +45173,23 @@ "global union parameters")); lex->current_select->olap= ROLLUP_TYPE; } -#line 45063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1921: /* opt_window_clause: %empty */ -#line 12566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12572 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1922: /* opt_window_clause: WINDOW_SYM window_def_list */ -#line 12569 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1925: /* window_def: window_name AS window_spec */ -#line 12579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_def(thd, (yyvsp[-2].lex_str_ptr), lex->win_ref, @@ -45084,63 +45198,63 @@ lex->win_frame))) MYSQL_YYABORT; } -#line 45088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1926: /* $@170: %empty */ -#line 12591 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12597 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->prepare_add_window_spec(thd); } -#line 45094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1927: /* window_spec: '(' $@170 opt_window_ref opt_window_partition_clause opt_window_order_clause opt_window_frame_clause ')' */ -#line 12595 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 45100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1928: /* opt_window_ref: %empty */ -#line 12599 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1929: /* opt_window_ref: ident */ -#line 12601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->lex->win_ref= (LEX_CSTRING *) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)); if (unlikely(thd->lex->win_ref == NULL)) MYSQL_YYABORT; } -#line 45116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1930: /* opt_window_partition_clause: %empty */ -#line 12609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 45122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1932: /* opt_window_order_clause: %empty */ -#line 12614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 45128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1933: /* opt_window_order_clause: ORDER_SYM BY order_list */ -#line 12615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->order_list= *((yyvsp[0].select_order)); } -#line 45134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1934: /* opt_window_frame_clause: %empty */ -#line 12619 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1935: /* opt_window_frame_clause: window_frame_units window_frame_extent opt_window_frame_exclusion */ -#line 12621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->win_frame= @@ -45151,23 +45265,23 @@ if (unlikely(lex->win_frame == NULL)) MYSQL_YYABORT; } -#line 45155 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1936: /* window_frame_units: ROWS_SYM */ -#line 12634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_units)= Window_frame::UNITS_ROWS; } -#line 45161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1937: /* window_frame_units: RANGE_SYM */ -#line 12635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12641 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_units)= Window_frame::UNITS_RANGE; } -#line 45167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1938: /* window_frame_extent: window_frame_start */ -#line 12640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12646 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->frame_top_bound= (yyvsp[0].window_frame_bound); @@ -45177,235 +45291,236 @@ if (unlikely(lex->frame_bottom_bound == NULL)) MYSQL_YYABORT; } -#line 45181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1939: /* window_frame_extent: BETWEEN_SYM window_frame_bound AND_SYM window_frame_bound */ -#line 12650 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12656 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->frame_top_bound= (yyvsp[-2].window_frame_bound); lex->frame_bottom_bound= (yyvsp[0].window_frame_bound); } -#line 45191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1940: /* window_frame_start: UNBOUNDED_SYM PRECEDING_SYM */ -#line 12659 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::PRECEDING, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 45202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1941: /* window_frame_start: CURRENT_SYM ROW_SYM */ -#line 12666 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::CURRENT, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 45213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1942: /* window_frame_start: literal PRECEDING_SYM */ -#line 12673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::PRECEDING, (yyvsp[-1].item)); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 45224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1943: /* window_frame_bound: window_frame_start */ -#line 12682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12688 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= (yyvsp[0].window_frame_bound); } -#line 45230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1944: /* window_frame_bound: UNBOUNDED_SYM FOLLOWING_SYM */ -#line 12684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::FOLLOWING, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 45241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1945: /* window_frame_bound: literal FOLLOWING_SYM */ -#line 12691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::FOLLOWING, (yyvsp[-1].item)); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 45252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1946: /* opt_window_frame_exclusion: %empty */ -#line 12700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12706 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 45258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1947: /* opt_window_frame_exclusion: EXCLUDE_SYM CURRENT_SYM ROW_SYM */ -#line 12702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_CURRENT_ROW; } -#line 45264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1948: /* opt_window_frame_exclusion: EXCLUDE_SYM GROUP_SYM */ -#line 12704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_GROUP; } -#line 45270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1949: /* opt_window_frame_exclusion: EXCLUDE_SYM TIES_SYM */ -#line 12706 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_TIES; } -#line 45276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1950: /* opt_window_frame_exclusion: EXCLUDE_SYM NO_SYM OTHERS_MARIADB_SYM */ -#line 12708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 45282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1951: /* opt_window_frame_exclusion: EXCLUDE_SYM NO_SYM OTHERS_ORACLE_SYM */ -#line 12710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 45288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1955: /* alter_order_item: simple_ident_nospvar order_dir */ -#line 12728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { bool ascending= ((yyvsp[0].num) == 1) ? true : false; if (unlikely(add_order_to_list(thd, (yyvsp[-1].item), ascending))) MYSQL_YYABORT; } -#line 45298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1956: /* opt_order_clause: %empty */ -#line 12741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= NULL; } -#line 45304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1957: /* opt_order_clause: order_clause */ -#line 12743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[0].select_order); } -#line 45310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1958: /* $@171: %empty */ -#line 12748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->where= THD_WHERE::ORDER_CLAUSE; + thd->lex->clause_winfuncs.empty(); } -#line 45318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1959: /* order_clause: ORDER_SYM BY $@171 order_list */ -#line 12752 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[0].select_order); } -#line 45326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1960: /* order_list: order_list ',' order_ident order_dir */ -#line 12759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[-3].select_order); if (add_to_list(thd, *(yyval.select_order), (yyvsp[-1].item),(bool) (yyvsp[0].num))) MYSQL_YYABORT; } -#line 45336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1961: /* order_list: order_ident order_dir */ -#line 12765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12772 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= new (thd->mem_root) SQL_I_List(); if (add_to_list(thd, *(yyval.select_order), (yyvsp[-1].item), (bool) (yyvsp[0].num))) MYSQL_YYABORT; } -#line 45346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1962: /* order_dir: %empty */ -#line 12773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 45352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1963: /* order_dir: ASC */ -#line 12774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 45358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1964: /* order_dir: DESC */ -#line 12775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 45364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1965: /* opt_limit_clause: %empty */ -#line 12781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).clear(); } -#line 45370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1966: /* opt_limit_clause: limit_clause */ -#line 12783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); } -#line 45376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1967: /* limit_clause: LIMIT limit_options */ -#line 12788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); if (!(yyval.select_limit).select_limit->basic_const_item() || (yyval.select_limit).select_limit->val_int() > 0) Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 45387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1968: /* limit_clause: LIMIT limit_options ROWS_SYM EXAMINED_SYM limit_rows_option */ -#line 12796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[-3].select_limit); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 45396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45511 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1969: /* limit_clause: LIMIT ROWS_SYM EXAMINED_SYM limit_rows_option */ -#line 12801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12808 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).clear(); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 45405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1970: /* limit_clause: fetch_first_clause */ -#line 12806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12813 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); if (!(yyval.select_limit).select_limit || @@ -45413,11 +45528,11 @@ (yyval.select_limit).select_limit->val_int() > 0) Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 45417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1971: /* fetch_first_clause: FETCH_SYM first_or_next row_or_rows only_or_with_ties */ -#line 12817 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *one= new (thd->mem_root) Item_int(thd, (int32) 1); if (unlikely(one == NULL)) @@ -45427,11 +45542,11 @@ (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 45431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1972: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows FETCH_SYM first_or_next row_or_rows only_or_with_ties */ -#line 12828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12835 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *one= new (thd->mem_root) Item_int(thd, (int32) 1); if (unlikely(one == NULL)) @@ -45441,211 +45556,211 @@ (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 45445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1973: /* fetch_first_clause: FETCH_SYM first_or_next limit_option row_or_rows only_or_with_ties */ -#line 12838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= 0; (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 45456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1974: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows FETCH_SYM first_or_next limit_option row_or_rows only_or_with_ties */ -#line 12846 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= (yyvsp[-6].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 45467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1975: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows */ -#line 12853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= 0; (yyval.select_limit).offset_limit= (yyvsp[-1].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 45478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1980: /* only_or_with_ties: ONLY_SYM */ -#line 12872 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 45484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1981: /* only_or_with_ties: WITH TIES_SYM */ -#line 12873 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12880 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 45490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1982: /* opt_global_limit_clause: opt_limit_clause */ -#line 12879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->limit_params= (yyvsp[0].select_limit); } -#line 45498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1983: /* limit_options: limit_option */ -#line 12886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[0].item); (yyval.select_limit).offset_limit= NULL; (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 45509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1984: /* limit_options: limit_option ',' limit_option */ -#line 12893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12900 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[0].item); (yyval.select_limit).offset_limit= (yyvsp[-2].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 45520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1985: /* limit_options: limit_option OFFSET_SYM limit_option */ -#line 12900 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= (yyvsp[0].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 45531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1986: /* limit_option: ident_cli */ -#line 12910 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12917 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_limit(thd, &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 45540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1987: /* limit_option: ident_cli '.' ident_cli */ -#line 12915 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12922 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_limit(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 45549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1988: /* limit_option: param_marker */ -#line 12920 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12927 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item_param)->limit_clause_param= TRUE; } -#line 45557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1989: /* limit_option: ULONGLONG_NUM */ -#line 12924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 45567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1990: /* limit_option: LONG_NUM */ -#line 12930 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12937 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 45577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1991: /* limit_option: NUM */ -#line 12936 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12943 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 45587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1992: /* limit_rows_option: limit_option */ -#line 12945 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->limit_rows_examined= (yyvsp[0].item); } -#line 45595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1993: /* delete_limit_clause: %empty */ -#line 12952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->current_select->limit_params.select_limit= 0; } -#line 45604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45719 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1994: /* delete_limit_clause: LIMIT limit_option */ -#line 12957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->limit_params.select_limit= (yyvsp[0].item); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); sel->limit_params.explicit_limit= 1; } -#line 45615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1995: /* delete_limit_clause: LIMIT ROWS_SYM EXAMINED_SYM */ -#line 12963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(); MYSQL_YYABORT; } -#line 45621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1996: /* delete_limit_clause: LIMIT limit_option ROWS_SYM EXAMINED_SYM */ -#line 12964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(); MYSQL_YYABORT; } -#line 45627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1997: /* order_limit_lock: order_or_limit */ -#line 12969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); (yyval.order_limit_lock)->lock.empty(); } -#line 45636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1998: /* order_limit_lock: order_or_limit select_lock_type */ -#line 12974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[-1].order_limit_lock); (yyval.order_limit_lock)->lock= (yyvsp[0].select_lock); } -#line 45645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 1999: /* order_limit_lock: select_lock_type */ -#line 12979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -45654,68 +45769,68 @@ (yyval.order_limit_lock)->limit.clear(); (yyval.order_limit_lock)->lock= (yyvsp[0].select_lock); } -#line 45658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2000: /* opt_order_limit_lock: %empty */ -#line 12991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); (yyval.order_limit_lock)= NULL; } -#line 45667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2001: /* opt_order_limit_lock: order_limit_lock */ -#line 12995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); } -#line 45673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2004: /* opt_procedure_or_into: %empty */ -#line 13008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock).empty(); } -#line 45681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2005: /* opt_procedure_or_into: procedure_clause opt_select_lock_type */ -#line 13012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock)= (yyvsp[0].select_lock); } -#line 45689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2006: /* opt_procedure_or_into: into opt_select_lock_type */ -#line 13016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock)= (yyvsp[0].select_lock); status_var_increment(thd->status_var.feature_into_outfile); } -#line 45698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2007: /* opt_order_or_limit: %empty */ -#line 13024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13031 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= NULL; } -#line 45706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2008: /* opt_order_or_limit: order_or_limit */ -#line 13029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].order_limit_lock)->lock.empty(); (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); } -#line 45715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2009: /* order_or_limit: order_clause opt_limit_clause */ -#line 13037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -45723,11 +45838,11 @@ (yyval.order_limit_lock)->order_list= (yyvsp[-1].select_order); (yyval.order_limit_lock)->limit= (yyvsp[0].select_limit); } -#line 45727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2010: /* order_or_limit: limit_clause */ -#line 13045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13052 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -45735,125 +45850,125 @@ (yyval.order_limit_lock)->order_list= NULL; (yyval.order_limit_lock)->limit= (yyvsp[0].select_limit); } -#line 45739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2013: /* int_num: opt_plus NUM */ -#line 13061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.num)= (int) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2014: /* int_num: '-' NUM */ -#line 13062 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.num)= -(int) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2015: /* ulong_num: opt_plus NUM */ -#line 13066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2016: /* ulong_num: HEX_NUM */ -#line 13067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= strtoul((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 45763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2017: /* ulong_num: opt_plus LONG_NUM */ -#line 13068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2018: /* ulong_num: opt_plus ULONGLONG_NUM */ -#line 13069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2019: /* ulong_num: opt_plus DECIMAL_NUM */ -#line 13070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2020: /* ulong_num: opt_plus FLOAT_NUM */ -#line 13071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2021: /* real_ulong_num: NUM */ -#line 13075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45793 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2022: /* real_ulong_num: HEX_NUM */ -#line 13076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (ulong) strtol((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 45799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2023: /* real_ulong_num: LONG_NUM */ -#line 13077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2024: /* real_ulong_num: ULONGLONG_NUM */ -#line 13078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2025: /* real_ulong_num: dec_num_error */ -#line 13079 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT; } -#line 45817 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2026: /* sequence_value_num: opt_plus NUM */ -#line 13088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= (longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2027: /* sequence_value_num: opt_plus LONG_NUM */ -#line 13093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= (longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2028: /* sequence_value_num: '-' NUM */ -#line 13098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= -(longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2029: /* sequence_value_num: '-' LONG_NUM */ -#line 13103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= -(longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2030: /* sequence_value_num: '-' ULONGLONG_NUM */ -#line 13108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; const ulonglong abs= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); @@ -45862,238 +45977,250 @@ else thd->parse_error(ER_DATA_OUT_OF_RANGE); } -#line 45866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2031: /* sequence_value_hybrid_num: opt_plus NUM */ -#line 13124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 45991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2032: /* sequence_value_hybrid_num: opt_plus LONG_NUM */ -#line 13130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2033: /* sequence_value_hybrid_num: opt_plus ULONGLONG_NUM */ -#line 13136 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13143 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - true); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= true; } -#line 45896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2034: /* sequence_value_hybrid_num: '-' NUM */ -#line 13142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13149 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2035: /* sequence_value_hybrid_num: '-' LONG_NUM */ -#line 13148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2036: /* sequence_value_hybrid_num: '-' ULONGLONG_NUM */ -#line 13154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13161 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; const ulonglong abs= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); if (abs == 1 + (ulonglong) LONGLONG_MAX) - (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } else thd->parse_error(ER_DATA_OUT_OF_RANGE); } -#line 45929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2037: /* sequence_truncated_value_hybrid_num: opt_plus NUM */ -#line 13170 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13180 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2038: /* sequence_truncated_value_hybrid_num: opt_plus LONG_NUM */ -#line 13176 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2039: /* sequence_truncated_value_hybrid_num: opt_plus ULONGLONG_NUM */ -#line 13182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13192 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - true); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= true; } -#line 45959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2040: /* sequence_truncated_value_hybrid_num: opt_plus DECIMAL_NUM */ -#line 13187 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(ULONGLONG_MAX, true); } -#line 45965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 13198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= ULONGLONG_MAX; + (yyval.longlong_hybrid_number).is_unsigned= true; + } +#line 46086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2041: /* sequence_truncated_value_hybrid_num: '-' NUM */ -#line 13189 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2042: /* sequence_truncated_value_hybrid_num: '-' LONG_NUM */ -#line 13195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2043: /* sequence_truncated_value_hybrid_num: '-' ULONGLONG_NUM */ -#line 13200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); } -#line 45991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 13215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } +#line 46115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2044: /* sequence_truncated_value_hybrid_num: '-' DECIMAL_NUM */ -#line 13201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); } -#line 45997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 13220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } +#line 46124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2045: /* ulonglong_num: opt_plus NUM */ -#line 13205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2046: /* ulonglong_num: opt_plus ULONGLONG_NUM */ -#line 13206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2047: /* ulonglong_num: opt_plus LONG_NUM */ -#line 13207 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2048: /* ulonglong_num: opt_plus DECIMAL_NUM */ -#line 13208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2049: /* ulonglong_num: opt_plus FLOAT_NUM */ -#line 13209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2050: /* real_ulonglong_num: NUM */ -#line 13213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2051: /* real_ulonglong_num: ULONGLONG_NUM */ -#line 13214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2052: /* real_ulonglong_num: HEX_NUM */ -#line 13215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulonglong_number)= strtoull((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 46045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2053: /* real_ulonglong_num: LONG_NUM */ -#line 13216 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 46051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2054: /* real_ulonglong_num: dec_num_error */ -#line 13217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT; } -#line 46057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2055: /* dec_num_error: dec_num */ -#line 13222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(ER_ONLY_INTEGERS_ALLOWED); } -#line 46063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2058: /* choice: ulong_num */ -#line 13231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.choice)= (yyvsp[0].ulong_num) != 0 ? HA_CHOICE_YES : HA_CHOICE_NO; } -#line 46069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2059: /* choice: DEFAULT */ -#line 13232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.choice)= HA_CHOICE_UNDEF; } -#line 46075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2060: /* bool: ulong_num */ -#line 13236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num) != 0; } -#line 46081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2061: /* bool: TRUE_SYM */ -#line 13237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1; } -#line 46087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2062: /* bool: FALSE_SYM */ -#line 13238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 46093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2063: /* $@172: %empty */ -#line 13243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; @@ -46117,43 +46244,43 @@ Lex->clause_that_disallows_subselect= "PROCEDURE"; Select->options|= OPTION_PROCEDURE_CLAUSE; } -#line 46121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2064: /* procedure_clause: PROCEDURE_SYM ident $@172 '(' procedure_list ')' */ -#line 13267 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13289 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Subqueries are allowed from now.*/ Lex->clause_that_disallows_subselect= NULL; } -#line 46130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2065: /* procedure_list: %empty */ -#line 13274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13296 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2066: /* procedure_list: procedure_list2 */ -#line 13275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2069: /* procedure_item: remember_name expr remember_end */ -#line 13285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_proc_to_list(thd, (yyvsp[-1].item)))) MYSQL_YYABORT; if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 46153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2070: /* $@173: %empty */ -#line 13294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (!lex->describe && @@ -46161,23 +46288,23 @@ select_dumpvar(thd))))) MYSQL_YYABORT; } -#line 46165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2071: /* select_var_list_init: $@173 select_var_list */ -#line 13302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2073: /* select_var_list: select_var_ident */ -#line 13307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2074: /* select_var_ident: select_outvar */ -#line 13311 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->result) { @@ -46194,11 +46321,11 @@ DBUG_ASSERT(Lex->describe); } } -#line 46198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2075: /* select_outvar: '@' ident_or_text */ -#line 13331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13353 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -46208,35 +46335,35 @@ (yyval.myvar) = Lex->result ? new (thd->mem_root) my_var_user(&(yyvsp[0].lex_str)) : NULL; } -#line 46212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2076: /* select_outvar: ident_or_text */ -#line 13341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.myvar)= Lex->create_outvar(thd, &(yyvsp[0].lex_str))) && Lex->result)) MYSQL_YYABORT; } -#line 46221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2077: /* select_outvar: ident '.' ident */ -#line 13346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.myvar)= Lex->create_outvar(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))) && Lex->result)) MYSQL_YYABORT; } -#line 46230 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2078: /* into: INTO into_destination */ -#line 13354 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13376 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2079: /* $@174: %empty */ -#line 13359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->uncacheable(UNCACHEABLE_SIDEEFFECT); @@ -46248,17 +46375,17 @@ MYSQL_YYABORT; status_var_increment(thd->status_var.feature_into_outfile); } -#line 46252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2080: /* $@175: %empty */ -#line 13371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->cs= (yyvsp[0].charset); } -#line 46258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2082: /* into_destination: DUMPFILE TEXT_STRING_filesystem */ -#line 13374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (!lex->describe) @@ -46273,20 +46400,20 @@ MYSQL_YYABORT; } } -#line 46277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2083: /* into_destination: select_var_list_init */ -#line 13389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13411 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->uncacheable(UNCACHEABLE_SIDEEFFECT); status_var_increment(thd->status_var.feature_into_variable); } -#line 46286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2084: /* $@176: %empty */ -#line 13401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command = SQLCOM_DO; @@ -46294,48 +46421,48 @@ MYSQL_YYABORT; lex->init_select(); } -#line 46298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2085: /* do: DO_SYM $@176 expr_list */ -#line 13409 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->insert_list= (yyvsp[0].item_list); Lex->pop_select(); //main select if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 46309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2086: /* $@177: %empty */ -#line 13423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_command(SQLCOM_DROP_TABLE, (yyvsp[-2].num), (yyvsp[0].object_ddl_options)); YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 46320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2087: /* drop: DROP opt_temporary table_or_tables opt_if_exists $@177 table_list opt_lock_wait_timeout opt_restrict */ -#line 13430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2088: /* $@178: %empty */ -#line 13432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 46335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2089: /* drop: DROP INDEX_SYM $@178 opt_if_exists_table_element ident ON table_ident opt_lock_wait_timeout */ -#line 13437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Alter_drop *ad= (new (thd->mem_root) @@ -46353,82 +46480,82 @@ MYSQL_YYABORT; Lex->pop_select(); //main select } -#line 46357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2090: /* drop: DROP DATABASE opt_if_exists ident */ -#line 13455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_command(SQLCOM_DROP_DB, (yyvsp[-1].object_ddl_options)); lex->name= (yyvsp[0].ident_sys); } -#line 46367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2091: /* drop: DROP USER_SYM opt_if_exists clear_privileges user_list */ -#line 13461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_USER, (yyvsp[-2].object_ddl_options)); } -#line 46375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2092: /* drop: DROP ROLE_SYM opt_if_exists clear_privileges role_list */ -#line 13465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13487 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_ROLE, (yyvsp[-2].object_ddl_options)); } -#line 46383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2093: /* $@179: %empty */ -#line 13469 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_VIEW, (yyvsp[0].object_ddl_options)); YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 46394 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2094: /* drop: DROP VIEW_SYM opt_if_exists $@179 table_list opt_restrict */ -#line 13476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2095: /* drop: DROP EVENT_SYM opt_if_exists sp_name */ -#line 13478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->spname= (yyvsp[0].spname); Lex->set_command(SQLCOM_DROP_EVENT, (yyvsp[-1].object_ddl_options)); } -#line 46409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2096: /* drop: DROP TRIGGER_SYM opt_if_exists sp_name */ -#line 13483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13505 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_TRIGGER, (yyvsp[-1].object_ddl_options)); lex->spname= (yyvsp[0].spname); } -#line 46419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2097: /* drop: DROP SERVER_SYM opt_if_exists ident_or_text */ -#line 13489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_SERVER, (yyvsp[-1].object_ddl_options)); Lex->server_options.reset((yyvsp[0].lex_str)); } -#line 46428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2098: /* $@180: %empty */ -#line 13495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_SEQUENCE, (yyvsp[-2].num), (yyvsp[0].object_ddl_options)); @@ -46436,17 +46563,17 @@ YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 46440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2099: /* drop: DROP opt_temporary SEQUENCE_SYM opt_if_exists $@180 table_list */ -#line 13503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46573 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2103: /* table_name: table_ident */ -#line 13514 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!thd->lex->current_select_or_default()-> add_table_to_list(thd, (yyvsp[0].table), NULL, @@ -46455,11 +46582,11 @@ YYPS->m_mdl_type)) MYSQL_YYABORT; } -#line 46459 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2104: /* table_name_with_opt_use_partition: table_ident opt_use_partition */ -#line 13526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select->add_table_to_list(thd, (yyvsp[-1].table), NULL, TL_OPTION_UPDATING, @@ -46469,11 +46596,11 @@ (yyvsp[0].string_list)))) MYSQL_YYABORT; } -#line 46473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2107: /* table_alias_ref: table_ident_opt_wild */ -#line 13544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select-> add_table_to_list(thd, (yyvsp[0].table), NULL, @@ -46483,113 +46610,113 @@ YYPS->m_mdl_type))) MYSQL_YYABORT; } -#line 46487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2108: /* opt_if_exists_table_element: %empty */ -#line 13557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_exists= FALSE; (yyval.num)= 0; } -#line 46496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2109: /* opt_if_exists_table_element: IF_SYM EXISTS */ -#line 13562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_exists= TRUE; (yyval.num)= 1; } -#line 46505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2110: /* opt_if_exists: %empty */ -#line 13570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13592 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.object_ddl_options).set(DDL_options_st::OPT_NONE); } -#line 46513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2111: /* opt_if_exists: IF_SYM EXISTS */ -#line 13574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.object_ddl_options).set(DDL_options_st::OPT_IF_EXISTS); } -#line 46521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2112: /* opt_temporary: %empty */ -#line 13580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 46527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2113: /* opt_temporary: TEMPORARY */ -#line 13581 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13603 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= HA_LEX_CREATE_TMP_TABLE; } -#line 46533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2114: /* $@181: %empty */ -#line 13589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13611 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_INSERT; Lex->duplicates= DUP_ERROR; thd->get_stmt_da()->opt_clear_warning_info(thd->query_id); thd->get_stmt_da()->reset_current_row_for_warning(1); } -#line 46544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2115: /* $@182: %empty */ -#line 13596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13618 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_lock_for_tables((yyvsp[-3].lock_type), true, false); } -#line 46552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2116: /* insert: INSERT $@181 insert_start insert_lock_option opt_ignore opt_into insert_table $@182 insert_field_spec opt_insert_update opt_returning stmt_end */ -#line 13601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13623 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); thd->get_stmt_da()->reset_current_row_for_warning(0); } -#line 46561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2117: /* $@183: %empty */ -#line 13609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_REPLACE; Lex->duplicates= DUP_REPLACE; thd->get_stmt_da()->opt_clear_warning_info(thd->query_id); thd->get_stmt_da()->reset_current_row_for_warning(1); } -#line 46572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2118: /* $@184: %empty */ -#line 13616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_lock_for_tables((yyvsp[-2].lock_type), true, false); } -#line 46580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46707 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2119: /* replace: REPLACE $@183 insert_start replace_lock_option opt_into insert_table $@184 insert_field_spec opt_returning stmt_end */ -#line 13621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); thd->get_stmt_da()->reset_current_row_for_warning(0); } -#line 46589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2120: /* insert_start: %empty */ -#line 13627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13649 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; @@ -46597,21 +46724,21 @@ Lex->inc_select_stack_outer_barrier(); Lex->current_select->parsing_place= BEFORE_OPT_LIST; } -#line 46601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2121: /* stmt_end: %empty */ -#line 13636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); //main select if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 46611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2122: /* insert_lock_option: %empty */ -#line 13645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* If it is SP we do not allow insert optimisation when result of @@ -46620,70 +46747,70 @@ */ (yyval.lock_type)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 46624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2124: /* insert_lock_option: HIGH_PRIORITY */ -#line 13654 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE; } -#line 46630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2125: /* replace_lock_option: %empty */ -#line 13658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 46636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2127: /* insert_replace_option: LOW_PRIORITY */ -#line 13663 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 46642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2128: /* insert_replace_option: DELAYED_SYM */ -#line 13665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->keyword_delayed_begin_offset= (uint)((yyvsp[0].kwd).pos() - thd->query()); Lex->keyword_delayed_end_offset= (uint)((yyvsp[0].kwd).end() - thd->query()); (yyval.lock_type)= TL_WRITE_DELAYED; } -#line 46652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2131: /* $@185: %empty */ -#line 13675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->save_parsing_place= Select->parsing_place; } -#line 46660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2132: /* insert_table: $@185 table_name_with_opt_use_partition */ -#line 13679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13701 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; //lex->field_list.empty(); lex->many_values.empty(); lex->insert_list=0; } -#line 46671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2133: /* insert_field_spec: insert_values */ -#line 13688 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2134: /* insert_field_spec: insert_field_list insert_values */ -#line 13689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13711 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2135: /* $@186: %empty */ -#line 13691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(!(lex->insert_list= new (thd->mem_root) List_item)) || @@ -46692,105 +46819,105 @@ MYSQL_YYABORT; lex->current_select->parsing_place= NO_MATTER; } -#line 46696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2137: /* insert_field_list: LEFT_PAREN_ALT opt_fields ')' */ -#line 13704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->current_select->parsing_place= AFTER_LIST; } -#line 46704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2140: /* fields: fields ',' insert_ident */ -#line 13716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 46710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2141: /* fields: insert_ident */ -#line 13717 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 46716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2142: /* insert_values: create_select_query_expression */ -#line 13723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2147: /* ident_eq_value: simple_ident_nospvar equal expr_or_ignore_or_default */ -#line 13738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(lex->field_list.push_back((yyvsp[-2].item), thd->mem_root)) || unlikely(lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 46733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2148: /* equal: '=' */ -#line 13747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2149: /* equal: SET_VAR */ -#line 13748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2150: /* opt_equal: %empty */ -#line 13752 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2151: /* opt_equal: equal */ -#line 13753 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2152: /* opt_with: opt_equal */ -#line 13757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2153: /* opt_with: WITH */ -#line 13758 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2154: /* opt_by: opt_equal */ -#line 13762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2155: /* opt_by: BY */ -#line 13763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2156: /* $@187: %empty */ -#line 13768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!(Lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 46790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2157: /* no_braces: '(' $@187 opt_values ')' */ -#line 13773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; thd->get_stmt_da()->inc_current_row_for_warning(); @@ -46798,20 +46925,20 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 46802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2158: /* $@188: %empty */ -#line 13784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!(Lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 46811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2159: /* no_braces_with_names: '(' $@188 opt_values_with_names ')' */ -#line 13789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; thd->get_stmt_da()->inc_current_row_for_warning(); @@ -46819,41 +46946,41 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 46823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2160: /* opt_values: %empty */ -#line 13799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2162: /* opt_values_with_names: %empty */ -#line 13804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13826 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2164: /* values: values ',' expr_or_ignore_or_default */ -#line 13810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 46844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2165: /* values: expr_or_ignore_or_default */ -#line 13815 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 46853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2166: /* values_with_names: values_with_names ',' remember_name expr_or_ignore_or_default remember_end */ -#line 13823 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[-1].item), thd->mem_root))) MYSQL_YYABORT; @@ -46861,11 +46988,11 @@ if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 46865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 46992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2167: /* values_with_names: remember_name expr_or_ignore_or_default remember_end */ -#line 13831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[-1].item), thd->mem_root))) MYSQL_YYABORT; @@ -46873,66 +47000,66 @@ if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 46877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2168: /* expr_or_ignore: expr */ -#line 13841 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item);} -#line 46883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2169: /* expr_or_ignore: IGNORE_SYM */ -#line 13843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_ignore_specification(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 46893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2170: /* expr_or_ignore_or_default: expr_or_ignore */ -#line 13851 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13873 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item);} -#line 46899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2171: /* expr_or_ignore_or_default: DEFAULT */ -#line 13853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13875 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_default_specification(thd); Lex->default_used= TRUE; if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 46910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2173: /* $@189: %empty */ -#line 13863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates= DUP_UPDATE; } -#line 46916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2174: /* $@190: %empty */ -#line 13865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_UPDATE_ON_DUP_KEY; } -#line 46924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2175: /* opt_insert_update: ON DUPLICATE_SYM $@189 KEY_SYM UPDATE_SYM $@190 insert_update_list */ -#line 13869 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; } -#line 46932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2176: /* update_table_list: table_ident opt_use_partition for_portion_of_time_clause opt_table_alias_clause opt_key_definition */ -#line 13877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->add_table_to_list(thd, (yyvsp[-4].table), (yyvsp[-1].lex_str_ptr), 0, @@ -46943,17 +47070,17 @@ MYSQL_YYABORT; (yyval.table_list)->period_conditions= Lex->period_conditions; } -#line 46947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2177: /* update_table_list: join_table_list */ -#line 13887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 46953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2178: /* $@191: %empty */ -#line 13894 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13916 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (Lex->main_select_push()) @@ -46962,11 +47089,11 @@ lex->sql_command= SQLCOM_UPDATE; lex->duplicates= DUP_ERROR; } -#line 46966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2179: /* $@192: %empty */ -#line 13904 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { bool is_multiupdate= false; LEX *lex= Lex; @@ -46993,26 +47120,26 @@ */ slex->set_lock_for_tables((yyvsp[-4].lock_type), slex->table_list.elements == 1, false); } -#line 46997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2180: /* $@193: %empty */ -#line 13931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[-1].select_order)) Select->order_list= *((yyvsp[-1].select_order)); } -#line 47006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2181: /* update: UPDATE_SYM $@191 opt_low_priority opt_ignore update_table_list SET update_list $@192 opt_where_clause opt_order_clause delete_limit_clause $@193 stmt_end */ -#line 13934 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2184: /* update_elem: simple_ident_nospvar equal DEFAULT */ -#line 13944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *def= new (thd->mem_root) Item_default_value(thd, Lex->current_context(), (yyvsp[-2].item), 1); @@ -47020,43 +47147,43 @@ if (!def || add_item_to_list(thd, (yyvsp[-2].item)) || add_value_to_list(thd, def)) MYSQL_YYABORT; } -#line 47024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2185: /* update_elem: simple_ident_nospvar equal expr_or_ignore */ -#line 13952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (add_item_to_list(thd, (yyvsp[-2].item)) || add_value_to_list(thd, (yyvsp[0].item))) MYSQL_YYABORT; } -#line 47033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2188: /* insert_update_elem: simple_ident_nospvar equal expr_or_ignore_or_default */ -#line 13965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->update_list.push_back((yyvsp[-2].item), thd->mem_root)) || unlikely(lex->value_list.push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 47044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2189: /* opt_low_priority: %empty */ -#line 13974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 47050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2190: /* opt_low_priority: LOW_PRIORITY */ -#line 13975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 47056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2191: /* $@194: %empty */ -#line 13982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; YYPS->m_lock_type= TL_WRITE_DEFAULT; @@ -47067,42 +47194,42 @@ lex->ignore= 0; lex->first_select_lex()->order_list.empty(); } -#line 47071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2192: /* delete: DELETE_SYM $@194 delete_part2 */ -#line 13993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 47080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2193: /* opt_delete_system_time: %empty */ -#line 14001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->vers_conditions.init(SYSTEM_TIME_HISTORY); } -#line 47088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2194: /* opt_delete_system_time: BEFORE_SYM SYSTEM_TIME_SYM history_point */ -#line 14005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14027 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->vers_conditions.init(SYSTEM_TIME_BEFORE, (yyvsp[0].vers_history_point)); } -#line 47096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2195: /* delete_part2: opt_delete_options single_multi */ -#line 14011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14033 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2196: /* $@195: %empty */ -#line 14013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->last_table()->vers_conditions= lex->vers_conditions; @@ -47113,17 +47240,17 @@ if (lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 47117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2197: /* delete_part2: HISTORY_SYM delete_single_table opt_delete_system_time $@195 stmt_end */ -#line 14024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2198: /* delete_single_table: FROM table_ident opt_table_alias_clause opt_key_definition opt_use_partition */ -#line 14029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select-> add_table_to_list(thd, (yyvsp[-3].table), (yyvsp[-2].lex_str_ptr), TL_OPTION_UPDATING, @@ -47150,20 +47277,20 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 47154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2199: /* delete_single_table_for_period: delete_single_table opt_for_portion_of_time_clause */ -#line 14059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14081 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[0].num)) Lex->last_table()->period_conditions= Lex->period_conditions; } -#line 47163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2200: /* $@196: %empty */ -#line 14071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if ((yyvsp[-2].select_order)) @@ -47175,17 +47302,17 @@ if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 47179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2201: /* single_multi: delete_single_table_for_period opt_where_clause opt_order_clause delete_limit_clause opt_returning $@196 stmt_end */ -#line 14082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2202: /* $@197: %empty */ -#line 14084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_DELETE_MULTI; @@ -47196,11 +47323,11 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 47200 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2203: /* $@198: %empty */ -#line 14095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(multi_delete_set_locks_and_link_aux_tables(Lex))) MYSQL_YYABORT; @@ -47210,17 +47337,17 @@ (yyvsp[0].order_limit_lock)->set_to(Lex->select_stack_head()); } } -#line 47214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2204: /* single_multi: table_alias_ref_list $@197 FROM join_table_list opt_where_clause opt_order_or_limit $@198 stmt_end */ -#line 14103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2205: /* $@199: %empty */ -#line 14105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_DELETE_MULTI; @@ -47231,11 +47358,11 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 47235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2206: /* $@200: %empty */ -#line 14116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(multi_delete_set_locks_and_link_aux_tables(Lex))) MYSQL_YYABORT; @@ -47245,25 +47372,25 @@ (yyvsp[0].order_limit_lock)->set_to(Lex->select_stack_head()); } } -#line 47249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2207: /* single_multi: FROM table_alias_ref_list $@199 USING join_table_list opt_where_clause opt_order_or_limit $@200 stmt_end */ -#line 14124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2208: /* opt_returning: %empty */ -#line 14129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(!Lex->has_returning()); } -#line 47263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2209: /* $@201: %empty */ -#line 14133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(!Lex->has_returning()); /* @@ -47290,62 +47417,62 @@ thd->lex->push_context(&thd->lex->returning()->context); thd->lex->has_returning_list= true; } -#line 47294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2210: /* opt_returning: RETURNING_SYM $@201 select_item_list */ -#line 14160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->lex->pop_context(); thd->lex->current_select->parsing_place= NO_MATTER; } -#line 47303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2211: /* opt_wild: %empty */ -#line 14167 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14189 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2212: /* opt_wild: '.' '*' */ -#line 14168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14190 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2213: /* opt_delete_options: %empty */ -#line 14172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2214: /* opt_delete_options: opt_delete_option opt_delete_options */ -#line 14173 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2215: /* opt_delete_option: QUICK */ -#line 14177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_QUICK; } -#line 47333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2216: /* opt_delete_option: LOW_PRIORITY */ -#line 14178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYPS->m_lock_type= TL_WRITE_LOW_PRIORITY; } -#line 47339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2217: /* opt_delete_option: IGNORE_SYM */ -#line 14179 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1; } -#line 47345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2218: /* $@202: %empty */ -#line 14184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX* lex= Lex; lex->sql_command= SQLCOM_TRUNCATE; @@ -47356,11 +47483,11 @@ YYPS->m_lock_type= TL_WRITE; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 47360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2219: /* $@203: %empty */ -#line 14195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX* lex= thd->lex; DBUG_ASSERT(!lex->m_sql_cmd); @@ -47368,105 +47495,105 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 47372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47499 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2220: /* truncate: TRUNCATE_SYM $@202 opt_table_sym table_name opt_lock_wait_timeout $@203 opt_truncate_table_storage_clause */ -#line 14202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 47378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2227: /* profile_def: CPU_SYM */ -#line 14220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_CPU; } -#line 47386 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2228: /* profile_def: MEMORY_SYM */ -#line 14224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14246 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_MEMORY; } -#line 47394 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2229: /* profile_def: BLOCK_SYM IO_SYM */ -#line 14228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_BLOCK_IO; } -#line 47402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2230: /* profile_def: CONTEXT_SYM SWITCHES_SYM */ -#line 14232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_CONTEXT; } -#line 47410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2231: /* profile_def: PAGE_SYM FAULTS_SYM */ -#line 14236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_PAGE_FAULTS; } -#line 47418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2232: /* profile_def: IPC_SYM */ -#line 14240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_IPC; } -#line 47426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2233: /* profile_def: SWAPS_SYM */ -#line 14244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_SWAPS; } -#line 47434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2234: /* profile_def: SOURCE_SYM */ -#line 14248 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_SOURCE; } -#line 47442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2235: /* profile_def: ALL */ -#line 14252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_ALL; } -#line 47450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2236: /* opt_profile_args: %empty */ -#line 14259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_query_id= 0; } -#line 47458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2237: /* opt_profile_args: FOR_SYM QUERY_SYM NUM */ -#line 14263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_query_id= atoi((yyvsp[0].lex_str).str); } -#line 47466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2238: /* $@204: %empty */ -#line 14272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->wild=0; @@ -47477,31 +47604,31 @@ lex->current_select->parsing_place= SELECT_LIST; lex->create_info.init(); } -#line 47481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2239: /* show: SHOW $@204 show_param */ -#line 14283 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; Lex->pop_select(); //main select } -#line 47490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2240: /* show_param: DATABASES wild_and_where */ -#line 14291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_DATABASES; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SCHEMATA))) MYSQL_YYABORT; } -#line 47501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2241: /* show_param: opt_full TABLES opt_db wild_and_where */ -#line 14298 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TABLES; @@ -47509,11 +47636,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TABLE_NAMES)) MYSQL_YYABORT; } -#line 47513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2242: /* show_param: opt_full TRIGGERS_SYM opt_db wild_and_where */ -#line 14306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TRIGGERS; @@ -47521,11 +47648,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TRIGGERS)) MYSQL_YYABORT; } -#line 47525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2243: /* show_param: EVENTS_SYM opt_db wild_and_where */ -#line 14314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_EVENTS; @@ -47533,11 +47660,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_EVENTS)) MYSQL_YYABORT; } -#line 47537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2244: /* show_param: TABLE_SYM STATUS_SYM opt_db wild_and_where */ -#line 14322 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14344 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TABLE_STATUS; @@ -47545,11 +47672,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TABLES)) MYSQL_YYABORT; } -#line 47549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2245: /* show_param: OPEN_SYM TABLES opt_db wild_and_where */ -#line 14330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_OPEN_TABLES; @@ -47557,55 +47684,55 @@ if (prepare_schema_table(thd, lex, 0, SCH_OPEN_TABLES)) MYSQL_YYABORT; } -#line 47561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2246: /* show_param: PLUGINS_SYM */ -#line 14338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14360 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PLUGINS))) MYSQL_YYABORT; } -#line 47572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2247: /* show_param: PLUGINS_SYM SONAME_SYM TEXT_STRING_sys */ -#line 14345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= (yyvsp[0].lex_str); Lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, Lex, 0, SCH_ALL_PLUGINS))) MYSQL_YYABORT; } -#line 47583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2248: /* show_param: PLUGINS_SYM SONAME_SYM wild_and_where */ -#line 14352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, Lex, 0, SCH_ALL_PLUGINS))) MYSQL_YYABORT; } -#line 47593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2249: /* show_param: ENGINE_SYM known_storage_engines show_engine_param */ -#line 14358 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.db_type= (yyvsp[-1].db_type); } -#line 47599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2250: /* show_param: ENGINE_SYM ALL show_engine_param */ -#line 14360 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14382 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.db_type= NULL; } -#line 47605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2251: /* show_param: opt_full COLUMNS from_or_in table_ident opt_db wild_and_where */ -#line 14362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_FIELDS; @@ -47614,51 +47741,51 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[-2].table), SCH_COLUMNS))) MYSQL_YYABORT; } -#line 47618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2252: /* show_param: master_or_binary LOGS_SYM */ -#line 14371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOGS; } -#line 47626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2253: /* show_param: SLAVE HOSTS_SYM */ -#line 14375 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14397 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_SLAVE_HOSTS; } -#line 47634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2254: /* $@205: %empty */ -#line 14379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_BINLOG_EVENTS; } -#line 47643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2256: /* $@206: %empty */ -#line 14385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_RELAYLOG_EVENTS; } -#line 47652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2257: /* show_param: RELAYLOG_SYM optional_connection_name EVENTS_SYM binlog_in binlog_from $@206 opt_global_limit_clause optional_for_channel */ -#line 14390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 47658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2258: /* show_param: keys_or_index from_or_in table_ident opt_db opt_where_clause */ -#line 14392 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14414 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_KEYS; @@ -47667,96 +47794,96 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[-2].table), SCH_STATISTICS))) MYSQL_YYABORT; } -#line 47671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2259: /* show_param: opt_storage ENGINES_SYM */ -#line 14401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_STORAGE_ENGINES; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_ENGINES))) MYSQL_YYABORT; } -#line 47682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2260: /* show_param: AUTHORS_SYM */ -#line 14408 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_AUTHORS; } -#line 47691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2261: /* show_param: CONTRIBUTORS_SYM */ -#line 14413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_CONTRIBUTORS; } -#line 47700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2262: /* show_param: PRIVILEGES */ -#line 14418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_PRIVILEGES; } -#line 47709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2263: /* show_param: COUNT_SYM '(' '*' ')' WARNINGS */ -#line 14423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING var= {STRING_WITH_LEN("warning_count")}; (void) create_select_for_variable(thd, &var); } -#line 47718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2264: /* show_param: COUNT_SYM '(' '*' ')' ERRORS */ -#line 14428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING var= {STRING_WITH_LEN("error_count")}; (void) create_select_for_variable(thd, &var); } -#line 47727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2265: /* show_param: WARNINGS opt_global_limit_clause */ -#line 14433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_WARNS;} -#line 47733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2266: /* show_param: ERRORS opt_global_limit_clause */ -#line 14435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_ERRORS;} -#line 47739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2267: /* show_param: PROFILES_SYM */ -#line 14437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_PROFILES; } -#line 47745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2268: /* show_param: PROFILE_SYM opt_profile_defs opt_profile_args opt_global_limit_clause */ -#line 14439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_PROFILE; if (unlikely(prepare_schema_table(thd, lex, NULL, SCH_PROFILES))) MYSQL_YYABORT; } -#line 47756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2269: /* show_param: opt_var_type STATUS_SYM wild_and_where */ -#line 14446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS; @@ -47764,17 +47891,17 @@ if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SESSION_STATUS))) MYSQL_YYABORT; } -#line 47768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2270: /* show_param: opt_full PROCESSLIST_SYM */ -#line 14454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_PROCESSLIST;} -#line 47774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2271: /* show_param: opt_var_type VARIABLES wild_and_where */ -#line 14456 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_VARIABLES; @@ -47782,63 +47909,63 @@ if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SESSION_VARIABLES))) MYSQL_YYABORT; } -#line 47786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2272: /* show_param: charset wild_and_where */ -#line 14464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_CHARSETS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_CHARSETS))) MYSQL_YYABORT; } -#line 47797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2273: /* show_param: COLLATION_SYM wild_and_where */ -#line 14471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_COLLATIONS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_COLLATIONS))) MYSQL_YYABORT; } -#line 47808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2274: /* show_param: GRANTS */ -#line 14478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_GRANTS; if (unlikely(!(Lex->grant_user= thd->calloc(1)))) MYSQL_YYABORT; Lex->grant_user->user= current_user_and_current_role; } -#line 47819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2275: /* show_param: GRANTS FOR_SYM user_or_role clear_privileges */ -#line 14485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14507 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_GRANTS; lex->grant_user=(yyvsp[-1].lex_user); } -#line 47829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2276: /* show_param: CREATE DATABASE opt_if_not_exists ident */ -#line 14491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14513 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_SHOW_CREATE_DB, (yyvsp[-1].object_ddl_options)); Lex->name= (yyvsp[0].ident_sys); } -#line 47838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2277: /* show_param: CREATE TABLE_SYM table_ident */ -#line 14496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -47846,11 +47973,11 @@ MYSQL_YYABORT; lex->create_info.storage_media= HA_SM_DEFAULT; } -#line 47850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2278: /* show_param: CREATE VIEW_SYM table_ident */ -#line 14504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -47858,11 +47985,11 @@ MYSQL_YYABORT; lex->table_type= TABLE_TYPE_VIEW; } -#line 47862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 47989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2279: /* show_param: CREATE SEQUENCE_SYM table_ident */ -#line 14512 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -47870,27 +47997,27 @@ MYSQL_YYABORT; lex->table_type= TABLE_TYPE_SEQUENCE; } -#line 47874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2280: /* show_param: BINLOG_SYM STATUS_SYM */ -#line 14520 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14542 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOG_STAT; } -#line 47882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2281: /* show_param: MASTER_SYM STATUS_SYM */ -#line 14524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOG_STAT; } -#line 47890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2282: /* show_param: ALL SLAVES STATUS_SYM */ -#line 14528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_SLAVE_STAT; @@ -47900,11 +48027,11 @@ MYSQL_YYABORT; #endif } -#line 47904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2283: /* show_param: SLAVE optional_connection_name STATUS_SYM optional_for_channel */ -#line 14538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_SLAVE_STAT; @@ -47914,226 +48041,226 @@ MYSQL_YYABORT; #endif } -#line 47918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2284: /* show_param: CREATE PROCEDURE_SYM sp_name */ -#line 14548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PROC; lex->spname= (yyvsp[0].spname); } -#line 47929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2285: /* show_param: CREATE FUNCTION_SYM sp_name */ -#line 14555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_FUNC; lex->spname= (yyvsp[0].spname); } -#line 47940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2286: /* show_param: CREATE PACKAGE_MARIADB_SYM sp_name */ -#line 14562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE; lex->spname= (yyvsp[0].spname); } -#line 47950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2287: /* show_param: CREATE PACKAGE_ORACLE_SYM sp_name */ -#line 14568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE; lex->spname= (yyvsp[0].spname); } -#line 47960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2288: /* show_param: CREATE PACKAGE_MARIADB_SYM BODY_MARIADB_SYM sp_name */ -#line 14574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE_BODY; lex->spname= (yyvsp[0].spname); } -#line 47970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2289: /* show_param: CREATE PACKAGE_ORACLE_SYM BODY_ORACLE_SYM sp_name */ -#line 14580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE_BODY; lex->spname= (yyvsp[0].spname); } -#line 47980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2290: /* show_param: CREATE SERVER_SYM ident_or_text */ -#line 14586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_SERVER; lex->name= (yyvsp[0].lex_str); } -#line 47990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2291: /* show_param: CREATE TRIGGER_SYM sp_name */ -#line 14592 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_CREATE_TRIGGER; lex->spname= (yyvsp[0].spname); } -#line 48000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2292: /* show_param: CREATE USER_SYM */ -#line 14598 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_CREATE_USER; if (unlikely(!(Lex->grant_user= thd->calloc(1)))) MYSQL_YYABORT; Lex->grant_user->user= current_user; } -#line 48011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2293: /* show_param: CREATE USER_SYM user */ -#line 14605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_CREATE_USER; Lex->grant_user= (yyvsp[0].lex_user); } -#line 48020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2294: /* show_param: PROCEDURE_SYM STATUS_SYM wild_and_where */ -#line 14610 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14632 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PROC; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2295: /* show_param: FUNCTION_SYM STATUS_SYM wild_and_where */ -#line 14617 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14639 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_FUNC; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48042 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2296: /* show_param: PACKAGE_MARIADB_SYM STATUS_SYM wild_and_where */ -#line 14624 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14646 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2297: /* show_param: PACKAGE_ORACLE_SYM STATUS_SYM wild_and_where */ -#line 14631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14653 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2298: /* show_param: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM STATUS_SYM wild_and_where */ -#line 14638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE_BODY; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2299: /* show_param: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM STATUS_SYM wild_and_where */ -#line 14645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE_BODY; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 48086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2300: /* show_param: PROCEDURE_SYM CODE_SYM sp_name */ -#line 14652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PROC_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 48095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2301: /* show_param: FUNCTION_SYM CODE_SYM sp_name */ -#line 14657 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_FUNC_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 48104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2302: /* show_param: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM CODE_SYM sp_name */ -#line 14662 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PACKAGE_BODY_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 48114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2303: /* show_param: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM CODE_SYM sp_name */ -#line 14668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PACKAGE_BODY_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 48124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2304: /* show_param: CREATE EVENT_SYM sp_name */ -#line 14674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->spname= (yyvsp[0].spname); Lex->sql_command = SQLCOM_SHOW_CREATE_EVENT; } -#line 48133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2305: /* show_param: describe_command opt_format_json FOR_SYM expr */ -#line 14683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14705 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_EXPLAIN; if (unlikely(prepare_schema_table(thd, Lex, 0, @@ -48141,11 +48268,11 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 48145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2306: /* show_param: ANALYZE_SYM opt_format_json FOR_SYM expr */ -#line 14691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ANALYZE; if (unlikely(prepare_schema_table(thd, Lex, 0, @@ -48153,11 +48280,11 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 48157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2307: /* show_param: IDENT_sys remember_tok_start wild_and_where */ -#line 14699 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; bool in_plugin; @@ -48176,83 +48303,83 @@ if (unlikely(make_schema_select(thd, Lex->current_select, table))) MYSQL_YYABORT; } -#line 48180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2308: /* show_engine_param: STATUS_SYM */ -#line 14721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_STATUS; } -#line 48186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48313 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2309: /* show_engine_param: MUTEX_SYM */ -#line 14723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_MUTEX; } -#line 48192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2310: /* show_engine_param: LOGS_SYM */ -#line 14725 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_LOGS; } -#line 48198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2315: /* opt_db: %empty */ -#line 14739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 48204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2316: /* opt_db: from_or_in ident */ -#line 14740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 48210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2317: /* opt_full: %empty */ -#line 14744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->verbose=0; } -#line 48216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2318: /* opt_full: FULL */ -#line 14745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->verbose=1; } -#line 48222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2321: /* binlog_in: %empty */ -#line 14754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14776 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.log_file_name = 0; } -#line 48228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2322: /* binlog_in: IN_SYM TEXT_STRING_sys */ -#line 14755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.log_file_name = (yyvsp[0].lex_str).str; } -#line 48234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2323: /* binlog_from: %empty */ -#line 14759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.pos = 4; /* skip magic number */ } -#line 48240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2324: /* binlog_from: FROM ulonglong_num */ -#line 14760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.pos = (yyvsp[0].ulonglong_number); } -#line 48246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2325: /* wild_and_where: %empty */ -#line 14764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.simple_string)= 0; } -#line 48252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2326: /* wild_and_where: LIKE remember_tok_start TEXT_STRING_sys */ -#line 14766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= new (thd->mem_root) String((const char*) (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, @@ -48261,22 +48388,22 @@ MYSQL_YYABORT; (yyval.simple_string)= (yyvsp[-1].simple_string); } -#line 48265 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2327: /* wild_and_where: WHERE remember_tok_start search_condition */ -#line 14775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->where= normalize_cond(thd, (yyvsp[0].item)); if ((yyvsp[0].item)) (yyvsp[0].item)->top_level_item(); (yyval.simple_string)= (yyvsp[-1].simple_string); } -#line 48276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2328: /* $@207: %empty */ -#line 14786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14808 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (lex->main_select_push()) @@ -48289,73 +48416,73 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[0].table), SCH_COLUMNS))) MYSQL_YYABORT; } -#line 48293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2329: /* describe: describe_command table_ident $@207 opt_describe_column */ -#line 14799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; Lex->pop_select(); //main select } -#line 48302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2330: /* $@208: %empty */ -#line 14804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14826 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_NORMAL; } -#line 48308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2331: /* describe: describe_command opt_extended_describe $@208 explainable_command */ -#line 14806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->first_select_lex()->options|= SELECT_DESCRIBE; } -#line 48317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2340: /* analyze_stmt_command: ANALYZE_SYM opt_format_json explainable_command */ -#line 14828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->analyze_stmt= true; } -#line 48325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2341: /* opt_extended_describe: EXTENDED_SYM */ -#line 14834 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_EXTENDED; } -#line 48331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2342: /* opt_extended_describe: EXTENDED_SYM ALL */ -#line 14836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14858 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_EXTENDED | DESCRIBE_EXTENDED2; } -#line 48337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2343: /* opt_extended_describe: PARTITIONS_SYM */ -#line 14837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_PARTITIONS; } -#line 48343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2344: /* opt_extended_describe: opt_format_json */ -#line 14838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2345: /* opt_format_json: %empty */ -#line 14842 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14864 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2346: /* opt_format_json: FORMAT_SYM '=' ident_or_text */ -#line 14844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14866 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (lex_string_eq(&(yyvsp[0].lex_str), STRING_WITH_LEN("JSON"))) Lex->explain_json= true; @@ -48365,23 +48492,23 @@ my_yyabort_error((ER_UNKNOWN_EXPLAIN_FORMAT, MYF(0), "EXPLAIN/ANALYZE", (yyvsp[0].lex_str).str)); } -#line 48369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2347: /* opt_describe_column: %empty */ -#line 14856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14878 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2348: /* opt_describe_column: text_string */ -#line 14857 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= (yyvsp[0].string); } -#line 48381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2349: /* opt_describe_column: ident */ -#line 14859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14881 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= new (thd->mem_root) String((const char*) (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length, @@ -48389,11 +48516,11 @@ if (unlikely(Lex->wild == NULL)) MYSQL_YYABORT; } -#line 48393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2350: /* $@209: %empty */ -#line 14875 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->wild= 0; @@ -48403,11 +48530,11 @@ lex->init_select(); lex->current_select->parsing_place= SELECT_LIST; } -#line 48407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2351: /* explain_for_connection: describe_command opt_format_json $@209 FOR_SYM CONNECTION_SYM expr */ -#line 14885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->create_info.init(); @@ -48419,28 +48546,28 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 48423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2352: /* $@210: %empty */ -#line 14902 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_FLUSH; lex->type= 0; lex->no_write_to_binlog= (yyvsp[0].num); } -#line 48434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2353: /* flush: FLUSH_SYM opt_no_write_to_binlog $@210 flush_options */ -#line 14908 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14930 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2354: /* $@211: %empty */ -#line 14913 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_TABLES; /* @@ -48450,29 +48577,29 @@ YYPS->m_lock_type= TL_READ_NO_INSERT; YYPS->m_mdl_type= MDL_SHARED_HIGH_PRIO; } -#line 48454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2355: /* flush_options: table_or_tables $@211 opt_table_list opt_flush_lock */ -#line 14923 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14945 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2356: /* flush_options: flush_options_list */ -#line 14925 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14947 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2357: /* opt_flush_lock: %empty */ -#line 14929 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14951 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2358: /* opt_flush_lock: flush_lock */ -#line 14931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *tables= Lex->query_tables; for (; tables; tables= tables->next_global) @@ -48482,17 +48609,17 @@ tables->open_type= OT_BASE_ONLY; } } -#line 48486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2359: /* flush_lock: WITH READ_SYM LOCK_SYM optional_flush_tables_arguments */ -#line 14944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_READ_LOCK | (yyvsp[0].num); } -#line 48492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2360: /* $@212: %empty */ -#line 14946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->query_tables == NULL)) { @@ -48502,53 +48629,53 @@ } Lex->type|= REFRESH_FOR_EXPORT; } -#line 48506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2361: /* flush_lock: FOR_SYM $@212 EXPORT_SYM */ -#line 14954 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2363: /* flush_options_list: flush_option */ -#line 14960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2364: /* flush_option: ERROR_SYM LOGS_SYM */ -#line 14965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_ERROR_LOG; } -#line 48524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2365: /* flush_option: ENGINE_SYM LOGS_SYM */ -#line 14967 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_ENGINE_LOG; } -#line 48530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2366: /* flush_option: GENERAL LOGS_SYM */ -#line 14969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GENERAL_LOG; } -#line 48536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2367: /* flush_option: SLOW LOGS_SYM */ -#line 14971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SLOW_LOG; } -#line 48542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2368: /* flush_option: BINARY LOGS_SYM opt_delete_gtid_domain */ -#line 14973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_BINARY_LOG; } -#line 48548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2369: /* flush_option: RELAY LOGS_SYM optional_connection_name optional_for_channel */ -#line 14975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->type & REFRESH_RELAY_LOG)) @@ -48556,61 +48683,61 @@ lex->type|= REFRESH_RELAY_LOG; lex->relay_log_connection_name= lex->mi.connection_name; } -#line 48560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2370: /* flush_option: QUERY_SYM CACHE_SYM */ -#line 14983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_QUERY_CACHE_FREE; } -#line 48566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2371: /* flush_option: HOSTS_SYM */ -#line 14985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_HOSTS; } -#line 48572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2372: /* flush_option: PRIVILEGES */ -#line 14987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15009 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GRANT; } -#line 48578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2373: /* flush_option: LOGS_SYM */ -#line 14989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_LOG; Lex->relay_log_connection_name= empty_clex_str; } -#line 48587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2374: /* flush_option: STATUS_SYM */ -#line 14994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->variables.old_behavior & OLD_MODE_OLD_FLUSH_STATUS) Lex->type|= REFRESH_STATUS; else Lex->type|= REFRESH_SESSION_STATUS; } -#line 48598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2375: /* flush_option: SESSION_SYM STATUS_SYM */ -#line 15001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SESSION_STATUS; } -#line 48604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48731 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2376: /* flush_option: GLOBAL_SYM STATUS_SYM */ -#line 15003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15025 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GLOBAL_STATUS; } -#line 48610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2377: /* flush_option: SLAVE optional_connection_name */ -#line 15005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15027 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->type & REFRESH_SLAVE)) @@ -48618,41 +48745,41 @@ lex->type|= REFRESH_SLAVE; lex->reset_slave_info.all= false; } -#line 48622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2378: /* flush_option: MASTER_SYM */ -#line 15013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_MASTER; } -#line 48628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2379: /* flush_option: DES_KEY_FILE */ -#line 15015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_DES_KEY_FILE; } -#line 48634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2380: /* flush_option: RESOURCES */ -#line 15017 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_USER_RESOURCES; } -#line 48640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48767 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2381: /* flush_option: SSL_SYM */ -#line 15019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SSL;} -#line 48646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2382: /* flush_option: THREADS_SYM */ -#line 15021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_THREADS;} -#line 48652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2383: /* flush_option: IDENT_sys remember_tok_start */ -#line 15023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GENERIC; ST_SCHEMA_TABLE *table= find_schema_table(thd, &(yyvsp[-1].ident_sys)); @@ -48666,29 +48793,29 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 48670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2384: /* opt_table_list: %empty */ -#line 15039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2385: /* opt_table_list: table_list */ -#line 15040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15062 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2386: /* backup: BACKUP_SYM backup_statements */ -#line 15044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2387: /* backup_statements: STAGE_SYM ident */ -#line 15049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int type; if (unlikely(Lex->sphead)) @@ -48700,22 +48827,22 @@ Lex->backup_stage= (backup_stages) (type-1); break; } -#line 48704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2388: /* $@213: %empty */ -#line 15061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "BACKUP LOCK")); if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 48715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2389: /* backup_statements: LOCK_SYM $@213 table_ident */ -#line 15068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select->add_table_to_list(thd, (yyvsp[0].table), NULL, 0, TL_READ, MDL_SHARED_HIGH_PRIO))) @@ -48723,34 +48850,34 @@ Lex->sql_command= SQLCOM_BACKUP_LOCK; Lex->pop_select(); //main select } -#line 48727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2390: /* backup_statements: UNLOCK_SYM */ -#line 15076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "BACKUP UNLOCK")); /* Table list is empty for unlock */ Lex->sql_command= SQLCOM_BACKUP_LOCK; } -#line 48738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2391: /* opt_delete_gtid_domain: %empty */ -#line 15085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15107 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2392: /* opt_delete_gtid_domain: DELETE_DOMAIN_ID_SYM '=' '(' delete_domain_id_list ')' */ -#line 15087 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15109 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2396: /* delete_domain_id: ulonglong_num */ -#line 15097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15119 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { uint32 value= (uint32) (yyvsp[0].ulonglong_number); if ((yyvsp[0].ulonglong_number) > UINT_MAX32) @@ -48763,115 +48890,115 @@ } insert_dynamic(&Lex->delete_gtid_domain, (uchar*) &value); } -#line 48767 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2397: /* optional_flush_tables_arguments: %empty */ -#line 15112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num)= 0;} -#line 48773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2398: /* optional_flush_tables_arguments: AND_SYM DISABLE_SYM CHECKPOINT_SYM */ -#line 15113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num)= REFRESH_CHECKPOINT; } -#line 48779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2399: /* $@214: %empty */ -#line 15118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_RESET; lex->type=0; } -#line 48788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2400: /* reset: RESET_SYM $@214 reset_options */ -#line 15123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15145 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2403: /* $@215: %empty */ -#line 15132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SLAVE; } -#line 48800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2404: /* reset_option: SLAVE $@215 optional_connection_name slave_reset_options optional_for_channel */ -#line 15135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2405: /* $@216: %empty */ -#line 15137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_MASTER; Lex->next_binlog_file_number= 0; } -#line 48815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2407: /* reset_option: QUERY_SYM CACHE_SYM */ -#line 15142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_QUERY_CACHE;} -#line 48821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2408: /* slave_reset_options: %empty */ -#line 15146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->reset_slave_info.all= false; } -#line 48827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2409: /* slave_reset_options: ALL */ -#line 15147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->reset_slave_info.all= true; } -#line 48833 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2410: /* master_reset_options: %empty */ -#line 15151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15173 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48839 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2411: /* master_reset_options: TO_SYM ulong_num */ -#line 15153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15175 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->next_binlog_file_number = (yyvsp[0].ulong_num); } -#line 48847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2412: /* purge: PURGE master_or_binary LOGS_SYM TO_SYM TEXT_STRING_sys */ -#line 15160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_purge_to((yyvsp[0].lex_str)); } -#line 48855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2413: /* $@217: %empty */ -#line 15164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "PURGE..BEFORE"; } -#line 48861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2414: /* purge: PURGE master_or_binary LOGS_SYM BEFORE_SYM $@217 expr */ -#line 15166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= NULL; if (Lex->stmt_purge_before((yyvsp[0].item))) MYSQL_YYABORT; } -#line 48871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 48998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2415: /* $@218: %empty */ -#line 15178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->value_list.empty(); @@ -48881,124 +49008,124 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "KILL"; } -#line 48885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2416: /* kill: KILL_SYM $@218 kill_type kill_option */ -#line 15188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->kill_signal= (killed_state) ((yyvsp[-1].num) | (yyvsp[0].num)); } -#line 48893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2417: /* kill_type: %empty */ -#line 15194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15216 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_HARD_BIT; } -#line 48899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2418: /* kill_type: HARD_SYM */ -#line 15195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_HARD_BIT; } -#line 48905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2419: /* kill_type: SOFT_SYM */ -#line 15196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15218 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 48911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2420: /* kill_option: opt_connection kill_expr */ -#line 15200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_CONNECTION; } -#line 48917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2421: /* kill_option: QUERY_SYM kill_expr */ -#line 15201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_QUERY; } -#line 48923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2422: /* kill_option: QUERY_SYM ID_SYM expr */ -#line 15203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15225 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_QUERY; Lex->kill_type= KILL_TYPE_QUERY; Lex->value_list.push_front((yyvsp[0].item), thd->mem_root); } -#line 48933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2423: /* opt_connection: %empty */ -#line 15211 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2424: /* opt_connection: CONNECTION_SYM */ -#line 15212 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2425: /* kill_expr: expr */ -#line 15217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->value_list.push_front((yyval.item), thd->mem_root); } -#line 48953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2426: /* kill_expr: USER_SYM user */ -#line 15221 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root); Lex->kill_type= KILL_TYPE_USER; } -#line 48962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2427: /* $@219: %empty */ -#line 15228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHUTDOWN; } -#line 48968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2428: /* shutdown: SHUTDOWN $@219 shutdown_option */ -#line 15229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2429: /* shutdown_option: %empty */ -#line 15233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->is_shutdown_wait_for_slaves= false; } -#line 48980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2430: /* shutdown_option: WAIT_SYM FOR_SYM ALL SLAVES */ -#line 15235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->is_shutdown_wait_for_slaves= true; } -#line 48988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2431: /* use: USE_SYM ident */ -#line 15244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command=SQLCOM_CHANGE_DB; lex->first_select_lex()->db= (yyvsp[0].ident_sys); } -#line 48998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2432: /* $@220: %empty */ -#line 15255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15277 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; @@ -49012,11 +49139,11 @@ MYSQL_YYABORT; lex->init_select(); } -#line 49016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2433: /* $@221: %empty */ -#line 15269 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_LOAD; @@ -49027,11 +49154,11 @@ sql_exchange((yyvsp[0].lex_str).str, 0, (yyvsp[-5].filetype))))) MYSQL_YYABORT; } -#line 49031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2434: /* $@222: %empty */ -#line 15280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(!Select->add_table_to_list(thd, (yyvsp[-1].table), NULL, @@ -49044,55 +49171,55 @@ lex->value_list.empty(); lex->many_values.empty(); } -#line 49048 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2435: /* $@223: %empty */ -#line 15293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15315 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->cs= (yyvsp[0].charset); } -#line 49054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2436: /* load: LOAD data_or_xml $@220 load_data_lock opt_local INFILE TEXT_STRING_filesystem $@221 opt_duplicate INTO TABLE_SYM table_ident opt_use_partition $@222 opt_load_data_charset $@223 opt_xml_rows_identified_by opt_field_term opt_line_term opt_ignore_lines opt_field_or_var_spec opt_load_data_set_spec stmt_end */ -#line 15298 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); } -#line 49062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2437: /* data_or_xml: DATA_SYM */ -#line 15304 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15326 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.filetype)= FILETYPE_CSV; } -#line 49068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2438: /* data_or_xml: XML_SYM */ -#line 15305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.filetype)= FILETYPE_XML; } -#line 49074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2439: /* opt_local: %empty */ -#line 15309 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=0;} -#line 49080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2440: /* opt_local: LOCAL_SYM */ -#line 15310 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15332 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1;} -#line 49086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2441: /* load_data_lock: %empty */ -#line 15314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 49092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2442: /* load_data_lock: CONCURRENT */ -#line 15316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Ignore this option in SP to avoid problem with query cache and @@ -49100,160 +49227,160 @@ */ (yyval.lock_type)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 49104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2443: /* load_data_lock: LOW_PRIORITY */ -#line 15323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 49110 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2444: /* opt_duplicate: %empty */ -#line 15327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15349 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates=DUP_ERROR; } -#line 49116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2445: /* opt_duplicate: REPLACE */ -#line 15328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates=DUP_REPLACE; } -#line 49122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2446: /* opt_duplicate: IGNORE_SYM */ -#line 15329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1; } -#line 49128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2451: /* field_term: TERMINATED BY text_string */ -#line 15344 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->field_term= (yyvsp[0].string); } -#line 49137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2452: /* field_term: OPTIONALLY ENCLOSED BY text_string */ -#line 15349 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; DBUG_ASSERT(lex->exchange != 0); lex->exchange->enclosed= (yyvsp[0].string); lex->exchange->opt_enclosed= 1; } -#line 49148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2453: /* field_term: ENCLOSED BY text_string */ -#line 15356 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->enclosed= (yyvsp[0].string); } -#line 49157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2454: /* field_term: ESCAPED BY text_string */ -#line 15361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->escaped= (yyvsp[0].string); } -#line 49166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2459: /* line_term: TERMINATED BY text_string */ -#line 15379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->line_term= (yyvsp[0].string); } -#line 49175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2460: /* line_term: STARTING BY text_string */ -#line 15384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->line_start= (yyvsp[0].string); } -#line 49184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2461: /* opt_xml_rows_identified_by: %empty */ -#line 15391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 49190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2462: /* opt_xml_rows_identified_by: ROWS_SYM IDENTIFIED_SYM BY text_string */ -#line 15393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->line_term = (yyvsp[0].string); } -#line 49196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2464: /* opt_ignore_lines: IGNORE_SYM NUM lines_or_rows */ -#line 15399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->skip_lines= atol((yyvsp[-1].lex_str).str); } -#line 49205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2465: /* lines_or_rows: LINES */ -#line 15406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 49211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2466: /* lines_or_rows: ROWS_SYM */ -#line 15407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 49217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2467: /* opt_field_or_var_spec: %empty */ -#line 15411 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 49223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2468: /* opt_field_or_var_spec: '(' fields_or_vars ')' */ -#line 15412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 49229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2469: /* opt_field_or_var_spec: '(' ')' */ -#line 15413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 49235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2470: /* fields_or_vars: fields_or_vars ',' field_or_var */ -#line 15418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 49241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2471: /* fields_or_vars: field_or_var */ -#line 15420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 49247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2472: /* field_or_var: simple_ident_nospvar */ -#line 15424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.item)= (yyvsp[0].item);} -#line 49253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2473: /* field_or_var: '@' ident_or_text */ -#line 15426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -49265,23 +49392,23 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2474: /* opt_load_data_set_spec: %empty */ -#line 15440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 49275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2475: /* opt_load_data_set_spec: SET load_data_set_list */ -#line 15441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15463 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 49281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2478: /* load_data_set_elem: simple_ident_nospvar equal remember_name expr_or_ignore_or_default remember_end */ -#line 15451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->update_list.push_back((yyvsp[-4].item), thd->mem_root)) || @@ -49289,49 +49416,49 @@ MYSQL_YYABORT; (yyvsp[-1].item)->set_name_no_truncate(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 49293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2479: /* text_literal: TEXT_STRING */ -#line 15464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal((yyvsp[0].lex_string_with_metadata))))) MYSQL_YYABORT; } -#line 49302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2480: /* text_literal: NCHAR_STRING */ -#line 15469 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal_nchar((yyvsp[0].lex_string_with_metadata))))) MYSQL_YYABORT; } -#line 49311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2481: /* text_literal: UNDERSCORE_CHARSET TEXT_STRING */ -#line 15474 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].charset)= thd->variables.character_set_collations. get_collation_for_charset(thd, (yyvsp[-1].charset)); if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal_charset((yyvsp[0].lex_string_with_metadata), (yyvsp[-1].charset))))) MYSQL_YYABORT; } -#line 49322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2482: /* text_literal: text_literal TEXT_STRING_literal */ -#line 15481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= (yyvsp[-1].item_basic_constant)->make_string_literal_concat(thd, &(yyvsp[0].lex_str))))) MYSQL_YYABORT; } -#line 49331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2483: /* text_string: TEXT_STRING_literal */ -#line 15489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= new (thd->mem_root) String((const char*) (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, @@ -49339,17 +49466,17 @@ if (unlikely((yyval.string) == NULL)) MYSQL_YYABORT; } -#line 49343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2484: /* text_string: hex_or_bin_String */ -#line 15496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= (yyvsp[0].string); } -#line 49349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2485: /* hex_or_bin_String: HEX_NUM */ -#line 15502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_hex_hybrid(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -49357,11 +49484,11 @@ MYSQL_YYABORT; (yyval.string)= tmp->val_str((String*) 0); } -#line 49361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2486: /* hex_or_bin_String: HEX_STRING */ -#line 15510 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15532 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_hex_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -49369,11 +49496,11 @@ MYSQL_YYABORT; (yyval.string)= tmp->val_str((String*) 0); } -#line 49373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2487: /* hex_or_bin_String: BIN_NUM */ -#line 15518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_bin_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -49385,76 +49512,76 @@ */ (yyval.string)= tmp->val_str((String*) 0); } -#line 49389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2488: /* param_marker: PARAM_MARKER */ -#line 15533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, ¶m_clex_str, YYLIP->get_tok_start(), YYLIP->get_tok_start() + 1)))) MYSQL_YYABORT; } -#line 49400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2489: /* param_marker: COLON_ORACLE_SYM ident_cli */ -#line 15540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, &null_clex_str, (yyvsp[-1].kwd).pos(), (yyvsp[0].ident_cli).end())))) MYSQL_YYABORT; } -#line 49410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2490: /* param_marker: COLON_ORACLE_SYM NUM */ -#line 15546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, &null_clex_str, (yyvsp[-1].kwd).pos(), YYLIP->get_ptr())))) MYSQL_YYABORT; } -#line 49421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2491: /* signed_literal: '+' NUM_literal */ -#line 15555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_num); } -#line 49427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2492: /* signed_literal: '-' NUM_literal */ -#line 15557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item_num)->max_length++; (yyval.item)= (yyvsp[0].item_num)->neg(thd); } -#line 49436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2493: /* literal: text_literal */ -#line 15564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_basic_constant); } -#line 49442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2494: /* literal: NUM_literal */ -#line 15565 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_num); } -#line 49448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2495: /* literal: temporal_literal */ -#line 15566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15588 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 49454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2496: /* literal: NULL_SYM */ -#line 15568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* For the digest computation, in this context only, @@ -49468,61 +49595,61 @@ MYSQL_YYABORT; YYLIP->next_state= MY_LEX_OPERATOR_OR_IDENT; } -#line 49472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2497: /* literal: FALSE_SYM */ -#line 15582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15604 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bool(thd, (char*) "FALSE",0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2498: /* literal: TRUE_SYM */ -#line 15588 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15610 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bool(thd, (char*) "TRUE",1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2499: /* literal: HEX_NUM */ -#line 15594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_hex_hybrid(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2500: /* literal: HEX_STRING */ -#line 15600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15622 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_hex_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2501: /* literal: BIN_NUM */ -#line 15606 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15628 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bin_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 49522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2502: /* literal: UNDERSCORE_CHARSET hex_or_bin_String */ -#line 15612 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item_string_with_introducer *item_str; LEX_CSTRING tmp; @@ -49542,11 +49669,11 @@ (yyval.item)= item_str; } -#line 49546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2503: /* NUM_literal: NUM */ -#line 15635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15657 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.item_num)= new (thd->mem_root) @@ -49556,11 +49683,11 @@ if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 49560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2504: /* NUM_literal: LONG_NUM */ -#line 15645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.item_num)= new (thd->mem_root) @@ -49570,75 +49697,75 @@ if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 49574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2505: /* NUM_literal: ULONGLONG_NUM */ -#line 15655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 49584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2506: /* NUM_literal: DECIMAL_NUM */ -#line 15661 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_decimal(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, thd->charset()); if (unlikely((yyval.item_num) == NULL) || unlikely(thd->is_error())) MYSQL_YYABORT; } -#line 49595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2507: /* NUM_literal: FLOAT_NUM */ -#line 15668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_float(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item_num) == NULL) || unlikely(thd->is_error())) MYSQL_YYABORT; } -#line 49605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2508: /* temporal_literal: DATE_SYM TEXT_STRING */ -#line 15678 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_newdate.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 49616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49743 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2509: /* temporal_literal: TIME_SYM TEXT_STRING */ -#line 15685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_time2.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 49627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2510: /* temporal_literal: TIMESTAMP TEXT_STRING */ -#line 15692 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_datetime.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 49638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2511: /* $@224: %empty */ -#line 15702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; With_clause *with_clause= @@ -49654,32 +49781,32 @@ lex->current_select->parsing_place == BEFORE_OPT_LIST) lex->current_select->parsing_place= NO_MATTER; } -#line 49658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2512: /* with_clause: WITH opt_recursive $@224 with_list */ -#line 15718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.with_clause)= Lex->curr_with_clause; Lex->curr_with_clause= Lex->curr_with_clause->pop(); } -#line 49667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2513: /* opt_recursive: %empty */ -#line 15726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 49673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2514: /* opt_recursive: RECURSIVE_SYM */ -#line 15727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 49679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2518: /* with_list_element: with_element_head with_column_list AS '(' query_expression ')' opt_cycle */ -#line 15744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; const char *query_start= lex->sphead ? lex->sphead->m_tmp_query @@ -49697,78 +49824,78 @@ } elem->set_tables_end_pos(lex->query_tables_last); } -#line 49701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2519: /* opt_cycle: %empty */ -#line 15765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15787 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= NULL; } -#line 49707 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2520: /* $@225: %empty */ -#line 15768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!Lex->curr_with_clause->with_recursive) { thd->parse_error(ER_SYNTAX_ERROR, (yyvsp[0].kwd).pos()); } } -#line 49718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2521: /* opt_cycle: CYCLE_SYM $@225 comma_separated_ident_list RESTRICT */ -#line 15775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= (yyvsp[-1].ident_sys_list); } -#line 49726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2522: /* opt_column_name_list: %empty */ -#line 15782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.ident_sys_list)= new (thd->mem_root) List) == NULL) MYSQL_YYABORT; } -#line 49735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2523: /* opt_column_name_list: '(' comma_separated_ident_list ')' */ -#line 15787 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= (yyvsp[-1].ident_sys_list); } -#line 49741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2524: /* ident_sys_alloc: ident_cli */ -#line 15792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_ptr)= new (thd->mem_root) Lex_ident_sys(thd, &(yyvsp[0].ident_cli)); } -#line 49749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2525: /* comma_separated_ident_list: ident_sys_alloc */ -#line 15799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= new (thd->mem_root) List; if (unlikely((yyval.ident_sys_list) == NULL || (yyval.ident_sys_list)->push_back((yyvsp[0].ident_sys_ptr)))) MYSQL_YYABORT; } -#line 49759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2526: /* comma_separated_ident_list: comma_separated_ident_list ',' ident_sys_alloc */ -#line 15805 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.ident_sys_list)= (yyvsp[-2].ident_sys_list))->push_back((yyvsp[0].ident_sys_ptr))) MYSQL_YYABORT; } -#line 49768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2527: /* with_element_head: ident */ -#line 15814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.with_element_head)= new (thd->mem_root) With_element_head( Lex_ident_with_element((yyvsp[0].ident_sys))); @@ -49776,163 +49903,163 @@ MYSQL_YYABORT; (yyval.with_element_head)->tables_pos.set_start_pos(Lex->query_tables_last); } -#line 49780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2528: /* insert_ident: simple_ident_nospvar */ -#line 15830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 49786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2529: /* insert_ident: table_wild */ -#line 15831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 49792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2530: /* table_wild: ident '.' '*' */ -#line 15836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15858 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 49801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2531: /* table_wild: ident '.' ident '.' '*' */ -#line 15841 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 49810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2532: /* select_sublist_qualified_asterisk: ident_cli '.' '*' */ -#line 15849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-2].ident_cli))))) MYSQL_YYABORT; } -#line 49819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2533: /* select_sublist_qualified_asterisk: ident_cli '.' ident_cli '.' '*' */ -#line 15854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-4].ident_cli), &(yyvsp[-2].ident_cli))))) MYSQL_YYABORT; } -#line 49828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2534: /* order_ident: expr */ -#line 15861 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 49834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2535: /* simple_ident: ident_cli */ -#line 15867 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2536: /* simple_ident: ident_cli '.' ident_cli */ -#line 15872 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15894 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2537: /* simple_ident: '.' ident_cli '.' ident_cli */ -#line 15877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_cli empty((yyvsp[-2].ident_cli).pos(), 0); if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &empty, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2538: /* simple_ident: ident_cli '.' ident_cli '.' ident_cli */ -#line 15883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15905 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-4].ident_cli), &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 49998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2539: /* simple_ident: COLON_ORACLE_SYM ident_cli '.' ident_cli */ -#line 15888 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15910 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_colon_ident_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2540: /* simple_ident_nospvar: ident */ -#line 15896 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident_nosp(thd, &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 49889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2541: /* simple_ident_nospvar: ident '.' ident */ -#line 15901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15923 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident_nospvar(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 49898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2542: /* simple_ident_nospvar: COLON_ORACLE_SYM ident_cli '.' ident_cli */ -#line 15906 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15928 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_colon_ident_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 49907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2543: /* simple_ident_nospvar: '.' ident '.' ident */ -#line 15911 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15933 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys none; if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &none, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 49917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2544: /* simple_ident_nospvar: ident '.' ident '.' ident */ -#line 15917 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15939 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 49926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2545: /* field_ident: ident */ -#line 15924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 49932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2546: /* field_ident: ident '.' ident '.' ident */ -#line 15926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *table= Select->table_list.first; if (unlikely(!table->db.streq((yyvsp[-4].ident_sys)))) @@ -49941,228 +50068,228 @@ my_yyabort_error((ER_WRONG_TABLE_NAME, MYF(0), (yyvsp[-2].ident_sys).str)); (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 49945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2547: /* field_ident: ident '.' ident */ -#line 15935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *table= Select->table_list.first; if (unlikely(!table->alias.streq((yyvsp[-2].ident_sys)))) my_yyabort_error((ER_WRONG_TABLE_NAME, MYF(0), (yyvsp[-2].ident_sys).str)); (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 49956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2548: /* field_ident: '.' ident */ -#line 15941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 49962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2549: /* table_ident: ident */ -#line 15946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[0].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2550: /* table_ident: ident '.' ident */ -#line 15952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2551: /* table_ident: '.' ident */ -#line 15958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* For Delphi */ (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[0].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2552: /* table_ident_opt_wild: ident opt_wild */ -#line 15968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[-1].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 50003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2553: /* table_ident_opt_wild: ident '.' ident opt_wild */ -#line 15974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(thd, &(yyvsp[-3].ident_sys), &(yyvsp[-1].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 50013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2554: /* table_ident_nodb: ident */ -#line 15983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING db= any_db; (yyval.table)= new (thd->mem_root) Table_ident(thd, &db, &(yyvsp[0].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 50024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2559: /* ident_cli: keyword_ident */ -#line 15999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 50030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2560: /* IDENT_sys: IDENT_cli */ -#line 16004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16026 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->to_ident_sys_alloc(&(yyval.ident_sys), &(yyvsp[0].ident_cli)))) MYSQL_YYABORT; } -#line 50039 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2563: /* ident_cli_func: keyword_func_sp_var_and_label */ -#line 16013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 50045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2564: /* ident_cli_func: keyword_func_sp_var_not_label */ -#line 16014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 50051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2565: /* ident_func: ident_cli_func */ -#line 16019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->to_ident_sys_alloc(&(yyval.ident_sys), &(yyvsp[0].ident_cli)))) MYSQL_YYABORT; } -#line 50060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2566: /* TEXT_STRING_sys: TEXT_STRING */ -#line 16028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_sys(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 50069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2567: /* TEXT_STRING_literal: TEXT_STRING */ -#line 16036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16058 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_connection(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 50078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2568: /* TEXT_STRING_filesystem: TEXT_STRING */ -#line 16044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_filesystem(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 50087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2570: /* ident_table_alias: keyword_table_alias */ -#line 16053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 50096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2571: /* ident_cli_set_usual_case: IDENT_cli */ -#line 16060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].ident_cli); } -#line 50102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2572: /* ident_cli_set_usual_case: keyword_set_usual_case */ -#line 16061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 50108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2574: /* ident_sysvar_name: keyword_sysvar_name */ -#line 16067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16089 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 50117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2575: /* ident_sysvar_name: TEXT_STRING_sys */ -#line 16072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_sys(thd, &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 50126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2577: /* ident: keyword_ident */ -#line 16082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 50135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2579: /* label_ident: keyword_label */ -#line 16091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 50144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2580: /* ident_or_text: ident */ -#line 16098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16120 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 50150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2581: /* ident_or_text: TEXT_STRING_sys */ -#line 16099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str);} -#line 50156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2582: /* ident_or_text: LEX_HOSTNAME */ -#line 16100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str);} -#line 50162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2583: /* user_maybe_role: ident_or_text */ -#line 16105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; @@ -50173,11 +50300,11 @@ system_charset_info, 0))) MYSQL_YYABORT; } -#line 50177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2584: /* user_maybe_role: ident_or_text '@' ident_or_text */ -#line 16116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; @@ -50201,76 +50328,76 @@ (yyval.lex_user)->host= host_not_specified; } } -#line 50205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2585: /* user_maybe_role: CURRENT_USER optional_braces */ -#line 16140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; (yyval.lex_user)->user= current_user; } -#line 50215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 2588: /* user: user_maybe_role */ -#line 16150 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[0].lex_user)->user.str != current_user.str && (yyvsp[0].lex_user)->host.str == 0) (yyvsp[0].lex_user)->host= host_not_specified; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 50225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3321: /* $@226: %empty */ -#line 17029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_stmt_init(); } -#line 50234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3322: /* set: SET $@226 set_param */ -#line 17034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17056 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 50243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3325: /* $@227: %empty */ -#line 17044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= OPT_DEFAULT; if (sp_create_assignment_lex(thd, (yyvsp[0].kwd).pos())) MYSQL_YYABORT; } -#line 50253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3326: /* set_param: TRANSACTION_SYM $@227 transaction_characteristics */ -#line 17050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3327: /* $@228: %empty */ -#line 17055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= (yyvsp[0].var_type); } -#line 50270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3329: /* $@229: %empty */ -#line 17061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->table_or_sp_used())) @@ -50280,112 +50407,112 @@ if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 50284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3335: /* $@230: %empty */ -#line 17088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[0].kwd).pos())) MYSQL_YYABORT; } -#line 50293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3336: /* start_option_value_list_following_option_type: TRANSACTION_SYM $@230 transaction_characteristics */ -#line 17093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3339: /* $@231: %empty */ -#line 17108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= (yyvsp[0].var_type); } -#line 50310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3342: /* option_type: GLOBAL_SYM */ -#line 17116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 50316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50443 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3343: /* option_type: LOCAL_SYM */ -#line 17117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17139 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3344: /* option_type: SESSION_SYM */ -#line 17118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3345: /* opt_var_type: %empty */ -#line 17122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3346: /* opt_var_type: GLOBAL_SYM */ -#line 17123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17145 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 50340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3347: /* opt_var_type: LOCAL_SYM */ -#line 17124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3348: /* opt_var_type: SESSION_SYM */ -#line 17125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3349: /* opt_var_ident_type: %empty */ -#line 17129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_DEFAULT; } -#line 50358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3350: /* opt_var_ident_type: GLOBAL_SYM '.' */ -#line 17130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17152 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 50364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3351: /* opt_var_ident_type: LOCAL_SYM '.' */ -#line 17131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3352: /* opt_var_ident_type: SESSION_SYM '.' */ -#line 17132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 50376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3353: /* $@232: %empty */ -#line 17141 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17163 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 50385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3354: /* set_stmt_option: ident_cli equal $@232 set_expr_or_default */ -#line 17146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); if (unlikely(!tmp.str) || @@ -50394,20 +50521,20 @@ MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 50398 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3355: /* $@233: %empty */ -#line 17155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 50407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3356: /* set_stmt_option: ident_cli '.' ident equal $@233 set_expr_or_default */ -#line 17160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); if (unlikely(!tmp.str) || @@ -50416,40 +50543,40 @@ MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 50420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3357: /* $@234: %empty */ -#line 17169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 50429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3358: /* set_stmt_option: DEFAULT '.' ident equal $@234 set_expr_or_default */ -#line 17174 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr))) MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 50440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3359: /* $@235: %empty */ -#line 17186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].ident_cli).pos())) MYSQL_YYABORT; } -#line 50449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3360: /* option_value_following_option_type: ident_cli equal $@235 set_expr_or_default */ -#line 17191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); if (unlikely(!tmp.str) || @@ -50458,20 +50585,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3361: /* $@236: %empty */ -#line 17200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].ident_cli).pos())) MYSQL_YYABORT; } -#line 50471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3362: /* option_value_following_option_type: ident_cli '.' ident equal $@236 set_expr_or_default */ -#line 17205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); if (unlikely(!tmp.str) || @@ -50480,40 +50607,40 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3363: /* $@237: %empty */ -#line 17214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].kwd).pos())) MYSQL_YYABORT; } -#line 50493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3364: /* option_value_following_option_type: DEFAULT '.' ident equal $@237 set_expr_or_default */ -#line 17219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17241 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3365: /* $@238: %empty */ -#line 17230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].ident_cli).pos())) MYSQL_YYABORT; } -#line 50513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3366: /* option_value_no_option_type: ident_cli_set_usual_case equal $@238 set_expr_or_default */ -#line 17235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); @@ -50522,20 +50649,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3367: /* $@239: %empty */ -#line 17244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].ident_cli).pos())) MYSQL_YYABORT; } -#line 50535 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3368: /* option_value_no_option_type: ident_cli_set_usual_case '.' ident equal $@239 set_expr_or_default */ -#line 17249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); @@ -50544,20 +50671,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3369: /* $@240: %empty */ -#line 17258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].kwd).pos())) MYSQL_YYABORT; } -#line 50557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3370: /* option_value_no_option_type: DEFAULT '.' ident equal $@240 set_expr_or_default */ -#line 17263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr))) @@ -50565,11 +50692,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3371: /* $@241: %empty */ -#line 17271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[-1].lex_str).length) { @@ -50580,11 +50707,11 @@ if (sp_create_assignment_lex(thd, (yyvsp[-2].lex_str).str)) MYSQL_YYABORT; } -#line 50584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3372: /* option_value_no_option_type: '@' ident_or_text equal $@241 remember_cpp_ptr expr remember_end */ -#line 17282 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17304 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -50598,69 +50725,69 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3373: /* $@242: %empty */ -#line 17296 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-4].lex_str).str)) MYSQL_YYABORT; } -#line 50611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3374: /* option_value_no_option_type: '@' '@' opt_var_ident_type ident_sysvar_name equal $@242 set_expr_or_default */ -#line 17301 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_system_variable((yyvsp[-4].var_type), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3375: /* $@243: %empty */ -#line 17307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-6].lex_str).str)) MYSQL_YYABORT; } -#line 50630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3376: /* option_value_no_option_type: '@' '@' opt_var_ident_type ident_sysvar_name '.' ident equal $@243 set_expr_or_default */ -#line 17312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17334 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_system_variable(thd, (yyvsp[-6].var_type), &(yyvsp[-5].ident_sys), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3377: /* $@244: %empty */ -#line 17319 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-6].lex_str).str)) MYSQL_YYABORT; } -#line 50650 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3378: /* option_value_no_option_type: '@' '@' opt_var_ident_type DEFAULT '.' ident equal $@244 set_expr_or_default */ -#line 17324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable((yyvsp[-6].var_type), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3379: /* option_value_no_option_type: charset old_or_new_charset_name_or_default */ -#line 17330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; @@ -50678,11 +50805,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3380: /* option_value_no_option_type: NAMES_SYM equal expr */ -#line 17348 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; sp_pcontext *spc= lex->spcont; @@ -50693,31 +50820,31 @@ thd->parse_error(); MYSQL_YYABORT; } -#line 50697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3381: /* option_value_no_option_type: NAMES_SYM charset_name_or_default */ -#line 17359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_names((yyvsp[-1].kwd).pos(), (yyvsp[0].charset), Lex_extended_collation_st::collate_default(), yychar == YYEMPTY)) MYSQL_YYABORT; } -#line 50708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3382: /* option_value_no_option_type: NAMES_SYM charset_name_or_default COLLATE_SYM collation_name_or_default */ -#line 17367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_names((yyvsp[-3].kwd).pos(), (yyvsp[-2].charset), (yyvsp[0].Lex_extended_collation), yychar == YYEMPTY)) MYSQL_YYABORT; } -#line 50717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3383: /* option_value_no_option_type: DEFAULT ROLE_SYM grant_role */ -#line 17372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-2].kwd).pos())) MYSQL_YYABORT; @@ -50739,11 +50866,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50743 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3384: /* option_value_no_option_type: DEFAULT ROLE_SYM grant_role FOR_SYM user */ -#line 17394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-4].kwd).pos())) MYSQL_YYABORT; @@ -50759,11 +50886,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3385: /* option_value_no_option_type: ROLE_SYM role_name */ -#line 17410 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; @@ -50774,20 +50901,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3386: /* $@245: %empty */ -#line 17421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 50787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3387: /* option_value_no_option_type: ROLE_SYM equal $@245 set_expr_or_default */ -#line 17426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].kwd)); @@ -50796,49 +50923,49 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3388: /* $@246: %empty */ -#line 17435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 50809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3389: /* option_value_no_option_type: PASSWORD_SYM equal $@246 text_or_password */ -#line 17440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_create_set_password_instr(thd, (yyvsp[0].user_auth), yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3390: /* $@247: %empty */ -#line 17446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 50828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3391: /* option_value_no_option_type: PASSWORD_SYM FOR_SYM $@247 user equal text_or_password */ -#line 17451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_create_set_password_instr(thd, (yyvsp[-2].lex_user), (yyvsp[0].user_auth), yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 50838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3396: /* transaction_access_mode: transaction_access_mode_types */ -#line 17467 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Item *item= new (thd->mem_root) Item_int(thd, (int32) (yyvsp[0].num)); @@ -50854,11 +50981,11 @@ if (unlikely(lex->var_list.push_back(var, thd->mem_root))) MYSQL_YYABORT; } -#line 50858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 50985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3397: /* isolation_level: ISOLATION LEVEL_SYM isolation_types */ -#line 17486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Item *item= new (thd->mem_root) Item_int(thd, (int32) (yyvsp[0].tx_isolation)); @@ -50873,65 +51000,65 @@ unlikely(lex->var_list.push_back(var, thd->mem_root))) MYSQL_YYABORT; } -#line 50877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3398: /* transaction_access_mode_types: READ_SYM ONLY_SYM */ -#line 17503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 50883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3399: /* transaction_access_mode_types: READ_SYM WRITE_SYM */ -#line 17504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 50889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3400: /* isolation_types: READ_SYM UNCOMMITTED_SYM */ -#line 17508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17530 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_READ_UNCOMMITTED; } -#line 50895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3401: /* isolation_types: READ_SYM COMMITTED_SYM */ -#line 17509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_READ_COMMITTED; } -#line 50901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3402: /* isolation_types: REPEATABLE_SYM READ_SYM */ -#line 17510 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17532 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_REPEATABLE_READ; } -#line 50907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3403: /* isolation_types: SERIALIZABLE_SYM */ -#line 17511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_SERIALIZABLE; } -#line 50913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3404: /* text_or_password: TEXT_STRING */ -#line 17517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17539 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->auth_str= (yyvsp[0].lex_string_with_metadata); } -#line 50922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3405: /* text_or_password: PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 17522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); } -#line 50931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3406: /* text_or_password: OLD_PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 17527 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17549 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); @@ -50939,11 +51066,11 @@ (yyvsp[-1].lex_string_with_metadata).str, (yyvsp[-1].lex_string_with_metadata).length, Item_func_password::OLD); (yyval.user_auth)->auth_str.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; } -#line 50943 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3407: /* set_expr_or_default: remember_cpp_ptr expr remember_end */ -#line 17538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -50956,47 +51083,47 @@ (yyval.expr_and_query_str)= { (yyvsp[-1].item), expr_str }; } -#line 50960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3408: /* set_expr_or_default: remember_cpp_ptr set_expr_misc remember_end */ -#line 17551 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-1].item) == nullptr)) MYSQL_YYABORT; (yyval.expr_and_query_str)= {(yyvsp[-1].item), empty_clex_str}; } -#line 50970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3409: /* set_expr_or_default: remember_cpp_ptr DEFAULT remember_end */ -#line 17557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.expr_and_query_str)= { nullptr, empty_clex_str }; } -#line 50978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3410: /* set_expr_misc: ON */ -#line 17563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "ON", 2); } -#line 50984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3411: /* set_expr_misc: ALL */ -#line 17564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "ALL", 3); } -#line 50990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3412: /* set_expr_misc: BINARY */ -#line 17565 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "binary", 6); } -#line 50996 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3413: /* $@248: %empty */ -#line 17572 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; @@ -51004,55 +51131,55 @@ my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "LOCK")); lex->sql_command= SQLCOM_LOCK_TABLES; } -#line 51008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3414: /* lock: LOCK_SYM table_or_tables $@248 table_lock_list opt_lock_wait_timeout */ -#line 17580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51014 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3415: /* opt_lock_wait_timeout: %empty */ -#line 17585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3416: /* opt_lock_wait_timeout: WAIT_SYM ulong_num */ -#line 17587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("lock_wait_timeout"), (yyvsp[0].ulong_num))) || unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("innodb_lock_wait_timeout"), (yyvsp[0].ulong_num)))) MYSQL_YYABORT; } -#line 51030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3417: /* opt_lock_wait_timeout: NOWAIT_SYM */ -#line 17593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("lock_wait_timeout"), 0)) || unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("innodb_lock_wait_timeout"), 0))) MYSQL_YYABORT; } -#line 51040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3418: /* table_or_tables: TABLE_SYM */ -#line 17601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17623 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3419: /* table_or_tables: TABLES */ -#line 17602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17624 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3422: /* table_lock: table_ident opt_table_alias_clause lock_option */ -#line 17612 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thr_lock_type lock_type= (thr_lock_type) (yyvsp[0].num); bool lock_for_write= (lock_type >= TL_FIRST_WRITE); @@ -51068,43 +51195,43 @@ lock_type, mdl_type))) MYSQL_YYABORT; } -#line 51072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3423: /* lock_option: READ_SYM */ -#line 17630 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_READ_NO_INSERT; } -#line 51078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3424: /* lock_option: WRITE_SYM */ -#line 17631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17653 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_WRITE_DEFAULT; } -#line 51084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3425: /* lock_option: WRITE_SYM CONCURRENT */ -#line 17633 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 51092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3426: /* lock_option: LOW_PRIORITY WRITE_SYM */ -#line 17637 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17659 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_WRITE_LOW_PRIORITY; } -#line 51098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3427: /* lock_option: READ_SYM LOCAL_SYM */ -#line 17638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_READ; } -#line 51104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3428: /* $@249: %empty */ -#line 17643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; @@ -51112,34 +51239,34 @@ my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "UNLOCK")); lex->sql_command= SQLCOM_UNLOCK_TABLES; } -#line 51116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3429: /* unlock: UNLOCK_SYM $@249 table_or_tables */ -#line 17651 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3430: /* $@250: %empty */ -#line 17660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 51131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3431: /* handler: HANDLER_SYM $@250 handler_tail */ -#line 17665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); //main select } -#line 51139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3432: /* handler_tail: table_ident OPEN_SYM opt_table_alias_clause */ -#line 17672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->sphead)) @@ -51148,11 +51275,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-2].table), (yyvsp[0].lex_str_ptr), 0)) MYSQL_YYABORT; } -#line 51152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3433: /* handler_tail: table_ident_nodb CLOSE_SYM */ -#line 17681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17703 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->sphead)) @@ -51161,11 +51288,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-1].table), 0, 0)) MYSQL_YYABORT; } -#line 51165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3434: /* $@251: %empty */ -#line 17690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; SELECT_LEX *select= Select; @@ -51183,11 +51310,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-1].table), 0, 0)) MYSQL_YYABORT; } -#line 51187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3435: /* handler_tail: table_ident_nodb READ_SYM $@251 handler_read_or_scan opt_where_clause opt_global_limit_clause */ -#line 17708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; SELECT_LEX *select= Select; @@ -51209,59 +51336,59 @@ MYSQL_YYABORT; } } -#line 51213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3436: /* handler_read_or_scan: handler_scan_function */ -#line 17732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= null_clex_str; } -#line 51219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3437: /* handler_read_or_scan: ident handler_rkey_function */ -#line 17733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= (yyvsp[-1].ident_sys); } -#line 51225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3438: /* handler_scan_function: FIRST_SYM */ -#line 17737 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RFIRST; } -#line 51231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3439: /* handler_scan_function: NEXT_SYM */ -#line 17738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RNEXT; } -#line 51237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3440: /* handler_rkey_function: FIRST_SYM */ -#line 17742 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RFIRST; } -#line 51243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3441: /* handler_rkey_function: NEXT_SYM */ -#line 17743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RNEXT; } -#line 51249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3442: /* handler_rkey_function: PREV_SYM */ -#line 17744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RPREV; } -#line 51255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3443: /* handler_rkey_function: LAST_SYM */ -#line 17745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RLAST; } -#line 51261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3444: /* $@252: %empty */ -#line 17747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->ha_read_mode = RKEY; @@ -51269,143 +51396,143 @@ if (unlikely(!(lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 51273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3445: /* handler_rkey_function: handler_rkey_mode $@252 '(' values ')' */ -#line 17755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3446: /* handler_rkey_mode: '=' */ -#line 17759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_EXACT; } -#line 51285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3447: /* handler_rkey_mode: GE */ -#line 17760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_OR_NEXT; } -#line 51291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3448: /* handler_rkey_mode: LE */ -#line 17761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_OR_PREV; } -#line 51297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3449: /* handler_rkey_mode: '>' */ -#line 17762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_AFTER_KEY; } -#line 51303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3450: /* handler_rkey_mode: '<' */ -#line 17763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_BEFORE_KEY; } -#line 51309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3451: /* revoke: REVOKE clear_privileges revoke_command */ -#line 17770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3452: /* revoke_command: grant_privileges ON opt_table grant_ident FROM user_and_role_list */ -#line 17775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_table(thd, (yyvsp[-5].lex_grant), *(yyvsp[-2].lex_grant_ident))) MYSQL_YYABORT; } -#line 51324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3453: /* revoke_command: grant_privileges ON sp_handler grant_ident FROM user_and_role_list */ -#line 17780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_sp(thd, (yyvsp[-5].lex_grant), *(yyvsp[-2].lex_grant_ident), *(yyvsp[-3].sp_handler))) MYSQL_YYABORT; } -#line 51333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3454: /* revoke_command: ALL opt_privileges ',' GRANT OPTION FROM user_and_role_list */ -#line 17785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17807 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_REVOKE_ALL; } -#line 51341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3455: /* revoke_command: PROXY_SYM ON user FROM user_list */ -#line 17789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_proxy(thd, (yyvsp[-2].lex_user))) MYSQL_YYABORT; } -#line 51350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51477 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3456: /* revoke_command: admin_option_for_role FROM user_and_role_list */ -#line 17794 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17816 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_REVOKE_ROLE; if (unlikely(Lex->users_list.push_front((yyvsp[-2].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3457: /* admin_option_for_role: ADMIN_SYM OPTION FOR_SYM grant_role */ -#line 17803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17825 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= true; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 51366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3458: /* admin_option_for_role: grant_role */ -#line 17805 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= false; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 51372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51499 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3459: /* grant: GRANT clear_privileges grant_command */ -#line 17810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3460: /* grant_command: grant_privileges ON opt_table grant_ident TO_SYM grant_list opt_require_clause opt_grant_options */ -#line 17816 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_table(thd, (yyvsp[-7].lex_grant), *(yyvsp[-4].lex_grant_ident), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 51387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3461: /* grant_command: grant_privileges ON sp_handler grant_ident TO_SYM grant_list opt_require_clause opt_grant_options */ -#line 17822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_sp(thd, (yyvsp[-7].lex_grant), *(yyvsp[-4].lex_grant_ident), *(yyvsp[-5].sp_handler), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 51396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51523 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3462: /* grant_command: PROXY_SYM ON user TO_SYM grant_list opt_grant_option */ -#line 17827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_proxy(thd, (yyvsp[-3].lex_user), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 51405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3463: /* grant_command: grant_role TO_SYM grant_list opt_with_admin_option */ -#line 17832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_GRANT_ROLE; @@ -51413,63 +51540,63 @@ if (unlikely(Lex->users_list.push_front((yyvsp[-3].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3464: /* opt_with_admin: %empty */ -#line 17843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer = 0; } -#line 51423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3465: /* opt_with_admin: WITH ADMIN_SYM user_or_role */ -#line 17844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17866 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer = (yyvsp[0].lex_user); } -#line 51429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3466: /* opt_with_admin_option: %empty */ -#line 17848 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17870 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= false; } -#line 51435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3467: /* opt_with_admin_option: WITH ADMIN_SYM OPTION */ -#line 17849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= true; } -#line 51441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3468: /* role_list: grant_role */ -#line 17854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3469: /* role_list: role_list ',' grant_role */ -#line 17859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17881 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51459 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3470: /* current_role: CURRENT_ROLE optional_braces */ -#line 17867 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; (yyval.lex_user)->user= current_role; } -#line 51469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3471: /* role_name: ident_or_text */ -#line 17876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17898 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { CHARSET_INFO *cs= system_charset_info; /* trim end spaces (as they'll be lost in mysql.user anyway) */ @@ -51488,393 +51615,393 @@ MYSQL_YYABORT; (yyval.lex_user)->host= empty_clex_str; } -#line 51492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3477: /* grant_privileges: ALL opt_privileges */ -#line 17906 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17928 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege(GLOBAL_ACLS, true))) MYSQL_YYABORT; } -#line 51501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3480: /* object_privilege_list: object_privilege */ -#line 17919 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege((yyvsp[0].privilege)))) MYSQL_YYABORT; } -#line 51510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3481: /* object_privilege_list: column_list_privilege */ -#line 17924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege()) || (yyval.lex_grant)->add_column_list_privilege(thd, (yyvsp[0].column_list_privilege).m_columns[0], (yyvsp[0].column_list_privilege).m_privilege)) MYSQL_YYABORT; } -#line 51521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3482: /* object_privilege_list: object_privilege_list ',' object_privilege */ -#line 17931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { ((yyval.lex_grant)= (yyvsp[-2].lex_grant))->add_object_privilege((yyvsp[0].privilege)); } -#line 51529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3483: /* object_privilege_list: object_privilege_list ',' column_list_privilege */ -#line 17935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.lex_grant)= (yyvsp[-2].lex_grant))->add_column_list_privilege(thd, (yyvsp[0].column_list_privilege).m_columns[0], (yyvsp[0].column_list_privilege).m_privilege)) MYSQL_YYABORT; } -#line 51539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3484: /* column_list_privilege: column_privilege '(' comma_separated_ident_list ')' */ -#line 17944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.column_list_privilege)= Lex_column_list_privilege((yyvsp[-1].ident_sys_list), (yyvsp[-3].privilege)); } -#line 51547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3485: /* column_privilege: SELECT_SYM */ -#line 17950 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SELECT_ACL; } -#line 51553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3486: /* column_privilege: INSERT */ -#line 17951 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INSERT_ACL; } -#line 51559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3487: /* column_privilege: UPDATE_SYM */ -#line 17952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= UPDATE_ACL; } -#line 51565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3488: /* column_privilege: REFERENCES */ -#line 17953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REFERENCES_ACL; } -#line 51571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3489: /* object_privilege: SELECT_SYM */ -#line 17957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SELECT_ACL; } -#line 51577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3490: /* object_privilege: INSERT */ -#line 17958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INSERT_ACL; } -#line 51583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3491: /* object_privilege: UPDATE_SYM */ -#line 17959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= UPDATE_ACL; } -#line 51589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3492: /* object_privilege: REFERENCES */ -#line 17960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REFERENCES_ACL; } -#line 51595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3493: /* object_privilege: DELETE_SYM */ -#line 17961 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DELETE_ACL;} -#line 51601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3494: /* object_privilege: USAGE */ -#line 17962 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 51607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3495: /* object_privilege: INDEX_SYM */ -#line 17963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INDEX_ACL;} -#line 51613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3496: /* object_privilege: ALTER */ -#line 17964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= ALTER_ACL;} -#line 51619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3497: /* object_privilege: CREATE */ -#line 17965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_ACL;} -#line 51625 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3498: /* object_privilege: DROP */ -#line 17966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DROP_ACL;} -#line 51631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3499: /* object_privilege: EXECUTE_SYM */ -#line 17967 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= EXECUTE_ACL;} -#line 51637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3500: /* object_privilege: RELOAD */ -#line 17968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= RELOAD_ACL;} -#line 51643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3501: /* object_privilege: SHUTDOWN */ -#line 17969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHUTDOWN_ACL;} -#line 51649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3502: /* object_privilege: PROCESS */ -#line 17970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= PROCESS_ACL;} -#line 51655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3503: /* object_privilege: FILE_SYM */ -#line 17971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= FILE_ACL;} -#line 51661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3504: /* object_privilege: GRANT OPTION */ -#line 17972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL;} -#line 51667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3505: /* object_privilege: SHOW DATABASES */ -#line 17973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_DB_ACL;} -#line 51673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3506: /* object_privilege: SUPER_SYM */ -#line 17974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SUPER_ACL;} -#line 51679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3507: /* object_privilege: CREATE TEMPORARY TABLES */ -#line 17975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_TMP_ACL;} -#line 51685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3508: /* object_privilege: LOCK_SYM TABLES */ -#line 17976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= LOCK_TABLES_ACL; } -#line 51691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3509: /* object_privilege: REPLICATION SLAVE */ -#line 17977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_SLAVE_ACL; } -#line 51697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3510: /* object_privilege: REPLICATION CLIENT_SYM */ -#line 17978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18000 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_MONITOR_ACL; /*Compatibility*/ } -#line 51703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3511: /* object_privilege: CREATE VIEW_SYM */ -#line 17979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_VIEW_ACL; } -#line 51709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3512: /* object_privilege: SHOW VIEW_SYM */ -#line 17980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_VIEW_ACL; } -#line 51715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3513: /* object_privilege: CREATE ROUTINE_SYM */ -#line 17981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_PROC_ACL; } -#line 51721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3514: /* object_privilege: ALTER ROUTINE_SYM */ -#line 17982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= ALTER_PROC_ACL; } -#line 51727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3515: /* object_privilege: CREATE USER_SYM */ -#line 17983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_USER_ACL; } -#line 51733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3516: /* object_privilege: EVENT_SYM */ -#line 17984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18006 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= EVENT_ACL;} -#line 51739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3517: /* object_privilege: TRIGGER_SYM */ -#line 17985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= TRIGGER_ACL; } -#line 51745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3518: /* object_privilege: CREATE TABLESPACE */ -#line 17986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_TABLESPACE_ACL; } -#line 51751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3519: /* object_privilege: DELETE_SYM HISTORY_SYM */ -#line 17987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18009 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DELETE_HISTORY_ACL; } -#line 51757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3520: /* object_privilege: SET USER_SYM */ -#line 17988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18010 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SET_USER_ACL; } -#line 51763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3521: /* object_privilege: FEDERATED_SYM ADMIN_SYM */ -#line 17989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= FEDERATED_ADMIN_ACL; } -#line 51769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3522: /* object_privilege: CONNECTION_SYM ADMIN_SYM */ -#line 17990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CONNECTION_ADMIN_ACL; } -#line 51775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3523: /* object_privilege: READ_SYM ONLY_SYM ADMIN_SYM */ -#line 17991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= READ_ONLY_ADMIN_ACL; } -#line 51781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3524: /* object_privilege: READ_ONLY_SYM ADMIN_SYM */ -#line 17992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= READ_ONLY_ADMIN_ACL; } -#line 51787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3525: /* object_privilege: BINLOG_SYM MONITOR_SYM */ -#line 17993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_MONITOR_ACL; } -#line 51793 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3526: /* object_privilege: BINLOG_SYM ADMIN_SYM */ -#line 17994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_ADMIN_ACL; } -#line 51799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3527: /* object_privilege: BINLOG_SYM REPLAY_SYM */ -#line 17995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18017 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_REPLAY_ACL; } -#line 51805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3528: /* object_privilege: REPLICATION MASTER_SYM ADMIN_SYM */ -#line 17996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18018 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_MASTER_ADMIN_ACL; } -#line 51811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3529: /* object_privilege: REPLICATION SLAVE ADMIN_SYM */ -#line 17997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_SLAVE_ADMIN_ACL; } -#line 51817 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3530: /* object_privilege: SLAVE MONITOR_SYM */ -#line 17998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18020 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SLAVE_MONITOR_ACL; } -#line 51823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3531: /* object_privilege: SHOW CREATE ROUTINE_SYM */ -#line 17999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_CREATE_ROUTINE_ACL; } -#line 51829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3532: /* opt_and: %empty */ -#line 18003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18025 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3533: /* opt_and: AND_SYM */ -#line 18004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18026 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3536: /* require_list_element: SUBJECT_SYM TEXT_STRING */ -#line 18014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.x509_subject.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SUBJECT")); lex->account_options.x509_subject= (yyvsp[0].lex_string_with_metadata); } -#line 51852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3537: /* require_list_element: ISSUER_SYM TEXT_STRING */ -#line 18021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.x509_issuer.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "ISSUER")); lex->account_options.x509_issuer= (yyvsp[0].lex_string_with_metadata); } -#line 51863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 51990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3538: /* require_list_element: CIPHER_SYM TEXT_STRING */ -#line 18028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.ssl_cipher.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "CIPHER")); lex->account_options.ssl_cipher= (yyvsp[0].lex_string_with_metadata); } -#line 51874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3539: /* grant_ident: '*' */ -#line 18038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING db; if (unlikely(Lex->copy_db_to(&db))) @@ -51883,411 +52010,411 @@ Lex_grant_object_name::STAR))) MYSQL_YYABORT; } -#line 51887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52014 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3540: /* grant_ident: ident '.' '*' */ -#line 18047 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name((yyvsp[-2].ident_sys), Lex_grant_object_name::IDENT_STAR))) MYSQL_YYABORT; } -#line 51897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3541: /* grant_ident: '*' '.' '*' */ -#line 18053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name( null_clex_str, Lex_grant_object_name::STAR_STAR))) MYSQL_YYABORT; } -#line 51908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3542: /* grant_ident: table_ident */ -#line 18060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name((yyvsp[0].table)))) MYSQL_YYABORT; } -#line 51917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3543: /* user_list: user */ -#line 18068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3544: /* user_list: user_list ',' user */ -#line 18073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3545: /* grant_list: grant_user */ -#line 18081 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3546: /* grant_list: grant_list ',' grant_user */ -#line 18086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3547: /* user_and_role_list: user_or_role */ -#line 18094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3548: /* user_and_role_list: user_and_role_list ',' user_or_role */ -#line 18099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3553: /* grant_user: user IDENTIFIED_SYM BY TEXT_STRING */ -#line 18110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-3].lex_user); (yyvsp[-3].lex_user)->auth= new (thd->mem_root) USER_AUTH(); (yyvsp[-3].lex_user)->auth->pwtext= (yyvsp[0].lex_string_with_metadata); } -#line 51981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3554: /* grant_user: user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING */ -#line 18116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-4].lex_user); (yyvsp[-4].lex_user)->auth= new (thd->mem_root) USER_AUTH(); (yyvsp[-4].lex_user)->auth->auth_str= (yyvsp[0].lex_string_with_metadata); } -#line 51991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3555: /* grant_user: user IDENTIFIED_SYM via_or_with auth_expression */ -#line 18122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-3].lex_user); (yyvsp[-3].lex_user)->auth= (yyvsp[0].user_auth); } -#line 52000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3556: /* grant_user: user_or_role */ -#line 18127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18149 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 52008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3557: /* auth_expression: auth_token OR_SYM auth_expression */ -#line 18134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18156 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[-2].user_auth); DBUG_ASSERT((yyval.user_auth)->next == NULL); (yyval.user_auth)->next= (yyvsp[0].user_auth); } -#line 52018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3558: /* auth_expression: auth_token */ -#line 18140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[0].user_auth); } -#line 52026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3559: /* auth_token: ident_or_text opt_auth_str */ -#line 18147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[0].user_auth); (yyval.user_auth)->plugin= (yyvsp[-1].lex_str); } -#line 52035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3560: /* opt_auth_str: %empty */ -#line 18155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; } -#line 52044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3561: /* opt_auth_str: using_or_as TEXT_STRING_sys */ -#line 18160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; (yyval.user_auth)->auth_str= (yyvsp[0].lex_str); } -#line 52054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3562: /* opt_auth_str: using_or_as PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 18166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); } -#line 52064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3564: /* opt_require_clause: REQUIRE_SYM require_list */ -#line 18176 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_SPECIFIED; } -#line 52072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3565: /* opt_require_clause: REQUIRE_SYM SSL_SYM */ -#line 18180 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_ANY; } -#line 52080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3566: /* opt_require_clause: REQUIRE_SYM X509_SYM */ -#line 18184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_X509; } -#line 52088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3567: /* opt_require_clause: REQUIRE_SYM NONE_SYM */ -#line 18188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_NONE; } -#line 52096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3568: /* resource_option: MAX_QUERIES_PER_HOUR ulong_num */ -#line 18195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.questions=(yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR; } -#line 52105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3569: /* resource_option: MAX_UPDATES_PER_HOUR ulong_num */ -#line 18200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.updates=(yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR; } -#line 52114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3570: /* resource_option: MAX_CONNECTIONS_PER_HOUR ulong_num */ -#line 18205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.conn_per_hour= (yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR; } -#line 52123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3571: /* resource_option: MAX_USER_CONNECTIONS_SYM int_num */ -#line 18210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.user_conn= (yyvsp[0].num); Lex->account_options.specified_limits|= USER_RESOURCES::USER_CONNECTIONS; } -#line 52132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52259 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3572: /* resource_option: MAX_STATEMENT_TIME_SYM NUM_literal */ -#line 18215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.max_statement_time= (yyvsp[0].item_num)->val_real(); Lex->account_options.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME; } -#line 52141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3573: /* resource_option_list: resource_option_list resource_option */ -#line 18222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52274 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3574: /* resource_option_list: resource_option */ -#line 18223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3575: /* opt_resource_options: %empty */ -#line 18227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3577: /* opt_grant_options: %empty */ -#line 18233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 52165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3578: /* opt_grant_options: WITH grant_option_list */ -#line 18234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= (yyvsp[0].privilege); } -#line 52171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3579: /* opt_grant_option: %empty */ -#line 18238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 52177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3580: /* opt_grant_option: WITH GRANT OPTION */ -#line 18239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18261 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL; } -#line 52183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3581: /* grant_option_list: grant_option_list grant_option */ -#line 18243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= (yyvsp[-1].privilege) | (yyvsp[0].privilege); } -#line 52189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3583: /* grant_option: GRANT OPTION */ -#line 18248 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL;} -#line 52195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3584: /* grant_option: resource_option */ -#line 18249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 52201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3585: /* $@253: %empty */ -#line 18254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command = SQLCOM_BEGIN; lex->start_transaction_opt= 0; } -#line 52211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3586: /* begin_stmt_mariadb: BEGIN_MARIADB_SYM $@253 opt_work */ -#line 18259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3587: /* compound_statement: sp_proc_stmt_compound_ok */ -#line 18264 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18286 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_COMPOUND; if (Lex->sp_body_finalize_procedure(thd)) MYSQL_YYABORT; } -#line 52227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3588: /* opt_not: %empty */ -#line 18272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 52233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3589: /* opt_not: not */ -#line 18273 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18295 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 52239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3590: /* opt_work: %empty */ -#line 18277 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18299 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3591: /* opt_work: WORK_SYM */ -#line 18278 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3592: /* opt_chain: %empty */ -#line 18283 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_UNKNOWN; } -#line 52257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3593: /* opt_chain: AND_SYM NO_SYM CHAIN_SYM */ -#line 18284 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_NO; } -#line 52263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3594: /* opt_chain: AND_SYM CHAIN_SYM */ -#line 18285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_YES; } -#line 52269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3595: /* opt_release: %empty */ -#line 18290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_UNKNOWN; } -#line 52275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3596: /* opt_release: RELEASE_SYM */ -#line 18291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_YES; } -#line 52281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3597: /* opt_release: NO_SYM RELEASE_SYM */ -#line 18292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_NO; } -#line 52287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3598: /* commit: COMMIT_SYM opt_work opt_chain opt_release */ -#line 18297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18319 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_COMMIT; @@ -52296,11 +52423,11 @@ lex->tx_chain= (yyvsp[-1].m_yes_no_unk); lex->tx_release= (yyvsp[0].m_yes_no_unk); } -#line 52300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3599: /* rollback: ROLLBACK_SYM opt_work opt_chain opt_release */ -#line 18309 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK; @@ -52309,145 +52436,145 @@ lex->tx_chain= (yyvsp[-1].m_yes_no_unk); lex->tx_release= (yyvsp[0].m_yes_no_unk); } -#line 52313 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3600: /* rollback: ROLLBACK_SYM opt_work TO_SYM SAVEPOINT_SYM ident */ -#line 18318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK_TO_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 52323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3601: /* rollback: ROLLBACK_SYM opt_work TO_SYM ident */ -#line 18324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK_TO_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 52333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3602: /* savepoint: SAVEPOINT_SYM ident */ -#line 18333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18355 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 52343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3603: /* release: RELEASE_SYM SAVEPOINT_SYM ident */ -#line 18342 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_RELEASE_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 52353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3604: /* unit_type_decl: UNION_SYM union_option */ -#line 18355 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18377 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= UNION_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 52359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3605: /* unit_type_decl: INTERSECT_SYM union_option */ -#line 18357 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= INTERSECT_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 52365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3606: /* unit_type_decl: EXCEPT_SYM union_option */ -#line 18359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= EXCEPT_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 52371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3607: /* union_option: %empty */ -#line 18366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18388 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1; } -#line 52377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3608: /* union_option: DISTINCT */ -#line 18367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1; } -#line 52383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3609: /* union_option: ALL */ -#line 18368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=0; } -#line 52389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3610: /* query_expression_option: STRAIGHT_JOIN */ -#line 18372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_STRAIGHT_JOIN; } -#line 52395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3611: /* query_expression_option: HIGH_PRIORITY */ -#line 18374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYPS->m_lock_type= TL_READ_HIGH_PRIORITY; YYPS->m_mdl_type= MDL_SHARED_READ; Select->options|= SELECT_HIGH_PRIORITY; } -#line 52405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3612: /* query_expression_option: DISTINCT */ -#line 18379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_DISTINCT; } -#line 52411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3613: /* query_expression_option: UNIQUE_SYM */ -#line 18380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18402 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_DISTINCT; } -#line 52417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3614: /* query_expression_option: SQL_SMALL_RESULT */ -#line 18381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18403 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_SMALL_RESULT; } -#line 52423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3615: /* query_expression_option: SQL_BIG_RESULT */ -#line 18382 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18404 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_BIG_RESULT; } -#line 52429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3616: /* query_expression_option: SQL_BUFFER_RESULT */ -#line 18383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_BUFFER_RESULT; } -#line 52435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3617: /* query_expression_option: SQL_CALC_FOUND_ROWS */ -#line 18384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_FOUND_ROWS; } -#line 52441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3618: /* query_expression_option: ALL */ -#line 18385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_ALL; } -#line 52447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3621: /* no_definer: %empty */ -#line 18401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* We have to distinguish missing DEFINER-clause from case when @@ -52458,175 +52585,175 @@ */ thd->lex->definer= 0; } -#line 52462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3622: /* definer: DEFINER_SYM '=' user_or_role */ -#line 18415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer= (yyvsp[0].lex_user); Lex->account_options.reset(); } -#line 52471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3623: /* view_algorithm: ALGORITHM_SYM '=' UNDEFINED_SYM */ -#line 18428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= DTYPE_ALGORITHM_UNDEFINED; } -#line 52477 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3624: /* view_algorithm: ALGORITHM_SYM '=' MERGE_SYM */ -#line 18429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_ALGORITHM_MERGE; } -#line 52483 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3625: /* view_algorithm: ALGORITHM_SYM '=' TEMPTABLE_SYM */ -#line 18430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_ALGORITHM_TMPTABLE; } -#line 52489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3626: /* opt_view_suid: %empty */ -#line 18434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18456 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_DEFAULT; } -#line 52495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3627: /* opt_view_suid: view_suid */ -#line 18435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= (yyvsp[0].view_suid); } -#line 52501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3628: /* view_suid: SQL_SYM SECURITY_SYM DEFINER_SYM */ -#line 18439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_DEFINER; } -#line 52507 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3629: /* view_suid: SQL_SYM SECURITY_SYM INVOKER_SYM */ -#line 18440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_INVOKER; } -#line 52513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3630: /* view_list_opt: %empty */ -#line 18445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18467 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52519 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3631: /* view_list_opt: '(' view_list ')' */ -#line 18446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3632: /* view_list: ident */ -#line 18451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->view_list.push_back((LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)), thd->mem_root); } -#line 52535 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3633: /* view_list: view_list ',' ident */ -#line 18457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->view_list.push_back((LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)), thd->mem_root); } -#line 52545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3634: /* $@254: %empty */ -#line 18465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18487 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->parsing_options.allows_variable= FALSE; lex->create_view->select.str= (char *) YYLIP->get_cpp_ptr(); } -#line 52555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3635: /* view_select: $@254 query_expression view_check_option */ -#line 18472 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18494 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->parsed_create_view((yyvsp[-1].select_lex_unit), (yyvsp[0].num))) MYSQL_YYABORT; } -#line 52564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3636: /* view_check_option: %empty */ -#line 18479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18501 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_NONE; } -#line 52570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3637: /* view_check_option: WITH CHECK_SYM OPTION */ -#line 18480 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_CASCADED; } -#line 52576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3638: /* view_check_option: WITH CASCADED CHECK_SYM OPTION */ -#line 18481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_CASCADED; } -#line 52582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3639: /* view_check_option: WITH LOCAL_SYM CHECK_SYM OPTION */ -#line 18482 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_LOCAL; } -#line 52588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3640: /* trigger_action_order: FOLLOWS_SYM */ -#line 18493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trigger_action_order_type)= TRG_ORDER_FOLLOWS; } -#line 52594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3641: /* trigger_action_order: PRECEDES_SYM */ -#line 18495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trigger_action_order_type)= TRG_ORDER_PRECEDES; } -#line 52600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3642: /* trigger_follows_precedes_clause: %empty */ -#line 18500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trg_execution_order).ordering_clause= TRG_ORDER_NONE; (yyval.trg_execution_order).anchor_trigger_name= null_clex_str; } -#line 52609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3643: /* trigger_follows_precedes_clause: trigger_action_order ident_or_text */ -#line 18506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trg_execution_order).ordering_clause= (yyvsp[-1].trigger_action_order_type); (yyval.trg_execution_order).anchor_trigger_name= (yyvsp[0].lex_str); } -#line 52618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3644: /* opt_on_update_cols: %empty */ -#line 18514 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.on_update_col_names= NULL; } -#line 52626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3645: /* opt_on_update_cols: OF_SYM on_update_cols */ -#line 18518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->trg_chistics.event != TRG_EVENT_UPDATE) { @@ -52634,11 +52761,11 @@ MYSQL_YYABORT; } } -#line 52638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3646: /* on_update_cols: ident */ -#line 18529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18551 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *col_names_list; LEX_CSTRING *col_name; @@ -52655,11 +52782,11 @@ Lex->trg_chistics.on_update_col_names= col_names_list; } -#line 52659 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3647: /* on_update_cols: on_update_cols ',' ident */ -#line 18546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING *col_name; @@ -52670,44 +52797,44 @@ (col_name, thd->mem_root))) MYSQL_YYABORT; } -#line 52674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3648: /* $@255: %empty */ -#line 18561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->add_create_options_with_check((yyvsp[0].object_ddl_options)))) MYSQL_YYABORT; } -#line 52683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3649: /* $@256: %empty */ -#line 18571 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $10 */ Lex->raw_trg_on_table_name_begin= YYLIP->get_tok_start(); } -#line 52691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3650: /* $@257: %empty */ -#line 18577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18599 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $14 */ Lex->raw_trg_on_table_name_end= YYLIP->get_tok_start(); } -#line 52699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3651: /* $@258: %empty */ -#line 18582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18604 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.ordering_clause_begin= YYLIP->get_cpp_ptr(); } -#line 52707 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3652: /* $@259: %empty */ -#line 18586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $19 */ LEX *lex= thd->lex; Lex_input_stream *lip= YYLIP; @@ -52728,11 +52855,11 @@ lex->sphead->set_body_start(thd, lip->get_cpp_tok_start()); } -#line 52732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52859 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3653: /* trigger_tail: remember_name opt_if_not_exists $@255 sp_name trg_action_time trg_event opt_on_update_cols ON remember_name $@256 table_ident FOR_SYM remember_name $@257 EACH_SYM ROW_SYM $@258 trigger_follows_precedes_clause $@259 sp_proc_stmt force_lookahead */ -#line 18607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $22 */ LEX *lex= Lex; @@ -52751,108 +52878,108 @@ MDL_SHARED_NO_WRITE)) MYSQL_YYABORT; } -#line 52755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3654: /* create_package_chistic: COMMENT_SYM TEXT_STRING_sys */ -#line 18636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.comment= (yyvsp[0].lex_str); } -#line 52761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3655: /* create_package_chistic: sp_suid */ -#line 18638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.suid= (yyvsp[0].sp_suid); } -#line 52767 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3656: /* create_package_chistics: create_package_chistic */ -#line 18642 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3657: /* create_package_chistics: create_package_chistics create_package_chistic */ -#line 18643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3658: /* opt_create_package_chistics: %empty */ -#line 18647 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18669 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3659: /* opt_create_package_chistics: create_package_chistics */ -#line 18648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3660: /* $@260: %empty */ -#line 18652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.init(); } -#line 52797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3662: /* xa: XA_SYM begin_or_start xid opt_join_or_resume */ -#line 18660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_START; } -#line 52805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3663: /* xa: XA_SYM END xid opt_suspend */ -#line 18664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18686 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_END; } -#line 52813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3664: /* xa: XA_SYM PREPARE_SYM xid */ -#line 18668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_PREPARE; } -#line 52821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3665: /* xa: XA_SYM COMMIT_SYM xid opt_one_phase */ -#line 18672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_COMMIT; } -#line 52829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3666: /* xa: XA_SYM ROLLBACK_SYM xid */ -#line 18676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_ROLLBACK; } -#line 52837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3667: /* xa: XA_SYM RECOVER_SYM opt_format_xid */ -#line 18680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_RECOVER; Lex->verbose= (yyvsp[0].num); } -#line 52846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3668: /* opt_format_xid: %empty */ -#line 18687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 52852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3669: /* opt_format_xid: FORMAT_SYM '=' ident_or_text */ -#line 18689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18711 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (lex_string_eq(&(yyvsp[0].lex_str), STRING_WITH_LEN("SQL"))) (yyval.num)= true; @@ -52865,33 +52992,33 @@ (yyval.num)= false; } } -#line 52869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 52996 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3670: /* xid: text_string */ -#line 18705 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[0].string)->length() <= MAXGTRIDSIZE); if (unlikely(!(Lex->xid= thd->alloc(1)))) MYSQL_YYABORT; Lex->xid->set(1L, (yyvsp[0].string)->ptr(), (yyvsp[0].string)->length(), 0, 0); } -#line 52880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3671: /* xid: text_string ',' text_string */ -#line 18712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].string)->length() <= MAXGTRIDSIZE && (yyvsp[0].string)->length() <= MAXBQUALSIZE); if (unlikely(!(Lex->xid= thd->alloc(1)))) MYSQL_YYABORT; Lex->xid->set(1L, (yyvsp[-2].string)->ptr(), (yyvsp[-2].string)->length(), (yyvsp[0].string)->ptr(), (yyvsp[0].string)->length()); } -#line 52891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3672: /* xid: text_string ',' text_string ',' ulong_num */ -#line 18719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].string)->length() <= MAXGTRIDSIZE && (yyvsp[-2].string)->length() <= MAXBQUALSIZE && @@ -52901,292 +53028,292 @@ MYSQL_YYABORT; Lex->xid->set((yyvsp[0].ulong_num), (yyvsp[-4].string)->ptr(), (yyvsp[-4].string)->length(), (yyvsp[-2].string)->ptr(), (yyvsp[-2].string)->length()); } -#line 52905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3673: /* begin_or_start: BEGIN_MARIADB_SYM */ -#line 18731 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18753 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3674: /* begin_or_start: BEGIN_ORACLE_SYM */ -#line 18732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3675: /* begin_or_start: START_SYM */ -#line 18733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3676: /* opt_join_or_resume: %empty */ -#line 18737 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 52929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3677: /* opt_join_or_resume: JOIN_SYM */ -#line 18738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_JOIN; } -#line 52935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3678: /* opt_join_or_resume: RESUME_SYM */ -#line 18739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_RESUME; } -#line 52941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3679: /* opt_one_phase: %empty */ -#line 18743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 52947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3680: /* opt_one_phase: ONE_SYM PHASE_SYM */ -#line 18744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_ONE_PHASE; } -#line 52953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3681: /* opt_suspend: %empty */ -#line 18749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18771 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 52959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3682: /* $@261: %empty */ -#line 18751 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_SUSPEND; } -#line 52965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3684: /* opt_migrate: %empty */ -#line 18756 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18778 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3685: /* opt_migrate: FOR_SYM MIGRATE_SYM */ -#line 18757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_FOR_MIGRATE; } -#line 52977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3686: /* install: INSTALL_SYM PLUGIN_SYM opt_if_not_exists ident SONAME_SYM TEXT_STRING_sys */ -#line 18762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_install_plugin((yyvsp[-3].object_ddl_options), (yyvsp[-2].ident_sys), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 52986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3687: /* install: INSTALL_SYM SONAME_SYM TEXT_STRING_sys */ -#line 18767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_install_plugin((yyvsp[0].lex_str)); } -#line 52994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3688: /* uninstall: UNINSTALL_SYM PLUGIN_SYM opt_if_exists ident */ -#line 18774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_uninstall_plugin_by_name((yyvsp[-1].object_ddl_options), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 53003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3689: /* uninstall: UNINSTALL_SYM SONAME_SYM opt_if_exists TEXT_STRING_sys */ -#line 18779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_uninstall_plugin_by_soname((yyvsp[-1].object_ddl_options), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 53012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3690: /* keep_gcc_happy: IMPOSSIBLE_ACTION */ -#line 18788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYERROR; } -#line 53020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3696: /* sp_tail_is: %empty */ -#line 18817 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18839 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 53026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3699: /* opt_trailing_sp_name: %empty */ -#line 18829 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18851 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spname)= NULL; } -#line 53032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3700: /* opt_package_routine_end_name: %empty */ -#line 18833 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18855 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 53038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3701: /* opt_package_routine_end_name: FORCE_LOOKAHEAD */ -#line 18834 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 53044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3704: /* $@262: %empty */ -#line 18847 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18869 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->init_last_field(&Lex->sphead->m_return_field_def, &empty_clex_str); } -#line 53053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3706: /* sf_return_type: field_type */ -#line 18856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18878 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sf_return_fill_definition((yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 53062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3707: /* sf_return_type: ROW_SYM row_type_body */ -#line 18861 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_row((yyvsp[0].spvar_definition_list))) MYSQL_YYABORT; } -#line 53071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3708: /* sf_return_type: ROW_SYM TYPE_SYM OF_SYM ident */ -#line 18866 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18888 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_rowtype_of( Qualified_column_ident(&(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3709: /* sf_return_type: ROW_SYM TYPE_SYM OF_SYM ident '.' ident */ -#line 18872 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18894 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_rowtype_of( Qualified_column_ident(&(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3710: /* sf_return_type: TYPE_SYM OF_SYM ident '.' ident */ -#line 18878 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18900 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_type_of( Qualified_column_ident(&(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3711: /* sf_return_type: TYPE_SYM OF_SYM ident '.' ident '.' ident */ -#line 18884 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18906 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_type_of( Qualified_column_ident(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3712: /* package_implementation_item_declaration: DECLARE_MARIADB_SYM sp_decl_variable_list ';' */ -#line 18892 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock)= (yyvsp[-1].spblock); } -#line 53117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3715: /* package_implementation_declare_section_list: package_implementation_declare_section_list1 package_implementation_declare_section_list2 */ -#line 18903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18925 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 53123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3717: /* package_implementation_executable_section: sp_proc_stmts END */ -#line 18912 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18934 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock_handlers).init(0); } -#line 53131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3746: /* row_field_name: ident */ -#line 18973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.spvar_definition)= Lex->row_field_name(thd, (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3747: /* $@263: %empty */ -#line 18981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-1].expr_lex)->sp_while_loop_expression(thd))) MYSQL_YYABORT; } -#line 53149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3748: /* while_body: expr_lex DO_SYM $@263 sp_proc_stmts1 END WHILE_SYM */ -#line 18986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_while_loop_finalize(thd))) MYSQL_YYABORT; } -#line 53158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3749: /* for_loop_statements: DO_SYM sp_proc_stmts1 END FOR_SYM */ -#line 18994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 53164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3750: /* sp_label: label_ident ':' */ -#line 18998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19020 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[-1].ident_sys); } -#line 53170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3752: /* sp_block_label: sp_label */ -#line 19007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->spcont->block_label_declare(&(yyvsp[0].lex_str)))) MYSQL_YYABORT; (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 53180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3753: /* sp_opt_default: _empty */ -#line 19015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.expr_and_query_str)= { nullptr, empty_clex_str}; } -#line 53186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53313 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3754: /* sp_opt_default: DEFAULT remember_cpp_ptr expr remember_end */ -#line 19017 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -53199,155 +53326,155 @@ (yyval.expr_and_query_str)= { (yyvsp[-1].item), expr_str }; } -#line 53203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3755: /* sp_decl_variable_list_anchored: sp_decl_idents_init_vars TYPE_SYM OF_SYM optionally_qualified_column_ident sp_opt_default */ -#line 19035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_variable_declarations_with_ref_finalize( thd, (yyvsp[-4].num), (yyvsp[-1].qualified_column_ident), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-4].num)); } -#line 53214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3756: /* sp_decl_variable_list_anchored: sp_decl_idents_init_vars ROW_SYM TYPE_SYM OF_SYM optionally_qualified_column_ident sp_opt_default */ -#line 19044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_variable_declarations_rowtype_finalize( thd, (yyvsp[-5].num), (yyvsp[-1].qualified_column_ident), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-5].num)); } -#line 53225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3757: /* sp_param_name_and_mode: sp_parameter_type sp_param_name */ -#line 19054 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].spvar)->mode= (yyvsp[-1].spvar_mode); (yyval.spvar)= (yyvsp[0].spvar); } -#line 53234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3759: /* sp_param_init_vars: sp_param_name_and_mode_init_vars field_type */ -#line 19063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_param_fill_definition((yyval.spvar)= (yyvsp[-1].spvar), (yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 53243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3760: /* sp_param_init_vars: sp_param_name_and_mode_init_vars ROW_SYM row_type_body */ -#line 19068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_row(thd, (yyval.spvar)= (yyvsp[-2].spvar), (yyvsp[0].spvar_definition_list)))) MYSQL_YYABORT; } -#line 53252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3762: /* sp_param_anchored: sp_param_name_and_mode_init_vars TYPE_SYM OF_SYM ident '.' ident */ -#line 19077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_type_reference(thd, (yyval.spvar)= (yyvsp[-5].spvar), (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3763: /* sp_param_anchored: sp_param_name_and_mode_init_vars TYPE_SYM OF_SYM ident '.' ident '.' ident */ -#line 19084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_type_reference(thd, (yyval.spvar)= (yyvsp[-7].spvar), (yyvsp[-4].ident_sys), (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3764: /* sp_param_anchored: sp_param_name_and_mode_init_vars ROW_SYM TYPE_SYM OF_SYM ident */ -#line 19090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_table_rowtype_reference(thd, (yyval.spvar)= (yyvsp[-4].spvar), (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3765: /* sp_param_anchored: sp_param_name_and_mode_init_vars ROW_SYM TYPE_SYM OF_SYM ident '.' ident */ -#line 19095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_table_rowtype_reference(thd, (yyval.spvar)= (yyvsp[-6].spvar), (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 53291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3766: /* $@264: %empty */ -#line 19104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19126 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; lex->sphead->set_c_chistics(lex->sp_chistics); lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 53301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3767: /* sf_c_chistics_and_body_standalone: sp_c_chistics $@264 sp_proc_stmt_in_returns_clause force_lookahead */ -#line 19110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_body_finalize_function(thd))) MYSQL_YYABORT; } -#line 53310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3768: /* $@265: %empty */ -#line 19118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Lex->make_sp_head_no_recursive(thd, (yyvsp[0].spname), &sp_handler_procedure, DEFAULT_AGGREGATE))) MYSQL_YYABORT; } -#line 53321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3769: /* $@266: %empty */ -#line 19126 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sphead->set_c_chistics(Lex->sp_chistics); Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 53330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3770: /* sp_tail_standalone: sp_name $@265 sp_parenthesized_pdparam_list sp_c_chistics $@266 sp_proc_stmt force_lookahead */ -#line 19131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_body_finalize_procedure(thd))) MYSQL_YYABORT; } -#line 53339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3771: /* sp_decls: _empty */ -#line 19140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).init(); } -#line 53347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3772: /* sp_decls: sp_decls sp_decl ';' */ -#line 19144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { // We check for declarations out of (standard) order this way // because letting the grammar rules reflect it caused tricky @@ -53356,17 +53483,17 @@ if (unlikely(Lex->sp_declarations_join(&(yyval.spblock), (yyvsp[-2].spblock), (yyvsp[-1].spblock)))) MYSQL_YYABORT; } -#line 53360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3773: /* sp_decl: DECLARE_MARIADB_SYM sp_decl_body */ -#line 19155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock)= (yyvsp[0].spblock); } -#line 53366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3775: /* sp_decl_body: sp_decl_ident CONDITION_SYM FOR_SYM sp_cond */ -#line 19162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->spcont->declare_condition(thd, Lex_ident_column((yyvsp[-3].ident_sys)), @@ -53375,19 +53502,19 @@ (yyval.spblock).vars= (yyval.spblock).hndlrs= (yyval.spblock).curs= 0; (yyval.spblock).conds= 1; } -#line 53379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3777: /* $@267: %empty */ -#line 19172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd); } -#line 53387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3778: /* sp_decl_body: sp_decl_ident CURSOR_SYM $@267 opt_parenthesized_cursor_formal_parameters FOR_SYM sp_cursor_stmt */ -#line 19177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_pcontext *param_ctx= Lex->spcont; if (unlikely(Lex->sp_block_finalize(thd))) @@ -53397,76 +53524,76 @@ (yyval.spblock).vars= (yyval.spblock).conds= (yyval.spblock).hndlrs= 0; (yyval.spblock).curs= 1; } -#line 53401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3796: /* $@268: %empty */ -#line 19228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd, &(yyvsp[-1].lex_str)); } -#line 53409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3797: /* sp_labeled_block: sp_block_label BEGIN_MARIADB_SYM $@268 sp_decls sp_proc_stmts END sp_opt_label */ -#line 19235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-3].spblock), &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 53418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3798: /* $@269: %empty */ -#line 19243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd); } -#line 53426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3799: /* sp_unlabeled_block: BEGIN_MARIADB_SYM $@269 sp_decls sp_proc_stmts END */ -#line 19249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-2].spblock)))) MYSQL_YYABORT; } -#line 53435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3800: /* $@270: %empty */ -#line 19257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19279 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->maybe_start_compound_statement(thd))) MYSQL_YYABORT; Lex->sp_block_init(thd); } -#line 53445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3801: /* sp_unlabeled_block_not_atomic: BEGIN_MARIADB_SYM not ATOMIC_SYM $@270 sp_decls sp_proc_stmts END */ -#line 19265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19287 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-2].spblock)))) MYSQL_YYABORT; } -#line 53454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3803: /* package_implementation_declare_section_list1: package_implementation_declare_section_list1 package_implementation_item_declaration */ -#line 19767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 53460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3805: /* package_implementation_declare_section_list2: package_implementation_declare_section_list2 package_implementation_routine_definition */ -#line 19774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 53466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3806: /* $@271: %empty */ -#line 19780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex->package_routine_start(thd, &sp_handler_package_function, (yyvsp[0].ident_sys)); @@ -53474,22 +53601,22 @@ MYSQL_YYABORT; thd->lex= lex; } -#line 53478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3807: /* package_specification_function: remember_lex ident $@271 sf_parameters sf_returned_type_clause sp_c_chistics */ -#line 19790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19812 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex)= thd->lex; sp_head *sp= thd->lex->sphead; sp->restore_thd_mem_root(thd); thd->lex= (yyvsp[-5].lex); } -#line 53489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3808: /* $@272: %empty */ -#line 19800 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex->package_routine_start(thd, &sp_handler_package_procedure, (yyvsp[0].ident_sys)); @@ -53497,22 +53624,22 @@ MYSQL_YYABORT; thd->lex= lex; } -#line 53501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3809: /* package_specification_procedure: remember_lex ident $@272 sp_parameters sp_c_chistics */ -#line 19809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex)= thd->lex; sp_head *sp= thd->lex->sphead; sp->restore_thd_mem_root(thd); thd->lex= (yyvsp[-4].lex); } -#line 53512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3810: /* package_implementation_routine_definition: FUNCTION_SYM package_specification_function package_implementation_function_body ';' */ -#line 19821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_implementation((yyvsp[-2].lex)))) @@ -53520,11 +53647,11 @@ pkg->m_current_routine= NULL; (yyval.spblock).init(); } -#line 53524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3811: /* package_implementation_routine_definition: PROCEDURE_SYM package_specification_procedure package_implementation_procedure_body ';' */ -#line 19830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_implementation((yyvsp[-2].lex)))) @@ -53532,17 +53659,17 @@ pkg->m_current_routine= NULL; (yyval.spblock).init(); } -#line 53536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3812: /* package_implementation_routine_definition: package_specification_element */ -#line 19837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).init(); } -#line 53542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3813: /* $@273: %empty */ -#line 19843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); sp_head *sp= pkg->m_current_routine->sphead; @@ -53551,22 +53678,22 @@ sp->set_c_chistics(thd->lex->sp_chistics); sp->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 53555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3814: /* package_implementation_function_body: sp_tail_is remember_lex $@273 sp_package_function_body opt_package_routine_end_name */ -#line 19852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19874 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->lex->sp_body_finalize_function(thd) || thd->lex->sphead->check_package_routine_end_name((yyvsp[0].lex_str)))) MYSQL_YYABORT; thd->lex= (yyvsp[-3].lex); } -#line 53566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3815: /* $@274: %empty */ -#line 19862 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19884 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); sp_head *sp= pkg->m_current_routine->sphead; @@ -53575,107 +53702,107 @@ sp->set_c_chistics(thd->lex->sp_chistics); sp->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 53579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3816: /* package_implementation_procedure_body: sp_tail_is remember_lex $@274 sp_package_procedure_body opt_package_routine_end_name */ -#line 19871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->lex->sp_body_finalize_procedure(thd) || thd->lex->sphead->check_package_routine_end_name((yyvsp[0].lex_str)))) MYSQL_YYABORT; thd->lex= (yyvsp[-3].lex); } -#line 53590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3821: /* package_specification_element: FUNCTION_SYM package_specification_function ';' */ -#line 19892 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_declaration((yyvsp[-1].lex)))) MYSQL_YYABORT; pkg->m_current_routine= NULL; } -#line 53601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3822: /* package_specification_element: PROCEDURE_SYM package_specification_procedure ';' */ -#line 19899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19921 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_declaration((yyvsp[-1].lex)))) MYSQL_YYABORT; pkg->m_current_routine= NULL; } -#line 53612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3823: /* $@275: %empty */ -#line 20019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_procedure_start((yyvsp[-3].object_ddl_options) | (yyvsp[0].object_ddl_options))) MYSQL_YYABORT; } -#line 53621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3824: /* create_routine: create_or_replace definer_opt PROCEDURE_SYM opt_if_not_exists $@275 sp_tail_standalone */ -#line 20024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_create_routine_finalize(); } -#line 53629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3825: /* $@276: %empty */ -#line 20029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_start((yyvsp[-5].object_ddl_options) | (yyvsp[-1].object_ddl_options), (yyvsp[-3].sp_aggregate_type), (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 53638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3826: /* create_routine: create_or_replace definer opt_aggregate FUNCTION_SYM opt_if_not_exists sp_name $@276 sf_parameters sf_returned_type_clause sf_c_chistics_and_body_standalone opt_trailing_sp_name */ -#line 20037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_finalize_standalone((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 53647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3827: /* $@277: %empty */ -#line 20043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_start((yyvsp[-5].object_ddl_options) | (yyvsp[-1].object_ddl_options), (yyvsp[-3].sp_aggregate_type), (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 53656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3828: /* create_routine: create_or_replace no_definer opt_aggregate FUNCTION_SYM opt_if_not_exists sp_name $@277 sf_parameters sf_returned_type_clause sf_c_chistics_and_body_standalone opt_trailing_sp_name */ -#line 20051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_finalize_standalone((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 53665 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3829: /* create_routine: create_or_replace no_definer opt_aggregate FUNCTION_SYM opt_if_not_exists ident RETURNS_SYM udf_type SONAME_SYM TEXT_STRING_sys */ -#line 20057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20079 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_udf_function((yyvsp[-9].object_ddl_options) | (yyvsp[-5].object_ddl_options), (yyvsp[-7].sp_aggregate_type), (yyvsp[-4].ident_sys), (Item_result) (yyvsp[-2].num), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 53675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3830: /* $@278: %empty */ -#line 20064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg; if (unlikely(!(pkg= Lex-> @@ -53685,20 +53812,20 @@ MYSQL_YYABORT; Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 53689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3831: /* create_routine: create_or_replace definer_opt sp_handler_package_spec opt_if_not_exists sp_name opt_create_package_chistics_init $@278 sp_tail_is opt_package_specification_element_list END remember_end_opt opt_trailing_sp_name */ -#line 20076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->create_package_finalize(thd, (yyvsp[-7].spname), (yyvsp[0].spname), (yyvsp[-1].simple_string)))) MYSQL_YYABORT; } -#line 53698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3832: /* $@279: %empty */ -#line 20082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg; if (unlikely(!(pkg= Lex-> @@ -53709,30 +53836,30 @@ Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); Lex->sp_block_init(thd); } -#line 53713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3833: /* $@280: %empty */ -#line 20095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].spblock).hndlrs+= (yyvsp[0].spblock_handlers).hndlrs; if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-1].spblock)))) MYSQL_YYABORT; } -#line 53723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; case 3834: /* create_routine: create_or_replace definer_opt sp_handler_package_body opt_if_not_exists sp_name opt_create_package_chistics_init $@279 sp_tail_is package_implementation_declare_section package_implementation_executable_section $@280 remember_end_opt opt_trailing_sp_name */ -#line 20101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->create_package_finalize(thd, (yyvsp[-8].spname), (yyvsp[0].spname), (yyvsp[-1].simple_string)))) MYSQL_YYABORT; } -#line 53732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53859 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" break; -#line 53736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" +#line 53863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_mariadb.cc" default: break; } diff -Nru mariadb-11.8.6/sql/yy_mariadb.hh mariadb-11.8.8/sql/yy_mariadb.hh --- mariadb-11.8.6/sql/yy_mariadb.hh 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/sql/yy_mariadb.hh 2026-05-24 09:58:35.000000000 +0000 @@ -842,11 +842,6 @@ ulonglong ulonglong_number; longlong longlong_number; uint sp_instr_addr; - /* - Longlong_hybrid does not have a default constructor, hence the - default value below. - */ - Longlong_hybrid longlong_hybrid_number= Longlong_hybrid(0, false); /* structs */ LEX_CSTRING lex_str; @@ -884,6 +879,11 @@ Lex_select_lock select_lock; Lex_select_limit select_limit; Lex_order_limit_lock *order_limit_lock; + struct + { + longlong num; + bool is_unsigned; + } longlong_hybrid_number; /* pointers */ Lex_ident_sys *ident_sys_ptr; diff -Nru mariadb-11.8.6/sql/yy_oracle.cc mariadb-11.8.8/sql/yy_oracle.cc --- mariadb-11.8.6/sql/yy_oracle.cc 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/sql/yy_oracle.cc 2026-05-24 09:58:35.000000000 +0000 @@ -2754,7 +2754,7 @@ /* YYFINAL -- State number of the termination state. */ #define YYFINAL 766 /* YYLAST -- Last index in YYTABLE. */ -#define YYLAST 109549 +#define YYLAST 109606 /* YYNTOKENS -- Number of terminals. */ #define YYNTOKENS 797 @@ -2763,7 +2763,7 @@ /* YYNRULES -- Number of rules. */ #define YYNRULES 3910 /* YYNSTATES -- Number of states. */ -#define YYNSTATES 6547 +#define YYNSTATES 6548 /* YYMAXUTOK -- Last valid token kind. */ #define YYMAXUTOK 1030 @@ -3046,242 +3046,242 @@ 10159, 10160, 10161, 10193, 10194, 10195, 10196, 10197, 10198, 10199, 10200, 10201, 10209, 10217, 10218, 10225, 10231, 10236, 10246, 10251, 10256, 10262, 10267, 10275, 10286, 10293, 10298, 10303, 10308, 10313, - 10319, 10325, 10335, 10336, 10337, 10338, 10346, 10347, 10356, 10357, - 10363, 10367, 10373, 10379, 10388, 10389, 10398, 10405, 10419, 10425, - 10433, 10442, 10451, 10458, 10464, 10470, 10476, 10491, 10502, 10508, - 10514, 10521, 10527, 10533, 10541, 10549, 10556, 10560, 10566, 10574, - 10584, 10585, 10589, 10593, 10600, 10604, 10624, 10631, 10637, 10644, - 10651, 10657, 10663, 10669, 10675, 10682, 10689, 10695, 10706, 10713, - 10719, 10726, 10732, 10737, 10742, 10748, 10754, 10759, 10766, 10773, - 10781, 10788, 10795, 10802, 10817, 10823, 10829, 10838, 10849, 10856, - 10862, 10870, 10876, 10882, 10888, 10894, 10902, 10914, 10934, 10933, - 11015, 11021, 11027, 11033, 11038, 11043, 11048, 11053, 11058, 11063, - 11083, 11085, 11090, 11091, 11095, 11096, 11100, 11101, 11105, 11112, - 11120, 11147, 11153, 11159, 11165, 11171, 11177, 11186, 11193, 11195, - 11192, 11202, 11213, 11219, 11225, 11231, 11237, 11243, 11249, 11255, - 11261, 11268, 11267, 11288, 11287, 11318, 11317, 11331, 11340, 11358, - 11360, 11362, 11377, 11384, 11391, 11398, 11405, 11412, 11419, 11426, - 11433, 11440, 11451, 11458, 11469, 11480, 11500, 11499, 11505, 11522, - 11528, 11537, 11546, 11556, 11555, 11567, 11582, 11595, 11600, 11608, - 11609, 11614, 11619, 11622, 11624, 11628, 11633, 11641, 11642, 11647, - 11654, 11664, 11663, 11680, 11682, 11689, 11696, 11703, 11707, 11708, - 11709, 11717, 11718, 11719, 11720, 11721, 11722, 11723, 11724, 11728, - 11729, 11730, 11731, 11738, 11739, 11743, 11748, 11756, 11757, 11761, - 11768, 11776, 11785, 11795, 11796, 11807, 11808, 11824, 11825, 11826, - 11833, 11837, 11842, 11843, 11849, 11848, 11877, 11876, 11892, 11901, - 11913, 11925, 11926, 11927, 11928, 11933, 11934, 11935, 11936, 11937, - 11941, 11942, 11947, 11951, 11955, 11963, 11970, 11978, 11984, 11977, - 12030, 12031, 12037, 12042, 12056, 12064, 12062, 12082, 12080, 12093, - 12105, 12103, 12123, 12122, 12134, 12147, 12145, 12166, 12165, 12178, - 12192, 12193, 12194, 12198, 12199, 12207, 12208, 12212, 12221, 12222, - 12223, 12228, 12229, 12233, 12234, 12238, 12239, 12243, 12244, 12252, - 12260, 12268, 12269, 12282, 12298, 12302, 12311, 12323, 12324, 12329, - 12333, 12334, 12335, 12339, 12340, 12345, 12344, 12350, 12349, 12357, - 12358, 12361, 12363, 12363, 12367, 12367, 12372, 12373, 12377, 12379, - 12384, 12385, 12389, 12400, 12414, 12415, 12416, 12417, 12418, 12419, - 12420, 12421, 12422, 12423, 12424, 12425, 12429, 12430, 12431, 12432, - 12433, 12434, 12435, 12436, 12437, 12441, 12442, 12443, 12444, 12447, - 12449, 12450, 12454, 12455, 12459, 12467, 12469, 12473, 12475, 12474, - 12486, 12489, 12488, 12506, 12508, 12512, 12517, 12525, 12526, 12543, - 12566, 12567, 12573, 12574, 12578, 12591, 12590, 12599, 12600, 12609, - 12610, 12614, 12615, 12619, 12620, 12634, 12635, 12639, 12649, 12658, - 12665, 12672, 12682, 12683, 12690, 12700, 12701, 12703, 12705, 12707, - 12709, 12718, 12722, 12723, 12727, 12741, 12742, 12748, 12747, 12758, - 12764, 12773, 12774, 12775, 12781, 12782, 12787, 12794, 12800, 12805, - 12816, 12826, 12837, 12844, 12852, 12862, 12863, 12867, 12868, 12872, - 12873, 12878, 12885, 12892, 12899, 12909, 12914, 12919, 12923, 12929, - 12935, 12944, 12952, 12956, 12963, 12964, 12968, 12973, 12978, 12991, - 12995, 12999, 13003, 13008, 13011, 13015, 13024, 13028, 13036, 13044, - 13055, 13057, 13061, 13062, 13066, 13067, 13068, 13069, 13070, 13071, - 13075, 13076, 13077, 13078, 13079, 13087, 13092, 13097, 13102, 13107, - 13123, 13129, 13135, 13141, 13147, 13153, 13169, 13175, 13181, 13187, - 13188, 13194, 13200, 13201, 13205, 13206, 13207, 13208, 13209, 13213, - 13214, 13215, 13216, 13217, 13221, 13226, 13227, 13231, 13232, 13236, - 13237, 13238, 13243, 13242, 13274, 13275, 13279, 13280, 13284, 13294, - 13294, 13306, 13307, 13310, 13330, 13340, 13345, 13353, 13359, 13371, - 13358, 13373, 13388, 13401, 13400, 13423, 13422, 13432, 13431, 13454, - 13460, 13464, 13469, 13468, 13477, 13482, 13488, 13495, 13493, 13504, - 13508, 13509, 13513, 13525, 13538, 13539, 13543, 13557, 13561, 13569, - 13573, 13580, 13581, 13589, 13596, 13588, 13609, 13616, 13608, 13627, - 13636, 13645, 13653, 13654, 13658, 13659, 13663, 13664, 13672, 13672, - 13675, 13675, 13688, 13689, 13691, 13690, 13703, 13709, 13711, 13715, - 13717, 13723, 13727, 13728, 13732, 13733, 13737, 13747, 13748, 13752, - 13753, 13757, 13758, 13762, 13763, 13768, 13767, 13784, 13783, 13799, - 13800, 13804, 13805, 13809, 13814, 13822, 13830, 13841, 13842, 13851, - 13852, 13861, 13863, 13865, 13863, 13875, 13887, 13894, 13904, 13931, - 13893, 13938, 13939, 13943, 13951, 13959, 13960, 13964, 13974, 13975, - 13982, 13981, 14001, 14004, 14011, 14013, 14012, 14028, 14058, 14071, - 14066, 14084, 14095, 14083, 14105, 14116, 14104, 14129, 14133, 14132, - 14167, 14168, 14172, 14173, 14177, 14178, 14179, 14184, 14195, 14183, - 14205, 14207, 14210, 14212, 14215, 14216, 14219, 14223, 14227, 14231, - 14235, 14239, 14243, 14247, 14251, 14259, 14262, 14272, 14271, 14290, - 14297, 14305, 14313, 14321, 14329, 14337, 14344, 14351, 14357, 14359, - 14361, 14370, 14374, 14379, 14378, 14385, 14384, 14391, 14400, 14407, - 14412, 14417, 14422, 14427, 14432, 14434, 14436, 14438, 14445, 14453, - 14455, 14463, 14470, 14477, 14484, 14490, 14495, 14503, 14511, 14519, - 14523, 14527, 14537, 14547, 14554, 14561, 14567, 14573, 14579, 14585, - 14591, 14597, 14604, 14609, 14616, 14623, 14630, 14637, 14644, 14651, - 14656, 14661, 14667, 14673, 14678, 14690, 14698, 14720, 14722, 14724, - 14729, 14730, 14733, 14735, 14739, 14740, 14744, 14745, 14749, 14750, - 14754, 14755, 14759, 14760, 14764, 14765, 14774, 14786, 14785, 14804, - 14803, 14813, 14814, 14815, 14816, 14817, 14818, 14822, 14823, 14827, - 14834, 14835, 14837, 14838, 14842, 14843, 14856, 14857, 14858, 14875, - 14874, 14902, 14901, 14913, 14912, 14924, 14929, 14930, 14943, 14946, - 14945, 14958, 14959, 14964, 14966, 14968, 14970, 14972, 14974, 14982, - 14984, 14986, 14988, 14993, 15000, 15002, 15004, 15012, 15014, 15016, - 15018, 15020, 15022, 15039, 15040, 15044, 15048, 15061, 15060, 15075, - 15085, 15086, 15089, 15091, 15092, 15096, 15112, 15113, 15118, 15117, - 15127, 15128, 15132, 15132, 15137, 15136, 15142, 15146, 15147, 15151, - 15152, 15159, 15164, 15163, 15178, 15177, 15194, 15195, 15196, 15200, - 15201, 15202, 15211, 15212, 15216, 15220, 15228, 15228, 15233, 15234, - 15243, 15255, 15269, 15280, 15293, 15254, 15304, 15305, 15309, 15310, - 15314, 15315, 15323, 15327, 15328, 15329, 15332, 15334, 15338, 15339, - 15343, 15348, 15355, 15360, 15367, 15369, 15373, 15374, 15378, 15383, - 15391, 15392, 15396, 15398, 15406, 15407, 15411, 15412, 15413, 15417, - 15419, 15424, 15425, 15440, 15441, 15445, 15446, 15450, 15463, 15468, - 15473, 15480, 15488, 15496, 15501, 15509, 15517, 15532, 15539, 15545, - 15555, 15556, 15564, 15565, 15566, 15567, 15581, 15587, 15593, 15599, - 15605, 15611, 15634, 15644, 15654, 15660, 15667, 15677, 15684, 15691, - 15702, 15701, 15726, 15727, 15732, 15733, 15737, 15741, 15765, 15768, - 15767, 15782, 15786, 15791, 15798, 15804, 15813, 15830, 15831, 15835, - 15840, 15848, 15853, 15861, 15866, 15871, 15876, 15882, 15887, 15895, - 15900, 15905, 15910, 15916, 15924, 15925, 15934, 15941, 15945, 15951, - 15957, 15967, 15973, 15982, 15992, 15993, 15997, 15998, 15999, 16003, - 16011, 16012, 16013, 16014, 16018, 16027, 16035, 16043, 16051, 16052, - 16060, 16061, 16065, 16066, 16071, 16080, 16081, 16089, 16090, 16098, - 16099, 16100, 16104, 16115, 16139, 16147, 16147, 16149, 16159, 16160, - 16161, 16162, 16163, 16164, 16165, 16166, 16167, 16168, 16169, 16170, - 16175, 16176, 16177, 16178, 16179, 16180, 16181, 16182, 16183, 16184, - 16185, 16186, 16187, 16189, 16194, 16195, 16196, 16197, 16198, 16199, - 16200, 16201, 16202, 16203, 16204, 16205, 16206, 16210, 16211, 16212, - 16213, 16214, 16215, 16216, 16217, 16218, 16219, 16220, 16221, 16222, - 16226, 16227, 16228, 16229, 16230, 16231, 16232, 16233, 16246, 16247, - 16248, 16249, 16250, 16251, 16252, 16253, 16254, 16255, 16256, 16257, - 16258, 16259, 16260, 16261, 16262, 16263, 16264, 16265, 16266, 16267, - 16268, 16269, 16270, 16271, 16272, 16273, 16274, 16275, 16276, 16277, - 16278, 16279, 16280, 16281, 16282, 16283, 16284, 16285, 16286, 16287, - 16288, 16289, 16290, 16291, 16292, 16293, 16294, 16295, 16296, 16297, - 16298, 16339, 16340, 16341, 16342, 16343, 16344, 16355, 16356, 16357, - 16358, 16359, 16360, 16361, 16362, 16363, 16364, 16368, 16369, 16370, - 16374, 16375, 16376, 16385, 16386, 16387, 16388, 16389, 16390, 16391, - 16392, 16393, 16394, 16395, 16396, 16397, 16398, 16399, 16400, 16401, - 16402, 16403, 16404, 16405, 16406, 16407, 16408, 16409, 16410, 16415, - 16420, 16421, 16422, 16423, 16424, 16425, 16426, 16427, 16428, 16429, - 16430, 16431, 16432, 16433, 16434, 16435, 16436, 16437, 16438, 16439, - 16440, 16441, 16442, 16443, 16444, 16445, 16446, 16447, 16448, 16449, - 16450, 16451, 16452, 16453, 16454, 16455, 16456, 16457, 16458, 16459, - 16460, 16461, 16462, 16463, 16468, 16469, 16470, 16471, 16472, 16473, - 16474, 16475, 16476, 16477, 16478, 16479, 16480, 16481, 16482, 16483, - 16484, 16485, 16486, 16487, 16488, 16489, 16490, 16491, 16492, 16493, - 16494, 16495, 16496, 16497, 16498, 16499, 16500, 16501, 16502, 16503, - 16504, 16505, 16506, 16507, 16508, 16509, 16510, 16511, 16512, 16513, - 16514, 16515, 16516, 16517, 16518, 16519, 16520, 16521, 16522, 16523, - 16524, 16525, 16526, 16527, 16528, 16529, 16530, 16531, 16532, 16533, - 16534, 16535, 16536, 16537, 16538, 16539, 16540, 16541, 16542, 16543, - 16544, 16545, 16546, 16547, 16548, 16549, 16550, 16551, 16552, 16553, - 16554, 16555, 16556, 16557, 16558, 16559, 16560, 16561, 16562, 16563, - 16564, 16565, 16566, 16567, 16568, 16569, 16570, 16571, 16572, 16573, - 16574, 16575, 16576, 16577, 16578, 16579, 16583, 16584, 16585, 16586, - 16587, 16588, 16589, 16590, 16591, 16592, 16593, 16594, 16595, 16596, - 16597, 16598, 16599, 16600, 16601, 16602, 16603, 16604, 16605, 16606, - 16607, 16608, 16609, 16610, 16611, 16612, 16613, 16614, 16615, 16616, - 16617, 16618, 16619, 16620, 16621, 16622, 16623, 16624, 16625, 16626, - 16627, 16628, 16629, 16630, 16631, 16632, 16633, 16634, 16635, 16636, - 16637, 16638, 16639, 16640, 16641, 16642, 16643, 16644, 16645, 16646, - 16647, 16648, 16649, 16650, 16651, 16652, 16653, 16654, 16655, 16656, - 16657, 16658, 16659, 16660, 16661, 16662, 16663, 16664, 16665, 16666, - 16667, 16668, 16669, 16670, 16671, 16672, 16673, 16674, 16675, 16676, - 16677, 16678, 16679, 16680, 16681, 16682, 16683, 16684, 16685, 16686, - 16687, 16688, 16689, 16690, 16691, 16692, 16693, 16694, 16695, 16696, - 16697, 16698, 16699, 16700, 16701, 16702, 16703, 16704, 16705, 16706, - 16707, 16711, 16712, 16713, 16714, 16715, 16716, 16717, 16718, 16719, - 16720, 16721, 16722, 16723, 16724, 16725, 16726, 16727, 16728, 16729, - 16730, 16731, 16732, 16736, 16737, 16743, 16744, 16745, 16746, 16747, - 16748, 16749, 16750, 16751, 16752, 16753, 16754, 16755, 16756, 16757, - 16758, 16762, 16763, 16764, 16765, 16769, 16770, 16771, 16772, 16773, - 16774, 16775, 16780, 16781, 16782, 16783, 16784, 16785, 16786, 16787, - 16788, 16789, 16790, 16791, 16792, 16793, 16794, 16795, 16796, 16797, - 16798, 16799, 16800, 16801, 16802, 16803, 16804, 16805, 16806, 16807, - 16808, 16809, 16810, 16811, 16812, 16813, 16814, 16815, 16816, 16817, - 16818, 16819, 16820, 16821, 16822, 16823, 16824, 16825, 16826, 16827, - 16828, 16829, 16830, 16831, 16832, 16833, 16834, 16835, 16836, 16837, - 16838, 16839, 16840, 16841, 16842, 16843, 16844, 16845, 16846, 16847, - 16848, 16849, 16850, 16851, 16852, 16853, 16854, 16855, 16856, 16857, - 16858, 16859, 16860, 16861, 16862, 16863, 16864, 16865, 16866, 16867, - 16868, 16869, 16870, 16871, 16872, 16873, 16874, 16875, 16876, 16877, - 16878, 16879, 16880, 16881, 16882, 16883, 16884, 16885, 16886, 16887, - 16888, 16889, 16890, 16891, 16892, 16893, 16894, 16895, 16896, 16897, - 16898, 16900, 16902, 16903, 16904, 16905, 16906, 16907, 16908, 16909, + 10321, 10329, 10341, 10342, 10343, 10344, 10352, 10353, 10362, 10363, + 10369, 10373, 10379, 10385, 10394, 10395, 10404, 10411, 10425, 10431, + 10439, 10448, 10457, 10464, 10470, 10476, 10482, 10497, 10508, 10514, + 10520, 10527, 10533, 10539, 10547, 10555, 10562, 10566, 10572, 10580, + 10590, 10591, 10595, 10599, 10606, 10610, 10630, 10637, 10643, 10650, + 10657, 10663, 10669, 10675, 10681, 10688, 10695, 10701, 10712, 10719, + 10725, 10732, 10738, 10743, 10748, 10754, 10760, 10765, 10772, 10779, + 10787, 10794, 10801, 10808, 10823, 10829, 10835, 10844, 10855, 10862, + 10868, 10876, 10882, 10888, 10894, 10900, 10908, 10920, 10940, 10939, + 11021, 11027, 11033, 11039, 11044, 11049, 11054, 11059, 11064, 11069, + 11089, 11091, 11096, 11097, 11101, 11102, 11106, 11107, 11111, 11118, + 11126, 11153, 11159, 11165, 11171, 11177, 11183, 11192, 11199, 11201, + 11198, 11208, 11219, 11225, 11231, 11237, 11243, 11249, 11255, 11261, + 11267, 11274, 11273, 11294, 11293, 11324, 11323, 11337, 11346, 11364, + 11366, 11368, 11383, 11390, 11397, 11404, 11411, 11418, 11425, 11432, + 11439, 11446, 11457, 11464, 11475, 11486, 11506, 11505, 11511, 11528, + 11534, 11543, 11552, 11562, 11561, 11573, 11588, 11601, 11606, 11614, + 11615, 11620, 11625, 11628, 11630, 11634, 11639, 11647, 11648, 11653, + 11660, 11670, 11669, 11686, 11688, 11695, 11702, 11709, 11713, 11714, + 11715, 11723, 11724, 11725, 11726, 11727, 11728, 11729, 11730, 11734, + 11735, 11736, 11737, 11744, 11745, 11749, 11754, 11762, 11763, 11767, + 11774, 11782, 11791, 11801, 11802, 11813, 11814, 11830, 11831, 11832, + 11839, 11843, 11848, 11849, 11855, 11854, 11883, 11882, 11898, 11907, + 11919, 11931, 11932, 11933, 11934, 11939, 11940, 11941, 11942, 11943, + 11947, 11948, 11953, 11957, 11961, 11969, 11976, 11984, 11990, 11983, + 12036, 12037, 12043, 12048, 12062, 12070, 12068, 12088, 12086, 12099, + 12111, 12109, 12129, 12128, 12140, 12153, 12151, 12172, 12171, 12184, + 12198, 12199, 12200, 12204, 12205, 12213, 12214, 12218, 12227, 12228, + 12229, 12234, 12235, 12239, 12240, 12244, 12245, 12249, 12250, 12258, + 12266, 12274, 12275, 12288, 12304, 12308, 12317, 12329, 12330, 12335, + 12339, 12340, 12341, 12345, 12346, 12351, 12350, 12356, 12355, 12363, + 12364, 12367, 12369, 12369, 12373, 12373, 12378, 12379, 12383, 12385, + 12390, 12391, 12395, 12406, 12420, 12421, 12422, 12423, 12424, 12425, + 12426, 12427, 12428, 12429, 12430, 12431, 12435, 12436, 12437, 12438, + 12439, 12440, 12441, 12442, 12443, 12447, 12448, 12449, 12450, 12453, + 12455, 12456, 12460, 12461, 12465, 12473, 12475, 12479, 12481, 12480, + 12492, 12495, 12494, 12512, 12514, 12518, 12523, 12531, 12532, 12549, + 12572, 12573, 12579, 12580, 12584, 12597, 12596, 12605, 12606, 12615, + 12616, 12620, 12621, 12625, 12626, 12640, 12641, 12645, 12655, 12664, + 12671, 12678, 12688, 12689, 12696, 12706, 12707, 12709, 12711, 12713, + 12715, 12724, 12728, 12729, 12733, 12747, 12748, 12754, 12753, 12765, + 12771, 12780, 12781, 12782, 12788, 12789, 12794, 12801, 12807, 12812, + 12823, 12833, 12844, 12851, 12859, 12869, 12870, 12874, 12875, 12879, + 12880, 12885, 12892, 12899, 12906, 12916, 12921, 12926, 12930, 12936, + 12942, 12951, 12959, 12963, 12970, 12971, 12975, 12980, 12985, 12998, + 13002, 13006, 13010, 13015, 13018, 13022, 13031, 13035, 13043, 13051, + 13062, 13064, 13068, 13069, 13073, 13074, 13075, 13076, 13077, 13078, + 13082, 13083, 13084, 13085, 13086, 13094, 13099, 13104, 13109, 13114, + 13130, 13136, 13142, 13148, 13154, 13160, 13179, 13185, 13191, 13197, + 13202, 13208, 13214, 13219, 13227, 13228, 13229, 13230, 13231, 13235, + 13236, 13237, 13238, 13239, 13243, 13248, 13249, 13253, 13254, 13258, + 13259, 13260, 13265, 13264, 13296, 13297, 13301, 13302, 13306, 13316, + 13316, 13328, 13329, 13332, 13352, 13362, 13367, 13375, 13381, 13393, + 13380, 13395, 13410, 13423, 13422, 13445, 13444, 13454, 13453, 13476, + 13482, 13486, 13491, 13490, 13499, 13504, 13510, 13517, 13515, 13526, + 13530, 13531, 13535, 13547, 13560, 13561, 13565, 13579, 13583, 13591, + 13595, 13602, 13603, 13611, 13618, 13610, 13631, 13638, 13630, 13649, + 13658, 13667, 13675, 13676, 13680, 13681, 13685, 13686, 13694, 13694, + 13697, 13697, 13710, 13711, 13713, 13712, 13725, 13731, 13733, 13737, + 13739, 13745, 13749, 13750, 13754, 13755, 13759, 13769, 13770, 13774, + 13775, 13779, 13780, 13784, 13785, 13790, 13789, 13806, 13805, 13821, + 13822, 13826, 13827, 13831, 13836, 13844, 13852, 13863, 13864, 13873, + 13874, 13883, 13885, 13887, 13885, 13897, 13909, 13916, 13926, 13953, + 13915, 13960, 13961, 13965, 13973, 13981, 13982, 13986, 13996, 13997, + 14004, 14003, 14023, 14026, 14033, 14035, 14034, 14050, 14080, 14093, + 14088, 14106, 14117, 14105, 14127, 14138, 14126, 14151, 14155, 14154, + 14189, 14190, 14194, 14195, 14199, 14200, 14201, 14206, 14217, 14205, + 14227, 14229, 14232, 14234, 14237, 14238, 14241, 14245, 14249, 14253, + 14257, 14261, 14265, 14269, 14273, 14281, 14284, 14294, 14293, 14312, + 14319, 14327, 14335, 14343, 14351, 14359, 14366, 14373, 14379, 14381, + 14383, 14392, 14396, 14401, 14400, 14407, 14406, 14413, 14422, 14429, + 14434, 14439, 14444, 14449, 14454, 14456, 14458, 14460, 14467, 14475, + 14477, 14485, 14492, 14499, 14506, 14512, 14517, 14525, 14533, 14541, + 14545, 14549, 14559, 14569, 14576, 14583, 14589, 14595, 14601, 14607, + 14613, 14619, 14626, 14631, 14638, 14645, 14652, 14659, 14666, 14673, + 14678, 14683, 14689, 14695, 14700, 14712, 14720, 14742, 14744, 14746, + 14751, 14752, 14755, 14757, 14761, 14762, 14766, 14767, 14771, 14772, + 14776, 14777, 14781, 14782, 14786, 14787, 14796, 14808, 14807, 14826, + 14825, 14835, 14836, 14837, 14838, 14839, 14840, 14844, 14845, 14849, + 14856, 14857, 14859, 14860, 14864, 14865, 14878, 14879, 14880, 14897, + 14896, 14924, 14923, 14935, 14934, 14946, 14951, 14952, 14965, 14968, + 14967, 14980, 14981, 14986, 14988, 14990, 14992, 14994, 14996, 15004, + 15006, 15008, 15010, 15015, 15022, 15024, 15026, 15034, 15036, 15038, + 15040, 15042, 15044, 15061, 15062, 15066, 15070, 15083, 15082, 15097, + 15107, 15108, 15111, 15113, 15114, 15118, 15134, 15135, 15140, 15139, + 15149, 15150, 15154, 15154, 15159, 15158, 15164, 15168, 15169, 15173, + 15174, 15181, 15186, 15185, 15200, 15199, 15216, 15217, 15218, 15222, + 15223, 15224, 15233, 15234, 15238, 15242, 15250, 15250, 15255, 15256, + 15265, 15277, 15291, 15302, 15315, 15276, 15326, 15327, 15331, 15332, + 15336, 15337, 15345, 15349, 15350, 15351, 15354, 15356, 15360, 15361, + 15365, 15370, 15377, 15382, 15389, 15391, 15395, 15396, 15400, 15405, + 15413, 15414, 15418, 15420, 15428, 15429, 15433, 15434, 15435, 15439, + 15441, 15446, 15447, 15462, 15463, 15467, 15468, 15472, 15485, 15490, + 15495, 15502, 15510, 15518, 15523, 15531, 15539, 15554, 15561, 15567, + 15577, 15578, 15586, 15587, 15588, 15589, 15603, 15609, 15615, 15621, + 15627, 15633, 15656, 15666, 15676, 15682, 15689, 15699, 15706, 15713, + 15724, 15723, 15748, 15749, 15754, 15755, 15759, 15763, 15787, 15790, + 15789, 15804, 15808, 15813, 15820, 15826, 15835, 15852, 15853, 15857, + 15862, 15870, 15875, 15883, 15888, 15893, 15898, 15904, 15909, 15917, + 15922, 15927, 15932, 15938, 15946, 15947, 15956, 15963, 15967, 15973, + 15979, 15989, 15995, 16004, 16014, 16015, 16019, 16020, 16021, 16025, + 16033, 16034, 16035, 16036, 16040, 16049, 16057, 16065, 16073, 16074, + 16082, 16083, 16087, 16088, 16093, 16102, 16103, 16111, 16112, 16120, + 16121, 16122, 16126, 16137, 16161, 16169, 16169, 16171, 16181, 16182, + 16183, 16184, 16185, 16186, 16187, 16188, 16189, 16190, 16191, 16192, + 16197, 16198, 16199, 16200, 16201, 16202, 16203, 16204, 16205, 16206, + 16207, 16208, 16209, 16211, 16216, 16217, 16218, 16219, 16220, 16221, + 16222, 16223, 16224, 16225, 16226, 16227, 16228, 16232, 16233, 16234, + 16235, 16236, 16237, 16238, 16239, 16240, 16241, 16242, 16243, 16244, + 16248, 16249, 16250, 16251, 16252, 16253, 16254, 16255, 16268, 16269, + 16270, 16271, 16272, 16273, 16274, 16275, 16276, 16277, 16278, 16279, + 16280, 16281, 16282, 16283, 16284, 16285, 16286, 16287, 16288, 16289, + 16290, 16291, 16292, 16293, 16294, 16295, 16296, 16297, 16298, 16299, + 16300, 16301, 16302, 16303, 16304, 16305, 16306, 16307, 16308, 16309, + 16310, 16311, 16312, 16313, 16314, 16315, 16316, 16317, 16318, 16319, + 16320, 16361, 16362, 16363, 16364, 16365, 16366, 16377, 16378, 16379, + 16380, 16381, 16382, 16383, 16384, 16385, 16386, 16390, 16391, 16392, + 16396, 16397, 16398, 16407, 16408, 16409, 16410, 16411, 16412, 16413, + 16414, 16415, 16416, 16417, 16418, 16419, 16420, 16421, 16422, 16423, + 16424, 16425, 16426, 16427, 16428, 16429, 16430, 16431, 16432, 16437, + 16442, 16443, 16444, 16445, 16446, 16447, 16448, 16449, 16450, 16451, + 16452, 16453, 16454, 16455, 16456, 16457, 16458, 16459, 16460, 16461, + 16462, 16463, 16464, 16465, 16466, 16467, 16468, 16469, 16470, 16471, + 16472, 16473, 16474, 16475, 16476, 16477, 16478, 16479, 16480, 16481, + 16482, 16483, 16484, 16485, 16490, 16491, 16492, 16493, 16494, 16495, + 16496, 16497, 16498, 16499, 16500, 16501, 16502, 16503, 16504, 16505, + 16506, 16507, 16508, 16509, 16510, 16511, 16512, 16513, 16514, 16515, + 16516, 16517, 16518, 16519, 16520, 16521, 16522, 16523, 16524, 16525, + 16526, 16527, 16528, 16529, 16530, 16531, 16532, 16533, 16534, 16535, + 16536, 16537, 16538, 16539, 16540, 16541, 16542, 16543, 16544, 16545, + 16546, 16547, 16548, 16549, 16550, 16551, 16552, 16553, 16554, 16555, + 16556, 16557, 16558, 16559, 16560, 16561, 16562, 16563, 16564, 16565, + 16566, 16567, 16568, 16569, 16570, 16571, 16572, 16573, 16574, 16575, + 16576, 16577, 16578, 16579, 16580, 16581, 16582, 16583, 16584, 16585, + 16586, 16587, 16588, 16589, 16590, 16591, 16592, 16593, 16594, 16595, + 16596, 16597, 16598, 16599, 16600, 16601, 16605, 16606, 16607, 16608, + 16609, 16610, 16611, 16612, 16613, 16614, 16615, 16616, 16617, 16618, + 16619, 16620, 16621, 16622, 16623, 16624, 16625, 16626, 16627, 16628, + 16629, 16630, 16631, 16632, 16633, 16634, 16635, 16636, 16637, 16638, + 16639, 16640, 16641, 16642, 16643, 16644, 16645, 16646, 16647, 16648, + 16649, 16650, 16651, 16652, 16653, 16654, 16655, 16656, 16657, 16658, + 16659, 16660, 16661, 16662, 16663, 16664, 16665, 16666, 16667, 16668, + 16669, 16670, 16671, 16672, 16673, 16674, 16675, 16676, 16677, 16678, + 16679, 16680, 16681, 16682, 16683, 16684, 16685, 16686, 16687, 16688, + 16689, 16690, 16691, 16692, 16693, 16694, 16695, 16696, 16697, 16698, + 16699, 16700, 16701, 16702, 16703, 16704, 16705, 16706, 16707, 16708, + 16709, 16710, 16711, 16712, 16713, 16714, 16715, 16716, 16717, 16718, + 16719, 16720, 16721, 16722, 16723, 16724, 16725, 16726, 16727, 16728, + 16729, 16733, 16734, 16735, 16736, 16737, 16738, 16739, 16740, 16741, + 16742, 16743, 16744, 16745, 16746, 16747, 16748, 16749, 16750, 16751, + 16752, 16753, 16754, 16758, 16759, 16765, 16766, 16767, 16768, 16769, + 16770, 16771, 16772, 16773, 16774, 16775, 16776, 16777, 16778, 16779, + 16780, 16784, 16785, 16786, 16787, 16791, 16792, 16793, 16794, 16795, + 16796, 16797, 16802, 16803, 16804, 16805, 16806, 16807, 16808, 16809, + 16810, 16811, 16812, 16813, 16814, 16815, 16816, 16817, 16818, 16819, + 16820, 16821, 16822, 16823, 16824, 16825, 16826, 16827, 16828, 16829, + 16830, 16831, 16832, 16833, 16834, 16835, 16836, 16837, 16838, 16839, + 16840, 16841, 16842, 16843, 16844, 16845, 16846, 16847, 16848, 16849, + 16850, 16851, 16852, 16853, 16854, 16855, 16856, 16857, 16858, 16859, + 16860, 16861, 16862, 16863, 16864, 16865, 16866, 16867, 16868, 16869, + 16870, 16871, 16872, 16873, 16874, 16875, 16876, 16877, 16878, 16879, + 16880, 16881, 16882, 16883, 16884, 16885, 16886, 16887, 16888, 16889, + 16890, 16891, 16892, 16893, 16894, 16895, 16896, 16897, 16898, 16899, + 16900, 16901, 16902, 16903, 16904, 16905, 16906, 16907, 16908, 16909, 16910, 16911, 16912, 16913, 16914, 16915, 16916, 16917, 16918, 16919, - 16920, 16921, 16922, 16923, 16924, 16925, 16926, 16927, 16928, 16929, - 16930, 16931, 16932, 16933, 16934, 16935, 16936, 16937, 16938, 16939, - 16940, 16941, 16942, 16943, 16944, 16945, 16946, 16947, 16948, 16949, - 16950, 16951, 16952, 16953, 16954, 16955, 16956, 16957, 16958, 16959, - 16960, 16961, 16962, 16963, 16964, 16965, 16966, 16967, 16968, 16969, - 16970, 16971, 16972, 16973, 16974, 16975, 16976, 16977, 16978, 16979, - 16980, 16981, 16982, 16983, 16984, 16985, 16986, 16987, 16988, 16989, - 16990, 16991, 16992, 16993, 16994, 16995, 16996, 16997, 16998, 16999, - 17000, 17001, 17002, 17003, 17004, 17005, 17006, 17007, 17008, 17009, - 17010, 17011, 17012, 17013, 17014, 17015, 17016, 17017, 17029, 17028, - 17041, 17042, 17044, 17043, 17055, 17054, 17061, 17059, 17079, 17080, - 17085, 17086, 17088, 17087, 17101, 17102, 17108, 17107, 17112, 17116, - 17117, 17118, 17122, 17123, 17124, 17125, 17129, 17130, 17131, 17132, - 17141, 17140, 17155, 17154, 17169, 17168, 17186, 17185, 17200, 17199, - 17214, 17213, 17230, 17229, 17244, 17243, 17258, 17257, 17271, 17270, - 17296, 17295, 17307, 17306, 17319, 17318, 17329, 17347, 17358, 17365, - 17371, 17393, 17409, 17421, 17420, 17435, 17434, 17446, 17445, 17459, - 17460, 17461, 17462, 17466, 17485, 17503, 17504, 17508, 17509, 17510, - 17511, 17516, 17521, 17526, 17537, 17550, 17556, 17563, 17564, 17565, - 17572, 17571, 17585, 17586, 17592, 17601, 17602, 17606, 17607, 17611, - 17630, 17631, 17632, 17637, 17638, 17643, 17642, 17660, 17659, 17671, - 17680, 17690, 17689, 17732, 17733, 17737, 17738, 17742, 17743, 17744, - 17745, 17747, 17746, 17759, 17760, 17761, 17762, 17763, 17769, 17774, - 17779, 17784, 17788, 17793, 17802, 17804, 17809, 17814, 17820, 17826, - 17831, 17843, 17844, 17848, 17849, 17853, 17858, 17866, 17875, 17896, - 17896, 17899, 17900, 17904, 17905, 17912, 17914, 17918, 17923, 17930, - 17934, 17943, 17950, 17951, 17952, 17953, 17957, 17958, 17959, 17960, - 17961, 17962, 17963, 17964, 17965, 17966, 17967, 17968, 17969, 17970, - 17971, 17972, 17973, 17974, 17975, 17976, 17977, 17978, 17979, 17980, - 17981, 17982, 17983, 17984, 17985, 17986, 17987, 17988, 17989, 17990, - 17991, 17992, 17993, 17994, 17995, 17996, 17997, 17998, 17999, 18003, - 18004, 18008, 18009, 18013, 18020, 18027, 18037, 18046, 18052, 18059, - 18067, 18072, 18080, 18085, 18093, 18098, 18105, 18105, 18106, 18106, - 18109, 18115, 18121, 18126, 18133, 18139, 18146, 18155, 18159, 18165, - 18173, 18175, 18179, 18183, 18187, 18194, 18199, 18204, 18209, 18214, - 18222, 18223, 18227, 18228, 18233, 18234, 18238, 18239, 18243, 18244, - 18248, 18249, 18254, 18253, 18263, 18272, 18273, 18277, 18278, 18283, - 18284, 18285, 18290, 18291, 18292, 18296, 18308, 18317, 18323, 18332, - 18341, 18354, 18356, 18358, 18366, 18367, 18368, 18372, 18373, 18379, - 18380, 18381, 18382, 18383, 18384, 18385, 18395, 18396, 18401, 18414, - 18428, 18429, 18430, 18434, 18435, 18439, 18440, 18445, 18446, 18450, - 18456, 18465, 18465, 18479, 18480, 18481, 18482, 18492, 18494, 18500, - 18505, 18514, 18517, 18528, 18545, 18561, 18571, 18577, 18582, 18586, - 18559, 18635, 18637, 18642, 18643, 18647, 18648, 18652, 18652, 18659, - 18663, 18667, 18671, 18675, 18679, 18687, 18688, 18704, 18711, 18718, - 18731, 18732, 18733, 18737, 18738, 18739, 18743, 18744, 18749, 18751, - 18750, 18756, 18757, 18761, 18766, 18773, 18778, 18787, 18793, 19278, - 19279, 19283, 19285, 19284, 19298, 19297, 19310, 19309, 19323, 19327, - 19331, 19335, 19340, 19339, 19349, 19354, 19359, 19365, 19371, 19377, - 19387, 19391, 19395, 19399, 19404, 19405, 19411, 19412, 19413, 19414, - 19415, 19416, 19417, 19418, 19422, 19423, 19424, 19425, 19426, 19427, - 19428, 19429, 19433, 19434, 19435, 19440, 19444, 19453, 19452, 19465, - 19471, 19475, 19485, 19486, 19499, 19515, 19516, 19520, 19521, 19522, - 19526, 19526, 19538, 19539, 19540, 19541, 19542, 19543, 19544, 19545, - 19549, 19550, 19558, 19559, 19565, 19564, 19582, 19581, 19601, 19600, - 19625, 19626, 19630, 19639, 19640, 19644, 19645, 19650, 19649, 19664, - 19672, 19673, 19677, 19678, 19683, 19684, 19689, 19690, 19694, 19695, - 19699, 19703, 19707, 19713, 19703, 19725, 19726, 19727, 19733, 19745, - 19757, 19764, 19765, 19771, 19772, 19780, 19779, 19800, 19799, 19819, - 19828, 19837, 19843, 19842, 19862, 19861, 19881, 19882, 19886, 19887, - 19891, 19898, 19911, 19920, 19932, 19940, 19945, 19950, 19954, 19959, - 19964, 19969, 19979, 19978, 19993, 20001, 19992, 20019, 20018, 20029, - 20027, 20043, 20041, 20055, 20064, 20062, 20082, 20095, 20080, 20111, - 20115, 20120, 20119, 20128, 20132, 20133, 20140, 20141, 20148, 20149, - 20153, 20154, 20163, 20176, 20175, 20190, 20202, 20203, 20204, 20205, - 20206, 20207, 20211, 20212, 20213, 20214, 20215, 20216, 20217, 20218, - 20219, 20220, 20221, 20225, 20226, 20227, 20228, 20235, 20233, 20249, - 20253, 20247, 20269, 20270, 20275, 20274, 20289, 20295, 20288, 20312, - 20310 + 16920, 16922, 16924, 16925, 16926, 16927, 16928, 16929, 16930, 16931, + 16932, 16933, 16934, 16935, 16936, 16937, 16938, 16939, 16940, 16941, + 16942, 16943, 16944, 16945, 16946, 16947, 16948, 16949, 16950, 16951, + 16952, 16953, 16954, 16955, 16956, 16957, 16958, 16959, 16960, 16961, + 16962, 16963, 16964, 16965, 16966, 16967, 16968, 16969, 16970, 16971, + 16972, 16973, 16974, 16975, 16976, 16977, 16978, 16979, 16980, 16981, + 16982, 16983, 16984, 16985, 16986, 16987, 16988, 16989, 16990, 16991, + 16992, 16993, 16994, 16995, 16996, 16997, 16998, 16999, 17000, 17001, + 17002, 17003, 17004, 17005, 17006, 17007, 17008, 17009, 17010, 17011, + 17012, 17013, 17014, 17015, 17016, 17017, 17018, 17019, 17020, 17021, + 17022, 17023, 17024, 17025, 17026, 17027, 17028, 17029, 17030, 17031, + 17032, 17033, 17034, 17035, 17036, 17037, 17038, 17039, 17051, 17050, + 17063, 17064, 17066, 17065, 17077, 17076, 17083, 17081, 17101, 17102, + 17107, 17108, 17110, 17109, 17123, 17124, 17130, 17129, 17134, 17138, + 17139, 17140, 17144, 17145, 17146, 17147, 17151, 17152, 17153, 17154, + 17163, 17162, 17177, 17176, 17191, 17190, 17208, 17207, 17222, 17221, + 17236, 17235, 17252, 17251, 17266, 17265, 17280, 17279, 17293, 17292, + 17318, 17317, 17329, 17328, 17341, 17340, 17351, 17369, 17380, 17387, + 17393, 17415, 17431, 17443, 17442, 17457, 17456, 17468, 17467, 17481, + 17482, 17483, 17484, 17488, 17507, 17525, 17526, 17530, 17531, 17532, + 17533, 17538, 17543, 17548, 17559, 17572, 17578, 17585, 17586, 17587, + 17594, 17593, 17607, 17608, 17614, 17623, 17624, 17628, 17629, 17633, + 17652, 17653, 17654, 17659, 17660, 17665, 17664, 17682, 17681, 17693, + 17702, 17712, 17711, 17754, 17755, 17759, 17760, 17764, 17765, 17766, + 17767, 17769, 17768, 17781, 17782, 17783, 17784, 17785, 17791, 17796, + 17801, 17806, 17810, 17815, 17824, 17826, 17831, 17836, 17842, 17848, + 17853, 17865, 17866, 17870, 17871, 17875, 17880, 17888, 17897, 17918, + 17918, 17921, 17922, 17926, 17927, 17934, 17936, 17940, 17945, 17952, + 17956, 17965, 17972, 17973, 17974, 17975, 17979, 17980, 17981, 17982, + 17983, 17984, 17985, 17986, 17987, 17988, 17989, 17990, 17991, 17992, + 17993, 17994, 17995, 17996, 17997, 17998, 17999, 18000, 18001, 18002, + 18003, 18004, 18005, 18006, 18007, 18008, 18009, 18010, 18011, 18012, + 18013, 18014, 18015, 18016, 18017, 18018, 18019, 18020, 18021, 18025, + 18026, 18030, 18031, 18035, 18042, 18049, 18059, 18068, 18074, 18081, + 18089, 18094, 18102, 18107, 18115, 18120, 18127, 18127, 18128, 18128, + 18131, 18137, 18143, 18148, 18155, 18161, 18168, 18177, 18181, 18187, + 18195, 18197, 18201, 18205, 18209, 18216, 18221, 18226, 18231, 18236, + 18244, 18245, 18249, 18250, 18255, 18256, 18260, 18261, 18265, 18266, + 18270, 18271, 18276, 18275, 18285, 18294, 18295, 18299, 18300, 18305, + 18306, 18307, 18312, 18313, 18314, 18318, 18330, 18339, 18345, 18354, + 18363, 18376, 18378, 18380, 18388, 18389, 18390, 18394, 18395, 18401, + 18402, 18403, 18404, 18405, 18406, 18407, 18417, 18418, 18423, 18436, + 18450, 18451, 18452, 18456, 18457, 18461, 18462, 18467, 18468, 18472, + 18478, 18487, 18487, 18501, 18502, 18503, 18504, 18514, 18516, 18522, + 18527, 18536, 18539, 18550, 18567, 18583, 18593, 18599, 18604, 18608, + 18581, 18657, 18659, 18664, 18665, 18669, 18670, 18674, 18674, 18681, + 18685, 18689, 18693, 18697, 18701, 18709, 18710, 18726, 18733, 18740, + 18753, 18754, 18755, 18759, 18760, 18761, 18765, 18766, 18771, 18773, + 18772, 18778, 18779, 18783, 18788, 18795, 18800, 18809, 18815, 19300, + 19301, 19305, 19307, 19306, 19320, 19319, 19332, 19331, 19345, 19349, + 19353, 19357, 19362, 19361, 19371, 19376, 19381, 19387, 19393, 19399, + 19409, 19413, 19417, 19421, 19426, 19427, 19433, 19434, 19435, 19436, + 19437, 19438, 19439, 19440, 19444, 19445, 19446, 19447, 19448, 19449, + 19450, 19451, 19455, 19456, 19457, 19462, 19466, 19475, 19474, 19487, + 19493, 19497, 19507, 19508, 19521, 19537, 19538, 19542, 19543, 19544, + 19548, 19548, 19560, 19561, 19562, 19563, 19564, 19565, 19566, 19567, + 19571, 19572, 19580, 19581, 19587, 19586, 19604, 19603, 19623, 19622, + 19647, 19648, 19652, 19661, 19662, 19666, 19667, 19672, 19671, 19686, + 19694, 19695, 19699, 19700, 19705, 19706, 19711, 19712, 19716, 19717, + 19721, 19725, 19729, 19735, 19725, 19747, 19748, 19749, 19755, 19767, + 19779, 19786, 19787, 19793, 19794, 19802, 19801, 19822, 19821, 19841, + 19850, 19859, 19865, 19864, 19884, 19883, 19903, 19904, 19908, 19909, + 19913, 19920, 19933, 19942, 19954, 19962, 19967, 19972, 19976, 19981, + 19986, 19991, 20001, 20000, 20015, 20023, 20014, 20041, 20040, 20051, + 20049, 20065, 20063, 20077, 20086, 20084, 20104, 20117, 20102, 20133, + 20137, 20142, 20141, 20150, 20154, 20155, 20162, 20163, 20170, 20171, + 20175, 20176, 20185, 20198, 20197, 20212, 20224, 20225, 20226, 20227, + 20228, 20229, 20233, 20234, 20235, 20236, 20237, 20238, 20239, 20240, + 20241, 20242, 20243, 20247, 20248, 20249, 20250, 20257, 20255, 20271, + 20275, 20269, 20291, 20292, 20297, 20296, 20311, 20317, 20310, 20334, + 20332 }; #endif @@ -3860,7 +3860,7 @@ } #endif -#define YYPACT_NINF (-5843) +#define YYPACT_NINF (-5756) #define yypact_value_is_default(Yyn) \ ((Yyn) == YYPACT_NINF) @@ -3874,661 +3874,661 @@ STATE-NUM. */ static const int yypact[] = { - 39815, -5843, -5843, 96888, -5843, -5843, 3022, 1849, 96888, -5843, - 971, -5843, 1450, -5843, -5843, -5843, -5843, -5843, 3268, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 735, 513, -5843, -5843, - -5843, 1217, -5843, -5843, -5843, -5843, 308, 82657, 1027, 107, - -5843, 86402, -5843, -5843, -5843, -5843, 86402, -5843, -5843, 96888, - -5843, -5843, 1580, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 204, -5843, 528, 591, -5843, -5843, -5843, - -5843, -5843, -5843, 1865, -5843, -5843, -5843, -5843, -5843, -5843, - 513, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 1399, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 1524, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 97637, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 445, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 2179, -5843, -5843, -5843, -5843, -5843, 424, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 1398, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 96888, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 1217, -5843, -5843, - -5843, 947, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 1399, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 96888, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 234, -5843, -5843, 259, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 1697, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 3429, -5843, -5843, 195, 2232, 2238, -5843, -5843, - 1660, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 4153, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 2495, -5843, -5843, -5843, -5843, 4245, - 1805, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 48082, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 195, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 250, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 1539, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 98386, 96888, 1632, - 1727, 96888, 2411, 83406, 2411, -5843, 77, -5843, -5843, 2235, - -5843, 1890, -5843, 513, 1775, 1909, 2406, 2695, 71, 2397, - 84155, 1255, 2411, -5843, 2688, -5843, 2411, 2439, 2411, -5843, - 2411, 2411, -5843, 2411, 2411, 2411, -5843, -5843, 1159,105876, - 71422, -5843, -5843, 80, 2609, -5843, -5843, -5843, -5843, -5843, - -5843, 6285, 513, 23642, 2702, -5843, -5843, 2256, 4820, 2028, - -5843, 2517, -5843, -5843, 96888, -5843, 2411, 6285, -5843, 2517, - 72171, 1997, 51838, 9458, 2517, 513, 2623, -5843, 2009, -5843, - -5843, -5843, -5843, -5843, -5843, 96888, -5843, 1399, -5843, -5843, - 2472, -5843, -5843, 83406, -5843, -5843, -5843, -5843, -5843, 2759, - 23642, 301, 2524, -5843, -5843, 2407, 48831, 83406, 2705, 2695, - 2723, -5843, 1832, 477, -5843, 2105, 2201, 2695, 1966, 2234, - 2695, 2610, 2411, 2411, -5843, -5843, 3001, 3001, 3001, 2432, - 3001, -5843, 3001, 2787, 2148, 521, -5843, -5843, 2149, 96888, - 2705, -5843, 2705, -5843, 2824, -5843, 2705, 2705, 2293, 2829, - 2884, 188, 3254, 1178, 1178, 2235, 43588, 1375, 2685, -5843, - 2787, 1897, 1332, 551, 551, 551, 1897, 195, 1897, -5843, - 2229, 1890, 3085, 96888, -5843, 2875, -5843, 2246, -5843, -5843, - -5843, 96888, 96888, 402, -5843, 2307, -5843, 2264, 1446, 73669, - -5843, 2971, -5843, -5843, -5843, -5843, -5843, -5843, 2800, 730, - 2434, 2658, 2358, -5843, 2847, 83406, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 96888, 2325, -5843, -5843, -5843, 3010, - 2406, -5843, 2840, -5843, -5843, -5843, -5843, 48831, -5843, -5843, - -5843,105876, -5843, -5843, -5843,105876, 450, 66928, -5843, 2352, - 2682, -5843, 2389, 475, 1457, -5843, -5843, 1491, 1517, 1723, - -5843, -5843, -5843, 1841, -5843, -5843, -5843,103629, 1891, 2393, - -5843, -5843, 3069, -5843, -5843, 87151, 608, 96888, 3061, -5843, - 96888, -5843, 96888, -5843, 83406, -5843, -5843, 96888, 2411, 2411, - -5843, -5843, 3055, -5843, 2631, 2582, 2573, 2464, 2777, -5843, - 2672, -5843, 2488, 2533, 2706, 2512, 2518, 2563, 190, -5843, - 2535, -5843, 1153, 2979, 116, 134, 2989, 148, 159, 3126, - 2997, 160, 172, 200, 2816, 379, -5843, -5843, -5843, -5843, - 3050, 3140, 2586, -5843, 2598, -5843, 3105, 2964, 311, -5843, - -5843, 161, 3032, 388, 48831,107296, 15495, 84904,107296,107296, - 107296, -5843, -5843, 319, 96888,106586, 96888, 8126, -5843, -5843, - 41341, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 96888, -5843, -5843, -5843, -5843, -5843, -5843, 1316, 1257, 7051, - -5843, 2604, -5843, -5843, -5843, -5843, -5843, 87900, -5843, 194, - 219, 3110, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 29842, 2615, 2616, 2622, 18992, 2638, 2639, - 2642, 2650, 2653, 2464, 2464, 2464, 2664, 2668, 2675, 2699, - 2711, 2712, 2715, -5843, 2728, 2733, 2738, 2750, 2751, 2790, - 24417, 2791, 2805, 2806, 2664, 37542, 2827, 2833, 2834, 2849, - 23642, 2664, 2850, 2864, -5843, 2865, 2870, 2873, 2881, 2886, - 2887, 2900, 2911, 3405, 2912, 2918, 2926, 2927, -5843, 2464, - 2664, 2664, 2933, 2934, 2464, 2937, 2938, 2948, 2949, 2959, - 2972, 2973, 2984, 2990, 2993, 3005, 3012, 247, 3014, 3025, - 3030, 3051, 3053, 3056, 3063, 2689, 3064, 3065, 3066, 2802, - 3070, 3074, 3075, 3077, 3078, 255, 3079, 3087, 304, 3089, - 3091, 3092, 3093, 3096, 3109, 3112, 30617, 31392, 29842, 16667, - -5843, 96888, 99135, -5843, -5843, 3407, 2194, 3374, 583, 29842, - -5843, -5843, -5843, 3403, -5843, 3466, -5843, -5843, -5843, -5843, - 3336, 3346, -5843, 3354, -5843, -5843, 3369, 2869, -5843, 3569, - -5843, -5843, -5843, -5843, -5843, 2836, -5843, 3122, 3626, 3627, - 3123, 3129, -5843, -5843, 511, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2975, 2874, - -5843, 3569, -5843, -5843, 78912, -5843, 5681, -5843, -5843, 2631, - 3162, 3592, -5843, 3729, -5843, 3689, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 1997, -5843, - -5843, 52598, 3639, -64, -5843, -5843, 174, -5843, 371, 401, - 65430, -5843, 201, 66179, 451, 88649, 1181, -5843, 74418, -5843, - 468, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 3113, -5843, 3228, 3454, 3132, 3588, 426, -5843, -5843, - 217, 97, 3227, 988, -5843, 1011, -5843, 426, -5843, 79661, - 1204, 1433, -5843, 1081, -5843, 3797, -5843, -5843, 3230, 3216, - 3247, -5843, 3549, -5843, 2695, -5843, 693, -5843, 1204, 426, - 1433, -5843, 3415, 3500, 1288, 3454, -5843, -66, -5843, -5843, - -5843, 3800, -5843, 3159, -5843, 3777, -5843, 96888, 350, 48831, - -5843, -5843, -5843, -5843, 3165, 48831, 48831, 197, 254, 3407, - 3168, 23642, -5843, -5843, 6839, -5843, 3372, 363, 883, -5843, - -5843, 528, 96888, -5843, -5843, 633, -5843, 3598, -5843, 3176, - -5843, 99884, 254, 3845, -5843, -5843, -5843, -8, 3576, -5843, - 3185, -5843, -5843, -5843, -5843, 48831, 96888, 2695, -5843, -5843, - -5843, -5843, 3186, -5843, -5843, 3414, 3280, -5843, 3229, -5843, - -5843, 158, -5843, -5843, 3991, -5843, 96888, -5843, 2705, -5843, - -5843, 2705, -5843, -5843, -5843, 2705, 2705, 2705, -5843, -5843, - 2705, 2705, 3257, -5843, 3542, 3544, 2847, -5843, 3226, 42839, - 96888, 4005, -5843, 3813, -5843, -5843, -5843, 3225, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 3814, 3992, 3992, -5843, - 53358, -5843, -5843, 3886, 2685, 144, 3736, 57158, 3883, 3972, - 59438, -5843, 1204, -5843, -5843, -5843, -5843, 1787, 96888, -5843, - 1787, 1787, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 195, -5843, -5843, 1775, 3909, 75167, - 96888, 1897, 1332, -5843, 3997, 3999, -5843, -5843, -5843, 2695, - 413, 3634, -5843, 96888, -5843, -5843, -5843, 2464, 4044, -5843, - -5843, -5843, -5843, -5843, 48831, 3461, 73669, 2411, -5843, -5843, - -5843, 730, -5843, 1137, 96888, 48831, 3300, -5843, 48831, 3262, - -5843, -5843, -5843, 3740, 23642, -5843, 3629, -5843, -5843, 48831, - 1182, -5843, -5843, -5843, 3906, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 3276, -5843, -5843, - -5843, 3276, 39, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 3279, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 3844, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 3279, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 202, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 3675, 2415, 2853, -5843, -5843, -5843, - -5843, -5843, -5843, 3675, -5843, 2853, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 3279, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 3283, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 3675, -5843, - 2853, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 3276, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 3276, -5843, -5843, 2853, 3276, - -5843, 3284, 3279, 3675, 1529, 1284, 3279, -5843, -5843, 3276, - 3285, 3276, 3276, 3276, 3276, -5843, 3276, 4062, 3286, 3279, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 86, 3276, 3276, - 3276, 3276, 3295, 212, -5843, 214, 215, 216, 218, 246, - 256, -5843, -5843, -5843, -5843, 3958, 96888, 3960, -5843, 3732, - 1891, 3297, 3313, -5843, 48831, 4036, 48831, 3321, -5843, 3987, - 2685, -5843, -5843, 3319, -5843, -5843, 4000, 96888, -5843, -5843, - 80410, -5843, 78912, 48831, 3325, -5843, -5843, 3948, 3483, -5843, - -5843, -5843, -5843, -5843, -5843, 3421, -5843, -5843, 3344, -5843, - -5843, -5843, -5843, 3801, -5843, 3488, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 78912, -5843, -5843, 3806, 3807, -5843, 73669, - 2416, 8454, 99135, -5843, 4004, -5843, -5843, -5843, 3800, -5843, - -5843, 25192, -5843, 25967, -5843, -5843, -5843, 3636, 683, 1535, - -5843, -5843, -5843, -5843, -5843, -5843, 4104, -5843, -5843, -5843, - -5843, -5843, -5843, 3837, 96888, 3589, 4038, 4028, -5843, -5843, - -5843, -5843, -5843, 3872, 3399, 4010, 3394, -5843, -5843, 292, - -5843, 3412, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 48831, 54118, -5843, -5843, -5843, 3400, -5843, -5843, - -5843, 3410, 29842, 29842, -5843, 4157, 4157, 4157, 23642, 3417, - 439, 3789, 23642, 23642, 23642, 586, 3426, -5843, -5843, -5843, - 349, -5843, 23642, 23642, 38297, 3433, 650, 5166, 23642, 4117, - 4117, -5843, 23642, 23642, 16667, 4648, 23642, 23642, 23642, -5843, - 99135, 38297, 3888, 3435, -5843, 3439, 2061, 23642, 2278, 23642, - -5843, -5843, 23642, 23642, 23642, 23642, 3442, 32167, 3448, 23642, - 23642, 3455, 3591, 4157, 4157, 2477, 432, -5843, -5843, -5843, - 4157, 4157, -5843, 23642, 23642, 17442, 23642, 23642, 2527, 23642, - 23642, 23642, 23642, 23642, 23642, -5843, 23642, 23642, 1906, 23642, - 23642, 48831, 23642, 23642, 4118, 48831, 23642, 23642, 4119, 23642, - 23642, 3459, 48831, 23642, -5843, 23642, 3115, 3115, -5843, 23642, - 17442, 23642, 3462, 39052, 23642, 23642, 23642, 24417, -5843, 24417, - -5843, -5843, 3464, 1995, 540, 195, 23642, 3458, -5843, -5843, - -5843, -5843, 23642, 23642, 23642, 32167, -5843, -5843, -5843, 2049, - -5843, -5843, -5843, 26742, 32167, 3471, 32167, 32167, 4095, 2945, - 32167, 32167, 32167, 32167, 32167, 32167, 32167, 32942, 33717, 32167, - 32167, 32167, 32167, -5843, 83406, 29842, 51078, 3479, 4130, -5843, - 81159, -5843, 1959, 1165, -5843, 2695, 4820, 35267, -5843, 3477, - -5843, 3981, 48831, -5843, 3481, 4146, 78912, 73669, 2416, 3496, - -5843, 1783, 520, -5843, 80410, 96888, -5843, -5843, -5843, 4202, - 23642, -5843, -5843, -5843, -5843, -5843, 3484, 529, 3486, -5843, - 1308, -5843, -5843, -5843, -5843, -5843, 96888, -5843, 89398, 54878, - 3590, 4156, 3512, 2705, 90147, 96888, 48831, 96888,100633, 96888, - 96888, 48831, 83406, 78912, 48831, -5843, -5843, -5843, 1177, 426, - 96888, 426, 1433, 1210, 426, 4143, -5843, -5843, 1611, 1611, - -5843, -5843, -5843, -5843, -5843, -5843, 426, 96888, 96888, 426, - 73669, -5843, 1433, 1481, -5843, 3803, 3593, -5843, -5843, -5843, - 3847, -5843, -5843, 4173, 3514, -5843, 3864, -5843, 3621, -5843, - -5843, 48831, -5843, -5843, 1433, -5843, 1433, 1433, 4190, 426, - 426, 426, -5843, 44337, 3530, 3533, -5843, 3541, -5843, 3546, - -5843, 4181, -5843, -5843, -5843, 3905, 4337, 4194, 3556, -5843, - -5843, 4134, 1075, -5843, 3986, -5843, 4108, -5843, 23642, 3407, - 19767, 3840, -5843, -5843, 3842, 3843, 3849, 3664, -5843, -5843, - -5843, -5843, 4002, 3853, -5843, 3666, 2695, 3856, -5843, -5843, - -5843, 3583, -5843, -5843, -5843, 55638, 287, -5843, -5843, 4261, - 3701, 23642, -5843, -5843, 48831, 4100, -5843, 2695, 1832, 96888, - -5843, -5843, 4340, -5843, 1949, 4262, -5843, -5843, 3713, 1966, - -5843, 4262, 1365, -5843, -5843, 3001, 3792, -5843, -5843, -5843, - 83406, -5843, -5843, -5843, -5843, -5843, -5843, 96888, -5843, 80410, - 73669, 83406, 2705, 2705, -5843, 48831, -5843, -5843, -5843, 96888, - 96888, 2705, 2705, 2705, 3648, -5843, 2821, 3614, 3615, 3618, - 3619, 2071, 3622, 45086, 2663, 6895, 4254, 4256, -5843, 4207, - 2400, 4207, -5843, -5843, 45086, 44337, 3632, 4005, -5843, -5843, - -5843, -5843, 83406, 3630, -5843, -5843, 3628, -5843, 23642, 4358, - 4290, 3886, -5843, -5843, 57918, 1651, 87900, -5843, -5843, -5843, - 3988, 4177, 1231, -5843, 3637, 3763, -5843, 141, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 4037, -5843, -5843, -5843, - -5843, -5843, -5843, 18217, -5843, -5843, -5843, -5843, -5843, 520, - 233, -5843, -5843, -5843, 1437, 4014, 2091, -5843, -5843, 83406, - 2091, -5843, 3649, 3954, -5843, 3955, 90, -5843, 48831, -5843, - -5843, -5843, -5843, -5843, 48831, 3658, -5843, 3851, 96888, 2325, - 23642, 4169, -5843, 3740, -5843, 3407, -5843, -5843, 6285, 4389, - 6297, 129, 3723, -5843, -5843, -5843, -5843, -5843, 48831, -5843, - -5843, 2204, 3674, 4137, 3716, -5843, -5843, -5843, 3675, 520, - 3675, -5843, -5843, 3921, 1148, -5843, -5843, -5843, 1148, -5843, - 1319, 3639, 75916, 3675, -5843, -5843, -5843, -5843, 4161, 2853, - 2776, 81908, 1913, -5843, -5843, -5843, -5843, 1148, 3001, -5843, - -5843, 3675, -5843, -5843, -5843, 3001, 1148, -5843, 4162, -5843, - -5843, -5843, 1148, 3675,105876, 1934, 2853, -5843, -5843, 2853, - 1148, 478, 96888, 4241, 1934, -5843, 2776, 4424, 2853, 3675, - 1148, 4450, -5843, 1148, -5843, -5843, 437, -5843, -5843, 1891, - -5843, -5843, -5843, 1133, 3774, -5843, 3321, 575, 96888, 4360, - 4266, -5843, -5843, 4284, 60936, -5843, -5843, 4288, 3703, -5843, - -5843, 3706, 472, 96888, 48831, 48831, 6285, -5843, -5843, 3711, - -5843, -5843, -5843, -5843, 4215, -5843, -5843, 78, -5843, 45835, - 45835, 1153, 2979, -5843, -5843, 2989, -5843, -5843, 2997, -5843, - 172, -5843, 2816, -5843, -5843, -5843, -5843, 2076, -5843, -5843, - -5843, 4181, 23642, 50329, 3407, -5843, -5843, 48831, -5843, 4359, - -5843, -5843,104378, 206, -5843, -5843, 386, 48831, -5843, -5843, - -5843, -5843, 4352, 3857, 96888, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 96888, 2325, -5843, 96888,105876, 6285, 6285, -5843, - 84155, -5843, 1703, 1783, -5843, 4467, 99135, 23642, -5843, 3724, - -5843, 3726, 3728, 3193, 4081, 23642, 23642, -5843, 2944, 944, - 226, -5843, 3730, 3745, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 3737, -5843, -5843, 934, 1472, 3739, -5843, -5843, - -5843, 3741, 195, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 4390, -5843, 614, -5843, -5843, -5843, 23642, - 1552, 1599, 1647, 3752, 447, 629, 1649, 3400, 2131, 3743, - 38297, 99135, 4157, 3750, 704, 4157, 3751, 1654, 1668, 1291, - 1390, 1482, -5843, 508, -5843, 1680, 1699, -5843, -5843, 3755, - 3757, 4157, 3761, -5843, 3762, 3765, 3766, 1724, 669, 3767, - -5843, -5843, 20542, 21317, 22092, 3652, 3768, -5843, -5843, 1734, - 1784, 4157, 3772, 1941, 1736, 1738, -5843, 2170, 1760, 1810, - 3773, 3168, 1963, 2267, -5843, -5843, -5843, -5843, 3756, 2379, - 2500, 3775, 3780, 2515, 2546, 48831, 3782, 3785, 2591, 48831, - 1812, 2671, -5843, 3787, 1879, 1496, 3790, 3791, 2684, 3786, - 1901, -5843, 99135, 96888, 3795, 3738, 1503, 3796, 2716, 4648, - 4648, -5843, 23642, 3798, 404, 99135, 2656, 1570, -5843, 3374, - -5843, -5843, -5843, -5843, 180, -5843, 3744, 3374, 3753, 3552, - 16667, -5843, 421, 528, 32167, 32167, 3764, 32167, 32167, 1653, - 632, 632, 3810, 3810, 492, 1378, 24417, 1653, 24417, 1653, - 3810, 3810, 3810, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 4368, 3808, 3809, 3812, 3815, -152, 3799, -5843, -5843, - -5843, -5843, -5843, -5843, 898, 4210, -5843, 3998, 1266, 23642, - -5843, 3823, 4564, 4567, 4568, -5843, -5843, -5843, -5843, 78912, - 78912, 3816, -5843, 1365, 4175, 4473, 80410, 4480, -5843, 3818, - 45835, 45835, -5843, 3819, -5843, 23642, 3820, 3821, 3822,102880, - -5843, 4484, 520, 76665, 3407, 78912, 356, -5843, 96888, 96888, - -5843, 88649, 4485, 1369, 4107, -5843, 3828, 3830, -5843, 520, - -5843, 3827, 1315, 532, -5843, 3835, 3846, -5843, -5843, -5843, - -5843, 23642, 3850, 96888, 96888, -5843, -5843, -5843, -5843, 96888, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2695, 23642, 96888, - 426, -5843, -5843, -5843, 426, 96888, 426, -5843, 2695, 4505, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 426, -5843, -5843, -5843, -5843, -5843, 4017, 1204, 3549, 4143, - 4262, 1433, 48831, 426, 426, 23642, -5843, -5843, -5843, -5843, - 4377, 3814, 19767, 3852, 3854, -5843, -5843, 6285, 96888, 99135, - 4585, -5843, -5843, -5843, 8349, -5843, 83406, 90896, 48831, -5843, - -5843, -5843, 503, -5843, -5843, -5843, -5843, -5843, 3407, 2524, - 2699, -5843, 3855, 3407, -5843, -5843, 4540, -5843, -5843, -5843, - -5843, -5843, 2695, -5843, -5843, -5843, 4426, -5843, 48831, 83406, - 35267, -5843, 3861, -5843, 3871, -5843, -5843,101382, -5843, 2695, - 3407, 48831, 1623, 386, -5843, 4596, -5843, -5843, 3969, -5843, - -5843, -5843, 3862, -5843, 4278, -5843, -5843, -5843, -5843, -5843, - -5843, 3866, -5843, 4521, -5843, 2409, 147, 96888, 130, 90, - -5843, 96888, 96888, 48831, -5843, 96888, 2705, -5843, -5843, 2705, - -5843, -5843, 48831, 96888, 96888, 2705, 23642, 45086, -5843, -5843, - -5843, -5843, -5843, 45086, -5843, 1615, -5843, 4075, 1548, 1548, - -5843, 3546, -5843, -5843, -5843, 4500, 4207, 4207, 45086, 4502, - 2789, -5843, 96888, 6207, 449, -5843, 53358, 96888, -5843, 3407, - 23642, -5843, 3903, 4290, -5843, 193, 1108, 141, -5843, 4151, - 386, -5843, -5843, 59438, 4220, 59438, 59438, 99135, 4111, 23642, - -5843, 4547, 3884, 23642, -5843, 29842, 2699, -5843, 3407, -5843, - -5843, -5843, 2409, 2695, -5843, 520, 520, 4112, 4408, 4409, - 4018, 2695, 4413, 4415, 4417, -5843, -5843, -5843, -5843, -5843, - 3811, 2815, 187, 1803, 73669, 4371, 1365, 4487, 3904, -5843, - 48831, 4566, -5843, -5843, -5843, 3907, 3908, 3407, -5843, -5843, - -5843, -5843, 7821, -5843, 3930, 3931, 3933, 3937, 3939, 3941, - 3942, 3944, 3945, 3949, 3957, 3962, 3963, 3964, 3965, 3966, - 3973, 3974, 3975, 3979, 3982, 3989, 3990, 3993, 3995, 133, - -5843, -5843, 3970, -5843, -5843, -5843, -5843, 96888, 4583, 3983, - 3978, 3985, 3996, 4001, -5843, -5843, 96888, -5843, 2223, 4433, - 4461, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 77414, -5843, 2263, -5843, -5843, - 2288, -5843, -5843, -5843, -5843, -5843, 2296, 70673, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 1934, 1934, 3976, 4008, - -5843, -5843, -5843, -5843, -5843, -5843, 4424, -5843, 3967, -5843, - 64681, -5843, -5843, -5843, -5843, 3153, -5843, 4349, -5843, 1548, - -5843, 4492, 60936, -5843, 44337, 4204, 4627, -5843, -5843, 4006, - 48831, 80410, 78912, -5843, -5843, -5843, -5843, 4009, 1703, 9064, - -5843, -5843, 4762, 73669, 4460, -5843, 4011, -5843, 4016, 4516, - 4517, -5843, 99135, -5843, -5843, -5843, 3407, -5843, -5843, 4015, - -5843, -5843, 4134, 3992, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4047, - 4304, 4421, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4667, - -5843, -5843, -5843, -5843, 2317, 294, -5843, -5843, -5843,107296, - 107296,107296, -5843, 4391, -5843,105127, 23642, -5843, 2004, -5843, - 23642, -5843, -5843, 23642, -5843, 3407, 4024,108035, 81908, -5843, - 81908,108035, 23642, -5843, 4034, -5843, 4672, 4674, -5843, -5843, - -5843, 23642, -5843, 23642, 23642, 2016, 23642, 23642, 23642, 23642, - -5843, 23642, -5843, 23642, 23642, -5843, 32167, -5843, 4032, 4040, - -5843, -5843, 4041, -5843, 23642, 23642, -5843, -5843, -5843, 23642, - 23642, 23642, -5843, -5843, 4042, -5843, -5843, -5843, -5843, 23642, - 23642, 23642, -5843, 23642, 3721, 23642, 3940, 23642, 4069, 23642, - -5843, 27517, -5843, 4045, -5843, -5843, 23642, 23642, -5843, 23642, - 23642, 23642, -5843, -5843, -5843, 23642, -5843, 4618, 23642, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 23642, -5843, 2066, - 28292, -5843, 23642, 23642, 23642, -5843, -5843, 23642, 4039, 4049, - -5843, 96888, 2643, 4099, 386, 4052, -5843, -5843, 4059, 4066, - 3168, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 650, 32167, - 1501, 32167, 528, 3607, 16667, -5843, 1262, 528, 4648, 4648, - 96888, 4768, 4058, -5843, 23642, 23642, 17442, 23642, 99135, 23642, - 4060, 4061, -5843, 4063, 32167, -5843, -5843, 4065, -5843, 2247, - 4099, 4152, 4508, -5843, 3407, 35267, 4573, -5843, 48831, 4575, - 4613, 4276, -5843, 78912, 73669, 4737, 4738, -5843, 3407, -5843, - 4071, -5843, -5843, -5843, 4074, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 574, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 78912, -5843, -5843, -5843, -5843, -5843, 520, - -5843, 4083, 4084, -5843, -5843, 520, 520, -5843, -5843, 40578, - -5843, -5843, 1192, 4380, 4645, -5843, -5843, 96888, 1308, 96888, - -5843, 54878, 54878, 91645, 3407, 930, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4103, -5843, -5843, - -5843, 4853, -5843, -5843, 4505, -5843, 2685, 1433, -5843, -5843, - 3407, 39052, 2312, -5843, -5843, -5843, 19767, 9651, -5843, 2354, - 4096, -5843, 48831, 4090, 4563, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 4101, -5843, -5843, 19767, 4116, - -5843, 4262, -5843, 4009, 407, -5843, -5843, 56398, 56398, 1833, - 336, 355, 1532, 2685, -5843, -5843, 341, -5843, -5843, -5843, - -5843, -5843, -5843, 1455, -5843, -5843, 4262, -5843, 1949, 2695, - 4148, 244, 386, 4341, -5843, -5843, 2409, 1090, 1090, 4687, - 147, 4556, -5843, 4371, 4771, 4697, 4699, -5843, 3811, -5843, - -5843, -5843, 96888, -5843, 1880, -5843, -5843, -5843, 826, -5843, - 48831, 2017, 3813, 3813, -5843, 1548, 314, -5843, 32167, 4855, - -5843, 4620, -5843, -5843, 45086, 4748, 4752, -5843, 45086, -5843, - -5843, 2398, -5843, -5843, 78163, -5843, -5843, -5843, 3407, 302, - 2413, 23642, 96888, -5843, 3903, 4192, -5843, -5843, 1108, -5843, - -5843, -5843, -5843, 59438, -5843, -5843, -5843, 1651, 4122, 2413, - 144, 4127, 3407, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 76665, 78163, -5843, 4507, 4509, 1839, -5843, -5843, -5843, -5843, - 2221, 520, 520, -5843, 232, 520, -5843, -5843, 1116, -5843, - -5843, 1307, 458, 3811, -5843, 2695, 2695, 2695, 2695, 384, - 2695, 2695, 2412, -5843, 2695, 273, -5843, -5843, 83406, -5843, - 4889, 4892, -5843, 4893, -5843, -5843, 373, -5843, 3671, 182, - -5843, 122, -5843, 4684, 96888, 4873, 3904, -5843, 442, 2325, - -5843, 23642, -5843, 4644, 4141, 4142, 386, 4145, 386, 386, - 2695, 2695, 4103, 2695, 386, 2695, 2695, 2695, 2695, 2695, - 2695, 2695, 386, 2695, 1540, 3758, 403, 2695, 386, 6297, - -5843, -5843, 2440, 2217, 67677, -5843, -5843, -5843, -5843, -5843, - -5843,105876, -5843, -5843, -5843, -5843, -5843, -5843, 4901, -5843, - -5843, -5843, -5843, -5843, 2776, 3001, 2776, -5843,105876, -5843, - -5843, 3279, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 23642, 23642, -5843, -5843, 96888, 4904, -5843, -5843, -5843, - -5843, 3977, -5843, -5843, -5843, 4470, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 3814, 1525, -5843, -5843, 44337, 584, 2685, - -5843, 58678, 4690, 4163, -5843, 1365, -5843, -5843, 1947, 4759, - -5843, 4149, -5843, -5843, 486, 4351, 4164, 61685, 73669, 73669, - -5843, 2819, -5843, 48831, -5843, 4801, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 96888, 2325, 3948, -5843, - -5843, -5843, -5843, -5843, 4590,107296, 4154, 3407, 23642, 3407, - 3407, 23642, 3276, 3276, 3279, 3295, -5843, 4854, -5843, 4796, - 3276, 3276, -5843, 3276, 4797, 3276, 3276, -5843, 4166, -5843, - -5843, 4168, 4170, 4171, 3168, -5843, 23642, 23642, 2742, 123, - 123, 23642, 2087, 2120, 1596, -5843, 2748, 2753, 2763, 1431, - 99135, -5843, -5843, 2773, 2798, 2825, 2831, 2841, -5843, 2187, - 3334, 2219, 3407, 23642, 3407, 23642, 3407, 23642, 3407, 24417, - 2844, -5843, 2441, 4043, -5843, 2447, 4056, 2854, 2857, 2456, - 2669, 2856, 2462, 24417, 2888, 2898, 2245, 2385, 2902, 99135, - 96888, 4167, 4165, 4165, 531, -5843, 4176, -5843, -5843, -5843, - 4178, -5843, 23642, 23642, 4179, 3374, -5843, 23642, 528, 32167, - 1606, 32167, -5843, -5843, 4368, -5843, 23642, -5843, 4755, 4182, - 4160, 4183, 4184, 3652, 4185, 4186, 4187, 4189, 3407, -5843, - -5843, 96888, 4191, 583, -5843, 4103, -5843, 4811, -5843, 4905, - 4193, 4208, 4195, 4065, -5843, 78912, -5843, 48831, -5843, 4858, - 3706, -5843, 73669, 73669, -5843, 85653, -5843, 60187, 96888, 96888, - -5843, 23642, -5843, -5843, 356, 4951, 4956, -5843, -5843, -5843, - -5843, 905, 4756, -5843, -5843, -5843, -5843, -5843, 520, -5843, - 520, -5843, 3846, -5843, -5843, -5843, -5843, 3784, -5843, 1204, - -5843, -5843, -5843, 426, 4197, -5843, 520, 1261, -5843, 19767, - 4201, 4203, -5843, 4814, -5843, 650, 345, -5843, 3814, -5843, - 4680, -5843, -5843, 4209, 92394, -5843, 4211, -5843, -5843, 4765, - -5843, -5843, 4224, 4214, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 1204, 4260, 4444, -5843, -5843, -5843, -5843, -5843, 3776, - -5843, 4310, 4311, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 48831, 4805, 73669, 182, 4598, 48831, 48831, 7171, - 7948, 3811, 4223, 96888, -5843, 557, 2695, -5843, -5843, 1880, - -5843, 557, 3904, 4225, 631, 4225, -5843, -5843, -5843, -5843, - 583, 1548, 1548, 3478, 4714, 45086, 45086, 4604, 4717, 23642, - 4230, -5843, 96888, -5843, -5843, 4638, -5843, -5843, 23642, -5843, - -5843, -5843, -5843, -5843, 4968, 4233, -5843, -5843, -5843, -5843, - -5843, -5843, 23642, -5843, 57918, 23642, 4236, 4235, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 1148, 2079, 2123, -5843, -5843, - 2123, 2079, -5843, -5843, -5843, -5843, 2066, 2066, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2815, - -5843, -5843, 4996, 1325, -5843, 4819, -5843, -5843, -5843, -5843, - 970, 386, 386, 386, 3758, 2177, -5843, 3671, 2047, 4579, - -5843, 6860, 528, 266, 4742, 2195, -5843, 2490, -5843, 4979, - -5843, 324, -5843, -5843, 3407, -5843, 329, 465, -5843, 466, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 96888, -5843, - 4821, -5843, -5843, -5843, 4708, 3285, 257, -5843, -5843, -5843, - -5843, 2493, 69924, 4249, -5843, -5843, -5843, -5843, 4241, 3407, - 3407, -5843, -5843, 64681, -5843, -5843, -5843, -5843, 1568, 2685, - 398, 96888, 4597, 4790, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 23642, -5843, 4914, -5843, -5843, -5843, -5843, 90, 90, - -5843, -5843, -5843, -5843, 345, -5843, -5843, 4801, 4541, -5843, - 1427, 23642, -5843, -5843, -5843, -5843, -5843, -5843, 96888, 1596, - 3407, -5843, 2776, -5843, -5843, 3276, -5843, 2776, -5843, -5843, - -5843, -5843, -5843, -5843, 2776, -5843, -5843, -5843, -5843, 4257, - 4648, 4648, -5843, 4983, 4792, 4882, 2908, 23642, 23642, -5843, - 23642, -5843, -5843, -5843, 1317, 4263, 4735, -5843, -5843, -5843, - -5843, -5843, -5843, 23642, 23642, 23642, 3407, 3407, 3407, 4648, - -5843, -5843, 3667, -5843, -5843,108035, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 403, 4648, -5843, -5843, - 23642, 23642, -5843, -5843, -5843, 96888, 4099, 4267, 4549, -5843, - -5843, -5843, 4099, 4411, -5843, -5843, 4099, 386, -5843, -5843, - -5843, 2507, 3374, -5843, 23642, 528, 4848, 4270, 4997, 4275, - -5843, -5843, -5843, -5843, -5843, -5843, 23642, 85653, -5843, 4277, - 4281, -5843, -5843, -5843, 4722, 23642, 4899, 4856, -5843, 4099, - 96888, -5843, -5843, -5843, 73669, 3818, 3818, 93143, -5843, -5843, - -5843, -5843, 1852, 520, 520, -5843, 3407, -5843, -5843, 4286, - 4287, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 1204, -5843, 39052, 2685, - 22867, -5843, -5843, -5843, 19767, -5843, 4289, 39052, 4761, -5843, - -5843, -5843, 4690, 383, -5843, -5843, -5843, 4680, -5843, 93892, - -5843, 4291, -5843, 4292, -5843, 1967, 4630, 4910, 4159, 56398, - 4297, -5843, -5843, -5843, 4315, 4317, 4318, -5843, 4301, -5843, - -5843, -5843, 48831, -5843, -5843, 4328, -5843, -5843, 42090, 4926, - 4345, 4673, 48831, 520, 520, 520, 520, 520, 520, 520, - 520, 520, 520, 4676, 520, 520, 520, 520, 520, 520, - 520, 520, -5843, 520, 520, 1059, 96888, 520, 520, -5843, - -5843, -5843, 4881, -5843, 4357, -5843, 520, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 1327, - 4897, -5843, -5843, 362, -5843, -5843,108783, 5049, 4316, -5843, - 4860, -5843, -5843, -5843, -5843, -5843, -5843, 4429, 4860, 3904, - 2796, -5843, -5843, -5843, 4804, -5843, -5843, -5843, 4812, 3407, - 96888, -5843, -5843, 2254, 4941, 2413, 4325, 96888, 2413, 1108, - 141, 3407, -5843, -5843, -5843, 3961, 3971, -5843, 3137, 2717, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 560, -5843, 83406, -5843, -5843, -5843, -5843, -5843, 5084, 5085, - -5843, -5843, -5843, -5843, 4523, 323, 4530, 1786, 4900, 4734, - 4906, 2282, 3167, 520, 4907, 5058, -5843, 555, 520, 4909, - 4972, 4420, 4977, 4920, -5843, 4427, 4734, 4922, 4545, 4924, - 4925, 4929, -5843, -5843, 7948, -5843, -5843, -5843, -5843, 105, - 46584, -5843, -5843, -5843, -5843, -5843, 4537, 23642, 23642, 4946, - 96888, 4949, -5843, 4767, -5843, 96888, -5843, 650, -5843, -5843, - -5843, 4669, -5843, 2510, -5843, -5843, 2522, -5843, -5843, 2528, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4908, 96888, - -5843,105876, 4364, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 503, -5843, 503, -5843, 1568, 398, -5843, -5843, 5034, -5843, - 4720, 3496, -5843, 650, 3407, 4576, 4849, 4849, -5843, -5843, - -5843, 4963, -5843, -5843, -5843, -5843, 5014, 3407, 2325,107296, - 4739, -5843, -5843, -5843, -5843, -5843, -5843, 4382, 4383, 23642, - 3001, 4882, 59438, 4384, -5843, -5843, 2923, 2429, 2529, 4675, - 4616, -5843, 4557, -5843, 2963, 3407, 3407, 1742, 3279, -5843, - -5843, -5843, -5843, 5020, 3276, -5843, 5105, -5843, 3276, 2776, - -5843, -5843, -5843, -5843, -5843, 4392, 2564, 1757, 2970, 3028, - -5843, -5843, -5843, 4395, -5843, -5843, 288, -5843, 4387, -5843, - 2571, 5114, 1367, 23642, -5843, 4398, -5843, -5843, 96888, -5843, - -5843, 4648, 1276, -5843, 2601, -5843, -5843, -5843, 4399, 3818, - -5843, -5843, 62434, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 4262, -5843, 4284, 2699, -5843, -5843, -5843, - -5843, 4770, 4400, 4404, -5843, -5843, -5843, 4394, 195, 39052, - -5843, -5843, 64681, -5843, -5843, 4402, 4406, -5843, -5843, -5843, - 92394, -5843, 2618, -5843, -5843, 5149, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 19767, 2695, 2695, 2695, 2758, 4412, -5843, 83406, - 4418, 4419, 49580, 2326, 96888, 2632, -5843, -5843, -5843, -5843, - -5843, 2386, -5843, 1465, 2705, 503, 503, -5843, 4414, 48831, - -5843, 520, -5843, 270, 406, 455, 460, -5843, 4103, 386, - 386, 2695, 2695, 520, 386, 83406, 2041, 386, 4103, 4103, - 488, 2695, 2780, 270, -5843, -5843, -5843, 386, 270, 229, - -5843, -5843, 8061, -5843, 72920, 7948, 96888, 3715, -5843, -5843, - 491, 4553, -5843, -5843, -5843, 4774, 362, -5843, -5843, -5843, - 4428, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 253,108783, - 1289, -5843, -5843, -5843, 4425, 96888, -5843, -5843, 2695, -5843, - 5159, 5182, -5843, -5843, 4834, 23642, 4430, 23642, 4436, 2646, - 5160, 5161, 5110, 5165, 2254, -5843, 2130, -5843, -5843, -5843, - -5843, -5843, -5843, 1108, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4443, - -5843, -5843, -5843, -5843, 4783, -5843, 5204, -5843, 4902, 47333, - 2705, -5843, 1993, 4486, -5843, -5843, -5843, 5097, 3061, 3061, - 1217, 3061, 93892, 96888, 48831, 449, 470, 5080, 2411, 2213, - 4493, 5015, 3061, 3061, 94641, 1217, 39052, -5843, -5843, -5843, - 3061, -5843, 3061, 48831, 95390, 1217, -5843, -5843, -5843, 96888, - -5843, 3061, 1217, -5843, 1217, 1217, 93892, -5843, 9041, -5843, - -5843, 42090, 1567, -5843, 3407, 4648, 4850, -5843, -5843, 4571, - 2695, 4824, -5843, -5843, 4930, -5843, 96888, 393, -5843, 386, - -5843, 386, -5843, 386, -5843, 258, -5843, 96888, 5124, 5124, - -5843, -5843, -5843, 32167, -5843, 3819, -5843, -5843, 195, -5843, - -5843, 1954, -5843, -5843, 4826, 4690, 4970, -5843, -5843, -5843, - 107296, -5843, -5843, 4464, 2413, -5843, 4468, -5843, -5843, -5843, - -5843, 23642, -5843, 4703, -5843, 4813, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 4103, -5843, -5843, -5843, - 4474, -5843, 386, -5843, 23642, -5843, -5843, 4476, 3804, 2413, - -5843, -5843, 4574, 4508, 4479, -5843, 4856, 96888, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 4627, -5843, -5843, -5843, 39052, - 63183, 4491, 4477, -5843, 520, -5843, 76, -5843, 96888, -5843, - -5843, 4103, 4861, -5843, 2677, -5843, -5843, -5843, -5843, 96888, - 4495, 4698, 96888, 96888, -5843, -5843, 4499, 96888, -5843, -5843, - -5843, 42090, 4501, 5128, 5131, 503, -5843, 2705, 5055, 49580, - -5843, 2705, 2705, 68426, 96888, 4504, 2695, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 4506, -5843, -5843, -5843, - -5843, -5843, 2695, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 5242, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 4881, 4513, - 4512, -5843, 1934, -5843, -5843, 5191, 557, -5843, -5843, -5843, - 4718, 266, 96888, 4514, 96888, 4515, -5843, -5843, 346, 414, - -5843, -5843, -5843, -5843, -5843, 1289, -5843, -5843, -5843, 4524, - -5843, 69175, 3715, 96888, -5843, 96888, -5843, -5843, 4531, 4529, - -5843, 96888, 3407, 96888, -5843, 3001, 3001, 5257, 3001, -5843, - 5258, 5259, 2130, -5843, -5843, 5281, 323, 4913, 2047, 528, - 1217, 528, 5205, -5843, -5843, 96888, 49580, 93892, 49580, -5843, - 5046, -5843, 78163, 49580, 3061, 96888, -5843, 5208, -5843, 5176, - 49580, 49580, -5843, -5843, 93892, 4546, -5843, 2413, 2702, 96888, - 49580, -5843, -5843, -5843, 4099, 5023, 49580, 93892, -5843, 93892, - -5843, 4649, 5052, 3271, -5843, 4565, 4569, 96888, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 1293, -5843, -5843, 2697, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 504, 96888, 283, 2446, - -5843, -5843, -5843, -5843, 542, -5843, 4775, -5843, 1954, -5843, - -5843, -5843, 48831, -5843, 23642, -5843, -5843, 3094, -5843, -5843, - 4570, -5843, 4577, 4122, -5843, 5319, 4702, 4564, 4567, 4568, - 4760, 4927, -5843, 4763, -5843, 5247, 4722, 4586, 32167, -5843, - -5843, 1356, -5843, -5843, -5843, -5843, 99135, -5843, -5843, 4580, - -5843, 39052, 19767, -5843, -5843, -5843, 5004, -5843, 2707, 2413, - -5843, 4589, 96888, 4592, 2720, 4593, -5843, 96888, 4595, -5843, - -5843, 2705, -5843, -5843, 49580, 48831, -5843, 5078, 1706, 49580, - 49580, -5843, 4591, 5309, -5843, -5843, 4599, -5843, -5843, 48831, - -5843, -5843, 383, 229, -5843, 96888, -5843, -5843, -5843, 96888, - 5181, 4946, -5843, -5843, -5843, -5843, 96888, -5843, 4601, -5843, - 4602, 4957, -5843, 96888, 3285, 284, -5843, -5843, 557, -5843, - -5843, -5843, -5843, -5843,102131, 7592, 2731, 2762, -5843, -5843, - 3001, -5843, 3001, 3001, -5843, 4603, -5843, -5843, -5843, 5271, - -5843, 5273, -5843, 2357, 459, -5843, 49580, 2204, 5116, 5112, - 5328, -5843, 49580, 4406, 96888, -5843, -5843, 1947, -5843, 39052, - -5843, -5843, 5115, 5117, -5843, 5120, 1567, -5843, 96888, -5843, - -5843, -5843, 4715, -5843, 6285, 4818, 5336, 5337, -5843, 96888, - 96139, -5843, -5843, 5395, 4681, 96888, 5347, -5843, 5351, 4629, - 4631, -5843, 32167, -5843, -5843, 5261, -5843, 3814, 2413, -5843, - -5843, -5843, 1572, -5843, 5368, 1638, -5843, -5843, 1145, -5843, - -5843, -5843, -5843, 96888, 4633, 4721, -5843, -5843, 4705, -5843, - -5843, 3968, -5843, 166, 63932, -5843, -5843, -5843, -5843, 1365, - 96888, -5843, 5396, 4634, 2815, 1365, 1365, 4646, 96888, 23642, - 49580, 5078, 1773, 4641, 1090, -5843, 1090, -5843, -5843, 3805, - 70673, -5843, -5843, 4423, 96888, 4647, 5417, -5843, -5843, 96888, - 84155, -5843, 4651, -5843, 2195, -5843, 4223, 4225, -5843, -5843, - -5843, -5843, -5843, -5843, 96888, -5843, -5843, 5185, 96888, -5843, - 5221, 2765, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 49580, -35, -5843, -5843, 5299, -5843, 5345, 5349, 1567, - -5843, 48831, 5232, 76665, -5843, -5843, -5843, 1217, -5843, 96888, - 49580, 48831, -5843, -5843, 4406, 1455, 23642, 5021, 5446, -5843, - 4866, 4868, -5843, -5843, 2772, -5843, -5843, 4727, -5843, 5443, - -5843, -5843, 92394, 92394, 583, 5162, -5843, -5843, -5843, 5319, - -5843, -5843, 4807, 2032, -5843, 2783, -5843, -5843, -5843, 4099, - -5843, 4677, -5843, 5040, 520, 520, 5041, 520, 520, 520, - 520, 4679, 3968, -5843, -5843, -5843, 5030, -5843, -5843, -5843, - 1149, 2413, 4682, 96888, 4683, 2795, 3288, 3349, 96888, 4685, - 3116, -5843, -5843, 1090, 96888, 5287, -5843, 4689, -5843, 4692, - 4694, -5843, -5843, 5313, 2695, -5843, 4766, -5843, -5843, 3805, - -5843, -5843, -5843, 4736, 5323, 5285, -5843, 83406, 34492, -5843, - 5192, -5843, 5147, 5393, -5843, 5440, 4375, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 96888, -5843, 4767, -5843, -5843, - 4860, -5843, -5843, -5843, -5843, 295, 5446, 2796, -5843,102131, - 9373, 5309, 4099, 4856, -5843, -5843, -5843, 34492, -5843, 112, - 4856, -5843, -5843, -5843, -5843, 112, 5340, -5843, 3407, 23642, - -5843, -5843, -5843, -5843, -5843, -5843, 96139, -5843, 4769, 4706, - 2812, -5843, 449, -5843, -5843, -5843, -5843, -5843, 96888, -5843, - 4709, -5843, -5843, 100, 520, 2695, 2695, 520, 4299, 4299, - 4099, 83406, 4794, -5843, -5843, 520, 1090, 2695, 520, 1090, - -5843, -5843, 1361, 1149, -5843, -5843, -5843, -5843, -5843, -5843, - 1885, 1365, -5843, 4903, 1361, 3288, -5843, -5843, 1361, 3349, - -5843, -5843, 4711, 96888, -5843, 4716, 4723, -5843, 2817, -5843, - 1493, 5298, 96888, 4724, 96888, 96888, -5843, -5843, -5843, -5843, - -5843, -5843, 5073, -5843, 4725, 4726, 3758, 3758, 16667, -5843, - -5843, -5843, -5843, -5843, -5843, 5306, -5843, 4764, 819, -5843, - 5150, -5843, 48831, 5089, 3715, -5843, 96888, -5843, 96888, -5843, - 522, 96888, -5843, -5843, -5843, 5308, -5843, -5843, -5843, -5843, - -5843, 1956, -5843, -5843, 2838, -5843, 4778, 4780, -5843, 112, - -5843, 4730, 3407, -5843, -5843, -5843, -5843, 39052, -5843, 4721, - -5843, -5843, 2859, -5843, 29067, -5843, -5843, -5843, 2695, -5843, - -5843, 2695, -5843, -5843, -5843, -5843, -5843, 2879, -5843, 83406, - -5843, -5843, 386, -5843, -5843, 5353, 5187, -5843, 4942, 1149, - 2818, -5843, -5843, -5843, -5843, -5843, 4743, 96888, 96888, 4745, - -5843, 96888, -5843, -5843, -5843, 1818, -5843, 2890, 96888, 2916, - 4746, -5843, -5843, -5843, -5843, 4747, 4749, -5843, 88, -5843, - -5843, 5412, -5843, 3715, -5843, -5843, -5843, -5843, -5843, -5843, - 5525, 4834, -5843, 5322, 2796, -5843, -5843, -5843, -5843, -5843, - -5843, 4856, 4751, -5843, 520, 5291, -5843, -5843, 4709, -5843, - 4753, -5843, 583, -5843, -5843, 83406, -5843, 4794, -5843, -5843, - -5843, -5843, -5843, -5843, 1361, -5843, -5843, 2954, 4634, 96888, - -5843, 1194, 1194, 1149, 2962, 3288, 3349, -5843, 516, -5843, - 3150, 3150, 1710, -5843, -5843, -5843, 4815, -5843, 2796, 376, - -5843, 2978, 39052, 19767, 5062, 4638, -5843, 29067, 4758, 3916, - -5843, -5843, -5843, 5055, 4776, 4634, -5843, -5843, 1779, 5212, - 5346, 5348, -5843, 1149, -5843, -5843, -5843, 4777, -5843, 3150, - -5843, -5843, -5843, -5843, -5843, 263, 5118, -5843, -5843, -5843, - 3241, -5843, -5843, -5843, 5352, 376, 376, -5843, -5843, -5843, - 5486, 4941, -5843, -5843, -5843, 3916, -5843, -5843, 1149, 4781, - -5843, -5843, -5843, 5256, 5454, -5843, -5843, -5843, -5843, 263, - -5843, -5843, 5451, -5843, -5843, -5843, 1300, 5354, -5843, 5360, - -5843, 3001, 5426, -5843, -5843, 1149, 1194, 1194, -5843, 4919, - -5843, -5843, 5457, 5138, -5843, 5545, 4788, -5843, -5843, -5843, - -5843, 1853, 36027, 5318, 1456, -5843, -5843, -5843, 83406, -5843, - 3008, -5843, -5843, 39052, -5843, -5843, -5843, 83406, -5843, -5843, - -5843, 36787, 4787, -5843, 520, -5843, -5843, 6285, -5843, 39052, - -5843, 5446, -5843, 19767, -5843, -5843, -5843 + 39162, -5756, -5756, 96235, -5756, -5756, 4217, 1699, 96235, -5756, + 124, -5756, 472, -5756, -5756, -5756, -5756, -5756, 4608, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 139, 236, -5756, -5756, + -5756, 292, -5756, -5756, -5756, -5756, 630, 82004, 926, 1167, + -5756, 85749, -5756, -5756, -5756, -5756, 85749, -5756, -5756, 96235, + -5756, -5756, 1474, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 674, -5756, 558, 2606, -5756, -5756, -5756, + -5756, -5756, -5756, 1788, -5756, -5756, -5756, -5756, -5756, -5756, + 236, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 1193, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 1664, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 96984, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 289, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 1589, -5756, -5756, -5756, -5756, -5756, 291, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 1723, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 96235, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 292, -5756, -5756, + -5756, 1599, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 1193, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 96235, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 219, -5756, -5756, 283, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 1817, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 2780, -5756, -5756, 194, 2293, 2334, -5756, -5756, + 1796, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 4759, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 510, -5756, -5756, -5756, -5756, 4176, + 2041, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 47429, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 194, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 260, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 1612, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 97733, 96235, 1689, + 1695, 96235, 2294, 82753, 2294, -5756, 149, -5756, -5756, 2084, + -5756, 1740, -5756, 236, 2811, 1738, 2244, 2551, 1102, 2290, + 83502, 1323, 2294, -5756, 2594, -5756, 2294, 2352, 2294, -5756, + 2294, 2294, -5756, 2294, 2294, 2294, -5756, -5756, 1282,105223, + 70769, -5756, -5756, 1394, 2591, -5756, -5756, -5756, -5756, -5756, + -5756, 7441, 236, 22989, 2691, -5756, -5756, 2262, 5635, 2052, + -5756, 2528, -5756, -5756, 96235, -5756, 2294, 7441, -5756, 2528, + 71518, 4242, 51185, 6782, 2528, 236, 2646, -5756, 2044, -5756, + -5756, -5756, -5756, -5756, -5756, 96235, -5756, 1193, -5756, -5756, + 2488, -5756, -5756, 82753, -5756, -5756, -5756, -5756, -5756, 2798, + 22989, 242, 2560, -5756, -5756, 2451, 48178, 82753, 2765, 2551, + 2796, -5756, 1680, 509, -5756, 2164, 2254, 2551, 1303, 2257, + 2551, 2674, 2294, 2294, -5756, -5756, 3211, 3211, 3211, 2521, + 3211, -5756, 3211, 2862, 2204, 439, -5756, -5756, 2205, 96235, + 2765, -5756, 2765, -5756, 2883, -5756, 2765, 2765, 2330, 2891, + 2901, 1084, 1993, 1678, 1678, 2084, 42935, 1288, 2740, -5756, + 2862, 1422, 1359, 2171, 2171, 2171, 1422, 194, 1422, -5756, + 3336, 1740, 3653, 96235, -5756, 2933, -5756, 2277, -5756, -5756, + -5756, 96235, 96235, 437, -5756, 2339, -5756, 2295, 1849, 73016, + -5756, 2982, -5756, -5756, -5756, -5756, -5756, -5756, 2828, 377, + 2446, 2692, 2386, -5756, 2872, 82753, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 96235, 2361, -5756, -5756, -5756, 3042, + 2244, -5756, 2886, -5756, -5756, -5756, -5756, 48178, -5756, -5756, + -5756,105223, -5756, -5756, -5756,105223, 1297, 66275, -5756, 2395, + 2719, -5756, 2406, 1344, 1497, -5756, -5756, 1694, 1704, 1799, + -5756, -5756, -5756, 1815, -5756, -5756, -5756,102976, 1535, 2422, + -5756, -5756, 3097, -5756, -5756, 86498, 1166, 96235, 3098, -5756, + 96235, -5756, 96235, -5756, 82753, -5756, -5756, 96235, 2294, 2294, + -5756, -5756, 3090, -5756, 2634, 2596, 2038, 2478, 2791, -5756, + 2684, -5756, 2502, 2575, 2709, 2506, 2507, 2558, 434, -5756, + 2513, -5756, 114, 2985, 83, 148, 2989, 153, 154, 3115, + 2992, 495, 1203, 525, 2787, 537, -5756, -5756, -5756, -5756, + 3047, 3152, 2589, -5756, 2611, -5756, 3100, 2958, 1489, -5756, + -5756, 1082, 3057, 366, 48178,107353,105933, 84251,107353,107353, + 107353, -5756, -5756, 249, 96235,106643, 96235, 7610, -5756, -5756, + 40688, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 96235, -5756, -5756, -5756, -5756, -5756, -5756, 1898, 1356, 8145, + -5756, 2631, -5756, -5756, -5756, -5756, -5756, 87247, -5756, 198, + 247, 3595, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 29189, 2644, 2650, 2653, 18339, 2663, 2669, + 2681, 2690, 2695, 2478, 2478, 2478, 2701, 2710, 2721, 2726, + 2735, 2738, 2743, -5756, 2747, 2752, 2753, 2770, 2781, 2784, + 23764, 2785, 2799, 2805, 2701, 36889, 2812, 2829, 2832, 2836, + 22989, 2701, 2848, 2849, -5756, 2866, 2870, 2874, 2885, 2888, + 2893, 2906, 2909, 3420, 2913, 2914, 2920, 2925, -5756, 2478, + 2701, 2701, 2926, 2937, 2478, 2946, 2947, 2951, 2952, 2955, + 2959, 2977, 2988, 3001, 3005, 3008, 3011, 186, 3012, 3020, + 3024, 3051, 3053, 3054, 3064, 2748, 3065, 3069, 3075, 2758, + 3076, 3084, 3085, 3088, 3092, 203, 3093, 3095, 254, 3105, + 3108, 3109, 3110, 3112, 3114, 3117, 29964, 30739, 29189, 16014, + -5756, 96235, 98482, -5756, -5756, 3466, 785, 1619, 2064, 29189, + -5756, -5756, -5756, 3424, -5756, 3530, -5756, -5756, -5756, -5756, + 3369, 3395, -5756, 3399, -5756, -5756, 3451, 2910, -5756, 3687, + -5756, -5756, -5756, -5756, -5756, 2950, -5756, 3122, 3744, 3747, + 3123, 3124, -5756, -5756, 502, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 3034, 3009, + -5756, 3687, -5756, -5756, 78259, -5756, 5682, -5756, -5756, 2634, + 3258, 3655, -5756, 3750, -5756, 3699, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4242, -5756, + -5756, 51945, 3654, 754, -5756, -5756, 199, -5756, 390, 405, + 64777, -5756, 520, 65526, 474, 87996, 976, -5756, 73765, -5756, + 483, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 3126, -5756, 3240, 3454, 3132, 4224, 1304, -5756, -5756, + 240, 1024, 3228, 1063, -5756, 992, -5756, 1304, -5756, 79008, + 1275, 2098, -5756, 1025, -5756, 3797, -5756, -5756, 3231, 3214, + 3247, -5756, 2918, -5756, 2551, -5756, 388, -5756, 1275, 1304, + 2098, -5756, 3431, 3513, 1521, 3454, -5756, 1569, -5756, -5756, + -5756, 3815, -5756, 3169, -5756, 3786, -5756, 96235, 1280, 48178, + -5756, -5756, -5756, -5756, 3172, 48178, 48178, 1620, 253, 3466, + 3176, 22989, -5756, -5756, 4362, -5756, 3386, 1460, 1251, -5756, + -5756, 558, 96235, -5756, -5756, 1155, -5756, 3610, -5756, 3185, + -5756, 99231, 253, 3850, -5756, -5756, -5756, -36, 3581, -5756, + 3190, -5756, -5756, -5756, -5756, 48178, 96235, 2551, -5756, -5756, + -5756, -5756, 3192, -5756, -5756, 3410, 3288, -5756, 3226, -5756, + -5756, 230, -5756, -5756, 3993, -5756, 96235, -5756, 2765, -5756, + -5756, 2765, -5756, -5756, -5756, 2765, 2765, 2765, -5756, -5756, + 2765, 2765, 3250, -5756, 3535, 3536, 2872, -5756, 3220, 42186, + 96235, 4000, -5756, 4327, -5756, -5756, -5756, 3223, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 3793, 3985, 3985, -5756, + 52705, -5756, -5756, 3884, 2740, 1748, 3735, 56505, 3880, 3972, + 58785, -5756, 1275, -5756, -5756, -5756, -5756, 481, 96235, -5756, + 481, 481, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 194, -5756, -5756, 2811, 3913, 74514, + 96235, 1422, 1359, -5756, 4003, 4004, -5756, -5756, -5756, 2551, + 494, 3636, -5756, 96235, -5756, -5756, -5756, 2478, 4047, -5756, + -5756, -5756, -5756, -5756, 48178, 3465, 73016, 2294, -5756, -5756, + -5756, 377, -5756, 1572, 96235, 48178, 3302, -5756, 48178, 3259, + -5756, -5756, -5756, 3743, 22989, -5756, 3628, -5756, -5756, 48178, + 1358, -5756, -5756, -5756, 3905, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 3281, -5756, -5756, + -5756, 3281, 1000, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 3284, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 3849, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 3284, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 214, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 3681, 2837, 2687, -5756, -5756, -5756, + -5756, -5756, -5756, 3681, -5756, 2687, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 3284, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 3289, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 3681, -5756, + 2687, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 3281, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 3281, -5756, -5756, 2687, 3281, + -5756, 3292, 3284, 3681, 1495, 2499, 3284, -5756, -5756, 3281, + 3296, 3281, 3281, 3281, 3281, -5756, 3281, 4066, 3291, 3284, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 178, 3281, 3281, + 3281, 3281, 3300, 217, -5756, 252, 256, 264, 265, 273, + 284, -5756, -5756, -5756, -5756, 3962, 96235, 3965, -5756, 3737, + 1535, 3299, 3304, -5756, 48178, 4043, 48178, 3309, -5756, 3975, + 2740, -5756, -5756, 3312, -5756, -5756, 3989, 96235, -5756, -5756, + 79757, -5756, 78259, 48178, 3314, -5756, -5756, 3927, 3473, -5756, + -5756, -5756, -5756, -5756, -5756, 3401, -5756, -5756, 3324, -5756, + -5756, -5756, -5756, 3777, -5756, 3470, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 78259, -5756, -5756, 3796, 3801, -5756, 73016, + 3058, 7100, 98482, -5756, 3981, -5756, -5756, -5756, 3815, -5756, + -5756, 24539, -5756, 25314, -5756, -5756, -5756, 3613, 622, 1505, + -5756, -5756, -5756, -5756, -5756, -5756, 4086, -5756, -5756, -5756, + -5756, -5756, -5756, 3821, 96235, 3574, 4013, 3988, -5756, -5756, + -5756, -5756, -5756, 3833, 3360, 3971, 3355, -5756, -5756, 333, + -5756, 3363, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 48178, 53465, -5756, -5756, -5756, 3359, -5756, -5756, + -5756, 3368, 29189, 29189, -5756, 4104, 4104, 4104, 22989, 2990, + 460, 3727, 22989, 22989, 22989, 2206, 3370, -5756, -5756, -5756, + 367, -5756, 22989, 22989, 37644, 3372, 1279, 5800, 22989, 4057, + 4057, -5756, 22989, 22989, 16014, 4322, 22989, 22989, 22989, -5756, + 98482, 37644, 3824, 3385, -5756, 3381, 2481, 22989, 2522, 22989, + -5756, -5756, 22989, 22989, 22989, 22989, 3391, 31514, 3393, 22989, + 22989, 3402, 3527, 4104, 4104, 2529, 385, -5756, -5756, -5756, + 4104, 4104, -5756, 22989, 22989, 16789, 22989, 22989, 2552, 22989, + 22989, 22989, 22989, 22989, 22989, -5756, 22989, 22989, 1248, 22989, + 22989, 48178, 22989, 22989, 4068, 48178, 22989, 22989, 4069, 22989, + 22989, 3404, 48178, 22989, -5756, 22989, 3467, 3467, -5756, 22989, + 16789, 22989, 3412, 38399, 22989, 22989, 22989, 23764, -5756, 23764, + -5756, -5756, 3415, 3201, 655, 194, 22989, 3388, -5756, -5756, + -5756, -5756, 22989, 22989, 22989, 31514, -5756, -5756, -5756, 664, + -5756, -5756, -5756, 26089, 31514, 3419, 31514, 31514, 4036, 552, + 31514, 31514, 31514, 31514, 31514, 31514, 31514, 32289, 33064, 31514, + 31514, 31514, 31514, -5756, 82753, 29189, 50425, 3421, 4075, -5756, + 80506, -5756, 2058, 1185, -5756, 2551, 5635, 34614, -5756, 3422, + -5756, 3926, 48178, -5756, 3426, 4088, 78259, 73016, 3058, 3446, + -5756, 1403, 410, -5756, 79757, 96235, -5756, -5756, -5756, 4147, + 22989, -5756, -5756, -5756, -5756, -5756, 3432, 484, 3436, -5756, + 1192, -5756, -5756, -5756, -5756, -5756, 96235, -5756, 88745, 54225, + 3534, 4105, 3453, 2765, 89494, 96235, 48178, 96235, 99980, 96235, + 96235, 48178, 82753, 78259, 48178, -5756, -5756, -5756, 1052, 1304, + 96235, 1304, 2098, 1097, 1304, 4084, -5756, -5756, 1597, 1597, + -5756, -5756, -5756, -5756, -5756, -5756, 1304, 96235, 96235, 1304, + 73016, -5756, 2098, 1443, -5756, 3742, 3531, -5756, -5756, -5756, + 3791, -5756, -5756, 4114, 3457, -5756, 3810, -5756, 3555, -5756, + -5756, 48178, -5756, -5756, 2098, -5756, 2098, 2098, 4124, 1304, + 1304, 1304, -5756, 43684, 3463, 3469, -5756, 3464, -5756, 3471, + -5756, 4100, -5756, -5756, -5756, 3845, 4259, 4134, 3497, -5756, + -5756, 4078, 1387, -5756, 3931, -5756, 4053, -5756, 22989, 3466, + 19114, 3787, -5756, -5756, 3790, 3792, 3799, 3612, -5756, -5756, + -5756, -5756, 3946, 3802, -5756, 3622, 2551, 3804, -5756, -5756, + -5756, 3532, -5756, -5756, -5756, 54985, 301, -5756, -5756, 4202, + 3643, 22989, -5756, -5756, 48178, 4037, -5756, 2551, 1680, 96235, + -5756, -5756, 4279, -5756, 1816, 4204, -5756, -5756, 3651, 1303, + -5756, 4204, 884, -5756, -5756, 3211, 3732, -5756, -5756, -5756, + 82753, -5756, -5756, -5756, -5756, -5756, -5756, 96235, -5756, 79757, + 73016, 82753, 2765, 2765, -5756, 48178, -5756, -5756, -5756, 96235, + 96235, 2765, 2765, 2765, 3584, -5756, 2705, 3544, 3550, 3551, + 3552, 2076, 3563, 44433, 2424, 6186, 4195, 4198, -5756, 4146, + 2821, 4146, -5756, -5756, 44433, 43684, 3570, 4000, -5756, -5756, + -5756, -5756, 82753, 3569, -5756, -5756, 3568, -5756, 22989, 4301, + 4230, 3884, -5756, -5756, 57265, 1556, 87247, -5756, -5756, -5756, + 3925, 4117, 1343, -5756, 3575, 3704, -5756, 225, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 3977, -5756, -5756, -5756, + -5756, -5756, -5756, 17564, -5756, -5756, -5756, -5756, -5756, 410, + 212, -5756, -5756, -5756, 1610, 3956, 2877, -5756, -5756, 82753, + 2877, -5756, 3591, 3896, -5756, 3900, 96, -5756, 48178, -5756, + -5756, -5756, -5756, -5756, 48178, 3596, -5756, 3789, 96235, 2361, + 22989, 4102, -5756, 3743, -5756, 3466, -5756, -5756, 7441, 4324, + 5922, 136, 3649, -5756, -5756, -5756, -5756, -5756, 48178, -5756, + -5756, 1307, 3606, 4070, 2930, -5756, -5756, -5756, 3681, 410, + 3681, -5756, -5756, 3631, 1154, -5756, -5756, -5756, 1154, -5756, + 1237, 3654, 75263, 3681, -5756, -5756, -5756, -5756, 4087, 2687, + 1270, 81255, 2429, -5756, -5756, -5756, -5756, 1154, 3211, -5756, + -5756, 3681, -5756, -5756, -5756, 3211, 1154, -5756, 4091, -5756, + -5756, -5756, 1154, 3681,105223, 2569, 2687, -5756, -5756, 2687, + 1154, 245, 96235, 4157, 2569, -5756, 1270, 4348, 2687, 3681, + 1154, 4376, -5756, 1154, -5756, -5756, 394, -5756, -5756, 1535, + -5756, -5756, -5756, 454, 3697, -5756, 3309, 71, 96235, 4282, + 4188, -5756, -5756, 4206, 60283, -5756, -5756, 4214, 3629, -5756, + -5756, 3630, 477, 96235, 48178, 48178, 7441, -5756, -5756, 3650, + -5756, -5756, -5756, -5756, 4149, -5756, -5756, 49, -5756, 45182, + 45182, 114, 2985, -5756, -5756, 2989, -5756, -5756, 2992, -5756, + 1203, -5756, 2787, -5756, -5756, -5756, -5756, 2107, -5756, -5756, + -5756, 4100, 22989, 49676, 3466, -5756, -5756, 48178, -5756, 4296, + -5756, -5756,103725, 161, -5756, -5756, 403, 48178, -5756, -5756, + -5756, -5756, 4289, 3794, 96235, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 96235, 2361, -5756, 96235,105223, 7441, 7441, -5756, + 83502, -5756, 1586, 1403, -5756, 4404, 98482, 22989, -5756, 3659, + -5756, 3664, 3666, 3071, 4032, 22989, 22989, -5756, 3135, 162, + 471, -5756, 3675, 3688, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 3678, -5756, -5756, 1092, 1105, 3679, -5756, -5756, + -5756, 3682, 194, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 4344, -5756, 400, -5756, -5756, -5756, 22989, + 1215, 1252, 1322, 3696, 514, 551, 1483, 3359, 2112, 3690, + 37644, 98482, 4104, 3692, 422, 4104, 3693, 1488, 1494, 2124, + 2202, 2225, -5756, 497, -5756, 1513, 1518, -5756, -5756, 3694, + 3700, 4104, 3701, -5756, 3702, 3705, 3708, 1564, 573, 3709, + -5756, -5756, 19889, 20664, 21439, 3168, 3710, -5756, -5756, 1567, + 2249, 4104, 3712, 2364, 1639, 1692, -5756, 2162, 1721, 1744, + 3715, 3176, 2365, 2409, -5756, -5756, -5756, -5756, 3689, 2431, + 2434, 3719, 3722, 2437, 2475, 48178, 3726, 3728, 2498, 48178, + 1749, 2510, -5756, 3738, 1754, 555, 3739, 3741, 2520, 3730, + 1756, -5756, 98482, 96235, 3746, 3683, 404, 3748, 2538, 4322, + 4322, -5756, 22989, 3749, 423, 98482, 618, 1419, -5756, 1619, + -5756, -5756, -5756, -5756, 522, -5756, 3751, 1619, 3752, 1512, + 16014, -5756, 1244, 558, 31514, 31514, 3753, 31514, 31514, 579, + 461, 461, 3765, 3765, 556, 1588, 23764, 579, 23764, 579, + 3765, 3765, 3765, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 4308, 3759, 3760, 3761, 3764, 1982, 3766, -5756, -5756, + -5756, -5756, -5756, -5756, 326, 4152, -5756, 3959, 419, 22989, + -5756, 3803, 4547, 4549, 4553, -5756, -5756, -5756, -5756, 78259, + 78259, 3795, -5756, 884, 4154, 4456, 79757, 4464, -5756, 3806, + 45182, 45182, -5756, 3807, -5756, 22989, 3798, 3800, 3811,102227, + -5756, 4473, 410, 76012, 3466, 78259, 819, -5756, 96235, 96235, + -5756, 87996, 4474, -4, 4101, -5756, 3817, 3820, -5756, 410, + -5756, 3816, 1444, 492, -5756, 3822, 3823, -5756, -5756, -5756, + -5756, 22989, 3827, 96235, 96235, -5756, -5756, -5756, -5756, 96235, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 2551, 22989, 96235, + 1304, -5756, -5756, -5756, 1304, 96235, 1304, -5756, 2551, 4489, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 1304, -5756, -5756, -5756, -5756, -5756, 4002, 1275, 2918, 4084, + 4204, 2098, 48178, 1304, 1304, 22989, -5756, -5756, -5756, -5756, + 4364, 3793, 19114, 3832, 3836, -5756, -5756, 7441, 96235, 98482, + 4571, -5756, -5756, -5756, 8873, -5756, 82753, 90243, 48178, -5756, + -5756, -5756, 2500, -5756, -5756, -5756, -5756, -5756, 3466, 2560, + 2726, -5756, 3837, 3466, -5756, -5756, 4535, -5756, -5756, -5756, + -5756, -5756, 2551, -5756, -5756, -5756, 4703, -5756, 48178, 82753, + 34614, -5756, 3846, -5756, 3867, -5756, -5756,100729, -5756, 2551, + 3466, 48178, 1559, 403, -5756, 4601, -5756, -5756, 3976, -5756, + -5756, -5756, 3862, -5756, 4286, -5756, -5756, -5756, -5756, -5756, + -5756, 3870, -5756, 4531, -5756, 2134, 108, 96235, 74, 96, + -5756, 96235, 96235, 48178, -5756, 96235, 2765, -5756, -5756, 2765, + -5756, -5756, 48178, 96235, 96235, 2765, 22989, 44433, -5756, -5756, + -5756, -5756, -5756, 44433, -5756, 1649, -5756, 4082, 889, 889, + -5756, 3471, -5756, -5756, -5756, 4505, 4146, 4146, 44433, 4511, + 3840, -5756, 96235, 4452, 1362, -5756, 52705, 96235, -5756, 3466, + 22989, -5756, 3912, 4230, -5756, 181, 197, 225, -5756, 4161, + 403, -5756, -5756, 58785, 4234, 58785, 58785, 98482, 4120, 22989, + -5756, 4555, 3892, 22989, -5756, 29189, 2726, -5756, 3466, -5756, + -5756, -5756, 2134, 2551, -5756, 410, 410, 4122, 4412, 4416, + 4025, 2551, 4420, 4421, 4424, -5756, -5756, -5756, -5756, -5756, + 3293, 2605, 187, 1276, 73016, 4378, 884, 4491, 3909, -5756, + 48178, 4572, -5756, -5756, -5756, 3911, 3910, 3466, -5756, -5756, + -5756, -5756, 8795, -5756, 3933, 3935, 3937, 3939, 3942, 3944, + 3947, 3950, 3954, 3957, 3963, 3964, 3968, 3970, 3973, 3979, + 3987, 3990, 3991, 3999, 4006, 4010, 4021, 4022, 4023, 142, + -5756, -5756, 4001, -5756, -5756, -5756, -5756, 96235, 4556, 3929, + 3982, 3984, 4011, 4012, -5756, -5756, 96235, -5756, 2178, 4427, + 4478, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 76761, -5756, 2183, -5756, -5756, + 2186, -5756, -5756, -5756, -5756, -5756, 2217, 70020, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 2569, 2569, 3952, 4024, + -5756, -5756, -5756, -5756, -5756, -5756, 4348, -5756, 4008, -5756, + 64028, -5756, -5756, -5756, -5756, 3230, -5756, 4371, -5756, 889, + -5756, 4503, 60283, -5756, 43684, 4225, 4639, -5756, -5756, 4014, + 48178, 79757, 78259, -5756, -5756, -5756, -5756, 4018, 1586, 8359, + -5756, -5756, 4777, 73016, 4475, -5756, 4017, -5756, 4020, 4526, + 4534, -5756, 98482, -5756, -5756, -5756, 3466, -5756, -5756, 4028, + -5756, -5756, 4078, 3985, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4061, + 4315, 4430, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4673, + -5756, -5756, -5756, -5756, 2229, 335, -5756, -5756, -5756,107353, + 107353,107353, -5756, 4397, -5756,104474, 22989, -5756, 1768, -5756, + 22989, -5756, -5756, 22989, -5756, 3466, 3354,108092, 81255, -5756, + 81255,108092, 22989, -5756, 4042, -5756, 4679, 4680, -5756, -5756, + -5756, 22989, -5756, 22989, 22989, 1841, 22989, 22989, 22989, 22989, + -5756, 22989, -5756, 22989, 22989, -5756, 31514, -5756, 4040, 4049, + -5756, -5756, 4050, -5756, 22989, 22989, -5756, -5756, -5756, 22989, + 22989, 22989, -5756, -5756, 4052, -5756, -5756, -5756, -5756, 22989, + 22989, 22989, -5756, 22989, 3202, 22989, 3557, 22989, 3582, 22989, + -5756, 26864, -5756, 4056, -5756, -5756, 22989, 22989, -5756, 22989, + 22989, 22989, -5756, -5756, -5756, 22989, -5756, 4628, 22989, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 22989, -5756, 2138, + 27639, -5756, 22989, 22989, 22989, -5756, -5756, 22989, 4054, 4055, + -5756, 96235, 2450, 3621, 403, 4060, -5756, -5756, 4076, 4077, + 3176, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 1279, 31514, + 585, 31514, 558, 1725, 16014, -5756, 1532, 558, 4322, 4322, + 96235, 4781, 4063, -5756, 22989, 22989, 16789, 22989, 98482, 22989, + 4067, 4064, -5756, 4071, 31514, -5756, -5756, 4074, -5756, 2523, + 3621, 4153, 4522, -5756, 3466, 34614, 4577, -5756, 48178, 4579, + 4626, 4283, -5756, 78259, 73016, 4745, 4746, -5756, 3466, -5756, + 4089, -5756, -5756, -5756, 4093, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 493, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 78259, -5756, -5756, -5756, -5756, -5756, 410, + -5756, 4094, 4095, -5756, -5756, 410, 410, -5756, -5756, 39925, + -5756, -5756, 1231, 4394, 4659, -5756, -5756, 96235, 1192, 96235, + -5756, 54225, 54225, 90992, 3466, 37, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4116, -5756, -5756, + -5756, 4865, -5756, -5756, 4489, -5756, 2740, 2098, -5756, -5756, + 3466, 38399, 1945, -5756, -5756, -5756, 19114, 9335, -5756, 2288, + 4109, -5756, 48178, 4106, 4576, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 4112, -5756, -5756, 19114, 4131, + -5756, 4204, -5756, 4018, 1395, -5756, -5756, 55745, 55745, 2007, + 258, 399, 2047, 2740, -5756, -5756, 132, -5756, -5756, -5756, + -5756, -5756, -5756, 1592, -5756, -5756, 4204, -5756, 1816, 2551, + 4163, 646, 403, 4356, -5756, -5756, 2134, 1085, 1085, 4704, + 108, 4570, -5756, 4378, 4784, 4707, 4708, -5756, 3293, -5756, + -5756, -5756, 96235, -5756, 1929, -5756, -5756, -5756, -112, -5756, + 48178, 1879, 4327, 4327, -5756, 889, 282, -5756, 31514, 4863, + -5756, 4630, -5756, -5756, 44433, 4761, 4762, -5756, 44433, -5756, + -5756, 2324, -5756, -5756, 77510, -5756, -5756, -5756, 3466, 308, + 2582, 22989, 96235, -5756, 3912, 4203, -5756, -5756, 197, -5756, + -5756, -5756, -5756, 58785, -5756, -5756, -5756, 1556, 4130, 2582, + 1748, 4136, 3466, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 76012, 77510, -5756, 4514, 4521, 1943, -5756, -5756, -5756, -5756, + 2412, 410, 410, -5756, 436, 410, -5756, -5756, 370, -5756, + -5756, 1319, 496, 3293, -5756, 2551, 2551, 2551, 2551, 427, + 2551, 2551, 2337, -5756, 2551, 310, -5756, -5756, 82753, -5756, + 4892, 4903, -5756, 4905, -5756, -5756, 373, -5756, 3414, 285, + -5756, 94, -5756, 4696, 96235, 4886, 3909, -5756, 435, 2361, + -5756, 22989, -5756, 4656, 4155, 4156, 403, 4158, 403, 403, + 2551, 2551, 4116, 2551, 403, 2551, 2551, 2551, 2551, 2551, + 2551, 2551, 403, 2551, 1528, 4116, 358, 2551, 403, 5922, + -5756, -5756, 2398, 2586, 67024, -5756, -5756, -5756, -5756, -5756, + -5756,105223, -5756, -5756, -5756, -5756, -5756, -5756, 4911, -5756, + -5756, -5756, -5756, -5756, 1270, 3211, 1270, -5756,105223, -5756, + -5756, 3284, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 22989, 22989, -5756, -5756, 96235, 4912, -5756, -5756, -5756, + -5756, 3941, -5756, -5756, -5756, 4482, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 3793, 1397, -5756, -5756, 43684, 519, 2740, + -5756, 58025, 4705, 4171, -5756, 884, -5756, -5756, 1775, 4772, + -5756, 4164, -5756, -5756, 428, 4368, 4180, 61032, 73016, 73016, + -5756, 2603, -5756, 48178, -5756, 4817, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 96235, 2361, 3927, -5756, + -5756, -5756, -5756, -5756, 4605,107353, 4166, 3466, 22989, 3466, + 3466, 22989, 3281, 3281, 3284, 3300, -5756, 4868, -5756, 4809, + 3281, 3281, -5756, 3281, 4810, 3281, 3281, -5756, 4178, -5756, + -5756, 4181, 4182, 4187, 3176, -5756, 22989, 22989, 2642, 86, + 86, 22989, 1882, 2013, 737, -5756, 2647, 2671, 2672, 543, + 98482, -5756, -5756, 2716, 2722, 2732, 2773, 2825, -5756, 2079, + 3083, 2086, 3466, 22989, 3466, 22989, 3466, 22989, 3466, 23764, + 2852, -5756, 2405, 3745, -5756, 2462, 3920, 2854, 2889, 2472, + 3120, 3283, 2545, 23764, 2902, 2916, 2109, 2114, 2961, 98482, + 96235, 4173, 4189, 4189, 692, -5756, 4190, -5756, -5756, -5756, + 4192, -5756, 22989, 22989, 4199, 1619, -5756, 22989, 558, 31514, + 917, 31514, -5756, -5756, 4308, -5756, 22989, -5756, 4780, 4201, + 3734, 4205, 4207, 3168, 4208, 4209, 4210, 4196, 3466, -5756, + -5756, 96235, 4212, 2064, -5756, 4116, -5756, 4838, -5756, 4928, + 4218, 4231, 4220, 4074, -5756, 78259, -5756, 48178, -5756, 4867, + 3630, -5756, 73016, 73016, -5756, 85000, -5756, 59534, 96235, 96235, + -5756, 22989, -5756, -5756, 819, 4980, 4982, -5756, -5756, -5756, + -5756, 126, 4782, -5756, -5756, -5756, -5756, -5756, 410, -5756, + 410, -5756, 3823, -5756, -5756, -5756, -5756, 3280, -5756, 1275, + -5756, -5756, -5756, 1304, 4223, -5756, 410, 1377, -5756, 19114, + 4227, 4226, -5756, 4840, -5756, 1279, 323, -5756, 3793, -5756, + 4712, -5756, -5756, 4232, 91741, -5756, 4233, -5756, -5756, 4793, + -5756, -5756, 4257, 4238, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 1275, 4290, 4472, -5756, -5756, -5756, -5756, -5756, 3502, + -5756, 4337, 4338, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 48178, 4833, 73016, 285, 4631, 48178, 48178, 8222, + 8336, 3293, 4250, 96235, -5756, 2147, 2551, -5756, -5756, 1929, + -5756, 2147, 3909, 4254, 1022, 4254, -5756, -5756, -5756, -5756, + 2064, 889, 889, 3907, 4747, 44433, 44433, 4246, 4750, 22989, + 4258, -5756, 96235, -5756, -5756, 4663, -5756, -5756, 22989, -5756, + -5756, -5756, -5756, -5756, 4998, 4261, -5756, -5756, -5756, -5756, + -5756, -5756, 22989, -5756, 57265, 22989, 4266, 4265, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 1154, 2291, 2319, -5756, -5756, + 2319, 2291, -5756, -5756, -5756, -5756, 2138, 2138, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 2605, + -5756, -5756, 5027, 1385, -5756, 4850, -5756, -5756, -5756, -5756, + 1021, 403, 403, 403, 3442, 2385, -5756, 3414, 2081, 4612, + -5756, 6861, 558, 275, 4775, 2312, -5756, 2554, -5756, 5011, + -5756, 189, -5756, -5756, 3466, -5756, 350, 433, -5756, 469, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 3442, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 96235, -5756, + 4852, -5756, -5756, -5756, 4742, 3296, 295, -5756, -5756, -5756, + -5756, 2561, 69271, 4285, -5756, -5756, -5756, -5756, 4157, 3466, + 3466, -5756, -5756, 64028, -5756, -5756, -5756, -5756, 1405, 2740, + 1498, 96235, 4629, 4824, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 22989, -5756, 4946, -5756, -5756, -5756, -5756, 96, 96, + -5756, -5756, -5756, -5756, 323, -5756, -5756, 4817, 4573, -5756, + 1771, 22989, -5756, -5756, -5756, -5756, -5756, -5756, 96235, 737, + 3466, -5756, 1270, -5756, -5756, 3281, -5756, 1270, -5756, -5756, + -5756, -5756, -5756, -5756, 1270, -5756, -5756, -5756, -5756, 4291, + 4322, 4322, -5756, 5016, 4826, 4916, 2971, 22989, 22989, -5756, + 22989, -5756, -5756, -5756, 1807, 4297, 4769, -5756, -5756, -5756, + -5756, -5756, -5756, 22989, 22989, 22989, 3466, 3466, 3466, 4322, + -5756, -5756, 4447, -5756, -5756,108092, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 358, 4322, -5756, -5756, + 22989, 22989, -5756, -5756, -5756, 96235, 3621, 4298, 4583, -5756, + -5756, -5756, 3621, 4445, -5756, -5756, 3621, 403, -5756, -5756, + -5756, 2571, 1619, -5756, 22989, 558, 4887, 4302, 5030, 4307, + -5756, -5756, -5756, -5756, -5756, -5756, 22989, 85000, -5756, 4310, + 4309, -5756, -5756, -5756, 4751, 22989, 4934, 4888, -5756, 3621, + 96235, -5756, -5756, -5756, 73016, 3806, 3806, 92490, -5756, -5756, + -5756, -5756, 2033, 410, 410, -5756, 3466, -5756, -5756, 4316, + 4319, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 1275, -5756, 38399, 2740, + 22214, -5756, -5756, -5756, 19114, -5756, 4320, 38399, 4788, -5756, + -5756, -5756, 4705, 221, -5756, -5756, -5756, 4712, -5756, 93239, + -5756, 4323, -5756, 4325, -5756, 2011, 4660, 4939, 3844, 55745, + 4326, -5756, -5756, -5756, 4349, 4351, 4354, -5756, 4335, -5756, + -5756, -5756, 48178, -5756, -5756, 4353, -5756, -5756, 41437, 4961, + 4380, 4709, 48178, 410, 410, 410, 410, 410, 410, 410, + 410, 410, 410, 4710, 410, 410, 410, 410, 410, 410, + 410, 410, -5756, 410, 410, 1042, 96235, 410, 410, -5756, + -5756, -5756, 4918, -5756, 7978, -5756, 410, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 475, + 4930, -5756, -5756, 309, -5756, -5756,108840, 5085, 4352, -5756, + 4894, -5756, -5756, -5756, -5756, -5756, -5756, 4459, 4894, 3909, + 2802, -5756, -5756, -5756, 4843, -5756, -5756, -5756, 4844, 3466, + 96235, -5756, -5756, 2321, 4975, 2582, 4360, 96235, 2582, 197, + 225, 3466, -5756, -5756, -5756, 3691, 3785, -5756, 3344, 2768, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 317, -5756, 82753, -5756, -5756, -5756, -5756, -5756, 5119, 5121, + -5756, -5756, -5756, -5756, 4557, 269, 5134, 1863, 4935, 4770, + 4941, 2276, 2264, 410, 4942, 5096, -5756, 349, 410, 4944, + 5004, 4453, 5005, 4948, -5756, 4457, 4770, 4950, 4578, 4954, + 4955, 4959, -5756, -5756, 8336, -5756, -5756, -5756, -5756, 105, + 45931, -5756, -5756, -5756, -5756, -5756, 4574, 22989, 22989, 4974, + 96235, 4976, -5756, 4789, -5756, 96235, -5756, 1279, -5756, -5756, + -5756, 4693, -5756, 2572, -5756, -5756, 2601, -5756, -5756, 2607, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4932, + 96235, -5756,105223, 4390, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 2500, -5756, 2500, -5756, 1405, 1498, -5756, -5756, 5059, + -5756, 4748, 3446, -5756, 1279, 3466, 4600, 4873, 4873, -5756, + -5756, -5756, 4986, -5756, -5756, -5756, -5756, 5038, 3466, 2361, + 107353, 4764, -5756, -5756, -5756, -5756, -5756, -5756, 4407, 4408, + 22989, 3211, 4916, 58785, 4409, -5756, -5756, 2972, 2120, 2618, + 4697, 4648, -5756, 4588, -5756, 2974, 3466, 3466, 1651, 3284, + -5756, -5756, -5756, -5756, 5052, 3281, -5756, 5137, -5756, 3281, + 1270, -5756, -5756, -5756, -5756, -5756, 4422, 2623, 2004, 3015, + 3031, -5756, -5756, -5756, 4423, -5756, -5756, 752, -5756, 4428, + -5756, 2628, 5148, 2484, 22989, -5756, 4426, -5756, -5756, 96235, + -5756, -5756, 4322, 1028, -5756, 2629, -5756, -5756, -5756, 4429, + 3806, -5756, -5756, 61781, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 4204, -5756, 4206, 2726, -5756, -5756, + -5756, -5756, 4811, 4431, 4433, -5756, -5756, -5756, 4432, 194, + 38399, -5756, -5756, 64028, -5756, -5756, 4436, 4435, -5756, -5756, + -5756, 91741, -5756, 2659, -5756, -5756, 5172, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 19114, 2551, 2551, 2551, 2400, 4439, -5756, + 82753, 4441, 4442, 48927, 2094, 96235, 2673, -5756, -5756, -5756, + -5756, -5756, 2391, -5756, 498, 2765, 2500, 2500, -5756, 4438, + 48178, -5756, 410, -5756, 470, 504, 513, 517, -5756, 4116, + 403, 403, 2551, 2551, 410, 403, 82753, 2030, 403, 4116, + 4116, 534, 2551, 1398, 470, -5756, -5756, -5756, 403, 470, + 239, -5756, -5756, 4357, -5756, 72267, 8336, 96235, 3545, -5756, + -5756, 2025, 4580, -5756, -5756, -5756, 4800, 309, -5756, -5756, + -5756, 4437, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 287, + 108840, 322, -5756, -5756, -5756, 4448, 96235, -5756, -5756, 2551, + -5756, 5183, 5208, -5756, -5756, 4858, 22989, 4454, 22989, 4460, + 2688, 5179, 5180, 5132, 5186, 2321, -5756, 2469, -5756, -5756, + -5756, -5756, -5756, -5756, 197, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 4465, -5756, -5756, -5756, -5756, 4802, -5756, 5227, -5756, 4927, + 46680, 2765, -5756, 584, 4515, -5756, -5756, -5756, 5124, 3098, + 3098, 292, 3098, 93239, 96235, 48178, 1362, 505, 5106, 2294, + 2035, 4518, 5042, 3098, 3098, 93988, 292, 38399, -5756, -5756, + -5756, 3098, -5756, 3098, 48178, 94737, 292, -5756, -5756, -5756, + 96235, -5756, 3098, 292, -5756, 292, 292, 93239, -5756, 9429, + -5756, -5756, 41437, 1579, -5756, 3466, 4322, 4875, -5756, -5756, + 4596, 2551, 4845, -5756, -5756, 4956, -5756, 96235, 378, -5756, + 403, -5756, 403, -5756, 403, -5756, 302, -5756, 96235, 5146, + 5146, -5756, -5756, -5756, 31514, -5756, 3807, -5756, -5756, 194, + -5756, -5756, 1911, -5756, -5756, 4846, 4705, 4994, -5756, -5756, + -5756,107353, -5756, -5756, 4486, 2582, -5756, 4492, -5756, -5756, + -5756, -5756, 22989, -5756, 4725, -5756, 4831, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4116, -5756, -5756, + -5756, 4495, -5756, 403, -5756, 22989, -5756, -5756, 4496, 4143, + 2582, -5756, -5756, 4594, 4522, 4500, -5756, 4888, 96235, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 4639, -5756, -5756, -5756, + 38399, 62530, 4501, 4498, -5756, 410, -5756, 90, -5756, 96235, + -5756, -5756, 4116, 4869, -5756, 2715, -5756, -5756, -5756, -5756, + 96235, 4507, 4706, 96235, 96235, -5756, -5756, 4508, 96235, -5756, + -5756, -5756, 41437, 4509, 5139, 5143, 2500, -5756, 2765, 5067, + 48927, -5756, 2765, 2765, 67773, 96235, 4516, 2551, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4519, -5756, -5756, + -5756, -5756, -5756, 2551, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 5253, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 4918, + 4520, 4525, -5756, 2569, -5756, -5756, 5206, 2147, -5756, -5756, + -5756, 4739, 275, 96235, 4529, 96235, 4530, -5756, -5756, 354, + 368, -5756, -5756, -5756, -5756, -5756, 322, -5756, -5756, -5756, + 4542, -5756, 68522, 3545, 96235, -5756, 96235, -5756, -5756, 4541, + 4546, -5756, 96235, 3466, 96235, -5756, 3211, 3211, 5271, 3211, + -5756, 5272, 5273, 2469, -5756, -5756, 5309, 269, 4926, 2081, + 558, 292, 558, 5215, -5756, -5756, 96235, 48927, 93239, 48927, + -5756, 5055, -5756, 77510, 48927, 3098, 96235, -5756, 5218, -5756, + 5187, 48927, 48927, -5756, -5756, 93239, 4558, -5756, 2582, 2691, + 96235, 48927, -5756, -5756, -5756, 3621, 5032, 48927, 93239, -5756, + 93239, -5756, 4661, 5058, 3256, -5756, 4562, 4564, 96235, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 1342, -5756, -5756, 2724, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 553, 96235, 306, + 2396, -5756, -5756, -5756, -5756, 1255, -5756, 4768, -5756, 1911, + -5756, -5756, -5756, 48178, -5756, 22989, -5756, -5756, 3037, -5756, + -5756, 4568, -5756, 4569, 4130, -5756, 4401, 4711, 4547, 4549, + 4553, 4756, 4922, -5756, 4767, -5756, 4538, 4751, 4581, 31514, + -5756, -5756, 2067, -5756, -5756, -5756, -5756, 98482, -5756, -5756, + 4582, -5756, 38399, 19114, -5756, -5756, -5756, 4996, -5756, 2731, + 2582, -5756, 4587, 96235, 4591, 2741, 4592, -5756, 96235, 4595, + -5756, -5756, 2765, -5756, -5756, 48927, 48178, -5756, 5076, -94, + 48927, 48927, -5756, 4586, 5312, -5756, -5756, 4589, -5756, -5756, + 48178, -5756, -5756, 221, 239, -5756, 96235, -5756, -5756, -5756, + 96235, 5182, 4974, -5756, -5756, -5756, -5756, 96235, -5756, 4593, + -5756, 4597, 4958, -5756, 96235, 3296, 311, -5756, -5756, 2147, + -5756, -5756, -5756, -5756, -5756,101478, 6265, 2755, 2763, -5756, + -5756, 3211, -5756, 3211, 3211, -5756, 4604, -5756, -5756, -5756, + 5274, -5756, 5275, -5756, 2504, 1384, -5756, 48927, 1307, 5114, + 5111, 5328, -5756, 48927, 4435, 96235, -5756, -5756, 1775, -5756, + 38399, -5756, -5756, 5115, 5116, -5756, 5120, 1579, -5756, 96235, + -5756, -5756, -5756, 4713, -5756, 7441, 4818, 5336, 5337, -5756, + 96235, 95486, -5756, -5756, 5395, 4681, 96235, 5347, -5756, 5348, + 4632, 4634, -5756, 31514, -5756, -5756, 5256, -5756, 3793, 2582, + -5756, -5756, -5756, 1632, -5756, 5368, 1710, -5756, -5756, 1079, + -5756, -5756, -5756, -5756, 96235, 4635, 4716, -5756, -5756, 4714, + -5756, -5756, 3673, -5756, 169, 63279, -5756, -5756, -5756, -5756, + 884, 96235, -5756, 5393, 4640, 2605, 884, 884, 4642, 96235, + 22989, 48927, 5076, 781, 4637, 1085, -5756, 1085, -5756, -5756, + 3576, 70020, -5756, -5756, 3831, 96235, 4641, 5416, -5756, -5756, + 96235, 83502, -5756, 4645, -5756, 2312, -5756, 4250, 4254, -5756, + -5756, -5756, -5756, -5756, -5756, 96235, -5756, -5756, 5184, 96235, + -5756, 5219, 2766, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 48927, -34, -5756, -5756, 5295, -5756, 5341, 5342, + 1579, -5756, 48178, 5224, 76012, -5756, -5756, -5756, 292, -5756, + 96235, 48927, 48178, -5756, -5756, 4435, 1592, 22989, 5012, 5437, + -5756, 4857, 4861, -5756, -5756, 2789, -5756, -5756, 4720, -5756, + 5436, -5756, -5756, 91741, 91741, 2064, 5156, -5756, -5756, -5756, + 4401, -5756, -5756, 4801, 2036, -5756, 2790, -5756, -5756, -5756, + 3621, -5756, 4667, -5756, 5035, 410, 410, 5036, 410, 410, + 410, 410, 4671, 3673, -5756, -5756, -5756, 5026, -5756, -5756, + -5756, 3374, 2582, 4672, 96235, 4674, 2795, 3725, 3237, 96235, + 4675, 3056, -5756, -5756, 1085, 96235, 5283, -5756, 4677, -5756, + 4684, 4685, -5756, -5756, 5308, 2551, -5756, 4760, -5756, -5756, + 3576, -5756, -5756, -5756, 4727, 5317, 5276, -5756, 82753, 33839, + -5756, 5188, -5756, 5138, 5384, -5756, 5431, 3298, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 96235, -5756, 4789, -5756, + -5756, 4894, -5756, -5756, -5756, -5756, 312, 5437, 2802, -5756, + 101478, 9680, 5312, 3621, 4888, -5756, -5756, -5756, 33839, -5756, + 155, 4888, -5756, -5756, -5756, -5756, 155, 5332, -5756, 3466, + 22989, -5756, -5756, -5756, -5756, -5756, -5756, 95486, -5756, 4758, + 4701, 2817, -5756, 1362, -5756, -5756, -5756, -5756, -5756, 96235, + -5756, 4715, -5756, -5756, 87, 410, 2551, 2551, 410, 4617, + 4617, 3621, 82753, 4787, -5756, -5756, 410, 1085, 2551, 410, + 1085, -5756, -5756, 1310, 3374, -5756, -5756, -5756, -5756, -5756, + -5756, 1942, 884, -5756, 4900, 1310, 3725, -5756, -5756, 1310, + 3237, -5756, -5756, 4717, 96235, -5756, 4719, 4722, -5756, 2881, + -5756, 1427, 5290, 96235, 4724, 96235, 96235, -5756, -5756, -5756, + -5756, -5756, -5756, 5065, -5756, 4726, 4728, 3442, 3442, 16014, + -5756, -5756, -5756, -5756, -5756, -5756, 5297, -5756, 4752, 1347, + -5756, 5142, -5756, 48178, 5073, 3545, -5756, 96235, -5756, 96235, + -5756, 577, 96235, -5756, -5756, -5756, 5292, -5756, -5756, -5756, + -5756, -5756, 491, -5756, -5756, 2898, -5756, 4771, 4773, -5756, + 155, -5756, 4731, 3466, -5756, -5756, -5756, -5756, 38399, -5756, + 4716, -5756, -5756, 2939, -5756, 28414, -5756, -5756, -5756, 2551, + -5756, -5756, 2551, -5756, -5756, -5756, -5756, -5756, 2940, -5756, + 82753, -5756, -5756, 403, -5756, -5756, 5330, 5163, -5756, 4924, + 3374, 3146, -5756, -5756, -5756, -5756, -5756, 4732, 96235, 96235, + 4735, -5756, 96235, -5756, -5756, -5756, 1350, -5756, 2980, 96235, + 2983, 4736, -5756, -5756, -5756, -5756, 4741, 4740, -5756, 998, + -5756, -5756, 5405, -5756, 3545, -5756, -5756, -5756, -5756, -5756, + -5756, 5518, 4858, -5756, 5315, 2802, -5756, -5756, -5756, -5756, + -5756, -5756, 4888, 4744, -5756, 410, 5284, -5756, -5756, 4715, + -5756, 4749, -5756, 2064, -5756, -5756, 82753, -5756, 4787, -5756, + -5756, -5756, -5756, -5756, -5756, 1310, -5756, -5756, 2999, 4640, + 96235, -5756, 1441, 1441, 3374, 3032, 3725, 3237, -5756, 414, + -5756, 2042, 2042, 1626, -5756, -5756, -5756, 4807, -5756, 2802, + 1312, -5756, 3033, 38399, 19114, 5061, 4663, -5756, 28414, 4757, + 1941, -5756, -5756, -5756, 5067, 4763, 4640, -5756, -5756, 2190, + 5211, 5344, 5345, -5756, 3374, -5756, -5756, -5756, 4765, -5756, + 2042, -5756, -5756, -5756, -5756, -5756, 1668, 5122, -5756, -5756, + -5756, 3805, -5756, -5756, -5756, 5346, 1312, 1312, -5756, -5756, + -5756, 5486, 4975, -5756, -5756, -5756, 1941, -5756, -5756, 3374, + 4776, -5756, -5756, -5756, 5259, 5456, -5756, -5756, -5756, -5756, + 1668, -5756, -5756, 5446, -5756, -5756, -5756, 1320, 5355, -5756, + 5360, -5756, 3211, 5423, -5756, -5756, 3374, 1441, 1441, -5756, + 4914, -5756, -5756, 5453, 5135, -5756, 5540, 4785, -5756, -5756, + -5756, -5756, 457, 35374, 5313, 1080, -5756, -5756, -5756, 82753, + -5756, 3049, -5756, -5756, 38399, -5756, -5756, -5756, 82753, -5756, + -5756, -5756, 36134, 4783, -5756, 410, -5756, -5756, 7441, -5756, + 38399, -5756, 5437, -5756, 19114, -5756, -5756, -5756 }; /* YYDEFACT[STATE-NUM] -- Default reduction number in state STATE-NUM. @@ -4929,7 +4929,7 @@ 1048, 0, 1085, 1087, 0, 0, 3637, 1255, 0, 259, 261, 0, 465, 0, 0, 0, 2020, 0, 2020, 2020, 0, 0, 2020, 0, 2020, 0, 0, 0, 0, 0, - 0, 0, 2020, 0, 0, 0, 2020, 0, 2020, 0, + 0, 0, 2020, 0, 0, 2020, 2020, 0, 2020, 0, 88, 1293, 0, 3698, 0, 272, 273, 274, 285, 3837, 314, 0, 3875, 881, 879, 882, 880, 901, 0, 876, 877, 947, 943, 944, 936, 0, 936, 297, 0, 3177, @@ -4982,7 +4982,7 @@ 1067, 931, 3595, 0, 0, 208, 3639, 0, 3641, 0, 1259, 0, 1258, 258, 264, 3760, 2020, 2020, 103, 2020, 95, 96, 91, 123, 124, 93, 94, 99, 98, 100, - 101, 104, 105, 102, 97, 92, 127, 129, 128, 106, + 101, 104, 105, 102, 97, 92, 127, 129, 128, 0, 2071, 2070, 2069, 130, 125, 126, 90, 313, 0, 281, 279, 280, 3758, 3757, 3698, 0, 0, 3835, 3874, 302, 299, 0, 0, 0, 847, 1046, 846, 296, 866, 1412, @@ -5031,307 +5031,307 @@ 0, 1133, 1163, 1164, 1162, 3596, 0, 0, 0, 1084, 0, 211, 209, 219, 3638, 0, 2130, 0, 3641, 1261, 1262, 0, 463, 0, 116, 118, 0, 120, 122, 0, - 112, 114, 271, 3759, 3756, 3755, 3834, 3836, 0, 0, - 304, 0, 0, 298, 871, 802, 3754, 3753, 322, 1864, - 0, 1863, 0, 1869, 1873, 2016, 2212, 2017, 0, 2004, - 0, 1411, 2130, 0, 1412, 0, 3584, 3584, 450, 452, - 451, 2181, 1324, 1332, 2455, 2454, 0, 1412, 259, 468, - 0, 1728, 1744, 1762, 1745, 1746, 1680, 0, 0, 0, - 0, 1737, 0, 0, 1738, 1696, 0, 0, 0, 0, - 0, 1547, 0, 1660, 0, 1604, 1602, 0, 868, 1506, - 1508, 1504, 1507, 0, 887, 1510, 0, 849, 887, 936, - 1514, 1500, 1501, 1502, 1503, 0, 0, 0, 0, 0, - 2553, 951, 1646, 0, 964, 958, 956, 963, 0, 1451, - 0, 0, 1943, 0, 1717, 0, 1670, 542, 0, 621, - 617, 0, 0, 563, 0, 564, 560, 536, 0, 3461, - 1419, 1418, 0, 3384, 3382, 3381, 3379, 3413, 3412, 3365, - 3363, 1413, 1413, 134, 2191, 1965, 2193, 2194, 2185, 2175, - 2173, 2528, 0, 2148, 2150, 2538, 2537, 2549, 0, 0, - 2130, 2143, 2020, 3786, 1118, 0, 1119, 1130, 1132, 1330, - 0, 2405, 0, 2403, 2370, 2406, 394, 386, 381, 389, - 383, 385, 384, 390, 391, 392, 393, 387, 382, 388, - 380, 379, 0, 0, 0, 0, 0, 0, 146, 0, - 0, 0, 1043, 2687, 0, 0, 711, 713, 714, 715, - 716, 0, 744, 718, 633, 994, 994, 746, 2554, 0, - 690, 2159, 507, 2020, 2020, 2020, 2020, 664, 2020, 2020, - 2020, 0, 0, 2159, 2020, 0, 0, 2020, 2020, 2020, - 2020, 0, 0, 2020, 672, 673, 671, 2020, 2020, 2453, - 513, 515, 931, 642, 0, 637, 275, 3845, 498, 499, - 0, 0, 1416, 1416, 3826, 0, 3827, 3828, 1416, 1416, - 0, 395, 3737, 3735, 3738, 3736, 3811, 3808, 0, 3805, - 3806, 3813, 3821, 3641, 0, 0, 3712, 240, 0, 240, - 0, 0, 1778, 1777, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 2457, 2459, 0, 2090, 1925, 1934, - 1932, 1969, 1981, 0, 2078, 2076, 2053, 2051, 2050, 2052, - 2049, 2047, 2046, 2048, 2038, 2037, 2039, 2036, 2035, 0, - 3568, 3564, 2023, 2022, 0, 1076, 0, 1075, 1080, 1043, - 633, 1182, 631, 0, 1137, 1141, 1138, 631, 2117, 2117, - 1296, 2117, 0, 0, 0, 0, 2117, 0, 2119, 2117, - 0, 0, 2117, 2117, 0, 1296, 0, 516, 1202, 1200, - 2117, 1201, 2117, 0, 0, 1296, 1150, 1094, 1151, 0, - 1095, 2117, 1296, 1117, 1296, 1296, 0, 640, 931, 1096, - 1097, 743, 1196, 218, 207, 0, 0, 1086, 1088, 0, - 0, 1089, 3640, 1062, 3643, 2130, 1267, 0, 108, 2020, - 109, 2020, 107, 2020, 3840, 0, 303, 0, 1859, 1859, - 1870, 2215, 2130, 0, 2005, 2219, 2210, 1412, 0, 429, - 3587, 0, 3468, 3467, 0, 2217, 0, 427, 3707, 486, - 468, 1610, 1611, 1734, 1971, 1732, 0, 1739, 1740, 1694, - 1636, 0, 1587, 0, 1661, 0, 1642, 1607, 1509, 1505, - 1512, 850, 1511, 1513, 1633, 1560, 2020, 1619, 1624, 1625, - 0, 1645, 2020, 1453, 0, 1946, 1945, 0, 0, 1971, - 1654, 540, 618, 535, 0, 559, 562, 0, 523, 2542, - 1413, 1413, 3371, 3369, 2266, 2002, 2529, 2527, 2146, 0, - 0, 0, 2145, 2155, 0, 2128, 0, 1326, 0, 1881, - 2401, 2020, 0, 2368, 0, 1226, 1227, 1228, 1230, 0, - 0, 0, 0, 0, 745, 1044, 0, 0, 717, 2557, - 710, 743, 0, 0, 0, 994, 734, 633, 0, 1043, - 995, 633, 633, 0, 0, 0, 0, 2068, 2067, 661, - 654, 653, 656, 655, 658, 657, 0, 650, 647, 659, - 649, 674, 0, 662, 644, 703, 704, 702, 668, 675, - 645, 646, 652, 651, 648, 695, 700, 698, 697, 696, - 701, 699, 663, 678, 660, 676, 505, 622, 643, 2061, - 2062, 2059, 2060, 683, 682, 2063, 680, 681, 514, 0, - 276, 278, 3698, 249, 241, 0, 0, 502, 500, 501, - 3651, 0, 0, 0, 0, 0, 1415, 3829, 0, 0, - 3720, 3800, 3809, 3857, 3812, 3807, 3814, 157, 286, 268, - 270, 0, 3842, 3698, 3853, 3698, 3641, 1779, 0, 0, - 1821, 0, 1826, 0, 1818, 0, 0, 0, 0, 2458, - 0, 0, 2465, 2467, 1983, 0, 1074, 0, 0, 0, - 1296, 0, 0, 1165, 1135, 0, 0, 0, 0, 1106, - 0, 1115, 0, 0, 2117, 0, 1167, 0, 1166, 0, - 0, 0, 1179, 1180, 0, 1961, 1963, 1971, 0, 0, - 0, 1155, 1177, 1178, 0, 0, 0, 0, 1125, 0, - 1111, 1181, 0, 1181, 1134, 0, 709, 0, 1198, 1136, - 205, 210, 220, 221, 1064, 0, 3642, 1060, 0, 1268, - 1264, 1265, 1260, 117, 121, 113, 0, 0, 0, 0, - 1867, 1865, 2130, 2213, 0, 316, 0, 3591, 3585, 3589, - 2182, 2130, 0, 3901, 0, 1736, 1692, 0, 1663, 1665, - 0, 952, 0, 1942, 1936, 0, 0, 0, 0, 0, - 0, 1955, 1947, 0, 1721, 0, 620, 0, 0, 548, - 561, 567, 566, 3385, 3383, 2189, 0, 2149, 2539, 2550, - 512, 0, 0, 3760, 1131, 2404, 0, 3452, 0, 1971, - 1040, 1042, 0, 0, 0, 0, 1042, 0, 0, 712, - 739, 633, 990, 991, 1043, 0, 719, 1014, 2554, 1043, - 1043, 750, 0, 737, 748, 791, 2556, 508, 670, 2393, - 669, 623, 0, 2453, 283, 0, 284, 250, 3801, 0, - 0, 216, 3817, 3831, 3815, 3830, 3698, 1416, 0, 1416, - 0, 0, 1415, 0, 0, 0, 3714, 3713, 0, 3795, - 3794, 3852, 3850, 159, 0, 1909, 0, 0, 2462, 2463, - 0, 2460, 0, 0, 2466, 0, 1081, 1077, 1082, 0, - 1120, 0, 1139, 0, 0, 1105, 0, 1282, 0, 0, - 1158, 1146, 0, 1101, 0, 1148, 1149, 1193, 1103, 0, - 1964, 517, 0, 0, 1110, 0, 1196, 1102, 1127, 1108, - 1140, 1197, 212, 1090, 401, 0, 0, 0, 1263, 0, - 1270, 3841, 3838, 0, 0, 0, 0, 1860, 0, 0, - 0, 2216, 0, 3590, 3588, 0, 2125, 1835, 1971, 1585, - 1561, 1647, 0, 1952, 0, 0, 1950, 1949, 0, 1944, - 1951, 619, 616, 0, 0, 556, 574, 570, 0, 572, - 573, 595, 2130, 0, 0, 2154, 2156, 3788, 2407, 3422, - 0, 1037, 0, 1038, 0, 3422, 3422, 0, 0, 0, - 1043, 1014, 2554, 972, 0, 720, 0, 724, 726, 752, - 0, 747, 738, 760, 0, 0, 688, 504, 277, 3698, - 3698, 3653, 3652, 1411, 208, 217, 3698, 3698, 3855, 3824, - 3820, 3822, 3819, 3810, 3698, 269, 3715, 0, 0, 3801, - 2925, 0, 1782, 1784, 1809, 1823, 1828, 2461, 2469, 2468, - 3569, 0, 1122, 632, 1034, 0, 1153, 0, 0, 1196, - 1107, 0, 0, 0, 1147, 1168, 1145, 1296, 1962, 0, - 0, 0, 1144, 1126, 1128, 1241, 0, 214, 188, 3644, - 0, 0, 1269, 1274, 0, 1271, 1273, 0, 300, 0, - 1862, 1861, 1876, 0, 1383, 0, 2443, 1735, 1953, 0, - 1954, 1957, 0, 0, 1958, 0, 552, 554, 544, 0, - 549, 0, 568, 0, 2159, 2159, 0, 2159, 2159, 2159, - 2159, 588, 596, 598, 599, 600, 0, 2190, 2530, 2540, - 1002, 1971, 0, 0, 0, 0, 1004, 1006, 0, 0, - 0, 732, 728, 0, 0, 976, 1015, 0, 722, 0, - 0, 913, 970, 776, 0, 779, 0, 911, 751, 753, - 909, 910, 755, 0, 0, 0, 792, 0, 0, 893, - 0, 896, 0, 0, 749, 0, 761, 892, 899, 2555, - 665, 510, 689, 3846, 3802, 0, 3656, 219, 240, 3710, - 0, 3801, 3801, 3858, 3716, 0, 188, 0, 1781, 0, - 0, 0, 0, 562, 1121, 1035, 1154, 0, 1143, 1169, - 562, 1159, 1104, 1156, 1157, 1169, 0, 1109, 213, 0, - 206, 189, 222, 3645, 3646, 1266, 0, 3839, 0, 0, - 0, 2183, 921, 1948, 1956, 1960, 1959, 550, 0, 557, - 581, 571, 577, 0, 2159, 0, 0, 2159, 0, 0, - 0, 0, 0, 565, 597, 2159, 0, 0, 2159, 0, - 1023, 1025, 1172, 1003, 1027, 1026, 1008, 1024, 1036, 1041, - 1042, 3422, 191, 0, 1172, 1005, 1029, 1012, 1172, 1007, - 1028, 1010, 0, 0, 740, 0, 0, 730, 0, 975, - 0, 980, 0, 0, 0, 0, 777, 778, 914, 754, - 912, 908, 904, 898, 2566, 2567, 0, 0, 0, 788, - 789, 894, 785, 786, 787, 0, 767, 0, 0, 891, - 0, 3654, 0, 0, 3818, 240, 3698, 3722, 3698, 3721, - 0, 0, 3843, 1786, 1783, 0, 1791, 1793, 1792, 1794, - 1785, 0, 1142, 1124, 0, 1152, 0, 0, 518, 1169, - 518, 0, 215, 1272, 301, 1868, 1866, 0, 2444, 556, - 553, 581, 0, 579, 0, 575, 569, 576, 0, 613, - 607, 0, 609, 610, 608, 605, 592, 0, 590, 0, - 1019, 1022, 2020, 1020, 144, 1174, 1173, 1009, 0, 1002, - 0, 150, 1013, 153, 1011, 735, 0, 0, 0, 0, - 973, 0, 977, 978, 979, 0, 971, 0, 0, 0, - 0, 905, 907, 2501, 2500, 0, 1422, 897, 0, 762, - 3800, 0, 221, 3816, 3797, 3796, 3825, 3823, 3717, 3718, - 0, 0, 1788, 0, 0, 1123, 1170, 1171, 1114, 518, - 1113, 562, 2184, 2196, 0, 2470, 551, 578, 0, 586, - 582, 584, 587, 612, 611, 0, 589, 0, 606, 693, - 1021, 1176, 1175, 1039, 1172, 1030, 736, 0, 1038, 0, - 974, 0, 0, 1002, 0, 1004, 1006, 784, 0, 895, - 756, 756, 768, 3803, 1411, 204, 0, 1787, 0, 1795, - 1116, 0, 0, 0, 0, 2456, 580, 0, 0, 601, - 594, 591, 147, 0, 0, 1038, 986, 985, 0, 0, - 982, 981, 721, 1002, 725, 727, 1423, 0, 765, 757, - 759, 764, 770, 771, 769, 772, 0, 3657, 3719, 1790, - 0, 1803, 1802, 1789, 0, 1796, 1798, 1129, 2195, 2197, - 0, 2464, 585, 583, 593, 602, 604, 733, 1002, 0, - 989, 987, 988, 0, 0, 723, 1424, 758, 763, 773, - 775, 3804, 0, 1804, 1801, 1800, 0, 0, 1797, 0, - 1799, 0, 2472, 603, 729, 1002, 0, 0, 774, 0, - 1806, 1805, 0, 0, 2471, 0, 2476, 731, 984, 983, - 3658, 0, 0, 2483, 3649, 2474, 2475, 2473, 0, 2478, - 0, 2480, 2481, 0, 2130, 3647, 3648, 0, 3659, 2482, - 2477, 0, 2484, 2486, 0, 2445, 3650, 401, 2479, 0, - 1411, 188, 2485, 0, 3660, 1412, 2487 + 112, 114, 106, 271, 3759, 3756, 3755, 3834, 3836, 0, + 0, 304, 0, 0, 298, 871, 802, 3754, 3753, 322, + 1864, 0, 1863, 0, 1869, 1873, 2016, 2212, 2017, 0, + 2004, 0, 1411, 2130, 0, 1412, 0, 3584, 3584, 450, + 452, 451, 2181, 1324, 1332, 2455, 2454, 0, 1412, 259, + 468, 0, 1728, 1744, 1762, 1745, 1746, 1680, 0, 0, + 0, 0, 1737, 0, 0, 1738, 1696, 0, 0, 0, + 0, 0, 1547, 0, 1660, 0, 1604, 1602, 0, 868, + 1506, 1508, 1504, 1507, 0, 887, 1510, 0, 849, 887, + 936, 1514, 1500, 1501, 1502, 1503, 0, 0, 0, 0, + 0, 2553, 951, 1646, 0, 964, 958, 956, 963, 0, + 1451, 0, 0, 1943, 0, 1717, 0, 1670, 542, 0, + 621, 617, 0, 0, 563, 0, 564, 560, 536, 0, + 3461, 1419, 1418, 0, 3384, 3382, 3381, 3379, 3413, 3412, + 3365, 3363, 1413, 1413, 134, 2191, 1965, 2193, 2194, 2185, + 2175, 2173, 2528, 0, 2148, 2150, 2538, 2537, 2549, 0, + 0, 2130, 2143, 2020, 3786, 1118, 0, 1119, 1130, 1132, + 1330, 0, 2405, 0, 2403, 2370, 2406, 394, 386, 381, + 389, 383, 385, 384, 390, 391, 392, 393, 387, 382, + 388, 380, 379, 0, 0, 0, 0, 0, 0, 146, + 0, 0, 0, 1043, 2687, 0, 0, 711, 713, 714, + 715, 716, 0, 744, 718, 633, 994, 994, 746, 2554, + 0, 690, 2159, 507, 2020, 2020, 2020, 2020, 664, 2020, + 2020, 2020, 0, 0, 2159, 2020, 0, 0, 2020, 2020, + 2020, 2020, 0, 0, 2020, 672, 673, 671, 2020, 2020, + 2453, 513, 515, 931, 642, 0, 637, 275, 3845, 498, + 499, 0, 0, 1416, 1416, 3826, 0, 3827, 3828, 1416, + 1416, 0, 395, 3737, 3735, 3738, 3736, 3811, 3808, 0, + 3805, 3806, 3813, 3821, 3641, 0, 0, 3712, 240, 0, + 240, 0, 0, 1778, 1777, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2457, 2459, 0, 2090, 1925, + 1934, 1932, 1969, 1981, 0, 2078, 2076, 2053, 2051, 2050, + 2052, 2049, 2047, 2046, 2048, 2038, 2037, 2039, 2036, 2035, + 0, 3568, 3564, 2023, 2022, 0, 1076, 0, 1075, 1080, + 1043, 633, 1182, 631, 0, 1137, 1141, 1138, 631, 2117, + 2117, 1296, 2117, 0, 0, 0, 0, 2117, 0, 2119, + 2117, 0, 0, 2117, 2117, 0, 1296, 0, 516, 1202, + 1200, 2117, 1201, 2117, 0, 0, 1296, 1150, 1094, 1151, + 0, 1095, 2117, 1296, 1117, 1296, 1296, 0, 640, 931, + 1096, 1097, 743, 1196, 218, 207, 0, 0, 1086, 1088, + 0, 0, 1089, 3640, 1062, 3643, 2130, 1267, 0, 108, + 2020, 109, 2020, 107, 2020, 3840, 0, 303, 0, 1859, + 1859, 1870, 2215, 2130, 0, 2005, 2219, 2210, 1412, 0, + 429, 3587, 0, 3468, 3467, 0, 2217, 0, 427, 3707, + 486, 468, 1610, 1611, 1734, 1971, 1732, 0, 1739, 1740, + 1694, 1636, 0, 1587, 0, 1661, 0, 1642, 1607, 1509, + 1505, 1512, 850, 1511, 1513, 1633, 1560, 2020, 1619, 1624, + 1625, 0, 1645, 2020, 1453, 0, 1946, 1945, 0, 0, + 1971, 1654, 540, 618, 535, 0, 559, 562, 0, 523, + 2542, 1413, 1413, 3371, 3369, 2266, 2002, 2529, 2527, 2146, + 0, 0, 0, 2145, 2155, 0, 2128, 0, 1326, 0, + 1881, 2401, 2020, 0, 2368, 0, 1226, 1227, 1228, 1230, + 0, 0, 0, 0, 0, 745, 1044, 0, 0, 717, + 2557, 710, 743, 0, 0, 0, 994, 734, 633, 0, + 1043, 995, 633, 633, 0, 0, 0, 0, 2068, 2067, + 661, 654, 653, 656, 655, 658, 657, 0, 650, 647, + 659, 649, 674, 0, 662, 644, 703, 704, 702, 668, + 675, 645, 646, 652, 651, 648, 695, 700, 698, 697, + 696, 701, 699, 663, 678, 660, 676, 505, 622, 643, + 2061, 2062, 2059, 2060, 683, 682, 2063, 680, 681, 514, + 0, 276, 278, 3698, 249, 241, 0, 0, 502, 500, + 501, 3651, 0, 0, 0, 0, 0, 1415, 3829, 0, + 0, 3720, 3800, 3809, 3857, 3812, 3807, 3814, 157, 286, + 268, 270, 0, 3842, 3698, 3853, 3698, 3641, 1779, 0, + 0, 1821, 0, 1826, 0, 1818, 0, 0, 0, 0, + 2458, 0, 0, 2465, 2467, 1983, 0, 1074, 0, 0, + 0, 1296, 0, 0, 1165, 1135, 0, 0, 0, 0, + 1106, 0, 1115, 0, 0, 2117, 0, 1167, 0, 1166, + 0, 0, 0, 1179, 1180, 0, 1961, 1963, 1971, 0, + 0, 0, 1155, 1177, 1178, 0, 0, 0, 0, 1125, + 0, 1111, 1181, 0, 1181, 1134, 0, 709, 0, 1198, + 1136, 205, 210, 220, 221, 1064, 0, 3642, 1060, 0, + 1268, 1264, 1265, 1260, 117, 121, 113, 0, 0, 0, + 0, 1867, 1865, 2130, 2213, 0, 316, 0, 3591, 3585, + 3589, 2182, 2130, 0, 3901, 0, 1736, 1692, 0, 1663, + 1665, 0, 952, 0, 1942, 1936, 0, 0, 0, 0, + 0, 0, 1955, 1947, 0, 1721, 0, 620, 0, 0, + 548, 561, 567, 566, 3385, 3383, 2189, 0, 2149, 2539, + 2550, 512, 0, 0, 3760, 1131, 2404, 0, 3452, 0, + 1971, 1040, 1042, 0, 0, 0, 0, 1042, 0, 0, + 712, 739, 633, 990, 991, 1043, 0, 719, 1014, 2554, + 1043, 1043, 750, 0, 737, 748, 791, 2556, 508, 670, + 2393, 669, 623, 0, 2453, 283, 0, 284, 250, 3801, + 0, 0, 216, 3817, 3831, 3815, 3830, 3698, 1416, 0, + 1416, 0, 0, 1415, 0, 0, 0, 3714, 3713, 0, + 3795, 3794, 3852, 3850, 159, 0, 1909, 0, 0, 2462, + 2463, 0, 2460, 0, 0, 2466, 0, 1081, 1077, 1082, + 0, 1120, 0, 1139, 0, 0, 1105, 0, 1282, 0, + 0, 1158, 1146, 0, 1101, 0, 1148, 1149, 1193, 1103, + 0, 1964, 517, 0, 0, 1110, 0, 1196, 1102, 1127, + 1108, 1140, 1197, 212, 1090, 401, 0, 0, 0, 1263, + 0, 1270, 3841, 3838, 0, 0, 0, 0, 1860, 0, + 0, 0, 2216, 0, 3590, 3588, 0, 2125, 1835, 1971, + 1585, 1561, 1647, 0, 1952, 0, 0, 1950, 1949, 0, + 1944, 1951, 619, 616, 0, 0, 556, 574, 570, 0, + 572, 573, 595, 2130, 0, 0, 2154, 2156, 3788, 2407, + 3422, 0, 1037, 0, 1038, 0, 3422, 3422, 0, 0, + 0, 1043, 1014, 2554, 972, 0, 720, 0, 724, 726, + 752, 0, 747, 738, 760, 0, 0, 688, 504, 277, + 3698, 3698, 3653, 3652, 1411, 208, 217, 3698, 3698, 3855, + 3824, 3820, 3822, 3819, 3810, 3698, 269, 3715, 0, 0, + 3801, 2925, 0, 1782, 1784, 1809, 1823, 1828, 2461, 2469, + 2468, 3569, 0, 1122, 632, 1034, 0, 1153, 0, 0, + 1196, 1107, 0, 0, 0, 1147, 1168, 1145, 1296, 1962, + 0, 0, 0, 1144, 1126, 1128, 1241, 0, 214, 188, + 3644, 0, 0, 1269, 1274, 0, 1271, 1273, 0, 300, + 0, 1862, 1861, 1876, 0, 1383, 0, 2443, 1735, 1953, + 0, 1954, 1957, 0, 0, 1958, 0, 552, 554, 544, + 0, 549, 0, 568, 0, 2159, 2159, 0, 2159, 2159, + 2159, 2159, 588, 596, 598, 599, 600, 0, 2190, 2530, + 2540, 1002, 1971, 0, 0, 0, 0, 1004, 1006, 0, + 0, 0, 732, 728, 0, 0, 976, 1015, 0, 722, + 0, 0, 913, 970, 776, 0, 779, 0, 911, 751, + 753, 909, 910, 755, 0, 0, 0, 792, 0, 0, + 893, 0, 896, 0, 0, 749, 0, 761, 892, 899, + 2555, 665, 510, 689, 3846, 3802, 0, 3656, 219, 240, + 3710, 0, 3801, 3801, 3858, 3716, 0, 188, 0, 1781, + 0, 0, 0, 0, 562, 1121, 1035, 1154, 0, 1143, + 1169, 562, 1159, 1104, 1156, 1157, 1169, 0, 1109, 213, + 0, 206, 189, 222, 3645, 3646, 1266, 0, 3839, 0, + 0, 0, 2183, 921, 1948, 1956, 1960, 1959, 550, 0, + 557, 581, 571, 577, 0, 2159, 0, 0, 2159, 0, + 0, 0, 0, 0, 565, 597, 2159, 0, 0, 2159, + 0, 1023, 1025, 1172, 1003, 1027, 1026, 1008, 1024, 1036, + 1041, 1042, 3422, 191, 0, 1172, 1005, 1029, 1012, 1172, + 1007, 1028, 1010, 0, 0, 740, 0, 0, 730, 0, + 975, 0, 980, 0, 0, 0, 0, 777, 778, 914, + 754, 912, 908, 904, 898, 2566, 2567, 0, 0, 0, + 788, 789, 894, 785, 786, 787, 0, 767, 0, 0, + 891, 0, 3654, 0, 0, 3818, 240, 3698, 3722, 3698, + 3721, 0, 0, 3843, 1786, 1783, 0, 1791, 1793, 1792, + 1794, 1785, 0, 1142, 1124, 0, 1152, 0, 0, 518, + 1169, 518, 0, 215, 1272, 301, 1868, 1866, 0, 2444, + 556, 553, 581, 0, 579, 0, 575, 569, 576, 0, + 613, 607, 0, 609, 610, 608, 605, 592, 0, 590, + 0, 1019, 1022, 2020, 1020, 144, 1174, 1173, 1009, 0, + 1002, 0, 150, 1013, 153, 1011, 735, 0, 0, 0, + 0, 973, 0, 977, 978, 979, 0, 971, 0, 0, + 0, 0, 905, 907, 2501, 2500, 0, 1422, 897, 0, + 762, 3800, 0, 221, 3816, 3797, 3796, 3825, 3823, 3717, + 3718, 0, 0, 1788, 0, 0, 1123, 1170, 1171, 1114, + 518, 1113, 562, 2184, 2196, 0, 2470, 551, 578, 0, + 586, 582, 584, 587, 612, 611, 0, 589, 0, 606, + 693, 1021, 1176, 1175, 1039, 1172, 1030, 736, 0, 1038, + 0, 974, 0, 0, 1002, 0, 1004, 1006, 784, 0, + 895, 756, 756, 768, 3803, 1411, 204, 0, 1787, 0, + 1795, 1116, 0, 0, 0, 0, 2456, 580, 0, 0, + 601, 594, 591, 147, 0, 0, 1038, 986, 985, 0, + 0, 982, 981, 721, 1002, 725, 727, 1423, 0, 765, + 757, 759, 764, 770, 771, 769, 772, 0, 3657, 3719, + 1790, 0, 1803, 1802, 1789, 0, 1796, 1798, 1129, 2195, + 2197, 0, 2464, 585, 583, 593, 602, 604, 733, 1002, + 0, 989, 987, 988, 0, 0, 723, 1424, 758, 763, + 773, 775, 3804, 0, 1804, 1801, 1800, 0, 0, 1797, + 0, 1799, 0, 2472, 603, 729, 1002, 0, 0, 774, + 0, 1806, 1805, 0, 0, 2471, 0, 2476, 731, 984, + 983, 3658, 0, 0, 2483, 3649, 2474, 2475, 2473, 0, + 2478, 0, 2480, 2481, 0, 2130, 3647, 3648, 0, 3659, + 2482, 2477, 0, 2484, 2486, 0, 2445, 3650, 401, 2479, + 0, 1411, 188, 2485, 0, 3660, 1412, 2487 }; /* YYPGOTO[NTERM-NUM]. */ static const yytype_int16 yypgoto[] = { - -5843, -5843, -5843, -5843, 1920, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, 2525, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, 1644, -5843, 222, -5843, 227, -5843, 228, -4081, -598, - -5843, -2249, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 1809, -3506, -5702, -5843, -5843, -321, 1185, -5843, - -5843, 34, -5843, -348, -5843, -5843, -5843, -4709, -509, -743, - -5843, 49, 4816, -491, 4822, 4825, -5843, -612, 4120, -4631, - 291, -5843, -3471, -5843, -5843, -5843, -5843, -2376, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -4439, 1123, -5843, -5843, -569, -5843, 1635, -5843, - -4305, 645, -5843, -5843, -5843, -5843, -4368, -5843, -731, -5843, - -5843, -5843, 1658, -5843, -5843, 497, 1113, 3045, 2774, -5843, - -5843, -5843, -5843, 593, -5843, 2083, -5843, -2459, 3482, -5843, - -5843, -5843, -5843, -5843, -5843, 1883, -3545, -5843, -5843, -5843, - 884, -5843, -858, -5843, 14, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -404, -5843, -2483, 1579, -5843, 1594, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -1524, -5843, -5843, -5843, 42, - -5843, -5843, -5843, -5843, -5843, 3152, -5843, 4779, -5843, -5843, - -3876, -5843, 2960, -5843, 2965, 2966, -3258, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 51, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -143, -139, 87, 719, 1208, - -5843, -4242, -5843, -5843, 2, -5843, -5843, -5843, -5843, -5843, - 975, 220, 977, -5843, 577, 2745, -3249, -5843, -5843, -5843, - -5843, -5843, -5843, -507, -63, -627, -5843, -4597, -5843, -5188, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -4120, -5843, - -5843, -5843, -761, -5843, -5843, -720, -5843, -5843, -5843, -5843, - -384, -5843, -5843, -5787, -5843, -5843, -5843, -57, -5843, 2458, - 4196, -2257, 365, -710, -5843, -4116, 749, -4369, -4216, -5843, - -4107, -5843, -5843, -5843, -272, -1343, -1319, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, 326, 189, 748, -4649, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -4645, -4642, 59, -5843, -4407, - -5843, -5843, 509, -5843, -5067, -5843, -5843, -5843, -5843, -5843, - -5843, -728, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5842, - -5843, -5843, -553, -562, -5843, -449, -3789, -5843, -837, 4817, - -5117, -5843, -440, -1354, -439, -438, -437, -5843, -1556, 1083, - 4051, -5843, 1827, -5843, 1190, -1554, -1720, 1305, 1951, -3872, - -1455, 1136, -1391, -3882, 1630, -5843, -400, -5843, -1285, -5843, - -1370, -3726, -4037, -5843, -691, -2321, -3643, -454, -5843, -5843, - -2121, -3748, -5843, 3189, -2462, -2419, 2364, 1561, -5843, -5843, - 1070, -5843, -1968, 1069, -5843, -5843, -5843, 1078, -5843, -716, - -5843, -5843, -5843, -5843, -3869, -5843, -2965, -4694, -5843, 5213, - 5214, -3147, -687, -684, -5843, -5843, -5843, -208, 1945, -5843, - -3204, -466, -481, -476, -3665, -103, -5234, -4019, -3849, -5220, - -3618, 3188, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 113, 119, 1412, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 810, -2198, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5092, -4715, -5843, - -5843, 392, -5563, -4268, -4277, -4269, -4451, 3833, -5843, -5843, - -5843, -5843, 4243, -3875, -4398, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 3406, 1560, -5843, -5843, 1974, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -259, 1984, -5843, -5843, - -5843, -5843, -5843, 2508, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -406, -5843, -5843, -5843, -5843, -5843, -86, 3251, - -5843, -5843, -5843, -5843, -18, -5843, -5843, -5843, -5843, 2135, - -5843, -5843, -5843, -5843, 2698, -5843, -5843, -5843, -5843, -5843, - -5843, 1712, -5843, 2355, -5843, -2881, -5843, -5843, 1211, -637, - -5843, -5843, -434, -5843, -5843, -5843, -5843, -5843, 64, -5843, - -5843, -5843, 5211, -1906, 21, -469, -5843, -5843, 8, -5843, - -5843, 4296, -486, 2186, -757, 4965, -5843, -5843, -5843, -5843, - -2953, 2058, -5843, 4361, -5843, -5843, 4543, 1102, 4322, 1927, - 786, 2156, -2035, -613, -3123, -2417, -5843, -17, -4497, 1120, - -5843, 1681, 1160, -2892, 10542, -5843, -1849, -2000, -5843, -5843, - -81, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2259, - 2268, -5843, -5843, 3717, -5843, 2200, -3556, -5843, -5843, -877, - -5843, -2959, -5843, -5843, -5843, 2203, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 1609, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 3668, -1961, -5843, -5843, 3802, -5843, 1708, -5843, 785, -5843, - -5843, -1493, -5843, -3263, -5843, -5843, -1975, -623, -5843, 3817, - -5843, 3831, -1249, -4260, -2105, -552, -5843, -317, -5843, -5843, - -5843, -5843, -5843, -5843, -3434, -653, -650, -5843, -5843, -5843, - 3422, -5843, 4407, -5843, -5843, -5843, -5843, -5843, -5843, 3430, - -5843, -2947, -5843, -2944, 4410, 4416, 4422, -5843, 4431, -5843, - -5843, -5843, -2031, 443, -5843, 839, -5843, -5843, -5843, -5843, - -5843, -3612, -5843, -198, 696, -196, -4457, -1863, 1006, -5843, - -5843, -2270, 3444, 3858, -1355, -5843, 2647, -5843, 3423, 1659, - -5843, 2003, -5843, 981, 986, -5843, -5843, 1670, -5843, -5843, - -5843, -5843, 409, -184, -5843, -5843, -5843, 0, 745, -2493, - -5843, 417, -3700, 4434, -733, -5843, 2002, -2312, -3646, -1234, - 831, -1344, 2011, 405, 5051, -534, -5843, -5843, 4393, 874, - -4026, -3180, -5843, -1980, -1931, 1461, -1294, 1462, -3513, -3018, - -5009, -5843, -3215, 1238, -5843, -5843, -5843, -5843, 1005, -5843, - -5843, -5843, 2694, -5843, 5355, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -699, -1213, -5843, 4025, 3289, - -1970, -608, 5367, -425, -5843, -5843, -420, -5843, -5843, 5156, - -2317, -5843, -5843, 4562, 3242, 2489, -5843, 1342, -5843, -5843, - -5843, -5843, 1155, -5843, -5843, 149, -1205, -607, 2010, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 739, -5843, 1174, -2262, - -5843, -5843, -5843, -5843, -419, -5843, -5843, -5843, -5843, 1179, - -5843, -527, -5843, -418, -5843, -5843, -5843, -5843, 4991, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -4445, -5843, -3090, 4992, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2876, -5843, -5843, - -5843, -5843, -5843, -5843, 3682, 5189, 5193, -2024, -5843, -1093, - 2878, 2205, -1142, -5843, -5843, -5843, 4438, 5195, -5843, -5843, - -110, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 2826, 131, -5843, -5843, -5843, -5843, -5843, 444, - -5843, -5843, -5843, -5843, 3585, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, 4003, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, 1364, - -506, -5843, 654, -551, -5843, 309, -5843, -5843, -5843, -5843, - -5843, -619, -5843, -5843, -625, -5843, -1412, 4915, -1356, -532, - -2106, -3805, -5843, 1, -5843, -5843, -5843, -5843, 2882, -5843, - -5843, 2768, 2534, -2954, -5843, 476, -5843, -5843, -3025, -914, - -2041, -4441, 2085, -5843, -5843, 70, 3389, 5643, -5843, -5843, - 11, 1426, -1280, -5843, -5843, 2486, -3, 2549, -386, -696, - -778, -1035, -5843, 4642, -5843, -5843, -5843, 184, -578, -546, - 98, 61, 135, 45, 6933, 9224, 24, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, 2253, 2258, -5843, - 5230, -5843, 3261, 2986, -5843, -5843, -5843, 2262, -5843, -5843, - -5843, 5236, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 2271, 2276, 2279, -5843, -5843, 1729, -2794, -5843, - -5843, -5843, -2292, 163, -5843, 3294, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, 3595, -571, 4712, -611, 3824, - 5246, 4750, -5843, 4057, -5843, 4067, -5843, 1527, -5843, -1180, - 2337, -1755, -3776, -5843, -5843, 2729, 1080, -5843, -5843, -2949, - -3576, -5843, 2183, 972, -5843, -5843, 269, -5843, -5843, -5843, - 1528, 104, 5218, 4623, -5843, -5843, -5843, -5843, 5442, 2417, - -5843, 878, 5470, 5475, 5477, -487, -5843, -3712, -5843, -4626, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - -5843, -5843, 1645, -5843, -5843, 2845, -5843, -5843, -5843, 3080, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -75, - 4995, -5843, -5843, -5843, -5843, 1448, -3051, -5843, -4204, -4647, - -5843, -5843, 752, -5843, -5843, -5843, -682, -5843, -5843, -5843, - -5843, -3760, 3308, -5843, 1935, -5843, -5843, -2471, -5843, -5843, - -2551, -5843, 33, -654, 5002, -5843, -5843, -5843, -5843, -5843, - 4985, -5843, -5843, 1263, -5843, -4155, -5843, 46, -3999, -255, - -4163, -5843, -3737, -5843, -5843, -5843, -5843, -5843, -5843, -5843, - 765, 776, -5843, 779, -5843, -3844, -5843, -5843, -5843, -5843, - -5843, -5843, -4020, -5843, -5843, -3091, -5843, 760, -5843, -5843, - -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -5843, -2631, - -5843, -5843, -5843, 4172, -5843, 5113, -5843, -975, 5005, -5843, - -5843, -5843, -5843, -5843, -5843, 68, -5843, -5843, -5843, -2545, - -5843 + -5756, -5756, -5756, -5756, 1916, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, 2517, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, 1638, -5756, 215, -5756, 218, -5756, 220, -4097, -627, + -5756, -2241, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 1802, -3342, -5693, -5756, -5756, -331, 1176, -5756, + -5756, 25, -5756, -359, -5756, -5756, -5756, -4725, -520, -753, + -5756, 33, 4812, -107, 4813, 4815, -5756, -596, 4118, -4667, + 440, -5756, -3441, -5756, -5756, -5756, -5756, -2391, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -4931, 1116, -5756, -5756, -617, -5756, 1630, -5756, + -4313, 637, -5756, -5756, -5756, -5756, -4301, -5756, -761, -5756, + -5756, -5756, 1652, -5756, -5756, 488, 1100, 3038, 2842, -5756, + -5756, -5756, -5756, 1958, -5756, 2193, -5756, -2729, 3472, -5756, + -5756, -5756, -5756, -5756, -5756, 1867, -3557, -5756, -5756, -5756, + 868, -5756, -858, -5756, 20, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -415, -5756, -2492, 1565, -5756, 1594, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -1429, -5756, -5756, -5756, 31, + -5756, -5756, -5756, -5756, -5756, 3136, -5756, 4774, -5756, -5756, + -3886, -5756, 2945, -5756, 2960, 2944, -3286, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 47, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -156, -154, 73, 706, 1195, + -5756, -4255, -5756, -5756, -9, -5756, -5756, -5756, -5756, -5756, + 965, 200, 963, -5756, 566, 2734, -3277, -5756, -5756, -5756, + -5756, -5756, -5756, -523, -79, -639, -5756, -4451, -5756, -5179, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -4108, -5756, + -5756, -5756, -776, -5756, -5756, -732, -5756, -5756, -5756, -5756, + -395, -5756, -5756, -4197, -5756, -5756, -5756, -68, -5756, 2449, + 4183, -2273, 356, -708, -5756, -4124, 738, -4079, -4216, -5756, + -3983, -5756, -5756, -5756, -281, -1378, -1366, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, 315, 176, 739, -4674, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -4649, -4564, 50, -5756, -5329, + -5756, -5756, 500, -5756, -5070, -5756, -5756, -5756, -5756, -5756, + -5756, -742, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -3884, + -5756, -5756, -568, -577, -5756, -461, -3816, -5756, -837, 4805, + -4975, -5756, -452, -1344, -448, -447, -445, -5756, -1576, 1075, + 4046, -5756, 1823, -5756, 1186, -1542, -1723, 1300, 286, -3866, + -1399, 1131, -1447, -3881, 1622, -5756, -409, -5756, -1353, -5756, + -1362, -3702, -5335, -5756, -691, -2331, -3692, -464, -5756, -5756, + -2108, -3756, -5756, 3181, -2477, -2427, 2356, 1551, -5756, -5756, + 1064, -5756, -1758, 1060, -5756, -5756, -5756, 1071, -5756, -724, + -5756, -5756, -5756, -5756, -4006, -5756, -2987, -4702, -5756, 5205, + 5209, -3163, -694, -693, -5756, -5756, -5756, -216, 1937, -5756, + -3940, -476, -491, -486, -3680, -113, -5197, -5755, -3810, -5073, + -3645, 3178, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 106, 107, 1401, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 798, -2759, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5072, -2945, -5756, + -5756, 379, -5496, -5610, -4322, -4315, -4520, 3825, -5756, -5756, + -5756, -5756, 4228, -3903, -4338, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 3392, 1706, -5756, -5756, 1962, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -274, 1971, -5756, -5756, + -5756, -5756, -5756, 2496, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -420, -5756, -5756, -5756, -5756, -5756, -100, 3239, + -5756, -5756, -5756, -5756, -18, -5756, -5756, -5756, -5756, 2125, + -5756, -5756, -5756, -5756, 2683, -5756, -5756, -5756, -5756, -5756, + -5756, 1701, -5756, 2343, -5756, -2890, -5756, -5756, 1199, -630, + -5756, -5756, -438, -5756, -5756, -5756, -5756, -5756, 41, -5756, + -5756, -5756, 5195, -1934, 21, -469, -5756, -5756, 8, -5756, + -5756, 4284, -529, 2173, -757, 4949, -5756, -5756, -5756, -5756, + -2960, 2040, -5756, 4342, -5756, -5756, 4528, 1507, 4303, 1910, + 766, 2137, -2064, -613, -3113, -1994, -5756, -42, -4362, 1098, + -5756, 2123, 1690, -2901, 9888, -5756, -1853, -1964, -5756, -5756, + -81, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 2237, + 2245, -5756, -5756, 3695, -5756, 2176, -5436, -5756, -5756, -904, + -5756, -2951, -5756, -5756, -5756, 2179, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 1583, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 3642, -1999, -5756, -5756, 3784, -5756, 1686, -5756, 767, -5756, + -5756, -1539, -5756, -3275, -5756, -5756, -1961, -673, -5756, 3782, + -5756, 3809, -1278, -4595, -2128, -567, -5756, -334, -5756, -5756, + -5756, -5756, -5756, -5756, -3278, -670, -668, -5756, -5756, -5756, + 3405, -5756, 4396, -5756, -5756, -5756, -5756, -5756, -5756, 3409, + -5756, -2971, -5756, -2957, 4398, 4399, 4400, -5756, 4402, -5756, + -5756, -5756, -2173, 430, -5756, 818, -5756, -5756, -5756, -5756, + -5756, -3618, -5756, -210, 683, -208, -4502, -1921, 1146, -5756, + -5756, -2255, 3433, 3835, -1370, -5756, 2638, -5756, 3406, 1647, + -5756, 1990, -5756, 968, 970, -5756, -5756, 1653, -5756, -5756, + -5756, -5756, 389, -201, -5756, -5756, -5756, -20, 725, -2516, + -5756, 397, -3678, 4393, -754, -5756, 1986, -2335, -3666, -1238, + 814, -1364, 1995, 383, 5037, -512, -5756, -5756, 4369, 858, + -4067, -1974, -5756, -1638, -1963, 1446, -1167, 1447, -3519, -2894, + -5018, -5756, -2563, 1224, -5756, -5756, -5756, -5756, 988, -5756, + -5756, -5756, 2676, -5756, 5331, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -740, -1255, -5756, 4015, 3266, + -535, -553, 5352, -424, -5756, -5756, -419, -5756, -5756, 5140, + -2447, -5756, -5756, 4548, 3219, 2470, -5756, 1325, -5756, -5756, + -5756, -5756, 1138, -5756, -5756, 130, -1055, -497, 1992, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 724, -5756, 1158, -2252, + -5756, -5756, -5756, -5756, -418, -5756, -5756, -5756, -5756, 1161, + -5756, -543, -5756, -414, -5756, -5756, -5756, -5756, 4979, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -4444, -5756, -3068, 4983, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 2853, -5756, -5756, + -5756, -5756, -5756, -5756, 3667, 5178, 5193, -2019, -5756, -1104, + 2856, 2188, -1051, -5756, -5756, -5756, 4440, 5196, -5756, -5756, + -249, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 2807, 115, -5756, -5756, -5756, -5756, -5756, 425, + -5756, -5756, -5756, -5756, 3571, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, 3995, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, 1360, + -526, -5756, 648, -561, -5756, 303, -5756, -5756, -5756, -5756, + -5756, -628, -5756, -5756, -635, -5756, -1452, 4896, -1357, -542, + -2104, -4290, -5756, 1, -5756, -5756, -5756, -5756, 2873, -5756, + -5756, 2759, 2530, -2981, -5756, 463, -5756, -5756, -3076, -978, + -2048, -4388, 9651, -5756, -5756, 40, 3390, 5185, -5756, -5756, + 11, 1036, -1316, -5756, -5756, 2479, -3, 2783, -423, -780, + -797, -1057, -5756, 4643, -5756, -5756, -5756, 184, -578, -514, + 98, 61, 135, 45, 5899, 8634, 24, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, 2246, 2243, -5756, + 5217, -5756, 3248, 2969, -5756, -5756, -5756, 2250, -5756, -5756, + -5756, 5220, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 2258, 2261, 2268, -5756, -5756, 1713, -2821, -5756, + -5756, -5756, -2313, 175, -5756, 3286, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, 3585, -599, 4702, -594, 3788, + 5241, 4743, -5756, 4058, -5756, 4059, -5756, 1523, -5756, -1191, + 2331, -1798, -2833, -5756, -5756, 2723, 1073, -5756, -5756, -2948, + -3548, -5756, 2175, 958, -5756, -5756, 262, -5756, -5756, -5756, + 1522, 1017, 5214, 4616, -5756, -5756, -5756, -5756, 5439, 2487, + -5756, 1502, 5464, 5465, 5466, -217, -5756, -3713, -5756, -4619, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + -5756, -5756, 1634, -5756, -5756, 2835, -5756, -5756, -5756, 2682, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -75, + 4987, -5756, -5756, -5756, -5756, 1437, -3065, -5756, -4205, -4658, + -5756, -5756, 741, -5756, -5756, -5756, -676, -5756, -5756, -5756, + -5756, -3770, 3303, -5756, 1925, -5756, -5756, -2498, -5756, -5756, + -2574, -5756, 18, -654, 4995, -5756, -5756, -5756, -5756, -5756, + 4977, -5756, -5756, 1247, -5756, -4180, -5756, 30, -4123, -271, + -4149, -5756, -3617, -5756, -5756, -5756, -5756, -5756, -5756, -5756, + 750, 762, -5756, 764, -5756, -3852, -5756, -5756, -5756, -5756, + -5756, -5756, -4347, -5756, -5756, -3103, -5756, 744, -5756, -5756, + -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -5756, -2643, + -5756, -5756, -5756, 4165, -5756, 5098, -5756, -975, 4997, -5756, + -5756, -5756, -5756, -5756, -5756, 48, -5756, -5756, -5756, -2531, + -5756 }; /* YYDEFGOTO[NTERM-NUM]. */ @@ -5340,58 +5340,58 @@ 0, 476, 768, 2345, 477, 478, 479, 480, 481, 2311, 482, 1321, 3059, 1323, 2280, 3062, 483, 737, 484, 2480, 3269, 3270, 4949, 4950, 4943, 4944, 4946, 4947, 3271, 852, - 853, 3105, 3106, 485, 3123, 4319, 3778, 2347, 5147, 3117, - 5470, 2352, 5150, 2353, 5151, 3115, 4332, 4829, 2357, 2358, - 778, 4320, 3873, 3874, 6142, 1382, 3774, 3882, 3883, 3128, - 4810, 4929, 5852, 4933, 5997, 6140, 5944, 3902, 5351, 5853, - 5854, 670, 1394, 665, 666, 667, 486, 5799, 2446, 5582, - 5553, 5554, 3216, 487, 845, 2469, 3909, 1501, 2470, 3235, - 3236, 5234, 5235, 5579, 3942, 3943, 3944, 5549, 5550, 4482, - 4805, 5206, 5551, 3945, 4819, 3044, 977, 1797, 3315, 3316, + 853, 3105, 3106, 485, 3123, 4319, 3778, 2347, 5148, 3117, + 5471, 2352, 5151, 2353, 5152, 3115, 4332, 4829, 2357, 2358, + 778, 4320, 3873, 3874, 6143, 1382, 3774, 3882, 3883, 3128, + 4810, 4929, 5853, 4933, 5998, 6141, 5945, 3902, 5352, 5854, + 5855, 670, 1394, 665, 666, 667, 486, 5800, 2446, 5583, + 5554, 5555, 3216, 487, 845, 2469, 3909, 1501, 2470, 3235, + 3236, 5235, 5236, 5580, 3942, 3943, 3944, 5550, 5551, 4482, + 4805, 5207, 5552, 3945, 4819, 3044, 977, 1797, 3315, 3316, 2545, 4489, 4490, 4491, 3952, 867, 868, 2554, 869, 3340, 3278, 4020, 4021, 4519, 870, 3991, 3992, 3993, 3344, 1191, 3994, 488, 489, 691, 699, 692, 1188, 2915, 1189, 490, 491, 2305, 735, 3081, 3082, 3083, 3084, 4279, 3737, 4273, - 4274, 5140, 871, 872, 978, 671, 979, 980, 981, 982, + 4274, 5141, 871, 872, 978, 671, 979, 980, 981, 982, 2664, 983, 3420, 4042, 984, 3415, 4040, 985, 986, 987, 956, 848, 3371, 3423, 4043, 3372, 4022, 3424, 2659, 988, 989, 990, 991, 992, 1941, 957, 2629, 4031, 4533, 993, 646, 849, 1503, 2473, 850, 2474, 3913, 851, 2471, 1506, 4049, 2599, 910, 1859, 994, 1197, 4050, 995, 2667, 2669, - 2666, 4048, 4999, 2668, 996, 681, 709, 669, 1857, 697, - 5210, 5560, 4790, 5205, 4791, 5536, 4720, 5199, 5200, 5201, - 5638, 3721, 495, 684, 1173, 2133, 2907, 4193, 3597, 3599, - 2908, 4192, 4659, 4660, 4661, 3595, 3596, 5719, 3601, 4190, - 5895, 6279, 6025, 6026, 4182, 6030, 4668, 5074, 5075, 5076, - 5437, 5721, 5901, 6163, 6031, 6286, 6161, 6282, 6162, 6284, - 6418, 6370, 6371, 6173, 6297, 6298, 6375, 6419, 6041, 6042, - 6043, 6464, 6465, 6044, 4186, 4187, 5716, 5070, 5772, 3765, - 3766, 2441, 5612, 1332, 496, 4792, 4913, 4793, 4794, 5506, - 6181, 4796, 4797, 6101, 4798, 4799, 4800, 6378, 2209, 5532, - 5518, 4827, 5655, 4801, 5155, 5156, 5157, 5158, 6067, 6213, - 6069, 6070, 6206, 6319, 6205, 5159, 5160, 5478, 5931, 5486, - 5919, 5311, 5161, 5162, 5163, 5493, 5763, 5933, 5929, 6078, - 6079, 6438, 6439, 6094, 6402, 6095, 6445, 6478, 6479, 6080, - 497, 683, 2082, 6229, 6230, 6231, 3970, 5764, 3971, 3972, + 2666, 4048, 5000, 2668, 996, 681, 709, 669, 1857, 697, + 5211, 5561, 4790, 5206, 4791, 5537, 4720, 5200, 5201, 5202, + 5639, 3721, 495, 684, 1173, 2133, 2907, 4193, 3597, 3599, + 2908, 4192, 4659, 4660, 4661, 3595, 3596, 5720, 3601, 4190, + 5896, 6280, 6026, 6027, 4182, 6031, 4668, 5075, 5076, 5077, + 5438, 5722, 5902, 6164, 6032, 6287, 6162, 6283, 6163, 6285, + 6419, 6371, 6372, 6174, 6298, 6299, 6376, 6420, 6042, 6043, + 6044, 6465, 6466, 6045, 4186, 4187, 5717, 5071, 5773, 3765, + 3766, 2441, 5613, 1332, 496, 4792, 4913, 4793, 4794, 5507, + 6182, 4796, 4797, 6102, 4798, 4799, 4800, 6379, 2209, 5533, + 5519, 4827, 5656, 4801, 5156, 5157, 5158, 5159, 6068, 6214, + 6070, 6071, 6207, 6320, 6206, 5160, 5161, 5479, 5932, 5487, + 5920, 5312, 5162, 5163, 5164, 5494, 5764, 5934, 5930, 6079, + 6080, 6439, 6440, 6095, 6403, 6096, 6446, 6479, 6480, 6081, + 497, 683, 2082, 6230, 6231, 6232, 3970, 5765, 3971, 3972, 3973, 1801, 1802, 2517, 1803, 1804, 1805, 1806, 1807, 1808, 1809, 1810, 1811, 1812, 3330, 2504, 2505, 3292, 3293, 2495, - 2496, 4559, 2497, 4560, 2563, 6096, 6097, 3285, 2501, 6332, - 2502, 6081, 6098, 6083, 2521, 2158, 2159, 3815, 2173, 2174, - 3647, 3648, 2444, 2522, 3301, 2523, 3334, 4627, 5420, 4633, - 4634, 4635, 4144, 4145, 4146, 4147, 4148, 3555, 6084, 5756, - 6065, 6208, 6211, 6326, 6430, 5487, 5164, 5491, 1290, 5165, - 5166, 6182, 6194, 6198, 6183, 6199, 6195, 5925, 3769, 6184, - 6185, 6186, 6201, 6197, 4310, 6187, 5738, 6054, 5739, 5740, - 5474, 3307, 498, 635, 4431, 1470, 3202, 1472, 1482, 3906, - 3228, 3227, 1485, 1484, 3220, 4399, 4884, 5288, 4430, 3903, - 4435, 5664, 814, 4915, 5987, 5827, 5995, 5829, 4916, 5115, - 4917, 5972, 6124, 4918, 5848, 5993, 6136, 5116, 5117, 4919, - 4920, 4921, 6268, 6304, 6305, 6306, 5297, 2253, 828, 829, - 1490, 1491, 1492, 3365, 5659, 5323, 499, 3760, 3099, 500, + 2496, 4559, 2497, 4560, 2563, 6097, 6098, 3285, 2501, 6333, + 2502, 6082, 6099, 6084, 2521, 2158, 2159, 3815, 2173, 2174, + 3647, 3648, 2444, 2522, 3301, 2523, 3334, 4627, 5421, 4633, + 4634, 4635, 4144, 4145, 4146, 4147, 4148, 3555, 6085, 5757, + 6066, 6209, 6212, 6327, 6431, 5488, 5165, 5492, 1290, 5166, + 5167, 6183, 6195, 6199, 6184, 6200, 6196, 5926, 3769, 6185, + 6186, 6187, 6202, 6198, 4310, 6188, 5739, 6055, 5740, 5741, + 5475, 3307, 498, 635, 4431, 1470, 3202, 1472, 1482, 3906, + 3228, 3227, 1485, 1484, 3220, 4399, 4884, 5289, 4430, 3903, + 4435, 5665, 814, 4915, 5988, 5828, 5996, 5830, 4916, 5116, + 4917, 5973, 6125, 4918, 5849, 5994, 6137, 5117, 5118, 4919, + 4920, 4921, 6269, 6305, 6306, 6307, 5298, 2253, 828, 829, + 1490, 1491, 1492, 3365, 5660, 5324, 499, 3760, 3099, 500, 1349, 1350, 1351, 2323, 2324, 3102, 3103, 4300, 4748, 501, 1316, 3055, 2313, 3091, 502, 1335, 3751, 3752, 3753, 4294, - 503, 1498, 2465, 2466, 3232, 4442, 4941, 5356, 5672, 5860, - 5668, 6004, 6005, 504, 856, 1509, 505, 648, 2489, 2490, + 503, 1498, 2465, 2466, 3232, 4442, 4941, 5357, 5673, 5861, + 5669, 6005, 6006, 504, 856, 1509, 505, 648, 2489, 2490, 2491, 3273, 506, 1952, 643, 507, 2142, 2139, 2921, 2922, 508, 1315, 2267, 2268, 2269, 2270, 3717, 509, 2637, 3388, 3389, 3390, 3391, 3050, 4263, 3051, 3052, 3726, 4539, 510, @@ -5399,77 +5399,77 @@ 2149, 515, 516, 4721, 2710, 518, 798, 796, 1133, 520, 1454, 1450, 521, 2711, 1134, 788, 789, 1402, 1217, 3798, 3799, 2581, 2582, 3163, 3150, 1218, 1219, 1431, 2422, 3181, - 2933, 2934, 2249, 2935, 3241, 2433, 1504, 5786, 5562, 4678, - 6399, 1981, 1869, 3168, 1319, 1136, 1137, 1138, 2093, 2094, - 2109, 1139, 2103, 2858, 4603, 5041, 5042, 5043, 5044, 2796, + 2933, 2934, 2249, 2935, 3241, 2433, 1504, 5787, 5563, 4678, + 6400, 1981, 1869, 3168, 1319, 1136, 1137, 1138, 2093, 2094, + 2109, 1139, 2103, 2858, 4603, 5042, 5043, 5044, 5045, 2796, 2797, 2902, 1140, 2786, 2787, 2788, 1141, 1142, 1143, 1144, 1145, 1146, 1147, 2779, 2780, 2781, 1148, 1149, 1150, 2897, - 4585, 4586, 5023, 3590, 3591, 3592, 1151, 3452, 4569, 3463, + 4585, 4586, 5024, 3590, 3591, 3592, 1151, 3452, 4569, 3463, 3464, 2739, 1152, 1153, 1154, 1155, 1156, 4168, 1157, 4649, - 4364, 1158, 1953, 2674, 2737, 5011, 4574, 5393, 5013, 5014, - 5397, 2679, 3440, 4078, 4079, 4080, 2800, 2801, 2002, 2003, - 1970, 1971, 1403, 5244, 1404, 5589, 5961, 5962, 6120, 6351, - 6260, 6261, 6453, 6483, 6454, 6455, 6456, 1405, 3136, 4830, - 1406, 1407, 1408, 4349, 4350, 5245, 4834, 5247, 4838, 2383, + 4364, 1158, 1953, 2674, 2737, 5012, 4574, 5394, 5014, 5015, + 5398, 2679, 3440, 4078, 4079, 4080, 2800, 2801, 2002, 2003, + 1970, 1971, 1403, 5245, 1404, 5590, 5962, 5963, 6121, 6352, + 6261, 6262, 6454, 6484, 6455, 6456, 6457, 1405, 3136, 4830, + 1406, 1407, 1408, 4349, 4350, 5246, 4834, 5248, 4838, 2383, 2384, 2387, 2388, 1409, 1410, 1411, 1412, 2371, 1413, 1414, - 3802, 1415, 3155, 5680, 4972, 4973, 5870, 5869, 4974, 4507, + 3802, 1415, 3155, 5681, 4973, 4974, 5871, 5870, 4975, 4507, 4508, 4003, 4004, 4731, 4732, 4733, 3811, 2733, 2734, 2808, 2642, 2643, 2644, 2680, 1423, 2398, 3172, 3821, 2400, 3819, - 4359, 3823, 4365, 4366, 2889, 3580, 4164, 3582, 5062, 5427, - 5428, 5711, 5883, 5884, 5889, 4924, 5635, 5636, 3356, 1432, + 4359, 3823, 4365, 4366, 2889, 3580, 4164, 3582, 5063, 5428, + 5429, 5712, 5884, 5885, 5890, 4924, 5636, 5637, 3356, 1432, 3189, 3838, 4362, 2211, 2212, 1434, 2404, 3176, 3827, 2213, - 2411, 2412, 3832, 4012, 1435, 1436, 1448, 1453, 1439, 4976, - 1437, 3345, 4880, 3346, 4149, 4860, 4132, 4857, 5121, 5544, - 2703, 2704, 5499, 4473, 1440, 3192, 4376, 4377, 4378, 1419, + 2411, 2412, 3832, 4012, 1435, 1436, 1448, 1453, 1439, 4977, + 1437, 3345, 4880, 3346, 4149, 4860, 4132, 4857, 5122, 5545, + 2703, 2704, 5500, 4473, 1440, 3192, 4376, 4377, 4378, 1419, 1420, 2393, 2394, 2395, 1441, 1421, 3164, 4355, 522, 730, 523, 2595, 898, 1853, 2594, 3733, 1511, 4257, 1837, 1838, 1847, 822, 668, 524, 672, 4534, 525, 712, 4256, 958, - 3217, 1898, 2261, 1899, 3043, 3711, 3712, 4722, 5109, 4723, - 5102, 5103, 4724, 1303, 5452, 5453, 1468, 4395, 4396, 4390, + 3217, 1898, 2261, 1899, 3043, 3711, 3712, 4722, 5110, 4723, + 5103, 5104, 4724, 1303, 5453, 5454, 1468, 4395, 4396, 4390, 3036, 3706, 1304, 2254, 4250, 3033, 4251, 3034, 3064, 4252, - 5385, 5875, 6277, 3030, 526, 706, 4709, 5902, 4244, 4245, - 6362, 6363, 1301, 527, 651, 2575, 894, 3350, 1835, 1840, - 1841, 4982, 2579, 5372, 3351, 5682, 4515, 4981, 2585, 895, + 5386, 5876, 6278, 3030, 526, 706, 4709, 5903, 4244, 4245, + 6363, 6364, 1301, 527, 651, 2575, 894, 3350, 1835, 1840, + 1841, 4983, 2579, 5373, 3351, 5683, 4515, 4982, 2585, 895, 896, 528, 751, 3761, 1355, 2233, 2234, 2235, 3017, 529, - 703, 1291, 4239, 4706, 3003, 687, 6046, 2216, 1294, 2217, + 703, 1291, 4239, 4706, 3003, 687, 6047, 2216, 1294, 2217, 2999, 3688, 2197, 530, 1459, 1457, 843, 531, 532, 804, 644, 2427, 533, 1458, 534, 1324, 2300, 3078, 4270, 4271, - 4736, 2301, 2302, 3734, 535, 716, 1309, 3730, 5122, 5123, - 5463, 536, 742, 1339, 1340, 2317, 2315, 3756, 3094, 537, + 4736, 2301, 2302, 3734, 535, 716, 1309, 3730, 5123, 5124, + 5464, 536, 742, 1339, 1340, 2317, 2315, 3756, 3094, 537, 2909, 538, 673, 961, 1902, 1903, 2635, 539, 745, 1344, - 540, 541, 963, 4540, 6152, 6365, 677, 2639, 1907, 5537, - 4844, 5254, 5255, 5257, 5602, 5603, 6415, 6506, 6517, 6513, - 6520, 6521, 6524, 6532, 6533, 1159, 1362, 1363, 1160, 6234, - 1161, 1162, 1163, 2712, 1307, 711, 2257, 3040, 2258, 5447, - 5726, 3041, 2626, 2627, 2259, 5104, 5105, 3619, 3820, 1164, - 4246, 5475, 1512, 1842, 1327, 614, 1165, 615, 1166, 1167, + 540, 541, 963, 4540, 6153, 6366, 677, 2639, 1907, 5538, + 4844, 5255, 5256, 5258, 5603, 5604, 6416, 6507, 6518, 6514, + 6521, 6522, 6525, 6533, 6534, 1159, 1362, 1363, 1160, 6235, + 1161, 1162, 1163, 2712, 1307, 711, 2257, 3040, 2258, 5448, + 5727, 3041, 2626, 2627, 2259, 5105, 5106, 3619, 3820, 1164, + 4246, 5476, 1512, 1842, 1327, 614, 1165, 615, 1166, 1167, 824, 1364, 2390, 3398, 1240, 3632, 1168, 4051, 1478, 2140, 2454, 2455, 3399, 617, 3633, 1241, 1814, 618, 619, 620, 621, 622, 623, 624, 549, 550, 625, 1821, 552, 702, 1249, 2170, 2178, 2952, 2168, 2964, 3668, 2966, 2967, 3673, - 2968, 1297, 2939, 2169, 3657, 4692, 4691, 2965, 4231, 5092, - 5091, 2969, 2960, 4227, 4213, 3642, 4685, 5441, 5440, 2947, + 2968, 1297, 2939, 2169, 3657, 4692, 4691, 2965, 4231, 5093, + 5092, 2969, 2960, 4227, 4213, 3642, 4685, 5442, 5441, 2947, 2946, 2945, 2955, 2956, 2957, 2958, 4224, 3653, 2434, 3199, 553, 964, 2648, 680, 1909, 1910, 3412, 554, 705, 555, 736, 1329, 3087, 3743, 3744, 4289, 4740, 4290, 556, 1202, 1203, 557, 947, 3772, 3375, 2588, 1481, 949, 2589, 2610, 951, 1861, 952, 953, 954, 955, 4420, 3895, 3896, 3379, 2591, 2456, 2929, 3888, 4870, 2457, 4414, 4415, 4871, 3225, - 5687, 4427, 3899, 5382, 4524, 5688, 5689, 558, 717, 559, - 5555, 729, 1318, 2277, 560, 561, 562, 563, 797, 1444, + 5688, 4427, 3899, 5383, 4524, 5689, 5690, 558, 717, 559, + 5556, 729, 1318, 2277, 560, 561, 562, 563, 797, 1444, 1220, 636, 637, 638, 639, 832, 833, 3905, 4437, 4936, - 4937, 5666, 6527, 6528, 5780, 5942, 3127, 4323, 6242, 6482, - 6514, 6537, 4328, 4329, 4330, 3783, 3784, 564, 1369, 1365, + 4937, 5667, 6528, 6529, 5781, 5943, 3127, 4323, 6243, 6483, + 6515, 6538, 4328, 4329, 4330, 3783, 3784, 564, 1369, 1365, 762, 2343, 2337, 2339, 3113, 3764, 565, 566, 567, 3321, - 568, 1938, 2663, 4047, 4998, 3383, 2476, 6108, 4820, 5237, - 5581, 5797, 5226, 6248, 6246, 1822, 626, 1921, 881, 4304, - 912, 3317, 1306, 3037, 2597, 997, 998, 3322, 4956, 4484, + 568, 1938, 2663, 4047, 4999, 3383, 2476, 6109, 4820, 5238, + 5582, 5798, 5227, 6249, 6247, 1822, 626, 1921, 881, 4304, + 912, 3317, 1306, 3037, 2597, 997, 998, 3322, 4957, 4484, 2477, 2478, 882, 883, 570, 571, 1463, 3200, 3201, 999, - 1000, 4262, 4727, 4728, 5112, 4821, 4822, 4808, 5801, 6346, - 4813, 2264, 5939, 5940, 6240, 6446, 5227, 5228, 5573, 5229, - 5230, 5565, 5947, 5563, 5946, 5231, 5790, 6112, 5788, 6111, - 5215, 5216, 5232, 884, 3947, 5552, 3949, 5583, 5798, 3780, - 4322, 5556, 572, 3125, 4335, 4333, 4325, 4331, 5792, 885, + 1000, 4262, 4727, 4728, 5113, 4821, 4822, 4808, 5802, 6347, + 4813, 2264, 5940, 5941, 6241, 6447, 5228, 5229, 5574, 5230, + 5231, 5566, 5948, 5564, 5947, 5232, 5791, 6113, 5789, 6112, + 5216, 5217, 5233, 884, 3947, 5553, 3949, 5584, 5799, 3780, + 4322, 5557, 572, 3125, 4335, 4333, 4325, 4331, 5793, 885, 886, 1830, 887, 888, 2570, 889, 2492, 1001, 1002, 573, 1003, 2671, 2670, 4054, 722, 1004, 1313, 650, 1829, 2265, 3714 @@ -5480,1502 +5480,1512 @@ number is the opposite. If YYTABLE_NINF, syntax error. */ static const yytype_int16 yytable[] = { - 616, 542, 1936, 2884, 720, 645, 764, 837, 519, 1798, - 721, 1238, 1289, 682, 492, 913, 816, 2763, 3065, 820, - 1252, 517, 3347, 831, 551, 2160, 827, 2163, 2164, 1401, - 1799, 2917, 2834, 569, 693, 2177, 3086, 2508, 693, 3432, - 3110, 1480, 493, 693, 897, 548, 707, 2428, 900, 2702, - 902, 494, 903, 904, 2239, 905, 906, 907, 1433, 950, - 1376, 546, 1377, 1433, 514, 1433, 1379, 1380, 574, 2401, - 543, 2413, 875, 3843, 2413, 3844, 3845, 2500, 3384, 2518, - 2709, 2817, 3109, 3331, 3702, 3709, 2417, 3725, 1195, 1204, - 3357, 700, 2562, 3234, 3332, 2774, 3680, 725, 545, 948, - 2837, 3302, 4379, 4311, 876, 3191, 2527, 1320, 2506, 4841, - 2869, 2870, 2871, 2872, 2873, 2874, 2875, 2877, 2879, 2880, - 2881, 2882, 2883, 1479, 1243, 2207, 3433, 2442, 1196, 948, - 4469, 4828, 2743, 3219, 2607, 547, 2506, 3302, 2391, 4373, - 2498, 2004, 2332, 4517, 1356, 1357, 1964, 2240, 3029, 1346, - 2366, 2443, 1353, 3654, 4922, 4487, 1244, 1832, 1510, 2141, - 2987, 2988, 4923, 733, 3839, 732, 3666, 4807, 4816, 3722, - 3773, 4354, 4052, 4053, 4238, 3422, 2916, 5207, 2994, 4547, - 4957, 5239, 4369, 3204, 544, 1823, 3948, 3912, 4083, 3800, - 3800, 4492, 4272, 4563, 4439, 5545, 3801, 2241, 3010, 4558, - 3303, 4353, 696, 4558, 4803, 2506, 1469, 1513, 4380, -2564, - 838, 1514, 4795, 4795, 3807, 4914, -2714, -3741, 4747, 839, - 5347, 1936, 3023, 3024, 840, 841, 842, -395, 2536, -3737, - -3734, -3739, 2542, -3735, -2565, -509, -509, 5294, 5744, -1051, - -1051, 5295, 847, 1466, 5296, 2553, 2849, 826, 5720, 2078, - 2080, 2081, 3885, 5745, 2857, 2859, 3272, 2862, 2863, 2088, - 3104, -3738, 2123, 727, 1452, 2520, 2520, 2089, 3077, 4014, - 1875, -3736, 4958, 5676, 1466, 2520, 2090, 5110, 2045, 1876, - 2198, 746, 2524, 6285, 946, 2467, 2064, 3426, 1848, 1816, - 1849, 2526, 810, -1912, -1912, 1392, 3341, 4388, 5864, 5957, - 1855, 1856, 3564, 3348, 4411, 1305, 749, -2859, -2859, 875, - 6250, 1451, 5355, 4327, 946, 740, 2341, 5167, 4356, 4357, - -3523, 1817, 4426, 4896, 4795, -407, -407, 2506, 2162, 741, - 4573, 2506, 2438, 3223, 810, 2068, 2435, 1314, -3506, 4629, - 2640, 876, -3445, -3445, 2506, 4339, 830, 1496, 4184, 2509, - 3159, 1330, -3510, 678, 4301, 3341, 4717, 4718, 2525, 4131, - 5733, -3446, -3446, -3509, -3507, 685, 744, 4398, 2531, 5497, - 2520, 4939, 4994, 2695, 2696, 2697, 5765, 2698, 713, 2699, - 3434, 2700, 3565, 5249, 2532, 3409, 2530, 3650, 2534, 678, - 3800, 3298, 4630, 3174, 3374, 4718, 4005, 2555, 2543, 4811, - 2546, 2547, 2548, 2549, -3508, 2550, 3846, 3847, 2520, 4454, - 3341, 6048, 3341, -2730, 6252, 724, 2556, 2557, 2558, 2559, - 2560, 805, 5285, 4419, 2533, 5203, 4675, 4676, 6266, 3341, - -2679, -2679, 3341, -2159, 2499, 2091, 5299, 2088, 5301, 3410, - 5670, 5313, 1502, -2731, 1466, 2089, 3771, 3767, 5220, 1497, - 43, -2676, -2676, 2529, 2090, 5331, 2695, 2696, 2697, -3445, - 2698, 718, 2699, 3341, 2700, 743, -2679, 4811, 4292, 4293, - 1385, 3566, 5492, 2681, 2682, 6450, 5286, 2200, -3446, 5167, - 2088, 3341, 2692, 765, 4977, 2583, 3341, -2676, 2089, 4440, - 1895, 3341, 3341, -2732, 2275, 4205, 4206, 2090, 2537, 714, - 1466, 50, 4812, 3886, -3445, 5500, 2110, 4237, 5913, -1987, - 1466, 4035, 2438, 2753, 3341, 2756, 4432, 4428, 1851, 6400, - 1222, 1425, 2110, -3446, -3769, 4470, 3450, 1317, 807, 1895, - 2769, 2770, 2772, 5833, 4268, 2111, 2112, 2775, 2776, 3363, - 2695, 2696, 2697, 2092, 2698, 2792, 2699, 1885, 2700, -3770, - 519, 2111, 2112, 2685, 5502, 959, 2110, 6073, 1900, 5504, - 6122, 4995, 1466, 809, 2273, 2134, 1427, 1905, 718, 5977, - 4812, 1466, 6270, 2088, 1466, 880, 2326, 1940, 6451, 5846, - 4248, 2089, 4629, -3513, 2154, 2111, 2112, 5522, 5620, 5212, - 2090, 724, 5557, 2195, 723, 3119, 2307, 2110, 1442, 2113, - 43, -2859, 2402, 6480, 4719, 1429, 514, 5577, 5318, 5571, - 4811, 1846, 4927, 2091, 5645, 2113, 1466, 2272, 719, 4877, - 4817, 3736, 724, 2439, 815, 817, 2111, 2112, 817, 2250, - 825, 3609, 6466, 2678, 698, 4630, 3587, 6498, 43, 704, - 793, 5558, 1401, 640, 3588, 542, 2110, 2088, 3723, 2113, - -3445, 50, 519, 6074, 5317, 2089, 2091, 1443, 854, 3489, - 764, 52, 2088, 3724, 2090, 517, 3413, 825, 2348, -3446, - 2089, 2351, 4664, 794, 879, 2354, 2355, 2356, 6493, 2090, - 2359, 2360, 2251, 4558, 5572, 2114, 2236, 4795, 2238, 50, - 2113, 1193, 2691, 551, 4471, 548, -742, 825, 4914, 52, - 3723, 2114, 2088, 4963, 1886, 689, 6359, 4928, 514, 2403, - 2089, 878, 1310, 4812, 548, 3724, 5564, 3364, 5978, 2090, - 825, 2092, 5564, 4269, 724, 719, 1248, 4823, 1433, 1896, - 546, 3326, 2155, 1328, 825, 2114, 2640, 2088, 4908, 2113, - 2196, 2308, 4237, 5734, 1194, 2089, -3539, 1247, 877, 2091, - 1333, 890, 2686, 6123, 2090, 2327, 5994, 5861, 854, 5979, - 960, 854, 6075, 1245, 2092, 1341, 1375, 545, 1896, 2274, - 3703, 3695, 1239, -3769, 4394, 6348, 2114, -1987, 1901, 4429, - 4433, 6401, 679, 807, 1906, 547, 4824, 891, 5559, 1897, - 2453, 5753, 2201, 5217, 3190, 678, 5580, 3500, -3770, 2135, - 1456, 2342, 4523, 2439, 547, 1449, 836, 4795, 1464, 1465, - 2481, 857, 6452, 6086, 795, 4398, 825, 2590, 679, 1266, - 837, 1311, 855, 2091, 4441, 2114, 2276, 2494, -3633, 5213, - 5872, 909, 825, 5538, 874, 2152, 3800, 1246, 2091, 6544, - 686, 1499, 4338, 5319, 2161, 1005, 1887, 946, 2604, 695, - 1386, 4881, 2175, 544, 807, 3983, 3984, 2092, 4327, 3571, - 4344, 5220, -1912, 4219, 4348, 3828, 4825, 4503, 1299, 3224, - 4412, -3539, 6267, 1488, 2494, -2220, 1486, 3768, 2091, 2458, - 674, 3224, 2462, 2210, -2220, 551, 1242, 5287, 6281, 551, - 4302, 1820, 1843, 3813, 1845, 715, 5338, 817, 5079, 817, - 5167, 825, 3981, 3982, 1854, 43, 548, -3523, 747, 2364, - 548, 879, 2199, 2091, 2278, 678, -1912, -3445, 4014, 3567, - 2488, 3361, 546, 3111, 3939, -3506, 546, 2431, 1819, 4363, - 764, 2092, 548, 750, 3900, 4631, -3446, 3887, 3651, -3510, - 5691, 1877, 6269, 5320, 4671, -2714, 2092, 2940, 878, 4977, - -3509, -3507, 1850, 3652, 1852, 642, 50, 3382, 748, 545, - 5803, 807, 2950, 545, 1927, 1818, 52, 2088, 1451, 3411, - -2714, 1931, 1467, 1934, 2917, 2089, 3558, 3559, 6327, 1430, - 6329, 542, -2570, 475, 2090, 877, 2092, 1942, 519, 1920, - 1920, -3508, 1920, 1920, 1920, 6330, 547, 3696, -3741, 1920, - 547, 517, 5294, 1467, 551, 4237, 5295, -2571, -395, 5296, - -3737, -3734, -3739, 569, -3735, 3572, 3573, 3451, 3576, 3577, - 3940, 2092, 547, 838, -509, 548, 1918, 1918, -1051, 1918, - 1918, 1918, 839, 4006, 2397, 2046, 1918, 840, 841, 842, - 5167, 546, -3738, 2065, 514, 544, 811, 3342, 2413, 544, - 543, 1815, -3736, 4959, 5677, 4657, 4506, 2991, 2641, 2993, - 3177, 4922, 2997, 1917, 1917, 5468, 1917, 1917, 1917, 4923, - 2707, 874, 5945, 1917, 3005, -3539, 4018, 3008, 545, 5865, - 5958, 3011, -1912, 6387, 6388, 2078, 2080, 2004, 2662, 5548, - 4046, 6251, 2069, 4358, 6394, 4795, -2859, 2442, 4795, 5098, - 1919, 1919, 2065, 1919, 1919, 1919, 3342, 3026, 3027, 3028, - 1919, 2927, 4940, 3754, -407, 547, 3308, 5240, -115, 2916, - -115, 2443, 4914, 3308, 3145, 3805, 3806, 4081, 2086, 4082, - 2085, -3445, 2488, 475, 5806, 3160, 5807, 2083, 2701, -1912, - -1912, 5783, -2730, 2091, 2181, 5258, 4194, 675, 5261, 2520, - -3446, 3022, 5410, 4537, 2592, 6425, 5412, 5279, 2985, 5545, - 5545, 3342, 4558, 3342, 544, 3300, 4558, -2730, 4, 5, - -3513, 475, -2731, 1467, 2237, 5824, 2520, 5826, 4631, 2520, - 3342, 5671, 5831, 3342, 3963, 2248, 2640, -1912, 2520, 5836, - 5837, 825, 3323, 2453, 4272, 3324, 5567, -2731, 3562, 5843, - 3830, 4492, 5313, 5262, 3335, 5167, 4856, 4859, 3327, 5785, - 4859, 4856, -2679, 3284, 3342, 3287, 4131, 4131, 825, -2679, - -2679, 2773, -2732, 2918, 679, 4211, 893, 825, 3299, 1467, - 825, 4795, 3342, -2676, 5862, 825, 3470, 3342, 3471, 1467, - -2676, -2676, 3342, 3342, 3448, 4879, 3309, -2732, 2886, 4009, - 2309, 2092, 6349, 2672, -119, -111, -119, -111, 3314, 3479, - -1912, 6426, 3482, 2488, 2176, 3342, 825, 2116, 2117, 2118, - 2119, 2120, 2121, 2122, 3336, 3275, -1912, 3224, 3494, 948, - 3593, 6021, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, - 5949, 1467, 5951, 5974, 3286, 854, 4693, 854, 3513, 4392, - 1467, -1912, 718, 1467, 2260, 6436, 807, 4632, 2203, 2482, - 1373, 4725, 807, 807, 2640, 1489, 2115, 2116, 2117, 2118, - 2119, 2120, 2121, 2122, 2088, 2949, 5321, 1425, 3669, 2310, - 4826, 2842, 2089, 4845, 2903, -2159, 5938, -2159, 2320, -2159, - -1912, 2090, 5045, 3890, 679, 1467, 5975, 4848, 2861, 1466, - 2689, -1912, 807, 2333, 5955, 1947, 5932, 2115, 2116, 2117, - 2118, 2119, 2120, 2121, 2122, 5855, -2220, 4235, 2334, 2928, - 4209, 3352, 1427, 2346, 782, -2220, 4966, 4967, 4868, -1912, - 4013, 5208, 3800, 3800, 2312, 5167, 5576, 3948, 4831, 4832, - 1222, 5984, 2110, 5778, 4942, 2904, 807, 2373, 890, 2609, - 2085, 4835, 4836, 3462, -1912, 5787, 5789, 2083, 2117, 2118, - 2119, 2120, 2121, 2122, -3332, 640, 6500, 2396, 3472, 4687, - 3473, 2111, 2112, 2088, 3825, 4221, 3602, 2811, 2349, 2350, - 3380, 2089, -1912, 4696, 891, 2420, 5433, 4699, 475, 6427, - 2090, 678, 3009, 1943, 3289, 2110, -1912, -1912, 5992, 6176, - 2205, 1479, 4307, 6428, 2641, 5896, 2429, 2430, 542, 719, - 3501, 2218, 1449, 6245, 946, 519, 4265, 3290, 3891, -2558, - 2447, 4334, 6338, 2973, 2111, 2112, 4099, 6244, 517, -2408, - 2437, 807, 4267, 825, 5194, 2113, 787, 2304, 1238, 5956, - 1878, 817, 807, 3481, 1944, 807, 1401, 1252, 2314, 2917, - 2091, 676, 4494, 647, 4496, 2088, 807, 4296, 1222, 3204, - 3205, 5019, 724, 2089, 5693, 2088, 5218, 834, 2650, 1393, - -1912, 514, 2090, 2089, 1479, 764, 6264, 3053, 2656, 2088, - 6121, -3766, 2090, 4443, 2088, 4893, 2088, 2089, 2113, 6177, - 5152, 2953, 2089, 2941, 2089, 3302, 2090, 3302, -3342, 6134, - 2483, 2090, 6022, 2090, 2460, 4237, 3552, 2989, 1945, 1438, - -1912, 2214, 3422, 5086, -2408, -3764, 4308, 2675, 4280, 4281, - 4994, 2114, 2975, 2976, 4150, 2978, 2980, 2981, 2982, 4986, - 4987, 6128, 4584, 948, 2215, 2088, 5802, 1417, 2992, 5099, - 2995, -3767, 2540, 2089, 4183, 2541, -1912, 5425, 3387, 2091, - 2538, 1243, 2090, 2088, 5195, 4521, 3007, 6228, 2092, 4169, - 4172, 4175, 4176, 1948, 6343, 3092, 1401, 5604, 4024, 5426, - 2090, -2408, 1473, 4394, 2114, 4869, 4541, 1401, 1401, 2088, - 2461, 1946, 2088, 1244, 2484, 5959, 2485, 2089, 4694, 2088, - 2089, 3032, 3121, 3122, 2916, -224, 2090, 2089, 2195, 2090, - 6178, 3132, 3133, 3134, 2453, 4035, 2090, 2930, 5856, 649, - 5897, 5898, 2709, 1396, 2514, 5507, 5209, 4393, -1872, 4188, - 2244, 4544, 3893, 4243, 2905, 5520, 5521, -3332, 5020, 1460, - 2088, 2091, 2088, 2204, 694, 4236, 3594, 2088, 2089, 1266, - 2089, 2091, 3826, 3054, 5695, 2089, 2376, 2090, 3074, 2090, - 4161, 2088, -743, 4898, 2090, 2091, 2206, 2092, 1879, 2089, - 2091, 4969, 2091, 2088, 6262, 4162, 4163, 6023, 2090, 3095, - 4155, 2089, 4158, 4516, -1912, 3456, 2486, 642, 5264, 5714, - 2090, 5576, 2088, 3449, 892, 2278, 6501, 3644, 2885, 2924, - 2089, 5389, 3603, 6110, 3126, 3129, 4309, 3130, 3131, 2090, - 3615, 3616, 5434, 3206, 3665, 2568, 5219, 2088, 3670, 4995, - 2113, 2091, 2377, 5899, 6411, 2089, 6429, 2088, 946, 2088, - 4782, 2088, 2442, 2378, 2090, 2089, 2219, 2089, 948, 2089, - -3766, 2379, 4305, 3692, 2090, 1430, 2090, 5948, 2090, 2092, - 1880, 4807, 5796, 2088, 6045, 2196, 2443, -3765, 4340, 2092, - 2487, 2089, 1418, 5857, 2954, 2091, 2984, 1266, 2091, 2380, - 2090, -3342, 3185, 2092, -3764, 2091, 710, 2088, 2092, 3291, - 2092, 908, 6077, 2565, -1872, 2089, 6077, 2413, 4222, 2413, - 2413, 807, 3203, 2577, 2090, 5900, 3477, 2539, 1832, 3831, - -3767, 3834, 3835, 2088, 2587, 2088, 2114, 825, 3682, 825, - 807, 2089, 3683, 2089, 3685, 4223, 2091, 6253, 2091, 2442, - 2090, 5379, 2090, 2091, 6024, 2381, 2488, 4970, 3690, 2092, - 679, 5757, 2990, 893, 5387, 2906, 15, 2091, 6470, 6179, - 825, 3698, 3699, 2443, 3606, 3607, 825, 2092, 3792, 2091, - 3318, 5085, 6082, 2382, 3793, 3367, 3368, 5089, 5090, 4404, - 2245, 6180, 4509, 5700, 2641, 2996, 5657, 3747, 2091, 3242, - 3649, 4789, 2088, 2092, 1426, 1827, 2092, 6525, 3748, 6391, - 2089, 2652, 5298, 2092, 793, 24, 6311, 5312, -1912, 2090, - 6313, 3723, 5322, 2091, 2088, 6045, 4448, 5840, 4450, 4451, - 6103, 2645, 2089, 2091, 4456, 2091, 3724, 2091, 4466, 807, - 825, 2090, 4464, 3660, 3114, 6113, 4472, 794, 4475, 6322, - 3408, 1428, 5986, 946, 2092, 3120, 2092, 859, 860, 2091, - 3304, 2092, 6077, 2488, 2088, 4511, 3319, 4711, 5533, 5830, - 3384, 6471, 2089, 5535, 5394, 2092, 3305, 4712, -1872, 6077, - 4282, 2090, 1474, 2091, 519, 2085, 2088, 2092, 4237, 2246, - 738, 5000, 2083, 5476, 2089, 5368, 3165, 5369, 4237, 4237, - 726, 3553, 913, 2090, 3363, 2247, 2092, 2467, 2854, 2091, - 1425, 2091, 3186, 6515, 1426, 5658, 6358, 3369, 6360, 6382, - 43, 4971, 2641, 3320, 6018, 4283, 6381, 2088, 5429, 5911, - 6283, 2092, 6219, 6287, 1206, 2089, -3765, 640, 807, 2088, - 2088, 2092, 807, 2092, 2090, 2092, 2516, 2089, 2089, 807, - 6526, 6051, 4849, 3218, 3401, 1427, 2090, 2090, 3239, 3713, - 2835, 1428, 48, 3749, 3889, 3747, 6353, 2092, 1467, 739, - 3486, 50, 4865, -2159, -2159, 5686, 3748, 6323, 2091, 718, - 5002, 52, 875, 519, 6409, 5004, 3402, 4284, 795, 1196, - 6020, 2092, 5005, 1207, 1429, 6516, 2843, 63, 2678, 3575, - 2091, 2645, 4467, 4036, 793, 6392, 6422, 6410, -1356, 2646, - 2088, 825, -1356, 2890, 876, 3000, 2885, 2092, 2089, 2092, - -72, -1296, 3661, 3302, 5611, 2161, 5921, 2090, 3302, 807, - 4285, 5927, 5928, 825, 825, 3302, 2910, 794, 6449, 3210, - 2091, 825, 2942, 2088, 2117, 2118, 2119, 2120, 2121, 2122, - 728, 2089, 1475, -1356, 1828, 6324, 2918, 2752, 3001, -1356, - 2090, 2850, 2091, 2959, 5291, 6354, 3890, 5887, 6017, 3487, - 1476, 817, 817, 807, 817, 817, 817, 817, 807, 825, - 825, 807, 3364, 1977, 1978, 1979, 2092, 817, 3750, 1347, - 5490, 5490, -1356, 1248, 6051, 2115, 2116, 2117, 2118, 2119, - 2120, 2121, 2122, 2091, 3006, 817, 4468, 825, 2092, 3560, - 2088, 4882, 6116, 5626, 1247, 2091, 2091, 3178, 2089, 2095, - 2096, 2097, 766, 2098, 3012, 6131, 4237, 2090, 807, 2027, - 1245, 3749, 6155, 5890, 2032, 767, 719, 3416, 6416, 1239, - 807, 2851, 2088, 3421, 5685, 2936, 4383, 3641, 2092, 6066, - 2089, 6068, 1208, 3457, 1209, 1305, 769, 1936, 3796, 2090, - 4326, 3488, 3797, 4528, 4529, 1210, 1455, 1526, 2088, 2645, - 2092, 4237, 1348, 3208, 3589, 3541, 2089, 3542, 795, 2646, - 4156, 1211, 4157, 2937, 3554, 2090, 2091, 5442, 5443, 752, - 2088, 3891, 6061, 4286, 4287, 4288, 3002, 854, 2089, 6442, - 4642, 807, 4645, 641, 1246, 3612, 3097, 2090, 1964, 2804, - 2805, 2092, 2374, 3209, 3179, 2678, 2647, 4017, 854, 2091, - -2350, 2482, 4384, 2092, 2092, 812, 5476, 825, 863, 864, - 2852, 4242, 4883, 3466, 3116, 2562, 825, 825, 825, 4716, - 2099, 6188, 807, 5590, 1846, 948, 817, 817, 6156, 642, - 3210, 3635, 3677, 1242, 1336, 4479, 3750, 3678, 4480, 6424, - 807, 5250, 5251, 3892, 6247, 6249, 1615, 3681, 753, -2350, - 1401, 807, 807, 3684, 2755, 4579, 1401, 4580, 4291, 825, - 3467, 764, 3746, 3636, 1936, 4643, 2091, 4644, 6207, 3839, - -615, 1401, 5600, 818, 2092, 3180, 6469, 1644, 6443, 3794, - 4276, 4277, 2088, 5601, 2488, 4185, 3781, 4498, 2088, 3782, - 2089, 6333, 6334, 2442, 2898, 3790, 2089, 4210, 2091, 2090, - 4481, 2119, 2120, 2121, 2122, 2090, 5926, 2092, 3468, 2580, - 3474, 4874, 4875, 4876, 4214, 3484, 825, 2443, 2938, 1337, - 4217, 4218, 5100, 5477, 2091, 807, 2899, 2646, 5482, 3485, - 5252, 807, 2088, 6444, 4360, 3233, 4945, 4948, 3707, 4951, - 2089, 3490, 2510, 3814, 3731, 1212, 2091, 2413, 1430, 2090, - -931, 3211, -931, 1716, -2350, 807, 2511, 4278, 2512, 3831, - 3491, 4421, 4422, 3212, 2488, 4423, 4424, 4425, 819, 5515, - 5303, 5974, 5494, 6063, 2092, 3893, 1338, 1739, 2438, 825, - 4553, 6300, 5483, 3779, 6303, 3499, 2506, 4361, 825, 3469, - 5490, 3787, 3789, 6431, 2678, 3511, -2350, 3516, 2453, 3517, - 2900, 5407, 6233, 2088, 3469, -2350, 2092, 5253, 5263, 2419, - 946, 2089, 2421, 2421, 5516, -2350, 5417, 2377, 2088, 3328, - 2090, 3520, 821, 4495, 5975, 4343, 2089, 2885, 2378, 4347, - -1296, -2350, 2092, 475, 5304, 2090, 3156, 3894, 551, 5494, - 5305, 6233, 2483, 3512, 2678, 1843, -1356, 5413, 2590, 2088, - 3100, 3359, 5866, 2771, 2092, 2129, 734, 2089, 2091, 548, - 3366, 807, 807, 3213, 2091, 880, 2090, 1401, 3850, 3851, - -365, 3521, 3357, 3537, 5867, 546, 3378, 3378, 4212, 2506, - 4077, 2901, 5484, 5517, 4077, 4557, 806, 2138, 4931, 5353, - 3302, 4564, 5388, 786, 2088, 4932, 2806, 6508, 6509, 2807, - 825, 654, 2089, 2791, 807, 1823, 4472, 2448, 2091, 3101, - 3587, 2090, 545, 655, 807, 6308, 5723, 5724, 5082, 787, - 3157, 3419, 630, 5868, 4510, 2413, 2484, 5058, 2485, 3425, - 3715, 835, 3427, 3214, 5054, 5376, 3407, 4513, 5056, 5878, - 3540, 4551, 4552, 5912, 6440, 6440, 5106, 2453, 2382, 547, - 5485, 5065, 4561, 1213, 1214, 1215, 1216, 3406, 5312, 2088, - 551, 2918, 3547, 3735, 879, 5051, 2092, 4609, 2608, 4610, - 4142, 4611, 2092, 3404, 2088, 844, 2090, 5007, 5008, 2091, - 3146, 548, 2089, 6477, 4143, 548, 3147, 2088, 3148, 846, - 519, 2090, 2513, 1760, 2091, 2089, 724, 546, 544, 858, - 3515, 878, 1936, 3460, 2090, 1999, 5027, 3215, 5077, 3976, - 3403, 3215, 2011, 657, 3342, 5277, 2092, 5278, 2486, 2088, - 4016, 899, 3523, 3641, 5047, 2091, -2402, 2089, -2402, 901, - 2514, 2028, 2029, 962, 545, 1823, 2090, 1172, 877, 1823, - 1174, 3977, 5903, 1190, 1192, 2088, 688, 3405, 2515, -931, - 2397, 2088, 1198, 2089, 1373, 1266, 2088, 1298, 2853, 2089, - 948, 3149, 2090, 5455, 2089, 4058, 2088, 1302, 2090, 2439, - 2091, 547, 1300, 2090, 2089, 547, 2088, 4091, 4337, 1317, - 2499, 690, 807, 2090, 2089, 690, 807, 2092, 5241, 1312, - 690, 1326, 2487, 2090, 1322, 5242, 3400, 5243, 1325, 4084, - 3549, 2088, 2092, 2510, 4, 5, 4201, 4, 5, 2089, - 4089, 4090, 4130, 3342, 5444, 3560, 1331, 1222, 2090, 2512, - 544, 1334, 6196, 6200, 874, 4855, 3342, 3635, 2088, 1343, - 3142, 2085, 3143, 2092, 2088, 3381, 2089, 3382, 2083, 3976, - 2376, 1416, 2089, 3976, 2088, 2090, 1345, 2088, 4577, 5525, - 2091, 2090, 2089, 659, 4612, 2089, 4613, 2088, 4614, 3636, - 2088, 2090, 1354, 2091, 2090, 2089, 1368, 4125, 2089, 4858, - 3342, 3977, 2376, 3875, 2090, 3977, 2325, 2090, 2092, 1352, - 2510, 4578, 2330, 2331, 4129, 786, 825, 825, 1479, 2885, - 3475, 2088, 2750, 825, 1222, 2091, 2512, 3378, 3378, 2089, - 6016, 2088, 4530, 4531, 4532, 2088, 2377, 1372, 2090, 2089, - 825, 2088, 825, 2089, 1374, 3655, 3656, 2378, 2090, 2089, - 3631, 2091, 2090, 4878, 3342, 2379, 2088, 2091, 2090, 3518, - 1381, 3519, 2091, 3640, 2089, 2100, 2101, 2102, 2377, 1378, - 3676, 817, 2091, 2090, 1383, 946, 817, 2088, 4593, 2378, - 1238, 1238, 2091, 2380, 3639, 2089, 817, 2379, 2092, 1252, - 1252, 6196, 817, 3809, 2090, 6200, 2088, 3447, 3679, 1422, - 2865, 2092, -2359, 2088, 2089, 4705, 4988, 2091, 4990, 3686, - 4595, 2089, 3955, 2090, 3958, 2380, 4504, -2350, 2413, 807, - 2090, 6487, 6489, 4697, 1358, 4698, 5791, 1359, 1360, 1384, - 4850, 5354, 1361, 2092, 2091, 2260, 4620, 3637, 5667, 2381, - 2091, 4710, 1460, 825, 3718, 807, 5039, 1401, 1471, 1908, - 2091, 1401, 3964, 2091, 3965, 5683, 3524, 4741, 3689, 2092, - 1473, 2088, 2161, 2091, 2161, 2092, 2091, 2382, 5454, 2089, - 2092, 2381, 2826, 2827, 3638, 807, 825, 3966, 2090, 3965, - 2092, 5776, 1487, 854, 3742, 3967, 4486, 3968, 807, 3810, - 2092, 1483, 4249, 1243, 1243, 1493, 2866, 2091, 1494, 2382, - 3745, 4707, 4863, 4864, 5619, 764, 4044, 2091, 4045, 1495, - 627, 2091, 2867, 1500, 3770, 2092, 830, 2091, 3775, 3776, - 807, 2514, 817, 3634, 1505, 1244, 1244, 2088, 1508, 807, - 3788, 817, 2091, 1358, 807, 2089, 1359, 1360, 5650, 2515, - 807, 1959, 2092, 4254, 2090, 3382, 1266, 1824, 2092, 2088, - 6292, 6293, 2516, 2091, 4975, 807, 1825, 2089, 2092, 3812, - 4672, 2092, 6384, 2396, 3817, 5274, 2090, 5275, 3526, 5276, - 4324, 2092, 2091, 5526, 2092, 5527, 4621, 3997, 3998, 2091, - 1826, 3999, 5907, 4000, 2868, 4001, -2352, 4351, 1833, 4352, - 718, 6196, 6200, 5498, 5501, 5503, 5505, 1834, 2514, 5508, - 5509, 4408, 1846, 4409, 5513, 2092, 1858, 5519, 5432, 5528, - 5523, 1445, 1446, 5498, 3849, 2092, 2515, 5534, 5498, 2092, - 5401, 825, 3856, 1266, 1863, 2092, 2088, 807, 4375, 4477, - 4601, 4478, 3519, 1862, 2089, -2352, 4604, 2091, 2278, 5529, - 2092, 1860, 5306, 2090, 1872, 4608, 6432, 2278, 2499, 628, - 1401, 4615, 1868, 4616, 4386, 4387, 1870, 4389, 4391, 3995, - 1871, 2092, 1823, 1011, 1012, 1013, 1014, 1015, 1016, 1017, - 1018, 1019, 1020, 1021, 3946, 5637, -3493, 3251, 3252, 4934, - 2092, 4935, 4960, 3957, 4961, 1864, 6475, 2092, 1865, 3527, - 1873, -3628, 3264, 5307, 3266, 3876, 5059, 3318, 2278, 5358, - -3495, 5359, 825, 2091, 3530, 1874, -3492, 4, 5, 6104, - -969, 5360, 3723, 5361, 3318, 1866, 1881, 5362, 5402, 5363, - 2278, 6494, 5713, -3494, 1867, 2091, 1882, 3724, 5615, 5616, - 1883, 5618, 2453, 2453, 1884, 3531, 5623, 3996, 1889, 5627, - -2352, 3980, 5630, 5631, 1890, 2092, 5306, 719, 6507, 4008, - 5639, 807, 5640, 5415, 5095, 5416, 652, 807, 825, 825, - 5423, 5646, 2278, 1043, 629, 5871, 1816, 2088, 4, 5, - 825, 1888, 5530, 5684, 5876, 2089, 6072, 1891, 3979, 4945, - 3535, 4948, -2352, 4951, 2090, 5308, 1892, 3267, 3268, 1893, - 5435, -2352, 5436, -741, 2263, 1894, 1904, 5307, 1817, 1951, - 2271, -2352, 2091, 1965, 1966, 3877, 5531, 5460, 5106, 5461, - 1967, 2092, 3878, 653, 718, 3978, 3723, -2352, 3879, 5825, - 2022, 5480, 6546, 5481, 2928, 2928, 1972, 1973, 2161, 2104, - 1974, 3724, 5974, 2092, 2054, 5594, 5838, 4352, 1975, 630, - 2088, 1976, 5702, 1064, 6073, 825, 3631, 825, 2089, 5847, - 2088, 5849, 1980, 1920, 1920, 1920, 1982, 2090, 2089, 3640, - 3538, 4594, -3628, 1983, 2885, 2161, 5737, 2090, 4714, 654, - 5906, 3980, 5093, 3545, 5408, 3980, 2124, 3443, 5083, 5084, - 3639, 1387, 5660, 654, 1416, 5975, 5858, 1984, 5859, 631, - 1918, 1918, 1918, 5974, 3880, 655, 5909, -741, 5910, 1985, - 1986, 3975, 4413, 1987, 2125, 3557, 1479, 1479, 3979, 5915, - 2092, 5910, 3979, 2516, 1916, 1923, 1988, 1928, 1929, 1930, - 5965, 1989, 4352, 830, 1933, 2105, 1990, 1917, 1917, 1917, - 2724, 4572, 1078, 3637, 4641, 5964, 4753, 4581, 1991, 1992, - 6074, 2106, 4582, 2091, 1388, 3978, 5975, 2058, 4141, 3978, - -1701, 5966, 4583, 4352, 6118, 5291, 6119, 3881, 656, 2376, - -1700, 6145, 4588, 6146, 1919, 1919, 1919, 3589, 2126, 2451, - 3638, 719, 6157, 2506, 6158, 2085, 519, 4165, 1993, 1996, - 2463, 657, 2083, 2127, 6192, 6047, 4409, 4589, 1401, 1401, - 2516, 5204, 718, 1997, 1998, 657, 2224, 2725, 5395, 5885, - 1361, 6276, 3569, 5120, 6193, 807, 6320, 2104, 6321, 5891, - 825, 825, 3137, 2107, 4590, 2006, 2091, 6050, 1479, 3634, - 4591, 2007, 2008, 6056, 6057, 2377, 2091, 6355, 2128, 5436, - 4592, 3975, 2130, 4600, 4962, 3975, 2378, 2009, 2012, 4261, - 825, 2132, -2586, 4606, 2379, 2137, 4607, 718, 6367, 6075, - 6368, 2092, 2013, 2014, 5832, 5707, 2413, 4159, 2015, 5291, - 542, 2016, 2104, 2726, 4228, 2727, 4230, 519, 6376, 2017, - 6377, 2728, 2380, 492, 2018, 2019, 2183, 4618, 6177, 6393, - 517, 5910, 4833, 551, 632, 2088, 4303, 4619, 2020, 633, - 5454, 4622, 569, 2089, 1389, 1248, 1248, 5015, 2835, 2021, - 2023, 493, 2090, 2105, 548, 6395, 2024, 5910, 658, 807, - 494, 4809, 5400, 5844, 2025, 2026, 1247, 1247, 4183, 2106, - 546, 2030, 2031, 514, 2092, 2033, 2034, 574, 2381, 543, - 1968, 2729, 1245, 1245, 2092, 659, 2035, 2036, 1541, 6177, - 3280, 1239, 1239, 6423, 3281, 5910, 3282, 2037, 3283, 719, - 2145, 6433, 5406, 5910, 2088, 718, 2382, 545, 2105, 5418, - 2038, 2039, 2089, 5028, 634, 5309, 2136, 6457, 4077, 5436, - 4298, 2090, 2040, -3628, 2106, 2730, 5029, 1433, 2041, 817, - 3509, 2042, 1013, 1014, 754, 755, 1017, 807, 1019, 6178, - 1021, 2107, 5030, 2043, 547, 6403, 2146, 6530, 5637, 6531, - 2044, 807, 2047, 2184, 719, 807, 1246, 1246, 4700, 4701, - 1823, 825, 4702, 2048, 4703, 2185, 4704, 5419, 2049, 2890, - -3595, 756, 5031, 6071, 4, 5, 1011, 1012, 1013, 1014, - 1015, 1016, 1017, 1018, 1019, 1020, 1021, 1366, 1367, 2050, - 1370, 2051, 1371, 544, 2052, 718, 2107, 825, 825, 4113, - 6178, 2053, 2055, 2056, 2057, 1242, 1242, 2147, 2059, 5705, - 757, 2091, 2060, 2061, 3860, 2062, 2063, 2066, 4483, 5309, - 2186, 2731, 6014, -2352, -73, 2067, 5310, 2070, 2187, 2071, - 2072, 2073, 2732, 5879, 2074, 825, 4400, 4401, 4402, 4403, - 4405, 4406, 4407, 2148, 2376, 4410, 2928, 2075, 2153, 6309, - 2076, 4436, 5032, 2180, 2179, 6204, 4983, 3208, 2225, 4782, - 2131, -2572, 719, 5885, 1816, 2188, 660, -2573, 641, 2573, - 2182, 2573, 2202, 1823, 2220, 2221, 1043, 2222, 2223, 2242, - 2091, 4452, 4453, 2243, 4455, 661, 4457, 4458, 4459, 4460, - 4461, 4462, 4463, 2252, 4465, 3280, 1817, 3209, 4474, 3281, - 2255, 3288, 2226, 3283, 2227, 2256, 2266, 5018, 2306, 2278, - 2377, 5708, 2316, 5033, 5709, -969, 6223, 2318, 1820, 2092, - 4782, 2378, 2322, 2088, 2328, 551, 2329, 2335, 1479, 2379, - 5310, 2089, 4501, 662, 3210, 5266, 2338, 4, 5, 5267, - 2090, 5268, 551, 5269, 3861, 5270, 548, 2336, 2344, 5271, - 2340, 5272, 719, 5273, 807, 1819, 1064, 2380, 2361, 2362, - 663, 2363, 546, 548, 2365, 2374, 2385, 6226, 6227, 664, - 965, 5060, 2399, 2389, 2430, 825, 825, 3976, 2189, 546, - 807, 6072, 2386, 2405, 2415, 758, 2426, 2416, 2092, 2435, - 6180, 2436, 1818, 4543, 2228, 9, 2445, 2449, 2452, 545, - 4789, 2464, 759, 2472, 966, 2190, 2108, 2088, 2468, 3977, - 2479, 6033, 2493, 2381, 2494, 2089, 545, 2503, 4115, 2507, - 2499, 2528, 2535, 2544, 2090, 14, 2088, 2551, 760, 1920, - 5034, 5035, 2552, 2561, 2089, 2564, 547, 2566, 2567, 2088, - 2574, 2382, 2571, 2090, 2229, 1078, 4602, 2089, 6159, 6073, - 967, 6180, 2088, 547, 20, 3211, 2090, 968, 2572, 4605, - 2089, 4789, 2578, 6033, 2580, 2584, 1918, 3212, 23, 2090, - 2586, 2593, 761, 2695, 2696, 2697, 2596, 2698, 1815, 2699, - 2598, 2700, 2600, 2601, 969, 544, 2812, 4624, 2602, 2603, - 2816, 2230, 970, 2605, 2606, 2630, 2638, 2823, 2649, 2091, - 2651, 6459, 544, 1917, 2653, 28, 5173, 5174, 5175, 5176, - 5177, 5178, 5179, 5180, 5181, 5182, 2654, 5184, 5185, 5186, - 5187, 5188, 5189, 5190, 5191, 3862, 5192, 5193, 4662, 971, - 5197, 5198, 2655, 5808, 5809, 2657, 5811, 2658, 2660, 2661, - 1919, 6263, 825, 2088, 807, 6074, 2676, 4117, 2677, 825, - 825, 2089, 4680, 2665, 2678, 4683, 4684, 6535, 4421, 4422, - 2090, 5706, 4423, 4424, 4425, 2694, 4679, 3213, 5707, 40, - 2687, 3863, 2708, 2736, 972, 973, 2750, 2923, 2749, 5036, - 5037, 2762, 2231, 2091, 2108, 2751, 6364, 2764, 875, 6294, - 4375, 770, 1433, 2768, 2767, 2815, 2819, 4806, 2822, 5732, - 2191, 2831, 2091, 2841, 2845, 2192, 2232, 2092, 4806, 2860, - 4806, 4734, 2864, 519, 519, 2091, 2892, 2891, 2919, 2920, - 876, 2977, 2925, 2926, 2932, 2943, 2983, 2951, 2091, 2986, - 2948, 6545, 771, 2971, 6372, 2970, 5314, 3214, 3500, 2108, - 2972, 5324, 51, 4744, 2998, 3251, 3252, 3013, 772, 3864, - 3016, 3014, 3015, 3019, 6075, 3018, 6034, 3318, 4061, 807, - 3264, 825, 3266, 6035, 807, 807, 3020, 3025, 5348, -2171, - 817, 3035, 6380, 2695, 2696, 5539, 3021, 5540, 6036, 5541, - 2193, 5542, 3038, 85, 3039, 3042, 3045, 4814, 3031, 2194, - 3046, 2092, 807, 807, 6485, 3047, 5377, 3048, 3057, 4842, - -2322, 4925, 3049, 3056, 3066, 974, 3067, 3068, 6034, 3070, - 2092, 3073, 3865, 3069, 793, 6035, 3071, 3072, -1356, 2091, - 3075, 6364, -1356, 2092, 3076, 4760, 4, 5, 3866, 3867, - 6036, 3088, 3089, 3868, 3869, 3870, 2092, 3098, 3093, 3104, - 5038, 3107, 3112, 6071, 4, 5, 1957, 794, 5967, 3135, - 5968, 5969, -2322, 3138, 3139, 3267, 3268, 3140, 3141, 4955, - 5126, 3144, 3152, -1356, 3153, 718, 773, 6372, 3154, -1356, - 3162, 3166, 3995, 3170, 3167, 975, 4782, 3171, -931, 3184, - -931, 3183, 3188, 3187, 3193, -2121, 3207, 3221, -2597, 3222, - 3124, 6071, 4, 5, 2005, 4, 5, 774, 6087, 3230, - 3231, 3871, -1356, 3238, 5489, 6037, 2438, 3243, 1416, 3294, - 4745, 4746, 3277, 718, 3274, 775, 3279, 6437, 6038, 1416, - 1416, 6522, 2555, 3312, 6088, 3946, -766, 2092, 3306, 3329, - 3338, 3333, 6534, 2281, 3349, 6039, 4413, 3311, 3354, 3355, - 6522, 1429, 3360, 3313, 3361, 629, 6087, 3362, 6534, 3370, - 3996, 3325, 4761, 3373, 3872, 3393, 3417, 6037, 4978, 3436, - 3418, 3337, 3444, 3439, 3339, 3441, 1820, 3442, 3461, 3453, - 6038, 2087, 6088, 3454, 5708, 5127, 3455, 5709, 3458, 3469, - 3459, 3476, -1498, 5128, 3551, -969, 5710, 6039, 795, 3480, - 3483, 3568, 519, 3226, 3492, 5001, 3493, 3525, 5129, 3229, - 3495, 3496, 3574, 1819, 3497, 3498, 3502, 3510, 5130, 5131, - 5132, 3514, 3522, 976, 5496, 6076, 3528, 4789, 5133, 3529, - 630, 3533, 719, 4763, 3534, 3546, 5512, 6089, 3539, 6090, - 5610, 3543, 3544, -969, 3550, 3556, 3581, 3561, -1666, 4782, - 1818, 2122, 3593, 3600, 3605, 2045, 3583, 3584, 2064, 2068, - 3585, 6072, -743, 3586, 3611, 5289, 3610, 3608, 3613, 3614, - 3617, 3643, 3659, 1287, 5622, 3662, 3621, 3622, 3623, 3663, - 719, 3664, 5050, 3667, 2167, 6089, 3671, 6090, 6040, 3980, - 4764, 4765, 4766, 3687, 3691, 5762, 3701, 3672, 3710, 3675, - 3729, 3704, 3739, 3755, 3757, 3705, 3728, 3759, 3763, 6072, - 4767, 875, 3738, 3758, 4680, 3795, -743, 3762, 3804, 771, - 3808, 3822, 3829, 3833, 3837, 1287, 3979, 4662, 4679, 6073, - 3840, 825, 3841, 3852, 5081, 3723, 1815, 3853, 3854, 3855, - 6040, 2088, 3857, 876, 3858, 2376, 3859, 3898, 5080, 2089, - 3724, 3901, 3904, 3908, 3377, 3377, 3910, 2282, 2090, 3911, - 5625, 3914, 3915, 3978, 3916, 2835, 5134, 4768, 3917, 4769, - 3918, 3941, 3919, 3920, 5107, 3921, 3922, 6073, 5135, 5108, - 3923, -743, 3392, 5795, 5289, 6091, 5118, -931, 3924, 4770, - 4789, 519, 1908, 3925, 3926, 3927, 3928, 3929, 5214, 3950, - 2713, 2714, 2715, 2716, 3930, 3931, 3932, 4771, 5290, 807, - 3933, 2377, 3959, 3934, 4772, 5168, -743, 3960, 3958, 807, - 3935, 3936, 2378, 5471, 3937, 6074, 3938, 3953, 4503, 4773, - 2379, 3951, 3985, 6091, 3954, -743, 4774, 5754, 771, 3986, - 4002, 5759, 5760, 5196, 4010, 3955, 2717, 2718, 2719, 3975, - 3956, 4775, 4007, 773, 3723, 4011, 4023, 4025, 2380, 5514, - 2488, 776, 4013, 5136, 4028, 4029, 4033, 4026, 4837, 3724, - 4037, 1823, 4027, 6074, 4038, -2121, 2414, 4039, 5137, 2414, - -166, 4041, 4055, 4085, -743, 4086, -1356, 4087, 4100, 4101, - 4102, 4108, -1709, 4166, 4121, 4139, 4152, 3812, 2720, 2721, - 5225, 4151, 775, 4153, 2890, 4140, 2283, 4167, 4776, 4179, - 4191, 4181, 4180, 3594, 2381, 4198, 4189, 2091, 4777, 5138, - 2284, 4195, 2285, 4197, 4199, 4202, 4203, 4207, 662, 825, - 4208, 4215, 4216, 5139, 6075, -743, 2954, 5224, 2953, 5998, - 3342, 5280, 2382, 4240, 4255, 4259, 4260, 4266, 4299, 4264, - 4306, 4312, 6092, 4314, 2286, 777, 4778, 4316, 2287, 1823, - 3532, 4317, 2722, 4318, 3536, 4341, 4345, 2288, 4342, 4779, - 4346, 4368, 773, 4372, 5223, 1816, -2074, 5168, 5291, 4381, - 4416, 4382, 6075, 4417, 4418, 4434, 4438, 817, 4445, 4446, - 4447, 4493, 5352, 4449, 4502, 4505, 4514, 4518, 4520, 4525, - 2289, 3358, 4526, -743, 4538, 519, 4546, 1817, 4780, 4555, - 4548, 4556, 4562, 4626, 4781, 4565, 5365, 4566, 2290, 4567, - 4568, 775, 4648, 4625, 4665, 2092, 2723, 4636, 4640, 4637, - 4666, 4650, 4651, 4652, 4653, 4654, 4655, 4656, 4782, 4669, - 4663, 4667, 4689, 4670, 5378, 551, 4674, 4690, 4708, 4695, - 4713, 519, 4715, 4726, 4714, 4738, 4782, 4729, 4737, 4735, - 5222, 4742, 4743, 1816, 517, 4739, 548, 4749, 4750, 4752, - 4755, 4804, 4783, 4818, -1822, 3377, 3377, -1827, 4840, 4784, - 4843, 4846, 546, 1920, 4847, 4852, 4853, 4867, 4872, 4885, - 4930, 3995, 4938, 4954, 4953, 1817, 2291, 5291, 4964, 6093, - 4979, 5920, 4980, 2292, 4782, 4985, 5006, 4993, 5009, 5010, - 5012, 5022, 5021, 2293, 4785, 5061, 5052, 3553, 4631, 545, - 1918, 4358, 5063, 2724, 5064, 4662, 5067, 2294, 2903, 4786, - 4787, 1175, 5068, 5069, 5073, 5087, 5088, 52, 5101, 6504, - 5119, 5124, 4788, 5120, 5125, 5142, 5143, 6093, 5144, 5145, - 5149, 2295, 5146, 5169, 5170, 5171, 547, 1917, 5183, 4896, - 2296, 5211, 5233, 2297, 5246, -266, 2835, 3697, 5236, 3996, - 5238, 5256, 5248, 2887, 5282, 5283, 519, 4734, 5300, 4789, - 5284, 2298, 5291, 5316, 5302, 5315, 4925, 5325, 5292, 5451, - 2725, 5326, 5327, 3720, 1919, 6076, 5328, 4789, 5329, 5330, - 5332, 5333, 5334, 5335, 5343, 544, 825, 5336, 5202, 5168, - 5346, 5479, 2299, 5349, 5465, 5466, 5467, 5350, 5357, 6413, - 5367, 5364, 5373, 5374, 5380, 5381, 807, 5384, 5386, 5404, - 5390, 5391, 5392, 5399, 5405, 5409, 5411, 5403, 5422, 5424, - 5446, 5414, 825, 6076, 5421, 4789, 1176, 5430, 5438, 5448, - 5450, 5457, 5510, 5511, 1177, 5449, 2726, 5458, 2727, 5462, - 5469, 5547, 5524, 3946, 2728, 5566, 5472, 5473, 3777, 1178, - 5494, 5561, 5586, 5587, 5578, 5546, 5588, 3786, 5591, 1179, - 1180, 1181, 1416, 5570, 5593, 5595, 5596, 5597, 1416, 1182, - 5598, 5605, 3946, 5606, 5607, 5613, 2161, 5608, 5611, 5293, - 5624, 5629, 5628, 1416, 4432, 5661, 5665, 5292, 1823, 5584, - 5663, 5679, 5692, 5225, 5690, 5694, 5698, 5696, 2713, 2714, - 2715, 2716, 5699, 5701, 2729, 5704, 5715, 5718, 5731, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 5730, 2628, 5617, 5742, 5736, 5743, 5168, 5747, 5751, 5750, - 5224, 5752, 5755, 5767, 5769, 5771, 5777, 5634, 5779, 5118, - 5118, 807, 5774, 5775, 2717, 2718, 2719, 5644, 2730, 5783, - 5785, 5633, 5815, 2835, 5647, 5793, 5648, 5649, 5805, 5804, - 807, 5643, 5810, 5812, 5813, 1169, 5118, 5223, 5817, 6540, - 6106, 6232, 5477, 5118, 5828, 5834, 5835, 5839, 5168, 5845, - 5305, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, - 1020, 1021, 3976, 5669, 5850, 5886, 2720, 2721, 5293, 5880, - 5481, 5662, 875, 5873, 5678, 5887, 5881, 1183, 5890, 1043, - 6232, 5888, 1169, 2005, 5893, 5908, 5904, 5912, 5924, 1184, - 5914, 5482, 5916, 5918, 3977, 5943, 519, 5930, 5953, 2747, - 2005, 5971, 5970, 5973, 876, 5934, 5950, 5952, 5981, 809, - 5982, 5983, 5991, 5989, 2731, 5990, 5999, 5996, 6000, 6001, - 6007, 6008, 6010, 5222, 1920, 2732, 6011, 6012, 6019, 6013, - 2722, 6015, 6028, 6032, 6029, 6053, 6052, 6165, 6166, 6064, - 6168, 6169, 6170, 6171, 5722, 4760, 6100, 6058, 6114, 1416, - 6117, 1043, 6105, 6125, 6126, 4015, 5107, 5729, 6127, 1064, - 6130, 1918, 6141, 6139, 6143, 5118, 6144, 6147, 6148, 6151, - 6154, 3814, 6164, 6167, 6175, 6160, 5741, 6172, 6210, 5741, - 5746, 6189, 6191, 6216, 5748, 6218, 6203, 6212, 5168, 1185, - 6214, 6232, 6215, 6221, 2723, 6220, 5758, 6222, 1917, 6235, - 6236, 5766, 6237, 6238, 6271, 6275, 6310, 6281, 6296, 6274, - 6315, 4925, 6325, 6331, 6317, 6336, 6340, 5768, 5800, 6337, - 5800, 6318, 6328, -2570, -2571, 6342, 6352, 1820, 6361, 2896, - 1186, 1064, 6356, 5770, 6357, 1919, 2005, 4893, 5819, 4898, - 5821, 6383, 6386, 6389, 1187, 6396, 6397, 6398, 1078, 6404, - 6406, 6408, 6412, 6414, 6417, 6448, 6460, 6463, 6472, 6481, - 6473, 6491, 6474, 6496, 1819, 6497, 6486, 6288, 6502, 5782, - 6291, 5784, 6541, 6499, 6503, 6468, 6476, 2963, 6299, 6505, - 6495, 6302, 6510, 6500, 6501, 6511, 6512, 6523, 6539, 4220, - 817, 2724, 817, 4476, 3727, 5675, 5673, 4321, 3812, 5674, - 3812, 1818, 5820, 6055, 4866, 5781, 6107, 2885, 6243, 6405, - 1395, 4952, 2450, 4497, 1390, 1820, 5366, 1391, 4488, 5456, - 1078, 3343, 5823, 5168, 5118, 5168, 4968, 4522, 2911, 825, - 5168, 4275, 5118, 5141, 4542, 3240, 3428, 5168, 5168, 1507, - 5937, 5118, 3429, 5936, 3430, 5773, 5842, 5168, 5339, 4912, - 5841, 5072, 1819, 5168, 5118, 5431, 5118, 5078, 2725, 1958, - 3598, 6280, 6366, 5717, 5851, 5894, 6462, 6421, 6174, 5892, - 3848, 5707, 5614, 5337, 6102, 1169, 2440, 5656, 5342, 1169, - 5749, 5822, 5488, 6441, 5863, 6335, 6339, 1815, 6265, 1818, - 6256, 6257, 6258, 6259, 1800, 5040, 2519, 4385, 4965, 807, - 4854, 5003, 1169, 2923, 3085, 4554, 6239, 1958, 6278, 3295, - 3987, 2885, 1169, 5055, 4628, 5057, 5053, 6467, 6434, 779, - 780, 5800, 6435, 6062, 2726, 4313, 2727, 6307, 6314, 6312, - 5976, 5818, 2728, 3310, 965, 5816, 5706, 4754, 2835, 5340, - 5654, 2631, 4297, 5707, 2459, 3108, 6137, 4295, 3907, 5741, - 6273, 5980, 3276, 4196, 5917, 4535, 3719, 4034, 4992, 9, - 2424, 5922, 807, 808, 4154, 1424, 5168, 5168, 966, 764, - 4247, 2150, 2375, 2423, 4371, 1815, 807, 5375, 1169, 1169, - 1169, 1169, 3946, 4204, 1958, 5954, 5941, 5066, 4124, 14, - 519, 1169, 2729, 817, 4122, 6295, 4174, 2829, 4171, 4658, - 3946, 6447, 2738, 2414, 2888, 3182, 5396, 4258, 4575, 6407, - 2684, 5963, 6254, 6490, 967, 6488, 2367, 3161, 20, 2368, - 3158, 968, 5681, 5370, 6149, 2369, 5459, 6150, 2748, 3151, - 3824, 2370, 23, 5168, 3173, 4647, 2730, 4367, 5260, 5168, - 2372, 5985, 5259, 2693, 4646, 6153, 2835, 5712, 969, 5988, - 5445, 5703, 4374, 5398, 4370, 5118, 970, 1447, 6085, 5371, - 5725, 4861, 6085, 4862, 5046, 2432, 6002, 6006, 5265, 28, - 3816, 2576, 6009, 781, 5800, 880, 2418, 3353, 1308, 790, - 2262, 4806, 4806, 3385, 4032, 4336, 4991, 1958, 5111, 5800, - 5905, 5464, 4397, 971, 5097, 6458, 1839, 5094, 1844, 1416, - 6027, 3004, 1292, 1416, 3693, 2425, 1293, 3694, 1295, 4241, - 5935, 5050, 3732, 3096, 4996, 5735, 2636, 5741, 5599, 6461, - 6492, 5814, 6538, 6379, 6542, 6059, 4030, 5168, 6484, 3803, - 3708, 4056, 2731, 40, 4232, 5727, 1960, 6543, 972, 973, - 4233, 6099, 1250, 2732, 3435, 4234, 817, 3658, 1251, 4229, - 4226, 3414, 4225, 4688, 3118, 2165, 1205, 4873, 2624, 2144, - 4200, 817, 5281, 3897, 3980, 6115, 4315, 5874, 2625, 5383, - 4926, 1342, 799, 1169, 879, 2321, 783, 5708, 5168, 6132, - 5709, 784, 2931, 785, 4815, 1937, 3785, 3431, 807, 4989, - 825, 5574, 1939, 4545, 1949, 548, 6133, 5168, 807, 6420, - 5113, 3979, 6109, 6347, 5575, 5569, 51, 5568, 6085, 5585, - 1831, 878, 2569, 0, 1950, 0, 0, 0, 0, 4734, - 4734, 0, 0, 0, 0, 6085, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3978, 0, - 0, 0, 0, 0, 0, 0, 0, 85, 877, 5708, - 0, 0, 5709, 0, 0, 0, 0, 0, 0, 0, - 6190, 5882, 0, 0, 0, 6202, 0, 0, 0, 974, - 0, 6209, 0, 0, 0, 3437, 0, 0, 0, 1958, - 0, 0, 1958, 0, 0, 547, 0, 0, 0, 0, - 0, 0, 0, 0, 825, 6217, 0, 0, 0, 0, - 0, 0, 1416, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 6241, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3975, 0, 5963, 0, 4536, 0, - 0, 0, 0, 0, 874, 0, 0, 0, 0, 975, - 0, 0, 6529, 0, 0, 0, 0, 0, 0, 2005, - 3478, 6536, 0, 6006, 0, 0, 1169, 0, 0, 0, - 0, 0, 0, 0, 0, 6027, 0, 0, 0, 0, - 0, 0, 0, 4925, 0, 0, 0, 0, 825, 0, - 0, 6345, 0, 6345, 0, 0, 6289, 6290, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 6301, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 6316, 0, 0, 0, 0, 0, 0, 0, 0, 5741, - 0, 5741, 5746, -1912, -1912, 0, 0, 0, 0, 0, - 0, 3548, 0, 0, 0, -1912, 0, 0, 0, 2085, - 0, 0, 0, 0, 3563, 0, 2083, 0, 0, 807, - 0, 0, 0, 6344, 0, 6344, 0, 0, 6350, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2640, 0, 4925, 0, 0, 0, 0, 976, 0, 0, - 0, 0, 0, 0, 2835, 0, 0, 0, 0, 0, - 0, 0, 4673, 0, 0, 0, 0, 0, -1912, 0, - 0, 0, 0, 873, 0, 0, 825, 0, 0, 6373, - 0, 0, 6374, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 911, 0, 5741, 5741, 0, 0, 6390, 6085, - 6085, 0, 0, 0, 3620, 5741, -1912, 0, 965, 0, - -1912, 0, 0, 0, -1912, 0, 0, 0, 0, 0, - 2167, 0, 0, -1912, -1912, 0, 1296, 0, 0, 0, - -1912, 0, 0, 9, -1912, 0, 0, 0, 6085, -1912, - 0, -1912, 966, 0, 0, -1912, 0, 0, 0, 0, - 0, 0, 825, -1912, 0, -1912, 0, 0, 0, 0, - 0, -1912, 0, 14, 0, 0, 5741, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4751, 0, 0, - 0, -1912, 4756, 4757, 0, 3244, 0, 0, 967, 2835, - 0, -1912, 20, 0, -1912, 968, 0, 0, 0, 0, - 0, 2143, 0, 0, 0, 0, 23, 0, 2628, 0, - 1416, 1416, 0, 0, -1912, 0, 0, 0, 0, 3245, - 0, 0, 969, 0, 0, 0, 0, 0, 0, 0, - 970, 0, 0, -1912, 0, 0, 0, -1912, 0, 0, - 0, 0, 0, 28, 0, 0, -1912, 0, 0, 2005, - 0, 0, 0, 0, 0, 0, 0, 3246, 0, 0, - 0, 0, 0, 0, 0, -1912, 0, 971, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - -1912, 0, 0, 0, 911, 0, -1912, -1912, 911, 2835, - 1813, 0, 0, 0, 0, 825, 0, 0, 0, 0, - 2835, -1912, 0, -1912, 825, 0, 0, 40, 2835, 0, - 873, 0, 972, 973, 1958, 0, 2835, 0, 0, 0, - 0, 0, 0, 1169, 0, 1169, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 2414, 0, 2414, 2414, 3836, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 51, 0, 0, 0, 1169, 1169, 0, 0, 1915, 1915, - 1169, 1915, 1915, 1915, 1169, 1169, 1169, 0, 1915, 0, - 0, 0, 0, 0, 1169, 1169, 1958, 0, 0, 0, - 1169, 0, 0, 0, 1169, 1169, 1169, 0, 1169, 1169, - 1169, 85, 1958, 1958, 0, 0, 0, 0, 0, 1169, - 0, 1169, 0, 0, 1169, 1169, 1169, 1169, 0, 1169, - 0, 1169, 1169, 974, 0, 0, 0, 0, 0, 0, - -1912, 0, 0, 0, 0, 1169, 1169, 1169, 1169, 1169, - 0, 1169, 1169, 1169, 1169, 1169, 1169, 0, 1169, 1169, - 0, 1169, 1169, 0, 1169, 1169, 0, 0, 1169, 1169, - 0, 1169, 1169, 0, 0, 1169, 0, 1169, 0, 0, - 0, 1169, 1169, 1169, 0, 0, 1169, 1169, 1169, 1169, - 0, 1169, 0, 0, 0, 0, 0, 0, 1169, 0, - 0, 0, 0, 975, 1169, 1169, 1169, 1169, 0, 0, - 0, 0, 0, 0, 0, 1169, 1169, 0, 1169, 1169, - 0, 0, 1169, 1169, 1169, 1169, 1169, 1169, 1169, 1169, - 1169, 1169, 1169, 1169, 1169, 0, 0, 1169, 0, 0, - 0, 2628, 1958, 0, 0, 0, 0, 0, 0, 1958, - 0, 0, 3247, 0, 0, 0, 0, 0, -1912, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3248, 3249, 0, 3250, 3251, 3252, 3253, 3254, - 1958, 3255, 3256, 3257, 3258, 3259, 3260, 3261, 3262, 0, - 3263, 3264, 3265, 3266, 0, 0, 0, 5148, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 5172, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4, 5, - 0, 0, 0, 0, 0, 0, -1093, -1093, 0, 0, - 0, 976, 0, 0, 0, 0, 0, 0, 4760, 4, - 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 2281, 0, 0, 0, - 0, -1856, -1856, 0, 0, 0, 4886, 0, 4887, 4888, - 0, 0, 0, -1856, 0, 0, 0, 0, 0, 0, - 1169, 0, 1169, 0, 0, 0, 3267, 3268, 0, 0, - 4889, 0, 4890, 0, 0, 0, 0, 0, 4891, 0, - 0, 0, 0, 0, 0, 0, 0, 1958, 2640, 0, - 0, 0, 0, 1169, 0, 0, 0, 0, 0, 2438, - 0, 0, 0, 0, 0, -1912, 0, 2303, 0, 0, - 4892, 0, 0, 0, 0, 0, -1856, 4177, 2641, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 2005, 0, -1912, 0, -1912, 0, - 0, -1912, -1912, 0, 0, 4761, 0, 0, 0, 0, - 0, 0, 0, 0, -1856, 0, 0, 0, -1856, 0, - 0, 0, -1856, 0, 0, 0, 0, 0, 0, 0, - 0, -1856, -1856, 0, 4893, 0, 0, 0, 0, 0, - 1169, 0, -1856, 0, 0, 0, 1958, -1856, 1958, -1856, - 0, 0, 0, -1856, 0, 0, 0, 0, 0, 0, - 0, -1856, 2963, -1856, 0, 4894, 0, 4895, 0, -1856, - 0, 0, 0, 0, 0, 1169, 4763, 0, 4896, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, -1856, - 0, 0, 0, 0, 965, 0, 0, 0, 0, -1856, - 0, 4897, -1856, 0, 0, 0, 0, 0, 0, 0, - 2282, 0, 1169, 0, 0, 0, 0, 0, 0, 9, - 0, 678, -1856, 0, 0, 0, 3085, 3085, 966, 0, - 0, 0, 0, 4764, 4765, 4766, 0, 0, 0, 0, - 0, -1856, 0, 0, 0, -1856, 0, 0, 0, -3751, - 0, 0, 0, 4767, -1856, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, -1856, 967, 0, 0, 0, -3750, 0, - 0, 968, 4758, 0, 4759, 0, 0, 0, -1856, 4760, - 4, 5, 23, 0, 0, -1856, 0, 0, 0, 0, - 0, 0, 4898, 0, 0, 0, 0, 0, 969, -1856, - 4768, -1856, 4769, 0, 0, 0, 970, 0, 0, 0, - 0, 0, 2414, 0, 0, 0, 0, 0, 0, -3750, - 0, 0, 4770, 0, 0, 0, 0, 0, 0, 4899, - 0, 0, -931, 0, -931, 0, 0, 0, 0, 0, - 4771, 0, 0, 971, 5495, 0, 0, 4772, 0, 2283, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2438, 0, 4773, 2284, 1169, 2285, 0, 0, 0, 4774, - 0, 0, 0, 4900, 4901, 0, 0, 0, 0, 0, - 4902, 0, 0, -3750, 4775, 0, 0, 0, 972, 973, - 0, 0, 4903, 0, 0, 0, 0, 2286, 0, 0, - 0, 2287, 0, 0, 0, 0, 4761, 0, 1958, 1169, - 2288, 0, 0, 4904, 0, 0, 0, 1169, 1169, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4762, 0, - 0, 0, 0, 0, 0, 0, 0, 4905, 0, 0, - 0, 4776, 0, 2289, 0, 0, 0, 0, 0, 0, - 0, 4777, 0, 0, 0, 0, -3750, 0, 0, 0, - 0, 2290, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1169, 0, 0, 0, 0, 0, 4763, 0, 5621, - 0, 0, 1958, 1958, 0, 0, 0, 0, 0, 4778, - 2414, 0, 0, 0, 0, 0, 0, -3751, 5641, 0, - 0, 0, 4779, 0, 4906, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1169, 1169, 1169, 0, 0, 974, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4764, 4765, 4766, 0, 0, 2291, - 0, 4780, 0, 0, 0, 0, 2292, 4781, 0, 0, - 0, 0, 0, 0, 4767, 0, 2293, 0, 0, 0, - 0, 0, 0, 0, 1958, 0, -1856, 0, 0, 0, - 2294, 4782, 4907, 0, 1169, 0, 0, 1958, 0, 4587, - 0, 0, 0, 4908, 4909, 4910, 0, 0, 0, 975, - 0, 0, 1169, 0, 2295, 0, 1169, 1169, 0, 1169, - 1169, 0, 0, 2296, 0, 4783, 2297, 0, 1169, 0, - 1169, 4768, 4784, 4769, 0, 0, 0, 0, 4623, 0, - 0, 0, 0, 0, 2298, 0, 0, 0, 0, 0, - 0, -931, 0, 4770, 0, 0, 0, 0, 0, 0, - 679, 1169, 0, 0, 0, 0, 0, 4785, 0, 0, - 0, 4771, 0, 0, 0, 2299, 0, 0, 4772, 0, - 0, 0, 4786, 4787, 0, 0, 0, 1169, 0, 0, - 0, 0, 0, 4773, 0, 4788, 0, 0, 0, 4911, - 4774, 0, 0, 1958, 0, 0, 4682, 0, -1912, -1912, - 0, 0, 0, 0, 0, 4775, 0, 0, 0, 0, - -1912, 0, 0, 1169, 0, 0, 1170, 0, 0, 0, - 0, 0, 4789, 0, 0, 0, 0, 0, 0, 0, - 1169, 0, 0, 0, 0, 0, 0, 976, 0, 0, - 0, 0, 0, 0, 0, 2640, 0, 0, 0, 0, - 0, 0, 0, -1856, 0, -1093, 0, 0, 0, 0, - 0, 0, 4776, 1170, 0, 0, 2641, 1169, 0, 0, - 0, 0, 4777, -1912, 1169, 0, 0, 0, 0, 0, - 0, 1958, 0, 0, -1856, 0, -1856, 0, 0, -1856, + 616, 542, 1936, 3219, 720, 645, 764, 2428, 519, 1798, + 721, 1238, 1289, 682, 837, 913, 2884, 2702, 569, 3110, + 492, 517, 1480, 831, 551, 2834, 1252, 3432, 3065, 1401, + 1799, 493, 816, 2917, 693, 820, 3347, 1433, 693, 1479, + 543, 514, 1433, 693, 1433, 548, 707, 494, 574, 2508, + 2239, 3086, 2709, 2763, 2401, 3384, 3331, 1320, 3709, 2518, + 3702, 546, 1376, 2774, 1377, 3725, 2417, 3357, 1379, 1380, + 2413, 948, 875, 2413, 2743, 700, 950, 2004, 3234, 3332, + 1196, 827, 3191, 3843, 2498, 3844, 3845, 3680, 4311, 2562, + 3109, 2607, 2442, 3302, 4379, 2817, 4841, 725, 545, 897, + 2332, 948, 2391, 900, 2443, 902, 1204, 903, 904, 4922, + 905, 906, 907, 3839, 2837, 4517, 4923, 1510, 2527, 1964, + 1346, 2366, 4354, 1353, 1243, 3029, 3654, 1832, 4487, 3302, + 4828, 2987, 2988, 2500, 4877, 547, 876, 2141, 2916, 3666, + 3433, 5208, 4807, 1195, 4052, 4053, 2869, 2870, 2871, 2872, + 2873, 2874, 2875, 2877, 2879, 2880, 2881, 2882, 2883, 4380, + 3722, 4373, 4369, 733, 2506, 732, 3422, 3204, 4238, 4547, + 5240, 3773, 4958, 3912, 3948, 2160, 4083, 2163, 2164, 4952, + 4272, 4492, 4816, 2994, 544, 2177, 2241, 5546, 1244, 3801, + 3303, 1823, 2506, 4439, 4563, 4353, 4803, 3800, 3800, 1356, + 1357, 3807, 4747, 3010, 5348, 4558, 838, 1513, 3159, 4558, + 826, 1514, 5295, -2564, 696, 4914, 2207, 2045, -1051, -1051, + 839, 1936, 2078, 2080, 2081, 840, 841, 3023, 3024, -3741, + 842, 847, -395, 4718, 2064, 2123, 4939, 5296, 2240, 3077, + 2536, -2714, 2849, 2467, 2542, -509, -509, 946, -2859, -2859, + 2857, 2859, 3885, 2862, 2863, -407, -407, 2553, 5721, 4292, + 4293, 2506, -2565, 3272, -3445, -3445, 746, -3737, 1451, 3104, + 6286, -3734, 3426, 2520, 2520, 727, 5745, 946, 5111, -3739, + -3735, 2509, 805, 2520, 674, 2068, 1452, -3523, -3738, 1816, + 2525, 4014, 2524, 4573, 1305, -2676, -2676, -2679, -2679, -3736, + 1314, 2526, 810, 2198, 1848, 5581, 1849, -1912, -1912, 875, + 4959, 2438, 2531, 4339, 1330, 740, 1469, 5677, 3348, 5356, + 4184, 5865, 5297, 4896, 4356, 4357, 5958, 6251, 2532, 741, + 749, -2676, 2534, -2679, 4717, 4718, 4795, 4795, 5250, 3223, + 3409, 4411, 2543, 4327, 2546, 2547, 2548, 2549, 724, 2550, + 4426, 3736, -3506, 1817, 2640, 1855, 1856, -3510, -3509, 3434, + 2556, 2557, 2558, 2559, 2560, 3374, 744, 5300, 5286, 5302, + 5168, -2220, 5314, 876, 5734, 810, 3341, 2435, 2520, 3846, + 3847, -3445, 4995, 2506, 3341, 2529, 5332, 2506, 2341, 4005, + 3771, 2695, 2696, 2697, 3410, 2698, 2530, 2699, 3800, 2700, + 2506, 5746, 5319, 4454, 3298, -3446, -3446, 4811, 3767, 2695, + 2696, 2697, 1497, 2698, 6049, 2699, 2520, 2700, 830, 724, + 3341, 4811, 5287, 4419, 6253, 5671, -3445, 2681, 2682, 3341, + 2537, 1502, -2730, 2088, 2533, 5933, 2692, 2088, 2695, 2696, + 2697, 2089, 2698, 4978, 2699, 2089, 2700, -2731, 4795, 43, + 2090, 1878, 1466, 3341, 2090, 2088, 2088, 3552, 724, 3341, + -1912, -1912, 3448, 2089, 2089, 5493, 5218, 2753, -2159, 2756, + 2583, 6267, 2090, 2090, 4235, 2110, 43, 3174, 1466, 1466, + 4470, 1851, 4440, 765, 2769, 2770, 2772, 640, 4432, 2555, + 640, 2775, 2776, 2275, 3723, 3341, 3341, -1987, 3326, 2792, + 50, 4388, 4035, 3886, 2088, 4205, 4206, 2640, -1912, 3724, + 4812, 2110, 2089, 3825, 1875, 5221, -2732, 4693, 678, 5766, + 1488, 2090, -3446, 1876, 4812, 1466, 1466, 50, 807, 5209, + 3341, 4398, 5168, 4334, 1466, 1466, 5213, 52, 1466, 3341, + 2111, 2112, -2859, 3341, 3363, 1905, 5914, 2088, 2326, 5219, + 519, 675, 3119, 4392, 5834, 2089, 2134, 2110, 793, 1317, + 3341, 6123, 1466, 809, 2090, 1392, 1940, -3446, 2113, 5498, + 2110, 4996, -3445, 5153, 2685, 880, 2272, 5847, 43, 3602, + 3660, -1912, 4719, 514, 2088, 6312, 2111, 2112, 2088, 6314, + 4248, 794, 2089, 2438, 5477, 6083, 2089, -1912, 718, 2111, + 2112, 2090, 2439, 5501, 2113, 2090, 2088, 2865, 1426, 2091, + 3609, 6354, 5503, 2091, 2089, 5578, 5505, 1496, 2088, 4817, + 4428, 4927, -1912, 2090, 815, 817, 2089, 6516, 817, 50, + 825, 2091, 2091, 5523, 6425, 2090, 5927, 5320, 786, 52, + 6271, 5318, 1401, 5572, 3564, 542, 1846, 2162, 3489, 4471, + 2113, 2088, 519, 6234, 2114, 1428, 647, 2236, 854, 2238, + 764, -1912, 689, 2113, 787, 517, 4664, 825, 2090, 1879, + 2348, 6470, -1912, 2351, 879, 2640, 4964, 2354, 2355, 2356, + 2091, 649, 2359, 2360, 1473, 514, 2113, 685, 2088, 4558, + 2114, 1193, 6234, 551, 4584, 548, 2089, 825, 4914, -3507, + -1912, 3500, 5495, 2866, 718, 2090, 2453, 1433, 3593, 6517, + 6355, 878, 1310, -3446, 548, 5204, 4928, 2092, 5573, 2867, + 825, 2092, 3364, 2091, 3565, 5612, 1248, 2327, 1194, -3508, + 546, -742, 795, 1328, 825, -743, 2114, 5321, 4908, 2092, + 2092, -3513, 1239, 4629, 4523, 6220, -3539, 1247, 877, 2114, + 1333, 1880, 4433, -1912, 6124, 719, 4301, 5980, 854, 3661, + 2091, 854, 1906, 1245, 2091, -1987, 1375, 545, -1912, 2481, + 2088, 3450, 2114, 2686, 6360, 6423, 5214, 5995, 2089, 3695, + 3703, 3826, 2091, 807, 5754, 547, 2850, 2090, 2092, 5220, + 2135, 2868, 4236, 6263, 2091, 2590, 4630, 1341, 2152, 642, + 1456, -1912, 642, 4629, 547, 1449, 5862, 2161, 1464, 1465, + 946, 4795, 4394, 3566, 5210, 2175, 825, 4441, 836, -2220, + 2095, 2096, 2097, 857, 2098, 2276, 2604, 837, 3983, 3984, + 6349, 2092, 825, 5288, 874, 4338, 4219, 1246, 3768, -3445, + 3224, 1499, 3828, 909, 3800, 5939, 2210, 4344, 713, 6545, + 3650, 4348, 5565, 544, 807, -1912, 4630, 1005, 5565, 4694, + 1486, 719, -2220, 5956, 2091, 3361, 2851, 3352, 2092, 2237, + 5568, -3539, 2092, 2342, -3523, 6282, 4194, 2278, 3190, 4881, + 1299, 4503, 4429, 3111, 2439, 551, 1242, 3224, 4327, 551, + 2092, 1820, 1843, 747, 1845, 3603, 5339, 817, 2462, 817, + -3633, 825, 2092, 4006, 1854, 676, 548, 4412, 3813, 4978, + 548, 879, 3553, 3900, 5280, 6268, 4671, -1912, 3558, 3559, + 4363, 4393, 546, 2488, 3411, 1451, 546, 2488, 1819, 5221, + 764, 4795, 548, 3939, 2458, 2199, 1850, 3887, 1852, -3506, + 4014, 2099, 5692, 748, -3510, -3509, 2091, 679, 878, 2431, + 2088, 3449, 6270, 2278, 5168, 2852, 6087, 750, 2089, 545, + 3382, 807, 1489, 545, 1927, 1818, 2494, 2090, 5804, 714, + -2714, 1931, 2092, 1934, 2046, 3327, 2917, 4940, 5295, 4398, + -3446, 542, 475, 3805, 3806, 877, -2570, 1942, 519, 1920, + 1920, 2065, 1920, 1920, 1920, -2714, 547, 2397, 569, 1920, + 547, 517, 3696, 5296, 551, 2181, 2707, -1051, 3413, 475, + -3741, 3572, 3573, -395, 3576, 3577, 6328, 4922, 6330, 838, + 543, 514, 547, 2004, 4923, 548, 1918, 1918, 3940, 1918, + 1918, 1918, 4506, 839, -509, -2571, 1918, -2859, 840, 841, + 3177, 546, 2069, 842, -407, 544, 2248, 2413, -3737, 544, + 5469, 1815, -3734, -3445, 2092, 4018, 811, 5946, 2078, 2080, + -3739, -3735, 2442, 1917, 1917, 4657, 1917, 1917, 1917, -3738, + 2065, 874, 2641, 1917, 2443, -3539, 3308, -2676, 545, -2679, + -3736, 2916, 5549, 3308, -2676, -2676, -2679, -2679, 5297, 2927, + 5807, 4960, 5808, 5099, 5168, 3145, -1912, 2940, 5678, 4358, + 1919, 1919, 5866, 1919, 1919, 1919, 3160, 5959, 6252, 2453, + 1919, 475, 2950, 2592, 3594, 547, 5241, 4081, 4823, 4082, + 5322, 6388, 6389, 4914, 5539, 2088, 2091, 3342, 2086, 2662, + 2085, 4046, 6395, 2089, 5314, 3342, 2985, 2083, 2088, -115, + 3022, -115, 2090, 6331, 4537, 3284, 2089, 3287, 2991, 5784, + 2993, 5546, 5546, 2997, 5411, 2090, 2701, 2520, 5413, 2918, + 3299, -2730, 686, 5786, 544, 3005, 5672, 5259, 3008, 4558, + 5262, 3342, 3011, 4558, 2773, 3300, -2731, 4824, 3309, 2364, + 3342, 1467, 4272, 5263, 2520, 1877, -2730, 2520, 5434, 3462, + 3314, 825, 4492, 6426, -3446, 3554, 2520, 3963, 3026, 3027, + 3028, -2731, 3323, 6437, 3342, 3324, 3336, 1467, 1467, -3332, + 3342, 3481, 2672, 3479, 3335, 6022, 3482, 3562, 825, 3224, + 4795, 2886, -119, 4795, -119, 2641, 4009, 825, 1373, 5825, + 825, 5827, 3494, 3275, 2092, 825, 5832, 2117, 2118, 2119, + 2120, 2121, 2122, 5837, 5838, -2732, 3342, 3342, 2088, -1912, + 2309, 948, 3513, 5844, 1467, 1467, 2089, 4825, -111, 5168, + -111, 3567, 3451, 1467, 1467, 2090, 825, 1467, 2488, 2110, + -2732, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, 2176, + 2949, 3342, 4845, 5863, 718, 2088, -3507, 4725, 3669, 4209, + 3342, 1467, 4302, 2089, 3342, 854, 4848, 854, 2111, 2112, + 2689, 2091, 2090, 3470, 2260, 3471, 807, 6350, 1222, 890, + -2220, 3342, 807, 807, 2091, 4013, -3508, 2115, 2116, 2117, + 2118, 2119, 2120, 2121, 2122, 3981, 3982, 2510, -3513, 2310, + 5046, 2116, 2117, 2118, 2119, 2120, 2121, 2122, 2320, 4631, + 3472, 1222, 3473, 2512, 3541, 891, 3542, -2159, 2861, -2159, + 2928, -2159, 807, 2333, 2903, 2088, 4795, 2119, 2120, 2121, + 2122, 1466, 2113, 2089, 3501, 715, 1385, 1479, 2334, 4675, + 4676, -3769, 2090, 2346, 4156, 3948, 4157, 2811, 743, 5577, + 4942, 4831, 4832, 2203, 678, -1912, 4967, 4968, 4835, 4836, + 3800, 3800, 4687, 2641, 3890, 2499, 807, 2373, 1425, 4631, + 2085, 3651, 2154, 2853, 2200, 2218, 4696, 2083, 5779, 2092, + 4699, 6451, 2349, 2350, 5856, 2904, 3652, 2396, -3770, 3380, + 5788, 5790, 2092, 3009, 2091, 2953, 5950, 946, 5952, 6401, + 2640, 2205, 2989, 1222, 2482, 2420, 6501, 678, 4868, 5168, + 1479, 719, 6245, 1427, 3286, 5985, 2842, 4307, 2114, 678, + 3289, 6392, 2088, 6246, 1947, 3754, 2429, 2430, 542, 1895, + 2645, 2091, 1449, 5803, 4221, 519, 890, 5195, 4632, 2090, + 2447, 2195, -3332, 3290, 724, 2973, 4265, 2995, 517, 1900, + 2437, 807, 5957, 825, 4893, 2482, 6023, 4494, 1238, 4496, + 4267, 817, 807, 3204, 5978, 807, 1401, 5526, 514, 2304, + 1417, 2917, 891, 1252, 5435, 5694, 807, 2650, 6427, 5993, + 2314, 6064, 4099, 787, 6452, 4296, 2088, 2656, 4443, 3891, + -1912, 2088, 4268, 6254, 2089, 764, 4579, 2088, 4580, 2089, + 2675, 2091, 2092, 2090, 43, 2089, 1347, 3302, 2090, 3302, + -1872, 6526, 3830, 5873, 2090, 1425, 2088, 3889, 4970, 1426, + 2155, 2088, 718, 3422, 2089, 948, 2100, 2101, 2102, 2089, + 2941, 4308, 3569, 2090, 678, 4131, 2538, 2104, 2090, 2092, + 2453, -3766, 718, 5087, 3092, 4024, 3387, 5495, 1885, 6344, + 4987, 4988, 2514, 694, 6122, 50, 1438, 5196, 2975, 2976, + 1427, 2978, 2980, 2981, 2982, 52, 1428, 2088, 5605, 5100, + 2088, 1243, 2110, 6135, 2992, 2089, 2916, 1266, 2089, 3796, + 2195, 859, 860, 3797, 2090, 2514, 1401, 2090, 2196, 1348, + -3769, 1425, 3007, 4169, 4172, 4175, 4176, 1401, 1401, 1429, + 4183, 2111, 2112, 2515, 2709, 4394, -1912, 4188, 2646, 2092, + 1266, 3032, 6129, 5979, 3121, 3122, 4035, 6393, 4211, 3890, + 5960, 6024, 4898, 3132, 3133, 3134, 4544, 4162, 4163, 718, + 5508, 2804, 2805, 2105, 5949, 1244, 1427, -3770, 1895, 3074, + 5521, 5522, 2088, 6265, 2104, 2483, -1912, -3342, 4243, 2106, + 2089, 1222, 3571, 3205, 6527, 4869, 6428, 2206, 2954, 2090, + 3095, 6402, 2091, 2307, 2905, 2113, -1872, 2091, 1896, 1901, + 6429, 2885, 4516, 2091, 4971, 1429, 4643, 5857, 4644, 719, + 710, 4269, 1948, 4237, 5390, 1418, 4155, 5696, 4158, 2201, + 2219, 4826, 2091, 3893, 5577, 2088, 2483, 2091, 2924, 719, + 2376, 946, 1266, 2089, 1311, 1886, 2092, 2442, 5265, 3615, + 3616, 4309, 2090, 6111, 3126, 3129, 1386, 2990, 6453, 2443, + 948, 2107, 5715, 3206, 2088, 2568, 6502, 2196, 2204, 2484, + 6410, 2485, 2089, 3130, 3131, 718, 5797, 4807, -3764, 2984, + 2105, 2090, 3477, 2091, 3891, 4159, 2091, 2088, -3767, 3692, + 2104, 2114, 2088, 2609, 893, 2089, 2106, 2088, 2494, 2088, + 2089, 5527, 2996, 5528, 2090, 2089, 2377, 2089, 6025, 2090, + 2092, 2088, 892, 2539, 2090, 2092, 2090, 2378, 1832, 2089, + 2484, 2092, 2485, 679, 6450, 2379, 719, 6104, 2090, 3831, + -3766, 3834, 3835, 2565, 2442, 3291, 2413, 5529, 2413, 2413, + 2092, 807, 6114, 2577, 4340, 2092, 2443, -2558, 2308, 3053, + -1912, 5080, 3363, 2380, 2587, 5758, 3892, 825, 2091, 825, + 807, 2486, 5858, 855, 3367, 3368, 1430, 5530, 2107, 3792, + -1872, 3242, 3606, 3607, 5086, 3793, 679, 4222, 4972, 959, + 5090, 5091, 5380, -3765, 2088, 2936, 2105, 1887, 679, 4509, + 825, 2092, 2089, 3456, 2092, 5388, 825, 3644, 3649, 1827, + 3318, 2090, 2106, 6323, 4223, 2906, 3457, 640, 5701, 2381, + 5299, 2091, 2486, 2244, 3665, 5313, 2312, 1896, 3670, 695, + 5323, 6412, 2088, 2937, 4995, 2088, 4150, 3114, 5658, 6046, + 2089, 2652, 719, 2089, 3185, 2487, 946, 2382, 3120, 2090, + 2091, 5831, 2090, 726, 5395, 5987, 4466, 6334, 6335, 3682, + -3342, 893, 3203, 3683, 908, 3685, 4511, 6078, 4237, 807, + 825, 6078, 4865, 2091, 728, 2374, 2092, 3384, 2091, 3690, + 5841, 4469, 6074, 2091, 2107, 2091, 3408, 1897, 2806, 3165, + 4161, 2807, 3698, 3699, 2516, 2467, 2487, 2091, 3893, 3369, + 1266, -1296, 863, 864, 5369, 6383, 5370, 2273, 5430, 2460, + 5531, 6382, 4711, 679, 519, 2085, 734, 4712, 782, 698, + 6339, 5020, 2083, 1430, 704, 3054, 3466, 2516, 3723, 2092, + -365, 3747, 913, 6430, 6359, 5001, 6361, -3764, 2854, 1393, + 3364, 6324, 3748, 3724, 5532, 1943, 3218, -3767, 4521, 2115, + 2116, 2117, 2118, 2119, 2120, 2121, 2122, 5659, 2092, 4849, + 3894, 2930, 5687, 3467, 3747, 5627, 2088, 1460, 807, 4541, + 2091, 1196, 807, 6284, 2089, 3748, 6288, 3239, 6075, 807, + 6046, 2092, 5912, 2090, 3401, 2461, 2092, 475, 2938, 3713, + 2835, 2092, 2580, 2092, 960, 5003, 1944, 4036, 2110, 1430, + 5005, 2645, 718, 4280, 4281, 2092, 6034, 5006, 2091, 2885, + 1467, 2091, 875, 519, 6019, -2159, -2159, 6078, 2161, 6325, + 4467, 6052, 2918, 4996, 5477, 6411, 2843, 2111, 2112, 3575, + 5922, 3000, 2088, 3468, 6078, 5928, 5929, 6197, 6201, 2088, + 2089, 825, -3765, 2890, 4305, 3302, 5558, 2089, 3402, 2090, + 3302, -2408, 3178, 2245, 3186, 6229, 2090, 3302, 1828, 807, + 1945, 834, 2088, 825, 825, -224, 2910, 2088, 2641, 2488, + 2089, 825, 2942, 2088, 3001, 2089, 876, 2088, 2092, 2090, + 793, 2089, 2645, 641, 2090, 2089, 5897, 6076, 5021, 3560, + 2090, 2113, 6021, 2959, 2090, 5559, 1846, 3749, 2488, 5491, + 5491, 817, 817, 807, 817, 817, 817, 817, 807, 825, + 825, 807, 2274, 794, 2108, 2129, 2092, 817, 3210, 2092, + 4811, 6018, -969, 1248, 4468, -931, 2402, -931, 654, 642, + 3749, 4237, 1336, 1946, 3006, 817, -2408, 825, 1442, 1239, + 1387, 5478, 2091, 6467, 1247, 6443, 2214, 2138, 6132, 3179, + 4528, 4529, 2246, 2438, 3012, 2088, 3416, 5888, 807, 719, + 1245, 4404, 3421, 2089, 6052, 6067, 6156, 6069, 2247, 2215, + 807, 5292, 2090, 2678, 1305, 4882, 6197, 2114, 2088, 2646, + 6201, 6417, 830, 3641, 2250, 5686, 2089, 1936, 6073, 6494, + -72, 5443, 5444, -2408, 3474, 2090, 6062, 1443, 4448, 3484, + 4450, 4451, 2088, 1388, 3589, 3485, 4456, 1396, 2091, 6471, + 2089, 1964, 3002, 766, 4464, 2091, 2647, 1337, 4472, 2090, + 4475, 2108, 3750, 4812, 3490, 4017, 4642, 854, 4645, 3491, + 3180, 807, 2691, 2403, 1246, 5891, 3097, 2251, 2091, 4326, + 657, 4716, 5560, 2091, 6444, 738, 4242, 948, 854, 2091, + 2092, 6035, 3612, 2091, 795, 3750, 6074, 825, 6036, 5307, + 2646, 767, 2562, 6117, 3116, 5591, 825, 825, 825, 3839, + 2488, 3746, 807, 6037, 1338, 3499, 817, 817, 3511, 5621, + 4383, 3635, 6157, 1242, 2117, 2118, 2119, 2120, 2121, 2122, + 807, 5898, 5899, 4291, 6189, -2322, 4883, 2488, 3677, 6445, + 1401, 807, 807, 3678, 6208, 5646, 1401, 6432, 2442, 825, + 5308, 764, 6472, 3681, 1936, 1474, 2092, 2088, 2088, 3684, + 2443, 1401, 769, 2092, 739, 2089, 2089, 2108, 812, 3723, + -1296, 2091, 4856, 4859, 2090, 2090, 4859, 4856, 3781, 752, + 3707, 3782, 4131, 4131, 3724, 3636, 2092, 3790, 3469, 4498, + 3516, 2092, 6075, 1389, 2091, 821, 4384, 2092, 5251, 5252, + 5408, 2092, 2088, 3794, 2453, 3731, 825, 3100, 4421, 4422, + 2089, 4879, 4423, 4424, 4425, 807, 6197, 6201, 2091, 2090, + 818, 807, 5101, 5483, 2088, 3233, 819, 2088, 1526, 3831, + 2088, 3146, 2089, 3814, 5900, 2089, 2413, 3147, 2089, 3148, + 6038, 2090, 5309, 3517, 2090, 807, 3304, 2090, 5516, 5354, + -741, 6509, 6510, 6039, 5304, 6248, 6250, 6301, 753, 5491, + 6304, 630, 3305, 946, -931, 4282, 3101, 4142, 2088, 825, + 6040, 835, 3520, 4495, 5735, 5264, 2089, 5484, 825, 2092, + 2885, 4143, 4553, 2898, 2439, 2090, 4343, 5253, 2678, 3779, + 4347, 2088, 5867, 5517, 844, 3521, 5377, 3787, 3789, 2089, + 3537, 6076, 2092, 2088, 5620, 3540, 5901, 3547, 2090, 3328, + 4283, 2089, 3149, 2088, 5868, 2899, 2590, 846, 5305, 4058, + 2090, 2089, 6481, 5414, 5306, 1475, 2092, 1615, 551, 2678, + 2090, 2088, 2506, 2091, 2091, 1843, 2678, 4210, 5651, 2089, + 3357, 3359, 724, 1476, 4276, 4277, 4212, 2752, 2090, 548, + 3366, 807, 807, 2453, 4214, 880, 6499, 1401, 1644, 2678, + 4217, 4218, 5518, 5869, 5254, 546, 3378, 3378, 5389, 723, + 4077, 3319, 4284, 3302, 4077, 4551, 4552, 5485, 2091, 5879, + 5724, 5725, 858, 3715, 4, 5, 4561, 2918, 2755, 2900, + 825, 5534, 4091, 4360, 807, 2771, 5536, 724, 1287, 4510, + 2091, 1823, 545, 2091, 807, 3723, 2091, 4513, 5975, 5008, + 5009, 3419, 5292, 6041, 2413, 4285, 3735, 899, 2791, 3425, + 3724, 4278, 3427, 5052, 5456, 2506, 3407, 5313, 3320, 5107, + 4337, 4557, 901, 4577, 1716, 2088, -615, 4564, 5028, 547, + 2088, 2092, 2092, 2089, 2091, 5486, 4361, 3406, 2089, 1863, + 551, 4185, 2090, 3875, 879, 5066, 5048, 2090, 1739, 6441, + 6441, 5976, 6309, 3404, 2088, 2088, 5078, 2091, 3850, 3851, + 2901, 548, 2089, 2089, 5426, 548, 4530, 4531, 4532, 2091, + 519, 2090, 2090, 1977, 1978, 1979, 2092, 546, 544, 2091, + 5913, 878, 1936, 3460, 4479, 4931, 5427, 4480, 6478, 3976, + 3403, 5601, 4932, 2397, 2510, 962, 5904, 2091, 2092, 2088, + 1864, 2092, 5602, 1865, 2092, 2088, 1172, 2089, 1222, 3641, + 2512, 4237, 948, 2089, 545, 2088, 2090, 4016, 877, 2027, + 3587, 1823, 2090, 2089, 2032, 1823, 1174, 3405, 3588, 4084, + 1866, 3469, 2090, 4874, 4875, 4876, 2376, 688, 3342, 1867, + 4089, 4090, 2092, 5418, 3294, 3560, 5278, 1190, 5279, 4481, + -2402, 547, -2402, 3977, 4578, 547, 2088, 2540, 4945, 4948, + 2541, 4951, 807, 3306, 2089, 2092, 807, 4201, 4286, 4287, + 4288, 3587, 3311, 2090, 5242, 1300, 3400, 2092, 3313, 5083, + 3549, 5243, 1302, 5244, 1479, 1312, 3325, 2092, 2115, 2116, + 2117, 2118, 2119, 2120, 2121, 2122, 3337, 4125, 1317, 3339, + 544, 2091, 2377, 5445, 874, 2092, 2091, 3635, 2088, 5826, + 1322, 2085, 5310, 2378, 4129, 3142, 2089, 3143, 2083, 3976, + 4593, 2379, 1325, 3976, 5055, 2090, 5839, 4595, 5057, 690, + 2091, 2091, 2885, 690, 1192, 2088, 3215, 2088, 690, 5848, + 3215, 5850, 1198, 2089, 2510, 2089, 3381, 1298, 3382, 2380, + 4620, 3475, 2090, 2750, 2090, 4621, 1331, 6017, 2511, 5668, + 2512, 5402, 15, 3486, 4130, 3342, 825, 825, 1343, 3251, + 3252, 3636, 2088, 825, 1334, 2091, 5684, 3378, 3378, 1345, + 2089, 2091, 1352, 3977, 3264, 2088, 3266, 3977, 946, 2090, + 825, 2091, 825, 2089, 2419, 3655, 3656, 2421, 2421, 2088, + 3631, 3518, 2090, 3519, 3280, 2381, 1354, 2089, 3281, 2092, + 3282, 24, 3283, 3640, 2092, 2224, 2090, 3955, 2377, 3958, + 3676, 817, 3964, 5311, 3965, 3966, 817, 3965, 4472, 2378, + 1238, 1238, 2091, 2382, 3639, 1368, 817, 3156, 2092, 2092, + 786, 3487, 817, 1372, 2088, 1252, 1252, 1381, 3679, 5059, + 1374, 4705, 2089, 5355, 2088, 2088, 3967, 2088, 3968, 3686, + 4850, 2090, 2089, 2089, 3488, 2089, 4504, 2413, 4044, 807, + 4045, 2090, 2090, 2088, 2090, 2161, 5040, 2161, 1378, 3267, + 3268, 2089, 2514, 2092, 2091, 2260, 1383, 3637, 3512, 2092, + 2090, 5792, 3689, 825, 3718, 807, 1384, 1401, 2088, 2092, + 2515, 1401, 2325, 4741, 1422, 5777, 2089, 1266, 2330, 2331, + -2359, 2091, 5455, 2091, 2088, 2090, 43, 4855, 3342, 3208, + 2088, 3157, 2089, 1460, 3638, 807, 825, 4254, 2089, 3382, + 1471, 2090, 2499, 854, 3742, 3876, 4486, 2090, 807, 2088, + 2092, 1473, 4249, 1243, 1243, 4858, 3342, 2089, 2091, 2382, + 3745, 4989, 1483, 4991, 2088, 764, 2090, 1493, 48, 3209, + 1487, 2091, 2089, 4351, 3770, 4352, 2088, 50, 3775, 3776, + 807, 2090, 817, 3634, 2089, 2091, 4408, 52, 4409, 807, + 3788, 817, 1494, 2090, 807, 754, 755, 1495, 4672, 4976, + 807, 830, 2092, 63, 2513, 1760, 3210, 6385, 4609, 1500, + 4610, 5433, 4611, 3515, 3523, 807, 1505, 1244, 1244, 3812, + 5908, 4878, 3342, 2396, 3817, 4, 5, 2448, 2088, 2092, + 2091, 2092, 756, 4697, 1508, 4698, 2089, 1999, 6488, 6490, + 2091, 2091, 2514, 2091, 2011, 2090, 4324, 4477, 3447, 4478, + 1824, 4710, 4707, 1825, 4601, 3877, 3519, 1826, 3524, 2091, + 2515, 2088, 3878, 2028, 2029, 4237, 2092, 1266, 3879, 2089, + 4594, 757, 2826, 2827, 3849, 4237, 4237, 1833, 2090, 2092, + 3526, 825, 3856, 3527, 2091, 1834, 3530, 807, 4375, 4863, + 4864, 6433, 2499, 2092, 1358, 2088, 5872, 1359, 1360, 1846, + 2091, 1858, 1361, 2089, 1860, 5877, 2091, 1862, 2453, 2453, + 1401, 4604, 2090, 2278, 3997, 3998, 4, 5, 3999, 3995, + 4000, 4608, 4001, 2278, 3531, 2091, 1868, 3211, 1823, 5638, + 1870, 6476, 1871, 654, 3946, 6293, 6294, 2225, 2092, 3212, + 2091, 1445, 1446, 3957, 3880, 655, 1872, 3535, 2092, 2092, + -3493, 2092, 2091, 1873, -3495, -3492, 3509, 3318, 6105, 3538, + 1874, -3494, 825, 1968, 4700, 4701, 6495, 2092, 4702, 3545, + 4703, 4612, 4704, 4613, 3318, 4614, 6072, 4, 5, 1883, + 793, 2226, 1881, 2227, -1356, 5714, 1882, 3557, -1356, 1884, + 4113, 5307, 2092, 6508, 4615, 1889, 4616, 3996, 718, 5096, + 2608, 3980, 1888, 4934, 2091, 4935, 3860, 3881, 2092, 4008, + 4961, 807, 4962, 794, 2092, 3443, 1890, 807, 825, 825, + 5060, 5359, 2278, 5360, 4386, 4387, 1816, 4389, 4391, -1356, + 825, 6088, 5275, 2092, 5276, -1356, 5277, 2091, 3979, 3213, + 1891, 5975, 5308, 1455, 1893, 657, 758, 2088, 2092, 1894, + 5361, 2161, 5362, 4, 5, 2089, 5363, 6089, 5364, 1892, + 2092, 3723, 5107, 759, 2090, 2928, 2928, 5403, -1356, 2278, + 5685, 2091, 5416, 2228, 5417, 3978, 3724, 5424, 5436, 2278, + 5437, 1904, 1479, 1479, 2516, 5661, 1951, 2885, 2161, 760, + 1817, 4572, 1965, 6547, 5976, 2022, 4581, -2350, 1966, 1366, + 1367, 1967, 1370, 4237, 1371, 825, 3631, 825, 5461, 3214, + 5462, 1972, 2092, 1920, 1920, 1920, 6048, 1973, -969, 3640, + 4582, 4583, 5481, 2229, 5482, 4413, 1013, 1014, 5094, 1974, + 1017, 3980, 1019, 761, 1021, 3980, 3861, 5595, 1975, 4352, + 3639, 5907, -741, 1976, 4641, 2092, -2350, 5409, 4237, 1980, + 1918, 1918, 1918, 2054, 795, 719, 3137, 2124, 1982, 2088, + 6090, 3975, 6091, 2058, 5738, 4588, 4714, 2089, 3979, 1983, + 2230, 4589, 3979, 5859, 1984, 5860, 2090, 4753, 5975, 2092, + 5910, 4590, 5911, 1985, 6073, 659, 1986, 1917, 1917, 1917, + 5916, 1987, 5911, 3637, 1479, 1988, 5499, 5502, 5504, 5506, + 1989, 1990, 5509, 5510, 5966, 3978, 4352, 5514, 4141, 3978, + 5520, 5965, 5967, 5524, 4352, 6119, 5499, 6120, 1991, 5396, + 5535, 5499, 4591, 2091, 1919, 1919, 1919, 3589, 2125, 1992, + 3638, 5976, 1993, 1996, 2516, 2085, 519, 4165, 6146, 6158, + 6147, 6159, 2083, -1701, 6193, 718, 4409, 1997, 1401, 1401, + 2088, -2350, 6074, 1998, 6072, 4, 5, 6051, 2089, 475, + 2006, 2231, 5886, 6057, 6058, 807, 6277, 2090, 5121, -1700, + 825, 825, 5892, 2126, 4592, 2088, 718, 2007, 1358, 3634, + 2008, 1359, 1360, 2089, 2009, 2232, 1959, 6178, 5084, 5085, + 2506, 3975, 2090, -2350, 4963, 3975, 2012, 2013, 4061, 4261, + 825, 4600, -2350, 4606, 5292, 2695, 2696, 2697, 6092, 2698, + -3595, 2699, -2350, 2700, 2014, 3280, 2413, 3862, 2015, 3281, + 542, 3288, 2016, 3283, 4228, 2127, 4230, 519, -2350, 2128, + 6321, 2092, 6322, 2017, 6177, 2091, 2018, 569, 4607, 492, + 517, 2019, 5845, 551, 5455, 4115, 4303, 6356, 6075, 5437, + 493, 4618, 4, 5, 2020, 1248, 1248, 2021, 2835, 543, + 514, 2023, 2024, 3863, 548, 4619, 494, 574, 2025, 807, + 4117, 1239, 1239, 2026, 2030, 5267, 1247, 1247, 1361, 5268, + 546, 5269, 4945, 5270, 4948, 2031, 4951, 4809, 6368, 6377, + 6369, 6378, 1245, 1245, 2033, 2034, -969, 3208, 6179, 2035, + 2036, 5205, 719, 2037, 4, 5, 2130, 2038, 1916, 1923, + 4622, 1928, 1929, 1930, -2352, 4183, 1433, 545, 1933, 2132, + 5016, 5401, -2586, 5407, 6178, 2039, 2091, 2088, 4077, 6394, + 4298, 5911, 6396, 719, 5911, 2089, 2040, 3209, 2088, 817, + 2137, 3864, -1356, 2092, 2090, 5703, 2089, 807, 6424, 2041, + 5911, 2091, 5638, 2042, 547, 2090, 2043, 6076, 4602, 2044, + 2047, 807, 6073, -2352, 5419, 807, 1246, 1246, 2048, 5271, + 6404, 825, 2049, 5272, 3210, 5273, 1823, 5274, 6034, 2890, + 5420, 6434, 6458, 5911, 5437, 2136, 5880, 1011, 1012, 1013, + 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, 6531, 2050, + 6532, 2051, 2052, 544, 3865, 6205, 2145, 825, 825, 6072, + 4, 5, 2053, 2055, 5310, 1242, 1242, 2056, 4782, 2146, + 3866, 3867, 3500, 2057, 2059, 3868, 3869, 3870, 4483, 5975, + 6074, 718, 2060, 2061, 2092, 6179, 2062, 2928, 2147, 6310, + 2063, 2066, 2724, 2067, -766, 825, 4400, 4401, 4402, 4403, + 4405, 4406, 4407, 2070, 1479, 4410, 2071, 2072, 2073, 2092, + 2074, 4436, 2075, 2148, 6088, 2076, 4984, 5019, -2352, 6015, + 2131, -2572, -2573, 2153, 1816, 2180, 5886, 2179, 641, 4782, + 2182, 2376, 5976, 2202, 2220, 2222, 2221, 1043, 2223, 1823, + 6089, 4452, 4453, 3871, 4455, 3211, 4457, 4458, 4459, 4460, + 4461, 4462, 4463, 2091, 4465, 2242, 2243, 3212, 4474, 2725, + -2352, 4421, 4422, 2088, 2091, 4423, 4424, 4425, 2252, -2352, + 2255, 2089, 6094, 2266, 2256, 5311, 6075, 2278, 1820, -2352, + 2090, 5061, 2306, 4605, 2316, 551, 2318, 2322, 1817, 2328, + 6224, 2329, 4501, 2335, 965, -2352, 3872, 2377, 2376, 6181, + 1373, -969, 551, 2336, 2338, 4782, 548, 2340, 2378, 4789, + 2344, 2361, 2362, 2363, 807, 1819, 2379, 1064, 2365, 9, + 2374, 2386, 546, 548, 2385, 2726, 2389, 2727, 966, 4744, + 2399, 3251, 3252, 2728, 2430, 825, 825, 3976, 719, 546, + 807, 2415, 2405, 6090, 2380, 6091, 3264, 2416, 3266, 14, + 2426, 6194, 1818, 4543, 3809, 2435, 2436, 3213, 2445, 545, + 2449, 2092, 2452, 2464, 2377, 2468, 2472, 6073, 6077, 2479, + 4789, 2493, 2092, 6035, 967, 2378, 545, 6160, 20, 2494, + 6036, 968, 2503, 2379, 2507, 6076, 2499, 2528, 6536, 1920, + 2535, 2551, 23, 2729, 2544, 6037, 547, 2552, 2561, 2564, + 2381, 3977, 2566, 2567, 2571, 5127, 1078, 2574, 969, 2572, + 2578, 2380, 2580, 547, 6180, 2596, 970, -2322, 2584, 2586, + 2593, 4833, 2600, 2601, 2602, 6178, 1918, 3214, 2382, 28, + 2598, 2603, 2630, 2638, -2350, 6074, 6181, 2730, 1815, 2091, + 2649, 3267, 3268, 2605, 2651, 544, 4789, 4624, 2606, 2653, + 3810, 2654, 2655, 971, 5809, 5810, 2657, 5812, 2658, 2660, + 2661, 2678, 544, 1917, 2665, 2676, 2677, 2381, 2687, 2694, + 6264, 2708, 6460, 2736, 2749, 1011, 1012, 1013, 1014, 1015, + 1016, 1017, 1018, 1019, 1020, 1021, 2750, 2751, 4662, 2768, + 2762, 6092, 2764, 40, 2845, 2382, 4745, 4746, 972, 973, + 1919, 2767, 825, 2822, 807, 2815, 2819, 4782, 5706, 825, + 825, 2831, 4680, 2864, 2841, 4683, 4684, 2860, 6295, 2891, + 5128, 2892, 6038, 2919, 2920, 2926, 4679, 2925, 5129, 5708, + 2943, 6075, 1433, 2731, 2932, 6039, 6179, 2951, 2948, 2970, + 6365, 2972, 2971, 5130, 2732, 2998, 3013, 2092, 875, 3014, + 4375, 3016, 6040, 5131, 5132, 5133, 3015, 4806, 3018, 3019, + 3020, 3025, -2171, 5134, 3042, 3038, 51, 3035, 4806, 3039, + 4806, 4734, 3046, 519, 519, 1043, 5174, 5175, 5176, 5177, + 5178, 5179, 5180, 5181, 5182, 5183, 3045, 5185, 5186, 5187, + 5188, 5189, 5190, 5191, 5192, 3047, 5193, 5194, 3048, 1206, + 5198, 5199, 6546, 3057, 4782, 793, 3049, 85, 3056, -1356, + 6093, 3066, 876, -1356, 3067, 627, 3068, 3070, 3318, 807, + 3071, 825, 2183, 3069, 807, 807, 3072, 3073, 3075, 974, + 817, 6373, 3088, 3076, 3089, 3093, 3098, 2376, 794, 3107, + 6076, 3104, 3112, 3138, 5349, 3135, 6077, 4814, 4789, 3139, + 3140, 3141, 807, 807, -1356, 1064, 4782, 6486, 1207, 4842, + -1356, 4925, 3144, 3152, 5378, 2088, 3153, 3154, 3162, 5968, + 3166, 5969, 5970, 2089, 3167, 6365, 3170, 3171, 3183, 3184, + 1287, 3187, 2090, 3188, 3193, 4760, 4, 5, 3207, 3221, + -2597, 4, 5, -1356, 3222, 6041, 3238, 3230, 3231, 975, + 3274, 5135, 3243, 2377, 3277, 3329, 5315, 1957, 2555, 3279, + 5733, 5325, 3312, 5136, 2378, 3333, 3338, 3349, 2376, 4956, + 3354, 3355, 2379, 1429, 2713, 2714, 2715, 2716, 3360, 2281, + 3361, 3362, 3995, 1011, 1012, 1013, 1014, 1015, 1016, 1017, + 1018, 1019, 1020, 1021, 1078, 4789, 6438, 3373, 3370, 2184, + 2380, -2352, 3393, 3417, 628, 2005, 3436, 3418, 3439, 4413, + 4837, 2185, 4782, 3441, 6373, 3442, 2438, 5490, -1912, -1912, + 2717, 2718, 2719, 3444, 3453, 6523, 3454, 3455, 3458, 795, + -1912, 3459, 3461, 3469, 2377, 3946, 6535, 6181, 3476, 3551, + 3525, 3480, 3483, 3492, 6523, 2378, -3628, 4789, 5137, 3493, + 3495, 3496, 6535, 2379, 3497, 6094, 2381, 3498, 3502, 3510, + 3996, 3514, 4761, 5138, 3522, 2640, 2186, 1208, 4979, 1209, + 3528, 3529, 2720, 2721, 2187, 3533, 1820, 3534, 1541, 3546, + 1210, 2380, 2087, 1043, 2382, 5709, 3581, 976, 5710, 3539, + 3543, 2091, 3544, -1912, 3593, 3550, 1211, 3556, 3561, -1498, + 3568, 3574, 519, 5029, 5139, 5002, 2122, 3583, 3584, 3585, + 5707, 2188, 3586, 1819, 3600, -1666, 5030, 5708, 5140, 629, + 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, + 1021, -1912, 5031, 4763, 3605, -1912, 2722, 2381, 2045, -1912, + 2064, 6227, 6228, 5611, 2068, 3610, 3608, 3611, -1912, -1912, + 1818, 6077, 3613, 4789, 3621, -1912, 3622, 3614, 3617, -1912, + 3643, 3659, 5032, 1064, -1912, 2382, -1912, 3623, 3663, 3662, + -1912, 3664, 3667, 3671, 3672, 5623, 3675, 3687, -1912, 3691, + -1912, 3704, 5051, 3701, 3710, 2167, -1912, 3705, 3728, 3980, + 4764, 4765, 4766, 2282, 630, 3729, 5763, 3738, 3739, 2092, + 2723, 2695, 2696, 5540, 678, 5541, -1912, 5542, 3755, 5543, + 4767, 3757, 875, 3758, 4680, 3759, -1912, -3628, 3763, -1912, + 1043, 3762, 3795, 3804, 2189, 6381, 3979, 4662, 4679, 3808, + 3822, 825, 3829, 3837, 5082, 5497, 1815, 3833, 3840, -1912, + 3841, 3853, 5033, 3852, 631, 3854, 3855, 5513, 5081, 3857, + 3858, 2190, 1078, 3859, 3898, 3901, 652, 3904, -1912, 3908, + 3910, 3911, -1912, 3978, 3914, 2835, 3915, 4768, 3916, 4769, + 3917, -1912, 3950, 3918, 5108, 3919, 876, 3951, 3920, 5109, + 1212, 3921, 4, 5, 5796, 3922, 5119, 5472, 3923, 4770, + -1912, 519, 4503, -743, 3924, 3925, 5290, 2724, 5215, 3926, + 1064, 3927, 3941, 5034, 3928, -1912, 3959, 4771, 3985, 807, + 3929, -1912, -1912, 653, 4772, 5169, 5626, -1356, 3930, 807, + 2281, 3931, 3932, 5515, 5616, 5617, -1912, 5619, -1912, 4773, + 3933, 3953, 5624, 3954, 3960, 5628, 4774, 3934, 5631, 5632, + 5755, 3935, 2283, 5197, 5760, 5761, 5640, -743, 5641, 3975, + 771, 4775, 3936, 3937, 3938, 3986, 2284, 5647, 2285, 3958, + 3955, 3956, 4002, 4007, 2725, 4010, 3723, 4011, 5707, 2488, + 4013, 4023, 4025, 4026, 4028, 5708, 4027, 2414, 1823, 4033, + 2414, 3724, 4029, 654, 4037, 4038, 4039, 4041, 4055, 1078, + 2286, 4085, 4086, 4087, 2287, 655, 4100, 3812, 4101, 4102, + 5226, 4108, -1709, 2288, 2890, 4121, 4166, 770, 4776, 4151, + 4139, 4140, 4167, 4152, 4153, 4180, 4179, 4189, 4777, 4181, + 5035, 5036, 3594, 5709, 4191, 4195, 5710, 4197, 4198, 825, + 2726, 4199, 2727, 4202, 4203, 5711, 2289, 5225, 2728, 632, + 5999, 5281, 4215, 4216, 633, 4207, 2191, -743, 771, 4208, + 2954, 2192, 2953, 3342, 2290, 4240, 4778, 4255, 656, 4260, + 4264, 4259, 4266, 4299, 772, 4306, 1823, 4314, 4312, 4779, + 4316, 4317, 4318, 4341, 5224, -1912, 1816, 5169, 4342, 4345, + 4346, 4372, 4368, 4416, 773, -2074, 4381, 817, 1213, 1214, + 1215, 1216, 5353, 4382, 4417, 657, 4418, 4434, 2729, 4438, + 4445, 4493, 4502, 4446, 4447, 519, 4449, 4505, 4780, 3358, + 4518, 4514, 5708, 4520, 4781, -743, 4525, 5366, 4526, 634, + 4538, 4546, 4548, 4555, 4556, 4562, 2193, 4565, -3628, 4625, + 4566, 4567, 2291, 775, 2282, 2194, 4568, 4626, 4782, 2292, + 1817, 4636, 2730, 4637, 4656, 5379, 551, 4648, 4640, 2293, + 4650, 4665, 519, 4666, 4651, 4674, 4652, 4653, 4654, 4655, + 5223, 4663, 4669, 2294, 1816, 517, 4667, 548, 4670, 5037, + 5038, 4689, 4783, 4690, 4708, 4695, 4713, 4714, 4715, 4784, + 4729, 4735, 773, 546, 1920, 4726, 4737, 2295, 4738, 4739, + 4743, 4742, 3995, -1912, 4749, 4750, 2296, 4752, 4804, 2297, + 6505, -2121, 4818, 4755, 5921, 4843, 4840, -1822, 658, 5292, + -1827, 4846, 4847, 774, 4785, 4852, 4853, 2298, 4867, 4872, + 545, 1918, 4885, 4930, 4938, 4954, 4662, 4955, 1817, 4786, + 4787, 775, 4980, 679, 4965, 659, 4981, 4986, 2731, 4994, + 5007, 5010, 4788, 5011, 5013, 5023, 5022, 5053, 2299, 2732, + 5833, 3553, 4631, 4358, 5062, 5064, 5065, 547, 1917, 5068, + 5069, 629, 5070, 2903, 52, 5088, 5074, 2835, 5089, 5102, + 3996, 5125, 5120, 5126, 5143, 5150, 5121, 519, 4734, 4789, + 5144, 5709, 5145, 2283, 5710, 5146, 5147, 4925, 5170, 5171, + 5452, 5172, 5184, 5883, 5212, 1919, 4896, 2284, 5234, 2285, + 5239, -266, 5237, 5247, 5249, 5257, 544, 825, 2887, 5283, + 5169, 5284, 5480, 5301, 5285, 5466, 5467, 5468, 5292, 5303, + 5316, 5317, 5326, 5327, 5329, 5328, 5330, 807, 5333, 5331, + 5039, 2286, 5335, 5336, 5334, 2287, 630, 5337, 5347, 5351, + 5350, 5344, 5358, 825, 2288, 5365, 5368, 5374, 5381, 5382, + 5385, 5375, 5387, 5511, 5512, 5391, 5392, 5393, 5400, 5404, + 2161, 5405, 5548, 5525, 3946, 5406, -743, 5410, 5412, 5290, + -1912, 5415, 5422, 5425, -73, 5431, 5547, 2289, 5439, 5423, + 5449, 5447, 5463, 2641, 5450, 5458, 5459, 5470, 5451, 5473, + 5474, 5567, 5571, 3946, 5495, 2290, 5587, 5579, 5562, 5588, + 5589, -1912, 5592, -1912, 5596, 5597, -1912, -1912, 5594, 5598, + 5585, 5599, 5607, 5606, 5226, 1823, 660, 5608, 5709, 5293, + -743, 5710, 5609, 771, 5614, 5612, 5625, 5629, 5630, 4432, + 5662, 5664, 5666, 5680, 5691, 661, 5693, 5695, 5699, 3723, + 5700, 5697, 2628, 5618, 5702, 5705, 5716, 5169, 5719, 5732, + 5731, 5225, 5737, 5744, 3724, 5743, 5748, 5751, 5635, 5752, + 5119, 5119, 807, 5753, 5756, 5768, 5772, 5770, 5645, 5775, + 6414, 5778, 5634, 2291, 2835, 5648, 5776, 5649, 5650, 5780, + 2292, 807, 5644, 662, 5784, 5786, 1169, 5119, 5224, 5805, + 2293, 6107, 6233, 5794, 5119, 5806, 5811, 5813, 5814, 5169, + 5816, 5818, 5478, 5829, 2294, 5835, 5306, 5836, 5846, 5840, + 663, 5851, 5291, 3976, 5670, 5482, 5874, 5881, 5882, 664, + -743, 5888, 5663, 875, 5887, 5679, 5889, 5909, 2295, 5894, + 5294, 6233, 5891, 1169, 2005, 5913, 5925, 2296, 5905, 5915, + 2297, 5917, 5931, 5919, 5483, 5935, 5944, 519, 5951, 5954, + 2747, 2005, 5953, 5971, 5972, 5974, 5982, 773, 2298, 5983, + 809, 5984, 5992, 5990, 5991, 5997, 6000, 776, 6001, 6002, + 6008, 6009, 6011, 6012, 5223, 1920, 6016, 3977, 6020, 6030, + 6013, -2121, 6014, 6053, 6029, 6065, -166, 876, -743, 2299, + 6101, 6054, 6033, 6059, 4760, 5723, 6106, 6115, 6118, 6126, + 6127, 6128, 6131, 6142, 6140, 6144, 775, 5108, 5730, 6145, + 6148, 6149, 1918, 6152, 6155, 6161, 5119, 6165, 6168, 6173, + 6176, 6190, 3814, 6192, 6211, 6213, 6204, 5742, 6217, 6219, + 5742, 5747, 6215, 6216, 662, 5749, 6221, 6222, 6223, 5169, + 6541, 6237, 6233, 6238, 6239, 6236, 6272, 5759, 6275, 1917, + 6276, 6297, 5767, 6311, 6326, 6332, 6337, 6338, 6341, 6343, + 6353, 777, 4925, 6282, 4893, 4898, 6316, 6318, 5769, 5801, + 6319, 5801, 6329, 6384, -2570, 6357, -2571, 6358, 1820, 6362, + 2896, 6387, 5292, 6390, 5771, 6397, 1919, 2005, 6399, 5820, + 6398, 5822, 6405, 6407, 6409, 6413, 6415, 6449, 6166, 6167, + 6418, 6169, 6170, 6171, 6172, 6461, 6464, 6473, 6474, 6475, + 6487, 6492, 6469, 6482, 6477, 1819, 6497, 6498, 6500, 6503, + 5783, 2885, 5785, 6542, 6504, 6496, 6506, 6511, 2963, 6501, + 6512, 6502, 6524, 6513, 6540, 4220, 3727, 4476, 5674, 5676, + 4321, 817, 5675, 817, 6056, 4866, 6108, 5782, 6244, 3812, + 6406, 3812, 1818, 5821, 4953, 1390, 1395, 1391, 4497, 5367, + 2450, 5457, 4488, 4969, 3343, 4275, 1820, 5142, 2911, 3240, + 4542, 3428, 3430, 5824, 5169, 5119, 5169, 4522, 5938, 5937, + 825, 5169, 5774, 5119, 1507, 5340, 4912, 3429, 5169, 5169, + 5842, 5073, 5119, 5079, 5718, 5432, 6281, 5843, 5169, 3598, + 5895, 6367, 6463, 1819, 5169, 5119, 6422, 5119, 6175, 5893, + 1958, 3848, 5338, 2440, 5615, 5852, 6103, 5657, 5750, 5343, + 6442, 6336, 6340, 5823, 5489, 2885, 1169, 6266, 6289, 6257, + 1169, 6292, 1800, 6258, 6259, 5864, 6260, 5041, 1815, 6300, + 1818, 2519, 6303, 4385, 4966, 4854, 5004, 4554, 6240, 6279, + 807, 3295, 3987, 1169, 4628, 3085, 5058, 5056, 1958, 5054, + 6468, 779, 6435, 1169, 6436, 780, 6063, 4313, 6308, 6315, + 6313, 5977, 5801, 3310, 5817, 5819, 4754, 5341, 5655, 2459, + 4297, 3108, 6138, 2631, 4295, 965, 3907, 6274, 5981, 2835, + 3276, 3719, 5293, 4196, 4535, 4034, 4993, 808, 2424, 1424, + 5742, 4154, 4247, 2375, 2423, 5918, 2150, 4371, 5376, 6296, + 9, 5955, 5923, 807, 4204, 5067, 4124, 5169, 5169, 966, + 764, 4122, 4174, 4658, 4171, 2829, 1815, 807, 2888, 1169, + 1169, 1169, 1169, 3946, 2738, 1958, 4575, 5942, 2684, 5397, + 14, 519, 1169, 2748, 817, 6408, 6255, 6491, 6489, 3158, + 3161, 3946, 6448, 5371, 2414, 2367, 3182, 2368, 2369, 2370, + 5682, 2372, 5964, 6150, 5460, 967, 6151, 3173, 3151, 20, + 2693, 3824, 968, 4647, 4367, 5261, 5260, 4646, 5713, 6154, + 5989, 5446, 5704, 23, 5169, 2418, 4374, 5399, 4370, 5726, + 5169, 2432, 5986, 1447, 5372, 873, 4861, 2835, 4862, 969, + 5047, 5266, 3816, 5294, 3353, 790, 5119, 970, 781, 6086, + 3385, 2576, 1308, 6086, 911, 4032, 2262, 6003, 6007, 4992, + 28, 5112, 5906, 6010, 4397, 5801, 880, 5465, 5098, 5095, + 6459, 3693, 4806, 4806, 1839, 3694, 3004, 6380, 1958, 1844, + 5801, 1292, 4241, 3732, 971, 5936, 1175, 5736, 1296, 3096, + 6462, 6028, 2713, 2714, 2715, 2716, 1293, 2425, 2636, 1295, + 4997, 6493, 5051, 5600, 6539, 6543, 5815, 1960, 5742, 6485, + 3803, 3708, 4030, 5728, 4056, 4233, 6060, 4232, 5169, 1250, + 3658, 3435, 1251, 4234, 40, 4226, 4229, 4688, 6544, 972, + 973, 4225, 6100, 3414, 3118, 2165, 2931, 817, 2717, 2718, + 2719, 1205, 2144, 4873, 4200, 5282, 5384, 3897, 4315, 2624, + 2625, 5875, 817, 6421, 4926, 3980, 6116, 1342, 2321, 799, + 783, 784, 785, 4815, 1169, 879, 3785, 1937, 4990, 5169, + 6133, 5575, 3431, 4545, 5114, 1939, 1949, 6110, 6348, 807, + 5576, 825, 5570, 5569, 5586, 1831, 548, 6134, 5169, 807, + 2720, 2721, 3979, 0, 0, 2569, 1950, 51, 0, 6086, + 0, 1176, 878, 0, 0, 0, 0, 0, 0, 1177, + 4734, 4734, 0, 0, 0, 0, 6086, 0, 0, 0, + 0, 0, 0, 0, 1178, 0, 0, 0, 0, 3978, + 3244, 0, 0, 0, 1179, 1180, 1181, 0, 85, 877, + 0, 0, 0, 0, 1182, 0, 911, 0, 0, 0, + 911, 6191, 1813, 0, 2722, 0, 6203, 0, 0, 0, + 974, 0, 6210, 0, 3245, 0, 3437, 0, 0, 0, + 1958, 0, 873, 1958, 0, 0, 547, 0, 0, 0, + 0, 0, 0, 0, 0, 825, 6218, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 6530, 0, 0, 0, + 0, 0, 3246, 6242, 0, 6537, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3975, 0, 5964, 2723, 0, + 0, 0, 0, 0, 0, 874, 0, 0, 0, 0, + 975, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2005, 3478, 0, 0, 6007, 0, 0, 1169, 0, 0, + 1915, 1915, 0, 1915, 1915, 1915, 6028, 0, 0, 0, + 1915, 0, 0, 0, 4925, 0, 0, 0, 0, 825, + 0, 0, 6346, 0, 6346, 0, 0, 6290, 6291, 0, + 0, 0, 1183, 0, 0, 0, 0, 0, 0, 6302, + 0, 0, -1856, -1856, 1184, 0, 0, 0, 0, 0, + 0, 6317, 0, 0, -1856, 0, 0, 0, 0, 0, + 5742, 0, 5742, 5747, 0, 2724, 0, 0, 0, 0, + 0, 0, 3548, 0, 0, 0, 0, 0, 0, 0, + 2085, 0, 0, 0, 0, 3563, 0, 2083, 0, 2640, + 807, 0, 0, 0, 6345, 0, 6345, 0, 0, 6351, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4925, 0, 0, 0, -1856, 976, 0, + 0, -1912, -1912, 0, 0, 2835, 0, 0, 0, 0, + 0, 0, 2725, -1912, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1185, 0, 0, 825, 0, 0, + 6374, 0, 0, 6375, 0, -1856, 0, 0, 0, -1856, + 0, 0, 0, -1856, 0, 5742, 5742, 0, 2640, 6391, + 6086, 6086, -1856, -1856, 0, 3620, 5742, 0, 0, 0, + 0, 0, 0, -1856, 0, 1186, 0, 0, -1856, 0, + -1856, 2167, 0, 0, -1856, 0, -1912, 0, 2726, 1187, + 2727, 0, -1856, 0, -1856, 0, 2728, 0, 0, 6086, -1856, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 825, 0, 0, 0, 0, 0, 0, + -1856, 0, 0, 0, -1912, 0, 0, 5742, -1912, 0, + -1856, 0, -1912, -1856, 0, 0, 0, 0, 0, 0, + 0, -1912, -1912, 0, 0, 0, 0, 3247, 0, 0, + 2835, 0, -1912, -1856, 0, 0, 2729, -1912, 0, -1912, + 0, 0, 2143, -1912, 0, 0, 0, 0, 0, 2628, + 0, -1912, -1856, -1912, 0, 0, -1856, 3248, 3249, -1912, + 3250, 3251, 3252, 3253, 3254, -1856, 3255, 3256, 3257, 3258, + 3259, 3260, 3261, 3262, 0, 3263, 3264, 3265, 3266, -1912, + 2730, 0, 0, 0, -1856, 0, 0, 0, 0, -1912, + 2005, 0, -1912, 0, 0, 0, 0, 0, 0, -1856, + 0, 0, 0, 0, 0, 0, -1856, 0, 0, 0, + 0, 0, -1912, 0, 0, 0, 0, 0, 0, 0, + -1856, 0, -1856, 0, 0, 0, 0, 0, 0, 2303, + 2835, -1912, 0, 0, 0, -1912, 825, 0, 0, 0, + 0, 2835, 0, 0, -1912, 825, 0, 0, 0, 2835, + 0, 0, 0, 0, 0, 1958, 0, 2835, 0, 0, + 0, 0, 0, -1912, 1169, 0, 1169, 0, 0, 0, + 0, 3267, 3268, 0, 0, 0, 2731, 0, -1912, 0, + 0, 0, 0, 0, 0, -1912, 0, 2732, 0, 0, + 0, 0, 0, 2414, 0, 2414, 2414, 3836, 0, -1912, + 0, -1912, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1169, 1169, 0, 0, 0, + 0, 1169, 0, 0, 0, 1169, 1169, 1169, 0, 0, + 0, 0, 0, 0, 0, 1169, 1169, 1958, 0, 1170, + 0, 1169, 0, 0, 0, 1169, 1169, 1169, 0, 1169, + 1169, 1169, 0, 1958, 1958, 0, 0, 0, 0, 0, + 1169, 0, 1169, 0, 0, 1169, 1169, 1169, 1169, 0, + 1169, 0, 1169, 1169, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1169, 1169, 1169, 1169, + 1169, 0, 1169, 1169, 1169, 1169, 1169, 1169, 0, 1169, + 1169, 0, 1169, 1169, 0, 1169, 1169, 0, 0, 1169, + 1169, 0, 1169, 1169, 0, 0, 1169, 0, 1169, 0, + 0, 0, 1169, 1169, 1169, 0, 0, 1169, 1169, 1169, + 1169, 0, 1169, 0, 0, 0, 0, 0, 0, 1169, + 0, 0, 0, 0, 0, 1169, 1169, 1169, 1169, 0, + 0, 0, 0, 0, 0, 0, 1169, 1169, 0, 1169, + 1169, 0, 0, 1169, 1169, 1169, 1169, 1169, 1169, 1169, + 1169, 1169, 1169, 1169, 1169, 1169, 0, -1856, 1169, 0, + 0, 0, 2628, 1958, 0, 0, 0, 0, 0, 0, + 1958, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4778, -1912, 0, 0, 0, -1912, 0, 0, 0, -1912, - 0, 0, 1958, 4779, 0, 0, 0, 0, -1912, -1912, - 0, 0, 0, 0, 0, 0, 0, 0, 0, -1912, - 0, 0, 0, 0, -1912, 0, -1912, 0, 0, 0, - -1912, 0, 0, 0, 0, 0, 0, 0, -1912, 0, - -1912, 0, 4780, 2414, 0, 0, -1912, 0, 4781, 0, - 0, 0, 0, 0, 0, 0, 0, 5877, 1169, 0, - 0, 0, 0, 0, 0, 0, -1912, 0, 0, 0, - 0, 0, 4782, 0, 0, 0, -1912, 0, 0, -1912, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1169, 0, 0, 0, 0, 0, 0, -1912, - 0, 0, 0, 0, 0, 1958, 4783, 1958, 1958, 1958, - 0, 1169, 0, 4784, 0, 1169, 0, 1169, -1912, 0, - 5923, 0, -1912, 0, 0, 0, 0, 0, 0, 0, - 0, -1912, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 965, 0, 0, 0, 4785, 0, - -1912, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4786, 4787, -1912, 0, 0, 0, 9, - 0, 0, -1912, 0, 0, 0, 4788, 0, 966, 0, - 0, 0, 0, 0, 0, 0, -1912, 0, -1912, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 14, + 0, 4, 5, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4789, -3761, -3761, -3761, 0, 0, 0, - 0, 0, 0, 0, 967, 0, 0, 0, 20, 0, - 0, 968, 0, 0, 0, 0, 1170, 0, 0, 0, - 1170, 0, 23, 0, 0, 0, 4760, 4, 5, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 969, 0, - 0, 0, 0, 1170, 0, 0, 970, 0, 0, 0, - 0, 0, 0, 1170, 0, 0, 0, 0, 0, 28, + 0, 1958, 0, 0, 0, 0, 0, 0, 0, 1253, + 0, 1254, 0, 0, 0, 0, 0, 0, 0, 685, + 0, 0, 0, 0, 0, 0, -1912, 0, 0, 0, + 0, 0, 0, 1222, 0, 0, 0, 0, 0, 0, + 0, 1255, 1256, 0, 0, 0, 0, -1093, -1093, 0, + 0, 1257, 0, 0, 0, 0, 0, 0, 0, 4760, + 4, 5, 0, 0, 0, 16, 17, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4886, 0, 4887, + 4888, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1169, 1170, 1169, 0, 0, 1170, 1258, 0, 0, + 0, 4889, 0, 4890, 0, 0, 0, 0, 0, 4891, + 0, 1259, 0, 0, -1856, 0, 0, 0, 1958, 1170, + 0, 0, 0, 0, 1169, 0, 0, 2641, 0, 1170, + 2438, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4892, 0, 0, 0, -1856, 0, -1856, 4177, 0, + -1856, -1856, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2005, 0, 1260, 0, 0, + 0, 0, 0, 0, 0, 0, 4761, 0, 0, 1261, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, -1912, 0, 1170, 1170, 1170, 1170, 0, + 0, 0, 0, 0, 0, 4893, 2641, 0, 1170, 0, + 0, 1169, 0, 0, 0, 0, 0, 1958, 0, 1958, + 0, 0, 0, 0, -1912, 0, -1912, 0, 0, -1912, + -1912, 0, 0, 2963, 1262, 0, 4894, 0, 4895, 0, + 0, 0, 0, 0, 0, 0, 1169, 4763, 0, 4896, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, -931, - 0, -931, 0, 971, 1958, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2438, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1170, - 1170, 1170, 1170, 40, 0, 0, 6129, 0, 972, 973, - 0, 0, 1170, 0, 0, 0, 6135, 0, 1169, 4760, - 4, 5, 1169, 0, 0, 1169, 0, 0, 0, 0, - 0, 0, 0, 4761, 1169, 0, 0, 0, 0, 0, - 0, 0, 0, 1169, 0, 1169, 1169, 0, 1169, 1169, - 1169, 1169, 0, 1169, 0, 1169, 1169, 0, 1169, 0, - 0, 0, 0, 0, 0, 0, 1169, 1169, 3085, 0, - 0, 1169, 1169, 1169, -3761, 0, 51, 0, 0, 0, - 0, 1169, 1169, 1169, 0, 1169, 0, 1169, 0, 1169, - 0, 1169, 0, 1169, 0, 0, 0, 0, 1169, 1169, - 2438, 1169, 1169, 1169, 4763, 0, 0, 1169, 0, 965, - 1169, 0, 0, -1912, 0, 0, 0, 85, 0, 1169, - 0, 0, 1169, 0, 1169, 1169, 1169, 911, 0, 1169, - 0, 0, 0, 0, 9, 0, 0, 0, 0, 974, - 0, 0, 0, 966, 0, 0, 4761, 0, 0, 0, - 0, 1169, 0, 1169, 0, 0, 1169, 0, 0, 0, - 0, 4764, 4765, 4766, 14, 0, 1169, 1169, 1169, 1169, - 1958, 1169, 0, 0, 0, 0, 1169, 0, 0, 0, - 0, 4767, 0, 0, 0, 0, 0, 1958, 0, 967, - 0, 0, -3761, 20, 1170, 0, 968, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 23, 0, 975, - 0, 0, 0, 0, 0, 0, 0, 4763, 0, 0, - 0, 0, 0, 969, 0, 3397, 0, 0, 0, 0, - 0, 970, 0, 0, 0, 0, 0, 0, 4768, 0, - 4769, 0, 0, 0, 28, 0, 0, 0, 0, 911, - 0, 0, 0, 873, 0, 1958, 0, 0, -931, 0, - 4770, 0, 0, 0, 0, 0, 0, 6341, 971, 0, - 0, 0, 0, 0, 4764, 4765, 4766, 0, 4771, 0, - 0, 0, 0, 0, 0, 4772, 0, 0, 1169, 0, - -1912, 0, 0, 0, 4767, 0, 0, 0, 0, 0, - 4773, 0, 0, 2641, 0, 0, 0, 4774, 40, 0, - 1169, 0, 0, 972, 973, 0, 0, 0, 0, 1958, - 1958, -1912, 4775, -1912, 0, 0, -1912, -1912, 0, 0, - 0, 0, 965, 0, 0, 0, 0, 0, 0, 0, - 0, 2414, 0, 0, 0, 0, 0, 976, 0, 0, - 0, 4768, 0, 4769, 0, 0, 0, 9, 0, 0, - 0, 0, 0, 0, 0, 0, 966, 0, 0, 0, - 0, 0, 0, 4770, 0, 0, 0, 1170, 0, 4776, - 1169, 51, 0, 0, 0, 0, 0, 14, 0, 4777, - 0, 4771, 0, 0, 0, 0, 0, 0, 4772, 0, - 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, - 0, 4177, 967, 4773, 0, 1958, 20, 0, 0, 968, - 4774, 0, 85, 0, 0, 0, 0, 4778, 0, 0, - 23, 0, 0, 0, 0, 4775, 0, 0, 0, 0, - 4779, 0, 915, 0, 974, 0, 969, 0, 0, 0, - 0, 0, 0, 0, 970, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, - 0, 0, 0, 0, 916, 0, 0, 0, 0, 4780, - 0, 0, 0, 0, 0, 4781, 0, 0, 0, 0, - 0, 971, 4776, 1169, 0, 918, 0, 1935, 0, 0, - 0, 0, 4777, 0, 919, 0, 0, 0, 0, 4782, - 0, 0, 0, 0, 975, 0, 0, 0, 0, 0, - 0, 0, 3630, 0, 0, 920, 0, 0, 0, 0, - 0, 40, 0, 0, 0, 0, 972, 973, 0, 921, - 4778, 0, 0, 4783, 922, 0, 0, 0, 0, 0, - 4784, 0, 0, 4779, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1169, 1169, 0, 0, 0, 923, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4785, 0, 0, 0, 0, - 0, 0, 4780, 1958, 0, 0, 0, 0, 4781, 0, - 4786, 4787, 0, 0, 51, 0, 0, 0, 0, 0, - 0, 0, -3909, 4788, 0, 0, 0, 0, 0, 0, - 0, 0, 4782, 0, 0, 0, 0, 924, 0, 0, - 0, 925, 0, 0, 0, 0, 0, 0, 0, 0, - 1169, 0, 0, 1169, 0, 85, 0, 0, 0, 926, - 4789, 0, 976, 927, 928, 0, 4783, 0, 0, 2303, - 0, 0, 0, 4784, 0, 0, 0, 974, 1169, 1169, + 0, 0, 4897, 0, 0, 0, 0, 0, 0, 1263, 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, - 0, 0, 1958, 0, 929, 0, 0, 0, 0, 0, - 0, 930, 931, 0, 0, 1169, 0, 1169, 4785, 1169, - 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4786, 4787, 1169, 0, 0, 0, 0, - -3909, 1958, 0, 0, 0, 0, 4788, 0, 0, 0, - 0, 0, 0, 0, 1169, 1169, 0, 975, 0, 1169, - 0, 1169, 0, 1169, 0, 0, 0, 0, 1169, 0, - 0, 2611, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4789, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 1170, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1958, - 0, 2612, 0, 1169, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3884, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1169, 0, 0, 2613, 1170, 1170, 0, 0, 2614, - 0, 1170, 0, 0, 0, 1170, 1170, 1170, 0, 0, - 2615, 2616, 0, 0, 0, 1170, 1170, 0, 0, 0, - 0, 1170, 0, 0, 0, 1170, 1170, 1170, 0, 1170, - 1170, 1170, 0, 0, 0, 976, 0, 0, 0, 0, - 1170, 0, 1170, 0, 0, 1170, 1170, 1170, 1170, 0, - 1170, 0, 1170, 1170, 0, 0, 0, 0, 0, 0, - 3974, 0, 0, 0, 0, 0, 1170, 1170, 1170, 1170, - 1170, 0, 1170, 1170, 1170, 1170, 1170, 1170, 0, 1170, - 1170, 0, 1170, 1170, 0, 1170, 1170, 0, 0, 1170, - 1170, 1169, 1170, 1170, 0, 0, 1170, 0, 1170, 0, - 1169, 0, 1170, 1170, 1170, 0, 0, 1170, 1170, 1170, - 1170, 0, 1170, 0, 1169, 0, 1958, 1169, 0, 1170, - 0, 0, 0, 0, 0, 1170, 1170, 1170, 1170, 0, - 0, 0, 0, 0, 0, 0, 1170, 1170, 0, 1170, - 1170, 0, 0, 1170, 1170, 1170, 1170, 1170, 1170, 1170, - 1170, 1170, 1170, 1170, 1170, 1170, 0, 0, 1170, 4760, - 4, 5, 0, 0, 0, 2617, 0, 0, 0, 0, - 0, 0, 1915, 1915, 1915, 2618, 0, 0, 3630, 0, - 0, 0, 0, 0, 0, 0, 2619, 5651, 0, 4887, - 3974, 0, 2620, 1170, 3974, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 965, 0, 0, - 0, 4889, 0, 0, 0, 2628, 0, 0, 0, 5652, - 0, 0, 0, 0, 2621, 0, 0, 0, 2622, 0, - 0, 0, 9, 0, 0, 0, 0, 0, 0, 0, - 2438, 966, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 5653, 0, 0, 0, 0, 0, 0, 0, 2623, - 0, 0, 14, 1169, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1169, 0, 0, 4761, 967, 0, 0, - 0, 20, 0, 0, 968, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 23, 0, 0, 0, 0, - 0, 1170, 0, 1170, 0, 4893, 0, 0, 0, 1169, - 1169, 969, 1169, 0, 0, 0, 0, 0, 0, 970, + 0, 0, 0, 0, 0, 0, 0, 3085, 3085, 0, + 1264, 0, 0, 0, 4764, 4765, 4766, 0, 0, 1265, + 0, 0, 0, 0, 0, 0, 0, 0, 915, 0, + 0, 0, 1266, 0, 4767, 0, 0, 0, 0, 0, + 0, 0, 0, 1267, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 916, 0, 0, 0, 0, 0, 1268, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 918, 0, 4898, 0, 0, 0, 0, 0, 0, + 919, 4768, 0, 4769, 0, -2322, 1269, 0, 0, 1270, + 1170, 1271, 0, 2414, 0, 0, 0, 0, 0, 0, + 0, 920, 0, 4770, 0, 0, 0, 0, 0, 0, + 4899, 0, 0, 0, 0, 921, 0, 0, 1272, 1273, + 922, 4771, 0, 0, 1274, 1275, 0, 0, 4772, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1276, 0, 4773, 923, 1169, 0, 0, 0, 0, + 4774, 0, 0, 0, 4900, 4901, 0, 0, 0, 0, + 0, 4902, 1277, 0, 0, 4775, 0, 0, 0, 0, + 0, 0, 0, 4903, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1278, 0, 0, 0, 0, 1958, + 1169, 0, 0, 0, 4904, 0, 0, 0, 1169, 1169, + 0, 0, 0, 924, 0, 0, 0, 925, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4905, 0, + 0, 0, 4776, 0, 0, 926, 0, 0, 0, 927, + 928, 0, 4777, 0, 0, 0, 0, 0, 1279, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1169, 1280, 0, 0, 0, 0, 0, 0, + 929, 0, 1281, 1958, 1958, 1282, 1283, 930, 931, 0, + 4778, 2414, 0, 1170, 0, 0, 0, 0, 0, 0, + 1284, 0, 0, 4779, 0, 4906, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1169, 1169, 1169, 0, 0, - 0, 0, 28, 0, 1170, 0, 0, 0, 4895, 0, - 0, 0, 0, 0, 0, 0, 0, 4763, 0, 0, - 0, 0, 1169, 1169, 0, 0, 971, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4897, 0, 0, 0, 1169, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1169, 0, - 0, 0, 0, 0, 0, 0, 40, 1169, 0, 0, - 0, 972, 973, 0, 4764, 4765, 4766, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 4767, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1285, 0, 0, + 0, 0, 4780, 0, 0, 0, 1286, 2611, 4781, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1169, 0, 0, 0, 1169, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1170, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 51, - 0, 1958, 0, 4898, 0, 0, 0, 0, 0, 0, - 0, 4768, 0, 4769, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4770, 0, 0, 0, 0, 0, 0, - 85, 0, 0, 0, 0, 0, 0, 0, 0, 1526, - 1527, 4771, 0, 0, 1531, 1532, 0, 0, 4772, 0, - 0, 0, 974, 0, 1541, 0, 0, 0, 0, 0, - 0, 0, 0, 4773, 0, 0, 0, 0, 0, 0, - 4774, 0, 0, 0, 4900, 0, 0, 0, 0, 1563, - 0, 4902, 0, 0, 0, 4775, 0, 4, 5, 0, - 0, 0, 1576, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4019, 0, 0, 1591, 0, - 6255, 0, 0, 0, 4904, 1253, 0, 1254, 0, 0, - 0, 0, 975, 0, 0, 685, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1615, 1222, - 0, 0, 4776, 0, 0, 0, 0, 1255, 1256, 0, - 0, 0, 4777, 0, 0, 0, 0, 1257, 1634, 1635, - 1636, 0, 0, 0, 0, 0, 0, 0, 1643, 1644, - 1645, 16, 17, 0, 0, 1170, 0, 0, 0, 1169, - 1169, 0, 0, 0, 0, 0, 1660, 0, 0, 0, - 4778, 0, 0, 0, 0, 0, 0, 1813, 0, 0, - 0, 0, 0, 4779, 911, 4906, 0, 0, 0, 0, - 0, 0, 0, 1258, 0, 0, 0, 0, 1689, 0, - 1170, 911, 0, 0, 0, 0, 0, 1259, 1170, 1170, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4780, 0, 0, 1716, 0, 0, 4781, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 976, 1169, 0, 0, 1958, 0, 0, 0, 1738, 1739, - 1740, 0, 4782, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 1260, 0, 0, 0, 0, 0, 0, - 1759, 1760, 0, 0, 0, 1261, 0, 0, 0, 0, - 0, 0, 0, 0, 965, 0, 4783, 0, 1915, 0, - 0, 0, 0, 4784, 0, 1169, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1170, 1170, 1170, 0, 9, - 0, 0, 0, 0, 1958, 0, 0, 0, 966, 0, - 0, 1775, 0, 1776, 1777, 0, 0, 0, 4785, 0, - 1262, 0, 0, 0, 0, 0, 0, 0, 0, 14, - 1778, 0, 0, 4786, 4787, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4788, 0, 0, 0, - 0, 0, 0, 0, 967, 1170, 0, 0, 20, 0, - 0, 968, 0, 0, 1169, 1263, 1779, 1780, 0, 0, - 0, 0, 23, 1170, 0, 0, 0, 1170, 1170, 0, - 1170, 1170, 0, 4789, 0, 0, 1264, 0, 969, 1170, - 0, 1170, 0, 0, 0, 1265, 970, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1266, 28, - 0, 0, 1782, 0, 0, 0, 0, 0, 0, 1267, - 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1958, 0, -3352, 0, 1287, + 0, 0, 4782, 4907, 965, 1169, 0, 0, 1958, 0, + 4587, 0, 0, 0, 4908, 4909, 4910, 2612, 0, 0, + 0, 0, 0, 1169, 0, 0, 0, 1169, 1169, 9, + 1169, 1169, 0, 0, 0, 0, 4783, 0, 966, 1169, + 0, 1169, 0, 4784, 0, 0, 0, 0, 0, 4623, + -3352, 0, 0, 0, 0, 0, 0, 1288, 0, 14, + 2613, 0, 0, 0, 0, 2614, 0, 0, 0, 0, + 0, 0, 1169, 0, 0, 0, 2615, 2616, 4785, 0, + 0, 0, 0, 0, 967, 0, 0, 0, 20, 0, + 0, 968, 0, 4786, 4787, 0, 0, 0, 1169, 0, + 0, 0, 23, 0, 0, 0, 4788, 0, 0, 0, + 4911, 0, 0, 0, 1958, 0, 0, 4682, 969, 0, + 0, 0, 0, 0, 0, 0, 970, 0, 0, 0, + 0, 0, 0, 0, 1169, 0, 0, 0, 0, 28, + 0, 0, 0, 4789, 0, 0, 0, 0, 0, 0, + 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 971, 0, 0, 0, 0, 0, 0, - 0, 0, 1268, 0, 0, 0, 0, 0, 1170, 0, - 0, 0, 0, 1783, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1169, 0, 1169, - 0, -2322, 1269, 40, 0, 1270, 0, 1271, 972, 973, - 0, 0, 0, 0, 1170, 0, 0, 1171, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 1272, 1273, 0, 0, 0, 0, - 1274, 1275, 0, 0, 0, 1784, 1785, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1276, 0, 0, - 0, 1786, 1787, 0, 1171, 0, 0, 0, 1170, 0, - 0, 0, 4802, 4802, 0, 1170, 51, 0, 1277, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 965, 0, 0, -1093, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1169, 0, + 0, 0, 0, 0, 0, 1169, 0, 0, 9, 0, + 0, 0, 1958, 40, 0, 0, 0, 966, 972, 973, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1278, 0, 0, 1789, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 14, 0, + 0, 2617, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 2618, 0, 1958, 0, 0, 0, 0, 0, 911, + 0, 0, 2619, 967, 0, 0, 0, 20, 2620, 0, + 968, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 23, 0, 0, 0, 0, 51, 0, 0, 0, + 0, 0, 0, 0, 2414, 0, 0, 969, 0, 0, + 2621, 0, 0, 0, 2622, 970, 0, 0, 0, 1169, + 0, 0, 0, 0, 0, 0, 0, 0, 28, 0, 0, 0, 0, 0, 0, 0, 0, 85, 0, 0, - 0, 0, 0, 0, 0, 1169, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 974, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1169, 1279, 0, 0, 0, 0, 0, - 0, 0, 3884, 0, 0, 0, 0, 0, 0, 1280, - 0, 0, 0, 0, 0, 0, 1169, 0, 1281, 1170, - 0, 1282, 1283, 0, 4802, 0, 0, 0, 0, 0, - 0, 0, 4253, 0, 0, 0, 1284, 0, 0, 0, - 1791, 0, 0, 1792, 0, 0, 1793, 0, 0, 975, - 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1794, 0, 1170, 1285, 0, 0, 1170, 0, 1170, 0, - 0, 0, 1286, 0, 0, 1813, 0, 0, 0, 0, - 1796, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, -3352, 0, 1287, 0, 0, 0, 0, + 1170, 0, 1170, 0, 0, 2623, 0, 0, 0, 0, + 0, 0, 971, 1169, 0, 0, 0, 0, 0, 974, + 0, 0, 0, 0, 0, 0, 1958, 3397, 1958, 1958, + 1958, 0, 1169, 0, 0, 0, 1169, 0, 1169, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 911, 40, 0, 0, 873, 0, 972, 973, 0, + 0, 1170, 1170, 0, 0, 0, 0, 1170, 0, 0, + 0, 1170, 1170, 1170, 0, 0, 0, 0, 0, 0, + 0, 1170, 1170, 0, 0, 0, 0, 1170, 0, 975, + 0, 1170, 1170, 1170, 0, 1170, 1170, 1170, 0, 0, + 0, 0, 0, 0, 0, 0, 1170, 0, 1170, 0, + 0, 1170, 1170, 1170, 1170, 0, 1170, 0, 1170, 1170, + 0, 0, 0, 0, 0, 51, 0, 0, 0, 0, + 0, 0, 1170, 1170, 1170, 1170, 1170, 0, 1170, 1170, + 1170, 1170, 1170, 1170, 0, 1170, 1170, 0, 1170, 1170, + 0, 1170, 1170, 0, 0, 1170, 1170, 0, 1170, 1170, + 0, 0, 1170, 0, 1170, 0, 85, 0, 1170, 1170, + 1170, 0, 0, 1170, 1170, 1170, 1170, 0, 1170, 0, + 0, 0, 0, 0, 0, 1170, 0, 0, 974, 0, + 0, 1170, 1170, 1170, 1170, 0, 4760, 4, 5, 0, + 0, 0, 1170, 1170, 0, 1170, 1170, 0, 0, 1170, + 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, 1170, + 1170, 1170, 0, 0, 1170, 1958, 0, 976, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1935, 0, 0, 0, 0, 0, 0, 0, -931, + 0, -931, 0, 0, 0, 0, 0, 0, 975, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2438, 0, 1169, + 0, 0, 0, 1169, 0, 0, 1169, 0, 0, 0, + 0, 0, 0, 0, 0, 1169, 0, 0, 0, 0, + 0, 0, 0, 0, 1169, 0, 1169, 1169, 0, 1169, + 1169, 1169, 1169, 0, 1169, 0, 1169, 1169, 0, 1169, + 0, 0, 0, 4761, 3630, 0, 0, 1169, 1169, 3085, + 0, 0, 1169, 1169, 1169, 0, 0, 0, 0, 0, + 0, 0, 1169, 1169, 1169, 0, 1169, 0, 1169, 0, + 1169, 0, 1169, 0, 1169, 0, 0, 0, 0, 1169, + 1169, 0, 1169, 1169, 1169, 0, 0, 0, 1169, 0, + 0, 1169, 0, 0, 0, 0, 0, 1170, 0, 1170, + 1169, 0, 0, 1169, 0, 1169, 1169, 1169, 965, 0, + 1169, 0, 0, 0, 4763, 0, 976, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1170, 0, 1169, 9, 1169, 0, 0, 1169, 0, 0, + 0, 0, 966, 0, 0, 0, 0, 1169, 1169, 1169, + 1169, 1958, 1169, 4758, 0, 4759, 0, 1169, 0, 0, + 4760, 4, 5, -3751, 0, 0, 0, 0, 1958, 0, + 0, 4764, 4765, 4766, 0, 0, 0, 0, 0, 0, + 0, 2303, 0, 0, 0, 0, 0, 0, 967, 0, + 0, 4767, -3750, 0, 0, 968, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 23, 0, 0, 0, + 0, 0, 0, -931, 0, -931, 0, 1170, 0, 0, + 0, 0, 969, 0, 0, 0, 0, 0, 0, 0, + 970, 0, 0, 0, 0, 0, 1958, 0, 0, 0, + 0, 2438, 0, -3750, 0, 0, 0, 0, 4768, 0, + 4769, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 971, -931, 1169, + 4770, 0, 0, 0, 4760, 4, 5, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4761, 4771, 1170, + 0, 1169, 0, 0, 0, 4772, 0, 0, 0, 0, + 1958, 1958, 0, 0, 0, 0, 0, -3750, 0, 4762, + 4773, 0, 972, 973, 0, 0, 0, 4774, 0, 0, + 0, 0, 965, 2414, 0, 0, 3884, -931, 0, -931, + 0, 0, 4775, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 9, 0, 0, + 0, 0, 0, 0, 0, 2438, 966, 0, 4763, 0, + 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 14, 0, 0, + -3750, 0, 0, 0, 1169, 0, 0, 0, 0, 4776, + 0, 0, 0, 4177, 0, 0, 1958, 0, 0, 4777, + 0, 4761, 967, 0, 0, 0, 20, 0, 0, 968, + 0, 0, 0, 0, 0, 4764, 4765, 4766, 0, 0, + 23, -3751, 3974, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4767, 969, 4778, 0, 0, + 0, 0, 0, 974, 970, 0, 0, 0, 0, 0, + 4779, 1170, 0, 0, 0, 0, 0, 28, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 4763, 0, 1169, 0, 0, 0, 0, 0, + 0, 971, 0, 0, 0, 0, 0, 0, 0, 4780, + 0, 0, 4768, 0, 4769, 4781, 1170, 0, 0, 0, + 0, 0, 0, 0, 1170, 1170, 0, 0, 0, 0, + 0, 0, -931, 975, 4770, 0, 0, 0, 0, 4782, + 0, 40, 0, 0, 0, 0, 972, 973, 0, 4764, + 4765, 4766, 4771, 0, 1915, 1915, 1915, 0, 0, 4772, + 3630, 0, 0, 0, 1169, 1169, 0, 0, 0, 4767, + 0, 0, 3974, 4783, 4773, 0, 3974, 0, 1170, 0, + 4784, 4774, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1958, 0, 4775, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 51, 4785, 0, 0, 0, 0, + 0, 1170, 1170, 1170, 0, 0, 4768, 0, 4769, 0, + 4786, 4787, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1169, 0, 4788, 1169, 0, -931, 0, 4770, 0, + 0, 0, 0, 4776, 0, 85, 0, 0, 0, 0, + 0, 0, 0, 4777, 0, 0, 4771, 0, 0, 1169, + 1169, 976, 0, 4772, 1169, 0, 0, 974, 0, 0, + 4789, 1170, 0, 1958, 0, 0, 0, 0, 4773, 0, + 0, 0, 0, 0, 0, 4774, 1169, 0, 1169, 1170, + 1169, 4778, 1169, 1170, 1170, 0, 1170, 1170, 0, 5203, + 4775, 0, 0, 0, 4779, 1170, 1169, 1170, 0, 0, + 0, 0, 1958, 0, 0, 0, 0, 0, 0, 0, + 4019, 0, 0, 0, 0, 1169, 1169, 0, 0, 0, + 1169, 0, 1169, 0, 1169, 0, 0, 975, 1170, 1169, + 0, 0, 0, 4780, 0, 0, 0, 0, 0, 4781, + 0, 0, 0, 0, 0, 0, 0, 4776, 0, 0, + 0, 0, 0, 0, 1170, 0, 0, 4777, 965, 0, + 0, 0, 0, 4782, 0, 0, 0, 0, 0, 0, + 1958, 0, 0, 0, 1169, 0, 0, 0, 0, 0, + 0, 0, 0, 9, 0, 0, 0, 0, 0, 0, + 1170, 0, 966, 0, 0, 4778, 0, 4783, 0, 0, + 0, 0, 0, 0, 4784, 0, 0, 1170, 4779, 0, + 0, 0, 1169, 14, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, -3761, -3761, + -3761, 0, 0, 0, 0, 0, 965, 0, 967, 4785, + 0, 0, 20, 0, 1170, 968, 0, 4780, 0, 0, + 0, 1170, 0, 4781, 4786, 4787, 23, 0, 0, 0, + 0, 9, 0, 0, 0, 976, 0, 4788, 0, 0, + 966, 0, 969, 0, 0, 0, 0, 4782, 0, 0, + 970, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 14, 0, 28, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4789, 0, 0, 0, 0, 0, + 0, 4783, 1169, 0, 0, 0, 967, 971, 4784, 0, + 20, 1169, 0, 968, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 23, 1169, 0, 1958, 1169, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 969, 0, 0, 4785, 0, 1170, 0, 40, 970, 0, + 0, 0, 972, 973, 0, 0, 0, 0, 4786, 4787, + 0, 28, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4788, 0, 0, 0, 0, 0, 0, 0, 1170, + 0, 0, 0, 0, 0, 971, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1170, 0, + 0, 0, 1170, 0, 1170, 0, 0, 0, 4789, 0, + 0, 0, 0, 0, 0, 0, 0, 0, -3761, 0, + 51, 0, 0, 0, 0, 40, 0, 2628, 0, 0, + 972, 973, 0, 0, 0, 0, 0, 0, 0, 1813, + 0, 0, 0, 0, 0, 0, 911, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 85, 0, 911, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1169, 0, 0, 0, 0, 0, + 0, 0, 0, 974, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1169, 0, 0, 0, 51, 0, + 0, 0, 0, 0, 0, 0, -3909, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1169, 1169, 0, 1169, 0, 0, -3761, 0, 0, 85, + 0, 0, 0, 0, 0, 0, 1169, 1169, 1169, 0, + 1915, 0, 0, 975, 0, 0, 0, 0, 0, 0, + 0, 974, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1169, 1169, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1169, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1169, + 0, 0, 0, 0, -3909, 0, 0, 0, 1169, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, + 0, 975, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1170, 0, 0, 0, 1170, + 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 1170, 0, 1169, 0, 0, 0, 1169, 0, 0, + 1170, 0, 1170, 1170, 1171, 1170, 1170, 1170, 1170, 0, + 1170, 0, 1170, 1170, 0, 1170, 0, 0, 965, 0, + 0, 976, 1958, 1170, 1170, 0, 0, 0, 1170, 1170, + 1170, 0, 0, 0, 0, 0, 0, 0, 1170, 1170, + 1170, 0, 1170, 9, 1170, 0, 1170, 0, 1170, 0, + 1170, 0, 966, 0, 0, 1170, 1170, 0, 1170, 1170, + 1170, 0, 0, 0, 1170, 0, 0, 1170, 0, 0, + 0, 0, 0, 14, 0, 0, 1170, 0, 0, 1170, + 0, 1170, 1170, 1170, 0, 0, 1170, 4760, 4, 5, + 0, 0, 0, 0, 0, 0, 0, 0, 967, 976, + 0, 0, 20, 0, 0, 968, 0, 0, 1170, 0, + 1170, 0, 0, 1170, 0, 5652, 23, 4887, 0, 0, + 0, 0, 0, 1170, 1170, 1170, 1170, 0, 1170, 0, + 0, 0, 969, 1170, 0, 0, 0, 0, 0, 4889, + 970, 0, 0, 0, 4802, 4802, 0, 5653, 0, 0, + 0, 0, 0, 28, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 2438, 0, + 0, 0, 0, 0, 0, 0, 0, 971, 0, 5654, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, -3352, 0, 0, 0, - 0, 0, 0, 1288, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 976, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 3974, 0, + 1169, 1169, 0, 0, 4761, 0, 0, 40, 0, 0, + 0, 0, 972, 973, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3884, 0, 0, 0, 0, 0, + 0, 0, 0, 4893, 0, 1170, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4802, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1170, 0, 0, + 0, 0, 0, 0, 0, 0, 4895, 0, 0, 0, + 0, 0, 0, 0, 0, 4763, 0, 0, 0, 0, + 51, 0, 0, 1169, 0, 0, 1958, 1171, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 4897, 0, 0, 0, 0, 0, 0, 1813, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 0, 85, 0, 0, 1171, 0, 0, 1170, 0, 0, + 0, 0, 4764, 4765, 4766, 0, 0, 1169, 0, 0, + 0, 0, 0, 974, 0, 0, 0, 0, 0, 0, + 1170, 0, 4767, 0, 0, 0, 1958, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1526, 1527, 0, 0, + 0, 1531, 1532, 0, 0, 0, 0, 0, 0, 0, + 0, 1541, 0, 0, 0, 0, 0, 0, 0, 0, + 1171, 1171, 1171, 1171, 0, 0, 4253, 0, 0, 0, + 0, 4898, 0, 1171, 0, 0, 1563, 0, 0, 4768, + 0, 4769, 0, 975, 0, 0, 1169, 0, 0, 1576, + 3974, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4770, 0, 0, 0, 1591, 0, 6256, 0, 0, + 1170, 0, 0, 0, 0, 0, 0, 0, 0, 4771, + 0, 0, 0, 0, 0, 0, 4772, 0, 0, 0, + 0, 0, 0, 0, 0, 1615, 0, 0, 0, 0, + 0, 4773, 0, 0, 0, 0, 0, 0, 4774, 0, + 0, 0, 4900, 0, 0, 1634, 1635, 1636, 0, 4902, + 0, 0, 0, 4775, 0, 1643, 1644, 1645, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1170, 1170, 0, 1660, 0, 0, 0, 0, 0, 1169, + 0, 1169, 4904, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1689, 0, 0, 0, 0, + 4776, 976, 0, 0, 0, 0, 0, 0, 0, 0, + 4777, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1716, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 1170, 0, 0, + 1170, 0, 0, 0, 0, 1738, 1739, 1740, 4778, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4802, + 0, 4779, 0, 4906, 0, 1170, 1170, 1759, 1760, 0, + 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 5222, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1170, 0, 1170, 0, 1170, 1169, 1170, 0, + 4780, 0, 0, 0, 0, 0, 4781, 0, 0, 0, + 0, 0, 1170, 0, 0, 0, 0, 0, 1775, 0, + 1776, 1777, 0, 0, 0, 1169, 0, 0, 0, 0, + 4782, 1170, 1170, 0, 0, 0, 1170, 1778, 1170, 0, + 1170, 0, 0, 0, 0, 1170, 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4783, 0, 0, 0, 0, 0, + 0, 4784, 0, 1779, 1780, 0, 0, 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4785, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 1782, + 0, 4786, 4787, 0, 0, 0, 0, 911, 1170, 0, + 0, 0, 0, 0, 4788, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1169, 0, 0, 0, + 1783, 0, 806, 0, 0, 1915, 0, 0, 0, 0, + 0, 4789, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1171, 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, - 1169, 0, 0, 1171, 0, 0, 0, 0, 1958, 1170, - 0, 0, 0, 1170, 1169, 0, 1170, 0, 0, 0, - 0, 0, 0, 0, 0, 1170, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 1170, 1170, 0, 1170, - 1170, 1170, 1170, 0, 1170, 0, 1170, 1170, 0, 1170, - 0, 0, 0, 0, 0, 0, 0, 1170, 1170, 0, - 0, 0, 1170, 1170, 1170, 0, 0, 0, 0, 0, - 0, 0, 1170, 1170, 1170, 0, 1170, 4802, 1170, 0, - 1170, 0, 1170, 0, 1170, 0, 0, 0, 0, 1170, - 1170, 0, 1170, 1170, 1170, 0, 0, 0, 1170, 5221, - 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, - 1170, 0, 0, 1170, 0, 1170, 1170, 1170, 0, 0, - 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 0, 1170, 0, 0, 1170, 0, 0, - 0, 0, 0, 0, 1169, 0, 0, 1170, 1170, 1170, - 1170, 0, 1170, 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4802, 0, 0, - 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1784, 1785, 0, 0, 0, 0, 1170, 0, + 0, 0, 0, 0, 0, 0, 0, 1170, 1786, 1787, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1170, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 911, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1789, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1169, 1170, - 0, 0, 1915, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, + 1958, 0, 0, 0, 0, 0, 1169, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1326, 4802, 0, + 0, 4802, 0, 0, 0, 0, 0, 1791, 0, 0, + 1792, 0, 0, 1793, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 5222, 0, 0, 0, 0, + 1170, 0, 0, 0, 0, 0, 0, 1794, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1416, 0, 0, + 1170, 0, 0, 0, 0, 0, 0, 1796, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1170, 1170, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, - 1958, 1170, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1170, 1170, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1958, + 0, 0, 0, 0, 0, 0, 1169, 0, 0, 1170, + 1170, 0, 0, 0, 4802, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 1171, 0, 0, + 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1170, 0, 0, 0, 0, + 0, 0, 0, 1169, 1170, 0, 0, 0, 0, 0, + 0, 1135, 0, 0, 0, 0, 1915, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1171, 1171, 0, 0, + 0, 0, 1171, 0, 0, 0, 1171, 1171, 1171, 1170, + 0, 0, 0, 1170, 0, 1908, 1171, 1171, 0, 0, + 0, 0, 1171, 0, 0, 0, 1171, 1171, 1171, 0, + 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, + 1169, 1171, 0, 1171, 0, 0, 1171, 1171, 1171, 1171, + 0, 1171, 0, 1171, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, + 1171, 1171, 0, 1171, 1171, 1171, 1171, 1171, 1171, 1813, + 1171, 1171, 0, 1171, 1171, 0, 1171, 1171, 0, 0, + 1171, 1171, 0, 1171, 1171, 0, 0, 1171, 0, 1171, + 0, 0, 0, 1171, 1171, 1171, 0, 0, 1171, 1171, + 1171, 1171, 0, 1171, 0, 0, 0, 0, 0, 0, + 1171, 0, 0, 0, 0, 0, 1171, 1171, 1171, 1171, + 0, 0, 1958, 0, 0, 0, 0, 1171, 1171, 0, + 1171, 1171, 0, 0, 1171, 1171, 1171, 1171, 1171, 1171, + 1171, 1171, 1171, 1171, 1171, 1171, 1171, 0, 0, 1171, + 0, 0, 0, 0, 0, 0, 0, 1813, 0, 0, + 0, 1958, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1170, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 4802, 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1169, 0, 5221, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1170, + 0, 0, 1171, 0, 1171, 1969, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1169, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1995, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 2010, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 2263, 0, 0, 1170, 0, 0, 2271, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 1170, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2084, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 1416, 0, 0, 0, 0, 0, 0, 1169, 0, 0, + 0, 1169, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1170, - 1170, 0, 0, 0, 1170, 0, 0, 0, 0, 0, - 0, 0, 0, 1915, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1170, 0, 1170, 0, - 1170, 0, 1170, 0, 0, 1169, 0, 0, 0, 1169, - 0, 0, 0, 0, 0, 0, 1170, 0, 0, 0, + 3884, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 4802, 3974, 0, 0, 4802, + 0, 0, 0, 0, 0, 0, 873, 0, 0, 0, + 0, 0, 0, 0, 0, 2451, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1170, 2463, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1170, 1170, 0, 0, 0, - 1170, 0, 1170, 0, 1170, 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 1171, 0, 0, - 0, 0, 0, 0, 0, 0, 1813, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 2279, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4802, 0, + 0, 0, 0, 0, 0, 0, 4802, 0, 0, 0, + 0, 0, 4802, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 0, 0, 1169, 1171, 1171, 0, 0, - 0, 0, 1171, 0, 0, 0, 1171, 1171, 1171, 0, - 0, 0, 0, 0, 0, 0, 1171, 1171, 0, 0, - 0, 0, 1171, 0, 0, 0, 1171, 1171, 1171, 0, - 1171, 1171, 1171, 0, 1813, 1135, 0, 0, 0, 0, - 0, 1171, 0, 1171, 0, 0, 1171, 1171, 1171, 1171, - 0, 1171, 0, 1171, 1171, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, - 1171, 1171, 0, 1171, 1171, 1171, 1171, 1171, 1171, 0, - 1171, 1171, 0, 1171, 1171, 0, 1171, 1171, 0, 0, - 1171, 1171, 1170, 1171, 1171, 0, 0, 1171, 0, 1171, - 0, 1170, 0, 1171, 1171, 1171, 0, 0, 1171, 1171, - 1171, 1171, 0, 1171, 0, 1170, 0, 0, 1170, 0, - 1171, 0, 0, 0, 0, 0, 1171, 1171, 1171, 1171, - 0, 0, 0, 0, 0, 0, 0, 1171, 1171, 0, - 1171, 1171, 0, 0, 1171, 1171, 1171, 1171, 1171, 1171, - 1171, 1171, 1171, 1171, 1171, 1171, 1171, 0, 0, 1171, + 0, 0, 0, 0, 0, 4802, 1171, 0, 0, 0, + 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, + 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1171, 0, 0, 0, 0, 0, 0, 0, 1171, + 1171, 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4802, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, + 0, 4802, 0, 0, 0, 4802, 0, 0, 0, 0, + 0, 0, 2475, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, + 0, 0, 0, 0, 0, 2573, 0, 2573, 0, 0, + 0, 0, 0, 0, 1171, 4802, 6386, 0, 1171, 1171, + 0, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, + 1171, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 1171, 0, 0, 0, 0, 0, - 1170, 1170, 0, 1170, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1170, 1170, 1170, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, - 0, 0, 0, 0, 4802, 0, 0, 0, 0, 0, - 0, 0, 0, 1170, 1170, 0, 0, 3884, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1969, - 0, 0, 4802, 3974, 0, 0, 4802, 1170, 0, 0, - 0, 0, 0, 873, 0, 0, 0, 0, 0, 1170, - 0, 0, 1995, 0, 0, 0, 0, 0, 1170, 0, - 0, 0, 2010, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4802, + 0, 4802, 4802, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1170, 4802, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1170, 0, 0, 0, 1170, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 2084, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4802, 0, 0, 0, 0, - 0, 0, 0, 4802, 1171, 0, 0, 0, 0, 4802, - 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4802, 0, 0, 0, 0, 1171, + 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 4802, + 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2812, 0, 0, 0, 2816, 0, 0, 0, + 0, 0, 0, 2823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1171, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 2634, + 0, 2634, 0, 2923, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1170, + 0, 0, 0, 1171, 0, 0, 0, 1171, 0, 1171, + 0, 0, 0, 0, 0, 0, 0, 2977, 0, 0, + 0, 0, 2983, 0, 0, 2986, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2683, 0, 0, 0, + 2688, 0, 2690, 0, 0, 0, 0, 0, 0, 0, + 2705, 2706, 0, 0, 0, 0, 2735, 0, 0, 0, + 2740, 2741, 2742, 0, 2744, 2745, 2746, 0, 0, 0, + 0, 0, 3021, 0, 0, 2754, 1170, 2757, 0, 0, + 2758, 2759, 2760, 2761, 3031, 0, 0, 2765, 2766, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 2777, 2778, 2785, 2789, 2790, 0, 2793, 2794, 2795, + 2798, 2799, 0, 0, 2802, 2803, 0, 2809, 2810, 0, + 2813, 2814, 0, 0, 0, 2818, 0, 2820, 2821, 0, + 0, 2824, 0, 2825, 0, 0, 0, 2828, 2785, 2830, + 0, 0, 2836, 0, 2838, 2839, 0, 2840, 0, 0, + 0, 0, 0, 0, 2844, 0, 0, 0, 0, 0, + 2846, 2847, 2848, 0, 0, 0, 0, 0, 1170, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3124, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1416, 0, 0, 1170, 0, 0, + 0, 0, 0, 0, 0, 1416, 1416, 0, 0, 1170, + 0, 0, 0, 0, 0, 0, 0, 0, 2944, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4802, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4802, 0, - 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, + 1171, 0, 0, 0, 1171, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, - 1170, 1170, 0, 2279, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 1171, 1171, 0, + 1171, 1171, 1171, 1171, 0, 1171, 0, 1171, 1171, 3226, + 1171, 0, 0, 0, 0, 3229, 0, 0, 1171, 1171, + 0, 0, 0, 1171, 1171, 1171, 0, 0, 1170, 0, + 0, 0, 0, 1171, 1171, 1171, 0, 1171, 0, 1171, + 0, 1171, 0, 1171, 0, 1171, 0, 0, 0, 0, + 1171, 1171, 0, 1171, 1171, 1171, 0, 0, 0, 1171, + 0, 0, 1171, 0, 0, 0, 3058, 0, 3063, 0, + 0, 1171, 0, 0, 1171, 0, 1171, 1171, 1171, 0, + 0, 1171, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3090, + 0, 0, 0, 1171, 0, 1171, 0, 0, 1171, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 1171, + 1171, 1171, 0, 1171, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1171, 0, 0, 0, 0, 0, 0, 0, 1171, + 3377, 3377, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3169, 0, 3392, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1908, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1170, 0, 0, 0, 1170, 0, 0, + 0, 3198, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3237, 0, + 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4802, 6385, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1170, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3532, 0, 0, 0, + 3536, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4802, 0, 4802, 4802, - 0, 0, 0, 0, 0, 0, 2475, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, - 0, 0, 0, 0, 0, 1170, 4802, 0, 0, 0, - 0, 0, 0, 0, 1171, 0, 0, 0, 1171, 1171, - 0, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, - 1171, 0, 1171, 0, 0, 0, 0, 0, 0, 0, - 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 0, 0, 0, 4802, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, + 3386, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1170, 0, - 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 3438, 0, 0, 0, 0, + 0, 0, 0, 3445, 3446, 0, 0, 0, 0, 0, + 0, 3377, 3377, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 1171, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3465, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3504, 3506, 3508, 3697, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1170, 0, 0, 0, 0, 0, + 0, 0, 1171, 0, 0, 1171, 0, 0, 0, 3720, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1170, 0, 0, - 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1171, 1171, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 3570, 1171, + 0, 1171, 0, 1171, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3578, 0, 3579, 1171, 0, 0, + 0, 0, 0, 0, 3777, 0, 0, 0, 0, 0, + 0, 0, 0, 3786, 0, 0, 1171, 1171, 1416, 0, + 0, 1171, 0, 1171, 1416, 1171, 0, 3604, 0, 0, + 1171, 0, 0, 0, 0, 0, 0, 0, 0, 1416, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 0, 0, 1171, 0, 1171, + 0, 0, 0, 3618, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3674, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2634, 0, 2634, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3169, 0, 0, 0, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 3700, 0, 0, 0, 0, 0, 0, + 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2683, 0, 0, 0, 2688, 0, 2690, 0, 0, 0, - 0, 0, 0, 0, 2705, 2706, 0, 0, 0, 0, - 2735, 0, 0, 0, 2740, 2741, 2742, 0, 2744, 2745, - 2746, 0, 0, 0, 0, 0, 0, 0, 0, 2754, - 0, 2757, 0, 0, 2758, 2759, 2760, 2761, 0, 0, - 0, 2765, 2766, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 2777, 2778, 2785, 2789, 2790, - 0, 2793, 2794, 2795, 2798, 2799, 0, 0, 2802, 2803, - 0, 2809, 2810, 0, 2813, 2814, 0, 0, 0, 2818, - 0, 2820, 2821, 0, 0, 2824, 0, 2825, 0, 0, - 0, 2828, 2785, 2830, 0, 0, 2836, 0, 2838, 2839, - 0, 2840, 0, 0, 0, 0, 0, 1170, 2844, 0, - 0, 0, 0, 0, 2846, 2847, 2848, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, - 1171, 0, 0, 0, 1171, 1170, 0, 1171, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 1171, 1171, 0, - 1171, 1171, 1171, 1171, 0, 1171, 0, 1171, 1171, 0, - 1171, 0, 2944, 0, 0, 0, 0, 0, 1171, 1171, - 0, 0, 0, 1171, 1171, 1171, 0, 0, 0, 0, - 0, 0, 0, 1171, 1171, 1171, 0, 1171, 0, 1171, - 0, 1171, 0, 1171, 0, 1171, 0, 0, 0, 0, - 1171, 1171, 0, 1171, 1171, 1171, 0, 0, 0, 1171, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, - 0, 1171, 0, 0, 1171, 0, 1171, 1171, 1171, 0, - 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1416, 1171, 0, 0, 1171, + 0, 4015, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3791, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 1171, 0, 0, 1171, 0, - 0, 0, 0, 0, 0, 1170, 0, 0, 1171, 1171, - 1171, 1171, 0, 1171, 0, 0, 0, 0, 1171, 0, - 3058, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 3090, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3818, 0, 0, + 0, 3842, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1170, - 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3169, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3198, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3237, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 1171, 1171, 0, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1170, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1170, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 1171, 0, 0, 0, 2923, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1171, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4057, 0, 0, 0, 4059, 0, + 0, 4060, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 0, 0, 0, 1171, 4088, + 0, 0, 0, 0, 4092, 4093, 4094, 4095, 0, 4096, + 0, 4097, 4098, 4258, 0, 0, 0, 0, 0, 0, + 0, 0, 4103, 4104, 0, 0, 0, 4105, 4106, 4107, + 0, 0, 0, 0, 0, 0, 0, 4109, 4110, 4111, + 0, 4112, 0, 4114, 0, 4116, 0, 4118, 0, 4120, + 0, 0, 0, 0, 2795, 4123, 0, 2795, 0, 4126, + 0, 0, 0, 4127, 0, 0, 4128, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4134, 0, + 4135, 4136, 4137, 0, 0, 4138, 0, 0, 0, 0, + 0, 4336, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1416, 0, 0, 0, 1416, + 0, 0, 4160, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4170, 4173, 0, 0, 4178, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1170, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3386, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 1171, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1170, 0, 3438, - 0, 0, 0, 0, 0, 0, 0, 3445, 3446, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3465, 1171, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1171, 1171, 0, 0, 0, 1171, 0, 0, 0, 0, - 0, 0, 0, 0, 3504, 3506, 3508, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 0, 1171, - 0, 1171, 0, 1171, 0, 0, 1170, 0, 0, 0, - 1170, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 1171, 0, 0, - 0, 1171, 0, 1171, 0, 1171, 0, 0, 0, 0, - 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3570, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3578, 0, - 3579, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1416, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3604, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 0, 1170, 3618, 0, 0, + 0, 0, 0, 0, 4536, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 3674, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3169, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3700, 0, 0, - 0, 0, 0, 1171, 3063, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 1171, + 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4444, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 4673, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4499, + 4500, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1171, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3791, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3818, 0, 0, 0, 3842, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 4549, 0, 0, 4550, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, + 0, 0, 0, 4751, 0, 0, 0, 0, 4756, 4757, + 0, 0, 0, 0, 4570, 4571, 0, 0, 0, 4576, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1416, 1416, 0, 0, + 0, 4596, 0, 4597, 0, 4598, 0, 4599, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4617, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, + 4638, 4639, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3818, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1171, 1171, 0, 1171, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1171, 1171, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4686, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1171, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1171, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 4057, 0, - 0, 0, 4059, 0, 0, 4060, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4088, 0, 0, 0, 0, 4092, 4093, - 4094, 4095, 0, 4096, 0, 4097, 4098, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4103, 4104, 0, 0, - 0, 4105, 4106, 4107, 0, 0, 0, 0, 0, 0, - 0, 4109, 4110, 4111, 0, 4112, 0, 4114, 0, 4116, - 0, 4118, 0, 4120, 0, 0, 0, 0, 2795, 4123, - 0, 2795, 0, 4126, 0, 0, 0, 4127, 0, 0, - 4128, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 4134, 0, 4135, 4136, 4137, 0, 0, 4138, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4160, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4170, 4173, 0, - 0, 4178, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4839, 0, 0, + 0, 0, 0, 0, 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1171, 1171, 0, 0, 0, 0, 0, 0, 0, + 3818, 0, 0, 4851, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3063, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5149, 0, 0, 0, 0, 0, 4985, + 0, 0, 0, 5173, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 4998, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 5017, 5018, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 5025, 5026, 5027, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1171, 5049, 5050, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 3169, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5072, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3063, 0, + 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4444, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4499, 4500, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, - 4549, 0, 0, 4550, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1171, 0, 0, 4570, 4571, - 0, 0, 0, 4576, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, - 0, 0, 0, 0, 0, 4596, 0, 4597, 0, 4598, - 0, 4599, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 4617, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 4638, 4639, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 3818, 0, + 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 5345, 5346, 0, 0, 0, + 0, 5496, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4686, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3818, 0, 0, 0, 5622, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 5642, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 4839, 0, 0, 0, 0, 0, 0, 0, 0, - 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3818, 0, 0, 4851, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -6983,131 +6993,61 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3169, 0, 5593, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4984, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 4997, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5016, - 5017, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 5024, 5025, 5026, 0, 0, - 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 5048, 5049, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 5071, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3063, 0, 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 5698, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 5878, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 5924, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5344, - 5345, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1171, 0, - 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3818, 0, 0, 0, 0, - 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 22, 0, 0, 0, 0, 0, 0, 1171, 0, 1911, - 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, - 0, 0, 0, 0, 3063, 0, 0, 0, 0, 0, - 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, + 0, 0, 0, 3818, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 6130, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 6136, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3169, 0, 5592, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1922, 0, - 0, 0, 0, 0, 0, 53, 54, 55, 1912, 56, - 57, 0, 59, 60, 61, 62, 0, 0, 0, 0, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - 0, 75, 76, 77, 78, 79, 80, 81, 82, 0, - 0, 0, 0, 87, 88, 89, 90, 91, 0, 0, - 94, 95, 96, 97, 98, 0, 0, 0, 101, 102, - 103, 104, 105, 0, 106, 107, 108, 109, 0, 0, - 0, 0, 0, 0, 115, 0, 117, 0, 119, 120, - 1913, 122, 123, 124, 125, 126, 127, 0, 128, 129, - 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, - 140, 0, 142, 0, 143, 144, 145, 146, 147, 148, - 149, 0, 151, 152, 153, 154, 0, 155, 156, 157, - 158, 159, 160, 161, 162, 163, 164, 165, 0, 0, - 0, 169, 0, 5697, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 180, 0, 0, 0, 0, 0, - 184, 185, 1914, 187, 188, 189, 3818, 191, 192, 0, - 194, 195, 0, 0, 197, 0, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 0, 211, 212, - 213, 214, 215, 216, 217, 218, 219, 0, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, - 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, - 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, - 281, 282, 283, 284, 285, 286, 287, 0, 288, 289, - 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, - 299, 0, 0, 0, 302, 0, 304, 305, 0, 307, - 308, 309, 310, 0, 312, 313, 314, 315, 0, 0, - 0, 0, 319, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, - 337, 338, 339, 340, 341, 342, 343, 344, 0, 346, - 0, 348, 349, 350, 0, 352, 353, 0, 355, 356, - 357, 358, 359, 360, 0, 362, 363, 364, 365, 366, - 367, 368, 0, 370, 371, 372, 0, 374, 375, 376, - 377, 378, 0, 380, 381, 0, 0, 384, 385, 0, - 0, 388, 389, 390, 0, 392, 0, 394, 395, 0, - 0, 396, 397, 0, 398, 399, 400, 401, 0, 403, - 404, 0, 406, 0, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 0, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 0, 0, 439, 0, 441, 442, - 443, 444, 0, 0, 447, 448, 3818, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 0, 0, 468, 469, 0, 0, 471, - 0, 473, 474, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3063, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -7120,2351 +7060,2422 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 6061, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 6060, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 6139, 0, 0, 0, 0, + 0, 0, 0, 0, 6342, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 6138, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1006, 0, 0, + 0, 0, 1007, 1008, 0, 0, 0, 0, 6273, 0, + 0, 0, 0, 1009, 1010, 0, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 2084, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 43, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 3063, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 50, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 52, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 3063, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 2782, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 2783, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, + 0, 0, 0, 0, 0, 0, 0, 0, 2784, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 3194, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3195, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 3196, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 3197, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 1968, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 3060, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 3061, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 3503, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 3505, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 3507, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 5097, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 3061, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1994, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 2632, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 2633, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 2633, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 2855, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1050, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 0, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1006, 0, 0, 0, 0, 1007, 1008, 0, 0, 0, - 0, 6272, 0, 0, 0, 0, 1009, 1010, 0, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 2856, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 4119, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 1060, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 4133, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 1060, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 2084, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 43, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 3063, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 50, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 52, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 3063, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 2782, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 2783, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 2784, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 3194, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3195, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 3196, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 3197, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 1968, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 3060, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 3061, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 3503, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 3505, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 3507, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 5096, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 3061, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1994, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 2632, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 2633, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 2633, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 2855, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1050, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 0, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 2856, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 4119, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 1060, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 4133, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 1060, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 6369, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 0, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1961, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 0, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1962, 1963, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 2077, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 0, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1962, 1963, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 2079, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 0, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1962, 1963, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 1050, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 0, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 1022, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1023, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 2876, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 0, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 1126, 1127, - 1006, 0, 0, 0, 1128, 1007, 1008, 0, 0, 0, - 1129, 0, 0, 0, 1130, 1131, 1009, 1010, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, - 0, 0, 0, 0, 0, 0, 0, 1022, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1023, 1024, 1025, 1026, 0, 0, - 0, 0, 0, 0, 0, 1027, 1028, 0, 1029, 0, - 0, 0, 0, 0, 0, 1030, 1031, 0, 0, 1032, - 1033, 1034, 1035, 0, 1036, 13, 0, 1037, 1038, 0, - 0, 0, 0, 0, 0, 0, 1039, 0, 0, 1040, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 1041, 1042, 1043, - 0, 1044, 0, 0, 0, 0, 0, 0, 0, 1045, - 1046, 1047, 22, 0, 0, 0, 0, 0, 1048, 0, - 0, 575, 0, 0, 0, 0, 0, 1049, 0, 0, - 2878, 0, 0, 0, 0, 0, 0, 0, 0, 1051, - 0, 1052, 0, 1053, 0, 0, 0, 0, 0, 1054, - 0, 0, 0, 0, 0, 0, 0, 29, 1055, 1056, - 0, 1057, 0, 0, 0, 1058, 0, 0, 0, 0, - 1059, 0, 0, 30, 0, 0, 1061, 1062, 1063, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 1065, 1066, 1067, - 0, 1068, 0, 0, 0, 0, 0, 0, 1069, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1070, - 0, 0, 0, 0, 0, 0, 0, 1071, 1072, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1073, 0, 0, 0, - 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1079, 1080, - 1081, 0, 0, 0, 0, 0, 1082, 1083, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 1084, 1085, - 1086, 1087, 64, 65, 66, 1088, 68, 69, 70, 71, - 72, 73, 1089, 75, 76, 77, 78, 79, 80, 81, - 1090, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 1091, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 1092, 111, 1093, 1094, 1095, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 1096, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 1097, 1098, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 1099, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 1100, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 1101, 1102, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 1103, 267, 268, - 269, 270, 271, 1104, 273, 274, 275, 276, 277, 278, - 279, 280, 1105, 1106, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 1107, 303, 304, 305, - 306, 307, 308, 309, 1108, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 1109, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 1110, 366, 367, 368, 605, 370, 371, 1111, 373, 374, - 375, 376, 377, 1112, 379, 1113, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 1114, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 1115, 1116, 1117, - 1118, 433, 434, 435, 436, 1119, 1120, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 1121, - 451, 452, 1122, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 1123, 612, 1124, 468, 469, 470, - 0, 471, 613, 473, 1125, 0, 0, 0, 0, 0, - 0, 0, 0, 1126, 1127, 1006, 0, 0, 0, 1128, - 1007, 1008, 0, 0, 0, 1129, 0, 0, 0, 1130, - 1131, 6224, 6225, 1132, 1011, 1012, 1013, 1014, 1015, 1016, - 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1024, 1025, 1026, 0, 0, 0, 0, 0, 0, 0, - 1027, 1028, 0, 1029, 0, 0, 0, 0, 0, 0, - 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, 0, 1036, - 13, 0, 1037, 1038, 0, 0, 0, 0, 0, 0, - 0, 1039, 0, 0, 1040, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 1041, 1042, 1043, 0, 1044, 0, 0, 0, - 0, 0, 0, 0, 1045, 1046, 1047, 22, 0, 0, - 0, 0, 0, 1048, 0, 0, 575, 0, 0, 0, - 0, 0, 1049, 0, 0, 1961, 0, 0, 0, 0, - 0, 0, 0, 0, 1051, 0, 1052, 0, 1053, 0, - 0, 0, 0, 0, 1054, 0, 0, 0, 0, 0, - 0, 0, 29, 1055, 1056, 0, 1057, 0, 0, 0, - 1058, 0, 0, 0, 0, 1059, 0, 0, 30, 0, - 0, 1061, 1062, 1063, 1064, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 1065, 1066, 1067, 0, 1068, 0, 0, 0, - 0, 0, 0, 1069, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1070, 0, 0, 0, 0, 0, - 0, 0, 1071, 1072, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1073, 0, 0, 0, 0, 0, 0, 1074, 1075, - 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1079, 1080, 1081, 0, 0, 0, 0, - 0, 1082, 1083, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 1084, 1085, 1086, 1087, 64, 65, 66, - 1088, 68, 69, 70, 71, 72, 73, 1089, 75, 76, - 77, 78, 79, 80, 81, 1090, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 1091, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 1092, 111, 1093, 1094, 1095, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 1096, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 1097, 1098, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 1099, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 1100, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 1101, 1102, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 1103, 267, 268, 269, 270, 271, 1104, 273, - 274, 275, 276, 277, 278, 279, 280, 1105, 1106, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 1107, 303, 304, 305, 306, 307, 308, 309, 1108, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 1109, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 1110, 366, 367, 368, 605, - 370, 371, 1111, 373, 374, 375, 376, 377, 1112, 379, - 1113, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 1114, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 1115, 1116, 1117, 1118, 433, 434, 435, 436, - 1119, 1120, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 1121, 451, 452, 1122, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 1123, - 612, 1124, 468, 469, 470, 0, 471, 613, 473, 1125, - 0, 0, 0, 0, 0, 0, 0, 0, 6226, 6227, - 1006, 0, 0, 0, 0, 2000, 0, 0, 0, 0, - 6228, 0, 0, 0, 0, 1131, 1954, 1955, 1132, 1011, - 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, 1020, 1021, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 6370, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 0, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1961, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 0, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1962, 1963, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 2077, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 0, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1962, 1963, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 2079, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 0, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1962, 1963, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 1050, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 0, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 1009, 1010, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 1022, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1023, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 2876, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 0, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 1126, 1127, 1006, 0, 0, + 0, 1128, 1007, 1008, 0, 0, 0, 1129, 0, 0, + 0, 1130, 1131, 1009, 1010, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, + 0, 0, 0, 0, 1022, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1023, 1024, 1025, 1026, 0, 0, 0, 0, 0, + 0, 0, 1027, 1028, 0, 1029, 0, 0, 0, 0, + 0, 0, 1030, 1031, 0, 0, 1032, 1033, 1034, 1035, + 0, 1036, 13, 0, 1037, 1038, 0, 0, 0, 0, + 0, 0, 0, 1039, 0, 0, 1040, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 1041, 1042, 1043, 0, 1044, 0, + 0, 0, 0, 0, 0, 0, 1045, 1046, 1047, 22, + 0, 0, 0, 0, 0, 1048, 0, 0, 575, 0, + 0, 0, 0, 0, 1049, 0, 0, 2878, 0, 0, + 0, 0, 0, 0, 0, 0, 1051, 0, 1052, 0, + 1053, 0, 0, 0, 0, 0, 1054, 0, 0, 0, + 0, 0, 0, 0, 29, 1055, 1056, 0, 1057, 0, + 0, 0, 1058, 0, 0, 0, 0, 1059, 0, 0, + 30, 0, 0, 1061, 1062, 1063, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 1065, 1066, 1067, 0, 1068, 0, + 0, 0, 0, 0, 0, 1069, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1070, 0, 0, 0, + 0, 0, 0, 0, 1071, 1072, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1073, 0, 0, 0, 0, 0, 0, + 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1079, 1080, 1081, 0, 0, + 0, 0, 0, 1082, 1083, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 1084, 1085, 1086, 1087, 64, + 65, 66, 1088, 68, 69, 70, 71, 72, 73, 1089, + 75, 76, 77, 78, 79, 80, 81, 1090, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 1091, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 1092, 111, 1093, + 1094, 1095, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 1096, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 1097, 1098, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 1099, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 1100, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 1101, 1102, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 1103, 267, 268, 269, 270, 271, + 1104, 273, 274, 275, 276, 277, 278, 279, 280, 1105, + 1106, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 1107, 303, 304, 305, 306, 307, 308, + 309, 1108, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 1109, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 1110, 366, 367, + 368, 605, 370, 371, 1111, 373, 374, 375, 376, 377, + 1112, 379, 1113, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 1114, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 1115, 1116, 1117, 1118, 433, 434, + 435, 436, 1119, 1120, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 1121, 451, 452, 1122, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 1123, 612, 1124, 468, 469, 470, 0, 471, 613, + 473, 1125, 0, 0, 0, 0, 0, 0, 0, 0, + 1126, 1127, 1006, 0, 0, 0, 1128, 1007, 1008, 0, + 0, 0, 1129, 0, 0, 0, 1130, 1131, 6225, 6226, + 1132, 1011, 1012, 1013, 1014, 1015, 1016, 1017, 1018, 1019, + 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1024, 1025, 1026, + 0, 0, 0, 0, 0, 0, 0, 1027, 1028, 0, + 1029, 0, 0, 0, 0, 0, 0, 1030, 1031, 0, + 0, 1032, 1033, 1034, 1035, 0, 1036, 13, 0, 1037, + 1038, 0, 0, 0, 0, 0, 0, 0, 1039, 0, + 0, 1040, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 1041, + 1042, 1043, 0, 1044, 0, 0, 0, 0, 0, 0, + 0, 1045, 1046, 1047, 22, 0, 0, 0, 0, 0, + 1048, 0, 0, 575, 0, 0, 0, 0, 0, 1049, + 0, 0, 1961, 0, 0, 0, 0, 0, 0, 0, + 0, 1051, 0, 1052, 0, 1053, 0, 0, 0, 0, + 0, 1054, 0, 0, 0, 0, 0, 0, 0, 29, + 1055, 1056, 0, 1057, 0, 0, 0, 1058, 0, 0, + 0, 0, 1059, 0, 0, 30, 0, 0, 1061, 1062, + 1063, 1064, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 1065, + 1066, 1067, 0, 1068, 0, 0, 0, 0, 0, 0, + 1069, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1070, 0, 0, 0, 0, 0, 0, 0, 1071, + 1072, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1073, 0, + 0, 0, 0, 0, 0, 1074, 1075, 0, 1076, 1077, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1079, 1080, 1081, 0, 0, 0, 0, 0, 1082, 1083, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 1084, 1085, 1086, 1087, 64, 65, 66, 1088, 68, 69, + 70, 71, 72, 73, 1089, 75, 76, 77, 78, 79, + 80, 81, 1090, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 1091, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 1092, 111, 1093, 1094, 1095, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 1096, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 1097, 1098, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 1099, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 1100, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 1101, 1102, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 1103, + 267, 268, 269, 270, 271, 1104, 273, 274, 275, 276, + 277, 278, 279, 280, 1105, 1106, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 1107, 303, + 304, 305, 306, 307, 308, 309, 1108, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 1109, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 1110, 366, 367, 368, 605, 370, 371, 1111, + 373, 374, 375, 376, 377, 1112, 379, 1113, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 1114, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 1115, + 1116, 1117, 1118, 433, 434, 435, 436, 1119, 1120, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 1121, 451, 452, 1122, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 1123, 612, 1124, 468, + 469, 470, 0, 471, 613, 473, 1125, 0, 0, 0, + 0, 0, 0, 0, 0, 6227, 6228, 1006, 0, 0, + 0, 0, 2000, 0, 0, 0, 0, 6229, 0, 0, + 0, 0, 1131, 1954, 1955, 1132, 1011, 1012, 1013, 1014, + 1015, 1016, 1017, 1018, 1019, 1020, 1021, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 0, 0, 1043, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 30, 0, 0, 0, 0, 0, 1064, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, + 19, 0, 0, 0, 0, 0, 1043, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 30, 0, 0, 0, 0, 0, 1064, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, - 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 2912, 140, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 2913, 430, 431, - 2914, 433, 434, 435, 436, 437, 609, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 6518, 471, 613, 473, 474, 2832, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1078, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 2912, 140, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 2913, 430, 431, 2914, 433, 434, + 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 465, 612, 467, 468, 469, 470, 6519, 471, 613, + 473, 474, 2832, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, + 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, - 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 6518, 471, 613, 473, 474, 2832, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4, 5, 0, 0, - 0, 0, 0, 0, 0, 0, 6519, 0, 0, 0, - 0, 0, 0, 2833, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 465, 612, 467, 468, 469, 470, 6519, 471, 613, + 473, 474, 2832, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, + 0, 0, 0, 6520, 0, 0, 0, 0, 0, 0, + 2833, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, - 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 2000, 471, 613, 473, 474, 0, 0, 0, 0, 0, - 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2833, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 465, 612, 467, 468, 469, 470, 2000, 471, 613, + 473, 474, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, + 2833, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, - 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, + 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, - 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, - 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, - 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, - 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 612, 467, 468, 469, 470, 2000, 471, 613, 473, 474, - 0, 0, 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2001, 0, 0, 0, 0, 0, 0, 0, 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, + 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, + 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, + 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, + 469, 470, 2000, 471, 613, 473, 474, 0, 0, 0, + 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2001, 0, 0, + 0, 0, 0, 0, 0, 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, - 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 2832, 471, 613, 473, 474, 0, 0, 0, 0, 0, - 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, + 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, + 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, + 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, + 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 465, 612, 467, 468, 469, 470, 2832, 471, 613, + 473, 474, 0, 0, 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1132, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, - 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, + 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, + 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, + 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, + 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, + 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, + 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, + 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, + 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, + 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, + 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, + 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, + 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, + 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, + 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, + 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, + 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, + 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, + 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, + 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, + 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, + 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, + 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, + 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, + 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, + 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, + 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, + 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, + 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, + 469, 470, 0, 471, 613, 473, 474, 1, 0, 2, + 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2833, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 8, 0, + 9, 0, 10, 0, 11, 0, 0, 0, 0, 0, + 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, + 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 14, 0, 0, 15, 0, 16, 17, 0, 0, 0, + 0, 0, 18, 0, 0, 0, 0, 0, 19, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 20, + 0, 0, 0, 21, 0, 0, 0, 22, 0, 0, + 0, 0, 0, 23, 0, 0, 0, 0, 0, 0, + 0, 0, 24, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 25, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 26, 0, 0, 27, 0, 0, 0, + 28, 0, 29, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, + 0, 0, 0, 0, 0, 0, 0, 31, 0, 0, + 32, 0, 0, 0, 0, 0, 0, 0, 0, 33, + 34, 35, 0, 0, 0, 0, 0, 0, 0, 0, + 36, 37, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 38, 39, 40, 0, 41, 0, 0, 0, + 0, 42, 0, 0, 0, 0, 0, 43, 0, 0, + 0, 44, 45, 46, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 47, 0, 48, + 0, 49, 0, 0, 0, 0, 0, 0, 50, 0, + 0, 0, 0, 0, 0, 0, 0, 51, 52, 0, + 0, 0, 53, 54, 55, 0, 56, 57, 58, 59, + 60, 61, 62, 0, 63, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, - 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, - 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, - 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, + 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, + 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, + 97, 98, 0, 99, 100, 101, 102, 103, 104, 105, + 0, 106, 107, 108, 109, 110, 111, 112, 113, 114, + 0, 115, 116, 117, 118, 119, 120, 121, 122, 123, + 124, 125, 126, 127, 0, 128, 129, 130, 131, 132, + 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, + 0, 143, 144, 145, 146, 147, 148, 149, 150, 151, + 152, 153, 154, 0, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 168, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, - 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, + 179, 180, 181, 0, 182, 0, 183, 184, 185, 186, + 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, - 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, + 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, + 216, 217, 218, 219, 0, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, + 284, 285, 286, 287, 0, 288, 289, 290, 291, 292, + 293, 294, 295, 0, 296, 297, 298, 299, 0, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, - 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, + 311, 312, 313, 314, 315, 316, 0, 317, 318, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, - 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, + 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, + 350, 351, 352, 353, 354, 355, 356, 357, 358, 359, + 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, + 380, 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, - 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, + 0, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 437, 438, 0, 439, 440, 441, 442, 443, 444, 445, + 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, - 1, 0, 2, 3, 0, 0, 0, 0, 0, 0, + 466, 467, 468, 469, 470, 0, 471, 472, 473, 474, + 1, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2833, 0, + 475, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9544,36 +9555,36 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 8, 0, 9, 0, 10, 0, + 0, 0, 0, 0, 8, 0, 0, 0, 10, 0, 11, 0, 0, 0, 0, 0, 0, 0, 12, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 14, 0, 0, 15, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, 0, 16, 17, 0, 0, 0, 0, 0, 18, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 20, 0, 0, 0, 21, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 23, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 21, + 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 24, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 25, 0, 0, 0, 0, 0, 0, 0, 0, 0, 26, - 0, 0, 27, 0, 0, 0, 28, 0, 29, 0, + 0, 0, 27, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 31, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 33, 34, 35, 0, 0, 0, 0, 0, 0, 0, 0, 36, 37, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 38, 39, - 40, 0, 41, 0, 0, 0, 0, 42, 0, 0, + 0, 0, 41, 0, 0, 0, 0, 42, 0, 0, 0, 0, 0, 43, 0, 0, 0, 44, 45, 46, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 47, 0, 48, 0, 49, 0, 0, 0, 0, 0, 0, 50, 0, 0, 0, 0, 0, - 0, 0, 0, 51, 52, 0, 0, 0, 53, 54, + 0, 0, 0, 0, 52, 0, 0, 0, 53, 54, 55, 0, 56, 57, 58, 59, 60, 61, 62, 0, 63, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, + 81, 82, 83, 0, 0, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 0, 99, 100, 101, 102, 103, 104, 105, 0, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, @@ -9614,322 +9625,21 @@ 440, 441, 442, 443, 444, 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, 467, 468, 469, - 470, 0, 471, 472, 473, 474, 1, 0, 0, 3, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4, 5, 0, 0, 0, 0, 475, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, - 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 8, 0, 0, - 0, 10, 0, 11, 0, 0, 0, 0, 0, 0, - 0, 12, 0, 0, 0, 0, 0, 0, 0, 13, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 15, 0, 16, 17, 0, 0, 0, 0, - 0, 18, 0, 0, 0, 0, 0, 19, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 21, 0, 0, 0, 22, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 24, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 25, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 26, 0, 0, 27, 0, 0, 0, 0, - 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, - 0, 0, 0, 0, 0, 0, 31, 0, 0, 32, - 0, 0, 0, 0, 0, 0, 0, 0, 33, 34, - 35, 0, 0, 0, 0, 0, 0, 0, 0, 36, - 37, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 38, 39, 0, 0, 41, 0, 0, 0, 0, - 42, 0, 0, 0, 0, 0, 43, 0, 0, 0, - 44, 45, 46, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 47, 0, 48, 0, - 49, 0, 0, 0, 0, 0, 0, 50, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 52, 0, 0, - 0, 53, 54, 55, 0, 56, 57, 58, 59, 60, - 61, 62, 0, 63, 0, 0, 64, 65, 66, 67, - 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, - 78, 79, 80, 81, 82, 83, 0, 0, 86, 87, - 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, - 98, 0, 99, 100, 101, 102, 103, 104, 105, 0, - 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, 127, 0, 128, 129, 130, 131, 132, 133, - 134, 135, 136, 137, 138, 139, 140, 141, 142, 0, - 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, - 153, 154, 0, 155, 156, 157, 158, 159, 160, 161, - 162, 163, 164, 165, 166, 167, 168, 169, 0, 0, - 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, - 180, 181, 0, 182, 0, 183, 184, 185, 186, 187, - 188, 189, 190, 191, 192, 193, 194, 195, 196, 0, - 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, - 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, - 217, 218, 219, 0, 220, 221, 222, 223, 224, 225, - 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, - 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, - 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, - 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 0, 288, 289, 290, 291, 292, 293, - 294, 295, 0, 296, 297, 298, 299, 0, 300, 301, - 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, - 312, 313, 314, 315, 316, 0, 317, 318, 319, 320, - 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, - 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 382, 383, 384, 385, 386, 387, 388, 389, 390, - 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 0, 439, 440, 441, 442, 443, 444, 445, 446, - 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, 460, 461, 462, 463, 464, 465, 466, - 467, 468, 469, 470, 0, 471, 472, 473, 474, 4, - 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 475, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 5152, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 771, - 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, - 0, 0, 0, 0, 575, 3723, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3724, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 773, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 775, 0, 0, 0, 0, 0, 0, 0, - 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, - 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, - 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, - 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, - 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, - 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, - 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, - 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, - 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, - 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, - 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, - 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, - 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, - 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, - 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, - 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, - 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, - 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, - 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, - 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, - 303, 304, 305, 306, 307, 308, 309, 310, 5153, 312, - 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, - 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, - 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, - 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, - 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, - 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, - 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 5154, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1398, 0, 0, 0, 0, 0, - 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 43, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 50, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 52, 0, 0, 0, 53, - 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, - 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, - 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, - 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, - 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, - 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, - 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, - 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, - 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, - 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, - 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, - 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, - 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, - 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, - 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, - 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, - 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, - 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, - 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, - 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, - 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, - 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, - 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, - 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, - 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, - 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, - 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, - 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, - 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, - 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, - 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1399, 0, 0, - 0, 0, 0, 0, 0, 803, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1397, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1398, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 470, 0, 471, 472, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 1399, 0, 0, 0, - 0, 1400, 0, 0, 803, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 475, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 5153, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1398, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 771, 0, 0, 0, + 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, + 0, 575, 3723, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -9940,11 +9650,11 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 773, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 775, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, @@ -9973,7 +9683,7 @@ 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 306, 307, 308, 309, 310, 5154, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, @@ -9992,8 +9702,8 @@ 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 1399, 0, 0, 0, 0, - 1400, 0, 0, 803, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10014,13 +9724,13 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 43, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, + 0, 0, 50, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 52, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, @@ -10074,10 +9784,10 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1397, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, + 1398, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10141,8 +9851,8 @@ 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, - 0, 0, 0, 3376, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 1399, 0, 0, 0, 0, 1400, 0, 0, 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10151,7 +9861,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1398, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10217,8 +9927,8 @@ 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 5341, 0, 0, 0, 0, 0, 0, 0, - 5154, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1399, 0, 0, 0, 0, 1400, 0, 0, + 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10226,8 +9936,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, - 0, 0, 0, 0, 5609, 0, 0, 575, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1398, 0, + 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10292,7 +10002,7 @@ 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5154, + 0, 1399, 0, 0, 0, 0, 0, 0, 0, 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10333,8 +10043,8 @@ 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 800, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 801, 184, 185, 592, + 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, @@ -10347,7 +10057,7 @@ 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, - 301, 302, 303, 304, 305, 306, 307, 802, 309, 310, + 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, @@ -10366,7 +10076,7 @@ 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3376, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10441,8 +10151,8 @@ 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 803, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 5342, + 0, 0, 0, 0, 0, 0, 0, 5155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10452,7 +10162,7 @@ 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, - 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, + 0, 5610, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10515,13 +10225,13 @@ 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, - 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 5154, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 1477, 0, 0, 13, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, @@ -10558,8 +10268,8 @@ 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, - 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, + 172, 800, 174, 175, 176, 177, 178, 179, 180, 590, + 591, 182, 0, 801, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, @@ -10572,7 +10282,7 @@ 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, - 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, + 304, 305, 306, 307, 802, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, @@ -10581,7 +10291,7 @@ 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, - 393, 0, 395, 0, 0, 396, 397, 0, 398, 399, + 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, @@ -10591,8 +10301,8 @@ 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2072, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10664,30 +10374,27 @@ 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 1221, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4, 5, 0, - 0, 0, 0, 0, 0, 0, 2887, 0, 0, 0, + 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 803, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1222, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1223, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 1224, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, + 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10695,74 +10402,74 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 1225, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 1226, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 1227, 187, 188, 189, 593, - 1228, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 1229, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 1230, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 1231, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 1232, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 1233, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 1234, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 1235, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 1236, 434, 435, 436, 437, 609, 0, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 1237, 467, 468, 469, - 470, 2151, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4, 5, 823, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, + 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, + 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, + 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, + 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, + 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, + 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, + 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, + 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, + 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, + 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, + 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, + 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, + 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, + 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, + 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, + 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, + 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, + 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, + 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, + 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, + 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, + 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, + 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, + 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, + 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, + 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, + 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, + 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, + 0, 471, 613, 473, 474, 4, 5, 823, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 5155, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 1477, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, + 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10771,75 +10478,73 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 2392, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4, 5, 823, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, + 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, + 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, + 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, + 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, + 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, + 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, + 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, + 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, + 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, + 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, + 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, + 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, + 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, + 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, + 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, + 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, + 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, + 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, + 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, + 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, + 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, + 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, + 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, + 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, + 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, + 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, + 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, + 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, + 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, + 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, + 386, 387, 388, 389, 390, 391, 392, 393, 0, 395, + 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, + 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, + 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, + 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2072, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10847,74 +10552,75 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 2673, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4, 5, 823, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 1221, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, + 0, 0, 0, 2887, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1222, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1223, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 1224, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -10923,735 +10629,739 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 1221, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 1225, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 1226, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 1227, 187, 188, 189, 593, 1228, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 1229, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 1230, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 1231, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 1232, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 1233, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 1234, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 1235, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 1236, + 434, 435, 436, 437, 609, 0, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 1237, 467, 468, 469, 470, 2151, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4, 5, 823, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1222, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1223, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 1224, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 1225, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 1226, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 1227, 187, 188, 189, 593, - 1228, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 1229, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 1230, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 1231, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 1232, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 1233, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 1234, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 0, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 1237, 467, 468, 469, - 470, 3079, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 2392, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4, 5, 823, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3080, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 3079, 471, 613, 473, 474, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 2673, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4, 5, 823, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 2406, 1008, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, - 0, 0, 0, 0, 0, 0, 2407, 0, 2408, 0, - 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 1221, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1222, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1223, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 1224, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2410, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 2406, 1008, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, - 0, 0, 0, 0, 0, 0, 2407, 0, 2408, 0, - 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 1225, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 1226, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 1227, 187, 188, 189, 593, 1228, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 1229, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 1230, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 1231, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 1232, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 1233, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 1234, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 0, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 1237, 467, 468, 469, 470, 3079, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3080, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 3174, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 3175, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 2406, 1008, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, - 0, 0, 0, 0, 0, 0, 2407, 0, 2408, 0, - 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 3079, 471, + 613, 473, 474, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 4512, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 2406, 1008, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1954, 1955, 0, - 0, 0, 0, 0, 0, 0, 2407, 0, 2408, 0, - 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, + 613, 473, 474, 2406, 1008, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, + 0, 0, 0, 2407, 0, 2408, 0, 2409, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, - 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, - 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, - 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, - 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, - 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, - 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, - 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, - 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, - 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, - 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, - 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, - 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, - 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, - 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, - 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, - 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, - 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, - 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 1954, 1955, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2410, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, - 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, + 613, 473, 474, 2406, 1008, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, + 0, 0, 0, 2407, 0, 2408, 0, 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, - 576, 56, 57, 58, 59, 60, 61, 62, 0, 2893, - 2894, 2895, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, - 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, - 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, - 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, - 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, - 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, - 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, - 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, - 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, - 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, - 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, - 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, - 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, - 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, - 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, - 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, - 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, - 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, - 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, - 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, - 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, - 0, 0, 0, 0, 0, 4681, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 3174, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, - 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 3175, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, + 613, 473, 474, 2406, 1008, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, + 0, 0, 0, 2407, 0, 2408, 0, 2409, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, - 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, - 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, - 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, - 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, - 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, - 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, - 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, - 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, - 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, - 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, - 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, - 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, - 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, - 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, - 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, - 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, - 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, - 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, - 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, - 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, - 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, - 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, - 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, - 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, - 0, 0, 0, 0, 3358, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 4512, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, + 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, + 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, + 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, + 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, + 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, + 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, + 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, + 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, + 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, + 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, + 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, + 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, + 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, + 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, + 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, + 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, + 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, + 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, + 613, 473, 474, 2406, 1008, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 1954, 1955, 0, 0, 0, 0, + 0, 0, 0, 2407, 0, 2408, 0, 2409, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11726,7 +11436,7 @@ 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 1954, 1955, 0, 0, 0, 0, 0, - 0, 0, 0, 4527, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11756,7 +11466,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, - 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 58, 59, 60, 61, 62, 0, 2893, 2894, 2895, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, @@ -11801,7 +11511,7 @@ 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, - 0, 0, 5439, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 4681, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11876,7 +11586,7 @@ 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, - 0, 5728, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3358, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11950,9 +11660,9 @@ 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, - 4, 5, 0, 0, 0, 0, 0, 3341, 0, 0, - 6049, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 718, 0, 0, 0, 0, 0, 0, 0, 0, + 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, + 4527, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -11967,15 +11677,15 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 30, 719, 0, + 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, - 0, 3988, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 3989, 0, 689, - 0, 3990, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12025,14 +11735,14 @@ 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, - 5, 823, 0, 0, 0, 0, 0, 0, 3342, 0, - 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1466, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2156, 0, 0, + 5, 0, 0, 0, 0, 0, 0, 0, 0, 5440, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 2157, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12100,9 +11810,9 @@ 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, - 823, 1467, 0, 0, 0, 0, 0, 0, 0, 0, - 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1466, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 5729, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -12175,231 +11885,231 @@ 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, - 1467, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3341, 0, 0, 6050, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 718, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 1515, 1516, 1517, 1518, 1519, 1520, 1521, - 1522, 1523, 1524, 1525, 1526, 1527, 1528, 1529, 1530, 1531, - 1532, 1533, 1534, 1535, 1536, 1537, 1538, 1539, 1540, 1541, - 1542, 1543, 0, 1544, 1545, 1546, 1547, 1548, 1549, 1550, - 1551, 1552, 1553, 1554, 0, 1555, 13, 1556, 1557, 1558, - 1559, 1560, 1561, 1562, 1563, 1564, 1565, 1566, 1567, 1568, - 1569, 1570, 1571, 1572, 1573, 1574, 1575, 1576, 1577, 1578, - 1579, 1580, 1581, 1582, 19, 1583, 1584, 1585, 1586, 1587, - 1588, 1589, 1590, 1591, 1592, 0, 1593, 1594, 1595, 1596, - 1597, 0, 0, 22, 1598, 1599, 1600, 1601, 1602, 1603, - 1604, 1605, 1606, 1607, 1608, 1609, 0, 1610, 1611, 0, - 1612, 1613, 1614, 1615, 1616, 1617, 1618, 1619, 1620, 1621, - 1622, 1623, 1624, 1625, 1626, 1627, 1628, 1629, 1630, 1631, - 0, 1632, 1633, 1634, 1635, 1636, 1637, 1638, 29, 1639, - 1640, 1641, 1642, 1643, 1644, 1645, 1646, 1647, 1648, 1649, - 1650, 1651, 1652, 1653, 30, 1654, 1655, 1656, 1657, 1658, - 1659, 1660, 1661, 1662, 1663, 1664, 32, 1665, 1666, 1667, - 1668, 0, 1669, 1670, 1671, 1672, 1673, 35, 1674, 1675, - 1676, 1677, 1678, 1679, 1680, 1681, 1682, 1683, 1684, 1685, - 1686, 1687, 1688, 1689, 1690, 1691, 1692, 1693, 1694, 1695, - 1696, 1697, 1698, 1699, 1700, 1701, 1702, 1703, 1704, 1705, - 1706, 1707, 1708, 1709, 1710, 1711, 1712, 1713, 1714, 1715, - 1716, 1717, 1718, 1719, 1720, 1721, 1722, 1723, 1724, 1725, - 1726, 1727, 1728, 1729, 1730, 1731, 1732, 1733, 0, 1734, - 1735, 1736, 1737, 1738, 1739, 1740, 1741, 1742, 1743, 1744, - 1745, 1746, 1747, 1748, 0, 1749, 1750, 1751, 1752, 1753, - 1754, 1755, 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1763, - 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, 53, 54, - 55, 0, 56, 57, 58, 59, 60, 61, 62, 0, - 1772, 1773, 1774, 64, 65, 66, 67, 68, 69, 70, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, + 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 30, 719, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 32, 0, 3988, 0, + 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 3989, 0, 689, 0, 3990, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, + 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, + 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 1775, 88, 1776, 1777, + 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, - 582, 101, 102, 103, 0, 1778, 583, 106, 107, 108, + 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, - 137, 1779, 1780, 140, 586, 142, 0, 143, 144, 145, + 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 1781, 159, 160, 161, 162, 163, 164, + 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 1782, 590, 591, - 182, 0, 183, 184, 185, 0, 187, 188, 189, 593, + 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, + 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, - 596, 211, 212, 213, 214, 215, 216, 217, 1783, 219, + 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, - 258, 259, 0, 261, 262, 263, 264, 265, 266, 267, + 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, - 1784, 1785, 280, 281, 282, 283, 284, 285, 286, 287, - 598, 288, 289, 290, 291, 0, 1786, 1787, 295, 1788, + 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, + 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 0, 1789, 333, + 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, - 364, 1790, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 0, 377, 378, 379, 380, 381, 606, 0, + 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, - 421, 422, 423, 424, 425, 1791, 427, 428, 1792, 430, - 431, 1793, 433, 434, 435, 436, 437, 609, 0, 439, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, - 450, 451, 452, 453, 0, 1794, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 1795, 467, 468, 469, - 470, 0, 471, 613, 473, 1796, 4, 5, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1515, 1516, 1517, 1518, 1519, 1520, 1521, 1522, - 1523, 1524, 1525, 1526, 1527, 1528, 1529, 1530, 1531, 1532, - 1533, 1534, 1535, 1536, 1537, 1538, 1539, 1540, 1541, 1542, - 1543, 0, 1544, 1545, 1546, 1547, 1548, 1549, 1550, 1551, - 1552, 1553, 1554, 0, 1555, 13, 1556, 1557, 1558, 1559, - 1560, 1561, 1562, 1563, 1564, 1565, 1566, 1567, 1568, 1569, - 1570, 1571, 1572, 1573, 1574, 1575, 1576, 1577, 1578, 1579, - 1580, 1581, 1582, 19, 1583, 1584, 1585, 1586, 1587, 1588, - 1589, 1590, 1591, 1592, 0, 1593, 1594, 1595, 1596, 1597, - 0, 0, 22, 1598, 1599, 1600, 1601, 1602, 1603, 1604, - 1605, 1606, 1607, 1608, 1609, 0, 1610, 1611, 0, 1612, - 1613, 1614, 1615, 1616, 1617, 1618, 1619, 1620, 1621, 1622, - 1623, 1624, 1625, 1626, 1627, 1628, 1629, 1630, 1631, 0, - 1632, 1633, 1634, 1635, 1636, 1637, 1638, 29, 1639, 1640, - 1641, 1642, 1643, 1644, 1645, 1646, 1647, 1648, 1649, 1650, - 1651, 1652, 1653, 30, 1654, 1655, 1656, 1657, 1658, 1659, - 1660, 1661, 1662, 1663, 1664, 32, 1665, 1666, 1667, 1668, - 0, 1669, 1670, 1671, 1672, 1673, 35, 1674, 1675, 1676, - 1677, 1678, 1679, 1680, 1681, 1682, 1683, 1684, 1685, 1686, - 1687, 1688, 1689, 1690, 1691, 1692, 1693, 1694, 1695, 1696, - 1697, 1698, 1699, 1700, 1701, 1702, 1703, 1704, 1705, 1706, - 1707, 1708, 1709, 1710, 1711, 1712, 1713, 1714, 1715, 1716, - 1717, 1718, 1719, 1720, 1721, 1722, 1723, 1724, 1725, 1726, - 1727, 1728, 1729, 1730, 1731, 1732, 1733, 0, 1734, 1735, - 1736, 1737, 1738, 1739, 1740, 1741, 1742, 1743, 1744, 1745, - 1746, 1747, 1748, 0, 1749, 1750, 1751, 1752, 1753, 1754, - 1755, 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1763, 1764, - 1765, 1766, 1767, 1768, 1769, 1770, 1771, 53, 54, 55, - 0, 56, 57, 58, 59, 60, 61, 62, 0, 1772, - 1773, 1774, 64, 65, 66, 67, 68, 69, 70, 71, + 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, + 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, + 470, 0, 471, 613, 473, 474, 4, 5, 823, 0, + 0, 0, 0, 0, 0, 3342, 0, 0, 724, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1466, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2156, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 2157, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, + 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, + 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, + 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, - 82, 577, 0, 578, 579, 1775, 88, 1776, 1777, 91, + 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, - 101, 102, 103, 0, 1778, 583, 106, 107, 108, 109, + 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, - 1779, 1780, 140, 586, 142, 0, 143, 144, 145, 146, + 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, - 156, 157, 1781, 159, 160, 161, 162, 163, 164, 165, + 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, - 174, 175, 176, 177, 178, 179, 1782, 590, 591, 182, - 0, 183, 184, 185, 0, 187, 188, 189, 593, 191, + 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, + 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, - 211, 212, 213, 214, 215, 216, 217, 1783, 219, 597, + 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, - 259, 0, 261, 262, 263, 264, 265, 266, 267, 268, - 269, 270, 271, 272, 273, 274, 275, 276, 277, 1784, - 1785, 280, 281, 282, 283, 284, 285, 286, 287, 598, - 288, 289, 290, 291, 0, 1786, 1787, 295, 1788, 296, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, + 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, - 325, 326, 327, 328, 329, 330, 0, 1789, 333, 334, + 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, - 4485, 366, 367, 368, 605, 370, 371, 372, 373, 374, - 375, 0, 377, 378, 379, 380, 381, 606, 0, 384, + 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, - 422, 423, 424, 425, 1791, 427, 428, 1792, 430, 431, - 1793, 433, 434, 435, 436, 437, 609, 0, 439, 440, + 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, - 451, 452, 453, 0, 1794, 456, 457, 458, 459, 460, - 461, 462, 463, 464, 465, 1795, 467, 468, 469, 470, - 0, 471, 613, 473, 1796, 4, 5, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 1515, 1516, 1517, 1518, 1519, 1520, 1521, 1522, 1523, - 1524, 1525, 1526, 1527, 1528, 1529, 1530, 1531, 1532, 1533, - 1534, 1535, 1536, 1537, 1538, 1539, 1540, 1541, 1542, 1543, - 0, 1544, 1545, 1546, 1547, 1548, 1549, 1550, 1551, 1552, - 1553, 1554, 0, 1555, 13, 1556, 1557, 1558, 1559, 1560, - 1561, 1562, 1563, 1564, 1565, 1566, 1567, 1568, 1569, 1570, - 1571, 1572, 1573, 1574, 1575, 1576, 1577, 1578, 1579, 1580, - 1581, 1582, 19, 1583, 1584, 1585, 1586, 1587, 1588, 1589, - 1590, 1591, 1592, 0, 1593, 1594, 1595, 1596, 1597, 0, - 0, 22, 1598, 1599, 1600, 1601, 1602, 1603, 1604, 1605, - 1606, 1607, 1608, 1609, 0, 1610, 1611, 0, 1612, 1613, - 1614, 1615, 1616, 1617, 1618, 1619, 1620, 1621, 1622, 1623, - 1624, 1625, 1626, 1627, 1628, 1629, 1630, 1631, 0, 1632, - 1633, 1634, 1635, 1636, 1637, 1638, 29, 1639, 1640, 1641, - 1642, 1643, 1644, 1645, 1646, 1647, 1648, 1649, 1650, 1651, - 1652, 1653, 30, 1654, 1655, 1656, 1657, 1658, 1659, 1660, - 1661, 1662, 1663, 1664, 32, 1665, 1666, 1667, 1668, 0, - 1669, 1670, 1671, 1672, 1673, 35, 1674, 1675, 1676, 1677, - 1678, 1679, 1680, 1681, 1682, 1683, 1684, 1685, 1686, 1687, - 1688, 1689, 1690, 1691, 1692, 1693, 1694, 1695, 1696, 1697, - 1698, 1699, 1700, 1701, 1702, 1703, 1704, 1705, 1706, 1707, - 1708, 1709, 1710, 1711, 1712, 1713, 1714, 1715, 1716, 1717, - 1718, 1719, 1720, 1721, 1722, 1723, 1724, 1725, 1726, 1727, - 1728, 1729, 1730, 1731, 1732, 1733, 0, 1734, 1735, 1736, - 1737, 1738, 1739, 1740, 1741, 1742, 1743, 1744, 1745, 1746, - 1747, 1748, 0, 1749, 1750, 1751, 1752, 1753, 1754, 1755, - 1756, 1757, 1758, 1759, 1760, 1761, 1762, 1763, 1764, 1765, - 1766, 1767, 1768, 1769, 1770, 1771, 53, 54, 55, 0, - 56, 57, 58, 59, 60, 61, 62, 0, 1772, 1773, - 1774, 64, 65, 66, 67, 68, 69, 70, 71, 72, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, + 0, 471, 613, 473, 474, 4, 5, 823, 1467, 0, + 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 1466, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, + 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, + 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, + 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, - 577, 0, 578, 579, 1775, 88, 1776, 1777, 91, 92, + 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, - 102, 103, 0, 1778, 583, 106, 107, 108, 109, 110, + 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, - 129, 130, 131, 132, 133, 134, 135, 136, 137, 1779, - 1780, 140, 586, 142, 0, 143, 144, 145, 146, 147, + 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, + 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, - 157, 1781, 159, 160, 161, 162, 163, 164, 165, 166, + 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 1782, 590, 591, 182, 0, - 183, 184, 185, 0, 187, 188, 189, 593, 191, 192, + 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, + 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, - 212, 213, 214, 215, 216, 217, 1783, 219, 597, 220, + 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, - 0, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 1784, 1785, + 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, + 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, - 289, 290, 291, 0, 1786, 1787, 295, 1788, 296, 297, + 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 0, 1789, 333, 334, 335, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 604, 362, 363, 364, 0, + 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, - 5761, 377, 378, 379, 380, 381, 606, 0, 384, 385, + 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, - 423, 424, 425, 1791, 427, 428, 1792, 430, 431, 1793, - 433, 434, 435, 436, 437, 609, 0, 439, 440, 441, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, - 452, 453, 0, 1794, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 1795, 467, 468, 469, 470, 0, - 471, 613, 473, 1796, 4, 5, 0, 0, 0, 0, + 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, + 471, 613, 473, 474, 4, 5, 0, 1467, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1515, 1516, 1517, 1518, 1519, 1520, 1521, 1522, 1523, 1524, @@ -12462,7 +12172,7 @@ 327, 328, 329, 330, 0, 1789, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, - 357, 358, 359, 360, 604, 362, 363, 364, 5794, 366, + 357, 358, 359, 360, 604, 362, 363, 364, 1790, 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, 0, 377, 378, 379, 380, 381, 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, @@ -12537,7 +12247,7 @@ 328, 329, 330, 0, 1789, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, - 358, 359, 360, 604, 362, 363, 364, 0, 366, 367, + 358, 359, 360, 604, 362, 363, 364, 4485, 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, 0, 377, 378, 379, 380, 381, 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, @@ -12561,7 +12271,7 @@ 1574, 1575, 1576, 1577, 1578, 1579, 1580, 1581, 1582, 19, 1583, 1584, 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 0, 1593, 1594, 1595, 1596, 1597, 0, 0, 22, 1598, - 1599, 1600, 1601, 1602, 1603, 1604, 1605, 3969, 1607, 1608, + 1599, 1600, 1601, 1602, 1603, 1604, 1605, 1606, 1607, 1608, 1609, 0, 1610, 1611, 0, 1612, 1613, 1614, 1615, 1616, 1617, 1618, 1619, 1620, 1621, 1622, 1623, 1624, 1625, 1626, 1627, 1628, 1629, 1630, 1631, 0, 1632, 1633, 1634, 1635, @@ -12613,7 +12323,7 @@ 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, 0, 366, 367, 368, - 605, 370, 371, 372, 373, 374, 375, 0, 377, 378, + 605, 370, 371, 372, 373, 374, 375, 5762, 377, 378, 379, 380, 381, 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, @@ -12623,276 +12333,276 @@ 436, 437, 609, 0, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 0, 1794, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 0, 467, 468, 469, 470, 0, 471, 613, 473, - 1796, 4, 5, 823, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 914, - 915, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 916, 0, 0, 0, 917, 0, 0, 0, - 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 918, 0, 0, 0, 0, 0, 0, - 0, 0, 919, 0, 0, 0, 0, 0, 19, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 920, 0, 0, 0, 22, 0, 0, - 0, 0, 0, 0, 0, 0, 575, 921, 0, 0, - 0, 0, 922, 0, 0, 0, 0, 0, 0, 0, + 465, 1795, 467, 468, 469, 470, 0, 471, 613, 473, + 1796, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 923, 0, 0, 0, - 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 924, 0, 0, 0, 925, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 926, 0, 0, - 0, 927, 928, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 929, 0, 0, 0, 0, 0, 0, 930, - 931, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, - 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, + 0, 0, 0, 0, 0, 0, 0, 1515, 1516, 1517, + 1518, 1519, 1520, 1521, 1522, 1523, 1524, 1525, 1526, 1527, + 1528, 1529, 1530, 1531, 1532, 1533, 1534, 1535, 1536, 1537, + 1538, 1539, 1540, 1541, 1542, 1543, 0, 1544, 1545, 1546, + 1547, 1548, 1549, 1550, 1551, 1552, 1553, 1554, 0, 1555, + 13, 1556, 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, + 1565, 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, + 1575, 1576, 1577, 1578, 1579, 1580, 1581, 1582, 19, 1583, + 1584, 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 0, + 1593, 1594, 1595, 1596, 1597, 0, 0, 22, 1598, 1599, + 1600, 1601, 1602, 1603, 1604, 1605, 1606, 1607, 1608, 1609, + 0, 1610, 1611, 0, 1612, 1613, 1614, 1615, 1616, 1617, + 1618, 1619, 1620, 1621, 1622, 1623, 1624, 1625, 1626, 1627, + 1628, 1629, 1630, 1631, 0, 1632, 1633, 1634, 1635, 1636, + 1637, 1638, 29, 1639, 1640, 1641, 1642, 1643, 1644, 1645, + 1646, 1647, 1648, 1649, 1650, 1651, 1652, 1653, 30, 1654, + 1655, 1656, 1657, 1658, 1659, 1660, 1661, 1662, 1663, 1664, + 32, 1665, 1666, 1667, 1668, 0, 1669, 1670, 1671, 1672, + 1673, 35, 1674, 1675, 1676, 1677, 1678, 1679, 1680, 1681, + 1682, 1683, 1684, 1685, 1686, 1687, 1688, 1689, 1690, 1691, + 1692, 1693, 1694, 1695, 1696, 1697, 1698, 1699, 1700, 1701, + 1702, 1703, 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, + 1712, 1713, 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, + 1722, 1723, 1724, 1725, 1726, 1727, 1728, 1729, 1730, 1731, + 1732, 1733, 0, 1734, 1735, 1736, 1737, 1738, 1739, 1740, + 1741, 1742, 1743, 1744, 1745, 1746, 1747, 1748, 0, 1749, + 1750, 1751, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, + 1760, 1761, 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, + 1770, 1771, 53, 54, 55, 0, 56, 57, 58, 59, + 60, 61, 62, 0, 1772, 1773, 1774, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 577, 0, 578, 932, - 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, - 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, + 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, + 1775, 88, 1776, 1777, 91, 92, 580, 94, 95, 96, + 97, 98, 581, 99, 582, 101, 102, 103, 0, 1778, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 0, 115, 116, 117, 584, 119, 120, 121, 122, 933, + 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, - 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, + 133, 134, 135, 136, 137, 1779, 1780, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 934, 164, 165, 166, 167, 935, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 936, 937, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, + 152, 153, 154, 588, 155, 156, 157, 1781, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, + 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 1782, 590, 591, 182, 0, 183, 184, 185, 0, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, - 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, + 216, 217, 1783, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, + 254, 255, 256, 257, 258, 259, 0, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, - 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, - 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, + 274, 275, 276, 277, 1784, 1785, 280, 281, 282, 283, + 284, 285, 286, 287, 598, 288, 289, 290, 291, 0, + 1786, 1787, 295, 1788, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, - 320, 321, 322, 938, 324, 325, 326, 939, 328, 329, - 330, 331, 332, 940, 334, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 941, 345, 346, 602, 348, 349, - 942, 603, 352, 353, 354, 355, 356, 357, 358, 359, - 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 943, 383, 384, 385, 944, 387, 388, 389, + 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 0, 1789, 333, 334, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, + 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, + 360, 604, 362, 363, 364, 5795, 366, 367, 368, 605, + 370, 371, 372, 373, 374, 375, 0, 377, 378, 379, + 380, 381, 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, - 407, 408, 409, 410, 411, 412, 413, 945, 415, 416, - 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, - 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 1791, + 427, 428, 1792, 430, 431, 1793, 433, 434, 435, 436, + 437, 609, 0, 439, 440, 441, 442, 443, 444, 445, + 611, 447, 448, 449, 450, 451, 452, 453, 0, 1794, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, - 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 1199, 915, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 916, 0, 0, 0, 917, 0, 0, 0, 13, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 918, 0, 0, 0, 0, 0, 0, 0, - 0, 919, 0, 0, 0, 0, 0, 19, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 920, 0, 0, 0, 22, 0, 0, 0, - 0, 0, 0, 0, 0, 575, 921, 0, 0, 0, - 0, 922, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 923, 0, 0, 0, 0, - 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 924, 0, 0, 0, 925, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 926, 0, 0, 0, - 927, 928, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 929, 0, 0, 0, 0, 0, 0, 930, 931, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1795, 467, 468, 469, 470, 0, 471, 613, 473, 1796, + 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, - 61, 62, 0, 0, 0, 0, 64, 65, 1200, 67, + 0, 0, 0, 0, 0, 0, 1515, 1516, 1517, 1518, + 1519, 1520, 1521, 1522, 1523, 1524, 1525, 1526, 1527, 1528, + 1529, 1530, 1531, 1532, 1533, 1534, 1535, 1536, 1537, 1538, + 1539, 1540, 1541, 1542, 1543, 0, 1544, 1545, 1546, 1547, + 1548, 1549, 1550, 1551, 1552, 1553, 1554, 0, 1555, 13, + 1556, 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, 1565, + 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, 1575, + 1576, 1577, 1578, 1579, 1580, 1581, 1582, 19, 1583, 1584, + 1585, 1586, 1587, 1588, 1589, 1590, 1591, 1592, 0, 1593, + 1594, 1595, 1596, 1597, 0, 0, 22, 1598, 1599, 1600, + 1601, 1602, 1603, 1604, 1605, 1606, 1607, 1608, 1609, 0, + 1610, 1611, 0, 1612, 1613, 1614, 1615, 1616, 1617, 1618, + 1619, 1620, 1621, 1622, 1623, 1624, 1625, 1626, 1627, 1628, + 1629, 1630, 1631, 0, 1632, 1633, 1634, 1635, 1636, 1637, + 1638, 29, 1639, 1640, 1641, 1642, 1643, 1644, 1645, 1646, + 1647, 1648, 1649, 1650, 1651, 1652, 1653, 30, 1654, 1655, + 1656, 1657, 1658, 1659, 1660, 1661, 1662, 1663, 1664, 32, + 1665, 1666, 1667, 1668, 0, 1669, 1670, 1671, 1672, 1673, + 35, 1674, 1675, 1676, 1677, 1678, 1679, 1680, 1681, 1682, + 1683, 1684, 1685, 1686, 1687, 1688, 1689, 1690, 1691, 1692, + 1693, 1694, 1695, 1696, 1697, 1698, 1699, 1700, 1701, 1702, + 1703, 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, 1712, + 1713, 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, 1722, + 1723, 1724, 1725, 1726, 1727, 1728, 1729, 1730, 1731, 1732, + 1733, 0, 1734, 1735, 1736, 1737, 1738, 1739, 1740, 1741, + 1742, 1743, 1744, 1745, 1746, 1747, 1748, 0, 1749, 1750, + 1751, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, 1760, + 1761, 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, 1770, + 1771, 53, 54, 55, 0, 56, 57, 58, 59, 60, + 61, 62, 0, 1772, 1773, 1774, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, - 78, 79, 80, 81, 82, 577, 0, 578, 932, 87, - 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, - 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, + 78, 79, 80, 81, 82, 577, 0, 578, 579, 1775, + 88, 1776, 1777, 91, 92, 580, 94, 95, 96, 97, + 98, 581, 99, 582, 101, 102, 103, 0, 1778, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, - 115, 116, 117, 584, 119, 120, 121, 122, 933, 124, + 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, - 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, + 134, 135, 136, 137, 1779, 1780, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, - 153, 154, 588, 155, 156, 157, 158, 159, 160, 161, - 162, 934, 164, 165, 166, 167, 935, 169, 0, 0, - 170, 171, 172, 173, 174, 175, 176, 936, 937, 179, - 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, + 153, 154, 588, 155, 156, 157, 1781, 159, 160, 161, + 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, + 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, + 1782, 590, 591, 182, 0, 183, 184, 185, 0, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, - 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, + 217, 1783, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, - 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, + 255, 256, 257, 258, 259, 0, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, - 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, - 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, + 275, 276, 277, 1784, 1785, 280, 281, 282, 283, 284, + 285, 286, 287, 598, 288, 289, 290, 291, 0, 1786, + 1787, 295, 1788, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, - 321, 322, 938, 324, 325, 326, 1201, 328, 329, 330, - 331, 332, 940, 334, 335, 336, 337, 338, 339, 340, - 341, 342, 343, 941, 345, 346, 602, 348, 349, 942, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 0, 1789, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, - 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, - 381, 943, 383, 384, 385, 944, 387, 388, 389, 390, + 604, 362, 363, 364, 0, 366, 367, 368, 605, 370, + 371, 372, 373, 374, 375, 0, 377, 378, 379, 380, + 381, 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, - 408, 409, 410, 411, 412, 413, 945, 415, 416, 417, - 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, - 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, - 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, - 5, 0, 0, 0, 2695, 2696, 5539, 0, 5540, 0, - 5541, 724, 5542, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5543, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, - 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + 418, 419, 420, 421, 422, 423, 424, 425, 1791, 427, + 428, 1792, 430, 431, 1793, 433, 434, 435, 436, 437, + 609, 0, 439, 440, 441, 442, 443, 444, 445, 611, + 447, 448, 449, 450, 451, 452, 453, 0, 1794, 456, + 457, 458, 459, 460, 461, 462, 463, 464, 465, 1795, + 467, 468, 469, 470, 0, 471, 613, 473, 1796, 4, + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, - 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, + 0, 0, 0, 0, 0, 1515, 1516, 1517, 1518, 1519, + 1520, 1521, 1522, 1523, 1524, 1525, 1526, 1527, 1528, 1529, + 1530, 1531, 1532, 1533, 1534, 1535, 1536, 1537, 1538, 1539, + 1540, 1541, 1542, 1543, 0, 1544, 1545, 1546, 1547, 1548, + 1549, 1550, 1551, 1552, 1553, 1554, 0, 1555, 13, 1556, + 1557, 1558, 1559, 1560, 1561, 1562, 1563, 1564, 1565, 1566, + 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, 1575, 1576, + 1577, 1578, 1579, 1580, 1581, 1582, 19, 1583, 1584, 1585, + 1586, 1587, 1588, 1589, 1590, 1591, 1592, 0, 1593, 1594, + 1595, 1596, 1597, 0, 0, 22, 1598, 1599, 1600, 1601, + 1602, 1603, 1604, 1605, 3969, 1607, 1608, 1609, 0, 1610, + 1611, 0, 1612, 1613, 1614, 1615, 1616, 1617, 1618, 1619, + 1620, 1621, 1622, 1623, 1624, 1625, 1626, 1627, 1628, 1629, + 1630, 1631, 0, 1632, 1633, 1634, 1635, 1636, 1637, 1638, + 29, 1639, 1640, 1641, 1642, 1643, 1644, 1645, 1646, 1647, + 1648, 1649, 1650, 1651, 1652, 1653, 30, 1654, 1655, 1656, + 1657, 1658, 1659, 1660, 1661, 1662, 1663, 1664, 32, 1665, + 1666, 1667, 1668, 0, 1669, 1670, 1671, 1672, 1673, 35, + 1674, 1675, 1676, 1677, 1678, 1679, 1680, 1681, 1682, 1683, + 1684, 1685, 1686, 1687, 1688, 1689, 1690, 1691, 1692, 1693, + 1694, 1695, 1696, 1697, 1698, 1699, 1700, 1701, 1702, 1703, + 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, 1712, 1713, + 1714, 1715, 1716, 1717, 1718, 1719, 1720, 1721, 1722, 1723, + 1724, 1725, 1726, 1727, 1728, 1729, 1730, 1731, 1732, 1733, + 0, 1734, 1735, 1736, 1737, 1738, 1739, 1740, 1741, 1742, + 1743, 1744, 1745, 1746, 1747, 1748, 0, 1749, 1750, 1751, + 1752, 1753, 1754, 1755, 1756, 1757, 1758, 1759, 1760, 1761, + 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, 1770, 1771, + 53, 54, 55, 0, 56, 57, 58, 59, 60, 61, + 62, 0, 1772, 1773, 1774, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, - 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, - 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, - 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, + 79, 80, 81, 82, 577, 0, 578, 579, 1775, 88, + 1776, 1777, 91, 92, 580, 94, 95, 96, 97, 98, + 581, 99, 582, 101, 102, 103, 0, 1778, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, - 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, + 135, 136, 137, 1779, 1780, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, - 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, + 154, 588, 155, 156, 157, 1781, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, - 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, + 171, 172, 173, 174, 175, 176, 177, 178, 179, 1782, + 590, 591, 182, 0, 183, 184, 185, 0, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, - 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, + 1783, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, - 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, + 256, 257, 258, 259, 0, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, - 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, - 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, - 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, + 276, 277, 1784, 1785, 280, 281, 282, 283, 284, 285, + 286, 287, 598, 288, 289, 290, 291, 0, 1786, 1787, + 295, 1788, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 0, + 1789, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, - 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, + 362, 363, 364, 0, 366, 367, 368, 605, 370, 371, + 372, 373, 374, 375, 0, 377, 378, 379, 380, 381, + 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, - 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, - 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, - 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, + 419, 420, 421, 422, 423, 424, 425, 1791, 427, 428, + 1792, 430, 431, 1793, 433, 434, 435, 436, 437, 609, + 0, 439, 440, 441, 442, 443, 444, 445, 611, 447, + 448, 449, 450, 451, 452, 453, 0, 1794, 456, 457, + 458, 459, 460, 461, 462, 463, 464, 465, 0, 467, + 468, 469, 470, 0, 471, 613, 473, 1796, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 914, 915, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 916, + 0, 0, 0, 917, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 917, 1477, 0, 0, 13, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 918, 0, 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, - 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, + 920, 0, 0, 0, 22, 0, 0, 0, 0, 0, + 0, 0, 0, 575, 921, 0, 0, 0, 0, 922, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, + 0, 0, 0, 923, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 924, 0, 0, 0, 925, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 926, 0, 0, 0, 927, 928, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 929, + 0, 0, 0, 0, 0, 0, 930, 931, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, - 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, + 80, 81, 82, 577, 0, 578, 932, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, - 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, + 117, 584, 119, 120, 121, 122, 933, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, - 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 934, + 164, 165, 166, 167, 935, 169, 0, 0, 170, 171, + 172, 173, 174, 175, 176, 936, 937, 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, @@ -12908,16 +12618,16 @@ 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, + 938, 324, 325, 326, 939, 328, 329, 330, 331, 332, + 940, 334, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 941, 345, 346, 602, 348, 349, 942, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, - 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 943, + 383, 384, 385, 944, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, + 410, 411, 412, 413, 945, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, @@ -12926,48 +12636,48 @@ 469, 470, 0, 471, 613, 473, 474, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 1199, 915, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 2171, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2172, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 916, 0, + 0, 0, 917, 0, 0, 0, 13, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 918, + 0, 0, 0, 0, 0, 0, 0, 0, 919, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 920, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 575, 921, 0, 0, 0, 0, 922, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, + 0, 0, 923, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 924, 0, 0, 0, 925, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 926, 0, 0, 0, 927, 928, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 929, 0, + 0, 0, 0, 0, 0, 930, 931, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, - 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, + 0, 0, 0, 64, 65, 1200, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, - 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, + 81, 82, 577, 0, 578, 932, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, - 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, + 584, 119, 120, 121, 122, 933, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, - 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, + 155, 156, 157, 158, 159, 160, 161, 162, 934, 164, + 165, 166, 167, 935, 169, 0, 0, 170, 171, 172, + 173, 174, 175, 176, 936, 937, 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, @@ -12982,31 +12692,31 @@ 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, + 315, 316, 600, 317, 601, 319, 320, 321, 322, 938, + 324, 325, 326, 1201, 328, 329, 330, 331, 332, 940, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, + 941, 345, 346, 602, 348, 349, 942, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, - 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, + 374, 375, 376, 377, 378, 379, 380, 381, 943, 383, + 384, 385, 944, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, - 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, + 411, 412, 413, 945, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, - 1358, 0, 0, 1359, 1360, 0, 0, 0, 1361, 0, + 0, 2695, 2696, 5540, 0, 5541, 0, 5542, 724, 5543, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5544, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13077,11 +12787,11 @@ 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 3296, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3297, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 917, 1477, 0, 0, 13, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13152,11 +12862,11 @@ 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 3645, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2171, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 3646, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 2172, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13223,15 +12933,15 @@ 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, - 613, 473, 474, 4, 5, 823, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, + 613, 473, 474, 4, 5, 0, 0, 1358, 0, 0, + 1359, 1360, 0, 0, 0, 1361, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 3961, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 3962, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, @@ -13302,11 +13012,11 @@ 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2156, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3296, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 2157, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3297, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, @@ -13376,12 +13086,12 @@ 474, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 3645, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 1477, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 3646, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, @@ -13450,13 +13160,13 @@ 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2208, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 3961, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 3962, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, @@ -13526,11 +13236,11 @@ 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2156, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 917, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 2157, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13597,14 +13307,14 @@ 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, - 468, 469, 470, 0, 471, 613, 473, 474, 1954, 1955, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, + 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, + 0, 0, 0, 0, 1477, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, @@ -13629,7 +13339,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, - 0, 2893, 2894, 2895, 64, 65, 66, 67, 68, 69, + 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, @@ -13675,8 +13385,8 @@ 469, 470, 0, 471, 613, 473, 474, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2208, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 2156, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, @@ -13747,14 +13457,14 @@ 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 470, 0, 471, 613, 473, 474, 4, 5, 823, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, + 0, 917, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, @@ -13771,8 +13481,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 688, 0, 0, 0, - 0, 0, 0, 0, 0, 689, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13822,8 +13532,8 @@ 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 0, 471, 613, 473, 474, 4, 5, 823, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, + 0, 471, 613, 473, 474, 1954, 1955, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13853,8 +13563,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, 55, 576, - 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, - 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, + 56, 57, 58, 59, 60, 61, 62, 0, 2893, 2894, + 2895, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, @@ -13897,19 +13607,19 @@ 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, - 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 471, 613, 473, 474, 4, 5, 823, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 2156, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 859, 860, 0, 0, 0, 0, 0, 0, 0, - 0, 861, 0, 13, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 22, 0, 0, 0, 0, 0, 0, 0, 0, 862, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13927,22 +13637,22 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 53, 54, 55, 0, 56, + 0, 0, 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, - 0, 0, 579, 87, 88, 89, 90, 91, 92, 580, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, - 149, 587, 151, 152, 153, 154, 0, 155, 156, 157, + 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, - 589, 169, 863, 864, 170, 171, 172, 173, 174, 175, + 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, - 184, 185, 186, 187, 188, 189, 593, 191, 192, 594, + 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, @@ -13968,10 +13678,10 @@ 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 609, 865, 439, 440, 441, 442, + 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - 463, 464, 465, 866, 467, 468, 469, 470, 0, 471, + 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13983,8 +13693,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1924, 0, 0, 0, 0, 0, 0, 22, - 1925, 0, 0, 0, 0, 0, 0, 0, 575, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -13996,8 +13706,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 688, 0, 0, 0, 0, 0, 0, + 0, 0, 689, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14026,7 +13736,7 @@ 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, 280, 1926, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, @@ -14047,10 +13757,10 @@ 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, - 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, + 473, 474, 4, 5, 823, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 4677, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14127,14 +13837,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 859, 860, + 0, 0, 0, 0, 0, 0, 0, 0, 861, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, - 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 862, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14147,15 +13857,15 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 689, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 53, 54, 55, 0, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, - 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, + 77, 78, 79, 80, 81, 82, 577, 0, 0, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, @@ -14163,10 +13873,10 @@ 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, - 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, - 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, - 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, + 152, 153, 154, 0, 155, 156, 157, 158, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 589, 169, 863, + 864, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 180, 590, 591, 182, 0, 183, 184, 185, 186, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, @@ -14193,10 +13903,10 @@ 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, - 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, + 437, 609, 865, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, - 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, + 866, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14207,8 +13917,8 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1836, - 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 1924, + 0, 0, 0, 0, 0, 0, 22, 1925, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14251,7 +13961,7 @@ 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, + 275, 276, 277, 278, 279, 280, 1926, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, @@ -14271,11 +13981,11 @@ 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, - 467, 468, 469, 470, 0, 471, 613, 473, 474, 1954, - 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1956, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 4677, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, @@ -14346,7 +14056,7 @@ 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, - 468, 469, 470, 0, 471, 613, 473, 474, 1954, 1955, + 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14354,7 +14064,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 2166, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14371,7 +14081,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 689, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14421,7 +14131,7 @@ 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, - 469, 470, 0, 471, 613, 473, 474, 1954, 1955, 0, + 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14429,10 +14139,10 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 2961, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1836, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14492,16 +14202,16 @@ 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 2962, 434, 435, 436, 437, 609, 610, 439, + 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, - 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, + 470, 0, 471, 613, 473, 474, 1954, 1955, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1956, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 2974, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14571,7 +14281,7 @@ 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, - 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, + 0, 471, 613, 473, 474, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14579,7 +14289,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 3716, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 2166, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14716,7 +14426,7 @@ 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 2962, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, @@ -14725,7 +14435,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 2974, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, @@ -14742,7 +14452,7 @@ 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, - 4730, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -14797,14 +14507,14 @@ 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 3716, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, @@ -14871,15 +14581,15 @@ 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, - 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, + 474, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5114, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 2961, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, @@ -14954,7 +14664,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 5632, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, @@ -14966,7 +14676,7 @@ 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 35, 0, 0, 0, 0, 0, 0, 4730, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15022,13 +14732,13 @@ 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 5642, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15098,7 +14808,7 @@ 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5115, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15116,7 +14826,7 @@ 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, - 0, 0, 0, 0, 0, 6003, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15178,7 +14888,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 5633, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15253,7 +14963,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 5643, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15292,7 +15002,7 @@ 174, 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, - 201, 202, 203, 731, 205, 206, 207, 208, 209, 596, + 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, @@ -15341,7 +15051,7 @@ 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 6004, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15357,7 +15067,7 @@ 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, - 111, 112, 113, 114, 0, 115, 813, 117, 584, 119, + 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, @@ -15395,7 +15105,7 @@ 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, - 471, 613, 473, 474, 1954, 1955, 0, 0, 0, 0, + 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15517,7 +15227,7 @@ 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 731, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, @@ -15534,7 +15244,7 @@ 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, - 368, 2319, 370, 371, 372, 373, 374, 375, 376, 377, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, @@ -15575,14 +15285,14 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 2979, 54, 55, 576, 56, 57, 58, + 0, 0, 0, 53, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, - 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, + 114, 0, 115, 813, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, @@ -15620,7 +15330,7 @@ 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, - 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, + 474, 1954, 1955, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15664,7 +15374,7 @@ 152, 153, 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, - 3740, 180, 590, 591, 182, 0, 183, 184, 185, 592, + 179, 180, 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, @@ -15674,7 +15384,7 @@ 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, 280, 3741, 282, 283, + 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, @@ -15712,7 +15422,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 5960, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15758,7 +15468,7 @@ 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, - 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, + 604, 362, 363, 364, 365, 366, 367, 368, 2319, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, @@ -15771,18 +15481,18 @@ 457, 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 3624, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, - 0, 0, 0, 0, 3625, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15800,7 +15510,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 53, 54, 55, 3626, 56, 57, 58, 59, 60, 61, + 2979, 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, @@ -15814,19 +15524,19 @@ 154, 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, - 590, 591, 182, 0, 183, 184, 185, 3627, 187, 188, - 189, 593, 0, 192, 594, 194, 195, 595, 0, 197, + 590, 591, 182, 0, 183, 184, 185, 592, 187, 188, + 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, - 0, 228, 229, 230, 231, 232, 233, 234, 235, 236, + 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, - 295, 3628, 296, 297, 298, 299, 599, 300, 301, 302, + 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, @@ -15834,16 +15544,16 @@ 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, 368, 605, 370, 371, - 372, 373, 374, 375, 376, 0, 378, 379, 380, 381, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, - 0, 439, 440, 441, 442, 443, 444, 445, 611, 447, + 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, 463, 464, 465, 3629, 467, + 458, 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15851,13 +15561,13 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 861, 0, 13, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, - 0, 0, 0, 862, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, @@ -15875,10 +15585,10 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, - 54, 55, 0, 56, 57, 58, 59, 60, 61, 62, + 54, 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, - 80, 81, 82, 577, 0, 0, 579, 87, 88, 89, + 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, @@ -15886,10 +15596,10 @@ 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, - 0, 155, 156, 157, 158, 159, 160, 161, 162, 163, + 588, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, - 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, - 591, 182, 0, 183, 184, 185, 186, 187, 188, 189, + 172, 173, 174, 175, 176, 177, 178, 3740, 180, 590, + 591, 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, @@ -15899,7 +15609,7 @@ 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, - 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, + 277, 278, 279, 280, 3741, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, @@ -15915,10 +15625,10 @@ 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 609, 865, + 430, 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, 463, 464, 465, 866, 467, 468, + 459, 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15932,12 +15642,12 @@ 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, - 0, 0, 3394, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 575, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 30, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 5961, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -15950,7 +15660,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 53, 54, - 55, 3395, 56, 57, 58, 59, 60, 61, 62, 0, + 55, 576, 56, 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, 87, 88, 89, 90, @@ -15964,7 +15674,7 @@ 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 590, 591, - 182, 0, 183, 184, 185, 3396, 187, 188, 189, 593, + 182, 0, 183, 184, 185, 592, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, 218, 219, @@ -15990,10 +15700,10 @@ 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - 431, 432, 433, 434, 435, 436, 437, 609, 0, 439, + 431, 432, 433, 434, 435, 436, 437, 609, 610, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, 463, 464, 465, 0, 467, 468, 469, + 460, 461, 462, 463, 464, 465, 612, 467, 468, 469, 470, 0, 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16002,7 +15712,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 3624, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16076,13 +15786,13 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, + 0, 0, 861, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 862, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, @@ -16104,134 +15814,67 @@ 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 0, 579, 87, 88, 89, 90, 91, 92, - 580, 94, 95, 96, 97, 98, 0, 99, 582, 101, - 102, 103, 104, 105, 0, 106, 107, 108, 109, 110, - 111, 112, 113, 114, 0, 115, 116, 117, 0, 119, - 120, 121, 122, 123, 124, 125, 126, 127, 0, 128, + 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, + 102, 103, 104, 105, 583, 106, 107, 108, 109, 110, + 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, + 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, - 148, 149, 0, 151, 152, 153, 154, 0, 155, 156, + 148, 149, 587, 151, 152, 153, 154, 0, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 590, 0, 182, 0, + 175, 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, 185, 186, 187, 188, 189, 593, 191, 192, - 0, 194, 195, 595, 0, 197, 198, 199, 200, 201, + 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, - 212, 213, 214, 215, 216, 217, 218, 219, 0, 220, + 212, 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 0, 288, + 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, - 298, 299, 0, 300, 301, 302, 303, 304, 305, 306, + 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, - 0, 317, 601, 319, 320, 321, 322, 323, 324, 325, + 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, - 346, 0, 348, 349, 350, 603, 352, 353, 354, 355, - 356, 357, 358, 359, 360, 0, 362, 363, 364, 365, - 366, 367, 368, 0, 370, 371, 372, 373, 374, 375, - 376, 377, 378, 379, 380, 381, 0, 383, 384, 385, + 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, + 356, 357, 358, 359, 360, 604, 362, 363, 364, 365, + 366, 367, 368, 605, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 4, 5, 439, 440, 441, + 433, 434, 435, 436, 437, 609, 865, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 466, 467, 468, 469, 470, 0, - 471, 613, 473, 474, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, - 1911, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 462, 463, 464, 465, 866, 467, 468, 469, 470, 0, + 471, 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 1932, - 0, 0, 0, 0, 0, 0, 53, 54, 55, 1912, - 56, 57, 0, 59, 60, 61, 62, 0, 0, 0, - 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 0, 75, 76, 77, 78, 79, 80, 81, 82, - 0, 0, 0, 0, 87, 88, 89, 90, 91, 0, - 0, 94, 95, 96, 97, 98, 0, 0, 0, 101, - 102, 103, 104, 105, 0, 106, 107, 108, 109, 0, - 0, 0, 0, 0, 0, 115, 0, 117, 0, 119, - 120, 1913, 122, 123, 124, 125, 126, 127, 0, 128, - 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, - 139, 140, 0, 142, 0, 143, 144, 145, 146, 147, - 148, 149, 0, 151, 152, 153, 154, 0, 155, 156, - 157, 158, 159, 160, 161, 162, 163, 164, 165, 0, - 0, 0, 169, 0, 0, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 0, 0, 0, 0, - 0, 184, 185, 1914, 187, 188, 189, 0, 191, 192, - 0, 194, 195, 0, 0, 197, 0, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 0, 211, - 212, 213, 214, 215, 216, 217, 218, 219, 0, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 0, 288, - 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, - 298, 299, 0, 0, 0, 302, 0, 304, 305, 0, - 307, 308, 309, 310, 0, 312, 313, 314, 315, 0, - 0, 0, 0, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 0, - 346, 0, 348, 349, 350, 0, 352, 353, 0, 355, - 356, 357, 358, 359, 360, 0, 362, 363, 364, 365, - 366, 367, 368, 0, 370, 371, 372, 0, 374, 375, - 376, 377, 378, 0, 380, 381, 0, 0, 384, 385, - 0, 0, 388, 389, 390, 0, 392, 0, 394, 395, - 0, 0, 396, 397, 0, 398, 399, 400, 401, 0, - 403, 404, 0, 406, 0, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 0, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 4, 5, 439, 0, 441, - 442, 443, 444, 0, 0, 447, 448, 0, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 0, 0, 468, 469, 0, 0, - 471, 0, 473, 474, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, + 22, 0, 0, 0, 0, 0, 0, 0, 0, 3394, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 22, 0, 0, 0, 0, 0, 0, 0, 0, - 1911, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 29, 0, 0, 0, + 0, 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 30, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, + 0, 30, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16241,126 +15884,127 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 53, 54, 55, 1912, - 56, 57, 0, 59, 60, 61, 62, 0, 0, 0, - 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, 0, 75, 76, 77, 78, 79, 80, 81, 82, - 0, 0, 0, 0, 87, 88, 89, 90, 91, 0, - 0, 94, 95, 96, 97, 98, 0, 0, 0, 101, - 102, 103, 104, 105, 0, 106, 107, 108, 109, 0, - 0, 0, 0, 0, 0, 115, 0, 117, 0, 119, - 120, 1913, 122, 123, 124, 125, 126, 127, 0, 128, - 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, - 139, 140, 0, 142, 0, 143, 144, 145, 146, 147, - 148, 149, 0, 151, 152, 153, 154, 0, 155, 156, - 157, 158, 159, 160, 161, 162, 163, 164, 165, 0, - 0, 0, 169, 0, 0, 170, 171, 172, 173, 174, - 175, 176, 177, 178, 179, 180, 0, 0, 0, 0, - 0, 184, 185, 1914, 187, 188, 189, 0, 191, 192, - 0, 194, 195, 0, 0, 197, 0, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 0, 211, - 212, 213, 214, 215, 216, 217, 218, 219, 0, 220, - 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, - 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, - 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, - 251, 252, 0, 253, 254, 255, 256, 257, 258, 259, - 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, - 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, - 280, 281, 282, 283, 284, 285, 286, 287, 0, 288, - 289, 290, 291, 292, 293, 294, 295, 0, 296, 297, - 298, 299, 0, 0, 0, 302, 0, 304, 305, 0, - 307, 308, 309, 310, 0, 312, 313, 314, 315, 0, - 0, 0, 0, 319, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, - 336, 337, 338, 339, 340, 341, 342, 343, 344, 0, - 346, 0, 348, 349, 350, 0, 352, 353, 0, 355, - 356, 357, 358, 359, 360, 0, 362, 363, 364, 365, - 366, 367, 368, 0, 370, 371, 372, 0, 374, 375, - 376, 377, 378, 0, 380, 381, 0, 0, 384, 385, - 0, 0, 388, 389, 390, 0, 392, 0, 394, 395, - 0, 0, 396, 397, 0, 398, 399, 400, 401, 0, - 403, 404, 0, 406, 0, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 0, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 0, 0, 439, 0, 441, - 442, 443, 444, 0, 0, 447, 448, 0, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, 463, 464, 465, 4, 5, 468, 469, 0, 0, - 471, 0, 473, 474, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1515, 1516, 1517, 1518, 1519, 1520, 1521, 1522, 1523, 1524, - 1525, 0, 4062, 1528, 1529, 1530, 0, 0, 1533, 1534, - 1535, 1536, 1537, 1538, 1539, 1540, 4063, 1542, 1543, 0, - 1544, 1545, 1546, 1547, 1548, 1549, 1550, 1551, 1552, 1553, - 1554, 0, 1555, 13, 1556, 1557, 1558, 1559, 1560, 1561, - 1562, 4064, 1564, 1565, 1566, 1567, 1568, 1569, 1570, 1571, - 1572, 1573, 1574, 1575, 4065, 1577, 1578, 1579, 1580, 1581, - 1582, 19, 1583, 1584, 1585, 1586, 1587, 1588, 1589, 1590, - 4066, 1592, 0, 1593, 1594, 1595, 1596, 1597, 0, 0, - 22, 1598, 1599, 1600, 1601, 1602, 1603, 1604, 1605, 3969, - 1607, 1608, 1609, 0, 1610, 1611, 0, 1612, 4067, 1614, - 4068, 1616, 1617, 1618, 1619, 1620, 1621, 1622, 1623, 1624, - 1625, 1626, 1627, 1628, 1629, 1630, 1631, 0, 1632, 1633, - 0, 0, 0, 1637, 1638, 29, 1639, 1640, 1641, 1642, - 0, 0, 0, 1646, 1647, 1648, 1649, 1650, 1651, 1652, - 1653, 30, 1654, 1655, 1656, 1657, 1658, 1659, 0, 1661, - 1662, 1663, 1664, 32, 1665, 1666, 1667, 1668, 0, 1669, - 1670, 1671, 1672, 1673, 35, 1674, 1675, 1676, 1677, 1678, - 1679, 1680, 1681, 1682, 1683, 1684, 1685, 1686, 1687, 1688, - 0, 1690, 1691, 1692, 1693, 1694, 1695, 1696, 1697, 1698, - 1699, 1700, 1701, 1702, 1703, 1704, 1705, 1706, 1707, 1708, - 1709, 1710, 1711, 1712, 0, 1714, 1715, 0, 1717, 1718, - 1719, 1720, 1721, 1722, 1723, 1724, 1725, 1726, 1727, 1728, - 1729, 1730, 1731, 1732, 1733, 0, 1734, 1735, 1736, 1737, - 0, 0, 0, 1741, 1742, 1743, 1744, 1745, 1746, 1747, - 1748, 4069, 1749, 1750, 1751, 1752, 1753, 1754, 1755, 1756, - 1757, 1758, 0, 4070, 1761, 1762, 1763, 1764, 1765, 1766, - 1767, 1768, 1769, 1770, 1771, 53, 54, 55, 0, 56, - 57, 58, 59, 60, 61, 62, 0, 1772, 1773, 1774, + 0, 0, 0, 0, 0, 53, 54, 55, 3395, 56, + 57, 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, - 0, 578, 579, 0, 88, 0, 0, 91, 92, 580, + 0, 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, 96, 97, 98, 581, 99, 582, 101, 102, - 103, 0, 0, 583, 106, 107, 108, 109, 110, 111, + 103, 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, 126, 127, 585, 128, 129, - 130, 131, 132, 133, 134, 135, 136, 137, 4071, 4072, + 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, 154, 588, 155, 156, 157, - 0, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, - 176, 177, 178, 179, 0, 590, 591, 182, 0, 183, - 184, 185, 0, 187, 188, 189, 593, 191, 192, 594, + 176, 177, 178, 179, 180, 590, 591, 182, 0, 183, + 184, 185, 3396, 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, - 213, 214, 215, 216, 217, 0, 219, 597, 220, 221, + 213, 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, - 252, 0, 253, 254, 255, 256, 257, 258, 259, 0, + 252, 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, - 271, 272, 273, 274, 275, 276, 277, 0, 4073, 280, + 271, 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 598, 288, 289, - 290, 291, 0, 0, 0, 295, 1788, 296, 297, 298, + 290, 291, 292, 293, 294, 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, - 327, 328, 329, 330, 0, 0, 333, 334, 335, 336, + 327, 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, 352, 353, 354, 355, 356, - 357, 358, 359, 360, 604, 362, 363, 364, 0, 366, - 367, 368, 605, 370, 371, 372, 373, 374, 375, 0, - 377, 378, 379, 380, 381, 606, 4074, 384, 385, 386, + 357, 358, 359, 360, 604, 362, 363, 364, 365, 366, + 367, 368, 605, 370, 371, 372, 373, 374, 375, 376, + 377, 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, - 424, 425, 0, 427, 428, 0, 430, 431, 4075, 433, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 609, 0, 439, 440, 441, 442, 443, 444, 445, 611, 447, 448, 449, 450, 451, 452, - 453, 0, 4076, 456, 457, 458, 459, 460, 461, 462, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, 0, 467, 468, 469, 470, 0, 471, - 613, 473, 4, 5, 0, 0, 0, 0, 0, 0, + 613, 473, 474, 4, 5, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 724, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 13, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, + 0, 0, 0, 0, 0, 0, 0, 0, 3625, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 29, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 30, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 53, 54, 55, 3626, 56, 57, + 58, 59, 60, 61, 62, 0, 0, 0, 0, 64, + 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, + 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, + 578, 579, 87, 88, 89, 90, 91, 92, 580, 94, + 95, 96, 97, 98, 581, 99, 582, 101, 102, 103, + 104, 105, 583, 106, 107, 108, 109, 110, 111, 112, + 113, 114, 0, 115, 116, 117, 584, 119, 120, 121, + 122, 123, 124, 125, 126, 127, 585, 128, 129, 130, + 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, + 586, 142, 0, 143, 144, 145, 146, 147, 148, 149, + 587, 151, 152, 153, 154, 588, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, + 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, + 177, 178, 179, 180, 590, 591, 182, 0, 183, 184, + 185, 3627, 187, 188, 189, 593, 0, 192, 594, 194, + 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, + 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, + 214, 215, 216, 217, 218, 219, 597, 220, 221, 222, + 223, 224, 225, 226, 0, 228, 229, 230, 231, 232, + 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, + 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, + 0, 253, 254, 255, 256, 257, 258, 259, 260, 261, + 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, + 272, 273, 274, 275, 276, 277, 278, 279, 280, 281, + 282, 283, 284, 285, 286, 287, 598, 288, 289, 290, + 291, 292, 293, 294, 295, 3628, 296, 297, 298, 299, + 599, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 600, 317, + 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, + 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 602, + 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 604, 362, 363, 364, 365, 366, 367, + 368, 605, 370, 371, 372, 373, 374, 375, 376, 0, + 378, 379, 380, 381, 606, 383, 384, 385, 386, 387, + 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, + 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, + 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 609, 0, 439, 440, 441, 442, 443, + 444, 445, 611, 447, 448, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, 463, + 464, 465, 3629, 467, 468, 469, 470, 0, 471, 613, + 473, 474, 4, 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16372,7 +16016,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, - 0, 0, 0, 0, 0, 0, 0, 862, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16381,7 +16025,7 @@ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, - 5218, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, @@ -16394,1425 +16038,1728 @@ 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 577, 0, 0, - 579, 0, 88, 0, 0, 91, 92, 580, 94, 95, - 96, 97, 98, 581, 99, 582, 101, 102, 103, 0, - 0, 583, 106, 107, 108, 109, 110, 111, 112, 113, - 114, 0, 115, 116, 117, 584, 119, 120, 121, 122, - 123, 124, 125, 126, 127, 585, 128, 129, 130, 131, - 132, 133, 134, 135, 136, 137, 0, 0, 140, 586, - 142, 0, 143, 144, 145, 146, 147, 148, 149, 587, - 151, 152, 153, 154, 0, 155, 156, 157, 0, 159, + 579, 87, 88, 89, 90, 91, 92, 580, 94, 95, + 96, 97, 98, 0, 99, 582, 101, 102, 103, 104, + 105, 0, 106, 107, 108, 109, 110, 111, 112, 113, + 114, 0, 115, 116, 117, 0, 119, 120, 121, 122, + 123, 124, 125, 126, 127, 0, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 586, + 142, 0, 143, 144, 145, 146, 147, 148, 149, 0, + 151, 152, 153, 154, 0, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, - 178, 179, 0, 590, 591, 182, 0, 183, 184, 185, - 5219, 187, 188, 189, 593, 191, 192, 594, 194, 195, + 178, 179, 180, 590, 0, 182, 0, 183, 184, 185, + 186, 187, 188, 189, 593, 191, 192, 0, 194, 195, 595, 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 596, 211, 212, 213, 214, - 215, 216, 217, 0, 219, 597, 220, 221, 222, 223, + 215, 216, 217, 218, 219, 0, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, - 253, 254, 255, 256, 257, 258, 259, 0, 261, 262, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, - 273, 274, 275, 276, 277, 0, 0, 280, 281, 282, - 283, 284, 285, 286, 287, 598, 288, 289, 290, 291, - 0, 0, 0, 295, 0, 296, 297, 298, 299, 599, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 0, 288, 289, 290, 291, + 292, 293, 294, 295, 0, 296, 297, 298, 299, 0, 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, - 310, 311, 312, 313, 314, 315, 316, 600, 317, 601, + 310, 311, 312, 313, 314, 315, 316, 0, 317, 601, 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, 0, 0, 333, 334, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 602, 348, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 345, 346, 0, 348, 349, 350, 603, 352, 353, 354, 355, 356, 357, 358, - 359, 360, 604, 362, 363, 364, 0, 366, 367, 368, - 605, 370, 371, 372, 373, 374, 375, 0, 377, 378, - 379, 380, 381, 606, 0, 384, 385, 386, 387, 388, + 359, 360, 0, 362, 363, 364, 365, 366, 367, 368, + 0, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 379, 380, 381, 0, 383, 384, 385, 386, 387, 388, 389, 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, - 0, 427, 428, 0, 430, 431, 0, 433, 434, 435, - 436, 437, 609, 0, 439, 440, 441, 442, 443, 444, - 445, 611, 447, 448, 449, 450, 451, 452, 453, 0, - 0, 456, 457, 458, 459, 460, 461, 462, 463, 464, - 465, 1795, 467, 468, 469, 470, 0, 471, 613, 473 + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 4, 5, 439, 440, 441, 442, 443, 444, + 445, 611, 447, 448, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 466, 467, 468, 469, 470, 0, 471, 613, 473, + 474, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, + 0, 0, 0, 0, 0, 0, 0, 1911, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1922, 0, 0, 0, + 0, 0, 0, 53, 54, 55, 1912, 56, 57, 0, + 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, + 66, 67, 68, 69, 70, 71, 72, 73, 0, 75, + 76, 77, 78, 79, 80, 81, 82, 0, 0, 0, + 0, 87, 88, 89, 90, 91, 0, 0, 94, 95, + 96, 97, 98, 0, 0, 0, 101, 102, 103, 104, + 105, 0, 106, 107, 108, 109, 0, 0, 0, 0, + 0, 0, 115, 0, 117, 0, 119, 120, 1913, 122, + 123, 124, 125, 126, 127, 0, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 0, + 142, 0, 143, 144, 145, 146, 147, 148, 149, 0, + 151, 152, 153, 154, 0, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 165, 0, 0, 0, 169, + 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 0, 0, 0, 0, 0, 184, 185, + 1914, 187, 188, 189, 0, 191, 192, 0, 194, 195, + 0, 0, 197, 0, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 0, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 0, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 0, 288, 289, 290, 291, + 292, 293, 294, 295, 0, 296, 297, 298, 299, 0, + 0, 0, 302, 0, 304, 305, 0, 307, 308, 309, + 310, 0, 312, 313, 314, 315, 0, 0, 0, 0, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 0, 346, 0, 348, + 349, 350, 0, 352, 353, 0, 355, 356, 357, 358, + 359, 360, 0, 362, 363, 364, 365, 366, 367, 368, + 0, 370, 371, 372, 0, 374, 375, 376, 377, 378, + 0, 380, 381, 0, 0, 384, 385, 0, 0, 388, + 389, 390, 0, 392, 0, 394, 395, 0, 0, 396, + 397, 0, 398, 399, 400, 401, 0, 403, 404, 0, + 406, 0, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 0, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 4, 5, 439, 0, 441, 442, 443, 444, + 0, 0, 447, 448, 0, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 0, 0, 468, 469, 0, 0, 471, 0, 473, + 474, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, + 0, 0, 0, 0, 0, 0, 0, 1911, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 1932, 0, 0, 0, + 0, 0, 0, 53, 54, 55, 1912, 56, 57, 0, + 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, + 66, 67, 68, 69, 70, 71, 72, 73, 0, 75, + 76, 77, 78, 79, 80, 81, 82, 0, 0, 0, + 0, 87, 88, 89, 90, 91, 0, 0, 94, 95, + 96, 97, 98, 0, 0, 0, 101, 102, 103, 104, + 105, 0, 106, 107, 108, 109, 0, 0, 0, 0, + 0, 0, 115, 0, 117, 0, 119, 120, 1913, 122, + 123, 124, 125, 126, 127, 0, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 0, + 142, 0, 143, 144, 145, 146, 147, 148, 149, 0, + 151, 152, 153, 154, 0, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 165, 0, 0, 0, 169, + 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 0, 0, 0, 0, 0, 184, 185, + 1914, 187, 188, 189, 0, 191, 192, 0, 194, 195, + 0, 0, 197, 0, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 0, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 0, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 0, 288, 289, 290, 291, + 292, 293, 294, 295, 0, 296, 297, 298, 299, 0, + 0, 0, 302, 0, 304, 305, 0, 307, 308, 309, + 310, 0, 312, 313, 314, 315, 0, 0, 0, 0, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 0, 346, 0, 348, + 349, 350, 0, 352, 353, 0, 355, 356, 357, 358, + 359, 360, 0, 362, 363, 364, 365, 366, 367, 368, + 0, 370, 371, 372, 0, 374, 375, 376, 377, 378, + 0, 380, 381, 0, 0, 384, 385, 0, 0, 388, + 389, 390, 0, 392, 0, 394, 395, 0, 0, 396, + 397, 0, 398, 399, 400, 401, 0, 403, 404, 0, + 406, 0, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 0, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 4, 5, 439, 0, 441, 442, 443, 444, + 0, 0, 447, 448, 0, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 0, 0, 468, 469, 0, 0, 471, 0, 473, + 474, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 13, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 19, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 22, 0, + 0, 0, 0, 0, 0, 0, 0, 1911, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 29, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 30, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 32, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 35, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 53, 54, 55, 1912, 56, 57, 0, + 59, 60, 61, 62, 0, 0, 0, 0, 64, 65, + 66, 67, 68, 69, 70, 71, 72, 73, 0, 75, + 76, 77, 78, 79, 80, 81, 82, 0, 0, 0, + 0, 87, 88, 89, 90, 91, 0, 0, 94, 95, + 96, 97, 98, 0, 0, 0, 101, 102, 103, 104, + 105, 0, 106, 107, 108, 109, 0, 0, 0, 0, + 0, 0, 115, 0, 117, 0, 119, 120, 1913, 122, + 123, 124, 125, 126, 127, 0, 128, 129, 130, 131, + 132, 133, 134, 135, 136, 137, 138, 139, 140, 0, + 142, 0, 143, 144, 145, 146, 147, 148, 149, 0, + 151, 152, 153, 154, 0, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 165, 0, 0, 0, 169, + 0, 0, 170, 171, 172, 173, 174, 175, 176, 177, + 178, 179, 180, 0, 0, 0, 0, 0, 184, 185, + 1914, 187, 188, 189, 0, 191, 192, 0, 194, 195, + 0, 0, 197, 0, 199, 200, 201, 202, 203, 204, + 205, 206, 207, 208, 209, 0, 211, 212, 213, 214, + 215, 216, 217, 218, 219, 0, 220, 221, 222, 223, + 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, + 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, + 244, 245, 246, 247, 248, 249, 250, 251, 252, 0, + 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, + 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, + 273, 274, 275, 276, 277, 278, 279, 280, 281, 282, + 283, 284, 285, 286, 287, 0, 288, 289, 290, 291, + 292, 293, 294, 295, 0, 296, 297, 298, 299, 0, + 0, 0, 302, 0, 304, 305, 0, 307, 308, 309, + 310, 0, 312, 313, 314, 315, 0, 0, 0, 0, + 319, 320, 321, 322, 323, 324, 325, 326, 327, 328, + 329, 330, 331, 332, 333, 334, 335, 336, 337, 338, + 339, 340, 341, 342, 343, 344, 0, 346, 0, 348, + 349, 350, 0, 352, 353, 0, 355, 356, 357, 358, + 359, 360, 0, 362, 363, 364, 365, 366, 367, 368, + 0, 370, 371, 372, 0, 374, 375, 376, 377, 378, + 0, 380, 381, 0, 0, 384, 385, 0, 0, 388, + 389, 390, 0, 392, 0, 394, 395, 0, 0, 396, + 397, 0, 398, 399, 400, 401, 0, 403, 404, 0, + 406, 0, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 418, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 0, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 0, 0, 439, 0, 441, 442, 443, 444, + 0, 0, 447, 448, 0, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, 463, 464, + 465, 4, 5, 468, 469, 0, 0, 471, 0, 473, + 474, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 1515, 1516, 1517, + 1518, 1519, 1520, 1521, 1522, 1523, 1524, 1525, 0, 4062, + 1528, 1529, 1530, 0, 0, 1533, 1534, 1535, 1536, 1537, + 1538, 1539, 1540, 4063, 1542, 1543, 0, 1544, 1545, 1546, + 1547, 1548, 1549, 1550, 1551, 1552, 1553, 1554, 0, 1555, + 13, 1556, 1557, 1558, 1559, 1560, 1561, 1562, 4064, 1564, + 1565, 1566, 1567, 1568, 1569, 1570, 1571, 1572, 1573, 1574, + 1575, 4065, 1577, 1578, 1579, 1580, 1581, 1582, 19, 1583, + 1584, 1585, 1586, 1587, 1588, 1589, 1590, 4066, 1592, 0, + 1593, 1594, 1595, 1596, 1597, 0, 0, 22, 1598, 1599, + 1600, 1601, 1602, 1603, 1604, 1605, 3969, 1607, 1608, 1609, + 0, 1610, 1611, 0, 1612, 4067, 1614, 4068, 1616, 1617, + 1618, 1619, 1620, 1621, 1622, 1623, 1624, 1625, 1626, 1627, + 1628, 1629, 1630, 1631, 0, 1632, 1633, 0, 0, 0, + 1637, 1638, 29, 1639, 1640, 1641, 1642, 0, 0, 0, + 1646, 1647, 1648, 1649, 1650, 1651, 1652, 1653, 30, 1654, + 1655, 1656, 1657, 1658, 1659, 0, 1661, 1662, 1663, 1664, + 32, 1665, 1666, 1667, 1668, 0, 1669, 1670, 1671, 1672, + 1673, 35, 1674, 1675, 1676, 1677, 1678, 1679, 1680, 1681, + 1682, 1683, 1684, 1685, 1686, 1687, 1688, 0, 1690, 1691, + 1692, 1693, 1694, 1695, 1696, 1697, 1698, 1699, 1700, 1701, + 1702, 1703, 1704, 1705, 1706, 1707, 1708, 1709, 1710, 1711, + 1712, 0, 1714, 1715, 0, 1717, 1718, 1719, 1720, 1721, + 1722, 1723, 1724, 1725, 1726, 1727, 1728, 1729, 1730, 1731, + 1732, 1733, 0, 1734, 1735, 1736, 1737, 0, 0, 0, + 1741, 1742, 1743, 1744, 1745, 1746, 1747, 1748, 4069, 1749, + 1750, 1751, 1752, 1753, 1754, 1755, 1756, 1757, 1758, 0, + 4070, 1761, 1762, 1763, 1764, 1765, 1766, 1767, 1768, 1769, + 1770, 1771, 53, 54, 55, 0, 56, 57, 58, 59, + 60, 61, 62, 0, 1772, 1773, 1774, 64, 65, 66, + 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, + 77, 78, 79, 80, 81, 82, 577, 0, 578, 579, + 0, 88, 0, 0, 91, 92, 580, 94, 95, 96, + 97, 98, 581, 99, 582, 101, 102, 103, 0, 0, + 583, 106, 107, 108, 109, 110, 111, 112, 113, 114, + 0, 115, 116, 117, 584, 119, 120, 121, 122, 123, + 124, 125, 126, 127, 585, 128, 129, 130, 131, 132, + 133, 134, 135, 136, 137, 4071, 4072, 140, 586, 142, + 0, 143, 144, 145, 146, 147, 148, 149, 587, 151, + 152, 153, 154, 588, 155, 156, 157, 0, 159, 160, + 161, 162, 163, 164, 165, 166, 167, 589, 169, 0, + 0, 170, 171, 172, 173, 174, 175, 176, 177, 178, + 179, 0, 590, 591, 182, 0, 183, 184, 185, 0, + 187, 188, 189, 593, 191, 192, 594, 194, 195, 595, + 0, 197, 198, 199, 200, 201, 202, 203, 204, 205, + 206, 207, 208, 209, 596, 211, 212, 213, 214, 215, + 216, 217, 0, 219, 597, 220, 221, 222, 223, 224, + 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, + 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, + 245, 246, 247, 248, 249, 250, 251, 252, 0, 253, + 254, 255, 256, 257, 258, 259, 0, 261, 262, 263, + 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, + 274, 275, 276, 277, 0, 4073, 280, 281, 282, 283, + 284, 285, 286, 287, 598, 288, 289, 290, 291, 0, + 0, 0, 295, 1788, 296, 297, 298, 299, 599, 300, + 301, 302, 303, 304, 305, 306, 307, 308, 309, 310, + 311, 312, 313, 314, 315, 316, 600, 317, 601, 319, + 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, + 330, 0, 0, 333, 334, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 602, 348, 349, + 350, 603, 352, 353, 354, 355, 356, 357, 358, 359, + 360, 604, 362, 363, 364, 0, 366, 367, 368, 605, + 370, 371, 372, 373, 374, 375, 0, 377, 378, 379, + 380, 381, 606, 4074, 384, 385, 386, 387, 388, 389, + 390, 391, 392, 393, 394, 395, 0, 0, 396, 397, + 0, 398, 399, 400, 401, 607, 403, 404, 608, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, 418, 419, 420, 421, 422, 423, 424, 425, 0, + 427, 428, 0, 430, 431, 4075, 433, 434, 435, 436, + 437, 609, 0, 439, 440, 441, 442, 443, 444, 445, + 611, 447, 448, 449, 450, 451, 452, 453, 0, 4076, + 456, 457, 458, 459, 460, 461, 462, 463, 464, 465, + 0, 467, 468, 469, 470, 0, 471, 613, 473, 4, + 5, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 13, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 19, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 22, 0, 0, 0, 0, + 0, 0, 0, 0, 862, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 29, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 30, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 32, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 35, + 0, 0, 0, 0, 0, 0, 0, 5219, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 53, 54, 55, 0, 56, 57, 58, 59, 60, 61, + 62, 0, 0, 0, 0, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, + 79, 80, 81, 82, 577, 0, 0, 579, 0, 88, + 0, 0, 91, 92, 580, 94, 95, 96, 97, 98, + 581, 99, 582, 101, 102, 103, 0, 0, 583, 106, + 107, 108, 109, 110, 111, 112, 113, 114, 0, 115, + 116, 117, 584, 119, 120, 121, 122, 123, 124, 125, + 126, 127, 585, 128, 129, 130, 131, 132, 133, 134, + 135, 136, 137, 0, 0, 140, 586, 142, 0, 143, + 144, 145, 146, 147, 148, 149, 587, 151, 152, 153, + 154, 0, 155, 156, 157, 0, 159, 160, 161, 162, + 163, 164, 165, 166, 167, 589, 169, 0, 0, 170, + 171, 172, 173, 174, 175, 176, 177, 178, 179, 0, + 590, 591, 182, 0, 183, 184, 185, 5220, 187, 188, + 189, 593, 191, 192, 594, 194, 195, 595, 0, 197, + 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, + 208, 209, 596, 211, 212, 213, 214, 215, 216, 217, + 0, 219, 597, 220, 221, 222, 223, 224, 225, 226, + 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, + 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, + 247, 248, 249, 250, 251, 252, 0, 253, 254, 255, + 256, 257, 258, 259, 0, 261, 262, 263, 264, 265, + 266, 267, 268, 269, 270, 271, 272, 273, 274, 275, + 276, 277, 0, 0, 280, 281, 282, 283, 284, 285, + 286, 287, 598, 288, 289, 290, 291, 0, 0, 0, + 295, 0, 296, 297, 298, 299, 599, 300, 301, 302, + 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, + 313, 314, 315, 316, 600, 317, 601, 319, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, 0, + 0, 333, 334, 335, 336, 337, 338, 339, 340, 341, + 342, 343, 344, 345, 346, 602, 348, 349, 350, 603, + 352, 353, 354, 355, 356, 357, 358, 359, 360, 604, + 362, 363, 364, 0, 366, 367, 368, 605, 370, 371, + 372, 373, 374, 375, 0, 377, 378, 379, 380, 381, + 606, 0, 384, 385, 386, 387, 388, 389, 390, 391, + 392, 393, 394, 395, 0, 0, 396, 397, 0, 398, + 399, 400, 401, 607, 403, 404, 608, 406, 407, 408, + 409, 410, 411, 412, 413, 414, 415, 416, 417, 418, + 419, 420, 421, 422, 423, 424, 425, 0, 427, 428, + 0, 430, 431, 0, 433, 434, 435, 436, 437, 609, + 0, 439, 440, 441, 442, 443, 444, 445, 611, 447, + 448, 449, 450, 451, 452, 453, 0, 0, 456, 457, + 458, 459, 460, 461, 462, 463, 464, 465, 1795, 467, + 468, 469, 470, 0, 471, 613, 473 }; static const yytype_int16 yycheck[] = { - 3, 0, 977, 2124, 85, 8, 475, 644, 0, 867, - 85, 702, 703, 31, 0, 669, 628, 2017, 2280, 631, - 702, 0, 2567, 636, 0, 1230, 634, 1232, 1233, 786, - 867, 2137, 2073, 0, 37, 1240, 2306, 1591, 41, 2670, - 2332, 819, 0, 46, 652, 0, 49, 1459, 656, 1980, - 658, 0, 660, 661, 1288, 663, 664, 665, 791, 670, - 770, 0, 772, 796, 0, 798, 776, 777, 0, 1424, - 0, 1427, 650, 3196, 1430, 3198, 3199, 1532, 2629, 1635, - 1986, 2056, 2331, 2554, 3031, 3039, 1430, 3052, 696, 700, - 2583, 42, 1812, 2469, 2556, 2026, 2988, 86, 0, 670, - 2075, 2520, 3850, 3768, 650, 2417, 1660, 730, 1563, 4351, - 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, - 2120, 2121, 2122, 819, 702, 1267, 2671, 1470, 697, 700, - 3935, 4335, 1995, 2450, 1889, 0, 1591, 2556, 1418, 3839, - 1531, 1055, 1355, 4018, 752, 753, 1023, 1289, 2253, 747, - 1399, 1470, 750, 2947, 4431, 3944, 702, 888, 857, 1194, - 2195, 2196, 4431, 181, 3189, 168, 2960, 4322, 4331, 3050, - 3119, 3814, 3430, 3431, 3687, 2658, 2137, 4808, 2202, 4055, - 4485, 4828, 3828, 2440, 0, 867, 3277, 3238, 3451, 3148, - 3149, 3951, 3737, 4075, 3906, 5204, 3149, 1290, 2222, 4071, - 2521, 3813, 39, 4075, 4320, 1660, 813, 861, 3851, 15, - 644, 865, 4319, 4320, 3158, 4431, 42, 15, 4299, 644, - 4929, 1196, 2246, 2247, 644, 644, 644, 15, 1782, 15, - 15, 15, 1786, 15, 15, 6, 7, 4886, 5472, 6, - 7, 4886, 646, 42, 4886, 1799, 2095, 633, 5436, 1126, - 1127, 1128, 65, 5473, 2103, 2104, 127, 2106, 2107, 33, - 127, 15, 1139, 100, 798, 1635, 1636, 41, 2303, 3359, - 80, 15, 15, 15, 42, 1645, 50, 4722, 31, 89, - 63, 47, 1636, 183, 670, 1498, 31, 2663, 900, 867, - 902, 1645, 42, 6, 7, 782, 26, 65, 15, 15, - 908, 909, 122, 2573, 31, 709, 47, 6, 7, 887, - 15, 797, 4938, 3784, 700, 318, 158, 4758, 16, 17, - 204, 867, 3898, 218, 4431, 6, 7, 1782, 127, 347, - 207, 1786, 99, 243, 42, 31, 42, 723, 204, 51, - 53, 887, 6, 7, 1799, 31, 269, 834, 3597, 1634, - 2381, 737, 204, 282, 110, 26, 11, 12, 1643, 3539, - 284, 6, 7, 204, 204, 57, 369, 3873, 1759, 99, - 1740, 47, 143, 24, 25, 26, 5493, 28, 174, 30, - 2672, 32, 202, 4840, 1775, 179, 1740, 31, 1779, 282, - 3349, 2512, 104, 252, 316, 12, 3349, 311, 1789, 53, - 1791, 1792, 1793, 1794, 204, 1796, 3200, 3201, 1778, 3922, - 26, 245, 26, 42, 6116, 31, 1807, 1808, 1809, 1810, - 1811, 531, 99, 50, 1778, 4794, 4202, 4203, 316, 26, - 6, 7, 26, 31, 395, 209, 4887, 33, 4889, 233, - 47, 4892, 846, 42, 42, 41, 316, 300, 4816, 835, - 255, 6, 7, 1738, 50, 4906, 24, 25, 26, 123, - 28, 40, 30, 26, 32, 361, 42, 53, 127, 128, - 282, 291, 5166, 1966, 1967, 99, 153, 380, 123, 4920, - 33, 26, 1975, 475, 4510, 1840, 26, 42, 41, 47, - 179, 26, 26, 42, 240, 3618, 3619, 50, 1783, 295, - 42, 306, 156, 316, 168, 99, 14, 3687, 5742, 316, - 42, 3392, 99, 2006, 26, 2008, 394, 335, 904, 431, - 71, 123, 14, 168, 74, 122, 300, 50, 531, 179, - 2023, 2024, 2025, 5625, 127, 43, 44, 2030, 2031, 67, - 24, 25, 26, 317, 28, 2038, 30, 375, 32, 74, - 542, 43, 44, 114, 99, 475, 14, 294, 397, 99, - 595, 332, 42, 542, 367, 54, 168, 179, 40, 110, - 156, 42, 6135, 33, 42, 650, 584, 981, 202, 5646, - 3703, 41, 51, 204, 648, 43, 44, 99, 5303, 227, - 50, 31, 101, 167, 3, 2350, 233, 14, 47, 107, - 255, 300, 458, 6445, 259, 207, 542, 5233, 53, 356, - 53, 141, 346, 209, 5329, 107, 42, 1316, 197, 4424, - 4332, 3080, 31, 390, 627, 628, 43, 44, 631, 695, - 633, 2923, 6419, 47, 41, 104, 788, 6479, 255, 46, - 119, 150, 1399, 198, 796, 644, 14, 33, 145, 107, - 314, 306, 644, 390, 4896, 41, 209, 106, 647, 151, - 1129, 316, 33, 160, 50, 644, 2646, 670, 1378, 314, - 41, 1381, 4185, 152, 650, 1385, 1386, 1387, 6465, 50, - 1390, 1391, 748, 4555, 431, 193, 1284, 4794, 1286, 306, - 107, 694, 106, 669, 291, 650, 226, 700, 4914, 316, - 145, 193, 33, 4492, 532, 268, 6269, 441, 644, 565, - 41, 650, 715, 156, 669, 160, 5213, 245, 259, 50, - 723, 317, 5219, 316, 31, 197, 702, 96, 1461, 418, - 669, 253, 796, 736, 737, 193, 53, 33, 633, 107, - 314, 378, 3922, 5458, 695, 41, 373, 702, 650, 209, - 739, 143, 313, 788, 50, 763, 5848, 253, 747, 5826, - 680, 750, 499, 702, 317, 288, 769, 669, 418, 572, - 3032, 3020, 702, 323, 316, 253, 193, 584, 617, 597, - 658, 693, 711, 786, 396, 650, 155, 179, 297, 478, - 1486, 5485, 695, 4813, 653, 282, 5235, 128, 323, 288, - 803, 643, 316, 390, 669, 797, 643, 4914, 811, 812, - 1509, 648, 436, 5930, 293, 4321, 819, 1852, 711, 370, - 1457, 717, 751, 209, 382, 193, 572, 788, 751, 467, - 288, 668, 835, 5202, 650, 1221, 3795, 702, 209, 6541, - 532, 844, 3795, 288, 1230, 682, 674, 1233, 1883, 742, - 662, 4427, 1238, 669, 857, 3326, 3327, 317, 4329, 438, - 3804, 5229, 179, 3657, 3808, 3177, 235, 791, 705, 791, - 597, 498, 760, 143, 788, 300, 827, 730, 209, 1487, - 145, 791, 1494, 1269, 300, 861, 702, 564, 788, 865, - 646, 867, 895, 3163, 897, 691, 791, 900, 4674, 902, - 5341, 904, 3319, 3320, 907, 255, 861, 791, 674, 1396, - 865, 887, 695, 209, 791, 282, 233, 581, 4008, 739, - 791, 791, 861, 2335, 791, 791, 865, 1461, 867, 3821, - 1399, 317, 887, 674, 3226, 647, 581, 750, 582, 791, - 5385, 751, 6130, 388, 4193, 771, 317, 2152, 887, 4975, - 791, 791, 903, 597, 905, 510, 306, 791, 724, 861, - 5586, 964, 2167, 865, 967, 867, 316, 33, 1454, 763, - 796, 974, 771, 976, 3080, 41, 2839, 2840, 6212, 581, - 6214, 980, 788, 788, 50, 887, 317, 990, 980, 965, - 966, 791, 968, 969, 970, 6215, 861, 3021, 796, 975, - 865, 980, 5651, 771, 980, 4185, 5651, 788, 796, 5651, - 796, 796, 796, 980, 796, 2864, 2865, 791, 2867, 2868, - 3269, 317, 887, 1457, 795, 980, 965, 966, 795, 968, - 969, 970, 1457, 3350, 1420, 788, 975, 1457, 1457, 1457, - 5481, 980, 796, 788, 980, 861, 796, 777, 2404, 865, - 980, 867, 796, 796, 796, 4178, 4003, 2199, 771, 2201, - 2404, 5338, 2204, 965, 966, 5146, 968, 969, 970, 5338, - 1984, 887, 5781, 975, 2216, 702, 3368, 2219, 980, 796, - 796, 2223, 795, 6317, 6318, 1962, 1963, 2001, 796, 5205, - 796, 796, 788, 791, 6328, 5202, 795, 2440, 5205, 4711, - 965, 966, 788, 968, 969, 970, 777, 2249, 2250, 2251, - 975, 2146, 788, 3093, 795, 980, 2528, 4829, 789, 3080, - 791, 2440, 5338, 2535, 2373, 3156, 3157, 3448, 1131, 3450, - 1129, 795, 791, 788, 5591, 2384, 5593, 1129, 789, 6, - 7, 795, 771, 209, 1254, 4845, 3605, 412, 4848, 2519, - 795, 2244, 5034, 4034, 1853, 6389, 5038, 597, 2193, 6168, - 6169, 777, 5034, 777, 980, 2519, 5038, 796, 19, 20, - 791, 788, 771, 771, 481, 5616, 2546, 5618, 647, 2549, - 777, 788, 5623, 777, 3305, 1295, 53, 54, 2558, 5630, - 5631, 1194, 2546, 1889, 4739, 2549, 5216, 796, 794, 5640, - 3180, 4961, 5653, 4849, 2558, 5646, 4386, 4387, 730, 795, - 4390, 4391, 788, 2498, 777, 2500, 4396, 4397, 1221, 795, - 796, 789, 771, 2137, 711, 3642, 618, 1230, 2513, 771, - 1233, 5338, 777, 788, 730, 1238, 789, 777, 791, 771, - 795, 796, 777, 777, 300, 4425, 2531, 796, 2125, 3354, - 1331, 317, 730, 1952, 789, 789, 791, 791, 2543, 2752, - 127, 67, 2755, 791, 796, 777, 1269, 775, 776, 777, - 778, 779, 780, 781, 2559, 2488, 143, 791, 2771, 1850, - 382, 136, 774, 775, 776, 777, 778, 779, 780, 781, - 5787, 771, 5789, 144, 2499, 1284, 391, 1286, 2791, 183, - 771, 168, 40, 771, 1307, 789, 1309, 776, 320, 127, - 789, 4258, 1315, 1316, 53, 585, 774, 775, 776, 777, - 778, 779, 780, 781, 33, 796, 771, 123, 796, 1332, - 699, 791, 41, 4358, 169, 28, 5775, 30, 1341, 32, - 207, 50, 4605, 373, 711, 771, 197, 4372, 2105, 42, - 1973, 218, 1355, 1356, 5793, 98, 5763, 774, 775, 776, - 777, 778, 779, 780, 781, 72, 791, 437, 1357, 2147, - 796, 796, 168, 1376, 496, 791, 4499, 4500, 53, 246, - 796, 54, 4341, 4342, 751, 5826, 5230, 4478, 4341, 4342, - 71, 5832, 14, 5556, 4445, 230, 1399, 1400, 143, 1890, - 1399, 4345, 4346, 789, 143, 5568, 5569, 1399, 776, 777, - 778, 779, 780, 781, 233, 198, 116, 1420, 789, 4213, - 791, 43, 44, 33, 316, 233, 160, 2050, 1379, 1380, - 2610, 41, 299, 4227, 179, 1438, 160, 4231, 788, 245, - 50, 282, 2220, 127, 296, 14, 763, 314, 5846, 300, - 439, 2147, 362, 259, 771, 99, 1459, 1460, 1457, 197, - 791, 380, 1454, 6110, 1850, 1457, 3728, 319, 498, 586, - 1473, 645, 653, 2183, 43, 44, 3476, 6108, 1457, 532, - 1469, 1484, 3731, 1486, 425, 107, 154, 1324, 2179, 5794, - 337, 1494, 1495, 789, 178, 1498, 2253, 2179, 1335, 3605, - 209, 766, 3964, 532, 3966, 33, 1509, 3756, 71, 3766, - 73, 194, 31, 41, 5390, 33, 227, 639, 1922, 341, - 259, 1457, 50, 41, 2220, 1994, 6123, 452, 1932, 33, - 5971, 74, 50, 3909, 33, 174, 33, 41, 107, 390, - 75, 233, 41, 2154, 41, 3964, 50, 3966, 233, 5990, - 368, 50, 407, 50, 417, 4735, 53, 380, 242, 227, - 299, 128, 4045, 4686, 617, 74, 476, 1953, 36, 37, - 143, 193, 2184, 2185, 3554, 2187, 2188, 2189, 2190, 4528, - 4529, 5979, 151, 2154, 151, 33, 5585, 212, 2200, 4712, - 380, 74, 308, 41, 3594, 311, 463, 230, 2633, 209, - 71, 2179, 50, 33, 545, 4022, 2218, 788, 317, 3584, - 3585, 3586, 3587, 356, 6245, 2314, 2373, 5263, 3373, 252, - 50, 674, 796, 316, 193, 300, 4043, 2384, 2385, 33, - 493, 315, 33, 2179, 452, 5798, 454, 41, 733, 33, - 41, 2254, 2352, 2353, 3605, 467, 50, 41, 167, 50, - 501, 2361, 2362, 2363, 2350, 4536, 50, 2148, 365, 209, - 304, 305, 3568, 785, 345, 5178, 339, 551, 143, 3600, - 382, 4047, 702, 3697, 509, 5188, 5189, 496, 361, 796, - 33, 209, 33, 695, 657, 755, 788, 33, 41, 370, - 41, 209, 584, 618, 5394, 41, 81, 50, 2296, 50, - 438, 33, 237, 342, 50, 209, 695, 317, 555, 41, - 209, 143, 209, 33, 6121, 3578, 3579, 572, 50, 2317, - 3569, 41, 3571, 4015, 463, 791, 544, 510, 4851, 5429, - 50, 5575, 33, 789, 479, 791, 436, 2942, 2124, 2143, - 41, 4999, 476, 5947, 2357, 2358, 656, 2359, 2360, 50, - 2930, 2931, 476, 2444, 2959, 1830, 467, 33, 2963, 332, - 107, 209, 147, 407, 6361, 41, 572, 33, 2154, 33, - 621, 33, 3115, 158, 50, 41, 695, 41, 2349, 41, - 323, 166, 3762, 3017, 50, 581, 50, 5786, 50, 317, - 637, 5946, 5581, 33, 5901, 314, 3115, 74, 3798, 317, - 618, 41, 427, 510, 496, 209, 2192, 370, 209, 194, - 50, 496, 581, 317, 323, 209, 236, 33, 317, 671, - 317, 662, 5929, 1826, 299, 41, 5933, 3183, 636, 3185, - 3186, 1834, 2439, 1836, 50, 479, 2750, 308, 2569, 3183, - 323, 3185, 3186, 33, 1847, 33, 193, 1850, 2990, 1852, - 1853, 41, 2994, 41, 2996, 663, 209, 6117, 209, 3202, - 50, 4984, 50, 209, 719, 250, 791, 299, 3010, 317, - 711, 5489, 695, 618, 4997, 710, 101, 209, 99, 730, - 1883, 3023, 3024, 3202, 2919, 2920, 1889, 317, 3137, 209, - 2544, 4685, 5929, 278, 3143, 2594, 2595, 4691, 4692, 3879, - 612, 752, 4007, 5416, 771, 695, 339, 452, 209, 2478, - 2945, 762, 33, 317, 127, 74, 317, 461, 463, 101, - 41, 1924, 4887, 317, 119, 150, 6194, 4892, 795, 50, - 6198, 145, 4897, 209, 33, 6042, 3916, 5637, 3918, 3919, - 5939, 576, 41, 209, 3924, 209, 160, 209, 408, 1952, - 1953, 50, 3932, 584, 2340, 5954, 3936, 152, 3938, 466, - 2642, 174, 5837, 2349, 317, 2351, 317, 76, 77, 209, - 57, 317, 6079, 791, 33, 4010, 42, 4247, 5193, 5622, - 4531, 202, 41, 5198, 5009, 317, 73, 4249, 463, 6096, - 458, 50, 546, 209, 1986, 1994, 33, 317, 5178, 711, - 602, 4546, 1994, 10, 41, 4970, 2392, 4972, 5188, 5189, - 145, 508, 2666, 50, 67, 727, 317, 3230, 2099, 209, - 123, 209, 791, 170, 127, 458, 6268, 2596, 6270, 6306, - 255, 463, 771, 99, 462, 503, 6305, 33, 5063, 5739, - 6160, 317, 6079, 6163, 47, 41, 323, 198, 2051, 33, - 33, 317, 2055, 317, 50, 317, 737, 41, 41, 2062, - 604, 5910, 4374, 2449, 2642, 168, 50, 50, 2472, 3044, - 2073, 174, 297, 618, 271, 452, 120, 317, 771, 681, - 789, 306, 4399, 776, 777, 131, 463, 594, 209, 40, - 4552, 316, 2670, 2085, 6354, 4557, 2642, 565, 293, 2668, - 462, 317, 4564, 106, 207, 252, 2085, 332, 47, 2866, - 209, 576, 572, 3393, 119, 297, 6384, 6359, 123, 754, - 33, 2124, 127, 2126, 2670, 514, 2512, 317, 41, 317, - 606, 282, 763, 4552, 141, 2521, 5754, 50, 4557, 2142, - 608, 5759, 5760, 2146, 2147, 4564, 2135, 152, 6408, 269, - 209, 2154, 2155, 33, 776, 777, 778, 779, 780, 781, - 761, 41, 716, 168, 323, 672, 3080, 106, 557, 174, - 50, 122, 209, 2176, 388, 219, 373, 605, 5878, 789, - 734, 2184, 2185, 2186, 2187, 2188, 2189, 2190, 2191, 2192, - 2193, 2194, 245, 1033, 1034, 1035, 317, 2200, 743, 233, - 5165, 5166, 207, 2179, 6053, 774, 775, 776, 777, 778, - 779, 780, 781, 209, 2217, 2218, 676, 2220, 317, 2842, - 33, 174, 5959, 10, 2179, 209, 209, 576, 41, 35, - 36, 37, 0, 39, 2223, 5983, 5416, 50, 2241, 1079, - 2179, 618, 210, 605, 1084, 7, 197, 2651, 6368, 2179, - 2253, 202, 33, 2657, 5377, 472, 417, 2939, 317, 5924, - 41, 5926, 265, 791, 267, 2669, 606, 3242, 720, 50, - 390, 789, 724, 4028, 4029, 278, 47, 56, 33, 576, - 317, 5461, 316, 192, 2897, 789, 41, 791, 293, 754, - 789, 294, 791, 510, 791, 50, 209, 5091, 5092, 602, - 33, 498, 5920, 771, 772, 773, 695, 2296, 41, 599, - 4159, 2314, 4161, 464, 2179, 2926, 2319, 50, 3195, 413, - 414, 317, 10, 232, 673, 47, 791, 3362, 2317, 209, - 101, 127, 493, 317, 317, 796, 10, 2340, 447, 448, - 291, 3696, 295, 791, 2347, 4065, 2349, 2350, 2351, 4255, - 156, 6051, 2355, 5245, 141, 2926, 2359, 2360, 326, 510, - 269, 2939, 2974, 2179, 532, 148, 743, 2979, 151, 6388, - 2373, 117, 118, 570, 6111, 6112, 155, 2989, 681, 150, - 3137, 2384, 2385, 2995, 106, 789, 3143, 791, 3743, 2392, - 791, 2860, 3091, 2939, 3369, 789, 209, 791, 6063, 5424, - 153, 3158, 272, 771, 317, 754, 6425, 186, 698, 794, - 577, 578, 33, 283, 791, 168, 3126, 3971, 33, 3129, - 41, 6226, 6227, 3766, 465, 3135, 41, 3632, 209, 50, - 213, 778, 779, 780, 781, 50, 730, 317, 791, 127, - 791, 4421, 4422, 4423, 3649, 791, 2449, 3766, 665, 617, - 3655, 3656, 4714, 127, 209, 2458, 497, 754, 72, 791, - 206, 2464, 33, 753, 51, 2468, 4446, 4447, 3037, 4449, - 41, 791, 57, 3164, 3072, 478, 209, 3833, 581, 50, - 71, 390, 73, 262, 255, 2488, 71, 654, 73, 3833, - 791, 537, 538, 402, 791, 541, 542, 543, 771, 458, - 218, 144, 796, 730, 317, 702, 674, 286, 99, 2512, - 4064, 6176, 126, 3125, 6179, 791, 3971, 104, 2521, 777, - 5485, 3133, 3134, 6392, 47, 791, 297, 791, 3224, 791, - 571, 789, 6088, 33, 777, 306, 317, 283, 4850, 1437, - 2926, 41, 1440, 1441, 503, 316, 789, 147, 33, 2552, - 50, 791, 141, 3965, 197, 3804, 41, 2943, 158, 3808, - 711, 332, 317, 788, 282, 50, 166, 764, 2544, 796, - 288, 6127, 368, 789, 47, 2578, 581, 5039, 3613, 33, - 631, 2584, 136, 106, 317, 1159, 407, 41, 209, 2544, - 2593, 2594, 2595, 502, 209, 2670, 50, 3354, 3205, 3206, - 421, 791, 5095, 791, 158, 2544, 2609, 2610, 3643, 4064, - 3447, 652, 226, 572, 3451, 4070, 531, 1191, 423, 4936, - 5039, 4076, 4998, 128, 33, 430, 720, 6496, 6497, 723, - 2633, 215, 41, 106, 2637, 3317, 4616, 1477, 209, 690, - 788, 50, 2544, 227, 2647, 760, 5440, 5441, 796, 154, - 250, 2654, 417, 207, 4009, 4011, 452, 4637, 454, 2662, - 3046, 771, 2665, 572, 4632, 4982, 2642, 4011, 4636, 5694, - 791, 4062, 4063, 788, 6400, 6401, 4717, 3373, 278, 2544, - 294, 4656, 4073, 686, 687, 688, 689, 2642, 5653, 33, - 2666, 3605, 791, 3079, 2670, 4626, 317, 28, 282, 30, - 57, 32, 317, 2642, 33, 796, 50, 4570, 4571, 209, - 47, 2666, 41, 6439, 71, 2670, 53, 33, 55, 313, - 2712, 50, 307, 308, 209, 41, 31, 2666, 2544, 332, - 789, 2670, 3707, 2712, 50, 1054, 4599, 2446, 4669, 3317, - 2642, 2450, 1061, 327, 777, 28, 317, 30, 544, 33, - 3361, 63, 789, 3435, 4617, 209, 789, 41, 791, 320, - 345, 1080, 1081, 154, 2666, 3447, 50, 65, 2670, 3451, - 514, 3317, 5726, 745, 691, 33, 259, 2642, 363, 370, - 3166, 33, 699, 41, 789, 370, 33, 704, 739, 41, - 3361, 128, 50, 5110, 41, 791, 33, 788, 50, 390, - 209, 2666, 179, 50, 41, 2670, 33, 791, 791, 50, - 395, 37, 2815, 50, 41, 41, 2819, 317, 22, 347, - 46, 736, 618, 50, 300, 29, 2642, 31, 421, 3452, - 2833, 33, 317, 57, 19, 20, 3614, 19, 20, 41, - 3463, 3464, 776, 777, 5093, 3468, 141, 71, 50, 73, - 2666, 128, 6056, 6057, 2670, 776, 777, 3435, 33, 754, - 789, 2860, 791, 317, 33, 789, 41, 791, 2860, 3447, - 81, 786, 41, 3451, 33, 50, 675, 33, 791, 99, - 209, 50, 41, 467, 28, 41, 30, 33, 32, 3435, - 33, 50, 282, 209, 50, 41, 464, 3520, 41, 776, - 777, 3447, 81, 88, 50, 3451, 1346, 50, 317, 675, - 57, 791, 1352, 1353, 3537, 128, 2919, 2920, 3614, 3305, - 789, 33, 791, 2926, 71, 209, 73, 2930, 2931, 41, - 5877, 33, 113, 114, 115, 33, 147, 789, 50, 41, - 2943, 33, 2945, 41, 795, 2948, 2949, 158, 50, 41, - 2939, 209, 50, 776, 777, 166, 33, 209, 50, 789, - 667, 791, 209, 2939, 41, 771, 772, 773, 147, 145, - 2973, 2974, 209, 50, 145, 3361, 2979, 33, 791, 158, - 3671, 3672, 209, 194, 2939, 41, 2989, 166, 317, 3671, - 3672, 6195, 2995, 204, 50, 6199, 33, 53, 2987, 314, - 55, 317, 127, 33, 41, 4239, 4530, 209, 4532, 2998, - 791, 41, 789, 50, 791, 194, 3991, 788, 4374, 3022, - 50, 6455, 6456, 4228, 23, 4230, 5571, 26, 27, 145, - 4374, 4937, 31, 317, 209, 3038, 791, 2939, 5355, 250, - 209, 4246, 796, 3046, 3047, 3048, 4602, 3804, 741, 964, - 209, 3808, 789, 209, 791, 5372, 789, 4291, 3009, 317, - 796, 33, 3448, 209, 3450, 317, 209, 278, 5109, 41, - 317, 250, 2066, 2067, 2939, 3078, 3079, 789, 50, 791, - 317, 5552, 282, 3072, 3087, 789, 3944, 791, 3091, 300, - 317, 120, 3705, 3671, 3672, 661, 151, 209, 440, 278, - 3089, 4243, 4396, 4397, 5302, 3574, 789, 209, 791, 751, - 88, 209, 167, 788, 3117, 317, 269, 209, 3121, 3122, - 3123, 345, 3125, 2939, 114, 3671, 3672, 33, 288, 3132, - 3133, 3134, 209, 23, 3137, 41, 26, 27, 5336, 363, - 3143, 31, 317, 789, 50, 791, 370, 795, 317, 33, - 6168, 6169, 737, 209, 4509, 3158, 474, 41, 317, 3162, - 4195, 317, 6309, 3166, 3167, 28, 50, 30, 789, 32, - 3782, 317, 209, 393, 317, 395, 791, 24, 25, 209, - 791, 28, 5733, 30, 239, 32, 101, 789, 795, 791, - 40, 6395, 6396, 5173, 5174, 5175, 5176, 128, 345, 5179, - 5180, 789, 141, 791, 5184, 317, 151, 5187, 5071, 429, - 5190, 794, 795, 5193, 3203, 317, 363, 5197, 5198, 317, - 791, 3224, 3211, 370, 651, 317, 33, 3230, 3841, 789, - 789, 791, 791, 651, 41, 150, 789, 209, 791, 459, - 317, 610, 75, 50, 711, 789, 6393, 791, 395, 227, - 4007, 789, 788, 791, 3861, 3862, 479, 3864, 3865, 3340, - 588, 317, 3944, 22, 23, 24, 25, 26, 27, 28, - 29, 30, 31, 32, 3277, 5316, 788, 519, 520, 789, - 317, 791, 789, 3286, 791, 712, 6433, 317, 715, 789, - 584, 269, 534, 126, 536, 480, 789, 3951, 791, 789, - 788, 791, 3305, 209, 789, 742, 788, 19, 20, 5940, - 160, 789, 145, 791, 3968, 742, 337, 789, 789, 791, - 791, 6468, 5428, 788, 751, 209, 337, 160, 5298, 5299, - 204, 5301, 4028, 4029, 337, 789, 5306, 3340, 288, 5309, - 255, 3317, 5312, 5313, 204, 317, 75, 197, 6495, 3352, - 5320, 3354, 5322, 789, 4709, 791, 88, 3360, 3361, 3362, - 789, 5331, 791, 122, 342, 5682, 3944, 33, 19, 20, - 3373, 555, 592, 5373, 5691, 41, 226, 791, 3317, 5359, - 789, 5361, 297, 5363, 50, 218, 788, 629, 630, 284, - 789, 306, 791, 226, 1309, 431, 364, 126, 3944, 795, - 1315, 316, 209, 788, 788, 590, 626, 789, 5449, 791, - 788, 317, 597, 145, 40, 3317, 145, 332, 603, 5617, - 15, 789, 6545, 791, 4202, 4203, 788, 788, 3814, 55, - 788, 160, 144, 317, 745, 789, 5634, 791, 788, 417, - 33, 788, 5422, 202, 294, 3448, 3435, 3450, 41, 5647, - 33, 5649, 788, 3429, 3430, 3431, 788, 50, 41, 3435, - 789, 127, 440, 788, 3850, 3851, 789, 50, 791, 215, - 5732, 3447, 4706, 789, 5028, 3451, 73, 284, 4683, 4684, - 3435, 227, 5345, 215, 1399, 197, 789, 788, 791, 467, - 3429, 3430, 3431, 144, 679, 227, 789, 226, 791, 788, - 788, 3317, 3888, 788, 38, 789, 4202, 4203, 3447, 789, - 317, 791, 3451, 737, 965, 966, 788, 968, 969, 970, - 789, 788, 791, 269, 975, 151, 788, 3429, 3430, 3431, - 415, 789, 291, 3435, 4157, 5805, 4314, 789, 788, 788, - 390, 167, 789, 209, 290, 3447, 197, 745, 3551, 3451, - 214, 789, 789, 791, 789, 388, 791, 742, 290, 81, - 214, 789, 789, 791, 3429, 3430, 3431, 4180, 214, 1484, - 3435, 197, 789, 5028, 791, 3574, 3568, 3580, 788, 788, - 1495, 327, 3574, 214, 789, 5902, 791, 789, 4345, 4346, - 737, 4796, 40, 788, 788, 327, 47, 482, 5010, 5705, - 31, 789, 50, 791, 316, 3608, 789, 55, 791, 5715, - 3613, 3614, 791, 239, 789, 788, 209, 5909, 4314, 3435, - 789, 788, 788, 5915, 5916, 147, 209, 789, 759, 791, - 789, 3447, 796, 789, 4492, 3451, 158, 788, 788, 3714, - 3643, 15, 15, 789, 166, 771, 789, 40, 789, 499, - 791, 317, 788, 788, 5624, 414, 5012, 50, 788, 388, - 3659, 788, 55, 548, 3667, 550, 3669, 3659, 789, 788, - 791, 556, 194, 3659, 788, 788, 88, 789, 390, 789, - 3659, 791, 204, 3659, 662, 33, 3761, 789, 788, 667, - 5731, 789, 3659, 41, 440, 3671, 3672, 789, 3701, 788, - 788, 3659, 50, 151, 3659, 789, 788, 791, 440, 3712, - 3659, 4323, 789, 5644, 788, 788, 3671, 3672, 5718, 167, - 3659, 788, 788, 3659, 317, 788, 788, 3659, 250, 3659, - 313, 616, 3671, 3672, 317, 467, 788, 788, 71, 390, - 24, 3671, 3672, 789, 28, 791, 30, 788, 32, 197, - 588, 789, 789, 791, 33, 40, 278, 3659, 151, 789, - 788, 788, 41, 96, 742, 598, 791, 789, 4605, 791, - 3759, 50, 788, 751, 167, 660, 109, 4510, 788, 3782, - 128, 788, 24, 25, 355, 356, 28, 3790, 30, 501, - 32, 239, 125, 788, 3659, 6340, 204, 789, 5839, 791, - 788, 3804, 788, 215, 197, 3808, 3671, 3672, 24, 25, - 4492, 3814, 28, 788, 30, 227, 32, 789, 788, 3822, - 105, 392, 155, 18, 19, 20, 22, 23, 24, 25, - 26, 27, 28, 29, 30, 31, 32, 757, 758, 788, - 760, 788, 762, 3659, 788, 40, 239, 3850, 3851, 128, - 501, 788, 788, 788, 788, 3671, 3672, 128, 788, 55, - 431, 209, 788, 788, 53, 788, 788, 788, 3943, 598, - 282, 756, 5872, 788, 606, 788, 709, 788, 290, 788, - 788, 788, 767, 789, 788, 3888, 3875, 3876, 3877, 3878, - 3879, 3880, 3881, 204, 81, 3884, 4674, 788, 259, 6191, - 788, 3904, 235, 675, 791, 789, 4519, 192, 359, 621, - 788, 788, 197, 6019, 4492, 327, 648, 788, 464, 1834, - 788, 1836, 695, 4605, 127, 695, 122, 711, 681, 514, - 209, 3920, 3921, 433, 3923, 667, 3925, 3926, 3927, 3928, - 3929, 3930, 3931, 143, 3933, 24, 4492, 232, 3937, 28, - 791, 30, 403, 32, 405, 178, 791, 4580, 586, 791, - 147, 720, 364, 296, 723, 160, 6087, 791, 3944, 317, - 621, 158, 127, 33, 398, 3951, 791, 791, 4674, 166, - 709, 41, 3985, 715, 269, 24, 706, 19, 20, 28, - 50, 30, 3968, 32, 183, 24, 3951, 583, 7, 28, - 771, 30, 197, 32, 4007, 3944, 202, 194, 751, 467, - 742, 467, 3951, 3968, 788, 10, 791, 776, 777, 751, - 43, 4644, 136, 31, 4027, 4028, 4029, 4605, 440, 3968, - 4033, 226, 218, 297, 151, 606, 127, 65, 317, 42, - 752, 42, 3944, 4046, 495, 68, 412, 3, 587, 3951, - 762, 751, 623, 313, 77, 467, 682, 33, 796, 4605, - 431, 145, 156, 250, 788, 41, 3968, 788, 128, 225, - 395, 788, 788, 788, 50, 98, 33, 15, 649, 4055, - 413, 414, 796, 788, 41, 127, 3951, 127, 356, 33, - 54, 278, 795, 50, 545, 291, 53, 41, 6029, 294, - 123, 752, 33, 3968, 127, 390, 50, 130, 795, 53, - 41, 762, 791, 145, 127, 796, 4055, 402, 141, 50, - 120, 796, 693, 24, 25, 26, 178, 28, 3944, 30, - 647, 32, 711, 789, 157, 3951, 2051, 4140, 337, 651, - 2055, 592, 165, 337, 337, 141, 510, 2062, 44, 209, - 313, 6413, 3968, 4055, 565, 178, 4763, 4764, 4765, 4766, - 4767, 4768, 4769, 4770, 4771, 4772, 128, 4774, 4775, 4776, - 4777, 4778, 4779, 4780, 4781, 364, 4783, 4784, 4181, 202, - 4787, 4788, 154, 5595, 5596, 313, 5598, 788, 178, 795, - 4055, 6122, 4195, 33, 4197, 390, 796, 128, 788, 4202, - 4203, 41, 4205, 791, 47, 4208, 4209, 6524, 537, 538, - 50, 407, 541, 542, 543, 789, 4205, 502, 414, 242, - 431, 410, 789, 106, 247, 248, 791, 2142, 340, 562, - 563, 789, 683, 209, 682, 796, 6277, 789, 4816, 6170, - 4853, 88, 4975, 652, 789, 127, 127, 4322, 789, 5454, - 662, 789, 209, 789, 796, 667, 707, 317, 4333, 788, - 4335, 4264, 167, 4255, 4256, 209, 136, 788, 791, 288, - 4816, 2186, 791, 127, 778, 73, 2191, 791, 209, 2194, - 796, 6543, 129, 127, 6284, 695, 4893, 572, 128, 682, - 778, 4898, 315, 517, 151, 519, 520, 494, 145, 488, - 127, 708, 455, 439, 499, 791, 390, 4961, 284, 4312, - 534, 4314, 536, 397, 4317, 4318, 695, 127, 4930, 789, - 4323, 788, 6302, 24, 25, 26, 2241, 28, 412, 30, - 742, 32, 791, 356, 788, 154, 431, 4326, 2253, 751, - 3, 317, 4345, 4346, 6450, 151, 4983, 791, 240, 4352, - 434, 4432, 218, 367, 514, 378, 514, 514, 390, 695, - 317, 695, 551, 514, 119, 397, 364, 514, 123, 209, - 514, 6412, 127, 317, 791, 18, 19, 20, 567, 568, - 412, 120, 681, 572, 573, 574, 317, 47, 288, 127, - 723, 678, 600, 18, 19, 20, 1007, 152, 5810, 751, - 5812, 5813, 434, 789, 789, 629, 630, 789, 789, 4484, - 251, 789, 158, 168, 158, 40, 263, 6417, 211, 174, - 788, 791, 4503, 65, 796, 448, 621, 137, 71, 252, - 73, 443, 669, 796, 397, 282, 422, 788, 484, 484, - 2355, 18, 19, 20, 1055, 19, 20, 294, 73, 791, - 599, 640, 207, 284, 5164, 539, 99, 68, 2373, 2508, - 684, 685, 788, 40, 741, 312, 329, 6398, 552, 2384, - 2385, 6512, 311, 311, 99, 4478, 53, 317, 2527, 238, - 30, 57, 6523, 57, 710, 569, 4872, 2536, 128, 223, - 6531, 207, 204, 2542, 791, 342, 73, 791, 6539, 788, - 4503, 2550, 145, 288, 693, 146, 154, 539, 4511, 42, - 653, 2560, 431, 789, 2563, 789, 4492, 789, 128, 789, - 552, 1132, 99, 778, 720, 366, 789, 723, 789, 777, - 789, 788, 788, 374, 796, 160, 732, 569, 293, 789, - 789, 788, 4534, 2458, 789, 4548, 789, 791, 389, 2464, - 789, 789, 788, 4492, 789, 789, 789, 789, 399, 400, - 401, 789, 789, 586, 5171, 760, 791, 762, 409, 789, - 417, 789, 197, 216, 789, 789, 5183, 202, 791, 204, - 5290, 791, 791, 160, 789, 789, 218, 789, 789, 621, - 4492, 781, 382, 595, 771, 31, 788, 788, 31, 31, - 788, 226, 72, 788, 131, 75, 431, 791, 128, 791, - 791, 127, 127, 697, 5305, 508, 796, 796, 796, 791, - 197, 791, 4625, 796, 1235, 202, 791, 204, 712, 4605, - 273, 274, 275, 128, 617, 5493, 259, 791, 53, 789, - 100, 789, 771, 47, 675, 791, 791, 369, 127, 226, - 293, 5229, 791, 791, 4657, 580, 126, 791, 158, 129, - 158, 758, 511, 443, 553, 697, 4605, 4670, 4657, 294, - 123, 4674, 788, 561, 4677, 145, 4492, 269, 269, 661, - 712, 33, 269, 5229, 269, 81, 269, 316, 4677, 41, - 160, 204, 788, 127, 2609, 2610, 789, 271, 50, 791, - 5308, 771, 771, 4605, 771, 4708, 547, 350, 771, 352, - 771, 741, 771, 771, 4717, 771, 771, 294, 559, 4718, - 771, 72, 2637, 5581, 75, 350, 4729, 370, 771, 372, - 762, 4723, 2647, 771, 771, 771, 771, 771, 4813, 156, - 92, 93, 94, 95, 771, 771, 771, 390, 218, 4752, - 771, 147, 319, 771, 397, 4758, 226, 296, 791, 4762, - 771, 771, 158, 5149, 771, 390, 771, 789, 791, 412, - 166, 788, 796, 350, 789, 126, 419, 5487, 129, 771, - 431, 5491, 5492, 4786, 580, 789, 138, 139, 140, 4605, - 789, 434, 300, 263, 145, 168, 34, 337, 194, 5185, - 791, 648, 796, 644, 288, 288, 791, 796, 204, 160, - 763, 5493, 796, 390, 510, 662, 1427, 396, 659, 1430, - 667, 154, 431, 789, 294, 153, 581, 153, 796, 789, - 789, 789, 214, 65, 789, 796, 777, 4840, 190, 191, - 4816, 789, 312, 777, 4847, 796, 420, 789, 491, 789, - 342, 788, 791, 788, 250, 242, 704, 209, 501, 700, - 434, 288, 436, 288, 588, 128, 128, 796, 715, 4872, - 796, 788, 788, 714, 499, 226, 496, 4816, 233, 5854, - 777, 4870, 278, 30, 788, 795, 323, 771, 740, 788, - 549, 204, 469, 337, 468, 742, 539, 126, 472, 5581, - 2815, 204, 254, 204, 2819, 50, 158, 481, 288, 552, - 158, 719, 263, 791, 4816, 5493, 789, 4920, 388, 412, - 31, 412, 499, 31, 31, 241, 53, 4930, 284, 788, - 788, 30, 4935, 788, 30, 465, 246, 178, 789, 588, - 514, 778, 778, 294, 143, 4937, 356, 5493, 591, 95, - 796, 155, 155, 788, 597, 789, 4959, 789, 532, 789, - 789, 312, 207, 796, 153, 317, 318, 791, 789, 791, - 65, 789, 789, 789, 789, 789, 789, 788, 621, 771, - 789, 788, 31, 788, 4983, 4961, 128, 31, 791, 233, - 789, 4983, 178, 313, 791, 771, 621, 788, 233, 788, - 4816, 741, 558, 5581, 4983, 791, 4961, 697, 697, 204, - 412, 788, 655, 788, 300, 2930, 2931, 300, 788, 662, - 382, 53, 4961, 4999, 791, 789, 791, 31, 209, 450, - 288, 5112, 53, 325, 213, 5581, 610, 388, 789, 664, - 443, 5751, 252, 617, 621, 131, 789, 506, 65, 257, - 168, 316, 789, 627, 697, 207, 789, 508, 647, 4961, - 4999, 791, 65, 415, 789, 5068, 789, 641, 169, 712, - 713, 251, 791, 351, 218, 789, 789, 316, 789, 6491, - 789, 451, 725, 791, 174, 788, 771, 664, 771, 771, - 762, 665, 791, 167, 749, 422, 4961, 4999, 422, 218, - 674, 204, 53, 677, 300, 789, 5109, 3022, 248, 5112, - 681, 170, 300, 788, 30, 30, 5108, 5120, 218, 762, - 597, 695, 388, 65, 218, 218, 5207, 218, 598, 5108, - 482, 159, 712, 3048, 4999, 760, 159, 762, 218, 712, - 218, 596, 218, 218, 607, 4961, 5149, 218, 791, 5152, - 204, 5154, 726, 204, 5143, 5144, 5145, 390, 489, 6364, - 796, 253, 128, 443, 588, 316, 5169, 204, 154, 553, - 431, 789, 789, 789, 617, 155, 71, 502, 791, 65, - 410, 789, 5185, 760, 789, 762, 366, 789, 789, 789, - 796, 789, 5181, 5182, 374, 791, 548, 791, 550, 50, - 788, 5204, 5191, 5206, 556, 431, 788, 788, 3123, 389, - 796, 658, 53, 31, 789, 5204, 382, 3132, 788, 399, - 400, 401, 3137, 795, 788, 65, 65, 117, 3143, 409, - 65, 788, 5235, 450, 30, 749, 5622, 335, 141, 709, - 160, 226, 749, 3158, 394, 674, 316, 598, 5930, 5238, - 426, 127, 282, 5229, 428, 791, 553, 789, 92, 93, - 94, 95, 449, 789, 616, 789, 692, 788, 791, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - 789, 1892, 5300, 788, 423, 587, 5289, 788, 160, 788, - 5229, 160, 237, 789, 788, 53, 105, 5315, 580, 5302, - 5303, 5304, 789, 791, 138, 139, 140, 5325, 660, 795, - 795, 5314, 31, 5316, 5332, 791, 5334, 5335, 789, 788, - 5323, 5324, 65, 65, 65, 683, 5329, 5229, 415, 6534, - 5943, 6088, 127, 5336, 288, 127, 160, 791, 5341, 316, - 288, 22, 23, 24, 25, 26, 27, 28, 29, 30, - 31, 32, 5930, 5356, 789, 653, 190, 191, 709, 789, - 791, 5350, 5940, 588, 5367, 605, 789, 547, 605, 122, - 6127, 444, 730, 1984, 788, 371, 796, 788, 300, 559, - 788, 72, 789, 788, 5930, 204, 5378, 796, 431, 2000, - 2001, 120, 789, 120, 5940, 796, 795, 795, 282, 5378, - 288, 73, 282, 288, 756, 288, 588, 692, 72, 72, - 15, 730, 65, 5229, 5390, 767, 65, 788, 50, 788, - 254, 160, 789, 718, 703, 791, 30, 6034, 6035, 788, - 6037, 6038, 6039, 6040, 5437, 18, 789, 791, 253, 3354, - 219, 122, 791, 144, 99, 3360, 5449, 5450, 99, 202, - 218, 5390, 6, 432, 588, 5458, 588, 730, 15, 297, - 653, 6152, 422, 422, 434, 788, 5469, 788, 181, 5472, - 5473, 789, 789, 160, 5477, 709, 791, 788, 5481, 659, - 788, 6238, 788, 160, 318, 749, 5489, 202, 5390, 297, - 343, 5494, 99, 53, 154, 789, 593, 788, 704, 730, - 789, 5582, 204, 430, 788, 199, 356, 5496, 5583, 745, - 5585, 788, 788, 788, 788, 426, 208, 5493, 788, 2130, - 700, 202, 744, 5512, 744, 5390, 2137, 174, 5609, 342, - 5611, 589, 789, 788, 714, 789, 789, 788, 291, 127, - 15, 219, 791, 252, 791, 730, 484, 789, 336, 431, - 204, 65, 204, 297, 5493, 101, 204, 6164, 204, 5562, - 6167, 5564, 6537, 112, 204, 789, 789, 2178, 6175, 143, - 789, 6178, 653, 116, 436, 30, 788, 259, 791, 3659, - 5583, 415, 5585, 3939, 3059, 5363, 5359, 3778, 5591, 5361, - 5593, 5493, 5610, 5914, 4409, 5561, 5944, 5983, 6107, 6342, - 784, 4478, 1482, 3968, 782, 5581, 4961, 782, 3950, 5112, - 291, 2566, 5615, 5616, 5617, 5618, 4503, 4023, 2136, 5622, - 5623, 3738, 5625, 4739, 4045, 2473, 2666, 5630, 5631, 850, - 5773, 5634, 2667, 5772, 2668, 5548, 5639, 5640, 4919, 4431, - 5638, 4666, 5581, 5646, 5647, 5068, 5649, 4670, 482, 1007, - 2905, 6158, 6279, 5433, 5657, 5718, 6417, 6377, 6042, 5716, - 3202, 414, 5297, 4914, 5936, 1023, 1470, 5341, 4920, 1027, - 5481, 5612, 5163, 6401, 5677, 6228, 6238, 5493, 6127, 5581, - 6120, 6120, 6120, 6120, 867, 4602, 1635, 3860, 4498, 5692, - 4385, 4555, 1050, 3608, 2305, 4065, 6096, 1055, 6152, 2510, - 3336, 6087, 1060, 4633, 4143, 4636, 4628, 6423, 6395, 496, - 496, 5786, 6396, 5921, 548, 3770, 550, 6183, 6199, 6195, - 5823, 5608, 556, 2535, 43, 5606, 407, 4315, 5731, 4919, - 5338, 1898, 3758, 414, 1491, 2329, 5995, 3753, 3230, 5742, - 6146, 5827, 2491, 3608, 5747, 4033, 3048, 3392, 4537, 68, - 1454, 5754, 5755, 542, 3568, 790, 5759, 5760, 77, 6228, - 3702, 1218, 1401, 1441, 3837, 5581, 5769, 4981, 1126, 1127, - 1128, 1129, 5775, 3617, 1132, 5792, 5779, 4657, 3519, 98, - 5772, 1139, 616, 5786, 3516, 6171, 3586, 2070, 3585, 4180, - 5793, 6404, 1990, 2404, 2126, 2406, 5011, 3712, 4090, 6351, - 1969, 5804, 6119, 6456, 123, 6455, 1399, 2385, 127, 1399, - 2380, 130, 5369, 4974, 6012, 1399, 5120, 6013, 2001, 2375, - 3173, 1399, 141, 5826, 2401, 4166, 660, 3824, 4847, 5832, - 1399, 5834, 4846, 1975, 4164, 6019, 5839, 5428, 157, 5839, - 5095, 5424, 3840, 5012, 3833, 5848, 165, 796, 5929, 4975, - 5445, 4390, 5933, 4391, 4616, 1462, 5859, 5860, 4853, 178, - 3166, 1836, 5865, 496, 5939, 5940, 1432, 2578, 712, 514, - 1308, 5946, 5947, 2631, 3385, 3790, 4534, 1235, 4723, 5954, - 5731, 5142, 3872, 202, 4710, 6412, 895, 4708, 896, 3804, - 5893, 2209, 703, 3808, 3018, 1457, 703, 3019, 703, 3694, - 5769, 5904, 3076, 2318, 4540, 5461, 1903, 5910, 5254, 6415, - 6461, 5602, 6531, 6299, 6539, 5918, 3382, 5920, 6450, 3151, - 3038, 3435, 756, 242, 3671, 5449, 1011, 6540, 247, 248, - 3672, 5934, 702, 767, 2673, 3673, 5939, 2951, 702, 3668, - 3664, 2647, 3663, 4214, 2349, 1233, 700, 4420, 1891, 1199, - 3613, 5954, 4872, 3224, 5930, 5958, 3773, 5688, 1891, 4987, - 4432, 743, 520, 1321, 5940, 1342, 496, 720, 5971, 5987, - 723, 496, 2148, 496, 4329, 980, 3131, 2669, 5981, 4531, - 5983, 5229, 980, 4048, 999, 5940, 5989, 5990, 5991, 6375, - 4727, 5930, 5946, 6248, 5229, 5219, 315, 5218, 6079, 5239, - 887, 5940, 1830, -1, 999, -1, -1, -1, -1, 6012, - 6013, -1, -1, -1, -1, 6096, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5930, -1, - -1, -1, -1, -1, -1, -1, -1, 356, 5940, 720, - -1, -1, 723, -1, -1, -1, -1, -1, -1, -1, - 6053, 732, -1, -1, -1, 6058, -1, -1, -1, 378, - -1, 6064, -1, -1, -1, 2676, -1, -1, -1, 1427, - -1, -1, 1430, -1, -1, 5940, -1, -1, -1, -1, - -1, -1, -1, -1, 6087, 6074, -1, -1, -1, -1, - -1, -1, 4007, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6105, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 5930, -1, 6119, -1, 4033, -1, - -1, -1, -1, -1, 5940, -1, -1, -1, -1, 448, - -1, -1, 6518, -1, -1, -1, -1, -1, -1, 2750, - 2751, 6527, -1, 6146, -1, -1, 1504, -1, -1, -1, - -1, -1, -1, -1, -1, 6158, -1, -1, -1, -1, - -1, -1, -1, 6244, -1, -1, -1, -1, 6171, -1, - -1, 6246, -1, 6248, -1, -1, 6165, 6166, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 6177, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6203, -1, -1, -1, -1, -1, -1, -1, -1, 6212, - -1, 6214, 6215, 6, 7, -1, -1, -1, -1, -1, - -1, 2832, -1, -1, -1, 18, -1, -1, -1, 6228, - -1, -1, -1, -1, 2845, -1, 6228, -1, -1, 6242, - -1, -1, -1, 6246, -1, 6248, -1, -1, 6251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 53, -1, 6343, -1, -1, -1, -1, 586, -1, -1, - -1, -1, -1, -1, 6277, -1, -1, -1, -1, -1, - -1, -1, 4197, -1, -1, -1, -1, -1, 81, -1, - -1, -1, -1, 650, -1, -1, 6299, -1, -1, 6288, - -1, -1, 6291, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 669, -1, 6317, 6318, -1, -1, 6321, 6400, - 6401, -1, -1, -1, 2935, 6328, 119, -1, 43, -1, - 123, -1, -1, -1, 127, -1, -1, -1, -1, -1, - 2951, -1, -1, 136, 137, -1, 703, -1, -1, -1, - 143, -1, -1, 68, 147, -1, -1, -1, 6439, 152, - -1, 154, 77, -1, -1, 158, -1, -1, -1, -1, - -1, -1, 6375, 166, -1, 168, -1, -1, -1, -1, - -1, 174, -1, 98, -1, -1, 6389, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4312, -1, -1, - -1, 194, 4317, 4318, -1, 108, -1, -1, 123, 6412, - -1, 204, 127, -1, 207, 130, -1, -1, -1, -1, - -1, 740, -1, -1, -1, -1, 141, -1, 3039, -1, - 4345, 4346, -1, -1, 227, -1, -1, -1, -1, 142, - -1, -1, 157, -1, -1, -1, -1, -1, -1, -1, - 165, -1, -1, 246, -1, -1, -1, 250, -1, -1, - -1, -1, -1, 178, -1, -1, 259, -1, -1, 3080, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, - -1, -1, -1, -1, -1, 278, -1, 202, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 293, -1, -1, -1, 861, -1, 299, 300, 865, 6512, - 867, -1, -1, -1, -1, 6518, -1, -1, -1, -1, - 6523, 314, -1, 316, 6527, -1, -1, 242, 6531, -1, - 887, -1, 247, 248, 1892, -1, 6539, -1, -1, -1, - -1, -1, -1, 1901, -1, 1903, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3183, -1, 3185, 3186, 3187, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 315, -1, -1, -1, 1962, 1963, -1, -1, 965, 966, - 1968, 968, 969, 970, 1972, 1973, 1974, -1, 975, -1, - -1, -1, -1, -1, 1982, 1983, 1984, -1, -1, -1, - 1988, -1, -1, -1, 1992, 1993, 1994, -1, 1996, 1997, - 1998, 356, 2000, 2001, -1, -1, -1, -1, -1, 2007, - -1, 2009, -1, -1, 2012, 2013, 2014, 2015, -1, 2017, - -1, 2019, 2020, 378, -1, -1, -1, -1, -1, -1, - 463, -1, -1, -1, -1, 2033, 2034, 2035, 2036, 2037, - -1, 2039, 2040, 2041, 2042, 2043, 2044, -1, 2046, 2047, - -1, 2049, 2050, -1, 2052, 2053, -1, -1, 2056, 2057, - -1, 2059, 2060, -1, -1, 2063, -1, 2065, -1, -1, - -1, 2069, 2070, 2071, -1, -1, 2074, 2075, 2076, 2077, - -1, 2079, -1, -1, -1, -1, -1, -1, 2086, -1, - -1, -1, -1, 448, 2092, 2093, 2094, 2095, -1, -1, - -1, -1, -1, -1, -1, 2103, 2104, -1, 2106, 2107, - -1, -1, 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, - 2118, 2119, 2120, 2121, 2122, -1, -1, 2125, -1, -1, - -1, 3382, 2130, -1, -1, -1, -1, -1, -1, 2137, - -1, -1, 485, -1, -1, -1, -1, -1, 581, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2160, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 515, 516, -1, 518, 519, 520, 521, 522, - 2178, 524, 525, 526, 527, 528, 529, 530, 531, -1, - 533, 534, 535, 536, -1, -1, -1, 4752, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4762, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 19, 20, - -1, -1, -1, -1, -1, -1, 6, 7, -1, -1, - -1, 586, -1, -1, -1, -1, -1, -1, 18, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, - -1, 6, 7, -1, -1, -1, 46, -1, 48, 49, - -1, -1, -1, 18, -1, -1, -1, -1, -1, -1, - 2278, -1, 2280, -1, -1, -1, 629, 630, -1, -1, - 70, -1, 72, -1, -1, -1, -1, -1, 78, -1, - -1, -1, -1, -1, -1, -1, -1, 2305, 53, -1, - -1, -1, -1, 2311, -1, -1, -1, -1, -1, 99, - -1, -1, -1, -1, -1, 758, -1, 1324, -1, -1, - 110, -1, -1, -1, -1, -1, 81, 3588, 771, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3605, -1, 789, -1, 791, -1, - -1, 794, 795, -1, -1, 145, -1, -1, -1, -1, - -1, -1, -1, -1, 119, -1, -1, -1, 123, -1, - -1, -1, 127, -1, -1, -1, -1, -1, -1, -1, - -1, 136, 137, -1, 174, -1, -1, -1, -1, -1, - 2398, -1, 147, -1, -1, -1, 2404, 152, 2406, 154, - -1, -1, -1, 158, -1, -1, -1, -1, -1, -1, - -1, 166, 3673, 168, -1, 205, -1, 207, -1, 174, - -1, -1, -1, -1, -1, 2433, 216, -1, 218, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 194, - -1, -1, -1, -1, 43, -1, -1, -1, -1, 204, - -1, 241, 207, -1, -1, -1, -1, -1, -1, -1, - 271, -1, 2470, -1, -1, -1, -1, -1, -1, 68, - -1, 282, 227, -1, -1, -1, 3737, 3738, 77, -1, - -1, -1, -1, 273, 274, 275, -1, -1, -1, -1, - -1, 246, -1, -1, -1, 250, -1, -1, -1, 98, - -1, -1, -1, 293, 259, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 278, 123, -1, -1, -1, 127, -1, - -1, 130, 11, -1, 13, -1, -1, -1, 293, 18, - 19, 20, 141, -1, -1, 300, -1, -1, -1, -1, - -1, -1, 342, -1, -1, -1, -1, -1, 157, 314, - 350, 316, 352, -1, -1, -1, 165, -1, -1, -1, - -1, -1, 3833, -1, -1, -1, -1, -1, -1, 178, - -1, -1, 372, -1, -1, -1, -1, -1, -1, 379, - -1, -1, 71, -1, 73, -1, -1, -1, -1, -1, - 390, -1, -1, 202, 5169, -1, -1, 397, -1, 420, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, 412, 434, 2632, 436, -1, -1, -1, 419, - -1, -1, -1, 423, 424, -1, -1, -1, -1, -1, - 430, -1, -1, 242, 434, -1, -1, -1, 247, 248, - -1, -1, 442, -1, -1, -1, -1, 468, -1, -1, - -1, 472, -1, -1, -1, -1, 145, -1, 2676, 2677, - 481, -1, -1, 463, -1, -1, -1, 2685, 2686, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 167, -1, - -1, -1, -1, -1, -1, -1, -1, 487, -1, -1, - -1, 491, -1, 514, -1, -1, -1, -1, -1, -1, - -1, 501, -1, -1, -1, -1, 315, -1, -1, -1, - -1, 532, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2739, -1, -1, -1, -1, -1, 216, -1, 5304, - -1, -1, 2750, 2751, -1, -1, -1, -1, -1, 539, - 4011, -1, -1, -1, -1, -1, -1, 356, 5323, -1, - -1, -1, 552, -1, 554, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 2782, 2783, 2784, -1, -1, 378, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 273, 274, 275, -1, -1, 610, - -1, 591, -1, -1, -1, -1, 617, 597, -1, -1, - -1, -1, -1, -1, 293, -1, 627, -1, -1, -1, - -1, -1, -1, -1, 2832, -1, 581, -1, -1, -1, - 641, 621, 622, -1, 2842, -1, -1, 2845, -1, 4100, - -1, -1, -1, 633, 634, 635, -1, -1, -1, 448, - -1, -1, 2860, -1, 665, -1, 2864, 2865, -1, 2867, - 2868, -1, -1, 674, -1, 655, 677, -1, 2876, -1, - 2878, 350, 662, 352, -1, -1, -1, -1, 4139, -1, - -1, -1, -1, -1, 695, -1, -1, -1, -1, -1, - -1, 370, -1, 372, -1, -1, -1, -1, -1, -1, - 711, 2909, -1, -1, -1, -1, -1, 697, -1, -1, - -1, 390, -1, -1, -1, 726, -1, -1, 397, -1, - -1, -1, 712, 713, -1, -1, -1, 2935, -1, -1, - -1, -1, -1, 412, -1, 725, -1, -1, -1, 729, - 419, -1, -1, 2951, -1, -1, 4207, -1, 6, 7, - -1, -1, -1, -1, -1, 434, -1, -1, -1, -1, - 18, -1, -1, 2971, -1, -1, 683, -1, -1, -1, - -1, -1, 762, -1, -1, -1, -1, -1, -1, -1, - 2988, -1, -1, -1, -1, -1, -1, 586, -1, -1, - -1, -1, -1, -1, -1, 53, -1, -1, -1, -1, - -1, -1, -1, 758, -1, 795, -1, -1, -1, -1, - -1, -1, 491, 730, -1, -1, 771, 3025, -1, -1, - -1, -1, 501, 81, 3032, -1, -1, -1, -1, -1, - -1, 3039, -1, -1, 789, -1, 791, -1, -1, 794, - 795, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 539, 119, -1, -1, -1, 123, -1, -1, -1, 127, - -1, -1, 3080, 552, -1, -1, -1, -1, 136, 137, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 147, - -1, -1, -1, -1, 152, -1, 154, -1, -1, -1, - 158, -1, -1, -1, -1, -1, -1, -1, 166, -1, - 168, -1, 591, 4374, -1, -1, 174, -1, 597, -1, - -1, -1, -1, -1, -1, -1, -1, 5692, 3136, -1, - -1, -1, -1, -1, -1, -1, 194, -1, -1, -1, - -1, -1, 621, -1, -1, -1, 204, -1, -1, 207, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3170, -1, -1, -1, -1, -1, -1, 227, - -1, -1, -1, -1, -1, 3183, 655, 3185, 3186, 3187, - -1, 3189, -1, 662, -1, 3193, -1, 3195, 246, -1, - 5755, -1, 250, -1, -1, -1, -1, -1, -1, -1, - -1, 259, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 43, -1, -1, -1, 697, -1, - 278, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 712, 713, 293, -1, -1, -1, 68, - -1, -1, 300, -1, -1, -1, 725, -1, 77, -1, - -1, -1, -1, -1, -1, -1, 314, -1, 316, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 98, + 3, 0, 977, 2450, 85, 8, 475, 1459, 0, 867, + 85, 702, 703, 31, 644, 669, 2124, 1980, 0, 2332, + 0, 0, 819, 636, 0, 2073, 702, 2670, 2280, 786, + 867, 0, 628, 2137, 37, 631, 2567, 791, 41, 819, + 0, 0, 796, 46, 798, 0, 49, 0, 0, 1591, + 1288, 2306, 1986, 2017, 1424, 2629, 2554, 730, 3039, 1635, + 3031, 0, 770, 2026, 772, 3052, 1430, 2583, 776, 777, + 1427, 670, 650, 1430, 1995, 42, 670, 1055, 2469, 2556, + 697, 634, 2417, 3196, 1531, 3198, 3199, 2988, 3768, 1812, + 2331, 1889, 1470, 2520, 3850, 2056, 4351, 86, 0, 652, + 1355, 700, 1418, 656, 1470, 658, 700, 660, 661, 4431, + 663, 664, 665, 3189, 2075, 4018, 4431, 857, 1660, 1023, + 747, 1399, 3814, 750, 702, 2253, 2947, 888, 3944, 2556, + 4335, 2195, 2196, 1532, 4424, 0, 650, 1194, 2137, 2960, + 2671, 4808, 4322, 696, 3430, 3431, 2110, 2111, 2112, 2113, + 2114, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, 3851, + 3050, 3839, 3828, 181, 1563, 168, 2658, 2440, 3687, 4055, + 4828, 3119, 4485, 3238, 3277, 1230, 3451, 1232, 1233, 4469, + 3737, 3951, 4331, 2202, 0, 1240, 1290, 5205, 702, 3149, + 2521, 867, 1591, 3906, 4075, 3813, 4320, 3148, 3149, 752, + 753, 3158, 4299, 2222, 4929, 4071, 644, 861, 2381, 4075, + 633, 865, 4886, 15, 39, 4431, 1267, 31, 6, 7, + 644, 1196, 1126, 1127, 1128, 644, 644, 2246, 2247, 15, + 644, 646, 15, 12, 31, 1139, 47, 4886, 1289, 2303, + 1782, 42, 2095, 1498, 1786, 6, 7, 670, 6, 7, + 2103, 2104, 65, 2106, 2107, 6, 7, 1799, 5437, 127, + 128, 1660, 15, 127, 6, 7, 47, 15, 797, 127, + 183, 15, 2663, 1635, 1636, 100, 5473, 700, 4722, 15, + 15, 1634, 531, 1645, 145, 31, 798, 204, 15, 867, + 1643, 3359, 1636, 207, 709, 6, 7, 6, 7, 15, + 723, 1645, 42, 63, 900, 5236, 902, 6, 7, 887, + 15, 99, 1759, 31, 737, 318, 813, 15, 2573, 4938, + 3597, 15, 4886, 218, 16, 17, 15, 15, 1775, 347, + 47, 42, 1779, 42, 11, 12, 4319, 4320, 4840, 243, + 179, 31, 1789, 3784, 1791, 1792, 1793, 1794, 31, 1796, + 3898, 3080, 204, 867, 53, 908, 909, 204, 204, 2672, + 1807, 1808, 1809, 1810, 1811, 316, 369, 4887, 99, 4889, + 4758, 300, 4892, 887, 284, 42, 26, 42, 1740, 3200, + 3201, 123, 143, 1782, 26, 1738, 4906, 1786, 158, 3349, + 316, 24, 25, 26, 233, 28, 1740, 30, 3349, 32, + 1799, 5474, 53, 3922, 2512, 6, 7, 53, 300, 24, + 25, 26, 835, 28, 245, 30, 1778, 32, 269, 31, + 26, 53, 153, 50, 6117, 47, 168, 1966, 1967, 26, + 1783, 846, 42, 33, 1778, 5764, 1975, 33, 24, 25, + 26, 41, 28, 4510, 30, 41, 32, 42, 4431, 255, + 50, 337, 42, 26, 50, 33, 33, 53, 31, 26, + 6, 7, 300, 41, 41, 5167, 4813, 2006, 31, 2008, + 1840, 316, 50, 50, 437, 14, 255, 252, 42, 42, + 122, 904, 47, 475, 2023, 2024, 2025, 198, 394, 311, + 198, 2030, 2031, 240, 145, 26, 26, 316, 253, 2038, + 306, 65, 3392, 316, 33, 3618, 3619, 53, 54, 160, + 156, 14, 41, 316, 80, 4816, 42, 391, 282, 5494, + 143, 50, 123, 89, 156, 42, 42, 306, 531, 54, + 26, 3873, 4920, 645, 42, 42, 227, 316, 42, 26, + 43, 44, 300, 26, 67, 179, 5743, 33, 584, 227, + 542, 412, 2350, 183, 5626, 41, 54, 14, 119, 50, + 26, 595, 42, 542, 50, 782, 981, 168, 107, 99, + 14, 332, 314, 75, 114, 650, 1316, 5647, 255, 160, + 584, 127, 259, 542, 33, 6195, 43, 44, 33, 6199, + 3703, 152, 41, 99, 10, 5930, 41, 143, 40, 43, + 44, 50, 390, 99, 107, 50, 33, 55, 127, 209, + 2923, 120, 99, 209, 41, 5234, 99, 834, 33, 4332, + 335, 346, 168, 50, 627, 628, 41, 170, 631, 306, + 633, 209, 209, 99, 6389, 50, 730, 288, 128, 316, + 6136, 4896, 1399, 356, 122, 644, 141, 127, 151, 291, + 107, 33, 644, 6089, 193, 174, 532, 1284, 647, 1286, + 1129, 207, 268, 107, 154, 644, 4185, 670, 50, 555, + 1378, 6426, 218, 1381, 650, 53, 4492, 1385, 1386, 1387, + 209, 209, 1390, 1391, 796, 644, 107, 57, 33, 4555, + 193, 694, 6128, 669, 151, 650, 41, 700, 4914, 204, + 246, 128, 796, 151, 40, 50, 1486, 1461, 382, 252, + 219, 650, 715, 314, 669, 4794, 441, 317, 431, 167, + 723, 317, 245, 209, 202, 141, 702, 763, 695, 204, + 669, 226, 293, 736, 737, 237, 193, 388, 633, 317, + 317, 204, 702, 51, 316, 6080, 373, 702, 650, 193, + 739, 637, 658, 299, 788, 197, 110, 5827, 747, 763, + 209, 750, 396, 702, 209, 584, 769, 669, 314, 1509, + 33, 300, 193, 313, 6270, 6385, 467, 5849, 41, 3020, + 3032, 584, 209, 786, 5486, 650, 122, 50, 317, 467, + 288, 239, 755, 6122, 209, 1852, 104, 288, 1221, 510, + 803, 179, 510, 51, 669, 797, 253, 1230, 811, 812, + 1233, 4794, 316, 291, 339, 1238, 819, 382, 643, 300, + 35, 36, 37, 648, 39, 572, 1883, 1457, 3326, 3327, + 253, 317, 835, 564, 650, 3795, 3657, 702, 730, 581, + 791, 844, 3177, 668, 3795, 5776, 1269, 3804, 174, 6542, + 31, 3808, 5214, 669, 857, 233, 104, 682, 5220, 733, + 827, 197, 791, 5794, 209, 791, 202, 796, 317, 481, + 5217, 498, 317, 643, 791, 788, 3605, 791, 653, 4427, + 705, 791, 597, 2335, 390, 861, 702, 791, 4329, 865, + 317, 867, 895, 674, 897, 476, 791, 900, 1494, 902, + 751, 904, 317, 3350, 907, 766, 861, 597, 3163, 4976, + 865, 887, 508, 3226, 597, 760, 4193, 463, 2839, 2840, + 3821, 551, 861, 791, 763, 1454, 865, 791, 867, 5230, + 1399, 4914, 887, 791, 1487, 695, 903, 750, 905, 791, + 4008, 156, 5386, 724, 791, 791, 209, 711, 887, 1461, + 33, 789, 6131, 791, 5342, 291, 5931, 674, 41, 861, + 791, 964, 585, 865, 967, 867, 788, 50, 5587, 295, + 771, 974, 317, 976, 788, 730, 3080, 788, 5652, 4321, + 581, 980, 788, 3156, 3157, 887, 788, 990, 980, 965, + 966, 788, 968, 969, 970, 796, 861, 1420, 980, 975, + 865, 980, 3021, 5652, 980, 1254, 1984, 795, 2646, 788, + 796, 2864, 2865, 796, 2867, 2868, 6213, 5339, 6215, 1457, + 980, 980, 887, 2001, 5339, 980, 965, 966, 3269, 968, + 969, 970, 4003, 1457, 795, 788, 975, 795, 1457, 1457, + 2404, 980, 788, 1457, 795, 861, 1295, 2404, 796, 865, + 5147, 867, 796, 795, 317, 3368, 796, 5782, 1962, 1963, + 796, 796, 2440, 965, 966, 4178, 968, 969, 970, 796, + 788, 887, 771, 975, 2440, 702, 2528, 788, 980, 788, + 796, 3080, 5206, 2535, 795, 796, 795, 796, 5652, 2146, + 5592, 796, 5594, 4711, 5482, 2373, 795, 2152, 796, 791, + 965, 966, 796, 968, 969, 970, 2384, 796, 796, 1889, + 975, 788, 2167, 1853, 788, 980, 4829, 3448, 96, 3450, + 771, 6318, 6319, 5339, 5203, 33, 209, 777, 1131, 796, + 1129, 796, 6329, 41, 5654, 777, 2193, 1129, 33, 789, + 2244, 791, 50, 6216, 4034, 2498, 41, 2500, 2199, 795, + 2201, 6169, 6170, 2204, 5035, 50, 789, 2519, 5039, 2137, + 2513, 771, 532, 795, 980, 2216, 788, 4845, 2219, 5035, + 4848, 777, 2223, 5039, 789, 2519, 771, 155, 2531, 1396, + 777, 771, 4739, 4849, 2546, 751, 796, 2549, 160, 789, + 2543, 1194, 4962, 6390, 795, 791, 2558, 3305, 2249, 2250, + 2251, 796, 2546, 789, 777, 2549, 2559, 771, 771, 233, + 777, 789, 1952, 2752, 2558, 136, 2755, 794, 1221, 791, + 5203, 2125, 789, 5206, 791, 771, 3354, 1230, 789, 5617, + 1233, 5619, 2771, 2488, 317, 1238, 5624, 776, 777, 778, + 779, 780, 781, 5631, 5632, 771, 777, 777, 33, 795, + 1331, 1850, 2791, 5641, 771, 771, 41, 235, 789, 5647, + 791, 739, 791, 771, 771, 50, 1269, 771, 791, 14, + 796, 774, 775, 776, 777, 778, 779, 780, 781, 796, + 796, 777, 4358, 730, 40, 33, 791, 4258, 796, 796, + 777, 771, 646, 41, 777, 1284, 4372, 1286, 43, 44, + 1973, 209, 50, 789, 1307, 791, 1309, 730, 71, 143, + 791, 777, 1315, 1316, 209, 796, 791, 774, 775, 776, + 777, 778, 779, 780, 781, 3319, 3320, 57, 791, 1332, + 4605, 775, 776, 777, 778, 779, 780, 781, 1341, 647, + 789, 71, 791, 73, 789, 179, 791, 28, 2105, 30, + 2147, 32, 1355, 1356, 169, 33, 5339, 778, 779, 780, + 781, 42, 107, 41, 791, 691, 282, 2147, 1357, 4202, + 4203, 74, 50, 1376, 789, 4478, 791, 2050, 361, 5231, + 4445, 4341, 4342, 320, 282, 763, 4499, 4500, 4345, 4346, + 4341, 4342, 4213, 771, 373, 395, 1399, 1400, 123, 647, + 1399, 582, 648, 739, 380, 380, 4227, 1399, 5557, 317, + 4231, 99, 1379, 1380, 72, 230, 597, 1420, 74, 2610, + 5569, 5570, 317, 2220, 209, 233, 5788, 1850, 5790, 431, + 53, 439, 380, 71, 127, 1438, 116, 282, 53, 5827, + 2220, 197, 6109, 168, 2499, 5833, 791, 362, 193, 282, + 296, 101, 33, 6111, 98, 3093, 1459, 1460, 1457, 179, + 576, 209, 1454, 5586, 233, 1457, 143, 425, 776, 50, + 1473, 167, 496, 319, 31, 2183, 3728, 380, 1457, 397, + 1469, 1484, 5795, 1486, 174, 127, 407, 3964, 2179, 3966, + 3731, 1494, 1495, 3766, 110, 1498, 2253, 99, 1457, 1324, + 212, 3605, 179, 2179, 476, 5391, 1509, 1922, 67, 5847, + 1335, 730, 3476, 154, 202, 3756, 33, 1932, 3909, 498, + 143, 33, 127, 6118, 41, 1994, 789, 33, 791, 41, + 1953, 209, 317, 50, 255, 41, 233, 3964, 50, 3966, + 143, 461, 3180, 288, 50, 123, 33, 271, 143, 127, + 796, 33, 40, 4045, 41, 2154, 771, 772, 773, 41, + 2154, 476, 50, 50, 282, 3539, 71, 55, 50, 317, + 2350, 74, 40, 4686, 2314, 3373, 2633, 796, 375, 6246, + 4528, 4529, 345, 657, 5972, 306, 227, 545, 2184, 2185, + 168, 2187, 2188, 2189, 2190, 316, 174, 33, 5264, 4712, + 33, 2179, 14, 5991, 2200, 41, 3605, 370, 41, 720, + 167, 76, 77, 724, 50, 345, 2373, 50, 314, 316, + 323, 123, 2218, 3584, 3585, 3586, 3587, 2384, 2385, 207, + 3594, 43, 44, 363, 3568, 316, 259, 3600, 754, 317, + 370, 2254, 5980, 259, 2352, 2353, 4536, 297, 3642, 373, + 5799, 572, 342, 2361, 2362, 2363, 4047, 3578, 3579, 40, + 5179, 413, 414, 151, 5787, 2179, 168, 323, 179, 2296, + 5189, 5190, 33, 6124, 55, 368, 299, 233, 3697, 167, + 41, 71, 438, 73, 604, 300, 245, 695, 496, 50, + 2317, 693, 209, 233, 509, 107, 299, 209, 418, 617, + 259, 2124, 4015, 209, 299, 207, 789, 365, 791, 197, + 236, 316, 356, 3687, 5000, 427, 3569, 5395, 3571, 695, + 695, 699, 209, 702, 5576, 33, 368, 209, 2143, 197, + 81, 2154, 370, 41, 717, 532, 317, 3115, 4851, 2930, + 2931, 656, 50, 5948, 2357, 2358, 662, 695, 436, 3115, + 2349, 239, 5430, 2444, 33, 1830, 436, 314, 695, 452, + 6355, 454, 41, 2359, 2360, 40, 5582, 5947, 74, 2192, + 151, 50, 2750, 209, 498, 50, 209, 33, 74, 3017, + 55, 193, 33, 1890, 618, 41, 167, 33, 788, 33, + 41, 393, 695, 395, 50, 41, 147, 41, 719, 50, + 317, 33, 479, 308, 50, 317, 50, 158, 2569, 41, + 452, 317, 454, 711, 6409, 166, 197, 5940, 50, 3183, + 323, 3185, 3186, 1826, 3202, 671, 3183, 429, 3185, 3186, + 317, 1834, 5955, 1836, 3798, 317, 3202, 586, 378, 452, + 463, 4674, 67, 194, 1847, 5490, 570, 1850, 209, 1852, + 1853, 544, 510, 751, 2594, 2595, 581, 459, 239, 3137, + 463, 2478, 2919, 2920, 4685, 3143, 711, 636, 463, 475, + 4691, 4692, 4985, 74, 33, 472, 151, 674, 711, 4007, + 1883, 317, 41, 791, 317, 4998, 1889, 2942, 2945, 74, + 2544, 50, 167, 466, 663, 710, 791, 198, 5417, 250, + 4887, 209, 544, 382, 2959, 4892, 751, 418, 2963, 742, + 4897, 6362, 33, 510, 143, 33, 3554, 2340, 339, 5902, + 41, 1924, 197, 41, 581, 618, 2349, 278, 2351, 50, + 209, 5623, 50, 145, 5010, 5838, 408, 6227, 6228, 2990, + 496, 618, 2439, 2994, 662, 2996, 4010, 5930, 3922, 1952, + 1953, 5934, 4399, 209, 761, 10, 317, 4531, 209, 3010, + 5638, 3935, 294, 209, 239, 209, 2642, 478, 720, 2392, + 438, 723, 3023, 3024, 737, 3230, 618, 209, 702, 2596, + 370, 282, 447, 448, 4971, 6307, 4973, 367, 5064, 417, + 592, 6306, 4247, 711, 1986, 1994, 407, 4249, 496, 41, + 653, 194, 1994, 581, 46, 618, 791, 737, 145, 317, + 421, 452, 2666, 572, 6269, 4546, 6271, 323, 2099, 341, + 245, 594, 463, 160, 626, 127, 2449, 323, 4022, 774, + 775, 776, 777, 778, 779, 780, 781, 458, 317, 4374, + 764, 2148, 131, 791, 452, 10, 33, 796, 2051, 4043, + 209, 2668, 2055, 6161, 41, 463, 6164, 2472, 390, 2062, + 6043, 317, 5740, 50, 2642, 493, 317, 788, 665, 3044, + 2073, 317, 127, 317, 680, 4552, 178, 3393, 14, 581, + 4557, 576, 40, 36, 37, 317, 145, 4564, 209, 2512, + 771, 209, 2670, 2085, 462, 776, 777, 6080, 2521, 672, + 572, 5911, 3080, 332, 10, 6360, 2085, 43, 44, 2866, + 5755, 514, 33, 791, 6097, 5760, 5761, 6057, 6058, 33, + 41, 2124, 323, 2126, 3762, 4552, 101, 41, 2642, 50, + 4557, 532, 576, 612, 791, 788, 50, 4564, 323, 2142, + 242, 639, 33, 2146, 2147, 467, 2135, 33, 771, 791, + 41, 2154, 2155, 33, 557, 41, 2670, 33, 317, 50, + 119, 41, 576, 464, 50, 41, 99, 499, 361, 2842, + 50, 107, 462, 2176, 50, 150, 141, 618, 791, 5166, + 5167, 2184, 2185, 2186, 2187, 2188, 2189, 2190, 2191, 2192, + 2193, 2194, 572, 152, 682, 1159, 317, 2200, 269, 317, + 53, 5879, 160, 2179, 676, 71, 458, 73, 215, 510, + 618, 4185, 532, 315, 2217, 2218, 617, 2220, 47, 2179, + 227, 127, 209, 6420, 2179, 599, 128, 1191, 5984, 673, + 4028, 4029, 711, 99, 2223, 33, 2651, 605, 2241, 197, + 2179, 3879, 2657, 41, 6054, 5925, 210, 5927, 727, 151, + 2253, 388, 50, 47, 2669, 174, 6196, 193, 33, 754, + 6200, 6369, 269, 2939, 695, 5378, 41, 3242, 226, 6466, + 606, 5092, 5093, 674, 791, 50, 5921, 106, 3916, 791, + 3918, 3919, 33, 290, 2897, 791, 3924, 785, 209, 99, + 41, 3195, 695, 0, 3932, 209, 791, 617, 3936, 50, + 3938, 682, 743, 156, 791, 3362, 4159, 2296, 4161, 791, + 754, 2314, 106, 565, 2179, 605, 2319, 748, 209, 390, + 327, 4255, 297, 209, 698, 602, 3696, 2926, 2317, 209, + 317, 390, 2926, 209, 293, 743, 294, 2340, 397, 75, + 754, 7, 4065, 5960, 2347, 5246, 2349, 2350, 2351, 5425, + 791, 3091, 2355, 412, 674, 791, 2359, 2360, 791, 5304, + 417, 2939, 326, 2179, 776, 777, 778, 779, 780, 781, + 2373, 304, 305, 3743, 6052, 434, 295, 791, 2974, 753, + 3137, 2384, 2385, 2979, 6064, 5330, 3143, 6393, 3766, 2392, + 126, 2860, 202, 2989, 3369, 546, 317, 33, 33, 2995, + 3766, 3158, 606, 317, 681, 41, 41, 682, 796, 145, + 711, 209, 4386, 4387, 50, 50, 4390, 4391, 3126, 602, + 3037, 3129, 4396, 4397, 160, 2939, 317, 3135, 777, 3971, + 791, 317, 390, 440, 209, 141, 493, 317, 117, 118, + 789, 317, 33, 794, 3224, 3072, 2449, 631, 537, 538, + 41, 4425, 541, 542, 543, 2458, 6396, 6397, 209, 50, + 771, 2464, 4714, 72, 33, 2468, 771, 33, 56, 3833, + 33, 47, 41, 3164, 407, 41, 3833, 53, 41, 55, + 539, 50, 218, 791, 50, 2488, 57, 50, 458, 4936, + 226, 6497, 6498, 552, 218, 6112, 6113, 6177, 681, 5486, + 6180, 417, 73, 2926, 370, 458, 690, 57, 33, 2512, + 569, 771, 791, 3965, 5459, 4850, 41, 126, 2521, 317, + 2943, 71, 4064, 465, 390, 50, 3804, 206, 47, 3125, + 3808, 33, 136, 503, 796, 791, 4983, 3133, 3134, 41, + 791, 499, 317, 33, 5303, 791, 479, 791, 50, 2552, + 503, 41, 128, 33, 158, 497, 3613, 313, 282, 791, + 50, 41, 6446, 5040, 288, 716, 317, 155, 2544, 47, + 50, 33, 3971, 209, 209, 2578, 47, 3632, 5337, 41, + 5096, 2584, 31, 734, 577, 578, 3643, 106, 50, 2544, + 2593, 2594, 2595, 3373, 3649, 2670, 6480, 3354, 186, 47, + 3655, 3656, 572, 207, 283, 2544, 2609, 2610, 4999, 3, + 3447, 42, 565, 5040, 3451, 4062, 4063, 226, 209, 5695, + 5441, 5442, 332, 3046, 19, 20, 4073, 3605, 106, 571, + 2633, 5194, 791, 51, 2637, 106, 5199, 31, 697, 4009, + 209, 3317, 2544, 209, 2647, 145, 209, 4011, 144, 4570, + 4571, 2654, 388, 712, 4011, 608, 3079, 63, 106, 2662, + 160, 654, 2665, 4626, 5111, 4064, 2642, 5654, 99, 4717, + 791, 4070, 320, 791, 262, 33, 153, 4076, 4599, 2544, + 33, 317, 317, 41, 209, 294, 104, 2642, 41, 651, + 2666, 168, 50, 88, 2670, 4656, 4617, 50, 286, 6401, + 6402, 197, 760, 2642, 33, 33, 4669, 209, 3205, 3206, + 652, 2666, 41, 41, 230, 2670, 113, 114, 115, 209, + 2712, 50, 50, 1033, 1034, 1035, 317, 2666, 2544, 209, + 788, 2670, 3707, 2712, 148, 423, 252, 151, 6440, 3317, + 2642, 272, 430, 3166, 57, 154, 5727, 209, 317, 33, + 712, 317, 283, 715, 317, 33, 65, 41, 71, 3435, + 73, 4735, 3361, 41, 2666, 33, 50, 3361, 2670, 1079, + 788, 3447, 50, 41, 1084, 3451, 514, 2642, 796, 3452, + 742, 777, 50, 4421, 4422, 4423, 81, 259, 777, 751, + 3463, 3464, 317, 789, 2508, 3468, 28, 745, 30, 213, + 789, 2666, 791, 3317, 791, 2670, 33, 308, 4446, 4447, + 311, 4449, 2815, 2527, 41, 317, 2819, 3614, 771, 772, + 773, 788, 2536, 50, 22, 179, 2642, 317, 2542, 796, + 2833, 29, 788, 31, 3614, 347, 2550, 317, 774, 775, + 776, 777, 778, 779, 780, 781, 2560, 3520, 50, 2563, + 2666, 209, 147, 5094, 2670, 317, 209, 3435, 33, 5618, + 300, 2860, 598, 158, 3537, 789, 41, 791, 2860, 3447, + 791, 166, 421, 3451, 4632, 50, 5635, 791, 4636, 37, + 209, 209, 3305, 41, 691, 33, 2446, 33, 46, 5648, + 2450, 5650, 699, 41, 57, 41, 789, 704, 791, 194, + 791, 789, 50, 791, 50, 791, 141, 5878, 71, 5356, + 73, 791, 101, 789, 776, 777, 2919, 2920, 754, 519, + 520, 3435, 33, 2926, 128, 209, 5373, 2930, 2931, 675, + 41, 209, 675, 3447, 534, 33, 536, 3451, 3361, 50, + 2943, 209, 2945, 41, 1437, 2948, 2949, 1440, 1441, 33, + 2939, 789, 50, 791, 24, 250, 282, 41, 28, 317, + 30, 150, 32, 2939, 317, 47, 50, 789, 147, 791, + 2973, 2974, 789, 709, 791, 789, 2979, 791, 4616, 158, + 3671, 3672, 209, 278, 2939, 464, 2989, 166, 317, 317, + 128, 789, 2995, 789, 33, 3671, 3672, 667, 2987, 4637, + 795, 4239, 41, 4937, 33, 33, 789, 33, 791, 2998, + 4374, 50, 41, 41, 789, 41, 3991, 4374, 789, 3022, + 791, 50, 50, 33, 50, 3448, 4602, 3450, 145, 629, + 630, 41, 345, 317, 209, 3038, 145, 2939, 789, 317, + 50, 5572, 3009, 3046, 3047, 3048, 145, 3804, 33, 317, + 363, 3808, 1346, 4291, 314, 5553, 41, 370, 1352, 1353, + 127, 209, 5110, 209, 33, 50, 255, 776, 777, 192, + 33, 250, 41, 796, 2939, 3078, 3079, 789, 41, 791, + 741, 50, 395, 3072, 3087, 480, 3944, 50, 3091, 33, + 317, 796, 3705, 3671, 3672, 776, 777, 41, 209, 278, + 3089, 4530, 120, 4532, 33, 3574, 50, 661, 297, 232, + 282, 209, 41, 789, 3117, 791, 33, 306, 3121, 3122, + 3123, 50, 3125, 2939, 41, 209, 789, 316, 791, 3132, + 3133, 3134, 440, 50, 3137, 355, 356, 751, 4195, 4509, + 3143, 269, 317, 332, 307, 308, 269, 6310, 28, 788, + 30, 5072, 32, 789, 789, 3158, 114, 3671, 3672, 3162, + 5734, 776, 777, 3166, 3167, 19, 20, 1477, 33, 317, + 209, 317, 392, 4228, 288, 4230, 41, 1054, 6456, 6457, + 209, 209, 345, 209, 1061, 50, 3782, 789, 53, 791, + 795, 4246, 4243, 474, 789, 590, 791, 791, 789, 209, + 363, 33, 597, 1080, 1081, 5179, 317, 370, 603, 41, + 127, 431, 2066, 2067, 3203, 5189, 5190, 795, 50, 317, + 789, 3224, 3211, 789, 209, 128, 789, 3230, 3841, 4396, + 4397, 6394, 395, 317, 23, 33, 5683, 26, 27, 141, + 209, 151, 31, 41, 610, 5692, 209, 651, 4028, 4029, + 4007, 789, 50, 791, 24, 25, 19, 20, 28, 3340, + 30, 789, 32, 791, 789, 209, 788, 390, 3944, 5317, + 479, 6434, 588, 215, 3277, 6169, 6170, 359, 317, 402, + 209, 794, 795, 3286, 679, 227, 711, 789, 317, 317, + 788, 317, 209, 584, 788, 788, 128, 3951, 5941, 789, + 742, 788, 3305, 313, 24, 25, 6469, 317, 28, 789, + 30, 28, 32, 30, 3968, 32, 18, 19, 20, 204, + 119, 403, 337, 405, 123, 5429, 337, 789, 127, 337, + 128, 75, 317, 6496, 789, 288, 791, 3340, 40, 4709, + 282, 3317, 555, 789, 209, 791, 53, 742, 317, 3352, + 789, 3354, 791, 152, 317, 284, 204, 3360, 3361, 3362, + 789, 789, 791, 791, 3861, 3862, 3944, 3864, 3865, 168, + 3373, 73, 28, 317, 30, 174, 32, 209, 3317, 502, + 791, 144, 126, 47, 284, 327, 606, 33, 317, 431, + 789, 3814, 791, 19, 20, 41, 789, 99, 791, 788, + 317, 145, 5450, 623, 50, 4202, 4203, 789, 207, 791, + 5374, 209, 789, 495, 791, 3317, 160, 789, 789, 791, + 791, 364, 4202, 4203, 737, 5346, 795, 3850, 3851, 649, + 3944, 789, 788, 6546, 197, 15, 789, 101, 788, 757, + 758, 788, 760, 5417, 762, 3448, 3435, 3450, 789, 572, + 791, 788, 317, 3429, 3430, 3431, 5903, 788, 160, 3435, + 789, 789, 789, 545, 791, 3888, 24, 25, 4706, 788, + 28, 3447, 30, 693, 32, 3451, 183, 789, 788, 791, + 3435, 5733, 226, 788, 4157, 317, 150, 5029, 5462, 788, + 3429, 3430, 3431, 745, 293, 197, 791, 73, 788, 33, + 202, 3317, 204, 745, 789, 789, 791, 41, 3447, 788, + 592, 789, 3451, 789, 788, 791, 50, 4314, 144, 317, + 789, 789, 791, 788, 226, 467, 788, 3429, 3430, 3431, + 789, 788, 791, 3435, 4314, 788, 5174, 5175, 5176, 5177, + 788, 788, 5180, 5181, 789, 3447, 791, 5185, 3551, 3451, + 5188, 5806, 789, 5191, 791, 789, 5194, 791, 788, 5011, + 5198, 5199, 789, 209, 3429, 3430, 3431, 4180, 38, 788, + 3435, 197, 788, 788, 737, 3574, 3568, 3580, 789, 789, + 791, 791, 3574, 214, 789, 40, 791, 788, 4345, 4346, + 33, 255, 294, 788, 18, 19, 20, 5910, 41, 788, + 788, 683, 5706, 5916, 5917, 3608, 789, 50, 791, 214, + 3613, 3614, 5716, 214, 789, 33, 40, 788, 23, 3435, + 788, 26, 27, 41, 788, 707, 31, 390, 4683, 4684, + 5029, 3447, 50, 297, 4492, 3451, 788, 788, 284, 3714, + 3643, 789, 306, 789, 388, 24, 25, 26, 350, 28, + 105, 30, 316, 32, 788, 24, 5013, 364, 788, 28, + 3659, 30, 788, 32, 3667, 214, 3669, 3659, 332, 759, + 789, 317, 791, 788, 300, 209, 788, 3659, 789, 3659, + 3659, 788, 5645, 3659, 5732, 128, 3761, 789, 390, 791, + 3659, 789, 19, 20, 788, 3671, 3672, 788, 3701, 3659, + 3659, 788, 788, 410, 3659, 789, 3659, 3659, 788, 3712, + 128, 3671, 3672, 788, 788, 24, 3671, 3672, 31, 28, + 3659, 30, 5360, 32, 5362, 788, 5364, 4323, 789, 789, + 791, 791, 3671, 3672, 788, 788, 160, 192, 501, 788, + 788, 4796, 197, 788, 19, 20, 796, 788, 965, 966, + 789, 968, 969, 970, 101, 5719, 4510, 3659, 975, 15, + 789, 789, 15, 789, 390, 788, 209, 33, 4605, 789, + 3759, 791, 789, 197, 791, 41, 788, 232, 33, 3782, + 771, 488, 581, 317, 50, 5423, 41, 3790, 789, 788, + 791, 209, 5840, 788, 3659, 50, 788, 499, 53, 788, + 788, 3804, 226, 150, 789, 3808, 3671, 3672, 788, 24, + 6341, 3814, 788, 28, 269, 30, 4492, 32, 145, 3822, + 789, 789, 789, 791, 791, 791, 789, 22, 23, 24, + 25, 26, 27, 28, 29, 30, 31, 32, 789, 788, + 791, 788, 788, 3659, 551, 789, 588, 3850, 3851, 18, + 19, 20, 788, 788, 598, 3671, 3672, 788, 621, 204, + 567, 568, 128, 788, 788, 572, 573, 574, 3943, 144, + 294, 40, 788, 788, 317, 501, 788, 4674, 128, 6192, + 788, 788, 415, 788, 53, 3888, 3875, 3876, 3877, 3878, + 3879, 3880, 3881, 788, 4674, 3884, 788, 788, 788, 317, + 788, 3904, 788, 204, 73, 788, 4519, 4580, 255, 5873, + 788, 788, 788, 259, 4492, 675, 6020, 791, 464, 621, + 788, 81, 197, 695, 127, 711, 695, 122, 681, 4605, + 99, 3920, 3921, 640, 3923, 390, 3925, 3926, 3927, 3928, + 3929, 3930, 3931, 209, 3933, 514, 433, 402, 3937, 482, + 297, 537, 538, 33, 209, 541, 542, 543, 143, 306, + 791, 41, 664, 791, 178, 709, 390, 791, 3944, 316, + 50, 4644, 586, 53, 364, 3951, 791, 127, 4492, 398, + 6088, 791, 3985, 791, 43, 332, 693, 147, 81, 752, + 789, 160, 3968, 583, 706, 621, 3951, 771, 158, 762, + 7, 751, 467, 467, 4007, 3944, 166, 202, 788, 68, + 10, 218, 3951, 3968, 791, 548, 31, 550, 77, 517, + 136, 519, 520, 556, 4027, 4028, 4029, 4605, 197, 3968, + 4033, 151, 297, 202, 194, 204, 534, 65, 536, 98, + 127, 316, 3944, 4046, 204, 42, 42, 502, 412, 3951, + 3, 317, 587, 751, 147, 796, 313, 226, 760, 431, + 762, 156, 317, 390, 123, 158, 3968, 6030, 127, 788, + 397, 130, 788, 166, 225, 499, 395, 788, 6525, 4055, + 788, 15, 141, 616, 788, 412, 3951, 796, 788, 127, + 250, 4605, 127, 356, 795, 251, 291, 54, 157, 795, + 791, 194, 127, 3968, 730, 178, 165, 434, 796, 120, + 796, 204, 711, 789, 337, 390, 4055, 572, 278, 178, + 647, 651, 141, 510, 788, 294, 752, 660, 3944, 209, + 44, 629, 630, 337, 313, 3951, 762, 4140, 337, 565, + 300, 128, 154, 202, 5596, 5597, 313, 5599, 788, 178, + 795, 47, 3968, 4055, 791, 796, 788, 250, 431, 789, + 6123, 789, 6414, 106, 340, 22, 23, 24, 25, 26, + 27, 28, 29, 30, 31, 32, 791, 796, 4181, 652, + 789, 350, 789, 242, 796, 278, 684, 685, 247, 248, + 4055, 789, 4195, 789, 4197, 127, 127, 621, 55, 4202, + 4203, 789, 4205, 167, 789, 4208, 4209, 788, 6171, 788, + 366, 136, 539, 791, 288, 127, 4205, 791, 374, 414, + 73, 390, 4976, 756, 778, 552, 501, 791, 796, 695, + 6278, 778, 127, 389, 767, 151, 494, 317, 4816, 708, + 4853, 127, 569, 399, 400, 401, 455, 4322, 791, 439, + 695, 127, 789, 409, 154, 791, 315, 788, 4333, 788, + 4335, 4264, 3, 4255, 4256, 122, 4763, 4764, 4765, 4766, + 4767, 4768, 4769, 4770, 4771, 4772, 431, 4774, 4775, 4776, + 4777, 4778, 4779, 4780, 4781, 151, 4783, 4784, 791, 47, + 4787, 4788, 6544, 240, 621, 119, 218, 356, 367, 123, + 469, 514, 4816, 127, 514, 88, 514, 695, 4962, 4312, + 364, 4314, 88, 514, 4317, 4318, 514, 695, 514, 378, + 4323, 6285, 120, 791, 681, 288, 47, 81, 152, 678, + 499, 127, 600, 789, 4930, 751, 760, 4326, 762, 789, + 789, 789, 4345, 4346, 168, 202, 621, 6451, 106, 4352, + 174, 4432, 789, 158, 4984, 33, 158, 211, 788, 5811, + 791, 5813, 5814, 41, 796, 6413, 65, 137, 443, 252, + 697, 796, 50, 669, 397, 18, 19, 20, 422, 788, + 484, 19, 20, 207, 484, 712, 284, 791, 599, 448, + 741, 547, 68, 147, 788, 238, 4893, 1007, 311, 329, + 5455, 4898, 311, 559, 158, 57, 30, 710, 81, 4484, + 128, 223, 166, 207, 92, 93, 94, 95, 204, 57, + 791, 791, 4503, 22, 23, 24, 25, 26, 27, 28, + 29, 30, 31, 32, 291, 762, 6399, 288, 788, 215, + 194, 788, 146, 154, 227, 1055, 42, 653, 789, 4872, + 204, 227, 621, 789, 6418, 789, 99, 5165, 6, 7, + 138, 139, 140, 431, 789, 6513, 778, 789, 789, 293, + 18, 789, 128, 777, 147, 4478, 6524, 752, 788, 796, + 791, 789, 789, 789, 6532, 158, 269, 762, 644, 789, + 789, 789, 6540, 166, 789, 664, 250, 789, 789, 789, + 4503, 789, 145, 659, 789, 53, 282, 265, 4511, 267, + 791, 789, 190, 191, 290, 789, 4492, 789, 71, 789, + 278, 194, 1132, 122, 278, 720, 218, 586, 723, 791, + 791, 209, 791, 81, 382, 789, 294, 789, 789, 788, + 788, 788, 4534, 96, 700, 4548, 781, 788, 788, 788, + 407, 327, 788, 4492, 595, 789, 109, 414, 714, 342, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, + 32, 119, 125, 216, 771, 123, 254, 250, 31, 127, + 31, 776, 777, 5291, 31, 431, 791, 131, 136, 137, + 4492, 760, 128, 762, 796, 143, 796, 791, 791, 147, + 127, 127, 155, 202, 152, 278, 154, 796, 791, 508, + 158, 791, 796, 791, 791, 5306, 789, 128, 166, 617, + 168, 789, 4625, 259, 53, 1235, 174, 791, 791, 4605, + 273, 274, 275, 271, 417, 100, 5494, 791, 771, 317, + 318, 24, 25, 26, 282, 28, 194, 30, 47, 32, + 293, 675, 5230, 791, 4657, 369, 204, 440, 127, 207, + 122, 791, 580, 158, 440, 6303, 4605, 4670, 4657, 158, + 758, 4674, 511, 553, 4677, 5172, 4492, 443, 123, 227, + 788, 269, 235, 561, 467, 269, 661, 5184, 4677, 269, + 269, 467, 291, 269, 316, 204, 88, 788, 246, 127, + 789, 791, 250, 4605, 771, 4708, 771, 350, 771, 352, + 771, 259, 156, 771, 4717, 771, 5230, 788, 771, 4718, + 478, 771, 19, 20, 5582, 771, 4729, 5150, 771, 372, + 278, 4723, 791, 72, 771, 771, 75, 415, 4813, 771, + 202, 771, 741, 296, 771, 293, 319, 390, 796, 4752, + 771, 299, 300, 145, 397, 4758, 5309, 581, 771, 4762, + 57, 771, 771, 5186, 5299, 5300, 314, 5302, 316, 412, + 771, 789, 5307, 789, 296, 5310, 419, 771, 5313, 5314, + 5488, 771, 420, 4786, 5492, 5493, 5321, 126, 5323, 4605, + 129, 434, 771, 771, 771, 771, 434, 5332, 436, 791, + 789, 789, 431, 300, 482, 580, 145, 168, 407, 791, + 796, 34, 337, 796, 288, 414, 796, 1427, 5494, 791, + 1430, 160, 288, 215, 763, 510, 396, 154, 431, 291, + 468, 789, 153, 153, 472, 227, 796, 4840, 789, 789, + 4816, 789, 214, 481, 4847, 789, 65, 88, 491, 789, + 796, 796, 789, 777, 777, 791, 789, 704, 501, 788, + 413, 414, 788, 720, 342, 288, 723, 288, 242, 4872, + 548, 588, 550, 128, 128, 732, 514, 4816, 556, 662, + 5855, 4870, 788, 788, 667, 796, 662, 226, 129, 796, + 496, 667, 233, 777, 532, 30, 539, 788, 290, 323, + 788, 795, 771, 740, 145, 549, 5582, 337, 204, 552, + 126, 204, 204, 50, 4816, 463, 5494, 4920, 288, 158, + 158, 791, 719, 31, 263, 789, 412, 4930, 686, 687, + 688, 689, 4935, 412, 31, 327, 31, 241, 616, 53, + 284, 30, 30, 788, 788, 4937, 788, 465, 591, 778, + 178, 246, 414, 789, 597, 294, 588, 4960, 778, 742, + 143, 356, 796, 95, 155, 155, 742, 789, 751, 796, + 789, 789, 610, 312, 271, 751, 789, 788, 621, 617, + 5494, 791, 660, 791, 788, 4984, 4962, 207, 789, 627, + 789, 153, 4984, 65, 789, 128, 789, 789, 789, 789, + 4816, 789, 771, 641, 5582, 4984, 788, 4962, 788, 562, + 563, 31, 655, 31, 791, 233, 789, 791, 178, 662, + 788, 788, 263, 4962, 5000, 313, 233, 665, 771, 791, + 558, 741, 5113, 581, 697, 697, 674, 204, 788, 677, + 6492, 282, 788, 412, 5752, 382, 788, 300, 440, 388, + 300, 53, 791, 294, 697, 789, 791, 695, 31, 209, + 4962, 5000, 450, 288, 53, 213, 5069, 325, 5582, 712, + 713, 312, 443, 711, 789, 467, 252, 131, 756, 506, + 789, 65, 725, 257, 168, 316, 789, 789, 726, 767, + 5625, 508, 647, 791, 207, 65, 789, 4962, 5000, 789, + 791, 342, 351, 169, 316, 789, 218, 5110, 789, 789, + 5113, 451, 789, 174, 788, 762, 791, 5109, 5121, 762, + 771, 720, 771, 420, 723, 771, 791, 5208, 167, 749, + 5109, 422, 422, 732, 204, 5000, 218, 434, 53, 436, + 681, 789, 248, 300, 300, 170, 4962, 5150, 788, 30, + 5153, 30, 5155, 218, 597, 5144, 5145, 5146, 388, 218, + 218, 65, 218, 159, 159, 712, 218, 5170, 218, 712, + 723, 468, 218, 218, 596, 472, 417, 218, 204, 390, + 204, 607, 489, 5186, 481, 253, 796, 128, 588, 316, + 204, 443, 154, 5182, 5183, 431, 789, 789, 789, 502, + 5623, 553, 5205, 5192, 5207, 617, 72, 155, 71, 75, + 758, 789, 789, 65, 606, 789, 5205, 514, 789, 791, + 789, 410, 50, 771, 791, 789, 791, 788, 796, 788, + 788, 431, 795, 5236, 796, 532, 53, 789, 658, 31, + 382, 789, 788, 791, 65, 65, 794, 795, 788, 117, + 5239, 65, 450, 788, 5230, 5931, 648, 30, 720, 598, + 126, 723, 335, 129, 749, 141, 160, 749, 226, 394, + 674, 426, 316, 127, 428, 667, 282, 791, 553, 145, + 449, 789, 1892, 5301, 789, 789, 692, 5290, 788, 791, + 789, 5230, 423, 587, 160, 788, 788, 788, 5316, 160, + 5303, 5304, 5305, 160, 237, 789, 53, 788, 5326, 789, + 6365, 105, 5315, 610, 5317, 5333, 791, 5335, 5336, 580, + 617, 5324, 5325, 715, 795, 795, 683, 5330, 5230, 788, + 627, 5944, 6089, 791, 5337, 789, 65, 65, 65, 5342, + 31, 415, 127, 288, 641, 127, 288, 160, 316, 791, + 742, 789, 218, 5931, 5357, 791, 588, 789, 789, 751, + 226, 605, 5351, 5941, 653, 5368, 444, 371, 665, 788, + 709, 6128, 605, 730, 1984, 788, 300, 674, 796, 788, + 677, 789, 796, 788, 72, 796, 204, 5379, 795, 431, + 2000, 2001, 795, 789, 120, 120, 282, 263, 695, 288, + 5379, 73, 282, 288, 288, 692, 588, 648, 72, 72, + 15, 730, 65, 65, 5230, 5391, 160, 5931, 50, 703, + 788, 662, 788, 30, 789, 788, 667, 5941, 294, 726, + 789, 791, 718, 791, 18, 5438, 791, 253, 219, 144, + 99, 99, 218, 6, 432, 588, 312, 5450, 5451, 588, + 730, 15, 5391, 297, 653, 788, 5459, 422, 422, 788, + 434, 789, 6153, 789, 181, 788, 791, 5470, 160, 709, + 5473, 5474, 788, 788, 715, 5478, 749, 160, 202, 5482, + 6535, 343, 6239, 99, 53, 297, 154, 5490, 730, 5391, + 789, 704, 5495, 593, 204, 430, 199, 745, 356, 426, + 208, 742, 5583, 788, 174, 342, 789, 788, 5497, 5584, + 788, 5586, 788, 589, 788, 744, 788, 744, 5494, 788, + 2130, 789, 388, 788, 5513, 789, 5391, 2137, 788, 5610, + 789, 5612, 127, 15, 219, 791, 252, 730, 6035, 6036, + 791, 6038, 6039, 6040, 6041, 484, 789, 336, 204, 204, + 204, 65, 789, 431, 789, 5494, 297, 101, 112, 204, + 5563, 5984, 5565, 6538, 204, 789, 143, 653, 2178, 116, + 30, 436, 259, 788, 791, 3659, 3059, 3939, 5360, 5364, + 3778, 5584, 5362, 5586, 5915, 4409, 5945, 5562, 6108, 5592, + 6343, 5594, 5494, 5611, 4478, 782, 784, 782, 3968, 4962, + 1482, 5113, 3950, 4503, 2566, 3738, 5582, 4739, 2136, 2473, + 4045, 2666, 2668, 5616, 5617, 5618, 5619, 4023, 5774, 5773, + 5623, 5624, 5549, 5626, 850, 4919, 4431, 2667, 5631, 5632, + 5639, 4666, 5635, 4670, 5434, 5069, 6159, 5640, 5641, 2905, + 5719, 6280, 6418, 5582, 5647, 5648, 6378, 5650, 6043, 5717, + 1007, 3202, 4914, 1470, 5298, 5658, 5937, 5342, 5482, 4920, + 6402, 6229, 6239, 5613, 5164, 6088, 1023, 6128, 6165, 6121, + 1027, 6168, 867, 6121, 6121, 5678, 6121, 4602, 5494, 6176, + 5582, 1635, 6179, 3860, 4498, 4385, 4555, 4065, 6097, 6153, + 5693, 2510, 3336, 1050, 4143, 2305, 4636, 4633, 1055, 4628, + 6424, 496, 6396, 1060, 6397, 496, 5922, 3770, 6184, 6200, + 6196, 5824, 5787, 2535, 5607, 5609, 4315, 4919, 5339, 1491, + 3758, 2329, 5996, 1898, 3753, 43, 3230, 6147, 5828, 5732, + 2491, 3048, 598, 3608, 4033, 3392, 4537, 542, 1454, 790, + 5743, 3568, 3702, 1401, 1441, 5748, 1218, 3837, 4982, 6172, + 68, 5793, 5755, 5756, 3617, 4657, 3519, 5760, 5761, 77, + 6229, 3516, 3586, 4180, 3585, 2070, 5582, 5770, 2126, 1126, + 1127, 1128, 1129, 5776, 1990, 1132, 4090, 5780, 1969, 5012, + 98, 5773, 1139, 2001, 5787, 6352, 6120, 6457, 6456, 2380, + 2385, 5794, 6405, 4975, 2404, 1399, 2406, 1399, 1399, 1399, + 5370, 1399, 5805, 6013, 5121, 123, 6014, 2401, 2375, 127, + 1975, 3173, 130, 4166, 3824, 4847, 4846, 4164, 5429, 6020, + 5840, 5096, 5425, 141, 5827, 1432, 3840, 5013, 3833, 5446, + 5833, 1462, 5835, 796, 4976, 650, 4390, 5840, 4391, 157, + 4616, 4853, 3166, 709, 2578, 514, 5849, 165, 496, 5930, + 2631, 1836, 712, 5934, 669, 3385, 1308, 5860, 5861, 4534, + 178, 4723, 5732, 5866, 3872, 5940, 5941, 5143, 4710, 4708, + 6413, 3018, 5947, 5948, 895, 3019, 2209, 6300, 1235, 896, + 5955, 703, 3694, 3076, 202, 5770, 251, 5462, 703, 2318, + 6416, 5894, 92, 93, 94, 95, 703, 1457, 1903, 703, + 4540, 6462, 5905, 5255, 6532, 6540, 5603, 1011, 5911, 6451, + 3151, 3038, 3382, 5450, 3435, 3672, 5919, 3671, 5921, 702, + 2951, 2673, 702, 3673, 242, 3664, 3668, 4214, 6541, 247, + 248, 3663, 5935, 2647, 2349, 1233, 2148, 5940, 138, 139, + 140, 700, 1199, 4420, 3613, 4872, 4988, 3224, 3773, 1891, + 1891, 5689, 5955, 6376, 4432, 5931, 5959, 743, 1342, 520, + 496, 496, 496, 4329, 1321, 5941, 3131, 980, 4531, 5972, + 5988, 5230, 2669, 4048, 4727, 980, 999, 5947, 6249, 5982, + 5230, 5984, 5220, 5219, 5240, 887, 5941, 5990, 5991, 5992, + 190, 191, 5931, -1, -1, 1830, 999, 315, -1, 6080, + -1, 366, 5941, -1, -1, -1, -1, -1, -1, 374, + 6013, 6014, -1, -1, -1, -1, 6097, -1, -1, -1, + -1, -1, -1, -1, 389, -1, -1, -1, -1, 5931, + 108, -1, -1, -1, 399, 400, 401, -1, 356, 5941, + -1, -1, -1, -1, 409, -1, 861, -1, -1, -1, + 865, 6054, 867, -1, 254, -1, 6059, -1, -1, -1, + 378, -1, 6065, -1, 142, -1, 2676, -1, -1, -1, + 1427, -1, 887, 1430, -1, -1, 5941, -1, -1, -1, + -1, -1, -1, -1, -1, 6088, 6075, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 6519, -1, -1, -1, + -1, -1, 180, 6106, -1, 6528, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5931, -1, 6120, 318, -1, + -1, -1, -1, -1, -1, 5941, -1, -1, -1, -1, + 448, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2750, 2751, -1, -1, 6147, -1, -1, 1504, -1, -1, + 965, 966, -1, 968, 969, 970, 6159, -1, -1, -1, + 975, -1, -1, -1, 6245, -1, -1, -1, -1, 6172, + -1, -1, 6247, -1, 6249, -1, -1, 6166, 6167, -1, + -1, -1, 547, -1, -1, -1, -1, -1, -1, 6178, + -1, -1, 6, 7, 559, -1, -1, -1, -1, -1, + -1, 6204, -1, -1, 18, -1, -1, -1, -1, -1, + 6213, -1, 6215, 6216, -1, 415, -1, -1, -1, -1, + -1, -1, 2832, -1, -1, -1, -1, -1, -1, -1, + 6229, -1, -1, -1, -1, 2845, -1, 6229, -1, 53, + 6243, -1, -1, -1, 6247, -1, 6249, -1, -1, 6252, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6344, -1, -1, -1, 81, 586, -1, + -1, 6, 7, -1, -1, 6278, -1, -1, -1, -1, + -1, -1, 482, 18, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 659, -1, -1, 6300, -1, -1, + 6289, -1, -1, 6292, -1, 119, -1, -1, -1, 123, + -1, -1, -1, 127, -1, 6318, 6319, -1, 53, 6322, + 6401, 6402, 136, 137, -1, 2935, 6329, -1, -1, -1, + -1, -1, -1, 147, -1, 700, -1, -1, 152, -1, + 154, 2951, -1, -1, 158, -1, 81, -1, 548, 714, + 550, -1, 166, -1, 168, -1, 556, -1, -1, 6440, + 174, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6376, -1, -1, -1, -1, -1, -1, + 194, -1, -1, -1, 119, -1, -1, 6390, 123, -1, + 204, -1, 127, 207, -1, -1, -1, -1, -1, -1, + -1, 136, 137, -1, -1, -1, -1, 485, -1, -1, + 6413, -1, 147, 227, -1, -1, 616, 152, -1, 154, + -1, -1, 740, 158, -1, -1, -1, -1, -1, 3039, + -1, 166, 246, 168, -1, -1, 250, 515, 516, 174, + 518, 519, 520, 521, 522, 259, 524, 525, 526, 527, + 528, 529, 530, 531, -1, 533, 534, 535, 536, 194, + 660, -1, -1, -1, 278, -1, -1, -1, -1, 204, + 3080, -1, 207, -1, -1, -1, -1, -1, -1, 293, + -1, -1, -1, -1, -1, -1, 300, -1, -1, -1, + -1, -1, 227, -1, -1, -1, -1, -1, -1, -1, + 314, -1, 316, -1, -1, -1, -1, -1, -1, 1324, + 6513, 246, -1, -1, -1, 250, 6519, -1, -1, -1, + -1, 6524, -1, -1, 259, 6528, -1, -1, -1, 6532, + -1, -1, -1, -1, -1, 1892, -1, 6540, -1, -1, + -1, -1, -1, 278, 1901, -1, 1903, -1, -1, -1, + -1, 629, 630, -1, -1, -1, 756, -1, 293, -1, + -1, -1, -1, -1, -1, 300, -1, 767, -1, -1, + -1, -1, -1, 3183, -1, 3185, 3186, 3187, -1, 314, + -1, 316, 683, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 762, 113, 114, 115, -1, -1, -1, - -1, -1, -1, -1, 123, -1, -1, -1, 127, -1, - -1, 130, -1, -1, -1, -1, 1023, -1, -1, -1, - 1027, -1, 141, -1, -1, -1, 18, 19, 20, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 157, -1, - -1, -1, -1, 1050, -1, -1, 165, -1, -1, -1, - -1, -1, -1, 1060, -1, -1, -1, -1, -1, 178, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 71, - -1, 73, -1, 202, 3382, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 1126, - 1127, 1128, 1129, 242, -1, -1, 5981, -1, 247, 248, - -1, -1, 1139, -1, -1, -1, 5991, -1, 3436, 18, - 19, 20, 3440, -1, -1, 3443, -1, -1, -1, -1, - -1, -1, -1, 145, 3452, -1, -1, -1, -1, -1, - -1, -1, -1, 3461, -1, 3463, 3464, -1, 3466, 3467, - 3468, 3469, -1, 3471, -1, 3473, 3474, -1, 3476, -1, - -1, -1, -1, -1, -1, -1, 3484, 3485, 4739, -1, - -1, 3489, 3490, 3491, 313, -1, 315, -1, -1, -1, - -1, 3499, 3500, 3501, -1, 3503, -1, 3505, -1, 3507, - -1, 3509, -1, 3511, -1, -1, -1, -1, 3516, 3517, - 99, 3519, 3520, 3521, 216, -1, -1, 3525, -1, 43, - 3528, -1, -1, 581, -1, -1, -1, 356, -1, 3537, - -1, -1, 3540, -1, 3542, 3543, 3544, 2544, -1, 3547, - -1, -1, -1, -1, 68, -1, -1, -1, -1, 378, - -1, -1, -1, 77, -1, -1, 145, -1, -1, -1, - -1, 3569, -1, 3571, -1, -1, 3574, -1, -1, -1, - -1, 273, 274, 275, 98, -1, 3584, 3585, 3586, 3587, - 3588, 3589, -1, -1, -1, -1, 3594, -1, -1, -1, - -1, 293, -1, -1, -1, -1, -1, 3605, -1, 123, - -1, -1, 431, 127, 1321, -1, 130, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 141, -1, 448, - -1, -1, -1, -1, -1, -1, -1, 216, -1, -1, - -1, -1, -1, 157, -1, 2642, -1, -1, -1, -1, - -1, 165, -1, -1, -1, -1, -1, -1, 350, -1, - 352, -1, -1, -1, 178, -1, -1, -1, -1, 2666, - -1, -1, -1, 2670, -1, 3673, -1, -1, 370, -1, - 372, -1, -1, -1, -1, -1, -1, 6242, 202, -1, - -1, -1, -1, -1, 273, 274, 275, -1, 390, -1, - -1, -1, -1, -1, -1, 397, -1, -1, 3706, -1, - 758, -1, -1, -1, 293, -1, -1, -1, -1, -1, - 412, -1, -1, 771, -1, -1, -1, 419, 242, -1, - 3728, -1, -1, 247, 248, -1, -1, -1, -1, 3737, - 3738, 789, 434, 791, -1, -1, 794, 795, -1, -1, - -1, -1, 43, -1, -1, -1, -1, -1, -1, -1, - -1, 5012, -1, -1, -1, -1, -1, 586, -1, -1, - -1, 350, -1, 352, -1, -1, -1, 68, -1, -1, - -1, -1, -1, -1, -1, -1, 77, -1, -1, -1, - -1, -1, -1, 372, -1, -1, -1, 1504, -1, 491, - 3798, 315, -1, -1, -1, -1, -1, 98, -1, 501, - -1, 390, -1, -1, -1, -1, -1, -1, 397, -1, - -1, -1, -1, 3821, -1, -1, -1, -1, -1, -1, - -1, 5082, 123, 412, -1, 3833, 127, -1, -1, 130, - 419, -1, 356, -1, -1, -1, -1, 539, -1, -1, - 141, -1, -1, -1, -1, 434, -1, -1, -1, -1, - 552, -1, 48, -1, 378, -1, 157, -1, -1, -1, - -1, -1, -1, -1, 165, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 178, -1, -1, - -1, -1, -1, -1, 80, -1, -1, -1, -1, 591, - -1, -1, -1, -1, -1, 597, -1, -1, -1, -1, - -1, 202, 491, 3911, -1, 101, -1, 431, -1, -1, - -1, -1, 501, -1, 110, -1, -1, -1, -1, 621, - -1, -1, -1, -1, 448, -1, -1, -1, -1, -1, - -1, -1, 2939, -1, -1, 131, -1, -1, -1, -1, - -1, 242, -1, -1, -1, -1, 247, 248, -1, 145, - 539, -1, -1, 655, 150, -1, -1, -1, -1, -1, - 662, -1, -1, 552, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3981, 3982, -1, -1, -1, 174, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 697, -1, -1, -1, -1, - -1, -1, 591, 4011, -1, -1, -1, -1, 597, -1, - 712, 713, -1, -1, 315, -1, -1, -1, -1, -1, - -1, -1, 323, 725, -1, -1, -1, -1, -1, -1, - -1, -1, 621, -1, -1, -1, -1, 233, -1, -1, - -1, 237, -1, -1, -1, -1, -1, -1, -1, -1, - 4058, -1, -1, 4061, -1, 356, -1, -1, -1, 255, - 762, -1, 586, 259, 260, -1, 655, -1, -1, 3076, - -1, -1, -1, 662, -1, -1, -1, 378, 4086, 4087, - -1, -1, -1, 4091, -1, -1, -1, -1, -1, -1, - -1, -1, 4100, -1, 290, -1, -1, -1, -1, -1, - -1, 297, 298, -1, -1, 4113, -1, 4115, 697, 4117, - -1, 4119, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 712, 713, 4133, -1, -1, -1, -1, - 431, 4139, -1, -1, -1, -1, 725, -1, -1, -1, - -1, -1, -1, -1, 4152, 4153, -1, 448, -1, 4157, - -1, 4159, -1, 4161, -1, -1, -1, -1, 4166, -1, - -1, 357, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 762, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 1901, -1, 1903, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4207, - -1, 397, -1, 4211, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3221, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4249, -1, -1, 440, 1962, 1963, -1, -1, 445, + -1, -1, -1, -1, -1, 1962, 1963, -1, -1, -1, -1, 1968, -1, -1, -1, 1972, 1973, 1974, -1, -1, - 456, 457, -1, -1, -1, 1982, 1983, -1, -1, -1, + -1, -1, -1, -1, -1, 1982, 1983, 1984, -1, 730, -1, 1988, -1, -1, -1, 1992, 1993, 1994, -1, 1996, - 1997, 1998, -1, -1, -1, 586, -1, -1, -1, -1, + 1997, 1998, -1, 2000, 2001, -1, -1, -1, -1, -1, 2007, -1, 2009, -1, -1, 2012, 2013, 2014, 2015, -1, 2017, -1, 2019, 2020, -1, -1, -1, -1, -1, -1, - 3317, -1, -1, -1, -1, -1, 2033, 2034, 2035, 2036, + -1, -1, -1, -1, -1, -1, 2033, 2034, 2035, 2036, 2037, -1, 2039, 2040, 2041, 2042, 2043, 2044, -1, 2046, 2047, -1, 2049, 2050, -1, 2052, 2053, -1, -1, 2056, - 2057, 4349, 2059, 2060, -1, -1, 2063, -1, 2065, -1, - 4358, -1, 2069, 2070, 2071, -1, -1, 2074, 2075, 2076, - 2077, -1, 2079, -1, 4372, -1, 4374, 4375, -1, 2086, + 2057, -1, 2059, 2060, -1, -1, 2063, -1, 2065, -1, + -1, -1, 2069, 2070, 2071, -1, -1, 2074, 2075, 2076, + 2077, -1, 2079, -1, -1, -1, -1, -1, -1, 2086, -1, -1, -1, -1, -1, 2092, 2093, 2094, 2095, -1, -1, -1, -1, -1, -1, -1, 2103, 2104, -1, 2106, 2107, -1, -1, 2110, 2111, 2112, 2113, 2114, 2115, 2116, - 2117, 2118, 2119, 2120, 2121, 2122, -1, -1, 2125, 18, - 19, 20, -1, -1, -1, 611, -1, -1, -1, -1, - -1, -1, 3429, 3430, 3431, 621, -1, -1, 3435, -1, - -1, -1, -1, -1, -1, -1, 632, 46, -1, 48, - 3447, -1, 638, 2160, 3451, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 43, -1, -1, - -1, 70, -1, -1, -1, 5726, -1, -1, -1, 78, - -1, -1, -1, -1, 670, -1, -1, -1, 674, -1, - -1, -1, 68, -1, -1, -1, -1, -1, -1, -1, - 99, 77, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 110, -1, -1, -1, -1, -1, -1, -1, 705, - -1, -1, 98, 4521, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4541, -1, -1, 145, 123, -1, -1, - -1, 127, -1, -1, 130, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 141, -1, -1, -1, -1, - -1, 2278, -1, 2280, -1, 174, -1, -1, -1, 4577, - 4578, 157, 4580, -1, -1, -1, -1, -1, -1, 165, - -1, -1, -1, -1, -1, 4593, 4594, 4595, -1, -1, - -1, -1, 178, -1, 2311, -1, -1, -1, 207, -1, - -1, -1, -1, -1, -1, -1, -1, 216, -1, -1, - -1, -1, 4620, 4621, -1, -1, 202, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 241, -1, -1, -1, 4644, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 4656, -1, - -1, -1, -1, -1, -1, -1, 242, 4665, -1, -1, - -1, 247, 248, -1, 273, 274, 275, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2398, -1, -1, 293, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4710, -1, -1, -1, 4714, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2433, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 315, - -1, 4739, -1, 342, -1, -1, -1, -1, -1, -1, - -1, 350, -1, 352, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2470, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 372, -1, -1, -1, -1, -1, -1, - 356, -1, -1, -1, -1, -1, -1, -1, -1, 56, - 57, 390, -1, -1, 61, 62, -1, -1, 397, -1, - -1, -1, 378, -1, 71, -1, -1, -1, -1, -1, - -1, -1, -1, 412, -1, -1, -1, -1, -1, -1, - 419, -1, -1, -1, 423, -1, -1, -1, -1, 96, - -1, 430, -1, -1, -1, 434, -1, 19, 20, -1, - -1, -1, 109, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 431, -1, -1, 125, -1, - 127, -1, -1, -1, 463, 47, -1, 49, -1, -1, - -1, -1, 448, -1, -1, 57, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 155, 71, - -1, -1, 491, -1, -1, -1, -1, 79, 80, -1, - -1, -1, 501, -1, -1, -1, -1, 89, 175, 176, - 177, -1, -1, -1, -1, -1, -1, -1, 185, 186, - 187, 103, 104, -1, -1, 2632, -1, -1, -1, 4927, - 4928, -1, -1, -1, -1, -1, 203, -1, -1, -1, - 539, -1, -1, -1, -1, -1, -1, 3944, -1, -1, - -1, -1, -1, 552, 3951, 554, -1, -1, -1, -1, - -1, -1, -1, 145, -1, -1, -1, -1, 235, -1, - 2677, 3968, -1, -1, -1, -1, -1, 159, 2685, 2686, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 591, -1, -1, 262, -1, -1, 597, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 586, 5009, -1, -1, 5012, -1, -1, -1, 285, 286, - 287, -1, 621, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2739, 215, -1, -1, -1, -1, -1, -1, - 307, 308, -1, -1, -1, 227, -1, -1, -1, -1, - -1, -1, -1, -1, 43, -1, 655, -1, 4055, -1, - -1, -1, -1, 662, -1, 5063, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2782, 2783, 2784, -1, 68, - -1, -1, -1, -1, 5082, -1, -1, -1, 77, -1, - -1, 358, -1, 360, 361, -1, -1, -1, 697, -1, - 282, -1, -1, -1, -1, -1, -1, -1, -1, 98, - 377, -1, -1, 712, 713, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 725, -1, -1, -1, - -1, -1, -1, -1, 123, 2842, -1, -1, 127, -1, - -1, 130, -1, -1, 5142, 327, 413, 414, -1, -1, - -1, -1, 141, 2860, -1, -1, -1, 2864, 2865, -1, - 2867, 2868, -1, 762, -1, -1, 348, -1, 157, 2876, - -1, 2878, -1, -1, -1, 357, 165, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 370, 178, - -1, -1, 459, -1, -1, -1, -1, -1, -1, 381, - -1, -1, 2909, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 202, -1, -1, -1, -1, -1, -1, - -1, -1, 404, -1, -1, -1, -1, -1, 2935, -1, - -1, -1, -1, 500, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5245, -1, 5247, - -1, 433, 434, 242, -1, 437, -1, 439, 247, 248, - -1, -1, -1, -1, 2971, -1, -1, 683, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2988, -1, -1, 466, 467, -1, -1, -1, -1, - 472, 473, -1, -1, -1, 562, 563, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 489, -1, -1, - -1, 578, 579, -1, 730, -1, -1, -1, 3025, -1, - -1, -1, 4319, 4320, -1, 3032, 315, -1, 510, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 532, -1, -1, 620, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 356, -1, -1, - -1, -1, -1, -1, -1, 5373, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 378, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 5401, 586, -1, -1, -1, -1, -1, - -1, -1, 4409, -1, -1, -1, -1, -1, -1, 601, - -1, -1, -1, -1, -1, -1, 5424, -1, 610, 3136, - -1, 613, 614, -1, 4431, -1, -1, -1, -1, -1, - -1, -1, 431, -1, -1, -1, 628, -1, -1, -1, - 717, -1, -1, 720, -1, -1, 723, -1, -1, 448, - -1, -1, -1, 3170, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 747, -1, 3189, 665, -1, -1, 3193, -1, 3195, -1, - -1, -1, 674, -1, -1, 4492, -1, -1, -1, -1, - 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 695, -1, 697, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 748, -1, -1, -1, - -1, -1, -1, 755, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 586, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 1023, 4605, -1, - -1, 1027, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 1050, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 1060, -1, -1, -1, -1, -1, + 2117, 2118, 2119, 2120, 2121, 2122, -1, 581, 2125, -1, + -1, -1, 3382, 2130, -1, -1, -1, -1, -1, -1, + 2137, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 19, 20, 2160, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2178, -1, -1, -1, -1, -1, -1, -1, 47, + -1, 49, -1, -1, -1, -1, -1, -1, -1, 57, + -1, -1, -1, -1, -1, -1, 581, -1, -1, -1, + -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, + -1, 79, 80, -1, -1, -1, -1, 6, 7, -1, + -1, 89, -1, -1, -1, -1, -1, -1, -1, 18, + 19, 20, -1, -1, -1, 103, 104, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 46, -1, 48, + 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2278, 1023, 2280, -1, -1, 1027, 145, -1, -1, + -1, 70, -1, 72, -1, -1, -1, -1, -1, 78, + -1, 159, -1, -1, 758, -1, -1, -1, 2305, 1050, + -1, -1, -1, -1, 2311, -1, -1, 771, -1, 1060, + 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 110, -1, -1, -1, 789, -1, 791, 3588, -1, + 794, 795, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3605, -1, 215, -1, -1, + -1, -1, -1, -1, -1, -1, 145, -1, -1, 227, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 758, -1, 1126, 1127, 1128, 1129, -1, + -1, -1, -1, -1, -1, 174, 771, -1, 1139, -1, + -1, 2398, -1, -1, -1, -1, -1, 2404, -1, 2406, + -1, -1, -1, -1, 789, -1, 791, -1, -1, 794, + 795, -1, -1, 3673, 282, -1, 205, -1, 207, -1, + -1, -1, -1, -1, -1, -1, 2433, 216, -1, 218, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 241, -1, -1, -1, -1, -1, -1, 327, + -1, -1, -1, 2470, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3737, 3738, -1, + 348, -1, -1, -1, 273, 274, 275, -1, -1, 357, + -1, -1, -1, -1, -1, -1, -1, -1, 48, -1, + -1, -1, 370, -1, 293, -1, -1, -1, -1, -1, + -1, -1, -1, 381, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 80, -1, -1, -1, -1, -1, 404, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 101, -1, 342, -1, -1, -1, -1, -1, -1, + 110, 350, -1, 352, -1, 433, 434, -1, -1, 437, + 1321, 439, -1, 3833, -1, -1, -1, -1, -1, -1, + -1, 131, -1, 372, -1, -1, -1, -1, -1, -1, + 379, -1, -1, -1, -1, 145, -1, -1, 466, 467, + 150, 390, -1, -1, 472, 473, -1, -1, 397, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 489, -1, 412, 174, 2632, -1, -1, -1, -1, + 419, -1, -1, -1, 423, 424, -1, -1, -1, -1, + -1, 430, 510, -1, -1, 434, -1, -1, -1, -1, + -1, -1, -1, 442, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 532, -1, -1, -1, -1, 2676, + 2677, -1, -1, -1, 463, -1, -1, -1, 2685, 2686, + -1, -1, -1, 233, -1, -1, -1, 237, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 487, -1, + -1, -1, 491, -1, -1, 255, -1, -1, -1, 259, + 260, -1, 501, -1, -1, -1, -1, -1, 586, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2739, 601, -1, -1, -1, -1, -1, -1, + 290, -1, 610, 2750, 2751, 613, 614, 297, 298, -1, + 539, 4011, -1, 1504, -1, -1, -1, -1, -1, -1, + 628, -1, -1, 552, -1, 554, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2782, 2783, 2784, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 665, -1, -1, + -1, -1, 591, -1, -1, -1, 674, 357, 597, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2832, -1, 695, -1, 697, + -1, -1, 621, 622, 43, 2842, -1, -1, 2845, -1, + 4100, -1, -1, -1, 633, 634, 635, 397, -1, -1, + -1, -1, -1, 2860, -1, -1, -1, 2864, 2865, 68, + 2867, 2868, -1, -1, -1, -1, 655, -1, 77, 2876, + -1, 2878, -1, 662, -1, -1, -1, -1, -1, 4139, + 748, -1, -1, -1, -1, -1, -1, 755, -1, 98, + 440, -1, -1, -1, -1, 445, -1, -1, -1, -1, + -1, -1, 2909, -1, -1, -1, 456, 457, 697, -1, + -1, -1, -1, -1, 123, -1, -1, -1, 127, -1, + -1, 130, -1, 712, 713, -1, -1, -1, 2935, -1, + -1, -1, 141, -1, -1, -1, 725, -1, -1, -1, + 729, -1, -1, -1, 2951, -1, -1, 4207, 157, -1, + -1, -1, -1, -1, -1, -1, 165, -1, -1, -1, + -1, -1, -1, -1, 2971, -1, -1, -1, -1, 178, + -1, -1, -1, 762, -1, -1, -1, -1, -1, -1, + -1, 2988, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 202, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 43, -1, -1, 795, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3025, -1, + -1, -1, -1, -1, -1, 3032, -1, -1, 68, -1, + -1, -1, 3039, 242, -1, -1, -1, 77, 247, 248, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 98, -1, + -1, 611, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 621, -1, 3080, -1, -1, -1, -1, -1, 2544, + -1, -1, 632, 123, -1, -1, -1, 127, 638, -1, + 130, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 141, -1, -1, -1, -1, 315, -1, -1, -1, + -1, -1, -1, -1, 4374, -1, -1, 157, -1, -1, + 670, -1, -1, -1, 674, 165, -1, -1, -1, 3136, + -1, -1, -1, -1, -1, -1, -1, -1, 178, -1, + -1, -1, -1, -1, -1, -1, -1, 356, -1, -1, + 1901, -1, 1903, -1, -1, 705, -1, -1, -1, -1, + -1, -1, 202, 3170, -1, -1, -1, -1, -1, 378, + -1, -1, -1, -1, -1, -1, 3183, 2642, 3185, 3186, + 3187, -1, 3189, -1, -1, -1, 3193, -1, 3195, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2666, 242, -1, -1, 2670, -1, 247, 248, -1, + -1, 1962, 1963, -1, -1, -1, -1, 1968, -1, -1, + -1, 1972, 1973, 1974, -1, -1, -1, -1, -1, -1, + -1, 1982, 1983, -1, -1, -1, -1, 1988, -1, 448, + -1, 1992, 1993, 1994, -1, 1996, 1997, 1998, -1, -1, + -1, -1, -1, -1, -1, -1, 2007, -1, 2009, -1, + -1, 2012, 2013, 2014, 2015, -1, 2017, -1, 2019, 2020, + -1, -1, -1, -1, -1, 315, -1, -1, -1, -1, + -1, -1, 2033, 2034, 2035, 2036, 2037, -1, 2039, 2040, + 2041, 2042, 2043, 2044, -1, 2046, 2047, -1, 2049, 2050, + -1, 2052, 2053, -1, -1, 2056, 2057, -1, 2059, 2060, + -1, -1, 2063, -1, 2065, -1, 356, -1, 2069, 2070, + 2071, -1, -1, 2074, 2075, 2076, 2077, -1, 2079, -1, + -1, -1, -1, -1, -1, 2086, -1, -1, 378, -1, + -1, 2092, 2093, 2094, 2095, -1, 18, 19, 20, -1, + -1, -1, 2103, 2104, -1, 2106, 2107, -1, -1, 2110, + 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, 2120, + 2121, 2122, -1, -1, 2125, 3382, -1, 586, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5694, -1, -1, -1, + -1, 431, -1, -1, -1, -1, -1, -1, -1, 71, + -1, 73, -1, -1, -1, -1, -1, -1, 448, 2160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 1126, 1127, 1128, 1129, -1, -1, -1, -1, -1, -1, - 5718, -1, -1, 1139, -1, -1, -1, -1, 5726, 3436, - -1, -1, -1, 3440, 5732, -1, 3443, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 99, -1, 3436, + -1, -1, -1, 3440, -1, -1, 3443, -1, -1, -1, -1, -1, -1, -1, -1, 3452, -1, -1, -1, -1, -1, -1, -1, -1, 3461, -1, 3463, 3464, -1, 3466, 3467, 3468, 3469, -1, 3471, -1, 3473, 3474, -1, 3476, - -1, -1, -1, -1, -1, -1, -1, 3484, 3485, -1, + -1, -1, -1, 145, 2939, -1, -1, 3484, 3485, 4739, -1, -1, 3489, 3490, 3491, -1, -1, -1, -1, -1, - -1, -1, 3499, 3500, 3501, -1, 3503, 4794, 3505, -1, + -1, -1, 3499, 3500, 3501, -1, 3503, -1, 3505, -1, 3507, -1, 3509, -1, 3511, -1, -1, -1, -1, 3516, - 3517, -1, 3519, 3520, 3521, -1, -1, -1, 3525, 4816, - -1, 3528, -1, -1, -1, -1, -1, -1, -1, -1, - 3537, -1, -1, 3540, -1, 3542, 3543, 3544, -1, -1, - 3547, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3569, -1, 3571, -1, -1, 3574, -1, -1, - -1, -1, -1, -1, 5872, -1, -1, 3584, 3585, 3586, - 3587, -1, 3589, -1, -1, -1, -1, 3594, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 1321, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4914, -1, -1, - -1, 5919, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4961, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5996, 3706, - -1, -1, 4999, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 3728, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 1504, -1, - 6088, 3798, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3821, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 6127, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6139, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3911, 5202, -1, -1, 5205, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6228, -1, 5229, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3517, -1, 3519, 3520, 3521, -1, -1, -1, 3525, -1, + -1, 3528, -1, -1, -1, -1, -1, 2278, -1, 2280, + 3537, -1, -1, 3540, -1, 3542, 3543, 3544, 43, -1, + 3547, -1, -1, -1, 216, -1, 586, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2311, -1, 3569, 68, 3571, -1, -1, 3574, -1, -1, + -1, -1, 77, -1, -1, -1, -1, 3584, 3585, 3586, + 3587, 3588, 3589, 11, -1, 13, -1, 3594, -1, -1, + 18, 19, 20, 98, -1, -1, -1, -1, 3605, -1, + -1, 273, 274, 275, -1, -1, -1, -1, -1, -1, + -1, 3076, -1, -1, -1, -1, -1, -1, 123, -1, + -1, 293, 127, -1, -1, 130, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 141, -1, -1, -1, + -1, -1, -1, 71, -1, 73, -1, 2398, -1, -1, + -1, -1, 157, -1, -1, -1, -1, -1, -1, -1, + 165, -1, -1, -1, -1, -1, 3673, -1, -1, -1, + -1, 99, -1, 178, -1, -1, -1, -1, 350, -1, + 352, -1, 2433, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 202, 370, 3706, + 372, -1, -1, -1, 18, 19, 20, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 145, 390, 2470, + -1, 3728, -1, -1, -1, 397, -1, -1, -1, -1, + 3737, 3738, -1, -1, -1, -1, -1, 242, -1, 167, + 412, -1, 247, 248, -1, -1, -1, 419, -1, -1, + -1, -1, 43, 5013, -1, -1, 3221, 71, -1, 73, + -1, -1, 434, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 68, -1, -1, + -1, -1, -1, -1, -1, 99, 77, -1, 216, -1, + -1, 3798, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 98, -1, -1, + 315, -1, -1, -1, 3821, -1, -1, -1, -1, 491, + -1, -1, -1, 5083, -1, -1, 3833, -1, -1, 501, + -1, 145, 123, -1, -1, -1, 127, -1, -1, 130, + -1, -1, -1, -1, -1, 273, 274, 275, -1, -1, + 141, 356, 3317, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 293, 157, 539, -1, -1, + -1, -1, -1, 378, 165, -1, -1, -1, -1, -1, + 552, 2632, -1, -1, -1, -1, -1, 178, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 216, -1, 3911, -1, -1, -1, -1, -1, + -1, 202, -1, -1, -1, -1, -1, -1, -1, 591, + -1, -1, 350, -1, 352, 597, 2677, -1, -1, -1, + -1, -1, -1, -1, 2685, 2686, -1, -1, -1, -1, + -1, -1, 370, 448, 372, -1, -1, -1, -1, 621, + -1, 242, -1, -1, -1, -1, 247, 248, -1, 273, + 274, 275, 390, -1, 3429, 3430, 3431, -1, -1, 397, + 3435, -1, -1, -1, 3981, 3982, -1, -1, -1, 293, + -1, -1, 3447, 655, 412, -1, 3451, -1, 2739, -1, + 662, 419, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4011, -1, 434, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 315, 697, -1, -1, -1, -1, + -1, 2782, 2783, 2784, -1, -1, 350, -1, 352, -1, + 712, 713, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4058, -1, 725, 4061, -1, 370, -1, 372, -1, + -1, -1, -1, 491, -1, 356, -1, -1, -1, -1, + -1, -1, -1, 501, -1, -1, 390, -1, -1, 4086, + 4087, 586, -1, 397, 4091, -1, -1, 378, -1, -1, + 762, 2842, -1, 4100, -1, -1, -1, -1, 412, -1, + -1, -1, -1, -1, -1, 419, 4113, -1, 4115, 2860, + 4117, 539, 4119, 2864, 2865, -1, 2867, 2868, -1, 791, + 434, -1, -1, -1, 552, 2876, 4133, 2878, -1, -1, + -1, -1, 4139, -1, -1, -1, -1, -1, -1, -1, + 431, -1, -1, -1, -1, 4152, 4153, -1, -1, -1, + 4157, -1, 4159, -1, 4161, -1, -1, 448, 2909, 4166, + -1, -1, -1, 591, -1, -1, -1, -1, -1, 597, + -1, -1, -1, -1, -1, -1, -1, 491, -1, -1, + -1, -1, -1, -1, 2935, -1, -1, 501, 43, -1, + -1, -1, -1, 621, -1, -1, -1, -1, -1, -1, + 4207, -1, -1, -1, 4211, -1, -1, -1, -1, -1, + -1, -1, -1, 68, -1, -1, -1, -1, -1, -1, + 2971, -1, 77, -1, -1, 539, -1, 655, -1, -1, + -1, -1, -1, -1, 662, -1, -1, 2988, 552, -1, + -1, -1, 4249, 98, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 113, 114, + 115, -1, -1, -1, -1, -1, 43, -1, 123, 697, + -1, -1, 127, -1, 3025, 130, -1, 591, -1, -1, + -1, 3032, -1, 597, 712, 713, 141, -1, -1, -1, + -1, 68, -1, -1, -1, 586, -1, 725, -1, -1, + 77, -1, 157, -1, -1, -1, -1, 621, -1, -1, + 165, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 98, -1, 178, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 762, -1, -1, -1, -1, -1, + -1, 655, 4349, -1, -1, -1, 123, 202, 662, -1, + 127, 4358, -1, 130, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 141, 4372, -1, 4374, 4375, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 157, -1, -1, 697, -1, 3136, -1, 242, 165, -1, + -1, -1, 247, 248, -1, -1, -1, -1, 712, 713, + -1, 178, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 725, -1, -1, -1, -1, -1, -1, -1, 3170, + -1, -1, -1, -1, -1, 202, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3189, -1, + -1, -1, 3193, -1, 3195, -1, -1, -1, 762, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 313, -1, + 315, -1, -1, -1, -1, 242, -1, 5727, -1, -1, + 247, 248, -1, -1, -1, -1, -1, -1, -1, 3944, + -1, -1, -1, -1, -1, -1, 3951, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 3981, 3982, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 6284, -1, -1, -1, + -1, 356, -1, 3968, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4521, -1, -1, -1, -1, -1, + -1, -1, -1, 378, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4541, -1, -1, -1, 315, -1, + -1, -1, -1, -1, -1, -1, 323, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4577, 4578, -1, 4580, -1, -1, 431, -1, -1, 356, + -1, -1, -1, -1, -1, -1, 4593, 4594, 4595, -1, + 4055, -1, -1, 448, -1, -1, -1, -1, -1, -1, + -1, 378, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4620, 4621, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4644, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4656, + -1, -1, -1, -1, 431, -1, -1, -1, 4665, -1, + -1, -1, -1, -1, -1, -1, -1, 683, -1, -1, + -1, 448, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3436, -1, -1, -1, 3440, + -1, -1, 3443, -1, -1, -1, -1, -1, -1, -1, + -1, 3452, -1, 4710, -1, -1, -1, 4714, -1, -1, + 3461, -1, 3463, 3464, 730, 3466, 3467, 3468, 3469, -1, + 3471, -1, 3473, 3474, -1, 3476, -1, -1, 43, -1, + -1, 586, 4739, 3484, 3485, -1, -1, -1, 3489, 3490, + 3491, -1, -1, -1, -1, -1, -1, -1, 3499, 3500, + 3501, -1, 3503, 68, 3505, -1, 3507, -1, 3509, -1, + 3511, -1, 77, -1, -1, 3516, 3517, -1, 3519, 3520, + 3521, -1, -1, -1, 3525, -1, -1, 3528, -1, -1, + -1, -1, -1, 98, -1, -1, 3537, -1, -1, 3540, + -1, 3542, 3543, 3544, -1, -1, 3547, 18, 19, 20, + -1, -1, -1, -1, -1, -1, -1, -1, 123, 586, + -1, -1, 127, -1, -1, 130, -1, -1, 3569, -1, + 3571, -1, -1, 3574, -1, 46, 141, 48, -1, -1, + -1, -1, -1, 3584, 3585, 3586, 3587, -1, 3589, -1, + -1, -1, 157, 3594, -1, -1, -1, -1, -1, 70, + 165, -1, -1, -1, 4319, 4320, -1, 78, -1, -1, + -1, -1, -1, 178, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, -1, -1, -1, -1, -1, -1, 202, -1, 110, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5338, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4058, -1, -1, 4061, -1, -1, -1, -1, -1, + 4927, 4928, -1, -1, 145, -1, -1, 242, -1, -1, + -1, -1, 247, 248, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4409, -1, -1, -1, -1, -1, + -1, -1, -1, 174, -1, 3706, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4431, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3728, -1, -1, + -1, -1, -1, -1, -1, -1, 207, -1, -1, -1, + -1, -1, -1, -1, -1, 216, -1, -1, -1, -1, + 315, -1, -1, 5010, -1, -1, 5013, 1023, -1, -1, + -1, 1027, -1, -1, -1, -1, -1, -1, -1, -1, + 241, -1, -1, -1, -1, -1, -1, 4492, -1, -1, + -1, -1, -1, -1, 1050, -1, -1, -1, -1, -1, + -1, 356, -1, -1, 1060, -1, -1, 3798, -1, -1, + -1, -1, 273, 274, 275, -1, -1, 5064, -1, -1, + -1, -1, -1, 378, -1, -1, -1, -1, -1, -1, + 3821, -1, 293, -1, -1, -1, 5083, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 56, 57, -1, -1, + -1, 61, 62, -1, -1, -1, -1, -1, -1, -1, + -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, + 1126, 1127, 1128, 1129, -1, -1, 431, -1, -1, -1, + -1, 342, -1, 1139, -1, -1, 96, -1, -1, 350, + -1, 352, -1, 448, -1, -1, 5143, -1, -1, 109, + 4605, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 372, -1, -1, -1, 125, -1, 127, -1, -1, + 3911, -1, -1, -1, -1, -1, -1, -1, -1, 390, + -1, -1, -1, -1, -1, -1, 397, -1, -1, -1, + -1, -1, -1, -1, -1, 155, -1, -1, -1, -1, + -1, 412, -1, -1, -1, -1, -1, -1, 419, -1, + -1, -1, 423, -1, -1, 175, 176, 177, -1, 430, + -1, -1, -1, 434, -1, 185, 186, 187, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3981, 3982, -1, 203, -1, -1, -1, -1, -1, 5246, + -1, 5248, 463, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 235, -1, -1, -1, -1, + 491, 586, -1, -1, -1, -1, -1, -1, -1, -1, + 501, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 262, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 1321, -1, 4058, -1, -1, + 4061, -1, -1, -1, -1, 285, 286, 287, 539, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4794, + -1, 552, -1, 554, -1, 4086, 4087, 307, 308, -1, + 4091, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4816, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 4113, -1, 4115, -1, 4117, 5374, 4119, -1, + 591, -1, -1, -1, -1, -1, 597, -1, -1, -1, + -1, -1, 4133, -1, -1, -1, -1, -1, 358, -1, + 360, 361, -1, -1, -1, 5402, -1, -1, -1, -1, + 621, 4152, 4153, -1, -1, -1, 4157, 377, 4159, -1, + 4161, -1, -1, -1, -1, 4166, -1, -1, 5425, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 655, -1, -1, -1, -1, -1, + -1, 662, -1, 413, 414, -1, -1, -1, -1, 4914, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 4211, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 697, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 1504, 459, + -1, 712, 713, -1, -1, -1, -1, 4962, 4249, -1, + -1, -1, -1, -1, 725, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 500, -1, 531, -1, -1, 5000, -1, -1, -1, -1, + -1, 762, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 562, 563, -1, -1, -1, -1, 4349, -1, + -1, -1, -1, -1, -1, -1, -1, 4358, 578, 579, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4372, -1, -1, 4375, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 620, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5695, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5719, -1, -1, -1, -1, -1, -1, -1, + 5727, -1, -1, -1, -1, -1, 5733, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 736, 5203, -1, + -1, 5206, -1, -1, -1, -1, -1, 717, -1, -1, + 720, -1, -1, 723, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5230, -1, -1, -1, -1, + 4521, -1, -1, -1, -1, -1, -1, 747, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 786, -1, -1, + 4541, -1, -1, -1, -1, -1, -1, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4086, - 4087, -1, -1, -1, 4091, -1, -1, -1, -1, -1, - -1, -1, -1, 5390, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4113, -1, 4115, -1, - 4117, -1, 4119, -1, -1, 6413, -1, -1, -1, 6417, - -1, -1, -1, -1, -1, -1, 4133, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4152, 4153, -1, -1, -1, - 4157, -1, 4159, -1, 4161, -1, -1, -1, -1, 4166, + -1, -1, -1, -1, -1, -1, 4577, 4578, -1, 4580, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 4593, 4594, 4595, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 5873, -1, -1, 4620, + 4621, -1, -1, -1, 5339, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 1901, -1, 1903, -1, -1, - -1, -1, -1, -1, -1, -1, 5493, -1, -1, -1, - -1, -1, -1, -1, 4211, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4249, -1, -1, 6543, 1962, 1963, -1, -1, - -1, -1, 1968, -1, -1, -1, 1972, 1973, 1974, -1, - -1, -1, -1, -1, -1, -1, 1982, 1983, -1, -1, + -1, -1, -1, 4644, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4656, -1, -1, -1, -1, + -1, -1, -1, 5920, 4665, -1, -1, -1, -1, -1, + -1, 683, -1, -1, -1, -1, 5391, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 1962, 1963, -1, -1, + -1, -1, 1968, -1, -1, -1, 1972, 1973, 1974, 4710, + -1, -1, -1, 4714, -1, 964, 1982, 1983, -1, -1, -1, -1, 1988, -1, -1, -1, 1992, 1993, 1994, -1, - 1996, 1997, 1998, -1, 5581, 683, -1, -1, -1, -1, - -1, 2007, -1, 2009, -1, -1, 2012, 2013, 2014, 2015, + 1996, 1997, 1998, -1, -1, -1, -1, -1, -1, -1, + 5997, 2007, -1, 2009, -1, -1, 2012, 2013, 2014, 2015, -1, 2017, -1, 2019, 2020, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2033, 2034, 2035, - 2036, 2037, -1, 2039, 2040, 2041, 2042, 2043, 2044, -1, + 2036, 2037, -1, 2039, 2040, 2041, 2042, 2043, 2044, 5494, 2046, 2047, -1, 2049, 2050, -1, 2052, 2053, -1, -1, - 2056, 2057, 4349, 2059, 2060, -1, -1, 2063, -1, 2065, - -1, 4358, -1, 2069, 2070, 2071, -1, -1, 2074, 2075, - 2076, 2077, -1, 2079, -1, 4372, -1, -1, 4375, -1, + 2056, 2057, -1, 2059, 2060, -1, -1, 2063, -1, 2065, + -1, -1, -1, 2069, 2070, 2071, -1, -1, 2074, 2075, + 2076, 2077, -1, 2079, -1, -1, -1, -1, -1, -1, 2086, -1, -1, -1, -1, -1, 2092, 2093, 2094, 2095, - -1, -1, -1, -1, -1, -1, -1, 2103, 2104, -1, + -1, -1, 6089, -1, -1, -1, -1, 2103, 2104, -1, 2106, 2107, -1, -1, 2110, 2111, 2112, 2113, 2114, 2115, 2116, 2117, 2118, 2119, 2120, 2121, 2122, -1, -1, 2125, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5582, -1, -1, + -1, 6128, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6140, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4927, 4928, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4521, -1, -1, -1, -1, -1, + -1, -1, 6229, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4541, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5010, + -1, -1, 2278, -1, 2280, 1027, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6285, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 1050, -1, + -1, -1, -1, -1, -1, 2311, -1, -1, 1060, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2278, -1, 2280, -1, -1, -1, -1, -1, - 4577, 4578, -1, 4580, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4593, 4594, 4595, -1, - -1, -1, -1, -1, -1, 2311, -1, -1, -1, -1, - -1, -1, -1, -1, 5901, -1, -1, -1, -1, -1, - -1, -1, -1, 4620, 4621, -1, -1, 5914, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 1027, - -1, -1, 5929, 5930, -1, -1, 5933, 4644, -1, -1, - -1, -1, -1, 5940, -1, -1, -1, -1, -1, 4656, - -1, -1, 1050, -1, -1, -1, -1, -1, 4665, -1, - -1, -1, 1060, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2398, -1, -1, -1, -1, -1, -1, -1, + 1309, -1, -1, 5064, -1, -1, 1315, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4710, -1, -1, -1, 4714, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 2433, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 1129, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 6042, -1, -1, -1, -1, - -1, -1, -1, 6050, 2470, -1, -1, -1, -1, 6056, - 6057, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6079, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 6096, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 1129, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2398, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5143, -1, -1, -1, -1, -1, -1, -1, + 1399, -1, -1, -1, -1, -1, -1, 6414, -1, -1, + -1, 6418, -1, -1, -1, -1, -1, 2433, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5902, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 5915, -1, -1, -1, 2470, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5930, 5931, -1, -1, 5934, + -1, -1, -1, -1, -1, -1, 5941, -1, -1, -1, + -1, -1, -1, -1, -1, 1484, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5246, 1495, 5248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 6544, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 6183, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 6195, -1, - -1, -1, 6199, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 2632, -1, -1, -1, - 4927, 4928, -1, 1321, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 1321, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6043, -1, + -1, -1, -1, -1, -1, -1, 6051, -1, -1, -1, + -1, -1, 6057, 6058, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 6080, 2632, -1, -1, -1, + -1, -1, -1, 5374, -1, -1, -1, -1, -1, -1, + -1, -1, 6097, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5402, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2677, -1, -1, -1, -1, -1, -1, -1, 2685, - 2686, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2686, -1, -1, -1, 5425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5009, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6309, 6310, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2739, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6184, + -1, -1, -1, 2739, -1, -1, -1, -1, -1, -1, + -1, 6196, -1, -1, -1, 6200, -1, -1, -1, -1, + -1, -1, 1504, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5063, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2782, 2783, 2784, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 6393, -1, 6395, 6396, - -1, -1, -1, -1, -1, -1, 1504, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2842, -1, -1, -1, - -1, -1, -1, -1, -1, 5142, 6433, -1, -1, -1, - -1, -1, -1, -1, 2860, -1, -1, -1, 2864, 2865, + -1, -1, -1, -1, -1, 1834, -1, 1836, -1, -1, + -1, -1, -1, -1, 2860, 6310, 6311, -1, 2864, 2865, -1, 2867, 2868, -1, -1, -1, -1, -1, -1, -1, 2876, -1, 2878, -1, -1, -1, -1, -1, -1, -1, - -1, 6468, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2909, -1, -1, -1, -1, 6495, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 2935, + -1, -1, -1, 2909, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5245, -1, - 5247, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2935, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6394, + -1, 6396, 6397, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5695, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 2971, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5719, 6434, -1, -1, 2988, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5733, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 3025, + -1, -1, -1, -1, 6469, -1, -1, -1, -1, 3025, -1, -1, -1, -1, -1, -1, 3032, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 6496, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 2051, -1, -1, -1, 2055, -1, -1, -1, + -1, -1, -1, 2062, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5373, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 5401, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5424, -1, -1, - 3136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 3136, -1, 5873, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 1901, + -1, 1903, -1, 2142, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 3170, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5920, -1, -1, -1, 3189, -1, -1, -1, 3193, -1, 3195, + -1, -1, -1, -1, -1, -1, -1, 2186, -1, -1, + -1, -1, 2191, -1, -1, 2194, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 1968, -1, -1, -1, + 1972, -1, 1974, -1, -1, -1, -1, -1, -1, -1, + 1982, 1983, -1, -1, -1, -1, 1988, -1, -1, -1, + 1992, 1993, 1994, -1, 1996, 1997, 1998, -1, -1, -1, + -1, -1, 2241, -1, -1, 2007, 5997, 2009, -1, -1, + 2012, 2013, 2014, 2015, 2253, -1, -1, 2019, 2020, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 2033, 2034, 2035, 2036, 2037, -1, 2039, 2040, 2041, + 2042, 2043, -1, -1, 2046, 2047, -1, 2049, 2050, -1, + 2052, 2053, -1, -1, -1, 2057, -1, 2059, 2060, -1, + -1, 2063, -1, 2065, -1, -1, -1, 2069, 2070, 2071, + -1, -1, 2074, -1, 2076, 2077, -1, 2079, -1, -1, + -1, -1, -1, -1, 2086, -1, -1, -1, -1, -1, + 2092, 2093, 2094, -1, -1, -1, -1, -1, 6089, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 2355, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 2373, -1, -1, 6128, -1, -1, + -1, -1, -1, -1, -1, 2384, 2385, -1, -1, 6140, + -1, -1, -1, -1, -1, -1, -1, -1, 2160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 1901, -1, 1903, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 1968, -1, -1, -1, 1972, -1, 1974, -1, -1, -1, - -1, -1, -1, -1, 1982, 1983, -1, -1, -1, -1, - 1988, -1, -1, -1, 1992, 1993, 1994, -1, 1996, 1997, - 1998, -1, -1, -1, -1, -1, -1, -1, -1, 2007, - -1, 2009, -1, -1, 2012, 2013, 2014, 2015, -1, -1, - -1, 2019, 2020, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2033, 2034, 2035, 2036, 2037, - -1, 2039, 2040, 2041, 2042, 2043, -1, -1, 2046, 2047, - -1, 2049, 2050, -1, 2052, 2053, -1, -1, -1, 2057, - -1, 2059, 2060, -1, -1, 2063, -1, 2065, -1, -1, - -1, 2069, 2070, 2071, -1, -1, 2074, -1, 2076, 2077, - -1, 2079, -1, -1, -1, -1, -1, 5694, 2086, -1, - -1, -1, -1, -1, 2092, 2093, 2094, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5718, -1, -1, -1, -1, -1, -1, -1, -1, - 3436, -1, -1, -1, 3440, 5732, -1, 3443, -1, -1, + 3436, -1, -1, -1, 3440, -1, -1, 3443, -1, -1, -1, -1, -1, -1, -1, -1, 3452, -1, -1, -1, -1, -1, -1, -1, -1, 3461, -1, 3463, 3464, -1, - 3466, 3467, 3468, 3469, -1, 3471, -1, 3473, 3474, -1, - 3476, -1, 2160, -1, -1, -1, -1, -1, 3484, 3485, - -1, -1, -1, 3489, 3490, 3491, -1, -1, -1, -1, + 3466, 3467, 3468, 3469, -1, 3471, -1, 3473, 3474, 2458, + 3476, -1, -1, -1, -1, 2464, -1, -1, 3484, 3485, + -1, -1, -1, 3489, 3490, 3491, -1, -1, 6229, -1, -1, -1, -1, 3499, 3500, 3501, -1, 3503, -1, 3505, -1, 3507, -1, 3509, -1, 3511, -1, -1, -1, -1, 3516, 3517, -1, 3519, 3520, 3521, -1, -1, -1, 3525, - -1, -1, 3528, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 3528, -1, -1, -1, 2278, -1, 2280, -1, -1, 3537, -1, -1, 3540, -1, 3542, 3543, 3544, -1, - -1, 3547, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 3547, -1, -1, 6285, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2311, -1, -1, -1, 3569, -1, 3571, -1, -1, 3574, -1, - -1, -1, -1, -1, -1, 5872, -1, -1, 3584, 3585, + -1, -1, -1, -1, -1, -1, -1, -1, 3584, 3585, 3586, 3587, -1, 3589, -1, -1, -1, -1, 3594, -1, - 2278, -1, 2280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5919, 2311, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2609, 2610, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 2398, -1, 2637, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2647, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6414, -1, -1, -1, 6418, -1, -1, + -1, 2433, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 5996, 3706, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 2398, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 2470, -1, -1, -1, 3728, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 2433, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2470, -1, -1, -1, -1, -1, -1, -1, - -1, 6088, 3798, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 3821, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 6127, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6139, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 3798, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6544, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3821, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 2815, -1, -1, -1, + 2819, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2632, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 3911, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6228, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 2632, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 2677, -1, -1, -1, -1, + -1, -1, -1, 2685, 2686, -1, -1, -1, -1, -1, + -1, 2930, 2931, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 3981, 3982, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 6284, -1, 2677, - -1, -1, -1, -1, -1, -1, -1, 2685, 2686, -1, + -1, -1, -1, -1, -1, -1, -1, 2739, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 2782, 2783, 2784, 3022, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2739, 4058, -1, -1, 4061, -1, -1, -1, -1, + -1, -1, 4058, -1, -1, 4061, -1, -1, -1, 3048, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4086, 4087, -1, -1, -1, 4091, -1, -1, -1, -1, - -1, -1, -1, -1, 2782, 2783, 2784, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4113, -1, 4115, - -1, 4117, -1, 4119, -1, -1, 6413, -1, -1, -1, - 6417, -1, -1, -1, -1, -1, -1, 4133, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4152, 4153, -1, -1, - -1, 4157, -1, 4159, -1, 4161, -1, -1, -1, -1, - 4166, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 2860, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 2876, -1, - 2878, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4211, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 2909, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4113, 2860, 4115, + -1, 4117, -1, 4119, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 2876, -1, 2878, 4133, -1, -1, + -1, -1, -1, -1, 3123, -1, -1, -1, -1, -1, + -1, -1, -1, 3132, -1, -1, 4152, 4153, 3137, -1, + -1, 4157, -1, 4159, 3143, 4161, -1, 2909, -1, -1, + 4166, -1, -1, -1, -1, -1, -1, -1, -1, 3158, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4249, -1, -1, 6543, 2935, -1, -1, + -1, -1, -1, 2935, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4211, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 2971, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 2988, -1, -1, -1, + -1, -1, -1, 4249, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 2971, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 2988, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3025, -1, -1, -1, -1, -1, -1, + 3032, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 3025, -1, -1, - -1, -1, -1, 4349, 3032, -1, -1, -1, -1, -1, - -1, -1, 4358, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 4372, -1, -1, 4375, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4349, -1, -1, -1, -1, -1, -1, + -1, -1, 4358, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3354, 4372, -1, -1, 4375, + -1, 3360, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3136, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3170, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3189, -1, -1, + -1, 3193, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3170, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 3189, -1, -1, -1, 3193, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4521, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4541, -1, -1, -1, -1, @@ -17823,250 +17770,199 @@ -1, -1, -1, -1, -1, -1, -1, 4593, 4594, 4595, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4620, 4621, -1, -1, -1, -1, + -1, -1, -1, -1, 4620, 4621, -1, -1, -1, 3608, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4644, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4656, -1, -1, -1, -1, -1, -1, -1, -1, 4665, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3436, -1, -1, -1, 3440, -1, + -1, 3443, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4710, -1, -1, -1, 4714, 3461, + -1, -1, -1, -1, 3466, 3467, 3468, 3469, -1, 3471, + -1, 3473, 3474, 3712, -1, -1, -1, -1, -1, -1, + -1, -1, 3484, 3485, -1, -1, -1, 3489, 3490, 3491, + -1, -1, -1, -1, -1, -1, -1, 3499, 3500, 3501, + -1, 3503, -1, 3505, -1, 3507, -1, 3509, -1, 3511, + -1, -1, -1, -1, 3516, 3517, -1, 3519, -1, 3521, + -1, -1, -1, 3525, -1, -1, 3528, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 3540, -1, + 3542, 3543, 3544, -1, -1, 3547, -1, -1, -1, -1, + -1, 3790, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 3804, -1, -1, -1, 3808, + -1, -1, 3574, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 3585, 3586, -1, -1, 3589, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4710, -1, -1, -1, 4714, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3436, -1, - -1, -1, 3440, -1, -1, 3443, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3461, -1, -1, -1, -1, 3466, 3467, - 3468, 3469, -1, 3471, -1, 3473, 3474, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 3484, 3485, -1, -1, - -1, 3489, 3490, 3491, -1, -1, -1, -1, -1, -1, - -1, 3499, 3500, 3501, -1, 3503, -1, 3505, -1, 3507, - -1, 3509, -1, 3511, -1, -1, -1, -1, 3516, 3517, - -1, 3519, -1, 3521, -1, -1, -1, 3525, -1, -1, - 3528, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 3540, -1, 3542, 3543, 3544, -1, -1, 3547, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 3574, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 3585, 3586, -1, - -1, 3589, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 4927, 4928, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 3706, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 3728, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5010, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4007, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 5009, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 3706, -1, + -1, -1, -1, -1, 4033, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5064, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3821, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 3728, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5063, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5143, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3911, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3821, -1, -1, 5142, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4197, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3981, + 3982, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 5246, -1, 5248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3911, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 5245, - -1, 5247, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4058, -1, -1, 4061, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4312, -1, -1, -1, -1, 4317, 4318, + -1, -1, -1, -1, 4086, 4087, -1, -1, -1, 4091, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 4345, 4346, -1, -1, + -1, 4113, -1, 4115, -1, 4117, -1, 4119, 5374, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4133, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 5402, -1, -1, -1, + 4152, 4153, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 4166, -1, -1, -1, -1, 5425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 3981, 3982, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4211, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4249, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5373, -1, -1, - 4058, -1, -1, 4061, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 5401, -1, -1, 4086, 4087, - -1, -1, -1, 4091, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5424, -1, - -1, -1, -1, -1, -1, 4113, -1, 4115, -1, 4117, - -1, 4119, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4133, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4152, 4153, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 4166, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4211, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 4349, -1, -1, + -1, -1, -1, -1, -1, -1, 4358, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4249, -1, -1, -1, -1, -1, -1, -1, -1, + 4372, -1, -1, 4375, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 5695, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5719, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5733, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 4349, -1, -1, -1, -1, -1, -1, -1, -1, - 4358, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 4372, -1, -1, 4375, 5694, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4752, -1, -1, -1, -1, -1, 4521, + -1, -1, -1, 4762, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 4541, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 5718, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5732, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4577, 4578, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 4593, 4594, 4595, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5873, 4620, 4621, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 4665, 5920, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4521, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 4541, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 5872, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 4710, -1, + -1, -1, 4714, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4577, - 4578, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 4593, 4594, 4595, -1, -1, - -1, -1, -1, 5919, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4620, 4621, -1, -1, -1, -1, -1, -1, + -1, 5997, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 4665, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 5996, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 4710, -1, -1, -1, 4714, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6089, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6088, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 6128, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 6140, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 6127, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 6139, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 4927, 4928, -1, -1, -1, + -1, 5170, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 6229, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5010, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 6285, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 6228, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 4927, - 4928, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 5064, -1, -1, -1, 5305, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 6284, -1, - -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5324, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5009, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, 5143, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6414, -1, + -1, -1, 6418, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 5063, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 135, -1, -1, -1, -1, -1, -1, 6413, -1, 144, - -1, 6417, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, - -1, -1, -1, -1, 5142, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5246, -1, 5248, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 6543, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 5245, -1, 5247, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 313, -1, - -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, - 325, -1, 327, 328, 329, 330, -1, -1, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - -1, 346, 347, 348, 349, 350, 351, 352, 353, -1, - -1, -1, -1, 358, 359, 360, 361, 362, -1, -1, - 365, 366, 367, 368, 369, -1, -1, -1, 373, 374, - 375, 376, 377, -1, 379, 380, 381, 382, -1, -1, - -1, -1, -1, -1, 389, -1, 391, -1, 393, 394, - 395, 396, 397, 398, 399, 400, 401, -1, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, -1, 417, -1, 419, 420, 421, 422, 423, 424, - 425, -1, 427, 428, 429, 430, -1, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, -1, -1, - -1, 446, -1, 5401, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, -1, -1, -1, -1, -1, - 465, 466, 467, 468, 469, 470, 5424, 472, 473, -1, - 475, 476, -1, -1, 479, -1, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, -1, 493, 494, - 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, -1, -1, -1, 589, -1, 591, 592, -1, 594, - 595, 596, 597, -1, 599, 600, 601, 602, -1, -1, - -1, -1, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, -1, 634, - -1, 636, 637, 638, -1, 640, 641, -1, 643, 644, - 645, 646, 647, 648, -1, 650, 651, 652, 653, 654, - 655, 656, -1, 658, 659, 660, -1, 662, 663, 664, - 665, 666, -1, 668, 669, -1, -1, 672, 673, -1, - -1, 676, 677, 678, -1, 680, -1, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, -1, 694, - 695, -1, 697, -1, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, -1, 720, 721, 722, 723, 724, - 725, 726, 727, 728, -1, -1, 731, -1, 733, 734, - 735, 736, -1, -1, 739, 740, 5694, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, -1, -1, 760, 761, -1, -1, 764, - -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 5732, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 6544, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -18078,21 +17974,23 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 5402, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5425, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 5693, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 5919, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 5756, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 5996, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -18105,1965 +18003,42 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5695, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 3, -1, -1, -1, -1, 8, 9, -1, -1, -1, - -1, 6139, -1, -1, -1, -1, 19, 20, -1, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - 6228, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, 255, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, 6413, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, 306, -1, -1, 309, 310, -1, -1, - -1, -1, -1, 316, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, 6543, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, 64, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, 163, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, 289, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, 204, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, 313, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - 143, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - 128, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, 128, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - 128, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - 143, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, 47, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, -1, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, 197, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, 197, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - 183, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, -1, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, -1, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, - -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, -1, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, 782, 8, 9, -1, -1, -1, - 788, -1, -1, -1, 792, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, - -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 57, 58, 59, 60, -1, -1, - -1, -1, -1, -1, -1, 68, 69, -1, 71, -1, - -1, -1, -1, -1, -1, 78, 79, -1, -1, 82, - 83, 84, 85, -1, 87, 88, -1, 90, 91, -1, - -1, -1, -1, -1, -1, -1, 99, -1, -1, 102, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, 120, 121, 122, - -1, 124, -1, -1, -1, -1, -1, -1, -1, 132, - 133, 134, 135, -1, -1, -1, -1, -1, 141, -1, - -1, 144, -1, -1, -1, -1, -1, 150, -1, -1, - 153, -1, -1, -1, -1, -1, -1, -1, -1, 162, - -1, 164, -1, 166, -1, -1, -1, -1, -1, 172, - -1, -1, -1, -1, -1, -1, -1, 180, 181, 182, - -1, 184, -1, -1, -1, 188, -1, -1, -1, -1, - 193, -1, -1, 196, -1, -1, 199, 200, 201, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, 220, 221, 222, - -1, 224, -1, -1, -1, -1, -1, -1, 231, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 242, - -1, -1, -1, -1, -1, -1, -1, 250, 251, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 269, -1, -1, -1, - -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 301, 302, - 303, -1, -1, -1, -1, -1, 309, 310, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, 331, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, -1, -1, 776, 777, 3, -1, -1, -1, 782, - 8, 9, -1, -1, -1, 788, -1, -1, -1, 792, - 793, 19, 20, 796, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 5733, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5982, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 5992, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 58, 59, 60, -1, -1, -1, -1, -1, -1, -1, - 68, 69, -1, 71, -1, -1, -1, -1, -1, -1, - 78, 79, -1, -1, 82, 83, 84, 85, -1, 87, - 88, -1, 90, 91, -1, -1, -1, -1, -1, -1, - -1, 99, -1, -1, 102, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, - -1, -1, 120, 121, 122, -1, 124, -1, -1, -1, - -1, -1, -1, -1, 132, 133, 134, 135, -1, -1, - -1, -1, -1, 141, -1, -1, 144, -1, -1, -1, - -1, -1, 150, -1, -1, 153, -1, -1, -1, -1, - -1, -1, -1, -1, 162, -1, 164, -1, 166, -1, - -1, -1, -1, -1, 172, -1, -1, -1, -1, -1, - -1, -1, 180, 181, 182, -1, 184, -1, -1, -1, - 188, -1, -1, -1, -1, 193, -1, -1, 196, -1, - -1, 199, 200, 201, 202, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, 220, 221, 222, -1, 224, -1, -1, -1, - -1, -1, -1, 231, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 242, -1, -1, -1, -1, -1, - -1, -1, 250, 251, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 269, -1, -1, -1, -1, -1, -1, 276, 277, - -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 301, 302, 303, -1, -1, -1, -1, - -1, 309, 310, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, 331, 332, 333, 334, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, -1, -1, 776, 777, - 3, -1, -1, -1, -1, 8, -1, -1, -1, -1, - 788, -1, -1, -1, -1, 793, 19, 20, 796, 22, - 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, 122, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, 202, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 5920, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - 3, 764, 765, 766, 767, 8, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 5997, -1, -1, -1, -1, + -1, -1, -1, -1, 6243, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -20071,663 +18046,2250 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 3, -1, -1, + -1, -1, 8, 9, -1, -1, -1, -1, 6140, -1, + -1, -1, -1, 19, 20, -1, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, 6229, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - 3, 764, 765, 766, 767, 8, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, - -1, -1, -1, -1, -1, -1, 789, -1, -1, -1, - -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, 255, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, 6414, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + 306, -1, -1, 309, 310, -1, -1, -1, -1, -1, + 316, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, 6544, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, 64, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, 163, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, + -1, -1, -1, -1, -1, -1, -1, -1, 289, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, 204, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, 313, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, 143, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, 128, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, 128, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, 128, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, 143, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, -1, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, 197, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, 197, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, 183, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, -1, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, -1, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, -1, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, -1, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, -1, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, 40, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 57, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, -1, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, 782, 8, 9, -1, -1, -1, 788, -1, -1, + -1, 792, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, + -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 57, 58, 59, 60, -1, -1, -1, -1, -1, + -1, -1, 68, 69, -1, 71, -1, -1, -1, -1, + -1, -1, 78, 79, -1, -1, 82, 83, 84, 85, + -1, 87, 88, -1, 90, 91, -1, -1, -1, -1, + -1, -1, -1, 99, -1, -1, 102, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, 120, 121, 122, -1, 124, -1, + -1, -1, -1, -1, -1, -1, 132, 133, 134, 135, + -1, -1, -1, -1, -1, 141, -1, -1, 144, -1, + -1, -1, -1, -1, 150, -1, -1, 153, -1, -1, + -1, -1, -1, -1, -1, -1, 162, -1, 164, -1, + 166, -1, -1, -1, -1, -1, 172, -1, -1, -1, + -1, -1, -1, -1, 180, 181, 182, -1, 184, -1, + -1, -1, 188, -1, -1, -1, -1, 193, -1, -1, + 196, -1, -1, 199, 200, 201, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, 220, 221, 222, -1, 224, -1, + -1, -1, -1, -1, -1, 231, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 242, -1, -1, -1, + -1, -1, -1, -1, 250, 251, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 269, -1, -1, -1, -1, -1, -1, + 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 301, 302, 303, -1, -1, + -1, -1, -1, 309, 310, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, 331, 332, 333, 334, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, + 776, 777, 3, -1, -1, -1, 782, 8, 9, -1, + -1, -1, 788, -1, -1, -1, 792, 793, 19, 20, + 796, 22, 23, 24, 25, 26, 27, 28, 29, 30, + 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 58, 59, 60, + -1, -1, -1, -1, -1, -1, -1, 68, 69, -1, + 71, -1, -1, -1, -1, -1, -1, 78, 79, -1, + -1, 82, 83, 84, 85, -1, 87, 88, -1, 90, + 91, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, 102, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, 120, + 121, 122, -1, 124, -1, -1, -1, -1, -1, -1, + -1, 132, 133, 134, 135, -1, -1, -1, -1, -1, + 141, -1, -1, 144, -1, -1, -1, -1, -1, 150, + -1, -1, 153, -1, -1, -1, -1, -1, -1, -1, + -1, 162, -1, 164, -1, 166, -1, -1, -1, -1, + -1, 172, -1, -1, -1, -1, -1, -1, -1, 180, + 181, 182, -1, 184, -1, -1, -1, 188, -1, -1, + -1, -1, 193, -1, -1, 196, -1, -1, 199, 200, + 201, 202, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, 220, + 221, 222, -1, 224, -1, -1, -1, -1, -1, -1, + 231, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 242, -1, -1, -1, -1, -1, -1, -1, 250, + 251, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 269, -1, + -1, -1, -1, -1, -1, 276, 277, -1, 279, 280, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 301, 302, 303, -1, -1, -1, -1, -1, 309, 310, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + 331, 332, 333, 334, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, -1, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, -1, -1, 776, 777, 3, -1, -1, + -1, -1, 8, -1, -1, -1, -1, 788, -1, -1, + -1, -1, 793, 19, 20, 796, 22, 23, 24, 25, + 26, 27, 28, 29, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - 8, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, 122, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, 202, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, - -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 291, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, 3, 764, 765, + 766, 767, 8, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, 8, 764, 765, 766, 767, - -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, + 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, 3, 764, 765, + 766, 767, 8, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, + -1, -1, -1, 789, -1, -1, -1, -1, -1, -1, + 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, - -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - 8, 764, 765, 766, 767, -1, -1, -1, -1, -1, - -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, - -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, 8, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, - 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, - 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, - 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, - -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, - 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, - 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, - -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, - 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, - -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, - 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, - 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, - 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, - 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, - 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, - 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, - 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, - 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, - 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, - 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, - 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, - 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, - 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, - 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, - -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, - 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, - 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, - 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, - 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, - 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - 5, -1, 7, 8, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, + -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, + -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 48, 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 66, -1, 68, -1, 70, -1, 72, -1, -1, - -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, - -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 98, -1, -1, 101, -1, 103, 104, - -1, -1, -1, -1, -1, 110, -1, -1, -1, -1, - -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 127, -1, -1, -1, 131, -1, -1, -1, - 135, -1, -1, -1, -1, -1, 141, -1, -1, -1, - -1, -1, -1, -1, -1, 150, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 161, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 171, -1, -1, 174, - -1, -1, -1, 178, -1, 180, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, - 205, -1, -1, 208, -1, -1, -1, -1, -1, -1, - -1, -1, 217, 218, 219, -1, -1, -1, -1, -1, - -1, -1, -1, 228, 229, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 240, 241, 242, -1, 244, - -1, -1, -1, -1, 249, -1, -1, -1, -1, -1, - 255, -1, -1, -1, 259, 260, 261, -1, -1, -1, + -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 295, -1, 297, -1, 299, -1, -1, -1, -1, -1, - -1, 306, -1, -1, -1, -1, -1, -1, -1, -1, - 315, 316, -1, -1, -1, 320, 321, 322, -1, 324, - 325, 326, 327, 328, 329, 330, -1, 332, -1, -1, - 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, - 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, - 365, 366, 367, 368, 369, -1, 371, 372, 373, 374, - 375, 376, 377, -1, 379, 380, 381, 382, 383, 384, - 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, - 395, 396, 397, 398, 399, 400, 401, -1, 403, 404, - 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, - 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, -1, 432, 433, 434, - 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, 459, 460, -1, 462, -1, 464, - 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, - 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, - 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, - 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, - 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, - 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, - 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, - 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, - 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, - 585, -1, 587, 588, 589, 590, 591, 592, 593, 594, - 595, 596, 597, 598, 599, 600, 601, 602, 603, -1, - 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, - 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, - 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, - 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, - 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, - -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, - 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, - 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, - 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, - 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, - 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, 5, -1, -1, 8, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 48, 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 66, -1, 68, -1, 70, -1, - 72, -1, -1, -1, -1, -1, -1, -1, 80, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 98, -1, -1, 101, - -1, 103, 104, -1, -1, -1, -1, -1, 110, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 127, -1, -1, -1, 131, - -1, -1, -1, 135, -1, -1, -1, -1, -1, 141, - -1, -1, -1, -1, -1, -1, -1, -1, 150, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 161, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 171, - -1, -1, 174, -1, -1, -1, 178, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, 205, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, 217, 218, 219, -1, -1, - -1, -1, -1, -1, -1, -1, 228, 229, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 240, 241, - 242, -1, 244, -1, -1, -1, -1, 249, -1, -1, - -1, -1, -1, 255, -1, -1, -1, 259, 260, 261, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 295, -1, 297, -1, 299, -1, -1, - -1, -1, -1, -1, 306, -1, -1, -1, -1, -1, - -1, -1, -1, 315, 316, -1, -1, -1, 320, 321, - 322, -1, 324, 325, 326, 327, 328, 329, 330, -1, - 332, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, 355, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, -1, 371, - 372, 373, 374, 375, 376, 377, -1, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - -1, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, -1, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, -1, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - -1, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, -1, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, -1, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 5, -1, -1, 8, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, + -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, + 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, + 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, + 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, + 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, + 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, + 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, + 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, + 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, + 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, + 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, + 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, + 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, + 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, + 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, + 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, + 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, + 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, + 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, + 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, + 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, + 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, + -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, + 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, + 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, + 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, + 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, + 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, + 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, + 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, + 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, + 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, + 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, + 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, + 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, + 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, + 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, + 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, + 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, + 761, 762, 8, 764, 765, 766, 767, -1, -1, -1, + -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, + -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 19, 20, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 48, - 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 66, -1, -1, - -1, 70, -1, 72, -1, -1, -1, -1, -1, -1, - -1, 80, -1, -1, -1, -1, -1, -1, -1, 88, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 101, -1, 103, 104, -1, -1, -1, -1, - -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 131, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 161, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 171, -1, -1, 174, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, 205, -1, -1, 208, - -1, -1, -1, -1, -1, -1, -1, -1, 217, 218, - 219, -1, -1, -1, -1, -1, -1, -1, -1, 228, - 229, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 240, 241, -1, -1, 244, -1, -1, -1, -1, - 249, -1, -1, -1, -1, -1, 255, -1, -1, -1, - 259, 260, 261, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 295, -1, 297, -1, - 299, -1, -1, -1, -1, -1, -1, 306, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 316, -1, -1, - -1, 320, 321, 322, -1, 324, 325, 326, 327, 328, - 329, 330, -1, 332, -1, -1, 335, 336, 337, 338, - 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, - 349, 350, 351, 352, 353, 354, -1, -1, 357, 358, - 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, -1, 371, 372, 373, 374, 375, 376, 377, -1, - 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, - 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, - 399, 400, 401, -1, 403, 404, 405, 406, 407, 408, - 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, - 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, - 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, - 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, - 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, -1, 462, -1, 464, 465, 466, 467, 468, - 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, - 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, - 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, - 499, 500, 501, -1, 503, 504, 505, 506, 507, 508, - 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, - 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, - 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, - 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, - 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, -1, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, -1, 587, 588, - 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, - 599, 600, 601, 602, 603, -1, 605, 606, 607, 608, - 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, - 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, - 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, - 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, - 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, - 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, - 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, - 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, -1, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, - 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, - 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, - 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 788, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 75, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 129, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, 145, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 160, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 263, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 312, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, - 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, - 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, - 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, - 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, - 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, - 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, - 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, - 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, - 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, - 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, - 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, - 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, - 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, - 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, - 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, - 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, - 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, - 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, - 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, - 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, - 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, - 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, - 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, - 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, - 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, - 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, - 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, - 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, - 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, 8, 764, 765, + 766, 767, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, + 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -20748,13 +20310,13 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 255, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 306, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 316, -1, -1, -1, 320, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, @@ -20799,66 +20361,220 @@ 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, - 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, + 761, 762, -1, 764, 765, 766, 767, 5, -1, 7, + 8, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 48, 49, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 66, -1, + 68, -1, 70, -1, 72, -1, -1, -1, -1, -1, + -1, -1, 80, -1, -1, -1, -1, -1, -1, -1, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 98, -1, -1, 101, -1, 103, 104, -1, -1, -1, + -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 127, + -1, -1, -1, 131, -1, -1, -1, 135, -1, -1, + -1, -1, -1, 141, -1, -1, -1, -1, -1, -1, + -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 161, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 171, -1, -1, 174, -1, -1, -1, + 178, -1, 180, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, + -1, -1, -1, -1, -1, -1, -1, 205, -1, -1, + 208, -1, -1, -1, -1, -1, -1, -1, -1, 217, + 218, 219, -1, -1, -1, -1, -1, -1, -1, -1, + 228, 229, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 240, 241, 242, -1, 244, -1, -1, -1, + -1, 249, -1, -1, -1, -1, -1, 255, -1, -1, + -1, 259, 260, 261, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 295, -1, 297, + -1, 299, -1, -1, -1, -1, -1, -1, 306, -1, + -1, -1, -1, -1, -1, -1, -1, 315, 316, -1, + -1, -1, 320, 321, 322, -1, 324, 325, 326, 327, + 328, 329, 330, -1, 332, -1, -1, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, 355, 356, 357, + 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, + 368, 369, -1, 371, 372, 373, 374, 375, 376, 377, + -1, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, -1, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, 459, 460, -1, 462, -1, 464, 465, 466, 467, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, 500, 501, -1, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, + 568, 569, 570, 571, -1, 573, 574, 575, 576, 577, + 578, 579, 580, -1, 582, 583, 584, 585, -1, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, -1, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, + 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, + 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, + 5, -1, -1, 8, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, - -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, + -1, -1, -1, 48, 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 66, -1, 68, -1, 70, -1, 72, -1, -1, + -1, -1, -1, -1, -1, 80, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 98, -1, -1, 101, -1, 103, 104, + -1, -1, -1, -1, -1, 110, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 127, -1, -1, -1, 131, -1, -1, -1, + 135, -1, -1, -1, -1, -1, 141, -1, -1, -1, + -1, -1, -1, -1, -1, 150, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 161, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 171, -1, -1, 174, + -1, -1, -1, 178, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + 205, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, 217, 218, 219, -1, -1, -1, -1, -1, + -1, -1, -1, 228, 229, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 240, 241, 242, -1, 244, + -1, -1, -1, -1, 249, -1, -1, -1, -1, -1, + 255, -1, -1, -1, 259, 260, 261, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 111, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + 295, -1, 297, -1, 299, -1, -1, -1, -1, -1, + -1, 306, -1, -1, -1, -1, -1, -1, -1, -1, + 315, 316, -1, -1, -1, 320, 321, 322, -1, 324, + 325, 326, 327, 328, 329, 330, -1, 332, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + 355, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, -1, 371, 372, 373, 374, + 375, 376, 377, -1, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, -1, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, -1, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, -1, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, -1, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, -1, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, -1, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, -1, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 5, -1, -1, 8, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, + -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 48, 49, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, 66, -1, -1, -1, 70, -1, + 72, -1, -1, -1, -1, -1, -1, -1, 80, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 101, + -1, 103, 104, -1, -1, -1, -1, -1, 110, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 131, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 150, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 161, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 171, + -1, -1, 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 205, -1, -1, 208, -1, -1, -1, + -1, -1, -1, -1, -1, 217, 218, 219, -1, -1, + -1, -1, -1, -1, -1, -1, 228, 229, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 240, 241, + -1, -1, 244, -1, -1, -1, -1, 249, -1, -1, + -1, -1, -1, 255, -1, -1, -1, 259, 260, 261, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, + -1, -1, -1, 295, -1, 297, -1, 299, -1, -1, + -1, -1, -1, -1, 306, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 316, -1, -1, -1, 320, 321, + 322, -1, 324, 325, 326, 327, 328, 329, 330, -1, + 332, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, + 352, 353, 354, -1, -1, 357, 358, 359, 360, 361, + 362, 363, 364, 365, 366, 367, 368, 369, -1, 371, + 372, 373, 374, 375, 376, 377, -1, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, + -1, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, + 422, 423, 424, 425, 426, 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, + 452, 453, 454, 455, 456, 457, 458, 459, 460, -1, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, + -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, + -1, 573, 574, 575, 576, 577, 578, 579, 580, -1, + 582, 583, 584, 585, -1, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, + 602, 603, -1, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, @@ -20870,25 +20586,25 @@ 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, + 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, - -1, 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 75, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 129, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 144, 145, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 160, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -20899,11 +20615,11 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 263, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 312, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, @@ -20951,8 +20667,8 @@ 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, - 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -20973,13 +20689,13 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 255, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, + -1, -1, 306, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 316, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, @@ -21033,7 +20749,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 111, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, @@ -21100,8 +20816,8 @@ 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, - -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 788, -1, -1, -1, -1, 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21176,7 +20892,7 @@ 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 788, -1, -1, -1, -1, 793, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21186,7 +20902,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, 141, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21251,7 +20967,7 @@ 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, + -1, 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21325,7 +21041,7 @@ 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21400,7 +21116,7 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21411,7 +21127,7 @@ -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, 141, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21474,13 +21190,13 @@ 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, - 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, @@ -21540,7 +21256,7 @@ 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, - 681, -1, 683, -1, -1, 686, 687, -1, 689, 690, + 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, @@ -21550,8 +21266,8 @@ 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21623,30 +21339,27 @@ 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, -1, -1, -1, 788, -1, -1, -1, + 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21654,74 +21367,74 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, + 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, + 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, + 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, + 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, + 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, + 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, + 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, + 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, + 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, + 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, + 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, + 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, + 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, + 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, + 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, + 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, + 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, + 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, + 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, + 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, + 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, + 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, + 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, + 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, + 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, + 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, + 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, + 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, + 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, + 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, + 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, + 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, + 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, + 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, + -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 796, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21730,75 +21443,73 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, + 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, + -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, + 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, + 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, + 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, + 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, + 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, + 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, + 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, + 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, + 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, + 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, + 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, + 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, + 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, + 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, + 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, + 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, + 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, + 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, + 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, + 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, + 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, + 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, + 674, 675, 676, 677, 678, 679, 680, 681, -1, 683, + -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, + 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, + 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, + 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, + 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, + 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, + 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, + 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, + 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21806,74 +21517,75 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, 21, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, 788, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -21882,735 +21594,739 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, 21, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, 581, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, 21, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 74, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, 3, 764, 765, 766, 767, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, 21, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, - 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 71, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, - 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, 581, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 74, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, - 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, 3, 764, + 765, 766, 767, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 8, 9, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 19, 20, -1, - -1, -1, -1, -1, -1, -1, 28, -1, 30, -1, - 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 8, 9, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, 28, -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, - 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, - -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, - 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, - 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, - 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, - 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, - 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, - 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, - 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, - 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, - 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, - 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, - 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, - 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, - 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, - 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, - 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, - 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, - 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, - 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, - 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, - 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, - 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, - 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, - 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, - 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, - 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, - 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, - 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, - 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, - 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, - 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, - 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, - 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, - 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, - -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 8, 9, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, 28, -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, - 323, 324, 325, 326, 327, 328, 329, 330, -1, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, - 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, - 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, - 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, - 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, - 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, - 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, - 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, - 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, - 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, - 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, - 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, - 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, - 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, - 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, - 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, - 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, - 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, - 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, - 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, - 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, - 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, - 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, - 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, - 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, - 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, - 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, - 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, - 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, - 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, - 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, - 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, - 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, - 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, - 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, - -1, -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 252, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, - 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 8, 9, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, 28, -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, - -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, - 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, - 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, - 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, - 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, - 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, - 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, - 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, - 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, - 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, - 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, - 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, - 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, - 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, - 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, - 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, - -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, - 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, - 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, - 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, - 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, - 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, - 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, - 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 252, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, + 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, + 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, + 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, + 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, + 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, + 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, + 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, + 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, + 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, + 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, + 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, + 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, + 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, + 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, + 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, + 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, + 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, + 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, + 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, + 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, + 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, + -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, + 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, + 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, + 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, + 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, + 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, + 765, 766, 767, 8, 9, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 19, 20, -1, -1, -1, -1, + -1, -1, -1, 28, -1, 30, -1, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22685,7 +22401,7 @@ 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, - -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22715,7 +22431,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, - 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 326, 327, 328, 329, 330, -1, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, @@ -22909,9 +22625,9 @@ 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - 19, 20, -1, -1, -1, -1, -1, 26, -1, -1, + 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, 778, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22926,15 +22642,15 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 196, 197, -1, + -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, - -1, 210, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 266, -1, 268, - -1, 270, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -22984,14 +22700,14 @@ 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, - 20, 21, -1, -1, -1, -1, -1, -1, 777, -1, - -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 42, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, + 20, -1, -1, -1, -1, -1, -1, -1, -1, 778, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23059,9 +22775,9 @@ 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, - 21, 771, -1, -1, -1, -1, -1, -1, -1, -1, - 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 42, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 778, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -23134,42 +22850,42 @@ 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, - 771, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 26, -1, -1, 778, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 40, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 45, 46, 47, 48, 49, 50, 51, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, - 72, 73, -1, 75, 76, 77, 78, 79, 80, 81, - 82, 83, 84, 85, -1, 87, 88, 89, 90, 91, - 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, - 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, - 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, - 122, 123, 124, 125, 126, -1, 128, 129, 130, 131, - 132, -1, -1, 135, 136, 137, 138, 139, 140, 141, - 142, 143, 144, 145, 146, 147, -1, 149, 150, -1, - 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, - 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, - -1, 173, 174, 175, 176, 177, 178, 179, 180, 181, - 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, - 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, - 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, - 212, -1, 214, 215, 216, 217, 218, 219, 220, 221, - 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, - 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, - 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, - 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, - 262, 263, 264, 265, 266, 267, 268, 269, 270, 271, - 272, 273, 274, 275, 276, 277, 278, 279, -1, 281, - 282, 283, 284, 285, 286, 287, 288, 289, 290, 291, - 292, 293, 294, 295, -1, 297, 298, 299, 300, 301, - 302, 303, 304, 305, 306, 307, 308, 309, 310, 311, - 312, 313, 314, 315, 316, 317, 318, 319, 320, 321, - 322, -1, 324, 325, 326, 327, 328, 329, 330, -1, - 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, + -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 196, 197, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 208, -1, 210, -1, + -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 266, -1, 268, -1, 270, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, + 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, + -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, - 372, 373, 374, 375, -1, 377, 378, 379, 380, 381, + 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, @@ -23178,7 +22894,7 @@ 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, - 462, -1, 464, 465, 466, -1, 468, 469, 470, 471, + 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, @@ -23186,65 +22902,65 @@ 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, - 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, + 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, - 572, 573, 574, 575, 576, -1, 578, 579, 580, 581, + 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, - 612, 613, 614, 615, 616, 617, 618, -1, 620, 621, + 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, - 662, 663, -1, 665, 666, 667, 668, 669, 670, -1, + 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, - 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, + 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, + 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, + -1, -1, -1, -1, -1, 777, -1, -1, 31, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 42, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 45, 46, 47, 48, 49, 50, 51, 52, - 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, - 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, - 73, -1, 75, 76, 77, 78, 79, 80, 81, 82, - 83, 84, 85, -1, 87, 88, 89, 90, 91, 92, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, - 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, - 123, 124, 125, 126, -1, 128, 129, 130, 131, 132, - -1, -1, 135, 136, 137, 138, 139, 140, 141, 142, - 143, 144, 145, 146, 147, -1, 149, 150, -1, 152, - 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, - 163, 164, 165, 166, 167, 168, 169, 170, 171, -1, - 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, - 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, - 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, - 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, - -1, 214, 215, 216, 217, 218, 219, 220, 221, 222, - 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, - 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, - 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, - 253, 254, 255, 256, 257, 258, 259, 260, 261, 262, - 263, 264, 265, 266, 267, 268, 269, 270, 271, 272, - 273, 274, 275, 276, 277, 278, 279, -1, 281, 282, - 283, 284, 285, 286, 287, 288, 289, 290, 291, 292, - 293, 294, 295, -1, 297, 298, 299, 300, 301, 302, - 303, 304, 305, 306, 307, 308, 309, 310, 311, 312, - 313, 314, 315, 316, 317, 318, 319, 320, 321, 322, - -1, 324, 325, 326, 327, 328, 329, 330, -1, 332, - 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, + -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, + 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, + -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, - 373, 374, 375, -1, 377, 378, 379, 380, 381, 382, + 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, @@ -23253,7 +22969,7 @@ 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, - -1, 464, 465, 466, -1, 468, 469, 470, 471, 472, + -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, @@ -23261,65 +22977,65 @@ 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, - 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, + 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, - 573, 574, 575, 576, -1, 578, 579, 580, 581, 582, + 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, - 613, 614, 615, 616, 617, 618, -1, 620, 621, 622, + 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, - 663, -1, 665, 666, 667, 668, 669, 670, -1, 672, + 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, - 723, 724, 725, 726, 727, 728, 729, -1, 731, 732, + 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, - 743, 744, 745, -1, 747, 748, 749, 750, 751, 752, + 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, + -1, 764, 765, 766, 767, 19, 20, 21, 771, -1, + -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 42, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 45, 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, - 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, - -1, 75, 76, 77, 78, 79, 80, 81, 82, 83, - 84, 85, -1, 87, 88, 89, 90, 91, 92, 93, - 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, - 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, - 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, - 124, 125, 126, -1, 128, 129, 130, 131, 132, -1, - -1, 135, 136, 137, 138, 139, 140, 141, 142, 143, - 144, 145, 146, 147, -1, 149, 150, -1, 152, 153, - 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, - 164, 165, 166, 167, 168, 169, 170, 171, -1, 173, - 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, - 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, - 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, - 204, 205, 206, 207, 208, 209, 210, 211, 212, -1, - 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, - 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, - 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, - 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, - 254, 255, 256, 257, 258, 259, 260, 261, 262, 263, - 264, 265, 266, 267, 268, 269, 270, 271, 272, 273, - 274, 275, 276, 277, 278, 279, -1, 281, 282, 283, - 284, 285, 286, 287, 288, 289, 290, 291, 292, 293, - 294, 295, -1, 297, 298, 299, 300, 301, 302, 303, - 304, 305, 306, 307, 308, 309, 310, 311, 312, 313, - 314, 315, 316, 317, 318, 319, 320, 321, 322, -1, - 324, 325, 326, 327, 328, 329, 330, -1, 332, 333, - 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, + 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, + -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, - 374, 375, -1, 377, 378, 379, 380, 381, 382, 383, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, @@ -23328,7 +23044,7 @@ 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, - 464, 465, 466, -1, 468, 469, 470, 471, 472, 473, + 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, @@ -23336,29 +23052,29 @@ 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, - -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, + 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, - 574, 575, 576, -1, 578, 579, 580, 581, 582, 583, + 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, -1, 620, 621, 622, 623, + 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, - 644, 645, 646, 647, 648, 649, 650, 651, 652, -1, + 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, - 664, 665, 666, 667, 668, 669, 670, -1, 672, 673, + 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, - 724, 725, 726, 727, 728, 729, -1, 731, 732, 733, + 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, - 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, + 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, + 764, 765, 766, 767, 19, 20, -1, 771, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, @@ -23496,7 +23212,7 @@ 616, 617, 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, - 646, 647, 648, 649, 650, 651, 652, -1, 654, 655, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, @@ -23572,7 +23288,7 @@ 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, -1, 654, 655, 656, - 657, 658, 659, 660, 661, 662, 663, -1, 665, 666, + 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, @@ -23582,43 +23298,43 @@ 727, 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, -1, 759, 760, 761, 762, -1, 764, 765, 766, - 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 47, - 48, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 80, -1, -1, -1, 84, -1, -1, -1, - 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 101, -1, -1, -1, -1, -1, -1, - -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 131, -1, -1, -1, 135, -1, -1, - -1, -1, -1, -1, -1, -1, 144, 145, -1, -1, - -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 174, -1, -1, -1, - -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 233, -1, -1, -1, 237, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 255, -1, -1, - -1, 259, 260, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 290, -1, -1, -1, -1, -1, -1, 297, - 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, + 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, - 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, + -1, -1, -1, -1, -1, -1, -1, 45, 46, 47, + 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, + 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, + 68, 69, 70, 71, 72, 73, -1, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, -1, 87, + 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, + 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, + 118, 119, 120, 121, 122, 123, 124, 125, 126, -1, + 128, 129, 130, 131, 132, -1, -1, 135, 136, 137, + 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, + -1, 149, 150, -1, 152, 153, 154, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, -1, 173, 174, 175, 176, 177, + 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, + 208, 209, 210, 211, 212, -1, 214, 215, 216, 217, + 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, + 258, 259, 260, 261, 262, 263, 264, 265, 266, 267, + 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, + 278, 279, -1, 281, 282, 283, 284, 285, 286, 287, + 288, 289, 290, 291, 292, 293, 294, 295, -1, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, 307, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 318, 319, 320, 321, 322, -1, 324, 325, 326, 327, + 328, 329, 330, -1, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, - 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, + 368, 369, 370, 371, 372, 373, 374, 375, -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, @@ -23627,7 +23343,7 @@ 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, - 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, + 458, 459, 460, 461, 462, -1, 464, 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, @@ -23635,65 +23351,65 @@ 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, - 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, + 538, 539, 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, - 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, - 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, + 568, 569, 570, 571, 572, 573, 574, 575, 576, -1, + 578, 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, - 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, + 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, - 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, - 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 658, 659, 660, 661, 662, 663, -1, 665, 666, 667, + 668, 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, - 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, - 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, + 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, - 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 47, 48, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 80, -1, -1, -1, 84, -1, -1, -1, 88, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 101, -1, -1, -1, -1, -1, -1, -1, - -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 131, -1, -1, -1, 135, -1, -1, -1, - -1, -1, -1, -1, -1, 144, 145, -1, -1, -1, - -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 174, -1, -1, -1, -1, - -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 233, -1, -1, -1, 237, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 255, -1, -1, -1, - 259, 260, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 290, -1, -1, -1, -1, -1, -1, 297, 298, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, - 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, + -1, -1, -1, -1, -1, -1, 45, 46, 47, 48, + 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, + 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, + 69, 70, 71, 72, 73, -1, 75, 76, 77, 78, + 79, 80, 81, 82, 83, 84, 85, -1, 87, 88, + 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, + 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, + 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, + 119, 120, 121, 122, 123, 124, 125, 126, -1, 128, + 129, 130, 131, 132, -1, -1, 135, 136, 137, 138, + 139, 140, 141, 142, 143, 144, 145, 146, 147, -1, + 149, 150, -1, 152, 153, 154, 155, 156, 157, 158, + 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, + 169, 170, 171, -1, 173, 174, 175, 176, 177, 178, + 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, + 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, + 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, + 209, 210, 211, 212, -1, 214, 215, 216, 217, 218, + 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, + 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, + 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, + 249, 250, 251, 252, 253, 254, 255, 256, 257, 258, + 259, 260, 261, 262, 263, 264, 265, 266, 267, 268, + 269, 270, 271, 272, 273, 274, 275, 276, 277, 278, + 279, -1, 281, 282, 283, 284, 285, 286, 287, 288, + 289, 290, 291, 292, 293, 294, 295, -1, 297, 298, + 299, 300, 301, 302, 303, 304, 305, 306, 307, 308, + 309, 310, 311, 312, 313, 314, 315, 316, 317, 318, + 319, 320, 321, 322, -1, 324, 325, 326, 327, 328, + 329, 330, -1, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, - 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, + 369, 370, 371, 372, 373, 374, 375, -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, @@ -23702,7 +23418,7 @@ 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, - 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, + 459, 460, 461, 462, -1, 464, 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, @@ -23710,65 +23426,65 @@ 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, - 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, + 539, 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, - 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, - 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, + 569, 570, 571, 572, 573, 574, 575, 576, -1, 578, + 579, 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, - 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, + -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, - 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, - 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, - 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, + 649, 650, 651, 652, -1, 654, 655, 656, 657, 658, + 659, 660, 661, 662, 663, -1, 665, 666, 667, 668, + 669, 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, - 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, - 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, + 729, -1, 731, 732, 733, 734, 735, 736, 737, 738, + 739, 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, - 20, -1, -1, -1, 24, 25, 26, -1, 28, -1, - 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, - -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, - 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, + -1, -1, -1, -1, -1, 45, 46, 47, 48, 49, + 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, + 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, + 70, 71, 72, 73, -1, 75, 76, 77, 78, 79, + 80, 81, 82, 83, 84, 85, -1, 87, 88, 89, + 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, + 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, + 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, + 120, 121, 122, 123, 124, 125, 126, -1, 128, 129, + 130, 131, 132, -1, -1, 135, 136, 137, 138, 139, + 140, 141, 142, 143, 144, 145, 146, 147, -1, 149, + 150, -1, 152, 153, 154, 155, 156, 157, 158, 159, + 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, + 170, 171, -1, 173, 174, 175, 176, 177, 178, 179, + 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, + 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, + 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, + 210, 211, 212, -1, 214, 215, 216, 217, 218, 219, + 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, + 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, + 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, + 250, 251, 252, 253, 254, 255, 256, 257, 258, 259, + 260, 261, 262, 263, 264, 265, 266, 267, 268, 269, + 270, 271, 272, 273, 274, 275, 276, 277, 278, 279, + -1, 281, 282, 283, 284, 285, 286, 287, 288, 289, + 290, 291, 292, 293, 294, 295, -1, 297, 298, 299, + 300, 301, 302, 303, 304, 305, 306, 307, 308, 309, + 310, 311, 312, 313, 314, 315, 316, 317, 318, 319, + 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, + 330, -1, 332, 333, 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, - 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, + 370, 371, 372, 373, 374, 375, -1, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, @@ -23777,7 +23493,7 @@ 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, - 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, + 460, 461, 462, -1, 464, 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, @@ -23785,57 +23501,57 @@ 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, - 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, + 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, - 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, + 570, 571, 572, 573, 574, 575, 576, -1, 578, 579, + 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, - 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, + 610, 611, 612, 613, 614, 615, 616, 617, 618, -1, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, - 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, - 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, + 650, 651, 652, -1, 654, 655, 656, 657, 658, 659, + 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, + 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, - 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, - 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, + -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, + 740, 741, 742, 743, 744, 745, -1, 747, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 47, 48, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 80, + -1, -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 84, 85, -1, -1, 88, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 101, -1, -1, -1, -1, -1, -1, -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, - -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, + 131, -1, -1, -1, 135, -1, -1, -1, -1, -1, + -1, -1, -1, 144, 145, -1, -1, -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, + -1, -1, -1, 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 233, -1, -1, -1, 237, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 255, -1, -1, -1, 259, 260, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 290, + -1, -1, -1, -1, -1, -1, 297, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, @@ -23885,32 +23601,32 @@ 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 47, 48, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 80, -1, + -1, -1, 84, -1, -1, -1, 88, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 101, + -1, -1, -1, -1, -1, -1, -1, -1, 110, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 131, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, - -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 144, 145, -1, -1, -1, -1, 150, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, + -1, -1, 174, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 233, -1, -1, -1, 237, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 255, -1, -1, -1, 259, 260, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 290, -1, + -1, -1, -1, -1, -1, 297, 298, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, @@ -23958,14 +23674,14 @@ 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, - 23, -1, -1, 26, 27, -1, -1, -1, 31, -1, + -1, 24, 25, 26, -1, 28, -1, 30, 31, 32, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24036,11 +23752,11 @@ -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 84, 85, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24182,15 +23898,15 @@ 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, - 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, + 765, 766, 767, 19, 20, -1, -1, 23, -1, -1, + 26, 27, -1, -1, -1, 31, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, @@ -24335,12 +24051,12 @@ 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, @@ -24409,13 +24125,13 @@ 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, @@ -24485,11 +24201,11 @@ 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 84, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24557,13 +24273,13 @@ 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, + 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, + -1, -1, -1, -1, 85, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, @@ -24588,7 +24304,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, - -1, 332, 333, 334, 335, 336, 337, 338, 339, 340, + -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, @@ -24634,8 +24350,8 @@ 761, 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, @@ -24706,14 +24422,14 @@ 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, - 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 762, -1, 764, 765, 766, 767, 19, 20, 21, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, + -1, 84, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, @@ -24730,8 +24446,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 259, -1, -1, -1, - -1, -1, -1, -1, -1, 268, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24781,8 +24497,8 @@ 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, - -1, 764, 765, 766, 767, 19, 20, 21, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, + -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24812,8 +24528,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, - 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, - -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, + 324, 325, 326, 327, 328, 329, 330, -1, 332, 333, + 334, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, @@ -24856,14 +24572,14 @@ 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 764, 765, 766, 767, 19, 20, 21, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 57, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 76, 77, -1, -1, -1, -1, -1, -1, -1, - -1, 86, -1, 88, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24886,20 +24602,20 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 320, 321, 322, -1, 324, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - -1, -1, 357, 358, 359, 360, 361, 362, 363, 364, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, - 425, 426, 427, 428, 429, 430, -1, 432, 433, 434, + 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, - 445, 446, 447, 448, 449, 450, 451, 452, 453, 454, + 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, @@ -24942,8 +24658,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 128, -1, -1, -1, -1, -1, -1, 135, - 136, -1, -1, -1, -1, -1, -1, -1, 144, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -24955,8 +24671,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 259, -1, -1, -1, -1, -1, -1, + -1, -1, 268, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25006,10 +24722,10 @@ 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, - 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, + 766, 767, 19, 20, 21, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 53, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25086,8 +24802,8 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 76, 77, + -1, -1, -1, -1, -1, -1, -1, -1, 86, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, @@ -25106,15 +24822,15 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 268, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 320, 321, 322, 323, 324, 325, 326, 327, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, - 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, + 348, 349, 350, 351, 352, 353, 354, -1, -1, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, @@ -25122,9 +24838,9 @@ 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, - 428, 429, 430, 431, 432, 433, 434, 435, 436, 437, - 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, - -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, 447, + 448, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, @@ -25167,7 +24883,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 128, - -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 135, 136, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25232,9 +24948,9 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 30, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 53, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, @@ -25313,7 +25029,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 99, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25330,7 +25046,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 268, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25388,10 +25104,10 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 128, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25456,11 +25172,11 @@ 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 30, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 63, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25684,7 +25400,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 63, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, @@ -25701,7 +25417,7 @@ 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, - 226, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25756,14 +25472,14 @@ 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, @@ -25832,13 +25548,13 @@ 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, @@ -25913,7 +25629,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, @@ -25925,7 +25641,7 @@ -1, -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 219, -1, -1, -1, -1, -1, -1, 226, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -25981,13 +25697,13 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26057,7 +25773,7 @@ 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 47, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26075,7 +25791,7 @@ -1, -1, -1, -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, - -1, -1, -1, -1, -1, 226, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26137,7 +25853,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26212,7 +25928,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26300,7 +26016,7 @@ -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 226, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26730,13 +26446,13 @@ 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 99, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26774,18 +26490,18 @@ 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, - 470, 471, -1, 473, 474, 475, 476, 477, -1, 479, + 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, - -1, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, - 580, 581, 582, 583, 584, 585, 586, 587, 588, 589, + 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, @@ -26793,14 +26509,14 @@ 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, 656, 657, 658, 659, - 660, 661, 662, 663, 664, -1, 666, 667, 668, 669, + 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, - -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, + 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, @@ -26810,7 +26526,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 86, -1, 88, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, @@ -26834,10 +26550,10 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 320, - 321, 322, -1, 324, 325, 326, 327, 328, 329, 330, + 321, 322, 323, 324, 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, - 351, 352, 353, 354, -1, -1, 357, 358, 359, 360, + 351, 352, 353, 354, -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, @@ -26845,7 +26561,7 @@ 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, - -1, 432, 433, 434, 435, 436, 437, 438, 439, 440, + 431, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, @@ -26949,10 +26665,10 @@ 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, - 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, + 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, - 752, 753, 754, 755, 756, 757, -1, 759, 760, 761, + 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -26961,7 +26677,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 99, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27035,13 +26751,13 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, 86, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, @@ -27063,135 +26779,67 @@ -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, -1, 357, 358, 359, 360, 361, 362, 363, - 364, 365, 366, 367, 368, 369, -1, 371, 372, 373, - 374, 375, 376, 377, -1, 379, 380, 381, 382, 383, - 384, 385, 386, 387, -1, 389, 390, 391, -1, 393, - 394, 395, 396, 397, 398, 399, 400, 401, -1, 403, + 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, + 374, 375, 376, 377, 378, 379, 380, 381, 382, 383, + 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, + 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, - 424, 425, -1, 427, 428, 429, 430, -1, 432, 433, + 424, 425, 426, 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, 460, -1, 462, -1, + 454, 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, 470, 471, 472, 473, - -1, 475, 476, 477, -1, 479, 480, 481, 482, 483, + 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, - 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, + 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, + 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, - 584, 585, -1, 587, 588, 589, 590, 591, 592, 593, + 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, - -1, 605, 606, 607, 608, 609, 610, 611, 612, 613, + 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, - 634, -1, 636, 637, 638, 639, 640, 641, 642, 643, - 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, - 654, 655, 656, -1, 658, 659, 660, 661, 662, 663, - 664, 665, 666, 667, 668, 669, -1, 671, 672, 673, + 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, + 644, 645, 646, 647, 648, 649, 650, 651, 652, 653, + 654, 655, 656, 657, 658, 659, 660, 661, 662, 663, + 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, - 724, 725, 726, 727, 728, 19, 20, 731, 732, 733, + 724, 725, 726, 727, 728, 729, 730, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, 760, 761, 762, -1, - 764, 765, 766, 767, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, - 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 764, 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, 313, - -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, - 324, 325, -1, 327, 328, 329, 330, -1, -1, -1, - -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, -1, 346, 347, 348, 349, 350, 351, 352, 353, - -1, -1, -1, -1, 358, 359, 360, 361, 362, -1, - -1, 365, 366, 367, 368, 369, -1, -1, -1, 373, - 374, 375, 376, 377, -1, 379, 380, 381, 382, -1, - -1, -1, -1, -1, -1, 389, -1, 391, -1, 393, - 394, 395, 396, 397, 398, 399, 400, 401, -1, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, -1, 417, -1, 419, 420, 421, 422, 423, - 424, 425, -1, 427, 428, 429, 430, -1, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, -1, - -1, -1, 446, -1, -1, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, -1, -1, -1, -1, - -1, 465, 466, 467, 468, 469, 470, -1, 472, 473, - -1, 475, 476, -1, -1, 479, -1, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, -1, 493, - 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, - 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, - 584, 585, -1, -1, -1, 589, -1, 591, 592, -1, - 594, 595, 596, 597, -1, 599, 600, 601, 602, -1, - -1, -1, -1, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, - 624, 625, 626, 627, 628, 629, 630, 631, 632, -1, - 634, -1, 636, 637, 638, -1, 640, 641, -1, 643, - 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, - 654, 655, 656, -1, 658, 659, 660, -1, 662, 663, - 664, 665, 666, -1, 668, 669, -1, -1, 672, 673, - -1, -1, 676, 677, 678, -1, 680, -1, 682, 683, - -1, -1, 686, 687, -1, 689, 690, 691, 692, -1, - 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, - 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, - 714, 715, 716, 717, 718, -1, 720, 721, 722, 723, - 724, 725, 726, 727, 728, 19, 20, 731, -1, 733, - 734, 735, 736, -1, -1, 739, 740, -1, 742, 743, - 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, - 754, 755, 756, 757, -1, -1, 760, 761, -1, -1, - 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 88, -1, -1, -1, -1, -1, + -1, -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, + -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, -1, -1, - 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 135, -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 196, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 196, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27200,126 +26848,128 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, 320, 321, 322, 323, - 324, 325, -1, 327, 328, 329, 330, -1, -1, -1, - -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, - 344, -1, 346, 347, 348, 349, 350, 351, 352, 353, - -1, -1, -1, -1, 358, 359, 360, 361, 362, -1, - -1, 365, 366, 367, 368, 369, -1, -1, -1, 373, - 374, 375, 376, 377, -1, 379, 380, 381, 382, -1, - -1, -1, -1, -1, -1, 389, -1, 391, -1, 393, - 394, 395, 396, 397, 398, 399, 400, 401, -1, 403, - 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, - 414, 415, -1, 417, -1, 419, 420, 421, 422, 423, - 424, 425, -1, 427, 428, 429, 430, -1, 432, 433, - 434, 435, 436, 437, 438, 439, 440, 441, 442, -1, - -1, -1, 446, -1, -1, 449, 450, 451, 452, 453, - 454, 455, 456, 457, 458, 459, -1, -1, -1, -1, - -1, 465, 466, 467, 468, 469, 470, -1, 472, 473, - -1, 475, 476, -1, -1, 479, -1, 481, 482, 483, - 484, 485, 486, 487, 488, 489, 490, 491, -1, 493, - 494, 495, 496, 497, 498, 499, 500, 501, -1, 503, - 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, - 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, - 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, - 534, 535, -1, 537, 538, 539, 540, 541, 542, 543, - 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, - 554, 555, 556, 557, 558, 559, 560, 561, 562, 563, - 564, 565, 566, 567, 568, 569, 570, 571, -1, 573, - 574, 575, 576, 577, 578, 579, 580, -1, 582, 583, - 584, 585, -1, -1, -1, 589, -1, 591, 592, -1, - 594, 595, 596, 597, -1, 599, 600, 601, 602, -1, - -1, -1, -1, 607, 608, 609, 610, 611, 612, 613, - 614, 615, 616, 617, 618, 619, 620, 621, 622, 623, - 624, 625, 626, 627, 628, 629, 630, 631, 632, -1, - 634, -1, 636, 637, 638, -1, 640, 641, -1, 643, - 644, 645, 646, 647, 648, -1, 650, 651, 652, 653, - 654, 655, 656, -1, 658, 659, 660, -1, 662, 663, - 664, 665, 666, -1, 668, 669, -1, -1, 672, 673, - -1, -1, 676, 677, 678, -1, 680, -1, 682, 683, - -1, -1, 686, 687, -1, 689, 690, 691, 692, -1, - 694, 695, -1, 697, -1, 699, 700, 701, 702, 703, - 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, - 714, 715, 716, 717, 718, -1, 720, 721, 722, 723, - 724, 725, 726, 727, 728, -1, -1, 731, -1, 733, - 734, 735, 736, -1, -1, 739, 740, -1, 742, 743, - 744, 745, 746, 747, 748, 749, 750, 751, 752, 753, - 754, 755, 756, 757, 19, 20, 760, 761, -1, -1, - 764, -1, 766, 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, - 55, -1, 57, 58, 59, 60, -1, -1, 63, 64, - 65, 66, 67, 68, 69, 70, 71, 72, 73, -1, - 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, - 85, -1, 87, 88, 89, 90, 91, 92, 93, 94, - 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, - 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, - 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, - 125, 126, -1, 128, 129, 130, 131, 132, -1, -1, - 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, - 145, 146, 147, -1, 149, 150, -1, 152, 153, 154, - 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, - 165, 166, 167, 168, 169, 170, 171, -1, 173, 174, - -1, -1, -1, 178, 179, 180, 181, 182, 183, 184, - -1, -1, -1, 188, 189, 190, 191, 192, 193, 194, - 195, 196, 197, 198, 199, 200, 201, 202, -1, 204, - 205, 206, 207, 208, 209, 210, 211, 212, -1, 214, - 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, - 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, - -1, 236, 237, 238, 239, 240, 241, 242, 243, 244, - 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, - 255, 256, 257, 258, -1, 260, 261, -1, 263, 264, - 265, 266, 267, 268, 269, 270, 271, 272, 273, 274, - 275, 276, 277, 278, 279, -1, 281, 282, 283, 284, - -1, -1, -1, 288, 289, 290, 291, 292, 293, 294, - 295, 296, 297, 298, 299, 300, 301, 302, 303, 304, - 305, 306, -1, 308, 309, 310, 311, 312, 313, 314, - 315, 316, 317, 318, 319, 320, 321, 322, -1, 324, - 325, 326, 327, 328, 329, 330, -1, 332, 333, 334, + -1, -1, -1, -1, -1, 320, 321, 322, 323, 324, + 325, 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, - -1, 356, 357, -1, 359, -1, -1, 362, 363, 364, + -1, 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, 367, 368, 369, 370, 371, 372, 373, 374, - 375, -1, -1, 378, 379, 380, 381, 382, 383, 384, + 375, 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, 430, 431, 432, 433, 434, - -1, 436, 437, 438, 439, 440, 441, 442, 443, 444, + 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, - 455, 456, 457, 458, -1, 460, 461, 462, -1, 464, - 465, 466, -1, 468, 469, 470, 471, 472, 473, 474, + 455, 456, 457, 458, 459, 460, 461, 462, -1, 464, + 465, 466, 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, - 495, 496, 497, 498, 499, -1, 501, 502, 503, 504, + 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, - 535, -1, 537, 538, 539, 540, 541, 542, 543, -1, + 535, -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, - 555, 556, 557, 558, 559, 560, 561, -1, 563, 564, + 555, 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, 567, 568, 569, 570, 571, 572, 573, 574, - 575, 576, -1, -1, -1, 580, 581, 582, 583, 584, + 575, 576, 577, 578, 579, 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, - 615, 616, 617, 618, -1, -1, 621, 622, 623, 624, + 615, 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, 640, 641, 642, 643, 644, - 645, 646, 647, 648, 649, 650, 651, 652, -1, 654, - 655, 656, 657, 658, 659, 660, 661, 662, 663, -1, + 645, 646, 647, 648, 649, 650, 651, 652, 653, 654, + 655, 656, 657, 658, 659, 660, 661, 662, 663, 664, 665, 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, - 715, 716, -1, 718, 719, -1, 721, 722, 723, 724, + 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, 740, 741, 742, 743, 744, - 745, -1, 747, 748, 749, 750, 751, 752, 753, 754, + 745, 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, -1, 759, 760, 761, 762, -1, 764, - 765, 766, 19, 20, -1, -1, -1, -1, -1, -1, + 765, 766, 767, 19, 20, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 31, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 88, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, + -1, -1, -1, -1, -1, -1, -1, -1, 144, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 180, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 196, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, 320, 321, 322, 323, 324, 325, + 326, 327, 328, 329, 330, -1, -1, -1, -1, 335, + 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, + 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, + 356, 357, 358, 359, 360, 361, 362, 363, 364, 365, + 366, 367, 368, 369, 370, 371, 372, 373, 374, 375, + 376, 377, 378, 379, 380, 381, 382, 383, 384, 385, + 386, 387, -1, 389, 390, 391, 392, 393, 394, 395, + 396, 397, 398, 399, 400, 401, 402, 403, 404, 405, + 406, 407, 408, 409, 410, 411, 412, 413, 414, 415, + 416, 417, -1, 419, 420, 421, 422, 423, 424, 425, + 426, 427, 428, 429, 430, 431, 432, 433, 434, 435, + 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, + 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, + 456, 457, 458, 459, 460, 461, 462, -1, 464, 465, + 466, 467, 468, 469, 470, 471, -1, 473, 474, 475, + 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, + 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, + 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, + 506, 507, 508, 509, -1, 511, 512, 513, 514, 515, + 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, + 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, + -1, 537, 538, 539, 540, 541, 542, 543, 544, 545, + 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, + 556, 557, 558, 559, 560, 561, 562, 563, 564, 565, + 566, 567, 568, 569, 570, 571, 572, 573, 574, 575, + 576, 577, 578, 579, 580, 581, 582, 583, 584, 585, + 586, 587, 588, 589, 590, 591, 592, 593, 594, 595, + 596, 597, 598, 599, 600, 601, 602, 603, 604, 605, + 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, + 616, 617, 618, 619, 620, 621, 622, 623, 624, 625, + 626, 627, 628, 629, 630, 631, 632, 633, 634, 635, + 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, + 646, 647, 648, 649, 650, 651, 652, 653, 654, 655, + 656, 657, 658, 659, 660, 661, 662, 663, 664, -1, + 666, 667, 668, 669, 670, 671, 672, 673, 674, 675, + 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, + 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, + 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, + 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, + 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, + 726, 727, 728, 729, -1, 731, 732, 733, 734, 735, + 736, 737, 738, 739, 740, 741, 742, 743, 744, 745, + 746, 747, 748, 749, 750, 751, 752, 753, 754, 755, + 756, 757, 758, 759, 760, 761, 762, -1, 764, 765, + 766, 767, 19, 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27331,7 +26981,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, - -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27340,7 +26990,7 @@ -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, - 227, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, @@ -27353,47 +27003,409 @@ 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, 350, 351, 352, 353, 354, -1, -1, - 357, -1, 359, -1, -1, 362, 363, 364, 365, 366, - 367, 368, 369, 370, 371, 372, 373, 374, 375, -1, - -1, 378, 379, 380, 381, 382, 383, 384, 385, 386, - 387, -1, 389, 390, 391, 392, 393, 394, 395, 396, - 397, 398, 399, 400, 401, 402, 403, 404, 405, 406, - 407, 408, 409, 410, 411, 412, -1, -1, 415, 416, - 417, -1, 419, 420, 421, 422, 423, 424, 425, 426, - 427, 428, 429, 430, -1, 432, 433, 434, -1, 436, + 357, 358, 359, 360, 361, 362, 363, 364, 365, 366, + 367, 368, 369, -1, 371, 372, 373, 374, 375, 376, + 377, -1, 379, 380, 381, 382, 383, 384, 385, 386, + 387, -1, 389, 390, 391, -1, 393, 394, 395, 396, + 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, 416, + 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, + 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, 437, 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, - 457, 458, -1, 460, 461, 462, -1, 464, 465, 466, - 467, 468, 469, 470, 471, 472, 473, 474, 475, 476, + 457, 458, 459, 460, -1, 462, -1, 464, 465, 466, + 467, 468, 469, 470, 471, 472, 473, -1, 475, 476, 477, -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, 490, 491, 492, 493, 494, 495, 496, - 497, 498, 499, -1, 501, 502, 503, 504, 505, 506, + 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, - 537, 538, 539, 540, 541, 542, 543, -1, 545, 546, + 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, - 557, 558, 559, 560, 561, -1, -1, 564, 565, 566, - 567, 568, 569, 570, 571, 572, 573, 574, 575, 576, - -1, -1, -1, 580, -1, 582, 583, 584, 585, 586, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, + 577, 578, 579, 580, -1, 582, 583, 584, 585, -1, 587, 588, 589, 590, 591, 592, 593, 594, 595, 596, - 597, 598, 599, 600, 601, 602, 603, 604, 605, 606, + 597, 598, 599, 600, 601, 602, 603, -1, 605, 606, 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, - 617, 618, -1, -1, 621, 622, 623, 624, 625, 626, - 627, 628, 629, 630, 631, 632, 633, 634, 635, 636, + 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 632, 633, 634, -1, 636, 637, 638, 639, 640, 641, 642, 643, 644, 645, 646, - 647, 648, 649, 650, 651, 652, -1, 654, 655, 656, - 657, 658, 659, 660, 661, 662, 663, -1, 665, 666, - 667, 668, 669, 670, -1, 672, 673, 674, 675, 676, + 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, + -1, 658, 659, 660, 661, 662, 663, 664, 665, 666, + 667, 668, 669, -1, 671, 672, 673, 674, 675, 676, 677, 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, - -1, 718, 719, -1, 721, 722, -1, 724, 725, 726, - 727, 728, 729, -1, 731, 732, 733, 734, 735, 736, - 737, 738, 739, 740, 741, 742, 743, 744, 745, -1, - -1, 748, 749, 750, 751, 752, 753, 754, 755, 756, - 757, 758, 759, 760, 761, 762, -1, 764, 765, 766 + 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, + 727, 728, 19, 20, 731, 732, 733, 734, 735, 736, + 737, 738, 739, 740, 741, 742, 743, 744, 745, 746, + 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, + 757, 758, 759, 760, 761, 762, -1, 764, 765, 766, + 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, + -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 313, -1, -1, -1, + -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, + 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, + 347, 348, 349, 350, 351, 352, 353, -1, -1, -1, + -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, + 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, + 377, -1, 379, 380, 381, 382, -1, -1, -1, -1, + -1, -1, 389, -1, 391, -1, 393, 394, 395, 396, + 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, + 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, + 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, + -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, + 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, + -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, + 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, + 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, + 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, + 577, 578, 579, 580, -1, 582, 583, 584, 585, -1, + -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, + 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, + 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, + 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, + 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, + 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, + -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, + -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, + 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, + 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, + 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, + 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, + 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, + 727, 728, 19, 20, 731, -1, 733, 734, 735, 736, + -1, -1, 739, 740, -1, 742, 743, 744, 745, 746, + 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, + 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, + 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, + -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 313, -1, -1, -1, + -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, + 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, + 347, 348, 349, 350, 351, 352, 353, -1, -1, -1, + -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, + 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, + 377, -1, 379, 380, 381, 382, -1, -1, -1, -1, + -1, -1, 389, -1, 391, -1, 393, 394, 395, 396, + 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, + 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, + 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, + -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, + 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, + -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, + 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, + 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, + 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, + 577, 578, 579, 580, -1, 582, 583, 584, 585, -1, + -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, + 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, + 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, + 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, + 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, + 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, + -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, + -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, + 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, + 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, + 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, + 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, + 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, + 727, 728, 19, 20, 731, -1, 733, 734, 735, 736, + -1, -1, 739, 740, -1, 742, 743, 744, 745, 746, + 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, + 757, -1, -1, 760, 761, -1, -1, 764, -1, 766, + 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 88, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 116, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 135, -1, + -1, -1, -1, -1, -1, -1, -1, 144, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 180, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 196, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, 208, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, 219, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 320, 321, 322, 323, 324, 325, -1, + 327, 328, 329, 330, -1, -1, -1, -1, 335, 336, + 337, 338, 339, 340, 341, 342, 343, 344, -1, 346, + 347, 348, 349, 350, 351, 352, 353, -1, -1, -1, + -1, 358, 359, 360, 361, 362, -1, -1, 365, 366, + 367, 368, 369, -1, -1, -1, 373, 374, 375, 376, + 377, -1, 379, 380, 381, 382, -1, -1, -1, -1, + -1, -1, 389, -1, 391, -1, 393, 394, 395, 396, + 397, 398, 399, 400, 401, -1, 403, 404, 405, 406, + 407, 408, 409, 410, 411, 412, 413, 414, 415, -1, + 417, -1, 419, 420, 421, 422, 423, 424, 425, -1, + 427, 428, 429, 430, -1, 432, 433, 434, 435, 436, + 437, 438, 439, 440, 441, 442, -1, -1, -1, 446, + -1, -1, 449, 450, 451, 452, 453, 454, 455, 456, + 457, 458, 459, -1, -1, -1, -1, -1, 465, 466, + 467, 468, 469, 470, -1, 472, 473, -1, 475, 476, + -1, -1, 479, -1, 481, 482, 483, 484, 485, 486, + 487, 488, 489, 490, 491, -1, 493, 494, 495, 496, + 497, 498, 499, 500, 501, -1, 503, 504, 505, 506, + 507, 508, 509, 510, 511, 512, 513, 514, 515, 516, + 517, 518, 519, 520, 521, 522, 523, 524, 525, 526, + 527, 528, 529, 530, 531, 532, 533, 534, 535, -1, + 537, 538, 539, 540, 541, 542, 543, 544, 545, 546, + 547, 548, 549, 550, 551, 552, 553, 554, 555, 556, + 557, 558, 559, 560, 561, 562, 563, 564, 565, 566, + 567, 568, 569, 570, 571, -1, 573, 574, 575, 576, + 577, 578, 579, 580, -1, 582, 583, 584, 585, -1, + -1, -1, 589, -1, 591, 592, -1, 594, 595, 596, + 597, -1, 599, 600, 601, 602, -1, -1, -1, -1, + 607, 608, 609, 610, 611, 612, 613, 614, 615, 616, + 617, 618, 619, 620, 621, 622, 623, 624, 625, 626, + 627, 628, 629, 630, 631, 632, -1, 634, -1, 636, + 637, 638, -1, 640, 641, -1, 643, 644, 645, 646, + 647, 648, -1, 650, 651, 652, 653, 654, 655, 656, + -1, 658, 659, 660, -1, 662, 663, 664, 665, 666, + -1, 668, 669, -1, -1, 672, 673, -1, -1, 676, + 677, 678, -1, 680, -1, 682, 683, -1, -1, 686, + 687, -1, 689, 690, 691, 692, -1, 694, 695, -1, + 697, -1, 699, 700, 701, 702, 703, 704, 705, 706, + 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, + 717, 718, -1, 720, 721, 722, 723, 724, 725, 726, + 727, 728, -1, -1, 731, -1, 733, 734, 735, 736, + -1, -1, 739, 740, -1, 742, 743, 744, 745, 746, + 747, 748, 749, 750, 751, 752, 753, 754, 755, 756, + 757, 19, 20, 760, 761, -1, -1, 764, -1, 766, + 767, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, 45, 46, 47, + 48, 49, 50, 51, 52, 53, 54, 55, -1, 57, + 58, 59, 60, -1, -1, 63, 64, 65, 66, 67, + 68, 69, 70, 71, 72, 73, -1, 75, 76, 77, + 78, 79, 80, 81, 82, 83, 84, 85, -1, 87, + 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, + 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, + 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, + 118, 119, 120, 121, 122, 123, 124, 125, 126, -1, + 128, 129, 130, 131, 132, -1, -1, 135, 136, 137, + 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, + -1, 149, 150, -1, 152, 153, 154, 155, 156, 157, + 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, + 168, 169, 170, 171, -1, 173, 174, -1, -1, -1, + 178, 179, 180, 181, 182, 183, 184, -1, -1, -1, + 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, + 198, 199, 200, 201, 202, -1, 204, 205, 206, 207, + 208, 209, 210, 211, 212, -1, 214, 215, 216, 217, + 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, + 228, 229, 230, 231, 232, 233, 234, -1, 236, 237, + 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, + 248, 249, 250, 251, 252, 253, 254, 255, 256, 257, + 258, -1, 260, 261, -1, 263, 264, 265, 266, 267, + 268, 269, 270, 271, 272, 273, 274, 275, 276, 277, + 278, 279, -1, 281, 282, 283, 284, -1, -1, -1, + 288, 289, 290, 291, 292, 293, 294, 295, 296, 297, + 298, 299, 300, 301, 302, 303, 304, 305, 306, -1, + 308, 309, 310, 311, 312, 313, 314, 315, 316, 317, + 318, 319, 320, 321, 322, -1, 324, 325, 326, 327, + 328, 329, 330, -1, 332, 333, 334, 335, 336, 337, + 338, 339, 340, 341, 342, 343, 344, 345, 346, 347, + 348, 349, 350, 351, 352, 353, 354, -1, 356, 357, + -1, 359, -1, -1, 362, 363, 364, 365, 366, 367, + 368, 369, 370, 371, 372, 373, 374, 375, -1, -1, + 378, 379, 380, 381, 382, 383, 384, 385, 386, 387, + -1, 389, 390, 391, 392, 393, 394, 395, 396, 397, + 398, 399, 400, 401, 402, 403, 404, 405, 406, 407, + 408, 409, 410, 411, 412, 413, 414, 415, 416, 417, + -1, 419, 420, 421, 422, 423, 424, 425, 426, 427, + 428, 429, 430, 431, 432, 433, 434, -1, 436, 437, + 438, 439, 440, 441, 442, 443, 444, 445, 446, -1, + -1, 449, 450, 451, 452, 453, 454, 455, 456, 457, + 458, -1, 460, 461, 462, -1, 464, 465, 466, -1, + 468, 469, 470, 471, 472, 473, 474, 475, 476, 477, + -1, 479, 480, 481, 482, 483, 484, 485, 486, 487, + 488, 489, 490, 491, 492, 493, 494, 495, 496, 497, + 498, 499, -1, 501, 502, 503, 504, 505, 506, 507, + 508, 509, 510, 511, 512, 513, 514, 515, 516, 517, + 518, 519, 520, 521, 522, 523, 524, 525, 526, 527, + 528, 529, 530, 531, 532, 533, 534, 535, -1, 537, + 538, 539, 540, 541, 542, 543, -1, 545, 546, 547, + 548, 549, 550, 551, 552, 553, 554, 555, 556, 557, + 558, 559, 560, 561, -1, 563, 564, 565, 566, 567, + 568, 569, 570, 571, 572, 573, 574, 575, 576, -1, + -1, -1, 580, 581, 582, 583, 584, 585, 586, 587, + 588, 589, 590, 591, 592, 593, 594, 595, 596, 597, + 598, 599, 600, 601, 602, 603, 604, 605, 606, 607, + 608, 609, 610, 611, 612, 613, 614, 615, 616, 617, + 618, -1, -1, 621, 622, 623, 624, 625, 626, 627, + 628, 629, 630, 631, 632, 633, 634, 635, 636, 637, + 638, 639, 640, 641, 642, 643, 644, 645, 646, 647, + 648, 649, 650, 651, 652, -1, 654, 655, 656, 657, + 658, 659, 660, 661, 662, 663, -1, 665, 666, 667, + 668, 669, 670, 671, 672, 673, 674, 675, 676, 677, + 678, 679, 680, 681, 682, 683, -1, -1, 686, 687, + -1, 689, 690, 691, 692, 693, 694, 695, 696, 697, + 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, + 708, 709, 710, 711, 712, 713, 714, 715, 716, -1, + 718, 719, -1, 721, 722, 723, 724, 725, 726, 727, + 728, 729, -1, 731, 732, 733, 734, 735, 736, 737, + 738, 739, 740, 741, 742, 743, 744, 745, -1, 747, + 748, 749, 750, 751, 752, 753, 754, 755, 756, 757, + -1, 759, 760, 761, 762, -1, 764, 765, 766, 19, + 20, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 88, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 116, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, 135, -1, -1, -1, -1, + -1, -1, -1, -1, 144, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 180, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, 196, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, 208, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 219, + -1, -1, -1, -1, -1, -1, -1, 227, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 320, 321, 322, -1, 324, 325, 326, 327, 328, 329, + 330, -1, -1, -1, -1, 335, 336, 337, 338, 339, + 340, 341, 342, 343, 344, 345, 346, 347, 348, 349, + 350, 351, 352, 353, 354, -1, -1, 357, -1, 359, + -1, -1, 362, 363, 364, 365, 366, 367, 368, 369, + 370, 371, 372, 373, 374, 375, -1, -1, 378, 379, + 380, 381, 382, 383, 384, 385, 386, 387, -1, 389, + 390, 391, 392, 393, 394, 395, 396, 397, 398, 399, + 400, 401, 402, 403, 404, 405, 406, 407, 408, 409, + 410, 411, 412, -1, -1, 415, 416, 417, -1, 419, + 420, 421, 422, 423, 424, 425, 426, 427, 428, 429, + 430, -1, 432, 433, 434, -1, 436, 437, 438, 439, + 440, 441, 442, 443, 444, 445, 446, -1, -1, 449, + 450, 451, 452, 453, 454, 455, 456, 457, 458, -1, + 460, 461, 462, -1, 464, 465, 466, 467, 468, 469, + 470, 471, 472, 473, 474, 475, 476, 477, -1, 479, + 480, 481, 482, 483, 484, 485, 486, 487, 488, 489, + 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, + -1, 501, 502, 503, 504, 505, 506, 507, 508, 509, + 510, 511, 512, 513, 514, 515, 516, 517, 518, 519, + 520, 521, 522, 523, 524, 525, 526, 527, 528, 529, + 530, 531, 532, 533, 534, 535, -1, 537, 538, 539, + 540, 541, 542, 543, -1, 545, 546, 547, 548, 549, + 550, 551, 552, 553, 554, 555, 556, 557, 558, 559, + 560, 561, -1, -1, 564, 565, 566, 567, 568, 569, + 570, 571, 572, 573, 574, 575, 576, -1, -1, -1, + 580, -1, 582, 583, 584, 585, 586, 587, 588, 589, + 590, 591, 592, 593, 594, 595, 596, 597, 598, 599, + 600, 601, 602, 603, 604, 605, 606, 607, 608, 609, + 610, 611, 612, 613, 614, 615, 616, 617, 618, -1, + -1, 621, 622, 623, 624, 625, 626, 627, 628, 629, + 630, 631, 632, 633, 634, 635, 636, 637, 638, 639, + 640, 641, 642, 643, 644, 645, 646, 647, 648, 649, + 650, 651, 652, -1, 654, 655, 656, 657, 658, 659, + 660, 661, 662, 663, -1, 665, 666, 667, 668, 669, + 670, -1, 672, 673, 674, 675, 676, 677, 678, 679, + 680, 681, 682, 683, -1, -1, 686, 687, -1, 689, + 690, 691, 692, 693, 694, 695, 696, 697, 698, 699, + 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, + 710, 711, 712, 713, 714, 715, 716, -1, 718, 719, + -1, 721, 722, -1, 724, 725, 726, 727, 728, 729, + -1, 731, 732, 733, 734, 735, 736, 737, 738, 739, + 740, 741, 742, 743, 744, 745, -1, -1, 748, 749, + 750, 751, 752, 753, 754, 755, 756, 757, 758, 759, + 760, 761, 762, -1, 764, 765, 766 }; /* YYSTOS[STATE-NUM] -- The symbol kind of the accessing symbol of @@ -27846,7 +27858,7 @@ 1265, 1251, 394, 658, 241, 1267, 1863, 2005, 53, 2004, 47, 382, 1332, 884, 1431, 284, 788, 788, 1620, 788, 1620, 1620, 1857, 1857, 1625, 1857, 1620, 1857, 1857, 1857, - 1857, 1857, 1857, 1857, 1620, 1857, 408, 572, 676, 1828, + 1857, 1857, 1857, 1857, 1620, 1857, 408, 572, 676, 1618, 122, 291, 1620, 1630, 1857, 1620, 818, 789, 791, 148, 151, 213, 896, 2036, 2066, 653, 949, 1153, 919, 908, 909, 910, 2058, 30, 1201, 1823, 1201, 905, 1172, 1431, @@ -27895,166 +27907,166 @@ 1287, 1288, 1291, 1292, 1592, 1437, 1987, 346, 441, 858, 288, 423, 430, 860, 789, 791, 2006, 2007, 53, 47, 788, 1333, 2043, 821, 822, 1620, 823, 824, 1620, 819, - 820, 1620, 900, 213, 325, 2036, 2065, 907, 15, 796, - 789, 791, 949, 1153, 789, 1171, 1421, 1421, 923, 143, - 299, 463, 1551, 1552, 1555, 1571, 1616, 1617, 1863, 443, - 252, 1724, 1718, 1420, 1431, 131, 1976, 1976, 982, 2042, - 982, 1674, 1375, 506, 143, 332, 1806, 1431, 2041, 1009, - 2146, 1863, 1201, 1178, 1201, 1201, 789, 1564, 1564, 65, - 257, 1492, 168, 1495, 1496, 789, 1431, 1431, 1504, 194, - 361, 789, 316, 1469, 1431, 1431, 1431, 1564, 96, 109, - 125, 155, 235, 296, 413, 414, 562, 563, 723, 1165, - 1166, 1442, 1443, 1444, 1445, 1500, 1630, 1564, 1431, 1431, - 1863, 1621, 789, 1214, 1209, 1207, 1209, 1210, 1620, 789, - 1504, 207, 1585, 65, 789, 1503, 1426, 789, 791, 351, - 1084, 1431, 1037, 218, 1054, 1055, 1056, 1621, 1039, 1969, - 1857, 1863, 796, 1683, 1683, 1925, 1421, 789, 789, 1925, - 1925, 1907, 1906, 1606, 1706, 1571, 99, 1695, 1558, 1421, - 1696, 789, 1677, 1678, 1842, 1843, 1847, 1863, 1830, 1675, - 1723, 1679, 2081, 2080, 47, 1276, 1284, 1285, 1863, 789, - 791, 1625, 1775, 1776, 451, 174, 251, 366, 374, 389, - 399, 400, 401, 409, 547, 559, 644, 659, 700, 714, - 948, 947, 788, 771, 771, 771, 791, 835, 1849, 762, - 839, 841, 75, 598, 796, 1111, 1112, 1113, 1114, 1122, - 1123, 1129, 1130, 1131, 1223, 1226, 1227, 1848, 1863, 167, - 749, 422, 1849, 1684, 1684, 1684, 1684, 1684, 1684, 1684, - 1684, 1684, 1684, 422, 1684, 1684, 1684, 1684, 1684, 1684, - 1684, 1684, 1684, 1684, 425, 545, 1863, 1684, 1684, 1024, - 1025, 1026, 791, 1094, 1683, 1020, 898, 876, 54, 339, - 1017, 204, 227, 467, 2036, 2107, 2108, 2109, 227, 467, - 913, 1854, 1874, 1877, 1878, 1883, 2049, 2093, 2094, 2096, - 2097, 2102, 2109, 53, 888, 889, 248, 2046, 681, 2046, - 2004, 22, 29, 31, 1510, 1532, 300, 1534, 300, 1563, - 117, 118, 206, 283, 1808, 1809, 170, 1810, 1599, 1581, - 1580, 1599, 1605, 1604, 1421, 1635, 24, 28, 30, 32, - 24, 28, 30, 32, 28, 30, 32, 28, 30, 597, - 1857, 1973, 30, 30, 597, 99, 153, 564, 1264, 75, - 218, 388, 598, 709, 1114, 1122, 1123, 1293, 1223, 1293, - 218, 1293, 218, 218, 282, 288, 75, 126, 218, 598, - 709, 1128, 1223, 1293, 1684, 218, 65, 1028, 53, 288, - 388, 771, 1223, 1302, 1684, 218, 159, 712, 159, 218, - 712, 1293, 218, 596, 218, 218, 218, 1093, 791, 1025, - 1275, 788, 1113, 607, 1431, 1431, 204, 864, 874, 204, - 390, 865, 1863, 1667, 1390, 2006, 1334, 489, 789, 791, - 789, 791, 789, 791, 253, 1863, 908, 796, 1223, 1223, - 1552, 1616, 1720, 128, 443, 1417, 1667, 1376, 1830, 1421, - 588, 316, 1980, 1980, 204, 1697, 154, 1421, 884, 1003, - 431, 789, 789, 1494, 1845, 1823, 1495, 1497, 1607, 789, - 789, 791, 789, 502, 553, 617, 789, 789, 1172, 155, - 1180, 71, 1180, 1201, 789, 789, 791, 789, 789, 789, - 1205, 789, 791, 789, 65, 230, 252, 1586, 1587, 1845, - 789, 1041, 1564, 160, 476, 789, 791, 1057, 789, 778, - 1915, 1914, 1925, 1925, 828, 1595, 410, 1836, 789, 791, - 796, 1391, 1681, 1682, 1847, 1667, 922, 789, 791, 1561, - 789, 791, 50, 1777, 1693, 1857, 1857, 1857, 825, 788, - 837, 1865, 788, 788, 1247, 1848, 10, 127, 1124, 1863, - 789, 791, 72, 126, 226, 294, 1126, 1222, 1129, 1090, - 1223, 1224, 1224, 1132, 796, 1849, 1684, 99, 1620, 1629, - 99, 1620, 99, 1620, 99, 1620, 1096, 1625, 1620, 1620, - 1857, 1857, 1684, 1620, 1865, 458, 503, 572, 1107, 1620, - 1625, 1625, 99, 1620, 1857, 99, 393, 395, 429, 459, - 592, 626, 1106, 1629, 1620, 1629, 1022, 1806, 1094, 26, - 28, 30, 32, 99, 1626, 1627, 1857, 1863, 1092, 894, - 895, 899, 2112, 877, 878, 1987, 2118, 101, 150, 297, - 1018, 658, 1425, 2100, 1425, 2098, 431, 2109, 2100, 2098, - 795, 356, 431, 2095, 2049, 2097, 2102, 2006, 789, 890, - 899, 2047, 876, 2114, 1857, 2114, 53, 31, 382, 1512, - 1430, 788, 1431, 788, 789, 65, 65, 117, 65, 1809, - 272, 283, 1811, 1812, 1605, 788, 450, 30, 335, 141, - 1090, 141, 1089, 749, 1089, 1657, 1657, 1351, 1657, 1276, - 1285, 1849, 1191, 1657, 160, 1658, 10, 1657, 749, 226, - 1657, 1657, 99, 1863, 1351, 1593, 1594, 1847, 1027, 1657, - 1657, 1849, 99, 1863, 1351, 1285, 1657, 1351, 1351, 1351, - 1276, 46, 78, 110, 1288, 1109, 1111, 339, 458, 1301, - 1564, 674, 1857, 426, 1268, 316, 2008, 1667, 1337, 1863, - 47, 788, 1335, 822, 824, 820, 15, 796, 1863, 127, - 1550, 1550, 1722, 1667, 1434, 1421, 131, 1977, 1982, 1983, - 428, 1723, 282, 997, 791, 1599, 789, 1431, 553, 449, - 1625, 789, 1620, 1598, 789, 55, 407, 414, 720, 723, - 732, 1588, 1589, 1827, 1599, 692, 1083, 1038, 788, 1044, - 1056, 1058, 1863, 1925, 1925, 1610, 1837, 1842, 778, 1863, - 789, 791, 1683, 284, 1285, 1776, 423, 789, 1243, 1245, - 1246, 1863, 788, 587, 1243, 1246, 1863, 788, 1863, 1112, - 788, 160, 160, 1224, 1090, 237, 1216, 1247, 1863, 1090, - 1090, 664, 949, 1133, 1154, 1157, 1863, 789, 1857, 788, - 1857, 53, 1085, 1024, 789, 791, 2064, 105, 2087, 580, - 2011, 858, 1863, 795, 1863, 795, 1424, 2087, 2105, 2087, - 2103, 2146, 2125, 791, 653, 949, 1153, 2048, 2115, 874, - 2036, 2085, 2085, 2006, 788, 789, 1563, 1563, 1823, 1823, - 65, 1823, 65, 65, 1812, 31, 1264, 415, 1263, 1437, - 1351, 1437, 1124, 1863, 1848, 1276, 1848, 1272, 288, 1274, - 1193, 1848, 1657, 1284, 127, 160, 1848, 1848, 1276, 791, - 1599, 1031, 1863, 1848, 1621, 316, 1131, 1276, 1281, 1276, - 789, 1863, 859, 866, 867, 72, 365, 510, 789, 791, - 1336, 253, 730, 1863, 15, 796, 136, 158, 207, 1554, - 1553, 1667, 288, 588, 1983, 1698, 1667, 1849, 1845, 789, - 789, 789, 732, 1589, 1590, 1827, 653, 605, 444, 1591, - 605, 1827, 1084, 788, 1051, 1047, 99, 304, 305, 407, - 479, 1059, 1704, 1840, 796, 1682, 1696, 2067, 371, 789, - 791, 1599, 788, 1243, 788, 789, 789, 1863, 788, 1127, - 1090, 1247, 1863, 1849, 300, 1234, 730, 1247, 1247, 1135, - 796, 1125, 1126, 1134, 796, 1770, 1023, 1022, 899, 2089, - 2090, 1863, 2012, 204, 863, 864, 2101, 2099, 2085, 1425, - 795, 1425, 795, 431, 1424, 899, 907, 15, 796, 2087, - 196, 1513, 1514, 1863, 1568, 789, 789, 1823, 1823, 1823, - 789, 120, 1278, 120, 144, 197, 1242, 110, 259, 1131, - 1345, 282, 288, 73, 1848, 1863, 1300, 1271, 1594, 288, - 288, 282, 1301, 1282, 1284, 1273, 692, 861, 2134, 588, - 72, 72, 1863, 226, 1338, 1339, 1863, 15, 730, 1863, - 65, 65, 788, 788, 1434, 160, 1538, 1599, 462, 50, - 462, 136, 407, 572, 719, 1049, 1050, 1863, 789, 703, - 1052, 1061, 718, 145, 390, 397, 412, 539, 552, 569, - 712, 1075, 1076, 1077, 1080, 1097, 1743, 1667, 245, 778, - 1929, 1245, 30, 791, 1244, 854, 1929, 1929, 791, 1863, - 1431, 1247, 1234, 730, 788, 1217, 1241, 1115, 1241, 1117, - 1118, 18, 226, 294, 390, 499, 760, 1097, 1136, 1137, - 1146, 1188, 1189, 1190, 1215, 1437, 1157, 73, 99, 202, - 204, 350, 469, 664, 1140, 1142, 1182, 1183, 1189, 1863, - 789, 1100, 1101, 2085, 2126, 791, 1420, 860, 2044, 2084, - 2045, 2106, 2104, 2085, 253, 1863, 2089, 219, 789, 791, - 1515, 1848, 595, 788, 1279, 144, 99, 99, 1301, 1849, - 218, 1198, 1351, 1863, 1848, 1849, 1283, 1323, 1431, 432, - 862, 6, 851, 588, 588, 789, 791, 730, 15, 1560, - 1562, 297, 1801, 1590, 653, 210, 326, 789, 791, 1621, - 788, 1063, 1065, 1060, 422, 1684, 1684, 422, 1684, 1684, - 1684, 1684, 788, 1070, 1077, 434, 300, 390, 501, 730, - 752, 1097, 1228, 1231, 1236, 1237, 1238, 1242, 1599, 789, - 1863, 789, 789, 316, 1229, 1233, 1237, 1240, 1230, 1232, - 1237, 1239, 1863, 791, 789, 1121, 1119, 1241, 1218, 1863, - 181, 1219, 788, 1116, 788, 788, 160, 1857, 709, 1189, - 749, 160, 202, 1197, 19, 20, 776, 777, 788, 1150, - 1151, 1152, 1401, 1453, 1826, 297, 343, 99, 53, 1183, - 2091, 1863, 2015, 865, 876, 2046, 2051, 2089, 2050, 2089, - 15, 796, 851, 1510, 1514, 127, 1159, 1161, 1162, 1163, - 1517, 1518, 1126, 1621, 1054, 1152, 316, 760, 1289, 1056, - 1289, 154, 1431, 1339, 730, 789, 789, 1699, 1194, 1048, - 1050, 788, 1064, 1065, 1066, 183, 1062, 1065, 1684, 1857, - 1857, 1684, 1626, 1626, 1621, 1865, 704, 1071, 1072, 1684, - 1241, 1857, 1684, 1241, 1290, 1291, 1292, 1238, 760, 1929, - 593, 1290, 1240, 1290, 1239, 789, 1863, 788, 788, 1120, - 789, 791, 466, 594, 672, 204, 1220, 1243, 788, 1243, - 1246, 430, 1186, 1828, 1828, 1149, 199, 745, 653, 1150, - 356, 1849, 426, 876, 1863, 2036, 2086, 2086, 253, 730, - 1863, 1516, 208, 120, 219, 789, 744, 744, 1028, 1289, - 1028, 788, 1707, 1708, 1847, 1802, 1052, 789, 791, 183, - 1068, 1069, 1434, 1857, 1857, 1073, 789, 791, 1104, 1865, - 1620, 1292, 1291, 589, 1228, 1854, 789, 1243, 1243, 788, - 1863, 101, 297, 789, 1243, 789, 789, 789, 788, 1427, - 431, 693, 1141, 2146, 127, 866, 15, 1512, 219, 1510, - 1028, 1054, 791, 1683, 252, 1813, 1065, 791, 1067, 1074, - 1865, 1072, 1290, 789, 1244, 1243, 67, 245, 259, 572, - 1221, 1221, 1228, 789, 1229, 1230, 789, 1621, 1138, 1139, - 1188, 1138, 599, 698, 753, 1143, 2092, 1420, 730, 1510, - 99, 202, 436, 1519, 1521, 1522, 1523, 789, 1708, 1696, - 484, 1807, 1069, 789, 1078, 1079, 1080, 1216, 789, 1244, - 99, 202, 336, 204, 204, 1228, 789, 1188, 1144, 1145, - 1146, 431, 2016, 1520, 1826, 1827, 204, 1521, 1523, 1521, - 1522, 65, 1810, 1080, 1228, 789, 297, 101, 1146, 112, - 116, 436, 204, 204, 1823, 143, 1814, 1228, 1221, 1221, - 653, 30, 788, 1816, 2017, 170, 252, 1815, 3, 789, - 1817, 1818, 1847, 259, 1819, 461, 604, 2009, 2010, 1865, - 789, 791, 1820, 1821, 1847, 1667, 1865, 2018, 1818, 791, - 1683, 2134, 1821, 1420, 851, 1696, 1421 + 820, 1620, 1828, 900, 213, 325, 2036, 2065, 907, 15, + 796, 789, 791, 949, 1153, 789, 1171, 1421, 1421, 923, + 143, 299, 463, 1551, 1552, 1555, 1571, 1616, 1617, 1863, + 443, 252, 1724, 1718, 1420, 1431, 131, 1976, 1976, 982, + 2042, 982, 1674, 1375, 506, 143, 332, 1806, 1431, 2041, + 1009, 2146, 1863, 1201, 1178, 1201, 1201, 789, 1564, 1564, + 65, 257, 1492, 168, 1495, 1496, 789, 1431, 1431, 1504, + 194, 361, 789, 316, 1469, 1431, 1431, 1431, 1564, 96, + 109, 125, 155, 235, 296, 413, 414, 562, 563, 723, + 1165, 1166, 1442, 1443, 1444, 1445, 1500, 1630, 1564, 1431, + 1431, 1863, 1621, 789, 1214, 1209, 1207, 1209, 1210, 1620, + 789, 1504, 207, 1585, 65, 789, 1503, 1426, 789, 791, + 351, 1084, 1431, 1037, 218, 1054, 1055, 1056, 1621, 1039, + 1969, 1857, 1863, 796, 1683, 1683, 1925, 1421, 789, 789, + 1925, 1925, 1907, 1906, 1606, 1706, 1571, 99, 1695, 1558, + 1421, 1696, 789, 1677, 1678, 1842, 1843, 1847, 1863, 1830, + 1675, 1723, 1679, 2081, 2080, 47, 1276, 1284, 1285, 1863, + 789, 791, 1625, 1775, 1776, 451, 174, 251, 366, 374, + 389, 399, 400, 401, 409, 547, 559, 644, 659, 700, + 714, 948, 947, 788, 771, 771, 771, 791, 835, 1849, + 762, 839, 841, 75, 598, 796, 1111, 1112, 1113, 1114, + 1122, 1123, 1129, 1130, 1131, 1223, 1226, 1227, 1848, 1863, + 167, 749, 422, 1849, 1684, 1684, 1684, 1684, 1684, 1684, + 1684, 1684, 1684, 1684, 422, 1684, 1684, 1684, 1684, 1684, + 1684, 1684, 1684, 1684, 1684, 425, 545, 1863, 1684, 1684, + 1024, 1025, 1026, 791, 1094, 1683, 1020, 898, 876, 54, + 339, 1017, 204, 227, 467, 2036, 2107, 2108, 2109, 227, + 467, 913, 1854, 1874, 1877, 1878, 1883, 2049, 2093, 2094, + 2096, 2097, 2102, 2109, 53, 888, 889, 248, 2046, 681, + 2046, 2004, 22, 29, 31, 1510, 1532, 300, 1534, 300, + 1563, 117, 118, 206, 283, 1808, 1809, 170, 1810, 1599, + 1581, 1580, 1599, 1605, 1604, 1421, 1635, 24, 28, 30, + 32, 24, 28, 30, 32, 28, 30, 32, 28, 30, + 597, 1857, 1973, 30, 30, 597, 99, 153, 564, 1264, + 75, 218, 388, 598, 709, 1114, 1122, 1123, 1293, 1223, + 1293, 218, 1293, 218, 218, 282, 288, 75, 126, 218, + 598, 709, 1128, 1223, 1293, 1684, 218, 65, 1028, 53, + 288, 388, 771, 1223, 1302, 1684, 218, 159, 712, 159, + 218, 712, 1293, 218, 596, 218, 218, 218, 1093, 791, + 1025, 1275, 788, 1113, 607, 1431, 1431, 204, 864, 874, + 204, 390, 865, 1863, 1667, 1390, 2006, 1334, 489, 789, + 791, 789, 791, 789, 791, 253, 1863, 908, 796, 1223, + 1223, 1552, 1616, 1720, 128, 443, 1417, 1667, 1376, 1830, + 1421, 588, 316, 1980, 1980, 204, 1697, 154, 1421, 884, + 1003, 431, 789, 789, 1494, 1845, 1823, 1495, 1497, 1607, + 789, 789, 791, 789, 502, 553, 617, 789, 789, 1172, + 155, 1180, 71, 1180, 1201, 789, 789, 791, 789, 789, + 789, 1205, 789, 791, 789, 65, 230, 252, 1586, 1587, + 1845, 789, 1041, 1564, 160, 476, 789, 791, 1057, 789, + 778, 1915, 1914, 1925, 1925, 828, 1595, 410, 1836, 789, + 791, 796, 1391, 1681, 1682, 1847, 1667, 922, 789, 791, + 1561, 789, 791, 50, 1777, 1693, 1857, 1857, 1857, 825, + 788, 837, 1865, 788, 788, 1247, 1848, 10, 127, 1124, + 1863, 789, 791, 72, 126, 226, 294, 1126, 1222, 1129, + 1090, 1223, 1224, 1224, 1132, 796, 1849, 1684, 99, 1620, + 1629, 99, 1620, 99, 1620, 99, 1620, 1096, 1625, 1620, + 1620, 1857, 1857, 1684, 1620, 1865, 458, 503, 572, 1107, + 1620, 1625, 1625, 99, 1620, 1857, 99, 393, 395, 429, + 459, 592, 626, 1106, 1629, 1620, 1629, 1022, 1806, 1094, + 26, 28, 30, 32, 99, 1626, 1627, 1857, 1863, 1092, + 894, 895, 899, 2112, 877, 878, 1987, 2118, 101, 150, + 297, 1018, 658, 1425, 2100, 1425, 2098, 431, 2109, 2100, + 2098, 795, 356, 431, 2095, 2049, 2097, 2102, 2006, 789, + 890, 899, 2047, 876, 2114, 1857, 2114, 53, 31, 382, + 1512, 1430, 788, 1431, 788, 789, 65, 65, 117, 65, + 1809, 272, 283, 1811, 1812, 1605, 788, 450, 30, 335, + 141, 1090, 141, 1089, 749, 1089, 1657, 1657, 1351, 1657, + 1276, 1285, 1849, 1191, 1657, 160, 1658, 10, 1657, 749, + 226, 1657, 1657, 99, 1863, 1351, 1593, 1594, 1847, 1027, + 1657, 1657, 1849, 99, 1863, 1351, 1285, 1657, 1351, 1351, + 1351, 1276, 46, 78, 110, 1288, 1109, 1111, 339, 458, + 1301, 1564, 674, 1857, 426, 1268, 316, 2008, 1667, 1337, + 1863, 47, 788, 1335, 822, 824, 820, 15, 796, 1863, + 127, 1550, 1550, 1722, 1667, 1434, 1421, 131, 1977, 1982, + 1983, 428, 1723, 282, 997, 791, 1599, 789, 1431, 553, + 449, 1625, 789, 1620, 1598, 789, 55, 407, 414, 720, + 723, 732, 1588, 1589, 1827, 1599, 692, 1083, 1038, 788, + 1044, 1056, 1058, 1863, 1925, 1925, 1610, 1837, 1842, 778, + 1863, 789, 791, 1683, 284, 1285, 1776, 423, 789, 1243, + 1245, 1246, 1863, 788, 587, 1243, 1246, 1863, 788, 1863, + 1112, 788, 160, 160, 1224, 1090, 237, 1216, 1247, 1863, + 1090, 1090, 664, 949, 1133, 1154, 1157, 1863, 789, 1857, + 788, 1857, 53, 1085, 1024, 789, 791, 2064, 105, 2087, + 580, 2011, 858, 1863, 795, 1863, 795, 1424, 2087, 2105, + 2087, 2103, 2146, 2125, 791, 653, 949, 1153, 2048, 2115, + 874, 2036, 2085, 2085, 2006, 788, 789, 1563, 1563, 1823, + 1823, 65, 1823, 65, 65, 1812, 31, 1264, 415, 1263, + 1437, 1351, 1437, 1124, 1863, 1848, 1276, 1848, 1272, 288, + 1274, 1193, 1848, 1657, 1284, 127, 160, 1848, 1848, 1276, + 791, 1599, 1031, 1863, 1848, 1621, 316, 1131, 1276, 1281, + 1276, 789, 1863, 859, 866, 867, 72, 365, 510, 789, + 791, 1336, 253, 730, 1863, 15, 796, 136, 158, 207, + 1554, 1553, 1667, 288, 588, 1983, 1698, 1667, 1849, 1845, + 789, 789, 789, 732, 1589, 1590, 1827, 653, 605, 444, + 1591, 605, 1827, 1084, 788, 1051, 1047, 99, 304, 305, + 407, 479, 1059, 1704, 1840, 796, 1682, 1696, 2067, 371, + 789, 791, 1599, 788, 1243, 788, 789, 789, 1863, 788, + 1127, 1090, 1247, 1863, 1849, 300, 1234, 730, 1247, 1247, + 1135, 796, 1125, 1126, 1134, 796, 1770, 1023, 1022, 899, + 2089, 2090, 1863, 2012, 204, 863, 864, 2101, 2099, 2085, + 1425, 795, 1425, 795, 431, 1424, 899, 907, 15, 796, + 2087, 196, 1513, 1514, 1863, 1568, 789, 789, 1823, 1823, + 1823, 789, 120, 1278, 120, 144, 197, 1242, 110, 259, + 1131, 1345, 282, 288, 73, 1848, 1863, 1300, 1271, 1594, + 288, 288, 282, 1301, 1282, 1284, 1273, 692, 861, 2134, + 588, 72, 72, 1863, 226, 1338, 1339, 1863, 15, 730, + 1863, 65, 65, 788, 788, 1434, 160, 1538, 1599, 462, + 50, 462, 136, 407, 572, 719, 1049, 1050, 1863, 789, + 703, 1052, 1061, 718, 145, 390, 397, 412, 539, 552, + 569, 712, 1075, 1076, 1077, 1080, 1097, 1743, 1667, 245, + 778, 1929, 1245, 30, 791, 1244, 854, 1929, 1929, 791, + 1863, 1431, 1247, 1234, 730, 788, 1217, 1241, 1115, 1241, + 1117, 1118, 18, 226, 294, 390, 499, 760, 1097, 1136, + 1137, 1146, 1188, 1189, 1190, 1215, 1437, 1157, 73, 99, + 202, 204, 350, 469, 664, 1140, 1142, 1182, 1183, 1189, + 1863, 789, 1100, 1101, 2085, 2126, 791, 1420, 860, 2044, + 2084, 2045, 2106, 2104, 2085, 253, 1863, 2089, 219, 789, + 791, 1515, 1848, 595, 788, 1279, 144, 99, 99, 1301, + 1849, 218, 1198, 1351, 1863, 1848, 1849, 1283, 1323, 1431, + 432, 862, 6, 851, 588, 588, 789, 791, 730, 15, + 1560, 1562, 297, 1801, 1590, 653, 210, 326, 789, 791, + 1621, 788, 1063, 1065, 1060, 422, 1684, 1684, 422, 1684, + 1684, 1684, 1684, 788, 1070, 1077, 434, 300, 390, 501, + 730, 752, 1097, 1228, 1231, 1236, 1237, 1238, 1242, 1599, + 789, 1863, 789, 789, 316, 1229, 1233, 1237, 1240, 1230, + 1232, 1237, 1239, 1863, 791, 789, 1121, 1119, 1241, 1218, + 1863, 181, 1219, 788, 1116, 788, 788, 160, 1857, 709, + 1189, 749, 160, 202, 1197, 19, 20, 776, 777, 788, + 1150, 1151, 1152, 1401, 1453, 1826, 297, 343, 99, 53, + 1183, 2091, 1863, 2015, 865, 876, 2046, 2051, 2089, 2050, + 2089, 15, 796, 851, 1510, 1514, 127, 1159, 1161, 1162, + 1163, 1517, 1518, 1126, 1621, 1054, 1152, 316, 760, 1289, + 1056, 1289, 154, 1431, 1339, 730, 789, 789, 1699, 1194, + 1048, 1050, 788, 1064, 1065, 1066, 183, 1062, 1065, 1684, + 1857, 1857, 1684, 1626, 1626, 1621, 1865, 704, 1071, 1072, + 1684, 1241, 1857, 1684, 1241, 1290, 1291, 1292, 1238, 760, + 1929, 593, 1290, 1240, 1290, 1239, 789, 1863, 788, 788, + 1120, 789, 791, 466, 594, 672, 204, 1220, 1243, 788, + 1243, 1246, 430, 1186, 1828, 1828, 1149, 199, 745, 653, + 1150, 356, 1849, 426, 876, 1863, 2036, 2086, 2086, 253, + 730, 1863, 1516, 208, 120, 219, 789, 744, 744, 1028, + 1289, 1028, 788, 1707, 1708, 1847, 1802, 1052, 789, 791, + 183, 1068, 1069, 1434, 1857, 1857, 1073, 789, 791, 1104, + 1865, 1620, 1292, 1291, 589, 1228, 1854, 789, 1243, 1243, + 788, 1863, 101, 297, 789, 1243, 789, 789, 789, 788, + 1427, 431, 693, 1141, 2146, 127, 866, 15, 1512, 219, + 1510, 1028, 1054, 791, 1683, 252, 1813, 1065, 791, 1067, + 1074, 1865, 1072, 1290, 789, 1244, 1243, 67, 245, 259, + 572, 1221, 1221, 1228, 789, 1229, 1230, 789, 1621, 1138, + 1139, 1188, 1138, 599, 698, 753, 1143, 2092, 1420, 730, + 1510, 99, 202, 436, 1519, 1521, 1522, 1523, 789, 1708, + 1696, 484, 1807, 1069, 789, 1078, 1079, 1080, 1216, 789, + 1244, 99, 202, 336, 204, 204, 1228, 789, 1188, 1144, + 1145, 1146, 431, 2016, 1520, 1826, 1827, 204, 1521, 1523, + 1521, 1522, 65, 1810, 1080, 1228, 789, 297, 101, 1146, + 112, 116, 436, 204, 204, 1823, 143, 1814, 1228, 1221, + 1221, 653, 30, 788, 1816, 2017, 170, 252, 1815, 3, + 789, 1817, 1818, 1847, 259, 1819, 461, 604, 2009, 2010, + 1865, 789, 791, 1820, 1821, 1847, 1667, 1865, 2018, 1818, + 791, 1683, 2134, 1821, 1420, 851, 1696, 1421 }; /* YYR1[RULE-NUM] -- Symbol kind of the left-hand side of rule RULE-NUM. */ @@ -28467,7 +28479,7 @@ 1, 3, 1, 1, 0, 5, 3, 0, 0, 6, 0, 0, 3, 1, 3, 0, 3, 0, 7, 1, 3, 3, 3, 3, 3, 3, 3, 3, 3, 3, - 3, 3, 3, 3, 3, 3, 3, 5, 5, 5, + 3, 3, 3, 3, 3, 3, 4, 5, 5, 5, 1, 0, 1, 3, 1, 0, 1, 3, 1, 0, 1, 3, 1, 3, 3, 3, 3, 3, 3, 3, 3, 0, 1, 1, 0, 1, 3, 0, 0, 8, @@ -29066,7 +29078,7 @@ if (!((*yyvaluep).expr_lex)->sp_lex_in_use) delete ((*yyvaluep).expr_lex); } -#line 29070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case YYSYMBOL_cursor_actual_parameters: /* cursor_actual_parameters */ @@ -29083,7 +29095,7 @@ } } } -#line 29087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case YYSYMBOL_opt_parenthesized_cursor_actual_parameters: /* opt_parenthesized_cursor_actual_parameters */ @@ -29100,7 +29112,7 @@ } } } -#line 29104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; default: @@ -29383,7 +29395,7 @@ thd->lex->sql_command= SQLCOM_EMPTY_QUERY; YYLIP->found_semicolon= NULL; } -#line 29387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3: /* $@1: %empty */ @@ -29410,7 +29422,7 @@ lip->found_semicolon= NULL; } } -#line 29414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 5: /* query: directly_executable_statement END_OF_INPUT */ @@ -29419,7 +29431,7 @@ /* Single query, not terminated. */ YYLIP->found_semicolon= NULL; } -#line 29423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 71: /* deallocate: deallocate_or_drop PREPARE_SYM ident */ @@ -29427,7 +29439,7 @@ { Lex->stmt_deallocate_prepare((yyvsp[0].ident_sys)); } -#line 29431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29443 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 74: /* $@2: %empty */ @@ -29437,7 +29449,7 @@ thd->where_str= Lex->clause_that_disallows_subselect= "PREPARE..FROM"; } -#line 29441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 75: /* prepare: PREPARE_SYM ident FROM $@2 expr */ @@ -29447,7 +29459,7 @@ if (Lex->stmt_prepare((yyvsp[-3].ident_sys), (yyvsp[0].item))) MYSQL_YYABORT; } -#line 29451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 76: /* execute: EXECUTE_SYM ident execute_using */ @@ -29456,7 +29468,7 @@ if (Lex->stmt_execute((yyvsp[-1].ident_sys), (yyvsp[0].item_list))) MYSQL_YYABORT; } -#line 29460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 77: /* $@3: %empty */ @@ -29466,13 +29478,13 @@ thd->where_str= Lex->clause_that_disallows_subselect= "EXECUTE IMMEDIATE"; } -#line 29470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 78: /* $@4: %empty */ #line 2199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= NULL; } -#line 29476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 79: /* execute: EXECUTE_SYM IMMEDIATE_SYM $@3 expr $@4 execute_using */ @@ -29481,19 +29493,19 @@ if (Lex->stmt_execute_immediate((yyvsp[-2].item), (yyvsp[0].item_list))) MYSQL_YYABORT; } -#line 29485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 80: /* execute_using: %empty */ #line 2208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 29491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 81: /* $@5: %empty */ #line 2210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "EXECUTE..USING"; } -#line 29497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 82: /* execute_using: USING $@5 execute_params */ @@ -29502,7 +29514,7 @@ (yyval.item_list)= (yyvsp[0].item_list); Lex->clause_that_disallows_subselect= NULL; } -#line 29506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 83: /* execute_params: expr_or_ignore_or_default */ @@ -29511,7 +29523,7 @@ if (unlikely(!((yyval.item_list)= List::make(thd->mem_root, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 29515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 84: /* execute_params: execute_params ',' expr_or_ignore_or_default */ @@ -29520,7 +29532,7 @@ if (((yyval.item_list)= (yyvsp[-2].item_list))->push_back((yyvsp[0].item), thd->mem_root)) MYSQL_YYABORT; } -#line 29524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 85: /* $@6: %empty */ @@ -29529,7 +29541,7 @@ if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "HELP")); } -#line 29533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 86: /* help: HELP_SYM $@6 ident_or_text */ @@ -29539,7 +29551,7 @@ lex->sql_command= SQLCOM_HELP; lex->help_arg= (yyvsp[0].lex_str).str; } -#line 29543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 87: /* $@7: %empty */ @@ -29547,13 +29559,13 @@ { Lex->sql_command = SQLCOM_CHANGE_MASTER; } -#line 29551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 88: /* change: CHANGE MASTER_SYM optional_connection_name TO_SYM $@7 master_defs optional_for_channel */ #line 2257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 29557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 91: /* master_def: MASTER_HOST_SYM '=' TEXT_STRING_sys */ @@ -29561,7 +29573,7 @@ { Lex->mi.host = (yyvsp[0].lex_str).str; } -#line 29565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 92: /* master_def: MASTER_USER_SYM '=' TEXT_STRING_sys */ @@ -29569,7 +29581,7 @@ { Lex->mi.user = (yyvsp[0].lex_str).str; } -#line 29573 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 93: /* master_def: MASTER_PASSWORD_SYM '=' TEXT_STRING_sys */ @@ -29577,7 +29589,7 @@ { Lex->mi.password = (yyvsp[0].lex_str).str; } -#line 29581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 94: /* master_def: MASTER_PORT_SYM '=' ulong_num */ @@ -29585,7 +29597,7 @@ { Lex->mi.port = (yyvsp[0].ulong_num); } -#line 29589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 95: /* master_def: MASTER_CONNECT_RETRY_SYM '=' ulong_num */ @@ -29593,7 +29605,7 @@ { Lex->mi.connect_retry = (yyvsp[0].ulong_num); } -#line 29597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 96: /* master_def: MASTER_DELAY_SYM '=' ulong_num */ @@ -29607,7 +29619,7 @@ else Lex->mi.sql_delay = (yyvsp[0].ulong_num); } -#line 29611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 97: /* master_def: MASTER_SSL_SYM '=' ulong_num */ @@ -29616,7 +29628,7 @@ Lex->mi.ssl= (yyvsp[0].ulong_num) ? LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE; } -#line 29620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 98: /* master_def: MASTER_SSL_CA_SYM '=' TEXT_STRING_sys */ @@ -29624,7 +29636,7 @@ { Lex->mi.ssl_ca= (yyvsp[0].lex_str).str; } -#line 29628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 99: /* master_def: MASTER_SSL_CAPATH_SYM '=' TEXT_STRING_sys */ @@ -29632,7 +29644,7 @@ { Lex->mi.ssl_capath= (yyvsp[0].lex_str).str; } -#line 29636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 100: /* master_def: MASTER_SSL_CERT_SYM '=' TEXT_STRING_sys */ @@ -29640,7 +29652,7 @@ { Lex->mi.ssl_cert= (yyvsp[0].lex_str).str; } -#line 29644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 101: /* master_def: MASTER_SSL_CIPHER_SYM '=' TEXT_STRING_sys */ @@ -29648,7 +29660,7 @@ { Lex->mi.ssl_cipher= (yyvsp[0].lex_str).str; } -#line 29652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 102: /* master_def: MASTER_SSL_KEY_SYM '=' TEXT_STRING_sys */ @@ -29656,7 +29668,7 @@ { Lex->mi.ssl_key= (yyvsp[0].lex_str).str; } -#line 29660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 103: /* master_def: MASTER_SSL_VERIFY_SERVER_CERT_SYM '=' ulong_num */ @@ -29665,7 +29677,7 @@ Lex->mi.ssl_verify_server_cert= (yyvsp[0].ulong_num) ? LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE; } -#line 29669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 104: /* master_def: MASTER_SSL_CRL_SYM '=' TEXT_STRING_sys */ @@ -29673,7 +29685,7 @@ { Lex->mi.ssl_crl= (yyvsp[0].lex_str).str; } -#line 29677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 105: /* master_def: MASTER_SSL_CRLPATH_SYM '=' TEXT_STRING_sys */ @@ -29681,10 +29693,10 @@ { Lex->mi.ssl_crlpath= (yyvsp[0].lex_str).str; } -#line 29685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; - case 106: /* master_def: MASTER_HEARTBEAT_PERIOD_SYM '=' NUM_literal */ + case 106: /* master_def: MASTER_HEARTBEAT_PERIOD_SYM '=' opt_plus NUM_literal */ #line 2336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.heartbeat_period= (float) (yyvsp[0].item_num)->val_real(); @@ -29713,7 +29725,7 @@ } Lex->mi.heartbeat_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 29717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 107: /* master_def: IGNORE_SERVER_IDS_SYM '=' '(' ignore_server_id_list ')' */ @@ -29721,7 +29733,7 @@ { Lex->mi.repl_ignore_server_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 29725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 108: /* master_def: DO_DOMAIN_IDS_SYM '=' '(' do_domain_id_list ')' */ @@ -29729,7 +29741,7 @@ { Lex->mi.repl_do_domain_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 29733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 109: /* master_def: IGNORE_DOMAIN_IDS_SYM '=' '(' ignore_domain_id_list ')' */ @@ -29737,7 +29749,7 @@ { Lex->mi.repl_ignore_domain_ids_opt= LEX_MASTER_INFO::LEX_MI_ENABLE; } -#line 29741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 114: /* ignore_server_id: ulong_num */ @@ -29745,7 +29757,7 @@ { insert_dynamic(&Lex->mi.repl_ignore_server_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 29749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 118: /* do_domain_id: ulong_num */ @@ -29753,7 +29765,7 @@ { insert_dynamic(&Lex->mi.repl_do_domain_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 29757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 122: /* ignore_domain_id: ulong_num */ @@ -29761,7 +29773,7 @@ { insert_dynamic(&Lex->mi.repl_ignore_domain_ids, (uchar*) &((yyvsp[0].ulong_num))); } -#line 29765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 123: /* master_file_def: MASTER_LOG_FILE_SYM '=' TEXT_STRING_sys */ @@ -29769,7 +29781,7 @@ { Lex->mi.log_file_name = (yyvsp[0].lex_str).str; } -#line 29773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 124: /* master_file_def: MASTER_LOG_POS_SYM '=' ulonglong_num */ @@ -29788,7 +29800,7 @@ */ Lex->mi.pos= MY_MAX(BIN_LOG_HEADER_SIZE, (yyvsp[0].ulonglong_number)); } -#line 29792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 125: /* master_file_def: RELAY_LOG_FILE_SYM '=' TEXT_STRING_sys */ @@ -29796,7 +29808,7 @@ { Lex->mi.relay_log_name = (yyvsp[0].lex_str).str; } -#line 29800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 126: /* master_file_def: RELAY_LOG_POS_SYM '=' ulong_num */ @@ -29806,7 +29818,7 @@ /* Adjust if < BIN_LOG_HEADER_SIZE (same comment as Lex->mi.pos) */ Lex->mi.relay_log_pos= MY_MAX(BIN_LOG_HEADER_SIZE, Lex->mi.relay_log_pos); } -#line 29810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 127: /* master_file_def: MASTER_USE_GTID_SYM '=' CURRENT_POS_SYM */ @@ -29816,7 +29828,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_CURRENT_POS; } -#line 29820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 128: /* master_file_def: MASTER_USE_GTID_SYM '=' SLAVE_POS_SYM */ @@ -29826,7 +29838,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_SLAVE_POS; } -#line 29830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 129: /* master_file_def: MASTER_USE_GTID_SYM '=' NO_SYM */ @@ -29836,7 +29848,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MASTER_use_gtid")); Lex->mi.use_gtid_opt= LEX_MASTER_INFO::LEX_GTID_NO; } -#line 29840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 130: /* master_file_def: MASTER_DEMOTE_TO_SLAVE_SYM '=' bool */ @@ -29844,7 +29856,7 @@ { Lex->mi.is_demotion_opt= (bool) (yyvsp[0].ulong_num); } -#line 29848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 131: /* optional_connection_name: %empty */ @@ -29853,7 +29865,7 @@ LEX *lex= thd->lex; lex->mi.connection_name= null_clex_str; } -#line 29857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 133: /* connection_name: TEXT_STRING_sys */ @@ -29865,7 +29877,7 @@ my_yyabort_error((ER_WRONG_ARGUMENTS, MYF(0), "MASTER_CONNECTION_NAME")); #endif } -#line 29869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 134: /* optional_for_channel: %empty */ @@ -29873,7 +29885,7 @@ { /*do nothing */ } -#line 29877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 136: /* for_channel: FOR_SYM CHANNEL_SYM TEXT_STRING_sys */ @@ -29893,7 +29905,7 @@ } } -#line 29897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 137: /* $@8: %empty */ @@ -29909,7 +29921,7 @@ if (lex->set_command_with_check(SQLCOM_CREATE_TABLE, (yyvsp[-2].num), (yyvsp[-3].object_ddl_options) | (yyvsp[0].object_ddl_options))) MYSQL_YYABORT; } -#line 29913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 138: /* $@9: %empty */ @@ -29930,7 +29942,7 @@ lex->create_last_non_select_table= lex->last_table(); lex->inc_select_stack_outer_barrier(); } -#line 29934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 139: /* create: create_or_replace opt_temporary TABLE_SYM opt_if_not_exists $@8 table_ident $@9 create_body */ @@ -29940,7 +29952,7 @@ create_table_set_open_action_and_adjust_tables(lex); Lex->pop_select(); //main select } -#line 29944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 140: /* $@10: %empty */ @@ -29974,7 +29986,7 @@ new (thd->mem_root) sequence_definition()))) MYSQL_YYABORT; } -#line 29978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 29990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 141: /* create: create_or_replace opt_temporary SEQUENCE_SYM opt_if_not_exists table_ident $@10 opt_sequence opt_create_table_options */ @@ -30005,7 +30017,7 @@ create_table_set_open_action_and_adjust_tables(lex); Lex->pop_select(); //main select } -#line 30009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 142: /* $@11: %empty */ @@ -30014,7 +30026,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 30018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 143: /* $@12: %empty */ @@ -30025,7 +30037,7 @@ if (Lex->add_create_index(Key::MULTIPLE, &(yyvsp[-3].ident_sys), (yyvsp[-2].key_alg), (yyvsp[-7].object_ddl_options) | (yyvsp[-5].object_ddl_options))) MYSQL_YYABORT; } -#line 30029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 144: /* create: create_or_replace INDEX_SYM opt_if_not_exists $@11 ident opt_key_algorithm_clause ON table_ident $@12 '(' key_list ')' opt_lock_wait_timeout normal_key_options opt_index_lock_algorithm */ @@ -30033,7 +30045,7 @@ { Lex->pop_select(); //main select } -#line 30037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 145: /* $@13: %empty */ @@ -30042,7 +30054,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 30046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 146: /* $@14: %empty */ @@ -30053,7 +30065,7 @@ if (Lex->add_create_index(Key::UNIQUE, &(yyvsp[-3].ident_sys), (yyvsp[-2].key_alg), (yyvsp[-8].object_ddl_options) | (yyvsp[-5].object_ddl_options))) MYSQL_YYABORT; } -#line 30057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 147: /* create: create_or_replace UNIQUE_SYM INDEX_SYM opt_if_not_exists $@13 ident opt_key_algorithm_clause ON table_ident $@14 '(' key_list opt_without_overlaps ')' opt_lock_wait_timeout normal_key_options opt_index_lock_algorithm */ @@ -30061,7 +30073,7 @@ { Lex->pop_select(); //main select } -#line 30065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 148: /* $@15: %empty */ @@ -30070,7 +30082,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 30074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 149: /* $@16: %empty */ @@ -30081,7 +30093,7 @@ if (Lex->add_create_index((yyvsp[-6].key_type), &(yyvsp[-2].ident_sys), HA_KEY_ALG_UNDEF, (yyvsp[-7].object_ddl_options) | (yyvsp[-3].object_ddl_options))) MYSQL_YYABORT; } -#line 30085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 150: /* create: create_or_replace fulltext INDEX_SYM $@15 opt_if_not_exists ident ON table_ident $@16 '(' key_list ')' opt_lock_wait_timeout fulltext_key_options opt_index_lock_algorithm */ @@ -30089,7 +30101,7 @@ { Lex->pop_select(); //main select } -#line 30093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 151: /* $@17: %empty */ @@ -30098,7 +30110,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 30102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 152: /* $@18: %empty */ @@ -30109,7 +30121,7 @@ if (Lex->add_create_index((yyvsp[-6].key_type), &(yyvsp[-2].ident_sys), HA_KEY_ALG_UNDEF, (yyvsp[-7].object_ddl_options) | (yyvsp[-3].object_ddl_options))) MYSQL_YYABORT; } -#line 30113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 153: /* create: create_or_replace spatial_or_vector INDEX_SYM $@17 opt_if_not_exists ident ON table_ident $@18 '(' key_part_simple ')' opt_lock_wait_timeout spatial_key_options opt_index_lock_algorithm */ @@ -30118,7 +30130,7 @@ Lex->last_key->columns.push_back((yyvsp[-4].key_part), thd->mem_root); Lex->pop_select(); //main select } -#line 30122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 154: /* $@19: %empty */ @@ -30126,7 +30138,7 @@ { Lex->create_info.init(); } -#line 30130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 155: /* create: create_or_replace DATABASE opt_if_not_exists ident $@19 opt_create_database_options */ @@ -30138,7 +30150,7 @@ MYSQL_YYABORT; lex->name= (yyvsp[-2].ident_sys); } -#line 30142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 156: /* $@20: %empty */ @@ -30151,7 +30163,7 @@ DTYPE_ALGORITHM_UNDEFINED, (yyvsp[-3].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 30155 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 157: /* create: create_or_replace definer_opt opt_view_suid VIEW_SYM opt_if_not_exists table_ident $@20 view_list_opt AS view_select */ @@ -30159,7 +30171,7 @@ { Lex->pop_select(); //main select } -#line 30163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 158: /* $@21: %empty */ @@ -30171,7 +30183,7 @@ MYSQL_YYABORT; Lex->inc_select_stack_outer_barrier(); } -#line 30175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 159: /* create: create_or_replace view_algorithm definer_opt opt_view_suid VIEW_SYM opt_if_not_exists table_ident $@21 view_list_opt AS view_select */ @@ -30179,7 +30191,7 @@ { Lex->pop_select(); //main select } -#line 30183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 160: /* $@22: %empty */ @@ -30189,7 +30201,7 @@ MYSQL_YYABORT; Lex->create_info.set((yyvsp[-2].object_ddl_options)); } -#line 30193 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 161: /* create: create_or_replace definer_opt TRIGGER_SYM $@22 trigger_tail */ @@ -30197,7 +30209,7 @@ { Lex->pop_select(); //main select } -#line 30201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 162: /* $@23: %empty */ @@ -30207,7 +30219,7 @@ MYSQL_YYABORT; Lex->create_info.set((yyvsp[-2].object_ddl_options)); } -#line 30211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 163: /* create: create_or_replace definer_opt EVENT_SYM $@23 event_tail */ @@ -30215,7 +30227,7 @@ { Lex->pop_select(); //main select } -#line 30219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 164: /* create: create_or_replace USER_SYM opt_if_not_exists clear_privileges grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration */ @@ -30225,7 +30237,7 @@ (yyvsp[-7].object_ddl_options) | (yyvsp[-5].object_ddl_options)))) MYSQL_YYABORT; } -#line 30229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 165: /* create: create_or_replace ROLE_SYM opt_if_not_exists clear_privileges role_list opt_with_admin */ @@ -30235,25 +30247,25 @@ (yyvsp[-5].object_ddl_options) | (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 30239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 166: /* $@24: %empty */ #line 2764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_CREATE_SERVER, (yyvsp[0].object_ddl_options)); } -#line 30245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 167: /* create: create_or_replace $@24 server_def */ #line 2766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 30251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 169: /* opt_sequence: %empty */ #line 2771 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 30257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 173: /* sequence_def: AS int_type field_options */ @@ -30269,7 +30281,7 @@ seq->is_unsigned= (yyvsp[0].ulong_num) & UNSIGNED_FLAG ? true : false; seq->used_fields|= seq_field_used_as; } -#line 30273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 174: /* sequence_def: MINVALUE_SYM opt_equal sequence_truncated_value_hybrid_num */ @@ -30278,13 +30290,13 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_min_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); - seq->min_value_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->min_value_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_min_value; seq->used_fields|= seq_field_specified_min_value; } -#line 30288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 175: /* sequence_def: NO_SYM MINVALUE_SYM */ @@ -30295,7 +30307,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); seq->used_fields|= seq_field_used_min_value; } -#line 30299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 176: /* sequence_def: NOMINVALUE_SYM */ @@ -30306,7 +30318,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MINVALUE")); seq->used_fields|= seq_field_used_min_value; } -#line 30310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 177: /* sequence_def: MAXVALUE_SYM opt_equal sequence_truncated_value_hybrid_num */ @@ -30315,11 +30327,11 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_max_value)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); - seq->max_value_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->max_value_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_max_value; seq->used_fields|= seq_field_specified_max_value; } -#line 30323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 178: /* sequence_def: NO_SYM MAXVALUE_SYM */ @@ -30330,7 +30342,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); seq->used_fields|= seq_field_used_max_value; } -#line 30334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 179: /* sequence_def: NOMAXVALUE_SYM */ @@ -30341,7 +30353,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "MAXVALUE")); seq->used_fields|= seq_field_used_max_value; } -#line 30345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 180: /* sequence_def: START_SYM opt_with sequence_value_hybrid_num */ @@ -30350,10 +30362,10 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_start)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "START")); - seq->start_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->start_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_start; } -#line 30357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 181: /* sequence_def: INCREMENT_SYM opt_by sequence_value_num */ @@ -30365,7 +30377,7 @@ seq->increment= (yyvsp[0].longlong_number); seq->used_fields|= seq_field_used_increment; } -#line 30369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 182: /* sequence_def: CACHE_SYM opt_equal sequence_value_num */ @@ -30377,7 +30389,7 @@ seq->cache= (yyvsp[0].longlong_number); seq->used_fields|= seq_field_used_cache; } -#line 30381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 183: /* sequence_def: NOCACHE_SYM */ @@ -30389,7 +30401,7 @@ seq->cache= 0; seq->used_fields|= seq_field_used_cache; } -#line 30393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 184: /* sequence_def: CYCLE_SYM */ @@ -30401,7 +30413,7 @@ seq->cycle= 1; seq->used_fields|= seq_field_used_cycle; } -#line 30405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 185: /* sequence_def: NOCYCLE_SYM */ @@ -30413,7 +30425,7 @@ seq->cycle= 0; seq->used_fields|= seq_field_used_cycle; } -#line 30417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 186: /* sequence_def: RESTART_SYM */ @@ -30429,7 +30441,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "RESTART")); seq->used_fields|= seq_field_used_restart; } -#line 30433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 187: /* sequence_def: RESTART_SYM opt_with sequence_value_hybrid_num */ @@ -30443,23 +30455,23 @@ sequence_definition *seq= Lex->create_info.seq_create_info; if (unlikely(seq->used_fields & seq_field_used_restart)) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "RESTART")); - seq->restart_from_parser= (yyvsp[0].longlong_hybrid_number); + seq->restart_from_parser= Longlong_hybrid((yyvsp[0].longlong_hybrid_number).num, (yyvsp[0].longlong_hybrid_number).is_unsigned); seq->used_fields|= seq_field_used_restart | seq_field_used_restart_value; } -#line 30451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 188: /* force_lookahead: %empty */ #line 2918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 189: /* force_lookahead: FORCE_LOOKAHEAD */ #line 2918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30475 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 190: /* $@25: %empty */ @@ -30469,13 +30481,13 @@ MYSQL_YYABORT; Lex->server_options.reset((yyvsp[0].lex_str)); } -#line 30473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 191: /* server_def: SERVER_SYM opt_if_not_exists ident_or_text $@25 FOREIGN DATA_SYM WRAPPER_SYM ident_or_text OPTIONS_SYM '(' server_options_list ')' */ #line 2929 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->server_options.scheme= (yyvsp[-4].lex_str); } -#line 30479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 194: /* server_option: USER_SYM TEXT_STRING_sys */ @@ -30492,7 +30504,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 195: /* server_option: HOST_SYM TEXT_STRING_sys */ @@ -30509,7 +30521,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 196: /* server_option: DATABASE TEXT_STRING_sys */ @@ -30526,7 +30538,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 197: /* server_option: OWNER_SYM TEXT_STRING_sys */ @@ -30543,7 +30555,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 198: /* server_option: PASSWORD_SYM TEXT_STRING_sys */ @@ -30560,7 +30572,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 199: /* server_option: SOCKET_SYM TEXT_STRING_sys */ @@ -30577,7 +30589,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 200: /* server_option: PORT_SYM ulong_num */ @@ -30608,7 +30620,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 201: /* server_option: PORT_SYM TEXT_STRING_sys */ @@ -30633,7 +30645,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 202: /* server_option: IDENT_sys TEXT_STRING_sys */ @@ -30648,7 +30660,7 @@ new_option->link(&Lex->server_options.option_list, &Lex->option_list_last); } -#line 30652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 203: /* $@26: %empty */ @@ -30669,7 +30681,7 @@ lex->sql_command= SQLCOM_CREATE_EVENT; /* We need that for disallowing subqueries */ } -#line 30673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 204: /* event_tail: remember_name opt_if_not_exists sp_name $@26 ON SCHEDULE_SYM ev_schedule_time opt_ev_on_completion opt_ev_status opt_ev_comment DO_SYM ev_sql_stmt */ @@ -30681,7 +30693,7 @@ */ Lex->sql_command= SQLCOM_CREATE_EVENT; } -#line 30685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 205: /* $@27: %empty */ @@ -30690,7 +30702,7 @@ Lex->event_parse_data->item_expression= (yyvsp[-1].item); Lex->event_parse_data->interval= (yyvsp[0].interval); } -#line 30694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 207: /* ev_schedule_time: AT_SYM expr */ @@ -30698,13 +30710,13 @@ { Lex->event_parse_data->item_execute_at= (yyvsp[0].item); } -#line 30702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 208: /* opt_ev_status: %empty */ #line 3125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 30708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 209: /* opt_ev_status: ENABLE_SYM */ @@ -30714,7 +30726,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 30718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 210: /* opt_ev_status: DISABLE_SYM ON SLAVE */ @@ -30724,7 +30736,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 30728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 211: /* opt_ev_status: DISABLE_SYM */ @@ -30734,7 +30746,7 @@ Lex->event_parse_data->status_changed= true; (yyval.num)= 1; } -#line 30738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 212: /* ev_starts: %empty */ @@ -30745,7 +30757,7 @@ MYSQL_YYABORT; Lex->event_parse_data->item_starts= item; } -#line 30749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 213: /* ev_starts: STARTS_SYM expr */ @@ -30753,7 +30765,7 @@ { Lex->event_parse_data->item_starts= (yyvsp[0].item); } -#line 30757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 215: /* ev_ends: ENDS_SYM expr */ @@ -30761,13 +30773,13 @@ { Lex->event_parse_data->item_ends= (yyvsp[0].item); } -#line 30765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 216: /* opt_ev_on_completion: %empty */ #line 3169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 30771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 218: /* ev_on_completion: ON COMPLETION_SYM opt_not PRESERVE_SYM */ @@ -30778,13 +30790,13 @@ : Event_parse_data::ON_COMPLETION_PRESERVE; (yyval.num)= 1; } -#line 30782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 219: /* opt_ev_comment: %empty */ #line 3184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 30788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 220: /* opt_ev_comment: COMMENT_SYM TEXT_STRING_sys */ @@ -30793,7 +30805,7 @@ Lex->comment= Lex->event_parse_data->comment= (yyvsp[0].lex_str); (yyval.num)= 1; } -#line 30797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 221: /* $@28: %empty */ @@ -30830,7 +30842,7 @@ lex->sphead->set_body_start(thd, lip->get_cpp_ptr()); } -#line 30834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 222: /* ev_sql_stmt: $@28 sp_proc_stmt force_lookahead */ @@ -30840,7 +30852,7 @@ if (Lex->sp_body_finalize_event(thd)) MYSQL_YYABORT; } -#line 30844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 223: /* clear_privileges: %empty */ @@ -30851,55 +30863,55 @@ lex->first_select_lex()->db= null_clex_str; lex->account_options.reset(); } -#line 30855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 224: /* opt_aggregate: %empty */ #line 3244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_aggregate_type)= NOT_AGGREGATE; } -#line 30861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 225: /* opt_aggregate: AGGREGATE_SYM */ #line 3245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_aggregate_type)= GROUP_AGGREGATE; } -#line 30867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 226: /* sp_handler: FUNCTION_SYM */ #line 3250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_function; } -#line 30873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 227: /* sp_handler: PROCEDURE_SYM */ #line 3251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_procedure; } -#line 30879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 230: /* sp_handler_package_spec: PACKAGE_ORACLE_SYM */ #line 3257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_spec; } -#line 30885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 231: /* sp_handler_package_spec: PACKAGE_MARIADB_SYM */ #line 3258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_spec; } -#line 30891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 232: /* sp_handler_package_body: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM */ #line 3262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_body; } -#line 30897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 233: /* sp_handler_package_body: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM */ #line 3263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_handler)= &sp_handler_package_body; } -#line 30903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 234: /* drop_routine: DROP sp_handler opt_if_exists ident '.' ident */ @@ -30908,7 +30920,7 @@ if (Lex->stmt_drop_routine((yyvsp[-4].sp_handler), (yyvsp[-3].object_ddl_options), (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 30912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 235: /* drop_routine: DROP sp_handler opt_if_exists ident */ @@ -30917,7 +30929,7 @@ if (Lex->stmt_drop_routine((yyvsp[-2].sp_handler), (yyvsp[-1].object_ddl_options), Lex_ident_sys(), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 30921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 236: /* sp_name: ident '.' ident */ @@ -30926,7 +30938,7 @@ if (unlikely(!((yyval.spname)= Lex->make_sp_name(thd, (yyvsp[-2].ident_sys), (yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 30930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 237: /* sp_name: ident */ @@ -30935,97 +30947,97 @@ if (unlikely(!((yyval.spname)= Lex->make_sp_name(thd, (yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 30939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 238: /* sp_a_chistics: %empty */ #line 3294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 239: /* sp_a_chistics: sp_a_chistics sp_chistic */ #line 3295 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 240: /* sp_c_chistics: %empty */ #line 3299 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 241: /* sp_c_chistics: sp_c_chistics sp_c_chistic */ #line 3300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 30963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 242: /* sp_chistic: COMMENT_SYM TEXT_STRING_sys */ #line 3306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.comment= (yyvsp[0].lex_str); } -#line 30969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 243: /* sp_chistic: LANGUAGE_SYM SQL_SYM */ #line 3308 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Just parse it, we only have one language for now. */ } -#line 30975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 244: /* sp_chistic: NO_SYM SQL_SYM */ #line 3310 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_NO_SQL; } -#line 30981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 245: /* sp_chistic: CONTAINS_SYM SQL_SYM */ #line 3312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_CONTAINS_SQL; } -#line 30987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 30999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 246: /* sp_chistic: READS_SYM SQL_SYM DATA_SYM */ #line 3314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_READS_SQL_DATA; } -#line 30993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 247: /* sp_chistic: MODIFIES_SYM SQL_SYM DATA_SYM */ #line 3316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.daccess= SP_MODIFIES_SQL_DATA; } -#line 30999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 248: /* sp_chistic: sp_suid */ #line 3318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.suid= (yyvsp[0].sp_suid); } -#line 31005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 249: /* sp_c_chistic: sp_chistic */ #line 3323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 31011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 250: /* sp_c_chistic: opt_not DETERMINISTIC_SYM */ #line 3324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.detistic= ! (yyvsp[-1].num); } -#line 31017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 251: /* sp_suid: SQL_SYM SECURITY_SYM DEFINER_SYM */ #line 3328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_suid)= SP_IS_SUID; } -#line 31023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 252: /* sp_suid: SQL_SYM SECURITY_SYM INVOKER_SYM */ #line 3329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_suid)= SP_IS_NOT_SUID; } -#line 31029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 253: /* $@29: %empty */ @@ -31034,7 +31046,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 31038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 254: /* call: CALL_SYM ident $@29 opt_sp_cparam_list */ @@ -31043,7 +31055,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 31047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 255: /* $@30: %empty */ @@ -31052,7 +31064,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 31056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 256: /* call: CALL_SYM ident '.' ident $@30 opt_sp_cparam_list */ @@ -31061,7 +31073,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 31065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 257: /* $@31: %empty */ @@ -31070,7 +31082,7 @@ if (unlikely(Lex->call_statement_start(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 31074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 258: /* call: CALL_SYM ident '.' ident '.' ident $@31 opt_sp_cparam_list */ @@ -31079,7 +31091,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 31083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 260: /* $@32: %empty */ @@ -31088,7 +31100,7 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "CALL"; } -#line 31092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 264: /* sp_cparams: sp_cparams ',' expr */ @@ -31096,7 +31108,7 @@ { Lex->value_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 31100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 265: /* sp_cparams: expr */ @@ -31104,7 +31116,7 @@ { Lex->value_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 31108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 266: /* sp_fdparam_list: %empty */ @@ -31113,7 +31125,7 @@ Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start(); Lex->sphead->m_param_end= Lex->sphead->m_param_begin; } -#line 31117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 267: /* $@33: %empty */ @@ -31121,7 +31133,7 @@ { Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start(); } -#line 31125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 268: /* sp_fdparam_list: $@33 sp_fdparams */ @@ -31129,7 +31141,7 @@ { Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start(); } -#line 31133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31145 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 273: /* sp_param_name: ident */ @@ -31138,7 +31150,7 @@ if (unlikely(!((yyval.spvar)= Lex->sp_param_init(&(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 274: /* sp_param_name_and_mode_init_vars: sp_param_name_and_mode */ @@ -31147,25 +31159,25 @@ Lex->sp_variable_declarations_init(thd, 1); (yyval.spvar)= (yyvsp[0].spvar); } -#line 31151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 279: /* sp_parameter_type: IN_SYM */ #line 3446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_IN; } -#line 31157 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 280: /* sp_parameter_type: OUT_SYM */ #line 3447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_OUT; } -#line 31163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 281: /* sp_parameter_type: INOUT_SYM */ #line 3448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_INOUT; } -#line 31169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 282: /* $@34: %empty */ @@ -31173,7 +31185,7 @@ { Lex->sphead->m_param_begin= YYLIP->get_cpp_tok_start() + 1; } -#line 31177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 283: /* sp_parenthesized_pdparam_list: '(' $@34 sp_pdparam_list ')' */ @@ -31181,7 +31193,7 @@ { Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start(); } -#line 31185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 284: /* sp_param_default: sp_param_init_vars sp_opt_default */ @@ -31190,7 +31202,7 @@ if (unlikely(Lex->sp_param_set_default_and_finalize(((yyval.spvar)= (yyvsp[-1].spvar)), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; } -#line 31194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 285: /* sp_param: sp_param_init_vars */ @@ -31199,19 +31211,19 @@ if (unlikely(Lex->sp_param_set_default_and_finalize(((yyval.spvar)= (yyvsp[0].spvar)), nullptr, empty_clex_str))) MYSQL_YYABORT; } -#line 31203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 287: /* sp_proc_stmts: %empty */ #line 3484 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 289: /* sp_proc_stmts1: sp_proc_stmt ';' */ #line 3489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 291: /* optionally_qualified_column_ident: sp_decl_ident */ @@ -31221,7 +31233,7 @@ Qualified_column_ident(&(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 292: /* optionally_qualified_column_ident: sp_decl_ident '.' ident */ @@ -31231,7 +31243,7 @@ Qualified_column_ident(&(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 293: /* optionally_qualified_column_ident: sp_decl_ident '.' ident '.' ident */ @@ -31241,7 +31253,7 @@ Qualified_column_ident(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 31245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 294: /* row_field_definition: row_field_name field_type */ @@ -31250,7 +31262,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_ROUTINE_LOCAL); } -#line 31254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 295: /* row_field_definition_list: row_field_definition */ @@ -31259,7 +31271,7 @@ if (!((yyval.spvar_definition_list)= Row_definition_list::make(thd->mem_root, (yyvsp[0].spvar_definition)))) MYSQL_YYABORT; } -#line 31263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 296: /* row_field_definition_list: row_field_definition_list ',' row_field_definition */ @@ -31268,13 +31280,13 @@ if (((yyval.spvar_definition_list)= (yyvsp[-2].spvar_definition_list))->append_uniq(thd->mem_root, (yyvsp[0].spvar_definition))) MYSQL_YYABORT; } -#line 31272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 297: /* row_type_body: '(' row_field_definition_list ')' */ #line 3538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_definition_list)= (yyvsp[-1].spvar_definition_list); } -#line 31278 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 298: /* rec_field_definition: row_field_name field_type */ @@ -31283,7 +31295,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_ROUTINE_LOCAL); } -#line 31287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 300: /* rec_field_definition_anchored: row_field_name sp_decl_ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ @@ -31294,7 +31306,7 @@ (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 31298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 301: /* rec_field_definition_anchored: row_field_name sp_decl_ident '.' ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ @@ -31305,7 +31317,7 @@ (yyvsp[-4].ident_sys), (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 31309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 302: /* rec_field_definition_list: rec_field_definition */ @@ -31314,7 +31326,7 @@ if (!((yyval.spvar_definition_list)= Row_definition_list::make(thd->mem_root, (yyvsp[0].spvar_definition)))) MYSQL_YYABORT; } -#line 31318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 303: /* rec_field_definition_list: rec_field_definition_list ',' rec_field_definition */ @@ -31323,13 +31335,13 @@ if (((yyval.spvar_definition_list)= (yyvsp[-2].spvar_definition_list))->append_uniq(thd->mem_root, (yyvsp[0].spvar_definition))) MYSQL_YYABORT; } -#line 31327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 304: /* rec_type_body: '(' rec_field_definition_list ')' */ #line 3582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_definition_list)= (yyvsp[-1].spvar_definition_list); } -#line 31333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 305: /* sp_decl_idents_init_vars: sp_decl_idents */ @@ -31337,7 +31349,7 @@ { Lex->sp_variable_declarations_init(thd, (yyvsp[0].num)); } -#line 31341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 306: /* $@35: %empty */ @@ -31346,7 +31358,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_ROUTINE_LOCAL); } -#line 31350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 307: /* sp_decl_variable_list: sp_decl_idents_init_vars field_type_all_with_record $@35 sp_opt_default */ @@ -31359,7 +31371,7 @@ MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-3].num)); } -#line 31363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 308: /* sp_decl_variable_list: sp_decl_idents_init_vars ROW_SYM row_type_body sp_opt_default */ @@ -31371,7 +31383,7 @@ MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-3].num)); } -#line 31375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 310: /* $@36: %empty */ @@ -31380,7 +31392,7 @@ if (unlikely(Lex->sp_handler_declaration_init(thd, (yyvsp[-2].num)))) MYSQL_YYABORT; } -#line 31384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 311: /* sp_decl_handler: sp_handler_type HANDLER_SYM FOR_SYM $@36 sp_hcond_list sp_proc_stmt */ @@ -31391,7 +31403,7 @@ (yyval.spblock).vars= (yyval.spblock).conds= (yyval.spblock).curs= 0; (yyval.spblock).hndlrs= 1; } -#line 31395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 314: /* sp_cursor_stmt_lex: %empty */ @@ -31402,7 +31414,7 @@ sp_lex_cursor(thd, thd->lex)))) MYSQL_YYABORT; } -#line 31406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 315: /* $@37: %empty */ @@ -31413,7 +31425,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 31417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 316: /* sp_cursor_stmt: sp_cursor_stmt_lex $@37 remember_name select remember_end */ @@ -31436,43 +31448,43 @@ (yyval.sp_cursor_stmt)= (yyvsp[-4].sp_cursor_stmt); } -#line 31440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 317: /* sp_handler_type: EXIT_MARIADB_SYM */ #line 3682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::EXIT; } -#line 31446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 318: /* sp_handler_type: CONTINUE_MARIADB_SYM */ #line 3683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::CONTINUE; } -#line 31452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 319: /* sp_handler_type: EXIT_ORACLE_SYM */ #line 3684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::EXIT; } -#line 31458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 320: /* sp_handler_type: CONTINUE_ORACLE_SYM */ #line 3685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= sp_handler::CONTINUE; } -#line 31464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 321: /* sp_hcond_list: sp_hcond_element */ #line 3691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 31470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 322: /* sp_hcond_list: sp_hcond_list ',' sp_hcond_element */ #line 3693 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)+= 1; } -#line 31476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 323: /* sp_hcond_element: sp_hcond */ @@ -31488,7 +31500,7 @@ sp_instr_hpush_jump *i= (sp_instr_hpush_jump *)sp->last_instruction(); i->add_condition((yyvsp[0].spcondvalue)); } -#line 31492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 324: /* sp_cond: ulong_num */ @@ -31500,7 +31512,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 326: /* sqlstate: SQLSTATE_SYM opt_value TEXT_STRING_literal */ @@ -31521,19 +31533,19 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 327: /* opt_value: %empty */ #line 3744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 328: /* opt_value: VALUE_SYM */ #line 3745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 31537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 329: /* sp_hcond: sp_cond */ @@ -31541,7 +31553,7 @@ { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 31545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 330: /* sp_hcond: ident */ @@ -31551,7 +31563,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) my_yyabort_error((ER_SP_COND_MISMATCH, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 31555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 331: /* sp_hcond: SQLWARNING_SYM */ @@ -31561,7 +31573,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 332: /* sp_hcond: not FOUND_SYM */ @@ -31571,7 +31583,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 333: /* sp_hcond: SQLEXCEPTION_SYM */ @@ -31581,7 +31593,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 334: /* sp_hcond: OTHERS_ORACLE_SYM */ @@ -31591,7 +31603,7 @@ if (unlikely((yyval.spcondvalue) == NULL)) MYSQL_YYABORT; } -#line 31595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 335: /* raise_stmt_oracle: RAISE_ORACLE_SYM opt_set_signal_information */ @@ -31600,7 +31612,7 @@ if (unlikely(Lex->add_resignal_statement(thd, NULL))) MYSQL_YYABORT; } -#line 31604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 336: /* raise_stmt_oracle: RAISE_ORACLE_SYM signal_value opt_set_signal_information */ @@ -31609,7 +31621,7 @@ if (unlikely(Lex->add_signal_statement(thd, (yyvsp[-1].spcondvalue)))) MYSQL_YYABORT; } -#line 31613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31625 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 337: /* signal_stmt: SIGNAL_SYM signal_value opt_set_signal_information */ @@ -31618,7 +31630,7 @@ if (Lex->add_signal_statement(thd, (yyvsp[-1].spcondvalue))) MYSQL_YYABORT; } -#line 31622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 338: /* signal_value: ident */ @@ -31627,25 +31639,25 @@ if (!((yyval.spcondvalue)= Lex->stmt_signal_value((yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 31631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 339: /* signal_value: sqlstate */ #line 3814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 31637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 340: /* opt_signal_value: %empty */ #line 3819 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= NULL; } -#line 31643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 341: /* opt_signal_value: signal_value */ #line 3821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spcondvalue)= (yyvsp[0].spcondvalue); } -#line 31649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 342: /* opt_set_signal_information: %empty */ @@ -31653,7 +31665,7 @@ { thd->m_parser_state->m_yacc.m_set_signal_info.clear(); } -#line 31657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 344: /* signal_information_item_list: signal_condition_information_item_name '=' signal_allowed_expr */ @@ -31665,7 +31677,7 @@ info->clear(); info->m_item[index]= (yyvsp[0].item); } -#line 31669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 345: /* signal_information_item_list: signal_information_item_list ',' signal_condition_information_item_name '=' signal_allowed_expr */ @@ -31679,13 +31691,13 @@ Diag_condition_item_names[index].str)); info->m_item[index]= (yyvsp[0].item); } -#line 31683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 346: /* signal_allowed_expr: literal */ #line 3859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 31689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 347: /* signal_allowed_expr: variable */ @@ -31707,91 +31719,91 @@ } (yyval.item)= (yyvsp[0].item); } -#line 31711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 348: /* signal_allowed_expr: simple_ident */ #line 3879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 31717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 349: /* signal_condition_information_item_name: CLASS_ORIGIN_SYM */ #line 3885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CLASS_ORIGIN; } -#line 31723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 350: /* signal_condition_information_item_name: SUBCLASS_ORIGIN_SYM */ #line 3887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_SUBCLASS_ORIGIN; } -#line 31729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 351: /* signal_condition_information_item_name: CONSTRAINT_CATALOG_SYM */ #line 3889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_CATALOG; } -#line 31735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 352: /* signal_condition_information_item_name: CONSTRAINT_SCHEMA_SYM */ #line 3891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_SCHEMA; } -#line 31741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 353: /* signal_condition_information_item_name: CONSTRAINT_NAME_SYM */ #line 3893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CONSTRAINT_NAME; } -#line 31747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 354: /* signal_condition_information_item_name: CATALOG_NAME_SYM */ #line 3895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CATALOG_NAME; } -#line 31753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 355: /* signal_condition_information_item_name: SCHEMA_NAME_SYM */ #line 3897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_SCHEMA_NAME; } -#line 31759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 356: /* signal_condition_information_item_name: TABLE_NAME_SYM */ #line 3899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_TABLE_NAME; } -#line 31765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 357: /* signal_condition_information_item_name: COLUMN_NAME_SYM */ #line 3901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_COLUMN_NAME; } -#line 31771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 358: /* signal_condition_information_item_name: CURSOR_NAME_SYM */ #line 3903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_CURSOR_NAME; } -#line 31777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 359: /* signal_condition_information_item_name: MESSAGE_TEXT_SYM */ #line 3905 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_MESSAGE_TEXT; } -#line 31783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 360: /* signal_condition_information_item_name: MYSQL_ERRNO_SYM */ #line 3907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_MYSQL_ERRNO; } -#line 31789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 361: /* signal_condition_information_item_name: ROW_NUMBER_SYM */ #line 3909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_condition_item_name)= DIAG_ROW_NUMBER; } -#line 31795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 362: /* resignal_stmt: RESIGNAL_SYM opt_signal_value opt_set_signal_information */ @@ -31800,7 +31812,7 @@ if (unlikely(Lex->add_resignal_statement(thd, (yyvsp[-1].spcondvalue)))) MYSQL_YYABORT; } -#line 31804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 363: /* $@38: %empty */ @@ -31809,7 +31821,7 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "GET DIAGNOSTICS"; } -#line 31813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 364: /* get_diagnostics: GET_SYM which_area DIAGNOSTICS_SYM $@38 diagnostics_information */ @@ -31825,19 +31837,19 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 31829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 365: /* which_area: %empty */ #line 3942 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_area)= Diagnostics_information::CURRENT_AREA; } -#line 31835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 366: /* which_area: CURRENT_SYM */ #line 3944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.diag_area)= Diagnostics_information::CURRENT_AREA; } -#line 31841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 367: /* diagnostics_information: statement_information */ @@ -31847,7 +31859,7 @@ if (unlikely((yyval.diag_info) == NULL)) MYSQL_YYABORT; } -#line 31851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 368: /* diagnostics_information: CONDITION_SYM condition_number condition_information */ @@ -31857,7 +31869,7 @@ if (unlikely((yyval.diag_info) == NULL)) MYSQL_YYABORT; } -#line 31861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 369: /* statement_information: statement_information_item */ @@ -31868,7 +31880,7 @@ unlikely((yyval.stmt_info_list)->push_back((yyvsp[0].stmt_info_item), thd->mem_root))) MYSQL_YYABORT; } -#line 31872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 370: /* statement_information: statement_information ',' statement_information_item */ @@ -31878,7 +31890,7 @@ MYSQL_YYABORT; (yyval.stmt_info_list)= (yyvsp[-2].stmt_info_list); } -#line 31882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 371: /* statement_information_item: simple_target_specification '=' statement_information_item_name */ @@ -31888,7 +31900,7 @@ if (unlikely((yyval.stmt_info_item) == NULL)) MYSQL_YYABORT; } -#line 31892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 372: /* simple_target_specification: ident_cli */ @@ -31897,7 +31909,7 @@ if (unlikely(!((yyval.item)= thd->lex->create_item_for_sp_var(&(yyvsp[0].ident_cli), NULL)))) MYSQL_YYABORT; } -#line 31901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 373: /* simple_target_specification: '@' ident_or_text */ @@ -31912,31 +31924,31 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 31916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 374: /* statement_information_item_name: NUMBER_MARIADB_SYM */ #line 4008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::NUMBER; } -#line 31922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 375: /* statement_information_item_name: NUMBER_ORACLE_SYM */ #line 4010 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::NUMBER; } -#line 31928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 376: /* statement_information_item_name: ROW_COUNT_SYM */ #line 4012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.stmt_info_item_name)= Statement_information_item::ROW_COUNT; } -#line 31934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 377: /* condition_number: signal_allowed_expr */ #line 4021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 31940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31952 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 378: /* condition_information: condition_information_item */ @@ -31947,7 +31959,7 @@ unlikely((yyval.cond_info_list)->push_back((yyvsp[0].cond_info_item), thd->mem_root))) MYSQL_YYABORT; } -#line 31951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 379: /* condition_information: condition_information ',' condition_information_item */ @@ -31957,7 +31969,7 @@ MYSQL_YYABORT; (yyval.cond_info_list)= (yyvsp[-2].cond_info_list); } -#line 31961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 380: /* condition_information_item: simple_target_specification '=' condition_information_item_name */ @@ -31967,91 +31979,91 @@ if (unlikely((yyval.cond_info_item) == NULL)) MYSQL_YYABORT; } -#line 31971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 381: /* condition_information_item_name: CLASS_ORIGIN_SYM */ #line 4051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CLASS_ORIGIN; } -#line 31977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 382: /* condition_information_item_name: SUBCLASS_ORIGIN_SYM */ #line 4053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::SUBCLASS_ORIGIN; } -#line 31983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 31995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 383: /* condition_information_item_name: CONSTRAINT_CATALOG_SYM */ #line 4055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_CATALOG; } -#line 31989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 384: /* condition_information_item_name: CONSTRAINT_SCHEMA_SYM */ #line 4057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_SCHEMA; } -#line 31995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 385: /* condition_information_item_name: CONSTRAINT_NAME_SYM */ #line 4059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CONSTRAINT_NAME; } -#line 32001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 386: /* condition_information_item_name: CATALOG_NAME_SYM */ #line 4061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CATALOG_NAME; } -#line 32007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 387: /* condition_information_item_name: SCHEMA_NAME_SYM */ #line 4063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::SCHEMA_NAME; } -#line 32013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 388: /* condition_information_item_name: TABLE_NAME_SYM */ #line 4065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::TABLE_NAME; } -#line 32019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 389: /* condition_information_item_name: COLUMN_NAME_SYM */ #line 4067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::COLUMN_NAME; } -#line 32025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 390: /* condition_information_item_name: CURSOR_NAME_SYM */ #line 4069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::CURSOR_NAME; } -#line 32031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 391: /* condition_information_item_name: MESSAGE_TEXT_SYM */ #line 4071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::MESSAGE_TEXT; } -#line 32037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 392: /* condition_information_item_name: MYSQL_ERRNO_SYM */ #line 4073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::MYSQL_ERRNO; } -#line 32043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 393: /* condition_information_item_name: RETURNED_SQLSTATE_SYM */ #line 4075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::RETURNED_SQLSTATE; } -#line 32049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 394: /* condition_information_item_name: ROW_NUMBER_SYM */ #line 4077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.cond_info_item_name)= Condition_information_item::ROW_NUMBER; } -#line 32055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 396: /* sp_decl_ident: keyword_sp_decl */ @@ -32060,7 +32072,7 @@ if (unlikely((yyval.ident_sys).copy_ident_cli(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 32064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 397: /* sp_decl_idents: sp_decl_ident */ @@ -32076,7 +32088,7 @@ spc->add_variable(thd, &(yyvsp[0].ident_sys)); (yyval.num)= 1; } -#line 32080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 398: /* sp_decl_idents: sp_decl_idents ',' ident */ @@ -32092,7 +32104,7 @@ spc->add_variable(thd, &(yyvsp[0].ident_sys)); (yyval.num)= (yyvsp[-2].num) + 1; } -#line 32096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 399: /* $@39: %empty */ @@ -32102,13 +32114,13 @@ MYSQL_YYABORT; Lex->sphead->new_cont_backpatch(NULL); } -#line 32106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 400: /* sp_proc_stmt_if: IF_SYM $@39 sp_if END IF_SYM */ #line 4124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sphead->do_cont_backpatch(); } -#line 32112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 401: /* $@40: %empty */ @@ -32125,7 +32137,7 @@ */ lex->sphead->m_tmp_query= lip->get_tok_start(); } -#line 32129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 402: /* sp_proc_stmt_statement: $@40 sp_statement */ @@ -32135,7 +32147,7 @@ Lex->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 32139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 405: /* $@41: %empty */ @@ -32146,13 +32158,13 @@ (yyvsp[0].expr_lex)->get_item(), (yyvsp[0].expr_lex)))) MYSQL_YYABORT; } -#line 32150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 406: /* sp_proc_stmt_return: RETURN_ALLMODES_SYM expr_lex $@41 */ #line 4162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 32156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 407: /* sp_proc_stmt_return: RETURN_ORACLE_SYM */ @@ -32164,7 +32176,7 @@ lex->spcont))) MYSQL_YYABORT; } -#line 32168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 408: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM */ @@ -32173,7 +32185,7 @@ if (unlikely(Lex->sp_exit_statement(thd, nullptr, empty_clex_str))) MYSQL_YYABORT; } -#line 32177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 409: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM label_ident */ @@ -32183,7 +32195,7 @@ empty_clex_str))) MYSQL_YYABORT; } -#line 32187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 410: /* $@42: %empty */ @@ -32193,13 +32205,13 @@ (yyvsp[0].expr_lex)->get_expr_str()))) MYSQL_YYABORT; } -#line 32197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 411: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM WHEN_SYM expr_lex $@42 */ #line 4191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 32203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 412: /* $@43: %empty */ @@ -32209,13 +32221,13 @@ (yyvsp[0].expr_lex)->get_expr_str()))) MYSQL_YYABORT; } -#line 32213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 413: /* sp_proc_stmt_exit_oracle: EXIT_ORACLE_SYM label_ident WHEN_SYM expr_lex $@43 */ #line 4198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 32219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 414: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM */ @@ -32224,7 +32236,7 @@ if (unlikely(Lex->sp_continue_statement(thd))) MYSQL_YYABORT; } -#line 32228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 415: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM label_ident */ @@ -32233,7 +32245,7 @@ if (unlikely(Lex->sp_continue_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 416: /* $@44: %empty */ @@ -32242,13 +32254,13 @@ if (unlikely((yyvsp[0].expr_lex)->sp_continue_when_statement(thd))) MYSQL_YYABORT; } -#line 32246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 417: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM WHEN_SYM expr_lex $@44 */ #line 4217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 32252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 418: /* $@45: %empty */ @@ -32257,13 +32269,13 @@ if (unlikely((yyvsp[0].expr_lex)->sp_continue_when_statement(thd, &(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 32261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 419: /* sp_proc_stmt_continue_oracle: CONTINUE_ORACLE_SYM label_ident WHEN_SYM expr_lex $@45 */ #line 4223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* See the comment 'COMMENT_FOR_DESCTRUCTOR' near %destructor */ } -#line 32267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 420: /* sp_proc_stmt_leave: LEAVE_SYM label_ident */ @@ -32272,7 +32284,7 @@ if (unlikely(Lex->sp_leave_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 421: /* sp_proc_stmt_iterate: ITERATE_SYM label_ident */ @@ -32281,7 +32293,7 @@ if (unlikely(Lex->sp_iterate_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 422: /* sp_proc_stmt_goto_oracle: GOTO_ORACLE_SYM label_ident */ @@ -32290,7 +32302,7 @@ if (unlikely(Lex->sp_goto_statement(thd, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 32294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 423: /* @46: %empty */ @@ -32304,7 +32316,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 32308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 424: /* expr_lex: @46 remember_start_opt expr remember_end */ @@ -32328,7 +32340,7 @@ if ((yyval.expr_lex)->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 32332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 425: /* assignment_source_lex: %empty */ @@ -32339,7 +32351,7 @@ sp_assignment_lex(thd, thd->lex)))) MYSQL_YYABORT; } -#line 32343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 426: /* $@47: %empty */ @@ -32350,7 +32362,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 32354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 427: /* assignment_source_expr: assignment_source_lex $@47 remember_cpp_ptr expr remember_end */ @@ -32374,7 +32386,7 @@ if ((yyval.assignment_lex)->sphead->restore_lex(thd)) MYSQL_YYABORT; } -#line 32378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 428: /* $@48: %empty */ @@ -32385,7 +32397,7 @@ MYSQL_YYABORT; Lex->current_select->parsing_place= FOR_LOOP_BOUND; } -#line 32389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 429: /* for_loop_bound_expr: assignment_source_lex $@48 remember_cpp_ptr expr remember_end */ @@ -32409,7 +32421,7 @@ MYSQL_YYABORT; Lex->current_select->parsing_place= NO_MATTER; } -#line 32413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 430: /* cursor_actual_parameters: assignment_source_expr */ @@ -32419,7 +32431,7 @@ MYSQL_YYABORT; (yyval.sp_assignment_lex_list)->push_back((yyvsp[0].assignment_lex), thd->mem_root); } -#line 32423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 431: /* cursor_actual_parameters: cursor_actual_parameters ',' assignment_source_expr */ @@ -32428,19 +32440,19 @@ (yyval.sp_assignment_lex_list)= (yyvsp[-2].sp_assignment_lex_list); (yyval.sp_assignment_lex_list)->push_back((yyvsp[0].assignment_lex), thd->mem_root); } -#line 32432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 432: /* opt_parenthesized_cursor_actual_parameters: %empty */ #line 4369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_assignment_lex_list)= NULL; } -#line 32438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 433: /* opt_parenthesized_cursor_actual_parameters: '(' cursor_actual_parameters ')' */ #line 4370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_assignment_lex_list)= (yyvsp[-1].sp_assignment_lex_list); } -#line 32444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 437: /* sp_proc_stmt_open: OPEN_SYM ident opt_parenthesized_cursor_actual_parameters */ @@ -32449,7 +32461,7 @@ if (unlikely(Lex->sp_open_cursor(thd, &(yyvsp[-1].ident_sys), (yyvsp[0].sp_assignment_lex_list)))) MYSQL_YYABORT; } -#line 32453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 438: /* sp_proc_stmt_fetch_head: FETCH_SYM ident INTO */ @@ -32458,7 +32470,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 32462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 439: /* sp_proc_stmt_fetch_head: FETCH_SYM FROM ident INTO */ @@ -32467,7 +32479,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 32471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32483 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 440: /* sp_proc_stmt_fetch_head: FETCH_SYM NEXT_SYM FROM ident INTO */ @@ -32476,7 +32488,7 @@ if (unlikely(!((yyval.instr_cfetch)= Lex->sp_add_instr_cfetch(thd, &(yyvsp[-1].ident_sys))))) MYSQL_YYABORT; } -#line 32480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 441: /* sp_proc_stmt_fetch: sp_proc_stmt_fetch_head sp_fetch_list */ @@ -32484,7 +32496,7 @@ { (yyvsp[-1].instr_cfetch)->set_fetch_target_list((yyvsp[0].fetch_target_list)); } -#line 32488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 442: /* sp_proc_stmt_fetch: FETCH_SYM GROUP_SYM NEXT_SYM ROW_SYM */ @@ -32493,7 +32505,7 @@ if (unlikely(Lex->sp_add_agg_cfetch())) MYSQL_YYABORT; } -#line 32497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 443: /* sp_proc_stmt_close: CLOSE_SYM ident */ @@ -32512,7 +32524,7 @@ unlikely(sp->add_instr(i))) MYSQL_YYABORT; } -#line 32516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 444: /* sp_fetch_list: ident */ @@ -32523,7 +32535,7 @@ !((yyval.fetch_target_list)= List::make(thd->mem_root, target))) MYSQL_YYABORT; } -#line 32527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 445: /* sp_fetch_list: sp_fetch_list ',' ident */ @@ -32533,7 +32545,7 @@ if (!target || (yyvsp[-2].fetch_target_list)->push_back(target, thd->mem_root)) MYSQL_YYABORT; } -#line 32537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 446: /* $@49: %empty */ @@ -32542,7 +32554,7 @@ if (unlikely((yyvsp[-1].expr_lex)->sp_if_expr(thd))) MYSQL_YYABORT; } -#line 32546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 447: /* $@50: %empty */ @@ -32551,7 +32563,7 @@ if (unlikely((yyvsp[-3].expr_lex)->sp_if_after_statements(thd))) MYSQL_YYABORT; } -#line 32555 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 448: /* sp_if: expr_lex THEN_SYM $@49 sp_if_then_statements $@50 sp_elseifs */ @@ -32561,7 +32573,7 @@ lex->sphead->backpatch(lex->spcont->pop_label()); } -#line 32565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 453: /* $@51: %empty */ @@ -32615,7 +32627,7 @@ */ Lex->spcont->push_label(thd, &empty_clex_str, Lex->sphead->instructions()); } -#line 32619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 454: /* case_stmt_specification: CASE_SYM $@51 case_stmt_body else_clause_opt END CASE_SYM */ @@ -32633,7 +32645,7 @@ Lex->sphead->do_cont_backpatch(); } -#line 32637 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 455: /* $@52: %empty */ @@ -32642,19 +32654,19 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_expr())) MYSQL_YYABORT; } -#line 32646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 456: /* case_stmt_body: expr_lex $@52 simple_when_clause_list */ #line 4554 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 32652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 457: /* case_stmt_body: searched_when_clause_list */ #line 4556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 32658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 462: /* $@53: %empty */ @@ -32664,7 +32676,7 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_when(true))) MYSQL_YYABORT; } -#line 32668 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 463: /* simple_when_clause: WHEN_SYM expr_lex $@53 THEN_SYM sp_case_then_statements */ @@ -32673,7 +32685,7 @@ if (unlikely(Lex->case_stmt_action_then())) MYSQL_YYABORT; } -#line 32677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 464: /* $@54: %empty */ @@ -32683,7 +32695,7 @@ if (unlikely((yyvsp[0].expr_lex)->case_stmt_action_when(false))) MYSQL_YYABORT; } -#line 32687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 465: /* searched_when_clause: WHEN_SYM expr_lex $@54 THEN_SYM sp_case_then_statements */ @@ -32692,7 +32704,7 @@ if (unlikely(Lex->case_stmt_action_then())) MYSQL_YYABORT; } -#line 32696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 466: /* else_clause_opt: %empty */ @@ -32707,31 +32719,31 @@ unlikely(sp->add_instr(i))) MYSQL_YYABORT; } -#line 32711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 468: /* sp_opt_label: %empty */ #line 4615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 32717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 469: /* sp_opt_label: label_ident */ #line 4616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 32723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 470: /* opt_sp_for_loop_direction: %empty */ #line 4621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 32729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 471: /* opt_sp_for_loop_direction: REVERSE_SYM */ #line 4622 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= -1; } -#line 32735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 472: /* sp_for_loop_index_and_bounds: ident_for_loop_index sp_for_loop_bounds */ @@ -32740,7 +32752,7 @@ if (unlikely(Lex->sp_for_loop_declarations(thd, &(yyval.for_loop), &(yyvsp[-1].ident_sys), (yyvsp[0].for_loop_bounds)))) MYSQL_YYABORT; } -#line 32744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 473: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction for_loop_bound_expr DOT_DOT_SYM for_loop_bound_expr */ @@ -32748,7 +32760,7 @@ { (yyval.for_loop_bounds)= Lex_for_loop_bounds_intrange((yyvsp[-3].num), (yyvsp[-2].assignment_lex), (yyvsp[0].assignment_lex)); } -#line 32752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 474: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction for_loop_bound_expr */ @@ -32759,7 +32771,7 @@ (yyval.for_loop_bounds).m_target_bound= NULL; (yyval.for_loop_bounds).m_implicit_cursor= false; } -#line 32763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 475: /* sp_for_loop_bounds: IN_SYM opt_sp_for_loop_direction '(' sp_cursor_stmt ')' */ @@ -32769,7 +32781,7 @@ (yyvsp[-1].sp_cursor_stmt)))) MYSQL_YYABORT; } -#line 32773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 476: /* loop_body: sp_proc_stmts1 END LOOP_SYM */ @@ -32784,7 +32796,7 @@ unlikely(lex->sphead->add_instr(i))) MYSQL_YYABORT; } -#line 32788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 477: /* repeat_body: sp_proc_stmts1 UNTIL_SYM expr_lex END REPEAT_SYM */ @@ -32793,7 +32805,7 @@ if ((yyvsp[-2].expr_lex)->sp_repeat_loop_finalize(thd)) MYSQL_YYABORT; } -#line 32797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 478: /* pop_sp_loop_label: sp_opt_label */ @@ -32802,7 +32814,7 @@ if (unlikely(Lex->sp_pop_loop_label(thd, &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 32806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 479: /* $@55: %empty */ @@ -32811,13 +32823,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 32815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 480: /* sp_labeled_control: sp_control_label LOOP_SYM $@55 loop_body pop_sp_loop_label */ #line 4691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 32821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32833 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 481: /* $@56: %empty */ @@ -32826,13 +32838,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 32830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 482: /* sp_labeled_control: sp_control_label WHILE_SYM $@56 while_body pop_sp_loop_label */ #line 4698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 32836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 483: /* $@57: %empty */ @@ -32841,7 +32853,7 @@ // See "The FOR LOOP statement" comments in sql_lex.cc Lex->sp_block_init(thd); // The outer DECLARE..BEGIN..END block } -#line 32845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 484: /* $@58: %empty */ @@ -32852,7 +32864,7 @@ if (unlikely(Lex->sp_for_loop_condition_test(thd, (yyvsp[0].for_loop)))) MYSQL_YYABORT; } -#line 32856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 485: /* $@59: %empty */ @@ -32861,7 +32873,7 @@ if (unlikely(Lex->sp_for_loop_finalize(thd, (yyvsp[-2].for_loop)))) MYSQL_YYABORT; } -#line 32865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 486: /* sp_labeled_control: sp_control_label FOR_SYM $@57 sp_for_loop_index_and_bounds $@58 for_loop_statements $@59 pop_sp_loop_label */ @@ -32870,7 +32882,7 @@ if (unlikely(Lex->sp_for_loop_outer_block_finalize(thd, (yyvsp[-4].for_loop)))) MYSQL_YYABORT; } -#line 32874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 487: /* $@60: %empty */ @@ -32879,13 +32891,13 @@ if (unlikely(Lex->sp_push_loop_label(thd, &(yyvsp[-1].lex_str)))) MYSQL_YYABORT; } -#line 32883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 488: /* sp_labeled_control: sp_control_label REPEAT_SYM $@60 repeat_body pop_sp_loop_label */ #line 4727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 32889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 489: /* $@61: %empty */ @@ -32894,7 +32906,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 32898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 490: /* sp_unlabeled_control: LOOP_SYM $@61 loop_body */ @@ -32902,7 +32914,7 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 32906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 491: /* $@62: %empty */ @@ -32911,7 +32923,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 32915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 492: /* sp_unlabeled_control: WHILE_SYM $@62 while_body */ @@ -32919,7 +32931,7 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 32923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 493: /* $@63: %empty */ @@ -32930,7 +32942,7 @@ MYSQL_YYABORT; Lex->sp_block_init(thd); // The outer DECLARE..BEGIN..END block } -#line 32934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 494: /* $@64: %empty */ @@ -32941,7 +32953,7 @@ if (unlikely(Lex->sp_for_loop_condition_test(thd, (yyvsp[0].for_loop)))) MYSQL_YYABORT; } -#line 32945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 495: /* sp_unlabeled_control: FOR_SYM $@63 sp_for_loop_index_and_bounds $@64 for_loop_statements */ @@ -32953,7 +32965,7 @@ if (unlikely(Lex->sp_for_loop_outer_block_finalize(thd, (yyvsp[-2].for_loop)))) MYSQL_YYABORT; } -#line 32957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 496: /* $@65: %empty */ @@ -32962,7 +32974,7 @@ if (unlikely(Lex->sp_push_loop_empty_label(thd))) MYSQL_YYABORT; } -#line 32966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 497: /* sp_unlabeled_control: REPEAT_SYM $@65 repeat_body */ @@ -32970,55 +32982,55 @@ { Lex->sp_pop_loop_empty_label(thd); } -#line 32974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 498: /* trg_action_time: BEFORE_SYM */ #line 4784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.action_time= TRG_ACTION_BEFORE; } -#line 32980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 499: /* trg_action_time: AFTER_SYM */ #line 4786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.action_time= TRG_ACTION_AFTER; } -#line 32986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 32998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 500: /* trg_event: INSERT */ #line 4791 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_INSERT; } -#line 32992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 501: /* trg_event: UPDATE_SYM */ #line 4793 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_UPDATE; } -#line 32998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 502: /* trg_event: DELETE_SYM */ #line 4795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.event= TRG_EVENT_DELETE; } -#line 33004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 503: /* $@66: %empty */ #line 4800 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.option_list= NULL; } -#line 33010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 504: /* create_body: create_field_list_parens $@66 opt_create_table_options opt_create_partitioning opt_create_select */ #line 4801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 505: /* create_body: opt_create_table_options opt_create_partitioning opt_create_select */ #line 4802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 506: /* create_body: create_like */ @@ -33033,25 +33045,25 @@ /* CREATE TABLE ... LIKE is not allowed for views. */ src_table->required_type= TABLE_TYPE_NORMAL; } -#line 33037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 507: /* create_like: LIKE table_ident */ #line 4817 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= (yyvsp[0].table); } -#line 33043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 508: /* create_like: LEFT_PAREN_LIKE LIKE table_ident ')' */ #line 4818 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= (yyvsp[-1].table); } -#line 33049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 509: /* opt_create_select: %empty */ #line 4822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 510: /* opt_create_select: opt_duplicate opt_as create_select_query_expression opt_versioning_option */ @@ -33061,7 +33073,7 @@ if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 33065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 511: /* create_select_query_expression: query_expression */ @@ -33070,7 +33082,7 @@ if (Lex->parsed_insert_select((yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 33074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 512: /* create_select_query_expression: LEFT_PAREN_WITH with_clause query_expression_no_with_clause ')' */ @@ -33082,7 +33094,7 @@ if (Lex->parsed_insert_select(first_select)) MYSQL_YYABORT; } -#line 33086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 513: /* opt_create_partitioning: opt_partitioning */ @@ -33096,13 +33108,13 @@ last_non_sel_table->next_global= 0; Lex->query_tables_last= &last_non_sel_table->next_global; } -#line 33100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 514: /* opt_partitioning: %empty */ #line 4886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 516: /* $@67: %empty */ @@ -33117,7 +33129,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_INFO; } } -#line 33121 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 518: /* have_partitioning: %empty */ @@ -33133,7 +33145,7 @@ "--with-plugin-partition")); #endif } -#line 33137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 519: /* $@68: %empty */ @@ -33151,7 +33163,7 @@ partition info string into part_info data structure. */ } -#line 33155 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 520: /* partition_entry: PARTITION_SYM $@68 partition */ @@ -33159,13 +33171,13 @@ { Lex->pop_select(); //main select } -#line 33163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 521: /* $@69: %empty */ #line 4943 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->safe_to_cache_query= 1; } -#line 33169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 523: /* part_type_def: opt_linear KEY_SYM opt_key_algo '(' part_field_list ')' */ @@ -33176,31 +33188,31 @@ part_info->column_list= FALSE; part_info->part_type= HASH_PARTITION; } -#line 33180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 524: /* $@70: %empty */ #line 4956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= HASH_PARTITION; } -#line 33186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 525: /* part_type_def: opt_linear HASH_SYM $@70 part_func */ #line 4957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 526: /* part_type_def: RANGE_SYM part_func */ #line 4959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= RANGE_PARTITION; } -#line 33198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 527: /* part_type_def: RANGE_SYM part_column_list */ #line 4961 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= RANGE_PARTITION; } -#line 33204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 528: /* $@71: %empty */ @@ -33208,7 +33220,7 @@ { Select->parsing_place= IN_PART_FUNC; } -#line 33212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 529: /* part_type_def: LIST_SYM $@71 part_func */ @@ -33217,13 +33229,13 @@ Lex->part_info->part_type= LIST_PARTITION; Select->parsing_place= NO_MATTER; } -#line 33221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 530: /* part_type_def: LIST_SYM part_column_list */ #line 4972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->part_type= LIST_PARTITION; } -#line 33227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 531: /* $@72: %empty */ @@ -33232,25 +33244,25 @@ if (unlikely(Lex->part_info->vers_init_info(thd))) MYSQL_YYABORT; } -#line 33236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 533: /* opt_linear: %empty */ #line 4982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 534: /* opt_linear: LINEAR_SYM */ #line 4984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->linear_hash_ind= TRUE;} -#line 33248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 535: /* opt_key_algo: %empty */ #line 4989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->key_algorithm= partition_info::KEY_ALGORITHM_NONE;} -#line 33254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 536: /* opt_key_algo: ALGORITHM_SYM '=' real_ulong_num */ @@ -33268,31 +33280,31 @@ MYSQL_YYABORT; } } -#line 33272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 537: /* part_field_list: %empty */ #line 5007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33278 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 538: /* part_field_list: part_field_item_list */ #line 5008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 539: /* part_field_item_list: part_field_item */ #line 5012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 540: /* part_field_item_list: part_field_item_list ',' part_field_item */ #line 5013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 541: /* part_field_item: ident */ @@ -33307,7 +33319,7 @@ my_yyabort_error((ER_TOO_MANY_PARTITION_FUNC_FIELDS_ERROR, MYF(0), "list of partition fields")); } -#line 33311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 542: /* part_column_list: COLUMNS '(' part_field_list ')' */ @@ -33317,7 +33329,7 @@ part_info->column_list= TRUE; part_info->list_of_part_fields= TRUE; } -#line 33321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 543: /* part_func: '(' part_func_expr ')' */ @@ -33329,7 +33341,7 @@ part_info->num_columns= 1; part_info->column_list= FALSE; } -#line 33333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 544: /* sub_part_func: '(' part_func_expr ')' */ @@ -33338,13 +33350,13 @@ if (unlikely(Lex->part_info->set_part_expr(thd, (yyvsp[-1].item), TRUE))) MYSQL_YYABORT; } -#line 33342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 545: /* opt_num_parts: %empty */ #line 5061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 546: /* opt_num_parts: PARTITIONS_SYM real_ulong_num */ @@ -33358,25 +33370,25 @@ part_info->num_parts= num_parts; part_info->use_default_num_partitions= FALSE; } -#line 33362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 547: /* opt_sub_part: %empty */ #line 5075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 548: /* $@73: %empty */ #line 5077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->subpart_type= HASH_PARTITION; } -#line 33374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33386 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 549: /* opt_sub_part: SUBPARTITION_SYM BY opt_linear HASH_SYM sub_part_func $@73 opt_num_subparts */ #line 5078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 550: /* $@74: %empty */ @@ -33386,25 +33398,25 @@ part_info->subpart_type= HASH_PARTITION; part_info->list_of_subpart_fields= TRUE; } -#line 33390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 551: /* opt_sub_part: SUBPARTITION_SYM BY opt_linear KEY_SYM opt_key_algo '(' sub_part_field_list ')' $@74 opt_num_subparts */ #line 5086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 552: /* sub_part_field_list: sub_part_field_item */ #line 5090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 553: /* sub_part_field_list: sub_part_field_list ',' sub_part_field_item */ #line 5091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 554: /* sub_part_field_item: ident */ @@ -33419,7 +33431,7 @@ my_yyabort_error((ER_TOO_MANY_PARTITION_FUNC_FIELDS_ERROR, MYF(0), "list of subpartition fields")); } -#line 33423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 555: /* part_func_expr: bit_expr */ @@ -33432,13 +33444,13 @@ } (yyval.item)=(yyvsp[0].item); } -#line 33436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 556: /* opt_num_subparts: %empty */ #line 5121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 557: /* opt_num_subparts: SUBPARTITIONS_SYM real_ulong_num */ @@ -33451,7 +33463,7 @@ lex->part_info->num_subparts= num_parts; lex->part_info->use_default_num_subpartitions= FALSE; } -#line 33455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 558: /* part_defs: %empty */ @@ -33465,7 +33477,7 @@ my_yyabort_error((ER_PARTITIONS_MUST_BE_DEFINED_ERROR, MYF(0), "LIST")); } -#line 33469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 559: /* part_defs: '(' part_def_list ')' */ @@ -33488,19 +33500,19 @@ } part_info->count_curr_subparts= 0; } -#line 33492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 560: /* part_def_list: part_definition */ #line 5166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 561: /* part_def_list: part_def_list ',' part_definition */ #line 5167 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 564: /* $@75: %empty */ @@ -33520,13 +33532,13 @@ part_info->use_default_partitions= FALSE; part_info->use_default_num_partitions= FALSE; } -#line 33524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 565: /* part_definition: opt_partition $@75 part_name opt_part_values opt_part_options opt_sub_partition */ #line 5196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 566: /* part_name: ident */ @@ -33538,7 +33550,7 @@ MYSQL_YYABORT; p_elem->partition_name= Lex_ident_partition((yyvsp[0].ident_sys)); } -#line 33542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 567: /* opt_part_values: %empty */ @@ -33558,7 +33570,7 @@ else part_info->part_type= HASH_PARTITION; } -#line 33562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 568: /* $@76: %empty */ @@ -33575,13 +33587,13 @@ else part_info->part_type= RANGE_PARTITION; } -#line 33579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33591 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 569: /* opt_part_values: VALUES_LESS_SYM THAN_SYM $@76 part_func_max */ #line 5240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 570: /* $@77: %empty */ @@ -33598,13 +33610,13 @@ else part_info->part_type= LIST_PARTITION; } -#line 33602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 571: /* opt_part_values: VALUES_IN_SYM $@77 part_values_in */ #line 5254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 572: /* opt_part_values: CURRENT_SYM */ @@ -33615,7 +33627,7 @@ MYSQL_YYABORT; #endif } -#line 33619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 573: /* opt_part_values: HISTORY_SYM */ @@ -33626,7 +33638,7 @@ MYSQL_YYABORT; #endif } -#line 33630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 574: /* opt_part_values: DEFAULT */ @@ -33647,7 +33659,7 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 33651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 575: /* part_func_max: MAXVALUE_SYM */ @@ -33669,13 +33681,13 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 33673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 576: /* part_func_max: part_value_item */ #line 5307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 577: /* part_values_in: part_value_item */ @@ -33706,7 +33718,7 @@ MYSQL_YYABORT; } } -#line 33710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 578: /* part_values_in: '(' part_value_list ')' */ @@ -33719,19 +33731,19 @@ MYSQL_YYABORT; } } -#line 33723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 579: /* part_value_list: part_value_item */ #line 5350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 580: /* part_value_list: part_value_list ',' part_value_item */ #line 5351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 581: /* $@78: %empty */ @@ -33745,13 +33757,13 @@ part_info->init_column_part(thd))) MYSQL_YYABORT; } -#line 33749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 582: /* $@79: %empty */ #line 5365 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33767 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 583: /* part_value_item: '(' $@78 part_value_item_list $@79 ')' */ @@ -33776,19 +33788,19 @@ } part_info->curr_list_object= 0; } -#line 33780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 584: /* part_value_item_list: part_value_expr_item */ #line 5390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 585: /* part_value_item_list: part_value_item_list ',' part_value_expr_item */ #line 5391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33792 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 586: /* part_value_expr_item: MAXVALUE_SYM */ @@ -33803,7 +33815,7 @@ if (unlikely(part_info->add_max_value(thd))) MYSQL_YYABORT; } -#line 33807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 587: /* part_value_expr_item: bit_expr */ @@ -33821,7 +33833,7 @@ if (unlikely(part_info->add_column_list_value(thd, part_expr))) MYSQL_YYABORT; } -#line 33825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 588: /* opt_sub_partition: %empty */ @@ -33839,7 +33851,7 @@ MYSQL_YYABORT; } } -#line 33843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 589: /* opt_sub_partition: '(' sub_part_list ')' */ @@ -33866,19 +33878,19 @@ } part_info->count_curr_subparts= 0; } -#line 33870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 590: /* sub_part_list: sub_part_definition */ #line 5464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 591: /* sub_part_list: sub_part_list ',' sub_part_definition */ #line 5465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 592: /* $@80: %empty */ @@ -33915,13 +33927,13 @@ part_info->use_default_num_subpartitions= FALSE; part_info->count_curr_subparts++; } -#line 33919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 593: /* sub_part_definition: SUBPARTITION_SYM $@80 sub_name opt_subpart_options */ #line 5502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 594: /* sub_name: ident_or_text */ @@ -33932,37 +33944,37 @@ Lex->part_info->curr_part_elem->partition_name= Lex_ident_partition((yyvsp[0].lex_str)); } -#line 33936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 595: /* opt_part_options: %empty */ #line 5516 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 596: /* opt_part_options: part_option_list */ #line 5517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 597: /* part_option_list: part_option_list part_option */ #line 5521 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 598: /* part_option_list: part_option */ #line 5522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 599: /* part_option: server_part_option */ #line 5526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 600: /* part_option: engine_defined_option */ @@ -33971,37 +33983,37 @@ (yyvsp[0].engine_option_value_ptr)->link(&Lex->part_info->curr_part_elem->option_list, &Lex->option_list_last); } -#line 33975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 601: /* opt_subpart_options: %empty */ #line 5535 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 602: /* opt_subpart_options: subpart_option_list */ #line 5536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 33999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 603: /* subpart_option_list: subpart_option_list server_part_option */ #line 5540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 604: /* subpart_option_list: server_part_option */ #line 5541 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 33999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 605: /* server_part_option: TABLESPACE opt_equal ident_or_text */ #line 5546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Compatibility with MySQL */ } -#line 34005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 606: /* server_part_option: opt_storage ENGINE_SYM opt_equal storage_engines */ @@ -34011,7 +34023,7 @@ part_info->curr_part_elem->engine_type= (yyvsp[0].db_type); part_info->default_engine_type= (yyvsp[0].db_type); } -#line 34015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 607: /* server_part_option: CONNECTION_SYM opt_equal TEXT_STRING_sys */ @@ -34021,55 +34033,55 @@ lex->part_info->curr_part_elem->connect_string.str= (yyvsp[0].lex_str).str; lex->part_info->curr_part_elem->connect_string.length= (yyvsp[0].lex_str).length; } -#line 34025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 608: /* server_part_option: NODEGROUP_SYM opt_equal real_ulong_num */ #line 5560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->nodegroup_id= (uint16) (yyvsp[0].ulong_num); } -#line 34031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 609: /* server_part_option: MAX_ROWS opt_equal real_ulonglong_num */ #line 5562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_max_rows= (ha_rows) (yyvsp[0].ulonglong_number); } -#line 34037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 610: /* server_part_option: MIN_ROWS opt_equal real_ulonglong_num */ #line 5564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_min_rows= (ha_rows) (yyvsp[0].ulonglong_number); } -#line 34043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 611: /* server_part_option: DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ #line 5566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->data_file_name= (yyvsp[0].lex_str).str; } -#line 34049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 612: /* server_part_option: INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ #line 5568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->index_file_name= (yyvsp[0].lex_str).str; } -#line 34055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 613: /* server_part_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ #line 5570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->part_info->curr_part_elem->part_comment= (yyvsp[0].lex_str).str; } -#line 34061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 614: /* opt_versioning_rotation: %empty */ #line 5574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 615: /* $@81: %empty */ #line 5575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "INTERVAL"; } -#line 34073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 616: /* opt_versioning_rotation: $@81 INTERVAL_SYM expr interval opt_versioning_interval_start opt_vers_auto_part */ @@ -34081,7 +34093,7 @@ table_name))) MYSQL_YYABORT; } -#line 34085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 617: /* opt_versioning_rotation: LIMIT ulonglong_num opt_vers_auto_part */ @@ -34092,7 +34104,7 @@ if (unlikely(part_info->vers_set_limit((yyvsp[-1].ulonglong_number), (yyvsp[0].num), table_name))) MYSQL_YYABORT; } -#line 34096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 618: /* opt_versioning_interval_start: %empty */ @@ -34100,7 +34112,7 @@ { (yyval.item)= NULL; } -#line 34104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 619: /* opt_versioning_interval_start: STARTS_SYM literal */ @@ -34108,7 +34120,7 @@ { (yyval.item)= (yyvsp[0].item); } -#line 34112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 620: /* opt_vers_auto_part: %empty */ @@ -34116,7 +34128,7 @@ { (yyval.num)= 0; } -#line 34120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 621: /* opt_vers_auto_part: AUTO_SYM */ @@ -34124,55 +34136,55 @@ { (yyval.num)= 1; } -#line 34128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 622: /* opt_as: %empty */ #line 5620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 623: /* opt_as: AS */ #line 5621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 624: /* opt_create_database_options: %empty */ #line 5625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 625: /* opt_create_database_options: create_database_options */ #line 5626 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 626: /* create_database_options: create_database_option */ #line 5630 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 627: /* create_database_options: create_database_options create_database_option */ #line 5631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 628: /* create_database_option: default_collation */ #line 5635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 629: /* create_database_option: default_charset */ #line 5636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 34176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 630: /* create_database_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ @@ -34181,7 +34193,7 @@ Lex->create_info.schema_comment= thd->make_clex_string((yyvsp[0].lex_str)); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 34185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 631: /* opt_if_not_exists_table_element: %empty */ @@ -34189,7 +34201,7 @@ { Lex->check_exists= FALSE; } -#line 34193 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34205 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 632: /* opt_if_not_exists_table_element: IF_SYM not EXISTS */ @@ -34197,7 +34209,7 @@ { Lex->check_exists= TRUE; } -#line 34201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 633: /* opt_if_not_exists: %empty */ @@ -34205,7 +34217,7 @@ { (yyval.object_ddl_options).init(); } -#line 34209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 634: /* opt_if_not_exists: IF_SYM not EXISTS */ @@ -34213,7 +34225,7 @@ { (yyval.object_ddl_options).set(DDL_options_st::OPT_IF_NOT_EXISTS); } -#line 34217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 635: /* create_or_replace: CREATE */ @@ -34221,7 +34233,7 @@ { (yyval.object_ddl_options).init(); } -#line 34225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 636: /* create_or_replace: CREATE OR_SYM REPLACE */ @@ -34229,7 +34241,7 @@ { (yyval.object_ddl_options).set(DDL_options_st::OPT_OR_REPLACE); } -#line 34233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 644: /* create_table_option: ENGINE_SYM opt_equal ident_or_text */ @@ -34248,7 +34260,7 @@ *opt= Storage_engine_name((yyvsp[0].lex_str)); lex->create_info.used_fields|= HA_CREATE_USED_ENGINE; } -#line 34252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 645: /* create_table_option: MAX_ROWS opt_equal ulonglong_num */ @@ -34257,7 +34269,7 @@ Lex->create_info.max_rows= (yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_MAX_ROWS; } -#line 34261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 646: /* create_table_option: MIN_ROWS opt_equal ulonglong_num */ @@ -34266,7 +34278,7 @@ Lex->create_info.min_rows= (yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_MIN_ROWS; } -#line 34270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 647: /* create_table_option: AVG_ROW_LENGTH opt_equal ulong_num */ @@ -34275,7 +34287,7 @@ Lex->create_info.avg_row_length=(yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_AVG_ROW_LENGTH; } -#line 34279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 648: /* create_table_option: PASSWORD_SYM opt_equal TEXT_STRING_sys */ @@ -34284,7 +34296,7 @@ Lex->create_info.password=(yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_PASSWORD; } -#line 34288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 649: /* create_table_option: COMMENT_SYM opt_equal TEXT_STRING_sys */ @@ -34293,7 +34305,7 @@ Lex->create_info.comment=(yyvsp[0].lex_str); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 34297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 650: /* create_table_option: AUTO_INC opt_equal ulonglong_num */ @@ -34302,7 +34314,7 @@ Lex->create_info.auto_increment_value=(yyvsp[0].ulonglong_number); Lex->create_info.used_fields|= HA_CREATE_USED_AUTO; } -#line 34306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 651: /* create_table_option: PACK_KEYS_SYM opt_equal ulong_num */ @@ -34321,7 +34333,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS; } -#line 34325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 652: /* create_table_option: PACK_KEYS_SYM opt_equal DEFAULT */ @@ -34331,7 +34343,7 @@ ~(HA_OPTION_PACK_KEYS | HA_OPTION_NO_PACK_KEYS); Lex->create_info.used_fields|= HA_CREATE_USED_PACK_KEYS; } -#line 34335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 653: /* create_table_option: STATS_AUTO_RECALC_SYM opt_equal ulong_num */ @@ -34350,7 +34362,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_STATS_AUTO_RECALC; } -#line 34354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 654: /* create_table_option: STATS_AUTO_RECALC_SYM opt_equal DEFAULT */ @@ -34359,7 +34371,7 @@ Lex->create_info.stats_auto_recalc= HA_STATS_AUTO_RECALC_DEFAULT; Lex->create_info.used_fields|= HA_CREATE_USED_STATS_AUTO_RECALC; } -#line 34363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 655: /* create_table_option: STATS_PERSISTENT_SYM opt_equal ulong_num */ @@ -34378,7 +34390,7 @@ } Lex->create_info.used_fields|= HA_CREATE_USED_STATS_PERSISTENT; } -#line 34382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34394 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 656: /* create_table_option: STATS_PERSISTENT_SYM opt_equal DEFAULT */ @@ -34388,7 +34400,7 @@ ~(HA_OPTION_STATS_PERSISTENT | HA_OPTION_NO_STATS_PERSISTENT); Lex->create_info.used_fields|= HA_CREATE_USED_STATS_PERSISTENT; } -#line 34392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 657: /* create_table_option: STATS_SAMPLE_PAGES_SYM opt_equal ulong_num */ @@ -34410,7 +34422,7 @@ Lex->create_info.stats_sample_pages=(yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_STATS_SAMPLE_PAGES; } -#line 34414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 658: /* create_table_option: STATS_SAMPLE_PAGES_SYM opt_equal DEFAULT */ @@ -34419,7 +34431,7 @@ Lex->create_info.stats_sample_pages=0; Lex->create_info.used_fields|= HA_CREATE_USED_STATS_SAMPLE_PAGES; } -#line 34423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 659: /* create_table_option: CHECKSUM_SYM opt_equal ulong_num */ @@ -34428,7 +34440,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM; Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM; } -#line 34432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 660: /* create_table_option: TABLE_CHECKSUM_SYM opt_equal ulong_num */ @@ -34437,7 +34449,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_CHECKSUM : HA_OPTION_NO_CHECKSUM; Lex->create_info.used_fields|= HA_CREATE_USED_CHECKSUM; } -#line 34441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 661: /* create_table_option: PAGE_CHECKSUM_SYM opt_equal choice */ @@ -34446,7 +34458,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_PAGE_CHECKSUM; Lex->create_info.page_checksum= (yyvsp[0].choice); } -#line 34450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 662: /* create_table_option: DELAY_KEY_WRITE_SYM opt_equal ulong_num */ @@ -34455,7 +34467,7 @@ Lex->create_info.table_options|= (yyvsp[0].ulong_num) ? HA_OPTION_DELAY_KEY_WRITE : HA_OPTION_NO_DELAY_KEY_WRITE; Lex->create_info.used_fields|= HA_CREATE_USED_DELAY_KEY_WRITE; } -#line 34459 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 663: /* create_table_option: ROW_FORMAT_SYM opt_equal row_types */ @@ -34464,7 +34476,7 @@ Lex->create_info.row_type= (yyvsp[0].row_type); Lex->create_info.used_fields|= HA_CREATE_USED_ROW_FORMAT; } -#line 34468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 664: /* $@82: %empty */ @@ -34472,7 +34484,7 @@ { Lex->first_select_lex()->table_list.save_and_clear(&Lex->save_list); } -#line 34476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 665: /* create_table_option: UNION_SYM opt_equal $@82 '(' opt_table_list ')' */ @@ -34498,7 +34510,7 @@ lex->create_info.used_fields|= HA_CREATE_USED_UNION; } -#line 34502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 668: /* create_table_option: INSERT_METHOD opt_equal merge_insert_types */ @@ -34507,7 +34519,7 @@ Lex->create_info.merge_insert_method= (yyvsp[0].ulong_num); Lex->create_info.used_fields|= HA_CREATE_USED_INSERT_METHOD; } -#line 34511 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34523 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 669: /* create_table_option: DATA_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ @@ -34516,7 +34528,7 @@ Lex->create_info.data_file_name= (yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_DATADIR; } -#line 34520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34532 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 670: /* create_table_option: INDEX_SYM DIRECTORY_SYM opt_equal TEXT_STRING_sys */ @@ -34525,25 +34537,25 @@ Lex->create_info.index_file_name= (yyvsp[0].lex_str).str; Lex->create_info.used_fields|= HA_CREATE_USED_INDEXDIR; } -#line 34529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 671: /* create_table_option: TABLESPACE ident */ #line 5893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Compatiblity with MySQL */ } -#line 34535 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 672: /* create_table_option: STORAGE_SYM DISK_SYM */ #line 5895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {Lex->create_info.storage_media= HA_SM_DISK;} -#line 34541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 673: /* create_table_option: STORAGE_SYM MEMORY_SYM */ #line 5897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {Lex->create_info.storage_media= HA_SM_MEMORY;} -#line 34547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 674: /* create_table_option: CONNECTION_SYM opt_equal TEXT_STRING_sys */ @@ -34553,7 +34565,7 @@ Lex->create_info.connect_string.length= (yyvsp[0].lex_str).length; Lex->create_info.used_fields|= HA_CREATE_USED_CONNECTION; } -#line 34557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 675: /* create_table_option: KEY_BLOCK_SIZE opt_equal ulong_num */ @@ -34562,7 +34574,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_KEY_BLOCK_SIZE; Lex->create_info.key_block_size= (yyvsp[0].ulong_num); } -#line 34566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 676: /* create_table_option: TRANSACTIONAL_SYM opt_equal choice */ @@ -34571,7 +34583,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_TRANSACTIONAL; Lex->create_info.transactional= (yyvsp[0].choice); } -#line 34575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 677: /* create_table_option: engine_defined_option */ @@ -34579,7 +34591,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->create_info.option_list, &Lex->option_list_last); } -#line 34583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 678: /* create_table_option: SEQUENCE_SYM opt_equal choice */ @@ -34588,7 +34600,7 @@ Lex->create_info.used_fields|= HA_CREATE_USED_SEQUENCE; Lex->create_info.sequence= ((yyvsp[0].choice) == HA_CHOICE_YES); } -#line 34592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 680: /* engine_defined_option: ident_options equal TEXT_STRING_sys */ @@ -34601,7 +34613,7 @@ engine_option_value::Value((yyvsp[0].lex_str)), true); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 34605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 681: /* engine_defined_option: ident_options equal ident */ @@ -34614,7 +34626,7 @@ engine_option_value::Value((yyvsp[0].ident_sys)), false); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 34618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 682: /* engine_defined_option: ident_options equal real_ulonglong_num */ @@ -34625,7 +34637,7 @@ (yyvsp[0].ulonglong_number), thd->mem_root); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 34629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 683: /* engine_defined_option: ident_options equal DEFAULT */ @@ -34635,7 +34647,7 @@ engine_option_value::Name((yyvsp[-2].ident_sys))); MYSQL_YYABORT_UNLESS((yyval.engine_option_value_ptr)); } -#line 34639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 685: /* ident_options: keyword_options */ @@ -34644,7 +34656,7 @@ if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 34648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 690: /* versioning_option: WITH_SYSTEM_SYM VERSIONING_SYM */ @@ -34664,7 +34676,7 @@ Lex->create_info.options|= HA_VERSIONED_TABLE; } } -#line 34668 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 691: /* default_charset: opt_default charset opt_equal charset_name_or_default */ @@ -34674,7 +34686,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].charset)))) MYSQL_YYABORT; } -#line 34678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 692: /* default_collation: opt_default COLLATE_SYM opt_equal collation_name_or_default */ @@ -34685,7 +34697,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].Lex_extended_collation)))) MYSQL_YYABORT; } -#line 34689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 693: /* storage_engines: ident_or_text */ @@ -34696,7 +34708,7 @@ thd->lex->create_info.tmp_table())) MYSQL_YYABORT; } -#line 34700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 694: /* known_storage_engines: ident_or_text */ @@ -34708,91 +34720,91 @@ else my_yyabort_error((ER_UNKNOWN_STORAGE_ENGINE, MYF(0), (yyvsp[0].lex_str).str)); } -#line 34712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 695: /* row_types: DEFAULT */ #line 6042 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_DEFAULT; } -#line 34718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 696: /* row_types: FIXED_SYM */ #line 6043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_FIXED; } -#line 34724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 697: /* row_types: DYNAMIC_SYM */ #line 6044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_DYNAMIC; } -#line 34730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 698: /* row_types: COMPRESSED_SYM */ #line 6045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_COMPRESSED; } -#line 34736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 699: /* row_types: REDUNDANT_SYM */ #line 6046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_REDUNDANT; } -#line 34742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 700: /* row_types: COMPACT_SYM */ #line 6047 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_COMPACT; } -#line 34748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 701: /* row_types: PAGE_SYM */ #line 6048 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.row_type)= ROW_TYPE_PAGE; } -#line 34754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 702: /* merge_insert_types: NO_SYM */ #line 6052 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_DISABLED; } -#line 34760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 703: /* merge_insert_types: FIRST_SYM */ #line 6053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_TO_FIRST; } -#line 34766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 704: /* merge_insert_types: LAST_SYM */ #line 6054 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= MERGE_INSERT_TO_LAST; } -#line 34772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 705: /* udf_type: STRING_SYM */ #line 6058 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) STRING_RESULT; } -#line 34778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 706: /* udf_type: REAL */ #line 6059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) REAL_RESULT; } -#line 34784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 707: /* udf_type: DECIMAL_SYM */ #line 6060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) DECIMAL_RESULT; } -#line 34790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 708: /* udf_type: INT_SYM */ #line 6061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num) = (int) INT_RESULT; } -#line 34796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 709: /* create_field_list: field_list */ @@ -34800,7 +34812,7 @@ { Lex->create_last_non_select_table= Lex->last_table(); } -#line 34804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 710: /* create_field_list_parens: LEFT_PAREN_ALT field_list ')' */ @@ -34808,25 +34820,25 @@ { Lex->create_last_non_select_table= Lex->last_table(); } -#line 34812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 713: /* field_list_item: column_def */ #line 6085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 717: /* field_list_item: PERIOD_SYM period_for_application_time */ #line 6089 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 718: /* column_def: field_spec */ #line 6094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.create_field)= (yyvsp[0].create_field); } -#line 34830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 719: /* column_def: field_spec opt_constraint references */ @@ -34837,7 +34849,7 @@ MYSQL_YYABORT; (yyval.create_field)= (yyvsp[-2].create_field); } -#line 34841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 720: /* $@83: %empty */ @@ -34847,13 +34859,13 @@ if (unlikely(Lex->add_key(Key::MULTIPLE, &(yyvsp[-1].lex_str), (yyvsp[0].key_alg), (yyvsp[-2].object_ddl_options)))) MYSQL_YYABORT; } -#line 34851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 721: /* key_def: key_or_index opt_if_not_exists opt_ident opt_USING_key_algorithm $@83 '(' key_list ')' normal_key_options */ #line 6111 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 722: /* $@84: %empty */ @@ -34863,13 +34875,13 @@ if (unlikely(Lex->add_key(Key::MULTIPLE, &(yyvsp[-2].ident_sys), (yyvsp[0].key_alg), (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 34867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 723: /* key_def: key_or_index opt_if_not_exists ident TYPE_SYM btree_or_rtree $@84 '(' key_list ')' normal_key_options */ #line 6118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 724: /* $@85: %empty */ @@ -34879,13 +34891,13 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), &(yyvsp[0].lex_str), HA_KEY_ALG_UNDEF, (yyvsp[-1].object_ddl_options)))) MYSQL_YYABORT; } -#line 34883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 725: /* key_def: fulltext opt_key_or_index opt_if_not_exists opt_ident $@85 '(' key_list ')' fulltext_key_options */ #line 6125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 726: /* $@86: %empty */ @@ -34895,7 +34907,7 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), &(yyvsp[0].lex_str), HA_KEY_ALG_UNDEF, (yyvsp[-1].object_ddl_options)))) MYSQL_YYABORT; } -#line 34899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 727: /* key_def: spatial_or_vector opt_key_or_index opt_if_not_exists opt_ident $@86 '(' key_part_simple ')' spatial_key_options */ @@ -34903,7 +34915,7 @@ { Lex->last_key->columns.push_back((yyvsp[-2].key_part), thd->mem_root); } -#line 34907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 728: /* $@87: %empty */ @@ -34913,13 +34925,13 @@ if (unlikely(Lex->add_key((yyvsp[-3].key_type), (yyvsp[-1].lex_str).str ? &(yyvsp[-1].lex_str) : &(yyvsp[-4].lex_str), (yyvsp[0].key_alg), (yyvsp[-2].object_ddl_options)))) MYSQL_YYABORT; } -#line 34917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 729: /* key_def: opt_constraint constraint_key_type opt_if_not_exists opt_ident opt_USING_key_algorithm $@87 '(' key_list opt_without_overlaps ')' normal_key_options */ #line 6144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 730: /* $@88: %empty */ @@ -34929,13 +34941,13 @@ if (unlikely(Lex->add_key((yyvsp[-4].key_type), (yyvsp[-2].ident_sys).str ? &(yyvsp[-2].ident_sys) : &(yyvsp[-5].lex_str), (yyvsp[0].key_alg), (yyvsp[-3].object_ddl_options)))) MYSQL_YYABORT; } -#line 34933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 731: /* key_def: opt_constraint constraint_key_type opt_if_not_exists ident TYPE_SYM btree_or_rtree $@88 '(' key_list opt_without_overlaps ')' normal_key_options */ #line 6152 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 34939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 732: /* $@89: %empty */ @@ -34949,7 +34961,7 @@ MYSQL_YYABORT; Lex->option_list= NULL; } -#line 34953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 733: /* key_def: opt_constraint FOREIGN KEY_SYM opt_if_not_exists opt_ident $@89 '(' key_list ')' references */ @@ -34959,7 +34971,7 @@ (yyvsp[-9].lex_str).str ? &(yyvsp[-9].lex_str) : &(yyvsp[-5].lex_str), (yyvsp[0].table), (yyvsp[-6].object_ddl_options)))) MYSQL_YYABORT; } -#line 34963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 734: /* constraint_def: opt_constraint check_constraint */ @@ -34967,7 +34979,7 @@ { Lex->add_constraint((yyvsp[-1].lex_str), (yyvsp[0].virtual_column), FALSE); } -#line 34971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 735: /* period_for_system_time: PERIOD_SYM FOR_SYSTEM_TIME_SYM '(' ident ',' ident ')' */ @@ -34976,7 +34988,7 @@ Vers_parse_info &info= Lex->vers_get_info(); info.set_period(Lex_ident_column((yyvsp[-3].ident_sys)), Lex_ident_column((yyvsp[-1].ident_sys))); } -#line 34980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 34992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 736: /* period_for_application_time: FOR_SYM ident '(' ident ',' ident ')' */ @@ -34985,25 +34997,25 @@ if (Lex->add_period(Lex_ident_column((yyvsp[-5].ident_sys)), (yyvsp[-3].ident_sys), (yyvsp[-1].ident_sys))) MYSQL_YYABORT; } -#line 34989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 737: /* opt_check_constraint: %empty */ #line 6196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.virtual_column)= (Virtual_column_info*) 0; } -#line 34995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 738: /* opt_check_constraint: check_constraint */ #line 6197 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.virtual_column)= (yyvsp[0].virtual_column);} -#line 35001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 739: /* $@90: %empty */ #line 6202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "CHECK"; } -#line 35007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 740: /* check_constraint: CHECK_SYM '(' $@90 expr ')' */ @@ -35015,37 +35027,37 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 35019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 741: /* opt_constraint_no_id: %empty */ #line 6214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 742: /* opt_constraint_no_id: CONSTRAINT */ #line 6215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 743: /* opt_constraint: %empty */ #line 6219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 35037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 744: /* opt_constraint: constraint */ #line 6220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 35043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 745: /* constraint: CONSTRAINT opt_ident */ #line 6224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 35049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 746: /* @91: %empty */ @@ -35065,7 +35077,7 @@ (yyval.create_field)= f; lex->parsing_options.lookup_keywords_after_qualifier= true; } -#line 35069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 747: /* field_spec: field_ident @91 field_type_or_serial opt_check_constraint */ @@ -35088,7 +35100,7 @@ else if ((yyval.create_field)->flags & UNIQUE_KEY_FLAG) lex->add_key_to_list(&(yyvsp[-3].lex_str), Key::UNIQUE, lex->check_exists); } -#line 35092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 748: /* $@92: %empty */ @@ -35097,7 +35109,7 @@ Lex->last_field->set_attributes(thd, (yyvsp[0].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); } -#line 35101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 749: /* field_type_or_serial: qualified_field_type $@92 field_def */ @@ -35111,7 +35123,7 @@ thd, thd->variables.character_set_collations, tmp); } -#line 35115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 750: /* $@93: %empty */ @@ -35122,49 +35134,49 @@ | UNSIGNED_FLAG | UNIQUE_KEY_FLAG; Lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 35126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 752: /* opt_serial_attribute: %empty */ #line 6292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 753: /* opt_serial_attribute: opt_serial_attribute_list */ #line 6293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 754: /* opt_serial_attribute_list: opt_serial_attribute_list serial_attribute */ #line 6297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 756: /* opt_asrow_attribute: %empty */ #line 6302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 757: /* opt_asrow_attribute: opt_asrow_attribute_list */ #line 6303 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 758: /* opt_asrow_attribute_list: opt_asrow_attribute_list asrow_attribute */ #line 6307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 760: /* field_def: %empty */ #line 6312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 35168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 762: /* $@94: %empty */ @@ -35172,7 +35184,7 @@ { Lex->last_field->vcol_info= (yyvsp[0].virtual_column); } -#line 35176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 763: /* field_def: opt_generated_always AS virtual_column_func $@94 vcol_opt_specifier vcol_opt_attribute */ @@ -35180,7 +35192,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 35184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 764: /* field_def: opt_generated_always AS ROW_SYM START_SYM opt_asrow_attribute */ @@ -35190,7 +35202,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 35194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 765: /* field_def: opt_generated_always AS ROW_SYM END opt_asrow_attribute */ @@ -35200,19 +35212,19 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 35204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 766: /* opt_generated_always: %empty */ #line 6337 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 767: /* opt_generated_always: GENERATED_SYM ALWAYS_SYM */ #line 6338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 768: /* vcol_opt_specifier: %empty */ @@ -35220,7 +35232,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_VIRTUAL); } -#line 35224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 769: /* vcol_opt_specifier: VIRTUAL_SYM */ @@ -35228,7 +35240,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_VIRTUAL); } -#line 35232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 770: /* vcol_opt_specifier: PERSISTENT_SYM */ @@ -35236,7 +35248,7 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_STORED); } -#line 35240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 771: /* vcol_opt_specifier: STORED_SYM */ @@ -35244,25 +35256,25 @@ { Lex->last_field->vcol_info->set_vcol_type(VCOL_GENERATED_STORED); } -#line 35248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 772: /* vcol_opt_attribute: %empty */ #line 6361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 773: /* vcol_opt_attribute: vcol_opt_attribute_list */ #line 6362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 774: /* vcol_opt_attribute_list: vcol_opt_attribute_list vcol_attribute */ #line 6366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35278 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 776: /* vcol_attribute: UNIQUE_SYM */ @@ -35272,7 +35284,7 @@ lex->last_field->flags|= UNIQUE_KEY_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 35276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 777: /* vcol_attribute: UNIQUE_SYM KEY_SYM */ @@ -35282,13 +35294,13 @@ lex->last_field->flags|= UNIQUE_KEY_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 35286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 778: /* vcol_attribute: COMMENT_SYM TEXT_STRING_sys */ #line 6383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->comment= (yyvsp[0].lex_str); } -#line 35292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 779: /* vcol_attribute: INVISIBLE_SYM */ @@ -35296,7 +35308,7 @@ { Lex->last_field->invisible= INVISIBLE_USER; } -#line 35300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 780: /* $@95: %empty */ @@ -35311,7 +35323,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 35315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 781: /* parse_vcol_expr: PARSE_VCOL_EXPR_SYM $@95 expr */ @@ -35323,7 +35335,7 @@ Lex->last_field->vcol_info= v; Lex->pop_select(); //main select } -#line 35327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 783: /* parenthesized_expr: expr ',' expr_list */ @@ -35334,7 +35346,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 35338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 784: /* virtual_column_func: '(' parenthesized_expr ')' */ @@ -35346,7 +35358,7 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 35350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 785: /* virtual_column_func: subquery */ @@ -35360,7 +35372,7 @@ MYSQL_YYABORT; (yyval.virtual_column)= v; } -#line 35364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 789: /* column_default_expr: expr_or_literal */ @@ -35369,7 +35381,7 @@ if (unlikely(!((yyval.virtual_column)= add_virtual_expression(thd, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 35373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 790: /* field_type: field_type_all */ @@ -35377,7 +35389,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 35381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 791: /* qualified_field_type: field_type_all */ @@ -35385,7 +35397,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 35389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 792: /* qualified_field_type: sp_decl_ident '.' field_type_all */ @@ -35394,25 +35406,25 @@ if (Lex->map_data_type((yyvsp[-2].ident_sys), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 35398 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 793: /* udt_name: IDENT_sys */ #line 6474 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 35404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 794: /* udt_name: reserved_keyword_udt */ #line 6475 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].kwd); } -#line 35410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 795: /* udt_name: non_reserved_keyword_udt */ #line 6476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].kwd); } -#line 35416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 802: /* field_type_all: udt_name float_options srid_option */ @@ -35421,7 +35433,7 @@ if (Lex->set_field_type_udt(&(yyval.Lex_field_type), (yyvsp[-2].lex_str), (yyvsp[-1].Lex_length_and_dec))) MYSQL_YYABORT; } -#line 35425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 803: /* field_type_all_with_record: field_type_all_builtin */ @@ -35429,7 +35441,7 @@ { Lex->map_data_type(Lex_ident_sys(), &((yyval.Lex_field_type)= (yyvsp[0].Lex_field_type))); } -#line 35433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 804: /* field_type_all_with_record: udt_name float_options srid_option */ @@ -35450,7 +35462,7 @@ Lex->last_field->set_attr_const_void_ptr(0, sprec); } } -#line 35454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 805: /* field_type_numeric: int_type opt_field_length last_field_options */ @@ -35458,13 +35470,13 @@ { (yyval.Lex_field_type).set_handler_length_flags((yyvsp[-2].type_handler), (yyvsp[-1].Lex_length_and_dec), (uint32) (yyvsp[0].ulong_num)); } -#line 35462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 806: /* field_type_numeric: real_type opt_precision last_field_options */ #line 6525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set((yyvsp[-2].type_handler), (yyvsp[-1].Lex_length_and_dec)); } -#line 35468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 807: /* field_type_numeric: FLOAT_SYM float_options last_field_options */ @@ -35482,7 +35494,7 @@ (yyval.Lex_field_type).set(&type_handler_float); } } -#line 35486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 808: /* field_type_numeric: BIT_SYM opt_field_length */ @@ -35490,7 +35502,7 @@ { (yyval.Lex_field_type).set(&type_handler_bit, (yyvsp[0].Lex_length_and_dec)); } -#line 35494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 809: /* field_type_numeric: BOOL_SYM */ @@ -35498,7 +35510,7 @@ { (yyval.Lex_field_type).set_handler_length(&type_handler_stiny, 1); } -#line 35502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 810: /* field_type_numeric: BOOLEAN_SYM */ @@ -35506,13 +35518,13 @@ { (yyval.Lex_field_type).set_handler_length(&type_handler_stiny, 1); } -#line 35510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 811: /* field_type_numeric: DECIMAL_SYM float_options last_field_options */ #line 6553 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 35516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 812: /* field_type_numeric: NUMBER_ORACLE_SYM float_options last_field_options */ @@ -35523,37 +35535,37 @@ else (yyval.Lex_field_type).set(&type_handler_double); } -#line 35527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 813: /* field_type_numeric: NUMERIC_SYM float_options last_field_options */ #line 6562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 35533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 814: /* field_type_numeric: FIXED_SYM float_options last_field_options */ #line 6564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdecimal, (yyvsp[-1].Lex_length_and_dec));} -#line 35539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 815: /* opt_binary_and_compression: %empty */ #line 6569 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 35545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 816: /* opt_binary_and_compression: binary */ #line 6570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs)= (yyvsp[0].Lex_exact_charset_extended_collation_attrs); } -#line 35551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 817: /* opt_binary_and_compression: compressed opt_binary */ #line 6571 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs)= (yyvsp[0].Lex_exact_charset_extended_collation_attrs); } -#line 35557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 818: /* field_type_string: char opt_field_length opt_binary */ @@ -35561,7 +35573,7 @@ { (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 819: /* field_type_string: nchar opt_field_length opt_bin_mod */ @@ -35570,7 +35582,7 @@ (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[-1].Lex_length_and_dec), Lex_exact_charset_extended_collation_attrs::national((yyvsp[0].num))); } -#line 35574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 820: /* field_type_string: BINARY opt_field_length */ @@ -35578,7 +35590,7 @@ { (yyval.Lex_field_type).set(&type_handler_string, (yyvsp[0].Lex_length_and_dec), &my_charset_bin); } -#line 35582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 821: /* field_type_string: varchar opt_field_length opt_binary_and_compression */ @@ -35586,7 +35598,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 822: /* field_type_string: VARCHAR2_ORACLE_SYM opt_field_length opt_binary_and_compression */ @@ -35594,7 +35606,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 823: /* field_type_string: nvarchar opt_field_length opt_compressed opt_bin_mod */ @@ -35603,7 +35615,7 @@ (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-2].Lex_length_and_dec), Lex_exact_charset_extended_collation_attrs::national((yyvsp[0].num))); } -#line 35607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 824: /* field_type_string: VARBINARY opt_field_length opt_compressed */ @@ -35611,7 +35623,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 35615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 825: /* field_type_string: RAW_ORACLE_SYM opt_field_length opt_compressed */ @@ -35619,7 +35631,7 @@ { (yyval.Lex_field_type).set(&type_handler_varchar, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 35623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 826: /* field_type_temporal: YEAR_SYM opt_field_length last_field_options */ @@ -35636,13 +35648,13 @@ } (yyval.Lex_field_type).set(&type_handler_year, (yyvsp[-1].Lex_length_and_dec)); } -#line 35640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 827: /* field_type_temporal: DATE_SYM */ #line 6625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_newdate); } -#line 35646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 828: /* field_type_temporal: TIME_SYM opt_field_length */ @@ -35653,7 +35665,7 @@ static_cast(&type_handler_time), (yyvsp[0].Lex_length_and_dec)); } -#line 35657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 829: /* field_type_temporal: TIMESTAMP opt_field_length */ @@ -35664,7 +35676,7 @@ static_cast(&type_handler_timestamp), (yyvsp[0].Lex_length_and_dec)); } -#line 35668 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 830: /* field_type_temporal: DATETIME opt_field_length */ @@ -35672,7 +35684,7 @@ { (yyval.Lex_field_type).set(thd->type_handler_for_datetime(), (yyvsp[0].Lex_length_and_dec)); } -#line 35676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 831: /* field_type_lob: TINYBLOB opt_compressed */ @@ -35680,7 +35692,7 @@ { (yyval.Lex_field_type).set(&type_handler_tiny_blob, &my_charset_bin); } -#line 35684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 832: /* field_type_lob: BLOB_MARIADB_SYM opt_field_length opt_compressed */ @@ -35688,7 +35700,7 @@ { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 35692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 833: /* field_type_lob: BLOB_ORACLE_SYM field_length opt_compressed */ @@ -35696,7 +35708,7 @@ { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), &my_charset_bin); } -#line 35700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 834: /* field_type_lob: BLOB_ORACLE_SYM opt_compressed */ @@ -35704,7 +35716,7 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob, &my_charset_bin); } -#line 35708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 835: /* field_type_lob: MEDIUMBLOB opt_compressed */ @@ -35712,7 +35724,7 @@ { (yyval.Lex_field_type).set(&type_handler_medium_blob, &my_charset_bin); } -#line 35716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 836: /* field_type_lob: LONGBLOB opt_compressed */ @@ -35720,7 +35732,7 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob, &my_charset_bin); } -#line 35724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 837: /* field_type_lob: LONG_SYM VARBINARY opt_compressed */ @@ -35728,49 +35740,49 @@ { (yyval.Lex_field_type).set(&type_handler_medium_blob, &my_charset_bin); } -#line 35732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 838: /* field_type_lob: LONG_SYM varchar opt_binary_and_compression */ #line 6677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 839: /* field_type_lob: TINYTEXT opt_binary_and_compression */ #line 6679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_tiny_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 840: /* field_type_lob: TEXT_SYM opt_field_length opt_binary_and_compression */ #line 6681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_blob, (yyvsp[-1].Lex_length_and_dec), (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 841: /* field_type_lob: MEDIUMTEXT opt_binary_and_compression */ #line 6683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 842: /* field_type_lob: LONGTEXT opt_binary_and_compression */ #line 6685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_long_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 843: /* field_type_lob: CLOB_ORACLE_SYM opt_binary_and_compression */ #line 6687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_long_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 844: /* field_type_lob: LONG_SYM opt_binary_and_compression */ #line 6689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_medium_blob, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 845: /* field_type_lob: JSON_SYM opt_compressed */ @@ -35778,109 +35790,109 @@ { (yyval.Lex_field_type).set(&type_handler_long_blob_json, &MY_CHARSET_UTF8MB4_BIN); } -#line 35782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 846: /* field_type_misc: ENUM '(' string_list ')' opt_binary */ #line 6698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_enum, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 847: /* field_type_misc: SET '(' string_list ')' opt_binary */ #line 6700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_field_type).set(&type_handler_set, (yyvsp[0].Lex_exact_charset_extended_collation_attrs)); } -#line 35794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 848: /* char: CHAR_SYM */ #line 6704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 849: /* nchar: NCHAR_SYM */ #line 6708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 850: /* nchar: NATIONAL_SYM CHAR_SYM */ #line 6709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 851: /* varchar: char VARYING */ #line 6713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 852: /* varchar: VARCHAR */ #line 6714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 853: /* nvarchar: NATIONAL_SYM VARCHAR */ #line 6718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 854: /* nvarchar: NVARCHAR_SYM */ #line 6719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 855: /* nvarchar: NCHAR_SYM VARCHAR */ #line 6720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 856: /* nvarchar: NATIONAL_SYM CHAR_SYM VARYING */ #line 6721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 857: /* nvarchar: NCHAR_SYM VARYING */ #line 6722 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 35854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 858: /* int_type: INT_SYM */ #line 6726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_slong; } -#line 35860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 859: /* int_type: TINYINT */ #line 6727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_stiny; } -#line 35866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 860: /* int_type: SMALLINT */ #line 6728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_sshort; } -#line 35872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 861: /* int_type: MEDIUMINT */ #line 6729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_sint24; } -#line 35878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 862: /* int_type: BIGINT */ #line 6730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_slonglong; } -#line 35884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 863: /* real_type: REAL */ @@ -35890,25 +35902,25 @@ static_cast(&type_handler_float) : static_cast(&type_handler_double); } -#line 35894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 864: /* real_type: DOUBLE_SYM */ #line 6740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_double; } -#line 35900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 865: /* real_type: DOUBLE_SYM PRECISION */ #line 6741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.type_handler)= &type_handler_double; } -#line 35906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 866: /* srid_option: %empty */ #line 6746 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attr_uint32(0, 0); } -#line 35912 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 867: /* srid_option: REF_SYSTEM_ID_SYM '=' NUM */ @@ -35916,121 +35928,121 @@ { Lex->last_field->set_attr_uint32(0, (uint32) atoi((yyvsp[0].lex_str).str)); } -#line 35920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 868: /* float_options: %empty */ #line 6755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 35926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 871: /* precision: '(' NUM ',' NUM ')' */ #line 6761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set((yyvsp[-3].lex_str).str, (yyvsp[-1].lex_str).str); } -#line 35932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 872: /* field_options: %empty */ #line 6765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 35938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 873: /* field_options: SIGNED_SYM */ #line 6766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 35944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 874: /* field_options: UNSIGNED */ #line 6767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG; } -#line 35950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 875: /* field_options: ZEROFILL */ #line 6768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 35956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 876: /* field_options: UNSIGNED ZEROFILL */ #line 6769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 35962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 877: /* field_options: ZEROFILL UNSIGNED */ #line 6770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= UNSIGNED_FLAG | ZEROFILL_FLAG; } -#line 35968 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 878: /* last_field_options: field_options */ #line 6774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->flags|= ((yyval.ulong_num)= (yyvsp[0].ulong_num)); } -#line 35974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 879: /* field_length_str: '(' LONG_NUM ')' */ #line 6778 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 35980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 880: /* field_length_str: '(' ULONGLONG_NUM ')' */ #line 6779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 35986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 35998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 881: /* field_length_str: '(' DECIMAL_NUM ')' */ #line 6780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 35992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 882: /* field_length_str: '(' NUM ')' */ #line 6781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[-1].lex_str).str; } -#line 35998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 883: /* field_length: field_length_str */ #line 6784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set((yyvsp[0].const_simple_string), NULL); } -#line 36004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 884: /* field_scale: field_length_str */ #line 6788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).set(NULL, (yyvsp[0].const_simple_string)); } -#line 36010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 885: /* opt_field_length: %empty */ #line 6793 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); /* use default length */ } -#line 36016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 887: /* opt_field_scale: %empty */ #line 6798 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 36022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 889: /* opt_precision: %empty */ #line 6803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec).reset(); } -#line 36028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 890: /* opt_precision: precision */ #line 6804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_length_and_dec)= (yyvsp[0].Lex_length_and_dec); } -#line 36034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 891: /* attribute_list: attribute_list attribute */ @@ -36040,7 +36052,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs))) MYSQL_YYABORT; } -#line 36044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 893: /* attribute: NULL_SYM */ @@ -36050,7 +36062,7 @@ Lex->last_field->explicitly_nullable= true; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 894: /* attribute: DEFAULT column_default_expr */ @@ -36059,7 +36071,7 @@ Lex->last_field->default_value= (yyvsp[0].virtual_column); (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 895: /* attribute: ON UPDATE_SYM NOW_SYM opt_default_time_precision */ @@ -36071,13 +36083,13 @@ Lex->last_field->on_update= item; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 896: /* attribute: AUTO_INC */ #line 6838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->flags|= AUTO_INCREMENT_FLAG | NOT_NULL_FLAG; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 897: /* attribute: SERIAL_SYM DEFAULT VALUE_SYM */ @@ -36088,7 +36100,7 @@ lex->alter_info.flags|= ALTER_ADD_INDEX; (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 898: /* attribute: COLLATE_SYM collation_name */ @@ -36096,49 +36108,49 @@ { (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 36100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 899: /* attribute: serial_attribute */ #line 6850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 900: /* opt_compression_method: %empty */ #line 6854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= NULL; } -#line 36112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 901: /* opt_compression_method: equal ident */ #line 6855 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.const_simple_string)= (yyvsp[0].ident_sys).str; } -#line 36118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 902: /* opt_compressed: %empty */ #line 6859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 903: /* opt_compressed: compressed */ #line 6860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 36130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 904: /* opt_enable: %empty */ #line 6864 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 905: /* opt_enable: ENABLE_SYM */ #line 6865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 36142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 906: /* compressed: COMPRESSED_SYM opt_compression_method */ @@ -36147,7 +36159,7 @@ if (unlikely(Lex->last_field->set_compressed((yyvsp[0].const_simple_string)))) MYSQL_YYABORT; } -#line 36151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 907: /* asrow_attribute: not NULL_SYM opt_enable */ @@ -36155,7 +36167,7 @@ { Lex->last_field->flags|= NOT_NULL_FLAG; } -#line 36159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 908: /* asrow_attribute: opt_primary KEY_SYM */ @@ -36165,7 +36177,7 @@ lex->last_field->flags|= PRI_KEY_FLAG | NOT_NULL_FLAG; lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 36169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 911: /* serial_attribute: engine_defined_option */ @@ -36173,7 +36185,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->last_field->option_list, &Lex->option_list_last); } -#line 36177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 912: /* serial_attribute: with_or_without_system VERSIONING_SYM */ @@ -36187,7 +36199,7 @@ Lex->create_last_non_select_table->table_name.str)); } } -#line 36191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 913: /* with_or_without_system: WITH_SYSTEM_SYM */ @@ -36197,7 +36209,7 @@ Lex->create_info.vers_info.versioned_fields= true; (yyval.vers_column_versioning)= Column_definition::WITH_VERSIONING; } -#line 36201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 914: /* with_or_without_system: WITHOUT SYSTEM */ @@ -36207,19 +36219,19 @@ Lex->create_info.vers_info.unversioned_fields= true; (yyval.vers_column_versioning)= Column_definition::WITHOUT_VERSIONING; } -#line 36211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 915: /* charset: CHAR_SYM SET */ #line 6925 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.kwd)= (yyvsp[-1].kwd); } -#line 36217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 916: /* charset: CHARSET */ #line 6926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.kwd)= (yyvsp[0].kwd); } -#line 36223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 917: /* charset_name: ident_or_text */ @@ -36230,37 +36242,37 @@ MYF(utf8_flag))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), (yyvsp[0].lex_str).str)); } -#line 36234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 918: /* charset_name: BINARY */ #line 6937 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_bin; } -#line 36240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 919: /* charset_name_or_default: charset_name */ #line 6941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=(yyvsp[0].charset); } -#line 36246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 920: /* charset_name_or_default: DEFAULT */ #line 6942 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=NULL; } -#line 36252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 921: /* opt_load_data_charset: %empty */ #line 6946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= NULL; } -#line 36258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 922: /* opt_load_data_charset: charset charset_name_or_default */ #line 6947 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= (yyvsp[0].charset); } -#line 36264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 923: /* old_or_new_charset_name: ident_or_text */ @@ -36273,25 +36285,25 @@ !((yyval.charset)=get_old_charset_by_name((yyvsp[0].lex_str))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), (yyvsp[0].lex_str).str)); } -#line 36277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 924: /* old_or_new_charset_name: BINARY */ #line 6960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_bin; } -#line 36283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 925: /* old_or_new_charset_name_or_default: old_or_new_charset_name */ #line 6964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=(yyvsp[0].charset); } -#line 36289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 926: /* old_or_new_charset_name_or_default: DEFAULT */ #line 6965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)=NULL; } -#line 36295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 927: /* collation_name: ident_or_text */ @@ -36300,19 +36312,19 @@ if ((yyval.Lex_extended_collation).set_by_name((yyvsp[0].lex_str).str, thd->get_utf8_flag())) MYSQL_YYABORT; } -#line 36304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 928: /* collation_name_or_default: collation_name */ #line 6977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_extended_collation)=(yyvsp[0].Lex_extended_collation); } -#line 36310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 929: /* collation_name_or_default: DEFAULT */ #line 6978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_extended_collation).set_collate_default(); } -#line 36316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 930: /* collation_name_or_default: BINARY */ @@ -36321,31 +36333,31 @@ const Lex_exact_collation bin(&my_charset_bin); (yyval.Lex_extended_collation)= Lex_extended_collation(bin); } -#line 36325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 931: /* opt_default: %empty */ #line 6987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 932: /* opt_default: DEFAULT */ #line 6988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 933: /* charset_or_alias: charset charset_name */ #line 6992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= (yyvsp[0].charset); } -#line 36343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 934: /* charset_or_alias: ASCII_SYM */ #line 6993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.charset)= &my_charset_latin1; } -#line 36349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 935: /* charset_or_alias: UNICODE_SYM */ @@ -36354,13 +36366,13 @@ if (unlikely(!((yyval.charset)= get_charset_by_csname("ucs2", MY_CS_PRIMARY,MYF(0))))) my_yyabort_error((ER_UNKNOWN_CHARACTER_SET, MYF(0), "ucs2")); } -#line 36358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 936: /* opt_binary: %empty */ #line 7002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).init(); } -#line 36364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 938: /* binary: BYTE_SYM */ @@ -36368,7 +36380,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_charset(Lex_exact_charset(&my_charset_bin)); } -#line 36372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 939: /* binary: charset_or_alias */ @@ -36376,7 +36388,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_charset(Lex_exact_charset((yyvsp[0].charset))); } -#line 36380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 940: /* binary: charset_or_alias BINARY */ @@ -36385,13 +36397,13 @@ if ((yyval.Lex_exact_charset_extended_collation_attrs).set_charset_collate_binary(Lex_exact_charset((yyvsp[-1].charset)))) MYSQL_YYABORT; } -#line 36389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 941: /* binary: BINARY */ #line 7020 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_exact_charset_extended_collation_attrs).set_contextually_typed_binary_style(); } -#line 36395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 942: /* binary: BINARY charset_or_alias */ @@ -36400,7 +36412,7 @@ if ((yyval.Lex_exact_charset_extended_collation_attrs).set_charset_collate_binary(Lex_exact_charset((yyvsp[0].charset)))) MYSQL_YYABORT; } -#line 36404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 943: /* binary: charset_or_alias COLLATE_SYM DEFAULT */ @@ -36411,7 +36423,7 @@ thd->variables.character_set_collations, Lex_exact_charset((yyvsp[-2].charset))); } -#line 36415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 944: /* binary: charset_or_alias COLLATE_SYM collation_name */ @@ -36424,7 +36436,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 36428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 945: /* binary: COLLATE_SYM collation_name */ @@ -36432,7 +36444,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs((yyvsp[0].Lex_extended_collation)); } -#line 36436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 946: /* binary: COLLATE_SYM DEFAULT */ @@ -36440,7 +36452,7 @@ { (yyval.Lex_exact_charset_extended_collation_attrs).set_collate_default(); } -#line 36444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 947: /* binary: charset_or_alias COLLATE_SYM BINARY */ @@ -36454,7 +36466,7 @@ MYSQL_YYABORT; (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs(tmp); } -#line 36458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 948: /* binary: COLLATE_SYM BINARY */ @@ -36464,19 +36476,19 @@ const Lex_extended_collation tmp(bin); (yyval.Lex_exact_charset_extended_collation_attrs)= Lex_exact_charset_extended_collation_attrs(tmp); } -#line 36468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 949: /* opt_bin_mod: %empty */ #line 7069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 36474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 950: /* opt_bin_mod: BINARY */ #line 7070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 36480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 951: /* $@96: %empty */ @@ -36488,55 +36500,55 @@ MYSQL_YYABORT; } } -#line 36492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 952: /* ws_nweights: '(' real_ulong_num $@96 ')' */ #line 7083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[-2].ulong_num); } -#line 36498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 953: /* ws_level_flag_desc: ASC */ #line 7087 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 36504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 954: /* ws_level_flag_desc: DESC */ #line 7088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1 << MY_STRXFRM_DESC_SHIFT; } -#line 36510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 955: /* ws_level_flag_reverse: REVERSE_SYM */ #line 7092 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1 << MY_STRXFRM_REVERSE_SHIFT; } -#line 36516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 956: /* ws_level_flags: %empty */ #line 7095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 36522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 957: /* ws_level_flags: ws_level_flag_desc */ #line 7096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 36528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 958: /* ws_level_flags: ws_level_flag_desc ws_level_flag_reverse */ #line 7097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[-1].ulong_num) | (yyvsp[0].ulong_num); } -#line 36534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 959: /* ws_level_flags: ws_level_flag_reverse */ #line 7098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num) ; } -#line 36540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 960: /* ws_level_number: real_ulong_num */ @@ -36545,7 +36557,7 @@ (yyval.ulong_num)= (yyvsp[0].ulong_num) < 1 ? 1 : ((yyvsp[0].ulong_num) > MY_STRXFRM_NLEVELS ? MY_STRXFRM_NLEVELS : (yyvsp[0].ulong_num)); (yyval.ulong_num)--; } -#line 36549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 961: /* ws_level_list_item: ws_level_number ws_level_flags */ @@ -36553,19 +36565,19 @@ { (yyval.ulong_num)= (1 | (yyvsp[0].ulong_num)) << (yyvsp[-1].ulong_num); } -#line 36557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 962: /* ws_level_list: ws_level_list_item */ #line 7117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 36563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 963: /* ws_level_list: ws_level_list ',' ws_level_list_item */ #line 7118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)|= (yyvsp[0].ulong_num); } -#line 36569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 964: /* ws_level_range: ws_level_number '-' ws_level_number */ @@ -36576,31 +36588,31 @@ for ((yyval.ulong_num)= 0; start <= end; start++) (yyval.ulong_num)|= (1 << start); } -#line 36580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 965: /* ws_level_list_or_range: ws_level_list */ #line 7132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 36586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 966: /* ws_level_list_or_range: ws_level_range */ #line 7133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 36592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 967: /* opt_ws_levels: %empty */ #line 7137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 36598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 968: /* opt_ws_levels: LEVEL_SYM ws_level_list_or_range */ #line 7138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num); } -#line 36604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 971: /* references: REFERENCES table_ident opt_ref_list opt_match_clause opt_on_update_delete */ @@ -36608,13 +36620,13 @@ { (yyval.table)=(yyvsp[-3].table); } -#line 36612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 972: /* opt_ref_list: %empty */ #line 7159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ref_list.empty(); } -#line 36618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 974: /* ref_list: ref_list ',' ident */ @@ -36625,7 +36637,7 @@ MYSQL_YYABORT; Lex->ref_list.push_back(key, thd->mem_root); } -#line 36629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 975: /* ref_list: ident */ @@ -36638,31 +36650,31 @@ lex->ref_list.empty(); lex->ref_list.push_back(key, thd->mem_root); } -#line 36642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 976: /* opt_match_clause: %empty */ #line 7184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_UNDEF; } -#line 36648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 977: /* opt_match_clause: MATCH FULL */ #line 7186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_FULL; } -#line 36654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 978: /* opt_match_clause: MATCH PARTIAL */ #line 7188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_PARTIAL; } -#line 36660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 979: /* opt_match_clause: MATCH SIMPLE_SYM */ #line 7190 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->fk_match_option= Foreign_key::FK_MATCH_SIMPLE; } -#line 36666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 980: /* opt_on_update_delete: %empty */ @@ -36672,7 +36684,7 @@ lex->fk_update_opt= FK_OPTION_UNDEF; lex->fk_delete_opt= FK_OPTION_UNDEF; } -#line 36676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 981: /* opt_on_update_delete: ON UPDATE_SYM delete_option */ @@ -36682,7 +36694,7 @@ lex->fk_update_opt= (yyvsp[0].m_fk_option); lex->fk_delete_opt= FK_OPTION_UNDEF; } -#line 36686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 982: /* opt_on_update_delete: ON DELETE_SYM delete_option */ @@ -36692,7 +36704,7 @@ lex->fk_update_opt= FK_OPTION_UNDEF; lex->fk_delete_opt= (yyvsp[0].m_fk_option); } -#line 36696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 983: /* opt_on_update_delete: ON UPDATE_SYM delete_option ON DELETE_SYM delete_option */ @@ -36702,7 +36714,7 @@ lex->fk_update_opt= (yyvsp[-3].m_fk_option); lex->fk_delete_opt= (yyvsp[0].m_fk_option); } -#line 36706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 984: /* opt_on_update_delete: ON DELETE_SYM delete_option ON UPDATE_SYM delete_option */ @@ -36712,91 +36724,91 @@ lex->fk_update_opt= (yyvsp[0].m_fk_option); lex->fk_delete_opt= (yyvsp[-3].m_fk_option); } -#line 36716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 985: /* delete_option: RESTRICT */ #line 7229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_RESTRICT; } -#line 36722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 986: /* delete_option: CASCADE */ #line 7230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_CASCADE; } -#line 36728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 987: /* delete_option: SET NULL_SYM */ #line 7231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_SET_NULL; } -#line 36734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 988: /* delete_option: NO_SYM ACTION */ #line 7232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_NO_ACTION; } -#line 36740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 989: /* delete_option: SET DEFAULT */ #line 7233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_fk_option)= FK_OPTION_SET_DEFAULT; } -#line 36746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 990: /* constraint_key_type: PRIMARY_SYM KEY_SYM */ #line 7237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::PRIMARY; } -#line 36752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 991: /* constraint_key_type: UNIQUE_SYM opt_key_or_index */ #line 7238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::UNIQUE; } -#line 36758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 992: /* key_or_index: KEY_SYM */ #line 7242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 993: /* key_or_index: INDEX_SYM */ #line 7243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 994: /* opt_key_or_index: %empty */ #line 7247 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 996: /* keys_or_index: KEYS */ #line 7252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 997: /* keys_or_index: INDEX_SYM */ #line 7253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 998: /* keys_or_index: INDEXES */ #line 7254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 999: /* fulltext: FULLTEXT_SYM */ #line 7258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::FULLTEXT;} -#line 36800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1000: /* spatial_or_vector: SPATIAL_SYM */ @@ -36804,91 +36816,91 @@ { (yyval.key_type)= Key::SPATIAL; } -#line 36808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1001: /* spatial_or_vector: VECTOR_SYM */ #line 7266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_type)= Key::VECTOR;} -#line 36814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1002: /* normal_key_options: %empty */ #line 7270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1003: /* normal_key_options: normal_key_opts */ #line 7271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 36826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1004: /* fulltext_key_options: %empty */ #line 7275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1005: /* fulltext_key_options: fulltext_key_opts */ #line 7276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 36838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1006: /* spatial_key_options: %empty */ #line 7280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1007: /* spatial_key_options: spatial_key_opts */ #line 7281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->option_list= Lex->option_list; } -#line 36850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1014: /* opt_USING_key_algorithm: %empty */ #line 7300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_UNDEF; } -#line 36856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1015: /* opt_USING_key_algorithm: USING btree_or_rtree */ #line 7301 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 36862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1016: /* opt_key_algorithm_clause: %empty */ #line 7306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_UNDEF; } -#line 36868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1017: /* opt_key_algorithm_clause: USING btree_or_rtree */ #line 7307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 36874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1018: /* opt_key_algorithm_clause: TYPE_SYM btree_or_rtree */ #line 7308 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= (yyvsp[0].key_alg); } -#line 36880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1019: /* key_using_alg: USING btree_or_rtree */ #line 7313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.algorithm= (yyvsp[0].key_alg); } -#line 36886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1020: /* key_using_alg: TYPE_SYM btree_or_rtree */ #line 7315 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.algorithm= (yyvsp[0].key_alg); } -#line 36892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1021: /* all_key_opt: KEY_BLOCK_SIZE opt_equal ulong_num */ @@ -36897,13 +36909,13 @@ Lex->last_key->key_create_info.block_size= (yyvsp[0].ulong_num); Lex->last_key->key_create_info.flags|= HA_USES_BLOCK_SIZE; } -#line 36901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36913 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1022: /* all_key_opt: COMMENT_SYM TEXT_STRING_sys */ #line 7325 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_key->key_create_info.comment= (yyvsp[0].lex_str); } -#line 36907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1023: /* all_key_opt: VISIBLE_SYM */ @@ -36911,7 +36923,7 @@ { /* This is mainly for MySQL 8.0 compatibility */ } -#line 36915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1024: /* all_key_opt: ignorability */ @@ -36919,7 +36931,7 @@ { Lex->last_key->key_create_info.is_ignored= (yyvsp[0].num); } -#line 36923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1025: /* all_key_opt: engine_defined_option */ @@ -36927,7 +36939,7 @@ { (yyvsp[0].engine_option_value_ptr)->link(&Lex->option_list, &Lex->option_list_last); } -#line 36931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36943 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1030: /* fulltext_key_opt: WITH PARSER_SYM IDENT_sys */ @@ -36938,37 +36950,37 @@ else my_yyabort_error((ER_FUNCTION_NOT_DEFINED, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 36942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1031: /* btree_or_rtree: BTREE_SYM */ #line 7361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_BTREE; } -#line 36948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1032: /* btree_or_rtree: RTREE_SYM */ #line 7362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_RTREE; } -#line 36954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1033: /* btree_or_rtree: HASH_SYM */ #line 7363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.key_alg)= HA_KEY_ALG_HASH; } -#line 36960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1034: /* ignorability: IGNORED_SYM */ #line 7367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 36966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1035: /* ignorability: NOT_SYM IGNORED_SYM */ #line 7368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 36972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1036: /* key_list: key_list ',' key_part order_dir */ @@ -36977,7 +36989,7 @@ (yyvsp[-1].key_part)->asc= (yyvsp[0].num); Lex->last_key->columns.push_back((yyvsp[-1].key_part), thd->mem_root); } -#line 36981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 36993 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1037: /* key_list: key_part order_dir */ @@ -36986,13 +36998,13 @@ (yyvsp[-1].key_part)->asc= (yyvsp[0].num); Lex->last_key->columns.push_back((yyvsp[-1].key_part), thd->mem_root); } -#line 36990 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37002 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1038: /* opt_without_overlaps: %empty */ #line 7385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 36996 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37008 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1039: /* opt_without_overlaps: ',' ident WITHOUT OVERLAPS_SYM */ @@ -37001,7 +37013,7 @@ Lex->last_key->without_overlaps= true; Lex->last_key->period= Lex_ident_column((yyvsp[-2].ident_sys)); } -#line 37005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1041: /* key_part: ident '(' NUM ')' */ @@ -37014,7 +37026,7 @@ if (unlikely((yyval.key_part) == NULL)) MYSQL_YYABORT; } -#line 37018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1042: /* key_part_simple: ident */ @@ -37024,31 +37036,31 @@ if (unlikely((yyval.key_part) == NULL)) MYSQL_YYABORT; } -#line 37028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1043: /* opt_ident: %empty */ #line 7416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 37034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1044: /* opt_ident: field_ident */ #line 7417 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 37040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1045: /* string_list: text_string */ #line 7422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->interval_list.push_back((yyvsp[0].string), thd->mem_root); } -#line 37046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1046: /* string_list: string_list ',' text_string */ #line 7424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->interval_list.push_back((yyvsp[0].string), thd->mem_root); } -#line 37052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1047: /* $@97: %empty */ @@ -37068,7 +37080,7 @@ MYSQL_YYABORT; DBUG_ASSERT(!Lex->m_sql_cmd); } -#line 37072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1048: /* $@98: %empty */ @@ -37084,7 +37096,7 @@ Lex->create_last_non_select_table= Lex->last_table(); Lex->mark_first_table_as_inserting(); } -#line 37088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1049: /* alter: ALTER $@97 alter_options TABLE_SYM opt_if_exists table_ident opt_lock_wait_timeout $@98 alter_commands */ @@ -37099,7 +37111,7 @@ } Lex->pop_select(); //main select } -#line 37103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1050: /* $@99: %empty */ @@ -37109,7 +37121,7 @@ if (Lex->main_select_push(true)) MYSQL_YYABORT; } -#line 37113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1051: /* alter: ALTER DATABASE ident_or_empty $@99 create_database_options */ @@ -37123,7 +37135,7 @@ MYSQL_YYABORT; Lex->pop_select(); //main select } -#line 37127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1052: /* $@100: %empty */ @@ -37133,7 +37145,7 @@ Lex->create_info.schema_comment= thd->make_clex_string((yyvsp[0].lex_str)); Lex->create_info.used_fields|= HA_CREATE_USED_COMMENT; } -#line 37137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1053: /* alter: ALTER DATABASE COMMENT_SYM opt_equal TEXT_STRING_sys $@100 opt_create_database_options */ @@ -37146,7 +37158,7 @@ unlikely(lex->copy_db_to(&lex->name))) MYSQL_YYABORT; } -#line 37150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1054: /* alter: ALTER DATABASE ident UPGRADE_SYM DATA_SYM DIRECTORY_SYM NAME_SYM */ @@ -37158,7 +37170,7 @@ lex->sql_command= SQLCOM_ALTER_DB_UPGRADE; lex->name= (yyvsp[-4].ident_sys); } -#line 37162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1055: /* $@101: %empty */ @@ -37167,13 +37179,13 @@ if (Lex->stmt_alter_procedure_start((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 37171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1056: /* alter: ALTER PROCEDURE_SYM sp_name $@101 sp_a_chistics stmt_end */ #line 7516 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1057: /* $@102: %empty */ @@ -37182,13 +37194,13 @@ if (Lex->stmt_alter_function_start((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 37186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1058: /* alter: ALTER FUNCTION_SYM sp_name $@102 sp_a_chistics stmt_end */ #line 7523 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1059: /* $@103: %empty */ @@ -37199,13 +37211,13 @@ if (Lex->add_alter_view(thd, (yyvsp[-4].num), (yyvsp[-2].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 37203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1060: /* alter: ALTER view_algorithm definer_opt opt_view_suid VIEW_SYM table_ident $@103 view_list_opt AS view_select stmt_end */ #line 7531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1061: /* $@104: %empty */ @@ -37216,13 +37228,13 @@ if (Lex->add_alter_view(thd, VIEW_ALGORITHM_INHERIT, (yyvsp[-2].view_suid), (yyvsp[0].table))) MYSQL_YYABORT; } -#line 37220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1062: /* alter: ALTER definer_opt opt_view_suid VIEW_SYM table_ident $@104 view_list_opt AS view_select stmt_end */ #line 7544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37226 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1063: /* $@105: %empty */ @@ -37245,7 +37257,7 @@ Lex->sql_command= SQLCOM_ALTER_EVENT; Lex->stmt_definition_begin= (yyvsp[-2].simple_string); } -#line 37249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1064: /* alter: ALTER definer_opt remember_name EVENT_SYM sp_name $@105 ev_alter_on_schedule_completion opt_ev_rename_to opt_ev_status opt_ev_comment opt_ev_sql_stmt */ @@ -37265,7 +37277,7 @@ Lex->pop_select(); //main select } -#line 37269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1065: /* $@106: %empty */ @@ -37275,13 +37287,13 @@ lex->sql_command= SQLCOM_ALTER_SERVER; lex->server_options.reset((yyvsp[0].lex_str)); } -#line 37279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1066: /* alter: ALTER SERVER_SYM ident_or_text $@106 OPTIONS_SYM '(' server_options_list ')' */ #line 7589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 37285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1067: /* alter: ALTER USER_SYM opt_if_exists clear_privileges grant_list opt_require_clause opt_resource_options opt_account_locking_and_opt_password_expiration */ @@ -37290,7 +37302,7 @@ Lex->create_info.set((yyvsp[-5].object_ddl_options)); Lex->sql_command= SQLCOM_ALTER_USER; } -#line 37294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1068: /* $@107: %empty */ @@ -37303,7 +37315,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 37307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1069: /* $@108: %empty */ @@ -37317,7 +37329,7 @@ TL_WRITE, MDL_EXCLUSIVE)) MYSQL_YYABORT; } -#line 37321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1070: /* $@109: %empty */ @@ -37335,13 +37347,13 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1071: /* alter: ALTER SEQUENCE_SYM opt_if_exists $@107 table_ident $@108 sequence_defs $@109 stmt_end */ #line 7629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1072: /* account_locking_option: LOCK_SYM */ @@ -37349,7 +37361,7 @@ { Lex->account_options.account_locked= ACCOUNTLOCK_LOCKED; } -#line 37353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1073: /* account_locking_option: UNLOCK_SYM */ @@ -37357,7 +37369,7 @@ { Lex->account_options.account_locked= ACCOUNTLOCK_UNLOCKED; } -#line 37361 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1074: /* opt_password_expire_option: %empty */ @@ -37365,7 +37377,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_NOW; } -#line 37369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1075: /* opt_password_expire_option: NEVER_SYM */ @@ -37373,7 +37385,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_NEVER; } -#line 37377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1076: /* opt_password_expire_option: DEFAULT */ @@ -37381,7 +37393,7 @@ { Lex->account_options.password_expire= PASSWORD_EXPIRE_DEFAULT; } -#line 37385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1077: /* opt_password_expire_option: INTERVAL_SYM NUM DAY_SYM */ @@ -37391,37 +37403,37 @@ if (!(Lex->account_options.num_expiration_days= atoi((yyvsp[-1].lex_str).str))) my_yyabort_error((ER_WRONG_VALUE, MYF(0), "DAY", (yyvsp[-1].lex_str).str)); } -#line 37395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1083: /* ev_alter_on_schedule_completion: %empty */ #line 7673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 37401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1084: /* ev_alter_on_schedule_completion: ON SCHEDULE_SYM ev_schedule_time */ #line 7674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 37407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1085: /* ev_alter_on_schedule_completion: ev_on_completion */ #line 7675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 37413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1086: /* ev_alter_on_schedule_completion: ON SCHEDULE_SYM ev_schedule_time ev_on_completion */ #line 7676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 37419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1087: /* opt_ev_rename_to: %empty */ #line 7680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 37425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1088: /* opt_ev_rename_to: RENAME TO_SYM sp_name */ @@ -37434,25 +37446,25 @@ Lex->spname= (yyvsp[0].spname); (yyval.num)= 1; } -#line 37438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1089: /* opt_ev_sql_stmt: %empty */ #line 7693 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0;} -#line 37444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1090: /* opt_ev_sql_stmt: DO_SYM ev_sql_stmt */ #line 7694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 37450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1091: /* ident_or_empty: %empty */ #line 7699 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys)= Lex_ident_sys(); } -#line 37456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1094: /* alter_commands: DISCARD TABLESPACE */ @@ -37464,7 +37476,7 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1095: /* alter_commands: IMPORT TABLESPACE */ @@ -37477,7 +37489,7 @@ if (unlikely(Lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37493 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1101: /* alter_commands: DROP PARTITION_SYM opt_if_exists alt_part_name_list */ @@ -37487,7 +37499,7 @@ DBUG_ASSERT(!Lex->if_exists()); Lex->create_info.add((yyvsp[-1].object_ddl_options)); } -#line 37491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1102: /* alter_commands: REBUILD_SYM PARTITION_SYM opt_no_write_to_binlog all_or_alt_part_name_list */ @@ -37497,7 +37509,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_REBUILD; lex->no_write_to_binlog= (yyvsp[-1].num); } -#line 37501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1103: /* $@110: %empty */ @@ -37512,7 +37524,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1105: /* alter_commands: ANALYZE_SYM PARTITION_SYM opt_no_write_to_binlog all_or_alt_part_name_list */ @@ -37527,7 +37539,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1106: /* $@111: %empty */ @@ -37541,7 +37553,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1108: /* $@112: %empty */ @@ -37556,7 +37568,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1110: /* alter_commands: COALESCE PARTITION_SYM opt_no_write_to_binlog real_ulong_num */ @@ -37567,7 +37579,7 @@ lex->no_write_to_binlog= (yyvsp[-1].num); lex->alter_info.num_parts= (yyvsp[0].ulong_num); } -#line 37571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1111: /* alter_commands: TRUNCATE_SYM PARTITION_SYM all_or_alt_part_name_list */ @@ -37581,7 +37593,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1113: /* alter_commands: EXCHANGE_SYM PARTITION_SYM alt_part_name_item WITH TABLE_SYM table_ident opt_without_validation have_partitioning */ @@ -37590,7 +37602,7 @@ if (Lex->stmt_alter_table_exchange_partition((yyvsp[-2].table))) MYSQL_YYABORT; } -#line 37594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1114: /* alter_commands: CONVERT_SYM PARTITION_SYM alt_part_name_item TO_SYM TABLE_SYM table_ident opt_without_validation have_partitioning */ @@ -37604,7 +37616,7 @@ MYSQL_YYABORT; lex->alter_info.partition_flags|= ALTER_PARTITION_CONVERT_OUT; } -#line 37608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1115: /* $@113: %empty */ @@ -37638,7 +37650,7 @@ lex->alter_info.partition_flags|= ALTER_PARTITION_ADD | ALTER_PARTITION_CONVERT_IN; } -#line 37642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1116: /* alter_commands: CONVERT_SYM TABLE_SYM table_ident $@113 TO_SYM PARTITION_SYM part_definition opt_without_validation have_partitioning */ @@ -37649,7 +37661,7 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 37653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37665 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1117: /* remove_partitioning: REMOVE_SYM PARTITIONING_SYM */ @@ -37657,7 +37669,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_REMOVE; } -#line 37661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1118: /* all_or_alt_part_name_list: ALL */ @@ -37665,7 +37677,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_ALL; } -#line 37669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1120: /* $@114: %empty */ @@ -37681,13 +37693,13 @@ lex->create_info.set((yyvsp[-1].object_ddl_options)); lex->no_write_to_binlog= (yyvsp[0].num); } -#line 37685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1121: /* add_partition_rule: ADD PARTITION_SYM opt_if_not_exists opt_no_write_to_binlog $@114 add_part_extra */ #line 7902 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1123: /* add_part_extra: '(' part_def_list ')' */ @@ -37696,7 +37708,7 @@ LEX *lex= Lex; lex->part_info->num_parts= lex->part_info->partitions.elements; } -#line 37700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1124: /* add_part_extra: PARTITIONS_SYM real_ulong_num */ @@ -37704,7 +37716,7 @@ { Lex->part_info->num_parts= (yyvsp[0].ulong_num); } -#line 37708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1125: /* $@115: %empty */ @@ -37717,7 +37729,7 @@ lex->no_write_to_binlog= (yyvsp[0].num); } -#line 37721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1127: /* reorg_parts_rule: %empty */ @@ -37725,7 +37737,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_TABLE_REORG; } -#line 37729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1128: /* $@116: %empty */ @@ -37733,7 +37745,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_REORGANIZE; } -#line 37737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1129: /* reorg_parts_rule: alt_part_name_list $@116 INTO '(' part_def_list ')' */ @@ -37742,19 +37754,19 @@ partition_info *part_info= Lex->part_info; part_info->num_parts= part_info->partitions.elements; } -#line 37746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1130: /* alt_part_name_list: alt_part_name_item */ #line 7948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1131: /* alt_part_name_list: alt_part_name_list ',' alt_part_name_item */ #line 7949 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 37758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1132: /* alt_part_name_item: ident */ @@ -37764,7 +37776,7 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 37768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37780 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1136: /* alter_list_item: add_column column_def opt_place */ @@ -37775,7 +37787,7 @@ lex->alter_info.flags|= ALTER_PARSER_ADD_COLUMN; (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 37779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1137: /* alter_list_item: ADD key_def */ @@ -37784,7 +37796,7 @@ Lex->create_last_non_select_table= Lex->last_table(); Lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 37788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1138: /* alter_list_item: ADD period_for_system_time */ @@ -37792,7 +37804,7 @@ { Lex->alter_info.flags|= ALTER_ADD_PERIOD; } -#line 37796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1139: /* alter_list_item: ADD PERIOD_SYM opt_if_not_exists_table_element period_for_application_time */ @@ -37802,7 +37814,7 @@ period.create_if_not_exists= Lex->check_exists; Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; } -#line 37806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1140: /* alter_list_item: add_column '(' create_field_list ')' */ @@ -37813,7 +37825,7 @@ if (!lex->alter_info.key_list.is_empty()) lex->alter_info.flags|= ALTER_ADD_INDEX; } -#line 37817 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1141: /* alter_list_item: ADD constraint_def */ @@ -37821,7 +37833,7 @@ { Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; } -#line 37825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1142: /* alter_list_item: ADD CONSTRAINT IF_SYM not EXISTS field_ident check_constraint */ @@ -37830,7 +37842,7 @@ Lex->alter_info.flags|= ALTER_ADD_CHECK_CONSTRAINT; Lex->add_constraint((yyvsp[-1].lex_str), (yyvsp[0].virtual_column), TRUE); } -#line 37834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1143: /* alter_list_item: CHANGE opt_column opt_if_exists_table_element field_ident field_spec opt_place */ @@ -37841,7 +37853,7 @@ (yyvsp[-1].create_field)->change= Lex_ident_column((yyvsp[-2].lex_str)); (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 37845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1144: /* alter_list_item: MODIFY_SYM opt_column opt_if_exists_table_element field_spec opt_place */ @@ -37852,7 +37864,7 @@ (yyvsp[-1].create_field)->change= (yyvsp[-1].create_field)->field_name; (yyvsp[-1].create_field)->after= Lex_ident_column((yyvsp[0].lex_str)); } -#line 37856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1145: /* alter_list_item: DROP opt_column opt_if_exists_table_element field_ident opt_restrict */ @@ -37866,7 +37878,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_PARSER_DROP_COLUMN; } -#line 37870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1146: /* alter_list_item: DROP CONSTRAINT opt_if_exists_table_element field_ident */ @@ -37881,7 +37893,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_CHECK_CONSTRAINT; } -#line 37885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1147: /* alter_list_item: DROP FOREIGN KEY_SYM opt_if_exists_table_element field_ident */ @@ -37895,7 +37907,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_FOREIGN_KEY; } -#line 37899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1148: /* alter_list_item: DROP opt_constraint_no_id PRIMARY_SYM KEY_SYM */ @@ -37910,7 +37922,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_INDEX; } -#line 37914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1149: /* alter_list_item: DROP key_or_index opt_if_exists_table_element field_ident */ @@ -37924,7 +37936,7 @@ lex->alter_info.drop_list.push_back(ad, thd->mem_root); lex->alter_info.flags|= ALTER_DROP_INDEX; } -#line 37928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1150: /* alter_list_item: DISABLE_SYM KEYS */ @@ -37934,7 +37946,7 @@ lex->alter_info.keys_onoff= Alter_info::DISABLE; lex->alter_info.flags|= ALTER_KEYS_ONOFF; } -#line 37938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1151: /* alter_list_item: ENABLE_SYM KEYS */ @@ -37944,7 +37956,7 @@ lex->alter_info.keys_onoff= Alter_info::ENABLE; lex->alter_info.flags|= ALTER_KEYS_ONOFF; } -#line 37948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1152: /* alter_list_item: ALTER opt_column opt_if_exists_table_element field_ident SET DEFAULT column_default_expr */ @@ -37955,7 +37967,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-3].lex_str), (yyvsp[0].virtual_column), (yyvsp[-4].num)))) MYSQL_YYABORT; } -#line 37959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1153: /* alter_list_item: ALTER key_or_index opt_if_exists_table_element ident ignorability */ @@ -37969,7 +37981,7 @@ lex->alter_info.alter_index_ignorability_list.push_back(ac); lex->alter_info.flags|= ALTER_INDEX_IGNORABILITY; } -#line 37973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1154: /* alter_list_item: ALTER opt_column opt_if_exists_table_element field_ident DROP DEFAULT */ @@ -37978,7 +37990,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-2].lex_str), (Virtual_column_info*) 0, (yyvsp[-3].num)))) MYSQL_YYABORT; } -#line 37982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 37994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1155: /* alter_list_item: RENAME opt_to table_ident */ @@ -37988,7 +38000,7 @@ MYSQL_YYABORT; Lex->alter_info.flags|= ALTER_RENAME; } -#line 37992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1156: /* alter_list_item: RENAME COLUMN_SYM opt_if_exists_table_element ident TO_SYM ident */ @@ -37997,7 +38009,7 @@ if (unlikely(Lex->add_alter_list((yyvsp[-2].ident_sys), (yyvsp[0].ident_sys), (yyvsp[-3].num)))) MYSQL_YYABORT; } -#line 38001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1157: /* alter_list_item: RENAME key_or_index opt_if_exists_table_element field_ident TO_SYM field_ident */ @@ -38011,7 +38023,7 @@ lex->alter_info.alter_rename_key_list.push_back(ak); lex->alter_info.flags|= ALTER_RENAME_INDEX; } -#line 38015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1158: /* alter_list_item: CONVERT_SYM TO_SYM charset charset_name_or_default */ @@ -38021,7 +38033,7 @@ thd, thd->variables.character_set_collations, (yyvsp[0].charset))) MYSQL_YYABORT; } -#line 38025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1159: /* alter_list_item: CONVERT_SYM TO_SYM charset charset_name_or_default COLLATE_SYM collation_name_or_default */ @@ -38031,7 +38043,7 @@ thd, thd->variables.character_set_collations, (yyvsp[-2].charset), (yyvsp[0].Lex_extended_collation))) MYSQL_YYABORT; } -#line 38035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1160: /* alter_list_item: create_table_options_space_separated */ @@ -38040,7 +38052,7 @@ LEX *lex=Lex; lex->alter_info.flags|= ALTER_OPTIONS; } -#line 38044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1161: /* alter_list_item: FORCE_SYM */ @@ -38048,7 +38060,7 @@ { Lex->alter_info.flags|= ALTER_RECREATE; } -#line 38052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1162: /* alter_list_item: alter_order_clause */ @@ -38057,7 +38069,7 @@ LEX *lex=Lex; lex->alter_info.flags|= ALTER_ORDER; } -#line 38061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1165: /* alter_list_item: ADD SYSTEM VERSIONING_SYM */ @@ -38066,7 +38078,7 @@ Lex->alter_info.flags|= ALTER_ADD_SYSTEM_VERSIONING; Lex->create_info.options|= HA_VERSIONED_TABLE; } -#line 38070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1166: /* alter_list_item: DROP SYSTEM VERSIONING_SYM */ @@ -38075,7 +38087,7 @@ Lex->alter_info.flags|= ALTER_DROP_SYSTEM_VERSIONING; Lex->create_info.options&= ~HA_VERSIONED_TABLE; } -#line 38079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1167: /* alter_list_item: DROP PERIOD_SYM FOR_SYSTEM_TIME_SYM */ @@ -38083,7 +38095,7 @@ { Lex->alter_info.flags|= ALTER_DROP_PERIOD; } -#line 38087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1168: /* alter_list_item: DROP PERIOD_SYM opt_if_exists_table_element FOR_SYM ident */ @@ -38095,7 +38107,7 @@ Lex->alter_info.drop_list.push_back(ad, thd->mem_root); Lex->alter_info.flags|= ALTER_DROP_CHECK_CONSTRAINT; } -#line 38099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1170: /* opt_without_validation: WITH VALIDATION_SYM */ @@ -38103,7 +38115,7 @@ { Lex->without_validation= 0; } -#line 38107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1171: /* opt_without_validation: WITHOUT VALIDATION_SYM */ @@ -38111,7 +38123,7 @@ { Lex->without_validation= 1; } -#line 38115 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1177: /* alter_algorithm_option: ALGORITHM_SYM opt_equal DEFAULT */ @@ -38119,7 +38131,7 @@ { Lex->alter_info.set_requested_algorithm(Alter_info::ALTER_TABLE_ALGORITHM_DEFAULT); } -#line 38123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1178: /* alter_algorithm_option: ALGORITHM_SYM opt_equal ident */ @@ -38128,7 +38140,7 @@ if (unlikely(Lex->alter_info.set_requested_algorithm(&(yyvsp[0].ident_sys)))) my_yyabort_error((ER_UNKNOWN_ALTER_ALGORITHM, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 38132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1179: /* alter_lock_option: LOCK_SYM opt_equal DEFAULT */ @@ -38137,7 +38149,7 @@ Lex->alter_info.requested_lock= Alter_info::ALTER_TABLE_LOCK_DEFAULT; } -#line 38141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1180: /* alter_lock_option: LOCK_SYM opt_equal ident */ @@ -38146,43 +38158,43 @@ if (unlikely(Lex->alter_info.set_requested_lock(&(yyvsp[0].ident_sys)))) my_yyabort_error((ER_UNKNOWN_ALTER_LOCK, MYF(0), (yyvsp[0].ident_sys).str)); } -#line 38150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1181: /* opt_column: %empty */ #line 8236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1182: /* opt_column: COLUMN_SYM */ #line 8237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1183: /* opt_ignore: %empty */ #line 8241 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 0;} -#line 38168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1184: /* opt_ignore: IGNORE_SYM */ #line 8242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1;} -#line 38174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1185: /* $@117: %empty */ #line 8246 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 0;} -#line 38180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1191: /* alter_option: IGNORE_SYM */ #line 8260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1;} -#line 38186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1192: /* alter_option: ONLINE_SYM */ @@ -38191,31 +38203,31 @@ Lex->alter_info.requested_lock= Alter_info::ALTER_TABLE_LOCK_NONE; } -#line 38195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1193: /* opt_restrict: %empty */ #line 8269 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_DEFAULT; } -#line 38201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1194: /* opt_restrict: RESTRICT */ #line 8270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_RESTRICT; } -#line 38207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1195: /* opt_restrict: CASCADE */ #line 8271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->drop_mode= DROP_CASCADE; } -#line 38213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1196: /* opt_place: %empty */ #line 8275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 38219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1197: /* opt_place: AFTER_SYM ident */ @@ -38224,7 +38236,7 @@ (yyval.lex_str)= (yyvsp[0].ident_sys); Lex->alter_info.flags |= ALTER_COLUMN_ORDER; } -#line 38228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1198: /* opt_place: FIRST_SYM */ @@ -38234,31 +38246,31 @@ (yyval.lex_str).length= 5; /* Length of "first" */ Lex->alter_info.flags |= ALTER_COLUMN_ORDER; } -#line 38238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1199: /* opt_to: %empty */ #line 8290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1200: /* opt_to: TO_SYM */ #line 8291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1201: /* opt_to: '=' */ #line 8292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1202: /* opt_to: AS */ #line 8293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38274 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1203: /* $@118: %empty */ @@ -38269,13 +38281,13 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE START too */ } -#line 38273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1204: /* slave: START_SYM SLAVE optional_connection_name slave_thread_opts optional_for_channel $@118 slave_until */ #line 8305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1205: /* $@119: %empty */ @@ -38286,13 +38298,13 @@ lex->type = 0; /* If you change this code don't forget to update STOP SLAVE too */ } -#line 38290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1206: /* slave: START_SYM ALL SLAVES slave_thread_opts $@119 */ #line 8313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1207: /* slave: STOP_SYM SLAVE optional_connection_name slave_thread_opts optional_for_channel */ @@ -38303,7 +38315,7 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE STOP too */ } -#line 38307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1208: /* slave: STOP_SYM ALL SLAVES slave_thread_opts */ @@ -38314,7 +38326,7 @@ lex->type = 0; /* If you change this code don't forget to update SLAVE STOP too */ } -#line 38318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1209: /* start: START_SYM TRANSACTION_SYM opt_start_transaction_option_list */ @@ -38331,7 +38343,7 @@ } lex->start_transaction_opt= (yyvsp[0].num); } -#line 38335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1210: /* opt_start_transaction_option_list: %empty */ @@ -38339,7 +38351,7 @@ { (yyval.num)= 0; } -#line 38343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1211: /* opt_start_transaction_option_list: start_transaction_option_list */ @@ -38347,7 +38359,7 @@ { (yyval.num)= (yyvsp[0].num); } -#line 38351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1212: /* start_transaction_option_list: start_transaction_option */ @@ -38355,7 +38367,7 @@ { (yyval.num)= (yyvsp[0].num); } -#line 38359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1213: /* start_transaction_option_list: start_transaction_option_list ',' start_transaction_option */ @@ -38363,7 +38375,7 @@ { (yyval.num)= (yyvsp[-2].num) | (yyvsp[0].num); } -#line 38367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1214: /* start_transaction_option: WITH CONSISTENT_SYM SNAPSHOT_SYM */ @@ -38371,7 +38383,7 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_WITH_CONS_SNAPSHOT; } -#line 38375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1215: /* start_transaction_option: READ_SYM ONLY_SYM */ @@ -38379,7 +38391,7 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_READ_ONLY; } -#line 38383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1216: /* start_transaction_option: READ_SYM WRITE_SYM */ @@ -38387,43 +38399,43 @@ { (yyval.num)= MYSQL_START_TRANS_OPT_READ_WRITE; } -#line 38391 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1217: /* $@120: %empty */ #line 8384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt= 0; } -#line 38397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1218: /* slave_thread_opts: $@120 slave_thread_opt_list */ #line 8386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1221: /* slave_thread_opt: %empty */ #line 8395 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1222: /* slave_thread_opt: SQL_THREAD */ #line 8396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt|=SLAVE_SQL; } -#line 38415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1223: /* slave_thread_opt: RELAY_THREAD */ #line 8397 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->slave_thd_opt|=SLAVE_IO; } -#line 38421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1224: /* slave_until: %empty */ #line 8401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1225: /* slave_until: UNTIL_SYM slave_until_opts */ @@ -38436,7 +38448,7 @@ (lex->mi.relay_log_name && lex->mi.relay_log_pos)))) my_yyabort_error((ER_BAD_SLAVE_UNTIL_COND, MYF(0))); } -#line 38440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1226: /* slave_until: UNTIL_SYM MASTER_GTID_POS_SYM '=' TEXT_STRING_sys */ @@ -38445,7 +38457,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= false; } -#line 38449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1227: /* slave_until: UNTIL_SYM SQL_AFTER_GTIDS_SYM '=' TEXT_STRING_sys */ @@ -38454,7 +38466,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= false; } -#line 38458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1228: /* slave_until: UNTIL_SYM SQL_BEFORE_GTIDS_SYM '=' TEXT_STRING_sys */ @@ -38463,7 +38475,7 @@ Lex->mi.gtid_pos_str = (yyvsp[0].lex_str); Lex->mi.is_until_before_gtids= true; } -#line 38467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1231: /* $@121: %empty */ @@ -38474,37 +38486,37 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 38478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1232: /* checksum: CHECKSUM_SYM table_or_tables $@121 table_list opt_checksum_type */ #line 8442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1233: /* opt_checksum_type: %empty */ #line 8446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= 0; } -#line 38490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1234: /* opt_checksum_type: QUICK */ #line 8447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= T_QUICK; } -#line 38496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1235: /* opt_checksum_type: EXTENDED_SYM */ #line 8448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags= T_EXTEND; } -#line 38502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1237: /* $@122: %empty */ #line 8454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->table_type= TABLE_TYPE_VIEW; } -#line 38508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1239: /* $@123: %empty */ @@ -38518,7 +38530,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 38522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1240: /* repair: REPAIR opt_no_write_to_binlog $@123 repair_table_or_view */ @@ -38530,73 +38542,73 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1241: /* opt_mi_repair_type: %empty */ #line 8480 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags = T_MEDIUM; } -#line 38540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1242: /* opt_mi_repair_type: mi_repair_types */ #line 8481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1243: /* mi_repair_types: mi_repair_type */ #line 8485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1244: /* mi_repair_types: mi_repair_type mi_repair_types */ #line 8486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1245: /* mi_repair_type: QUICK */ #line 8490 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_QUICK; } -#line 38564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1246: /* mi_repair_type: EXTENDED_SYM */ #line 8491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_EXTEND; } -#line 38570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1247: /* mi_repair_type: USE_FRM */ #line 8492 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_USEFRM; } -#line 38576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1248: /* mi_repair_type: FORCE_SYM */ #line 8493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FORCE; } -#line 38582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1249: /* opt_view_repair_type: %empty */ #line 8497 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 38588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1250: /* opt_view_repair_type: FOR_SYM UPGRADE_SYM */ #line 8498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 38594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1251: /* opt_view_repair_type: FROM MYSQL_SYM */ #line 8499 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FROM_MYSQL; } -#line 38600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1252: /* $@124: %empty */ @@ -38610,7 +38622,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 38614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1253: /* analyze: ANALYZE_SYM opt_no_write_to_binlog table_or_tables $@124 analyze_table_list */ @@ -38622,13 +38634,13 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1257: /* opt_persistent_stat_clause: %empty */ #line 8534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1258: /* opt_persistent_stat_clause: PERSISTENT_SYM FOR_SYM persistent_stat_spec */ @@ -38636,25 +38648,25 @@ { thd->lex->with_persistent_for_clause= TRUE; } -#line 38640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1259: /* persistent_stat_spec: ALL */ #line 8543 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1260: /* persistent_stat_spec: COLUMNS persistent_column_stat_spec INDEXES persistent_index_stat_spec */ #line 8545 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1261: /* persistent_column_stat_spec: ALL */ #line 8549 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1262: /* $@125: %empty */ @@ -38665,19 +38677,19 @@ if (unlikely(lex->column_list == NULL)) MYSQL_YYABORT; } -#line 38669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1263: /* persistent_column_stat_spec: '(' $@125 table_column_list ')' */ #line 8559 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 38675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1264: /* persistent_index_stat_spec: ALL */ #line 8563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1265: /* $@126: %empty */ @@ -38688,19 +38700,19 @@ if (unlikely(lex->index_list == NULL)) MYSQL_YYABORT; } -#line 38692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1266: /* persistent_index_stat_spec: '(' $@126 table_index_list ')' */ #line 8573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 38698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38710 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1267: /* table_column_list: %empty */ #line 8578 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1268: /* table_column_list: ident */ @@ -38709,7 +38721,7 @@ Lex->column_list->push_back((LEX_STRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 38713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1269: /* table_column_list: table_column_list ',' ident */ @@ -38718,13 +38730,13 @@ Lex->column_list->push_back((LEX_STRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 38722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1270: /* table_index_list: %empty */ #line 8593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1273: /* table_index_name: ident */ @@ -38734,7 +38746,7 @@ thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_STRING)), thd->mem_root); } -#line 38738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1274: /* table_index_name: PRIMARY_SYM */ @@ -38745,7 +38757,7 @@ thd->memdup(&str, sizeof(LEX_STRING)), thd->mem_root); } -#line 38749 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1275: /* binlog_base64_event: BINLOG_SYM TEXT_STRING_sys */ @@ -38756,7 +38768,7 @@ Lex->ident.str= NULL; Lex->ident.length= 0; } -#line 38760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1276: /* binlog_base64_event: BINLOG_SYM '@' ident_or_text ',' '@' ident_or_text */ @@ -38766,13 +38778,13 @@ Lex->comment= (yyvsp[-3].lex_str); Lex->ident= (yyvsp[0].lex_str); } -#line 38770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1278: /* $@127: %empty */ #line 8635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->table_type= TABLE_TYPE_VIEW; } -#line 38776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1280: /* $@128: %empty */ @@ -38786,7 +38798,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 38790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1281: /* check: CHECK_SYM $@128 check_view_or_table */ @@ -38800,79 +38812,79 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1282: /* opt_mi_check_type: %empty */ #line 8662 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags = T_MEDIUM; } -#line 38810 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1283: /* opt_mi_check_type: mi_check_types */ #line 8663 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1284: /* mi_check_types: mi_check_type */ #line 8667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1285: /* mi_check_types: mi_check_type mi_check_types */ #line 8668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 38828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1286: /* mi_check_type: QUICK */ #line 8672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_QUICK; } -#line 38834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1287: /* mi_check_type: FAST_SYM */ #line 8673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_FAST; } -#line 38840 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1288: /* mi_check_type: MEDIUM_SYM */ #line 8674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_MEDIUM; } -#line 38846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1289: /* mi_check_type: EXTENDED_SYM */ #line 8675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_EXTEND; } -#line 38852 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1290: /* mi_check_type: CHANGED */ #line 8676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.flags|= T_CHECK_ONLY_CHANGED; } -#line 38858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1291: /* mi_check_type: FOR_SYM UPGRADE_SYM */ #line 8677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 38864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1292: /* opt_view_check_type: %empty */ #line 8681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 38870 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1293: /* opt_view_check_type: FOR_SYM UPGRADE_SYM */ #line 8682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_opt.sql_flags|= TT_FOR_UPGRADE; } -#line 38876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1294: /* $@129: %empty */ @@ -38886,7 +38898,7 @@ /* Will be overridden during execution. */ YYPS->m_lock_type= TL_UNLOCK; } -#line 38890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1295: /* optimize: OPTIMIZE opt_no_write_to_binlog table_or_tables $@129 table_list opt_lock_wait_timeout */ @@ -38898,25 +38910,25 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 38902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1296: /* opt_no_write_to_binlog: %empty */ #line 8707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 38908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1297: /* opt_no_write_to_binlog: NO_WRITE_TO_BINLOG */ #line 8708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1298: /* opt_no_write_to_binlog: LOCAL_SYM */ #line 8709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 38920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1299: /* $@130: %empty */ @@ -38927,7 +38939,7 @@ if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 38931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38943 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1300: /* rename: RENAME table_or_tables opt_if_exists $@130 table_to_table_list */ @@ -38935,7 +38947,7 @@ { Lex->pop_select(); //main select } -#line 38939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1301: /* rename: RENAME USER_SYM clear_privileges rename_list */ @@ -38943,7 +38955,7 @@ { Lex->sql_command = SQLCOM_RENAME_USER; } -#line 38947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1302: /* rename_list: user TO_SYM user */ @@ -38953,7 +38965,7 @@ Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 38957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1303: /* rename_list: rename_list ',' user TO_SYM user */ @@ -38963,7 +38975,7 @@ Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 38967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1306: /* table_to_table: table_ident opt_lock_wait_timeout TO_SYM table_ident */ @@ -38979,7 +38991,7 @@ TL_IGNORE, MDL_EXCLUSIVE))) MYSQL_YYABORT; } -#line 38983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 38995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1307: /* $@131: %empty */ @@ -38987,7 +38999,7 @@ { Lex->alter_info.reset(); } -#line 38991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1308: /* keycache: CACHE_SYM INDEX_SYM $@131 keycache_list_or_parts IN_SYM key_cache_name */ @@ -38997,7 +39009,7 @@ lex->sql_command= SQLCOM_ASSIGN_TO_KEYCACHE; lex->ident= (yyvsp[0].lex_str); } -#line 39001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1313: /* assign_to_keycache: table_ident cache_keys_spec */ @@ -39009,7 +39021,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1314: /* assign_to_keycache_parts: table_ident adm_partition cache_keys_spec */ @@ -39021,19 +39033,19 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1315: /* key_cache_name: ident */ #line 8811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 39031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1316: /* key_cache_name: DEFAULT */ #line 8812 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str) = default_base; } -#line 39037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1317: /* $@132: %empty */ @@ -39045,7 +39057,7 @@ if (lex->main_select_push()) MYSQL_YYABORT; } -#line 39049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1318: /* preload: LOAD INDEX_SYM INTO CACHE_SYM $@132 preload_list_or_parts */ @@ -39053,7 +39065,7 @@ { Lex->pop_select(); //main select } -#line 39057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1323: /* preload_keys: table_ident cache_keys_spec opt_ignore_leaves */ @@ -39065,7 +39077,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1324: /* preload_keys_parts: table_ident adm_partition cache_keys_spec opt_ignore_leaves */ @@ -39077,7 +39089,7 @@ pop_index_hints()))) MYSQL_YYABORT; } -#line 39081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1325: /* $@133: %empty */ @@ -39085,7 +39097,7 @@ { Lex->alter_info.partition_flags|= ALTER_PARTITION_ADMIN; } -#line 39089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1327: /* $@134: %empty */ @@ -39095,25 +39107,25 @@ Select->set_index_hint_type(INDEX_HINT_USE, INDEX_HINT_MASK_ALL); } -#line 39099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1329: /* cache_key_list_or_empty: %empty */ #line 8880 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 39105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1331: /* opt_ignore_leaves: %empty */ #line 8886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 39111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39123 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1332: /* opt_ignore_leaves: IGNORE_SYM LEAVES */ #line 8887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_OPTION_IGNORE_LEAVES; } -#line 39117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1333: /* $@135: %empty */ @@ -39124,7 +39136,7 @@ (yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 39128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1334: /* select: query_expression_no_with_clause $@135 opt_procedure_or_into */ @@ -39135,7 +39147,7 @@ if (Lex->select_finalize((yyvsp[-2].select_lex_unit), (yyvsp[0].select_lock))) MYSQL_YYABORT; } -#line 39139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1335: /* $@136: %empty */ @@ -39146,7 +39158,7 @@ (yyvsp[0].select_lex_unit)->first_select())) MYSQL_YYABORT; } -#line 39150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1336: /* select: with_clause query_expression_no_with_clause $@136 opt_procedure_or_into */ @@ -39158,7 +39170,7 @@ if (Lex->select_finalize((yyvsp[-2].select_lex_unit), (yyvsp[0].select_lock))) MYSQL_YYABORT; } -#line 39162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1337: /* $@137: %empty */ @@ -39167,7 +39179,7 @@ if (Lex->push_select((yyvsp[0].select_lex))) MYSQL_YYABORT; } -#line 39171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1338: /* select_into: select_into_query_specification $@137 opt_order_limit_lock */ @@ -39181,7 +39193,7 @@ if (Lex->select_finalize(unit)) MYSQL_YYABORT; } -#line 39185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1339: /* $@138: %empty */ @@ -39190,7 +39202,7 @@ if (Lex->push_select((yyvsp[0].select_lex))) MYSQL_YYABORT; } -#line 39194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1340: /* select_into: with_clause select_into_query_specification $@138 opt_order_limit_lock */ @@ -39206,19 +39218,19 @@ if (Lex->select_finalize(unit)) MYSQL_YYABORT; } -#line 39210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1341: /* simple_table: query_specification */ #line 8964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 39216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1342: /* simple_table: table_value_constructor */ #line 8965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 39222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1343: /* $@139: %empty */ @@ -39227,7 +39239,7 @@ if (Lex->parsed_TVC_start()) MYSQL_YYABORT; } -#line 39231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1344: /* table_value_constructor: VALUES $@139 values_list */ @@ -39236,7 +39248,7 @@ if (!((yyval.select_lex)= Lex->parsed_TVC_end())) MYSQL_YYABORT; } -#line 39240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1345: /* $@140: %empty */ @@ -39249,7 +39261,7 @@ sel->init_select(); sel->braces= FALSE; } -#line 39253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39265 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1346: /* $@141: %empty */ @@ -39257,7 +39269,7 @@ { Select->parsing_place= SELECT_LIST; } -#line 39261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1347: /* query_specification_start: SELECT_SYM $@140 select_options $@141 select_item_list */ @@ -39265,7 +39277,7 @@ { Select->parsing_place= NO_MATTER; } -#line 39269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1348: /* query_specification: query_specification_start opt_from_clause opt_where_clause opt_group_clause opt_having_clause opt_window_clause */ @@ -39273,7 +39285,7 @@ { (yyval.select_lex)= Lex->pop_select(); } -#line 39277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1349: /* select_into_query_specification: query_specification_start into opt_from_clause opt_where_clause opt_group_clause opt_having_clause opt_window_clause */ @@ -39281,7 +39293,7 @@ { (yyval.select_lex)= Lex->pop_select(); } -#line 39285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1350: /* query_expression: query_expression_no_with_clause */ @@ -39290,7 +39302,7 @@ (yyvsp[0].select_lex_unit)->set_with_clause(NULL); (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 39294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1351: /* query_expression: with_clause query_expression_no_with_clause */ @@ -39300,19 +39312,19 @@ (yyvsp[-1].with_clause)->attach_to((yyvsp[0].select_lex_unit)->first_select()); (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 39304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1352: /* query_expression_no_with_clause: query_expression_body_ext */ #line 9098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 39310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1353: /* query_expression_no_with_clause: query_expression_body_ext_parens */ #line 9099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[0].select_lex_unit); } -#line 39316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1354: /* $@142: %empty */ @@ -39324,7 +39336,7 @@ MYSQL_YYABORT; } } -#line 39328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1355: /* query_expression_body_ext: query_expression_body $@142 opt_query_expression_tail */ @@ -39335,7 +39347,7 @@ else (yyval.select_lex_unit)= Lex->add_tail_to_query_expression_body((yyvsp[-2].select_lex_unit), (yyvsp[0].order_limit_lock)); } -#line 39339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39351 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1356: /* $@143: %empty */ @@ -39344,7 +39356,7 @@ Lex->push_select(!(yyvsp[0].select_lex_unit)->first_select()->next_select() ? (yyvsp[0].select_lex_unit)->first_select() : (yyvsp[0].select_lex_unit)->fake_select_lex); } -#line 39348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1357: /* query_expression_body_ext: query_expression_body_ext_parens $@143 query_expression_tail */ @@ -39353,13 +39365,13 @@ if (!((yyval.select_lex_unit)= Lex->add_tail_to_query_expression_body_ext_parens((yyvsp[-2].select_lex_unit), (yyvsp[0].order_limit_lock)))) MYSQL_YYABORT; } -#line 39357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1358: /* query_expression_body_ext_parens: '(' query_expression_body_ext_parens ')' */ #line 9142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex_unit)= (yyvsp[-1].select_lex_unit); } -#line 39363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39375 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1359: /* query_expression_body_ext_parens: '(' query_expression_body_ext ')' */ @@ -39370,7 +39382,7 @@ sel->braces= true; (yyval.select_lex_unit)= (yyvsp[-1].select_lex_unit); } -#line 39374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39386 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1360: /* query_expression_body: query_simple */ @@ -39380,7 +39392,7 @@ if (!((yyval.select_lex_unit)= Lex->create_unit((yyvsp[0].select_lex)))) MYSQL_YYABORT; } -#line 39384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1361: /* $@144: %empty */ @@ -39391,7 +39403,7 @@ Lex->pop_select(); } } -#line 39395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1362: /* query_expression_body: query_expression_body unit_type_decl $@144 query_primary */ @@ -39402,7 +39414,7 @@ (yyvsp[-2].unit_operation).distinct))) MYSQL_YYABORT; } -#line 39406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1363: /* query_expression_body: query_expression_body_ext_parens unit_type_decl query_primary */ @@ -39414,25 +39426,25 @@ (yyvsp[-1].unit_operation).distinct))) MYSQL_YYABORT; } -#line 39418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1364: /* query_primary: query_simple */ #line 9198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex); } -#line 39424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1365: /* query_primary: query_expression_body_ext_parens */ #line 9200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex_unit)->first_select(); } -#line 39430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1366: /* query_simple: simple_table */ #line 9209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lex)= (yyvsp[0].select_lex);} -#line 39436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1367: /* subselect: query_expression */ @@ -39441,7 +39453,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[0].select_lex_unit)))) MYSQL_YYABORT; } -#line 39445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1368: /* subquery: query_expression_body_ext_parens */ @@ -39454,7 +39466,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[0].select_lex_unit)))) MYSQL_YYABORT; } -#line 39458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1369: /* subquery: '(' with_clause query_expression_no_with_clause ')' */ @@ -39465,7 +39477,7 @@ if (!((yyval.select_lex)= Lex->parsed_subselect((yyvsp[-1].select_lex_unit)))) MYSQL_YYABORT; } -#line 39469 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1373: /* table_reference_list: join_table_list */ @@ -39475,7 +39487,7 @@ Select->context.first_name_resolution_table= Select->table_list.first; } -#line 39479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1376: /* select_options: select_option_list */ @@ -39485,7 +39497,7 @@ (Select->options & SELECT_ALL))) my_yyabort_error((ER_WRONG_USAGE, MYF(0), "ALL", "DISTINCT")); } -#line 39489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1377: /* opt_history_unit: %empty */ @@ -39493,7 +39505,7 @@ { (yyval.vers_range_unit)= VERS_TIMESTAMP; } -#line 39497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1378: /* opt_history_unit: TRANSACTION_SYM */ @@ -39501,7 +39513,7 @@ { (yyval.vers_range_unit)= VERS_TRX_ID; } -#line 39505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39517 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1379: /* opt_history_unit: TIMESTAMP */ @@ -39509,7 +39521,7 @@ { (yyval.vers_range_unit)= VERS_TIMESTAMP; } -#line 39513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1380: /* history_point: TIMESTAMP TEXT_STRING */ @@ -39522,7 +39534,7 @@ MYSQL_YYABORT; (yyval.vers_history_point)= Vers_history_point(VERS_TIMESTAMP, item); } -#line 39526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1381: /* history_point: function_call_keyword_timestamp */ @@ -39530,7 +39542,7 @@ { (yyval.vers_history_point)= Vers_history_point(VERS_TIMESTAMP, (yyvsp[0].item)); } -#line 39534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1382: /* history_point: opt_history_unit bit_expr */ @@ -39538,7 +39550,7 @@ { (yyval.vers_history_point)= Vers_history_point((yyvsp[-1].vers_range_unit), (yyvsp[0].item)); } -#line 39542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1383: /* for_portion_of_time_clause: FOR_SYM PORTION_SYM OF_SYM remember_tok_start ident FROM bit_expr TO_SYM bit_expr */ @@ -39554,7 +39566,7 @@ Vers_history_point(VERS_TIMESTAMP, (yyvsp[0].item)), Lex_ident_column((yyvsp[-4].ident_sys))); } -#line 39558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1384: /* opt_for_portion_of_time_clause: %empty */ @@ -39562,7 +39574,7 @@ { (yyval.num)= false; } -#line 39566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1385: /* opt_for_portion_of_time_clause: for_portion_of_time_clause */ @@ -39570,7 +39582,7 @@ { (yyval.num)= true; } -#line 39574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1386: /* opt_for_system_time_clause: %empty */ @@ -39578,7 +39590,7 @@ { (yyval.num)= false; } -#line 39582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1387: /* opt_for_system_time_clause: FOR_SYSTEM_TIME_SYM system_time_expr */ @@ -39586,7 +39598,7 @@ { (yyval.num)= true; } -#line 39590 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1388: /* system_time_expr: AS OF_SYM history_point */ @@ -39594,7 +39606,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_AS_OF, (yyvsp[0].vers_history_point)); } -#line 39598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1389: /* system_time_expr: ALL */ @@ -39602,7 +39614,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_ALL); } -#line 39606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1390: /* system_time_expr: FROM history_point TO_SYM history_point */ @@ -39610,7 +39622,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_FROM_TO, (yyvsp[-2].vers_history_point), (yyvsp[0].vers_history_point)); } -#line 39614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1391: /* system_time_expr: BETWEEN_SYM history_point AND_SYM history_point */ @@ -39618,7 +39630,7 @@ { Lex->vers_conditions.init(SYSTEM_TIME_BETWEEN, (yyvsp[-2].vers_history_point), (yyvsp[0].vers_history_point)); } -#line 39622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1395: /* select_option: SQL_NO_CACHE_SYM */ @@ -39631,7 +39643,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SQL_NO_CACHE")); Select->options|= OPTION_NO_QUERY_CACHE; } -#line 39635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1396: /* select_option: SQL_CACHE_SYM */ @@ -39644,7 +39656,7 @@ my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SQL_CACHE")); Select->options|= OPTION_TO_QUERY_CACHE; } -#line 39648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1397: /* select_lock_type: FOR_SYM UPDATE_SYM opt_lock_wait_timeout_new */ @@ -39654,7 +39666,7 @@ (yyval.select_lock).defined_lock= TRUE; (yyval.select_lock).update_lock= TRUE; } -#line 39658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1398: /* select_lock_type: LOCK_SYM IN_SYM SHARE_SYM MODE_SYM opt_lock_wait_timeout_new */ @@ -39664,7 +39676,7 @@ (yyval.select_lock).defined_lock= TRUE; (yyval.select_lock).update_lock= FALSE; } -#line 39668 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1399: /* opt_select_lock_type: %empty */ @@ -39672,7 +39684,7 @@ { (yyval.select_lock).empty(); } -#line 39676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1400: /* opt_select_lock_type: select_lock_type */ @@ -39680,7 +39692,7 @@ { (yyval.select_lock)= (yyvsp[0].select_lock); } -#line 39684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1401: /* opt_lock_wait_timeout_new: %empty */ @@ -39688,7 +39700,7 @@ { (yyval.select_lock).empty(); } -#line 39692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1402: /* opt_lock_wait_timeout_new: WAIT_SYM ulong_num */ @@ -39698,7 +39710,7 @@ (yyval.select_lock).defined_timeout= TRUE; (yyval.select_lock).timeout= (yyvsp[0].ulong_num); } -#line 39702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1403: /* opt_lock_wait_timeout_new: NOWAIT_SYM */ @@ -39708,7 +39720,7 @@ (yyval.select_lock).defined_timeout= TRUE; (yyval.select_lock).timeout= 0; } -#line 39712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1404: /* opt_lock_wait_timeout_new: SKIP_SYM LOCKED_SYM */ @@ -39718,7 +39730,7 @@ (yyval.select_lock).skip_locked= 1; Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SKIP_LOCKED); } -#line 39722 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39734 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1407: /* select_item_list: '*' */ @@ -39739,7 +39751,7 @@ MYSQL_YYABORT; correct_select->with_wild++; } -#line 39743 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1408: /* select_item: remember_name select_sublist_qualified_asterisk remember_end */ @@ -39748,7 +39760,7 @@ if (unlikely(add_item_to_list(thd, (yyvsp[-1].item)))) MYSQL_YYABORT; } -#line 39752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1409: /* select_item: remember_name expr remember_end select_alias */ @@ -39771,7 +39783,7 @@ (yyvsp[-2].item)->set_name(thd, (yyvsp[-3].simple_string), (uint) ((yyvsp[-1].simple_string) - (yyvsp[-3].simple_string)), thd->charset()); } } -#line 39775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1410: /* remember_tok_start: %empty */ @@ -39779,7 +39791,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_tok_start(); } -#line 39783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1411: /* remember_name: %empty */ @@ -39787,7 +39799,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_start(); } -#line 39791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1412: /* remember_end: %empty */ @@ -39795,7 +39807,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_end_rtrim(); } -#line 39799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1413: /* remember_cpp_ptr: %empty */ @@ -39803,7 +39815,7 @@ { (yyval.simple_string)= (char*) YYLIP->get_cpp_ptr(); } -#line 39807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1414: /* remember_start_opt: %empty */ @@ -39814,7 +39826,7 @@ else (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_start(); } -#line 39818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1415: /* remember_end_opt: %empty */ @@ -39825,7 +39837,7 @@ else (yyval.simple_string)= (char*) YYLIP->get_cpp_tok_end_rtrim(); } -#line 39829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1416: /* remember_lex: %empty */ @@ -39833,91 +39845,91 @@ { (yyval.lex)= thd->lex; } -#line 39837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1417: /* select_alias: %empty */ #line 9575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=null_clex_str;} -#line 39843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1418: /* select_alias: AS ident */ #line 9576 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 39849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1419: /* select_alias: AS TEXT_STRING_sys */ #line 9577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 39855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1420: /* select_alias: ident */ #line 9578 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 39861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1421: /* select_alias: TEXT_STRING_sys */ #line 9579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str); } -#line 39867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1422: /* opt_default_time_precision: %empty */ #line 9583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= NOT_FIXED_DEC; } -#line 39873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1423: /* opt_default_time_precision: '(' ')' */ #line 9584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= NOT_FIXED_DEC; } -#line 39879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1424: /* opt_default_time_precision: '(' real_ulong_num ')' */ #line 9585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].ulong_num); } -#line 39885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1425: /* opt_time_precision: %empty */ #line 9589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 39891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1426: /* opt_time_precision: '(' ')' */ #line 9590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 39897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1427: /* opt_time_precision: '(' real_ulong_num ')' */ #line 9591 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].ulong_num); } -#line 39903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1428: /* optional_braces: %empty */ #line 9595 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1429: /* optional_braces: '(' ')' */ #line 9596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 39915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1430: /* search_condition: expr */ #line 9600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { ((yyval.item)= (yyvsp[0].item))->base_flags|= item_base_t::IS_COND ; } -#line 39921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1431: /* expr: expr or expr */ @@ -39972,7 +39984,7 @@ MYSQL_YYABORT; } } -#line 39976 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1432: /* expr: expr XOR expr */ @@ -39983,7 +39995,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 39987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 39999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1433: /* expr: expr and expr */ @@ -40030,7 +40042,7 @@ MYSQL_YYABORT; } } -#line 40034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1434: /* expr: NOT_SYM expr */ @@ -40040,7 +40052,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1436: /* boolean_test: boolean_test IS TRUE_SYM */ @@ -40050,7 +40062,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1437: /* boolean_test: boolean_test IS not TRUE_SYM */ @@ -40060,7 +40072,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1438: /* boolean_test: boolean_test IS FALSE_SYM */ @@ -40070,7 +40082,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1439: /* boolean_test: boolean_test IS not FALSE_SYM */ @@ -40080,7 +40092,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1440: /* boolean_test: boolean_test IS UNKNOWN_SYM */ @@ -40090,7 +40102,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1441: /* boolean_test: boolean_test IS not UNKNOWN_SYM */ @@ -40100,7 +40112,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1442: /* boolean_test: boolean_test IS NULL_SYM */ @@ -40110,7 +40122,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1443: /* boolean_test: boolean_test IS not NULL_SYM */ @@ -40120,7 +40132,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1444: /* boolean_test: boolean_test EQUAL_SYM predicate */ @@ -40130,7 +40142,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1445: /* boolean_test: boolean_test comp_op predicate */ @@ -40140,7 +40152,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1446: /* boolean_test: boolean_test comp_op all_or_any '(' subselect ')' */ @@ -40150,7 +40162,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1448: /* predicate: predicate IN_SYM subquery */ @@ -40160,7 +40172,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 40164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1449: /* predicate: predicate not IN_SYM subquery */ @@ -40173,7 +40185,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 40177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1450: /* predicate: predicate IN_SYM '(' expr ')' */ @@ -40183,7 +40195,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1451: /* predicate: predicate IN_SYM '(' expr ',' expr_list ')' */ @@ -40195,7 +40207,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1452: /* predicate: predicate not IN_SYM '(' expr ')' */ @@ -40205,7 +40217,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1453: /* predicate: predicate not IN_SYM '(' expr ',' expr_list ')' */ @@ -40218,7 +40230,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 40222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1454: /* predicate: predicate BETWEEN_SYM predicate AND_SYM predicate */ @@ -40228,7 +40240,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1455: /* predicate: predicate not BETWEEN_SYM predicate AND_SYM predicate */ @@ -40240,7 +40252,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 40244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1456: /* predicate: predicate SOUNDS_SYM LIKE predicate */ @@ -40254,7 +40266,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1457: /* predicate: predicate LIKE predicate */ @@ -40264,7 +40276,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 40268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1458: /* predicate: predicate LIKE predicate ESCAPE_SYM predicate */ @@ -40275,7 +40287,7 @@ if (unlikely(!(yyval.item))) MYSQL_YYABORT; } -#line 40279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1459: /* predicate: predicate not LIKE predicate */ @@ -40286,7 +40298,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 40290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1460: /* predicate: predicate not LIKE predicate ESCAPE_SYM predicate */ @@ -40298,7 +40310,7 @@ MYSQL_YYABORT; (yyval.item)= item->neg_transformer(thd); } -#line 40302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1461: /* predicate: predicate REGEXP predicate */ @@ -40308,7 +40320,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1462: /* predicate: predicate not REGEXP predicate */ @@ -40321,7 +40333,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1464: /* bit_expr: bit_expr '|' bit_expr */ @@ -40331,7 +40343,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1465: /* bit_expr: bit_expr '&' bit_expr */ @@ -40341,7 +40353,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1466: /* bit_expr: bit_expr SHIFT_LEFT bit_expr */ @@ -40351,7 +40363,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1467: /* bit_expr: bit_expr SHIFT_RIGHT bit_expr */ @@ -40361,7 +40373,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1468: /* bit_expr: bit_expr ORACLE_CONCAT_SYM bit_expr */ @@ -40372,7 +40384,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40388 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1469: /* bit_expr: bit_expr '+' bit_expr */ @@ -40382,7 +40394,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40386 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40398 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1470: /* bit_expr: bit_expr '-' bit_expr */ @@ -40392,7 +40404,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1471: /* bit_expr: bit_expr '+' INTERVAL_SYM expr interval */ @@ -40402,7 +40414,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1472: /* bit_expr: bit_expr '-' INTERVAL_SYM expr interval */ @@ -40412,7 +40424,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1473: /* bit_expr: INTERVAL_SYM expr interval '+' expr */ @@ -40422,7 +40434,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1474: /* bit_expr: '+' INTERVAL_SYM expr interval '+' expr */ @@ -40432,7 +40444,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1475: /* bit_expr: '-' INTERVAL_SYM expr interval '+' expr */ @@ -40442,7 +40454,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1476: /* bit_expr: bit_expr '*' bit_expr */ @@ -40452,7 +40464,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1477: /* bit_expr: bit_expr '/' bit_expr */ @@ -40462,7 +40474,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1478: /* bit_expr: bit_expr '%' bit_expr */ @@ -40472,7 +40484,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40488 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1479: /* bit_expr: bit_expr DIV_SYM bit_expr */ @@ -40482,7 +40494,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40486 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1480: /* bit_expr: bit_expr MOD_SYM bit_expr */ @@ -40492,7 +40504,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1481: /* bit_expr: bit_expr '^' bit_expr */ @@ -40502,55 +40514,55 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1491: /* comp_op: '=' */ #line 10035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_eq_creator; } -#line 40512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1492: /* comp_op: GE */ #line 10036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_ge_creator; } -#line 40518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1493: /* comp_op: '>' */ #line 10037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_gt_creator; } -#line 40524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1494: /* comp_op: LE */ #line 10038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_le_creator; } -#line 40530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1495: /* comp_op: '<' */ #line 10039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_lt_creator; } -#line 40536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1496: /* comp_op: NE */ #line 10040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.boolfunc2creator) = &comp_ne_creator; } -#line 40542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1497: /* all_or_any: ALL */ #line 10044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 40548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1498: /* all_or_any: ANY_SYM */ #line 10045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 40554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1499: /* opt_dyncol_type: %empty */ @@ -40558,67 +40570,67 @@ { (yyval.Lex_dyncol_type).set(DYN_COL_NULL); /* automatic type */ } -#line 40562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1500: /* opt_dyncol_type: AS dyncol_type */ #line 10053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type)= (yyvsp[0].Lex_dyncol_type); } -#line 40568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1504: /* numeric_dyncol_type: INT_SYM */ #line 10063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_INT); } -#line 40574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1505: /* numeric_dyncol_type: UNSIGNED INT_SYM */ #line 10064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_UINT); } -#line 40580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1506: /* numeric_dyncol_type: DOUBLE_SYM */ #line 10065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 40586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1507: /* numeric_dyncol_type: REAL */ #line 10066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 40592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1508: /* numeric_dyncol_type: FLOAT_SYM */ #line 10067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DOUBLE); } -#line 40598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1509: /* numeric_dyncol_type: DECIMAL_SYM float_options */ #line 10068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DECIMAL, (yyvsp[0].Lex_length_and_dec)); } -#line 40604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1510: /* temporal_dyncol_type: DATE_SYM */ #line 10072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DATE); } -#line 40610 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1511: /* temporal_dyncol_type: TIME_SYM opt_field_scale */ #line 10073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_TIME, (yyvsp[0].Lex_length_and_dec)); } -#line 40616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1512: /* temporal_dyncol_type: DATETIME opt_field_scale */ #line 10074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_dyncol_type).set(DYN_COL_DATETIME, (yyvsp[0].Lex_length_and_dec)); } -#line 40622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1513: /* string_dyncol_type: char opt_binary */ @@ -40629,7 +40641,7 @@ (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 40633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1514: /* string_dyncol_type: nchar */ @@ -40637,7 +40649,7 @@ { (yyval.Lex_dyncol_type).set(DYN_COL_STRING, national_charset_info); } -#line 40641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1515: /* dyncall_create_element: expr ',' expr opt_dyncol_type */ @@ -40660,7 +40672,7 @@ else (yyval.dyncol_def)->len= 0; } -#line 40664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1516: /* dyncall_create_list: dyncall_create_element */ @@ -40671,7 +40683,7 @@ MYSQL_YYABORT; (yyval.dyncol_def_list)->push_back((yyvsp[0].dyncol_def), thd->mem_root); } -#line 40675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1517: /* dyncall_create_list: dyncall_create_list ',' dyncall_create_element */ @@ -40680,31 +40692,31 @@ (yyvsp[-2].dyncol_def_list)->push_back((yyvsp[0].dyncol_def), thd->mem_root); (yyval.dyncol_def_list)= (yyvsp[-2].dyncol_def_list); } -#line 40684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1518: /* plsql_cursor_attr: ISOPEN_SYM */ #line 10130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_ISOPEN; } -#line 40690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1519: /* plsql_cursor_attr: FOUND_SYM */ #line 10131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_FOUND; } -#line 40696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1520: /* plsql_cursor_attr: NOTFOUND_SYM */ #line 10132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_NOTFOUND; } -#line 40702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1521: /* plsql_cursor_attr: ROWCOUNT_SYM */ #line 10133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.plsql_cursor_attr)= PLSQL_CURSOR_ATTR_ROWCOUNT; } -#line 40708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1522: /* explicit_cursor_attr: ident PERCENT_ORACLE_SYM plsql_cursor_attr */ @@ -40713,61 +40725,61 @@ if (unlikely(!((yyval.item)= Lex->make_item_plsql_cursor_attr(thd, &(yyvsp[-2].ident_sys), (yyvsp[0].plsql_cursor_attr))))) MYSQL_YYABORT; } -#line 40717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1525: /* trim_operands_regular: expr */ #line 10151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[0].item)); } -#line 40723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1526: /* trim_operands_special: LEADING expr FROM expr */ #line 10155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_LEADING, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 40729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1527: /* trim_operands_special: TRAILING expr FROM expr */ #line 10156 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_TRAILING, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 40735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1528: /* trim_operands_special: BOTH expr FROM expr */ #line 10157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 40741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1529: /* trim_operands_special: LEADING FROM expr */ #line 10158 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_LEADING, (yyvsp[0].item)); } -#line 40747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1530: /* trim_operands_special: TRAILING FROM expr */ #line 10159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_TRAILING, (yyvsp[0].item)); } -#line 40753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1531: /* trim_operands_special: BOTH FROM expr */ #line 10160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[0].item)); } -#line 40759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1532: /* trim_operands_special: expr FROM expr */ #line 10161 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trim).set(TRIM_BOTH, (yyvsp[-2].item), (yyvsp[0].item)); } -#line 40765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1539: /* column_default_non_parenthesized_expr: param_marker */ #line 10199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item_param); } -#line 40771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1541: /* column_default_non_parenthesized_expr: sum_expr */ @@ -40779,7 +40791,7 @@ MYSQL_YYABORT; } } -#line 40783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1542: /* column_default_non_parenthesized_expr: window_func_expr */ @@ -40791,7 +40803,7 @@ MYSQL_YYABORT; } } -#line 40795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1544: /* column_default_non_parenthesized_expr: ROW_SYM '(' expr ',' expr_list ')' */ @@ -40802,7 +40814,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1545: /* column_default_non_parenthesized_expr: EXISTS '(' subselect ')' */ @@ -40812,7 +40824,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1546: /* column_default_non_parenthesized_expr: '{' ident expr '}' */ @@ -40821,7 +40833,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].item)->make_odbc_literal(thd, &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 40825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1547: /* column_default_non_parenthesized_expr: MATCH ident_list_arg AGAINST '(' bit_expr fulltext_options ')' */ @@ -40835,7 +40847,7 @@ Select->add_ftfunc_to_list(thd, i1); (yyval.item)= i1; } -#line 40839 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1548: /* column_default_non_parenthesized_expr: CAST_SYM '(' expr AS cast_type ')' */ @@ -40844,7 +40856,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].Lex_cast_type).create_typecast_item_or_error(thd, (yyvsp[-3].item))))) MYSQL_YYABORT; } -#line 40848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1549: /* column_default_non_parenthesized_expr: CASE_SYM when_list_opt_else END */ @@ -40853,7 +40865,7 @@ if (unlikely(!((yyval.item)= new(thd->mem_root) Item_func_case_searched(thd, *(yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 40857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1550: /* column_default_non_parenthesized_expr: CASE_SYM expr when_list_opt_else END */ @@ -40863,7 +40875,7 @@ if (unlikely(!((yyval.item)= new (thd->mem_root) Item_func_case_simple(thd, *(yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 40867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1551: /* column_default_non_parenthesized_expr: CONVERT_SYM '(' expr ',' cast_type ')' */ @@ -40872,7 +40884,7 @@ if (unlikely(!((yyval.item)= (yyvsp[-1].Lex_cast_type).create_typecast_item_or_error(thd, (yyvsp[-3].item))))) MYSQL_YYABORT; } -#line 40876 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1552: /* column_default_non_parenthesized_expr: CONVERT_SYM '(' expr USING charset_name ')' */ @@ -40884,7 +40896,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1553: /* column_default_non_parenthesized_expr: DEFAULT '(' simple_ident ')' */ @@ -40899,7 +40911,7 @@ MYSQL_YYABORT; Lex->default_used= TRUE; } -#line 40903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1554: /* column_default_non_parenthesized_expr: VALUE_SYM '(' simple_ident_nospvar ')' */ @@ -40910,7 +40922,7 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 40914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1555: /* column_default_non_parenthesized_expr: NEXT_SYM VALUE_SYM FOR_SYM table_ident */ @@ -40919,7 +40931,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_nextval(thd, (yyvsp[0].table))))) MYSQL_YYABORT; } -#line 40923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1556: /* column_default_non_parenthesized_expr: NEXTVAL_SYM '(' table_ident ')' */ @@ -40928,7 +40940,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_nextval(thd, (yyvsp[-1].table))))) MYSQL_YYABORT; } -#line 40932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40944 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1557: /* column_default_non_parenthesized_expr: PREVIOUS_SYM VALUE_SYM FOR_SYM table_ident */ @@ -40937,7 +40949,7 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_lastval(thd, (yyvsp[0].table))))) MYSQL_YYABORT; } -#line 40941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1558: /* column_default_non_parenthesized_expr: LASTVAL_SYM '(' table_ident ')' */ @@ -40946,155 +40958,161 @@ if (unlikely(!((yyval.item)= Lex->create_item_func_lastval(thd, (yyvsp[-1].table))))) MYSQL_YYABORT; } -#line 40950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1559: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ')' */ #line 10314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-3].table), (yyvsp[-1].longlong_hybrid_number), 0, - 1)))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-3].table), + Longlong_hybrid((yyvsp[-1].longlong_hybrid_number).num, (yyvsp[-1].longlong_hybrid_number).is_unsigned), + 0, 1)))) MYSQL_YYABORT; } -#line 40960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1560: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ')' */ -#line 10320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10322 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-5].table), (yyvsp[-3].longlong_hybrid_number), 0, - (yyvsp[-1].ulong_num))))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-5].table), + Longlong_hybrid((yyvsp[-3].longlong_hybrid_number).num, (yyvsp[-3].longlong_hybrid_number).is_unsigned), + 0, (yyvsp[-1].ulong_num))))) MYSQL_YYABORT; } -#line 40970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1561: /* column_default_non_parenthesized_expr: SETVAL_SYM '(' table_ident ',' sequence_value_hybrid_num ',' bool ',' ulonglong_num ')' */ -#line 10327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { - if (unlikely(!((yyval.item)= Lex->create_item_func_setval(thd, (yyvsp[-7].table), (yyvsp[-5].longlong_hybrid_number), (yyvsp[-1].ulonglong_number), - (yyvsp[-3].ulong_num))))) + if (unlikely(!((yyval.item)= Lex->create_item_func_setval( + thd, (yyvsp[-7].table), + Longlong_hybrid((yyvsp[-5].longlong_hybrid_number).num, (yyvsp[-5].longlong_hybrid_number).is_unsigned), + (yyvsp[-1].ulonglong_number), (yyvsp[-3].ulong_num))))) MYSQL_YYABORT; } -#line 40980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 40998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1564: /* primary_expr: '(' parenthesized_expr ')' */ -#line 10337 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10343 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[-1].item); } -#line 40986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1565: /* primary_expr: subquery */ -#line 10339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->create_item_query_expression(thd, (yyvsp[0].select_lex)->master_unit()))) MYSQL_YYABORT; } -#line 40995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1567: /* string_factor_expr: string_factor_expr COLLATE_SYM collation_name */ -#line 10348 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10354 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= new (thd->mem_root) Item_func_set_collation(thd, (yyvsp[-2].item), (yyvsp[0].Lex_extended_collation))))) MYSQL_YYABORT; } -#line 41005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1569: /* simple_expr: BINARY simple_expr */ -#line 10358 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Type_cast_attributes at(&my_charset_bin); if (unlikely(!((yyval.item)= type_handler_long_blob.create_typecast_item(thd, (yyvsp[0].item), at)))) MYSQL_YYABORT; } -#line 41015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1570: /* simple_expr: '+' simple_expr */ -#line 10364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 41023 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1571: /* simple_expr: '-' simple_expr */ -#line 10368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item)->neg(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1572: /* simple_expr: '~' simple_expr */ -#line 10374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_bit_neg(thd, (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1573: /* simple_expr: not2 simple_expr */ -#line 10380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= negate_expression(thd, (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1575: /* mysql_concatenation_expr: mysql_concatenation_expr MYSQL_CONCAT_SYM simple_expr */ -#line 10390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_concat(thd, (yyvsp[-2].item), (yyvsp[0].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1576: /* function_call_keyword_timestamp: TIMESTAMP '(' expr ')' */ -#line 10399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_datetime_typecast(thd, (yyvsp[-1].item), AUTO_SEC_PART_DIGITS); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41092 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1577: /* function_call_keyword_timestamp: TIMESTAMP '(' expr ',' expr ')' */ -#line 10406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_timestamp(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1578: /* function_call_keyword: CHAR_SYM '(' expr_list ')' */ -#line 10420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_char(thd, *(yyvsp[-1].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1579: /* function_call_keyword: CHAR_SYM '(' expr_list USING charset_name ')' */ -#line 10426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].charset)= thd->variables.character_set_collations. get_collation_for_charset(thd, (yyvsp[-1].charset)); @@ -41102,11 +41120,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1580: /* function_call_keyword: CURRENT_USER optional_braces */ -#line 10434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_user(thd, Lex->current_context()); @@ -41115,11 +41133,11 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 41119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1581: /* function_call_keyword: CURRENT_ROLE optional_braces */ -#line 10443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10449 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_role(thd, Lex->current_context()); @@ -41128,52 +41146,52 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 41132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1582: /* function_call_keyword: DATE_SYM '(' expr ')' */ -#line 10452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10458 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_typecast(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 41143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1583: /* function_call_keyword: DAY_SYM '(' expr ')' */ -#line 10459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_dayofmonth(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41153 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1584: /* function_call_keyword: HOUR_SYM '(' expr ')' */ -#line 10465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_hour(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41163 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41181 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1585: /* function_call_keyword: INSERT '(' expr ',' expr ',' expr ',' expr ')' */ -#line 10471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_insert(thd, (yyvsp[-7].item), (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1586: /* function_call_keyword: INTERVAL_SYM '(' expr ',' expr ')' */ -#line 10477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *list= new (thd->mem_root) List; if (unlikely(list == NULL)) @@ -41188,11 +41206,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1587: /* function_call_keyword: INTERVAL_SYM '(' expr ',' expr ',' expr_list ')' */ -#line 10492 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].item_list)->push_front((yyvsp[-3].item), thd->mem_root); (yyvsp[-1].item_list)->push_front((yyvsp[-5].item), thd->mem_root); @@ -41203,62 +41221,62 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1588: /* function_call_keyword: LEFT '(' expr ',' expr ')' */ -#line 10503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_left(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1589: /* function_call_keyword: MINUTE_SYM '(' expr ')' */ -#line 10509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_minute(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1590: /* function_call_keyword: MONTH_SYM '(' expr ')' */ -#line 10515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10521 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_month(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 41238 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1591: /* function_call_keyword: RIGHT '(' expr ',' expr ')' */ -#line 10522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_right(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1592: /* function_call_keyword: SECOND_SYM '(' expr ')' */ -#line 10528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_second(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1593: /* function_call_keyword: SQL_SYM PERCENT_ORACLE_SYM ROWCOUNT_SYM */ -#line 10534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_oracle_sql_rowcount(thd); if (unlikely((yyval.item) == NULL)) @@ -41266,11 +41284,11 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query= 0; } -#line 41270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1594: /* function_call_keyword: SESSION_USER_SYM '(' ')' */ -#line 10542 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_session_user(thd); if (unlikely((yyval.item) == NULL)) @@ -41278,40 +41296,40 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query=0; } -#line 41282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1595: /* function_call_keyword: TIME_SYM '(' expr ')' */ -#line 10550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_time_typecast(thd, (yyvsp[-1].item), AUTO_SEC_PART_DIGITS); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1596: /* function_call_keyword: function_call_keyword_timestamp */ -#line 10557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 41301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1597: /* function_call_keyword: TRIM '(' trim_operands ')' */ -#line 10561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_trim(thd, (yyvsp[-1].trim))))) MYSQL_YYABORT; } -#line 41311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41329 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1598: /* function_call_keyword: USER_SYM '(' ')' */ -#line 10567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_user(thd); if (unlikely((yyval.item) == NULL)) @@ -41319,370 +41337,370 @@ Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_SYSTEM_FUNCTION); Lex->safe_to_cache_query=0; } -#line 41323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1599: /* function_call_keyword: YEAR_SYM '(' expr ')' */ -#line 10575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10581 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_year(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->set_date_funcs_used_flag(); } -#line 41334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1602: /* substring_operands_regular: expr ',' expr ',' expr */ -#line 10590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-4].item), (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1603: /* substring_operands_regular: expr ',' expr */ -#line 10594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-2].item), (yyvsp[0].item)); } -#line 41350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1604: /* substring_operands_special: expr FROM expr FOR_SYM expr */ -#line 10601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-4].item), (yyvsp[-2].item), (yyvsp[0].item)); } -#line 41358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1605: /* substring_operands_special: expr FROM expr */ -#line 10605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10611 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.substring_spec)= Lex_substring_spec_st::init((yyvsp[-2].item), (yyvsp[0].item)); } -#line 41366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1606: /* function_call_nonkeyword: ADDDATE_SYM '(' expr ',' expr ')' */ -#line 10625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-3].item), (yyvsp[-1].item), INTERVAL_DAY, 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1607: /* function_call_nonkeyword: ADDDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10632 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1608: /* function_call_nonkeyword: CURDATE optional_braces */ -#line 10638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10644 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curdate_local(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41398 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1609: /* function_call_nonkeyword: CURTIME opt_time_precision */ -#line 10645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10651 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curtime_local(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1610: /* function_call_nonkeyword: DATE_ADD_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41419 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1611: /* function_call_nonkeyword: DATE_SUB_INTERVAL '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1612: /* function_call_nonkeyword: EXTRACT_SYM '(' interval FROM expr ')' */ -#line 10664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=new (thd->mem_root) Item_extract(thd, (yyvsp[-3].interval), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1613: /* function_call_nonkeyword: GET_FORMAT '(' date_time_type ',' expr ')' */ -#line 10670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_get_format(thd, (yyvsp[-3].date_time_type), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1614: /* function_call_nonkeyword: LOCALTIMESTAMP opt_time_precision */ -#line 10676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_now_local(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query= false; } -#line 41460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41478 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1615: /* function_call_nonkeyword: NOW_SYM opt_time_precision */ -#line 10683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_current_timestamp(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1616: /* function_call_nonkeyword: POSITION_SYM '(' bit_expr IN_SYM expr ')' */ -#line 10690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_locate(thd, (yyvsp[-1].item), (yyvsp[-3].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41499 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1617: /* function_call_nonkeyword: ROWNUM_SYM optional_braces */ -#line 10701 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_rownum(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1618: /* function_call_nonkeyword: SUBDATE_SYM '(' expr ',' expr ')' */ -#line 10707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-3].item), (yyvsp[-1].item), INTERVAL_DAY, 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1619: /* function_call_nonkeyword: SUBDATE_SYM '(' expr ',' INTERVAL_SYM expr interval ')' */ -#line 10714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-5].item), (yyvsp[-2].item), (yyvsp[-1].interval), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1620: /* function_call_nonkeyword: SUBSTRING '(' substring_operands ')' */ -#line 10720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_substr(thd, (yyvsp[-1].substring_spec))))) MYSQL_YYABORT; } -#line 41522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1621: /* function_call_nonkeyword: SYSDATE */ -#line 10727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_sysdate(thd, 0)))) MYSQL_YYABORT; } -#line 41531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1622: /* function_call_nonkeyword: SYSDATE '(' ')' */ -#line 10733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_sysdate(thd, 0)))) MYSQL_YYABORT; } -#line 41540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1623: /* function_call_nonkeyword: SYSDATE '(' real_ulong_num ')' */ -#line 10738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_sysdate(thd, (uint) (yyvsp[-1].ulong_num))))) MYSQL_YYABORT; } -#line 41549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41567 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1624: /* function_call_nonkeyword: TIMESTAMP_ADD '(' interval_time_stamp ',' expr ',' expr ')' */ -#line 10743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_date_add_interval(thd, (yyvsp[-1].item), (yyvsp[-3].item), (yyvsp[-5].interval_time_st), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1625: /* function_call_nonkeyword: TIMESTAMP_DIFF '(' interval_time_stamp ',' expr ',' expr ')' */ -#line 10749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_timestamp_diff(thd, (yyvsp[-3].item), (yyvsp[-1].item), (yyvsp[-5].interval_time_st)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1626: /* function_call_nonkeyword: TRIM_ORACLE '(' trim_operands ')' */ -#line 10755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= (yyvsp[-1].trim).make_item_func_trim_oracle(thd)))) MYSQL_YYABORT; } -#line 41578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1627: /* function_call_nonkeyword: UTC_DATE_SYM optional_braces */ -#line 10760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curdate_utc(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1628: /* function_call_nonkeyword: UTC_TIME_SYM opt_time_precision */ -#line 10767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_curtime_utc(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41618 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1629: /* function_call_nonkeyword: UTC_TIMESTAMP_SYM opt_time_precision */ -#line 10774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_now_utc(thd, (yyvsp[0].num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; Lex->safe_to_cache_query=0; } -#line 41611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1630: /* function_call_nonkeyword: COLUMN_ADD_SYM '(' expr ',' dyncall_create_list ')' */ -#line 10782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_add(thd, (yyvsp[-3].item), *(yyvsp[-1].dyncol_def_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1631: /* function_call_nonkeyword: COLUMN_DELETE_SYM '(' expr ',' expr_list ')' */ -#line 10789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_delete(thd, (yyvsp[-3].item), *(yyvsp[-1].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1632: /* function_call_nonkeyword: COLUMN_CREATE_SYM '(' dyncall_create_list ')' */ -#line 10796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_create(thd, *(yyvsp[-1].dyncol_def_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41641 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41659 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1633: /* function_call_nonkeyword: COLUMN_GET_SYM '(' expr ',' expr AS cast_type ')' */ -#line 10803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= create_func_dyncol_get(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].Lex_cast_type).type_handler(), (yyvsp[-1].Lex_cast_type), (yyvsp[-1].Lex_cast_type).charset()); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1634: /* function_call_conflict: ASCII_SYM '(' expr ')' */ -#line 10818 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_ascii(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1635: /* function_call_conflict: CHARSET '(' expr ')' */ -#line 10824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_charset(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1636: /* function_call_conflict: IF_SYM '(' expr ',' expr ',' expr ')' */ -#line 10830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_if(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1637: /* function_call_conflict: LAST_VALUE '(' expr ')' */ -#line 10839 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *list= new (thd->mem_root) List; if (unlikely(list == NULL)) @@ -41693,32 +41711,32 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1638: /* function_call_conflict: LAST_VALUE '(' expr_list ',' expr ')' */ -#line 10850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-3].item_list)->push_back((yyvsp[-1].item), thd->mem_root); (yyval.item)= new (thd->mem_root) Item_func_last_value(thd, *(yyvsp[-3].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1639: /* function_call_conflict: MOD_SYM '(' expr ',' expr ')' */ -#line 10857 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_mod(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1640: /* function_call_conflict: PASSWORD_SYM '(' expr ')' */ -#line 10863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10869 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item* i1; i1= new (thd->mem_root) Item_func_password(thd, (yyvsp[-1].item)); @@ -41726,51 +41744,51 @@ MYSQL_YYABORT; (yyval.item)= i1; } -#line 41730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1641: /* function_call_conflict: REPEAT_SYM '(' expr ',' expr ')' */ -#line 10871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_repeat(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41740 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1642: /* function_call_conflict: REPLACE '(' expr ',' expr ',' expr ')' */ -#line 10877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Schema::find_implied(thd)-> make_item_func_replace(thd, (yyvsp[-5].item), (yyvsp[-3].item), (yyvsp[-1].item))))) MYSQL_YYABORT; } -#line 41750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41768 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1643: /* function_call_conflict: TRUNCATE_SYM '(' expr ',' expr ')' */ -#line 10883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_round(thd, (yyvsp[-3].item), (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1644: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr opt_ws_levels ')' */ -#line 10889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-2].item), 0, 0, (yyvsp[-1].ulong_num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1645: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr AS CHAR_SYM ws_nweights opt_ws_levels ')' */ -#line 10895 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-5].item), 0, (yyvsp[-2].ulong_num), @@ -41778,11 +41796,11 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1646: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr AS BINARY ws_nweights ')' */ -#line 10903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *item= new (thd->mem_root) Item_char_typecast(thd, (yyvsp[-4].item), (yyvsp[-1].ulong_num), &my_charset_bin); @@ -41794,22 +41812,22 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1647: /* function_call_conflict: WEIGHT_STRING_SYM '(' expr ',' ulong_num ',' ulong_num ',' ulong_num ')' */ -#line 10915 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10921 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_func_weight_string(thd, (yyvsp[-7].item), (yyvsp[-5].ulong_num), (yyvsp[-3].ulong_num), (yyvsp[-1].ulong_num)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 41809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1648: /* @145: %empty */ -#line 10934 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10940 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { #ifdef HAVE_DLOPEN udf_func *udf= 0; @@ -41828,11 +41846,11 @@ (yyval.udf)= udf; #endif } -#line 41832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1649: /* function_call_generic: ident_func '(' @145 opt_udf_expr_list ')' */ -#line 10953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 10959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { const Type_handler *h; Create_func *builder; @@ -41895,172 +41913,172 @@ if (unlikely(! ((yyval.item)= item))) MYSQL_YYABORT; } -#line 41899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1650: /* function_call_generic: CONTAINS_SYM '(' opt_expr_list ')' */ -#line 11016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11022 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 41909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1651: /* function_call_generic: OVERLAPS_SYM '(' opt_expr_list ')' */ -#line 11022 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 41919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1652: /* function_call_generic: WITHIN '(' opt_expr_list ')' */ -#line 11028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.item)= Lex->make_item_func_call_native_or_parse_error(thd, (yyvsp[-3].kwd), (yyvsp[-1].item_list)))) MYSQL_YYABORT; } -#line 41929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1653: /* function_call_generic: ident_cli '.' ident_cli '(' opt_expr_list ')' */ -#line 11034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_call_generic(thd, &(yyvsp[-5].ident_cli), &(yyvsp[-3].ident_cli), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1654: /* function_call_generic: ident_cli '.' ident_cli '.' ident_cli '(' opt_expr_list ')' */ -#line 11039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_call_generic(thd, &(yyvsp[-7].ident_cli), &(yyvsp[-5].ident_cli), &(yyvsp[-3].ident_cli), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1655: /* function_call_generic: ident_cli '.' REPLACE '(' opt_expr_list ')' */ -#line 11044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_replace(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1656: /* function_call_generic: ident_cli '.' SUBSTRING '(' opt_expr_list ')' */ -#line 11049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_substr(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1657: /* function_call_generic: ident_cli '.' SUBSTRING '(' substring_operands_special ')' */ -#line 11054 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_substr(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].substring_spec))))) MYSQL_YYABORT; } -#line 41974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 41992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1658: /* function_call_generic: ident_cli '.' TRIM '(' opt_expr_list ')' */ -#line 11059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_trim(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].item_list))))) MYSQL_YYABORT; } -#line 41983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1659: /* function_call_generic: ident_cli '.' TRIM '(' trim_operands_special ')' */ -#line 11064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_func_trim(thd, (yyvsp[-5].ident_cli), (yyvsp[-3].kwd), (yyvsp[-1].trim))))) MYSQL_YYABORT; } -#line 41992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1660: /* fulltext_options: opt_natural_language_mode opt_query_expansion */ -#line 11084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].num) | (yyvsp[0].num); } -#line 41998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1661: /* fulltext_options: IN_SYM BOOLEAN_SYM MODE_SYM */ -#line 11086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11092 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_BOOL; } -#line 42004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1662: /* opt_natural_language_mode: %empty */ -#line 11090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_NL; } -#line 42010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1663: /* opt_natural_language_mode: IN_SYM NATURAL LANGUAGE_SYM MODE_SYM */ -#line 11091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_NL; } -#line 42016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1664: /* opt_query_expansion: %empty */ -#line 11095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 42022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1665: /* opt_query_expansion: WITH QUERY_SYM EXPANSION_SYM */ -#line 11096 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11102 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= FT_EXPAND; } -#line 42028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1666: /* opt_udf_expr_list: %empty */ -#line 11100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 42034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1667: /* opt_udf_expr_list: udf_expr_list */ -#line 11101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11107 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list); } -#line 42040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1668: /* udf_expr_list: udf_expr */ -#line 11106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL)) MYSQL_YYABORT; (yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root); } -#line 42051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1669: /* udf_expr_list: udf_expr_list ',' udf_expr */ -#line 11113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11119 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 42060 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1670: /* udf_expr: remember_name expr remember_end select_alias */ -#line 11121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Use Item::name as a storage for the attribute value of user @@ -42084,61 +42102,61 @@ (yyvsp[-2].item)->set_name(thd, (yyvsp[-3].simple_string), (uint) ((yyvsp[-1].simple_string) - (yyvsp[-3].simple_string)), thd->charset()); (yyval.item)= (yyvsp[-2].item); } -#line 42088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1671: /* sum_expr: AVG_SYM '(' in_sum_expr ')' */ -#line 11148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_avg(thd, (yyvsp[-1].item), FALSE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1672: /* sum_expr: AVG_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_avg(thd, (yyvsp[-1].item), TRUE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1673: /* sum_expr: BIT_AND '(' in_sum_expr ')' */ -#line 11160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_and(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1674: /* sum_expr: BIT_OR '(' in_sum_expr ')' */ -#line 11166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_or(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1675: /* sum_expr: BIT_XOR '(' in_sum_expr ')' */ -#line 11172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_xor(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1676: /* sum_expr: COUNT_SYM '(' opt_all '*' ')' */ -#line 11178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *item= new (thd->mem_root) Item_int(thd, (int32) 0L, 1); if (unlikely(item == NULL)) @@ -42147,149 +42165,149 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1677: /* sum_expr: COUNT_SYM '(' in_sum_expr ')' */ -#line 11187 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_count(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1678: /* $@146: %empty */ -#line 11193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 42167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1679: /* $@147: %empty */ -#line 11195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr--; } -#line 42173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1680: /* sum_expr: COUNT_SYM '(' DISTINCT $@146 expr_list $@147 ')' */ -#line 11197 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_count(thd, *(yyvsp[-2].item_list)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1681: /* sum_expr: MIN_SYM '(' in_sum_expr ')' */ -#line 11203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_min(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42193 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1682: /* sum_expr: MIN_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_min(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1683: /* sum_expr: MAX_SYM '(' in_sum_expr ')' */ -#line 11220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11226 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_max(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1684: /* sum_expr: MAX_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11226 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_max(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1685: /* sum_expr: STD_SYM '(' in_sum_expr ')' */ -#line 11232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_std(thd, (yyvsp[-1].item), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1686: /* sum_expr: VARIANCE_SYM '(' in_sum_expr ')' */ -#line 11238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_variance(thd, (yyvsp[-1].item), 0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1687: /* sum_expr: STDDEV_SAMP_SYM '(' in_sum_expr ')' */ -#line 11244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_std(thd, (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1688: /* sum_expr: VAR_SAMP_SYM '(' in_sum_expr ')' */ -#line 11250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_variance(thd, (yyvsp[-1].item), 1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1689: /* sum_expr: SUM_SYM '(' in_sum_expr ')' */ -#line 11256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_sum(thd, (yyvsp[-1].item), FALSE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1690: /* sum_expr: SUM_SYM '(' DISTINCT in_sum_expr ')' */ -#line 11262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_sum(thd, (yyvsp[-1].item), TRUE); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1691: /* $@148: %empty */ -#line 11268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 42289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1692: /* sum_expr: GROUP_CONCAT_SYM '(' opt_distinct $@148 expr_list opt_gorder_clause opt_gconcat_separator opt_glimit_clause ')' */ -#line 11272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11278 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->in_sum_expr--; @@ -42305,17 +42323,17 @@ (yyvsp[-4].item_list)->empty(); sel->gorder_list.empty(); } -#line 42309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1693: /* $@149: %empty */ -#line 11288 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 42315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1694: /* sum_expr: JSON_ARRAYAGG_SYM '(' opt_distinct $@149 expr_list opt_gorder_clause opt_glimit_clause ')' */ -#line 11291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; List *args= (yyvsp[-3].item_list); @@ -42342,17 +42360,17 @@ (yyvsp[-3].item_list)->empty(); sel->gorder_list.empty(); } -#line 42346 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1695: /* $@150: %empty */ -#line 11318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr++; } -#line 42352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42370 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1696: /* sum_expr: JSON_OBJECTAGG_SYM '(' $@150 expr ',' expr ')' */ -#line 11320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11326 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->in_sum_expr--; @@ -42361,23 +42379,23 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1697: /* window_func_expr: window_func OVER_SYM window_name */ -#line 11332 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_window_func(thd, (Item_sum *) (yyvsp[-2].item), (yyvsp[0].lex_str_ptr)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 42377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1698: /* window_func_expr: window_func OVER_SYM window_spec */ -#line 11341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11347 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_spec(thd, lex->win_ref, @@ -42389,14 +42407,14 @@ thd->lex->win_spec); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 42396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1701: /* window_func: function_call_generic */ -#line 11363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item* item = (Item*)(yyvsp[0].item); /* Only UDF aggregate here possible */ @@ -42408,101 +42426,101 @@ MYSQL_YYABORT; } } -#line 42412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1702: /* simple_window_func: ROW_NUMBER_SYM '(' ')' */ -#line 11378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_row_number(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1703: /* simple_window_func: RANK_SYM '(' ')' */ -#line 11385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1704: /* simple_window_func: DENSE_RANK_SYM '(' ')' */ -#line 11392 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11398 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_dense_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1705: /* simple_window_func: PERCENT_RANK_SYM '(' ')' */ -#line 11399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percent_rank(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1706: /* simple_window_func: CUME_DIST_SYM '(' ')' */ -#line 11406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_cume_dist(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1707: /* simple_window_func: NTILE_SYM '(' expr ')' */ -#line 11413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11419 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_ntile(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1708: /* simple_window_func: FIRST_VALUE_SYM '(' expr ')' */ -#line 11420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_first_value(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1709: /* simple_window_func: LAST_VALUE '(' expr ')' */ -#line 11427 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_last_value(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1710: /* simple_window_func: NTH_VALUE_SYM '(' expr ',' expr ')' */ -#line 11434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_nth_value(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1711: /* simple_window_func: LEAD_SYM '(' expr ')' */ -#line 11441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* No second argument defaults to 1. */ Item* item_offset= new (thd->mem_root) Item_uint(thd, 1); @@ -42512,21 +42530,21 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1712: /* simple_window_func: LEAD_SYM '(' expr ',' expr ')' */ -#line 11452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11458 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_lead(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42526 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42544 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1713: /* simple_window_func: LAG_SYM '(' expr ')' */ -#line 11459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* No second argument defaults to 1. */ Item* item_offset= new (thd->mem_root) Item_uint(thd, 1); @@ -42536,21 +42554,21 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1714: /* simple_window_func: LAG_SYM '(' expr ',' expr ')' */ -#line 11470 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_lag(thd, (yyvsp[-3].item), (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42550 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1715: /* inverse_distribution_function: percentile_function OVER_SYM '(' opt_window_partition_clause ')' */ -#line 11482 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11488 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_spec(thd, lex->win_ref, @@ -42562,28 +42580,28 @@ thd->lex->win_spec); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; - if (unlikely(Select->add_window_func((Item_window_func *) (yyval.item)))) + if (unlikely(Select->add_window_func(thd, (Item_window_func *) (yyval.item)))) MYSQL_YYABORT; } -#line 42569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1716: /* $@151: %empty */ -#line 11500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->prepare_add_window_spec(thd); } -#line 42575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1717: /* percentile_function: inverse_distribution_function_def WITHIN GROUP_SYM '(' $@151 order_by_single_element_list ')' */ -#line 11502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[-6].item); } -#line 42583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1718: /* percentile_function: MEDIAN_SYM '(' expr ')' */ -#line 11506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11512 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *args= new (thd->mem_root) Item_decimal(thd, "0.5", 3, thd->charset()); @@ -42597,67 +42615,67 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1719: /* inverse_distribution_function_def: PERCENTILE_CONT_SYM '(' expr ')' */ -#line 11523 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percentile_cont(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1720: /* inverse_distribution_function_def: PERCENTILE_DISC_SYM '(' expr ')' */ -#line 11529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11535 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_sum_percentile_disc(thd, (yyvsp[-1].item)); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 42621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1721: /* order_by_single_element_list: ORDER_SYM BY order_ident order_dir */ -#line 11538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_order_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 42630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1722: /* window_name: ident */ -#line 11547 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11553 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (LEX_CSTRING *) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)); if (unlikely((yyval.lex_str_ptr) == NULL)) MYSQL_YYABORT; } -#line 42640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1723: /* $@152: %empty */ -#line 11556 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(! Lex->parsing_options.allows_variable)) my_yyabort_error((ER_VIEW_SELECT_VARIABLE, MYF(0))); } -#line 42649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1724: /* variable: '@' $@152 variable_aux */ -#line 11561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11567 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 42657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1725: /* variable_aux: ident_or_text SET_VAR expr */ -#line 11568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item_func_set_user_var *item; if (!(yyvsp[-2].lex_str).length) @@ -42672,11 +42690,11 @@ lex->uncacheable(UNCACHEABLE_SIDEEFFECT); lex->set_var_list.push_back(item, thd->mem_root); } -#line 42676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1726: /* variable_aux: ident_or_text */ -#line 11583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -42689,103 +42707,103 @@ LEX *lex= Lex; lex->uncacheable(UNCACHEABLE_SIDEEFFECT); } -#line 42693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1727: /* variable_aux: '@' opt_var_ident_type ident_sysvar_name */ -#line 11596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_sysvar(thd, (yyvsp[-1].var_type), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 42702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1728: /* variable_aux: '@' opt_var_ident_type ident_sysvar_name '.' ident */ -#line 11601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_sysvar(thd, (yyvsp[-3].var_type), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 42711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1729: /* opt_distinct: %empty */ -#line 11608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 42717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1730: /* opt_distinct: DISTINCT */ -#line 11609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 42723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1731: /* opt_gconcat_separator: %empty */ -#line 11614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= new (thd->mem_root) String(",", 1, &my_charset_latin1); if (unlikely((yyval.string) == NULL)) MYSQL_YYABORT; } -#line 42733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1732: /* opt_gconcat_separator: SEPARATOR_SYM text_string */ -#line 11619 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string) = (yyvsp[0].string); } -#line 42739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1735: /* gorder_list: gorder_list ',' order_ident order_dir */ -#line 11629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_gorder_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 42748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1736: /* gorder_list: order_ident order_dir */ -#line 11634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_gorder_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 42757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1737: /* opt_glimit_clause: %empty */ -#line 11641 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11647 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 42763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1738: /* opt_glimit_clause: glimit_clause */ -#line 11642 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 42769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1739: /* glimit_clause: LIMIT glimit_options */ -#line 11648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11654 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 42777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1740: /* glimit_options: limit_options */ -#line 11655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11661 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->limit_params= (yyvsp[0].select_limit); } -#line 42785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1741: /* $@153: %empty */ -#line 11664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->current_select->inc_in_sum_expr())) @@ -42794,224 +42812,224 @@ MYSQL_YYABORT; } } -#line 42798 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42816 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1742: /* in_sum_expr: opt_all $@153 expr */ -#line 11673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->in_sum_expr--; (yyval.item)= (yyvsp[0].item); } -#line 42807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1743: /* cast_type: BINARY opt_field_length */ -#line 11681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[0].Lex_length_and_dec), &my_charset_bin); } -#line 42813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1744: /* cast_type: CHAR_SYM opt_field_length opt_binary */ -#line 11683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 42824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1745: /* cast_type: VARCHAR field_length opt_binary */ -#line 11690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 42835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1746: /* cast_type: VARCHAR2_ORACLE_SYM field_length opt_binary */ -#line 11697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11703 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[-1].Lex_length_and_dec), thd, thd->variables.character_set_collations, (yyvsp[0].Lex_exact_charset_extended_collation_attrs), thd->variables.collation_connection)) MYSQL_YYABORT; } -#line 42846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1747: /* cast_type: NCHAR_SYM opt_field_length */ -#line 11704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_long_blob, (yyvsp[0].Lex_length_and_dec), national_charset_info); } -#line 42854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1748: /* cast_type: cast_type_numeric */ -#line 11707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type)= (yyvsp[0].Lex_cast_type); } -#line 42860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1749: /* cast_type: cast_type_temporal */ -#line 11708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type)= (yyvsp[0].Lex_cast_type); } -#line 42866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1750: /* cast_type: udt_name */ -#line 11710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_cast_type_udt(&(yyval.Lex_cast_type), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 42875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1751: /* cast_type_numeric: INT_SYM */ -#line 11717 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 42881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1752: /* cast_type_numeric: SIGNED_SYM */ -#line 11718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 42887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1753: /* cast_type_numeric: SIGNED_SYM INT_SYM */ -#line 11719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11725 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_slonglong); } -#line 42893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1754: /* cast_type_numeric: UNSIGNED */ -#line 11720 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_ulonglong); } -#line 42899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1755: /* cast_type_numeric: UNSIGNED INT_SYM */ -#line 11721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_ulonglong); } -#line 42905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1756: /* cast_type_numeric: DECIMAL_SYM float_options */ -#line 11722 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_newdecimal, (yyvsp[0].Lex_length_and_dec)); } -#line 42911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1757: /* cast_type_numeric: FLOAT_SYM */ -#line 11723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_float); } -#line 42917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1758: /* cast_type_numeric: DOUBLE_SYM opt_precision */ -#line 11724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_double, (yyvsp[0].Lex_length_and_dec)); } -#line 42923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1759: /* cast_type_temporal: DATE_SYM */ -#line 11728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_newdate); } -#line 42929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1760: /* cast_type_temporal: TIME_SYM opt_field_scale */ -#line 11729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11735 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_time2, (yyvsp[0].Lex_length_and_dec)); } -#line 42935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1761: /* cast_type_temporal: DATETIME opt_field_scale */ -#line 11730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11736 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_datetime2, (yyvsp[0].Lex_length_and_dec)); } -#line 42941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1762: /* cast_type_temporal: INTERVAL_SYM DAY_SECOND_SYM field_scale */ -#line 11732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.Lex_cast_type).set(&type_handler_interval_DDhhmmssff, (yyvsp[0].Lex_length_and_dec)); } -#line 42949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1763: /* opt_expr_list: %empty */ -#line 11738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= NULL; } -#line 42955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1764: /* opt_expr_list: expr_list */ -#line 11739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list);} -#line 42961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1765: /* expr_list: expr */ -#line 11744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11750 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_list)= List::make(thd->mem_root, (yyvsp[0].item))))) MYSQL_YYABORT; } -#line 42970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1766: /* expr_list: expr_list ',' expr */ -#line 11749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 42979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 42997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1767: /* ident_list_arg: ident_list */ -#line 11756 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[0].item_list); } -#line 42985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1768: /* ident_list_arg: '(' ident_list ')' */ -#line 11757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= (yyvsp[-1].item_list); } -#line 42991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1769: /* ident_list: simple_ident */ -#line 11762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL) || unlikely((yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 43002 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1770: /* ident_list: ident_list ',' simple_ident */ -#line 11769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root); (yyval.item_list)= (yyvsp[-2].item_list); } -#line 43011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1771: /* when_list: WHEN_SYM expr THEN_SYM expr */ -#line 11777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_list)= new (thd->mem_root) List; if (unlikely((yyval.item_list) == NULL)) @@ -43020,38 +43038,38 @@ (yyval.item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 43024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43042 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1772: /* when_list: when_list WHEN_SYM expr THEN_SYM expr */ -#line 11786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-4].item_list)->push_back((yyvsp[-2].item), thd->mem_root) || (yyvsp[-4].item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; (yyval.item_list)= (yyvsp[-4].item_list); } -#line 43035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1774: /* when_list_opt_else: when_list ELSE expr */ -#line 11797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-2].item_list)->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; (yyval.item_list)= (yyvsp[-2].item_list); } -#line 43045 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1775: /* table_ref: table_factor */ -#line 11807 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11813 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43051 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1776: /* table_ref: join_table */ -#line 11809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11815 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->current_select->table_list.elements > MAX_TABLES) { @@ -43064,37 +43082,37 @@ MYSQL_YYABORT; } } -#line 43068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1779: /* json_text_literal: UNDERSCORE_CHARSET TEXT_STRING */ -#line 11827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11833 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_string_with_metadata)= (yyvsp[0].lex_string_with_metadata); } -#line 43076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1780: /* join_table_list: derived_table_list */ -#line 11833 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11839 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyval.table_list)=(yyvsp[0].table_list)); } -#line 43082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1781: /* json_table_columns_clause: COLUMNS '(' json_table_columns_list ')' */ -#line 11838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1783: /* json_table_columns_list: json_table_columns_list ',' json_table_column */ -#line 11844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1784: /* $@154: %empty */ -#line 11849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11855 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Create_field *f= new (thd->mem_root) Create_field(); @@ -43113,11 +43131,11 @@ lex->init_last_field(f, &(yyvsp[0].ident_sys)); } -#line 43117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1785: /* json_table_column: ident $@154 json_table_column_type */ -#line 11868 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11874 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(lex->json_table-> @@ -43126,11 +43144,11 @@ lex->json_table->m_columns.push_back( lex->json_table->m_cur_json_table_column, thd->mem_root); } -#line 43130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1786: /* $@155: %empty */ -#line 11877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Json_table_nested_path *np= new (thd->mem_root) @@ -43138,20 +43156,20 @@ np->set_path(thd, (yyvsp[0].lex_string_with_metadata)); lex->json_table->start_nested_path(np); } -#line 43142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1787: /* json_table_column: NESTED_SYM PATH_SYM json_text_literal $@155 json_table_columns_clause */ -#line 11885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->json_table->end_nested_path(); } -#line 43151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43169 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1788: /* json_table_column_type: FOR_SYM ORDINALITY_SYM */ -#line 11893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_field_type_st type; type.set(&type_handler_slong); @@ -43160,11 +43178,11 @@ Lex->json_table->m_cur_json_table_column-> set(Json_table_column::FOR_ORDINALITY); } -#line 43164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1789: /* json_table_column_type: json_table_field_type PATH_SYM json_text_literal json_opt_on_empty_or_error */ -#line 11903 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attributes(thd, (yyvsp[-3].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); @@ -43175,11 +43193,11 @@ MYSQL_YYABORT; } } -#line 43179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1790: /* json_table_column_type: json_table_field_type EXISTS PATH_SYM json_text_literal */ -#line 11914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11920 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->last_field->set_attributes(thd, (yyvsp[-3].Lex_field_type), COLUMN_DEFINITION_TABLE_FIELD); @@ -43188,68 +43206,68 @@ (yyvsp[-3].Lex_field_type).charset_collation_attrs())) MYSQL_YYABORT; } -#line 43192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1795: /* json_opt_on_empty_or_error: %empty */ -#line 11933 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11939 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1802: /* json_on_response: ERROR_SYM */ -#line 11948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11954 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_ERROR; } -#line 43206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1803: /* json_on_response: NULL_SYM */ -#line 11952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_NULL; } -#line 43214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1804: /* json_on_response: DEFAULT json_default_literal */ -#line 11956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11962 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.json_on_response).m_response= Json_table_column::RESPONSE_DEFAULT; (yyval.json_on_response).m_default= (yyvsp[0].item); } -#line 43223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1805: /* json_on_error_response: json_on_response ON ERROR_SYM */ -#line 11964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->json_table->m_cur_json_table_column->m_on_error= (yyvsp[-2].json_on_response); } -#line 43231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1806: /* json_on_empty_response: json_on_response ON EMPTY_SYM */ -#line 11971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->json_table->m_cur_json_table_column->m_on_empty= (yyvsp[-2].json_on_response); } -#line 43239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1807: /* $@156: %empty */ -#line 11978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { push_table_function_arg_context(Lex, thd->mem_root); //TODO: introduce IN_TABLE_FUNC_ARGUMENT? Select->parsing_place= IN_ON; } -#line 43249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1808: /* $@157: %empty */ -#line 11984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 11990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Table_function_json_table *jt= new (thd->mem_root) Table_function_json_table((yyvsp[-1].item)); @@ -43262,11 +43280,11 @@ Select->parsing_place= NO_MATTER; jt->set_name_resolution_context(Lex->pop_context()); } -#line 43266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1809: /* table_function: JSON_TABLE_SYM '(' $@156 expr ',' $@157 json_text_literal json_table_columns_clause ')' opt_table_alias_clause */ -#line 11997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; if (unlikely((yyvsp[0].lex_str_ptr) == NULL)) @@ -43290,51 +43308,51 @@ Lex->json_table= 0; status_var_increment(thd->status_var.feature_json); } -#line 43294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1810: /* esc_table_ref: table_ref */ -#line 12030 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[0].table_list); } -#line 43300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1811: /* esc_table_ref: '{' ident table_ref '}' */ -#line 12031 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[-1].table_list); } -#line 43306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1812: /* derived_table_list: esc_table_ref */ -#line 12038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)=(yyvsp[0].table_list); Select->add_joined_table((yyvsp[0].table_list)); } -#line 43315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1813: /* derived_table_list: derived_table_list ',' esc_table_ref */ -#line 12043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); Select->add_joined_table((yyvsp[0].table_list)); } -#line 43324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1814: /* join_table: table_ref normal_join table_ref */ -#line 12057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12063 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); if (unlikely(Select->add_cross_joined_table((yyvsp[-2].table_list), (yyvsp[0].table_list), (yyvsp[-1].num)))) MYSQL_YYABORT; } -#line 43334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1815: /* $@158: %empty */ -#line 12064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-3].table_list)); @@ -43344,42 +43362,42 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 43348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1816: /* join_table: table_ref normal_join table_ref ON $@158 expr */ -#line 12074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12080 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-3].table_list)->straight=(yyvsp[-4].num); add_join_on(thd, (yyvsp[-3].table_list), (yyvsp[0].item)); (yyvsp[-3].table_list)->on_context= Lex->pop_context(); Select->parsing_place= NO_MATTER; } -#line 43359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1817: /* $@159: %empty */ -#line 12082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-3].table_list)); Select->add_joined_table((yyvsp[-1].table_list)); } -#line 43369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1818: /* join_table: table_ref normal_join table_ref USING $@159 '(' using_list ')' */ -#line 12088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-5].table_list)->straight=(yyvsp[-6].num); add_join_natural((yyvsp[-7].table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); (yyval.table_list)=(yyvsp[-5].table_list); } -#line 43379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1819: /* join_table: table_ref NATURAL inner_join table_factor */ -#line 12094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-3].table_list) && ((yyval.table_list)=(yyvsp[0].table_list))); Select->add_joined_table((yyvsp[-3].table_list)); @@ -43387,11 +43405,11 @@ (yyvsp[0].table_list)->straight=(yyvsp[-1].num); add_join_natural((yyvsp[-3].table_list),(yyvsp[0].table_list),NULL,Select); } -#line 43391 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1820: /* $@160: %empty */ -#line 12105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12111 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -43401,11 +43419,11 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 43405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1821: /* join_table: table_ref LEFT opt_outer JOIN_SYM table_ref ON $@160 search_condition */ -#line 12115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { add_join_on(thd, (yyvsp[-3].table_list), (yyvsp[0].item)); (yyvsp[-3].table_list)->on_context= Lex->pop_context(); @@ -43413,31 +43431,31 @@ (yyval.table_list)=(yyvsp[-3].table_list); Select->parsing_place= NO_MATTER; } -#line 43417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43435 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1822: /* $@161: %empty */ -#line 12123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-4].table_list)); Select->add_joined_table((yyvsp[0].table_list)); } -#line 43427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1823: /* join_table: table_ref LEFT opt_outer JOIN_SYM table_factor $@161 USING '(' using_list ')' */ -#line 12129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { add_join_natural((yyvsp[-9].table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); (yyvsp[-5].table_list)->outer_join|=JOIN_TYPE_LEFT; (yyval.table_list)=(yyvsp[-5].table_list); } -#line 43437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43455 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1824: /* join_table: table_ref NATURAL LEFT opt_outer JOIN_SYM table_factor */ -#line 12135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12141 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -43446,11 +43464,11 @@ (yyvsp[0].table_list)->outer_join|=JOIN_TYPE_LEFT; (yyval.table_list)=(yyvsp[0].table_list); } -#line 43450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1825: /* $@162: %empty */ -#line 12147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[-1].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -43460,11 +43478,11 @@ MYSQL_YYABORT; Select->parsing_place= IN_ON; } -#line 43464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1826: /* join_table: table_ref RIGHT opt_outer JOIN_SYM table_ref ON $@162 expr */ -#line 12157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12163 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) @@ -43473,32 +43491,32 @@ (yyvsp[-7].table_list)->on_context= Lex->pop_context(); Select->parsing_place= NO_MATTER; } -#line 43477 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1827: /* $@163: %empty */ -#line 12166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-4].table_list)); Select->add_joined_table((yyvsp[0].table_list)); } -#line 43487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1828: /* join_table: table_ref RIGHT opt_outer JOIN_SYM table_factor $@163 USING '(' using_list ')' */ -#line 12172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) MYSQL_YYABORT; add_join_natural((yyval.table_list),(yyvsp[-5].table_list),(yyvsp[-1].string_list),Select); } -#line 43498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1829: /* join_table: table_ref NATURAL RIGHT opt_outer JOIN_SYM table_factor */ -#line 12179 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12185 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-5].table_list) && (yyvsp[0].table_list)); Select->add_joined_table((yyvsp[-5].table_list)); @@ -43508,129 +43526,129 @@ if (unlikely(!((yyval.table_list)= lex->current_select->convert_right_join()))) MYSQL_YYABORT; } -#line 43512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1830: /* inner_join: JOIN_SYM */ -#line 12192 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 43518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1831: /* inner_join: INNER_SYM JOIN_SYM */ -#line 12193 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 43524 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1832: /* inner_join: STRAIGHT_JOIN */ -#line 12194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 1; } -#line 43530 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1833: /* normal_join: inner_join */ -#line 12198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12204 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = (yyvsp[0].num); } -#line 43536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1834: /* normal_join: CROSS JOIN_SYM */ -#line 12199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num) = 0; } -#line 43542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1835: /* opt_use_partition: %empty */ -#line 12207 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string_list)= 0;} -#line 43548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1837: /* use_partition: PARTITION_SYM '(' using_list ')' have_partitioning */ -#line 12213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string_list)= (yyvsp[-2].string_list); Select->parsing_place= Select->save_parsing_place; Select->save_parsing_place= NO_MATTER; } -#line 43558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1838: /* table_factor: table_primary_ident_opt_parens */ -#line 12221 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1839: /* table_factor: table_primary_derived_opt_parens */ -#line 12222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1840: /* table_factor: join_table_parens */ -#line 12224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].table_list)->nested_join->nest_type= 0; (yyval.table_list)= (yyvsp[0].table_list); } -#line 43579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1841: /* table_factor: table_reference_list_parens */ -#line 12228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1842: /* table_factor: table_function */ -#line 12229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43591 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1843: /* table_primary_ident_opt_parens: table_primary_ident */ -#line 12233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1844: /* table_primary_ident_opt_parens: '(' table_primary_ident_opt_parens ')' */ -#line 12234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 43603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1845: /* table_primary_derived_opt_parens: table_primary_derived */ -#line 12238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 43609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1846: /* table_primary_derived_opt_parens: '(' table_primary_derived_opt_parens ')' */ -#line 12239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 43615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1847: /* table_reference_list_parens: '(' table_reference_list_parens ')' */ -#line 12243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 43621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1848: /* table_reference_list_parens: '(' nested_table_reference_list ')' */ -#line 12245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->end_nested_join(thd))) MYSQL_YYABORT; } -#line 43630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1849: /* nested_table_reference_list: table_ref ',' table_ref */ -#line 12253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Select->init_nested_join(thd)) MYSQL_YYABORT; @@ -43638,26 +43656,26 @@ Select->add_joined_table((yyvsp[0].table_list)); (yyval.table_list)= (yyvsp[-2].table_list)->embedding; } -#line 43642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1850: /* nested_table_reference_list: nested_table_reference_list ',' table_ref */ -#line 12261 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12267 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_joined_table((yyvsp[0].table_list)); (yyval.table_list)= (yyvsp[-2].table_list); } -#line 43651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1851: /* join_table_parens: '(' join_table_parens ')' */ -#line 12268 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[-1].table_list); } -#line 43657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1852: /* join_table_parens: '(' join_table ')' */ -#line 12270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (!((yyval.table_list)= lex->current_select->nest_last_join(thd))) @@ -43666,11 +43684,11 @@ MYSQL_YYABORT; } } -#line 43670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1853: /* table_primary_ident: table_ident opt_use_partition opt_for_system_time_clause opt_table_alias_clause opt_key_definition */ -#line 12284 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->add_table_to_list(thd, (yyvsp[-4].table), (yyvsp[-1].lex_str_ptr), 0, @@ -43682,134 +43700,134 @@ if ((yyvsp[-2].num)) (yyval.table_list)->vers_conditions= Lex->vers_conditions; } -#line 43686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43704 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1855: /* table_primary_derived: subquery opt_for_system_time_clause table_alias_clause derived_column_list */ -#line 12306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Lex->parsed_derived_table((yyvsp[-3].select_lex)->master_unit(), (yyvsp[-2].num), (yyvsp[-1].lex_str_ptr), (yyvsp[0].ident_sys_list)))) MYSQL_YYABORT; } -#line 43695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1856: /* table_primary_derived: subquery opt_for_system_time_clause */ -#line 12313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12319 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING alias; if ((yyvsp[-1].select_lex)->make_unique_derived_name(thd, &alias) || !((yyval.table_list)= Lex->parsed_derived_table((yyvsp[-1].select_lex)->master_unit(), (yyvsp[0].num), &alias))) MYSQL_YYABORT; } -#line 43706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1857: /* opt_outer: %empty */ -#line 12323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1858: /* opt_outer: OUTER */ -#line 12324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1859: /* index_hint_clause: %empty */ -#line 12329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12335 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (thd->variables.old_behavior & OLD_MODE_IGNORE_INDEX_ONLY_FOR_JOIN) ? INDEX_HINT_MASK_JOIN : INDEX_HINT_MASK_ALL; } -#line 43727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1860: /* index_hint_clause: FOR_SYM JOIN_SYM */ -#line 12333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_JOIN; } -#line 43733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1861: /* index_hint_clause: FOR_SYM ORDER_SYM BY */ -#line 12334 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_ORDER; } -#line 43739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1862: /* index_hint_clause: FOR_SYM GROUP_SYM BY */ -#line 12335 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= INDEX_HINT_MASK_GROUP; } -#line 43745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1863: /* index_hint_type: FORCE_SYM */ -#line 12339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.index_hint)= INDEX_HINT_FORCE; } -#line 43751 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1864: /* index_hint_type: IGNORE_SYM */ -#line 12340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.index_hint)= INDEX_HINT_IGNORE; } -#line 43757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1865: /* $@164: %empty */ -#line 12345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_index_hint_type((yyvsp[-2].index_hint), (yyvsp[0].num)); } -#line 43765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1867: /* $@165: %empty */ -#line 12350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12356 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_index_hint_type(INDEX_HINT_USE, (yyvsp[0].num)); } -#line 43773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1872: /* $@166: %empty */ -#line 12363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12369 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->alloc_index_hints(thd); } -#line 43779 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1874: /* $@167: %empty */ -#line 12367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12373 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->clear_index_hints(); } -#line 43785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1876: /* opt_key_usage_list: %empty */ -#line 12372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, NULL, 0); } -#line 43791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1877: /* opt_key_usage_list: key_usage_list */ -#line 12373 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1878: /* key_usage_element: ident */ -#line 12378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length); } -#line 43803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43821 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1879: /* key_usage_element: PRIMARY_SYM */ -#line 12380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12386 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->add_index_hint(thd, "PRIMARY", 7); } -#line 43809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1882: /* using_list: ident */ -#line 12390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.string_list)= new (thd->mem_root) List))) MYSQL_YYABORT; @@ -43820,11 +43838,11 @@ MYSQL_YYABORT; (yyval.string_list)->push_back(s, thd->mem_root); } -#line 43824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1883: /* using_list: using_list ',' ident */ -#line 12401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { String *s= new (thd->mem_root) String((const char*) (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length, @@ -43835,215 +43853,215 @@ MYSQL_YYABORT; (yyval.string_list)= (yyvsp[-2].string_list); } -#line 43839 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1884: /* interval: interval_time_stamp */ -#line 12414 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 43845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1885: /* interval: DAY_HOUR_SYM */ -#line 12415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_HOUR; } -#line 43851 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1886: /* interval: DAY_MICROSECOND_SYM */ -#line 12416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_MICROSECOND; } -#line 43857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1887: /* interval: DAY_MINUTE_SYM */ -#line 12417 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_MINUTE; } -#line 43863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1888: /* interval: DAY_SECOND_SYM */ -#line 12418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_DAY_SECOND; } -#line 43869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1889: /* interval: HOUR_MICROSECOND_SYM */ -#line 12419 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12425 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_MICROSECOND; } -#line 43875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1890: /* interval: HOUR_MINUTE_SYM */ -#line 12420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_MINUTE; } -#line 43881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1891: /* interval: HOUR_SECOND_SYM */ -#line 12421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12427 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_HOUR_SECOND; } -#line 43887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1892: /* interval: MINUTE_MICROSECOND_SYM */ -#line 12422 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_MINUTE_MICROSECOND; } -#line 43893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1893: /* interval: MINUTE_SECOND_SYM */ -#line 12423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_MINUTE_SECOND; } -#line 43899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1894: /* interval: SECOND_MICROSECOND_SYM */ -#line 12424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_SECOND_MICROSECOND; } -#line 43905 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1895: /* interval: YEAR_MONTH_SYM */ -#line 12425 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval)=INTERVAL_YEAR_MONTH; } -#line 43911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1896: /* interval_time_stamp: DAY_SYM */ -#line 12429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_DAY; } -#line 43917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1897: /* interval_time_stamp: WEEK_SYM */ -#line 12430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12436 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_WEEK; } -#line 43923 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1898: /* interval_time_stamp: HOUR_SYM */ -#line 12431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_HOUR; } -#line 43929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1899: /* interval_time_stamp: MINUTE_SYM */ -#line 12432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12438 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MINUTE; } -#line 43935 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1900: /* interval_time_stamp: MONTH_SYM */ -#line 12433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MONTH; } -#line 43941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1901: /* interval_time_stamp: QUARTER_SYM */ -#line 12434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_QUARTER; } -#line 43947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1902: /* interval_time_stamp: SECOND_SYM */ -#line 12435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_SECOND; } -#line 43953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1903: /* interval_time_stamp: MICROSECOND_SYM */ -#line 12436 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_MICROSECOND; } -#line 43959 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1904: /* interval_time_stamp: YEAR_SYM */ -#line 12437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.interval_time_st)=INTERVAL_YEAR; } -#line 43965 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1905: /* date_time_type: DATE_SYM */ -#line 12441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12447 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATE;} -#line 43971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1906: /* date_time_type: TIME_SYM */ -#line 12442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_TIME;} -#line 43977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 43995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1907: /* date_time_type: DATETIME */ -#line 12443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12449 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATETIME;} -#line 43983 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1908: /* date_time_type: TIMESTAMP */ -#line 12444 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.date_time_type)=MYSQL_TIMESTAMP_DATETIME;} -#line 43989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1912: /* opt_table_alias_clause: %empty */ -#line 12454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12460 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)=0; } -#line 43995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1913: /* opt_table_alias_clause: table_alias_clause */ -#line 12455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (yyvsp[0].lex_str_ptr); } -#line 44001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1914: /* table_alias_clause: table_alias ident_table_alias */ -#line 12460 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12466 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str_ptr)= (LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys),sizeof(LEX_STRING)); if (unlikely((yyval.lex_str_ptr) == NULL)) MYSQL_YYABORT; } -#line 44011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44029 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1917: /* opt_where_clause: %empty */ -#line 12473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->where= 0; } -#line 44017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1918: /* $@168: %empty */ -#line 12475 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_WHERE; } -#line 44025 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1919: /* opt_where_clause: WHERE $@168 search_condition */ -#line 12479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item)->top_level_item(); Select->where= normalize_cond(thd, (yyvsp[0].item)); Select->parsing_place= NO_MATTER; } -#line 44035 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1921: /* $@169: %empty */ -#line 12489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_HAVING; } -#line 44043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1922: /* opt_having_clause: HAVING $@169 search_condition */ -#line 12493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12499 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->having= normalize_cond(thd, (yyvsp[0].item)); @@ -44051,35 +44069,35 @@ if ((yyvsp[0].item)) (yyvsp[0].item)->top_level_item(); } -#line 44055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1925: /* group_list: group_list ',' order_ident order_dir */ -#line 12513 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12519 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_group_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 44064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1926: /* group_list: order_ident order_dir */ -#line 12518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_group_to_list(thd, (yyvsp[-1].item),(bool) (yyvsp[0].num)))) MYSQL_YYABORT; } -#line 44073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1927: /* olap_opt: %empty */ -#line 12525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44079 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1928: /* olap_opt: WITH_CUBE_SYM */ -#line 12527 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* 'WITH CUBE' is reserved in the MySQL syntax, but not implemented, @@ -44096,11 +44114,11 @@ my_yyabort_error((ER_NOT_SUPPORTED_YET, MYF(0), "CUBE")); } -#line 44100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1929: /* olap_opt: WITH_ROLLUP_SYM */ -#line 12544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* 'WITH ROLLUP' is needed for backward compatibility, @@ -44115,23 +44133,23 @@ "global union parameters")); lex->current_select->olap= ROLLUP_TYPE; } -#line 44119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1930: /* opt_window_clause: %empty */ -#line 12566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12572 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1931: /* opt_window_clause: WINDOW_SYM window_def_list */ -#line 12569 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12575 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1934: /* window_def: window_name AS window_spec */ -#line 12579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(Select->add_window_def(thd, (yyvsp[-2].lex_str_ptr), lex->win_ref, @@ -44140,63 +44158,63 @@ lex->win_frame))) MYSQL_YYABORT; } -#line 44144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1935: /* $@170: %empty */ -#line 12591 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12597 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->prepare_add_window_spec(thd); } -#line 44150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1936: /* window_spec: '(' $@170 opt_window_ref opt_window_partition_clause opt_window_order_clause opt_window_frame_clause ')' */ -#line 12595 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 44156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1937: /* opt_window_ref: %empty */ -#line 12599 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1938: /* opt_window_ref: ident */ -#line 12601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->lex->win_ref= (LEX_CSTRING *) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)); if (unlikely(thd->lex->win_ref == NULL)) MYSQL_YYABORT; } -#line 44172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1939: /* opt_window_partition_clause: %empty */ -#line 12609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 44178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1941: /* opt_window_order_clause: %empty */ -#line 12614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 44184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44202 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1942: /* opt_window_order_clause: ORDER_SYM BY order_list */ -#line 12615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->order_list= *((yyvsp[0].select_order)); } -#line 44190 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1943: /* opt_window_frame_clause: %empty */ -#line 12619 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 44196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44214 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1944: /* opt_window_frame_clause: window_frame_units window_frame_extent opt_window_frame_exclusion */ -#line 12621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->win_frame= @@ -44207,23 +44225,23 @@ if (unlikely(lex->win_frame == NULL)) MYSQL_YYABORT; } -#line 44211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1945: /* window_frame_units: ROWS_SYM */ -#line 12634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_units)= Window_frame::UNITS_ROWS; } -#line 44217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1946: /* window_frame_units: RANGE_SYM */ -#line 12635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12641 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_units)= Window_frame::UNITS_RANGE; } -#line 44223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1947: /* window_frame_extent: window_frame_start */ -#line 12640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12646 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->frame_top_bound= (yyvsp[0].window_frame_bound); @@ -44233,235 +44251,236 @@ if (unlikely(lex->frame_bottom_bound == NULL)) MYSQL_YYABORT; } -#line 44237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1948: /* window_frame_extent: BETWEEN_SYM window_frame_bound AND_SYM window_frame_bound */ -#line 12650 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12656 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->frame_top_bound= (yyvsp[-2].window_frame_bound); lex->frame_bottom_bound= (yyvsp[0].window_frame_bound); } -#line 44247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44265 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1949: /* window_frame_start: UNBOUNDED_SYM PRECEDING_SYM */ -#line 12659 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::PRECEDING, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 44258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1950: /* window_frame_start: CURRENT_SYM ROW_SYM */ -#line 12666 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::CURRENT, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 44269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1951: /* window_frame_start: literal PRECEDING_SYM */ -#line 12673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::PRECEDING, (yyvsp[-1].item)); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 44280 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1952: /* window_frame_bound: window_frame_start */ -#line 12682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12688 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= (yyvsp[0].window_frame_bound); } -#line 44286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1953: /* window_frame_bound: UNBOUNDED_SYM FOLLOWING_SYM */ -#line 12684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::FOLLOWING, NULL); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 44297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1954: /* window_frame_bound: literal FOLLOWING_SYM */ -#line 12691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.window_frame_bound)= new (thd->mem_root) Window_frame_bound(Window_frame_bound::FOLLOWING, (yyvsp[-1].item)); if (unlikely((yyval.window_frame_bound) == NULL)) MYSQL_YYABORT; } -#line 44308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1955: /* opt_window_frame_exclusion: %empty */ -#line 12700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12706 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 44314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1956: /* opt_window_frame_exclusion: EXCLUDE_SYM CURRENT_SYM ROW_SYM */ -#line 12702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_CURRENT_ROW; } -#line 44320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1957: /* opt_window_frame_exclusion: EXCLUDE_SYM GROUP_SYM */ -#line 12704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_GROUP; } -#line 44326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1958: /* opt_window_frame_exclusion: EXCLUDE_SYM TIES_SYM */ -#line 12706 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_TIES; } -#line 44332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1959: /* opt_window_frame_exclusion: EXCLUDE_SYM NO_SYM OTHERS_MARIADB_SYM */ -#line 12708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 44338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1960: /* opt_window_frame_exclusion: EXCLUDE_SYM NO_SYM OTHERS_ORACLE_SYM */ -#line 12710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.frame_exclusion)= Window_frame::EXCL_NONE; } -#line 44344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1964: /* alter_order_item: simple_ident_nospvar order_dir */ -#line 12728 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { bool ascending= ((yyvsp[0].num) == 1) ? true : false; if (unlikely(add_order_to_list(thd, (yyvsp[-1].item), ascending))) MYSQL_YYABORT; } -#line 44354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1965: /* opt_order_clause: %empty */ -#line 12741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= NULL; } -#line 44360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1966: /* opt_order_clause: order_clause */ -#line 12743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[0].select_order); } -#line 44366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1967: /* $@171: %empty */ -#line 12748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->where= THD_WHERE::ORDER_CLAUSE; + thd->lex->clause_winfuncs.empty(); } -#line 44374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1968: /* order_clause: ORDER_SYM BY $@171 order_list */ -#line 12752 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[0].select_order); } -#line 44382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1969: /* order_list: order_list ',' order_ident order_dir */ -#line 12759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= (yyvsp[-3].select_order); if (add_to_list(thd, *(yyval.select_order), (yyvsp[-1].item),(bool) (yyvsp[0].num))) MYSQL_YYABORT; } -#line 44392 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1970: /* order_list: order_ident order_dir */ -#line 12765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12772 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_order)= new (thd->mem_root) SQL_I_List(); if (add_to_list(thd, *(yyval.select_order), (yyvsp[-1].item), (bool) (yyvsp[0].num))) MYSQL_YYABORT; } -#line 44402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1971: /* order_dir: %empty */ -#line 12773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 44408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1972: /* order_dir: ASC */ -#line 12774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 44414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1973: /* order_dir: DESC */ -#line 12775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 44420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1974: /* opt_limit_clause: %empty */ -#line 12781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).clear(); } -#line 44426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1975: /* opt_limit_clause: limit_clause */ -#line 12783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); } -#line 44432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1976: /* limit_clause: LIMIT limit_options */ -#line 12788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); if (!(yyval.select_limit).select_limit->basic_const_item() || (yyval.select_limit).select_limit->val_int() > 0) Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 44443 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1977: /* limit_clause: LIMIT limit_options ROWS_SYM EXAMINED_SYM limit_rows_option */ -#line 12796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[-3].select_limit); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 44452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44471 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1978: /* limit_clause: LIMIT ROWS_SYM EXAMINED_SYM limit_rows_option */ -#line 12801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12808 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).clear(); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 44461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1979: /* limit_clause: fetch_first_clause */ -#line 12806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12813 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit)= (yyvsp[0].select_limit); if (!(yyval.select_limit).select_limit || @@ -44469,11 +44488,11 @@ (yyval.select_limit).select_limit->val_int() > 0) Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); } -#line 44473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1980: /* fetch_first_clause: FETCH_SYM first_or_next row_or_rows only_or_with_ties */ -#line 12817 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12824 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *one= new (thd->mem_root) Item_int(thd, (int32) 1); if (unlikely(one == NULL)) @@ -44483,11 +44502,11 @@ (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 44487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1981: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows FETCH_SYM first_or_next row_or_rows only_or_with_ties */ -#line 12828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12835 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *one= new (thd->mem_root) Item_int(thd, (int32) 1); if (unlikely(one == NULL)) @@ -44497,211 +44516,211 @@ (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 44501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44520 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1982: /* fetch_first_clause: FETCH_SYM first_or_next limit_option row_or_rows only_or_with_ties */ -#line 12838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= 0; (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 44512 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1983: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows FETCH_SYM first_or_next limit_option row_or_rows only_or_with_ties */ -#line 12846 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= (yyvsp[-6].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= (yyvsp[0].num); } -#line 44523 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1984: /* fetch_first_clause: OFFSET_SYM limit_option row_or_rows */ -#line 12853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= 0; (yyval.select_limit).offset_limit= (yyvsp[-1].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 44534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1989: /* only_or_with_ties: ONLY_SYM */ -#line 12872 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 44540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1990: /* only_or_with_ties: WITH TIES_SYM */ -#line 12873 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12880 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 44546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1991: /* opt_global_limit_clause: opt_limit_clause */ -#line 12879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->limit_params= (yyvsp[0].select_limit); } -#line 44554 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44573 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1992: /* limit_options: limit_option */ -#line 12886 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[0].item); (yyval.select_limit).offset_limit= NULL; (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 44565 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44584 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1993: /* limit_options: limit_option ',' limit_option */ -#line 12893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12900 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[0].item); (yyval.select_limit).offset_limit= (yyvsp[-2].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 44576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1994: /* limit_options: limit_option OFFSET_SYM limit_option */ -#line 12900 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_limit).select_limit= (yyvsp[-2].item); (yyval.select_limit).offset_limit= (yyvsp[0].item); (yyval.select_limit).explicit_limit= true; (yyval.select_limit).with_ties= false; } -#line 44587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1995: /* limit_option: ident_cli */ -#line 12910 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12917 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_limit(thd, &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 44596 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1996: /* limit_option: ident_cli '.' ident_cli */ -#line 12915 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12922 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_limit(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 44605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1997: /* limit_option: param_marker */ -#line 12920 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12927 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item_param)->limit_clause_param= TRUE; } -#line 44613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1998: /* limit_option: ULONGLONG_NUM */ -#line 12924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 44623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 1999: /* limit_option: LONG_NUM */ -#line 12930 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12937 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 44633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2000: /* limit_option: NUM */ -#line 12936 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12943 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 44643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2001: /* limit_rows_option: limit_option */ -#line 12945 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->limit_rows_examined= (yyvsp[0].item); } -#line 44651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2002: /* delete_limit_clause: %empty */ -#line 12952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->current_select->limit_params.select_limit= 0; } -#line 44660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44679 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2003: /* delete_limit_clause: LIMIT limit_option */ -#line 12957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { SELECT_LEX *sel= Select; sel->limit_params.select_limit= (yyvsp[0].item); Lex->set_stmt_unsafe(LEX::BINLOG_STMT_UNSAFE_LIMIT); sel->limit_params.explicit_limit= 1; } -#line 44671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2004: /* delete_limit_clause: LIMIT ROWS_SYM EXAMINED_SYM */ -#line 12963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(); MYSQL_YYABORT; } -#line 44677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2005: /* delete_limit_clause: LIMIT limit_option ROWS_SYM EXAMINED_SYM */ -#line 12964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(); MYSQL_YYABORT; } -#line 44683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2006: /* order_limit_lock: order_or_limit */ -#line 12969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); (yyval.order_limit_lock)->lock.empty(); } -#line 44692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2007: /* order_limit_lock: order_or_limit select_lock_type */ -#line 12974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[-1].order_limit_lock); (yyval.order_limit_lock)->lock= (yyvsp[0].select_lock); } -#line 44701 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2008: /* order_limit_lock: select_lock_type */ -#line 12979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -44710,68 +44729,68 @@ (yyval.order_limit_lock)->limit.clear(); (yyval.order_limit_lock)->lock= (yyvsp[0].select_lock); } -#line 44714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2009: /* opt_order_limit_lock: %empty */ -#line 12991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 12998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); (yyval.order_limit_lock)= NULL; } -#line 44723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2010: /* opt_order_limit_lock: order_limit_lock */ -#line 12995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); } -#line 44729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2013: /* opt_procedure_or_into: %empty */ -#line 13008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock).empty(); } -#line 44737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2014: /* opt_procedure_or_into: procedure_clause opt_select_lock_type */ -#line 13012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock)= (yyvsp[0].select_lock); } -#line 44745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2015: /* opt_procedure_or_into: into opt_select_lock_type */ -#line 13016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.select_lock)= (yyvsp[0].select_lock); status_var_increment(thd->status_var.feature_into_outfile); } -#line 44754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2016: /* opt_order_or_limit: %empty */ -#line 13024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13031 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= NULL; } -#line 44762 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44781 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2017: /* opt_order_or_limit: order_or_limit */ -#line 13029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].order_limit_lock)->lock.empty(); (yyval.order_limit_lock)= (yyvsp[0].order_limit_lock); } -#line 44771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2018: /* order_or_limit: order_clause opt_limit_clause */ -#line 13037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -44779,11 +44798,11 @@ (yyval.order_limit_lock)->order_list= (yyvsp[-1].select_order); (yyval.order_limit_lock)->limit= (yyvsp[0].select_limit); } -#line 44783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2019: /* order_or_limit: limit_clause */ -#line 13045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13052 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.order_limit_lock)= new(thd->mem_root) Lex_order_limit_lock; if (!(yyval.order_limit_lock)) @@ -44791,125 +44810,125 @@ (yyval.order_limit_lock)->order_list= NULL; (yyval.order_limit_lock)->limit= (yyvsp[0].select_limit); } -#line 44795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2022: /* int_num: opt_plus NUM */ -#line 13061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.num)= (int) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2023: /* int_num: '-' NUM */ -#line 13062 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.num)= -(int) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2024: /* ulong_num: opt_plus NUM */ -#line 13066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2025: /* ulong_num: HEX_NUM */ -#line 13067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13074 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= strtoul((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 44819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2026: /* ulong_num: opt_plus LONG_NUM */ -#line 13068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2027: /* ulong_num: opt_plus ULONGLONG_NUM */ -#line 13069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2028: /* ulong_num: opt_plus DECIMAL_NUM */ -#line 13070 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2029: /* ulong_num: opt_plus FLOAT_NUM */ -#line 13071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2030: /* real_ulong_num: NUM */ -#line 13075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2031: /* real_ulong_num: HEX_NUM */ -#line 13076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (ulong) strtol((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 44855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2032: /* real_ulong_num: LONG_NUM */ -#line 13077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2033: /* real_ulong_num: ULONGLONG_NUM */ -#line 13078 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulong_num)= (ulong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2034: /* real_ulong_num: dec_num_error */ -#line 13079 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT; } -#line 44873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2035: /* sequence_value_num: opt_plus NUM */ -#line 13088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= (longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44882 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44901 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2036: /* sequence_value_num: opt_plus LONG_NUM */ -#line 13093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= (longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2037: /* sequence_value_num: '-' NUM */ -#line 13098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= -(longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2038: /* sequence_value_num: '-' LONG_NUM */ -#line 13103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.longlong_number)= -(longlong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 44909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2039: /* sequence_value_num: '-' ULONGLONG_NUM */ -#line 13108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; const ulonglong abs= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); @@ -44918,238 +44937,250 @@ else thd->parse_error(ER_DATA_OUT_OF_RANGE); } -#line 44922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2040: /* sequence_value_hybrid_num: opt_plus NUM */ -#line 13124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 44932 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2041: /* sequence_value_hybrid_num: opt_plus LONG_NUM */ -#line 13130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 44942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2042: /* sequence_value_hybrid_num: opt_plus ULONGLONG_NUM */ -#line 13136 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13143 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - true); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= true; } -#line 44952 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44971 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2043: /* sequence_value_hybrid_num: '-' NUM */ -#line 13142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13149 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 44962 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44981 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2044: /* sequence_value_hybrid_num: '-' LONG_NUM */ -#line 13148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 44972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 44991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2045: /* sequence_value_hybrid_num: '-' ULONGLONG_NUM */ -#line 13154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13161 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; const ulonglong abs= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); if (abs == 1 + (ulonglong) LONGLONG_MAX) - (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } else thd->parse_error(ER_DATA_OUT_OF_RANGE); } -#line 44985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45007 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2046: /* sequence_truncated_value_hybrid_num: opt_plus NUM */ -#line 13170 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13180 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 44995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45017 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2047: /* sequence_truncated_value_hybrid_num: opt_plus LONG_NUM */ -#line 13176 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2048: /* sequence_truncated_value_hybrid_num: opt_plus ULONGLONG_NUM */ -#line 13182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13192 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - true); + (yyval.longlong_hybrid_number).num= my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= true; } -#line 45015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2049: /* sequence_truncated_value_hybrid_num: opt_plus DECIMAL_NUM */ -#line 13187 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(ULONGLONG_MAX, true); } -#line 45021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 13198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= ULONGLONG_MAX; + (yyval.longlong_hybrid_number).is_unsigned= true; + } +#line 45046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2050: /* sequence_truncated_value_hybrid_num: '-' NUM */ -#line 13189 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2051: /* sequence_truncated_value_hybrid_num: '-' LONG_NUM */ -#line 13195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; - (yyval.longlong_hybrid_number)= Longlong_hybrid(- my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error), - false); + (yyval.longlong_hybrid_number).num= - my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); + (yyval.longlong_hybrid_number).is_unsigned= false; } -#line 45041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45066 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2052: /* sequence_truncated_value_hybrid_num: '-' ULONGLONG_NUM */ -#line 13200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); } -#line 45047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 13215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } +#line 45075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2053: /* sequence_truncated_value_hybrid_num: '-' DECIMAL_NUM */ -#line 13201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" - { (yyval.longlong_hybrid_number)= Longlong_hybrid(LONGLONG_MIN, false); } -#line 45053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 13220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" + { + (yyval.longlong_hybrid_number).num= LONGLONG_MIN; + (yyval.longlong_hybrid_number).is_unsigned= false; + } +#line 45084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2054: /* ulonglong_num: opt_plus NUM */ -#line 13205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2055: /* ulonglong_num: opt_plus ULONGLONG_NUM */ -#line 13206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2056: /* ulonglong_num: opt_plus LONG_NUM */ -#line 13207 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2057: /* ulonglong_num: opt_plus DECIMAL_NUM */ -#line 13208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2058: /* ulonglong_num: opt_plus FLOAT_NUM */ -#line 13209 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2059: /* real_ulonglong_num: NUM */ -#line 13213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2060: /* real_ulonglong_num: ULONGLONG_NUM */ -#line 13214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2061: /* real_ulonglong_num: HEX_NUM */ -#line 13215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulonglong_number)= strtoull((yyvsp[0].lex_str).str, (char**) 0, 16); } -#line 45101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2062: /* real_ulonglong_num: LONG_NUM */ -#line 13216 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.ulonglong_number)= (ulonglong) my_strtoll10((yyvsp[0].lex_str).str, (char**) 0, &error); } -#line 45107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2063: /* real_ulonglong_num: dec_num_error */ -#line 13217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT; } -#line 45113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2064: /* dec_num_error: dec_num */ -#line 13222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->parse_error(ER_ONLY_INTEGERS_ALLOWED); } -#line 45119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45150 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2067: /* choice: ulong_num */ -#line 13231 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.choice)= (yyvsp[0].ulong_num) != 0 ? HA_CHOICE_YES : HA_CHOICE_NO; } -#line 45125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2068: /* choice: DEFAULT */ -#line 13232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.choice)= HA_CHOICE_UNDEF; } -#line 45131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2069: /* bool: ulong_num */ -#line 13236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= (yyvsp[0].ulong_num) != 0; } -#line 45137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2070: /* bool: TRUE_SYM */ -#line 13237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 1; } -#line 45143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2071: /* bool: FALSE_SYM */ -#line 13238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ulong_num)= 0; } -#line 45149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2072: /* $@172: %empty */ -#line 13243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; @@ -45173,43 +45204,43 @@ Lex->clause_that_disallows_subselect= "PROCEDURE"; Select->options|= OPTION_PROCEDURE_CLAUSE; } -#line 45177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2073: /* procedure_clause: PROCEDURE_SYM ident $@172 '(' procedure_list ')' */ -#line 13267 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13289 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Subqueries are allowed from now.*/ Lex->clause_that_disallows_subselect= NULL; } -#line 45186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2074: /* procedure_list: %empty */ -#line 13274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13296 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45223 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2075: /* procedure_list: procedure_list2 */ -#line 13275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45229 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2078: /* procedure_item: remember_name expr remember_end */ -#line 13285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(add_proc_to_list(thd, (yyvsp[-1].item)))) MYSQL_YYABORT; if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 45209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2079: /* $@173: %empty */ -#line 13294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (!lex->describe && @@ -45217,23 +45248,23 @@ select_dumpvar(thd))))) MYSQL_YYABORT; } -#line 45221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2080: /* select_var_list_init: $@173 select_var_list */ -#line 13302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2082: /* select_var_list: select_var_ident */ -#line 13307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2083: /* select_var_ident: select_outvar */ -#line 13311 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->result) { @@ -45250,11 +45281,11 @@ DBUG_ASSERT(Lex->describe); } } -#line 45254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2084: /* select_outvar: '@' ident_or_text */ -#line 13331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13353 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -45264,35 +45295,35 @@ (yyval.myvar) = Lex->result ? new (thd->mem_root) my_var_user(&(yyvsp[0].lex_str)) : NULL; } -#line 45268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2085: /* select_outvar: ident_or_text */ -#line 13341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13363 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.myvar)= Lex->create_outvar(thd, &(yyvsp[0].lex_str))) && Lex->result)) MYSQL_YYABORT; } -#line 45277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2086: /* select_outvar: ident '.' ident */ -#line 13346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.myvar)= Lex->create_outvar(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))) && Lex->result)) MYSQL_YYABORT; } -#line 45286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2087: /* into: INTO into_destination */ -#line 13354 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13376 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2088: /* $@174: %empty */ -#line 13359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->uncacheable(UNCACHEABLE_SIDEEFFECT); @@ -45304,17 +45335,17 @@ MYSQL_YYABORT; status_var_increment(thd->status_var.feature_into_outfile); } -#line 45308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2089: /* $@175: %empty */ -#line 13371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->cs= (yyvsp[0].charset); } -#line 45314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45345 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2091: /* into_destination: DUMPFILE TEXT_STRING_filesystem */ -#line 13374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (!lex->describe) @@ -45329,20 +45360,20 @@ MYSQL_YYABORT; } } -#line 45333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2092: /* into_destination: select_var_list_init */ -#line 13389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13411 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->uncacheable(UNCACHEABLE_SIDEEFFECT); status_var_increment(thd->status_var.feature_into_variable); } -#line 45342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2093: /* $@176: %empty */ -#line 13401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command = SQLCOM_DO; @@ -45350,48 +45381,48 @@ MYSQL_YYABORT; lex->init_select(); } -#line 45354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45385 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2094: /* do: DO_SYM $@176 expr_list */ -#line 13409 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13431 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->insert_list= (yyvsp[0].item_list); Lex->pop_select(); //main select if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 45365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2095: /* $@177: %empty */ -#line 13423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_command(SQLCOM_DROP_TABLE, (yyvsp[-2].num), (yyvsp[0].object_ddl_options)); YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 45376 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2096: /* drop: DROP opt_temporary table_or_tables opt_if_exists $@177 table_list opt_lock_wait_timeout opt_restrict */ -#line 13430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45382 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2097: /* $@178: %empty */ -#line 13432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 45391 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2098: /* drop: DROP INDEX_SYM $@178 opt_if_exists_table_element ident ON table_ident opt_lock_wait_timeout */ -#line 13437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Alter_drop *ad= (new (thd->mem_root) @@ -45409,82 +45440,82 @@ MYSQL_YYABORT; Lex->pop_select(); //main select } -#line 45413 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45444 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2099: /* drop: DROP DATABASE opt_if_exists ident */ -#line 13455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13477 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_command(SQLCOM_DROP_DB, (yyvsp[-1].object_ddl_options)); lex->name= (yyvsp[0].ident_sys); } -#line 45423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2100: /* drop: DROP USER_SYM opt_if_exists clear_privileges user_list */ -#line 13461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_USER, (yyvsp[-2].object_ddl_options)); } -#line 45431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2101: /* drop: DROP ROLE_SYM opt_if_exists clear_privileges role_list */ -#line 13465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13487 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_ROLE, (yyvsp[-2].object_ddl_options)); } -#line 45439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2102: /* $@179: %empty */ -#line 13469 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_VIEW, (yyvsp[0].object_ddl_options)); YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 45450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2103: /* drop: DROP VIEW_SYM opt_if_exists $@179 table_list opt_restrict */ -#line 13476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2104: /* drop: DROP EVENT_SYM opt_if_exists sp_name */ -#line 13478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->spname= (yyvsp[0].spname); Lex->set_command(SQLCOM_DROP_EVENT, (yyvsp[-1].object_ddl_options)); } -#line 45465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2105: /* drop: DROP TRIGGER_SYM opt_if_exists sp_name */ -#line 13483 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13505 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_TRIGGER, (yyvsp[-1].object_ddl_options)); lex->spname= (yyvsp[0].spname); } -#line 45475 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2106: /* drop: DROP SERVER_SYM opt_if_exists ident_or_text */ -#line 13489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_DROP_SERVER, (yyvsp[-1].object_ddl_options)); Lex->server_options.reset((yyvsp[0].lex_str)); } -#line 45484 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2107: /* $@180: %empty */ -#line 13495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->set_command(SQLCOM_DROP_SEQUENCE, (yyvsp[-2].num), (yyvsp[0].object_ddl_options)); @@ -45492,17 +45523,17 @@ YYPS->m_lock_type= TL_UNLOCK; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 45496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2108: /* drop: DROP opt_temporary SEQUENCE_SYM opt_if_exists $@180 table_list */ -#line 13503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45502 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2112: /* table_name: table_ident */ -#line 13514 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!thd->lex->current_select_or_default()-> add_table_to_list(thd, (yyvsp[0].table), NULL, @@ -45511,11 +45542,11 @@ YYPS->m_mdl_type)) MYSQL_YYABORT; } -#line 45515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2113: /* table_name_with_opt_use_partition: table_ident opt_use_partition */ -#line 13526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select->add_table_to_list(thd, (yyvsp[-1].table), NULL, TL_OPTION_UPDATING, @@ -45525,11 +45556,11 @@ (yyvsp[0].string_list)))) MYSQL_YYABORT; } -#line 45529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2116: /* table_alias_ref: table_ident_opt_wild */ -#line 13544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select-> add_table_to_list(thd, (yyvsp[0].table), NULL, @@ -45539,113 +45570,113 @@ YYPS->m_mdl_type))) MYSQL_YYABORT; } -#line 45543 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2117: /* opt_if_exists_table_element: %empty */ -#line 13557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_exists= FALSE; (yyval.num)= 0; } -#line 45552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2118: /* opt_if_exists_table_element: IF_SYM EXISTS */ -#line 13562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->check_exists= TRUE; (yyval.num)= 1; } -#line 45561 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2119: /* opt_if_exists: %empty */ -#line 13570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13592 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.object_ddl_options).set(DDL_options_st::OPT_NONE); } -#line 45569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2120: /* opt_if_exists: IF_SYM EXISTS */ -#line 13574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.object_ddl_options).set(DDL_options_st::OPT_IF_EXISTS); } -#line 45577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2121: /* opt_temporary: %empty */ -#line 13580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 45583 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45614 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2122: /* opt_temporary: TEMPORARY */ -#line 13581 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13603 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= HA_LEX_CREATE_TMP_TABLE; } -#line 45589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2123: /* $@181: %empty */ -#line 13589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13611 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_INSERT; Lex->duplicates= DUP_ERROR; thd->get_stmt_da()->opt_clear_warning_info(thd->query_id); thd->get_stmt_da()->reset_current_row_for_warning(1); } -#line 45600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2124: /* $@182: %empty */ -#line 13596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13618 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_lock_for_tables((yyvsp[-3].lock_type), true, false); } -#line 45608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2125: /* insert: INSERT $@181 insert_start insert_lock_option opt_ignore opt_into insert_table $@182 insert_field_spec opt_insert_update opt_returning stmt_end */ -#line 13601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13623 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); thd->get_stmt_da()->reset_current_row_for_warning(0); } -#line 45617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2126: /* $@183: %empty */ -#line 13609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_REPLACE; Lex->duplicates= DUP_REPLACE; thd->get_stmt_da()->opt_clear_warning_info(thd->query_id); thd->get_stmt_da()->reset_current_row_for_warning(1); } -#line 45628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45659 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2127: /* $@184: %empty */ -#line 13616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->set_lock_for_tables((yyvsp[-2].lock_type), true, false); } -#line 45636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2128: /* replace: REPLACE $@183 insert_start replace_lock_option opt_into insert_table $@184 insert_field_spec opt_returning stmt_end */ -#line 13621 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); thd->get_stmt_da()->reset_current_row_for_warning(0); } -#line 45645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2129: /* insert_start: %empty */ -#line 13627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13649 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; @@ -45653,21 +45684,21 @@ Lex->inc_select_stack_outer_barrier(); Lex->current_select->parsing_place= BEFORE_OPT_LIST; } -#line 45657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2130: /* stmt_end: %empty */ -#line 13636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); //main select if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 45667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2131: /* insert_lock_option: %empty */ -#line 13645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* If it is SP we do not allow insert optimisation when result of @@ -45676,70 +45707,70 @@ */ (yyval.lock_type)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 45680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2133: /* insert_lock_option: HIGH_PRIORITY */ -#line 13654 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE; } -#line 45686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2134: /* replace_lock_option: %empty */ -#line 13658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 45692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2136: /* insert_replace_option: LOW_PRIORITY */ -#line 13663 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 45698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2137: /* insert_replace_option: DELAYED_SYM */ -#line 13665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->keyword_delayed_begin_offset= (uint)((yyvsp[0].kwd).pos() - thd->query()); Lex->keyword_delayed_end_offset= (uint)((yyvsp[0].kwd).end() - thd->query()); (yyval.lock_type)= TL_WRITE_DELAYED; } -#line 45708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2140: /* $@185: %empty */ -#line 13675 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13697 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->save_parsing_place= Select->parsing_place; } -#line 45716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2141: /* insert_table: $@185 table_name_with_opt_use_partition */ -#line 13679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13701 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; //lex->field_list.empty(); lex->many_values.empty(); lex->insert_list=0; } -#line 45727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2142: /* insert_field_spec: insert_values */ -#line 13688 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13710 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2143: /* insert_field_spec: insert_field_list insert_values */ -#line 13689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13711 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2144: /* $@186: %empty */ -#line 13691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(!(lex->insert_list= new (thd->mem_root) List_item)) || @@ -45748,105 +45779,105 @@ MYSQL_YYABORT; lex->current_select->parsing_place= NO_MATTER; } -#line 45752 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2146: /* insert_field_list: LEFT_PAREN_ALT opt_fields ')' */ -#line 13704 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->current_select->parsing_place= AFTER_LIST; } -#line 45760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2149: /* fields: fields ',' insert_ident */ -#line 13716 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 45766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2150: /* fields: insert_ident */ -#line 13717 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 45772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45803 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2151: /* insert_values: create_select_query_expression */ -#line 13723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45809 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2156: /* ident_eq_value: simple_ident_nospvar equal expr_or_ignore_or_default */ -#line 13738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(lex->field_list.push_back((yyvsp[-2].item), thd->mem_root)) || unlikely(lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 45789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2157: /* equal: '=' */ -#line 13747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2158: /* equal: SET_VAR */ -#line 13748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2159: /* opt_equal: %empty */ -#line 13752 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2160: /* opt_equal: equal */ -#line 13753 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2161: /* opt_with: opt_equal */ -#line 13757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2162: /* opt_with: WITH */ -#line 13758 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2163: /* opt_by: opt_equal */ -#line 13762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2164: /* opt_by: BY */ -#line 13763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2165: /* $@187: %empty */ -#line 13768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!(Lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 45846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2166: /* no_braces: '(' $@187 opt_values ')' */ -#line 13773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13795 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; thd->get_stmt_da()->inc_current_row_for_warning(); @@ -45854,20 +45885,20 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 45858 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2167: /* $@188: %empty */ -#line 13784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!(Lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 45867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2168: /* no_braces_with_names: '(' $@188 opt_values_with_names ')' */ -#line 13789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; thd->get_stmt_da()->inc_current_row_for_warning(); @@ -45875,41 +45906,41 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 45879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2169: /* opt_values: %empty */ -#line 13799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2171: /* opt_values_with_names: %empty */ -#line 13804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13826 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 45891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2173: /* values: values ',' expr_or_ignore_or_default */ -#line 13810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 45900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45931 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2174: /* values: expr_or_ignore_or_default */ -#line 13815 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 45909 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45940 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2175: /* values_with_names: values_with_names ',' remember_name expr_or_ignore_or_default remember_end */ -#line 13823 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13845 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[-1].item), thd->mem_root))) MYSQL_YYABORT; @@ -45917,11 +45948,11 @@ if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 45921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45952 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2176: /* values_with_names: remember_name expr_or_ignore_or_default remember_end */ -#line 13831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->insert_list->push_back((yyvsp[-1].item), thd->mem_root))) MYSQL_YYABORT; @@ -45929,66 +45960,66 @@ if (!(yyvsp[-1].item)->name.str || (yyvsp[-1].item)->name.str == item_empty_name) (yyvsp[-1].item)->set_name(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 45933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2177: /* expr_or_ignore: expr */ -#line 13841 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item);} -#line 45939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2178: /* expr_or_ignore: IGNORE_SYM */ -#line 13843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_ignore_specification(thd); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 45949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2179: /* expr_or_ignore_or_default: expr_or_ignore */ -#line 13851 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13873 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item);} -#line 45955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2180: /* expr_or_ignore_or_default: DEFAULT */ -#line 13853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13875 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_default_specification(thd); Lex->default_used= TRUE; if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 45966 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 45997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2182: /* $@189: %empty */ -#line 13863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates= DUP_UPDATE; } -#line 45972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2183: /* $@190: %empty */ -#line 13865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= IN_UPDATE_ON_DUP_KEY; } -#line 45980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46011 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2184: /* opt_insert_update: ON DUPLICATE_SYM $@189 KEY_SYM UPDATE_SYM $@190 insert_update_list */ -#line 13869 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13891 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; } -#line 45988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2185: /* update_table_list: table_ident opt_use_partition for_portion_of_time_clause opt_table_alias_clause opt_key_definition */ -#line 13877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.table_list)= Select->add_table_to_list(thd, (yyvsp[-4].table), (yyvsp[-1].lex_str_ptr), 0, @@ -45999,17 +46030,17 @@ MYSQL_YYABORT; (yyval.table_list)->period_conditions= Lex->period_conditions; } -#line 46003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2186: /* update_table_list: join_table_list */ -#line 13887 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13909 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table_list)= (yyvsp[0].table_list); } -#line 46009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2187: /* $@191: %empty */ -#line 13894 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13916 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (Lex->main_select_push()) @@ -46018,11 +46049,11 @@ lex->sql_command= SQLCOM_UPDATE; lex->duplicates= DUP_ERROR; } -#line 46022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2188: /* $@192: %empty */ -#line 13904 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { bool is_multiupdate= false; LEX *lex= Lex; @@ -46049,26 +46080,26 @@ */ slex->set_lock_for_tables((yyvsp[-4].lock_type), slex->table_list.elements == 1, false); } -#line 46053 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46084 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2189: /* $@193: %empty */ -#line 13931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[-1].select_order)) Select->order_list= *((yyvsp[-1].select_order)); } -#line 46062 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46093 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2190: /* update: UPDATE_SYM $@191 opt_low_priority opt_ignore update_table_list SET update_list $@192 opt_where_clause opt_order_clause delete_limit_clause $@193 stmt_end */ -#line 13934 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13956 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2193: /* update_elem: simple_ident_nospvar equal DEFAULT */ -#line 13944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *def= new (thd->mem_root) Item_default_value(thd, Lex->current_context(), (yyvsp[-2].item), 1); @@ -46076,43 +46107,43 @@ if (!def || add_item_to_list(thd, (yyvsp[-2].item)) || add_value_to_list(thd, def)) MYSQL_YYABORT; } -#line 46080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2194: /* update_elem: simple_ident_nospvar equal expr_or_ignore */ -#line 13952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (add_item_to_list(thd, (yyvsp[-2].item)) || add_value_to_list(thd, (yyvsp[0].item))) MYSQL_YYABORT; } -#line 46089 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2197: /* insert_update_elem: simple_ident_nospvar equal expr_or_ignore_or_default */ -#line 13965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->update_list.push_back((yyvsp[-2].item), thd->mem_root)) || unlikely(lex->value_list.push_back((yyvsp[0].item), thd->mem_root))) MYSQL_YYABORT; } -#line 46100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2198: /* opt_low_priority: %empty */ -#line 13974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 46106 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46137 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2199: /* opt_low_priority: LOW_PRIORITY */ -#line 13975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 13997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 46112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2200: /* $@194: %empty */ -#line 13982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; YYPS->m_lock_type= TL_WRITE_DEFAULT; @@ -46123,42 +46154,42 @@ lex->ignore= 0; lex->first_select_lex()->order_list.empty(); } -#line 46127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2201: /* delete: DELETE_SYM $@194 delete_part2 */ -#line 13993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 46136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2202: /* opt_delete_system_time: %empty */ -#line 14001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->vers_conditions.init(SYSTEM_TIME_HISTORY); } -#line 46144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2203: /* opt_delete_system_time: BEFORE_SYM SYSTEM_TIME_SYM history_point */ -#line 14005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14027 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->vers_conditions.init(SYSTEM_TIME_BEFORE, (yyvsp[0].vers_history_point)); } -#line 46152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2204: /* delete_part2: opt_delete_options single_multi */ -#line 14011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14033 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2205: /* $@195: %empty */ -#line 14013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->last_table()->vers_conditions= lex->vers_conditions; @@ -46169,17 +46200,17 @@ if (lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 46173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2206: /* delete_part2: HISTORY_SYM delete_single_table opt_delete_system_time $@195 stmt_end */ -#line 14024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2207: /* delete_single_table: FROM table_ident opt_table_alias_clause opt_key_definition opt_use_partition */ -#line 14029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select-> add_table_to_list(thd, (yyvsp[-3].table), (yyvsp[-2].lex_str_ptr), TL_OPTION_UPDATING, @@ -46206,20 +46237,20 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 46210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2208: /* delete_single_table_for_period: delete_single_table opt_for_portion_of_time_clause */ -#line 14059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14081 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[0].num)) Lex->last_table()->period_conditions= Lex->period_conditions; } -#line 46219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46250 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2209: /* $@196: %empty */ -#line 14071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if ((yyvsp[-2].select_order)) @@ -46231,17 +46262,17 @@ if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 46235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2210: /* single_multi: delete_single_table_for_period opt_where_clause opt_order_clause delete_limit_clause opt_returning $@196 stmt_end */ -#line 14082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46241 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2211: /* $@197: %empty */ -#line 14084 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14106 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_DELETE_MULTI; @@ -46252,11 +46283,11 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 46256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2212: /* $@198: %empty */ -#line 14095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(multi_delete_set_locks_and_link_aux_tables(Lex))) MYSQL_YYABORT; @@ -46266,17 +46297,17 @@ (yyvsp[0].order_limit_lock)->set_to(Lex->select_stack_head()); } } -#line 46270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2213: /* single_multi: table_alias_ref_list $@197 FROM join_table_list opt_where_clause opt_order_or_limit $@198 stmt_end */ -#line 14103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2214: /* $@199: %empty */ -#line 14105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_DELETE_MULTI; @@ -46287,11 +46318,11 @@ YYPS->m_lock_type= TL_READ_DEFAULT; YYPS->m_mdl_type= MDL_SHARED_READ; } -#line 46291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2215: /* $@200: %empty */ -#line 14116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(multi_delete_set_locks_and_link_aux_tables(Lex))) MYSQL_YYABORT; @@ -46301,25 +46332,25 @@ (yyvsp[0].order_limit_lock)->set_to(Lex->select_stack_head()); } } -#line 46305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2216: /* single_multi: FROM table_alias_ref_list $@199 USING join_table_list opt_where_clause opt_order_or_limit $@200 stmt_end */ -#line 14124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2217: /* opt_returning: %empty */ -#line 14129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(!Lex->has_returning()); } -#line 46319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2218: /* $@201: %empty */ -#line 14133 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(!Lex->has_returning()); /* @@ -46346,62 +46377,62 @@ thd->lex->push_context(&thd->lex->returning()->context); thd->lex->has_returning_list= true; } -#line 46350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2219: /* opt_returning: RETURNING_SYM $@201 select_item_list */ -#line 14160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thd->lex->pop_context(); thd->lex->current_select->parsing_place= NO_MATTER; } -#line 46359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2220: /* opt_wild: %empty */ -#line 14167 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14189 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2221: /* opt_wild: '.' '*' */ -#line 14168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14190 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2222: /* opt_delete_options: %empty */ -#line 14172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46377 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2223: /* opt_delete_options: opt_delete_option opt_delete_options */ -#line 14173 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 46383 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2224: /* opt_delete_option: QUICK */ -#line 14177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14199 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_QUICK; } -#line 46389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2225: /* opt_delete_option: LOW_PRIORITY */ -#line 14178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYPS->m_lock_type= TL_WRITE_LOW_PRIORITY; } -#line 46395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2226: /* opt_delete_option: IGNORE_SYM */ -#line 14179 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1; } -#line 46401 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2227: /* $@202: %empty */ -#line 14184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX* lex= Lex; lex->sql_command= SQLCOM_TRUNCATE; @@ -46412,11 +46443,11 @@ YYPS->m_lock_type= TL_WRITE; YYPS->m_mdl_type= MDL_EXCLUSIVE; } -#line 46416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2228: /* $@203: %empty */ -#line 14195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX* lex= thd->lex; DBUG_ASSERT(!lex->m_sql_cmd); @@ -46424,105 +46455,105 @@ if (unlikely(lex->m_sql_cmd == NULL)) MYSQL_YYABORT; } -#line 46428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46459 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2229: /* truncate: TRUNCATE_SYM $@202 opt_table_sym table_name opt_lock_wait_timeout $@203 opt_truncate_table_storage_clause */ -#line 14202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 46434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2236: /* profile_def: CPU_SYM */ -#line 14220 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14242 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_CPU; } -#line 46442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2237: /* profile_def: MEMORY_SYM */ -#line 14224 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14246 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_MEMORY; } -#line 46450 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46481 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2238: /* profile_def: BLOCK_SYM IO_SYM */ -#line 14228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_BLOCK_IO; } -#line 46458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2239: /* profile_def: CONTEXT_SYM SWITCHES_SYM */ -#line 14232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_CONTEXT; } -#line 46466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2240: /* profile_def: PAGE_SYM FAULTS_SYM */ -#line 14236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_PAGE_FAULTS; } -#line 46474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2241: /* profile_def: IPC_SYM */ -#line 14240 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14262 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_IPC; } -#line 46482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2242: /* profile_def: SWAPS_SYM */ -#line 14244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_SWAPS; } -#line 46490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2243: /* profile_def: SOURCE_SYM */ -#line 14248 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_SOURCE; } -#line 46498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2244: /* profile_def: ALL */ -#line 14252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14274 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_options|= PROFILE_ALL; } -#line 46506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2245: /* opt_profile_args: %empty */ -#line 14259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_query_id= 0; } -#line 46514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2246: /* opt_profile_args: FOR_SYM QUERY_SYM NUM */ -#line 14263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->profile_query_id= atoi((yyvsp[0].lex_str).str); } -#line 46522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2247: /* $@204: %empty */ -#line 14272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->wild=0; @@ -46533,31 +46564,31 @@ lex->current_select->parsing_place= SELECT_LIST; lex->create_info.init(); } -#line 46537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2248: /* show: SHOW $@204 show_param */ -#line 14283 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; Lex->pop_select(); //main select } -#line 46546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2249: /* show_param: DATABASES wild_and_where */ -#line 14291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_DATABASES; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SCHEMATA))) MYSQL_YYABORT; } -#line 46557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2250: /* show_param: opt_full TABLES opt_db wild_and_where */ -#line 14298 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TABLES; @@ -46565,11 +46596,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TABLE_NAMES)) MYSQL_YYABORT; } -#line 46569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2251: /* show_param: opt_full TRIGGERS_SYM opt_db wild_and_where */ -#line 14306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TRIGGERS; @@ -46577,11 +46608,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TRIGGERS)) MYSQL_YYABORT; } -#line 46581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2252: /* show_param: EVENTS_SYM opt_db wild_and_where */ -#line 14314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_EVENTS; @@ -46589,11 +46620,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_EVENTS)) MYSQL_YYABORT; } -#line 46593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46624 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2253: /* show_param: TABLE_SYM STATUS_SYM opt_db wild_and_where */ -#line 14322 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14344 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_TABLE_STATUS; @@ -46601,11 +46632,11 @@ if (prepare_schema_table(thd, lex, 0, SCH_TABLES)) MYSQL_YYABORT; } -#line 46605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46636 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2254: /* show_param: OPEN_SYM TABLES opt_db wild_and_where */ -#line 14330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_OPEN_TABLES; @@ -46613,55 +46644,55 @@ if (prepare_schema_table(thd, lex, 0, SCH_OPEN_TABLES)) MYSQL_YYABORT; } -#line 46617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46648 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2255: /* show_param: PLUGINS_SYM */ -#line 14338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14360 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PLUGINS))) MYSQL_YYABORT; } -#line 46628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46659 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2256: /* show_param: PLUGINS_SYM SONAME_SYM TEXT_STRING_sys */ -#line 14345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= (yyvsp[0].lex_str); Lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, Lex, 0, SCH_ALL_PLUGINS))) MYSQL_YYABORT; } -#line 46639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2257: /* show_param: PLUGINS_SYM SONAME_SYM wild_and_where */ -#line 14352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_PLUGINS; if (unlikely(prepare_schema_table(thd, Lex, 0, SCH_ALL_PLUGINS))) MYSQL_YYABORT; } -#line 46649 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46680 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2258: /* show_param: ENGINE_SYM known_storage_engines show_engine_param */ -#line 14358 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.db_type= (yyvsp[-1].db_type); } -#line 46655 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2259: /* show_param: ENGINE_SYM ALL show_engine_param */ -#line 14360 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14382 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->create_info.db_type= NULL; } -#line 46661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2260: /* show_param: opt_full COLUMNS from_or_in table_ident opt_db wild_and_where */ -#line 14362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_FIELDS; @@ -46670,51 +46701,51 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[-2].table), SCH_COLUMNS))) MYSQL_YYABORT; } -#line 46674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2261: /* show_param: master_or_binary LOGS_SYM */ -#line 14371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOGS; } -#line 46682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2262: /* show_param: SLAVE HOSTS_SYM */ -#line 14375 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14397 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_SLAVE_HOSTS; } -#line 46690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2263: /* $@205: %empty */ -#line 14379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_BINLOG_EVENTS; } -#line 46699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2265: /* $@206: %empty */ -#line 14385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_RELAYLOG_EVENTS; } -#line 46708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2266: /* show_param: RELAYLOG_SYM optional_connection_name EVENTS_SYM binlog_in binlog_from $@206 opt_global_limit_clause optional_for_channel */ -#line 14390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 46714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2267: /* show_param: keys_or_index from_or_in table_ident opt_db opt_where_clause */ -#line 14392 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14414 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_KEYS; @@ -46723,96 +46754,96 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[-2].table), SCH_STATISTICS))) MYSQL_YYABORT; } -#line 46727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46758 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2268: /* show_param: opt_storage ENGINES_SYM */ -#line 14401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_STORAGE_ENGINES; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_ENGINES))) MYSQL_YYABORT; } -#line 46738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2269: /* show_param: AUTHORS_SYM */ -#line 14408 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_AUTHORS; } -#line 46747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2270: /* show_param: CONTRIBUTORS_SYM */ -#line 14413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_CONTRIBUTORS; } -#line 46756 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2271: /* show_param: PRIVILEGES */ -#line 14418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_PRIVILEGES; } -#line 46765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2272: /* show_param: COUNT_SYM '(' '*' ')' WARNINGS */ -#line 14423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING var= {STRING_WITH_LEN("warning_count")}; (void) create_select_for_variable(thd, &var); } -#line 46774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2273: /* show_param: COUNT_SYM '(' '*' ')' ERRORS */ -#line 14428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING var= {STRING_WITH_LEN("error_count")}; (void) create_select_for_variable(thd, &var); } -#line 46783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2274: /* show_param: WARNINGS opt_global_limit_clause */ -#line 14433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14455 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_WARNS;} -#line 46789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2275: /* show_param: ERRORS opt_global_limit_clause */ -#line 14435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_ERRORS;} -#line 46795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2276: /* show_param: PROFILES_SYM */ -#line 14437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14459 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_PROFILES; } -#line 46801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2277: /* show_param: PROFILE_SYM opt_profile_defs opt_profile_args opt_global_limit_clause */ -#line 14439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_PROFILE; if (unlikely(prepare_schema_table(thd, lex, NULL, SCH_PROFILES))) MYSQL_YYABORT; } -#line 46812 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2278: /* show_param: opt_var_type STATUS_SYM wild_and_where */ -#line 14446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS; @@ -46820,17 +46851,17 @@ if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SESSION_STATUS))) MYSQL_YYABORT; } -#line 46824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2279: /* show_param: opt_full PROCESSLIST_SYM */ -#line 14454 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_PROCESSLIST;} -#line 46830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2280: /* show_param: opt_var_type VARIABLES wild_and_where */ -#line 14456 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_VARIABLES; @@ -46838,63 +46869,63 @@ if (unlikely(prepare_schema_table(thd, lex, 0, SCH_SESSION_VARIABLES))) MYSQL_YYABORT; } -#line 46842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2281: /* show_param: charset wild_and_where */ -#line 14464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_CHARSETS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_CHARSETS))) MYSQL_YYABORT; } -#line 46853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2282: /* show_param: COLLATION_SYM wild_and_where */ -#line 14471 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_COLLATIONS; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_COLLATIONS))) MYSQL_YYABORT; } -#line 46864 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2283: /* show_param: GRANTS */ -#line 14478 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_GRANTS; if (unlikely(!(Lex->grant_user= thd->calloc(1)))) MYSQL_YYABORT; Lex->grant_user->user= current_user_and_current_role; } -#line 46875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2284: /* show_param: GRANTS FOR_SYM user_or_role clear_privileges */ -#line 14485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14507 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SHOW_GRANTS; lex->grant_user=(yyvsp[-1].lex_user); } -#line 46885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2285: /* show_param: CREATE DATABASE opt_if_not_exists ident */ -#line 14491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14513 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->set_command(SQLCOM_SHOW_CREATE_DB, (yyvsp[-1].object_ddl_options)); Lex->name= (yyvsp[0].ident_sys); } -#line 46894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2286: /* show_param: CREATE TABLE_SYM table_ident */ -#line 14496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -46902,11 +46933,11 @@ MYSQL_YYABORT; lex->create_info.storage_media= HA_SM_DEFAULT; } -#line 46906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46937 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2287: /* show_param: CREATE VIEW_SYM table_ident */ -#line 14504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -46914,11 +46945,11 @@ MYSQL_YYABORT; lex->table_type= TABLE_TYPE_VIEW; } -#line 46918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2288: /* show_param: CREATE SEQUENCE_SYM table_ident */ -#line 14512 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14534 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE; @@ -46926,27 +46957,27 @@ MYSQL_YYABORT; lex->table_type= TABLE_TYPE_SEQUENCE; } -#line 46930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2289: /* show_param: BINLOG_SYM STATUS_SYM */ -#line 14520 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14542 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOG_STAT; } -#line 46938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2290: /* show_param: MASTER_SYM STATUS_SYM */ -#line 14524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_SHOW_BINLOG_STAT; } -#line 46946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46977 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2291: /* show_param: ALL SLAVES STATUS_SYM */ -#line 14528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14550 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_SLAVE_STAT; @@ -46956,11 +46987,11 @@ MYSQL_YYABORT; #endif } -#line 46960 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 46991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2292: /* show_param: SLAVE optional_connection_name STATUS_SYM optional_for_channel */ -#line 14538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_SLAVE_STAT; @@ -46970,226 +47001,226 @@ MYSQL_YYABORT; #endif } -#line 46974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47005 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2293: /* show_param: CREATE PROCEDURE_SYM sp_name */ -#line 14548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14570 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PROC; lex->spname= (yyvsp[0].spname); } -#line 46985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2294: /* show_param: CREATE FUNCTION_SYM sp_name */ -#line 14555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_FUNC; lex->spname= (yyvsp[0].spname); } -#line 46996 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2295: /* show_param: CREATE PACKAGE_MARIADB_SYM sp_name */ -#line 14562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14584 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE; lex->spname= (yyvsp[0].spname); } -#line 47006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2296: /* show_param: CREATE PACKAGE_ORACLE_SYM sp_name */ -#line 14568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE; lex->spname= (yyvsp[0].spname); } -#line 47016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2297: /* show_param: CREATE PACKAGE_MARIADB_SYM BODY_MARIADB_SYM sp_name */ -#line 14574 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14596 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE_BODY; lex->spname= (yyvsp[0].spname); } -#line 47026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2298: /* show_param: CREATE PACKAGE_ORACLE_SYM BODY_ORACLE_SYM sp_name */ -#line 14580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_PACKAGE_BODY; lex->spname= (yyvsp[0].spname); } -#line 47036 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2299: /* show_param: CREATE SERVER_SYM ident_or_text */ -#line 14586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command = SQLCOM_SHOW_CREATE_SERVER; lex->name= (yyvsp[0].lex_str); } -#line 47046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2300: /* show_param: CREATE TRIGGER_SYM sp_name */ -#line 14592 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14614 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_CREATE_TRIGGER; lex->spname= (yyvsp[0].spname); } -#line 47056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2301: /* show_param: CREATE USER_SYM */ -#line 14598 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14620 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_CREATE_USER; if (unlikely(!(Lex->grant_user= thd->calloc(1)))) MYSQL_YYABORT; Lex->grant_user->user= current_user; } -#line 47067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2302: /* show_param: CREATE USER_SYM user */ -#line 14605 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14627 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_CREATE_USER; Lex->grant_user= (yyvsp[0].lex_user); } -#line 47076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2303: /* show_param: PROCEDURE_SYM STATUS_SYM wild_and_where */ -#line 14610 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14632 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PROC; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2304: /* show_param: FUNCTION_SYM STATUS_SYM wild_and_where */ -#line 14617 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14639 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_FUNC; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47098 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47129 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2305: /* show_param: PACKAGE_MARIADB_SYM STATUS_SYM wild_and_where */ -#line 14624 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14646 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47109 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2306: /* show_param: PACKAGE_ORACLE_SYM STATUS_SYM wild_and_where */ -#line 14631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14653 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2307: /* show_param: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM STATUS_SYM wild_and_where */ -#line 14638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE_BODY; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47162 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2308: /* show_param: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM STATUS_SYM wild_and_where */ -#line 14645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_SHOW_STATUS_PACKAGE_BODY; if (unlikely(prepare_schema_table(thd, lex, 0, SCH_PROCEDURES))) MYSQL_YYABORT; } -#line 47142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2309: /* show_param: PROCEDURE_SYM CODE_SYM sp_name */ -#line 14652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PROC_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 47151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2310: /* show_param: FUNCTION_SYM CODE_SYM sp_name */ -#line 14657 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_FUNC_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 47160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2311: /* show_param: PACKAGE_MARIADB_SYM BODY_MARIADB_SYM CODE_SYM sp_name */ -#line 14662 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PACKAGE_BODY_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 47170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2312: /* show_param: PACKAGE_ORACLE_SYM BODY_ORACLE_SYM CODE_SYM sp_name */ -#line 14668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->show_routine_code_start(thd, SQLCOM_SHOW_PACKAGE_BODY_CODE, (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 47180 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47211 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2313: /* show_param: CREATE EVENT_SYM sp_name */ -#line 14674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14696 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->spname= (yyvsp[0].spname); Lex->sql_command = SQLCOM_SHOW_CREATE_EVENT; } -#line 47189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47220 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2314: /* show_param: describe_command opt_format_json FOR_SYM expr */ -#line 14683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14705 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_EXPLAIN; if (unlikely(prepare_schema_table(thd, Lex, 0, @@ -47197,11 +47228,11 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 47201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47232 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2315: /* show_param: ANALYZE_SYM opt_format_json FOR_SYM expr */ -#line 14691 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ANALYZE; if (unlikely(prepare_schema_table(thd, Lex, 0, @@ -47209,11 +47240,11 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 47213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2316: /* show_param: IDENT_sys remember_tok_start wild_and_where */ -#line 14699 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; bool in_plugin; @@ -47232,83 +47263,83 @@ if (unlikely(make_schema_select(thd, Lex->current_select, table))) MYSQL_YYABORT; } -#line 47236 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2317: /* show_engine_param: STATUS_SYM */ -#line 14721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_STATUS; } -#line 47242 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2318: /* show_engine_param: MUTEX_SYM */ -#line 14723 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_MUTEX; } -#line 47248 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2319: /* show_engine_param: LOGS_SYM */ -#line 14725 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHOW_ENGINE_LOGS; } -#line 47254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2324: /* opt_db: %empty */ -#line 14739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 47260 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2325: /* opt_db: from_or_in ident */ -#line 14740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 47266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2326: /* opt_full: %empty */ -#line 14744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->verbose=0; } -#line 47272 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2327: /* opt_full: FULL */ -#line 14745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->verbose=1; } -#line 47278 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2330: /* binlog_in: %empty */ -#line 14754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14776 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.log_file_name = 0; } -#line 47284 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47315 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2331: /* binlog_in: IN_SYM TEXT_STRING_sys */ -#line 14755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.log_file_name = (yyvsp[0].lex_str).str; } -#line 47290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2332: /* binlog_from: %empty */ -#line 14759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.pos = 4; /* skip magic number */ } -#line 47296 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47327 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2333: /* binlog_from: FROM ulonglong_num */ -#line 14760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mi.pos = (yyvsp[0].ulonglong_number); } -#line 47302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47333 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2334: /* wild_and_where: %empty */ -#line 14764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.simple_string)= 0; } -#line 47308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47339 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2335: /* wild_and_where: LIKE remember_tok_start TEXT_STRING_sys */ -#line 14766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= new (thd->mem_root) String((const char*) (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, @@ -47317,22 +47348,22 @@ MYSQL_YYABORT; (yyval.simple_string)= (yyvsp[-1].simple_string); } -#line 47321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47352 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2336: /* wild_and_where: WHERE remember_tok_start search_condition */ -#line 14775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->where= normalize_cond(thd, (yyvsp[0].item)); if ((yyvsp[0].item)) (yyvsp[0].item)->top_level_item(); (yyval.simple_string)= (yyvsp[-1].simple_string); } -#line 47332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47363 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2337: /* $@207: %empty */ -#line 14786 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14808 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (lex->main_select_push()) @@ -47345,73 +47376,73 @@ if (unlikely(prepare_schema_table(thd, lex, (yyvsp[0].table), SCH_COLUMNS))) MYSQL_YYABORT; } -#line 47349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2338: /* describe: describe_command table_ident $@207 opt_describe_column */ -#line 14799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->parsing_place= NO_MATTER; Lex->pop_select(); //main select } -#line 47358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2339: /* $@208: %empty */ -#line 14804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14826 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_NORMAL; } -#line 47364 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47395 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2340: /* describe: describe_command opt_extended_describe $@208 explainable_command */ -#line 14806 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->first_select_lex()->options|= SELECT_DESCRIBE; } -#line 47373 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47404 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2349: /* analyze_stmt_command: ANALYZE_SYM opt_format_json explainable_command */ -#line 14828 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14850 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->analyze_stmt= true; } -#line 47381 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47412 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2350: /* opt_extended_describe: EXTENDED_SYM */ -#line 14834 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_EXTENDED; } -#line 47387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2351: /* opt_extended_describe: EXTENDED_SYM ALL */ -#line 14836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14858 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_EXTENDED | DESCRIBE_EXTENDED2; } -#line 47393 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47424 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2352: /* opt_extended_describe: PARTITIONS_SYM */ -#line 14837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->describe|= DESCRIBE_PARTITIONS; } -#line 47399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2353: /* opt_extended_describe: opt_format_json */ -#line 14838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14860 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2354: /* opt_format_json: %empty */ -#line 14842 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14864 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2355: /* opt_format_json: FORMAT_SYM '=' ident_or_text */ -#line 14844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14866 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (lex_string_eq(&(yyvsp[0].lex_str), STRING_WITH_LEN("JSON"))) Lex->explain_json= true; @@ -47421,23 +47452,23 @@ my_yyabort_error((ER_UNKNOWN_EXPLAIN_FORMAT, MYF(0), "EXPLAIN/ANALYZE", (yyvsp[0].lex_str).str)); } -#line 47425 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2356: /* opt_describe_column: %empty */ -#line 14856 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14878 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47431 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47462 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2357: /* opt_describe_column: text_string */ -#line 14857 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14879 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= (yyvsp[0].string); } -#line 47437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47468 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2358: /* opt_describe_column: ident */ -#line 14859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14881 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->wild= new (thd->mem_root) String((const char*) (yyvsp[0].ident_sys).str, (yyvsp[0].ident_sys).length, @@ -47445,11 +47476,11 @@ if (unlikely(Lex->wild == NULL)) MYSQL_YYABORT; } -#line 47449 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47480 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2359: /* $@209: %empty */ -#line 14875 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14897 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->wild= 0; @@ -47459,11 +47490,11 @@ lex->init_select(); lex->current_select->parsing_place= SELECT_LIST; } -#line 47463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2360: /* explain_for_connection: describe_command opt_format_json $@209 FOR_SYM CONNECTION_SYM expr */ -#line 14885 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14907 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->create_info.init(); @@ -47475,28 +47506,28 @@ MYSQL_YYABORT; add_value_to_list(thd, (yyvsp[0].item)); } -#line 47479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2361: /* $@210: %empty */ -#line 14902 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_FLUSH; lex->type= 0; lex->no_write_to_binlog= (yyvsp[0].num); } -#line 47490 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2362: /* flush: FLUSH_SYM opt_no_write_to_binlog $@210 flush_options */ -#line 14908 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14930 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2363: /* $@211: %empty */ -#line 14913 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_TABLES; /* @@ -47506,29 +47537,29 @@ YYPS->m_lock_type= TL_READ_NO_INSERT; YYPS->m_mdl_type= MDL_SHARED_HIGH_PRIO; } -#line 47510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2364: /* flush_options: table_or_tables $@211 opt_table_list opt_flush_lock */ -#line 14923 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14945 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2365: /* flush_options: flush_options_list */ -#line 14925 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14947 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47553 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2366: /* opt_flush_lock: %empty */ -#line 14929 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14951 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2367: /* opt_flush_lock: flush_lock */ -#line 14931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *tables= Lex->query_tables; for (; tables; tables= tables->next_global) @@ -47538,17 +47569,17 @@ tables->open_type= OT_BASE_ONLY; } } -#line 47542 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47573 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2368: /* flush_lock: WITH READ_SYM LOCK_SYM optional_flush_tables_arguments */ -#line 14944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_READ_LOCK | (yyvsp[0].num); } -#line 47548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2369: /* $@212: %empty */ -#line 14946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->query_tables == NULL)) { @@ -47558,53 +47589,53 @@ } Lex->type|= REFRESH_FOR_EXPORT; } -#line 47562 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47593 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2370: /* flush_lock: FOR_SYM $@212 EXPORT_SYM */ -#line 14954 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2372: /* flush_options_list: flush_option */ -#line 14960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47574 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47605 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2373: /* flush_option: ERROR_SYM LOGS_SYM */ -#line 14965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_ERROR_LOG; } -#line 47580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2374: /* flush_option: ENGINE_SYM LOGS_SYM */ -#line 14967 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_ENGINE_LOG; } -#line 47586 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47617 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2375: /* flush_option: GENERAL LOGS_SYM */ -#line 14969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GENERAL_LOG; } -#line 47592 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47623 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2376: /* flush_option: SLOW LOGS_SYM */ -#line 14971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SLOW_LOG; } -#line 47598 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47629 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2377: /* flush_option: BINARY LOGS_SYM opt_delete_gtid_domain */ -#line 14973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_BINARY_LOG; } -#line 47604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2378: /* flush_option: RELAY LOGS_SYM optional_connection_name optional_for_channel */ -#line 14975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 14997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->type & REFRESH_RELAY_LOG)) @@ -47612,61 +47643,61 @@ lex->type|= REFRESH_RELAY_LOG; lex->relay_log_connection_name= lex->mi.connection_name; } -#line 47616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2379: /* flush_option: QUERY_SYM CACHE_SYM */ -#line 14983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_QUERY_CACHE_FREE; } -#line 47622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47653 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2380: /* flush_option: HOSTS_SYM */ -#line 14985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_HOSTS; } -#line 47628 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47659 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2381: /* flush_option: PRIVILEGES */ -#line 14987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15009 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GRANT; } -#line 47634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47665 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2382: /* flush_option: LOGS_SYM */ -#line 14989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_LOG; Lex->relay_log_connection_name= empty_clex_str; } -#line 47643 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2383: /* flush_option: STATUS_SYM */ -#line 14994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->variables.old_behavior & OLD_MODE_OLD_FLUSH_STATUS) Lex->type|= REFRESH_STATUS; else Lex->type|= REFRESH_SESSION_STATUS; } -#line 47654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2384: /* flush_option: SESSION_SYM STATUS_SYM */ -#line 15001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SESSION_STATUS; } -#line 47660 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47691 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2385: /* flush_option: GLOBAL_SYM STATUS_SYM */ -#line 15003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15025 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GLOBAL_STATUS; } -#line 47666 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2386: /* flush_option: SLAVE optional_connection_name */ -#line 15005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15027 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->type & REFRESH_SLAVE)) @@ -47674,41 +47705,41 @@ lex->type|= REFRESH_SLAVE; lex->reset_slave_info.all= false; } -#line 47678 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47709 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2387: /* flush_option: MASTER_SYM */ -#line 15013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_MASTER; } -#line 47684 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2388: /* flush_option: DES_KEY_FILE */ -#line 15015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_DES_KEY_FILE; } -#line 47690 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47721 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2389: /* flush_option: RESOURCES */ -#line 15017 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_USER_RESOURCES; } -#line 47696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47727 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2390: /* flush_option: SSL_SYM */ -#line 15019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SSL;} -#line 47702 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47733 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2391: /* flush_option: THREADS_SYM */ -#line 15021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_THREADS;} -#line 47708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2392: /* flush_option: IDENT_sys remember_tok_start */ -#line 15023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15045 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_GENERIC; ST_SCHEMA_TABLE *table= find_schema_table(thd, &(yyvsp[-1].ident_sys)); @@ -47722,29 +47753,29 @@ thd->mem_root))) MYSQL_YYABORT; } -#line 47726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2393: /* opt_table_list: %empty */ -#line 15039 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2394: /* opt_table_list: table_list */ -#line 15040 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15062 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2395: /* backup: BACKUP_SYM backup_statements */ -#line 15044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47744 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47775 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2396: /* backup_statements: STAGE_SYM ident */ -#line 15049 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15071 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int type; if (unlikely(Lex->sphead)) @@ -47756,22 +47787,22 @@ Lex->backup_stage= (backup_stages) (type-1); break; } -#line 47760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2397: /* $@213: %empty */ -#line 15061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "BACKUP LOCK")); if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 47771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2398: /* backup_statements: LOCK_SYM $@213 table_ident */ -#line 15068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Select->add_table_to_list(thd, (yyvsp[0].table), NULL, 0, TL_READ, MDL_SHARED_HIGH_PRIO))) @@ -47779,34 +47810,34 @@ Lex->sql_command= SQLCOM_BACKUP_LOCK; Lex->pop_select(); //main select } -#line 47783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2399: /* backup_statements: UNLOCK_SYM */ -#line 15076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead)) my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "BACKUP UNLOCK")); /* Table list is empty for unlock */ Lex->sql_command= SQLCOM_BACKUP_LOCK; } -#line 47794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2400: /* opt_delete_gtid_domain: %empty */ -#line 15085 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15107 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47800 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2401: /* opt_delete_gtid_domain: DELETE_DOMAIN_ID_SYM '=' '(' delete_domain_id_list ')' */ -#line 15087 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15109 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47806 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2405: /* delete_domain_id: ulonglong_num */ -#line 15097 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15119 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { uint32 value= (uint32) (yyvsp[0].ulonglong_number); if ((yyvsp[0].ulonglong_number) > UINT_MAX32) @@ -47819,115 +47850,115 @@ } insert_dynamic(&Lex->delete_gtid_domain, (uchar*) &value); } -#line 47823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2406: /* optional_flush_tables_arguments: %empty */ -#line 15112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num)= 0;} -#line 47829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2407: /* optional_flush_tables_arguments: AND_SYM DISABLE_SYM CHECKPOINT_SYM */ -#line 15113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.num)= REFRESH_CHECKPOINT; } -#line 47835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2408: /* $@214: %empty */ -#line 15118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_RESET; lex->type=0; } -#line 47844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2409: /* reset: RESET_SYM $@214 reset_options */ -#line 15123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15145 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2412: /* $@215: %empty */ -#line 15132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_SLAVE; } -#line 47856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2413: /* reset_option: SLAVE $@215 optional_connection_name slave_reset_options optional_for_channel */ -#line 15135 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15157 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 47862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2414: /* $@216: %empty */ -#line 15137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15159 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_MASTER; Lex->next_binlog_file_number= 0; } -#line 47871 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2416: /* reset_option: QUERY_SYM CACHE_SYM */ -#line 15142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->type|= REFRESH_QUERY_CACHE;} -#line 47877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2417: /* slave_reset_options: %empty */ -#line 15146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->reset_slave_info.all= false; } -#line 47883 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2418: /* slave_reset_options: ALL */ -#line 15147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->reset_slave_info.all= true; } -#line 47889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2419: /* master_reset_options: %empty */ -#line 15151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15173 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 47895 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47926 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2420: /* master_reset_options: TO_SYM ulong_num */ -#line 15153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15175 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->next_binlog_file_number = (yyvsp[0].ulong_num); } -#line 47903 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47934 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2421: /* purge: PURGE master_or_binary LOGS_SYM TO_SYM TEXT_STRING_sys */ -#line 15160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_purge_to((yyvsp[0].lex_str)); } -#line 47911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2422: /* $@217: %empty */ -#line 15164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= "PURGE..BEFORE"; } -#line 47917 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47948 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2423: /* purge: PURGE master_or_binary LOGS_SYM BEFORE_SYM $@217 expr */ -#line 15166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->clause_that_disallows_subselect= NULL; if (Lex->stmt_purge_before((yyvsp[0].item))) MYSQL_YYABORT; } -#line 47927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47958 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2424: /* $@218: %empty */ -#line 15178 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->value_list.empty(); @@ -47937,124 +47968,124 @@ thd->where= THD_WHERE::USE_WHERE_STRING; thd->where_str= "KILL"; } -#line 47941 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47972 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2425: /* kill: KILL_SYM $@218 kill_type kill_option */ -#line 15188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->kill_signal= (killed_state) ((yyvsp[-1].num) | (yyvsp[0].num)); } -#line 47949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47980 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2426: /* kill_type: %empty */ -#line 15194 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15216 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_HARD_BIT; } -#line 47955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47986 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2427: /* kill_type: HARD_SYM */ -#line 15195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_HARD_BIT; } -#line 47961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2428: /* kill_type: SOFT_SYM */ -#line 15196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15218 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 47967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 47998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2429: /* kill_option: opt_connection kill_expr */ -#line 15200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_CONNECTION; } -#line 47973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2430: /* kill_option: QUERY_SYM kill_expr */ -#line 15201 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_QUERY; } -#line 47979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2431: /* kill_option: QUERY_SYM ID_SYM expr */ -#line 15203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15225 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (int) KILL_QUERY; Lex->kill_type= KILL_TYPE_QUERY; Lex->value_list.push_front((yyvsp[0].item), thd->mem_root); } -#line 47989 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48020 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2432: /* opt_connection: %empty */ -#line 15211 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 47995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2433: /* opt_connection: CONNECTION_SYM */ -#line 15212 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2434: /* kill_expr: expr */ -#line 15217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->value_list.push_front((yyval.item), thd->mem_root); } -#line 48009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2435: /* kill_expr: USER_SYM user */ -#line 15221 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root); Lex->kill_type= KILL_TYPE_USER; } -#line 48018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2436: /* $@219: %empty */ -#line 15228 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15250 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_SHUTDOWN; } -#line 48024 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2437: /* shutdown: SHUTDOWN $@219 shutdown_option */ -#line 15229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15251 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48061 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2438: /* shutdown_option: %empty */ -#line 15233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->is_shutdown_wait_for_slaves= false; } -#line 48036 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48067 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2439: /* shutdown_option: WAIT_SYM FOR_SYM ALL SLAVES */ -#line 15235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->is_shutdown_wait_for_slaves= true; } -#line 48044 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48075 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2440: /* use: USE_SYM ident */ -#line 15244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command=SQLCOM_CHANGE_DB; lex->first_select_lex()->db= (yyvsp[0].ident_sys); } -#line 48054 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48085 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2441: /* $@220: %empty */ -#line 15255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15277 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; @@ -48068,11 +48099,11 @@ MYSQL_YYABORT; lex->init_select(); } -#line 48072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48103 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2442: /* $@221: %empty */ -#line 15269 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_LOAD; @@ -48083,11 +48114,11 @@ sql_exchange((yyvsp[0].lex_str).str, 0, (yyvsp[-5].filetype))))) MYSQL_YYABORT; } -#line 48087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2443: /* $@222: %empty */ -#line 15280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (unlikely(!Select->add_table_to_list(thd, (yyvsp[-1].table), NULL, @@ -48100,55 +48131,55 @@ lex->value_list.empty(); lex->many_values.empty(); } -#line 48104 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48135 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2444: /* $@223: %empty */ -#line 15293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15315 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->cs= (yyvsp[0].charset); } -#line 48110 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2445: /* load: LOAD data_or_xml $@220 load_data_lock opt_local INFILE TEXT_STRING_filesystem $@221 opt_duplicate INTO TABLE_SYM table_ident opt_use_partition $@222 opt_load_data_charset $@223 opt_xml_rows_identified_by opt_field_term opt_line_term opt_ignore_lines opt_field_or_var_spec opt_load_data_set_spec stmt_end */ -#line 15298 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->mark_first_table_as_inserting(); } -#line 48118 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48149 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2446: /* data_or_xml: DATA_SYM */ -#line 15304 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15326 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.filetype)= FILETYPE_CSV; } -#line 48124 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48155 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2447: /* data_or_xml: XML_SYM */ -#line 15305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.filetype)= FILETYPE_XML; } -#line 48130 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2448: /* opt_local: %empty */ -#line 15309 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=0;} -#line 48136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2449: /* opt_local: LOCAL_SYM */ -#line 15310 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15332 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1;} -#line 48142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2450: /* load_data_lock: %empty */ -#line 15314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15336 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_DEFAULT; } -#line 48148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2451: /* load_data_lock: CONCURRENT */ -#line 15316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Ignore this option in SP to avoid problem with query cache and @@ -48156,160 +48187,160 @@ */ (yyval.lock_type)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 48160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2452: /* load_data_lock: LOW_PRIORITY */ -#line 15323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lock_type)= TL_WRITE_LOW_PRIORITY; } -#line 48166 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2453: /* opt_duplicate: %empty */ -#line 15327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15349 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates=DUP_ERROR; } -#line 48172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2454: /* opt_duplicate: REPLACE */ -#line 15328 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->duplicates=DUP_REPLACE; } -#line 48178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2455: /* opt_duplicate: IGNORE_SYM */ -#line 15329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15351 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ignore= 1; } -#line 48184 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2460: /* field_term: TERMINATED BY text_string */ -#line 15344 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->field_term= (yyvsp[0].string); } -#line 48193 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48224 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2461: /* field_term: OPTIONALLY ENCLOSED BY text_string */ -#line 15349 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15371 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; DBUG_ASSERT(lex->exchange != 0); lex->exchange->enclosed= (yyvsp[0].string); lex->exchange->opt_enclosed= 1; } -#line 48204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2462: /* field_term: ENCLOSED BY text_string */ -#line 15356 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->enclosed= (yyvsp[0].string); } -#line 48213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2463: /* field_term: ESCAPED BY text_string */ -#line 15361 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->escaped= (yyvsp[0].string); } -#line 48222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2468: /* line_term: TERMINATED BY text_string */ -#line 15379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->line_term= (yyvsp[0].string); } -#line 48231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48262 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2469: /* line_term: STARTING BY text_string */ -#line 15384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->line_start= (yyvsp[0].string); } -#line 48240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2470: /* opt_xml_rows_identified_by: %empty */ -#line 15391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2471: /* opt_xml_rows_identified_by: ROWS_SYM IDENTIFIED_SYM BY text_string */ -#line 15393 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->exchange->line_term = (yyvsp[0].string); } -#line 48252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2473: /* opt_ignore_lines: IGNORE_SYM NUM lines_or_rows */ -#line 15399 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { DBUG_ASSERT(Lex->exchange != 0); Lex->exchange->skip_lines= atol((yyvsp[-1].lex_str).str); } -#line 48261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2474: /* lines_or_rows: LINES */ -#line 15406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2475: /* lines_or_rows: ROWS_SYM */ -#line 15407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 48273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2476: /* opt_field_or_var_spec: %empty */ -#line 15411 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15433 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48279 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48310 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2477: /* opt_field_or_var_spec: '(' fields_or_vars ')' */ -#line 15412 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48316 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2478: /* opt_field_or_var_spec: '(' ')' */ -#line 15413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48291 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48322 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2479: /* fields_or_vars: fields_or_vars ',' field_or_var */ -#line 15418 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 48297 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48328 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2480: /* fields_or_vars: field_or_var */ -#line 15420 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15442 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->field_list.push_back((yyvsp[0].item), thd->mem_root); } -#line 48303 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48334 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2481: /* field_or_var: simple_ident_nospvar */ -#line 15424 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {(yyval.item)= (yyvsp[0].item);} -#line 48309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2482: /* field_or_var: '@' ident_or_text */ -#line 15426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[0].lex_str).length) { @@ -48321,23 +48352,23 @@ if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2483: /* opt_load_data_set_spec: %empty */ -#line 15440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2484: /* opt_load_data_set_spec: SET load_data_set_list */ -#line 15441 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15463 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 48337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2487: /* load_data_set_elem: simple_ident_nospvar equal remember_name expr_or_ignore_or_default remember_end */ -#line 15451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->update_list.push_back((yyvsp[-4].item), thd->mem_root)) || @@ -48345,49 +48376,49 @@ MYSQL_YYABORT; (yyvsp[-1].item)->set_name_no_truncate(thd, (yyvsp[-2].simple_string), (uint) ((yyvsp[0].simple_string) - (yyvsp[-2].simple_string)), thd->charset()); } -#line 48349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2488: /* text_literal: TEXT_STRING */ -#line 15464 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal((yyvsp[0].lex_string_with_metadata))))) MYSQL_YYABORT; } -#line 48358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2489: /* text_literal: NCHAR_STRING */ -#line 15469 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15491 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal_nchar((yyvsp[0].lex_string_with_metadata))))) MYSQL_YYABORT; } -#line 48367 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48398 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2490: /* text_literal: UNDERSCORE_CHARSET TEXT_STRING */ -#line 15474 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].charset)= thd->variables.character_set_collations. get_collation_for_charset(thd, (yyvsp[-1].charset)); if (unlikely(!((yyval.item_basic_constant)= thd->make_string_literal_charset((yyvsp[0].lex_string_with_metadata), (yyvsp[-1].charset))))) MYSQL_YYABORT; } -#line 48378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2491: /* text_literal: text_literal TEXT_STRING_literal */ -#line 15481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_basic_constant)= (yyvsp[-1].item_basic_constant)->make_string_literal_concat(thd, &(yyvsp[0].lex_str))))) MYSQL_YYABORT; } -#line 48387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48418 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2492: /* text_string: TEXT_STRING_literal */ -#line 15489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= new (thd->mem_root) String((const char*) (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, @@ -48395,17 +48426,17 @@ if (unlikely((yyval.string) == NULL)) MYSQL_YYABORT; } -#line 48399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2493: /* text_string: hex_or_bin_String */ -#line 15496 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.string)= (yyvsp[0].string); } -#line 48405 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2494: /* hex_or_bin_String: HEX_NUM */ -#line 15502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15524 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_hex_hybrid(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -48413,11 +48444,11 @@ MYSQL_YYABORT; (yyval.string)= tmp->val_str((String*) 0); } -#line 48417 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2495: /* hex_or_bin_String: HEX_STRING */ -#line 15510 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15532 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_hex_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -48425,11 +48456,11 @@ MYSQL_YYABORT; (yyval.string)= tmp->val_str((String*) 0); } -#line 48429 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48460 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2496: /* hex_or_bin_String: BIN_NUM */ -#line 15518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item *tmp= new (thd->mem_root) Item_bin_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); @@ -48441,76 +48472,76 @@ */ (yyval.string)= tmp->val_str((String*) 0); } -#line 48445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2497: /* param_marker: PARAM_MARKER */ -#line 15533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, ¶m_clex_str, YYLIP->get_tok_start(), YYLIP->get_tok_start() + 1)))) MYSQL_YYABORT; } -#line 48456 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48487 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2498: /* param_marker: COLON_ORACLE_SYM ident_cli */ -#line 15540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15562 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, &null_clex_str, (yyvsp[-1].kwd).pos(), (yyvsp[0].ident_cli).end())))) MYSQL_YYABORT; } -#line 48466 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2499: /* param_marker: COLON_ORACLE_SYM NUM */ -#line 15546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item_param)= Lex->add_placeholder(thd, &null_clex_str, (yyvsp[-1].kwd).pos(), YYLIP->get_ptr())))) MYSQL_YYABORT; } -#line 48477 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48508 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2500: /* signed_literal: '+' NUM_literal */ -#line 15555 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_num); } -#line 48483 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48514 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2501: /* signed_literal: '-' NUM_literal */ -#line 15557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[0].item_num)->max_length++; (yyval.item)= (yyvsp[0].item_num)->neg(thd); } -#line 48492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48523 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2502: /* literal: text_literal */ -#line 15564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_basic_constant); } -#line 48498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48529 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2503: /* literal: NUM_literal */ -#line 15565 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item) = (yyvsp[0].item_num); } -#line 48504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48535 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2504: /* literal: temporal_literal */ -#line 15566 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15588 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= (yyvsp[0].item); } -#line 48510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48541 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2505: /* literal: NULL_SYM */ -#line 15568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15590 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* For the digest computation, in this context only, @@ -48524,61 +48555,61 @@ MYSQL_YYABORT; YYLIP->next_state= MY_LEX_OPERATOR_OR_IDENT; } -#line 48528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48559 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2506: /* literal: FALSE_SYM */ -#line 15582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15604 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bool(thd, (char*) "FALSE",0); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48538 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2507: /* literal: TRUE_SYM */ -#line 15588 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15610 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bool(thd, (char*) "TRUE",1); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2508: /* literal: HEX_NUM */ -#line 15594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15616 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_hex_hybrid(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48589 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2509: /* literal: HEX_STRING */ -#line 15600 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15622 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_hex_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48568 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48599 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2510: /* literal: BIN_NUM */ -#line 15606 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15628 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_bin_string(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item) == NULL)) MYSQL_YYABORT; } -#line 48578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2511: /* literal: UNDERSCORE_CHARSET hex_or_bin_String */ -#line 15612 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Item_string_with_introducer *item_str; LEX_CSTRING tmp; @@ -48598,11 +48629,11 @@ (yyval.item)= item_str; } -#line 48602 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2512: /* NUM_literal: NUM */ -#line 15635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15657 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.item_num)= new (thd->mem_root) @@ -48612,11 +48643,11 @@ if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 48616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48647 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2513: /* NUM_literal: LONG_NUM */ -#line 15645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { int error; (yyval.item_num)= new (thd->mem_root) @@ -48626,75 +48657,75 @@ if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 48630 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2514: /* NUM_literal: ULONGLONG_NUM */ -#line 15655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15677 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_uint(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item_num) == NULL)) MYSQL_YYABORT; } -#line 48640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2515: /* NUM_literal: DECIMAL_NUM */ -#line 15661 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_decimal(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length, thd->charset()); if (unlikely((yyval.item_num) == NULL) || unlikely(thd->is_error())) MYSQL_YYABORT; } -#line 48651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2516: /* NUM_literal: FLOAT_NUM */ -#line 15668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item_num)= new (thd->mem_root) Item_float(thd, (yyvsp[0].lex_str).str, (yyvsp[0].lex_str).length); if (unlikely((yyval.item_num) == NULL) || unlikely(thd->is_error())) MYSQL_YYABORT; } -#line 48661 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48692 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2517: /* temporal_literal: DATE_SYM TEXT_STRING */ -#line 15678 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15700 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_newdate.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 48672 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48703 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2518: /* temporal_literal: TIME_SYM TEXT_STRING */ -#line 15685 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_time2.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 48683 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2519: /* temporal_literal: TIMESTAMP TEXT_STRING */ -#line 15692 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15714 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= type_handler_datetime.create_literal_item(thd, (yyvsp[0].lex_string_with_metadata).str, (yyvsp[0].lex_string_with_metadata).length, YYCSCL, true)))) MYSQL_YYABORT; } -#line 48694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2520: /* $@224: %empty */ -#line 15702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15724 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; With_clause *with_clause= @@ -48710,32 +48741,32 @@ lex->current_select->parsing_place == BEFORE_OPT_LIST) lex->current_select->parsing_place= NO_MATTER; } -#line 48714 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48745 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2521: /* with_clause: WITH opt_recursive $@224 with_list */ -#line 15718 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15740 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.with_clause)= Lex->curr_with_clause; Lex->curr_with_clause= Lex->curr_with_clause->pop(); } -#line 48723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2522: /* opt_recursive: %empty */ -#line 15726 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15748 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 48729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2523: /* opt_recursive: RECURSIVE_SYM */ -#line 15727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 48735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2527: /* with_list_element: with_element_head with_column_list AS '(' query_expression ')' opt_cycle */ -#line 15744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; const char *query_start= lex->sphead ? lex->sphead->m_tmp_query @@ -48753,78 +48784,78 @@ } elem->set_tables_end_pos(lex->query_tables_last); } -#line 48757 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2528: /* opt_cycle: %empty */ -#line 15765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15787 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= NULL; } -#line 48763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2529: /* $@225: %empty */ -#line 15768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!Lex->curr_with_clause->with_recursive) { thd->parse_error(ER_SYNTAX_ERROR, (yyvsp[0].kwd).pos()); } } -#line 48774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2530: /* opt_cycle: CYCLE_SYM $@225 comma_separated_ident_list RESTRICT */ -#line 15775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= (yyvsp[-1].ident_sys_list); } -#line 48782 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2531: /* opt_column_name_list: %empty */ -#line 15782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15804 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.ident_sys_list)= new (thd->mem_root) List) == NULL) MYSQL_YYABORT; } -#line 48791 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48822 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2532: /* opt_column_name_list: '(' comma_separated_ident_list ')' */ -#line 15787 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= (yyvsp[-1].ident_sys_list); } -#line 48797 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48828 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2533: /* ident_sys_alloc: ident_cli */ -#line 15792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_ptr)= new (thd->mem_root) Lex_ident_sys(thd, &(yyvsp[0].ident_cli)); } -#line 48805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2534: /* comma_separated_ident_list: ident_sys_alloc */ -#line 15799 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_sys_list)= new (thd->mem_root) List; if (unlikely((yyval.ident_sys_list) == NULL || (yyval.ident_sys_list)->push_back((yyvsp[0].ident_sys_ptr)))) MYSQL_YYABORT; } -#line 48815 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48846 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2535: /* comma_separated_ident_list: comma_separated_ident_list ',' ident_sys_alloc */ -#line 15805 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.ident_sys_list)= (yyvsp[-2].ident_sys_list))->push_back((yyvsp[0].ident_sys_ptr))) MYSQL_YYABORT; } -#line 48824 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2536: /* with_element_head: ident */ -#line 15814 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.with_element_head)= new (thd->mem_root) With_element_head( Lex_ident_with_element((yyvsp[0].ident_sys))); @@ -48832,163 +48863,163 @@ MYSQL_YYABORT; (yyval.with_element_head)->tables_pos.set_start_pos(Lex->query_tables_last); } -#line 48836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2537: /* insert_ident: simple_ident_nospvar */ -#line 15830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 48842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2538: /* insert_ident: table_wild */ -#line 15831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15853 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 48848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2539: /* table_wild: ident '.' '*' */ -#line 15836 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15858 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 48857 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48888 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2540: /* table_wild: ident '.' ident '.' '*' */ -#line 15841 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15863 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys))))) MYSQL_YYABORT; } -#line 48866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2541: /* select_sublist_qualified_asterisk: ident_cli '.' '*' */ -#line 15849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-2].ident_cli))))) MYSQL_YYABORT; } -#line 48875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2542: /* select_sublist_qualified_asterisk: ident_cli '.' ident_cli '.' '*' */ -#line 15854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_qualified_asterisk(thd, &(yyvsp[-4].ident_cli), &(yyvsp[-2].ident_cli))))) MYSQL_YYABORT; } -#line 48884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2543: /* order_ident: expr */ -#line 15861 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)=(yyvsp[0].item); } -#line 48890 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48921 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2544: /* simple_ident: ident_cli */ -#line 15867 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48899 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2545: /* simple_ident: ident_cli '.' ident_cli */ -#line 15872 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15894 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2546: /* simple_ident: '.' ident_cli '.' ident_cli */ -#line 15877 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_cli empty((yyvsp[-2].ident_cli).pos(), 0); if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &empty, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48918 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48949 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2547: /* simple_ident: ident_cli '.' ident_cli '.' ident_cli */ -#line 15883 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15905 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-4].ident_cli), &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48927 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48958 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2548: /* simple_ident: COLON_ORACLE_SYM ident_cli '.' ident_cli */ -#line 15888 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15910 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_colon_ident_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2549: /* simple_ident_nospvar: ident */ -#line 15896 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15918 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident_nosp(thd, &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 48945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48976 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2550: /* simple_ident_nospvar: ident '.' ident */ -#line 15901 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15923 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident_nospvar(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 48954 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2551: /* simple_ident_nospvar: COLON_ORACLE_SYM ident_cli '.' ident_cli */ -#line 15906 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15928 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->make_item_colon_ident_ident(thd, &(yyvsp[-2].ident_cli), &(yyvsp[0].ident_cli))))) MYSQL_YYABORT; } -#line 48963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 48994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2552: /* simple_ident_nospvar: '.' ident '.' ident */ -#line 15911 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15933 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys none; if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &none, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 48973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2553: /* simple_ident_nospvar: ident '.' ident '.' ident */ -#line 15917 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15939 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.item)= Lex->create_item_ident(thd, &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys))))) MYSQL_YYABORT; } -#line 48982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2554: /* field_ident: ident */ -#line 15924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 48988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49019 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2555: /* field_ident: ident '.' ident '.' ident */ -#line 15926 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15948 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *table= Select->table_list.first; if (unlikely(!table->db.streq((yyvsp[-4].ident_sys)))) @@ -48997,228 +49028,228 @@ my_yyabort_error((ER_WRONG_TABLE_NAME, MYF(0), (yyvsp[-2].ident_sys).str)); (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 49001 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2556: /* field_ident: ident '.' ident */ -#line 15935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { TABLE_LIST *table= Select->table_list.first; if (unlikely(!table->alias.streq((yyvsp[-2].ident_sys)))) my_yyabort_error((ER_WRONG_TABLE_NAME, MYF(0), (yyvsp[-2].ident_sys).str)); (yyval.lex_str)=(yyvsp[0].ident_sys); } -#line 49012 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49043 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2557: /* field_ident: '.' ident */ -#line 15941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 49018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2558: /* table_ident: ident */ -#line 15946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[0].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2559: /* table_ident: ident '.' ident */ -#line 15952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(thd, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49038 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2560: /* table_ident: '.' ident */ -#line 15958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* For Delphi */ (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[0].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2561: /* table_ident_opt_wild: ident opt_wild */ -#line 15968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(&(yyvsp[-1].ident_sys)); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2562: /* table_ident_opt_wild: ident '.' ident opt_wild */ -#line 15974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 15996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.table)= new (thd->mem_root) Table_ident(thd, &(yyvsp[-3].ident_sys), &(yyvsp[-1].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2563: /* table_ident_nodb: ident */ -#line 15983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING db= any_db; (yyval.table)= new (thd->mem_root) Table_ident(thd, &db, &(yyvsp[0].ident_sys), 0); if (unlikely((yyval.table) == NULL)) MYSQL_YYABORT; } -#line 49080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49111 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2568: /* ident_cli: keyword_ident */ -#line 15999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 49086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2569: /* IDENT_sys: IDENT_cli */ -#line 16004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16026 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->to_ident_sys_alloc(&(yyval.ident_sys), &(yyvsp[0].ident_cli)))) MYSQL_YYABORT; } -#line 49095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49126 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2572: /* ident_cli_func: keyword_func_sp_var_and_label */ -#line 16013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16035 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 49101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49132 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2573: /* ident_cli_func: keyword_func_sp_var_not_label */ -#line 16014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 49107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49138 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2574: /* ident_func: ident_cli_func */ -#line 16019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->to_ident_sys_alloc(&(yyval.ident_sys), &(yyvsp[0].ident_cli)))) MYSQL_YYABORT; } -#line 49116 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49147 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2575: /* TEXT_STRING_sys: TEXT_STRING */ -#line 16028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_sys(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 49125 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49156 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2576: /* TEXT_STRING_literal: TEXT_STRING */ -#line 16036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16058 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_connection(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 49134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2577: /* TEXT_STRING_filesystem: TEXT_STRING */ -#line 16044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (thd->make_text_string_filesystem(&(yyval.lex_str), &(yyvsp[0].lex_string_with_metadata))) MYSQL_YYABORT; } -#line 49143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49174 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2579: /* ident_table_alias: keyword_table_alias */ -#line 16053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 49152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2580: /* ident_cli_set_usual_case: IDENT_cli */ -#line 16060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].ident_cli); } -#line 49158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2581: /* ident_cli_set_usual_case: keyword_set_usual_case */ -#line 16061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 49164 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2583: /* ident_sysvar_name: keyword_sysvar_name */ -#line 16067 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16089 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 49173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2584: /* ident_sysvar_name: TEXT_STRING_sys */ -#line 16072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_sys(thd, &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 49182 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49213 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2586: /* ident: keyword_ident */ -#line 16082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 49191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2588: /* label_ident: keyword_label */ -#line 16091 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16113 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 49200 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49231 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2589: /* ident_or_text: ident */ -#line 16098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16120 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].ident_sys);} -#line 49206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2590: /* ident_or_text: TEXT_STRING_sys */ -#line 16099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str);} -#line 49212 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2591: /* ident_or_text: LEX_HOSTNAME */ -#line 16100 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)=(yyvsp[0].lex_str);} -#line 49218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49249 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2592: /* user_maybe_role: ident_or_text */ -#line 16105 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; @@ -49229,11 +49260,11 @@ system_charset_info, 0))) MYSQL_YYABORT; } -#line 49233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2593: /* user_maybe_role: ident_or_text '@' ident_or_text */ -#line 16116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; @@ -49257,76 +49288,76 @@ (yyval.lex_user)->host= host_not_specified; } } -#line 49261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2594: /* user_maybe_role: CURRENT_USER optional_braces */ -#line 16140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; (yyval.lex_user)->user= current_user; } -#line 49271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 2597: /* user: user_maybe_role */ -#line 16150 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 16172 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if ((yyvsp[0].lex_user)->user.str != current_user.str && (yyvsp[0].lex_user)->host.str == 0) (yyvsp[0].lex_user)->host= host_not_specified; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 49281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3328: /* $@226: %empty */ -#line 17029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_stmt_init(); } -#line 49290 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49321 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3329: /* set: SET $@226 set_param */ -#line 17034 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17056 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 49299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3332: /* $@227: %empty */ -#line 17044 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17066 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= OPT_DEFAULT; if (sp_create_assignment_lex(thd, (yyvsp[0].kwd).pos())) MYSQL_YYABORT; } -#line 49309 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3333: /* set_param: TRANSACTION_SYM $@227 transaction_characteristics */ -#line 17050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17072 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3334: /* $@228: %empty */ -#line 17055 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17077 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= (yyvsp[0].var_type); } -#line 49326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49357 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3336: /* $@229: %empty */ -#line 17061 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17083 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->table_or_sp_used())) @@ -49336,112 +49367,112 @@ if (Lex->check_main_unit_semantics()) MYSQL_YYABORT; } -#line 49340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3342: /* $@230: %empty */ -#line 17088 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[0].kwd).pos())) MYSQL_YYABORT; } -#line 49349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3343: /* start_option_value_list_following_option_type: TRANSACTION_SYM $@230 transaction_characteristics */ -#line 17093 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49358 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3346: /* $@231: %empty */ -#line 17108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->option_type= (yyvsp[0].var_type); } -#line 49366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3349: /* option_type: GLOBAL_SYM */ -#line 17116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 49372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49403 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3350: /* option_type: LOCAL_SYM */ -#line 17117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17139 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3351: /* option_type: SESSION_SYM */ -#line 17118 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3352: /* opt_var_type: %empty */ -#line 17122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3353: /* opt_var_type: GLOBAL_SYM */ -#line 17123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17145 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 49396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3354: /* opt_var_type: LOCAL_SYM */ -#line 17124 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3355: /* opt_var_type: SESSION_SYM */ -#line 17125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49408 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3356: /* opt_var_ident_type: %empty */ -#line 17129 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17151 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_DEFAULT; } -#line 49414 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3357: /* opt_var_ident_type: GLOBAL_SYM '.' */ -#line 17130 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17152 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_GLOBAL; } -#line 49420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3358: /* opt_var_ident_type: LOCAL_SYM '.' */ -#line 17131 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17153 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49426 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49457 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3359: /* opt_var_ident_type: SESSION_SYM '.' */ -#line 17132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.var_type)=OPT_SESSION; } -#line 49432 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3360: /* $@232: %empty */ -#line 17141 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17163 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 49441 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49472 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3361: /* set_stmt_option: ident_cli equal $@232 set_expr_or_default */ -#line 17146 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17168 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); if (unlikely(!tmp.str) || @@ -49450,20 +49481,20 @@ MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 49454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3362: /* $@233: %empty */ -#line 17155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 49463 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49494 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3363: /* set_stmt_option: ident_cli '.' ident equal $@233 set_expr_or_default */ -#line 17160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); if (unlikely(!tmp.str) || @@ -49472,40 +49503,40 @@ MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 49476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49507 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3364: /* $@234: %empty */ -#line 17169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push(false)) MYSQL_YYABORT; } -#line 49485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3365: /* set_stmt_option: DEFAULT '.' ident equal $@234 set_expr_or_default */ -#line 17174 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17196 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr))) MYSQL_YYABORT; Lex->pop_select(); //min select } -#line 49496 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3366: /* $@235: %empty */ -#line 17186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17208 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].ident_cli).pos())) MYSQL_YYABORT; } -#line 49505 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49536 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3367: /* option_value_following_option_type: ident_cli equal $@235 set_expr_or_default */ -#line 17191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); if (unlikely(!tmp.str) || @@ -49514,20 +49545,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3368: /* $@236: %empty */ -#line 17200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].ident_cli).pos())) MYSQL_YYABORT; } -#line 49527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3369: /* option_value_following_option_type: ident_cli '.' ident equal $@236 set_expr_or_default */ -#line 17205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); if (unlikely(!tmp.str) || @@ -49536,40 +49567,40 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49571 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3370: /* $@237: %empty */ -#line 17214 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17236 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].kwd).pos())) MYSQL_YYABORT; } -#line 49549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49580 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3371: /* option_value_following_option_type: DEFAULT '.' ident equal $@237 set_expr_or_default */ -#line 17219 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17241 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49560 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49591 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3372: /* $@238: %empty */ -#line 17230 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17252 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].ident_cli).pos())) MYSQL_YYABORT; } -#line 49569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3373: /* option_value_no_option_type: ident_cli_set_usual_case equal $@238 set_expr_or_default */ -#line 17235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); @@ -49578,20 +49609,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3374: /* $@239: %empty */ -#line 17244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17266 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].ident_cli).pos())) MYSQL_YYABORT; } -#line 49591 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3375: /* option_value_no_option_type: ident_cli_set_usual_case '.' ident equal $@239 set_expr_or_default */ -#line 17249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-5].ident_cli)); @@ -49600,20 +49631,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49604 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49635 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3376: /* $@240: %empty */ -#line 17258 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17280 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-3].kwd).pos())) MYSQL_YYABORT; } -#line 49613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3377: /* option_value_no_option_type: DEFAULT '.' ident equal $@240 set_expr_or_default */ -#line 17263 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable(Lex->option_type, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr))) @@ -49621,11 +49652,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49625 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3378: /* $@241: %empty */ -#line 17271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!(yyvsp[-1].lex_str).length) { @@ -49636,11 +49667,11 @@ if (sp_create_assignment_lex(thd, (yyvsp[-2].lex_str).str)) MYSQL_YYABORT; } -#line 49640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49671 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3379: /* option_value_no_option_type: '@' ident_or_text equal $@241 remember_cpp_ptr expr remember_end */ -#line 17282 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17304 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -49654,69 +49685,69 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3380: /* $@242: %empty */ -#line 17296 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-4].lex_str).str)) MYSQL_YYABORT; } -#line 49667 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49698 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3381: /* option_value_no_option_type: '@' '@' opt_var_ident_type ident_sysvar_name equal $@242 set_expr_or_default */ -#line 17301 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_system_variable((yyvsp[-4].var_type), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3382: /* $@243: %empty */ -#line 17307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17329 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-6].lex_str).str)) MYSQL_YYABORT; } -#line 49686 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3383: /* option_value_no_option_type: '@' '@' opt_var_ident_type ident_sysvar_name '.' ident equal $@243 set_expr_or_default */ -#line 17312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17334 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_system_variable(thd, (yyvsp[-6].var_type), &(yyvsp[-5].ident_sys), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49697 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49728 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3384: /* $@244: %empty */ -#line 17319 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17341 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-6].lex_str).str)) MYSQL_YYABORT; } -#line 49706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49737 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3385: /* option_value_no_option_type: '@' '@' opt_var_ident_type DEFAULT '.' ident equal $@244 set_expr_or_default */ -#line 17324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->set_default_system_variable((yyvsp[-6].var_type), &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr)) || unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49716 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3386: /* option_value_no_option_type: charset old_or_new_charset_name_or_default */ -#line 17330 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17352 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; @@ -49734,11 +49765,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49738 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49769 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3387: /* option_value_no_option_type: NAMES_SYM equal expr */ -#line 17348 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17370 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; sp_pcontext *spc= lex->spcont; @@ -49749,31 +49780,31 @@ thd->parse_error(); MYSQL_YYABORT; } -#line 49753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3388: /* option_value_no_option_type: NAMES_SYM charset_name_or_default */ -#line 17359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_names((yyvsp[-1].kwd).pos(), (yyvsp[0].charset), Lex_extended_collation_st::collate_default(), yychar == YYEMPTY)) MYSQL_YYABORT; } -#line 49764 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3389: /* option_value_no_option_type: NAMES_SYM charset_name_or_default COLLATE_SYM collation_name_or_default */ -#line 17367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->set_names((yyvsp[-3].kwd).pos(), (yyvsp[-2].charset), (yyvsp[0].Lex_extended_collation), yychar == YYEMPTY)) MYSQL_YYABORT; } -#line 49773 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49804 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3390: /* option_value_no_option_type: DEFAULT ROLE_SYM grant_role */ -#line 17372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-2].kwd).pos())) MYSQL_YYABORT; @@ -49795,11 +49826,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49799 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49830 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3391: /* option_value_no_option_type: DEFAULT ROLE_SYM grant_role FOR_SYM user */ -#line 17394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17416 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-4].kwd).pos())) MYSQL_YYABORT; @@ -49815,11 +49846,11 @@ if (unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3392: /* option_value_no_option_type: ROLE_SYM role_name */ -#line 17410 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17432 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; @@ -49830,20 +49861,20 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49834 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3393: /* $@245: %empty */ -#line 17421 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17443 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 49843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3394: /* option_value_no_option_type: ROLE_SYM equal $@245 set_expr_or_default */ -#line 17426 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17448 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].kwd)); @@ -49852,49 +49883,49 @@ unlikely(sp_create_assignment_instr(thd, yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49887 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3395: /* $@246: %empty */ -#line 17435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 49865 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49896 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3396: /* option_value_no_option_type: PASSWORD_SYM equal $@246 text_or_password */ -#line 17440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_create_set_password_instr(thd, (yyvsp[0].user_auth), yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49875 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49906 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3397: /* $@247: %empty */ -#line 17446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (sp_create_assignment_lex(thd, (yyvsp[-1].kwd).pos())) MYSQL_YYABORT; } -#line 49884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3398: /* option_value_no_option_type: PASSWORD_SYM FOR_SYM $@247 user equal text_or_password */ -#line 17451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_create_set_password_instr(thd, (yyvsp[-2].lex_user), (yyvsp[0].user_auth), yychar == YYEMPTY))) MYSQL_YYABORT; } -#line 49894 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3403: /* transaction_access_mode: transaction_access_mode_types */ -#line 17467 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17489 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Item *item= new (thd->mem_root) Item_int(thd, (int32) (yyvsp[0].num)); @@ -49910,11 +49941,11 @@ if (unlikely(lex->var_list.push_back(var, thd->mem_root))) MYSQL_YYABORT; } -#line 49914 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3404: /* isolation_level: ISOLATION LEVEL_SYM isolation_types */ -#line 17486 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; Item *item= new (thd->mem_root) Item_int(thd, (int32) (yyvsp[0].tx_isolation)); @@ -49929,65 +49960,65 @@ unlikely(lex->var_list.push_back(var, thd->mem_root))) MYSQL_YYABORT; } -#line 49933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3405: /* transaction_access_mode_types: READ_SYM ONLY_SYM */ -#line 17503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17525 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= true; } -#line 49939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49970 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3406: /* transaction_access_mode_types: READ_SYM WRITE_SYM */ -#line 17504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 49945 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49976 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3407: /* isolation_types: READ_SYM UNCOMMITTED_SYM */ -#line 17508 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17530 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_READ_UNCOMMITTED; } -#line 49951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3408: /* isolation_types: READ_SYM COMMITTED_SYM */ -#line 17509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17531 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_READ_COMMITTED; } -#line 49957 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49988 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3409: /* isolation_types: REPEATABLE_SYM READ_SYM */ -#line 17510 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17532 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_REPEATABLE_READ; } -#line 49963 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 49994 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3410: /* isolation_types: SERIALIZABLE_SYM */ -#line 17511 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17533 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.tx_isolation)= ISO_SERIALIZABLE; } -#line 49969 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3411: /* text_or_password: TEXT_STRING */ -#line 17517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17539 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->auth_str= (yyvsp[0].lex_string_with_metadata); } -#line 49978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3412: /* text_or_password: PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 17522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); } -#line 49987 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3413: /* text_or_password: OLD_PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 17527 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17549 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= new (thd->mem_root) USER_AUTH(); (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); @@ -49995,11 +50026,11 @@ (yyvsp[-1].lex_string_with_metadata).str, (yyvsp[-1].lex_string_with_metadata).length, Item_func_password::OLD); (yyval.user_auth)->auth_str.length= SCRAMBLED_PASSWORD_CHAR_LENGTH_323; } -#line 49999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3414: /* set_expr_or_default: remember_cpp_ptr expr remember_end */ -#line 17538 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17560 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -50012,47 +50043,47 @@ (yyval.expr_and_query_str)= { (yyvsp[-1].item), expr_str }; } -#line 50016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3415: /* set_expr_or_default: remember_cpp_ptr set_expr_misc remember_end */ -#line 17551 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-1].item) == nullptr)) MYSQL_YYABORT; (yyval.expr_and_query_str)= {(yyvsp[-1].item), empty_clex_str}; } -#line 50026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3416: /* set_expr_or_default: remember_cpp_ptr DEFAULT remember_end */ -#line 17557 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17579 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.expr_and_query_str)= { nullptr, empty_clex_str }; } -#line 50034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50065 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3417: /* set_expr_misc: ON */ -#line 17563 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "ON", 2); } -#line 50040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50071 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3418: /* set_expr_misc: ALL */ -#line 17564 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "ALL", 3); } -#line 50046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3419: /* set_expr_misc: BINARY */ -#line 17565 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.item)= new (thd->mem_root) Item_string_sys(thd, "binary", 6); } -#line 50052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3420: /* $@248: %empty */ -#line 17572 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; @@ -50060,55 +50091,55 @@ my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "LOCK")); lex->sql_command= SQLCOM_LOCK_TABLES; } -#line 50064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3421: /* lock: LOCK_SYM table_or_tables $@248 table_lock_list opt_lock_wait_timeout */ -#line 17580 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50070 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50101 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3422: /* opt_lock_wait_timeout: %empty */ -#line 17585 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3423: /* opt_lock_wait_timeout: WAIT_SYM ulong_num */ -#line 17587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17609 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("lock_wait_timeout"), (yyvsp[0].ulong_num))) || unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("innodb_lock_wait_timeout"), (yyvsp[0].ulong_num)))) MYSQL_YYABORT; } -#line 50086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3424: /* opt_lock_wait_timeout: NOWAIT_SYM */ -#line 17593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17615 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("lock_wait_timeout"), 0)) || unlikely(set_statement_var_if_exists(thd, STRING_WITH_LEN("innodb_lock_wait_timeout"), 0))) MYSQL_YYABORT; } -#line 50096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3425: /* table_or_tables: TABLE_SYM */ -#line 17601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17623 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 50102 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50133 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3426: /* table_or_tables: TABLES */ -#line 17602 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17624 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 50108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3429: /* table_lock: table_ident opt_table_alias_clause lock_option */ -#line 17612 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17634 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { thr_lock_type lock_type= (thr_lock_type) (yyvsp[0].num); bool lock_for_write= (lock_type >= TL_FIRST_WRITE); @@ -50124,43 +50155,43 @@ lock_type, mdl_type))) MYSQL_YYABORT; } -#line 50128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3430: /* lock_option: READ_SYM */ -#line 17630 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_READ_NO_INSERT; } -#line 50134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3431: /* lock_option: WRITE_SYM */ -#line 17631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17653 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_WRITE_DEFAULT; } -#line 50140 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50171 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3432: /* lock_option: WRITE_SYM CONCURRENT */ -#line 17633 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17655 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (Lex->sphead ? TL_WRITE_DEFAULT : TL_WRITE_CONCURRENT_INSERT); } -#line 50148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3433: /* lock_option: LOW_PRIORITY WRITE_SYM */ -#line 17637 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17659 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_WRITE_LOW_PRIORITY; } -#line 50154 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3434: /* lock_option: READ_SYM LOCAL_SYM */ -#line 17638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= TL_READ; } -#line 50160 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50191 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3435: /* $@249: %empty */ -#line 17643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; @@ -50168,34 +50199,34 @@ my_yyabort_error((ER_SP_BADSTATEMENT, MYF(0), "UNLOCK")); lex->sql_command= SQLCOM_UNLOCK_TABLES; } -#line 50172 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3436: /* unlock: UNLOCK_SYM $@249 table_or_tables */ -#line 17651 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17673 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50178 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3437: /* $@250: %empty */ -#line 17660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->main_select_push()) MYSQL_YYABORT; } -#line 50187 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50218 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3438: /* handler: HANDLER_SYM $@250 handler_tail */ -#line 17665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->pop_select(); //main select } -#line 50195 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50226 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3439: /* handler_tail: table_ident OPEN_SYM opt_table_alias_clause */ -#line 17672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->sphead)) @@ -50204,11 +50235,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-2].table), (yyvsp[0].lex_str_ptr), 0)) MYSQL_YYABORT; } -#line 50208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3440: /* handler_tail: table_ident_nodb CLOSE_SYM */ -#line 17681 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17703 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(lex->sphead)) @@ -50217,11 +50248,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-1].table), 0, 0)) MYSQL_YYABORT; } -#line 50221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3441: /* $@251: %empty */ -#line 17690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; SELECT_LEX *select= Select; @@ -50239,11 +50270,11 @@ if (!lex->current_select->add_table_to_list(thd, (yyvsp[-1].table), 0, 0)) MYSQL_YYABORT; } -#line 50243 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50274 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3442: /* handler_tail: table_ident_nodb READ_SYM $@251 handler_read_or_scan opt_where_clause opt_global_limit_clause */ -#line 17708 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17730 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; SELECT_LEX *select= Select; @@ -50265,59 +50296,59 @@ MYSQL_YYABORT; } } -#line 50269 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50300 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3443: /* handler_read_or_scan: handler_scan_function */ -#line 17732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= null_clex_str; } -#line 50275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50306 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3444: /* handler_read_or_scan: ident handler_rkey_function */ -#line 17733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ident= (yyvsp[-1].ident_sys); } -#line 50281 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50312 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3445: /* handler_scan_function: FIRST_SYM */ -#line 17737 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RFIRST; } -#line 50287 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50318 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3446: /* handler_scan_function: NEXT_SYM */ -#line 17738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RNEXT; } -#line 50293 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50324 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3447: /* handler_rkey_function: FIRST_SYM */ -#line 17742 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17764 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RFIRST; } -#line 50299 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50330 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3448: /* handler_rkey_function: NEXT_SYM */ -#line 17743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RNEXT; } -#line 50305 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50336 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3449: /* handler_rkey_function: PREV_SYM */ -#line 17744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RPREV; } -#line 50311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3450: /* handler_rkey_function: LAST_SYM */ -#line 17745 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->ha_read_mode = RLAST; } -#line 50317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3451: /* $@252: %empty */ -#line 17747 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17769 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->ha_read_mode = RKEY; @@ -50325,143 +50356,143 @@ if (unlikely(!(lex->insert_list= new (thd->mem_root) List_item))) MYSQL_YYABORT; } -#line 50329 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50360 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3452: /* handler_rkey_function: handler_rkey_mode $@252 '(' values ')' */ -#line 17755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17777 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50335 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3453: /* handler_rkey_mode: '=' */ -#line 17759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17781 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_EXACT; } -#line 50341 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50372 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3454: /* handler_rkey_mode: GE */ -#line 17760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17782 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_OR_NEXT; } -#line 50347 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50378 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3455: /* handler_rkey_mode: LE */ -#line 17761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17783 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_KEY_OR_PREV; } -#line 50353 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50384 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3456: /* handler_rkey_mode: '>' */ -#line 17762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_AFTER_KEY; } -#line 50359 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50390 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3457: /* handler_rkey_mode: '<' */ -#line 17763 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ha_rkey_mode)=HA_READ_BEFORE_KEY; } -#line 50365 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50396 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3458: /* revoke: REVOKE clear_privileges revoke_command */ -#line 17770 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17792 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50402 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3459: /* revoke_command: grant_privileges ON opt_table grant_ident FROM user_and_role_list */ -#line 17775 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17797 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_table(thd, (yyvsp[-5].lex_grant), *(yyvsp[-2].lex_grant_ident))) MYSQL_YYABORT; } -#line 50380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3460: /* revoke_command: grant_privileges ON sp_handler grant_ident FROM user_and_role_list */ -#line 17780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_sp(thd, (yyvsp[-5].lex_grant), *(yyvsp[-2].lex_grant_ident), *(yyvsp[-3].sp_handler))) MYSQL_YYABORT; } -#line 50389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3461: /* revoke_command: ALL opt_privileges ',' GRANT OPTION FROM user_and_role_list */ -#line 17785 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17807 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_REVOKE_ALL; } -#line 50397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3462: /* revoke_command: PROXY_SYM ON user FROM user_list */ -#line 17789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17811 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_revoke_proxy(thd, (yyvsp[-2].lex_user))) MYSQL_YYABORT; } -#line 50406 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50437 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3463: /* revoke_command: admin_option_for_role FROM user_and_role_list */ -#line 17794 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17816 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_REVOKE_ROLE; if (unlikely(Lex->users_list.push_front((yyvsp[-2].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50416 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50447 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3464: /* admin_option_for_role: ADMIN_SYM OPTION FOR_SYM grant_role */ -#line 17803 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17825 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= true; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 50422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50453 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3465: /* admin_option_for_role: grant_role */ -#line 17805 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= false; (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 50428 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50459 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3466: /* grant: GRANT clear_privileges grant_command */ -#line 17810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50434 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50465 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3467: /* grant_command: grant_privileges ON opt_table grant_ident TO_SYM grant_list opt_require_clause opt_grant_options */ -#line 17816 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17838 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_table(thd, (yyvsp[-7].lex_grant), *(yyvsp[-4].lex_grant_ident), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 50443 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50474 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3468: /* grant_command: grant_privileges ON sp_handler grant_ident TO_SYM grant_list opt_require_clause opt_grant_options */ -#line 17822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_sp(thd, (yyvsp[-7].lex_grant), *(yyvsp[-4].lex_grant_ident), *(yyvsp[-5].sp_handler), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 50452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50483 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3469: /* grant_command: PROXY_SYM ON user TO_SYM grant_list opt_grant_option */ -#line 17827 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_grant_proxy(thd, (yyvsp[-3].lex_user), (yyvsp[0].privilege))) MYSQL_YYABORT; } -#line 50461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3470: /* grant_command: grant_role TO_SYM grant_list opt_with_admin_option */ -#line 17832 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->sql_command= SQLCOM_GRANT_ROLE; @@ -50469,63 +50500,63 @@ if (unlikely(Lex->users_list.push_front((yyvsp[-3].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3471: /* opt_with_admin: %empty */ -#line 17843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer = 0; } -#line 50479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3472: /* opt_with_admin: WITH ADMIN_SYM user_or_role */ -#line 17844 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17866 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer = (yyvsp[0].lex_user); } -#line 50485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3473: /* opt_with_admin_option: %empty */ -#line 17848 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17870 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= false; } -#line 50491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3474: /* opt_with_admin_option: WITH ADMIN_SYM OPTION */ -#line 17849 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->with_admin_option= true; } -#line 50497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3475: /* role_list: grant_role */ -#line 17854 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50506 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50537 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3476: /* role_list: role_list ',' grant_role */ -#line 17859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17881 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3477: /* current_role: CURRENT_ROLE optional_braces */ -#line 17867 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17889 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!((yyval.lex_user)= thd->calloc(1)))) MYSQL_YYABORT; (yyval.lex_user)->user= current_role; } -#line 50525 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3478: /* role_name: ident_or_text */ -#line 17876 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17898 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { CHARSET_INFO *cs= system_charset_info; /* trim end spaces (as they'll be lost in mysql.user anyway) */ @@ -50544,393 +50575,393 @@ MYSQL_YYABORT; (yyval.lex_user)->host= empty_clex_str; } -#line 50548 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50579 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3484: /* grant_privileges: ALL opt_privileges */ -#line 17906 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17928 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege(GLOBAL_ACLS, true))) MYSQL_YYABORT; } -#line 50557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3487: /* object_privilege_list: object_privilege */ -#line 17919 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege((yyvsp[0].privilege)))) MYSQL_YYABORT; } -#line 50566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3488: /* object_privilege_list: column_list_privilege */ -#line 17924 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant)= new (thd->mem_root) Lex_grant_privilege()) || (yyval.lex_grant)->add_column_list_privilege(thd, (yyvsp[0].column_list_privilege).m_columns[0], (yyvsp[0].column_list_privilege).m_privilege)) MYSQL_YYABORT; } -#line 50577 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50608 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3489: /* object_privilege_list: object_privilege_list ',' object_privilege */ -#line 17931 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { ((yyval.lex_grant)= (yyvsp[-2].lex_grant))->add_object_privilege((yyvsp[0].privilege)); } -#line 50585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3490: /* object_privilege_list: object_privilege_list ',' column_list_privilege */ -#line 17935 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (((yyval.lex_grant)= (yyvsp[-2].lex_grant))->add_column_list_privilege(thd, (yyvsp[0].column_list_privilege).m_columns[0], (yyvsp[0].column_list_privilege).m_privilege)) MYSQL_YYABORT; } -#line 50595 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3491: /* column_list_privilege: column_privilege '(' comma_separated_ident_list ')' */ -#line 17944 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.column_list_privilege)= Lex_column_list_privilege((yyvsp[-1].ident_sys_list), (yyvsp[-3].privilege)); } -#line 50603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50634 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3492: /* column_privilege: SELECT_SYM */ -#line 17950 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SELECT_ACL; } -#line 50609 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50640 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3493: /* column_privilege: INSERT */ -#line 17951 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INSERT_ACL; } -#line 50615 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50646 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3494: /* column_privilege: UPDATE_SYM */ -#line 17952 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= UPDATE_ACL; } -#line 50621 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50652 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3495: /* column_privilege: REFERENCES */ -#line 17953 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REFERENCES_ACL; } -#line 50627 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50658 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3496: /* object_privilege: SELECT_SYM */ -#line 17957 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SELECT_ACL; } -#line 50633 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50664 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3497: /* object_privilege: INSERT */ -#line 17958 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INSERT_ACL; } -#line 50639 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50670 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3498: /* object_privilege: UPDATE_SYM */ -#line 17959 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= UPDATE_ACL; } -#line 50645 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50676 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3499: /* object_privilege: REFERENCES */ -#line 17960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REFERENCES_ACL; } -#line 50651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3500: /* object_privilege: DELETE_SYM */ -#line 17961 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DELETE_ACL;} -#line 50657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50688 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3501: /* object_privilege: USAGE */ -#line 17962 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 50663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3502: /* object_privilege: INDEX_SYM */ -#line 17963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= INDEX_ACL;} -#line 50669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50700 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3503: /* object_privilege: ALTER */ -#line 17964 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= ALTER_ACL;} -#line 50675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50706 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3504: /* object_privilege: CREATE */ -#line 17965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_ACL;} -#line 50681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50712 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3505: /* object_privilege: DROP */ -#line 17966 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DROP_ACL;} -#line 50687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50718 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3506: /* object_privilege: EXECUTE_SYM */ -#line 17967 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= EXECUTE_ACL;} -#line 50693 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50724 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3507: /* object_privilege: RELOAD */ -#line 17968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= RELOAD_ACL;} -#line 50699 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3508: /* object_privilege: SHUTDOWN */ -#line 17969 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHUTDOWN_ACL;} -#line 50705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50736 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3509: /* object_privilege: PROCESS */ -#line 17970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= PROCESS_ACL;} -#line 50711 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50742 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3510: /* object_privilege: FILE_SYM */ -#line 17971 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= FILE_ACL;} -#line 50717 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50748 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3511: /* object_privilege: GRANT OPTION */ -#line 17972 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL;} -#line 50723 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3512: /* object_privilege: SHOW DATABASES */ -#line 17973 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_DB_ACL;} -#line 50729 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50760 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3513: /* object_privilege: SUPER_SYM */ -#line 17974 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SUPER_ACL;} -#line 50735 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50766 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3514: /* object_privilege: CREATE TEMPORARY TABLES */ -#line 17975 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_TMP_ACL;} -#line 50741 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50772 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3515: /* object_privilege: LOCK_SYM TABLES */ -#line 17976 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= LOCK_TABLES_ACL; } -#line 50747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3516: /* object_privilege: REPLICATION SLAVE */ -#line 17977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 17999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_SLAVE_ACL; } -#line 50753 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50784 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3517: /* object_privilege: REPLICATION CLIENT_SYM */ -#line 17978 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18000 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_MONITOR_ACL; /*Compatibility*/ } -#line 50759 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50790 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3518: /* object_privilege: CREATE VIEW_SYM */ -#line 17979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_VIEW_ACL; } -#line 50765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3519: /* object_privilege: SHOW VIEW_SYM */ -#line 17980 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18002 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_VIEW_ACL; } -#line 50771 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50802 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3520: /* object_privilege: CREATE ROUTINE_SYM */ -#line 17981 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_PROC_ACL; } -#line 50777 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50808 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3521: /* object_privilege: ALTER ROUTINE_SYM */ -#line 17982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= ALTER_PROC_ACL; } -#line 50783 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3522: /* object_privilege: CREATE USER_SYM */ -#line 17983 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18005 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_USER_ACL; } -#line 50789 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50820 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3523: /* object_privilege: EVENT_SYM */ -#line 17984 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18006 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= EVENT_ACL;} -#line 50795 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50826 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3524: /* object_privilege: TRIGGER_SYM */ -#line 17985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= TRIGGER_ACL; } -#line 50801 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3525: /* object_privilege: CREATE TABLESPACE */ -#line 17986 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CREATE_TABLESPACE_ACL; } -#line 50807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50838 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3526: /* object_privilege: DELETE_SYM HISTORY_SYM */ -#line 17987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18009 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= DELETE_HISTORY_ACL; } -#line 50813 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50844 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3527: /* object_privilege: SET USER_SYM */ -#line 17988 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18010 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SET_USER_ACL; } -#line 50819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3528: /* object_privilege: FEDERATED_SYM ADMIN_SYM */ -#line 17989 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18011 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= FEDERATED_ADMIN_ACL; } -#line 50825 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50856 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3529: /* object_privilege: CONNECTION_SYM ADMIN_SYM */ -#line 17990 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18012 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= CONNECTION_ADMIN_ACL; } -#line 50831 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50862 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3530: /* object_privilege: READ_SYM ONLY_SYM ADMIN_SYM */ -#line 17991 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18013 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= READ_ONLY_ADMIN_ACL; } -#line 50837 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50868 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3531: /* object_privilege: READ_ONLY_SYM ADMIN_SYM */ -#line 17992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= READ_ONLY_ADMIN_ACL; } -#line 50843 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50874 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3532: /* object_privilege: BINLOG_SYM MONITOR_SYM */ -#line 17993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_MONITOR_ACL; } -#line 50849 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3533: /* object_privilege: BINLOG_SYM ADMIN_SYM */ -#line 17994 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18016 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_ADMIN_ACL; } -#line 50855 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50886 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3534: /* object_privilege: BINLOG_SYM REPLAY_SYM */ -#line 17995 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18017 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= BINLOG_REPLAY_ACL; } -#line 50861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3535: /* object_privilege: REPLICATION MASTER_SYM ADMIN_SYM */ -#line 17996 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18018 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_MASTER_ADMIN_ACL; } -#line 50867 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3536: /* object_privilege: REPLICATION SLAVE ADMIN_SYM */ -#line 17997 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= REPL_SLAVE_ADMIN_ACL; } -#line 50873 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50904 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3537: /* object_privilege: SLAVE MONITOR_SYM */ -#line 17998 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18020 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SLAVE_MONITOR_ACL; } -#line 50879 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50910 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3538: /* object_privilege: SHOW CREATE ROUTINE_SYM */ -#line 17999 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= SHOW_CREATE_ROUTINE_ACL; } -#line 50885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3539: /* opt_and: %empty */ -#line 18003 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18025 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50922 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3540: /* opt_and: AND_SYM */ -#line 18004 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18026 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 50897 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50928 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3543: /* require_list_element: SUBJECT_SYM TEXT_STRING */ -#line 18014 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18036 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.x509_subject.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "SUBJECT")); lex->account_options.x509_subject= (yyvsp[0].lex_string_with_metadata); } -#line 50908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3544: /* require_list_element: ISSUER_SYM TEXT_STRING */ -#line 18021 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.x509_issuer.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "ISSUER")); lex->account_options.x509_issuer= (yyvsp[0].lex_string_with_metadata); } -#line 50919 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50950 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3545: /* require_list_element: CIPHER_SYM TEXT_STRING */ -#line 18028 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18050 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; if (lex->account_options.ssl_cipher.str) my_yyabort_error((ER_DUP_ARGUMENT, MYF(0), "CIPHER")); lex->account_options.ssl_cipher= (yyvsp[0].lex_string_with_metadata); } -#line 50930 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3546: /* grant_ident: '*' */ -#line 18038 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING db; if (unlikely(Lex->copy_db_to(&db))) @@ -50939,411 +50970,411 @@ Lex_grant_object_name::STAR))) MYSQL_YYABORT; } -#line 50943 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50974 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3547: /* grant_ident: ident '.' '*' */ -#line 18047 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18069 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name((yyvsp[-2].ident_sys), Lex_grant_object_name::IDENT_STAR))) MYSQL_YYABORT; } -#line 50953 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3548: /* grant_ident: '*' '.' '*' */ -#line 18053 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18075 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name( null_clex_str, Lex_grant_object_name::STAR_STAR))) MYSQL_YYABORT; } -#line 50964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 50995 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3549: /* grant_ident: table_ident */ -#line 18060 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.lex_grant_ident)= new (thd->mem_root) Lex_grant_object_name((yyvsp[0].table)))) MYSQL_YYABORT; } -#line 50973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3550: /* user_list: user */ -#line 18068 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18090 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51013 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3551: /* user_list: user_list ',' user */ -#line 18073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 50991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3552: /* grant_list: grant_user */ -#line 18081 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18103 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51000 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51031 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3553: /* grant_list: grant_list ',' grant_user */ -#line 18086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18108 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3554: /* user_and_role_list: user_or_role */ -#line 18094 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3555: /* user_and_role_list: user_and_role_list ',' user_or_role */ -#line 18099 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18121 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->users_list.push_back((yyvsp[0].lex_user), thd->mem_root))) MYSQL_YYABORT; } -#line 51027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3560: /* grant_user: user IDENTIFIED_SYM BY TEXT_STRING */ -#line 18110 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-3].lex_user); (yyvsp[-3].lex_user)->auth= new (thd->mem_root) USER_AUTH(); (yyvsp[-3].lex_user)->auth->pwtext= (yyvsp[0].lex_string_with_metadata); } -#line 51037 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3561: /* grant_user: user IDENTIFIED_SYM BY PASSWORD_SYM TEXT_STRING */ -#line 18116 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18138 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-4].lex_user); (yyvsp[-4].lex_user)->auth= new (thd->mem_root) USER_AUTH(); (yyvsp[-4].lex_user)->auth->auth_str= (yyvsp[0].lex_string_with_metadata); } -#line 51047 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51078 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3562: /* grant_user: user IDENTIFIED_SYM via_or_with auth_expression */ -#line 18122 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18144 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[-3].lex_user); (yyvsp[-3].lex_user)->auth= (yyvsp[0].user_auth); } -#line 51056 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51087 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3563: /* grant_user: user_or_role */ -#line 18127 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18149 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_user)= (yyvsp[0].lex_user); } -#line 51064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51095 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3564: /* auth_expression: auth_token OR_SYM auth_expression */ -#line 18134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18156 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[-2].user_auth); DBUG_ASSERT((yyval.user_auth)->next == NULL); (yyval.user_auth)->next= (yyvsp[0].user_auth); } -#line 51074 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51105 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3565: /* auth_expression: auth_token */ -#line 18140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[0].user_auth); } -#line 51082 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51113 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3566: /* auth_token: ident_or_text opt_auth_str */ -#line 18147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18169 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.user_auth)= (yyvsp[0].user_auth); (yyval.user_auth)->plugin= (yyvsp[-1].lex_str); } -#line 51091 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51122 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3567: /* opt_auth_str: %empty */ -#line 18155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; } -#line 51100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51131 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3568: /* opt_auth_str: using_or_as TEXT_STRING_sys */ -#line 18160 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18182 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; (yyval.user_auth)->auth_str= (yyvsp[0].lex_str); } -#line 51110 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51141 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3569: /* opt_auth_str: using_or_as PASSWORD_SYM '(' TEXT_STRING ')' */ -#line 18166 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.user_auth)=thd->calloc(1))) MYSQL_YYABORT; (yyval.user_auth)->pwtext= (yyvsp[-1].lex_string_with_metadata); } -#line 51120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3571: /* opt_require_clause: REQUIRE_SYM require_list */ -#line 18176 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_SPECIFIED; } -#line 51128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51159 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3572: /* opt_require_clause: REQUIRE_SYM SSL_SYM */ -#line 18180 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18202 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_ANY; } -#line 51136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3573: /* opt_require_clause: REQUIRE_SYM X509_SYM */ -#line 18184 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18206 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_X509; } -#line 51144 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51175 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3574: /* opt_require_clause: REQUIRE_SYM NONE_SYM */ -#line 18188 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.ssl_type= SSL_TYPE_NONE; } -#line 51152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3575: /* resource_option: MAX_QUERIES_PER_HOUR ulong_num */ -#line 18195 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18217 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.questions=(yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::QUERIES_PER_HOUR; } -#line 51161 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51192 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3576: /* resource_option: MAX_UPDATES_PER_HOUR ulong_num */ -#line 18200 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.updates=(yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::UPDATES_PER_HOUR; } -#line 51170 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51201 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3577: /* resource_option: MAX_CONNECTIONS_PER_HOUR ulong_num */ -#line 18205 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.conn_per_hour= (yyvsp[0].ulong_num); Lex->account_options.specified_limits|= USER_RESOURCES::CONNECTIONS_PER_HOUR; } -#line 51179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51210 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3578: /* resource_option: MAX_USER_CONNECTIONS_SYM int_num */ -#line 18210 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18232 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.user_conn= (yyvsp[0].num); Lex->account_options.specified_limits|= USER_RESOURCES::USER_CONNECTIONS; } -#line 51188 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51219 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3579: /* resource_option: MAX_STATEMENT_TIME_SYM NUM_literal */ -#line 18215 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18237 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->account_options.max_statement_time= (yyvsp[0].item_num)->val_real(); Lex->account_options.specified_limits|= USER_RESOURCES::MAX_STATEMENT_TIME; } -#line 51197 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3580: /* resource_option_list: resource_option_list resource_option */ -#line 18222 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18244 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51203 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51234 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3581: /* resource_option_list: resource_option */ -#line 18223 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18245 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51209 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51240 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3582: /* opt_resource_options: %empty */ -#line 18227 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51215 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3584: /* opt_grant_options: %empty */ -#line 18233 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18255 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 51221 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51252 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3585: /* opt_grant_options: WITH grant_option_list */ -#line 18234 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18256 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= (yyvsp[0].privilege); } -#line 51227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51258 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3586: /* opt_grant_option: %empty */ -#line 18238 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18260 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 51233 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51264 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3587: /* opt_grant_option: WITH GRANT OPTION */ -#line 18239 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18261 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL; } -#line 51239 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51270 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3588: /* grant_option_list: grant_option_list grant_option */ -#line 18243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= (yyvsp[-1].privilege) | (yyvsp[0].privilege); } -#line 51245 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51276 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3590: /* grant_option: GRANT OPTION */ -#line 18248 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18270 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= GRANT_ACL;} -#line 51251 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51282 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3591: /* grant_option: resource_option */ -#line 18249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.privilege)= NO_ACL; } -#line 51257 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51288 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3592: /* $@253: %empty */ -#line 18254 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18276 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command = SQLCOM_BEGIN; lex->start_transaction_opt= 0; } -#line 51267 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51298 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3593: /* begin_stmt_mariadb: BEGIN_MARIADB_SYM $@253 opt_work */ -#line 18259 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18281 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3594: /* compound_statement: sp_proc_stmt_compound_ok */ -#line 18264 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18286 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command= SQLCOM_COMPOUND; if (Lex->sp_body_finalize_procedure(thd)) MYSQL_YYABORT; } -#line 51283 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51314 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3595: /* opt_not: %empty */ -#line 18272 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18294 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 51289 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51320 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3596: /* opt_not: not */ -#line 18273 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18295 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 51295 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51326 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3597: /* opt_work: %empty */ -#line 18277 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18299 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51301 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51332 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3598: /* opt_work: WORK_SYM */ -#line 18278 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18300 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51307 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51338 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3599: /* opt_chain: %empty */ -#line 18283 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_UNKNOWN; } -#line 51313 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51344 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3600: /* opt_chain: AND_SYM NO_SYM CHAIN_SYM */ -#line 18284 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_NO; } -#line 51319 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51350 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3601: /* opt_chain: AND_SYM CHAIN_SYM */ -#line 18285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_YES; } -#line 51325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3602: /* opt_release: %empty */ -#line 18290 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_UNKNOWN; } -#line 51331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3603: /* opt_release: RELEASE_SYM */ -#line 18291 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18313 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_YES; } -#line 51337 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51368 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3604: /* opt_release: NO_SYM RELEASE_SYM */ -#line 18292 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18314 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.m_yes_no_unk)= TVL_NO; } -#line 51343 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51374 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3605: /* commit: COMMIT_SYM opt_work opt_chain opt_release */ -#line 18297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18319 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_COMMIT; @@ -51352,11 +51383,11 @@ lex->tx_chain= (yyvsp[-1].m_yes_no_unk); lex->tx_release= (yyvsp[0].m_yes_no_unk); } -#line 51356 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51387 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3606: /* rollback: ROLLBACK_SYM opt_work opt_chain opt_release */ -#line 18309 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18331 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK; @@ -51365,145 +51396,145 @@ lex->tx_chain= (yyvsp[-1].m_yes_no_unk); lex->tx_release= (yyvsp[0].m_yes_no_unk); } -#line 51369 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51400 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3607: /* rollback: ROLLBACK_SYM opt_work TO_SYM SAVEPOINT_SYM ident */ -#line 18318 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK_TO_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 51379 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51410 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3608: /* rollback: ROLLBACK_SYM opt_work TO_SYM ident */ -#line 18324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18346 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_ROLLBACK_TO_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 51389 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51420 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3609: /* savepoint: SAVEPOINT_SYM ident */ -#line 18333 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18355 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 51399 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51430 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3610: /* release: RELEASE_SYM SAVEPOINT_SYM ident */ -#line 18342 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18364 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->sql_command= SQLCOM_RELEASE_SAVEPOINT; lex->ident= (yyvsp[0].ident_sys); } -#line 51409 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51440 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3611: /* unit_type_decl: UNION_SYM union_option */ -#line 18355 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18377 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= UNION_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 51415 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51446 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3612: /* unit_type_decl: INTERSECT_SYM union_option */ -#line 18357 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= INTERSECT_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 51421 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51452 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3613: /* unit_type_decl: EXCEPT_SYM union_option */ -#line 18359 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.unit_operation).unit_type= EXCEPT_TYPE; (yyval.unit_operation).distinct= (yyvsp[0].num); } -#line 51427 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3614: /* union_option: %empty */ -#line 18366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18388 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1; } -#line 51433 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3615: /* union_option: DISTINCT */ -#line 18367 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18389 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=1; } -#line 51439 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3616: /* union_option: ALL */ -#line 18368 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18390 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)=0; } -#line 51445 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3617: /* query_expression_option: STRAIGHT_JOIN */ -#line 18372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_STRAIGHT_JOIN; } -#line 51451 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3618: /* query_expression_option: HIGH_PRIORITY */ -#line 18374 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18396 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYPS->m_lock_type= TL_READ_HIGH_PRIORITY; YYPS->m_mdl_type= MDL_SHARED_READ; Select->options|= SELECT_HIGH_PRIORITY; } -#line 51461 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51492 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3619: /* query_expression_option: DISTINCT */ -#line 18379 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_DISTINCT; } -#line 51467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51498 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3620: /* query_expression_option: UNIQUE_SYM */ -#line 18380 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18402 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_DISTINCT; } -#line 51473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51504 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3621: /* query_expression_option: SQL_SMALL_RESULT */ -#line 18381 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18403 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_SMALL_RESULT; } -#line 51479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51510 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3622: /* query_expression_option: SQL_BIG_RESULT */ -#line 18382 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18404 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_BIG_RESULT; } -#line 51485 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51516 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3623: /* query_expression_option: SQL_BUFFER_RESULT */ -#line 18383 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18405 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_BUFFER_RESULT; } -#line 51491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3624: /* query_expression_option: SQL_CALC_FOUND_ROWS */ -#line 18384 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18406 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= OPTION_FOUND_ROWS; } -#line 51497 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51528 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3625: /* query_expression_option: ALL */ -#line 18385 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18407 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Select->options|= SELECT_ALL; } -#line 51503 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51534 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3628: /* no_definer: %empty */ -#line 18401 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18423 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* We have to distinguish missing DEFINER-clause from case when @@ -51514,175 +51545,175 @@ */ thd->lex->definer= 0; } -#line 51518 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51549 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3629: /* definer: DEFINER_SYM '=' user_or_role */ -#line 18415 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18437 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->definer= (yyvsp[0].lex_user); Lex->account_options.reset(); } -#line 51527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3630: /* view_algorithm: ALGORITHM_SYM '=' UNDEFINED_SYM */ -#line 18428 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18450 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= DTYPE_ALGORITHM_UNDEFINED; } -#line 51533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3631: /* view_algorithm: ALGORITHM_SYM '=' MERGE_SYM */ -#line 18429 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_ALGORITHM_MERGE; } -#line 51539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3632: /* view_algorithm: ALGORITHM_SYM '=' TEMPTABLE_SYM */ -#line 18430 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18452 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_ALGORITHM_TMPTABLE; } -#line 51545 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51576 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3633: /* opt_view_suid: %empty */ -#line 18434 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18456 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_DEFAULT; } -#line 51551 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51582 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3634: /* opt_view_suid: view_suid */ -#line 18435 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= (yyvsp[0].view_suid); } -#line 51557 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51588 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3635: /* view_suid: SQL_SYM SECURITY_SYM DEFINER_SYM */ -#line 18439 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18461 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_DEFINER; } -#line 51563 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51594 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3636: /* view_suid: SQL_SYM SECURITY_SYM INVOKER_SYM */ -#line 18440 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18462 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.view_suid)= VIEW_SUID_INVOKER; } -#line 51569 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51600 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3637: /* view_list_opt: %empty */ -#line 18445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18467 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51575 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51606 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3638: /* view_list_opt: '(' view_list ')' */ -#line 18446 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18468 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51581 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51612 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3639: /* view_list: ident */ -#line 18451 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18473 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->view_list.push_back((LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)), thd->mem_root); } -#line 51591 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51622 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3640: /* view_list: view_list ',' ident */ -#line 18457 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->view_list.push_back((LEX_CSTRING*) thd->memdup(&(yyvsp[0].ident_sys), sizeof(LEX_CSTRING)), thd->mem_root); } -#line 51601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3641: /* $@254: %empty */ -#line 18465 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18487 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->parsing_options.allows_variable= FALSE; lex->create_view->select.str= (char *) YYLIP->get_cpp_ptr(); } -#line 51611 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3642: /* view_select: $@254 query_expression view_check_option */ -#line 18472 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18494 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->parsed_create_view((yyvsp[-1].select_lex_unit), (yyvsp[0].num))) MYSQL_YYABORT; } -#line 51620 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51651 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3643: /* view_check_option: %empty */ -#line 18479 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18501 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_NONE; } -#line 51626 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51657 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3644: /* view_check_option: WITH CHECK_SYM OPTION */ -#line 18480 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18502 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_CASCADED; } -#line 51632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51663 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3645: /* view_check_option: WITH CASCADED CHECK_SYM OPTION */ -#line 18481 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18503 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_CASCADED; } -#line 51638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51669 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3646: /* view_check_option: WITH LOCAL_SYM CHECK_SYM OPTION */ -#line 18482 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18504 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= VIEW_CHECK_LOCAL; } -#line 51644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51675 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3647: /* trigger_action_order: FOLLOWS_SYM */ -#line 18493 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18515 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trigger_action_order_type)= TRG_ORDER_FOLLOWS; } -#line 51650 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51681 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3648: /* trigger_action_order: PRECEDES_SYM */ -#line 18495 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18517 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trigger_action_order_type)= TRG_ORDER_PRECEDES; } -#line 51656 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51687 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3649: /* trigger_follows_precedes_clause: %empty */ -#line 18500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trg_execution_order).ordering_clause= TRG_ORDER_NONE; (yyval.trg_execution_order).anchor_trigger_name= null_clex_str; } -#line 51665 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3650: /* trigger_follows_precedes_clause: trigger_action_order ident_or_text */ -#line 18506 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18528 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.trg_execution_order).ordering_clause= (yyvsp[-1].trigger_action_order_type); (yyval.trg_execution_order).anchor_trigger_name= (yyvsp[0].lex_str); } -#line 51674 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51705 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3651: /* opt_on_update_cols: %empty */ -#line 18514 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18536 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.on_update_col_names= NULL; } -#line 51682 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51713 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3652: /* opt_on_update_cols: OF_SYM on_update_cols */ -#line 18518 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18540 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->trg_chistics.event != TRG_EVENT_UPDATE) { @@ -51690,11 +51721,11 @@ MYSQL_YYABORT; } } -#line 51694 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51725 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3653: /* on_update_cols: ident */ -#line 18529 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18551 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { List *col_names_list; LEX_CSTRING *col_name; @@ -51711,11 +51742,11 @@ Lex->trg_chistics.on_update_col_names= col_names_list; } -#line 51715 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51746 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3654: /* on_update_cols: on_update_cols ',' ident */ -#line 18546 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18568 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING *col_name; @@ -51726,44 +51757,44 @@ (col_name, thd->mem_root))) MYSQL_YYABORT; } -#line 51730 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51761 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3655: /* $@255: %empty */ -#line 18561 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18583 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->add_create_options_with_check((yyvsp[0].object_ddl_options)))) MYSQL_YYABORT; } -#line 51739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51770 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3656: /* $@256: %empty */ -#line 18571 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18593 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $10 */ Lex->raw_trg_on_table_name_begin= YYLIP->get_tok_start(); } -#line 51747 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51778 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3657: /* $@257: %empty */ -#line 18577 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18599 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $14 */ Lex->raw_trg_on_table_name_end= YYLIP->get_tok_start(); } -#line 51755 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51786 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3658: /* $@258: %empty */ -#line 18582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18604 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->trg_chistics.ordering_clause_begin= YYLIP->get_cpp_ptr(); } -#line 51763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51794 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3659: /* $@259: %empty */ -#line 18586 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18608 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $19 */ LEX *lex= thd->lex; Lex_input_stream *lip= YYLIP; @@ -51784,11 +51815,11 @@ lex->sphead->set_body_start(thd, lip->get_cpp_tok_start()); } -#line 51788 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51819 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3660: /* trigger_tail: remember_name opt_if_not_exists $@255 sp_name trg_action_time trg_event opt_on_update_cols ON remember_name $@256 table_ident FOR_SYM remember_name $@257 EACH_SYM ROW_SYM $@258 trigger_follows_precedes_clause $@259 sp_proc_stmt force_lookahead */ -#line 18607 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18629 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* $22 */ LEX *lex= Lex; @@ -51807,108 +51838,108 @@ MDL_SHARED_NO_WRITE)) MYSQL_YYABORT; } -#line 51811 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51842 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3661: /* create_package_chistic: COMMENT_SYM TEXT_STRING_sys */ -#line 18636 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18658 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.comment= (yyvsp[0].lex_str); } -#line 51817 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51848 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3662: /* create_package_chistic: sp_suid */ -#line 18638 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.suid= (yyvsp[0].sp_suid); } -#line 51823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3663: /* create_package_chistics: create_package_chistic */ -#line 18642 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51829 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3664: /* create_package_chistics: create_package_chistics create_package_chistic */ -#line 18643 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51835 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51866 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3665: /* opt_create_package_chistics: %empty */ -#line 18647 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18669 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3666: /* opt_create_package_chistics: create_package_chistics */ -#line 18648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18670 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 51847 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51878 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3667: /* $@260: %empty */ -#line 18652 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18674 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_chistics.init(); } -#line 51853 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51884 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3669: /* xa: XA_SYM begin_or_start xid opt_join_or_resume */ -#line 18660 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18682 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_START; } -#line 51861 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51892 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3670: /* xa: XA_SYM END xid opt_suspend */ -#line 18664 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18686 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_END; } -#line 51869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3671: /* xa: XA_SYM PREPARE_SYM xid */ -#line 18668 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_PREPARE; } -#line 51877 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3672: /* xa: XA_SYM COMMIT_SYM xid opt_one_phase */ -#line 18672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18694 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_COMMIT; } -#line 51885 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51916 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3673: /* xa: XA_SYM ROLLBACK_SYM xid */ -#line 18676 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18698 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_ROLLBACK; } -#line 51893 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3674: /* xa: XA_SYM RECOVER_SYM opt_format_xid */ -#line 18680 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18702 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sql_command = SQLCOM_XA_RECOVER; Lex->verbose= (yyvsp[0].num); } -#line 51902 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3675: /* opt_format_xid: %empty */ -#line 18687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18709 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= false; } -#line 51908 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51939 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3676: /* opt_format_xid: FORMAT_SYM '=' ident_or_text */ -#line 18689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18711 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (lex_string_eq(&(yyvsp[0].lex_str), STRING_WITH_LEN("SQL"))) (yyval.num)= true; @@ -51921,33 +51952,33 @@ (yyval.num)= false; } } -#line 51925 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51956 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3677: /* xid: text_string */ -#line 18705 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18727 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[0].string)->length() <= MAXGTRIDSIZE); if (unlikely(!(Lex->xid= thd->alloc(1)))) MYSQL_YYABORT; Lex->xid->set(1L, (yyvsp[0].string)->ptr(), (yyvsp[0].string)->length(), 0, 0); } -#line 51936 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3678: /* xid: text_string ',' text_string */ -#line 18712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-2].string)->length() <= MAXGTRIDSIZE && (yyvsp[0].string)->length() <= MAXBQUALSIZE); if (unlikely(!(Lex->xid= thd->alloc(1)))) MYSQL_YYABORT; Lex->xid->set(1L, (yyvsp[-2].string)->ptr(), (yyvsp[-2].string)->length(), (yyvsp[0].string)->ptr(), (yyvsp[0].string)->length()); } -#line 51947 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51978 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3679: /* xid: text_string ',' text_string ',' ulong_num */ -#line 18719 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18741 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { MYSQL_YYABORT_UNLESS((yyvsp[-4].string)->length() <= MAXGTRIDSIZE && (yyvsp[-2].string)->length() <= MAXBQUALSIZE && @@ -51957,126 +51988,126 @@ MYSQL_YYABORT; Lex->xid->set((yyvsp[0].ulong_num), (yyvsp[-4].string)->ptr(), (yyvsp[-4].string)->length(), (yyvsp[-2].string)->ptr(), (yyvsp[-2].string)->length()); } -#line 51961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3680: /* begin_or_start: BEGIN_MARIADB_SYM */ -#line 18731 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18753 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51967 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 51998 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3681: /* begin_or_start: BEGIN_ORACLE_SYM */ -#line 18732 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18754 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52004 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3682: /* begin_or_start: START_SYM */ -#line 18733 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18755 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 51979 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52010 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3683: /* opt_join_or_resume: %empty */ -#line 18737 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18759 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 51985 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52016 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3684: /* opt_join_or_resume: JOIN_SYM */ -#line 18738 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18760 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_JOIN; } -#line 51991 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52022 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3685: /* opt_join_or_resume: RESUME_SYM */ -#line 18739 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18761 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_RESUME; } -#line 51997 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52028 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3686: /* opt_one_phase: %empty */ -#line 18743 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18765 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 52003 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52034 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3687: /* opt_one_phase: ONE_SYM PHASE_SYM */ -#line 18744 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18766 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_ONE_PHASE; } -#line 52009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3688: /* opt_suspend: %empty */ -#line 18749 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18771 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_NONE; } -#line 52015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52046 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3689: /* $@261: %empty */ -#line 18751 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18773 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_SUSPEND; } -#line 52021 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52052 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3691: /* opt_migrate: %empty */ -#line 18756 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18778 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 52027 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52058 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3692: /* opt_migrate: FOR_SYM MIGRATE_SYM */ -#line 18757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->xa_opt=XA_FOR_MIGRATE; } -#line 52033 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52064 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3693: /* install: INSTALL_SYM PLUGIN_SYM opt_if_not_exists ident SONAME_SYM TEXT_STRING_sys */ -#line 18762 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18784 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_install_plugin((yyvsp[-3].object_ddl_options), (yyvsp[-2].ident_sys), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 52042 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52073 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3694: /* install: INSTALL_SYM SONAME_SYM TEXT_STRING_sys */ -#line 18767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_install_plugin((yyvsp[0].lex_str)); } -#line 52050 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52081 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3695: /* uninstall: UNINSTALL_SYM PLUGIN_SYM opt_if_exists ident */ -#line 18774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_uninstall_plugin_by_name((yyvsp[-1].object_ddl_options), (yyvsp[0].ident_sys))) MYSQL_YYABORT; } -#line 52059 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52090 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3696: /* uninstall: UNINSTALL_SYM SONAME_SYM opt_if_exists TEXT_STRING_sys */ -#line 18779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18801 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_uninstall_plugin_by_soname((yyvsp[-1].object_ddl_options), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 52068 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52099 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3697: /* keep_gcc_happy: IMPOSSIBLE_ACTION */ -#line 18788 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 18810 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { YYERROR; } -#line 52076 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52107 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3702: /* $@262: %empty */ -#line 19285 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19307 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { // Direct procedure call (without the CALL keyword) Lex_ident_sys tmp(thd, &(yyvsp[0].ident_cli)); @@ -52084,200 +52115,200 @@ unlikely(Lex->call_statement_start(thd, &tmp))) MYSQL_YYABORT; } -#line 52088 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52119 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3703: /* sp_statement: ident_cli_directly_assignable $@262 opt_sp_cparam_list */ -#line 19293 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19315 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 52097 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52128 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3704: /* $@263: %empty */ -#line 19298 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19320 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-2].ident_cli)); if (unlikely(!tmp.str) || unlikely(Lex->call_statement_start(thd, &tmp, &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 52108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52139 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3705: /* sp_statement: ident_cli_directly_assignable '.' ident $@263 opt_sp_cparam_list */ -#line 19305 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 52117 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3706: /* $@264: %empty */ -#line 19310 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19332 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-4].ident_cli)); if (unlikely(Lex->call_statement_start(thd, &tmp, &(yyvsp[-2].ident_sys), &(yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 52127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3707: /* sp_statement: ident_cli_directly_assignable '.' ident '.' ident $@264 opt_sp_cparam_list */ -#line 19316 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19338 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->check_cte_dependencies_and_resolve_references()) MYSQL_YYABORT; } -#line 52136 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3708: /* sp_if_then_statements: sp_proc_stmts1_implicit_block */ -#line 19323 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19345 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52142 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52173 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3709: /* sp_case_then_statements: sp_proc_stmts1_implicit_block */ -#line 19327 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19349 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52148 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52179 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3712: /* $@265: %empty */ -#line 19340 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19362 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; lex->init_last_field(&lex->sphead->m_return_field_def, &empty_clex_str); } -#line 52158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3714: /* sf_return_type: field_type */ -#line 19350 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sf_return_fill_definition((yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 52167 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52198 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3715: /* sf_return_type: ROW_SYM row_type_body */ -#line 19355 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19377 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_row((yyvsp[0].spvar_definition_list))) MYSQL_YYABORT; } -#line 52176 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52207 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3716: /* sf_return_type: sp_decl_ident PERCENT_ORACLE_SYM ROWTYPE_ORACLE_SYM */ -#line 19360 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19382 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_rowtype_of( Qualified_column_ident(&(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52186 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52217 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3717: /* sf_return_type: sp_decl_ident '.' ident PERCENT_ORACLE_SYM ROWTYPE_ORACLE_SYM */ -#line 19366 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19388 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_rowtype_of( Qualified_column_ident(&(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52196 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52227 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3718: /* sf_return_type: sp_decl_ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ -#line 19372 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19394 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_type_of( Qualified_column_ident(&(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52206 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3719: /* sf_return_type: sp_decl_ident '.' ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ -#line 19378 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19400 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->sf_return_fill_definition_type_of( Qualified_column_ident(thd, &(yyvsp[-6].ident_sys), &(yyvsp[-4].ident_sys), &(yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3721: /* sp_package_function_body: sp_body */ -#line 19391 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19413 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52222 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52253 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3722: /* sp_package_procedure_body: sp_body */ -#line 19395 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19417 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52228 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52259 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3746: /* row_field_name: ident_directly_assignable */ -#line 19445 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19467 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (!((yyval.spvar_definition)= Lex->row_field_name(thd, (yyvsp[0].ident_sys)))) MYSQL_YYABORT; } -#line 52237 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52268 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3747: /* $@266: %empty */ -#line 19453 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19475 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyvsp[-1].expr_lex)->sp_while_loop_expression(thd))) MYSQL_YYABORT; } -#line 52246 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3748: /* while_body: expr_lex LOOP_SYM $@266 sp_proc_stmts1 END LOOP_SYM */ -#line 19458 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19480 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_while_loop_finalize(thd))) MYSQL_YYABORT; } -#line 52255 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52286 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3749: /* for_loop_statements: LOOP_SYM sp_proc_stmts1 END LOOP_SYM */ -#line 19466 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19488 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 52261 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52292 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3751: /* sp_block_label: labels_declaration_oracle */ -#line 19476 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19498 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->spcont->block_label_declare(&(yyvsp[0].lex_str)))) MYSQL_YYABORT; (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 52271 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52302 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3752: /* sp_opt_default: _empty */ -#line 19485 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19507 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.expr_and_query_str)= { nullptr, empty_clex_str}; } -#line 52277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3753: /* sp_opt_default: DEFAULT remember_cpp_ptr expr remember_end */ -#line 19487 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19509 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -52290,11 +52321,11 @@ (yyval.expr_and_query_str)= { (yyvsp[-1].item), expr_str }; } -#line 52294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52325 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3754: /* sp_opt_default: SET_VAR remember_cpp_ptr expr remember_end */ -#line 19500 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING expr_str= empty_clex_str; @@ -52307,66 +52338,66 @@ (yyval.expr_and_query_str)= { (yyvsp[-1].item), expr_str }; } -#line 52311 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52342 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3757: /* sp_opt_inout: _empty */ -#line 19520 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19542 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_IN; } -#line 52317 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52348 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3759: /* sp_opt_inout: IN_SYM OUT_SYM */ -#line 19522 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19544 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spvar_mode)= sp_variable::MODE_INOUT; } -#line 52323 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52354 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3760: /* $@267: %empty */ -#line 19526 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19548 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd); } -#line 52331 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52362 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3761: /* sp_proc_stmts1_implicit_block: $@267 sp_proc_stmts1 */ -#line 19530 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19552 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd))) MYSQL_YYABORT; } -#line 52340 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52371 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3771: /* ident_directly_assignable: keyword_directly_assignable */ -#line 19551 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19573 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely((yyval.ident_sys).copy_keyword(thd, &(yyvsp[0].kwd)))) MYSQL_YYABORT; } -#line 52349 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3773: /* ident_cli_directly_assignable: keyword_directly_assignable */ -#line 19559 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19581 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.ident_cli)= (yyvsp[0].kwd); } -#line 52355 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52386 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3774: /* $@268: %empty */ -#line 19565 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19587 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_stmt_init(); if (sp_create_assignment_lex(thd, (yyvsp[-1].ident_cli).pos())) MYSQL_YYABORT; } -#line 52366 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52397 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3775: /* set_assign: ident_cli_directly_assignable SET_VAR $@268 set_expr_or_default */ -#line 19572 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19594 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex_ident_sys tmp(thd, &(yyvsp[-3].ident_cli)); @@ -52376,22 +52407,22 @@ false))) MYSQL_YYABORT; } -#line 52380 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52411 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3776: /* $@269: %empty */ -#line 19582 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19604 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex=Lex; lex->set_stmt_init(); if (sp_create_assignment_lex(thd, (yyvsp[-3].ident_cli).pos())) MYSQL_YYABORT; } -#line 52391 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52422 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3777: /* set_assign: ident_cli_directly_assignable '.' ident SET_VAR $@269 set_expr_or_default */ -#line 19589 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19611 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; DBUG_ASSERT(lex->var_list.is_empty()); @@ -52403,11 +52434,11 @@ false))) MYSQL_YYABORT; } -#line 52407 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52438 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3778: /* $@270: %empty */ -#line 19601 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19623 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= Lex; if (unlikely(!lex->is_trigger_new_or_old_reference(&(yyvsp[-3].ident_sys)))) @@ -52419,11 +52450,11 @@ if (sp_create_assignment_lex(thd, (yyvsp[-4].kwd).pos())) MYSQL_YYABORT; } -#line 52423 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52454 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3779: /* set_assign: COLON_ORACLE_SYM ident '.' ident SET_VAR $@270 set_expr_or_default */ -#line 19613 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19635 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX_CSTRING tmp= { (yyvsp[-5].ident_sys).str, (yyvsp[-5].ident_sys).length }; if (unlikely(Lex->set_trigger_field(&tmp, &(yyvsp[-3].ident_sys), (yyvsp[0].expr_and_query_str).expr, @@ -52432,147 +52463,147 @@ false))) MYSQL_YYABORT; } -#line 52436 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52467 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3780: /* labels_declaration_oracle: label_declaration_oracle */ -#line 19625 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19647 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 52442 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52473 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3781: /* labels_declaration_oracle: labels_declaration_oracle label_declaration_oracle */ -#line 19626 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19648 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].lex_str); } -#line 52448 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52479 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3782: /* label_declaration_oracle: SHIFT_LEFT label_ident SHIFT_RIGHT */ -#line 19631 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19653 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_push_goto_label(thd, &(yyvsp[-1].ident_sys)))) MYSQL_YYABORT; (yyval.lex_str)= (yyvsp[-1].ident_sys); } -#line 52458 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52489 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3783: /* opt_exception_clause: _empty */ -#line 19639 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19661 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 0; } -#line 52464 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52495 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3784: /* opt_exception_clause: EXCEPTION_ORACLE_SYM exception_handlers */ -#line 19640 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19662 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[0].num); } -#line 52470 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52501 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3785: /* exception_handlers: exception_handler */ -#line 19644 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19666 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= 1; } -#line 52476 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52507 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3786: /* exception_handlers: exception_handlers exception_handler */ -#line 19645 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19667 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.num)= (yyvsp[-1].num) + 1; } -#line 52482 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52513 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3787: /* $@271: %empty */ -#line 19650 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19672 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_handler_declaration_init(thd, sp_handler::EXIT))) MYSQL_YYABORT; } -#line 52491 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52522 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3788: /* exception_handler: WHEN_SYM $@271 sp_hcond_list THEN_SYM sp_proc_stmts1_implicit_block */ -#line 19657 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19679 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_handler_declaration_finalize(thd, sp_handler::EXIT))) MYSQL_YYABORT; } -#line 52500 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52531 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3789: /* sp_no_param: _empty */ -#line 19665 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19687 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sphead->m_param_begin= Lex->sphead->m_param_end= YYLIP->get_cpp_tok_start() + 1; } -#line 52509 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52540 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3794: /* opt_trailing_sp_name: _empty */ -#line 19683 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19705 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spname)= NULL; } -#line 52515 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52546 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3795: /* opt_trailing_sp_name: sp_name */ -#line 19684 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19706 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spname)= (yyvsp[0].spname); } -#line 52521 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52552 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3796: /* opt_package_routine_end_name: _empty */ -#line 19689 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19711 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= null_clex_str; } -#line 52527 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52558 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3797: /* opt_package_routine_end_name: ident */ -#line 19690 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19712 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex_str)= (yyvsp[0].ident_sys); } -#line 52533 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52564 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3800: /* sp_instr_addr: %empty */ -#line 19699 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19721 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.sp_instr_addr)= Lex->sphead->instructions(); } -#line 52539 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52570 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3801: /* $@272: %empty */ -#line 19703 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19725 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd); } -#line 52547 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52578 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3802: /* $@273: %empty */ -#line 19707 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_with_exceptions_finalize_declarations(thd))) MYSQL_YYABORT; } -#line 52556 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52587 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3803: /* $@274: %empty */ -#line 19713 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19735 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-3].spblock).hndlrs+= (yyvsp[0].spblock_handlers).hndlrs; if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-3].spblock)))) MYSQL_YYABORT; } -#line 52566 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52597 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3807: /* package_implementation_declare_section_list: package_implementation_declare_section_list1 package_implementation_declare_section_list2 */ -#line 19729 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19751 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 52572 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52603 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3808: /* package_implementation_declare_section: package_implementation_declare_section_list */ -#line 19734 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19756 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Add a jump "end of declarations -> start of exceptions" @@ -52581,11 +52612,11 @@ if (Lex->sp_block_with_exceptions_finalize_declarations(thd)) MYSQL_YYABORT; } -#line 52585 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52616 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3809: /* package_implementation_executable_section: END */ -#line 19746 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19768 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { /* Backpatch the jump generated in @@ -52597,29 +52628,29 @@ MYSQL_YYABORT; (yyval.spblock_handlers).init(0); } -#line 52601 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52632 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3810: /* package_implementation_executable_section: BEGIN_ORACLE_SYM sp_block_statements_and_exceptions END */ -#line 19757 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19779 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock_handlers)= (yyvsp[-1].spblock_handlers); } -#line 52607 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52638 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3812: /* package_implementation_declare_section_list1: package_implementation_declare_section_list1 package_implementation_item_declaration */ -#line 19767 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19789 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 52613 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52644 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3814: /* package_implementation_declare_section_list2: package_implementation_declare_section_list2 package_implementation_routine_definition */ -#line 19774 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19796 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-1].spblock), (yyvsp[0].spblock)); } -#line 52619 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52650 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3815: /* $@275: %empty */ -#line 19780 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19802 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex->package_routine_start(thd, &sp_handler_package_function, (yyvsp[0].ident_sys)); @@ -52627,22 +52658,22 @@ MYSQL_YYABORT; thd->lex= lex; } -#line 52631 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52662 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3816: /* package_specification_function: remember_lex ident $@275 sf_parameters sf_returned_type_clause sp_c_chistics */ -#line 19790 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19812 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex)= thd->lex; sp_head *sp= thd->lex->sphead; sp->restore_thd_mem_root(thd); thd->lex= (yyvsp[-5].lex); } -#line 52642 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52673 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3817: /* $@276: %empty */ -#line 19800 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19822 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex->package_routine_start(thd, &sp_handler_package_procedure, (yyvsp[0].ident_sys)); @@ -52650,22 +52681,22 @@ MYSQL_YYABORT; thd->lex= lex; } -#line 52654 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52685 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3818: /* package_specification_procedure: remember_lex ident $@276 sp_parameters sp_c_chistics */ -#line 19809 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19831 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.lex)= thd->lex; sp_head *sp= thd->lex->sphead; sp->restore_thd_mem_root(thd); thd->lex= (yyvsp[-4].lex); } -#line 52665 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52696 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3819: /* package_implementation_routine_definition: FUNCTION_SYM package_specification_function package_implementation_function_body ';' */ -#line 19821 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_implementation((yyvsp[-2].lex)))) @@ -52673,11 +52704,11 @@ pkg->m_current_routine= NULL; (yyval.spblock).init(); } -#line 52677 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3820: /* package_implementation_routine_definition: PROCEDURE_SYM package_specification_procedure package_implementation_procedure_body ';' */ -#line 19830 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_implementation((yyvsp[-2].lex)))) @@ -52685,17 +52716,17 @@ pkg->m_current_routine= NULL; (yyval.spblock).init(); } -#line 52689 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52720 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3821: /* package_implementation_routine_definition: package_specification_element */ -#line 19837 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19859 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).init(); } -#line 52695 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52726 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3822: /* $@277: %empty */ -#line 19843 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19865 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); sp_head *sp= pkg->m_current_routine->sphead; @@ -52704,22 +52735,22 @@ sp->set_c_chistics(thd->lex->sp_chistics); sp->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 52708 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52739 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3823: /* package_implementation_function_body: sp_tail_is remember_lex $@277 sp_package_function_body opt_package_routine_end_name */ -#line 19852 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19874 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->lex->sp_body_finalize_function(thd) || thd->lex->sphead->check_package_routine_end_name((yyvsp[0].lex_str)))) MYSQL_YYABORT; thd->lex= (yyvsp[-3].lex); } -#line 52719 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52750 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3824: /* $@278: %empty */ -#line 19862 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19884 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); sp_head *sp= pkg->m_current_routine->sphead; @@ -52728,240 +52759,240 @@ sp->set_c_chistics(thd->lex->sp_chistics); sp->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 52732 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52763 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3825: /* package_implementation_procedure_body: sp_tail_is remember_lex $@278 sp_package_procedure_body opt_package_routine_end_name */ -#line 19871 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19893 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(thd->lex->sp_body_finalize_procedure(thd) || thd->lex->sphead->check_package_routine_end_name((yyvsp[0].lex_str)))) MYSQL_YYABORT; thd->lex= (yyvsp[-3].lex); } -#line 52743 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52774 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3830: /* package_specification_element: FUNCTION_SYM package_specification_function ';' */ -#line 19892 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_declaration((yyvsp[-1].lex)))) MYSQL_YYABORT; pkg->m_current_routine= NULL; } -#line 52754 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52785 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3831: /* package_specification_element: PROCEDURE_SYM package_specification_procedure ';' */ -#line 19899 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19921 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg= Lex->get_sp_package(); if (unlikely(pkg->add_routine_declaration((yyvsp[-1].lex)))) MYSQL_YYABORT; pkg->m_current_routine= NULL; } -#line 52765 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3832: /* sp_decl_variable_list_anchored: sp_decl_idents_init_vars optionally_qualified_column_ident PERCENT_ORACLE_SYM TYPE_SYM sp_opt_default */ -#line 19914 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19936 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_variable_declarations_with_ref_finalize(thd, (yyvsp[-4].num), (yyvsp[-3].qualified_column_ident), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-4].num)); } -#line 52776 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52807 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3833: /* sp_decl_variable_list_anchored: sp_decl_idents_init_vars optionally_qualified_column_ident PERCENT_ORACLE_SYM ROWTYPE_ORACLE_SYM sp_opt_default */ -#line 19923 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19945 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_variable_declarations_rowtype_finalize(thd, (yyvsp[-4].num), (yyvsp[-3].qualified_column_ident), (yyvsp[0].expr_and_query_str).expr, (yyvsp[0].expr_and_query_str).expr_str))) MYSQL_YYABORT; (yyval.spblock).init_using_vars((yyvsp[-4].num)); } -#line 52787 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52818 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3834: /* sp_param_name_and_mode: sp_param_name sp_opt_inout sp_opt_nocopy */ -#line 19933 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19955 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-2].spvar)->mode= (yyvsp[-1].spvar_mode); (yyval.spvar)= (yyvsp[-2].spvar); } -#line 52796 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52827 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3835: /* sp_param_init_vars: sp_param_name_and_mode_init_vars field_type */ -#line 19941 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19963 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_param_fill_definition((yyval.spvar)= (yyvsp[-1].spvar), (yyvsp[0].Lex_field_type)))) MYSQL_YYABORT; } -#line 52805 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52836 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3836: /* sp_param_init_vars: sp_param_name_and_mode_init_vars ROW_SYM row_type_body */ -#line 19946 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19968 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_row(thd, (yyval.spvar)= (yyvsp[-2].spvar), (yyvsp[0].spvar_definition_list)))) MYSQL_YYABORT; } -#line 52814 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52845 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3838: /* sp_param_anchored: sp_param_name_and_mode_init_vars sp_decl_ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ -#line 19955 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19977 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_type_reference(thd, (yyval.spvar)= (yyvsp[-5].spvar), (yyvsp[-4].ident_sys), (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52823 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52854 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3839: /* sp_param_anchored: sp_param_name_and_mode_init_vars sp_decl_ident '.' ident '.' ident PERCENT_ORACLE_SYM TYPE_SYM */ -#line 19960 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19982 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_type_reference(thd, (yyval.spvar)= (yyvsp[-7].spvar), (yyvsp[-6].ident_sys), (yyvsp[-4].ident_sys), (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52832 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52863 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3840: /* sp_param_anchored: sp_param_name_and_mode_init_vars sp_decl_ident PERCENT_ORACLE_SYM ROWTYPE_ORACLE_SYM */ -#line 19965 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19987 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_table_rowtype_reference(thd, (yyval.spvar)= (yyvsp[-3].spvar), (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52841 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52872 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3841: /* sp_param_anchored: sp_param_name_and_mode_init_vars sp_decl_ident '.' ident PERCENT_ORACLE_SYM ROWTYPE_ORACLE_SYM */ -#line 19970 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 19992 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->spvar_fill_table_rowtype_reference(thd, (yyval.spvar)= (yyvsp[-5].spvar), (yyvsp[-4].ident_sys), (yyvsp[-2].ident_sys)))) MYSQL_YYABORT; } -#line 52850 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52881 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3842: /* $@279: %empty */ -#line 19979 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { LEX *lex= thd->lex; lex->sphead->set_c_chistics(lex->sp_chistics); lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 52860 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52891 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3843: /* sf_c_chistics_and_body_standalone: sp_c_chistics $@279 sp_tail_is sp_body force_lookahead */ -#line 19985 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20007 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_body_finalize_function(thd))) MYSQL_YYABORT; } -#line 52869 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52900 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3844: /* $@280: %empty */ -#line 19993 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20015 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(!Lex->make_sp_head_no_recursive(thd, (yyvsp[0].spname), &sp_handler_procedure, DEFAULT_AGGREGATE))) MYSQL_YYABORT; } -#line 52880 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52911 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3845: /* $@281: %empty */ -#line 20001 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20023 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sphead->set_c_chistics(Lex->sp_chistics); Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 52889 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52920 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3846: /* sp_tail_standalone: sp_name $@280 opt_sp_parenthesized_pdparam_list sp_c_chistics $@281 sp_tail_is sp_body opt_trailing_sp_name */ -#line 20008 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20030 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_body_finalize_procedure_standalone(thd, (yyvsp[0].spname)))) MYSQL_YYABORT; } -#line 52898 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52929 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3847: /* $@282: %empty */ -#line 20019 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20041 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_procedure_start((yyvsp[-3].object_ddl_options) | (yyvsp[0].object_ddl_options))) MYSQL_YYABORT; } -#line 52907 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52938 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3848: /* create_routine: create_or_replace definer_opt PROCEDURE_SYM opt_if_not_exists $@282 sp_tail_standalone */ -#line 20024 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20046 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->stmt_create_routine_finalize(); } -#line 52915 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52946 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3849: /* $@283: %empty */ -#line 20029 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_start((yyvsp[-5].object_ddl_options) | (yyvsp[-1].object_ddl_options), (yyvsp[-3].sp_aggregate_type), (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 52924 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52955 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3850: /* create_routine: create_or_replace definer opt_aggregate FUNCTION_SYM opt_if_not_exists sp_name $@283 sf_parameters sf_returned_type_clause sf_c_chistics_and_body_standalone opt_trailing_sp_name */ -#line 20037 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20059 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_finalize_standalone((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 52933 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52964 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3851: /* $@284: %empty */ -#line 20043 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20065 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_start((yyvsp[-5].object_ddl_options) | (yyvsp[-1].object_ddl_options), (yyvsp[-3].sp_aggregate_type), (yyvsp[0].spname))) MYSQL_YYABORT; } -#line 52942 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52973 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3852: /* create_routine: create_or_replace no_definer opt_aggregate FUNCTION_SYM opt_if_not_exists sp_name $@284 sf_parameters sf_returned_type_clause sf_c_chistics_and_body_standalone opt_trailing_sp_name */ -#line 20051 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20073 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_stored_function_finalize_standalone((yyvsp[0].spname))) MYSQL_YYABORT; } -#line 52951 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52982 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3853: /* create_routine: create_or_replace no_definer opt_aggregate FUNCTION_SYM opt_if_not_exists ident RETURNS_SYM udf_type SONAME_SYM TEXT_STRING_sys */ -#line 20057 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20079 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (Lex->stmt_create_udf_function((yyvsp[-9].object_ddl_options) | (yyvsp[-5].object_ddl_options), (yyvsp[-7].sp_aggregate_type), (yyvsp[-4].ident_sys), (Item_result) (yyvsp[-2].num), (yyvsp[0].lex_str))) MYSQL_YYABORT; } -#line 52961 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 52992 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3854: /* $@285: %empty */ -#line 20064 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20086 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg; if (unlikely(!(pkg= Lex-> @@ -52971,20 +53002,20 @@ MYSQL_YYABORT; Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); } -#line 52975 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53006 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3855: /* create_routine: create_or_replace definer_opt sp_handler_package_spec opt_if_not_exists sp_name opt_create_package_chistics_init $@285 sp_tail_is opt_package_specification_element_list END remember_end_opt opt_trailing_sp_name */ -#line 20076 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20098 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->create_package_finalize(thd, (yyvsp[-7].spname), (yyvsp[0].spname), (yyvsp[-1].simple_string)))) MYSQL_YYABORT; } -#line 52984 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53015 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3856: /* $@286: %empty */ -#line 20082 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20104 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_package *pkg; if (unlikely(!(pkg= Lex-> @@ -52995,95 +53026,95 @@ Lex->sphead->set_body_start(thd, YYLIP->get_cpp_tok_start()); Lex->sp_block_init(thd); } -#line 52999 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53030 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3857: /* $@287: %empty */ -#line 20095 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20117 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-1].spblock).hndlrs+= (yyvsp[0].spblock_handlers).hndlrs; if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-1].spblock)))) MYSQL_YYABORT; } -#line 53009 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53040 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3858: /* create_routine: create_or_replace definer_opt sp_handler_package_body opt_if_not_exists sp_name opt_create_package_chistics_init $@286 sp_tail_is package_implementation_declare_section package_implementation_executable_section $@287 remember_end_opt opt_trailing_sp_name */ -#line 20101 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20123 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->create_package_finalize(thd, (yyvsp[-8].spname), (yyvsp[0].spname), (yyvsp[-1].simple_string)))) MYSQL_YYABORT; } -#line 53018 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3859: /* opt_sp_decl_body_list: _empty */ -#line 20112 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).init(); } -#line 53026 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53057 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3860: /* opt_sp_decl_body_list: sp_decl_body_list */ -#line 20115 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20137 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock)= (yyvsp[0].spblock); } -#line 53032 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3861: /* $@288: %empty */ -#line 20120 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sphead->sp_add_instr_cpush_for_cursors(thd, Lex->spcont))) MYSQL_YYABORT; } -#line 53041 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53072 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3862: /* sp_decl_body_list: sp_decl_non_handler_list $@288 opt_sp_decl_handler_list */ -#line 20125 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20147 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-2].spblock), (yyvsp[0].spblock)); } -#line 53049 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53080 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3864: /* sp_decl_non_handler_list: sp_decl_non_handler ';' */ -#line 20132 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20154 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock)= (yyvsp[-1].spblock); } -#line 53055 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53086 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3865: /* sp_decl_non_handler_list: sp_decl_non_handler_list sp_decl_non_handler ';' */ -#line 20134 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20156 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-2].spblock), (yyvsp[-1].spblock)); } -#line 53063 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53094 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3866: /* sp_decl_handler_list: sp_decl_handler ';' */ -#line 20140 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20162 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock)= (yyvsp[-1].spblock); } -#line 53069 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53100 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3867: /* sp_decl_handler_list: sp_decl_handler_list sp_decl_handler ';' */ -#line 20142 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).join((yyvsp[-2].spblock), (yyvsp[-1].spblock)); } -#line 53077 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53108 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3868: /* opt_sp_decl_handler_list: _empty */ -#line 20148 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20170 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyval.spblock).init(); } -#line 53083 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53114 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3871: /* sp_decl_non_handler: ident_directly_assignable CONDITION_SYM FOR_SYM sp_cond */ -#line 20155 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20177 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->spcont->declare_condition(thd, Lex_ident_column((yyvsp[-3].ident_sys)), @@ -53092,11 +53123,11 @@ (yyval.spblock).vars= (yyval.spblock).hndlrs= (yyval.spblock).curs= 0; (yyval.spblock).conds= 1; } -#line 53096 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53127 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3872: /* sp_decl_non_handler: ident_directly_assignable EXCEPTION_ORACLE_SYM */ -#line 20164 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20186 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_condition_value *spcond= new (thd->mem_root) sp_condition_value_user_defined(); @@ -53108,19 +53139,19 @@ (yyval.spblock).vars= (yyval.spblock).hndlrs= (yyval.spblock).curs= 0; (yyval.spblock).conds= 1; } -#line 53112 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53143 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3873: /* $@289: %empty */ -#line 20176 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20198 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd); } -#line 53120 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53151 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3874: /* sp_decl_non_handler: CURSOR_SYM ident_directly_assignable $@289 opt_parenthesized_cursor_formal_parameters IS sp_cursor_stmt */ -#line 20181 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20203 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { sp_pcontext *param_ctx= Lex->spcont; if (unlikely(Lex->sp_block_finalize(thd))) @@ -53130,11 +53161,11 @@ (yyval.spblock).vars= (yyval.spblock).conds= (yyval.spblock).hndlrs= 0; (yyval.spblock).curs= 1; } -#line 53134 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53165 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3875: /* sp_decl_non_handler: TYPE_SYM ident_directly_assignable IS RECORD_SYM rec_type_body */ -#line 20191 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20213 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->spcont-> declare_record(thd, Lex_ident_column((yyvsp[-3].ident_sys)), (yyvsp[0].spvar_definition_list)))) @@ -53142,69 +53173,69 @@ (yyval.spblock).vars= (yyval.spblock).conds= (yyval.spblock).hndlrs= (yyval.spblock).curs= 0; } -#line 53146 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3881: /* sp_proc_stmt: labels_declaration_oracle sp_labelable_stmt */ -#line 20207 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20229 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" {} -#line 53152 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53183 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3892: /* sp_labelable_stmt: NULL_SYM */ -#line 20221 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { } -#line 53158 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53189 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3897: /* $@290: %empty */ -#line 20235 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20257 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd, &(yyvsp[-1].lex_str)); if (unlikely(Lex->sp_block_with_exceptions_finalize_declarations(thd))) MYSQL_YYABORT; } -#line 53168 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53199 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3898: /* sp_labeled_block: sp_block_label BEGIN_ORACLE_SYM $@290 sp_block_statements_and_exceptions END sp_opt_label */ -#line 20243 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20265 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd, Lex_spblock((yyvsp[-2].spblock_handlers)), &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 53177 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53208 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3899: /* $@291: %empty */ -#line 20249 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20271 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { Lex->sp_block_init(thd, &(yyvsp[-1].lex_str)); } -#line 53185 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3900: /* $@292: %empty */ -#line 20253 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_with_exceptions_finalize_declarations(thd))) MYSQL_YYABORT; } -#line 53194 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3901: /* sp_labeled_block: sp_block_label DECLARE_ORACLE_SYM $@291 opt_sp_decl_body_list $@292 BEGIN_ORACLE_SYM sp_block_statements_and_exceptions END sp_opt_label */ -#line 20261 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20283 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-5].spblock).hndlrs+= (yyvsp[-2].spblock_handlers).hndlrs; if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-5].spblock), &(yyvsp[0].lex_str)))) MYSQL_YYABORT; } -#line 53204 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3904: /* $@293: %empty */ -#line 20275 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20297 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->maybe_start_compound_statement(thd))) MYSQL_YYABORT; @@ -53212,68 +53243,68 @@ if (unlikely(Lex->sp_block_with_exceptions_finalize_declarations(thd))) MYSQL_YYABORT; } -#line 53216 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53247 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3905: /* sp_unlabeled_block: BEGIN_ORACLE_SYM opt_not_atomic $@293 sp_block_statements_and_exceptions END */ -#line 20284 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20306 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_finalize(thd, Lex_spblock((yyvsp[-1].spblock_handlers))))) MYSQL_YYABORT; } -#line 53225 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53256 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3906: /* $@294: %empty */ -#line 20289 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20311 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->maybe_start_compound_statement(thd))) MYSQL_YYABORT; Lex->sp_block_init(thd); } -#line 53235 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53266 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3907: /* $@295: %empty */ -#line 20295 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20317 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_with_exceptions_finalize_declarations(thd))) MYSQL_YYABORT; } -#line 53244 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53275 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3908: /* sp_unlabeled_block: DECLARE_ORACLE_SYM $@294 opt_sp_decl_body_list $@295 BEGIN_ORACLE_SYM sp_block_statements_and_exceptions END */ -#line 20302 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20324 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { (yyvsp[-4].spblock).hndlrs+= (yyvsp[-1].spblock_handlers).hndlrs; if (unlikely(Lex->sp_block_finalize(thd, (yyvsp[-4].spblock)))) MYSQL_YYABORT; } -#line 53254 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53285 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3909: /* $@296: %empty */ -#line 20312 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20334 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_with_exceptions_finalize_executable_section(thd, (yyvsp[-1].sp_instr_addr)))) MYSQL_YYABORT; } -#line 53263 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53294 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; case 3910: /* sp_block_statements_and_exceptions: sp_instr_addr sp_proc_stmts $@296 opt_exception_clause */ -#line 20317 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" +#line 20339 "/home/buildbot/tarball-docker/build/server/sql/sql_yacc.yy" { if (unlikely(Lex->sp_block_with_exceptions_finalize_exceptions(thd, (yyvsp[-3].sp_instr_addr), (yyvsp[0].num)))) MYSQL_YYABORT; (yyval.spblock_handlers).init((yyvsp[0].num)); } -#line 53273 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53304 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" break; -#line 53277 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" +#line 53308 "/home/buildbot/tarball-docker/build/mkdist/sql/yy_oracle.cc" default: break; } diff -Nru mariadb-11.8.6/sql/yy_oracle.hh mariadb-11.8.8/sql/yy_oracle.hh --- mariadb-11.8.6/sql/yy_oracle.hh 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/sql/yy_oracle.hh 2026-05-24 09:58:35.000000000 +0000 @@ -842,11 +842,6 @@ ulonglong ulonglong_number; longlong longlong_number; uint sp_instr_addr; - /* - Longlong_hybrid does not have a default constructor, hence the - default value below. - */ - Longlong_hybrid longlong_hybrid_number= Longlong_hybrid(0, false); /* structs */ LEX_CSTRING lex_str; @@ -884,6 +879,11 @@ Lex_select_lock select_lock; Lex_select_limit select_limit; Lex_order_limit_lock *order_limit_lock; + struct + { + longlong num; + bool is_unsigned; + } longlong_hybrid_number; /* pointers */ Lex_ident_sys *ident_sys_ptr; diff -Nru mariadb-11.8.6/sql-common/my_user.c mariadb-11.8.8/sql-common/my_user.c --- mariadb-11.8.6/sql-common/my_user.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/sql-common/my_user.c 2026-05-24 09:58:32.000000000 +0000 @@ -41,7 +41,7 @@ char *user_name_str, size_t *user_name_len, char *host_name_str, size_t *host_name_len) { - char *p= strrchr(user_id_str, '@'); + const char *p= strrchr(user_id_str, '@'); if (!p) { diff -Nru mariadb-11.8.6/storage/archive/ha_archive.cc mariadb-11.8.8/storage/archive/ha_archive.cc --- mariadb-11.8.6/storage/archive/ha_archive.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/archive/ha_archive.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1160,22 +1160,12 @@ uint key_len, enum ha_rkey_function find_flag) { int rc; - DBUG_ENTER("ha_archive::index_read"); - rc= index_read_idx(buf, active_index, key, key_len, find_flag); - DBUG_RETURN(rc); -} - - -int ha_archive::index_read_idx(uchar *buf, uint index, const uchar *key, - uint key_len, enum ha_rkey_function find_flag) -{ - int rc; bool found= 0; - KEY *mkey= &table->key_info[index]; + KEY *mkey= &table->key_info[active_index]; current_k_offset= mkey->key_part->offset; current_key= key; current_key_len= key_len; - DBUG_ENTER("ha_archive::index_read_idx"); + DBUG_ENTER("ha_archive::index_read"); rc= rnd_init(TRUE); diff -Nru mariadb-11.8.6/storage/archive/ha_archive.h mariadb-11.8.8/storage/archive/ha_archive.h --- mariadb-11.8.6/storage/archive/ha_archive.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/archive/ha_archive.h 2026-05-24 09:58:32.000000000 +0000 @@ -111,11 +111,9 @@ ulonglong blocks) override; IO_AND_CPU_COST rnd_pos_time(ha_rows rows) override; int index_init(uint keynr, bool sorted) override; - virtual int index_read(uchar * buf, const uchar * key, - uint key_len, enum ha_rkey_function find_flag) - override; - virtual int index_read_idx(uchar * buf, uint index, const uchar * key, - uint key_len, enum ha_rkey_function find_flag); + int index_read(uchar * buf, const uchar * key, + uint key_len, enum ha_rkey_function find_flag) + override; int index_next(uchar * buf) override; int open(const char *name, int mode, uint test_if_locked) override; int close(void) override; diff -Nru mariadb-11.8.6/storage/columnstore/CMakeLists.txt mariadb-11.8.8/storage/columnstore/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/CMakeLists.txt 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/CMakeLists.txt 2026-05-24 09:58:32.000000000 +0000 @@ -56,6 +56,7 @@ CMAKE_SYSTEM_PROCESSOR STREQUAL "aarch64") MY_CHECK_AND_SET_COMPILER_FLAG("-fno-lto") SET(PCRE_INCLUDES "${PCRE_INCLUDE_DIRS}") + set(CMAKE_POLICY_VERSION_MINIMUM 3.5) add_subdirectory(columnstore) IF(TARGET columnstore) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/.drone.jsonnet mariadb-11.8.8/storage/columnstore/columnstore/.drone.jsonnet --- mariadb-11.8.6/storage/columnstore/columnstore/.drone.jsonnet 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/.drone.jsonnet 2026-05-24 09:58:33.000000000 +0000 @@ -67,33 +67,20 @@ local any_branch = "**"; +local default_upgrade_versions = ["10.6.15-10", "10.6.24-20"]; +local default_arch_versions = { + arm64: default_upgrade_versions, + amd64: default_upgrade_versions, +}; + local upgrade_test_lists = { - rockylinux8: { - arm64: ["10.6.4-1", "10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.15-10"], - amd64: ["10.6.4-1", "10.6.5-2", "10.6.7-3", "10.6.8-4", "10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - }, - rockylinux9: { - arm64: ["10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - amd64: ["10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - }, - - debian12: { - arm64: [], - amd64: [], - }, - "ubuntu20.04": { - arm64: ["10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - amd64: ["10.6.4-1", "10.6.5-2", "10.6.7-3", "10.6.8-4", "10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - }, - "ubuntu22.04": { - arm64: ["10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - amd64: ["10.6.9-5", "10.6.11-6", "10.6.12-7", "10.6.14-9", "10.6.15-10"], - }, - "ubuntu24.04": - { - arm64: [], - amd64: [], - }, + rockylinux8: default_arch_versions, + rockylinux9: default_arch_versions, + rockylinux10: default_arch_versions, + debian12: default_arch_versions, + debian13: default_arch_versions, + "ubuntu22.04": default_arch_versions, + "ubuntu24.04": default_arch_versions, }; local make_clickable_link(link) = "echo -e '\\e]8;;" + link + "\\e\\\\" + link + "\\e]8;;\\e\\\\'"; @@ -210,13 +197,15 @@ local getContainerName(stepname) = stepname + "$${DRONE_BUILD_NUMBER}", - local prepareTestContainer(containerName, result, do_setup) = + local prepareTestContainer(containerName, result, do_setup, do_install, do_install_builddeps) = 'sh -c "apk add bash && ' + get_build_command("prepare_test_container.sh") + " --container-name " + containerName + " --docker-image " + img + " --result-path " + result + " --packages-url " + packages_url + " --do-setup " + std.toString(do_setup) + + " --do-install " + std.toString(do_install) + + " --do-install-builddeps " + std.toString(do_install_builddeps) + (if result == "ubuntu24.04_clang-20_libcpp" then " --install-libcpp " else "") + '"', @@ -243,7 +232,7 @@ image: "docker:28.2.2", volumes: [pipeline._volumes.mdb, pipeline._volumes.docker], commands: [ - prepareTestContainer(getContainerName("smoke"), result, true), + prepareTestContainer(getContainerName("smoke"), result, true, true, true), get_build_command("run_smoke.sh") + " --container-name " + getContainerName("smoke"), ], @@ -262,16 +251,16 @@ }, upgrade(version):: { name: "upgrade-test from " + version, - depends_on: ["regressionlog"], + depends_on: ["publish pkg", "publish cmapi build"], image: "docker:28.2.2", - volumes: [pipeline._volumes.docker], + volumes: [pipeline._volumes.docker, pipeline._volumes.mdb], environment: { UPGRADE_TOKEN: { from_secret: "es_token", - }, + } }, commands: [ - prepareTestContainer(getContainerName("upgrade") + version, result, false), + prepareTestContainer(getContainerName("upgrade") + version, result, false, false, false), execInnerDocker( 'bash -c "./upgrade_setup_' + pkg_format + ".sh " @@ -279,7 +268,7 @@ + result + " " + arch + " " + repo_pkg_url_no_res - + ' $${UPGRADE_TOKEN}"', + + ' $${UPGRADE_TOKEN} ' + server + '"', getContainerName("upgrade") + version ), ], @@ -313,7 +302,7 @@ MTR_FULL_SUITE: "${MTR_FULL_SUITE:-false}", }, commands: [ - prepareTestContainer(getContainerName("mtr"), result, true), + prepareTestContainer(getContainerName("mtr"), result, true, true, true), "apk add bash &&" + get_build_command("run_mtr.sh") + @@ -357,7 +346,7 @@ REGRESSION_REF_AUX: branch_ref, }, commands: [ - prepareTestContainer(getContainerName("regression"), result, true), + prepareTestContainer(getContainerName("regression"), result, true, true, true), // REGRESSION_REF can be empty if there is no appropriate branch in regression repository. // if REGRESSION_REF is empty, try to see whether regression repository has a branch named as one we PR. @@ -438,7 +427,7 @@ PYTHONPATH: "/usr/share/columnstore/cmapi/deps", }, commands: [ - prepareTestContainer(getContainerName("cmapi"), result, true), + prepareTestContainer(getContainerName("cmapi"), result, true, true, true), "apk add bash && " + get_build_command("run_cmapi_test.sh") + " --container-name " + getContainerName("cmapi") + @@ -457,6 +446,18 @@ status: ["success", "failure"], }, }, + mcs_cli_docs_check:: { + name: "mcs cli docs check", + depends_on: ["publish cmapi build"], + image: "docker:git", + volumes: [pipeline._volumes.docker, pipeline._volumes.mdb], + commands: [ + prepareTestContainer(getContainerName("cmapi-docs"), result, true, true, true), + "apk add bash && " + + get_build_command("check_mcs_cli_docs.sh") + + " --container-name " + getContainerName("cmapi-docs"), + ], + }, multi_node_mtr:: { name: "mtr", depends_on: ["dockerhub"], @@ -643,12 +644,13 @@ [pipeline.cmapitest] + [pipeline.cmapilog] + [pipeline.publish("cmapilog")] + + (if (platform == "rockylinux:9" && arch == "amd64" && server == "10.6-enterprise") then [pipeline.mcs_cli_docs_check] else []) + (if (platform == "rockylinux:8" && arch == "amd64" && customBootstrapParamsKey == "gcc-toolset") then [pipeline.dockerfile] + [pipeline.dockerhub] + [pipeline.multi_node_mtr] + [pipeline.multinode_mtrlog] + [pipeline.publish("multinode-mtrlog")] else [pipeline.mtr] + [pipeline.mtrlog] + [pipeline.publish("mtrlog")]) + [pipeline.regression(regression_tests[i], if (i == 0) then ["mtr", "publish pkg", "publish cmapi build"] else [regression_tests[i - 1]]) for i in indexes(regression_tests)] + [pipeline.regressionlog] + [pipeline.publish("regressionlog")] + - // [pipeline.upgrade(mdb_server_versions[i]) for i in indexes(mdb_server_versions)] + - // (if (std.length(mdb_server_versions) == 0) then [] else [pipeline.upgradelog] + [pipeline.publish("upgradelog")]) + + [pipeline.upgrade(mdb_server_versions[i]) for i in indexes(mdb_server_versions)] + + (if (std.length(mdb_server_versions) == 0) then [] else [pipeline.upgradelog] + [pipeline.publish("upgradelog")]) + (if (event == "cron") then [pipeline.publish("regressionlog latest", "latest")] else []), volumes: [pipeline._volumes.mdb { temp: {} }, pipeline._volumes.docker { host: { path: "/var/run/docker.sock" } }], diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -87,6 +87,10 @@ add_subdirectory(${component}) endforeach() +add_custom_target(GenColumnstoreSource + DEPENDS GenDDLPackageSource GenDMLPackageSource GenLoggingSource +) + add_dependencies(rbo GenError) add_dependencies(udf_mysql GenError) add_dependencies(funcexp GenError) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/VERSION mariadb-11.8.8/storage/columnstore/columnstore/VERSION --- mariadb-11.8.6/storage/columnstore/columnstore/VERSION 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/VERSION 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ COLUMNSTORE_VERSION_MAJOR=25 COLUMNSTORE_VERSION_MINOR=10 -COLUMNSTORE_VERSION_PATCH=3 +COLUMNSTORE_VERSION_PATCH=4 COLUMNSTORE_VERSION_RELEASE=1 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/bootstrap_mcs.sh mariadb-11.8.8/storage/columnstore/columnstore/build/bootstrap_mcs.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/bootstrap_mcs.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/bootstrap_mcs.sh 2026-05-24 09:58:33.000000000 +0000 @@ -144,7 +144,7 @@ exit 17 fi - if is_rocky_version_ge $OS 10; then + if is_rocky_version_ge $OS 9; then command="${command} && dnf install -y selinux-policy-devel" fi diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/build_cmapi.sh mariadb-11.8.8/storage/columnstore/columnstore/build/build_cmapi.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/build_cmapi.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/build_cmapi.sh 2026-05-24 09:58:33.000000000 +0000 @@ -8,7 +8,6 @@ SCRIPT_LOCATION=$(dirname "$0") COLUMNSTORE_SOURCE_PATH=$(realpath "$SCRIPT_LOCATION"/../) -MDB_SOURCE_PATH=$(realpath "$SCRIPT_LOCATION"/../../../..) source "$SCRIPT_LOCATION"/utils.sh @@ -77,9 +76,9 @@ fi if [ "$(arch)" == "x86_64" ]; then - PYTHON_URL="https://github.com/indygreg/python-build-standalone/releases/download/20220802/cpython-3.9.13+20220802-x86_64_v2-unknown-linux-gnu-pgo+lto-full.tar.zst" + PYTHON_URL="https://github.com/astral-sh/python-build-standalone/releases/download/20260127/cpython-3.13.11+20260127-x86_64_v2-unknown-linux-gnu-pgo+lto-full.tar.zst" elif [[ "$(arch)" == "arm64" || "$(arch)" == "aarch64" ]]; then - PYTHON_URL="https://github.com/indygreg/python-build-standalone/releases/download/20220802/cpython-3.9.13+20220802-aarch64-unknown-linux-gnu-noopt-full.tar.zst" + PYTHON_URL="https://github.com/astral-sh/python-build-standalone/releases/download/20260127/cpython-3.13.11+20260127-aarch64-unknown-linux-gnu-pgo+lto-full.tar.zst" else echo "Unsupported architecture: $(arch)" exit 1 @@ -100,7 +99,7 @@ cd "$COLUMNSTORE_SOURCE_PATH"/cmapi ./cleanup.sh CMAPI_GIT_REVISION_ARG="$(get_cmapi_git_revision)" - cmake -D"${PKG_FORMAT^^}"=1 -DSERVER_DIR="$MDB_SOURCE_PATH" -DCMAPI_GIT_REVISION="$CMAPI_GIT_REVISION_ARG" . && make package + cmake -D"${PKG_FORMAT^^}"=1 -DCMAPI_GIT_REVISION="$CMAPI_GIT_REVISION_ARG" . && make package } install_deps build_cmapi diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/check_mcs_cli_docs.sh mariadb-11.8.8/storage/columnstore/columnstore/build/check_mcs_cli_docs.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/check_mcs_cli_docs.sh 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/check_mcs_cli_docs.sh 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,206 @@ +#!/bin/bash +# Script to verify MCS CLI documentation is up-to-date +# This script generates fresh docs (README.md and mcs.1 man page) from the +# installed cmapi and compares them to the committed versions in the source. +# Fails if there are differences. +# +# CI mode: check_mcs_cli_docs.sh --container-name +# Runs inside a Docker container with cmapi installed +# +# Local mode: check_mcs_cli_docs.sh [--update] +# Runs locally using system Python or virtual environment +# --update: Update the committed docs instead of just checking + +set -eo pipefail + +SCRIPT_LOCATION=$(dirname "$0") +COLUMNSTORE_SOURCE_PATH=$(realpath "${SCRIPT_LOCATION}/../") +# Installed cmapi path (inside container) +CMAPI_INSTALLED_PATH="/usr/share/columnstore/cmapi" +# Source path for committed docs +CMAPI_SOURCE_PATH="${COLUMNSTORE_SOURCE_PATH}/cmapi" +MCS_TOOL_SOURCE_DIR="${CMAPI_SOURCE_PATH}/mcs_cluster_tool" + +source "$SCRIPT_LOCATION"/utils.sh + +optparse.define short=c long=container-name desc="Name of the Docker container to run docs check in" variable=CONTAINER_NAME +optparse.define short=u long=update desc="Update the committed docs instead of just checking" variable=UPDATE_MODE default=false value=true +source $(optparse.build) +message "Arguments received: $@" + +# CI mode: run inside container +if [[ -n "${CONTAINER_NAME}" ]]; then + echo "=== Checking MCS CLI documentation freshness (CI mode) ===" + echo "Container: ${CONTAINER_NAME}" + + # Install cmapi package in container + echo "Installing cmapi package..." + execInnerDockerWithRetry "$CONTAINER_NAME" "yum install -y MariaDB-columnstore-cmapi" || \ + execInnerDockerWithRetry "$CONTAINER_NAME" "apt-get update && apt-get install -y mariadb-columnstore-cmapi" + + # Install md2man for man page generation + echo "Installing md2man..." + execInnerDockerWithRetry "$CONTAINER_NAME" "yum install -y ruby ruby-devel make gcc redhat-rpm-config && gem install md2man --no-document" || \ + execInnerDockerWithRetry "$CONTAINER_NAME" "apt-get install -y ruby ruby-dev make gcc && gem install md2man --no-document" + + # Generate fresh README.md inside container + echo "Generating fresh README.md from installed cmapi..." + execInnerDockerWithRetry "$CONTAINER_NAME" "cd ${CMAPI_INSTALLED_PATH} && PYTHONPATH=${CMAPI_INSTALLED_PATH}:${CMAPI_INSTALLED_PATH}/deps python/bin/python3 -m typer mcs_cluster_tool/__main__.py utils docs --name mcs --output /tmp/README.md" + + # Generate fresh mcs.1 man page + echo "Generating fresh mcs.1 man page..." + execInnerDockerWithRetry "$CONTAINER_NAME" "md2man-roff /tmp/README.md > /tmp/mcs.1" + + # Copy generated files out of container for comparison + TEMP_DIR=$(mktemp -d) + trap "rm -rf -- '${TEMP_DIR}'" EXIT + + docker cp "${CONTAINER_NAME}:/tmp/README.md" "${TEMP_DIR}/README.md" + docker cp "${CONTAINER_NAME}:/tmp/mcs.1" "${TEMP_DIR}/mcs.1" + + # Compare with committed versions + DOCS_OUTDATED=false + + echo "Comparing generated README.md with committed version..." + if ! diff -q "${MCS_TOOL_SOURCE_DIR}/README.md" "${TEMP_DIR}/README.md" >/dev/null 2>&1; then + DOCS_OUTDATED=true + echo "" + echo "==========================================" + echo "ERROR: README.md is outdated!" + echo "==========================================" + echo "" + echo "Diff (committed vs generated) (first 100 lines):" + diff -u "${MCS_TOOL_SOURCE_DIR}/README.md" "${TEMP_DIR}/README.md" | head -100 || true + fi + + echo "Comparing generated mcs.1 with committed version..." + if ! diff -q "${MCS_TOOL_SOURCE_DIR}/mcs.1" "${TEMP_DIR}/mcs.1" >/dev/null 2>&1; then + DOCS_OUTDATED=true + echo "" + echo "==========================================" + echo "ERROR: mcs.1 man page is outdated!" + echo "==========================================" + echo "" + echo "Diff (committed vs generated):" + diff -u "${MCS_TOOL_SOURCE_DIR}/mcs.1" "${TEMP_DIR}/mcs.1" | head -100 || true + fi + + if [ "${DOCS_OUTDATED}" = true ]; then + echo "" + echo "To fix this, run locally:" + echo " ./build/check_mcs_cli_docs.sh --update" + echo "" + echo "Then commit the updated files." + exit 1 + fi + + echo "" + echo "MCS CLI documentation is up-to-date (README.md and mcs.1)!" + exit 0 +fi + +# Local mode: run on host +echo "=== Checking MCS CLI documentation freshness (local mode) ===" + +TEMP_DIR=$(mktemp -d) +trap "rm -rf -- '${TEMP_DIR}'" EXIT + +# Determine which Python to use +if [ -x "${CMAPI_SOURCE_PATH}/python/bin/python3" ]; then + PYTHON="${CMAPI_SOURCE_PATH}/python/bin/python3" + export PYTHONPATH="${CMAPI_SOURCE_PATH}:${CMAPI_SOURCE_PATH}/deps" + echo "Using cmapi bundled Python: ${PYTHON}" +else + PYTHON="python3" + export PYTHONPATH="${CMAPI_SOURCE_PATH}" + echo "Using system Python: ${PYTHON}" + # Install typer if not available + if ! "${PYTHON}" -c "import typer" 2>/dev/null; then + echo "Installing typer..." + if ! ("${PYTHON}" -m pip install typer --quiet || "${PYTHON}" -m pip install typer --quiet --break-system-packages); then + echo "ERROR: Failed to install typer. Please install it manually ('pip install typer') and re-run the script." >&2 + exit 1 + fi + fi +fi + +# Generate fresh README.md +echo "Generating fresh README.md from current codebase..." +cd "${CMAPI_SOURCE_PATH}" +"${PYTHON}" -m typer mcs_cluster_tool/__main__.py utils docs --name mcs --output "${TEMP_DIR}/README.md" + +# Generate fresh mcs.1 man page +if command -v md2man-roff &>/dev/null; then + echo "Generating fresh mcs.1 man page..." + md2man-roff "${TEMP_DIR}/README.md" > "${TEMP_DIR}/mcs.1" +else + echo "WARNING: md2man-roff not available, skipping man page check" + echo "Install with: gem install md2man" +fi + +# Compare with committed versions +DOCS_OUTDATED=false +README_OUTDATED=false +MANPAGE_OUTDATED=false + +echo "Comparing generated README.md with committed version..." +if ! diff -q "${MCS_TOOL_SOURCE_DIR}/README.md" "${TEMP_DIR}/README.md" >/dev/null 2>&1; then + README_OUTDATED=true + DOCS_OUTDATED=true + echo "" + echo "==========================================" + echo "ERROR: README.md is outdated!" + echo "==========================================" + echo "" + echo "Diff (committed vs generated):" + diff -u "${MCS_TOOL_SOURCE_DIR}/README.md" "${TEMP_DIR}/README.md" | head -100 || true +fi + +if [ -f "${TEMP_DIR}/mcs.1" ]; then + echo "Comparing generated mcs.1 with committed version..." + if [ ! -f "${MCS_TOOL_SOURCE_DIR}/mcs.1" ]; then + MANPAGE_OUTDATED=true + DOCS_OUTDATED=true + echo "ERROR: Committed mcs.1 not found" + elif ! diff -q "${MCS_TOOL_SOURCE_DIR}/mcs.1" "${TEMP_DIR}/mcs.1" >/dev/null 2>&1; then + MANPAGE_OUTDATED=true + DOCS_OUTDATED=true + echo "" + echo "==========================================" + echo "ERROR: mcs.1 man page is outdated!" + echo "==========================================" + echo "" + echo "Diff (committed vs generated):" + diff -u "${MCS_TOOL_SOURCE_DIR}/mcs.1" "${TEMP_DIR}/mcs.1" | head -100 || true + fi +fi + +# Handle update mode or show fix instructions +if [ "${DOCS_OUTDATED}" = true ]; then + if [ "${UPDATE_MODE}" = true ]; then + echo "" + echo "Updating committed documentation..." + if [ "${README_OUTDATED}" = true ]; then + cp "${TEMP_DIR}/README.md" "${MCS_TOOL_SOURCE_DIR}/README.md" + echo "README.md has been updated!" + fi + if [ "${MANPAGE_OUTDATED}" = true ] && [ -f "${TEMP_DIR}/mcs.1" ]; then + cp "${TEMP_DIR}/mcs.1" "${MCS_TOOL_SOURCE_DIR}/mcs.1" + echo "mcs.1 has been updated!" + fi + echo "" + echo "Do not forget to commit the updated files!" + exit 0 + fi + + echo "" + echo "To fix this, run:" + echo " ./build/check_mcs_cli_docs.sh --update" + echo "" + echo "Then commit the updated files." + exit 1 +fi + +echo "" +echo "MCS CLI documentation is up-to-date (README.md and mcs.1)!" +exit 0 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/prepare_test_container.sh mariadb-11.8.8/storage/columnstore/columnstore/build/prepare_test_container.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/prepare_test_container.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/prepare_test_container.sh 2026-05-24 09:58:33.000000000 +0000 @@ -15,6 +15,8 @@ optparse.define short=i long=docker-image desc="Docker image name to start container from" variable=DOCKER_IMAGE optparse.define short=r long=result-path desc="Name suffix used in core dump file path" variable=RESULT optparse.define short=s long=do-setup desc="Run setup-repo.sh inside the container" variable=DO_SETUP +optparse.define short=x long=do-install desc="Install columnstore packages inside the container" variable=DO_INSTALL default=true +optparse.define short=b long=do-install-builddeps desc="Install build dependecies inside the container" variable=DO_INSTALL_BUILDDEPS default=true optparse.define short=u long=packages-url desc="Packages url" variable=PACKAGES_URL optparse.define short=l long=install-libcpp desc="Install libcpp" variable=INSTALL_LIBCPP default=false value=true @@ -32,15 +34,29 @@ select_pkg_format ${RESULT} +# Detect server version from VERSION file (CI) or PACKAGES_URL (local) +if [[ -f "$MDB_SOURCE_PATH/VERSION" ]]; then + SERVER_VERSION=$(grep -E 'MYSQL_VERSION_(MAJOR|MINOR)' $MDB_SOURCE_PATH/VERSION | cut -d'=' -f2 | paste -sd. -) +else + # Extract from PACKAGES_URL: e.g., /10.6-enterprise/ -> 10.6 + SERVER_VERSION=$(echo "$PACKAGES_URL" | sed -n 's|.*/\([0-9]\+\.[0-9]\+\)-enterprise\(/.*\)\?|\1|p') +fi +message "Server version of build is: ${SERVER_VERSION:-unknown}" + +SERVERNAME="mysql" +if [[ "${SERVER_VERSION%%.*}" -ge 11 ]]; then + SERVERNAME="mariadb" +fi + start_container() { message Starting $DOCKER_IMAGE if [[ $PKG_FORMAT == "rpm" ]]; then SYSTEMD_PATH="/usr/lib/systemd/systemd" - MTR_PATH="/usr/share/mysql-test" + MTR_PATH="/usr/share/${SERVERNAME}-test" else # Debian/Ubuntu based SYSTEMD_PATH="/lib/systemd/systemd" - MTR_PATH="/usr/share/mysql/mysql-test" + MTR_PATH="/usr/share/${SERVERNAME}/${SERVERNAME}-test" fi docker_run_args=( @@ -62,7 +78,7 @@ elif [[ "$CONTAINER_NAME" == *cmapi* ]]; then docker_run_args+=(--env PYTHONPATH="${PYTHONPATH}") elif [[ "$CONTAINER_NAME" == *upgrade* ]]; then - docker_run_args+=(--env UCF_FORCE_CONFNEW=1 --volume /sys/fs/cgroup:/sys/fs/cgroup:ro) + docker_run_args+=(--env UCF_FORCE_CONFNEW=1 --volume /sys/fs/cgroup:/sys/fs/cgroup) elif [[ "$CONTAINER_NAME" == *regression* ]]; then # Mount volume to write memory logs outside of container REGRESSION_RESULTS_DIR="${SCRIPT_LOCATION}/regression-results" @@ -127,6 +143,14 @@ execInnerDocker "$CONTAINER_NAME" '/setup-repo.sh' fi + # install basic packages + if [[ "$RESULT" == *rocky* ]]; then + execInnerDockerWithRetry "$CONTAINER_NAME" 'yum --nobest update -y && yum --nobest install -y cracklib-dicts diffutils elfutils expect findutils iproute gawk hostname lz4 patch procps-ng rsyslog sudo tar wget which' + else + change_ubuntu_mirror_in_docker "$CONTAINER_NAME" "us" + execInnerDockerWithRetry "$CONTAINER_NAME" 'apt update -y && apt install -y elfutils expect findutils iproute2 gawk hostname lz4 patch procps rsyslog sudo tar wget' + fi + # FIX THIS HACK if [[ "$INSTALL_LIBCPP" == "true" ]]; then docker cp "$COLUMNSTORE_SOURCE_PATH"/build/install_clang_deb.sh "$CONTAINER_NAME":/ @@ -135,44 +159,41 @@ execInnerDocker "$CONTAINER_NAME" '/install_clang_deb.sh 20' execInnerDocker "$CONTAINER_NAME" '/install_libc++.sh 20' fi - + if [[ "$DO_INSTALL_BUILDDEPS" == "true" ]]; then # install deps - if [[ "$RESULT" == *rocky* ]]; then - execInnerDockerWithRetry "$CONTAINER_NAME" 'yum --nobest update -y && yum --nobest install -y cracklib-dicts diffutils elfutils epel-release expect findutils iproute gawk gcc-c++ gdb hostname lz4 patch perl procps-ng rsyslog sudo tar wget which' - else - change_ubuntu_mirror_in_docker "$CONTAINER_NAME" "us" - execInnerDockerWithRetry "$CONTAINER_NAME" 'apt update -y && apt install -y elfutils expect findutils iproute2 g++ gawk gdb hostname lz4 patch procps rsyslog sudo tar wget' - fi + if [[ "$RESULT" == *rocky* ]]; then + execInnerDockerWithRetry "$CONTAINER_NAME" 'yum --nobest install -y epel-release gcc-c++ gdb perl' + else + execInnerDockerWithRetry "$CONTAINER_NAME" 'apt install -y g++ gdb perl' + fi - execInnerDockerWithRetry "$CONTAINER_NAME" 'wget -qO- https://sh.rustup.rs | sh -s -- -y --default-toolchain stable' - execInnerDockerWithRetry "$CONTAINER_NAME" 'source /root/.cargo/env && cargo install tpchgen-cli && ln -sf /root/.cargo/bin/tpchgen-cli /usr/local/bin/tpchgen-cli' + execInnerDockerWithRetry "$CONTAINER_NAME" 'wget -qO- https://sh.rustup.rs | sh -s -- -y --default-toolchain stable' + execInnerDockerWithRetry "$CONTAINER_NAME" 'source /root/.cargo/env && cargo install tpchgen-cli && ln -sf /root/.cargo/bin/tpchgen-cli /usr/local/bin/tpchgen-cli' + fi # Configure core dump naming pattern execInnerDocker "$CONTAINER_NAME" 'sysctl -w kernel.core_pattern="/core/%E_${RESULT}_core_dump.%p"' - #Install columnstore in container - message "Installing columnstore..." - - # Try to detect server version from VERSION file (CI) or PACKAGES_URL (local) - if [[ -f "$MDB_SOURCE_PATH/VERSION" ]]; then - SERVER_VERSION=$(grep -E 'MYSQL_VERSION_(MAJOR|MINOR)' $MDB_SOURCE_PATH/VERSION | cut -d'=' -f2 | paste -sd. -) - else - # Extract from PACKAGES_URL: e.g., /10.6-enterprise/ -> 10.6 - SERVER_VERSION=$(echo "$PACKAGES_URL" | sed -n 's|.*/\([0-9]\+\.[0-9]\+\)-enterprise\(/.*\)\?|\1|p') - fi - message "Server version of build is: ${SERVER_VERSION:-unknown}" - - if [[ "$RESULT" == *rocky* ]]; then - execInnerDockerWithRetry "$CONTAINER_NAME" 'yum install -y MariaDB-columnstore-engine MariaDB-test' - else - execInnerDockerWithRetry "$CONTAINER_NAME" 'apt update -y && apt install -y mariadb-plugin-columnstore mariadb-test mariadb-test-data mariadb-plugin-columnstore-dbgsym mariadb-test-dbgsym' + if [[ "$DO_INSTALL" == "true" ]]; then + #Install columnstore in container + message "Installing columnstore..." + if [[ "$RESULT" == *rocky* ]]; then + execInnerDockerWithRetry "$CONTAINER_NAME" 'yum install -y MariaDB-columnstore-engine MariaDB-test' + else + execInnerDockerWithRetry "$CONTAINER_NAME" 'apt update -y && apt install -y mariadb-plugin-columnstore mariadb-test mariadb-test-data mariadb-plugin-columnstore-dbgsym mariadb-test-dbgsym' - # Try to install server debug symbols (may not be available) - if [[ -n "$SERVER_VERSION" && $SERVER_VERSION == '10.6' ]]; then - execInnerDocker "$CONTAINER_NAME" 'apt install -y mariadb-client-10.6-dbgsym mariadb-client-core-10.6-dbgsym mariadb-server-10.6-dbgsym mariadb-server-core-10.6-dbgsym' || warn "Debug symbols not available (not critical)" + # Try to install server debug symbols (may not be available) + if [[ -n "$SERVER_VERSION" && $SERVER_VERSION == '10.6' ]]; then + execInnerDocker "$CONTAINER_NAME" 'apt install -y mariadb-client-10.6-dbgsym mariadb-client-core-10.6-dbgsym mariadb-server-10.6-dbgsym mariadb-server-core-10.6-dbgsym' || warn "Debug symbols not available (not critical)" + fi fi fi + if [[ "$DO_INSTALL" == "true" ]]; then + message "Running install_mcs_mysql.sh to create UDFs and queryacc routines..." + execInnerDocker "$CONTAINER_NAME" "systemctl start mariadb && install_mcs_mysql.sh" || warn "install_mcs_mysql.sh failed (non-critical)" + fi + sleep 5 message "PrepareTestStage completed in $CONTAINER_NAME" } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/report_test_stage.sh mariadb-11.8.8/storage/columnstore/columnstore/build/report_test_stage.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/report_test_stage.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/report_test_stage.sh 2026-05-24 09:58:33.000000000 +0000 @@ -41,12 +41,21 @@ select_pkg_format ${RESULT} +# Detect MTR path - try mariadb path first (11.4+), fallback to mysql path if [[ "$PKG_FORMAT" == "rpm" ]]; then SYSTEMD_PATH="/usr/lib/systemd/systemd" - MTR_PATH="/usr/share/mysql-test" + if execInnerDocker "${CONTAINER_NAME}" "test -d /usr/share/mariadb-test" 2>/dev/null; then + MTR_PATH="/usr/share/mariadb-test" + else + MTR_PATH="/usr/share/mysql-test" + fi else SYSTEMD_PATH="systemd" - MTR_PATH="/usr/share/mysql/mysql-test" + if execInnerDocker "${CONTAINER_NAME}" "test -d /usr/share/mariadb/mariadb-test" 2>/dev/null; then + MTR_PATH="/usr/share/mariadb/mariadb-test" + else + MTR_PATH="/usr/share/mysql/mysql-test" + fi fi echo "Reporting test stage: ${STAGE} executed in ${CONTAINER_NAME} container" diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/run_mtr.sh mariadb-11.8.8/storage/columnstore/columnstore/build/run_mtr.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/run_mtr.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/run_mtr.sh 2026-05-24 09:58:33.000000000 +0000 @@ -14,8 +14,15 @@ source $(optparse.build) # Define test suite lists -MTR_BASIC_SUITE_LIST="basic,bugfixes" -MTR_FULL_SUITE_LIST="basic,bugfixes,devregression,autopilot,extended,multinode,oracle,1pmonly" +MTR_BASIC_SUITE_LIST="basic,bugfixes,future" +MTR_FULL_SUITE_LIST="basic,bugfixes,devregression,autopilot,extended,multinode,oracle,1pmonly,future" + +for flag in CONTAINER_NAME DISTRO EVENT; do + if [[ -z "${!flag}" ]]; then + error "Missing required flag: -${flag:0:1} / --${flag,,}" + exit 1 + fi +done if [[ "${EVENT}" == "cron" ]]; then FULL_MTR=true @@ -37,18 +44,15 @@ exit 1 fi -for flag in CONTAINER_NAME DISTRO EVENT; do - if [[ -z "${!flag}" ]]; then - error "Missing required flag: -${flag:0:1} / --${flag,,}" - exit 1 - fi -done - if [[ -z $(docker ps -q --filter "name=${CONTAINER_NAME}") ]]; then error "Container '${CONTAINER_NAME}' is not running." exit 1 fi +CONFIG_PATH_PREFIX=$(set_cnf_path) +echo "Put lower_case_table_names=2 into ${CONFIG_PATH_PREFIX}lower_case.cnf" +execInnerDocker "${CONTAINER_NAME}" "printf '[mysqld]\nlower_case_table_names=2\n' > ${CONFIG_PATH_PREFIX}lower_case.cnf" + select_pkg_format ${DISTRO} message "Running mtr tests..." @@ -56,7 +60,7 @@ # disable systemd 'ProtectSystem' (we need to write to /usr/share/) execInnerDocker "${CONTAINER_NAME}" "sed -i /ProtectSystem/d \$(systemctl show --property FragmentPath mariadb | sed s/FragmentPath=//) || true" execInnerDocker "${CONTAINER_NAME}" "systemctl daemon-reload" -execInnerDocker "${CONTAINER_NAME}" "systemctl start mariadb" +execInnerDocker "${CONTAINER_NAME}" "systemctl restart mariadb" # Set RAM consumption limits to avoid RAM contention b/w mtr and regression steps. execInnerDocker "${CONTAINER_NAME}" "/usr/bin/mcsSetConfig SystemConfig CGroup just_no_group_use_local" diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/run_regression.sh mariadb-11.8.8/storage/columnstore/columnstore/build/run_regression.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/run_regression.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/run_regression.sh 2026-05-24 09:58:33.000000000 +0000 @@ -35,11 +35,7 @@ message "Running one-time preparation for regression tests" # Set config path prefix based on distro - if [[ "$DISTRO" == *rocky* ]]; then - CONFIG_PATH_PREFIX="/etc/my.cnf.d/" - else - CONFIG_PATH_PREFIX="/etc/mysql/mariadb.conf.d/50-" - fi + CONFIG_PATH_PREFIX=$(set_cnf_path) # Clone regression test repo (requires GitHub token) REPO_URL="https://github.com/mariadb-corporation/mariadb-columnstore-regression-test" diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/build/utils.sh mariadb-11.8.8/storage/columnstore/columnstore/build/utils.sh --- mariadb-11.8.6/storage/columnstore/columnstore/build/utils.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/build/utils.sh 2026-05-24 09:58:33.000000000 +0000 @@ -659,3 +659,27 @@ return 1 } + +is_majors_equal() { + local old="$1" + local new="$2" + + old_major=`echo "$old" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/'` + new_major=`echo "$new" | sed -E 's/^([0-9]+\.[0-9]+).*/\1/'` + if [[ "$old_major" != "$new_major" ]]; then + return 1 + else + return 0 + fi +} + +set_cnf_path() { + # Set config path prefix based on distro + # TODO: fix check: instead of 'rocky' the RPM/DEB check should be used + # TODO: check paths in all new versions (it can be also /etc/mariadb/mariadb.conf.d, /etc/mariadb.conf.d + if [[ "$DISTRO" == *rocky* ]]; then + echo "/etc/my.cnf.d/" + else + echo "/etc/mysql/mariadb.conf.d/50-" + fi +} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmake/boost.cmake mariadb-11.8.8/storage/columnstore/columnstore/cmake/boost.cmake --- mariadb-11.8.6/storage/columnstore/columnstore/cmake/boost.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmake/boost.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # Single source of truth for Boost components we need -set(BOOST_COMPONENTS chrono filesystem program_options regex system thread) +set(BOOST_COMPONENTS chrono filesystem program_options regex thread) find_package(Boost 1.88.0 COMPONENTS ${BOOST_COMPONENTS}) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmake/selinux_policy.cmake mariadb-11.8.8/storage/columnstore/columnstore/cmake/selinux_policy.cmake --- mariadb-11.8.6/storage/columnstore/columnstore/cmake/selinux_policy.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmake/selinux_policy.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ -# Build SELinux policy and package it for RPM on RHEL-like systems >= 10 only +# Build SELinux policy and package it for RPM on RHEL-like systems >= 9 only # Builds from: storage/columnstore/columnstore/build/security/columnstore.te # Produces: columnstore.pp packaged under ${ENGINE_SUPPORTDIR}/policy/selinux -# Adds BuildRequires: selinux-policy-devel (RPM, RHEL-like >= 10) +# Adds BuildRequires: selinux-policy-devel (RPM, RHEL-like >= 9) # Detect if we are building an RPM package if(NOT RPM) @@ -11,21 +11,21 @@ columnstore_detect_os(_os_id _os_version_major) columnstore_is_rhel_like("${_os_id}" _is_rhel_like) -# We only build on RHEL-like >= 10 +# We only build on RHEL-like >= 10, however 9 was reported to have same troubles if(NOT _is_rhel_like OR (NOT _os_version_major) - OR (_os_version_major LESS 10) + OR (_os_version_major LESS 9) ) message( STATUS - "SELinux policy build skipped: OS '${_os_id}' version '${_os_version_major}' not matching RHEL-like >= 10 or undetected." + "SELinux policy build skipped: OS '${_os_id}' version '${_os_version_major}' not matching RHEL-like >= 9 or undetected." ) return() endif() -# Add RPM BuildRequires for the engine component only on matching systems Use the common appender macro to handle comma -# separation -columnstore_append_for_cpack(CPACK_RPM_columnstore-engine_PACKAGE_BUILDREQUIRES "selinux-policy-devel") +# Use the common appender macro to handle comma separation. +# As a SRPM directive, it is global rather than for the component +columnstore_append_for_cpack(CPACK_RPM_BUILDREQUIRES "selinux-policy-devel") # Paths set(SELINUX_SRC_DIR "${CMAKE_CURRENT_LIST_DIR}/../build/security") @@ -39,7 +39,7 @@ if(NOT EXISTS "/usr/share/selinux/devel/Makefile") message( FATAL_ERROR - "SELinux policy build requires '/usr/share/selinux/devel/Makefile'. Please install 'selinux-policy-devel' (RHEL/Rocky >= 10) and re-run CMake." + "SELinux policy build requires '/usr/share/selinux/devel/Makefile'. Please install 'selinux-policy-devel' (RHEL/Rocky >= 9) and re-run CMake." ) endif() diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/cmapi/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -9,11 +9,7 @@ # use columnstore package versioning set(CMAPI "YES") list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/cmake) -message(STATUS "GET SERVER_DIR from input argument ${SERVER_DIR}") -set(SERVER_SOURCE_DIR "${SERVER_DIR}") include(cmapi_misc) -# Get mysql version -get_mysql_version() # get CMAPI version from Columnstore version set(ENGINE_SRC_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..) list(APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}/../cmake) @@ -191,11 +187,18 @@ string(REGEX MATCH "^[0-9]+" OS_VERSION_MAJOR "${LSB_RELEASE_VERSION_SHORT}") message(STATUS ${OS_VERSION_MAJOR}) - if(LSB_RELEASE_ID_SHORT MATCHES "centos|rocky|rhel|alma|RedHatEnterprise") + if(LSB_RELEASE_ID_SHORT MATCHES "centos|rocky|rhel|alma|redhatenterprise") set(OS_NAME_SHORT "el") if(OS_VERSION_MAJOR GREATER_EQUAL 9) - set(CPACK_RPM_PACKAGE_REQUIRES "libxcrypt-compat") + if(CPACK_RPM_PACKAGE_REQUIRES) + string(APPEND CPACK_RPM_PACKAGE_REQUIRES ", libxcrypt-compat") + else() + set(CPACK_RPM_PACKAGE_REQUIRES "libxcrypt-compat") + endif() endif() + elseif(LSB_RELEASE_ID_SHORT MATCHES "sles|suse|opensuse") + # usually SLES packages do not contain any OS name as a suffix + set(OS_NAME_SHORT "") else() set(OS_NAME_SHORT "unknown") endif() diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmake/cmapi_misc.cmake mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmake/cmapi_misc.cmake --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmake/cmapi_misc.cmake 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmake/cmapi_misc.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -1,15 +1,3 @@ -# Read value for a variable from VERSION. -macro(MYSQL_GET_CONFIG_VALUE keyword var) - if(NOT ${var}) - file(STRINGS ${SERVER_SOURCE_DIR}/VERSION str REGEX "^[ ]*${keyword}=") - if(str) - string(REPLACE "${keyword}=" "" str ${str}) - string(REGEX REPLACE "[ ].*" "" str "${str}") - set(${var} ${str}) - endif() - endif() -endmacro() - function(get_linux_lsb_release_information) # Try lsb_release first find_program(LSB_RELEASE_EXEC lsb_release) @@ -38,20 +26,20 @@ if(EXISTS "/etc/os-release") file(READ "/etc/os-release" OS_RELEASE_CONTENT) - string(REGEX MATCH "ID=([^\n]*)" _match "${OS_RELEASE_CONTENT}") - set(LSB_RELEASE_ID_SHORT "${CMAKE_MATCH_1}") + string(REGEX MATCH "(^|\n)ID=([^\n]*)" _match "${OS_RELEASE_CONTENT}") + set(LSB_RELEASE_ID_SHORT "${CMAKE_MATCH_2}") # Remove quotes if present string(REGEX REPLACE "^\"(.*)\"$" "\\1" LSB_RELEASE_ID_SHORT "${LSB_RELEASE_ID_SHORT}") string(TOLOWER "${LSB_RELEASE_ID_SHORT}" LSB_RELEASE_ID_SHORT) - string(REGEX MATCH "VERSION_ID=([^\n]*)" _match "${OS_RELEASE_CONTENT}") - set(LSB_RELEASE_VERSION_SHORT "${CMAKE_MATCH_1}") + string(REGEX MATCH "(^|\n)VERSION_ID=([^\n]*)" _match "${OS_RELEASE_CONTENT}") + set(LSB_RELEASE_VERSION_SHORT "${CMAKE_MATCH_2}") # Remove quotes if present string(REGEX REPLACE "^\"(.*)\"$" "\\1" LSB_RELEASE_VERSION_SHORT "${LSB_RELEASE_VERSION_SHORT}") - string(REGEX MATCH "VERSION_CODENAME=([^\n]*)" _match "${OS_RELEASE_CONTENT}") - if(CMAKE_MATCH_1) - set(LSB_RELEASE_CODENAME_SHORT "${CMAKE_MATCH_1}") + string(REGEX MATCH "(^|\n)VERSION_CODENAME=([^\n]*)" _match "${OS_RELEASE_CONTENT}") + if(_match) + set(LSB_RELEASE_CODENAME_SHORT "${CMAKE_MATCH_2}") # Remove quotes if present string(REGEX REPLACE "^\"(.*)\"$" "\\1" LSB_RELEASE_CODENAME_SHORT "${LSB_RELEASE_CODENAME_SHORT}") else() @@ -79,37 +67,3 @@ PARENT_SCOPE ) endfunction() - -# Read mysql version for configure script -macro(GET_MYSQL_VERSION) - mysql_get_config_value("MYSQL_VERSION_MAJOR" MAJOR_VERSION) - mysql_get_config_value("MYSQL_VERSION_MINOR" MINOR_VERSION) - mysql_get_config_value("MYSQL_VERSION_PATCH" PATCH_VERSION) - mysql_get_config_value("MYSQL_VERSION_EXTRA" EXTRA_VERSION) - mysql_get_config_value("SERVER_MATURITY" SERVER_MATURITY) - - if(NOT "${MAJOR_VERSION}" MATCHES "[0-9]+" - OR NOT "${MINOR_VERSION}" MATCHES "[0-9]+" - OR NOT "${PATCH_VERSION}" MATCHES "[0-9]+" - ) - message(FATAL_ERROR "VERSION file cannot be parsed.") - endif() - if((NOT TINY_VERSION) AND (EXTRA_VERSION MATCHES "[\\-][0-9]+")) - string(REPLACE "-" "" TINY_VERSION "${EXTRA_VERSION}") - else() - set(TINY_VERSION "0") - endif() - set(VERSION "${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}${EXTRA_VERSION}") - set(SERVER_VERSION ${VERSION}) - message(STATUS "MariaDB ${VERSION}") - set(MYSQL_BASE_VERSION - "${MAJOR_VERSION}.${MINOR_VERSION}" - CACHE INTERNAL "MySQL Base version" - ) - set(MYSQL_NO_DASH_VERSION "${MAJOR_VERSION}.${MINOR_VERSION}.${PATCH_VERSION}") - math(EXPR MYSQL_VERSION_ID "10000*${MAJOR_VERSION} + 100*${MINOR_VERSION} + ${PATCH_VERSION}") - mark_as_advanced(VERSION MYSQL_VERSION_ID MYSQL_BASE_VERSION) - set(CPACK_PACKAGE_VERSION_MAJOR ${MAJOR_VERSION}) - set(CPACK_PACKAGE_VERSION_MINOR ${MINOR_VERSION}) - set(CPACK_PACKAGE_VERSION_PATCH ${PATCH_VERSION}${EXTRA_VERSION}) -endmacro() diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmapi_server/controllers/endpoints.py mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/controllers/endpoints.py --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmapi_server/controllers/endpoints.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/controllers/endpoints.py 2026-05-24 09:58:33.000000000 +0000 @@ -2,6 +2,7 @@ import hashlib import socket import subprocess +import threading import time from copy import deepcopy from datetime import datetime @@ -446,6 +447,13 @@ request_manager_address = socket.gethostbyname( socket.gethostname() ) + + # Enforce that only the transaction owner can apply config + if request_manager_address != txn_manager_address: + raise_422_error( + module_logger, func_name, + 'PUT /config is allowed only for the operation owner.' + ) request_response = {'timestamp': str(datetime.now())} if secrets: @@ -456,107 +464,130 @@ if is_test: return request_response if xml_config is not None: - node_config.apply_config( - config_filename=mcs_config_filename, - xml_string=xml_config, - sm_config_filename=sm_config_filename, - sm_config_string=sm_config - ) - - diag = run_invariant_checks() - if diag: + # Acquire a per-node, per-transaction config lock to serialize + # heavy config application on this node. + locks = app.config['txn'].setdefault('locks', {}) + config_lock = locks.get('config_lock') + if config_lock is None: + config_lock = threading.Lock() + locks['config_lock'] = config_lock + + module_logger.debug('Acquiring config lock for put_config.') + acquired = config_lock.acquire(blocking=False) + if not acquired: + module_logger.info('Config apply rejected: another config apply is in progress.') raise_422_error( - module_logger, func_name, - f'Invariant checks failed. Details:\n{diag.strip()}', - exc_info=False + module_logger, func_name, 'Config apply already in progress on this node.' ) - - # TODO: change stop/start to restart option. + app.config['txn']['config_in_progress'] = True try: - MCSProcessManager.stop_node( - is_primary=node_config.is_primary_node(), - use_sudo=use_sudo, - timeout=request_timeout, - ) - except CMAPIBasicError as err: - raise_422_error( - module_logger, func_name, - f'Error while stopping node. Details: {err.message}.', - exc_info=False + node_config.apply_config( + config_filename=mcs_config_filename, + xml_string=xml_config, + sm_config_filename=sm_config_filename, + sm_config_string=sm_config ) - # if not in the list of active nodes, - # then do not start the services - new_root = node_config.get_current_config_root( - mcs_config_filename - ) - if in_maintenance_state(): - module_logger.info( - 'Maintenance state is active in new config. ' - 'MCS processes should not be started.' - ) - cherrypy.engine.publish('failover', False) - # skip all other operations below - return request_response - else: - cherrypy.engine.publish('failover', True) - if node_config.in_active_nodes(new_root): + diag = run_invariant_checks() + if diag: + raise_422_error( + module_logger, func_name, + f'Invariant checks failed. Details:\n{diag.strip()}', + exc_info=False + ) + + # TODO: change stop/start to restart option. try: - MCSProcessManager.start_node( + MCSProcessManager.stop_node( is_primary=node_config.is_primary_node(), use_sudo=use_sudo, - is_read_replica=node_config.am_i_read_replica(), + timeout=request_timeout, ) except CMAPIBasicError as err: raise_422_error( module_logger, func_name, - ( - 'Error while starting node. ' - f'Details: {err.message}' - ), + f'Error while stopping node. Details: {err.message}.', exc_info=False ) - else: - module_logger.info( - 'This node is not in the current ActiveNodes section. ' - 'Not starting Columnstore processes.' - ) - attempts = 0 - # TODO: FIX IT. If got (False, False) result, for eg in case - # when special CEJ user is not set, this check loop - # is useless and does nothing. - try: - ready, retry = system_ready(mcs_config_filename) - except CEJError as cej_error: - raise_422_error( - module_logger, func_name, cej_error.message + # if not in the list of active nodes, + # then do not start the services + new_root = node_config.get_current_config_root( + mcs_config_filename ) - - while not ready: - if retry: - attempts +=1 - if attempts >= 10: - module_logger.debug( - 'Timed out waiting for this node to become ready.' + if in_maintenance_state(): + module_logger.info( + 'Maintenance state is active in new config. ' + 'MCS processes should not be started.' + ) + cherrypy.engine.publish('failover', False) + # skip all other operations below + return request_response + else: + cherrypy.engine.publish('failover', True) + if node_config.in_active_nodes(new_root): + try: + MCSProcessManager.start_node( + is_primary=node_config.is_primary_node(), + use_sudo=use_sudo, + is_read_replica=node_config.am_i_read_replica(), + ) + except CMAPIBasicError as err: + raise_422_error( + module_logger, func_name, + ( + 'Error while starting node. ' + f'Details: {err.message}' + ), + exc_info=False ) - break - time.sleep(1) else: - break + module_logger.info( + 'This node is not in the current ActiveNodes section. ' + 'Not starting Columnstore processes.' + ) + + attempts = 0 + # TODO: FIX IT. If got (False, False) result, for eg in case + # when special CEJ user is not set, this check loop + # is useless and does nothing. try: ready, retry = system_ready(mcs_config_filename) except CEJError as cej_error: raise_422_error( module_logger, func_name, cej_error.message ) - else: - module_logger.debug(f'Node is ready to accept queries.') - app.config['txn']['config_changed'] = True + while not ready: + if retry: + attempts +=1 + if attempts >= 10: + module_logger.debug( + 'Timed out waiting for this node to become ready.' + ) + break + time.sleep(1) + else: + break + try: + ready, retry = system_ready(mcs_config_filename) + except CEJError as cej_error: + raise_422_error( + module_logger, func_name, cej_error.message + ) + else: + module_logger.debug(f'Node is ready to accept queries.') + + app.config['txn']['config_changed'] = True - # We might want to raise error - return request_response + # We might want to raise error + return request_response + finally: + app.config['txn']['config_in_progress'] = False + try: + config_lock.release() + except RuntimeError: + pass # Unexpected exit raise_422_error(module_logger, func_name, 'Unknown error.') @@ -598,6 +629,9 @@ 'timeout': int(datetime.now().timestamp()) + txn_timeout, 'manager_address': txn_manager_address, 'config_changed': False, + # serialization helpers + 'locks': {}, + 'config_in_progress': False, }, }) @@ -638,6 +672,12 @@ request_manager_address = dequote(request_manager_address).lower() if request_manager_address in ['127.0.0.1', 'localhost', '::1']: request_manager_address = socket.gethostbyname(socket.gethostname()) + # enforce only operation owner can commit + if request_manager_address != txn_manager_address: + raise_422_error( + module_logger, func_name, + 'PUT /commit is allowed only for the operation owner.' + ) # txn is active app.config['txn']['id'] = 0 app.config['txn']['timeout'] = 0 @@ -677,6 +717,13 @@ if request_manager_address in ['127.0.0.1', 'localhost', '::1']: request_manager_address = socket.gethostbyname(socket.gethostname()) + # enforce only operation owner can rollback + if request_manager_address != txn_manager_address: + raise_422_error( + module_logger, 'put_rollback', + 'PUT /rollback is allowed only for the operation owner.' + ) + #TODO: add restart processes flag? # txn is active txn_config_changed = app.config['txn'].get('config_changed', None) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmapi_server/invariant_checks.py mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/invariant_checks.py --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/cmapi_server/invariant_checks.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/cmapi_server/invariant_checks.py 2026-05-24 09:58:33.000000000 +0000 @@ -98,7 +98,11 @@ @fact def storage_type() -> str: """Provides storage type: shared_fs or s3.""" - return 's3' if NodeConfig().s3_enabled() else 'shared_fs' + try: + return 's3' if NodeConfig().s3_enabled() else 'shared_fs' + except Exception: + logger.exception('Failed to detect storage type, defaulting to shared_fs') + return 'shared_fs' @fact def is_shared_fs(storage_type: str) -> bool: diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/mcs_cluster_tool/cluster_app.py mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_cluster_tool/cluster_app.py --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/mcs_cluster_tool/cluster_app.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_cluster_tool/cluster_app.py 2026-05-24 09:58:33.000000000 +0000 @@ -332,11 +332,14 @@ ): """Remove nodes from the Columnstore cluster.""" result = [] - with TransactionManager( - timeout=timedelta(days=1).total_seconds(), handle_signals=True, - remove_nodes=nodes - ): - for node in nodes: + # Remove nodes one at a time, each in its own transaction. + # This ensures that broadcast_new_config only sends to nodes + # that are part of the current transaction. + for node in nodes: + with TransactionManager( + timeout=timedelta(days=1).total_seconds(), handle_signals=True, + remove_nodes=[node] + ): result.append(client.remove_node(node)) return result diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/mcs_node_control/models/node_config.py mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_node_control/models/node_config.py --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/mcs_node_control/models/node_config.py 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/mcs_node_control/models/node_config.py 2026-05-24 09:58:33.000000000 +0000 @@ -170,6 +170,41 @@ ]) return xmlstr + def _require_text( + self, root: etree.Element, xpath: str, *, func_name: str, + element_desc: Optional[str] = None, + missing_log_msg: Optional[str] = None, + ) -> Optional[str]: + """Fetch required text content from an XML config node. + + The helper centralizes the common pattern of: + + * locating an element via ``xpath``, + * ensuring it exists and has non-``None`` ``.text``, + * logging a consistent error when it doesn't. + + :param root: Root XML element to search in. + :param xpath: XPath expression passed to ``root.find()``. + :param func_name: Caller function name to include in log messages. + :param element_desc: Optional human-friendly element description for log + messages. If omitted, it is derived from ``xpath``. + :param missing_log_msg: Optional full error message to emit when the + element or its text is missing. If not provided, a default message + is derived from ``func_name`` and ``element_desc``. + + :returns: The element's text if found and non-``None``; otherwise + ``None``. + """ + node = root.find(xpath) if root is not None else None + if node is None or node.text is None: + if missing_log_msg is not None: + module_logger.error(missing_log_msg) + else: + desc = element_desc or xpath.lstrip('./') + module_logger.error(f'{func_name} {desc} element not found in config') + return None + return node.text + def get_dbrm_conn_info(self, root=None): """Retrievs current DBRM master IP and port @@ -369,20 +404,59 @@ func_name = 's3_enabled' sm_config = configparser.ConfigParser() if len(sm_config.read(config_filename)) > 0: - storage = sm_config.get('ObjectStorage', 'service') + try: + storage = sm_config.get('ObjectStorage', 'service') + except (configparser.NoSectionError, configparser.NoOptionError): + storage = 'LocalStorage' if storage is None: storage = 'LocalStorage' if storage.lower() == 's3': config_root = self.get_current_config_root() - if not config_root.find('./Installation/DBRootStorageType').text.lower() == "storagemanager": - module_logger.error(f"{func_name} DBRootStorageType.lower() != storagemanager") - if not config_root.find('./StorageManager/Enabled').text.lower() == "y": - module_logger.error(f"{func_name} StorageManager/Enabled.lower() != y") - if not config_root.find('./SystemConfig/DataFilePlugin').text == "libcloudio.so": - module_logger.error(f"{func_name} SystemConfig/DataFilePlugin != libcloudio.so") + s3_is_correctly_configured = True + + db_root_storage_type = self._require_text( + config_root, './Installation/DBRootStorageType', func_name=func_name, + element_desc='Installation/DBRootStorageType', + missing_log_msg=( + f'{func_name} Installation/DBRootStorageType element not found in config' + ), + ) + if db_root_storage_type is None: + s3_is_correctly_configured = False + elif db_root_storage_type.lower() != 'storagemanager': + module_logger.error(f'{func_name} DBRootStorageType.lower() != storagemanager') + s3_is_correctly_configured = False + + sm_enabled = self._require_text( + config_root, './StorageManager/Enabled', func_name=func_name, + element_desc='StorageManager/Enabled', + missing_log_msg=( + f'{func_name} StorageManager/Enabled element not found in config' + ), + ) + if sm_enabled is None: + s3_is_correctly_configured = False + elif sm_enabled.lower() != 'y': + module_logger.error(f'{func_name} StorageManager/Enabled.lower() != y') + s3_is_correctly_configured = False + + data_file_plugin = self._require_text( + config_root, './SystemConfig/DataFilePlugin', func_name=func_name, + element_desc='SystemConfig/DataFilePlugin', + missing_log_msg=( + f'{func_name} SystemConfig/DataFilePlugin element not found in config' + ), + ) + if data_file_plugin is None: + s3_is_correctly_configured = False + elif data_file_plugin != 'libcloudio.so': + module_logger.error( + f'{func_name} SystemConfig/DataFilePlugin != libcloudio.so' + ) + s3_is_correctly_configured = False - return True + return s3_is_correctly_configured else: module_logger.error(f"{func_name} SM config {config_filename} not found.") diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements-dev.txt mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements-dev.txt --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements-dev.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements-dev.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ # -# This file is autogenerated by pip-compile with Python 3.9 +# This file is autogenerated by pip-compile with Python 3.13 # by the following command: # # dev_tools/piptools.sh compile-all @@ -20,12 +20,8 @@ # via fabric deprecated==1.2.18 # via fabric -exceptiongroup==1.3.0 - # via pytest fabric==3.2.2 # via -r requirements-dev.in -importlib-metadata==8.7.0 - # via build iniconfig==2.1.0 # via pytest invoke==2.2.0 @@ -50,19 +46,10 @@ # pip-tools pytest==8.3.5 # via -r requirements-dev.in -tomli==2.2.1 - # via - # build - # pip-tools - # pytest -typing-extensions==4.14.1 - # via exceptiongroup wheel==0.45.1 # via pip-tools wrapt==1.17.2 # via deprecated -zipp==3.23.0 - # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: # pip diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements.in mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.in --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements.in 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.in 2026-05-24 09:58:33.000000000 +0000 @@ -7,7 +7,7 @@ cryptography==43.0.3 distro==1.9.0 furl==2.1.4 -gsutil==5.33 +gsutil==5.35 lxml==5.3.2 psutil==7.0.0 pyotp==2.9.0 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements.txt mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.txt --- mariadb-11.8.6/storage/columnstore/columnstore/cmapi/requirements.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/cmapi/requirements.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,26 +1,9 @@ # -# This file is autogenerated by pip-compile with Python 3.9 +# This file is autogenerated by pip-compile with Python 3.13 # by the following command: # # dev_tools/piptools.sh compile-all # -aiohttp==3.11.16 -awscli==1.38.28 -CherryPy==18.10.0 -cryptography==43.0.3 -distro==1.9.0 -furl==2.1.4 -gsutil==5.33 -lxml==5.3.2 -psutil==7.0.0 -pyotp==2.9.0 -requests==2.32.3 -# required for CherryPy RoutesDispatcher, -# but CherryPy itself has no such a dependency -Routes==2.5.1 -typer==0.15.2 - -# indirect dependencies aiohappyeyeballs==2.6.1 # via aiohttp aiohttp==3.11.16 @@ -33,16 +16,12 @@ # via pydantic argcomplete==3.6.2 # via gsutil -async-timeout==5.0.1 - # via aiohttp attrs==25.3.0 # via aiohttp autocommand==2.2.2 # via jaraco-text awscli==1.38.28 # via -r requirements.in -backports-tarfile==1.2.0 - # via jaraco-context boto==2.49.0 # via gcs-oauth2-boto-plugin botocore==1.37.28 @@ -87,11 +66,11 @@ # aiosignal furl==2.1.4 # via -r requirements.in -gcs-oauth2-boto-plugin==3.2 +gcs-oauth2-boto-plugin==3.3 # via gsutil google-apitools==0.5.32 # via gsutil -google-auth[aiohttp]==2.17.0 +google-auth[aiohttp]==2.39.0 # via # gcs-oauth2-boto-plugin # google-auth-httplib2 @@ -104,7 +83,7 @@ # via # gcs-oauth2-boto-plugin # gsutil -gsutil==5.33 +gsutil==5.35 # via -r requirements.in httplib2==0.20.4 # via @@ -145,7 +124,9 @@ # jaraco-functools # jaraco-text mr-kot==0.9.2 - # via -r requirements.in + # via + # -r requirements.in + # mr-kot-fs-validators mr-kot-fs-validators==0.2.0 # via -r requirements.in multidict==6.6.4 @@ -230,7 +211,6 @@ # furl # gcs-oauth2-boto-plugin # google-apitools - # google-auth # gsutil # oauth2client # orderedmultidict @@ -243,8 +223,6 @@ # via -r requirements.in typing-extensions==4.14.1 # via - # aiosignal - # multidict # pydantic # pydantic-core # typer diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/core_dumps/upgrade_setup_deb.sh mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_deb.sh --- mariadb-11.8.6/storage/columnstore/columnstore/core_dumps/upgrade_setup_deb.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_deb.sh 2026-05-24 09:58:33.000000000 +0000 @@ -9,6 +9,7 @@ ARCH="$3" LINK="$4" UPGRADE_TOKEN="$5" +SERVER="$6" DEBIAN_FRONTEND=noninteractive UCF_FORCE_CONFNEW=1 @@ -18,9 +19,9 @@ bash -c "apt update --yes && apt install -y procps wget curl" wget https://dlm.mariadb.com/enterprise-release-helpers/mariadb_es_repo_setup -O mariadb_es_repo_setup chmod +x mariadb_es_repo_setup -bash -c "./mariadb_es_repo_setup --token=${UPGRADE_TOKEN} --apply --mariadb-server-version=${VERSION} --skip-maxscale --skip-tools" +bash -c "./mariadb_es_repo_setup --token=${UPGRADE_TOKEN} --apply --mariadb-server-version=${VERSION} --skip-maxscale --skip-tools" || { message "The version $VERSION is not supported, skipping upgrade test"; exit 0; } apt update --yes -apt install --yes -oDebug::RunScripts=1 mariadb-server mariadb-client mariadb-plugin-columnstore +apt install --yes -oDebug::RunScripts=1 mariadb-server mariadb-client mariadb-plugin-columnstore || { message "The version $VERSION can not be installed, skipping upgrade test"; exit 0; } systemctl start mariadb systemctl start mariadb-columnstore @@ -34,6 +35,8 @@ machine ${LINK}${RESULT}/ EOF +is_majors_equal $VERSION $SERVER || apt remove --yes "mariadb-*" + bash -c "./setup-repo.sh" @@ -49,7 +52,8 @@ # the -o options are used to make choise of keep your currently-installed version without interactive prompt -apt-get --yes --with-new-pkgs -oDebug::RunScripts=1 -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade +apt-get --yes --with-new-pkgs -oDebug::RunScripts=1 -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade mariadb-server mariadb-client mariadb-plugin-columnstore +is_majors_equal $VERSION $SERVER || { apt install --yes -oDebug::RunScripts=1 -o Dpkg::Options::="--force-confold" -o Dpkg::Options::="--force-confdef" mariadb-server mariadb-client mariadb-plugin-columnstore; systemctl start mariadb; systemctl start mariadb-columnstore; } UPGRADED_VERSION=$(mariadb -e "select @@version;") diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/core_dumps/upgrade_setup_rpm.sh mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_rpm.sh --- mariadb-11.8.6/storage/columnstore/columnstore/core_dumps/upgrade_setup_rpm.sh 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/core_dumps/upgrade_setup_rpm.sh 2026-05-24 09:58:33.000000000 +0000 @@ -9,15 +9,16 @@ ARCH="$3" LINK="$4" UPGRADE_TOKEN="$5" +SERVER="$6" + yum clean all yum install -y wget which procps-ng diffutils rsyslog wget https://dlm.mariadb.com/enterprise-release-helpers/mariadb_es_repo_setup -O mariadb_es_repo_setup chmod +x mariadb_es_repo_setup -bash -c "./mariadb_es_repo_setup --token=${UPGRADE_TOKEN} --apply --mariadb-server-version=${VERSION} --skip-maxscale --skip-tools --skip-check-installed" +bash -c "./mariadb_es_repo_setup --token=${UPGRADE_TOKEN} --apply --mariadb-server-version=${VERSION} --skip-maxscale --skip-tools --skip-check-installed" || { message "The version $VERSION is not supported, skipping upgrade test"; exit 0; } yum repo-pkgs mariadb-es-main list -yum -y install MariaDB-server MariaDB-client MariaDB-columnstore-engine MariaDB-columnstore-engine-debuginfo - +yum -y install MariaDB-server MariaDB-client MariaDB-columnstore-engine MariaDB-columnstore-engine-debuginfo || { message "The version $VERSION can not be installed, skipping upgrade test"; exit 0; } systemctl start mariadb systemctl start mariadb-columnstore @@ -26,10 +27,12 @@ bash -c "./upgrade_data.sh" bash -c "./upgrade_verify.sh" +is_majors_equal $VERSION $SERVER || yum -y remove "MariaDB-*" + bash -c "./setup-repo.sh" yum repo-pkgs repo list -yum -y update MariaDB-server MariaDB-client MariaDB-columnstore-engine MariaDB-columnstore-engine-debuginfo +yum -y update MariaDB-server MariaDB-client MariaDB-columnstore-engine MariaDB-columnstore-engine-debuginfo || { yum -y install MariaDB-server MariaDB-client MariaDB-columnstore-engine MariaDB-columnstore-engine-debuginfo;systemctl start mariadb; systemctl start mariadb-columnstore; } UPGRADED_VERSION=$(mariadb -e "select @@version;") diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/datatypes/mcs_datatype.cpp mariadb-11.8.8/storage/columnstore/columnstore/datatypes/mcs_datatype.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/datatypes/mcs_datatype.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/datatypes/mcs_datatype.cpp 2026-05-24 09:58:33.000000000 +0000 @@ -1195,7 +1195,7 @@ BRM::DBRM& em, const BRM::EMEntry& entry, int* state) const { - int32_t seqNum; + int32_t seqNum = 0; MinMaxPartitionInfo partInfo(entry); *state = em.getExtentMaxMin(entry.range.start, partInfo.max, partInfo.min, seqNum); return partInfo; @@ -1205,7 +1205,7 @@ const SystemCatalog::TypeAttributesStd& /*attr*/, BRM::DBRM& em, const BRM::EMEntry& entry, int* state) const { - int32_t seqNum; + int32_t seqNum = 0; MinMaxPartitionInfo partInfo(entry); *state = em.getExtentMaxMin(entry.range.start, partInfo.max, partInfo.min, seqNum); return partInfo; @@ -1215,7 +1215,7 @@ const SystemCatalog::TypeAttributesStd& /*attr*/, BRM::DBRM& em, const BRM::EMEntry& entry, int* state) const { - int32_t seqNum; + int32_t seqNum = 0; MinMaxPartitionInfo partInfo(entry); *state = em.getExtentMaxMin(entry.range.start, partInfo.int128Max, partInfo.int128Min, seqNum); return partInfo; @@ -1225,7 +1225,7 @@ BRM::DBRM& em, const BRM::EMEntry& entry, int* state) const { - int32_t seqNum; + int32_t seqNum = 0; MinMaxPartitionInfo partInfo(entry); *state = em.getExtentMaxMin(entry.range.start, partInfo.max, partInfo.min, seqNum); // char column order swap @@ -1241,7 +1241,7 @@ BRM::DBRM& em, const BRM::EMEntry& entry, int* state) const { - int32_t seqNum; + int32_t seqNum = 0; MinMaxPartitionInfo partInfo(entry); *state = em.getExtentMaxMin(entry.range.start, partInfo.max, partInfo.min, seqNum); // char column order swap diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackage/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackage/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -43,3 +43,10 @@ ) columnstore_link(ddlpackage loggingcpp) + +add_custom_target(GenDDLPackageSource + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/ddl-gram.cpp + ${CMAKE_CURRENT_BINARY_DIR}/ddl-gram.h + ${CMAKE_CURRENT_BINARY_DIR}/ddl-scan.cpp +) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackage/ddl.y mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/ddl.y --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackage/ddl.y 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackage/ddl.y 2026-05-24 09:58:34.000000000 +0000 @@ -1309,7 +1309,7 @@ drop_column_def: DROP column_name drop_behavior {$$ = new AtaDropColumn($2, $3);} - | DROP COLUMN column_name drop_behavior {$$ = new AtaDropColumn($3, $4);} + | DROP COLUMN opt_if_exists column_name drop_behavior {$$ = new AtaDropColumn($4, $5);} | DROP COLUMN '(' column_name_list ')' {$$ = new AtaDropColumns($4);} | DROP '(' column_name_list ')' {$$ = new AtaDropColumns($3);} | DROP COLUMNS '(' column_name_list ')' {$$ = new AtaDropColumns($4);} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackageproc/ddlpackageprocessor.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackageproc/ddlpackageprocessor.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/ddlpackageproc/ddlpackageprocessor.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/ddlpackageproc/ddlpackageprocessor.h 2026-05-24 09:58:34.000000000 +0000 @@ -140,6 +140,7 @@ execplan::CalpontSystemCatalog::OID oid; execplan::CalpontSystemCatalog::ColType colType; execplan::CalpontSystemCatalog::TableColName tableColName; + DDLColumn() : oid(0) {} }; /** @brief a list of DDLColumns diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/dmlpackage/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/dmlpackage/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/CMakeLists.txt 2026-05-24 09:58:34.000000000 +0000 @@ -42,3 +42,10 @@ ) columnstore_link(dmlpackage loggingcpp) + +add_custom_target(GenDMLPackageSource + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/dml-gram.cpp + ${CMAKE_CURRENT_BINARY_DIR}/dml-gram.h + ${CMAKE_CURRENT_BINARY_DIR}/dml-scan.cpp +) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/dmlpackage/vendordmlstatement.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/vendordmlstatement.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/dmlpackage/vendordmlstatement.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/dmlpackage/vendordmlstatement.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -30,13 +30,15 @@ namespace dmlpackage { VendorDMLStatement::VendorDMLStatement(std::string dmlstatement, int sessionID) - : fDMLStatement(dmlstatement), fSessionID(sessionID), fLogging(true), fLogending(true) + : fDMLStatement(dmlstatement), fDMLStatementType(0), fRows(0), fColumns(0), fSessionID(sessionID), fLogging(true), fLogending(true) { } VendorDMLStatement::VendorDMLStatement(std::string dmlstatement, int stmttype, int sessionID) : fDMLStatement(dmlstatement) , fDMLStatementType(stmttype) + , fRows(0) + , fColumns(0) , fSessionID(sessionID) , fLogging(true) , fLogending(true) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -628,6 +628,11 @@ b << timeZone; b << fPron; b << (uint8_t)fWithRollup; + b << (uint8_t)fIsRecursiveWithTable; + b << (uint8_t)fIsRecursiveQuery; + b << (uint8_t)fContainsRecursiveQuery; + + b << fMaxRecursiveDepth; } void CalpontSelectExecutionPlan::unserialize(messageqcpp::ByteStream& b) @@ -832,6 +837,13 @@ utils::Pron::instance().pron(fPron); b >> tmp8; fWithRollup = tmp8; + b >> tmp8; + fIsRecursiveWithTable = tmp8; + b >> tmp8; + fIsRecursiveQuery = tmp8; + b >> tmp8; + fContainsRecursiveQuery = tmp8; + b >> (uint32_t&)fMaxRecursiveDepth; } bool CalpontSelectExecutionPlan::operator==(const CalpontSelectExecutionPlan& t) const @@ -1212,7 +1224,7 @@ } newPlan->fDerivedTableList.clear(); - for (const auto& drvTable: fDerivedTableList) + for (const auto& drvTable : fDerivedTableList) { auto* drvCSEP = dynamic_cast(drvTable.get()); idbassert_s(drvCSEP != nullptr, "derivedTable is not a CalpontSelectExecutionPlan"); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/calpontselectexecutionplan.h 2026-05-24 09:58:34.000000000 +0000 @@ -23,6 +23,7 @@ /** @file */ #pragma once +#include #include #include #include @@ -496,7 +497,12 @@ { return fDerivedTableList; } - void derivedTableList(const SelectList& derivedTableList) + + SelectList& derivedTableList() + { + return fDerivedTableList; + } + void derivedTableList(SelectList& derivedTableList) { fDerivedTableList = derivedTableList; } @@ -523,10 +529,12 @@ { fUnionVec = unionVec; } + const SelectList& unionVec() const { return fUnionVec; } + SelectList& unionVec() { return fUnionVec; @@ -765,6 +773,46 @@ return fTimeZone; } + void isRecursiveWithTable(bool b) + { + fIsRecursiveWithTable = b; + } + + bool isRecursiveWithTable() + { + return fIsRecursiveWithTable; + } + + void isRecursiveQuery(bool b) + { + fIsRecursiveQuery = b; + } + + bool isRecursiveQuery() + { + return fIsRecursiveQuery; + } + + void containsRecursiveQuery(bool b) + { + fContainsRecursiveQuery = b; + } + + bool containsRecursiveQuery() + { + return fContainsRecursiveQuery; + } + + void maxRecursiveDepth(uint32_t i) + { + fMaxRecursiveDepth = i; + } + + int maxRecursiveDepth() + { + return fMaxRecursiveDepth; + } + /** * The serialization interface */ @@ -985,6 +1033,11 @@ * A flag to compute subtotals, related to GROUP BY operation. */ bool fWithRollup; + bool fIsRecursiveWithTable = false; + bool fIsRecursiveQuery = false; + bool fContainsRecursiveQuery = false; + + uint32_t fMaxRecursiveDepth = 0; }; /** diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/constantfilter.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/constantfilter.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -118,6 +118,8 @@ if (!fFunctionName.empty()) output << " Func: " << fFunctionName << endl; + output << " fData: [" << fData << "]" << endl; + if (fCol) output << " " << *fCol << endl; @@ -312,6 +314,78 @@ for (unsigned i = 0; i < fFilterList.size(); i++) fFilterList[i]->replaceRealCol(derivedColList); + // MCOL-6297: we need to fix SQL representation (fData) for cross-engine joins. + correctSQLText(); +} +void ConstantFilter::correctSQLText() +{ + // this code recognizes simple_column (NOT) IN operator, translated into ConstantFilter, and changes + // fData field (SQL operator) to reflect new column names. + SimpleColumn* sc = dynamic_cast(fCol.get()); + if (!sc) + { + // not a simple column. + return ; + } + bool first = true; + bool needQuotes = datatypes::isCharType(sc->colType().colDataType); + OpType relOp = OP_XOR; + std::ostringstream values; + std::string delimiter = "("; + for (unsigned i = 0; i < fFilterList.size(); i++) + { + SSFP simpleFilter = fFilterList[i]; + auto thisRelOp = simpleFilter->op()->op(); + if (first) + { + relOp = thisRelOp; + if (relOp != OP_EQ && relOp != OP_NE) + { + // not an (NOT) IN operator. + return ; + } + } + else if (relOp != thisRelOp) + { + // not a proper structure of the (NOT) IN operator. + return ; + } + values << delimiter; + delimiter = ","; + std::string value = simpleFilter->rhs()->data(); + bool enquote = false; + if (needQuotes) + { + enquote = value.length() == 0 || value[0] != '\'' || value[value.length() - 1] != '\''; + } + if (enquote) + { + values << "'" << value << "'"; + } + else + { + values << value; + } + first = false; + } + values << ")"; + bool inverse = false; + if (op()->op() == OP_OR && relOp == OP_EQ) + { + // IN case, do nothing. + } + else if (op()->op() == OP_AND && relOp == OP_NE) + { + // NOT IN, remember that. + inverse = true; + } + else + { + // not a valid case for either IN or NOT IN operator, translated into ConstantFilter. + return ; + } + fData = "`" + sc->schemaName() + "`.`" + sc->tableAlias() + "`.`" + sc->columnName() + "` " + + (inverse ? "NOT " : "") + "IN " + values.str(); } const std::vector& ConstantFilter::simpleColumnList() @@ -331,11 +405,6 @@ } } -const std::vector& ConstantFilter::simpleColumnListExtended() -{ - return fSimpleColumnListExtended; -} - void ConstantFilter::setSimpleColumnListExtended() { fSimpleColumnListExtended.clear(); @@ -347,11 +416,13 @@ fFilterList[i]->simpleColumnListExtended().begin(), fFilterList[i]->simpleColumnListExtended().end()); } - fCol->setSimpleColumnListExtended(); - fSimpleColumnListExtended.insert(fSimpleColumnListExtended.end(), - fCol->simpleColumnListExtended().begin(), - fCol->simpleColumnListExtended().end()); - + if (fCol) + { + fCol->setSimpleColumnListExtended(); + fSimpleColumnListExtended.insert(fSimpleColumnListExtended.end(), + fCol->simpleColumnListExtended().begin(), + fCol->simpleColumnListExtended().end()); + } } } // namespace execplan diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/constantfilter.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/constantfilter.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/constantfilter.h 2026-05-24 09:58:34.000000000 +0000 @@ -202,7 +202,7 @@ // get all simple columns involved in this column const std::vector& simpleColumnList(); - const std::vector& simpleColumnListExtended(); + // simpleColumnListExtended() is inherited from Filter base class // walk through the constant filter operands to re-populate fSimpleColumnList void setSimpleColumnList() override; void setSimpleColumnListExtended() override; @@ -214,8 +214,9 @@ } private: + void correctSQLText(); // corrects SQL test in fData after predicate pushdown. std::vector fSimpleColumnList; - std::vector fSimpleColumnListExtended{}; + // Note: fSimpleColumnListExtended is inherited from Filter base class std::vector fAggColumnList; std::vector fWindowFunctionColumnList; }; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/selectfilter.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/selectfilter.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -241,7 +241,4 @@ } } -const std::vector& SelectFilter::simpleColumnListExtended() -{ return fSimpleColumnListExtended; } - } // namespace execplan diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/selectfilter.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/selectfilter.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/selectfilter.h 2026-05-24 09:58:34.000000000 +0000 @@ -171,7 +171,6 @@ bool operator!=(const SelectFilter& t) const; void setSimpleColumnListExtended() override; - const std::vector& simpleColumnListExtended(); private: // default okay? @@ -183,7 +182,6 @@ bool fCorrelated = false; std::string fData; uint64_t fReturnedColPos = 0; // offset in fSub->returnedColList to indicate the start of projection - std::vector fSimpleColumnListExtended{}; }; std::ostream& operator<<(std::ostream& output, const SelectFilter& rhs); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/simplecolumn.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/simplecolumn.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/simplecolumn.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/simplecolumn.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -49,11 +49,16 @@ #include "simplecolumn.h" #include "simplefilter.h" #include "selectfilter.h" +#include "existsfilter.h" +#include "simplescalarfilter.h" +#include "outerjoinonfilter.h" #include "aggregatecolumn.h" #include "constantfilter.h" #include "logicoperator.h" #include "../../utils/windowfunction/windowfunction.h" #include "utils/common/branchpred.h" +#include "constantcolumn.h" +#include "logicoperator.h" namespace execplan { @@ -95,14 +100,45 @@ void getSimpleColsExtended(execplan::ParseTree* n, void* obj) { - vector* list = reinterpret_cast*>(obj); TreeNode* tn = n->data(); + vector* list = reinterpret_cast*>(obj); ArithmeticColumn* ac = dynamic_cast(tn); AggregateColumn* agc = dynamic_cast(tn); + Filter* f = dynamic_cast(tn); FunctionColumn* fc = dynamic_cast(tn); SimpleColumn* sc = dynamic_cast(tn); - LogicOperator* lo = dynamic_cast(tn); - Filter* f = dynamic_cast(tn); + + // Skip subquery filters - they contain sub-CSEPs that should be processed separately by RBO + // Walking into them would incorrectly collect subquery columns for outer query processing + SelectFilter* sf = dynamic_cast(tn); + ExistsFilter* ef = dynamic_cast(tn); + SimpleScalarFilter* ssf = dynamic_cast(tn); + if (sf || ef || ssf) + { + const vector>* cols = nullptr; + // For subquery filters, only collect the outer query columns (cols()) + // Do NOT descend into sub->filters() - that will be handled when RBO processes the subquery + if (sf) + { + cols = &sf->cols(); + } + // SimpleScalarFilter also has cols() - the outer query column being compared with subquery result + if (ssf) + { + cols = &ssf->cols(); + } + // ExistsFilter has no outer columns to collect (it's just EXISTS (subquery)) + if (cols) + { + for (const auto& col : *cols) + { + col->setSimpleColumnListExtended(); + list->insert(list->end(), col->simpleColumnListExtended().begin(), + col->simpleColumnListExtended().end()); + } + } + return; + } if (sc) { @@ -128,16 +164,13 @@ f->setSimpleColumnListExtended(); list->insert(list->end(), f->simpleColumnListExtended().begin(), f->simpleColumnListExtended().end()); } - else if (lo) // XXX: should it be default case? + if (n->left()) { - if (n->left()) - { - n->left()->walk(getSimpleColsExtended, obj); - } - if (n->right()) - { - n->right()->walk(getSimpleColsExtended, obj); - } + n->left()->walk(getSimpleColsExtended, obj); + } + if (n->right()) + { + n->right()->walk(getSimpleColsExtended, obj); } } @@ -358,10 +391,9 @@ output << "Column: " << data(); datatypes::Charset cs(fResultType.charsetNumber); output << endl - << "Info: " << schemaName() << "." << tableName() - << "(" << tableAlias() << ")" - << "." << columnName() - << " (Type: " << colDataTypeToString(fResultType.colDataType) << ", OID: " << oid() << ")"; + << "Info: " << schemaName() << "." << tableName() << "(" << tableAlias() << ")" + << "." << columnName() << " (Type: " << colDataTypeToString(fResultType.colDataType) + << ", OID: " << oid() << ")"; return output.str(); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/windowfunctioncolumn.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/windowfunctioncolumn.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/execplan/windowfunctioncolumn.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/execplan/windowfunctioncolumn.h 2026-05-24 09:58:34.000000000 +0000 @@ -79,6 +79,11 @@ return fFunctionParms; } + inline std::vector& functionParms() + { + return fFunctionParms; + } + /** set function parameters*/ inline void functionParms(const std::vector& functionParms) { @@ -91,6 +96,11 @@ return fPartitions; } + inline std::vector& partitions() + { + return fPartitions; + } + /** set partition columns */ inline void partitions(const std::vector& partitions) { @@ -102,6 +112,11 @@ { return fOrderBy; } + + inline WF_OrderBy& orderBy() + { + return fOrderBy; + } /** set order by clause */ inline void orderBy(const WF_OrderBy& orderBy) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/fifo.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/fifo.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/fifo.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/fifo.h 2026-05-24 09:58:34.000000000 +0000 @@ -83,7 +83,7 @@ } inline void dropToken() {}; - inline void dropToken(uint32_t){}; + inline void dropToken(uint32_t) {}; // Counters that reflect how many many times this FIFO blocked on reads/writes uint64_t blockedWriteCount() const; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_execplantojoblist.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_execplantojoblist.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_execplantojoblist.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_execplantojoblist.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -29,6 +29,7 @@ #include #include #include +#include "mcs_datatype.h" using namespace std; #include @@ -1913,6 +1914,98 @@ if (jsv.empty()) throw runtime_error("Unhandled SimpleFilter"); } + // Handle bitmask pattern: (col & mask) = mask or mask = (col & mask) + // This allows bitwise AND filters to be pushed down as primitive filters + else if ((lhsType == FUNCTIONCOLUMN || rhsType == FUNCTIONCOLUMN) && opeq == *sop) + { + // Normalize: fc is the FunctionColumn, cc is the ConstantColumn on the other side + const FunctionColumn* fc = dynamic_cast(lhsType == FUNCTIONCOLUMN ? lhs : rhs); + const ConstantColumn* cc = dynamic_cast(lhsType == FUNCTIONCOLUMN ? rhs : lhs); + bool handled = false; + + // Check if this is a bitwise AND function with a SimpleColumn and ConstantColumn + // Supports: (col & mask) = mask, (mask & col) = mask, mask = (col & mask), mask = (mask & col) + if (cc && fc && fc->functionName() == "&" && fc->functionParms().size() == 2) + { + const auto& parms = fc->functionParms(); + + // Extract SimpleColumn and ConstantColumn from either argument order + auto extractBitmaskArgs = [](const funcexp::FunctionParm& p) + -> std::pair { + if (auto sc = dynamic_cast(p[0]->data())) + if (auto cc = dynamic_cast(p[1]->data())) + return {sc, cc}; + if (auto sc = dynamic_cast(p[1]->data())) + if (auto cc = dynamic_cast(p[0]->data())) + return {sc, cc}; + return {nullptr, nullptr}; + }; + + auto [sc, maskCC] = extractBitmaskArgs(parms); + + if (sc && maskCC && !sc->schemaName().empty() && sc->isColumnStore()) + { + std::string maskStr = maskCC->constval().safeString(""); + std::string rhsStr = cc->constval().safeString(""); + + if (maskStr == rhsStr) + { + CalpontSystemCatalog::OID tbl_oid = tableOid(sc, jobInfo.csc); + CalpontSystemCatalog::ColType ct = sc->colType(); + + if (!sc->schemaName().empty() && sc->isColumnStore()) + { + ct = jobInfo.csc->colType(sc->oid()); + ct.charsetNumber = sc->colType().charsetNumber; + } + + // Only for integer types + if (datatypes::isInteger(ct.colDataType)) + { + string alias(extractTableAlias(sc)); + string view(sc->viewName()); + + pColStep* pcs = new pColStep(sc->oid(), tbl_oid, ct, jobInfo); + pcs->alias(alias); + pcs->view(view); + pcs->name(sc->columnName()); + pcs->schema(sc->schemaName()); + pcs->cardinality(sf->cardinality()); + + int64_t maskValue = 0; + try + { + // Use stoull for unsigned values, then cast to int64_t + // This handles values > INT64_MAX correctly + maskValue = static_cast(std::stoull(maskStr)); + } + catch (...) + { + delete pcs; + jsv = doExpressionFilter(sf, jobInfo); + return jsv; + } + + pcs->addFilter(COMPARE_BITMASK, maskValue, 0); + + SJSTEP sjstep; + sjstep.reset(pcs); + jsv.push_back(sjstep); + + pcs->addFilter(sf); + + TupleInfo ti(setTupleInfo(ct, sc->oid(), jobInfo, tbl_oid, sc, alias)); + pcs->tupleId(ti.key); + + handled = true; + } + } + } + } + + if (!handled) + jsv = doExpressionFilter(sf, jobInfo); + } else if (lhsType == ARITHMETICCOLUMN || rhsType == ARITHMETICCOLUMN || lhsType == FUNCTIONCOLUMN || rhsType == FUNCTIONCOLUMN) { @@ -3344,11 +3437,59 @@ { /*doAND(jsv, jobInfo)*/; - if (n->left()) - walkTree(n->left(), jobInfo); - - if (n->right()) - walkTree(n->right(), jobInfo); + // Reorder AND filters: process cheaper filters first + // This helps when combining expensive filters (LIKE '%...%') with cheap filters (bitmask) + // Heuristic: LIKE on TEXT/BLOB is expensive, bitmask primitive filters are cheap + + // Check if FunctionColumn is a bitmask pattern: (col & const) or (const & col) + auto isBitmaskPattern = [](const FunctionColumn* fc) -> bool { + if (!fc || fc->functionName() != "&" || fc->functionParms().size() != 2) + return false; + const auto& p = fc->functionParms(); + bool hasSimpleCol = dynamic_cast(p[0]->data()) || + dynamic_cast(p[1]->data()); + bool hasConst = dynamic_cast(p[0]->data()) || + dynamic_cast(p[1]->data()); + return hasSimpleCol && hasConst; + }; + + auto estimateCost = [&isBitmaskPattern](const ParseTree* pt) -> int { + if (!pt || !pt->data()) + return 0; + TreeNode* data = pt->data(); + const SimpleFilter* sf = dynamic_cast(data); + if (sf) + { + const SOP& op = sf->op(); + // LIKE is expensive + if (op && (op->op() == OP_LIKE || op->op() == OP_NOTLIKE)) + return 1000; + // Check for bitmask pattern: (col & mask) = mask (pushdown to primitive filter) + const FunctionColumn* fcLhs = dynamic_cast(sf->lhs()); + const FunctionColumn* fcRhs = dynamic_cast(sf->rhs()); + if (isBitmaskPattern(fcLhs) || isBitmaskPattern(fcRhs)) + return 10; // Bitmask primitive filter is cheap + } + return 100; // Default cost + }; + + int leftCost = estimateCost(n->left()); + int rightCost = estimateCost(n->right()); + + if (leftCost <= rightCost) + { + if (n->left()) + walkTree(n->left(), jobInfo); + if (n->right()) + walkTree(n->right(), jobInfo); + } + else + { + if (n->right()) + walkTree(n->right(), jobInfo); + if (n->left()) + walkTree(n->left(), jobInfo); + } } else if (*op == opOR || *op == opor) { diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_subquery.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_subquery.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_subquery.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_subquery.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -21,7 +21,7 @@ #include #include #include -//#define NDEBUG +// #define NDEBUG #include #include using namespace std; @@ -431,7 +431,7 @@ Message::Args args; if (tn.empty() || tn.compare(0, 5, "$sub_")) - tn = "sub-query("+tn+")"; + tn = "sub-query(" + tn + ")"; args.add(tn); throw IDBExcept(ERR_MISS_JOIN_IN_SUB, args); @@ -748,6 +748,18 @@ SJSTEP subQueryStep = transformer.makeSubQueryStep(csep, true); subQueryStep->view(view); SJSTEP subAd(new SubAdapterStep(subQueryStep, jobInfo)); + if (csep->isRecursiveQuery()) + { + SubAdapterStep* subAdTemp = dynamic_cast(subAd.get()); + if (subAdTemp != nullptr) + { + subAdTemp->isRecursiveStep(true); + } + else + { + throw runtime_error("Failed to get SubAdapterStep"); + } + } jobInfo.selectAndFromSubs.push_back(subAd); return CNX_VTABLE_ID; @@ -870,6 +882,14 @@ transformer.setVarbinaryOK(); SJSTEP subQueryStep = transformer.makeSubQueryStep(csep, false); SJSTEP subAd(new SubAdapterStep(subQueryStep, jobInfo)); + if (csep->isRecursiveQuery()) + { + auto* sas = dynamic_cast(subAd.get()); + if (sas) + { + sas->isRecursiveStep(true); + } + } return subAd; } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -1150,6 +1150,9 @@ // rowgroup has the joinkeys and selected columns // this is the expected output of this table + if (bps == NULL) + throw runtime_error("BatchPrimitiveProcessor (BPS) was not properly initialized for the table."); + rgOut = bps->getOutputRowGroup(); // add token joins @@ -1424,10 +1427,14 @@ continue; // both connected, will be a cycle if added. if (nodeSet.find(tid1) == nodeSet.end() && nodeSet.find(tid2) == nodeSet.end()) + { continue; // both isolated, wait until one is connected. + } if (tables.find(tid1) == tables.end() || tables.find(tid2) == tables.end()) + { continue; // sub-query case + } // one & only one is already connected pair p(tid1, tid2); @@ -5262,7 +5269,203 @@ return SJSTEP(unionStep); } +SJSTEP recursiveUnionQueries(JobStepVector& queries, uint64_t distinctUnionNum, JobInfo& jobInfo, + JobStepVector& recurQueries, uint32_t keyCount) +{ + vector inputRGs; + vector distinct; + uint64_t colCount = jobInfo.deliveredCols.size(); + + vector oids; + vector keys; + vector scale; + vector precision; + vector width; + vector types; + vector csNums; + JobStepAssociation jsaToUnion; + + // bug4388, share code with connector for column type coversion + vector> queryColTypes; + + for (uint64_t j = 0; j < colCount; ++j) + queryColTypes.push_back(vector(queries.size() + recurQueries.size())); + + for (uint64_t i = 0; i < queries.size(); i++) + { + SJSTEP& spjs = queries[i]; + TupleDeliveryStep* tds = dynamic_cast(spjs.get()); + + if (tds == NULL) + { + throw runtime_error("Not a deliverable step."); + } + + const RowGroup& rg = tds->getDeliveredRowGroup(); + inputRGs.push_back(rg); + + const vector& scaleIn = rg.getScale(); + const vector& precisionIn = rg.getPrecision(); + const vector& typesIn = rg.getColTypes(); + const vector& csNumsIn = rg.getCharsetNumbers(); + + for (uint64_t j = 0; j < colCount; ++j) + { + queryColTypes[j][i].colDataType = typesIn[j]; + queryColTypes[j][i].charsetNumber = csNumsIn[j]; + queryColTypes[j][i].scale = scaleIn[j]; + queryColTypes[j][i].precision = precisionIn[j]; + queryColTypes[j][i].colWidth = rg.getColumnWidth(j); + } + + if (i == 0) + { + const vector& oidsIn = rg.getOIDs(); + const vector& keysIn = rg.getKeys(); + oids.insert(oids.end(), oidsIn.begin(), oidsIn.begin() + colCount); + keys.insert(keys.end(), keysIn.begin(), keysIn.begin() + colCount); + } + + // if all union types are UNION_ALL, distinctUnionNum is 0. + distinct.push_back(distinctUnionNum > i); + + AnyDataListSPtr spdl(new AnyDataList()); + RowGroupDL* dl = new RowGroupDL(1, jobInfo.fifoSize); + spdl->rowGroupDL(dl); + dl->OID(CNX_VTABLE_ID); + JobStepAssociation jsa; + jsa.outAdd(spdl); + spjs->outputAssociation(jsa); + jsaToUnion.outAdd(spdl); + } + + for (uint64_t i = 0; i < recurQueries.size(); i++) + { + SJSTEP spjs = recurQueries[i]; + TupleDeliveryStep* tds = dynamic_cast(spjs.get()); + + if (tds == nullptr) + { + throw runtime_error("Not a deliverable step."); + } + + const RowGroup& rg = tds->getDeliveredRowGroup(); + inputRGs.push_back(rg); + + const vector& scaleIn = rg.getScale(); + const vector& precisionIn = rg.getPrecision(); + const vector& typesIn = rg.getColTypes(); + const vector& csNumsIn = rg.getCharsetNumbers(); + + for (uint64_t j = 0; j < colCount; ++j) + { + queryColTypes[j][i + queries.size()].colDataType = typesIn[j]; + queryColTypes[j][i + queries.size()].charsetNumber = csNumsIn[j]; + queryColTypes[j][i + queries.size()].scale = scaleIn[j]; + queryColTypes[j][i + queries.size()].precision = precisionIn[j]; + queryColTypes[j][i + queries.size()].colWidth = rg.getColumnWidth(j); + } + // if all union types are UNION_ALL, distinctUnionNum is 0. + distinct.push_back(distinctUnionNum > i); + + // mostly should have initialised DLs hence the change + if (i < recurQueries.size() - 1) + { + AnyDataListSPtr spdl = spjs->outputAssociation().outAt(0); + spdl->rowGroupDL()->setNumConsumers(2); + jsaToUnion.outAdd(spdl); + } + else + { + AnyDataListSPtr spdl(new AnyDataList()); + RowGroupDL* dl = new RowGroupDL(1, jobInfo.fifoSize); + spdl->rowGroupDL(dl); + dl->OID(CNX_VTABLE_ID); + JobStepAssociation jsa; + jsa.outAdd(spdl); + spjs->outputAssociation(jsa); + jsaToUnion.outAdd(spdl); + } + } + + AnyDataListSPtr spdl(new AnyDataList()); + RowGroupDL* dl = new RowGroupDL(1, jobInfo.fifoSize); + spdl->rowGroupDL(dl); + dl->OID(CNX_VTABLE_ID); + JobStepAssociation jsa; + jsa.outAdd(spdl); + TupleRecursiveUnion* unionStep = new TupleRecursiveUnion(CNX_VTABLE_ID, jobInfo, keyCount); + unionStep->inputAssociation(jsaToUnion); + unionStep->outputAssociation(jsa); + + // This return code in the call to convertUnionColType() below would + // always be 0. This is because convertUnionColType() is also called + // in the connector code in getSelectPlan() which handle + // the non-zero return code scenarios from this function call and error + // out, in which case, the execution does not even get to ExeMgr. + unsigned int dummyUnionedTypeRc = 0; + + // get unioned column types + for (uint64_t j = 0; j < colCount; ++j) + { + CalpontSystemCatalog::ColType colType = + CalpontSystemCatalog::ColType::convertUnionColType(queryColTypes[j], dummyUnionedTypeRc); + types.push_back(colType.colDataType); + csNums.push_back(colType.charsetNumber); + scale.push_back(colType.scale); + precision.push_back(colType.precision); + width.push_back(colType.colWidth); + } + + vector pos; + pos.push_back(2); + + for (uint64_t i = 0; i < oids.size(); ++i) + pos.push_back(pos[i] + width[i]); + + unionStep->setInputRowGroups(inputRGs); + unionStep->setDistinctFlags(distinct); + unionStep->setOutputRowGroup( + RowGroup(oids.size(), pos, oids, keys, types, csNums, scale, precision, jobInfo.stringTableThreshold)); + + unionStep->recursiveSteps(recurQueries); + // Fix for bug 4388 adjusts the result type at connector side, this workaround is obsolete. + // bug 3067, update the returned column types. + // This is a workaround as the connector always uses the first query' returned columns. + // ct.colDataType = types[i]; + // ct.scale = scale[i]; + // ct.colWidth = width[i]; + + for (size_t i = 0; i < jobInfo.deliveredCols.size(); i++) + { + CalpontSystemCatalog::ColType ct = jobInfo.deliveredCols[i]->resultType(); + // XXX remove after connector change + ct.colDataType = types[i]; + ct.scale = scale[i]; + ct.colWidth = width[i]; + + // varchar/varbinary column width has been fudged, see fudgeWidth in jlf_common.cpp. + if (ct.colDataType == CalpontSystemCatalog::VARCHAR) + ct.colWidth--; + else if (ct.colDataType == CalpontSystemCatalog::VARBINARY) + ct.colWidth -= 2; + + jobInfo.deliveredCols[i]->resultType(ct); + } + + if (jobInfo.trace) + { + cout << boldStart << "\ninput RGs: (distinct=" << distinctUnionNum << ")\n" << boldStop; + + for (vector::iterator i = inputRGs.begin(); i != inputRGs.end(); i++) + cout << i->toString() << endl << endl; + + cout << boldStart << "output RG:\n" << boldStop << unionStep->getDeliveredRowGroup().toString() << endl; + } + + return SJSTEP(unionStep); +} } // namespace joblist #ifdef __clang__ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/jlf_tuplejoblist.h 2026-05-24 09:58:34.000000000 +0000 @@ -89,7 +89,7 @@ rowgroup::RowGroup fRowGroup; // output rowgroup meta data std::set fJoinedTables; // tables directly/indirectly joined to this table - TableInfo() : fTableOid(-1), fVisited(false) + TableInfo() : fTableOid(-1), fSubId(0), fVisited(false) { } }; @@ -130,7 +130,8 @@ // union the queries and return the tuple union step SJSTEP unionQueries(JobStepVector& queries, uint64_t distinctUnionNum, JobInfo& jobInfo, uint32_t keyCount); - +SJSTEP recursiveUnionQueries(JobStepVector& queries, uint64_t distinctUnionNum, JobInfo& jobInfo, + JobStepVector& recurQueries, uint32_t keyCount); void addAnnexStep(JobStepVector& querySteps, DeliveredTableMap& deliverySteps, JobInfo& jobInfo, IDBQueryType queryType = execplan::IDBQueryType::SELECT); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/joblistfactory.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/joblistfactory.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/joblistfactory.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/joblistfactory.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -18,6 +18,7 @@ // $Id: joblistfactory.cpp 9632 2013-06-18 22:18:20Z xlou $ +#include #include #include #include @@ -28,6 +29,7 @@ #include #include #include +#include "subquerystep.h" using namespace std; #include @@ -1332,7 +1334,7 @@ } // for dictionary columns not count only, replace the token oid with string oid - for (vector >::iterator it = jobInfo.returnedColVec.begin(); + for (vector>::iterator it = jobInfo.returnedColVec.begin(); it != jobInfo.returnedColVec.end(); it++) { // if the column is a dictionary column and not count only @@ -1578,7 +1580,7 @@ set seenTableIds; // Stack of seenTables to make sure the left-hand side and right-hand have the same content - stack > seenTableStack; + stack> seenTableStack; if (!querySteps.empty()) { @@ -2015,20 +2017,134 @@ parseExecutionPlan(csep, jobInfo, querySteps, projectSteps, deliverySteps); makeVtableModeSteps(csep, jobInfo, querySteps, projectSteps, deliverySteps); } +void findRecursiveSubSteps(const SJSTEP& root, JobStepVector& result) +{ + if (!root) + return; + + std::stack work; + work.push(root); + + while (!work.empty()) + { + SJSTEP step = work.top(); + work.pop(); + + if (!step) + continue; + + // Case 1: SubAdapterStep + if (auto* adapter = dynamic_cast(step.get())) + { + if (adapter->isRecursiveStep()) + { + result.push_back(step); + } + + // push its substep + work.push(adapter->subStep()); + } + // Case 2: SubQueryStep + else if (auto* subq = dynamic_cast(step.get())) + { + const STJLP& subJoblist = subq->subJoblist(); + if (subJoblist) + { + const auto& qsteps = subJoblist->querySteps(); + for (const auto& qstep : qsteps) + { + work.push(qstep); + } + } + } + } + std::reverse(result.begin(), result.end()); +} + +void replaceDerivedTableList(CalpontSelectExecutionPlan::SelectList& list, const SCSEP& replacementScep) +{ + for (auto& scep : list) + { + auto* plan = dynamic_cast(scep.get()); + if (!plan) + continue; + + if (plan->isRecursiveWithTable()) + { + scep = replacementScep; + } + else if (plan->containsRecursiveQuery()) + { + replaceDerivedTableList(plan->derivedTableList(), replacementScep); + } + } +} + +void addExpOrderByColsToReturnedCols( + const std::remove_cv_t().orderByCols())>>& expOrderByCols, + CalpontSelectExecutionPlan* unionCSEP) +{ + for (auto& obc : expOrderByCols) + { + // Replace any leaf of expressions in the ORDER BY list with the corresponding column for each table + // in the UNION, and add the expression to the returned columns. + auto* col = obc->clone(); + auto* ac = dynamic_cast(col); + auto* fc = dynamic_cast(col); + if (ac) + { + ac->expression()->walk(fixUnionExpressionCol, unionCSEP); + ac->setSimpleColumnList(); + } + else if (fc) + { + for (auto& parm : fc->functionParms()) + { + parm->walk(fixUnionExpressionCol, unionCSEP); + } + fc->setSimpleColumnList(); + } + unionCSEP->returnedCols().emplace_back(col); + } +} +// Builds the job steps for a UNION query (both regular and recursive CTE). +// +// The function proceeds in these stages: +// 1. Collect ORDER BY expressions that require special handling (arithmetic/function columns). +// 2. For recursive CTEs, partition unionVec so that non-recursive members come first. +// 3. Build job steps for each non-recursive UNION member (for regular UNION this is all of them). +// 4. For recursive CTEs, unroll the recursive member up to `depth` iterations, +// substituting the previous iteration's plan as the recursive reference. +// 5. Promote ORDER BY expression columns into the outer query's returned columns. +// 6. Create the final TupleUnion step (recursive or regular variant). +// 7. If ORDER BY / LIMIT is present, set up ordering keys, fix returned column OIDs, +// and append an annex step for sorting/limiting. void makeUnionJobSteps(CalpontSelectExecutionPlan* csep, JobInfo& jobInfo, JobStepVector& querySteps, JobStepVector& /*projectSteps*/, DeliveredTableMap& deliverySteps) { + // --- Stage 0: Basic setup --- + // unionVec holds all UNION members (sub-SELECTs). + // distinctUnionNum is the count of UNION DISTINCT members (as opposed to UNION ALL). + // unionRetColsCount is the number of columns the outer UNION query returns. + // unionFeeders accumulates the job steps that feed into the final TupleUnion step. CalpontSelectExecutionPlan::SelectList& unionVec = csep->unionVec(); uint8_t distinctUnionNum = csep->distinctUnionNum(); uint32_t unionRetColsCount = csep->returnedCols().size(); JobStepVector unionFeeders; + // --- Stage 1: Collect ORDER BY expressions that need special handling --- + // Simple and constant columns in ORDER BY are handled directly by position. + // Arithmetic and function columns (e.g. "ORDER BY a + b") need to be cloned + // into each UNION member's returned columns so their values are available + // after the union merge. We collect them here for later processing. std::remove_cv_torderByCols())>> expOrderByCols; for (auto& obc : csep->orderByCols()) { if (obc->orderPos() != -1ull) { + // Already has a resolved position — nothing extra needed. continue; } if (dynamic_cast(obc.get()) == nullptr && @@ -2039,39 +2155,118 @@ } } - for (auto& unionSub : unionVec) - { - auto* unionCSEP = dynamic_cast(unionSub.get()); - for (auto& obc : expOrderByCols) - { - // Replace any leaf of expressions in the ORDER BY list with the corresponding column for each table in - // the UNION, and add the expression to the returned columns. - auto* col = obc->clone(); - auto* ac = dynamic_cast(col); - auto* fc = dynamic_cast(col); - if (ac) - { - ac->expression()->walk(fixUnionExpressionCol, unionCSEP); - ac->setSimpleColumnList(); - } - else if (fc) - { - for (auto& parm : fc->functionParms()) - { - parm->walk(fixUnionExpressionCol, unionCSEP); - } - fc->setSimpleColumnList(); - } - unionCSEP->returnedCols().emplace_back(col); - } - SJSTEP sub = doUnionSub(unionSub.get(), jobInfo); + const bool isRecursive = csep->isRecursiveWithTable(); + + // --- Stage 2: Partition UNION members for recursive CTE --- + // A recursive CTE (WITH RECURSIVE) has two kinds of UNION members: + // - Non-recursive (base case): does not reference the CTE itself. + // - Recursive: references the CTE and iterates until fixpoint or depth limit. + // We partition unionVec so that non-recursive members are in [begin, nonRecursiveEnd) + // and recursive members are in [nonRecursiveEnd, end). + // For a regular (non-recursive) UNION, nonRecursiveEnd == end(), so all members + // are processed uniformly in stage 3. + auto nonRecursiveEnd = unionVec.end(); + if (isRecursive) + { + nonRecursiveEnd = std::partition(unionVec.begin(), unionVec.end(), + [](SCEP scep) + { + auto* plan = dynamic_cast(scep.get()); + return plan ? !plan->containsRecursiveQuery() : false; + }); + } + + // --- Stage 3: Build job steps for non-recursive UNION members --- + // For each non-recursive member: + // a) Clone expression ORDER BY columns into its returned columns + // (so the expression values propagate through the union). + // b) Call doUnionSub() to translate the sub-SELECT into a job step. + // c) Collect the step as both a query step and a union feeder. + // For a regular UNION this loop processes every member. + for (auto it = unionVec.begin(); it != nonRecursiveEnd; ++it) + { + auto* unionCSEP = dynamic_cast(it->get()); + addExpOrderByColsToReturnedCols(expOrderByCols, unionCSEP); + SJSTEP sub = doUnionSub(it->get(), jobInfo); querySteps.push_back(sub); unionFeeders.push_back(sub); } + // --- Stage 4: Unroll the recursive CTE members (skipped for regular UNION) --- + // The recursive member is "unrolled" up to `depth` iterations. Each iteration: + // a) Copies the base recursive plan into workingRecur. + // b) Marks the previous iteration (currRecur) as a recursive-with-table reference. + // c) Wraps currRecur into a replacement plan and substitutes it into + // workingRecur's derived-table and union lists via replaceDerivedTableList(). + // This chains the iterations: iteration N reads from iteration N-1's output. + // d) Adds expression ORDER BY columns to workingRecur. + // e) On the last iteration only, creates the actual job step (recursiveSub) + // — this is the step whose sub-tree encodes the full recursion chain. + // After the loop, findRecursiveSubSteps() walks the recursiveSub step tree + // to collect all intermediate feeder steps needed by the recursive TupleUnion. + JobStepVector recursiveUnionFeeders; + SJSTEP recursiveSub; + if (isRecursive) + { + // Mark all recursive UNION members as recursive queries. + CalpontSelectExecutionPlan* currRecur = nullptr; + for (auto cit = nonRecursiveEnd; cit != unionVec.end(); ++cit) + { + currRecur = dynamic_cast(cit->get()); + currRecur->isRecursiveQuery(true); + } + if (currRecur == nullptr) + throw runtime_error("Recursive CTE: no recursive UNION member found"); + + // baseRecur is the template plan for every unrolled iteration. + CalpontSelectExecutionPlan* baseRecur = new CalpontSelectExecutionPlan(*currRecur); + uint32_t depth = (currRecur->maxRecursiveDepth() <= 100) ? csep->maxRecursiveDepth() : 100; + for (uint32 i = 0; i < depth; ++i) + { + // Create a fresh copy of the recursive plan for this iteration. + CalpontSelectExecutionPlan* workingRecur = new CalpontSelectExecutionPlan(*baseRecur); + CalpontSelectExecutionPlan::SelectList& currDerivedTbList = workingRecur->derivedTableList(); + CalpontSelectExecutionPlan::SelectList& currUnionVec = workingRecur->unionVec(); + + // Mark currRecur (the previous iteration) as the recursive reference point, + // and workingRecur (the current iteration) as a recursive query. + currRecur->isRecursiveWithTable(true); + workingRecur->isRecursiveQuery(true); + + // Substitute the previous iteration's plan into this iteration's references. + SCSEP replacement = boost::make_shared(*currRecur); + replaceDerivedTableList(currDerivedTbList, replacement); + replaceDerivedTableList(currUnionVec, replacement); + + // Add expression ORDER BY columns to this iteration's returned columns. + addExpOrderByColsToReturnedCols(expOrderByCols, workingRecur); + + // Only the last iteration produces the actual executable job step. + if (i == depth - 1) + { + recursiveSub = doUnionSub(replacement.get(), jobInfo); + querySteps.push_back(recursiveSub); + } + // querySteps.push_back(sub); + // unionFeeders.push_back(sub); + + // Advance: this iteration becomes the "previous" for the next one. + currRecur = new CalpontSelectExecutionPlan(*workingRecur); + } + + // Walk the recursiveSub step tree to collect all feeder steps + // that the recursive TupleUnion needs. + findRecursiveSubSteps(recursiveSub, recursiveUnionFeeders); + } + + // --- Stage 5: Promote ORDER BY expressions into the outer query --- + // For each expression ORDER BY column (e.g. "ORDER BY a + b"), add a corresponding + // SimpleColumn to the outer query's returned columns. This makes the expression + // result available as a regular column after the union merge, so the annex step + // can sort by it. Also update the orderPos on both the new SimpleColumn and + // the original ORDER BY entry to point at the appended position. for (auto& obc : expOrderByCols) { - // Add a SimpleColumn to the outer query for the every ORDER BY expression auto* sc = new SimpleColumn(*obc.get()); csep->returnedCols().emplace_back(sc); sc->colPosition(csep->returnedCols().size() - 1); @@ -2079,23 +2274,47 @@ obc->orderPos(csep->returnedCols().size() - 1); } + // --- Stage 6: Create the final TupleUnion step --- + // deliveredCols tells downstream steps which columns the union produces. + // For recursive CTE we use recursiveUnionQueries() which also wires up + // the recursive feeder steps; for regular UNION we use unionQueries(). + // The union step is then registered as the delivery step for the virtual table. jobInfo.deliveredCols = csep->returnedCols(); - SJSTEP unionStep(unionQueries(unionFeeders, distinctUnionNum, jobInfo, unionRetColsCount)); + SJSTEP unionStep(isRecursive + ? SJSTEP(recursiveUnionQueries(unionFeeders, distinctUnionNum, jobInfo, + recursiveUnionFeeders, unionRetColsCount)) + : SJSTEP(unionQueries(unionFeeders, distinctUnionNum, jobInfo, unionRetColsCount))); querySteps.push_back(unionStep); uint16_t stepNo = jobInfo.subId * 10000; numberSteps(querySteps, stepNo, jobInfo.traceFlags); deliverySteps[execplan::CNX_VTABLE_ID] = unionStep; + // --- Stage 7: ORDER BY / LIMIT post-processing --- + // This block is entered when the UNION has an ORDER BY clause and/or LIMIT/OFFSET. + // It performs three sub-tasks: + // a) Build jobInfo.orderByColVec — a vector of (tupleKey, ascending) pairs that + // the annex step uses to sort. For SimpleColumns we look up the delivered + // column by orderPos; for expression columns we fall back to the TupleUnion's + // output row group keys. + // b) Normalize every returned column to a SimpleColumn with a synthetic OID + // (tableOid + 1 + position). ConstantColumns and other non-SimpleColumns + // are replaced. schemaName is cleared and tableAlias is set to the first + // query step's alias so that downstream steps treat them uniformly. + // c) doProject / checkReturnedColumns / addAnnexStep finalize the projection + // and append a TupleAnnex step that performs the actual ORDER BY + LIMIT. if (!csep->orderByCols().empty() || csep->limitStart() != 0 || csep->limitNum() != -1ull) { jobInfo.limitStart = csep->limitStart(); jobInfo.limitCount = csep->limitNum(); jobInfo.orderByThreads = csep->orderByThreads(); + + // (a) Build the order-by key vector for the annex step. for (auto& obc : csep->orderByCols()) { auto* osc = dynamic_cast(obc.get()); if (osc) { + // SimpleColumn ORDER BY — resolve via delivered columns. auto* sc = dynamic_cast(jobInfo.deliveredCols[obc->orderPos()].get()); idbassert(sc); sc->schemaName(""); @@ -2106,6 +2325,7 @@ } else { + // Expression ORDER BY — use the TupleUnion output row group key directly. auto* tus = dynamic_cast(unionStep.get()); auto& keys = tus->getOutputRowGroup().getKeys(); idbassert(obc->orderPos() < keys.size()); @@ -2113,9 +2333,9 @@ } } + // (b) Normalize all returned columns to SimpleColumns with synthetic OIDs. for (auto& rc : csep->returnedCols()) { - // Replace ConstantColumns with SimpleColumns and fix OIDs auto* sc = dynamic_cast(rc.get()); if (sc) { @@ -2125,6 +2345,7 @@ } else { + // Replace non-SimpleColumn (e.g. ConstantColumn) with a SimpleColumn wrapper. sc = new SimpleColumn(*rc.get()); rc.reset(sc); sc->schemaName(""); @@ -2132,6 +2353,8 @@ sc->oid(tableOid(sc, jobInfo.csc) + 1 + rc->colPosition()); } } + + // (c) Finalize projection and append the annex step (ORDER BY + LIMIT execution). doProject(csep->returnedCols(), jobInfo); checkReturnedColumns(csep, jobInfo); addAnnexStep(querySteps, deliverySteps, jobInfo, IDBQueryType::UNION); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/pdictionaryscan.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/pdictionaryscan.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/pdictionaryscan.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/pdictionaryscan.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -326,10 +326,10 @@ HWM_t hwm; uint32_t fbo; DBRM dbrm; - uint16_t dbroot; - uint32_t partNum; - uint16_t segNum; - BRM::OID_t oid; + uint16_t dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + BRM::OID_t oid = 0; oam::OamCache* oamCache = oam::OamCache::makeOamCache(); int localPMId = oamCache->getLocalPMId(); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/primitivemsg.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/primitivemsg.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/primitivemsg.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/primitivemsg.h 2026-05-24 09:58:34.000000000 +0000 @@ -55,6 +55,10 @@ const int8_t COMPARE_LIKE = 0x10; const int8_t COMPARE_NLIKE = (COMPARE_LIKE | COMPARE_NOT); // 0x18 +// Bitmask comparison: (value & mask) = mask +// Used for Bloom filter style queries where we check if all bits in mask are set +const int8_t COMPARE_BITMASK = 0x20; + namespace primitives { using RIDType = uint16_t; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/subquerystep.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerystep.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/subquerystep.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerystep.h 2026-05-24 09:58:34.000000000 +0000 @@ -215,6 +215,16 @@ return fSubStep; } + void isRecursiveStep(bool b) + { + fIsRecursiveStep = b; + } + + bool isRecursiveStep() + { + return fIsRecursiveStep; + } + /** @brief add filters (expression steps) */ void addExpression(const JobStepVector&, JobInfo&); @@ -252,6 +262,8 @@ uint64_t fInputIterator; uint64_t fOutputIterator; + bool fIsRecursiveStep = false; + class Runner { public: diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/subquerytransformer.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerytransformer.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/subquerytransformer.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/subquerytransformer.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -19,7 +19,7 @@ // $Id: subquerytransformer.cpp 6406 2010-03-26 19:18:37Z xlou $ #include -//#define NDEBUG +// #define NDEBUG #include using namespace std; @@ -79,7 +79,7 @@ SJSTEP& SubQueryTransformer::makeSubQueryStep(execplan::CalpontSelectExecutionPlan* csep, bool subInFromClause) { - // Setup job info, job list and error status relation. + // Setup job info, job list and error status relation. fSubJobInfo = new JobInfo(fOutJobInfo->rm); fSubJobInfo->sessionId = fOutJobInfo->sessionId; fSubJobInfo->txnId = fOutJobInfo->txnId; @@ -118,7 +118,6 @@ fSubJobInfo->isDML = fOutJobInfo->isDML; fSubJobInfo->orderByThreads = csep->orderByThreads(); - // Update v-table's alias. fVtable.name("$sub"); @@ -266,7 +265,8 @@ precision.push_back(ti.precision); } - fOutJobInfo->vtableColTypes[UniqId(fVtable.columnOid(i), fVtable.alias(), "", "", execplan::Partitions())] = + fOutJobInfo + ->vtableColTypes[UniqId(fVtable.columnOid(i), fVtable.alias(), "", "", execplan::Partitions())] = fVtable.columnType(i); } @@ -304,9 +304,9 @@ // put vtable into the table list to resolve correlated filters // Temp fix for @bug3932 until outer join has no dependency on table order. // Insert at [1], not to mess with OUTER join and hint(INFINIDB_ORDERED -- bug2317). - fOutJobInfo->tableList.insert( - fOutJobInfo->tableList.begin() + 1, - makeTableKey(*fOutJobInfo, fVtable.tableOid(), fVtable.name(), fVtable.alias(), "", fVtable.view(), fVtable.partitions())); + fOutJobInfo->tableList.insert(fOutJobInfo->tableList.begin() + 1, + makeTableKey(*fOutJobInfo, fVtable.tableOid(), fVtable.name(), + fVtable.alias(), "", fVtable.view(), fVtable.partitions())); // tables in outer level set outTables; @@ -422,7 +422,7 @@ sc->viewName(fVtable.view()); sc->oid(fVtable.columnOid(k->second)); sc->columnName(fVtable.columns()[k->second]->columnName()); - sc->partitions(fVtable.partitions()); + sc->partitions(fVtable.partitions()); const CalpontSystemCatalog::ColType& ct = fVtable.columnType(k->second); TupleInfo ti = setTupleInfo(ct, sc->oid(), *fOutJobInfo, fVtable.tableOid(), sc, fVtable.alias()); @@ -432,7 +432,7 @@ schemas[j] = sc->schemaName(); columnKeys[j] = ti.key; tableKeys[j] = getTableKey(*fOutJobInfo, ti.key); - partitions[j] = sc->partitions(); + partitions[j] = sc->partitions(); } else { @@ -523,7 +523,8 @@ if (outTables.find(tid) == outTables.end()) { - if (subMap.find(UniqId(j->oid(), j->alias(), j->schema(), j->view(), j->partitions(), 0)) != subMap.end()) + if (subMap.find(UniqId(j->oid(), j->alias(), j->schema(), j->view(), j->partitions(), 0)) != + subMap.end()) // throw CorrelateFailExcept(); throw IDBExcept(logging::ERR_NON_SUPPORT_SUB_QUERY_TYPE); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tuple-bps.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tuple-bps.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tuple-bps.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tuple-bps.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -1550,7 +1550,7 @@ void TupleBPS::sendError(uint16_t status) { - SBS msgBpp; + SBS msgBpp = boost::make_shared(); fBPP->setCount(1); fBPP->setStatus(status); fBPP->runErrorBPP(*msgBpp); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tupleunion.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tupleunion.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -60,1230 +60,1255 @@ namespace { - // union helper functions. +// union helper functions. - inline uint64_t pickScaleForDouble(Row* out, uint32_t i, double val) - { - /* have to pick a scale to use for the double. using 5... */ - uint32_t scale = 5; - uint64_t ival = (uint64_t)(double)(val * datatypes::scaleDivisor(scale)); - const int diff = out->getScale(i) - scale; - ival = datatypes::applySignedScale(ival, diff); - return ival; - } - - inline uint64_t pickScaleForLongDouble(Row* out, uint32_t i, long double val) - { - /* have to pick a scale to use for the double. using 5... */ - uint32_t scale = 5; - uint64_t ival = (uint64_t)(double)(val * datatypes::scaleDivisor(scale)); - int diff = out->getScale(i) - scale; - ival = datatypes::applySignedScale(ival, diff); - return ival; - } - - NullString formatDouble(double val) - { - char buf[datatypes::INT128MAXPRECISION + 1]; - my_bool error = 0; - auto len = my_gcvt(val, MY_GCVT_ARG_DOUBLE, sizeof(buf) - 1, buf, &error); - idbassert(error == 0 && len <= sizeof(buf)); - return {buf, len}; - } +inline uint64_t pickScaleForDouble(Row* out, uint32_t i, double val) +{ + /* have to pick a scale to use for the double. using 5... */ + uint32_t scale = 5; + uint64_t ival = (uint64_t)(double)(val * datatypes::scaleDivisor(scale)); + const int diff = out->getScale(i) - scale; + ival = datatypes::applySignedScale(ival, diff); + return ival; +} - void normalizeIntToIntNoScale(const Row& in, Row* out, uint32_t i) - { - out->setIntField(in.getIntField(i), i); - } +inline uint64_t pickScaleForLongDouble(Row* out, uint32_t i, long double val) +{ + /* have to pick a scale to use for the double. using 5... */ + uint32_t scale = 5; + uint64_t ival = (uint64_t)(double)(val * datatypes::scaleDivisor(scale)); + int diff = out->getScale(i) - scale; + ival = datatypes::applySignedScale(ival, diff); + return ival; +} - void normalizeIntToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setInt128Field(val, i); - } +NullString formatDouble(double val) +{ + char buf[datatypes::INT128MAXPRECISION + 1]; + my_bool error = 0; + auto len = my_gcvt(val, MY_GCVT_ARG_DOUBLE, sizeof(buf) - 1, buf, &error); + idbassert(error == 0 && len <= sizeof(buf)); + return {buf, len}; +} - void normalizeIntToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setIntField(val, i); - } - - void normalizeIntToUintNoScale(const Row& in, Row* out, uint32_t i) - { - out->setUintField(in.getIntField(i), i); - } +void normalizeIntToIntNoScale(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getIntField(i), i); +} - void normalizeIntToUintWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setInt128Field(val, i); - } +void normalizeIntToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setInt128Field(val, i); +} - void normalizeIntToUintWithScaleInt64(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setIntField(val, i); - } +void normalizeIntToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setIntField(val, i); +} - void normalizeIntToStringWithScale(const Row& in, Row* out, uint32_t i) - { - double d = in.getIntField(i); - d /= exp10(in.getScale(i)); - out->setStringField(formatDouble(d), i); - } +void normalizeIntToUintNoScale(const Row& in, Row* out, uint32_t i) +{ + out->setUintField(in.getIntField(i), i); +} - void normalizeIntToStringNoScale(const Row& in, Row* out, uint32_t i) - { - utils::NullString ns(std::to_string(in.getIntField(i))); - out->setStringField(ns, i); - } +void normalizeIntToUintWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setInt128Field(val, i); +} - void normalizeIntToXFloat(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledSInt64FieldAsXFloat(i); - out->setFloatField((float)d, i); - } +void normalizeIntToUintWithScaleInt64(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setIntField(val, i); +} - void normalizeIntToXDouble(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledSInt64FieldAsXFloat(i); - out->setDoubleField(d, i); - } +void normalizeIntToStringWithScale(const Row& in, Row* out, uint32_t i) +{ + double d = in.getIntField(i); + d /= exp10(in.getScale(i)); + out->setStringField(formatDouble(d), i); +} - void normalizeIntToLongDouble(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledSInt64FieldAsXFloat(i); - out->setLongDoubleField(d, i); - } +void normalizeIntToStringNoScale(const Row& in, Row* out, uint32_t i) +{ + utils::NullString ns(std::to_string(in.getIntField(i))); + out->setStringField(ns, i); +} - void normalizeIntToXDecimalInt128(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setInt128Field(val, i); - } +void normalizeIntToXFloat(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledSInt64FieldAsXFloat(i); + out->setFloatField((float)d, i); +} - void normalizeIntToXDecimalInt64(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); - out->setIntField(val, i); - } +void normalizeIntToXDouble(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledSInt64FieldAsXFloat(i); + out->setDoubleField(d, i); +} - void normalizeUintToIntNoScale(const Row& in, Row* out, uint32_t i) - { - out->setIntField(in.getUintField(i), i); - } +void normalizeIntToLongDouble(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledSInt64FieldAsXFloat(i); + out->setLongDoubleField(d, i); +} - void normalizeUintToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int128_t val = datatypes::applySignedScale(in.getUintField(i), diff); - out->setInt128Field(val, i); - } +void normalizeIntToXDecimalInt128(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int128_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setInt128Field(val, i); +} - void normalizeUntToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - uint64_t val = datatypes::applySignedScale(in.getUintField(i), diff); - out->setIntField(val, i); - } +void normalizeIntToXDecimalInt64(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int64_t val = datatypes::applySignedScale(in.getIntField(i), diff); + out->setIntField(val, i); +} - void normalizeUintToUint(const Row& in, Row* out, uint32_t i) - { - out->setUintField(in.getUintField(i), i); - } +void normalizeUintToIntNoScale(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getUintField(i), i); +} - void normalizeUintToStringWithScale(const Row& in, Row* out, uint32_t i) - { - double d = in.getUintField(i); - d /= exp10(in.getScale(i)); - out->setStringField(formatDouble(d), i); - } +void normalizeUintToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int128_t val = datatypes::applySignedScale(in.getUintField(i), diff); + out->setInt128Field(val, i); +} - void normalizeUintToStringNoScale(const Row& in, Row* out, uint32_t i) - { - utils::NullString ns(std::to_string(in.getUintField(i))); - out->setStringField(ns, i); - } +void normalizeUntToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + uint64_t val = datatypes::applySignedScale(in.getUintField(i), diff); + out->setIntField(val, i); +} - void normalizUintToXFloat(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledUInt64FieldAsXFloat(i); - out->setFloatField((float)d, i); - } +void normalizeUintToUint(const Row& in, Row* out, uint32_t i) +{ + out->setUintField(in.getUintField(i), i); +} - void normalizeUintToXDouble(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledUInt64FieldAsXFloat(i); - out->setDoubleField(d, i); - } +void normalizeUintToStringWithScale(const Row& in, Row* out, uint32_t i) +{ + double d = in.getUintField(i); + d /= exp10(in.getScale(i)); + out->setStringField(formatDouble(d), i); +} - void normalizeUintToLongDouble(const Row& in, Row* out, uint32_t i) - { - auto d = in.getScaledUInt64FieldAsXFloat(i); - out->setLongDoubleField(d, i); - } +void normalizeUintToStringNoScale(const Row& in, Row* out, uint32_t i) +{ + utils::NullString ns(std::to_string(in.getUintField(i))); + out->setStringField(ns, i); +} - void normalizeUintToXDecimalInt128(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - int128_t val = datatypes::applySignedScale(in.getUintField(i), diff); - out->setInt128Field(val, i); - } +void normalizUintToXFloat(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledUInt64FieldAsXFloat(i); + out->setFloatField((float)d, i); +} - void normalizeUintToXDecimalInt64(const Row& in, Row* out, uint32_t i) - { - const int diff = out->getScale(i) - in.getScale(i); - idbassert(diff >= 0); - uint64_t val = datatypes::applySignedScale(in.getUintField(i), diff); - out->setIntField(val, i); - } +void normalizeUintToXDouble(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledUInt64FieldAsXFloat(i); + out->setDoubleField(d, i); +} - void normalizeStringToString(const Row& in, Row* out, uint32_t i) - { - out->setStringField(in.getStringField(i), i); - } +void normalizeUintToLongDouble(const Row& in, Row* out, uint32_t i) +{ + auto d = in.getScaledUInt64FieldAsXFloat(i); + out->setLongDoubleField(d, i); +} - void normalizeDateToDate(const Row& in, Row* out, uint32_t i) - { - out->setIntField(in.getIntField(i), i); - } +void normalizeUintToXDecimalInt128(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + int128_t val = datatypes::applySignedScale(in.getUintField(i), diff); + out->setInt128Field(val, i); +} - void normalizeDateToDatetime(const Row& in, Row* out, uint32_t i) - { - uint64_t date = in.getUintField(i); - date &= ~0x3f; // zero the 'spare' field - date <<= 32; - out->setUintField(date, i); - } +void normalizeUintToXDecimalInt64(const Row& in, Row* out, uint32_t i) +{ + const int diff = out->getScale(i) - in.getScale(i); + idbassert(diff >= 0); + uint64_t val = datatypes::applySignedScale(in.getUintField(i), diff); + out->setIntField(val, i); +} - void normalizeDateToTimestamp(const Row& in, Row* out, uint32_t i, long fTimeZone) - { - dataconvert::Date date(in.getUintField(i)); - dataconvert::MySQLTime m_time; - m_time.year = date.year; - m_time.month = date.month; - m_time.day = date.day; - m_time.hour = 0; - m_time.minute = 0; - m_time.second = 0; - m_time.second_part = 0; +void normalizeStringToString(const Row& in, Row* out, uint32_t i) +{ + out->setStringField(in.getStringField(i), i); +} - dataconvert::TimeStamp timeStamp; - bool isValid = true; - int64_t seconds = dataconvert::mySQLTimeToGmtSec(m_time, fTimeZone, isValid); +void normalizeDateToDate(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getIntField(i), i); +} - if (!isValid) - { - timeStamp.reset(); - } - else - { - timeStamp.second = seconds; - timeStamp.msecond = m_time.second_part; - } +void normalizeDateToDatetime(const Row& in, Row* out, uint32_t i) +{ + uint64_t date = in.getUintField(i); + date &= ~0x3f; // zero the 'spare' field + date <<= 32; + out->setUintField(date, i); +} - uint64_t outValue = (uint64_t) * (reinterpret_cast(&timeStamp)); - out->setUintField(outValue, i); - } +void normalizeDateToTimestamp(const Row& in, Row* out, uint32_t i, long fTimeZone) +{ + dataconvert::Date date(in.getUintField(i)); + dataconvert::MySQLTime m_time; + m_time.year = date.year; + m_time.month = date.month; + m_time.day = date.day; + m_time.hour = 0; + m_time.minute = 0; + m_time.second = 0; + m_time.second_part = 0; + + dataconvert::TimeStamp timeStamp; + bool isValid = true; + int64_t seconds = dataconvert::mySQLTimeToGmtSec(m_time, fTimeZone, isValid); - void normalizeDateToString(const Row& in, Row* out, uint32_t i) + if (!isValid) { - string d = DataConvert::dateToString(in.getUintField(i)); - utils::NullString ns(d); - out->setStringField(ns, i); + timeStamp.reset(); } - - void normalizeDatetimeToDatetime(const Row& in, Row* out, uint32_t i) + else { - out->setIntField(in.getIntField(i), i); + timeStamp.second = seconds; + timeStamp.msecond = m_time.second_part; } - void normalizeDatetimeToDate(const Row& in, Row* out, uint32_t i) - { - uint64_t val = in.getUintField(i); - val >>= 32; - out->setUintField(val, i); - } + uint64_t outValue = (uint64_t)*(reinterpret_cast(&timeStamp)); + out->setUintField(outValue, i); +} - void normalizeDatetimeToTimestamp(const Row& in, Row* out, uint32_t i, long fTimeZone) - { - uint64_t val = in.getUintField(i); - dataconvert::DateTime dtime(val); - dataconvert::MySQLTime m_time; - dataconvert::TimeStamp timeStamp; +void normalizeDateToString(const Row& in, Row* out, uint32_t i) +{ + string d = DataConvert::dateToString(in.getUintField(i)); + utils::NullString ns(d); + out->setStringField(ns, i); +} - m_time.year = dtime.year; - m_time.month = dtime.month; - m_time.day = dtime.day; - m_time.hour = dtime.hour; - m_time.minute = dtime.minute; - m_time.second = dtime.second; - m_time.second_part = dtime.msecond; +void normalizeDatetimeToDatetime(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getIntField(i), i); +} - bool isValid = true; - int64_t seconds = mySQLTimeToGmtSec(m_time, fTimeZone, isValid); +void normalizeDatetimeToDate(const Row& in, Row* out, uint32_t i) +{ + uint64_t val = in.getUintField(i); + val >>= 32; + out->setUintField(val, i); +} - if (!isValid) - { - timeStamp.reset(); - } - else - { - timeStamp.second = seconds; - timeStamp.msecond = m_time.second_part; - } +void normalizeDatetimeToTimestamp(const Row& in, Row* out, uint32_t i, long fTimeZone) +{ + uint64_t val = in.getUintField(i); + dataconvert::DateTime dtime(val); + dataconvert::MySQLTime m_time; + dataconvert::TimeStamp timeStamp; + + m_time.year = dtime.year; + m_time.month = dtime.month; + m_time.day = dtime.day; + m_time.hour = dtime.hour; + m_time.minute = dtime.minute; + m_time.second = dtime.second; + m_time.second_part = dtime.msecond; - uint64_t outValue = (uint64_t) * (reinterpret_cast(&timeStamp)); - out->setUintField(outValue, i); - } + bool isValid = true; + int64_t seconds = mySQLTimeToGmtSec(m_time, fTimeZone, isValid); - void normalizeDatetimeToString(const Row& in, Row* out, uint32_t i) + if (!isValid) { - string d = DataConvert::datetimeToString(in.getUintField(i)); - utils::NullString ns(d); - out->setStringField(ns, i); + timeStamp.reset(); } - - void normalizeTimestampToTimestamp(const Row& in, Row* out, uint32_t i) + else { - out->setIntField(in.getIntField(i), i); + timeStamp.second = seconds; + timeStamp.msecond = m_time.second_part; } - void normalizeTimestampToDate(const Row& in, Row* out, uint32_t i, long fTimeZone) - { - uint64_t val = in.getUintField(i); - dataconvert::TimeStamp timestamp(val); - int64_t seconds = timestamp.second; - uint64_t outValue; + uint64_t outValue = (uint64_t)*(reinterpret_cast(&timeStamp)); + out->setUintField(outValue, i); +} - dataconvert::MySQLTime time; - dataconvert::gmtSecToMySQLTime(seconds, time, fTimeZone); +void normalizeDatetimeToString(const Row& in, Row* out, uint32_t i) +{ + string d = DataConvert::datetimeToString(in.getUintField(i)); + utils::NullString ns(d); + out->setStringField(ns, i); +} - dataconvert::Date date; - date.year = time.year; - date.month = time.month; - date.day = time.day; - date.spare = 0; - outValue = (uint32_t) * (reinterpret_cast(&date)); +void normalizeTimestampToTimestamp(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getIntField(i), i); +} - out->setUintField(outValue, i); - } +void normalizeTimestampToDate(const Row& in, Row* out, uint32_t i, long fTimeZone) +{ + uint64_t val = in.getUintField(i); + dataconvert::TimeStamp timestamp(val); + int64_t seconds = timestamp.second; + uint64_t outValue; + + dataconvert::MySQLTime time; + dataconvert::gmtSecToMySQLTime(seconds, time, fTimeZone); + + dataconvert::Date date; + date.year = time.year; + date.month = time.month; + date.day = time.day; + date.spare = 0; + outValue = (uint32_t)*(reinterpret_cast(&date)); - void normalizeTimestampToDatetime(const Row& in, Row* out, uint32_t i, long fTimeZone) - { - uint64_t val = in.getUintField(i); - dataconvert::TimeStamp timestamp(val); - int64_t seconds = timestamp.second; - uint64_t outValue; + out->setUintField(outValue, i); +} - dataconvert::MySQLTime time; - dataconvert::gmtSecToMySQLTime(seconds, time, fTimeZone); +void normalizeTimestampToDatetime(const Row& in, Row* out, uint32_t i, long fTimeZone) +{ + uint64_t val = in.getUintField(i); + dataconvert::TimeStamp timestamp(val); + int64_t seconds = timestamp.second; + uint64_t outValue; + + dataconvert::MySQLTime time; + dataconvert::gmtSecToMySQLTime(seconds, time, fTimeZone); + + dataconvert::DateTime datetime; + datetime.year = time.year; + datetime.month = time.month; + datetime.day = time.day; + datetime.hour = time.hour; + datetime.minute = time.minute; + datetime.second = time.second; + datetime.msecond = timestamp.msecond; + outValue = (uint64_t)*(reinterpret_cast(&datetime)); - dataconvert::DateTime datetime; - datetime.year = time.year; - datetime.month = time.month; - datetime.day = time.day; - datetime.hour = time.hour; - datetime.minute = time.minute; - datetime.second = time.second; - datetime.msecond = timestamp.msecond; - outValue = (uint64_t) * (reinterpret_cast(&datetime)); + out->setUintField(outValue, i); +} - out->setUintField(outValue, i); - } +void normalizeTimestampToString(const Row& in, Row* out, uint32_t i, long fTimeZone) +{ + string d = DataConvert::timestampToString(in.getUintField(i), fTimeZone); + utils::NullString ns(d); + out->setStringField(ns, i); +} - void normalizeTimestampToString(const Row& in, Row* out, uint32_t i, long fTimeZone) - { - string d = DataConvert::timestampToString(in.getUintField(i), fTimeZone); - utils::NullString ns(d); - out->setStringField(ns, i); - } +void normalizeTimeToTime(const Row& in, Row* out, uint32_t i) +{ + out->setIntField(in.getIntField(i), i); +} - void normalizeTimeToTime(const Row& in, Row* out, uint32_t i) - { - out->setIntField(in.getIntField(i), i); - } +void normalizeTimeToString(const Row& in, Row* out, uint32_t i) +{ + string d = DataConvert::timeToString(in.getIntField(i)); + utils::NullString ns(d); + out->setStringField(ns, i); +} - void normalizeTimeToString(const Row& in, Row* out, uint32_t i) - { - string d = DataConvert::timeToString(in.getIntField(i)); - utils::NullString ns(d); - out->setStringField(ns, i); - } +void normalizeXFloatToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setInt128Field(pickScaleForDouble(out, i, val), i); +} - void normalizeXFloatToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setInt128Field(pickScaleForDouble(out, i, val), i); - } +void normalizeXDoubleToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setInt128Field(pickScaleForDouble(out, i, val), i); +} - void normalizeXDoubleToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setInt128Field(pickScaleForDouble(out, i, val), i); - } +void normalizeXFloatToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setIntField(pickScaleForDouble(out, i, val), i); +} - void normalizeXFloatToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setIntField(pickScaleForDouble(out, i, val), i); - } +void normalizeXDoubleToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setIntField(pickScaleForDouble(out, i, val), i); +} - void normalizeXDoubleToIntWithScaleInt64(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setIntField(pickScaleForDouble(out, i, val), i); - } +void normalizeXFloatToIntNoScale(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setIntField((int64_t)val, i); +} - void normalizeXFloatToIntNoScale(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setIntField((int64_t)val, i); - } +void normalizeXDoubleToIntNoScale(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setIntField((int64_t)val, i); +} - void normalizeXDoubleToIntNoScale(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setIntField((int64_t)val, i); - } +void normalizeXFloatToUint(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setUintField((uint64_t)val, i); +} - void normalizeXFloatToUint(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setUintField((uint64_t)val, i); - } +void normalizeXDoubleToUint(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setUintField((uint64_t)val, i); +} - void normalizeXDoubleToUint(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setUintField((uint64_t)val, i); - } +void normalizeXFloatToXFloat(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setFloatField(val, i); +} - void normalizeXFloatToXFloat(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setFloatField(val, i); - } +void normalizeXDoubleToXFloat(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setFloatField(val, i); +} - void normalizeXDoubleToXFloat(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setFloatField(val, i); - } +void normalizeXFloatToXDouble(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setDoubleField(val, i); +} - void normalizeXFloatToXDouble(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setDoubleField(val, i); - } +void normalizeXDoubleToXDouble(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setDoubleField(val, i); +} - void normalizeXDoubleToXDouble(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setDoubleField(val, i); - } +void normalizeXFloatToLongDouble(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setLongDoubleField(val, i); +} - void normalizeXFloatToLongDouble(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setLongDoubleField(val, i); - } +void normalizeXDoubleToLongDouble(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setLongDoubleField(val, i); +} - void normalizeXDoubleToLongDouble(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setLongDoubleField(val, i); - } +void normalizeXFloatToString(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setStringField(formatDouble(val), i); +} - void normalizeXFloatToString(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setStringField(formatDouble(val), i); - } +void normalizeXDoubleToString(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setStringField(formatDouble(val), i); +} - void normalizeXDoubleToString(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setStringField(formatDouble(val), i); - } +void normalizeXFloatToWideXDecimal(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setInt128Field(pickScaleForDouble(out, i, val), i); +} - void normalizeXFloatToWideXDecimal(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setInt128Field(pickScaleForDouble(out, i, val), i); - } +void normalizeXDoubleToWideXDecimal(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setInt128Field(pickScaleForDouble(out, i, val), i); +} - void normalizeXDoubleToWideXDecimal(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setInt128Field(pickScaleForDouble(out, i, val), i); - } +void normalizeXFloatToXDecimal(const Row& in, Row* out, uint32_t i) +{ + double val = in.getFloatField(i); + out->setIntField(pickScaleForDouble(out, i, val), i); +} - void normalizeXFloatToXDecimal(const Row& in, Row* out, uint32_t i) - { - double val = in.getFloatField(i); - out->setIntField(pickScaleForDouble(out, i, val), i); - } +void normalizeXDoubleToXDecimal(const Row& in, Row* out, uint32_t i) +{ + double val = in.getDoubleField(i); + out->setIntField(pickScaleForDouble(out, i, val), i); +} - void normalizeXDoubleToXDecimal(const Row& in, Row* out, uint32_t i) - { - double val = in.getDoubleField(i); - out->setIntField(pickScaleForDouble(out, i, val), i); - } +void normalizeLongDoubleToIntNoScale(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setIntField((int64_t)val, i); +} - void normalizeLongDoubleToIntNoScale(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setIntField((int64_t)val, i); - } +void normalizeLongDoubleToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setInt128Field(pickScaleForLongDouble(out, i, val), i); +} - void normalizeLongDoubleToIntWithScaleInt128(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setInt128Field(pickScaleForLongDouble(out, i, val), i); - } +void normalizeLongDoubleToIntWithScaleInt(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setIntField(pickScaleForLongDouble(out, i, val), i); +} - void normalizeLongDoubleToIntWithScaleInt(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setIntField(pickScaleForLongDouble(out, i, val), i); - } +void normalizeLongDoubleToUint(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setUintField((uint64_t)val, i); +} - void normalizeLongDoubleToUint(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setUintField((uint64_t)val, i); - } +void normalizeLongDoubleToXFloat(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setFloatField(val, i); +} - void normalizeLongDoubleToXFloat(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setFloatField(val, i); - } +void normalizeLongDoubleToXDouble(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setDoubleField(val, i); +} - void normalizeLongDoubleToXDouble(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setDoubleField(val, i); - } +void normalizeLongDoubleToLongDouble(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setLongDoubleField(val, i); +} - void normalizeLongDoubleToLongDouble(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setLongDoubleField(val, i); - } +void normalizeLongDoubleToString(const Row& in, Row* out, uint32_t i) +{ + // FIXME: ostream output looks like '1.234e+56' while MDB output is '1.234e56' + long double val = in.getLongDoubleField(i); + ostringstream os; + os.precision(15); // to match mysql's output + os << val; + utils::NullString ns(os.str()); + out->setStringField(ns, i); +} - void normalizeLongDoubleToString(const Row& in, Row* out, uint32_t i) - { - // FIXME: ostream output looks like '1.234e+56' while MDB output is '1.234e56' - long double val = in.getLongDoubleField(i); - ostringstream os; - os.precision(15); // to match mysql's output - os << val; - utils::NullString ns(os.str()); - out->setStringField(ns, i); - } +void normalizeLongDoubleToXDecimalInt128(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setInt128Field(pickScaleForLongDouble(out, i, val), i); +} - void normalizeLongDoubleToXDecimalInt128(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setInt128Field(pickScaleForLongDouble(out, i, val), i); - } +void normalizeLongDoubleToXDecimalInt(const Row& in, Row* out, uint32_t i) +{ + long double val = in.getLongDoubleField(i); + out->setIntField(pickScaleForLongDouble(out, i, val), i); +} - void normalizeLongDoubleToXDecimalInt(const Row& in, Row* out, uint32_t i) - { - long double val = in.getLongDoubleField(i); - out->setIntField(pickScaleForLongDouble(out, i, val), i); - } +void normalizeWideXDecimalToWideXDecimalNoScale(const Row& in, Row* out, uint32_t i) +{ + int128_t val128 = 0; + in.getInt128Field(i, val128); + out->setInt128Field(val128, i); +} - void normalizeWideXDecimalToWideXDecimalNoScale(const Row& in, Row* out, uint32_t i) - { - int128_t val128 = 0; - in.getInt128Field(i, val128); - out->setInt128Field(val128, i); - } +void normalizeXDecimalToWideXDecimalNoScale(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + out->setInt128Field(val, i); +} - void normalizeXDecimalToWideXDecimalNoScale(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - out->setInt128Field(val, i); - } +void normalizeWideXDecimalToWideXDecimalWithScale(const Row& in, Row* out, uint32_t i) +{ + int128_t val128 = 0; + in.getInt128Field(i, val128); + int128_t temp = datatypes::applySignedScale(val128, out->getScale(i) - in.getScale(i)); + out->setInt128Field(temp, i); +} - void normalizeWideXDecimalToWideXDecimalWithScale(const Row& in, Row* out, uint32_t i) - { - int128_t val128 = 0; - in.getInt128Field(i, val128); - int128_t temp = datatypes::applySignedScale(val128, out->getScale(i) - in.getScale(i)); - out->setInt128Field(temp, i); - } +void normalizeXDecimalToWideXDecimalWithScale(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + int128_t temp = datatypes::applySignedScale(val, out->getScale(i) - in.getScale(i)); + out->setInt128Field(temp, i); +} - void normalizeXDecimalToWideXDecimalWithScale(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - int128_t temp = datatypes::applySignedScale(val, out->getScale(i) - in.getScale(i)); - out->setInt128Field(temp, i); - } +void normalizeXDecimalToOtherNoScale(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + out->setIntField(val, i); +} - void normalizeXDecimalToOtherNoScale(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - out->setIntField(val, i); - } +void normalizeXDecimalToOtherWithScale(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + int64_t temp = datatypes::applySignedScale(val, out->getScale(i) - in.getScale(i)); + out->setIntField(temp, i); +} - void normalizeXDecimalToOtherWithScale(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - int64_t temp = datatypes::applySignedScale(val, out->getScale(i) - in.getScale(i)); - out->setIntField(temp, i); - } +void normalizeXDecimalToXFloat(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + float fval = ((float)val) / IDB_pow[in.getScale(i)]; + out->setFloatField(fval, i); +} - void normalizeXDecimalToXFloat(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - float fval = ((float)val) / IDB_pow[in.getScale(i)]; - out->setFloatField(fval, i); - } +void normalizeXDecimalToXDouble(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + double dval = ((double)val) / IDB_pow[in.getScale(i)]; + out->setDoubleField(dval, i); +} - void normalizeXDecimalToXDouble(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - double dval = ((double)val) / IDB_pow[in.getScale(i)]; - out->setDoubleField(dval, i); - } +void normalizeXDecimalToLongDouble(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + long double dval = ((long double)val) / IDB_pow[in.getScale(i)]; + out->setLongDoubleField(dval, i); +} - void normalizeXDecimalToLongDouble(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - long double dval = ((long double)val) / IDB_pow[in.getScale(i)]; - out->setLongDoubleField(dval, i); - } +void normalizeWideXDecimalToString(const Row& in, Row* out, uint32_t i) +{ + int128_t val128 = 0; + in.getInt128Field(i, val128); + datatypes::Decimal dec(0, in.getScale(i), in.getPrecision(i), val128); + out->setStringField(dec.toNullString(), i); +} - void normalizeWideXDecimalToString(const Row& in, Row* out, uint32_t i) - { - int128_t val128 = 0; - in.getInt128Field(i, val128); - datatypes::Decimal dec(0, in.getScale(i), in.getPrecision(i), val128); - out->setStringField(dec.toNullString(), i); - } +void normalizeXDecimalToString(const Row& in, Row* out, uint32_t i) +{ + int64_t val = in.getIntField(i); + datatypes::Decimal dec(val, in.getScale(i), in.getPrecision(i)); + out->setStringField(dec.toNullString(), i); +} - void normalizeXDecimalToString(const Row& in, Row* out, uint32_t i) - { - int64_t val = in.getIntField(i); - datatypes::Decimal dec(val, in.getScale(i), in.getPrecision(i)); - out->setStringField(dec.toNullString(), i); - } +void normalizeBlobVarbinary(const Row& in, Row* out, uint32_t i) +{ + // out->setVarBinaryField(in.getVarBinaryStringField(i), i); // not efficient + out->setVarBinaryField(in.getVarBinaryField(i), in.getVarBinaryLength(i), i); +} - void normalizeBlobVarbinary(const Row& in, Row* out, uint32_t i) - { - // out->setVarBinaryField(in.getVarBinaryStringField(i), i); // not efficient - out->setVarBinaryField(in.getVarBinaryField(i), in.getVarBinaryLength(i), i); - } +joblist::normalizeFunctionsT inferNormalizeFunctions(const Row& in, Row* out, long fTimeZone) +{ + uint32_t i; + joblist::normalizeFunctionsT result; - joblist::normalizeFunctionsT inferNormalizeFunctions(const Row& in, Row* out, long fTimeZone) + for (i = 0; i < out->getColumnCount(); i++) { - uint32_t i; - joblist::normalizeFunctionsT result; - - for (i = 0; i < out->getColumnCount(); i++) + switch (in.getColTypes()[i]) { - switch (in.getColTypes()[i]) - { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: - switch (out->getColTypes()[i]) - { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: + { + if (out->getScale(i) || in.getScale(i)) { - if (out->getScale(i) || in.getScale(i)) - { - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeIntToIntWithScaleInt128); - else - result.emplace_back(normalizeIntToIntWithScaleInt64); - } + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeIntToIntWithScaleInt128); else - result.emplace_back(normalizeIntToIntNoScale); - break; + result.emplace_back(normalizeIntToIntWithScaleInt64); } + else + result.emplace_back(normalizeIntToIntNoScale); + break; + } - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: + { + if (in.getScale(i)) { - if (in.getScale(i)) - { - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeIntToUintWithScaleInt128); - else - result.emplace_back(normalizeIntToUintWithScaleInt64); - } + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeIntToUintWithScaleInt128); else - result.emplace_back(normalizeIntToUintNoScale); - break; + result.emplace_back(normalizeIntToUintWithScaleInt64); } + else + result.emplace_back(normalizeIntToUintNoScale); + break; + } - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: - { - if (in.getScale(i)) - result.emplace_back(normalizeIntToStringWithScale); - else - result.emplace_back(normalizeIntToStringNoScale); - break; - } + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + { + if (in.getScale(i)) + result.emplace_back(normalizeIntToStringWithScale); + else + result.emplace_back(normalizeIntToStringNoScale); + break; + } - case CalpontSystemCatalog::DATE: - case CalpontSystemCatalog::DATETIME: - case CalpontSystemCatalog::TIME: - case CalpontSystemCatalog::TIMESTAMP: - throw logic_error( - "TupleUnion::normalize(): tried to normalize an int to a timestamp, time, date or datetime"); - - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeIntToXFloat); break; + case CalpontSystemCatalog::DATE: + case CalpontSystemCatalog::DATETIME: + case CalpontSystemCatalog::TIME: + case CalpontSystemCatalog::TIMESTAMP: + throw logic_error( + "TupleUnion::normalize(): tried to normalize an int to a timestamp, time, date or datetime"); - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeIntToXDouble); break; + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeIntToXFloat); break; - case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeIntToLongDouble); break; + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeIntToXDouble); break; - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: - { - /* - Signed INT to XDecimal - TODO: - - This code does not handle overflow that may happen on - scale multiplication. Instead of returning a garbage value - we should probably apply saturation here. In long terms we - should implement DECIMAL(65,x) to avoid overflow completely - (so the UNION between DECIMAL and integer can choose a proper - DECIMAL(M,N) result data type to guarantee that any incoming - integer value can fit into it). - */ - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeIntToXDecimalInt128); - else - result.emplace_back(normalizeIntToXDecimalInt64); - break; - } + case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeIntToLongDouble); break; - default: - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: integer to " - << out->getColTypes()[i]; - throw logic_error(os.str()); - } - - break; - - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: - switch (out->getColTypes()[i]) - { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: - { - if (out->getScale(i)) - { - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeUintToIntWithScaleInt128); - else - result.emplace_back(normalizeUntToIntWithScaleInt64); - } - else - result.emplace_back(normalizeUintToIntNoScale); - break; - } - - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: result.emplace_back(normalizeUintToUint); break; - - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: - { - if (in.getScale(i)) - result.emplace_back(normalizeUintToStringWithScale); - else - result.emplace_back(normalizeUintToStringNoScale); - break; - } - - case CalpontSystemCatalog::DATE: - case CalpontSystemCatalog::DATETIME: - case CalpontSystemCatalog::TIME: - case CalpontSystemCatalog::TIMESTAMP: - throw logic_error( - "TupleUnion::normalize(): tried to normalize an int to a timestamp, time, date or datetime"); - - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizUintToXFloat); break; + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: + { + /* + Signed INT to XDecimal + TODO: + - This code does not handle overflow that may happen on + scale multiplication. Instead of returning a garbage value + we should probably apply saturation here. In long terms we + should implement DECIMAL(65,x) to avoid overflow completely + (so the UNION between DECIMAL and integer can choose a proper + DECIMAL(M,N) result data type to guarantee that any incoming + integer value can fit into it). + */ + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeIntToXDecimalInt128); + else + result.emplace_back(normalizeIntToXDecimalInt64); + break; + } - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeUintToXDouble); break; + default: + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: integer to " + << out->getColTypes()[i]; + throw logic_error(os.str()); + } - case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeUintToLongDouble); break; + break; - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: + { + if (out->getScale(i)) { - /* - Unsigned INT to XDecimal - TODO: - - The overflow problem mentioned in the code under case "Signed INT to XDecimal:" is - also applicable here. - */ - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeUintToXDecimalInt128); + result.emplace_back(normalizeUintToIntWithScaleInt128); else - result.emplace_back(normalizeUintToXDecimalInt64); - break; + result.emplace_back(normalizeUntToIntWithScaleInt64); } + else + result.emplace_back(normalizeUintToIntNoScale); + break; + } - default: - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: integer to " - << out->getColTypes()[i]; - throw logic_error(os.str()); + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: result.emplace_back(normalizeUintToUint); break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + { + if (in.getScale(i)) + result.emplace_back(normalizeUintToStringWithScale); + else + result.emplace_back(normalizeUintToStringNoScale); + break; } - break; + case CalpontSystemCatalog::DATE: + case CalpontSystemCatalog::DATETIME: + case CalpontSystemCatalog::TIME: + case CalpontSystemCatalog::TIMESTAMP: + throw logic_error( + "TupleUnion::normalize(): tried to normalize an int to a timestamp, time, date or datetime"); - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: - switch (out->getColTypes()[i]) + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizUintToXFloat); break; + + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeUintToXDouble); break; + + case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeUintToLongDouble); break; + + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: { - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeStringToString); break; + /* + Unsigned INT to XDecimal + TODO: + - The overflow problem mentioned in the code under case "Signed INT to XDecimal:" is + also applicable here. + */ - default: - { - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: string to " << out->getColTypes()[i]; - throw logic_error(os.str()); - } + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeUintToXDecimalInt128); + else + result.emplace_back(normalizeUintToXDecimalInt64); + break; } - break; + default: + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: integer to " + << out->getColTypes()[i]; + throw logic_error(os.str()); + } + + break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeStringToString); break; - case CalpontSystemCatalog::DATE: - switch (out->getColTypes()[i]) + default: { - case CalpontSystemCatalog::DATE: result.emplace_back(normalizeDateToDate); break; + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: string to " << out->getColTypes()[i]; + throw logic_error(os.str()); + } + } - case CalpontSystemCatalog::DATETIME: result.emplace_back(normalizeDateToDatetime); break; + break; - case CalpontSystemCatalog::TIMESTAMP: result.emplace_back(std::bind(normalizeDateToTimestamp, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, fTimeZone)); break; - - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeDateToString); break; + case CalpontSystemCatalog::DATE: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::DATE: result.emplace_back(normalizeDateToDate); break; - default: - { - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: date to " << out->getColTypes()[i]; - throw logic_error(os.str()); - } - } + case CalpontSystemCatalog::DATETIME: result.emplace_back(normalizeDateToDatetime); break; - break; + case CalpontSystemCatalog::TIMESTAMP: + result.emplace_back(std::bind(normalizeDateToTimestamp, std::placeholders::_1, + std::placeholders::_2, std::placeholders::_3, fTimeZone)); + break; - case CalpontSystemCatalog::DATETIME: - switch (out->getColTypes()[i]) + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeDateToString); break; + + default: { - case CalpontSystemCatalog::DATETIME: result.emplace_back(normalizeDatetimeToDatetime); break; + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: date to " << out->getColTypes()[i]; + throw logic_error(os.str()); + } + } - case CalpontSystemCatalog::DATE: result.emplace_back(normalizeDatetimeToDate); break; + break; - case CalpontSystemCatalog::TIMESTAMP: result.emplace_back(std::bind(normalizeDatetimeToTimestamp, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, fTimeZone)); break; + case CalpontSystemCatalog::DATETIME: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::DATETIME: result.emplace_back(normalizeDatetimeToDatetime); break; - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeDatetimeToString); break; + case CalpontSystemCatalog::DATE: result.emplace_back(normalizeDatetimeToDate); break; - default: - { - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: datetime to " - << out->getColTypes()[i]; - throw logic_error(os.str()); - } - } + case CalpontSystemCatalog::TIMESTAMP: + result.emplace_back(std::bind(normalizeDatetimeToTimestamp, std::placeholders::_1, + std::placeholders::_2, std::placeholders::_3, fTimeZone)); + break; - break; + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeDatetimeToString); break; - case CalpontSystemCatalog::TIMESTAMP: - switch (out->getColTypes()[i]) + default: { - case CalpontSystemCatalog::TIMESTAMP: result.emplace_back(normalizeTimestampToTimestamp); break; + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: datetime to " + << out->getColTypes()[i]; + throw logic_error(os.str()); + } + } - case CalpontSystemCatalog::DATE: result.emplace_back(std::bind(normalizeTimestampToDate, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, fTimeZone)); break; - - case CalpontSystemCatalog::DATETIME: result.emplace_back(std::bind(normalizeTimestampToDatetime, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, fTimeZone)); break; - - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(std::bind(normalizeTimestampToString, std::placeholders::_1, std::placeholders::_2, std::placeholders::_3, fTimeZone)); break; + break; - default: - { - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: timestamp to " - << out->getColTypes()[i]; - throw logic_error(os.str()); - } - } + case CalpontSystemCatalog::TIMESTAMP: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::TIMESTAMP: result.emplace_back(normalizeTimestampToTimestamp); break; - break; + case CalpontSystemCatalog::DATE: + result.emplace_back(std::bind(normalizeTimestampToDate, std::placeholders::_1, + std::placeholders::_2, std::placeholders::_3, fTimeZone)); + break; + + case CalpontSystemCatalog::DATETIME: + result.emplace_back(std::bind(normalizeTimestampToDatetime, std::placeholders::_1, + std::placeholders::_2, std::placeholders::_3, fTimeZone)); + break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + result.emplace_back(std::bind(normalizeTimestampToString, std::placeholders::_1, + std::placeholders::_2, std::placeholders::_3, fTimeZone)); + break; - case CalpontSystemCatalog::TIME: - switch (out->getColTypes()[i]) + default: { - case CalpontSystemCatalog::TIME: result.emplace_back(normalizeTimeToTime); break; + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: timestamp to " + << out->getColTypes()[i]; + throw logic_error(os.str()); + } + } - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeTimeToString); break; + break; - default: - { - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: time to " << out->getColTypes()[i]; - throw logic_error(os.str()); - } + case CalpontSystemCatalog::TIME: + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::TIME: result.emplace_back(normalizeTimeToTime); break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeTimeToString); break; + + default: + { + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: time to " << out->getColTypes()[i]; + throw logic_error(os.str()); } + } - break; + break; - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: + { + switch (out->getColTypes()[i]) + { + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: { - switch (out->getColTypes()[i]) + if (out->getScale(i)) { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) { - if (out->getScale(i)) - { - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToIntWithScaleInt128); - else - result.emplace_back(normalizeXDoubleToIntWithScaleInt128); - } - else - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToIntWithScaleInt64); - else - result.emplace_back(normalizeXDoubleToIntWithScaleInt64); - } - } + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToIntWithScaleInt128); else - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToIntNoScale); - else - result.emplace_back(normalizeXDoubleToIntNoScale); - } - break; + result.emplace_back(normalizeXDoubleToIntWithScaleInt128); } - - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToUint); else - result.emplace_back(normalizeXDoubleToUint); - break; + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToIntWithScaleInt64); + else + result.emplace_back(normalizeXDoubleToIntWithScaleInt64); + } } - - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: + else { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToXFloat); + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToIntNoScale); else - result.emplace_back(normalizeXDoubleToXFloat); - break; + result.emplace_back(normalizeXDoubleToIntNoScale); } - - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToXDouble); - else - result.emplace_back(normalizeXDoubleToXDouble); - break; - } - - case CalpontSystemCatalog::LONGDOUBLE: - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToLongDouble); + break; + } + + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToUint); + else + result.emplace_back(normalizeXDoubleToUint); + break; + } + + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToXFloat); + else + result.emplace_back(normalizeXDoubleToXFloat); + break; + } + + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToXDouble); + else + result.emplace_back(normalizeXDoubleToXDouble); + break; + } + + case CalpontSystemCatalog::LONGDOUBLE: + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToLongDouble); + else + result.emplace_back(normalizeXDoubleToLongDouble); + break; + } + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToString); + else + result.emplace_back(normalizeXDoubleToString); + break; + } + + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: + { + // xFLOAT or xDOUBLE to xDECIMAL conversion. Is it really possible? + // TODO: + // Perhaps we should add an assert here that this combination is not possible + // In the current reduction all problems mentioned in the code under + // case "Signed INT to XDecimal" are also applicable here. + // TODO: isn't overflow possible below? + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + { + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToWideXDecimal); else - result.emplace_back(normalizeXDoubleToLongDouble); + result.emplace_back(normalizeXDoubleToWideXDecimal); break; } - - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: + else { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToString); + if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || + in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) + result.emplace_back(normalizeXFloatToXDecimal); else - result.emplace_back(normalizeXDoubleToString); - break; - } - - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: - { - // xFLOAT or xDOUBLE to xDECIMAL conversion. Is it really possible? - // TODO: - // Perhaps we should add an assert here that this combination is not possible - // In the current reduction all problems mentioned in the code under - // case "Signed INT to XDecimal" are also applicable here. - // TODO: isn't overflow possible below? - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToWideXDecimal); - else - result.emplace_back(normalizeXDoubleToWideXDecimal); - break; - } - else - { - if (in.getColTypes()[i] == CalpontSystemCatalog::FLOAT || in.getColTypes()[i] == CalpontSystemCatalog::UFLOAT) - result.emplace_back(normalizeXFloatToXDecimal); - else - result.emplace_back(normalizeXDoubleToXDecimal); - break; - } + result.emplace_back(normalizeXDoubleToXDecimal); break; } - - default: - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: floating point to " - << out->getColTypes()[i]; - throw logic_error(os.str()); + break; } - break; + default: + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: floating point to " + << out->getColTypes()[i]; + throw logic_error(os.str()); } - case CalpontSystemCatalog::LONGDOUBLE: + break; + } + + case CalpontSystemCatalog::LONGDOUBLE: + { + switch (out->getColTypes()[i]) { - switch (out->getColTypes()[i]) + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: + if (out->getScale(i)) { - if (out->getScale(i)) - { - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeLongDoubleToIntWithScaleInt128); - else - result.emplace_back(normalizeLongDoubleToIntWithScaleInt); - } + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeLongDoubleToIntWithScaleInt128); else - result.emplace_back(normalizeLongDoubleToIntNoScale); - break; + result.emplace_back(normalizeLongDoubleToIntWithScaleInt); } + else + result.emplace_back(normalizeLongDoubleToIntNoScale); + break; + } - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: result.emplace_back(normalizeLongDoubleToUint); break; - - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeLongDoubleToXFloat); break; - - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeLongDoubleToXDouble); break; - - case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeLongDoubleToLongDouble); break; - - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeLongDoubleToString); break; + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: result.emplace_back(normalizeLongDoubleToUint); break; - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: - { - // LONGDOUBLE to xDECIMAL conversions: is it really possible? - // TODO: - // Perhaps we should add an assert here that this combination is not possible - // In the current reduction all problems mentioned in the code under - // case "Signed INT to XDecimal" are also applicable here. - if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeLongDoubleToXDecimalInt128); - else - result.emplace_back(normalizeLongDoubleToXDecimalInt); - - break; - } + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeLongDoubleToXFloat); break; + + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeLongDoubleToXDouble); break; + + case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeLongDoubleToLongDouble); break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: result.emplace_back(normalizeLongDoubleToString); break; + + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: + { + // LONGDOUBLE to xDECIMAL conversions: is it really possible? + // TODO: + // Perhaps we should add an assert here that this combination is not possible + // In the current reduction all problems mentioned in the code under + // case "Signed INT to XDecimal" are also applicable here. + if (out->getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeLongDoubleToXDecimalInt128); + else + result.emplace_back(normalizeLongDoubleToXDecimalInt); - default: - ostringstream os; - os << "TupleUnion::normalize(): tried an illegal conversion: floating point to " - << out->getColTypes()[i]; - throw logic_error(os.str()); + break; } - break; + default: + ostringstream os; + os << "TupleUnion::normalize(): tried an illegal conversion: floating point to " + << out->getColTypes()[i]; + throw logic_error(os.str()); } - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: + break; + } + + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: + { + switch (out->getColTypes()[i]) { - switch (out->getColTypes()[i]) + case CalpontSystemCatalog::TINYINT: + case CalpontSystemCatalog::SMALLINT: + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: + case CalpontSystemCatalog::BIGINT: + case CalpontSystemCatalog::UTINYINT: + case CalpontSystemCatalog::USMALLINT: + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: + case CalpontSystemCatalog::UBIGINT: + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: { - case CalpontSystemCatalog::TINYINT: - case CalpontSystemCatalog::SMALLINT: - case CalpontSystemCatalog::MEDINT: - case CalpontSystemCatalog::INT: - case CalpontSystemCatalog::BIGINT: - case CalpontSystemCatalog::UTINYINT: - case CalpontSystemCatalog::USMALLINT: - case CalpontSystemCatalog::UMEDINT: - case CalpontSystemCatalog::UINT: - case CalpontSystemCatalog::UBIGINT: - case CalpontSystemCatalog::DECIMAL: - case CalpontSystemCatalog::UDECIMAL: + if (datatypes::isWideDecimalType(out->getColTypes()[i], out->getColumnWidth(i))) { - if (datatypes::isWideDecimalType(out->getColTypes()[i], out->getColumnWidth(i))) + if (out->getScale(i) == in.getScale(i)) { - if (out->getScale(i) == in.getScale(i)) - { - if (in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeWideXDecimalToWideXDecimalNoScale); - else - result.emplace_back(normalizeXDecimalToWideXDecimalNoScale); - } - else if (out->getScale(i) > in.getScale(i)) - { - if (in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) - result.emplace_back(normalizeWideXDecimalToWideXDecimalWithScale); - else - result.emplace_back(normalizeXDecimalToWideXDecimalWithScale); - } - else // should not happen, the output's scale is the largest - throw logic_error("TupleUnion::normalize(): incorrect scale setting"); + if (in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeWideXDecimalToWideXDecimalNoScale); + else + result.emplace_back(normalizeXDecimalToWideXDecimalNoScale); } - // If output type is narrow decimal, input type - // has to be narrow decimal as well. - else + else if (out->getScale(i) > in.getScale(i)) { - if (out->getScale(i) == in.getScale(i)) - result.emplace_back(normalizeXDecimalToOtherNoScale); - else if (out->getScale(i) > in.getScale(i)) - result.emplace_back(normalizeXDecimalToOtherWithScale); - else // should not happen, the output's scale is the largest - throw logic_error("TupleUnion::normalize(): incorrect scale setting"); + if (in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH) + result.emplace_back(normalizeWideXDecimalToWideXDecimalWithScale); + else + result.emplace_back(normalizeXDecimalToWideXDecimalWithScale); } - - break; + else // should not happen, the output's scale is the largest + throw logic_error("TupleUnion::normalize(): incorrect scale setting"); + } + // If output type is narrow decimal, input type + // has to be narrow decimal as well. + else + { + if (out->getScale(i) == in.getScale(i)) + result.emplace_back(normalizeXDecimalToOtherNoScale); + else if (out->getScale(i) > in.getScale(i)) + result.emplace_back(normalizeXDecimalToOtherWithScale); + else // should not happen, the output's scale is the largest + throw logic_error("TupleUnion::normalize(): incorrect scale setting"); } - case CalpontSystemCatalog::FLOAT: - case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeXDecimalToXFloat); break; + break; + } - case CalpontSystemCatalog::DOUBLE: - case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeXDecimalToXDouble); break; + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: result.emplace_back(normalizeXDecimalToXFloat); break; - case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeXDecimalToLongDouble); break; + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: result.emplace_back(normalizeXDecimalToXDouble); break; - case CalpontSystemCatalog::CHAR: - case CalpontSystemCatalog::TEXT: - case CalpontSystemCatalog::VARCHAR: - default: - { - if (LIKELY(in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH)) - result.emplace_back(normalizeWideXDecimalToString); - else - result.emplace_back(normalizeXDecimalToString); - break; - } - } + case CalpontSystemCatalog::LONGDOUBLE: result.emplace_back(normalizeXDecimalToLongDouble); break; - break; + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + default: + { + if (LIKELY(in.getColumnWidth(i) == datatypes::MAXDECIMALWIDTH)) + result.emplace_back(normalizeWideXDecimalToString); + else + result.emplace_back(normalizeXDecimalToString); + break; + } } - case CalpontSystemCatalog::BLOB: - case CalpontSystemCatalog::VARBINARY: result.emplace_back(normalizeBlobVarbinary); break; + break; + } - default: - { - ostringstream os; - os << "TupleUnion::normalize(): unknown input type (" << in.getColTypes()[i] << ")"; - cout << os.str() << endl; - throw logic_error(os.str()); - } + case CalpontSystemCatalog::BLOB: + case CalpontSystemCatalog::VARBINARY: result.emplace_back(normalizeBlobVarbinary); break; + + default: + { + ostringstream os; + os << "TupleUnion::normalize(): unknown input type (" << in.getColTypes()[i] << ")"; + cout << os.str() << endl; + throw logic_error(os.str()); } } - - idbassert(out->getColumnCount() == result.size()); - return result; } + idbassert(out->getColumnCount() == result.size()); + return result; +} + } // namespace namespace joblist @@ -1857,4 +1882,579 @@ fMiniInfo += oss.str(); } +inline uint64_t TupleRecursiveUnion::Hasher::operator()(const RowPosition& p) const +{ + Row& row = ts->row; + + if (p.group & RowPosition::normalizedFlag) + ts->normalizedData[p.group & ~RowPosition::normalizedFlag].getRow(p.row, &row); + else + ts->rowMemory[p.group].getRow(p.row, &row); + + return row.hash(ts->fLastCol); +} + +inline bool TupleRecursiveUnion::Eq::operator()(const RowPosition& d1, const RowPosition& d2) const +{ + Row &r1 = ts->row, &r2 = ts->row2; + + if (d1.group & RowPosition::normalizedFlag) + ts->normalizedData[d1.group & ~RowPosition::normalizedFlag].getRow(d1.row, &r1); + else + ts->rowMemory[d1.group].getRow(d1.row, &r1); + + if (d2.group & RowPosition::normalizedFlag) + ts->normalizedData[d2.group & ~RowPosition::normalizedFlag].getRow(d2.row, &r2); + else + ts->rowMemory[d2.group].getRow(d2.row, &r2); + + return r1.equals(r2, ts->fLastCol); +} + +TupleRecursiveUnion::TupleRecursiveUnion(CalpontSystemCatalog::OID tableOID, const JobInfo& jobInfo, + uint32_t keyCount) + : JobStep(jobInfo) + , fTableOID(tableOID) + , output(NULL) + , outputIt(-1) + , memUsage(0) + , rm(jobInfo.rm) + , runnersDone(0) + , distinctCount(0) + , distinctDone(0) + , fRowsReturned(0) + , runRan(false) + , joinRan(false) + , sessionMemLimit(jobInfo.umMemLimit) + , fTimeZone(jobInfo.timeZone) + , fLastCol(keyCount - 1) +{ + uniquer.reset(new Uniquer_t(10, Hasher(this), Eq(this), allocator)); + fExtendedInfo = "TUN: "; + fQtc.stepParms().stepType = StepTeleStats::T_TUN; +} + +TupleRecursiveUnion::~TupleRecursiveUnion() +{ + rm->returnMemory(memUsage, sessionMemLimit); + + if (!runRan && output) + output->endOfInput(); +} + +CalpontSystemCatalog::OID TupleRecursiveUnion::tableOid() const +{ + return fTableOID; +} + +void TupleRecursiveUnion::setInputRowGroups(const vector& in) +{ + inputRGs = in; +} + +void TupleRecursiveUnion::setOutputRowGroup(const rowgroup::RowGroup& out) +{ + outputRG = out; + rowLength = outputRG.getRowSizeWithStrings(); +} + +void TupleRecursiveUnion::setDistinctFlags(const vector& v) +{ + distinctFlags = v; +} + +void TupleRecursiveUnion::readInput(uint32_t which) +{ + /* The handling of the output got a little kludgey with the string table enhancement. + * When there is no distinct check, the outputs are all generated independently of + * each other locally in this fcn. When there is a distinct check, threads + * share the output, which is built in the 'rowMemory' vector rather than in + * thread-local memory. Building the result in a common space allows us to + * store 8-byte offsets in rowMemory rather than 16-bytes for absolute pointers. + */ + + RowGroupDL* dl = NULL; + bool more = true; + RGData inRGData, outRGData, *tmpRGData; + uint32_t it = numeric_limits::max(); + RowGroup l_inputRG, l_outputRG, l_tmpRG; + Row inRow, outRow, tmpRow; + bool distinct; + uint64_t memUsageBefore, memUsageAfter, memDiff; + l_outputRG = outputRG; + dl = inputs[which]; + l_inputRG = inputRGs[which]; + l_inputRG.initRow(&inRow); + l_outputRG.initRow(&outRow); + distinct = distinctFlags[which]; + + if (distinct) + { + l_tmpRG = outputRG; + tmpRGData = &normalizedData[which]; + l_tmpRG.initRow(&tmpRow); + l_tmpRG.setData(tmpRGData); + l_tmpRG.resetRowGroup(0); + l_tmpRG.getRow(0, &tmpRow); + } + else + { + outRGData = RGData(l_outputRG); + l_outputRG.setData(&outRGData); + l_outputRG.resetRowGroup(0); + l_outputRG.getRow(0, &outRow); + } + + try + { + it = dl->getIterator(); + more = dl->next(it, &inRGData); + + if (dlTimes.FirstReadTime().tv_sec == 0) + dlTimes.setFirstReadTime(); + + if (fStartTime == -1) + { + StepTeleStats sts(fQueryUuid, fStepUuid, StepTeleStats::ST_START, 1); + postStepStartTele(sts); + } + + if (!more) + { + fRecursiveSteps[0]->abort(); + } + + while (more && !cancelled()) + { + /* + normalize each row + if distinct flag is set + copy the row into the output and test for uniqueness + if unique, increment the row count + else + copy the row into the output & inc row count + */ + l_inputRG.setData(&inRGData); + l_inputRG.getRow(0, &inRow); + + if (distinct) + { + memDiff = 0; + l_tmpRG.resetRowGroup(0); + l_tmpRG.getRow(0, &tmpRow); + l_tmpRG.setRowCount(l_inputRG.getRowCount()); + + const normalizeFunctionsT normalizeFunctions = inferNormalizeFunctions(inRow, &tmpRow, fTimeZone); + for (uint32_t i = 0; i < l_inputRG.getRowCount(); i++, inRow.nextRow(), tmpRow.nextRow()) + normalize(inRow, &tmpRow, normalizeFunctions); + + l_tmpRG.getRow(0, &tmpRow); + { + boost::mutex::scoped_lock lk(uniquerMutex); + getOutput(&l_outputRG, &outRow, &outRGData); + memUsageBefore = allocator.getMemUsage(); + + uint32_t tmpOutputRowCount = l_outputRG.getRowCount(); + const uint32_t tmpRGRowCount = l_tmpRG.getRowCount(); + for (uint32_t i = 0; i < tmpRGRowCount; i++, tmpRow.nextRow()) + { + pair inserted; + inserted = uniquer->insert(RowPosition(which | RowPosition::normalizedFlag, i)); + + if (inserted.second) + { + copyRow(tmpRow, &outRow); + const_cast(*(inserted.first)) = + RowPosition(rowMemory.size() - 1, tmpOutputRowCount); + memDiff += outRow.getRealSize(); + addToOutput(&outRow, &l_outputRG, true, outRGData, tmpOutputRowCount); + fRowsReturned++; + } + } + + l_outputRG.setRowCount(tmpOutputRowCount); + + memUsageAfter = allocator.getMemUsage(); + memDiff += (memUsageAfter - memUsageBefore); + } + + if (rm->getMemory(memDiff, sessionMemLimit)) + { + memUsage += memDiff; + } + else + { + fLogger->logMessage(logging::LOG_TYPE_INFO, logging::ERR_UNION_TOO_BIG); + + if (status() == 0) // preserve existing error code + { + errorMessage(logging::IDBErrorInfo::instance()->errorMsg(logging::ERR_UNION_TOO_BIG)); + status(logging::ERR_UNION_TOO_BIG); + } + + abort(); + } + } + else + { + const normalizeFunctionsT normalizeFunctions = inferNormalizeFunctions(inRow, &outRow, fTimeZone); + const uint32_t inputRGRowCount = l_inputRG.getRowCount(); + uint32_t tmpOutputRowCount = l_outputRG.getRowCount(); + + for (uint32_t i = 0; i < inputRGRowCount; i++, inRow.nextRow()) + { + normalize(inRow, &outRow, normalizeFunctions); + addToOutput(&outRow, &l_outputRG, false, outRGData, tmpOutputRowCount); + } + + fRowsReturned += inputRGRowCount; + l_outputRG.setRowCount(tmpOutputRowCount); + } + + more = dl->next(it, &inRGData); + } + } + catch (...) + { + handleException(std::current_exception(), logging::unionStepErr, logging::ERR_UNION_TOO_BIG, + "TupleUnion::readInput()"); + status(logging::unionStepErr); + abort(); + } + + /* make sure that the input was drained before exiting. This can happen if the + query was aborted */ + if (dl && it != numeric_limits::max()) + while (more) + more = dl->next(it, &inRGData); + + { + boost::mutex::scoped_lock lock1(uniquerMutex); + boost::mutex::scoped_lock lock2(sMutex); + + if (!distinct && l_outputRG.getRowCount() > 0) + output->insert(outRGData); + + if (distinct) + { + getOutput(&l_outputRG, &outRow, &outRGData); + + if (++distinctDone == distinctCount && l_outputRG.getRowCount() > 0) + output->insert(outRGData); + } + + if (++runnersDone == fInputJobStepAssociation.outSize()) + { + output->endOfInput(); + + StepTeleStats sts(fQueryUuid, fStepUuid, StepTeleStats::ST_SUMMARY, 1, 1, fRowsReturned); + postStepSummaryTele(sts); + + if (traceOn()) + { + dlTimes.setLastReadTime(); + dlTimes.setEndOfInputTime(); + + time_t t = time(0); + char timeString[50]; + ctime_r(&t, timeString); + timeString[strlen(timeString) - 1] = '\0'; + ostringstream logStr; + logStr << "ses:" << fSessionId << " st: " << fStepId << " finished at " << timeString + << "; total rows returned-" << fRowsReturned << endl + << "\t1st read " << dlTimes.FirstReadTimeString() << "; EOI " << dlTimes.EndOfInputTimeString() + << "; runtime-" << JSTimeStamp::tsdiffstr(dlTimes.EndOfInputTime(), dlTimes.FirstReadTime()) + << "s;\n\tUUID " << uuids::to_string(fStepUuid) << endl + << "\tJob completion status " << status() << endl; + logEnd(logStr.str().c_str()); + fExtendedInfo += logStr.str(); + formatMiniStats(); + } + } + } +} + +uint32_t TupleRecursiveUnion::nextBand(messageqcpp::ByteStream& bs) +{ + RGData mem; + bool more; + uint32_t ret = 0; + + bs.restart(); + more = output->next(outputIt, &mem); + + if (more) + outputRG.setData(&mem); + else + { + mem = RGData(outputRG, 0U); + outputRG.setData(&mem); + outputRG.resetRowGroup(0); + outputRG.setStatus(status()); + } + + outputRG.serializeRGData(bs); + ret = outputRG.getRowCount(); + + return ret; +} + +void TupleRecursiveUnion::getOutput(RowGroup* rg, Row* row, RGData* data) +{ + if (UNLIKELY(rowMemory.empty())) + { + *data = RGData(*rg); + rg->setData(data); + rg->resetRowGroup(0); + rowMemory.push_back(*data); + } + else + { + *data = rowMemory.back(); + rg->setData(data); + } + + rg->getRow(rg->getRowCount(), row); +} + +void TupleRecursiveUnion::addToOutput(Row* r, RowGroup* rg, bool keepit, RGData& data, + uint32_t& tmpOutputRowCount) +{ + r->nextRow(); + tmpOutputRowCount++; + + if (UNLIKELY(tmpOutputRowCount == 8192)) + { + rg->setRowCount(8192); + { + boost::mutex::scoped_lock lock(sMutex); + output->insert(data); + } + data = RGData(*rg); + rg->setData(&data); + rg->resetRowGroup(0); + rg->getRow(0, r); + tmpOutputRowCount = 0; + + if (keepit) + rowMemory.push_back(data); + } +} + +void TupleRecursiveUnion::normalize(const Row& in, Row* out, const normalizeFunctionsT& normalizeFunctions) +{ + uint32_t i; + + out->setRid(0); + + for (i = 0; i < out->getColumnCount(); i++) + { + if (in.isNullValue(i)) + { + TupleRecursiveUnion::writeNull(out, i); + continue; + } + + /// Call the pre-compiled function. + normalizeFunctions[i](in, out, i); + } +} + +void TupleRecursiveUnion::run() +{ + uint32_t i; + + boost::mutex::scoped_lock lk(jlLock); + + if (runRan) + return; + + runRan = true; + lk.unlock(); + + for (i = 0; i < fInputJobStepAssociation.outSize(); i++) + inputs.push_back(fInputJobStepAssociation.outAt(i)->rowGroupDL()); + + output = fOutputJobStepAssociation.outAt(0)->rowGroupDL(); + + if (fDelivery) + { + outputIt = output->getIterator(); + } + + outputRG.initRow(&row); + outputRG.initRow(&row2); + + distinctCount = 0; + normalizedData.reset(new RGData[inputs.size()]); + + for (i = 0; i < inputs.size(); i++) + { + if (distinctFlags[i]) + { + distinctCount++; + normalizedData[i].reinit(outputRG); + } + } + + runners.reserve(inputs.size()); + + for (i = 0; i < inputs.size(); i++) + { + runners.push_back(jobstepThreadPool.invoke(Runner(this, i))); + } +} + +void TupleRecursiveUnion::join() +{ + boost::mutex::scoped_lock lk(jlLock); + + if (joinRan) + return; + + joinRan = true; + lk.unlock(); + + jobstepThreadPool.join(runners); + runners.clear(); + uniquer->clear(); + rowMemory.clear(); + rm->returnMemory(memUsage, sessionMemLimit); + memUsage = 0; +} + +const string TupleRecursiveUnion::toString() const +{ + ostringstream oss; + oss << "TupleRecursiveUnion ses:" << fSessionId << " txn:" << fTxnId << " ver:" << fVerId; + oss << " st:" << fStepId; + oss << " in:"; + + for (unsigned i = 0; i < fInputJobStepAssociation.outSize(); i++) + oss << ((i == 0) ? " " : ", ") << fInputJobStepAssociation.outAt(i); + + oss << " out:"; + + for (unsigned i = 0; i < fOutputJobStepAssociation.outSize(); i++) + oss << ((i == 0) ? " " : ", ") << fOutputJobStepAssociation.outAt(i); + + oss << endl; + + return oss.str(); +} + +void TupleRecursiveUnion::writeNull(Row* out, uint32_t col) +{ + switch (out->getColTypes()[col]) + { + case CalpontSystemCatalog::TINYINT: out->setUintField<1>(joblist::TINYINTNULL, col); break; + + case CalpontSystemCatalog::SMALLINT: out->setUintField<1>(joblist::SMALLINTNULL, col); break; + + case CalpontSystemCatalog::UTINYINT: out->setUintField<1>(joblist::UTINYINTNULL, col); break; + + case CalpontSystemCatalog::USMALLINT: out->setUintField<1>(joblist::USMALLINTNULL, col); break; + + case CalpontSystemCatalog::DECIMAL: + case CalpontSystemCatalog::UDECIMAL: + { + uint32_t len = out->getColumnWidth(col); + + switch (len) + { + case 1: out->setUintField<1>(joblist::TINYINTNULL, col); break; + + case 2: out->setUintField<2>(joblist::SMALLINTNULL, col); break; + + case 4: out->setUintField<4>(joblist::INTNULL, col); break; + + case 8: out->setUintField<8>(joblist::BIGINTNULL, col); break; + + case 16: out->setInt128Field(datatypes::Decimal128Null, col); break; + + default: + { + } + } + + break; + } + + case CalpontSystemCatalog::MEDINT: + case CalpontSystemCatalog::INT: out->setUintField<4>(joblist::INTNULL, col); break; + + case CalpontSystemCatalog::UMEDINT: + case CalpontSystemCatalog::UINT: out->setUintField<4>(joblist::UINTNULL, col); break; + + case CalpontSystemCatalog::FLOAT: + case CalpontSystemCatalog::UFLOAT: out->setUintField<4>(joblist::FLOATNULL, col); break; + + case CalpontSystemCatalog::DATE: out->setUintField<4>(joblist::DATENULL, col); break; + + case CalpontSystemCatalog::BIGINT: out->setUintField<8>(joblist::BIGINTNULL, col); break; + + case CalpontSystemCatalog::UBIGINT: out->setUintField<8>(joblist::UBIGINTNULL, col); break; + + case CalpontSystemCatalog::DOUBLE: + case CalpontSystemCatalog::UDOUBLE: out->setUintField<8>(joblist::DOUBLENULL, col); break; + + case CalpontSystemCatalog::DATETIME: out->setUintField<8>(joblist::DATETIMENULL, col); break; + + case CalpontSystemCatalog::TIMESTAMP: out->setUintField<8>(joblist::TIMESTAMPNULL, col); break; + + case CalpontSystemCatalog::TIME: out->setUintField<8>(joblist::TIMENULL, col); break; + + case CalpontSystemCatalog::CHAR: + case CalpontSystemCatalog::TEXT: + case CalpontSystemCatalog::VARCHAR: + { + uint32_t len = out->getColumnWidth(col); + + switch (len) + { + case 1: out->setUintField<1>(joblist::CHAR1NULL, col); break; + + case 2: out->setUintField<2>(joblist::CHAR2NULL, col); break; + + case 3: + case 4: out->setUintField<4>(joblist::CHAR4NULL, col); break; + + case 5: + case 6: + case 7: + case 8: out->setUintField<8>(joblist::CHAR8NULL, col); break; + + default: out->setStringField(nullptr, 0, col); break; + } + + break; + } + + case CalpontSystemCatalog::BLOB: + case CalpontSystemCatalog::VARBINARY: + // could use below if zero length and NULL are treated the same + // out->setVarBinaryField("", col); break; + out->setVarBinaryField(nullptr, 0, col); + break; + + default: + { + } + } +} + +void TupleRecursiveUnion::formatMiniStats() +{ + ostringstream oss; + oss << "TUS " + << "UM " + << "- " + << "- " + << "- " + << "- " + << "- " + << "- " << JSTimeStamp::tsdiffstr(dlTimes.EndOfInputTime(), dlTimes.FirstReadTime()) << " " + << fRowsReturned << " "; + fMiniInfo += oss.str(); +} } // namespace joblist diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tupleunion.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/joblist/tupleunion.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/joblist/tupleunion.h 2026-05-24 09:58:34.000000000 +0000 @@ -27,6 +27,7 @@ // // +#include "joblist.h" #include "jobstep.h" #include @@ -202,5 +203,174 @@ long fTimeZone; uint32_t fLastCol; }; +class TupleRecursiveUnion : public JobStep, public TupleDeliveryStep +{ + public: + TupleRecursiveUnion(execplan::CalpontSystemCatalog::OID tableOID, const JobInfo& jobInfo, + uint32_t keyCount); + ~TupleRecursiveUnion() override; + + void run() override; + void join() override; + + const std::string toString() const override; + execplan::CalpontSystemCatalog::OID tableOid() const override; + + void setInputRowGroups(const std::vector&); + void setOutputRowGroup(const rowgroup::RowGroup&) override; + void setDistinctFlags(const std::vector&); + + const rowgroup::RowGroup& getOutputRowGroup() const override + { + return outputRG; + } + const rowgroup::RowGroup& getDeliveredRowGroup() const override + { + return outputRG; + } + void deliverStringTableRowGroup(bool b) override + { + outputRG.setUseStringTable(b); + } + bool deliverStringTableRowGroup() const override + { + return outputRG.usesStringTable(); + } + + // @bug 598 for self-join + std::string alias1() const + { + return fAlias1; + } + void alias1(const std::string& alias) + { + fAlias = fAlias1 = alias; + } + std::string alias2() const + { + return fAlias2; + } + void alias2(const std::string& alias) + { + fAlias2 = alias; + } + std::string view1() const + { + return fView1; + } + void view1(const std::string& vw) + { + fView = fView1 = vw; + } + std::string view2() const + { + return fView2; + } + void view2(const std::string& vw) + { + fView2 = vw; + } + + uint32_t nextBand(messageqcpp::ByteStream& bs) override; + + void recursiveSteps(JobStepVector jsv) + { + fRecursiveSteps = jsv; + } + + private: + struct RowPosition + { + uint64_t group : 48; + uint64_t row : 16; + + inline explicit RowPosition(uint64_t i = 0, uint64_t j = 0) : group(i), row(j) {}; + static const uint64_t normalizedFlag = 0x800000000000ULL; // 48th bit is set + }; + + void getOutput(rowgroup::RowGroup* rg, rowgroup::Row* row, rowgroup::RGData* data); + void addToOutput(rowgroup::Row* r, rowgroup::RowGroup* rg, bool keepit, rowgroup::RGData& data, + uint32_t& tmpOutputRowCount); + void normalize(const rowgroup::Row& in, rowgroup::Row* out, const normalizeFunctionsT& normalizeFunctions); + void writeNull(rowgroup::Row* out, uint32_t col); + void readInput(uint32_t); + void formatMiniStats(); + + execplan::CalpontSystemCatalog::OID fTableOID; + // @bug 598 for self-join + std::string fAlias1; + std::string fAlias2; + + std::string fView1; + std::string fView2; + + rowgroup::RowGroup outputRG; + std::vector inputRGs; + std::vector inputs; + RowGroupDL* output; + uint32_t outputIt; + + JobStepVector fRecursiveSteps; + + struct Runner + { + TupleRecursiveUnion* tu; + uint32_t index; + Runner(TupleRecursiveUnion* t, uint32_t in) : tu(t), index(in) + { + } + void operator()() + { + utils::setThreadName("TRUSRunner"); + tu->readInput(index); + } + }; + std::vector runners; // thread pool handles + + struct Hasher + { + TupleRecursiveUnion* ts; + utils::Hasher_r h; + explicit Hasher(TupleRecursiveUnion* t) : ts(t) + { + } + uint64_t operator()(const RowPosition&) const; + }; + struct Eq + { + TupleRecursiveUnion* ts; + explicit Eq(TupleRecursiveUnion* t) : ts(t) + { + } + bool operator()(const RowPosition&, const RowPosition&) const; + }; + + typedef std::tr1::unordered_set> Uniquer_t; + + boost::scoped_ptr uniquer; + std::vector rowMemory; + boost::mutex sMutex, uniquerMutex; + uint64_t memUsage; + uint32_t rowLength; + rowgroup::Row row, row2; + std::vector distinctFlags; + ResourceManager* rm; + utils::STLPoolAllocator allocator; + boost::scoped_array normalizedData; + + uint32_t runnersDone; + uint32_t distinctCount; + uint32_t distinctDone; + + uint64_t fRowsReturned; + + // temporary hack to make sure JobList only calls run, join once + boost::mutex jlLock; + bool runRan, joinRan; + + boost::shared_ptr sessionMemLimit; + long fTimeZone; + uint32_t fLastCol; +}; } // namespace joblist diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/CMakeLists.txt 2026-05-24 09:58:34.000000000 +0000 @@ -41,6 +41,7 @@ is_columnstore_columns.cpp is_columnstore_files.cpp is_columnstore_extents.cpp + is_columnstore_partitions.cpp columnstore_dataload.cpp ) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/columnstore.cnf mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/columnstore.cnf --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/columnstore.cnf 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/columnstore.cnf 2026-05-24 09:58:34.000000000 +0000 @@ -8,4 +8,6 @@ collation_server = utf8_general_ci character_set_server = utf8 -loose-columnstore_use_import_for_batchinsert = ON \ No newline at end of file +loose-columnstore_use_import_for_batchinsert = ON +columnstore_innodb_queries_use_mcs = OFF + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_from_sub.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_from_sub.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_from_sub.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_from_sub.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -220,6 +220,7 @@ gwi.thd = fGwip.thd; gwi.subQuery = this; gwi.viewName = fGwip.viewName; + gwi.isRecursiveWithTable = fGwip.isRecursiveWithTable; csep->derivedTbAlias(fAlias); // always lower case csep->derivedTbView(fGwip.viewName.alias, lower_case_table_names); @@ -243,4 +244,40 @@ return csep; } +SCSEP FromSubQuery::transform(bool b) +{ + assert(fFromSub); + SCSEP csep(new CalpontSelectExecutionPlan()); + csep->sessionID(fGwip.sessionid); + csep->location(CalpontSelectExecutionPlan::FROM); + csep->subType(CalpontSelectExecutionPlan::FROM_SUBS); + + // gwi for the sub query + gp_walk_info gwi(fGwip.timeZone, fGwip.subQueriesChain); + gwi.thd = fGwip.thd; + gwi.subQuery = this; + gwi.viewName = fGwip.viewName; + gwi.isRecursiveWithTable = fGwip.isRecursiveWithTable; + csep->derivedTbAlias(fAlias); // always lower case + csep->derivedTbView(fGwip.viewName.alias, lower_case_table_names); + + if (getSelectPlan(gwi, *fFromSub, csep, b) != 0) + { + fGwip.fatalParseError = true; + + if (!gwi.parseErrorText.empty()) + fGwip.parseErrorText = gwi.parseErrorText; + else + fGwip.parseErrorText = "Error occurred in FromSubQuery::transform()"; + + csep.reset(); + return csep; + } + + // Insert column statistics + fGwip.mergeTableStatistics(gwi.tableStatistics); + + fGwip.subselectList.push_back(csep); + return csep; +} } // namespace cal_impl_if diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -1950,6 +1950,11 @@ is_columnstore_tables_plugin_init, // is_columnstore_tables_plugin_deinit, NULL, MCSVERSIONHEX, NULL, NULL, PLUGIN_COLUMNSTORE_VERSION, COLUMNSTORE_MATURITY}, + {MYSQL_INFORMATION_SCHEMA_PLUGIN, &is_columnstore_plugin_version, "COLUMNSTORE_PARTITIONS", + "MariaDB Corporation", "An information schema plugin to list ColumnStore partitions", PLUGIN_LICENSE_GPL, + is_columnstore_partitions_plugin_init, + // is_columnstore_tables_plugin_deinit, + NULL, MCSVERSIONHEX, NULL, NULL, PLUGIN_COLUMNSTORE_VERSION, COLUMNSTORE_MATURITY}, {MYSQL_INFORMATION_SCHEMA_PLUGIN, &is_columnstore_plugin_version, "COLUMNSTORE_FILES", "MariaDB Corporation", "An information schema plugin to list ColumnStore files", PLUGIN_LICENSE_GPL, is_columnstore_files_plugin_init, diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_common.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_common.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_common.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_common.h 2026-05-24 09:58:34.000000000 +0000 @@ -24,23 +24,19 @@ inline bool isMCSTable(TABLE* table_ptr) { -#if (defined(_MSC_VER) && defined(_DEBUG)) || defined(SAFE_MUTEX) - - if (!(table_ptr->s && (*table_ptr->s->db_plugin)->name.str)) -#else - if (!(table_ptr->s && (table_ptr->s->db_plugin)->name.str)) -#endif - return true; + if (!table_ptr || !table_ptr->s || !table_ptr->s->db_plugin) + return false; #if (defined(_MSC_VER) && defined(_DEBUG)) || defined(SAFE_MUTEX) - std::string engineName = (*table_ptr->s->db_plugin)->name.str; + const char* name = (*table_ptr->s->db_plugin)->name.str; #else - std::string engineName = table_ptr->s->db_plugin->name.str; + const char* name = table_ptr->s->db_plugin->name.str; #endif - if (engineName == "Columnstore" || engineName == "Columnstore_cache") - return true; - return false; + if (!name) + return false; + + return (strcmp(name, "Columnstore") == 0 || strcmp(name, "Columnstore_cache") == 0); } inline bool isMultiUpdateStatement(const enum_sql_command& command) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_ddl.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_ddl.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_ddl.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_ddl.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -2239,12 +2239,6 @@ "The syntax replace table is not supported by Columnstore. Please check the " "Columnstore syntax guide for supported syntax or data types."); } - else if (ddlStatement.find("DROP COLUMN IF EXISTS") != string::npos) - { - thd->raise_error_printf(ER_CHECK_NOT_IMPLEMENTED, - "The syntax drop column if exists is not supported by Columnstore. Please " - "check the Columnstore syntax guide for supported syntax or data types."); - } else { //@Bug 1888,1885. update error message diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -31,6 +31,7 @@ #include #include #include +#include "idberrorinfo.h" #include "messagelog.h" #include @@ -41,6 +42,7 @@ #include #include "errorids.h" +#include "mysqld_error.h" using namespace logging; #define PREFER_MY_CONFIG_H @@ -2748,49 +2750,6 @@ } return false; } -ReturnedColumn* wrapIntoAggregate(ReturnedColumn* rc, gp_walk_info& gwi, Item* baseItem) -{ - if (!gwi.implicitExplicitGroupBy || gwi.disableWrapping || !gwi.select_lex) - { - return rc; - } - - if (dynamic_cast(rc) != nullptr || dynamic_cast(rc) != nullptr) - { - return rc; - } - - if (itemDisablesWrapping(baseItem, gwi)) - { - return rc; - } - - cal_connection_info* ci = static_cast(get_fe_conn_info_ptr()); - - AggregateColumn* ac = new AggregateColumn(gwi.sessionid); - ac->timeZone(gwi.timeZone); - ac->alias(rc->alias()); - ac->aggOp(AggregateColumn::SELECT_SOME); - ac->asc(rc->asc()); - ac->charsetNumber(rc->charsetNumber()); - ac->orderPos(rc->orderPos()); - uint32_t i; - for (i = 0; i < gwi.processed.size() && !gwi.processed[i].first->eq(baseItem, false); i++) - { - } - if (i < gwi.processed.size()) - { - ac->expressionId(gwi.processed[i].second); - } - else - { - ac->expressionId(ci->expressionId++); - } - - ac->aggParms().push_back(SRCP(rc)); - ac->resultType(rc->resultType()); - return ac; -} ReturnedColumn* buildReturnedColumnNull(gp_walk_info& gwi) { @@ -2825,7 +2784,7 @@ { Item_field* ifp = (Item_field*)item; - return wrapIntoAggregate(buildSimpleColumn(ifp, gwi, queryType), gwi, ifp); + return buildSimpleColumn(ifp, gwi, queryType); } case Item::NULL_ITEM: return buildReturnedColumnNull(gwi); case Item::CONST_ITEM: @@ -5318,22 +5277,91 @@ { // Until we handle recursive cte: // Checking here ensures we catch all with clauses in the query. - if (table_ptr->is_recursive_with_table()) - { - gwi.fatalParseError = true; - gwi.parseErrorText = "Recursive CTE"; - setError(gwi.thd, ER_CHECK_NOT_IMPLEMENTED, gwi.parseErrorText, gwi); - return ER_CHECK_NOT_IMPLEMENTED; - } + /* + + refer to sql_union.cc, exec_recursive for a sample implementation + + might just work by setting isUnion to true, then calling get select again. + need to set relevant meta data. + needs to write all to the first table, probably can be achieved + */ string viewName = getViewName(table_ptr); if (lower_case_table_names) { boost::algorithm::to_lower(viewName); } + if (table_ptr->is_recursive_with_table()) + { + if (table_ptr->derived->union_distinct) + { + gwi.fatalParseError = true; + gwi.parseErrorText = + "Recursive CTE with UNION DISTINCT is not supported by ColumnStore. Use UNION ALL."; + setError(gwi.thd, ER_CHECK_NOT_IMPLEMENTED, gwi.parseErrorText, gwi); + return ER_CHECK_NOT_IMPLEMENTED; + } + + dynamic_cast(csep.get())->containsRecursiveQuery(true); + SELECT_LEX* start = table_ptr->derived->first_select(); + // SELECT_LEX* end = NULL; + dynamic_cast(csep.get()) + ->maxRecursiveDepth(gwi.thd->variables.max_recursive_iterations); + SCSEP anchor_plan = NULL; + + gwi.isRecursiveWithTable = true; +#ifdef DEBUG_WALK_COND + + if (gwi.recursiveWithTableName == table_ptr->table_name.str) + { + cerr << "RECURSIVE TABLE: " << gwi.recursiveWithTableName << endl; + } + +#endif + + FromSubQuery* fromSub = new FromSubQuery(gwi, start); + string alias(table_ptr->alias.str); + if (lower_case_table_names) + { + boost::algorithm::to_lower(alias); + } + fromSub->alias(alias); + + CalpontSystemCatalog::TableAliasName tn = + make_aliasview("", table_ptr->table_name.str, alias, viewName); + // @bug 3852. check return execplan + anchor_plan = fromSub->transform(isUnion); + if (!anchor_plan) + { + setError(gwi.thd, ER_INTERNAL_ERROR, fromSub->gwip().parseErrorText, gwi); + CalpontSystemCatalog::removeCalpontSystemCatalog(gwi.sessionid); + return ER_INTERNAL_ERROR; + } + dynamic_cast(anchor_plan.get())->isRecursiveWithTable(true); + dynamic_cast(anchor_plan.get()) + ->maxRecursiveDepth(gwi.thd->variables.max_recursive_iterations); + + gwi.derivedTbList.push_back(anchor_plan); + gwi.tbList.push_back(tn); + CalpontSystemCatalog::TableAliasName tan = make_aliastable("", table_ptr->table_name.str, alias); + gwi.tableMap[tan] = make_pair(0, table_ptr); + // MCOL-2178 isUnion member only assigned, never used + // MIGR::infinidb_vtable.isUnion = true; //by-pass the 2nd pass of rnd_init + start = table_ptr->derived->first_select(); + + // if (with_element->with_anchor) + // end = with_element->first_recursive; + + if (!anchor_plan) + { + setError(gwi.thd, ER_INTERNAL_ERROR, "No Anchor Query", gwi); + CalpontSystemCatalog::removeCalpontSystemCatalog(gwi.sessionid); + return ER_INTERNAL_ERROR; + } + } // @todo process from subquery - if (table_ptr->derived) + else if (table_ptr->derived) { SELECT_LEX* select_cursor = table_ptr->derived->first_select(); FromSubQuery* fromSub = new FromSubQuery(gwi, select_cursor); @@ -5355,6 +5383,11 @@ return ER_INTERNAL_ERROR; } + if (plan->containsRecursiveQuery()) + { + csep->containsRecursiveQuery(true); + } + gwi.derivedTbList.push_back(plan); gwi.tbList.push_back(tn); CalpontSystemCatalog::TableAliasName tan = make_aliastable("", alias, alias); @@ -5369,6 +5402,17 @@ gwi.viewList.push_back(view); view->transform(); } + else if (table_ptr->table_function) + { + // MCOL-6300: Table functions (e.g. JSON_TABLE) are virtual tables + // that do not exist in any database. ColumnStore cannot handle + // them — neither as a native table nor via CrossEngineStep. + // Signal unsupported so the caller can fall back to the server. + gwi.fatalParseError = true; + gwi.parseErrorText = "Table functions (e.g. JSON_TABLE) are not supported by ColumnStore."; + setError(gwi.thd, ER_CHECK_NOT_IMPLEMENTED, gwi.parseErrorText, gwi); + return ER_CHECK_NOT_IMPLEMENTED; + } else { // check foreign engine tables @@ -5720,6 +5764,59 @@ return 0; } +execplan::ReturnedColumn* findMatchingAlias(const Item_field* ifp, + execplan::CalpontSelectExecutionPlan::ReturnedColumnList& cols) +{ + if (!ifp->name.length) + { + return nullptr; + } + + execplan::ReturnedColumn* rc = nullptr; + for (uint32_t j = 0; j < cols.size(); j++) + { + if (strcasecmp(ifp->name.str, cols[j].get()->alias().c_str()) == 0) + { + ReturnedColumn* matched_col = cols[j].get(); + + // If it's an aggregate column, try to unwrap it to get the underlying column + AggregateColumn* agg_check = dynamic_cast(matched_col); + if (agg_check) + { + // Check if the aggregate has parameters and use the first parameter if it's not an aggregate + // itself + if (!agg_check->aggParms().empty()) + { + ReturnedColumn* inner_col = agg_check->aggParms()[0].get(); + AggregateColumn* inner_agg = dynamic_cast(inner_col); + + if (!inner_agg) + { + // Use the inner non-aggregate column + matched_col = inner_col; + } + else + { + // It's a nested aggregate, skip it + continue; + } + } + else + { + // Aggregate with no parameters (like COUNT(*)), skip it + continue; + } + } + + rc = matched_col->clone(); + rc->orderPos(j); + break; + } + } + + return rc; +} + /*@brief Process GROUP BY part of the query or sub-query */ /*********************************************************** * DESCRIPTION: @@ -5754,6 +5851,14 @@ gwi.hasWindowFunc = hasWindowFunc; groupcol = static_cast(select_lex.group_list.first); + if (gwi.isRecursiveWithTable && groupcol) + { + gwi.fatalParseError = true; + gwi.parseErrorText = IDBErrorInfo::instance()->errorMsg(ERR_NON_SUPPORT_GROUP_BY, "GROUP BY clause"); + setError(gwi.thd, ER_CHECK_NOT_IMPLEMENTED, gwi.parseErrorText, gwi); + return ER_CHECK_NOT_IMPLEMENTED; + } + gwi.disableWrapping = true; for (; groupcol; groupcol = groupcol->next) { @@ -5851,8 +5956,11 @@ if (sc) { + // buildSimpleColumn succeeded - we have a valid table column reference + // This table column takes precedence over any SELECT aliases (SQL standard behavior) + // Just check if it's in the SELECT list to set orderPos (optional optimization) bool found = false; - for (uint32_t j = 0; j < gwi.returnedCols.size(); j++) + for (uint32_t j = 0; !found && j < gwi.returnedCols.size(); j++) { if (sc->sameColumn(gwi.returnedCols[j].get())) { @@ -5861,29 +5969,24 @@ break; } } - for (uint32_t j = 0; !found && j < gwi.returnedCols.size(); j++) + // Note: We do NOT fall back to alias matching here. + // The SimpleColumn from buildSimpleColumn is the correct table column to use. + } + else if (rc) + { + // rc is not a SimpleColumn (e.g., could be an aggregate or other type) + // Try to match by alias name + if (auto* nrc = findMatchingAlias(ifp, gwi.returnedCols); nrc != nullptr) { - if (strcasecmp(sc->alias().c_str(), gwi.returnedCols[j]->alias().c_str()) == 0) - { - delete rc; - rc = gwi.returnedCols[j].get()->clone(); - rc->orderPos(j); - break; - } + delete rc; + rc = nrc; } } else { - for (uint32_t j = 0; j < gwi.returnedCols.size(); j++) - { - if (ifp->name.length && string(ifp->name.str) == gwi.returnedCols[j].get()->alias()) - { - delete rc; - rc = gwi.returnedCols[j].get()->clone(); - rc->orderPos(j); - break; - } - } + // buildSimpleColumn() returned NULL - this might be due to ambiguity + // or column not found. Try to find a matching alias in the SELECT list. + rc = findMatchingAlias(ifp, gwi.returnedCols); } if (!rc) @@ -6560,7 +6663,7 @@ } // We need to look into GROUP BY columns to decide if we need to wrap a column. - ReturnedColumn* rc = wrapIntoAggregate(sc, gwi, baseItem); + ReturnedColumn* rc = sc; SRCP sprc(rc); pushReturnedCol(gwi, baseItem, sprc); @@ -6993,8 +7096,6 @@ else { rc = buildReturnedColumn(ord_item, gwi, gwi.fatalParseError, false, queryType); - - rc = wrapIntoAggregate(rc, gwi, ord_item); } // @bug5501 try item_ptr if item can not be fixed. For some // weird dml statement state, item can not be fixed but the @@ -7040,9 +7141,16 @@ { SQL_I_List order_list = select_lex.order_list; ORDER* ordercol = static_cast(order_list.first); - // check if window functions are in order by. InfiniDB process order by list if // window functions are involved, either in order by or projection. + if (gwi.isRecursiveWithTable && ordercol) + { + gwi.fatalParseError = true; + gwi.parseErrorText = IDBErrorInfo::instance()->errorMsg(ERR_NON_SUPPORT_ORDER_BY, "WITH RECURSIVE"); + setError(gwi.thd, ER_CHECK_NOT_IMPLEMENTED, gwi.parseErrorText, gwi); + return ER_CHECK_NOT_IMPLEMENTED; + } + for (; ordercol; ordercol = ordercol->next) { if ((*(ordercol->item))->type() == Item::WINDOW_FUNC_ITEM) @@ -7293,7 +7401,7 @@ funcFieldVec[i]->print(&str, QT_ORDINARY); sc->alias(string(str.c_ptr())); sc->tableAlias(sc->tableAlias()); - SRCP srcp(wrapIntoAggregate(sc, gwi, funcFieldVec[i])); + SRCP srcp(sc); uint32_t j = 0; for (; j < gwi.returnedCols.size(); j++) @@ -7625,6 +7733,11 @@ // Store optimized plan and applied rules store_query_plan(csep, PlanType::Optimized); store_applied_rules(ctx.serializeAppliedRules()); + if (csep->traceOn()) + { + cerr << "csepWasOptimized=" << csepWasOptimized << " appliedRules=" << ctx.serializeAppliedRules() + << endl; + } if (csep->traceOn() && csepWasOptimized) { cerr << "---------------- cs_get_select_plan optimized EXECUTION PLAN ----------------" << endl; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan_walks.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan_walks.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan_walks.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_execplan_walks.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -124,9 +124,11 @@ if (!scp) break; + execplan::ReturnedColumn* rc = scp->clone(); + std::string aliasTableName(scp->tableAlias()); scp->tableAlias(aliasTableName); - gwip->rcWorkStack.push(scp->clone()); + gwip->rcWorkStack.push(rc); boost::shared_ptr scsp(scp); gwip->scsp = scsp; @@ -1651,4 +1653,4 @@ } } -} // namespace cal_impl_if \ No newline at end of file +} // namespace cal_impl_if diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_impl_if.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_impl_if.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_impl_if.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_impl_if.h 2026-05-24 09:58:34.000000000 +0000 @@ -415,6 +415,7 @@ bool aggOnSelect; bool hasWindowFunc; bool hasSubSelect; + bool isRecursiveWithTable = false; SubQuery* lastSub; std::vector viewList; std::map derivedTbFilterMap; @@ -721,8 +722,6 @@ void castCharArgs(gp_walk_info* gwip, Item_func* ifp, funcexp::FunctionParm& functionParms); void castDecimalArgs(gp_walk_info* gwip, Item_func* ifp, funcexp::FunctionParm& functionParms); void castTypeArgs(gp_walk_info* gwip, Item_func* ifp, funcexp::FunctionParm& functionParms); -// void parse_item (Item* item, std::vector& field_vec, bool& hasNonSupportItem, uint16& -// parseInfo); bool isPredicateFunction(Item* item, gp_walk_info* gwip); execplan::ParseTree* buildRowPredicate(gp_walk_info* gwip, execplan::RowColumn* lhs, execplan::RowColumn* rhs, std::string predicateOp); @@ -740,9 +739,6 @@ execplan::SPTP getIntervalType(gp_walk_info* gwip, int interval_type); uint32_t isPseudoColumn(std::string funcName); void setDerivedTable(execplan::ParseTree* n); -execplan::ParseTree* setDerivedFilter(gp_walk_info* gwip, execplan::ParseTree*& n, - std::map& obj, - execplan::CalpontSelectExecutionPlan::SelectList& derivedTbList); void derivedTableOptimization(gp_walk_info* gwip, execplan::SCSEP& csep); bool buildEqualityPredicate(execplan::ReturnedColumn* lhs, execplan::ReturnedColumn* rhs, gp_walk_info* gwip, boost::shared_ptr& sop, const Item_func::Functype& funcType, diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_opt_rewrites.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_opt_rewrites.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_opt_rewrites.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_opt_rewrites.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -106,7 +106,14 @@ { for (SELECT_LEX* sl = unit->first_select(); sl; sl = sl->next_select()) { - first_cond_optimization_flag_toggle(sl, func); + if (sl->get_table_list()) + { + // rCTE will recursively call toggle for the same SL + if (select_lex != sl) + { + first_cond_optimization_flag_toggle(sl, func); + } + } } } } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_pushdown.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_pushdown.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_pushdown.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_mcs_pushdown.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -364,7 +364,8 @@ bool check_user_var(SELECT_LEX* select_lex) { - if (!select_lex) { + if (!select_lex) + { // There are definitely no user vars if select_lex is null return false; } @@ -661,6 +662,14 @@ { return nullptr; } + + // MCOL-6300: Table functions (e.g. JSON_TABLE) are virtual tables + // that ColumnStore cannot handle. Reject early so the server + // processes them natively. + if (table_ptr->table_function) + { + return nullptr; + } } } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_subquery.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_subquery.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_subquery.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_subquery.h 2026-05-24 09:58:34.000000000 +0000 @@ -228,6 +228,8 @@ } execplan::SCSEP transform(); + execplan::SCSEP transform(bool b); + private: SELECT_LEX* fFromSub; std::string fAlias; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_view.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_view.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_view.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_view.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -129,6 +129,14 @@ gwi.viewList.push_back(view); view->transform(); } + else if (table_ptr->table_function) + { + // MCOL-6300: Table functions (e.g. JSON_TABLE) are virtual tables + // that cannot be handled by ColumnStore. + gwi.fatalParseError = true; + gwi.parseErrorText = "Table functions (e.g. JSON_TABLE) are not supported by ColumnStore."; + break; + } else { // check foreign engine tables diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_window_function.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_window_function.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/ha_window_function.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/ha_window_function.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -21,6 +21,7 @@ * * ***********************************************************************/ +#include #define PREFER_MY_CONFIG_H #include #include @@ -307,6 +308,13 @@ // String str; // item->print(&str, QT_INFINIDB_NO_QUOTE); // cout << str.c_ptr() << endl; + if (gwi.isRecursiveWithTable) + { + gwi.fatalParseError = true; + gwi.parseErrorText = "Window Functions not supported in recursive CTE"; + return NULL; + } + if (get_fe_conn_info_ptr() == NULL) { set_fe_conn_info_ptr((void*)new cal_connection_info()); @@ -539,7 +547,7 @@ srcp->asc(orderCol->direction == ORDER::ORDER_ASC ? true : false); // srcp->nullsFirst(orderCol->nulls); // nulls 2-default, 1-nulls - //first, 0-nulls last + // first, 0-nulls last srcp->nullsFirst(orderCol->direction == ORDER::ORDER_ASC ? 1 : 0); // WINDOWS TODO: implement NULLS FIRST/LAST in 10.2 front end diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/idb_mysql.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/idb_mysql.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/idb_mysql.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/idb_mysql.h 2026-05-24 09:58:34.000000000 +0000 @@ -32,6 +32,22 @@ #undef LOG_INFO +/* + Prevent rpl_master_info_file.h (transitively included via sql_lex.h) from + being fully parsed. Its inline static VALUE_MAP (std::unordered_map with + Info_file::Mem_fn) creates a complex template instantiation that produces + an unresolvable symbol when ha_columnstore.so is loaded by the server. + ColumnStore does not use any replication info file types, so a forward + declaration of Master_info_file (needed by LEX_MASTER_INFO in sql_lex.h) + is sufficient. +*/ +#ifndef RPL_MASTER_INFO_FILE_H +#define RPL_MASTER_INFO_FILE_H +struct Master_info_file; +enum struct enum_master_use_gtid {}; +enum struct trilean {}; +#endif + #ifdef _DEBUG #ifndef SAFE_MUTEX #define SAFE_MUTEX diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/install_mcs_mysql.sh.in mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/install_mcs_mysql.sh.in --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/install_mcs_mysql.sh.in 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/install_mcs_mysql.sh.in 2026-05-24 09:58:34.000000000 +0000 @@ -123,6 +123,49 @@ ) DEFAULT CHARSET=utf8 COLLATE=utf8_bin; insert ignore into infinidb_querystats.priority values ('High', 100),('Medium', 66), ('Low', 33); + +CREATE DATABASE IF NOT EXISTS queryacc; + +DELIMITER $$ +CREATE OR REPLACE FUNCTION queryacc.enable_queryacc() RETURNS TEXT NOT DETERMINISTIC +BEGIN + DECLARE old_settings TEXT; + SET old_settings = @@optimizer_switch; + SET @@columnstore_unstable_optimizer='on'; + SET @@optimizer_switch='index_merge=off,index_merge_union=off,index_merge_sort_union=off,index_merge_intersection=off,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=on,in_to_exists=off,semijoin=off,partial_match_rowid_merge=off,partial_match_table_scan=off,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=off,join_cache_hashed=off,join_cache_bka=off,optimize_join_buffer_size=off,table_elimination=off,extended_keys=off,exists_to_in=off,orderby_uses_equalities=off,condition_pushdown_for_derived=on,split_materialized=off,condition_pushdown_for_subquery=off,rowid_filter=off,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off,cset_narrowing=off,sargable_casefold=off'; + SET @@columnstore_query_accel_parallel_factor=5; + RETURN old_settings; +END; +$$ +DELIMITER ; + +DELIMITER $$ +CREATE OR REPLACE PROCEDURE queryacc.disable_queryacc(IN old_settings TEXT) +BEGIN + SET @@optimizer_switch = old_settings; + SET @@columnstore_unstable_optimizer='off'; +END; +$$ +DELIMITER ; + +DELIMITER $$ +CREATE OR REPLACE PROCEDURE queryacc.with_queryacc(IN query TEXT) +BEGIN + DECLARE old_settings TEXT; + SET old_settings = enable_queryacc(); + BEGIN + DECLARE EXIT HANDLER FOR SQLEXCEPTION + BEGIN + CALL disable_queryacc(old_settings); + RESIGNAL; + END; + EXECUTE IMMEDIATE query; + END; + CALL disable_queryacc(old_settings); +END; +$$ +DELIMITER ; + EOD $MDB <@ENGINE_SUPPORTDIR@/calsetuserpriority.sql 2>/dev/null diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/is_columnstore.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/is_columnstore.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore.h 2026-05-24 09:58:34.000000000 +0000 @@ -20,21 +20,26 @@ int is_columnstore_extents_plugin_init(void* p); int is_columnstore_files_plugin_init(void* p); int is_columnstore_tables_plugin_init(void* p); +int is_columnstore_partitions_plugin_init(void* p); int is_columnstore_columns_plugin_init(void* p); class InformationSchemaCond { StringBuffer mBufferTableName; StringBuffer mBufferTableSchema; + StringBuffer mBufferColumnName; String* mTableName; String* mTableSchema; + String* mColumnName; public: InformationSchemaCond() : mBufferTableName(system_charset_info) , mBufferTableSchema(system_charset_info) + , mBufferColumnName(system_charset_info) , mTableName(nullptr) , mTableSchema(nullptr) + , mColumnName(nullptr) { } const String* tableName() const @@ -57,6 +62,10 @@ { return eqName(mTableName, table) && eqName(mTableSchema, schema); } + bool matchColumn(const std::string& column) const + { + return eqName(mColumnName, column); + } void getCondItem(Item_field* item_field, Item* item_const) { @@ -68,6 +77,10 @@ { mTableSchema = item_const->val_str(&mBufferTableSchema); } + else if (strcasecmp(item_field->field_name.str, "column_name") == 0) + { + mColumnName = item_const->val_str(&mBufferColumnName); + } } void getCondItemBoolFunc2(Item_bool_func2* func) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/is_columnstore_partitions.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore_partitions.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/mysql/is_columnstore_partitions.cpp 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/mysql/is_columnstore_partitions.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,163 @@ +/* c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil + * vi: set shiftwidth=4 tabstop=4 expandtab: + * :indentSize=4:tabSize=4:noTabs=true: + * + * Copyright (C) 2016 MariaDB Corporation + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; version 2 of + * the License. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + * MA 02110-1301, USA. + */ + +#define PREFER_MY_CONFIG_H +#include "idb_mysql.h" +#include + +#include +#include "calpontsystemcatalog.h" +#include "dataconvert.h" +#include "is_columnstore.h" + +#include "idberrorinfo.h" +#include "exceptclasses.h" +#include "mastersegmenttable.h" +#include "extentmap.h" +#include "dbrm.h" +#include "brmtypes.h" +using namespace BRM; + +// Required declaration as it isn't in a MairaDB include +bool schema_table_store_record(THD* thd, TABLE* table); + +ST_FIELD_INFO is_columnstore_partitions_fields[] = { + Show::Column("TABLE_SCHEMA", Show::Varchar(64), NOT_NULL), + Show::Column("TABLE_NAME", Show::Varchar(64), NOT_NULL), + Show::Column("COLUMN_NAME", Show::Varchar(64), NOT_NULL), + Show::Column("PARTITION_ID", Show::Varchar(64), NOT_NULL), + Show::CEnd()}; + +static int is_columnstore_partitions_fill(THD* thd, TABLE_LIST* tables, COND* cond) +{ + BRM::DBRM::refreshShmWithLock(); + DBRM em; + CHARSET_INFO* cs = system_charset_info; + TABLE* table = tables->table; + InformationSchemaCond isCond; + + execplan::CalpontSystemCatalog csc; + csc.identity(execplan::CalpontSystemCatalog::FE); + + if (cond) + { + isCond.getCondItems(cond); + } + + const std::vector< + std::pair > + catalog_tables = csc.getTables(); + + std::set partitionSet; + + for (std::vector >::const_iterator it = + catalog_tables.begin(); + it != catalog_tables.end(); ++it) + { + if (!isCond.match((*it).second.schema, (*it).second.table)) + continue; + + execplan::CalpontSystemCatalog::RIDList column_rid_list; + + // Note a table may get dropped as you iterate over the list of tables. + // So simply ignore the dropped table. + try + { + column_rid_list = csc.columnRIDs((*it).second, true, lower_case_table_names); + } + catch (logging::IDBExcept& ex) + { + if (ex.errorCode() == logging::ERR_TABLE_NOT_IN_CATALOG) + { + continue; + } + else + { + return 1; + } + } + + for (size_t col_num = 0; col_num < column_rid_list.size(); col_num++) + { + OID_t oid = column_rid_list[col_num].objnum; + + execplan::CalpontSystemCatalog::TableColName tcn = csc.colName(oid); + + if (!isCond.matchColumn(tcn.column)) + { + continue; + } + + execplan::CalpontSystemCatalog::ColType ct = csc.colType(oid); + + std::vector entries; + + if (em.getExtents(oid, entries, false, false, true)) + { + continue; + } + for (const auto& entry : entries) + { + LogicalPartition logicalPartNum; + logicalPartNum.dbroot = entry.dbRoot; + logicalPartNum.pp = entry.partitionNum; + logicalPartNum.seg = entry.segmentNum; + if (partitionSet.count(logicalPartNum) > 0) + { + // added already. + continue; + } + partitionSet.insert(logicalPartNum); + + table->field[0]->store(tcn.schema.c_str(), tcn.schema.length(), cs); + table->field[1]->store(tcn.table.c_str(), tcn.table.length(), cs); + table->field[2]->store(tcn.column.c_str(), tcn.column.length(), cs); + + std::ostringstream oss; + + oss << logicalPartNum; + + std::string lpnStr(oss.str()); + + table->field[3]->store(lpnStr.c_str(), lpnStr.length(), cs); + + if (schema_table_store_record(thd, table)) + { + return 1; + } + } + + + } + } + + return 0; +} + +int is_columnstore_partitions_plugin_init(void* p) +{ + ST_SCHEMA_TABLE* schema = (ST_SCHEMA_TABLE*)p; + schema->fields_info = is_columnstore_partitions_fields; + schema->fill_table = is_columnstore_partitions_fill; + return 0; +} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/CMakeLists.txt 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/CMakeLists.txt 2026-05-24 09:58:34.000000000 +0000 @@ -2,7 +2,8 @@ rulebased_optimizer.cpp rbo_apply_parallel_ces.cpp rbo_apply_rewrite_distinct.cpp - rbo_predicate_pushdown.cpp) + rbo_predicate_pushdown.cpp + rbo_groupby_wrap_columns.cpp) columnstore_library(rbo ${rbo_SRCS}) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -21,6 +21,7 @@ #include #include #include +#include #include #include "rulebased_optimizer.h" @@ -36,6 +37,7 @@ #include "simplefilter.h" #include "existsfilter.h" #include "outerjoinonfilter.h" +#include "selectfilter.h" #include "simplescalarfilter.h" namespace optimizer @@ -460,11 +462,13 @@ void updateScToUseRewrittenDerived(execplan::SimpleColumn* sc, const std::string& newTableAlias, const uint32_t colPosition, std::optional scAlias) { + sc->oid(0); sc->schemaName(""); - // For derived tables, leave tableName empty; use tableAlias/derivedTable to reference it - sc->tableName(""); + // For derived tables, set tableName/tableAlias/derivedTable to the new alias + sc->tableName(newTableAlias); sc->tableAlias(newTableAlias); sc->derivedTable(newTableAlias); + sc->data("``.`" + newTableAlias + "`.`" + sc->columnName() + "`"); sc->colPosition(colPosition); sc->isColumnStore(true); @@ -500,7 +504,11 @@ void tryToUpdateScToUseRewrittenDerived( execplan::SimpleColumn* sc, optimizer::TableAliasToNewAliasAndSCPositionsMap& tableAliasToSCPositionsMap) { - auto tableAliasToSCPositionsIt = tableAliasToSCPositionsMap.find(*sc->singleTable()); + auto singleTable = sc->singleTable(); + if (!singleTable) + return; + + auto tableAliasToSCPositionsIt = tableAliasToSCPositionsMap.find(*singleTable); if (tableAliasToSCPositionsIt != tableAliasToSCPositionsMap.end()) { @@ -536,7 +544,6 @@ void updateSCsUsingWalkers(optimizer::TableAliasToNewAliasAndSCPositionsMap& tableAliasToSCPositionsMap, execplan::ParseTree* pt) { - std::vector simpleColumns; pt->walk(execplan::getSimpleColsExtended, &simpleColumns); for (auto* sc : simpleColumns) @@ -568,22 +575,39 @@ bool applyParallelCES(execplan::CalpontSelectExecutionPlan& csep, optimizer::RBOptimizerContext& ctx) { auto tables = csep.tableList(); + execplan::CalpontSelectExecutionPlan::TableList newTableList; // TODO support CSEPs with derived tables execplan::CalpontSelectExecutionPlan::SelectList newDerivedTableList; bool ruleMustBeApplied = false; - optimizer::TableAliasToNewAliasAndSCPositionsMap tableAliasToSCPositionsMap; + + // Get reference to accumulated map from outer queries - used for updating correlated columns + // that reference tables from outer query + optimizer::TableAliasToNewAliasAndSCPositionsMap& accumulatedMap = ctx.getAccumulatedTableAliasMap(); + + // Local map for THIS CSEP's tables - subquery creates its OWN derived tables + // We insert local tables here AND into accumulatedMap + // Column updates will modify entries in accumulatedMap (which includes local tables) + // Then we copy back local table entries for derived table creation // 1st pass over tables to create derived tables placeholders to collect - // SCs to be updated + // SCs to be updated - each CSEP creates its OWN derived tables + std::vector localTables; + // Local map for THIS CSEP's tables only - separate from accumulated map + optimizer::TableAliasToNewAliasAndSCPositionsMap localTableMap; + for (auto& table : tables) { cal_impl_if::SchemaAndTableName schemaAndTableName = {table.schema, table.table}; auto anyColumnStatistics = ctx.getGwi().findStatisticsForATable(schemaAndTableName); if (!table.isColumnstore() && anyColumnStatistics) { + // Create NEW derived table for THIS CSEP's table + // Each CSEP (including subqueries) creates its OWN derived tables std::string tableAlias = getRewrittenSubTableAlias(table, ctx); - tableAliasToSCPositionsMap.insert({table, {tableAlias, {}, 0}}); + // Add to LOCAL map - this CSEP's own derived tables + localTableMap.insert({table, {tableAlias, {}, 0}}); + localTables.push_back(table); execplan::CalpontSystemCatalog::TableAliasName tn = execplan::make_aliasview("", "", tableAlias, ""); newTableList.push_back(tn); ruleMustBeApplied = true; @@ -594,6 +618,23 @@ } } + // Create a WORKING map for this CSEP's column updates + // Start with local tables, then add outer query tables (local takes priority) + // This ensures: + // 1. Local tables use THIS CSEP's derived tables + // 2. Correlated columns from outer query use outer query's derived tables + // 3. We don't modify accumulatedMap (which would affect outer query) + optimizer::TableAliasToNewAliasAndSCPositionsMap workingMap = localTableMap; + + // Add outer query mappings for correlated columns (only if not already in local map) + for (auto& [k, v] : accumulatedMap) + { + workingMap.insert({k, v}); // insert() won't overwrite existing local entries + } + + // Use workingMap for all column updates in this CSEP + optimizer::TableAliasToNewAliasAndSCPositionsMap& tableAliasToSCPositionsMap = workingMap; + // 2nd pass over RCs to update RCs with derived table SCs in projection execplan::CalpontSelectExecutionPlan::ReturnedColumnList newReturnedColumns; // replace parent CSEP RCs with derived table RCs using ScheamAndTableName -> tableAlias map @@ -641,36 +682,72 @@ { if (!root) return; - // Walker to process ExistsFilter nodes + // Walker to process ExistsFilter, SimpleScalarFilter, and SelectFilter nodes auto walker = [](const execplan::ParseTree* n, void* obj) { auto* ef = dynamic_cast(n->data()); auto* ssf = dynamic_cast(n->data()); - if (!ef && !ssf) + auto* sf = dynamic_cast(n->data()); + if (!ef && !ssf && !sf) return; + auto* mapPtr = static_cast(obj); auto& map = *mapPtr; - auto sub = ef ? ef->sub() : ssf->sub(); + + // Get the subquery + auto sub = ef ? ef->sub() : (ssf ? ssf->sub() : sf->sub()); + + // Build a set of subquery's own table aliases to distinguish outer query columns + std::set subqueryTableAliases; if (sub) { + for (auto& t : sub->tableList()) + { + subqueryTableAliases.insert(t.alias); + } + } + + // Helper to check if a column belongs to outer query (not subquery's own tables) + auto isOuterQueryColumn = [&subqueryTableAliases](execplan::SimpleColumn* sc) -> bool + { + const std::string& alias = sc->tableAlias(); + // Skip already rewritten columns + if (alias.find("$added_sub_") != std::string::npos) + return false; + // Column is from outer query if it's NOT in subquery's table list + return subqueryTableAliases.count(alias) == 0; + }; + + // For ExistsFilter (used for NOT IN), correlated outer query columns are in sub->filters() + // We need to rewrite ONLY outer query columns, not subquery's own columns + if (ef && sub) + { if (auto subFilters = sub->filters()) { std::vector subSCs; subFilters->walk(execplan::getSimpleColsExtended, &subSCs); for (auto* sc : subSCs) { - if (sc) + if (sc && isOuterQueryColumn(sc)) + { tryToUpdateScToUseRewrittenDerived(sc, map); + } } } - if (auto subHaving = sub->having()) + } + + // For SelectFilter, update the outer query columns being compared + if (sf) + { + for (const auto& col : sf->cols()) { - std::vector subSCs; - subHaving->walk(execplan::getSimpleColsExtended, &subSCs); - for (auto* sc : subSCs) + col->setSimpleColumnListExtended(); + for (auto* sc : col->simpleColumnListExtended()) { if (sc) + { tryToUpdateScToUseRewrittenDerived(sc, map); + } } } } @@ -679,31 +756,21 @@ }; if (filters) - { updateExistsCorrelated(filters); - } if (having) - { updateExistsCorrelated(having); - } - // 7th pass over tables to create derived CSEP with the collected SCs - for (auto& table : tables) - { - cal_impl_if::SchemaAndTableName schemaAndTableName = {table.schema, table.table}; - if (!table.isColumnstore()) + // 7th pass over LOCAL tables to create derived CSEP with the collected SCs + // Create derived tables only for LOCAL tables (this CSEP's own tables) + for (auto& table : localTables) + { + // Get the mapping from accumulatedMap (where column updates happened) + auto tableIt = tableAliasToSCPositionsMap.find(table); + if (tableIt != tableAliasToSCPositionsMap.end()) { - auto produceDerivedTableIt = tableAliasToSCPositionsMap.find(table); - if (produceDerivedTableIt != tableAliasToSCPositionsMap.end()) - { - auto& [newTableAlias, SCToPosCounterMap, unused] = produceDerivedTableIt->second; - auto derivedSCEP = createDerivedTableFromTable(csep, table, newTableAlias, ctx, SCToPosCounterMap); - newDerivedTableList.push_back(std::move(derivedSCEP)); - } - } - else - { - newTableList.push_back(table); + auto& [newTableAlias, SCToPosCounterMap, unused] = tableIt->second; + auto derivedSCEP = createDerivedTableFromTable(csep, table, newTableAlias, ctx, SCToPosCounterMap); + newDerivedTableList.push_back(std::move(derivedSCEP)); } } @@ -711,6 +778,17 @@ // Replace table list with new table list populated with union units csep.tableList(newTableList); csep.returnedCols(newReturnedColumns); + + // Update accumulatedMap with this CSEP's local tables for subqueries to use + // This must happen AFTER column updates so subqueries see the correct mappings + for (auto& table : localTables) + { + auto tableIt = workingMap.find(table); + if (tableIt != workingMap.end()) + { + accumulatedMap.insert_or_assign(table, tableIt->second); + } + } } return ruleMustBeApplied; } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_parallel_ces.h 2026-05-24 09:58:34.000000000 +0000 @@ -29,47 +29,10 @@ namespace optimizer { -struct TableAliasLessThan -{ - bool operator()(const execplan::CalpontSystemCatalog::TableAliasName& lhs, - const execplan::CalpontSystemCatalog::TableAliasName& rhs) const - { - if (lhs.schema < rhs.schema) - { - return true; - } - else if (lhs.schema == rhs.schema) - { - if (lhs.table < rhs.table) - { - return true; - } - else if (lhs.table == rhs.table) - { - if (lhs.alias < rhs.alias) - { - return true; - } - } - } - - return false; - } -}; - -struct SimpleColumnLessThan -{ - bool operator()(const execplan::SimpleColumn* lhs, const execplan::SimpleColumn* rhs) const - { - return lhs->columnName() < rhs->columnName(); - } -}; +// TableAliasLessThan, SimpleColumnLessThan, SCToPosCounterMap, and TableAliasToNewAliasAndSCPositionsMap +// are now defined in rulebased_optimizer.h using NewTableAliasAndColumnPosCounter = std::pair; -using SCToPosCounterMap = std::map; -using TableAliasToNewAliasAndSCPositionsMap = - std::map, TableAliasLessThan>; // Helper functions in details namespace namespace details diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -47,7 +47,16 @@ // fill TreeNode data rcCloned->derivedTable(tableAlias); - rcCloned->derivedRefCol(rc.get()); + if (auto* rcRef = rc->derivedRefCol()) + { + rcCloned->derivedRefCol(rcRef); + rcRef->incRefCount(); + } + else + { + rcCloned->derivedRefCol(rc.get()); + rc->incRefCount(); + } rcCloned->resultType(rc->resultType()); rcCloned->operationType(rc->operationType()); rcCloned->colPosition(colPos); @@ -68,7 +77,6 @@ { rcCloned->timeZone(rcwc->timeZone()); } - rc->incRefCount(); auto colName = getSimpleColumnAlias(*rc, colPos); rcCloned->columnName(colName); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_apply_rewrite_distinct.h 2026-05-24 09:58:34.000000000 +0000 @@ -28,4 +28,4 @@ { bool rewriteDistinctFilter(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx); bool applyRewriteDistinct(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx); -} \ No newline at end of file +} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.cpp 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,592 @@ +/* Copyright (C) 2026 MariaDB Corporation + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; version 2 of + the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + MA 02110-1301, USA. */ + +#include +#include +#include +#include "rulebased_optimizer.h" + +#include "calpontselectexecutionplan.h" +#include "aggregatecolumn.h" +#include "arithmeticcolumn.h" +#include "arithmeticoperator.h" +#include "constantcolumn.h" +#include "simplecolumn.h" +#include "simplefilter.h" +#include "existsfilter.h" +#include "functioncolumn.h" +#include "logicoperator.h" + +namespace optimizer +{ + +namespace +{ + + +struct ColumnWrapperContext +{ + ColumnWrapperContext( + const std::vector* gbcols, + const execplan::CalpontSelectExecutionPlan::TableList& tablelist) + : gbCols(gbcols) + , origGbCols(gbCols) + , tableList(tablelist) + {} + + const std::vector* gbCols; + const std::vector* origGbCols; + const execplan::CalpontSelectExecutionPlan::TableList& tableList; + std::vector> aggExprs; + uint32_t nextId{0}; + bool applied{false}; + static std::vector emptySRCPVec; +}; + +std::vector ColumnWrapperContext::emptySRCPVec; + +bool isAggregateColumn(const std::variant& col, + RBOptimizerContext& ctx) +{ + bool ret = false; + std::vector> stack; + stack.emplace_back(col); + while (!stack.empty()) + { + auto node = stack.back(); + stack.pop_back(); + if (auto* ptp = std::get_if(&node)) + { + auto* pt = *ptp; + if (pt->left() != nullptr) + stack.emplace_back(pt->left()); + if (pt->right() != nullptr) + stack.emplace_back(pt->right()); + stack.emplace_back(pt->data()); + } + else + { + auto* tn = std::get(node); + if (auto* rc = dynamic_cast(tn)) + { + if (rc->expressionId() != -1u) + ctx.setMaxExpressionId(rc->expressionId()); + } + + if (auto* agc = dynamic_cast(tn)) + { + ret = true; + for (auto& arg : agc->aggParms()) + { + stack.emplace_back(arg.get()); + } + } + else if (auto* ac = dynamic_cast(tn)) + { + stack.emplace_back(ac->expression()); + } + else if (auto* fc = dynamic_cast(tn)) + { + for (auto& arg : fc->functionParms()) + { + stack.emplace_back(arg.get()); + } + } + else if (auto* sf = dynamic_cast(tn)) + { + if (sf->lhs() != nullptr) + stack.emplace_back(sf->lhs()); + if (sf->rhs() != nullptr) + stack.emplace_back(sf->rhs()); + } + else if (auto* wf = dynamic_cast(tn)) + { + for (auto& arg : wf->functionParms()) + { + stack.emplace_back(arg.get()); + } + for (auto& part : wf->partitions()) + { + stack.emplace_back(part.get()); + } + } + } + } + return ret; +} + +bool hasAggregateColumns(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx) +{ + bool ret = false; + for (const auto* cols : {&csep.returnedCols(), &csep.orderByCols()}) + { + for (const auto& col : *cols) + { + if (isAggregateColumn(col.get(), ctx)) + ret = true; + } + } + if (csep.having()) + ret |= isAggregateColumn(csep.having(), ctx); + return ret; +} + +bool needWrap(execplan::TreeNode* tn, ColumnWrapperContext& lctx) +{ + if (dynamic_cast(tn) != nullptr || + dynamic_cast(tn) != nullptr) + { + return false; + } + + if (auto* sc = dynamic_cast(tn)) + { + bool ourTable = false; + for (const auto& tbl : lctx.tableList) + { + if (!tbl.isColumnstore()) + { + continue; + } + if (tbl.schema == sc->schemaName() && + (tbl.table == sc->tableName() || (tbl.table.empty() && tbl.alias == sc->tableName())) && + tbl.alias == sc->tableAlias()) + { + ourTable = true; + break; + } + } + if (!ourTable) + { + return false; + } + } + + if (dynamic_cast(tn)) + return true; + + auto* rc = dynamic_cast(tn); + if (!rc) + { + return false; + } + + // In this case sorting direction & joinInfo is not significant, so set it to the default value + // for columns comparison (actual for ORDER BY columns) + // Old values are not restored after exceptions, as the entire query will be aborted in this case + bool asc = rc->asc(); + auto joinInfo = rc->joinInfo(); + rc->asc(true); + rc->joinInfo(0); + bool ret = true; + for (const auto& gbCol : *lctx.gbCols) + { + if (*rc == *gbCol && rc->derivedRefCol() == gbCol->derivedRefCol()) + { + ret = false; + break; + } + } + rc->asc(asc); + rc->joinInfo(joinInfo); + return ret; +} + +template +execplan::AggregateColumn* wrapColumn(const T& rc, ColumnWrapperContext& lctx, RBOptimizerContext& ctx) +{ + auto ac = std::make_unique(rc->sessionID()); + ac->timeZone(ctx.getGwi().timeZone); + ac->alias(rc->alias()); + ac->aggOp(execplan::AggregateColumn::SELECT_SOME); + ac->asc(rc->asc()); + ac->charsetNumber(rc->charsetNumber()); + ac->orderPos(rc->orderPos()); + ac->aggParms().emplace_back(rc); + ac->resultType(rc->resultType()); + + size_t i; + for (i = 0; i < lctx.aggExprs.size(); i++) + { + if (*ac == *lctx.aggExprs[i].first) + break; + } + if (i < lctx.aggExprs.size()) + { + ac->expressionId(lctx.aggExprs[i].second); + } + else + { + ac->expressionId(lctx.nextId); + lctx.aggExprs.emplace_back(ac.get(), lctx.nextId++); + } + lctx.applied = true; + return ac.release(); +} + +struct Stack +{ + using FrameType = std::variant; + struct Frame + { + FrameType node; + size_t step; + }; + std::vector frames; + std::vector results; + std::vector*> gbCols; +}; + +bool processColumn(const Stack::FrameType& rc, ColumnWrapperContext& lctx, RBOptimizerContext& ctx) +{ + Stack stack; + stack.frames.push_back(Stack::Frame{rc, 0}); + while (!stack.frames.empty()) + { + auto& [node, step] = stack.frames.back(); + if (auto* parseTreePtrPtr = std::get_if(&node)) + { + auto* pt = *parseTreePtrPtr; + if (pt->left() == nullptr && pt->right() == nullptr) + { + // The only way when data() is a column is than it is a "leaf" + if (step == 0) + { + step++; + stack.frames.push_back(Stack::Frame{pt->data(), 0}); + continue; + } + auto wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + auto* col = dynamic_cast(pt->data()); + idbassert(col != nullptr); + // replace fData with the wrapped one + pt->data(wrapColumn(col, lctx, ctx)); + } + stack.frames.pop_back(); + stack.results.push_back(false); + continue; + } + + // walk to the left + if (step == 0) + { + step++; + stack.frames.push_back(Stack::Frame{pt->left(), 0}); + continue; + } + // walk to the right + if (step == 1) + { + step++; + stack.results.pop_back(); + stack.frames.push_back(Stack::Frame{pt->right(), 0}); + continue; + } + // we are not interested in the results because the wrapping is performed in "leaf" processing above + stack.frames.pop_back(); + stack.results.back() = false; + } + else + { + auto* tn = std::get(node); + if (!needWrap(tn, lctx)) + { + stack.frames.pop_back(); + stack.results.push_back(false); + continue; + } + if (dynamic_cast(tn)) + { + // there is nothing to do with the aggregates subtrees, so just return + stack.frames.pop_back(); + stack.results.push_back(false); + continue; + } + if (auto* sc = dynamic_cast(tn)) + { + // mark column for wrapping if needed, real wrapping will be performed upper by stack + stack.frames.pop_back(); + stack.results.push_back(needWrap(sc, lctx)); + continue; + } + if (auto* ac = dynamic_cast(tn)) + { + if (step == 0) + { + step++; + stack.gbCols.push_back(lctx.gbCols); + lctx.gbCols = &lctx.emptySRCPVec; + stack.frames.push_back(Stack::Frame{ac->expression(), 0}); + } + else + { + lctx.gbCols = stack.gbCols.back(); + stack.gbCols.pop_back(); + stack.frames.pop_back(); + } + continue; + } + if (auto* fc = dynamic_cast(tn)) + { + if (step > 0) + { + // prev parameter has been processed, wrap it if needed + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + auto* col = dynamic_cast(fc->functionParms()[step - 1]->data()); + idbassert(col != nullptr); + fc->functionParms()[step - 1]->data(wrapColumn(col, lctx, ctx)); + } + } + if (step < fc->functionParms().size()) + { + if (step == 0) + { + stack.gbCols.push_back(lctx.gbCols); + lctx.gbCols = &lctx.emptySRCPVec; + } + // there are some params left, push the next one + stack.frames.push_back(Stack::Frame{fc->functionParms()[step++].get(), 0}); + } + else + { + lctx.gbCols = stack.gbCols.back(); + stack.gbCols.pop_back(); + stack.frames.pop_back(); + stack.results.push_back(false); + } + continue; + } + if (auto* sf = dynamic_cast(tn)) + { + // left part of the filter + if (step == 0) + { + step++; + stack.frames.push_back(Stack::Frame{sf->lhs(), 0}); + continue; + } + // left part is done, wrap it if needed and go to the right + if (step == 1) + { + step++; + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + sf->lhs(wrapColumn(sf->lhs(), lctx, ctx)); + } + stack.frames.push_back(Stack::Frame{sf->rhs(), 0}); + continue; + } + // wrap rhs if needed and return + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + sf->rhs(wrapColumn(sf->rhs(), lctx, ctx)); + } + stack.frames.pop_back(); + stack.results.push_back(false); + continue; + } + if (auto* wf = dynamic_cast(tn)) + { + constexpr size_t PART_FLAG{0x80000000}; + constexpr size_t ORD_FLAG{0x40000000}; + if (!(step & (PART_FLAG | ORD_FLAG))) + { + if (step == 0) + { + stack.gbCols.push_back(lctx.gbCols); + lctx.gbCols = lctx.origGbCols; + } + + // window function param + if (step > 0) + { + // prev param has been processed, wrap it if needed + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + auto col = wf->functionParms()[step - 1]; + wf->functionParms()[step - 1] = execplan::SRCP(wrapColumn(col, lctx, ctx)); + } + } + if (step < wf->functionParms().size()) + { + // there are some params left, push the next one + stack.frames.push_back(Stack::Frame{wf->functionParms()[step++].get(), 0}); + continue; + } + else if (!wf->partitions().empty()) + { + // wrap partitions + step = PART_FLAG | 1; + stack.frames.push_back(Stack::Frame{wf->partitions()[0].get(), 0}); + continue; + } + else if (!wf->orderBy().fOrders.empty()) + { + // wrap order by columns + step = ORD_FLAG | 1; + stack.frames.push_back(Stack::Frame{wf->orderBy().fOrders[0].get(), 0}); + continue; + } + } + else if (step & PART_FLAG) + { + // window function partition + size_t partStep = step & ~PART_FLAG; + if (partStep > 0) + { + // prev partition has been processed, wrap it if needed + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + auto col = wf->partitions()[partStep - 1]; + wf->partitions()[partStep - 1] = execplan::SRCP(wrapColumn(col, lctx, ctx)); + } + } + if (partStep < wf->partitions().size()) + { + // there are some partitions left, push the next one + step++; + partStep++; + stack.frames.push_back(Stack::Frame{wf->partitions()[partStep].get(), 0}); + continue; + } + else if (!wf->orderBy().fOrders.empty()) + { + // wrap order by columns + step = ORD_FLAG | 1; + stack.frames.push_back(Stack::Frame{wf->orderBy().fOrders[0].get(), 0}); + continue; + } + } + else if (step & ORD_FLAG) + { + // window function ordering + size_t ordStep = step & ~ORD_FLAG; + if (ordStep > 0) + { + // prev order by column has been processed, wrap it if needed + bool wrap = stack.results.back(); + stack.results.pop_back(); + if (wrap) + { + auto col = wf->orderBy().fOrders[ordStep - 1]; + wf->orderBy().fOrders[ordStep - 1] = execplan::SRCP(wrapColumn(col, lctx, ctx)); + } + } + if (ordStep < wf->orderBy().fOrders.size()) + { + step++; + ordStep++; + stack.frames.push_back(Stack::Frame{wf->orderBy().fOrders[ordStep].get(), 0}); + continue; + } + } + // all done + lctx.gbCols = stack.gbCols.back(); + stack.gbCols.pop_back(); + stack.frames.pop_back(); + stack.results.push_back(false); + continue; + } + } + } + + if (!stack.results.empty()) + { + return stack.results.back(); + } + return false; +} + +void wrapIntoAggregate(execplan::SRCP& rc, ColumnWrapperContext& lctx, RBOptimizerContext& ctx) +{ + if (processColumn(rc.get(), lctx, ctx)) + { + auto* ac = wrapColumn(rc, lctx, ctx); + rc.reset(ac); + } +} + +} // namespace + +bool groupByWrapColumnsFilter(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx) +{ + bool hasCSTables = std::any_of(csep.tableList().begin(), csep.tableList().end(), + [](const auto& table) { return table.isColumnstore(); }); + if (!hasCSTables) + { + return false; + } + + // If the GROUP BY clause is missing, we need to go through all the columns in the SELECT + // and ORDER BY expressions. The gwi.implicitExplicitGroupBy flag cannot be used as it is + // global for the entire query, and we are interested in each specific subquery individually. + if (hasAggregateColumns(csep, ctx) || !csep.groupByCols().empty()) + { + return true; + } + + return false; +} + +bool applyGroupByWrapColumns(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx) +{ + ColumnWrapperContext lctx{&csep.groupByCols(), csep.tableList()}; + // Find the next expression ID. Since this is the only place where the SELECT_SOME can appear, + // there is no need to check if such an expression has occurred before. + lctx.nextId = ctx.getMaxExpressionId() + 1; + for (const auto& p : ctx.getGwi().processed) { + if (p.second != -1u && p.second >= lctx.nextId) + { + lctx.nextId = p.second + 1; + } + } + + for (auto* cols : {&csep.returnedCols(), &csep.orderByCols()}) + { + for (auto& rc : *cols) + { + if (!needWrap(rc.get(), lctx)) + { + continue; + } + wrapIntoAggregate(rc, lctx, ctx); + } + } + if (csep.having() != nullptr) + { + // HAVING is a parse tree, not column + processColumn(csep.having(), lctx, ctx); + } + + return lctx.applied; +} + +} // namespace optimizer diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_groupby_wrap_columns.h 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,32 @@ +/* Copyright (C) 2026 MariaDB Corporation + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public License + as published by the Free Software Foundation; version 2 of + the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, + MA 02110-1301, USA. */ + +#pragma once + +#define PREFER_MY_CONFIG_H +#include +#include "../mysql/idb_mysql.h" + +#include "execplan/calpontselectexecutionplan.h" +#include "rulebased_optimizer.h" + +namespace optimizer +{ + bool groupByWrapColumnsFilter(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx); + bool applyGroupByWrapColumns(execplan::CalpontSelectExecutionPlan& csep, RBOptimizerContext& ctx); +} + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -97,8 +97,8 @@ } } - // should never be null; if null then give up optimization. - if (!csep) + // should never be null; if null or rCTE then give up the optimization. + if (!csep || csep->isRecursiveWithTable()) return n; // 2. push the filter to the derived table filter stack, or 'and' with @@ -183,6 +183,7 @@ execplan::CalpontSelectExecutionPlan::ReturnedColumnList derivedColList = plan->returnedCols(); auto mapIt = derivedTbFilterMap.find(plan->derivedTbAlias()); + // TODO implement rCTE anchor-only specific predicate pushdown. if (mapIt != derivedTbFilterMap.end()) { // replace all derived column of this filter with real column from diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rbo_predicate_pushdown.h 2026-05-24 09:58:34.000000000 +0000 @@ -20,11 +20,17 @@ #define PREFER_MY_CONFIG_H #include #include +#include #include "execplan/calpontselectexecutionplan.h" #include "rulebased_optimizer.h" -namespace optimizer { - bool predicatePushdownFilter(execplan::CalpontSelectExecutionPlan& csep, optimizer::RBOptimizerContext& ctx); - bool applyPredicatePushdown(execplan::CalpontSelectExecutionPlan& csep, optimizer::RBOptimizerContext& ctx); -} \ No newline at end of file +namespace optimizer +{ +bool predicatePushdownFilter(execplan::CalpontSelectExecutionPlan& csep, optimizer::RBOptimizerContext& ctx); +bool applyPredicatePushdown(execplan::CalpontSelectExecutionPlan& csep, optimizer::RBOptimizerContext& ctx); +execplan::ParseTree* setDerivedFilter(cal_impl_if::gp_walk_info* gwip, execplan::ParseTree*& n, + std::map& obj, + execplan::CalpontSelectExecutionPlan::SelectList& derivedTbList); + +} // namespace optimizer diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.cpp mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.cpp 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.cpp 2026-05-24 09:58:34.000000000 +0000 @@ -22,8 +22,9 @@ #include "execplan/calpontselectexecutionplan.h" #include "predicateoperator.h" #include "rbo_apply_parallel_ces.h" -#include "rbo_predicate_pushdown.h" #include "rbo_apply_rewrite_distinct.h" +#include "rbo_groupby_wrap_columns.h" +#include "rbo_predicate_pushdown.h" #include "utils/pron/pron.h" #include "calpontsystemcatalog.h" @@ -81,6 +82,7 @@ bool useUnstableOptimizer) { std::vector rules; + if (useUnstableOptimizer) { optimizer::Rule parallelCES{"parallel_ces", optimizer::parallelCESFilter, optimizer::applyParallelCES}; @@ -90,7 +92,9 @@ optimizer::applyRewriteDistinct}; rules.push_back(rewriteDistinct); } - + optimizer::Rule rewriteGroupBy{"groupby_wrap", optimizer::groupByWrapColumnsFilter, + optimizer::applyGroupByWrapColumns}; + rules.push_back(rewriteGroupBy); optimizer::Rule predicatePushdown{"predicate_pushdown", optimizer::predicatePushdownFilter, optimizer::applyPredicatePushdown}; rules.push_back(predicatePushdown); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.h mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.h --- mariadb-11.8.6/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.h 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/dbcon/rbo/rulebased_optimizer.h 2026-05-24 09:58:34.000000000 +0000 @@ -17,7 +17,9 @@ #pragma once +#include #include +#include #include #define PREFER_MY_CONFIG_H @@ -28,10 +30,58 @@ #include "execplan/calpontselectexecutionplan.h" #include "execplan/calpontsystemcatalog.h" +#include "execplan/simplecolumn.h" namespace optimizer { +// Forward declarations for table alias mapping types +// Compares by schema, table, AND alias - for exact table matching +struct TableAliasLessThan +{ + bool operator()(const execplan::CalpontSystemCatalog::TableAliasName& lhs, + const execplan::CalpontSystemCatalog::TableAliasName& rhs) const + { + if (lhs.schema < rhs.schema) + return true; + if (lhs.schema == rhs.schema) + { + if (lhs.table < rhs.table) + return true; + if (lhs.table == rhs.table) + return lhs.alias < rhs.alias; + } + return false; + } +}; + +// Compares by schema and table ONLY (ignores alias) - for finding same base table across queries +struct TableSchemaTableLessThan +{ + bool operator()(const execplan::CalpontSystemCatalog::TableAliasName& lhs, + const execplan::CalpontSystemCatalog::TableAliasName& rhs) const + { + if (lhs.schema < rhs.schema) + return true; + if (lhs.schema == rhs.schema) + return lhs.table < rhs.table; + return false; + } +}; + +struct SimpleColumnLessThan +{ + bool operator()(const execplan::SimpleColumn* lhs, const execplan::SimpleColumn* rhs) const + { + return lhs->columnName() < rhs->columnName(); + } +}; + +using SCToPosCounterMap = std::map; +using TableAliasToNewAliasAndSCPositionsMap = + std::map, TableAliasLessThan>; + class RBOptimizerContext { public: @@ -62,6 +112,15 @@ { ++uniqueId_; } + uint32_t getMaxExpressionId() const + { + return maxExpressionId_; + } + void setMaxExpressionId(uint32_t exprId) + { + if (exprId > maxExpressionId_) + maxExpressionId_ = exprId; + } bool logRulesEnabled() const { return logRules_; @@ -96,16 +155,30 @@ return out; } + // Accumulated table alias mapping for parallel CES rule + // This allows subqueries to see outer query's rewritten table aliases + TableAliasToNewAliasAndSCPositionsMap& getAccumulatedTableAliasMap() + { + return accumulatedTableAliasMap_; + } + const TableAliasToNewAliasAndSCPositionsMap& getAccumulatedTableAliasMap() const + { + return accumulatedTableAliasMap_; + } + private: // gwi lifetime should be longer than optimizer context. // In plugin runtime this is always true. cal_impl_if::gp_walk_info& gwi_; THD& thd_; uint64_t uniqueId_{0}; + uint32_t maxExpressionId_{0}; bool logRules_{false}; uint cesOptimizationParallelFactor_; // Names of rules that were actually applied in order std::vector appliedRules_; + // Accumulated table alias mapping for parallel CES - allows subqueries to see outer query's mappings + TableAliasToNewAliasAndSCPositionsMap accumulatedTableAliasMap_; }; struct Rule @@ -145,4 +218,4 @@ std::string getRewrittenSubTableAlias(const execplan::CalpontSystemCatalog::TableAliasName& table, const RBOptimizerContext& ctx); -} // namespace optimizer \ No newline at end of file +} // namespace optimizer diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/docs/QueryAccelerator.md mariadb-11.8.8/storage/columnstore/columnstore/docs/QueryAccelerator.md --- mariadb-11.8.6/storage/columnstore/columnstore/docs/QueryAccelerator.md 2026-01-31 13:27:50.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/docs/QueryAccelerator.md 2026-05-24 09:58:34.000000000 +0000 @@ -9,13 +9,25 @@ # How to enable Query Accelerator -- One has to set `columnstore_innodb_queries_use_mcs = on` in MariaDB configuration file and restart MariaDB server(my.cnf). -- Set a number of parameters in a client session: +- Set `columnstore_innodb_queries_use_mcs = on` in MariaDB configuration file and restart MariaDB server (my.cnf). +- Use the convenience routines in the `queryacc` schema (automatically created during ColumnStore installation): ```SQL -set columnstore_unstable_optimizer=on; -set optimizer_switch="index_merge=off,index_merge_union=off,index_merge_sort_union=off,index_merge_intersection=off,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=on,in_to_exists=off,semijoin=off,partial_match_rowid_merge=off,partial_match_table_scan=off,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=off,join_cache_hashed=off,join_cache_bka=off,optimize_join_buffer_size=off,table_elimination=off,extended_keys=off,exists_to_in=off,orderby_uses_equalities=off,condition_pushdown_for_derived=on,split_materialized=off,condition_pushdown_for_subquery=off,rowid_filter=off,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off,cset_narrowing=off,sargable_casefold=off"; +-- Enable Query Accelerator and save previous settings +SET @old_settings = queryacc.enable_queryacc(); + +-- Run your queries +SELECT ...; + +-- Disable and restore previous settings +CALL queryacc.disable_queryacc(@old_settings); +``` +- To run a single query with Query Accelerator without manually managing enable/disable: +```SQL +CALL queryacc.with_queryacc('SELECT ...'); ``` +> **Warning:** Do not leave Query Accelerator enabled for an entire session. Always call `disable_queryacc()` after your queries, or use `with_queryacc()` which handles this automatically. + # Enable ColumnStore processing for InnoDB tables There must be Engine Independent statistics for InnoDB table index column to be used for Query Accelerator. ```SQL @@ -30,6 +42,8 @@ Watch out `max_connections`. If you set `columnstore_query_accel_parallel_factor` to a high value, you may need to increase `max_connections` to avoid connection pool exhaustion. +> **Note:** `enable_queryacc()` sets `columnstore_query_accel_parallel_factor` to 5 by default. To use a different value, set it manually after calling `enable_queryacc()`. + # How to verify Query Accelerator is being used There are two ways to verify Query Accelerator is being used: 1. Use `select mcs_get_plan('rules')` to get a list of the rules that were applied to the query. diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/disabled.def mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/disabled.def --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/disabled.def 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/disabled.def 2026-05-24 09:58:34.000000000 +0000 @@ -11,3 +11,4 @@ ctype_extent_koi8u : unstable MCOL-6165 2025-09-26 timofey.turenko@mariadb.com ctype_extent_latin1 : unstable MCOL-6165 2025-09-26 timofey.turenko@mariadb.com ctype_extent_utf8mb3 : unstable MCOL-6165 2025-09-26 timofey.turenko@mariadb.com +MCOL-5142-left-join-null-driving: unstable MCOL-5142 2026-01-02 roman.nozdrin@mariadb.com \ No newline at end of file diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-basic.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-basic.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-basic.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-basic.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,46 @@ +DROP DATABASE IF EXISTS MCOL5142; +CREATE DATABASE MCOL5142; +USE MCOL5142; +CREATE TABLE employees ( +id INT NOT NULL, +name VARCHAR(100), +manager_id INT +) ENGINE = ColumnStore; +INSERT INTO employees (id, name, manager_id) VALUES +(1, 'Alice', NULL), +(2, 'Bob', 1), +(3, 'Charlie', 1), +(4, 'David', 2), +(5, 'Eve', 2), +(6, 'Frank', 3); +INSERT INTO employees (id, name, manager_id) VALUES +(7, 'Grace', 4), +(8, 'Heidi', 4), +(9, 'Ivan', 5), +(10, 'Judy', 6), +(11, 'Karl', 7), +(12, 'Laura', 11); +WITH RECURSIVE employee_hierarchy AS ( +SELECT id, name, manager_id, 0 AS level +FROM employees +WHERE id = 1 +UNION ALL +SELECT e.id, e.name, e.manager_id, eh.level + 1 +FROM employees as e +JOIN employee_hierarchy eh ON e.manager_id = eh.id +) +SELECT * FROM employee_hierarchy; +id name manager_id level +1 Alice NULL 0 +10 Judy 6 3 +11 Karl 7 4 +12 Laura 11 5 +2 Bob 1 1 +3 Charlie 1 1 +4 David 2 2 +5 Eve 2 2 +6 Frank 3 2 +7 Grace 4 3 +8 Heidi 4 3 +9 Ivan 5 3 +DROP DATABASE MCOL5142; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-cyclic.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-cyclic.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-cyclic.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-cyclic.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,48 @@ +DROP DATABASE IF EXISTS MCOL5142_cyclic; +CREATE DATABASE MCOL5142_cyclic; +USE MCOL5142_cyclic; +CREATE TABLE t_cycle (id INT, next_id INT) ENGINE=ColumnStore; +INSERT INTO t_cycle VALUES (1, 2), (2, 3), (3, 1); +SET @old_max_recursive_iterations = @@max_recursive_iterations; +SET @@max_recursive_iterations = 10; +SELECT @@max_recursive_iterations; +@@max_recursive_iterations +10 +WITH RECURSIVE cte AS ( +SELECT id, next_id FROM t_cycle WHERE id = 1 +UNION ALL +SELECT t.id, t.next_id FROM t_cycle t JOIN cte c ON t.id = c.next_id +) +SELECT * FROM cte LIMIT 100; +id next_id +1 2 +1 2 +1 2 +1 2 +2 3 +2 3 +2 3 +2 3 +3 1 +3 1 +3 1 +WITH RECURSIVE cte AS ( +SELECT id, next_id FROM t_cycle WHERE id = 1 +UNION ALL +SELECT t.id, t.next_id FROM t_cycle t JOIN cte c ON t.id = c.next_id +) +SELECT * FROM cte LIMIT 100; +id next_id +1 2 +1 2 +1 2 +1 2 +2 3 +2 3 +2 3 +2 3 +3 1 +3 1 +3 1 +SET @@max_recursive_iterations = @old_max_recursive_iterations; +DROP DATABASE MCOL5142_cyclic; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-error-cases.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-error-cases.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-error-cases.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-error-cases.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,56 @@ +DROP DATABASE IF EXISTS MCOL5142_ERROR_CASES; +CREATE DATABASE MCOL5142_ERROR_CASES; +USE MCOL5142_ERROR_CASES; +CREATE TABLE t (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t VALUES (1, NULL), (2, 1), (3, 2), (4, 3); +WITH RECURSIVE cte AS ( +SELECT id, pid FROM t WHERE id = 1 +UNION DISTINCT +SELECT t.id, t.pid FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +ERROR 42000: The storage engine for the table doesn't support Recursive CTE with UNION DISTINCT is not supported by ColumnStore. Use UNION ALL. +WITH RECURSIVE cte AS ( +SELECT id, pid FROM t WHERE id = 1 +UNION ALL +SELECT MAX(t.id), t.pid FROM t JOIN cte c ON t.pid = c.id GROUP BY t.pid +) +SELECT * FROM cte; +ERROR HY000: Restrictions imposed on recursive definitions are violated for table 'cte' +WITH RECURSIVE cte AS ( +SELECT id, pid FROM t WHERE id = 1 +UNION ALL +SELECT t.id, t.pid FROM t JOIN cte c ON t.pid = c.id ORDER BY t.id +) +SELECT * FROM cte; +ERROR 42000: Table 't' from one of the SELECTs cannot be used in ORDER BY +WITH RECURSIVE cte AS ( +SELECT id, pid, 1 AS rn FROM t WHERE id = 1 +UNION ALL +SELECT t.id, t.pid, ROW_NUMBER() OVER () FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +ERROR HY000: Restrictions imposed on recursive definitions are violated for table 'cte' +SET @old_max_recursive_iterations = @@max_recursive_iterations; +SET @@max_recursive_iterations = 2; +WITH RECURSIVE cte AS ( +SELECT id, pid, 0 AS lvl FROM t WHERE id = 1 +UNION ALL +SELECT t.id, t.pid, c.lvl + 1 FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +id pid lvl +1 NULL 0 +2 1 1 +3 2 2 +SET @@max_recursive_iterations = 0; +WITH RECURSIVE cte AS ( +SELECT id, pid, 0 AS lvl FROM t WHERE id = 1 +UNION ALL +SELECT t.id, t.pid, c.lvl + 1 FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +id pid lvl +1 NULL 0 +SET @@max_recursive_iterations = @old_max_recursive_iterations; +DROP DATABASE MCOL5142_ERROR_CASES; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-left-join-null-driving.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-left-join-null-driving.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-left-join-null-driving.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-left-join-null-driving.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,30 @@ +DROP DATABASE IF EXISTS MCOL5142_LEFT_JOIN; +CREATE DATABASE MCOL5142_LEFT_JOIN; +USE MCOL5142_LEFT_JOIN; +CREATE TABLE nodes ( +id INT NOT NULL, +next_id INT NULL +); +INSERT INTO nodes VALUES +(1,2), +(2,3), +(3,NULL), +(4,99); +WITH RECURSIVE walk AS ( +SELECT id, next_id, 0 AS lvl +FROM nodes +WHERE id IN (1,4) +UNION ALL +SELECT w.next_id AS id, n.next_id, w.lvl + 1 +FROM walk w +LEFT JOIN nodes n ON n.id = w.next_id +WHERE w.next_id IS NOT NULL +) +SELECT * FROM walk; +id next_id lvl +1 2 0 +4 99 0 +2 3 1 +99 NULL 1 +3 NULL 2 +DROP DATABASE MCOL5142_LEFT_JOIN; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-root.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-root.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-root.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-root.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,36 @@ +DROP DATABASE IF EXISTS MCOL5142_MULTI_ROOT; +CREATE DATABASE MCOL5142_MULTI_ROOT; +USE MCOL5142_MULTI_ROOT; +CREATE TABLE emp ( +id INT NOT NULL, +name VARCHAR(50), +manager_id INT NULL +) ENGINE=ColumnStore; +INSERT INTO emp VALUES +(1,'CEO-A',NULL), +(2,'A-1',1), +(3,'A-2',1), +(10,'CEO-B',NULL), +(11,'B-1',10), +(12,'B-2',10), +(13,'B-1-1',11); +WITH RECURSIVE org AS ( +SELECT id, name, manager_id, id AS root_id, 0 AS lvl +FROM emp +WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, o.root_id, o.lvl + 1 +FROM emp e +JOIN org o ON e.manager_id = o.id +) +SELECT root_id, id, name, manager_id, lvl +FROM org; +root_id id name manager_id lvl +1 1 CEO-A NULL 0 +1 2 A-1 1 1 +1 3 A-2 1 1 +10 10 CEO-B NULL 0 +10 11 B-1 10 1 +10 12 B-2 10 1 +10 13 B-1-1 11 2 +DROP DATABASE MCOL5142_MULTI_ROOT; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-table.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-table.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-table.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multi-table.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,62 @@ +DROP DATABASE IF EXISTS MULTI_TABLE_TEST; +CREATE DATABASE MULTI_TABLE_TEST; +USE MULTI_TABLE_TEST; +CREATE TABLE products ( +product_id INT NOT NULL, +product_name VARCHAR(100) +) ENGINE = ColumnStore; +CREATE TABLE components ( +component_id INT NOT NULL, +component_name VARCHAR(100), +parent_product_id INT +) ENGINE = ColumnStore; +CREATE TABLE suppliers ( +supplier_id INT NOT NULL, +supplier_name VARCHAR(100), +component_id INT +) ENGINE = ColumnStore; +INSERT INTO products (product_id, product_name) VALUES +(10, 'Smartphone'); +INSERT INTO components (component_id, component_name, parent_product_id) VALUES +(100, 'Screen', 10), +(101, 'Battery', 10), +(200, 'Glass Panel', 100), +(201, 'LCD', 100), +(202, 'Connector', 101); +INSERT INTO suppliers (supplier_id, supplier_name, component_id) VALUES +(1000, 'Supplier A', 200), +(1001, 'Supplier B', 201), +(1002, 'Supplier C', 202); +WITH RECURSIVE product_tree AS ( +SELECT +p.product_id AS root_id, +p.product_name AS root_name, +c.component_id, +c.component_name, +c.parent_product_id, +1 AS level +FROM products p +JOIN components c ON p.product_id = c.parent_product_id +UNION ALL +SELECT +pt.root_id, +pt.root_name, +c.component_id, +c.component_name, +c.parent_product_id, +pt.level + 1 +FROM components c +JOIN product_tree pt ON c.parent_product_id = pt.component_id +) +SELECT +pt.root_name AS product, +pt.component_name AS component, +s.supplier_name AS supplier, +pt.level +FROM product_tree pt +JOIN suppliers s ON pt.component_id = s.component_id; +product component supplier level +Smartphone Connector Supplier C 2 +Smartphone Glass Panel Supplier A 2 +Smartphone LCD Supplier B 2 +DROP DATABASE MULTI_TABLE_TEST; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multiple-recursive-references.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multiple-recursive-references.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multiple-recursive-references.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-multiple-recursive-references.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,18 @@ +DROP DATABASE IF EXISTS MCOL5142_MULTI_REC_REF; +CREATE DATABASE MCOL5142_MULTI_REC_REF; +USE MCOL5142_MULTI_REC_REF; +CREATE TABLE t ( +id INT NOT NULL +) ENGINE=Columnstore; +INSERT INTO t VALUES (1),(2),(3); +WITH RECURSIVE cte AS ( +SELECT id FROM t WHERE id = 1 +UNION ALL +SELECT c1.id + c2.id +FROM cte c1 +JOIN cte c2 ON c2.id = c1.id +WHERE c1.id < 3 +) +SELECT * FROM cte; +ERROR HY000: Restrictions imposed on recursive definitions are violated for table 'cte' +DROP DATABASE MCOL5142_MULTI_REC_REF; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-nested-subquery-anchor.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-nested-subquery-anchor.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-nested-subquery-anchor.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-nested-subquery-anchor.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,48 @@ +DROP DATABASE IF EXISTS NESTED_SUBQUERY_TEST; +CREATE DATABASE NESTED_SUBQUERY_TEST; +USE NESTED_SUBQUERY_TEST; +CREATE TABLE employees ( +id INT NOT NULL, +name VARCHAR(100), +manager_id INT, +department_id INT +) ENGINE = ColumnStore; +CREATE TABLE departments ( +id INT NOT NULL, +name VARCHAR(100) +) ENGINE = ColumnStore; +INSERT INTO departments (id, name) VALUES +(101, 'Sales'), +(102, 'Engineering'), +(103, 'Marketing'); +INSERT INTO employees (id, name, manager_id, department_id) VALUES +(1, 'Alice', NULL, 101), +(2, 'Bob', 1, 101), +(3, 'Charlie', 1, 102), +(4, 'David', 2, 101), +(5, 'Eve', 3, 102), +(6, 'Frank', 3, 103); +WITH RECURSIVE sales_hierarchy AS ( +SELECT id, name, manager_id, 0 AS level, department_id +FROM employees +WHERE department_id IN (SELECT id FROM departments WHERE name = 'Sales') +AND manager_id IS NULL +UNION ALL +SELECT +e.id, +e.name, +e.manager_id, +eh.level + 1, +e.department_id +FROM employees AS e +JOIN sales_hierarchy eh ON e.manager_id = eh.id +) +SELECT * FROM sales_hierarchy; +id name manager_id level department_id +1 Alice NULL 0 101 +2 Bob 1 1 101 +3 Charlie 1 1 102 +4 David 2 2 101 +5 Eve 3 2 102 +6 Frank 3 2 103 +DROP DATABASE NESTED_SUBQUERY_TEST; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-filter-level.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-filter-level.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-filter-level.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-filter-level.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,31 @@ +DROP DATABASE IF EXISTS MCOL5142_OUTER_FILTER; +CREATE DATABASE MCOL5142_OUTER_FILTER; +USE MCOL5142_OUTER_FILTER; +CREATE TABLE chain ( +id INT NOT NULL, +next_id INT NULL +) ENGINE=ColumnStore; +INSERT INTO chain VALUES +(1,2), +(2,3), +(3,4), +(4,5), +(5,6), +(6,NULL); +WITH RECURSIVE cte AS ( +SELECT id, next_id, 0 AS lvl +FROM chain +WHERE id = 1 +UNION ALL +SELECT c.id, c.next_id, p.lvl + 1 +FROM chain c +JOIN cte p ON c.id = p.next_id +) +SELECT * +FROM cte +WHERE lvl <= 2; +id next_id lvl +1 2 0 +2 3 1 +3 4 2 +DROP DATABASE MCOL5142_OUTER_FILTER; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-operations.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-operations.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-operations.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-outer-operations.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,88 @@ +DROP DATABASE IF EXISTS MCOL5142_OUTER_OPS; +CREATE DATABASE MCOL5142_OUTER_OPS; +USE MCOL5142_OUTER_OPS; +CREATE TABLE emp ( +id INT NOT NULL, +name VARCHAR(50), +manager_id INT NULL +) ENGINE=ColumnStore; +INSERT INTO emp VALUES +(1, 'CEO', NULL), +(2, 'VP-A', 1), +(3, 'VP-B', 1), +(4, 'Mgr-A1', 2), +(5, 'Mgr-A2', 2), +(6, 'Mgr-B1', 3), +(7, 'Dev-1', 4), +(8, 'Dev-2', 5); +WITH RECURSIVE hier AS ( +SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, h.lvl + 1 +FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT COUNT(*) AS cnt FROM hier; +cnt +8 +WITH RECURSIVE hier AS ( +SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, h.lvl + 1 +FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT lvl, COUNT(*) AS cnt FROM hier GROUP BY lvl; +ERROR 42000: The storage engine for the table doesn't support MCS-2016: Non supported item GROUP BY clause on the GROUP BY list. +SELECT COUNT(*) AS cnt FROM ( +WITH RECURSIVE hier AS ( +SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, h.lvl + 1 +FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT * FROM hier LIMIT 4 +) sub; +cnt +4 +CREATE TABLE hier_result ( +id INT, +name VARCHAR(50), +manager_id INT, +lvl INT +) ENGINE=ColumnStore; +INSERT INTO hier_result +WITH RECURSIVE hier AS ( +SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, h.lvl + 1 +FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT * FROM hier; +SELECT * FROM hier_result; +id name manager_id lvl +1 CEO NULL 0 +2 VP-A 1 1 +3 VP-B 1 1 +4 Mgr-A1 2 2 +5 Mgr-A2 2 2 +6 Mgr-B1 3 2 +7 Dev-1 4 3 +8 Dev-2 5 3 +CREATE TABLE hier_copy ENGINE=ColumnStore AS +WITH RECURSIVE hier AS ( +SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL +UNION ALL +SELECT e.id, e.name, e.manager_id, h.lvl + 1 +FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT * FROM hier; +SELECT * FROM hier_copy; +id name manager_id lvl +1 CEO NULL 0 +2 VP-A 1 1 +3 VP-B 1 1 +4 Mgr-A1 2 2 +5 Mgr-A2 2 2 +6 Mgr-B1 3 2 +7 Dev-1 4 3 +8 Dev-2 5 3 +DROP DATABASE MCOL5142_OUTER_OPS; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-sequences.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-sequences.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-sequences.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-sequences.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,65 @@ +DROP DATABASE IF EXISTS MCOL5142_SEQUENCES; +CREATE DATABASE MCOL5142_SEQUENCES; +USE MCOL5142_SEQUENCES; +WITH RECURSIVE nums AS ( +SELECT 1 AS n +UNION ALL +SELECT n + 1 FROM nums WHERE n < 10 +) +SELECT * FROM nums; +n +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +WITH RECURSIVE months AS ( +SELECT DATE('2024-01-01') AS dt +UNION ALL +SELECT dt + INTERVAL 1 MONTH FROM months WHERE dt < '2024-06-01' +) +SELECT dt FROM months; +dt +2024-01-01 +2024-02-01 +2024-03-01 +2024-04-01 +2024-05-01 +2024-06-01 +CREATE TABLE t_empty (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t_empty VALUES (1, NULL), (2, 1), (3, 2); +WITH RECURSIVE cte AS ( +SELECT id, pid, 0 AS lvl FROM t_empty WHERE id = 999 +UNION ALL +SELECT t.id, t.pid, c.lvl + 1 FROM t_empty t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +id pid lvl +CREATE TABLE t_single (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t_single VALUES (1, NULL); +WITH RECURSIVE cte AS ( +SELECT id, pid, 0 AS lvl FROM t_single WHERE id = 1 +UNION ALL +SELECT t.id, t.pid, c.lvl + 1 FROM t_single t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +id pid lvl +1 NULL 0 +WITH RECURSIVE dec_seq AS ( +SELECT CAST(0.0 AS DECIMAL(10,2)) AS val +UNION ALL +SELECT val + 0.25 FROM dec_seq WHERE val < 1.0 +) +SELECT * FROM dec_seq; +val +0.00 +0.25 +0.50 +0.75 +1.00 +DROP DATABASE MCOL5142_SEQUENCES; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-test-linear-rec.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-test-linear-rec.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-test-linear-rec.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-test-linear-rec.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,32 @@ +DROP DATABASE IF EXISTS test_linear_rec; +CREATE DATABASE test_linear_rec; +USE test_linear_rec; +CREATE TABLE t_linear (id INT) ENGINE=ColumnStore; +INSERT INTO t_linear VALUES (1), (2), (3); +WITH RECURSIVE cte AS ( +SELECT id +FROM t_linear +WHERE id = 1 +UNION ALL +SELECT t.id +FROM t_linear t +JOIN cte c ON t.id = c.id + 1 +) +SELECT * FROM cte; +id +1 +2 +3 +WITH RECURSIVE cte AS ( +SELECT id +FROM t_linear +WHERE id = 1 +UNION ALL +SELECT t.id +FROM t_linear t +JOIN cte c ON t.id = c.id + 1 +) +SELECT COUNT(*) FROM cte; +COUNT(*) +3 +DROP DATABASE test_linear_rec; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-type-coercion-path.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-type-coercion-path.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-type-coercion-path.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-5142-type-coercion-path.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,37 @@ +DROP DATABASE IF EXISTS MCOL5142_TYPE_COERCION; +CREATE DATABASE MCOL5142_TYPE_COERCION; +USE MCOL5142_TYPE_COERCION; +CREATE TABLE edges ( +parent INT NOT NULL, +child INT NOT NULL +) ENGINE=ColumnStore; +INSERT INTO edges VALUES +(1,2), +(1,3), +(2,4), +(4,5); +WITH RECURSIVE paths AS ( +SELECT +parent, +child, +CAST(parent AS CHAR(64)) AS path, +1 AS lvl +FROM edges +WHERE parent = 1 +UNION ALL +SELECT +e.parent, +e.child, +CONCAT(p.path, '>', CAST(e.child AS CHAR(64))) AS path, +p.lvl + 1 +FROM edges e +JOIN paths p ON e.parent = p.child +) +SELECT parent, child, path, lvl +FROM paths; +parent child path lvl +1 2 1 1 +1 3 1 1 +2 4 1>4 2 +4 5 1>4>5 3 +DROP DATABASE MCOL5142_TYPE_COERCION; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-6293-partitions-table.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-6293-partitions-table.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-6293-partitions-table.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/MCOL-6293-partitions-table.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,12 @@ +DROP DATABASE IF EXISTS MCOL_6293; +CREATE DATABASE MCOL_6293; +USE MCOL_6293; +CREATE TABLE t(x int, y text) ENGINE=Columnstore; +INSERT INTO t VALUES (1,'1'), (2,'2'); +SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNSTORE_PARTITIONS WHERE TABLE_SCHEMA='MCOL_6293' AND TABLE_NAME='t' AND COLUMN_NAME='x' AND PARTITION_ID='xpart'; +COUNT(*) +1 +SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNSTORE_PARTITIONS WHERE TABLE_SCHEMA='MCOL_6293' AND TABLE_NAME='t' AND COLUMN_NAME='y' AND PARTITION_ID='ypart'; +COUNT(*) +1 +DROP DATABASE MCOL_6293; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/group_by_ambiguous.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/group_by_ambiguous.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/group_by_ambiguous.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/group_by_ambiguous.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,465 @@ +DROP DATABASE IF EXISTS group_by_ambiguous_test; +CREATE DATABASE group_by_ambiguous_test; +USE group_by_ambiguous_test; +CREATE TABLE `t1` ( +`id` INT UNSIGNED NOT NULL, +`GBP` DOUBLE UNSIGNED NOT NULL, +`cat_id` INT UNSIGNED NOT NULL, +`cat_id_level_0` INT UNSIGNED NOT NULL +) ENGINE=Columnstore; +INSERT INTO t1 VALUES (1, 100.5, 10, 20); +INSERT INTO t1 VALUES (2, 200.5, 10, 30); +INSERT INTO t1 VALUES (3, 300.5, 20, 20); +SELECT cat_id_level_0 AS entity_id, SUM(GBP) AS spend, cat_id_level_0 AS cat_id +FROM t1 +GROUP BY cat_id +ORDER BY entity_id; +entity_id spend cat_id +20 300.5 20 +30 301 30 +Warnings: +Warning 1052 Column 'cat_id' in GROUP BY is ambiguous +CREATE TABLE t2 (col1 int, col2 varchar(5), col_t1 int) ENGINE=Columnstore; +INSERT INTO t2 VALUES(10,'hello',10); +INSERT INTO t2 VALUES(20,'hello',20); +INSERT INTO t2 VALUES(30,'hello',30); +INSERT INTO t2 VALUES(10,'bye',10); +INSERT INTO t2 VALUES(10,'sam',10); +INSERT INTO t2 VALUES(10,'bob',10); +SELECT SUM(col1) AS col2 FROM t2 GROUP BY col2 ORDER BY col2; +col2 +10 +10 +10 +60 +Warnings: +Warning 1052 Column 'col2' in GROUP BY is ambiguous +CREATE TABLE t3 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t3 VALUES(1,10,100),(1,20,200),(2,10,100),(2,20,200); +SELECT c AS a, c AS b, SUM(a) AS sum_val FROM t3 GROUP BY a, b ORDER BY a, b, sum_val; +a b sum_val +100 100 1 +100 100 2 +200 200 1 +200 200 2 +Warnings: +Warning 1052 Column 'a' in GROUP BY is ambiguous +Warning 1052 Column 'b' in GROUP BY is ambiguous +CREATE TABLE t4 (id int, val int, name varchar(50)) ENGINE=Columnstore; +CREATE TABLE t4b (id int, amount int) ENGINE=Columnstore; +INSERT INTO t4 VALUES(1, 100, 'A'), (2, 200, 'B'); +INSERT INTO t4b VALUES(1, 50), (2, 75); +CREATE VIEW v4 AS SELECT id, val FROM t4; +SELECT v4.id, SUM(t4b.amount) AS total FROM v4 JOIN t4b ON v4.id = t4b.id GROUP BY id ORDER BY id; +id total +1 50 +2 75 +DROP VIEW v4; +CREATE TABLE t5 (id int, amount decimal(10,2), name varchar(50)) ENGINE=Columnstore; +INSERT INTO t5 VALUES(1, 100.50, 'A'),(1, 200.75, 'B'),(2, 150.25, 'A'); +SELECT id AS name, SUM(amount) AS total FROM t5 GROUP BY name ORDER BY name; +name total +1 200.75 +2 250.75 +Warnings: +Warning 1052 Column 'name' in GROUP BY is ambiguous +CREATE TABLE t6a (id int, val int) ENGINE=Columnstore; +CREATE TABLE t6b (id int, name varchar(10)) ENGINE=Columnstore; +INSERT INTO t6a VALUES(1,100),(2,200),(3,300); +INSERT INTO t6b VALUES(1,'A'),(2,'B'),(3,'C'); +SELECT t6a.val AS id, COUNT(*) AS cnt FROM t6a JOIN t6b ON t6a.id = t6b.id GROUP BY id ORDER BY id; +id cnt +100 1 +200 1 +300 1 +CREATE TABLE t7 (x int, y int, z int) ENGINE=Columnstore; +INSERT INTO t7 VALUES(1,10,100),(2,20,200),(1,30,100),(2,40,200); +SELECT z AS x, SUM(y) AS sum_y FROM t7 GROUP BY x ORDER BY x; +x sum_y +100 40 +200 60 +Warnings: +Warning 1052 Column 'x' in GROUP BY is ambiguous +CREATE TABLE t8 (x varchar(10)) ENGINE=Columnstore; +INSERT INTO t8 VALUES ('ffff'), ('hello'), ('ffff'); +SELECT length(x) FROM t8 GROUP BY x ORDER BY length(x); +length(x) +4 +5 +SELECT x, length(x) FROM t8 GROUP BY x ORDER BY x; +x length(x) +ffff 4 +hello 5 +DROP TABLE t8; +CREATE TABLE t9 (a TEXT) ENGINE=Columnstore; +INSERT INTO t9 VALUES ('ffff'), ('hello'), ('ffff'); +SELECT length(a) FROM t9 GROUP BY a ORDER BY length(a); +length(a) +4 +5 +SELECT length(a), upper(a) FROM t9 GROUP BY a ORDER BY a; +length(a) upper(a) +4 FFFF +5 HELLO +SELECT a, length(a) FROM t9 GROUP BY a ORDER BY a; +a length(a) +ffff 4 +hello 5 +DROP TABLE t9; +CREATE TABLE t10 (a varchar(20)) ENGINE=Columnstore; +INSERT INTO t10 VALUES ('Hello'), ('World'), ('Hello'); +SELECT concat(upper(a), '-', lower(a)) FROM t10 GROUP BY a ORDER BY a; +concat(upper(a), '-', lower(a)) +HELLO-hello +WORLD-world +SELECT length(upper(a)), substr(a, 1, 3) FROM t10 GROUP BY a ORDER BY a; +length(upper(a)) substr(a, 1, 3) +5 Hel +5 Wor +DROP TABLE t10; +CREATE TABLE t11 (a varchar(10), b varchar(10), c int) ENGINE=Columnstore; +INSERT INTO t11 VALUES ('x', 'y', 1), ('x', 'z', 2), ('x', 'y', 3); +SELECT concat(a, b), length(a) + length(b) FROM t11 GROUP BY a, b ORDER BY a, b; +concat(a, b) length(a) + length(b) +xy 2 +xz 2 +SELECT length(a), SUM(c) FROM t11 GROUP BY a ORDER BY a; +length(a) SUM(c) +1 6 +DROP TABLE t11; +CREATE TABLE t12 (a int, b decimal(10,2)) ENGINE=Columnstore; +INSERT INTO t12 VALUES (10, 3.14), (-5, 2.71), (10, 1.41); +SELECT abs(a), round(b) FROM t12 GROUP BY a, b ORDER BY a, b; +abs(a) round(b) +5 3 +10 1 +10 3 +SELECT abs(a), SUM(b) FROM t12 GROUP BY a ORDER BY a; +abs(a) SUM(b) +5 2.71 +10 4.55 +DROP TABLE t12; +CREATE TABLE t13 (a varchar(10), b varchar(10)) ENGINE=Columnstore; +INSERT INTO t13 VALUES ('x', 'y'), ('x', 'z'); +SELECT length(b) FROM t13 GROUP BY a; +DROP TABLE t13; +CREATE TABLE t14 (a char(10)) ENGINE=Columnstore; +INSERT INTO t14 VALUES ('abc'), ('def'), ('abc'); +SELECT length(a), trim(a) FROM t14 GROUP BY a ORDER BY a; +length(a) trim(a) +3 abc +3 def +DROP TABLE t14; +CREATE TABLE t15 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t15 VALUES (1, 2, 100), (1, 3, 200), (2, 4, 300); +SELECT a + b, a * b FROM t15 GROUP BY a, b ORDER BY a, b; +a + b a * b +3 2 +4 3 +6 8 +SELECT a + 10, a * 2 FROM t15 GROUP BY a ORDER BY a; +a + 10 a * 2 +11 2 +12 4 +SELECT (a + b) * 2, a - b FROM t15 GROUP BY a, b ORDER BY a, b; +(a + b) * 2 a - b +6 -1 +8 -2 +12 -2 +SELECT a + 1, SUM(c) FROM t15 GROUP BY a ORDER BY a; +a + 1 SUM(c) +2 300 +3 300 +DROP TABLE t15; +CREATE TABLE t16 (a int, b int) ENGINE=Columnstore; +INSERT INTO t16 VALUES (10, 20), (10, 30), (20, 40); +SELECT abs(a - b) FROM t16 GROUP BY a, b ORDER BY a, b; +abs(a - b) +10 +20 +20 +SELECT abs(a - b), a + b FROM t16 GROUP BY a, b ORDER BY a, b; +abs(a - b) a + b +10 30 +20 40 +20 60 +DROP TABLE t16; +CREATE TABLE t17 (first_name varchar(20), last_name varchar(20), age int) ENGINE=Columnstore; +INSERT INTO t17 VALUES ('John', 'Doe', 30), ('Jane', 'Doe', 25), ('John', 'Smith', 35); +SELECT concat(first_name, ' ', last_name) AS full_name FROM t17 GROUP BY first_name, last_name ORDER BY full_name; +full_name +Jane Doe +John Doe +John Smith +SELECT length(concat(first_name, last_name)) FROM t17 GROUP BY first_name, last_name ORDER BY first_name, last_name; +length(concat(first_name, last_name)) +7 +7 +9 +SELECT upper(first_name), SUM(age) FROM t17 GROUP BY first_name ORDER BY first_name; +upper(first_name) SUM(age) +JANE 25 +JOHN 65 +DROP TABLE t17; +CREATE TABLE t18 (dt date, val int) ENGINE=Columnstore; +INSERT INTO t18 VALUES ('2024-01-15', 100), ('2024-01-20', 200), ('2024-02-15', 300); +SELECT year(dt), month(dt), SUM(val) FROM t18 GROUP BY dt ORDER BY dt; +year(dt) month(dt) SUM(val) +2024 1 100 +2024 1 200 +2024 2 300 +SELECT dt, datediff(dt, '2024-01-01') AS days_since FROM t18 GROUP BY dt ORDER BY dt; +dt days_since +2024-01-15 14 +2024-01-20 19 +2024-02-15 45 +DROP TABLE t18; +CREATE TABLE t19 (status int, amount decimal(10,2)) ENGINE=Columnstore; +INSERT INTO t19 VALUES (1, 100.50), (1, 200.25), (2, 150.75), (2, 50.00); +SELECT CASE status WHEN 1 THEN 'Active' ELSE 'Inactive' END AS status_name, SUM(amount) +FROM t19 GROUP BY status ORDER BY status; +status_name SUM(amount) +Active 300.75 +Inactive 200.75 +DROP TABLE t19; +CREATE TABLE t20 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t20 VALUES (1, 2, 10), (1, 3, 20), (2, 2, 30); +SELECT ((a + b) * 2) + 1, abs(a - b) + length(cast(a as char)) FROM t20 GROUP BY a, b ORDER BY a, b; +((a + b) * 2) + 1 abs(a - b) + length(cast(a as char)) +7 2 +9 3 +9 1 +DROP TABLE t20; +CREATE TABLE t21 (name varchar(20), value int, category int) ENGINE=Columnstore; +INSERT INTO t21 VALUES ('A', 10, 1), ('B', 20, 1), ('A', 30, 2); +SELECT upper(name), value * 2, SUM(category) FROM t21 GROUP BY name, value ORDER BY name, value; +upper(name) value * 2 SUM(category) +A 20 1 +A 60 2 +B 40 1 +DROP TABLE t21; +CREATE TABLE t22 (grp int, val1 int, val2 varchar(10)) ENGINE=Columnstore; +INSERT INTO t22 VALUES (1, 10, 'a'), (1, 20, 'b'), (2, 30, 'c'); +SELECT grp, val1 + 5, upper(val2) FROM t22 GROUP BY grp; +DROP TABLE t22; +CREATE TABLE t23 (a int, b int) ENGINE=Columnstore; +INSERT INTO t23 VALUES (1, 10), (2, 20), (1, 30); +SELECT a + b, COUNT(*) FROM t23 GROUP BY a + b ORDER BY a + b; +a + b COUNT(*) +11 1 +22 1 +31 1 +SELECT abs(a), SUM(b) FROM t23 GROUP BY abs(a) ORDER BY abs(a); +abs(a) SUM(b) +1 40 +2 20 +DROP TABLE t23; +CREATE TABLE t24 (a varchar(10), b int) ENGINE=Columnstore; +INSERT INTO t24 VALUES ('x', 1), (NULL, 2), ('x', 3); +SELECT length(a), coalesce(a, 'NULL'), SUM(b) FROM t24 GROUP BY a; +DROP TABLE t24; +CREATE TABLE t25 (category varchar(10), price decimal(10,2), qty int) ENGINE=Columnstore; +INSERT INTO t25 VALUES ('A', 10.50, 5), ('A', 20.25, 3), ('B', 15.00, 7); +SELECT upper(category), SUM(price), AVG(price), COUNT(*), SUM(qty) +FROM t25 GROUP BY category ORDER BY category; +upper(category) SUM(price) AVG(price) COUNT(*) SUM(qty) +A 30.75 15.375000 2 8 +B 15.00 15.000000 1 7 +DROP TABLE t25; +CREATE TABLE t26 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t26 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); +SELECT length(x) FROM t26 GROUP BY x ORDER BY length(x); +length(x) +NULL +3 +4 +SELECT x, count(*) FROM t26 GROUP BY x ORDER BY x; +x count(*) +NULL 2 +bar 1 +foo 2 +SELECT x, length(x), count(*) FROM t26 GROUP BY x ORDER BY x; +x length(x) count(*) +NULL NULL 2 +bar 3 1 +foo 4 2 +DROP TABLE t26; +CREATE TABLE t27 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t27 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); +SELECT IF(x IS NULL, 'blank', 'not blank') FROM t27 GROUP BY x ORDER BY 1; +IF(x IS NULL, 'blank', 'not blank') +blank +not blank +not blank +SELECT IFNULL(x, 'NULL_VALUE') FROM t27 GROUP BY x ORDER BY 1; +IFNULL(x, 'NULL_VALUE') +bar +foo +NULL_VALUE +SELECT COALESCE(x, 'NULL_VALUE') FROM t27 GROUP BY x ORDER BY 1; +COALESCE(x, 'NULL_VALUE') +bar +foo +NULL_VALUE +DROP TABLE t27; +CREATE TABLE t28 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t28 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); +SELECT rand() FROM t28 GROUP BY x; +SELECT COUNT(*) FROM (SELECT rand() FROM t28 GROUP BY x) AS subq; +COUNT(*) +3 +DROP TABLE t28; +CREATE TABLE t29 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t29 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); +SELECT upper(x) FROM t29 GROUP BY x ORDER BY upper(x); +upper(x) +NULL +BAR +FOO +SELECT lower(x) FROM t29 GROUP BY x ORDER BY lower(x); +lower(x) +NULL +bar +foo +SELECT upper(x), lower(x) FROM t29 GROUP BY x ORDER BY x; +upper(x) lower(x) +NULL NULL +BAR bar +FOO foo +DROP TABLE t29; +CREATE TABLE t30 (a varchar(10), b varchar(10), c int) ENGINE=Columnstore; +INSERT INTO t30 VALUES ('x', 'y', 1), ('x', 'z', 2), ('x', 'y', 3), ('a', 'b', 4); +SELECT concat(a, b) FROM t30 GROUP BY a, b ORDER BY a, b; +concat(a, b) +ab +xy +xz +SELECT concat(a, '-', b) FROM t30 GROUP BY a, b ORDER BY a, b; +concat(a, '-', b) +a-b +x-y +x-z +SELECT concat(a, b), count(*) FROM t30 GROUP BY a, b ORDER BY a, b; +concat(a, b) count(*) +ab 1 +xy 2 +xz 1 +DROP TABLE t30; +CREATE TABLE t31 (value int) ENGINE=Columnstore; +INSERT INTO t31 VALUES (1), (1001), (24), (2123), (null), (123), (888), (8421), (231), (-100), (null); +SELECT value, IF(value<=1000,'<=1000', '>1000') +FROM t31 +GROUP BY value, IF(value<=1000,'<=1000', '>1000') +ORDER BY ISNULL(IF(value<=1000,'<=1000', '>1000')), value; +value IF(value<=1000,'<=1000', '>1000') +NULL >1000 +-100 <=1000 +1 <=1000 +24 <=1000 +123 <=1000 +231 <=1000 +888 <=1000 +1001 >1000 +2123 >1000 +8421 >1000 +SELECT IF(value<=1000,'<=1000', '>1000') +FROM t31 +GROUP BY IF(value<=1000,'<=1000', '>1000'), value +ORDER BY ISNULL(IF(value<=1000,'<=1000', '>1000')), value; +IF(value<=1000,'<=1000', '>1000') +>1000 +<=1000 +<=1000 +<=1000 +<=1000 +<=1000 +<=1000 +>1000 +>1000 +>1000 +SELECT IF(value<=1000,'<=1000', '>1000') FROM t31 +GROUP BY IF(value<=1000,'<=1000', '>1000') +ORDER BY IF(value<=1000,'<=1000', '>1000'); +IF(value<=1000,'<=1000', '>1000') +<=1000 +>1000 +SELECT * FROM ( +SELECT count(*) cnt, +if((if(not isnull(value),'notNull','null') like 'null'), null, if(value<1000,'<1000','>=1000')) a +FROM t31 +GROUP BY a, value +ORDER BY not isnull(a), value asc +) b +ORDER BY cnt, a; +cnt a +1 <1000 +1 <1000 +1 <1000 +1 <1000 +1 <1000 +1 <1000 +1 >=1000 +1 >=1000 +1 >=1000 +2 NULL +DROP TABLE t31; +CREATE TABLE t32 (status int) ENGINE=Columnstore; +INSERT INTO t32 VALUES (1), (2), (3), (1), (2), (null), (3), (1); +SELECT CASE status WHEN 1 THEN 'active' WHEN 2 THEN 'pending' WHEN 3 THEN 'closed' ELSE 'unknown' END as status_text +FROM t32 +GROUP BY status +ORDER BY status; +status_text +unknown +active +pending +closed +SELECT CASE status WHEN 1 THEN 'active' WHEN 2 THEN 'pending' WHEN 3 THEN 'closed' ELSE 'unknown' END as status_text, count(*) +FROM t32 +GROUP BY status +ORDER BY status; +status_text count(*) +unknown 1 +active 3 +pending 2 +closed 2 +SELECT CASE WHEN status < 2 THEN 'low' WHEN status < 3 THEN 'medium' ELSE 'high' END as priority +FROM t32 +GROUP BY status +ORDER BY status; +priority +high +low +medium +high +DROP TABLE t32; +CREATE TABLE t33 (x int) ENGINE=Columnstore; +INSERT INTO t33 VALUES (1), (2), (1), (3), (2), (1); +SELECT NULLIF(x, 1) FROM t33 GROUP BY x ORDER BY x; +NULLIF(x, 1) +NULL +2 +3 +SELECT x, NULLIF(x, 2) FROM t33 GROUP BY x ORDER BY x; +x NULLIF(x, 2) +1 1 +2 NULL +3 3 +DROP TABLE t33; +CREATE TABLE t34 (idx int) ENGINE=Columnstore; +INSERT INTO t34 VALUES (1), (2), (3), (1), (2), (null); +SELECT ELT(idx, 'one', 'two', 'three') FROM t34 GROUP BY idx ORDER BY idx; +ELT(idx, 'one', 'two', 'three') +NULL +one +two +three +DROP TABLE t34; +DROP TABLE t1; +DROP TABLE t2; +DROP TABLE t3; +DROP TABLE t4, t4b; +DROP TABLE t5; +DROP TABLE t6a, t6b; +DROP TABLE t7; +DROP DATABASE group_by_ambiguous_test; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcol-4525.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcol-4525.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcol-4525.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcol-4525.result 2026-05-24 09:58:34.000000000 +0000 @@ -77,18 +77,22 @@ INSERT INTO t1 VALUES(10,'sam',10); INSERT INTO t1 VALUES(10,'bob',10); SET columnstore_select_handler=ON; -SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2; -ERROR 42000: The storage engine for the table doesn't support MCS-2016: Non supported item 'col2' on the GROUP BY list. +SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2 ORDER BY col2; +col2 +10 +10 +10 +60 SELECT col1 c FROM t1 ORDER BY AVG(col1); c 10 SET columnstore_select_handler=AUTO; -SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2; +SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2 ORDER BY col2; col2 10 10 -60 10 +60 SELECT col1 c FROM t1 ORDER BY AVG(col1); c 10 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs65_crossengine_order_by.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs65_crossengine_order_by.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs65_crossengine_order_by.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs65_crossengine_order_by.result 2026-05-24 09:58:34.000000000 +0000 @@ -63,7 +63,6 @@ 3 fffff 3 iii 5 a 5 hhh SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY -1; -ERROR 42S22: Unknown column '???' in 'ORDER BY' SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY 0; ERROR 42S22: Unknown column '0' in 'ORDER BY' SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY 5; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs87_alter_column.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs87_alter_column.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs87_alter_column.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/r/mcs87_alter_column.result 2026-05-24 09:58:34.000000000 +0000 @@ -7,6 +7,7 @@ ERROR HY000: Internal error: Table is not empty. New column has to have a default value if NOT NULL required. ALTER TABLE t1 ADD COLUMN c11 INT(1); ALTER TABLE t1 ADD COLUMN c21 CHAR(2); +ALTER TABLE t1 ADD COLUMN c31 CHAR(2); ALTER TABLE t1 ADD COLUMN c11 INT(2); ERROR 42S21: Duplicate column name 'c11' ALTER TABLE t1 ADD COLUMN c12 CHAR(1) AFTER c11; @@ -20,11 +21,10 @@ ALTER TABLE t1 CHANGE COLUMN c2 c2new CHAR(1); ALTER TABLE t1 CHANGE COLUMN c2new c2 CHAR(1); ALTER TABLE t1 DROP COLUMN IF EXISTS c11; -ERROR 42000: The storage engine for the table doesn't support The syntax drop column if exists is not supported by Columnstore. Please check the Columnstore syntax guide for supported syntax or data types. -ALTER TABLE t1 DROP COLUMN c11; ALTER TABLE t1 DROP COLUMN IF EXISTS c11; Warnings: Note 1091 Can't DROP COLUMN `c11`; check that it exists +ALTER TABLE t1 DROP COLUMN c31; SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/suite.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/suite.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/suite.opt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/suite.opt 2026-05-24 09:58:34.000000000 +0000 @@ -1 +1,2 @@ --plugin-load-add=$HA_COLUMNSTORE_SO +--lower_case_table_names=2 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-basic.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-basic.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-basic.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-basic.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,47 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142; +--enable_warnings + +CREATE DATABASE MCOL5142; + + +USE MCOL5142; +CREATE TABLE employees ( + id INT NOT NULL, + name VARCHAR(100), + manager_id INT +) ENGINE = ColumnStore; + +INSERT INTO employees (id, name, manager_id) VALUES +(1, 'Alice', NULL), +(2, 'Bob', 1), +(3, 'Charlie', 1), +(4, 'David', 2), +(5, 'Eve', 2), +(6, 'Frank', 3); + +INSERT INTO employees (id, name, manager_id) VALUES +(7, 'Grace', 4), +(8, 'Heidi', 4), +(9, 'Ivan', 5), +(10, 'Judy', 6), +(11, 'Karl', 7), +(12, 'Laura', 11); + + + +--sorted_result +WITH RECURSIVE employee_hierarchy AS ( + SELECT id, name, manager_id, 0 AS level + FROM employees + WHERE id = 1 + + UNION ALL + + SELECT e.id, e.name, e.manager_id, eh.level + 1 + FROM employees as e + JOIN employee_hierarchy eh ON e.manager_id = eh.id +) +SELECT * FROM employee_hierarchy; + +DROP DATABASE MCOL5142; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-cyclic.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-cyclic.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-cyclic.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-cyclic.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,37 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_cyclic; +--enable_warnings + +CREATE DATABASE MCOL5142_cyclic; + + +USE MCOL5142_cyclic; + +CREATE TABLE t_cycle (id INT, next_id INT) ENGINE=ColumnStore; +INSERT INTO t_cycle VALUES (1, 2), (2, 3), (3, 1); +SET @old_max_recursive_iterations = @@max_recursive_iterations; +SET @@max_recursive_iterations = 10; + +SELECT @@max_recursive_iterations; + +--sorted_result +WITH RECURSIVE cte AS ( + SELECT id, next_id FROM t_cycle WHERE id = 1 + UNION ALL + SELECT t.id, t.next_id FROM t_cycle t JOIN cte c ON t.id = c.next_id +) +SELECT * FROM cte LIMIT 100; + + +--sorted_result +WITH RECURSIVE cte AS ( + SELECT id, next_id FROM t_cycle WHERE id = 1 + UNION ALL + SELECT t.id, t.next_id FROM t_cycle t JOIN cte c ON t.id = c.next_id +) +SELECT * FROM cte LIMIT 100; + + +SET @@max_recursive_iterations = @old_max_recursive_iterations; + +DROP DATABASE MCOL5142_cyclic; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-error-cases.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-error-cases.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-error-cases.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-error-cases.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,92 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_ERROR_CASES; +--enable_warnings + +CREATE DATABASE MCOL5142_ERROR_CASES; +USE MCOL5142_ERROR_CASES; + +CREATE TABLE t (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t VALUES (1, NULL), (2, 1), (3, 2), (4, 3); + +# +# 1. UNION DISTINCT is not supported in recursive CTE +# +--error ER_CHECK_NOT_IMPLEMENTED +WITH RECURSIVE cte AS ( + SELECT id, pid FROM t WHERE id = 1 + + UNION DISTINCT + + SELECT t.id, t.pid FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; + +# +# 2. GROUP BY in recursive member is not supported +# +--error ER_NOT_STANDARD_COMPLIANT_RECURSIVE +WITH RECURSIVE cte AS ( + SELECT id, pid FROM t WHERE id = 1 + + UNION ALL + + SELECT MAX(t.id), t.pid FROM t JOIN cte c ON t.pid = c.id GROUP BY t.pid +) +SELECT * FROM cte; + +# +# 3. ORDER BY in recursive member is not supported +# +--error ER_TABLENAME_NOT_ALLOWED_HERE +WITH RECURSIVE cte AS ( + SELECT id, pid FROM t WHERE id = 1 + + UNION ALL + + SELECT t.id, t.pid FROM t JOIN cte c ON t.pid = c.id ORDER BY t.id +) +SELECT * FROM cte; + +# +# 4. Window functions in recursive member are not supported +# +--error ER_NOT_STANDARD_COMPLIANT_RECURSIVE +WITH RECURSIVE cte AS ( + SELECT id, pid, 1 AS rn FROM t WHERE id = 1 + + UNION ALL + + SELECT t.id, t.pid, ROW_NUMBER() OVER () FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; + +# +# 5. Depth overflow: max_recursive_iterations limits the recursion depth. +# With iterations=2 and a chain of 4 nodes, only partial results are returned. +# +SET @old_max_recursive_iterations = @@max_recursive_iterations; +SET @@max_recursive_iterations = 2; +WITH RECURSIVE cte AS ( + SELECT id, pid, 0 AS lvl FROM t WHERE id = 1 + + UNION ALL + + SELECT t.id, t.pid, c.lvl + 1 FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; + +# +# 6. max_recursive_iterations = 0: only anchor is returned +# +SET @@max_recursive_iterations = 0; +WITH RECURSIVE cte AS ( + SELECT id, pid, 0 AS lvl FROM t WHERE id = 1 + + UNION ALL + + SELECT t.id, t.pid, c.lvl + 1 FROM t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; +SET @@max_recursive_iterations = @old_max_recursive_iterations; + +DROP DATABASE MCOL5142_ERROR_CASES; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-left-join-null-driving.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-left-join-null-driving.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-left-join-null-driving.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-left-join-null-driving.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,34 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_LEFT_JOIN; +--enable_warnings + +CREATE DATABASE MCOL5142_LEFT_JOIN; +USE MCOL5142_LEFT_JOIN; + +CREATE TABLE nodes ( + id INT NOT NULL, + next_id INT NULL +) ENGINE=ColumnStore; + +INSERT INTO nodes VALUES +(1,2), +(2,3), +(3,NULL), +(4,99); + +--sorted_result +WITH RECURSIVE walk AS ( + SELECT id, next_id, 0 AS lvl + FROM nodes + WHERE id IN (1,4) + + UNION ALL + + SELECT w.next_id AS id, n.next_id, w.lvl + 1 + FROM walk w + LEFT JOIN nodes n ON n.id = w.next_id + WHERE w.next_id IS NOT NULL +) +SELECT * FROM walk; + +DROP DATABASE MCOL5142_LEFT_JOIN; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-root.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-root.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-root.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-root.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,38 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_MULTI_ROOT; +--enable_warnings + +CREATE DATABASE MCOL5142_MULTI_ROOT; +USE MCOL5142_MULTI_ROOT; + +CREATE TABLE emp ( + id INT NOT NULL, + name VARCHAR(50), + manager_id INT NULL +) ENGINE=ColumnStore; + +INSERT INTO emp VALUES +(1,'CEO-A',NULL), +(2,'A-1',1), +(3,'A-2',1), +(10,'CEO-B',NULL), +(11,'B-1',10), +(12,'B-2',10), +(13,'B-1-1',11); + +--sorted_result +WITH RECURSIVE org AS ( + SELECT id, name, manager_id, id AS root_id, 0 AS lvl + FROM emp + WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, o.root_id, o.lvl + 1 + FROM emp e + JOIN org o ON e.manager_id = o.id +) +SELECT root_id, id, name, manager_id, lvl +FROM org; + +DROP DATABASE MCOL5142_MULTI_ROOT; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-table.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-table.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-table.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multi-table.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,74 @@ +--disable_warnings +DROP DATABASE IF EXISTS MULTI_TABLE_TEST; +--enable_warnings + +CREATE DATABASE MULTI_TABLE_TEST; + +USE MULTI_TABLE_TEST; + +CREATE TABLE products ( + product_id INT NOT NULL, + product_name VARCHAR(100) +) ENGINE = ColumnStore; + +CREATE TABLE components ( + component_id INT NOT NULL, + component_name VARCHAR(100), + parent_product_id INT +) ENGINE = ColumnStore; + +CREATE TABLE suppliers ( + supplier_id INT NOT NULL, + supplier_name VARCHAR(100), + component_id INT +) ENGINE = ColumnStore; + +INSERT INTO products (product_id, product_name) VALUES +(10, 'Smartphone'); + +INSERT INTO components (component_id, component_name, parent_product_id) VALUES +(100, 'Screen', 10), +(101, 'Battery', 10), +(200, 'Glass Panel', 100), +(201, 'LCD', 100), +(202, 'Connector', 101); + +INSERT INTO suppliers (supplier_id, supplier_name, component_id) VALUES +(1000, 'Supplier A', 200), +(1001, 'Supplier B', 201), +(1002, 'Supplier C', 202); + +--sorted_result +WITH RECURSIVE product_tree AS ( + SELECT + p.product_id AS root_id, + p.product_name AS root_name, + c.component_id, + c.component_name, + c.parent_product_id, + 1 AS level + FROM products p + JOIN components c ON p.product_id = c.parent_product_id + + UNION ALL + + SELECT + pt.root_id, + pt.root_name, + c.component_id, + c.component_name, + c.parent_product_id, + pt.level + 1 + FROM components c + JOIN product_tree pt ON c.parent_product_id = pt.component_id +) +SELECT + pt.root_name AS product, + pt.component_name AS component, + s.supplier_name AS supplier, + pt.level +FROM product_tree pt +JOIN suppliers s ON pt.component_id = s.component_id; + +DROP DATABASE MULTI_TABLE_TEST; + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multiple-recursive-references.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multiple-recursive-references.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multiple-recursive-references.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-multiple-recursive-references.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,27 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_MULTI_REC_REF; +--enable_warnings + +CREATE DATABASE MCOL5142_MULTI_REC_REF; +USE MCOL5142_MULTI_REC_REF; + +CREATE TABLE t ( + id INT NOT NULL +) ENGINE=Columnstore; + +INSERT INTO t VALUES (1),(2),(3); + +--error ER_NOT_STANDARD_COMPLIANT_RECURSIVE +WITH RECURSIVE cte AS ( + SELECT id FROM t WHERE id = 1 + + UNION ALL + + SELECT c1.id + c2.id + FROM cte c1 + JOIN cte c2 ON c2.id = c1.id + WHERE c1.id < 3 +) +SELECT * FROM cte; + +DROP DATABASE MCOL5142_MULTI_REC_REF; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-nested-subquery-anchor.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-nested-subquery-anchor.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-nested-subquery-anchor.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-nested-subquery-anchor.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,55 @@ +--disable_warnings +DROP DATABASE IF EXISTS NESTED_SUBQUERY_TEST; +--enable_warnings + +CREATE DATABASE NESTED_SUBQUERY_TEST; + +USE NESTED_SUBQUERY_TEST; + +CREATE TABLE employees ( + id INT NOT NULL, + name VARCHAR(100), + manager_id INT, + department_id INT +) ENGINE = ColumnStore; + +CREATE TABLE departments ( + id INT NOT NULL, + name VARCHAR(100) +) ENGINE = ColumnStore; + +INSERT INTO departments (id, name) VALUES +(101, 'Sales'), +(102, 'Engineering'), +(103, 'Marketing'); + +INSERT INTO employees (id, name, manager_id, department_id) VALUES +(1, 'Alice', NULL, 101), +(2, 'Bob', 1, 101), +(3, 'Charlie', 1, 102), +(4, 'David', 2, 101), +(5, 'Eve', 3, 102), +(6, 'Frank', 3, 103); + +--sorted_result +WITH RECURSIVE sales_hierarchy AS ( + SELECT id, name, manager_id, 0 AS level, department_id + FROM employees + WHERE department_id IN (SELECT id FROM departments WHERE name = 'Sales') + AND manager_id IS NULL + + UNION ALL + + SELECT + e.id, + e.name, + e.manager_id, + eh.level + 1, + e.department_id + FROM employees AS e + JOIN sales_hierarchy eh ON e.manager_id = eh.id +) +SELECT * FROM sales_hierarchy; + +DROP DATABASE NESTED_SUBQUERY_TEST; + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-filter-level.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-filter-level.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-filter-level.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-filter-level.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,37 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_OUTER_FILTER; +--enable_warnings + +CREATE DATABASE MCOL5142_OUTER_FILTER; +USE MCOL5142_OUTER_FILTER; + +CREATE TABLE chain ( + id INT NOT NULL, + next_id INT NULL +) ENGINE=ColumnStore; + +INSERT INTO chain VALUES +(1,2), +(2,3), +(3,4), +(4,5), +(5,6), +(6,NULL); + +--sorted_result +WITH RECURSIVE cte AS ( + SELECT id, next_id, 0 AS lvl + FROM chain + WHERE id = 1 + + UNION ALL + + SELECT c.id, c.next_id, p.lvl + 1 + FROM chain c + JOIN cte p ON c.id = p.next_id +) +SELECT * +FROM cte +WHERE lvl <= 2; + +DROP DATABASE MCOL5142_OUTER_FILTER; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-operations.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-operations.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-operations.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-outer-operations.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,109 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_OUTER_OPS; +--enable_warnings + +CREATE DATABASE MCOL5142_OUTER_OPS; +USE MCOL5142_OUTER_OPS; + +CREATE TABLE emp ( + id INT NOT NULL, + name VARCHAR(50), + manager_id INT NULL +) ENGINE=ColumnStore; + +INSERT INTO emp VALUES +(1, 'CEO', NULL), +(2, 'VP-A', 1), +(3, 'VP-B', 1), +(4, 'Mgr-A1', 2), +(5, 'Mgr-A2', 2), +(6, 'Mgr-B1', 3), +(7, 'Dev-1', 4), +(8, 'Dev-2', 5); + +# +# 1. COUNT(*) on outer SELECT over rCTE result +# +WITH RECURSIVE hier AS ( + SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, h.lvl + 1 + FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT COUNT(*) AS cnt FROM hier; + +# +# 2. GROUP BY on outer SELECT over rCTE is not supported (known limitation) +# +--error ER_CHECK_NOT_IMPLEMENTED +WITH RECURSIVE hier AS ( + SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, h.lvl + 1 + FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT lvl, COUNT(*) AS cnt FROM hier GROUP BY lvl; + +# +# 3. rCTE with LIMIT on outer query (non-cyclic) +# ORDER BY on outer rCTE is not yet supported, so verify LIMIT +# returns exactly 4 rows via COUNT(*) wrapper for determinism. +# +SELECT COUNT(*) AS cnt FROM ( + WITH RECURSIVE hier AS ( + SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, h.lvl + 1 + FROM emp e JOIN hier h ON e.manager_id = h.id + ) + SELECT * FROM hier LIMIT 4 +) sub; + +# +# 4. INSERT INTO ... SELECT FROM rCTE +# +CREATE TABLE hier_result ( + id INT, + name VARCHAR(50), + manager_id INT, + lvl INT +) ENGINE=ColumnStore; + +INSERT INTO hier_result +WITH RECURSIVE hier AS ( + SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, h.lvl + 1 + FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT * FROM hier; + +--sorted_result +SELECT * FROM hier_result; + +# +# 5. CREATE TABLE AS SELECT FROM rCTE +# +CREATE TABLE hier_copy ENGINE=ColumnStore AS +WITH RECURSIVE hier AS ( + SELECT id, name, manager_id, 0 AS lvl FROM emp WHERE manager_id IS NULL + + UNION ALL + + SELECT e.id, e.name, e.manager_id, h.lvl + 1 + FROM emp e JOIN hier h ON e.manager_id = h.id +) +SELECT * FROM hier; + +--sorted_result +SELECT * FROM hier_copy; + +DROP DATABASE MCOL5142_OUTER_OPS; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-sequences.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-sequences.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-sequences.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-sequences.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,74 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_SEQUENCES; +--enable_warnings + +CREATE DATABASE MCOL5142_SEQUENCES; +USE MCOL5142_SEQUENCES; + +# +# 1. Number generator: generate sequence 1..10 +# +WITH RECURSIVE nums AS ( + SELECT 1 AS n + + UNION ALL + + SELECT n + 1 FROM nums WHERE n < 10 +) +SELECT * FROM nums; + +# +# 2. Date generator: monthly sequence (original customer use-case from MCOL-5142) +# +WITH RECURSIVE months AS ( + SELECT DATE('2024-01-01') AS dt + + UNION ALL + + SELECT dt + INTERVAL 1 MONTH FROM months WHERE dt < '2024-06-01' +) +SELECT dt FROM months; + +# +# 3. Empty anchor: WHERE condition matches nothing, result should be empty +# +CREATE TABLE t_empty (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t_empty VALUES (1, NULL), (2, 1), (3, 2); + +WITH RECURSIVE cte AS ( + SELECT id, pid, 0 AS lvl FROM t_empty WHERE id = 999 + + UNION ALL + + SELECT t.id, t.pid, c.lvl + 1 FROM t_empty t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; + +# +# 4. Single-row table: anchor returns one row, no recursion possible +# +CREATE TABLE t_single (id INT NOT NULL, pid INT) ENGINE=ColumnStore; +INSERT INTO t_single VALUES (1, NULL); + +WITH RECURSIVE cte AS ( + SELECT id, pid, 0 AS lvl FROM t_single WHERE id = 1 + + UNION ALL + + SELECT t.id, t.pid, c.lvl + 1 FROM t_single t JOIN cte c ON t.pid = c.id +) +SELECT * FROM cte; + +# +# 5. DECIMAL type in recursion +# +WITH RECURSIVE dec_seq AS ( + SELECT CAST(0.0 AS DECIMAL(10,2)) AS val + + UNION ALL + + SELECT val + 0.25 FROM dec_seq WHERE val < 1.0 +) +SELECT * FROM dec_seq; + +DROP DATABASE MCOL5142_SEQUENCES; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-test-linear-rec.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-test-linear-rec.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-test-linear-rec.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-test-linear-rec.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,35 @@ +--disable_warnings +DROP DATABASE IF EXISTS test_linear_rec; +--enable_warnings +CREATE DATABASE test_linear_rec; +USE test_linear_rec; + +CREATE TABLE t_linear (id INT) ENGINE=ColumnStore; +INSERT INTO t_linear VALUES (1), (2), (3); + +--sorted_result +WITH RECURSIVE cte AS ( + SELECT id + FROM t_linear + WHERE id = 1 + UNION ALL + SELECT t.id + FROM t_linear t + JOIN cte c ON t.id = c.id + 1 +) +SELECT * FROM cte; + + +WITH RECURSIVE cte AS ( + SELECT id + FROM t_linear + WHERE id = 1 + UNION ALL + SELECT t.id + FROM t_linear t + JOIN cte c ON t.id = c.id + 1 +) +SELECT COUNT(*) FROM cte; + + +DROP DATABASE test_linear_rec; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-type-coercion-path.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-type-coercion-path.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-type-coercion-path.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-5142-type-coercion-path.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,42 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL5142_TYPE_COERCION; +--enable_warnings + +CREATE DATABASE MCOL5142_TYPE_COERCION; +USE MCOL5142_TYPE_COERCION; + +CREATE TABLE edges ( + parent INT NOT NULL, + child INT NOT NULL +) ENGINE=ColumnStore; + +INSERT INTO edges VALUES +(1,2), +(1,3), +(2,4), +(4,5); + +--sorted_result +WITH RECURSIVE paths AS ( + SELECT + parent, + child, + CAST(parent AS CHAR(64)) AS path, + 1 AS lvl + FROM edges + WHERE parent = 1 + + UNION ALL + + SELECT + e.parent, + e.child, + CONCAT(p.path, '>', CAST(e.child AS CHAR(64))) AS path, + p.lvl + 1 + FROM edges e + JOIN paths p ON e.parent = p.child +) +SELECT parent, child, path, lvl +FROM paths; + +DROP DATABASE MCOL5142_TYPE_COERCION; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-6293-partitions-table.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-6293-partitions-table.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-6293-partitions-table.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/MCOL-6293-partitions-table.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,34 @@ +--disable_warnings +DROP DATABASE IF EXISTS MCOL_6293; +--enable_warnings + +CREATE DATABASE MCOL_6293; +USE MCOL_6293; + +CREATE TABLE t(x int, y text) ENGINE=Columnstore; +INSERT INTO t VALUES (1,'1'), (2,'2'); + +let $func_exists=`SELECT COUNT(*) FROM mysql.func WHERE name='calshowpartitions'`; +--disable_query_log +if (!$func_exists) +{ + CREATE FUNCTION calshowpartitions RETURNS STRING SONAME "ha_columnstore.so"; +} +--enable_query_log + +--let $xpart=`SELECT REGEXP_SUBSTR(CALSHOWPARTITIONS('MCOL_6293', 't', 'x'), '[0-9]+[.][0-9]+[.][0-9]+')` +--let $ypart=`SELECT REGEXP_SUBSTR(CALSHOWPARTITIONS('MCOL_6293', 't', 'y'), '[0-9]+[.][0-9]+[.][0-9]+')` +--replace_result $xpart xpart +--eval SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNSTORE_PARTITIONS WHERE TABLE_SCHEMA='MCOL_6293' AND TABLE_NAME='t' AND COLUMN_NAME='x' AND PARTITION_ID='$xpart' +--replace_result $ypart ypart +--eval SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNSTORE_PARTITIONS WHERE TABLE_SCHEMA='MCOL_6293' AND TABLE_NAME='t' AND COLUMN_NAME='y' AND PARTITION_ID='$ypart' + +--disable_query_log +if (!$func_exists) +{ + DROP FUNCTION calshowpartitions; +} +--enable_query_log + +DROP DATABASE MCOL_6293; + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/group_by_ambiguous.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/group_by_ambiguous.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/group_by_ambiguous.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/group_by_ambiguous.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,489 @@ +--source ../include/have_columnstore.inc + +--disable_warnings +DROP DATABASE IF EXISTS group_by_ambiguous_test; +--enable_warnings + +CREATE DATABASE group_by_ambiguous_test; +USE group_by_ambiguous_test; + +CREATE TABLE `t1` ( + `id` INT UNSIGNED NOT NULL, + `GBP` DOUBLE UNSIGNED NOT NULL, + `cat_id` INT UNSIGNED NOT NULL, + `cat_id_level_0` INT UNSIGNED NOT NULL +) ENGINE=Columnstore; + +INSERT INTO t1 VALUES (1, 100.5, 10, 20); +INSERT INTO t1 VALUES (2, 200.5, 10, 30); +INSERT INTO t1 VALUES (3, 300.5, 20, 20); + +# +# Test case: GROUP BY with ambiguous column reference +# This should not throw a ColumnStore error, but resolve to the table column (SQL standard) +# +SELECT cat_id_level_0 AS entity_id, SUM(GBP) AS spend, cat_id_level_0 AS cat_id +FROM t1 +GROUP BY cat_id +ORDER BY entity_id; + +CREATE TABLE t2 (col1 int, col2 varchar(5), col_t1 int) ENGINE=Columnstore; +INSERT INTO t2 VALUES(10,'hello',10); +INSERT INTO t2 VALUES(20,'hello',20); +INSERT INTO t2 VALUES(30,'hello',30); +INSERT INTO t2 VALUES(10,'bye',10); +INSERT INTO t2 VALUES(10,'sam',10); +INSERT INTO t2 VALUES(10,'bob',10); + +# +# Test case: GROUP BY with alias that matches a column but points to different column +# + +# GROUP BY col2 is ambiguous: matches both table column and SELECT alias +# SQL standard: prefers table column col2 (varchar) over alias +SELECT SUM(col1) AS col2 FROM t2 GROUP BY col2 ORDER BY col2; + +CREATE TABLE t3 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t3 VALUES(1,10,100),(1,20,200),(2,10,100),(2,20,200); + +# Multiple columns in GROUP BY +SELECT c AS a, c AS b, SUM(a) AS sum_val FROM t3 GROUP BY a, b ORDER BY a, b, sum_val; + +CREATE TABLE t4 (id int, val int, name varchar(50)) ENGINE=Columnstore; +CREATE TABLE t4b (id int, amount int) ENGINE=Columnstore; +INSERT INTO t4 VALUES(1, 100, 'A'), (2, 200, 'B'); +INSERT INTO t4b VALUES(1, 50), (2, 75); + +# VIEW with ambiguous column in GROUP BY +CREATE VIEW v4 AS SELECT id, val FROM t4; +SELECT v4.id, SUM(t4b.amount) AS total FROM v4 JOIN t4b ON v4.id = t4b.id GROUP BY id ORDER BY id; +DROP VIEW v4; + +CREATE TABLE t5 (id int, amount decimal(10,2), name varchar(50)) ENGINE=Columnstore; +INSERT INTO t5 VALUES(1, 100.50, 'A'),(1, 200.75, 'B'),(2, 150.25, 'A'); + +# Different data types (int aliased to varchar column name) +SELECT id AS name, SUM(amount) AS total FROM t5 GROUP BY name ORDER BY name; + +CREATE TABLE t6a (id int, val int) ENGINE=Columnstore; +CREATE TABLE t6b (id int, name varchar(10)) ENGINE=Columnstore; +INSERT INTO t6a VALUES(1,100),(2,200),(3,300); +INSERT INTO t6b VALUES(1,'A'),(2,'B'),(3,'C'); + +# JOIN with aliased column matching table column +SELECT t6a.val AS id, COUNT(*) AS cnt FROM t6a JOIN t6b ON t6a.id = t6b.id GROUP BY id ORDER BY id; + +CREATE TABLE t7 (x int, y int, z int) ENGINE=Columnstore; +INSERT INTO t7 VALUES(1,10,100),(2,20,200),(1,30,100),(2,40,200); + +# Column reference in both GROUP BY and ORDER BY +SELECT z AS x, SUM(y) AS sum_y FROM t7 GROUP BY x ORDER BY x; + +# +# Test case: Function on column that is in GROUP BY +# SELECT length(a) FROM t1 GROUP BY a should work because length(a) depends only on 'a' +# + +# Original bug case: VARCHAR column with length() function +CREATE TABLE t8 (x varchar(10)) ENGINE=Columnstore; +INSERT INTO t8 VALUES ('ffff'), ('hello'), ('ffff'); + +# This was the original failing query +SELECT length(x) FROM t8 GROUP BY x ORDER BY length(x); + +# With column itself +SELECT x, length(x) FROM t8 GROUP BY x ORDER BY x; + +DROP TABLE t8; + +# TEXT column tests +CREATE TABLE t9 (a TEXT) ENGINE=Columnstore; +INSERT INTO t9 VALUES ('ffff'), ('hello'), ('ffff'); + +# length() on TEXT +SELECT length(a) FROM t9 GROUP BY a ORDER BY length(a); + +# Multiple functions on the same column +SELECT length(a), upper(a) FROM t9 GROUP BY a ORDER BY a; + +# Function with the column itself +SELECT a, length(a) FROM t9 GROUP BY a ORDER BY a; + +DROP TABLE t9; + +# Nested functions test +CREATE TABLE t10 (a varchar(20)) ENGINE=Columnstore; +INSERT INTO t10 VALUES ('Hello'), ('World'), ('Hello'); + +# Nested function: concat(upper(), lower()) +SELECT concat(upper(a), '-', lower(a)) FROM t10 GROUP BY a ORDER BY a; + +# Multiple nested functions +SELECT length(upper(a)), substr(a, 1, 3) FROM t10 GROUP BY a ORDER BY a; + +DROP TABLE t10; + +# Functions with multiple GROUP BY columns +CREATE TABLE t11 (a varchar(10), b varchar(10), c int) ENGINE=Columnstore; +INSERT INTO t11 VALUES ('x', 'y', 1), ('x', 'z', 2), ('x', 'y', 3); + +# Function using multiple columns that are all in GROUP BY +SELECT concat(a, b), length(a) + length(b) FROM t11 GROUP BY a, b ORDER BY a, b; + +# Function on one column, aggregate on another +SELECT length(a), SUM(c) FROM t11 GROUP BY a ORDER BY a; + +DROP TABLE t11; + +# Numeric functions test +CREATE TABLE t12 (a int, b decimal(10,2)) ENGINE=Columnstore; +INSERT INTO t12 VALUES (10, 3.14), (-5, 2.71), (10, 1.41); + +# Numeric functions on GROUP BY columns +SELECT abs(a), round(b) FROM t12 GROUP BY a, b ORDER BY a, b; + +# Function with aggregate +SELECT abs(a), SUM(b) FROM t12 GROUP BY a ORDER BY a; + +DROP TABLE t12; + +# Test: function on column NOT in GROUP BY +# MariaDB allows this by default (ONLY_FULL_GROUP_BY is not enabled) +# The result is non-deterministic but should not error +CREATE TABLE t13 (a varchar(10), b varchar(10)) ENGINE=Columnstore; +INSERT INTO t13 VALUES ('x', 'y'), ('x', 'z'); + +# This returns an arbitrary value from the group (MariaDB extension) +--disable_result_log +SELECT length(b) FROM t13 GROUP BY a; +--enable_result_log + +DROP TABLE t13; + +# CHAR column test (different from VARCHAR) +CREATE TABLE t14 (a char(10)) ENGINE=Columnstore; +INSERT INTO t14 VALUES ('abc'), ('def'), ('abc'); + +SELECT length(a), trim(a) FROM t14 GROUP BY a ORDER BY a; + +DROP TABLE t14; + +# +# Additional tests for ArithmeticColumn and FunctionColumn with GROUP BY +# + +# Test: Arithmetic expression with columns from GROUP BY +CREATE TABLE t15 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t15 VALUES (1, 2, 100), (1, 3, 200), (2, 4, 300); + +# Positive: a+b where both a and b are in GROUP BY +SELECT a + b, a * b FROM t15 GROUP BY a, b ORDER BY a, b; + +# Positive: arithmetic with one GROUP BY column and constant +SELECT a + 10, a * 2 FROM t15 GROUP BY a ORDER BY a; + +# Positive: complex arithmetic expression +SELECT (a + b) * 2, a - b FROM t15 GROUP BY a, b ORDER BY a, b; + +# Positive: arithmetic with aggregate +SELECT a + 1, SUM(c) FROM t15 GROUP BY a ORDER BY a; + +DROP TABLE t15; + +# Test: Function with arithmetic inside +CREATE TABLE t16 (a int, b int) ENGINE=Columnstore; +INSERT INTO t16 VALUES (10, 20), (10, 30), (20, 40); + +# Positive: abs() on arithmetic expression of GROUP BY columns +SELECT abs(a - b) FROM t16 GROUP BY a, b ORDER BY a, b; + +# Positive: multiple functions on arithmetic +SELECT abs(a - b), a + b FROM t16 GROUP BY a, b ORDER BY a, b; + +DROP TABLE t16; + +# Test: String functions with concatenation +CREATE TABLE t17 (first_name varchar(20), last_name varchar(20), age int) ENGINE=Columnstore; +INSERT INTO t17 VALUES ('John', 'Doe', 30), ('Jane', 'Doe', 25), ('John', 'Smith', 35); + +# Positive: concat of GROUP BY columns +SELECT concat(first_name, ' ', last_name) AS full_name FROM t17 GROUP BY first_name, last_name ORDER BY full_name; + +# Positive: length of concatenated GROUP BY columns +SELECT length(concat(first_name, last_name)) FROM t17 GROUP BY first_name, last_name ORDER BY first_name, last_name; + +# Positive: function on GROUP BY column with aggregate +SELECT upper(first_name), SUM(age) FROM t17 GROUP BY first_name ORDER BY first_name; + +DROP TABLE t17; + +# Test: Date/time functions +CREATE TABLE t18 (dt date, val int) ENGINE=Columnstore; +INSERT INTO t18 VALUES ('2024-01-15', 100), ('2024-01-20', 200), ('2024-02-15', 300); + +# Positive: year/month functions on GROUP BY column +SELECT year(dt), month(dt), SUM(val) FROM t18 GROUP BY dt ORDER BY dt; + +# Positive: date arithmetic +SELECT dt, datediff(dt, '2024-01-01') AS days_since FROM t18 GROUP BY dt ORDER BY dt; + +DROP TABLE t18; + +# Test: CASE expression with GROUP BY columns +CREATE TABLE t19 (status int, amount decimal(10,2)) ENGINE=Columnstore; +INSERT INTO t19 VALUES (1, 100.50), (1, 200.25), (2, 150.75), (2, 50.00); + +# Positive: CASE on GROUP BY column +SELECT CASE status WHEN 1 THEN 'Active' ELSE 'Inactive' END AS status_name, SUM(amount) +FROM t19 GROUP BY status ORDER BY status; + +DROP TABLE t19; + +# Test: Subexpressions and complex nesting +CREATE TABLE t20 (a int, b int, c int) ENGINE=Columnstore; +INSERT INTO t20 VALUES (1, 2, 10), (1, 3, 20), (2, 2, 30); + +# Positive: deeply nested expression +SELECT ((a + b) * 2) + 1, abs(a - b) + length(cast(a as char)) FROM t20 GROUP BY a, b ORDER BY a, b; + +DROP TABLE t20; + +# Test: Mixed positive - function on one GROUP BY col, arithmetic on another +CREATE TABLE t21 (name varchar(20), value int, category int) ENGINE=Columnstore; +INSERT INTO t21 VALUES ('A', 10, 1), ('B', 20, 1), ('A', 30, 2); + +# Positive: different operations on different GROUP BY columns +SELECT upper(name), value * 2, SUM(category) FROM t21 GROUP BY name, value ORDER BY name, value; + +DROP TABLE t21; + +# Test: Non-deterministic but allowed (MariaDB extension - ONLY_FULL_GROUP_BY off) +CREATE TABLE t22 (grp int, val1 int, val2 varchar(10)) ENGINE=Columnstore; +INSERT INTO t22 VALUES (1, 10, 'a'), (1, 20, 'b'), (2, 30, 'c'); + +# This is allowed by MariaDB (returns arbitrary value from group) +--disable_result_log +SELECT grp, val1 + 5, upper(val2) FROM t22 GROUP BY grp; +--enable_result_log + +DROP TABLE t22; + +# Test: Expression in GROUP BY itself +CREATE TABLE t23 (a int, b int) ENGINE=Columnstore; +INSERT INTO t23 VALUES (1, 10), (2, 20), (1, 30); + +# Positive: GROUP BY expression, SELECT same expression +SELECT a + b, COUNT(*) FROM t23 GROUP BY a + b ORDER BY a + b; + +# Positive: GROUP BY function, SELECT same function +SELECT abs(a), SUM(b) FROM t23 GROUP BY abs(a) ORDER BY abs(a); + +DROP TABLE t23; + +# Test: NULL handling in functions +CREATE TABLE t24 (a varchar(10), b int) ENGINE=Columnstore; +INSERT INTO t24 VALUES ('x', 1), (NULL, 2), ('x', 3); + +# Positive: function handles NULL in GROUP BY column +--disable_result_log +SELECT length(a), coalesce(a, 'NULL'), SUM(b) FROM t24 GROUP BY a; +--enable_result_log + +DROP TABLE t24; + +# Test: Multiple aggregates with functions on GROUP BY +CREATE TABLE t25 (category varchar(10), price decimal(10,2), qty int) ENGINE=Columnstore; +INSERT INTO t25 VALUES ('A', 10.50, 5), ('A', 20.25, 3), ('B', 15.00, 7); + +# Positive: multiple aggregates with function on GROUP BY +SELECT upper(category), SUM(price), AVG(price), COUNT(*), SUM(qty) +FROM t25 GROUP BY category ORDER BY category; + +DROP TABLE t25; + +# Test: PAD SPACE collation with length() function +# 'foo' and 'foo ' should be grouped together due to PAD SPACE collation +# length() should return the length of the first value in the group +# +CREATE TABLE t26 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t26 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); + +# With PAD SPACE collation, 'foo' and 'foo ' are equal, so we get 3 groups +# length(x) should return 3 for the 'foo'/'foo ' group (first value) +SELECT length(x) FROM t26 GROUP BY x ORDER BY length(x); + +# Verify grouping is correct +SELECT x, count(*) FROM t26 GROUP BY x ORDER BY x; + +# Combined: x, length(x), count(*) +SELECT x, length(x), count(*) FROM t26 GROUP BY x ORDER BY x; + +DROP TABLE t26; + +# +# Test: IF(x IS NULL, ...) with GROUP BY x +# +CREATE TABLE t27 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t27 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); + +# IF function depending on GROUP BY column +SELECT IF(x IS NULL, 'blank', 'not blank') FROM t27 GROUP BY x ORDER BY 1; + +# IFNULL function +SELECT IFNULL(x, 'NULL_VALUE') FROM t27 GROUP BY x ORDER BY 1; + +# COALESCE function +SELECT COALESCE(x, 'NULL_VALUE') FROM t27 GROUP BY x ORDER BY 1; + +DROP TABLE t27; + +# +# Test: rand() with GROUP BY - should return one random value per group +# +CREATE TABLE t28 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t28 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); + +# rand() should return 3 rows (one per group) +--disable_result_log +SELECT rand() FROM t28 GROUP BY x; +--enable_result_log + +# Verify we get exactly 3 groups +SELECT COUNT(*) FROM (SELECT rand() FROM t28 GROUP BY x) AS subq; + +DROP TABLE t28; + +# +# Test: upper(x) with GROUP BY x +# +CREATE TABLE t29 (x varchar(255)) ENGINE=Columnstore; +INSERT INTO t29 VALUES (NULL), ('foo'), ('bar'), (NULL), ('foo '); + +# upper() on GROUP BY column +SELECT upper(x) FROM t29 GROUP BY x ORDER BY upper(x); + +# lower() on GROUP BY column +SELECT lower(x) FROM t29 GROUP BY x ORDER BY lower(x); + +# Combined upper and lower +SELECT upper(x), lower(x) FROM t29 GROUP BY x ORDER BY x; + +DROP TABLE t29; + +# +# Test: concat(a, b) with GROUP BY a, b +# +CREATE TABLE t30 (a varchar(10), b varchar(10), c int) ENGINE=Columnstore; +INSERT INTO t30 VALUES ('x', 'y', 1), ('x', 'z', 2), ('x', 'y', 3), ('a', 'b', 4); + +# concat of two GROUP BY columns +SELECT concat(a, b) FROM t30 GROUP BY a, b ORDER BY a, b; + +# concat with separator +SELECT concat(a, '-', b) FROM t30 GROUP BY a, b ORDER BY a, b; + +# concat with count +SELECT concat(a, b), count(*) FROM t30 GROUP BY a, b ORDER BY a, b; + +DROP TABLE t30; + +# +# Test: Conditional functions with GROUP BY (IF, CASE, IFNULL, NULLIF, COALESCE) +# These functions should be evaluated at row-level, not after aggregation +# Bug reference: bug3025 - IF() returning wrong results with GROUP BY +# +CREATE TABLE t31 (value int) ENGINE=Columnstore; +INSERT INTO t31 VALUES (1), (1001), (24), (2123), (null), (123), (888), (8421), (231), (-100), (null); + +# IF function with comparison - should correctly evaluate for each row +SELECT value, IF(value<=1000,'<=1000', '>1000') +FROM t31 +GROUP BY value, IF(value<=1000,'<=1000', '>1000') +ORDER BY ISNULL(IF(value<=1000,'<=1000', '>1000')), value; + +# IF function in projection only +SELECT IF(value<=1000,'<=1000', '>1000') +FROM t31 +GROUP BY IF(value<=1000,'<=1000', '>1000'), value +ORDER BY ISNULL(IF(value<=1000,'<=1000', '>1000')), value; + +# IF function grouped by itself +SELECT IF(value<=1000,'<=1000', '>1000') FROM t31 +GROUP BY IF(value<=1000,'<=1000', '>1000') +ORDER BY IF(value<=1000,'<=1000', '>1000'); + +# Nested IF functions (from bug3025) +SELECT * FROM ( + SELECT count(*) cnt, + if((if(not isnull(value),'notNull','null') like 'null'), null, if(value<1000,'<1000','>=1000')) a + FROM t31 + GROUP BY a, value + ORDER BY not isnull(a), value asc +) b +ORDER BY cnt, a; + +DROP TABLE t31; + +# +# Test: CASE expression with GROUP BY +# +CREATE TABLE t32 (status int) ENGINE=Columnstore; +INSERT INTO t32 VALUES (1), (2), (3), (1), (2), (null), (3), (1); + +# CASE expression should evaluate correctly +SELECT CASE status WHEN 1 THEN 'active' WHEN 2 THEN 'pending' WHEN 3 THEN 'closed' ELSE 'unknown' END as status_text +FROM t32 +GROUP BY status +ORDER BY status; + +# CASE with count +SELECT CASE status WHEN 1 THEN 'active' WHEN 2 THEN 'pending' WHEN 3 THEN 'closed' ELSE 'unknown' END as status_text, count(*) +FROM t32 +GROUP BY status +ORDER BY status; + +# Searched CASE +SELECT CASE WHEN status < 2 THEN 'low' WHEN status < 3 THEN 'medium' ELSE 'high' END as priority +FROM t32 +GROUP BY status +ORDER BY status; + +DROP TABLE t32; + +# +# Test: NULLIF function with GROUP BY +# +CREATE TABLE t33 (x int) ENGINE=Columnstore; +INSERT INTO t33 VALUES (1), (2), (1), (3), (2), (1); + +# NULLIF should return NULL when values are equal +SELECT NULLIF(x, 1) FROM t33 GROUP BY x ORDER BY x; + +# NULLIF with different comparison +SELECT x, NULLIF(x, 2) FROM t33 GROUP BY x ORDER BY x; + +DROP TABLE t33; + +# +# Test: ELT function with GROUP BY +# +CREATE TABLE t34 (idx int) ENGINE=Columnstore; +INSERT INTO t34 VALUES (1), (2), (3), (1), (2), (null); + +# ELT returns the Nth element from the list +SELECT ELT(idx, 'one', 'two', 'three') FROM t34 GROUP BY idx ORDER BY idx; + +DROP TABLE t34; + +DROP TABLE t1; +DROP TABLE t2; +DROP TABLE t3; +DROP TABLE t4, t4b; +DROP TABLE t5; +DROP TABLE t6a, t6b; +DROP TABLE t7; + +# +# Cleanup +# +DROP DATABASE group_by_ambiguous_test; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcol-4525.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcol-4525.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcol-4525.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcol-4525.test 2026-05-24 09:58:34.000000000 +0000 @@ -83,11 +83,10 @@ INSERT INTO t1 VALUES(10,'sam',10); INSERT INTO t1 VALUES(10,'bob',10); SET columnstore_select_handler=ON; ---error 1178 -SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2; +SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2 ORDER BY col2; SELECT col1 c FROM t1 ORDER BY AVG(col1); SET columnstore_select_handler=AUTO; -SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2; +SELECT SUM(col1) AS col2 FROM t1 GROUP BY col2 ORDER BY col2; SELECT col1 c FROM t1 ORDER BY AVG(col1); DROP TABLE t1; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs65_crossengine_order_by.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs65_crossengine_order_by.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs65_crossengine_order_by.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs65_crossengine_order_by.test 2026-05-24 09:58:34.000000000 +0000 @@ -50,8 +50,10 @@ SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY t2.t2_int DESC, t1.t1_int DESC, t2.t2_char DESC; SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY t2.t2_char ASC, t2.t2_int, t1.t1_int; SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY t2.t2_char DESC, t2.t2_int DESC, t1.t1_int DESC; +--disable_result_log --error ER_BAD_FIELD_ERROR SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY -1; +--enable_result_log --error ER_BAD_FIELD_ERROR SELECT * FROM t1, t2 WHERE t1.t1_int = t2.t2_int ORDER BY 0; --error ER_BAD_FIELD_ERROR diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs87_alter_column.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs87_alter_column.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs87_alter_column.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs87_alter_column.test 2026-05-24 09:58:34.000000000 +0000 @@ -24,6 +24,7 @@ ALTER TABLE t1 ADD COLUMN c11 INT(1); ALTER TABLE t1 ADD COLUMN c21 CHAR(2); +ALTER TABLE t1 ADD COLUMN c31 CHAR(2); #Duplicate column name --error 1060 @@ -56,11 +57,9 @@ ################# # DROP Column ################# -#Bug 4270 ---error 1178 ALTER TABLE t1 DROP COLUMN IF EXISTS c11; -ALTER TABLE t1 DROP COLUMN c11; ALTER TABLE t1 DROP COLUMN IF EXISTS c11; +ALTER TABLE t1 DROP COLUMN c31; --replace_regex /( COLLATE=latin1_swedish_ci)// SHOW CREATE TABLE t1; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs88_import_export_csv.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs88_import_export_csv.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs88_import_export_csv.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/basic/t/mcs88_import_export_csv.test 2026-05-24 09:58:34.000000000 +0000 @@ -16,7 +16,9 @@ # Copy the data file to a location where there is no need to have permission. --exec \cp $MTR_SUITE_DIR/../std_data/100Krows.dat $DATADIR/mcs88_100Krows.dat - +# Change owner to mysql to avoid error when test is running as root and 'cp' sets owner as root +--exec chown mysql:mysql $DATADIR/mcs88_100Krows.dat +--exec chmod a+r $DATADIR/mcs88_100Krows.dat CREATE TABLE t1(col1 INT, col2 INT, col3 CHAR(8)) ENGINE=Columnstore; --replace_result $DATADIR DATADIR --eval LOAD DATA INFILE '$DATADIR/mcs88_100Krows.dat' INTO TABLE t1 FIELDS TERMINATED BY '|'; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.result 2026-05-24 09:58:34.000000000 +0000 @@ -3,8 +3,12 @@ USE MCOL_5987; CREATE TABLE t1(x integer) ENGINE=COLUMNSTORE; CREATE TABLE t2(x integer) ENGINE=COLUMNSTORE; +CREATE TABLE t3(x integer) ENGINE=COLUMNSTORE; +INSERT INTO t2(x) SELECT object_id FROM information_schema.columnstore_tables WHERE table_name='t1' AND table_schema='MCOL_5987'; DROP TABLE t1; CREATE TABLE t1(x integer) ENGINE=COLUMNSTORE; -TABLE_NAME -t1 +INSERT INTO t3(x) SELECT object_id FROM information_schema.columnstore_tables WHERE table_name='t1' AND table_schema='MCOL_5987'; +SELECT COUNT(*) FROM t2, t3 WHERE t2.x = t3.x; +COUNT(*) +1 DROP DATABASE MCOL_5987; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-5987-recycle-oids.test 2026-05-24 09:58:34.000000000 +0000 @@ -4,11 +4,11 @@ CREATE DATABASE MCOL_5987; USE MCOL_5987; CREATE TABLE t1(x integer) ENGINE=COLUMNSTORE; ---let $oid1=query_get_value(SELECT OBJECT_ID FROM information_schema.columnstore_tables WHERE TABLE_SCHEMA='MCOL_5987' AND TABLE_NAME='t1', OBJECT_ID, 1) CREATE TABLE t2(x integer) ENGINE=COLUMNSTORE; +CREATE TABLE t3(x integer) ENGINE=COLUMNSTORE; +INSERT INTO t2(x) SELECT object_id FROM information_schema.columnstore_tables WHERE table_name='t1' AND table_schema='MCOL_5987'; DROP TABLE t1; CREATE TABLE t1(x integer) ENGINE=COLUMNSTORE; ---disable_query_log ---eval SELECT TABLE_NAME FROM information_schema.columnstore_tables WHERE OBJECT_ID=$oid1; ---enable_query_log +INSERT INTO t3(x) SELECT object_id FROM information_schema.columnstore_tables WHERE table_name='t1' AND table_schema='MCOL_5987'; +SELECT COUNT(*) FROM t2, t3 WHERE t2.x = t3.x; DROP DATABASE MCOL_5987; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,12 @@ +DROP DATABASE IF EXISTS MCOL_6243; +CREATE DATABASE MCOL_6243; +USE MCOL_6243; +CREATE TABLE t1 ( +short_id varchar(36) +, long_content longtext +) ENGINE=Columnstore DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; +LOAD DATA LOCAL INFILE 'DATADIR/mcol_6243_input.csv' INTO TABLE t1 CHARACTER SET UTF8MB4 FIELDS TERMINATED BY ';' OPTIONALLY ENCLOSED BY '"' ESCAPED BY '\\' (short_id, long_content);; +SELECT short_id, length(long_content) FROM t1; +short_id length(long_content) +short id 1200000 +DROP DATABASE MCOL_6243; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6243-long-text-cpimport-fail.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,26 @@ +# Checks that long text values longer than 1MB (old cpimport buffer size) +# get loaded by cpimport. + +--disable_warnings +DROP DATABASE IF EXISTS MCOL_6243; +--enable_warnings +CREATE DATABASE MCOL_6243; +USE MCOL_6243; + +CREATE TABLE t1 ( + short_id varchar(36) + , long_content longtext +) ENGINE=Columnstore DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; + +let $DATADIR=`SELECT @@datadir`; +--exec rm -f $DATADIR/mcol_6243_input.csv +--exec printf "short id;" > $DATADIR/mcol_6243_input.csv +# this line produces 100,000 repetitions of the "long content" string, totaling 1,200,000 bytes. +--system bash -c "printf 'long content%.0s' {1..100000}" >> $DATADIR/mcol_6243_input.csv +--replace_result $DATADIR DATADIR +--eval LOAD DATA LOCAL INFILE '$DATADIR/mcol_6243_input.csv' INTO TABLE t1 CHARACTER SET UTF8MB4 FIELDS TERMINATED BY ';' OPTIONALLY ENCLOSED BY '"' ESCAPED BY '\\\\' (short_id, long_content); +--exec rm -f $DATADIR/mcol_6243_input.csv + +SELECT short_id, length(long_content) FROM t1; + +DROP DATABASE MCOL_6243; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,148 @@ +DROP DATABASE IF EXISTS MCOL6297; +CREATE DATABASE IF NOT EXISTS MCOL6297; +USE MCOL6297; +CREATE USER IF NOT EXISTS'cejuser'@'localhost' IDENTIFIED BY 'Vagrant1|0000001'; +GRANT ALL PRIVILEGES ON *.* TO 'cejuser'@'localhost'; +FLUSH PRIVILEGES; +CREATE TABLE ABC_fact_at_reghrp ( +APO_ID INT NOT NULL, +PZN_ID INT NOT NULL +) ENGINE=ColumnStore; +CREATE TABLE ABC_tbr_adm_rpi_kunde ( +KUNDE_ID INT NOT NULL, +STRUKTUR_ID INT NOT NULL, +APO_ID INT NOT NULL, +ADMAT_ID INT NOT NULL +) ENGINE=InnoDB; +CREATE TABLE ABC_fact_at_reghrd ( +KUNDE_ID INT NOT NULL, +STRUKTUR_ID INT NOT NULL, +APO_ID INT NOT NULL, +ADMAT_ID INT NOT NULL, +PZN_ID INT NOT NULL +) ENGINE=ColumnStore; +INSERT INTO ABC_tbr_adm_rpi_kunde (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID) VALUES (38, 1, 123, 401); +INSERT INTO ABC_fact_at_reghrp (APO_ID, PZN_ID) VALUES (123, 3520496); +INSERT INTO ABC_fact_at_reghrd (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID, PZN_ID) VALUES (38, 1, 99, 401, 3520496); +SELECT +CASE WHEN v.admat_id IN (401,402,403,404,405) THEN '$5' ELSE 'REST' END AS reggroup, +v.PZN_ID AS `13999_PZN`, +NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( +SELECT +mcads.ADMAT_ID AS admat_id, +v.APO_ID AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrp AS v +JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads +ON mcads.KUNDE_ID = 38 +AND mcads.STRUKTUR_ID = 1 +AND v.APO_ID = mcads.APO_ID +UNION ALL +SELECT +v.ADMAT_ID AS admat_id, +99 AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrd AS v +WHERE +v.KUNDE_ID = 38 +AND v.STRUKTUR_ID = 1 +) AS v +WHERE +v.admat_id IN (401,402,403,404,405) +AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY +reggroup, `13999_PZN`; +reggroup 13999_PZN VALUE_2025_12_M_8132_1_1 +$5 3520496 NULL +SELECT +CASE WHEN v.admat_id IN (401,402,403,404,405) THEN '$5' ELSE 'REST' END AS reggroup, +v.PZN_ID AS `13999_PZN`, +NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( +SELECT +mcads.ADMAT_ID AS admat_id, +v.APO_ID AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrp AS v +JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads +ON mcads.KUNDE_ID = 38 +AND mcads.STRUKTUR_ID = 1 +AND v.APO_ID = mcads.APO_ID +UNION ALL +SELECT +v.ADMAT_ID AS admat_id, +99 AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrd AS v +WHERE +v.KUNDE_ID = 38 +AND v.STRUKTUR_ID = 1 +) AS v +WHERE +v.admat_id NOT IN (401,402,403,404,405) +AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY +reggroup, `13999_PZN`; +reggroup 13999_PZN VALUE_2025_12_M_8132_1_1 +DROP DATABASE MCOL6297; +CREATE DATABASE MCOL6297; +USE MCOL6297; +CREATE TABLE ABC_fact_at_reghrp ( +APO_ID INT NOT NULL, +PZN_ID INT NOT NULL +) ENGINE=ColumnStore; +CREATE TABLE ABC_tbr_adm_rpi_kunde ( +KUNDE_ID INT NOT NULL, +STRUKTUR_ID INT NOT NULL, +APO_ID INT NOT NULL, +ADMAT_ID TEXT NOT NULL +) ENGINE=InnoDB; +CREATE TABLE ABC_fact_at_reghrd ( +KUNDE_ID INT NOT NULL, +STRUKTUR_ID INT NOT NULL, +APO_ID INT NOT NULL, +ADMAT_ID TEXT NOT NULL, +PZN_ID INT NOT NULL +) ENGINE=ColumnStore; +INSERT INTO ABC_tbr_adm_rpi_kunde (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID) VALUES (38, 1, 123, '401'); +INSERT INTO ABC_fact_at_reghrp (APO_ID, PZN_ID) VALUES (123, 3520496); +INSERT INTO ABC_fact_at_reghrd (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID, PZN_ID) VALUES (38, 1, 99, '401', 3520496); +SELECT +CASE WHEN v.admat_id IN ('401','402','403','404','405') THEN '$5' ELSE 'REST' END AS reggroup, +v.PZN_ID AS `13999_PZN`, +NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( +SELECT +mcads.ADMAT_ID AS admat_id, +v.APO_ID AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrp AS v +JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads +ON mcads.KUNDE_ID = 38 +AND mcads.STRUKTUR_ID = 1 +AND v.APO_ID = mcads.APO_ID +UNION ALL +SELECT +v.ADMAT_ID AS admat_id, +99 AS APO_ID, +v.PZN_ID AS PZN_ID +FROM +MCOL6297.ABC_fact_at_reghrd AS v +WHERE +v.KUNDE_ID = 38 +AND v.STRUKTUR_ID = 1 +) AS v +WHERE +v.admat_id IN ('401','402','403','404','405') +AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY +reggroup, `13999_PZN`; +reggroup 13999_PZN VALUE_2025_12_M_8132_1_1 +$5 3520496 NULL +DROP DATABASE MCOL6297; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6297-unknown-column-in-foreign-query.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,179 @@ +--source include/have_innodb.inc +--source ../include/have_columnstore.inc + +--disable_warnings +DROP DATABASE IF EXISTS MCOL6297; +--enable_warnings +CREATE DATABASE IF NOT EXISTS MCOL6297; +USE MCOL6297; + +# +# Enable cross engine join +# Configure user and password in Columnstore.xml file +# +if (!$MASTER_MYPORT) +{ + # Running with --extern + let $MASTER_MYPORT=`SELECT @@port`; +} +--exec $MCS_MCSSETCONFIG CrossEngineSupport User 'cejuser' +--exec $MCS_MCSSETCONFIG CrossEngineSupport Password 'Vagrant1|0000001' +--exec $MCS_MCSSETCONFIG CrossEngineSupport Port $MASTER_MYPORT + +CREATE USER IF NOT EXISTS'cejuser'@'localhost' IDENTIFIED BY 'Vagrant1|0000001'; +GRANT ALL PRIVILEGES ON *.* TO 'cejuser'@'localhost'; +FLUSH PRIVILEGES; + +CREATE TABLE ABC_fact_at_reghrp ( + APO_ID INT NOT NULL, + PZN_ID INT NOT NULL +) ENGINE=ColumnStore; + +CREATE TABLE ABC_tbr_adm_rpi_kunde ( + KUNDE_ID INT NOT NULL, + STRUKTUR_ID INT NOT NULL, + APO_ID INT NOT NULL, + ADMAT_ID INT NOT NULL +) ENGINE=InnoDB; + +CREATE TABLE ABC_fact_at_reghrd ( + KUNDE_ID INT NOT NULL, + STRUKTUR_ID INT NOT NULL, + APO_ID INT NOT NULL, + ADMAT_ID INT NOT NULL, + PZN_ID INT NOT NULL +) ENGINE=ColumnStore; + +INSERT INTO ABC_tbr_adm_rpi_kunde (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID) VALUES (38, 1, 123, 401); +INSERT INTO ABC_fact_at_reghrp (APO_ID, PZN_ID) VALUES (123, 3520496); +INSERT INTO ABC_fact_at_reghrd (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID, PZN_ID) VALUES (38, 1, 99, 401, 3520496); + +SELECT + CASE WHEN v.admat_id IN (401,402,403,404,405) THEN '$5' ELSE 'REST' END AS reggroup, + v.PZN_ID AS `13999_PZN`, + NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( + SELECT + mcads.ADMAT_ID AS admat_id, + v.APO_ID AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrp AS v + JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads + ON mcads.KUNDE_ID = 38 + AND mcads.STRUKTUR_ID = 1 + AND v.APO_ID = mcads.APO_ID + UNION ALL + SELECT + v.ADMAT_ID AS admat_id, + 99 AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrd AS v + WHERE + v.KUNDE_ID = 38 + AND v.STRUKTUR_ID = 1 +) AS v +WHERE + v.admat_id IN (401,402,403,404,405) + AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY + reggroup, `13999_PZN`; + +# this returns empty set, but we are concerned with the correctness of NOT IN processing. +SELECT + CASE WHEN v.admat_id IN (401,402,403,404,405) THEN '$5' ELSE 'REST' END AS reggroup, + v.PZN_ID AS `13999_PZN`, + NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( + SELECT + mcads.ADMAT_ID AS admat_id, + v.APO_ID AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrp AS v + JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads + ON mcads.KUNDE_ID = 38 + AND mcads.STRUKTUR_ID = 1 + AND v.APO_ID = mcads.APO_ID + UNION ALL + SELECT + v.ADMAT_ID AS admat_id, + 99 AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrd AS v + WHERE + v.KUNDE_ID = 38 + AND v.STRUKTUR_ID = 1 +) AS v +WHERE + v.admat_id NOT IN (401,402,403,404,405) + AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY + reggroup, `13999_PZN`; + +DROP DATABASE MCOL6297; + +# test quoted (textual) values +CREATE DATABASE MCOL6297; +USE MCOL6297; +CREATE TABLE ABC_fact_at_reghrp ( + APO_ID INT NOT NULL, + PZN_ID INT NOT NULL +) ENGINE=ColumnStore; + +CREATE TABLE ABC_tbr_adm_rpi_kunde ( + KUNDE_ID INT NOT NULL, + STRUKTUR_ID INT NOT NULL, + APO_ID INT NOT NULL, + ADMAT_ID TEXT NOT NULL +) ENGINE=InnoDB; + +CREATE TABLE ABC_fact_at_reghrd ( + KUNDE_ID INT NOT NULL, + STRUKTUR_ID INT NOT NULL, + APO_ID INT NOT NULL, + ADMAT_ID TEXT NOT NULL, + PZN_ID INT NOT NULL +) ENGINE=ColumnStore; + +INSERT INTO ABC_tbr_adm_rpi_kunde (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID) VALUES (38, 1, 123, '401'); +INSERT INTO ABC_fact_at_reghrp (APO_ID, PZN_ID) VALUES (123, 3520496); +INSERT INTO ABC_fact_at_reghrd (KUNDE_ID, STRUKTUR_ID, APO_ID, ADMAT_ID, PZN_ID) VALUES (38, 1, 99, '401', 3520496); + +SELECT + CASE WHEN v.admat_id IN ('401','402','403','404','405') THEN '$5' ELSE 'REST' END AS reggroup, + v.PZN_ID AS `13999_PZN`, + NULL AS VALUE_2025_12_M_8132_1_1 +FROM ( + SELECT + mcads.ADMAT_ID AS admat_id, + v.APO_ID AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrp AS v + JOIN MCOL6297.ABC_tbr_adm_rpi_kunde AS mcads + ON mcads.KUNDE_ID = 38 + AND mcads.STRUKTUR_ID = 1 + AND v.APO_ID = mcads.APO_ID + UNION ALL + SELECT + v.ADMAT_ID AS admat_id, + 99 AS APO_ID, + v.PZN_ID AS PZN_ID + FROM + MCOL6297.ABC_fact_at_reghrd AS v + WHERE + v.KUNDE_ID = 38 + AND v.STRUKTUR_ID = 1 +) AS v +WHERE + v.admat_id IN ('401','402','403','404','405') + AND v.PZN_ID IN (3520496,5129827,5129833) +GROUP BY + reggroup, `13999_PZN`; + +DROP DATABASE MCOL6297; + + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,34 @@ +DROP DATABASE IF EXISTS mcol_6300; +CREATE DATABASE mcol_6300; +USE mcol_6300; +CREATE TABLE test_cs (id INT, name VARCHAR(100)) ENGINE=Columnstore; +INSERT INTO test_cs VALUES (1, 'existing'); +INSERT INTO test_cs +SELECT * FROM JSON_TABLE( +'[{"id": 2, "name": "new"}]', +'$[*]' COLUMNS ( +id INT PATH '$.id', +name VARCHAR(100) PATH '$.name' + ) +) AS jt; +SELECT * FROM test_cs ORDER BY id; +id name +1 existing +2 new +INSERT INTO test_cs +SELECT jt.* FROM JSON_TABLE( +'[{"id": 3, "name": "another"}]', +'$[*]' COLUMNS ( +id INT PATH '$.id', +name VARCHAR(100) PATH '$.name' + ) +) AS jt +WHERE NOT EXISTS ( +SELECT 1 FROM test_cs t WHERE t.id = jt.id +); +SELECT * FROM test_cs ORDER BY id; +id name +1 existing +2 new +3 another +DROP DATABASE mcol_6300; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6300-json-table-null-db-plugin-crash.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,54 @@ +# MCOL-6300: Server crash when INSERT SELECT from JSON_TABLE with +# subquery referencing a ColumnStore table. +# +# Two bugs fixed: +# 1. isMCSTable() crashed dereferencing NULL db_plugin for JSON_TABLE +# virtual table. +# 2. ColumnStore tried to handle JSON_TABLE via CrossEngineStep which +# failed because JSON_TABLE is a virtual table (db = *any*) that +# does not exist in any database. Fixed by rejecting table functions +# in getSelectPlan() so the server handles them natively. + +--source ../include/have_columnstore.inc + +--disable_warnings +DROP DATABASE IF EXISTS mcol_6300; +--enable_warnings + +CREATE DATABASE mcol_6300; +USE mcol_6300; + +CREATE TABLE test_cs (id INT, name VARCHAR(100)) ENGINE=Columnstore; +INSERT INTO test_cs VALUES (1, 'existing'); + +# Simple INSERT from JSON_TABLE — triggers isMCSTable() on the +# JSON_TABLE virtual table which has db_plugin=NULL. +INSERT INTO test_cs +SELECT * FROM JSON_TABLE( + '[{"id": 2, "name": "new"}]', + '$[*]' COLUMNS ( + id INT PATH '$.id', + name VARCHAR(100) PATH '$.name' + ) +) AS jt; + +SELECT * FROM test_cs ORDER BY id; + +# JSON_TABLE + NOT EXISTS subquery on ColumnStore table. +# ColumnStore falls back to server execution for this query because +# JSON_TABLE cannot be handled by ColumnStore. +INSERT INTO test_cs +SELECT jt.* FROM JSON_TABLE( + '[{"id": 3, "name": "another"}]', + '$[*]' COLUMNS ( + id INT PATH '$.id', + name VARCHAR(100) PATH '$.name' + ) +) AS jt +WHERE NOT EXISTS ( + SELECT 1 FROM test_cs t WHERE t.id = jt.id +); + +SELECT * FROM test_cs ORDER BY id; + +DROP DATABASE mcol_6300; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.opt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.opt 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1 @@ +--skip-sequence=0 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.result 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,2626 @@ +DROP DATABASE IF EXISTS MCOL_6321; +CREATE DATABASE MCOL_6321; +USE MCOL_6321; +CREATE TABLE t(x longtext) ENGINE=Columnstore; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_1_to_10; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_11_to_20; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_21_to_30; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_31_to_40; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_41_to_50; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_51_to_60; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_61_to_70; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_71_to_80; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_81_to_90; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_91_to_100; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_101_to_110; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_111_to_120; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_121_to_130; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_131_to_140; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_141_to_150; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_151_to_160; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_161_to_170; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_171_to_180; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_181_to_190; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_191_to_200; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_201_to_210; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_211_to_220; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_221_to_230; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_231_to_240; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_241_to_250; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_251_to_260; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_261_to_270; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_271_to_280; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_281_to_290; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_291_to_300; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_301_to_310; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_311_to_320; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_321_to_330; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_331_to_340; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_341_to_350; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_351_to_360; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_361_to_370; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_371_to_380; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_381_to_390; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_391_to_400; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_401_to_410; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_411_to_420; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_421_to_430; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_431_to_440; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_441_to_450; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_451_to_460; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_461_to_470; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_471_to_480; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_481_to_490; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_491_to_500; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_501_to_510; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_511_to_520; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_521_to_530; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_531_to_540; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_541_to_550; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_551_to_560; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_561_to_570; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_571_to_580; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_581_to_590; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_591_to_600; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_601_to_610; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_611_to_620; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_621_to_630; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_631_to_640; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_641_to_650; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_651_to_660; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_661_to_670; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_671_to_680; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_681_to_690; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_691_to_700; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_701_to_710; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_711_to_720; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_721_to_730; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_731_to_740; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_741_to_750; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_751_to_760; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_761_to_770; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_771_to_780; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_781_to_790; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_791_to_800; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_801_to_810; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_811_to_820; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_821_to_830; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_831_to_840; +SELECT SUBSTR(x,1,10) FROM t; +SUBSTR(x,1,10) +100zukazuk +101zukazuk +102zukazuk +103zukazuk +104zukazuk +105zukazuk +106zukazuk +107zukazuk +108zukazuk +109zukazuk +10zukazuka +110zukazuk +111zukazuk +112zukazuk +113zukazuk +114zukazuk +115zukazuk +116zukazuk +117zukazuk +118zukazuk +119zukazuk +11zukazuka +120zukazuk +121zukazuk +122zukazuk +123zukazuk +124zukazuk +125zukazuk +126zukazuk +127zukazuk +128zukazuk +129zukazuk +12zukazuka +130zukazuk +131zukazuk +132zukazuk +133zukazuk +134zukazuk +135zukazuk +136zukazuk +137zukazuk +138zukazuk +139zukazuk +13zukazuka +140zukazuk +141zukazuk +142zukazuk +143zukazuk +144zukazuk +145zukazuk +146zukazuk +147zukazuk +148zukazuk +149zukazuk +14zukazuka +150zukazuk +151zukazuk +152zukazuk +153zukazuk +154zukazuk +155zukazuk +156zukazuk +157zukazuk +158zukazuk +159zukazuk +15zukazuka +160zukazuk +161zukazuk +162zukazuk +163zukazuk +164zukazuk +165zukazuk +166zukazuk +167zukazuk +168zukazuk +169zukazuk +16zukazuka +170zukazuk +171zukazuk +172zukazuk +173zukazuk +174zukazuk +175zukazuk +176zukazuk +177zukazuk +178zukazuk +179zukazuk +17zukazuka +180zukazuk +181zukazuk +182zukazuk +183zukazuk +184zukazuk +185zukazuk +186zukazuk +187zukazuk +188zukazuk +189zukazuk +18zukazuka +190zukazuk +191zukazuk +192zukazuk +193zukazuk +194zukazuk +195zukazuk +196zukazuk +197zukazuk +198zukazuk +199zukazuk +19zukazuka +1zukazukaz +200zukazuk +201zukazuk +202zukazuk +203zukazuk +204zukazuk +205zukazuk +206zukazuk +207zukazuk +208zukazuk +209zukazuk +20zukazuka +210zukazuk +211zukazuk +212zukazuk +213zukazuk +214zukazuk +215zukazuk +216zukazuk +217zukazuk +218zukazuk +219zukazuk +21zukazuka +220zukazuk +221zukazuk +222zukazuk +223zukazuk +224zukazuk +225zukazuk +226zukazuk +227zukazuk +228zukazuk +229zukazuk +22zukazuka +230zukazuk +231zukazuk +232zukazuk +233zukazuk +234zukazuk +235zukazuk +236zukazuk +237zukazuk +238zukazuk +239zukazuk +23zukazuka +240zukazuk +241zukazuk +242zukazuk +243zukazuk +244zukazuk +245zukazuk +246zukazuk +247zukazuk +248zukazuk +249zukazuk +24zukazuka +250zukazuk +251zukazuk +252zukazuk +253zukazuk +254zukazuk +255zukazuk +256zukazuk +257zukazuk +258zukazuk +259zukazuk +25zukazuka +260zukazuk +261zukazuk +262zukazuk +263zukazuk +264zukazuk +265zukazuk +266zukazuk +267zukazuk +268zukazuk +269zukazuk +26zukazuka +270zukazuk +271zukazuk +272zukazuk +273zukazuk +274zukazuk +275zukazuk +276zukazuk +277zukazuk +278zukazuk +279zukazuk +27zukazuka +280zukazuk +281zukazuk +282zukazuk +283zukazuk +284zukazuk +285zukazuk +286zukazuk +287zukazuk +288zukazuk +289zukazuk +28zukazuka +290zukazuk +291zukazuk +292zukazuk +293zukazuk +294zukazuk +295zukazuk +296zukazuk +297zukazuk +298zukazuk +299zukazuk +29zukazuka +2zukazukaz +300zukazuk +301zukazuk +302zukazuk +303zukazuk +304zukazuk +305zukazuk +306zukazuk +307zukazuk +308zukazuk +309zukazuk +30zukazuka +310zukazuk +311zukazuk +312zukazuk +313zukazuk +314zukazuk +315zukazuk +316zukazuk +317zukazuk +318zukazuk +319zukazuk +31zukazuka +320zukazuk +321zukazuk +322zukazuk +323zukazuk +324zukazuk +325zukazuk +326zukazuk +327zukazuk +328zukazuk +329zukazuk +32zukazuka +330zukazuk +331zukazuk +332zukazuk +333zukazuk +334zukazuk +335zukazuk +336zukazuk +337zukazuk +338zukazuk +339zukazuk +33zukazuka +340zukazuk +341zukazuk +342zukazuk +343zukazuk +344zukazuk +345zukazuk +346zukazuk +347zukazuk +348zukazuk +349zukazuk +34zukazuka +350zukazuk +351zukazuk +352zukazuk +353zukazuk +354zukazuk +355zukazuk +356zukazuk +357zukazuk +358zukazuk +359zukazuk +35zukazuka +360zukazuk +361zukazuk +362zukazuk +363zukazuk +364zukazuk +365zukazuk +366zukazuk +367zukazuk +368zukazuk +369zukazuk +36zukazuka +370zukazuk +371zukazuk +372zukazuk +373zukazuk +374zukazuk +375zukazuk +376zukazuk +377zukazuk +378zukazuk +379zukazuk +37zukazuka +380zukazuk +381zukazuk +382zukazuk +383zukazuk +384zukazuk +385zukazuk +386zukazuk +387zukazuk +388zukazuk +389zukazuk +38zukazuka +390zukazuk +391zukazuk +392zukazuk +393zukazuk +394zukazuk +395zukazuk +396zukazuk +397zukazuk +398zukazuk +399zukazuk +39zukazuka +3zukazukaz +400zukazuk +401zukazuk +402zukazuk +403zukazuk +404zukazuk +405zukazuk +406zukazuk +407zukazuk +408zukazuk +409zukazuk +40zukazuka +410zukazuk +411zukazuk +412zukazuk +413zukazuk +414zukazuk +415zukazuk +416zukazuk +417zukazuk +418zukazuk +419zukazuk +41zukazuka +420zukazuk +421zukazuk +422zukazuk +423zukazuk +424zukazuk +425zukazuk +426zukazuk +427zukazuk +428zukazuk +429zukazuk +42zukazuka +430zukazuk +431zukazuk +432zukazuk +433zukazuk +434zukazuk +435zukazuk +436zukazuk +437zukazuk +438zukazuk +439zukazuk +43zukazuka +440zukazuk +441zukazuk +442zukazuk +443zukazuk +444zukazuk +445zukazuk +446zukazuk +447zukazuk +448zukazuk +449zukazuk +44zukazuka +450zukazuk +451zukazuk +452zukazuk +453zukazuk +454zukazuk +455zukazuk +456zukazuk +457zukazuk +458zukazuk +459zukazuk +45zukazuka +460zukazuk +461zukazuk +462zukazuk +463zukazuk +464zukazuk +465zukazuk +466zukazuk +467zukazuk +468zukazuk +469zukazuk +46zukazuka +470zukazuk +471zukazuk +472zukazuk +473zukazuk +474zukazuk +475zukazuk +476zukazuk +477zukazuk +478zukazuk +479zukazuk +47zukazuka +480zukazuk +481zukazuk +482zukazuk +483zukazuk +484zukazuk +485zukazuk +486zukazuk +487zukazuk +488zukazuk +489zukazuk +48zukazuka +490zukazuk +491zukazuk +492zukazuk +493zukazuk +494zukazuk +495zukazuk +496zukazuk +497zukazuk +498zukazuk +499zukazuk +49zukazuka +4zukazukaz +500zukazuk +501zukazuk +502zukazuk +503zukazuk +504zukazuk +505zukazuk +506zukazuk +507zukazuk +508zukazuk +509zukazuk +50zukazuka +510zukazuk +511zukazuk +512zukazuk +513zukazuk +514zukazuk +515zukazuk +516zukazuk +517zukazuk +518zukazuk +519zukazuk +51zukazuka +520zukazuk +521zukazuk +522zukazuk +523zukazuk +524zukazuk +525zukazuk +526zukazuk +527zukazuk +528zukazuk +529zukazuk +52zukazuka +530zukazuk +531zukazuk +532zukazuk +533zukazuk +534zukazuk +535zukazuk +536zukazuk +537zukazuk +538zukazuk +539zukazuk +53zukazuka +540zukazuk +541zukazuk +542zukazuk +543zukazuk +544zukazuk +545zukazuk +546zukazuk +547zukazuk +548zukazuk +549zukazuk +54zukazuka +550zukazuk +551zukazuk +552zukazuk +553zukazuk +554zukazuk +555zukazuk +556zukazuk +557zukazuk +558zukazuk +559zukazuk +55zukazuka +560zukazuk +561zukazuk +562zukazuk +563zukazuk +564zukazuk +565zukazuk +566zukazuk +567zukazuk +568zukazuk +569zukazuk +56zukazuka +570zukazuk +571zukazuk +572zukazuk +573zukazuk +574zukazuk +575zukazuk +576zukazuk +577zukazuk +578zukazuk +579zukazuk +57zukazuka +580zukazuk +581zukazuk +582zukazuk +583zukazuk +584zukazuk +585zukazuk +586zukazuk +587zukazuk +588zukazuk +589zukazuk +58zukazuka +590zukazuk +591zukazuk +592zukazuk +593zukazuk +594zukazuk +595zukazuk +596zukazuk +597zukazuk +598zukazuk +599zukazuk +59zukazuka +5zukazukaz +600zukazuk +601zukazuk +602zukazuk +603zukazuk +604zukazuk +605zukazuk +606zukazuk +607zukazuk +608zukazuk +609zukazuk +60zukazuka +610zukazuk +611zukazuk +612zukazuk +613zukazuk +614zukazuk +615zukazuk +616zukazuk +617zukazuk +618zukazuk +619zukazuk +61zukazuka +620zukazuk +621zukazuk +622zukazuk +623zukazuk +624zukazuk +625zukazuk +626zukazuk +627zukazuk +628zukazuk +629zukazuk +62zukazuka +630zukazuk +631zukazuk +632zukazuk +633zukazuk +634zukazuk +635zukazuk +636zukazuk +637zukazuk +638zukazuk +639zukazuk +63zukazuka +640zukazuk +641zukazuk +642zukazuk +643zukazuk +644zukazuk +645zukazuk +646zukazuk +647zukazuk +648zukazuk +649zukazuk +64zukazuka +650zukazuk +651zukazuk +652zukazuk +653zukazuk +654zukazuk +655zukazuk +656zukazuk +657zukazuk +658zukazuk +659zukazuk +65zukazuka +660zukazuk +661zukazuk +662zukazuk +663zukazuk +664zukazuk +665zukazuk +666zukazuk +667zukazuk +668zukazuk +669zukazuk +66zukazuka +670zukazuk +671zukazuk +672zukazuk +673zukazuk +674zukazuk +675zukazuk +676zukazuk +677zukazuk +678zukazuk +679zukazuk +67zukazuka +680zukazuk +681zukazuk +682zukazuk +683zukazuk +684zukazuk +685zukazuk +686zukazuk +687zukazuk +688zukazuk +689zukazuk +68zukazuka +690zukazuk +691zukazuk +692zukazuk +693zukazuk +694zukazuk +695zukazuk +696zukazuk +697zukazuk +698zukazuk +699zukazuk +69zukazuka +6zukazukaz +700zukazuk +701zukazuk +702zukazuk +703zukazuk +704zukazuk +705zukazuk +706zukazuk +707zukazuk +708zukazuk +709zukazuk +70zukazuka +710zukazuk +711zukazuk +712zukazuk +713zukazuk +714zukazuk +715zukazuk +716zukazuk +717zukazuk +718zukazuk +719zukazuk +71zukazuka +720zukazuk +721zukazuk +722zukazuk +723zukazuk +724zukazuk +725zukazuk +726zukazuk +727zukazuk +728zukazuk +729zukazuk +72zukazuka +730zukazuk +731zukazuk +732zukazuk +733zukazuk +734zukazuk +735zukazuk +736zukazuk +737zukazuk +738zukazuk +739zukazuk +73zukazuka +740zukazuk +741zukazuk +742zukazuk +743zukazuk +744zukazuk +745zukazuk +746zukazuk +747zukazuk +748zukazuk +749zukazuk +74zukazuka +750zukazuk +751zukazuk +752zukazuk +753zukazuk +754zukazuk +755zukazuk +756zukazuk +757zukazuk +758zukazuk +759zukazuk +75zukazuka +760zukazuk +761zukazuk +762zukazuk +763zukazuk +764zukazuk +765zukazuk +766zukazuk +767zukazuk +768zukazuk +769zukazuk +76zukazuka +770zukazuk +771zukazuk +772zukazuk +773zukazuk +774zukazuk +775zukazuk +776zukazuk +777zukazuk +778zukazuk +779zukazuk +77zukazuka +780zukazuk +781zukazuk +782zukazuk +783zukazuk +784zukazuk +785zukazuk +786zukazuk +787zukazuk +788zukazuk +789zukazuk +78zukazuka +790zukazuk +791zukazuk +792zukazuk +793zukazuk +794zukazuk +795zukazuk +796zukazuk +797zukazuk +798zukazuk +799zukazuk +79zukazuka +7zukazukaz +800zukazuk +801zukazuk +802zukazuk +803zukazuk +804zukazuk +805zukazuk +806zukazuk +807zukazuk +808zukazuk +809zukazuk +80zukazuka +810zukazuk +811zukazuk +812zukazuk +813zukazuk +814zukazuk +815zukazuk +816zukazuk +817zukazuk +818zukazuk +819zukazuk +81zukazuka +820zukazuk +821zukazuk +822zukazuk +823zukazuk +824zukazuk +825zukazuk +826zukazuk +827zukazuk +828zukazuk +829zukazuk +82zukazuka +830zukazuk +831zukazuk +832zukazuk +833zukazuk +834zukazuk +835zukazuk +836zukazuk +837zukazuk +838zukazuk +839zukazuk +83zukazuka +840zukazuk +84zukazuka +85zukazuka +86zukazuka +87zukazuka +88zukazuka +89zukazuka +8zukazukaz +90zukazuka +91zukazuka +92zukazuka +93zukazuka +94zukazuka +95zukazuka +96zukazuka +97zukazuka +98zukazuka +99zukazuka +9zukazukaz +stopping MCS +mkdir backup +moving files into backup +copying oidbitmap back +rebuilding EM +starting MCS +SELECT SUBSTR(x,1,10) FROM t; +SUBSTR(x,1,10) +100zukazuk +101zukazuk +102zukazuk +103zukazuk +104zukazuk +105zukazuk +106zukazuk +107zukazuk +108zukazuk +109zukazuk +10zukazuka +110zukazuk +111zukazuk +112zukazuk +113zukazuk +114zukazuk +115zukazuk +116zukazuk +117zukazuk +118zukazuk +119zukazuk +11zukazuka +120zukazuk +121zukazuk +122zukazuk +123zukazuk +124zukazuk +125zukazuk +126zukazuk +127zukazuk +128zukazuk +129zukazuk +12zukazuka +130zukazuk +131zukazuk +132zukazuk +133zukazuk +134zukazuk +135zukazuk +136zukazuk +137zukazuk +138zukazuk +139zukazuk +13zukazuka +140zukazuk +141zukazuk +142zukazuk +143zukazuk +144zukazuk +145zukazuk +146zukazuk +147zukazuk +148zukazuk +149zukazuk +14zukazuka +150zukazuk +151zukazuk +152zukazuk +153zukazuk +154zukazuk +155zukazuk +156zukazuk +157zukazuk +158zukazuk +159zukazuk +15zukazuka +160zukazuk +161zukazuk +162zukazuk +163zukazuk +164zukazuk +165zukazuk +166zukazuk +167zukazuk +168zukazuk +169zukazuk +16zukazuka +170zukazuk +171zukazuk +172zukazuk +173zukazuk +174zukazuk +175zukazuk +176zukazuk +177zukazuk +178zukazuk +179zukazuk +17zukazuka +180zukazuk +181zukazuk +182zukazuk +183zukazuk +184zukazuk +185zukazuk +186zukazuk +187zukazuk +188zukazuk +189zukazuk +18zukazuka +190zukazuk +191zukazuk +192zukazuk +193zukazuk +194zukazuk +195zukazuk +196zukazuk +197zukazuk +198zukazuk +199zukazuk +19zukazuka +1zukazukaz +200zukazuk +201zukazuk +202zukazuk +203zukazuk +204zukazuk +205zukazuk +206zukazuk +207zukazuk +208zukazuk +209zukazuk +20zukazuka +210zukazuk +211zukazuk +212zukazuk +213zukazuk +214zukazuk +215zukazuk +216zukazuk +217zukazuk +218zukazuk +219zukazuk +21zukazuka +220zukazuk +221zukazuk +222zukazuk +223zukazuk +224zukazuk +225zukazuk +226zukazuk +227zukazuk +228zukazuk +229zukazuk +22zukazuka +230zukazuk +231zukazuk +232zukazuk +233zukazuk +234zukazuk +235zukazuk +236zukazuk +237zukazuk +238zukazuk +239zukazuk +23zukazuka +240zukazuk +241zukazuk +242zukazuk +243zukazuk +244zukazuk +245zukazuk +246zukazuk +247zukazuk +248zukazuk +249zukazuk +24zukazuka +250zukazuk +251zukazuk +252zukazuk +253zukazuk +254zukazuk +255zukazuk +256zukazuk +257zukazuk +258zukazuk +259zukazuk +25zukazuka +260zukazuk +261zukazuk +262zukazuk +263zukazuk +264zukazuk +265zukazuk +266zukazuk +267zukazuk +268zukazuk +269zukazuk +26zukazuka +270zukazuk +271zukazuk +272zukazuk +273zukazuk +274zukazuk +275zukazuk +276zukazuk +277zukazuk +278zukazuk +279zukazuk +27zukazuka +280zukazuk +281zukazuk +282zukazuk +283zukazuk +284zukazuk +285zukazuk +286zukazuk +287zukazuk +288zukazuk +289zukazuk +28zukazuka +290zukazuk +291zukazuk +292zukazuk +293zukazuk +294zukazuk +295zukazuk +296zukazuk +297zukazuk +298zukazuk +299zukazuk +29zukazuka +2zukazukaz +300zukazuk +301zukazuk +302zukazuk +303zukazuk +304zukazuk +305zukazuk +306zukazuk +307zukazuk +308zukazuk +309zukazuk +30zukazuka +310zukazuk +311zukazuk +312zukazuk +313zukazuk +314zukazuk +315zukazuk +316zukazuk +317zukazuk +318zukazuk +319zukazuk +31zukazuka +320zukazuk +321zukazuk +322zukazuk +323zukazuk +324zukazuk +325zukazuk +326zukazuk +327zukazuk +328zukazuk +329zukazuk +32zukazuka +330zukazuk +331zukazuk +332zukazuk +333zukazuk +334zukazuk +335zukazuk +336zukazuk +337zukazuk +338zukazuk +339zukazuk +33zukazuka +340zukazuk +341zukazuk +342zukazuk +343zukazuk +344zukazuk +345zukazuk +346zukazuk +347zukazuk +348zukazuk +349zukazuk +34zukazuka +350zukazuk +351zukazuk +352zukazuk +353zukazuk +354zukazuk +355zukazuk +356zukazuk +357zukazuk +358zukazuk +359zukazuk +35zukazuka +360zukazuk +361zukazuk +362zukazuk +363zukazuk +364zukazuk +365zukazuk +366zukazuk +367zukazuk +368zukazuk +369zukazuk +36zukazuka +370zukazuk +371zukazuk +372zukazuk +373zukazuk +374zukazuk +375zukazuk +376zukazuk +377zukazuk +378zukazuk +379zukazuk +37zukazuka +380zukazuk +381zukazuk +382zukazuk +383zukazuk +384zukazuk +385zukazuk +386zukazuk +387zukazuk +388zukazuk +389zukazuk +38zukazuka +390zukazuk +391zukazuk +392zukazuk +393zukazuk +394zukazuk +395zukazuk +396zukazuk +397zukazuk +398zukazuk +399zukazuk +39zukazuka +3zukazukaz +400zukazuk +401zukazuk +402zukazuk +403zukazuk +404zukazuk +405zukazuk +406zukazuk +407zukazuk +408zukazuk +409zukazuk +40zukazuka +410zukazuk +411zukazuk +412zukazuk +413zukazuk +414zukazuk +415zukazuk +416zukazuk +417zukazuk +418zukazuk +419zukazuk +41zukazuka +420zukazuk +421zukazuk +422zukazuk +423zukazuk +424zukazuk +425zukazuk +426zukazuk +427zukazuk +428zukazuk +429zukazuk +42zukazuka +430zukazuk +431zukazuk +432zukazuk +433zukazuk +434zukazuk +435zukazuk +436zukazuk +437zukazuk +438zukazuk +439zukazuk +43zukazuka +440zukazuk +441zukazuk +442zukazuk +443zukazuk +444zukazuk +445zukazuk +446zukazuk +447zukazuk +448zukazuk +449zukazuk +44zukazuka +450zukazuk +451zukazuk +452zukazuk +453zukazuk +454zukazuk +455zukazuk +456zukazuk +457zukazuk +458zukazuk +459zukazuk +45zukazuka +460zukazuk +461zukazuk +462zukazuk +463zukazuk +464zukazuk +465zukazuk +466zukazuk +467zukazuk +468zukazuk +469zukazuk +46zukazuka +470zukazuk +471zukazuk +472zukazuk +473zukazuk +474zukazuk +475zukazuk +476zukazuk +477zukazuk +478zukazuk +479zukazuk +47zukazuka +480zukazuk +481zukazuk +482zukazuk +483zukazuk +484zukazuk +485zukazuk +486zukazuk +487zukazuk +488zukazuk +489zukazuk +48zukazuka +490zukazuk +491zukazuk +492zukazuk +493zukazuk +494zukazuk +495zukazuk +496zukazuk +497zukazuk +498zukazuk +499zukazuk +49zukazuka +4zukazukaz +500zukazuk +501zukazuk +502zukazuk +503zukazuk +504zukazuk +505zukazuk +506zukazuk +507zukazuk +508zukazuk +509zukazuk +50zukazuka +510zukazuk +511zukazuk +512zukazuk +513zukazuk +514zukazuk +515zukazuk +516zukazuk +517zukazuk +518zukazuk +519zukazuk +51zukazuka +520zukazuk +521zukazuk +522zukazuk +523zukazuk +524zukazuk +525zukazuk +526zukazuk +527zukazuk +528zukazuk +529zukazuk +52zukazuka +530zukazuk +531zukazuk +532zukazuk +533zukazuk +534zukazuk +535zukazuk +536zukazuk +537zukazuk +538zukazuk +539zukazuk +53zukazuka +540zukazuk +541zukazuk +542zukazuk +543zukazuk +544zukazuk +545zukazuk +546zukazuk +547zukazuk +548zukazuk +549zukazuk +54zukazuka +550zukazuk +551zukazuk +552zukazuk +553zukazuk +554zukazuk +555zukazuk +556zukazuk +557zukazuk +558zukazuk +559zukazuk +55zukazuka +560zukazuk +561zukazuk +562zukazuk +563zukazuk +564zukazuk +565zukazuk +566zukazuk +567zukazuk +568zukazuk +569zukazuk +56zukazuka +570zukazuk +571zukazuk +572zukazuk +573zukazuk +574zukazuk +575zukazuk +576zukazuk +577zukazuk +578zukazuk +579zukazuk +57zukazuka +580zukazuk +581zukazuk +582zukazuk +583zukazuk +584zukazuk +585zukazuk +586zukazuk +587zukazuk +588zukazuk +589zukazuk +58zukazuka +590zukazuk +591zukazuk +592zukazuk +593zukazuk +594zukazuk +595zukazuk +596zukazuk +597zukazuk +598zukazuk +599zukazuk +59zukazuka +5zukazukaz +600zukazuk +601zukazuk +602zukazuk +603zukazuk +604zukazuk +605zukazuk +606zukazuk +607zukazuk +608zukazuk +609zukazuk +60zukazuka +610zukazuk +611zukazuk +612zukazuk +613zukazuk +614zukazuk +615zukazuk +616zukazuk +617zukazuk +618zukazuk +619zukazuk +61zukazuka +620zukazuk +621zukazuk +622zukazuk +623zukazuk +624zukazuk +625zukazuk +626zukazuk +627zukazuk +628zukazuk +629zukazuk +62zukazuka +630zukazuk +631zukazuk +632zukazuk +633zukazuk +634zukazuk +635zukazuk +636zukazuk +637zukazuk +638zukazuk +639zukazuk +63zukazuka +640zukazuk +641zukazuk +642zukazuk +643zukazuk +644zukazuk +645zukazuk +646zukazuk +647zukazuk +648zukazuk +649zukazuk +64zukazuka +650zukazuk +651zukazuk +652zukazuk +653zukazuk +654zukazuk +655zukazuk +656zukazuk +657zukazuk +658zukazuk +659zukazuk +65zukazuka +660zukazuk +661zukazuk +662zukazuk +663zukazuk +664zukazuk +665zukazuk +666zukazuk +667zukazuk +668zukazuk +669zukazuk +66zukazuka +670zukazuk +671zukazuk +672zukazuk +673zukazuk +674zukazuk +675zukazuk +676zukazuk +677zukazuk +678zukazuk +679zukazuk +67zukazuka +680zukazuk +681zukazuk +682zukazuk +683zukazuk +684zukazuk +685zukazuk +686zukazuk +687zukazuk +688zukazuk +689zukazuk +68zukazuka +690zukazuk +691zukazuk +692zukazuk +693zukazuk +694zukazuk +695zukazuk +696zukazuk +697zukazuk +698zukazuk +699zukazuk +69zukazuka +6zukazukaz +700zukazuk +701zukazuk +702zukazuk +703zukazuk +704zukazuk +705zukazuk +706zukazuk +707zukazuk +708zukazuk +709zukazuk +70zukazuka +710zukazuk +711zukazuk +712zukazuk +713zukazuk +714zukazuk +715zukazuk +716zukazuk +717zukazuk +718zukazuk +719zukazuk +71zukazuka +720zukazuk +721zukazuk +722zukazuk +723zukazuk +724zukazuk +725zukazuk +726zukazuk +727zukazuk +728zukazuk +729zukazuk +72zukazuka +730zukazuk +731zukazuk +732zukazuk +733zukazuk +734zukazuk +735zukazuk +736zukazuk +737zukazuk +738zukazuk +739zukazuk +73zukazuka +740zukazuk +741zukazuk +742zukazuk +743zukazuk +744zukazuk +745zukazuk +746zukazuk +747zukazuk +748zukazuk +749zukazuk +74zukazuka +750zukazuk +751zukazuk +752zukazuk +753zukazuk +754zukazuk +755zukazuk +756zukazuk +757zukazuk +758zukazuk +759zukazuk +75zukazuka +760zukazuk +761zukazuk +762zukazuk +763zukazuk +764zukazuk +765zukazuk +766zukazuk +767zukazuk +768zukazuk +769zukazuk +76zukazuka +770zukazuk +771zukazuk +772zukazuk +773zukazuk +774zukazuk +775zukazuk +776zukazuk +777zukazuk +778zukazuk +779zukazuk +77zukazuka +780zukazuk +781zukazuk +782zukazuk +783zukazuk +784zukazuk +785zukazuk +786zukazuk +787zukazuk +788zukazuk +789zukazuk +78zukazuka +790zukazuk +791zukazuk +792zukazuk +793zukazuk +794zukazuk +795zukazuk +796zukazuk +797zukazuk +798zukazuk +799zukazuk +79zukazuka +7zukazukaz +800zukazuk +801zukazuk +802zukazuk +803zukazuk +804zukazuk +805zukazuk +806zukazuk +807zukazuk +808zukazuk +809zukazuk +80zukazuka +810zukazuk +811zukazuk +812zukazuk +813zukazuk +814zukazuk +815zukazuk +816zukazuk +817zukazuk +818zukazuk +819zukazuk +81zukazuka +820zukazuk +821zukazuk +822zukazuk +823zukazuk +824zukazuk +825zukazuk +826zukazuk +827zukazuk +828zukazuk +829zukazuk +82zukazuka +830zukazuk +831zukazuk +832zukazuk +833zukazuk +834zukazuk +835zukazuk +836zukazuk +837zukazuk +838zukazuk +839zukazuk +83zukazuka +840zukazuk +84zukazuka +85zukazuka +86zukazuka +87zukazuka +88zukazuka +89zukazuka +8zukazukaz +90zukazuka +91zukazuka +92zukazuka +93zukazuka +94zukazuka +95zukazuka +96zukazuka +97zukazuka +98zukazuka +99zukazuka +9zukazukaz +stopping MCS again to copy files back +deleting restored files +copy files back +delete backup directory +starting MCS +SELECT SUBSTR(x,1,10) FROM t; +SUBSTR(x,1,10) +100zukazuk +101zukazuk +102zukazuk +103zukazuk +104zukazuk +105zukazuk +106zukazuk +107zukazuk +108zukazuk +109zukazuk +10zukazuka +110zukazuk +111zukazuk +112zukazuk +113zukazuk +114zukazuk +115zukazuk +116zukazuk +117zukazuk +118zukazuk +119zukazuk +11zukazuka +120zukazuk +121zukazuk +122zukazuk +123zukazuk +124zukazuk +125zukazuk +126zukazuk +127zukazuk +128zukazuk +129zukazuk +12zukazuka +130zukazuk +131zukazuk +132zukazuk +133zukazuk +134zukazuk +135zukazuk +136zukazuk +137zukazuk +138zukazuk +139zukazuk +13zukazuka +140zukazuk +141zukazuk +142zukazuk +143zukazuk +144zukazuk +145zukazuk +146zukazuk +147zukazuk +148zukazuk +149zukazuk +14zukazuka +150zukazuk +151zukazuk +152zukazuk +153zukazuk +154zukazuk +155zukazuk +156zukazuk +157zukazuk +158zukazuk +159zukazuk +15zukazuka +160zukazuk +161zukazuk +162zukazuk +163zukazuk +164zukazuk +165zukazuk +166zukazuk +167zukazuk +168zukazuk +169zukazuk +16zukazuka +170zukazuk +171zukazuk +172zukazuk +173zukazuk +174zukazuk +175zukazuk +176zukazuk +177zukazuk +178zukazuk +179zukazuk +17zukazuka +180zukazuk +181zukazuk +182zukazuk +183zukazuk +184zukazuk +185zukazuk +186zukazuk +187zukazuk +188zukazuk +189zukazuk +18zukazuka +190zukazuk +191zukazuk +192zukazuk +193zukazuk +194zukazuk +195zukazuk +196zukazuk +197zukazuk +198zukazuk +199zukazuk +19zukazuka +1zukazukaz +200zukazuk +201zukazuk +202zukazuk +203zukazuk +204zukazuk +205zukazuk +206zukazuk +207zukazuk +208zukazuk +209zukazuk +20zukazuka +210zukazuk +211zukazuk +212zukazuk +213zukazuk +214zukazuk +215zukazuk +216zukazuk +217zukazuk +218zukazuk +219zukazuk +21zukazuka +220zukazuk +221zukazuk +222zukazuk +223zukazuk +224zukazuk +225zukazuk +226zukazuk +227zukazuk +228zukazuk +229zukazuk +22zukazuka +230zukazuk +231zukazuk +232zukazuk +233zukazuk +234zukazuk +235zukazuk +236zukazuk +237zukazuk +238zukazuk +239zukazuk +23zukazuka +240zukazuk +241zukazuk +242zukazuk +243zukazuk +244zukazuk +245zukazuk +246zukazuk +247zukazuk +248zukazuk +249zukazuk +24zukazuka +250zukazuk +251zukazuk +252zukazuk +253zukazuk +254zukazuk +255zukazuk +256zukazuk +257zukazuk +258zukazuk +259zukazuk +25zukazuka +260zukazuk +261zukazuk +262zukazuk +263zukazuk +264zukazuk +265zukazuk +266zukazuk +267zukazuk +268zukazuk +269zukazuk +26zukazuka +270zukazuk +271zukazuk +272zukazuk +273zukazuk +274zukazuk +275zukazuk +276zukazuk +277zukazuk +278zukazuk +279zukazuk +27zukazuka +280zukazuk +281zukazuk +282zukazuk +283zukazuk +284zukazuk +285zukazuk +286zukazuk +287zukazuk +288zukazuk +289zukazuk +28zukazuka +290zukazuk +291zukazuk +292zukazuk +293zukazuk +294zukazuk +295zukazuk +296zukazuk +297zukazuk +298zukazuk +299zukazuk +29zukazuka +2zukazukaz +300zukazuk +301zukazuk +302zukazuk +303zukazuk +304zukazuk +305zukazuk +306zukazuk +307zukazuk +308zukazuk +309zukazuk +30zukazuka +310zukazuk +311zukazuk +312zukazuk +313zukazuk +314zukazuk +315zukazuk +316zukazuk +317zukazuk +318zukazuk +319zukazuk +31zukazuka +320zukazuk +321zukazuk +322zukazuk +323zukazuk +324zukazuk +325zukazuk +326zukazuk +327zukazuk +328zukazuk +329zukazuk +32zukazuka +330zukazuk +331zukazuk +332zukazuk +333zukazuk +334zukazuk +335zukazuk +336zukazuk +337zukazuk +338zukazuk +339zukazuk +33zukazuka +340zukazuk +341zukazuk +342zukazuk +343zukazuk +344zukazuk +345zukazuk +346zukazuk +347zukazuk +348zukazuk +349zukazuk +34zukazuka +350zukazuk +351zukazuk +352zukazuk +353zukazuk +354zukazuk +355zukazuk +356zukazuk +357zukazuk +358zukazuk +359zukazuk +35zukazuka +360zukazuk +361zukazuk +362zukazuk +363zukazuk +364zukazuk +365zukazuk +366zukazuk +367zukazuk +368zukazuk +369zukazuk +36zukazuka +370zukazuk +371zukazuk +372zukazuk +373zukazuk +374zukazuk +375zukazuk +376zukazuk +377zukazuk +378zukazuk +379zukazuk +37zukazuka +380zukazuk +381zukazuk +382zukazuk +383zukazuk +384zukazuk +385zukazuk +386zukazuk +387zukazuk +388zukazuk +389zukazuk +38zukazuka +390zukazuk +391zukazuk +392zukazuk +393zukazuk +394zukazuk +395zukazuk +396zukazuk +397zukazuk +398zukazuk +399zukazuk +39zukazuka +3zukazukaz +400zukazuk +401zukazuk +402zukazuk +403zukazuk +404zukazuk +405zukazuk +406zukazuk +407zukazuk +408zukazuk +409zukazuk +40zukazuka +410zukazuk +411zukazuk +412zukazuk +413zukazuk +414zukazuk +415zukazuk +416zukazuk +417zukazuk +418zukazuk +419zukazuk +41zukazuka +420zukazuk +421zukazuk +422zukazuk +423zukazuk +424zukazuk +425zukazuk +426zukazuk +427zukazuk +428zukazuk +429zukazuk +42zukazuka +430zukazuk +431zukazuk +432zukazuk +433zukazuk +434zukazuk +435zukazuk +436zukazuk +437zukazuk +438zukazuk +439zukazuk +43zukazuka +440zukazuk +441zukazuk +442zukazuk +443zukazuk +444zukazuk +445zukazuk +446zukazuk +447zukazuk +448zukazuk +449zukazuk +44zukazuka +450zukazuk +451zukazuk +452zukazuk +453zukazuk +454zukazuk +455zukazuk +456zukazuk +457zukazuk +458zukazuk +459zukazuk +45zukazuka +460zukazuk +461zukazuk +462zukazuk +463zukazuk +464zukazuk +465zukazuk +466zukazuk +467zukazuk +468zukazuk +469zukazuk +46zukazuka +470zukazuk +471zukazuk +472zukazuk +473zukazuk +474zukazuk +475zukazuk +476zukazuk +477zukazuk +478zukazuk +479zukazuk +47zukazuka +480zukazuk +481zukazuk +482zukazuk +483zukazuk +484zukazuk +485zukazuk +486zukazuk +487zukazuk +488zukazuk +489zukazuk +48zukazuka +490zukazuk +491zukazuk +492zukazuk +493zukazuk +494zukazuk +495zukazuk +496zukazuk +497zukazuk +498zukazuk +499zukazuk +49zukazuka +4zukazukaz +500zukazuk +501zukazuk +502zukazuk +503zukazuk +504zukazuk +505zukazuk +506zukazuk +507zukazuk +508zukazuk +509zukazuk +50zukazuka +510zukazuk +511zukazuk +512zukazuk +513zukazuk +514zukazuk +515zukazuk +516zukazuk +517zukazuk +518zukazuk +519zukazuk +51zukazuka +520zukazuk +521zukazuk +522zukazuk +523zukazuk +524zukazuk +525zukazuk +526zukazuk +527zukazuk +528zukazuk +529zukazuk +52zukazuka +530zukazuk +531zukazuk +532zukazuk +533zukazuk +534zukazuk +535zukazuk +536zukazuk +537zukazuk +538zukazuk +539zukazuk +53zukazuka +540zukazuk +541zukazuk +542zukazuk +543zukazuk +544zukazuk +545zukazuk +546zukazuk +547zukazuk +548zukazuk +549zukazuk +54zukazuka +550zukazuk +551zukazuk +552zukazuk +553zukazuk +554zukazuk +555zukazuk +556zukazuk +557zukazuk +558zukazuk +559zukazuk +55zukazuka +560zukazuk +561zukazuk +562zukazuk +563zukazuk +564zukazuk +565zukazuk +566zukazuk +567zukazuk +568zukazuk +569zukazuk +56zukazuka +570zukazuk +571zukazuk +572zukazuk +573zukazuk +574zukazuk +575zukazuk +576zukazuk +577zukazuk +578zukazuk +579zukazuk +57zukazuka +580zukazuk +581zukazuk +582zukazuk +583zukazuk +584zukazuk +585zukazuk +586zukazuk +587zukazuk +588zukazuk +589zukazuk +58zukazuka +590zukazuk +591zukazuk +592zukazuk +593zukazuk +594zukazuk +595zukazuk +596zukazuk +597zukazuk +598zukazuk +599zukazuk +59zukazuka +5zukazukaz +600zukazuk +601zukazuk +602zukazuk +603zukazuk +604zukazuk +605zukazuk +606zukazuk +607zukazuk +608zukazuk +609zukazuk +60zukazuka +610zukazuk +611zukazuk +612zukazuk +613zukazuk +614zukazuk +615zukazuk +616zukazuk +617zukazuk +618zukazuk +619zukazuk +61zukazuka +620zukazuk +621zukazuk +622zukazuk +623zukazuk +624zukazuk +625zukazuk +626zukazuk +627zukazuk +628zukazuk +629zukazuk +62zukazuka +630zukazuk +631zukazuk +632zukazuk +633zukazuk +634zukazuk +635zukazuk +636zukazuk +637zukazuk +638zukazuk +639zukazuk +63zukazuka +640zukazuk +641zukazuk +642zukazuk +643zukazuk +644zukazuk +645zukazuk +646zukazuk +647zukazuk +648zukazuk +649zukazuk +64zukazuka +650zukazuk +651zukazuk +652zukazuk +653zukazuk +654zukazuk +655zukazuk +656zukazuk +657zukazuk +658zukazuk +659zukazuk +65zukazuka +660zukazuk +661zukazuk +662zukazuk +663zukazuk +664zukazuk +665zukazuk +666zukazuk +667zukazuk +668zukazuk +669zukazuk +66zukazuka +670zukazuk +671zukazuk +672zukazuk +673zukazuk +674zukazuk +675zukazuk +676zukazuk +677zukazuk +678zukazuk +679zukazuk +67zukazuka +680zukazuk +681zukazuk +682zukazuk +683zukazuk +684zukazuk +685zukazuk +686zukazuk +687zukazuk +688zukazuk +689zukazuk +68zukazuka +690zukazuk +691zukazuk +692zukazuk +693zukazuk +694zukazuk +695zukazuk +696zukazuk +697zukazuk +698zukazuk +699zukazuk +69zukazuka +6zukazukaz +700zukazuk +701zukazuk +702zukazuk +703zukazuk +704zukazuk +705zukazuk +706zukazuk +707zukazuk +708zukazuk +709zukazuk +70zukazuka +710zukazuk +711zukazuk +712zukazuk +713zukazuk +714zukazuk +715zukazuk +716zukazuk +717zukazuk +718zukazuk +719zukazuk +71zukazuka +720zukazuk +721zukazuk +722zukazuk +723zukazuk +724zukazuk +725zukazuk +726zukazuk +727zukazuk +728zukazuk +729zukazuk +72zukazuka +730zukazuk +731zukazuk +732zukazuk +733zukazuk +734zukazuk +735zukazuk +736zukazuk +737zukazuk +738zukazuk +739zukazuk +73zukazuka +740zukazuk +741zukazuk +742zukazuk +743zukazuk +744zukazuk +745zukazuk +746zukazuk +747zukazuk +748zukazuk +749zukazuk +74zukazuka +750zukazuk +751zukazuk +752zukazuk +753zukazuk +754zukazuk +755zukazuk +756zukazuk +757zukazuk +758zukazuk +759zukazuk +75zukazuka +760zukazuk +761zukazuk +762zukazuk +763zukazuk +764zukazuk +765zukazuk +766zukazuk +767zukazuk +768zukazuk +769zukazuk +76zukazuka +770zukazuk +771zukazuk +772zukazuk +773zukazuk +774zukazuk +775zukazuk +776zukazuk +777zukazuk +778zukazuk +779zukazuk +77zukazuka +780zukazuk +781zukazuk +782zukazuk +783zukazuk +784zukazuk +785zukazuk +786zukazuk +787zukazuk +788zukazuk +789zukazuk +78zukazuka +790zukazuk +791zukazuk +792zukazuk +793zukazuk +794zukazuk +795zukazuk +796zukazuk +797zukazuk +798zukazuk +799zukazuk +79zukazuka +7zukazukaz +800zukazuk +801zukazuk +802zukazuk +803zukazuk +804zukazuk +805zukazuk +806zukazuk +807zukazuk +808zukazuk +809zukazuk +80zukazuka +810zukazuk +811zukazuk +812zukazuk +813zukazuk +814zukazuk +815zukazuk +816zukazuk +817zukazuk +818zukazuk +819zukazuk +81zukazuka +820zukazuk +821zukazuk +822zukazuk +823zukazuk +824zukazuk +825zukazuk +826zukazuk +827zukazuk +828zukazuk +829zukazuk +82zukazuka +830zukazuk +831zukazuk +832zukazuk +833zukazuk +834zukazuk +835zukazuk +836zukazuk +837zukazuk +838zukazuk +839zukazuk +83zukazuka +840zukazuk +84zukazuka +85zukazuka +86zukazuka +87zukazuka +88zukazuka +89zukazuka +8zukazukaz +90zukazuka +91zukazuka +92zukazuka +93zukazuka +94zukazuka +95zukazuka +96zukazuka +97zukazuka +98zukazuka +99zukazuka +9zukazukaz +DROP DATABASE MCOL_6321; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/MCOL-6321-test-em-rebuild.test 2026-05-24 09:58:34.000000000 +0000 @@ -0,0 +1,170 @@ +# MCOL-6321 - test mscRebuildEM functionality. + +# We create and populate table where dictionary column has more than 48 LBIDs. +# We then stop MCS and move all MCS system files except oidbitmap into backup directory. +# We run mcsRebuildEM. +# We start MCS and verify that our table is accessible and has correct data. +# We stop MCS and copy system files back. +# We start MCS again and finish test. + +--source ../include/have_columnstore.inc + +--source ../include/check_multinode.inc + +--if ($columnstore_nodes_count != 1) { + --skip This test is not ready for multi-node cluster. +--} + + +--disable_warnings +DROP DATABASE IF EXISTS MCOL_6321; +--enable_warnings +CREATE DATABASE MCOL_6321; +USE MCOL_6321; + +# Create and populate the table. +CREATE TABLE t(x longtext) ENGINE=Columnstore; + +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_1_to_10; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_11_to_20; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_21_to_30; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_31_to_40; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_41_to_50; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_51_to_60; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_61_to_70; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_71_to_80; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_81_to_90; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_91_to_100; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_101_to_110; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_111_to_120; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_121_to_130; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_131_to_140; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_141_to_150; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_151_to_160; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_161_to_170; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_171_to_180; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_181_to_190; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_191_to_200; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_201_to_210; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_211_to_220; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_221_to_230; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_231_to_240; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_241_to_250; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_251_to_260; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_261_to_270; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_271_to_280; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_281_to_290; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_291_to_300; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_301_to_310; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_311_to_320; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_321_to_330; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_331_to_340; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_341_to_350; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_351_to_360; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_361_to_370; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_371_to_380; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_381_to_390; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_391_to_400; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_401_to_410; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_411_to_420; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_421_to_430; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_431_to_440; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_441_to_450; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_451_to_460; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_461_to_470; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_471_to_480; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_481_to_490; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_491_to_500; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_501_to_510; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_511_to_520; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_521_to_530; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_531_to_540; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_541_to_550; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_551_to_560; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_561_to_570; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_571_to_580; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_581_to_590; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_591_to_600; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_601_to_610; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_611_to_620; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_621_to_630; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_631_to_640; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_641_to_650; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_651_to_660; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_661_to_670; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_671_to_680; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_681_to_690; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_691_to_700; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_701_to_710; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_711_to_720; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_721_to_730; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_731_to_740; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_741_to_750; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_751_to_760; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_761_to_770; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_771_to_780; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_781_to_790; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_791_to_800; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_801_to_810; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_811_to_820; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_821_to_830; +INSERT INTO t(x) SELECT CONCAT(seq, REPEAT('zuka',1000000)) FROM seq_831_to_840; + +--sorted_result +SELECT SUBSTR(x,1,10) FROM t; + +# Stop MCS. + +--exec echo "stopping MCS" +--exec systemctl stop mariadb-columnstore + +# Move system files with exception of oidbitmap. + +--exec echo "mkdir backup" +--exec mkdir /var/lib/columnstore/data1/systemFiles/backup + +--exec echo "moving files into backup" +--exec mv /var/lib/columnstore/data1/systemFiles/dbrm/* /var/lib/columnstore/data1/systemFiles/backup + +--exec echo "copying oidbitmap back" +--exec cp -p /var/lib/columnstore/data1/systemFiles/backup/oidbitmap /var/lib/columnstore/data1/systemFiles/dbrm + +# Rebuild EM + +--exec echo "rebuilding EM" +--exec ASAN_OPTIONS='detect_leaks=0' mcsRebuildEM -v -y >/tmp/rebuild-log +--exec chmod a+rw /var/lib/columnstore/data1/systemFiles/dbrm/BRM_saves_em + +# Start MCS and verify that table is readable. + +--exec echo "starting MCS" +--exec systemctl start mariadb-columnstore + +--sorted_result +SELECT SUBSTR(x,1,10) FROM t; + +# Stop MCS and restore files FROM backup. + +--exec echo "stopping MCS again to copy files back" +--exec systemctl stop mariadb-columnstore + +--exec echo "deleting restored files" +--exec rm -f /var/lib/columnstore/data1/systemFiles/dbrm/* + +--exec echo "copy files back" +--exec cp -p /var/lib/columnstore/data1/systemFiles/backup/* /var/lib/columnstore/data1/systemFiles/dbrm + +--exec echo "delete backup directory" +--exec rm -rf /var/lib/columnstore/data1/systemFiles/backup + +# Start MCS with old system files and verify table is readable. + +--exec echo "starting MCS" +--exec systemctl start mariadb-columnstore + +--sorted_result +SELECT SUBSTR(x,1,10) FROM t; + +# Finish the test. + +DROP DATABASE MCOL_6321; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/disabled.def mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/disabled.def --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/disabled.def 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/disabled.def 2026-05-24 09:58:34.000000000 +0000 @@ -1 +1,2 @@ -MCOL-6198-segfault-crossengine-join : oom probably due to filltablecol function \ No newline at end of file +MCOL-6198-segfault-crossengine-join : oom probably due to filltablecol function +mcol-4868 : MCOL-6311 2025-09-26 roman.nozdrin@mariadb.com diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-4778.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-4778.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-4778.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-4778.result 2026-05-24 09:58:34.000000000 +0000 @@ -14,5 +14,5 @@ SELECT bus_routes.dst FROM bus_routes JOIN bus_dst ON bus_dst.dst = bus_routes.origin ) SELECT * FROM bus_dst; -ERROR 42000: The storage engine for the table doesn't support Recursive CTE +ERROR 42000: The storage engine for the table doesn't support Recursive CTE with UNION DISTINCT is not supported by ColumnStore. Use UNION ALL. DROP DATABASE mcol_4778; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.result 2026-05-24 09:58:34.000000000 +0000 @@ -1,6 +1,6 @@ -DROP DATABASE IF EXISTS mcol5890; -CREATE DATABASE mcol5890; -USE mcol5890; +DROP DATABASE IF EXISTS MCOL5890; +CREATE DATABASE MCOL5890; +USE MCOL5890; # Test 1: DROP TABLE IF EXISTS on non-existent table DROP TABLE IF EXISTS test.does_not_exist; Warnings: @@ -12,5 +12,4 @@ CREATE TABLE t1 (id INT) ENGINE=ColumnStore; DROP TABLE IF EXISTS t1; SELECT * FROM t1; -ERROR 42S02: Table 'mcol5890.t1' doesn't exist -DROP DATABASE mcol5890; +DROP DATABASE MCOL5890; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/mcol-5890.test 2026-05-24 09:58:34.000000000 +0000 @@ -2,9 +2,9 @@ # Setup: Create a test database --disable_warnings -DROP DATABASE IF EXISTS mcol5890; -CREATE DATABASE mcol5890; -USE mcol5890; +DROP DATABASE IF EXISTS MCOL5890; +CREATE DATABASE MCOL5890; +USE MCOL5890; --enable_warnings # Test 1: DROP TABLE IF EXISTS on a non-existent table should succeed silently @@ -22,8 +22,10 @@ DROP TABLE IF EXISTS t1; # Verify table is dropped +--disable_result_log --error ER_NO_SUCH_TABLE SELECT * FROM t1; +--enable_result_log # Cleanup -DROP DATABASE mcol5890; \ No newline at end of file +DROP DATABASE MCOL5890; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/suite.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/suite.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/suite.opt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/bugfixes/suite.opt 2026-05-24 09:58:34.000000000 +0000 @@ -1 +1,2 @@ --plugin-load-add=$HA_COLUMNSTORE_SO +--lower_case_table_names=2 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/suite.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/suite.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/suite.opt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/suite.opt 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1,2 @@ --plugin-load-add=$HA_COLUMNSTORE_SO +--lower_case_table_names=2 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7574_datatypetestm1.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7574_datatypetestm1.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7574_datatypetestm1.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7574_datatypetestm1.test 2026-05-24 09:58:35.000000000 +0000 @@ -9,4 +9,8 @@ USE autopilot; +--disable_query_log +SET time_zone='+00:00'; +--enable_query_log + select * from datatypetestm1; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7575_datatypetestm2.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7575_datatypetestm2.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7575_datatypetestm2.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/devregression/t/mcs7575_datatypetestm2.test 2026-05-24 09:58:35.000000000 +0000 @@ -9,4 +9,8 @@ USE autopilot; +--disable_query_log +SET time_zone='+00:00'; +--enable_query_log + select * from datatypetestm2; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.opt 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.opt 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,20 @@ +--innodb +--innodb-cmpmem +--innodb-cmp-per-index +--innodb-trx +--innodb-locks +--innodb-lock-waits +--innodb-metrics +--innodb-buffer-pool-stats +--innodb-buffer-page +--innodb-buffer-page-lru +--innodb-sys-columns +--innodb-sys-fields +--innodb-sys-foreign +--innodb-sys-foreign-cols +--innodb-sys-indexes +--innodb-sys-tables +--innodb-sys-virtual +--skip-partition=0 +--skip-sequence=0 +--columnstore_innodb_queries_use_mcs=on diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.result 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,75 @@ +# +# Test 1: Verify routines exist in queryacc schema +# +ROUTINE_SCHEMA ROUTINE_NAME ROUTINE_TYPE +queryacc disable_queryacc PROCEDURE +queryacc enable_queryacc FUNCTION +queryacc with_queryacc PROCEDURE +# +# Test 2: enable_queryacc() changes session variables correctly +# +unstable_optimizer_after_enable +1 +parallel_factor_after_enable +5 +optimizer_switch_changed +1 +# +# Test 3: disable_queryacc() restores optimizer_switch +# +unstable_optimizer_after_disable +0 +optimizer_switch_still_off +0 +# +# Test 4: enable/disable round-trip preserves original optimizer_switch +# +before_enable +1 +during_enable +1 +after_disable +1 +# +# Test 5: parallel_factor after enable/disable round-trip +# +pf_before_enable +50 +pf_during_enable +5 +pf_after_disable +5 +# +# Test 6: unstable_optimizer after enable/disable when already ON +# +unstable_before_enable +1 +unstable_after_disable_was_on +0 +# +# Test 7: with_queryacc() from queryacc database +# +id val +1 10 +2 20 +3 30 +unstable_after_with_queryacc_ok +0 +# +# Test 8: with_queryacc() error handling — bad query +# +ERROR 42S02: Table 'mcol6298_test.nonexistent_table' doesn't exist +unstable_after_error_handling +0 +# +# Test 9: with_queryacc() from a non-queryacc database +# +id val +1 10 +2 20 +3 30 +unstable_after_with_queryacc_other_db +0 +# +# Cleanup +# diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/MCOL-6298-queryacc-convenience.test 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,111 @@ +# +# MCOL-6298: Query Accelerator | Easier to turn on and off +# Test the queryacc convenience stored procedures added by install_mcs_mysql.sh +# +--source ../include/have_columnstore.inc +--source ../include/newer_11.4.6.inc +--source ../include/have_queryacc_routines.inc +--disable_query_log + +--echo # +--echo # Test 1: Verify routines exist in queryacc schema +--echo # +SELECT ROUTINE_SCHEMA, ROUTINE_NAME, ROUTINE_TYPE + FROM information_schema.ROUTINES + WHERE ROUTINE_SCHEMA = 'queryacc' + ORDER BY ROUTINE_NAME; + +--echo # +--echo # Test 2: enable_queryacc() changes session variables correctly +--echo # +SET @old_settings = queryacc.enable_queryacc(); + +SELECT @@columnstore_unstable_optimizer AS unstable_optimizer_after_enable; +SELECT @@columnstore_query_accel_parallel_factor AS parallel_factor_after_enable; +SELECT @@optimizer_switch LIKE '%index_merge=off%' AS optimizer_switch_changed; + +--echo # +--echo # Test 3: disable_queryacc() restores optimizer_switch +--echo # +CALL queryacc.disable_queryacc(@old_settings); + +SELECT @@columnstore_unstable_optimizer AS unstable_optimizer_after_disable; +SELECT @@optimizer_switch LIKE '%index_merge=off%' AS optimizer_switch_still_off; + +--echo # +--echo # Test 4: enable/disable round-trip preserves original optimizer_switch +--echo # +SET @@optimizer_switch='index_merge=on'; +SELECT @@optimizer_switch LIKE '%index_merge=on%' AS before_enable; + +SET @saved = queryacc.enable_queryacc(); +SELECT @@optimizer_switch LIKE '%index_merge=off%' AS during_enable; + +CALL queryacc.disable_queryacc(@saved); +SELECT @@optimizer_switch LIKE '%index_merge=on%' AS after_disable; + +--echo # +--echo # Test 5: parallel_factor after enable/disable round-trip +--echo # +SET @@columnstore_query_accel_parallel_factor=50; +SELECT @@columnstore_query_accel_parallel_factor AS pf_before_enable; + +SET @saved2 = queryacc.enable_queryacc(); +SELECT @@columnstore_query_accel_parallel_factor AS pf_during_enable; + +CALL queryacc.disable_queryacc(@saved2); +SELECT @@columnstore_query_accel_parallel_factor AS pf_after_disable; + +--echo # +--echo # Test 6: unstable_optimizer after enable/disable when already ON +--echo # +SET @@columnstore_unstable_optimizer='on'; +SELECT @@columnstore_unstable_optimizer AS unstable_before_enable; + +SET @saved3 = queryacc.enable_queryacc(); +CALL queryacc.disable_queryacc(@saved3); +SELECT @@columnstore_unstable_optimizer AS unstable_after_disable_was_on; + +# Reset to default +SET @@columnstore_unstable_optimizer='off'; +SET @@columnstore_query_accel_parallel_factor=5; + +--echo # +--echo # Test 7: with_queryacc() from queryacc database +--echo # + +--disable_warnings +DROP DATABASE IF EXISTS mcol6298_test; +--enable_warnings +CREATE DATABASE mcol6298_test; + +CREATE TABLE mcol6298_test.t1 (id INT, val INT) ENGINE=Columnstore; +INSERT INTO mcol6298_test.t1 VALUES (1, 10), (2, 20), (3, 30); + +USE queryacc; +CALL queryacc.with_queryacc('SELECT * FROM mcol6298_test.t1 ORDER BY id'); + +SELECT @@columnstore_unstable_optimizer AS unstable_after_with_queryacc_ok; + +--echo # +--echo # Test 8: with_queryacc() error handling — bad query +--echo # +--error ER_NO_SUCH_TABLE +CALL queryacc.with_queryacc('SELECT * FROM mcol6298_test.nonexistent_table'); + +SELECT @@columnstore_unstable_optimizer AS unstable_after_error_handling; + +--echo # +--echo # Test 9: with_queryacc() from a non-queryacc database +--echo # +USE mcol6298_test; + +CALL queryacc.with_queryacc('SELECT * FROM mcol6298_test.t1 ORDER BY id'); + +SELECT @@columnstore_unstable_optimizer AS unstable_after_with_queryacc_other_db; + +--echo # +--echo # Cleanup +--echo # +DROP TABLE mcol6298_test.t1; +DROP DATABASE mcol6298_test; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.result mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.result --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.result 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.result 2026-05-24 09:58:35.000000000 +0000 @@ -136,8 +136,6 @@ SELECT mcs_get_plan('rules') LIKE '%parallel_ces%' AS qa_q1_applied; qa_q1_applied 1 -set columnstore_unstable_optimizer=off; -set optimizer_switch=default; SELECT "QUERY 2"; QUERY 2 QUERY 2 @@ -214,8 +212,6 @@ -820.89 Supplier#000000409 GERMANY 2156 Manufacturer#5 LyXUYFz7aXrvy65kKAbTatGzGS,NDBcdtD 17-719-517-9836 y final, slow theodolites. furiously regular req -845.44 Supplier#000000704 ROMANIA 9926 Manufacturer#5 hQvlBqbqqnA5Dgo1BffRBX78tkkRu 29-300-896-5991 ctions. carefully sly requ -942.73 Supplier#000000563 GERMANY 5797 Manufacturer#1 Rc7U1cRUhYs03JD 17-108-537-2691 slyly furiously final decoys; silent, special realms poach f -set columnstore_unstable_optimizer=on; -set optimizer_switch="index_merge=off,index_merge_union=off,index_merge_sort_union=off,index_merge_intersection=off,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=on,in_to_exists=off,semijoin=off,partial_match_rowid_merge=off,partial_match_table_scan=off,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=off,join_cache_hashed=off,join_cache_bka=off,optimize_join_buffer_size=off,table_elimination=off,extended_keys=off,exists_to_in=off,orderby_uses_equalities=off,condition_pushdown_for_derived=on,split_materialized=off,condition_pushdown_for_subquery=off,rowid_filter=off,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off,cset_narrowing=off,sargable_casefold=off"; SELECT "QUERY 3"; QUERY 3 QUERY 3 @@ -612,8 +608,6 @@ SELECT "QUERY 11"; QUERY 11 QUERY 11 -set columnstore_unstable_optimizer=off; -set optimizer_switch=default; SELECT ps_partkey, SUM(ps_supplycost * ps_availqty) AS value @@ -3284,8 +3278,6 @@ ORDER BY s_suppkey; s_suppkey s_name s_address s_phone total_revenue 677 Supplier#000000677 8mhrffG7D2WJBSQbOGstQ 23-290-639-3315 1614410.2928 -set columnstore_unstable_optimizer=off; -set optimizer_switch=default; SELECT "QUERY 16"; QUERY 16 QUERY 16 @@ -6069,8 +6061,6 @@ Brand#43 STANDARD BRUSHED BRASS 23 3 Brand#44 MEDIUM ANODIZED NICKEL 9 3 Brand#53 MEDIUM BURNISHED BRASS 49 3 -set columnstore_unstable_optimizer=on; -set optimizer_switch="index_merge=off,index_merge_union=off,index_merge_sort_union=off,index_merge_intersection=off,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=on,in_to_exists=off,semijoin=off,partial_match_rowid_merge=off,partial_match_table_scan=off,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=off,join_cache_hashed=off,join_cache_bka=off,optimize_join_buffer_size=off,table_elimination=off,extended_keys=off,exists_to_in=off,orderby_uses_equalities=off,condition_pushdown_for_derived=on,split_materialized=off,condition_pushdown_for_subquery=off,rowid_filter=off,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off,cset_narrowing=off,sargable_casefold=off"; SELECT "QUERY 17"; QUERY 17 QUERY 17 @@ -6087,8 +6077,6 @@ ); avg_yearly 23512.752857 -set columnstore_unstable_optimizer=off; -set optimizer_switch=default; SELECT "QUERY 18"; QUERY 18 QUERY 18 @@ -6116,8 +6104,6 @@ Customer#000014110 14110 565574 1995-09-24 425099.85 301.00 Customer#000001775 1775 6882 1997-04-09 408368.10 303.00 Customer#000011459 11459 551136 1993-05-19 386812.74 308.00 -set columnstore_unstable_optimizer=on; -set optimizer_switch="index_merge=off,index_merge_union=off,index_merge_sort_union=off,index_merge_intersection=off,index_merge_sort_intersection=off,index_condition_pushdown=off,derived_merge=off,derived_with_keys=off,firstmatch=off,loosescan=off,materialization=on,in_to_exists=off,semijoin=off,partial_match_rowid_merge=off,partial_match_table_scan=off,subquery_cache=off,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=off,semijoin_with_cache=off,join_cache_incremental=off,join_cache_hashed=off,join_cache_bka=off,optimize_join_buffer_size=off,table_elimination=off,extended_keys=off,exists_to_in=off,orderby_uses_equalities=off,condition_pushdown_for_derived=on,split_materialized=off,condition_pushdown_for_subquery=off,rowid_filter=off,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=off,cset_narrowing=off,sargable_casefold=off"; SELECT "QUERY 19"; QUERY 19 QUERY 19 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/query_accelerator.test 2026-05-24 09:58:35.000000000 +0000 @@ -42,7 +42,6 @@ # check Query Accelerator for q1 (simple aggregation) SELECT mcs_get_plan('rules') LIKE '%parallel_ces%' AS qa_q1_applied; ---source ../include/disable_rbo_parallel_ces.inc SELECT "QUERY 2"; SELECT s_acctbal, @@ -72,7 +71,6 @@ ) ORDER BY s_acctbal DESC, n_name, s_name, p_partkey LIMIT 100; ---source ../include/enable_rbo_parallel_ces.inc SELECT "QUERY 3"; SELECT @@ -230,7 +228,6 @@ LIMIT 20; SELECT "QUERY 11"; ---source ../include/disable_rbo_parallel_ces.inc SELECT ps_partkey, SUM(ps_supplycost * ps_availqty) AS value @@ -310,7 +307,6 @@ ) ORDER BY s_suppkey; ---source ../include/disable_rbo_parallel_ces.inc SELECT "QUERY 16"; SELECT p_brand, @@ -329,7 +325,6 @@ ) GROUP BY p_brand, p_type, p_size ORDER BY supplier_cnt DESC, p_brand, p_type, p_size; ---source ../include/enable_rbo_parallel_ces.inc SELECT "QUERY 17"; SELECT @@ -344,7 +339,6 @@ WHERE l_partkey = p_partkey ); ---source ../include/disable_rbo_parallel_ces.inc SELECT "QUERY 18"; SELECT c_name, @@ -364,7 +358,6 @@ GROUP BY c_name, c_custkey, o_orderkey, o_orderdate, o_totalprice ORDER BY o_totalprice DESC, o_orderdate, o_orderkey LIMIT 100; ---source ../include/enable_rbo_parallel_ces.inc SELECT "QUERY 19"; SELECT diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/suite.opt mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/suite.opt --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/future/suite.opt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/future/suite.opt 2026-05-24 09:58:35.000000000 +0000 @@ -1,2 +1,3 @@ --plugin-load-add=$HA_COLUMNSTORE_SO --columnstore_innodb_queries_use_mcs=on +--lower_case_table_names=2 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/include/have_queryacc_routines.inc mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/include/have_queryacc_routines.inc --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/include/have_queryacc_routines.inc 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/include/have_queryacc_routines.inc 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,6 @@ +let $no_queryacc = `SELECT COUNT(*) = 0 FROM INFORMATION_SCHEMA.ROUTINES WHERE ROUTINE_SCHEMA = 'queryacc' AND ROUTINE_NAME = 'enable_queryacc'`; + +if ($no_queryacc == 1) +{ + --skip queryacc routines not installed (requires install_mcs_mysql.sh) +} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/setup/regression_env_setup.test mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/setup/regression_env_setup.test --- mariadb-11.8.6/storage/columnstore/columnstore/mysql-test/columnstore/setup/regression_env_setup.test 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/mysql-test/columnstore/setup/regression_env_setup.test 2026-05-24 09:58:35.000000000 +0000 @@ -10,6 +10,7 @@ --source ../include/detect_maxscale.inc # --disable_warnings +SET time_zone='+00:00'; DROP DATABASE IF EXISTS tpch1m; DROP DATABASE IF EXISTS tpch1; DROP DATABASE IF EXISTS ssb1; @@ -70,8 +71,8 @@ # # Set table name to case insensitive ---exec if test -f /etc/my.cnf.d/server.cnf; then sed -i 's/\[mysqld\]/\[mysqld\]\nlower_case_table_names=1/g' /etc/my.cnf.d/server.cnf; fi ---exec if test -f /etc/mysql/mariadb.conf.d/50.server.cnf; then sed -i 's/\[mysqld\]/\[mysqld\]\nlower_case_table_names=1/g' /etc/mysql/mariadb.conf.d/50-server.cnf; fi +--exec if test -f /etc/my.cnf.d/server.cnf; then sed -i 's/\[mysqld\]/\[mysqld\]\nlower_case_table_names=2/g' /etc/my.cnf.d/server.cnf; fi +--exec if test -f /etc/mysql/mariadb.conf.d/50.server.cnf; then sed -i 's/\[mysqld\]/\[mysqld\]\nlower_case_table_names=2/g' /etc/mysql/mariadb.conf.d/50-server.cnf; fi # --exec systemctl restart mariadb --exec sleep 10 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/primitives/blockcache/blockrequestprocessor.cpp mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/blockrequestprocessor.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/primitives/blockcache/blockrequestprocessor.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/blockrequestprocessor.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -97,11 +97,11 @@ { if (fTrace) { - uint16_t dbroot; - uint32_t partNum; - uint16_t segNum; - uint32_t fbo; - BRM::OID_t oid; + uint16_t dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + uint32_t fbo = 0; + BRM::OID_t oid = 0; fdbrm.lookupLocal(maxLbid, ver.currentScn, false, oid, dbroot, partNum, segNum, fbo); fLogFile << oid << " " << maxLbid << " " << fbo << " " << rangeLen << " " << 0 << " " << 0 << " " << 0 << " " << right << fixed << ((double)(start_tm.tv_sec + (1.e-9 * start_tm.tv_nsec))) << endl; @@ -133,11 +133,11 @@ if (fTrace) { - uint16_t dbroot; - uint32_t partNum; - uint16_t segNum; - uint32_t fbo; - BRM::OID_t oid; + uint16_t dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + uint32_t fbo = 0; + BRM::OID_t oid = 0; fdbrm.lookupLocal(maxLbid, ver.currentScn, false, oid, dbroot, partNum, segNum, fbo); fLogFile << oid << " " << maxLbid << " " << fbo << " " << rangeLen << " " << adjSz << " " << rqstBlk.BlocksRead() << " " << rqstBlk.BlocksLoaded() << " " << right << fixed diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/primitives/blockcache/stats.h mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/stats.h --- mariadb-11.8.6/storage/columnstore/columnstore/primitives/blockcache/stats.h 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/primitives/blockcache/stats.h 2026-05-24 09:58:35.000000000 +0000 @@ -44,11 +44,11 @@ inline BRM::OID_t lbid2oid(uint64_t lbid) { - BRM::OID_t oid; - uint16_t dbroot; - uint32_t partNum; - uint16_t segNum; - uint32_t fbo; + BRM::OID_t oid = 0; + uint16_t dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + uint32_t fbo = 0; brm.lookupLocal(lbid, 0, false, oid, dbroot, partNum, segNum, fbo); return oid; } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/primitives/linux-port/column.cpp mariadb-11.8.8/storage/columnstore/columnstore/primitives/linux-port/column.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/primitives/linux-port/column.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/primitives/linux-port/column.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -169,6 +169,13 @@ case COMPARE_NULLEQ: return val1 == val2; + case COMPARE_BITMASK: + // Bitmask comparison only valid for integral types + if constexpr (std::is_integral_v) + return (val1 & val2) == val2; + else + return false; + default: logIt(34, COP, "colCompare_"); return false; // throw an exception here? } } @@ -207,6 +214,13 @@ case COMPARE_NULLEQ: return val1 == val2 && rf == 0; + case COMPARE_BITMASK: + // Bitmask comparison only valid for integral types + if constexpr (std::is_integral_v) + return (val1 & val2) == val2; + else + return false; + default: logIt(34, COP, "colCompare_"); return false; // throw an exception here? } } @@ -1560,6 +1574,11 @@ case (COMPARE_LT): filterMask = simdProcessor.cmpLt(l, filterArgsVectors[j]); break; case (COMPARE_NE): filterMask = simdProcessor.cmpNe(l, filterArgsVectors[j]); break; case (COMPARE_NIL): filterMask = falseMask; break; + case (COMPARE_BITMASK): + // Bitmask: (value & mask) == mask + // Using SIMD: AND then compare equal + filterMask = simdProcessor.cmpEq(simdProcessor.bwAnd(l, filterArgsVectors[j]), filterArgsVectors[j]); + break; default: idbassert(false); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/primitives/primproc/columncommand.cpp mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/columncommand.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/primitives/primproc/columncommand.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/columncommand.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -661,11 +661,11 @@ { ostringstream os; BRM::DBRM brm; - BRM::OID_t oid; - uint16_t l_dbroot; - uint32_t partNum; - uint16_t segNum; - uint32_t fbo; + BRM::OID_t oid = 0; + uint16_t l_dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + uint32_t fbo = 0; brm.lookupLocal(lbid, 0, false, oid, l_dbroot, partNum, segNum, fbo); os << __FILE__ << " error on projection for oid " << oid << " lbid " << lbid; @@ -770,11 +770,11 @@ { ostringstream os; BRM::DBRM brm; - BRM::OID_t oid; - uint16_t dbroot; - uint32_t partNum; - uint16_t segNum; - uint32_t fbo; + BRM::OID_t oid = 0; + uint16_t dbroot = 0; + uint32_t partNum = 0; + uint16_t segNum = 0; + uint32_t fbo = 0; brm.lookupLocal(lbid, 0, false, oid, dbroot, partNum, segNum, fbo); os << __FILE__ << " error on projectResultRG for oid " << oid << " lbid " << lbid; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/primitives/primproc/primitiveserver.cpp mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/primitiveserver.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/primitives/primproc/primitiveserver.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/primitives/primproc/primitiveserver.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -475,13 +475,13 @@ VSSCache* vssCache) { bool flg = false; - BRM::OID_t oid; + BRM::OID_t oid = 0; BRM::VER_t txn = (BRM::VER_t)t; uint16_t dbRoot = 0; uint32_t partitionNum = 0; uint16_t segmentNum = 0; - int rc; - BRM::VER_t ver; + int rc = 0; + BRM::VER_t ver = 0; blockCacheClient bc(*BRPp[cacheNum(lbid)]); char file_name[WriteEngine::FILE_NAME_SIZE] = {0}; char* fileNamePtr = file_name; @@ -919,8 +919,8 @@ VSSCache* vssCache) { blockCacheClient bc(*BRPp[cacheNum(lbid)]); - bool vbFlag; - BRM::VER_t ver; + bool vbFlag = false; + BRM::VER_t ver = 0; VSSCache::iterator it; if (vssCache) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/storage-manager/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/storage-manager/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/storage-manager/CMakeLists.txt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/storage-manager/CMakeLists.txt 2026-05-24 09:58:35.000000000 +0000 @@ -71,7 +71,6 @@ columnstore_link( storagemanager boost_chrono - boost_system boost_thread boost_filesystem boost_regex diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/tests/scripts/run_mtr.sh mariadb-11.8.8/storage/columnstore/columnstore/tests/scripts/run_mtr.sh --- mariadb-11.8.6/storage/columnstore/columnstore/tests/scripts/run_mtr.sh 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/tests/scripts/run_mtr.sh 2026-05-24 09:58:35.000000000 +0000 @@ -22,7 +22,7 @@ optparse.define short=t long=test_full_name desc="Testname with suite as like bugfixes.mcol-4899" variable=TEST_FULL_NAME default="" optparse.define short=f long=full desc="Run full MTR" variable=RUN_FULL default=false value=true optparse.define short=r long=record desc="Record the result" variable=RECORD default=false value=true -optparse.define short=e long=no-extern desc="Run with --extern" variable=EXTERN default=false value=true +optparse.define short=e long=extern desc="Run with --extern" variable=EXTERN default=false value=true optparse.define short=c long=color desc="run with unbufer to colorize output" variable=UNBUFFER default=false value=true @@ -60,9 +60,18 @@ cd ${INSTALLED_MTR_PATH} -if [[ ! -d ${INSTALLED_MTR_PATH}/suite/columnstore ]]; then +if [[ ! -d "${INSTALLED_MTR_PATH}/suite/columnstore" ]]; then message " ・ Adding symlink for columnstore tests to ${INSTALLED_MTR_PATH}/suite/columnstore from ${COLUMNSTORE_MTR_SOURCE}" - ln -s ${COLUMNSTORE_MTR_SOURCE} ${INSTALLED_MTR_PATH}/suite + ln -sfn "${COLUMNSTORE_MTR_SOURCE}" "${INSTALLED_MTR_PATH}/suite" +fi + +# MTR's mtr_cases.pm also searches in mysql-test/suite/ relative to the parent +# of the test directory. Remove any stale symlink there to avoid duplicate suite +# detection which causes mtr_cases.pm to abort. +MTR_MYSQL_TEST_SUITE="$(dirname "${INSTALLED_MTR_PATH%/}")/mysql-test/suite" +if [[ -L "${MTR_MYSQL_TEST_SUITE}/columnstore" ]]; then + rm -f "${MTR_MYSQL_TEST_SUITE}/columnstore" + message " ・ Removed stale symlink ${MTR_MYSQL_TEST_SUITE}/columnstore to avoid duplicate suite" fi if [[ ! -d '/data/qa/source/dbt3/' || ! -d '/data/qa/source/ssb/' ]]; then diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/tools/passwd/secrets.cpp mariadb-11.8.8/storage/columnstore/columnstore/tools/passwd/secrets.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/tools/passwd/secrets.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/tools/passwd/secrets.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -402,11 +402,13 @@ { std::cout << "Error reading JSON from secrets file: " << filepath << std::endl; std::cout << je.what() << std::endl; + return rval; } catch (...) { printf("Error reading JSON from secrets file '%s' failed. Error %d, %s.\n", filepathc, errno, strerror(errno)); + return rval; } // json_t* obj = json_load_file(filepathc, 0, &err); string enc_cipher = jsontree[field_cipher]; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/CMakeLists.txt 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/CMakeLists.txt 2026-05-24 09:58:35.000000000 +0000 @@ -2,4 +2,4 @@ set(rebuildEM_SRCS main.cpp rebuildEM.cpp) columnstore_executable(mcsRebuildEM ${rebuildEM_SRCS}) -columnstore_link(mcsRebuildEM ${ENGINE_LDFLAGS} ${ENGINE_WRITE_LIBS} boost_system boost_filesystem) +columnstore_link(mcsRebuildEM ${ENGINE_LDFLAGS} ${ENGINE_WRITE_LIBS} boost_filesystem) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/main.cpp mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/main.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/main.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/main.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -30,6 +30,8 @@ static void usage(const std::string& pname) { + // note the 'y' option is not in the usage text. This is intentional, to keep + // manual confirmation and simultaneously allow for slightly easier testing. std::cout << "usage: " << pname << " [-vdhs]" << std::endl; std::cout << "rebuilds the extent map from the contents of the database file " "system." @@ -61,8 +63,9 @@ bool showExtentMap = false; bool verbose = false; bool display = false; + bool confirm = true; - while ((option = getopt(argc, argv, "vdhs")) != EOF) + while ((option = getopt(argc, argv, "yvdhs")) != EOF) { switch (option) { @@ -72,6 +75,8 @@ case 's': showExtentMap = true; break; + case 'y': confirm = false; break; + case 'h': case '?': default: @@ -90,10 +95,13 @@ } // MCOL-4685 - std::cout << "The launch of mcsRebuildEM tool must be sanctioned by MariaDB support. " << std::endl; - std::cout << "Do you want to continue Y/N? "; - if (!isYes()) - return 0; + if (confirm) + { + std::cout << "The launch of mcsRebuildEM tool must be sanctioned by MariaDB support. " << std::endl; + std::cout << "Do you want to continue Y/N? "; + if (!isYes()) + return 0; + } auto* config = config::Config::makeConfig(); const auto BRMSavesEM = config->getConfig("SystemConfig", "DBRMRoot") + "_em"; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.cpp mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.cpp 2026-01-31 13:27:51.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/tools/rebuildEM/rebuildEM.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -35,49 +35,49 @@ namespace RebuildExtentMap { std::unordered_map systemCatalogMap = { - {2073, FileId(2073, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 201728, 0, true)}, - {2070, FileId(2070, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 163840, 0, true)}, - {2067, FileId(2067, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 114688, 0, true)}, - {2064, FileId(2064, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 98304, 0, true)}, - {2076, FileId(2076, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 218112, 0, true)}, - {2061, FileId(2061, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 81920, 0, true)}, - {1004, FileId(1004, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 36864, 0, false)}, - {1022, FileId(1022, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 90112, 0, false)}, - {1001, FileId(1001, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 0, 0, false)}, - {1023, FileId(1023, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 106496, 0, false)}, - {1021, FileId(1021, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 73728, 0, false)}, - {1010, FileId(1010, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 61440, 0, false)}, - {1006, FileId(1006, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 45056, 0, false)}, - {1002, FileId(1002, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 16384, 0, false)}, - {1009, FileId(1009, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 57344, 0, false)}, - {1005, FileId(1005, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 40960, 0, false)}, - {1011, FileId(1011, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 65536, 0, false)}, - {1012, FileId(1012, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 69632, 0, false)}, - {1008, FileId(1008, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 53248, 0, false)}, - {1007, FileId(1007, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 49152, 0, false)}, - {1003, FileId(1003, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 32768, 0, false)}, - {1032, FileId(1032, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 155648, 0, false)}, - {1038, FileId(1038, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 189440, 0, false)}, - {1033, FileId(1033, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 172032, 0, false)}, - {1027, FileId(1027, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 135168, 0, false)}, - {1024, FileId(1024, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 122880, 0, false)}, - {1042, FileId(1042, 0, 0, 0, 8, execplan::CalpontSystemCatalog::UBIGINT, 230400, 0, false)}, - {1040, FileId(1040, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 209920, 0, false)}, - {1025, FileId(1025, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 126976, 0, false)}, - {1035, FileId(1035, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 180224, 0, false)}, - {1028, FileId(1028, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 139264, 0, false)}, - {1036, FileId(1036, 0, 0, 0, 1, execplan::CalpontSystemCatalog::CHAR, 184320, 0, false)}, - {1031, FileId(1031, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 151552, 0, false)}, - {1037, FileId(1037, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 185344, 0, false)}, - {1039, FileId(1039, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 193536, 0, false)}, - {1030, FileId(1030, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 147456, 0, false)}, - {1034, FileId(1034, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 176128, 0, false)}, - {1026, FileId(1026, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 131072, 0, false)}, - {1041, FileId(1041, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 226304, 0, false)}, - {1043, FileId(1043, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 238592, 0, false)}, - {1029, FileId(1029, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 143360, 0, false)}, - {2001, FileId(2001, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 8192, 0, true)}, - {2004, FileId(2004, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 24576, 0, true)}, + {2073, FileId(2073, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 201728, 0, true, 0)}, + {2070, FileId(2070, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 163840, 0, true, 0)}, + {2067, FileId(2067, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 114688, 0, true, 0)}, + {2064, FileId(2064, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 98304, 0, true, 0)}, + {2076, FileId(2076, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 218112, 0, true, 0)}, + {2061, FileId(2061, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 81920, 0, true, 0)}, + {1004, FileId(1004, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 36864, 0, false, 0)}, + {1022, FileId(1022, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 90112, 0, false, 0)}, + {1001, FileId(1001, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 0, 0, false, 0)}, + {1023, FileId(1023, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 106496, 0, false, 0)}, + {1021, FileId(1021, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 73728, 0, false, 0)}, + {1010, FileId(1010, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 61440, 0, false, 0)}, + {1006, FileId(1006, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 45056, 0, false, 0)}, + {1002, FileId(1002, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 16384, 0, false, 0)}, + {1009, FileId(1009, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 57344, 0, false, 0)}, + {1005, FileId(1005, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 40960, 0, false, 0)}, + {1011, FileId(1011, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 65536, 0, false, 0)}, + {1012, FileId(1012, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 69632, 0, false, 0)}, + {1008, FileId(1008, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 53248, 0, false, 0)}, + {1007, FileId(1007, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 49152, 0, false, 0)}, + {1003, FileId(1003, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 32768, 0, false, 0)}, + {1032, FileId(1032, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 155648, 0, false, 0)}, + {1038, FileId(1038, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 189440, 0, false, 0)}, + {1033, FileId(1033, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 172032, 0, false, 0)}, + {1027, FileId(1027, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 135168, 0, false, 0)}, + {1024, FileId(1024, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 122880, 0, false, 0)}, + {1042, FileId(1042, 0, 0, 0, 8, execplan::CalpontSystemCatalog::UBIGINT, 230400, 0, false, 0)}, + {1040, FileId(1040, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 209920, 0, false, 0)}, + {1025, FileId(1025, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 126976, 0, false, 0)}, + {1035, FileId(1035, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 180224, 0, false, 0)}, + {1028, FileId(1028, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 139264, 0, false, 0)}, + {1036, FileId(1036, 0, 0, 0, 1, execplan::CalpontSystemCatalog::CHAR, 184320, 0, false, 0)}, + {1031, FileId(1031, 0, 0, 0, 4, execplan::CalpontSystemCatalog::DATE, 151552, 0, false, 0)}, + {1037, FileId(1037, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 185344, 0, false, 0)}, + {1039, FileId(1039, 0, 0, 0, 8, execplan::CalpontSystemCatalog::VARCHAR, 193536, 0, false, 0)}, + {1030, FileId(1030, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 147456, 0, false, 0)}, + {1034, FileId(1034, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 176128, 0, false, 0)}, + {1026, FileId(1026, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 131072, 0, false, 0)}, + {1041, FileId(1041, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 226304, 0, false, 0)}, + {1043, FileId(1043, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 238592, 0, false, 0)}, + {1029, FileId(1029, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 143360, 0, false, 0)}, + {2001, FileId(2001, 0, 0, 0, 0, execplan::CalpontSystemCatalog::VARCHAR, 8192, 0, true, 0)}, + {2004, FileId(2004, 0, 0, 0, 4, execplan::CalpontSystemCatalog::INT, 24576, 0, true, 0)}, }; void EMReBuilder::collectFileNames(const std::string& partialPath, std::string currentPath, @@ -107,14 +107,94 @@ std::vector fileNames; collectFileNames(dbRootPath, "", fileNames); + + std::sort(fileNames.begin(), fileNames.end()); // this makes token files go before corresponding dict files. + for (const auto& fileName : fileNames) { (void)collectExtent(fileName); } + // generate FileId's for invisible LBIDs - these are not recorded in headers. + addInvisibleLBIDs(); + + // setup HWMs for all OIDs. + setupHWMs(); + return 0; } +void EMReBuilder::addInvisibleLBIDs() +{ + for (auto dictOID : dictOIDs) + { + uint64_t hwm; + if (oidHWMs.count(dictOID) == 0) + { + if (doVerbose()) + { + std::cout << "dictionary OID " << dictOID << " does not have HWM set." << std::endl; + } + continue; + } + hwm = oidHWMs[dictOID]; + + // not very efficient. but it gets job done. + FileId dictFileId(0, 0, 0, 0, 0, execplan::CalpontSystemCatalog::BIT, 0, 0, false, 0); + for(const FileId& fid : extentMap) + { + if (fid.oid == dictOID) + { + dictFileId = fid; + break; + } + } + if (doVerbose()) + { + std::cout << "Template FileID: " << dictFileId << std::endl; + } + + for(uint64_t blockOffset : oidBlockOffsetsFromTokens[dictOID]) + { + if (oidKnownBlockOffsets[dictOID].count(blockOffset) > 0 || blockOffset > hwm) + { + if (doVerbose()) + { + std::cout << " Skipping block offset " << blockOffset << ", it is in known LBIDs or higher than HWN (" + << hwm << ")" << std::endl; + } + continue; + } + FileId toAdd(dictFileId); // fill all the information. + toAdd.blockOffset = blockOffset; // inventing a new LBID as we do not know old one. + lastUsedLBID += 8192; + toAdd.lbid = lastUsedLBID; + extentMap.push_back(toAdd); + if (doVerbose()) + { + std::cout << " Collected " << toAdd << std::endl; + } + } + } +} + +// setup HWMs for all OIDs. +void EMReBuilder::setupHWMs() +{ + for(uint32_t i = 0; i < extentMap.size();i++) + { + if (oidHWMs.count(extentMap[i].oid)) + { + uint64_t hwm = oidHWMs[extentMap[i].oid]; + if (extentMap[i].blockOffset <= hwm && extentMap[i].blockOffset + 8192 > hwm) + { + extentMap[i].hwm = hwm; + } + } + } +} + + int32_t EMReBuilder::collectExtent(const std::string& fullFileName) { WriteEngine::FileOp fileOp; @@ -124,6 +204,14 @@ // Initialize oid, partition and segment from the given `fullFileName`. auto rc = WriteEngine::Convertor::fileName2Oid(fullFileName, oid, partition, segment); + if (doVerbose()) + { + std::cout << "converted '" << fullFileName << "' to OID " << oid << ", partition " << partition << ", segment " << segment << "\n"; + if (rc != 0) + { + std::cout << "failure code " << int(rc) << "\n"; + } + } if (rc != 0) return rc; @@ -184,6 +272,11 @@ auto lbidCount = compress::CompressInterface::getLBIDCount(fileHeader); auto compressionType = compress::CompressInterface::getCompressionType(fileHeader); + if (doVerbose()) + { + std::cout << "col data type index " << int(colDataType) << ", col width " << colWidth << std::endl; + } + if (colDataType == execplan::CalpontSystemCatalog::UNDEFINED) { if (doVerbose()) @@ -193,8 +286,16 @@ } auto isDict = isDictFile(colDataType, colWidth); + bool isProbablyTokenColumn = colWidth == 8 && datatypes::isCharType(colDataType); if (isDict) + { + if (doVerbose()) + { + std::cout << "Setting column width to 8. Old column width " << colWidth << std::endl; + } colWidth = 8; + dictOIDs.insert(oid); + } if (doVerbose()) { @@ -204,49 +305,41 @@ uint64_t hwm = 0; rc = searchHWMInSegmentFile(fullFileName, oid, getDBRoot(), partition, segment, colDataType, colWidth, - blockCount, isDict, compressionType, hwm); + blockCount, isDict, isProbablyTokenColumn, compressionType, hwm); if (rc != 0) return rc; - if (doVerbose()) - std::cout << "HWM is: " << hwm << std::endl; + oidHWMs[oid] = hwm; const uint32_t extentMaxBlockCount = getEM().getExtentRows() * colWidth / BLOCK_SIZE; - // We found multiple extents per one segment file. - if (hwm >= extentMaxBlockCount) + + if (doVerbose()) { - for (uint32_t lbidIndex = 0; lbidIndex < lbidCount - 1; ++lbidIndex) - { - auto lbid = compress::CompressInterface::getLBIDByIndex(fileHeader, lbidIndex); - FileId fileId(oid, partition, segment, getDBRoot(), colWidth, colDataType, lbid, /*hwm*/ 0, isDict); - extentMap.push_back(fileId); - } + std::cout << "HWM is: " << hwm << std::endl; + std::cout << "extentMaxBlockCount: " << extentMaxBlockCount << std::endl; + std::cout << "lbidCount: " << lbidCount << std::endl; + } - // Last one has an actual HWM. - auto lbid = compress::CompressInterface::getLBIDByIndex(fileHeader, lbidCount - 1); - FileId fileId(oid, partition, segment, getDBRoot(), colWidth, colDataType, lbid, hwm, isDict); + // We process LBIDs in the header the same way regardless of their count in the header. + uint64_t blockOffset = 0; + oidHWMs[oid] = hwm; // remember HWM to assign later. + for (uint32_t lbidIndex = 0; lbidIndex < lbidCount; ++lbidIndex, blockOffset += 8192) + { + auto lbid = compress::CompressInterface::getLBIDByIndex(fileHeader, lbidIndex); + lastUsedLBID = std::max(lbid, lastUsedLBID); + FileId fileId(oid, partition, segment, getDBRoot(), colWidth, colDataType, lbid, /*hwm*/ 0, isDict, blockOffset); extentMap.push_back(fileId); - + oidKnownBlockOffsets[oid].insert(blockOffset); if (doVerbose()) - { - std::cout << "Found multiple extents per segment file " << std::endl; std::cout << "FileId is collected " << fileId << std::endl; - } } - else - { - // One extent per segment file. - auto lbid = compress::CompressInterface::getLBIDByIndex(fileHeader, 0); - FileId fileId(oid, partition, segment, getDBRoot(), colWidth, colDataType, lbid, hwm, isDict); - extentMap.push_back(fileId); - if (doVerbose()) - std::cout << "FileId is collected " << fileId << std::endl; - } } else { + // SZ: XXX: this handles syscat LBIDs differently and may introduce errors. It needs to be tested with + // syscat with lots of tables (up to whatever limit we have). const auto fileSize = dbFile->size(); if (fileSize == -1) { @@ -273,7 +366,7 @@ uint64_t hwm = 0; rc = searchHWMInSegmentFile(fullFileName, oid, getDBRoot(), systemFileId.partition, systemFileId.segment, systemFileId.colDataType, systemFileId.colWidth, blockCount, - systemFileId.isDict, 0 /*=compressionType*/, hwm); + systemFileId.isDict, false, 0 /*=compressionType*/, hwm); if (rc != 0) return rc; @@ -371,6 +464,7 @@ uint32_t partition, uint32_t segment, execplan::CalpontSystemCatalog::ColDataType colDataType, uint32_t colWidth, uint64_t blockCount, bool isDict, + bool probablyTokenColumn, uint32_t compressionType, uint64_t& hwm) { std::unique_ptr chunkManagerWrapper; @@ -393,12 +487,17 @@ return -1; } + if (doVerbose()) + { + std::cout << "block count " << blockCount << std::endl; + } hwm = 0; // Starting from the end. // Note: This solves problem related to `bulk` insertion. // Currently it could start to insert values from any block into empty // column. - for (int32_t currentBlock = blockCount - 1; currentBlock >= 0; --currentBlock) + int32_t currentBlock; + for (currentBlock = blockCount - 1; currentBlock >= 0; --currentBlock) { // Read the block associated to HWM. // The uncompressed chunk size is 512 * 1024 * 8, so for `abbreviated` @@ -407,14 +506,56 @@ chunkManagerWrapper->readBlock(currentBlock); if (!chunkManagerWrapper->isEmptyBlock()) { + if (doVerbose()) + { + std::cout << "non empty block " << currentBlock << std::endl; + } hwm = currentBlock; break; } } + // If the column we scan can be a token column, read blocks as if they are tokens and extract LBIDs. + if (probablyTokenColumn) + { + std::set seenBlockOffsets; + scanTokensForLBIDs(oid + 1, chunkManagerWrapper->getTokens(), chunkManagerWrapper->numTokens(), seenBlockOffsets); + for(currentBlock--; currentBlock >= 0; currentBlock --) + { + chunkManagerWrapper->readBlock(currentBlock); + if (chunkManagerWrapper->isEmptyBlock()) + { + continue; + } + scanTokensForLBIDs(oid + 1, chunkManagerWrapper->getTokens(), chunkManagerWrapper->numTokens(), seenBlockOffsets); + } + } + return 0; } +void EMReBuilder::scanTokensForLBIDs(uint32_t oidForDict, const WriteEngine::Token* tokens, uint32_t numTokens, std::set& seen) +{ + for(uint32_t i=0;i using namespace idbdatafile; @@ -41,7 +42,8 @@ struct FileId { FileId(uint32_t oid, uint32_t partition, uint32_t segment, uint32_t dbroot, uint32_t colWidth, - execplan::CalpontSystemCatalog::ColDataType colDataType, int64_t lbid, uint64_t hwm, bool isDict) + execplan::CalpontSystemCatalog::ColDataType colDataType, int64_t lbid, uint64_t hwm, bool isDict, + uint64_t blockOffset) : oid(oid) , partition(partition) , segment(segment) @@ -51,6 +53,21 @@ , lbid(lbid) , hwm(hwm) , isDict(isDict) + , blockOffset(blockOffset) + { + } + + FileId(const FileId& other) + : oid(other.oid) + , partition(other.partition) + , segment(other.segment) + , dbroot(other.dbroot) + , colWidth(other.colWidth) + , colDataType(other.colDataType) + , lbid(other.lbid) + , hwm(other.hwm) + , isDict(other.isDict) + , blockOffset(other.blockOffset) { } @@ -63,6 +80,7 @@ int64_t lbid; uint64_t hwm; bool isDict; + uint64_t blockOffset; }; std::ostream& operator<<(std::ostream& os, const FileId& fileID); @@ -134,7 +152,8 @@ int32_t searchHWMInSegmentFile(const std::string& fullFileName, uint32_t oid, uint32_t dbRoot, uint32_t partition, uint32_t segment, execplan::CalpontSystemCatalog::ColDataType colDataType, uint32_t width, - uint64_t blocksCount, bool isDict, uint32_t compressionType, uint64_t& hwm); + uint64_t blocksCount, bool isDict, bool probablyTokenColumn, + uint32_t compressionType, uint64_t& hwm); // Sets the dbroot to the given `number`. void setDBRoot(uint32_t number) @@ -160,6 +179,25 @@ BRM::ExtentMap em; std::vector systemExtentMap; std::vector extentMap; + + std::map oidHWMs; // HWM is assigned at the very end, to the LBID that properly contains it. + uint64_t lastUsedLBID = 0; + std::set dictOIDs; // set of OIDs that are dicts. + std::map> oidBlockOffsetsFromTokens; // block offsets generated from tokens read. + std::map> oidKnownBlockOffsets; // the set of block offsets that need not new LBIDs. + + // TEXT and other long variable length columns are stored as two OIDs, one (OID) for tokens and other + // (OID+1) for the actual data. + // This method receives OID+1 - we scan tokens for LBIDs that belong to the the next OID file(s). + void scanTokensForLBIDs(uint32_t oid, const WriteEngine::Token* tokens, uint32_t numTokens, std::set& seen); + + // generate FileId's for invisible LBIDs - these are not recorded in headers. + void addInvisibleLBIDs(); + + // setup HWMs for all OIDs. + void setupHWMs(); + + }; // The base class aroud `ChunkManager` to read and write decompressed blocks @@ -184,6 +222,12 @@ // Checks that last read block is empty. virtual bool isEmptyBlock() = 0; + // return internal buffer as an array of tokens + const WriteEngine::Token* getTokens() const { return reinterpret_cast(blockData); } + + // convenience: return nummber of tokens in block. + uint32_t numTokens() const { return WriteEngine::BYTE_PER_BLOCK/sizeof(WriteEngine::Token); } + protected: uint32_t oid; uint32_t dbRoot; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/idbdatafile/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/utils/idbdatafile/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/utils/idbdatafile/CMakeLists.txt 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/idbdatafile/CMakeLists.txt 2026-05-24 09:58:35.000000000 +0000 @@ -14,4 +14,4 @@ ) columnstore_library(idbdatafile ${idbdatafile_LIB_SRCS}) -columnstore_link(idbdatafile PRIVATE ${NETSNMP_LIBRARIES} ${ENGINE_OAM_LIBS} boost_filesystem boost_system) +columnstore_link(idbdatafile PRIVATE ${NETSNMP_LIBRARIES} ${ENGINE_OAM_LIBS} boost_filesystem) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/asan.yml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/asan.yml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/asan.yml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/asan.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -name: ASAN test - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - runs-on: ubuntu-latest - services: - minio: - # fixme: let's not depend on external unofficial image - image: lazybit/minio - ports: - - 9000:9000 - env: - MINIO_ROOT_USER: accesskey - MINIO_ROOT_PASSWORD: password - options: --name=minio --health-cmd "curl http://localhost:9000/minio/health/live" - - env: - S3KEY: accesskey - S3SECRET: password - S3REGION: "" - S3BUCKET: s3-test - S3HOST: 127.0.0.1 - S3PORT: 9000 - S3USEHTTP: 1 - CC: clang - CFLAGS: "-fsanitize=address" - - steps: - - uses: actions/checkout@v4 - - name: Create bucket - run: | - wget https://dl.min.io/client/mc/release/linux-amd64/mc - chmod +x ./mc - ./mc alias set minio http://127.0.0.1:9000 accesskey password - ./mc mb --ignore-existing minio/s3-test - - name: Install deps - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - name: Build libmarias3 - run: | - autoreconf -fi - ./configure --enable-debug=yes - make - - name: Test - run: - make check diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/distcheck.yml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/distcheck.yml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/distcheck.yml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/distcheck.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -name: Distcheck - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Install deps - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - name: Build libmarias3 - run: | - autoreconf -fi - ./configure --enable-debug=yes - - name: Test - run: - make distcheck diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/docs.yml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/docs.yml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/docs.yml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/docs.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -name: Docs - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - name: Install deps - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev python3-sphinx - - name: Build libmarias3 - run: | - autoreconf -fi - ./configure - - name: Build Docs - run: - make html diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/scanbuild.yml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/scanbuild.yml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/scanbuild.yml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/scanbuild.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -name: Scanbuild test - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - # Ubuntu latest scan-build has issues 2024-09. This is a documentated hack - # to run Fedora instead - runs-on: ubuntu-latest - container: - image: fedora:latest - env: - CC: clang - - steps: - - uses: actions/checkout@v4 - - name: Install deps - run: | - sudo dnf install -y libcurl-devel clang-analyzer autoconf automake libtool gawk - - name: Build libmarias3 - run: | - autoreconf -fi - ./configure --enable-debug=yes - - name: Scanbuild - run: - scan-build --use-cc=clang --use-c++=clang++ --status-bugs make diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/usan.yml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/usan.yml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/usan.yml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.github/workflows/usan.yml 1970-01-01 00:00:00.000000000 +0000 @@ -1,53 +0,0 @@ -name: USAN test - -on: - push: - branches: [ "master" ] - pull_request: - branches: [ "master" ] - -jobs: - build: - runs-on: ubuntu-latest - services: - minio: - # fixme: let's not depend on external unofficial image - image: lazybit/minio - ports: - - 9000:9000 - env: - MINIO_ROOT_USER: accesskey - MINIO_ROOT_PASSWORD: password - options: --name=minio --health-cmd "curl http://localhost:9000/minio/health/live" - - env: - S3KEY: accesskey - S3SECRET: password - S3REGION: "" - S3BUCKET: s3-test - S3HOST: 127.0.0.1 - S3PORT: 9000 - S3USEHTTP: 1 - CC: clang - CFLAGS: "-fsanitize=undefined -fsanitize=nullability" - - steps: - - uses: actions/checkout@v4 - - name: Create bucket - run: | - wget https://dl.min.io/client/mc/release/linux-amd64/mc - chmod +x ./mc - ./mc alias set minio http://127.0.0.1:9000 accesskey password - ./mc mb --ignore-existing minio/s3-test - - name: Install deps - run: | - sudo apt-get update - sudo apt-get install -y libcurl4-openssl-dev - - name: Build libmarias3 - run: | - autoreconf -fi - ./configure --enable-debug=yes - make - - name: Test - run: - make check diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.gitignore mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.gitignore --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.gitignore 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.gitignore 2026-05-24 09:58:35.000000000 +0000 @@ -32,7 +32,6 @@ *.lo *.la tags -TAGS docs/latex/ html/ *.tar.gz diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.readthedocs.yaml mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.readthedocs.yaml --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.readthedocs.yaml 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/.readthedocs.yaml 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -# Read the Docs configuration file for Sphinx projects -# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details - -# Required -version: 2 - -# Set the OS, Python version and other tools you might need -build: - os: ubuntu-22.04 - tools: - python: "3.12" - # You can also specify other tool versions: - # nodejs: "20" - # rust: "1.70" - # golang: "1.20" - -# Build documentation in the "docs/" directory with Sphinx -sphinx: - configuration: docs/conf.py - # You can configure Sphinx to use a different builder, for instance use the dirhtml builder for simpler URLs - # builder: "dirhtml" - # Fail on all warnings to avoid broken references - # fail_on_warning: true - -# Optionally build your docs in additional formats such as PDF and ePub -formats: - - pdf -# - epub - -# Optional but recommended, declare the Python requirements required -# to build your documentation -# See https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html -# python: -# install: -# - requirements: docs/requirements.txt diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/README.rst mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/README.rst --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/README.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/README.rst 2026-05-24 09:58:35.000000000 +0000 @@ -48,15 +48,13 @@ If you have minion installed, you should be able to use same settings as used by MariaDB mtr s3 tests: -.. code-block:: bash - - export S3KEY=minio - export S3SECRET=minioadmin - export S3REGION= - export S3BUCKET=storage-engine - export S3HOST=127.0.0.1 - export S3PORT=9000 - export S3USEHTTP=1 +export S3KEY=minio +export S3SECRET=minioadmin +export S3REGION= +export S3BUCKET=storage-engine +export S3HOST=127.0.0.1 +export S3PORT=9000 +export S3USEHTTP=1 The test suite is automatically built along with the library and can be executed with ``make check`` or ``make distcheck``. diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/VERSION.txt mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/VERSION.txt --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/VERSION.txt 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/VERSION.txt 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1 @@ -3.2.0 +3.1.2 diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/configure.ac mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/configure.ac --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/configure.ac 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/configure.ac 2026-05-24 09:58:35.000000000 +0000 @@ -38,7 +38,7 @@ AC_CONFIG_HEADERS([config.h:config.in])dnl Keep filename to 8.3 for MS-DOS. # shared library versioning -LIBMARIAS3_LIBRARY_VERSION=4:2:2 +LIBMARIAS3_LIBRARY_VERSION=4:2:1 # | | | # +------+ | +---+ # | | | diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/__init__.py mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/__init__.py --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/__init__.py 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/__init__.py 2026-05-24 09:58:35.000000000 +0000 @@ -1,106 +1,17 @@ -""" -Sphinx Read the Docs theme. +"""Sphinx ReadTheDocs theme. From https://github.com/ryan-roemer/sphinx-bootstrap-theme. -""" +""" import os -from os import path -from sys import version_info as python_version -from sphinx import version_info as sphinx_version -from sphinx.locale import _ -from sphinx.util.logging import getLogger +VERSION = (0, 1, 5) - -__version__ = '3.0.0rc1' +__version__ = ".".join(str(v) for v in VERSION) __version_full__ = __version__ -logger = getLogger(__name__) - def get_html_theme_path(): """Return list of HTML theme paths.""" - logger.warning( - _('Calling get_html_theme_path is deprecated. If you are calling it to define html_theme_path, you are safe to remove that code.') - ) - - cur_dir = path.abspath(path.dirname(path.dirname(__file__))) + cur_dir = os.path.abspath(os.path.dirname(os.path.dirname(__file__))) return cur_dir - - -def config_initiated(app, config): - theme_options = config.html_theme_options or {} - if theme_options.get('canonical_url'): - logger.warning( - _('The canonical_url option is deprecated, use the html_baseurl option from Sphinx instead.') - ) - - if theme_options.get("analytics_id"): - logger.warning( - _('The analytics_id option is deprecated, use the sphinxcontrib-googleanalytics extension instead.') - ) - - if theme_options.get("analytics_anonymize_ip"): - logger.warning( - _('The analytics_anonymize_ip option is deprecated, use the sphinxcontrib-googleanalytics extension instead.') - ) - - if "extra_css_files" in config.html_context: - logger.warning( - _('The extra_css_file option is deprecated, use the html_css_files option from Sphinx instead.') - ) - - -def extend_html_context(app, pagename, templatename, context, doctree): - # Add ``sphinx_version_info`` tuple for use in Jinja templates - context['sphinx_version_info'] = sphinx_version - - # Inject all the Read the Docs environment variables in the context: - # https://docs.readthedocs.io/en/stable/reference/environment-variables.html - context['READTHEDOCS'] = os.environ.get("READTHEDOCS", False) == "True" - if context['READTHEDOCS']: - for key, value in os.environ.items(): - if key.startswith("READTHEDOCS_"): - context[key] = value - - - -# See http://www.sphinx-doc.org/en/stable/theming.html#distribute-your-theme-as-a-python-package -def setup(app): - if python_version[0] < 3: - logger.error("Python 2 is not supported with sphinx_rtd_theme, update to Python 3.") - - app.require_sphinx('6.0') - if app.config.html4_writer: - logger.error("'html4_writer' is not supported with sphinx_rtd_theme.") - - # Since Sphinx 6, jquery isn't bundled anymore and we need to ensure that - # the sphinxcontrib-jquery extension is enabled. - # See: https://dev.readthedocs.io/en/latest/design/sphinx-jquery.html - if sphinx_version >= (6, 0, 0): - # Documentation of Sphinx guarantees that an extension is added and - # enabled at most once. - # See: https://www.sphinx-doc.org/en/master/extdev/appapi.html#sphinx.application.Sphinx.setup_extension - app.setup_extension("sphinxcontrib.jquery") - # However, we need to call the extension's callback since setup_extension doesn't do it - # See: https://github.com/sphinx-contrib/jquery/issues/23 - from sphinxcontrib.jquery import add_js_files as jquery_add_js_files - jquery_add_js_files(app, app.config) - - # Register the theme that can be referenced without adding a theme path - app.add_html_theme('sphinx_rtd_theme', path.abspath(path.dirname(__file__))) - - # Add Sphinx message catalog for newer versions of Sphinx - # See http://www.sphinx-doc.org/en/master/extdev/appapi.html#sphinx.application.Sphinx.add_message_catalog - rtd_locale_path = path.join(path.abspath(path.dirname(__file__)), 'locale') - app.add_message_catalog('sphinx', rtd_locale_path) - app.connect('config-inited', config_initiated) - - # sphinx emits the permalink icon for headers, so choose one more in keeping with our theme - app.config.html_permalinks_icon = "\uf0c1" - - # Extend the default context when rendering the templates. - app.connect("html-page-context", extend_html_context) - - return {'parallel_read_safe': True, 'parallel_write_safe': True} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/breadcrumbs.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/breadcrumbs.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/breadcrumbs.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/breadcrumbs.html 2026-05-24 09:58:35.000000000 +0000 @@ -1,77 +1,19 @@ -{%- if meta is defined and meta is not none %} - {%- set check_meta = True %} -{%- else %} - {%- set check_meta = False %} -{%- endif %} - -{%- if check_meta and 'github_url' in meta %} - {%- set display_github = True %} -{%- endif %} - -{%- if check_meta and 'bitbucket_url' in meta %} - {%- set display_bitbucket = True %} -{%- endif %} - -{%- if check_meta and 'gitlab_url' in meta %} - {%- set display_gitlab = True %} -{%- endif %} - -{%- set display_vcs_links = display_vcs_links if display_vcs_links is defined else True %} - -{#- Translators: This is an ARIA section label for page links, including previous/next page link and links to GitHub/GitLab/etc. -#} -
    +
    - - {%- if (theme_prev_next_buttons_location == 'top' or theme_prev_next_buttons_location == 'both') and (next or prev) %} - {#- Translators: This is an ARIA section label for sequential page links, such as previous and next page links. -#} - - {%- endif %}
    diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/footer.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/footer.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/footer.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/footer.html 2026-05-24 09:58:35.000000000 +0000 @@ -1,62 +1,32 @@
    - {%- if (theme_prev_next_buttons_location == 'bottom' or theme_prev_next_buttons_location == 'both') and (next or prev) %} - {#- Translators: This is an ARIA section label for the footer section of the page. -#} -
    diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/layout.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/layout.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/layout.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/layout.html 2026-05-24 09:58:35.000000000 +0000 @@ -6,223 +6,155 @@ {%- else %} {%- set titlesuffix = "" %} {%- endif %} -{%- set lang_attr = 'en' if language == None else (language | replace('_', '-')) %} - -{# Build sphinx_version_info tuple from sphinx_version string in pure Jinja #} -{%- set (_ver_major, _ver_minor) = (sphinx_version.split('.') | list)[:2] | map('int') -%} -{%- set sphinx_version_info = (_ver_major, _ver_minor, -1) -%} -= (7, 2) %} data-content_root="{{ content_root }}"{% endif %}> + + - - {%- if READTHEDOCS and not embedded %} - - {%- endif %} - {{- metatags }} - - {%- block htmltitle %} + + + {% block htmltitle %} {{ title|striptags|e }}{{ titlesuffix }} - {%- endblock -%} - - {#- CSS #} - {%- for css_file in css_files %} - {%- if css_file|attr("filename") %} - {{ css_tag(css_file) }} - {%- else %} - - {%- endif %} - {%- endfor %} - - {# - "extra_css_files" is an undocumented Read the Docs theme specific option. - There is no need to check for ``|attr("filename")`` here because it's always a string. - Note that this option should be removed in favor of regular ``html_css_files``: - https://www.sphinx-doc.org/en/master/usage/configuration.html#confval-html_css_files - #} - {%- for css_file in extra_css_files %} - - {%- endfor -%} - - {#- FAVICON #} - {%- if favicon_url %} - - {%- endif %} - - {#- CANONICAL URL (deprecated) #} - {%- if theme_canonical_url and not pageurl %} - - {%- endif -%} - - {#- CANONICAL URL #} - {%- if pageurl %} - - {%- endif -%} - - {#- JAVASCRIPTS #} - {%- block scripts %} - {%- if not embedded %} - {%- for scriptfile in script_files %} - {{ js_tag(scriptfile) }} - {%- endfor %} - + {% endblock %} - {%- if READTHEDOCS and theme_flyout_display != "hidden" %} - - {%- endif %} - - {#- OPENSEARCH #} - {%- if use_opensearch %} - - {%- endif %} - {%- endif %} - {%- endblock %} + {# FAVICON #} + {% if favicon %} + + {% endif %} + + {# CSS #} + + + {# OPENSEARCH #} + {% if not embedded %} + {% if use_opensearch %} + + {% endif %} + + {% endif %} + + {# RTD hosts this file, so just load on non RTD builds #} + {% if not READTHEDOCS %} + + {% endif %} + + {% for cssfile in css_files %} + + {% endfor %} {%- block linktags %} {%- if hasdoc('about') %} - + {%- endif %} {%- if hasdoc('genindex') %} - + {%- endif %} {%- if hasdoc('search') %} - + {%- endif %} {%- if hasdoc('copyright') %} - + + {%- endif %} + + {%- if parents %} + {%- endif %} {%- if next %} - + {%- endif %} {%- if prev %} - + {%- endif %} {%- endblock %} {%- block extrahead %} {% endblock %} + + {# Keep modernizr in head - http://modernizr.com/docs/#installing #} + + - + - {%- block extrabody %} {% endblock %}
    - {#- SIDE NAV, TOGGLES ON MOBILE #} -
    + {% include "versions.html" %} - {#- Do not conflict with RTD insertion of analytics script #} - {%- if not READTHEDOCS %} - {%- if theme_analytics_id %} - - - + {%- for scriptfile in script_files %} + + {%- endfor %} - {%- endif %} - {%- endif %} + {% endif %} + + {# RTD hosts this file, so just load on non RTD builds #} + {% if not READTHEDOCS %} + + {% endif %} + + {# STICKY NAVIGATION #} + {% if theme_sticky_navigation %} + + {% endif %} {%- block footer %} {% endblock %} Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/da/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,206 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Benjamin Bach , 2023 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Benjamin Bach , 2023\n" -"Language-Team: Danish (https://www.transifex.com/readthedocs/teams/101354/da/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: da\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Navigation" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Ret pÃ¥ GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Ret pÃ¥ Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Ret pÃ¥ GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Vis sidekilde" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Sekventiel navigation" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Forrige" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Næste" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Sidefod" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Build" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Version" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Last updated on %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Baseret pÃ¥ %(sphinx_web)s med et" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "udviklet af%(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Søg i %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Om disse dokumenter" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Indeks" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Søg" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Copyright" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Navigation" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Mobil navigation" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Venligst aktivér JavaScript for at anvende søgefunktionen" - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Søgeresultater" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Din søgning matchede ingen dokumenter. Tjek at alle ord er stavet korrekt og" -" at du har valgt tilstrækkeligt med kategorier." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Søg i dokumentation" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versioner" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Downloads" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "PÃ¥ Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Projektets startside" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Builds" - -#~ msgid "Docs" -#~ msgstr "Dokumentation" - -#~ msgid "Free document hosting provided by" -#~ msgstr "Gratis hosting af dokumentation leveret af" - -#~ msgid "Documentation Home" -#~ msgstr "Dokumentationens startside" - -#~ msgid "Breadcrumbs" -#~ msgstr "Sti" - -#~ msgid "Main" -#~ msgstr "Primær" - -#~ msgid "Top" -#~ msgstr "Top" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/de/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,136 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Tom Kunze , 2019 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Tom Kunze , 2019\n" -"Language-Team: German (https://www.transifex.com/readthedocs/teams/101354/de/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: de\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Auf GitHub bearbeiten" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Auf Bitbucket bearbeiten" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Auf GitLab bearbeiten" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Quelltext anzeigen" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Zurück" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Weiter" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Build" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Zuletzt aktualisiert am %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Erstellt mit %(sphinx_web)s mit einem" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "bereitgestellt von %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "%(docstitle)s durchsuchen" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Über diese Dokumentation" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Index" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Suche" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Copyright" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Bitte aktiviere JavaScript, um die Suchfunktion zu nutzen." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Suchergebnisse" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Es wurden keine mit deiner Suchanfrage übereinstimmenden Dokumente gefunden." -" Achte darauf, dass alle Wörter richtig geschrieben sind und dass genug " -"Kategorien ausgewählt sind." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Dokumentation durchsuchen" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versionen" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Auf Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Projektübersicht" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Builds" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/en/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,201 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 15:43-0600\n" -"Last-Translator: FULL NAME \n" -"Language: en\n" -"Language-Team: en \n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "" - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "" - -#. the variable "sphinx_web" is a link to the Sphinx project documentation with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words " -"are spelled correctly and that you've selected enough categories." -msgstr "" - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "" - -#~ msgid "Docs" -#~ msgstr "" - -#~ msgid "Free document hosting provided by" -#~ msgstr "" - -#~ msgid "Documentation Home" -#~ msgstr "" - -#~ msgid "Breadcrumbs" -#~ msgstr "" - -#~ msgid "Main" -#~ msgstr "" - -#~ msgid "Top" -#~ msgstr "" - Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/es/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,169 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Anthony , 2019 -# Radina Matic , 2021 -# Leonardo J. Caballero G. , 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Leonardo J. Caballero G. , 2022\n" -"Language-Team: Spanish (https://www.transifex.com/readthedocs/teams/101354/es/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: es\n" -"Plural-Forms: nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Editar en GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Editar en Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Editar en GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Ver código fuente de la página" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Anterior" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Siguiente" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Pie de página" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Derechos de autor %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Derechos de autor %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Compilación" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Revisión" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Actualizado por última vez el %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Compilado con %(sphinx_web)s usando un" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "proporcionado por %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Buscar en %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Sobre esta documentación" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Ãndice" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Búsqueda" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Derechos de autor" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logotipo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" -"Por favor, active JavaScript para habilitar la funcionalidad de búsqueda." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Resultados de la búsqueda" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Su búsqueda no coincide con ningún documento. Por favor, asegúrese de que " -"todas las palabras estén correctamente escritas y que usted haya " -"seleccionado las suficientes categorías." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Buscar documentos" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versiones" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Descargas" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "En Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Página de Proyecto" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Compilaciones" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/et/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,166 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Anthony , 2020 -# Ivar Smolin , 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Ivar Smolin , 2021\n" -"Language-Team: Estonian (https://www.transifex.com/readthedocs/teams/101354/et/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: et\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Muuda GitHubis" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Muuda Bitbucketis" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Muuda GitLabis" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Vaata lehe lähtekoodi" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Eelmine" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Järgmine" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Jalus" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Autoriõigus %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Autoriõigus %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Ehitus" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Redaktsioon" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Viimati uuendatud %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Ehitatud %(sphinx_web)s'iga," - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "kujundusteema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "on loonud %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Otsi dokumendist %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Nende dokumentide kirjeldused" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Indeks" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Otsing" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Autoriõigus" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Otsimisfunktsiooni lubamiseks aktiveeri palun JavaScript" - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Otsingu tulemused" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Sinu otsingule ei vastanud ükski dokument. Palun veendu, et kõik sisestatud " -"sõnad on õigesti kirjutatud ja sa oled valikud piisaval hulgal kategooriaid." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Otsi dokumente" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versioonid" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Allalaadimised" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Saidil Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Projekti kodu" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Ehitused" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fa_IR/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,161 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Anthony , 2021 -# Peyman M., 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Peyman M., 2022\n" -"Language-Team: Persian (Iran) (https://www.transifex.com/readthedocs/teams/101354/fa_IR/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: fa_IR\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "ویرایش در GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "ویرایش در Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "ویرایش در GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "نمایش متن منبع ØµÙØ­Ù‡" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "پیشین" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "بعدی" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© حق انتشار %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© حق انتشار%(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "ساخت" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "بازبینی" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "آخرین بروز رسانی در %(last_updated)s ." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "ساخته شده با %(sphinx_web)s" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "پوسته" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "تهیّه شده با %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "جستجو در %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "درباره این مستندات" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Ùهرست" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "جستجوی" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Ú©Ù¾ÛŒ رایت" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "آرم" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Ù„Ø·ÙØ§Ù‹ جاوا اسکریپت را ÙØ¹Ù‘ال کنید تا قابلیّت جستجو ÙØ¹Ù‘ال شود." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "نتایج جستجو" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"جستجوی شما با هیچ سندی مطابقت نداشت. Ù„Ø·ÙØ§Ù‹ از درستی املای واژگان مطمئن شوید." -" هم‌چنین بررسی کنید آیا به اندازه کاÙÛŒ دسته بندی انتخاب کرده‌اید." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "جستجوی مستندات" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "نگارش‌ها" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "بارگیری‌ها" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "درباره‌ی خواندن مستندات" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "ØµÙØ­Ù‡ خانگی پروژه" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "ساخت‌ها" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/fr/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,169 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Anthony , 2020 -# Radina Matic , 2021 -# Jérémie Tarot , 2023 -# CapitainFlam, 2023 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: CapitainFlam, 2023\n" -"Language-Team: French (https://www.transifex.com/readthedocs/teams/101354/fr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: fr\n" -"Plural-Forms: nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Éditer sur GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Éditer sur Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Éditer sur GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Afficher la source de la page" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Précédent" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Suivant" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Pied de page" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Droits d'auteur %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Droits d'auteur %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Compilation" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Révision" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Dernière mise à jour le %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Compilé avec %(sphinx_web)s en utilisant un" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "thème" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "fourni par %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Rechercher dans %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "À propos de cette documentation" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Index" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Rechercher" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Droits d'auteur" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Activez JavaScript pour accéder à la fonction de recherche." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Résultats de la recherche" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Votre recherche ne correspond à aucun document. Assurez-vous que tous les " -"mots sont correctement orthographiés et que vous avez sélectionné " -"suffisamment de catégories." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Rechercher docs" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versions" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Téléchargements" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "À propos de Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Accueil du projet" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Compilations" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hr/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Ivan Bratović, 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Ivan Bratović, 2022\n" -"Language-Team: Croatian (https://www.transifex.com/readthedocs/teams/101354/hr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: hr\n" -"Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/hu/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Balázs Úr, 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Balázs Úr, 2022\n" -"Language-Team: Hungarian (https://www.transifex.com/readthedocs/teams/101354/hu/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: hu\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/it/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,192 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Anthony , 2021 -# Maurizio Paglia , 2021 -# albanobattistella , 2022 -# Benjamin Bach , 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Benjamin Bach , 2022\n" -"Language-Team: Italian (https://www.transifex.com/readthedocs/teams/101354/it/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: it\n" -"Plural-Forms: nplurals=3; plural=n == 1 ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Naviga tra le pagine" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Modifica su GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Modifica su Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Modifica su GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Visualizza sorgente pagina" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Naviga sequenzialmente tra le pagine" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Precedente" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Prossimo" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Piè di pagina" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Rev." - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Revisione" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Ultimo aggiornamento il %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Realizzato con %(sphinx_web)s usando un" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "fornito da %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Cerca in %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Nota sulla documentazione" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Indice" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Ricerca" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Copyright" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Menu di navigazione" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Menu navigazione dispositivi mobili" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Devi attivare JavaScript per attivare la funzione di ricerca." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Risultati della ricerca" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"La tua ricerca non ha prodotto nessun risultato. Assicurati di aver scritto " -"correttamente tutti i termini cercati e di aver selezionato sufficienti " -"categorie." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Cerca documenti" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versioni" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Downloads" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Riguardo Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Home progetto" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Rev." Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/lt/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,188 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Tomas Straupis, 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Tomas Straupis, 2021\n" -"Language-Team: Lithuanian (https://www.transifex.com/readthedocs/teams/101354/lt/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: lt\n" -"Plural-Forms: nplurals=4; plural=(n % 10 == 1 && (n % 100 > 19 || n % 100 < 11) ? 0 : (n % 10 >= 2 && n % 10 <=9) && (n % 100 > 19 || n % 100 < 11) ? 1 : n % 1 != 0 ? 2: 3);\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Puslapių navigacija" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Keisti GitHub'e" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Keisti Bitbucket'e" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Keisti GitLab'e" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "ŽiÅ«rÄ—ti puslapio Å¡altinį" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Puslapių navigacija iÅ¡ eilÄ—s" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Ankstesnis" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Kitas" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "PoraÅ¡tÄ—" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Surinkimas" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Versija" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Atnaujinta %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Surinkta su %(sphinx_web)s naudojant" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "temÄ…" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "pateiktÄ… %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "IeÅ¡koti %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Apie Å¡iuos dokumentus" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Indeksas" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "PaieÅ¡ka" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Autorių teisÄ—s" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Navigacijos meniu" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Mobilios navigacijos meniu" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "PraÅ¡ome įjungti JavaScript, kad veiktų paieÅ¡kos funkcionalumas." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "PaieÅ¡kos rezultatai" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"JÅ«sų paieÅ¡kai neatitiko nei vienas dokumentas. PraÅ¡ome įsitikinti, kad visi " -"žodžiai paraÅ¡yti teisingai ir kad parinkote pakankamai kategorijų." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "IeÅ¡koti dokumentuose" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versijos" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Atsisiuntimai" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Apie Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Projekto namai" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Surinkimai" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/nl/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,188 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Jesse Tan, 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Jesse Tan, 2021\n" -"Language-Team: Dutch (https://www.transifex.com/readthedocs/teams/101354/nl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: nl\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Paginanavigatie" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Bewerk op GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Bewerk op BitBucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Bewerk op GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Bekijk paginabron" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Navigatie voor gerelateerde pagina's" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Vorige" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Volgende" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Voettekst" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Copyright %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Bouwresultaat" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Revisie" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Laatste update op %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Gebouwd met %(sphinx_web)s met een" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "thema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "geleverd door %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Zoek binnen %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Over deze documenten" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Index" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Zoek" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Copyright" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Navigatiemenu" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Navigatiemenu voor mobiel" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Zet JavaScript aan om de zoekfunctie mogelijk te maken." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Zoekresultaten" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Zoekpoging vond geen documenten. Zorg ervoor dat alle woorden correct zijn " -"gespeld en dat voldoende categorieën zijn geselecteerd." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Zoek in documentatie" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versies" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Downloads" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Op Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Project Home" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Bouwresultaten" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pl/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,137 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Michal Sniatala, 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Michal Sniatala, 2021\n" -"Language-Team: Polish (https://www.transifex.com/readthedocs/teams/101354/pl/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: pl\n" -"Plural-Forms: nplurals=4; plural=(n==1 ? 0 : (n%10>=2 && n%10<=4) && (n%100<12 || n%100>14) ? 1 : n!=1 && (n%10>=0 && n%10<=1) || (n%10>=5 && n%10<=9) || (n%100>=12 && n%100<=14) ? 2 : 3);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Edytuj na GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Edytuj na Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Edytuj na GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Zobacz źródÅ‚o strony" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Poprzedni" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "NastÄ™pny" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Prawa zastrzeżone %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Prawa zastrzeżone %(copyright)s." - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Ostatnia aktualizacja %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Zbudowano w %(sphinx_web)s używajÄ…c" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "dostarczone przez %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Szukaj w %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "O tych dokumentach" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Indeks" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Szukaj" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Prawa zastrzeżone" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" -"ProszÄ™ aktywować obsÅ‚ugÄ™ JavaScript, aby włączyć funkcjÄ™ wyszukiwania." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Wyniki wyszukiwania" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Nie znaleziono szukanej frazy. Upewnij siÄ™, że wszystkie sÅ‚owa sÄ… napisane " -"poprawnie i że wybraÅ‚eÅ› wystarczajÄ…cÄ… liczbÄ™ kategorii." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Szukaj" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Wersje" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Pobrania" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Na Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Strona projektu" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,161 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Ana Costa , 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Ana Costa , 2021\n" -"Language-Team: Portuguese (https://www.transifex.com/readthedocs/teams/101354/pt/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: pt\n" -"Plural-Forms: nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Navegação da página" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Editar no GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Editar no Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Editar no GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Ver código-fonte da página" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Navegação sequencial da página" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Anterior" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Seguinte" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Rodapé" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Revisão" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Última actualização em %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Compilado com %(sphinx_web)s usando um" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "fornecido por %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Procurar em %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Sobre estes documentos" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Ãndice" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Pesquisar" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Menu de navegação" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Menu de navegação móvel" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Por favor, active o JavaScript para permitir a função de pesquisa." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Resultados de Pesquisa" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"A sua pesquisa não encontrou nenhum documento. Por favor confirme que todas " -"as palavras estão bem escritas e que selecionou categorias suficientes." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Pesquisar docs" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versões" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Transferências" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "No Read the Docs" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/pt_BR/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,191 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Rafael Fontenelle , 2021 -# Wellington Uemura , 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Wellington Uemura , 2022\n" -"Language-Team: Portuguese (Brazil) (https://www.transifex.com/readthedocs/teams/101354/pt_BR/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: pt_BR\n" -"Plural-Forms: nplurals=3; plural=(n == 0 || n == 1) ? 0 : n != 0 && n % 1000000 == 0 ? 1 : 2;\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "Navegação da página" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Editar no GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Editar no Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Editar no GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Ver código-fonte da página" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "Navegação sequencial da página" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Anterior" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Próximo" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "Rodapé" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Direitos autorais %(copyright)s." - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© Direitos autorais %(copyright)s." - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Compilação" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Revisão" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Última atualização em %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Compilado com %(sphinx_web)s usando um" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "fornecido por %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Pesquisar em %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Sobre esses documentos" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Ãndice" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Pesquisar" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Copyright" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Menu de navegação" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Menu de navegação móvel" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" -"Por favor, ative JavaScript para habilitar a funcionalidade de pesquisa." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Resultados da pesquisa" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"A sua pesquisa não encontrou nenhum documento correspondente. Verifique se " -"todas as palavras estão escritas corretamente e se você selecionou " -"categorias suficientes." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Pesquisar documentos" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versões" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Downloads" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "No Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Página inicial" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Compilações" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/ru/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,189 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# lvv83 , 2019 -# Dmitry Shachnev , 2021 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Dmitry Shachnev , 2021\n" -"Language-Team: Russian (https://www.transifex.com/readthedocs/teams/101354/ru/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: ru\n" -"Plural-Forms: nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "ÐÐ°Ð²Ð¸Ð³Ð°Ñ†Ð¸Ñ Ð¿Ð¾ Ñтраницам" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Редактировать на GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Редактировать на BitBucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Редактировать на GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "ПроÑмотреть иÑходный код Ñтраницы" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "ÐÐ°Ð²Ð¸Ð³Ð°Ñ†Ð¸Ñ Ð¿Ð¾ ÑоÑедним Ñтраницам" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "ПредыдущаÑ" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "СледующаÑ" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "ÐижнÑÑ Ð¾Ð±Ð»Ð°Ñть" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© ÐвторÑкие права %(copyright)s. " - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© ÐвторÑкие права %(copyright)s. " - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Сборка" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "РевизиÑ" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "ПоÑледний раз обновлено %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Собрано при помощи %(sphinx_web)s Ñ Ð¸Ñпользованием" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "темы," - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "предоÑтавленной %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "ПоиÑк в %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Об Ñтих документах" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Ðлфавитный указатель" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "ПоиÑк" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "ÐвторÑкие права" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Логотип" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "Меню навигации" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "Меню навигации Ð´Ð»Ñ Ð¼Ð¾Ð±Ð¸Ð»ÑŒÐ½Ñ‹Ñ… уÑтройÑтв" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "Ðктивируйте JavaScript, чтобы иÑпользовать функционал поиÑка." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Результаты поиÑка" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"По Вашему запроÑу не найдено результатов. ПожалуйÑта, проверьте, что вÑе " -"Ñлова напиÑаны правильно, и Ð’Ñ‹ выбрали нужные категории." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "ПоиÑк в документации" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "ВерÑии" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Загрузки" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Ðа Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "ДомашнÑÑ Ñтраница проекта" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Сборки" diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sphinx.pot mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sphinx.pot --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sphinx.pot 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sphinx.pot 1970-01-01 00:00:00.000000000 +0000 @@ -1,182 +0,0 @@ -# Translations template for sphinx_rtd_theme. -# Copyright (C) 2023 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2023. -# -#, fuzzy -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 1.2.0rc4\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" -"Last-Translator: FULL NAME \n" -"Language-Team: LANGUAGE \n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=utf-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "" - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "" - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "" - -#. the variable "sphinx_web" is a link to the Sphinx project documentation with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words " -"are spelled correctly and that you've selected enough categories." -msgstr "" - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "" - Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/sv/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,151 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Daniel Holmberg , 2020 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Daniel Holmberg , 2020\n" -"Language-Team: Swedish (https://www.transifex.com/readthedocs/teams/101354/sv/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: sv\n" -"Plural-Forms: nplurals=2; plural=(n != 1);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "Editera pÃ¥ GitHub" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Editera pÃ¥ Bitbucket" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "Editera pÃ¥ GitLab" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Visa sidkälla" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Tillbaka" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Nästa" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "Bygg" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Ändra" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Senast uppdaterad %(last_updated)s." - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "Gjord med %(sphinx_web)s med hjälp av" - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "erhÃ¥llet av %(readthedocs_web)s" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "Sök i %(docstitle)s" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Om dessa dokument" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Index" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Sök" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Upphovsrätt" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" -"Var vänlig och aktivera JavaScript för att möjliggöra sökfunktionaliteten." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Sökresultat" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Din sökning gav inga träffar. Var vänlig och se till att alla ord är rätt " -"stavade och att du har valt tillräckligt mÃ¥nga kategorier." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Sök i dokumentationen" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Versioner" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "Nerladdningar" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "PÃ¥ Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Projekt Hem" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "Versioner" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/tr/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,143 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# BouRock, 2020 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: BouRock, 2020\n" -"Language-Team: Turkish (https://www.transifex.com/readthedocs/teams/101354/tr/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: tr\n" -"Plural-Forms: nplurals=2; plural=(n > 1);\n" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "GitHub'da Düzenle" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "Bitbucket'ta Düzenle" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "GitLab'ta Düzenle" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "Sayfa kaynağını görüntüle" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "Önceki" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "Sonraki" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "OluÅŸturma" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "Gözden geçirme" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "Son olarak %(last_updated)s tarihinde güncellendi." - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "tema" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "kullanılarak %(readthedocs_web)s tarafından saÄŸlanmasıyla oluÅŸturuldu" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "%(docstitle)s içinde ara" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "Bu belgeler hakkında" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "Dizin" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "Arama" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "Telif hakkı" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "" -"Arama iÅŸlevselliÄŸini etkinleÅŸtirmek için lütfen JavaScript'i etkinleÅŸtirin." - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "Arama Sonuçları" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "" -"Aramanız hiçbir belgeyle eÅŸleÅŸmedi. Lütfen tüm kelimelerin doÄŸru " -"yazıldığından ve yeterli kategori seçtiÄŸinizden emin olun." - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "Belgeleri arayın" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "Sürümler" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "İndirmeler" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "Read the Docs Üzerinde" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "Proje Ana Sayfa" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "OluÅŸturmalar" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_CN/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,188 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# 王赛 , 2019 -# Anthony , 2022 -# JY3, 2022 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: JY3, 2022\n" -"Language-Team: Chinese (China) (https://www.transifex.com/readthedocs/teams/101354/zh_CN/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: zh_CN\n" -"Plural-Forms: nplurals=1; plural=0;\n" - -#. This is an ARIA section label for page links, including previous/next page -#. link and links to GitHub/GitLab/etc. -#: sphinx_rtd_theme/breadcrumbs.html:22 -msgid "Page navigation" -msgstr "页é¢å¯¼èˆª" - -#: sphinx_rtd_theme/breadcrumbs.html:37 sphinx_rtd_theme/breadcrumbs.html:39 -msgid "Edit on GitHub" -msgstr "在 GitHub 上编辑" - -#: sphinx_rtd_theme/breadcrumbs.html:44 sphinx_rtd_theme/breadcrumbs.html:46 -msgid "Edit on Bitbucket" -msgstr "在 Bitbucket 上编辑" - -#: sphinx_rtd_theme/breadcrumbs.html:51 sphinx_rtd_theme/breadcrumbs.html:53 -msgid "Edit on GitLab" -msgstr "在 GitLab 上编辑" - -#: sphinx_rtd_theme/breadcrumbs.html:56 sphinx_rtd_theme/breadcrumbs.html:58 -msgid "View page source" -msgstr "æŸ¥çœ‹é¡µé¢æºç " - -#. This is an ARIA section label for sequential page links, such as previous -#. and next page links. -#: sphinx_rtd_theme/breadcrumbs.html:67 -msgid "Sequential page navigation" -msgstr "顺åºå¼é¡µé¢å¯¼èˆª" - -#: sphinx_rtd_theme/breadcrumbs.html:69 sphinx_rtd_theme/footer.html:6 -msgid "Previous" -msgstr "上一页" - -#: sphinx_rtd_theme/breadcrumbs.html:72 sphinx_rtd_theme/footer.html:9 -msgid "Next" -msgstr "下一页" - -#. This is an ARIA section label for the footer section of the page. -#: sphinx_rtd_theme/footer.html:4 -msgid "Footer" -msgstr "页脚" - -#: sphinx_rtd_theme/footer.html:21 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© ç‰ˆæƒæ‰€æœ‰ %(copyright)s。" - -#: sphinx_rtd_theme/footer.html:23 -#, python-format -msgid "© Copyright %(copyright)s." -msgstr "© ç‰ˆæƒæ‰€æœ‰ %(copyright)s。" - -#. Build is a noun, not a verb -#: sphinx_rtd_theme/footer.html:30 -msgid "Build" -msgstr "构建" - -#. the phrase "revision" comes from Git, referring to a commit -#: sphinx_rtd_theme/footer.html:36 -msgid "Revision" -msgstr "版本" - -#: sphinx_rtd_theme/footer.html:41 -#, python-format -msgid "Last updated on %(last_updated)s." -msgstr "æœ€åŽæ›´æ–°æ—¶é—´ %(last_updated)s。" - -#. the variable "sphinx_web" is a link to the Sphinx project documentation -#. with -#. the text "Sphinx" -#: sphinx_rtd_theme/footer.html:53 -#, python-format -msgid "Built with %(sphinx_web)s using a" -msgstr "利用 %(sphinx_web)s 构建,使用的 " - -#. "theme" refers to a theme for Sphinx, which alters the appearance of the -#. generated documentation -#: sphinx_rtd_theme/footer.html:55 -msgid "theme" -msgstr "主题" - -#. this is always used as "provided by Read the Docs", and should not imply -#. Read the Docs is an author of the generated documentation. -#: sphinx_rtd_theme/footer.html:57 -#, python-format -msgid "provided by %(readthedocs_web)s" -msgstr "ç”± %(readthedocs_web)s å¼€å‘" - -#: sphinx_rtd_theme/layout.html:97 -#, python-format -msgid "Search within %(docstitle)s" -msgstr "在 %(docstitle)s 中æœç´¢" - -#: sphinx_rtd_theme/layout.html:105 -msgid "About these documents" -msgstr "关于此文档" - -#: sphinx_rtd_theme/layout.html:108 -msgid "Index" -msgstr "索引" - -#: sphinx_rtd_theme/layout.html:111 sphinx_rtd_theme/search.html:11 -msgid "Search" -msgstr "æœç´¢" - -#: sphinx_rtd_theme/layout.html:114 -msgid "Copyright" -msgstr "ç‰ˆæƒæ‰€æœ‰" - -#: sphinx_rtd_theme/layout.html:143 -msgid "Logo" -msgstr "Logo" - -#. This is an ARIA section label for the main navigation menu -#: sphinx_rtd_theme/layout.html:166 -msgid "Navigation menu" -msgstr "导航èœå•" - -#. This is an ARIA section label for the navigation menu that is visible when -#. viewing the page on mobile devices -#: sphinx_rtd_theme/layout.html:188 -msgid "Mobile navigation menu" -msgstr "移动版导航èœå•" - -#: sphinx_rtd_theme/search.html:31 -msgid "Please activate JavaScript to enable the search functionality." -msgstr "请å¯ç”¨ JavaScript 以便使用æœç´¢åŠŸèƒ½" - -#. Search is a noun, not a verb -#: sphinx_rtd_theme/search.html:39 -msgid "Search Results" -msgstr "æœç´¢ç»“æžœ" - -#: sphinx_rtd_theme/search.html:41 -msgid "" -"Your search did not match any documents. Please make sure that all words are" -" spelled correctly and that you've selected enough categories." -msgstr "您的æœç´¢æ²¡æœ‰åŒ¹é…åˆ°ä»»ä½•æ–‡æ¡£ã€‚è¯·ç¡®ä¿æ‰€æœ‰å•è¯æ‹¼å†™æ­£ç¡®ï¼Œå¹¶é€‰æ‹©äº†è¶³å¤Ÿå¤šçš„类别。" - -#: sphinx_rtd_theme/searchbox.html:4 -msgid "Search docs" -msgstr "æœç´¢æ–‡æ¡£" - -#: sphinx_rtd_theme/versions.html:3 sphinx_rtd_theme/versions.html:11 -msgid "Versions" -msgstr "版本" - -#: sphinx_rtd_theme/versions.html:17 -msgid "Downloads" -msgstr "下载" - -#. The phrase "Read the Docs" is not translated -#: sphinx_rtd_theme/versions.html:24 -msgid "On Read the Docs" -msgstr "托管于 Read the Docs" - -#: sphinx_rtd_theme/versions.html:26 -msgid "Project Home" -msgstr "项目主页" - -#: sphinx_rtd_theme/versions.html:29 -msgid "Builds" -msgstr "构建" Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.mo and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.mo differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.po mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.po --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.po 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/locale/zh_TW/LC_MESSAGES/sphinx.po 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -# English translations for sphinx_rtd_theme. -# Copyright (C) 2019 ORGANIZATION -# This file is distributed under the same license as the sphinx_rtd_theme -# project. -# FIRST AUTHOR , 2019. -# -# Translators: -# Jason Zhou, 2023 -# -msgid "" -msgstr "" -"Project-Id-Version: sphinx_rtd_theme 0.4.3.dev0\n" -"Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2023-02-06 15:36+0100\n" -"PO-Revision-Date: 2019-07-16 21:44+0000\n" -"Last-Translator: Jason Zhou, 2023\n" -"Language-Team: Chinese (Taiwan) (https://www.transifex.com/readthedocs/teams/101354/zh_TW/)\n" -"MIME-Version: 1.0\n" -"Content-Type: text/plain; charset=UTF-8\n" -"Content-Transfer-Encoding: 8bit\n" -"Generated-By: Babel 2.11.0\n" -"Language: zh_TW\n" -"Plural-Forms: nplurals=1; plural=0;\n" diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/search.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/search.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/search.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/search.html 2026-05-24 09:58:35.000000000 +0000 @@ -5,37 +5,31 @@ Template for the search page. :copyright: Copyright 2007-2013 by the Sphinx team, see AUTHORS. - :license: BSD, see https://github.com/sphinx-doc/sphinx/blob/master/LICENSE for details. + :license: BSD, see LICENSE for details. #} {%- extends "layout.html" %} {% set title = _('Search') %} -{% set display_vcs_links = False %} -{%- block scripts %} - {{ super() }} - - -{%- endblock %} +{% set script_files = script_files + ['_static/searchtools.js'] %} {% block footer %} - {# this is used when loading the search index using $.ajax fails, such as on Chrome for documents on localhost #} - + {{ super() }} {% endblock %} {% block body %} {% if search_performed %} - {# Translators: Search is a noun, not a verb #}

    {{ _('Search Results') }}

    {% if not search_results %}

    {{ _('Your search did not match any documents. Please make sure that all words are spelled correctly and that you\'ve selected enough categories.') }}

    diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/searchbox.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/searchbox.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/searchbox.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/searchbox.html 2026-05-24 09:58:35.000000000 +0000 @@ -1,9 +1,7 @@ -{%- if 'singlehtml' not in builder %}
    -
    - + +
    -{%- endif %} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/badge_only.css mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/badge_only.css --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/badge_only.css 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/badge_only.css 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1 @@ -.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-style:normal;font-weight:400;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#FontAwesome) format("svg")}.fa:before{font-family:FontAwesome;font-style:normal;font-weight:400;line-height:1}.fa:before,a .fa{text-decoration:inherit}.fa:before,a .fa,li .fa{display:inline-block}li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-.8em}ul.fas li .fa{width:.8em}ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-caret-down:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before,.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before,.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before,.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60}.rst-versions .rst-current-version:after{clear:both;content:"";display:block}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px} \ No newline at end of file +.fa:before{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;content:""}.clearfix:after{clear:both}@font-face{font-family:FontAwesome;font-weight:normal;font-style:normal;src:url("../font/fontawesome_webfont.eot");src:url("../font/fontawesome_webfont.eot?#iefix") format("embedded-opentype"),url("../font/fontawesome_webfont.woff") format("woff"),url("../font/fontawesome_webfont.ttf") format("truetype"),url("../font/fontawesome_webfont.svg#FontAwesome") format("svg")}.fa:before{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;text-decoration:inherit}a .fa{display:inline-block;text-decoration:inherit}li .fa{display:inline-block}li .fa-large:before,li .fa-large:before{width:1.875em}ul.fas{list-style-type:none;margin-left:2em;text-indent:-0.8em}ul.fas li .fa{width:0.8em}ul.fas li .fa-large:before,ul.fas li .fa-large:before{vertical-align:baseline}.fa-book:before{content:"\f02d"}.icon-book:before{content:"\f02d"}.fa-caret-down:before{content:"\f0d7"}.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before{content:"\f0d8"}.icon-caret-up:before{content:"\f0d8"}.fa-caret-left:before{content:"\f0d9"}.icon-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.icon-caret-right:before{content:"\f0da"}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;border-top:solid 10px #343131;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:before,.rst-versions .rst-current-version:after{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-versions .rst-current-version .fa{color:#fcfcfc}.rst-versions .rst-current-version .fa-book{float:left}.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:gray;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:solid 1px #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px}.rst-versions.rst-badge .icon-book{float:none}.rst-versions.rst-badge .fa-book{float:none}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book{float:left}.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge .rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width: 768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}img{width:100%;height:auto}} Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Bold.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/Roboto-Slab-Regular.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.eot and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.eot differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.svg mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.svg --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.svg 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.svg 1970-01-01 00:00:00.000000000 +0000 @@ -1,2671 +0,0 @@ - - - - -Created by FontForge 20120731 at Mon Oct 24 17:37:40 2016 - By ,,, -Copyright Dave Gandy 2016. All rights reserved. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.ttf and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.ttf differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/fontawesome-webfont.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold-italic.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-bold.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal-italic.woff2 differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff differ Binary files /srv/release.debian.org/tmp/0nho6SUlcX/mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff2 and /srv/release.debian.org/tmp/byZgQ0zcFD/mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/fonts/lato-normal.woff2 differ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/css/theme.css 2026-05-24 09:58:35.000000000 +0000 @@ -1,4 +1,4 @@ -html{box-sizing:border-box}*,:after,:before{box-sizing:inherit}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}[hidden],audio:not([controls]){display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;text-decoration:none}ins,mark{color:#000}mark{background:#ff0;font-style:italic;font-weight:700}.rst-content code,.rst-content tt,code,kbd,pre,samp{font-family:monospace,serif;_font-family:courier new,monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:after,q:before{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}dl,ol,ul{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure,form{margin:0}label{cursor:pointer}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type=button],input[type=reset],input[type=submit]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type=search]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}textarea{resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:.2em 0;background:#ccc;color:#000;padding:.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none!important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{body,html,section{background:none!important}*{box-shadow:none!important;text-shadow:none!important;filter:none!important;-ms-filter:none!important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="#"]:after,a[href^="javascript:"]:after{content:""}blockquote,pre{page-break-inside:avoid}thead{display:table-header-group}img,tr{page-break-inside:avoid}img{max-width:100%!important}@page{margin:.5cm}.rst-content .toctree-wrapper>p.caption,h2,h3,p{orphans:3;widows:3}.rst-content .toctree-wrapper>p.caption,h2,h3{page-break-after:avoid}}.btn,.fa:before,.icon:before,.rst-content .admonition,.rst-content .admonition-title:before,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .code-block-caption .headerlink:before,.rst-content .danger,.rst-content .eqno .headerlink:before,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-alert,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before,input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week],select,textarea{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:after,.clearfix:before{display:table;content:""}.clearfix:after{clear:both}/*! - * Font Awesome 4.7.0 by @davegandy - http://fontawesome.io - @fontawesome +*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}article,aside,details,figcaption,figure,footer,header,hgroup,nav,section{display:block}audio,canvas,video{display:inline-block;*display:inline;*zoom:1}audio:not([controls]){display:none}[hidden]{display:none}*{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}html{font-size:100%;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}a:hover,a:active{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}blockquote{margin:0}dfn{font-style:italic}ins{background:#ff9;color:#000;text-decoration:none}mark{background:#ff0;color:#000;font-style:italic;font-weight:bold}pre,code,.rst-content tt,kbd,samp{font-family:monospace,serif;_font-family:"courier new",monospace;font-size:1em}pre{white-space:pre}q{quotes:none}q:before,q:after{content:"";content:none}small{font-size:85%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}ul,ol,dl{margin:0;padding:0;list-style:none;list-style-image:none}li{list-style:none}dd{margin:0}img{border:0;-ms-interpolation-mode:bicubic;vertical-align:middle;max-width:100%}svg:not(:root){overflow:hidden}figure{margin:0}form{margin:0}fieldset{border:0;margin:0;padding:0}label{cursor:pointer}legend{border:0;*margin-left:-7px;padding:0;white-space:normal}button,input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}button,input{line-height:normal}button,input[type="button"],input[type="reset"],input[type="submit"]{cursor:pointer;-webkit-appearance:button;*overflow:visible}button[disabled],input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0;*width:13px;*height:13px}input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}input[type="search"]::-webkit-search-decoration,input[type="search"]::-webkit-search-cancel-button{-webkit-appearance:none}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}textarea{overflow:auto;vertical-align:top;resize:vertical}table{border-collapse:collapse;border-spacing:0}td{vertical-align:top}.chromeframe{margin:0.2em 0;background:#ccc;color:#000;padding:0.2em 0}.ir{display:block;border:0;text-indent:-999em;overflow:hidden;background-color:transparent;background-repeat:no-repeat;text-align:left;direction:ltr;*line-height:0}.ir br{display:none}.hidden{display:none !important;visibility:hidden}.visuallyhidden{border:0;clip:rect(0 0 0 0);height:1px;margin:-1px;overflow:hidden;padding:0;position:absolute;width:1px}.visuallyhidden.focusable:active,.visuallyhidden.focusable:focus{clip:auto;height:auto;margin:0;overflow:visible;position:static;width:auto}.invisible{visibility:hidden}.relative{position:relative}big,small{font-size:100%}@media print{html,body,section{background:none !important}*{box-shadow:none !important;text-shadow:none !important;filter:none !important;-ms-filter:none !important}a,a:visited{text-decoration:underline}.ir a:after,a[href^="javascript:"]:after,a[href^="#"]:after{content:""}pre,blockquote{page-break-inside:avoid}thead{display:table-header-group}tr,img{page-break-inside:avoid}img{max-width:100% !important}@page{margin:0.5cm}p,h2,h3{orphans:3;widows:3}h2,h3{page-break-after:avoid}}.fa:before,.rst-content .admonition-title:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content dl dt .headerlink:before,.icon:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-alert,.rst-content .note,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .warning,.rst-content .seealso,.rst-content .admonition-todo,.btn,input[type="text"],input[type="password"],input[type="email"],input[type="url"],input[type="date"],input[type="month"],input[type="time"],input[type="datetime"],input[type="datetime-local"],input[type="week"],input[type="number"],input[type="search"],input[type="tel"],input[type="color"],select,textarea,.wy-menu-vertical li.on a,.wy-menu-vertical li.current>a,.wy-side-nav-search>a,.wy-side-nav-search .wy-dropdown>a,.wy-nav-top a{-webkit-font-smoothing:antialiased}.clearfix{*zoom:1}.clearfix:before,.clearfix:after{display:table;content:""}.clearfix:after{clear:both}/*! + * Font Awesome 4.1.0 by @davegandy - http://fontawesome.io - @fontawesome * License - http://fontawesome.io/license (Font: SIL OFL 1.1, CSS: MIT License) - */@font-face{font-family:FontAwesome;src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713);src:url(fonts/fontawesome-webfont.eot?674f50d287a8c48dc19ba404d20fe713?#iefix&v=4.7.0) format("embedded-opentype"),url(fonts/fontawesome-webfont.woff2?af7ae505a9eed503f8b8e6982036873e) format("woff2"),url(fonts/fontawesome-webfont.woff?fee66e712a8a08eef5805a46892932ad) format("woff"),url(fonts/fontawesome-webfont.ttf?b06871f281fee6b241d60582ae9369b9) format("truetype"),url(fonts/fontawesome-webfont.svg?912ec66d7572ff821749319396470bde#fontawesomeregular) format("svg");font-weight:400;font-style:normal}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{display:inline-block;font:normal normal normal 14px/1 FontAwesome;font-size:inherit;text-rendering:auto;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:.08em solid #eee;border-radius:.1em}.fa-pull-left{float:left}.fa-pull-right{float:right}.fa-pull-left.icon,.fa.fa-pull-left,.rst-content .code-block-caption .fa-pull-left.headerlink,.rst-content .eqno .fa-pull-left.headerlink,.rst-content .fa-pull-left.admonition-title,.rst-content code.download span.fa-pull-left:first-child,.rst-content dl dt .fa-pull-left.headerlink,.rst-content h1 .fa-pull-left.headerlink,.rst-content h2 .fa-pull-left.headerlink,.rst-content h3 .fa-pull-left.headerlink,.rst-content h4 .fa-pull-left.headerlink,.rst-content h5 .fa-pull-left.headerlink,.rst-content h6 .fa-pull-left.headerlink,.rst-content p .fa-pull-left.headerlink,.rst-content table>caption .fa-pull-left.headerlink,.rst-content tt.download span.fa-pull-left:first-child,.wy-menu-vertical li.current>a button.fa-pull-left.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-left.toctree-expand,.wy-menu-vertical li button.fa-pull-left.toctree-expand{margin-right:.3em}.fa-pull-right.icon,.fa.fa-pull-right,.rst-content .code-block-caption .fa-pull-right.headerlink,.rst-content .eqno .fa-pull-right.headerlink,.rst-content .fa-pull-right.admonition-title,.rst-content code.download span.fa-pull-right:first-child,.rst-content dl dt .fa-pull-right.headerlink,.rst-content h1 .fa-pull-right.headerlink,.rst-content h2 .fa-pull-right.headerlink,.rst-content h3 .fa-pull-right.headerlink,.rst-content h4 .fa-pull-right.headerlink,.rst-content h5 .fa-pull-right.headerlink,.rst-content h6 .fa-pull-right.headerlink,.rst-content p .fa-pull-right.headerlink,.rst-content table>caption .fa-pull-right.headerlink,.rst-content tt.download span.fa-pull-right:first-child,.wy-menu-vertical li.current>a button.fa-pull-right.toctree-expand,.wy-menu-vertical li.on a button.fa-pull-right.toctree-expand,.wy-menu-vertical li button.fa-pull-right.toctree-expand{margin-left:.3em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.pull-left.icon,.rst-content .code-block-caption .pull-left.headerlink,.rst-content .eqno .pull-left.headerlink,.rst-content .pull-left.admonition-title,.rst-content code.download span.pull-left:first-child,.rst-content dl dt .pull-left.headerlink,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content p .pull-left.headerlink,.rst-content table>caption .pull-left.headerlink,.rst-content tt.download span.pull-left:first-child,.wy-menu-vertical li.current>a button.pull-left.toctree-expand,.wy-menu-vertical li.on a button.pull-left.toctree-expand,.wy-menu-vertical li button.pull-left.toctree-expand{margin-right:.3em}.fa.pull-right,.pull-right.icon,.rst-content .code-block-caption .pull-right.headerlink,.rst-content .eqno .pull-right.headerlink,.rst-content .pull-right.admonition-title,.rst-content code.download span.pull-right:first-child,.rst-content dl dt .pull-right.headerlink,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content p .pull-right.headerlink,.rst-content table>caption .pull-right.headerlink,.rst-content tt.download span.pull-right:first-child,.wy-menu-vertical li.current>a button.pull-right.toctree-expand,.wy-menu-vertical li.on a button.pull-right.toctree-expand,.wy-menu-vertical li button.pull-right.toctree-expand{margin-left:.3em}.fa-spin{-webkit-animation:fa-spin 2s linear infinite;animation:fa-spin 2s linear infinite}.fa-pulse{-webkit-animation:fa-spin 1s steps(8) infinite;animation:fa-spin 1s steps(8) infinite}@-webkit-keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}@keyframes fa-spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}to{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=1)";-webkit-transform:rotate(90deg);-ms-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2)";-webkit-transform:rotate(180deg);-ms-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=3)";-webkit-transform:rotate(270deg);-ms-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=0, mirror=1)";-webkit-transform:scaleX(-1);-ms-transform:scaleX(-1);transform:scaleX(-1)}.fa-flip-vertical{-ms-filter:"progid:DXImageTransform.Microsoft.BasicImage(rotation=2, mirror=1)";-webkit-transform:scaleY(-1);-ms-transform:scaleY(-1);transform:scaleY(-1)}:root .fa-flip-horizontal,:root .fa-flip-vertical,:root .fa-rotate-90,:root .fa-rotate-180,:root .fa-rotate-270{filter:none}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:""}.fa-music:before{content:"ï€"}.fa-search:before,.icon-search:before{content:""}.fa-envelope-o:before{content:""}.fa-heart:before{content:""}.fa-star:before{content:""}.fa-star-o:before{content:""}.fa-user:before{content:""}.fa-film:before{content:""}.fa-th-large:before{content:""}.fa-th:before{content:""}.fa-th-list:before{content:""}.fa-check:before{content:""}.fa-close:before,.fa-remove:before,.fa-times:before{content:"ï€"}.fa-search-plus:before{content:""}.fa-search-minus:before{content:"ï€"}.fa-power-off:before{content:""}.fa-signal:before{content:""}.fa-cog:before,.fa-gear:before{content:""}.fa-trash-o:before{content:""}.fa-home:before,.icon-home:before{content:""}.fa-file-o:before{content:""}.fa-clock-o:before{content:""}.fa-road:before{content:""}.fa-download:before,.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{content:""}.fa-arrow-circle-o-down:before{content:""}.fa-arrow-circle-o-up:before{content:""}.fa-inbox:before{content:""}.fa-play-circle-o:before{content:"ï€"}.fa-repeat:before,.fa-rotate-right:before{content:""}.fa-refresh:before{content:""}.fa-list-alt:before{content:""}.fa-lock:before{content:""}.fa-flag:before{content:""}.fa-headphones:before{content:""}.fa-volume-off:before{content:""}.fa-volume-down:before{content:""}.fa-volume-up:before{content:""}.fa-qrcode:before{content:""}.fa-barcode:before{content:""}.fa-tag:before{content:""}.fa-tags:before{content:""}.fa-book:before,.icon-book:before{content:""}.fa-bookmark:before{content:""}.fa-print:before{content:""}.fa-camera:before{content:""}.fa-font:before{content:""}.fa-bold:before{content:""}.fa-italic:before{content:""}.fa-text-height:before{content:""}.fa-text-width:before{content:""}.fa-align-left:before{content:""}.fa-align-center:before{content:""}.fa-align-right:before{content:""}.fa-align-justify:before{content:""}.fa-list:before{content:""}.fa-dedent:before,.fa-outdent:before{content:""}.fa-indent:before{content:""}.fa-video-camera:before{content:""}.fa-image:before,.fa-photo:before,.fa-picture-o:before{content:""}.fa-pencil:before{content:"ï€"}.fa-map-marker:before{content:"ï"}.fa-adjust:before{content:"ï‚"}.fa-tint:before{content:"ïƒ"}.fa-edit:before,.fa-pencil-square-o:before{content:"ï„"}.fa-share-square-o:before{content:"ï…"}.fa-check-square-o:before{content:"ï†"}.fa-arrows:before{content:"ï‡"}.fa-step-backward:before{content:"ïˆ"}.fa-fast-backward:before{content:"ï‰"}.fa-backward:before{content:"ïŠ"}.fa-play:before{content:"ï‹"}.fa-pause:before{content:"ïŒ"}.fa-stop:before{content:"ï"}.fa-forward:before{content:"ïŽ"}.fa-fast-forward:before{content:"ï"}.fa-step-forward:before{content:"ï‘"}.fa-eject:before{content:"ï’"}.fa-chevron-left:before{content:"ï“"}.fa-chevron-right:before{content:"ï”"}.fa-plus-circle:before{content:"ï•"}.fa-minus-circle:before{content:"ï–"}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:"ï—"}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:"ï˜"}.fa-question-circle:before{content:"ï™"}.fa-info-circle:before{content:"ïš"}.fa-crosshairs:before{content:"ï›"}.fa-times-circle-o:before{content:"ïœ"}.fa-check-circle-o:before{content:"ï"}.fa-ban:before{content:"ïž"}.fa-arrow-left:before{content:"ï "}.fa-arrow-right:before{content:"ï¡"}.fa-arrow-up:before{content:"ï¢"}.fa-arrow-down:before{content:"ï£"}.fa-mail-forward:before,.fa-share:before{content:"ï¤"}.fa-expand:before{content:"ï¥"}.fa-compress:before{content:"ï¦"}.fa-plus:before{content:"ï§"}.fa-minus:before{content:"ï¨"}.fa-asterisk:before{content:"ï©"}.fa-exclamation-circle:before,.rst-content .admonition-title:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before{content:"ïª"}.fa-gift:before{content:"ï«"}.fa-leaf:before{content:"ï¬"}.fa-fire:before,.icon-fire:before{content:"ï­"}.fa-eye:before{content:"ï®"}.fa-eye-slash:before{content:"ï°"}.fa-exclamation-triangle:before,.fa-warning:before{content:"ï±"}.fa-plane:before{content:"ï²"}.fa-calendar:before{content:"ï³"}.fa-random:before{content:"ï´"}.fa-comment:before{content:"ïµ"}.fa-magnet:before{content:"ï¶"}.fa-chevron-up:before{content:"ï·"}.fa-chevron-down:before{content:"ï¸"}.fa-retweet:before{content:"ï¹"}.fa-shopping-cart:before{content:"ïº"}.fa-folder:before{content:"ï»"}.fa-folder-open:before{content:"ï¼"}.fa-arrows-v:before{content:"ï½"}.fa-arrows-h:before{content:"ï¾"}.fa-bar-chart-o:before,.fa-bar-chart:before{content:"ï‚€"}.fa-twitter-square:before{content:"ï‚"}.fa-facebook-square:before{content:"ï‚‚"}.fa-camera-retro:before{content:""}.fa-key:before{content:"ï‚„"}.fa-cogs:before,.fa-gears:before{content:"ï‚…"}.fa-comments:before{content:""}.fa-thumbs-o-up:before{content:""}.fa-thumbs-o-down:before{content:""}.fa-star-half:before{content:""}.fa-heart-o:before{content:""}.fa-sign-out:before{content:"ï‚‹"}.fa-linkedin-square:before{content:""}.fa-thumb-tack:before{content:"ï‚"}.fa-external-link:before{content:""}.fa-sign-in:before{content:"ï‚"}.fa-trophy:before{content:"ï‚‘"}.fa-github-square:before{content:"ï‚’"}.fa-upload:before{content:"ï‚“"}.fa-lemon-o:before{content:"ï‚”"}.fa-phone:before{content:"ï‚•"}.fa-square-o:before{content:"ï‚–"}.fa-bookmark-o:before{content:"ï‚—"}.fa-phone-square:before{content:""}.fa-twitter:before{content:"ï‚™"}.fa-facebook-f:before,.fa-facebook:before{content:""}.fa-github:before,.icon-github:before{content:"ï‚›"}.fa-unlock:before{content:""}.fa-credit-card:before{content:"ï‚"}.fa-feed:before,.fa-rss:before{content:""}.fa-hdd-o:before{content:"ï‚ "}.fa-bullhorn:before{content:"ï‚¡"}.fa-bell:before{content:""}.fa-certificate:before{content:"ï‚£"}.fa-hand-o-right:before{content:""}.fa-hand-o-left:before{content:"ï‚¥"}.fa-hand-o-up:before{content:""}.fa-hand-o-down:before{content:"ï‚§"}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:""}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:"ï‚©"}.fa-arrow-circle-up:before{content:""}.fa-arrow-circle-down:before{content:"ï‚«"}.fa-globe:before{content:""}.fa-wrench:before{content:"ï‚­"}.fa-tasks:before{content:"ï‚®"}.fa-filter:before{content:"ï‚°"}.fa-briefcase:before{content:""}.fa-arrows-alt:before{content:""}.fa-group:before,.fa-users:before{content:""}.fa-chain:before,.fa-link:before,.icon-link:before{content:"ïƒ"}.fa-cloud:before{content:""}.fa-flask:before{content:""}.fa-cut:before,.fa-scissors:before{content:""}.fa-copy:before,.fa-files-o:before{content:""}.fa-paperclip:before{content:""}.fa-floppy-o:before,.fa-save:before{content:""}.fa-square:before{content:""}.fa-bars:before,.fa-navicon:before,.fa-reorder:before{content:""}.fa-list-ul:before{content:""}.fa-list-ol:before{content:""}.fa-strikethrough:before{content:""}.fa-underline:before{content:"ïƒ"}.fa-table:before{content:""}.fa-magic:before{content:"ïƒ"}.fa-truck:before{content:""}.fa-pinterest:before{content:""}.fa-pinterest-square:before{content:""}.fa-google-plus-square:before{content:""}.fa-google-plus:before{content:""}.fa-money:before{content:""}.fa-caret-down:before,.icon-caret-down:before,.wy-dropdown .caret:before{content:""}.fa-caret-up:before{content:""}.fa-caret-left:before{content:""}.fa-caret-right:before{content:""}.fa-columns:before{content:""}.fa-sort:before,.fa-unsorted:before{content:""}.fa-sort-desc:before,.fa-sort-down:before{content:"ïƒ"}.fa-sort-asc:before,.fa-sort-up:before{content:""}.fa-envelope:before{content:""}.fa-linkedin:before{content:""}.fa-rotate-left:before,.fa-undo:before{content:""}.fa-gavel:before,.fa-legal:before{content:""}.fa-dashboard:before,.fa-tachometer:before{content:""}.fa-comment-o:before{content:""}.fa-comments-o:before{content:""}.fa-bolt:before,.fa-flash:before{content:""}.fa-sitemap:before{content:""}.fa-umbrella:before{content:""}.fa-clipboard:before,.fa-paste:before{content:""}.fa-lightbulb-o:before{content:""}.fa-exchange:before{content:""}.fa-cloud-download:before{content:""}.fa-cloud-upload:before{content:""}.fa-user-md:before{content:""}.fa-stethoscope:before{content:""}.fa-suitcase:before{content:""}.fa-bell-o:before{content:"ï‚¢"}.fa-coffee:before{content:""}.fa-cutlery:before{content:""}.fa-file-text-o:before{content:""}.fa-building-o:before{content:""}.fa-hospital-o:before{content:""}.fa-ambulance:before{content:""}.fa-medkit:before{content:""}.fa-fighter-jet:before{content:""}.fa-beer:before{content:""}.fa-h-square:before{content:""}.fa-plus-square:before{content:""}.fa-angle-double-left:before{content:"ï„€"}.fa-angle-double-right:before{content:"ï„"}.fa-angle-double-up:before{content:"ï„‚"}.fa-angle-double-down:before{content:""}.fa-angle-left:before{content:"ï„„"}.fa-angle-right:before{content:"ï„…"}.fa-angle-up:before{content:""}.fa-angle-down:before{content:""}.fa-desktop:before{content:""}.fa-laptop:before{content:""}.fa-tablet:before{content:""}.fa-mobile-phone:before,.fa-mobile:before{content:"ï„‹"}.fa-circle-o:before{content:""}.fa-quote-left:before{content:"ï„"}.fa-quote-right:before{content:""}.fa-spinner:before{content:"ï„"}.fa-circle:before{content:"ï„‘"}.fa-mail-reply:before,.fa-reply:before{content:"ï„’"}.fa-github-alt:before{content:"ï„“"}.fa-folder-o:before{content:"ï„”"}.fa-folder-open-o:before{content:"ï„•"}.fa-smile-o:before{content:""}.fa-frown-o:before{content:"ï„™"}.fa-meh-o:before{content:""}.fa-gamepad:before{content:"ï„›"}.fa-keyboard-o:before{content:""}.fa-flag-o:before{content:"ï„"}.fa-flag-checkered:before{content:""}.fa-terminal:before{content:"ï„ "}.fa-code:before{content:"ï„¡"}.fa-mail-reply-all:before,.fa-reply-all:before{content:"ï„¢"}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:"ï„£"}.fa-location-arrow:before{content:""}.fa-crop:before{content:"ï„¥"}.fa-code-fork:before{content:""}.fa-chain-broken:before,.fa-unlink:before{content:"ï„§"}.fa-question:before{content:""}.fa-info:before{content:"ï„©"}.fa-exclamation:before{content:""}.fa-superscript:before{content:"ï„«"}.fa-subscript:before{content:""}.fa-eraser:before{content:"ï„­"}.fa-puzzle-piece:before{content:"ï„®"}.fa-microphone:before{content:"ï„°"}.fa-microphone-slash:before{content:""}.fa-shield:before{content:""}.fa-calendar-o:before{content:""}.fa-fire-extinguisher:before{content:"ï„´"}.fa-rocket:before{content:""}.fa-maxcdn:before{content:"ï„¶"}.fa-chevron-circle-left:before{content:"ï„·"}.fa-chevron-circle-right:before{content:""}.fa-chevron-circle-up:before{content:""}.fa-chevron-circle-down:before{content:""}.fa-html5:before{content:"ï„»"}.fa-css3:before{content:""}.fa-anchor:before{content:""}.fa-unlock-alt:before{content:""}.fa-bullseye:before{content:"ï…€"}.fa-ellipsis-h:before{content:"ï…"}.fa-ellipsis-v:before{content:"ï…‚"}.fa-rss-square:before{content:"ï…ƒ"}.fa-play-circle:before{content:"ï…„"}.fa-ticket:before{content:"ï……"}.fa-minus-square:before{content:"ï…†"}.fa-minus-square-o:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before{content:"ï…‡"}.fa-level-up:before{content:"ï…ˆ"}.fa-level-down:before{content:"ï…‰"}.fa-check-square:before{content:"ï…Š"}.fa-pencil-square:before{content:"ï…‹"}.fa-external-link-square:before{content:"ï…Œ"}.fa-share-square:before{content:"ï…"}.fa-compass:before{content:"ï…Ž"}.fa-caret-square-o-down:before,.fa-toggle-down:before{content:"ï…"}.fa-caret-square-o-up:before,.fa-toggle-up:before{content:"ï…‘"}.fa-caret-square-o-right:before,.fa-toggle-right:before{content:"ï…’"}.fa-eur:before,.fa-euro:before{content:"ï…“"}.fa-gbp:before{content:"ï…”"}.fa-dollar:before,.fa-usd:before{content:"ï…•"}.fa-inr:before,.fa-rupee:before{content:"ï…–"}.fa-cny:before,.fa-jpy:before,.fa-rmb:before,.fa-yen:before{content:"ï…—"}.fa-rouble:before,.fa-rub:before,.fa-ruble:before{content:"ï…˜"}.fa-krw:before,.fa-won:before{content:"ï…™"}.fa-bitcoin:before,.fa-btc:before{content:"ï…š"}.fa-file:before{content:"ï…›"}.fa-file-text:before{content:"ï…œ"}.fa-sort-alpha-asc:before{content:"ï…"}.fa-sort-alpha-desc:before{content:"ï…ž"}.fa-sort-amount-asc:before{content:"ï… "}.fa-sort-amount-desc:before{content:"ï…¡"}.fa-sort-numeric-asc:before{content:"ï…¢"}.fa-sort-numeric-desc:before{content:"ï…£"}.fa-thumbs-up:before{content:"ï…¤"}.fa-thumbs-down:before{content:"ï…¥"}.fa-youtube-square:before{content:"ï…¦"}.fa-youtube:before{content:"ï…§"}.fa-xing:before{content:"ï…¨"}.fa-xing-square:before{content:"ï…©"}.fa-youtube-play:before{content:"ï…ª"}.fa-dropbox:before{content:"ï…«"}.fa-stack-overflow:before{content:"ï…¬"}.fa-instagram:before{content:"ï…­"}.fa-flickr:before{content:"ï…®"}.fa-adn:before{content:"ï…°"}.fa-bitbucket:before,.icon-bitbucket:before{content:"ï…±"}.fa-bitbucket-square:before{content:"ï…²"}.fa-tumblr:before{content:"ï…³"}.fa-tumblr-square:before{content:"ï…´"}.fa-long-arrow-down:before{content:"ï…µ"}.fa-long-arrow-up:before{content:"ï…¶"}.fa-long-arrow-left:before{content:"ï…·"}.fa-long-arrow-right:before{content:"ï…¸"}.fa-apple:before{content:"ï…¹"}.fa-windows:before{content:"ï…º"}.fa-android:before{content:"ï…»"}.fa-linux:before{content:"ï…¼"}.fa-dribbble:before{content:"ï…½"}.fa-skype:before{content:"ï…¾"}.fa-foursquare:before{content:""}.fa-trello:before{content:"ï†"}.fa-female:before{content:""}.fa-male:before{content:""}.fa-gittip:before,.fa-gratipay:before{content:""}.fa-sun-o:before{content:""}.fa-moon-o:before{content:""}.fa-archive:before{content:""}.fa-bug:before{content:""}.fa-vk:before{content:""}.fa-weibo:before{content:""}.fa-renren:before{content:""}.fa-pagelines:before{content:""}.fa-stack-exchange:before{content:"ï†"}.fa-arrow-circle-o-right:before{content:""}.fa-arrow-circle-o-left:before{content:"ï†"}.fa-caret-square-o-left:before,.fa-toggle-left:before{content:""}.fa-dot-circle-o:before{content:""}.fa-wheelchair:before{content:""}.fa-vimeo-square:before{content:""}.fa-try:before,.fa-turkish-lira:before{content:""}.fa-plus-square-o:before,.wy-menu-vertical li button.toctree-expand:before{content:""}.fa-space-shuttle:before{content:""}.fa-slack:before{content:""}.fa-envelope-square:before{content:""}.fa-wordpress:before{content:""}.fa-openid:before{content:""}.fa-bank:before,.fa-institution:before,.fa-university:before{content:""}.fa-graduation-cap:before,.fa-mortar-board:before{content:"ï†"}.fa-yahoo:before{content:""}.fa-google:before{content:""}.fa-reddit:before{content:""}.fa-reddit-square:before{content:""}.fa-stumbleupon-circle:before{content:""}.fa-stumbleupon:before{content:""}.fa-delicious:before{content:""}.fa-digg:before{content:""}.fa-pied-piper-pp:before{content:""}.fa-pied-piper-alt:before{content:""}.fa-drupal:before{content:""}.fa-joomla:before{content:""}.fa-language:before{content:""}.fa-fax:before{content:""}.fa-building:before{content:""}.fa-child:before{content:""}.fa-paw:before{content:""}.fa-spoon:before{content:""}.fa-cube:before{content:""}.fa-cubes:before{content:""}.fa-behance:before{content:""}.fa-behance-square:before{content:""}.fa-steam:before{content:""}.fa-steam-square:before{content:""}.fa-recycle:before{content:""}.fa-automobile:before,.fa-car:before{content:""}.fa-cab:before,.fa-taxi:before{content:""}.fa-tree:before{content:""}.fa-spotify:before{content:""}.fa-deviantart:before{content:""}.fa-soundcloud:before{content:""}.fa-database:before{content:""}.fa-file-pdf-o:before{content:"ï‡"}.fa-file-word-o:before{content:""}.fa-file-excel-o:before{content:""}.fa-file-powerpoint-o:before{content:""}.fa-file-image-o:before,.fa-file-photo-o:before,.fa-file-picture-o:before{content:""}.fa-file-archive-o:before,.fa-file-zip-o:before{content:""}.fa-file-audio-o:before,.fa-file-sound-o:before{content:""}.fa-file-movie-o:before,.fa-file-video-o:before{content:""}.fa-file-code-o:before{content:""}.fa-vine:before{content:""}.fa-codepen:before{content:""}.fa-jsfiddle:before{content:""}.fa-life-bouy:before,.fa-life-buoy:before,.fa-life-ring:before,.fa-life-saver:before,.fa-support:before{content:"ï‡"}.fa-circle-o-notch:before{content:""}.fa-ra:before,.fa-rebel:before,.fa-resistance:before{content:"ï‡"}.fa-empire:before,.fa-ge:before{content:""}.fa-git-square:before{content:""}.fa-git:before{content:""}.fa-hacker-news:before,.fa-y-combinator-square:before,.fa-yc-square:before{content:""}.fa-tencent-weibo:before{content:""}.fa-qq:before{content:""}.fa-wechat:before,.fa-weixin:before{content:""}.fa-paper-plane:before,.fa-send:before{content:""}.fa-paper-plane-o:before,.fa-send-o:before{content:""}.fa-history:before{content:""}.fa-circle-thin:before{content:""}.fa-header:before{content:""}.fa-paragraph:before{content:"ï‡"}.fa-sliders:before{content:""}.fa-share-alt:before{content:""}.fa-share-alt-square:before{content:""}.fa-bomb:before{content:""}.fa-futbol-o:before,.fa-soccer-ball-o:before{content:""}.fa-tty:before{content:""}.fa-binoculars:before{content:""}.fa-plug:before{content:""}.fa-slideshare:before{content:""}.fa-twitch:before{content:""}.fa-yelp:before{content:""}.fa-newspaper-o:before{content:""}.fa-wifi:before{content:""}.fa-calculator:before{content:""}.fa-paypal:before{content:""}.fa-google-wallet:before{content:""}.fa-cc-visa:before{content:""}.fa-cc-mastercard:before{content:""}.fa-cc-discover:before{content:""}.fa-cc-amex:before{content:""}.fa-cc-paypal:before{content:""}.fa-cc-stripe:before{content:""}.fa-bell-slash:before{content:""}.fa-bell-slash-o:before{content:""}.fa-trash:before{content:""}.fa-copyright:before{content:""}.fa-at:before{content:""}.fa-eyedropper:before{content:""}.fa-paint-brush:before{content:""}.fa-birthday-cake:before{content:""}.fa-area-chart:before{content:""}.fa-pie-chart:before{content:""}.fa-line-chart:before{content:"ïˆ"}.fa-lastfm:before{content:""}.fa-lastfm-square:before{content:""}.fa-toggle-off:before{content:""}.fa-toggle-on:before{content:""}.fa-bicycle:before{content:""}.fa-bus:before{content:""}.fa-ioxhost:before{content:""}.fa-angellist:before{content:""}.fa-cc:before{content:""}.fa-ils:before,.fa-shekel:before,.fa-sheqel:before{content:""}.fa-meanpath:before{content:""}.fa-buysellads:before{content:"ïˆ"}.fa-connectdevelop:before{content:""}.fa-dashcube:before{content:"ïˆ"}.fa-forumbee:before{content:""}.fa-leanpub:before{content:""}.fa-sellsy:before{content:""}.fa-shirtsinbulk:before{content:""}.fa-simplybuilt:before{content:""}.fa-skyatlas:before{content:""}.fa-cart-plus:before{content:""}.fa-cart-arrow-down:before{content:""}.fa-diamond:before{content:""}.fa-ship:before{content:""}.fa-user-secret:before{content:""}.fa-motorcycle:before{content:""}.fa-street-view:before{content:"ïˆ"}.fa-heartbeat:before{content:""}.fa-venus:before{content:""}.fa-mars:before{content:""}.fa-mercury:before{content:""}.fa-intersex:before,.fa-transgender:before{content:""}.fa-transgender-alt:before{content:""}.fa-venus-double:before{content:""}.fa-mars-double:before{content:""}.fa-venus-mars:before{content:""}.fa-mars-stroke:before{content:""}.fa-mars-stroke-v:before{content:""}.fa-mars-stroke-h:before{content:""}.fa-neuter:before{content:""}.fa-genderless:before{content:""}.fa-facebook-official:before{content:""}.fa-pinterest-p:before{content:""}.fa-whatsapp:before{content:""}.fa-server:before{content:""}.fa-user-plus:before{content:""}.fa-user-times:before{content:""}.fa-bed:before,.fa-hotel:before{content:""}.fa-viacoin:before{content:""}.fa-train:before{content:""}.fa-subway:before{content:""}.fa-medium:before{content:""}.fa-y-combinator:before,.fa-yc:before{content:""}.fa-optin-monster:before{content:""}.fa-opencart:before{content:""}.fa-expeditedssl:before{content:""}.fa-battery-4:before,.fa-battery-full:before,.fa-battery:before{content:""}.fa-battery-3:before,.fa-battery-three-quarters:before{content:"ï‰"}.fa-battery-2:before,.fa-battery-half:before{content:""}.fa-battery-1:before,.fa-battery-quarter:before{content:""}.fa-battery-0:before,.fa-battery-empty:before{content:""}.fa-mouse-pointer:before{content:""}.fa-i-cursor:before{content:""}.fa-object-group:before{content:""}.fa-object-ungroup:before{content:""}.fa-sticky-note:before{content:""}.fa-sticky-note-o:before{content:""}.fa-cc-jcb:before{content:""}.fa-cc-diners-club:before{content:""}.fa-clone:before{content:"ï‰"}.fa-balance-scale:before{content:""}.fa-hourglass-o:before{content:"ï‰"}.fa-hourglass-1:before,.fa-hourglass-start:before{content:""}.fa-hourglass-2:before,.fa-hourglass-half:before{content:""}.fa-hourglass-3:before,.fa-hourglass-end:before{content:""}.fa-hourglass:before{content:""}.fa-hand-grab-o:before,.fa-hand-rock-o:before{content:""}.fa-hand-paper-o:before,.fa-hand-stop-o:before{content:""}.fa-hand-scissors-o:before{content:""}.fa-hand-lizard-o:before{content:""}.fa-hand-spock-o:before{content:""}.fa-hand-pointer-o:before{content:""}.fa-hand-peace-o:before{content:""}.fa-trademark:before{content:""}.fa-registered:before{content:"ï‰"}.fa-creative-commons:before{content:""}.fa-gg:before{content:""}.fa-gg-circle:before{content:""}.fa-tripadvisor:before{content:""}.fa-odnoklassniki:before{content:""}.fa-odnoklassniki-square:before{content:""}.fa-get-pocket:before{content:""}.fa-wikipedia-w:before{content:""}.fa-safari:before{content:""}.fa-chrome:before{content:""}.fa-firefox:before{content:""}.fa-opera:before{content:""}.fa-internet-explorer:before{content:""}.fa-television:before,.fa-tv:before{content:""}.fa-contao:before{content:""}.fa-500px:before{content:""}.fa-amazon:before{content:""}.fa-calendar-plus-o:before{content:""}.fa-calendar-minus-o:before{content:""}.fa-calendar-times-o:before{content:""}.fa-calendar-check-o:before{content:""}.fa-industry:before{content:""}.fa-map-pin:before{content:""}.fa-map-signs:before{content:""}.fa-map-o:before{content:""}.fa-map:before{content:""}.fa-commenting:before{content:""}.fa-commenting-o:before{content:""}.fa-houzz:before{content:""}.fa-vimeo:before{content:""}.fa-black-tie:before{content:""}.fa-fonticons:before{content:""}.fa-reddit-alien:before{content:"ïŠ"}.fa-edge:before{content:""}.fa-credit-card-alt:before{content:""}.fa-codiepie:before{content:""}.fa-modx:before{content:""}.fa-fort-awesome:before{content:""}.fa-usb:before{content:""}.fa-product-hunt:before{content:""}.fa-mixcloud:before{content:""}.fa-scribd:before{content:""}.fa-pause-circle:before{content:""}.fa-pause-circle-o:before{content:""}.fa-stop-circle:before{content:"ïŠ"}.fa-stop-circle-o:before{content:""}.fa-shopping-bag:before{content:"ïŠ"}.fa-shopping-basket:before{content:""}.fa-hashtag:before{content:""}.fa-bluetooth:before{content:""}.fa-bluetooth-b:before{content:""}.fa-percent:before{content:""}.fa-gitlab:before,.icon-gitlab:before{content:""}.fa-wpbeginner:before{content:""}.fa-wpforms:before{content:""}.fa-envira:before{content:""}.fa-universal-access:before{content:""}.fa-wheelchair-alt:before{content:""}.fa-question-circle-o:before{content:""}.fa-blind:before{content:"ïŠ"}.fa-audio-description:before{content:""}.fa-volume-control-phone:before{content:""}.fa-braille:before{content:""}.fa-assistive-listening-systems:before{content:""}.fa-american-sign-language-interpreting:before,.fa-asl-interpreting:before{content:""}.fa-deaf:before,.fa-deafness:before,.fa-hard-of-hearing:before{content:""}.fa-glide:before{content:""}.fa-glide-g:before{content:""}.fa-sign-language:before,.fa-signing:before{content:""}.fa-low-vision:before{content:""}.fa-viadeo:before{content:""}.fa-viadeo-square:before{content:""}.fa-snapchat:before{content:""}.fa-snapchat-ghost:before{content:""}.fa-snapchat-square:before{content:""}.fa-pied-piper:before{content:""}.fa-first-order:before{content:""}.fa-yoast:before{content:""}.fa-themeisle:before{content:""}.fa-google-plus-circle:before,.fa-google-plus-official:before{content:""}.fa-fa:before,.fa-font-awesome:before{content:""}.fa-handshake-o:before{content:""}.fa-envelope-open:before{content:""}.fa-envelope-open-o:before{content:""}.fa-linode:before{content:""}.fa-address-book:before{content:""}.fa-address-book-o:before{content:""}.fa-address-card:before,.fa-vcard:before{content:""}.fa-address-card-o:before,.fa-vcard-o:before{content:""}.fa-user-circle:before{content:""}.fa-user-circle-o:before{content:""}.fa-user-o:before{content:"ï‹€"}.fa-id-badge:before{content:"ï‹"}.fa-drivers-license:before,.fa-id-card:before{content:"ï‹‚"}.fa-drivers-license-o:before,.fa-id-card-o:before{content:""}.fa-quora:before{content:"ï‹„"}.fa-free-code-camp:before{content:"ï‹…"}.fa-telegram:before{content:""}.fa-thermometer-4:before,.fa-thermometer-full:before,.fa-thermometer:before{content:""}.fa-thermometer-3:before,.fa-thermometer-three-quarters:before{content:""}.fa-thermometer-2:before,.fa-thermometer-half:before{content:""}.fa-thermometer-1:before,.fa-thermometer-quarter:before{content:""}.fa-thermometer-0:before,.fa-thermometer-empty:before{content:"ï‹‹"}.fa-shower:before{content:""}.fa-bath:before,.fa-bathtub:before,.fa-s15:before{content:"ï‹"}.fa-podcast:before{content:""}.fa-window-maximize:before{content:"ï‹"}.fa-window-minimize:before{content:"ï‹‘"}.fa-window-restore:before{content:"ï‹’"}.fa-times-rectangle:before,.fa-window-close:before{content:"ï‹“"}.fa-times-rectangle-o:before,.fa-window-close-o:before{content:"ï‹”"}.fa-bandcamp:before{content:"ï‹•"}.fa-grav:before{content:"ï‹–"}.fa-etsy:before{content:"ï‹—"}.fa-imdb:before{content:""}.fa-ravelry:before{content:"ï‹™"}.fa-eercast:before{content:""}.fa-microchip:before{content:"ï‹›"}.fa-snowflake-o:before{content:""}.fa-superpowers:before{content:"ï‹"}.fa-wpexplorer:before{content:""}.fa-meetup:before{content:"ï‹ "}.sr-only{position:absolute;width:1px;height:1px;padding:0;margin:-1px;overflow:hidden;clip:rect(0,0,0,0);border:0}.sr-only-focusable:active,.sr-only-focusable:focus{position:static;width:auto;height:auto;margin:0;overflow:visible;clip:auto}.fa,.icon,.rst-content .admonition-title,.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content code.download span:first-child,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink,.rst-content tt.download span:first-child,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li button.toctree-expand{font-family:inherit}.fa:before,.icon:before,.rst-content .admonition-title:before,.rst-content .code-block-caption .headerlink:before,.rst-content .eqno .headerlink:before,.rst-content code.download span:first-child:before,.rst-content dl dt .headerlink:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content p.caption .headerlink:before,.rst-content p .headerlink:before,.rst-content table>caption .headerlink:before,.rst-content tt.download span:first-child:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-menu-vertical li.current>a button.toctree-expand:before,.wy-menu-vertical li.on a button.toctree-expand:before,.wy-menu-vertical li button.toctree-expand:before{font-family:FontAwesome;display:inline-block;font-style:normal;font-weight:400;line-height:1;text-decoration:inherit}.rst-content .code-block-caption a .headerlink,.rst-content .eqno a .headerlink,.rst-content a .admonition-title,.rst-content code.download a span:first-child,.rst-content dl dt a .headerlink,.rst-content h1 a .headerlink,.rst-content h2 a .headerlink,.rst-content h3 a .headerlink,.rst-content h4 a .headerlink,.rst-content h5 a .headerlink,.rst-content h6 a .headerlink,.rst-content p.caption a .headerlink,.rst-content p a .headerlink,.rst-content table>caption a .headerlink,.rst-content tt.download a span:first-child,.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand,.wy-menu-vertical li a button.toctree-expand,a .fa,a .icon,a .rst-content .admonition-title,a .rst-content .code-block-caption .headerlink,a .rst-content .eqno .headerlink,a .rst-content code.download span:first-child,a .rst-content dl dt .headerlink,a .rst-content h1 .headerlink,a .rst-content h2 .headerlink,a .rst-content h3 .headerlink,a .rst-content h4 .headerlink,a .rst-content h5 .headerlink,a .rst-content h6 .headerlink,a .rst-content p.caption .headerlink,a .rst-content p .headerlink,a .rst-content table>caption .headerlink,a .rst-content tt.download span:first-child,a .wy-menu-vertical li button.toctree-expand{display:inline-block;text-decoration:inherit}.btn .fa,.btn .icon,.btn .rst-content .admonition-title,.btn .rst-content .code-block-caption .headerlink,.btn .rst-content .eqno .headerlink,.btn .rst-content code.download span:first-child,.btn .rst-content dl dt .headerlink,.btn .rst-content h1 .headerlink,.btn .rst-content h2 .headerlink,.btn .rst-content h3 .headerlink,.btn .rst-content h4 .headerlink,.btn .rst-content h5 .headerlink,.btn .rst-content h6 .headerlink,.btn .rst-content p .headerlink,.btn .rst-content table>caption .headerlink,.btn .rst-content tt.download span:first-child,.btn .wy-menu-vertical li.current>a button.toctree-expand,.btn .wy-menu-vertical li.on a button.toctree-expand,.btn .wy-menu-vertical li button.toctree-expand,.nav .fa,.nav .icon,.nav .rst-content .admonition-title,.nav .rst-content .code-block-caption .headerlink,.nav .rst-content .eqno .headerlink,.nav .rst-content code.download span:first-child,.nav .rst-content dl dt .headerlink,.nav .rst-content h1 .headerlink,.nav .rst-content h2 .headerlink,.nav .rst-content h3 .headerlink,.nav .rst-content h4 .headerlink,.nav .rst-content h5 .headerlink,.nav .rst-content h6 .headerlink,.nav .rst-content p .headerlink,.nav .rst-content table>caption .headerlink,.nav .rst-content tt.download span:first-child,.nav .wy-menu-vertical li.current>a button.toctree-expand,.nav .wy-menu-vertical li.on a button.toctree-expand,.nav .wy-menu-vertical li button.toctree-expand,.rst-content .btn .admonition-title,.rst-content .code-block-caption .btn .headerlink,.rst-content .code-block-caption .nav .headerlink,.rst-content .eqno .btn .headerlink,.rst-content .eqno .nav .headerlink,.rst-content .nav .admonition-title,.rst-content code.download .btn span:first-child,.rst-content code.download .nav span:first-child,.rst-content dl dt .btn .headerlink,.rst-content dl dt .nav .headerlink,.rst-content h1 .btn .headerlink,.rst-content h1 .nav .headerlink,.rst-content h2 .btn .headerlink,.rst-content h2 .nav .headerlink,.rst-content h3 .btn .headerlink,.rst-content h3 .nav .headerlink,.rst-content h4 .btn .headerlink,.rst-content h4 .nav .headerlink,.rst-content h5 .btn .headerlink,.rst-content h5 .nav .headerlink,.rst-content h6 .btn .headerlink,.rst-content h6 .nav .headerlink,.rst-content p .btn .headerlink,.rst-content p .nav .headerlink,.rst-content table>caption .btn .headerlink,.rst-content table>caption .nav .headerlink,.rst-content tt.download .btn span:first-child,.rst-content tt.download .nav span:first-child,.wy-menu-vertical li .btn button.toctree-expand,.wy-menu-vertical li.current>a .btn button.toctree-expand,.wy-menu-vertical li.current>a .nav button.toctree-expand,.wy-menu-vertical li .nav button.toctree-expand,.wy-menu-vertical li.on a .btn button.toctree-expand,.wy-menu-vertical li.on a .nav button.toctree-expand{display:inline}.btn .fa-large.icon,.btn .fa.fa-large,.btn .rst-content .code-block-caption .fa-large.headerlink,.btn .rst-content .eqno .fa-large.headerlink,.btn .rst-content .fa-large.admonition-title,.btn .rst-content code.download span.fa-large:first-child,.btn .rst-content dl dt .fa-large.headerlink,.btn .rst-content h1 .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.btn .rst-content p .fa-large.headerlink,.btn .rst-content table>caption .fa-large.headerlink,.btn .rst-content tt.download span.fa-large:first-child,.btn .wy-menu-vertical li button.fa-large.toctree-expand,.nav .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .code-block-caption .fa-large.headerlink,.nav .rst-content .eqno .fa-large.headerlink,.nav .rst-content .fa-large.admonition-title,.nav .rst-content code.download span.fa-large:first-child,.nav .rst-content dl dt .fa-large.headerlink,.nav .rst-content h1 .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.nav .rst-content p .fa-large.headerlink,.nav .rst-content table>caption .fa-large.headerlink,.nav .rst-content tt.download span.fa-large:first-child,.nav .wy-menu-vertical li button.fa-large.toctree-expand,.rst-content .btn .fa-large.admonition-title,.rst-content .code-block-caption .btn .fa-large.headerlink,.rst-content .code-block-caption .nav .fa-large.headerlink,.rst-content .eqno .btn .fa-large.headerlink,.rst-content .eqno .nav .fa-large.headerlink,.rst-content .nav .fa-large.admonition-title,.rst-content code.download .btn span.fa-large:first-child,.rst-content code.download .nav span.fa-large:first-child,.rst-content dl dt .btn .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.rst-content p .btn .fa-large.headerlink,.rst-content p .nav .fa-large.headerlink,.rst-content table>caption .btn .fa-large.headerlink,.rst-content table>caption .nav .fa-large.headerlink,.rst-content tt.download .btn span.fa-large:first-child,.rst-content tt.download .nav span.fa-large:first-child,.wy-menu-vertical li .btn button.fa-large.toctree-expand,.wy-menu-vertical li .nav button.fa-large.toctree-expand{line-height:.9em}.btn .fa-spin.icon,.btn .fa.fa-spin,.btn .rst-content .code-block-caption .fa-spin.headerlink,.btn .rst-content .eqno .fa-spin.headerlink,.btn .rst-content .fa-spin.admonition-title,.btn .rst-content code.download span.fa-spin:first-child,.btn .rst-content dl dt .fa-spin.headerlink,.btn .rst-content h1 .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.btn .rst-content p .fa-spin.headerlink,.btn .rst-content table>caption .fa-spin.headerlink,.btn .rst-content tt.download span.fa-spin:first-child,.btn .wy-menu-vertical li button.fa-spin.toctree-expand,.nav .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .code-block-caption .fa-spin.headerlink,.nav .rst-content .eqno .fa-spin.headerlink,.nav .rst-content .fa-spin.admonition-title,.nav .rst-content code.download span.fa-spin:first-child,.nav .rst-content dl dt .fa-spin.headerlink,.nav .rst-content h1 .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.nav .rst-content p .fa-spin.headerlink,.nav .rst-content table>caption .fa-spin.headerlink,.nav .rst-content tt.download span.fa-spin:first-child,.nav .wy-menu-vertical li button.fa-spin.toctree-expand,.rst-content .btn .fa-spin.admonition-title,.rst-content .code-block-caption .btn .fa-spin.headerlink,.rst-content .code-block-caption .nav .fa-spin.headerlink,.rst-content .eqno .btn .fa-spin.headerlink,.rst-content .eqno .nav .fa-spin.headerlink,.rst-content .nav .fa-spin.admonition-title,.rst-content code.download .btn span.fa-spin:first-child,.rst-content code.download .nav span.fa-spin:first-child,.rst-content dl dt .btn .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.rst-content p .btn .fa-spin.headerlink,.rst-content p .nav .fa-spin.headerlink,.rst-content table>caption .btn .fa-spin.headerlink,.rst-content table>caption .nav .fa-spin.headerlink,.rst-content tt.download .btn span.fa-spin:first-child,.rst-content tt.download .nav span.fa-spin:first-child,.wy-menu-vertical li .btn button.fa-spin.toctree-expand,.wy-menu-vertical li .nav button.fa-spin.toctree-expand{display:inline-block}.btn.fa:before,.btn.icon:before,.rst-content .btn.admonition-title:before,.rst-content .code-block-caption .btn.headerlink:before,.rst-content .eqno .btn.headerlink:before,.rst-content code.download span.btn:first-child:before,.rst-content dl dt .btn.headerlink:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content p .btn.headerlink:before,.rst-content table>caption .btn.headerlink:before,.rst-content tt.download span.btn:first-child:before,.wy-menu-vertical li button.btn.toctree-expand:before{opacity:.5;-webkit-transition:opacity .05s ease-in;-moz-transition:opacity .05s ease-in;transition:opacity .05s ease-in}.btn.fa:hover:before,.btn.icon:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content .code-block-caption .btn.headerlink:hover:before,.rst-content .eqno .btn.headerlink:hover:before,.rst-content code.download span.btn:first-child:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content p .btn.headerlink:hover:before,.rst-content table>caption .btn.headerlink:hover:before,.rst-content tt.download span.btn:first-child:hover:before,.wy-menu-vertical li button.btn.toctree-expand:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .icon:before,.btn-mini .rst-content .admonition-title:before,.btn-mini .rst-content .code-block-caption .headerlink:before,.btn-mini .rst-content .eqno .headerlink:before,.btn-mini .rst-content code.download span:first-child:before,.btn-mini .rst-content dl dt .headerlink:before,.btn-mini .rst-content h1 .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.btn-mini .rst-content p .headerlink:before,.btn-mini .rst-content table>caption .headerlink:before,.btn-mini .rst-content tt.download span:first-child:before,.btn-mini .wy-menu-vertical li button.toctree-expand:before,.rst-content .btn-mini .admonition-title:before,.rst-content .code-block-caption .btn-mini .headerlink:before,.rst-content .eqno .btn-mini .headerlink:before,.rst-content code.download .btn-mini span:first-child:before,.rst-content dl dt .btn-mini .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.rst-content p .btn-mini .headerlink:before,.rst-content table>caption .btn-mini .headerlink:before,.rst-content tt.download .btn-mini span:first-child:before,.wy-menu-vertical li .btn-mini button.toctree-expand:before{font-size:14px;vertical-align:-15%}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning,.wy-alert{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.rst-content .admonition-title,.wy-alert-title{font-weight:700;display:block;color:#fff;background:#6ab0de;padding:6px 12px;margin:-12px -12px 12px}.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.admonition,.rst-content .wy-alert-danger.admonition-todo,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.wy-alert.wy-alert-danger{background:#fdf3f2}.rst-content .danger .admonition-title,.rst-content .danger .wy-alert-title,.rst-content .error .admonition-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.rst-content .wy-alert-danger.admonition .admonition-title,.rst-content .wy-alert-danger.admonition .wy-alert-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.wy-alert.wy-alert-danger .wy-alert-title{background:#f29f97}.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .warning,.rst-content .wy-alert-warning.admonition,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.note,.rst-content .wy-alert-warning.seealso,.rst-content .wy-alert-warning.tip,.wy-alert.wy-alert-warning{background:#ffedcc}.rst-content .admonition-todo .admonition-title,.rst-content .admonition-todo .wy-alert-title,.rst-content .attention .admonition-title,.rst-content .attention .wy-alert-title,.rst-content .caution .admonition-title,.rst-content .caution .wy-alert-title,.rst-content .warning .admonition-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.admonition .admonition-title,.rst-content .wy-alert-warning.admonition .wy-alert-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.wy-alert.wy-alert-warning .wy-alert-title{background:#f0b37e}.rst-content .note,.rst-content .seealso,.rst-content .wy-alert-info.admonition,.rst-content .wy-alert-info.admonition-todo,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.wy-alert.wy-alert-info{background:#e7f2fa}.rst-content .note .admonition-title,.rst-content .note .wy-alert-title,.rst-content .seealso .admonition-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .admonition-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.rst-content .wy-alert-info.admonition .admonition-title,.rst-content .wy-alert-info.admonition .wy-alert-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.wy-alert.wy-alert-info .wy-alert-title{background:#6ab0de}.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.admonition,.rst-content .wy-alert-success.admonition-todo,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.warning,.wy-alert.wy-alert-success{background:#dbfaf4}.rst-content .hint .admonition-title,.rst-content .hint .wy-alert-title,.rst-content .important .admonition-title,.rst-content .important .wy-alert-title,.rst-content .tip .admonition-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .admonition-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.rst-content .wy-alert-success.admonition .admonition-title,.rst-content .wy-alert-success.admonition .wy-alert-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.wy-alert.wy-alert-success .wy-alert-title{background:#1abc9c}.rst-content .wy-alert-neutral.admonition,.rst-content .wy-alert-neutral.admonition-todo,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.wy-alert.wy-alert-neutral{background:#f3f6f6}.rst-content .wy-alert-neutral.admonition-todo .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.rst-content .wy-alert-neutral.admonition .admonition-title,.rst-content .wy-alert-neutral.admonition .wy-alert-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.wy-alert.wy-alert-neutral .wy-alert-title{color:#404040;background:#e1e4e5}.rst-content .wy-alert-neutral.admonition-todo a,.rst-content .wy-alert-neutral.admonition a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.wy-alert.wy-alert-neutral a{color:#2980b9}.rst-content .admonition-todo p:last-child,.rst-content .admonition p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .note p:last-child,.rst-content .seealso p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.wy-alert p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all .3s ease-in;-moz-transition:all .3s ease-in;transition:all .3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width:768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px;color:#fff;border:1px solid rgba(0,0,0,.1);background-color:#27ae60;text-decoration:none;font-weight:400;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 2px -1px hsla(0,0%,100%,.5),inset 0 -2px 0 0 rgba(0,0,0,.1);outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all .1s linear;-moz-transition:all .1s linear;transition:all .1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:inset 0 -1px 0 0 rgba(0,0,0,.05),inset 0 2px 0 0 rgba(0,0,0,.1);padding:8px 12px 6px}.btn:visited{color:#fff}.btn-disabled,.btn-disabled:active,.btn-disabled:focus,.btn-disabled:hover,.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9!important}.btn-info:hover{background-color:#2e8ece!important}.btn-neutral{background-color:#f3f6f6!important;color:#404040!important}.btn-neutral:hover{background-color:#e5ebeb!important;color:#404040}.btn-neutral:visited{color:#404040!important}.btn-success{background-color:#27ae60!important}.btn-success:hover{background-color:#295!important}.btn-danger{background-color:#e74c3c!important}.btn-danger:hover{background-color:#ea6153!important}.btn-warning{background-color:#e67e22!important}.btn-warning:hover{background-color:#e98b39!important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f!important}.btn-link{background-color:transparent!important;color:#2980b9;box-shadow:none;border-color:transparent!important}.btn-link:active,.btn-link:hover{background-color:transparent!important;color:#409ad5!important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:after,.wy-btn-group:before{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-active .wy-dropdown-menu{display:block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:1px solid #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:1px solid #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type=search]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;left:auto;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned .wy-help-inline,.wy-form-aligned input,.wy-form-aligned label,.wy-form-aligned select,.wy-form-aligned textarea{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{margin:0}fieldset,legend{border:0;padding:0}legend{width:100%;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label,legend{display:block}label{margin:0 0 .3125em;color:#333;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;max-width:1200px;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:after,.wy-control-group:before{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full input[type=color],.wy-control-group .wy-form-full input[type=date],.wy-control-group .wy-form-full input[type=datetime-local],.wy-control-group .wy-form-full input[type=datetime],.wy-control-group .wy-form-full input[type=email],.wy-control-group .wy-form-full input[type=month],.wy-control-group .wy-form-full input[type=number],.wy-control-group .wy-form-full input[type=password],.wy-control-group .wy-form-full input[type=search],.wy-control-group .wy-form-full input[type=tel],.wy-control-group .wy-form-full input[type=text],.wy-control-group .wy-form-full input[type=time],.wy-control-group .wy-form-full input[type=url],.wy-control-group .wy-form-full input[type=week],.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves input[type=color],.wy-control-group .wy-form-halves input[type=date],.wy-control-group .wy-form-halves input[type=datetime-local],.wy-control-group .wy-form-halves input[type=datetime],.wy-control-group .wy-form-halves input[type=email],.wy-control-group .wy-form-halves input[type=month],.wy-control-group .wy-form-halves input[type=number],.wy-control-group .wy-form-halves input[type=password],.wy-control-group .wy-form-halves input[type=search],.wy-control-group .wy-form-halves input[type=tel],.wy-control-group .wy-form-halves input[type=text],.wy-control-group .wy-form-halves input[type=time],.wy-control-group .wy-form-halves input[type=url],.wy-control-group .wy-form-halves input[type=week],.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds input[type=color],.wy-control-group .wy-form-thirds input[type=date],.wy-control-group .wy-form-thirds input[type=datetime-local],.wy-control-group .wy-form-thirds input[type=datetime],.wy-control-group .wy-form-thirds input[type=email],.wy-control-group .wy-form-thirds input[type=month],.wy-control-group .wy-form-thirds input[type=number],.wy-control-group .wy-form-thirds input[type=password],.wy-control-group .wy-form-thirds input[type=search],.wy-control-group .wy-form-thirds input[type=tel],.wy-control-group .wy-form-thirds input[type=text],.wy-control-group .wy-form-thirds input[type=time],.wy-control-group .wy-form-thirds input[type=url],.wy-control-group .wy-form-thirds input[type=week],.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full{float:left;display:block;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{float:left;display:block;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child,.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(odd){clear:left}.wy-control-group .wy-form-thirds{float:left;display:block;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child,.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control,.wy-control-no-input{margin:6px 0 0;font-size:90%}.wy-control-no-input{display:inline-block}.wy-control-group.fluid-input input[type=color],.wy-control-group.fluid-input input[type=date],.wy-control-group.fluid-input input[type=datetime-local],.wy-control-group.fluid-input input[type=datetime],.wy-control-group.fluid-input input[type=email],.wy-control-group.fluid-input input[type=month],.wy-control-group.fluid-input input[type=number],.wy-control-group.fluid-input input[type=password],.wy-control-group.fluid-input input[type=search],.wy-control-group.fluid-input input[type=tel],.wy-control-group.fluid-input input[type=text],.wy-control-group.fluid-input input[type=time],.wy-control-group.fluid-input input[type=url],.wy-control-group.fluid-input input[type=week]{width:100%}.wy-form-message-inline{padding-left:.3em;color:#666;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:.3125em;font-style:italic}.wy-form-message p{font-size:inherit;font-style:italic;margin-bottom:6px}.wy-form-message p:last-child{margin-bottom:0}input{line-height:normal}input[type=button],input[type=reset],input[type=submit]{-webkit-appearance:button;cursor:pointer;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;*overflow:visible}input[type=color],input[type=date],input[type=datetime-local],input[type=datetime],input[type=email],input[type=month],input[type=number],input[type=password],input[type=search],input[type=tel],input[type=text],input[type=time],input[type=url],input[type=week]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}input[type=datetime-local]{padding:.34375em .625em}input[disabled]{cursor:default}input[type=checkbox],input[type=radio]{padding:0;margin-right:.3125em;*height:13px;*width:13px}input[type=checkbox],input[type=radio],input[type=search]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:none}input[type=color]:focus,input[type=date]:focus,input[type=datetime-local]:focus,input[type=datetime]:focus,input[type=email]:focus,input[type=month]:focus,input[type=number]:focus,input[type=password]:focus,input[type=search]:focus,input[type=tel]:focus,input[type=text]:focus,input[type=time]:focus,input[type=url]:focus,input[type=week]:focus{outline:0;outline:thin dotted\9;border-color:#333}input.no-focus:focus{border-color:#ccc!important}input[type=checkbox]:focus,input[type=file]:focus,input[type=radio]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type=color][disabled],input[type=date][disabled],input[type=datetime-local][disabled],input[type=datetime][disabled],input[type=email][disabled],input[type=month][disabled],input[type=number][disabled],input[type=password][disabled],input[type=search][disabled],input[type=tel][disabled],input[type=text][disabled],input[type=time][disabled],input[type=url][disabled],input[type=week][disabled]{cursor:not-allowed;background-color:#fafafa}input:focus:invalid,select:focus:invalid,textarea:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,select:focus:invalid:focus,textarea:focus:invalid:focus{border-color:#e74c3c}input[type=checkbox]:focus:invalid:focus,input[type=file]:focus:invalid:focus,input[type=radio]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif}select,textarea{padding:.5em .625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border .3s linear;-moz-transition:border .3s linear;transition:border .3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}input[readonly],select[disabled],select[readonly],textarea[disabled],textarea[readonly]{cursor:not-allowed;background-color:#fafafa}input[type=checkbox][disabled],input[type=radio][disabled]{cursor:not-allowed}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap;padding:6px}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{line-height:27px;padding:0 8px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:1px solid #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-switch{position:relative;display:block;height:24px;margin-top:12px;cursor:pointer}.wy-switch:before{left:0;top:0;width:36px;height:12px;background:#ccc}.wy-switch:after,.wy-switch:before{position:absolute;content:"";display:block;border-radius:4px;-webkit-transition:all .2s ease-in-out;-moz-transition:all .2s ease-in-out;transition:all .2s ease-in-out}.wy-switch:after{width:18px;height:18px;background:#999;left:-3px;top:-3px}.wy-switch span{position:absolute;left:48px;display:block;font-size:12px;color:#ccc;line-height:1}.wy-switch.active:before{background:#1e8449}.wy-switch.active:after{left:24px;background:#27ae60}.wy-switch.disabled{cursor:not-allowed;opacity:.8}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type=color],.wy-control-group.wy-control-group-error input[type=date],.wy-control-group.wy-control-group-error input[type=datetime-local],.wy-control-group.wy-control-group-error input[type=datetime],.wy-control-group.wy-control-group-error input[type=email],.wy-control-group.wy-control-group-error input[type=month],.wy-control-group.wy-control-group-error input[type=number],.wy-control-group.wy-control-group-error input[type=password],.wy-control-group.wy-control-group-error input[type=search],.wy-control-group.wy-control-group-error input[type=tel],.wy-control-group.wy-control-group-error input[type=text],.wy-control-group.wy-control-group-error input[type=time],.wy-control-group.wy-control-group-error input[type=url],.wy-control-group.wy-control-group-error input[type=week],.wy-control-group.wy-control-group-error textarea{border:1px solid #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:.5em .625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width:480px){.wy-form button[type=submit]{margin:.7em 0 0}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=text],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week],.wy-form label{margin-bottom:.3em;display:block}.wy-form input[type=color],.wy-form input[type=date],.wy-form input[type=datetime-local],.wy-form input[type=datetime],.wy-form input[type=email],.wy-form input[type=month],.wy-form input[type=number],.wy-form input[type=password],.wy-form input[type=search],.wy-form input[type=tel],.wy-form input[type=time],.wy-form input[type=url],.wy-form input[type=week]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0}.wy-form-message,.wy-form-message-inline,.wy-form .wy-help-inline{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width:768px){.tablet-hide{display:none}}@media screen and (max-width:480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.rst-content table.docutils,.rst-content table.field-list,.wy-table{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.rst-content table.docutils caption,.rst-content table.field-list caption,.wy-table caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.rst-content table.docutils td,.rst-content table.docutils th,.rst-content table.field-list td,.rst-content table.field-list th,.wy-table td,.wy-table th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.rst-content table.docutils td:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list td:first-child,.rst-content table.field-list th:first-child,.wy-table td:first-child,.wy-table th:first-child{border-left-width:0}.rst-content table.docutils thead,.rst-content table.field-list thead,.wy-table thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.rst-content table.docutils thead th,.rst-content table.field-list thead th,.wy-table thead th{font-weight:700;border-bottom:2px solid #e1e4e5}.rst-content table.docutils td,.rst-content table.field-list td,.wy-table td{background-color:transparent;vertical-align:middle}.rst-content table.docutils td p,.rst-content table.field-list td p,.wy-table td p{line-height:18px}.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child,.wy-table td p:last-child{margin-bottom:0}.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min,.wy-table .wy-table-cell-min{width:1%;padding-right:0}.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:grey;font-size:90%}.wy-table-tertiary{color:grey;font-size:80%}.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td,.wy-table-backed,.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td{background-color:#f3f6f6}.rst-content table.docutils,.wy-table-bordered-all{border:1px solid #e1e4e5}.rst-content table.docutils td,.wy-table-bordered-all td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.rst-content table.docutils tbody>tr:last-child td,.wy-table-bordered-all tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0!important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none;cursor:pointer}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%}body,html{overflow-x:hidden}body{font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;font-weight:400;color:#404040;min-height:100%;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22!important}a.wy-text-warning:hover{color:#eb9950!important}.wy-text-info{color:#2980b9!important}a.wy-text-info:hover{color:#409ad5!important}.wy-text-success{color:#27ae60!important}a.wy-text-success:hover{color:#36d278!important}.wy-text-danger{color:#e74c3c!important}a.wy-text-danger:hover{color:#ed7669!important}.wy-text-neutral{color:#404040!important}a.wy-text-neutral:hover{color:#595959!important}.rst-content .toctree-wrapper>p.caption,h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif}p{line-height:24px;font-size:16px;margin:0 0 24px}h1{font-size:175%}.rst-content .toctree-wrapper>p.caption,h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}.rst-content code,.rst-content tt,code{white-space:nowrap;max-width:100%;background:#fff;border:1px solid #e1e4e5;font-size:75%;padding:0 5px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#e74c3c;overflow-x:auto}.rst-content tt.code-large,code.code-large{font-size:90%}.rst-content .section ul,.rst-content .toctree-wrapper ul,.rst-content section ul,.wy-plain-list-disc,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.rst-content .section ul li,.rst-content .toctree-wrapper ul li,.rst-content section ul li,.wy-plain-list-disc li,article ul li{list-style:disc;margin-left:24px}.rst-content .section ul li p:last-child,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li p:last-child,.rst-content .toctree-wrapper ul li ul,.rst-content section ul li p:last-child,.rst-content section ul li ul,.wy-plain-list-disc li p:last-child,.wy-plain-list-disc li ul,article ul li p:last-child,article ul li ul{margin-bottom:0}.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,.rst-content section ul li li,.wy-plain-list-disc li li,article ul li li{list-style:circle}.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,.rst-content section ul li li li,.wy-plain-list-disc li li li,article ul li li li{list-style:square}.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,.rst-content section ul li ol li,.wy-plain-list-disc li ol li,article ul li ol li{list-style:decimal}.rst-content .section ol,.rst-content .section ol.arabic,.rst-content .toctree-wrapper ol,.rst-content .toctree-wrapper ol.arabic,.rst-content section ol,.rst-content section ol.arabic,.wy-plain-list-decimal,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.rst-content .section ol.arabic li,.rst-content .section ol li,.rst-content .toctree-wrapper ol.arabic li,.rst-content .toctree-wrapper ol li,.rst-content section ol.arabic li,.rst-content section ol li,.wy-plain-list-decimal li,article ol li{list-style:decimal;margin-left:24px}.rst-content .section ol.arabic li ul,.rst-content .section ol li p:last-child,.rst-content .section ol li ul,.rst-content .toctree-wrapper ol.arabic li ul,.rst-content .toctree-wrapper ol li p:last-child,.rst-content .toctree-wrapper ol li ul,.rst-content section ol.arabic li ul,.rst-content section ol li p:last-child,.rst-content section ol li ul,.wy-plain-list-decimal li p:last-child,.wy-plain-list-decimal li ul,article ol li p:last-child,article ol li ul{margin-bottom:0}.rst-content .section ol.arabic li ul li,.rst-content .section ol li ul li,.rst-content .toctree-wrapper ol.arabic li ul li,.rst-content .toctree-wrapper ol li ul li,.rst-content section ol.arabic li ul li,.rst-content section ol li ul li,.wy-plain-list-decimal li ul li,article ol li ul li{list-style:disc}.wy-breadcrumbs{*zoom:1}.wy-breadcrumbs:after,.wy-breadcrumbs:before{display:table;content:""}.wy-breadcrumbs:after{clear:both}.wy-breadcrumbs>li{display:inline-block;padding-top:5px}.wy-breadcrumbs>li.wy-breadcrumbs-aside{float:right}.rst-content .wy-breadcrumbs>li code,.rst-content .wy-breadcrumbs>li tt,.wy-breadcrumbs>li .rst-content tt,.wy-breadcrumbs>li code{all:inherit;color:inherit}.breadcrumb-item:before{content:"/";color:#bbb;font-size:13px;padding:0 6px 0 3px}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width:480px){.wy-breadcrumbs-extra,.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}html{font-size:16px}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:after,.wy-menu-horiz:before{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz li,.wy-menu-horiz ul{display:inline-block}.wy-menu-horiz li:hover{background:hsla(0,0%,100%,.1)}.wy-menu-horiz li.divide-left{border-left:1px solid #404040}.wy-menu-horiz li.divide-right{border-right:1px solid #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical{width:300px}.wy-menu-vertical header,.wy-menu-vertical p.caption{color:#55a5d9;height:32px;line-height:32px;padding:0 1.618em;margin:12px 0 0;display:block;font-weight:700;text-transform:uppercase;font-size:85%;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:1px solid #404040}.wy-menu-vertical li.divide-bottom{border-bottom:1px solid #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:grey;border-right:1px solid #c9c9c9;padding:.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.rst-content .wy-menu-vertical li tt,.wy-menu-vertical li .rst-content tt,.wy-menu-vertical li code{border:none;background:inherit;color:inherit;padding-left:0;padding-right:0}.wy-menu-vertical li button.toctree-expand{display:block;float:left;margin-left:-1.2em;line-height:18px;color:#4d4d4d;border:none;background:none;padding:0}.wy-menu-vertical li.current>a,.wy-menu-vertical li.on a{color:#404040;font-weight:700;position:relative;background:#fcfcfc;border:none;padding:.4045em 1.618em}.wy-menu-vertical li.current>a:hover,.wy-menu-vertical li.on a:hover{background:#fcfcfc}.wy-menu-vertical li.current>a:hover button.toctree-expand,.wy-menu-vertical li.on a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.current>a button.toctree-expand,.wy-menu-vertical li.on a button.toctree-expand{display:block;line-height:18px;color:#333}.wy-menu-vertical li.toctree-l1.current>a{border-bottom:1px solid #c9c9c9;border-top:1px solid #c9c9c9}.wy-menu-vertical .toctree-l1.current .toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .toctree-l11>ul{display:none}.wy-menu-vertical .toctree-l1.current .current.toctree-l2>ul,.wy-menu-vertical .toctree-l2.current .current.toctree-l3>ul,.wy-menu-vertical .toctree-l3.current .current.toctree-l4>ul,.wy-menu-vertical .toctree-l4.current .current.toctree-l5>ul,.wy-menu-vertical .toctree-l5.current .current.toctree-l6>ul,.wy-menu-vertical .toctree-l6.current .current.toctree-l7>ul,.wy-menu-vertical .toctree-l7.current .current.toctree-l8>ul,.wy-menu-vertical .toctree-l8.current .current.toctree-l9>ul,.wy-menu-vertical .toctree-l9.current .current.toctree-l10>ul,.wy-menu-vertical .toctree-l10.current .current.toctree-l11>ul{display:block}.wy-menu-vertical li.toctree-l3,.wy-menu-vertical li.toctree-l4{font-size:.9em}.wy-menu-vertical li.toctree-l2 a,.wy-menu-vertical li.toctree-l3 a,.wy-menu-vertical li.toctree-l4 a,.wy-menu-vertical li.toctree-l5 a,.wy-menu-vertical li.toctree-l6 a,.wy-menu-vertical li.toctree-l7 a,.wy-menu-vertical li.toctree-l8 a,.wy-menu-vertical li.toctree-l9 a,.wy-menu-vertical li.toctree-l10 a{color:#404040}.wy-menu-vertical li.toctree-l2 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l3 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l4 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l5 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l6 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l7 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l8 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l9 a:hover button.toctree-expand,.wy-menu-vertical li.toctree-l10 a:hover button.toctree-expand{color:grey}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a,.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a,.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a,.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a,.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a,.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a,.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a,.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{display:block}.wy-menu-vertical li.toctree-l2.current>a{padding:.4045em 2.427em}.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{padding:.4045em 1.618em .4045em 4.045em}.wy-menu-vertical li.toctree-l3.current>a{padding:.4045em 4.045em}.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{padding:.4045em 1.618em .4045em 5.663em}.wy-menu-vertical li.toctree-l4.current>a{padding:.4045em 5.663em}.wy-menu-vertical li.toctree-l4.current li.toctree-l5>a{padding:.4045em 1.618em .4045em 7.281em}.wy-menu-vertical li.toctree-l5.current>a{padding:.4045em 7.281em}.wy-menu-vertical li.toctree-l5.current li.toctree-l6>a{padding:.4045em 1.618em .4045em 8.899em}.wy-menu-vertical li.toctree-l6.current>a{padding:.4045em 8.899em}.wy-menu-vertical li.toctree-l6.current li.toctree-l7>a{padding:.4045em 1.618em .4045em 10.517em}.wy-menu-vertical li.toctree-l7.current>a{padding:.4045em 10.517em}.wy-menu-vertical li.toctree-l7.current li.toctree-l8>a{padding:.4045em 1.618em .4045em 12.135em}.wy-menu-vertical li.toctree-l8.current>a{padding:.4045em 12.135em}.wy-menu-vertical li.toctree-l8.current li.toctree-l9>a{padding:.4045em 1.618em .4045em 13.753em}.wy-menu-vertical li.toctree-l9.current>a{padding:.4045em 13.753em}.wy-menu-vertical li.toctree-l9.current li.toctree-l10>a{padding:.4045em 1.618em .4045em 15.371em}.wy-menu-vertical li.toctree-l10.current>a{padding:.4045em 15.371em}.wy-menu-vertical li.toctree-l10.current li.toctree-l11>a{padding:.4045em 1.618em .4045em 16.989em}.wy-menu-vertical li.toctree-l2.current>a,.wy-menu-vertical li.toctree-l2.current li.toctree-l3>a{background:#c9c9c9}.wy-menu-vertical li.toctree-l2 button.toctree-expand{color:#a3a3a3}.wy-menu-vertical li.toctree-l3.current>a,.wy-menu-vertical li.toctree-l3.current li.toctree-l4>a{background:#bdbdbd}.wy-menu-vertical li.toctree-l3 button.toctree-expand{color:#969696}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical li ul li a{margin-bottom:0;color:#d9d9d9;font-weight:400}.wy-menu-vertical a{line-height:18px;padding:.4045em 1.618em;display:block;position:relative;font-size:90%;color:#d9d9d9}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:hover button.toctree-expand{color:#d9d9d9}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-menu-vertical a:active button.toctree-expand{color:#fff}.wy-side-nav-search{display:block;width:300px;padding:.809em;margin-bottom:.809em;z-index:200;background-color:#2980b9;text-align:center;color:#fcfcfc}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto .809em;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search .wy-dropdown>a,.wy-side-nav-search>a{color:#fcfcfc;font-size:100%;font-weight:700;display:inline-block;padding:4px 6px;margin-bottom:.809em;max-width:100%}.wy-side-nav-search .wy-dropdown>a:hover,.wy-side-nav-search>a:hover{background:hsla(0,0%,100%,.1)}.wy-side-nav-search .wy-dropdown>a img.logo,.wy-side-nav-search>a img.logo{display:block;margin:0 auto;height:auto;width:auto;border-radius:0;max-width:100%;background:transparent}.wy-side-nav-search .wy-dropdown>a.icon img.logo,.wy-side-nav-search>a.icon img.logo{margin-top:.85em}.wy-side-nav-search>div.version{margin-top:-.4045em;margin-bottom:.809em;font-weight:400;color:hsla(0,0%,100%,.3)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all .2s ease-in;-moz-transition:all .2s ease-in;transition:all .2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:#fcfcfc}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:fixed;top:0;bottom:0;left:0;padding-bottom:2em;width:300px;overflow-x:hidden;overflow-y:hidden;min-height:100%;color:#9b9b9b;background:#343131;z-index:200}.wy-side-scroll{width:320px;position:relative;overflow-x:hidden;overflow-y:scroll;height:100%}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:.4045em .809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:after,.wy-nav-top:before{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:700}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer;padding-top:inherit}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:grey}footer p{margin-bottom:12px}.rst-content footer span.commit tt,footer span.commit .rst-content tt,footer span.commit code{padding:0;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:1em;background:none;border:none;color:grey}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:after,.rst-footer-buttons:before{width:100%;display:table;content:""}.rst-footer-buttons:after{clear:both}.rst-breadcrumbs-buttons{margin-top:12px;*zoom:1}.rst-breadcrumbs-buttons:after,.rst-breadcrumbs-buttons:before{display:table;content:""}.rst-breadcrumbs-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:1px solid #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:1px solid #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:grey;font-size:90%}.genindextable li>ul{margin-left:24px}@media screen and (max-width:768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-menu.wy-menu-vertical,.wy-side-nav-search,.wy-side-scroll{width:auto}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width:1100px){.wy-nav-content-wrap{background:rgba(0,0,0,.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,.wy-nav-side,footer{display:none}.wy-nav-content-wrap{margin-left:0}}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;font-family:Lato,proxima-nova,Helvetica Neue,Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:after,.rst-versions .rst-current-version:before{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-content .code-block-caption .rst-versions .rst-current-version .headerlink,.rst-content .eqno .rst-versions .rst-current-version .headerlink,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-content code.download .rst-versions .rst-current-version span:first-child,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-content p .rst-versions .rst-current-version .headerlink,.rst-content table>caption .rst-versions .rst-current-version .headerlink,.rst-content tt.download .rst-versions .rst-current-version span:first-child,.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .icon,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-versions .rst-current-version .rst-content .code-block-caption .headerlink,.rst-versions .rst-current-version .rst-content .eqno .headerlink,.rst-versions .rst-current-version .rst-content code.download span:first-child,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-versions .rst-current-version .rst-content p .headerlink,.rst-versions .rst-current-version .rst-content table>caption .headerlink,.rst-versions .rst-current-version .rst-content tt.download span:first-child,.rst-versions .rst-current-version .wy-menu-vertical li button.toctree-expand,.wy-menu-vertical li .rst-versions .rst-current-version button.toctree-expand{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up{height:auto;max-height:100%;overflow-y:scroll}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:grey;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:1px solid #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions .rst-other-versions .rtd-current-item{font-weight:700}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px;max-height:90%}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none;line-height:30px}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge>.rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width:768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}}#flyout-search-form{padding:6px}.rst-content .toctree-wrapper>p.caption,.rst-content h1,.rst-content h2,.rst-content h3,.rst-content h4,.rst-content h5,.rst-content h6{margin-bottom:24px}.rst-content img{max-width:100%;height:auto}.rst-content div.figure,.rst-content figure{margin-bottom:24px}.rst-content div.figure .caption-text,.rst-content figure .caption-text{font-style:italic}.rst-content div.figure p:last-child.caption,.rst-content figure p:last-child.caption{margin-bottom:0}.rst-content div.figure.align-center,.rst-content figure.align-center{text-align:center}.rst-content .section>a>img,.rst-content .section>img,.rst-content section>a>img,.rst-content section>img{margin-bottom:24px}.rst-content abbr[title]{text-decoration:none}.rst-content.style-external-links a.reference.external:after{font-family:FontAwesome;content:"\f08e";color:#b3b3b3;vertical-align:super;font-size:60%;margin:0 .2em}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content pre.literal-block{white-space:pre;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;display:block;overflow:auto}.rst-content div[class^=highlight],.rst-content pre.literal-block{border:1px solid #e1e4e5;overflow-x:auto;margin:1px 0 24px}.rst-content div[class^=highlight] div[class^=highlight],.rst-content pre.literal-block div[class^=highlight]{padding:0;border:none;margin:0}.rst-content div[class^=highlight] td.code{width:100%}.rst-content .linenodiv pre{border-right:1px solid #e6e9ea;margin:0;padding:12px;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;user-select:none;pointer-events:none}.rst-content div[class^=highlight] pre{white-space:pre;margin:0;padding:12px;display:block;overflow:auto}.rst-content div[class^=highlight] pre .hll{display:block;margin:0 -12px;padding:0 12px}.rst-content .linenodiv pre,.rst-content div[class^=highlight] pre,.rst-content pre.literal-block{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;font-size:12px;line-height:1.4}.rst-content div.highlight .gp,.rst-content div.highlight span.linenos{user-select:none;pointer-events:none}.rst-content div.highlight span.linenos{display:inline-block;padding-left:0;padding-right:12px;margin-right:12px;border-right:1px solid #e6e9ea}.rst-content .code-block-caption{font-style:italic;font-size:85%;line-height:1;padding:1em 0;text-align:center}@media print{.rst-content .codeblock,.rst-content div[class^=highlight],.rst-content div[class^=highlight] pre{white-space:pre-wrap}}.rst-content .admonition,.rst-content .admonition-todo,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .note,.rst-content .seealso,.rst-content .tip,.rst-content .warning{clear:both}.rst-content .admonition-todo .last,.rst-content .admonition-todo>:last-child,.rst-content .admonition .last,.rst-content .admonition>:last-child,.rst-content .attention .last,.rst-content .attention>:last-child,.rst-content .caution .last,.rst-content .caution>:last-child,.rst-content .danger .last,.rst-content .danger>:last-child,.rst-content .error .last,.rst-content .error>:last-child,.rst-content .hint .last,.rst-content .hint>:last-child,.rst-content .important .last,.rst-content .important>:last-child,.rst-content .note .last,.rst-content .note>:last-child,.rst-content .seealso .last,.rst-content .seealso>:last-child,.rst-content .tip .last,.rst-content .tip>:last-child,.rst-content .warning .last,.rst-content .warning>:last-child{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent!important;border-color:rgba(0,0,0,.1)!important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha>li,.rst-content .toctree-wrapper ol.loweralpha,.rst-content .toctree-wrapper ol.loweralpha>li,.rst-content section ol.loweralpha,.rst-content section ol.loweralpha>li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha>li,.rst-content .toctree-wrapper ol.upperalpha,.rst-content .toctree-wrapper ol.upperalpha>li,.rst-content section ol.upperalpha,.rst-content section ol.upperalpha>li{list-style:upper-alpha}.rst-content .section ol li>*,.rst-content .section ul li>*,.rst-content .toctree-wrapper ol li>*,.rst-content .toctree-wrapper ul li>*,.rst-content section ol li>*,.rst-content section ul li>*{margin-top:12px;margin-bottom:12px}.rst-content .section ol li>:first-child,.rst-content .section ul li>:first-child,.rst-content .toctree-wrapper ol li>:first-child,.rst-content .toctree-wrapper ul li>:first-child,.rst-content section ol li>:first-child,.rst-content section ul li>:first-child{margin-top:0}.rst-content .section ol li>p,.rst-content .section ol li>p:last-child,.rst-content .section ul li>p,.rst-content .section ul li>p:last-child,.rst-content .toctree-wrapper ol li>p,.rst-content .toctree-wrapper ol li>p:last-child,.rst-content .toctree-wrapper ul li>p,.rst-content .toctree-wrapper ul li>p:last-child,.rst-content section ol li>p,.rst-content section ol li>p:last-child,.rst-content section ul li>p,.rst-content section ul li>p:last-child{margin-bottom:12px}.rst-content .section ol li>p:only-child,.rst-content .section ol li>p:only-child:last-child,.rst-content .section ul li>p:only-child,.rst-content .section ul li>p:only-child:last-child,.rst-content .toctree-wrapper ol li>p:only-child,.rst-content .toctree-wrapper ol li>p:only-child:last-child,.rst-content .toctree-wrapper ul li>p:only-child,.rst-content .toctree-wrapper ul li>p:only-child:last-child,.rst-content section ol li>p:only-child,.rst-content section ol li>p:only-child:last-child,.rst-content section ul li>p:only-child,.rst-content section ul li>p:only-child:last-child{margin-bottom:0}.rst-content .section ol li>ol,.rst-content .section ol li>ul,.rst-content .section ul li>ol,.rst-content .section ul li>ul,.rst-content .toctree-wrapper ol li>ol,.rst-content .toctree-wrapper ol li>ul,.rst-content .toctree-wrapper ul li>ol,.rst-content .toctree-wrapper ul li>ul,.rst-content section ol li>ol,.rst-content section ol li>ul,.rst-content section ul li>ol,.rst-content section ul li>ul{margin-bottom:12px}.rst-content .section ol.simple li>*,.rst-content .section ol.simple li ol,.rst-content .section ol.simple li ul,.rst-content .section ul.simple li>*,.rst-content .section ul.simple li ol,.rst-content .section ul.simple li ul,.rst-content .toctree-wrapper ol.simple li>*,.rst-content .toctree-wrapper ol.simple li ol,.rst-content .toctree-wrapper ol.simple li ul,.rst-content .toctree-wrapper ul.simple li>*,.rst-content .toctree-wrapper ul.simple li ol,.rst-content .toctree-wrapper ul.simple li ul,.rst-content section ol.simple li>*,.rst-content section ol.simple li ol,.rst-content section ol.simple li ul,.rst-content section ul.simple li>*,.rst-content section ul.simple li ol,.rst-content section ul.simple li ul{margin-top:0;margin-bottom:0}.rst-content .line-block{margin-left:0;margin-bottom:24px;line-height:24px}.rst-content .line-block .line-block{margin-left:24px;margin-bottom:0}.rst-content .topic-title{font-weight:700;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0 0 24px 24px}.rst-content .align-left{float:left;margin:0 24px 24px 0}.rst-content .align-center{margin:auto}.rst-content .align-center:not(table){display:block}.rst-content .code-block-caption .headerlink,.rst-content .eqno .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink,.rst-content dl dt .headerlink,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content p.caption .headerlink,.rst-content p .headerlink,.rst-content table>caption .headerlink{opacity:0;font-size:14px;font-family:FontAwesome;margin-left:.5em}.rst-content .code-block-caption .headerlink:focus,.rst-content .code-block-caption:hover .headerlink,.rst-content .eqno .headerlink:focus,.rst-content .eqno:hover .headerlink,.rst-content .toctree-wrapper>p.caption .headerlink:focus,.rst-content .toctree-wrapper>p.caption:hover .headerlink,.rst-content dl dt .headerlink:focus,.rst-content dl dt:hover .headerlink,.rst-content h1 .headerlink:focus,.rst-content h1:hover .headerlink,.rst-content h2 .headerlink:focus,.rst-content h2:hover .headerlink,.rst-content h3 .headerlink:focus,.rst-content h3:hover .headerlink,.rst-content h4 .headerlink:focus,.rst-content h4:hover .headerlink,.rst-content h5 .headerlink:focus,.rst-content h5:hover .headerlink,.rst-content h6 .headerlink:focus,.rst-content h6:hover .headerlink,.rst-content p.caption .headerlink:focus,.rst-content p.caption:hover .headerlink,.rst-content p .headerlink:focus,.rst-content p:hover .headerlink,.rst-content table>caption .headerlink:focus,.rst-content table>caption:hover .headerlink{opacity:1}.rst-content p a{overflow-wrap:anywhere}.rst-content .wy-table td p,.rst-content .wy-table td ul,.rst-content .wy-table th p,.rst-content .wy-table th ul,.rst-content table.docutils td p,.rst-content table.docutils td ul,.rst-content table.docutils th p,.rst-content table.docutils th ul,.rst-content table.field-list td p,.rst-content table.field-list td ul,.rst-content table.field-list th p,.rst-content table.field-list th ul{font-size:inherit}.rst-content .btn:focus{outline:2px solid}.rst-content table>caption .headerlink:after{font-size:12px}.rst-content .centered{text-align:center}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:1px solid #e1e4e5}.rst-content .sidebar dl,.rst-content .sidebar p,.rst-content .sidebar ul{font-size:90%}.rst-content .sidebar .last,.rst-content .sidebar>:last-child{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:Roboto Slab,ff-tisa-web-pro,Georgia,Arial,sans-serif;font-weight:700;background:#e1e4e5;padding:6px 12px;margin:-24px -24px 24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;box-shadow:0 0 0 2px #f1c40f;display:inline;font-weight:700}.rst-content .citation-reference,.rst-content .footnote-reference{vertical-align:baseline;position:relative;top:-.4em;line-height:0;font-size:90%}.rst-content .citation-reference>span.fn-bracket,.rst-content .footnote-reference>span.fn-bracket{display:none}.rst-content .hlist{width:100%}.rst-content dl dt span.classifier:before{content:" : "}.rst-content dl dt span.classifier-delimiter{display:none!important}html.writer-html4 .rst-content table.docutils.citation,html.writer-html4 .rst-content table.docutils.footnote{background:none;border:none}html.writer-html4 .rst-content table.docutils.citation td,html.writer-html4 .rst-content table.docutils.citation tr,html.writer-html4 .rst-content table.docutils.footnote td,html.writer-html4 .rst-content table.docutils.footnote tr{border:none;background-color:transparent!important;white-space:normal}html.writer-html4 .rst-content table.docutils.citation td.label,html.writer-html4 .rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{display:grid;grid-template-columns:auto minmax(80%,95%)}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{display:inline-grid;grid-template-columns:max-content auto}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{display:grid;grid-template-columns:auto auto minmax(.65rem,auto) minmax(40%,95%)}html.writer-html5 .rst-content aside.citation>span.label,html.writer-html5 .rst-content aside.footnote>span.label,html.writer-html5 .rst-content div.citation>span.label{grid-column-start:1;grid-column-end:2}html.writer-html5 .rst-content aside.citation>span.backrefs,html.writer-html5 .rst-content aside.footnote>span.backrefs,html.writer-html5 .rst-content div.citation>span.backrefs{grid-column-start:2;grid-column-end:3;grid-row-start:1;grid-row-end:3}html.writer-html5 .rst-content aside.citation>p,html.writer-html5 .rst-content aside.footnote>p,html.writer-html5 .rst-content div.citation>p{grid-column-start:4;grid-column-end:5}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.field-list,html.writer-html5 .rst-content dl.footnote{margin-bottom:24px}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dt{padding-left:1rem}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.field-list>dd,html.writer-html5 .rst-content dl.field-list>dt,html.writer-html5 .rst-content dl.footnote>dd,html.writer-html5 .rst-content dl.footnote>dt{margin-bottom:0}html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{font-size:.9rem}html.writer-html5 .rst-content dl.citation>dt,html.writer-html5 .rst-content dl.footnote>dt{margin:0 .5rem .5rem 0;line-height:1.2rem;word-break:break-all;font-weight:400}html.writer-html5 .rst-content dl.citation>dt>span.brackets:before,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:before{content:"["}html.writer-html5 .rst-content dl.citation>dt>span.brackets:after,html.writer-html5 .rst-content dl.footnote>dt>span.brackets:after{content:"]"}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a{word-break:keep-all}html.writer-html5 .rst-content dl.citation>dt>span.fn-backref>a:not(:first-child):before,html.writer-html5 .rst-content dl.footnote>dt>span.fn-backref>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content dl.citation>dd,html.writer-html5 .rst-content dl.footnote>dd{margin:0 0 .5rem;line-height:1.2rem}html.writer-html5 .rst-content dl.citation>dd p,html.writer-html5 .rst-content dl.footnote>dd p{font-size:.9rem}html.writer-html5 .rst-content aside.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content div.citation{padding-left:1rem;padding-right:1rem;font-size:.9rem;line-height:1.2rem}html.writer-html5 .rst-content aside.citation p,html.writer-html5 .rst-content aside.footnote p,html.writer-html5 .rst-content div.citation p{font-size:.9rem;line-height:1.2rem;margin-bottom:12px}html.writer-html5 .rst-content aside.citation span.backrefs,html.writer-html5 .rst-content aside.footnote span.backrefs,html.writer-html5 .rst-content div.citation span.backrefs{text-align:left;font-style:italic;margin-left:.65rem;word-break:break-word;word-spacing:-.1rem;max-width:5rem}html.writer-html5 .rst-content aside.citation span.backrefs>a,html.writer-html5 .rst-content aside.footnote span.backrefs>a,html.writer-html5 .rst-content div.citation span.backrefs>a{word-break:keep-all}html.writer-html5 .rst-content aside.citation span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content aside.footnote span.backrefs>a:not(:first-child):before,html.writer-html5 .rst-content div.citation span.backrefs>a:not(:first-child):before{content:" "}html.writer-html5 .rst-content aside.citation span.label,html.writer-html5 .rst-content aside.footnote span.label,html.writer-html5 .rst-content div.citation span.label{line-height:1.2rem}html.writer-html5 .rst-content aside.citation-list,html.writer-html5 .rst-content aside.footnote-list,html.writer-html5 .rst-content div.citation-list{margin-bottom:24px}html.writer-html5 .rst-content dl.option-list kbd{font-size:.9rem}.rst-content table.docutils.footnote,html.writer-html4 .rst-content table.docutils.citation,html.writer-html5 .rst-content aside.footnote,html.writer-html5 .rst-content aside.footnote-list aside.footnote,html.writer-html5 .rst-content div.citation-list>div.citation,html.writer-html5 .rst-content dl.citation,html.writer-html5 .rst-content dl.footnote{color:grey}.rst-content table.docutils.footnote code,.rst-content table.docutils.footnote tt,html.writer-html4 .rst-content table.docutils.citation code,html.writer-html4 .rst-content table.docutils.citation tt,html.writer-html5 .rst-content aside.footnote-list aside.footnote code,html.writer-html5 .rst-content aside.footnote-list aside.footnote tt,html.writer-html5 .rst-content aside.footnote code,html.writer-html5 .rst-content aside.footnote tt,html.writer-html5 .rst-content div.citation-list>div.citation code,html.writer-html5 .rst-content div.citation-list>div.citation tt,html.writer-html5 .rst-content dl.citation code,html.writer-html5 .rst-content dl.citation tt,html.writer-html5 .rst-content dl.footnote code,html.writer-html5 .rst-content dl.footnote tt{color:#555}.rst-content .wy-table-responsive.citation,.rst-content .wy-table-responsive.footnote{margin-bottom:0}.rst-content .wy-table-responsive.citation+:not(.citation),.rst-content .wy-table-responsive.footnote+:not(.footnote){margin-top:24px}.rst-content .wy-table-responsive.citation:last-child,.rst-content .wy-table-responsive.footnote:last-child{margin-bottom:24px}.rst-content table.docutils th{border-color:#e1e4e5}html.writer-html5 .rst-content table.docutils th{border:1px solid #e1e4e5}html.writer-html5 .rst-content table.docutils td>p,html.writer-html5 .rst-content table.docutils th>p{line-height:1rem;margin-bottom:0;font-size:.9rem}.rst-content table.docutils td .last,.rst-content table.docutils td .last>:last-child{margin-bottom:0}.rst-content table.field-list,.rst-content table.field-list td{border:none}.rst-content table.field-list td p{line-height:inherit}.rst-content table.field-list td>strong{display:inline-block}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left}.rst-content code,.rst-content tt{color:#000;font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;padding:2px 5px}.rst-content code big,.rst-content code em,.rst-content tt big,.rst-content tt em{font-size:100%!important;line-height:normal}.rst-content code.literal,.rst-content tt.literal{color:#e74c3c;white-space:normal}.rst-content code.xref,.rst-content tt.xref,a .rst-content code,a .rst-content tt{font-weight:700;color:#404040;overflow-wrap:normal}.rst-content kbd,.rst-content pre,.rst-content samp{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace}.rst-content a code,.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:700;margin-bottom:12px}.rst-content dl ol,.rst-content dl p,.rst-content dl table,.rst-content dl ul{margin-bottom:12px}.rst-content dl dd{margin:0 0 12px 24px;line-height:24px}.rst-content dl dd>ol:last-child,.rst-content dl dd>p:last-child,.rst-content dl dd>table:last-child,.rst-content dl dd>ul:last-child{margin-bottom:0}html.writer-html4 .rst-content dl:not(.docutils),html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple){margin-bottom:24px}html.writer-html4 .rst-content dl:not(.docutils)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{display:table;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:3px solid #6ab0de;padding:6px;position:relative}html.writer-html4 .rst-content dl:not(.docutils)>dt:before,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:before{color:#6ab0de}html.writer-html4 .rst-content dl:not(.docutils)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt{margin-bottom:6px;border:none;border-left:3px solid #ccc;background:#f0f0f0;color:#555}html.writer-html4 .rst-content dl:not(.docutils) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) dl:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt .headerlink{color:#404040;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils)>dt:first-child,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple)>dt:first-child{margin-top:0}html.writer-html4 .rst-content dl:not(.docutils) code.descclassname,html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descclassname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{background-color:transparent;border:none;padding:0;font-size:100%!important}html.writer-html4 .rst-content dl:not(.docutils) code.descname,html.writer-html4 .rst-content dl:not(.docutils) tt.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) code.descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) tt.descname{font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .optional,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:700}html.writer-html4 .rst-content dl:not(.docutils) .property,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .property{display:inline-block;padding-right:8px;max-width:100%}html.writer-html4 .rst-content dl:not(.docutils) .k,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .k{font-style:italic}html.writer-html4 .rst-content dl:not(.docutils) .descclassname,html.writer-html4 .rst-content dl:not(.docutils) .descname,html.writer-html4 .rst-content dl:not(.docutils) .sig-name,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descclassname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .descname,html.writer-html5 .rst-content dl[class]:not(.option-list):not(.field-list):not(.footnote):not(.citation):not(.glossary):not(.simple) .sig-name{font-family:SFMono-Regular,Menlo,Monaco,Consolas,Liberation Mono,Courier New,Courier,monospace;color:#000}.rst-content .viewcode-back,.rst-content .viewcode-link{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:700}.rst-content code.download,.rst-content tt.download{background:inherit;padding:inherit;font-weight:400;font-family:inherit;font-size:inherit;color:inherit;border:inherit;white-space:inherit}.rst-content code.download span:first-child,.rst-content tt.download span:first-child{-webkit-font-smoothing:subpixel-antialiased}.rst-content code.download span:first-child:before,.rst-content tt.download span:first-child:before{margin-right:4px}.rst-content .guilabel,.rst-content .menuselection{font-size:80%;font-weight:700;border-radius:4px;padding:2.4px 6px;margin:auto 2px}.rst-content .guilabel,.rst-content .menuselection{border:1px solid #7fbbe3;background:#e7f2fa}.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>.kbd,.rst-content :not(dl.option-list)>:not(dt):not(kbd):not(.kbd)>kbd{color:inherit;font-size:80%;background-color:#fff;border:1px solid #a6a6a6;border-radius:4px;box-shadow:0 2px grey;padding:2.4px 6px;margin:auto 0}.rst-content .versionmodified{font-style:italic}@media screen and (max-width:480px){.rst-content .sidebar{width:100%}}span[id*=MathJax-Span]{color:#404040}.math{text-align:center}@font-face{font-family:Lato;src:url(fonts/lato-normal.woff2?bd03a2cc277bbbc338d464e679fe9942) format("woff2"),url(fonts/lato-normal.woff?27bd77b9162d388cb8d4c4217c7c5e2a) format("woff");font-weight:400;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold.woff2?cccb897485813c7c256901dbca54ecf2) format("woff2"),url(fonts/lato-bold.woff?d878b6c29b10beca227e9eef4246111b) format("woff");font-weight:700;font-style:normal;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-bold-italic.woff2?0b6bb6725576b072c5d0b02ecdd1900d) format("woff2"),url(fonts/lato-bold-italic.woff?9c7e4e9eb485b4a121c760e61bc3707c) format("woff");font-weight:700;font-style:italic;font-display:block}@font-face{font-family:Lato;src:url(fonts/lato-normal-italic.woff2?4eb103b4d12be57cb1d040ed5e162e9d) format("woff2"),url(fonts/lato-normal-italic.woff?f28f2d6482446544ef1ea1ccc6dd5892) format("woff");font-weight:400;font-style:italic;font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:400;src:url(fonts/Roboto-Slab-Regular.woff2?7abf5b8d04d26a2cafea937019bca958) format("woff2"),url(fonts/Roboto-Slab-Regular.woff?c1be9284088d487c5e3ff0a10a92e58c) format("woff");font-display:block}@font-face{font-family:Roboto Slab;font-style:normal;font-weight:700;src:url(fonts/Roboto-Slab-Bold.woff2?9984f4a9bda09be08e83f2506954adbe) format("woff2"),url(fonts/Roboto-Slab-Bold.woff?bed5564a116b05148e3b3bea6fb1162a) format("woff");font-display:block} \ No newline at end of file + */@font-face{font-family:'FontAwesome';src:url("../fonts/fontawesome-webfont.eot?v=4.1.0");src:url("../fonts/fontawesome-webfont.eot?#iefix&v=4.1.0") format("embedded-opentype"),url("../fonts/fontawesome-webfont.woff?v=4.1.0") format("woff"),url("../fonts/fontawesome-webfont.ttf?v=4.1.0") format("truetype"),url("../fonts/fontawesome-webfont.svg?v=4.1.0#fontawesomeregular") format("svg");font-weight:normal;font-style:normal}.fa,.rst-content .admonition-title,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content dl dt .headerlink,.icon{display:inline-block;font-family:FontAwesome;font-style:normal;font-weight:normal;line-height:1;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.fa-lg{font-size:1.33333em;line-height:0.75em;vertical-align:-15%}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-fw{width:1.28571em;text-align:center}.fa-ul{padding-left:0;margin-left:2.14286em;list-style-type:none}.fa-ul>li{position:relative}.fa-li{position:absolute;left:-2.14286em;width:2.14286em;top:0.14286em;text-align:center}.fa-li.fa-lg{left:-1.85714em}.fa-border{padding:.2em .25em .15em;border:solid 0.08em #eee;border-radius:.1em}.pull-right{float:right}.pull-left{float:left}.fa.pull-left,.rst-content .pull-left.admonition-title,.rst-content h1 .pull-left.headerlink,.rst-content h2 .pull-left.headerlink,.rst-content h3 .pull-left.headerlink,.rst-content h4 .pull-left.headerlink,.rst-content h5 .pull-left.headerlink,.rst-content h6 .pull-left.headerlink,.rst-content dl dt .pull-left.headerlink,.pull-left.icon{margin-right:.3em}.fa.pull-right,.rst-content .pull-right.admonition-title,.rst-content h1 .pull-right.headerlink,.rst-content h2 .pull-right.headerlink,.rst-content h3 .pull-right.headerlink,.rst-content h4 .pull-right.headerlink,.rst-content h5 .pull-right.headerlink,.rst-content h6 .pull-right.headerlink,.rst-content dl dt .pull-right.headerlink,.pull-right.icon{margin-left:.3em}.fa-spin{-webkit-animation:spin 2s infinite linear;-moz-animation:spin 2s infinite linear;-o-animation:spin 2s infinite linear;animation:spin 2s infinite linear}@-moz-keyframes spin{0%{-moz-transform:rotate(0deg)}100%{-moz-transform:rotate(359deg)}}@-webkit-keyframes spin{0%{-webkit-transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg)}}@-o-keyframes spin{0%{-o-transform:rotate(0deg)}100%{-o-transform:rotate(359deg)}}@keyframes spin{0%{-webkit-transform:rotate(0deg);transform:rotate(0deg)}100%{-webkit-transform:rotate(359deg);transform:rotate(359deg)}}.fa-rotate-90{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=1);-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.fa-rotate-180{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2);-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.fa-rotate-270{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=3);-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.fa-flip-horizontal{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=0);-webkit-transform:scale(-1, 1);-moz-transform:scale(-1, 1);-ms-transform:scale(-1, 1);-o-transform:scale(-1, 1);transform:scale(-1, 1)}.fa-flip-vertical{filter:progid:DXImageTransform.Microsoft.BasicImage(rotation=2);-webkit-transform:scale(1, -1);-moz-transform:scale(1, -1);-ms-transform:scale(1, -1);-o-transform:scale(1, -1);transform:scale(1, -1)}.fa-stack{position:relative;display:inline-block;width:2em;height:2em;line-height:2em;vertical-align:middle}.fa-stack-1x,.fa-stack-2x{position:absolute;left:0;width:100%;text-align:center}.fa-stack-1x{line-height:inherit}.fa-stack-2x{font-size:2em}.fa-inverse{color:#fff}.fa-glass:before{content:"\f000"}.fa-music:before{content:"\f001"}.fa-search:before,.icon-search:before{content:"\f002"}.fa-envelope-o:before{content:"\f003"}.fa-heart:before{content:"\f004"}.fa-star:before{content:"\f005"}.fa-star-o:before{content:"\f006"}.fa-user:before{content:"\f007"}.fa-film:before{content:"\f008"}.fa-th-large:before{content:"\f009"}.fa-th:before{content:"\f00a"}.fa-th-list:before{content:"\f00b"}.fa-check:before{content:"\f00c"}.fa-times:before{content:"\f00d"}.fa-search-plus:before{content:"\f00e"}.fa-search-minus:before{content:"\f010"}.fa-power-off:before{content:"\f011"}.fa-signal:before{content:"\f012"}.fa-gear:before,.fa-cog:before{content:"\f013"}.fa-trash-o:before{content:"\f014"}.fa-home:before,.icon-home:before{content:"\f015"}.fa-file-o:before{content:"\f016"}.fa-clock-o:before{content:"\f017"}.fa-road:before{content:"\f018"}.fa-download:before{content:"\f019"}.fa-arrow-circle-o-down:before{content:"\f01a"}.fa-arrow-circle-o-up:before{content:"\f01b"}.fa-inbox:before{content:"\f01c"}.fa-play-circle-o:before{content:"\f01d"}.fa-rotate-right:before,.fa-repeat:before{content:"\f01e"}.fa-refresh:before{content:"\f021"}.fa-list-alt:before{content:"\f022"}.fa-lock:before{content:"\f023"}.fa-flag:before{content:"\f024"}.fa-headphones:before{content:"\f025"}.fa-volume-off:before{content:"\f026"}.fa-volume-down:before{content:"\f027"}.fa-volume-up:before{content:"\f028"}.fa-qrcode:before{content:"\f029"}.fa-barcode:before{content:"\f02a"}.fa-tag:before{content:"\f02b"}.fa-tags:before{content:"\f02c"}.fa-book:before,.icon-book:before{content:"\f02d"}.fa-bookmark:before{content:"\f02e"}.fa-print:before{content:"\f02f"}.fa-camera:before{content:"\f030"}.fa-font:before{content:"\f031"}.fa-bold:before{content:"\f032"}.fa-italic:before{content:"\f033"}.fa-text-height:before{content:"\f034"}.fa-text-width:before{content:"\f035"}.fa-align-left:before{content:"\f036"}.fa-align-center:before{content:"\f037"}.fa-align-right:before{content:"\f038"}.fa-align-justify:before{content:"\f039"}.fa-list:before{content:"\f03a"}.fa-dedent:before,.fa-outdent:before{content:"\f03b"}.fa-indent:before{content:"\f03c"}.fa-video-camera:before{content:"\f03d"}.fa-photo:before,.fa-image:before,.fa-picture-o:before{content:"\f03e"}.fa-pencil:before{content:"\f040"}.fa-map-marker:before{content:"\f041"}.fa-adjust:before{content:"\f042"}.fa-tint:before{content:"\f043"}.fa-edit:before,.fa-pencil-square-o:before{content:"\f044"}.fa-share-square-o:before{content:"\f045"}.fa-check-square-o:before{content:"\f046"}.fa-arrows:before{content:"\f047"}.fa-step-backward:before{content:"\f048"}.fa-fast-backward:before{content:"\f049"}.fa-backward:before{content:"\f04a"}.fa-play:before{content:"\f04b"}.fa-pause:before{content:"\f04c"}.fa-stop:before{content:"\f04d"}.fa-forward:before{content:"\f04e"}.fa-fast-forward:before{content:"\f050"}.fa-step-forward:before{content:"\f051"}.fa-eject:before{content:"\f052"}.fa-chevron-left:before{content:"\f053"}.fa-chevron-right:before{content:"\f054"}.fa-plus-circle:before{content:"\f055"}.fa-minus-circle:before{content:"\f056"}.fa-times-circle:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before{content:"\f057"}.fa-check-circle:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before{content:"\f058"}.fa-question-circle:before{content:"\f059"}.fa-info-circle:before{content:"\f05a"}.fa-crosshairs:before{content:"\f05b"}.fa-times-circle-o:before{content:"\f05c"}.fa-check-circle-o:before{content:"\f05d"}.fa-ban:before{content:"\f05e"}.fa-arrow-left:before{content:"\f060"}.fa-arrow-right:before{content:"\f061"}.fa-arrow-up:before{content:"\f062"}.fa-arrow-down:before{content:"\f063"}.fa-mail-forward:before,.fa-share:before{content:"\f064"}.fa-expand:before{content:"\f065"}.fa-compress:before{content:"\f066"}.fa-plus:before{content:"\f067"}.fa-minus:before{content:"\f068"}.fa-asterisk:before{content:"\f069"}.fa-exclamation-circle:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before,.rst-content .admonition-title:before{content:"\f06a"}.fa-gift:before{content:"\f06b"}.fa-leaf:before{content:"\f06c"}.fa-fire:before,.icon-fire:before{content:"\f06d"}.fa-eye:before{content:"\f06e"}.fa-eye-slash:before{content:"\f070"}.fa-warning:before,.fa-exclamation-triangle:before{content:"\f071"}.fa-plane:before{content:"\f072"}.fa-calendar:before{content:"\f073"}.fa-random:before{content:"\f074"}.fa-comment:before{content:"\f075"}.fa-magnet:before{content:"\f076"}.fa-chevron-up:before{content:"\f077"}.fa-chevron-down:before{content:"\f078"}.fa-retweet:before{content:"\f079"}.fa-shopping-cart:before{content:"\f07a"}.fa-folder:before{content:"\f07b"}.fa-folder-open:before{content:"\f07c"}.fa-arrows-v:before{content:"\f07d"}.fa-arrows-h:before{content:"\f07e"}.fa-bar-chart-o:before{content:"\f080"}.fa-twitter-square:before{content:"\f081"}.fa-facebook-square:before{content:"\f082"}.fa-camera-retro:before{content:"\f083"}.fa-key:before{content:"\f084"}.fa-gears:before,.fa-cogs:before{content:"\f085"}.fa-comments:before{content:"\f086"}.fa-thumbs-o-up:before{content:"\f087"}.fa-thumbs-o-down:before{content:"\f088"}.fa-star-half:before{content:"\f089"}.fa-heart-o:before{content:"\f08a"}.fa-sign-out:before{content:"\f08b"}.fa-linkedin-square:before{content:"\f08c"}.fa-thumb-tack:before{content:"\f08d"}.fa-external-link:before{content:"\f08e"}.fa-sign-in:before{content:"\f090"}.fa-trophy:before{content:"\f091"}.fa-github-square:before{content:"\f092"}.fa-upload:before{content:"\f093"}.fa-lemon-o:before{content:"\f094"}.fa-phone:before{content:"\f095"}.fa-square-o:before{content:"\f096"}.fa-bookmark-o:before{content:"\f097"}.fa-phone-square:before{content:"\f098"}.fa-twitter:before{content:"\f099"}.fa-facebook:before{content:"\f09a"}.fa-github:before,.icon-github:before{content:"\f09b"}.fa-unlock:before{content:"\f09c"}.fa-credit-card:before{content:"\f09d"}.fa-rss:before{content:"\f09e"}.fa-hdd-o:before{content:"\f0a0"}.fa-bullhorn:before{content:"\f0a1"}.fa-bell:before{content:"\f0f3"}.fa-certificate:before{content:"\f0a3"}.fa-hand-o-right:before{content:"\f0a4"}.fa-hand-o-left:before{content:"\f0a5"}.fa-hand-o-up:before{content:"\f0a6"}.fa-hand-o-down:before{content:"\f0a7"}.fa-arrow-circle-left:before,.icon-circle-arrow-left:before{content:"\f0a8"}.fa-arrow-circle-right:before,.icon-circle-arrow-right:before{content:"\f0a9"}.fa-arrow-circle-up:before{content:"\f0aa"}.fa-arrow-circle-down:before{content:"\f0ab"}.fa-globe:before{content:"\f0ac"}.fa-wrench:before{content:"\f0ad"}.fa-tasks:before{content:"\f0ae"}.fa-filter:before{content:"\f0b0"}.fa-briefcase:before{content:"\f0b1"}.fa-arrows-alt:before{content:"\f0b2"}.fa-group:before,.fa-users:before{content:"\f0c0"}.fa-chain:before,.fa-link:before,.icon-link:before{content:"\f0c1"}.fa-cloud:before{content:"\f0c2"}.fa-flask:before{content:"\f0c3"}.fa-cut:before,.fa-scissors:before{content:"\f0c4"}.fa-copy:before,.fa-files-o:before{content:"\f0c5"}.fa-paperclip:before{content:"\f0c6"}.fa-save:before,.fa-floppy-o:before{content:"\f0c7"}.fa-square:before{content:"\f0c8"}.fa-navicon:before,.fa-reorder:before,.fa-bars:before{content:"\f0c9"}.fa-list-ul:before{content:"\f0ca"}.fa-list-ol:before{content:"\f0cb"}.fa-strikethrough:before{content:"\f0cc"}.fa-underline:before{content:"\f0cd"}.fa-table:before{content:"\f0ce"}.fa-magic:before{content:"\f0d0"}.fa-truck:before{content:"\f0d1"}.fa-pinterest:before{content:"\f0d2"}.fa-pinterest-square:before{content:"\f0d3"}.fa-google-plus-square:before{content:"\f0d4"}.fa-google-plus:before{content:"\f0d5"}.fa-money:before{content:"\f0d6"}.fa-caret-down:before,.wy-dropdown .caret:before,.icon-caret-down:before{content:"\f0d7"}.fa-caret-up:before{content:"\f0d8"}.fa-caret-left:before{content:"\f0d9"}.fa-caret-right:before{content:"\f0da"}.fa-columns:before{content:"\f0db"}.fa-unsorted:before,.fa-sort:before{content:"\f0dc"}.fa-sort-down:before,.fa-sort-desc:before{content:"\f0dd"}.fa-sort-up:before,.fa-sort-asc:before{content:"\f0de"}.fa-envelope:before{content:"\f0e0"}.fa-linkedin:before{content:"\f0e1"}.fa-rotate-left:before,.fa-undo:before{content:"\f0e2"}.fa-legal:before,.fa-gavel:before{content:"\f0e3"}.fa-dashboard:before,.fa-tachometer:before{content:"\f0e4"}.fa-comment-o:before{content:"\f0e5"}.fa-comments-o:before{content:"\f0e6"}.fa-flash:before,.fa-bolt:before{content:"\f0e7"}.fa-sitemap:before{content:"\f0e8"}.fa-umbrella:before{content:"\f0e9"}.fa-paste:before,.fa-clipboard:before{content:"\f0ea"}.fa-lightbulb-o:before{content:"\f0eb"}.fa-exchange:before{content:"\f0ec"}.fa-cloud-download:before{content:"\f0ed"}.fa-cloud-upload:before{content:"\f0ee"}.fa-user-md:before{content:"\f0f0"}.fa-stethoscope:before{content:"\f0f1"}.fa-suitcase:before{content:"\f0f2"}.fa-bell-o:before{content:"\f0a2"}.fa-coffee:before{content:"\f0f4"}.fa-cutlery:before{content:"\f0f5"}.fa-file-text-o:before{content:"\f0f6"}.fa-building-o:before{content:"\f0f7"}.fa-hospital-o:before{content:"\f0f8"}.fa-ambulance:before{content:"\f0f9"}.fa-medkit:before{content:"\f0fa"}.fa-fighter-jet:before{content:"\f0fb"}.fa-beer:before{content:"\f0fc"}.fa-h-square:before{content:"\f0fd"}.fa-plus-square:before{content:"\f0fe"}.fa-angle-double-left:before{content:"\f100"}.fa-angle-double-right:before{content:"\f101"}.fa-angle-double-up:before{content:"\f102"}.fa-angle-double-down:before{content:"\f103"}.fa-angle-left:before{content:"\f104"}.fa-angle-right:before{content:"\f105"}.fa-angle-up:before{content:"\f106"}.fa-angle-down:before{content:"\f107"}.fa-desktop:before{content:"\f108"}.fa-laptop:before{content:"\f109"}.fa-tablet:before{content:"\f10a"}.fa-mobile-phone:before,.fa-mobile:before{content:"\f10b"}.fa-circle-o:before{content:"\f10c"}.fa-quote-left:before{content:"\f10d"}.fa-quote-right:before{content:"\f10e"}.fa-spinner:before{content:"\f110"}.fa-circle:before{content:"\f111"}.fa-mail-reply:before,.fa-reply:before{content:"\f112"}.fa-github-alt:before{content:"\f113"}.fa-folder-o:before{content:"\f114"}.fa-folder-open-o:before{content:"\f115"}.fa-smile-o:before{content:"\f118"}.fa-frown-o:before{content:"\f119"}.fa-meh-o:before{content:"\f11a"}.fa-gamepad:before{content:"\f11b"}.fa-keyboard-o:before{content:"\f11c"}.fa-flag-o:before{content:"\f11d"}.fa-flag-checkered:before{content:"\f11e"}.fa-terminal:before{content:"\f120"}.fa-code:before{content:"\f121"}.fa-mail-reply-all:before,.fa-reply-all:before{content:"\f122"}.fa-star-half-empty:before,.fa-star-half-full:before,.fa-star-half-o:before{content:"\f123"}.fa-location-arrow:before{content:"\f124"}.fa-crop:before{content:"\f125"}.fa-code-fork:before{content:"\f126"}.fa-unlink:before,.fa-chain-broken:before{content:"\f127"}.fa-question:before{content:"\f128"}.fa-info:before{content:"\f129"}.fa-exclamation:before{content:"\f12a"}.fa-superscript:before{content:"\f12b"}.fa-subscript:before{content:"\f12c"}.fa-eraser:before{content:"\f12d"}.fa-puzzle-piece:before{content:"\f12e"}.fa-microphone:before{content:"\f130"}.fa-microphone-slash:before{content:"\f131"}.fa-shield:before{content:"\f132"}.fa-calendar-o:before{content:"\f133"}.fa-fire-extinguisher:before{content:"\f134"}.fa-rocket:before{content:"\f135"}.fa-maxcdn:before{content:"\f136"}.fa-chevron-circle-left:before{content:"\f137"}.fa-chevron-circle-right:before{content:"\f138"}.fa-chevron-circle-up:before{content:"\f139"}.fa-chevron-circle-down:before{content:"\f13a"}.fa-html5:before{content:"\f13b"}.fa-css3:before{content:"\f13c"}.fa-anchor:before{content:"\f13d"}.fa-unlock-alt:before{content:"\f13e"}.fa-bullseye:before{content:"\f140"}.fa-ellipsis-h:before{content:"\f141"}.fa-ellipsis-v:before{content:"\f142"}.fa-rss-square:before{content:"\f143"}.fa-play-circle:before{content:"\f144"}.fa-ticket:before{content:"\f145"}.fa-minus-square:before{content:"\f146"}.fa-minus-square-o:before{content:"\f147"}.fa-level-up:before{content:"\f148"}.fa-level-down:before{content:"\f149"}.fa-check-square:before{content:"\f14a"}.fa-pencil-square:before{content:"\f14b"}.fa-external-link-square:before{content:"\f14c"}.fa-share-square:before{content:"\f14d"}.fa-compass:before{content:"\f14e"}.fa-toggle-down:before,.fa-caret-square-o-down:before{content:"\f150"}.fa-toggle-up:before,.fa-caret-square-o-up:before{content:"\f151"}.fa-toggle-right:before,.fa-caret-square-o-right:before{content:"\f152"}.fa-euro:before,.fa-eur:before{content:"\f153"}.fa-gbp:before{content:"\f154"}.fa-dollar:before,.fa-usd:before{content:"\f155"}.fa-rupee:before,.fa-inr:before{content:"\f156"}.fa-cny:before,.fa-rmb:before,.fa-yen:before,.fa-jpy:before{content:"\f157"}.fa-ruble:before,.fa-rouble:before,.fa-rub:before{content:"\f158"}.fa-won:before,.fa-krw:before{content:"\f159"}.fa-bitcoin:before,.fa-btc:before{content:"\f15a"}.fa-file:before{content:"\f15b"}.fa-file-text:before{content:"\f15c"}.fa-sort-alpha-asc:before{content:"\f15d"}.fa-sort-alpha-desc:before{content:"\f15e"}.fa-sort-amount-asc:before{content:"\f160"}.fa-sort-amount-desc:before{content:"\f161"}.fa-sort-numeric-asc:before{content:"\f162"}.fa-sort-numeric-desc:before{content:"\f163"}.fa-thumbs-up:before{content:"\f164"}.fa-thumbs-down:before{content:"\f165"}.fa-youtube-square:before{content:"\f166"}.fa-youtube:before{content:"\f167"}.fa-xing:before{content:"\f168"}.fa-xing-square:before{content:"\f169"}.fa-youtube-play:before{content:"\f16a"}.fa-dropbox:before{content:"\f16b"}.fa-stack-overflow:before{content:"\f16c"}.fa-instagram:before{content:"\f16d"}.fa-flickr:before{content:"\f16e"}.fa-adn:before{content:"\f170"}.fa-bitbucket:before,.icon-bitbucket:before{content:"\f171"}.fa-bitbucket-square:before{content:"\f172"}.fa-tumblr:before{content:"\f173"}.fa-tumblr-square:before{content:"\f174"}.fa-long-arrow-down:before{content:"\f175"}.fa-long-arrow-up:before{content:"\f176"}.fa-long-arrow-left:before{content:"\f177"}.fa-long-arrow-right:before{content:"\f178"}.fa-apple:before{content:"\f179"}.fa-windows:before{content:"\f17a"}.fa-android:before{content:"\f17b"}.fa-linux:before{content:"\f17c"}.fa-dribbble:before{content:"\f17d"}.fa-skype:before{content:"\f17e"}.fa-foursquare:before{content:"\f180"}.fa-trello:before{content:"\f181"}.fa-female:before{content:"\f182"}.fa-male:before{content:"\f183"}.fa-gittip:before{content:"\f184"}.fa-sun-o:before{content:"\f185"}.fa-moon-o:before{content:"\f186"}.fa-archive:before{content:"\f187"}.fa-bug:before{content:"\f188"}.fa-vk:before{content:"\f189"}.fa-weibo:before{content:"\f18a"}.fa-renren:before{content:"\f18b"}.fa-pagelines:before{content:"\f18c"}.fa-stack-exchange:before{content:"\f18d"}.fa-arrow-circle-o-right:before{content:"\f18e"}.fa-arrow-circle-o-left:before{content:"\f190"}.fa-toggle-left:before,.fa-caret-square-o-left:before{content:"\f191"}.fa-dot-circle-o:before{content:"\f192"}.fa-wheelchair:before{content:"\f193"}.fa-vimeo-square:before{content:"\f194"}.fa-turkish-lira:before,.fa-try:before{content:"\f195"}.fa-plus-square-o:before{content:"\f196"}.fa-space-shuttle:before{content:"\f197"}.fa-slack:before{content:"\f198"}.fa-envelope-square:before{content:"\f199"}.fa-wordpress:before{content:"\f19a"}.fa-openid:before{content:"\f19b"}.fa-institution:before,.fa-bank:before,.fa-university:before{content:"\f19c"}.fa-mortar-board:before,.fa-graduation-cap:before{content:"\f19d"}.fa-yahoo:before{content:"\f19e"}.fa-google:before{content:"\f1a0"}.fa-reddit:before{content:"\f1a1"}.fa-reddit-square:before{content:"\f1a2"}.fa-stumbleupon-circle:before{content:"\f1a3"}.fa-stumbleupon:before{content:"\f1a4"}.fa-delicious:before{content:"\f1a5"}.fa-digg:before{content:"\f1a6"}.fa-pied-piper-square:before,.fa-pied-piper:before{content:"\f1a7"}.fa-pied-piper-alt:before{content:"\f1a8"}.fa-drupal:before{content:"\f1a9"}.fa-joomla:before{content:"\f1aa"}.fa-language:before{content:"\f1ab"}.fa-fax:before{content:"\f1ac"}.fa-building:before{content:"\f1ad"}.fa-child:before{content:"\f1ae"}.fa-paw:before{content:"\f1b0"}.fa-spoon:before{content:"\f1b1"}.fa-cube:before{content:"\f1b2"}.fa-cubes:before{content:"\f1b3"}.fa-behance:before{content:"\f1b4"}.fa-behance-square:before{content:"\f1b5"}.fa-steam:before{content:"\f1b6"}.fa-steam-square:before{content:"\f1b7"}.fa-recycle:before{content:"\f1b8"}.fa-automobile:before,.fa-car:before{content:"\f1b9"}.fa-cab:before,.fa-taxi:before{content:"\f1ba"}.fa-tree:before{content:"\f1bb"}.fa-spotify:before{content:"\f1bc"}.fa-deviantart:before{content:"\f1bd"}.fa-soundcloud:before{content:"\f1be"}.fa-database:before{content:"\f1c0"}.fa-file-pdf-o:before{content:"\f1c1"}.fa-file-word-o:before{content:"\f1c2"}.fa-file-excel-o:before{content:"\f1c3"}.fa-file-powerpoint-o:before{content:"\f1c4"}.fa-file-photo-o:before,.fa-file-picture-o:before,.fa-file-image-o:before{content:"\f1c5"}.fa-file-zip-o:before,.fa-file-archive-o:before{content:"\f1c6"}.fa-file-sound-o:before,.fa-file-audio-o:before{content:"\f1c7"}.fa-file-movie-o:before,.fa-file-video-o:before{content:"\f1c8"}.fa-file-code-o:before{content:"\f1c9"}.fa-vine:before{content:"\f1ca"}.fa-codepen:before{content:"\f1cb"}.fa-jsfiddle:before{content:"\f1cc"}.fa-life-bouy:before,.fa-life-saver:before,.fa-support:before,.fa-life-ring:before{content:"\f1cd"}.fa-circle-o-notch:before{content:"\f1ce"}.fa-ra:before,.fa-rebel:before{content:"\f1d0"}.fa-ge:before,.fa-empire:before{content:"\f1d1"}.fa-git-square:before{content:"\f1d2"}.fa-git:before{content:"\f1d3"}.fa-hacker-news:before{content:"\f1d4"}.fa-tencent-weibo:before{content:"\f1d5"}.fa-qq:before{content:"\f1d6"}.fa-wechat:before,.fa-weixin:before{content:"\f1d7"}.fa-send:before,.fa-paper-plane:before{content:"\f1d8"}.fa-send-o:before,.fa-paper-plane-o:before{content:"\f1d9"}.fa-history:before{content:"\f1da"}.fa-circle-thin:before{content:"\f1db"}.fa-header:before{content:"\f1dc"}.fa-paragraph:before{content:"\f1dd"}.fa-sliders:before{content:"\f1de"}.fa-share-alt:before{content:"\f1e0"}.fa-share-alt-square:before{content:"\f1e1"}.fa-bomb:before{content:"\f1e2"}.fa,.rst-content .admonition-title,.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content dl dt .headerlink,.icon,.wy-dropdown .caret,.wy-inline-validate.wy-inline-validate-success .wy-input-context,.wy-inline-validate.wy-inline-validate-danger .wy-input-context,.wy-inline-validate.wy-inline-validate-warning .wy-input-context,.wy-inline-validate.wy-inline-validate-info .wy-input-context{font-family:inherit}.fa:before,.rst-content .admonition-title:before,.rst-content h1 .headerlink:before,.rst-content h2 .headerlink:before,.rst-content h3 .headerlink:before,.rst-content h4 .headerlink:before,.rst-content h5 .headerlink:before,.rst-content h6 .headerlink:before,.rst-content dl dt .headerlink:before,.icon:before,.wy-dropdown .caret:before,.wy-inline-validate.wy-inline-validate-success .wy-input-context:before,.wy-inline-validate.wy-inline-validate-danger .wy-input-context:before,.wy-inline-validate.wy-inline-validate-warning .wy-input-context:before,.wy-inline-validate.wy-inline-validate-info .wy-input-context:before{font-family:"FontAwesome";display:inline-block;font-style:normal;font-weight:normal;line-height:1;text-decoration:inherit}a .fa,a .rst-content .admonition-title,.rst-content a .admonition-title,a .rst-content h1 .headerlink,.rst-content h1 a .headerlink,a .rst-content h2 .headerlink,.rst-content h2 a .headerlink,a .rst-content h3 .headerlink,.rst-content h3 a .headerlink,a .rst-content h4 .headerlink,.rst-content h4 a .headerlink,a .rst-content h5 .headerlink,.rst-content h5 a .headerlink,a .rst-content h6 .headerlink,.rst-content h6 a .headerlink,a .rst-content dl dt .headerlink,.rst-content dl dt a .headerlink,a .icon{display:inline-block;text-decoration:inherit}.btn .fa,.btn .rst-content .admonition-title,.rst-content .btn .admonition-title,.btn .rst-content h1 .headerlink,.rst-content h1 .btn .headerlink,.btn .rst-content h2 .headerlink,.rst-content h2 .btn .headerlink,.btn .rst-content h3 .headerlink,.rst-content h3 .btn .headerlink,.btn .rst-content h4 .headerlink,.rst-content h4 .btn .headerlink,.btn .rst-content h5 .headerlink,.rst-content h5 .btn .headerlink,.btn .rst-content h6 .headerlink,.rst-content h6 .btn .headerlink,.btn .rst-content dl dt .headerlink,.rst-content dl dt .btn .headerlink,.btn .icon,.nav .fa,.nav .rst-content .admonition-title,.rst-content .nav .admonition-title,.nav .rst-content h1 .headerlink,.rst-content h1 .nav .headerlink,.nav .rst-content h2 .headerlink,.rst-content h2 .nav .headerlink,.nav .rst-content h3 .headerlink,.rst-content h3 .nav .headerlink,.nav .rst-content h4 .headerlink,.rst-content h4 .nav .headerlink,.nav .rst-content h5 .headerlink,.rst-content h5 .nav .headerlink,.nav .rst-content h6 .headerlink,.rst-content h6 .nav .headerlink,.nav .rst-content dl dt .headerlink,.rst-content dl dt .nav .headerlink,.nav .icon{display:inline}.btn .fa.fa-large,.btn .rst-content .fa-large.admonition-title,.rst-content .btn .fa-large.admonition-title,.btn .rst-content h1 .fa-large.headerlink,.rst-content h1 .btn .fa-large.headerlink,.btn .rst-content h2 .fa-large.headerlink,.rst-content h2 .btn .fa-large.headerlink,.btn .rst-content h3 .fa-large.headerlink,.rst-content h3 .btn .fa-large.headerlink,.btn .rst-content h4 .fa-large.headerlink,.rst-content h4 .btn .fa-large.headerlink,.btn .rst-content h5 .fa-large.headerlink,.rst-content h5 .btn .fa-large.headerlink,.btn .rst-content h6 .fa-large.headerlink,.rst-content h6 .btn .fa-large.headerlink,.btn .rst-content dl dt .fa-large.headerlink,.rst-content dl dt .btn .fa-large.headerlink,.btn .fa-large.icon,.nav .fa.fa-large,.nav .rst-content .fa-large.admonition-title,.rst-content .nav .fa-large.admonition-title,.nav .rst-content h1 .fa-large.headerlink,.rst-content h1 .nav .fa-large.headerlink,.nav .rst-content h2 .fa-large.headerlink,.rst-content h2 .nav .fa-large.headerlink,.nav .rst-content h3 .fa-large.headerlink,.rst-content h3 .nav .fa-large.headerlink,.nav .rst-content h4 .fa-large.headerlink,.rst-content h4 .nav .fa-large.headerlink,.nav .rst-content h5 .fa-large.headerlink,.rst-content h5 .nav .fa-large.headerlink,.nav .rst-content h6 .fa-large.headerlink,.rst-content h6 .nav .fa-large.headerlink,.nav .rst-content dl dt .fa-large.headerlink,.rst-content dl dt .nav .fa-large.headerlink,.nav .fa-large.icon{line-height:0.9em}.btn .fa.fa-spin,.btn .rst-content .fa-spin.admonition-title,.rst-content .btn .fa-spin.admonition-title,.btn .rst-content h1 .fa-spin.headerlink,.rst-content h1 .btn .fa-spin.headerlink,.btn .rst-content h2 .fa-spin.headerlink,.rst-content h2 .btn .fa-spin.headerlink,.btn .rst-content h3 .fa-spin.headerlink,.rst-content h3 .btn .fa-spin.headerlink,.btn .rst-content h4 .fa-spin.headerlink,.rst-content h4 .btn .fa-spin.headerlink,.btn .rst-content h5 .fa-spin.headerlink,.rst-content h5 .btn .fa-spin.headerlink,.btn .rst-content h6 .fa-spin.headerlink,.rst-content h6 .btn .fa-spin.headerlink,.btn .rst-content dl dt .fa-spin.headerlink,.rst-content dl dt .btn .fa-spin.headerlink,.btn .fa-spin.icon,.nav .fa.fa-spin,.nav .rst-content .fa-spin.admonition-title,.rst-content .nav .fa-spin.admonition-title,.nav .rst-content h1 .fa-spin.headerlink,.rst-content h1 .nav .fa-spin.headerlink,.nav .rst-content h2 .fa-spin.headerlink,.rst-content h2 .nav .fa-spin.headerlink,.nav .rst-content h3 .fa-spin.headerlink,.rst-content h3 .nav .fa-spin.headerlink,.nav .rst-content h4 .fa-spin.headerlink,.rst-content h4 .nav .fa-spin.headerlink,.nav .rst-content h5 .fa-spin.headerlink,.rst-content h5 .nav .fa-spin.headerlink,.nav .rst-content h6 .fa-spin.headerlink,.rst-content h6 .nav .fa-spin.headerlink,.nav .rst-content dl dt .fa-spin.headerlink,.rst-content dl dt .nav .fa-spin.headerlink,.nav .fa-spin.icon{display:inline-block}.btn.fa:before,.rst-content .btn.admonition-title:before,.rst-content h1 .btn.headerlink:before,.rst-content h2 .btn.headerlink:before,.rst-content h3 .btn.headerlink:before,.rst-content h4 .btn.headerlink:before,.rst-content h5 .btn.headerlink:before,.rst-content h6 .btn.headerlink:before,.rst-content dl dt .btn.headerlink:before,.btn.icon:before{opacity:0.5;-webkit-transition:opacity 0.05s ease-in;-moz-transition:opacity 0.05s ease-in;transition:opacity 0.05s ease-in}.btn.fa:hover:before,.rst-content .btn.admonition-title:hover:before,.rst-content h1 .btn.headerlink:hover:before,.rst-content h2 .btn.headerlink:hover:before,.rst-content h3 .btn.headerlink:hover:before,.rst-content h4 .btn.headerlink:hover:before,.rst-content h5 .btn.headerlink:hover:before,.rst-content h6 .btn.headerlink:hover:before,.rst-content dl dt .btn.headerlink:hover:before,.btn.icon:hover:before{opacity:1}.btn-mini .fa:before,.btn-mini .rst-content .admonition-title:before,.rst-content .btn-mini .admonition-title:before,.btn-mini .rst-content h1 .headerlink:before,.rst-content h1 .btn-mini .headerlink:before,.btn-mini .rst-content h2 .headerlink:before,.rst-content h2 .btn-mini .headerlink:before,.btn-mini .rst-content h3 .headerlink:before,.rst-content h3 .btn-mini .headerlink:before,.btn-mini .rst-content h4 .headerlink:before,.rst-content h4 .btn-mini .headerlink:before,.btn-mini .rst-content h5 .headerlink:before,.rst-content h5 .btn-mini .headerlink:before,.btn-mini .rst-content h6 .headerlink:before,.rst-content h6 .btn-mini .headerlink:before,.btn-mini .rst-content dl dt .headerlink:before,.rst-content dl dt .btn-mini .headerlink:before,.btn-mini .icon:before{font-size:14px;vertical-align:-15%}.wy-alert,.rst-content .note,.rst-content .attention,.rst-content .caution,.rst-content .danger,.rst-content .error,.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .warning,.rst-content .seealso,.rst-content .admonition-todo{padding:12px;line-height:24px;margin-bottom:24px;background:#e7f2fa}.wy-alert-title,.rst-content .admonition-title{color:#fff;font-weight:bold;display:block;color:#fff;background:#6ab0de;margin:-12px;padding:6px 12px;margin-bottom:12px}.wy-alert.wy-alert-danger,.rst-content .wy-alert-danger.note,.rst-content .wy-alert-danger.attention,.rst-content .wy-alert-danger.caution,.rst-content .danger,.rst-content .error,.rst-content .wy-alert-danger.hint,.rst-content .wy-alert-danger.important,.rst-content .wy-alert-danger.tip,.rst-content .wy-alert-danger.warning,.rst-content .wy-alert-danger.seealso,.rst-content .wy-alert-danger.admonition-todo{background:#fdf3f2}.wy-alert.wy-alert-danger .wy-alert-title,.rst-content .wy-alert-danger.note .wy-alert-title,.rst-content .wy-alert-danger.attention .wy-alert-title,.rst-content .wy-alert-danger.caution .wy-alert-title,.rst-content .danger .wy-alert-title,.rst-content .error .wy-alert-title,.rst-content .wy-alert-danger.hint .wy-alert-title,.rst-content .wy-alert-danger.important .wy-alert-title,.rst-content .wy-alert-danger.tip .wy-alert-title,.rst-content .wy-alert-danger.warning .wy-alert-title,.rst-content .wy-alert-danger.seealso .wy-alert-title,.rst-content .wy-alert-danger.admonition-todo .wy-alert-title,.wy-alert.wy-alert-danger .rst-content .admonition-title,.rst-content .wy-alert.wy-alert-danger .admonition-title,.rst-content .wy-alert-danger.note .admonition-title,.rst-content .wy-alert-danger.attention .admonition-title,.rst-content .wy-alert-danger.caution .admonition-title,.rst-content .danger .admonition-title,.rst-content .error .admonition-title,.rst-content .wy-alert-danger.hint .admonition-title,.rst-content .wy-alert-danger.important .admonition-title,.rst-content .wy-alert-danger.tip .admonition-title,.rst-content .wy-alert-danger.warning .admonition-title,.rst-content .wy-alert-danger.seealso .admonition-title,.rst-content .wy-alert-danger.admonition-todo .admonition-title{background:#f29f97}.wy-alert.wy-alert-warning,.rst-content .wy-alert-warning.note,.rst-content .attention,.rst-content .caution,.rst-content .wy-alert-warning.danger,.rst-content .wy-alert-warning.error,.rst-content .wy-alert-warning.hint,.rst-content .wy-alert-warning.important,.rst-content .wy-alert-warning.tip,.rst-content .warning,.rst-content .wy-alert-warning.seealso,.rst-content .admonition-todo{background:#ffedcc}.wy-alert.wy-alert-warning .wy-alert-title,.rst-content .wy-alert-warning.note .wy-alert-title,.rst-content .attention .wy-alert-title,.rst-content .caution .wy-alert-title,.rst-content .wy-alert-warning.danger .wy-alert-title,.rst-content .wy-alert-warning.error .wy-alert-title,.rst-content .wy-alert-warning.hint .wy-alert-title,.rst-content .wy-alert-warning.important .wy-alert-title,.rst-content .wy-alert-warning.tip .wy-alert-title,.rst-content .warning .wy-alert-title,.rst-content .wy-alert-warning.seealso .wy-alert-title,.rst-content .admonition-todo .wy-alert-title,.wy-alert.wy-alert-warning .rst-content .admonition-title,.rst-content .wy-alert.wy-alert-warning .admonition-title,.rst-content .wy-alert-warning.note .admonition-title,.rst-content .attention .admonition-title,.rst-content .caution .admonition-title,.rst-content .wy-alert-warning.danger .admonition-title,.rst-content .wy-alert-warning.error .admonition-title,.rst-content .wy-alert-warning.hint .admonition-title,.rst-content .wy-alert-warning.important .admonition-title,.rst-content .wy-alert-warning.tip .admonition-title,.rst-content .warning .admonition-title,.rst-content .wy-alert-warning.seealso .admonition-title,.rst-content .admonition-todo .admonition-title{background:#f0b37e}.wy-alert.wy-alert-info,.rst-content .note,.rst-content .wy-alert-info.attention,.rst-content .wy-alert-info.caution,.rst-content .wy-alert-info.danger,.rst-content .wy-alert-info.error,.rst-content .wy-alert-info.hint,.rst-content .wy-alert-info.important,.rst-content .wy-alert-info.tip,.rst-content .wy-alert-info.warning,.rst-content .seealso,.rst-content .wy-alert-info.admonition-todo{background:#e7f2fa}.wy-alert.wy-alert-info .wy-alert-title,.rst-content .note .wy-alert-title,.rst-content .wy-alert-info.attention .wy-alert-title,.rst-content .wy-alert-info.caution .wy-alert-title,.rst-content .wy-alert-info.danger .wy-alert-title,.rst-content .wy-alert-info.error .wy-alert-title,.rst-content .wy-alert-info.hint .wy-alert-title,.rst-content .wy-alert-info.important .wy-alert-title,.rst-content .wy-alert-info.tip .wy-alert-title,.rst-content .wy-alert-info.warning .wy-alert-title,.rst-content .seealso .wy-alert-title,.rst-content .wy-alert-info.admonition-todo .wy-alert-title,.wy-alert.wy-alert-info .rst-content .admonition-title,.rst-content .wy-alert.wy-alert-info .admonition-title,.rst-content .note .admonition-title,.rst-content .wy-alert-info.attention .admonition-title,.rst-content .wy-alert-info.caution .admonition-title,.rst-content .wy-alert-info.danger .admonition-title,.rst-content .wy-alert-info.error .admonition-title,.rst-content .wy-alert-info.hint .admonition-title,.rst-content .wy-alert-info.important .admonition-title,.rst-content .wy-alert-info.tip .admonition-title,.rst-content .wy-alert-info.warning .admonition-title,.rst-content .seealso .admonition-title,.rst-content .wy-alert-info.admonition-todo .admonition-title{background:#6ab0de}.wy-alert.wy-alert-success,.rst-content .wy-alert-success.note,.rst-content .wy-alert-success.attention,.rst-content .wy-alert-success.caution,.rst-content .wy-alert-success.danger,.rst-content .wy-alert-success.error,.rst-content .hint,.rst-content .important,.rst-content .tip,.rst-content .wy-alert-success.warning,.rst-content .wy-alert-success.seealso,.rst-content .wy-alert-success.admonition-todo{background:#dbfaf4}.wy-alert.wy-alert-success .wy-alert-title,.rst-content .wy-alert-success.note .wy-alert-title,.rst-content .wy-alert-success.attention .wy-alert-title,.rst-content .wy-alert-success.caution .wy-alert-title,.rst-content .wy-alert-success.danger .wy-alert-title,.rst-content .wy-alert-success.error .wy-alert-title,.rst-content .hint .wy-alert-title,.rst-content .important .wy-alert-title,.rst-content .tip .wy-alert-title,.rst-content .wy-alert-success.warning .wy-alert-title,.rst-content .wy-alert-success.seealso .wy-alert-title,.rst-content .wy-alert-success.admonition-todo .wy-alert-title,.wy-alert.wy-alert-success .rst-content .admonition-title,.rst-content .wy-alert.wy-alert-success .admonition-title,.rst-content .wy-alert-success.note .admonition-title,.rst-content .wy-alert-success.attention .admonition-title,.rst-content .wy-alert-success.caution .admonition-title,.rst-content .wy-alert-success.danger .admonition-title,.rst-content .wy-alert-success.error .admonition-title,.rst-content .hint .admonition-title,.rst-content .important .admonition-title,.rst-content .tip .admonition-title,.rst-content .wy-alert-success.warning .admonition-title,.rst-content .wy-alert-success.seealso .admonition-title,.rst-content .wy-alert-success.admonition-todo .admonition-title{background:#1abc9c}.wy-alert.wy-alert-neutral,.rst-content .wy-alert-neutral.note,.rst-content .wy-alert-neutral.attention,.rst-content .wy-alert-neutral.caution,.rst-content .wy-alert-neutral.danger,.rst-content .wy-alert-neutral.error,.rst-content .wy-alert-neutral.hint,.rst-content .wy-alert-neutral.important,.rst-content .wy-alert-neutral.tip,.rst-content .wy-alert-neutral.warning,.rst-content .wy-alert-neutral.seealso,.rst-content .wy-alert-neutral.admonition-todo{background:#f3f6f6}.wy-alert.wy-alert-neutral .wy-alert-title,.rst-content .wy-alert-neutral.note .wy-alert-title,.rst-content .wy-alert-neutral.attention .wy-alert-title,.rst-content .wy-alert-neutral.caution .wy-alert-title,.rst-content .wy-alert-neutral.danger .wy-alert-title,.rst-content .wy-alert-neutral.error .wy-alert-title,.rst-content .wy-alert-neutral.hint .wy-alert-title,.rst-content .wy-alert-neutral.important .wy-alert-title,.rst-content .wy-alert-neutral.tip .wy-alert-title,.rst-content .wy-alert-neutral.warning .wy-alert-title,.rst-content .wy-alert-neutral.seealso .wy-alert-title,.rst-content .wy-alert-neutral.admonition-todo .wy-alert-title,.wy-alert.wy-alert-neutral .rst-content .admonition-title,.rst-content .wy-alert.wy-alert-neutral .admonition-title,.rst-content .wy-alert-neutral.note .admonition-title,.rst-content .wy-alert-neutral.attention .admonition-title,.rst-content .wy-alert-neutral.caution .admonition-title,.rst-content .wy-alert-neutral.danger .admonition-title,.rst-content .wy-alert-neutral.error .admonition-title,.rst-content .wy-alert-neutral.hint .admonition-title,.rst-content .wy-alert-neutral.important .admonition-title,.rst-content .wy-alert-neutral.tip .admonition-title,.rst-content .wy-alert-neutral.warning .admonition-title,.rst-content .wy-alert-neutral.seealso .admonition-title,.rst-content .wy-alert-neutral.admonition-todo .admonition-title{color:#404040;background:#e1e4e5}.wy-alert.wy-alert-neutral a,.rst-content .wy-alert-neutral.note a,.rst-content .wy-alert-neutral.attention a,.rst-content .wy-alert-neutral.caution a,.rst-content .wy-alert-neutral.danger a,.rst-content .wy-alert-neutral.error a,.rst-content .wy-alert-neutral.hint a,.rst-content .wy-alert-neutral.important a,.rst-content .wy-alert-neutral.tip a,.rst-content .wy-alert-neutral.warning a,.rst-content .wy-alert-neutral.seealso a,.rst-content .wy-alert-neutral.admonition-todo a{color:#2980b9}.wy-alert p:last-child,.rst-content .note p:last-child,.rst-content .attention p:last-child,.rst-content .caution p:last-child,.rst-content .danger p:last-child,.rst-content .error p:last-child,.rst-content .hint p:last-child,.rst-content .important p:last-child,.rst-content .tip p:last-child,.rst-content .warning p:last-child,.rst-content .seealso p:last-child,.rst-content .admonition-todo p:last-child{margin-bottom:0}.wy-tray-container{position:fixed;bottom:0px;left:0;z-index:600}.wy-tray-container li{display:block;width:300px;background:transparent;color:#fff;text-align:center;box-shadow:0 5px 5px 0 rgba(0,0,0,0.1);padding:0 24px;min-width:20%;opacity:0;height:0;line-height:56px;overflow:hidden;-webkit-transition:all 0.3s ease-in;-moz-transition:all 0.3s ease-in;transition:all 0.3s ease-in}.wy-tray-container li.wy-tray-item-success{background:#27ae60}.wy-tray-container li.wy-tray-item-info{background:#2980b9}.wy-tray-container li.wy-tray-item-warning{background:#e67e22}.wy-tray-container li.wy-tray-item-danger{background:#e74c3c}.wy-tray-container li.on{opacity:1;height:56px}@media screen and (max-width: 768px){.wy-tray-container{bottom:auto;top:0;width:100%}.wy-tray-container li{width:100%}}button{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle;cursor:pointer;line-height:normal;-webkit-appearance:button;*overflow:visible}button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}button[disabled]{cursor:default}.btn{display:inline-block;border-radius:2px;line-height:normal;white-space:nowrap;text-align:center;cursor:pointer;font-size:100%;padding:6px 12px 8px 12px;color:#fff;border:1px solid rgba(0,0,0,0.1);background-color:#27ae60;text-decoration:none;font-weight:normal;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;box-shadow:0px 1px 2px -1px rgba(255,255,255,0.5) inset,0px -2px 0px 0px rgba(0,0,0,0.1) inset;outline-none:false;vertical-align:middle;*display:inline;zoom:1;-webkit-user-drag:none;-webkit-user-select:none;-moz-user-select:none;-ms-user-select:none;user-select:none;-webkit-transition:all 0.1s linear;-moz-transition:all 0.1s linear;transition:all 0.1s linear}.btn-hover{background:#2e8ece;color:#fff}.btn:hover{background:#2cc36b;color:#fff}.btn:focus{background:#2cc36b;outline:0}.btn:active{box-shadow:0px -1px 0px 0px rgba(0,0,0,0.05) inset,0px 2px 0px 0px rgba(0,0,0,0.1) inset;padding:8px 12px 6px 12px}.btn:visited{color:#fff}.btn:disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:0.4;cursor:not-allowed;box-shadow:none}.btn-disabled{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:0.4;cursor:not-allowed;box-shadow:none}.btn-disabled:hover,.btn-disabled:focus,.btn-disabled:active{background-image:none;filter:progid:DXImageTransform.Microsoft.gradient(enabled = false);filter:alpha(opacity=40);opacity:0.4;cursor:not-allowed;box-shadow:none}.btn::-moz-focus-inner{padding:0;border:0}.btn-small{font-size:80%}.btn-info{background-color:#2980b9 !important}.btn-info:hover{background-color:#2e8ece !important}.btn-neutral{background-color:#f3f6f6 !important;color:#404040 !important}.btn-neutral:hover{background-color:#e5ebeb !important;color:#404040}.btn-neutral:visited{color:#404040 !important}.btn-success{background-color:#27ae60 !important}.btn-success:hover{background-color:#295 !important}.btn-danger{background-color:#e74c3c !important}.btn-danger:hover{background-color:#ea6153 !important}.btn-warning{background-color:#e67e22 !important}.btn-warning:hover{background-color:#e98b39 !important}.btn-invert{background-color:#222}.btn-invert:hover{background-color:#2f2f2f !important}.btn-link{background-color:transparent !important;color:#2980b9;box-shadow:none;border-color:transparent !important}.btn-link:hover{background-color:transparent !important;color:#409ad5 !important;box-shadow:none}.btn-link:active{background-color:transparent !important;color:#409ad5 !important;box-shadow:none}.btn-link:visited{color:#9b59b6}.wy-btn-group .btn,.wy-control .btn{vertical-align:middle}.wy-btn-group{margin-bottom:24px;*zoom:1}.wy-btn-group:before,.wy-btn-group:after{display:table;content:""}.wy-btn-group:after{clear:both}.wy-dropdown{position:relative;display:inline-block}.wy-dropdown-menu{position:absolute;left:0;display:none;float:left;top:100%;min-width:100%;background:#fcfcfc;z-index:100;border:solid 1px #cfd7dd;box-shadow:0 2px 2px 0 rgba(0,0,0,0.1);padding:12px}.wy-dropdown-menu>dd>a{display:block;clear:both;color:#404040;white-space:nowrap;font-size:90%;padding:0 12px;cursor:pointer}.wy-dropdown-menu>dd>a:hover{background:#2980b9;color:#fff}.wy-dropdown-menu>dd.divider{border-top:solid 1px #cfd7dd;margin:6px 0}.wy-dropdown-menu>dd.search{padding-bottom:12px}.wy-dropdown-menu>dd.search input[type="search"]{width:100%}.wy-dropdown-menu>dd.call-to-action{background:#e3e3e3;text-transform:uppercase;font-weight:500;font-size:80%}.wy-dropdown-menu>dd.call-to-action:hover{background:#e3e3e3}.wy-dropdown-menu>dd.call-to-action .btn{color:#fff}.wy-dropdown.wy-dropdown-up .wy-dropdown-menu{bottom:100%;top:auto;left:auto;right:0}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu{background:#fcfcfc;margin-top:2px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a{padding:6px 12px}.wy-dropdown.wy-dropdown-bubble .wy-dropdown-menu a:hover{background:#2980b9;color:#fff}.wy-dropdown.wy-dropdown-left .wy-dropdown-menu{right:0;text-align:right}.wy-dropdown-arrow:before{content:" ";border-bottom:5px solid #f5f5f5;border-left:5px solid transparent;border-right:5px solid transparent;position:absolute;display:block;top:-4px;left:50%;margin-left:-3px}.wy-dropdown-arrow.wy-dropdown-arrow-left:before{left:11px}.wy-form-stacked select{display:block}.wy-form-aligned input,.wy-form-aligned textarea,.wy-form-aligned select,.wy-form-aligned .wy-help-inline,.wy-form-aligned label{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-form-aligned .wy-control-group>label{display:inline-block;vertical-align:middle;width:10em;margin:6px 12px 0 0;float:left}.wy-form-aligned .wy-control{float:left}.wy-form-aligned .wy-control label{display:block}.wy-form-aligned .wy-control select{margin-top:6px}fieldset{border:0;margin:0;padding:0}legend{display:block;width:100%;border:0;padding:0;white-space:normal;margin-bottom:24px;font-size:150%;*margin-left:-7px}label{display:block;margin:0 0 0.3125em 0;color:#999;font-size:90%}input,select,textarea{font-size:100%;margin:0;vertical-align:baseline;*vertical-align:middle}.wy-control-group{margin-bottom:24px;*zoom:1;max-width:68em;margin-left:auto;margin-right:auto;*zoom:1}.wy-control-group:before,.wy-control-group:after{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group:before,.wy-control-group:after{display:table;content:""}.wy-control-group:after{clear:both}.wy-control-group.wy-control-group-required>label:after{content:" *";color:#e74c3c}.wy-control-group .wy-form-full,.wy-control-group .wy-form-halves,.wy-control-group .wy-form-thirds{padding-bottom:12px}.wy-control-group .wy-form-full select,.wy-control-group .wy-form-halves select,.wy-control-group .wy-form-thirds select{width:100%}.wy-control-group .wy-form-full input[type="text"],.wy-control-group .wy-form-full input[type="password"],.wy-control-group .wy-form-full input[type="email"],.wy-control-group .wy-form-full input[type="url"],.wy-control-group .wy-form-full input[type="date"],.wy-control-group .wy-form-full input[type="month"],.wy-control-group .wy-form-full input[type="time"],.wy-control-group .wy-form-full input[type="datetime"],.wy-control-group .wy-form-full input[type="datetime-local"],.wy-control-group .wy-form-full input[type="week"],.wy-control-group .wy-form-full input[type="number"],.wy-control-group .wy-form-full input[type="search"],.wy-control-group .wy-form-full input[type="tel"],.wy-control-group .wy-form-full input[type="color"],.wy-control-group .wy-form-halves input[type="text"],.wy-control-group .wy-form-halves input[type="password"],.wy-control-group .wy-form-halves input[type="email"],.wy-control-group .wy-form-halves input[type="url"],.wy-control-group .wy-form-halves input[type="date"],.wy-control-group .wy-form-halves input[type="month"],.wy-control-group .wy-form-halves input[type="time"],.wy-control-group .wy-form-halves input[type="datetime"],.wy-control-group .wy-form-halves input[type="datetime-local"],.wy-control-group .wy-form-halves input[type="week"],.wy-control-group .wy-form-halves input[type="number"],.wy-control-group .wy-form-halves input[type="search"],.wy-control-group .wy-form-halves input[type="tel"],.wy-control-group .wy-form-halves input[type="color"],.wy-control-group .wy-form-thirds input[type="text"],.wy-control-group .wy-form-thirds input[type="password"],.wy-control-group .wy-form-thirds input[type="email"],.wy-control-group .wy-form-thirds input[type="url"],.wy-control-group .wy-form-thirds input[type="date"],.wy-control-group .wy-form-thirds input[type="month"],.wy-control-group .wy-form-thirds input[type="time"],.wy-control-group .wy-form-thirds input[type="datetime"],.wy-control-group .wy-form-thirds input[type="datetime-local"],.wy-control-group .wy-form-thirds input[type="week"],.wy-control-group .wy-form-thirds input[type="number"],.wy-control-group .wy-form-thirds input[type="search"],.wy-control-group .wy-form-thirds input[type="tel"],.wy-control-group .wy-form-thirds input[type="color"]{width:100%}.wy-control-group .wy-form-full{display:block;float:left;margin-right:2.35765%;width:100%;margin-right:0}.wy-control-group .wy-form-full:last-child{margin-right:0}.wy-control-group .wy-form-halves{display:block;float:left;margin-right:2.35765%;width:48.82117%}.wy-control-group .wy-form-halves:last-child{margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(2n){margin-right:0}.wy-control-group .wy-form-halves:nth-of-type(2n+1){clear:left}.wy-control-group .wy-form-thirds{display:block;float:left;margin-right:2.35765%;width:31.76157%}.wy-control-group .wy-form-thirds:last-child{margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n){margin-right:0}.wy-control-group .wy-form-thirds:nth-of-type(3n+1){clear:left}.wy-control-group.wy-control-group-no-input .wy-control{margin:6px 0 0 0;font-size:90%}.wy-control-no-input{display:inline-block;margin:6px 0 0 0;font-size:90%}.wy-control-group.fluid-input input[type="text"],.wy-control-group.fluid-input input[type="password"],.wy-control-group.fluid-input input[type="email"],.wy-control-group.fluid-input input[type="url"],.wy-control-group.fluid-input input[type="date"],.wy-control-group.fluid-input input[type="month"],.wy-control-group.fluid-input input[type="time"],.wy-control-group.fluid-input input[type="datetime"],.wy-control-group.fluid-input input[type="datetime-local"],.wy-control-group.fluid-input input[type="week"],.wy-control-group.fluid-input input[type="number"],.wy-control-group.fluid-input input[type="search"],.wy-control-group.fluid-input input[type="tel"],.wy-control-group.fluid-input input[type="color"]{width:100%}.wy-form-message-inline{display:inline-block;padding-left:0.3em;color:#666;vertical-align:middle;font-size:90%}.wy-form-message{display:block;color:#999;font-size:70%;margin-top:0.3125em;font-style:italic}input{line-height:normal}input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;*overflow:visible}input[type="text"],input[type="password"],input[type="email"],input[type="url"],input[type="date"],input[type="month"],input[type="time"],input[type="datetime"],input[type="datetime-local"],input[type="week"],input[type="number"],input[type="search"],input[type="tel"],input[type="color"]{-webkit-appearance:none;padding:6px;display:inline-block;border:1px solid #ccc;font-size:80%;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;box-shadow:inset 0 1px 3px #ddd;border-radius:0;-webkit-transition:border 0.3s linear;-moz-transition:border 0.3s linear;transition:border 0.3s linear}input[type="datetime-local"]{padding:0.34375em 0.625em}input[disabled]{cursor:default}input[type="checkbox"],input[type="radio"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;padding:0;margin-right:0.3125em;*height:13px;*width:13px}input[type="search"]{-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box}input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}input[type="text"]:focus,input[type="password"]:focus,input[type="email"]:focus,input[type="url"]:focus,input[type="date"]:focus,input[type="month"]:focus,input[type="time"]:focus,input[type="datetime"]:focus,input[type="datetime-local"]:focus,input[type="week"]:focus,input[type="number"]:focus,input[type="search"]:focus,input[type="tel"]:focus,input[type="color"]:focus{outline:0;outline:thin dotted \9;border-color:#333}input.no-focus:focus{border-color:#ccc !important}input[type="file"]:focus,input[type="radio"]:focus,input[type="checkbox"]:focus{outline:thin dotted #333;outline:1px auto #129fea}input[type="text"][disabled],input[type="password"][disabled],input[type="email"][disabled],input[type="url"][disabled],input[type="date"][disabled],input[type="month"][disabled],input[type="time"][disabled],input[type="datetime"][disabled],input[type="datetime-local"][disabled],input[type="week"][disabled],input[type="number"][disabled],input[type="search"][disabled],input[type="tel"][disabled],input[type="color"][disabled]{cursor:not-allowed;background-color:#f3f6f6;color:#cad2d3}input:focus:invalid,textarea:focus:invalid,select:focus:invalid{color:#e74c3c;border:1px solid #e74c3c}input:focus:invalid:focus,textarea:focus:invalid:focus,select:focus:invalid:focus{border-color:#e74c3c}input[type="file"]:focus:invalid:focus,input[type="radio"]:focus:invalid:focus,input[type="checkbox"]:focus:invalid:focus{outline-color:#e74c3c}input.wy-input-large{padding:12px;font-size:100%}textarea{overflow:auto;vertical-align:top;width:100%;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif}select,textarea{padding:0.5em 0.625em;display:inline-block;border:1px solid #ccc;font-size:80%;box-shadow:inset 0 1px 3px #ddd;-webkit-transition:border 0.3s linear;-moz-transition:border 0.3s linear;transition:border 0.3s linear}select{border:1px solid #ccc;background-color:#fff}select[multiple]{height:auto}select:focus,textarea:focus{outline:0}select[disabled],textarea[disabled],input[readonly],select[readonly],textarea[readonly]{cursor:not-allowed;background-color:#fff;color:#cad2d3;border-color:transparent}.wy-checkbox,.wy-radio{margin:6px 0;color:#404040;display:block}.wy-checkbox input,.wy-radio input{vertical-align:baseline}.wy-form-message-inline{display:inline-block;*display:inline;*zoom:1;vertical-align:middle}.wy-input-prefix,.wy-input-suffix{white-space:nowrap}.wy-input-prefix .wy-input-context,.wy-input-suffix .wy-input-context{padding:6px;display:inline-block;font-size:80%;background-color:#f3f6f6;border:solid 1px #ccc;color:#999}.wy-input-suffix .wy-input-context{border-left:0}.wy-input-prefix .wy-input-context{border-right:0}.wy-control-group.wy-control-group-error .wy-form-message,.wy-control-group.wy-control-group-error>label{color:#e74c3c}.wy-control-group.wy-control-group-error input[type="text"],.wy-control-group.wy-control-group-error input[type="password"],.wy-control-group.wy-control-group-error input[type="email"],.wy-control-group.wy-control-group-error input[type="url"],.wy-control-group.wy-control-group-error input[type="date"],.wy-control-group.wy-control-group-error input[type="month"],.wy-control-group.wy-control-group-error input[type="time"],.wy-control-group.wy-control-group-error input[type="datetime"],.wy-control-group.wy-control-group-error input[type="datetime-local"],.wy-control-group.wy-control-group-error input[type="week"],.wy-control-group.wy-control-group-error input[type="number"],.wy-control-group.wy-control-group-error input[type="search"],.wy-control-group.wy-control-group-error input[type="tel"],.wy-control-group.wy-control-group-error input[type="color"]{border:solid 1px #e74c3c}.wy-control-group.wy-control-group-error textarea{border:solid 1px #e74c3c}.wy-inline-validate{white-space:nowrap}.wy-inline-validate .wy-input-context{padding:0.5em 0.625em;display:inline-block;font-size:80%}.wy-inline-validate.wy-inline-validate-success .wy-input-context{color:#27ae60}.wy-inline-validate.wy-inline-validate-danger .wy-input-context{color:#e74c3c}.wy-inline-validate.wy-inline-validate-warning .wy-input-context{color:#e67e22}.wy-inline-validate.wy-inline-validate-info .wy-input-context{color:#2980b9}.rotate-90{-webkit-transform:rotate(90deg);-moz-transform:rotate(90deg);-ms-transform:rotate(90deg);-o-transform:rotate(90deg);transform:rotate(90deg)}.rotate-180{-webkit-transform:rotate(180deg);-moz-transform:rotate(180deg);-ms-transform:rotate(180deg);-o-transform:rotate(180deg);transform:rotate(180deg)}.rotate-270{-webkit-transform:rotate(270deg);-moz-transform:rotate(270deg);-ms-transform:rotate(270deg);-o-transform:rotate(270deg);transform:rotate(270deg)}.mirror{-webkit-transform:scaleX(-1);-moz-transform:scaleX(-1);-ms-transform:scaleX(-1);-o-transform:scaleX(-1);transform:scaleX(-1)}.mirror.rotate-90{-webkit-transform:scaleX(-1) rotate(90deg);-moz-transform:scaleX(-1) rotate(90deg);-ms-transform:scaleX(-1) rotate(90deg);-o-transform:scaleX(-1) rotate(90deg);transform:scaleX(-1) rotate(90deg)}.mirror.rotate-180{-webkit-transform:scaleX(-1) rotate(180deg);-moz-transform:scaleX(-1) rotate(180deg);-ms-transform:scaleX(-1) rotate(180deg);-o-transform:scaleX(-1) rotate(180deg);transform:scaleX(-1) rotate(180deg)}.mirror.rotate-270{-webkit-transform:scaleX(-1) rotate(270deg);-moz-transform:scaleX(-1) rotate(270deg);-ms-transform:scaleX(-1) rotate(270deg);-o-transform:scaleX(-1) rotate(270deg);transform:scaleX(-1) rotate(270deg)}@media only screen and (max-width: 480px){.wy-form button[type="submit"]{margin:0.7em 0 0}.wy-form input[type="text"],.wy-form input[type="password"],.wy-form input[type="email"],.wy-form input[type="url"],.wy-form input[type="date"],.wy-form input[type="month"],.wy-form input[type="time"],.wy-form input[type="datetime"],.wy-form input[type="datetime-local"],.wy-form input[type="week"],.wy-form input[type="number"],.wy-form input[type="search"],.wy-form input[type="tel"],.wy-form input[type="color"]{margin-bottom:0.3em;display:block}.wy-form label{margin-bottom:0.3em;display:block}.wy-form input[type="password"],.wy-form input[type="email"],.wy-form input[type="url"],.wy-form input[type="date"],.wy-form input[type="month"],.wy-form input[type="time"],.wy-form input[type="datetime"],.wy-form input[type="datetime-local"],.wy-form input[type="week"],.wy-form input[type="number"],.wy-form input[type="search"],.wy-form input[type="tel"],.wy-form input[type="color"]{margin-bottom:0}.wy-form-aligned .wy-control-group label{margin-bottom:0.3em;text-align:left;display:block;width:100%}.wy-form-aligned .wy-control{margin:1.5em 0 0 0}.wy-form .wy-help-inline,.wy-form-message-inline,.wy-form-message{display:block;font-size:80%;padding:6px 0}}@media screen and (max-width: 768px){.tablet-hide{display:none}}@media screen and (max-width: 480px){.mobile-hide{display:none}}.float-left{float:left}.float-right{float:right}.full-width{width:100%}.wy-table,.rst-content table.docutils,.rst-content table.field-list{border-collapse:collapse;border-spacing:0;empty-cells:show;margin-bottom:24px}.wy-table caption,.rst-content table.docutils caption,.rst-content table.field-list caption{color:#000;font:italic 85%/1 arial,sans-serif;padding:1em 0;text-align:center}.wy-table td,.rst-content table.docutils td,.rst-content table.field-list td,.wy-table th,.rst-content table.docutils th,.rst-content table.field-list th{font-size:90%;margin:0;overflow:visible;padding:8px 16px}.wy-table td:first-child,.rst-content table.docutils td:first-child,.rst-content table.field-list td:first-child,.wy-table th:first-child,.rst-content table.docutils th:first-child,.rst-content table.field-list th:first-child{border-left-width:0}.wy-table thead,.rst-content table.docutils thead,.rst-content table.field-list thead{color:#000;text-align:left;vertical-align:bottom;white-space:nowrap}.wy-table thead th,.rst-content table.docutils thead th,.rst-content table.field-list thead th{font-weight:bold;border-bottom:solid 2px #e1e4e5}.wy-table td,.rst-content table.docutils td,.rst-content table.field-list td{background-color:transparent;vertical-align:middle}.wy-table td p,.rst-content table.docutils td p,.rst-content table.field-list td p{line-height:18px}.wy-table td p:last-child,.rst-content table.docutils td p:last-child,.rst-content table.field-list td p:last-child{margin-bottom:0}.wy-table .wy-table-cell-min,.rst-content table.docutils .wy-table-cell-min,.rst-content table.field-list .wy-table-cell-min{width:1%;padding-right:0}.wy-table .wy-table-cell-min input[type=checkbox],.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox],.wy-table .wy-table-cell-min input[type=checkbox],.rst-content table.docutils .wy-table-cell-min input[type=checkbox],.rst-content table.field-list .wy-table-cell-min input[type=checkbox]{margin:0}.wy-table-secondary{color:gray;font-size:90%}.wy-table-tertiary{color:gray;font-size:80%}.wy-table-odd td,.wy-table-striped tr:nth-child(2n-1) td,.rst-content table.docutils:not(.field-list) tr:nth-child(2n-1) td{background-color:#f3f6f6}.wy-table-backed{background-color:#f3f6f6}.wy-table-bordered-all,.rst-content table.docutils{border:1px solid #e1e4e5}.wy-table-bordered-all td,.rst-content table.docutils td{border-bottom:1px solid #e1e4e5;border-left:1px solid #e1e4e5}.wy-table-bordered-all tbody>tr:last-child td,.rst-content table.docutils tbody>tr:last-child td{border-bottom-width:0}.wy-table-bordered{border:1px solid #e1e4e5}.wy-table-bordered-rows td{border-bottom:1px solid #e1e4e5}.wy-table-bordered-rows tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-horizontal td,.wy-table-horizontal th{border-width:0 0 1px 0;border-bottom:1px solid #e1e4e5}.wy-table-horizontal tbody>tr:last-child td{border-bottom-width:0}.wy-table-responsive{margin-bottom:24px;max-width:100%;overflow:auto}.wy-table-responsive table{margin-bottom:0 !important}.wy-table-responsive table td,.wy-table-responsive table th{white-space:nowrap}a{color:#2980b9;text-decoration:none}a:hover{color:#3091d1}a:visited{color:#9b59b6}html{height:100%;overflow-x:hidden}body{font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;font-weight:normal;color:#404040;min-height:100%;overflow-x:hidden;background:#edf0f2}.wy-text-left{text-align:left}.wy-text-center{text-align:center}.wy-text-right{text-align:right}.wy-text-large{font-size:120%}.wy-text-normal{font-size:100%}.wy-text-small,small{font-size:80%}.wy-text-strike{text-decoration:line-through}.wy-text-warning{color:#e67e22 !important}a.wy-text-warning:hover{color:#eb9950 !important}.wy-text-info{color:#2980b9 !important}a.wy-text-info:hover{color:#409ad5 !important}.wy-text-success{color:#27ae60 !important}a.wy-text-success:hover{color:#36d278 !important}.wy-text-danger{color:#e74c3c !important}a.wy-text-danger:hover{color:#ed7669 !important}.wy-text-neutral{color:#404040 !important}a.wy-text-neutral:hover{color:#595959 !important}h1,h2,h3,h4,h5,h6,legend{margin-top:0;font-weight:700;font-family:"Roboto Slab","ff-tisa-web-pro","Georgia",Arial,sans-serif}p{line-height:24px;margin:0;font-size:16px;margin-bottom:24px}h1{font-size:175%}h2{font-size:150%}h3{font-size:125%}h4{font-size:115%}h5{font-size:110%}h6{font-size:100%}hr{display:block;height:1px;border:0;border-top:1px solid #e1e4e5;margin:24px 0;padding:0}code,.rst-content tt{white-space:nowrap;max-width:100%;background:#fff;border:solid 1px #e1e4e5;font-size:75%;padding:0 5px;font-family:Consolas,"Andale Mono WT","Andale Mono","Lucida Console","Lucida Sans Typewriter","DejaVu Sans Mono","Bitstream Vera Sans Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier New",Courier,monospace;color:#e74c3c;overflow-x:auto}code.code-large,.rst-content tt.code-large{font-size:90%}.wy-plain-list-disc,.rst-content .section ul,.rst-content .toctree-wrapper ul,article ul{list-style:disc;line-height:24px;margin-bottom:24px}.wy-plain-list-disc li,.rst-content .section ul li,.rst-content .toctree-wrapper ul li,article ul li{list-style:disc;margin-left:24px}.wy-plain-list-disc li p:last-child,.rst-content .section ul li p:last-child,.rst-content .toctree-wrapper ul li p:last-child,article ul li p:last-child{margin-bottom:0}.wy-plain-list-disc li ul,.rst-content .section ul li ul,.rst-content .toctree-wrapper ul li ul,article ul li ul{margin-bottom:0}.wy-plain-list-disc li li,.rst-content .section ul li li,.rst-content .toctree-wrapper ul li li,article ul li li{list-style:circle}.wy-plain-list-disc li li li,.rst-content .section ul li li li,.rst-content .toctree-wrapper ul li li li,article ul li li li{list-style:square}.wy-plain-list-disc li ol li,.rst-content .section ul li ol li,.rst-content .toctree-wrapper ul li ol li,article ul li ol li{list-style:decimal}.wy-plain-list-decimal,.rst-content .section ol,.rst-content ol.arabic,article ol{list-style:decimal;line-height:24px;margin-bottom:24px}.wy-plain-list-decimal li,.rst-content .section ol li,.rst-content ol.arabic li,article ol li{list-style:decimal;margin-left:24px}.wy-plain-list-decimal li p:last-child,.rst-content .section ol li p:last-child,.rst-content ol.arabic li p:last-child,article ol li p:last-child{margin-bottom:0}.wy-plain-list-decimal li ul,.rst-content .section ol li ul,.rst-content ol.arabic li ul,article ol li ul{margin-bottom:0}.wy-plain-list-decimal li ul li,.rst-content .section ol li ul li,.rst-content ol.arabic li ul li,article ol li ul li{list-style:disc}.codeblock-example{border:1px solid #e1e4e5;border-bottom:none;padding:24px;padding-top:48px;font-weight:500;background:#fff;position:relative}.codeblock-example:after{content:"Example";position:absolute;top:0px;left:0px;background:#9b59b6;color:#fff;padding:6px 12px}.codeblock-example.prettyprint-example-only{border:1px solid #e1e4e5;margin-bottom:24px}.codeblock,pre.literal-block,.rst-content .literal-block,.rst-content pre.literal-block,div[class^='highlight']{border:1px solid #e1e4e5;padding:0px;overflow-x:auto;background:#fff;margin:1px 0 24px 0}.codeblock div[class^='highlight'],pre.literal-block div[class^='highlight'],.rst-content .literal-block div[class^='highlight'],div[class^='highlight'] div[class^='highlight']{border:none;background:none;margin:0}div[class^='highlight'] td.code{width:100%}.linenodiv pre{border-right:solid 1px #e6e9ea;margin:0;padding:12px 12px;font-family:Consolas,"Andale Mono WT","Andale Mono","Lucida Console","Lucida Sans Typewriter","DejaVu Sans Mono","Bitstream Vera Sans Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier New",Courier,monospace;font-size:12px;line-height:1.5;color:#d9d9d9}div[class^='highlight'] pre{white-space:pre;margin:0;padding:12px 12px;font-family:Consolas,"Andale Mono WT","Andale Mono","Lucida Console","Lucida Sans Typewriter","DejaVu Sans Mono","Bitstream Vera Sans Mono","Liberation Mono","Nimbus Mono L",Monaco,"Courier New",Courier,monospace;font-size:12px;line-height:1.5;display:block;overflow:auto;color:#404040}@media print{.codeblock,pre.literal-block,.rst-content .literal-block,.rst-content pre.literal-block,div[class^='highlight'],div[class^='highlight'] pre{white-space:pre-wrap}}.hll{background-color:#ffc;margin:0 -12px;padding:0 12px;display:block}.c{color:#998;font-style:italic}.err{color:#a61717;background-color:#e3d2d2}.k{font-weight:bold}.o{font-weight:bold}.cm{color:#998;font-style:italic}.cp{color:#999;font-weight:bold}.c1{color:#998;font-style:italic}.cs{color:#999;font-weight:bold;font-style:italic}.gd{color:#000;background-color:#fdd}.gd .x{color:#000;background-color:#faa}.ge{font-style:italic}.gr{color:#a00}.gh{color:#999}.gi{color:#000;background-color:#dfd}.gi .x{color:#000;background-color:#afa}.go{color:#888}.gp{color:#555}.gs{font-weight:bold}.gu{color:purple;font-weight:bold}.gt{color:#a00}.kc{font-weight:bold}.kd{font-weight:bold}.kn{font-weight:bold}.kp{font-weight:bold}.kr{font-weight:bold}.kt{color:#458;font-weight:bold}.m{color:#099}.s{color:#d14}.n{color:#333}.na{color:teal}.nb{color:#0086b3}.nc{color:#458;font-weight:bold}.no{color:teal}.ni{color:purple}.ne{color:#900;font-weight:bold}.nf{color:#900;font-weight:bold}.nn{color:#555}.nt{color:navy}.nv{color:teal}.ow{font-weight:bold}.w{color:#bbb}.mf{color:#099}.mh{color:#099}.mi{color:#099}.mo{color:#099}.sb{color:#d14}.sc{color:#d14}.sd{color:#d14}.s2{color:#d14}.se{color:#d14}.sh{color:#d14}.si{color:#d14}.sx{color:#d14}.sr{color:#009926}.s1{color:#d14}.ss{color:#990073}.bp{color:#999}.vc{color:teal}.vg{color:teal}.vi{color:teal}.il{color:#099}.gc{color:#999;background-color:#eaf2f5}.wy-breadcrumbs li{display:inline-block}.wy-breadcrumbs li.wy-breadcrumbs-aside{float:right}.wy-breadcrumbs li a{display:inline-block;padding:5px}.wy-breadcrumbs li a:first-child{padding-left:0}.wy-breadcrumbs-extra{margin-bottom:0;color:#b3b3b3;font-size:80%;display:inline-block}@media screen and (max-width: 480px){.wy-breadcrumbs-extra{display:none}.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}@media print{.wy-breadcrumbs li.wy-breadcrumbs-aside{display:none}}.wy-affix{position:fixed;top:1.618em}.wy-menu a:hover{text-decoration:none}.wy-menu-horiz{*zoom:1}.wy-menu-horiz:before,.wy-menu-horiz:after{display:table;content:""}.wy-menu-horiz:after{clear:both}.wy-menu-horiz ul,.wy-menu-horiz li{display:inline-block}.wy-menu-horiz li:hover{background:rgba(255,255,255,0.1)}.wy-menu-horiz li.divide-left{border-left:solid 1px #404040}.wy-menu-horiz li.divide-right{border-right:solid 1px #404040}.wy-menu-horiz a{height:32px;display:inline-block;line-height:32px;padding:0 16px}.wy-menu-vertical header{height:32px;display:inline-block;line-height:32px;padding:0 1.618em;display:block;font-weight:bold;text-transform:uppercase;font-size:80%;color:#2980b9;white-space:nowrap}.wy-menu-vertical ul{margin-bottom:0}.wy-menu-vertical li.divide-top{border-top:solid 1px #404040}.wy-menu-vertical li.divide-bottom{border-bottom:solid 1px #404040}.wy-menu-vertical li.current{background:#e3e3e3}.wy-menu-vertical li.current a{color:gray;border-right:solid 1px #c9c9c9;padding:0.4045em 2.427em}.wy-menu-vertical li.current a:hover{background:#d6d6d6}.wy-menu-vertical li.on a,.wy-menu-vertical li.current>a{color:#404040;padding:0.4045em 1.618em;font-weight:bold;position:relative;background:#fcfcfc;border:none;border-bottom:solid 1px #c9c9c9;border-top:solid 1px #c9c9c9;padding-left:1.618em -4px}.wy-menu-vertical li.on a:hover,.wy-menu-vertical li.current>a:hover{background:#fcfcfc}.wy-menu-vertical li.toctree-l2.current>a{background:#c9c9c9;padding:0.4045em 2.427em}.wy-menu-vertical li.current ul{display:block}.wy-menu-vertical li ul{margin-bottom:0;display:none}.wy-menu-vertical .local-toc li ul{display:block}.wy-menu-vertical li ul li a{margin-bottom:0;color:#b3b3b3;font-weight:normal}.wy-menu-vertical a{display:inline-block;line-height:18px;padding:0.4045em 1.618em;display:block;position:relative;font-size:90%;color:#b3b3b3}.wy-menu-vertical a:hover{background-color:#4e4a4a;cursor:pointer}.wy-menu-vertical a:active{background-color:#2980b9;cursor:pointer;color:#fff}.wy-side-nav-search{z-index:200;background-color:#2980b9;text-align:center;padding:0.809em;display:block;color:#fcfcfc;margin-bottom:0.809em}.wy-side-nav-search input[type=text]{width:100%;border-radius:50px;padding:6px 12px;border-color:#2472a4}.wy-side-nav-search img{display:block;margin:auto auto 0.809em auto;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-side-nav-search>a,.wy-side-nav-search .wy-dropdown>a{color:#fcfcfc;font-size:100%;font-weight:bold;display:inline-block;padding:4px 6px;margin-bottom:0.809em}.wy-side-nav-search>a:hover,.wy-side-nav-search .wy-dropdown>a:hover{background:rgba(255,255,255,0.1)}.wy-nav .wy-menu-vertical header{color:#2980b9}.wy-nav .wy-menu-vertical a{color:#b3b3b3}.wy-nav .wy-menu-vertical a:hover{background-color:#2980b9;color:#fff}[data-menu-wrap]{-webkit-transition:all 0.2s ease-in;-moz-transition:all 0.2s ease-in;transition:all 0.2s ease-in;position:absolute;opacity:1;width:100%;opacity:0}[data-menu-wrap].move-center{left:0;right:auto;opacity:1}[data-menu-wrap].move-left{right:auto;left:-100%;opacity:0}[data-menu-wrap].move-right{right:-100%;left:auto;opacity:0}.wy-body-for-nav{background:left repeat-y #fcfcfc;background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDoxOERBMTRGRDBFMUUxMUUzODUwMkJCOThDMEVFNURFMCIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDoxOERBMTRGRTBFMUUxMUUzODUwMkJCOThDMEVFNURFMCI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOjE4REExNEZCMEUxRTExRTM4NTAyQkI5OEMwRUU1REUwIiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOjE4REExNEZDMEUxRTExRTM4NTAyQkI5OEMwRUU1REUwIi8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+EwrlwAAAAA5JREFUeNpiMDU0BAgwAAE2AJgB9BnaAAAAAElFTkSuQmCC);background-size:300px 1px}.wy-grid-for-nav{position:absolute;width:100%;height:100%}.wy-nav-side{position:absolute;top:0;left:0;width:300px;overflow:hidden;min-height:100%;background:#343131;z-index:200}.wy-nav-top{display:none;background:#2980b9;color:#fff;padding:0.4045em 0.809em;position:relative;line-height:50px;text-align:center;font-size:100%;*zoom:1}.wy-nav-top:before,.wy-nav-top:after{display:table;content:""}.wy-nav-top:after{clear:both}.wy-nav-top a{color:#fff;font-weight:bold}.wy-nav-top img{margin-right:12px;height:45px;width:45px;background-color:#2980b9;padding:5px;border-radius:100%}.wy-nav-top i{font-size:30px;float:left;cursor:pointer}.wy-nav-content-wrap{margin-left:300px;background:#fcfcfc;min-height:100%}.wy-nav-content{padding:1.618em 3.236em;height:100%;max-width:800px;margin:auto}.wy-body-mask{position:fixed;width:100%;height:100%;background:rgba(0,0,0,0.2);display:none;z-index:499}.wy-body-mask.on{display:block}footer{color:#999}footer p{margin-bottom:12px}.rst-footer-buttons{*zoom:1}.rst-footer-buttons:before,.rst-footer-buttons:after{display:table;content:""}.rst-footer-buttons:after{clear:both}#search-results .search li{margin-bottom:24px;border-bottom:solid 1px #e1e4e5;padding-bottom:24px}#search-results .search li:first-child{border-top:solid 1px #e1e4e5;padding-top:24px}#search-results .search li a{font-size:120%;margin-bottom:12px;display:inline-block}#search-results .context{color:gray;font-size:90%}@media screen and (max-width: 768px){.wy-body-for-nav{background:#fcfcfc}.wy-nav-top{display:block}.wy-nav-side{left:-300px}.wy-nav-side.shift{width:85%;left:0}.wy-nav-content-wrap{margin-left:0}.wy-nav-content-wrap .wy-nav-content{padding:1.618em}.wy-nav-content-wrap.shift{position:fixed;min-width:100%;left:85%;top:0;height:100%;overflow:hidden}}@media screen and (min-width: 1400px){.wy-nav-content-wrap{background:rgba(0,0,0,0.05)}.wy-nav-content{margin:0;background:#fcfcfc}}@media print{.rst-versions,footer,.wy-nav-side{display:none}.wy-nav-content-wrap{margin-left:0}}nav.stickynav{position:fixed;top:0}.rst-versions{position:fixed;bottom:0;left:0;width:300px;color:#fcfcfc;background:#1f1d1d;border-top:solid 10px #343131;font-family:"Lato","proxima-nova","Helvetica Neue",Arial,sans-serif;z-index:400}.rst-versions a{color:#2980b9;text-decoration:none}.rst-versions .rst-badge-small{display:none}.rst-versions .rst-current-version{padding:12px;background-color:#272525;display:block;text-align:right;font-size:90%;cursor:pointer;color:#27ae60;*zoom:1}.rst-versions .rst-current-version:before,.rst-versions .rst-current-version:after{display:table;content:""}.rst-versions .rst-current-version:after{clear:both}.rst-versions .rst-current-version .fa,.rst-versions .rst-current-version .rst-content .admonition-title,.rst-content .rst-versions .rst-current-version .admonition-title,.rst-versions .rst-current-version .rst-content h1 .headerlink,.rst-content h1 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content h2 .headerlink,.rst-content h2 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content h3 .headerlink,.rst-content h3 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content h4 .headerlink,.rst-content h4 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content h5 .headerlink,.rst-content h5 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content h6 .headerlink,.rst-content h6 .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .rst-content dl dt .headerlink,.rst-content dl dt .rst-versions .rst-current-version .headerlink,.rst-versions .rst-current-version .icon{color:#fcfcfc}.rst-versions .rst-current-version .fa-book,.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version .icon-book{float:left}.rst-versions .rst-current-version.rst-out-of-date{background-color:#e74c3c;color:#fff}.rst-versions .rst-current-version.rst-active-old-version{background-color:#f1c40f;color:#000}.rst-versions.shift-up .rst-other-versions{display:block}.rst-versions .rst-other-versions{font-size:90%;padding:12px;color:gray;display:none}.rst-versions .rst-other-versions hr{display:block;height:1px;border:0;margin:20px 0;padding:0;border-top:solid 1px #413d3d}.rst-versions .rst-other-versions dd{display:inline-block;margin:0}.rst-versions .rst-other-versions dd a{display:inline-block;padding:6px;color:#fcfcfc}.rst-versions.rst-badge{width:auto;bottom:20px;right:20px;left:auto;border:none;max-width:300px}.rst-versions.rst-badge .icon-book{float:none}.rst-versions.rst-badge .fa-book,.rst-versions.rst-badge .icon-book{float:none}.rst-versions.rst-badge.shift-up .rst-current-version{text-align:right}.rst-versions.rst-badge.shift-up .rst-current-version .fa-book,.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge.shift-up .rst-current-version .icon-book{float:left}.rst-versions.rst-badge .rst-current-version{width:auto;height:30px;line-height:30px;padding:0 6px;display:block;text-align:center}@media screen and (max-width: 768px){.rst-versions{width:85%;display:none}.rst-versions.shift{display:block}img{width:100%;height:auto}}.rst-content img{max-width:100%;height:auto !important}.rst-content div.figure{margin-bottom:24px}.rst-content div.figure.align-center{text-align:center}.rst-content .section>img{margin-bottom:24px}.rst-content blockquote{margin-left:24px;line-height:24px;margin-bottom:24px}.rst-content .note .last,.rst-content .attention .last,.rst-content .caution .last,.rst-content .danger .last,.rst-content .error .last,.rst-content .hint .last,.rst-content .important .last,.rst-content .tip .last,.rst-content .warning .last,.rst-content .seealso .last,.rst-content .admonition-todo .last{margin-bottom:0}.rst-content .admonition-title:before{margin-right:4px}.rst-content .admonition table{border-color:rgba(0,0,0,0.1)}.rst-content .admonition table td,.rst-content .admonition table th{background:transparent !important;border-color:rgba(0,0,0,0.1) !important}.rst-content .section ol.loweralpha,.rst-content .section ol.loweralpha li{list-style:lower-alpha}.rst-content .section ol.upperalpha,.rst-content .section ol.upperalpha li{list-style:upper-alpha}.rst-content .section ol p,.rst-content .section ul p{margin-bottom:12px}.rst-content .line-block{margin-left:24px}.rst-content .topic-title{font-weight:bold;margin-bottom:12px}.rst-content .toc-backref{color:#404040}.rst-content .align-right{float:right;margin:0px 0px 24px 24px}.rst-content .align-left{float:left;margin:0px 24px 24px 0px}.rst-content .align-center{margin:auto;display:block}.rst-content h1 .headerlink,.rst-content h2 .headerlink,.rst-content h3 .headerlink,.rst-content h4 .headerlink,.rst-content h5 .headerlink,.rst-content h6 .headerlink,.rst-content dl dt .headerlink{display:none;visibility:hidden;font-size:14px}.rst-content h1 .headerlink:after,.rst-content h2 .headerlink:after,.rst-content h3 .headerlink:after,.rst-content h4 .headerlink:after,.rst-content h5 .headerlink:after,.rst-content h6 .headerlink:after,.rst-content dl dt .headerlink:after{visibility:visible;content:"\f0c1";font-family:FontAwesome;display:inline-block}.rst-content h1:hover .headerlink,.rst-content h2:hover .headerlink,.rst-content h3:hover .headerlink,.rst-content h4:hover .headerlink,.rst-content h5:hover .headerlink,.rst-content h6:hover .headerlink,.rst-content dl dt:hover .headerlink{display:inline-block}.rst-content .sidebar{float:right;width:40%;display:block;margin:0 0 24px 24px;padding:24px;background:#f3f6f6;border:solid 1px #e1e4e5}.rst-content .sidebar p,.rst-content .sidebar ul,.rst-content .sidebar dl{font-size:90%}.rst-content .sidebar .last{margin-bottom:0}.rst-content .sidebar .sidebar-title{display:block;font-family:"Roboto Slab","ff-tisa-web-pro","Georgia",Arial,sans-serif;font-weight:bold;background:#e1e4e5;padding:6px 12px;margin:-24px;margin-bottom:24px;font-size:100%}.rst-content .highlighted{background:#f1c40f;display:inline-block;font-weight:bold;padding:0 6px}.rst-content .footnote-reference,.rst-content .citation-reference{vertical-align:super;font-size:90%}.rst-content table.docutils.citation,.rst-content table.docutils.footnote{background:none;border:none;color:#999}.rst-content table.docutils.citation td,.rst-content table.docutils.citation tr,.rst-content table.docutils.footnote td,.rst-content table.docutils.footnote tr{border:none;background-color:transparent !important;white-space:normal}.rst-content table.docutils.citation td.label,.rst-content table.docutils.footnote td.label{padding-left:0;padding-right:0;vertical-align:top}.rst-content table.field-list{border:none}.rst-content table.field-list td{border:none;padding-top:5px}.rst-content table.field-list td>strong{display:inline-block;margin-top:3px}.rst-content table.field-list .field-name{padding-right:10px;text-align:left;white-space:nowrap}.rst-content table.field-list .field-body{text-align:left;padding-left:0}.rst-content tt{color:#000}.rst-content tt big,.rst-content tt em{font-size:100% !important;line-height:normal}.rst-content tt .xref,a .rst-content tt{font-weight:bold}.rst-content a tt{color:#2980b9}.rst-content dl{margin-bottom:24px}.rst-content dl dt{font-weight:bold}.rst-content dl p,.rst-content dl table,.rst-content dl ul,.rst-content dl ol{margin-bottom:12px !important}.rst-content dl dd{margin:0 0 12px 24px}.rst-content dl:not(.docutils){margin-bottom:24px}.rst-content dl:not(.docutils) dt{display:inline-block;margin:6px 0;font-size:90%;line-height:normal;background:#e7f2fa;color:#2980b9;border-top:solid 3px #6ab0de;padding:6px;position:relative}.rst-content dl:not(.docutils) dt:before{color:#6ab0de}.rst-content dl:not(.docutils) dt .headerlink{color:#404040;font-size:100% !important}.rst-content dl:not(.docutils) dl dt{margin-bottom:6px;border:none;border-left:solid 3px #ccc;background:#f0f0f0;color:gray}.rst-content dl:not(.docutils) dl dt .headerlink{color:#404040;font-size:100% !important}.rst-content dl:not(.docutils) dt:first-child{margin-top:0}.rst-content dl:not(.docutils) tt{font-weight:bold}.rst-content dl:not(.docutils) tt.descname,.rst-content dl:not(.docutils) tt.descclassname{background-color:transparent;border:none;padding:0;font-size:100% !important}.rst-content dl:not(.docutils) tt.descname{font-weight:bold}.rst-content dl:not(.docutils) .optional{display:inline-block;padding:0 4px;color:#000;font-weight:bold}.rst-content dl:not(.docutils) .property{display:inline-block;padding-right:8px}.rst-content .viewcode-link,.rst-content .viewcode-back{display:inline-block;color:#27ae60;font-size:80%;padding-left:24px}.rst-content .viewcode-back{display:block;float:right}.rst-content p.rubric{margin-bottom:12px;font-weight:bold}@media screen and (max-width: 480px){.rst-content .sidebar{width:100%}}span[id*='MathJax-Span']{color:#404040}.math{text-align:center} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/badge_only.js mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/badge_only.js --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/badge_only.js 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/badge_only.js 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -!function(e){var t={};function r(n){if(t[n])return t[n].exports;var o=t[n]={i:n,l:!1,exports:{}};return e[n].call(o.exports,o,o.exports,r),o.l=!0,o.exports}r.m=e,r.c=t,r.d=function(e,t,n){r.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:n})},r.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},r.t=function(e,t){if(1&t&&(e=r(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var n=Object.create(null);if(r.r(n),Object.defineProperty(n,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var o in e)r.d(n,o,function(t){return e[t]}.bind(null,o));return n},r.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return r.d(t,"a",t),t},r.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},r.p="",r(r.s=4)}({4:function(e,t,r){}}); \ No newline at end of file diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/theme.js mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/theme.js --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/theme.js 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/theme.js 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1,47 @@ -!function(n){var e={};function t(i){if(e[i])return e[i].exports;var o=e[i]={i:i,l:!1,exports:{}};return n[i].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=n,t.c=e,t.d=function(n,e,i){t.o(n,e)||Object.defineProperty(n,e,{enumerable:!0,get:i})},t.r=function(n){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(n,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(n,"__esModule",{value:!0})},t.t=function(n,e){if(1&e&&(n=t(n)),8&e)return n;if(4&e&&"object"==typeof n&&n&&n.__esModule)return n;var i=Object.create(null);if(t.r(i),Object.defineProperty(i,"default",{enumerable:!0,value:n}),2&e&&"string"!=typeof n)for(var o in n)t.d(i,o,function(e){return n[e]}.bind(null,o));return i},t.n=function(n){var e=n&&n.__esModule?function(){return n.default}:function(){return n};return t.d(e,"a",e),e},t.o=function(n,e){return Object.prototype.hasOwnProperty.call(n,e)},t.p="",t(t.s=0)}([function(n,e,t){t(1),n.exports=t(3)},function(n,e,t){(function(){var e="undefined"!=typeof window?window.jQuery:t(2);n.exports.ThemeNav={navBar:null,win:null,winScroll:!1,winResize:!1,linkScroll:!1,winPosition:0,winHeight:null,docHeight:null,isRunning:!1,enable:function(n){var t=this;void 0===n&&(n=!0),t.isRunning||(t.isRunning=!0,e((function(e){t.init(e),t.reset(),t.win.on("hashchange",t.reset),n&&t.win.on("scroll",(function(){t.linkScroll||t.winScroll||(t.winScroll=!0,requestAnimationFrame((function(){t.onScroll()})))})),t.win.on("resize",(function(){t.winResize||(t.winResize=!0,requestAnimationFrame((function(){t.onResize()})))})),t.onResize()})))},enableSticky:function(){this.enable(!0)},init:function(n){n(document);var e=this;this.navBar=n("div.wy-side-scroll:first"),this.win=n(window),n(document).on("click","[data-toggle='wy-nav-top']",(function(){n("[data-toggle='wy-nav-shift']").toggleClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift")})).on("click",".wy-menu-vertical .current ul li a",(function(){var t=n(this);n("[data-toggle='wy-nav-shift']").removeClass("shift"),n("[data-toggle='rst-versions']").toggleClass("shift"),e.toggleCurrent(t),e.hashChange()})).on("click","[data-toggle='rst-current-version']",(function(){n("[data-toggle='rst-versions']").toggleClass("shift-up")})),n("table.docutils:not(.field-list,.footnote,.citation)").wrap("
    "),n("table.docutils.footnote").wrap("
    "),n("table.docutils.citation").wrap("
    "),n(".wy-menu-vertical ul").not(".simple").siblings("a").each((function(){var t=n(this);expand=n(''),expand.on("click",(function(n){return e.toggleCurrent(t),n.stopPropagation(),!1})),t.prepend(expand)}))},reset:function(){var n=encodeURI(window.location.hash)||"#";try{var e=$(".wy-menu-vertical"),t=e.find('[href="'+n+'"]');if(0===t.length){var i=$('.document [id="'+n.substring(1)+'"]').closest("div.section");0===(t=e.find('[href="#'+i.attr("id")+'"]')).length&&(t=e.find('[href="#"]'))}if(t.length>0){$(".wy-menu-vertical .current").removeClass("current").attr("aria-expanded","false"),t.addClass("current").attr("aria-expanded","true"),t.closest("li.toctree-l1").parent().addClass("current").attr("aria-expanded","true");for(let n=1;n<=10;n++)t.closest("li.toctree-l"+n).addClass("current").attr("aria-expanded","true");t[0].scrollIntoView()}}catch(n){console.log("Error expanding nav for anchor",n)}},onScroll:function(){this.winScroll=!1;var n=this.win.scrollTop(),e=n+this.winHeight,t=this.navBar.scrollTop()+(n-this.winPosition);n<0||e>this.docHeight||(this.navBar.scrollTop(t),this.winPosition=n)},onResize:function(){this.winResize=!1,this.winHeight=this.win.height(),this.docHeight=$(document).height()},hashChange:function(){this.linkScroll=!0,this.win.one("hashchange",(function(){this.linkScroll=!1}))},toggleCurrent:function(n){var e=n.closest("li");e.siblings("li.current").removeClass("current").attr("aria-expanded","false"),e.siblings().find("li.current").removeClass("current").attr("aria-expanded","false");var t=e.find("> ul li");t.length&&(t.removeClass("current").attr("aria-expanded","false"),e.toggleClass("current").attr("aria-expanded",(function(n,e){return"true"==e?"false":"true"})))}},"undefined"!=typeof window&&(window.SphinxRtdTheme={Navigation:n.exports.ThemeNav,StickyNav:n.exports.ThemeNav}),function(){for(var n=0,e=["ms","moz","webkit","o"],t=0;t
    "); +}); + +window.SphinxRtdTheme = (function (jquery) { + var stickyNav = (function () { + var navBar, + win, + stickyNavCssClass = 'stickynav', + applyStickNav = function () { + if (navBar.height() <= win.height()) { + navBar.addClass(stickyNavCssClass); + } else { + navBar.removeClass(stickyNavCssClass); + } + }, + enable = function () { + applyStickNav(); + win.on('resize', applyStickNav); + }, + init = function () { + navBar = jquery('nav.wy-nav-side:first'); + win = jquery(window); + }; + jquery(init); + return { + enable : enable + }; + }()); + return { + StickyNav : stickyNav + }; +}($)); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/versions.js_t mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/versions.js_t --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/versions.js_t 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/static/js/versions.js_t 1970-01-01 00:00:00.000000000 +0000 @@ -1,125 +0,0 @@ -function renderLanguages(config) { - if (!config.projects.translations.length) { - return ""; - } - - const languagesHTML = ` -
    -
    {{ _('Languages') }}
    - ${ config.projects.translations.map( - (translation) => ` -
    - ${ translation.language.code } -
    - `).join("\n")} -
    - `; - return languagesHTML; - } - - function renderVersions(config) { - if (!config.versions.active.length) { - return ""; - } - const versionsHTML = ` -
    -
    {{ _('Versions') }}
    - ${ config.versions.active.map( - (version) => ` -
    - ${ version.slug } -
    - `).join("\n")} -
    - `; - return versionsHTML; - } - - function renderDownloads(config) { - if (!Object.keys(config.versions.current.downloads).length) { - return ""; - } - const downloadsNameDisplay = { - pdf: "PDF", - epub: "Epub", - htmlzip: "HTML", - }; - - const downloadsHTML = ` -
    -
    {{ _('Downloads') }}
    - ${ Object.entries(config.versions.current.downloads).map( - ([name, url]) => ` -
    - ${ downloadsNameDisplay[name] } -
    - `).join("\n")} -
    - `; - return downloadsHTML; - } - - document.addEventListener("readthedocs-addons-data-ready", function(event) { - const config = event.detail.data(); - - const flyout = ` -
    - - Read the Docs - v: ${ config.versions.current.slug } - - -
    -
    - ${ renderLanguages(config) } - ${ renderVersions(config) } - ${ renderDownloads(config) } -
    -
    {{ _('On Read the Docs') }}
    -
    - {{ _('Project Home') }} -
    -
    - {{ _('Builds') }} -
    -
    - {{ _('Downloads') }} -
    -
    -
    -
    {{ _('Search') }}
    -
    -
    - -
    -
    -
    -
    - - Hosted by Read the Docs - -
    -
    - `; - - // Inject the generated flyout into the body HTML element. - document.body.insertAdjacentHTML("beforeend", flyout); - - // Trigger the Read the Docs Addons Search modal when clicking on the "Search docs" input from inside the flyout. - document.querySelector("#flyout-search-form").addEventListener("focusin", () => { - const event = new CustomEvent("readthedocs-search-show"); - document.dispatchEvent(event); - }); - - // Trigger the Read the Docs Addons Search modal when clicking on "Search docs" input from the topnav. - document.querySelector("[role='search'] input").addEventListener("focusin", () => { - const event = new CustomEvent("readthedocs-search-show"); - document.dispatchEvent(event); - }); - }); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/theme.conf mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/theme.conf --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/theme.conf 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/theme.conf 2026-05-24 09:58:35.000000000 +0000 @@ -1,21 +1,8 @@ [theme] inherit = basic stylesheet = css/theme.css -pygments_style = default [options] -canonical_url = -analytics_id = -analytics_anonymize_ip = False -collapse_navigation = True -sticky_navigation = True -navigation_depth = 4 -includehidden = True -titles_only = -logo_only = -display_version = True -prev_next_buttons_location = bottom -style_external_links = False -style_nav_header_background = -vcs_pageview_mode = -flyout_display = hidden +typekit_id = hiw1hhg +analytics_id = +sticky_navigation = False diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/versions.html mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/versions.html --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/versions.html 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/_themes/sphinx_rtd_theme/versions.html 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,37 @@ +{% if READTHEDOCS %} +{# Add rst-badge after rst-versions for small badge style. #} +
    + + Read the Docs + v: {{ current_version }} + + +
    +
    +
    Versions
    + {% for slug, url in versions %} +
    {{ slug }}
    + {% endfor %} +
    +
    +
    Downloads
    + {% for type, url in downloads %} +
    {{ type }}
    + {% endfor %} +
    +
    +
    On Read the Docs
    +
    + Project Home +
    +
    + Builds +
    +
    +
    + Free document hosting provided by Read the Docs. + +
    +
    +{% endif %} + diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/functions.rst mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/functions.rst --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/functions.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/functions.rst 2026-05-24 09:58:35.000000000 +0000 @@ -105,11 +105,9 @@ ms3_debug() ----------- -.. c:function:: void ms3_debug(int debug_state) +.. c:function:: void ms3_debug() - Enables and disables debugging output on stderr. - - :param debug_state: Set to 1 to enable debugging, zero to disable. + Enables and disables debugging output on stderr. Each call toggles enable / disable. Note:: This enables/disables globally for the library @@ -393,29 +391,3 @@ printf("File timestamp: %ld\n", status.created); ms3_deinit(ms3); -ms3_set_content_type() ----------------------- - -.. c:function:: void ms3_set_content_type(ms3_st *ms3, const char *content_type) - - Sets the ``Content-Type:`` header for subsequent PUT requests. Note that this - is not copied, so it should remain in scope for each :c:func:`ms3_put()` call. - Setting this to ``NULL`` will clear the ``Content-Type`` header to the default. - - :param ms3: The marias3 object - :param content_type: The mime type to set - -ms3_get_content_type() ----------------------- - -.. c:function:: const char *ms3_get_content_type(ms3_st *ms3) - - Gets the ``Content-Type:`` header for the previous GET request response - from the S3 server. - The memory for this is part of the :c:type:`ms3_st` object and should not be - freed by the application. The contents will be reset on each GET request. - - :param ms3: The marias3 object - :param content_type: The mime type for the previous request - - diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/types.rst mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/types.rst --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/types.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/api/types.rst 2026-05-24 09:58:35.000000000 +0000 @@ -51,17 +51,8 @@ * ``MS3_OPT_FORCE_PROTOCOL_VERSION`` - Set to 1 to force talking to the S3 server using version 1 of the List Bucket API, this is for S3 compatible servers. Set to 2 to force talking to the S3 server version 2 of the List Bucket API. This is for use when the autodetect bsaed on providing a base_domain does the wrong thing. The ``value`` parameter of :c:func:`ms3_set_option` should be a pointer to a :c:type:`uint8_t` of value ``1`` or ``2`` * ``MS3_OPT_READ_CB`` - Custom read callback for :c:func:`ms3_get`. The ``value`` parameter of :c:func:`ms3_set_option` should be a :c:type:`ms3_read_callback` function. * ``MS3_OPT_USER_DATA`` - User data for the custom read callback. The ``value`` parameter of :c:func:`ms3_set_option` is the pointer that will be passed as the ``userdata`` argument of the callback. - * ``MS3_OPT_CONNECT_TIMEOUT`` - Sets the maximum time in seconds for the connection phase to take. This timeout only limits the connection phase, it has no impact once the connection is established. The ``value`` parameter of :c:func:`ms3_set_option` should be a pointer to a ``float`` of value between ``0`` and ``4294966``. ``0`` is the default value indicating that the default libcurl timeout will be used. - * ``MS3_OPT_TIMEOUT`` - Sets the maximum time in seconds for the entire transfer operation to take. The ``value`` parameter of :c:func:`ms3_set_option` should be a pointer to a ``float`` of value between ``0`` and ``4294966``. ``0`` is the default value indicating that there is no timeout at all. - -Callbacks -========= - -.. c:type:: ms3_read_callback - - The callback function for ``MS3_OPT_READ_CB``. The function and the user data - set with ``MS3_OPT_USER_DATA`` are passed to Curl. For more information, refer - to `CURLOPT_WRITE_FUNCTION `_. + * ``MS3_OPT_CONNECT_TIMEOUT`` - Sets the maximum time in seconds for the connection phase to take. This timeout only limits the connection phase, it has no impact once the connection is established. The ``value`` parameter of :c:func:`ms3_set_option` should be a pointer to a :c:type:`float` of value between ``0`` and ``4294966``. ``0`` is the default value indicating that the default libcurl timeout will be used. + * ``MS3_OPT_TIMEOUT`` - Sets the maximum time in seconds for the entire transfer operation to take. The ``value`` parameter of :c:func:`ms3_set_option` should be a pointer to a :c:type:`float` of value between ``0`` and ``4294966``. ``0`` is the default value indicating that there is no timeout at all. Built-In Types ============== @@ -74,12 +65,7 @@ An unsigned single byte character as defined in the standard header ``stdint.h`` -.. c:type:: size_t - - The unsigned integer type of the result of ``sizeof``. - -.. c:type:: time_t - - Real arithmetic type capable of representing times as deinfined in the standard header ``time.h`` +.. c:type:: bool + A boolean type as defined in the standard header ``stdbool.h`` diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/appendix/version_history.rst mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/appendix/version_history.rst --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/appendix/version_history.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/docs/appendix/version_history.rst 2026-05-24 09:58:35.000000000 +0000 @@ -1,28 +1,6 @@ Version History =============== -Version 3.2 ------------ - -Version 3.2.0 GA -^^^^^^^^^^^^^^^^ - -* Spelling errors in code fixed -* IAM role credential functionality added -* Fix macOS building -* Define RTLD_DEFAULT for FreeBSD -* Now pushes 301 response to bucket / endpoint mismatch to application -* Fix ``MS3_OPT_FORCE_PROTOCOL_VERSION`` -* Many fixes to build -* Many fixes to things found with static analyzers and sanitizers -* Allow for longer S3 secret keys -* Add custom read callback mechanism -* Add option to enable/disable debug -* Allow setting of curl timeouts -* Documentation updates -* GitHub actions testing added -* :c:func:`ms3_set_content_type` and :c:func:`ms3_get_content_type` added - Version 3.1 ----------- diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/libmarias3/marias3.h mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/libmarias3/marias3.h --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/libmarias3/marias3.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/libmarias3/marias3.h 2026-05-24 09:58:35.000000000 +0000 @@ -93,8 +93,7 @@ MS3_OPT_USER_DATA, MS3_OPT_PORT_NUMBER, MS3_OPT_CONNECT_TIMEOUT, - MS3_OPT_TIMEOUT, - MS3_OPT_NO_CONTENT_TYPE + MS3_OPT_TIMEOUT }; typedef enum ms3_set_option_t ms3_set_option_t; @@ -150,16 +149,10 @@ void ms3_list_free(ms3_list_st *list); MS3_API -void ms3_set_content_type(ms3_st *ms3, const char *content_type); - -MS3_API uint8_t ms3_put(ms3_st *ms3, const char *bucket, const char *key, const uint8_t *data, size_t length); MS3_API -const char *ms3_get_content_type(ms3_st *ms3); - -MS3_API uint8_t ms3_get(ms3_st *ms3, const char *bucket, const char *key, uint8_t **data, size_t *length); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/assume_role.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/assume_role.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/assume_role.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/assume_role.c 2026-05-24 09:58:35.000000000 +0000 @@ -123,6 +123,7 @@ { char uri_buffer[MAX_URI_LENGTH]; const char *domain; + const uint8_t path_parts = 10; // "https://" + "." + "/" const char *http_protocol = "http"; const char *https_protocol = "https"; const char *protocol; @@ -147,9 +148,13 @@ if (query) { - if (snprintf(uri_buffer, MAX_URI_LENGTH, "%s://%s/?%s", protocol, - domain, query) >= MAX_URI_LENGTH) + if (path_parts + strlen(domain) + strlen(query) >= MAX_URI_LENGTH - 1) + { return MS3_ERR_URI_TOO_LONG; + } + + snprintf(uri_buffer, MAX_URI_LENGTH - 1, "%s://%s/?%s", protocol, + domain, query); } else { diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/marias3.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/marias3.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/marias3.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/marias3.c 2026-05-24 09:58:35.000000000 +0000 @@ -206,7 +206,6 @@ ms3->curl = curl_easy_init(); ms3->last_error = NULL; ms3->use_http = false; - ms3->no_content_type = false; ms3->disable_verification = false; ms3->first_run = true; ms3->path_buffer = ms3_cmalloc(sizeof(char) * 1024); @@ -230,11 +229,6 @@ ms3->sts_region = NULL; ms3->iam_role_arn = NULL; -#ifdef HAVE_NEW_CURL_API - ms3->content_type_in = NULL; -#endif - ms3->content_type_out = NULL; - return ms3; } @@ -582,12 +576,6 @@ break; } - case MS3_OPT_NO_CONTENT_TYPE: - { - ms3->no_content_type = ms3->no_content_type ? 0 : 1; - break; - } - case MS3_OPT_BUFFER_CHUNK_SIZE: { size_t new_size; @@ -743,21 +731,3 @@ return res; } -void ms3_set_content_type(ms3_st *ms3, const char *content_type) -{ - if (!ms3) - { - return; - } - - ms3->content_type_out = content_type; -} - -const char *ms3_get_content_type(ms3_st *ms3) -{ - if (!ms3) - { - return NULL; - } - return ms3->content_type_in; -} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/request.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/request.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/request.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/request.c 2026-05-24 09:58:35.000000000 +0000 @@ -19,13 +19,11 @@ #include "config.h" #include "common.h" -#include "debug.h" #include "sha256.h" #include #include #include -#include const char *default_domain = "s3.amazonaws.com"; @@ -432,6 +430,7 @@ uint8_t i; bool has_source = false; bool has_token = false; + struct curl_slist *current_header; // Host header if (base_domain) @@ -601,16 +600,15 @@ headers = curl_slist_append(headers, headerbuf); } - if (ms3debug_get()) - { - struct curl_slist *current_header = headers; + current_header = headers; - do - { - ms3debug("Header: %s", current_header->data); - } - while ((current_header = current_header->next)); + do + { + ms3debug("Header: %s", current_header->data); } + while ((current_header = current_header->next)); + + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); switch (method) { @@ -645,8 +643,8 @@ return 0; } -static size_t head_header_callback(char *buffer, size_t size, - size_t nitems, void *userdata) +static size_t header_callback(char *buffer, size_t size, + size_t nitems, void *userdata) { ms3debug("%.*s\n", (int)(nitems * size), buffer); @@ -672,30 +670,6 @@ return nitems * size; } -static size_t get_header_callback(char *buffer, size_t size, - size_t nitems, void *userdata) -{ - ms3debug("%.*s\n", (int)(nitems * size), buffer); - - if (userdata) - { - if (!strncasecmp(buffer, "Content-Type", 12)) - { - size_t i; - ms3_st *ms3 = (ms3_st *) userdata; - snprintf(ms3->content_type_in, 127, "%s", (char*)buffer + 14); - for (i = 0; i < strlen(ms3->content_type_in); i++) - { - if (isspace( (unsigned char) ms3->content_type_in[i] )) - break; - } - ms3->content_type_in[i] = '\0'; - } - } - - return nitems * size; -} - static size_t body_callback(void *buffer, size_t size, size_t nitems, void *userdata) { @@ -809,18 +783,11 @@ case MS3_CMD_HEAD: method = MS3_HEAD; curl_easy_setopt(curl, CURLOPT_HEADERDATA, ret_ptr); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, head_header_callback); - break; - - case MS3_CMD_GET: - ms3->content_type_in[0] = '\0'; - curl_easy_setopt(curl, CURLOPT_HEADERDATA, ms3); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, get_header_callback); - method = MS3_GET; break; case MS3_CMD_LIST: case MS3_CMD_LIST_RECURSIVE: + case MS3_CMD_GET: case MS3_CMD_LIST_ROLE: method = MS3_GET; break; @@ -854,20 +821,6 @@ return res; } - if ((method == MS3_PUT) && ms3->content_type_out) - { - // Mime type maxmum is 128 bytes - char content_type[196]; - snprintf(content_type, 195, "Content-Type: %s", ms3->content_type_out); - headers = curl_slist_append(headers, content_type); - } - else if (ms3->no_content_type) - { - headers = curl_slist_append(headers, "Content-Type:"); - } - - curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); - if (ms3->disable_verification) { ms3debug("Disabling SSL verification"); @@ -900,8 +853,8 @@ } curl_easy_setopt(curl, CURLOPT_BUFFERSIZE, ms3->buffer_chunk_size); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); - curl_easy_setopt(curl, CURLOPT_VERBOSE, ms3debug_get()); curl_res = curl_easy_perform(curl); if (curl_res != CURLE_OK) @@ -913,6 +866,7 @@ return MS3_ERR_REQUEST_ERROR; } + curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code); ms3debug("Response code: %ld", response_code); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/sha256_i.h mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/sha256_i.h --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/sha256_i.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/sha256_i.h 2026-05-24 09:58:35.000000000 +0000 @@ -38,13 +38,13 @@ static inline void WPA_PUT_BE64(uint8_t *a, uint64_t val) { - a[0] = (val >> 56) & 0xff; - a[1] = (val >> 48) & 0xff; - a[2] = (val >> 40) & 0xff; - a[3] = (val >> 32) & 0xff; - a[4] = (val >> 24) & 0xff; - a[5] = (val >> 16) & 0xff; - a[6] = (val >> 8) & 0xff; + a[0] = val >> 56; + a[1] = val >> 48; + a[2] = val >> 40; + a[3] = val >> 32; + a[4] = val >> 24; + a[5] = val >> 16; + a[6] = val >> 8; a[7] = val & 0xff; } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/structs.h mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/structs.h --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/structs.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/src/structs.h 2026-05-24 09:58:35.000000000 +0000 @@ -60,7 +60,6 @@ CURL *curl; char *last_error; bool use_http; - bool no_content_type; bool disable_verification; uint8_t list_version; uint8_t protocol_version; @@ -69,8 +68,6 @@ char *query_buffer; void *read_cb; void *user_data; - const char *content_type_out; - char content_type_in[128]; // max length allowed for mime types struct ms3_list_container_st list_container; }; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic.c 2026-05-24 09:58:35.000000000 +0000 @@ -66,7 +66,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_host.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_host.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_host.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_host.c 2026-05-24 09:58:35.000000000 +0000 @@ -76,7 +76,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_no_type.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_no_type.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_no_type.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/basic_no_type.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,180 +0,0 @@ -/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: - * Copyright 2019 MariaDB Corporation Ab. All rights reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include -#include - -/* Tests basic put, list, get, status, delete using the thread calls */ - -int main(int argc, char *argv[]) -{ - int res; - ms3_list_st *list = NULL, *list_it = NULL; - uint8_t *data; - size_t length; - int i; - bool found; - uint8_t list_version; - const char *test_string = "Another one bites the dust"; - ms3_status_st status; - ms3_st *ms3; - char *s3key = getenv("S3KEY"); - char *s3secret = getenv("S3SECRET"); - char *s3region = getenv("S3REGION"); - char *s3bucket = getenv("S3BUCKET"); - char *s3host = getenv("S3HOST"); - char *s3noverify = getenv("S3NOVERIFY"); - char *s3usehttp = getenv("S3USEHTTP"); - char *s3port = getenv("S3PORT"); - - SKIP_IF_(!s3key, "Environemnt variable S3KEY missing"); - SKIP_IF_(!s3secret, "Environemnt variable S3SECRET missing"); - SKIP_IF_(!s3region, "Environemnt variable S3REGION missing"); - SKIP_IF_(!s3bucket, "Environemnt variable S3BUCKET missing"); - - (void) argc; - (void) argv; - - ms3_library_init(); - ms3 = ms3_init(s3key, s3secret, s3region, s3host); - - if (s3noverify && !strcmp(s3noverify, "1")) - { - ms3_set_option(ms3, MS3_OPT_DISABLE_SSL_VERIFY, NULL); - } - - if (s3usehttp && !strcmp(s3usehttp, "1")) - { - ms3_set_option(ms3, MS3_OPT_USE_HTTP, NULL); - } - - if (s3port) - { - int port = atoi(s3port); - ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); - } - ms3_set_option(ms3, MS3_OPT_NO_CONTENT_TYPE, NULL); -// ms3_debug(); - ASSERT_NOT_NULL(ms3); - - res = ms3_put(ms3, s3bucket, "test/basic_no_type.txt", - (const uint8_t *)test_string, - strlen(test_string)); - ASSERT_EQ_(res, 0, "Result: %u", res); - - // A prefix that will give no results; - res = ms3_list(ms3, s3bucket, "asdfghjkl", &list); - ASSERT_EQ_(res, 0, "Result: %u", res); - ASSERT_NULL_(list, "List not empty"); - - res = ms3_list(ms3, s3bucket, NULL, &list); - ASSERT_EQ_(res, 0, "Result: %u", res); - found = false; - list_it = list; - - while (list_it) - { - if (!strncmp(list_it->key, "test/basic_no_type.txt", 21)) - { - found = true; - break; - } - - list_it = list_it->next; - } - - ASSERT_EQ_(found, 1, "Created file not found"); - - if (list_it) - { - ASSERT_EQ_(list_it->length, 26, "Created file is unexpected length"); - ASSERT_NEQ_(list_it->created, 0, "Created file timestamp is bad"); - } - else - { - ASSERT_TRUE_(false, "No resuts from list"); - } - - // Retry list with V1 API - list_version = 1; - list = NULL; - ms3_set_option(ms3, MS3_OPT_FORCE_LIST_VERSION, &list_version); - res = ms3_list(ms3, s3bucket, NULL, &list); - ASSERT_EQ_(res, 0, "Result: %u", res); - found = false; - list_it = list; - - while (list_it) - { - if (!strncmp(list_it->key, "test/basic_no_type.txt", 21)) - { - found = true; - break; - } - - list_it = list_it->next; - } - - ASSERT_EQ_(found, 1, "Created file not found"); - - if (list_it) - { - ASSERT_EQ_(list_it->length, 26, "Created file is unexpected length"); - ASSERT_NEQ_(list_it->created, 0, "Created file timestamp is bad"); - } - else - { - ASSERT_TRUE_(false, "No resuts from list"); - } - - res = ms3_get(ms3, s3bucket, "test/basic_no_type.txt", &data, &length); - ASSERT_EQ_(res, 0, "Result: %u", res); - ASSERT_EQ(length, 26); - ASSERT_STREQ((char *)data, test_string); - - for (i = 0; i <= 3; i++) - { - res = ms3_status(ms3, s3bucket, "test/basic_no_type.txt", &status); - - if (res == MS3_ERR_NOT_FOUND) - { - continue; - } - - ASSERT_EQ_(res, 0, "Result: %u", res); - - if (res == 0) - { - break; - } - } - - ASSERT_EQ(status.length, 26); - ASSERT_NEQ(status.created, 0); - res = ms3_delete(ms3, s3bucket, "test/basic_no_type.txt"); - ASSERT_EQ_(res, 0, "Result: %u", res); - ms3_free(data); - res = ms3_get(ms3, s3bucket, "test/basic_no_type.txt", &data, &length); - ASSERT_NEQ_(res, 0, "Object should error"); - ASSERT_NULL_(data, "Data should be NULL"); - ASSERT_EQ_(length, 0, "There should be no data"); - ms3_deinit(ms3); - ms3_library_deinit(); - return 0; -} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/content_type.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/content_type.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/content_type.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/content_type.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,148 +0,0 @@ -/* vim:expandtab:shiftwidth=2:tabstop=2:smarttab: - * Copyright 2019 MariaDB Corporation Ab. All rights reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, - * MA 02110-1301 USA - */ - -#include -#include - -/* Tests basic put, list, get, status, delete using the thread calls */ - -int main(int argc, char *argv[]) -{ - int res; - ms3_list_st *list = NULL, *list_it = NULL; - uint8_t *data; - size_t length; - int i; - bool found; - const char *test_string = "Another one bites the dust"; - ms3_status_st status; - ms3_st *ms3; - const char *content_type_in; - char *s3key = getenv("S3KEY"); - char *s3secret = getenv("S3SECRET"); - char *s3region = getenv("S3REGION"); - char *s3bucket = getenv("S3BUCKET"); - char *s3host = getenv("S3HOST"); - char *s3noverify = getenv("S3NOVERIFY"); - char *s3usehttp = getenv("S3USEHTTP"); - char *s3port = getenv("S3PORT"); - - SKIP_IF_(!s3key, "Environemnt variable S3KEY missing"); - SKIP_IF_(!s3secret, "Environemnt variable S3SECRET missing"); - SKIP_IF_(!s3region, "Environemnt variable S3REGION missing"); - SKIP_IF_(!s3bucket, "Environemnt variable S3BUCKET missing"); - - (void) argc; - (void) argv; - - ms3_library_init(); - ms3 = ms3_init(s3key, s3secret, s3region, s3host); - - if (s3noverify && !strcmp(s3noverify, "1")) - { - ms3_set_option(ms3, MS3_OPT_DISABLE_SSL_VERIFY, NULL); - } - - if (s3usehttp && !strcmp(s3usehttp, "1")) - { - ms3_set_option(ms3, MS3_OPT_USE_HTTP, NULL); - } - - if (s3port) - { - int port = atoi(s3port); - ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); - } - - ms3_debug(true); - ASSERT_NOT_NULL(ms3); - - ms3_set_content_type(ms3, "text/plain"); - res = ms3_put(ms3, s3bucket, "test/content_type.txt", - (const uint8_t *)test_string, - strlen(test_string)); - ASSERT_EQ_(res, 0, "Result: %u", res); - - res = ms3_list(ms3, s3bucket, NULL, &list); - ASSERT_EQ_(res, 0, "Result: %u", res); - found = false; - list_it = list; - - while (list_it) - { - if (!strncmp(list_it->key, "test/content_type.txt", 21)) - { - found = true; - break; - } - - list_it = list_it->next; - } - - ASSERT_EQ_(found, 1, "Created file not found"); - - if (list_it) - { - ASSERT_EQ_(list_it->length, 26, "Created file is unexpected length"); - ASSERT_NEQ_(list_it->created, 0, "Created file timestamp is bad"); - } - else - { - ASSERT_TRUE_(false, "No resuts from list"); - } - - res = ms3_get(ms3, s3bucket, "test/content_type.txt", &data, &length); - ASSERT_EQ_(res, 0, "Result: %u", res); - ASSERT_EQ(length, 26); - ASSERT_STREQ((char *)data, test_string); - - content_type_in = ms3_get_content_type(ms3); - - ASSERT_STREQ(content_type_in, "text/plain"); - - for (i = 0; i <= 3; i++) - { - res = ms3_status(ms3, s3bucket, "test/content_type.txt", &status); - - if (res == MS3_ERR_NOT_FOUND) - { - continue; - } - - ASSERT_EQ_(res, 0, "Result: %u", res); - - if (res == 0) - { - break; - } - } - - ASSERT_EQ(status.length, 26); - ASSERT_NEQ(status.created, 0); - res = ms3_delete(ms3, s3bucket, "test/content_type.txt"); - ASSERT_EQ_(res, 0, "Result: %u", res); - ms3_free(data); - res = ms3_get(ms3, s3bucket, "test/content_type.txt", &data, &length); - ASSERT_NEQ_(res, 0, "Object should error"); - ASSERT_NULL_(data, "Data should be NULL"); - ASSERT_EQ_(length, 0, "There should be no data"); - ms3_deinit(ms3); - ms3_library_deinit(); - return 0; -} diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/copy.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/copy.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/copy.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/copy.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -170,9 +170,9 @@ res = ms3_delete(ms3, s3bucket, "test/moved.txt"); ASSERT_EQ_(res, 0, "Result: %u", res); - ms3_delete(ms3, s3bucket, "test/copied.txt"); - ms3_delete(ms3, s3bucket, "test/copy_###_test.txt"); - ms3_delete(ms3, s3bucket, "test/copied###.txt"); + res = ms3_delete(ms3, s3bucket, "test/copied.txt"); + res = ms3_delete(ms3, s3bucket, "test/copy_###_test.txt"); + res = ms3_delete(ms3, s3bucket, "test/copied###.txt"); ms3_free(data); ms3_deinit(ms3); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/custom_malloc.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/custom_malloc.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/custom_malloc.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/custom_malloc.c 2026-05-24 09:58:35.000000000 +0000 @@ -97,7 +97,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/include.am mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/include.am --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/include.am 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/include.am 2026-05-24 09:58:35.000000000 +0000 @@ -21,11 +21,6 @@ check_PROGRAMS+= t/basic noinst_PROGRAMS+= t/basic -t_basic_no_type_SOURCES= tests/basic_no_type.c -t_basic_no_type_LDADD= src/libmarias3.la -check_PROGRAMS+= t/basic_no_type -noinst_PROGRAMS+= t/basic_no_type - t_snowman_SOURCES= tests/snowman.c t_snowman_LDADD= src/libmarias3.la check_PROGRAMS+= t/snowman @@ -76,8 +71,3 @@ t_read_cb_LDADD= src/libmarias3.la check_PROGRAMS+= t/read_cb noinst_PROGRAMS+= t/read_cb - -t_content_type_SOURCES= tests/content_type.c -t_content_type_LDADD= src/libmarias3.la -check_PROGRAMS+= t/content_type -noinst_PROGRAMS+= t/content_type diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/large_file.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/large_file.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/large_file.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/large_file.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/list.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/list.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/list.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/list.c 2026-05-24 09:58:35.000000000 +0000 @@ -62,7 +62,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/longlist.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/longlist.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/longlist.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/longlist.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (tinfo->s3port) { - int port = atoi(tinfo->s3port); + int port = atol(tinfo->s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -101,7 +101,7 @@ if (tinfo->s3port) { - int port = atoi(tinfo->s3port); + int port = atol(tinfo->s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -211,7 +211,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/prefix.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/prefix.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/prefix.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/prefix.c 2026-05-24 09:58:35.000000000 +0000 @@ -62,7 +62,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/read_cb.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/read_cb.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/read_cb.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/read_cb.c 2026-05-24 09:58:35.000000000 +0000 @@ -82,7 +82,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/small_buffer.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/small_buffer.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/small_buffer.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/small_buffer.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/snowman.c mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/snowman.c --- mariadb-11.8.6/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/snowman.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/libmarias3/libmarias3/tests/snowman.c 2026-05-24 09:58:35.000000000 +0000 @@ -66,7 +66,7 @@ if (s3port) { - int port = atoi(s3port); + int port = atol(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/loggingcpp/CMakeLists.txt mariadb-11.8.8/storage/columnstore/columnstore/utils/loggingcpp/CMakeLists.txt --- mariadb-11.8.6/storage/columnstore/columnstore/utils/loggingcpp/CMakeLists.txt 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/loggingcpp/CMakeLists.txt 2026-05-24 09:58:35.000000000 +0000 @@ -34,5 +34,11 @@ columnstore_link(loggingcpp configcpp boost_filesystem) +add_custom_target(GenLoggingSource + DEPENDS + ${CMAKE_CURRENT_BINARY_DIR}/messageids.h + ${CMAKE_CURRENT_BINARY_DIR}/errorids.h +) + columnstore_install_file(MessageFile.txt ${ENGINE_SYSCONFDIR}/columnstore) columnstore_install_file(ErrorMessage.txt ${ENGINE_SYSCONFDIR}/columnstore) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/querystats/querystats.cpp mariadb-11.8.8/storage/columnstore/columnstore/utils/querystats/querystats.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/utils/querystats/querystats.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/querystats/querystats.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -75,6 +75,7 @@ fHost.clear(); fUser.clear(); fPriority.clear(); + fPriorityLevel = 0; } void QueryStats::serialize(ByteStream& b) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/rowgroup/rowgroup.h mariadb-11.8.8/storage/columnstore/columnstore/utils/rowgroup/rowgroup.h --- mariadb-11.8.6/storage/columnstore/columnstore/utils/rowgroup/rowgroup.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/rowgroup/rowgroup.h 2026-05-24 09:58:35.000000000 +0000 @@ -27,6 +27,7 @@ #pragma once +#include #include #include #include diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/utils/windowfunction/wf_stats.cpp mariadb-11.8.8/storage/columnstore/columnstore/utils/windowfunction/wf_stats.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/utils/windowfunction/wf_stats.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/utils/windowfunction/wf_stats.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -144,7 +144,7 @@ template void WF_stats::operator()(int64_t b, int64_t e, int64_t c) { - CDT cdt; + CDT cdt = CalpontSystemCatalog::UNDEFINED; if ((fFrameUnit == WF__FRAME_ROWS) || (fPrev == -1) || (!fPeer->operator()(getPointer(fRowData->at(c)), getPointer(fRowData->at(fPrev))))) { diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/brmshmimpl.cpp mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmshmimpl.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/brmshmimpl.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmshmimpl.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -22,7 +22,7 @@ #include #include -//#define NDEBUG +// #define NDEBUG #include #include using namespace std; @@ -44,9 +44,9 @@ const constexpr unsigned int NapTimer = 500000; BRMShmImplParent::BRMShmImplParent(unsigned key, off_t size, bool readOnly) - : fKey(key), fSize(size), fReadOnly(readOnly){}; + : fKey(key), fSize(size), fReadOnly(readOnly) {}; -BRMShmImplParent::~BRMShmImplParent(){}; +BRMShmImplParent::~BRMShmImplParent() {}; BRMShmImpl::BRMShmImpl(unsigned key, off_t size, bool readOnly) : BRMShmImplParent(key, size, readOnly) { @@ -330,7 +330,13 @@ { // Call destructor to unmap the segment. delete fShmSegment; - // Grow the segment. + // WARNING: boost documentation states that managed_shared_memory::grow() requires + // that no other process has the segment mapped. Other processes (readers) may still + // have active mappings at this point. The grow() call modifies segment_manager + // metadata (size) in shared memory, which becomes visible to those processes via + // MAP_SHARED, even though their mappings remain at the old (smaller) size. + // The MST write lock and the remap logic in makeExtentMapIndexImpl/grabEMIndex + // mitigate this by ensuring readers remap before accessing the grown region. bi::managed_shared_memory::grow(keyName.c_str(), incSize); // Open only with the assumption ::grow() can be called on read-write shmem. fShmSegment = new bi::managed_shared_memory(bi::open_only, keyName.c_str()); @@ -394,6 +400,7 @@ fShmSegment = new bi::managed_shared_memory(bi::open_read_only, keyName.c_str()); else fShmSegment = new bi::managed_shared_memory(bi::open_only, keyName.c_str()); + fSize = fShmSegment->get_size(); } BRMManagedShmImplRBTree::BRMManagedShmImplRBTree(unsigned key, off_t size, bool readOnly) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/brmtypes.h mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmtypes.h --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/brmtypes.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/brmtypes.h 2026-05-24 09:58:35.000000000 +0000 @@ -154,6 +154,7 @@ int64_t min_; }; bool isBinaryColumn; // XXX: these two fields should be replaced with type handler pointer. + CPMaxMin() : max(0), min(0), seqNum(0), max_(0), min_(0), isBinaryColumn(false) {} }; typedef std::tr1::unordered_map CPMaxMinMap_t; @@ -201,6 +202,7 @@ int128_t bigMin; int64_t min_; }; + CPMaxMinMerge() : max(0), min(0), seqNum(0), type(execplan::CalpontSystemCatalog::UNDEFINED), colWidth(0), newExtent(false), max_(0), min_(0) {} }; typedef std::tr1::unordered_map CPMaxMinMergeMap_t; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/dbrm.h mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/dbrm.h --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/dbrm.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/dbrm.h 2026-05-24 09:58:35.000000000 +0000 @@ -105,6 +105,7 @@ { MasterSegmentTableImpl::refreshShmWithLock(); ExtentMapRBTreeImpl::refreshShmWithLock(); + ExtentMapIndexImpl::refreshShmWithLock(); FreeListImpl::refreshShmWithLock(); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/extentmap.cpp mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/extentmap.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -301,7 +301,7 @@ if (fInstance_) { - if (size != fInstance_->getShmemSize()) + if (size != fInstance_->getShmemImplSize()) { fInstance_->fBRMManagedShmMemImpl_.remap(); } @@ -365,7 +365,7 @@ while (dbRoot >= extentMapIndexPtr->size()) { const size_t memNeeded = (extentMapIndexPtr->capacity() + extraUnits_) * dbRootContainerUnitSize_; - shmemHasGrown = growIfNeeded(memNeeded); + shmemHasGrown |= growIfNeeded(memNeeded); // Need to refresh all refs and iterators b/c the local address range changed. extentMapIndexPtr = get(); assert(extentMapIndexPtr); @@ -2063,7 +2063,6 @@ } else if (fPExtMapIndexImpl_->getShmemImplSize() != (unsigned)fEMIndexShminfo->allocdSize) { - fPExtMapIndexImpl_->refreshShm(); fPExtMapIndexImpl_ = ExtentMapIndexImpl::makeExtentMapIndexImpl(getInitialEMIndexShmkey(), fEMIndexShminfo->allocdSize); } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/extentmap.h mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.h --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/extentmap.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/extentmap.h 2026-05-24 09:58:35.000000000 +0000 @@ -397,11 +397,19 @@ { if (fInstance_) { + // effectively unmaps a mapped managed shmem segment changing the segment VA address + // when mapped next time. delete fInstance_; fInstance_ = nullptr; } } + static void refreshShmWithLock() + { + std::lock_guard lk(fInstanceMutex_); + return refreshShm(); + } + // The multipliers and constants here are pure theoretical // tested using customer's data. static size_t estimateEMIndexSize(uint32_t numberOfExtents) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/slavecomm.cpp mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavecomm.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/slavecomm.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavecomm.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -383,7 +383,7 @@ uint16_t tmp32; uint16_t dbRoot; uint32_t partitionNum; - uint16_t segmentNum; + uint16_t segmentNum = 0; std::vector cols; std::vector extents; ByteStream reply; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/slavenode.cpp mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavenode.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/versioning/BRM/slavenode.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/versioning/BRM/slavenode.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -89,14 +89,16 @@ if (!die) { die = true; - comm->stop(); + if (comm) + comm->stop(); monitorThreads.interrupt_all(); } } void reset(int /*sig*/) { - comm->reset(); + if (comm) + comm->reset(); } void ServiceWorkerNode::setupChildSignalHandlers() diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_bulkloadbuffer.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_bulkloadbuffer.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_bulkloadbuffer.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_bulkloadbuffer.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -2160,86 +2160,106 @@ copyOverflow(overFlowBufIn); size_t readSize = 0; - // Copy the overflow data from the last buffer, that did not get written - if (fOverflowSize != 0) + bool success = false; + do { - memcpy(fData, fOverflowBuf, fOverflowSize); - - if (fOverflowBuf != nullptr) + success = false; + // Copy the overflow data from the last buffer, that did not get written + if (fOverflowSize != 0) { - delete[] fOverflowBuf; - fOverflowBuf = nullptr; + memcpy(fData, fOverflowBuf, fOverflowSize); + + if (fOverflowBuf != nullptr) + { + delete[] fOverflowBuf; + fOverflowBuf = nullptr; + } } - } - readSize = fread(fData + fOverflowSize, 1, fBufferSize - fOverflowSize, handle); + readSize = fread(fData + fOverflowSize, 1, fBufferSize - fOverflowSize, handle); - if (ferror(handle)) - { - return ERR_FILE_READ_IMPORT; - } + if (ferror(handle)) + { + return ERR_FILE_READ_IMPORT; + } - bool bEndOfData = false; + bool bEndOfData = false; - if (feof(handle)) - bEndOfData = true; + if (feof(handle)) + bEndOfData = true; - if (bEndOfData && // @bug 3516: Add '\n' if missing from last record - (fImportDataMode == IMPORT_DATA_TEXT)) // Only applies to ascii mode - { - if ((fOverflowSize > 0) | (readSize > 0)) + if (bEndOfData && // @bug 3516: Add '\n' if missing from last record + (fImportDataMode == IMPORT_DATA_TEXT)) // Only applies to ascii mode { - if (fData[fOverflowSize + readSize - 1] != '\n') + if ((fOverflowSize > 0) || (readSize > 0)) { - // Should be safe to add byte to fData w/o risk of overflowing, - // since we hit EOF. That should mean fread() did not read all - // the bytes we requested, meaning we have room to add a byte. - fData[fOverflowSize + readSize] = '\n'; - readSize++; + if (fData[fOverflowSize + readSize - 1] != '\n') + { + // Should be safe to add byte to fData w/o risk of overflowing, + // since we hit EOF. That should mean fread() did not read all + // the bytes we requested, meaning we have room to add a byte. + fData[fOverflowSize + readSize] = '\n'; + readSize++; + } } } - } - // Lazy allocation of fToken memory as needed - if (fTokens == 0) - { - resizeTokenArray(); - } - - if ((readSize > 0) || (fOverflowSize > 0)) - { - if (fOverflowBuf != NULL) + // Lazy allocation of fToken memory as needed + if (fTokens == 0) { - delete[] fOverflowBuf; - fOverflowBuf = NULL; + resizeTokenArray(); } - fReadSize = readSize + fOverflowSize; - fStartRow = correctTotalRows; - fStartRowForLogging = totalReadRows; - - if (fImportDataMode == IMPORT_DATA_TEXT) - { - tokenize(columnsInfo, allowedErrCntThisCall, skipRows); - } - else + if ((readSize > 0) || (fOverflowSize > 0)) { - int rc = tokenizeBinary(columnsInfo, allowedErrCntThisCall, bEndOfData); + if (fOverflowBuf != NULL) + { + delete[] fOverflowBuf; + fOverflowBuf = NULL; + } - if (rc != NO_ERROR) - return rc; - } + fReadSize = readSize + fOverflowSize; + fStartRow = correctTotalRows; + fStartRowForLogging = totalReadRows; + + if (fImportDataMode == IMPORT_DATA_TEXT) + { + tokenize(columnsInfo, allowedErrCntThisCall, skipRows); + } + else + { + int rc = tokenizeBinary(columnsInfo, allowedErrCntThisCall, bEndOfData); - // If we read a full buffer without hitting any new lines, then - // terminate import because row size is greater than read buffer size. - if ((fTotalReadRowsForLog == 0) && (fReadSize == fBufferSize)) + if (rc != NO_ERROR) + return rc; + } + + // Old logic: If we read a full buffer without hitting any new lines, then + // terminate import because row size is greater than read buffer size. + if ((fTotalReadRowsForLog == 0) && (fReadSize == fBufferSize)) + { + // new logic: increase fBufferSize and reallocate fData; rerun parsing as the data in the overflow. + size_t doubled = size_t(fBufferSize) * 2; + fLog->logMsg( "doubling buffer size", MSGLVL_INFO1 ); + if (doubled >= 1UL <<31) + { + return ERR_BULK_ROW_FILL_BUFFER; // row exceeds 2GiB. + } + fBufferSize = doubled; + delete[] fData; + fData = new char[fBufferSize]; + continue; + } + + totalReadRows += fTotalReadRowsForLog; + correctTotalRows += fTotalReadRows; + success = true; + } + else { - return ERR_BULK_ROW_FILL_BUFFER; + success = true; } - - totalReadRows += fTotalReadRowsForLog; - correctTotalRows += fTotalReadRows; - } + } while (!success); return NO_ERROR; } diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_colextinf.h mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_colextinf.h --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_colextinf.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_colextinf.h 2026-05-24 09:58:35.000000000 +0000 @@ -74,11 +74,13 @@ ColExtInfEntry(int64_t minVal, int64_t maxVal) : fLbid(INVALID_LBID), fMinVal(minVal), fMaxVal(maxVal), fNewExtent(true) { + utils::int128Min(fbigMaxVal); + utils::int128Max(fbigMinVal); } // Used to create entry for a new extent, with LBID not yet allocated ColExtInfEntry(int128_t bigMinVal, int128_t bigMaxVal) - : fLbid(INVALID_LBID), fNewExtent(true), fbigMinVal(bigMinVal), fbigMaxVal(bigMaxVal) + : fLbid(INVALID_LBID), fMinVal(LLONG_MIN), fMaxVal(LLONG_MIN), fNewExtent(true), fbigMinVal(bigMinVal), fbigMaxVal(bigMaxVal) { } @@ -89,11 +91,15 @@ , fMaxVal(static_cast(maxVal)) , fNewExtent(true) { + utils::int128Min(fbigMaxVal); + utils::int128Max(fbigMinVal); } // Used to create entry for a new extent, with LBID not yet allocated ColExtInfEntry(uint128_t bigMinVal, uint128_t bigMaxVal) : fLbid(INVALID_LBID) + , fMinVal(LLONG_MIN) + , fMaxVal(LLONG_MIN) , fNewExtent(true) , fbigMinVal(static_cast(bigMinVal)) , fbigMaxVal(static_cast(bigMaxVal)) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_columninfo.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfo.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_columninfo.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfo.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -599,7 +599,7 @@ std::string segFileNew; uint16_t segmentNew = 0; - BRM::LBID_t startLbid; + BRM::LBID_t startLbid = 0; char hdr[compress::CompressInterface::HDR_BUF_LEN * 2]; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_columninfocompressed.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfocompressed.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/bulk/we_columninfocompressed.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/bulk/we_columninfocompressed.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -184,7 +184,7 @@ RETURN_ON_ERROR(fColBufferMgr->setDbFile(curCol.dataFile.pFile, curCol.dataFile.hwm, hdr)); // Reinitialize ColBuf for the next extent - long long startFileOffset; + long long startFileOffset = 0; RETURN_ON_ERROR(fColBufferMgr->resetToBeCompressedColBuf(startFileOffset)); // Set the file offset to point to the chunk we are adding or updating diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/server/we_ddlcommon.h mariadb-11.8.8/storage/columnstore/columnstore/writeengine/server/we_ddlcommon.h --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/server/we_ddlcommon.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/server/we_ddlcommon.h 2026-05-24 09:58:35.000000000 +0000 @@ -61,6 +61,7 @@ execplan::CalpontSystemCatalog::OID oid; execplan::CalpontSystemCatalog::ColType colType; execplan::CalpontSystemCatalog::TableColName tableColName; + DDLColumn() : oid(0) {} }; typedef std::vector ColumnList; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_blockop.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_blockop.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_blockop.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_blockop.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -87,10 +87,6 @@ const int width) const { auto attrs = datatypes::SystemCatalog::TypeAttributesStd(width, 0, -1); - // Bulk operation runtime should have m_typeHandler nullptr calling this - // Non-bulk operations runtime branch - if (m_typeHandler) - return m_typeHandler->getEmptyValueForType(attrs); // Bulk operation branch auto* typeHandler = datatypes::TypeHandler::find(colDataType, attrs); diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_brm.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_brm.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_brm.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_brm.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -1528,7 +1528,7 @@ if (idbdatafile::IDBPolicy::useHdfs()) return 0; - int rc; + int rc = NO_ERROR; size_t i; size_t processedBlocks; size_t rangeListCount; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_type.h mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_type.h --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_type.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_type.h 2026-05-24 09:58:35.000000000 +0000 @@ -374,7 +374,7 @@ int sigSize; /** @brief dictionary signature size */ Token token; /** @brief dictionary token */ bool isNull; - DctnryTuple() + DctnryTuple() : sigValue(nullptr), sigSize(0), isNull(false) { } ~DctnryTuple() diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_typeext.h mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_typeext.h --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/shared/we_typeext.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/shared/we_typeext.h 2026-05-24 09:58:35.000000000 +0000 @@ -56,6 +56,7 @@ fbo = 0xFFFFFFFFFLL; bc = 0x3FFFF; } + bool isNotPhysical() const { return fbo == 0xfffffffffLL; } }; constexpr uid_t UID_NONE = (uid_t)-1; diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -93,8 +93,6 @@ fBuffSize = fSdh.getReadBufSize(); } - fBuff = new char[fBuffSize]; - const WECmdArgs& args = fSdh.fRef.fCmdArgs; initS3Connection(args); } @@ -118,7 +116,6 @@ } fpThread = 0; - delete[] fBuff; // cout << "WEFileReadThread destructor called" << endl; if (doS3Import) @@ -363,11 +360,31 @@ } } +// helper to copy line from input file to the stringstream. +// not very performant, yet. +static void copyLine(std::vector& out, std::istream& is) +{ + out.resize(0); + while (is.good() && !is.eof()) + { + int c = is.get(); + if (c < 0) + { + break; // unfortunately, eof() is insufficient. + } + out.push_back(c); + if (c == '\n') + { + break; + } + } +} //------------------------------------------------------------------------------ // Read input data as ASCII text //------------------------------------------------------------------------------ unsigned int WEFileReadThread::readDataFile(messageqcpp::SBS& Sbs) { + fBuff.reserve(fBuffSize * 2); boost::mutex::scoped_lock aLock(fFileMutex); // For now we are going to send KEEPALIVES @@ -378,7 +395,6 @@ // char aBuff[1024*1024]; // TODO May have to change it later // char*pStart = aBuff; unsigned int aIdx = 0; - int aLen = 0; *Sbs << static_cast(WE_CLT_SRV_DATA); while (!fInFile.eof() && aIdx < getBatchQty()) @@ -386,14 +402,13 @@ if (fSkipRows > 0) { fSkipRows--; - fInFile.getline(fBuff, fBuffSize - 1); + copyLine(fBuff, fInFile); if (fSdh.getDebugLvl() > 3) { - aLen = fInFile.gcount(); - if (aLen > 0 && aLen < fBuffSize - 2) + if (fBuff.size() > 0) { - fBuff[aLen - 1] = 0; - cout << "Skip header row (" << fSkipRows<< " to go): " << fBuff << endl; + std::string s(fBuff.data(), fBuff.size()); + cout << "Skip header row (" << fSkipRows<< " to go): " << s << endl; } } continue; @@ -402,36 +417,30 @@ if (fEnclEsc) { // pStart = aBuff; - aLen = getNextRow(fInFile, fBuff, fBuffSize - 1); + getNextRow(fInFile, fBuff); } else { - fInFile.getline(fBuff, fBuffSize - 1); - aLen = fInFile.gcount(); + copyLine(fBuff, fInFile); } - ////aLen chars incl \n, Therefore aLen-1; '<<' oper won't go past it - // cout << "Data Length " << aLen < 0)) + if (fBuff.size()) { - fBuff[aLen - 1] = '\n'; - fBuff[aLen] = 0; + if (fBuff[fBuff.size() - 1] != '\n') + fBuff.push_back('\n'); if (fSdh.getDebugLvl() > 3) - cout << "Data Read " << fBuff << endl; + { + std::string s(fBuff.data(), fBuff.size()); + cout << "Data Read " << s << endl; + } - (*Sbs).append(reinterpret_cast(fBuff), aLen); + (*Sbs).append(reinterpret_cast(fBuff.data()), fBuff.size()); aIdx++; if (fSdh.getDebugLvl() > 2) cout << "File data line = " << aIdx << endl; } - else if (aLen >= fBuffSize - 2) // Didn't hit delim; BIG ROW - { - cout << "Bad Row data " << endl; - cout << fBuff << endl; - throw runtime_error("Data Row too BIG to handle!!"); - } // for debug // if(fSdh.getDebugLvl()>3) cout << aIdx << endl; @@ -458,12 +467,13 @@ while ((!fInFile.eof()) && (aIdx < getBatchQty())) { - fInFile.read(fBuff, recLen); + fBuff.resize(recLen); + fInFile.read(fBuff.data(), recLen); aLen = fInFile.gcount(); if (aLen > 0) { - (*Sbs).append(reinterpret_cast(fBuff), aLen); + (*Sbs).append(reinterpret_cast(fBuff.data()), aLen); aIdx++; if (fSdh.getDebugLvl() > 2) @@ -585,14 +595,14 @@ //------------------------------------------------------------------------------ -int WEFileReadThread::getNextRow(istream& ifs, char* pBuf, int MaxLen) +int WEFileReadThread::getNextRow(istream& ifs, std::vector& buf) { + buf.resize(0); // keep allocated capacity. // const char ENCL ='\"'; //TODO for time being // const char ESC = '\0'; //TODO for time being const char ENCL = fEncl; const char ESC = fEsc; bool aTrailEsc = false; - char* pEnd = pBuf; int aCh = ifs.get(); while (ifs.good()) @@ -600,7 +610,7 @@ if (aCh == ENCL) { // we got the first enclosedBy char. - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); // cout << "aCh 1 = " << aCh << endl; @@ -608,38 +618,38 @@ { if (aCh == ESC) // check spl cond ESC inside ENCL of '\n' here { - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); // get the next char for while loop // cout << "aCh 2 = " << aCh << endl; } // case ESC else { - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); // cout << "aCh 3 = " << aCh << endl; } } - *pEnd++ = aCh; // ENCL char got + buf.push_back(aCh); // ENCL char got aTrailEsc = true; //@BUG 4641 } // case ENCL else if (aCh == ESC) { - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); - *pEnd++ = aCh; + buf.push_back(aCh); // cout << "aCh 4 = " << aCh << endl; } // case ESC else { - *pEnd++ = aCh; + buf.push_back(aCh); // cout << "aCh 5 = " << aCh << endl; } // cout << "pBuf1 " << pBuf << endl; - if ((aCh == '\n') || ((pEnd - pBuf) == MaxLen)) + if (aCh == '\n') break; // we got a full row aCh = ifs.get(); @@ -655,14 +665,14 @@ } else { - *pEnd++ = aCh; + buf.push_back(aCh); aCh = ifs.get(); } } } // end of while loop - return pEnd - pBuf; + return buf.size(); } void WEFileReadThread::initS3Connection(const WECmdArgs& args) diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.h mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.h --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/splitter/we_filereadthread.h 2026-05-24 09:58:35.000000000 +0000 @@ -70,7 +70,7 @@ unsigned int readBinaryDataFile(messageqcpp::SBS& Sbs, unsigned int recLen); void openInFile(); - int getNextRow(std::istream& ifs, char* pBuf, int MaxLen); + int getNextRow(std::istream& ifs, std::vector& buf); boost::thread* getFpThread() const { @@ -155,7 +155,7 @@ char fEsc; // Esc char char fDelim; // Column Delimit char size_t fSkipRows; // Header rows to skip - char* fBuff; // main data buffer + std::vector fBuff; // main data buffer int fBuffSize; /* To support mode 1 imports from objects on S3 */ diff -Nru mariadb-11.8.6/storage/columnstore/columnstore/writeengine/wrapper/we_colop.cpp mariadb-11.8.8/storage/columnstore/columnstore/writeengine/wrapper/we_colop.cpp --- mariadb-11.8.6/storage/columnstore/columnstore/writeengine/wrapper/we_colop.cpp 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/columnstore/columnstore/writeengine/wrapper/we_colop.cpp 2026-05-24 09:58:35.000000000 +0000 @@ -1515,7 +1515,7 @@ void* oldValArray, bool bDelete) { uint64_t i = 0, curRowId; - int dataFbo, dataBio, curDataFbo = -1; + int dataFbo = 0, dataBio = 0, curDataFbo = -1; unsigned char dataBuf[BYTE_PER_BLOCK]; bool bExit = false, bDataDirty = false; const void* pVal = 0; @@ -1685,7 +1685,7 @@ void* oldValArray, bool bDelete) { uint64_t i = 0, curRowId; - int dataFbo, dataBio, curDataFbo = -1; + int dataFbo = 0, dataBio = 0, curDataFbo = -1; unsigned char dataBuf[BYTE_PER_BLOCK]; bool bExit = false, bDataDirty = false; const void* pVal = 0; @@ -1815,7 +1815,7 @@ void* oldValArray) { uint64_t i = 0, curRowId; - int dataFbo, dataBio, curDataFbo = -1; + int dataFbo = 0, dataBio = 0, curDataFbo = -1; unsigned char dataBuf[BYTE_PER_BLOCK]; int rc = NO_ERROR; @@ -1865,7 +1865,7 @@ void* oldValArray) { uint64_t i = 0, curRowId; - int dataFbo, dataBio, curDataFbo = -1; + int dataFbo = 0, dataBio = 0, curDataFbo = -1; unsigned char dataBuf[BYTE_PER_BLOCK]; bool bExit = false, bDataDirty = false; void* pVal = 0; diff -Nru mariadb-11.8.6/storage/connect/CMakeLists.txt mariadb-11.8.8/storage/connect/CMakeLists.txt --- mariadb-11.8.6/storage/connect/CMakeLists.txt 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/CMakeLists.txt 2026-05-24 09:58:32.000000000 +0000 @@ -58,7 +58,8 @@ # OS specific C flags, definitions and source files. # IF(UNIX) - MY_CHECK_AND_SET_COMPILER_FLAG("-Wall -Wmissing-declarations") + MY_CHECK_AND_SET_COMPILER_FLAG("-Wall") + MY_CHECK_AND_SET_COMPILER_FLAG("-Wmissing-declarations") if(NOT WITH_WARNINGS) DISABLE_WARNING("unused-function") DISABLE_WARNING("unused-variable") @@ -312,9 +313,14 @@ OPTION(CONNECT_WITH_ZIP "Compile CONNECT storage engine with ZIP support" ON) IF(CONNECT_WITH_ZIP) - SET(CONNECT_SOURCES ${CONNECT_SOURCES} filamzip.cpp tabzip.cpp unzip.c ioapi.c zip.c - filamzip.h tabzip.h ioapi.h unzip.h zip.h) + SET(MINIZIP_SOURCES unzip.c ioapi.c zip.c) + SET(CONNECT_SOURCES ${CONNECT_SOURCES} ${MINIZIP_SOURCES} filamzip.cpp + tabzip.cpp filamzip.h tabzip.h) add_definitions(-DZIP_SUPPORT -DNOCRYPT) + SET_SOURCE_FILES_PROPERTIES(${MINIZIP_SOURCES} PROPERTIES COMPILE_FLAGS "\ + $<${have_C__Wmissing_declarations}:-Wno-missing-declarations> \ + $<${have_C__Wdeclaration_after_statement}:-Wno-declaration-after-statement> \ + ") ENDIF(CONNECT_WITH_ZIP) ADD_FEATURE_INFO(CONNECT_ZIP CONNECT_WITH_ZIP "Support for ZIP in the CONNECT storage engine") diff -Nru mariadb-11.8.6/storage/connect/LICENSE.Info-Zip mariadb-11.8.8/storage/connect/LICENSE.Info-Zip --- mariadb-11.8.6/storage/connect/LICENSE.Info-Zip 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/connect/LICENSE.Info-Zip 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,58 @@ +This is version 2009-Jan-02 of the Info-ZIP license. The definitive version of +this document should be available at ftp://ftp.info- +zip.org/pub/infozip/license.html indefinitely and a copy at http://www.info- +zip.org/pub/infozip/license.html. + +Copyright (c) 1990-2009 Info-ZIP. All rights reserved. + +For the purposes of this copyright and license, "Info-ZIP" is defined as the +following set of individuals: + + Mark Adler, John Bush, Karl Davis, Harald Denker, Jean-Michel Dubois, Jean- + loup Gailly, Hunter Goatley, Ed Gordon, Ian Gorman, Chris Herborth, Dirk + Haase, Greg Hartwig, Robert Heath, Jonathan Hudson, Paul Kienitz, David + Kirschbaum, Johnny Lee, Onno van der Linden, Igor Mandrichenko, Steve P. + Miller, Sergio Monesi, Keith Owens, George Petrov, Greg Roelofs, Kai Uwe + Rommel, Steve Salisbury, Dave Smith, Steven M. Schweda, Christian Spieler, + Cosmin Truta, Antoine Verheijen, Paul von Behren, Rich Wales, Mike White. + +This software is provided "as is," without warranty of any kind, express or +implied. In no event shall Info-ZIP or its contributors be held liable for any +direct, indirect, incidental, special or consequential damages arising out of +the use of or inability to use this software. + +Permission is granted to anyone to use this software for any purpose, including +commercial applications, and to alter it and redistribute it freely, subject to +the above disclaimer and the following restrictions: + + Redistributions of source code (in whole or in part) must retain the above + copyright notice, definition, disclaimer, and this list of conditions. + + Redistributions in binary form (compiled executables and libraries) must + reproduce the above copyright notice, definition, disclaimer, and this list + of conditions in documentation and/or other materials provided with the + distribution. Additional documentation is not needed for executables where a + command line license option provides these and a note regarding this option + is in the executable's startup banner. The sole exception to this condition + is redistribution of a standard UnZipSFX binary (including SFXWiz) as part + of a self-extracting archive; that is permitted without inclusion of this + license, as long as the normal SFX banner has not been removed from the + binary or disabled. + + Altered versions--including, but not limited to, ports to new operating + systems, existing ports with new graphical interfaces, versions with + modified or added functionality, and dynamic, shared, or static library + versions not from Info-ZIP--must be plainly marked as such and must not be + misrepresented as being the original source or, if binaries, compiled from + the original source. Such altered versions also must not be misrepresented + as being Info-ZIP releases--including, but not limited to, labeling of the + altered versions with the names "Info-ZIP" (or any variation thereof, + including, but not limited to, different capitalizations), "Pocket UnZip," + "WiZ" or "MacZip" without the explicit permission of Info-ZIP. Such altered + versions are further prohibited from misrepresentative use of the Zip-Bugs + or Info-ZIP e-mail addresses or the Info-ZIP URL(s), such as to imply Info- + ZIP will provide support for the altered versions. + + Info-ZIP retains the right to use the names "Info-ZIP," "Zip," "UnZip," + "UnZipSFX," "WiZ," "Pocket UnZip," "Pocket Zip," and "MacZip" for its own + source and binary releases. diff -Nru mariadb-11.8.6/storage/connect/array.cpp mariadb-11.8.8/storage/connect/array.cpp --- mariadb-11.8.6/storage/connect/array.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/array.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1024,7 +1024,7 @@ if (z < 16) return; - sprintf(ps, "ARRAY: type=%d\n", Type); + snprintf(ps, z, "ARRAY: type=%d\n", Type); // More to be implemented later } // end of Prints diff -Nru mariadb-11.8.6/storage/connect/bson.cpp mariadb-11.8.8/storage/connect/bson.cpp --- mariadb-11.8.6/storage/connect/bson.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/bson.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1547,16 +1547,16 @@ p = MZP(vlp->To_Val); break; case TYPE_INTG: - sprintf(p, "%d", vlp->N); + snprintf(p, 32, "%d", vlp->N); break; case TYPE_FLOAT: - sprintf(p, "%.*f", vlp->Nd, vlp->F); + snprintf(p, 32, "%.*f", vlp->Nd, vlp->F); break; case TYPE_BINT: - sprintf(p, "%lld", *(longlong*)MP(vlp->To_Val)); + snprintf(p, 32, "%lld", *(longlong*)MP(vlp->To_Val)); break; case TYPE_DBL: - sprintf(p, "%.*lf", vlp->Nd, *(double*)MP(vlp->To_Val)); + snprintf(p, 32, "%.*lf", vlp->Nd, *(double*)MP(vlp->To_Val)); break; case TYPE_BOOL: p = (PSZ)((vlp->B) ? "true" : "false"); diff -Nru mariadb-11.8.6/storage/connect/bsonudf.cpp mariadb-11.8.8/storage/connect/bsonudf.cpp --- mariadb-11.8.6/storage/connect/bsonudf.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/bsonudf.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -3541,7 +3541,7 @@ return true; } else for (int i = 0; i < 2; i++) if (!IsArgJson(args, i) && args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Argument %d must be a json item", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d must be a json item", i); return true; } // endif type @@ -4433,7 +4433,7 @@ for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -4669,7 +4669,7 @@ return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i+1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i+1); return true; } // endif args @@ -4726,7 +4726,7 @@ return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i + 1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i + 1); return true; } // endif args diff -Nru mariadb-11.8.6/storage/connect/cmgoconn.cpp mariadb-11.8.8/storage/connect/cmgoconn.cpp --- mariadb-11.8.6/storage/connect/cmgoconn.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/cmgoconn.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -867,7 +867,7 @@ } else if (dbl && n > m) { Mbuf[k] = 0; d = atof(Mbuf + j); - n = sprintf(Mbuf + j, "%.*f", m, d); + n = snprintf(Mbuf + j, (size_t)colp->GetLength() + 1 - j, "%.*f", m, d); k = j + n; j = n = 0; } else if (j) @@ -1019,7 +1019,7 @@ bson_t *bsn = bson_new_from_json(val, -1, &Error); if (!bsn) { - sprintf (g->Message, "AddValue: %s", Error.message); + snprintf(g->Message, sizeof(g->Message), "AddValue: %s", Error.message); return true; } else if (*key) { if (*val == '[') diff -Nru mariadb-11.8.6/storage/connect/colblk.cpp mariadb-11.8.8/storage/connect/colblk.cpp --- mariadb-11.8.6/storage/connect/colblk.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/colblk.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -237,9 +237,9 @@ /***********************************************************************/ /* Make string output of a column descriptor block. */ /***********************************************************************/ -void COLBLK::Prints(PGLOBAL, char *ps, uint) +void COLBLK::Prints(PGLOBAL, char *ps, uint z) { - sprintf(ps, "R%d.%s", To_Tdb->GetTdb_No(), Name); + snprintf(ps, z, "R%d.%s", To_Tdb->GetTdb_No(), Name); } // end of Prints diff -Nru mariadb-11.8.6/storage/connect/csort.cpp mariadb-11.8.8/storage/connect/csort.cpp --- mariadb-11.8.6/storage/connect/csort.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/csort.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -118,7 +118,7 @@ Dup->ProgMax = Cmpnum(nb); Dup->ProgCur = 0; Dup->Step = (char*)PlugSubAlloc(g, NULL, 32); - sprintf((char*)Dup->Step, MSG(SORTING_VAL), nb); + snprintf((char*)Dup->Step, 32, MSG(SORTING_VAL), nb); } else Dup = NULL; diff -Nru mariadb-11.8.6/storage/connect/domdoc.cpp mariadb-11.8.8/storage/connect/domdoc.cpp --- mariadb-11.8.6/storage/connect/domdoc.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/domdoc.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -163,7 +163,7 @@ char buf[64]; MSXML2::IXMLDOMProcessingInstructionPtr pip; - sprintf(buf, "version=\"%s\" encoding=\"%s\"", ver, Encoding); + snprintf(buf, sizeof(buf), "version=\"%s\" encoding=\"%s\"", ver, Encoding); pip = Docp->createProcessingInstruction("xml", buf); Docp->appendChild(pip); return false; diff -Nru mariadb-11.8.6/storage/connect/filamdbf.cpp mariadb-11.8.8/storage/connect/filamdbf.cpp --- mariadb-11.8.6/storage/connect/filamdbf.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamdbf.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -437,7 +437,7 @@ /************************************************************************/ char buf[64]; - sprintf(buf, + snprintf(buf, sizeof(buf), "Ver=%02x ncol=%hu nlin=%u lrecl=%hu headlen=%hu date=%02d/%02d/%02d", hp->Version, fields, hp->Records, hp->Reclen, hp->Headlen, hp->Filedate[0], hp->Filedate[1], diff -Nru mariadb-11.8.6/storage/connect/filamfix.cpp mariadb-11.8.8/storage/connect/filamfix.cpp --- mariadb-11.8.6/storage/connect/filamfix.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamfix.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -688,8 +688,7 @@ if (of.LowPart == INVALID_SET_FILE_POINTER && (drc = GetLastError()) != NO_ERROR) { - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(SFP_ERROR), buf); return true; @@ -724,8 +723,7 @@ char buf[256]; // , *fn = (h == Hfile) ? To_File : "Tempfile"; drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(READ_ERROR), To_File, buf); @@ -767,8 +765,7 @@ strcpy(buf, MSG(BAD_BYTE_NUM)); else { drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); } // endelse brc @@ -880,8 +877,7 @@ if (Hfile == INVALID_HANDLE_VALUE) { rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, mode, filename); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)filename, sizeof(filename), NULL); } else rc = 0; @@ -1000,8 +996,7 @@ if (h == INVALID_HANDLE_VALUE) if ((rc = GetLastError()) != ERROR_FILE_NOT_FOUND) { snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, 10, filename); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)filename, sizeof(filename), NULL); safe_strcat(g->Message, sizeof(g->Message), filename); return -1; @@ -1395,8 +1390,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, MODE_INSERT, tempname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)tempname, _MAX_PATH, NULL); safe_strcat(g->Message, sizeof(g->Message), tempname); return true; diff -Nru mariadb-11.8.6/storage/connect/filamgz.cpp mariadb-11.8.8/storage/connect/filamgz.cpp --- mariadb-11.8.6/storage/connect/filamgz.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamgz.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -242,7 +242,7 @@ /***********************************************************************/ int GZFAM::GetNextPos(void) { - return gztell(Zfile); + return (int)gztell(Zfile); } // end of GetNextPos /***********************************************************************/ diff -Nru mariadb-11.8.6/storage/connect/filamtxt.cpp mariadb-11.8.8/storage/connect/filamtxt.cpp --- mariadb-11.8.6/storage/connect/filamtxt.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamtxt.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1859,13 +1859,13 @@ // Read the prefix giving the row length if (!fread(&Recsize, sizeof(size_t), 1, Stream)) { if (!feof(Stream)) { - snprintf(g->Message, sizeof(g->Message), "Error reading line prefix\n"); + snprintf(g->Message, sizeof(g->Message), "Error reading line prefix"); return RC_FX; } else return RC_EF; } else if (Recsize > (unsigned)Buflen) { - snprintf(g->Message, sizeof(g->Message), "Record too big (Recsize=%zd Buflen=%d)\n", Recsize, Buflen); + snprintf(g->Message, sizeof(g->Message), "Record too big (Recsize=%zd Buflen=%d)", Recsize, Buflen); return RC_FX; } // endif Recsize diff -Nru mariadb-11.8.6/storage/connect/filamvct.cpp mariadb-11.8.8/storage/connect/filamvct.cpp --- mariadb-11.8.6/storage/connect/filamvct.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamvct.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -3077,8 +3077,7 @@ if (of.LowPart == INVALID_SET_FILE_POINTER && (drc = GetLastError()) != NO_ERROR) { - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(SFP_ERROR), buf); return true; @@ -3114,8 +3113,7 @@ strncpy(buf, MSG(BAD_BYTE_READ), 256); else { drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); } // endelse brc @@ -3168,8 +3166,7 @@ strncpy(buf, MSG(BAD_BYTE_NUM), 256); else { drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); } // endelse brc @@ -3396,8 +3393,7 @@ err: rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(EMPTY_FILE), p, filename); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)filename, sizeof(filename), NULL); safe_strcat(g->Message, sizeof(g->Message), filename); @@ -3532,8 +3528,7 @@ if (Hfile == INVALID_HANDLE_VALUE) { rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, mode, filename); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)filename, sizeof(filename), NULL); safe_strcat(g->Message, sizeof(g->Message), filename); } // endif Hfile @@ -3984,8 +3979,7 @@ if (Tfile == INVALID_HANDLE_VALUE) { DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, MODE_DELETE, tempname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)tempname, _MAX_PATH, NULL); safe_strcat(g->Message, sizeof(g->Message), tempname); return true; diff -Nru mariadb-11.8.6/storage/connect/filamzip.cpp mariadb-11.8.8/storage/connect/filamzip.cpp --- mariadb-11.8.6/storage/connect/filamzip.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/filamzip.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -169,7 +169,7 @@ rc = GetLastError(); if (rc != ERROR_FILE_NOT_FOUND) { - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, (LPTSTR)&filename, sizeof(filename), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), filename); return true; diff -Nru mariadb-11.8.6/storage/connect/global.h mariadb-11.8.8/storage/connect/global.h --- mariadb-11.8.6/storage/connect/global.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/global.h 2026-05-24 09:58:32.000000000 +0000 @@ -47,6 +47,8 @@ #if defined(_WIN32) #define CRLF 2 +#define FORMAT_MESSAGE_FLAGS FORMAT_MESSAGE_FROM_SYSTEM | \ + FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK #else // !_WIN32 #define CRLF 1 #endif // !_WIN32 diff -Nru mariadb-11.8.6/storage/connect/ha_connect.cc mariadb-11.8.8/storage/connect/ha_connect.cc --- mariadb-11.8.6/storage/connect/ha_connect.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/ha_connect.cc 2026-05-24 09:58:32.000000000 +0000 @@ -808,7 +808,6 @@ sql_print_information("connect_init: hton=%p", p); DTVAL::SetTimeShift(); // Initialize time zone shift once for all - BINCOL::SetEndian(); // Initialize host endian setting #if defined(JAVA_SUPPORT) JAVAConn::SetJVM(); #endif // JAVA_SUPPORT @@ -5953,7 +5952,7 @@ #if defined(REST_SUPPORT) case TAB_REST: if (!topt->http) - sprintf(g->Message, "Missing %s HTTP address", topt->type); + snprintf(g->Message, sizeof(g->Message), "Missing %s HTTP address", topt->type); else ok= true; @@ -6377,7 +6376,10 @@ err: if (rc) - my_message(ER_UNKNOWN_ERROR, g->Message, MYF(0)); + if (g->Message[0]) + my_message(ER_UNKNOWN_ERROR, g->Message, MYF(0)); + else + my_error(ER_GET_ERRNO, MYF(0), rc, "CONNECT"); PopUser(xp); return rc; diff -Nru mariadb-11.8.6/storage/connect/ints.h mariadb-11.8.8/storage/connect/ints.h --- mariadb-11.8.6/storage/connect/ints.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/connect/ints.h 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,57 @@ +/* ints.h -- create integer types for 8, 16, 32, and 64 bits + * Copyright (C) 2024 Mark Adler + * For conditions of distribution and use, see the copyright notice in zlib.h + * + * There exist compilers with limits.h, but not stdint.h or inttypes.h. + */ + +#ifndef INTS_H +#define INTS_H +#include +#if defined(UCHAR_MAX) && UCHAR_MAX == 0xff + typedef signed char i8_t; + typedef unsigned char ui8_t; +#else +# error "no 8-bit integer" +#endif +#if defined(USHRT_MAX) && USHRT_MAX == 0xffff + typedef short i16_t; + typedef unsigned short ui16_t; +#elif defined(UINT_MAX) && UINT_MAX == 0xffff + typedef int i16_t; + typedef unsigned ui16_t; +#else +# error "no 16-bit integer" +#endif +#if defined(UINT_MAX) && UINT_MAX == 0xffffffff + typedef int i32_t; + typedef unsigned ui32_t; +# define PI32 "d" +# define PUI32 "u" +#elif defined(ULONG_MAX) && ULONG_MAX == 0xffffffff + typedef long i32_t; + typedef unsigned long ui32_t; +# define PI32 "ld" +# define PUI32 "lu" +#else +# error "no 32-bit integer" +#endif +#if defined(ULONG_MAX) && ULONG_MAX == 0xffffffffffffffff + typedef long i64_t; + typedef unsigned long ui64_t; +# define PI64 "ld" +# define PUI64 "lu" +#elif defined(ULLONG_MAX) && ULLONG_MAX == 0xffffffffffffffff + typedef long long i64_t; + typedef unsigned long long ui64_t; +# define PI64 "lld" +# define PUI64 "llu" +#elif defined(ULONG_LONG_MAX) && ULONG_LONG_MAX == 0xffffffffffffffff + typedef long long i64_t; + typedef unsigned long long ui64_t; +# define PI64 "lld" +# define PUI64 "llu" +#else +# error "no 64-bit integer" +#endif +#endif diff -Nru mariadb-11.8.6/storage/connect/ioapi.c mariadb-11.8.8/storage/connect/ioapi.c --- mariadb-11.8.6/storage/connect/ioapi.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/ioapi.c 2026-05-24 09:58:32.000000000 +0000 @@ -1,10 +1,10 @@ /* ioapi.h -- IO base function header for compress/uncompress .zip - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt diff -Nru mariadb-11.8.6/storage/connect/ioapi.h mariadb-11.8.8/storage/connect/ioapi.h --- mariadb-11.8.6/storage/connect/ioapi.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/ioapi.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,10 +1,10 @@ /* ioapi.h -- IO base function header for compress/uncompress .zip - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt @@ -18,8 +18,8 @@ */ -#ifndef _ZLIBIOAPI64_H -#define _ZLIBIOAPI64_H +#ifndef ZLIBIOAPI64_H +#define ZLIBIOAPI64_H #if defined(__linux__) || defined (__GNU__) @@ -69,43 +69,18 @@ #endif #endif -/* -#ifndef ZPOS64_T - #ifdef _WIN32 - #define ZPOS64_T fpos_t - #else - #include - #define ZPOS64_T uint64_t - #endif -#endif -*/ - #ifdef HAVE_MINIZIP64_CONF_H #include "mz64conf.h" #endif -/* a type chosen by DEFINE */ -#ifdef HAVE_64BIT_INT_CUSTOM -typedef 64BIT_INT_CUSTOM_TYPE ZPOS64_T; -#else -#ifdef HAS_STDINT_H -#include "stdint.h" -typedef uint64_t ZPOS64_T; -#else +#include "ints.h" +typedef ui64_t ZPOS64_T; /* Maximum unsigned 32-bit value used as placeholder for zip64 */ -#define MAXU32 0xffffffff - -#if defined(_MSC_VER) || defined(__BORLANDC__) -typedef unsigned __int64 ZPOS64_T; -#else -typedef unsigned long long int ZPOS64_T; -#endif -#endif +#ifndef MAXU32 +#define MAXU32 (0xffffffff) #endif - - #ifdef __cplusplus extern "C" { #endif @@ -189,8 +164,8 @@ #define ZREAD64(filefunc,filestream,buf,size) ((*((filefunc).zfile_func64.zread_file)) ((filefunc).zfile_func64.opaque,filestream,buf,size)) #define ZWRITE64(filefunc,filestream,buf,size) ((*((filefunc).zfile_func64.zwrite_file)) ((filefunc).zfile_func64.opaque,filestream,buf,size)) -//#define ZTELL64(filefunc,filestream) ((*((filefunc).ztell64_file)) ((filefunc).opaque,filestream)) -//#define ZSEEK64(filefunc,filestream,pos,mode) ((*((filefunc).zseek64_file)) ((filefunc).opaque,filestream,pos,mode)) +/*#define ZTELL64(filefunc,filestream) ((*((filefunc).ztell64_file)) ((filefunc).opaque,filestream)) */ +/*#define ZSEEK64(filefunc,filestream,pos,mode) ((*((filefunc).zseek64_file)) ((filefunc).opaque,filestream,pos,mode)) */ #define ZCLOSE64(filefunc,filestream) ((*((filefunc).zfile_func64.zclose_file)) ((filefunc).zfile_func64.opaque,filestream)) #define ZERROR64(filefunc,filestream) ((*((filefunc).zfile_func64.zerror_file)) ((filefunc).zfile_func64.opaque,filestream)) diff -Nru mariadb-11.8.6/storage/connect/javaconn.cpp mariadb-11.8.8/storage/connect/javaconn.cpp --- mariadb-11.8.6/storage/connect/javaconn.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/javaconn.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -276,8 +276,7 @@ char buf[256]; DWORD rc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(DLL_LOAD_ERROR)": %s", rc, soname, buf); diff -Nru mariadb-11.8.6/storage/connect/jdbconn.cpp mariadb-11.8.8/storage/connect/jdbconn.cpp --- mariadb-11.8.6/storage/connect/jdbconn.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/jdbconn.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -449,16 +449,11 @@ if (jcp->Connect(sjp)) return NULL; - if (strstr(src, "%s")) { + if (const char *p = strstr(src, "%s")) { // Place holder for an eventual where clause - size_t sqry_size = strlen(src) + 2; + size_t sqry_size = strlen(src) + 3; sqry = (char*)PlugSubAlloc(g, NULL, sqry_size); - // Function PlugSubAlloc(...) recalculate string size - // while allocate memory - it rounds size up size to multiple of 8 - // we need to know the real allocated size - // to use it in sprintf(...) - const int sqry_real_allocated_size = ROUNDUP_TO_8(sqry_size); - snprintf(sqry, sqry_real_allocated_size, src, "1=1"); // dummy where clause + snprintf(sqry, sqry_size, "%.*s1=1%s", (int) (p - src), src, p + 2); // dummy where clause } else sqry = (char*)src; diff -Nru mariadb-11.8.6/storage/connect/json.cpp mariadb-11.8.8/storage/connect/json.cpp --- mariadb-11.8.6/storage/connect/json.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/json.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1670,13 +1670,13 @@ p = Strp; break; case TYPE_INTG: - sprintf(p, "%d", N); + snprintf(p, 32, "%d", N); break; case TYPE_BINT: - sprintf(p, "%lld", LLn); + snprintf(p, 32, "%lld", LLn); break; case TYPE_DBL: - sprintf(p, "%.*lf", Nd, F); + snprintf(p, 32, "%.*lf", Nd, F); break; case TYPE_BOOL: p = (char*)((B) ? "true" : "false"); @@ -1770,7 +1770,7 @@ DataType = TYPE_BINT; break; default: - snprintf(g->Message, sizeof(g->Message), "Unsupported typ %d\n", valp->GetType()); + snprintf(g->Message, sizeof(g->Message), "Unsupported typ %d", valp->GetType()); throw(777); } // endswitch Type diff -Nru mariadb-11.8.6/storage/connect/jsonudf.cpp mariadb-11.8.8/storage/connect/jsonudf.cpp --- mariadb-11.8.6/storage/connect/jsonudf.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/jsonudf.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -4517,7 +4517,7 @@ for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -5774,7 +5774,7 @@ for (unsigned int i = 1; i < args->arg_count; i++) { if (!(args->arg_type[i] == INT_RESULT || args->arg_type[i] == STRING_RESULT)) { - sprintf(message, "Argument %d is not an integer or a string (pretty or path)", i); + snprintf(message, MYSQL_ERRMSG_SIZE, "Argument %d is not an integer or a string (pretty or path)", i); return true; } // endif arg_type @@ -5936,7 +5936,7 @@ return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i+1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i+1); return true; } // endif args @@ -5993,7 +5993,7 @@ return true; } else for (int i = 0; i < 2; i++) if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "Arguments %d must be a string (file name)", i + 1); + snprintf(message, MYSQL_ERRMSG_SIZE, "Arguments %d must be a string (file name)", i + 1); return true; } // endif args diff -Nru mariadb-11.8.6/storage/connect/libdoc.cpp mariadb-11.8.8/storage/connect/libdoc.cpp --- mariadb-11.8.6/storage/connect/libdoc.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/libdoc.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -195,7 +195,7 @@ va_start (ap, fmt); ; //vfprintf(stderr, fmt, ap); - vsprintf(s, fmt, ap); + vsnprintf(s, sizeof(s), fmt, ap); if (s[strlen(s)-1] == '\n') s[strlen(s)-1] = 0; va_end (ap); diff -Nru mariadb-11.8.6/storage/connect/macutil.cpp mariadb-11.8.8/storage/connect/macutil.cpp --- mariadb-11.8.6/storage/connect/macutil.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/macutil.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -63,8 +63,7 @@ else if (drc == ERROR_NOT_SUPPORTED) snprintf(g->Message, sizeof(g->Message), "GetAdaptersInfo is not supported"); else - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, GetLastError(), + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, g->Message, sizeof(g->Message), NULL); } // end of MakeErrorMsg @@ -145,7 +144,7 @@ } // endif drc if (drc != ERROR_SUCCESS) { - snprintf(g->Message, sizeof(g->Message), "GetNetworkParams failed. Rc=%08x\n", drc); + snprintf(g->Message, sizeof(g->Message), "GetNetworkParams failed. Rc=%08x", drc); return true; } // endif drc @@ -248,7 +247,7 @@ if (i) strcat(p++, "-"); - p += sprintf(p, "%.2X", Curp->Address[i]); + p += snprintf(p, sizeof(buf) - (p - buf), "%.2X", Curp->Address[i]); } // endfor i p = buf; @@ -263,7 +262,7 @@ case IF_LOOPBACK_ADAPTERTYPE: p = "Loop Back Adapter"; break; // case IF_SLIP_ADAPTERTYPE: p = "Generic Slip Adapter"; break; default: - sprintf(buf, "Other Adapter, type=%d", Curp->Type); + snprintf(buf, sizeof(buf), "Other Adapter, type=%d", Curp->Type); p = buf; } // endswitch Type #endif // 0 diff -Nru mariadb-11.8.6/storage/connect/myconn.cpp mariadb-11.8.8/storage/connect/myconn.cpp --- mariadb-11.8.6/storage/connect/myconn.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/myconn.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -599,7 +599,7 @@ { char kill[20]; - sprintf(kill, "KILL QUERY %u", (unsigned int) id); + snprintf(kill, sizeof(kill), "KILL QUERY %u", (unsigned int) id); //return (m_DB) ? mysql_query(m_DB, kill) : 1; return (m_DB) ? mysql_real_query(m_DB, kill, strlen(kill)) : 1; } // end of KillQuery @@ -722,9 +722,10 @@ //if (mysql_query(m_DB, query) != 0) { if (mysql_real_query(m_DB, query, strlen(query))) { - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "(%d) %s [%s]", mysql_errno(m_DB), + snprintf(msg, msg_size, "(%d) %s [%s]", mysql_errno(m_DB), mysql_error(m_DB), query); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; @@ -741,9 +742,10 @@ m_Res = mysql_store_result(m_DB); if (!m_Res) { - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "mysql_store_result failed: %s", mysql_error(m_DB)); + snprintf(msg, msg_size, "mysql_store_result failed: %s", mysql_error(m_DB)); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; rc = RC_FX; @@ -760,7 +762,7 @@ } else { // m_Rows = (int)mysql_affected_rows(m_DB); m_Rows = (int)m_DB->affected_rows; - snprintf(g->Message, sizeof(g->Message), "Affected rows: %d\n", m_Rows); + snprintf(g->Message, sizeof(g->Message), "Affected rows: %d", m_Rows); rc = RC_NF; } // endif field count @@ -778,9 +780,10 @@ { if (mysql_real_query(m_DB, query, strlen(query))) { #if defined(_DEBUG) - char *msg = (char*)PlugSubAlloc(g, NULL, 512 + strlen(query)); + size_t msg_size = 512 + strlen(query); + char *msg = (char*)PlugSubAlloc(g, NULL, msg_size); - sprintf(msg, "(%d) %s [%s]", mysql_errno(m_DB), + snprintf(msg, msg_size, "(%d) %s [%s]", mysql_errno(m_DB), mysql_error(m_DB), query); strncpy(g->Message, msg, sizeof(g->Message) - 1); g->Message[sizeof(g->Message) - 1] = 0; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/disabled.def mariadb-11.8.8/storage/connect/mysql-test/connect/disabled.def --- mariadb-11.8.6/storage/connect/mysql-test/connect/disabled.def 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/disabled.def 2026-05-24 09:58:32.000000000 +0000 @@ -23,5 +23,6 @@ mongo_java_2 : Need MongoDB running and its Java Driver installed mongo_java_3 : Need MongoDB running and its Java Driver installed tbl_thread : Bug MDEV-9844,10179,14214 03/01/2018 OB Option THREAD removed +odbc_sqlite3_grant : hopelessly obsolete #bson : Development #vcol : Different error code on different versions diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/csv.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/csv.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/csv.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/csv.result 2026-05-24 09:58:32.000000000 +0000 @@ -32,8 +32,8 @@ Nabucho 2003-08-12 2 RONALD 1980-02-26 4 DROP TABLE t1; -SELECT REPLACE(LOAD_FILE('DATADIR/test/people.csv'),'\r\n','\n');; -REPLACE(LOAD_FILE('DATADIR/test/people.csv'),'\r\n','\n') +SELECT REPLACE(LOAD_FILE('DATADIR/test/people.csv'),'\r\n','\n') AS file_contents;; +file_contents Name;birth;children "Archibald";17/05/01;3 "Nabucho";12/08/03;2 @@ -112,8 +112,8 @@ 4000 4000 a b c d DROP TABLE t1; -SELECT REPLACE(LOAD_FILE('DATADIR/test/tmp.csv'),'\r\n','\n');; -REPLACE(LOAD_FILE('DATADIR/test/tmp.csv'),'\r\n','\n') +SELECT REPLACE(LOAD_FILE('DATADIR/test/tmp.csv'),'\r\n','\n') AS file_contents;; +file_contents "c1","c2" "10","10" "20","20" @@ -134,8 +134,8 @@ test2 2 DROP TABLE t2; DROP TABLE t1; -SELECT REPLACE(LOAD_FILE('DATADIR/test/t2.csv'),'\r\n','\n');; -REPLACE(LOAD_FILE('DATADIR/test/t2.csv'),'\r\n','\n') +SELECT REPLACE(LOAD_FILE('DATADIR/test/t2.csv'),'\r\n','\n') AS file_contents;; +file_contents test1,1 test2,2 @@ -152,8 +152,8 @@ c1 á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents C3A10A CREATE TABLE t1 ( @@ -165,8 +165,8 @@ c1 á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents E10A CREATE TABLE t1 ( @@ -177,8 +177,8 @@ c1 á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents E10A CREATE TABLE t1 ( @@ -190,8 +190,8 @@ c1 á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents E10A CREATE TABLE t1 ( @@ -203,8 +203,8 @@ c1 á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents C3A10A CREATE TABLE t1 ( @@ -216,6 +216,6 @@ c1 c2 á á DROP TABLE t1; -SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n'));; -HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) +SELECT HEX(REPLACE(LOAD_FILE('DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents;; +file_contents E12CC3A10A diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/ini.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/ini.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/ini.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/ini.result 2026-05-24 09:58:32.000000000 +0000 @@ -40,8 +40,8 @@ contact name forename hired address city zipcode tel UK2 NULL John NULL NULL NULL NULL NULL DROP TABLE t1; -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [BER] name=Bertrand forename=Olivier @@ -100,8 +100,8 @@ UK1 zipcode NW1 2BP UK2 forename Paul DROP TABLE t1; -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [BER] name=Bertrand forename=Olivier @@ -145,8 +145,8 @@ 4000 4000 a b c d DROP TABLE t1; -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/tmp.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/tmp.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/tmp.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [10] c2=10 [20] @@ -236,8 +236,8 @@ s v sec1 val11 sec2 val22 -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [sec1] val2=val11 [sec2] @@ -258,8 +258,8 @@ s v 1sec1 1val1 1sec2 1val2 -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [1sec1] val=1val1 [1sec2] @@ -269,8 +269,8 @@ s v 2sec1 2val1 2sec2 2val2 -SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t2.ini'),'\r\n','\n'),'\n\n','\n');; -REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t2.ini'),'\r\n','\n'),'\n\n','\n') +SELECT REPLACE(REPLACE(LOAD_FILE('DATADIR/test/t2.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents;; +file_contents [2sec1] val=2val1 [2sec2] diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/jdbc.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/jdbc.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/jdbc.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/jdbc.result 2026-05-24 09:58:32.000000000 +0000 @@ -20,31 +20,33 @@ CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC TABNAME=t2 CONNECTION='jdbc:mysql://localhost:PORT/connect?user=root&useSSL=false'; SELECT * FROM t1; id msg tm dt dtm ts -455000000000 A very big number 18:10:25 2016-03-16 1999-12-11 23:01:52 2015-07-24 09:32:45 +455000000000 A very big number 17:10:25 2016-03-15 1999-12-11 22:01:52 2015-07-24 07:32:45 INSERT INTO t1 VALUES(786325481247, 'Hello!', '19:45:03', '1933-08-10', '1985-11-12 09:02:44', '2014-06-17 10:32:01'); Warnings: Note 1105 t2: 1 affected rows SELECT * FROM t1; id msg tm dt dtm ts -455000000000 A very big number 18:10:25 2016-03-16 1999-12-11 23:01:52 2015-07-24 09:32:45 -786325481247 Hello! 19:45:03 1933-08-10 1985-11-12 09:02:44 2014-06-17 10:32:01 +455000000000 A very big number 17:10:25 2016-03-15 1999-12-11 22:01:52 2015-07-24 07:32:45 +786325481247 Hello! 19:45:03 1933-08-09 1985-11-12 09:02:44 2014-06-17 10:32:01 DELETE FROM t1 WHERE msg = 'Hello!'; Warnings: Note 1105 t2: 1 affected rows SELECT * FROM t1; id msg tm dt dtm ts -455000000000 A very big number 18:10:25 2016-03-16 1999-12-11 23:01:52 2015-07-24 09:32:45 +455000000000 A very big number 17:10:25 2016-03-15 1999-12-11 22:01:52 2015-07-24 07:32:45 DROP TABLE t1; # # Testing JDBC view # +CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC SRCDEF='select id, msg, tm, dt, %s, %s from t2' CONNECTION='jdbc:mysql://localhost:PORT/connect?user=root&useSSL=false'; +ERROR HY000: Execute: java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%s from t2' at line 1 CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC SRCDEF='select id, msg, tm, dt from t2' CONNECTION='jdbc:mysql://localhost:PORT/connect?user=root&useSSL=false'; SELECT * FROM t1; id msg tm dt -455000000000 A very big number 18:10:25 2016-03-16 +455000000000 A very big number 17:10:25 2016-03-15 SELECT msg, dt FROM t1; msg dt -A very big number 2016-03-16 +A very big number 2016-03-15 DROP TABLE t1, connect.t2; # # Testing JDBC write operations @@ -78,12 +80,12 @@ CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC TABNAME=boys CONNECTION='jdbc:mysql://localhost:PORT/connect?user=root&useSSL=false' OPTION_LIST='scrollable=1'; SELECT * FROM t1; name city birth hired -John Boston 1986-01-25 2010-06-02 -Henry Boston 1987-06-07 2008-04-01 -George San Jose 1981-08-10 2010-06-02 -Sam Chicago 1979-11-22 2007-10-10 -James Dallas 1992-05-13 2009-12-14 -Bill Boston 1986-09-11 2008-02-10 +John Boston 1986-01-24 2010-06-01 +Henry Boston 1987-06-06 2008-03-31 +George San Jose 1981-08-09 2010-06-01 +Sam Chicago 1979-11-21 2007-10-09 +James Dallas 1992-05-12 2009-12-13 +Bill Boston 1986-09-10 2008-02-09 UPDATE t1 SET city = 'Phoenix' WHERE name = 'Henry'; Warnings: Note 1105 boys: 1 affected rows @@ -95,15 +97,15 @@ Note 1105 boys: 1 affected rows SELECT * FROM t1; name city birth hired -John Boston 1986-01-25 2010-06-02 -Henry Phoenix 1987-06-07 2008-04-01 -George San Jose 1981-08-10 2010-06-02 -Sam Chicago 1979-11-22 2007-10-10 -James Dallas 1992-05-13 2009-12-14 -Bill Boston 1986-09-11 2008-02-10 -Donald Atlanta 1999-04-01 2016-03-31 -Mick New York 1980-01-20 2002-09-11 -Tom Seatle 2002-03-15 NULL +John Boston 1986-01-24 2010-06-01 +Henry Phoenix 1987-06-06 2008-03-31 +George San Jose 1981-08-09 2010-06-01 +Sam Chicago 1979-11-21 2007-10-09 +James Dallas 1992-05-12 2009-12-13 +Bill Boston 1986-09-10 2008-02-09 +Donald Atlanta 1999-03-31 2016-03-30 +Mick New York 1980-01-19 2002-09-10 +Tom Seatle 2002-03-14 NULL DROP TABLE t3; # # Testing JDBC join operations @@ -185,7 +187,7 @@ `department` char(4) NOT NULL, `secretary` char(5) NOT NULL, `salary` double(12,2) NOT NULL -) ENGINE=CONNECT DEFAULT CHARSET=latin1 CONNECTION='jdbc:mariadb://localhost:PORT/connect?user=root' `TABLE_TYPE`='JDBC' `TABNAME`='emp' `OPTION_LIST`='Driver=org.mariadb.jdbc.Driver' +) ENGINE=CONNECT DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci CONNECTION='jdbc:mariadb://localhost:PORT/connect?user=root' `TABLE_TYPE`='JDBC' `TABNAME`='emp' `OPTION_LIST`='Driver=org.mariadb.jdbc.Driver' SELECT * FROM t1; serialno name sex title manager department secretary salary 74200 BANCROFT 2 SALESMAN 70012 0318 24888 9600.00 @@ -239,9 +241,9 @@ CREATE TABLE t2 (command varchar(128) not null,number int(5) not null flag=1,message varchar(255) flag=2) ENGINE=CONNECT TABLE_TYPE=JDBC CONNECTION='jdbc:mariadb://localhost:PORT/connect' OPTION_LIST='User=root,Execsrc=1'; SELECT * FROM t2 WHERE command='drop table tx1'; command number message -drop table tx1 0 Execute: java.sql.SQLSyntaxErrorException: (conn:24) Unknown table 'connect.tx1' +drop table tx1 0 Execute: java.sql.SQLSyntaxErrorException: (conn=28) Unknown table 'connect.tx1' Warnings: -Warning 1105 Execute: java.sql.SQLSyntaxErrorException: (conn:24) Unknown table 'connect.tx1' +Warning 1105 Execute: java.sql.SQLSyntaxErrorException: (conn=28) Unknown table 'connect.tx1' SELECT * FROM t2 WHERE command = 'create table tx1 (a int not null, b char(32), c double(8,2))'; command number message create table tx1 (a int not null, b char(32), c double(8,2)) 0 Affected rows @@ -276,7 +278,58 @@ CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC CATFUNC=tables CONNECTION='jdbc:mariadb://localhost:PORT/connect' option_list='User=root,Maxres=50'; SELECT * FROM t1; Table_Cat Table_Schema Table_Name Table_Type Remark -connect NULL tx1 TABLE +mysql NULL columns_priv SYSTEM TABLE Column privileges +mysql NULL column_stats SYSTEM TABLE Statistics on Columns +mysql NULL db SYSTEM TABLE Database privileges +mysql NULL event SYSTEM TABLE Events +mysql NULL func SYSTEM TABLE User defined functions +mysql NULL general_log SYSTEM TABLE General log +mysql NULL global_priv SYSTEM TABLE Users and global privileges +mysql NULL gtid_slave_pos SYSTEM TABLE Replication slave GTID position +mysql NULL help_category SYSTEM TABLE help categories +mysql NULL help_keyword SYSTEM TABLE help keywords +mysql NULL help_relation SYSTEM TABLE keyword-topic relation +mysql NULL help_topic SYSTEM TABLE help topics +mysql NULL index_stats SYSTEM TABLE Statistics on Indexes +mysql NULL innodb_index_stats SYSTEM TABLE Unknown storage engine 'InnoDB' +mysql NULL innodb_table_stats SYSTEM TABLE Unknown storage engine 'InnoDB' +mysql NULL plugin SYSTEM TABLE MySQL plugins +mysql NULL proc SYSTEM TABLE Stored Procedures +mysql NULL procs_priv SYSTEM TABLE Procedure privileges +mysql NULL proxies_priv SYSTEM TABLE User proxy privileges +mysql NULL roles_mapping SYSTEM TABLE Granted roles +mysql NULL servers SYSTEM TABLE MySQL Foreign Servers table +mysql NULL slow_log SYSTEM TABLE Slow log +mysql NULL tables_priv SYSTEM TABLE Table privileges +mysql NULL table_stats SYSTEM TABLE Statistics on Tables +mysql NULL time_zone SYSTEM TABLE Time zones +mysql NULL time_zone_leap_second SYSTEM TABLE Leap seconds information for time zones +mysql NULL time_zone_name SYSTEM TABLE Time zone names +mysql NULL time_zone_transition SYSTEM TABLE Time zone transitions +mysql NULL time_zone_transition_type SYSTEM TABLE Time zone transition types +mysql NULL transaction_registry SYSTEM TABLE Unknown storage engine 'InnoDB' +performance_schema NULL accounts SYSTEM TABLE +performance_schema NULL cond_instances SYSTEM TABLE +performance_schema NULL events_stages_current SYSTEM TABLE +performance_schema NULL events_stages_history SYSTEM TABLE +performance_schema NULL events_stages_history_long SYSTEM TABLE +performance_schema NULL events_stages_summary_by_account_by_event_name SYSTEM TABLE +performance_schema NULL events_stages_summary_by_host_by_event_name SYSTEM TABLE +performance_schema NULL events_stages_summary_by_thread_by_event_name SYSTEM TABLE +performance_schema NULL events_stages_summary_by_user_by_event_name SYSTEM TABLE +performance_schema NULL events_stages_summary_global_by_event_name SYSTEM TABLE +performance_schema NULL events_statements_current SYSTEM TABLE +performance_schema NULL events_statements_history SYSTEM TABLE +performance_schema NULL events_statements_history_long SYSTEM TABLE +performance_schema NULL events_statements_summary_by_account_by_event_name SYSTEM TABLE +performance_schema NULL events_statements_summary_by_digest SYSTEM TABLE +performance_schema NULL events_statements_summary_by_host_by_event_name SYSTEM TABLE +performance_schema NULL events_statements_summary_by_program SYSTEM TABLE +performance_schema NULL events_statements_summary_by_thread_by_event_name SYSTEM TABLE +performance_schema NULL events_statements_summary_by_user_by_event_name SYSTEM TABLE +performance_schema NULL events_statements_summary_global_by_event_name SYSTEM TABLE +Warnings: +Warning 1105 Result limited to 50 lines DROP TABLE t1; DROP TABLE connect.tx1; DROP DATABASE connect; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/odbc_sqlite3.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/odbc_sqlite3.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/odbc_sqlite3.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/odbc_sqlite3.result 2026-05-24 09:58:32.000000000 +0000 @@ -2,14 +2,16 @@ t1 CREATE TABLE `t1` ( `Description` char(128) NOT NULL, `Attributes` varchar(256) DEFAULT NULL -) ENGINE=CONNECT DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `TABLE_TYPE`='ODBC' `CATFUNC`='Drivers' +) ENGINE=CONNECT DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci `TABLE_TYPE`='ODBC' `CATFUNC`='Drivers' SET NAMES utf8; -CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8;; +CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC SRCDEF='SELECT %s, %d FROM t1' CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8;; +ERROR HY000: SQLExecDirect: [SQLite]near "%": syntax error (1) +CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8;; SHOW CREATE TABLE t1; Table Create Table t1 CREATE TABLE `t1` ( `a` varchar(64) DEFAULT NULL -) ENGINE=CONNECT DEFAULT CHARSET=utf8 COLLATE=utf8_general_ci CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' `TABLE_TYPE`='ODBC' `DATA_CHARSET`='utf8' +) ENGINE=CONNECT DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_uca1400_ai_ci CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' `TABLE_TYPE`='ODBC' `DATA_CHARSET`='utf8' SELECT * FROM t1; a test1 @@ -21,8 +23,8 @@ SHOW CREATE TABLE t2; Table Create Table t2 CREATE TABLE `t2` ( - `a` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci DEFAULT NULL -) ENGINE=MyISAM DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci + `a` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_uca1400_ai_ci DEFAULT NULL +) ENGINE=MyISAM DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_uca1400_ai_ci SELECT * FROM t2; a test1 @@ -41,17 +43,17 @@ ÆÇÈÉË DROP VIEW v1; DROP TABLE t1; -CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; SELECT * FROM t1; Table_Cat Table_Schema Table_Name Column_Name Data_Type Type_Name Column_Size Buffer_Length Decimal_Digits Radix Nullable Remarks t1 a 12 varchar(64) 64 64 10 0 1 NULL DROP TABLE t1; -CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; SELECT * FROM t1; Table_Cat Table_Schema Table_Name Table_Type Remark NULL NULL t1 TABLE NULL DROP TABLE t1; -CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; SELECT * FROM t1 ORDER BY Table_name; Table_Cat Table_Schema Table_Name Column_Name Data_Type Type_Name Column_Size Buffer_Length Decimal_Digits Radix Nullable Remarks t000 a 4 INT 9 10 10 0 1 NULL @@ -2056,7 +2058,7 @@ t399 d 4 INT 9 10 10 0 1 NULL t399 e 4 INT 9 10 10 0 1 NULL DROP TABLE t1; -CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=MTR_SUITE_DIR/std_data/test.sqlite3;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; SELECT * FROM t1 ORDER BY Table_name; Table_Cat Table_Schema Table_Name Table_Type Remark NULL NULL t000 TABLE NULL diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/oem.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/oem.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/oem.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/oem.result 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,12 @@ +# +# MDEV-39281 CONNECT OEM tables don't check subtype length +# +create table xtab engine=connect +table_type=oem module='$HA_CONNECT_SO' subtype='testing123456789012345678901234567890'; +ERROR HY000: Subtype string too long +create table xtab (a int) engine=connect +table_type=oem module='$HA_CONNECT_SO' subtype='testing123456789012345678901234567890'; +select * from xtab; +ERROR HY000: Subtype string too long +drop table xtab; +# End of 10.6 tests diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/r/rest.result mariadb-11.8.8/storage/connect/mysql-test/connect/r/rest.result --- mariadb-11.8.6/storage/connect/mysql-test/connect/r/rest.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/r/rest.result 2026-05-24 09:58:32.000000000 +0000 @@ -17,3 +17,11 @@ 9 Glenna Reichert Delphine Chaim_McDermott@dana.io Dayna Park Suite 449 Bartholomebury 76495-3109 24.6463 -168.8889 (775)976-6794 x41206 conrad.com Yost and Sons Switchable contextually-based project aggregate real-time technologies 10 Clementina DuBuque Moriah.Stanton Rey.Padberg@karina.biz Kattie Turnpike Suite 198 Lebsackbury 31428-2261 -38.2386 57.2232 024-648-3804 ambrose.net Hoeger LLC Centralized empowering task-force target end-to-end models DROP TABLE t1; +# +# MDEV-39289 CONNECT REST support on Windows doesn't escape the url +# +CREATE TABLE t1 +ENGINE=CONNECT DATA_CHARSET=utf8 TABLE_TYPE=JSON FILE_NAME='users.json' +HTTP='http://jsonplaceholder.typicode.com/users" "-Dhead.log'; +Got one of the listed errors +# End of 10.6 tests diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/bson_udf.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/bson_udf.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/bson_udf.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/bson_udf.test 2026-05-24 09:58:32.000000000 +0000 @@ -1,3 +1,4 @@ +--source include/no_view_protocol.inc --source bson_udf.inc let $MYSQLD_DATADIR= `select @@datadir`; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/csv.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/csv.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/csv.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/csv.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,7 +33,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/people.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/people.csv'),'\r\n','\n'); +--eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/people.csv'),'\r\n','\n') AS file_contents; --echo # --echo # Testing READONLY tables @@ -80,7 +80,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/tmp.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/tmp.csv'),'\r\n','\n'); +--eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/tmp.csv'),'\r\n','\n') AS file_contents; --echo # --echo # Creating a CSV table from a MyISAM table @@ -94,7 +94,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t2.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t2.csv'),'\r\n','\n'); +--eval SELECT REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t2.csv'),'\r\n','\n') AS file_contents; --remove_file $MYSQLD_DATADIR/test/t2.csv --echo # @@ -110,7 +110,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv CREATE TABLE t1 @@ -123,7 +123,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv CREATE TABLE t1 @@ -135,7 +135,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv CREATE TABLE t1 @@ -148,7 +148,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv CREATE TABLE t1 @@ -161,7 +161,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv CREATE TABLE t1 @@ -174,7 +174,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.csv --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')); +--eval SELECT HEX(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.csv'),'\r\n','\n')) AS file_contents; --remove_file $MYSQLD_DATADIR/test/t1.csv diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/grant.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/grant.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/grant.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/grant.test 2026-05-24 09:58:32.000000000 +0000 @@ -27,8 +27,10 @@ size DOUBLE(12,0) NOT NULL flag=5 ) ENGINE=CONNECT TABLE_TYPE=DIR FILE_NAME='*.*' CHARSET=latin1; # "size>0" to skip directory names on Windows +--disable_view_protocol --replace_result $MYSQLD_DATADIR DATADIR/ SELECT fname, ftype, size FROM t1 WHERE size>0 AND ftype!='.opt'; +--enable_view_protocol --connection user SELECT user(); diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/have_odbc_sqlite3.inc mariadb-11.8.8/storage/connect/mysql-test/connect/t/have_odbc_sqlite3.inc --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/have_odbc_sqlite3.inc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/have_odbc_sqlite3.inc 2026-05-24 09:58:32.000000000 +0000 @@ -5,7 +5,7 @@ { Skip No ODBC support; } -if (!`SELECT count(*) FROM t1 WHERE Description='SQLite3 ODBC Driver'`) +if (!`SELECT count(*) FROM t1 WHERE Description='SQLite3'`) { DROP TABLE t1; Skip Need SQLite3 ODBC Driver; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/ini.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/ini.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/ini.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/ini.test 2026-05-24 09:58:32.000000000 +0000 @@ -41,7 +41,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/contact.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; CREATE TABLE t1 ( @@ -55,7 +55,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/contact.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/contact.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; --echo # @@ -71,7 +71,7 @@ DROP TABLE t1; --chmod 0777 $MYSQLD_DATADIR/test/tmp.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/tmp.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/tmp.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; --echo # @@ -136,7 +136,7 @@ SELECT sec2 AS s, val2 AS v FROM t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; DROP TABLE t1; CREATE TABLE t1 (sec CHAR(10) NOT NULL FLAG=1, val CHAR(10) NOT NULL) @@ -148,9 +148,9 @@ SELECT sec AS s, val AS v FROM t1; --chmod 0777 $MYSQLD_DATADIR/test/t1.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t1.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; SELECT sec AS s, val AS v FROM t2; --chmod 0777 $MYSQLD_DATADIR/test/t2.ini --replace_result $MYSQLD_DATADIR DATADIR ---eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t2.ini'),'\r\n','\n'),'\n\n','\n'); +--eval SELECT REPLACE(REPLACE(LOAD_FILE('$MYSQLD_DATADIR/test/t2.ini'),'\r\n','\n'),'\n\n','\n') AS file_contents; DROP TABLE t1, t2; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/jdbc.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/jdbc.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/jdbc.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/jdbc.test 2026-05-24 09:58:32.000000000 +0000 @@ -40,6 +40,9 @@ --echo # Testing JDBC view --echo # --replace_result $PORT PORT +--error ER_UNKNOWN_ERROR +--eval CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC SRCDEF='select id, msg, tm, dt, %s, %s from t2' CONNECTION='jdbc:mysql://localhost:$PORT/connect?user=root&useSSL=false' +--replace_result $PORT PORT --eval CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=JDBC SRCDEF='select id, msg, tm, dt from t2' CONNECTION='jdbc:mysql://localhost:$PORT/connect?user=root&useSSL=false' SELECT * FROM t1; SELECT msg, dt FROM t1; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/json_udf.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/json_udf.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf.test 2026-05-24 09:58:32.000000000 +0000 @@ -1,3 +1,4 @@ +--source include/no_view_protocol.inc --source json_udf.inc let $MYSQLD_DATADIR= `select @@datadir`; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/json_udf_bin.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf_bin.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/json_udf_bin.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/json_udf_bin.test 2026-05-24 09:58:32.000000000 +0000 @@ -1,3 +1,4 @@ +--source include/no_view_protocol.inc --source json_udf.inc let $MYSQLD_DATADIR= `select @@datadir`; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/odbc_sqlite3.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/odbc_sqlite3.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/odbc_sqlite3.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/odbc_sqlite3.test 2026-05-24 09:58:32.000000000 +0000 @@ -1,7 +1,7 @@ --source have_odbc_sqlite3.inc # -# To run this test, install SQLite3 ODBC Driver from +# To run this test, install SQLite3 from # http://www.ch-werner.de/sqliteodbc/ # # Note, the test does not need a DSN to be created @@ -29,8 +29,8 @@ # # 4. Add these lines into /etc/odbcinst.ini # -#[SQLite3 ODBC Driver] -#Description=SQLite3 ODBC Driver +#[SQLite3] +#Description=SQLite3 #Driver=/opt/sqliteodbc/libsqlite3odbc.so #Setup=/opt/sqliteodbc/libsqlite3odbc.so # @@ -52,7 +52,10 @@ # let $Database=$MTR_SUITE_DIR/std_data/test.sqlite3; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR ---eval CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +--error ER_UNKNOWN_ERROR +--eval CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC SRCDEF='SELECT %s, %d FROM t1' CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; +--replace_result $MTR_SUITE_DIR MTR_SUITE_DIR +--eval CREATE TABLE t1 ENGINE=CONNECT TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR SHOW CREATE TABLE t1; SELECT * FROM t1; @@ -69,22 +72,22 @@ DROP TABLE t1; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR ---eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 +--eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 SELECT * FROM t1; DROP TABLE t1; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR ---eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 +--eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABNAME='t1' TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 SELECT * FROM t1; DROP TABLE t1; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR ---eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 +--eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Columns TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 SELECT * FROM t1 ORDER BY Table_name; DROP TABLE t1; --replace_result $MTR_SUITE_DIR MTR_SUITE_DIR ---eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3 ODBC Driver;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 +--eval CREATE TABLE t1 ENGINE=CONNECT CATFUNC=Tables TABLE_TYPE=ODBC CONNECTION='Driver=SQLite3;Database=$Database;NoWCHAR=yes' CHARSET=utf8 DATA_CHARSET=utf8 SELECT * FROM t1 ORDER BY Table_name; DROP TABLE t1; diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/oem.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/oem.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/oem.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/oem.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,26 @@ +--source include/not_embedded.inc + +if (!$HA_CONNECT_SO) { + skip needs dynamic CONNECT plugin; +} + +let path=`select @@plugin_dir`; + +--echo # +--echo # MDEV-39281 CONNECT OEM tables don't check subtype length +--echo # + +--replace_result $path /plugin-dir/ $HA_CONNECT_SO ha_connect.so +--error ER_UNKNOWN_ERROR +evalp create table xtab engine=connect +table_type=oem module='$HA_CONNECT_SO' subtype='testing123456789012345678901234567890'; + +evalp create table xtab (a int) engine=connect +table_type=oem module='$HA_CONNECT_SO' subtype='testing123456789012345678901234567890'; + +--replace_result $path /plugin-dir/ $HA_CONNECT_SO ha_connect.so +--error ER_UNKNOWN_ERROR +select * from xtab; +drop table xtab; + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/storage/connect/mysql-test/connect/t/rest.test mariadb-11.8.8/storage/connect/mysql-test/connect/t/rest.test --- mariadb-11.8.6/storage/connect/mysql-test/connect/t/rest.test 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/mysql-test/connect/t/rest.test 2026-05-24 09:58:32.000000000 +0000 @@ -10,8 +10,14 @@ HTTP='http://jsonplaceholder.typicode.com/users'; SELECT * FROM t1; DROP TABLE t1; - -# -# Clean up -# --remove_file $MYSQLD_DATADIR/test/users.json + +--echo # +--echo # MDEV-39289 CONNECT REST support on Windows doesn't escape the url +--echo # +--error ER_UNKNOWN_ERROR,ER_GET_ERRNO +CREATE TABLE t1 +ENGINE=CONNECT DATA_CHARSET=utf8 TABLE_TYPE=JSON FILE_NAME='users.json' +HTTP='http://jsonplaceholder.typicode.com/users" "-Dhead.log'; + +--echo # End of 10.6 tests diff -Nru mariadb-11.8.6/storage/connect/odbconn.cpp mariadb-11.8.8/storage/connect/odbconn.cpp --- mariadb-11.8.6/storage/connect/odbconn.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/odbconn.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -437,10 +437,11 @@ if (ocp->Open(dsn, sop, 10) < 1) // openReadOnly + noOdbcDialog return NULL; - if (strstr(src, "%s")) { + if (char *p = strstr(src, "%s")) { // Place holder for an eventual where clause - sqry = (char*)PlugSubAlloc(g, NULL, strlen(src) + 3); - sprintf(sqry, src, "1=1", "1=1"); // dummy where clause + size_t sqry_size = strlen(src) + 3; + sqry = (char*)PlugSubAlloc(g, NULL, sqry_size); + snprintf(sqry, sqry_size, "%.*s1=1%s", (int) (p - src), src, p + 2); // dummy where clause } else sqry = src; diff -Nru mariadb-11.8.6/storage/connect/plgdbutl.cpp mariadb-11.8.8/storage/connect/plgdbutl.cpp --- mariadb-11.8.6/storage/connect/plgdbutl.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/plgdbutl.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1008,7 +1008,7 @@ { char buf[12]; - sprintf(buf, "%d", n); + snprintf(buf, sizeof(buf), "%d", n); return WritePrivateProfileString(sec, key, buf, ini); } // end of WritePrivateProfileInt @@ -1115,7 +1115,7 @@ case TYPE_AM_MAC: strcpy(amn, "MAC"); break; case TYPE_AM_OEM: strcpy(amn, "OEM"); break; case TYPE_AM_OUT: strcpy(amn, "OUT"); break; - default: sprintf(amn, "OEM(%d)", am); + default: snprintf(amn, 16, "OEM(%d)", am); } // endswitch am return amn; diff -Nru mariadb-11.8.6/storage/connect/plugutil.cpp mariadb-11.8.8/storage/connect/plugutil.cpp --- mariadb-11.8.6/storage/connect/plugutil.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/plugutil.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -430,8 +430,7 @@ const int BUF_SIZE= 512; msg = (char*)PlugSubAlloc(g, NULL, BUF_SIZE); // Extend buf allocation n = snprintf(msg, BUF_SIZE, "Message %d, rc=%d: ", mid, rc); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)(msg + n), BUF_SIZE - n, NULL); return msg; } // endif n diff -Nru mariadb-11.8.6/storage/connect/rcmsg.c mariadb-11.8.8/storage/connect/rcmsg.c --- mariadb-11.8.6/storage/connect/rcmsg.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/rcmsg.c 2026-05-24 09:58:32.000000000 +0000 @@ -48,11 +48,11 @@ char msg[32]; if (!(p = GetMsgid(id))) { - sprintf(msg, "ID=%d unknown", id); + snprintf(msg, sizeof(msg), "ID=%d unknown", id); p = msg; } // endif p - return sprintf(buf, "%.*s", bufsize-1, p); + return snprintf(buf, bufsize, "%.*s", bufsize-1, p); } // end of GetRcString #endif // !XMSG diff -Nru mariadb-11.8.6/storage/connect/reldef.cpp mariadb-11.8.8/storage/connect/reldef.cpp --- mariadb-11.8.6/storage/connect/reldef.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/reldef.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -115,8 +115,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(DLL_LOAD_ERROR), rc, soname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); safe_strcat(g->Message, sizeof(g->Message), ": "); safe_strcat(g->Message, sizeof(g->Message), buf); @@ -626,7 +625,12 @@ if (check_valid_path(Module, strlen(Module))) { safe_strcpy(g->Message, sizeof(g->Message), "Module cannot contain a path"); return NULL; - } else + } + else if (strlen(Subtype)+1+3 >= sizeof(getname)) { + safe_strcpy(g->Message, sizeof(g->Message), "Subtype string too long"); + return NULL; + } + else // PlugSetPath(soname, Module, GetPluginDir()); // Crashes on Fedora snprintf(soname, sizeof(soname), "%s%s", GetPluginDir(), Module); @@ -639,8 +643,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(DLL_LOAD_ERROR), rc, soname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); safe_strcat(g->Message, sizeof(g->Message), ": "); safe_strcat(g->Message, sizeof(g->Message), buf); @@ -660,8 +663,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(PROCADD_ERROR), rc, getname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); safe_strcat(g->Message, sizeof(g->Message), ": "); safe_strcat(g->Message, sizeof(g->Message), buf); @@ -754,9 +756,9 @@ if (!*Module) Module = Subtype; - char *desc = (char*)PlugSubAlloc(g, NULL, strlen(Module) - + strlen(Subtype) + 3); - sprintf(desc, "%s(%s)", Module, Subtype); + size_t desc_size = strlen(Module) + strlen(Subtype) + 3; + char *desc = (char*)PlugSubAlloc(g, NULL, desc_size); + snprintf(desc, desc_size, "%s(%s)", Module, Subtype); Desc = desc; // If define block not here yet, get it now diff -Nru mariadb-11.8.6/storage/connect/restget.cpp mariadb-11.8.8/storage/connect/restget.cpp --- mariadb-11.8.6/storage/connect/restget.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/restget.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -79,7 +79,7 @@ if (xt) fprintf(stderr, "Error exception: %s\n", e.what()); - sprintf(m, "Error exception: %s", e.what()); + snprintf(m, 4160, "Error exception: %s", e.what()); rc= 1; } // end try/catch diff -Nru mariadb-11.8.6/storage/connect/skipset.h mariadb-11.8.8/storage/connect/skipset.h --- mariadb-11.8.6/storage/connect/skipset.h 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/connect/skipset.h 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,366 @@ +/* skipset.h -- set operations using a skiplist +// Copyright (C) 2024-2026 Mark Adler +// See MiniZip_info.txt for the license. + +// This implements a skiplist set, i.e. just keys, no data, with ~O(log n) time +// insert and search operations. The application defines the type of a key, and +// provides a function to compare two keys. + +// This header is not definitions of functions found in another source file -- +// it creates the set functions, with the application's key type, right where +// the #include is. Before this header is #included, these must be defined: +// +// 1. A macro or typedef for set_key_t, the type of a key. +// 2. A macro or function set_cmp(a, b) to compare two keys. The return values +// are < 0 for a < b, 0 for a == b, and > 0 for a > b. +// 3. A macro or function set_drop(s, k) to release the key k's resources, if +// any, when doing a set_end() or set_clear(). s is a pointer to the set +// that key is in, for use with set_free() if desired. +// +// Example usage: +// +// typedef int set_key_t; +// #define set_cmp(a, b) ((a) < (b) ? -1 : (a) == (b) ? 0 : 1) +// #define set_drop(s, k) +// #include "skipset.h" +// +// int test(void) { // return 0: good, 1: bad, -1: out of memory +// set_t set; +// if (setjmp(set.env)) +// return -1; +// set_start(&set); +// set_insert(&set, 2); +// set_insert(&set, 1); +// set_insert(&set, 7); +// int bad = !set_found(&set, 2); +// bad = bad || set_found(&set, 5); +// set_end(&set); +// return bad; +// } +// +// Interface summary (see more details below): +// - set_t is the type of the set being operated on (a set_t pointer is passed) +// - set_start() initializes a new, empty set (initialize set.env first) +// - set_insert() inserts a new key into the set, or not if it's already there +// - set_found() determines whether or not a key is in the set +// - set_end() ends the use of the set, freeing all memory +// - set_clear() empties the set, equivalent to set_end() and then set_start() +// - set_ok() checks if set appears to be usable, i.e. started and not ended +// +// Auxiliary functions available to the application: +// - set_alloc() allocates memory with optional tracking (#define SET_TRACK) +// - set_free() deallocates memory allocated by set_alloc() +// - set_rand() returns 32 random bits (seeded by set_start()) */ + +#ifndef SKIPSET_H +#define SKIPSET_H + +#include /* realloc(), free(), NULL, size_t */ +#include /* ptrdiff_t */ +#include /* jmp_buf, longjmp() */ +#include /* ENOMEM */ +#include /* time(), clock() */ +#include /* assert.h */ +#include "ints.h" /* i16_t, ui32_t, ui64_t */ + +/* Structures and functions below noted as "--private--" should not be used by +// the application. set_t is partially private and partially public -- see the +// comments there. + +// There is no POSIX random() in MSVC, and rand() is awful. For portability, we +// cannot rely on a library function for random numbers. Instead we use the +// fast and effective algorithm below, invented by Melissa O'Neill. + +// *Really* minimal PCG32 code / (c) 2014 M.E. O'Neill / www.pcg-random.org +// Licensed under Apache License 2.0 (NO WARRANTY, etc. see website) +// --private-- Random number generator state. */ +typedef struct { + ui64_t state; /* 64-bit generator state */ + ui64_t inc; /* 63-bit sequence id */ +} set_rand_t; +/* --private-- Initialize the state *gen using seed and seq. seed seeds the +// advancing 64-bit state. seq is a sequence selection constant. */ +void set_seed(set_rand_t *gen, ui64_t seed, ui64_t seq) { + gen->inc = (seq << 1) | 1; + gen->state = (seed + gen->inc) * 6364136223846793005ULL + gen->inc; +} +/* Start a unique random number sequence using bits from noise sources. */ +void set_uniq(set_rand_t *gen, const void *ptr) { + set_seed(gen, ((ui64_t)(ptrdiff_t)ptr << 32) ^ + ((ui64_t)time(NULL) << 12) ^ clock(), 0); +} +/* Return 32 random bits, advancing the state *gen. */ +ui32_t set_rand(set_rand_t *gen) { + ui64_t state = gen->state; + gen->state = state * 6364136223846793005ULL + gen->inc; + ui32_t mix = (ui32_t)(((state >> 18) ^ state) >> 27); + int rot = state >> 59; + return (mix >> rot) | (mix << ((-rot) & 31)); +} +/* End of PCG32 code. */ + +/* --private-- Linked-list node. */ +typedef struct set_node_s set_node_t; +struct set_node_s { + set_key_t key; /* the key (not used for head or path) */ + i16_t size; /* number of allocated pointers in right[] */ + i16_t fill; /* number of pointers in right[] filled in */ + set_node_t **right; /* pointer for each level, each to the right */ +}; + +/* A set. The application sets env, may use gen with set_rand(), and may read +// allocs and memory. The remaining variables are --private-- . */ +typedef struct set_s { + set_node_t *head; /* skiplist head -- no key, just links */ + set_node_t *path; /* right[] is path to key from set_found() */ + set_node_t *node; /* node under construction, in case of longjmp() */ + i16_t depth; /* maximum depth of the skiplist */ + ui64_t ran; /* a precious trove of random bits */ + set_rand_t gen; /* random number generator state */ + jmp_buf env; /* setjmp() environment for allocation errors */ +#ifdef SET_TRACK + size_t allocs; /* number of allocations */ + size_t memory; /* total amount of allocated memory (>= requests) */ +#endif +} set_t; + +/* Memory allocation and deallocation. set_alloc(set, ptr, size) returns a +// pointer to an allocation of size bytes if ptr is NULL, or the previous +// allocation ptr resized to size bytes. set_alloc() will never return NULL. +// set_free(set, ptr) frees an allocation created by set_alloc(). These may be +// used by the application. e.g. if allocation tracking is desired. */ +#ifdef SET_TRACK +/* Track the number of allocations and the total backing memory size. */ +# if defined(_WIN32) +# include +# define SET_ALLOC_SIZE(ptr) _msize(ptr) +# elif defined(__MACH__) +# include +# define SET_ALLOC_SIZE(ptr) malloc_size(ptr) +# elif defined(__linux__) +# include +# define SET_ALLOC_SIZE(ptr) malloc_usable_size(ptr) +# elif defined(__FreeBSD__) +# include +# define SET_ALLOC_SIZE(ptr) malloc_usable_size(ptr) +# elif defined(__NetBSD__) +# include +# define SET_ALLOC_SIZE(ptr) malloc_usable_size(ptr) +# else // e.g. OpenBSD +# define SET_ALLOC_SIZE(ptr) 0 +# endif +// With tracking. +void *set_alloc(set_t *set, void *ptr, size_t size) { + size_t had = ptr == NULL ? 0 : SET_ALLOC_SIZE(ptr); + void *mem = realloc(ptr, size); + if (mem == NULL) + longjmp(set->env, ENOMEM); + set->allocs += ptr == NULL; + set->memory += SET_ALLOC_SIZE(mem) - had; + return mem; +} +void set_free(set_t *set, void *ptr) { + if (ptr != NULL) { + set->allocs--; + set->memory -= SET_ALLOC_SIZE(ptr); + free(ptr); + } +} +#else +/* Without tracking. */ +void *set_alloc(set_t *set, void *ptr, size_t size) { + void *mem = realloc(ptr, size); + if (mem == NULL) + longjmp(set->env, ENOMEM); + return mem; +} +void set_free(set_t *set, void *ptr) { + (void)set; + free(ptr); +} +#endif + +/* --private-- Grow node's array right[] as needed to be able to hold at least +// want links. If fill is true, assure that the first want links are filled in, +// setting them to set->head if not previously filled in. Otherwise it is +// assumed that the first want links are about to be filled in. */ +void set_grow(set_t *set, set_node_t *node, int want, int fill) { + if (node->size < want) { + int more = node->size ? node->size : 1; + while (more < want) + more <<= 1; + node->right = set_alloc(set, node->right, + (size_t)more * sizeof(set_node_t *)); + node->size = (i16_t)more; + } + int i; + if (fill) + for (i = node->fill; i < want; i++) + node->right[i] = set->head; + node->fill = (i16_t)want; +} + +/* --private-- Return a new node. key is left uninitialized. */ +set_node_t *set_node(set_t *set) { + set_node_t *node = set_alloc(set, NULL, sizeof(set_node_t)); + node->size = 0; + node->fill = 0; + node->right = NULL; + return node; +} + +/* --private-- Free the list linked from head, along with the keys. */ +void set_sweep(set_t *set) { + set_node_t *step = set->head->right[0]; + while (step != set->head) { + set_node_t *next = step->right[0]; /* save link to next node */ + set_drop(set, step->key); + set_free(set, step->right); + set_free(set, step); + step = next; + } +} + +/* Initialize a new set. set->env must be initialized using setjmp() before +// set_start() is called. A longjmp(set->env, ENOMEM) will be used to handle a +// memory allocation failure during any of the operations. (See setjmp.h and +// errno.h.) The set can still be used if this happens, assuming that it didn't +// happen during set_start(). Whether set_start() completed or not, set_end() +// can be used to free the set's memory after a longjmp(). */ +void set_start(set_t *set) { +#ifdef SET_TRACK + set->allocs = 0; + set->memory = 0; +#endif + set->head = set->path = set->node = NULL; /* in case set_node() fails */ + set->path = set_node(set); + set->head = set_node(set); + set_grow(set, set->head, 1, 1); /* one link back to head for an empty set */ + *(unsigned char *)&set->head->key = 137; /* set id */ + set->depth = 0; + set_uniq(&set->gen, set); + set->ran = 1; +} + +/* Return true if *set appears to be in a usable state. If *set has been zeroed +// out, then set_ok(set) will be false and set_end(set) will be safe. */ +int set_ok(set_t *set) { + return set->head != NULL && + set->head->right != NULL && + *(unsigned char *)&set->head->key == 137; +} + +/* Empty the set. This frees the memory used for the previous set contents. +// After set_clear(), *set is ready for use, as if after a set_start(). */ +void set_clear(set_t *set) { + assert(set_ok(set) && "improper use"); + + /* Free all the keys and their nodes. */ + set_sweep(set); + + /* Leave the head and path allocations as is. Clear their contents, with + // head pointing to itself and setting depth to zero, for an empty set. */ + set->head->right[0] = set->head; + set->head->fill = 1; + set->path->fill = 0; + set->depth = 0; +} + +/* Done using the set -- free all allocations. The only operation on *set +// permitted after this is set_start(). Though another set_end() would do no +// harm. This can be done at any time after a set_start(), or after a longjmp() +// on any allocation failure, including during a set_start(). */ +void set_end(set_t *set) { + if (set->head != NULL) { + /* Empty the set and free the head node. */ + if (set->head->right != NULL) { + set_sweep(set); + set_free(set, set->head->right); + } + set_free(set, set->head); + set->head = NULL; + } + if (set->path != NULL) { + /* Free the path work area. */ + set_free(set, set->path->right); + set_free(set, set->path); + set->path = NULL; + } + if (set->node != NULL) { + /* Free the node that was under construction when longjmp() hit. */ + set_drop(set, set->node->key); + set_free(set, set->node->right); + set_free(set, set->node); + set->node = NULL; + } +} + +/* Look for key. Return 1 if found or 0 if not. This also puts the path to get +// there in set->path, for use by set_insert(). */ +int set_found(set_t *set, set_key_t key) { + assert(set_ok(set) && "improper use"); + + /* Start at depth and work down and right as determined by key comparisons. */ + set_node_t *head = set->head, *here = head; + int i = set->depth; + set_grow(set, set->path, i + 1, 0); + do { + while (here->right[i] != head && + set_cmp(here->right[i]->key, key) < 0) + here = here->right[i]; + set->path->right[i] = here; + } while (i--); + + /* See if the key matches. */ + here = here->right[0]; + return here != head && set_cmp(here->key, key) == 0; +} + +/* Insert the key key. Return 0 on success, or 1 if key is already in the set. */ +int set_insert(set_t *set, set_key_t key) { + assert(set_ok(set) && "improper use"); + + if (set_found(set, key)) + /* That key is already in the set. */ + return 1; + + /* Randomly generate a new level-- level 0 with probability 1/2, 1 with + // probability 1/4, 2 with probability 1/8, etc. */ + int level = 0; + for (;;) { + if (set->ran == 1) + /* Ran out. Get another 32 random bits. */ + set->ran = set_rand(&set->gen) | (1ULL << 32); + int bit = set->ran & 1; + set->ran >>= 1; + if (bit) + break; + assert(level < 32767 && + "Overhead, without any fuss, the stars were going out."); + level++; + } + if (level > set->depth) { + /* The maximum depth is now deeper. Update the structures. */ + set_grow(set, set->path, level + 1, 1); + set_grow(set, set->head, level + 1, 1); + set->depth = (i16_t)level; + } + + /* Make a new node for the provided key, and insert it in the lists up to + // and including level. */ + set->node = set_node(set); + set->node->key = key; + set_grow(set, set->node, level + 1, 0); + int i; + for (i = 0; i <= level; i++) { + set->node->right[i] = set->path->right[i]->right[i]; + set->path->right[i]->right[i] = set->node; + } + set->node = NULL; + return 0; +} + +#else +#error ** another skiplist set already created here +/* Would need to implement a prefix in order to support multiple sets. */ +#endif diff -Nru mariadb-11.8.6/storage/connect/tabcol.cpp mariadb-11.8.8/storage/connect/tabcol.cpp --- mariadb-11.8.6/storage/connect/tabcol.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabcol.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -99,7 +99,7 @@ *ps = '\0'; for (PTABLE tp = this; tp && n > 0; tp = tp->Next) { - i = sprintf(buf, "TABLE: %s.%s %s To_Tdb=%p ", + i = snprintf(buf, sizeof(buf), "TABLE: %s.%s %s To_Tdb=%p ", SVP(tp->Schema), tp->Name, SVP(tp->Srcdef), tp->To_Tdb); strncat(ps, buf, n); n -= i; @@ -159,10 +159,10 @@ char buf[80]; if (Name) - sprintf(buf, "COLUMN: %s.%s table=%p col=%p", + snprintf(buf, sizeof(buf), "COLUMN: %s.%s table=%p col=%p", ((!Qualifier) ? (PSZ)"?" : Qualifier), Name, To_Table, To_Col); else // LNA - sprintf(buf, "C%d", (!Qualifier) ? 0 : *(int *)Qualifier); + snprintf(buf, sizeof(buf), "C%d", (!Qualifier) ? 0 : *(int *)Qualifier); strncpy(ps, buf, z); ps[z - 1] = '\0'; diff -Nru mariadb-11.8.6/storage/connect/tabdos.cpp mariadb-11.8.8/storage/connect/tabdos.cpp --- mariadb-11.8.6/storage/connect/tabdos.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabdos.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -2694,7 +2694,7 @@ for (; i < Dcm; i++) safe_strcat(fmt, sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetShortValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetShortValue()); break; case TYPE_INT: safe_strcpy(fmt, sizeof(fmt), (Ldz) ? "%0*d" : "%*.d"); @@ -2704,7 +2704,7 @@ for (; i < Dcm; i++) safe_strcat(fmt,sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetIntValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetIntValue()); break; case TYPE_TINY: safe_strcpy(fmt, sizeof(fmt), (Ldz) ? "%0*d" : "%*.d"); @@ -2714,7 +2714,7 @@ for (; i < Dcm; i++) safe_strcat(fmt, sizeof(fmt), "0"); - len = sprintf(Buf, fmt, field - i, Value->GetTinyValue()); + len = snprintf(Buf, field + 1, fmt, field - i, Value->GetTinyValue()); break; case TYPE_DOUBLE: case TYPE_DECIM: diff -Nru mariadb-11.8.6/storage/connect/tabext.cpp mariadb-11.8.8/storage/connect/tabext.cpp --- mariadb-11.8.6/storage/connect/tabext.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabext.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -355,22 +355,22 @@ if (!stricmp(ph, "W") && n_placeholders <= 1) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil1)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil1)); } else if (!stricmp(ph, "WH") && n_placeholders <= 2) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil1, fil2)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil1, fil2)); } else if (!stricmp(ph, "H") && n_placeholders <= 1) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil2)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil2)); } else if (!stricmp(ph, "HW") && n_placeholders <= 2) { Query = new(g)STRING(g, strlen(Srcdef) + strlen(fil1) + strlen(fil2)); - Query->SetLength(sprintf(Query->GetStr(), Srcdef, fil2, fil1)); + Query->SetLength(snprintf(Query->GetStr(), Query->GetSize(), Srcdef, fil2, fil1)); } else { safe_strcpy(g->Message, sizeof(g->Message), "MakeSQL: Wrong place holders specification"); return true; diff -Nru mariadb-11.8.6/storage/connect/tabfix.cpp mariadb-11.8.8/storage/connect/tabfix.cpp --- mariadb-11.8.6/storage/connect/tabfix.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabfix.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -52,7 +52,13 @@ /* DB static variables. */ /***********************************************************************/ extern int num_read, num_there, num_eq[2]; // Statistics -char BINCOL::Endian = 'H'; +const char BINCOL::Endian = +#if defined(WORDS_BIGENDIAN) + 'B' +#else + 'L' +#endif + ; /***********************************************************************/ /* External function. */ @@ -448,20 +454,6 @@ } // end of BINCOL copy constructor /***********************************************************************/ -/* Set Endian according to the host setting. */ -/***********************************************************************/ -void BINCOL::SetEndian(void) - { - union { - short S; - char C[sizeof(short)]; - }; - - S = 1; - Endian = (C[0] == 1) ? 'L' : 'B'; - } // end of SetEndian - -/***********************************************************************/ /* ReadColumn: what this routine does is to access the last line */ /* read from the corresponding table and extract from it the field */ /* corresponding to this column. */ diff -Nru mariadb-11.8.6/storage/connect/tabfix.h mariadb-11.8.8/storage/connect/tabfix.h --- mariadb-11.8.6/storage/connect/tabfix.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabfix.h 2026-05-24 09:58:32.000000000 +0000 @@ -78,14 +78,11 @@ void ReadColumn(PGLOBAL g) override; void WriteColumn(PGLOBAL g) override; - // Static - static void SetEndian(void); - protected: BINCOL(void) = default; // Default constructor not to be used // Members - static char Endian; // The host endian setting (L or B) + static const char Endian; // The host endian setting (L or B) char *Buff; // Utility buffer char Eds; // The file endian setting char Fmt; // The converted value format diff -Nru mariadb-11.8.6/storage/connect/tabfmt.cpp mariadb-11.8.8/storage/connect/tabfmt.cpp --- mariadb-11.8.6/storage/connect/tabfmt.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabfmt.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -416,7 +416,7 @@ /*********************************************************************/ for (i = 0; i < imax; i++) { if (i >= hmax) { - sprintf(buf, "COL%.3d", i+1); + snprintf(buf, sizeof(buf), "COL%.3d", i+1); p = buf; } else p = colname[i]; diff -Nru mariadb-11.8.6/storage/connect/tabjdbc.cpp mariadb-11.8.8/storage/connect/tabjdbc.cpp --- mariadb-11.8.6/storage/connect/tabjdbc.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabjdbc.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -177,7 +177,7 @@ if (server->port) { char buf[16]; - sprintf(buf, "%ld", server->port); + snprintf(buf, sizeof(buf), "%ld", server->port); strcat(strcat(Url, ":"), buf); } // endif port diff -Nru mariadb-11.8.6/storage/connect/tabjson.cpp mariadb-11.8.8/storage/connect/tabjson.cpp --- mariadb-11.8.6/storage/connect/tabjson.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabjson.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -488,7 +488,7 @@ n = sizeof(fmt) - (strlen(fmt) + 1); if (!tdp->Xcol || stricmp(tdp->Xcol, key)) { - sprintf(buf, "%d", k); + snprintf(buf, sizeof(buf), "%d", k); if (tdp->Uri) { strncat(strncat(fmt, sep, n), buf, n - strlen(sep)); @@ -1804,7 +1804,7 @@ break; default: - snprintf(g->Message, sizeof(g->Message), "Unsupported column type %d\n", vp->GetType()); + snprintf(g->Message, sizeof(g->Message), "Unsupported column type %d", vp->GetType()); throw 888; } // endswitch Type diff -Nru mariadb-11.8.6/storage/connect/table.cpp mariadb-11.8.8/storage/connect/table.cpp --- mariadb-11.8.6/storage/connect/table.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/table.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -321,9 +321,9 @@ } // end of Printf -void TDB::Prints(PGLOBAL, char *ps, uint) +void TDB::Prints(PGLOBAL, char *ps, uint z) { - sprintf(ps, "R%d.%s", Tdb_No, Name); + snprintf(ps, z, "R%d.%s", Tdb_No, Name); } // end of Prints /* -------------------------- class TDBASE --------------------------- */ diff -Nru mariadb-11.8.6/storage/connect/tabmac.cpp mariadb-11.8.8/storage/connect/tabmac.cpp --- mariadb-11.8.6/storage/connect/tabmac.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabmac.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -111,8 +111,7 @@ else if (drc == ERROR_NOT_SUPPORTED) strcpy(g->Message, "GetAdaptersInfo is not supported"); else - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, GetLastError(), + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, g->Message, sizeof(g->Message), NULL); } // end of MakeErrorMsg @@ -159,7 +158,7 @@ } // endif drc if (drc != ERROR_SUCCESS) { - snprintf(g->Message, sizeof(g->Message), "GetNetworkParams failed. Rc=%08x\n", drc); + snprintf(g->Message, sizeof(g->Message), "GetNetworkParams failed. Rc=%08x", drc); return true; } // endif drc @@ -386,7 +385,7 @@ if (i) strcat(p++, "-"); - p += sprintf(p, "%.2X", adp->Address[i]); + p += snprintf(p, sizeof(buf) - (p - buf), "%.2X", adp->Address[i]); } // endfor i p = buf; @@ -401,7 +400,7 @@ case IF_LOOPBACK_ADAPTERTYPE: p = "Loop Back Adapter"; break; // case IF_SLIP_ADAPTERTYPE: p = "Generic Slip Adapter"; break; default: - sprintf(buf, "Other Adapter, type=%d", adp->Type); + snprintf(buf, sizeof(buf), "Other Adapter, type=%d", adp->Type); p = buf; } // endswitch Type #endif // 0 @@ -443,7 +442,7 @@ break; default: if (Buf_Type == TYPE_STRING) { - sprintf(buf, "Invalid flag value %d", Flag); + snprintf(buf, sizeof(buf), "Invalid flag value %d", Flag); p = buf; } else n = 0; diff -Nru mariadb-11.8.6/storage/connect/tabmul.cpp mariadb-11.8.8/storage/connect/tabmul.cpp --- mariadb-11.8.6/storage/connect/tabmul.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabmul.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -717,8 +717,7 @@ if (rc != ERROR_FILE_NOT_FOUND) { char buf[512]; - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, (LPTSTR)&buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), buf); return -1; @@ -957,7 +956,7 @@ SYSTEMTIME stp; if (FileTimeToSystemTime(&ftime, &stp)) { - sprintf(tsp, "%04d-%02d-%02d %02d:%02d:%02d", + snprintf(tsp, sizeof(tsp), "%04d-%02d-%02d %02d:%02d:%02d", stp.wYear, stp.wMonth, stp.wDay, stp.wHour, stp.wMinute, stp.wSecond); if (Value->GetType() != TYPE_STRING) { @@ -1060,8 +1059,7 @@ if (rc != ERROR_FILE_NOT_FOUND) { char buf[512]; - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, (LPTSTR)&buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), buf); return -1; @@ -1102,8 +1100,7 @@ if (rc != ERROR_FILE_NOT_FOUND) { char buf[512]; - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, GetLastError(), 0, (LPTSTR)&buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), buf); return -1; @@ -1412,9 +1409,7 @@ n = 0; break; default: - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)&filename, sizeof(filename), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), filename); } // endswitch rc @@ -1504,9 +1499,7 @@ rc = RC_EF; break; default: - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, - NULL, erc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, erc, 0, (LPTSTR)&filename, sizeof(filename), NULL); snprintf(g->Message, sizeof(g->Message), MSG(BAD_FILE_HANDLE), filename); rc = RC_FX; diff -Nru mariadb-11.8.6/storage/connect/tabodbc.cpp mariadb-11.8.8/storage/connect/tabodbc.cpp --- mariadb-11.8.6/storage/connect/tabodbc.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabodbc.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -286,7 +286,7 @@ } // endif n // Make the complete connect string - sprintf(Connect, MulConn, fn); + snprintf(Connect, BufSize, MulConn, fn); } // endif MultConn DBQ = PlugDup(g, fn); diff -Nru mariadb-11.8.6/storage/connect/tabpivot.cpp mariadb-11.8.8/storage/connect/tabpivot.cpp --- mariadb-11.8.6/storage/connect/tabpivot.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabpivot.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -243,8 +243,9 @@ // if (Myc.ExecSQL(g, "SET character_set_results=NULL", &w) == RC_FX) // goto err; + size_t query_size = strlen(Picol) + strlen(Tabname) + 30; query = (char*)PlugSubAlloc(g, NULL, 0); - sprintf(query, "SELECT DISTINCT `%s` FROM `%s`", Picol, Tabname); + snprintf(query, query_size, "SELECT DISTINCT `%s` FROM `%s`", Picol, Tabname); PlugSubAlloc(g, NULL, strlen(query) + 1); Myc.FreeResult(); diff -Nru mariadb-11.8.6/storage/connect/tabrest.cpp mariadb-11.8.8/storage/connect/tabrest.cpp --- mariadb-11.8.6/storage/connect/tabrest.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabrest.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -68,31 +68,16 @@ } else my_snprintf(buf, sizeof(buf)-1, "%s", Http); -#if defined(_WIN32) - char cmd[1024]; - STARTUPINFO si; - PROCESS_INFORMATION pi; - - sprintf(cmd, "curl \"%s\" -o \"%s\"", buf, filename); - - ZeroMemory(&si, sizeof(si)); - si.cb = sizeof(si); - ZeroMemory(&pi, sizeof(pi)); + char fn[600]; + snprintf(fn, sizeof(fn), "-o%s", filename); +#if defined(_WIN32) // Start the child process. - if (CreateProcess(NULL, cmd, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi)) { - // Wait until child process exits. - WaitForSingleObject(pi.hProcess, INFINITE); - - // Close process and thread handles. - CloseHandle(pi.hProcess); - CloseHandle(pi.hThread); - } else { - snprintf(g->Message, sizeof(g->Message), "CreateProcess curl failed (%d)", GetLastError()); + if (_spawnlp(_P_WAIT, "curl", "curl", buf, fn, NULL)) { + my_snprintf(g->Message, sizeof(g->Message), "spawn curl failed (%M)", errno); rc = 1; - } // endif CreateProcess + } // endif _spawnlp #else // !_WIN32 - char fn[600]; pid_t pID; // Check if curl package is availabe by executing subprocess @@ -118,7 +103,6 @@ #else pID = fork(); #endif - sprintf(fn, "-o%s", filename); if (pID == 0) { // Code executed by child process @@ -161,8 +145,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(DLL_LOAD_ERROR), rc, soname); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); strcat(strcat(g->Message, ": "), buf); return NULL; @@ -174,8 +157,7 @@ DWORD rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(PROCADD_ERROR), rc, "restGetFile"); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)buf, sizeof(buf), NULL); strcat(strcat(g->Message, ": "), buf); FreeLibrary((HMODULE)Hdll); diff -Nru mariadb-11.8.6/storage/connect/tabsys.cpp mariadb-11.8.8/storage/connect/tabsys.cpp --- mariadb-11.8.6/storage/connect/tabsys.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabsys.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -633,11 +633,11 @@ union { short X[2]; // Section and Key offsets int Xpos; // File position - }; // end of union + } d; // end of union - X[0] = (short)(Section - Seclist); - X[1] = (short)(Keycur - Keylist); - return Xpos; + d.X[0] = (short)(Section - Seclist); + d.X[1] = (short)(Keycur - Keylist); + return d.Xpos; } // end of GetRecpos /***********************************************************************/ @@ -648,16 +648,16 @@ union { short X[2]; // Section and Key offsets int Xpos; // File position - }; // end of union + } d; // end of union - Xpos = recpos; + d.Xpos = recpos; - if (X[0] != Oldsec) { - Section = Seclist + X[0]; - Keycur = GetKeylist(g, Section) + X[1]; - Oldsec = X[0]; + if (d.X[0] != Oldsec) { + Section = Seclist + d.X[0]; + Keycur = GetKeylist(g, Section) + d.X[1]; + Oldsec = d.X[0]; } else - Keycur = Keylist + X[1]; + Keycur = Keylist + d.X[1]; return false; } // end of SetRecpos diff -Nru mariadb-11.8.6/storage/connect/tabutil.cpp mariadb-11.8.8/storage/connect/tabutil.cpp --- mariadb-11.8.6/storage/connect/tabutil.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabutil.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -86,12 +86,12 @@ uint k; TABLE_SHARE *s; - k = sprintf(key, "%s", db) + 1; - k += sprintf(key + k, "%s", name); + k = snprintf(key, sizeof(key), "%s", db) + 1; + k += snprintf(key + k, sizeof(key) - k, "%s", name); key[++k] = 0; if (!(s = alloc_table_share(db, name, key, ++k))) { - strcpy(g->Message, "Error allocating share\n"); + strcpy(g->Message, "Error allocating share"); return NULL; } // endif s @@ -109,7 +109,7 @@ if (thd->is_error()) thd->clear_error(); // Avoid stopping info commands - snprintf(g->Message, sizeof(g->Message), "Error %d opening share\n", s->error); + snprintf(g->Message, sizeof(g->Message), "Error %d opening share", s->error); free_table_share(s); return NULL; } // endif open_table_def diff -Nru mariadb-11.8.6/storage/connect/tabvct.cpp mariadb-11.8.8/storage/connect/tabvct.cpp --- mariadb-11.8.6/storage/connect/tabvct.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabvct.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -143,7 +143,7 @@ MakeFnPattern(fpat); for (i = 1, cdp = To_Cols; cdp; i++, cdp = cdp->GetNext()) { - sprintf(filename, fpat, i); + snprintf(filename, _MAX_PATH, fpat, i); //#if defined(_WIN32) // rc |= !DeleteFile(filename); //#else // UNIX @@ -189,7 +189,7 @@ for (n = 1, m = ncol; m /= 10; n++) ; - sprintf(pat, "%%0%dd", n); + snprintf(pat, sizeof(pat), "%%0%dd", n); _splitpath(Fn, drive, direc, fname, ftype); strcat(fname, pat); _makepath(fpat, drive, direc, fname, ftype); diff -Nru mariadb-11.8.6/storage/connect/tabwmi.cpp mariadb-11.8.8/storage/connect/tabwmi.cpp --- mariadb-11.8.6/storage/connect/tabwmi.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabwmi.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -120,7 +120,7 @@ res = wp->Svc->GetObject(bstr_t(p), 0, 0, &wp->Cobj, 0); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed GetObject %s in %s\n", classname, nsp); + snprintf(g->Message, sizeof(g->Message), "failed GetObject %s in %s", classname, nsp); wp->Svc->Release(); wp->Svc = NULL; // MUST be set to NULL (why?) return NULL; @@ -165,12 +165,12 @@ res = wp->Cobj->Get(bstr_t("__Property_Count"), 0, &val, NULL, NULL); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed Get(__Property_Count) res=%d\n", res); + snprintf(g->Message, sizeof(g->Message), "failed Get(__Property_Count) res=%d", res); goto err; } // endif res if (!(n = val.lVal)) { - snprintf(g->Message, sizeof(g->Message), "Class %s in %s has no properties\n", + snprintf(g->Message, sizeof(g->Message), "Class %s in %s has no properties", cls, nsp); goto err; } // endif res @@ -183,7 +183,7 @@ NULL, &prnlist); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed GetNames res=%d\n", res); + snprintf(g->Message, sizeof(g->Message), "failed GetNames res=%d", res); goto err; } // endif res @@ -195,7 +195,7 @@ res = SafeArrayGetElement(prnlist, &i, &propname); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed GetArrayElement res=%d\n", res); + snprintf(g->Message, sizeof(g->Message), "failed GetArrayElement res=%d", res); goto err; } // endif res @@ -222,7 +222,7 @@ res = wp->Cobj->BeginEnumeration(WBEM_FLAG_NONSYSTEM_ONLY); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed BeginEnumeration hr=%d\n", res); + snprintf(g->Message, sizeof(g->Message), "failed BeginEnumeration hr=%d", res); qrp = NULL; goto err; } // endif hr @@ -231,7 +231,7 @@ res = wp->Cobj->Next(0, &propname, &val, &type, NULL); if (FAILED(res)) { - snprintf(g->Message, sizeof(g->Message), "failed getting Next hr=%d\n", res); + snprintf(g->Message, sizeof(g->Message), "failed getting Next hr=%d", res); qrp = NULL; goto err; } else if (res == WBEM_S_NO_MORE_DATA) { diff -Nru mariadb-11.8.6/storage/connect/tabxml.cpp mariadb-11.8.8/storage/connect/tabxml.cpp --- mariadb-11.8.6/storage/connect/tabxml.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabxml.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -1131,11 +1131,11 @@ union { uint Rpos; BYTE Spos[4]; - }; + } d; - Rpos = htonl(Irow); - Spos[0] = (BYTE)Nsub; - return Rpos; + d.Rpos = htonl(Irow); + d.Spos[0] = (BYTE)Nsub; + return d.Rpos; } // end of GetRecpos /***********************************************************************/ @@ -1210,7 +1210,7 @@ union { uint Rpos; BYTE Spos[4]; - }; + } d; int recpos = To_Kindex->Fetch(g); @@ -1220,15 +1220,14 @@ case -2: // No match for join return RC_NF; case -3: // Same record as last non null one - same = true; return RC_OK; default: - Rpos = recpos; - Nsub = Spos[0]; - Spos[0] = 0; + d.Rpos = recpos; + Nsub = d.Spos[0]; + d.Spos[0] = 0; - if (Irow != (signed)ntohl(Rpos)) { - Irow = ntohl(Rpos); + if (Irow != (signed)ntohl(d.Rpos)) { + Irow = ntohl(d.Rpos); same = false; } else same = true; diff -Nru mariadb-11.8.6/storage/connect/tabzip.cpp mariadb-11.8.8/storage/connect/tabzip.cpp --- mariadb-11.8.6/storage/connect/tabzip.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/tabzip.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -226,10 +226,10 @@ { switch (flag) { case 1: - Value->SetValue(Tdbz->finfo.compressed_size); + Value->SetValue((ulonglong)Tdbz->finfo.compressed_size); break; case 2: - Value->SetValue(Tdbz->finfo.uncompressed_size); + Value->SetValue((ulonglong)Tdbz->finfo.uncompressed_size); break; case 3: Value->SetValue((int)Tdbz->finfo.compression_method); diff -Nru mariadb-11.8.6/storage/connect/unzip.c mariadb-11.8.8/storage/connect/unzip.c --- mariadb-11.8.6/storage/connect/unzip.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/unzip.c 2026-05-24 09:58:32.000000000 +0000 @@ -1,14 +1,13 @@ /* unzip.c -- IO for uncompress .zip files using zlib - Version 1.1, February 14h, 2010 - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications of Unzip for Zip64 Copyright (C) 2007-2008 Even Rouault Modifications for Zip64 support on both zip and unzip - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt @@ -72,6 +71,9 @@ #define NOUNCRYPT #endif +#ifdef ZLIB_DLL +# undef ZLIB_DLL +#endif #include "zlib.h" #include "unzip.h" @@ -94,7 +96,7 @@ #ifndef CASESENSITIVITYDEFAULT_NO -# if !defined(unix) && !defined(CASESENSITIVITYDEFAULT_YES) +# if (!defined(__unix__) && !defined(__unix) || defined(__CYGWIN__)) && !defined(CASESENSITIVITYDEFAULT_YES) # define CASESENSITIVITYDEFAULT_NO # endif #endif @@ -120,7 +122,7 @@ const char unz_copyright[] = - " unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll"; + " unzip 1.01 Copyright 1998-2004 Gilles Vollant - https://www.winimage.com/zLibDll/minizip.html"; /* unz_file_info64_internal contain internal info about a file in zipfile*/ typedef struct unz_file_info64_internal_s @@ -782,6 +784,7 @@ { zlib_filefunc64_32_def zlib_filefunc64_32_def_fill; zlib_filefunc64_32_def_fill.zfile_func64 = *pzlib_filefunc_def; + zlib_filefunc64_32_def_fill.zopen32_file = NULL; zlib_filefunc64_32_def_fill.ztell32_file = NULL; zlib_filefunc64_32_def_fill.zseek32_file = NULL; return unzOpenInternal(path, &zlib_filefunc64_32_def_fill, 1); @@ -959,7 +962,7 @@ if (unz64local_getLong(&s->z_filefunc, s->filestream,&file_info.external_fa) != UNZ_OK) err=UNZ_ERRNO; - // relative offset of local header + /* relative offset of local header */ if (unz64local_getLong(&s->z_filefunc, s->filestream,&uL) != UNZ_OK) err=UNZ_ERRNO; file_info_internal.offset_curfile = uL; @@ -982,7 +985,7 @@ lSeek -= uSizeRead; } - // Read extrafield + /* Read extrafield */ if ((err==UNZ_OK) && (extraField!=NULL)) { ZPOS64_T uSizeRead ; @@ -1013,7 +1016,7 @@ { uLong acc = 0; - // since lSeek now points to after the extra field we need to move back + /* since lSeek now points to after the extra field we need to move back */ lSeek -= file_info.size_file_extra; if (lSeek!=0) @@ -1661,10 +1664,10 @@ file_in_zip64_read_info_s* pfile_in_zip_read_info; s=(unz64_s*)file; if (file==NULL) - return 0; //UNZ_PARAMERROR; + return 0; /* UNZ_PARAMERROR; */ pfile_in_zip_read_info=s->pfile_in_zip_read; if (pfile_in_zip_read_info==NULL) - return 0; //UNZ_PARAMERROR; + return 0; /* UNZ_PARAMERROR; */ return pfile_in_zip_read_info->pos_in_zipfile + pfile_in_zip_read_info->byte_before_the_zipfile; } @@ -1746,7 +1749,7 @@ uInt i; for(i=0;iread_buffer[i] = - zdecode(s->keys,s->pcrc_32_tab, + (char)zdecode(s->keys,s->pcrc_32_tab, pfile_in_zip_read_info->read_buffer[i]); } # endif @@ -1834,7 +1837,7 @@ if (err!=BZ_OK) break; #endif - } // end Z_BZIP2ED + } /* end Z_BZIP2ED */ else { ZPOS64_T uTotalOutBefore,uTotalOutAfter; @@ -2081,7 +2084,7 @@ unz64_s* s; if (file==NULL) - return 0; //UNZ_PARAMERROR; + return 0; /* UNZ_PARAMERROR; */ s=(unz64_s*)file; if (!s->current_file_ok) return 0; @@ -2096,7 +2099,7 @@ ZPOS64_T offset64; if (file==NULL) - return 0; //UNZ_PARAMERROR; + return 0; /* UNZ_PARAMERROR; */ offset64 = unzGetOffset64(file); return (uLong)offset64; } diff -Nru mariadb-11.8.6/storage/connect/unzip.h mariadb-11.8.8/storage/connect/unzip.h --- mariadb-11.8.6/storage/connect/unzip.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/unzip.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,14 +1,13 @@ /* unzip.h -- IO for uncompress .zip files using zlib - Version 1.1, February 14h, 2010 - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications of Unzip for Zip64 Copyright (C) 2007-2008 Even Rouault Modifications for Zip64 support on both zip and unzip - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt @@ -70,6 +69,8 @@ typedef voidp unzFile; #endif +extern const char unz_copyright[]; + #define UNZ_OK (0) #define UNZ_END_OF_LIST_OF_FILE (-100) @@ -313,6 +314,10 @@ This is the Central-header version of the extra field if szComment!=NULL, the comment string of the file will be copied in szComment (commentBufferSize is the size of the buffer) + The file name and comment will be zero-terminated if there is room in the + provided buffer. Otherwise the buffer will contain as much as will fit. If at + least 65537 bytes of room is provided, then the result will always be + complete and zero-terminated. */ diff -Nru mariadb-11.8.6/storage/connect/valblk.cpp mariadb-11.8.8/storage/connect/valblk.cpp --- mariadb-11.8.6/storage/connect/valblk.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/valblk.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -268,14 +268,14 @@ template char *TYPBLK::GetCharString(char *p, int n) { - sprintf(p, Fmt, UnalignedRead(n)); + snprintf(p, 32, Fmt, UnalignedRead(n)); return p; } // end of GetCharString template <> char *TYPBLK::GetCharString(char *p, int n) { - sprintf(p, Fmt, Prec, UnalignedRead(n)); + snprintf(p, 32, Fmt, Prec, UnalignedRead(n)); return p; } // end of GetCharString diff -Nru mariadb-11.8.6/storage/connect/value.cpp mariadb-11.8.8/storage/connect/value.cpp --- mariadb-11.8.6/storage/connect/value.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/value.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -902,7 +902,7 @@ template char *TYPVAL::GetCharString(char *p) { - sprintf(p, Fmt, Tval); + snprintf(p, 32, Fmt, Tval); return p; } // end of GetCharString @@ -921,7 +921,7 @@ template char *TYPVAL::GetShortString(char *p, int n) { - sprintf(p, "%*hd", n, (short)Tval); + snprintf(p, 32, "%*hd", n, (short)Tval); return p; } // end of GetShortString @@ -931,7 +931,7 @@ template char *TYPVAL::GetIntString(char *p, int n) { - sprintf(p, "%*d", n, (int)Tval); + snprintf(p, 32, "%*d", n, (int)Tval); return p; } // end of GetIntString @@ -941,7 +941,7 @@ template char *TYPVAL::GetBigintString(char *p, int n) { - sprintf(p, "%*lld", n, (longlong)Tval); + snprintf(p, 32, "%*lld", n, (longlong)Tval); return p; } // end of GetBigintString @@ -951,7 +951,7 @@ template char *TYPVAL::GetFloatString(char *p, int n, int prec) { - sprintf(p, "%*.*lf", n, (prec < 0) ? 2 : prec, (double)Tval); + snprintf(p, 32, "%*.*lf", n, (prec < 0) ? 2 : prec, (double)Tval); return p; } // end of GetFloatString @@ -961,7 +961,7 @@ template char *TYPVAL::GetTinyString(char *p, int n) { - sprintf(p, "%*d", n, (int)(char)Tval); + snprintf(p, 32, "%*d", n, (int)(char)Tval); return p; } // end of GetIntString #endif // 0 @@ -1210,7 +1210,7 @@ // This function is wrong and should never be called assert(false); char *buf = (char*)vp->GetTo_Val(); // Not big enough - int n = sprintf(buf, fmt, Tval); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Tval); return (n > vp->GetValLen()); } // end of FormatValue @@ -1224,7 +1224,7 @@ char c[32]; fmt.Type[0] = *GetFormatType(Type); - fmt.Length = sprintf(c, Fmt, Tval); + fmt.Length = snprintf(c, sizeof(c), Fmt, Tval); fmt.Prec = Prec; return false; } // end of SetConstFormat @@ -1434,7 +1434,7 @@ { char buf[16]; PGLOBAL& g = Global; - int k = sprintf(buf, "%d", n); + int k = snprintf(buf, sizeof(buf), "%d", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1452,7 +1452,7 @@ { char buf[16]; PGLOBAL& g = Global; - int k = sprintf(buf, "%u", n); + int k = snprintf(buf, sizeof(buf), "%u", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1488,7 +1488,7 @@ { char buf[24]; PGLOBAL& g = Global; - int k = sprintf(buf, "%lld", n); + int k = snprintf(buf, sizeof(buf), "%lld", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1506,7 +1506,7 @@ { char buf[24]; PGLOBAL& g = Global; - int k = sprintf(buf, "%llu", n); + int k = snprintf(buf, sizeof(buf), "%llu", n); if (k > Len) { snprintf(g->Message, sizeof(g->Message), MSG(VALSTR_TOO_LONG), buf, Len); @@ -1524,7 +1524,7 @@ { char *p, buf[64]; PGLOBAL& g = Global; - int k = sprintf(buf, "%lf", f); + int k = snprintf(buf, sizeof(buf), "%lf", f); for (p = buf + k - 1; p >= buf; p--) if (*p == '0') { @@ -1719,7 +1719,7 @@ bool TYPVAL::FormatValue(PVAL vp, PCSZ fmt) { char *buf = (char*)vp->GetTo_Val(); // Should be big enough - int n = sprintf(buf, fmt, Strp); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Strp); return (n > vp->GetValLen()); } // end of FormatValue @@ -2297,7 +2297,7 @@ if (!Chrp) Chrp = (char*)PlugSubAlloc(Global, NULL, Clen * 2 + 1); - sprintf(Chrp, GetXfmt(), Len, Binp); + snprintf(Chrp, Clen * 2 + 1, GetXfmt(), Len, Binp); return Chrp; } // end of GetCharString @@ -2333,7 +2333,7 @@ bool BINVAL::FormatValue(PVAL vp, PCSZ fmt) { char *buf = (char*)vp->GetTo_Val(); // Should be big enough - int n = sprintf(buf, fmt, Len, Binp); + int n = snprintf(buf, vp->GetValLen() + 1, fmt, Len, Binp); return (n > vp->GetValLen()); } // end of FormatValue @@ -2775,7 +2775,7 @@ return Sdate; } else - sprintf(p, "%lld", (longlong) Tval); + snprintf(p, 32, "%lld", (longlong) Tval); //Null = false; ?????????????? return p; diff -Nru mariadb-11.8.6/storage/connect/xindex.cpp mariadb-11.8.8/storage/connect/xindex.cpp --- mariadb-11.8.6/storage/connect/xindex.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/xindex.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -434,7 +434,7 @@ /* Get the starting information for progress. */ /*********************************************************************/ dup->Step = (char*)PlugSubAlloc(g, NULL, 128); - sprintf((char*)dup->Step, MSG(BUILD_INDEX), Xdp->GetName(), Tdbp->Name); + snprintf((char*)dup->Step, 128, MSG(BUILD_INDEX), Xdp->GetName(), Tdbp->Name); dup->ProgMax = Tdbp->GetProgMax(g); dup->ProgCur = 0; #endif // 0 @@ -2562,8 +2562,7 @@ if (Hfile == INVALID_HANDLE_VALUE) { rc = GetLastError(); snprintf(g->Message, sizeof(g->Message), MSG(OPEN_ERROR), rc, mode, filename); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, rc, 0, (LPTSTR)filename, sizeof(filename), NULL); strcat(g->Message, filename); return true; @@ -2756,8 +2755,7 @@ char buf[256]; DWORD drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)buf, sizeof(buf), NULL); snprintf(g->Message, sizeof(g->Message), MSG(READ_ERROR), "index file", buf); rc = true; @@ -2796,8 +2794,7 @@ char msg[256]; DWORD drc = GetLastError(); - FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | - FORMAT_MESSAGE_IGNORE_INSERTS, NULL, drc, 0, + FormatMessage(FORMAT_MESSAGE_FLAGS, NULL, drc, 0, (LPTSTR)msg, sizeof(msg), NULL); snprintf(g->Message, sizeof(g->Message), MSG(WRITING_ERROR), "index file", msg); rc = true; diff -Nru mariadb-11.8.6/storage/connect/xobject.cpp mariadb-11.8.8/storage/connect/xobject.cpp --- mariadb-11.8.6/storage/connect/xobject.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/xobject.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -141,25 +141,27 @@ /***********************************************************************/ bool CONSTANT::Rephrase(PGLOBAL g, PSZ work) { + size_t cur_len = strlen(work); + switch (Value->GetType()) { case TYPE_STRING: - sprintf(work + strlen(work), "'%s'", Value->GetCharValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "'%s'", Value->GetCharValue()); break; case TYPE_SHORT: - sprintf(work + strlen(work), "%hd", Value->GetShortValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%hd", Value->GetShortValue()); break; case TYPE_INT: case TYPE_DATE: - sprintf(work + strlen(work), "%d", Value->GetIntValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%d", Value->GetIntValue()); break; case TYPE_DOUBLE: - sprintf(work + strlen(work), "%lf", Value->GetFloatValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%lf", Value->GetFloatValue()); break; case TYPE_BIGINT: - sprintf(work + strlen(work), "%lld", Value->GetBigintValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%lld", Value->GetBigintValue()); break; case TYPE_TINY: - sprintf(work + strlen(work), "%d", Value->GetTinyValue()); + snprintf(work + cur_len, MAX_STR - cur_len, "%d", Value->GetTinyValue()); break; default: snprintf(g->Message, sizeof(g->Message), MSG(BAD_CONST_TYPE), Value->GetType()); diff -Nru mariadb-11.8.6/storage/connect/zip.c mariadb-11.8.8/storage/connect/zip.c --- mariadb-11.8.6/storage/connect/zip.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/zip.c 2026-05-24 09:58:32.000000000 +0000 @@ -1,11 +1,10 @@ /* zip.c -- IO on .zip files using zlib - Version 1.1, February 14h, 2010 - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt @@ -25,8 +24,13 @@ #include #include #include -#include #include +#ifndef ZLIB_CONST +# define ZLIB_CONST +#endif +#ifdef ZLIB_DLL +# undef ZLIB_DLL +#endif #include "zlib.h" #include "zip.h" @@ -50,7 +54,7 @@ #endif #ifndef Z_BUFSIZE -#define Z_BUFSIZE (64*1024) //(16384) +#define Z_BUFSIZE (64*1024) /* (16384) */ #endif #ifndef Z_MAXFILENAMEINZIP @@ -69,7 +73,7 @@ /* I've found an old Unix (a SunOS 4.1.3_U1) without all SEEK_* defined.... */ -// NOT sure that this work on ALL platform +/* NOT sure that this work on ALL platform */ #define MAKEULONG64(a, b) ((ZPOS64_T)(((unsigned long)(a)) | ((ZPOS64_T)((unsigned long)(b))) << 32)) #ifndef SEEK_CUR @@ -91,7 +95,7 @@ # define DEF_MEM_LEVEL MAX_MEM_LEVEL #endif #endif -const char zip_copyright[] =" zip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll"; +const char zip_copyright[] =" zip 1.01 Copyright 1998-2004 Gilles Vollant - https://www.winimage.com/zLibDll/minizip.html"; #define SIZEDATA_INDATABLOCK (4096-(4*4)) @@ -123,6 +127,19 @@ } linkedlist_data; +/* zipAlreadyThere() set functions for a set of zero-terminated strings, and +// a block_t type for reading the central directory datablocks. */ +typedef char *set_key_t; +#define set_cmp(a, b) strcmp(a, b) +#define set_drop(s, k) set_free(s, k) +#include "skipset.h" +typedef struct { + unsigned char *next; /* next byte in datablock data */ + size_t left; /* number of bytes left in data (at least) */ + linkedlist_datablock_internal *node; /* current datablock */ +} block_t; + + typedef struct { z_stream stream; /* zLib stream structure for inflate */ @@ -174,6 +191,10 @@ char *globalcomment; #endif + /* Support for zipAlreadyThere(). */ + set_t set; /* set for detecting name collisions */ + block_t block; /* block for reading the central directory */ + } zip64_internal; @@ -264,6 +285,229 @@ return ZIP_OK; } +/* zipAlreadyThere() operations. "set" in the zip internal structure keeps the +// set of names that are in the under-construction central directory so far. A +// skipset provides ~O(log n) time insertion and searching. Central directory +// records, stored in a linked list of allocated memory datablocks, is read +// through "block" in the zip internal structure. + +// The block_*() functions support extracting the central directory file names +// from the datablocks. They are designed to support a growing directory by +// automatically continuing once more data has been appended to the linked +// datablocks. + +// Initialize *block to the head of list. This should only be called once the +// list has at least some data in it, i.e. list->first_block is not NULL. */ +local void block_init(block_t *block, linkedlist_data *list) { + block->node = list->first_block; + block->next = block->node->data; + block->left = block->node->filled_in_this_block; +} + +/* Mark *block as bad, with all subsequent reads returning end, even if more +// data is added to the datablocks. This is invoked if the central directory is +// invalid, so there is no longer any point in attempting to interpret it. */ +local void block_stop(block_t *block) { + block->left = 0; + block->next = NULL; +} + +/* Return true if *block has reached the end of the data in the datablocks. */ +local int block_end(block_t *block) { + linkedlist_datablock_internal *node = block->node; + if (node == NULL) + /* This block was previously terminated with extreme prejudice. */ + return 1; + if (block->next < node->data + node->filled_in_this_block) + /* There are more bytes to read in the current datablock. */ + return 0; + while (node->next_datablock != NULL) { + if (node->filled_in_this_block != 0) + /* There are some bytes in a later datablock. */ + return 0; + node = node->next_datablock; + } + /* Reached the end of the list of datablocks. There's nothing. */ + return 1; +} + +/* Return one byte from *block, or -1 if the end is reached. */ +local int block_get(block_t *block) { + while (block->left == 0) { + if (block->node == NULL) + /* We've been marked bad. Return end. */ + return -1; + /* Update left in case more was filled in since we were last here. */ + block->left = block->node->filled_in_this_block - + (size_t)(block->next - block->node->data); + if (block->left != 0) + /* There was indeed more data appended in the current datablock. */ + break; + if (block->node->next_datablock == NULL) + /* No more data here, and there is no next datablock. At the end. */ + return -1; + /* Try the next datablock for more data. */ + block->node = block->node->next_datablock; + block->next = block->node->data; + block->left = block->node->filled_in_this_block; + } + /* We have a byte to return. */ + block->left--; + return *block->next++; +} + +/* Return a 16-bit unsigned little-endian value from block, or a negative value +// if the end is reached. */ +local long block_get2(block_t *block) { + int low = block_get(block); + int high = block_get(block); + return low < 0 || high < 0 ? -1 : low | ((long)high << 8); +} + +/* Read up to len bytes from block into buf. Return the number of bytes read. */ +local size_t block_read(block_t *block, unsigned char *buf, size_t len) { + size_t need = len; + while (need) { + if (block->left == 0) { + /* Get a byte to update and step through the linked list as needed. */ + int got = block_get(block); + if (got == -1) + /* Reached the end. */ + break; + *buf++ = (unsigned char)got; + need--; + continue; + } + size_t take = need > block->left ? block->left : need; + memcpy(buf, block->next, take); + block->next += take; + block->left -= take; + buf += take; + need -= take; + } + return len - need; /* return the number of bytes copied */ +} + +/* Skip n bytes in block. Return 0 on success or -1 if there are less than n +// bytes to the end. */ +local int block_skip(block_t *block, size_t n) { + while (n > block->left) { + n -= block->left; + block->next += block->left; + block->left = 0; + if (block_get(block) == -1) + return -1; + n--; + } + block->next += n; + block->left -= n; + return 0; +} + +/* Process the next central directory record at *block. Return the allocated, +// zero-terminated file name, or NULL for end of input or invalid data. If +// invalid, *block is marked bad. This uses *set for the allocation of memory. */ +local char *block_central_name(block_t *block, set_t *set) { + char *name = NULL; + for (;;) { + if (block_end(block)) + /* At the end of the central directory (so far). */ + return NULL; + + /* Check for a central directory record signature. */ + if (block_get2(block) != (CENTRALHEADERMAGIC & 0xffff) || + block_get2(block) != (CENTRALHEADERMAGIC >> 16)) + /* Incorrect signature. */ + break; + + /* Go through the remaining fixed-length portion of the record, + // extracting the lengths of the three variable-length fields. */ + block_skip(block, 24); + unsigned flen = (unsigned)block_get2(block); /* file name length */ + unsigned xlen = (unsigned)block_get2(block); /* extra length */ + unsigned clen = (unsigned)block_get2(block); /* comment length */ + if (block_skip(block, 12) == -1) + /* Premature end of the record. */ + break; + + /* Extract the name and skip over the extra and comment fields. */ + name = set_alloc(set, NULL, flen + 1); + if (block_read(block, (unsigned char *)name, flen) < flen || + block_skip(block, xlen + clen) == -1) + /* Premature end of the record. */ + break; + + /* Check for embedded nuls in the name. */ + if (memchr(name, 0, flen) != NULL) { + /* This name can never match the zero-terminated name provided to + // zipAlreadyThere(), so we discard it and go back to get another + // name. (Who the heck is putting nuls inside their zip file entry + // names anyway?) */ + set_free(set, name); + continue; + } + + /* All good. Return the zero-terminated file name. */ + name[flen] = 0; + return name; + } + + /* Invalid signature or premature end of the central directory record. + // Abandon trying to process the central directory. */ + set_free(set, name); + block_stop(block); + return NULL; +} + +/* Return 0 if name is not in the central directory so far, 1 if it is, -1 if +// the central directory is invalid, -2 if out of memory, or ZIP_PARAMERROR if +// file is NULL. */ +extern int ZEXPORT zipAlreadyThere(zipFile file, char const *name) { + zip64_internal *zip = file; + if (zip == NULL) + return ZIP_PARAMERROR; + if (zip->central_dir.first_block == NULL) + /* No central directory yet, so no, name isn't there. */ + return 0; + if (setjmp(zip->set.env)) { + /* Memory allocation failure. */ + set_end(&zip->set); + return -2; + } + if (!set_ok(&zip->set)) { + /* This is the first time here with some central directory content. We + // construct this set of names only on demand. Prepare set and block. */ + set_start(&zip->set); + block_init(&zip->block, &zip->central_dir); + } + + /* Update the set of names from the current central directory contents. + // This reads any new central directory records since the last time we were + // here. */ + for (;;) { + char *there = block_central_name(&zip->block, &zip->set); + if (there == NULL) { + if (zip->block.next == NULL) + /* The central directory is invalid. */ + return -1; + break; + } + + /* Add there to the set. */ + if (set_insert(&zip->set, there)) + /* There's already a duplicate in the central directory! We'll just + // let this be and carry on. */ + set_free(&zip->set, there); + } + + /* Return true if name is in the central directory. */ + size_t len = strlen(name); + char *copy = set_alloc(&zip->set, NULL, len + 1); + memcpy(copy, name, len + 1); + int found = set_found(&zip->set, copy); + set_free(&zip->set, copy); + return found; +} /****************************************************************************/ @@ -551,7 +795,7 @@ for (i=(int)uReadSize-3; (i--)>0;) { - // Signature "0x07064b50" Zip64 end of central directory locater + /* Signature "0x07064b50" Zip64 end of central directory locator */ if (((*(buf+i))==0x50) && ((*(buf+i+1))==0x4b) && ((*(buf+i+2))==0x06) && ((*(buf+i+3))==0x07)) { uPosFound = uReadPos+(unsigned)i; @@ -599,7 +843,7 @@ if (zip64local_getLong(pzlib_filefunc_def,filestream,&uL)!=ZIP_OK) return 0; - if (uL != 0x06064b50) // signature of 'Zip64 end of central directory' + if (uL != 0x06064b50) /* signature of 'Zip64 end of central directory' */ return 0; return relativeOffset; @@ -628,7 +872,7 @@ int hasZIP64Record = 0; - // check first if we find a ZIP64 record + /* check first if we find a ZIP64 record */ central_pos = zip64local_SearchCentralDir64(&pziinit->z_filefunc,pziinit->filestream); if(central_pos > 0) { @@ -694,13 +938,13 @@ if (zip64local_getLong64(&pziinit->z_filefunc, pziinit->filestream,&offset_central_dir)!=ZIP_OK) err=ZIP_ERRNO; - // TODO.. - // read the comment from the standard central header. + /* TODO.. + // read the comment from the standard central header. */ size_comment = 0; } else { - // Read End of central Directory info + /* Read End of central Directory info */ if (ZSEEK64(pziinit->z_filefunc, pziinit->filestream, central_pos,ZLIB_FILEFUNC_SEEK_SET)!=0) err=ZIP_ERRNO; @@ -848,13 +1092,14 @@ zi->number_entry = 0; zi->add_position_when_writing_offset = 0; init_linkedlist(&(zi->central_dir)); + memset(&(zi->set), 0, sizeof(set_t)); /* make sure set appears dormant */ /* now we add file in a zipfile */ # ifndef NO_ADDFILEINEXISTINGZIP zi->globalcomment = NULL; if (append == APPEND_STATUS_ADDINZIP) { - // Read and Cache Central Directory Records + /* Read and Cache Central Directory Records */ err = LoadCentralDirectoryRecord(zi); } @@ -894,6 +1139,7 @@ { zlib_filefunc64_32_def zlib_filefunc64_32_def_fill; zlib_filefunc64_32_def_fill.zfile_func64 = *pzlib_filefunc_def; + zlib_filefunc64_32_def_fill.zopen32_file = NULL; zlib_filefunc64_32_def_fill.ztell32_file = NULL; zlib_filefunc64_32_def_fill.zseek32_file = NULL; return zipOpen3(pathname, append, globalcomment, &zlib_filefunc64_32_def_fill); @@ -937,7 +1183,7 @@ if (err==ZIP_OK) err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->ci.dosDate,4); - // CRC / Compressed size / Uncompressed size will be filled in later and rewritten later + /* CRC / Compressed size / Uncompressed size will be filled in later and rewritten later */ if (err==ZIP_OK) err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0,4); /* crc 32, unknown */ if (err==ZIP_OK) @@ -981,13 +1227,13 @@ if ((err==ZIP_OK) && (zi->ci.zip64)) { - // write the Zip64 extended info + /* write the Zip64 extended info */ short HeaderID = 1; short DataSize = 16; ZPOS64_T CompressedSize = 0; ZPOS64_T UncompressedSize = 0; - // Remember position of Zip64 extended info for the local file header. (needed when we update size after done with file) + /* Remember position of Zip64 extended info for the local file header. (needed when we update size after done with file) */ zi->ci.pos_zip64extrainfo = ZTELL64(zi->z_filefunc,zi->filestream); err = zip64local_putValue(&zi->z_filefunc, zi->filestream, (ZPOS64_T)HeaderID,2); @@ -1000,6 +1246,46 @@ return err; } +/* Return the length of the UTF-8 code at str[0..len-1] in [1..4], or negative + if there is no valid UTF-8 code there. If negative, it is minus the number + of bytes examined in order to determine it was bad. Or if minus the return + code is one less than len, then at least one more byte than provided would + be needed to complete the code. */ +local int utf8len(unsigned char const *str, size_t len) { + return + len == 0 ? -1 : /* empty input */ + str[0] < 0x80 ? 1 : /* good one-byte */ + str[0] < 0xc0 ? -1 : /* bad first byte */ + len < 2 || (str[1] >> 6) != 2 ? -2 : /* missing or bad 2nd byte */ + str[0] < 0xc2 ? -2 : /* overlong code */ + str[0] < 0xe0 ? 2 : /* good two-byte */ + len < 3 || (str[2] >> 6) != 2 ? -3 : /* missing or bad 3rd byte */ + str[0] == 0xe0 && str[1] < 0xa0 ? -3 : /* overlong code */ + str[0] < 0xf0 ? 3 : /* good three-byte */ + len < 4 || (str[3] >> 6) != 2 ? -4 : /* missing or bad 4th byte */ + str[0] == 0xf0 && str[1] < 0x90 ? -4 : /* overlong code */ + str[0] < 0xf4 || + (str[0] == 0xf4 && str[1] < 0x90) ? 4 : /* good four-byte */ + -4; /* code > 0x10ffff */ +} + +/* Return true if str[0..len-1] is valid UTF-8 *and* it contains at least one + code of two or more bytes. This is used to determine whether or not to set + bit 11 in the zip header flags. */ +local int isutf8(char const *str, size_t len) { + int utf8 = 0; + while (len) { + int code = utf8len((unsigned char const *)str, len); + if (code < 0) + return 0; + if (code > 1) + utf8 = 1; + str += code; + len -= (unsigned)code; + } + return utf8; +} + /* NOTE. When writing RAW the ZIP64 extended information in extrafield_local and extrafield_global needs to be stripped @@ -1037,14 +1323,14 @@ return ZIP_PARAMERROR; #endif - // The filename and comment length must fit in 16 bits. + /* The filename and comment length must fit in 16 bits. */ if ((filename!=NULL) && (strlen(filename)>0xffff)) return ZIP_PARAMERROR; if ((comment!=NULL) && (strlen(comment)>0xffff)) return ZIP_PARAMERROR; - // The extra field length must fit in 16 bits. If the member also requires + /* The extra field length must fit in 16 bits. If the member also requires // a Zip64 extra block, that will also need to fit within that 16-bit - // length, but that will be checked for later. + // length, but that will be checked for later. */ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) return ZIP_PARAMERROR; @@ -1086,6 +1372,9 @@ zi->ci.flag |= 6; if (password != NULL) zi->ci.flag |= 1; + if (isutf8(filename, size_filename) && + (size_comment == 0 || isutf8(comment, size_comment))) + zi->ci.flag |= (1 << 11); zi->ci.crc32 = 0; zi->ci.method = method; @@ -1096,7 +1385,7 @@ zi->ci.pos_local_header = ZTELL64(zi->z_filefunc,zi->filestream); zi->ci.size_centralheader = SIZECENTRALHEADER + size_filename + size_extrafield_global + size_comment; - zi->ci.size_centralExtraFree = 32; // Extra space we have reserved in case we need to add ZIP64 extra info data + zi->ci.size_centralExtraFree = 32; /* Extra space we have reserved in case we need to add ZIP64 extra info data */ zi->ci.central_header = (char*)ALLOC((uInt)zi->ci.size_centralheader + zi->ci.size_centralExtraFree); @@ -1191,7 +1480,7 @@ else if(zi->ci.method == Z_BZIP2ED) { #ifdef HAVE_BZIP2 - // Init BZip stuff here + /* Init BZip stuff here */ zi->ci.bstream.bzalloc = 0; zi->ci.bstream.bzfree = 0; zi->ci.bstream.opaque = (voidpf)0; @@ -1393,7 +1682,7 @@ if ((zi->ci.method == Z_BZIP2ED) && (!zi->ci.raw)) { uLong uTotalOutBefore_lo = zi->ci.bstream.total_out_lo32; -// uLong uTotalOutBefore_hi = zi->ci.bstream.total_out_hi32; +/* uLong uTotalOutBefore_hi = zi->ci.bstream.total_out_hi32; */ err=BZ2_bzCompress(&zi->ci.bstream, BZ_RUN); zi->ci.pos_in_buffered_data += (uInt)(zi->ci.bstream.total_out_lo32 - uTotalOutBefore_lo) ; @@ -1406,7 +1695,7 @@ else #endif { - zi->ci.stream.next_in = (Bytef*)(uintptr_t)buf; + zi->ci.stream.next_in = buf; zi->ci.stream.avail_in = len; while ((err==ZIP_OK) && (zi->ci.stream.avail_in>0)) @@ -1451,7 +1740,7 @@ zi->ci.pos_in_buffered_data += copy_this; } } - }// while(...) + }/* while(...) */ } return err; @@ -1557,7 +1846,7 @@ compressed_size += zi->ci.crypt_header_size; # endif - // update Current Item crc and sizes, + /* update Current Item crc and sizes, */ if(compressed_size >= 0xffffffff || uncompressed_size >= 0xffffffff || zi->ci.pos_local_header >= 0xffffffff) { /*version Made by*/ @@ -1575,7 +1864,7 @@ else zip64local_putValue_inmemory(zi->ci.central_header+20, compressed_size,4); /*compr size*/ - /// set internal file attributes field + /* set internal file attributes field */ if (zi->ci.stream.data_type == Z_ASCII) zip64local_putValue_inmemory(zi->ci.central_header+36,(uLong)Z_ASCII,2); @@ -1584,15 +1873,15 @@ else zip64local_putValue_inmemory(zi->ci.central_header+24, uncompressed_size,4); /*uncompr size*/ - // Add ZIP64 extra info field for uncompressed size + /* Add ZIP64 extra info field for uncompressed size */ if(uncompressed_size >= 0xffffffff) datasize += 8; - // Add ZIP64 extra info field for compressed size + /* Add ZIP64 extra info field for compressed size */ if(compressed_size >= 0xffffffff) datasize += 8; - // Add ZIP64 extra info field for relative offset to local file header of current file + /* Add ZIP64 extra info field for relative offset to local file header of current file */ if(zi->ci.pos_local_header >= 0xffffffff) datasize += 8; @@ -1602,16 +1891,16 @@ if((uLong)(datasize + 4) > zi->ci.size_centralExtraFree) { - // we cannot write more data to the buffer that we have room for. + /* we cannot write more data to the buffer that we have room for. */ return ZIP_BADZIPFILE; } p = zi->ci.central_header + zi->ci.size_centralheader; - // Add Extra Information Header for 'ZIP64 information' - zip64local_putValue_inmemory(p, 0x0001, 2); // HeaderID + /* Add Extra Information Header for 'ZIP64 information' */ + zip64local_putValue_inmemory(p, 0x0001, 2); /* HeaderID */ p += 2; - zip64local_putValue_inmemory(p, datasize, 2); // DataSize + zip64local_putValue_inmemory(p, datasize, 2); /* DataSize */ p += 2; if(uncompressed_size >= 0xffffffff) @@ -1632,13 +1921,13 @@ p += 8; } - // Update how much extra free space we got in the memory buffer + /* Update how much extra free space we got in the memory buffer // and increase the centralheader size so the new ZIP64 fields are included - // ( 4 below is the size of HeaderID and DataSize field ) + // ( 4 below is the size of HeaderID and DataSize field ) */ zi->ci.size_centralExtraFree -= datasize + 4; zi->ci.size_centralheader += datasize + 4; - // Update the extra info size field + /* Update the extra info size field */ zi->ci.size_centralExtra += datasize + 4; zip64local_putValue_inmemory(zi->ci.central_header+30,(uLong)zi->ci.size_centralExtra,2); } @@ -1650,7 +1939,7 @@ if (err==ZIP_OK) { - // Update the LocalFileHeader with the new values. + /* Update the LocalFileHeader with the new values. */ ZPOS64_T cur_pos_inzip = ZTELL64(zi->z_filefunc,zi->filestream); @@ -1664,7 +1953,7 @@ { if(zi->ci.pos_zip64extrainfo > 0) { - // Update the size in the ZIP64 extended field. + /* Update the size in the ZIP64 extended field. */ if (ZSEEK64(zi->z_filefunc,zi->filestream, zi->ci.pos_zip64extrainfo + 4,ZLIB_FILEFUNC_SEEK_SET)!=0) err = ZIP_ERRNO; @@ -1675,7 +1964,7 @@ err = zip64local_putValue(&zi->z_filefunc, zi->filestream, compressed_size, 8); } else - err = ZIP_BADZIPFILE; // Caller passed zip64 = 0, so no room for zip64 info -> fatal + err = ZIP_BADZIPFILE; /* Caller passed zip64 = 0, so no room for zip64 info -> fatal */ } else { @@ -1729,7 +2018,7 @@ err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)ZIP64ENDHEADERMAGIC,4); if (err==ZIP_OK) /* size of this 'zip64 end of central directory' */ - err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(ZPOS64_T)Zip64DataSize,8); // why ZPOS64_T of this ? + err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(ZPOS64_T)Zip64DataSize,8); /* why ZPOS64_T of this ? */ if (err==ZIP_OK) /* version made by */ err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)45,2); @@ -1776,7 +2065,7 @@ { { if(zi->number_entry >= 0xFFFF) - err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); // use value in ZIP64 record + err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); /* use value in ZIP64 record */ else err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->number_entry,2); } @@ -1785,7 +2074,7 @@ if (err==ZIP_OK) /* total number of entries in the central dir */ { if(zi->number_entry >= 0xFFFF) - err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); // use value in ZIP64 record + err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)0xffff,2); /* use value in ZIP64 record */ else err = zip64local_putValue(&zi->z_filefunc,zi->filestream,(uLong)zi->number_entry,2); } @@ -1865,6 +2154,8 @@ } free_linkedlist(&(zi->central_dir)); + set_end(&zi->set); /* set was zeroed, so this is safe */ + pos = centraldir_pos_inzip - zi->add_position_when_writing_offset; if(pos >= 0xffffffff || zi->number_entry >= 0xFFFF) { @@ -1913,13 +2204,13 @@ header = *(short*)p; dataSize = *(((short*)p)+1); - if( header == sHeader ) // Header found. + if( header == sHeader ) /* Header found. */ { - p += dataSize + 4; // skip it. do not copy to temp buffer + p += dataSize + 4; /* skip it. do not copy to temp buffer */ } else { - // Extra Info block should not be removed, So copy it to the temp buffer. + /* Extra Info block should not be removed, So copy it to the temp buffer. */ memcpy(pTmp, p, dataSize + 4); p += dataSize + 4; size += dataSize + 4; @@ -1929,14 +2220,14 @@ if(size < *dataLen) { - // clean old extra info block. + /* clean old extra info block. */ memset(pData,0, *dataLen); - // copy the new extra info block over the old + /* copy the new extra info block over the old */ if(size > 0) memcpy(pData, pNewHeader, size); - // set the new extra info size + /* set the new extra info size */ *dataLen = size; retVal = ZIP_OK; diff -Nru mariadb-11.8.6/storage/connect/zip.h mariadb-11.8.8/storage/connect/zip.h --- mariadb-11.8.6/storage/connect/zip.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/connect/zip.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,11 +1,10 @@ /* zip.h -- IO on .zip files using zlib - Version 1.1, February 14h, 2010 - part of the MiniZip project - ( http://www.winimage.com/zLibDll/minizip.html ) + part of the MiniZip project - ( https://www.winimage.com/zLibDll/minizip.html ) - Copyright (C) 1998-2010 Gilles Vollant (minizip) ( http://www.winimage.com/zLibDll/minizip.html ) + Copyright (C) 1998-2026 Gilles Vollant (minizip) ( https://www.winimage.com/zLibDll/minizip.html ) Modifications for Zip64 support - Copyright (C) 2009-2010 Mathias Svensson ( http://result42.com ) + Copyright (C) 2009-2010 Mathias Svensson ( https://result42.com ) For more info read MiniZip_info.txt @@ -35,7 +34,7 @@ See header of zip.h -*/ + */ #ifndef _zip12_H #define _zip12_H @@ -44,7 +43,7 @@ extern "C" { #endif -//#define HAVE_BZIP2 +/* #define HAVE_BZIP2 */ #ifndef _ZLIB_H #include "zlib.h" @@ -69,6 +68,8 @@ typedef voidp zipFile; #endif +extern const char zip_copyright[]; + #define ZIP_OK (0) #define ZIP_EOF (0) #define ZIP_ERRNO (Z_ERRNO) @@ -127,12 +128,12 @@ If the zipfile cannot be opened, the return value is NULL. Else, the return value is a zipFile Handle, usable with other function of this zip package. -*/ + */ /* Note : there is no delete function into a zipfile. If you want delete file into a zipfile, you must open a zipfile, and create another Of course, you can use RAW reading and writing to copy the file you did not want delete -*/ + */ extern zipFile ZEXPORT zipOpen2(const char *pathname, int append, @@ -186,7 +187,7 @@ zip64 is set to 1 if a zip64 extended information block should be added to the local file header. this MUST be '1' if the uncompressed size is >= 0xffffffff. -*/ + */ extern int ZEXPORT zipOpenNewFileInZip2(zipFile file, @@ -311,12 +312,12 @@ unsigned len); /* Write data in the zipfile -*/ + */ extern int ZEXPORT zipCloseFileInZip(zipFile file); /* Close the current file in the zipfile -*/ + */ extern int ZEXPORT zipCloseFileInZipRaw(zipFile file, uLong uncompressed_size, @@ -326,17 +327,23 @@ ZPOS64_T uncompressed_size, uLong crc32); +extern int ZEXPORT zipAlreadyThere(zipFile file, + char const* name); +/* + See if name is already in file's central directory. + */ + /* Close the current file in the zipfile, for file opened with parameter raw=1 in zipOpenNewFileInZip2 uncompressed_size and crc32 are value for the uncompressed size -*/ + */ extern int ZEXPORT zipClose(zipFile file, const char* global_comment); /* Close the zipfile -*/ + */ extern int ZEXPORT zipRemoveExtraInfoBlock(char* pData, int* dataLen, short sHeader); @@ -355,7 +362,7 @@ Remove ZIP64 Extra information from a Local File Header extra field data zipRemoveExtraInfoBlock(pLocalHeaderExtraFieldData, &nLocalHeaderExtraFieldDataLen, 0x0001); -*/ + */ #ifdef __cplusplus } diff -Nru mariadb-11.8.6/storage/federated/ha_federated.cc mariadb-11.8.8/storage/federated/ha_federated.cc --- mariadb-11.8.6/storage/federated/ha_federated.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/federated/ha_federated.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1300,7 +1300,10 @@ bool both_not_null= (start_key != NULL && end_key != NULL) ? TRUE : FALSE; const uchar *ptr; - uint remainder, length; +#ifndef DBUG_OFF + uint remainder; +#endif + uint length; char tmpbuff[FEDERATED_QUERY_BUFFER_SIZE]; String tmp(tmpbuff, sizeof(tmpbuff), system_charset_info); const key_range *ranges[2]= { start_key, end_key }; @@ -1327,10 +1330,14 @@ } for (key_part= key_info->key_part, +#ifndef DBUG_OFF remainder= key_info->user_defined_key_parts, +#endif length= ranges[i]->length, ptr= ranges[i]->key; ; +#ifndef DBUG_OFF remainder--, +#endif key_part++) { Field *field= key_part->field; @@ -2452,8 +2459,8 @@ if (real_query(sql_query.ptr(), sql_query.length())) { - sprintf(error_buffer, "error: %d '%s'", - mysql_errno(mysql), mysql_error(mysql)); + snprintf(error_buffer, sizeof(error_buffer), "error: %d '%s'", + mysql_errno(mysql), mysql_error(mysql)); retval= ER_QUERY_ON_FOREIGN_DATA_SOURCE; goto error; } diff -Nru mariadb-11.8.6/storage/federatedx/ha_federatedx.cc mariadb-11.8.8/storage/federatedx/ha_federatedx.cc --- mariadb-11.8.6/storage/federatedx/ha_federatedx.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/federatedx/ha_federatedx.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1241,7 +1241,10 @@ bool both_not_null= (start_key != NULL && end_key != NULL) ? TRUE : FALSE; const uchar *ptr; - uint remainder, length; +#ifndef DBUG_OFF + uint remainder; +#endif + uint length; char tmpbuff[FEDERATEDX_QUERY_BUFFER_SIZE]; String tmp(tmpbuff, sizeof(tmpbuff), system_charset_info); const key_range *ranges[2]= { start_key, end_key }; @@ -1269,10 +1272,14 @@ } for (key_part= key_info->key_part, +#ifndef DBUG_OFF remainder= key_info->user_defined_key_parts, +#endif length= ranges[i]->length, ptr= ranges[i]->key; ; +#ifndef DBUG_OFF remainder--, +#endif key_part++) { Field *field= key_part->field; diff -Nru mariadb-11.8.6/storage/heap/hp_test1.c mariadb-11.8.8/storage/heap/hp_test1.c --- mariadb-11.8.6/storage/heap/hp_test1.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/heap/hp_test1.c 2026-05-24 09:58:32.000000000 +0000 @@ -74,7 +74,7 @@ for (i=49 ; i>=1 ; i-=2 ) { j=i%25 +1; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); bmove(record+1,key,6); error=heap_write(file,record); if (heap_check_heap(file,0)) @@ -96,7 +96,7 @@ for (i=1 ; i<=10 ; i++) { if (i == remove_ant) { (void) heap_close(file); return (0) ; } - sprintf((char*) key,"%6d",(j=(int) ((rand() & 32767)/32767.*25))); + snprintf((char*) key, sizeof(key), "%6d",(j=(int) ((rand() & 32767)/32767.*25))); if ((error = heap_rkey(file,record,0,key,6,HA_READ_KEY_EXACT))) { if (verbose || (flags[j] == 1 || @@ -120,7 +120,7 @@ printf("- Reading records with key\n"); for (i=1 ; i<=25 ; i++) { - sprintf((char*) key,"%6d",i); + snprintf((char*) key, sizeof(key), "%6d",i); bmove(record+1,key,6); my_errno=0; error=heap_rkey(file,record,0,key,6,HA_READ_KEY_EXACT); diff -Nru mariadb-11.8.6/storage/heap/hp_test2.c mariadb-11.8.8/storage/heap/hp_test2.c --- mariadb-11.8.6/storage/heap/hp_test2.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/heap/hp_test2.c 2026-05-24 09:58:32.000000000 +0000 @@ -174,7 +174,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (heap_rkey(file,record,0,key,6, HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -229,7 +229,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!key1[j]) continue; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (heap_rkey(file,record,0,key,6, HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -272,7 +272,7 @@ for (i=999, dupp_keys=found_key=0 ; i>0 ; i--) { if (key1[i] > dupp_keys) { dupp_keys=key1[i]; found_key=i; } - sprintf((char*) key,"%6d",found_key); + snprintf((char*) key, sizeof(key), "%6d",found_key); } if (dupp_keys > 3) @@ -461,7 +461,7 @@ for (i=999, dupp_keys=found_key=0 ; i>0 ; i--) { if (key1[i] > dupp_keys) { dupp_keys=key1[i]; found_key=i; } - sprintf((char*) key,"%6d",found_key); + snprintf((char*) key, sizeof(key), "%6d",found_key); } printf("- Read through all keys with first-next-last-prev\n"); ant=0; @@ -636,8 +636,8 @@ const char *mark, uint count) { bfill(record,reclength,' '); - sprintf((char*) record,"%6d:%4d:%8d:%3.3s: %4d", - n1,n2,n3,mark,count); + snprintf((char*) record, reclength, "%6d:%4d:%8d:%3.3s: %4d", + n1,n2,n3,mark,count); record[37]='A'; /* Store A in null key */ record[38]=1; /* set as null */ } diff -Nru mariadb-11.8.6/storage/innobase/btr/btr0cur.cc mariadb-11.8.8/storage/innobase/btr/btr0cur.cc --- mariadb-11.8.6/storage/innobase/btr/btr0cur.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/btr/btr0cur.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2167,7 +2167,7 @@ || dict_index_is_clust(index) || (flags & BTR_CREATE_FLAG)); ut_ad((flags & BTR_NO_UNDO_LOG_FLAG) - || !index->table->skip_alter_undo); + || index->table->skip_alter_undo != dict_table_t::NO_UNDO); ut_ad(mtr->is_named_space(index->table->space)); diff -Nru mariadb-11.8.6/storage/innobase/buf/buf0buddy.cc mariadb-11.8.8/storage/innobase/buf/buf0buddy.cc --- mariadb-11.8.6/storage/innobase/buf/buf0buddy.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/buf/buf0buddy.cc 2026-05-24 09:58:32.000000000 +0000 @@ -651,7 +651,6 @@ ulint size= page_zip_get_size(&bpage->zip); ulint i= buf_buddy_get_slot(size); - ut_ad(buf_pool.will_be_withdrawn(bpage->zip.data, size)); ut_ad(bpage->can_relocate()); ut_ad(i <= BUF_BUDDY_SIZES); ut_ad(i >= buf_buddy_get_slot(UNIV_ZIP_SIZE_MIN)); diff -Nru mariadb-11.8.6/storage/innobase/buf/buf0buf.cc mariadb-11.8.8/storage/innobase/buf/buf0buf.cc --- mariadb-11.8.6/storage/innobase/buf/buf0buf.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/buf/buf0buf.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1342,6 +1342,12 @@ allocated before innodb initialization */ ut_ad(srv_operation >= SRV_OPERATION_RESTORE || !field_ref_zero); +#if defined(__aarch64__) + mysql_mutex_init(buf_pool_mutex_key, &mutex, MY_MUTEX_INIT_FAST); +#else + mysql_mutex_init(buf_pool_mutex_key, &mutex, nullptr); +#endif + if (!field_ref_zero) { if (auto b= aligned_malloc(UNIV_PAGE_SIZE_MAX, 4096)) @@ -1361,23 +1367,44 @@ init: DBUG_EXECUTE_IF("ib_buf_chunk_init_fails", goto oom;); size_t size= size_in_bytes_max; - sql_print_information("InnoDB: innodb_buffer_pool_size_max=%zum," - " innodb_buffer_pool_size=%zum", - size >> 20, size_in_bytes_requested >> 20); retry: { NUMA_MEMPOLICY_INTERLEAVE_IN_SCOPE; #ifdef _WIN32 memory_unaligned= my_virtual_mem_reserve(&size); + if (!memory_unaligned) + goto oom; #else memory_unaligned= my_large_virtual_alloc(&size); + if (memory_unaligned); +# if defined __aarch64__ || defined __riscv || defined __mips__ || defined __loongarch64 + else if (size_in_bytes_max_default != 0 && + size_in_bytes_max == size_in_bytes_max_default) + { + /* Accommodate Linux ARMv8 CONFIG_ARM64_VA_BITS_39 or + RISC-V CONFIG_VA_BITS_SV39 or similar. + + We assume that nobody would expect MariaDB to run with + CONFIG_ARM64_VA_BITS_36 (16 GiB virtual address space). + Should that be the case, an explicit innodb_buffer_pool_size_max + may be configured to allow InnoDB to start up. + + On MIPS and LoongArch, the virtual addresses may be actually + be narrower than 40 bits, but we do not have any real world + experience. */ + + /* Let us aim for 128 GiB (a quarter of the 512 GiB), or the + initial innodb_buffer_pool_size, whichever is greater. */ + size_in_bytes_max= std::max(size_t(1ULL << 37), size_in_bytes_requested); + goto init; + } +# endif + else + goto oom; #endif } - if (!memory_unaligned) - goto oom; - const size_t alignment_waste= ((~size_t(memory_unaligned) & (innodb_buffer_pool_extent_size - 1)) + 1) & (innodb_buffer_pool_extent_size - 1); @@ -1390,8 +1417,10 @@ goto retry; } + sql_print_information("InnoDB: innodb_buffer_pool_size_max=%zum," + " innodb_buffer_pool_size=%zum", + size >> 20, size_in_bytes_requested >> 20); MEM_UNDEFINED(memory_unaligned, size); - ut_dontdump(memory_unaligned, size, true); memory= memory_unaligned + alignment_waste; size_unaligned= size; size-= alignment_waste; @@ -1406,7 +1435,7 @@ #ifdef UNIV_PFS_MEMORY PSI_MEMORY_CALL(memory_alloc)(mem_key_buf_buf_pool, actual_size, &owner); #endif -#ifdef _WIN32 +#ifndef _AIX if (!my_virtual_mem_commit(memory, actual_size)) { my_virtual_mem_release(memory_unaligned, size_unaligned); @@ -1414,6 +1443,11 @@ memory_unaligned= nullptr; goto oom; } +#if defined __linux__ || defined __FreeBSD__ + ut_d(mysql_mutex_lock(&mutex)); + core_advise(); + ut_d(mysql_mutex_unlock(&mutex)); +#endif #else update_malloc_size(actual_size, 0); #endif @@ -1459,12 +1493,6 @@ } } -#if defined(__aarch64__) - mysql_mutex_init(buf_pool_mutex_key, &mutex, MY_MUTEX_INIT_FAST); -#else - mysql_mutex_init(buf_pool_mutex_key, &mutex, nullptr); -#endif - UT_LIST_INIT(withdrawn, &buf_page_t::list); UT_LIST_INIT(LRU, &buf_page_t::LRU); UT_LIST_INIT(flush_list, &buf_page_t::list); @@ -1893,12 +1921,6 @@ ut_ad(size + reduced == size_in_bytes); size_in_bytes_requested= size; size_in_bytes= size; -# ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT - /* Only page_guess() may read this memory, which after - my_virtual_mem_decommit() may be zeroed out or preserve its original - contents. Try to catch any unintended reads outside page_guess(). */ - MEM_UNDEFINED(memory + size, size_in_bytes_max - size); -# else for (size_t n= page_hash.pad(page_hash.n_cells), i= 0; i < n; i+= page_hash.ELEMENTS_PER_LATCH + 1) { @@ -1909,7 +1931,6 @@ guess before we invoke my_virtual_mem_decommit() below. */ latch.unlock(); } -# endif my_virtual_mem_decommit(memory + size, reduced); #ifdef UNIV_PFS_MEMORY PSI_MEMORY_CALL(memory_free)(mem_key_buf_buf_pool, reduced, owner); @@ -1980,6 +2001,9 @@ size_in_bytes_requested= size; size_in_bytes= size; +#if defined __linux__ || defined __FreeBSD__ + core_advise(); +#endif { const size_t ssize= srv_page_size_shift - UNIV_PAGE_SIZE_SHIFT_MIN; @@ -2648,38 +2672,18 @@ /* On at least two Intel Xeon of different generation, it turns out that transactional_shared_lock_guard would perform worse here. */ latch.lock_shared(); -#ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT - /* shrunk() and my_virtual_mem_decommit() could retain the original - contents of the virtual memory range or zero it out immediately or - with a delay. Any zeroing out may lead to a false positive for - b->page.id() == id but never for b->page.state(). At the time of - the shrunk() call, shrink() and buf_LRU_block_free_non_file_page() - should guarantee that b->page.state() is equal to - buf_page_t::NOT_USED (0) for all to-be-freed blocks. */ -#else /* shrunk() made the memory inaccessible. */ if (UNIV_UNLIKELY(reinterpret_cast(b) >= memory + size_in_bytes)) { latch.unlock_shared(); return 0; } -#endif /* This synchronizes with buf_page_t::init() */ uint32_t state{b->page.zip.fix.load(std::memory_order_acquire)}; const page_id_t block_id{b->page.id()}; -#ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT - /* shrunk() may have invoked MEM_UNDEFINED() on this memory to be able - to catch any unintended access elsewhere in our code. */ - MEM_MAKE_DEFINED(&block_id, sizeof block_id); -#endif if (id == block_id) { -#ifndef HAVE_UNACCESSIBLE_AFTER_MEM_DECOMMIT - /* shrunk() may have invoked MEM_UNDEFINED() on this memory to be able - to catch any unintended access elsewhere in our code. */ - MEM_MAKE_DEFINED(&state, sizeof state); -#endif /* Ignore guesses that point to read-fixed blocks. We can only avoid a race condition by looking up the block via page_hash. */ if ((state >= buf_page_t::FREED && state < buf_page_t::READ_FIX) || @@ -3752,15 +3756,15 @@ @retval nullptr if all freed */ void buf_pool_t::assert_all_freed() noexcept { - mysql_mutex_lock(&mutex); + mysql_mutex_assert_owner(&mutex); - for (char *extent= memory, - *end= memory + block_descriptors_in_bytes(n_blocks); - extent < end; extent+= innodb_buffer_pool_extent_size) - for (buf_block_t *block= reinterpret_cast(extent), - *extent_end= block + - pages_in_extent[srv_page_size_shift - UNIV_PAGE_SIZE_SHIFT_MIN]; - block < extent_end && reinterpret_cast(block) < end; block++) + for (char *extent= memory, + *end= memory + block_descriptors_in_bytes(n_blocks); + extent < end; extent+= innodb_buffer_pool_extent_size) + for (buf_block_t *block= reinterpret_cast(extent), + *extent_end= block + + pages_in_extent[srv_page_size_shift - UNIV_PAGE_SIZE_SHIFT_MIN]; + block < extent_end && reinterpret_cast(block) < end; block++) { if (!block->page.in_file()) continue; @@ -3790,8 +3794,6 @@ fixed_or_dirty: ib::fatal() << "Page " << block->page.id() << " still fixed or dirty"; } - - mysql_mutex_unlock(&mutex); } #endif /* UNIV_DEBUG */ @@ -3802,33 +3804,6 @@ buf_pool.old_stat = buf_pool.stat; } -/** Invalidate all pages in the buffer pool. -All pages must be in a replaceable state (not modified or latched). */ -void buf_pool_invalidate() noexcept -{ - /* It is possible that a write batch that has been posted - earlier is still not complete. For buffer pool invalidation to - proceed we must ensure there is NO write activity happening. */ - - os_aio_wait_until_no_pending_writes(false); - ut_d(buf_pool.assert_all_freed()); - mysql_mutex_lock(&buf_pool.mutex); - - while (UT_LIST_GET_LEN(buf_pool.LRU)) { - buf_LRU_scan_and_free_block(); - } - - ut_ad(UT_LIST_GET_LEN(buf_pool.unzip_LRU) == 0); - - buf_pool.freed_page_clock = 0; - buf_pool.LRU_old = NULL; - buf_pool.LRU_old_len = 0; - buf_pool.stat.init(); - - buf_refresh_io_stats(); - mysql_mutex_unlock(&buf_pool.mutex); -} - #ifdef UNIV_DEBUG /** Validate the buffer pool. */ void buf_pool_t::validate() noexcept diff -Nru mariadb-11.8.6/storage/innobase/buf/buf0dblwr.cc mariadb-11.8.8/storage/innobase/buf/buf0dblwr.cc --- mariadb-11.8.6/storage/innobase/buf/buf0dblwr.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/buf/buf0dblwr.cc 2026-05-24 09:58:32.000000000 +0000 @@ -174,9 +174,15 @@ ut_ad(init_mtr.get_savepoint() == 1); ut_ad(init_mtr.m_memo[0].object == new_block); ut_ad(init_mtr.m_memo[0].type == MTR_MEMO_PAGE_X_MODIFY); + new_block->page.fix(); init_mtr.m_memo[0].type= MTR_MEMO_PAGE_X_FIX; init_mtr.rollback_to_savepoint(0, 1); init_mtr.m_log.erase(); + mysql_mutex_lock(&buf_pool.mutex); + new_block->page.unfix(); + ut_d(bool freed=) buf_LRU_free_page(&new_block->page, true); + ut_ad(freed); + mysql_mutex_unlock(&buf_pool.mutex); if (i == size / 2) ut_a(id.page_no() == size); @@ -203,11 +209,6 @@ TRX_SYS_DOUBLEWRITE_SPACE_ID_STORED_N); mtr.commit(); - buf_flush_wait_flushed(mtr.commit_lsn()); - - /* Remove doublewrite pages from LRU */ - buf_pool_invalidate(); - sql_print_information("InnoDB: Doublewrite buffer created"); goto start_again; } @@ -316,7 +317,7 @@ else { alignas(8) char checkpoint[8]; - mach_write_to_8(checkpoint, log_sys.next_checkpoint_lsn); + mach_write_to_8(checkpoint, log_sys.last_checkpoint_lsn); for (auto i= size * 2; i--; page += srv_page_size) if (memcmp_aligned<8>(page + FIL_PAGE_LSN, checkpoint, 8) >= 0) /* Valid pages are not older than the log checkpoint. */ diff -Nru mariadb-11.8.6/storage/innobase/buf/buf0dump.cc mariadb-11.8.8/storage/innobase/buf/buf0dump.cc --- mariadb-11.8.6/storage/innobase/buf/buf0dump.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/buf/buf0dump.cc 2026-05-24 09:58:32.000000000 +0000 @@ -404,7 +404,7 @@ /* success */ - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_dump_status(STATUS_INFO, "Buffer pool(s) dump completed at %s", now); @@ -487,7 +487,7 @@ dump_n * sizeof(*dump))); } else { fclose(f); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty)", now, full_filename); @@ -553,7 +553,7 @@ if (dump_n == 0) { ut_free(dump); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); buf_load_status(STATUS_INFO, "Buffer pool(s) load completed at %s" " (%s was empty or had errors)", now, full_filename); @@ -661,7 +661,7 @@ os_aio_wait_until_no_pending_reads(true); - ut_sprintf_timestamp(now); + ut_sprintf_timestamp(now, sizeof(now)); if (i == dump_n) { buf_load_status(STATUS_INFO, diff -Nru mariadb-11.8.6/storage/innobase/buf/buf0flu.cc mariadb-11.8.8/storage/innobase/buf/buf0flu.cc --- mariadb-11.8.6/storage/innobase/buf/buf0flu.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/buf/buf0flu.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1566,25 +1566,6 @@ return count; } -/** Wait until a LRU flush batch ends. */ -void buf_flush_wait_LRU_batch_end() noexcept -{ - mysql_mutex_assert_owner(&buf_pool.flush_list_mutex); - mysql_mutex_assert_not_owner(&buf_pool.mutex); - - if (buf_pool.n_flush()) - { - tpool::tpool_wait_begin(); - thd_wait_begin(nullptr, THD_WAIT_DISKIO); - do - my_cond_wait(&buf_pool.done_flush_LRU, - &buf_pool.flush_list_mutex.m_mutex); - while (buf_pool.n_flush()); - tpool::tpool_wait_end(); - thd_wait_end(nullptr); - } -} - /** Write out dirty blocks from buf_pool.flush_list. The caller must invoke buf_dblwr.flush_buffered_writes() after releasing buf_pool.mutex. @@ -1810,20 +1791,17 @@ # include "cache.h" #endif -/** Write checkpoint information to the log header and release mutex. -@param end_lsn start LSN of the FILE_CHECKPOINT mini-transaction */ -inline void log_t::write_checkpoint(lsn_t end_lsn) noexcept + +inline void log_t::write_checkpoint(lsn_t checkpoint, lsn_t end_lsn) noexcept { ut_ad(!srv_read_only_mode); - ut_ad(end_lsn >= next_checkpoint_lsn); + ut_ad(end_lsn >= checkpoint); ut_d(const lsn_t current_lsn{get_lsn()}); ut_ad(end_lsn <= current_lsn); - ut_ad(end_lsn + SIZE_OF_FILE_CHECKPOINT <= current_lsn || + ut_ad(end_lsn + SIZE_OF_FILE_CHECKPOINT + + 8 * is_encrypted() <= current_lsn || srv_shutdown_state > SRV_SHUTDOWN_INITIATED); - DBUG_PRINT("ib_log", - ("checkpoint at " LSN_PF " written", next_checkpoint_lsn)); - auto n= next_checkpoint_no; const size_t offset{(n & 1) ? CHECKPOINT_2 : CHECKPOINT_1}; static_assert(CPU_LEVEL1_DCACHE_LINESIZE >= 64, "efficiency"); @@ -1831,7 +1809,7 @@ byte* c= my_assume_aligned (is_mmap() ? buf + offset : checkpoint_buf); memset_aligned(c, 0, CPU_LEVEL1_DCACHE_LINESIZE); - mach_write_to_8(my_assume_aligned<8>(c), next_checkpoint_lsn); + mach_write_to_8(my_assume_aligned<8>(c), checkpoint); mach_write_to_8(my_assume_aligned<8>(c + 8), end_lsn); mach_write_to_4(my_assume_aligned<4>(c + 60), my_crc32c(0, c, 60)); @@ -1843,7 +1821,7 @@ ut_ad(!is_opened()); resizing= resize_lsn.load(std::memory_order_relaxed); - if (resizing > 1 && resizing <= next_checkpoint_lsn) + if (resizing > 1 && resizing <= checkpoint) { memcpy_aligned<64>(resize_buf + CHECKPOINT_1, c, 64); header_write(resize_buf, resizing, is_encrypted()); @@ -1855,8 +1833,6 @@ #endif { ut_ad(!is_mmap()); - ut_ad(!checkpoint_pending); - checkpoint_pending= true; latch.wr_unlock(); log_write_and_flush_prepare(); resizing= resize_lsn.load(std::memory_order_relaxed); @@ -1864,7 +1840,7 @@ ut_ad(write_size >= 512); ut_ad(write_size <= 4096); log.write(offset, {c, write_size}); - if (resizing > 1 && resizing <= next_checkpoint_lsn) + if (resizing > 1 && resizing <= checkpoint) { resize_log.write(CHECKPOINT_1, {c, write_size}); byte *buf= static_cast(aligned_malloc(4096, 4096)); @@ -1876,31 +1852,27 @@ if (!log_write_through) ut_a(log.flush()); - latch.wr_lock(SRW_LOCK_CALL); - ut_ad(checkpoint_pending); - checkpoint_pending= false; + latch.wr_lock(); resizing= resize_lsn.load(std::memory_order_relaxed); } - ut_ad(!checkpoint_pending); next_checkpoint_no++; - const lsn_t checkpoint_lsn{next_checkpoint_lsn}; - last_checkpoint_lsn= checkpoint_lsn; + last_checkpoint_lsn= checkpoint; DBUG_PRINT("ib_log", ("checkpoint ended at " LSN_PF ", flushed to " LSN_PF, - checkpoint_lsn, get_flushed_lsn())); + checkpoint, get_flushed_lsn())); if (overwrite_warned) { sql_print_information("InnoDB: Crash recovery was broken " "between LSN=" LSN_PF " and checkpoint LSN=" LSN_PF ".", - overwrite_warned, checkpoint_lsn); + overwrite_warned, checkpoint); overwrite_warned= 0; } lsn_t resizing_completed= 0; - if (resizing > 1 && resizing <= checkpoint_lsn) + if (resizing > 1 && resizing <= checkpoint) { ut_ad(is_mmap() == !resize_flush_buf); ut_ad(is_mmap() == !resize_log.is_opened()); @@ -1977,7 +1949,7 @@ log_resize_release(); if (UNIV_LIKELY(resizing <= 1)); - else if (resizing > checkpoint_lsn) + else if (resizing > checkpoint) buf_flush_ahead(resizing, false); else if (resizing_completed) ib::info() << "Resized log to " << ib::bytes_iec{resizing_completed} @@ -1988,11 +1960,11 @@ /** Initiate a log checkpoint, discarding the start of the log. @param oldest_lsn the checkpoint LSN -@param end_lsn log_sys.get_lsn() -@return true if success, false if a checkpoint write was already running */ -static bool log_checkpoint_low(lsn_t oldest_lsn, lsn_t end_lsn) noexcept +@param end_lsn log_sys.get_lsn() */ +static void log_checkpoint_low(lsn_t oldest_lsn, lsn_t end_lsn) noexcept { ut_ad(!srv_read_only_mode); + ut_ad(!recv_no_log_write); ut_ad(log_sys.latch_have_wr()); ut_ad(oldest_lsn <= end_lsn); ut_ad(end_lsn == log_sys.get_lsn()); @@ -2001,14 +1973,12 @@ (oldest_lsn == end_lsn && !log_sys.resize_in_progress() && oldest_lsn == log_sys.last_checkpoint_lsn + - (log_sys.is_encrypted() - ? SIZE_OF_FILE_CHECKPOINT + 8 : SIZE_OF_FILE_CHECKPOINT))) + log_sys.is_encrypted() * 8 + SIZE_OF_FILE_CHECKPOINT)) { /* Do nothing, because nothing was logged (other than a FILE_CHECKPOINT record) since the previous checkpoint. */ - do_nothing: log_sys.latch.wr_unlock(); - return true; + return; } ut_ad(!recv_no_log_write); @@ -2025,38 +1995,35 @@ mtr_t::commit() in other threads will be blocked, and no pages can be added to buf_pool.flush_list. */ const lsn_t flush_lsn{fil_names_clear(oldest_lsn)}; - ut_ad(flush_lsn >= end_lsn + SIZE_OF_FILE_CHECKPOINT); - log_sys.latch.wr_unlock(); - log_write_up_to(flush_lsn, true); - log_sys.latch.wr_lock(SRW_LOCK_CALL); - if (log_sys.last_checkpoint_lsn >= oldest_lsn) - goto do_nothing; - - ut_ad(log_sys.get_flushed_lsn() >= flush_lsn); + ut_ad(flush_lsn >= end_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted()); + ut_ad(flush_lsn > log_sys.get_flushed_lsn()); - if (log_sys.checkpoint_pending) + if (false); +#ifdef HAVE_PMEM + else if (log_sys.is_mmap()) + log_sys.persist(flush_lsn); +#endif + else { - /* A checkpoint write is running */ log_sys.latch.wr_unlock(); - return false; + log_write_up_to(flush_lsn, true); + log_sys.latch.wr_lock(); } - log_sys.next_checkpoint_lsn= oldest_lsn; - log_sys.write_checkpoint(end_lsn); + ut_ad(oldest_lsn > log_sys.last_checkpoint_lsn); + ut_ad(log_sys.get_flushed_lsn() >= flush_lsn); - return true; + log_sys.write_checkpoint(oldest_lsn, end_lsn); } /** Make a checkpoint. Note that this function does not flush dirty blocks from the buffer pool: it only checks what is lsn of the oldest modification in the pool, and writes information about the lsn in -log file. Use log_make_checkpoint() to flush also the pool. -@retval true if the checkpoint was or had been made -@retval false if a checkpoint write was already running */ -static bool log_checkpoint() noexcept +log file. Use log_make_checkpoint() to flush also the pool. */ +static void log_checkpoint() noexcept { - if (recv_recovery_is_on()) - recv_sys.apply(true); + ut_ad(!recv_recovery_is_on()); #if defined HAVE_valgrind && !__has_feature(memory_sanitizer) /* The built-in scheduler in Valgrind may neglect some threads for a @@ -2068,109 +2035,73 @@ fil_flush_file_spaces(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const lsn_t end_lsn= log_sys.get_lsn(); mysql_mutex_lock(&buf_pool.flush_list_mutex); const lsn_t oldest_lsn= buf_pool.get_oldest_modification(end_lsn); mysql_mutex_unlock(&buf_pool.flush_list_mutex); - return log_checkpoint_low(oldest_lsn, end_lsn); -} - -/** Make a checkpoint. */ -ATTRIBUTE_COLD void log_make_checkpoint() noexcept -{ - buf_flush_wait_flushed(log_get_lsn()); - while (!log_checkpoint()); + log_checkpoint_low(oldest_lsn, end_lsn); } /** Wait for all dirty pages up to an LSN to be written out. -NOTE: The calling thread is not allowed to hold any buffer page latches! */ -static void buf_flush_wait(lsn_t lsn) noexcept +NOTE: The calling thread is not allowed to hold any buffer page latches! +@param lsn the checkpoint to wait for +@param checkpoint whether an empty checkpoint needs to be written */ +ATTRIBUTE_COLD void buf_flush_wait(lsn_t lsn, bool checkpoint) noexcept { + mysql_mutex_assert_owner(&buf_pool.flush_list_mutex); + ut_ad(log_sys.latch_have_wr()); + lsn_t oldest_lsn; + if (!checkpoint); + else if (lsn == log_sys.get_lsn() && + lsn == log_sys.last_checkpoint_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted()); + else if (buf_flush_sync_lsn < lsn) + goto set_target; + else + goto wake; while ((oldest_lsn= buf_pool.get_oldest_modification(lsn)) < lsn) { if (buf_flush_sync_lsn < lsn) { + set_target: buf_flush_sync_lsn= lsn; + wake: + log_sys.latch.wr_unlock(); + ut_ad(buf_page_cleaner_is_active); buf_pool.page_cleaner_set_idle(false); pthread_cond_signal(&buf_pool.do_flush_list); + MONITOR_INC(MONITOR_FLUSH_SYNC_WAITS); my_cond_wait(&buf_pool.done_flush_list, &buf_pool.flush_list_mutex.m_mutex); - oldest_lsn= buf_pool.get_oldest_modification(lsn); - if (oldest_lsn >= lsn) - break; } + else + log_sys.latch.wr_unlock(); mysql_mutex_unlock(&buf_pool.flush_list_mutex); os_aio_wait_until_no_pending_writes(false); - mysql_mutex_lock(&buf_pool.flush_list_mutex); - } - if (oldest_lsn >= buf_flush_sync_lsn) - { - buf_flush_sync_lsn= 0; - pthread_cond_broadcast(&buf_pool.done_flush_list); - } -} - -/** Wait until all persistent pages are flushed up to a limit. -@param sync_lsn buf_pool.get_oldest_modification(LSN_MAX) to wait for */ -ATTRIBUTE_COLD void buf_flush_wait_flushed(lsn_t sync_lsn) noexcept -{ - ut_ad(sync_lsn); - ut_ad(sync_lsn < LSN_MAX); - ut_ad(!srv_read_only_mode); - - if (recv_recovery_is_on()) - recv_sys.apply(true); - - mysql_mutex_lock(&buf_pool.flush_list_mutex); - - if (buf_pool.get_oldest_modification(sync_lsn) < sync_lsn) - { - MONITOR_INC(MONITOR_FLUSH_SYNC_WAITS); + log_sys.latch.wr_lock(); + mysql_mutex_lock(&buf_pool.flush_list_mutex); -#if 1 /* FIXME: remove this, and guarantee that the page cleaner serves us */ - if (UNIV_UNLIKELY(!buf_page_cleaner_is_active)) + if (checkpoint) { - do + lsn= log_sys.get_lsn(); + if (lsn != log_sys.last_checkpoint_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted()) { - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - ulint n_pages= buf_flush_list(srv_max_io_capacity, sync_lsn); - if (n_pages) - { - MONITOR_INC_VALUE_CUMULATIVE(MONITOR_FLUSH_SYNC_TOTAL_PAGE, - MONITOR_FLUSH_SYNC_COUNT, - MONITOR_FLUSH_SYNC_PAGES, n_pages); - } - os_aio_wait_until_no_pending_writes(false); - mysql_mutex_lock(&buf_pool.flush_list_mutex); + buf_flush_sync_lsn= lsn; + log_sys.set_check_for_checkpoint(true); + goto wake; } - while (buf_pool.get_oldest_modification(sync_lsn) < sync_lsn); - } - else -#endif - { - thd_wait_begin(nullptr, THD_WAIT_DISKIO); - tpool::tpool_wait_begin(); - buf_flush_wait(sync_lsn); - tpool::tpool_wait_end(); - thd_wait_end(nullptr); } } - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - - if (UNIV_UNLIKELY(log_sys.last_checkpoint_lsn < sync_lsn)) + if (oldest_lsn >= buf_flush_sync_lsn) { - /* If the buffer pool was clean, no log write was guaranteed - to happen until now. There could be an outstanding FILE_CHECKPOINT - record from a previous fil_names_clear() call, which we must - write out before we can advance the checkpoint. */ - log_write_up_to(sync_lsn, true); - DBUG_EXECUTE_IF("ib_log_checkpoint_avoid_hard", return;); - log_checkpoint(); + buf_flush_sync_lsn= 0; + pthread_cond_broadcast(&buf_pool.done_flush_list); } } @@ -2181,9 +2112,6 @@ { ut_ad(!srv_read_only_mode); - if (recv_recovery_is_on()) - recv_sys.apply(true); - DBUG_EXECUTE_IF("ib_log_checkpoint_avoid_hard", return;); Atomic_relaxed &limit= furious @@ -2199,7 +2127,7 @@ { /* Request any concurrent threads to wait for this batch to complete, in log_free_check(). */ - log_sys.set_check_for_checkpoint(); + log_sys.set_check_for_checkpoint(true); /* Immediately wake up buf_flush_page_cleaner(), even when it is in the middle of a 1-second my_cond_timedwait(). */ wake: @@ -2220,7 +2148,7 @@ /** Conduct checkpoint-related flushing for innodb_flush_sync=ON, and try to initiate checkpoints until the target is met. -@param lsn minimum value of buf_pool.get_oldest_modification(LSN_MAX) */ +@param lsn target checkpoint */ ATTRIBUTE_COLD ATTRIBUTE_NOINLINE static void buf_flush_sync_for_checkpoint(lsn_t lsn) noexcept { @@ -2258,6 +2186,12 @@ mysql_mutex_unlock(&buf_pool.flush_list_mutex); } + if (srv_shutdown_state > SRV_SHUTDOWN_INITIATED) + { + service_manager_extend_timeout(INNODB_EXTEND_TIMEOUT_INTERVAL, + "Waiting to flush the buffer pool"); + } + if (ulint n_flushed= buf_flush_list(srv_max_io_capacity, lsn)) { MONITOR_INC_VALUE_CUMULATIVE(MONITOR_FLUSH_SYNC_TOTAL_PAGE, @@ -2268,35 +2202,38 @@ os_aio_wait_until_no_pending_writes(false); fil_flush_file_spaces(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const lsn_t newest_lsn= log_sys.get_lsn(); mysql_mutex_lock(&buf_pool.flush_list_mutex); lsn_t measure= buf_pool.get_oldest_modification(0); const lsn_t checkpoint_lsn= measure ? measure : newest_lsn; if (!recv_recovery_is_on() && - checkpoint_lsn > log_sys.last_checkpoint_lsn + SIZE_OF_FILE_CHECKPOINT) + checkpoint_lsn > log_sys.last_checkpoint_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted()) { mysql_mutex_unlock(&buf_pool.flush_list_mutex); log_checkpoint_low(checkpoint_lsn, newest_lsn); + log_sys.latch.wr_lock(); mysql_mutex_lock(&buf_pool.flush_list_mutex); - measure= buf_pool.get_oldest_modification(LSN_MAX); + measure= buf_pool.get_oldest_modification(0); } + + if (measure); + else if (srv_shutdown_state < SRV_SHUTDOWN_CLEANUP || + log_sys.get_lsn() == log_sys.last_checkpoint_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted()) + measure= LSN_MAX; else - { - log_sys.latch.wr_unlock(); - if (!measure) - measure= LSN_MAX; - } + buf_flush_sync_lsn= newest_lsn; /* After attempting log checkpoint, check if we have reached our target. */ - const lsn_t target= buf_flush_sync_lsn; - - if (measure >= target) + if (measure >= buf_flush_sync_lsn) buf_flush_sync_lsn= 0; else if (measure >= buf_flush_async_lsn) buf_flush_async_lsn= 0; + log_sys.latch.wr_unlock(); /* wake up buf_flush_wait() */ pthread_cond_broadcast(&buf_pool.done_flush_list); mysql_mutex_unlock(&buf_pool.flush_list_mutex); @@ -2562,7 +2499,7 @@ mysql_mutex_lock(&buf_pool.flush_list_mutex); if (!buf_pool.need_LRU_eviction()) { - if (srv_shutdown_state > SRV_SHUTDOWN_INITIATED) + if (UNIV_UNLIKELY(srv_shutdown_state >= SRV_SHUTDOWN_LAST_PHASE)) break; if (buf_pool.page_cleaner_idle() && @@ -2586,29 +2523,43 @@ if (!oldest_lsn) { fully_unemployed: - buf_flush_sync_lsn= 0; + if (srv_shutdown_state < SRV_SHUTDOWN_CLEANUP) + buf_flush_sync_lsn= 0; set_idle: buf_pool.page_cleaner_set_idle(true); set_almost_idle: pthread_cond_broadcast(&buf_pool.done_flush_LRU); pthread_cond_broadcast(&buf_pool.done_flush_list); - if (UNIV_UNLIKELY(srv_shutdown_state > SRV_SHUTDOWN_INITIATED)) - break; mysql_mutex_unlock(&buf_pool.flush_list_mutex); buf_dblwr.flush_buffered_writes(); do { - IF_DBUG(if (_db_keyword_(nullptr, "ib_log_checkpoint_avoid", 1) || - _db_keyword_(nullptr, "ib_log_checkpoint_avoid_hard", 1)) + if (recv_recovery_is_on()) + continue; +#ifdef WITH_WSREP + extern Atomic_relaxed wsrep_sst_disable_writes; + if (UNIV_UNLIKELY(wsrep_sst_disable_writes)) + continue; /* See sst_disable_innodb_writes() */ +#endif + IF_DBUG(if (log_sys.last_checkpoint_lsn && + srv_shutdown_state < SRV_SHUTDOWN_CLEANUP && + (_db_keyword_(nullptr, "ib_log_checkpoint_avoid", 1) || + _db_keyword_(nullptr, "ib_log_checkpoint_avoid_hard", 1))) continue,); - if (!recv_recovery_is_on() && - !srv_startup_is_before_trx_rollback_phase && - srv_operation <= SRV_OPERATION_EXPORT_RESTORED) + if (log_sys.check_for_checkpoint() || + (!srv_startup_is_before_trx_rollback_phase && + srv_operation <= SRV_OPERATION_EXPORT_RESTORED)) log_checkpoint(); } while (false); + if (UNIV_UNLIKELY(srv_shutdown_state >= SRV_SHUTDOWN_LAST_PHASE)) + { + mysql_mutex_lock(&buf_pool.flush_list_mutex); + break; + } + if (!buf_pool.need_LRU_eviction()) continue; mysql_mutex_lock(&buf_pool.flush_list_mutex); @@ -2623,7 +2574,8 @@ goto do_furious_flush; if (oldest_lsn >= lsn_limit) { - buf_flush_sync_lsn= 0; + if (srv_shutdown_state < SRV_SHUTDOWN_CLEANUP) + buf_flush_sync_lsn= 0; pthread_cond_broadcast(&buf_pool.done_flush_list); } else if (lsn_limit > soft_lsn_limit) @@ -2644,6 +2596,9 @@ buf_pool.n_flush_inc(); mysql_mutex_unlock(&buf_pool.flush_list_mutex); n= srv_max_io_capacity; + /* We must urgently perform some LRU eviction. Page writes are + only triggered by this thread, whether it is for checkpoint or + LRU eviction. First, wait for any pending writes to complete. */ os_aio_wait_until_no_pending_writes(false); mysql_mutex_lock(&buf_pool.mutex); LRU_flush: @@ -2661,7 +2616,7 @@ buf_pool.page_cleaner_set_idle(false); goto set_almost_idle; } - else if (UNIV_UNLIKELY(srv_shutdown_state > SRV_SHUTDOWN_INITIATED)) + else if (UNIV_UNLIKELY(srv_shutdown_state >= SRV_SHUTDOWN_LAST_PHASE)) break; const ulint dirty_blocks= UT_LIST_GET_LEN(buf_pool.flush_list); @@ -2749,8 +2704,12 @@ goto check_oldest_and_set_idle; else { - mysql_mutex_lock(&buf_pool.mutex); + /* Page writes are only triggered by this thread, whether it is + for checkpoint or LRU eviction flushing. Wait for any pending + writes of an earlier batch to complete before starting an LRU + scan to improve the chances that some blocks are clean. */ os_aio_wait_until_no_pending_writes(false); + mysql_mutex_lock(&buf_pool.mutex); } n= srv_max_io_capacity; @@ -2762,18 +2721,7 @@ goto LRU_flush; } - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - - if (srv_fast_shutdown != 2) - { - buf_dblwr.flush_buffered_writes(); - mysql_mutex_lock(&buf_pool.flush_list_mutex); - buf_flush_wait_LRU_batch_end(); - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - os_aio_wait_until_no_pending_writes(false); - } - - mysql_mutex_lock(&buf_pool.flush_list_mutex); + ut_ad(!buf_pool.n_flush()); lsn_limit= buf_flush_sync_lsn; if (UNIV_UNLIKELY(lsn_limit != 0)) { @@ -2781,6 +2729,9 @@ mysql_mutex_unlock(&buf_pool.flush_list_mutex); goto furious_flush; } + ut_ad(log_sys.get_lsn_approx() == log_sys.last_checkpoint_lsn + + SIZE_OF_FILE_CHECKPOINT + 8 * log_sys.is_encrypted() || + srv_fast_shutdown == 2 || srv_read_only_mode || !srv_was_started); buf_page_cleaner_is_active= false; pthread_cond_broadcast(&buf_pool.done_flush_list); mysql_mutex_unlock(&buf_pool.flush_list_mutex); @@ -2818,76 +2769,26 @@ std::thread(buf_flush_page_cleaner).detach(); } -/** Flush the buffer pool on shutdown. */ -ATTRIBUTE_COLD void buf_flush_buffer_pool() noexcept -{ - ut_ad(!buf_page_cleaner_is_active); - ut_ad(!buf_flush_sync_lsn); - - service_manager_extend_timeout(INNODB_EXTEND_TIMEOUT_INTERVAL, - "Waiting to flush the buffer pool"); - os_aio_wait_until_no_pending_reads(false); - - mysql_mutex_lock(&buf_pool.flush_list_mutex); - - while (buf_pool.get_oldest_modification(0)) - { - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - buf_flush_list(srv_max_io_capacity); - os_aio_wait_until_no_pending_writes(false); - mysql_mutex_lock(&buf_pool.flush_list_mutex); - service_manager_extend_timeout(INNODB_EXTEND_TIMEOUT_INTERVAL, - "Waiting to flush " ULINTPF " pages", - UT_LIST_GET_LEN(buf_pool.flush_list)); - } - - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - ut_ad(!os_aio_pending_reads()); -} - -/** Synchronously flush dirty blocks during recv_sys_t::apply(). -NOTE: The calling thread is not allowed to hold any buffer page latches! */ -void buf_flush_sync_batch(lsn_t lsn) noexcept +/** Make a checkpoint. */ +ATTRIBUTE_COLD void log_make_checkpoint() noexcept { - lsn= std::max(lsn, log_get_lsn()); - mysql_mutex_lock(&buf_pool.flush_list_mutex); - buf_flush_wait(lsn); - mysql_mutex_unlock(&buf_pool.flush_list_mutex); + buf_flush_sync_batch(0, true); } -/** Synchronously flush dirty blocks. -NOTE: The calling thread is not allowed to hold any buffer page latches! */ -void buf_flush_sync() noexcept +/** Wait for the persistent data to be written out. +NOTE: The calling thread is not allowed to hold any buffer page latches! +@param lsn minimum checkpoint to wait for +@param checkpoint whether an empty checkpoint needs to be written */ +ATTRIBUTE_COLD void buf_flush_sync_batch(lsn_t lsn, bool checkpoint) noexcept { - if (recv_recovery_is_on()) - { - mysql_mutex_lock(&recv_sys.mutex); - recv_sys.apply(true); - mysql_mutex_unlock(&recv_sys.mutex); - } - thd_wait_begin(nullptr, THD_WAIT_DISKIO); tpool::tpool_wait_begin(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); - - for (lsn_t lsn= log_sys.get_lsn();;) - { - log_sys.latch.wr_unlock(); - mysql_mutex_lock(&buf_pool.flush_list_mutex); - buf_flush_wait(lsn); - /* Wait for the page cleaner to be idle (for log resizing at startup) */ - while (buf_flush_sync_lsn) - my_cond_wait(&buf_pool.done_flush_list, - &buf_pool.flush_list_mutex.m_mutex); - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - log_sys.latch.wr_lock(SRW_LOCK_CALL); - lsn_t new_lsn= log_sys.get_lsn(); - if (lsn == new_lsn) - break; - lsn= new_lsn; - } - + log_sys.latch.wr_lock(); + lsn= std::max(lsn, log_sys.get_lsn()); + mysql_mutex_lock(&buf_pool.flush_list_mutex); + buf_flush_wait(lsn, checkpoint); log_sys.latch.wr_unlock(); + mysql_mutex_unlock(&buf_pool.flush_list_mutex); tpool::tpool_wait_end(); thd_wait_end(nullptr); } diff -Nru mariadb-11.8.6/storage/innobase/dict/dict0crea.cc mariadb-11.8.8/storage/innobase/dict/dict0crea.cc --- mariadb-11.8.6/storage/innobase/dict/dict0crea.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/dict/dict0crea.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1456,6 +1456,28 @@ } } + DBUG_EXECUTE_IF("create_sys_tablespaces", + { + error= que_eval_sql( + nullptr, "PROCEDURE CREATE_DUMMY_1() IS\n" + "BEGIN\n" + "CREATE TABLE\n" + "SYS_TABLESPACES(DUMMY_ID BIGINT, POS INT);\n" + "CREATE UNIQUE CLUSTERED INDEX DUMMY_IND" + " ON SYS_TABLESPACES(DUMMY_ID, POS);\n" + "CREATE TABLE\n" + "SYS_METADATA(DUMMY_ID_1 BIGINT, POS INT);\n" + "CREATE UNIQUE CLUSTERED INDEX DUMMY_IND_1" + " ON SYS_METADATA(DUMMY_ID_1, POS);\n" + "DELETE FROM SYS_TABLES WHERE NAME= 'SYS_METADATA';" + "END;\n", trx); + if (error) + { + tablename = "DUMMY"; + goto err_exit; + } + }); + trx->commit(); row_mysql_unlock_data_dictionary(trx); trx->clear_and_free(); diff -Nru mariadb-11.8.6/storage/innobase/dict/dict0dict.cc mariadb-11.8.8/storage/innobase/dict/dict0dict.cc --- mariadb-11.8.6/storage/innobase/dict/dict0dict.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/dict/dict0dict.cc 2026-05-24 09:58:32.000000000 +0000 @@ -561,13 +561,13 @@ dict_sys.unfreeze(); *db_name_len= filename_to_tablename(db_buf, db_name, - MAX_DATABASE_NAME_LEN + 1, true); + NAME_LEN + 1, true); if (is_temp) return false; *tbl_name_len= filename_to_tablename(tbl_buf, tbl_name, - MAX_TABLE_NAME_LEN + 1, true); + NAME_LEN + 1, true); return true; } @@ -1715,13 +1715,15 @@ char table_name[MAX_TABLE_NAME_LEN + 1]; uint errors = 0; + size_t id_alloc_len= + strlen(table->name.m_name) + + strlen(old_id) + 1; if (strlen(table->name.m_name) > strlen(old_name)) { foreign->id = static_cast( mem_heap_alloc( foreign->heap, - strlen(table->name.m_name) - + strlen(old_id) + 1)); + id_alloc_len)); } /* Convert the table name to UTF-8 */ @@ -1750,10 +1752,15 @@ strcat(foreign->id, old_id + strlen(old_name)); } else { - sprintf(strchr(foreign->id, '/') + 1, - "%s%s", - strchr(table_name, '/') +1, - strstr(old_id, "_ibfk_") ); + char *slash= strchr(foreign->id, '/'); + size_t remaining= + id_alloc_len + - (size_t) (slash + 1 + - foreign->id); + snprintf(slash + 1, remaining, + "%s%s", + strchr(table_name, '/') + 1, + strstr(old_id, "_ibfk_")); } } else { diff -Nru mariadb-11.8.6/storage/innobase/dict/dict0stats_bg.cc mariadb-11.8.8/storage/innobase/dict/dict0stats_bg.cc --- mariadb-11.8.6/storage/innobase/dict/dict0stats_bg.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/dict/dict0stats_bg.cc 2026-05-24 09:58:32.000000000 +0000 @@ -70,6 +70,7 @@ static THD *dict_stats_thd; +void reset_thd(MYSQL_THD thd); /*****************************************************************//** Free the resources occupied by the recalc pool, called once during thread de-initialization. */ @@ -377,7 +378,7 @@ while (dict_stats_process_entry_from_recalc_pool(dict_stats_thd)) {} - innobase_reset_background_thd(dict_stats_thd); + reset_thd(dict_stats_thd); set_current_thd(nullptr); if (!is_recalc_pool_empty()) dict_stats_schedule(MIN_RECALC_INTERVAL * 1000); diff -Nru mariadb-11.8.6/storage/innobase/dict/drop.cc mariadb-11.8.8/storage/innobase/dict/drop.cc --- mariadb-11.8.6/storage/innobase/dict/drop.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/dict/drop.cc 2026-05-24 09:58:32.000000000 +0000 @@ -139,6 +139,35 @@ return err; } +dberr_t dict_drop_table_metadata(table_id_t table_id, trx_t *trx) noexcept +{ + pars_info_t *info= pars_info_create(); + pars_info_add_ull_literal(info, "id", table_id); + return que_eval_sql(info, + "PROCEDURE DROP_TABLE() IS\n" + "iid CHAR;\n" + + "DECLARE CURSOR idx IS\n" + "SELECT ID FROM SYS_INDEXES\n" + "WHERE TABLE_ID=:id FOR UPDATE;\n" + + "BEGIN\n" + + "DELETE FROM SYS_TABLES WHERE ID=:id;\n" + "DELETE FROM SYS_COLUMNS WHERE TABLE_ID=:id;\n" + + "OPEN idx;\n" + "WHILE 1 = 1 LOOP\n" + " FETCH idx INTO iid;\n" + " IF (SQL % NOTFOUND) THEN EXIT; END IF;\n" + " DELETE FROM SYS_INDEXES WHERE CURRENT OF idx;\n" + " DELETE FROM SYS_FIELDS WHERE INDEX_ID=iid;\n" + "END LOOP;\n" + "CLOSE idx;\n" + + "END;\n", trx); +} + /** Try to drop a persistent table. @param table persistent table @param fk whether to drop FOREIGN KEY metadata @@ -201,31 +230,7 @@ mod_tables.emplace(const_cast(&table), undo_no). first->second.set_dropped(); - pars_info_t *info= pars_info_create(); - pars_info_add_ull_literal(info, "id", table.id); - return que_eval_sql(info, - "PROCEDURE DROP_TABLE() IS\n" - "iid CHAR;\n" - - "DECLARE CURSOR idx IS\n" - "SELECT ID FROM SYS_INDEXES\n" - "WHERE TABLE_ID=:id FOR UPDATE;\n" - - "BEGIN\n" - - "DELETE FROM SYS_TABLES WHERE ID=:id;\n" - "DELETE FROM SYS_COLUMNS WHERE TABLE_ID=:id;\n" - - "OPEN idx;\n" - "WHILE 1 = 1 LOOP\n" - " FETCH idx INTO iid;\n" - " IF (SQL % NOTFOUND) THEN EXIT; END IF;\n" - " DELETE FROM SYS_INDEXES WHERE CURRENT OF idx;\n" - " DELETE FROM SYS_FIELDS WHERE INDEX_ID=iid;\n" - "END LOOP;\n" - "CLOSE idx;\n" - - "END;\n", this); + return dict_drop_table_metadata(table.id, this); } /** Commit the transaction, possibly after drop_table(). diff -Nru mariadb-11.8.6/storage/innobase/fil/fil0fil.cc mariadb-11.8.8/storage/innobase/fil/fil0fil.cc --- mariadb-11.8.6/storage/innobase/fil/fil0fil.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fil/fil0fil.cc 2026-05-24 09:58:32.000000000 +0000 @@ -301,7 +301,6 @@ node->size = size; - node->init_size = size; node->max_size = max_pages; node->space = this; @@ -934,7 +933,7 @@ } if (!recv_recovery_is_on()) { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); if (space->max_lsn) { ut_d(space->max_lsn = 0); @@ -1725,7 +1724,7 @@ fil_system.named_spaces. Before we set the STOPPING_WRITES flag, another concurrent operation could have marked the tablespace dirty again. This clean-up corresponds to fil_space_free(). */ - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); ut_ad((space->pending() & ~NEEDS_FSYNC) == (STOPPING | CLOSING)); if (space->max_lsn != 0) { @@ -3169,7 +3168,7 @@ auto next = std::next(it); ut_ad(it->max_lsn > 0); - if (it->max_lsn < lsn) { + if (it->max_lsn <= lsn) { /* The tablespace was last dirtied before the checkpoint LSN. Remove it from the list, so that if the tablespace is not going to be diff -Nru mariadb-11.8.6/storage/innobase/fsp/fsp0fsp.cc mariadb-11.8.8/storage/innobase/fsp/fsp0fsp.cc --- mariadb-11.8.6/storage/innobase/fsp/fsp0fsp.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fsp/fsp0fsp.cc 2026-05-24 09:58:32.000000000 +0000 @@ -45,6 +45,8 @@ #include #include #include "trx0undo.h" +#include +#include "lock0lock.h" /** Returns the first extent descriptor for a segment. We think of the extent lists of the segment catenated in the order @@ -4610,13 +4612,6 @@ @return error code */ dberr_t alloc_from_fseg_prepare() noexcept { - uint32_t n_used= xdes_get_n_used(m_new_descr); - if (n_used < 1 || n_used >= m_extent_size) - return DB_CORRUPTION; - - if (n_used < m_extent_size) - return DB_SUCCESS; - byte *lst= m_iblock->page.frame + uint16_t(m_ioffset + FSEG_NOT_FULL); if (!mach_read_from_4(lst + FLST_LEN)) return DB_CORRUPTION; @@ -4683,13 +4678,6 @@ @return error code */ dberr_t alloc_from_free_frag_prepare() noexcept { - uint32_t n_used= xdes_get_n_used(m_new_descr); - if (n_used < 1 || n_used >= m_extent_size) - return DB_CORRUPTION; - - if (n_used < m_extent_size) - return DB_SUCCESS; - byte *lst= m_header_block->page.frame + FSP_HEADER_OFFSET + FSP_FREE_FRAG; if (!mach_read_from_4(lst + FLST_LEN)) return DB_CORRUPTION; @@ -5085,14 +5073,15 @@ if (n_used == 0 || n_used >= m_extent_size) return DB_CORRUPTION; - /* Allocate the page from file segment */ - if (m_seg_id != FIL_NULL && m_new_state == XDES_FSEG && - mach_read_from_8(m_new_descr + XDES_ID) == m_seg_id) + if (n_used != m_extent_size - 1); + /* After allocating the page from extent, it doesn't get + full. There will be no change in other pages */ + else if (m_new_state == XDES_FSEG && m_seg_id != FIL_NULL && + mach_read_from_8(m_new_descr + XDES_ID) == m_seg_id) err= alloc_from_fseg_prepare(); - /* Allocate the page from free frag */ else if (m_new_state == XDES_FREE_FRAG || m_new_state == XDES_FULL_FRAG) err= alloc_from_free_frag_prepare(); - else return DB_CORRUPTION; + else err= DB_CORRUPTION; if (err) return err; goto new_page; @@ -5376,10 +5365,30 @@ sql_print_information("InnoDB: System tablespace defragmentation " "process starts"); - sql_print_information("InnoDB: Moving the data from extents %" - PRIu32 " through %" PRIu32, - m_extent_map.begin()->first, - m_extent_map.rbegin()->first); + + if (m_extent_map.size() == 1) + { + auto it= m_extent_map.begin(); + sql_print_information("InnoDB: Moving the data from extent " + "%" PRIu32 " to extent %" PRIu32, it->first, + it->second); + } + else + { + sql_print_information("InnoDB: Moving the data from extents " + "%" PRIu32 " through %" PRIu32, + m_extent_map.begin()->first, + m_extent_map.rbegin()->first); + + uint32_t min_dest= UINT32_MAX, max_dest= 0; + for (const auto &entry : m_extent_map) + { + min_dest= std::min(min_dest, entry.second); + max_dest= std::max(max_dest, entry.second); + } + sql_print_information("InnoDB: Destination extent range: " + "%" PRIu32 " through %" PRIu32, min_dest, max_dest); + } return DB_SUCCESS; } @@ -5626,6 +5635,12 @@ block->page.frame + FIL_PAGE_TYPE, srv_page_size - FIL_PAGE_TYPE - 8); + if (level) + { + err= get_child_pages(new_block); + if (err) goto err_exit; + } + /* Assign the new block page number in left, right and parent block */ related_pages.complete(new_page_no, parent_offset); @@ -5635,11 +5650,6 @@ /* Add the new page in inode fragment array */ operation.assign_frag_slot(); - if (level) - { - err= get_child_pages(new_block); - if (err) return err; - } goto fetch_next_page; } @@ -5690,50 +5700,76 @@ return err; } -/** check whether any user table exist in system tablespace -@retval DB_SUCCESS_LOCKED_REC if user table exist -@retval DB_SUCCESS if no user table exist -@retval DB_CORRUPTION if any error encountered */ -static dberr_t user_tables_exists() noexcept +/** Callback function for scanning system tablespace tables */ +using sysCallback= std::function)>; + +/** Scan system tablespace metadata tables and invoke callback +@param table system table to scan (sys_tables or sys_indexes) +@param callback function to call for each non-system entry found +@return DB_SUCCESS, DB_CORRUPTION, or error code */ +static dberr_t scan_system_tablespace_metadata(dict_table_t *table, + sysCallback callback) noexcept { mtr_t mtr{nullptr}; btr_pcur_t pcur; dberr_t err= DB_SUCCESS; + const bool scan_indexes= (table == dict_sys.sys_indexes); + mtr.start(); - for (const rec_t *rec= dict_startscan_system(&pcur, &mtr, - dict_sys.sys_tables); + + for (const rec_t *rec= dict_startscan_system(&pcur, &mtr, table); rec; rec= dict_getnext_system(&pcur, &mtr)) { const byte *field= nullptr; + ulint field_no= 0; ulint len= 0; + table_id_t table_id= 0; + if (rec_get_deleted_flag(rec, 0)) { corrupt: - sql_print_error("InnoDB: Encountered corrupted record in SYS_TABLES"); + sql_print_error("InnoDB: Encountered corrupted record in %s", + scan_indexes ? "SYS_INDEXES" : "SYS_TABLES"); err= DB_CORRUPTION; goto func_exit; } - field= rec_get_nth_field_old(rec, DICT_FLD__SYS_TABLES__SPACE, &len); + + field_no= scan_indexes ? ulint(DICT_FLD__SYS_INDEXES__SPACE) + : ulint(DICT_FLD__SYS_TABLES__SPACE); + + field= rec_get_nth_field_old(rec, field_no, &len); if (len != 4) goto corrupt; if (mach_read_from_4(field) != 0) continue; - field= rec_get_nth_field_old(rec, DICT_FLD__SYS_TABLES__ID, &len); + + field_no= scan_indexes ? ulint(DICT_FLD__SYS_INDEXES__TABLE_ID) + : ulint(DICT_FLD__SYS_TABLES__ID); + + field= rec_get_nth_field_old(rec, field_no, &len); if (len != 8) goto corrupt; - if (!dict_sys.is_sys_table(mach_read_from_8(field))) + + table_id= mach_read_from_8(field); + if (dict_sys.is_sys_table(table_id)) + continue; + + if (scan_indexes) + err= callback(table_id, {}); + else + { + /* For tables, get the name */ + field= rec_get_nth_field_old(rec, DICT_FLD__SYS_TABLES__NAME, &len); + if (len == UNIV_SQL_NULL || len == 0) + goto corrupt; + + err= callback(table_id, {reinterpret_cast(field), len}); + } + + if (err) { - const byte *name_field = rec_get_nth_field_old( - rec, DICT_FLD__SYS_TABLES__NAME, &len); - if (len != UNIV_SQL_NULL && len > 0) - { - sql_print_information( - "InnoDB: Found unexpected table in system tablespace: %.*s", - (int)len, (const char *)name_field); - } - err= DB_SUCCESS_LOCKED_REC; btr_pcur_close(&pcur); - goto func_exit; + break; } } func_exit: @@ -5741,10 +5777,100 @@ return err; } +/** Identify the legacy tables in the system tablespace +and delete the table id from innodb system tables. A table is +considered a legacy/unknown table if the table name does +not contain '/' (indicating it's not a proper database/table name). +Also delete the orphaned indexes from SYS_INDEXES in system +tablespace. +@retval DB_SUCCESS_LOCKED_REC if legacy table exists +@return error code or DB_SUCCESS */ +static dberr_t drop_all_orphaned_tables() +{ + /* SELECT table_id,to_drop FROM SYS_TABLES WHERE SPACE=0 AND ... */ + std::unordered_map system_tables; + + /* Step 1: Scan SYS_TABLES for legacy tables */ + dberr_t err= scan_system_tablespace_metadata(dict_sys.sys_tables, + [&](table_id_t table_id, st_::span name) -> dberr_t + { + const bool to_drop{!memchr(name.data(), '/', name.size())}; + if (to_drop) + sql_print_information("InnoDB: Found an unknown table %.*s", + int(name.size()), name.data()); + system_tables.emplace(table_id, to_drop); + return DB_SUCCESS; + }); + + if (err != DB_SUCCESS) + return err; + + /* Step 2: Scan SYS_INDEXES for orphaned indexes not in orphaned_tbl */ + err= scan_system_tablespace_metadata(dict_sys.sys_indexes, + [&](table_id_t table_id, st_::span) -> dberr_t + { + if (!system_tables.emplace(table_id, true).second) + sql_print_information("InnoDB: Found orphaned index for table_id " + UINT64PF, table_id); + return DB_SUCCESS; + }); + + if (err != DB_SUCCESS) + return err; + + size_t count{0}; + for (const auto &td : system_tables) + count+= td.second; + if (!count) + return DB_SUCCESS; + + sql_print_information("InnoDB: Dropping %zu orphaned table(s)", count); + + trx_t *trx= trx_create(); + trx_start_for_ddl(trx); + err= lock_sys_tables(trx); + if (err) + goto err_exit; + + dict_sys.lock(SRW_LOCK_CALL); + + for (auto &td : system_tables) + if (td.second && + (err= dict_drop_table_metadata(td.first, trx)) != DB_SUCCESS) + break; + + dict_sys.unlock(); + + if (err == DB_SUCCESS) + { + trx->commit(); + err= DB_SUCCESS_LOCKED_REC; + } + else + { +err_exit: + trx->rollback(); + } + + trx->clear_and_free(); + return err; +} + dberr_t fil_space_t::defragment() noexcept { ut_ad(this == fil_system.sys_space); - dberr_t err= user_tables_exists(); + dberr_t err= DB_SUCCESS; + + /* Check whether any user table exists in system tablespace */ + err= scan_system_tablespace_metadata(dict_sys.sys_tables, + [](table_id_t, st_::span name) -> dberr_t + { + sql_print_information( + "InnoDB: Found unexpected table in system tablespace: %.*s", + int(name.size()), name.data()); + return DB_SUCCESS_LOCKED_REC; + }); + if (err == DB_SUCCESS_LOCKED_REC) { sql_print_information( @@ -5781,7 +5907,20 @@ if (!shutdown) { - err= space->defragment(); + err= drop_all_orphaned_tables(); + if (err == DB_SUCCESS_LOCKED_REC) + { + /* Skip defragmentation when orphaned tables are delete-marked. + Both defragment() and purge would attempt to drop legacy tables, + causing double-free of segments. Proceed to shrinking only. */ + sql_print_information("InnoDB: Defragmentation before " + "autoshrink was skipped due to orphaned " + "table removal."); + err= DB_SUCCESS; + } + else if (err == DB_SUCCESS) + err= space->defragment(); + if (err) { srv_sys_space.set_shrink_fail(); diff -Nru mariadb-11.8.6/storage/innobase/fsp/fsp0sysspace.cc mariadb-11.8.8/storage/innobase/fsp/fsp0sysspace.cc --- mariadb-11.8.6/storage/innobase/fsp/fsp0sysspace.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fsp/fsp0sysspace.cc 2026-05-24 09:58:32.000000000 +0000 @@ -626,16 +626,14 @@ return err; } - if (srv_force_recovery != 6 + if (!log_sys.file_size && log_sys.format == log_t::FORMAT_3_23 && srv_operation == SRV_OPERATION_NORMAL - && !log_sys.next_checkpoint_lsn - && log_sys.format == log_t::FORMAT_3_23) { - - log_sys.latch.wr_lock(SRW_LOCK_CALL); - /* Prepare for possible upgrade from 0-sized ib_logfile0. */ - log_sys.next_checkpoint_lsn = mach_read_from_8( + && srv_force_recovery < SRV_FORCE_NO_LOG_REDO) { + log_sys.latch.wr_lock(); + /* Upgrade from 0-sized ib_logfile0. */ + log_sys.last_checkpoint_lsn = mach_read_from_8( first_page + 26/*FIL_PAGE_FILE_FLUSH_LSN*/); - if (log_sys.next_checkpoint_lsn < 8204) { + if (log_sys.last_checkpoint_lsn < 8204) { /* Before MDEV-14425, InnoDB had a minimum LSN of 8192+12=8204. Likewise, mariadb-backup --prepare would create an empty ib_logfile0 @@ -645,10 +643,9 @@ "empty, and LSN is unknown."); err = DB_CORRUPTION; } else { - log_sys.last_checkpoint_lsn = - recv_sys.lsn = recv_sys.file_checkpoint = - log_sys.next_checkpoint_lsn; - log_sys.set_recovered_lsn(log_sys.next_checkpoint_lsn); + recv_sys.lsn = recv_sys.file_checkpoint = + log_sys.last_checkpoint_lsn; + log_sys.set_recovered_lsn(recv_sys.lsn); log_sys.next_checkpoint_no = 0; } diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0blex.cc mariadb-11.8.8/storage/innobase/fts/fts0blex.cc --- mariadb-11.8.6/storage/innobase/fts/fts0blex.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0blex.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,7 +1,5 @@ #include "univ.i" -#line 2 "fts0blex.cc" -#line 4 "fts0blex.cc" #define YY_INT_ALIGNED short int @@ -639,7 +637,6 @@ #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET -#line 1 "fts0blex.l" /***************************************************************************** Copyright (c) 2007, 2014, Oracle and/or its affiliates. All Rights Reserved. @@ -663,7 +660,6 @@ * * Created 2007/5/9 Sunny Bains */ -#line 27 "fts0blex.l" #include "fts0ast.h" #include "fts0pars.h" @@ -672,9 +668,7 @@ #define YY_DECL int fts_blexer(YYSTYPE* val, yyscan_t yyscanner) #define exit(A) ut_error -#line 675 "fts0blex.cc" #define YY_NO_INPUT 1 -#line 677 "fts0blex.cc" #define INITIAL 0 @@ -932,10 +926,8 @@ } { -#line 44 "fts0blex.l" -#line 938 "fts0blex.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -990,12 +982,10 @@ case 1: YY_RULE_SETUP -#line 46 "fts0blex.l" /* Ignore whitespace */ ; YY_BREAK case 2: YY_RULE_SETUP -#line 48 "fts0blex.l" { val->oper = fts0bget_text(yyscanner)[0]; @@ -1004,7 +994,6 @@ YY_BREAK case 3: YY_RULE_SETUP -#line 54 "fts0blex.l" { val->token = fts_ast_string_create(reinterpret_cast(fts0bget_text(yyscanner)), fts0bget_leng(yyscanner)); @@ -1013,7 +1002,6 @@ YY_BREAK case 4: YY_RULE_SETUP -#line 60 "fts0blex.l" { val->token = fts_ast_string_create(reinterpret_cast(fts0bget_text(yyscanner)), fts0bget_leng(yyscanner)); @@ -1022,7 +1010,6 @@ YY_BREAK case 5: YY_RULE_SETUP -#line 66 "fts0blex.l" { val->token = fts_ast_string_create(reinterpret_cast(fts0bget_text(yyscanner)), fts0bget_leng(yyscanner)); @@ -1032,15 +1019,12 @@ case 6: /* rule 6 can match eol */ YY_RULE_SETUP -#line 72 "fts0blex.l" YY_BREAK case 7: YY_RULE_SETUP -#line 74 "fts0blex.l" ECHO; YY_BREAK -#line 1043 "fts0blex.cc" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -2172,6 +2156,5 @@ #define YYTABLES_NAME "yytables" -#line 74 "fts0blex.l" diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0config.cc mariadb-11.8.8/storage/innobase/fts/fts0config.cc --- mariadb-11.8.6/storage/innobase/fts/fts0config.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0config.cc 2026-05-24 09:58:32.000000000 +0000 @@ -144,7 +144,8 @@ ::strcpy(name, param); name[len] = '_'; - fts_write_object_id(index->id, name + len + 1); + fts_write_object_id(index->id, name + len + 1, + FTS_AUX_MIN_TABLE_ID_LENGTH + 1); return(name); } diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0opt.cc mariadb-11.8.8/storage/innobase/fts/fts0opt.cc --- mariadb-11.8.6/storage/innobase/fts/fts0opt.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0opt.cc 2026-05-24 09:58:32.000000000 +0000 @@ -37,13 +37,6 @@ #include "zlib.h" #include "fts0opt.h" #include "fts0vlc.h" -#include "wsrep.h" - -#ifdef WITH_WSREP -extern Atomic_relaxed wsrep_sst_disable_writes; -#else -constexpr bool wsrep_sst_disable_writes= false; -#endif /** The FTS optimize thread's work queue. */ ib_wqueue_t* fts_optimize_wq; @@ -52,7 +45,7 @@ static tpool::timer* timer; static tpool::task_group task_group(1); -static tpool::task task(fts_optimize_callback,0, &task_group); +static tpool::waitable_task task(fts_optimize_callback,0, &task_group); /** FTS optimize thread, for MDL acquisition */ static THD *fts_opt_thd; @@ -230,7 +223,7 @@ char fts_enable_diag_print; /** ZLib compressed block size.*/ -static ulint FTS_ZIP_BLOCK_SIZE = 1024; +static constexpr ulint FTS_ZIP_BLOCK_SIZE = 1024; /** The amount of time optimizing in a single pass, in seconds. */ static ulint fts_optimize_time_limit; @@ -2831,6 +2824,10 @@ static ulint n_tables = ib_vector_size(fts_slots); while (!done && srv_shutdown_state <= SRV_SHUTDOWN_INITIATED) { +#ifdef WITH_WSREP + ut_d(extern Atomic_relaxed wsrep_sst_disable_writes); + ut_ad(!wsrep_sst_disable_writes); +#endif /* If there is no message in the queue and we have tables to optimize then optimize the tables. */ @@ -2841,17 +2838,6 @@ /* The queue is empty but we have tables to optimize. */ - if (UNIV_UNLIKELY(wsrep_sst_disable_writes)) { -retry_later: - if (fts_is_sync_needed()) { - fts_need_sync = true; - } - if (n_tables) { - timer->set_time(5000, 0); - } - return; - } - fts_slot_t* slot = static_cast( ib_vector_get(fts_slots, current)); @@ -2872,7 +2858,13 @@ (ib_wqueue_nowait(fts_optimize_wq)); /* Timeout ? */ if (!msg) { - goto retry_later; + if (fts_is_sync_needed()) { + fts_need_sync = true; + } + if (n_tables) { + timer->set_time(5000, 0); + } + return; } switch (msg->type) { @@ -2898,11 +2890,6 @@ break; case FTS_MSG_SYNC_TABLE: - if (UNIV_UNLIKELY(wsrep_sst_disable_writes)) { - add_msg(msg); - goto retry_later; - } - DBUG_EXECUTE_IF( "fts_instrument_msg_sync_sleep", std::this_thread::sleep_for( @@ -2945,11 +2932,8 @@ ib::info() << "FTS optimize thread exiting."; } -/**********************************************************************//** -Startup the optimize thread and create the work queue. */ -void -fts_optimize_init(void) -/*===================*/ +/** Startup the optimize task and create the work queue. */ +void fts_optimize_init() { mem_heap_t* heap; ib_alloc_t* heap_alloc; @@ -2993,9 +2977,8 @@ last_check_sync_time = time(NULL); } -/** Shutdown fts optimize thread. */ -void -fts_optimize_shutdown() +/** Shut down the fts optimize thread. */ +void fts_optimize_shutdown() { ut_ad(!srv_read_only_mode); @@ -3004,7 +2987,7 @@ dict_sys.freeze(SRW_LOCK_CALL); mysql_mutex_lock(&fts_optimize_wq->mutex); /* Tells FTS optimizer system that we are exiting from - optimizer thread, message send their after will not be + optimizer thread, messages sent thereafter will not be processed */ fts_opt_start_shutdown = true; dict_sys.unfreeze(); @@ -3034,6 +3017,26 @@ timer = NULL; } +#ifdef WITH_WSREP +/** Pause the optimize subsystem. */ +void fts_optimize_pause() +{ + ut_ad(!srv_read_only_mode); + /* Prevent fts_optimize_callback() from being scheduled. */ + timer->disarm(); + /* Wait for any current fts_optimize_callback() to finish. */ + task.wait(); +} + +/** Resume after fts_optimize_stop() */ +void fts_optimize_resume() +{ + /* Schedule fts_optimize_callback() immediately. + It will reschedule itself via the timer when needed. */ + srv_thread_pool->submit_task(&task); +} +#endif + /** Sync the table during commit phase @param[in] table table to be synced */ void fts_sync_during_ddl(dict_table_t* table) diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0pars.cc mariadb-11.8.8/storage/innobase/fts/fts0pars.cc --- mariadb-11.8.6/storage/innobase/fts/fts0pars.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0pars.cc 2026-05-24 09:58:32.000000000 +0000 @@ -74,7 +74,6 @@ /* Copy the first part of user declarations. */ /* Line 268 of yacc.c */ -#line 26 "fts0pars.y" #include "ha_prototypes.h" #include "mem0mem.h" @@ -114,7 +113,6 @@ /* Line 268 of yacc.c */ -#line 115 "fts0pars.cc" /* Enabling traces. */ #ifndef YYDEBUG @@ -155,7 +153,6 @@ { /* Line 293 of yacc.c */ -#line 61 "fts0pars.y" int oper; fts_ast_string_t* token; @@ -164,7 +161,6 @@ /* Line 293 of yacc.c */ -#line 165 "fts0pars.cc" } YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ @@ -176,7 +172,6 @@ /* Line 343 of yacc.c */ -#line 177 "fts0pars.cc" #ifdef short # undef short @@ -1434,7 +1429,6 @@ case 2: /* Line 1806 of yacc.c */ -#line 79 "fts0pars.y" { (yyval.node) = (yyvsp[(1) - (1)].node); ((fts_ast_state_t*) state)->root = (yyval.node); @@ -1444,7 +1438,6 @@ case 3: /* Line 1806 of yacc.c */ -#line 85 "fts0pars.y" { (yyval.node) = NULL; } @@ -1453,7 +1446,6 @@ case 4: /* Line 1806 of yacc.c */ -#line 89 "fts0pars.y" { (yyval.node) = (yyvsp[(1) - (2)].node); @@ -1468,7 +1460,6 @@ case 5: /* Line 1806 of yacc.c */ -#line 99 "fts0pars.y" { (yyval.node) = (yyvsp[(1) - (2)].node); (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (2)].node)); @@ -1484,7 +1475,6 @@ case 6: /* Line 1806 of yacc.c */ -#line 111 "fts0pars.y" { (yyval.node) = (yyvsp[(2) - (3)].node); @@ -1497,7 +1487,6 @@ case 7: /* Line 1806 of yacc.c */ -#line 119 "fts0pars.y" { (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (4)].node)); @@ -1511,7 +1500,6 @@ case 8: /* Line 1806 of yacc.c */ -#line 129 "fts0pars.y" { (yyval.node) = (yyvsp[(1) - (1)].node); } @@ -1520,7 +1508,6 @@ case 9: /* Line 1806 of yacc.c */ -#line 133 "fts0pars.y" { (yyval.node) = (yyvsp[(1) - (1)].node); } @@ -1529,7 +1516,6 @@ case 10: /* Line 1806 of yacc.c */ -#line 137 "fts0pars.y" { fts_ast_term_set_wildcard((yyvsp[(1) - (2)].node)); } @@ -1538,7 +1524,6 @@ case 11: /* Line 1806 of yacc.c */ -#line 141 "fts0pars.y" { fts_ast_text_set_distance((yyvsp[(1) - (3)].node), fts_ast_string_to_ul((yyvsp[(3) - (3)].token), 10)); fts_ast_string_free((yyvsp[(3) - (3)].token)); @@ -1548,7 +1533,6 @@ case 12: /* Line 1806 of yacc.c */ -#line 146 "fts0pars.y" { (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (3)].node)); fts_ast_add_node((yyval.node), (yyvsp[(2) - (3)].node)); @@ -1559,7 +1543,6 @@ case 13: /* Line 1806 of yacc.c */ -#line 152 "fts0pars.y" { (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (2)].node)); fts_ast_add_node((yyval.node), (yyvsp[(2) - (2)].node)); @@ -1569,7 +1552,6 @@ case 14: /* Line 1806 of yacc.c */ -#line 157 "fts0pars.y" { (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (4)].node)); fts_ast_add_node((yyval.node), (yyvsp[(2) - (4)].node)); @@ -1581,7 +1563,6 @@ case 15: /* Line 1806 of yacc.c */ -#line 164 "fts0pars.y" { (yyval.node) = fts_ast_create_node_list(state, (yyvsp[(1) - (2)].node)); fts_ast_add_node((yyval.node), (yyvsp[(2) - (2)].node)); @@ -1591,7 +1572,6 @@ case 16: /* Line 1806 of yacc.c */ -#line 170 "fts0pars.y" { (yyval.node) = fts_ast_create_node_oper(state, FTS_IGNORE); } @@ -1600,7 +1580,6 @@ case 17: /* Line 1806 of yacc.c */ -#line 174 "fts0pars.y" { (yyval.node) = fts_ast_create_node_oper(state, FTS_EXIST); } @@ -1609,7 +1588,6 @@ case 18: /* Line 1806 of yacc.c */ -#line 178 "fts0pars.y" { (yyval.node) = fts_ast_create_node_oper(state, FTS_NEGATE); } @@ -1618,7 +1596,6 @@ case 19: /* Line 1806 of yacc.c */ -#line 182 "fts0pars.y" { (yyval.node) = fts_ast_create_node_oper(state, FTS_DECR_RATING); } @@ -1627,7 +1604,6 @@ case 20: /* Line 1806 of yacc.c */ -#line 186 "fts0pars.y" { (yyval.node) = fts_ast_create_node_oper(state, FTS_INCR_RATING); } @@ -1636,7 +1612,6 @@ case 21: /* Line 1806 of yacc.c */ -#line 191 "fts0pars.y" { (yyval.node) = fts_ast_create_node_term(state, (yyvsp[(1) - (1)].token)); fts_ast_string_free((yyvsp[(1) - (1)].token)); @@ -1646,7 +1621,6 @@ case 22: /* Line 1806 of yacc.c */ -#line 196 "fts0pars.y" { (yyval.node) = fts_ast_create_node_term(state, (yyvsp[(1) - (1)].token)); fts_ast_string_free((yyvsp[(1) - (1)].token)); @@ -1656,7 +1630,6 @@ case 23: /* Line 1806 of yacc.c */ -#line 202 "fts0pars.y" { (yyval.node) = (yyvsp[(2) - (2)].node); } @@ -1665,7 +1638,6 @@ case 24: /* Line 1806 of yacc.c */ -#line 207 "fts0pars.y" { (yyval.node) = fts_ast_create_node_text(state, (yyvsp[(1) - (1)].token)); fts_ast_string_free((yyvsp[(1) - (1)].token)); @@ -1675,7 +1647,6 @@ /* Line 1806 of yacc.c */ -#line 1663 "fts0pars.cc" default: break; } /* User semantic actions sometimes alter yychar, and that requires @@ -1916,7 +1887,6 @@ /* Line 2067 of yacc.c */ -#line 212 "fts0pars.y" /******************************************************************** diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0sql.cc mariadb-11.8.8/storage/innobase/fts/fts0sql.cc --- mariadb-11.8.6/storage/innobase/fts/fts0sql.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0sql.cc 2026-05-24 09:58:32.000000000 +0000 @@ -60,18 +60,21 @@ switch (fts_table->type) { case FTS_COMMON_TABLE: - len = fts_write_object_id(fts_table->table_id, table_id); + len = fts_write_object_id(fts_table->table_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH); break; case FTS_INDEX_TABLE: - len = fts_write_object_id(fts_table->table_id, table_id); + len = fts_write_object_id(fts_table->table_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH); table_id[len] = '_'; ++len; table_id += len; - len += fts_write_object_id(fts_table->index_id, table_id); + len += fts_write_object_id(fts_table->index_id, table_id, + FTS_AUX_MIN_TABLE_ID_LENGTH - len); break; default: diff -Nru mariadb-11.8.6/storage/innobase/fts/fts0tlex.cc mariadb-11.8.8/storage/innobase/fts/fts0tlex.cc --- mariadb-11.8.6/storage/innobase/fts/fts0tlex.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/fts/fts0tlex.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,7 +1,5 @@ #include "univ.i" -#line 2 "fts0tlex.cc" -#line 4 "fts0tlex.cc" #define YY_INT_ALIGNED short int @@ -635,7 +633,6 @@ #define yymore() yymore_used_but_not_detected #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET -#line 1 "fts0tlex.l" /***************************************************************************** Copyright (c) 2007, 2014, Oracle and/or its affiliates. All Rights Reserved. @@ -659,7 +656,6 @@ * * Created 2007/5/9 Sunny Bains */ -#line 27 "fts0tlex.l" #include "fts0ast.h" #include "fts0pars.h" @@ -668,9 +664,7 @@ #define YY_DECL int fts_tlexer(YYSTYPE* val, yyscan_t yyscanner) #define exit(A) ut_error -#line 671 "fts0tlex.cc" #define YY_NO_INPUT 1 -#line 673 "fts0tlex.cc" #define INITIAL 0 @@ -928,10 +922,8 @@ } { -#line 45 "fts0tlex.l" -#line 934 "fts0tlex.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -986,12 +978,10 @@ case 1: YY_RULE_SETUP -#line 47 "fts0tlex.l" /* Ignore whitespace */ ; YY_BREAK case 2: YY_RULE_SETUP -#line 49 "fts0tlex.l" { val->oper = fts0tget_text(yyscanner)[0]; @@ -1000,7 +990,6 @@ YY_BREAK case 3: YY_RULE_SETUP -#line 55 "fts0tlex.l" { val->token = fts_ast_string_create(reinterpret_cast(fts0tget_text(yyscanner)), fts0tget_leng(yyscanner)); @@ -1009,7 +998,6 @@ YY_BREAK case 4: YY_RULE_SETUP -#line 61 "fts0tlex.l" { val->token = fts_ast_string_create(reinterpret_cast(fts0tget_text(yyscanner)), fts0tget_leng(yyscanner)); @@ -1018,21 +1006,17 @@ YY_BREAK case 5: YY_RULE_SETUP -#line 66 "fts0tlex.l" ; YY_BREAK case 6: /* rule 6 can match eol */ YY_RULE_SETUP -#line 67 "fts0tlex.l" YY_BREAK case 7: YY_RULE_SETUP -#line 69 "fts0tlex.l" ECHO; YY_BREAK -#line 1035 "fts0tlex.cc" case YY_STATE_EOF(INITIAL): yyterminate(); @@ -1535,7 +1519,10 @@ */ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) , yyscanner ); if ( ! b->yy_ch_buf ) + { + yyfree(b, yyscanner); YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + } b->yy_is_our_buffer = 1; @@ -2164,6 +2151,5 @@ #define YYTABLES_NAME "yytables" -#line 69 "fts0tlex.l" diff -Nru mariadb-11.8.6/storage/innobase/handler/ha_innodb.cc mariadb-11.8.8/storage/innobase/handler/ha_innodb.cc --- mariadb-11.8.6/storage/innobase/handler/ha_innodb.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/handler/ha_innodb.cc 2026-05-24 09:58:32.000000000 +0000 @@ -109,6 +109,7 @@ #include "fil0pagecompress.h" #include "ut0mem.h" #include "row0ext.h" +#include "trx0undo.h" #include "lz4.h" #include "lzo/lzo1x.h" @@ -134,10 +135,11 @@ const char *table, size_t table_len); MYSQL_THD create_background_thd(); void reset_thd(MYSQL_THD thd); -TABLE *get_purge_table(THD *thd); TABLE *open_purge_table(THD *thd, const char *db, size_t dblen, - const char *tb, size_t tblen); -void close_thread_tables(THD* thd); + const char *tb, size_t tblen, + MDL_ticket *mdl_ticket) noexcept; +int close_thread_tables(THD* thd) noexcept; +MDL_ticket *get_mdl_ticket(TABLE *table) noexcept; #ifdef MYSQL_DYNAMIC_PLUGIN #define tc_size 400 @@ -242,7 +244,7 @@ if (thd_kill_level(thd)) break; /* Adjust for purge_coordinator_state::refresh() */ - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const lsn_t last= log_sys.last_checkpoint_lsn, max_age= log_sys.max_checkpoint_age; const lsn_t lsn= log_sys.get_lsn(); @@ -575,7 +577,6 @@ mysql_pfs_key_t trx_purge_latch_key; mysql_pfs_key_t trx_rseg_latch_key; mysql_pfs_key_t lock_latch_key; -mysql_pfs_key_t log_latch_key; /* all_innodb_rwlocks array contains rwlocks that are performance schema instrumented if "UNIV_PFS_RWLOCK" @@ -591,7 +592,6 @@ { &trx_purge_latch_key, "trx_purge_latch", 0 }, { &trx_rseg_latch_key, "trx_rseg_latch", 0 }, { &lock_latch_key, "lock_latch", 0 }, - { &log_latch_key, "log_latch", 0 }, { &index_tree_rw_lock_key, "index_tree_rw_lock", PSI_RWLOCK_FLAG_SX } }; # endif /* UNIV_PFS_RWLOCK */ @@ -1531,7 +1531,7 @@ log_write_up_to(mtr.commit_lsn(), true); } - trx->free(); + trx->clear_and_free(); my_free(namebuf); } @@ -1695,25 +1695,6 @@ return thd; } - -/** Close opened tables, free memory, delete items for a MYSQL_THD. -@param[in] thd MYSQL_THD to reset */ -void -innobase_reset_background_thd(MYSQL_THD thd) -{ - if (!thd) { - thd = current_thd; - } - - ut_ad(thd); - ut_ad(THDVAR(thd, background_thread)); - - /* background purge thread */ - const char *proc_info= thd_proc_info(thd, "reset"); - reset_thd(thd); - thd_proc_info(thd, proc_info); -} - /******************************************************************//** Returns the NUL terminated value of glob_hostname. @return pointer to glob_hostname. */ @@ -1795,9 +1776,10 @@ fil_crypt_set_thread_cnt(0); srv_n_fil_crypt_threads= old_count; - wsrep_sst_disable_writes= true; dict_stats_shutdown(); + fts_optimize_pause(); purge_sys.stop(); + /* We are holding a global MDL thanks to FLUSH TABLES WITH READ LOCK. That will prevent any writes from arriving into InnoDB, but it will @@ -1809,10 +1791,12 @@ possible during the snapshot, and to guarantee that no crash recovery will be necessary when starting up on the snapshot. */ log_make_checkpoint(); + wsrep_sst_disable_writes= true; /* If any FILE_MODIFY records were written by the checkpoint, an extra write of a FILE_CHECKPOINT record could still be invoked by - buf_flush_page_cleaner(). Let us prevent that by invoking another - checkpoint (which will write the FILE_CHECKPOINT record). */ + buf_flush_page_cleaner(). Let us ensure that the page cleaner + is idle and will observe our above assignment (not write anything + further to the log). */ log_make_checkpoint(); ut_d(recv_no_log_write= true); /* If this were not a no-op, an assertion would fail due to @@ -1827,6 +1811,8 @@ dict_stats_start(); purge_sys.resume(); wsrep_sst_disable_writes= false; + /* Allow fts_optimize_callback() to assert that the flag is clear. */ + fts_optimize_resume(); const uint old_count= srv_n_fil_crypt_threads; srv_n_fil_crypt_threads= 0; fil_crypt_set_thread_cnt(old_count); @@ -3620,7 +3606,8 @@ m_prebuilt->used_in_HANDLER = TRUE; reset_template(); - m_prebuilt->trx->bulk_insert &= TRX_DDL_BULK; + + m_prebuilt->trx->clear_dml_bulk(); } /*********************************************************************//** @@ -3680,14 +3667,16 @@ static MYSQL_SYSVAR_SIZE_T(buffer_pool_size_max, buf_pool.size_in_bytes_max, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, "Maximum innodb_buffer_pool_size", - nullptr, nullptr, 0, 0, + nullptr, nullptr, + buf_pool.size_in_bytes_max_default, + buf_pool.size_in_bytes_max_minimum, size_t(-ssize_t(innodb_buffer_pool_extent_size)), innodb_buffer_pool_extent_size); static MYSQL_SYSVAR_UINT(log_write_ahead_size, log_sys.write_size, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_READONLY, "Redo log write size to avoid read-on-write; must be a power of two", - nullptr, nullptr, 512, 512, 4096, 1); + nullptr, nullptr, 512, 512, log_sys.WRITE_SIZE_MAX, 1); #ifdef BTR_CUR_HASH_ADAPT @@ -3804,11 +3793,24 @@ min= ut_calc_align (buf_pool.blocks_in_bytes(BUF_LRU_MIN_LEN + BUF_LRU_MIN_LEN / 4), 1U << 20); - size_t innodb_buffer_pool_size= buf_pool.size_in_bytes_requested; - /* With large pages, buffer pool can't grow or shrink. */ - if (!buf_pool.size_in_bytes_max || my_use_large_pages || - innodb_buffer_pool_size > buf_pool.size_in_bytes_max) +#ifdef RLIMIT_AS + if (buf_pool.size_in_bytes_max_default != 0 && + buf_pool.size_in_bytes_max == buf_pool.size_in_bytes_max_default) + { + struct rlimit rlimit_as; + if (!getrlimit(RLIMIT_AS, &rlimit_as) && + rlimit_as.rlim_cur != RLIM_INFINITY && + rlimit_as.rlim_cur / 4 < buf_pool.size_in_bytes_max) + buf_pool.size_in_bytes_max= size_t(rlimit_as.rlim_cur / 4) & + ~innodb_buffer_pool_extent_size; + } +#endif + + const size_t innodb_buffer_pool_size= buf_pool.size_in_bytes_requested; + + if (innodb_buffer_pool_size > buf_pool.size_in_bytes_max || + my_use_large_pages /* large_pages=ON fixes innodb_buffer_pool_size */) buf_pool.size_in_bytes_max= ut_calc_align(innodb_buffer_pool_size, innodb_buffer_pool_extent_size); @@ -4518,7 +4520,7 @@ undo_no_t savept= 0; trx->rollback(&savept); /* MariaDB will roll back the entire transaction. */ - trx->bulk_insert&= TRX_DDL_BULK; + trx->clear_dml_bulk(); trx->last_stmt_start= 0; return true; } @@ -4765,7 +4767,7 @@ If we have already flushed all relevant redo log, we notify immediately.*/ static void innodb_log_flush_request(void *cookie) noexcept { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); lsn_t flush_lsn= log_sys.get_flushed_lsn(); /* Load lsn relaxed after flush_lsn was loaded from the same cache line */ const lsn_t lsn= log_sys.get_lsn(); @@ -5111,28 +5113,28 @@ Needs to be done for indexes that are being added with inplace ALTER in a different thread, because from the server point of view these columns are not yet indexed. +Also needed if the primary key is being updated. +For update statement: Mark all indexed virtual column +@param mark_for_update whether to mark indexed virtual columns + for UPDATE operations */ -void ha_innobase::column_bitmaps_signal() +void ha_innobase::column_bitmaps_signal(bool mark_for_update) { if (!table->vfield || table->current_lock != F_WRLCK) return; - dict_index_t* clust_index= dict_table_get_first_index(m_prebuilt->table); - if (!clust_index->online_log) - return; - - uint num_v= 0; - for (uint j = 0; j < table->s->virtual_fields; j++) + if (UNIV_UNLIKELY(dict_index_is_online_ddl( + dict_table_get_first_index(m_prebuilt->table)))) + row_log_mark_virtual_cols(m_prebuilt->table, table); + else if (mark_for_update) { - if (table->vfield[j]->stored_in_db()) - continue; - - dict_col_t *col= &m_prebuilt->table->v_cols[num_v].m_col; - if (col->ord_part || - (dict_index_is_online_ddl(clust_index) && - row_log_col_is_indexed(clust_index, num_v))) - table->mark_virtual_column_with_deps(table->vfield[j]); - num_v++; + for (uint j = 0, num_v= 0; j < table->s->virtual_fields; j++) + { + Field *vf= table->vfield[j]; + if (!vf->stored_in_db() && + m_prebuilt->table->v_cols[num_v++].m_col.ord_part) + table->mark_virtual_column_with_deps(vf); + } } } @@ -6042,9 +6044,7 @@ /* Index block size in InnoDB: used by MySQL in query optimization */ stats.block_size = static_cast(srv_page_size); - const my_bool for_vc_purge = THDVAR(thd, background_thread); - - if (for_vc_purge || !m_prebuilt->table + if (!m_prebuilt->table || m_prebuilt->table->is_temporary() || m_prebuilt->table->persistent_autoinc || !m_prebuilt->table->is_readable()) { @@ -6071,7 +6071,7 @@ ut_ad(!m_prebuilt->table || table->versioned() == m_prebuilt->table->versioned()); - if (!for_vc_purge) { + if (!THDVAR(thd, background_thread)) { info(HA_STATUS_NO_LOCK | HA_STATUS_VARIABLE | HA_STATUS_CONST | HA_STATUS_OPEN); } @@ -8451,7 +8451,7 @@ { char db_buf[NAME_LEN + 1]; char tbl_buf[NAME_LEN + 1]; - ulint db_buf_len, tbl_buf_len; + size_t db_buf_len, tbl_buf_len; if (!table.parse_name(db_buf, tbl_buf, &db_buf_len, &tbl_buf_len)) { @@ -15211,7 +15211,7 @@ ulint n_rows_in_table = ULINT_UNDEFINED; bool is_ok = true; dberr_t ret; - uint handler_flags= check_opt->handler_flags; + uint handler_flags= check_opt->handler_flags; DBUG_ENTER("ha_innobase::check"); DBUG_ASSERT(thd == ha_thd()); @@ -15220,7 +15220,7 @@ ut_a(m_prebuilt->trx == thd_to_trx(thd)); ut_ad(m_prebuilt->trx->mysql_thd == thd); - if (handler_flags || check_for_upgrade(check_opt)) { + if (handler_flags) { /* The file was already checked and fixed as part of open */ print_check_msg(thd, table->s->db.str, table->s->table_name.str, "check", "note", @@ -15229,9 +15229,10 @@ ? "Auto_increment will be" " checked on each open until" " CHECK TABLE FOR UPGRADE is executed" + " when the server is not in a read-only state" : "Auto_increment checked and" " .frm file version updated", 1); - if (handler_flags && (check_opt->sql_flags & TT_FOR_UPGRADE)) { + if (check_opt->sql_flags & TT_FOR_UPGRADE) { /* No other issues found (as handler_flags was only set if there as not other problems with the table @@ -15447,7 +15448,7 @@ } /** -Check if we there is a problem with the InnoDB table. +Check if there is a problem with the InnoDB table. @param check_opt check options @retval HA_ADMIN_OK if Table is ok @retval HA_ADMIN_NEEDS_ALTER User should run ALTER TABLE FOR UPGRADE @@ -15468,6 +15469,7 @@ if (m_prebuilt->table->get_index(*autoinc_col)) { check_opt->handler_flags= 1; + // Prevent ha_check() from updating frm version if InnoDB (but not the server) is in a read-only state return (high_level_read_only && !opt_readonly) ? HA_ADMIN_FAILED : HA_ADMIN_NEEDS_CHECK; } @@ -15529,7 +15531,7 @@ FOREIGN_KEY_INFO* pf_key_info; uint i = 0; size_t len; - char tmp_buff[NAME_LEN+1]; + char tmp_buff[MAX_DATABASE_NAME_LEN+1]; char name_buff[NAME_LEN+1]; const char* ptr; LEX_CSTRING* name = NULL; @@ -15771,6 +15773,15 @@ return !empty; } +inline void trx_t::reset_and_truncate_undo() noexcept +{ + ut_ad(undo_no <= 1); + ut_ad(mod_tables.size() <= 1); + mod_tables.clear(); + undo_no= 0; + trx_undo_try_truncate(this); +} + /*******************************************************************//** Tells something additional to the handler about how to do things. @return 0 or error number */ @@ -15800,7 +15811,7 @@ stmt_boundary: trx->bulk_insert_apply(); trx->end_bulk_insert(*m_prebuilt->table); - trx->bulk_insert &= TRX_DDL_BULK; + trx->clear_dml_bulk(); break; case HA_EXTRA_NO_KEYREAD: (void)check_trx_exists(thd); @@ -15844,11 +15855,25 @@ break; } goto stmt_boundary; - case HA_EXTRA_BEGIN_ALTER_COPY: + case HA_EXTRA_BEGIN_ALTER_IGNORE_COPY: + case HA_EXTRA_BEGIN_COPY: trx = check_trx_exists(thd); - m_prebuilt->table->skip_alter_undo = 1; - if (m_prebuilt->table->is_temporary() - || !m_prebuilt->table->versioned_by_id()) { + static_assert(int{HA_EXTRA_BEGIN_ALTER_IGNORE_COPY} == + int{HA_EXTRA_BEGIN_COPY} + 1, ""); + static_assert(int{dict_table_t::NO_UNDO} + 1 == + int{dict_table_t::IGNORE_UNDO}, ""); + if (m_prebuilt->table->is_temporary()) { + m_prebuilt->table->skip_alter_undo = + (HA_EXTRA_BEGIN_ALTER_IGNORE_COPY + - operation + dict_table_t::NORMAL_UNDO) & 1; + break; + } + + m_prebuilt->table->skip_alter_undo = + (operation - HA_EXTRA_BEGIN_COPY + + dict_table_t::NO_UNDO) & 3; + + if (!m_prebuilt->table->versioned_by_id()) { break; } ut_ad(trx == m_prebuilt->trx); @@ -15857,15 +15882,24 @@ const_cast(m_prebuilt->table), 0) .first->second.set_versioned(0); break; - case HA_EXTRA_END_ALTER_COPY: + case HA_EXTRA_END_COPY: + { trx = check_trx_exists(thd); - if (!m_prebuilt->table->skip_alter_undo) { + const unsigned alter_undo = m_prebuilt->table->skip_alter_undo; + if (!alter_undo) { /* This could be invoked inside INSERT...SELECT. We do not want any extra log writes, because they could cause a severe performance regression. */ break; } - m_prebuilt->table->skip_alter_undo = 0; + + if (alter_undo == dict_table_t::IGNORE_UNDO) { + trx->reset_and_truncate_undo(); + } + + m_prebuilt->table->skip_alter_undo = + dict_table_t::NORMAL_UNDO; + if (dberr_t err= trx->bulk_insert_apply()) { trx->rollback(); return convert_error_code_to_mysql( @@ -15874,7 +15908,7 @@ } trx->end_bulk_insert(*m_prebuilt->table); - trx->bulk_insert &= TRX_DML_BULK; + trx->clear_ddl_bulk(); if (!m_prebuilt->table->is_temporary() && !high_level_read_only) { /* During copy_data_between_tables(), InnoDB only @@ -15889,15 +15923,22 @@ because no undo log records were generated. This log write will also be unnecessarily executed during CREATE...SELECT, which is the other caller of - handler::extra(HA_EXTRA_BEGIN_ALTER_COPY). */ + handler::extra(HA_EXTRA_ALTER_COPY). */ log_buffer_flush_to_disk(); } - alter_stats_rebuild(m_prebuilt->table, trx); + alter_stats_rebuild(m_prebuilt->table, trx, true); break; - case HA_EXTRA_ABORT_ALTER_COPY: - if (m_prebuilt->table->skip_alter_undo) { + } + case HA_EXTRA_ABORT_COPY: + /* Abort the ALTER COPY operation. For ALTER IGNORE, + this prevents undo logs from being added to the + purge thread, allowing proper cleanup of the + temporary undo state. */ + if (m_prebuilt->table->skip_alter_undo && + !m_prebuilt->table->is_temporary()) { trx = check_trx_exists(ha_thd()); - m_prebuilt->table->skip_alter_undo = 0; + m_prebuilt->table->skip_alter_undo = + dict_table_t::NORMAL_UNDO; trx->rollback(); return(HA_ERR_ROLLBACK); } @@ -16187,7 +16228,7 @@ if (!trx->bulk_insert) { break; } - trx->bulk_insert &= TRX_DDL_BULK; + trx->clear_dml_bulk(); trx->last_stmt_start = trx->undo_no; } @@ -18401,7 +18442,7 @@ mysql_mutex_unlock(&LOCK_global_system_variables); while (!thd_kill_level(thd)) { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); lsn_t cp= log_sys.last_checkpoint_lsn.load(std::memory_order_relaxed), lsn= log_sys.get_lsn(); log_sys.latch.wr_unlock(); @@ -18432,7 +18473,7 @@ os_aio_wait_until_no_pending_writes(true); } else - buf_flush_sync(); + buf_flush_sync_batch(0, false); mysql_mutex_lock(&LOCK_global_system_variables); } @@ -18659,7 +18700,7 @@ mysql_mutex_unlock(&buf_pool.flush_list_mutex); if (!resizing || !log_sys.resize_running(thd)) break; - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); while (resizing > log_sys.get_lsn()) { ut_ad(!log_sys.is_mmap()); @@ -19268,6 +19309,23 @@ "Dump the buffer pool into a file named @@innodb_buffer_pool_filename", NULL, NULL, TRUE); +#if defined __linux__ || defined __FreeBSD__ +/** Update the system variable innodb_buffer_pool_in_core_dump. +@param save to-be-assigned value */ +static void innodb_buffer_pool_in_core_dump_update(THD *, st_mysql_sys_var *, + void *, const void *save) +{ + mysql_mutex_lock(&buf_pool.mutex); + buf_pool.in_core_dump= *static_cast(save); + buf_pool.core_advise(); + mysql_mutex_unlock(&buf_pool.mutex); +} + +static MYSQL_SYSVAR_BOOL(buffer_pool_in_core_dump, buf_pool.in_core_dump, + PLUGIN_VAR_OPCMDARG, "Include the buffer pool in core dump", + nullptr, innodb_buffer_pool_in_core_dump_update, IF_DBUG(true,false)); +#endif + static MYSQL_SYSVAR_ULONG(buffer_pool_dump_pct, srv_buf_pool_dump_pct, PLUGIN_VAR_RQCMDARG, "Dump only the hottest N% of each buffer pool, defaults to 25", @@ -19886,6 +19944,9 @@ MYSQL_SYSVAR(buffer_pool_filename), MYSQL_SYSVAR(buffer_pool_dump_now), MYSQL_SYSVAR(buffer_pool_dump_at_shutdown), +#if defined __linux__ || defined __FreeBSD__ + MYSQL_SYSVAR(buffer_pool_in_core_dump), +#endif MYSQL_SYSVAR(buffer_pool_dump_pct), #ifdef UNIV_DEBUG MYSQL_SYSVAR(buffer_pool_evict), @@ -20213,37 +20274,28 @@ for purge thread */ static TABLE* innodb_find_table_for_vc(THD* thd, dict_table_t* table) { - TABLE *mysql_table; - const bool bg_thread = THDVAR(thd, background_thread); - - if (bg_thread) { - if ((mysql_table = get_purge_table(thd))) { - return mysql_table; - } - } else { - if (table->vc_templ->mysql_table_query_id - == thd_get_query_id(thd)) { - return table->vc_templ->mysql_table; - } + table->lock_mutex_lock(); + TABLE *maria_table = table->vc_templ->mysql_table; + const uint64_t cached_id = table->vc_templ->mysql_table_query_id; + table->lock_mutex_unlock(); + if (cached_id == thd_get_query_id(thd)) { + return maria_table; } + TABLE *mysql_table; char db_buf[NAME_LEN + 1]; char tbl_buf[NAME_LEN + 1]; - ulint db_buf_len, tbl_buf_len; + size_t db_buf_len, tbl_buf_len; if (!table->parse_name(db_buf, tbl_buf, &db_buf_len, &tbl_buf_len)) { return NULL; } - - if (bg_thread) { - return open_purge_table(thd, db_buf, db_buf_len, - tbl_buf, tbl_buf_len); - } - mysql_table = find_fk_open_table(thd, db_buf, db_buf_len, tbl_buf, tbl_buf_len); + table->lock_mutex_lock(); table->vc_templ->mysql_table = mysql_table; table->vc_templ->mysql_table_query_id = thd_get_query_id(thd); + table->lock_mutex_unlock(); return mysql_table; } @@ -21118,7 +21170,7 @@ } va_start(args, format); - vsprintf(buf, format, args); + vsnprintf(buf, MAX_BUF_SIZE, format, args); va_end(args); mysql_mutex_lock(&dict_foreign_err_mutex); @@ -21289,12 +21341,14 @@ Remove statistics for dropped indexes, add statistics for created indexes and rename statistics for renamed indexes. @param table InnoDB table that was rebuilt by ALTER TABLE -@param trx user transaction */ -void alter_stats_rebuild(dict_table_t *table, trx_t *trx) noexcept +@param trx user transaction +@param copy Caller is from COPY alter algorithm*/ +void alter_stats_rebuild(dict_table_t *table, trx_t *trx, bool copy) noexcept { DBUG_ENTER("alter_stats_rebuild"); - if (!table->space || !table->stats_is_persistent() - || dict_stats_persistent_storage_check(false) != SCHEMA_OK) + if (!table->space || !table->stats_is_persistent() || + (copy && !table->name.is_temporary()) || + dict_stats_persistent_storage_check(false) != SCHEMA_OK) DBUG_VOID_RETURN; dberr_t ret= dict_stats_update_persistent(trx, table); diff -Nru mariadb-11.8.6/storage/innobase/handler/ha_innodb.h mariadb-11.8.8/storage/innobase/handler/ha_innodb.h --- mariadb-11.8.6/storage/innobase/handler/ha_innodb.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/handler/ha_innodb.h 2026-05-24 09:58:32.000000000 +0000 @@ -77,7 +77,7 @@ const key_map* keys_to_use_for_scanning() override; - void column_bitmaps_signal() override; + void column_bitmaps_signal(bool mark_for_update) override; /** Opens dictionary table object using table name. For partition, we need to try alternative lower/upper case names to support moving data files across @@ -920,5 +920,7 @@ Remove statistics for dropped indexes, add statistics for created indexes and rename statistics for renamed indexes. @param table InnoDB table that was rebuilt by ALTER TABLE -@param trx user transaction */ -void alter_stats_rebuild(dict_table_t *table, trx_t *trx) noexcept; +@param trx user transaction +@param copy caller is from COPY algorithm */ +void alter_stats_rebuild(dict_table_t *table, trx_t *trx, + bool copy=false) noexcept; diff -Nru mariadb-11.8.6/storage/innobase/handler/handler0alter.cc mariadb-11.8.8/storage/innobase/handler/handler0alter.cc --- mariadb-11.8.6/storage/innobase/handler/handler0alter.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/handler/handler0alter.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1560,9 +1560,8 @@ *ha_alter_info->create_info->option_struct; const ha_table_option_struct& opt= *table->s->option_struct; - /* Allow an instant change to enable page_compressed, - and any change of page_compression_level. */ - if ((!alt_opt.page_compressed && opt.page_compressed) + /* Allow an instant change of page_compression_level. */ + if ((alt_opt.page_compressed != opt.page_compressed) || alt_opt.encryption != opt.encryption || alt_opt.encryption_key_id != opt.encryption_key_id) { return(true); @@ -2224,6 +2223,8 @@ { DBUG_ENTER("check_if_supported_inplace_alter"); + ha_alter_info->file_per_table= !!srv_file_per_table; + if ((ha_alter_info->handler_flags & INNOBASE_ALTER_VERSIONED_REBUILD) && altered_table->versioned(VERS_TIMESTAMP)) { @@ -2338,7 +2339,8 @@ switch (ha_alter_info->handler_flags & ~INNOBASE_INPLACE_IGNORE) { case ALTER_OPTIONS: - if ((srv_file_per_table && !m_prebuilt->table->space_id) + if ((ha_alter_info->file_per_table && + !m_prebuilt->table->space_id) || alter_options_need_rebuild(ha_alter_info, table)) { reason_rebuild = my_get_err_msg( ER_ALTER_OPERATION_TABLE_OPTIONS_NEED_REBUILD); @@ -6603,7 +6605,7 @@ create_table_info_t info(ctx->prebuilt->trx->mysql_thd, altered_table, ha_alter_info->create_info, - srv_file_per_table); + ha_alter_info->file_per_table); /* The primary index would be rebuilt if a FTS Doc ID column is to be added, and the primary index definition @@ -8032,7 +8034,7 @@ create_table_info_t info(m_user_thd, altered_table, ha_alter_info->create_info, - srv_file_per_table); + ha_alter_info->file_per_table); info.set_tablespace_type(indexed_table->space != fil_system.sys_space); @@ -8631,15 +8633,6 @@ DBUG_RETURN(true); } - if ((ha_alter_info->handler_flags & ALTER_OPTIONS) - && ctx->page_compression_level - && !ctx->old_table->not_redundant()) { - my_error(ER_ILLEGAL_HA_CREATE_OPTION, MYF(0), - table_type(), - "PAGE_COMPRESSED=1 ROW_FORMAT=REDUNDANT"); - DBUG_RETURN(true); - } - if (!(ha_alter_info->handler_flags & INNOBASE_ALTER_DATA) && alter_templ_needs_rebuild(altered_table, ha_alter_info, ctx->new_table) @@ -8798,9 +8791,7 @@ const Alter_inplace_info* ha_alter_info, const dict_table_t* table) { - ulint i = 0; - - for (Field** fp = altered_table->field; *fp; fp++, i++) { + for (Field** fp = altered_table->field; *fp; fp++) { for (const Create_field& cf : ha_alter_info->alter_info->create_list) { for (ulint j=0; j < table->n_cols; j++) { @@ -9666,13 +9657,11 @@ trx_t* trx, const char* table_name) { - uint i = 0; - DBUG_ASSERT(ctx->need_rebuild()); DBUG_ASSERT(ha_alter_info->handler_flags & ALTER_COLUMN_NAME); - for (Field** fp = table->field; *fp; fp++, i++) { + for (Field** fp = table->field; *fp; fp++) { if (!((*fp)->flags & FIELD_IS_RENAMED)) { continue; } @@ -11895,7 +11884,8 @@ (*pctx); DBUG_ASSERT(ctx->need_rebuild()); - alter_stats_rebuild(ctx->new_table, m_prebuilt->trx); + alter_stats_rebuild(ctx->new_table, m_prebuilt->trx, + false); } } else { for (inplace_alter_handler_ctx** pctx = ctx_array; diff -Nru mariadb-11.8.6/storage/innobase/ibuf/ibuf0ibuf.cc mariadb-11.8.8/storage/innobase/ibuf/ibuf0ibuf.cc --- mariadb-11.8.6/storage/innobase/ibuf/ibuf0ibuf.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/ibuf/ibuf0ibuf.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1025,18 +1025,19 @@ dberr_t ibuf_upgrade_needed() { + if (srv_force_recovery == SRV_FORCE_NO_LOG_REDO) + return DB_SUCCESS; + mtr_t mtr{nullptr}; mtr.start(); mtr.x_lock_space(fil_system.sys_space); - dberr_t err; + dberr_t err= DB_SUCCESS; const buf_block_t *header_page= recv_sys.recover(ibuf_header, &mtr, &err); if (!header_page) { err_exit: sql_print_error("InnoDB: The change buffer is corrupted"); - if (srv_force_recovery == SRV_FORCE_NO_LOG_REDO) - err= DB_SUCCESS; func_exit: mtr.commit(); return err; @@ -1067,7 +1068,7 @@ " of the change buffer"); err= DB_READ_ONLY; } - else if (srv_force_recovery != SRV_FORCE_NO_LOG_REDO) + else err= DB_FAIL; goto func_exit; diff -Nru mariadb-11.8.6/storage/innobase/include/buf0buf.h mariadb-11.8.8/storage/innobase/include/buf0buf.h --- mariadb-11.8.6/storage/innobase/include/buf0buf.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/buf0buf.h 2026-05-24 09:58:32.000000000 +0000 @@ -378,10 +378,6 @@ /** Refresh the statistics used to print per-second averages. */ void buf_refresh_io_stats() noexcept; -/** Invalidate all pages in the buffer pool. -All pages must be in a replaceable state (not modified or latched). */ -void buf_pool_invalidate() noexcept; - /*======================================================================== --------------------------- LOWER LEVEL ROUTINES ------------------------- =========================================================================*/ @@ -1115,6 +1111,22 @@ /** The minimum allowed innodb_buffer_pool_size in garbage_collect() */ size_t size_in_bytes_auto_min; #endif +#if SIZEOF_SIZE_T < 8 || defined _AIX || defined HAVE_valgrind + /* In constrained environments, innodb_buffer_pool_size_max + will default to the initial innodb_buffer_pool_size, that is, + by default, it will not be possible to increase innodb_buffer_pool_size. + + In MemorySanitizer and possibly Valgrind memcheck, any virtual memory + allocation would be backed by one or more copies of shadow bits of the + same size that could be allocated and initialized even for dummy + mappings created by mmap(2) with PROT_NONE. We do not want significant + overhead beyond the actual innodb_buffer_pool_size. */ + static constexpr size_t size_in_bytes_max_default{0}, + size_in_bytes_max_minimum{0}; +#else + static constexpr size_t size_in_bytes_max_default{8ULL << 40}, + size_in_bytes_max_minimum{innodb_buffer_pool_extent_size}; +#endif /** The maximum allowed innodb_buffer_pool_size */ size_t size_in_bytes_max; @@ -1144,6 +1156,15 @@ static int madvise_do_dump() noexcept; #endif +#if defined __linux__ || defined __FreeBSD__ + /** Include or exclude the buffer pool from core dump. */ + void core_advise() noexcept + { + mysql_mutex_assert_owner(&mutex); + madvise(memory, size_in_bytes, in_core_dump ? MADV_DODUMP : MADV_DONTDUMP); + } +#endif + /** Hash cell chain in page_hash_table */ struct hash_chain { @@ -1618,6 +1639,13 @@ set while holding mutex, cleared while holding flush_list_mutex */ Atomic_relaxed LRU_warned; +#if defined __linux__ || defined __FreeBSD__ +public: + /** The value of innodb_buffer_pool_in_core_dump */ + my_bool in_core_dump; +private: +#endif + /** withdrawn blocks during resize() */ UT_LIST_BASE_NODE_T(buf_page_t) withdrawn; diff -Nru mariadb-11.8.6/storage/innobase/include/buf0flu.h mariadb-11.8.8/storage/innobase/include/buf0flu.h --- mariadb-11.8.6/storage/innobase/include/buf0flu.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/buf0flu.h 2026-05-24 09:58:32.000000000 +0000 @@ -81,11 +81,10 @@ noexcept MY_ATTRIBUTE((warn_unused_result)); -/** Wait until a LRU flush batch ends. */ -void buf_flush_wait_LRU_batch_end() noexcept; /** Wait until all persistent pages are flushed up to a limit. -@param sync_lsn buf_pool.get_oldest_modification(LSN_MAX) to wait for */ -ATTRIBUTE_COLD void buf_flush_wait_flushed(lsn_t sync_lsn) noexcept; +@param sync_lsn minimum checkpoint +@param checkpoint whether an empty checkpoint needs to be written */ +ATTRIBUTE_COLD void buf_flush_wait(lsn_t sync_lsn, bool checkpoint) noexcept; /** Initiate more eager page flushing if the log checkpoint age is too old. @param lsn buf_pool.get_oldest_modification(LSN_MAX) target @param furious true=furious flushing, false=limit to innodb_io_capacity */ @@ -94,18 +93,13 @@ /** Initialize page_cleaner. */ ATTRIBUTE_COLD void buf_flush_page_cleaner_init() noexcept; -/** Flush the buffer pool on shutdown. */ -ATTRIBUTE_COLD void buf_flush_buffer_pool() noexcept; - #ifdef UNIV_DEBUG /** Validate the flush list. */ void buf_flush_validate() noexcept; #endif /* UNIV_DEBUG */ -/** Synchronously flush dirty blocks during recv_sys_t::apply(). -NOTE: The calling thread is not allowed to hold any buffer page latches! */ -void buf_flush_sync_batch(lsn_t lsn) noexcept; - -/** Synchronously flush dirty blocks. -NOTE: The calling thread is not allowed to hold any buffer page latches! */ -void buf_flush_sync() noexcept; +/** Wait for the persistent data to be written out. +NOTE: The calling thread is not allowed to hold any buffer page latches! +@param lsn minimum checkpoint to wait for +@param checkpoint whether an empty checkpoint needs to be written */ +ATTRIBUTE_COLD void buf_flush_sync_batch(lsn_t lsn, bool checkpoint) noexcept; diff -Nru mariadb-11.8.6/storage/innobase/include/dict0crea.inl mariadb-11.8.8/storage/innobase/include/dict0crea.inl --- mariadb-11.8.6/storage/innobase/include/dict0crea.inl 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/dict0crea.inl 2026-05-24 09:58:32.000000000 +0000 @@ -54,8 +54,9 @@ if (dict_table_t::is_temporary_name(name)) { /* no overflow if number < 1e13 */ - sprintf(id, "%s_ibfk_%lu", name, - (ulong) (*id_nr)++); + snprintf(id, namelen + 20, + "%s_ibfk_%lu", name, + (ulong) (*id_nr)++); } else { char table_name[MAX_TABLE_NAME_LEN + 21]; uint errors = 0; @@ -75,8 +76,9 @@ } /* no overflow if number < 1e13 */ - sprintf(id, "%s_ibfk_%lu", table_name, - (ulong) (*id_nr)++); + snprintf(id, namelen + 20, + "%s_ibfk_%lu", table_name, + (ulong) (*id_nr)++); if (innobase_check_identifier_length( strchr(id,'/') + 1)) { diff -Nru mariadb-11.8.6/storage/innobase/include/dict0dict.h mariadb-11.8.8/storage/innobase/include/dict0dict.h --- mariadb-11.8.6/storage/innobase/include/dict0dict.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/dict0dict.h 2026-05-24 09:58:32.000000000 +0000 @@ -1670,6 +1670,14 @@ dict_table_t *index() const noexcept { return index_stats; } }; +/** Delete the given table id entries from InnoDB system tables +(like SYS_TABLES, SYS_COLUMNS, SYS_FIELDS, SYS_INDEXES) +@param table_id table identifier to be removed +@param trx transaction +@return DB_SUCCESS or error code */ +dberr_t dict_drop_table_metadata(table_id_t table_id, + trx_t *trx) noexcept; + #include "dict0dict.inl" #endif diff -Nru mariadb-11.8.6/storage/innobase/include/dict0mem.h mariadb-11.8.8/storage/innobase/include/dict0mem.h --- mariadb-11.8.6/storage/innobase/include/dict0mem.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/dict0mem.h 2026-05-24 09:58:32.000000000 +0000 @@ -2238,12 +2238,25 @@ Use DICT_TF2_FLAG_IS_SET() to parse this flag. */ unsigned flags2:DICT_TF2_BITS; - /** TRUE if the table is an intermediate table during copy alter - operation or a partition/subpartition which is required for copying - data and skip the undo log for insertion of row in the table. - This variable will be set and unset during extra(), or during the - process of altering partitions */ - unsigned skip_alter_undo:1; + /** Undo log handling modes for ALTER [IGNORE] TABLE...ALGORITHM=COPY */ + static constexpr unsigned NORMAL_UNDO = 0; + /** Never writes row-level undo log records */ + static constexpr unsigned NO_UNDO = 1; + /** For ALTER IGNORE TABLE...ALGORITHM=COPY, this enables rewriting + old insert undo blocks to maintain only the latest insert undo log. */ + static constexpr unsigned IGNORE_UNDO = 2; + + /** Mode for handling undo logs during ALTER TABLE...ALGORITHM=COPY + operations. This will not be consulted in + ha_innobase::inplace_alter_table(); Set during copy alter operations + or partition/subpartition operations. When set, controls undo log + behavior for row operations in the table. This variable is set and + unset during extra(), or during the process of altering partitions + + All reads of bit-fields in the same word must be protected by + at least a shared MDL on the table, and all writes must be + protected by an exclusive MDL. */ + unsigned skip_alter_undo:2; /** whether this is in a single-table tablespace and the .ibd file is believed to be missing or page decryption failed and page is @@ -2540,7 +2553,7 @@ /** @return number of unique columns in FTS_DOC_ID index */ uint16_t fts_n_uniq() const { return versioned() ? 2 : 1; } - /** @return the index for that starts with a specific column */ + /** @return the index that starts with a specific column */ dict_index_t *get_index(const dict_col_t &col) const; /** @return whether the statistics are initialized */ @@ -2593,6 +2606,17 @@ return true; return false; } + + /** @return whether the table has any indexed virtual column */ + bool has_virtual_index() const noexcept + { + if (UNIV_UNLIKELY(n_v_cols != 0)) + for (dict_index_t *index = indexes.start; + index; index = UT_LIST_GET_NEXT(indexes, index)) + if (index->has_virtual()) + return true; + return false; + } }; inline void dict_index_t::set_modified(mtr_t& mtr) const diff -Nru mariadb-11.8.6/storage/innobase/include/fil0fil.h mariadb-11.8.8/storage/innobase/include/fil0fil.h --- mariadb-11.8.6/storage/innobase/include/fil0fil.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fil0fil.h 2026-05-24 09:58:32.000000000 +0000 @@ -1092,9 +1092,6 @@ /** size of the file in database pages (0 if not known yet); the possible last incomplete megabyte may be ignored if space->id == 0 */ uint32_t size; - /** initial size of the file in database pages; - FIL_IBD_FILE_INITIAL_SIZE by default */ - uint32_t init_size; /** maximum size of the file in database pages (0 if unlimited) */ uint32_t max_size; /** whether the file is currently being extended */ diff -Nru mariadb-11.8.6/storage/innobase/include/fts0blex.h mariadb-11.8.8/storage/innobase/include/fts0blex.h --- mariadb-11.8.6/storage/innobase/include/fts0blex.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0blex.h 2026-05-24 09:58:32.000000000 +0000 @@ -2,9 +2,7 @@ #define fts0bHEADER_H 1 #define fts0bIN_HEADER 1 -#line 6 "../include/fts0blex.h" -#line 8 "../include/fts0blex.h" #define YY_INT_ALIGNED short int @@ -694,9 +692,7 @@ #undef yyTABLES_NAME #endif -#line 74 "fts0blex.l" -#line 701 "../include/fts0blex.h" #undef fts0bIN_HEADER #endif /* fts0bHEADER_H */ diff -Nru mariadb-11.8.6/storage/innobase/include/fts0fts.h mariadb-11.8.8/storage/innobase/include/fts0fts.h --- mariadb-11.8.6/storage/innobase/include/fts0fts.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0fts.h 2026-05-24 09:58:32.000000000 +0000 @@ -623,11 +623,8 @@ /*===============*/ dict_table_t* table); /*!< in: table to optimiza */ -/**********************************************************************//** -Startup the optimize thread and create the work queue. */ -void -fts_optimize_init(void); -/*====================*/ +/** Startup the optimize task and create the work queue. */ +void fts_optimize_init(); /****************************************************************//** Drops index ancillary tables for a FTS index @@ -650,8 +647,15 @@ dict_table_t* table); /*!< in: table to remove */ /** Shutdown fts optimize thread. */ -void -fts_optimize_shutdown(); +void fts_optimize_shutdown(); + +#ifdef WITH_WSREP +/** Pause the optimize subsystem. */ +void fts_optimize_pause(); + +/** Resume after fts_optimize_pause() */ +void fts_optimize_resume(); +#endif /** Send sync fts cache for the table. @param[in] table table to sync */ diff -Nru mariadb-11.8.6/storage/innobase/include/fts0pars.h mariadb-11.8.8/storage/innobase/include/fts0pars.h --- mariadb-11.8.6/storage/innobase/include/fts0pars.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0pars.h 2026-05-24 09:58:32.000000000 +0000 @@ -51,7 +51,6 @@ { /* Line 2068 of yacc.c */ -#line 61 "fts0pars.y" int oper; fts_ast_string_t* token; @@ -60,7 +59,6 @@ /* Line 2068 of yacc.c */ -#line 64 "fts0pars.hh" } YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define yystype YYSTYPE /* obsolescent; will be withdrawn */ diff -Nru mariadb-11.8.6/storage/innobase/include/fts0priv.h mariadb-11.8.8/storage/innobase/include/fts0priv.h --- mariadb-11.8.6/storage/innobase/include/fts0priv.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0priv.h 2026-05-24 09:58:32.000000000 +0000 @@ -415,7 +415,8 @@ fts_write_object_id( /*================*/ ib_id_t id, /*!< in: a table/index id */ - char* str); /*!< in: buffer to write the id to */ + char* str, /*!< in: buffer to write the id to */ + size_t str_size); /*!< in: size of buffer */ /******************************************************************//** Read the table id from the string generated by fts_write_object_id(). @return TRUE if parse successful */ diff -Nru mariadb-11.8.6/storage/innobase/include/fts0priv.inl mariadb-11.8.8/storage/innobase/include/fts0priv.inl --- mariadb-11.8.6/storage/innobase/include/fts0priv.inl 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0priv.inl 2026-05-24 09:58:32.000000000 +0000 @@ -32,9 +32,10 @@ fts_write_object_id( /*================*/ ib_id_t id, /* in: a table/index id */ - char* str) /* in: buffer to write the id to */ + char* str, /* in: buffer to write the id to */ + size_t str_size) /* in: size of buffer */ { - return(sprintf(str, "%016llx", (ulonglong) id)); + return((int) snprintf(str, str_size, "%016llx", (ulonglong) id)); } /******************************************************************//** diff -Nru mariadb-11.8.6/storage/innobase/include/fts0tlex.h mariadb-11.8.8/storage/innobase/include/fts0tlex.h --- mariadb-11.8.6/storage/innobase/include/fts0tlex.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/fts0tlex.h 2026-05-24 09:58:32.000000000 +0000 @@ -2,9 +2,7 @@ #define fts0tHEADER_H 1 #define fts0tIN_HEADER 1 -#line 6 "../include/fts0tlex.h" -#line 8 "../include/fts0tlex.h" #define YY_INT_ALIGNED short int @@ -694,9 +692,7 @@ #undef yyTABLES_NAME #endif -#line 69 "fts0tlex.l" -#line 701 "../include/fts0tlex.h" #undef fts0tIN_HEADER #endif /* fts0tHEADER_H */ diff -Nru mariadb-11.8.6/storage/innobase/include/ha_prototypes.h mariadb-11.8.8/storage/innobase/include/ha_prototypes.h --- mariadb-11.8.6/storage/innobase/include/ha_prototypes.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/ha_prototypes.h 2026-05-24 09:58:32.000000000 +0000 @@ -400,11 +400,6 @@ @param[in] thd MYSQL_THD to destroy */ void destroy_background_thd(MYSQL_THD thd); -/** Close opened tables, free memory, delete items for a MYSQL_THD. -@param[in] thd MYSQL_THD to reset */ -void -innobase_reset_background_thd(MYSQL_THD); - /** Open a table based on a database and table name. @param db schema name @param name table name within the schema diff -Nru mariadb-11.8.6/storage/innobase/include/log0log.h mariadb-11.8.8/storage/innobase/include/log0log.h --- mariadb-11.8.6/storage/innobase/include/log0log.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/log0log.h 2026-05-24 09:58:32.000000000 +0000 @@ -75,8 +75,9 @@ /** Make a checkpoint */ ATTRIBUTE_COLD void log_make_checkpoint() noexcept; -/** Make a checkpoint at the latest lsn on shutdown. */ -ATTRIBUTE_COLD void logs_empty_and_mark_files_at_shutdown() noexcept; +/** Make a checkpoint at the latest lsn on shutdown. +@return the shutdown LSN */ +ATTRIBUTE_COLD lsn_t logs_empty_and_mark_files_at_shutdown() noexcept; /******************************************************//** Prints info of the log. */ @@ -186,17 +187,22 @@ public: /** innodb_log_buffer_size (usable append_prepare() size in bytes) */ unsigned buf_size; + /** set when there may be need to initiate a log checkpoint. + This must hold if lsn - last_checkpoint_lsn > max_checkpoint_age. */ + std::atomic need_checkpoint; + /** next checkpoint number (protected by latch.wr_lock()) */ + byte next_checkpoint_no; /** log file size in bytes, including the header */ lsn_t file_size; -#ifdef LOG_LATCH_DEBUG - typedef srw_lock_debug log_rwlock; +#if defined LOG_LATCH_DEBUG && defined UNIV_DEBUG + typedef srw_lock_debug_simple log_rwlock; bool latch_have_wr() const { return latch.have_wr(); } bool latch_have_rd() const { return latch.have_rd(); } bool latch_have_any() const { return latch.have_any(); } #else - typedef srw_lock log_rwlock; + typedef srw_lock_low log_rwlock; # ifndef UNIV_DEBUG # elif defined SUX_LOCK_GENERIC bool latch_have_wr() const { return true; } @@ -230,13 +236,6 @@ In write_buf(), buf and flush_buf may be swapped */ byte *flush_buf; - /** set when there may be need to initiate a log checkpoint. - This must hold if lsn - last_checkpoint_lsn > max_checkpoint_age. */ - std::atomic need_checkpoint; - /** whether a checkpoint is pending; protected by latch.wr_lock() */ - Atomic_relaxed checkpoint_pending; - /** next checkpoint number (protected by latch.wr_lock()) */ - byte next_checkpoint_no; /** Log sequence number when a log file overwrite (broken crash recovery) was noticed. Protected by latch.wr_lock(). */ lsn_t overwrite_warned; @@ -245,8 +244,6 @@ Atomic_relaxed last_checkpoint_lsn; /** The log writer (protected by latch.wr_lock()) */ lsn_t (*writer)() noexcept; - /** next checkpoint LSN (protected by latch.wr_lock()) */ - lsn_t next_checkpoint_lsn; /** Log file */ log_file_t log; @@ -268,6 +265,8 @@ public: /** current innodb_log_write_ahead_size */ uint write_size; + /** maximum write_size */ + static constexpr uint WRITE_SIZE_MAX{4096}; /** format of the redo log: e.g., FORMAT_10_8 */ uint32_t format; /** whether the memory-mapped interface is enabled for the log */ @@ -457,11 +456,11 @@ void persist(lsn_t lsn) noexcept; #endif - bool check_for_checkpoint() const + bool check_for_checkpoint() const noexcept { return UNIV_UNLIKELY(need_checkpoint.load(std::memory_order_relaxed)); } - void set_check_for_checkpoint(bool need= true) + void set_check_for_checkpoint(bool need) noexcept { need_checkpoint.store(need, std::memory_order_relaxed); } @@ -544,8 +543,12 @@ } /** Write checkpoint information and invoke latch.wr_unlock(). + @param checkpoint the new checkpoint LSN @param end_lsn start LSN of the FILE_CHECKPOINT mini-transaction */ - inline void write_checkpoint(lsn_t end_lsn) noexcept; + inline void write_checkpoint(lsn_t checkpoint, lsn_t end_lsn) noexcept; + + /** Wait for write_checkpoint() if necessary. */ + ATTRIBUTE_COLD void checkpoint_margin() noexcept; /** Variations of write_buf() */ enum resizing_and_latch { diff -Nru mariadb-11.8.6/storage/innobase/include/log0recv.h mariadb-11.8.8/storage/innobase/include/log0recv.h --- mariadb-11.8.6/storage/innobase/include/log0recv.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/log0recv.h 2026-05-24 09:58:32.000000000 +0000 @@ -44,11 +44,6 @@ @return whether the page was recovered correctly */ bool recv_recover_page(fil_space_t* space, buf_page_t* bpage); -/** Read the latest checkpoint information from log file -and store it in log_sys.next_checkpoint and recv_sys.file_checkpoint -@return error code or DB_SUCCESS */ -dberr_t recv_recovery_read_checkpoint(); - /** Start recovering from a redo log checkpoint. of first system tablespace page @return error code or DB_SUCCESS */ @@ -230,7 +225,10 @@ /** whether we are applying redo log records during crash recovery. This can be cleared when holding mutex, or when pages.empty() and - we are holding exclusive log_sys.latch. */ + we are holding exclusive log_sys.latch. When this is set, + buf_flush_page_cleaner() will not invoke log_checkpoint_low(), + buf_pool.flush_list may be unsorted by buf_page_t::oldest_modification(), + and garbage_collect() replaces buf_pool_t::running_out(). */ Atomic_relaxed recovery_on= false; /** whether recv_recover_page(), invoked from buf_page_t::read_complete(), should apply log records*/ diff -Nru mariadb-11.8.6/storage/innobase/include/mach0data.inl mariadb-11.8.8/storage/innobase/include/mach0data.inl --- mariadb-11.8.6/storage/innobase/include/mach0data.inl 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/mach0data.inl 2026-05-24 09:58:32.000000000 +0000 @@ -30,6 +30,7 @@ #include "mtr0types.h" #include "ut0byte.h" +#include "my_byteorder.h" /*******************************************************//** The following function is used to store data in one byte. */ @@ -63,8 +64,8 @@ ut_ad((n & ~0xFFFFUL) == 0); #endif - b[0] = (byte)(n >> 8); - b[1] = (byte)(n); + uint16_t v = my_htobe16(uint16_t(n)); + memcpy(b, &v, 2); } /** The following function is used to fetch data from one byte. @@ -87,7 +88,9 @@ mach_read_from_2( const byte* b) { - return(uint16_t(uint16_t(b[0]) << 8 | b[1])); + uint16_t v; + memcpy(&v, b, 2); + return my_betoh16(v); } #ifndef UNIV_INNOCHECKSUM @@ -135,8 +138,7 @@ { ut_ad((n & ~0xFFFFFFUL) == 0); - b[0] = (byte)(n >> 16); - b[1] = (byte)(n >> 8); + mach_write_to_2(b, n >> 8); b[2] = (byte)(n); } @@ -149,10 +151,7 @@ mach_read_from_3( const byte* b) { - return( (static_cast(b[0]) << 16) - | (static_cast(b[1]) << 8) - | static_cast(b[2]) - ); + return (uint32_t(mach_read_from_2(b)) << 8) | uint32_t(b[2]); } #endif /* !UNIV_INNOCHECKSUM */ @@ -166,10 +165,8 @@ byte* b, /*!< in: pointer to four bytes where to store */ ulint n) /*!< in: ulint integer to be stored */ { - b[0] = (byte)(n >> 24); - b[1] = (byte)(n >> 16); - b[2] = (byte)(n >> 8); - b[3] = (byte) n; + uint32_t v = my_htobe32(uint32_t(n)); + memcpy(b, &v, 4); } /** The following function is used to fetch data from 4 consecutive @@ -181,11 +178,9 @@ mach_read_from_4( const byte* b) { - return( (static_cast(b[0]) << 24) - | (static_cast(b[1]) << 16) - | (static_cast(b[2]) << 8) - | static_cast(b[3]) - ); + uint32_t v; + memcpy(&v, b, 4); + return my_betoh32(v); } #ifndef UNIV_INNOCHECKSUM @@ -343,8 +338,8 @@ void* b, /*!< in: pointer to 8 bytes where to store */ ib_uint64_t n) /*!< in: 64-bit integer to be stored */ { - mach_write_to_4(static_cast(b), (ulint) (n >> 32)); - mach_write_to_4(static_cast(b) + 4, (ulint) n); + uint64_t v = my_htobe64(n); + memcpy(b, &v, 8); } #endif /* !UNIV_INNOCHECKSUM */ @@ -359,13 +354,10 @@ /*=============*/ const byte* b) /*!< in: pointer to 8 bytes */ { - ib_uint64_t u64; + uint64_t v; - u64 = mach_read_from_4(b); - u64 <<= 32; - u64 |= mach_read_from_4(b + 4); - - return(u64); + memcpy(&v, b, 8); + return my_betoh64(v); } #ifndef UNIV_INNOCHECKSUM @@ -723,7 +715,7 @@ /*===========================*/ const byte* buf) /*!< in: from where to read */ { - return((ulint)(buf[0]) | ((ulint)(buf[1]) << 8)); + return uint2korr(buf); } /*********************************************************//** @@ -736,13 +728,7 @@ ulint n) /*!< in: unsigned long int to write */ { ut_ad(n < 256 * 256); - - *dest = (byte)(n & 0xFFUL); - - n = n >> 8; - dest++; - - *dest = (byte)(n & 0xFFUL); + int2store(dest, n); } /*********************************************************//** diff -Nru mariadb-11.8.6/storage/innobase/include/row0log.h mariadb-11.8.8/storage/innobase/include/row0log.h --- mariadb-11.8.6/storage/innobase/include/row0log.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/row0log.h 2026-05-24 09:58:32.000000000 +0000 @@ -93,16 +93,6 @@ that is being rebuilt online */ MY_ATTRIBUTE((nonnull, warn_unused_result)); -/** Check whether a virtual column is indexed in the new table being -created during alter table -@param[in] index cluster index -@param[in] v_no virtual column number -@return true if it is indexed, else false */ -bool -row_log_col_is_indexed( - const dict_index_t* index, - ulint v_no); - /******************************************************//** Logs a delete operation to a table that is being rebuilt. This will be merged in row_log_table_apply_delete(). */ @@ -218,6 +208,16 @@ @return error code present in online log */ dberr_t row_log_get_error(const dict_index_t *index); +/** Mark all indexed virtual columns for computation during +online DDL. Virtual columns that are part of any index must be +computed and logged in the row log so their values are available +for index building and concurrent DML replay during ALTER TABLE +operations. +@param table InnoDB table object +@param maria_table MariaDB table handle */ +ATTRIBUTE_COLD +void row_log_mark_virtual_cols(const dict_table_t *table, + TABLE *maria_table) noexcept; #ifdef HAVE_PSI_STAGE_INTERFACE /** Estimate how much work is to be done by the log apply phase of an ALTER TABLE for this index. diff -Nru mariadb-11.8.6/storage/innobase/include/row0purge.h mariadb-11.8.8/storage/innobase/include/row0purge.h --- mariadb-11.8.6/storage/innobase/include/row0purge.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/row0purge.h 2026-05-24 09:58:32.000000000 +0000 @@ -47,6 +47,55 @@ que_thr_t* thr) /*!< in: query thread */ MY_ATTRIBUTE((nonnull, warn_unused_result)); +/** Table context for purge operations. Uses pointer to store +either TABLE* or MDL_ticket* in a single union +For tables WITH indexed virtual columns: +- Opens TABLE* via open_purge_table() +- Stores TABLE* with LSB=1 flag in mariadb_table +- MDL_ticket* is accessed via TABLE->mdl_ticket +- get_ticket() returns TABLE->mdl_ticket + +For tables WITHOUT indexed virtual columns: +- Only acquires MDL_ticket* (no TABLE* needed) +- Stores MDL_ticket* with LSB=0 in the union +- get_ticket() returns the stored ticket directly */ +class purge_table +{ + union + { + /** TABLE* with the least signficant bit set */ + uintptr_t mariadb_table; + /** metadata lock when !get_mariadb_table() */ + MDL_ticket *ticket; + }; +public: + /** Pointer to the InnoDB table, or nullptr if the table + no longer exists, or -1 if we failed to acquire a metadata lock */ + dict_table_t *table; + + purge_table() : ticket(nullptr), table(nullptr) {} + + /** Get the TABLE pointer for virtual column computation. + @return TABLE* if the LSB flag is set, nullptr otherwise */ + TABLE *get_maria_table() const noexcept + { + return UNIV_UNLIKELY(mariadb_table & 1) + ? reinterpret_cast(mariadb_table & ~uintptr_t{1}) + : nullptr; + } + + /** @return whether we must wait for MDL on the table */ + bool must_wait() const noexcept + { return table == reinterpret_cast(-1); } + + inline MDL_ticket *get_ticket() const noexcept; + inline void set_mariadb_table(TABLE *t) noexcept + { mariadb_table= reinterpret_cast(t) | 1; } + + inline void set_ticket(MDL_ticket *t) noexcept + { ticket= t; } +}; + /** Purge worker context */ struct purge_node_t { @@ -73,8 +122,8 @@ /** whether the operation is in progress */ bool in_progress= false; #endif - /** table where purge is done */ - dict_table_t *table= nullptr; + /** purge table handle */ + purge_table pt; /** update vector for a clustered index record */ upd_t *update; /** row reference to the next row to handle, or nullptr */ @@ -93,8 +142,9 @@ /** Undo recs to purge */ std::queue undo_recs; - /** map of table identifiers to table handles and meta-data locks */ - std::unordered_map> tables; + /** map of table identifiers to table handles and TABLE* object, + which is set by purge co-ordinator thread */ + std::unordered_map tables; /** Constructor */ explicit purge_node_t(que_thr_t *parent) : diff -Nru mariadb-11.8.6/storage/innobase/include/row0vers.h mariadb-11.8.8/storage/innobase/include/row0vers.h --- mariadb-11.8.6/storage/innobase/include/row0vers.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/row0vers.h 2026-05-24 09:58:32.000000000 +0000 @@ -65,13 +65,15 @@ @param[in,out] row the cluster index row in dtuple form @param[in] clust_index clustered index @param[in] index the secondary index -@param[in] heap heap used to build virtual dtuple. */ +@param[in] heap heap used to build virtual dtuple. +@param[in] maria_table MariaDB table object */ bool row_vers_build_clust_v_col( dtuple_t* row, dict_index_t* clust_index, dict_index_t* index, - mem_heap_t* heap); + mem_heap_t* heap, + TABLE* maria_table= nullptr); /** Build a dtuple contains virtual column data for current cluster index @param[in] rec cluster index rec @param[in] clust_index cluster index @@ -83,6 +85,7 @@ @param[in,out] heap heap memory @param[in,out] v_heap heap memory to keep virtual column tuple @param[in,out] mtr mini-transaction +@param[in] maria_table MariaDB table object @return dtuple contains virtual column data */ dtuple_t* row_vers_build_cur_vrow( @@ -94,7 +97,8 @@ roll_ptr_t roll_ptr, mem_heap_t* heap, mem_heap_t* v_heap, - mtr_t* mtr); + mtr_t* mtr, + TABLE* maria_table= nullptr); /*****************************************************************//** Constructs the version of a clustered index record which a consistent diff -Nru mariadb-11.8.6/storage/innobase/include/small_vector.h mariadb-11.8.8/storage/innobase/include/small_vector.h --- mariadb-11.8.6/storage/innobase/include/small_vector.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/small_vector.h 2026-05-24 09:58:32.000000000 +0000 @@ -58,7 +58,6 @@ public: small_vector() : small_vector_base(small, N) { - TRASH_ALLOC(small, sizeof small); } ~small_vector() noexcept { diff -Nru mariadb-11.8.6/storage/innobase/include/srv0start.h mariadb-11.8.8/storage/innobase/include/srv0start.h --- mariadb-11.8.6/storage/innobase/include/srv0start.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/srv0start.h 2026-05-24 09:58:32.000000000 +0000 @@ -88,9 +88,6 @@ char* filename, ulint max_len); -/** Log sequence number at shutdown */ -extern lsn_t srv_shutdown_lsn; - /** TRUE if the server is being started */ extern bool srv_is_being_started; /** TRUE if the server is being started, before rolling back any diff -Nru mariadb-11.8.6/storage/innobase/include/srw_lock.h mariadb-11.8.8/storage/innobase/include/srw_lock.h --- mariadb-11.8.6/storage/innobase/include/srw_lock.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/srw_lock.h 2026-05-24 09:58:32.000000000 +0000 @@ -656,4 +656,54 @@ /** @return whether this thread is holding rd_lock() or wr_lock() */ bool have_any() const noexcept; }; + +# ifndef LOG_LATCH_DEBUG +# elif !defined UNIV_PFS_RWLOCK +typedef srw_lock_debug srw_lock_debug_simple; +# else +class srw_lock_debug_simple : private ssux_lock_impl +{ + /** The owner of the exclusive lock (0 if none) */ + std::atomic writer; + /** Protects readers */ + mutable srw_mutex readers_lock; + /** Threads that hold the lock in shared mode */ + std::atomic*> readers; + + /** Register a read lock. */ + void readers_register() noexcept; + +public: + void init() noexcept; + void destroy() noexcept; + +#ifndef SUX_LOCK_GENERIC + /** @return whether any lock may be held by any thread */ + bool is_locked_or_waiting() const noexcept + { return ssux_lock_impl::is_locked_or_waiting(); } + /** @return whether an exclusive lock may be held by any thread */ + bool is_write_locked() const noexcept + { return ssux_lock_impl::is_write_locked(); } +#endif + + /** Acquire an exclusive lock */ + void wr_lock() noexcept; + /** @return whether an exclusive lock was acquired */ + bool wr_lock_try() noexcept; + /** Release after wr_lock() */ + void wr_unlock() noexcept; + /** Acquire a shared lock */ + void rd_lock() noexcept; + /** @return whether a shared lock was acquired */ + bool rd_lock_try() noexcept; + /** Release after rd_lock() */ + void rd_unlock() noexcept; + /** @return whether this thread is between rd_lock() and rd_unlock() */ + bool have_rd() const noexcept; + /** @return whether this thread is between wr_lock() and wr_unlock() */ + bool have_wr() const noexcept; + /** @return whether this thread is holding rd_lock() or wr_lock() */ + bool have_any() const noexcept; +}; +# endif #endif diff -Nru mariadb-11.8.6/storage/innobase/include/trx0purge.h mariadb-11.8.8/storage/innobase/include/trx0purge.h --- mariadb-11.8.6/storage/innobase/include/trx0purge.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/trx0purge.h 2026-05-24 09:58:32.000000000 +0000 @@ -1,3 +1,4 @@ + /***************************************************************************** Copyright (c) 1996, 2016, Oracle and/or its affiliates. All Rights Reserved. @@ -29,10 +30,12 @@ #include "trx0sys.h" #include "que0types.h" #include "srw_lock.h" +#include "row0purge.h" #include #include +struct TABLE; /** Prepend the history list with an undo log. Remove the undo log segment from the rseg slot if it is too big for reuse. @param[in] trx transaction @@ -232,6 +235,18 @@ trx_rseg_t* rseg; /*!< Rollback segment for the next undo record to purge */ private: + /** Coordinator thread's THD during batch processing. + Set by the coordinator at the start of trx_purge() and cleared + at the end. This serves two purposes: + 1. Identifies the coordinator thread in reset_worker_thd() + which skips THD reset for the coordinator since it manages + cleanup centrally in trx_purge() after all workers complete. + + 2. Used to set TABLE::in_use when opening tables for purge + operations with virtual columns, ensuring proper table + ownership tracking during the purge batch. */ + THD *coordinator_thd= nullptr; + uint32_t page_no; /*!< Page number for the next undo record to purge, page number of the log header, if dummy record */ @@ -318,8 +333,14 @@ /** Resume purge at UNLOCK TABLES after FLUSH TABLES FOR EXPORT */ void resume(); - /** Close and reopen all tables in case of a MDL conflict with DDL */ - dict_table_t *close_and_reopen(table_id_t id, THD *thd, MDL_ticket **mdl); + /** Close and reopen all tables in case of a MDL conflict with DDL + @param id table identifier that triggered reopen + @param pt last purge_table entry processed + @param thd coordinator thread + @return purge_table for the reopened table, or empty on error */ + purge_table close_and_reopen(table_id_t id, purge_table pt, + THD *thd) noexcept; + private: /** Suspend purge during a DDL operation on FULLTEXT INDEX tables */ void wait_FTS(bool also_sys); @@ -340,6 +361,8 @@ { ut_d(const auto p=) m_FTS_paused.fetch_sub(1); ut_ad(p & ~PAUSED_SYS); } /** @return whether stop_SYS() is in effect */ bool must_wait_FTS() const { return m_FTS_paused & ~PAUSED_SYS; } + /** Reset coordinator thread back to table->in_use */ + inline void reset_in_use(TABLE *table) const noexcept; private: /** @@ -424,8 +447,12 @@ /** A wrapper around trx_sys_t::clone_oldest_view(). */ template - void clone_oldest_view() + void clone_oldest_view(THD *thd) { + ut_ad(also_end_view == !thd); + ut_ad(!thd || !coordinator_thd); + coordinator_thd= thd; + if (!also_end_view) wait_FTS(true); latch.wr_lock(SRW_LOCK_CALL); @@ -484,6 +511,9 @@ marked for truncate. @param space undo tablespace being truncated */ void cleanse_purge_queue(const fil_space_t &space); + + /** Reset the state of a purge_worker_task at the end of a batch */ + inline void reset_worker_thd(THD *thd) const noexcept; }; /** The global data structure coordinating a purge */ diff -Nru mariadb-11.8.6/storage/innobase/include/trx0trx.h mariadb-11.8.8/storage/innobase/include/trx0trx.h --- mariadb-11.8.6/storage/innobase/include/trx0trx.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/trx0trx.h 2026-05-24 09:58:32.000000000 +0000 @@ -220,8 +220,7 @@ /*!< in: mem_heap_get_size(trx->lock.lock_heap) */ /**********************************************************************//** -Prints info about a transaction. -When possible, use trx_print() instead. */ +Prints info about a transaction. */ void trx_print_latched( /*==============*/ @@ -229,15 +228,6 @@ const trx_t* trx); /*!< in: transaction */ /**********************************************************************//** -Prints info about a transaction. -Acquires and releases lock_sys.latch. */ -void -trx_print( -/*======*/ - FILE* f, /*!< in: output stream */ - const trx_t* trx); /*!< in: transaction */ - -/**********************************************************************//** Determines if a transaction is in the given state. The caller must hold trx->mutex, or it must be the thread that is serving a running transaction. @@ -1209,6 +1199,35 @@ return bulk_insert == type ? bulk_insert_apply_low(): DB_SUCCESS; } + /** This function used only during ALTER IGNORE TABLE command. + Reset the undo no and remove the undo log from transaction. + By doing this, InnoDB doesn't add any undo logs to purge queue + during transaction commit */ + inline void reset_and_truncate_undo() noexcept; + + /** Clear TRX_DML_BULK, retaining TRX_DDL_BULK if it was set. */ + void clear_dml_bulk() noexcept + { + static_assert(TRX_NO_BULK == 0, ""); + static_assert(TRX_DML_BULK == 2, ""); + static_assert(TRX_DDL_BULK == 3, ""); + static_assert((TRX_DML_BULK & 1) == 0, ""); + ut_ad(bulk_insert != 1); + bulk_insert= unsigned( + (bulk_insert & (((bulk_insert ^ bulk_insert << 1) & 2 >> 1) * 3)) & 3); + } + + /** Clear TRX_DDL_BULK, retaining TRX_DML_BULK if it was set. */ + void clear_ddl_bulk() noexcept + { + static_assert(TRX_NO_BULK == 0, ""); + static_assert(TRX_DML_BULK == 2, ""); + static_assert(TRX_DDL_BULK == 3, ""); + static_assert((TRX_DML_BULK & 1) == 0, ""); + ut_ad(bulk_insert != 1); + bulk_insert= unsigned((bulk_insert ^ ((bulk_insert & 1) * 3)) & 3); + } + private: /** Apply the buffered bulk inserts. */ dberr_t bulk_insert_apply_low(); diff -Nru mariadb-11.8.6/storage/innobase/include/trx0types.h mariadb-11.8.8/storage/innobase/include/trx0types.h --- mariadb-11.8.6/storage/innobase/include/trx0types.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/trx0types.h 2026-05-24 09:58:32.000000000 +0000 @@ -69,9 +69,9 @@ enum trx_bulk_insert { TRX_NO_BULK, /** bulk insert is being executed during DML */ - TRX_DML_BULK, + TRX_DML_BULK = 2, /** bulk insert is being executed in copy_data_between_tables() */ - TRX_DDL_BULK + TRX_DDL_BULK = 3 }; /** Memory objects */ diff -Nru mariadb-11.8.6/storage/innobase/include/trx0undo.h mariadb-11.8.8/storage/innobase/include/trx0undo.h --- mariadb-11.8.6/storage/innobase/include/trx0undo.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/trx0undo.h 2026-05-24 09:58:32.000000000 +0000 @@ -265,6 +265,8 @@ uint16_t top_offset; /*!< offset of the latest undo record, i.e., the topmost element in the undo log if we think of it as a stack */ + uint16_t old_offset; /*!< previous undo record offset + for ALTER IGNORE */ undo_no_t top_undo_no; /*!< undo number of the latest record (IB_ID_MAX if the undo log is empty) */ buf_block_t* guess_block; /*!< guess for the buffer block where diff -Nru mariadb-11.8.6/storage/innobase/include/univ.i mariadb-11.8.8/storage/innobase/include/univ.i --- mariadb-11.8.6/storage/innobase/include/univ.i 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/univ.i 2026-05-24 09:58:32.000000000 +0000 @@ -492,7 +492,6 @@ extern mysql_pfs_key_t index_online_log_key; extern mysql_pfs_key_t trx_sys_rw_lock_key; extern mysql_pfs_key_t lock_latch_key; -extern mysql_pfs_key_t log_latch_key; extern mysql_pfs_key_t trx_rseg_latch_key; # endif /* UNIV_PFS_RWLOCK */ #endif /* HAVE_PSI_INTERFACE */ diff -Nru mariadb-11.8.6/storage/innobase/include/ut0ut.h mariadb-11.8.8/storage/innobase/include/ut0ut.h --- mariadb-11.8.6/storage/innobase/include/ut0ut.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/include/ut0ut.h 2026-05-24 09:58:32.000000000 +0000 @@ -124,7 +124,8 @@ void ut_sprintf_timestamp( /*=================*/ - char* buf); /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t buf_size); /*!< in: size of the buffer */ /*************************************************************//** Prints the contents of a memory buffer in hex and ascii. */ diff -Nru mariadb-11.8.6/storage/innobase/lock/lock0lock.cc mariadb-11.8.8/storage/innobase/lock/lock0lock.cc --- mariadb-11.8.6/storage/innobase/lock/lock0lock.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/lock/lock0lock.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1697,7 +1697,8 @@ unsigned type_mode, const hash_cell_t &cell, const page_id_t id, const page_t *page, ulint heap_no, dict_index_t *index, - trx_t *trx, bool caller_owns_trx_mutex) + trx_t *trx, bool caller_owns_trx_mutex, + bool report_waits= false) { ut_d(lock_sys.hash_get(type_mode).assert_locked(id)); ut_ad(xtest() || caller_owns_trx_mutex == trx->mutex_is_owner()); @@ -1758,6 +1759,7 @@ const bool bypass_mode = !is_supremum && lock_t::is_rec_exclusive_not_gap(type_mode); bool has_s_lock_or_stronger = false; + bool do_create= false; for (lock_t* lock = first_lock;;) { if (!lock_rec_get_nth_bit(lock, heap_no)) goto cont; @@ -1776,12 +1778,25 @@ else if (lock->is_waiting() && (!bypass_mode || !has_s_lock_or_stronger || !lock->is_gap())) + { +#ifdef HAVE_REPLICATION + if (report_waits) + { + do_create= true; + thd_rpl_deadlock_check(lock->trx->mysql_thd, + trx->mysql_thd); + } + else +#endif goto create; + } cont: if (!(lock = lock_rec_get_next_on_page(lock))) { break; } } + if (do_create) + goto create; const lock_t *bypassed = c_lock_info.insert_after ? lock_rec_get_next(heap_no, c_lock_info.insert_after) @@ -1904,6 +1919,7 @@ ((LOCK_MODE_MASK | LOCK_TABLE) & mode) == LOCK_X); ut_ad(~mode & (LOCK_GAP | LOCK_REC_NOT_GAP)); ut_ad(dict_index_is_clust(index) || !dict_index_is_online_ddl(index)); + ut_ad(block->page.lock.have_any()); DBUG_EXECUTE_IF("innodb_report_deadlock", return DB_DEADLOCK;); #ifdef ENABLED_DEBUG_SYNC if (trx->mysql_thd) @@ -1969,7 +1985,8 @@ { /* Set the requested lock on the record. */ lock_rec_add_to_queue(c_lock_info, mode, g.cell(), id, - block->page.frame, heap_no, index, trx, true); + block->page.frame, heap_no, index, trx, true, + true); err= DB_SUCCESS_LOCKED_REC; } } @@ -6512,16 +6529,33 @@ return DB_SUCCESS; } + trx_id_t trx_id = 0; + if (heap_no > PAGE_HEAP_NO_SUPREMUM && gap_mode != LOCK_GAP - && trx->snapshot_isolation + && trx->snapshot_isolation && trx->read_view.is_open()) { - trx_id_t trx_id= trx_read_trx_id(rec + - row_trx_id_offset(rec, index)); - if (!trx_sys.is_registered(trx, trx_id) - && !trx->read_view.changes_visible(trx_id) + trx_id = trx_read_trx_id(rec + row_trx_id_offset(rec, index)); + if (!trx->read_view.changes_visible(trx_id) && IF_WSREP(!(trx->is_wsrep() && wsrep_thd_skip_locking(trx->mysql_thd)), true)) { - return DB_RECORD_CHANGED; + /* Our record was last modified by a transaction that + we should not see. If that transaction has been + committed, we can return an error immediately, + without waiting for a record lock. */ + if (!trx_sys.is_registered(trx, trx_id)) { + return DB_RECORD_CHANGED; + } + /* If lock_rec_lock() below returns DB_LOCK_WAIT, + there is a chance that the implicit lock holder will + be rolled back while we are waiting for a lock + timeout. In that case, this function would be invoked + again after the lock wait has been resolved. + + If the lock_rec_lock() succeeds, we will have to + return this error. */ + } else { + /* We are allowed to see this record. */ + trx_id = 0; } } @@ -6531,8 +6565,18 @@ ut_ad(lock_rec_queue_validate(false, block->page.id(), rec, index, offsets)); + ut_ad(block->page.lock.have_any()); DEBUG_SYNC_C("after_lock_clust_rec_read_check_and_lock"); + if (UNIV_UNLIKELY(trx_id != 0) && err <= DB_SUCCESS_LOCKED_REC) { + /* The last modifier of rec had just been committed. + (It cannot be rolled back, because our caller is holding + block->page.lock, which protects rec.) + We already determined that rec is too new for us. */ + ut_ad(err == DB_SUCCESS || err == DB_SUCCESS_LOCKED_REC); + err = DB_RECORD_CHANGED; + } + return(err); } /*********************************************************************//** diff -Nru mariadb-11.8.6/storage/innobase/log/log0log.cc mariadb-11.8.8/storage/innobase/log/log0log.cc --- mariadb-11.8.6/storage/innobase/log/log0log.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/log/log0log.cc 2026-05-24 09:58:32.000000000 +0000 @@ -91,12 +91,12 @@ ut_ad(this == &log_sys); ut_ad(!is_initialised()); - latch.SRW_LOCK_INIT(log_latch_key); + latch.init(); write_lsn_offset= 0; /* LSN 0 and 1 are reserved; @see buf_page_t::oldest_modification_ */ base_lsn.store(FIRST_LSN, std::memory_order_relaxed); flushed_to_disk_lsn.store(FIRST_LSN, std::memory_order_relaxed); - need_checkpoint.store(true, std::memory_order_relaxed); + need_checkpoint.store(false, std::memory_order_relaxed); write_lsn= FIRST_LSN; ut_ad(!checkpoint_buf); @@ -112,8 +112,6 @@ log_capacity= 0; max_modified_age_async= 0; max_checkpoint_age= 0; - next_checkpoint_lsn= 0; - checkpoint_pending= false; ut_ad(is_initialised()); } @@ -287,9 +285,8 @@ if (!stat("/dev/shm", &st)) { is_pmem= st.st_dev == st_dev; - if (!is_pmem) - return ptr; /* MAP_FAILED */ - goto remap; + if (is_pmem) + goto remap; } } } @@ -506,7 +503,7 @@ /** @return the current log sequence number (may be stale) */ lsn_t log_get_lsn() noexcept { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); lsn_t lsn= log_sys.get_lsn(); log_sys.latch.wr_unlock(); return lsn; @@ -525,7 +522,7 @@ group_commit_lock::ACQUIRED); } - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); } /** Release the latches that protect the log. */ @@ -951,7 +948,7 @@ ATTRIBUTE_NOINLINE static void log_write_persist(lsn_t lsn) noexcept { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); log_sys.persist(lsn); log_sys.latch.wr_unlock(); } @@ -1113,7 +1110,6 @@ } } - set_check_for_checkpoint(false); return lsn; } @@ -1188,7 +1184,7 @@ group_commit_lock::ACQUIRED) { ut_ad(!recv_no_log_write || srv_operation != SRV_OPERATION_NORMAL); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); pending_write_lsn= write_lock.release(log_sys.writer()); } @@ -1252,9 +1248,11 @@ #ifdef HAVE_PMEM if (!is_opened()) { - ut_d(latch.wr_lock(SRW_LOCK_CALL)); + ut_d(latch.wr_lock()); ut_ad(!resize_in_progress()); - ut_ad(get_lsn() == get_flushed_lsn(std::memory_order_relaxed)); + ut_d(extern bool ibuf_upgrade_was_needed;) + ut_ad(get_lsn() == get_flushed_lsn(std::memory_order_relaxed) || + ibuf_upgrade_was_needed); ut_d(latch.wr_unlock()); return; } @@ -1265,22 +1263,31 @@ ut_ad(write_lsn == get_lsn()); ut_ad(write_lsn == get_flushed_lsn(std::memory_order_relaxed)); - if (buf) /* this may be invoked while creating a new database */ { - alignas(16) byte log_block[4096]; - const size_t bs{write_size}; + if (buf) /* this may be invoked while creating a new database */ { - const size_t bf= - size_t(write_lsn - base_lsn.load(std::memory_order_relaxed)); - memcpy_aligned<16>(log_block, buf + (bf & ~(bs - 1)), bs); - } + alignas(16) byte log_block[log_t::WRITE_SIZE_MAX]; + const size_t bs{write_size}; + { + ut_ad(write_lsn >= first_lsn); + uint64_t bf{write_lsn - first_lsn}; + if (bf > capacity()) + bf%= capacity(); + bf+= START_OFFSET; + const size_t bs_1{bs - 1}; + write_lsn_offset= bf & bs_1; + base_lsn.store(write_lsn - write_lsn_offset, + std::memory_order_relaxed); + memcpy_aligned<16>(log_block, buf + (bf & ~uint64_t{bs_1}), bs); + } - close_file(false); - log_mmap= false; - ut_a(attach(log, file_size)); - ut_ad(!is_mmap()); + close_file(false); + log_mmap= false; + ut_a(attach(log, file_size)); + ut_ad(!is_mmap()); - memcpy_aligned<16>(buf, log_block, bs); + memcpy_aligned<16>(buf, log_block, bs); + } } log_resize_release(); } @@ -1301,46 +1308,53 @@ } } -/****************************************************************//** -Tries to establish a big enough margin of free space in the log, such -that a new log entry can be catenated without an immediate need for a -checkpoint. NOTE: this function may only be called if the calling thread -owns no synchronization objects! */ -ATTRIBUTE_COLD static void log_checkpoint_margin() noexcept +ATTRIBUTE_COLD void log_t::checkpoint_margin() noexcept { - while (log_sys.check_for_checkpoint()) + ut_ad(this == &log_sys); + ut_ad(!recv_no_log_write); + + thd_wait_begin(nullptr, THD_WAIT_DISKIO); + tpool::tpool_wait_begin(); + + while (check_for_checkpoint()) { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + latch.wr_lock(); ut_ad(!recv_no_log_write); - if (!log_sys.check_for_checkpoint()) + if (!check_for_checkpoint()) { -func_exit: - log_sys.latch.wr_unlock(); - return; + func_exit: + latch.wr_unlock(); + break; } - const lsn_t lsn= log_sys.get_lsn(); - const lsn_t max_age= log_sys.max_checkpoint_age; - const lsn_t age= lsn_t(lsn - log_sys.last_checkpoint_lsn); + const lsn_t last{last_checkpoint_lsn}, max_age{max_checkpoint_age}; + lsn_t lsn{get_lsn()}; - if (age <= max_age) + ut_ad(last >= first_lsn); { + if (lsn - last <= max_age) + { #ifndef DBUG_OFF - skip_checkpoint: + skip_checkpoint: #endif - log_sys.set_check_for_checkpoint(false); - goto func_exit; + set_check_for_checkpoint(false); + goto func_exit; + } + DBUG_EXECUTE_IF("ib_log_checkpoint_avoid_hard", goto skip_checkpoint;); + lsn-= max_age; } - DBUG_EXECUTE_IF("ib_log_checkpoint_avoid_hard", goto skip_checkpoint;); - log_sys.latch.wr_unlock(); + mysql_mutex_lock(&buf_pool.flush_list_mutex); /* We must wait to prevent the tail of the log overwriting the head. */ - buf_flush_wait_flushed(lsn - max_age); - /* Sleep to avoid a thundering herd */ - std::this_thread::sleep_for(std::chrono::milliseconds(10)); + buf_flush_wait(lsn, false); + latch.wr_unlock(); + mysql_mutex_unlock(&buf_pool.flush_list_mutex); } + + tpool::tpool_wait_end(); + thd_wait_end(nullptr); } /** Wait for a log checkpoint if needed. @@ -1352,7 +1366,7 @@ if (log_sys.check_for_checkpoint()) { ut_ad(!recv_no_log_write); - log_checkpoint_margin(); + log_sys.checkpoint_margin(); } } @@ -1362,13 +1376,14 @@ inline void buf_mem_pressure_shutdown() noexcept {} #endif -/** Make a checkpoint at the latest lsn on shutdown. */ -ATTRIBUTE_COLD void logs_empty_and_mark_files_at_shutdown() noexcept +/** Make a checkpoint at the latest lsn on shutdown. +@return the shutdown LSN */ +ATTRIBUTE_COLD lsn_t logs_empty_and_mark_files_at_shutdown() noexcept { - lsn_t lsn; ulint count = 0; - ib::info() << "Starting shutdown..."; + sql_print_information("InnoDB: Starting shutdown..."); + ut_ad(buf_pool.is_initialised() || !srv_was_started); /* Wait until the master task and all other operations are idle: our algorithm only works if the server is idle at shutdown */ @@ -1387,17 +1402,17 @@ } srv_monitor_timer.reset(); -loop: + constexpr ulint COUNT_INTERVAL{600}; + if (false) { + loop: + std::this_thread::sleep_for(std::chrono::milliseconds(100)); + count++; + } + ut_ad(lock_sys.is_initialised() || !srv_was_started); ut_ad(log_sys.is_initialised() || !srv_was_started); ut_ad(fil_system.is_initialised() || !srv_was_started); -#define COUNT_INTERVAL 600U -#define CHECK_INTERVAL 100000U - std::this_thread::sleep_for(std::chrono::microseconds(CHECK_INTERVAL)); - - count++; - /* Check that there are no longer transactions, except for PREPARED ones. We need this wait even for the 'very fast' shutdown, because the InnoDB layer may have committed or @@ -1409,12 +1424,12 @@ if (srv_print_verbose_log && count > COUNT_INTERVAL) { service_manager_extend_timeout( - COUNT_INTERVAL * CHECK_INTERVAL/1000000 * 2, - "Waiting for %lu active transactions to finish", - (ulong) total_trx); - ib::info() << "Waiting for " << total_trx << " active" - << " transactions to finish"; - + unsigned(COUNT_INTERVAL / 5), + "Waiting for %zu active transactions to finish", + total_trx); + sql_print_information("InnoDB: Waiting for %zu active" + " transactions to finish", + total_trx); count = 0; } @@ -1428,11 +1443,11 @@ ut_ad(!srv_read_only_mode); wait_suspend_loop: service_manager_extend_timeout( - COUNT_INTERVAL * CHECK_INTERVAL/1000000 * 2, + unsigned(COUNT_INTERVAL / 5), "Waiting for %s to exit", thread_name); if (srv_print_verbose_log && count > COUNT_INTERVAL) { - ib::info() << "Waiting for " << thread_name - << " to exit"; + sql_print_information("InnoDB: Waiting for %s to exit", + thread_name); count = 0; } goto loop; @@ -1447,67 +1462,36 @@ goto wait_suspend_loop; } - if (buf_page_cleaner_is_active) { - thread_name = "page cleaner thread"; - pthread_cond_signal(&buf_pool.do_flush_list); - goto wait_suspend_loop; - } + if (buf_pool.is_initialised()) { + if (srv_fast_shutdown != 2 && !srv_read_only_mode + && srv_was_started) { + log_make_checkpoint(); + } - buf_load_dump_end(); - rollback_all_recovered_task.wait(); + buf_load_dump_end(); + rollback_all_recovered_task.wait(); - if (!buf_pool.is_initialised()) { - ut_ad(!srv_was_started); - } else { - buf_flush_buffer_pool(); - } + mysql_mutex_lock(&buf_pool.flush_list_mutex); + srv_shutdown_state = SRV_SHUTDOWN_LAST_PHASE; + while (buf_page_cleaner_is_active) { + pthread_cond_signal(&buf_pool.do_flush_list); + my_cond_wait(&buf_pool.done_flush_list, + &buf_pool.flush_list_mutex.m_mutex); + } + mysql_mutex_unlock(&buf_pool.flush_list_mutex); - if (srv_fast_shutdown == 2 || !srv_was_started) { - if (!srv_read_only_mode && srv_was_started) { + if (srv_fast_shutdown == 2 && !srv_read_only_mode) { sql_print_information( "InnoDB: Executing innodb_fast_shutdown=2." " Next startup will execute crash recovery!"); - - /* In this fastest shutdown we do not flush the - buffer pool: - - it is essentially a 'crash' of the InnoDB server. - Make sure that the log is all flushed to disk, so - that we can recover all committed transactions in - a crash recovery. */ log_buffer_flush_to_disk(); } - - srv_shutdown_state = SRV_SHUTDOWN_LAST_PHASE; - return; } - if (!srv_read_only_mode) { - service_manager_extend_timeout(INNODB_EXTEND_TIMEOUT_INTERVAL, - "ensuring dirty buffer pool are written to log"); - log_make_checkpoint(); - - const auto sizeof_cp = log_sys.is_encrypted() - ? SIZE_OF_FILE_CHECKPOINT + 8 - : SIZE_OF_FILE_CHECKPOINT; - - log_sys.latch.wr_lock(SRW_LOCK_CALL); - - lsn = log_sys.get_lsn(); - - const bool lsn_changed = lsn != log_sys.last_checkpoint_lsn - && lsn != log_sys.last_checkpoint_lsn + sizeof_cp; - ut_ad(lsn >= log_sys.last_checkpoint_lsn); - - log_sys.latch.wr_unlock(); - - if (lsn_changed) { - goto loop; - } - } else { - lsn = recv_sys.lsn; + const lsn_t lsn{log_get_lsn()}; + if (srv_fast_shutdown == 2 || !srv_was_started) { + return lsn; } - srv_shutdown_state = SRV_SHUTDOWN_LAST_PHASE; /* Make some checks that the server really is quiet */ @@ -1515,24 +1499,18 @@ service_manager_extend_timeout(INNODB_EXTEND_TIMEOUT_INTERVAL, "Free innodb buffer pool"); + /* There could be pending writes to the temporary tablespace. */ + os_aio_wait_until_no_pending_writes(false); + /* Some recently triggered read-ahead may be pending. */ + os_aio_wait_until_no_pending_reads(false); + ut_d(mysql_mutex_lock(&buf_pool.mutex)); ut_d(buf_pool.assert_all_freed()); - - ut_a(lsn == log_get_lsn() - || srv_force_recovery == SRV_FORCE_NO_LOG_REDO); - - if (UNIV_UNLIKELY(lsn < recv_sys.lsn)) { - sql_print_error("InnoDB: Shutdown LSN=" LSN_PF - " is less than start LSN=" LSN_PF, - lsn, recv_sys.lsn); - } - - srv_shutdown_lsn = lsn; - - /* Make some checks that the server really is quiet */ - ut_ad(!srv_any_background_activity()); - - ut_a(lsn == log_get_lsn() + ut_d(mysql_mutex_unlock(&buf_pool.mutex)); + ut_a(lsn == log_sys.last_checkpoint_lsn + SIZE_OF_FILE_CHECKPOINT + + 8 * log_sys.is_encrypted() || srv_force_recovery == SRV_FORCE_NO_LOG_REDO); + ut_a(lsn >= recv_sys.lsn); + return lsn; } /******************************************************//** @@ -1542,7 +1520,7 @@ /*======*/ FILE* file) /*!< in: file where to print */ { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const lsn_t lsn= log_sys.get_lsn(); mysql_mutex_lock(&buf_pool.flush_list_mutex); diff -Nru mariadb-11.8.6/storage/innobase/log/log0recv.cc mariadb-11.8.8/storage/innobase/log/log0recv.cc --- mariadb-11.8.6/storage/innobase/log/log0recv.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/log/log0recv.cc 2026-05-24 09:58:32.000000000 +0000 @@ -799,7 +799,7 @@ log_sys.latch.wr_unlock(); fil_space_t *space= fil_system.sys_space; buf_block_t *free_block= buf_LRU_get_free_block(have_no_mutex); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); mysql_mutex_lock(&recv_sys.mutex); for (auto d= defers.begin(); d != defers.end(); ) @@ -1598,7 +1598,7 @@ if (o >= 0x80c && (o & ~511) + 512 < log_size) { max_no= checkpoint_no; - log_sys.next_checkpoint_lsn= mach_read_from_8(buf + CHECKPOINT_LSN); + log_sys.last_checkpoint_lsn= mach_read_from_8(buf + CHECKPOINT_LSN); source_offset= o; } } @@ -1607,7 +1607,7 @@ ? "InnoDB: Upgrade after a crash is not supported." : "mariadb-backup --prepare is not possible."; - if (!log_sys.next_checkpoint_lsn) + if (!log_sys.last_checkpoint_lsn) { sql_print_error("%s" " This redo log was created before MariaDB 10.2.2," @@ -1630,7 +1630,7 @@ if (log_block_calc_checksum_format_0(buf) != mach_read_from_4(my_assume_aligned<4>(buf + 508)) && - !log_crypt_101_read_block(buf, log_sys.next_checkpoint_lsn)) + !log_crypt_101_read_block(buf, log_sys.last_checkpoint_lsn)) { sql_print_error("%s%s, and it appears corrupted.", uag, pre_10_2); return DB_CORRUPTION; @@ -1677,7 +1677,7 @@ } if (log_sys.is_encrypted() && - !log_decrypt(buf, log_sys.next_checkpoint_lsn & ~511, 512)) + !log_decrypt(buf, log_sys.last_checkpoint_lsn & ~511, 512)) return DB_ERROR; /* On a clean shutdown, the redo log will be logically empty @@ -1752,14 +1752,14 @@ { if (wrong_size) return DB_CORRUPTION; - lsn= log_sys.next_checkpoint_lsn; + lsn= log_sys.last_checkpoint_lsn; log_sys.format= log_t::FORMAT_3_23; goto upgrade; } } else ut_ad(srv_operation == SRV_OPERATION_BACKUP); - log_sys.next_checkpoint_lsn= 0; + log_sys.last_checkpoint_lsn= 0; lsn= 0; buf= my_assume_aligned<4096>(log_sys.buf); if (!log_sys.is_mmap()) @@ -1777,9 +1777,8 @@ upgrade: memset_aligned<4096>(const_cast(field_ref_zero), 0, 4096); /* Mark the redo log for upgrading. */ - log_sys.last_checkpoint_lsn= log_sys.next_checkpoint_lsn; - log_sys.set_recovered_lsn(log_sys.next_checkpoint_lsn); - lsn= file_checkpoint= log_sys.next_checkpoint_lsn; + lsn= file_checkpoint= log_sys.last_checkpoint_lsn; + log_sys.set_recovered_lsn(lsn); if (UNIV_LIKELY(lsn != 0)) scanned_lsn= lsn; log_sys.next_checkpoint_no= 0; @@ -1847,14 +1846,14 @@ continue; } - if (checkpoint_lsn >= log_sys.next_checkpoint_lsn) + if (checkpoint_lsn >= log_sys.last_checkpoint_lsn) { - log_sys.next_checkpoint_lsn= checkpoint_lsn; + log_sys.last_checkpoint_lsn= checkpoint_lsn; log_sys.next_checkpoint_no= field == log_t::CHECKPOINT_1; lsn= end_lsn; } } - if (!log_sys.next_checkpoint_lsn) + if (!log_sys.last_checkpoint_lsn) goto got_no_checkpoint; if (!memcmp(creator, "Backup ", 7)) srv_start_after_restore= true; @@ -1907,14 +1906,14 @@ if (checkpoint_no >= max_no && o >= 0x80c && (o & ~511) + 512 < log_size) { max_no= checkpoint_no; - log_sys.next_checkpoint_lsn= checkpoint_lsn; + log_sys.last_checkpoint_lsn= checkpoint_lsn; log_sys.next_checkpoint_no= field == 512; lsn_offset= mach_read_from_8(b + 16); } } } - if (!log_sys.next_checkpoint_lsn) + if (!log_sys.last_checkpoint_lsn) { got_no_checkpoint: sql_print_error("InnoDB: No valid checkpoint was found;" @@ -2077,7 +2076,7 @@ const size_t available= UT_LIST_GET_LEN(buf_pool.free); mysql_mutex_unlock(&buf_pool.mutex); if (available < pages) - buf_flush_sync_batch(lsn); + buf_flush_sync_batch(lsn, false); } /** Register a redo log snippet for a page. @@ -2475,7 +2474,7 @@ (srv_operation == SRV_OPERATION_BACKUP || srv_operation == SRV_OPERATION_BACKUP_NO_DEFER)); mysql_mutex_assert_owner(&mutex); - ut_ad(log_sys.next_checkpoint_lsn); + ut_ad(log_sys.last_checkpoint_lsn); ut_ad(log_sys.is_recoverable()); ut_ad(log_sys.format == format); @@ -2728,17 +2727,11 @@ { if (UNIV_UNLIKELY(srv_print_verbose_log == 2)) fprintf(stderr, "FILE_CHECKPOINT(" LSN_PF ") %s at " LSN_PF "\n", - c, c != log_sys.next_checkpoint_lsn + c, c != log_sys.last_checkpoint_lsn ? "ignored" : recv_sys.file_checkpoint ? "reread" : "read", recv_sys.lsn); - DBUG_PRINT("ib_log", - ("FILE_CHECKPOINT(" LSN_PF ") %s at " LSN_PF, - c, c != log_sys.next_checkpoint_lsn - ? "ignored" : recv_sys.file_checkpoint ? "reread" : "read", - recv_sys.lsn)); - - if (c == log_sys.next_checkpoint_lsn) + if (c == log_sys.last_checkpoint_lsn) { /* There can be multiple FILE_CHECKPOINT for the same LSN. */ if (!recv_sys.file_checkpoint) @@ -3809,7 +3802,7 @@ unlock_relock: mysql_mutex_unlock(&mutex); relock: - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); relock_last: mysql_mutex_lock(&mutex); get_last: @@ -4031,6 +4024,30 @@ mysql_mutex_unlock(&buf_pool.flush_list_mutex); } +/** Invalidate all pages in the buffer pool. +All pages must be replaceable (not modified, latched, or io-fixed). */ +ATTRIBUTE_COLD static void buf_pool_invalidate() noexcept +{ + mysql_mutex_lock(&buf_pool.mutex); + ut_ad(!os_aio_pending_reads()); + /* os_aio_pending_writes() may hold here if some write_io_callback() + did not release the slot yet. However, buf_flush_sync_batch() waited + for the page write itself to complete, which we will check below. */ + ut_d(buf_pool.assert_all_freed()); + + while (UT_LIST_GET_LEN(buf_pool.LRU)) + buf_LRU_scan_and_free_block(); + + ut_ad(UT_LIST_GET_LEN(buf_pool.unzip_LRU) == 0); + + buf_pool.freed_page_clock= 0; + buf_pool.LRU_old= nullptr; + buf_pool.LRU_old_len= 0; + buf_pool.stat.init(); + buf_refresh_io_stats(); + mysql_mutex_unlock(&buf_pool.mutex); +} + /** Apply buffered log to persistent data pages. @param last_batch whether it is possible to write more redo log */ void recv_sys_t::apply(bool last_batch) @@ -4122,7 +4139,7 @@ recv_sys.mutex. */ free_block= buf_LRU_get_free_block(have_no_mutex); if (!last_batch) - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); mysql_mutex_lock(&mutex); pages_it= pages.begin(); } @@ -4171,13 +4188,13 @@ if (!last_batch) { - buf_flush_sync_batch(lsn); + buf_flush_sync_batch(lsn, false); buf_pool_invalidate(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); } else if (srv_operation == SRV_OPERATION_RESTORE || srv_operation == SRV_OPERATION_RESTORE_EXPORT) - buf_flush_sync_batch(lsn); + buf_flush_sync_batch(lsn, false); else /* Instead of flushing, last_batch sorts the buf_pool.flush_list in ascending order of buf_page_t::oldest_modification. */ @@ -4271,7 +4288,7 @@ if (UNIV_UNLIKELY(!recv_needed_recovery)) { ut_ad(!last_phase); - ut_ad(recv_sys.lsn >= log_sys.next_checkpoint_lsn); + ut_ad(recv_sys.lsn >= log_sys.last_checkpoint_lsn); if (!store) { @@ -4299,7 +4316,7 @@ { recv_sys.set_corrupt_log(); sql_print_error("InnoDB: Missing FILE_CHECKPOINT(" LSN_PF - ") at " LSN_PF, log_sys.next_checkpoint_lsn, + ") at " LSN_PF, log_sys.last_checkpoint_lsn.load(), recv_sys.lsn); } mysql_mutex_unlock(&recv_sys.mutex); @@ -4324,7 +4341,7 @@ } sql_print_information("InnoDB: Starting crash recovery from" " checkpoint LSN=" LSN_PF, - log_sys.next_checkpoint_lsn); + log_sys.last_checkpoint_lsn.load()); } } } @@ -4699,30 +4716,6 @@ return err; } -dberr_t recv_recovery_read_checkpoint() -{ - ut_ad(srv_operation <= SRV_OPERATION_EXPORT_RESTORED || - srv_operation == SRV_OPERATION_RESTORE || - srv_operation == SRV_OPERATION_RESTORE_EXPORT); - ut_ad(!recv_sys.recovery_on); - ut_d(mysql_mutex_lock(&buf_pool.mutex)); - ut_ad(UT_LIST_GET_LEN(buf_pool.LRU) == 0); - ut_ad(UT_LIST_GET_LEN(buf_pool.unzip_LRU) == 0); - ut_d(mysql_mutex_unlock(&buf_pool.mutex)); - - if (srv_force_recovery >= SRV_FORCE_NO_LOG_REDO) - { - sql_print_information("InnoDB: innodb_force_recovery=6" - " skips redo log apply"); - return DB_SUCCESS; - } - - log_sys.latch.wr_lock(SRW_LOCK_CALL); - dberr_t err= recv_sys.find_checkpoint(); - log_sys.latch.wr_unlock(); - return err; -} - inline void log_t::set_recovered() noexcept { ut_ad(get_flushed_lsn() == get_lsn()); @@ -4743,13 +4736,14 @@ inline bool recv_sys_t::validate_checkpoint() const noexcept { - if (lsn >= file_checkpoint && lsn >= log_sys.next_checkpoint_lsn) + const lsn_t last_checkpoint_lsn{log_sys.last_checkpoint_lsn}; + if (lsn >= file_checkpoint && lsn >= last_checkpoint_lsn) return false; sql_print_error("InnoDB: The log was only scanned up to " LSN_PF ", while the current LSN at the " "time of the latest checkpoint " LSN_PF " was " LSN_PF "!", - lsn, log_sys.next_checkpoint_lsn, file_checkpoint); + lsn, last_checkpoint_lsn, file_checkpoint); return true; } @@ -4796,7 +4790,7 @@ recv_sys.recovery_on = true; - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); log_sys.set_capacity(); /* Start reading the log from the checkpoint lsn. */ @@ -4813,8 +4807,7 @@ if (log_sys.is_recoverable()) { const bool rewind = recv_sys.lsn - != log_sys.next_checkpoint_lsn; - log_sys.last_checkpoint_lsn = log_sys.next_checkpoint_lsn; + != log_sys.last_checkpoint_lsn; parser[false] = get_parse_mmap(); parser[true] = get_parse_mmap(); recv_scan_log(false, parser); @@ -4836,7 +4829,7 @@ ut_ad(recv_sys.file_checkpoint); ut_ad(log_sys.get_flushed_lsn() >= recv_sys.scanned_lsn); if (rewind) { - recv_sys.lsn = log_sys.next_checkpoint_lsn; + recv_sys.lsn = log_sys.last_checkpoint_lsn; recv_sys.offset = 0; recv_sys.len = 0; } @@ -4898,7 +4891,7 @@ mysql_mutex_lock(&recv_sys.mutex); ut_ad(log_sys.get_flushed_lsn() >= recv_sys.lsn); recv_sys.clear(); - recv_sys.lsn = log_sys.next_checkpoint_lsn; + recv_sys.lsn = log_sys.last_checkpoint_lsn; mysql_mutex_unlock(&recv_sys.mutex); } @@ -5121,7 +5114,7 @@ continue; } - if (lsn > max_lsn || lsn < log_sys.next_checkpoint_lsn || + if (lsn > max_lsn || lsn < log_sys.last_checkpoint_lsn || !validate_page(page_id, max_lsn, space, page, tmp_buf)) { /* Mark processed for subsequent iterations in buf_dblwr_t::recover() */ diff -Nru mariadb-11.8.6/storage/innobase/mem/mem0mem.cc mariadb-11.8.8/storage/innobase/mem/mem0mem.cc --- mariadb-11.8.6/storage/innobase/mem/mem0mem.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/mem/mem0mem.cc 2026-05-24 09:58:32.000000000 +0000 @@ -125,7 +125,8 @@ val = va_arg(ap, unsigned long); - plen = size_t(sprintf(tmp, "%lu", val)); + plen = size_t(snprintf(tmp, sizeof(tmp), + "%lu", val)); len += plen; if (buf) { diff -Nru mariadb-11.8.6/storage/innobase/mtr/mtr0mtr.cc mariadb-11.8.8/storage/innobase/mtr/mtr0mtr.cc --- mariadb-11.8.6/storage/innobase/mtr/mtr0mtr.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/mtr/mtr0mtr.cc 2026-05-24 09:58:32.000000000 +0000 @@ -253,7 +253,7 @@ { if (block->page.oldest_modification() <= 1) { - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); /* For unlogged mtrs (MTR_LOG_NO_REDO), we use the current system LSN. The mtr that generated the LSN is either already committed or in mtr_t::commit. Shared latch and relaxed atomics should be fine here as it is guaranteed @@ -555,7 +555,7 @@ log_write_and_flush_prepare(); m_latch_ex= true; - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const lsn_t start_lsn= do_write().first; ut_d(m_log.erase()); @@ -673,7 +673,7 @@ const size_t size{crypt ? 8 + encrypt() : crc32c()}; log_write_and_flush_prepare(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); finish_write(size); if (!name && space.max_lsn) @@ -879,7 +879,7 @@ if (!late) { /* Wait for all threads to back off. */ - latch.wr_lock(SRW_LOCK_CALL); + latch.wr_lock(); goto got_ex; } @@ -931,13 +931,13 @@ log_write_up_to(lsn, false); if (ex) { - latch.wr_lock(SRW_LOCK_CALL); + latch.wr_lock(); return; } } done: - latch.rd_lock(SRW_LOCK_CALL); + latch.rd_lock(); } /** Reserve space in the log buffer for appending data. @@ -1014,7 +1014,7 @@ limit (lsn - log_sys.max_checkpoint_age) in order to minimize the synchronous wait time. */ if (furious) - log_sys.set_check_for_checkpoint(); + log_sys.set_check_for_checkpoint(true); return ((lsn - max_age) & ~lsn_t{1}) | lsn_t{furious}; } @@ -1091,7 +1091,7 @@ const size_t len{log_sys.is_encrypted() ? 8 + encrypt() : crc32c()}; if (!m_latch_ex) - log_sys.latch.rd_lock(SRW_LOCK_CALL); + log_sys.latch.rd_lock(); if (UNIV_UNLIKELY(m_user_space && !m_user_space->max_lsn && !srv_is_undo_tablespace((m_user_space->id)))) @@ -1100,7 +1100,7 @@ { m_latch_ex= true; log_sys.latch.rd_unlock(); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); if (UNIV_UNLIKELY(m_user_space->max_lsn != 0)) goto func_exit; } diff -Nru mariadb-11.8.6/storage/innobase/os/os0file.cc mariadb-11.8.8/storage/innobase/os/os0file.cc --- mariadb-11.8.6/storage/innobase/os/os0file.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/os/os0file.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1625,8 +1625,7 @@ /* Write buffer full of zeros */ memset(buf, 0, buf_size); - while (current_size < size - && srv_shutdown_state <= SRV_SHUTDOWN_INITIATED) { + while (current_size < size) { ulint n_bytes; if (size - current_size < (os_offset_t) buf_size) { diff -Nru mariadb-11.8.6/storage/innobase/pars/lexyy.cc mariadb-11.8.8/storage/innobase/pars/lexyy.cc --- mariadb-11.8.6/storage/innobase/pars/lexyy.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/pars/lexyy.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1,7 +1,5 @@ #include "univ.i" -#line 2 "lexyy.cc" -#line 4 "lexyy.cc" #define YY_INT_ALIGNED short int @@ -769,7 +767,6 @@ #define YY_MORE_ADJ 0 #define YY_RESTORE_YY_MORE_OFFSET static char *yytext; -#line 1 "pars0lex.l" /***************************************************************************** Copyright (c) 1997, 2014, Oracle and/or its affiliates. All Rights Reserved. @@ -808,7 +805,6 @@ *******************************************************/ #define YY_NO_INPUT 1 #define YY_NO_UNISTD_H 1 -#line 54 "pars0lex.l" #define YYSTYPE que_node_t* #include "univ.i" @@ -855,9 +851,7 @@ stringbuf_len += len; } -#line 859 "lexyy.cc" -#line 861 "lexyy.cc" #define INITIAL 0 #define comment 1 @@ -1075,10 +1069,8 @@ } { -#line 112 "pars0lex.l" -#line 1082 "lexyy.cc" while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { @@ -1133,7 +1125,6 @@ case 1: YY_RULE_SETUP -#line 114 "pars0lex.l" { yylval = sym_tab_add_int_lit(pars_sym_tab_global, atoi(yytext)); @@ -1142,7 +1133,6 @@ YY_BREAK case 2: YY_RULE_SETUP -#line 120 "pars0lex.l" { ut_error; /* not implemented */ @@ -1151,7 +1141,6 @@ YY_BREAK case 3: YY_RULE_SETUP -#line 126 "pars0lex.l" { ulint type; @@ -1163,7 +1152,6 @@ YY_BREAK case 4: YY_RULE_SETUP -#line 135 "pars0lex.l" { yylval = sym_tab_add_bound_id(pars_sym_tab_global, yytext + 1); @@ -1173,7 +1161,6 @@ YY_BREAK case 5: YY_RULE_SETUP -#line 142 "pars0lex.l" { /* Quoted character string literals are handled in an explicit start state 'quoted'. This state is entered and the buffer for @@ -1187,7 +1174,6 @@ case 6: /* rule 6 can match eol */ YY_RULE_SETUP -#line 151 "pars0lex.l" { /* Got a sequence of characters other than "'": append to string buffer */ @@ -1196,7 +1182,6 @@ YY_BREAK case 7: YY_RULE_SETUP -#line 156 "pars0lex.l" { /* Got a sequence of "'" characters: append half of them to string buffer, @@ -1223,7 +1208,6 @@ YY_BREAK case 8: YY_RULE_SETUP -#line 180 "pars0lex.l" { /* Quoted identifiers are handled in an explicit start state 'id'. This state is entered and the buffer for the scanned string is emptied @@ -1237,7 +1221,6 @@ case 9: /* rule 9 can match eol */ YY_RULE_SETUP -#line 189 "pars0lex.l" { /* Got a sequence of characters other than '"': append to string buffer */ @@ -1246,7 +1229,6 @@ YY_BREAK case 10: YY_RULE_SETUP -#line 194 "pars0lex.l" { /* Got a sequence of '"' characters: append half of them to string buffer, @@ -1274,7 +1256,6 @@ YY_BREAK case 11: YY_RULE_SETUP -#line 219 "pars0lex.l" { yylval = sym_tab_add_null_lit(pars_sym_tab_global); @@ -1283,7 +1264,6 @@ YY_BREAK case 12: YY_RULE_SETUP -#line 225 "pars0lex.l" { /* Implicit cursor name */ yylval = sym_tab_add_str_lit(pars_sym_tab_global, @@ -1293,434 +1273,372 @@ YY_BREAK case 13: YY_RULE_SETUP -#line 232 "pars0lex.l" { return(PARS_AND_TOKEN); } YY_BREAK case 14: YY_RULE_SETUP -#line 236 "pars0lex.l" { return(PARS_OR_TOKEN); } YY_BREAK case 15: YY_RULE_SETUP -#line 240 "pars0lex.l" { return(PARS_NOT_TOKEN); } YY_BREAK case 16: YY_RULE_SETUP -#line 244 "pars0lex.l" { return(PARS_PROCEDURE_TOKEN); } YY_BREAK case 17: YY_RULE_SETUP -#line 248 "pars0lex.l" { return(PARS_IN_TOKEN); } YY_BREAK case 18: YY_RULE_SETUP -#line 252 "pars0lex.l" { return(PARS_INT_TOKEN); } YY_BREAK case 19: YY_RULE_SETUP -#line 256 "pars0lex.l" { return(PARS_CHAR_TOKEN); } YY_BREAK case 20: YY_RULE_SETUP -#line 260 "pars0lex.l" { return(PARS_IS_TOKEN); } YY_BREAK case 21: YY_RULE_SETUP -#line 264 "pars0lex.l" { return(PARS_BEGIN_TOKEN); } YY_BREAK case 22: YY_RULE_SETUP -#line 268 "pars0lex.l" { return(PARS_END_TOKEN); } YY_BREAK case 23: YY_RULE_SETUP -#line 272 "pars0lex.l" { return(PARS_IF_TOKEN); } YY_BREAK case 24: YY_RULE_SETUP -#line 276 "pars0lex.l" { return(PARS_THEN_TOKEN); } YY_BREAK case 25: YY_RULE_SETUP -#line 280 "pars0lex.l" { return(PARS_ELSE_TOKEN); } YY_BREAK case 26: YY_RULE_SETUP -#line 284 "pars0lex.l" { return(PARS_ELSIF_TOKEN); } YY_BREAK case 27: YY_RULE_SETUP -#line 288 "pars0lex.l" { return(PARS_LOOP_TOKEN); } YY_BREAK case 28: YY_RULE_SETUP -#line 292 "pars0lex.l" { return(PARS_WHILE_TOKEN); } YY_BREAK case 29: YY_RULE_SETUP -#line 296 "pars0lex.l" { return(PARS_RETURN_TOKEN); } YY_BREAK case 30: YY_RULE_SETUP -#line 300 "pars0lex.l" { return(PARS_SELECT_TOKEN); } YY_BREAK case 31: YY_RULE_SETUP -#line 304 "pars0lex.l" { return(PARS_COUNT_TOKEN); } YY_BREAK case 32: YY_RULE_SETUP -#line 308 "pars0lex.l" { return(PARS_FROM_TOKEN); } YY_BREAK case 33: YY_RULE_SETUP -#line 312 "pars0lex.l" { return(PARS_WHERE_TOKEN); } YY_BREAK case 34: YY_RULE_SETUP -#line 316 "pars0lex.l" { return(PARS_FOR_TOKEN); } YY_BREAK case 35: YY_RULE_SETUP -#line 320 "pars0lex.l" { return(PARS_ORDER_TOKEN); } YY_BREAK case 36: YY_RULE_SETUP -#line 324 "pars0lex.l" { return(PARS_BY_TOKEN); } YY_BREAK case 37: YY_RULE_SETUP -#line 328 "pars0lex.l" { return(PARS_ASC_TOKEN); } YY_BREAK case 38: YY_RULE_SETUP -#line 332 "pars0lex.l" { return(PARS_DESC_TOKEN); } YY_BREAK case 39: YY_RULE_SETUP -#line 336 "pars0lex.l" { return(PARS_INSERT_TOKEN); } YY_BREAK case 40: YY_RULE_SETUP -#line 340 "pars0lex.l" { return(PARS_INTO_TOKEN); } YY_BREAK case 41: YY_RULE_SETUP -#line 344 "pars0lex.l" { return(PARS_VALUES_TOKEN); } YY_BREAK case 42: YY_RULE_SETUP -#line 348 "pars0lex.l" { return(PARS_UPDATE_TOKEN); } YY_BREAK case 43: YY_RULE_SETUP -#line 352 "pars0lex.l" { return(PARS_SET_TOKEN); } YY_BREAK case 44: YY_RULE_SETUP -#line 356 "pars0lex.l" { return(PARS_DELETE_TOKEN); } YY_BREAK case 45: YY_RULE_SETUP -#line 360 "pars0lex.l" { return(PARS_CURRENT_TOKEN); } YY_BREAK case 46: YY_RULE_SETUP -#line 364 "pars0lex.l" { return(PARS_OF_TOKEN); } YY_BREAK case 47: YY_RULE_SETUP -#line 368 "pars0lex.l" { return(PARS_CREATE_TOKEN); } YY_BREAK case 48: YY_RULE_SETUP -#line 372 "pars0lex.l" { return(PARS_TABLE_TOKEN); } YY_BREAK case 49: YY_RULE_SETUP -#line 376 "pars0lex.l" { return(PARS_INDEX_TOKEN); } YY_BREAK case 50: YY_RULE_SETUP -#line 380 "pars0lex.l" { return(PARS_UNIQUE_TOKEN); } YY_BREAK case 51: YY_RULE_SETUP -#line 384 "pars0lex.l" { return(PARS_CLUSTERED_TOKEN); } YY_BREAK case 52: YY_RULE_SETUP -#line 388 "pars0lex.l" { return(PARS_ON_TOKEN); } YY_BREAK case 53: YY_RULE_SETUP -#line 392 "pars0lex.l" { return(PARS_DECLARE_TOKEN); } YY_BREAK case 54: YY_RULE_SETUP -#line 396 "pars0lex.l" { return(PARS_CURSOR_TOKEN); } YY_BREAK case 55: YY_RULE_SETUP -#line 400 "pars0lex.l" { return(PARS_OPEN_TOKEN); } YY_BREAK case 56: YY_RULE_SETUP -#line 404 "pars0lex.l" { return(PARS_FETCH_TOKEN); } YY_BREAK case 57: YY_RULE_SETUP -#line 408 "pars0lex.l" { return(PARS_CLOSE_TOKEN); } YY_BREAK case 58: YY_RULE_SETUP -#line 412 "pars0lex.l" { return(PARS_NOTFOUND_TOKEN); } YY_BREAK case 59: YY_RULE_SETUP -#line 416 "pars0lex.l" { return(PARS_TO_BINARY_TOKEN); } YY_BREAK case 60: YY_RULE_SETUP -#line 420 "pars0lex.l" { return(PARS_SUBSTR_TOKEN); } YY_BREAK case 61: YY_RULE_SETUP -#line 424 "pars0lex.l" { return(PARS_CONCAT_TOKEN); } YY_BREAK case 62: YY_RULE_SETUP -#line 428 "pars0lex.l" { return(PARS_INSTR_TOKEN); } YY_BREAK case 63: YY_RULE_SETUP -#line 432 "pars0lex.l" { return(PARS_LENGTH_TOKEN); } YY_BREAK case 64: YY_RULE_SETUP -#line 436 "pars0lex.l" { return(PARS_COMMIT_TOKEN); } YY_BREAK case 65: YY_RULE_SETUP -#line 440 "pars0lex.l" { return(PARS_ROLLBACK_TOKEN); } YY_BREAK case 66: YY_RULE_SETUP -#line 444 "pars0lex.l" { return(PARS_WORK_TOKEN); } YY_BREAK case 67: YY_RULE_SETUP -#line 448 "pars0lex.l" { return(PARS_EXIT_TOKEN); } YY_BREAK case 68: YY_RULE_SETUP -#line 452 "pars0lex.l" { return(PARS_FUNCTION_TOKEN); } YY_BREAK case 69: YY_RULE_SETUP -#line 456 "pars0lex.l" { return(PARS_LOCK_TOKEN); } YY_BREAK case 70: YY_RULE_SETUP -#line 460 "pars0lex.l" { return(PARS_SHARE_TOKEN); } YY_BREAK case 71: YY_RULE_SETUP -#line 464 "pars0lex.l" { return(PARS_MODE_TOKEN); } YY_BREAK case 72: YY_RULE_SETUP -#line 468 "pars0lex.l" { return(PARS_LIKE_TOKEN); } YY_BREAK case 73: YY_RULE_SETUP -#line 472 "pars0lex.l" { return(PARS_BIGINT_TOKEN); } YY_BREAK case 74: YY_RULE_SETUP -#line 476 "pars0lex.l" { yylval = sym_tab_add_id(pars_sym_tab_global, (byte*) yytext, @@ -1730,7 +1648,6 @@ YY_BREAK case 75: YY_RULE_SETUP -#line 483 "pars0lex.l" { yylval = sym_tab_add_id(pars_sym_tab_global, (byte*) yytext, @@ -1740,42 +1657,36 @@ YY_BREAK case 76: YY_RULE_SETUP -#line 490 "pars0lex.l" { return(PARS_DDOT_TOKEN); } YY_BREAK case 77: YY_RULE_SETUP -#line 494 "pars0lex.l" { return(PARS_ASSIGN_TOKEN); } YY_BREAK case 78: YY_RULE_SETUP -#line 498 "pars0lex.l" { return(PARS_LE_TOKEN); } YY_BREAK case 79: YY_RULE_SETUP -#line 502 "pars0lex.l" { return(PARS_GE_TOKEN); } YY_BREAK case 80: YY_RULE_SETUP -#line 506 "pars0lex.l" { return(PARS_NE_TOKEN); } YY_BREAK case 81: YY_RULE_SETUP -#line 510 "pars0lex.l" { return((int)(*yytext)); @@ -1783,7 +1694,6 @@ YY_BREAK case 82: YY_RULE_SETUP -#line 515 "pars0lex.l" { return((int)(*yytext)); @@ -1791,7 +1701,6 @@ YY_BREAK case 83: YY_RULE_SETUP -#line 520 "pars0lex.l" { return((int)(*yytext)); @@ -1799,7 +1708,6 @@ YY_BREAK case 84: YY_RULE_SETUP -#line 525 "pars0lex.l" { return((int)(*yytext)); @@ -1807,7 +1715,6 @@ YY_BREAK case 85: YY_RULE_SETUP -#line 530 "pars0lex.l" { return((int)(*yytext)); @@ -1815,7 +1722,6 @@ YY_BREAK case 86: YY_RULE_SETUP -#line 535 "pars0lex.l" { return((int)(*yytext)); @@ -1823,7 +1729,6 @@ YY_BREAK case 87: YY_RULE_SETUP -#line 540 "pars0lex.l" { return((int)(*yytext)); @@ -1831,7 +1736,6 @@ YY_BREAK case 88: YY_RULE_SETUP -#line 545 "pars0lex.l" { return((int)(*yytext)); @@ -1839,7 +1743,6 @@ YY_BREAK case 89: YY_RULE_SETUP -#line 550 "pars0lex.l" { return((int)(*yytext)); @@ -1847,7 +1750,6 @@ YY_BREAK case 90: YY_RULE_SETUP -#line 555 "pars0lex.l" { return((int)(*yytext)); @@ -1855,7 +1757,6 @@ YY_BREAK case 91: YY_RULE_SETUP -#line 560 "pars0lex.l" { return((int)(*yytext)); @@ -1863,7 +1764,6 @@ YY_BREAK case 92: YY_RULE_SETUP -#line 565 "pars0lex.l" { return((int)(*yytext)); @@ -1871,7 +1771,6 @@ YY_BREAK case 93: YY_RULE_SETUP -#line 570 "pars0lex.l" { return((int)(*yytext)); @@ -1879,7 +1778,6 @@ YY_BREAK case 94: YY_RULE_SETUP -#line 575 "pars0lex.l" { return((int)(*yytext)); @@ -1887,7 +1785,6 @@ YY_BREAK case 95: YY_RULE_SETUP -#line 580 "pars0lex.l" { return((int)(*yytext)); @@ -1895,35 +1792,29 @@ YY_BREAK case 96: YY_RULE_SETUP -#line 585 "pars0lex.l" BEGIN(comment); /* eat up comment */ YY_BREAK case 97: /* rule 97 can match eol */ YY_RULE_SETUP -#line 587 "pars0lex.l" YY_BREAK case 98: /* rule 98 can match eol */ YY_RULE_SETUP -#line 588 "pars0lex.l" YY_BREAK case 99: YY_RULE_SETUP -#line 589 "pars0lex.l" BEGIN(INITIAL); YY_BREAK case 100: /* rule 100 can match eol */ YY_RULE_SETUP -#line 591 "pars0lex.l" /* eat up whitespace */ YY_BREAK case 101: YY_RULE_SETUP -#line 594 "pars0lex.l" { fprintf(stderr,"Unrecognized character: %02x\n", *yytext); @@ -1935,10 +1826,8 @@ YY_BREAK case 102: YY_RULE_SETUP -#line 603 "pars0lex.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1942 "lexyy.cc" case YY_STATE_EOF(INITIAL): case YY_STATE_EOF(comment): case YY_STATE_EOF(quoted): @@ -2436,7 +2325,10 @@ */ b->yy_ch_buf = (char *) yyalloc( (yy_size_t) (b->yy_buf_size + 2) ); if ( ! b->yy_ch_buf ) + { + yyfree(b); YY_FATAL_ERROR( "out of dynamic memory in yy_create_buffer()" ); + } b->yy_is_our_buffer = 1; @@ -2824,7 +2716,6 @@ #define YYTABLES_NAME "yytables" -#line 603 "pars0lex.l" /********************************************************************** diff -Nru mariadb-11.8.6/storage/innobase/pars/make_bison.sh mariadb-11.8.8/storage/innobase/pars/make_bison.sh --- mariadb-11.8.6/storage/innobase/pars/make_bison.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/pars/make_bison.sh 2026-05-24 09:58:32.000000000 +0000 @@ -27,6 +27,7 @@ s/'"$TMPFILE"'/'"$OUTFILE"'/; s/'"pars0grm.tab.h"'/'"pars0grm.h"'/; s/^\(\(YYSTYPE\|int\) yy\(char\|nerrs\)\)/static \1/; +/^#line /d; ' < "$TMPFILE" > "$OUTFILE" rm "$TMPFILE" diff -Nru mariadb-11.8.6/storage/innobase/pars/make_flex.sh mariadb-11.8.8/storage/innobase/pars/make_flex.sh --- mariadb-11.8.6/storage/innobase/pars/make_flex.sh 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/pars/make_flex.sh 2026-05-24 09:58:32.000000000 +0000 @@ -45,6 +45,7 @@ s/^\(\(FILE\|char\) *\* *yyget\)/MY_ATTRIBUTE((unused)) static \1/; s/^extern \(\(FILE\|char\) *\* *yy\).*//; s/^\(FILE\|char\) *\* *yy/static &/; +/^# line/d; ' < $TMPFILE >> $OUTFILE rm $TMPFILE diff -Nru mariadb-11.8.6/storage/innobase/pars/pars0grm.cc mariadb-11.8.8/storage/innobase/pars/pars0grm.cc --- mariadb-11.8.6/storage/innobase/pars/pars0grm.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/pars/pars0grm.cc 2026-05-24 09:58:32.000000000 +0000 @@ -67,7 +67,6 @@ /* First part of user prologue. */ -#line 29 "pars0grm.y" /* The value of the semantic attribute is a pointer to a query tree node que_node_t */ @@ -90,7 +89,6 @@ int yylex(void); -#line 90 "pars0grm.cc" # ifndef YY_CAST # ifdef __cplusplus @@ -1543,374 +1541,253 @@ switch (yyn) { case 22: /* statement_list: statement */ -#line 165 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 1545 "pars0grm.cc" break; case 23: /* statement_list: statement_list statement */ -#line 167 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-1], yyvsp[0]); } -#line 1551 "pars0grm.cc" break; case 24: /* exp: PARS_ID_TOKEN */ -#line 171 "pars0grm.y" { yyval = yyvsp[0];} -#line 1557 "pars0grm.cc" break; case 25: /* exp: function_name '(' exp_list ')' */ -#line 173 "pars0grm.y" { yyval = pars_func(yyvsp[-3], yyvsp[-1]); } -#line 1563 "pars0grm.cc" break; case 26: /* exp: PARS_INT_LIT */ -#line 174 "pars0grm.y" { yyval = yyvsp[0];} -#line 1569 "pars0grm.cc" break; case 27: /* exp: PARS_FLOAT_LIT */ -#line 175 "pars0grm.y" { yyval = yyvsp[0];} -#line 1575 "pars0grm.cc" break; case 28: /* exp: PARS_STR_LIT */ -#line 176 "pars0grm.y" { yyval = yyvsp[0];} -#line 1581 "pars0grm.cc" break; case 29: /* exp: PARS_NULL_LIT */ -#line 177 "pars0grm.y" { yyval = yyvsp[0];} -#line 1587 "pars0grm.cc" break; case 30: /* exp: PARS_SQL_TOKEN */ -#line 178 "pars0grm.y" { yyval = yyvsp[0];} -#line 1593 "pars0grm.cc" break; case 31: /* exp: exp '+' exp */ -#line 179 "pars0grm.y" { yyval = pars_op('+', yyvsp[-2], yyvsp[0]); } -#line 1599 "pars0grm.cc" break; case 32: /* exp: exp '-' exp */ -#line 180 "pars0grm.y" { yyval = pars_op('-', yyvsp[-2], yyvsp[0]); } -#line 1605 "pars0grm.cc" break; case 33: /* exp: exp '*' exp */ -#line 181 "pars0grm.y" { yyval = pars_op('*', yyvsp[-2], yyvsp[0]); } -#line 1611 "pars0grm.cc" break; case 34: /* exp: exp '/' exp */ -#line 182 "pars0grm.y" { yyval = pars_op('/', yyvsp[-2], yyvsp[0]); } -#line 1617 "pars0grm.cc" break; case 35: /* exp: '-' exp */ -#line 183 "pars0grm.y" { yyval = pars_op('-', yyvsp[0], NULL); } -#line 1623 "pars0grm.cc" break; case 36: /* exp: '(' exp ')' */ -#line 184 "pars0grm.y" { yyval = yyvsp[-1]; } -#line 1629 "pars0grm.cc" break; case 37: /* exp: exp '=' exp */ -#line 185 "pars0grm.y" { yyval = pars_op('=', yyvsp[-2], yyvsp[0]); } -#line 1635 "pars0grm.cc" break; case 38: /* exp: exp PARS_LIKE_TOKEN PARS_STR_LIT */ -#line 187 "pars0grm.y" { yyval = pars_op(PARS_LIKE_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1641 "pars0grm.cc" break; case 39: /* exp: exp '<' exp */ -#line 188 "pars0grm.y" { yyval = pars_op('<', yyvsp[-2], yyvsp[0]); } -#line 1647 "pars0grm.cc" break; case 40: /* exp: exp '>' exp */ -#line 189 "pars0grm.y" { yyval = pars_op('>', yyvsp[-2], yyvsp[0]); } -#line 1653 "pars0grm.cc" break; case 41: /* exp: exp PARS_GE_TOKEN exp */ -#line 190 "pars0grm.y" { yyval = pars_op(PARS_GE_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1659 "pars0grm.cc" break; case 42: /* exp: exp PARS_LE_TOKEN exp */ -#line 191 "pars0grm.y" { yyval = pars_op(PARS_LE_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1665 "pars0grm.cc" break; case 43: /* exp: exp PARS_NE_TOKEN exp */ -#line 192 "pars0grm.y" { yyval = pars_op(PARS_NE_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1671 "pars0grm.cc" break; case 44: /* exp: exp PARS_AND_TOKEN exp */ -#line 193 "pars0grm.y" { yyval = pars_op(PARS_AND_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1677 "pars0grm.cc" break; case 45: /* exp: exp PARS_OR_TOKEN exp */ -#line 194 "pars0grm.y" { yyval = pars_op(PARS_OR_TOKEN, yyvsp[-2], yyvsp[0]); } -#line 1683 "pars0grm.cc" break; case 46: /* exp: PARS_NOT_TOKEN exp */ -#line 195 "pars0grm.y" { yyval = pars_op(PARS_NOT_TOKEN, yyvsp[0], NULL); } -#line 1689 "pars0grm.cc" break; case 47: /* exp: PARS_ID_TOKEN '%' PARS_NOTFOUND_TOKEN */ -#line 197 "pars0grm.y" { yyval = pars_op(PARS_NOTFOUND_TOKEN, yyvsp[-2], NULL); } -#line 1695 "pars0grm.cc" break; case 48: /* exp: PARS_SQL_TOKEN '%' PARS_NOTFOUND_TOKEN */ -#line 199 "pars0grm.y" { yyval = pars_op(PARS_NOTFOUND_TOKEN, yyvsp[-2], NULL); } -#line 1701 "pars0grm.cc" break; case 49: /* function_name: PARS_TO_BINARY_TOKEN */ -#line 203 "pars0grm.y" { yyval = &pars_to_binary_token; } -#line 1707 "pars0grm.cc" break; case 50: /* function_name: PARS_SUBSTR_TOKEN */ -#line 204 "pars0grm.y" { yyval = &pars_substr_token; } -#line 1713 "pars0grm.cc" break; case 51: /* function_name: PARS_CONCAT_TOKEN */ -#line 205 "pars0grm.y" { yyval = &pars_concat_token; } -#line 1719 "pars0grm.cc" break; case 52: /* function_name: PARS_INSTR_TOKEN */ -#line 206 "pars0grm.y" { yyval = &pars_instr_token; } -#line 1725 "pars0grm.cc" break; case 53: /* function_name: PARS_LENGTH_TOKEN */ -#line 207 "pars0grm.y" { yyval = &pars_length_token; } -#line 1731 "pars0grm.cc" break; case 54: /* user_function_call: PARS_ID_TOKEN '(' ')' */ -#line 211 "pars0grm.y" { yyval = yyvsp[-2]; } -#line 1737 "pars0grm.cc" break; case 55: /* table_list: table_name */ -#line 215 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 1743 "pars0grm.cc" break; case 56: /* table_list: table_list ',' table_name */ -#line 217 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 1749 "pars0grm.cc" break; case 57: /* variable_list: %empty */ -#line 221 "pars0grm.y" { yyval = NULL; } -#line 1755 "pars0grm.cc" break; case 58: /* variable_list: PARS_ID_TOKEN */ -#line 222 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 1761 "pars0grm.cc" break; case 59: /* variable_list: variable_list ',' PARS_ID_TOKEN */ -#line 224 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 1767 "pars0grm.cc" break; case 60: /* exp_list: %empty */ -#line 228 "pars0grm.y" { yyval = NULL; } -#line 1773 "pars0grm.cc" break; case 61: /* exp_list: exp */ -#line 229 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]);} -#line 1779 "pars0grm.cc" break; case 62: /* exp_list: exp_list ',' exp */ -#line 230 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 1785 "pars0grm.cc" break; case 63: /* select_item: exp */ -#line 234 "pars0grm.y" { yyval = yyvsp[0]; } -#line 1791 "pars0grm.cc" break; case 64: /* select_item: PARS_COUNT_TOKEN '(' '*' ')' */ -#line 236 "pars0grm.y" { yyval = pars_func(&pars_count_token, que_node_list_add_last(NULL, sym_tab_add_int_lit( pars_sym_tab_global, 1))); } -#line 1800 "pars0grm.cc" break; case 65: /* select_item_list: %empty */ -#line 243 "pars0grm.y" { yyval = NULL; } -#line 1806 "pars0grm.cc" break; case 66: /* select_item_list: select_item */ -#line 244 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 1812 "pars0grm.cc" break; case 67: /* select_item_list: select_item_list ',' select_item */ -#line 246 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 1818 "pars0grm.cc" break; case 68: /* select_list: '*' */ -#line 250 "pars0grm.y" { yyval = pars_select_list(&pars_star_denoter, NULL); } -#line 1825 "pars0grm.cc" break; case 69: /* select_list: select_item_list PARS_INTO_TOKEN variable_list */ -#line 253 "pars0grm.y" { yyval = pars_select_list( yyvsp[-2], static_cast(yyvsp[0])); } -#line 1832 "pars0grm.cc" break; case 70: /* select_list: select_item_list */ -#line 255 "pars0grm.y" { yyval = pars_select_list(yyvsp[0], NULL); } -#line 1838 "pars0grm.cc" break; case 71: /* search_condition: %empty */ -#line 259 "pars0grm.y" { yyval = NULL; } -#line 1844 "pars0grm.cc" break; case 72: /* search_condition: PARS_WHERE_TOKEN exp */ -#line 260 "pars0grm.y" { yyval = yyvsp[0]; } -#line 1850 "pars0grm.cc" break; case 73: /* for_update_clause: %empty */ -#line 264 "pars0grm.y" { yyval = NULL; } -#line 1856 "pars0grm.cc" break; case 74: /* for_update_clause: PARS_FOR_TOKEN PARS_UPDATE_TOKEN */ -#line 266 "pars0grm.y" { yyval = &pars_update_token; } -#line 1862 "pars0grm.cc" break; case 75: /* lock_shared_clause: %empty */ -#line 270 "pars0grm.y" { yyval = NULL; } -#line 1868 "pars0grm.cc" break; case 76: /* lock_shared_clause: PARS_LOCK_TOKEN PARS_IN_TOKEN PARS_SHARE_TOKEN PARS_MODE_TOKEN */ -#line 272 "pars0grm.y" { yyval = &pars_share_token; } -#line 1874 "pars0grm.cc" break; case 77: /* order_direction: %empty */ -#line 276 "pars0grm.y" { yyval = &pars_asc_token; } -#line 1880 "pars0grm.cc" break; case 78: /* order_direction: PARS_ASC_TOKEN */ -#line 277 "pars0grm.y" { yyval = &pars_asc_token; } -#line 1886 "pars0grm.cc" break; case 79: /* order_direction: PARS_DESC_TOKEN */ -#line 278 "pars0grm.y" { yyval = &pars_desc_token; } -#line 1892 "pars0grm.cc" break; case 80: /* order_by_clause: %empty */ -#line 282 "pars0grm.y" { yyval = NULL; } -#line 1898 "pars0grm.cc" break; case 81: /* order_by_clause: PARS_ORDER_TOKEN PARS_BY_TOKEN PARS_ID_TOKEN order_direction */ -#line 284 "pars0grm.y" { yyval = pars_order_by( static_cast(yyvsp[-1]), static_cast(yyvsp[0])); } -#line 1906 "pars0grm.cc" break; case 82: /* select_statement: PARS_SELECT_TOKEN select_list PARS_FROM_TOKEN table_list search_condition for_update_clause lock_shared_clause order_by_clause */ -#line 295 "pars0grm.y" { yyval = pars_select_statement( static_cast(yyvsp[-6]), static_cast(yyvsp[-4]), @@ -1918,395 +1795,283 @@ static_cast(yyvsp[-2]), static_cast(yyvsp[-1]), static_cast(yyvsp[0])); } -#line 1918 "pars0grm.cc" break; case 83: /* insert_statement_start: PARS_INSERT_TOKEN PARS_INTO_TOKEN table_name */ -#line 306 "pars0grm.y" { yyval = yyvsp[0]; } -#line 1924 "pars0grm.cc" break; case 84: /* insert_statement: insert_statement_start PARS_VALUES_TOKEN '(' exp_list ')' */ -#line 311 "pars0grm.y" { yyval = pars_insert_statement( static_cast(yyvsp[-4]), yyvsp[-1], NULL); } -#line 1931 "pars0grm.cc" break; case 85: /* insert_statement: insert_statement_start select_statement */ -#line 314 "pars0grm.y" { yyval = pars_insert_statement( static_cast(yyvsp[-1]), NULL, static_cast(yyvsp[0])); } -#line 1940 "pars0grm.cc" break; case 86: /* column_assignment: PARS_ID_TOKEN '=' exp */ -#line 321 "pars0grm.y" { yyval = pars_column_assignment( static_cast(yyvsp[-2]), static_cast(yyvsp[0])); } -#line 1948 "pars0grm.cc" break; case 87: /* column_assignment_list: column_assignment */ -#line 327 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 1954 "pars0grm.cc" break; case 88: /* column_assignment_list: column_assignment_list ',' column_assignment */ -#line 329 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 1960 "pars0grm.cc" break; case 89: /* cursor_positioned: PARS_WHERE_TOKEN PARS_CURRENT_TOKEN PARS_OF_TOKEN PARS_ID_TOKEN */ -#line 335 "pars0grm.y" { yyval = yyvsp[0]; } -#line 1966 "pars0grm.cc" break; case 90: /* update_statement_start: PARS_UPDATE_TOKEN table_name PARS_SET_TOKEN column_assignment_list */ -#line 341 "pars0grm.y" { yyval = pars_update_statement_start( FALSE, static_cast(yyvsp[-2]), static_cast(yyvsp[0])); } -#line 1975 "pars0grm.cc" break; case 91: /* update_statement_searched: update_statement_start search_condition */ -#line 349 "pars0grm.y" { yyval = pars_update_statement( static_cast(yyvsp[-1]), NULL, static_cast(yyvsp[0])); } -#line 1984 "pars0grm.cc" break; case 92: /* update_statement_positioned: update_statement_start cursor_positioned */ -#line 357 "pars0grm.y" { yyval = pars_update_statement( static_cast(yyvsp[-1]), static_cast(yyvsp[0]), NULL); } -#line 1993 "pars0grm.cc" break; case 93: /* delete_statement_start: PARS_DELETE_TOKEN PARS_FROM_TOKEN table_name */ -#line 365 "pars0grm.y" { yyval = pars_update_statement_start( TRUE, static_cast(yyvsp[0]), NULL); } -#line 2001 "pars0grm.cc" break; case 94: /* delete_statement_searched: delete_statement_start search_condition */ -#line 372 "pars0grm.y" { yyval = pars_update_statement( static_cast(yyvsp[-1]), NULL, static_cast(yyvsp[0])); } -#line 2010 "pars0grm.cc" break; case 95: /* delete_statement_positioned: delete_statement_start cursor_positioned */ -#line 380 "pars0grm.y" { yyval = pars_update_statement( static_cast(yyvsp[-1]), static_cast(yyvsp[0]), NULL); } -#line 2019 "pars0grm.cc" break; case 96: /* assignment_statement: PARS_ID_TOKEN PARS_ASSIGN_TOKEN exp */ -#line 388 "pars0grm.y" { yyval = pars_assignment_statement( static_cast(yyvsp[-2]), static_cast(yyvsp[0])); } -#line 2027 "pars0grm.cc" break; case 97: /* elsif_element: PARS_ELSIF_TOKEN exp PARS_THEN_TOKEN statement_list */ -#line 396 "pars0grm.y" { yyval = pars_elsif_element(yyvsp[-2], yyvsp[0]); } -#line 2033 "pars0grm.cc" break; case 98: /* elsif_list: elsif_element */ -#line 400 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 2039 "pars0grm.cc" break; case 99: /* elsif_list: elsif_list elsif_element */ -#line 402 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-1], yyvsp[0]); } -#line 2045 "pars0grm.cc" break; case 100: /* else_part: %empty */ -#line 406 "pars0grm.y" { yyval = NULL; } -#line 2051 "pars0grm.cc" break; case 101: /* else_part: PARS_ELSE_TOKEN statement_list */ -#line 408 "pars0grm.y" { yyval = yyvsp[0]; } -#line 2057 "pars0grm.cc" break; case 102: /* else_part: elsif_list */ -#line 409 "pars0grm.y" { yyval = yyvsp[0]; } -#line 2063 "pars0grm.cc" break; case 103: /* if_statement: PARS_IF_TOKEN exp PARS_THEN_TOKEN statement_list else_part PARS_END_TOKEN PARS_IF_TOKEN */ -#line 416 "pars0grm.y" { yyval = pars_if_statement(yyvsp[-5], yyvsp[-3], yyvsp[-2]); } -#line 2069 "pars0grm.cc" break; case 104: /* while_statement: PARS_WHILE_TOKEN exp PARS_LOOP_TOKEN statement_list PARS_END_TOKEN PARS_LOOP_TOKEN */ -#line 422 "pars0grm.y" { yyval = pars_while_statement(yyvsp[-4], yyvsp[-2]); } -#line 2075 "pars0grm.cc" break; case 105: /* for_statement: PARS_FOR_TOKEN PARS_ID_TOKEN PARS_IN_TOKEN exp PARS_DDOT_TOKEN exp PARS_LOOP_TOKEN statement_list PARS_END_TOKEN PARS_LOOP_TOKEN */ -#line 430 "pars0grm.y" { yyval = pars_for_statement( static_cast(yyvsp[-8]), yyvsp[-6], yyvsp[-4], yyvsp[-2]); } -#line 2083 "pars0grm.cc" break; case 106: /* exit_statement: PARS_EXIT_TOKEN */ -#line 436 "pars0grm.y" { yyval = pars_exit_statement(); } -#line 2089 "pars0grm.cc" break; case 107: /* return_statement: PARS_RETURN_TOKEN */ -#line 440 "pars0grm.y" { yyval = pars_return_statement(); } -#line 2095 "pars0grm.cc" break; case 108: /* open_cursor_statement: PARS_OPEN_TOKEN PARS_ID_TOKEN */ -#line 445 "pars0grm.y" { yyval = pars_open_statement( ROW_SEL_OPEN_CURSOR, static_cast(yyvsp[0])); } -#line 2103 "pars0grm.cc" break; case 109: /* close_cursor_statement: PARS_CLOSE_TOKEN PARS_ID_TOKEN */ -#line 452 "pars0grm.y" { yyval = pars_open_statement( ROW_SEL_CLOSE_CURSOR, static_cast(yyvsp[0])); } -#line 2111 "pars0grm.cc" break; case 110: /* fetch_statement: PARS_FETCH_TOKEN PARS_ID_TOKEN PARS_INTO_TOKEN variable_list */ -#line 459 "pars0grm.y" { yyval = pars_fetch_statement( static_cast(yyvsp[-2]), static_cast(yyvsp[0]), NULL); } -#line 2119 "pars0grm.cc" break; case 111: /* fetch_statement: PARS_FETCH_TOKEN PARS_ID_TOKEN PARS_INTO_TOKEN user_function_call */ -#line 463 "pars0grm.y" { yyval = pars_fetch_statement( static_cast(yyvsp[-2]), NULL, static_cast(yyvsp[0])); } -#line 2128 "pars0grm.cc" break; case 112: /* column_def: PARS_ID_TOKEN type_name opt_column_len opt_not_null */ -#line 471 "pars0grm.y" { yyval = pars_column_def( static_cast(yyvsp[-3]), static_cast(yyvsp[-2]), static_cast(yyvsp[-1]), yyvsp[0]); } -#line 2138 "pars0grm.cc" break; case 113: /* column_def_list: column_def */ -#line 479 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 2144 "pars0grm.cc" break; case 114: /* column_def_list: column_def_list ',' column_def */ -#line 481 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 2150 "pars0grm.cc" break; case 115: /* opt_column_len: %empty */ -#line 485 "pars0grm.y" { yyval = NULL; } -#line 2156 "pars0grm.cc" break; case 116: /* opt_column_len: '(' PARS_INT_LIT ')' */ -#line 487 "pars0grm.y" { yyval = yyvsp[-1]; } -#line 2162 "pars0grm.cc" break; case 117: /* opt_not_null: %empty */ -#line 491 "pars0grm.y" { yyval = NULL; } -#line 2168 "pars0grm.cc" break; case 118: /* opt_not_null: PARS_NOT_TOKEN PARS_NULL_LIT */ -#line 493 "pars0grm.y" { yyval = &pars_int_token; /* pass any non-NULL pointer */ } -#line 2175 "pars0grm.cc" break; case 119: /* create_table: PARS_CREATE_TOKEN PARS_TABLE_TOKEN table_name '(' column_def_list ')' */ -#line 500 "pars0grm.y" { yyval = pars_create_table( static_cast(yyvsp[-3]), static_cast(yyvsp[-1])); } -#line 2183 "pars0grm.cc" break; case 120: /* column_list: PARS_ID_TOKEN */ -#line 506 "pars0grm.y" { yyval = que_node_list_add_last(NULL, yyvsp[0]); } -#line 2189 "pars0grm.cc" break; case 121: /* column_list: column_list ',' PARS_ID_TOKEN */ -#line 508 "pars0grm.y" { yyval = que_node_list_add_last(yyvsp[-2], yyvsp[0]); } -#line 2195 "pars0grm.cc" break; case 122: /* unique_def: %empty */ -#line 512 "pars0grm.y" { yyval = NULL; } -#line 2201 "pars0grm.cc" break; case 123: /* unique_def: PARS_UNIQUE_TOKEN */ -#line 513 "pars0grm.y" { yyval = &pars_unique_token; } -#line 2207 "pars0grm.cc" break; case 124: /* clustered_def: %empty */ -#line 517 "pars0grm.y" { yyval = NULL; } -#line 2213 "pars0grm.cc" break; case 125: /* clustered_def: PARS_CLUSTERED_TOKEN */ -#line 518 "pars0grm.y" { yyval = &pars_clustered_token; } -#line 2219 "pars0grm.cc" break; case 126: /* create_index: PARS_CREATE_TOKEN unique_def clustered_def PARS_INDEX_TOKEN PARS_ID_TOKEN PARS_ON_TOKEN table_name '(' column_list ')' */ -#line 527 "pars0grm.y" { yyval = pars_create_index( static_cast(yyvsp[-8]), static_cast(yyvsp[-7]), static_cast(yyvsp[-5]), static_cast(yyvsp[-3]), static_cast(yyvsp[-1])); } -#line 2230 "pars0grm.cc" break; case 127: /* table_name: PARS_ID_TOKEN */ -#line 536 "pars0grm.y" { yyval = yyvsp[0]; } -#line 2236 "pars0grm.cc" break; case 128: /* table_name: PARS_TABLE_NAME_TOKEN */ -#line 537 "pars0grm.y" { yyval = yyvsp[0]; } -#line 2242 "pars0grm.cc" break; case 129: /* commit_statement: PARS_COMMIT_TOKEN PARS_WORK_TOKEN */ -#line 542 "pars0grm.y" { yyval = pars_commit_statement(); } -#line 2248 "pars0grm.cc" break; case 130: /* rollback_statement: PARS_ROLLBACK_TOKEN PARS_WORK_TOKEN */ -#line 547 "pars0grm.y" { yyval = pars_rollback_statement(); } -#line 2254 "pars0grm.cc" break; case 131: /* type_name: PARS_INT_TOKEN */ -#line 551 "pars0grm.y" { yyval = &pars_int_token; } -#line 2260 "pars0grm.cc" break; case 132: /* type_name: PARS_BIGINT_TOKEN */ -#line 552 "pars0grm.y" { yyval = &pars_bigint_token; } -#line 2266 "pars0grm.cc" break; case 133: /* type_name: PARS_CHAR_TOKEN */ -#line 553 "pars0grm.y" { yyval = &pars_char_token; } -#line 2272 "pars0grm.cc" break; case 134: /* variable_declaration: PARS_ID_TOKEN type_name ';' */ -#line 558 "pars0grm.y" { yyval = pars_variable_declaration( static_cast(yyvsp[-2]), static_cast(yyvsp[-1])); } -#line 2280 "pars0grm.cc" break; case 138: /* cursor_declaration: PARS_DECLARE_TOKEN PARS_CURSOR_TOKEN PARS_ID_TOKEN PARS_IS_TOKEN select_statement ';' */ -#line 572 "pars0grm.y" { yyval = pars_cursor_declaration( static_cast(yyvsp[-3]), static_cast(yyvsp[-1])); } -#line 2288 "pars0grm.cc" break; case 139: /* function_declaration: PARS_DECLARE_TOKEN PARS_FUNCTION_TOKEN PARS_ID_TOKEN ';' */ -#line 579 "pars0grm.y" { yyval = pars_function_declaration( static_cast(yyvsp[-1])); } -#line 2295 "pars0grm.cc" break; case 145: /* procedure_definition: PARS_PROCEDURE_TOKEN PARS_ID_TOKEN '(' ')' PARS_IS_TOKEN variable_declaration_list declaration_list PARS_BEGIN_TOKEN statement_list PARS_END_TOKEN */ -#line 601 "pars0grm.y" { yyval = pars_procedure_definition( static_cast(yyvsp[-8]), yyvsp[-1]); } -#line 2302 "pars0grm.cc" break; -#line 2306 "pars0grm.cc" default: break; } @@ -2500,5 +2265,4 @@ return yyresult; } -#line 605 "pars0grm.y" diff -Nru mariadb-11.8.6/storage/innobase/row/row0import.cc mariadb-11.8.8/storage/innobase/row/row0import.cc --- mariadb-11.8.6/storage/innobase/row/row0import.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0import.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2577,6 +2577,15 @@ /* Include the NUL byte in the length. */ ulint len = mach_read_from_4(ptr); + if (len == 0 || len > NAME_LEN + 1) { + ib_senderrf( + thd, IB_LOG_LEVEL_ERROR, ER_IO_READ_ERROR, + 0UL, strerror(EINVAL), + "while reading .cfg field name length."); + + return(DB_CORRUPTION); + } + byte* name = UT_NEW_ARRAY_NOKEY(byte, len); /* Trigger OOM */ @@ -2713,7 +2722,7 @@ /* The NUL byte is included in the name length. */ ulint len = mach_read_from_4(ptr); - if (len > OS_FILE_MAX_PATH) { + if (len == 0 || len > NAME_LEN + 1) { ib_errf(thd, IB_LOG_LEVEL_ERROR, ER_INNODB_INDEX_CORRUPT, "Index name length (" ULINTPF ") is too long, " @@ -2901,12 +2910,11 @@ ulint len = mach_read_from_4(ptr); - /* FIXME: What is the maximum column name length? */ - if (len == 0 || len > 128) { - ib_errf(thd, IB_LOG_LEVEL_ERROR, - ER_IO_READ_ERROR, - "Column name length " ULINTPF ", is invalid", - len); + if (len == 0 || len > NAME_LEN + 1) { + ib_senderrf( + thd, IB_LOG_LEVEL_ERROR, ER_IO_READ_ERROR, + 0UL, strerror(EINVAL), + "while reading .cfg column name length."); return(DB_CORRUPTION); } @@ -2972,6 +2980,15 @@ ulint len = mach_read_from_4(value); + if (len == 0 || len > HOSTNAME_LENGTH + 1) { + ib_senderrf( + thd, IB_LOG_LEVEL_ERROR, ER_IO_READ_ERROR, + 0UL, strerror(EINVAL), + "while reading .cfg hostname length."); + + return(DB_CORRUPTION); + } + /* NUL byte is part of name length. */ cfg->m_hostname = UT_NEW_ARRAY_NOKEY(byte, len); @@ -3014,6 +3031,15 @@ len = mach_read_from_4(value); + if (len == 0 || len > MAX_FULL_NAME_LEN + 1) { + ib_senderrf( + thd, IB_LOG_LEVEL_ERROR, ER_IO_READ_ERROR, + 0UL, strerror(EINVAL), + "while reading .cfg table name length."); + + return(DB_CORRUPTION); + } + /* NUL byte is part of name length. */ cfg->m_table_name = UT_NEW_ARRAY_NOKEY(byte, len); diff -Nru mariadb-11.8.6/storage/innobase/row/row0ins.cc mariadb-11.8.8/storage/innobase/row/row0ins.cc --- mariadb-11.8.6/storage/innobase/row/row0ins.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0ins.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2776,7 +2776,13 @@ if (!index->table->n_rec_locks && !index->table->versioned() && !index->table->is_temporary() - && !index->table->has_spatial_index()) { + && !index->table->has_spatial_index() + /* Prevent ALTER IGNORE from using bulk insert + optimization. since it requires to write undo log + for each row operation that's incompatible with + bulk operations */ + && index->table->skip_alter_undo != + dict_table_t::IGNORE_UNDO) { ut_ad(!index->table->skip_alter_undo); trx->bulk_insert = TRX_DML_BULK; @@ -3316,7 +3322,7 @@ skip the undo log and record lock checking for insertion operation. */ - if (index->table->skip_alter_undo) { + if (index->table->skip_alter_undo == dict_table_t::NO_UNDO) { flags |= BTR_NO_UNDO_LOG_FLAG | BTR_NO_LOCKING_FLAG; } diff -Nru mariadb-11.8.6/storage/innobase/row/row0log.cc mariadb-11.8.8/storage/innobase/row/row0log.cc --- mariadb-11.8.6/storage/innobase/row/row0log.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0log.cc 2026-05-24 09:58:32.000000000 +0000 @@ -577,18 +577,26 @@ row_log_table_close_func(index, size, avail) #endif /* UNIV_DEBUG */ -/** Check whether a virtual column is indexed in the new table being -created during alter table -@param[in] index cluster index -@param[in] v_no virtual column number -@return true if it is indexed, else false */ -bool -row_log_col_is_indexed( - const dict_index_t* index, - ulint v_no) +ATTRIBUTE_COLD +void row_log_mark_virtual_cols(const dict_table_t *table, + TABLE *maria_table) noexcept { - return(dict_table_get_nth_v_col( - index->online_log->table, v_no)->m_col.ord_part); + const row_log_t *const log= dict_table_get_first_index(table)->online_log; + ut_ad(log); + const dict_v_col_t *v_cols= table->v_cols, *old_v_cols= log->table->v_cols; + ut_d(const unsigned n_v_cols= log->table->n_v_cols); + ut_ad(n_v_cols == table->n_v_cols); + for (uint j= maria_table->s->virtual_fields, num_v= 0; j--; ) + { + Field *vf= maria_table->vfield[j]; + if (vf->stored_in_db()) + continue; + ut_ad(num_v < n_v_cols); + ut_ad(num_v < table->n_v_cols); + if (v_cols[num_v].m_col.ord_part | old_v_cols[num_v].m_col.ord_part) + maria_table->mark_virtual_column_with_deps(vf); + num_v++; + } } /******************************************************//** diff -Nru mariadb-11.8.6/storage/innobase/row/row0merge.cc mariadb-11.8.8/storage/innobase/row/row0merge.cc --- mariadb-11.8.6/storage/innobase/row/row0merge.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0merge.cc 2026-05-24 09:58:32.000000000 +0000 @@ -120,7 +120,7 @@ ut_ad(mtr_started == scan_mtr->is_active()); DBUG_EXECUTE_IF("row_merge_instrument_log_check_flush", - log_sys.set_check_for_checkpoint();); + log_sys.set_check_for_checkpoint(true);); for (idx_tuple_vec::iterator it = m_dtuple_vec.begin(); it != m_dtuple_vec.end(); diff -Nru mariadb-11.8.6/storage/innobase/row/row0mysql.cc mariadb-11.8.8/storage/innobase/row/row0mysql.cc --- mariadb-11.8.6/storage/innobase/row/row0mysql.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0mysql.cc 2026-05-24 09:58:32.000000000 +0000 @@ -74,7 +74,7 @@ if (UNIV_UNLIKELY(delay != 0)) { /* Adjust for purge_coordinator_state::refresh() */ - log_sys.latch.rd_lock(SRW_LOCK_CALL); + log_sys.latch.rd_lock(); const lsn_t last= log_sys.last_checkpoint_lsn, max_age= log_sys.max_checkpoint_age; const lsn_t lsn= log_sys.get_flushed_lsn(); @@ -690,8 +690,8 @@ bulk buffer in row_mysql_handle_errors(). For ALTER TABLE ALGORITHM=COPY & CREATE TABLE...SELECT, the bulk insert transaction will be rolled back inside - ha_innobase::extra(HA_EXTRA_ABORT_ALTER_COPY) */ - trx->bulk_insert &= TRX_DDL_BULK; + ha_innobase::extra(HA_EXTRA_ABORT_COPY) */ + trx->clear_dml_bulk(); trx->last_stmt_start = 0; break; case DB_LOCK_WAIT: @@ -1276,12 +1276,7 @@ node->vers_update_end(prebuilt, ins_mode == ROW_INS_HISTORICAL); } - /* Because we now allow multiple INSERT into the same - initially empty table in bulk insert mode, on error we must - roll back to the start of the transaction. For correctness, it - would suffice to roll back to the start of the first insert - into this empty table, but we will keep it simple and efficient. */ - const undo_no_t savept{trx->bulk_insert ? 0 : trx->undo_no}; + undo_no_t savept = trx->undo_no; thr = que_fork_get_first_thr(prebuilt->ins_graph); @@ -1308,6 +1303,24 @@ /* FIXME: What's this ? */ thr->lock_state = QUE_THR_LOCK_ROW; + /* Because we now allow multiple INSERT into the same + initially empty table in bulk insert mode, on error we must + roll back to the start of the transaction. For correctness, it + would suffice to roll back to the start of the first insert + into this empty table, but we will keep it simple and efficient. + + In ALTER IGNORE...ALGORITHM=COPY (IGNORE_UNDO mode), + trx_undo_report_row_operation() rewrites the insert undo log to + retain only the latest record, resetting trx->undo_no to 0 + before each new insert. We must use savept=0 so that partial + rollback targets the single surviving undo record. */ + static_assert(TRX_DML_BULK & 2, ""); + static_assert(TRX_DDL_BULK & 2, ""); + static_assert(dict_table_t::IGNORE_UNDO == 2, ""); + if ((trx->bulk_insert | table->skip_alter_undo) & 2) { + savept = 0; + } + was_lock_wait = row_mysql_handle_errors( &err, trx, thr, &savept); diff -Nru mariadb-11.8.6/storage/innobase/row/row0purge.cc mariadb-11.8.8/storage/innobase/row/row0purge.cc --- mariadb-11.8.6/storage/innobase/row/row0purge.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0purge.cc 2026-05-24 09:58:32.000000000 +0000 @@ -50,6 +50,7 @@ #include "debug_sync.h" #include +void reset_thd(MYSQL_THD thd); /************************************************************************* IMPORTANT NOTE: Any operation that generates redo MUST check that there is enough space in the redo log before for that operation. This is @@ -81,7 +82,7 @@ } else { node->found_clust = row_search_on_row_ref( - &node->pcur, mode, node->table, node->ref, mtr); + &node->pcur, mode, node->pt.table, node->ref, mtr); if (node->found_clust) { btr_pcur_store_position(&node->pcur, mtr); @@ -107,7 +108,7 @@ purge_node_t* node, /*!< in/out: row purge node */ btr_latch_mode mode) /*!< in: BTR_MODIFY_LEAF or BTR_PURGE_TREE */ { - dict_index_t* index = dict_table_get_first_index(node->table); + dict_index_t* index = dict_table_get_first_index(node->pt.table); table_id_t table_id = 0; index_id_t index_id = 0; dict_table_t *table = nullptr; @@ -146,7 +147,7 @@ return success; } - if (node->table->id == DICT_INDEXES_ID) { + if (node->pt.table->id == DICT_INDEXES_ID) { /* If this is a record of the SYS_INDEXES table, then we have to free the file segments of the index tree associated with the index */ @@ -498,15 +499,12 @@ dtuple_t* cur_vrow = NULL; ut_ad(index->table == clust_index->table); + ut_ad(node.pt.table == index->table); heap = mem_heap_create(1024); clust_offsets = rec_get_offsets(rec, clust_index, NULL, clust_index->n_core_fields, ULINT_UNDEFINED, &heap); - if (dict_index_has_virtual(index)) { - v_heap = mem_heap_create(100); - } - if (!rec_get_deleted_flag(rec, rec_offs_comp(clust_offsets))) { row_ext_t* ext; @@ -543,7 +541,8 @@ || dbug_v_purge) { if (!row_vers_build_clust_v_col( - row, clust_index, index, heap)) { + row, clust_index, index, heap, + node.pt.get_maria_table())) { goto unsafe_to_purge; } @@ -618,10 +617,12 @@ deleted, but the previous version of it might not. We will need to get the virtual column data from undo record associated with current cluster index */ + v_heap = mem_heap_create(100); cur_vrow = row_vers_build_cur_vrow( rec, clust_index, &clust_offsets, - index, trx_id, roll_ptr, heap, v_heap, mtr); + index, trx_id, roll_ptr, heap, v_heap, mtr, + node.pt.get_maria_table()); } version = rec; @@ -663,7 +664,11 @@ } /* Keep the virtual row info for the next version, unless it is changed */ - mem_heap_empty(v_heap); + if (v_heap) { + mem_heap_empty(v_heap); + } else { + v_heap = mem_heap_create(100); + } cur_vrow = dtuple_copy(vrow, v_heap); dtuple_dup_v_fld(cur_vrow, v_heap); } @@ -895,7 +900,7 @@ trx_id_t page_max_trx_id = 0; log_free_check(); - ut_ad(index->table == node->table); + ut_ad(index->table == node->pt.table); ut_ad(!index->table->is_temporary()); mtr.start(); index->set_modified(mtr); @@ -1043,7 +1048,7 @@ { mem_heap_t* heap; - ut_ad(!node->table->skip_alter_undo); + ut_ad(!node->pt.table->skip_alter_undo); if (node->rec_type == TRX_UNDO_UPD_DEL_REC || (node->cmpl_info & UPD_NODE_NO_ORD_CHANGE) @@ -1072,7 +1077,7 @@ row_purge_remove_sec_if_poss( node, node->index, entry); - ut_ad(node->table); + ut_ad(node->pt.table); mem_heap_empty(heap); } @@ -1082,7 +1087,7 @@ skip_secondaries: mtr_t mtr{node->trx}; - dict_index_t* index = dict_table_get_first_index(node->table); + dict_index_t* index = dict_table_get_first_index(node->pt.table); /* Free possible externally stored fields */ for (ulint i = 0; i < upd_get_n_fields(node->update); i++) { @@ -1297,6 +1302,7 @@ @param[in] node row undo node @param[in] undo_rec record to purge @param[in] thr query thread +@param[in] thd worker thread @param[out] updated_extern true if an externally stored field was updated @return true if purge operation required */ @@ -1306,6 +1312,7 @@ purge_node_t* node, const trx_undo_rec_t* undo_rec, que_thr_t* thr, + const THD* thd, bool* updated_extern) { dict_index_t* clust_index; @@ -1343,27 +1350,24 @@ break; } - auto &tables_entry= node->tables[table_id]; - node->table = tables_entry.first; - if (!node->table) { + node->pt = node->tables[table_id]; + if (!node->pt.table) { return false; } -#ifndef DBUG_OFF - if (MDL_ticket* mdl = tables_entry.second) { - static_cast(thd_mdl_context(current_thd)) - ->lock_warrant = mdl->get_ctx(); + ut_ad(!node->pt.table->is_temporary()); + + if (TABLE *maria_table = node->pt.get_maria_table()) { + maria_table->in_use = (THD*)thd; } -#endif - ut_ad(!node->table->is_temporary()); - clust_index = dict_table_get_first_index(node->table); + clust_index = dict_table_get_first_index(node->pt.table); if (clust_index->is_corrupted()) { /* The table was corrupt in the data dictionary. dict_set_corrupted() works on an index, and we do not have an index to call it with. */ - DBUG_ASSERT(table_id == node->table->id); + DBUG_ASSERT(table_id == node->pt.table->id); return false; } @@ -1415,11 +1419,11 @@ bool updated_extern) { ut_ad(!node->found_clust); - ut_ad(!node->table->skip_alter_undo); + ut_ad(!node->pt.table->skip_alter_undo); ut_ad(!trx_undo_roll_ptr_is_insert(node->roll_ptr)); node->index = dict_table_get_next_index( - dict_table_get_first_index(node->table)); + dict_table_get_first_index(node->pt.table)); bool purged = true; @@ -1429,10 +1433,10 @@ case TRX_UNDO_DEL_MARK_REC: purged = row_purge_del_mark(node); if (purged) { - if (node->table->stat_initialized() + if (node->pt.table->stat_initialized() && srv_stats_include_delete_marked) { dict_stats_update_if_needed( - node->table, *thr->graph->trx); + node->pt.table, *thr->graph->trx); } MONITOR_INC(MONITOR_N_DEL_ROW_PURGE); } @@ -1470,13 +1474,14 @@ /*======*/ purge_node_t* node, /*!< in: row purge node */ const trx_undo_rec_t* undo_rec, /*!< in: record to purge */ - que_thr_t* thr) /*!< in: query thread */ + que_thr_t* thr, /*!< in: query thread */ + const THD* thd) /*!< in: Worker thread */ { if (undo_rec != reinterpret_cast(-1)) { bool updated_extern; - while (row_purge_parse_undo_rec( - node, undo_rec, thr, &updated_extern)) { + while (row_purge_parse_undo_rec(node, undo_rec, thr, + thd, &updated_extern)) { bool purged = row_purge_record( node, undo_rec, thr, updated_extern); @@ -1506,6 +1511,22 @@ cmpl_info= 0; } +inline void purge_sys_t::reset_worker_thd(THD *thd) const noexcept +{ + /* Only reset THD for worker threads, not the coordinator. + The coordinator thread opens TABLE* objects in + trx_purge_attach_undo_recs() and stores them in + purge_node_t->tables. These TABLE* objects must remain open until + the entire purge batch completes. Coordinator thread could + close the tables prematurely if it calls reset_thd() + The coordinator handles cleanup centrally in trx_purge() after all + purge_node_t entries are processed. Worker threads have their own + THD lifecycle and must call reset_thd() to clean up their + thread-local resources. */ + if (thd != coordinator_thd) + reset_thd(thd); +} + /** Reset the state at end @return the query graph parent */ inline que_node_t *purge_node_t::end(THD *thd) @@ -1513,7 +1534,7 @@ DBUG_ASSERT(common.type == QUE_NODE_PURGE); ut_ad(undo_recs.empty()); ut_d(in_progress= false); - innobase_reset_background_thd(thd); + purge_sys.reset_worker_thd(thd); #ifndef DBUG_OFF static_cast(thd_mdl_context(thd))->lock_warrant= nullptr; #endif @@ -1530,6 +1551,7 @@ /*===========*/ que_thr_t* thr) /*!< in: query thread */ { + const THD *thd = current_thd; purge_node_t* node; node = static_cast(thr->run_node); @@ -1540,8 +1562,7 @@ trx_purge_rec_t purge_rec = node->undo_recs.front(); node->undo_recs.pop(); node->roll_ptr = purge_rec.roll_ptr; - - row_purge(node, purge_rec.undo_rec, thr); + row_purge(node, purge_rec.undo_rec, thr, thd); } thr->run_node = node->end(current_thd); @@ -1596,4 +1617,5 @@ return(true); } + #endif /* UNIV_DEBUG */ diff -Nru mariadb-11.8.6/storage/innobase/row/row0uins.cc mariadb-11.8.8/storage/innobase/row/row0uins.cc --- mariadb-11.8.6/storage/innobase/row/row0uins.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0uins.cc 2026-05-24 09:58:32.000000000 +0000 @@ -435,7 +435,7 @@ node->table = NULL; return false; } else { - ut_ad(!node->table->skip_alter_undo); + ut_ad(node->table->skip_alter_undo != dict_table_t::NO_UNDO); clust_index = dict_table_get_first_index(node->table); if (clust_index != NULL) { diff -Nru mariadb-11.8.6/storage/innobase/row/row0undo.cc mariadb-11.8.8/storage/innobase/row/row0undo.cc --- mariadb-11.8.6/storage/innobase/row/row0undo.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0undo.cc 2026-05-24 09:58:32.000000000 +0000 @@ -171,7 +171,7 @@ rec_offs* offsets = offsets_; rec_offs_init(offsets_); - ut_ad(!node->table->skip_alter_undo); + ut_ad(node->table->skip_alter_undo != dict_table_t::NO_UNDO); mtr_start(&mtr); diff -Nru mariadb-11.8.6/storage/innobase/row/row0vers.cc mariadb-11.8.8/storage/innobase/row/row0vers.cc --- mariadb-11.8.6/storage/innobase/row/row0vers.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/row/row0vers.cc 2026-05-24 09:58:32.000000000 +0000 @@ -457,10 +457,10 @@ dtuple_t* row, dict_index_t* clust_index, dict_index_t* index, - mem_heap_t* heap) + mem_heap_t* heap, + TABLE* maria_table) { THD* thd= current_thd; - TABLE* maria_table= 0; ut_ad(dict_index_has_virtual(index)); ut_ad(index->table == clust_index->table); @@ -630,7 +630,8 @@ roll_ptr_t roll_ptr, mem_heap_t* heap, mem_heap_t* v_heap, - mtr_t* mtr) + mtr_t* mtr, + TABLE* maria_table) { dtuple_t* cur_vrow = NULL; @@ -651,7 +652,7 @@ NULL, NULL, NULL, NULL, heap); if (!row_vers_build_clust_v_col(row, clust_index, index, - heap)) { + heap, maria_table)) { return nullptr; } diff -Nru mariadb-11.8.6/storage/innobase/srv/srv0mon.cc mariadb-11.8.8/storage/innobase/srv/srv0mon.cc --- mariadb-11.8.6/storage/innobase/srv/srv0mon.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/srv/srv0mon.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1498,7 +1498,7 @@ break; case MONITOR_LSN_CHECKPOINT_AGE: - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); value = static_cast(log_sys.get_lsn() - log_sys.last_checkpoint_lsn); log_sys.latch.wr_unlock(); diff -Nru mariadb-11.8.6/storage/innobase/srv/srv0srv.cc mariadb-11.8.8/storage/innobase/srv/srv0srv.cc --- mariadb-11.8.6/storage/innobase/srv/srv0srv.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/srv/srv0srv.cc 2026-05-24 09:58:32.000000000 +0000 @@ -949,7 +949,7 @@ mysql_mutex_unlock(&srv_innodb_monitor_mutex); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); export_vars.innodb_lsn_current = log_sys.get_lsn(); export_vars.innodb_lsn_flushed = log_sys.get_flushed_lsn(); export_vars.innodb_lsn_last_checkpoint = log_sys.last_checkpoint_lsn; diff -Nru mariadb-11.8.6/storage/innobase/srv/srv0start.cc mariadb-11.8.8/storage/innobase/srv/srv0start.cc --- mariadb-11.8.6/storage/innobase/srv/srv0start.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/srv/srv0start.cc 2026-05-24 09:58:32.000000000 +0000 @@ -90,9 +90,6 @@ #include "zlib.h" #include "log.h" -/** Log sequence number at shutdown */ -lsn_t srv_shutdown_lsn; - /** TRUE if a raw partition is in use */ ibool srv_start_raw_disk_in_use; @@ -170,7 +167,9 @@ @return DB_SUCCESS or error code */ static dberr_t create_log_file(bool create_new_db, lsn_t lsn) { + ut_ad(log_sys.latch_have_wr()); ut_ad(!srv_read_only_mode); + ut_ad(!buf_pool.get_oldest_modification(0)); /* We will retain ib_logfile0 until we have written a new logically empty log as ib_logfile101 and atomically renamed it to @@ -178,9 +177,6 @@ delete_log_files(); ut_ad(!os_aio_pending_reads()); - ut_d(mysql_mutex_lock(&buf_pool.flush_list_mutex)); - ut_ad(!buf_pool.get_oldest_modification(0)); - ut_d(mysql_mutex_unlock(&buf_pool.flush_list_mutex)); /* os_aio_pending_writes() may hold here if some write_io_callback() did not release the slot yet. However, the page write itself must have completed, because the @@ -189,7 +185,6 @@ assumption does not hold. */ ut_d(os_aio_wait_until_no_pending_writes(false)); - log_sys.latch.wr_lock(SRW_LOCK_CALL); log_sys.set_capacity(); std::string logfile0{get_log_file_path("ib_logfile101")}; @@ -205,6 +200,7 @@ int(logfile0.size()), logfile0.data()); err_exit: log_sys.latch.wr_unlock(); + mysql_mutex_unlock(&buf_pool.flush_list_mutex); return DB_ERROR; } @@ -222,14 +218,6 @@ goto close_and_exit; } - mysql_mutex_lock(&recv_sys.mutex); - const bool all_opened = fil_system.sys_space->open(create_new_db); - mysql_mutex_unlock(&recv_sys.mutex); - - if (!all_opened) { - goto err_exit; - } - /* Create a log checkpoint. */ if (log_sys.is_encrypted() && !log_crypt_init()) { goto err_exit; @@ -254,9 +242,9 @@ buf_page_t::read_complete(). */ recv_sys.recovery_on = false; log_sys.latch.wr_unlock(); + mysql_mutex_unlock(&buf_pool.flush_list_mutex); log_make_checkpoint(); - log_buffer_flush_to_disk(); return DB_SUCCESS; } @@ -413,23 +401,6 @@ return DB_SUCCESS; } -/** Delete the old undo tablespaces present in the undo log directory */ -static dberr_t srv_undo_delete_old_tablespaces() -{ - /* Delete the old undo tablespaces*/ - for (uint32_t i= 0; i < srv_undo_tablespaces_open; ++i) - fil_close_tablespace(srv_undo_space_id_start + i); - - DBUG_EXECUTE_IF("after_deleting_old_undo_abort", return DB_ERROR;); - - /* Do checkpoint to get rid of old undo log tablespaces redo logs */ - log_make_checkpoint(); - - DBUG_EXECUTE_IF("after_deleting_old_undo_success", return DB_ERROR;); - - return DB_SUCCESS; -} - /** Recreate the undo log tablespaces */ ATTRIBUTE_COLD static dberr_t srv_undo_tablespaces_reinit() { @@ -532,17 +503,35 @@ DBUG_EXECUTE_IF("after_rseg_reset_abort", log_write_up_to(mtr.commit_lsn(), true); - dict_hdr->page.unfix(); - return DB_ERROR;); + err= DB_ERROR; goto unfix_exit;); + + log_make_checkpoint(); sql_print_information( "InnoDB: Reinitializing innodb_undo_tablespaces= %u from %u", srv_undo_tablespaces, srv_undo_tablespaces_open); /* Delete the old undo tablespaces */ - err= srv_undo_delete_old_tablespaces(); - if (err) + for (uint32_t i= 0; i < srv_undo_tablespaces_open; ++i) + fil_close_tablespace(srv_undo_space_id_start + i); + + DBUG_EXECUTE_IF("after_deleting_old_undo_abort", + err= DB_ERROR; goto unfix_exit;); + + /* Do checkpoint to get rid of old undo log tablespaces redo logs */ + log_make_checkpoint(); + + DBUG_EXECUTE_IF("after_deleting_old_undo_success", + err= DB_ERROR; goto unfix_exit;); + + if (srv_undo_tablespaces == 0) { + srv_undo_space_id_start= 0; + srv_undo_tablespaces_open= 0; + srv_undo_tablespaces_active= 0; +#ifndef DBUG_OFF + unfix_exit: +#endif dict_hdr->page.unfix(); return err; } @@ -552,27 +541,16 @@ dict_hdr->page.lock.x_lock(); mtr.memo_push(dict_hdr, MTR_MEMO_PAGE_X_FIX); - if (srv_undo_tablespaces == 0) - { - srv_undo_space_id_start= 0; - srv_undo_tablespaces_open= 0; - goto func_exit; - } - srv_undo_space_id_start= latest_space_id; if (fil_assign_new_space_id(&srv_undo_space_id_start)) - mtr.write<4>(*dict_hdr, DICT_HDR + DICT_HDR_MAX_SPACE_ID - + dict_hdr->page.frame, srv_undo_space_id_start); + mtr.write<4>(*dict_hdr, DICT_HDR + DICT_HDR_MAX_SPACE_ID + + dict_hdr->page.frame, srv_undo_space_id_start); /* Re-create the new undo tablespaces */ err= srv_undo_tablespaces_init(true, &mtr); func_exit: mtr.commit(); - DBUG_EXECUTE_IF("after_reinit_undo_abort", - log_write_up_to(mtr.commit_lsn(), true); - err= DB_ERROR;); - if (err == DB_SUCCESS) { /* Usually, recovery must work no matter when @@ -583,10 +561,8 @@ were written in mtr and also srv_undo_tablespaces_init() initializes the undo tablespace start id based on page0 content before reading the redo log */ - log_make_checkpoint(); - - DBUG_EXECUTE_IF("after_reinit_undo_success", err= DB_ERROR;); srv_undo_tablespaces_active= srv_undo_tablespaces; + log_make_checkpoint(); } return err; } @@ -1088,38 +1064,28 @@ /** Prepare to delete the redo log file. Flush the dirty pages from all the buffer pools. Flush the redo log buffer to the redo log file. -@return lsn upto which data pages have been flushed. */ -ATTRIBUTE_COLD static lsn_t srv_prepare_to_delete_redo_log_file() noexcept +@return lsn upto which data pages have been flushed and log_sys.latch acquired +@retval 0 in case of error; log_sys.latch will not be acquired */ +static ATTRIBUTE_COLD lsn_t srv_prepare_to_delete_redo_log_file() noexcept { DBUG_ENTER("srv_prepare_to_delete_redo_log_file"); + mysql_mutex_lock(&recv_sys.mutex); ut_ad(recv_sys.recovery_on); + recv_sys.apply(true); + mysql_mutex_unlock(&recv_sys.mutex); /* Clean the buffer pool. */ - buf_flush_sync(); + buf_flush_sync_batch(0, false); - DBUG_EXECUTE_IF("innodb_log_abort_1", DBUG_RETURN(0);); + DBUG_EXECUTE_IF("innodb_log_abort_1", recv_sys.recovery_on= false; + DBUG_RETURN(0);); DBUG_PRINT("ib_log", ("After innodb_log_abort_1")); - log_sys.latch.wr_lock(SRW_LOCK_CALL); + log_sys.latch.wr_lock(); const bool latest_format{log_sys.is_latest()}; lsn_t flushed_lsn{log_sys.get_flushed_lsn(std::memory_order_relaxed)}; - if (latest_format && !(log_sys.file_size & 4095) && - flushed_lsn != log_sys.next_checkpoint_lsn + - (log_sys.is_encrypted() - ? SIZE_OF_FILE_CHECKPOINT + 8 - : SIZE_OF_FILE_CHECKPOINT)) - { -#ifdef HAVE_PMEM - if (!log_sys.is_opened()) - log_sys.buf_size= unsigned(std::min(log_sys.capacity(), - log_sys.buf_size_max)); -#endif - fil_names_clear(flushed_lsn); - flushed_lsn= log_sys.get_lsn(); - } - { const char *msg; if (!latest_format) @@ -1151,48 +1117,31 @@ } } - log_sys.latch.wr_unlock(); - - if (latest_format) - log_write_up_to(flushed_lsn, false); - - ut_ad(flushed_lsn == log_get_lsn()); - ut_ad(!os_aio_pending_reads()); - ut_d(mysql_mutex_lock(&buf_pool.flush_list_mutex)); - ut_ad(!buf_pool.get_oldest_modification(0)); - ut_d(mysql_mutex_unlock(&buf_pool.flush_list_mutex)); - ut_d(os_aio_wait_until_no_pending_writes(false)); - DBUG_RETURN(flushed_lsn); } /** Upgrade the redo log to the latest format, or change its size or encryption, before starting to write any log records. */ -ATTRIBUTE_COLD static dberr_t srv_log_rebuild() +ATTRIBUTE_COLD static dberr_t srv_log_rebuild() noexcept { /* Prepare to delete the old redo log file */ const lsn_t lsn{srv_prepare_to_delete_redo_log_file()}; - - DBUG_EXECUTE_IF("innodb_log_abort_1", return DB_ERROR;); + if (!lsn) + return DB_ERROR; + mysql_mutex_lock(&buf_pool.flush_list_mutex); + ut_ad(!buf_pool.get_oldest_modification(0)); /* Prohibit redo log writes from any other threads until creating a log checkpoint at the end of create_log_file(). */ ut_d(recv_no_log_write= true); ut_ad(!os_aio_pending_reads()); - ut_d(mysql_mutex_lock(&buf_pool.flush_list_mutex)); - ut_ad(!buf_pool.get_oldest_modification(0)); - ut_d(mysql_mutex_unlock(&buf_pool.flush_list_mutex)); - /* os_aio_pending_writes() may hold here if some write_io_callback() - did not release the slot yet. However, the page write itself must - have completed, because the buf_pool.flush_list is empty. In debug - builds, we wait for this to happen, hoping to get a hung process if - this assumption does not hold. */ - ut_d(os_aio_wait_until_no_pending_writes(false)); + DBUG_EXECUTE_IF("innodb_log_abort_5", + recv_sys.recovery_on= false; recv_no_log_write= false; + log_sys.latch.wr_unlock(); + mysql_mutex_unlock(&buf_pool.flush_list_mutex); + return DB_ERROR;); /* Close the redo log file, so that we can replace it */ log_sys.close_file(); - - DBUG_EXECUTE_IF("innodb_log_abort_5", return DB_ERROR;); - dberr_t err= create_log_file(false, lsn); if (err == DB_SUCCESS && log_sys.resize_rename()) @@ -1202,7 +1151,7 @@ } /** Rebuild the redo log if needed. */ -static dberr_t srv_log_rebuild_if_needed() +static dberr_t srv_log_rebuild_if_needed() noexcept { if (srv_force_recovery == SRV_FORCE_NO_LOG_REDO) /* Completely ignore the redo log. */ @@ -1243,7 +1192,7 @@ inline lsn_t log_t::init_lsn() noexcept { - latch.wr_lock(SRW_LOCK_CALL); + latch.wr_lock(); ut_ad(!write_lsn_offset); write_lsn_offset= 0; const lsn_t lsn{base_lsn.load(std::memory_order_relaxed)}; @@ -1264,8 +1213,8 @@ dberr_t err = dict_load_indexes(&mtr, dict_sys.sys_tables, false, heap, DICT_ERR_IGNORE_NONE); mem_heap_empty(heap); - if ((err == DB_SUCCESS || srv_force_recovery >= SRV_FORCE_NO_DDL_UNDO) && - UNIV_UNLIKELY(must_upgrade_ibuf)) + if (UNIV_UNLIKELY(must_upgrade_ibuf) && + (err == DB_SUCCESS || srv_force_recovery >= SRV_FORCE_NO_DDL_UNDO)) { dict_sys.unlock(); dict_load_tablespaces(nullptr, true); @@ -1376,16 +1325,18 @@ if (!srv_read_only_mode) { if (srv_innodb_status) { + size_t srv_monitor_file_name_size= + strlen(fil_path_to_mysql_datadir) + + 20 + sizeof "/innodb_status."; srv_monitor_file_name = static_cast( - ut_malloc_nokey( - strlen(fil_path_to_mysql_datadir) - + 20 + sizeof "/innodb_status.")); - - sprintf(srv_monitor_file_name, - "%s/innodb_status." ULINTPF, - fil_path_to_mysql_datadir, - static_cast - (IF_WIN(GetCurrentProcessId(), getpid()))); + ut_malloc_nokey(srv_monitor_file_name_size)); + + snprintf(srv_monitor_file_name, + srv_monitor_file_name_size, + "%s/innodb_status." ULINTPF, + fil_path_to_mysql_datadir, + static_cast + (IF_WIN(GetCurrentProcessId(), getpid()))); srv_monitor_file = my_fopen(srv_monitor_file_name, O_RDWR|O_TRUNC|O_CREAT, @@ -1454,9 +1405,18 @@ } recv_sys.debug_free(); } else { - err = recv_recovery_read_checkpoint(); - if (err != DB_SUCCESS) { - return srv_init_abort(err); + ut_ad(srv_operation <= SRV_OPERATION_EXPORT_RESTORED + || srv_operation == SRV_OPERATION_RESTORE + || srv_operation == SRV_OPERATION_RESTORE_EXPORT); + ut_ad(!recv_sys.recovery_on); + + if (srv_force_recovery < SRV_FORCE_NO_LOG_REDO) { + log_sys.latch.wr_lock(); + err = recv_sys.find_checkpoint(); + log_sys.latch.wr_unlock(); + if (err != DB_SUCCESS) { + return srv_init_abort(err); + } } } @@ -1489,6 +1449,8 @@ if (create_new_db) { lsn_t flushed_lsn = log_sys.init_lsn(); + log_sys.latch.wr_lock(); + mysql_mutex_lock(&buf_pool.flush_list_mutex); err = create_log_file(true, flushed_lsn); @@ -1587,8 +1549,6 @@ return(srv_init_abort(err)); } - buf_flush_sync(); - ut_ad(!srv_log_file_created); ut_d(srv_log_file_created= true); @@ -2078,28 +2038,7 @@ { innodb_preshutdown(); ut_ad(!srv_undo_sources); - switch (srv_operation) { - case SRV_OPERATION_BACKUP: - case SRV_OPERATION_RESTORE_DELTA: - case SRV_OPERATION_BACKUP_NO_DEFER: - break; - case SRV_OPERATION_RESTORE: - case SRV_OPERATION_RESTORE_EXPORT: - mysql_mutex_lock(&buf_pool.flush_list_mutex); - srv_shutdown_state = SRV_SHUTDOWN_CLEANUP; - while (buf_page_cleaner_is_active) { - pthread_cond_signal(&buf_pool.do_flush_list); - my_cond_wait(&buf_pool.done_flush_list, - &buf_pool.flush_list_mutex.m_mutex); - } - mysql_mutex_unlock(&buf_pool.flush_list_mutex); - break; - case SRV_OPERATION_NORMAL: - case SRV_OPERATION_EXPORT_RESTORED: - /* Shut down the persistent files. */ - logs_empty_and_mark_files_at_shutdown(); - } - + const lsn_t lsn{logs_empty_and_mark_files_at_shutdown()}; os_aio_free(); fil_space_t::close_all(); /* Exit any remaining threads. */ @@ -2177,14 +2116,15 @@ } srv_tmp_space.shutdown(); - if (srv_stats.pages_page_compression_error) - ib::warn() << "Page compression errors: " - << srv_stats.pages_page_compression_error; - - if (srv_was_started && srv_print_verbose_log) { - ib::info() << "Shutdown completed; log sequence number " - << srv_shutdown_lsn - << "; transaction id " << trx_sys.get_max_trx_id(); + if (const size_t pce = srv_stats.pages_page_compression_error) { + sql_print_warning("InnoDB: Page compression errors: %zu", pce); + } + + if (lsn && srv_was_started && srv_print_verbose_log) { + sql_print_information("Shutdown completed;" + " log sequence number " LSN_PF ";" + " transaction id " TRX_ID_FMT, + lsn, trx_sys.get_max_trx_id()); } srv_thread_pool_end(); srv_started_redo = false; diff -Nru mariadb-11.8.6/storage/innobase/sync/srw_lock.cc mariadb-11.8.8/storage/innobase/sync/srw_lock.cc --- mariadb-11.8.6/storage/innobase/sync/srw_lock.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/sync/srw_lock.cc 2026-05-24 09:58:32.000000000 +0000 @@ -761,4 +761,126 @@ { return have_wr() || have_rd(); } + +# if defined LOG_LATCH_DEBUG && defined UNIV_PFS_RWLOCK +void srw_lock_debug_simple::init() noexcept +{ + ssux_lock_impl::init(); + readers_lock.init(); + ut_ad(!readers.load(std::memory_order_relaxed)); + ut_ad(!have_any()); +} + +void srw_lock_debug_simple::destroy() noexcept +{ + ut_ad(!writer); + if (auto r= readers.load(std::memory_order_relaxed)) + { + readers.store(0, std::memory_order_relaxed); + ut_ad(r->empty()); + delete r; + } + readers_lock.destroy(); + ssux_lock_impl::destroy(); +} + +bool srw_lock_debug_simple::wr_lock_try() noexcept +{ + ut_ad(!have_any()); + if (!ssux_lock_impl::wr_lock_try()) + return false; + ut_ad(!writer); + writer.store(pthread_self(), std::memory_order_relaxed); + return true; +} + +void srw_lock_debug_simple::wr_lock() noexcept +{ + ut_ad(!have_any()); + ssux_lock_impl::wr_lock(); + ut_ad(!writer); + writer.store(pthread_self(), std::memory_order_relaxed); +} + +void srw_lock_debug_simple::wr_unlock() noexcept +{ + ut_ad(have_wr()); + writer.store(0, std::memory_order_relaxed); + ssux_lock_impl::wr_unlock(); +} + +void srw_lock_debug_simple::readers_register() noexcept +{ + readers_lock.wr_lock(); + auto r= readers.load(std::memory_order_relaxed); + if (!r) + { + r= new std::unordered_multiset(); + readers.store(r, std::memory_order_relaxed); + } + r->emplace(pthread_self()); + readers_lock.wr_unlock(); +} + +bool srw_lock_debug_simple::rd_lock_try() noexcept +{ + ut_ad(!have_any()); + if (!ssux_lock_impl::rd_lock_try()) + return false; + readers_register(); + return true; +} + +void srw_lock_debug_simple::rd_lock() noexcept +{ + ut_ad(!have_any()); + ssux_lock_impl::rd_lock(); + readers_register(); +} + +void srw_lock_debug_simple::rd_unlock() noexcept +{ + const pthread_t self= pthread_self(); + ut_ad(writer != self); + readers_lock.wr_lock(); + auto r= readers.load(std::memory_order_relaxed); + ut_ad(r); + auto i= r->find(self); + ut_ad(i != r->end()); + r->erase(i); + readers_lock.wr_unlock(); + + ssux_lock_impl::rd_unlock(); +} + +bool srw_lock_debug_simple::have_rd() const noexcept +{ + if (auto r= readers.load(std::memory_order_relaxed)) + { + readers_lock.wr_lock(); + bool found= r->find(pthread_self()) != r->end(); + readers_lock.wr_unlock(); +# ifndef SUX_LOCK_GENERIC + ut_ad(!found || is_locked()); +# endif + return found; + } + return false; +} + +bool srw_lock_debug_simple::have_wr() const noexcept +{ + if (writer != pthread_self()) + return false; +# ifndef SUX_LOCK_GENERIC + ut_ad(is_write_locked()); +# endif + return true; +} + +bool srw_lock_debug_simple::have_any() const noexcept +{ + return have_wr() || have_rd(); +} +# endif #endif diff -Nru mariadb-11.8.6/storage/innobase/trx/trx0purge.cc mariadb-11.8.8/storage/innobase/trx/trx0purge.cc --- mariadb-11.8.6/storage/innobase/trx/trx0purge.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/trx/trx0purge.cc 2026-05-24 09:58:32.000000000 +0000 @@ -45,6 +45,12 @@ #include "log.h" #include "sql_class.h" +TABLE *open_purge_table(THD *thd, const char *db, size_t dblen, + const char *tb, size_t tblen, + MDL_ticket *mdl_ticket) noexcept; +int close_thread_tables(THD* thd) noexcept; +MDL_ticket *get_mdl_ticket(TABLE *table) noexcept; + /** Maximum allowable purge history length. <=0 means 'infinite'. */ ulong srv_max_purge_lag = 0; @@ -1037,27 +1043,75 @@ return get_next_rec(trx, roll_ptr); } -/** Close all tables that were opened in a purge batch for a worker. -@param node purge task context -@param thd purge coordinator thread handle */ -static void trx_purge_close_tables(purge_node_t *node, THD *thd) noexcept +inline MDL_ticket *purge_table::get_ticket() const noexcept +{ + if (TABLE* t= get_maria_table()) + return get_mdl_ticket(t); + return ticket; +} + +inline void purge_sys_t::reset_in_use(TABLE *table) const noexcept { - for (auto &t : node->tables) + if (table) + table->in_use= coordinator_thd; +} + +/** Close a single purge table entry. +Clears the cached TABLE* pointer from vc_templ, closes the +dict_table_t, and collects the MDL_ticket forlater release. +@param pt purge_table entry to close +@param mdl_tickets vector to collect standalone MDL tickets */ +static void trx_purge_close_table(purge_table &pt, + std::vector &mdl_tickets) +{ + if (pt.table && !pt.must_wait()) { - dict_table_t *table= t.second.first; - if (table != nullptr && table != reinterpret_cast(-1)) - table->release(); + if (TABLE *maria_table= pt.get_maria_table()) + purge_sys.reset_in_use(maria_table); + pt.table->release(); + pt.table= nullptr; } - for (auto &t : node->tables) + MDL_ticket *ticket= pt.get_ticket(); + if (ticket) { - dict_table_t *table= t.second.first; - if (table != nullptr && table != reinterpret_cast(-1)) - { - t.second.first= reinterpret_cast(-1); - if (t.second.second != nullptr) - thd->mdl_context.release_lock(t.second.second); - } + mdl_tickets.push_back(ticket); + pt.set_ticket(nullptr); + } +} + +/** Close all tables that were opened in a purge batch for a worker. +@param thd purge coordinator thread handle +@param last_entry additional table to close (not in node->tables), + typically the table that triggered + close_and_reopen(); nullptr if no additional + table to close +@param batch_cleanup if true, clears the list of opened tables + in the purge node. */ +static void trx_purge_close_tables(THD *thd, purge_table *last_entry, + bool batch_cleanup=false) noexcept +{ + MDL_context *mdl_context = static_cast(thd_mdl_context(thd)); + std::vector mdl_tickets; + if (last_entry) + trx_purge_close_table(*last_entry, mdl_tickets); + + for (que_thr_t *thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); thr; + thr= UT_LIST_GET_NEXT(thrs, thr)) + { + purge_node_t* node = static_cast(thr->child); + for (auto &t : node->tables) + trx_purge_close_table(t.second, mdl_tickets); + if (batch_cleanup) + node->tables.clear(); + } + + close_thread_tables(thd); + + for (auto mdl : mdl_tickets) + { + if (mdl && mdl_context) + mdl_context->release_lock(mdl); } } @@ -1124,80 +1178,116 @@ /** Open a table handle for the purge of committed transaction history @param table_id InnoDB table identifier @param mdl_context metadata lock acquisition context -@param mdl metadata lock -@return table handle -@retval nullptr if the table is not found or accessible -@retval -1 if the purge of history must be suspended due to DDL */ -static dict_table_t *trx_purge_table_open(table_id_t table_id, - MDL_context *mdl_context, - MDL_ticket **mdl) noexcept +@return purge_table with dict_table_t* and TABLE* (or)MDL_ticket, +possibly with must_wait() || table == nullptr */ +static purge_table trx_purge_table_open(table_id_t table_id, + MDL_context *mdl_context) noexcept { - dict_table_t *table; + purge_table result; + MDL_ticket *mdl= nullptr; for (;;) { dict_sys.freeze(SRW_LOCK_CALL); - table= dict_sys.find_table(table_id); - if (table) + result.table= dict_sys.find_table(table_id); + if (result.table) break; dict_sys.unfreeze(); dict_sys.lock(SRW_LOCK_CALL); - table= dict_load_table_on_id(table_id, DICT_ERR_IGNORE_FK_NOKEY); + result.table= dict_load_table_on_id(table_id, DICT_ERR_IGNORE_FK_NOKEY); dict_sys.unlock(); - if (!table) - return nullptr; + if (!result.table) + return result; /* At this point, the freshly loaded table may already have been evicted. We must look it up again while holding a shared dict_sys.latch. We keep trying this until the table is found in the cache or it cannot be found in the dictionary (because the table has been dropped or rebuilt). */ } - table= trx_purge_table_acquire(table, mdl_context, mdl); + result.table= trx_purge_table_acquire(result.table, mdl_context, &mdl); dict_sys.unfreeze(); - return table; + + if (mdl && result.table->has_virtual_index()) + { + char db_buf[NAME_LEN + 1]; + char tbl_buf[NAME_LEN + 1]; + size_t db_len, tbl_len; + + if (result.table->parse_name(db_buf, tbl_buf, &db_len, &tbl_len)) + { + THD *thd= current_thd; + TABLE *maria_table= open_purge_table(thd, db_buf, db_len, + tbl_buf, tbl_len, mdl); + if (maria_table) + { + if (result.table->vc_templ) + { + ut_ad(thd->query_id == 0); + result.table->lock_mutex_lock(); + result.table->vc_templ->mysql_table= maria_table; + result.table->vc_templ->mysql_table_query_id= 0; + result.table->lock_mutex_unlock(); + } + result.set_mariadb_table(maria_table); + return result; + } + else + { + /* open_table() could be failed and return nullptr. + This can happen when: + 1. FLUSH TABLES is executed concurrently: TABLE_SHARE is + marked as flushed and open_table() requests + OT_REOPEN_TABLES backoff + 2. BACKUP STAGE operations trigger table cache flushes + 3. Table is being rebuilt by ALTER TABLE and the old version + needs to be closed before opening the new version + The purge coordinator should close all open tables and retry + opening. */ + result.table->release(); + result.table= reinterpret_cast(-1); + } + } + } + result.set_ticket(mdl); + return result; } ATTRIBUTE_COLD -dict_table_t *purge_sys_t::close_and_reopen(table_id_t id, THD *thd, - MDL_ticket **mdl) +purge_table purge_sys_t::close_and_reopen(table_id_t id, + purge_table pt, + THD *thd) noexcept { MDL_context *mdl_context= &thd->mdl_context; retry: ut_ad(m_active); - - for (que_thr_t *thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); thr; - thr= UT_LIST_GET_NEXT(thrs, thr)) - trx_purge_close_tables(static_cast(thr->child), thd); + trx_purge_close_tables(thd, &pt); m_active= false; wait_FTS(false); m_active= true; - dict_table_t *table= trx_purge_table_open(id, mdl_context, mdl); - if (table == reinterpret_cast(-1)) + pt= trx_purge_table_open(id, mdl_context); + if (pt.must_wait()) goto retry; - for (que_thr_t *thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); thr; + /* Reopen all other tables from all nodes */ + for (que_thr_t *thr= UT_LIST_GET_FIRST(query->thrs); thr; thr= UT_LIST_GET_NEXT(thrs, thr)) { purge_node_t *node= static_cast(thr->child); for (auto &t : node->tables) { - if (t.second.first) - { - t.second.first= trx_purge_table_open(t.first, mdl_context, - &t.second.second); - if (t.second.first == reinterpret_cast(-1)) - { - if (table) - dict_table_close(table, thd, *mdl); - goto retry; - } - } + t.second= trx_purge_table_open(t.first, mdl_context); + if (t.second.must_wait()) + goto retry; +#ifndef DBUG_OFF + if (MDL_ticket *mdl= t.second.get_ticket()) + static_cast(thd_mdl_context(thd))->lock_warrant= + mdl->get_ctx(); +#endif } } - - return table; + return pt; } /** Run a purge batch. @@ -1237,33 +1327,39 @@ } table_id_t table_id= trx_undo_rec_get_table_id(purge_rec.undo_rec); - purge_node_t *&table_node= table_id_map[table_id]; if (table_node) + { ut_ad(!table_node->in_progress); - if (!table_node) + if (table_node->tables[table_id].table) + { +enqueue: + table_node->undo_recs.push(purge_rec); + ut_ad(!table_node->in_progress); + } + } + else { - std::pair p; - p.first= trx_purge_table_open(table_id, &thd->mdl_context, &p.second); - if (p.first == reinterpret_cast(-1)) - p.first= purge_sys.close_and_reopen(table_id, thd, &p.second); + purge_table pt= trx_purge_table_open(table_id, &thd->mdl_context); + if (pt.must_wait()) + pt= purge_sys.close_and_reopen(table_id, pt, thd); if (!thr || !(thr= UT_LIST_GET_NEXT(thrs, thr))) thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); ++*n_work_items; table_node= static_cast(thr->child); - ut_a(que_node_get_type(table_node) == QUE_NODE_PURGE); - ut_d(auto pair=) table_node->tables.emplace(table_id, p); - ut_ad(pair.second); - if (p.first) + + table_node->tables.emplace(table_id, pt); + if (pt.table) + { +#ifndef DBUG_OFF + if (MDL_ticket *mdl= pt.get_ticket()) + static_cast(thd_mdl_context(thd))->lock_warrant= + mdl->get_ctx(); +#endif goto enqueue; - } - else if (table_node->tables[table_id].first) - { - enqueue: - table_node->undo_recs.push(purge_rec); - ut_ad(!table_node->in_progress); + } } const size_t size{purge_sys.n_pages_handled()}; @@ -1338,6 +1434,7 @@ end_view= view; end_view.clamp_low_limit_id(trx_no); end_latch.wr_unlock(); + coordinator_thd= nullptr; } /** @@ -1350,13 +1447,13 @@ { ut_ad(n_tasks > 0); - purge_sys.clone_oldest_view(); + THD *const thd{trx->mysql_thd}; + purge_sys.clone_oldest_view(thd); ut_d(if (srv_purge_view_update_only_debug) return 0); /* Fetch the UNDO recs that need to be purged. */ ulint n_work= 0; - THD *const thd{trx->mysql_thd}; const purge_sys_t::iterator head= trx_purge_attach_undo_recs(trx, &n_work); const size_t n_pages= purge_sys.n_pages_handled(); @@ -1383,12 +1480,12 @@ for (auto i= n_work; i--; ) { if (!thr) - thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); + thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); else - thr= UT_LIST_GET_NEXT(thrs, thr); + thr= UT_LIST_GET_NEXT(thrs, thr); if (!thr) - break; + break; ut_ad(thr->state == QUE_THR_COMPLETED); thr->state= QUE_THR_RUNNING; @@ -1417,13 +1514,7 @@ if (workers) trx_purge_wait_for_workers_to_complete(); - for (thr= UT_LIST_GET_FIRST(purge_sys.query->thrs); thr && n_work--; - thr= UT_LIST_GET_NEXT(thrs, thr)) - { - purge_node_t *node= static_cast(thr->child); - trx_purge_close_tables(node, thd); - node->tables.clear(); - } + trx_purge_close_tables(thd, nullptr, true); } purge_sys.batch_cleanup(head); diff -Nru mariadb-11.8.6/storage/innobase/trx/trx0rec.cc mariadb-11.8.8/storage/innobase/trx/trx0rec.cc --- mariadb-11.8.6/storage/innobase/trx/trx0rec.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/trx/trx0rec.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1795,6 +1795,30 @@ return false; } +/** For ALTER TABLE...IGNORE ALGORITHM=COPY, rewind the undo log +to maintain only the latest insert undo record. This allows easy +rollback of the last inserted row on duplicate key errors. +@param mtr mini-transaction +@param undo_block undo log page +@param table table being altered +@param trx transaction +@param undo insert undo log +@return mod_tables entry after inserting the table */ +static ATTRIBUTE_COLD ATTRIBUTE_NOINLINE +std::pair +trx_undo_rewrite_ignore(mtr_t *mtr, buf_block_t *undo_block, + dict_table_t *table, trx_t *trx, trx_undo_t *undo) +{ + mtr->write<2>(*undo_block, undo_block->page.frame + TRX_UNDO_PAGE_HDR + + TRX_UNDO_PAGE_FREE, undo->old_offset); + ut_ad(trx->undo_no == 1); + undo->top_offset= undo->old_offset; + undo->top_undo_no= 0; + trx->undo_no= 0; + trx->mod_tables.clear(); + return trx->mod_tables.emplace(table, 0); +} + /***********************************************************************//** Writes information to an undo log about an insert, update, or a delete marking of a clustered index record. This information is used in a rollback of the @@ -1900,9 +1924,19 @@ ut_ad(!trx->read_only); ut_ad(trx->id); pundo = &trx->rsegs.m_redo.undo; + const bool clear_ignore = *pundo && trx->undo_no + && (*pundo)->old_offset <= (*pundo)->top_offset + && index->table->skip_alter_undo + == dict_table_t::IGNORE_UNDO; + rseg = trx->rsegs.m_redo.rseg; undo_block = trx_undo_assign_low(&mtr, &err, rseg, pundo); + if (clear_ignore) { + ut_ad(!rec); + m = trx_undo_rewrite_ignore(&mtr, undo_block, + index->table, trx, *pundo); + } } trx_undo_t* undo = *pundo; @@ -1989,6 +2023,8 @@ /* Success */ undo->top_page_no = undo_block->page.id().page_no(); mtr.commit(); + + undo->old_offset = offset; undo->top_offset = offset; undo->top_undo_no = trx->undo_no++; undo->guess_block = undo_block; diff -Nru mariadb-11.8.6/storage/innobase/trx/trx0trx.cc mariadb-11.8.8/storage/innobase/trx/trx0trx.cc --- mariadb-11.8.6/storage/innobase/trx/trx0trx.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/trx/trx0trx.cc 2026-05-24 09:58:32.000000000 +0000 @@ -736,7 +736,7 @@ if (trx_sys.is_undo_empty()) { func_exit: - purge_sys.clone_oldest_view(); + purge_sys.clone_oldest_view(nullptr); return DB_SUCCESS; } @@ -1434,6 +1434,7 @@ ut_ad(!l); #endif /* UNIV_DEBUG */ commit_state(); + DEBUG_SYNC_C("trx_after_commit_state"); if (id) { @@ -1858,8 +1859,7 @@ /**********************************************************************//** Prints info about a transaction. -The caller must hold lock_sys.latch. -When possible, use trx_print() instead. */ +The caller must hold lock_sys.latch. */ void trx_print_latched( /*==============*/ @@ -1874,27 +1874,6 @@ mem_heap_get_size(trx->lock.lock_heap)); } -/**********************************************************************//** -Prints info about a transaction. -Acquires and releases lock_sys.latch. */ -TRANSACTIONAL_TARGET -void -trx_print( -/*======*/ - FILE* f, /*!< in: output stream */ - const trx_t* trx) /*!< in: transaction */ -{ - ulint n_rec_locks, n_trx_locks, heap_size; - { - TMLockMutexGuard g{SRW_LOCK_CALL}; - n_rec_locks= trx->lock.n_rec_locks; - n_trx_locks= UT_LIST_GET_LEN(trx->lock.trx_locks); - heap_size= mem_heap_get_size(trx->lock.lock_heap); - } - - trx_print_low(f, trx, n_rec_locks, n_trx_locks, heap_size); -} - /** Prepare a transaction. @return log sequence number that makes the XA PREPARE durable @retval 0 if no changes needed to be made durable */ diff -Nru mariadb-11.8.6/storage/innobase/trx/trx0undo.cc mariadb-11.8.8/storage/innobase/trx/trx0undo.cc --- mariadb-11.8.6/storage/innobase/trx/trx0undo.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/trx/trx0undo.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1173,6 +1173,8 @@ undo->rseg = rseg; + undo->top_offset = 0; + undo->old_offset = 0; undo->hdr_page_no = page_no; undo->hdr_offset = offset; undo->last_page_no = page_no; diff -Nru mariadb-11.8.6/storage/innobase/ut/ut0ut.cc mariadb-11.8.8/storage/innobase/ut/ut0ut.cc --- mariadb-11.8.6/storage/innobase/ut/ut0ut.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/innobase/ut/ut0ut.cc 2026-05-24 09:58:32.000000000 +0000 @@ -103,31 +103,32 @@ void ut_sprintf_timestamp( /*=================*/ - char* buf) /*!< in: buffer where to sprintf */ + char* buf, /*!< in: buffer where to sprintf */ + size_t buf_size) /*!< in: size of the buffer */ { #ifdef _WIN32 SYSTEMTIME cal_tm; GetLocalTime(&cal_tm); - sprintf(buf, "%02u%02u%02u %2u:%02u:%02u", - cal_tm.wYear % 100, - cal_tm.wMonth, - cal_tm.wDay, - cal_tm.wHour, - cal_tm.wMinute, - cal_tm.wSecond); + snprintf(buf, buf_size, "%02u%02u%02u %2u:%02u:%02u", + cal_tm.wYear % 100, + cal_tm.wMonth, + cal_tm.wDay, + cal_tm.wHour, + cal_tm.wMinute, + cal_tm.wSecond); #else time_t tm; struct tm cal_tm; time(&tm); localtime_r(&tm, &cal_tm); - sprintf(buf, "%02d%02d%02d %2d:%02d:%02d", - cal_tm.tm_year % 100, - cal_tm.tm_mon + 1, - cal_tm.tm_mday, - cal_tm.tm_hour, - cal_tm.tm_min, - cal_tm.tm_sec); + snprintf(buf, buf_size, "%02d%02d%02d %2d:%02d:%02d", + cal_tm.tm_year % 100, + cal_tm.tm_mon + 1, + cal_tm.tm_mday, + cal_tm.tm_hour, + cal_tm.tm_min, + cal_tm.tm_sec); #endif } diff -Nru mariadb-11.8.6/storage/maria/aria_chk.c mariadb-11.8.8/storage/maria/aria_chk.c --- mariadb-11.8.6/storage/maria/aria_chk.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/aria_chk.c 2026-05-24 09:58:32.000000000 +0000 @@ -1611,12 +1611,12 @@ (int) share->state.header.file_version[3]); if (share->state.create_time) { - get_date(buff,1,share->state.create_time); + get_date(buff,sizeof(buff),1,share->state.create_time); printf("Creation time: %s\n",buff); } if (share->state.check_time) { - get_date(buff,1,share->state.check_time); + get_date(buff,sizeof(buff),1,share->state.check_time); printf("Check/recover time: %s\n",buff); } if (share->base.born_transactional) @@ -1847,7 +1847,7 @@ end=strmov(end,"no empty, "); if (share->columndef[field].pack_type & PACK_TYPE_ZERO_FILL) { - sprintf(end,"zerofill(%d), ",share->columndef[field].space_length_bits); + snprintf(end, buff + sizeof(buff) - end, "zerofill(%d), ",share->columndef[field].space_length_bits); end=strend(end); } } @@ -1857,8 +1857,8 @@ null_bit[0]=null_pos[0]=0; if (share->columndef[field].null_bit) { - sprintf(null_bit,"%d",share->columndef[field].null_bit); - sprintf(null_pos,"%d",share->columndef[field].null_pos+1); + snprintf(null_bit, sizeof(null_bit), "%d",share->columndef[field].null_bit); + snprintf(null_pos, sizeof(null_pos), "%d",share->columndef[field].null_pos+1); } printf("%-6d%-6u%-7s%-8s%-8s%-35s",field+1, (uint) share->columndef[field].offset+1, diff -Nru mariadb-11.8.6/storage/maria/ha_maria.cc mariadb-11.8.8/storage/maria/ha_maria.cc --- mariadb-11.8.6/storage/maria/ha_maria.cc 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ha_maria.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1710,6 +1710,7 @@ share->state.dupp_key != MAX_KEY) { my_errno= HA_ERR_FOUND_DUPP_KEY; + maria_rrnd(file, table->record[0], file->cur_row.lastpos); print_keydup_error(table, &table->key_info[share->state.dupp_key], MYF(0)); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/asan.yml mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/asan.yml --- mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/asan.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/asan.yml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,53 @@ +name: ASAN test + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + runs-on: ubuntu-latest + services: + minio: + # fixme: let's not depend on external unofficial image + image: lazybit/minio + ports: + - 9000:9000 + env: + MINIO_ROOT_USER: accesskey + MINIO_ROOT_PASSWORD: password + options: --name=minio --health-cmd "curl http://localhost:9000/minio/health/live" + + env: + S3KEY: accesskey + S3SECRET: password + S3REGION: "" + S3BUCKET: s3-test + S3HOST: 127.0.0.1 + S3PORT: 9000 + S3USEHTTP: 1 + CC: clang + CFLAGS: "-fsanitize=address" + + steps: + - uses: actions/checkout@v4 + - name: Create bucket + run: | + wget https://dl.min.io/client/mc/release/linux-amd64/mc + chmod +x ./mc + ./mc alias set minio http://127.0.0.1:9000 accesskey password + ./mc mb --ignore-existing minio/s3-test + - name: Install deps + run: | + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev + - name: Build libmarias3 + run: | + autoreconf -fi + ./configure --enable-debug=yes + make + - name: Test + run: + make check diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/distcheck.yml mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/distcheck.yml --- mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/distcheck.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/distcheck.yml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,25 @@ +name: Distcheck + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Install deps + run: | + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev + - name: Build libmarias3 + run: | + autoreconf -fi + ./configure --enable-debug=yes + - name: Test + run: + make distcheck diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/docs.yml mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/docs.yml --- mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/docs.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/docs.yml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,25 @@ +name: Docs + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + - name: Install deps + run: | + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev python3-sphinx + - name: Build libmarias3 + run: | + autoreconf -fi + ./configure + - name: Build Docs + run: + make html diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/scanbuild.yml mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/scanbuild.yml --- mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/scanbuild.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/scanbuild.yml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,30 @@ +name: Scanbuild test + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + # Ubuntu latest scan-build has issues 2024-09. This is a documentated hack + # to run Fedora instead + runs-on: ubuntu-latest + container: + image: fedora:latest + env: + CC: clang + + steps: + - uses: actions/checkout@v4 + - name: Install deps + run: | + sudo dnf install -y libcurl-devel clang-analyzer autoconf automake libtool gawk + - name: Build libmarias3 + run: | + autoreconf -fi + ./configure --enable-debug=yes + - name: Scanbuild + run: + scan-build --use-cc=clang --use-c++=clang++ --status-bugs make diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/usan.yml mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/usan.yml --- mariadb-11.8.6/storage/maria/libmarias3/.github/workflows/usan.yml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.github/workflows/usan.yml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,53 @@ +name: USAN test + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + build: + runs-on: ubuntu-latest + services: + minio: + # fixme: let's not depend on external unofficial image + image: lazybit/minio + ports: + - 9000:9000 + env: + MINIO_ROOT_USER: accesskey + MINIO_ROOT_PASSWORD: password + options: --name=minio --health-cmd "curl http://localhost:9000/minio/health/live" + + env: + S3KEY: accesskey + S3SECRET: password + S3REGION: "" + S3BUCKET: s3-test + S3HOST: 127.0.0.1 + S3PORT: 9000 + S3USEHTTP: 1 + CC: clang + CFLAGS: "-fsanitize=undefined -fsanitize=nullability" + + steps: + - uses: actions/checkout@v4 + - name: Create bucket + run: | + wget https://dl.min.io/client/mc/release/linux-amd64/mc + chmod +x ./mc + ./mc alias set minio http://127.0.0.1:9000 accesskey password + ./mc mb --ignore-existing minio/s3-test + - name: Install deps + run: | + sudo apt-get update + sudo apt-get install -y libcurl4-openssl-dev + - name: Build libmarias3 + run: | + autoreconf -fi + ./configure --enable-debug=yes + make + - name: Test + run: + make check diff -Nru mariadb-11.8.6/storage/maria/libmarias3/.readthedocs.yaml mariadb-11.8.8/storage/maria/libmarias3/.readthedocs.yaml --- mariadb-11.8.6/storage/maria/libmarias3/.readthedocs.yaml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/.readthedocs.yaml 2026-05-24 09:58:35.000000000 +0000 @@ -0,0 +1,35 @@ +# Read the Docs configuration file for Sphinx projects +# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details + +# Required +version: 2 + +# Set the OS, Python version and other tools you might need +build: + os: ubuntu-22.04 + tools: + python: "3.12" + # You can also specify other tool versions: + # nodejs: "20" + # rust: "1.70" + # golang: "1.20" + +# Build documentation in the "docs/" directory with Sphinx +sphinx: + configuration: docs/conf.py + # You can configure Sphinx to use a different builder, for instance use the dirhtml builder for simpler URLs + # builder: "dirhtml" + # Fail on all warnings to avoid broken references + # fail_on_warning: true + +# Optionally build your docs in additional formats such as PDF and ePub +formats: + - pdf +# - epub + +# Optional but recommended, declare the Python requirements required +# to build your documentation +# See https://docs.readthedocs.io/en/stable/guides/reproducible-builds.html +# python: +# install: +# - requirements: docs/requirements.txt diff -Nru mariadb-11.8.6/storage/maria/libmarias3/README.rst mariadb-11.8.8/storage/maria/libmarias3/README.rst --- mariadb-11.8.6/storage/maria/libmarias3/README.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/README.rst 2026-05-24 09:58:35.000000000 +0000 @@ -48,13 +48,15 @@ If you have minion installed, you should be able to use same settings as used by MariaDB mtr s3 tests: -export S3KEY=minio -export S3SECRET=minioadmin -export S3REGION= -export S3BUCKET=storage-engine -export S3HOST=127.0.0.1 -export S3PORT=9000 -export S3USEHTTP=1 +.. code-block:: bash + + export S3KEY=minio + export S3SECRET=minioadmin + export S3REGION= + export S3BUCKET=storage-engine + export S3HOST=127.0.0.1 + export S3PORT=9000 + export S3USEHTTP=1 The test suite is automatically built along with the library and can be executed with ``make check`` or ``make distcheck``. diff -Nru mariadb-11.8.6/storage/maria/libmarias3/VERSION.txt mariadb-11.8.8/storage/maria/libmarias3/VERSION.txt --- mariadb-11.8.6/storage/maria/libmarias3/VERSION.txt 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/VERSION.txt 2026-05-24 09:58:35.000000000 +0000 @@ -1 +1 @@ -3.1.3 +3.2.0 diff -Nru mariadb-11.8.6/storage/maria/libmarias3/docs/api/functions.rst mariadb-11.8.8/storage/maria/libmarias3/docs/api/functions.rst --- mariadb-11.8.6/storage/maria/libmarias3/docs/api/functions.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/docs/api/functions.rst 2026-05-24 09:58:35.000000000 +0000 @@ -410,9 +410,10 @@ .. c:function:: const char *ms3_get_content_type(ms3_st *ms3) - Gets the ``Content-Type:`` header for the previous response from the S3 server. - This will automatically freed as part of the request handling, it will lose - scope on the next request and should not be freed by the application. + Gets the ``Content-Type:`` header for the previous GET request response + from the S3 server. + The memory for this is part of the :c:type:`ms3_st` object and should not be + freed by the application. The contents will be reset on each GET request. :param ms3: The marias3 object :param content_type: The mime type for the previous request diff -Nru mariadb-11.8.6/storage/maria/libmarias3/docs/appendix/version_history.rst mariadb-11.8.8/storage/maria/libmarias3/docs/appendix/version_history.rst --- mariadb-11.8.6/storage/maria/libmarias3/docs/appendix/version_history.rst 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/docs/appendix/version_history.rst 2026-05-24 09:58:35.000000000 +0000 @@ -1,6 +1,28 @@ Version History =============== +Version 3.2 +----------- + +Version 3.2.0 GA +^^^^^^^^^^^^^^^^ + +* Spelling errors in code fixed +* IAM role credential functionality added +* Fix macOS building +* Define RTLD_DEFAULT for FreeBSD +* Now pushes 301 response to bucket / endpoint mismatch to application +* Fix ``MS3_OPT_FORCE_PROTOCOL_VERSION`` +* Many fixes to build +* Many fixes to things found with static analyzers and sanitizers +* Allow for longer S3 secret keys +* Add custom read callback mechanism +* Add option to enable/disable debug +* Allow setting of curl timeouts +* Documentation updates +* GitHub actions testing added +* :c:func:`ms3_set_content_type` and :c:func:`ms3_get_content_type` added + Version 3.1 ----------- diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/assume_role.c mariadb-11.8.8/storage/maria/libmarias3/src/assume_role.c --- mariadb-11.8.6/storage/maria/libmarias3/src/assume_role.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/assume_role.c 2026-05-24 09:58:35.000000000 +0000 @@ -511,12 +511,12 @@ struct curl_slist *headers = NULL; uint8_t res = 0; struct memory_buffer_st mem; - uri_method_t method; - char *query = NULL; + uri_method_t method = MS3_GET; + const char *query = NULL; struct put_buffer_st post_data; CURLcode curl_res; long response_code = 0; - char* endpoint = NULL; + const char* endpoint = NULL; const char* region = iam_request_region; char endpoint_type[8]; @@ -580,14 +580,14 @@ if (ms3->disable_verification) { ms3debug("Disabling SSL verification"); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); } curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, body_callback); curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)&mem); - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); curl_res = curl_easy_perform(curl); if (curl_res != CURLE_OK) diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/debug.c mariadb-11.8.8/storage/maria/libmarias3/src/debug.c --- mariadb-11.8.6/storage/maria/libmarias3/src/debug.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/debug.c 2026-05-24 09:58:35.000000000 +0000 @@ -28,7 +28,7 @@ debugging_enabled = enabled; } -bool ms3debug_get(void) +long ms3debug_get(void) { return debugging_enabled; } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/debug.h mariadb-11.8.8/storage/maria/libmarias3/src/debug.h --- mariadb-11.8.6/storage/maria/libmarias3/src/debug.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/debug.h 2026-05-24 09:58:35.000000000 +0000 @@ -23,7 +23,7 @@ #include void ms3debug_set(bool enabled); -bool ms3debug_get(void); +long ms3debug_get(void); #define ms3debug(MSG, ...) do { \ if (ms3debug_get()) \ diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/marias3.c mariadb-11.8.8/storage/maria/libmarias3/src/marias3.c --- mariadb-11.8.6/storage/maria/libmarias3/src/marias3.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/marias3.c 2026-05-24 09:58:35.000000000 +0000 @@ -367,8 +367,8 @@ void ms3_debug(int debug_state) { - bool state = ms3debug_get(); - if (state != (bool) debug_state) + long state = ms3debug_get(); + if (state != (long) debug_state) { ms3debug_set((bool) debug_state); if (debug_state) @@ -752,7 +752,7 @@ ms3->content_type_out = content_type; } -#ifdef HAVE_NEW_CURL_API + const char *ms3_get_content_type(ms3_st *ms3) { if (!ms3) @@ -761,4 +761,3 @@ } return ms3->content_type_in; } -#endif diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/request.c mariadb-11.8.8/storage/maria/libmarias3/src/request.c --- mariadb-11.8.6/storage/maria/libmarias3/src/request.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/request.c 2026-05-24 09:58:35.000000000 +0000 @@ -25,6 +25,7 @@ #include #include #include +#include const char *default_domain = "s3.amazonaws.com"; @@ -644,8 +645,8 @@ return 0; } -static size_t header_callback(char *buffer, size_t size, - size_t nitems, void *userdata) +static size_t head_header_callback(char *buffer, size_t size, + size_t nitems, void *userdata) { ms3debug("%.*s\n", (int)(nitems * size), buffer); @@ -671,6 +672,30 @@ return nitems * size; } +static size_t get_header_callback(char *buffer, size_t size, + size_t nitems, void *userdata) +{ + ms3debug("%.*s\n", (int)(nitems * size), buffer); + + if (userdata) + { + if (!strncasecmp(buffer, "Content-Type", 12)) + { + size_t i; + ms3_st *ms3 = (ms3_st *) userdata; + snprintf(ms3->content_type_in, 127, "%s", (char*)buffer + 14); + for (i = 0; i < strlen(ms3->content_type_in); i++) + { + if (isspace( (unsigned char) ms3->content_type_in[i] )) + break; + } + ms3->content_type_in[i] = '\0'; + } + } + + return nitems * size; +} + static size_t body_callback(void *buffer, size_t size, size_t nitems, void *userdata) { @@ -717,10 +742,6 @@ void *ret_ptr) { CURL *curl = NULL; -#ifdef HAVE_NEW_CURL_API - CURLHcode curl_hret; - struct curl_header *content_type_in; -#endif struct curl_slist *headers = NULL; uint8_t res = 0; struct memory_buffer_st mem; @@ -788,11 +809,18 @@ case MS3_CMD_HEAD: method = MS3_HEAD; curl_easy_setopt(curl, CURLOPT_HEADERDATA, ret_ptr); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, head_header_callback); + break; + + case MS3_CMD_GET: + ms3->content_type_in[0] = '\0'; + curl_easy_setopt(curl, CURLOPT_HEADERDATA, ms3); + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, get_header_callback); + method = MS3_GET; break; case MS3_CMD_LIST: case MS3_CMD_LIST_RECURSIVE: - case MS3_CMD_GET: case MS3_CMD_LIST_ROLE: method = MS3_GET; break; @@ -843,8 +871,8 @@ if (ms3->disable_verification) { ms3debug("Disabling SSL verification"); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0); - curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); } if (ms3->port) @@ -872,8 +900,8 @@ } curl_easy_setopt(curl, CURLOPT_BUFFERSIZE, ms3->buffer_chunk_size); - curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, header_callback); - curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1); + curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); + curl_easy_setopt(curl, CURLOPT_VERBOSE, ms3debug_get()); curl_res = curl_easy_perform(curl); if (curl_res != CURLE_OK) @@ -885,14 +913,6 @@ return MS3_ERR_REQUEST_ERROR; } -#ifdef HAVE_NEW_CURL_API - curl_hret = curl_easy_header(curl, "content-type", 0, CURLH_HEADER, -1, - &content_type_in); - if (!curl_hret && content_type_in) - { - ms3->content_type_in = content_type_in->value; - } -#endif curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &response_code); ms3debug("Response code: %ld", response_code); diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/sha256_i.h mariadb-11.8.8/storage/maria/libmarias3/src/sha256_i.h --- mariadb-11.8.6/storage/maria/libmarias3/src/sha256_i.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/sha256_i.h 2026-05-24 09:58:35.000000000 +0000 @@ -38,13 +38,13 @@ static inline void WPA_PUT_BE64(uint8_t *a, uint64_t val) { - a[0] = val >> 56; - a[1] = val >> 48; - a[2] = val >> 40; - a[3] = val >> 32; - a[4] = val >> 24; - a[5] = val >> 16; - a[6] = val >> 8; + a[0] = (val >> 56) & 0xff; + a[1] = (val >> 48) & 0xff; + a[2] = (val >> 40) & 0xff; + a[3] = (val >> 32) & 0xff; + a[4] = (val >> 24) & 0xff; + a[5] = (val >> 16) & 0xff; + a[6] = (val >> 8) & 0xff; a[7] = val & 0xff; } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/src/structs.h mariadb-11.8.8/storage/maria/libmarias3/src/structs.h --- mariadb-11.8.6/storage/maria/libmarias3/src/structs.h 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/src/structs.h 2026-05-24 09:58:35.000000000 +0000 @@ -43,8 +43,8 @@ char *region; char *base_domain; int port; // 0 means "Use default" - uint32_t connect_timeout_ms; // 0 means "Use default curl connect timeout" - uint32_t timeout_ms; // 0 means "No timeout at all" + long connect_timeout_ms; // 0 means "Use default curl connect timeout" + long timeout_ms; // 0 means "No timeout at all" char *sts_endpoint; char *sts_region; @@ -70,9 +70,7 @@ void *read_cb; void *user_data; const char *content_type_out; -#ifdef HAVE_NEW_CURL_API - const char *content_type_in; -#endif + char content_type_in[128]; // max length allowed for mime types struct ms3_list_container_st list_container; }; diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/basic.c mariadb-11.8.8/storage/maria/libmarias3/tests/basic.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/basic.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/basic.c 2026-05-24 09:58:35.000000000 +0000 @@ -66,7 +66,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/basic_host.c mariadb-11.8.8/storage/maria/libmarias3/tests/basic_host.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/basic_host.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/basic_host.c 2026-05-24 09:58:35.000000000 +0000 @@ -76,7 +76,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/basic_no_type.c mariadb-11.8.8/storage/maria/libmarias3/tests/basic_no_type.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/basic_no_type.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/basic_no_type.c 2026-05-24 09:58:35.000000000 +0000 @@ -66,7 +66,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } ms3_set_option(ms3, MS3_OPT_NO_CONTENT_TYPE, NULL); diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/content_type.c mariadb-11.8.8/storage/maria/libmarias3/tests/content_type.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/content_type.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/content_type.c 2026-05-24 09:58:35.000000000 +0000 @@ -22,15 +22,6 @@ /* Tests basic put, list, get, status, delete using the thread calls */ -#ifndef HAVE_NEW_CURL_API -int main(int argc, char *argv[]) -{ - (void) argc; - (void) argv; - SKIP_IF_(1, "Requires HAVE_NEW_CURL_API to be defined"); - return 0; -} -#else int main(int argc, char *argv[]) { int res; @@ -75,7 +66,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -155,4 +146,3 @@ ms3_library_deinit(); return 0; } -#endif diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/copy.c mariadb-11.8.8/storage/maria/libmarias3/tests/copy.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/copy.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/copy.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -170,9 +170,9 @@ res = ms3_delete(ms3, s3bucket, "test/moved.txt"); ASSERT_EQ_(res, 0, "Result: %u", res); - res = ms3_delete(ms3, s3bucket, "test/copied.txt"); - res = ms3_delete(ms3, s3bucket, "test/copy_###_test.txt"); - res = ms3_delete(ms3, s3bucket, "test/copied###.txt"); + ms3_delete(ms3, s3bucket, "test/copied.txt"); + ms3_delete(ms3, s3bucket, "test/copy_###_test.txt"); + ms3_delete(ms3, s3bucket, "test/copied###.txt"); ms3_free(data); ms3_deinit(ms3); diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/custom_malloc.c mariadb-11.8.8/storage/maria/libmarias3/tests/custom_malloc.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/custom_malloc.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/custom_malloc.c 2026-05-24 09:58:35.000000000 +0000 @@ -97,7 +97,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/large_file.c mariadb-11.8.8/storage/maria/libmarias3/tests/large_file.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/large_file.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/large_file.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/list.c mariadb-11.8.8/storage/maria/libmarias3/tests/list.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/list.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/list.c 2026-05-24 09:58:35.000000000 +0000 @@ -62,7 +62,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/longlist.c mariadb-11.8.8/storage/maria/libmarias3/tests/longlist.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/longlist.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/longlist.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (tinfo->s3port) { - int port = atol(tinfo->s3port); + int port = atoi(tinfo->s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -101,7 +101,7 @@ if (tinfo->s3port) { - int port = atol(tinfo->s3port); + int port = atoi(tinfo->s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } @@ -211,7 +211,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/prefix.c mariadb-11.8.8/storage/maria/libmarias3/tests/prefix.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/prefix.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/prefix.c 2026-05-24 09:58:35.000000000 +0000 @@ -62,7 +62,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/read_cb.c mariadb-11.8.8/storage/maria/libmarias3/tests/read_cb.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/read_cb.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/read_cb.c 2026-05-24 09:58:35.000000000 +0000 @@ -82,7 +82,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/small_buffer.c mariadb-11.8.8/storage/maria/libmarias3/tests/small_buffer.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/small_buffer.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/small_buffer.c 2026-05-24 09:58:35.000000000 +0000 @@ -63,7 +63,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/libmarias3/tests/snowman.c mariadb-11.8.8/storage/maria/libmarias3/tests/snowman.c --- mariadb-11.8.6/storage/maria/libmarias3/tests/snowman.c 2026-01-31 13:27:52.000000000 +0000 +++ mariadb-11.8.8/storage/maria/libmarias3/tests/snowman.c 2026-05-24 09:58:35.000000000 +0000 @@ -66,7 +66,7 @@ if (s3port) { - int port = atol(s3port); + int port = atoi(s3port); ms3_set_option(ms3, MS3_OPT_PORT_NUMBER, &port); } diff -Nru mariadb-11.8.6/storage/maria/ma_bitmap.c mariadb-11.8.8/storage/maria/ma_bitmap.c --- mariadb-11.8.6/storage/maria/ma_bitmap.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_bitmap.c 2026-05-24 09:58:32.000000000 +0000 @@ -521,7 +521,8 @@ { char tmp[MAX_BITMAP_INFO_LENGTH]; size_t len; - len= _ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp); + len= _ma_get_bitmap_description(bitmap, bitmap->map, bitmap->page, tmp, + sizeof(tmp)); (void) translog_log_debug_info(0, LOGREC_DEBUG_INFO_QUERY, (uchar*) tmp, len); } @@ -962,9 +963,10 @@ size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, uchar *bitmap_data, pgcache_page_no_t page, - char *out) + char *out, size_t out_size) { uchar *pos, *end; + char *out_end= out + out_size; size_t count=0, dot_printed= 0, len; char buff[80], last[80]; @@ -982,7 +984,7 @@ if (memcmp(buff, last, count)) { memcpy(last, buff, count); - len= sprintf(out, "%8lu: ", (ulong) (page - count)); + len= snprintf(out, out_end - out, "%8lu: ", (ulong) (page - count)); memcpy(out+len, buff, count); out+= len + count + 1; out[-1]= '\n'; @@ -998,7 +1000,7 @@ page++; } } - len= sprintf(out, "%8lu: ", (ulong) (page - count)); + len= snprintf(out, out_end - out, "%8lu: ", (ulong) (page - count)); memcpy(out+len, buff, count); out[len + count]= '\n'; out[len + count + 1]= 0; diff -Nru mariadb-11.8.6/storage/maria/ma_blockrec.c mariadb-11.8.8/storage/maria/ma_blockrec.c --- mariadb-11.8.6/storage/maria/ma_blockrec.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_blockrec.c 2026-05-24 09:58:32.000000000 +0000 @@ -5789,7 +5789,7 @@ /* Store length of all not empty char, varchar and blob fields */ log_parts->str= field_lengths - 2; log_parts->length= info->cur_row.field_lengths_length+2; - int2store(log_parts->str, info->cur_row.field_lengths_length); + int2store((void *)log_parts->str, info->cur_row.field_lengths_length); row_length+= log_parts->length; log_parts++; } diff -Nru mariadb-11.8.6/storage/maria/ma_blockrec.h mariadb-11.8.8/storage/maria/ma_blockrec.h --- mariadb-11.8.6/storage/maria/ma_blockrec.h 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_blockrec.h 2026-05-24 09:58:32.000000000 +0000 @@ -248,7 +248,7 @@ size_t _ma_get_bitmap_description(MARIA_FILE_BITMAP *bitmap, uchar *bitmap_data, pgcache_page_no_t page, - char *out); + char *out, size_t out_size); uint _ma_apply_redo_insert_row_head_or_tail(MARIA_HA *info, LSN lsn, uint page_type, diff -Nru mariadb-11.8.6/storage/maria/ma_check.c mariadb-11.8.8/storage/maria/ma_check.c --- mariadb-11.8.6/storage/maria/ma_check.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_check.c 2026-05-24 09:58:32.000000000 +0000 @@ -7139,7 +7139,8 @@ MYF(MY_WME | MY_THREADSAFE)); if (!tmp) return; - _ma_get_bitmap_description(&share->bitmap, bitmap_data, page, tmp); + _ma_get_bitmap_description(&share->bitmap, bitmap_data, page, tmp, + MAX_BITMAP_INFO_LENGTH); printf("Bitmap page %lu\n%s", (ulong) page, tmp); my_free(tmp); } diff -Nru mariadb-11.8.6/storage/maria/ma_control_file.c mariadb-11.8.8/storage/maria/ma_control_file.c --- mariadb-11.8.6/storage/maria/ma_control_file.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_control_file.c 2026-05-24 09:58:32.000000000 +0000 @@ -388,8 +388,8 @@ if (buffer[CF_VERSION_OFFSET] > CONTROL_FILE_VERSION) { error= CONTROL_FILE_BAD_VERSION; - sprintf(errmsg_buff, "File is from a future aria system: %d. Current version is: %d", - (int) buffer[CF_VERSION_OFFSET], CONTROL_FILE_VERSION); + snprintf(errmsg_buff, sizeof(errmsg_buff), "File is from a future aria system: %d. Current version is: %d", + (int) buffer[CF_VERSION_OFFSET], CONTROL_FILE_VERSION); errmsg= errmsg_buff; goto err; } @@ -402,10 +402,10 @@ new_cf_create_time_size + new_cf_changeable_size > file_size) { error= CONTROL_FILE_INCONSISTENT_INFORMATION; - sprintf(errmsg_buff, - "Sizes stored in control file are inconsistent. " - "create_time_size: %u changeable_size: %u file_size: %llu", - new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Sizes stored in control file are inconsistent. " + "create_time_size: %u changeable_size: %u file_size: %llu", + new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); errmsg= errmsg_buff; goto err; } @@ -414,9 +414,9 @@ if (new_block_size != maria_block_size && maria_block_size) { error= CONTROL_FILE_WRONG_BLOCKSIZE; - sprintf(errmsg_buff, - "Block size in control file (%u) is different than given aria_block_size: %u", - new_block_size, (uint) maria_block_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Block size in control file (%u) is different than given aria_block_size: %u", + new_block_size, (uint) maria_block_size); errmsg= errmsg_buff; goto err; } @@ -727,10 +727,10 @@ new_cf_create_time_size + new_cf_changeable_size > file_size) { error= CONTROL_FILE_INCONSISTENT_INFORMATION; - sprintf(errmsg_buff, - "Sizes stored in control file are inconsistent. " - "create_time_size: %u changeable_size: %u file_size: %llu", - new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); + snprintf(errmsg_buff, sizeof(errmsg_buff), + "Sizes stored in control file are inconsistent. " + "create_time_size: %u changeable_size: %u file_size: %llu", + new_cf_create_time_size, new_cf_changeable_size, (ulonglong) file_size); errmsg= errmsg_buff; goto err; } diff -Nru mariadb-11.8.6/storage/maria/ma_create.c mariadb-11.8.8/storage/maria/ma_create.c --- mariadb-11.8.6/storage/maria/ma_create.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_create.c 2026-05-24 09:58:32.000000000 +0000 @@ -851,13 +851,16 @@ */ if (ci->index_file_name) { - char *iext= strrchr(ci->index_file_name, '.'); + const char *iext= strrchr(ci->index_file_name, '.'); int have_iext= iext && !strcmp(iext, MARIA_NAME_IEXT); if (tmp_table) { char *path; - /* chop off the table name, tempory tables use generated name */ - if ((path= strrchr(ci->index_file_name, FN_LIBCHAR))) + /* + chop off the table name, temporary tables use generated name + TODO: Following is safe but should be done other way if possible + */ + if ((path= strrchr((char *)ci->index_file_name, FN_LIBCHAR))) *path= '\0'; fn_format(kfilename, name, ci->index_file_name, MARIA_NAME_IEXT, MY_REPLACE_DIR | MY_UNPACK_FILENAME | @@ -883,7 +886,7 @@ } else { - char *iext= strrchr(name, '.'); + const char *iext= strrchr(name, '.'); int have_iext= iext && !strcmp(iext, MARIA_NAME_IEXT); fn_format(kfilename, name, "", MARIA_NAME_IEXT, MY_UNPACK_FILENAME | (internal_table ? 0 : MY_RETURN_REAL_PATH) | @@ -1172,14 +1175,17 @@ { if (ci->data_file_name) { - char *dext= strrchr(ci->data_file_name, '.'); + const char *dext= strrchr(ci->data_file_name, '.'); int have_dext= dext && !strcmp(dext, MARIA_NAME_DEXT); if (tmp_table) { char *path; - /* chop off the table name, tempory tables use generated name */ - if ((path= strrchr(ci->data_file_name, FN_LIBCHAR))) + /* + chop off the table name, temporary tables use generated name + TODO: Following is safe but should be done other way if possible + */ + if ((path= strrchr((char *)ci->data_file_name, FN_LIBCHAR))) *path= '\0'; fn_format(dfilename, name, ci->data_file_name, MARIA_NAME_DEXT, MY_REPLACE_DIR | MY_UNPACK_FILENAME | MY_APPEND_EXT); diff -Nru mariadb-11.8.6/storage/maria/ma_rt_index.c mariadb-11.8.8/storage/maria/ma_rt_index.c --- mariadb-11.8.6/storage/maria/ma_rt_index.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_rt_index.c 2026-05-24 09:58:32.000000000 +0000 @@ -931,7 +931,6 @@ my_off_t page_pos, uint *page_size, stPageList *ReinsertList, int level) { - ulong i; uint nod_flag; int res; my_bool buff_alloced; @@ -959,9 +958,9 @@ k= rt_PAGE_FIRST_KEY(share, page_buf, nod_flag); last= rt_PAGE_END(&page); - for (i= 0; + for (; k < last; - k= rt_PAGE_NEXT_KEY(share, k, key->data_length, nod_flag), i++) + k= rt_PAGE_NEXT_KEY(share, k, key->data_length, nod_flag)) { if (nod_flag) { diff -Nru mariadb-11.8.6/storage/maria/ma_sp_key.c mariadb-11.8.8/storage/maria/ma_sp_key.c --- mariadb-11.8.6/storage/maria/ma_sp_key.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_sp_key.c 2026-05-24 09:58:32.000000000 +0000 @@ -47,7 +47,6 @@ uint dlen; uchar *dptr; double mbr[SPDIMS * 2]; - uint i; DBUG_ENTER("_ma_sp_make_key"); keyseg = &keyinfo->seg[-1]; @@ -64,7 +63,7 @@ sp_mbr_from_wkb(dptr + 4, dlen - 4, SPDIMS, mbr); /* SRID */ - for (i = 0, keyseg = keyinfo->seg; keyseg->type; keyseg++, i++) + for (keyseg = keyinfo->seg; keyseg->type; keyseg++) { uint length = keyseg->length, start= keyseg->start; double val; diff -Nru mariadb-11.8.6/storage/maria/ma_test1.c mariadb-11.8.8/storage/maria/ma_test1.c --- mariadb-11.8.6/storage/maria/ma_test1.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_test1.c 2026-05-24 09:58:32.000000000 +0000 @@ -536,14 +536,14 @@ rownr&=7; /* Some identical keys */ if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -553,12 +553,12 @@ else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -637,7 +637,7 @@ { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record,MY_MAX(MAX_REC_LENGTH-rownr,10),' '); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -647,7 +647,9 @@ else if (recinfo[1].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, + MAX_REC_LENGTH - ((char*) pos + pack_length - (char*) record), + "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -656,7 +658,8 @@ } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH - ((char*) pos - (char*) record), + "... row: %d", rownr); strappend((char*) pos,recinfo[1].length,' '); } } diff -Nru mariadb-11.8.6/storage/maria/ma_test2.c mariadb-11.8.8/storage/maria/ma_test2.c --- mariadb-11.8.6/storage/maria/ma_test2.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/ma_test2.c 2026-05-24 09:58:32.000000000 +0000 @@ -258,7 +258,7 @@ { ulong blob_length; n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf((char*) record, sizeof(record), "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); int4store(record+STANDARD_LENGTH-4,(long) i); fix_length(record,(uint) STANDARD_LENGTH+rnd(60)); put_blob_in_record(record+blob_pos,&blob_buffer, &blob_length); @@ -289,7 +289,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!j) for (j=999 ; j>0 && key1[j] == 0 ; j--) ; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("Test in loop: Can't find key: \"%s\"\n",key); @@ -329,7 +329,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",key); @@ -373,14 +373,14 @@ for (i=0 ; i < update_count ; i++) { n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record2,"%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); + snprintf((char*) record2, sizeof(record2), "%6d:%4d:%8d:XXX: %4d ",n1,n2,n3,update); int4store(record2+STANDARD_LENGTH-4,(long) i); fix_length(record2,(uint) STANDARD_LENGTH+rnd(60)); for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (maria_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n", (char*) key); @@ -436,7 +436,7 @@ dupp_keys=key1[i]; j=i; } } - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); start=keyinfo[0].seg[0].start; length=keyinfo[0].seg[0].length; if (dupp_keys) @@ -749,8 +749,8 @@ key_range min_key, max_key; if (j > k) swap_variables(int, j, k); - sprintf((char*) key,"%6d",j); - sprintf((char*) key2,"%6d",k); + snprintf((char*) key, sizeof(key), "%6d",j); + snprintf((char*) key2, sizeof(key2), "%6d",k); min_key.key= key; min_key.keypart_map= HA_WHOLE_KEY; @@ -794,11 +794,11 @@ if (verbose) { char buff[80]; - get_date(buff,3,info.create_time); + get_date(buff,sizeof(buff),3,info.create_time); printf("info: Created %s\n",buff); - get_date(buff,3,info.check_time); + get_date(buff,sizeof(buff),3,info.check_time); printf("info: checked %s\n",buff); - get_date(buff,3,info.update_time); + get_date(buff,sizeof(buff),3,info.update_time); printf("info: Modified %s\n",buff); } diff -Nru mariadb-11.8.6/storage/maria/test_ma_backup.c mariadb-11.8.8/storage/maria/test_ma_backup.c --- mariadb-11.8.6/storage/maria/test_ma_backup.c 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/maria/test_ma_backup.c 2026-05-24 09:58:32.000000000 +0000 @@ -340,14 +340,14 @@ { if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, UINT_MAX, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr % 100); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr % 100); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -357,12 +357,12 @@ else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr % 100); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr % 100); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -417,7 +417,7 @@ { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record, rownr % MAX_REC_LENGTH,'x'); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -427,7 +427,7 @@ else if (recinfo[1].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, MAX_REC_LENGTH, "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -436,7 +436,7 @@ } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH, "... row: %d", rownr); strappend((char*) pos,recinfo[1].length,' '); } } diff -Nru mariadb-11.8.6/storage/mroonga/ha_mroonga.cpp mariadb-11.8.8/storage/mroonga/ha_mroonga.cpp --- mariadb-11.8.6/storage/mroonga/ha_mroonga.cpp 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/ha_mroonga.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -548,14 +548,17 @@ case HA_EXTRA_STARTING_ORDERED_INDEX_SCAN: inspected = "HA_EXTRA_STARTING_ORDERED_INDEX_SCAN"; break; - case HA_EXTRA_BEGIN_ALTER_COPY: - inspected = "HA_EXTRA_BEGIN_ALTER_COPY"; + case HA_EXTRA_BEGIN_COPY: + inspected = "HA_EXTRA_BEGIN_COPY"; break; - case HA_EXTRA_END_ALTER_COPY: - inspected = "HA_EXTRA_END_ALTER_COPY"; + case HA_EXTRA_END_COPY: + inspected = "HA_EXTRA_END_COPY"; break; - case HA_EXTRA_ABORT_ALTER_COPY: - inspected = "HA_EXTRA_ABORT_ALTER_COPY"; + case HA_EXTRA_ABORT_COPY: + inspected = "HA_EXTRA_ABORT_COPY"; + break; + case HA_EXTRA_BEGIN_ALTER_IGNORE_COPY: + inspected = "HA_EXTRA_BEGIN_ALTER_IGNORE_COPY"; break; #ifdef MRN_HAVE_HA_EXTRA_EXPORT case HA_EXTRA_EXPORT: @@ -582,19 +585,19 @@ inspected = "HA_EXTRA_SKIP_SERIALIZABLE_DD_VIEW"; break; #endif -#ifdef MRN_HAVE_HA_EXTRA_BEGIN_ALTER_COPY - case HA_EXTRA_BEGIN_ALTER_COPY: - inspected = "HA_EXTRA_BEGIN_ALTER_COPY"; +#ifdef MRN_HAVE_HA_EXTRA_BEGIN_COPY + case HA_EXTRA_BEGIN_COPY: + inspected = "HA_EXTRA_BEGIN_COPY"; break; #endif -#ifdef MRN_HAVE_HA_EXTRA_END_ALTER_COPY - case HA_EXTRA_END_ALTER_COPY: - inspected = "HA_EXTRA_END_ALTER_COPY"; +#ifdef MRN_HAVE_HA_EXTRA_END_COPY + case HA_EXTRA_END_COPY: + inspected = "HA_EXTRA_END_COPY"; break; #endif -#ifdef MRN_HAVE_HA_EXTRA_ABORT_ALTER_COPY - case HA_EXTRA_ABORT_ALTER_COPY: - inspected = "HA_EXTRA_ABORT_ALTER_COPY"; +#ifdef MRN_HAVE_HA_EXTRA_ABORT_COPY + case HA_EXTRA_ABORT_COPY: + inspected = "HA_EXTRA_ABORT_COPY"; break; #endif #ifdef MRN_HAVE_HA_EXTRA_NO_AUTOINC_LOCKING @@ -772,6 +775,27 @@ static_cast(mrn_log_level), &mrn_log_level_typelib); +static int mrn_log_file_check(THD *thd, struct st_mysql_sys_var *var, + void *save, struct st_mysql_value *value) +{ + MRN_DBUG_ENTER_FUNCTION(); + + char buf[STRING_BUFFER_USUAL_SIZE]; + int len = sizeof(buf); + const char* new_value = value->val_str(value, buf, &len); + + if (!new_value || len == 0) { + my_printf_error(ER_MRN_INVALID_NULL_VALUE_NUM, + ER_MRN_INVALID_NULL_VALUE_STR, + MYF(0), + "mroonga_log_file"); + DBUG_RETURN(1); + } + + *((const char**)save) = thd->strmake(new_value, len); + + DBUG_RETURN(0); +} static void mrn_log_file_update(THD *thd, struct st_mysql_sys_var *var, void *var_ptr, const void *save) { @@ -844,7 +868,7 @@ static MYSQL_SYSVAR_STR(log_file, mrn_log_file_path, PLUGIN_VAR_RQCMDARG | PLUGIN_VAR_MEMALLOC, "log file for " MRN_PLUGIN_NAME_STRING, - NULL, + mrn_log_file_check, mrn_log_file_update, MRN_LOG_FILE_PATH); @@ -934,6 +958,12 @@ char **old_value_ptr = (char **)var_ptr; grn_ctx *ctx = &mrn_ctx; + if(!new_value) { + new_value = "off"; +#ifndef MRN_NEED_FREE_STRING_MEMALLOC_PLUGIN_VAR + new_value = mrn_my_strdup(new_value, MYF(MY_WME)); +#endif + } mrn_change_encoding(ctx, system_charset_info); if (strcmp(*old_value_ptr, new_value) == 0) { GRN_LOG(ctx, GRN_LOG_NOTICE, @@ -1674,6 +1704,7 @@ ER_MRN_INVALID_INDEX_FLAG_NUM, ER_MRN_INVALID_INDEX_FLAG_STR, invalid_flag_name); + break; } } return found; @@ -3708,8 +3739,9 @@ if (!grn_table_ref) { error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] is not mroonga table", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] is not mroonga table", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3725,8 +3757,9 @@ grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] is not found", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] is not found", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3738,8 +3771,9 @@ grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, "reference table [%s.%s] has no primary key", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] has no primary key", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3752,9 +3786,9 @@ grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, - "reference table [%s.%s] primary key is multiple column", - table->s->db.str, ref_table_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference table [%s.%s] primary key is multiple column", + table->s->db.str, ref_table_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -3766,9 +3800,9 @@ grn_obj_unlink(ctx, grn_table_ref); error = ER_CANT_CREATE_TABLE; char err_msg[MRN_BUFFER_SIZE]; - sprintf(err_msg, - "reference column [%s.%s.%s] is not used for primary key", - table->s->db.str, ref_table_name.str, ref_field_name.str); + snprintf(err_msg, MRN_BUFFER_SIZE, + "reference column [%s.%s.%s] is not used for primary key", + table->s->db.str, ref_table_name.str, ref_field_name.str); my_message(error, err_msg, MYF(0)); DBUG_RETURN(false); } @@ -9015,7 +9049,7 @@ } else if (flag & HA_READ_MBR_EQUAL) { strcpy(search_name, "equal"); } else { - sprintf(search_name, "unknown: %d", flag); + snprintf(search_name, MRN_BUFFER_SIZE, "unknown: %d", flag); } push_warning_printf(ha_thd(), MRN_SEVERITY_WARNING, @@ -9604,11 +9638,11 @@ tokenizer = grn_ctx_get(ctx, name, name_length); if (!tokenizer) { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "specified tokenizer for fulltext index <%.*s> doesn't exist. " - "The default tokenizer for fulltext index <%s> is used instead.", - name_length, name, - MRN_DEFAULT_TOKENIZER); + snprintf(message, MRN_BUFFER_SIZE, + "specified tokenizer for fulltext index <%.*s> doesn't exist. " + "The default tokenizer for fulltext index <%s> is used instead.", + name_length, name, + MRN_DEFAULT_TOKENIZER); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); @@ -9773,9 +9807,9 @@ return true; } else { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "nonexistent token filter: <%.*s>", - token_filter_name_length, token_filter_name); + snprintf(message, MRN_BUFFER_SIZE, + "nonexistent token filter: <%.*s>", + token_filter_name_length, token_filter_name); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); @@ -9830,12 +9864,12 @@ break_loop: if (!name_start) { char message[MRN_BUFFER_SIZE]; - sprintf(message, - "empty token filter name: " - "<%.*s|%.*s|%.*s>", - (int)(last_name_end - start), start, - (int)(current - last_name_end), last_name_end, - (int)(end - current), current); + snprintf(message, MRN_BUFFER_SIZE, + "empty token filter name: " + "<%.*s|%.*s|%.*s>", + (int)(last_name_end - start), start, + (int)(current - last_name_end), last_name_end, + (int)(end - current), current); push_warning(ha_thd(), MRN_SEVERITY_WARNING, ER_UNSUPPORTED_EXTENSION, message); diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/create_table_index_flags_invalid.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/create_table_index_flags_invalid.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/create_table_index_flags_invalid.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/create_table_index_flags_invalid.result 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,13 @@ +# +# MDEV-39479 Mroonga: avoid hang on invalid index flags +# +CREATE TABLE memos ( +content VARCHAR(64) NOT NULL, +FULLTEXT INDEX (content) COMMENT 'flags "COMPRESS_ZSTD"' +); +Warnings: +Warning 16508 The index flag 'COMPRESS_ZSTD' is invalid. It is ignored +SELECT mroonga_command("dump --dump_plugins no --dump_schema no"); +mroonga_command("dump --dump_plugins no --dump_schema no") +column_create memos#content index COLUMN_INDEX|WITH_POSITION memos content +DROP TABLE memos; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/fulltext_found_rows.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/fulltext_found_rows.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/fulltext_found_rows.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/fulltext_found_rows.result 2026-05-24 09:58:32.000000000 +0000 @@ -1,4 +1,3 @@ -DROP TABLE IF EXISTS diaries; SET NAMES UTF8; CREATE TABLE diaries ( id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_command_auto-escape.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_auto-escape.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_command_auto-escape.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_auto-escape.result 2026-05-24 09:58:32.000000000 +0000 @@ -8,9 +8,7 @@ INSERT INTO diaries VALUES('It is Mroonga'); SELECT mroonga_command('select', 'table', 'diaries', -'filter', 'title @ "Groonga"'); -mroonga_command('select', -'table', 'diaries', -'filter', 'title @ "Groonga"') +'filter', 'title @ "Groonga"') c; +c [[[1],[["_id","UInt32"],["title","LongText"]],[1,"It is Groonga"]]] DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_command_select.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_select.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_command_select.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_command_select.result 2026-05-24 09:58:32.000000000 +0000 @@ -7,7 +7,7 @@ INSERT INTO diaries VALUES("Start groonga"); INSERT INTO diaries VALUES("Start mroonga"); INSERT INTO diaries VALUES("Start groonga and Ruby"); -SELECT mroonga_command('select diaries --match_columns "title" --query "groonga"'); -mroonga_command('select diaries --match_columns "title" --query "groonga"') +SELECT mroonga_command('select diaries --match_columns "title" --query "groonga"') c; +c [[[2],[["_id","UInt32"],["title","LongText"]],[1,"Start groonga"],[3,"Start groonga and Ruby"]]] DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_ascii.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_ascii.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_ascii.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_ascii.result 2026-05-24 09:58:32.000000000 +0000 @@ -5,8 +5,8 @@ insert into t1 values(3,30,"cc dd ee ff gg >< hh ii jj kk ll mm nn oo pp"); insert into t1 values(4,40,"ee ff gg hh ii >< jj kk ll mm nn oo pp qq rr"); insert into t1 values(5,50,"AA BB CC DD EE >< FF GG HH II JJ KK LL MM NN"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +c1 c2 s 1 10 ...a bb cc dd...
    ...e >< ff gg...
    @@ -20,8 +20,8 @@ 5 50 ...A BB CC DD...
    ...E >< FF GG...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +c1 c2 s 1 10 ... bb cc dd ...
    ... >< ff gg ...
    @@ -33,8 +33,8 @@ 4 40 ...ee ff gg h...
    5 50 -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +c1 c2 s 1 10 ... bb cc dd ...
    ... >< ff gg ...
    @@ -48,8 +48,8 @@ 5 50 ... BB CC DD ...
    ... >< FF GG ...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +c1 c2 s 1 10 ... bb cc dd ...
    ... >< ff gg ...
    @@ -61,8 +61,8 @@ 4 40 ...ee ff gg h...
    5 50 -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +c1 c2 s 1 10 ...a(w1)[ bb] cc(w3)[ dd]... ...e ><(w2)[ ff] gg... @@ -76,8 +76,8 @@ 5 50 ...A(w1)[ BB] CC(w3)[ DD]... ...E ><(w2)[ FF] GG... -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +c1 c2 s 1 10 ... (w1)[bb] cc (w3)[dd] ... ... >< (w2)[ff] gg ... @@ -89,8 +89,8 @@ 4 40 ...ee (w2)[ff] gg h... 5 50 -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +c1 c2 s 1 10 ... (w1)[bb] cc (w3)[dd] ... ... >< (w2)[ff] gg ... @@ -104,8 +104,8 @@ 5 50 ... (w1)[BB] CC (w3)[DD] ... ... >< (w2)[FF] GG ... -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +c1 c2 s 1 10 ... (w1)[bb] cc (w3)[dd] ... ... >< (w2)[ff] gg ... diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_cp932.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_cp932.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_cp932.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_cp932.result 2026-05-24 09:58:32.000000000 +0000 @@ -4,8 +4,8 @@ insert into t1 values(1, "‚ ‚ ‚ ‚ ‚ ","‚Q‚X“ú‚Ì•xŽmŽR‚Ì“V‹C‚ɂ‚¢‚Ä"); insert into t1 values(2, "‚¢‚¢‚¢‚¢‚¢","‚Q‚X“ú‚Ì•xŽmŽR‚Ì“V‹C‚Í•ª‚©‚è‚Ü‚¹‚ñ"); insert into t1 values(3, "‚¤‚¤‚¤‚¤‚¤","29“ú‚Ì•xŽmŽR‚Ì“V‹C‚ɂ‚¢‚Ä"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...‚Q‚X“ú‚Ì•x...
    ...‚Ì“V‹C‚É‚Â...
    @@ -15,8 +15,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...29“ú‚Ì•xŽm...
    ...‚Ì“V‹C‚É‚Â...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...‚Q‚X“ú‚Ì•x...
    ...‚Ì“V‹C‚É‚Â...
    @@ -25,8 +25,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...‚Ì•xŽmŽR‚Ì...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...‚Q‚X“ú‚Ì•x...
    ...‚Ì“V‹C‚É‚Â...
    @@ -36,8 +36,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...29“ú‚Ì•xŽm...
    ...‚Ì“V‹C‚É‚Â...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...‚Q‚X“ú‚Ì•x...
    ...‚Ì“V‹C‚É‚Â...
    @@ -46,8 +46,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...‚Ì•xŽmŽR‚Ì...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...(w1)[‚Q‚X“ú]‚Ì•x... ...‚Ì(w2)[“V‹C]‚É‚Â... @@ -57,8 +57,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...(w1)[29“ú]‚Ì•xŽm... ...‚Ì(w2)[“V‹C]‚É‚Â... -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...(w1)[‚Q‚X“ú]‚Ì•x... ...‚Ì(w2)[“V‹C]‚É‚Â... @@ -67,8 +67,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...‚Ì(w3)[•xŽmŽR]‚Ì... -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...(w1)[‚Q‚X“ú]‚Ì•x... ...‚Ì(w2)[“V‹C]‚É‚Â... @@ -78,8 +78,8 @@ 3 ‚¤‚¤‚¤‚¤‚¤ ...(w1)[29“ú]‚Ì•xŽm... ...‚Ì(w2)[“V‹C]‚É‚Â... -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +c1 c2 s 1 ‚ ‚ ‚ ‚ ‚  ...(w1)[‚Q‚X“ú]‚Ì•x... ...‚Ì(w2)[“V‹C]‚É‚Â... diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_eucjpms.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_eucjpms.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_eucjpms.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_eucjpms.result 2026-05-24 09:58:32.000000000 +0000 @@ -4,8 +4,8 @@ insert into t1 values(1, "¤¢¤¢¤¢¤¢¤¢","£²£¹Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ë¤Ä¤¤¤Æ"); insert into t1 values(2, "¤¤¤¤¤¤¤¤¤¤","£²£¹Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ïʬ¤«¤ê¤Þ¤»¤ó"); insert into t1 values(3, "¤¦¤¦¤¦¤¦¤¦","29Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ë¤Ä¤¤¤Æ"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...£²£¹Æü¤ÎÉÙ...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    @@ -15,8 +15,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...29Æü¤ÎÉÙ»Î...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...£²£¹Æü¤ÎÉÙ...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    @@ -25,8 +25,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...¤ÎÉٻ볤Î...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...£²£¹Æü¤ÎÉÙ...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    @@ -36,8 +36,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...29Æü¤ÎÉÙ»Î...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...£²£¹Æü¤ÎÉÙ...
    ...¤ÎÅ·µ¤¤Ë¤Ä...
    @@ -46,8 +46,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...¤ÎÉٻ볤Î...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...(w1)[£²£¹Æü]¤ÎÉÙ... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... @@ -57,8 +57,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...(w1)[29Æü]¤ÎÉÙ»Î... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...(w1)[£²£¹Æü]¤ÎÉÙ... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... @@ -67,8 +67,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...¤Î(w3)[Éٻλ³]¤Î... -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...(w1)[£²£¹Æü]¤ÎÉÙ... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... @@ -78,8 +78,8 @@ 3 ¤¦¤¦¤¦¤¦¤¦ ...(w1)[29Æü]¤ÎÉÙ»Î... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +c1 c2 s 1 ¤¢¤¢¤¢¤¢¤¢ ...(w1)[£²£¹Æü]¤ÎÉÙ... ...¤Î(w2)[Å·µ¤]¤Ë¤Ä... diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_html_dynamic_keyword.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_html_dynamic_keyword.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_html_dynamic_keyword.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_html_dynamic_keyword.result 2026-05-24 09:58:32.000000000 +0000 @@ -9,3 +9,4 @@ snippet
    Mroonga is the Groonga based storage engine.
    Mroonga is the Groonga based storage engine.
    +DROP TABLE keywords; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_japanese.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_japanese.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_japanese.result 2026-01-31 13:27:48.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/function_snippet_japanese.result 2026-05-24 09:58:32.000000000 +0000 @@ -4,8 +4,8 @@ insert into t1 values(1, "ã‚ã‚ã‚ã‚ã‚","29日ã®å¯Œå£«å±±ã®å¤©æ°—ã«ã¤ã„ã¦"); insert into t1 values(2, "ã„ã„ã„ã„ã„","29日ã®å¯Œå£«å±±ã®å¤©æ°—ã¯åˆ†ã‹ã‚Šã¾ã›ã‚“"); insert into t1 values(3, "ã†ã†ã†ã†ã†","29æ—¥ã®å¯Œå£«å±±ã®å¤©æ°—ã«ã¤ã„ã¦"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...29日...
    ...富士山...
    @@ -15,8 +15,8 @@ 3 ã†ã†ã†ã†ã† ...29æ—¥ã®...
    ...天気ã«...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...29日...
    ...富士山...
    @@ -26,8 +26,8 @@ 3 ã†ã†ã†ã†ã† ...富士山...
    ...天気ã«...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...29日...
    ...富士山...
    @@ -37,8 +37,8 @@ 3 ã†ã†ã†ã†ã† ...29æ—¥ã®...
    ...天気ã«...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...29日...
    ...富士山...
    @@ -48,8 +48,8 @@ 3 ã†ã†ã†ã†ã† ...富士山...
    ...天気ã«...
    -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...(w1)[29日]... ...(w3)[富士山]... @@ -59,8 +59,8 @@ 3 ã†ã†ã†ã†ã† ...(w1)[29æ—¥]ã®... ...(w2)[天気]ã«... -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...(w1)[29日]... ...(w3)[富士山]... @@ -70,8 +70,8 @@ 3 ã†ã†ã†ã†ã† ...(w3)[富士山]... ...(w2)[天気]ã«... -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...(w1)[29日]... ...(w3)[富士山]... @@ -81,8 +81,8 @@ 3 ã†ã†ã†ã†ã† ...(w1)[29æ—¥]ã®... ...(w2)[天気]ã«... -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -c1 c2 mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +c1 c2 s 1 ã‚ã‚ã‚ã‚ã‚ ...(w1)[29日]... ...(w3)[富士山]... diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_default_tokenizer_disable.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_default_tokenizer_disable.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_default_tokenizer_disable.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_default_tokenizer_disable.result 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,5 @@ +SET GLOBAL mroonga_default_tokenizer = NULL; +SHOW GLOBAL VARIABLES LIKE 'mroonga_default_tokenizer'; +Variable_name Value +mroonga_default_tokenizer off +SET GLOBAL mroonga_default_tokenizer = DEFAULT; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_enable_operations_recording_insert.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_enable_operations_recording_insert.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_enable_operations_recording_insert.result 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_enable_operations_recording_insert.result 2026-05-24 09:58:32.000000000 +0000 @@ -2,31 +2,31 @@ CREATE TABLE diaries ( title TEXT ) DEFAULT CHARSET=utf8; -SELECT mroonga_command('truncate mroonga_operations'); -mroonga_command('truncate mroonga_operations') +SELECT mroonga_command('truncate mroonga_operations') c; +c true INSERT INTO diaries VALUES("Unlogged: Research for Mroonga"); -SELECT mroonga_command('load --table mroonga_operations --values "[{}]"'); -mroonga_command('load --table mroonga_operations --values "[{}]"') +SELECT mroonga_command('load --table mroonga_operations --values "[{}]"') c; +c 1 -SELECT mroonga_command('select mroonga_operations --output_columns _id'); -mroonga_command('select mroonga_operations --output_columns _id') +SELECT mroonga_command('select mroonga_operations --output_columns _id') c; +c [[[1],[["_id","UInt32"]],[2]]] SET GLOBAL mroonga_enable_operations_recording = false; FLUSH TABLES; -SELECT mroonga_command('truncate mroonga_operations'); -mroonga_command('truncate mroonga_operations') +SELECT mroonga_command('truncate mroonga_operations') c; +c true INSERT INTO diaries VALUES("Logged: Research for Mroonga"); -SELECT mroonga_command('load --table mroonga_operations --values "[{}]"'); -mroonga_command('load --table mroonga_operations --values "[{}]"') +SELECT mroonga_command('load --table mroonga_operations --values "[{}]"') c; +c 1 -SELECT mroonga_command('select mroonga_operations --output_columns _id'); -mroonga_command('select mroonga_operations --output_columns _id') +SELECT mroonga_command('select mroonga_operations --output_columns _id') c; +c [[[1],[["_id","UInt32"]],[1]]] DROP TABLE diaries; -SELECT mroonga_command('truncate mroonga_operations'); -mroonga_command('truncate mroonga_operations') +SELECT mroonga_command('truncate mroonga_operations') c; +c true SET GLOBAL mroonga_enable_operations_recording = default; FLUSH TABLES; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_log_file_reject_null.result mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_log_file_reject_null.result --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/r/variable_log_file_reject_null.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/r/variable_log_file_reject_null.result 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,7 @@ +SET GLOBAL mroonga_log_file = NULL; +ERROR HY000: NULL value can't be used for mroonga_log_file +SET GLOBAL mroonga_log_file = ''; +ERROR HY000: NULL value can't be used for mroonga_log_file +SHOW GLOBAL VARIABLES LIKE 'mroonga_log_file'; +Variable_name Value +mroonga_log_file groonga.log diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -30,10 +30,7 @@ ALTER TABLE tags ADD COLUMN name VARCHAR(64) COMMENT 'flags "COLUMN_VECTOR"'; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_parameter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_parameter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_parameter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_flags_parameter.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,10 +33,7 @@ ALTER TABLE tags ADD COLUMN name VARCHAR(64) FLAGS='COLUMN_VECTOR'; SHOW CREATE TABLE tags; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -35,10 +35,7 @@ ALTER TABLE bugs ADD COLUMN name VARCHAR(64) COMMENT 'groonga_type "tags"'; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_parameter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_parameter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_parameter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_groonga_type_parameter.test 2026-05-24 09:58:32.000000000 +0000 @@ -38,10 +38,7 @@ ALTER TABLE bugs ADD COLUMN name VARCHAR(64) GROONGA_TYPE='tags'; SHOW CREATE TABLE bugs; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_cp932.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_cp932.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_cp932.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_cp932.test 2026-05-24 09:58:32.000000000 +0000 @@ -45,10 +45,7 @@ SELECT * FROM users WHERE MATCH (–¼‘O) AGAINST ('+‚½‚È‚©' IN BOOLEAN MODE); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol DROP TABLE users; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_utf8.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_utf8.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_utf8.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_multibyte_utf8.test 2026-05-24 09:58:32.000000000 +0000 @@ -45,10 +45,7 @@ SELECT * FROM users WHERE MATCH (åå‰) AGAINST ('+ãŸãªã‹' IN BOOLEAN MODE); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol DROP TABLE users; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_type_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_type_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_type_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_column_type_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -34,10 +34,7 @@ ALTER TABLE bugs ADD COLUMN name VARCHAR(64) COMMENT 'type "tags"'; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_index_token_filters_one_token_filter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_index_token_filters_one_token_filter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_index_token_filters_one_token_filter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_add_index_token_filters_one_token_filter.test 2026-05-24 09:58:32.000000000 +0000 @@ -34,10 +34,7 @@ ALTER TABLE memos ADD FULLTEXT INDEX (content) COMMENT 'token_filters "TokenFilterStopWord"'; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_change_token_filter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_change_token_filter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_change_token_filter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_change_token_filter.test 2026-05-24 09:58:32.000000000 +0000 @@ -37,8 +37,6 @@ FULLTEXT INDEX (content) COMMENT 'table "terms"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ALTER TABLE terms COMMENT='default_tokenizer "TokenBigram", token_filters "TokenFilterStopWord"'; @@ -49,7 +47,6 @@ ALTER TABLE memos ENABLE KEYS; SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; DROP TABLE terms; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_disable_keys_fulltext_table.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_disable_keys_fulltext_table.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_disable_keys_fulltext_table.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_disable_keys_fulltext_table.test 2026-05-24 09:58:32.000000000 +0000 @@ -35,12 +35,9 @@ FULLTEXT INDEX content_index (content) COMMENT 'table "terms"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ALTER TABLE memos DISABLE KEYS; SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; DROP TABLE terms; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_enable_keys_fulltext_table.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_enable_keys_fulltext_table.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_enable_keys_fulltext_table.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/alter_table_enable_keys_fulltext_table.test 2026-05-24 09:58:32.000000000 +0000 @@ -35,13 +35,10 @@ FULLTEXT INDEX content_index (content) COMMENT 'table "terms"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol ALTER TABLE memos DISABLE KEYS; SELECT mroonga_command("dump --dump_plugins no"); ALTER TABLE memos ENABLE KEYS; SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; DROP TABLE terms; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_fulltext_vector_other_table.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_fulltext_vector_other_table.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_fulltext_vector_other_table.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_fulltext_vector_other_table.test 2026-05-24 09:58:32.000000000 +0000 @@ -39,10 +39,7 @@ INSERT INTO bugs (id, tags) VALUES (1, "Linux MySQL groonga"); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol SELECT *, MATCH (tags) AGAINST ("+MySQL" IN BOOLEAN MODE) AS score FROM bugs diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_int_other_table.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_int_other_table.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_int_other_table.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_groonga_index_int_other_table.test 2026-05-24 09:58:32.000000000 +0000 @@ -40,10 +40,7 @@ INSERT INTO bugs (id, priority) VALUES (2, 3); INSERT INTO bugs (id, priority) VALUES (3, -2); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol SELECT * FROM bugs diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_cp932.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_cp932.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_cp932.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_cp932.test 2026-05-24 09:58:32.000000000 +0000 @@ -43,10 +43,7 @@ SELECT * FROM users WHERE MATCH (–¼‘O) AGAINST ('+‚½‚È‚©' IN BOOLEAN MODE); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol DROP TABLE users; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_utf8.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_utf8.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_utf8.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/column_multibyte_utf8.test 2026-05-24 09:58:32.000000000 +0000 @@ -43,10 +43,7 @@ SELECT * FROM users WHERE MATCH (åå‰) AGAINST ('+ãŸãªã‹' IN BOOLEAN MODE); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no --dump_records no"); ---enable_cursor_protocol DROP TABLE users; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -29,10 +29,7 @@ tags TEXT COMMENT 'flags "COLUMN_VECTOR"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_parameter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_parameter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_parameter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_flags_parameter.test 2026-05-24 09:58:32.000000000 +0000 @@ -30,10 +30,7 @@ tags TEXT FLAGS='COLUMN_VECTOR' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,10 +33,7 @@ tag VARCHAR(64) COMMENT 'groonga_type "tags"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_parameter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_parameter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_parameter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_groonga_type_parameter.test 2026-05-24 09:58:32.000000000 +0000 @@ -36,10 +36,7 @@ ) DEFAULT CHARSET=utf8; SHOW CREATE TABLE bugs; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_type_comment.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_type_comment.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_type_comment.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_column_type_comment.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,10 +33,7 @@ tag VARCHAR(64) COMMENT 'type "tags"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE bugs; DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_default_tokenizer.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_default_tokenizer.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_default_tokenizer.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_default_tokenizer.test 2026-05-24 09:58:32.000000000 +0000 @@ -30,10 +30,7 @@ COLLATE=utf8_bin COMMENT='default_tokenizer "TokenDelimit"'; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE tags; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_flags_invalid.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_flags_invalid.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_flags_invalid.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_flags_invalid.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,34 @@ +# Copyright(C) 2026 +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA + +--echo # +--echo # MDEV-39479 Mroonga: avoid hang on invalid index flags +--echo # + +--source ../../include/mroonga/have_mroonga.inc +--source ../../include/mroonga/load_mroonga_functions.inc + +CREATE TABLE memos ( + content VARCHAR(64) NOT NULL, + FULLTEXT INDEX (content) COMMENT 'flags "COMPRESS_ZSTD"' +); + +SELECT mroonga_command("dump --dump_plugins no --dump_schema no"); + +DROP TABLE memos; + +--source ../../include/mroonga/unload_mroonga_functions.inc +--source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_normalizer_index_bin.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_normalizer_index_bin.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_normalizer_index_bin.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_normalizer_index_bin.test 2026-05-24 09:58:32.000000000 +0000 @@ -29,10 +29,7 @@ INDEX (content) COMMENT 'normalizer "NormalizerAuto"' ) DEFAULT CHARSET=utf8 COLLATE=utf8_bin; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_multiple_token_filters.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_multiple_token_filters.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_multiple_token_filters.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_multiple_token_filters.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,10 +33,7 @@ FULLTEXT INDEX (content) COMMENT 'token_filters "TokenFilterStopWord,TokenFilterStopWord"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_one_token_filter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_one_token_filter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_one_token_filter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_one_token_filter.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,10 +33,7 @@ FULLTEXT INDEX (content) COMMENT 'token_filters "TokenFilterStopWord"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_parameter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_parameter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_parameter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_index_token_filters_parameter.test 2026-05-24 09:58:32.000000000 +0000 @@ -36,10 +36,7 @@ ) DEFAULT CHARSET=utf8; SHOW CREATE TABLE memos; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_multiple_token_filters.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_multiple_token_filters.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_multiple_token_filters.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_multiple_token_filters.test 2026-05-24 09:58:32.000000000 +0000 @@ -37,10 +37,7 @@ FULLTEXT INDEX (content) COMMENT 'table "terms"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; DROP TABLE terms; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_one_token_filter.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_one_token_filter.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_one_token_filter.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/create_table_table_token_filters_one_token_filter.test 2026-05-24 09:58:32.000000000 +0000 @@ -37,10 +37,7 @@ FULLTEXT INDEX (content) COMMENT 'table "terms"' ) DEFAULT CHARSET=utf8; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command("dump --dump_plugins no"); ---enable_cursor_protocol DROP TABLE memos; DROP TABLE terms; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_existent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_existent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_existent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_existent.test 2026-05-24 09:58:32.000000000 +0000 @@ -44,10 +44,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_nonexistent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_nonexistent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_nonexistent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_delete_nonexistent.test 2026-05-24 09:58:32.000000000 +0000 @@ -44,10 +44,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_existent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_existent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_existent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_existent.test 2026-05-24 09:58:32.000000000 +0000 @@ -42,10 +42,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_nonexistent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_nonexistent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_nonexistent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_insert_nonexistent.test 2026-05-24 09:58:32.000000000 +0000 @@ -42,10 +42,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_existent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_existent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_existent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_existent.test 2026-05-24 09:58:32.000000000 +0000 @@ -44,10 +44,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_nonexistent.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_nonexistent.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_nonexistent.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/foreign_key_update_nonexistent.test 2026-05-24 09:58:32.000000000 +0000 @@ -44,10 +44,7 @@ SELECT * FROM entries; SELECT * FROM comments; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE entries; DROP TABLE comments; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/fulltext_found_rows.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/fulltext_found_rows.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/fulltext_found_rows.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/fulltext_found_rows.test 2026-05-24 09:58:32.000000000 +0000 @@ -15,10 +15,7 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335 USA --source ../../include/mroonga/have_mroonga.inc - ---disable_warnings -DROP TABLE IF EXISTS diaries; ---enable_warnings +--source include/no_view_protocol.inc SET NAMES UTF8; CREATE TABLE diaries ( diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_auto-escape.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_auto-escape.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_auto-escape.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_auto-escape.test 2026-05-24 09:58:32.000000000 +0000 @@ -31,12 +31,9 @@ INSERT INTO diaries VALUES('It is Groonga'); INSERT INTO diaries VALUES('It is Mroonga'); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('select', 'table', 'diaries', - 'filter', 'title @ "Groonga"'); ---enable_cursor_protocol + 'filter', 'title @ "Groonga"') c; DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_select.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_select.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_select.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_select.test 2026-05-24 09:58:32.000000000 +0000 @@ -33,7 +33,7 @@ INSERT INTO diaries VALUES("Start mroonga"); INSERT INTO diaries VALUES("Start groonga and Ruby"); -SELECT mroonga_command('select diaries --match_columns "title" --query "groonga"'); +SELECT mroonga_command('select diaries --match_columns "title" --query "groonga"') c; DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_special-database-name.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_special-database-name.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_command_special-database-name.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_command_special-database-name.test 2026-05-24 09:58:32.000000000 +0000 @@ -30,10 +30,7 @@ FULLTEXT KEY (title) ) DEFAULT CHARSET=utf8 COLLATE utf8_general_ci; -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_command('dump --dump_plugins no'); ---enable_cursor_protocol DROP TABLE diaries; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_dynamic_keyword.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_dynamic_keyword.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_dynamic_keyword.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_dynamic_keyword.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,13 +18,6 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc - ---disable_warnings ---disable_query_log -DROP TABLE IF EXISTS keywords; ---enable_query_log ---enable_warnings - CREATE TABLE keywords ( keyword text ); @@ -32,17 +25,9 @@ INSERT INTO keywords VALUES ('Mroonga'); INSERT INTO keywords VALUES ('Groonga'); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_highlight_html('Mroonga is the Groonga based storage engine.', keyword) AS highlighted FROM keywords; ---enable_cursor_protocol - ---disable_query_log -DROP TABLE keywords; ---enable_query_log - --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_multiple_keywords.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_multiple_keywords.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_multiple_keywords.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_multiple_keywords.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,11 +18,8 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_highlight_html('Mroonga is the Groonga based storage engine.', 'Mroonga', 'Groonga') AS highlighted; ---enable_cursor_protocol --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_normalizer.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_normalizer.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_normalizer.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_highlight_html_normalizer.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,11 +18,8 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_highlight_html('Mroonga is the Groonga based storage engine.', 'mroonga') AS highlighted; ---enable_cursor_protocol --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_default.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_default.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_default.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_default.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,10 +18,7 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_normalize('aBcAbCã‘'); ---enable_cursor_protocol --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_normalizer.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_normalizer.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_normalizer.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_normalize_normalizer.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,10 +18,7 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_normalize('aBcAbCã‘', "NormalizerAuto"); ---enable_cursor_protocol --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_ascii.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_ascii.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_ascii.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_ascii.test 2026-05-24 09:58:32.000000000 +0000 @@ -29,14 +29,14 @@ insert into t1 values(3,30,"cc dd ee ff gg >< hh ii jj kk ll mm nn oo pp"); insert into t1 values(4,40,"ee ff gg hh ii >< jj kk ll mm nn oo pp qq rr"); insert into t1 values(5,50,"AA BB CC DD EE >< FF GG HH II JJ KK LL MM NN"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 1, '...', '...
    \n', 'bb', '', '', 'ff', '', '', 'dd', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 0, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_general_ci', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'ascii_bin', 1, 0, '...', '...\n', 'bb', '(w1)[', ']', 'ff', '(w2)[', ']', 'dd', '(w3)[', ']') s from t1; drop table t1; --source ../../include/mroonga/unload_mroonga_functions.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_cp932.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_cp932.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_cp932.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_cp932.test 2026-05-24 09:58:32.000000000 +0000 @@ -29,14 +29,14 @@ insert into t1 values(1, "‚ ‚ ‚ ‚ ‚ ","‚Q‚X“ú‚Ì•xŽmŽR‚Ì“V‹C‚ɂ‚¢‚Ä"); insert into t1 values(2, "‚¢‚¢‚¢‚¢‚¢","‚Q‚X“ú‚Ì•xŽmŽR‚Ì“V‹C‚Í•ª‚©‚è‚Ü‚¹‚ñ"); insert into t1 values(3, "‚¤‚¤‚¤‚¤‚¤","29“ú‚Ì•xŽmŽR‚Ì“V‹C‚ɂ‚¢‚Ä"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 1, '...', '...
    \n', '‚Q‚X“ú', '', '', '“V‹C', '', '', '•xŽmŽR', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 0, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_japanese_ci', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'cp932_bin', 1, 0, '...', '...\n', '‚Q‚X“ú', '(w1)[', ']', '“V‹C', '(w2)[', ']', '•xŽmŽR', '(w3)[', ']') s from t1; drop table t1; --source ../../include/mroonga/unload_mroonga_functions.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_eucjpms.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_eucjpms.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_eucjpms.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_eucjpms.test 2026-05-24 09:58:32.000000000 +0000 @@ -29,14 +29,14 @@ insert into t1 values(1, "¤¢¤¢¤¢¤¢¤¢","£²£¹Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ë¤Ä¤¤¤Æ"); insert into t1 values(2, "¤¤¤¤¤¤¤¤¤¤","£²£¹Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ïʬ¤«¤ê¤Þ¤»¤ó"); insert into t1 values(3, "¤¦¤¦¤¦¤¦¤¦","29Æü¤ÎÉٻ볤ÎÅ·µ¤¤Ë¤Ä¤¤¤Æ"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 1, '...', '...
    \n', '£²£¹Æü', '', '', 'Å·µ¤', '', '', 'Éٻλ³', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 0, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_japanese_ci', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'eucjpms_bin', 1, 0, '...', '...\n', '£²£¹Æü', '(w1)[', ']', 'Å·µ¤', '(w2)[', ']', 'Éٻλ³', '(w3)[', ']') s from t1; drop table t1; --source ../../include/mroonga/unload_mroonga_functions.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_dynamic_keyword.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_dynamic_keyword.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_dynamic_keyword.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_dynamic_keyword.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,13 +18,6 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc - ---disable_warnings ---disable_query_log -DROP TABLE IF EXISTS keywords; ---enable_query_log ---enable_warnings - CREATE TABLE keywords ( keyword text ); @@ -32,17 +25,11 @@ INSERT INTO keywords VALUES ('Mroonga'); INSERT INTO keywords VALUES ('Groonga'); -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_snippet_html('Mroonga is the Groonga based storage engine.', keyword) as snippet FROM keywords; ---enable_cursor_protocol ---disable_query_log DROP TABLE keywords; ---enable_query_log - --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_multiple_keywords.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_multiple_keywords.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_multiple_keywords.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_html_multiple_keywords.test 2026-05-24 09:58:32.000000000 +0000 @@ -18,11 +18,8 @@ --source ../../include/mroonga/have_mroonga.inc --source ../../include/mroonga/load_mroonga_functions.inc -#Check after fix MDEV-31554 ---disable_cursor_protocol SELECT mroonga_snippet_html('Mroonga is the Groonga based storage engine.', 'Mroonga', 'Groonga') as snippet; ---enable_cursor_protocol --source ../../include/mroonga/unload_mroonga_functions.inc --source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_japanese.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_japanese.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_japanese.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/function_snippet_japanese.test 2026-05-24 09:58:32.000000000 +0000 @@ -27,14 +27,14 @@ insert into t1 values(1, "ã‚ã‚ã‚ã‚ã‚","29日ã®å¯Œå£«å±±ã®å¤©æ°—ã«ã¤ã„ã¦"); insert into t1 values(2, "ã„ã„ã„ã„ã„","29日ã®å¯Œå£«å±±ã®å¤©æ°—ã¯åˆ†ã‹ã‚Šã¾ã›ã‚“"); insert into t1 values(3, "ã†ã†ã†ã†ã†","29æ—¥ã®å¯Œå£«å±±ã®å¤©æ°—ã«ã¤ã„ã¦"); -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; -select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 1, '...', '...
    \n', '29日', '', '', '天気', '', '', '富士山', '', '') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 0, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_general_ci', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; +select c1, c2, mroonga_snippet(c3, 10, 2, 'utf8_bin', 1, 0, '...', '...\n', '29日', '(w1)[', ']', '天気', '(w2)[', ']', '富士山', '(w3)[', ']') s from t1; drop table t1; --source ../../include/mroonga/unload_mroonga_functions.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_default_tokenizer_disable.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_default_tokenizer_disable.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_default_tokenizer_disable.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_default_tokenizer_disable.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,25 @@ +# -*- mode: sql; sql-product: mysql -*- +# +# Copyright (C) 2026 hadeer +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +--source include/not_embedded.inc +--source ../../include/mroonga/have_mroonga.inc + +SET GLOBAL mroonga_default_tokenizer = NULL; +SHOW GLOBAL VARIABLES LIKE 'mroonga_default_tokenizer'; +SET GLOBAL mroonga_default_tokenizer = DEFAULT; + +--source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_enable_operations_recording_insert.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_enable_operations_recording_insert.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_enable_operations_recording_insert.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_enable_operations_recording_insert.test 2026-05-24 09:58:32.000000000 +0000 @@ -27,25 +27,25 @@ title TEXT ) DEFAULT CHARSET=utf8; -SELECT mroonga_command('truncate mroonga_operations'); +SELECT mroonga_command('truncate mroonga_operations') c; INSERT INTO diaries VALUES("Unlogged: Research for Mroonga"); --disable_ps2_protocol -SELECT mroonga_command('load --table mroonga_operations --values "[{}]"'); +SELECT mroonga_command('load --table mroonga_operations --values "[{}]"') c; --enable_ps2_protocol -SELECT mroonga_command('select mroonga_operations --output_columns _id'); +SELECT mroonga_command('select mroonga_operations --output_columns _id') c; SET GLOBAL mroonga_enable_operations_recording = false; FLUSH TABLES; -SELECT mroonga_command('truncate mroonga_operations'); +SELECT mroonga_command('truncate mroonga_operations') c; INSERT INTO diaries VALUES("Logged: Research for Mroonga"); --disable_ps2_protocol -SELECT mroonga_command('load --table mroonga_operations --values "[{}]"'); +SELECT mroonga_command('load --table mroonga_operations --values "[{}]"') c; --enable_ps2_protocol -SELECT mroonga_command('select mroonga_operations --output_columns _id'); +SELECT mroonga_command('select mroonga_operations --output_columns _id') c; DROP TABLE diaries; -SELECT mroonga_command('truncate mroonga_operations'); +SELECT mroonga_command('truncate mroonga_operations') c; SET GLOBAL mroonga_enable_operations_recording = default; FLUSH TABLES; diff -Nru mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_log_file_reject_null.test mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_log_file_reject_null.test --- mariadb-11.8.6/storage/mroonga/mysql-test/mroonga/storage/t/variable_log_file_reject_null.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/mysql-test/mroonga/storage/t/variable_log_file_reject_null.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,30 @@ +# -*- mode: sql; sql-product: mysql -*- +# +# Copyright (C) 2026 hadeer +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +--source ../../include/mroonga/have_mroonga.inc +--source include/not_embedded.inc + +--error 16505 +SET GLOBAL mroonga_log_file = NULL; + +--error 16505 +SET GLOBAL mroonga_log_file = ''; + +SHOW GLOBAL VARIABLES LIKE 'mroonga_log_file'; + +--source ../../include/mroonga/have_mroonga_deinit.inc diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_command.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_command.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_command.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_command.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -122,6 +122,7 @@ } init->maybe_null = 1; init->const_item = 0; + init->max_length = 640; info = (CommandInfo *)mrn_my_malloc(sizeof(CommandInfo), MYF(MY_WME | MY_ZEROFILL)); diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_highlight_html.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_highlight_html.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_highlight_html.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_highlight_html.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -257,6 +257,7 @@ } init->maybe_null = 0; + init->max_length = 640; info = reinterpret_cast( @@ -287,10 +288,10 @@ info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_highlight_html(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_highlight_html(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_normalize.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_normalize.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_normalize.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_normalize.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -64,9 +64,9 @@ } if (!(1 <= args->arg_count && args->arg_count <= 2)) { - sprintf(message, - "mroonga_normalize(): Incorrect number of arguments: %u for 1..2", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): Incorrect number of arguments: %u for 1..2", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { @@ -84,6 +84,7 @@ } init->maybe_null = 1; + init->max_length = args->lengths[0]*2; info = (st_mrn_normalize_info *)mrn_my_malloc(sizeof(st_mrn_normalize_info), MYF(MY_WME | MY_ZEROFILL)); @@ -111,10 +112,10 @@ info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_normalize(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } @@ -125,8 +126,9 @@ info->normalizer = grn_ctx_get(info->ctx, args->args[1], args->lengths[1]); } if (!info->normalizer) { - sprintf(message, "mroonga_normalize(): nonexistent normalizer %.*s", - (int)args->lengths[1], args->args[1]); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_normalize(): nonexistent normalizer %.*s", + (int)args->lengths[1], args->args[1]); goto error; } info->flags = 0; diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_query_expand.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_query_expand.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_query_expand.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_query_expand.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -85,9 +85,9 @@ } if (args->arg_count != 4) { - sprintf(message, - "mroonga_query_expand(): wrong number of arguments: %u for 4", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_query_expand(): wrong number of arguments: %u for 4", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_snippet.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_snippet.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -147,8 +147,9 @@ } if (args->arg_count < 11 || (args->arg_count - 11) % 3) { - sprintf(message, "Incorrect number of arguments for mroonga_snippet(): %u", - args->arg_count); + snprintf(message, MYSQL_ERRMSG_SIZE, + "Incorrect number of arguments for mroonga_snippet(): %u", + args->arg_count); goto error; } if (args->arg_type[0] != STRING_RESULT) { @@ -181,8 +182,9 @@ } for (i = 6; i < args->arg_count; i++) { if (args->arg_type[i] != STRING_RESULT) { - sprintf(message, "mroonga_snippet() requires string for %uth argument", - i); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet() requires string for %uth argument", + i); goto error; } } @@ -213,10 +215,10 @@ snip_info->use_shared_db = false; } if (!snip_info->db) { - sprintf(message, - "mroonga_snippet(): failed to %s: %s", - action, - snip_info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet(): failed to %s: %s", + action, + snip_info->ctx->errbuf); goto error; } } diff -Nru mariadb-11.8.6/storage/mroonga/udf/mrn_udf_snippet_html.cpp mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet_html.cpp --- mariadb-11.8.6/storage/mroonga/udf/mrn_udf_snippet_html.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/udf/mrn_udf_snippet_html.cpp 2026-05-24 09:58:32.000000000 +0000 @@ -240,6 +240,7 @@ } init->maybe_null = 1; + init->max_length = 640; info = (mrn_snippet_html_info *)mrn_my_malloc(sizeof(mrn_snippet_html_info), MYF(MY_WME | MY_ZEROFILL)); @@ -268,10 +269,10 @@ info->use_shared_db = false; } if (!info->db) { - sprintf(message, - "mroonga_snippet_html(): failed to %s: %s", - action, - info->ctx->errbuf); + snprintf(message, MYSQL_ERRMSG_SIZE, + "mroonga_snippet_html(): failed to %s: %s", + action, + info->ctx->errbuf); goto error; } } diff -Nru mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/db.c mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/db.c --- mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/db.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/db.c 2026-05-24 09:58:32.000000000 +0000 @@ -1988,7 +1988,7 @@ if (ii_cursor) { grn_ii_cursor_close(ctx, ii_cursor); } - grn_obj_unlink(ctx, &source_ids); + GRN_OBJ_FIN(ctx, &source_ids); { int i, n_sources; n_sources = GRN_BULK_VSIZE(&sources) / sizeof(grn_obj *); @@ -1996,7 +1996,7 @@ grn_obj *source = GRN_PTR_VALUE_AT(&sources, i); grn_obj_unlink(ctx, source); } - grn_obj_unlink(ctx, &sources); + GRN_OBJ_FIN(ctx, &sources); } } diff -Nru mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/grn_ecmascript.c mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/grn_ecmascript.c --- mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/grn_ecmascript.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/grn_ecmascript.c 2026-05-24 09:58:32.000000000 +0000 @@ -24,13 +24,11 @@ */ #include /************ Begin %include sections from the grammar ************************/ -#line 4 "grn_ecmascript.lemon" #ifdef assert # undef assert #endif #define assert GRN_ASSERT -#line 34 "grn_ecmascript.c" /**************** End of %include directives **********************************/ /* These constants specify the various numeric values for terminal symbols ** in a format understandable to "makeheaders". This section is blank unless @@ -998,11 +996,9 @@ /********* Begin destructor definitions ***************************************/ case 76: /* suppress_unused_variable_warning */ { -#line 14 "grn_ecmascript.lemon" (void)efsi; -#line 1006 "grn_ecmascript.c" } break; /********* End destructor definitions *****************************************/ @@ -1454,63 +1450,48 @@ /********** Begin reduce actions **********************************************/ YYMINORTYPE yylhsminor; case 0: /* query ::= query query_element */ -#line 53 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, grn_int32_value_at(&efsi->op_stack, -1), 2); } -#line 1462 "grn_ecmascript.c" break; case 1: /* query ::= query LOGICAL_AND query_element */ case 25: /* logical_and_expression ::= logical_and_expression LOGICAL_AND bitwise_or_expression */ yytestcase(yyruleno==25); -#line 56 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_AND, 2); } -#line 1470 "grn_ecmascript.c" break; case 2: /* query ::= query LOGICAL_AND_NOT query_element */ case 26: /* logical_and_expression ::= logical_and_expression LOGICAL_AND_NOT bitwise_or_expression */ yytestcase(yyruleno==26); -#line 59 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_AND_NOT, 2); } -#line 1478 "grn_ecmascript.c" break; case 3: /* query ::= query LOGICAL_OR query_element */ case 24: /* logical_or_expression ::= logical_or_expression LOGICAL_OR logical_and_expression */ yytestcase(yyruleno==24); -#line 62 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_OR, 2); } -#line 1486 "grn_ecmascript.c" break; case 4: /* query ::= query NEGATIVE query_element */ -#line 65 "grn_ecmascript.lemon" { int weight; GRN_INT32_POP(&efsi->weight_stack, weight); grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_ADJUST, 2); } -#line 1495 "grn_ecmascript.c" break; case 5: /* query_element ::= ADJUST query_element */ -#line 74 "grn_ecmascript.lemon" { int weight; GRN_INT32_POP(&efsi->weight_stack, weight); } -#line 1503 "grn_ecmascript.c" break; case 6: /* query_element ::= RELATIVE_OP query_element */ -#line 78 "grn_ecmascript.lemon" { int mode; GRN_INT32_POP(&efsi->mode_stack, mode); } -#line 1511 "grn_ecmascript.c" break; case 7: /* query_element ::= IDENTIFIER RELATIVE_OP query_element */ -#line 82 "grn_ecmascript.lemon" { int mode; grn_obj *c; @@ -1534,196 +1515,142 @@ break; } } -#line 1538 "grn_ecmascript.c" break; case 8: /* query_element ::= BRACEL expression BRACER */ case 9: /* query_element ::= EVAL primary_expression */ yytestcase(yyruleno==9); -#line 105 "grn_ecmascript.lemon" { efsi->flags = efsi->default_flags; } -#line 1546 "grn_ecmascript.c" break; case 10: /* expression ::= expression COMMA assignment_expression */ -#line 113 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_COMMA, 2); } -#line 1553 "grn_ecmascript.c" break; case 11: /* assignment_expression ::= lefthand_side_expression ASSIGN assignment_expression */ -#line 118 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_ASSIGN, 2); } -#line 1560 "grn_ecmascript.c" break; case 12: /* assignment_expression ::= lefthand_side_expression STAR_ASSIGN assignment_expression */ -#line 121 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_STAR_ASSIGN, 2); } -#line 1567 "grn_ecmascript.c" break; case 13: /* assignment_expression ::= lefthand_side_expression SLASH_ASSIGN assignment_expression */ -#line 124 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SLASH_ASSIGN, 2); } -#line 1574 "grn_ecmascript.c" break; case 14: /* assignment_expression ::= lefthand_side_expression MOD_ASSIGN assignment_expression */ -#line 127 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MOD_ASSIGN, 2); } -#line 1581 "grn_ecmascript.c" break; case 15: /* assignment_expression ::= lefthand_side_expression PLUS_ASSIGN assignment_expression */ -#line 130 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_PLUS_ASSIGN, 2); } -#line 1588 "grn_ecmascript.c" break; case 16: /* assignment_expression ::= lefthand_side_expression MINUS_ASSIGN assignment_expression */ -#line 133 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MINUS_ASSIGN, 2); } -#line 1595 "grn_ecmascript.c" break; case 17: /* assignment_expression ::= lefthand_side_expression SHIFTL_ASSIGN assignment_expression */ -#line 136 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTL_ASSIGN, 2); } -#line 1602 "grn_ecmascript.c" break; case 18: /* assignment_expression ::= lefthand_side_expression SHIFTR_ASSIGN assignment_expression */ -#line 139 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTR_ASSIGN, 2); } -#line 1609 "grn_ecmascript.c" break; case 19: /* assignment_expression ::= lefthand_side_expression SHIFTRR_ASSIGN assignment_expression */ -#line 142 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTRR_ASSIGN, 2); } -#line 1616 "grn_ecmascript.c" break; case 20: /* assignment_expression ::= lefthand_side_expression AND_ASSIGN assignment_expression */ -#line 145 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_AND_ASSIGN, 2); } -#line 1623 "grn_ecmascript.c" break; case 21: /* assignment_expression ::= lefthand_side_expression XOR_ASSIGN assignment_expression */ -#line 148 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_XOR_ASSIGN, 2); } -#line 1630 "grn_ecmascript.c" break; case 22: /* assignment_expression ::= lefthand_side_expression OR_ASSIGN assignment_expression */ -#line 151 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_OR_ASSIGN, 2); } -#line 1637 "grn_ecmascript.c" break; case 23: /* conditional_expression ::= logical_or_expression QUESTION assignment_expression COLON assignment_expression */ -#line 156 "grn_ecmascript.lemon" { grn_expr *e = (grn_expr *)efsi->e; e->codes[yymsp[-3].minor.yy0].nargs = yymsp[-1].minor.yy0 - yymsp[-3].minor.yy0; e->codes[yymsp[-1].minor.yy0].nargs = e->codes_curr - yymsp[-1].minor.yy0 - 1; } -#line 1646 "grn_ecmascript.c" break; case 27: /* bitwise_or_expression ::= bitwise_or_expression BITWISE_OR bitwise_xor_expression */ -#line 176 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_BITWISE_OR, 2); } -#line 1653 "grn_ecmascript.c" break; case 28: /* bitwise_xor_expression ::= bitwise_xor_expression BITWISE_XOR bitwise_and_expression */ -#line 181 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_BITWISE_XOR, 2); } -#line 1660 "grn_ecmascript.c" break; case 29: /* bitwise_and_expression ::= bitwise_and_expression BITWISE_AND equality_expression */ -#line 186 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_BITWISE_AND, 2); } -#line 1667 "grn_ecmascript.c" break; case 30: /* equality_expression ::= equality_expression EQUAL relational_expression */ -#line 191 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_EQUAL, 2); } -#line 1674 "grn_ecmascript.c" break; case 31: /* equality_expression ::= equality_expression NOT_EQUAL relational_expression */ -#line 194 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_NOT_EQUAL, 2); } -#line 1681 "grn_ecmascript.c" break; case 32: /* relational_expression ::= relational_expression LESS shift_expression */ -#line 199 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_LESS, 2); } -#line 1688 "grn_ecmascript.c" break; case 33: /* relational_expression ::= relational_expression GREATER shift_expression */ -#line 202 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_GREATER, 2); } -#line 1695 "grn_ecmascript.c" break; case 34: /* relational_expression ::= relational_expression LESS_EQUAL shift_expression */ -#line 205 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_LESS_EQUAL, 2); } -#line 1702 "grn_ecmascript.c" break; case 35: /* relational_expression ::= relational_expression GREATER_EQUAL shift_expression */ -#line 208 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_GREATER_EQUAL, 2); } -#line 1709 "grn_ecmascript.c" break; case 36: /* relational_expression ::= relational_expression IN shift_expression */ -#line 211 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_IN, 2); } -#line 1716 "grn_ecmascript.c" break; case 37: /* relational_expression ::= relational_expression MATCH shift_expression */ case 85: /* adjust_match_expression ::= IDENTIFIER MATCH STRING */ yytestcase(yyruleno==85); -#line 214 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MATCH, 2); } -#line 1724 "grn_ecmascript.c" break; case 38: /* relational_expression ::= relational_expression NEAR shift_expression */ -#line 217 "grn_ecmascript.lemon" { { int max_interval; @@ -1733,124 +1660,90 @@ } grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_NEAR, 3); } -#line 1737 "grn_ecmascript.c" break; case 39: /* relational_expression ::= relational_expression NEAR2 shift_expression */ -#line 226 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_NEAR2, 2); } -#line 1744 "grn_ecmascript.c" break; case 40: /* relational_expression ::= relational_expression SIMILAR shift_expression */ -#line 229 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SIMILAR, 2); } -#line 1751 "grn_ecmascript.c" break; case 41: /* relational_expression ::= relational_expression TERM_EXTRACT shift_expression */ -#line 232 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_TERM_EXTRACT, 2); } -#line 1758 "grn_ecmascript.c" break; case 42: /* relational_expression ::= relational_expression LCP shift_expression */ -#line 235 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_LCP, 2); } -#line 1765 "grn_ecmascript.c" break; case 43: /* relational_expression ::= relational_expression PREFIX shift_expression */ -#line 238 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_PREFIX, 2); } -#line 1772 "grn_ecmascript.c" break; case 44: /* relational_expression ::= relational_expression SUFFIX shift_expression */ -#line 241 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SUFFIX, 2); } -#line 1779 "grn_ecmascript.c" break; case 45: /* relational_expression ::= relational_expression REGEXP shift_expression */ -#line 244 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_REGEXP, 2); } -#line 1786 "grn_ecmascript.c" break; case 46: /* shift_expression ::= shift_expression SHIFTL additive_expression */ -#line 249 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTL, 2); } -#line 1793 "grn_ecmascript.c" break; case 47: /* shift_expression ::= shift_expression SHIFTR additive_expression */ -#line 252 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTR, 2); } -#line 1800 "grn_ecmascript.c" break; case 48: /* shift_expression ::= shift_expression SHIFTRR additive_expression */ -#line 255 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SHIFTRR, 2); } -#line 1807 "grn_ecmascript.c" break; case 49: /* additive_expression ::= additive_expression PLUS multiplicative_expression */ case 83: /* adjuster ::= adjuster PLUS adjust_expression */ yytestcase(yyruleno==83); -#line 260 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_PLUS, 2); } -#line 1815 "grn_ecmascript.c" break; case 50: /* additive_expression ::= additive_expression MINUS multiplicative_expression */ -#line 263 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MINUS, 2); } -#line 1822 "grn_ecmascript.c" break; case 51: /* multiplicative_expression ::= multiplicative_expression STAR unary_expression */ case 84: /* adjust_expression ::= adjust_match_expression STAR DECIMAL */ yytestcase(yyruleno==84); -#line 268 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_STAR, 2); } -#line 1830 "grn_ecmascript.c" break; case 52: /* multiplicative_expression ::= multiplicative_expression SLASH unary_expression */ -#line 271 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_SLASH, 2); } -#line 1837 "grn_ecmascript.c" break; case 53: /* multiplicative_expression ::= multiplicative_expression MOD unary_expression */ -#line 274 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MOD, 2); } -#line 1844 "grn_ecmascript.c" break; case 54: /* unary_expression ::= DELETE unary_expression */ -#line 279 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_DELETE, 1); } -#line 1851 "grn_ecmascript.c" break; case 55: /* unary_expression ::= INCR unary_expression */ -#line 282 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr *e = (grn_expr *)(efsi->e); @@ -1868,10 +1761,8 @@ grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_INCR, 1); } } -#line 1872 "grn_ecmascript.c" break; case 56: /* unary_expression ::= DECR unary_expression */ -#line 299 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr *e = (grn_expr *)(efsi->e); @@ -1889,66 +1780,48 @@ grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_DECR, 1); } } -#line 1893 "grn_ecmascript.c" break; case 57: /* unary_expression ::= PLUS unary_expression */ -#line 316 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_PLUS, 1); } -#line 1900 "grn_ecmascript.c" break; case 58: /* unary_expression ::= MINUS unary_expression */ -#line 319 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_MINUS, 1); } -#line 1907 "grn_ecmascript.c" break; case 59: /* unary_expression ::= NOT unary_expression */ -#line 322 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_NOT, 1); } -#line 1914 "grn_ecmascript.c" break; case 60: /* unary_expression ::= BITWISE_NOT unary_expression */ -#line 325 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_BITWISE_NOT, 1); } -#line 1921 "grn_ecmascript.c" break; case 61: /* unary_expression ::= ADJUST unary_expression */ -#line 328 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_ADJUST, 1); } -#line 1928 "grn_ecmascript.c" break; case 62: /* unary_expression ::= EXACT unary_expression */ -#line 331 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_EXACT, 1); } -#line 1935 "grn_ecmascript.c" break; case 63: /* unary_expression ::= PARTIAL unary_expression */ -#line 334 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_PARTIAL, 1); } -#line 1942 "grn_ecmascript.c" break; case 64: /* unary_expression ::= UNSPLIT unary_expression */ -#line 337 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_UNSPLIT, 1); } -#line 1949 "grn_ecmascript.c" break; case 65: /* postfix_expression ::= lefthand_side_expression INCR */ -#line 342 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr *e = (grn_expr *)(efsi->e); @@ -1966,10 +1839,8 @@ grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_INCR_POST, 1); } } -#line 1970 "grn_ecmascript.c" break; case 66: /* postfix_expression ::= lefthand_side_expression DECR */ -#line 359 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr *e = (grn_expr *)(efsi->e); @@ -1987,17 +1858,13 @@ grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_DECR_POST, 1); } } -#line 1991 "grn_ecmascript.c" break; case 67: /* call_expression ::= member_expression arguments */ -#line 380 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_CALL, yymsp[0].minor.yy0); } -#line 1998 "grn_ecmascript.c" break; case 68: /* object_literal ::= BRACEL property_name_and_value_list BRACER */ -#line 408 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr_take_obj(ctx, efsi->e, (grn_obj *)(efsi->object_literal)); @@ -2005,10 +1872,8 @@ GRN_OP_PUSH, 1); efsi->object_literal = NULL; } -#line 2009 "grn_ecmascript.c" break; case 69: /* property_name_and_value_list ::= */ -#line 416 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; @@ -2021,10 +1886,8 @@ (int)(efsi->str_end - efsi->str), efsi->str); } } -#line 2025 "grn_ecmascript.c" break; case 70: /* property_name_and_value ::= property_name COLON assignment_expression */ -#line 431 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_expr *e = (grn_expr *)(efsi->e); @@ -2066,61 +1929,43 @@ } } } -#line 2070 "grn_ecmascript.c" break; case 71: /* member_expression_part ::= BRACKETL expression BRACKETR */ -#line 475 "grn_ecmascript.lemon" { grn_expr_append_op(efsi->ctx, efsi->e, GRN_OP_GET_MEMBER, 2); } -#line 2077 "grn_ecmascript.c" break; case 72: /* arguments ::= PARENL argument_list PARENR */ -#line 480 "grn_ecmascript.lemon" { yymsp[-2].minor.yy0 = yymsp[-1].minor.yy0; } -#line 2082 "grn_ecmascript.c" break; case 73: /* argument_list ::= */ -#line 481 "grn_ecmascript.lemon" { yymsp[1].minor.yy0 = 0; } -#line 2087 "grn_ecmascript.c" break; case 74: /* argument_list ::= assignment_expression */ -#line 482 "grn_ecmascript.lemon" { yymsp[0].minor.yy0 = 1; } -#line 2092 "grn_ecmascript.c" break; case 75: /* argument_list ::= argument_list COMMA assignment_expression */ -#line 483 "grn_ecmascript.lemon" { yylhsminor.yy0 = yymsp[-2].minor.yy0 + 1; } -#line 2097 "grn_ecmascript.c" yymsp[-2].minor.yy0 = yylhsminor.yy0; break; case 76: /* output_columns ::= */ -#line 485 "grn_ecmascript.lemon" { yymsp[1].minor.yy0 = 0; } -#line 2105 "grn_ecmascript.c" break; case 77: /* output_columns ::= output_column */ -#line 488 "grn_ecmascript.lemon" { yylhsminor.yy0 = yymsp[0].minor.yy0; } -#line 2112 "grn_ecmascript.c" yymsp[0].minor.yy0 = yylhsminor.yy0; break; case 78: /* output_columns ::= output_columns COMMA */ -#line 493 "grn_ecmascript.lemon" { yylhsminor.yy0 = yymsp[-1].minor.yy0; } -#line 2120 "grn_ecmascript.c" yymsp[-1].minor.yy0 = yylhsminor.yy0; break; case 79: /* output_columns ::= output_columns COMMA output_column */ -#line 498 "grn_ecmascript.lemon" { if (yymsp[-2].minor.yy0 == 0) { yylhsminor.yy0 = yymsp[0].minor.yy0; @@ -2133,11 +1978,9 @@ yylhsminor.yy0 = 1; } } -#line 2137 "grn_ecmascript.c" yymsp[-2].minor.yy0 = yylhsminor.yy0; break; case 80: /* output_column ::= STAR */ -#line 511 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; grn_obj *expr = efsi->e; @@ -2188,21 +2031,16 @@ yymsp[0].minor.yy0 = 0; } } -#line 2192 "grn_ecmascript.c" break; case 81: /* output_column ::= NONEXISTENT_COLUMN */ -#line 561 "grn_ecmascript.lemon" { yymsp[0].minor.yy0 = 0; } -#line 2199 "grn_ecmascript.c" break; case 82: /* output_column ::= assignment_expression */ -#line 564 "grn_ecmascript.lemon" { yymsp[0].minor.yy0 = 1; } -#line 2206 "grn_ecmascript.c" break; default: /* (86) input ::= query */ yytestcase(yyruleno==86); @@ -2311,7 +2149,6 @@ grn_expr_parserARG_FETCH; #define TOKEN yyminor /************ Begin %syntax_error code ****************************************/ -#line 20 "grn_ecmascript.lemon" { grn_ctx *ctx = efsi->ctx; @@ -2337,7 +2174,6 @@ } GRN_OBJ_FIN(ctx, &message); } -#line 2341 "grn_ecmascript.c" /************ End %syntax_error code ******************************************/ grn_expr_parserARG_STORE; /* Suppress warning about unused %extra_argument variable */ } diff -Nru mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/io.c mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/io.c --- mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/io.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/io.c 2026-05-24 09:58:32.000000000 +0000 @@ -559,7 +559,6 @@ grn_io *io; struct stat s; fileinfo fi; - uint32_t flags = 0; uint32_t b; uint32_t header_size = 0, segment_size = 0, max_segment = 0, bs; if (!path || !*path) { @@ -624,7 +623,6 @@ header_size = h.header_size; segment_size = h.segment_size; max_segment = h.max_segment; - flags = h.flags; grn_close(fd); if (segment_size == 0) { ERR(GRN_INCOMPATIBLE_FILE_FORMAT, "failed to open: segment size is 0"); diff -Nru mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/proc/proc_snippet.c mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/proc/proc_snippet.c --- mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/proc/proc_snippet.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/proc/proc_snippet.c 2026-05-24 09:58:32.000000000 +0000 @@ -174,7 +174,7 @@ default_open_tag, default_open_tag_length, default_close_tag, default_close_tag_length, mapping); if (snip) { - grn_rc rc; + grn_rc rc __attribute__((unused)); unsigned int i; if (!normalizer_name) { grn_snip_set_normalizer(ctx, snip, GRN_NORMALIZER_AUTO); diff -Nru mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/ts/ts_expr_node.c mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/ts/ts_expr_node.c --- mariadb-11.8.6/storage/mroonga/vendor/groonga/lib/ts/ts_expr_node.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/mroonga/vendor/groonga/lib/ts/ts_expr_node.c 2026-05-24 09:58:32.000000000 +0000 @@ -5066,7 +5066,7 @@ { size_t i, count; grn_ts_bool *values; - grn_ts_record *tmp; + grn_ts_record *tmp __attribute__((unused)); grn_rc rc = grn_ts_expr_node_evaluate_to_buf(ctx, node->src, in, n_in, &node->bufs[0]); if (rc != GRN_SUCCESS) { diff -Nru mariadb-11.8.6/storage/myisam/ha_myisam.cc mariadb-11.8.8/storage/myisam/ha_myisam.cc --- mariadb-11.8.6/storage/myisam/ha_myisam.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/ha_myisam.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1350,6 +1350,7 @@ share->state.dupp_key != MAX_KEY) { my_errno= HA_ERR_FOUND_DUPP_KEY; + mi_rrnd(file, table->record[0], file->lastpos); print_keydup_error(table, &table->key_info[share->state.dupp_key], MYF(0)); } diff -Nru mariadb-11.8.6/storage/myisam/mi_create.c mariadb-11.8.8/storage/myisam/mi_create.c --- mariadb-11.8.6/storage/myisam/mi_create.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/mi_create.c 2026-05-24 09:58:32.000000000 +0000 @@ -584,13 +584,16 @@ */ if (ci->index_file_name) { - char *iext= strrchr(ci->index_file_name, '.'); + const char *iext= strrchr(ci->index_file_name, '.'); int have_iext= iext && !strcmp(iext, MI_NAME_IEXT); if (options & HA_OPTION_TMP_TABLE) { char *path; - /* chop off the table name, tempory tables use generated name */ - if ((path= strrchr(ci->index_file_name, FN_LIBCHAR))) + /* + chop off the table name, tempory tables use generated name + TODO: Following is safe but should be done other way if possible + */ + if ((path= strrchr((char *)ci->index_file_name, FN_LIBCHAR))) *path= '\0'; fn_format(kfilename, name, ci->index_file_name, MI_NAME_IEXT, MY_REPLACE_DIR | MY_UNPACK_FILENAME | @@ -613,7 +616,7 @@ } else { - char *iext= strrchr(name, '.'); + const char *iext= strrchr(name, '.'); int have_iext= iext && !strcmp(iext, MI_NAME_IEXT); fn_format(kfilename, name, "", MI_NAME_IEXT, MY_UNPACK_FILENAME | (internal_table ? 0 : MY_RETURN_REAL_PATH) | @@ -654,14 +657,17 @@ { if (ci->data_file_name) { - char *dext= strrchr(ci->data_file_name, '.'); + const char *dext= strrchr(ci->data_file_name, '.'); int have_dext= dext && !strcmp(dext, MI_NAME_DEXT); if (options & HA_OPTION_TMP_TABLE) { char *path; - /* chop off the table name, tempory tables use generated name */ - if ((path= strrchr(ci->data_file_name, FN_LIBCHAR))) + /* + chop off the table name, tempory tables use generated name + TODO: Following is safe but should be done other way if possible + */ + if ((path= strrchr((char *)ci->data_file_name, FN_LIBCHAR))) *path= '\0'; fn_format(dfilename, name, ci->data_file_name, MI_NAME_DEXT, MY_REPLACE_DIR | MY_UNPACK_FILENAME | MY_APPEND_EXT); diff -Nru mariadb-11.8.6/storage/myisam/mi_extra.c mariadb-11.8.8/storage/myisam/mi_extra.c --- mariadb-11.8.6/storage/myisam/mi_extra.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/mi_extra.c 2026-05-24 09:58:32.000000000 +0000 @@ -275,7 +275,7 @@ mysql_mutex_unlock(&share->intern_lock); mysql_mutex_unlock(&THR_LOCK_myisam); break; - case HA_EXTRA_END_ALTER_COPY: + case HA_EXTRA_END_COPY: case HA_EXTRA_FLUSH: if (!share->temporary) flush_key_blocks(share->key_cache, share->kfile, &share->dirty_part_map, diff -Nru mariadb-11.8.6/storage/myisam/mi_test1.c mariadb-11.8.8/storage/myisam/mi_test1.c --- mariadb-11.8.6/storage/myisam/mi_test1.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/mi_test1.c 2026-05-24 09:58:32.000000000 +0000 @@ -345,14 +345,14 @@ rownr&=7; /* Some identical keys */ if (keyinfo[0].seg[0].type == HA_KEYTYPE_NUM) { - sprintf((char*) key,"%*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, UINT_MAX, "%*d",keyinfo[0].seg[0].length,rownr); } else if (keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT1 || keyinfo[0].seg[0].type == HA_KEYTYPE_VARTEXT2) { /* Alpha record */ /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -362,12 +362,12 @@ else { /* Alpha record */ if (keyinfo[0].seg[0].flag & HA_SPACE_PACK) - sprintf((char*) key,"%-*d",keyinfo[0].seg[0].length,rownr); + snprintf((char*) key, keyinfo[0].seg[0].length + 1, "%-*d",keyinfo[0].seg[0].length,rownr); else { /* Create a key that may be easily packed */ bfill(key,keyinfo[0].seg[0].length,rownr < 10 ? 'A' : 'B'); - sprintf((char*) key+keyinfo[0].seg[0].length-2,"%-2d",rownr); + snprintf((char*) key+keyinfo[0].seg[0].length-2, 3, "%-2d",rownr); if ((rownr & 7) == 0) { /* Change the key to force a unpack of the next key */ @@ -446,7 +446,7 @@ { size_t tmp; uchar *ptr;; - sprintf((char*) blob_record,"... row: %d", rownr); + snprintf((char*) blob_record, sizeof(blob_record), "... row: %d", rownr); strappend((char*) blob_record,MY_MAX(MAX_REC_LENGTH-rownr,10),' '); tmp=strlen((char*) blob_record); int4store(pos,tmp); @@ -456,7 +456,7 @@ else if (recinfo[2].type == FIELD_VARCHAR) { size_t tmp, pack_length= HA_VARCHAR_PACKLENGTH(recinfo[1].length-1); - sprintf((char*) pos+pack_length, "... row: %d", rownr); + snprintf((char*) pos+pack_length, MAX_REC_LENGTH, "... row: %d", rownr); tmp= strlen((char*) pos+pack_length); if (pack_length == 1) *pos= (uchar) tmp; @@ -465,7 +465,7 @@ } else { - sprintf((char*) pos,"... row: %d", rownr); + snprintf((char*) pos, MAX_REC_LENGTH, "... row: %d", rownr); strappend((char*) pos,recinfo[2].length,' '); } } diff -Nru mariadb-11.8.6/storage/myisam/mi_test2.c mariadb-11.8.8/storage/myisam/mi_test2.c --- mariadb-11.8.6/storage/myisam/mi_test2.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/mi_test2.c 2026-05-24 09:58:32.000000000 +0000 @@ -226,7 +226,7 @@ for (i=0 ; i < recant ; i++) { n1=rnd(1000); n2=rnd(100); n3=rnd(5000); - sprintf((char*) record,"%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); + snprintf((char*) record, sizeof(record), "%6d:%4d:%8d:Pos: %4d ",n1,n2,n3,write_count); int4store(record+STANDARD_LENGTH-4,(long) i); fix_length(record,(uint) STANDARD_LENGTH+rnd(60)); put_blob_in_record(record+blob_pos,&blob_buffer); @@ -257,7 +257,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (!j) for (j=999 ; j>0 && key1[j] == 0 ; j--) ; - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("Test in loop: Can't find key: \"%s\"\n",key); @@ -286,7 +286,7 @@ for (j=rnd(1000)+1 ; j>0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",key); @@ -313,14 +313,14 @@ for (i=0 ; i0 && key1[j] == 0 ; j--) ; if (j != 0) { - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); if (mi_rkey(file,read_record,0,key,HA_WHOLE_KEY,HA_READ_KEY_EXACT)) { printf("can't find key1: \"%s\"\n",(char*) key); @@ -363,7 +363,7 @@ dupp_keys=key1[i]; j=i; } } - sprintf((char*) key,"%6d",j); + snprintf((char*) key, sizeof(key), "%6d",j); start=keyinfo[0].seg[0].start; length=keyinfo[0].seg[0].length; if (dupp_keys) @@ -650,8 +650,8 @@ page_range pages; if (j > k) swap_variables(int, j, k); - sprintf((char*) key,"%6d",j); - sprintf((char*) key2,"%6d",k); + snprintf((char*) key, sizeof(key), "%6d",j); + snprintf((char*) key2, sizeof(key2), "%6d",k); min_key.key= key; min_key.keypart_map= HA_WHOLE_KEY; @@ -693,11 +693,11 @@ if (verbose) { char buff[80]; - get_date(buff,3,info.create_time); + get_date(buff,sizeof(buff),3,info.create_time); printf("info: Created %s\n",buff); - get_date(buff,3,info.check_time); + get_date(buff,sizeof(buff),3,info.check_time); printf("info: checked %s\n",buff); - get_date(buff,3,info.update_time); + get_date(buff,sizeof(buff),3,info.update_time); printf("info: Modified %s\n",buff); } diff -Nru mariadb-11.8.6/storage/myisam/myisamchk.c mariadb-11.8.8/storage/myisam/myisamchk.c --- mariadb-11.8.6/storage/myisam/myisamchk.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/myisamchk.c 2026-05-24 09:58:32.000000000 +0000 @@ -1287,12 +1287,12 @@ (int) share->state.header.file_version[3]); if (share->state.create_time) { - get_date(buff,1,share->state.create_time); + get_date(buff,sizeof(buff),1,share->state.create_time); printf("Creation time: %s\n",buff); } if (share->state.check_time) { - get_date(buff,1,share->state.check_time); + get_date(buff,sizeof(buff),1,share->state.check_time); printf("Recover time: %s\n",buff); } pos=buff; @@ -1489,7 +1489,7 @@ end=strmov(end,"no empty, "); if (share->rec[field].pack_type & PACK_TYPE_ZERO_FILL) { - sprintf(end,"zerofill(%d), ",share->rec[field].space_length_bits); + snprintf(end, buff + sizeof(buff) - end, "zerofill(%d), ",share->rec[field].space_length_bits); end=strend(end); } } @@ -1499,8 +1499,8 @@ null_bit[0]=null_pos[0]=0; if (share->rec[field].null_bit) { - sprintf(null_bit,"%d",share->rec[field].null_bit); - sprintf(null_pos,"%d",share->rec[field].null_pos+1); + snprintf(null_bit, sizeof(null_bit), "%d",share->rec[field].null_bit); + snprintf(null_pos, sizeof(null_pos), "%d",share->rec[field].null_pos+1); } printf("%-6d%-6d%-7s%-8s%-8s%-35s",field+1,start,length, null_pos, null_bit, buff); diff -Nru mariadb-11.8.6/storage/myisam/myisamlog.c mariadb-11.8.8/storage/myisam/myisamlog.c --- mariadb-11.8.6/storage/myisam/myisamlog.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/myisamlog.c 2026-05-24 09:58:32.000000000 +0000 @@ -415,18 +415,20 @@ left_root_right); file_info.id=open_param.max_id+1; /* - * In the line below +10 is added to accommodate '<' and '>' chars - * plus '\0' at the end, so that there is place for 7 digits. - * It is improbable that same table can have that many entries in - * the table cache. - * The additional space is needed for the sprintf commands two lines - * below. - */ + * In the line below SHOW_NAME_SUFFIX_LENGTH is added to accommodate + * '<' and '>' chars plus '\0' at the end, so that there is place + * for 7 digits. It is improbable that same table can have that + * many entries in the table cache. + * The additional space is needed for the snprintf command below. + */ +#define SHOW_NAME_SUFFIX_LENGTH 10 file_info.show_name=my_memdup(PSI_NOT_INSTRUMENTED, isam_file_name, - (uint) strlen(isam_file_name)+10, + (uint) strlen(isam_file_name)+ + SHOW_NAME_SUFFIX_LENGTH, MYF(MY_WME)); if (file_info.id > 1) - sprintf(strend(file_info.show_name),"<%d>",file_info.id); + snprintf(strend(file_info.show_name), SHOW_NAME_SUFFIX_LENGTH, + "<%d>",file_info.id); file_info.closed=1; file_info.accessed=access_time; file_info.used=1; diff -Nru mariadb-11.8.6/storage/myisam/rt_index.c mariadb-11.8.8/storage/myisam/rt_index.c --- mariadb-11.8.6/storage/myisam/rt_index.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/rt_index.c 2026-05-24 09:58:32.000000000 +0000 @@ -764,7 +764,6 @@ { uchar *k; uchar *last; - ulong i; uint nod_flag; uchar *page_buf; int res; @@ -784,7 +783,7 @@ k = rt_PAGE_FIRST_KEY(page_buf, nod_flag); last = rt_PAGE_END(page_buf); - for (i = 0; k < last; k = rt_PAGE_NEXT_KEY(k, key_length, nod_flag), ++i) + for (; k < last; k = rt_PAGE_NEXT_KEY(k, key_length, nod_flag)) { if (nod_flag) { diff -Nru mariadb-11.8.6/storage/myisam/sp_key.c mariadb-11.8.8/storage/myisam/sp_key.c --- mariadb-11.8.6/storage/myisam/sp_key.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/myisam/sp_key.c 2026-05-24 09:58:32.000000000 +0000 @@ -39,7 +39,6 @@ uint dlen; uchar *dptr; double mbr[SPDIMS * 2]; - uint i; keyseg = &keyinfo->seg[-1]; pos = (uchar*)record + keyseg->start; @@ -53,7 +52,7 @@ } sp_mbr_from_wkb(dptr + 4, dlen - 4, SPDIMS, mbr); /* SRID */ - for (i = 0, keyseg = keyinfo->seg; keyseg->type; keyseg++, i++) + for (keyseg = keyinfo->seg; keyseg->type; keyseg++) { uint length = keyseg->length, start= keyseg->start; double val; diff -Nru mariadb-11.8.6/storage/oqgraph/README mariadb-11.8.8/storage/oqgraph/README --- mariadb-11.8.6/storage/oqgraph/README 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/README 2026-05-24 09:58:32.000000000 +0000 @@ -8,9 +8,7 @@ syntax, and results joined onto other tables. Based on a concept by Arjen Lentz -v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell -For more information, documentation, support, enhancement engineering, -see http://openquery.com/graph or contact graph@openquery.com +v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. INSTALLATION diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore-config.h mariadb-11.8.8/storage/oqgraph/graphcore-config.h --- mariadb-11.8.6/storage/oqgraph/graphcore-config.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore-config.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ #ifndef oq_graphcore_config_h_ diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore-graph.cc mariadb-11.8.8/storage/oqgraph/graphcore-graph.cc --- mariadb-11.8.6/storage/oqgraph/graphcore-graph.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore-graph.cc 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore-graph.h mariadb-11.8.8/storage/oqgraph/graphcore-graph.h --- mariadb-11.8.6/storage/oqgraph/graphcore-graph.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore-graph.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnella. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore-types.h mariadb-11.8.8/storage/oqgraph/graphcore-types.h --- mariadb-11.8.6/storage/oqgraph/graphcore-types.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore-types.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore.cc mariadb-11.8.8/storage/oqgraph/graphcore.cc --- mariadb-11.8.6/storage/oqgraph/graphcore.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore.cc 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/graphcore.h mariadb-11.8.8/storage/oqgraph/graphcore.h --- mariadb-11.8.6/storage/oqgraph/graphcore.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/graphcore.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/ha_oqgraph.cc mariadb-11.8.8/storage/oqgraph/ha_oqgraph.cc --- mariadb-11.8.6/storage/oqgraph/ha_oqgraph.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/ha_oqgraph.cc 2026-05-24 09:58:32.000000000 +0000 @@ -18,9 +18,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ @@ -1268,8 +1266,7 @@ static const char oqgraph_description[]= - "Open Query Graph Computation Engine " - "(http://openquery.com/graph)"; + "Open Query Graph Computation Engine"; struct st_mysql_storage_engine oqgraph_storage_engine= { MYSQL_HANDLERTON_INTERFACE_VERSION }; diff -Nru mariadb-11.8.6/storage/oqgraph/ha_oqgraph.h mariadb-11.8.8/storage/oqgraph/ha_oqgraph.h --- mariadb-11.8.6/storage/oqgraph/ha_oqgraph.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/ha_oqgraph.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/mysql-test/oqgraph/boundary_conditions.test mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/boundary_conditions.test --- mariadb-11.8.6/storage/oqgraph/mysql-test/oqgraph/boundary_conditions.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/boundary_conditions.test 2026-05-24 09:58:32.000000000 +0000 @@ -102,9 +102,8 @@ SELECT * FROM graph WHERE latch='Ω Ohms Tennis Ball 〄' and origid is NULL; #--echo # Expect no result, because of NULL latch -#-- FIXME - in v2 according to http://openquery.com/graph/doc NULL latch should -#-- FIXME - return same as select * from graph; -#--https://bugs.launchpad.net/oqgraph/+bug/1196021 +#-- FIXME - in v2, NULL latch should +#-- FIXME - return same as select * from graph. --echo # Return all edges when latch is NULL SELECT * FROM graph WHERE latch is NULL; SELECT * FROM graph WHERE latch is NULL and destid=2 and origid=1; @@ -118,14 +117,13 @@ INSERT INTO graph_base(from_id, to_id) VALUES (1,2); DELETE FROM graph_base; -#-- Uncomment the following after fixing https://bugs.launchpad.net/oqgraph/+bug/1195735 SELECT * FROM graph; FLUSH TABLES; TRUNCATE TABLE graph_base; -#-- Uncomment the following after fixing https://bugs.launchpad.net/oqgraph/+bug/xxxxxxx - Causes the later select to not fail! -#-- For now don't report a separate bug as it may be a manifestation of https://bugs.launchpad.net/oqgraph/+bug/1195735 +#-- Uncomment the following after fixing - Causes the later select to not fail! +#-- For now don't report a separate bug as it may be a manifestation of above FIXME SELECT * FROM graph; #-- Expect error if we pull the table out from under diff -Nru mariadb-11.8.6/storage/oqgraph/mysql-test/oqgraph/general.inc mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/general.inc --- mariadb-11.8.6/storage/oqgraph/mysql-test/oqgraph/general.inc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/mysql-test/oqgraph/general.inc 2026-05-24 09:58:32.000000000 +0000 @@ -100,7 +100,6 @@ # The following returns a result that makes no sense... #-- what happens when we combined orig and dest? -#-- Bug https://bugs.launchpad.net/oqgraph/+bug/1195778 #SELECT * FROM graph where latch='' and origid = 1; #SELECT * FROM graph where latch='' and destid = 2; #SELECT * FROM graph where latch='' and origid=1 and destid = 2; @@ -658,7 +657,6 @@ DROP TABLE graph_base; DROP TABLE graph; -#-- Reminder - the basic spec is at http://openquery.com/graph/doc #-- Query edges stored in graph engine (latch=NULL) #-- SELECT * FROM foo; #-- Results: diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_judy.cc mariadb-11.8.8/storage/oqgraph/oqgraph_judy.cc --- mariadb-11.8.6/storage/oqgraph/oqgraph_judy.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_judy.cc 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_judy.h mariadb-11.8.8/storage/oqgraph/oqgraph_judy.h --- mariadb-11.8.6/storage/oqgraph/oqgraph_judy.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_judy.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_shim.cc mariadb-11.8.8/storage/oqgraph/oqgraph_shim.cc --- mariadb-11.8.6/storage/oqgraph/oqgraph_shim.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_shim.cc 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_shim.h mariadb-11.8.8/storage/oqgraph/oqgraph_shim.h --- mariadb-11.8.6/storage/oqgraph/oqgraph_shim.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_shim.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_thunk.cc mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.cc --- mariadb-11.8.6/storage/oqgraph/oqgraph_thunk.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.cc 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ @@ -551,7 +549,7 @@ if (weight) bitmap_set_bit(table->read_set, weight->field_index); - table->file->column_bitmaps_signal(); + table->file->column_bitmaps_signal(false); } oqgraph3::graph::~graph() diff -Nru mariadb-11.8.6/storage/oqgraph/oqgraph_thunk.h mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.h --- mariadb-11.8.6/storage/oqgraph/oqgraph_thunk.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/oqgraph/oqgraph_thunk.h 2026-05-24 09:58:32.000000000 +0000 @@ -16,9 +16,7 @@ /* ====================================================================== Open Query Graph Computation Engine, based on a concept by Arjen Lentz - v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell - For more information, documentation, support, enhancement engineering, - see http://openquery.com/graph or contact graph@openquery.com + v3 implementation by Antony Curtis, Arjen Lentz, Andrew McDonnell. ====================================================================== */ diff -Nru mariadb-11.8.6/storage/perfschema/table_events_statements.cc mariadb-11.8.8/storage/perfschema/table_events_statements.cc --- mariadb-11.8.6/storage/perfschema/table_events_statements.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_events_statements.cc 2026-05-24 09:58:32.000000000 +0000 @@ -368,7 +368,8 @@ { /* Generate the DIGEST string from the MD5 digest */ MD5_HASH_TO_STRING(digest->m_md5, - m_row.m_digest.m_digest); + m_row.m_digest.m_digest, + sizeof(m_row.m_digest.m_digest)); m_row.m_digest.m_digest_length= MD5_HASH_TO_STRING_LENGTH; /* Generate the DIGEST_TEXT string from the token array */ diff -Nru mariadb-11.8.6/storage/perfschema/table_events_waits.cc mariadb-11.8.8/storage/perfschema/table_events_waits.cc --- mariadb-11.8.6/storage/perfschema/table_events_waits.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_events_waits.cc 2026-05-24 09:58:32.000000000 +0000 @@ -39,6 +39,8 @@ THR_LOCK table_events_waits_current::m_table_lock; +#define OBJECT_INSTANCE_BEGIN(X) (((intptr)X) - ((intptr) &pfs_truncatable_acl)) + PFS_engine_table_share_state table_events_waits_current::m_share_state = { false /* m_checked */ @@ -251,7 +253,7 @@ m_row.m_index_name_length= 0; } - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); return 0; } @@ -266,7 +268,7 @@ m_row.m_object_type= "FILE"; m_row.m_object_type_length= 4; m_row.m_object_schema_length= 0; - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); if (safe_file->get_version() == wait->m_weak_version) { @@ -298,7 +300,7 @@ m_row.m_object_type= "SOCKET"; m_row.m_object_type_length= 6; m_row.m_object_schema_length= 0; - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); if (safe_socket->get_version() == wait->m_weak_version) { @@ -432,7 +434,7 @@ if (m_row.m_object_name_length > 0) memcpy(m_row.m_object_name, mdl->name(), m_row.m_object_name_length); - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); } else { @@ -498,17 +500,17 @@ break; case WAIT_CLASS_MUTEX: clear_object_columns(); - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); safe_class= sanitize_mutex_class((PFS_mutex_class*) wait->m_class); break; case WAIT_CLASS_RWLOCK: clear_object_columns(); - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); safe_class= sanitize_rwlock_class((PFS_rwlock_class*) wait->m_class); break; case WAIT_CLASS_COND: clear_object_columns(); - m_row.m_object_instance_addr= (intptr) wait->m_object_instance_addr; + m_row.m_object_instance_addr= OBJECT_INSTANCE_BEGIN(wait->m_object_instance_addr); safe_class= sanitize_cond_class((PFS_cond_class*) wait->m_class); break; case WAIT_CLASS_TABLE: diff -Nru mariadb-11.8.6/storage/perfschema/table_global_status.cc mariadb-11.8.8/storage/perfschema/table_global_status.cc --- mariadb-11.8.6/storage/perfschema/table_global_status.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_global_status.cc 2026-05-24 09:58:32.000000000 +0000 @@ -53,7 +53,7 @@ &m_table_lock, { C_STRING_WITH_LEN("CREATE TABLE global_status(" "VARIABLE_NAME VARCHAR(64) not null comment 'The global status variable name.'," - "VARIABLE_VALUE VARCHAR(1024) comment 'The global status variable value.')") }, + "VARIABLE_VALUE VARCHAR(4096) comment 'The global status variable value.')") }, true, /* m_perpetual */ false, /* m_optional */ &m_share_state diff -Nru mariadb-11.8.6/storage/perfschema/table_helper.cc mariadb-11.8.8/storage/perfschema/table_helper.cc --- mariadb-11.8.6/storage/perfschema/table_helper.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_helper.cc 2026-05-24 09:58:32.000000000 +0000 @@ -135,7 +135,8 @@ Calculate digest from MD5 HASH collected to be shown as DIGEST in this row. */ - MD5_HASH_TO_STRING(pfs->m_digest_storage.m_md5, m_digest); + MD5_HASH_TO_STRING(pfs->m_digest_storage.m_md5, m_digest, + sizeof(m_digest)); m_digest_length= MD5_HASH_TO_STRING_LENGTH; /* @@ -353,7 +354,7 @@ { if (table_index < MAX_INDEXES) { - m_index_name_length= sprintf(m_index_name, "(index %d)", table_index); + m_index_name_length= snprintf(m_index_name, sizeof(m_index_name), "(index %d)", table_index); } else { diff -Nru mariadb-11.8.6/storage/perfschema/table_helper.h mariadb-11.8.8/storage/perfschema/table_helper.h --- mariadb-11.8.6/storage/perfschema/table_helper.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_helper.h 2026-05-24 09:58:32.000000000 +0000 @@ -34,16 +34,17 @@ Write MD5 hash value in a string to be used as DIGEST for the statement. */ -#define MD5_HASH_TO_STRING(_hash, _str) \ - sprintf(_str, "%02x%02x%02x%02x%02x%02x%02x%02x" \ - "%02x%02x%02x%02x%02x%02x%02x%02x", \ - _hash[0], _hash[1], _hash[2], _hash[3], \ - _hash[4], _hash[5], _hash[6], _hash[7], \ - _hash[8], _hash[9], _hash[10], _hash[11], \ - _hash[12], _hash[13], _hash[14], _hash[15]) - #define MD5_HASH_TO_STRING_LENGTH 32 +#define MD5_HASH_TO_STRING(_hash, _str, _size) \ + snprintf(_str, _size, \ + "%02x%02x%02x%02x%02x%02x%02x%02x" \ + "%02x%02x%02x%02x%02x%02x%02x%02x", \ + _hash[0], _hash[1], _hash[2], _hash[3], \ + _hash[4], _hash[5], _hash[6], _hash[7], \ + _hash[8], _hash[9], _hash[10], _hash[11], \ + _hash[12], _hash[13], _hash[14], _hash[15]) + struct PFS_host; struct PFS_user; struct PFS_account; diff -Nru mariadb-11.8.6/storage/perfschema/table_processlist.cc mariadb-11.8.8/storage/perfschema/table_processlist.cc --- mariadb-11.8.6/storage/perfschema/table_processlist.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_processlist.cc 2026-05-24 09:58:32.000000000 +0000 @@ -267,7 +267,7 @@ if (m_row.m_hostname_length > 0 && m_row.m_port != 0) { /* Create HOST:PORT. */ char str_port[10]; - sprintf(str_port, ":%d", m_row.m_port); + snprintf(str_port, sizeof(str_port), ":%d", m_row.m_port); std::string host(m_row.m_hostname, m_row.m_hostname_length); std::string host_ip = host + str_port; m_row.m_hostname_length = diff -Nru mariadb-11.8.6/storage/perfschema/table_session_status.cc mariadb-11.8.8/storage/perfschema/table_session_status.cc --- mariadb-11.8.6/storage/perfschema/table_session_status.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/perfschema/table_session_status.cc 2026-05-24 09:58:32.000000000 +0000 @@ -53,7 +53,7 @@ &m_table_lock, { C_STRING_WITH_LEN("CREATE TABLE session_status(" "VARIABLE_NAME VARCHAR(64) not null comment 'The session status variable name.'," - "VARIABLE_VALUE VARCHAR(1024) comment 'The session status variable value.')") }, + "VARIABLE_VALUE VARCHAR(4096) comment 'The session status variable value.')") }, true, /* m_perpetual */ false, /* m_optional */ &m_share_state diff -Nru mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/r/mdev_38732.result mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/mdev_38732.result --- mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/r/mdev_38732.result 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/mdev_38732.result 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,22 @@ +for master_1 +for child2 +for child3 +set spider_same_server_link= 1; +CREATE SERVER srv FOREIGN DATA WRAPPER mysql +OPTIONS (SOCKET "$MASTER_1_MYSOCK", DATABASE 'test',user 'root'); +CREATE TABLE t (f INT); +INSERT INTO t VALUES (1),(2); +SET @a = 4; +SET @a = NULL; +CREATE TABLE t_spider LIKE t; +ALTER TABLE t_spider ENGINE=SPIDER COMMENT = 'wrapper "mysql", srv "srv", table "t"'; +Warnings: +Warning 138 Spider table params in COMMENT or CONNECTION strings have been deprecated and will be removed in a future release. Please use table options instead. +DELETE FROM t_spider WHERE f > 0 or f < @a; +SELECT * FROM t_spider; +f +drop table t, t_spider; +drop server srv; +for master_1 +for child2 +for child3 diff -Nru mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/r/xa_cmd.result mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/xa_cmd.result --- mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/r/xa_cmd.result 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/r/xa_cmd.result 2026-05-24 09:58:32.000000000 +0000 @@ -36,6 +36,14 @@ XA END 'test'; XA PREPARE 'test'; XA COMMIT 'test'; +# MDEV-35426 Stack smashing in spider_db_mbase::xa_end (opt), ASAN: stack- +# buffer-overflow in Binary_string::q_append, and Assertion +# `str.alloced_length() >= str.length() + data_len' failed in +# spider_string::q_append on SELECT. +XA START 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; +INSERT INTO tbl_a (pkey) VALUES (10); +XA END 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; +XA ROLLBACK 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; # MDEV-37829 XA COMMIT ONE PHASE fails with "This xid does not # exist" if a trigger references a SPIDER table # @@ -105,6 +113,7 @@ SELECT argument FROM mysql.general_log WHERE command_type != 'Execute' AND argument LIKE '%insert %'; argument insert into `auto_test_remote`.`tbl_a`(`pkey`)values(0),(1),(2),(3),(4),(5),(6),(7),(8),(9) +insert into `auto_test_remote`.`tbl_a`(`pkey`)values(10) insert into `auto_test_remote`.`tbl_a`(`pkey`)values(100) insert high_priority into `auto_test_remote`.`tbl_a`(`pkey`)values(101) insert high_priority into `auto_test_remote`.`tbl_a`(`pkey`)values(102) diff -Nru mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/t/mdev_38732.test mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/mdev_38732.test --- mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/t/mdev_38732.test 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/mdev_38732.test 2026-05-24 09:58:32.000000000 +0000 @@ -0,0 +1,26 @@ +--disable_query_log +--disable_result_log +--source ../../t/test_init.inc +--enable_result_log +--enable_query_log + +set spider_same_server_link= 1; +evalp CREATE SERVER srv FOREIGN DATA WRAPPER mysql +OPTIONS (SOCKET "$MASTER_1_MYSOCK", DATABASE 'test',user 'root'); + +CREATE TABLE t (f INT); +INSERT INTO t VALUES (1),(2); +SET @a = 4; +SET @a = NULL; +CREATE TABLE t_spider LIKE t; +ALTER TABLE t_spider ENGINE=SPIDER COMMENT = 'wrapper "mysql", srv "srv", table "t"'; +DELETE FROM t_spider WHERE f > 0 or f < @a; +SELECT * FROM t_spider; + +drop table t, t_spider; +drop server srv; +--disable_query_log +--disable_result_log +--source ../../t/test_deinit.inc +--enable_result_log +--enable_query_log diff -Nru mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/t/xa_cmd.test mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/xa_cmd.test --- mariadb-11.8.6/storage/spider/mysql-test/spider/bugfix/t/xa_cmd.test 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/mysql-test/spider/bugfix/t/xa_cmd.test 2026-05-24 09:58:32.000000000 +0000 @@ -53,6 +53,16 @@ XA PREPARE 'test'; XA COMMIT 'test'; +--echo # MDEV-35426 Stack smashing in spider_db_mbase::xa_end (opt), ASAN: stack- +--echo # buffer-overflow in Binary_string::q_append, and Assertion +--echo # `str.alloced_length() >= str.length() + data_len' failed in +--echo # spider_string::q_append on SELECT. + +XA START 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; +INSERT INTO tbl_a (pkey) VALUES (10); +XA END 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; +XA ROLLBACK 'xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc1','xaaaaaaaaaaaaaaabbbbbbbbbbbbbbbccc2',1234567890; + --echo # MDEV-37829 XA COMMIT ONE PHASE fails with "This xid does not --echo # exist" if a trigger references a SPIDER table --echo # diff -Nru mariadb-11.8.6/storage/spider/spd_conn.cc mariadb-11.8.8/storage/spider/spd_conn.cc --- mariadb-11.8.6/storage/spider/spd_conn.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_conn.cc 2026-05-24 09:58:32.000000000 +0000 @@ -3313,8 +3313,8 @@ share->static_link_ids_lengths[roop_count] + 1); link_idx_str_length = share->static_link_ids_lengths[roop_count]; } else { - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, - "%010d", roop_count)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), + "%010d", roop_count); } conv_name_str.q_append(link_idx_str, link_idx_str_length + 1); conv_name_str.length(conv_name_str.length() - 1); diff -Nru mariadb-11.8.6/storage/spider/spd_db_conn.cc mariadb-11.8.8/storage/spider/spd_db_conn.cc --- mariadb-11.8.6/storage/spider/spd_db_conn.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_db_conn.cc 2026-05-24 09:58:32.000000000 +0000 @@ -48,8 +48,6 @@ #define SPIDER_SQL_COALESCE_STR "coalesce(" #define SPIDER_SQL_COALESCE_LEN (sizeof(SPIDER_SQL_COALESCE_STR) - 1) -#define SPIDER_SQL_HEX_STR "0x" -#define SPIDER_SQL_HEX_LEN (sizeof(SPIDER_SQL_HEX_STR) - 1) #define SPIDER_SQL_SET_NAMES_STR "set names " #define SPIDER_SQL_SET_NAMES_LEN sizeof(SPIDER_SQL_SET_NAMES_STR) - 1 @@ -1127,12 +1125,12 @@ spider_string *tmp_str, XID *xid ) { - char format_id[sizeof(long) + 3]; + char format_id[3*sizeof(long) + 3]; uint format_id_length; DBUG_ENTER("spider_db_append_xid_str"); format_id_length = - my_sprintf(format_id, (format_id, "%lu", xid->formatID)); + snprintf(format_id, sizeof(format_id), "%lu", xid->formatID); spider_db_append_hex_string(tmp_str, (uchar *) xid->data, xid->gtrid_length); /* tmp_str->q_append(SPIDER_SQL_VALUE_QUOTE_STR, SPIDER_SQL_VALUE_QUOTE_LEN); @@ -1403,7 +1401,7 @@ start_key_part_map >>= 1, key_count++ ) { - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(key_name_length + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); str->q_append(tmp_buf, key_name_length); @@ -7562,8 +7560,10 @@ if (!(tmp_str2 = item->val_str(tmp_str.get_str()))) { - error_num = HA_ERR_OUT_OF_MEM; - goto end; + if (str->reserve(SPIDER_SQL_NULL_LEN)) + error_num = HA_ERR_OUT_OF_MEM; + str->q_append(SPIDER_SQL_NULL_STR, SPIDER_SQL_NULL_LEN); + DBUG_RETURN(error_num); } tmp_str.mem_calc(); @@ -8671,8 +8671,8 @@ where_clause_str.init_calc_mem(SPD_MID_DB_UDF_PING_TABLE_APPEND_MON_NEXT_2); child_table_name_str.length(child_table_name_length); where_clause_str.length(where_clause_length); - limit_str_length = my_sprintf(limit_str, (limit_str, "%lld", limit)); - sid_str_length = my_sprintf(sid_str, (sid_str, "%lld", first_sid)); + limit_str_length = snprintf(limit_str, sizeof(limit_str), "%lld", limit); + sid_str_length = snprintf(sid_str, sizeof(sid_str), "%lld", first_sid); if (str->reserve( SPIDER_SQL_SELECT_LEN + SPIDER_SQL_PING_TABLE_LEN + @@ -8769,7 +8769,7 @@ str->append_escape_string(where_str->ptr(), where_str->length()); } } else { - limit_str_length = my_sprintf(limit_str, (limit_str, "%lld", limit)); + limit_str_length = snprintf(limit_str, sizeof(limit_str), "%lld", limit); if (str->reserve( (use_where ? (where_str->length() * 2) : 0) + SPIDER_SQL_LIMIT_LEN + limit_str_length diff -Nru mariadb-11.8.6/storage/spider/spd_db_conn.h mariadb-11.8.8/storage/spider/spd_db_conn.h --- mariadb-11.8.6/storage/spider/spd_db_conn.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_db_conn.h 2026-05-24 09:58:32.000000000 +0000 @@ -24,6 +24,8 @@ #define SPIDER_DB_KEY_NAME_LEN (sizeof(SPIDER_DB_KEY_NAME_STR) - 1) #define SPIDER_DB_SEQUENCE_NAME_STR "" #define SPIDER_DB_SEQUENCE_NAME_LEN (sizeof(SPIDER_DB_SEQUENCE_NAME_STR) - 1) +#define SPIDER_SQL_HEX_STR "0x" +#define SPIDER_SQL_HEX_LEN (sizeof(SPIDER_SQL_HEX_STR) - 1) #define SPIDER_DB_TABLE_LOCK_READ_LOCAL 0 #define SPIDER_DB_TABLE_LOCK_READ 1 diff -Nru mariadb-11.8.6/storage/spider/spd_db_mysql.cc mariadb-11.8.8/storage/spider/spd_db_mysql.cc --- mariadb-11.8.6/storage/spider/spd_db_mysql.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_db_mysql.cc 2026-05-24 09:58:32.000000000 +0000 @@ -2580,7 +2580,9 @@ XID *xid, int *need_mon ) { - char sql_buf[SPIDER_SQL_XA_END_LEN + XIDDATASIZE + sizeof(long) + 9]; + char sql_buf[SPIDER_SQL_XA_END_LEN + XIDDATASIZE*2 + + SPIDER_SQL_HEX_LEN*2 + SPIDER_SQL_COMMA_LEN*2 + + sizeof(long)*3 + 7]; spider_string sql_str(sql_buf, sizeof(sql_buf), &my_charset_bin); DBUG_ENTER("spider_db_mbase::xa_end"); DBUG_PRINT("info",("spider this=%p", this)); @@ -2597,7 +2599,9 @@ XID *xid, int *need_mon ) { - char sql_buf[SPIDER_SQL_XA_PREPARE_LEN + XIDDATASIZE + sizeof(long) + 9]; + char sql_buf[SPIDER_SQL_XA_PREPARE_LEN + XIDDATASIZE*2 + + SPIDER_SQL_HEX_LEN*2 + SPIDER_SQL_COMMA_LEN*2 + + sizeof(long)*3 + 7]; spider_string sql_str(sql_buf, sizeof(sql_buf), &my_charset_bin); DBUG_ENTER("spider_db_mbase::xa_prepare"); DBUG_PRINT("info",("spider this=%p", this)); @@ -2614,7 +2618,9 @@ XID *xid, int *need_mon ) { - char sql_buf[SPIDER_SQL_XA_COMMIT_LEN + XIDDATASIZE + sizeof(long) + 9]; + char sql_buf[SPIDER_SQL_XA_COMMIT_LEN + XIDDATASIZE*2 + + SPIDER_SQL_HEX_LEN*2 + SPIDER_SQL_COMMA_LEN*2 + + sizeof(long)*3 + 7]; spider_string sql_str(sql_buf, sizeof(sql_buf), &my_charset_bin); DBUG_ENTER("spider_db_mbase::xa_commit"); DBUG_PRINT("info",("spider this=%p", this)); @@ -2631,7 +2637,9 @@ XID *xid, int *need_mon ) { - char sql_buf[SPIDER_SQL_XA_ROLLBACK_LEN + XIDDATASIZE + sizeof(long) + 9]; + char sql_buf[SPIDER_SQL_XA_ROLLBACK_LEN + XIDDATASIZE*2 + + SPIDER_SQL_HEX_LEN*2 + SPIDER_SQL_COMMA_LEN*2 + + sizeof(long)*3 + 7]; spider_string sql_str(sql_buf, sizeof(sql_buf), &my_charset_bin); DBUG_ENTER("spider_db_mbase::xa_rollback"); DBUG_PRINT("info",("spider this=%p", this)); @@ -2745,7 +2753,7 @@ sql_str.init_calc_mem(SPD_MID_DB_MBASE_SET_WAIT_TIMEOUT_1); sql_str.length(0); timeout_str_length = - my_sprintf(timeout_str, (timeout_str, "%d", wait_timeout)); + snprintf(timeout_str, sizeof(timeout_str), "%d", wait_timeout); if (sql_str.reserve(SPIDER_SQL_WAIT_TIMEOUT_LEN + timeout_str_length)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); sql_str.q_append(SPIDER_SQL_WAIT_TIMEOUT_STR, SPIDER_SQL_WAIT_TIMEOUT_LEN); @@ -3744,7 +3752,7 @@ DBUG_ENTER("spider_db_mbase_util::append_wait_timeout"); DBUG_PRINT("info",("spider this=%p", this)); timeout_str_length = - my_sprintf(timeout_str, (timeout_str, "%d", wait_timeout)); + snprintf(timeout_str, sizeof(timeout_str), "%d", wait_timeout); if (str->reserve(SPIDER_SQL_SEMICOLON_LEN + SPIDER_SQL_WAIT_TIMEOUT_LEN + timeout_str_length)) { @@ -4722,7 +4730,8 @@ DBUG_ENTER("spider_db_mbase_util::append_xa_start"); DBUG_PRINT("info",("spider this=%p", this)); if (str->reserve(SPIDER_SQL_SEMICOLON_LEN + - SPIDER_SQL_XA_START_LEN + XIDDATASIZE + sizeof(long) + 9)) + SPIDER_SQL_XA_START_LEN + XIDDATASIZE*2 + SPIDER_SQL_HEX_LEN*2 + + SPIDER_SQL_COMMA_LEN*2 + sizeof(long)*3 + 7)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); if (str->length()) { @@ -7795,7 +7804,7 @@ key_count++ ) { field = key_part->field; - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(key_name_length + SPIDER_SQL_SPACE_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); str->q_append(tmp_buf, key_name_length); @@ -7875,7 +7884,7 @@ field = key_part->field; key_name_length = mysql_share->column_name_str[field->field_index].length(); - length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(length + table_alias_lengths[0] + key_name_length + /* SPIDER_SQL_NAME_QUOTE_LEN */ 2 + table_alias_lengths[1] + SPIDER_SQL_PF_EQUAL_LEN + SPIDER_SQL_AND_LEN)) @@ -7907,8 +7916,8 @@ table_dot_alias_lengths[2]; tgt_table_name_str.init_calc_mem(SPD_MID_MBASE_HANDLER_APPEND_TMP_TABLE_AND_SQL_FOR_BKA_1); tgt_table_name_str.length(0); - create_tmp_bka_table_name(tmp_table_name, &tmp_table_name_length, - first_link_idx); + create_tmp_bka_table_name(tmp_table_name, sizeof(tmp_table_name), + &tmp_table_name_length, first_link_idx); if ((error_num = append_table_name_with_adjusting(&tgt_table_name_str, first_link_idx, SPIDER_SQL_TYPE_SELECT_SQL))) { @@ -8003,6 +8012,7 @@ void spider_mbase_handler::create_tmp_bka_table_name( char *tmp_table_name, + size_t tmp_table_name_size, int *tmp_table_name_length, int link_idx ) { @@ -8024,9 +8034,9 @@ memcpy(tmp_table_name, mysql_share->db_names_str[link_idx].c_ptr(), mysql_share->db_names_str[link_idx].length()); tmp_table_name += mysql_share->db_names_str[link_idx].length(); - length = my_sprintf(tmp_table_name, (tmp_table_name, + length = snprintf(tmp_table_name, tmp_table_name_size, "%s%s%p%s", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider, - SPIDER_SQL_UNDERSCORE_STR)); + SPIDER_SQL_UNDERSCORE_STR); *tmp_table_name_length += length; tmp_table_name += length; memcpy(tmp_table_name, @@ -8042,8 +8052,8 @@ memcpy(tmp_table_name, mysql_share->db_names_str[link_idx].c_ptr(), mysql_share->db_names_str[link_idx].length()); tmp_table_name += mysql_share->db_names_str[link_idx].length(); - length = my_sprintf(tmp_table_name, (tmp_table_name, - "%s%s%p", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider)); + length = snprintf(tmp_table_name, tmp_table_name_size, + "%s%s%p", SPIDER_SQL_DOT_STR, SPIDER_SQL_TMP_BKA_STR, spider); *tmp_table_name_length += length; } DBUG_VOID_RETURN; @@ -9613,7 +9623,7 @@ DBUG_RETURN(HA_ERR_OUT_OF_MEM); } - key_name_length = my_sprintf(tmp_buf, (tmp_buf, "c%u", key_count)); + key_name_length = snprintf(tmp_buf, sizeof(tmp_buf), "c%u", key_count); if (str->reserve(SPIDER_SQL_SPACE_LEN + key_name_length + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); @@ -11030,8 +11040,8 @@ char range_cnt_str[SPIDER_SQL_INT_LEN]; DBUG_ENTER("spider_mbase_handler::append_multi_range_cnt"); DBUG_PRINT("info",("spider this=%p", this)); - range_cnt_length = my_sprintf(range_cnt_str, (range_cnt_str, "%u", - multi_range_cnt)); + range_cnt_length = snprintf(range_cnt_str, sizeof(range_cnt_str), "%u", + multi_range_cnt); if (with_comma) { if (str->reserve(range_cnt_length + SPIDER_SQL_COMMA_LEN)) @@ -11077,8 +11087,8 @@ char range_cnt_str[SPIDER_SQL_INT_LEN]; DBUG_ENTER("spider_mbase_handler::append_multi_range_cnt_with_name"); DBUG_PRINT("info",("spider this=%p", this)); - range_cnt_length = my_sprintf(range_cnt_str, (range_cnt_str, "%u", - multi_range_cnt)); + range_cnt_length = snprintf(range_cnt_str, sizeof(range_cnt_str), "%u", + multi_range_cnt); if (str->reserve(range_cnt_length + SPIDER_SQL_SPACE_LEN + SPIDER_SQL_ID_LEN + SPIDER_SQL_COMMA_LEN)) DBUG_RETURN(HA_ERR_OUT_OF_MEM); @@ -12239,8 +12249,8 @@ tgt_table_name_str.length(0); if (result_list->tmp_table_join && spider->bka_mode != 2) { - create_tmp_bka_table_name(tmp_table_name, &tmp_table_name_length, - link_idx); + create_tmp_bka_table_name(tmp_table_name, sizeof(tmp_table_name), + &tmp_table_name_length, link_idx); append_table_name_with_adjusting(&tgt_table_name_str, link_idx, SPIDER_SQL_TYPE_TMP_SQL); table_names[0] = tmp_table_name; diff -Nru mariadb-11.8.6/storage/spider/spd_db_mysql.h mariadb-11.8.8/storage/spider/spd_db_mysql.h --- mariadb-11.8.6/storage/spider/spd_db_mysql.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_db_mysql.h 2026-05-24 09:58:32.000000000 +0000 @@ -771,6 +771,7 @@ int reuse_tmp_table_and_sql_for_bka() override; void create_tmp_bka_table_name( char *tmp_table_name, + size_t tmp_table_name_size, int *tmp_table_name_length, int link_idx ); diff -Nru mariadb-11.8.6/storage/spider/spd_direct_sql.cc mariadb-11.8.8/storage/spider/spd_direct_sql.cc --- mariadb-11.8.6/storage/spider/spd_direct_sql.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_direct_sql.cc 2026-05-24 09:58:32.000000000 +0000 @@ -251,7 +251,7 @@ tmp_name= direct_sql->conn_key + 1; spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_wrapper); spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_host); - my_sprintf(port_str, (port_str, "%05ld", direct_sql->tgt_port)); + snprintf(port_str, sizeof(port_str), "%05ld", direct_sql->tgt_port); spider_create_conn_key_add_one(&counter, &tmp_name, port_str); spider_create_conn_key_add_one(&counter, &tmp_name, direct_sql->tgt_socket); counter++; diff -Nru mariadb-11.8.6/storage/spider/spd_group_by_handler.cc mariadb-11.8.8/storage/spider/spd_group_by_handler.cc --- mariadb-11.8.6/storage/spider/spd_group_by_handler.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_group_by_handler.cc 2026-05-24 09:58:32.000000000 +0000 @@ -840,8 +840,8 @@ DBUG_ENTER("spider_fields::add_table"); DBUG_PRINT("info",("spider idx_for_direct_join=%u", spider_arg->idx_for_direct_join)); - length = my_sprintf(tmp_buf, (tmp_buf, "t%u", - spider_arg->idx_for_direct_join)); + length = snprintf(tmp_buf, sizeof(tmp_buf), "t%u", + spider_arg->idx_for_direct_join); str = &spider_arg->result_list.tmp_sqls[0]; str->length(0); if (str->reserve(length + SPIDER_SQL_DOT_LEN)) diff -Nru mariadb-11.8.6/storage/spider/spd_include.h mariadb-11.8.8/storage/spider/spd_include.h --- mariadb-11.8.6/storage/spider/spd_include.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_include.h 2026-05-24 09:58:32.000000000 +0000 @@ -64,7 +64,6 @@ #undef pthread_cond_destroy #endif #define pthread_cond_destroy mysql_cond_destroy -#define my_sprintf(A,B) sprintf B #define spider_stmt_da_message(A) thd_get_error_message(A) #define spider_stmt_da_sql_errno(A) thd_get_error_number(A) diff -Nru mariadb-11.8.6/storage/spider/spd_ping_table.cc mariadb-11.8.8/storage/spider/spd_ping_table.cc --- mariadb-11.8.6/storage/spider/spd_ping_table.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_ping_table.cc 2026-05-24 09:58:32.000000000 +0000 @@ -237,8 +237,8 @@ DBUG_PRINT("info", ("spider conv_name=%s", conv_name)); DBUG_PRINT("info", ("spider conv_name_length=%u", conv_name_length)); DBUG_PRINT("info", ("spider link_idx=%d", link_idx)); - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + link_idx); char *buf = (char *) my_alloca(conv_name_length + link_idx_str_length + 1); if (!buf) { @@ -1175,8 +1175,8 @@ } } else { link_idx = (int) (args->args[1] ? *((longlong *) args->args[1]) : 0); - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + link_idx); } flags = (int) (args->args[2] ? *((longlong *) args->args[2]) : 0); limit = args->args[3] ? *((longlong *) args->args[3]) : 0; @@ -1635,8 +1635,8 @@ share->static_link_ids_lengths[all_link_idx] + 1); link_idx_str_length = share->static_link_ids_lengths[all_link_idx]; } else { - link_idx_str_length = my_sprintf(link_idx_str, (link_idx_str, "%010d", - all_link_idx)); + link_idx_str_length = snprintf(link_idx_str, sizeof(link_idx_str), "%010d", + all_link_idx); } char *buf = (char *) my_alloca(conv_name_length + link_idx_str_length + 1); if (!buf) diff -Nru mariadb-11.8.6/storage/spider/spd_table.cc mariadb-11.8.8/storage/spider/spd_table.cc --- mariadb-11.8.6/storage/spider/spd_table.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_table.cc 2026-05-24 09:58:32.000000000 +0000 @@ -4679,7 +4679,7 @@ int counter= 0; spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_wrappers[roop_count]); spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_hosts[roop_count]); - my_sprintf(port_str, (port_str, "%05ld", share->tgt_ports[roop_count])); + snprintf(port_str, sizeof(port_str), "%05ld", share->tgt_ports[roop_count]); spider_create_conn_key_add_one(&counter, &tmp_name, port_str); spider_create_conn_key_add_one(&counter, &tmp_name, share->tgt_sockets[roop_count]); counter++; @@ -4805,7 +4805,7 @@ for (roop_count = 0; roop_count < (int) share->all_link_count; roop_count++) { - my_sprintf(link_idx_str, (link_idx_str, "%010d", roop_count)); + snprintf(link_idx_str, sizeof(link_idx_str), "%010d", roop_count); buf_pos = strmov(buf, share->table_name); buf_pos = strmov(buf_pos, link_idx_str); *buf_pos = '\0'; @@ -6539,9 +6539,9 @@ bzero(addr,6); } spider_unique_id.str = spider_unique_id_buf; - spider_unique_id.length = my_sprintf(spider_unique_id_buf, - (spider_unique_id_buf, "-%02x%02x%02x%02x%02x%02x-%lx-", - addr[0], addr[1], addr[2], addr[3], addr[4], addr[5], (ulong) getpid())); + spider_unique_id.length = snprintf(spider_unique_id_buf, + sizeof(spider_unique_id_buf), "-%02x%02x%02x%02x%02x%02x-%lx-", + addr[0], addr[1], addr[2], addr[3], addr[4], addr[5], (ulong) getpid()); memset(&spider_alloc_func_name, 0, sizeof(spider_alloc_func_name)); memset(&spider_alloc_file_name, 0, sizeof(spider_alloc_file_name)); diff -Nru mariadb-11.8.6/storage/spider/spd_trx.cc mariadb-11.8.8/storage/spider/spd_trx.cc --- mariadb-11.8.6/storage/spider/spd_trx.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/storage/spider/spd_trx.cc 2026-05-24 09:58:32.000000000 +0000 @@ -1407,18 +1407,18 @@ if (spider_param_internal_xa_id_type(thd) == 0) { trx->xid.gtrid_length - = my_sprintf(trx->xid.data, - (trx->xid.data, "%lx", thd_get_thread_id(thd))); + = snprintf(trx->xid.data, sizeof(trx->xid.data), + "%lx", thd_get_thread_id(thd)); } else { trx->xid.gtrid_length - = my_sprintf(trx->xid.data, - (trx->xid.data, "%lx%016llx", thd_get_thread_id(thd), - thd->query_id)); + = snprintf(trx->xid.data, sizeof(trx->xid.data), + "%lx%016llx", thd_get_thread_id(thd), + thd->query_id); } trx->xid.bqual_length - = my_sprintf(trx->xid.data + trx->xid.gtrid_length, - (trx->xid.data + trx->xid.gtrid_length, "%lx", - thd->variables.server_id)); + = snprintf(trx->xid.data + trx->xid.gtrid_length, + sizeof(trx->xid.data) - trx->xid.gtrid_length, "%lx", + thd->variables.server_id); #ifdef SPIDER_XID_STATE_HAS_in_thd trx->internal_xid_state.in_thd = 1; diff -Nru mariadb-11.8.6/strings/ctype-uca1400.c mariadb-11.8.8/strings/ctype-uca1400.c --- mariadb-11.8.6/strings/ctype-uca1400.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/ctype-uca1400.c 2026-05-24 09:58:32.000000000 +0000 @@ -306,7 +306,8 @@ param.nopad_flags); const MY_UCA1400_COLLATION_DEFINITION *def= &my_uca1400_collation_definitions[param.tailoring_id]; - + if (!src) + return FALSE; coll_name= my_uca1400_collation_build_name(coll_name_buffer, sizeof(coll_name_buffer), &src->cs_name, diff -Nru mariadb-11.8.6/strings/ctype.c mariadb-11.8.8/strings/ctype.c --- mariadb-11.8.6/strings/ctype.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/ctype.c 2026-05-24 09:58:32.000000000 +0000 @@ -388,7 +388,8 @@ if (MY_XML_OK == my_charset_file_tailoring_realloc(i, newlen)) { char *dst= i->tailoring + i->tailoring_length; - sprintf(dst, fmt, (int) len, attr); + snprintf(dst, i->tailoring_alloced_length - i->tailoring_length, + fmt, (int) len, attr); i->tailoring_length+= strlen(dst); return MY_XML_OK; } @@ -407,7 +408,8 @@ if (MY_XML_OK == my_charset_file_tailoring_realloc(i, newlen)) { char *dst= i->tailoring + i->tailoring_length; - sprintf(dst, fmt, (int) len1, attr1, (int) len2, attr2); + snprintf(dst, i->tailoring_alloced_length - i->tailoring_length, + fmt, (int) len1, attr1, (int) len2, attr2); i->tailoring_length+= strlen(dst); return MY_XML_OK; } @@ -830,10 +832,11 @@ if (sizeof(loader->error) > 32 + strlen(errstr)) { /* We cannot use my_snprintf() here. See previous comment. */ - sprintf(loader->error, "at line %d pos %d: %s", - my_xml_error_lineno(&p)+1, - (int) my_xml_error_pos(&p), - my_xml_error_string(&p)); + snprintf(loader->error, sizeof(loader->error), + "at line %d pos %d: %s", + my_xml_error_lineno(&p)+1, + (int) my_xml_error_pos(&p), + my_xml_error_string(&p)); } } return rc; diff -Nru mariadb-11.8.6/strings/decimal.c mariadb-11.8.8/strings/decimal.c --- mariadb-11.8.6/strings/decimal.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/decimal.c 2026-05-24 09:58:32.000000000 +0000 @@ -2134,17 +2134,22 @@ } else /* bounded fract part */ { - j-=frac0; - i=j >> 1; - if (frac1 <= frac2) + dec1 *b1=buf1-1, *b2= buf2-1; /* shortcuts */ + while (j > frac0) { - frac1-= i; - frac2-=j-i; - } - else - { - frac2-= i; - frac1-=j-i; + if (b1[frac1] == 0) /* lossless */ + frac1--; + else if (b2[frac2] == 0) /* lossless */ + frac2--; + else if (frac1 > frac2) /* lossy, MUST be after lossless */ + frac1--; + else if (frac2 > frac1) + frac2--; + else if (b1[frac1] < b2[frac2]) + frac1--; + else + frac2--; + j--; } } } @@ -2181,21 +2186,26 @@ } } - /* Remove trailing zero words in frac part */ - frac0= ROUND_UP(to->frac); - - if (frac0 > 0 && to->buf[intg0 + frac0 - 1] == 0) + /* Now we have to check for -0.000 case */ + if (to->sign) { - do - { - frac0--; - } while (frac0 > 0 && to->buf[intg0 + frac0 - 1] == 0); - to->frac= DIG_PER_DEC1 * frac0; + dec1 *buf= to->buf; + dec1 *end= to->buf + intg0 + frac0; + DBUG_ASSERT(buf != end); + for (;;) + { + if (*buf) + break; + if (++buf == end) + { + /* We got decimal zero */ + decimal_make_zero(to); + break; + } + } } - - /* Remove heading zero words in intg part */ buf1= to->buf; - d_to_move= intg0 + frac0; + d_to_move= intg0 + ROUND_UP(to->frac); while (!*buf1 && (to->intg > DIG_PER_DEC1)) { buf1++; @@ -2208,14 +2218,6 @@ for (; d_to_move--; cur_d++, buf1++) *cur_d= *buf1; } - - /* Now we have to check for -0.000 case */ - if (to->sign && to->frac == 0 && to->buf[0] == 0) - { - DBUG_ASSERT(to->intg <= DIG_PER_DEC1); - /* We got decimal zero */ - decimal_make_zero(to); - } return error; } @@ -2618,7 +2620,7 @@ { char s1[100], *end; int res; - sprintf(s1, "'%s'", s); + snprintf(s1, sizeof(s1), "'%s'", s); end= strend(s); printf("len=%2d %-30s => res=%d ", a.len, s1, (res= string2decimal(s, &a, &end))); @@ -2632,7 +2634,7 @@ double x; int res; - sprintf(s1, "'%s'", s); + snprintf(s1, sizeof(s1), "'%s'", s); end= strend(s); string2decimal(s, &a, &end); res=decimal2double(&a, &x); @@ -2647,7 +2649,7 @@ uchar buf[100]; int res, i, size=decimal_bin_size(p, s); - sprintf(s1, "'%s'", str); + snprintf(s1, sizeof(s1), "'%s'", str); end= strend(str); string2decimal(str, &a, &end); res=decimal2bin(&a, buf, p, s); @@ -2742,7 +2744,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' + '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' + '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2757,7 +2759,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' - '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' - '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2772,7 +2774,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' <=> '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' <=> '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2790,7 +2792,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' * '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' * '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2805,7 +2807,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' / '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' / '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2824,7 +2826,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' %% '%s'", s1, s2); + snprintf(s, sizeof(s), "'%s' %% '%s'", s1, s2); end= strend(s1); string2decimal(s1, &a, &end); end= strend(s2); @@ -2847,7 +2849,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s', %d, %s", s1, n, round_mode[mode]); + snprintf(s, sizeof(s), "'%s', %d, %s", s1, n, round_mode[mode]); end= strend(s1); string2decimal(s1, &a, &end); res=decimal_round(&a, &b, n, mode); @@ -2860,7 +2862,7 @@ void test_mx(int precision, int frac, const char *orig) { char s[100]; - sprintf(s, "%d, %d", precision, frac); + snprintf(s, sizeof(s), "%d, %d", precision, frac); max_decimal(precision, frac, &a); printf("%-40s => ", s); print_decimal(&a, orig, 0, 0); @@ -2876,8 +2878,9 @@ int slen= sizeof(s2); int res; - sprintf(s, filler ? "'%s', %d, %d, '%c'" : "'%s', %d, %d, '\\0'", - s1, prec, dec, filler); + snprintf(s, sizeof(s), + filler ? "'%s', %d, %d, '%c'" : "'%s', %d, %d, '\\0'", + s1, prec, dec, filler); end= strend(s1); string2decimal(s1, &a, &end); res= decimal2string(&a, s2, &slen, prec, dec, filler); @@ -2896,7 +2899,7 @@ { char s[100], *end; int res; - sprintf(s, "'%s' %s %d", s1, ((shift < 0) ? ">>" : "<<"), abs(shift)); + snprintf(s, sizeof(s), "'%s' %s %d", s1, ((shift < 0) ? ">>" : "<<"), abs(shift)); end= strend(s1); string2decimal(s1, &a, &end); res= decimal_shift(&a, shift); @@ -2909,7 +2912,7 @@ void test_fr(const char *s1, const char *orig) { char s[100], *end; - sprintf(s, "'%s'", s1); + snprintf(s, sizeof(s), "'%s'", s1); printf("%-40s => ", s); end= strend(s1); string2decimal(s1, &a, &end); diff -Nru mariadb-11.8.6/strings/dtoa.c mariadb-11.8.8/strings/dtoa.c --- mariadb-11.8.6/strings/dtoa.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/dtoa.c 2026-05-24 09:58:32.000000000 +0000 @@ -108,7 +108,7 @@ src= res; len= (int)(end - src); - if (sign) + if (sign && x != 0.0) *dst++= '-'; if (decpt <= 0) @@ -344,7 +344,7 @@ At this point we are sure we have enough space to put all digits returned by dtoa */ - if (sign && dst < dend) + if (sign && x != 0.0 && dst < dend) *dst++= '-'; if (decpt <= 0) { @@ -404,7 +404,7 @@ At this point we are sure we have enough space to put all digits returned by dtoa */ - if (sign && dst < dend) + if (sign && x != 0.0 && dst < dend) *dst++= '-'; if (dst < dend) *dst++= *src++; @@ -416,7 +416,7 @@ } if (dst < dend) *dst++= 'e'; - if (decpt_sign && dst < dend) + if (decpt_sign && x != 0.0 && dst < dend) *dst++= '-'; if (decpt >= 100 && dst < dend) diff -Nru mariadb-11.8.6/strings/json_lib.c mariadb-11.8.8/strings/json_lib.c --- mariadb-11.8.6/strings/json_lib.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/json_lib.c 2026-05-24 09:58:32.000000000 +0000 @@ -1306,9 +1306,13 @@ int json_skip_array_and_count(json_engine_t *je, int *n_items) { json_engine_t j= *je; + int res; *n_items= 0; - return json_skip_level_and_count(&j, n_items); + res= json_skip_level_and_count(&j, n_items); + if (res) + je->s.error= j.s.error; + return res; } @@ -1465,14 +1469,26 @@ json_skip_array_item(je); break; case JST_OBJ_END: - do - { - (*p_cur_step)--; - } while (*p_cur_step > p->steps && - array_counters[*p_cur_step - p->steps] == SKIPPED_STEP_MARK); + /* + MSAN-safe block + */ + while (*p_cur_step > p->steps) + { + json_path_step_t *prev = *p_cur_step; + prev--; + + if (prev < p->steps) + break; + + *p_cur_step = prev; + + if (array_counters[prev - p->steps] != SKIPPED_STEP_MARK) + break; + } break; case JST_ARRAY_END: - (*p_cur_step)--; + if (*p_cur_step > p->steps) + (*p_cur_step)--; break; default: DBUG_ASSERT(0); @@ -1787,14 +1803,14 @@ json_path_t *p) { json_scan_start(je, i_cs, str, end); - p->last_step= p->steps - 1; + p->last_step= NULL; return 0; } int json_get_path_next(json_engine_t *je, json_path_t *p) { - if (p->last_step < p->steps) + if (p->last_step == NULL) { if (json_read_value(je)) return 1; diff -Nru mariadb-11.8.6/strings/strcoll.inl mariadb-11.8.8/strings/strcoll.inl --- mariadb-11.8.6/strings/strcoll.inl 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/strcoll.inl 2026-05-24 09:58:32.000000000 +0000 @@ -226,8 +226,12 @@ const uchar *b, size_t b_length, my_bool b_is_prefix) { - const uchar *a_end= a + a_length; - const uchar *b_end= b + b_length; + const uchar *a_end, *b_end; + DBUG_ASSERT(a); + DBUG_ASSERT(b); + + a_end= a + a_length; + b_end= b + b_length; for ( ; ; ) { int a_weight, b_weight, res; diff -Nru mariadb-11.8.6/strings/xml.c mariadb-11.8.8/strings/xml.c --- mariadb-11.8.6/strings/xml.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/strings/xml.c 2026-05-24 09:58:33.000000000 +0000 @@ -30,9 +30,9 @@ #define MY_XML_SLASH '/' #define MY_XML_COMMENT 'C' #define MY_XML_TEXT 'T' -#define MY_XML_QUESTION '?' -#define MY_XML_EXCLAM '!' -#define MY_XML_CDATA 'D' +#define MY_XML_PROCESSING_INSTRUCTION '?' +#define MY_XML_CDATA 'A' +#define MY_XML_DTD 'D' typedef struct xml_attr_st { @@ -95,8 +95,8 @@ case MY_XML_SLASH: return "'/'"; case MY_XML_COMMENT: return "COMMENT"; case MY_XML_TEXT: return "TEXT"; - case MY_XML_QUESTION: return "'?'"; - case MY_XML_EXCLAM: return "'!'"; + case MY_XML_PROCESSING_INSTRUCTION: return "'?'"; + case MY_XML_DTD: return "DTD"; } return "unknown token"; } @@ -145,6 +145,43 @@ a->end=p->cur; lex=MY_XML_COMMENT; } + else if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("cur+= 2; + + a->beg= p->cur; + if (my_xml_is_id0(p->cur[0])) + { + int termination_expected= FALSE; + + p->cur++; + while (p->cur < p->end && my_xml_is_id1(p->cur[0])) + p->cur++; + + a->end=p->cur; + /* + After the target name the syntax requires the + terminating '?>' or some spaces then an + arbitrary string to the '>?'. + */ + if (p->cur < p->end && !my_xml_is_space(p->cur[0])) + termination_expected= TRUE; + + while (p->cur < p->end) + { + if (my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("?>")) == 0) + { + lex= MY_XML_PROCESSING_INSTRUCTION; + p->cur+= 2; + break; + } + else if (termination_expected) + break; + p->cur++; + } + } + } else if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("cur+= 9; @@ -159,7 +196,56 @@ } lex= MY_XML_CDATA; } - else if (strchr("?=/<>!",p->cur[0])) + else if (!my_xml_parser_prefix_cmp(p, C_STRING_WITH_LEN("cur+= 9; + lex= MY_XML_UNKNOWN; + for (; p->cur < p->end; p->cur++) + { + if (p->cur[0] == '"' || p->cur[0] == '\'') + { + if (!in_quote) + in_quote= p->cur[0]; + else + { + if (p->cur[0] == in_quote) + in_quote= 0; + } + } + + if (in_quote) + continue; + + switch (p->cur[0]) + { + case MY_XML_LT: + { + level++; + break; + } + case MY_XML_GT: + { + level--; + if (level == 0) + { + lex= MY_XML_DTD; + p->cur++; + goto dtd_end; + } + } + default:; + } + } + +dtd_end: + a->end= p->cur; + } + + else if (strchr("=/<>",p->cur[0])) { p->cur++; a->end=p->cur; @@ -340,14 +426,23 @@ if (p->cur[0] == '<') { int lex; - int question=0; - int exclam=0; lex=my_xml_scan(p,&a); - if (MY_XML_COMMENT == lex) + if (MY_XML_COMMENT == lex || + MY_XML_DTD == lex) continue; + if (MY_XML_PROCESSING_INSTRUCTION == lex) + { + if (p->processing_instruction && + MY_XML_OK != p->processing_instruction(p, + a.beg, (size_t) (a.end-a.beg), + a.end, (size_t) (p->cur - a.end - 2))) + return MY_XML_ERROR; + continue; + } + if (lex == MY_XML_CDATA) { a.beg+= 9; @@ -371,16 +466,6 @@ goto gt; } - if (MY_XML_EXCLAM == lex) - { - lex=my_xml_scan(p,&a); - exclam=1; - } - else if (MY_XML_QUESTION == lex) - { - lex=my_xml_scan(p,&a); - question=1; - } if (MY_XML_IDENT == lex) { @@ -395,8 +480,7 @@ return MY_XML_ERROR; } - while ((MY_XML_IDENT == (lex=my_xml_scan(p,&a))) || - ((MY_XML_STRING == lex && exclam))) + while (MY_XML_IDENT == (lex=my_xml_scan(p,&a))) { MY_XML_ATTR b; if (MY_XML_EQ == (lex=my_xml_scan(p,&b))) @@ -424,15 +508,6 @@ (MY_XML_OK != my_xml_leave(p,a.beg,(size_t) (a.end-a.beg)))) return MY_XML_ERROR; } - else if ((MY_XML_STRING == lex) && exclam) - { - /* - We are in , e.g. - - - Just skip "SystemLiteral" and "PublicidLiteral" - */ - } else break; } @@ -445,24 +520,6 @@ } gt: - if (question) - { - if (lex != MY_XML_QUESTION) - { - snprintf(p->errstr,sizeof(p->errstr),"%s unexpected ('?' wanted)",lex2str(lex)); - return MY_XML_ERROR; - } - if (MY_XML_OK != my_xml_leave(p,NULL,0)) - return MY_XML_ERROR; - lex=my_xml_scan(p,&a); - } - - if (exclam) - { - if (MY_XML_OK != my_xml_leave(p,NULL,0)) - return MY_XML_ERROR; - } - if (lex != MY_XML_GT) { snprintf(p->errstr,sizeof(p->errstr),"%s unexpected ('>' wanted)",lex2str(lex)); @@ -537,6 +594,14 @@ } +void my_xml_set_processing_instruction_handler(MY_XML_PARSER *p, + int (*p_i)(MY_XML_PARSER *, const char *, size_t, + const char *, size_t)) +{ + p->processing_instruction= p_i; +} + + void my_xml_set_user_data(MY_XML_PARSER *p, void *user_data) { p->user_data=user_data; diff -Nru mariadb-11.8.6/support-files/mariadb.service.in mariadb-11.8.8/support-files/mariadb.service.in --- mariadb-11.8.6/support-files/mariadb.service.in 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/support-files/mariadb.service.in 2026-05-24 09:58:33.000000000 +0000 @@ -59,6 +59,9 @@ # Doesn't yet work properly with SELinux enabled # NoNewPrivileges=true +# Restrict modifications of cgroups from the MariaDB service context. +ProtectControlGroups=true + # Prevent accessing /home, /root and /run/user ProtectHome=true @@ -159,7 +162,7 @@ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). -# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= +# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=" # Flush caches. previously [mysqld_safe] flush-caches=1 # ExecStartPre=sync diff -Nru mariadb-11.8.6/support-files/mariadb@.service.in mariadb-11.8.8/support-files/mariadb@.service.in --- mariadb-11.8.6/support-files/mariadb@.service.in 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/support-files/mariadb@.service.in 2026-05-24 09:58:33.000000000 +0000 @@ -190,6 +190,9 @@ # (https://github.com/systemd/systemd/issues/3845) # NoNewPrivileges=true +# Restrict modifications of cgroups from the MariaDB service context. +ProtectControlGroups=true + # Prevent accessing /home, /root and /run/user ProtectHome=true @@ -283,7 +286,7 @@ # Library substitutions. previously [mysqld_safe] malloc-lib with explicit paths # (in LD_LIBRARY_PATH) and library name (in LD_PRELOAD). -# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD= +# Environment="LD_LIBRARY_PATH=/path1 /path2" "LD_PRELOAD=" # Flush caches. previously [mysqld_safe] flush-caches=1 # ExecStartPre=sync diff -Nru mariadb-11.8.6/tests/insert_test.c mariadb-11.8.8/tests/insert_test.c --- mariadb-11.8.6/tests/insert_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/tests/insert_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -46,7 +46,7 @@ count = 0; while (count < num) { - sprintf(qbuf,INSERT_QUERY,count,count); + snprintf(qbuf,sizeof(qbuf),INSERT_QUERY,count,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff -Nru mariadb-11.8.6/tests/mysql_client_test.c mariadb-11.8.8/tests/mysql_client_test.c --- mariadb-11.8.6/tests/mysql_client_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/tests/mysql_client_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -1488,7 +1488,7 @@ /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 100; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -1527,7 +1527,7 @@ /* now, execute the prepared statement to insert 10 records.. */ for (o_tiny_data= 0; o_tiny_data < 100; o_tiny_data++) { - len= sprintf(data, "MySQL%d", o_int_data); + len= snprintf(data, sizeof(data), "MySQL%d", o_int_data); rc= mysql_stmt_fetch(stmt); check_execute(stmt, rc); @@ -2944,7 +2944,7 @@ my_bind[0].buffer= szData; /* string data */ my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "updated-data"); + length[0]= snprintf(szData, sizeof(szData), "updated-data"); my_bind[1].buffer= (void *) &nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -3140,7 +3140,7 @@ DIE_UNLESS(rc == 1); mysql_free_result(result); - sprintf(data, "%d", i*5); + snprintf(data, sizeof(data), "%d", i*5); verify_col_data("test_long_data_str", "LENGTH(longstr)", data); data[0]= '\0'; while (i--) @@ -3198,7 +3198,7 @@ rc= mysql_stmt_bind_param(stmt, my_bind); check_execute(stmt, rc); - length= sprintf(data, "MySQL AB"); + length= snprintf(data, sizeof(data), "MySQL AB"); /* supply data in pieces */ for (i= 0; i < 3; i++) @@ -3238,10 +3238,10 @@ DIE_UNLESS(rc == 1); mysql_free_result(result); - sprintf(data, "%ld", (long)i*length); + snprintf(data, sizeof(data), "%ld", (long)i*length); verify_col_data("test_long_data_str", "length(longstr)", data); - sprintf(data, "%d", i*2); + snprintf(data, sizeof(data), "%d", i*2); verify_col_data("test_long_data_str", "length(blb)", data); /* Test length of field->max_length */ @@ -3513,7 +3513,7 @@ my_bind[0].buffer= szData; my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "inserted-data"); + length[0]= snprintf(szData, sizeof(szData), "inserted-data"); my_bind[1].buffer= (void *)&nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -3542,7 +3542,7 @@ my_bind[0].buffer= szData; my_bind[0].buffer_length= sizeof(szData); my_bind[0].length= &length[0]; - length[0]= sprintf(szData, "updated-data"); + length[0]= snprintf(szData, sizeof(szData), "updated-data"); my_bind[1].buffer= (void *)&nData; my_bind[1].buffer_type= MYSQL_TYPE_LONG; @@ -4111,7 +4111,7 @@ /* CHAR */ { char buff[20]; - long len= sprintf(buff, "%d", rc); + long len= snprintf(buff, sizeof(buff), "%d", rc); DIE_UNLESS(strcmp(s_data, buff) == 0); DIE_UNLESS(length[6] == (ulong) len); } @@ -4704,7 +4704,7 @@ /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 3; tiny_data++) { - length= sprintf(str_data, "MySQL%d", tiny_data); + length= snprintf(str_data, sizeof(str_data), "MySQL%d", tiny_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); } @@ -8952,7 +8952,7 @@ strxmov(buffer, "create table t_mem_overun(", NullS); for (i= 0; i < 1000; i++) { - sprintf(field, "c%u int", i); + snprintf(field, sizeof(field), "c%u int", i); strxmov(buffer, buffer, field, ", ", NullS); } length= strlen(buffer); @@ -9399,7 +9399,7 @@ { int row_count= 0; - sprintf(query, queries[field_count], name); + snprintf(query, sizeof(query), queries[field_count], name); if (!opt_silent) fprintf(stdout, "\n %s", query); @@ -11713,7 +11713,7 @@ myquery(rc); bzero((char*) my_bind, sizeof(my_bind)); for (i= 0; i < 2; i++) { - sprintf((char *)&parms[i], "%d", i); + snprintf((char *)&parms[i], sizeof(parms[i]), "%d", i); my_bind[i].buffer_type = MYSQL_TYPE_VAR_STRING; my_bind[i].buffer = (char *)&parms[i]; my_bind[i].buffer_length = 100; @@ -12068,7 +12068,7 @@ for (stmt= stmt_list; stmt != stmt_list + NUM_OF_USED_STMT; ++stmt) { - sprintf(buff, "select %d", (int) (stmt - stmt_list)); + snprintf(buff, sizeof(buff), "select %d", (int) (stmt - stmt_list)); *stmt= mysql_stmt_init(mysql); rc= mysql_stmt_prepare(*stmt, buff, strlen(buff)); check_execute(*stmt, rc); @@ -12100,6 +12100,8 @@ MYSQL_BIND *my_bind; char *query; char *param_str; + size_t param_str_size; + size_t query_size; int param_str_length; const char *stmt_text; int rc; @@ -12196,9 +12198,11 @@ myquery(rc); my_bind= (MYSQL_BIND*) malloc(MAX_PARAM_COUNT * sizeof(MYSQL_BIND)); - query= (char*) malloc(strlen(query_template) + - MAX_PARAM_COUNT * CHARS_PER_PARAM + 1); - param_str= (char*) malloc(COLUMN_COUNT * CHARS_PER_PARAM); + query_size= strlen(query_template) + + MAX_PARAM_COUNT * CHARS_PER_PARAM + 1; + query= (char*) malloc(query_size); + param_str_size= COLUMN_COUNT * CHARS_PER_PARAM; + param_str= (char*) malloc(param_str_size); if (my_bind == 0 || query == 0 || param_str == 0) { @@ -12215,7 +12219,7 @@ stmt= mysql_stmt_init(mysql); /* setup a template for one row of parameters */ - sprintf(param_str, "("); + snprintf(param_str, param_str_size, "("); for (i= 1; i < COLUMN_COUNT; ++i) strcat(param_str, "?, "); strcat(param_str, "?)"); @@ -12239,7 +12243,7 @@ { char *query_ptr; /* Create statement text for current number of rows */ - sprintf(query, query_template, param_str); + snprintf(query, query_size, query_template, param_str); query_ptr= query + strlen(query); for (i= 1; i < nrows; ++i) { @@ -13744,7 +13748,7 @@ /* No escaping should have actually happened. */ DIE_UNLESS(memcmp(out, TEST_BUG8378_OUT, len) == 0); - sprintf(buf, "SELECT '%s'", out); + snprintf(buf, sizeof(buf), "SELECT '%s'", out); rc=mysql_real_query(lmysql, buf, strlen(buf)); myquery(rc); @@ -14435,8 +14439,8 @@ for (i= 0; i < 42; i++) { id_val= (i+1)*10; - sprintf(a, "a%d", i); - a_len= strlen(a); /* safety against broken sprintf */ + snprintf(a, sizeof(a), "a%d", i); + a_len= strlen(a); /* safety against broken snprintf */ rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); } @@ -14798,7 +14802,7 @@ for (; i < 42; ++i) { char buf[100]; - sprintf(buf, "insert into t1 (id) values (%d)", i+1); + snprintf(buf, sizeof(buf), "insert into t1 (id) values (%d)", i+1); rc= mysql_query(mysql, buf); myquery(rc); } @@ -16767,24 +16771,24 @@ mytest(result); mysql_free_result(result); - sprintf(query, "DROP FUNCTION IF EXISTS %s", (char*) utf8_func); + snprintf(query, sizeof(query), "DROP FUNCTION IF EXISTS %s", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); - sprintf(query, + snprintf(query, sizeof(query), "CREATE FUNCTION %s( %s VARCHAR(25))" " RETURNS VARCHAR(25) DETERMINISTIC RETURN %s", (char*) utf8_func, (char*) utf8_param, (char*) utf8_param); rc= mysql_query(mysql, query); myquery(rc); - sprintf(query, "SELECT %s(VERSION())", (char*) utf8_func); + snprintf(query, sizeof(query), "SELECT %s(VERSION())", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); result= mysql_store_result(mysql); mytest(result); mysql_free_result(result); - sprintf(query, "DROP FUNCTION %s", (char*) utf8_func); + snprintf(query, sizeof(query), "DROP FUNCTION %s", (char*) utf8_func); rc= mysql_query(mysql, query); myquery(rc); @@ -16869,18 +16873,18 @@ myheader("test_change_user"); /* Prepare environment */ - sprintf(buff, "drop database if exists %s", db); + snprintf(buff, sizeof(buff), "drop database if exists %s", db); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "create database %s", db); + snprintf(buff, sizeof(buff), "create database %s", db); rc= mysql_query(mysql, buff); myquery(rc); rc= mysql_query(mysql, "SET SQL_MODE=''"); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'%%' identified by '%s'", db, user_pw, @@ -16888,7 +16892,7 @@ rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'localhost' identified by '%s'", db, user_pw, @@ -16896,14 +16900,14 @@ rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'%%'", db, user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, + snprintf(buff, sizeof(buff), "grant select on %s.* to %s@'localhost'", db, user_no_pw); @@ -17092,23 +17096,23 @@ mysql_close(conn); - sprintf(buff, "drop database %s", db); + snprintf(buff, sizeof(buff), "drop database %s", db); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'%%'", user_pw); + snprintf(buff, sizeof(buff), "drop user %s@'%%'", user_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'%%'", user_no_pw); + snprintf(buff, sizeof(buff), "drop user %s@'%%'", user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'localhost'", user_pw); + snprintf(buff, sizeof(buff), "drop user %s@'localhost'", user_pw); rc= mysql_query(mysql, buff); myquery(rc); - sprintf(buff, "drop user %s@'localhost'", user_no_pw); + snprintf(buff, sizeof(buff), "drop user %s@'localhost'", user_no_pw); rc= mysql_query(mysql, buff); myquery(rc); @@ -18005,7 +18009,7 @@ /* now, execute the prepared statement to insert 10 records.. */ for (tiny_data= 0; tiny_data < 10; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -18028,7 +18032,7 @@ for (tiny_data= 50; tiny_data < 60; tiny_data++) { - length[1]= sprintf(str_data, "MySQL%d", int_data); + length[1]= snprintf(str_data, sizeof(str_data), "MySQL%d", int_data); rc= mysql_stmt_execute(stmt); check_execute(stmt, rc); int_data += 25; @@ -20030,7 +20034,7 @@ check_stmt(stmt2); thread_id= mysql_thread_id(conn); - sprintf(query, "KILL %lu", thread_id); + snprintf(query, sizeof(query), "KILL %lu", thread_id); if (thread_query(query)) exit(1); @@ -20568,19 +20572,19 @@ MYSQL_RES *result; int family = (strchr(ipaddr,':') == NULL)?AF_INET:AF_INET6; char query[256]; - char text_header[256]; + char text_header[256], bad_text_header[256]; char addr_bin[16]; - v2_proxy_header v2_header; - void *header_data[2]; - size_t header_lengths[2]; - int i; + v2_proxy_header v2_header, bad_v2_header; + void *header_data[4]; + size_t header_lengths[4]; + size_t i; // normalize IPv4-mapped IPv6 addresses, e.g ::ffff:127.0.0.2 to 127.0.0.2 const char *normalized_addr= strncmp(ipaddr, "::ffff:", 7)?ipaddr : ipaddr + 7; myheader("test_proxy_header_tcp"); memset(&v2_header, 0, sizeof(v2_header)); - sprintf(text_header,"PROXY %s %s %s %d 3306\r\n",family == AF_INET?"TCP4":"TCP6", ipaddr, ipaddr, port); + snprintf(text_header, sizeof(text_header), "PROXY %s %s %s %d 3306\r\n",family == AF_INET?"TCP4":"TCP6", ipaddr, ipaddr, port); inet_pton(family,ipaddr,addr_bin); @@ -20605,15 +20609,25 @@ memcpy(v2_header.addr.ip6.dst_addr,addr_bin, sizeof (v2_header.addr.ip6.dst_addr)); } - sprintf(query,"CREATE USER 'u'@'%s' IDENTIFIED BY 'password'",normalized_addr); + snprintf(query, sizeof(query), "CREATE USER 'u'@'%s' IDENTIFIED BY 'password'",normalized_addr); rc= mysql_query(mysql, query); myquery(rc); header_data[0]= text_header; header_data[1]= &v2_header; + header_data[2]= bad_text_header; + header_data[3]= &bad_v2_header; header_lengths[0]= strlen(text_header); header_lengths[1]= family == AF_INET ? 28 : 52; + header_lengths[2]= sizeof(text_header)-4; + header_lengths[3]= header_lengths[1]; + + memset(bad_text_header, ' ', sizeof(bad_text_header)); + memcpy(bad_text_header, text_header, header_lengths[1]-6); + + bad_v2_header= v2_header; + bad_v2_header.len= 0; for (i = 0; i < 2; i++) { @@ -20624,9 +20638,8 @@ DIE_UNLESS(m); mysql_optionsv(m, MARIADB_OPT_PROXY_HEADER, header_data[i], header_lengths[i]); if (!mysql_real_connect(m, opt_host, "u", "password", NULL, opt_port, opt_unix_socket, 0)) - { - DIE_UNLESS(0); - } + DIE(0); + rc= mysql_query(m, "select host from information_schema.processlist WHERE ID = connection_id()"); myquery(rc); /* get the result */ @@ -20643,9 +20656,24 @@ /* do "dirty" close, to get aborted message in error log.*/ mariadb_cancel(m); } + + mysql_close(m); + } + for (; i < array_elements(header_data); i++) + { + MYSQL *m; + m = mysql_client_init(NULL); + DIE_UNLESS(m); + mysql_optionsv(m, MARIADB_OPT_PROXY_HEADER, header_data[i], header_lengths[i]); + if (mysql_real_connect(m, opt_host, "u", "password", NULL, opt_port, opt_unix_socket, 0)) + DIE(0); + printf("pass %zu error %i - %s\n", i, mysql_errno(m), + mysql_error(m)); + DIE_IF(i == 2 && mysql_errno(m) != ER_UNKNOWN_ERROR); + DIE_IF(i == 3 && mysql_errno(m) != ER_UNKNOWN_ERROR); mysql_close(m); } - sprintf(query,"DROP USER 'u'@'%s'",normalized_addr); + snprintf(query, sizeof(query), "DROP USER 'u'@'%s'",normalized_addr); rc = mysql_query(mysql, query); myquery(rc); } @@ -20722,6 +20750,32 @@ myquery(rc); } +static void test_proxy_header_limits() +{ + MYSQL *m; + char text_header[256]; + const char *prefix = "PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678"; + size_t prefix_len; + + myheader("test_proxy_header_limits"); + + /* Test maximum length PROXY header (256 bytes) to ensure no overflow */ + memset(text_header, ' ', sizeof(text_header)); + + prefix_len = strlen(prefix); + + memcpy(text_header, prefix, prefix_len); + text_header[sizeof(text_header) - 1] = '\n'; + + m = mysql_client_init(NULL); + DIE_UNLESS(m); + + mysql_optionsv(m, MARIADB_OPT_PROXY_HEADER, text_header, sizeof(text_header)); + + DIE_UNLESS(mysql_real_connect(m, opt_host, "root", "", NULL, opt_port, opt_unix_socket, 0) == NULL); + mysql_close(m); +} + static void test_proxy_header() { @@ -20731,6 +20785,7 @@ test_proxy_header_tcp("::ffff:192.0.2.1",2222); test_proxy_header_localhost(); test_proxy_header_ignore(); + test_proxy_header_limits(); } @@ -22787,6 +22842,112 @@ rc= mysql_query(mysql, "DROP TABLE t1"); myquery(rc); } + +static void run_tests_36678( + const char *test, + const char *table_stmt, + const char *insert_stmt, + const char *view_stmt, + const char *proc_stmt, + const char *call_stmt) +{ + MYSQL_STMT *stmt; + MYSQL_BIND bind; + int rc; + + myheader(test); + + if ((table_stmt && table_stmt[0] != '\0' && + (rc= mysql_query_or_error(mysql, table_stmt)))) + DIE("Table creation failed"); + + if ((insert_stmt && insert_stmt[0] != '\0' && + (rc= mysql_query_or_error(mysql, insert_stmt)))) + DIE("Table insertion failed"); + + if ((rc= mysql_query_or_error(mysql, view_stmt)) || + (rc= mysql_query_or_error(mysql, proc_stmt))) + DIE("View/Proc creation failed"); + + stmt= mysql_stmt_init(mysql); + rc= mysql_stmt_prepare(stmt, call_stmt, strlen(call_stmt)); + DIE_UNLESS(rc == 0); + + memset(&bind, 0, sizeof bind); + rc= mysql_stmt_execute(stmt); + DIE_UNLESS(rc == 0); + + mysql_stmt_close(stmt); + DIE_UNLESS(mysql_query_or_error(mysql, "DROP PROCEDURE proc") == 0); + DIE_UNLESS(mysql_query_or_error(mysql, "DROP VIEW v") == 0); + if (table_stmt && table_stmt[0] != '\0') + DIE_UNLESS(mysql_query_or_error(mysql, "DROP TABLE t") == 0); +} + +static void test_mdev_36678() +{ + const char *proc_stmt1= "CREATE OR REPLACE PROCEDURE proc(IN i VARCHAR(1)) \ + SELECT * FROM v v WHERE CASE WHEN i THEN v.l LIKE CONCAT ('',i) END;"; + const char *proc_stmt2= "CREATE OR REPLACE PROCEDURE proc(IN `IN_listc2` VARCHAR(1000), IN `IN_limitfrom` INT, IN `IN_limitto` INT) \ + BEGIN \ + SELECT * \ + FROM \ + v `t` \ + WHERE \ + CASE WHEN IN_listc2 IS NOT NULL THEN `t`.`listc2` LIKE CONCAT(\"%\", IN_listc2, \"%\") ELSE TRUE END \ + LIMIT \ + IN_limitfrom, \ + IN_limitto; \ + END;"; + + const char *table_stmt1= "CREATE OR REPLACE TABLE t (c INT) ENGINE=MyISAM;"; + const char *table_stmt2= "CREATE OR REPLACE TABLE t (c INT) ENGINE=InnoDB;"; + const char *table_stmt3= "create or replace table t \ + ( id int auto_increment primary key, col1 int, col2 int, col3 int);"; + + const char *insert_stmt1= "insert into t select null, round(rand()*100), \ + round(rand()*100), round(rand()*100) from seq_1_to_100;"; + + const char *view_stmt1= "CREATE OR REPLACE VIEW v \ + AS SELECT GROUP_CONCAT('', '') AS l FROM (SELECT 1) AS a;"; + const char *view_stmt2= "CREATE OR REPLACE VIEW v \ + AS SELECT GROUP_CONCAT('', '') AS l FROM t;"; + const char *view_stmt3= "create or replace view v as \ + select col1 as taskcid, sum(col3) as suc3, \ + group_concat('-',case when `col3` is not null then `col2` else '' end,'-' separator ',') AS `listc2` \ + from t \ + group by col1;"; + + const char *view_stmt11= "CREATE OR REPLACE VIEW v \ + AS SELECT CONCAT('', '') AS l FROM (SELECT 1) AS a;"; + const char *view_stmt21= "CREATE OR REPLACE VIEW v \ + AS SELECT CONCAT('', '') AS l FROM t;"; + const char *view_stmt31= "create or replace view v as \ + select col1 as taskcid, col3 as suc3, \ + CONCAT('-', CASE WHEN col3 IS NOT NULL THEN col2 ELSE '' END, '-') AS `listc2` \ + from t;"; + + run_tests_36678("View with GROUP_CONCAT created from derived table-", + "", "", view_stmt1, proc_stmt1, "call proc(0)"); + run_tests_36678("View with CONCAT created from derived table-", + "", "", view_stmt11, proc_stmt1, "call proc(0)"); + + run_tests_36678("View with GROUP_CONCAT created from MyISAM table-", + table_stmt1, "", view_stmt2, proc_stmt1, "call proc(0)"); + run_tests_36678("View with CONCAT created from MyISAM table-", + table_stmt1, "", view_stmt21, proc_stmt1, "call proc(0)"); + + run_tests_36678("View with GROUP_CONCAT created from InnoDB table-", + table_stmt2, "", view_stmt2, proc_stmt1, "call proc(0)"); + run_tests_36678("View with CONCAT created from InnoDB table-", + table_stmt2, "", view_stmt21, proc_stmt1, "call proc(0)"); + + run_tests_36678("View with GROUP_CONCAT created from table with data-", + table_stmt3, insert_stmt1, view_stmt3, proc_stmt2, "call proc(null, 0, 25)"); + run_tests_36678("View with CONCAT created from table with data-", + table_stmt3, insert_stmt1, view_stmt31, proc_stmt2, "call proc(null, 0, 25)"); +} + #endif // EMBEDDED_LIBRARY /* @@ -23526,6 +23687,7 @@ { "test_mdev_34718_ad", test_mdev_34718_ad }, { "test_mdev_34958", test_mdev_34958 }, { "test_mdev_32086", test_mdev_32086 }, + { "test_mdev_36678", test_mdev_36678 }, #endif { "test_mdev_10075", test_mdev_10075}, #ifndef EMBEDDED_LIBRARY diff -Nru mariadb-11.8.6/tests/select_test.c mariadb-11.8.8/tests/select_test.c --- mariadb-11.8.6/tests/select_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/tests/select_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -50,7 +50,7 @@ num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff -Nru mariadb-11.8.6/tests/showdb_test.c mariadb-11.8.8/tests/showdb_test.c --- mariadb-11.8.6/tests/showdb_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/tests/showdb_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -51,7 +51,7 @@ num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(!(res=mysql_list_dbs(sock,NULL))) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff -Nru mariadb-11.8.6/tests/ssl_test.c mariadb-11.8.8/tests/ssl_test.c --- mariadb-11.8.6/tests/ssl_test.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/tests/ssl_test.c 2026-05-24 09:58:33.000000000 +0000 @@ -56,7 +56,7 @@ num = atoi(argv[2]); while (count < num) { - sprintf(qbuf,SELECT_QUERY,count); + snprintf(qbuf,sizeof(qbuf),SELECT_QUERY,count); if(mysql_query(sock,qbuf)) { fprintf(stderr,"Query failed (%s)\n",mysql_error(sock)); diff -Nru mariadb-11.8.6/unittest/json_lib/json_lib-t.c mariadb-11.8.8/unittest/json_lib/json_lib-t.c --- mariadb-11.8.6/unittest/json_lib/json_lib-t.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/json_lib/json_lib-t.c 2026-05-24 09:58:33.000000000 +0000 @@ -140,7 +140,7 @@ json_path_t p; json_path_step_t *cur_step; int n_matches, scal_values; - int array_counters[JSON_DEPTH_LIMIT]; + int array_counters[JSON_DEPTH_LIMIT]= {0}; if (json_scan_start(&je, ci, s_e(fj0)) || json_path_setup(&p, ci, s_e(fp0))) diff -Nru mariadb-11.8.6/unittest/mysys/CMakeLists.txt mariadb-11.8.8/unittest/mysys/CMakeLists.txt --- mariadb-11.8.6/unittest/mysys/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/mysys/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -26,6 +26,7 @@ my_malloc my_rdtsc my_tzinfo + my_symlink queues stack_allocation stacktrace diff -Nru mariadb-11.8.6/unittest/mysys/base64-t.c mariadb-11.8.8/unittest/mysys/base64-t.c --- mariadb-11.8.6/unittest/mysys/base64-t.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/mysys/base64-t.c 2026-05-24 09:58:33.000000000 +0000 @@ -71,19 +71,19 @@ diag(" --------- src --------- --------- dst ---------"); for (k= 0; k +#include + +#include +#include +#include +#include +#ifdef HAVE_UNISTD_H +#include +#endif + +#include "tap.h" + +static void test_my_realpath() +{ +#ifndef HAVE_REALPATH + skip(2, "realpath not supported"); + return; +#else + char cwd[PATH_MAX]; + char *resolved_cwd; + char result[FN_REFLEN]; + char link_name[64] = {0}; + int errcode; + if (getcwd(cwd, sizeof(cwd)) == NULL) + { + diag("getcwd() failed: %s", strerror(errno)); + skip(2, "getcwd() failed"); + return; + } + + resolved_cwd= realpath(cwd, NULL); + if (!resolved_cwd) + { + diag("realpath() failed: %s", strerror(errno)); + skip(2, "realpath() failed"); + return; + } + + /* Call my_realpath with empty string in current working directory, + expecting resolved abolute path to that directory */ + errcode= my_realpath(result, "", MYF(0)); + ok(errcode == 0, "my_realpath returned error code: %d", errcode); + ok(!strcmp(result, resolved_cwd), + "Output of my_realpath: %s, expected: %s", + result, resolved_cwd); + /* Creae a symlink, chdir to it and resolve empty string */ + + /* Generate a unique name for the symlink */ + srand(time(NULL)); + snprintf(link_name, sizeof(link_name), "my_link_%d.%06d", getpid(), rand() % 1000000); + if (symlink(cwd, link_name) != 0) + { + diag("symlink() failed: %s", strerror(errno)); + skip(1, "symlink() failed"); + goto cwd_cleanup; + } + if (chdir(link_name) != 0) + { + diag("chdir() failed: %s", strerror(errno)); + skip(1, "chdir() failed"); + goto link_cleanup; + } + errcode= my_realpath(result, "", MYF(0)); + ok(errcode == 0, "my_realpath returned error code: %d", errcode); + ok(!strcmp(result, resolved_cwd), + "Output of my_realpath: %s, expected: %s", + result, resolved_cwd); +link_cleanup: + unlink(link_name); +cwd_cleanup: + free(resolved_cwd); +#endif +} + +int main(int argc __attribute__((unused)),char *argv[]) +{ + MY_INIT(argv[0]); + plan(4); + + test_my_realpath(); + + my_end(0); + return exit_status(); +} diff -Nru mariadb-11.8.6/unittest/mytap/tap.c mariadb-11.8.8/unittest/mytap/tap.c --- mariadb-11.8.6/unittest/mytap/tap.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/mytap/tap.c 2026-05-24 09:58:33.000000000 +0000 @@ -29,8 +29,9 @@ #include static ulong start_timer(void); -static void end_timer(ulong start_time,char *buff); -static void nice_time(double sec,char *buff,my_bool part_second); +static void end_timer(ulong start_time, char *buff, size_t buff_size); +static void nice_time(double sec,char *buff, size_t buff_size, + my_bool part_second); /* Visual Studio 2003 does not know vsnprintf but knows _vsnprintf. @@ -337,7 +338,7 @@ } if (start_time) { - end_timer(start_time, buff); + end_timer(start_time, buff, sizeof(buff)); printf("Test took %s\n", buff); fflush(stdout); } @@ -373,38 +374,44 @@ len("4294967296 days, 23 hours, 59 minutes, 60.00 seconds") -> 52 */ -static void nice_time(double sec,char *buff, my_bool part_second) +static void nice_time(double sec,char *buff, size_t buff_size, + my_bool part_second) { ulong tmp; + char *end= buff + buff_size; + int len; if (sec >= 3600.0*24) { tmp=(ulong) (sec/(3600.0*24)); sec-=3600.0*24*tmp; - buff+= sprintf(buff, "%ld %s", tmp, tmp > 1 ? " days " : " day "); + len= snprintf(buff, end - buff, "%ld %s", tmp, tmp > 1 ? " days " : " day "); + buff+= len; } if (sec >= 3600.0) { tmp=(ulong) (sec/3600.0); sec-=3600.0*tmp; - buff+= sprintf(buff, "%ld %s", tmp, tmp > 1 ? " hours " : " hour "); + len= snprintf(buff, end - buff, "%ld %s", tmp, tmp > 1 ? " hours " : " hour "); + buff+= len; } if (sec >= 60.0) { tmp=(ulong) (sec/60.0); sec-=60.0*tmp; - buff+= sprintf(buff, "%ld min ", tmp); + len= snprintf(buff, end - buff, "%ld min ", tmp); + buff+= len; } if (part_second) - sprintf(buff,"%.2f sec",sec); + snprintf(buff, end - buff, "%.2f sec",sec); else - sprintf(buff,"%d sec",(int) sec); + snprintf(buff, end - buff, "%d sec",(int) sec); } -static void end_timer(ulong start_time,char *buff) +static void end_timer(ulong start_time, char *buff, size_t buff_size) { nice_time((double) (start_timer() - start_time) / - CLOCKS_PER_SEC,buff,1); + CLOCKS_PER_SEC, buff, buff_size, 1); } diff -Nru mariadb-11.8.6/unittest/sql/my_json_writer-t.cc mariadb-11.8.8/unittest/sql/my_json_writer-t.cc --- mariadb-11.8.6/unittest/sql/my_json_writer-t.cc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/sql/my_json_writer-t.cc 2026-05-24 09:58:33.000000000 +0000 @@ -21,8 +21,7 @@ #include /* - Unit tests for class Json_writer. At the moment there are only tests for the - "Fail an assertion if one attempts to produce invalid JSON" feature. + Unit tests for class Json_writer. */ struct TABLE; @@ -52,11 +51,50 @@ #include "../sql/my_json_writer.h" #include "../sql/my_json_writer.cc" +static bool json_output_eq(Json_writer &w, const char *expected) +{ + const String *s= w.output.get_string(); + size_t exp_len= strlen(expected); + if (s->length() == exp_len && memcmp(s->ptr(), expected, exp_len) == 0) + return true; + diag(" Expected (%d bytes): [%s]", (int) exp_len, expected); + diag(" Actual (%d bytes): [%.*s]", + (int) s->length(), (int) s->length(), s->ptr()); + return false; +} + +static bool json_output_eq_len(Json_writer &w, + const char *expected, + size_t expected_len) +{ + const String *s= w.output.get_string(); + if (s->length() == expected_len && + memcmp(s->ptr(), expected, expected_len) == 0) + return true; + + diag(" Expected length: %d bytes", (int) expected_len); + diag(" Actual length : %d bytes", (int) s->length()); + + size_t common_len= s->length() < expected_len ? s->length() : expected_len; + for (size_t i= 0; i < common_len; i++) + { + uchar actual= (uchar) s->ptr()[i]; + uchar exp= (uchar) expected[i]; + if (actual != exp) + { + diag(" First mismatch at byte %d: expected 0x%02x, actual 0x%02x", + (int) i, (uint) exp, (uint) actual); + break; + } + } + return false; +} + int main(int args, char **argv) { MY_INIT(argv[0]); - plan(NO_PLAN); + plan(130); diag("Testing Json_writer checks"); { @@ -127,18 +165,905 @@ { Json_writer w; w.start_object(); - w.add_member("name").add_ll(1); + w.add_member("name").start_object(); w.add_member("name").add_ll(2); w.end_object(); - ok(w.invalid_json, "JSON object member name collision"); + w.end_object(); + ok(!w.invalid_json, "Valid JSON: nested object member name is the same"); + ok(json_output_eq(w, + "{\n" + " \"name\": {\n" + " \"name\": 2\n" + " }\n" + "}"), + "Nested same-name key output"); } + diag("Testing Json_writer output"); + { Json_writer w; w.start_object(); - w.add_member("name").start_object(); + w.end_object(); + ok(json_output_eq(w, "{}"), "Empty object"); + ok(!w.invalid_json, "Empty object is valid"); + } + + { + Json_writer w; + w.start_array(); + w.end_array(); + ok(json_output_eq(w, "[]"), "Empty array"); + ok(!w.invalid_json, "Empty array is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("key").add_str("hello"); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"key\": \"hello\"\n" + "}"), + "String value"); + ok(!w.invalid_json, "String value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("s").add_str(""); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"s\": \"\"\n" + "}"), + "Empty string value"); + ok(!w.invalid_json, "Empty string value is valid"); + } + + /* add_str does not escape: special chars are passed through verbatim */ + { + Json_writer w; + w.start_object(); + w.add_member("s").add_str("with\"quote"); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"s\": \"with\"quote\"\n" + "}"), + "String with embedded quote (no escaping)"); + ok(!w.invalid_json, + "String with embedded quote remains valid for this writer"); + } + + { + Json_writer w; + String latin1_str("\xe9\xf6\xfc", 3, &my_charset_latin1); + w.start_object(); + w.add_member("s").add_str(latin1_str); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"s\": \"\xe9\xf6\xfc\"\n" + "}"), + "Latin-1 encoded string bytes pass through unchanged"); + ok(!w.invalid_json, + "Latin-1 encoded string bytes pass through unchanged and stay valid"); + } + + { + Json_writer w; + /* 4-byte UTF-8 sequence (U+1F600) */ + String utf8mb4_str("\xf0\x9f\x98\x80", 4, &my_charset_utf8mb4_general_ci); + w.start_object(); + w.add_member("s").add_str(utf8mb4_str); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"s\": \"\xf0\x9f\x98\x80\"\n" + "}"), + "UTF-8 mb4 encoded string bytes pass through unchanged"); + ok(!w.invalid_json, + "UTF-8 mb4 encoded string bytes pass through unchanged and stay valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("num").add_ll(42); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"num\": 42\n" + "}"), + "Positive longlong value"); + ok(!w.invalid_json, "Positive longlong value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("num").add_ll(-100); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"num\": -100\n" + "}"), + "Negative longlong value"); + ok(!w.invalid_json, "Negative longlong value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("num").add_ll(LLONG_MAX); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"num\": 9223372036854775807\n" + "}"), + "LLONG_MAX"); + ok(!w.invalid_json, "LLONG_MAX is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("num").add_ll(LLONG_MIN); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"num\": -9223372036854775808\n" + "}"), + "LLONG_MIN"); + ok(!w.invalid_json, "LLONG_MIN is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("num").add_ull(ULLONG_MAX); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"num\": 18446744073709551615\n" + "}"), + "ULLONG_MAX"); + ok(!w.invalid_json, "ULLONG_MAX is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("flag").add_bool(true); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"flag\": true\n" + "}"), + "Bool true"); + ok(!w.invalid_json, "Bool true is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("val").add_null(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"val\": null\n" + "}"), + "Null value"); + ok(!w.invalid_json, "Null value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("pi").add_double(3.14); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"pi\": 3.14\n" + "}"), + "Double value"); + ok(!w.invalid_json, "Double value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("d").add_double(0.0); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"d\": 0\n" + "}"), + "Double zero"); + ok(!w.invalid_json, "Double zero is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("d").add_double(-0.0); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"d\": 0\n" /* the sign was removed in the fix of MDEV-38670 */ + "}"), + "Double negative zero"); + ok(!w.invalid_json, "Double negative zero is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("d").add_double(1e-10); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"d\": 1e-10\n" + "}"), + "Double very small value"); + ok(!w.invalid_json, "Double very small value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("d").add_double(1e+15); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"d\": 1e15\n" + "}"), + "Double very large value"); + ok(!w.invalid_json, "Double very large value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("a").add_str("hello"); + w.add_member("b").add_ll(42); + w.add_member("c").add_bool(true); + w.add_member("d").add_null(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"a\": \"hello\",\n" + " \"b\": 42,\n" + " \"c\": true,\n" + " \"d\": null\n" + "}"), + "Object with multiple typed members"); + ok(!w.invalid_json, "Multiple members is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("key with spaces").add_ll(1); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"key with spaces\": 1\n" + "}"), + "Key with spaces"); + ok(!w.invalid_json, "Key with spaces is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("cl\xe9").add_ll(1); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"cl\xe9\": 1\n" + "}"), + "Key with Latin-1 byte"); + ok(!w.invalid_json, "Key with Latin-1 byte is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("has\"quote").add_ll(1); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"has\"quote\": 1\n" + "}"), + "Key with embedded quote (no escaping)"); + ok(!w.invalid_json, + "Key with embedded quote remains valid for this writer"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("").add_ll(1); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"\": 1\n" + "}"), + "Empty key name"); + ok(!w.invalid_json, "Empty key name is valid"); + } + + { + Json_writer w; + const char key[]= "prefix"; + w.start_object(); + w.add_member(key, 3).add_ll(7); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"pre\": 7\n" + "}"), + "add_member(name, len) uses explicit key length"); + ok(!w.invalid_json, "add_member(name, len) remains valid"); + } + + { + Json_writer w; + const char key_with_nul[]= { 'k', '\0', 'y' }; + const char expected[]= + "{\n" + " \"k\0y\": 1\n" + "}"; + w.start_object(); + w.add_member(key_with_nul, sizeof(key_with_nul)).add_ll(1); + w.end_object(); + ok(json_output_eq_len(w, expected, sizeof(expected) - 1), + "add_member(name, len) preserves embedded NUL in key"); + ok(!w.invalid_json, "Embedded-NUL key does not mark writer invalid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("name").add_ll(1); w.add_member("name").add_ll(2); - ok(!w.invalid_json, "Valid JSON: nested object member name is the same"); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"name\": 1,\n" + " \"name\": 2\n" + "}"), + "Duplicate key output"); + ok(w.invalid_json, "Duplicate key is invalid JSON"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("arr"); + w.start_array(); + w.add_str("a"); + w.add_str("b"); + w.add_str("c"); + w.end_array(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"arr\": [\"a\", \"b\", \"c\"]\n" + "}"), + "Named string array: single-line format"); + ok(!w.invalid_json, "Named string array is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("one"); + w.start_array(); + w.add_str("only"); + w.end_array(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"one\": [\"only\"]\n" + "}"), + "Named array with single element"); + ok(!w.invalid_json, "Named array with single element is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("empty"); + w.start_array(); + w.end_array(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"empty\": []\n" + "}"), + "Empty named array"); + ok(!w.invalid_json, "Empty named array is valid"); + } + + { + Json_writer w; + const char value_with_nul[]= { 'a', '\0', 'b' }; + const char expected[]= + "{\n" + " \"arr\": [\n" + " \"a\0b\"\n" + " ]\n" + "}"; + w.start_object(); + w.add_member("arr"); + w.start_array(); + w.add_str(value_with_nul, sizeof(value_with_nul)); + w.end_array(); + w.end_object(); + ok(json_output_eq_len(w, expected, sizeof(expected) - 1), + "Named array element with embedded NUL is preserved"); + ok(!w.invalid_json, "Embedded-NUL array element keeps writer valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("arr"); + w.start_array(); + w.add_str("first"); + w.start_object(); + w.add_member("k").add_ll(1); + w.end_object(); + w.end_array(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"arr\": [\n" + " \"first\",\n" + " {\n" + " \"k\": 1\n" + " }\n" + " ]\n" + "}"), + "Single-line helper flushes buffered values before nested object"); + ok(!w.invalid_json, "Nested object in named array stays valid"); + } + + { + Json_writer w; + char long_val[91]; + memset(long_val, 'b', 90); + long_val[90]= 0; + w.start_object(); + w.add_member("arr"); + w.start_array(); + w.add_str("a"); + w.add_str(long_val); + w.end_array(); + w.end_object(); + + String expected; + expected.append(STRING_WITH_LEN("{\n" + " \"arr\": [\n" + " \"a\",\n" + " \"")); + expected.append(long_val, 90); + expected.append(STRING_WITH_LEN("\"\n" + " ]\n" + "}")); + ok(json_output_eq_len(w, expected.ptr(), expected.length()), + "Single-line helper falls back when line length exceeds threshold"); + ok(!w.invalid_json, "Long element fallback output stays valid"); + } + + { + Json_writer w; + w.start_array(); + w.add_str("x"); + w.add_str("y"); + w.end_array(); + ok(json_output_eq(w, + "[\n" + " \"x\",\n" + " \"y\"\n" + "]"), + "Root array: multi-line format"); + ok(!w.invalid_json, "Root array is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("outer").start_object(); + w.add_member("inner").add_str("val"); + w.end_object(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"outer\": {\n" + " \"inner\": \"val\"\n" + " }\n" + "}"), + "Nested objects"); + ok(!w.invalid_json, "Nested objects valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("items"); + w.start_array(); + w.start_object(); + w.add_member("x").add_ll(10); + w.end_object(); + w.start_object(); + w.add_member("x").add_ll(20); + w.end_object(); + w.end_array(); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"items\": [\n" + " {\n" + " \"x\": 10\n" + " },\n" + " {\n" + " \"x\": 20\n" + " }\n" + " ]\n" + "}"), + "Object with array of objects"); + ok(!w.invalid_json, "Object with array of objects valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("name").add_str("test"); + w.add_member("enabled").add_bool(true); + w.add_member("config").start_object(); + w.add_member("timeout").add_ll(30); + w.add_member("tags"); + w.start_array(); + w.add_str("fast"); + w.add_str("reliable"); + w.end_array(); + w.end_object(); + w.add_member("count").add_ll(0); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"name\": \"test\",\n" + " \"enabled\": true,\n" + " \"config\": {\n" + " \"timeout\": 30,\n" + " \"tags\": [\"fast\", \"reliable\"]\n" + " },\n" + " \"count\": 0\n" + "}"), + "Complex mixed structure"); + ok(!w.invalid_json, "Complex structure valid"); + } + + diag("Testing RAII wrappers"); + + { + Json_writer w; + { + Json_writer_object obj(&w); + w.add_member("key").add_str("val"); + } + ok(json_output_eq(w, + "{\n" + " \"key\": \"val\"\n" + "}"), + "Json_writer_object auto-closes on destruction"); + ok(!w.invalid_json, "RAII object valid"); + } + + { + Json_writer w; + { + Json_writer_object obj(&w); + obj.add("name", "test"); + obj.add("count", (longlong) 7); + obj.add("flag", true); + } + ok(json_output_eq(w, + "{\n" + " \"name\": \"test\",\n" + " \"count\": 7,\n" + " \"flag\": true\n" + "}"), + "Json_writer_object fluent add()"); + ok(!w.invalid_json, "Fluent add valid"); + } + + { + Json_writer w; + { + Json_writer_object obj(&w); + obj.add("u", (ulonglong) ULLONG_MAX); + } + ok(json_output_eq(w, + "{\n" + " \"u\": 18446744073709551615\n" + "}"), + "Json_writer_object add(ulonglong) preserves unsigned range"); + ok(!w.invalid_json, "Json_writer_object add(ulonglong) stays valid"); + } + + { + Json_writer w; + Json_writer_object obj(&w); + obj.add("a", (longlong) 1); + obj.end(); + ok(json_output_eq(w, + "{\n" + " \"a\": 1\n" + "}"), + "Json_writer_object explicit end()"); + ok(!w.invalid_json, "Explicit end valid"); + } + + { + Json_writer w; + { + Json_writer_array arr(&w); + arr.add("x"); + arr.end(); + } + ok(json_output_eq(w, + "[\n" + " \"x\"\n" + "]"), + "Json_writer_array explicit end()"); + ok(!w.invalid_json, "Json_writer_array explicit end stays valid"); + } + + { + Json_writer w; + { + Json_writer_array arr(&w); + arr.add("foo"); + arr.add("bar"); + } + ok(json_output_eq(w, + "[\n" + " \"foo\",\n" + " \"bar\"\n" + "]"), + "Json_writer_array auto-closes on destruction"); + ok(!w.invalid_json, "RAII array valid"); + } + + { + Json_writer w; + { + Json_writer_array arr(&w); + arr.add((ulonglong) 42); + } + ok(json_output_eq(w, + "[\n" + " 42\n" + "]"), + "RAII array add(ulonglong) output"); + ok(!w.invalid_json, "RAII array add(ulonglong) valid"); + } + + { + Json_writer w; + { + Json_writer_object outer(&w); + outer.add("level", "outer"); + { + Json_writer_object inner(&w, "nested"); + inner.add("level", "inner"); + } + } + ok(json_output_eq(w, + "{\n" + " \"level\": \"outer\",\n" + " \"nested\": {\n" + " \"level\": \"inner\"\n" + " }\n" + "}"), + "Nested RAII Json_writer_objects"); + ok(!w.invalid_json, "Nested RAII valid"); + } + + { + Json_writer w; + { + Json_writer_object obj(&w); + obj.add("name", "test"); + { + Json_writer_array arr(&w, "values"); + arr.add("a"); + arr.add("b"); + } + } + ok(json_output_eq(w, + "{\n" + " \"name\": \"test\",\n" + " \"values\": [\"a\", \"b\"]\n" + "}"), + "RAII array inside RAII object"); + ok(!w.invalid_json, "RAII array in object valid"); + } + + { + Json_writer w; + { + Json_writer_object obj(&w); + obj.add("partial", "hello world", 5); + } + ok(json_output_eq(w, + "{\n" + " \"partial\": \"hello\"\n" + "}"), + "add(name, value, num_bytes) honors length"); + ok(!w.invalid_json, + "add(name, value, num_bytes) produces valid JSON"); + } + + diag("Testing String_with_limit"); + + { + String_with_limit sl; + sl.append("hello"); + sl.append(" world"); + ok(sl.length() == 11, "Normal append: length == 11"); + ok(sl.get_truncated_bytes() == 0, "Normal append: no truncation"); + const String *s= sl.get_string(); + ok(s->length() == 11 && memcmp(s->ptr(), "hello world", 11) == 0, + "Normal append: content correct"); + } + + { + String_with_limit sl; + sl.set_size_limit(5); + sl.append("hello world"); + ok(sl.length() == 5, "Truncation: length capped at 5"); + ok(sl.get_truncated_bytes() == 6, "Truncation: 6 bytes truncated"); + const String *s= sl.get_string(); + ok(s->length() == 5 && memcmp(s->ptr(), "hello", 5) == 0, + "Truncation: content is prefix"); + } + + { + String_with_limit sl; + sl.set_size_limit(5); + sl.append("hi"); + sl.append(" there buddy"); + ok(sl.length() == 5, "Multi-append truncation: length == 5"); + ok(sl.get_truncated_bytes() == 9, "Multi-append truncation: 9 truncated"); + const String *s= sl.get_string(); + ok(s->length() == 5 && memcmp(s->ptr(), "hi th", 5) == 0, + "Multi-append truncation: correct partial content"); + } + + { + String_with_limit sl; + sl.set_size_limit(3); + sl.append("abc"); + sl.append("def"); + ok(sl.length() == 3, "At-limit overflow: length == 3"); + ok(sl.get_truncated_bytes() == 3, "At-limit overflow: 3 truncated"); + } + + { + String_with_limit sl; + sl.set_size_limit(3); + sl.append('a'); + sl.append('b'); + sl.append('c'); + sl.append('d'); + ok(sl.length() == 3, "Char append truncation: length == 3"); + ok(sl.get_truncated_bytes() == 1, "Char append truncation: 1 truncated"); + } + + diag("Testing Json_writer size limit"); + + { + Json_writer full; + full.start_object(); + full.add_member("longkey").add_str("longvalue"); + full.end_object(); + + Json_writer limited; + limited.set_size_limit(10); + limited.start_object(); + limited.add_member("longkey").add_str("longvalue"); + limited.end_object(); + + ok(limited.output.length() == 10, "Size limit enforced on Json_writer"); + ok(limited.get_truncated_bytes() == + full.output.length() - limited.output.length(), + "Truncated byte count is exact"); + } + + diag("Testing add_size formatting"); + + { + Json_writer w; + w.start_object(); + w.add_member("size").add_size(512); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"size\": \"512\"\n" + "}"), + "add_size: bytes (< 1024)"); + ok(!w.invalid_json, "add_size: bytes (< 1024) is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("size").add_size(2048); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"size\": \"2KiB\"\n" + "}"), + "add_size: KiB value"); + ok(!w.invalid_json, "add_size: KiB value is valid"); + } + + { + Json_writer w; + w.start_object(); + w.add_member("size").add_size((longlong) 32 * 1024 * 1024); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"size\": \"32MiB\"\n" + "}"), + "add_size: MiB value"); + ok(!w.invalid_json, "add_size: MiB value is valid"); + } + + { + Json_writer w; + const longlong mb16= (longlong) 16 * 1024 * 1024; + w.start_object(); + w.add_member("below_kb").add_size(1023); + w.add_member("at_kb").add_size(1024); + w.add_member("below_16mb").add_size(mb16 - 1); + w.add_member("at_16mb").add_size(mb16); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"below_kb\": \"1023\",\n" + " \"at_kb\": \"1KiB\",\n" + " \"below_16mb\": \"16383KiB\",\n" + " \"at_16mb\": \"16MiB\"\n" + "}"), + "add_size boundary formatting"); + ok(!w.invalid_json, "add_size boundary formatting is valid"); + } + + diag("Testing add_str overloads"); + + { + Json_writer w; + String s; + s.append("hello", 5); + w.start_object(); + w.add_member("msg").add_str(s); + w.end_object(); + ok(json_output_eq(w, + "{\n" + " \"msg\": \"hello\"\n" + "}"), + "add_str with String object"); + ok(!w.invalid_json, "add_str with String object is valid"); } diag("Done"); diff -Nru mariadb-11.8.6/unittest/strings/strings-t.c mariadb-11.8.8/unittest/strings/strings-t.c --- mariadb-11.8.6/unittest/strings/strings-t.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/unittest/strings/strings-t.c 2026-05-24 09:58:33.000000000 +0000 @@ -739,7 +739,7 @@ const char *srcend= src + srclen; for (*dst= '\0' ; dst + 3 < dstend && src < srcend; ) { - sprintf(dst, "%02X", (unsigned char) src[0]); + snprintf(dst, dstend - dst, "%02X", (unsigned char) src[0]); dst+=2; src++; } diff -Nru mariadb-11.8.6/win/packaging/CMakeLists.txt mariadb-11.8.8/win/packaging/CMakeLists.txt --- mariadb-11.8.6/win/packaging/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/win/packaging/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -136,7 +136,7 @@ SET(THIRD_PARTY_FEATURE_CONDITION "") IF(WITH_THIRD_PARTY) - SET(THIRD_PARTY_DOWNLOAD_LOCATION "$ENV{TEMP}") + SET(THIRD_PARTY_DOWNLOAD_LOCATION "$ENV{TEMP}" CACHE STRING "Download location for third party") IF(THIRD_PARTY_DOWNLOAD_LOCATION) FILE(TO_CMAKE_PATH "${THIRD_PARTY_DOWNLOAD_LOCATION}" THIRD_PARTY_DOWNLOAD_LOCATION) ELSE() diff -Nru mariadb-11.8.6/win/packaging/heidisql.cmake mariadb-11.8.8/win/packaging/heidisql.cmake --- mariadb-11.8.6/win/packaging/heidisql.cmake 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/win/packaging/heidisql.cmake 2026-05-24 09:58:33.000000000 +0000 @@ -1,16 +1,15 @@ -SET(HEIDISQL_BASE_NAME "HeidiSQL_12.14_64_Portable") +SET(HEIDISQL_VERSION "12.17") +SET(HEIDISQL_BASE_NAME "HeidiSQL_${HEIDISQL_VERSION}_64_Portable") SET(HEIDISQL_ZIP "${HEIDISQL_BASE_NAME}.zip") -SET(HEIDISQL_URL "https://www.heidisql.com/downloads/releases/${HEIDISQL_ZIP}") +SET(HEIDISQL_URL "https://github.com/HeidiSQL/HeidiSQL/releases/download/${HEIDISQL_VERSION}/${HEIDISQL_ZIP}") SET(HEIDISQL_DOWNLOAD_DIR ${THIRD_PARTY_DOWNLOAD_LOCATION}/${HEIDISQL_BASE_NAME}) -IF(NOT EXISTS ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}) - MAKE_DIRECTORY(${HEIDISQL_DOWNLOAD_DIR}) - MESSAGE(STATUS "Downloading ${HEIDISQL_URL} to ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}") - FILE(DOWNLOAD ${HEIDISQL_URL} ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP} TIMEOUT 60) - EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E chdir ${HEIDISQL_DOWNLOAD_DIR} - ${CMAKE_COMMAND} -E tar xfz ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP} - ) -ENDIF() +MAKE_DIRECTORY(${HEIDISQL_DOWNLOAD_DIR}) +MESSAGE(STATUS "Downloading ${HEIDISQL_URL} to ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}") +FILE(DOWNLOAD ${HEIDISQL_URL} ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP} TIMEOUT 300 + SHOW_PROGRESS EXPECTED_HASH SHA256=d40f8c32cbbd43c17e76d95443ef275cd8571652150083b66f382ff1acf141c5) +EXECUTE_PROCESS(COMMAND ${CMAKE_COMMAND} -E chdir ${HEIDISQL_DOWNLOAD_DIR} + ${CMAKE_COMMAND} -E tar xfz ${HEIDISQL_DOWNLOAD_DIR}/${HEIDISQL_ZIP}) CONFIGURE_FILE(${SRCDIR}/heidisql.wxi.in ${CMAKE_CURRENT_BINARY_DIR}/heidisql.wxi) CONFIGURE_FILE(${SRCDIR}/heidisql_feature.wxi.in ${CMAKE_CURRENT_BINARY_DIR}/heidisql_feature.wxi) diff -Nru mariadb-11.8.6/win/upgrade_wizard/upgradeDlg.cpp mariadb-11.8.8/win/upgrade_wizard/upgradeDlg.cpp --- mariadb-11.8.6/win/upgrade_wizard/upgradeDlg.cpp 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/win/upgrade_wizard/upgradeDlg.cpp 2026-05-24 09:58:33.000000000 +0000 @@ -196,7 +196,7 @@ if (service_props.version_major) { char ver[64]; - sprintf(ver, "%d.%d.%d", service_props.version_major, + snprintf(ver, sizeof(ver), "%d.%d.%d", service_props.version_major, service_props.version_minor, service_props.version_patch); props.version= ver; } @@ -221,7 +221,7 @@ else { char message[128]; - sprintf(message, + snprintf(message, sizeof(message), "There is no service that can be upgraded to " PRODUCT_NAME " %d.%d.%d", m_MajorVersion, m_MinorVersion, m_PatchVersion); MessageBox(message, PRODUCT_NAME " Upgrade Wizard", MB_ICONINFORMATION); @@ -254,7 +254,7 @@ GetMyVersion(&m_MajorVersion, &m_MinorVersion, &m_PatchVersion); char windowTitle[64]; - sprintf(windowTitle, PRODUCT_NAME " %d.%d.%d Upgrade Wizard", + snprintf(windowTitle, sizeof(windowTitle), PRODUCT_NAME " %d.%d.%d Upgrade Wizard", m_MajorVersion, m_MinorVersion, m_PatchVersion); SetWindowText(windowTitle); @@ -401,7 +401,7 @@ if(!AssignProcessToJobObject(m_JobObject, pi.hProcess)) { char errmsg[128]; - sprintf(errmsg, "AssignProcessToJobObject failed, error %d", + snprintf(errmsg, sizeof(errmsg), "AssignProcessToJobObject failed, error %d", GetLastError()); ErrorExit(errmsg); } diff -Nru mariadb-11.8.6/zlib/.cmake-format.yaml mariadb-11.8.8/zlib/.cmake-format.yaml --- mariadb-11.8.6/zlib/.cmake-format.yaml 1970-01-01 00:00:00.000000000 +0000 +++ mariadb-11.8.8/zlib/.cmake-format.yaml 2026-05-24 09:58:33.000000000 +0000 @@ -0,0 +1,245 @@ +_help_parse: Options affecting listfile parsing +parse: + _help_additional_commands: + - Specify structure for custom cmake functions + additional_commands: + foo: + flags: + - BAR + - BAZ + kwargs: + HEADERS: '*' + SOURCES: '*' + DEPENDS: '*' + _help_override_spec: + - Override configurations per-command where available + override_spec: {} + _help_vartags: + - Specify variable tags. + vartags: [] + _help_proptags: + - Specify property tags. + proptags: [] +_help_format: Options affecting formatting. +format: + _help_disable: + - Disable formatting entirely, making cmake-format a no-op + disable: false + _help_line_width: + - How wide to allow formatted cmake files + line_width: 80 + _help_tab_size: + - How many spaces to tab for indent + tab_size: 4 + _help_use_tabchars: + - If true, lines are indented using tab characters (utf-8 + - 0x09) instead of space characters (utf-8 0x20). + - In cases where the layout would require a fractional tab + - character, the behavior of the fractional indentation is + - governed by + use_tabchars: false + _help_fractional_tab_policy: + - If is True, then the value of this variable + - indicates how fractional indentions are handled during + - whitespace replacement. If set to 'use-space', fractional + - indentation is left as spaces (utf-8 0x20). If set to + - '`round-up` fractional indentation is replaced with a single' + - tab character (utf-8 0x09) effectively shifting the column + - to the next tabstop + fractional_tab_policy: use-space + _help_max_subgroups_hwrap: + - If an argument group contains more than this many sub-groups + - (parg or kwarg groups) then force it to a vertical layout. + max_subgroups_hwrap: 2 + _help_max_pargs_hwrap: + - If a positional argument group contains more than this many + - arguments, then force it to a vertical layout. + max_pargs_hwrap: 6 + _help_max_rows_cmdline: + - If a cmdline positional group consumes more than this many + - lines without nesting, then invalidate the layout (and nest) + max_rows_cmdline: 2 + _help_separate_ctrl_name_with_space: + - If true, separate flow control names from their parentheses + - with a space + separate_ctrl_name_with_space: false + _help_separate_fn_name_with_space: + - If true, separate function names from parentheses with a + - space + separate_fn_name_with_space: false + _help_dangle_parens: + - If a statement is wrapped to more than one line, than dangle + - the closing parenthesis on its own line. + dangle_parens: false + _help_dangle_align: + - If the trailing parenthesis must be 'dangled' on its on + - 'line, then align it to this reference: `prefix`: the start' + - 'of the statement, `prefix-indent`: the start of the' + - 'statement, plus one indentation level, `child`: align to' + - the column of the arguments + dangle_align: prefix + _help_min_prefix_chars: + - If the statement spelling length (including space and + - parenthesis) is smaller than this amount, then force reject + - nested layouts. + min_prefix_chars: 4 + _help_max_prefix_chars: + - If the statement spelling length (including space and + - parenthesis) is larger than the tab width by more than this + - amount, then force reject un-nested layouts. + max_prefix_chars: 10 + _help_max_lines_hwrap: + - If a candidate layout is wrapped horizontally but it exceeds + - this many lines, then reject the layout. + max_lines_hwrap: 2 + _help_line_ending: + - What style line endings to use in the output. + line_ending: unix + _help_command_case: + - Format command names consistently as 'lower' or 'upper' case + command_case: canonical + _help_keyword_case: + - Format keywords consistently as 'lower' or 'upper' case + keyword_case: unchanged + _help_always_wrap: + - A list of command names which should always be wrapped + always_wrap: [] + _help_enable_sort: + - If true, the argument lists which are known to be sortable + - will be sorted lexicographicall + enable_sort: true + _help_autosort: + - If true, the parsers may infer whether or not an argument + - list is sortable (without annotation). + autosort: false + _help_require_valid_layout: + - By default, if cmake-format cannot successfully fit + - everything into the desired linewidth it will apply the + - last, most aggressive attempt that it made. If this flag is + - True, however, cmake-format will print error, exit with non- + - zero status code, and write-out nothing + require_valid_layout: false + _help_layout_passes: + - A dictionary mapping layout nodes to a list of wrap + - decisions. See the documentation for more information. + layout_passes: {} +_help_markup: Options affecting comment reflow and formatting. +markup: + _help_bullet_char: + - What character to use for bulleted lists + bullet_char: '*' + _help_enum_char: + - What character to use as punctuation after numerals in an + - enumerated list + enum_char: . + _help_first_comment_is_literal: + - If comment markup is enabled, don't reflow the first comment + - block in each listfile. Use this to preserve formatting of + - your copyright/license statements. + first_comment_is_literal: false + _help_literal_comment_pattern: + - If comment markup is enabled, don't reflow any comment block + - which matches this (regex) pattern. Default is `None` + - (disabled). + literal_comment_pattern: null + _help_fence_pattern: + - Regular expression to match preformat fences in comments + - default= ``r'^\s*([`~]{3}[`~]*)(.*)$'`` + fence_pattern: ^\s*([`~]{3}[`~]*)(.*)$ + _help_ruler_pattern: + - Regular expression to match rulers in comments default= + - '``r''^\s*[^\w\s]{3}.*[^\w\s]{3}$''``' + ruler_pattern: ^\s*[^\w\s]{3}.*[^\w\s]{3}$ + _help_explicit_trailing_pattern: + - If a comment line matches starts with this pattern then it + - is explicitly a trailing comment for the preceding argument. + - Default is '#<' + explicit_trailing_pattern: '#<' + _help_hashruler_min_length: + - If a comment line starts with at least this many consecutive + - hash characters, then don't lstrip() them off. This allows + - for lazy hash rulers where the first hash char is not + - separated by space + hashruler_min_length: 10 + _help_canonicalize_hashrulers: + - If true, then insert a space between the first hash char and + - remaining hash chars in a hash ruler, and normalize its + - length to fill the column + canonicalize_hashrulers: true + _help_enable_markup: + - enable comment markup parsing and reflow + enable_markup: true +_help_lint: Options affecting the linter +lint: + _help_disabled_codes: + - a list of lint codes to disable + disabled_codes: [] + _help_function_pattern: + - regular expression pattern describing valid function names + function_pattern: '[0-9a-z_]+' + _help_macro_pattern: + - regular expression pattern describing valid macro names + macro_pattern: '[0-9A-Z_]+' + _help_global_var_pattern: + - regular expression pattern describing valid names for + - variables with global (cache) scope + global_var_pattern: '[A-Z][0-9A-Z_]+' + _help_internal_var_pattern: + - regular expression pattern describing valid names for + - variables with global scope (but internal semantic) + internal_var_pattern: _[A-Z][0-9A-Z_]+ + _help_local_var_pattern: + - regular expression pattern describing valid names for + - variables with local scope + local_var_pattern: '[a-z][a-z0-9_]+' + _help_private_var_pattern: + - regular expression pattern describing valid names for + - privatedirectory variables + private_var_pattern: _[0-9a-z_]+ + _help_public_var_pattern: + - regular expression pattern describing valid names for public + - directory variables + public_var_pattern: '[A-Z][0-9A-Z_]+' + _help_argument_var_pattern: + - regular expression pattern describing valid names for + - function/macro arguments and loop variables. + argument_var_pattern: '[a-z][a-z0-9_]+' + _help_keyword_pattern: + - regular expression pattern describing valid names for + - keywords used in functions or macros + keyword_pattern: '[A-Z][0-9A-Z_]+' + _help_max_conditionals_custom_parser: + - In the heuristic for C0201, how many conditionals to match + - within a loop in before considering the loop a parser. + max_conditionals_custom_parser: 2 + _help_min_statement_spacing: + - Require at least this many newlines between statements + min_statement_spacing: 1 + _help_max_statement_spacing: + - Require no more than this many newlines between statements + max_statement_spacing: 2 + max_returns: 6 + max_branches: 12 + max_arguments: 5 + max_localvars: 15 + max_statements: 50 +_help_encode: Options affecting file encoding +encode: + _help_emit_byteorder_mark: + - If true, emit the unicode byte-order mark (BOM) at the start + - of the file + emit_byteorder_mark: false + _help_input_encoding: + - Specify the encoding of the input file. Defaults to utf-8 + input_encoding: utf-8 + _help_output_encoding: + - Specify the encoding of the output file. Defaults to utf-8. + - Note that cmake only claims to support utf-8 so be careful + - when using anything else + output_encoding: utf-8 +_help_misc: Miscellaneous configurations options. +misc: + _help_per_command: + - A dictionary containing any per-command configuration + - overrides. Currently only `command_case` is supported. + per_command: {} diff -Nru mariadb-11.8.6/zlib/CMakeLists.txt mariadb-11.8.8/zlib/CMakeLists.txt --- mariadb-11.8.6/zlib/CMakeLists.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/CMakeLists.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,5 @@ # Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2018, 2026, MariaDB # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2.0, @@ -13,51 +14,33 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335 USA - -include(CheckTypeSize) include(CheckFunctionExists) include(CheckIncludeFile) -include(CheckCSourceCompiles) - -check_include_file(sys/types.h HAVE_SYS_TYPES_H) -check_include_file(stdint.h HAVE_STDINT_H) -check_include_file(stddef.h HAVE_STDDEF_H) +include(CheckTypeSize) # # Check to see if we have large file support # set(CMAKE_REQUIRED_DEFINITIONS -D_LARGEFILE64_SOURCE=1) -# We add these other definitions here because CheckTypeSize.cmake -# in CMake 2.4.x does not automatically do so and we want -# compatibility with CMake 2.4.x. -if(HAVE_SYS_TYPES_H) - list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_SYS_TYPES_H) -endif() -if(HAVE_STDINT_H) - list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDINT_H) -endif() -if(HAVE_STDDEF_H) - list(APPEND CMAKE_REQUIRED_DEFINITIONS -DHAVE_STDDEF_H) -endif() check_type_size(off64_t OFF64_T) -if(HAVE_OFF64_T) - add_definitions(-D_LARGEFILE64_SOURCE=1) -endif() -set(CMAKE_REQUIRED_DEFINITIONS) # clear variable +unset(CMAKE_REQUIRED_DEFINITIONS) # clear variable # # Check for fseeko # check_function_exists(fseeko HAVE_FSEEKO) -if(NOT HAVE_FSEEKO) - add_definitions(-DNO_FSEEKO) -endif() + +# +# Check for stdarg.h +# +check_include_file(stdarg.h HAVE_STDARG_H) # # Check for unistd.h # -check_include_file(unistd.h Z_HAVE_UNISTD_H) +check_include_file(unistd.h HAVE_UNISTD_H) +# ============================================================================ configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/zconf.h.cmakein @@ -69,12 +52,10 @@ #============================================================================ # zlib -#============================================================================ +# ============================================================================ + +set(ZLIB_PUBLIC_HDRS ${CMAKE_CURRENT_BINARY_DIR}/zconf.h zlib.h) -set(ZLIB_PUBLIC_HDRS - ${CMAKE_CURRENT_BINARY_DIR}/zconf.h - zlib.h -) set(ZLIB_PRIVATE_HDRS crc32.h deflate.h @@ -84,8 +65,8 @@ inflate.h inftrees.h trees.h - zutil.h -) + zutil.h) + set(ZLIB_SRCS adler32.c compress.c @@ -101,10 +82,8 @@ inffast.c trees.c uncompr.c - zutil.c -) + zutil.c) ADD_CONVENIENCE_LIBRARY(zlib STATIC ${ZLIB_SRCS} ${ZLIB_PUBLIC_HDRS} ${ZLIB_PRIVATE_HDRS}) RESTRICT_SYMBOL_EXPORTS(zlib) - diff -Nru mariadb-11.8.6/zlib/ChangeLog mariadb-11.8.8/zlib/ChangeLog --- mariadb-11.8.6/zlib/ChangeLog 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/ChangeLog 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,57 @@ ChangeLog file for zlib +Changes in 1.3.2 (17 Feb 2026) +- Continued rewrite of CMake build [Vollstrecker] +- Various portability improvements +- Various github workflow additions and improvements +- Check for negative lengths in crc32_combine functions +- Copy only the initialized window contents in inflateCopy +- Prevent the use of insecure functions without an explicit request +- Add compressBound_z and deflateBound_z functions for large values +- Use atomics to build inflate fixed tables once +- Add definition of ZLIB_INSECURE to build tests with c89 and c94 +- Add --undefined option to ./configure for UBSan checker +- Copy only the initialized deflate state in deflateCopy +- Zero inflate state on allocation +- Remove untgz from contrib +- Add _z versions of the compress and uncompress functions +- Vectorize the CRC-32 calculation on the s390x +- Set bit 11 of the zip header flags in minizip if UTF-8 +- Update OS/400 support +- Add a test to configure to check for a working compiler +- Check for invalid NULL pointer inputs to zlib operations +- Add --mandir to ./configure to specify manual directory +- Add LICENSE.Info-Zip to contrib/minizip +- Remove vstudio projects in lieu of cmake-generated projects +- Replace strcpy() with memcpy() in contrib/minizip + +Changes in 1.3.1.2 (8 Dec 2025) +- Improve portability to RISC OS +- Permit compiling contrib/minizip/unzip.c with decryption +- Enable build of shared library on AIX +- Make deflateBound() more conservative and handle Z_STREAM_END +- Add zipAlreadyThere() to minizip zip.c to help avoid duplicates +- Make z_off_t 64 bits by default +- Add deflateUsed() function to get the used bits in the last byte +- Avoid out-of-bounds pointer arithmetic in inflateCopy() +- Add Haiku to configure for proper LDSHARED settings +- Add Bazel targets +- Complete rewrite of CMake build [Vollstrecker] +- Clarify the use of errnum in gzerror() +- Note that gzseek() requests are deferred until the next operation +- Note the use of gzungetc() to run a deferred seek while reading +- Fix bug in inflatePrime() for 16-bit ints +- Add a "G" option to force gzip, disabling transparency in gzread() +- Improve the discrimination between trailing garbage and bad gzip +- Allow gzflush() to write empty gzip members +- Remove redundant frees of point list on error in examples/zran.c +- Clarify the use of inflateGetHeader() +- Update links to the RFCs +- Return all available uncompressed data on error in gzread.c +- Support non-blocking devices in the gz* routines +- Various other small improvements + Changes in 1.3.1 (22 Jan 2024) - Reject overflows of zip header fields in minizip - Fix bug in inflateSync() for data held in bit buffer diff -Nru mariadb-11.8.6/zlib/FAQ mariadb-11.8.8/zlib/FAQ --- mariadb-11.8.6/zlib/FAQ 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/FAQ 2026-05-24 09:58:33.000000000 +0000 @@ -3,8 +3,8 @@ If your question is not there, please check the zlib home page -http://zlib.net/ which may have more recent information. -The latest zlib FAQ is at http://zlib.net/zlib_faq.html +https://zlib.net/ which may have more recent information. +The latest zlib FAQ is at https://zlib.net/zlib_faq.html 1. Is zlib Y2K-compliant? @@ -19,7 +19,7 @@ 3. Where can I get a Visual Basic interface to zlib? See - * http://marknelson.us/1997/01/01/zlib-engine/ + * https://zlib.net/nelson/ * win32/DLL_FAQ.txt in the zlib distribution 4. compress() returns Z_BUF_ERROR. @@ -38,7 +38,7 @@ made with more input or output space. A Z_BUF_ERROR may in fact be unavoidable depending on how the functions are used, since it is not possible to tell whether or not there is more output pending when - strm.avail_out returns with zero. See http://zlib.net/zlib_how.html for a + strm.avail_out returns with zero. See https://zlib.net/zlib_how.html for a heavily annotated example. 6. Where's the zlib documentation (man pages, etc.)? @@ -109,8 +109,8 @@ 16. Can zlib decode Flate data in an Adobe PDF file? - Yes. See http://www.pdflib.com/ . To modify PDF forms, see - http://sourceforge.net/projects/acroformtool/ . + Yes. See https://www.pdflib.com/ . To modify PDF forms, see + https://sourceforge.net/projects/acroformtool/ . 17. Why am I getting this "register_frame_info not found" error on Solaris? @@ -156,6 +156,10 @@ library memory allocation routines by default. zlib's *Init* functions allow for the application to provide custom memory allocation routines. + If the non-default BUILDFIXED or DYNAMIC_CRC_TABLE defines are used on a + system without atomics (e.g. pre-C11), then inflate() and crc32() will not + be thread safe. + Of course, you should only operate on any given zlib or gzip stream from a single thread at a time. @@ -235,7 +239,7 @@ As far as we know, no. In fact, that was originally the whole point behind zlib. Look here for some more information: - http://www.gzip.org/#faq11 + https://web.archive.org/web/20180729212847/http://www.gzip.org/#faq11 32. Can zlib work with greater than 4 GB of data? @@ -258,20 +262,20 @@ 33. Does zlib have any security vulnerabilities? The only one that we are aware of is potentially in gzprintf(). If zlib is - compiled to use sprintf() or vsprintf(), then there is no protection - against a buffer overflow of an 8K string space (or other value as set by - gzbuffer()), other than the caller of gzprintf() assuring that the output - will not exceed 8K. On the other hand, if zlib is compiled to use - snprintf() or vsnprintf(), which should normally be the case, then there is - no vulnerability. The ./configure script will display warnings if an - insecure variation of sprintf() will be used by gzprintf(). Also the - zlibCompileFlags() function will return information on what variant of - sprintf() is used by gzprintf(). + compiled to use sprintf() or vsprintf(), which requires that ZLIB_INSECURE + be defined, then there is no protection against a buffer overflow of an 8K + string space (or other value as set by gzbuffer()), other than the caller + of gzprintf() assuring that the output will not exceed 8K. On the other + hand, if zlib is compiled to use snprintf() or vsnprintf(), which should + normally be the case, then there is no vulnerability. The ./configure + script will display warnings if an insecure variation of sprintf() will be + used by gzprintf(). Also the zlibCompileFlags() function will return + information on what variant of sprintf() is used by gzprintf(). If you don't have snprintf() or vsnprintf() and would like one, you can - find a portable implementation here: + find a good portable implementation in stb_sprintf.h here: - http://www.ijs.si/software/snprintf/ + https://github.com/nothings/stb Note that you should be using the most recent version of zlib. Versions 1.1.3 and before were subject to a double-free vulnerability, and versions @@ -283,7 +287,7 @@ Probably what you want is to use zlib in Java. zlib is already included as part of the Java SDK in the java.util.zip package. If you really want a version of zlib written in the Java language, look on the zlib home - page for links: http://zlib.net/ . + page for links: https://zlib.net/ . 35. I get this or that compiler or source-code scanner warning when I crank it up to maximally-pedantic. Can't you guys write proper code? @@ -314,9 +318,9 @@ zlib doesn't support encryption. The original PKZIP encryption is very weak and can be broken with freely available programs. To get strong - encryption, use GnuPG, http://www.gnupg.org/ , which already includes zlib + encryption, use GnuPG, https://www.gnupg.org/ , which already includes zlib compression. For PKZIP compatible "encryption", look at - http://www.info-zip.org/ + https://infozip.sourceforge.net/ 39. What's the difference between the "gzip" and "deflate" HTTP 1.1 encodings? diff -Nru mariadb-11.8.6/zlib/INDEX mariadb-11.8.8/zlib/INDEX --- mariadb-11.8.6/zlib/INDEX 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/INDEX 2026-05-24 09:58:33.000000000 +0000 @@ -21,12 +21,11 @@ zlib2ansi perl script to convert source files for C++ compilation amiga/ makefiles for Amiga SAS C -as400/ makefiles for AS/400 doc/ documentation for formats and algorithms msdos/ makefiles for MSDOS -nintendods/ makefile for Nintendo DS old/ makefiles for various architectures and zlib documentation files that have not yet been updated for zlib 1.2.x +os400/ makefiles for OS/400 qnx/ makefiles for QNX watcom/ makefiles for OpenWatcom win32/ makefiles for Windows diff -Nru mariadb-11.8.6/zlib/LICENSE mariadb-11.8.8/zlib/LICENSE --- mariadb-11.8.6/zlib/LICENSE 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/LICENSE 2026-05-24 09:58:33.000000000 +0000 @@ -1,6 +1,6 @@ Copyright notice: - (C) 1995-2022 Jean-loup Gailly and Mark Adler + (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff -Nru mariadb-11.8.6/zlib/README mariadb-11.8.8/zlib/README --- mariadb-11.8.6/zlib/README 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/README 2026-05-24 09:58:33.000000000 +0000 @@ -1,10 +1,10 @@ ZLIB DATA COMPRESSION LIBRARY -zlib 1.3.1 is a general purpose data compression library. All the code is -thread safe. The data format used by the zlib library is described by RFCs -(Request for Comments) 1950 to 1952 in the files -http://tools.ietf.org/html/rfc1950 (zlib format), rfc1951 (deflate format) and -rfc1952 (gzip format). +zlib 1.3.2 is a general purpose data compression library. All the code is +thread safe (though see the FAQ for caveats). The data format used by the zlib +library is described by RFCs (Request for Comments) 1950 to 1952 at +https://datatracker.ietf.org/doc/html/rfc1950 (zlib format), rfc1951 (deflate +format) and rfc1952 (gzip format). All functions of the compression library are documented in the file zlib.h (volunteer to write man pages welcome, contact zlib@gzip.org). A usage example @@ -21,17 +21,17 @@ Questions about zlib should be sent to , or to Gilles Vollant for the Windows DLL version. The zlib home page is -http://zlib.net/ . Before reporting a problem, please check this site to +https://zlib.net/ . Before reporting a problem, please check this site to verify that you have the latest version of zlib; otherwise get the latest version and check whether the problem still exists or not. -PLEASE read the zlib FAQ http://zlib.net/zlib_faq.html before asking for help. +PLEASE read the zlib FAQ https://zlib.net/zlib_faq.html before asking for help. Mark Nelson wrote an article about zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at -https://marknelson.us/posts/1997/01/01/zlib-engine.html . +https://zlib.net/nelson/ . -The changes made in version 1.3.1 are documented in the file ChangeLog. +The changes made in version 1.3.2 are documented in the file ChangeLog. Unsupported third party contributions are provided in directory contrib/ . @@ -43,9 +43,9 @@ A Python interface to zlib written by A.M. Kuchling is available in Python 1.5 and later versions, see -http://docs.python.org/library/zlib.html . +https://docs.python.org/3/library/zlib.html . -zlib is built into tcl: http://wiki.tcl.tk/4610 . +zlib is built into tcl: https://wiki.tcl-lang.org/page/zlib . An experimental package to read and write files in .zip format, written on top of zlib by Gilles Vollant , is available in the @@ -69,9 +69,7 @@ - zlib doesn't work on HP-UX 9.05 with some versions of /bin/cc. It works with other compilers. Use "make test" to check your compiler. -- gzdopen is not supported on RISCOS or BEOS. - -- For PalmOs, see http://palmzlib.sourceforge.net/ +- For PalmOs, see https://palmzlib.sourceforge.net/ Acknowledgments: @@ -83,7 +81,7 @@ Copyright notice: - (C) 1995-2024 Jean-loup Gailly and Mark Adler + (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff -Nru mariadb-11.8.6/zlib/compress.c mariadb-11.8.8/zlib/compress.c --- mariadb-11.8.6/zlib/compress.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/compress.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* compress.c -- compress a memory buffer - * Copyright (C) 1995-2005, 2014, 2016 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -18,13 +18,19 @@ compress2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_BUF_ERROR if there was not enough room in the output buffer, Z_STREAM_ERROR if the level parameter is invalid. + + The _z versions of the functions take size_t length arguments. */ -int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, - uLong sourceLen, int level) { +int ZEXPORT compress2_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t sourceLen, int level) { z_stream stream; int err; const uInt max = (uInt)-1; - uLong left; + z_size_t left; + + if ((sourceLen > 0 && source == NULL) || + destLen == NULL || (*destLen > 0 && dest == NULL)) + return Z_STREAM_ERROR; left = *destLen; *destLen = 0; @@ -43,23 +49,36 @@ do { if (stream.avail_out == 0) { - stream.avail_out = left > (uLong)max ? max : (uInt)left; + stream.avail_out = left > (z_size_t)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { - stream.avail_in = sourceLen > (uLong)max ? max : (uInt)sourceLen; + stream.avail_in = sourceLen > (z_size_t)max ? max : + (uInt)sourceLen; sourceLen -= stream.avail_in; } err = deflate(&stream, sourceLen ? Z_NO_FLUSH : Z_FINISH); } while (err == Z_OK); - *destLen = stream.total_out; + *destLen = (z_size_t)(stream.next_out - dest); deflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err; } - +int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, + uLong sourceLen, int level) { + int ret; + z_size_t got = *destLen; + ret = compress2_z(dest, &got, source, sourceLen, level); + *destLen = (uLong)got; + return ret; +} /* =========================================================================== */ +int ZEXPORT compress_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t sourceLen) { + return compress2_z(dest, destLen, source, sourceLen, + Z_DEFAULT_COMPRESSION); +} int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen) { return compress2(dest, destLen, source, sourceLen, Z_DEFAULT_COMPRESSION); @@ -69,7 +88,12 @@ If the default memLevel or windowBits for deflateInit() is changed, then this function needs to be updated. */ +z_size_t ZEXPORT compressBound_z(z_size_t sourceLen) { + z_size_t bound = sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + + (sourceLen >> 25) + 13; + return bound < sourceLen ? (z_size_t)-1 : bound; +} uLong ZEXPORT compressBound(uLong sourceLen) { - return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + - (sourceLen >> 25) + 13; + z_size_t bound = compressBound_z(sourceLen); + return (uLong)bound != bound ? (uLong)-1 : (uLong)bound; } diff -Nru mariadb-11.8.6/zlib/contrib/nuget/nuget.csproj mariadb-11.8.8/zlib/contrib/nuget/nuget.csproj --- mariadb-11.8.6/zlib/contrib/nuget/nuget.csproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/nuget/nuget.csproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ - - - - net6.0 - madler.zlib.redist - $(PackageId).win - $(PackageId).linux - $(PackageId).osx - (C) 1995-2024 Jean-loup Gailly and Mark Adler - 1.3.1 - NuGet Package for consuming native builds of zlib into .NET without complexity. - - NU5128 - $(MSBuildProjectDirectory) - Jean-loup Gailly and Mark Adler - - - - - - - - - - - - - - - - - - - - - - - - - diff -Nru mariadb-11.8.6/zlib/contrib/nuget/nuget.sln mariadb-11.8.8/zlib/contrib/nuget/nuget.sln --- mariadb-11.8.6/zlib/contrib/nuget/nuget.sln 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/nuget/nuget.sln 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 17 -VisualStudioVersion = 17.0.31903.59 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "nuget", "nuget.csproj", "{B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|Any CPU = Debug|Any CPU - Release|Any CPU = Release|Any CPU - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Debug|Any CPU.Build.0 = Debug|Any CPU - {B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Release|Any CPU.ActiveCfg = Release|Any CPU - {B1BD3984-EF8F-4E9D-9A94-EB784E5EB1E8}.Release|Any CPU.Build.0 = Release|Any CPU - EndGlobalSection -EndGlobal diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/miniunz.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/miniunz.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/miniunz.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/miniunz.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,409 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {C52F9E7B-498A-42BE-8DB4-85A15694382A} - Win32Proj - 10.0 - - - - Application - MultiByte - v143 - - - Application - Unicode - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\MiniUnzip$(Configuration)\ - x86\MiniUnzip$(Configuration)\Tmp\ - true - false - x86\MiniUnzip$(Configuration)\ - x86\MiniUnzip$(Configuration)\Tmp\ - false - false - x64\MiniUnzip$(Configuration)\ - x64\MiniUnzip$(Configuration)\Tmp\ - true - true - true - false - false - false - x64\MiniUnzip$(Configuration)\ - x64\MiniUnzip$(Configuration)\Tmp\ - false - false - false - false - false - false - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - - - arm64\MiniUnzip$(Configuration)\ - arm64\MiniUnzip$(Configuration)\Tmp\ - - - arm64\MiniUnzip$(Configuration)\ - arm64\MiniUnzip$(Configuration)\Tmp\ - - - arm\MiniUnzip$(Configuration)\ - arm\MiniUnzip$(Configuration)\Tmp\ - - - arm\MiniUnzip$(Configuration)\ - arm\MiniUnzip$(Configuration)\Tmp\ - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - $(OutDir)miniunz.pdb - Console - false - - - MachineX86 - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreaded - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - Console - true - true - false - - - MachineX86 - - - - - X64 - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - $(OutDir)miniunz.pdb - Console - MachineX64 - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - $(OutDir)miniunz.pdb - Console - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - $(OutDir)miniunz.pdb - Console - - - - - X64 - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - Console - true - true - MachineX64 - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - Console - true - true - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)miniunz.exe - true - Console - true - true - - - - - - - - {8fd826f8-3739-44e6-8cc8-997122e53b8d} - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/minizip.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/minizip.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/minizip.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/minizip.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,405 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B} - Win32Proj - 10.0 - - - - Application - MultiByte - v143 - - - Application - Unicode - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\MiniZip$(Configuration)\ - x86\MiniZip$(Configuration)\Tmp\ - true - false - x86\MiniZip$(Configuration)\ - x86\MiniZip$(Configuration)\Tmp\ - false - x64\$(Configuration)\ - x64\$(Configuration)\ - true - true - true - false - false - false - x64\$(Configuration)\ - x64\$(Configuration)\ - false - false - false - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - - - arm64\MiniZip$(Configuration)\ - arm64\MiniZip$(Configuration)\Tmp\ - - - arm64\MiniZip$(Configuration)\ - arm64\MiniZip$(Configuration)\Tmp\ - - - arm\MiniZip$(Configuration)\ - arm\MiniZip$(Configuration)\Tmp\ - - - arm\MiniZip$(Configuration)\ - arm\MiniZip$(Configuration)\Tmp\ - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - $(OutDir)minizip.pdb - Console - false - - - MachineX86 - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreaded - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - Console - true - true - false - - - MachineX86 - - - - - X64 - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - $(OutDir)minizip.pdb - Console - MachineX64 - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - $(OutDir)minizip.pdb - Console - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - $(OutDir)minizip.pdb - Console - - - - - X64 - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - Console - true - true - MachineX64 - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - Console - true - true - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)minizip.exe - true - Console - true - true - - - - - - - - {8fd826f8-3739-44e6-8cc8-997122e53b8d} - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/testzlib.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlib.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/testzlib.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlib.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,473 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - ReleaseWithoutAsm - ARM - - - ReleaseWithoutAsm - ARM64 - - - ReleaseWithoutAsm - Win32 - - - ReleaseWithoutAsm - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B} - testzlib - Win32Proj - 10.0 - - - - Application - MultiByte - true - v143 - - - Application - MultiByte - true - v143 - - - Application - Unicode - v143 - - - Application - true - v143 - - - Application - true - v143 - - - Application - true - v143 - - - Application - true - v143 - - - Application - true - v143 - - - Application - true - v143 - - - Application - v143 - - - Application - v143 - - - Application - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\TestZlib$(Configuration)\ - x86\TestZlib$(Configuration)\Tmp\ - true - false - x86\TestZlib$(Configuration)\ - x86\TestZlib$(Configuration)\Tmp\ - false - false - x86\TestZlib$(Configuration)\ - x86\TestZlib$(Configuration)\Tmp\ - false - false - x64\TestZlib$(Configuration)\ - x64\TestZlib$(Configuration)\Tmp\ - false - false - false - x64\TestZlib$(Configuration)\ - x64\TestZlib$(Configuration)\Tmp\ - false - false - false - x64\TestZlib$(Configuration)\ - x64\TestZlib$(Configuration)\Tmp\ - false - false - false - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - - - arm64\TestZlib$(Configuration)\ - arm64\TestZlib$(Configuration)\Tmp\ - - - arm64\TestZlib$(Configuration)\ - arm64\TestZlib$(Configuration)\Tmp\ - - - arm64\TestZlib$(Configuration)\ - arm64\TestZlib$(Configuration)\Tmp\ - - - arm\TestZlib$(Configuration)\ - arm\TestZlib$(Configuration)\Tmp\ - - - arm\TestZlib$(Configuration)\ - arm\TestZlib$(Configuration)\Tmp\ - - - arm\TestZlib$(Configuration)\ - arm\TestZlib$(Configuration)\Tmp\ - - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - AssemblyAndSourceCode - $(IntDir) - Level3 - ProgramDatabase - - - %(AdditionalDependencies) - $(OutDir)testzlib.exe - true - $(OutDir)testzlib.pdb - Console - false - - - MachineX86 - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - true - Default - MultiThreaded - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - $(OutDir)testzlib.exe - true - Console - true - true - false - - - MachineX86 - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - true - Default - MultiThreaded - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - %(AdditionalDependencies) - $(OutDir)testzlib.exe - true - Console - true - true - false - - - MachineX86 - false - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDebugDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDebugDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_DEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDebugDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;NDEBUG;_CONSOLE;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - Default - MultiThreadedDLL - false - $(IntDir) - - - %(AdditionalDependencies) - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/testzlibdll.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlibdll.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/testzlibdll.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/testzlibdll.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,409 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {C52F9E7B-498A-42BE-8DB4-85A15694366A} - Win32Proj - 10.0 - - - - Application - MultiByte - v143 - - - Application - Unicode - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - Application - MultiByte - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\TestZlibDll$(Configuration)\ - x86\TestZlibDll$(Configuration)\Tmp\ - true - false - x86\TestZlibDll$(Configuration)\ - x86\TestZlibDll$(Configuration)\Tmp\ - false - false - x64\TestZlibDll$(Configuration)\ - x64\TestZlibDll$(Configuration)\Tmp\ - true - true - true - false - false - false - x64\TestZlibDll$(Configuration)\ - x64\TestZlibDll$(Configuration)\Tmp\ - false - false - false - false - false - false - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - - - arm64\TestZlibDll$(Configuration)\ - arm64\TestZlibDll$(Configuration)\Tmp\ - - - arm64\TestZlibDll$(Configuration)\ - arm64\TestZlibDll$(Configuration)\Tmp\ - - - arm\TestZlibDll$(Configuration)\ - arm\TestZlibDll$(Configuration)\Tmp\ - - - arm\TestZlibDll$(Configuration)\ - arm\TestZlibDll$(Configuration)\Tmp\ - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - $(OutDir)testzlib.pdb - Console - false - - - MachineX86 - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) - true - Default - MultiThreaded - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x86\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - Console - true - true - false - - - MachineX86 - - - - - X64 - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - $(OutDir)testzlib.pdb - Console - MachineX64 - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - $(OutDir)testzlib.pdb - Console - - - - - - Disabled - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;_DEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDebugDLL - false - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllDebug\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - $(OutDir)testzlib.pdb - Console - - - - - X64 - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - Console - true - true - MachineX64 - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - Console - true - true - - - - - - MaxSpeed - OnlyExplicitInline - true - ..\..\..;..\..\minizip;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;ZLIB_WINAPI;NDEBUG;_CONSOLE;WIN64;%(PreprocessorDefinitions) - true - Default - MultiThreadedDLL - false - true - - - $(IntDir) - Level3 - ProgramDatabase - - - x64\ZlibDllRelease\zlibwapi.lib;%(AdditionalDependencies) - $(OutDir)testzlibdll.exe - true - Console - true - true - - - - - - - - {8fd826f8-3739-44e6-8cc8-997122e53b8d} - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlib.rc mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlib.rc --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlib.rc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlib.rc 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -#include - -#define IDR_VERSION1 1 -IDR_VERSION1 VERSIONINFO MOVEABLE IMPURE LOADONCALL DISCARDABLE - FILEVERSION 1, 3, 1, 0 - PRODUCTVERSION 1, 3, 1, 0 - FILEFLAGSMASK VS_FFI_FILEFLAGSMASK - FILEFLAGS 0 - FILEOS VOS_DOS_WINDOWS32 - FILETYPE VFT_DLL - FILESUBTYPE 0 // not used -BEGIN - BLOCK "StringFileInfo" - BEGIN - BLOCK "040904E4" - //language ID = U.S. English, char set = Windows, Multilingual - - BEGIN - VALUE "FileDescription", "zlib data compression and ZIP file I/O library\0" - VALUE "FileVersion", "1.3.1\0" - VALUE "InternalName", "zlib\0" - VALUE "OriginalFilename", "zlibwapi.dll\0" - VALUE "ProductName", "ZLib.DLL\0" - VALUE "Comments","DLL support by Alessandro Iacopetti & Gilles Vollant\0" - VALUE "LegalCopyright", "(C) 1995-2024 Jean-loup Gailly & Mark Adler\0" - END - END - BLOCK "VarFileInfo" - BEGIN - VALUE "Translation", 0x0409, 1252 - END -END diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibstat.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibstat.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibstat.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibstat.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,602 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - ReleaseWithoutAsm - ARM - - - ReleaseWithoutAsm - ARM64 - - - ReleaseWithoutAsm - Win32 - - - ReleaseWithoutAsm - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8} - 10.0 - - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - Unicode - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - StaticLibrary - false - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\ZlibStat$(Configuration)\ - x86\ZlibStat$(Configuration)\Tmp\ - x86\ZlibStat$(Configuration)\ - x86\ZlibStat$(Configuration)\Tmp\ - x86\ZlibStat$(Configuration)\ - x86\ZlibStat$(Configuration)\Tmp\ - x64\ZlibStat$(Configuration)\ - x64\ZlibStat$(Configuration)\Tmp\ - x64\ZlibStat$(Configuration)\ - x64\ZlibStat$(Configuration)\Tmp\ - x64\ZlibStat$(Configuration)\ - x64\ZlibStat$(Configuration)\Tmp\ - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - - - arm64\ZlibStat$(Configuration)\ - arm64\ZlibStat$(Configuration)\Tmp\ - - - arm64\ZlibStat$(Configuration)\ - arm64\ZlibStat$(Configuration)\Tmp\ - - - arm64\ZlibStat$(Configuration)\ - arm64\ZlibStat$(Configuration)\Tmp\ - - - arm\ZlibStat$(Configuration)\ - arm\ZlibStat$(Configuration)\Tmp\ - - - arm\ZlibStat$(Configuration)\ - arm\ZlibStat$(Configuration)\Tmp\ - - - arm\ZlibStat$(Configuration)\ - arm\ZlibStat$(Configuration)\Tmp\ - - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - OldStyle - - - 0x040c - - - /MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - true - - - MultiThreaded - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibstat.lib - true - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;%(PreprocessorDefinitions) - true - - - MultiThreaded - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:X86 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - X64 - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - OldStyle - - - 0x040c - - - /MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - OldStyle - - - 0x040c - - - /MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - OldStyle - - - 0x040c - - - /MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - X64 - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibstat.lib - true - - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibstat.lib - true - - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibstat.lib - true - - - - - X64 - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:AMD64 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:ARM64 /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - ZLIB_WINAPI;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibstat.pch - $(IntDir) - $(IntDir) - $(OutDir) - Level3 - true - - - 0x040c - - - /MACHINE:ARM /NODEFAULTLIB %(AdditionalOptions) - $(OutDir)zlibstat.lib - true - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.def mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.def --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.def 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.def 1970-01-01 00:00:00.000000000 +0000 @@ -1,158 +0,0 @@ -LIBRARY -; zlib data compression and ZIP file I/O library - -VERSION 1.3.1 - -EXPORTS - adler32 @1 - compress @2 - crc32 @3 - deflate @4 - deflateCopy @5 - deflateEnd @6 - deflateInit2_ @7 - deflateInit_ @8 - deflateParams @9 - deflateReset @10 - deflateSetDictionary @11 - gzclose @12 - gzdopen @13 - gzerror @14 - gzflush @15 - gzopen @16 - gzread @17 - gzwrite @18 - inflate @19 - inflateEnd @20 - inflateInit2_ @21 - inflateInit_ @22 - inflateReset @23 - inflateSetDictionary @24 - inflateSync @25 - uncompress @26 - zlibVersion @27 - gzprintf @28 - gzputc @29 - gzgetc @30 - gzseek @31 - gzrewind @32 - gztell @33 - gzeof @34 - gzsetparams @35 - zError @36 - inflateSyncPoint @37 - get_crc_table @38 - compress2 @39 - gzputs @40 - gzgets @41 - inflateCopy @42 - inflateBackInit_ @43 - inflateBack @44 - inflateBackEnd @45 - compressBound @46 - deflateBound @47 - gzclearerr @48 - gzungetc @49 - zlibCompileFlags @50 - deflatePrime @51 - deflatePending @52 - - unzOpen @61 - unzClose @62 - unzGetGlobalInfo @63 - unzGetCurrentFileInfo @64 - unzGoToFirstFile @65 - unzGoToNextFile @66 - unzOpenCurrentFile @67 - unzReadCurrentFile @68 - unzOpenCurrentFile3 @69 - unztell @70 - unzeof @71 - unzCloseCurrentFile @72 - unzGetGlobalComment @73 - unzStringFileNameCompare @74 - unzLocateFile @75 - unzGetLocalExtrafield @76 - unzOpen2 @77 - unzOpenCurrentFile2 @78 - unzOpenCurrentFilePassword @79 - - zipOpen @80 - zipOpenNewFileInZip @81 - zipWriteInFileInZip @82 - zipCloseFileInZip @83 - zipClose @84 - zipOpenNewFileInZip2 @86 - zipCloseFileInZipRaw @87 - zipOpen2 @88 - zipOpenNewFileInZip3 @89 - - unzGetFilePos @100 - unzGoToFilePos @101 - - fill_win32_filefunc @110 - -; zlibwapi v1.2.4 added: - fill_win32_filefunc64 @111 - fill_win32_filefunc64A @112 - fill_win32_filefunc64W @113 - - unzOpen64 @120 - unzOpen2_64 @121 - unzGetGlobalInfo64 @122 - unzGetCurrentFileInfo64 @124 - unzGetCurrentFileZStreamPos64 @125 - unztell64 @126 - unzGetFilePos64 @127 - unzGoToFilePos64 @128 - - zipOpen64 @130 - zipOpen2_64 @131 - zipOpenNewFileInZip64 @132 - zipOpenNewFileInZip2_64 @133 - zipOpenNewFileInZip3_64 @134 - zipOpenNewFileInZip4_64 @135 - zipCloseFileInZipRaw64 @136 - -; zlib1 v1.2.4 added: - adler32_combine @140 - crc32_combine @142 - deflateSetHeader @144 - deflateTune @145 - gzbuffer @146 - gzclose_r @147 - gzclose_w @148 - gzdirect @149 - gzoffset @150 - inflateGetHeader @156 - inflateMark @157 - inflatePrime @158 - inflateReset2 @159 - inflateUndermine @160 - -; zlib1 v1.2.6 added: - gzgetc_ @161 - inflateResetKeep @163 - deflateResetKeep @164 - -; zlib1 v1.2.7 added: - gzopen_w @165 - -; zlib1 v1.2.8 added: - inflateGetDictionary @166 - gzvprintf @167 - -; zlib1 v1.2.9 added: - inflateCodesUsed @168 - inflateValidate @169 - uncompress2 @170 - gzfread @171 - gzfwrite @172 - deflateGetDictionary @173 - adler32_z @174 - crc32_z @175 - -; zlib1 v1.2.12 added: - crc32_combine_gen @176 - crc32_combine_gen64 @177 - crc32_combine_op @178 diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.sln mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.sln --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.sln 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.sln 1970-01-01 00:00:00.000000000 +0000 @@ -1,179 +0,0 @@ - -Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 17 -VisualStudioVersion = 17.4.33015.44 -MinimumVisualStudioVersion = 10.0.40219.1 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibvc", "zlibvc.vcxproj", "{8FD826F8-3739-44E6-8CC8-997122E53B8D}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "zlibstat", "zlibstat.vcxproj", "{745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlib", "testzlib.vcxproj", "{AA6666AA-E09F-4135-9C0C-4FE50C3C654B}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "testzlibdll", "testzlibdll.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694366A}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "minizip", "minizip.vcxproj", "{48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}" -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "miniunz", "miniunz.vcxproj", "{C52F9E7B-498A-42BE-8DB4-85A15694382A}" -EndProject -Global - GlobalSection(SolutionConfigurationPlatforms) = preSolution - Debug|ARM = Debug|ARM - Debug|ARM64 = Debug|ARM64 - Debug|Win32 = Debug|Win32 - Debug|x64 = Debug|x64 - Release|ARM = Release|ARM - Release|ARM64 = Release|ARM64 - Release|Win32 = Release|Win32 - Release|x64 = Release|x64 - ReleaseWithoutAsm|ARM = ReleaseWithoutAsm|ARM - ReleaseWithoutAsm|ARM64 = ReleaseWithoutAsm|ARM64 - ReleaseWithoutAsm|Win32 = ReleaseWithoutAsm|Win32 - ReleaseWithoutAsm|x64 = ReleaseWithoutAsm|x64 - EndGlobalSection - GlobalSection(ProjectConfigurationPlatforms) = postSolution - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM.ActiveCfg = Debug|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM.Build.0 = Debug|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|ARM64.Build.0 = Debug|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.ActiveCfg = Debug|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|Win32.Build.0 = Debug|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.ActiveCfg = Debug|x64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Debug|x64.Build.0 = Debug|x64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM.ActiveCfg = Release|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM.Build.0 = Release|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM64.ActiveCfg = Release|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|ARM64.Build.0 = Release|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.ActiveCfg = Release|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|Win32.Build.0 = Release|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.ActiveCfg = Release|x64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.Release|x64.Build.0 = Release|x64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64 - {8FD826F8-3739-44E6-8CC8-997122E53B8D}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM.ActiveCfg = Debug|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM.Build.0 = Debug|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|ARM64.Build.0 = Debug|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.ActiveCfg = Debug|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|Win32.Build.0 = Debug|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.ActiveCfg = Debug|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Debug|x64.Build.0 = Debug|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM.ActiveCfg = Release|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM.Build.0 = Release|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM64.ActiveCfg = Release|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|ARM64.Build.0 = Release|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.ActiveCfg = Release|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|Win32.Build.0 = Release|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.ActiveCfg = Release|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.Release|x64.Build.0 = Release|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64 - {745DEC58-EBB3-47A9-A9B8-4C6627C01BF8}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.ActiveCfg = Debug|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.Build.0 = Debug|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.Build.0 = Debug|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.ActiveCfg = Release|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.Build.0 = Release|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.ActiveCfg = Release|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.Build.0 = Release|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.ActiveCfg = ReleaseWithoutAsm|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.Build.0 = ReleaseWithoutAsm|ARM - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.ActiveCfg = ReleaseWithoutAsm|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.Build.0 = ReleaseWithoutAsm|ARM64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = ReleaseWithoutAsm|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.Build.0 = ReleaseWithoutAsm|Win32 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = ReleaseWithoutAsm|x64 - {AA6666AA-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.Build.0 = ReleaseWithoutAsm|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM.ActiveCfg = Debug|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM.Build.0 = Debug|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|ARM64.Build.0 = Debug|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.ActiveCfg = Debug|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|Win32.Build.0 = Debug|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.ActiveCfg = Debug|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Debug|x64.Build.0 = Debug|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM.ActiveCfg = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM.Build.0 = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM64.ActiveCfg = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|ARM64.Build.0 = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.ActiveCfg = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|Win32.Build.0 = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.ActiveCfg = Release|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.Release|x64.Build.0 = Release|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694366A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.ActiveCfg = Debug|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM.Build.0 = Debug|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|ARM64.Build.0 = Debug|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.ActiveCfg = Debug|Win32 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|Win32.Build.0 = Debug|Win32 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.ActiveCfg = Debug|x64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Debug|x64.Build.0 = Debug|x64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.ActiveCfg = Release|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM.Build.0 = Release|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.ActiveCfg = Release|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|ARM64.Build.0 = Release|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.ActiveCfg = Release|Win32 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|Win32.Build.0 = Release|Win32 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.ActiveCfg = Release|x64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.Release|x64.Build.0 = Release|x64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32 - {48CDD9DC-E09F-4135-9C0C-4FE50C3C654B}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM.ActiveCfg = Debug|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM.Build.0 = Debug|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM64.ActiveCfg = Debug|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|ARM64.Build.0 = Debug|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.ActiveCfg = Debug|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|Win32.Build.0 = Debug|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.ActiveCfg = Debug|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Debug|x64.Build.0 = Debug|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM.ActiveCfg = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM.Build.0 = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM64.ActiveCfg = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|ARM64.Build.0 = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.ActiveCfg = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|Win32.Build.0 = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.ActiveCfg = Release|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.Release|x64.Build.0 = Release|x64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM.ActiveCfg = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM.Build.0 = Release|ARM - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM64.ActiveCfg = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|ARM64.Build.0 = Release|ARM64 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|Win32.ActiveCfg = Release|Win32 - {C52F9E7B-498A-42BE-8DB4-85A15694382A}.ReleaseWithoutAsm|x64.ActiveCfg = Release|x64 - EndGlobalSection - GlobalSection(SolutionProperties) = preSolution - HideSolutionNode = FALSE - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - SolutionGuid = {EAA58685-56D9-43F2-8703-FD2CB020745E} - EndGlobalSection -EndGlobal diff -Nru mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.vcxproj mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.vcxproj --- mariadb-11.8.6/zlib/contrib/vstudio/vc17/zlibvc.vcxproj 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/contrib/vstudio/vc17/zlibvc.vcxproj 1970-01-01 00:00:00.000000000 +0000 @@ -1,875 +0,0 @@ - - - - - Debug - ARM - - - Debug - ARM64 - - - Debug - Win32 - - - Debug - x64 - - - ReleaseWithoutAsm - ARM - - - ReleaseWithoutAsm - ARM64 - - - ReleaseWithoutAsm - Win32 - - - ReleaseWithoutAsm - x64 - - - Release - ARM - - - Release - ARM64 - - - Release - Win32 - - - Release - x64 - - - - {8FD826F8-3739-44E6-8CC8-997122E53B8D} - 10.0 - - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - v143 - Unicode - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - true - v143 - - - DynamicLibrary - false - v143 - - - DynamicLibrary - false - v143 - - - DynamicLibrary - false - v143 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30128.1 - x86\ZlibDll$(Configuration)\ - x86\ZlibDll$(Configuration)\Tmp\ - true - false - x86\ZlibDll$(Configuration)\ - x86\ZlibDll$(Configuration)\Tmp\ - false - false - x86\ZlibDll$(Configuration)\ - x86\ZlibDll$(Configuration)\Tmp\ - false - false - x64\ZlibDll$(Configuration)\ - x64\ZlibDll$(Configuration)\Tmp\ - true - true - true - false - false - false - x64\ZlibDll$(Configuration)\ - x64\ZlibDll$(Configuration)\Tmp\ - false - false - false - false - false - false - x64\ZlibDll$(Configuration)\ - x64\ZlibDll$(Configuration)\Tmp\ - false - false - false - false - false - false - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - AllRules.ruleset - - - AllRules.ruleset - AllRules.ruleset - AllRules.ruleset - - - - - - - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - zlibwapi - - - arm64\ZlibDll$(Configuration)\ - arm64\ZlibDll$(Configuration)\Tmp\ - - - arm\ZlibDll$(Configuration)\ - arm\ZlibDll$(Configuration)\Tmp\ - - - arm64\ZlibDll$(Configuration)\ - arm64\ZlibDll$(Configuration)\Tmp\ - - - arm64\ZlibDll$(Configuration)\ - arm64\ZlibDll$(Configuration)\Tmp\ - - - arm\ZlibDll$(Configuration)\ - arm\ZlibDll$(Configuration)\Tmp\ - - - arm\ZlibDll$(Configuration)\ - arm\ZlibDll$(Configuration)\Tmp\ - - - - _DEBUG;%(PreprocessorDefinitions) - true - true - Win32 - $(OutDir)zlibvc.tlb - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibvc.pch - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - ProgramDatabase - - - _DEBUG;%(PreprocessorDefinitions) - 0x040c - - - /MACHINE:I386 %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - .\zlibvc.def - true - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - false - - - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - Win32 - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - /MACHINE:I386 %(AdditionalOptions) - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - false - - - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - Win32 - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;%(PreprocessorDefinitions) - true - - - MultiThreaded - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - /MACHINE:I386 %(AdditionalOptions) - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - false - - - $(OutDir)zlibwapi.lib - false - - - - - _DEBUG;%(PreprocessorDefinitions) - true - true - X64 - $(OutDir)zlibvc.tlb - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibvc.pch - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - ProgramDatabase - - - _DEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - .\zlibvc.def - true - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - MachineX64 - - - - - _DEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibvc.pch - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - ProgramDatabase - - - _DEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - .\zlibvc.def - true - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - _DEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - Disabled - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - - - MultiThreadedDebugDLL - false - $(IntDir)zlibvc.pch - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - ProgramDatabase - - - _DEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - .\zlibvc.def - true - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - X64 - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - MachineX64 - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - WIN32;_CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - X64 - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - MachineX64 - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN64;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - NDEBUG;%(PreprocessorDefinitions) - true - true - $(OutDir)zlibvc.tlb - - - OnlyExplicitInline - ..\..\..;%(AdditionalIncludeDirectories) - _CRT_NONSTDC_NO_DEPRECATE;_CRT_SECURE_NO_DEPRECATE;_CRT_NONSTDC_NO_WARNINGS;ZLIB_WINAPI;WIN32;%(PreprocessorDefinitions) - true - - - MultiThreadedDLL - false - true - $(IntDir)zlibvc.pch - All - $(IntDir) - $(IntDir) - $(OutDir) - - - Level3 - true - - - NDEBUG;%(PreprocessorDefinitions) - 0x040c - - - %(AdditionalDependencies) - $(OutDir)zlibwapi.dll - true - false - .\zlibvc.def - $(OutDir)zlibwapi.pdb - true - $(OutDir)zlibwapi.map - Windows - $(OutDir)zlibwapi.lib - - - - - - - - - - - - - - - - - - - - - %(AdditionalIncludeDirectories) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - %(AdditionalIncludeDirectories) - %(AdditionalIncludeDirectories) - %(AdditionalIncludeDirectories) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - - - %(AdditionalIncludeDirectories) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - %(AdditionalIncludeDirectories) - %(AdditionalIncludeDirectories) - %(AdditionalIncludeDirectories) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - ZLIB_INTERNAL;%(PreprocessorDefinitions) - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff -Nru mariadb-11.8.6/zlib/crc32.c mariadb-11.8.8/zlib/crc32.c --- mariadb-11.8.6/zlib/crc32.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/crc32.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* crc32.c -- compute the CRC-32 of a data stream - * Copyright (C) 1995-2022 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h * * This interleaved implementation of a CRC makes use of pipelined multiple @@ -24,11 +24,18 @@ # include # ifndef DYNAMIC_CRC_TABLE # define DYNAMIC_CRC_TABLE -# endif /* !DYNAMIC_CRC_TABLE */ -#endif /* MAKECRCH */ +# endif +#endif +#ifdef DYNAMIC_CRC_TABLE +# define Z_ONCE +#endif #include "zutil.h" /* for Z_U4, Z_U8, z_crc_t, and FAR definitions */ +#ifdef HAVE_S390X_VX +# include "contrib/crc32vx/crc32_vx_hooks.h" +#endif + /* A CRC of a message is computed on N braids of words in the message, where each word consists of W bytes (4 or 8). If N is 3, for example, then three @@ -99,7 +106,8 @@ #endif /* If available, use the ARM processor CRC32 instruction. */ -#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) && W == 8 +#if defined(__aarch64__) && defined(__ARM_FEATURE_CRC32) && \ + defined(W) && W == 8 # define ARMCRC32 #endif @@ -152,10 +160,10 @@ Return a(x) multiplied by b(x) modulo p(x), where p(x) is the CRC polynomial, reflected. For speed, this requires that a not be zero. */ -local z_crc_t multmodp(z_crc_t a, z_crc_t b) { - z_crc_t m, p; +local uLong multmodp(uLong a, uLong b) { + uLong m, p; - m = (z_crc_t)1 << 31; + m = (uLong)1 << 31; p = 0; for (;;) { if (a & m) { @@ -171,12 +179,12 @@ /* Return x^(n * 2^k) modulo p(x). Requires that x2n_table[] has been - initialized. + initialized. n must not be negative. */ -local z_crc_t x2nmodp(z_off64_t n, unsigned k) { - z_crc_t p; +local uLong x2nmodp(z_off64_t n, unsigned k) { + uLong p; - p = (z_crc_t)1 << 31; /* x^0 == 1 */ + p = (uLong)1 << 31; /* x^0 == 1 */ while (n) { if (n & 1) p = multmodp(x2n_table[k & 31], p); @@ -204,83 +212,8 @@ local void write_table64(FILE *, const z_word_t FAR *, int); #endif /* MAKECRCH */ -/* - Define a once() function depending on the availability of atomics. If this is - compiled with DYNAMIC_CRC_TABLE defined, and if CRCs will be computed in - multiple threads, and if atomics are not available, then get_crc_table() must - be called to initialize the tables and must return before any threads are - allowed to compute or combine CRCs. - */ - -/* Definition of once functionality. */ -typedef struct once_s once_t; - -/* Check for the availability of atomics. */ -#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \ - !defined(__STDC_NO_ATOMICS__) - -#include - -/* Structure for once(), which must be initialized with ONCE_INIT. */ -struct once_s { - atomic_flag begun; - atomic_int done; -}; -#define ONCE_INIT {ATOMIC_FLAG_INIT, 0} - -/* - Run the provided init() function exactly once, even if multiple threads - invoke once() at the same time. The state must be a once_t initialized with - ONCE_INIT. - */ -local void once(once_t *state, void (*init)(void)) { - if (!atomic_load(&state->done)) { - if (atomic_flag_test_and_set(&state->begun)) - while (!atomic_load(&state->done)) - ; - else { - init(); - atomic_store(&state->done, 1); - } - } -} - -#else /* no atomics */ - -/* Structure for once(), which must be initialized with ONCE_INIT. */ -struct once_s { - volatile int begun; - volatile int done; -}; -#define ONCE_INIT {0, 0} - -/* Test and set. Alas, not atomic, but tries to minimize the period of - vulnerability. */ -local int test_and_set(int volatile *flag) { - int was; - - was = *flag; - *flag = 1; - return was; -} - -/* Run the provided init() function once. This is not thread-safe. */ -local void once(once_t *state, void (*init)(void)) { - if (!state->done) { - if (test_and_set(&state->begun)) - while (!state->done) - ; - else { - init(); - state->done = 1; - } - } -} - -#endif - /* State for once(). */ -local once_t made = ONCE_INIT; +local z_once_t made = Z_ONCE_INIT; /* Generate tables for a byte-wise 32-bit CRC calculation on the polynomial: @@ -326,7 +259,7 @@ p = (z_crc_t)1 << 30; /* x^1 */ x2n_table[0] = p; for (n = 1; n < 32; n++) - x2n_table[n] = p = multmodp(p, p); + x2n_table[n] = p = (z_crc_t)multmodp(p, p); #ifdef W /* initialize the braiding tables -- needs x2n_table[] */ @@ -529,11 +462,11 @@ int k; z_crc_t i, p, q; for (k = 0; k < w; k++) { - p = x2nmodp((n * w + 3 - k) << 3, 0); + p = (z_crc_t)x2nmodp((n * w + 3 - k) << 3, 0); ltl[k][0] = 0; big[w - 1 - k][0] = 0; for (i = 1; i < 256; i++) { - ltl[k][i] = q = multmodp(i << 24, p); + ltl[k][i] = q = (z_crc_t)multmodp(i << 24, p); big[w - 1 - k][i] = byte_swap(q); } } @@ -548,7 +481,7 @@ */ const z_crc_t FAR * ZEXPORT get_crc_table(void) { #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); + z_once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ return (const z_crc_t FAR *)crc_table; } @@ -572,9 +505,8 @@ #define Z_BATCH_ZEROS 0xa10d3d0c /* computed from Z_BATCH = 3990 */ #define Z_BATCH_MIN 800 /* fewest words in a final batch */ -unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf, - z_size_t len) { - z_crc_t val; +uLong ZEXPORT crc32_z(uLong crc, const unsigned char FAR *buf, z_size_t len) { + uLong val; z_word_t crc1, crc2; const z_word_t *word; z_word_t val0, val1, val2; @@ -585,7 +517,7 @@ if (buf == Z_NULL) return 0; #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); + z_once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ /* Pre-condition the CRC */ @@ -640,7 +572,7 @@ } word += 3 * last; num -= 3 * last; - val = x2nmodp(last, 6); + val = x2nmodp((int)last, 6); crc = multmodp(val, crc) ^ crc1; crc = multmodp(val, crc) ^ crc2; } @@ -691,13 +623,12 @@ #endif /* ========================================================================= */ -unsigned long ZEXPORT crc32_z(unsigned long crc, const unsigned char FAR *buf, - z_size_t len) { +uLong ZEXPORT crc32_z(uLong crc, const unsigned char FAR *buf, z_size_t len) { /* Return initial CRC, if requested. */ if (buf == Z_NULL) return 0; #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); + z_once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ /* Pre-condition the CRC */ @@ -1012,38 +943,41 @@ #endif /* ========================================================================= */ -unsigned long ZEXPORT crc32(unsigned long crc, const unsigned char FAR *buf, - uInt len) { +uLong ZEXPORT crc32(uLong crc, const unsigned char FAR *buf, uInt len) { + #ifdef HAVE_S390X_VX + return crc32_z_hook(crc, buf, len); + #endif return crc32_z(crc, buf, len); } /* ========================================================================= */ -uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) { +uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) { + if (len2 < 0) + return 0; #ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); + z_once(&made, make_crc_table); #endif /* DYNAMIC_CRC_TABLE */ - return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff); + return x2nmodp(len2, 3); } /* ========================================================================= */ -uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) { - return crc32_combine64(crc1, crc2, (z_off64_t)len2); +uLong ZEXPORT crc32_combine_gen(z_off_t len2) { + return crc32_combine_gen64((z_off64_t)len2); } /* ========================================================================= */ -uLong ZEXPORT crc32_combine_gen64(z_off64_t len2) { -#ifdef DYNAMIC_CRC_TABLE - once(&made, make_crc_table); -#endif /* DYNAMIC_CRC_TABLE */ - return x2nmodp(len2, 3); +uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) { + if (op == 0) + return 0; + return multmodp(op, crc1 & 0xffffffff) ^ (crc2 & 0xffffffff); } /* ========================================================================= */ -uLong ZEXPORT crc32_combine_gen(z_off_t len2) { - return crc32_combine_gen64((z_off64_t)len2); +uLong ZEXPORT crc32_combine64(uLong crc1, uLong crc2, z_off64_t len2) { + return crc32_combine_op(crc1, crc2, crc32_combine_gen64(len2)); } /* ========================================================================= */ -uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op) { - return multmodp(op, crc1) ^ (crc2 & 0xffffffff); +uLong ZEXPORT crc32_combine(uLong crc1, uLong crc2, z_off_t len2) { + return crc32_combine64(crc1, crc2, (z_off64_t)len2); } diff -Nru mariadb-11.8.6/zlib/deflate.c mariadb-11.8.8/zlib/deflate.c --- mariadb-11.8.6/zlib/deflate.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/deflate.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly and Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -37,7 +37,7 @@ * REFERENCES * * Deutsch, L.P.,"DEFLATE Compressed Data Format Specification". - * Available in http://tools.ietf.org/html/rfc1951 + * Available at https://datatracker.ietf.org/doc/html/rfc1951 * * A description of the Rabin and Karp algorithm is given in the book * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. @@ -52,7 +52,7 @@ #include "deflate.h" const char deflate_copyright[] = - " deflate 1.3.1 Copyright 1995-2024 Jean-loup Gailly and Mark Adler "; + " deflate 1.3.2 Copyright 1995-2026 Jean-loup Gailly and Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot @@ -170,8 +170,8 @@ #define CLEAR_HASH(s) \ do { \ s->head[s->hash_size - 1] = NIL; \ - zmemzero((Bytef *)s->head, \ - (unsigned)(s->hash_size - 1)*sizeof(*s->head)); \ + zmemzero(s->head, (unsigned)(s->hash_size - 1)*sizeof(*s->head)); \ + s->slid = 0; \ } while (0) /* =========================================================================== @@ -195,8 +195,8 @@ m = *--p; *p = (Pos)(m >= wsize ? m - wsize : NIL); } while (--n); - n = wsize; #ifndef FASTEST + n = wsize; p = &s->prev[n]; do { m = *--p; @@ -206,6 +206,7 @@ */ } while (--n); #endif + s->slid = 1; } /* =========================================================================== @@ -259,7 +260,14 @@ more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); /* Deal with !@#$% 64K limit: */ +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable: 4127) +#endif if (sizeof(int) <= 2) { +#ifdef _MSC_VER +#pragma warning(pop) +#endif if (more == 0 && s->strstart == 0 && s->lookahead == 0) { more = wsize; @@ -431,6 +439,7 @@ if (windowBits == 8) windowBits = 9; /* until 256-byte window bug fixed */ s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); if (s == Z_NULL) return Z_MEM_ERROR; + zmemzero(s, sizeof(deflate_state)); strm->state = (struct internal_state FAR *)s; s->strm = strm; s->status = INIT_STATE; /* to pass state test in deflateReset() */ @@ -712,10 +721,23 @@ /* ========================================================================= */ int ZEXPORT deflatePending(z_streamp strm, unsigned *pending, int *bits) { if (deflateStateCheck(strm)) return Z_STREAM_ERROR; - if (pending != Z_NULL) - *pending = strm->state->pending; if (bits != Z_NULL) *bits = strm->state->bi_valid; + if (pending != Z_NULL) { + *pending = (unsigned)strm->state->pending; + if (*pending != strm->state->pending) { + *pending = (unsigned)-1; + return Z_BUF_ERROR; + } + } + return Z_OK; +} + +/* ========================================================================= */ +int ZEXPORT deflateUsed(z_streamp strm, int *bits) { + if (deflateStateCheck(strm)) return Z_STREAM_ERROR; + if (bits != Z_NULL) + *bits = strm->state->bi_used; return Z_OK; } @@ -831,28 +853,34 @@ * * Shifts are used to approximate divisions, for speed. */ -uLong ZEXPORT deflateBound(z_streamp strm, uLong sourceLen) { +z_size_t ZEXPORT deflateBound_z(z_streamp strm, z_size_t sourceLen) { deflate_state *s; - uLong fixedlen, storelen, wraplen; + z_size_t fixedlen, storelen, wraplen, bound; /* upper bound for fixed blocks with 9-bit literals and length 255 (memLevel == 2, which is the lowest that may not use stored blocks) -- ~13% overhead plus a small constant */ fixedlen = sourceLen + (sourceLen >> 3) + (sourceLen >> 8) + (sourceLen >> 9) + 4; + if (fixedlen < sourceLen) + fixedlen = (z_size_t)-1; /* upper bound for stored blocks with length 127 (memLevel == 1) -- ~4% overhead plus a small constant */ storelen = sourceLen + (sourceLen >> 5) + (sourceLen >> 7) + (sourceLen >> 11) + 7; + if (storelen < sourceLen) + storelen = (z_size_t)-1; - /* if can't get parameters, return larger bound plus a zlib wrapper */ - if (deflateStateCheck(strm)) - return (fixedlen > storelen ? fixedlen : storelen) + 6; + /* if can't get parameters, return larger bound plus a wrapper */ + if (deflateStateCheck(strm)) { + bound = fixedlen > storelen ? fixedlen : storelen; + return bound + 18 < bound ? (z_size_t)-1 : bound + 18; + } /* compute wrapper length */ s = strm->state; - switch (s->wrap) { + switch (s->wrap < 0 ? -s->wrap : s->wrap) { case 0: /* raw deflate */ wraplen = 0; break; @@ -882,18 +910,25 @@ break; #endif default: /* for compiler happiness */ - wraplen = 6; + wraplen = 18; } /* if not default parameters, return one of the conservative bounds */ - if (s->w_bits != 15 || s->hash_bits != 8 + 7) - return (s->w_bits <= s->hash_bits && s->level ? fixedlen : storelen) + - wraplen; + if (s->w_bits != 15 || s->hash_bits != 8 + 7) { + bound = s->w_bits <= s->hash_bits && s->level ? fixedlen : + storelen; + return bound + wraplen < bound ? (z_size_t)-1 : bound + wraplen; + } /* default settings: return tight bound for that case -- ~0.03% overhead plus a small constant */ - return sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + - (sourceLen >> 25) + 13 - 6 + wraplen; + bound = sourceLen + (sourceLen >> 12) + (sourceLen >> 14) + + (sourceLen >> 25) + 13 - 6 + wraplen; + return bound < sourceLen ? (z_size_t)-1 : bound; +} +uLong ZEXPORT deflateBound(z_streamp strm, uLong sourceLen) { + z_size_t bound = deflateBound_z(strm, sourceLen); + return (uLong)bound != bound ? (uLong)-1 : (uLong)bound; } /* ========================================================================= @@ -917,8 +952,8 @@ deflate_state *s = strm->state; _tr_flush_bits(s); - len = s->pending; - if (len > strm->avail_out) len = strm->avail_out; + len = s->pending > strm->avail_out ? strm->avail_out : + (unsigned)s->pending; if (len == 0) return; zmemcpy(strm->next_out, s->pending_out, len); @@ -938,8 +973,8 @@ #define HCRC_UPDATE(beg) \ do { \ if (s->gzhead->hcrc && s->pending > (beg)) \ - strm->adler = crc32(strm->adler, s->pending_buf + (beg), \ - s->pending - (beg)); \ + strm->adler = crc32_z(strm->adler, s->pending_buf + (beg), \ + s->pending - (beg)); \ } while (0) /* ========================================================================= */ @@ -1073,8 +1108,8 @@ put_byte(s, (s->gzhead->extra_len >> 8) & 0xff); } if (s->gzhead->hcrc) - strm->adler = crc32(strm->adler, s->pending_buf, - s->pending); + strm->adler = crc32_z(strm->adler, s->pending_buf, + s->pending); s->gzindex = 0; s->status = EXTRA_STATE; } @@ -1082,9 +1117,9 @@ if (s->status == EXTRA_STATE) { if (s->gzhead->extra != Z_NULL) { ulg beg = s->pending; /* start of bytes to update crc */ - uInt left = (s->gzhead->extra_len & 0xffff) - s->gzindex; + ulg left = (s->gzhead->extra_len & 0xffff) - s->gzindex; while (s->pending + left > s->pending_buf_size) { - uInt copy = s->pending_buf_size - s->pending; + ulg copy = s->pending_buf_size - s->pending; zmemcpy(s->pending_buf + s->pending, s->gzhead->extra + s->gzindex, copy); s->pending = s->pending_buf_size; @@ -1295,12 +1330,13 @@ ss = source->state; - zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream)); + zmemcpy(dest, source, sizeof(z_stream)); ds = (deflate_state *) ZALLOC(dest, 1, sizeof(deflate_state)); if (ds == Z_NULL) return Z_MEM_ERROR; + zmemzero(ds, sizeof(deflate_state)); dest->state = (struct internal_state FAR *) ds; - zmemcpy((voidpf)ds, (voidpf)ss, sizeof(deflate_state)); + zmemcpy(ds, ss, sizeof(deflate_state)); ds->strm = dest; ds->window = (Bytef *) ZALLOC(dest, ds->w_size, 2*sizeof(Byte)); @@ -1313,18 +1349,23 @@ deflateEnd (dest); return Z_MEM_ERROR; } - /* following zmemcpy do not work for 16-bit MSDOS */ - zmemcpy(ds->window, ss->window, ds->w_size * 2 * sizeof(Byte)); - zmemcpy((voidpf)ds->prev, (voidpf)ss->prev, ds->w_size * sizeof(Pos)); - zmemcpy((voidpf)ds->head, (voidpf)ss->head, ds->hash_size * sizeof(Pos)); - zmemcpy(ds->pending_buf, ss->pending_buf, ds->lit_bufsize * LIT_BUFS); + /* following zmemcpy's do not work for 16-bit MSDOS */ + zmemcpy(ds->window, ss->window, ss->high_water); + zmemcpy(ds->prev, ss->prev, + (ss->slid || ss->strstart - ss->insert > ds->w_size ? ds->w_size : + ss->strstart - ss->insert) * sizeof(Pos)); + zmemcpy(ds->head, ss->head, ds->hash_size * sizeof(Pos)); ds->pending_out = ds->pending_buf + (ss->pending_out - ss->pending_buf); + zmemcpy(ds->pending_out, ss->pending_out, ss->pending); #ifdef LIT_MEM ds->d_buf = (ushf *)(ds->pending_buf + (ds->lit_bufsize << 1)); ds->l_buf = ds->pending_buf + (ds->lit_bufsize << 2); + zmemcpy(ds->d_buf, ss->d_buf, ss->sym_next * sizeof(ush)); + zmemcpy(ds->l_buf, ss->l_buf, ss->sym_next); #else ds->sym_buf = ds->pending_buf + ds->lit_bufsize; + zmemcpy(ds->sym_buf, ss->sym_buf, ss->sym_next); #endif ds->l_desc.dyn_tree = ds->dyn_ltree; @@ -1347,9 +1388,9 @@ */ local uInt longest_match(deflate_state *s, IPos cur_match) { unsigned chain_length = s->max_chain_length;/* max hash chain length */ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ + Bytef *scan = s->window + s->strstart; /* current string */ + Bytef *match; /* matched string */ + int len; /* length of current match */ int best_len = (int)s->prev_length; /* best match length so far */ int nice_match = s->nice_match; /* stop if match long enough */ IPos limit = s->strstart > (IPos)MAX_DIST(s) ? @@ -1364,13 +1405,13 @@ /* Compare two bytes at a time. Note: this is not always beneficial. * Try with and without -DUNALIGNED_OK to check. */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; - register ush scan_start = *(ushf*)scan; - register ush scan_end = *(ushf*)(scan + best_len - 1); + Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; + ush scan_start = *(ushf*)scan; + ush scan_end = *(ushf*)(scan + best_len - 1); #else - register Bytef *strend = s->window + s->strstart + MAX_MATCH; - register Byte scan_end1 = scan[best_len - 1]; - register Byte scan_end = scan[best_len]; + Bytef *strend = s->window + s->strstart + MAX_MATCH; + Byte scan_end1 = scan[best_len - 1]; + Byte scan_end = scan[best_len]; #endif /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. @@ -1494,10 +1535,10 @@ * Optimized version for FASTEST only */ local uInt longest_match(deflate_state *s, IPos cur_match) { - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH; + Bytef *scan = s->window + s->strstart; /* current string */ + Bytef *match; /* matched string */ + int len; /* length of current match */ + Bytef *strend = s->window + s->strstart + MAX_MATCH; /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. * It is easy to get rid of this optimization if necessary. @@ -1557,7 +1598,7 @@ local void check_match(deflate_state *s, IPos start, IPos match, int length) { /* check that the match is indeed a match */ Bytef *back = s->window + (int)match, *here = s->window + start; - IPos len = length; + IPos len = (IPos)length; if (match == (IPos)-1) { /* match starts one byte before the current window -- just compare the subsequent length-1 bytes */ @@ -1629,13 +1670,14 @@ * this is 32K. This can be as small as 507 bytes for memLevel == 1. For * large input and output buffers, the stored block size will be larger. */ - unsigned min_block = MIN(s->pending_buf_size - 5, s->w_size); + unsigned min_block = (unsigned)(MIN(s->pending_buf_size - 5, s->w_size)); /* Copy as many min_block or larger stored blocks directly to next_out as * possible. If flushing, copy the remaining available input to next_out as * stored blocks, if there is enough space. */ - unsigned len, left, have, last = 0; + int last = 0; + unsigned len, left, have; unsigned used = s->strm->avail_in; do { /* Set len to the maximum size block that we can copy directly with the @@ -1643,12 +1685,12 @@ * would be copied from what's left in the window. */ len = MAX_STORED; /* maximum deflate stored block length */ - have = (s->bi_valid + 42) >> 3; /* number of header bytes */ + have = ((unsigned)s->bi_valid + 42) >> 3; /* bytes in header */ if (s->strm->avail_out < have) /* need room for header */ break; /* maximum stored block length that will fit in avail_out: */ have = s->strm->avail_out - have; - left = s->strstart - s->block_start; /* bytes left in window */ + left = (unsigned)(s->strstart - s->block_start); /* window bytes */ if (len > (ulg)left + s->strm->avail_in) len = left + s->strm->avail_in; /* limit len to the input */ if (len > have) @@ -1671,10 +1713,10 @@ _tr_stored_block(s, (char *)0, 0L, last); /* Replace the lengths in the dummy stored block with len. */ - s->pending_buf[s->pending - 4] = len; - s->pending_buf[s->pending - 3] = len >> 8; - s->pending_buf[s->pending - 2] = ~len; - s->pending_buf[s->pending - 1] = ~len >> 8; + s->pending_buf[s->pending - 4] = (Bytef)len; + s->pending_buf[s->pending - 3] = (Bytef)(len >> 8); + s->pending_buf[s->pending - 2] = (Bytef)~len; + s->pending_buf[s->pending - 1] = (Bytef)(~len >> 8); /* Write the stored block header bytes. */ flush_pending(s->strm); @@ -1745,8 +1787,10 @@ s->high_water = s->strstart; /* If the last block was written to next_out, then done. */ - if (last) + if (last) { + s->bi_used = 8; return finish_done; + } /* If flushing and all input has been consumed, then done. */ if (flush != Z_NO_FLUSH && flush != Z_FINISH && @@ -1754,7 +1798,7 @@ return block_done; /* Fill the window with any remaining input. */ - have = s->window_size - s->strstart; + have = (unsigned)(s->window_size - s->strstart); if (s->strm->avail_in > have && s->block_start >= (long)s->w_size) { /* Slide the window down. */ s->block_start -= s->w_size; @@ -1781,11 +1825,11 @@ * have enough input for a worthy block, or if flushing and there is enough * room for the remaining input as a stored block in the pending buffer. */ - have = (s->bi_valid + 42) >> 3; /* number of header bytes */ + have = ((unsigned)s->bi_valid + 42) >> 3; /* bytes in header */ /* maximum stored block length that will fit in pending: */ - have = MIN(s->pending_buf_size - have, MAX_STORED); + have = (unsigned)MIN(s->pending_buf_size - have, MAX_STORED); min_block = MIN(have, s->w_size); - left = s->strstart - s->block_start; + left = (unsigned)(s->strstart - s->block_start); if (left >= min_block || ((left || flush == Z_FINISH) && flush != Z_NO_FLUSH && s->strm->avail_in == 0 && left <= have)) { @@ -1798,6 +1842,8 @@ } /* We've done all we can with the available input and output. */ + if (last) + s->bi_used = 8; return last ? finish_started : need_more; } @@ -1846,7 +1892,7 @@ /* longest_match() sets match_start */ } if (s->match_length >= MIN_MATCH) { - check_match(s, s->strstart, s->match_start, s->match_length); + check_match(s, s->strstart, s->match_start, (int)s->match_length); _tr_tally_dist(s, s->strstart - s->match_start, s->match_length - MIN_MATCH, bflush); @@ -1968,7 +2014,7 @@ uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; /* Do not insert strings in hash table beyond this. */ - check_match(s, s->strstart - 1, s->prev_match, s->prev_length); + check_match(s, s->strstart - 1, s->prev_match, (int)s->prev_length); _tr_tally_dist(s, s->strstart - 1 - s->prev_match, s->prev_length - MIN_MATCH, bflush); @@ -2076,7 +2122,7 @@ /* Emit match if have run of MIN_MATCH or longer, else emit literal */ if (s->match_length >= MIN_MATCH) { - check_match(s, s->strstart, s->strstart - 1, s->match_length); + check_match(s, s->strstart, s->strstart - 1, (int)s->match_length); _tr_tally_dist(s, 1, s->match_length - MIN_MATCH, bflush); diff -Nru mariadb-11.8.6/zlib/deflate.h mariadb-11.8.8/zlib/deflate.h --- mariadb-11.8.6/zlib/deflate.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/deflate.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* deflate.h -- internal compression state - * Copyright (C) 1995-2024 Jean-loup Gailly + * Copyright (C) 1995-2026 Jean-loup Gailly * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -271,6 +271,9 @@ /* Number of valid bits in bi_buf. All bits above the last valid bit * are always zero. */ + int bi_used; + /* Last number of used bits when going to a byte boundary. + */ ulg high_water; /* High water mark offset in window for initialized bytes -- bytes above @@ -279,6 +282,9 @@ * updated to the new high water mark. */ + int slid; + /* True if the hash table has been slid since it was cleared. */ + } FAR deflate_state; /* Output a byte on the stream. diff -Nru mariadb-11.8.6/zlib/gzguts.h mariadb-11.8.8/zlib/gzguts.h --- mariadb-11.8.6/zlib/gzguts.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/gzguts.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* gzguts.h -- zlib internal header definitions for gz* operations - * Copyright (C) 2004-2024 Mark Adler + * Copyright (C) 2004-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -17,6 +17,18 @@ # define ZLIB_INTERNAL #endif +#if defined(_WIN32) +# ifndef WIN32_LEAN_AND_MEAN +# define WIN32_LEAN_AND_MEAN +# endif +# ifndef _CRT_SECURE_NO_WARNINGS +# define _CRT_SECURE_NO_WARNINGS +# endif +# ifndef _CRT_NONSTDC_NO_DEPRECATE +# define _CRT_NONSTDC_NO_DEPRECATE +# endif +#endif + #include #include "zlib.h" #ifdef STDC @@ -25,8 +37,8 @@ # include #endif -#ifndef _POSIX_SOURCE -# define _POSIX_SOURCE +#ifndef _POSIX_C_SOURCE +# define _POSIX_C_SOURCE 200112L #endif #include @@ -36,19 +48,13 @@ #if defined(__TURBOC__) || defined(_MSC_VER) || defined(_WIN32) # include +# include #endif -#if defined(_WIN32) +#if defined(_WIN32) && !defined(WIDECHAR) # define WIDECHAR #endif -#ifdef WINAPI_FAMILY -# define open _open -# define read _read -# define write _write -# define close _close -#endif - #ifdef NO_DEFLATE /* for compatibility with old definition */ # define NO_GZCOMPRESS #endif @@ -72,33 +78,28 @@ #endif #ifndef HAVE_VSNPRINTF -# ifdef MSDOS +# if !defined(NO_vsnprintf) && \ + (defined(MSDOS) || defined(__TURBOC__) || defined(__SASC) || \ + defined(VMS) || defined(__OS400) || defined(__MVS__)) /* vsnprintf may exist on some MS-DOS compilers (DJGPP?), but for now we just assume it doesn't. */ # define NO_vsnprintf # endif -# ifdef __TURBOC__ -# define NO_vsnprintf -# endif # ifdef WIN32 /* In Win32, vsnprintf is available as the "non-ANSI" _vsnprintf. */ -# if !defined(vsnprintf) && !defined(NO_vsnprintf) -# if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 ) -# define vsnprintf _vsnprintf +# if !defined(_MSC_VER) || ( defined(_MSC_VER) && _MSC_VER < 1500 ) +# ifndef vsnprintf +# define vsnprintf _vsnprintf # endif # endif -# endif -# ifdef __SASC -# define NO_vsnprintf -# endif -# ifdef VMS -# define NO_vsnprintf -# endif -# ifdef __OS400__ -# define NO_vsnprintf -# endif -# ifdef __MVS__ -# define NO_vsnprintf +# elif !defined(__STDC_VERSION__) || __STDC_VERSION__-0 < 199901L +/* Otherwise if C89/90, assume no C99 snprintf() or vsnprintf() */ +# ifndef NO_snprintf +# define NO_snprintf +# endif +# ifndef NO_vsnprintf +# define NO_vsnprintf +# endif # endif #endif @@ -182,7 +183,9 @@ unsigned char *out; /* output buffer (double-sized when reading) */ int direct; /* 0 if processing gzip, 1 if transparent */ /* just for reading */ + int junk; /* -1 = start, 1 = junk candidate, 0 = in gzip */ int how; /* 0: get header, 1: copy, 2: decompress */ + int again; /* true if EAGAIN or EWOULDBLOCK on last i/o */ z_off64_t start; /* where the gzip data started, for rewinding */ int eof; /* true if end of input file reached */ int past; /* true if read requested past end */ @@ -192,7 +195,6 @@ int reset; /* true if a reset is pending after a Z_FINISH */ /* seek request */ z_off64_t skip; /* amount to skip (already rewound if backwards) */ - int seek; /* true if seek request pending */ /* error information */ int err; /* error code */ char *msg; /* error message */ diff -Nru mariadb-11.8.6/zlib/gzlib.c mariadb-11.8.8/zlib/gzlib.c --- mariadb-11.8.6/zlib/gzlib.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/gzlib.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,19 +1,19 @@ /* gzlib.c -- zlib functions common to reading and writing gzip files - * Copyright (C) 2004-2024 Mark Adler + * Copyright (C) 2004-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ #include "gzguts.h" -#if defined(_WIN32) && !defined(__BORLANDC__) +#if defined(__DJGPP__) +# define LSEEK llseek +#elif defined(_WIN32) && !defined(__BORLANDC__) && !defined(UNDER_CE) # define LSEEK _lseeki64 -#else -#if defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 +#elif defined(_LARGEFILE64_SOURCE) && _LFS64_LARGEFILE-0 # define LSEEK lseek64 #else # define LSEEK lseek #endif -#endif #if defined UNDER_CE @@ -52,7 +52,7 @@ msgbuf[chars] = 0; } - wcstombs(buf, msgbuf, chars + 1); + wcstombs(buf, msgbuf, chars + 1); /* assumes buf is big enough */ LocalFree(msgbuf); } else { @@ -72,10 +72,12 @@ state->eof = 0; /* not at end of file */ state->past = 0; /* have not read past end yet */ state->how = LOOK; /* look for gzip header */ + state->junk = -1; /* mark first member */ } else /* for writing ... */ state->reset = 0; /* no deflateReset pending */ - state->seek = 0; /* no seek request pending */ + state->again = 0; /* no stalled i/o yet */ + state->skip = 0; /* no seek request pending */ gz_error(state, Z_OK, NULL); /* clear error */ state->x.pos = 0; /* no uncompressed data yet */ state->strm.avail_in = 0; /* no input data yet */ @@ -85,16 +87,13 @@ local gzFile gz_open(const void *path, int fd, const char *mode) { gz_statep state; z_size_t len; - int oflag; -#ifdef O_CLOEXEC - int cloexec = 0; -#endif + int oflag = 0; #ifdef O_EXCL int exclusive = 0; #endif /* check input */ - if (path == NULL) + if (path == NULL || mode == NULL) return NULL; /* allocate gzFile structure to return */ @@ -103,6 +102,7 @@ return NULL; state->size = 0; /* no buffers allocated yet */ state->want = GZBUFSIZE; /* requested buffer size */ + state->err = Z_OK; /* no error yet */ state->msg = NULL; /* no error message yet */ /* interpret mode */ @@ -133,7 +133,7 @@ break; #ifdef O_CLOEXEC case 'e': - cloexec = 1; + oflag |= O_CLOEXEC; break; #endif #ifdef O_EXCL @@ -153,6 +153,14 @@ case 'F': state->strategy = Z_FIXED; break; + case 'G': + state->direct = -1; + break; +#ifdef O_NONBLOCK + case 'N': + oflag |= O_NONBLOCK; + break; +#endif case 'T': state->direct = 1; break; @@ -168,22 +176,30 @@ return NULL; } - /* can't force transparent read */ + /* direct is 0, 1 if "T", or -1 if "G" (last "G" or "T" wins) */ if (state->mode == GZ_READ) { - if (state->direct) { + if (state->direct == 1) { + /* can't force a transparent read */ free(state); return NULL; } - state->direct = 1; /* for empty file */ + if (state->direct == 0) + /* default when reading is auto-detect of gzip vs. transparent -- + start with a transparent assumption in case of an empty file */ + state->direct = 1; } + else if (state->direct == -1) { + /* "G" has no meaning when writing -- disallow it */ + free(state); + return NULL; + } + /* if reading, direct == 1 for auto-detect, -1 for gzip only; if writing or + appending, direct == 0 for gzip, 1 for transparent (copy in to out) */ /* save the path name for error messages */ #ifdef WIDECHAR - if (fd == -2) { + if (fd == -2) len = wcstombs(NULL, path, 0); - if (len == (z_size_t)-1) - len = 0; - } else #endif len = strlen((const char *)path); @@ -193,30 +209,30 @@ return NULL; } #ifdef WIDECHAR - if (fd == -2) + if (fd == -2) { if (len) wcstombs(state->path, path, len + 1); else *(state->path) = 0; + } else #endif + { #if !defined(NO_snprintf) && !defined(NO_vsnprintf) (void)snprintf(state->path, len + 1, "%s", (const char *)path); #else strcpy(state->path, path); #endif + } /* compute the flags for open() */ - oflag = + oflag |= #ifdef O_LARGEFILE O_LARGEFILE | #endif #ifdef O_BINARY O_BINARY | #endif -#ifdef O_CLOEXEC - (cloexec ? O_CLOEXEC : 0) | -#endif (state->mode == GZ_READ ? O_RDONLY : (O_WRONLY | O_CREAT | @@ -228,11 +244,23 @@ O_APPEND))); /* open the file with the appropriate flags (or just use fd) */ - state->fd = fd > -1 ? fd : ( + if (fd == -1) + state->fd = open((const char *)path, oflag, 0666); #ifdef WIDECHAR - fd == -2 ? _wopen(path, oflag, 0666) : + else if (fd == -2) + state->fd = _wopen(path, oflag, _S_IREAD | _S_IWRITE); +#endif + else { +#ifdef O_NONBLOCK + if (oflag & O_NONBLOCK) + fcntl(fd, F_SETFL, fcntl(fd, F_GETFL) | O_NONBLOCK); #endif - open((const char *)path, oflag, 0666)); +#ifdef O_CLOEXEC + if (oflag & O_CLOEXEC) + fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | O_CLOEXEC); +#endif + state->fd = fd; + } if (state->fd == -1) { free(state->path); free(state); @@ -359,9 +387,10 @@ /* normalize offset to a SEEK_CUR specification */ if (whence == SEEK_SET) offset -= state->x.pos; - else if (state->seek) - offset += state->skip; - state->seek = 0; + else { + offset += state->past ? 0 : state->skip; + state->skip = 0; + } /* if within raw area while reading, just go there */ if (state->mode == GZ_READ && state->how == COPY && @@ -372,7 +401,7 @@ state->x.have = 0; state->eof = 0; state->past = 0; - state->seek = 0; + state->skip = 0; gz_error(state, Z_OK, NULL); state->strm.avail_in = 0; state->x.pos += offset; @@ -401,10 +430,7 @@ } /* request skip (if not zero) */ - if (offset) { - state->seek = 1; - state->skip = offset; - } + state->skip = offset; return state->x.pos + offset; } @@ -428,7 +454,7 @@ return -1; /* return position */ - return state->x.pos + (state->seek ? state->skip : 0); + return state->x.pos + (state->past ? 0 : state->skip); } /* -- see zlib.h -- */ @@ -535,7 +561,7 @@ } /* if fatal, set state->x.have to 0 so that the gzgetc() macro fails */ - if (err != Z_OK && err != Z_BUF_ERROR) + if (err != Z_OK && err != Z_BUF_ERROR && !state->again) state->x.have = 0; /* set error code, and if no message, then done */ @@ -572,6 +598,7 @@ return INT_MAX; #else unsigned p = 1, q; + do { q = p; p <<= 1; diff -Nru mariadb-11.8.6/zlib/gzread.c mariadb-11.8.8/zlib/gzread.c --- mariadb-11.8.6/zlib/gzread.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/gzread.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* gzread.c -- zlib functions for reading gzip files - * Copyright (C) 2004-2017 Mark Adler + * Copyright (C) 2004-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -8,23 +8,36 @@ /* Use read() to load a buffer -- return -1 on error, otherwise 0. Read from state->fd, and update state->eof, state->err, and state->msg as appropriate. This function needs to loop on read(), since read() is not guaranteed to - read the number of bytes requested, depending on the type of descriptor. */ + read the number of bytes requested, depending on the type of descriptor. It + also needs to loop to manage the fact that read() returns an int. If the + descriptor is non-blocking and read() returns with no data in order to avoid + blocking, then gz_load() will return 0 if some data has been read, or -1 if + no data has been read. Either way, state->again is set true to indicate a + non-blocking event. If errno is non-zero on return, then there was an error + signaled from read(). *have is set to the number of bytes read. */ local int gz_load(gz_statep state, unsigned char *buf, unsigned len, unsigned *have) { int ret; unsigned get, max = ((unsigned)-1 >> 2) + 1; + state->again = 0; + errno = 0; *have = 0; do { get = len - *have; if (get > max) get = max; - ret = read(state->fd, buf + *have, get); + ret = (int)read(state->fd, buf + *have, get); if (ret <= 0) break; *have += (unsigned)ret; } while (*have < len); if (ret < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { + state->again = 1; + if (*have != 0) + return 0; + } gz_error(state, Z_ERRNO, zstrerror()); return -1; } @@ -50,10 +63,14 @@ if (strm->avail_in) { /* copy what's there to the start */ unsigned char *p = state->in; unsigned const char *q = strm->next_in; - unsigned n = strm->avail_in; - do { - *p++ = *q++; - } while (--n); + + if (q != p) { + unsigned n = strm->avail_in; + + do { + *p++ = *q++; + } while (--n); + } } if (gz_load(state, state->in + strm->avail_in, state->size - strm->avail_in, &got) == -1) @@ -104,39 +121,44 @@ } } - /* get at least the magic bytes in the input buffer */ - if (strm->avail_in < 2) { - if (gz_avail(state) == -1) - return -1; - if (strm->avail_in == 0) - return 0; - } - - /* look for gzip magic bytes -- if there, do gzip decoding (note: there is - a logical dilemma here when considering the case of a partially written - gzip file, to wit, if a single 31 byte is written, then we cannot tell - whether this is a single-byte file, or just a partially written gzip - file -- for here we assume that if a gzip file is being written, then - the header will be written in a single operation, so that reading a - single byte is sufficient indication that it is not a gzip file) */ - if (strm->avail_in > 1 && - strm->next_in[0] == 31 && strm->next_in[1] == 139) { + /* if transparent reading is disabled, which would only be at the start, or + if we're looking for a gzip member after the first one, which is not at + the start, then proceed directly to look for a gzip member next */ + if (state->direct == -1 || state->junk == 0) { inflateReset(strm); state->how = GZIP; + state->junk = state->junk != -1; state->direct = 0; return 0; } - /* no gzip header -- if we were decoding gzip before, then this is trailing - garbage. Ignore the trailing garbage and finish. */ - if (state->direct == 0) { - strm->avail_in = 0; - state->eof = 1; - state->x.have = 0; + /* otherwise we're at the start with auto-detect -- we check to see if the + first four bytes could be gzip header in order to decide whether or not + this will be a transparent read */ + + /* load any header bytes into the input buffer -- if the input is empty, + then it's not an error as this is a transparent read of zero bytes */ + if (gz_avail(state) == -1) + return -1; + if (strm->avail_in == 0 || (state->again && strm->avail_in < 4)) + /* if non-blocking input stalled before getting four bytes, then + return and wait until a later call has accumulated enough */ + return 0; + + /* see if this is (likely) gzip input -- if the first four bytes are + consistent with a gzip header, then go look for the first gzip member, + otherwise proceed to copy the input transparently */ + if (strm->avail_in > 3 && + strm->next_in[0] == 31 && strm->next_in[1] == 139 && + strm->next_in[2] == 8 && strm->next_in[3] < 32) { + inflateReset(strm); + state->how = GZIP; + state->junk = 1; + state->direct = 0; return 0; } - /* doing raw i/o, copy any leftover input to output -- this assumes that + /* doing raw i/o: copy any leftover input to output -- this assumes that the output buffer is larger than the input buffer, which also assures space for gzungetc() */ state->x.next = state->out; @@ -144,15 +166,17 @@ state->x.have = strm->avail_in; strm->avail_in = 0; state->how = COPY; - state->direct = 1; return 0; } /* Decompress from input to the provided next_out and avail_out in the state. On return, state->x.have and state->x.next point to the just decompressed - data. If the gzip stream completes, state->how is reset to LOOK to look for - the next gzip stream or raw data, once state->x.have is depleted. Returns 0 - on success, -1 on failure. */ + data. If the gzip stream completes, state->how is reset to LOOK to look for + the next gzip stream or raw data, once state->x.have is depleted. Returns 0 + on success, -1 on failure. If EOF is reached when looking for more input to + complete the gzip member, then an unexpected end of file error is raised. + If there is no more input, but state->again is true, then EOF has not been + reached, and no error is raised. */ local int gz_decomp(gz_statep state) { int ret = Z_OK; unsigned had; @@ -162,28 +186,41 @@ had = strm->avail_out; do { /* get more input for inflate() */ - if (strm->avail_in == 0 && gz_avail(state) == -1) - return -1; + if (strm->avail_in == 0 && gz_avail(state) == -1) { + ret = state->err; + break; + } if (strm->avail_in == 0) { - gz_error(state, Z_BUF_ERROR, "unexpected end of file"); + if (!state->again) + gz_error(state, Z_BUF_ERROR, "unexpected end of file"); break; } /* decompress and handle errors */ ret = inflate(strm, Z_NO_FLUSH); + if (strm->avail_out < had) + /* any decompressed data marks this as a real gzip stream */ + state->junk = 0; if (ret == Z_STREAM_ERROR || ret == Z_NEED_DICT) { gz_error(state, Z_STREAM_ERROR, "internal error: inflate stream corrupt"); - return -1; + break; } if (ret == Z_MEM_ERROR) { gz_error(state, Z_MEM_ERROR, "out of memory"); - return -1; + break; } if (ret == Z_DATA_ERROR) { /* deflate stream invalid */ + if (state->junk == 1) { /* trailing garbage is ok */ + strm->avail_in = 0; + state->eof = 1; + state->how = LOOK; + ret = Z_OK; + break; + } gz_error(state, Z_DATA_ERROR, strm->msg == NULL ? "compressed data error" : strm->msg); - return -1; + break; } } while (strm->avail_out && ret != Z_STREAM_END); @@ -192,11 +229,14 @@ state->x.next = strm->next_out - state->x.have; /* if the gzip stream completed successfully, look for another */ - if (ret == Z_STREAM_END) + if (ret == Z_STREAM_END) { + state->junk = 0; state->how = LOOK; + return 0; + } - /* good decompression */ - return 0; + /* return decompression status */ + return ret != Z_OK ? -1 : 0; } /* Fetch data and put it in the output buffer. Assumes state->x.have is 0. @@ -227,25 +267,31 @@ strm->next_out = state->out; if (gz_decomp(state) == -1) return -1; + break; + default: + gz_error(state, Z_STREAM_ERROR, "state corrupt"); + return -1; } } while (state->x.have == 0 && (!state->eof || strm->avail_in)); return 0; } -/* Skip len uncompressed bytes of output. Return -1 on error, 0 on success. */ -local int gz_skip(gz_statep state, z_off64_t len) { +/* Skip state->skip (> 0) uncompressed bytes of output. Return -1 on error, 0 + on success. */ +local int gz_skip(gz_statep state) { unsigned n; /* skip over len bytes or reach end-of-file, whichever comes first */ - while (len) + do { /* skip over whatever is in output buffer */ if (state->x.have) { - n = GT_OFF(state->x.have) || (z_off64_t)state->x.have > len ? - (unsigned)len : state->x.have; + n = GT_OFF(state->x.have) || + (z_off64_t)state->x.have > state->skip ? + (unsigned)state->skip : state->x.have; state->x.have -= n; state->x.next += n; state->x.pos += n; - len -= n; + state->skip -= n; } /* output buffer empty -- return if we're at the end of the input */ @@ -258,30 +304,32 @@ if (gz_fetch(state) == -1) return -1; } + } while (state->skip); return 0; } /* Read len bytes into buf from file, or less than len up to the end of the - input. Return the number of bytes read. If zero is returned, either the - end of file was reached, or there was an error. state->err must be - consulted in that case to determine which. */ + input. Return the number of bytes read. If zero is returned, either the end + of file was reached, or there was an error. state->err must be consulted in + that case to determine which. If there was an error, but some uncompressed + bytes were read before the error, then that count is returned. The error is + still recorded, and so is deferred until the next call. */ local z_size_t gz_read(gz_statep state, voidp buf, z_size_t len) { z_size_t got; unsigned n; + int err; /* if len is zero, avoid unnecessary operations */ if (len == 0) return 0; /* process a skip request */ - if (state->seek) { - state->seek = 0; - if (gz_skip(state, state->skip) == -1) - return 0; - } + if (state->skip && gz_skip(state) == -1) + return 0; /* get len bytes to buf, or less than len if at the end */ got = 0; + err = 0; do { /* set n to the maximum amount of len that fits in an unsigned int */ n = (unsigned)-1; @@ -295,37 +343,36 @@ memcpy(buf, state->x.next, n); state->x.next += n; state->x.have -= n; + if (state->err != Z_OK) + /* caught deferred error from gz_fetch() */ + err = -1; } /* output buffer empty -- return if we're at the end of the input */ - else if (state->eof && state->strm.avail_in == 0) { - state->past = 1; /* tried to read past end */ + else if (state->eof && state->strm.avail_in == 0) break; - } /* need output data -- for small len or new stream load up our output - buffer */ + buffer, so that gzgetc() can be fast */ else if (state->how == LOOK || n < (state->size << 1)) { /* get more output, looking for header if required */ - if (gz_fetch(state) == -1) - return 0; + if (gz_fetch(state) == -1 && state->x.have == 0) + /* if state->x.have != 0, error will be caught after copy */ + err = -1; continue; /* no progress yet -- go back to copy above */ /* the copy above assures that we will leave with space in the output buffer, allowing at least one gzungetc() to succeed */ } /* large len -- read directly into user buffer */ - else if (state->how == COPY) { /* read directly */ - if (gz_load(state, (unsigned char *)buf, n, &n) == -1) - return 0; - } + else if (state->how == COPY) /* read directly */ + err = gz_load(state, (unsigned char *)buf, n, &n); /* large len -- decompress directly into user buffer */ else { /* state->how == GZIP */ state->strm.avail_out = n; state->strm.next_out = (unsigned char *)buf; - if (gz_decomp(state) == -1) - return 0; + err = gz_decomp(state); n = state->x.have; state->x.have = 0; } @@ -335,7 +382,11 @@ buf = (char *)buf + n; got += n; state->x.pos += n; - } while (len); + } while (len && !err); + + /* note read past eof */ + if (len && state->eof) + state->past = 1; /* return number of bytes read into user buffer */ return got; @@ -345,15 +396,17 @@ int ZEXPORT gzread(gzFile file, voidp buf, unsigned len) { gz_statep state; - /* get internal structure */ + /* get internal structure and check that it's for reading */ if (file == NULL) return -1; state = (gz_statep)file; + if (state->mode != GZ_READ) + return -1; - /* check that we're reading and that there's no (serious) error */ - if (state->mode != GZ_READ || - (state->err != Z_OK && state->err != Z_BUF_ERROR)) + /* check that there was no (serious) error */ + if (state->err != Z_OK && state->err != Z_BUF_ERROR && !state->again) return -1; + gz_error(state, Z_OK, NULL); /* since an int is returned, make sure len fits in one, otherwise return with an error (this avoids a flaw in the interface) */ @@ -366,27 +419,39 @@ len = (unsigned)gz_read(state, buf, len); /* check for an error */ - if (len == 0 && state->err != Z_OK && state->err != Z_BUF_ERROR) - return -1; + if (len == 0) { + if (state->err != Z_OK && state->err != Z_BUF_ERROR) + return -1; + if (state->again) { + /* non-blocking input stalled after some input was read, but no + uncompressed bytes were produced -- let the application know + this isn't EOF */ + gz_error(state, Z_ERRNO, zstrerror()); + return -1; + } + } - /* return the number of bytes read (this is assured to fit in an int) */ + /* return the number of bytes read */ return (int)len; } /* -- see zlib.h -- */ -z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems, gzFile file) { +z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems, + gzFile file) { z_size_t len; gz_statep state; - /* get internal structure */ + /* get internal structure and check that it's for reading */ if (file == NULL) return 0; state = (gz_statep)file; + if (state->mode != GZ_READ) + return 0; - /* check that we're reading and that there's no (serious) error */ - if (state->mode != GZ_READ || - (state->err != Z_OK && state->err != Z_BUF_ERROR)) + /* check that there was no (serious) error */ + if (state->err != Z_OK && state->err != Z_BUF_ERROR && !state->again) return 0; + gz_error(state, Z_OK, NULL); /* compute bytes to read -- error on overflow */ len = nitems * size; @@ -409,15 +474,17 @@ unsigned char buf[1]; gz_statep state; - /* get internal structure */ + /* get internal structure and check that it's for reading */ if (file == NULL) return -1; state = (gz_statep)file; + if (state->mode != GZ_READ) + return -1; - /* check that we're reading and that there's no (serious) error */ - if (state->mode != GZ_READ || - (state->err != Z_OK && state->err != Z_BUF_ERROR)) + /* check that there was no (serious) error */ + if (state->err != Z_OK && state->err != Z_BUF_ERROR && !state->again) return -1; + gz_error(state, Z_OK, NULL); /* try output buffer (no need to check for skip request) */ if (state->x.have) { @@ -438,26 +505,25 @@ int ZEXPORT gzungetc(int c, gzFile file) { gz_statep state; - /* get internal structure */ + /* get internal structure and check that it's for reading */ if (file == NULL) return -1; state = (gz_statep)file; + if (state->mode != GZ_READ) + return -1; /* in case this was just opened, set up the input buffer */ - if (state->mode == GZ_READ && state->how == LOOK && state->x.have == 0) + if (state->how == LOOK && state->x.have == 0) (void)gz_look(state); - /* check that we're reading and that there's no (serious) error */ - if (state->mode != GZ_READ || - (state->err != Z_OK && state->err != Z_BUF_ERROR)) + /* check that there was no (serious) error */ + if (state->err != Z_OK && state->err != Z_BUF_ERROR && !state->again) return -1; + gz_error(state, Z_OK, NULL); /* process a skip request */ - if (state->seek) { - state->seek = 0; - if (gz_skip(state, state->skip) == -1) - return -1; - } + if (state->skip && gz_skip(state) == -1) + return -1; /* can't push EOF */ if (c < 0) @@ -483,6 +549,7 @@ if (state->x.next == state->out) { unsigned char *src = state->out + state->x.have; unsigned char *dest = state->out + (state->size << 1); + while (src > state->out) *--dest = *--src; state->x.next = dest; @@ -502,32 +569,31 @@ unsigned char *eol; gz_statep state; - /* check parameters and get internal structure */ + /* check parameters, get internal structure, and check that it's for + reading */ if (file == NULL || buf == NULL || len < 1) return NULL; state = (gz_statep)file; + if (state->mode != GZ_READ) + return NULL; - /* check that we're reading and that there's no (serious) error */ - if (state->mode != GZ_READ || - (state->err != Z_OK && state->err != Z_BUF_ERROR)) + /* check that there was no (serious) error */ + if (state->err != Z_OK && state->err != Z_BUF_ERROR && !state->again) return NULL; + gz_error(state, Z_OK, NULL); /* process a skip request */ - if (state->seek) { - state->seek = 0; - if (gz_skip(state, state->skip) == -1) - return NULL; - } + if (state->skip && gz_skip(state) == -1) + return NULL; - /* copy output bytes up to new line or len - 1, whichever comes first -- - append a terminating zero to the string (we don't check for a zero in - the contents, let the user worry about that) */ + /* copy output up to a new line, len-1 bytes, or there is no more output, + whichever comes first */ str = buf; left = (unsigned)len - 1; if (left) do { /* assure that something is in the output buffer */ if (state->x.have == 0 && gz_fetch(state) == -1) - return NULL; /* error */ + break; /* error */ if (state->x.have == 0) { /* end of file */ state->past = 1; /* read past end */ break; /* return what we have */ @@ -548,7 +614,9 @@ buf += n; } while (left && eol == NULL); - /* return terminated string, or if nothing, end of file */ + /* append a terminating zero to the string (we don't check for a zero in + the contents, let the user worry about that) -- return the terminated + string, or if nothing was read, NULL */ if (buf == str) return NULL; buf[0] = 0; @@ -570,7 +638,7 @@ (void)gz_look(state); /* return 1 if transparent, 0 if processing a gzip stream */ - return state->direct; + return state->direct == 1; } /* -- see zlib.h -- */ @@ -578,12 +646,10 @@ int ret, err; gz_statep state; - /* get internal structure */ + /* get internal structure and check that it's for reading */ if (file == NULL) return Z_STREAM_ERROR; state = (gz_statep)file; - - /* check that we're reading */ if (state->mode != GZ_READ) return Z_STREAM_ERROR; diff -Nru mariadb-11.8.6/zlib/gzwrite.c mariadb-11.8.8/zlib/gzwrite.c --- mariadb-11.8.6/zlib/gzwrite.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/gzwrite.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* gzwrite.c -- zlib functions for writing gzip files - * Copyright (C) 2004-2019 Mark Adler + * Copyright (C) 2004-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -74,9 +74,13 @@ /* write directly if requested */ if (state->direct) { while (strm->avail_in) { + errno = 0; + state->again = 0; put = strm->avail_in > max ? max : strm->avail_in; - writ = write(state->fd, strm->next_in, put); + writ = (int)write(state->fd, strm->next_in, put); if (writ < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) + state->again = 1; gz_error(state, Z_ERRNO, zstrerror()); return -1; } @@ -88,8 +92,9 @@ /* check for a pending reset */ if (state->reset) { - /* don't start a new gzip member unless there is data to write */ - if (strm->avail_in == 0) + /* don't start a new gzip member unless there is data to write and + we're not flushing */ + if (strm->avail_in == 0 && flush == Z_NO_FLUSH) return 0; deflateReset(strm); state->reset = 0; @@ -103,10 +108,14 @@ if (strm->avail_out == 0 || (flush != Z_NO_FLUSH && (flush != Z_FINISH || ret == Z_STREAM_END))) { while (strm->next_out > state->x.next) { + errno = 0; + state->again = 0; put = strm->next_out - state->x.next > (int)max ? max : (unsigned)(strm->next_out - state->x.next); - writ = write(state->fd, state->x.next, put); + writ = (int)write(state->fd, state->x.next, put); if (writ < 0) { + if (errno == EAGAIN || errno == EWOULDBLOCK) + state->again = 1; gz_error(state, Z_ERRNO, zstrerror()); return -1; } @@ -138,10 +147,12 @@ return 0; } -/* Compress len zeros to output. Return -1 on a write error or memory - allocation failure by gz_comp(), or 0 on success. */ -local int gz_zero(gz_statep state, z_off64_t len) { - int first; +/* Compress state->skip (> 0) zeros to output. Return -1 on a write error or + memory allocation failure by gz_comp(), or 0 on success. state->skip is + updated with the number of successfully written zeros, in case there is a + stall on a non-blocking write destination. */ +local int gz_zero(gz_statep state) { + int first, ret; unsigned n; z_streamp strm = &(state->strm); @@ -149,29 +160,34 @@ if (strm->avail_in && gz_comp(state, Z_NO_FLUSH) == -1) return -1; - /* compress len zeros (len guaranteed > 0) */ + /* compress state->skip zeros */ first = 1; - while (len) { - n = GT_OFF(state->size) || (z_off64_t)state->size > len ? - (unsigned)len : state->size; + do { + n = GT_OFF(state->size) || (z_off64_t)state->size > state->skip ? + (unsigned)state->skip : state->size; if (first) { memset(state->in, 0, n); first = 0; } strm->avail_in = n; strm->next_in = state->in; + ret = gz_comp(state, Z_NO_FLUSH); + n -= strm->avail_in; state->x.pos += n; - if (gz_comp(state, Z_NO_FLUSH) == -1) + state->skip -= n; + if (ret == -1) return -1; - len -= n; - } + } while (state->skip); return 0; } /* Write len bytes from buf to file. Return the number of bytes written. If - the returned value is less than len, then there was an error. */ + the returned value is less than len, then there was an error. If the error + was a non-blocking stall, then the number of bytes consumed is returned. + For any other error, 0 is returned. */ local z_size_t gz_write(gz_statep state, voidpc buf, z_size_t len) { z_size_t put = len; + int ret; /* if len is zero, avoid unnecessary operations */ if (len == 0) @@ -182,16 +198,13 @@ return 0; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return 0; - } + if (state->skip && gz_zero(state) == -1) + return 0; /* for small len, copy to input buffer, otherwise compress directly */ if (len < state->size) { /* copy to input buffer, compress when full */ - do { + for (;;) { unsigned have, copy; if (state->strm.avail_in == 0) @@ -206,9 +219,11 @@ state->x.pos += copy; buf = (const char *)buf + copy; len -= copy; - if (len && gz_comp(state, Z_NO_FLUSH) == -1) - return 0; - } while (len); + if (len == 0) + break; + if (gz_comp(state, Z_NO_FLUSH) == -1) + return state->again ? put - len : 0; + } } else { /* consume whatever's left in the input buffer */ @@ -219,13 +234,16 @@ state->strm.next_in = (z_const Bytef *)buf; do { unsigned n = (unsigned)-1; + if (n > len) n = (unsigned)len; state->strm.avail_in = n; + ret = gz_comp(state, Z_NO_FLUSH); + n -= state->strm.avail_in; state->x.pos += n; - if (gz_comp(state, Z_NO_FLUSH) == -1) - return 0; len -= n; + if (ret == -1) + return state->again ? put - len : 0; } while (len); } @@ -242,9 +260,10 @@ return 0; state = (gz_statep)file; - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return 0; + gz_error(state, Z_OK, NULL); /* since an int is returned, make sure len fits in one, otherwise return with an error (this avoids a flaw in the interface) */ @@ -268,9 +287,10 @@ return 0; state = (gz_statep)file; - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return 0; + gz_error(state, Z_OK, NULL); /* compute bytes to read -- error on overflow */ len = nitems * size; @@ -296,16 +316,14 @@ state = (gz_statep)file; strm = &(state->strm); - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return -1; + gz_error(state, Z_OK, NULL); /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return -1; - } + if (state->skip && gz_zero(state) == -1) + return -1; /* try writing to input buffer for speed (state->size == 0 if buffer not initialized) */ @@ -338,9 +356,10 @@ return -1; state = (gz_statep)file; - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return -1; + gz_error(state, Z_OK, NULL); /* write string */ len = strlen(s); @@ -348,17 +367,48 @@ gz_error(state, Z_STREAM_ERROR, "string length does not fit in int"); return -1; } - put = (int)gz_write(state, s, len); - return put < len ? -1 : (int)len; + put = gz_write(state, s, len); + return len && put == 0 ? -1 : (int)put; } +#if (((!defined(STDC) && !defined(Z_HAVE_STDARG_H)) || !defined(NO_vsnprintf)) && \ + (defined(STDC) || defined(Z_HAVE_STDARG_H) || !defined(NO_snprintf))) || \ + defined(ZLIB_INSECURE) +/* If the second half of the input buffer is occupied, write out the contents. + If there is any input remaining due to a non-blocking stall on write, move + it to the start of the buffer. Return true if this did not open up the + second half of the buffer. state->err should be checked after this to + handle a gz_comp() error. */ +local int gz_vacate(gz_statep state) { + z_streamp strm; + + strm = &(state->strm); + if (strm->next_in + strm->avail_in <= state->in + state->size) + return 0; + (void)gz_comp(state, Z_NO_FLUSH); + if (strm->avail_in == 0) { + strm->next_in = state->in; + return 0; + } + memmove(state->in, strm->next_in, strm->avail_in); + strm->next_in = state->in; + return strm->avail_in > state->size; +} +#endif + #if defined(STDC) || defined(Z_HAVE_STDARG_H) #include /* -- see zlib.h -- */ int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) { - int len; - unsigned left; +#if defined(NO_vsnprintf) && !defined(ZLIB_INSECURE) +#warning "vsnprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR" +#warning "you can recompile with ZLIB_INSECURE defined to use vsprintf()" + /* prevent use of insecure vsprintf(), unless purposefully requested */ + (void)file, (void)format, (void)va; + return Z_STREAM_ERROR; +#else + int len, ret; char *next; gz_statep state; z_streamp strm; @@ -369,24 +419,34 @@ state = (gz_statep)file; strm = &(state->strm); - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return Z_STREAM_ERROR; + gz_error(state, Z_OK, NULL); /* make sure we have some buffer space */ if (state->size == 0 && gz_init(state) == -1) return state->err; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return state->err; - } + if (state->skip && gz_zero(state) == -1) + return state->err; /* do the printf() into the input buffer, put length in len -- the input - buffer is double-sized just for this function, so there is guaranteed to - be state->size bytes available after the current contents */ + buffer is double-sized just for this function, so there should be + state->size bytes available after the current contents */ + ret = gz_vacate(state); + if (state->err) { + if (ret && state->again) { + /* There was a non-blocking stall on write, resulting in the part + of the second half of the output buffer being occupied. Return + a Z_BUF_ERROR to let the application know that this gzprintf() + needs to be retried. */ + gz_error(state, Z_BUF_ERROR, "stalled write on gzprintf"); + } + if (!state->again) + return state->err; + } if (strm->avail_in == 0) strm->next_in = state->in; next = (char *)(state->in + (strm->next_in - state->in) + strm->avail_in); @@ -412,19 +472,16 @@ if (len == 0 || (unsigned)len >= state->size || next[state->size - 1] != 0) return 0; - /* update buffer and position, compress first half if past that */ + /* update buffer and position */ strm->avail_in += (unsigned)len; state->x.pos += len; - if (strm->avail_in >= state->size) { - left = strm->avail_in - state->size; - strm->avail_in = state->size; - if (gz_comp(state, Z_NO_FLUSH) == -1) - return state->err; - memmove(state->in, state->in + state->size, left); - strm->next_in = state->in; - strm->avail_in = left; - } + + /* write out buffer if more than half is occupied */ + ret = gz_vacate(state); + if (state->err && !state->again) + return state->err; return len; +#endif } int ZEXPORTVA gzprintf(gzFile file, const char *format, ...) { @@ -444,6 +501,17 @@ int a4, int a5, int a6, int a7, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15, int a16, int a17, int a18, int a19, int a20) { +#if defined(NO_snprintf) && !defined(ZLIB_INSECURE) +#warning "snprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR" +#warning "you can recompile with ZLIB_INSECURE defined to use sprintf()" + /* prevent use of insecure sprintf(), unless purposefully requested */ + (void)file, (void)format, (void)a1, (void)a2, (void)a3, (void)a4, (void)a5, + (void)a6, (void)a7, (void)a8, (void)a9, (void)a10, (void)a11, (void)a12, + (void)a13, (void)a14, (void)a15, (void)a16, (void)a17, (void)a18, + (void)a19, (void)a20; + return Z_STREAM_ERROR; +#else + int ret; unsigned len, left; char *next; gz_statep state; @@ -459,24 +527,34 @@ if (sizeof(int) != sizeof(void *)) return Z_STREAM_ERROR; - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return Z_STREAM_ERROR; + gz_error(state, Z_OK, NULL); /* make sure we have some buffer space */ if (state->size == 0 && gz_init(state) == -1) - return state->error; + return state->err; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return state->error; - } + if (state->skip && gz_zero(state) == -1) + return state->err; /* do the printf() into the input buffer, put length in len -- the input buffer is double-sized just for this function, so there is guaranteed to be state->size bytes available after the current contents */ + ret = gz_vacate(state); + if (state->err) { + if (ret && state->again) { + /* There was a non-blocking stall on write, resulting in the part + of the second half of the output buffer being occupied. Return + a Z_BUF_ERROR to let the application know that this gzprintf() + needs to be retried. */ + gz_error(state, Z_BUF_ERROR, "stalled write on gzprintf"); + } + if (!state->again) + return state->err; + } if (strm->avail_in == 0) strm->next_in = state->in; next = (char *)(strm->next_in + strm->avail_in); @@ -510,16 +588,13 @@ /* update buffer and position, compress first half if past that */ strm->avail_in += len; state->x.pos += len; - if (strm->avail_in >= state->size) { - left = strm->avail_in - state->size; - strm->avail_in = state->size; - if (gz_comp(state, Z_NO_FLUSH) == -1) - return state->err; - memmove(state->in, state->in + state->size, left); - strm->next_in = state->in; - strm->avail_in = left; - } + + /* write out buffer if more than half is occupied */ + ret = gz_vacate(state); + if (state->err && !state->again) + return state->err; return (int)len; +#endif } #endif @@ -533,20 +608,18 @@ return Z_STREAM_ERROR; state = (gz_statep)file; - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK) + /* check that we're writing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again)) return Z_STREAM_ERROR; + gz_error(state, Z_OK, NULL); /* check flush parameter */ if (flush < 0 || flush > Z_FINISH) return Z_STREAM_ERROR; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return state->err; - } + if (state->skip && gz_zero(state) == -1) + return state->err; /* compress remaining data with requested flush */ (void)gz_comp(state, flush); @@ -564,20 +637,19 @@ state = (gz_statep)file; strm = &(state->strm); - /* check that we're writing and that there's no error */ - if (state->mode != GZ_WRITE || state->err != Z_OK || state->direct) + /* check that we're compressing and that there's no (serious) error */ + if (state->mode != GZ_WRITE || (state->err != Z_OK && !state->again) || + state->direct) return Z_STREAM_ERROR; + gz_error(state, Z_OK, NULL); /* if no change is requested, then do nothing */ if (level == state->level && strategy == state->strategy) return Z_OK; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - return state->err; - } + if (state->skip && gz_zero(state) == -1) + return state->err; /* change compression parameters for subsequent input */ if (state->size) { @@ -606,11 +678,8 @@ return Z_STREAM_ERROR; /* check for seek request */ - if (state->seek) { - state->seek = 0; - if (gz_zero(state, state->skip) == -1) - ret = state->err; - } + if (state->skip && gz_zero(state) == -1) + ret = state->err; /* flush, free memory, and close file */ if (gz_comp(state, Z_FINISH) == -1) diff -Nru mariadb-11.8.6/zlib/infback.c mariadb-11.8.8/zlib/infback.c --- mariadb-11.8.6/zlib/infback.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/infback.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* infback.c -- inflate using a call-back interface - * Copyright (C) 1995-2022 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -46,7 +46,7 @@ #ifdef Z_SOLO return Z_STREAM_ERROR; #else - strm->zfree = zcfree; + strm->zfree = zcfree; #endif state = (struct inflate_state FAR *)ZALLOC(strm, 1, sizeof(struct inflate_state)); @@ -63,57 +63,6 @@ return Z_OK; } -/* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ -local void fixedtables(struct inflate_state FAR *state) { -#ifdef BUILDFIXED - static int virgin = 1; - static code *lenfix, *distfix; - static code fixed[544]; - - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - unsigned sym, bits; - static code *next; - - /* literal/length table */ - sym = 0; - while (sym < 144) state->lens[sym++] = 8; - while (sym < 256) state->lens[sym++] = 9; - while (sym < 280) state->lens[sym++] = 7; - while (sym < 288) state->lens[sym++] = 8; - next = fixed; - lenfix = next; - bits = 9; - inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work); - - /* distance table */ - sym = 0; - while (sym < 32) state->lens[sym++] = 5; - distfix = next; - bits = 5; - inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work); - - /* do this just once */ - virgin = 0; - } -#else /* !BUILDFIXED */ -# include "inffixed.h" -#endif /* BUILDFIXED */ - state->lencode = lenfix; - state->lenbits = 9; - state->distcode = distfix; - state->distbits = 5; -} - /* Macros for inflateBack(): */ /* Load returned state from inflate_fast() */ @@ -293,7 +242,7 @@ state->mode = STORED; break; case 1: /* fixed block */ - fixedtables(state); + inflate_fixed(state); Tracev((stderr, "inflate: fixed codes block%s\n", state->last ? " (last)" : "")); state->mode = LEN; /* decode codes */ @@ -303,8 +252,8 @@ state->last ? " (last)" : "")); state->mode = TABLE; break; - case 3: - strm->msg = (char *)"invalid block type"; + default: + strm->msg = (z_const char *)"invalid block type"; state->mode = BAD; } DROPBITS(2); @@ -315,7 +264,7 @@ BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { - strm->msg = (char *)"invalid stored block lengths"; + strm->msg = (z_const char *)"invalid stored block lengths"; state->mode = BAD; break; } @@ -353,7 +302,8 @@ DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { - strm->msg = (char *)"too many length or distance symbols"; + strm->msg = (z_const char *) + "too many length or distance symbols"; state->mode = BAD; break; } @@ -375,7 +325,7 @@ ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid code lengths set"; + strm->msg = (z_const char *)"invalid code lengths set"; state->mode = BAD; break; } @@ -398,7 +348,8 @@ NEEDBITS(here.bits + 2); DROPBITS(here.bits); if (state->have == 0) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = (z_const char *) + "invalid bit length repeat"; state->mode = BAD; break; } @@ -421,7 +372,8 @@ DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = (z_const char *) + "invalid bit length repeat"; state->mode = BAD; break; } @@ -435,7 +387,8 @@ /* check for end-of-block code (better have one) */ if (state->lens[256] == 0) { - strm->msg = (char *)"invalid code -- missing end-of-block"; + strm->msg = (z_const char *) + "invalid code -- missing end-of-block"; state->mode = BAD; break; } @@ -449,7 +402,7 @@ ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid literal/lengths set"; + strm->msg = (z_const char *)"invalid literal/lengths set"; state->mode = BAD; break; } @@ -458,7 +411,7 @@ ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { - strm->msg = (char *)"invalid distances set"; + strm->msg = (z_const char *)"invalid distances set"; state->mode = BAD; break; } @@ -517,7 +470,7 @@ /* invalid code */ if (here.op & 64) { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = (z_const char *)"invalid literal/length code"; state->mode = BAD; break; } @@ -549,7 +502,7 @@ } DROPBITS(here.bits); if (here.op & 64) { - strm->msg = (char *)"invalid distance code"; + strm->msg = (z_const char *)"invalid distance code"; state->mode = BAD; break; } @@ -564,7 +517,7 @@ } if (state->offset > state->wsize - (state->whave < state->wsize ? left : 0)) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = (z_const char *)"invalid distance too far back"; state->mode = BAD; break; } diff -Nru mariadb-11.8.6/zlib/inffast.c mariadb-11.8.8/zlib/inffast.c --- mariadb-11.8.6/zlib/inffast.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inffast.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* inffast.c -- fast decoding - * Copyright (C) 1995-2017 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -155,7 +155,8 @@ dist += (unsigned)hold & ((1U << op) - 1); #ifdef INFLATE_STRICT if (dist > dmax) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = (z_const char *) + "invalid distance too far back"; state->mode = BAD; break; } @@ -168,8 +169,8 @@ op = dist - op; /* distance back in window */ if (op > whave) { if (state->sane) { - strm->msg = - (char *)"invalid distance too far back"; + strm->msg = (z_const char *) + "invalid distance too far back"; state->mode = BAD; break; } @@ -265,7 +266,7 @@ goto dodist; } else { - strm->msg = (char *)"invalid distance code"; + strm->msg = (z_const char *)"invalid distance code"; state->mode = BAD; break; } @@ -280,7 +281,7 @@ break; } else { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = (z_const char *)"invalid literal/length code"; state->mode = BAD; break; } diff -Nru mariadb-11.8.6/zlib/inffixed.h mariadb-11.8.8/zlib/inffixed.h --- mariadb-11.8.6/zlib/inffixed.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inffixed.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,94 +1,94 @@ - /* inffixed.h -- table for decoding fixed codes - * Generated automatically by makefixed(). - */ +/* inffixed.h -- table for decoding fixed codes + * Generated automatically by makefixed(). + */ - /* WARNING: this file should *not* be used by applications. - It is part of the implementation of this library and is - subject to change. Applications should only use zlib.h. - */ +/* WARNING: this file should *not* be used by applications. + It is part of the implementation of this library and is + subject to change. Applications should only use zlib.h. + */ - static const code lenfix[512] = { - {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48}, - {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128}, - {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59}, - {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176}, - {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20}, - {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100}, - {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8}, - {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216}, - {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76}, - {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114}, - {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2}, - {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148}, - {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42}, - {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86}, - {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15}, - {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236}, - {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62}, - {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142}, - {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31}, - {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162}, - {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25}, - {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105}, - {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4}, - {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202}, - {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69}, - {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125}, - {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13}, - {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195}, - {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35}, - {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91}, - {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19}, - {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246}, - {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55}, - {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135}, - {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99}, - {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190}, - {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16}, - {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96}, - {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6}, - {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209}, - {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72}, - {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116}, - {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4}, - {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153}, - {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44}, - {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82}, - {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11}, - {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229}, - {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58}, - {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138}, - {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51}, - {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173}, - {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30}, - {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110}, - {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0}, - {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195}, - {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65}, - {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121}, - {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9}, - {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258}, - {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37}, - {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93}, - {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23}, - {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251}, - {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51}, - {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131}, - {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67}, - {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183}, - {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23}, - {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103}, - {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9}, - {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223}, - {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79}, - {0,9,255} - }; +static const code lenfix[512] = { + {96,7,0},{0,8,80},{0,8,16},{20,8,115},{18,7,31},{0,8,112},{0,8,48}, + {0,9,192},{16,7,10},{0,8,96},{0,8,32},{0,9,160},{0,8,0},{0,8,128}, + {0,8,64},{0,9,224},{16,7,6},{0,8,88},{0,8,24},{0,9,144},{19,7,59}, + {0,8,120},{0,8,56},{0,9,208},{17,7,17},{0,8,104},{0,8,40},{0,9,176}, + {0,8,8},{0,8,136},{0,8,72},{0,9,240},{16,7,4},{0,8,84},{0,8,20}, + {21,8,227},{19,7,43},{0,8,116},{0,8,52},{0,9,200},{17,7,13},{0,8,100}, + {0,8,36},{0,9,168},{0,8,4},{0,8,132},{0,8,68},{0,9,232},{16,7,8}, + {0,8,92},{0,8,28},{0,9,152},{20,7,83},{0,8,124},{0,8,60},{0,9,216}, + {18,7,23},{0,8,108},{0,8,44},{0,9,184},{0,8,12},{0,8,140},{0,8,76}, + {0,9,248},{16,7,3},{0,8,82},{0,8,18},{21,8,163},{19,7,35},{0,8,114}, + {0,8,50},{0,9,196},{17,7,11},{0,8,98},{0,8,34},{0,9,164},{0,8,2}, + {0,8,130},{0,8,66},{0,9,228},{16,7,7},{0,8,90},{0,8,26},{0,9,148}, + {20,7,67},{0,8,122},{0,8,58},{0,9,212},{18,7,19},{0,8,106},{0,8,42}, + {0,9,180},{0,8,10},{0,8,138},{0,8,74},{0,9,244},{16,7,5},{0,8,86}, + {0,8,22},{64,8,0},{19,7,51},{0,8,118},{0,8,54},{0,9,204},{17,7,15}, + {0,8,102},{0,8,38},{0,9,172},{0,8,6},{0,8,134},{0,8,70},{0,9,236}, + {16,7,9},{0,8,94},{0,8,30},{0,9,156},{20,7,99},{0,8,126},{0,8,62}, + {0,9,220},{18,7,27},{0,8,110},{0,8,46},{0,9,188},{0,8,14},{0,8,142}, + {0,8,78},{0,9,252},{96,7,0},{0,8,81},{0,8,17},{21,8,131},{18,7,31}, + {0,8,113},{0,8,49},{0,9,194},{16,7,10},{0,8,97},{0,8,33},{0,9,162}, + {0,8,1},{0,8,129},{0,8,65},{0,9,226},{16,7,6},{0,8,89},{0,8,25}, + {0,9,146},{19,7,59},{0,8,121},{0,8,57},{0,9,210},{17,7,17},{0,8,105}, + {0,8,41},{0,9,178},{0,8,9},{0,8,137},{0,8,73},{0,9,242},{16,7,4}, + {0,8,85},{0,8,21},{16,8,258},{19,7,43},{0,8,117},{0,8,53},{0,9,202}, + {17,7,13},{0,8,101},{0,8,37},{0,9,170},{0,8,5},{0,8,133},{0,8,69}, + {0,9,234},{16,7,8},{0,8,93},{0,8,29},{0,9,154},{20,7,83},{0,8,125}, + {0,8,61},{0,9,218},{18,7,23},{0,8,109},{0,8,45},{0,9,186},{0,8,13}, + {0,8,141},{0,8,77},{0,9,250},{16,7,3},{0,8,83},{0,8,19},{21,8,195}, + {19,7,35},{0,8,115},{0,8,51},{0,9,198},{17,7,11},{0,8,99},{0,8,35}, + {0,9,166},{0,8,3},{0,8,131},{0,8,67},{0,9,230},{16,7,7},{0,8,91}, + {0,8,27},{0,9,150},{20,7,67},{0,8,123},{0,8,59},{0,9,214},{18,7,19}, + {0,8,107},{0,8,43},{0,9,182},{0,8,11},{0,8,139},{0,8,75},{0,9,246}, + {16,7,5},{0,8,87},{0,8,23},{64,8,0},{19,7,51},{0,8,119},{0,8,55}, + {0,9,206},{17,7,15},{0,8,103},{0,8,39},{0,9,174},{0,8,7},{0,8,135}, + {0,8,71},{0,9,238},{16,7,9},{0,8,95},{0,8,31},{0,9,158},{20,7,99}, + {0,8,127},{0,8,63},{0,9,222},{18,7,27},{0,8,111},{0,8,47},{0,9,190}, + {0,8,15},{0,8,143},{0,8,79},{0,9,254},{96,7,0},{0,8,80},{0,8,16}, + {20,8,115},{18,7,31},{0,8,112},{0,8,48},{0,9,193},{16,7,10},{0,8,96}, + {0,8,32},{0,9,161},{0,8,0},{0,8,128},{0,8,64},{0,9,225},{16,7,6}, + {0,8,88},{0,8,24},{0,9,145},{19,7,59},{0,8,120},{0,8,56},{0,9,209}, + {17,7,17},{0,8,104},{0,8,40},{0,9,177},{0,8,8},{0,8,136},{0,8,72}, + {0,9,241},{16,7,4},{0,8,84},{0,8,20},{21,8,227},{19,7,43},{0,8,116}, + {0,8,52},{0,9,201},{17,7,13},{0,8,100},{0,8,36},{0,9,169},{0,8,4}, + {0,8,132},{0,8,68},{0,9,233},{16,7,8},{0,8,92},{0,8,28},{0,9,153}, + {20,7,83},{0,8,124},{0,8,60},{0,9,217},{18,7,23},{0,8,108},{0,8,44}, + {0,9,185},{0,8,12},{0,8,140},{0,8,76},{0,9,249},{16,7,3},{0,8,82}, + {0,8,18},{21,8,163},{19,7,35},{0,8,114},{0,8,50},{0,9,197},{17,7,11}, + {0,8,98},{0,8,34},{0,9,165},{0,8,2},{0,8,130},{0,8,66},{0,9,229}, + {16,7,7},{0,8,90},{0,8,26},{0,9,149},{20,7,67},{0,8,122},{0,8,58}, + {0,9,213},{18,7,19},{0,8,106},{0,8,42},{0,9,181},{0,8,10},{0,8,138}, + {0,8,74},{0,9,245},{16,7,5},{0,8,86},{0,8,22},{64,8,0},{19,7,51}, + {0,8,118},{0,8,54},{0,9,205},{17,7,15},{0,8,102},{0,8,38},{0,9,173}, + {0,8,6},{0,8,134},{0,8,70},{0,9,237},{16,7,9},{0,8,94},{0,8,30}, + {0,9,157},{20,7,99},{0,8,126},{0,8,62},{0,9,221},{18,7,27},{0,8,110}, + {0,8,46},{0,9,189},{0,8,14},{0,8,142},{0,8,78},{0,9,253},{96,7,0}, + {0,8,81},{0,8,17},{21,8,131},{18,7,31},{0,8,113},{0,8,49},{0,9,195}, + {16,7,10},{0,8,97},{0,8,33},{0,9,163},{0,8,1},{0,8,129},{0,8,65}, + {0,9,227},{16,7,6},{0,8,89},{0,8,25},{0,9,147},{19,7,59},{0,8,121}, + {0,8,57},{0,9,211},{17,7,17},{0,8,105},{0,8,41},{0,9,179},{0,8,9}, + {0,8,137},{0,8,73},{0,9,243},{16,7,4},{0,8,85},{0,8,21},{16,8,258}, + {19,7,43},{0,8,117},{0,8,53},{0,9,203},{17,7,13},{0,8,101},{0,8,37}, + {0,9,171},{0,8,5},{0,8,133},{0,8,69},{0,9,235},{16,7,8},{0,8,93}, + {0,8,29},{0,9,155},{20,7,83},{0,8,125},{0,8,61},{0,9,219},{18,7,23}, + {0,8,109},{0,8,45},{0,9,187},{0,8,13},{0,8,141},{0,8,77},{0,9,251}, + {16,7,3},{0,8,83},{0,8,19},{21,8,195},{19,7,35},{0,8,115},{0,8,51}, + {0,9,199},{17,7,11},{0,8,99},{0,8,35},{0,9,167},{0,8,3},{0,8,131}, + {0,8,67},{0,9,231},{16,7,7},{0,8,91},{0,8,27},{0,9,151},{20,7,67}, + {0,8,123},{0,8,59},{0,9,215},{18,7,19},{0,8,107},{0,8,43},{0,9,183}, + {0,8,11},{0,8,139},{0,8,75},{0,9,247},{16,7,5},{0,8,87},{0,8,23}, + {64,8,0},{19,7,51},{0,8,119},{0,8,55},{0,9,207},{17,7,15},{0,8,103}, + {0,8,39},{0,9,175},{0,8,7},{0,8,135},{0,8,71},{0,9,239},{16,7,9}, + {0,8,95},{0,8,31},{0,9,159},{20,7,99},{0,8,127},{0,8,63},{0,9,223}, + {18,7,27},{0,8,111},{0,8,47},{0,9,191},{0,8,15},{0,8,143},{0,8,79}, + {0,9,255} +}; - static const code distfix[32] = { - {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025}, - {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193}, - {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385}, - {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577}, - {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073}, - {22,5,193},{64,5,0} - }; +static const code distfix[32] = { + {16,5,1},{23,5,257},{19,5,17},{27,5,4097},{17,5,5},{25,5,1025}, + {21,5,65},{29,5,16385},{16,5,3},{24,5,513},{20,5,33},{28,5,8193}, + {18,5,9},{26,5,2049},{22,5,129},{64,5,0},{16,5,2},{23,5,385}, + {19,5,25},{27,5,6145},{17,5,7},{25,5,1537},{21,5,97},{29,5,24577}, + {16,5,4},{24,5,769},{20,5,49},{28,5,12289},{18,5,13},{26,5,3073}, + {22,5,193},{64,5,0} +}; diff -Nru mariadb-11.8.6/zlib/inflate.c mariadb-11.8.8/zlib/inflate.c --- mariadb-11.8.6/zlib/inflate.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inflate.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* inflate.c -- zlib decompression - * Copyright (C) 1995-2022 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -85,12 +85,6 @@ #include "inflate.h" #include "inffast.h" -#ifdef MAKEFIXED -# ifndef BUILDFIXED -# define BUILDFIXED -# endif -#endif - local int inflateStateCheck(z_streamp strm) { struct inflate_state FAR *state; if (strm == Z_NULL || @@ -110,6 +104,7 @@ state = (struct inflate_state FAR *)strm->state; strm->total_in = strm->total_out = state->total = 0; strm->msg = Z_NULL; + strm->data_type = 0; if (state->wrap) /* to support ill-conceived Java test suite */ strm->adler = state->wrap & 1; state->mode = HEAD; @@ -202,6 +197,7 @@ state = (struct inflate_state FAR *) ZALLOC(strm, 1, sizeof(struct inflate_state)); if (state == Z_NULL) return Z_MEM_ERROR; + zmemzero(state, sizeof(struct inflate_state)); Tracev((stderr, "inflate: allocated\n")); strm->state = (struct internal_state FAR *)state; state->strm = strm; @@ -234,124 +230,12 @@ } if (bits > 16 || state->bits + (uInt)bits > 32) return Z_STREAM_ERROR; value &= (1L << bits) - 1; - state->hold += (unsigned)value << state->bits; + state->hold += (unsigned long)value << state->bits; state->bits += (uInt)bits; return Z_OK; } /* - Return state with length and distance decoding tables and index sizes set to - fixed code decoding. Normally this returns fixed tables from inffixed.h. - If BUILDFIXED is defined, then instead this routine builds the tables the - first time it's called, and returns those tables the first time and - thereafter. This reduces the size of the code by about 2K bytes, in - exchange for a little execution time. However, BUILDFIXED should not be - used for threaded applications, since the rewriting of the tables and virgin - may not be thread-safe. - */ -local void fixedtables(struct inflate_state FAR *state) { -#ifdef BUILDFIXED - static int virgin = 1; - static code *lenfix, *distfix; - static code fixed[544]; - - /* build fixed huffman tables if first call (may not be thread safe) */ - if (virgin) { - unsigned sym, bits; - static code *next; - - /* literal/length table */ - sym = 0; - while (sym < 144) state->lens[sym++] = 8; - while (sym < 256) state->lens[sym++] = 9; - while (sym < 280) state->lens[sym++] = 7; - while (sym < 288) state->lens[sym++] = 8; - next = fixed; - lenfix = next; - bits = 9; - inflate_table(LENS, state->lens, 288, &(next), &(bits), state->work); - - /* distance table */ - sym = 0; - while (sym < 32) state->lens[sym++] = 5; - distfix = next; - bits = 5; - inflate_table(DISTS, state->lens, 32, &(next), &(bits), state->work); - - /* do this just once */ - virgin = 0; - } -#else /* !BUILDFIXED */ -# include "inffixed.h" -#endif /* BUILDFIXED */ - state->lencode = lenfix; - state->lenbits = 9; - state->distcode = distfix; - state->distbits = 5; -} - -#ifdef MAKEFIXED -#include - -/* - Write out the inffixed.h that is #include'd above. Defining MAKEFIXED also - defines BUILDFIXED, so the tables are built on the fly. makefixed() writes - those tables to stdout, which would be piped to inffixed.h. A small program - can simply call makefixed to do this: - - void makefixed(void); - - int main(void) - { - makefixed(); - return 0; - } - - Then that can be linked with zlib built with MAKEFIXED defined and run: - - a.out > inffixed.h - */ -void makefixed(void) -{ - unsigned low, size; - struct inflate_state state; - - fixedtables(&state); - puts(" /* inffixed.h -- table for decoding fixed codes"); - puts(" * Generated automatically by makefixed()."); - puts(" */"); - puts(""); - puts(" /* WARNING: this file should *not* be used by applications."); - puts(" It is part of the implementation of this library and is"); - puts(" subject to change. Applications should only use zlib.h."); - puts(" */"); - puts(""); - size = 1U << 9; - printf(" static const code lenfix[%u] = {", size); - low = 0; - for (;;) { - if ((low % 7) == 0) printf("\n "); - printf("{%u,%u,%d}", (low & 127) == 99 ? 64 : state.lencode[low].op, - state.lencode[low].bits, state.lencode[low].val); - if (++low == size) break; - putchar(','); - } - puts("\n };"); - size = 1U << 5; - printf("\n static const code distfix[%u] = {", size); - low = 0; - for (;;) { - if ((low % 6) == 0) printf("\n "); - printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits, - state.distcode[low].val); - if (++low == size) break; - putchar(','); - } - puts("\n };"); -} -#endif /* MAKEFIXED */ - -/* Update the window with the last wsize (normally 32K) bytes written before returning. If window does not exist yet, create it. This is only called when a window is already in use, or when output has been written during this @@ -642,12 +526,12 @@ if ( #endif ((BITS(8) << 8) + (hold >> 8)) % 31) { - strm->msg = (char *)"incorrect header check"; + strm->msg = (z_const char *)"incorrect header check"; state->mode = BAD; break; } if (BITS(4) != Z_DEFLATED) { - strm->msg = (char *)"unknown compression method"; + strm->msg = (z_const char *)"unknown compression method"; state->mode = BAD; break; } @@ -656,7 +540,7 @@ if (state->wbits == 0) state->wbits = len; if (len > 15 || len > state->wbits) { - strm->msg = (char *)"invalid window size"; + strm->msg = (z_const char *)"invalid window size"; state->mode = BAD; break; } @@ -672,12 +556,12 @@ NEEDBITS(16); state->flags = (int)(hold); if ((state->flags & 0xff) != Z_DEFLATED) { - strm->msg = (char *)"unknown compression method"; + strm->msg = (z_const char *)"unknown compression method"; state->mode = BAD; break; } if (state->flags & 0xe000) { - strm->msg = (char *)"unknown header flags set"; + strm->msg = (z_const char *)"unknown header flags set"; state->mode = BAD; break; } @@ -793,7 +677,7 @@ if (state->flags & 0x0200) { NEEDBITS(16); if ((state->wrap & 4) && hold != (state->check & 0xffff)) { - strm->msg = (char *)"header crc mismatch"; + strm->msg = (z_const char *)"header crc mismatch"; state->mode = BAD; break; } @@ -840,7 +724,7 @@ state->mode = STORED; break; case 1: /* fixed block */ - fixedtables(state); + inflate_fixed(state); Tracev((stderr, "inflate: fixed codes block%s\n", state->last ? " (last)" : "")); state->mode = LEN_; /* decode codes */ @@ -854,8 +738,8 @@ state->last ? " (last)" : "")); state->mode = TABLE; break; - case 3: - strm->msg = (char *)"invalid block type"; + default: + strm->msg = (z_const char *)"invalid block type"; state->mode = BAD; } DROPBITS(2); @@ -864,7 +748,7 @@ BYTEBITS(); /* go to byte boundary */ NEEDBITS(32); if ((hold & 0xffff) != ((hold >> 16) ^ 0xffff)) { - strm->msg = (char *)"invalid stored block lengths"; + strm->msg = (z_const char *)"invalid stored block lengths"; state->mode = BAD; break; } @@ -905,7 +789,8 @@ DROPBITS(4); #ifndef PKZIP_BUG_WORKAROUND if (state->nlen > 286 || state->ndist > 30) { - strm->msg = (char *)"too many length or distance symbols"; + strm->msg = (z_const char *) + "too many length or distance symbols"; state->mode = BAD; break; } @@ -923,12 +808,12 @@ while (state->have < 19) state->lens[order[state->have++]] = 0; state->next = state->codes; - state->lencode = (const code FAR *)(state->next); + state->lencode = state->distcode = (const code FAR *)(state->next); state->lenbits = 7; ret = inflate_table(CODES, state->lens, 19, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid code lengths set"; + strm->msg = (z_const char *)"invalid code lengths set"; state->mode = BAD; break; } @@ -952,7 +837,8 @@ NEEDBITS(here.bits + 2); DROPBITS(here.bits); if (state->have == 0) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = (z_const char *) + "invalid bit length repeat"; state->mode = BAD; break; } @@ -975,7 +861,8 @@ DROPBITS(7); } if (state->have + copy > state->nlen + state->ndist) { - strm->msg = (char *)"invalid bit length repeat"; + strm->msg = (z_const char *) + "invalid bit length repeat"; state->mode = BAD; break; } @@ -989,7 +876,8 @@ /* check for end-of-block code (better have one) */ if (state->lens[256] == 0) { - strm->msg = (char *)"invalid code -- missing end-of-block"; + strm->msg = (z_const char *) + "invalid code -- missing end-of-block"; state->mode = BAD; break; } @@ -1003,7 +891,7 @@ ret = inflate_table(LENS, state->lens, state->nlen, &(state->next), &(state->lenbits), state->work); if (ret) { - strm->msg = (char *)"invalid literal/lengths set"; + strm->msg = (z_const char *)"invalid literal/lengths set"; state->mode = BAD; break; } @@ -1012,7 +900,7 @@ ret = inflate_table(DISTS, state->lens + state->nlen, state->ndist, &(state->next), &(state->distbits), state->work); if (ret) { - strm->msg = (char *)"invalid distances set"; + strm->msg = (z_const char *)"invalid distances set"; state->mode = BAD; break; } @@ -1066,7 +954,7 @@ break; } if (here.op & 64) { - strm->msg = (char *)"invalid literal/length code"; + strm->msg = (z_const char *)"invalid literal/length code"; state->mode = BAD; break; } @@ -1104,7 +992,7 @@ DROPBITS(here.bits); state->back += here.bits; if (here.op & 64) { - strm->msg = (char *)"invalid distance code"; + strm->msg = (z_const char *)"invalid distance code"; state->mode = BAD; break; } @@ -1121,7 +1009,7 @@ } #ifdef INFLATE_STRICT if (state->offset > state->dmax) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = (z_const char *)"invalid distance too far back"; state->mode = BAD; break; } @@ -1136,7 +1024,8 @@ copy = state->offset - copy; if (copy > state->whave) { if (state->sane) { - strm->msg = (char *)"invalid distance too far back"; + strm->msg = (z_const char *) + "invalid distance too far back"; state->mode = BAD; break; } @@ -1195,7 +1084,7 @@ state->flags ? hold : #endif ZSWAP32(hold)) != state->check) { - strm->msg = (char *)"incorrect data check"; + strm->msg = (z_const char *)"incorrect data check"; state->mode = BAD; break; } @@ -1209,7 +1098,7 @@ if (state->wrap && state->flags) { NEEDBITS(32); if ((state->wrap & 4) && hold != (state->total & 0xffffffff)) { - strm->msg = (char *)"incorrect length check"; + strm->msg = (z_const char *)"incorrect length check"; state->mode = BAD; break; } @@ -1440,7 +1329,6 @@ struct inflate_state FAR *state; struct inflate_state FAR *copy; unsigned char FAR *window; - unsigned wsize; /* check input */ if (inflateStateCheck(source) || dest == Z_NULL) @@ -1451,6 +1339,7 @@ copy = (struct inflate_state FAR *) ZALLOC(source, 1, sizeof(struct inflate_state)); if (copy == Z_NULL) return Z_MEM_ERROR; + zmemzero(copy, sizeof(struct inflate_state)); window = Z_NULL; if (state->window != Z_NULL) { window = (unsigned char FAR *) @@ -1462,8 +1351,8 @@ } /* copy state */ - zmemcpy((voidpf)dest, (voidpf)source, sizeof(z_stream)); - zmemcpy((voidpf)copy, (voidpf)state, sizeof(struct inflate_state)); + zmemcpy(dest, source, sizeof(z_stream)); + zmemcpy(copy, state, sizeof(struct inflate_state)); copy->strm = dest; if (state->lencode >= state->codes && state->lencode <= state->codes + ENOUGH - 1) { @@ -1471,10 +1360,8 @@ copy->distcode = copy->codes + (state->distcode - state->codes); } copy->next = copy->codes + (state->next - state->codes); - if (window != Z_NULL) { - wsize = 1U << state->wbits; - zmemcpy(window, state->window, wsize); - } + if (window != Z_NULL) + zmemcpy(window, state->window, state->whave); copy->window = window; dest->state = (struct internal_state FAR *)copy; return Z_OK; diff -Nru mariadb-11.8.6/zlib/inflate.h mariadb-11.8.8/zlib/inflate.h --- mariadb-11.8.6/zlib/inflate.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inflate.h 2026-05-24 09:58:33.000000000 +0000 @@ -100,7 +100,7 @@ unsigned char FAR *window; /* allocated sliding window, if needed */ /* bit accumulator */ unsigned long hold; /* input bit accumulator */ - unsigned bits; /* number of bits in "in" */ + unsigned bits; /* number of bits in hold */ /* for string and stored block copying */ unsigned length; /* literal or length of data to copy */ unsigned offset; /* distance back to copy string from */ diff -Nru mariadb-11.8.6/zlib/inftrees.c mariadb-11.8.8/zlib/inftrees.c --- mariadb-11.8.6/zlib/inftrees.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inftrees.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,15 +1,29 @@ /* inftrees.c -- generate Huffman trees for efficient decoding - * Copyright (C) 1995-2024 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ +#ifdef MAKEFIXED +# ifndef BUILDFIXED +# define BUILDFIXED +# endif +#endif +#ifdef BUILDFIXED +# define Z_ONCE +#endif + #include "zutil.h" #include "inftrees.h" +#include "inflate.h" + +#ifndef NULL +# define NULL 0 +#endif #define MAXBITS 15 const char inflate_copyright[] = - " inflate 1.3.1 Copyright 1995-2024 Mark Adler "; + " inflate 1.3.2 Copyright 1995-2026 Mark Adler "; /* If you use the zlib library in a product, an acknowledgment is welcome in the documentation of your product. If for some reason you cannot @@ -47,9 +61,9 @@ unsigned mask; /* mask for low root bits */ code here; /* table entry for duplication */ code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ - unsigned match; /* use base and extra for symbol >= match */ + const unsigned short FAR *base = NULL; /* base value table to use */ + const unsigned short FAR *extra = NULL; /* extra bits table to use */ + unsigned match = 0; /* use base and extra for symbol >= match */ unsigned short count[MAXBITS+1]; /* number of codes of each length */ unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ static const unsigned short lbase[31] = { /* Length codes 257..285 base */ @@ -57,7 +71,7 @@ 35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0}; static const unsigned short lext[31] = { /* Length codes 257..285 extra */ 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, - 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 203, 77}; + 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 199, 75}; static const unsigned short dbase[32] = { /* Distance codes 0..29 base */ 1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193, 257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145, @@ -175,7 +189,6 @@ /* set up for code type */ switch (type) { case CODES: - base = extra = work; /* dummy value--not used */ match = 20; break; case LENS: @@ -183,10 +196,9 @@ extra = lext; match = 257; break; - default: /* DISTS */ + case DISTS: base = dbase; extra = dext; - match = 0; } /* initialize state for loop */ @@ -297,3 +309,116 @@ *bits = root; return 0; } + +#ifdef BUILDFIXED +/* + If this is compiled with BUILDFIXED defined, and if inflate will be used in + multiple threads, and if atomics are not available, then inflate() must be + called with a fixed block (e.g. 0x03 0x00) to initialize the tables and must + return before any other threads are allowed to call inflate. + */ + +static code *lenfix, *distfix; +static code fixed[544]; + +/* State for z_once(). */ +local z_once_t built = Z_ONCE_INIT; + +local void buildtables(void) { + unsigned sym, bits; + static code *next; + unsigned short lens[288], work[288]; + + /* literal/length table */ + sym = 0; + while (sym < 144) lens[sym++] = 8; + while (sym < 256) lens[sym++] = 9; + while (sym < 280) lens[sym++] = 7; + while (sym < 288) lens[sym++] = 8; + next = fixed; + lenfix = next; + bits = 9; + inflate_table(LENS, lens, 288, &(next), &(bits), work); + + /* distance table */ + sym = 0; + while (sym < 32) lens[sym++] = 5; + distfix = next; + bits = 5; + inflate_table(DISTS, lens, 32, &(next), &(bits), work); +} +#else /* !BUILDFIXED */ +# include "inffixed.h" +#endif /* BUILDFIXED */ + +/* + Return state with length and distance decoding tables and index sizes set to + fixed code decoding. Normally this returns fixed tables from inffixed.h. + If BUILDFIXED is defined, then instead this routine builds the tables the + first time it's called, and returns those tables the first time and + thereafter. This reduces the size of the code by about 2K bytes, in + exchange for a little execution time. However, BUILDFIXED should not be + used for threaded applications if atomics are not available, as it will + not be thread-safe. + */ +void inflate_fixed(struct inflate_state FAR *state) { +#ifdef BUILDFIXED + z_once(&built, buildtables); +#endif /* BUILDFIXED */ + state->lencode = lenfix; + state->lenbits = 9; + state->distcode = distfix; + state->distbits = 5; +} + +#ifdef MAKEFIXED +#include + +/* + Write out the inffixed.h that will be #include'd above. Defining MAKEFIXED + also defines BUILDFIXED, so the tables are built on the fly. main() writes + those tables to stdout, which would directed to inffixed.h. Compile this + along with zutil.c: + + cc -DMAKEFIXED -o fix inftrees.c zutil.c + ./fix > inffixed.h + */ +int main(void) { + unsigned low, size; + struct inflate_state state; + + inflate_fixed(&state); + puts("/* inffixed.h -- table for decoding fixed codes"); + puts(" * Generated automatically by makefixed()."); + puts(" */"); + puts(""); + puts("/* WARNING: this file should *not* be used by applications."); + puts(" It is part of the implementation of this library and is"); + puts(" subject to change. Applications should only use zlib.h."); + puts(" */"); + puts(""); + size = 1U << 9; + printf("static const code lenfix[%u] = {", size); + low = 0; + for (;;) { + if ((low % 7) == 0) printf("\n "); + printf("{%u,%u,%d}", (low & 127) == 99 ? 64 : state.lencode[low].op, + state.lencode[low].bits, state.lencode[low].val); + if (++low == size) break; + putchar(','); + } + puts("\n};"); + size = 1U << 5; + printf("\nstatic const code distfix[%u] = {", size); + low = 0; + for (;;) { + if ((low % 6) == 0) printf("\n "); + printf("{%u,%u,%d}", state.distcode[low].op, state.distcode[low].bits, + state.distcode[low].val); + if (++low == size) break; + putchar(','); + } + puts("\n};"); + return 0; +} +#endif /* MAKEFIXED */ diff -Nru mariadb-11.8.6/zlib/inftrees.h mariadb-11.8.8/zlib/inftrees.h --- mariadb-11.8.6/zlib/inftrees.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/inftrees.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* inftrees.h -- header to use inftrees.c - * Copyright (C) 1995-2005, 2010 Mark Adler + * Copyright (C) 1995-2026 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -60,3 +60,5 @@ int ZLIB_INTERNAL inflate_table(codetype type, unsigned short FAR *lens, unsigned codes, code FAR * FAR *table, unsigned FAR *bits, unsigned short FAR *work); +struct inflate_state; +void ZLIB_INTERNAL inflate_fixed(struct inflate_state FAR *state); diff -Nru mariadb-11.8.6/zlib/make_vms.com mariadb-11.8.8/zlib/make_vms.com --- mariadb-11.8.6/zlib/make_vms.com 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/make_vms.com 1970-01-01 00:00:00.000000000 +0000 @@ -1,867 +0,0 @@ -$! make libz under VMS written by -$! Martin P.J. Zinser -$! -$! In case of problems with the install you might contact me at -$! zinser@zinser.no-ip.info(preferred) or -$! martin.zinser@eurexchange.com (work) -$! -$! Make procedure history for Zlib -$! -$!------------------------------------------------------------------------------ -$! Version history -$! 0.01 20060120 First version to receive a number -$! 0.02 20061008 Adapt to new Makefile.in -$! 0.03 20091224 Add support for large file check -$! 0.04 20100110 Add new gzclose, gzlib, gzread, gzwrite -$! 0.05 20100221 Exchange zlibdefs.h by zconf.h.in -$! 0.06 20120111 Fix missing amiss_err, update zconf_h.in, fix new examples -$! subdir path, update module search in makefile.in -$! 0.07 20120115 Triggered by work done by Alexey Chupahin completely redesigned -$! shared image creation -$! 0.08 20120219 Make it work on VAX again, pre-load missing symbols to shared -$! image -$! 0.09 20120305 SMS. P1 sets builder ("MMK", "MMS", " " (built-in)). -$! "" -> automatic, preference: MMK, MMS, built-in. -$! -$ on error then goto err_exit -$! -$ true = 1 -$ false = 0 -$ tmpnam = "temp_" + f$getjpi("","pid") -$ tt = tmpnam + ".txt" -$ tc = tmpnam + ".c" -$ th = tmpnam + ".h" -$ define/nolog tconfig 'th' -$ its_decc = false -$ its_vaxc = false -$ its_gnuc = false -$ s_case = False -$! -$! Setup variables holding "config" information -$! -$ Make = "''p1'" -$ name = "Zlib" -$ version = "?.?.?" -$ v_string = "ZLIB_VERSION" -$ v_file = "zlib.h" -$ ccopt = "/include = []" -$ lopts = "" -$ dnsrl = "" -$ aconf_in_file = "zconf.h.in#zconf.h_in#zconf_h.in" -$ conf_check_string = "" -$ linkonly = false -$ optfile = name + ".opt" -$ mapfile = name + ".map" -$ libdefs = "" -$ vax = f$getsyi("HW_MODEL").lt.1024 -$ axp = f$getsyi("HW_MODEL").ge.1024 .and. f$getsyi("HW_MODEL").lt.4096 -$ ia64 = f$getsyi("HW_MODEL").ge.4096 -$! -$! 2012-03-05 SMS. -$! Why is this needed? And if it is needed, why not simply ".not. vax"? -$! -$!!! if axp .or. ia64 then set proc/parse=extended -$! -$ whoami = f$parse(f$environment("Procedure"),,,,"NO_CONCEAL") -$ mydef = F$parse(whoami,,,"DEVICE") -$ mydir = f$parse(whoami,,,"DIRECTORY") - "][" -$ myproc = f$parse(whoami,,,"Name") + f$parse(whoami,,,"type") -$! -$! Check for MMK/MMS -$! -$ if (Make .eqs. "") -$ then -$ If F$Search ("Sys$System:MMS.EXE") .nes. "" Then Make = "MMS" -$ If F$Type (MMK) .eqs. "STRING" Then Make = "MMK" -$ else -$ Make = f$edit( Make, "trim") -$ endif -$! -$ gosub find_version -$! -$ open/write topt tmp.opt -$ open/write optf 'optfile' -$! -$ gosub check_opts -$! -$! Look for the compiler used -$! -$ gosub check_compiler -$ close topt -$ close optf -$! -$ if its_decc -$ then -$ ccopt = "/prefix=all" + ccopt -$ if f$trnlnm("SYS") .eqs. "" -$ then -$ if axp -$ then -$ define sys sys$library: -$ else -$ ccopt = "/decc" + ccopt -$ define sys decc$library_include: -$ endif -$ endif -$! -$! 2012-03-05 SMS. -$! Why /NAMES = AS_IS? Why not simply ".not. vax"? And why not on VAX? -$! -$ if axp .or. ia64 -$ then -$ ccopt = ccopt + "/name=as_is/opt=(inline=speed)" -$ s_case = true -$ endif -$ endif -$ if its_vaxc .or. its_gnuc -$ then -$ if f$trnlnm("SYS").eqs."" then define sys sys$library: -$ endif -$! -$! Build a fake configure input header -$! -$ open/write conf_hin config.hin -$ write conf_hin "#undef _LARGEFILE64_SOURCE" -$ close conf_hin -$! -$! -$ i = 0 -$FIND_ACONF: -$ fname = f$element(i,"#",aconf_in_file) -$ if fname .eqs. "#" then goto AMISS_ERR -$ if f$search(fname) .eqs. "" -$ then -$ i = i + 1 -$ goto find_aconf -$ endif -$ open/read/err=aconf_err aconf_in 'fname' -$ open/write aconf zconf.h -$ACONF_LOOP: -$ read/end_of_file=aconf_exit aconf_in line -$ work = f$edit(line, "compress,trim") -$ if f$extract(0,6,work) .nes. "#undef" -$ then -$ if f$extract(0,12,work) .nes. "#cmakedefine" -$ then -$ write aconf line -$ endif -$ else -$ cdef = f$element(1," ",work) -$ gosub check_config -$ endif -$ goto aconf_loop -$ACONF_EXIT: -$ write aconf "" -$ write aconf "/* VMS specifics added by make_vms.com: */" -$ write aconf "#define VMS 1" -$ write aconf "#include " -$ write aconf "#include " -$ write aconf "#ifdef _LARGEFILE" -$ write aconf "# define off64_t __off64_t" -$ write aconf "# define fopen64 fopen" -$ write aconf "# define fseeko64 fseeko" -$ write aconf "# define lseek64 lseek" -$ write aconf "# define ftello64 ftell" -$ write aconf "#endif" -$ write aconf "#if !defined( __VAX) && (__CRTL_VER >= 70312000)" -$ write aconf "# define HAVE_VSNPRINTF" -$ write aconf "#endif" -$ close aconf_in -$ close aconf -$ if f$search("''th'") .nes. "" then delete 'th';* -$! Build the thing plain or with mms -$! -$ write sys$output "Compiling Zlib sources ..." -$ if make.eqs."" -$ then -$ if (f$search( "example.obj;*") .nes. "") then delete example.obj;* -$ if (f$search( "minigzip.obj;*") .nes. "") then delete minigzip.obj;* -$ CALL MAKE adler32.OBJ "CC ''CCOPT' adler32" - - adler32.c zlib.h zconf.h -$ CALL MAKE compress.OBJ "CC ''CCOPT' compress" - - compress.c zlib.h zconf.h -$ CALL MAKE crc32.OBJ "CC ''CCOPT' crc32" - - crc32.c zlib.h zconf.h -$ CALL MAKE deflate.OBJ "CC ''CCOPT' deflate" - - deflate.c deflate.h zutil.h zlib.h zconf.h -$ CALL MAKE gzclose.OBJ "CC ''CCOPT' gzclose" - - gzclose.c zutil.h zlib.h zconf.h -$ CALL MAKE gzlib.OBJ "CC ''CCOPT' gzlib" - - gzlib.c zutil.h zlib.h zconf.h -$ CALL MAKE gzread.OBJ "CC ''CCOPT' gzread" - - gzread.c zutil.h zlib.h zconf.h -$ CALL MAKE gzwrite.OBJ "CC ''CCOPT' gzwrite" - - gzwrite.c zutil.h zlib.h zconf.h -$ CALL MAKE infback.OBJ "CC ''CCOPT' infback" - - infback.c zutil.h inftrees.h inflate.h inffast.h inffixed.h -$ CALL MAKE inffast.OBJ "CC ''CCOPT' inffast" - - inffast.c zutil.h zlib.h zconf.h inffast.h -$ CALL MAKE inflate.OBJ "CC ''CCOPT' inflate" - - inflate.c zutil.h zlib.h zconf.h infblock.h -$ CALL MAKE inftrees.OBJ "CC ''CCOPT' inftrees" - - inftrees.c zutil.h zlib.h zconf.h inftrees.h -$ CALL MAKE trees.OBJ "CC ''CCOPT' trees" - - trees.c deflate.h zutil.h zlib.h zconf.h -$ CALL MAKE uncompr.OBJ "CC ''CCOPT' uncompr" - - uncompr.c zlib.h zconf.h -$ CALL MAKE zutil.OBJ "CC ''CCOPT' zutil" - - zutil.c zutil.h zlib.h zconf.h -$ write sys$output "Building Zlib ..." -$ CALL MAKE libz.OLB "lib/crea libz.olb *.obj" *.OBJ -$ write sys$output "Building example..." -$ CALL MAKE example.OBJ "CC ''CCOPT' [.test]example" - - [.test]example.c zlib.h zconf.h -$ call make example.exe "LINK example,libz.olb/lib" example.obj libz.olb -$ write sys$output "Building minigzip..." -$ CALL MAKE minigzip.OBJ "CC ''CCOPT' [.test]minigzip" - - [.test]minigzip.c zlib.h zconf.h -$ call make minigzip.exe - - "LINK minigzip,libz.olb/lib" - - minigzip.obj libz.olb -$ else -$ gosub crea_mms -$ write sys$output "Make ''name' ''version' with ''Make' " -$ 'make' -$ endif -$! -$! Create shareable image -$! -$ gosub crea_olist -$ write sys$output "Creating libzshr.exe" -$ call map_2_shopt 'mapfile' 'optfile' -$ LINK_'lopts'/SHARE=libzshr.exe modules.opt/opt,'optfile'/opt -$ write sys$output "Zlib build completed" -$ delete/nolog tmp.opt;* -$ exit -$AMISS_ERR: -$ write sys$output "No source for config.hin found." -$ write sys$output "Tried any of ''aconf_in_file'" -$ goto err_exit -$CC_ERR: -$ write sys$output "C compiler required to build ''name'" -$ goto err_exit -$ERR_EXIT: -$ set message/facil/ident/sever/text -$ close/nolog optf -$ close/nolog topt -$ close/nolog aconf_in -$ close/nolog aconf -$ close/nolog out -$ close/nolog min -$ close/nolog mod -$ close/nolog h_in -$ write sys$output "Exiting..." -$ exit 2 -$! -$! -$MAKE: SUBROUTINE !SUBROUTINE TO CHECK DEPENDENCIES -$ V = 'F$Verify(0) -$! P1 = What we are trying to make -$! P2 = Command to make it -$! P3 - P8 What it depends on -$ -$ If F$Search(P1) .Eqs. "" Then Goto Makeit -$ Time = F$CvTime(F$File(P1,"RDT")) -$arg=3 -$Loop: -$ Argument = P'arg -$ If Argument .Eqs. "" Then Goto Exit -$ El=0 -$Loop2: -$ File = F$Element(El," ",Argument) -$ If File .Eqs. " " Then Goto Endl -$ AFile = "" -$Loop3: -$ OFile = AFile -$ AFile = F$Search(File) -$ If AFile .Eqs. "" .Or. AFile .Eqs. OFile Then Goto NextEl -$ If F$CvTime(F$File(AFile,"RDT")) .Ges. Time Then Goto Makeit -$ Goto Loop3 -$NextEL: -$ El = El + 1 -$ Goto Loop2 -$EndL: -$ arg=arg+1 -$ If arg .Le. 8 Then Goto Loop -$ Goto Exit -$ -$Makeit: -$ VV=F$VERIFY(0) -$ write sys$output P2 -$ 'P2 -$ VV='F$Verify(VV) -$Exit: -$ If V Then Set Verify -$ENDSUBROUTINE -$!------------------------------------------------------------------------------ -$! -$! Check command line options and set symbols accordingly -$! -$!------------------------------------------------------------------------------ -$! Version history -$! 0.01 20041206 First version to receive a number -$! 0.02 20060126 Add new "HELP" target -$ CHECK_OPTS: -$ i = 1 -$ OPT_LOOP: -$ if i .lt. 9 -$ then -$ cparm = f$edit(p'i',"upcase") -$! -$! Check if parameter actually contains something -$! -$ if f$edit(cparm,"trim") .nes. "" -$ then -$ if cparm .eqs. "DEBUG" -$ then -$ ccopt = ccopt + "/noopt/deb" -$ lopts = lopts + "/deb" -$ endif -$ if f$locate("CCOPT=",cparm) .lt. f$length(cparm) -$ then -$ start = f$locate("=",cparm) + 1 -$ len = f$length(cparm) - start -$ ccopt = ccopt + f$extract(start,len,cparm) -$ if f$locate("AS_IS",f$edit(ccopt,"UPCASE")) .lt. f$length(ccopt) - - then s_case = true -$ endif -$ if cparm .eqs. "LINK" then linkonly = true -$ if f$locate("LOPTS=",cparm) .lt. f$length(cparm) -$ then -$ start = f$locate("=",cparm) + 1 -$ len = f$length(cparm) - start -$ lopts = lopts + f$extract(start,len,cparm) -$ endif -$ if f$locate("CC=",cparm) .lt. f$length(cparm) -$ then -$ start = f$locate("=",cparm) + 1 -$ len = f$length(cparm) - start -$ cc_com = f$extract(start,len,cparm) - if (cc_com .nes. "DECC") .and. - - (cc_com .nes. "VAXC") .and. - - (cc_com .nes. "GNUC") -$ then -$ write sys$output "Unsupported compiler choice ''cc_com' ignored" -$ write sys$output "Use DECC, VAXC, or GNUC instead" -$ else -$ if cc_com .eqs. "DECC" then its_decc = true -$ if cc_com .eqs. "VAXC" then its_vaxc = true -$ if cc_com .eqs. "GNUC" then its_gnuc = true -$ endif -$ endif -$ if f$locate("MAKE=",cparm) .lt. f$length(cparm) -$ then -$ start = f$locate("=",cparm) + 1 -$ len = f$length(cparm) - start -$ mmks = f$extract(start,len,cparm) -$ if (mmks .eqs. "MMK") .or. (mmks .eqs. "MMS") -$ then -$ make = mmks -$ else -$ write sys$output "Unsupported make choice ''mmks' ignored" -$ write sys$output "Use MMK or MMS instead" -$ endif -$ endif -$ if cparm .eqs. "HELP" then gosub bhelp -$ endif -$ i = i + 1 -$ goto opt_loop -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! Look for the compiler used -$! -$! Version history -$! 0.01 20040223 First version to receive a number -$! 0.02 20040229 Save/set value of decc$no_rooted_search_lists -$! 0.03 20060202 Extend handling of GNU C -$! 0.04 20090402 Compaq -> hp -$CHECK_COMPILER: -$ if (.not. (its_decc .or. its_vaxc .or. its_gnuc)) -$ then -$ its_decc = (f$search("SYS$SYSTEM:DECC$COMPILER.EXE") .nes. "") -$ its_vaxc = .not. its_decc .and. (F$Search("SYS$System:VAXC.Exe") .nes. "") -$ its_gnuc = .not. (its_decc .or. its_vaxc) .and. (f$trnlnm("gnu_cc") .nes. "") -$ endif -$! -$! Exit if no compiler available -$! -$ if (.not. (its_decc .or. its_vaxc .or. its_gnuc)) -$ then goto CC_ERR -$ else -$ if its_decc -$ then -$ write sys$output "CC compiler check ... hp C" -$ if f$trnlnm("decc$no_rooted_search_lists") .nes. "" -$ then -$ dnrsl = f$trnlnm("decc$no_rooted_search_lists") -$ endif -$ define/nolog decc$no_rooted_search_lists 1 -$ else -$ if its_vaxc then write sys$output "CC compiler check ... VAX C" -$ if its_gnuc -$ then -$ write sys$output "CC compiler check ... GNU C" -$ if f$trnlnm(topt) then write topt "gnu_cc:[000000]gcclib.olb/lib" -$ if f$trnlnm(optf) then write optf "gnu_cc:[000000]gcclib.olb/lib" -$ cc = "gcc" -$ endif -$ if f$trnlnm(topt) then write topt "sys$share:vaxcrtl.exe/share" -$ if f$trnlnm(optf) then write optf "sys$share:vaxcrtl.exe/share" -$ endif -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! If MMS/MMK are available dump out the descrip.mms if required -$! -$CREA_MMS: -$ write sys$output "Creating descrip.mms..." -$ create descrip.mms -$ open/append out descrip.mms -$ copy sys$input: out -$ deck -# descrip.mms: MMS description file for building zlib on VMS -# written by Martin P.J. Zinser -# - -OBJS = adler32.obj, compress.obj, crc32.obj, gzclose.obj, gzlib.obj\ - gzread.obj, gzwrite.obj, uncompr.obj, infback.obj\ - deflate.obj, trees.obj, zutil.obj, inflate.obj, \ - inftrees.obj, inffast.obj - -$ eod -$ write out "CFLAGS=", ccopt -$ write out "LOPTS=", lopts -$ write out "all : example.exe minigzip.exe libz.olb" -$ copy sys$input: out -$ deck - @ write sys$output " Example applications available" - -libz.olb : libz.olb($(OBJS)) - @ write sys$output " libz available" - -example.exe : example.obj libz.olb - link $(LOPTS) example,libz.olb/lib - -minigzip.exe : minigzip.obj libz.olb - link $(LOPTS) minigzip,libz.olb/lib - -clean : - delete *.obj;*,libz.olb;*,*.opt;*,*.exe;* - - -# Other dependencies. -adler32.obj : adler32.c zutil.h zlib.h zconf.h -compress.obj : compress.c zlib.h zconf.h -crc32.obj : crc32.c zutil.h zlib.h zconf.h -deflate.obj : deflate.c deflate.h zutil.h zlib.h zconf.h -example.obj : [.test]example.c zlib.h zconf.h -gzclose.obj : gzclose.c zutil.h zlib.h zconf.h -gzlib.obj : gzlib.c zutil.h zlib.h zconf.h -gzread.obj : gzread.c zutil.h zlib.h zconf.h -gzwrite.obj : gzwrite.c zutil.h zlib.h zconf.h -inffast.obj : inffast.c zutil.h zlib.h zconf.h inftrees.h inffast.h -inflate.obj : inflate.c zutil.h zlib.h zconf.h -inftrees.obj : inftrees.c zutil.h zlib.h zconf.h inftrees.h -minigzip.obj : [.test]minigzip.c zlib.h zconf.h -trees.obj : trees.c deflate.h zutil.h zlib.h zconf.h -uncompr.obj : uncompr.c zlib.h zconf.h -zutil.obj : zutil.c zutil.h zlib.h zconf.h -infback.obj : infback.c zutil.h inftrees.h inflate.h inffast.h inffixed.h -$ eod -$ close out -$ return -$!------------------------------------------------------------------------------ -$! -$! Read list of core library sources from makefile.in and create options -$! needed to build shareable image -$! -$CREA_OLIST: -$ open/read min makefile.in -$ open/write mod modules.opt -$ src_check_list = "OBJZ =#OBJG =" -$MRLOOP: -$ read/end=mrdone min rec -$ i = 0 -$SRC_CHECK_LOOP: -$ src_check = f$element(i, "#", src_check_list) -$ i = i+1 -$ if src_check .eqs. "#" then goto mrloop -$ if (f$extract(0,6,rec) .nes. src_check) then goto src_check_loop -$ rec = rec - src_check -$ gosub extra_filnam -$ if (f$element(1,"\",rec) .eqs. "\") then goto mrloop -$MRSLOOP: -$ read/end=mrdone min rec -$ gosub extra_filnam -$ if (f$element(1,"\",rec) .nes. "\") then goto mrsloop -$MRDONE: -$ close min -$ close mod -$ return -$!------------------------------------------------------------------------------ -$! -$! Take record extracted in crea_olist and split it into single filenames -$! -$EXTRA_FILNAM: -$ myrec = f$edit(rec - "\", "trim,compress") -$ i = 0 -$FELOOP: -$ srcfil = f$element(i," ", myrec) -$ if (srcfil .nes. " ") -$ then -$ write mod f$parse(srcfil,,,"NAME"), ".obj" -$ i = i + 1 -$ goto feloop -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! Find current Zlib version number -$! -$FIND_VERSION: -$ open/read h_in 'v_file' -$hloop: -$ read/end=hdone h_in rec -$ rec = f$edit(rec,"TRIM") -$ if (f$extract(0,1,rec) .nes. "#") then goto hloop -$ rec = f$edit(rec - "#", "TRIM") -$ if f$element(0," ",rec) .nes. "define" then goto hloop -$ if f$element(1," ",rec) .eqs. v_string -$ then -$ version = 'f$element(2," ",rec)' -$ goto hdone -$ endif -$ goto hloop -$hdone: -$ close h_in -$ return -$!------------------------------------------------------------------------------ -$! -$CHECK_CONFIG: -$! -$ in_ldef = f$locate(cdef,libdefs) -$ if (in_ldef .lt. f$length(libdefs)) -$ then -$ write aconf "#define ''cdef' 1" -$ libdefs = f$extract(0,in_ldef,libdefs) + - - f$extract(in_ldef + f$length(cdef) + 1, - - f$length(libdefs) - in_ldef - f$length(cdef) - 1, - - libdefs) -$ else -$ if (f$type('cdef') .eqs. "INTEGER") -$ then -$ write aconf "#define ''cdef' ", 'cdef' -$ else -$ if (f$type('cdef') .eqs. "STRING") -$ then -$ write aconf "#define ''cdef' ", """", '''cdef'', """" -$ else -$ gosub check_cc_def -$ endif -$ endif -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! Check if this is a define relating to the properties of the C/C++ -$! compiler -$! -$ CHECK_CC_DEF: -$ if (cdef .eqs. "_LARGEFILE64_SOURCE") -$ then -$ copy sys$input: 'tc' -$ deck -#include "tconfig" -#define _LARGEFILE -#include - -int main(){ -FILE *fp; - fp = fopen("temp.txt","r"); - fseeko(fp,1,SEEK_SET); - fclose(fp); -} - -$ eod -$ test_inv = false -$ comm_h = false -$ gosub cc_prop_check -$ return -$ endif -$ write aconf "/* ", line, " */" -$ return -$!------------------------------------------------------------------------------ -$! -$! Check for properties of C/C++ compiler -$! -$! Version history -$! 0.01 20031020 First version to receive a number -$! 0.02 20031022 Added logic for defines with value -$! 0.03 20040309 Make sure local config file gets not deleted -$! 0.04 20041230 Also write include for configure run -$! 0.05 20050103 Add processing of "comment defines" -$CC_PROP_CHECK: -$ cc_prop = true -$ is_need = false -$ is_need = (f$extract(0,4,cdef) .eqs. "NEED") .or. (test_inv .eq. true) -$ if f$search(th) .eqs. "" then create 'th' -$ set message/nofac/noident/nosever/notext -$ on error then continue -$ cc 'tmpnam' -$ if .not. ($status) then cc_prop = false -$ on error then continue -$! The headers might lie about the capabilities of the RTL -$ link 'tmpnam',tmp.opt/opt -$ if .not. ($status) then cc_prop = false -$ set message/fac/ident/sever/text -$ on error then goto err_exit -$ delete/nolog 'tmpnam'.*;*/exclude='th' -$ if (cc_prop .and. .not. is_need) .or. - - (.not. cc_prop .and. is_need) -$ then -$ write sys$output "Checking for ''cdef'... yes" -$ if f$type('cdef_val'_yes) .nes. "" -$ then -$ if f$type('cdef_val'_yes) .eqs. "INTEGER" - - then call write_config f$fao("#define !AS !UL",cdef,'cdef_val'_yes) -$ if f$type('cdef_val'_yes) .eqs. "STRING" - - then call write_config f$fao("#define !AS !AS",cdef,'cdef_val'_yes) -$ else -$ call write_config f$fao("#define !AS 1",cdef) -$ endif -$ if (cdef .eqs. "HAVE_FSEEKO") .or. (cdef .eqs. "_LARGE_FILES") .or. - - (cdef .eqs. "_LARGEFILE64_SOURCE") then - - call write_config f$string("#define _LARGEFILE 1") -$ else -$ write sys$output "Checking for ''cdef'... no" -$ if (comm_h) -$ then - call write_config f$fao("/* !AS */",line) -$ else -$ if f$type('cdef_val'_no) .nes. "" -$ then -$ if f$type('cdef_val'_no) .eqs. "INTEGER" - - then call write_config f$fao("#define !AS !UL",cdef,'cdef_val'_no) -$ if f$type('cdef_val'_no) .eqs. "STRING" - - then call write_config f$fao("#define !AS !AS",cdef,'cdef_val'_no) -$ else -$ call write_config f$fao("#undef !AS",cdef) -$ endif -$ endif -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! Check for properties of C/C++ compiler with multiple result values -$! -$! Version history -$! 0.01 20040127 First version -$! 0.02 20050103 Reconcile changes from cc_prop up to version 0.05 -$CC_MPROP_CHECK: -$ cc_prop = true -$ i = 1 -$ idel = 1 -$ MT_LOOP: -$ if f$type(result_'i') .eqs. "STRING" -$ then -$ set message/nofac/noident/nosever/notext -$ on error then continue -$ cc 'tmpnam'_'i' -$ if .not. ($status) then cc_prop = false -$ on error then continue -$! The headers might lie about the capabilities of the RTL -$ link 'tmpnam'_'i',tmp.opt/opt -$ if .not. ($status) then cc_prop = false -$ set message/fac/ident/sever/text -$ on error then goto err_exit -$ delete/nolog 'tmpnam'_'i'.*;* -$ if (cc_prop) -$ then -$ write sys$output "Checking for ''cdef'... ", mdef_'i' -$ if f$type(mdef_'i') .eqs. "INTEGER" - - then call write_config f$fao("#define !AS !UL",cdef,mdef_'i') -$ if f$type('cdef_val'_yes) .eqs. "STRING" - - then call write_config f$fao("#define !AS !AS",cdef,mdef_'i') -$ goto msym_clean -$ else -$ i = i + 1 -$ goto mt_loop -$ endif -$ endif -$ write sys$output "Checking for ''cdef'... no" -$ call write_config f$fao("#undef !AS",cdef) -$ MSYM_CLEAN: -$ if (idel .le. msym_max) -$ then -$ delete/sym mdef_'idel' -$ idel = idel + 1 -$ goto msym_clean -$ endif -$ return -$!------------------------------------------------------------------------------ -$! -$! Write configuration to both permanent and temporary config file -$! -$! Version history -$! 0.01 20031029 First version to receive a number -$! -$WRITE_CONFIG: SUBROUTINE -$ write aconf 'p1' -$ open/append confh 'th' -$ write confh 'p1' -$ close confh -$ENDSUBROUTINE -$!------------------------------------------------------------------------------ -$! -$! Analyze the project map file and create the symbol vector for a shareable -$! image from it -$! -$! Version history -$! 0.01 20120128 First version -$! 0.02 20120226 Add pre-load logic -$! -$ MAP_2_SHOPT: Subroutine -$! -$ SAY := "WRITE_ SYS$OUTPUT" -$! -$ IF F$SEARCH("''P1'") .EQS. "" -$ THEN -$ SAY "MAP_2_SHOPT-E-NOSUCHFILE: Error, inputfile ''p1' not available" -$ goto exit_m2s -$ ENDIF -$ IF "''P2'" .EQS. "" -$ THEN -$ SAY "MAP_2_SHOPT: Error, no output file provided" -$ goto exit_m2s -$ ENDIF -$! -$ module1 = "deflate#deflateEnd#deflateInit_#deflateParams#deflateSetDictionary" -$ module2 = "gzclose#gzerror#gzgetc#gzgets#gzopen#gzprintf#gzputc#gzputs#gzread" -$ module3 = "gzseek#gztell#inflate#inflateEnd#inflateInit_#inflateSetDictionary" -$ module4 = "inflateSync#uncompress#zlibVersion#compress" -$ open/read map 'p1 -$ if axp .or. ia64 -$ then -$ open/write aopt a.opt -$ open/write bopt b.opt -$ write aopt " CASE_SENSITIVE=YES" -$ write bopt "SYMBOL_VECTOR= (-" -$ mod_sym_num = 1 -$ MOD_SYM_LOOP: -$ if f$type(module'mod_sym_num') .nes. "" -$ then -$ mod_in = 0 -$ MOD_SYM_IN: -$ shared_proc = f$element(mod_in, "#", module'mod_sym_num') -$ if shared_proc .nes. "#" -$ then -$ write aopt f$fao(" symbol_vector=(!AS/!AS=PROCEDURE)",- - f$edit(shared_proc,"upcase"),shared_proc) -$ write bopt f$fao("!AS=PROCEDURE,-",shared_proc) -$ mod_in = mod_in + 1 -$ goto mod_sym_in -$ endif -$ mod_sym_num = mod_sym_num + 1 -$ goto mod_sym_loop -$ endif -$MAP_LOOP: -$ read/end=map_end map line -$ if (f$locate("{",line).lt. f$length(line)) .or. - - (f$locate("global:", line) .lt. f$length(line)) -$ then -$ proc = true -$ goto map_loop -$ endif -$ if f$locate("}",line).lt. f$length(line) then proc = false -$ if f$locate("local:", line) .lt. f$length(line) then proc = false -$ if proc -$ then -$ shared_proc = f$edit(line,"collapse") -$ chop_semi = f$locate(";", shared_proc) -$ if chop_semi .lt. f$length(shared_proc) then - - shared_proc = f$extract(0, chop_semi, shared_proc) -$ write aopt f$fao(" symbol_vector=(!AS/!AS=PROCEDURE)",- - f$edit(shared_proc,"upcase"),shared_proc) -$ write bopt f$fao("!AS=PROCEDURE,-",shared_proc) -$ endif -$ goto map_loop -$MAP_END: -$ close/nolog aopt -$ close/nolog bopt -$ open/append libopt 'p2' -$ open/read aopt a.opt -$ open/read bopt b.opt -$ALOOP: -$ read/end=aloop_end aopt line -$ write libopt line -$ goto aloop -$ALOOP_END: -$ close/nolog aopt -$ sv = "" -$BLOOP: -$ read/end=bloop_end bopt svn -$ if (svn.nes."") -$ then -$ if (sv.nes."") then write libopt sv -$ sv = svn -$ endif -$ goto bloop -$BLOOP_END: -$ write libopt f$extract(0,f$length(sv)-2,sv), "-" -$ write libopt ")" -$ close/nolog bopt -$ delete/nolog/noconf a.opt;*,b.opt;* -$ else -$ if vax -$ then -$ open/append libopt 'p2' -$ mod_sym_num = 1 -$ VMOD_SYM_LOOP: -$ if f$type(module'mod_sym_num') .nes. "" -$ then -$ mod_in = 0 -$ VMOD_SYM_IN: -$ shared_proc = f$element(mod_in, "#", module'mod_sym_num') -$ if shared_proc .nes. "#" -$ then -$ write libopt f$fao("UNIVERSAL=!AS",- - f$edit(shared_proc,"upcase")) -$ mod_in = mod_in + 1 -$ goto vmod_sym_in -$ endif -$ mod_sym_num = mod_sym_num + 1 -$ goto vmod_sym_loop -$ endif -$VMAP_LOOP: -$ read/end=vmap_end map line -$ if (f$locate("{",line).lt. f$length(line)) .or. - - (f$locate("global:", line) .lt. f$length(line)) -$ then -$ proc = true -$ goto vmap_loop -$ endif -$ if f$locate("}",line).lt. f$length(line) then proc = false -$ if f$locate("local:", line) .lt. f$length(line) then proc = false -$ if proc -$ then -$ shared_proc = f$edit(line,"collapse") -$ chop_semi = f$locate(";", shared_proc) -$ if chop_semi .lt. f$length(shared_proc) then - - shared_proc = f$extract(0, chop_semi, shared_proc) -$ write libopt f$fao("UNIVERSAL=!AS",- - f$edit(shared_proc,"upcase")) -$ endif -$ goto vmap_loop -$VMAP_END: -$ else -$ write sys$output "Unknown Architecture (Not VAX, AXP, or IA64)" -$ write sys$output "No options file created" -$ endif -$ endif -$ EXIT_M2S: -$ close/nolog map -$ close/nolog libopt -$ endsubroutine diff -Nru mariadb-11.8.6/zlib/qnx/package.qpg mariadb-11.8.8/zlib/qnx/package.qpg --- mariadb-11.8.6/zlib/qnx/package.qpg 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/qnx/package.qpg 1970-01-01 00:00:00.000000000 +0000 @@ -1,141 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Library - - Medium - - 2.0 - - - - zlib - zlib - alain.bonnefoy@icbt.com - Public - public - www.gzip.org/zlib - - - Jean-Loup Gailly,Mark Adler - www.gzip.org/zlib - - zlib@gzip.org - - - A massively spiffy yet delicately unobtrusive compression library. - zlib is designed to be a free, general-purpose, legally unencumbered, lossless data compression library for use on virtually any computer hardware and operating system. - http://www.gzip.org/zlib - - - - - 1.3.1 - Medium - Stable - - - - - - - No License - - - - Software Development/Libraries and Extensions/C Libraries - zlib,compression - qnx6 - qnx6 - None - Developer - - - - - - - - - - - - - - Install - Post - No - Ignore - - No - Optional - - - - - - - - - - - - - InstallOver - zlib - - - - - - - - - - - - - InstallOver - zlib-dev - - - - - - - - - diff -Nru mariadb-11.8.6/zlib/treebuild.xml mariadb-11.8.8/zlib/treebuild.xml --- mariadb-11.8.6/zlib/treebuild.xml 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/treebuild.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,116 +0,0 @@ - - - - zip compression library - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff -Nru mariadb-11.8.6/zlib/trees.c mariadb-11.8.8/zlib/trees.c --- mariadb-11.8.6/zlib/trees.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/trees.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* trees.c -- output deflated data using Huffman coding - * Copyright (C) 1995-2024 Jean-loup Gailly + * Copyright (C) 1995-2026 Jean-loup Gailly * detect_data_type() function provided freely by Cosmin Truta, 2006 * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -112,7 +112,7 @@ #else # include "trees.h" -#endif /* GEN_TREES_H */ +#endif /* defined(GEN_TREES_H) || !defined(STDC) */ struct static_tree_desc_s { const ct_data *static_tree; /* static tree or NULL */ @@ -152,7 +152,7 @@ * IN assertion: 1 <= len <= 15 */ local unsigned bi_reverse(unsigned code, int len) { - register unsigned res = 0; + unsigned res = 0; do { res |= code & 1; code >>= 1, res <<= 1; @@ -184,10 +184,11 @@ } else if (s->bi_valid > 0) { put_byte(s, (Byte)s->bi_buf); } + s->bi_used = ((s->bi_valid - 1) & 7) + 1; s->bi_buf = 0; s->bi_valid = 0; #ifdef ZLIB_DEBUG - s->bits_sent = (s->bits_sent + 7) & ~7; + s->bits_sent = (s->bits_sent + 7) & ~(ulg)7; #endif } @@ -466,6 +467,7 @@ s->bi_buf = 0; s->bi_valid = 0; + s->bi_used = 0; #ifdef ZLIB_DEBUG s->compressed_len = 0L; s->bits_sent = 0L; @@ -724,7 +726,7 @@ if (++count < max_count && curlen == nextlen) { continue; } else if (count < min_count) { - s->bl_tree[curlen].Freq += count; + s->bl_tree[curlen].Freq += (ush)count; } else if (curlen != 0) { if (curlen != prevlen) s->bl_tree[curlen].Freq++; s->bl_tree[REP_3_6].Freq++; @@ -817,7 +819,7 @@ } /* Update opt_len to include the bit length tree and counts */ s->opt_len += 3*((ulg)max_blindex + 1) + 5 + 5 + 4; - Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", + Tracev((stderr, "\ndyn trees: dyn %lu, stat %lu", s->opt_len, s->static_len)); return max_blindex; @@ -843,13 +845,13 @@ Tracev((stderr, "\nbl code %2d ", bl_order[rank])); send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); } - Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); + Tracev((stderr, "\nbl tree: sent %lu", s->bits_sent)); send_tree(s, (ct_data *)s->dyn_ltree, lcodes - 1); /* literal tree */ - Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); + Tracev((stderr, "\nlit tree: sent %lu", s->bits_sent)); send_tree(s, (ct_data *)s->dyn_dtree, dcodes - 1); /* distance tree */ - Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); + Tracev((stderr, "\ndist tree: sent %lu", s->bits_sent)); } /* =========================================================================== @@ -932,7 +934,7 @@ extra = extra_dbits[code]; if (extra != 0) { dist -= (unsigned)base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ + send_bits(s, (int)dist, extra); /* send the extra bits */ } } /* literal or match pair ? */ @@ -1006,11 +1008,11 @@ /* Construct the literal and distance trees */ build_tree(s, (tree_desc *)(&(s->l_desc))); - Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, + Tracev((stderr, "\nlit data: dyn %lu, stat %lu", s->opt_len, s->static_len)); build_tree(s, (tree_desc *)(&(s->d_desc))); - Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, + Tracev((stderr, "\ndist data: dyn %lu, stat %lu", s->opt_len, s->static_len)); /* At this point, opt_len and static_len are the total bit lengths of * the compressed block data, excluding the tree representations. @@ -1083,7 +1085,7 @@ #endif } Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len >> 3, - s->compressed_len - 7*last)); + s->compressed_len - 7*(ulg)last)); } /* =========================================================================== diff -Nru mariadb-11.8.6/zlib/uncompr.c mariadb-11.8.8/zlib/uncompr.c --- mariadb-11.8.6/zlib/uncompr.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/uncompr.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* uncompr.c -- decompress a memory buffer - * Copyright (C) 1995-2003, 2010, 2014, 2016 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -23,24 +23,24 @@ memory, Z_BUF_ERROR if there was not enough room in the output buffer, or Z_DATA_ERROR if the input data was corrupted, including if the input data is an incomplete zlib stream. + + The _z versions of the functions take size_t length arguments. */ -int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source, - uLong *sourceLen) { +int ZEXPORT uncompress2_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t *sourceLen) { z_stream stream; int err; const uInt max = (uInt)-1; - uLong len, left; - Byte buf[1]; /* for detection of incomplete stream when *destLen == 0 */ + z_size_t len, left; + + if (sourceLen == NULL || (*sourceLen > 0 && source == NULL) || + destLen == NULL || (*destLen > 0 && dest == NULL)) + return Z_STREAM_ERROR; len = *sourceLen; - if (*destLen) { - left = *destLen; - *destLen = 0; - } - else { - left = 1; - dest = buf; - } + left = *destLen; + if (left == 0 && dest == Z_NULL) + dest = (Bytef *)&stream.reserved; /* next_out cannot be NULL */ stream.next_in = (z_const Bytef *)source; stream.avail_in = 0; @@ -56,30 +56,46 @@ do { if (stream.avail_out == 0) { - stream.avail_out = left > (uLong)max ? max : (uInt)left; + stream.avail_out = left > (z_size_t)max ? max : (uInt)left; left -= stream.avail_out; } if (stream.avail_in == 0) { - stream.avail_in = len > (uLong)max ? max : (uInt)len; + stream.avail_in = len > (z_size_t)max ? max : (uInt)len; len -= stream.avail_in; } err = inflate(&stream, Z_NO_FLUSH); } while (err == Z_OK); - *sourceLen -= len + stream.avail_in; - if (dest != buf) - *destLen = stream.total_out; - else if (stream.total_out && err == Z_BUF_ERROR) - left = 1; + /* Set len and left to the unused input data and unused output space. Set + *sourceLen to the amount of input consumed. Set *destLen to the amount + of data produced. */ + len += stream.avail_in; + left += stream.avail_out; + *sourceLen -= len; + *destLen -= left; inflateEnd(&stream); return err == Z_STREAM_END ? Z_OK : err == Z_NEED_DICT ? Z_DATA_ERROR : - err == Z_BUF_ERROR && left + stream.avail_out ? Z_DATA_ERROR : + err == Z_BUF_ERROR && len == 0 ? Z_DATA_ERROR : err; } - +int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source, + uLong *sourceLen) { + int ret; + z_size_t got = *destLen, used = *sourceLen; + ret = uncompress2_z(dest, &got, source, &used); + *sourceLen = (uLong)used; + *destLen = (uLong)got; + return ret; +} +int ZEXPORT uncompress_z(Bytef *dest, z_size_t *destLen, const Bytef *source, + z_size_t sourceLen) { + z_size_t used = sourceLen; + return uncompress2_z(dest, destLen, source, &used); +} int ZEXPORT uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen) { - return uncompress2(dest, destLen, source, &sourceLen); + uLong used = sourceLen; + return uncompress2(dest, destLen, source, &used); } diff -Nru mariadb-11.8.6/zlib/watcom/watcom_f.mak mariadb-11.8.8/zlib/watcom/watcom_f.mak --- mariadb-11.8.6/zlib/watcom/watcom_f.mak 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/watcom/watcom_f.mak 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -# Makefile for zlib -# OpenWatcom flat model -# Last updated: 28-Dec-2005 - -# To use, do "wmake -f watcom_f.mak" - -C_SOURCE = adler32.c compress.c crc32.c deflate.c & - gzclose.c gzlib.c gzread.c gzwrite.c & - infback.c inffast.c inflate.c inftrees.c & - trees.c uncompr.c zutil.c - -OBJS = adler32.obj compress.obj crc32.obj deflate.obj & - gzclose.obj gzlib.obj gzread.obj gzwrite.obj & - infback.obj inffast.obj inflate.obj inftrees.obj & - trees.obj uncompr.obj zutil.obj - -CC = wcc386 -LINKER = wcl386 -CFLAGS = -zq -mf -3r -fp3 -s -bt=dos -oilrtfm -fr=nul -wx -ZLIB_LIB = zlib_f.lib - -.C.OBJ: - $(CC) $(CFLAGS) $[@ - -all: $(ZLIB_LIB) example.exe minigzip.exe - -$(ZLIB_LIB): $(OBJS) - wlib -b -c $(ZLIB_LIB) -+adler32.obj -+compress.obj -+crc32.obj - wlib -b -c $(ZLIB_LIB) -+gzclose.obj -+gzlib.obj -+gzread.obj -+gzwrite.obj - wlib -b -c $(ZLIB_LIB) -+deflate.obj -+infback.obj - wlib -b -c $(ZLIB_LIB) -+inffast.obj -+inflate.obj -+inftrees.obj - wlib -b -c $(ZLIB_LIB) -+trees.obj -+uncompr.obj -+zutil.obj - -example.exe: $(ZLIB_LIB) example.obj - $(LINKER) -ldos32a -fe=example.exe example.obj $(ZLIB_LIB) - -minigzip.exe: $(ZLIB_LIB) minigzip.obj - $(LINKER) -ldos32a -fe=minigzip.exe minigzip.obj $(ZLIB_LIB) - -clean: .SYMBOLIC - del *.obj - del $(ZLIB_LIB) - @echo Cleaning done diff -Nru mariadb-11.8.6/zlib/watcom/watcom_l.mak mariadb-11.8.8/zlib/watcom/watcom_l.mak --- mariadb-11.8.6/zlib/watcom/watcom_l.mak 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/watcom/watcom_l.mak 1970-01-01 00:00:00.000000000 +0000 @@ -1,43 +0,0 @@ -# Makefile for zlib -# OpenWatcom large model -# Last updated: 28-Dec-2005 - -# To use, do "wmake -f watcom_l.mak" - -C_SOURCE = adler32.c compress.c crc32.c deflate.c & - gzclose.c gzlib.c gzread.c gzwrite.c & - infback.c inffast.c inflate.c inftrees.c & - trees.c uncompr.c zutil.c - -OBJS = adler32.obj compress.obj crc32.obj deflate.obj & - gzclose.obj gzlib.obj gzread.obj gzwrite.obj & - infback.obj inffast.obj inflate.obj inftrees.obj & - trees.obj uncompr.obj zutil.obj - -CC = wcc -LINKER = wcl -CFLAGS = -zq -ml -s -bt=dos -oilrtfm -fr=nul -wx -ZLIB_LIB = zlib_l.lib - -.C.OBJ: - $(CC) $(CFLAGS) $[@ - -all: $(ZLIB_LIB) example.exe minigzip.exe - -$(ZLIB_LIB): $(OBJS) - wlib -b -c $(ZLIB_LIB) -+adler32.obj -+compress.obj -+crc32.obj - wlib -b -c $(ZLIB_LIB) -+gzclose.obj -+gzlib.obj -+gzread.obj -+gzwrite.obj - wlib -b -c $(ZLIB_LIB) -+deflate.obj -+infback.obj - wlib -b -c $(ZLIB_LIB) -+inffast.obj -+inflate.obj -+inftrees.obj - wlib -b -c $(ZLIB_LIB) -+trees.obj -+uncompr.obj -+zutil.obj - -example.exe: $(ZLIB_LIB) example.obj - $(LINKER) -fe=example.exe example.obj $(ZLIB_LIB) - -minigzip.exe: $(ZLIB_LIB) minigzip.obj - $(LINKER) -fe=minigzip.exe minigzip.obj $(ZLIB_LIB) - -clean: .SYMBOLIC - del *.obj - del $(ZLIB_LIB) - @echo Cleaning done diff -Nru mariadb-11.8.6/zlib/win32/DLL_FAQ.txt mariadb-11.8.8/zlib/win32/DLL_FAQ.txt --- mariadb-11.8.6/zlib/win32/DLL_FAQ.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/win32/DLL_FAQ.txt 2026-05-24 09:58:33.000000000 +0000 @@ -6,7 +6,7 @@ of the common DLL build of zlib, named ZLIB1.DLL. If you have general questions about zlib, you should see the file "FAQ" found in the zlib distribution, or at the following location: - http://www.gzip.org/zlib/zlib_faq.html + https://www.zlib.net/zlib_faq.html 1. What is ZLIB1.DLL, and how can I get it? diff -Nru mariadb-11.8.6/zlib/win32/Makefile.gcc mariadb-11.8.8/zlib/win32/Makefile.gcc --- mariadb-11.8.6/zlib/win32/Makefile.gcc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/win32/Makefile.gcc 2026-05-24 09:58:33.000000000 +0000 @@ -4,7 +4,7 @@ # Last updated: Mar 2012. # Tested under Cygwin and MinGW. -# Copyright (C) 1995-2003 Jean-loup Gailly. +# Copyright (C) 1995-2026 Jean-loup Gailly. # For conditions of distribution and use, see copyright notice in zlib.h # To compile, or to compile and test, type from the top level zlib directory: @@ -50,7 +50,7 @@ ARFLAGS = rcs RC = $(PREFIX)windres -RCFLAGS = --define GCC_WINDRES +RCFLAGS = STRIP = $(PREFIX)strip @@ -76,10 +76,10 @@ ./example_d echo hello world | ./minigzip_d | ./minigzip_d -d -.c.o: +%.o: %.c $(CC) $(CFLAGS) -c -o $@ $< -.S.o: +%.o: %.S $(AS) $(ASFLAGS) -c -o $@ $< $(STATICLIB): $(OBJS) $(OBJA) @@ -88,7 +88,7 @@ $(IMPLIB): $(SHAREDLIB) $(SHAREDLIB): win32/zlib.def $(OBJS) $(OBJA) zlibrc.o - $(CC) -shared -Wl,--out-implib,$(IMPLIB) $(LDFLAGS) \ + $(CC) -shared -static-libgcc -Wl,--out-implib,$(IMPLIB) $(LDFLAGS) \ -o $@ win32/zlib.def $(OBJS) $(OBJA) zlibrc.o $(STRIP) $@ diff -Nru mariadb-11.8.6/zlib/win32/README-WIN32.txt mariadb-11.8.8/zlib/win32/README-WIN32.txt --- mariadb-11.8.6/zlib/win32/README-WIN32.txt 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/win32/README-WIN32.txt 2026-05-24 09:58:33.000000000 +0000 @@ -1,10 +1,10 @@ ZLIB DATA COMPRESSION LIBRARY -zlib 1.3.1 is a general purpose data compression library. All the code is +zlib 1.3.2 is a general purpose data compression library. All the code is thread safe. The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files -http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format) -and rfc1952.txt (gzip format). +https://datatracker.ietf.org/doc/html/rfc1951 (zlib format), rfc1951.txt +(deflate format), and rfc1952.txt (gzip format). All functions of the compression library are documented in the file zlib.h (volunteer to write man pages welcome, contact zlib@gzip.org). Two compiled @@ -12,17 +12,17 @@ and minigzip_d flavors validate that the zlib1.dll file is working correctly. Questions about zlib should be sent to . The zlib home page -is http://zlib.net/ . Before reporting a problem, please check this site to +is https://zlib.net/ . Before reporting a problem, please check this site to verify that you have the latest version of zlib; otherwise get the latest version and check whether the problem still exists or not. -PLEASE read DLL_FAQ.txt, and the zlib FAQ http://zlib.net/zlib_faq.html before +PLEASE read DLL_FAQ.txt, and the zlib FAQ https://zlib.net/zlib_faq.html before asking for help. Manifest: -The package zlib-1.3.1-win32-x86.zip will contain the following files: +The package zlib-1.3.2-win32-x86.zip will contain the following files: README-WIN32.txt This document ChangeLog Changes since previous zlib packages @@ -59,7 +59,7 @@ All .pdb files above are entirely optional, but are very useful to a developer attempting to diagnose program misbehavior or a crash. Many additional important files for developers can be found in the zlib127.zip source package -available from http://zlib.net/ - review that package's README file for details. +available from https://zlib.net/ - review that package's README file for details. Acknowledgments: @@ -72,7 +72,7 @@ Copyright notice: - (C) 1995-2017 Jean-loup Gailly and Mark Adler + (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff -Nru mariadb-11.8.6/zlib/win32/zlib.def mariadb-11.8.8/zlib/win32/zlib.def --- mariadb-11.8.6/zlib/win32/zlib.def 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/win32/zlib.def 2026-05-24 09:58:33.000000000 +0000 @@ -14,7 +14,9 @@ deflateParams deflateTune deflateBound + deflateBound_z deflatePending + deflateUsed deflatePrime deflateSetHeader inflateSetDictionary @@ -32,9 +34,14 @@ ; utility functions compress compress2 + compress_z + compress2_z compressBound + compressBound_z uncompress uncompress2 + uncompress_z + uncompress2_z gzopen gzdopen gzbuffer diff -Nru mariadb-11.8.6/zlib/win32/zlib1.rc mariadb-11.8.8/zlib/win32/zlib1.rc --- mariadb-11.8.6/zlib/win32/zlib1.rc 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/win32/zlib1.rc 2026-05-24 09:58:33.000000000 +0000 @@ -1,11 +1,8 @@ #include #include "../zlib.h" -#ifdef GCC_WINDRES VS_VERSION_INFO VERSIONINFO -#else -VS_VERSION_INFO VERSIONINFO MOVEABLE IMPURE LOADONCALL DISCARDABLE -#endif + FILEVERSION ZLIB_VER_MAJOR,ZLIB_VER_MINOR,ZLIB_VER_REVISION,0 PRODUCTVERSION ZLIB_VER_MAJOR,ZLIB_VER_MINOR,ZLIB_VER_REVISION,0 FILEFLAGSMASK VS_FFI_FILEFLAGSMASK @@ -26,11 +23,11 @@ VALUE "FileDescription", "zlib data compression library\0" VALUE "FileVersion", ZLIB_VERSION "\0" VALUE "InternalName", "zlib1.dll\0" - VALUE "LegalCopyright", "(C) 1995-2022 Jean-loup Gailly & Mark Adler\0" + VALUE "LegalCopyright", "(C) 1995-2026 Jean-loup Gailly & Mark Adler\0" VALUE "OriginalFilename", "zlib1.dll\0" VALUE "ProductName", "zlib\0" VALUE "ProductVersion", ZLIB_VERSION "\0" - VALUE "Comments", "For more information visit http://www.zlib.net/\0" + VALUE "Comments", "For more information visit https://www.zlib.net/\0" END END BLOCK "VarFileInfo" diff -Nru mariadb-11.8.6/zlib/zconf.h.cmakein mariadb-11.8.8/zlib/zconf.h.cmakein --- mariadb-11.8.6/zlib/zconf.h.cmakein 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zconf.h.cmakein 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -7,8 +7,10 @@ #ifndef ZCONF_H #define ZCONF_H -#cmakedefine Z_PREFIX -#cmakedefine Z_HAVE_UNISTD_H + +#cmakedefine Z_PREFIX 1 +#cmakedefine HAVE_STDARG_H 1 +#cmakedefine HAVE_UNISTD_H 1 /* * If you *really* need a unique prefix for all types and library functions, @@ -35,7 +37,10 @@ # ifndef Z_SOLO # define compress z_compress # define compress2 z_compress2 +# define compress_z z_compress_z +# define compress2_z z_compress2_z # define compressBound z_compressBound +# define compressBound_z z_compressBound_z # endif # define crc32 z_crc32 # define crc32_combine z_crc32_combine @@ -46,6 +51,7 @@ # define crc32_z z_crc32_z # define deflate z_deflate # define deflateBound z_deflateBound +# define deflateBound_z z_deflateBound_z # define deflateCopy z_deflateCopy # define deflateEnd z_deflateEnd # define deflateGetDictionary z_deflateGetDictionary @@ -61,6 +67,7 @@ # define deflateSetDictionary z_deflateSetDictionary # define deflateSetHeader z_deflateSetHeader # define deflateTune z_deflateTune +# define deflateUsed z_deflateUsed # define deflate_copyright z_deflate_copyright # define get_crc_table z_get_crc_table # ifndef Z_SOLO @@ -130,9 +137,12 @@ # define inflate_copyright z_inflate_copyright # define inflate_fast z_inflate_fast # define inflate_table z_inflate_table +# define inflate_fixed z_inflate_fixed # ifndef Z_SOLO # define uncompress z_uncompress # define uncompress2 z_uncompress2 +# define uncompress_z z_uncompress_z +# define uncompress2_z z_uncompress2_z # endif # define zError z_zError # ifndef Z_SOLO @@ -236,10 +246,12 @@ # endif #endif -#if defined(ZLIB_CONST) && !defined(z_const) -# define z_const const -#else -# define z_const +#ifndef z_const +# ifdef ZLIB_CONST +# define z_const const +# else +# define z_const +# endif #endif #ifdef Z_SOLO @@ -435,11 +447,11 @@ typedef unsigned long z_crc_t; #endif -#ifdef HAVE_UNISTD_H /* may be set to #if 1 by ./configure */ +#if HAVE_UNISTD_H-0 /* may be set to #if 1 by ./configure */ # define Z_HAVE_UNISTD_H #endif -#ifdef HAVE_STDARG_H /* may be set to #if 1 by ./configure */ +#if HAVE_STDARG_H-0 /* may be set to #if 1 by ./configure */ # define Z_HAVE_STDARG_H #endif @@ -472,12 +484,8 @@ #endif #ifndef Z_HAVE_UNISTD_H -# ifdef __WATCOMC__ -# define Z_HAVE_UNISTD_H -# endif -#endif -#ifndef Z_HAVE_UNISTD_H -# if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32) +# if defined(__WATCOMC__) || defined(__GO32__) || \ + (defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)) # define Z_HAVE_UNISTD_H # endif #endif @@ -512,17 +520,19 @@ #endif #ifndef z_off_t -# define z_off_t long +# define z_off_t long long #endif #if !defined(_WIN32) && defined(Z_LARGE64) # define z_off64_t off64_t +#elif defined(__MINGW32__) +# define z_off64_t long long +#elif defined(_WIN32) && !defined(__GNUC__) +# define z_off64_t __int64 +#elif defined(__GO32__) +# define z_off64_t offset_t #else -# if defined(_WIN32) && !defined(__GNUC__) -# define z_off64_t __int64 -# else -# define z_off64_t z_off_t -# endif +# define z_off64_t z_off_t #endif /* MVS linker does not support external names larger than 8 bytes */ diff -Nru mariadb-11.8.6/zlib/zconf.h.in mariadb-11.8.8/zlib/zconf.h.in --- mariadb-11.8.6/zlib/zconf.h.in 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zconf.h.in 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* zconf.h -- configuration of the zlib compression library - * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -33,7 +33,10 @@ # ifndef Z_SOLO # define compress z_compress # define compress2 z_compress2 +# define compress_z z_compress_z +# define compress2_z z_compress2_z # define compressBound z_compressBound +# define compressBound_z z_compressBound_z # endif # define crc32 z_crc32 # define crc32_combine z_crc32_combine @@ -44,6 +47,7 @@ # define crc32_z z_crc32_z # define deflate z_deflate # define deflateBound z_deflateBound +# define deflateBound_z z_deflateBound_z # define deflateCopy z_deflateCopy # define deflateEnd z_deflateEnd # define deflateGetDictionary z_deflateGetDictionary @@ -59,6 +63,7 @@ # define deflateSetDictionary z_deflateSetDictionary # define deflateSetHeader z_deflateSetHeader # define deflateTune z_deflateTune +# define deflateUsed z_deflateUsed # define deflate_copyright z_deflate_copyright # define get_crc_table z_get_crc_table # ifndef Z_SOLO @@ -128,9 +133,12 @@ # define inflate_copyright z_inflate_copyright # define inflate_fast z_inflate_fast # define inflate_table z_inflate_table +# define inflate_fixed z_inflate_fixed # ifndef Z_SOLO # define uncompress z_uncompress # define uncompress2 z_uncompress2 +# define uncompress_z z_uncompress_z +# define uncompress2_z z_uncompress2_z # endif # define zError z_zError # ifndef Z_SOLO @@ -234,10 +242,12 @@ # endif #endif -#if defined(ZLIB_CONST) && !defined(z_const) -# define z_const const -#else -# define z_const +#ifndef z_const +# ifdef ZLIB_CONST +# define z_const const +# else +# define z_const +# endif #endif #ifdef Z_SOLO @@ -433,11 +443,11 @@ typedef unsigned long z_crc_t; #endif -#ifdef HAVE_UNISTD_H /* may be set to #if 1 by ./configure */ +#if HAVE_UNISTD_H-0 /* may be set to #if 1 by ./configure */ # define Z_HAVE_UNISTD_H #endif -#ifdef HAVE_STDARG_H /* may be set to #if 1 by ./configure */ +#if HAVE_STDARG_H-0 /* may be set to #if 1 by ./configure */ # define Z_HAVE_STDARG_H #endif @@ -470,12 +480,8 @@ #endif #ifndef Z_HAVE_UNISTD_H -# ifdef __WATCOMC__ -# define Z_HAVE_UNISTD_H -# endif -#endif -#ifndef Z_HAVE_UNISTD_H -# if defined(_LARGEFILE64_SOURCE) && !defined(_WIN32) +# if defined(__WATCOMC__) || defined(__GO32__) || \ + (defined(_LARGEFILE64_SOURCE) && !defined(_WIN32)) # define Z_HAVE_UNISTD_H # endif #endif @@ -510,17 +516,19 @@ #endif #ifndef z_off_t -# define z_off_t long +# define z_off_t long long #endif #if !defined(_WIN32) && defined(Z_LARGE64) # define z_off64_t off64_t +#elif defined(__MINGW32__) +# define z_off64_t long long +#elif defined(_WIN32) && !defined(__GNUC__) +# define z_off64_t __int64 +#elif defined(__GO32__) +# define z_off64_t offset_t #else -# if defined(_WIN32) && !defined(__GNUC__) -# define z_off64_t __int64 -# else -# define z_off64_t z_off_t -# endif +# define z_off64_t z_off_t #endif /* MVS linker does not support external names larger than 8 bytes */ diff -Nru mariadb-11.8.6/zlib/zlib.3 mariadb-11.8.8/zlib/zlib.3 --- mariadb-11.8.6/zlib/zlib.3 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zlib.3 2026-05-24 09:58:33.000000000 +0000 @@ -1,4 +1,4 @@ -.TH ZLIB 3 "22 Jan 2024" +.TH ZLIB 3 "17 Feb 2026" .SH NAME zlib \- compression/decompression library .SH SYNOPSIS @@ -57,7 +57,7 @@ by Gilles Vollant (info@winimage.com), is available at: .IP -http://www.winimage.com/zLibDll/minizip.html +https://www.winimage.com/zLibDll/minizip.html and also in the .I contrib/minizip directory of the main @@ -68,25 +68,25 @@ .I zlib web site can be found at: .IP -http://zlib.net/ +https://zlib.net/ .LP The data format used by the .I zlib library is described by RFC -(Request for Comments) 1950 to 1952 in the files: +(Request for Comments) 1950 to 1952 at: .IP -http://tools.ietf.org/html/rfc1950 (for the zlib header and trailer format) +https://datatracker.ietf.org/doc/html/rfc1950 (for the zlib header and trailer format) .br -http://tools.ietf.org/html/rfc1951 (for the deflate compressed data format) +https://datatracker.ietf.org/doc/html/rfc1951 (for the deflate compressed data format) .br -http://tools.ietf.org/html/rfc1952 (for the gzip header and trailer format) +https://datatracker.ietf.org/doc/html/rfc1952 (for the gzip header and trailer format) .LP Mark Nelson wrote an article about .I zlib for the Jan. 1997 issue of Dr. Dobb's Journal; a copy of the article is available at: .IP -http://marknelson.us/1997/01/01/zlib-engine/ +https://zlib.net/nelson/ .SH "REPORTING PROBLEMS" Before reporting a problem, please check the @@ -99,15 +99,15 @@ .I zlib FAQ at: .IP -http://zlib.net/zlib_faq.html +https://zlib.net/zlib_faq.html .LP before asking for help. Send questions and/or comments to zlib@gzip.org, or (for the Windows DLL version) to Gilles Vollant (info@winimage.com). .SH AUTHORS AND LICENSE -Version 1.3.1 +Version 1.3.2 .LP -Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler +Copyright (C) 1995-2026 Jean-loup Gailly and Mark Adler .LP This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages diff -Nru mariadb-11.8.6/zlib/zlib.h mariadb-11.8.8/zlib/zlib.h --- mariadb-11.8.6/zlib/zlib.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zlib.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,7 +1,7 @@ /* zlib.h -- interface of the 'zlib' general purpose compression library - version 1.3.1, January 22nd, 2024 + version 1.3.2, February 17th, 2026 - Copyright (C) 1995-2024 Jean-loup Gailly and Mark Adler + Copyright (C) 1995-2026 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages @@ -24,24 +24,28 @@ The data format used by the zlib library is described by RFCs (Request for - Comments) 1950 to 1952 in the files http://tools.ietf.org/html/rfc1950 + Comments) 1950 to 1952 at https://datatracker.ietf.org/doc/html/rfc1950 (zlib format), rfc1951 (deflate format) and rfc1952 (gzip format). */ #ifndef ZLIB_H #define ZLIB_H -#include +#ifdef ZLIB_BUILD +# include +#else +# include "zconf.h" +#endif #ifdef __cplusplus extern "C" { #endif -#define ZLIB_VERSION "1.3.1" -#define ZLIB_VERNUM 0x1310 +#define ZLIB_VERSION "1.3.2" +#define ZLIB_VERNUM 0x1320 #define ZLIB_VER_MAJOR 1 #define ZLIB_VER_MINOR 3 -#define ZLIB_VER_REVISION 1 +#define ZLIB_VER_REVISION 2 #define ZLIB_VER_SUBREVISION 0 /* @@ -441,7 +445,7 @@ The Z_BLOCK option assists in appending to or combining deflate streams. To assist in this, on return inflate() always sets strm->data_type to the - number of unused bits in the last byte taken from strm->next_in, plus 64 if + number of unused bits in the input taken from strm->next_in, plus 64 if inflate() is currently decoding the last block in the deflate stream, plus 128 if inflate() returned immediately after decoding an end-of-block code or decoding the complete header up to just before the first byte of the deflate @@ -587,18 +591,21 @@ The strategy parameter is used to tune the compression algorithm. Use the value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data produced by a - filter (or predictor), Z_HUFFMAN_ONLY to force Huffman encoding only (no - string match), or Z_RLE to limit match distances to one (run-length - encoding). Filtered data consists mostly of small values with a somewhat - random distribution. In this case, the compression algorithm is tuned to - compress them better. The effect of Z_FILTERED is to force more Huffman - coding and less string matching; it is somewhat intermediate between - Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY. Z_RLE is designed to be almost as - fast as Z_HUFFMAN_ONLY, but give better compression for PNG image data. The - strategy parameter only affects the compression ratio but not the - correctness of the compressed output even if it is not set appropriately. - Z_FIXED prevents the use of dynamic Huffman codes, allowing for a simpler - decoder for special applications. + filter (or predictor), Z_RLE to limit match distances to one (run-length + encoding), or Z_HUFFMAN_ONLY to force Huffman encoding only (no string + matching). Filtered data consists mostly of small values with a somewhat + random distribution, as produced by the PNG filters. In this case, the + compression algorithm is tuned to compress them better. The effect of + Z_FILTERED is to force more Huffman coding and less string matching than the + default; it is intermediate between Z_DEFAULT_STRATEGY and Z_HUFFMAN_ONLY. + Z_RLE is almost as fast as Z_HUFFMAN_ONLY, but should give better + compression for PNG image data than Huffman only. The degree of string + matching from most to none is: Z_DEFAULT_STRATEGY, Z_FILTERED, Z_RLE, then + Z_HUFFMAN_ONLY. The strategy parameter affects the compression ratio but + never the correctness of the compressed output, even if it is not set + optimally for the given data. Z_FIXED uses the default string matching, but + prevents the use of dynamic Huffman codes, allowing for a simpler decoder + for special applications. deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was not enough memory, Z_STREAM_ERROR if any parameter is invalid (such as an invalid @@ -758,8 +765,8 @@ returns Z_OK on success, or Z_STREAM_ERROR for an invalid deflate stream. */ -ZEXTERN uLong ZEXPORT deflateBound(z_streamp strm, - uLong sourceLen); +ZEXTERN uLong ZEXPORT deflateBound(z_streamp strm, uLong sourceLen); +ZEXTERN z_size_t ZEXPORT deflateBound_z(z_streamp strm, z_size_t sourceLen); /* deflateBound() returns an upper bound on the compressed size after deflation of sourceLen bytes. It must be called after deflateInit() or @@ -771,6 +778,9 @@ to return Z_STREAM_END. Note that it is possible for the compressed size to be larger than the value returned by deflateBound() if flush options other than Z_FINISH or Z_NO_FLUSH are used. + + delfateBound_z() is the same, but takes and returns a size_t length. Note + that a long is 32 bits on Windows. */ ZEXTERN int ZEXPORT deflatePending(z_streamp strm, @@ -785,6 +795,21 @@ or bits are Z_NULL, then those values are not set. deflatePending returns Z_OK if success, or Z_STREAM_ERROR if the source + stream state was inconsistent. If an int is 16 bits and memLevel is 9, then + it is possible for the number of pending bytes to not fit in an unsigned. In + that case Z_BUF_ERROR is returned and *pending is set to the maximum value + of an unsigned. + */ + +ZEXTERN int ZEXPORT deflateUsed(z_streamp strm, + int *bits); +/* + deflateUsed() returns in *bits the most recent number of deflate bits used + in the last byte when flushing to a byte boundary. The result is in 1..8, or + 0 if there has not yet been a flush. This helps determine the location of + the last bit of a deflate stream. + + deflateUsed returns Z_OK if success, or Z_STREAM_ERROR if the source stream state was inconsistent. */ @@ -987,13 +1012,15 @@ int bits, int value); /* - This function inserts bits in the inflate input stream. The intent is - that this function is used to start inflating at a bit position in the - middle of a byte. The provided bits will be used before any bytes are used - from next_in. This function should only be used with raw inflate, and - should be used before the first inflate() call after inflateInit2() or - inflateReset(). bits must be less than or equal to 16, and that many of the - least significant bits of value will be inserted in the input. + This function inserts bits in the inflate input stream. The intent is to + use inflatePrime() to start inflating at a bit position in the middle of a + byte. The provided bits will be used before any bytes are used from + next_in. This function should be used with raw inflate, before the first + inflate() call, after inflateInit2() or inflateReset(). It can also be used + after an inflate() return indicates the end of a deflate block or header + when using Z_BLOCK. bits must be less than or equal to 16, and that many of + the least significant bits of value will be inserted in the input. The + other bits in value can be non-zero, and will be ignored. If bits is negative, then the input stream bit buffer is emptied. Then inflatePrime() can be called again to put bits in the buffer. This is used @@ -1001,7 +1028,15 @@ to feeding inflate codes. inflatePrime returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent. + stream state was inconsistent, or if bits is out of range. If inflate was + in the middle of processing a header, trailer, or stored block lengths, then + it is possible for there to be only eight bits available in the bit buffer. + In that case, bits > 8 is considered out of range. However, when used as + outlined above, there will always be 16 bits available in the buffer for + insertion. As noted in its documentation above, inflate records the number + of bits in the bit buffer on return in data_type. 32 minus that is the + number of bits available for insertion. inflatePrime does not update + data_type with the new number of bits in buffer. */ ZEXTERN long ZEXPORT inflateMark(z_streamp strm); @@ -1047,20 +1082,22 @@ The text, time, xflags, and os fields are filled in with the gzip header contents. hcrc is set to true if there is a header CRC. (The header CRC - was valid if done is set to one.) If extra is not Z_NULL, then extra_max - contains the maximum number of bytes to write to extra. Once done is true, - extra_len contains the actual extra field length, and extra contains the - extra field, or that field truncated if extra_max is less than extra_len. - If name is not Z_NULL, then up to name_max characters are written there, - terminated with a zero unless the length is greater than name_max. If - comment is not Z_NULL, then up to comm_max characters are written there, - terminated with a zero unless the length is greater than comm_max. When any - of extra, name, or comment are not Z_NULL and the respective field is not - present in the header, then that field is set to Z_NULL to signal its - absence. This allows the use of deflateSetHeader() with the returned - structure to duplicate the header. However if those fields are set to - allocated memory, then the application will need to save those pointers - elsewhere so that they can be eventually freed. + was valid if done is set to one.) The extra, name, and comment pointers + much each be either Z_NULL or point to space to store that information from + the header. If extra is not Z_NULL, then extra_max contains the maximum + number of bytes that can be written to extra. Once done is true, extra_len + contains the actual extra field length, and extra contains the extra field, + or that field truncated if extra_max is less than extra_len. If name is not + Z_NULL, then up to name_max characters, including the terminating zero, are + written there. If comment is not Z_NULL, then up to comm_max characters, + including the terminating zero, are written there. The application can tell + that the name or comment did not fit in the provided space by the absence of + a terminating zero. If any of extra, name, or comment are not present in + the header, then that field's pointer is set to Z_NULL. This allows the use + of deflateSetHeader() with the returned structure to duplicate the header. + Note that if those fields initially pointed to allocated memory, then the + application will need to save them elsewhere so that they can be eventually + freed. If inflateGetHeader is not used, then the header information is simply discarded. The header is always checked for validity, including the header @@ -1208,13 +1245,14 @@ 21: FASTEST -- deflate algorithm with only one, lowest compression level 22,23: 0 (reserved) - The sprintf variant used by gzprintf (zero is best): + The sprintf variant used by gzprintf (all zeros is best): 24: 0 = vs*, 1 = s* -- 1 means limited to 20 arguments after the format - 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() not secure! + 25: 0 = *nprintf, 1 = *printf -- 1 means gzprintf() is not secure! 26: 0 = returns value, 1 = void -- 1 means inferred string length returned + 27: 0 = gzprintf() present, 1 = not -- 1 means gzprintf() returns an error Remainder: - 27-31: 0 (reserved) + 28-31: 0 (reserved) */ #ifndef Z_SOLO @@ -1226,11 +1264,14 @@ stream-oriented functions. To simplify the interface, some default options are assumed (compression level and memory usage, standard memory allocation functions). The source code of these utility functions can be modified if - you need special options. + you need special options. The _z versions of the functions use the size_t + type for lengths. Note that a long is 32 bits on Windows. */ -ZEXTERN int ZEXPORT compress(Bytef *dest, uLongf *destLen, +ZEXTERN int ZEXPORT compress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen); +ZEXTERN int ZEXPORT compress_z(Bytef *dest, z_size_t *destLen, + const Bytef *source, z_size_t sourceLen); /* Compresses the source buffer into the destination buffer. sourceLen is the byte length of the source buffer. Upon entry, destLen is the total size @@ -1244,9 +1285,12 @@ buffer. */ -ZEXTERN int ZEXPORT compress2(Bytef *dest, uLongf *destLen, +ZEXTERN int ZEXPORT compress2(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen, int level); +ZEXTERN int ZEXPORT compress2_z(Bytef *dest, z_size_t *destLen, + const Bytef *source, z_size_t sourceLen, + int level); /* Compresses the source buffer into the destination buffer. The level parameter has the same meaning as in deflateInit. sourceLen is the byte @@ -1261,21 +1305,24 @@ */ ZEXTERN uLong ZEXPORT compressBound(uLong sourceLen); +ZEXTERN z_size_t ZEXPORT compressBound_z(z_size_t sourceLen); /* compressBound() returns an upper bound on the compressed size after compress() or compress2() on sourceLen bytes. It would be used before a compress() or compress2() call to allocate the destination buffer. */ -ZEXTERN int ZEXPORT uncompress(Bytef *dest, uLongf *destLen, +ZEXTERN int ZEXPORT uncompress(Bytef *dest, uLongf *destLen, const Bytef *source, uLong sourceLen); +ZEXTERN int ZEXPORT uncompress_z(Bytef *dest, z_size_t *destLen, + const Bytef *source, z_size_t sourceLen); /* Decompresses the source buffer into the destination buffer. sourceLen is - the byte length of the source buffer. Upon entry, destLen is the total size + the byte length of the source buffer. On entry, *destLen is the total size of the destination buffer, which must be large enough to hold the entire uncompressed data. (The size of the uncompressed data must have been saved previously by the compressor and transmitted to the decompressor by some - mechanism outside the scope of this compression library.) Upon exit, destLen + mechanism outside the scope of this compression library.) On exit, *destLen is the actual size of the uncompressed data. uncompress returns Z_OK if success, Z_MEM_ERROR if there was not @@ -1285,8 +1332,10 @@ buffer with the uncompressed data up to that point. */ -ZEXTERN int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, +ZEXTERN int ZEXPORT uncompress2(Bytef *dest, uLongf *destLen, const Bytef *source, uLong *sourceLen); +ZEXTERN int ZEXPORT uncompress2_z(Bytef *dest, z_size_t *destLen, + const Bytef *source, z_size_t *sourceLen); /* Same as uncompress, except that sourceLen is a pointer, where the length of the source is *sourceLen. On return, *sourceLen is the number of @@ -1314,13 +1363,17 @@ 'R' for run-length encoding as in "wb1R", or 'F' for fixed code compression as in "wb9F". (See the description of deflateInit2 for more information about the strategy parameter.) 'T' will request transparent writing or - appending with no compression and not using the gzip format. + appending with no compression and not using the gzip format. 'T' cannot be + used to force transparent reading. Transparent reading is automatically + performed if there is no gzip header at the start. Transparent reading can + be disabled with the 'G' option, which will instead return an error if there + is no gzip header. 'N' will open the file in non-blocking mode. - "a" can be used instead of "w" to request that the gzip stream that will - be written be appended to the file. "+" will result in an error, since + 'a' can be used instead of 'w' to request that the gzip stream that will + be written be appended to the file. '+' will result in an error, since reading and writing to the same gzip file is not supported. The addition of - "x" when writing will create the file exclusively, which fails if the file - already exists. On systems that support it, the addition of "e" when + 'x' when writing will create the file exclusively, which fails if the file + already exists. On systems that support it, the addition of 'e' when reading or writing will set the flag to close the file on an execve() call. These functions, as well as gzip, will read and decode a sequence of gzip @@ -1339,14 +1392,22 @@ insufficient memory to allocate the gzFile state, or if an invalid mode was specified (an 'r', 'w', or 'a' was not provided, or '+' was provided). errno can be checked to determine if the reason gzopen failed was that the - file could not be opened. + file could not be opened. Note that if 'N' is in mode for non-blocking, the + open() itself can fail in order to not block. In that case gzopen() will + return NULL and errno will be EAGAIN or ENONBLOCK. The call to gzopen() can + then be re-tried. If the application would like to block on opening the + file, then it can use open() without O_NONBLOCK, and then gzdopen() with the + resulting file descriptor and 'N' in the mode, which will set it to non- + blocking. */ ZEXTERN gzFile ZEXPORT gzdopen(int fd, const char *mode); /* Associate a gzFile with the file descriptor fd. File descriptors are obtained from calls like open, dup, creat, pipe or fileno (if the file has - been previously opened with fopen). The mode parameter is as in gzopen. + been previously opened with fopen). The mode parameter is as in gzopen. An + 'e' in mode will set fd's flag to close the file on an execve() call. An 'N' + in mode will set fd's non-blocking flag. The next call of gzclose on the returned gzFile will also close the file descriptor fd, just like fclose(fdopen(fd, mode)) closes the file descriptor @@ -1416,10 +1477,16 @@ stream. Alternatively, gzerror can be used before gzclose to detect this case. + gzread can be used to read a gzip file on a non-blocking device. If the + input stalls and there is no uncompressed data to return, then gzread() will + return -1, and errno will be EAGAIN or EWOULDBLOCK. gzread() can then be + called again. + gzread returns the number of uncompressed bytes actually read, less than len for end of file, or -1 for error. If len is too large to fit in an int, then nothing is read, -1 is returned, and the error state is set to - Z_STREAM_ERROR. + Z_STREAM_ERROR. If some data was read before an error, then that data is + returned until exhausted, after which the next call will signal the error. */ ZEXTERN z_size_t ZEXPORT gzfread(voidp buf, z_size_t size, z_size_t nitems, @@ -1443,15 +1510,20 @@ multiple of size, then the final partial item is nevertheless read into buf and the end-of-file flag is set. The length of the partial item read is not provided, but could be inferred from the result of gztell(). This behavior - is the same as the behavior of fread() implementations in common libraries, - but it prevents the direct use of gzfread() to read a concurrently written - file, resetting and retrying on end-of-file, when size is not 1. + is the same as that of fread() implementations in common libraries. This + could result in data loss if used with size != 1 when reading a concurrently + written file or a non-blocking file. In that case, use size == 1 or gzread() + instead. */ ZEXTERN int ZEXPORT gzwrite(gzFile file, voidpc buf, unsigned len); /* Compress and write the len uncompressed bytes at buf to file. gzwrite - returns the number of uncompressed bytes written or 0 in case of error. + returns the number of uncompressed bytes written, or 0 in case of error or + if len is 0. If the write destination is non-blocking, then gzwrite() may + return a number of bytes written that is not 0 and less than len. + + If len does not fit in an int, then 0 is returned and nothing is written. */ ZEXTERN z_size_t ZEXPORT gzfwrite(voidpc buf, z_size_t size, @@ -1466,9 +1538,18 @@ if there was an error. If the multiplication of size and nitems overflows, i.e. the product does not fit in a z_size_t, then nothing is written, zero is returned, and the error state is set to Z_STREAM_ERROR. + + If writing a concurrently read file or a non-blocking file with size != 1, + a partial item could be written, with no way of knowing how much of it was + not written, resulting in data loss. In that case, use size == 1 or + gzwrite() instead. */ +#if defined(STDC) || defined(Z_HAVE_STDARG_H) ZEXTERN int ZEXPORTVA gzprintf(gzFile file, const char *format, ...); +#else +ZEXTERN int ZEXPORTVA gzprintf(); +#endif /* Convert, format, compress, and write the arguments (...) to file under control of the string format, as in fprintf. gzprintf returns the number of @@ -1476,11 +1557,19 @@ of error. The number of uncompressed bytes written is limited to 8191, or one less than the buffer size given to gzbuffer(). The caller should assure that this limit is not exceeded. If it is exceeded, then gzprintf() will - return an error (0) with nothing written. In this case, there may also be a - buffer overflow with unpredictable consequences, which is possible only if - zlib was compiled with the insecure functions sprintf() or vsprintf(), - because the secure snprintf() or vsnprintf() functions were not available. - This can be determined using zlibCompileFlags(). + return an error (0) with nothing written. + + In that last case, there may also be a buffer overflow with unpredictable + consequences, which is possible only if zlib was compiled with the insecure + functions sprintf() or vsprintf(), because the secure snprintf() and + vsnprintf() functions were not available. That would only be the case for + a non-ANSI C compiler. zlib may have been built without gzprintf() because + secure functions were not available and having gzprintf() be insecure was + not an option, in which case, gzprintf() returns Z_STREAM_ERROR. All of + these possibilities can be determined using zlibCompileFlags(). + + If a Z_BUF_ERROR is returned, then nothing was written due to a stall on + the non-blocking write destination. */ ZEXTERN int ZEXPORT gzputs(gzFile file, const char *s); @@ -1489,6 +1578,11 @@ the terminating null character. gzputs returns the number of characters written, or -1 in case of error. + The number of characters written may be less than the length of the string + if the write destination is non-blocking. + + If the length of the string does not fit in an int, then -1 is returned + and nothing is written. */ ZEXTERN char * ZEXPORT gzgets(gzFile file, char *buf, int len); @@ -1501,8 +1595,13 @@ left untouched. gzgets returns buf which is a null-terminated string, or it returns NULL - for end-of-file or in case of error. If there was an error, the contents at - buf are indeterminate. + for end-of-file or in case of error. If some data was read before an error, + then that data is returned until exhausted, after which the next call will + return NULL to signal the error. + + gzgets can be used on a file being concurrently written, and on a non- + blocking device, both as for gzread(). However lines may be broken in the + middle, leaving it up to the application to reassemble them as needed. */ ZEXTERN int ZEXPORT gzputc(gzFile file, int c); @@ -1513,11 +1612,19 @@ ZEXTERN int ZEXPORT gzgetc(gzFile file); /* - Read and decompress one byte from file. gzgetc returns this byte or -1 - in case of end of file or error. This is implemented as a macro for speed. - As such, it does not do all of the checking the other functions do. I.e. - it does not check to see if file is NULL, nor whether the structure file - points to has been clobbered or not. + Read and decompress one byte from file. gzgetc returns this byte or -1 in + case of end of file or error. If some data was read before an error, then + that data is returned until exhausted, after which the next call will return + -1 to signal the error. + + This is implemented as a macro for speed. As such, it does not do all of + the checking the other functions do. I.e. it does not check to see if file + is NULL, nor whether the structure file points to has been clobbered or not. + + gzgetc can be used to read a gzip file on a non-blocking device. If the + input stalls and there is no uncompressed data to return, then gzgetc() will + return -1, and errno will be EAGAIN or EWOULDBLOCK. gzread() can then be + called again. */ ZEXTERN int ZEXPORT gzungetc(int c, gzFile file); @@ -1530,6 +1637,11 @@ output buffer size of pushed characters is allowed. (See gzbuffer above.) The pushed character will be discarded if the stream is repositioned with gzseek() or gzrewind(). + + gzungetc(-1, file) will force any pending seek to execute. Then gztell() + will report the position, even if the requested seek reached end of file. + This can be used to determine the number of uncompressed bytes in a gzip + file without having to read it into a buffer. */ ZEXTERN int ZEXPORT gzflush(gzFile file, int flush); @@ -1559,7 +1671,8 @@ If the file is opened for reading, this function is emulated but can be extremely slow. If the file is opened for writing, only forward seeks are supported; gzseek then compresses a sequence of zeroes up to the new - starting position. + starting position. For reading or writing, any actual seeking is deferred + until the next read or write operation, or close operation when writing. gzseek returns the resulting offset location as measured in bytes from the beginning of the uncompressed stream, or -1 in case of error, in @@ -1567,7 +1680,7 @@ would be before the current position. */ -ZEXTERN int ZEXPORT gzrewind(gzFile file); +ZEXTERN int ZEXPORT gzrewind(gzFile file); /* Rewind file. This function is supported only for reading. @@ -1575,7 +1688,7 @@ */ /* -ZEXTERN z_off_t ZEXPORT gztell(gzFile file); +ZEXTERN z_off_t ZEXPORT gztell(gzFile file); Return the starting position for the next gzread or gzwrite on file. This position represents a number of bytes in the uncompressed data stream, @@ -1620,8 +1733,11 @@ If gzdirect() is used immediately after gzopen() or gzdopen() it will cause buffers to be allocated to allow reading the file to determine if it - is a gzip file. Therefore if gzbuffer() is used, it should be called before - gzdirect(). + is a gzip file. Therefore if gzbuffer() is used, it should be called before + gzdirect(). If the input is being written concurrently or the device is non- + blocking, then gzdirect() may give a different answer once four bytes of + input have been accumulated, which is what is needed to confirm or deny a + gzip header. Before this, gzdirect() will return true (1). When writing, gzdirect() returns true (1) if transparent writing was requested ("wT" for the gzopen() mode), or false (0) otherwise. (Note: @@ -1631,7 +1747,7 @@ gzip file reading and decompression, which may not be desired.) */ -ZEXTERN int ZEXPORT gzclose(gzFile file); +ZEXTERN int ZEXPORT gzclose(gzFile file); /* Flush all pending output for file, if necessary, close file and deallocate the (de)compression state. Note that once file is closed, you @@ -1659,9 +1775,10 @@ ZEXTERN const char * ZEXPORT gzerror(gzFile file, int *errnum); /* Return the error message for the last error which occurred on file. - errnum is set to zlib error number. If an error occurred in the file system - and not in the compression library, errnum is set to Z_ERRNO and the - application may consult errno to get the exact error code. + If errnum is not NULL, *errnum is set to zlib error number. If an error + occurred in the file system and not in the compression library, *errnum is + set to Z_ERRNO and the application may consult errno to get the exact error + code. The application must not modify the returned string. Future calls to this function may invalidate the previously returned string. If file is @@ -1712,7 +1829,8 @@ ZEXTERN uLong ZEXPORT adler32_z(uLong adler, const Bytef *buf, z_size_t len); /* - Same as adler32(), but with a size_t length. + Same as adler32(), but with a size_t length. Note that a long is 32 bits + on Windows. */ /* @@ -1748,7 +1866,8 @@ ZEXTERN uLong ZEXPORT crc32_z(uLong crc, const Bytef *buf, z_size_t len); /* - Same as crc32(), but with a size_t length. + Same as crc32(), but with a size_t length. Note that a long is 32 bits on + Windows. */ /* @@ -1758,14 +1877,14 @@ seq1 and seq2 with lengths len1 and len2, CRC-32 check values were calculated for each, crc1 and crc2. crc32_combine() returns the CRC-32 check value of seq1 and seq2 concatenated, requiring only crc1, crc2, and - len2. len2 must be non-negative. + len2. len2 must be non-negative, otherwise zero is returned. */ /* ZEXTERN uLong ZEXPORT crc32_combine_gen(z_off_t len2); Return the operator corresponding to length len2, to be used with - crc32_combine_op(). len2 must be non-negative. + crc32_combine_op(). len2 must be non-negative, otherwise zero is returned. */ ZEXTERN uLong ZEXPORT crc32_combine_op(uLong crc1, uLong crc2, uLong op); @@ -1888,9 +2007,9 @@ ZEXTERN z_off_t ZEXPORT gzseek64(gzFile, z_off_t, int); ZEXTERN z_off_t ZEXPORT gztell64(gzFile); ZEXTERN z_off_t ZEXPORT gzoffset64(gzFile); - ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t); - ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t); - ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t); + ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off64_t); + ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off64_t); + ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off64_t); # endif #else ZEXTERN gzFile ZEXPORT gzopen(const char *, const char *); diff -Nru mariadb-11.8.6/zlib/zlib.pc.cmakein mariadb-11.8.8/zlib/zlib.pc.cmakein --- mariadb-11.8.6/zlib/zlib.pc.cmakein 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zlib.pc.cmakein 2026-05-24 09:58:33.000000000 +0000 @@ -1,12 +1,13 @@ prefix=@CMAKE_INSTALL_PREFIX@ exec_prefix=@CMAKE_INSTALL_PREFIX@ -libdir=@INSTALL_LIB_DIR@ -sharedlibdir=@INSTALL_LIB_DIR@ -includedir=@INSTALL_INC_DIR@ +libdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@ +sharedlibdir=${exec_prefix}/@CMAKE_INSTALL_LIBDIR@ +includedir=${exec_prefix}/@CMAKE_INSTALL_INCLUDEDIR@ Name: zlib Description: zlib compression library -Version: @VERSION@ +Version: @zlib_VERSION@ +License: Zlib Requires: Libs: -L${libdir} -L${sharedlibdir} -lz diff -Nru mariadb-11.8.6/zlib/zlib.pc.in mariadb-11.8.8/zlib/zlib.pc.in --- mariadb-11.8.6/zlib/zlib.pc.in 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zlib.pc.in 2026-05-24 09:58:33.000000000 +0000 @@ -7,6 +7,7 @@ Name: zlib Description: zlib compression library Version: @VERSION@ +License: Zlib Requires: Libs: -L${libdir} -L${sharedlibdir} -lz diff -Nru mariadb-11.8.6/zlib/zutil.c mariadb-11.8.8/zlib/zutil.c --- mariadb-11.8.6/zlib/zutil.c 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zutil.c 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* zutil.c -- target dependent utility functions for the compression library - * Copyright (C) 1995-2017 Jean-loup Gailly + * Copyright (C) 1995-2026 Jean-loup Gailly * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -86,28 +86,36 @@ flags += 1L << 21; #endif #if defined(STDC) || defined(Z_HAVE_STDARG_H) -# ifdef NO_vsnprintf - flags += 1L << 25; -# ifdef HAS_vsprintf_void - flags += 1L << 26; -# endif -# else -# ifdef HAS_vsnprintf_void - flags += 1L << 26; -# endif -# endif +# ifdef NO_vsnprintf +# ifdef ZLIB_INSECURE + flags += 1L << 25; +# else + flags += 1L << 27; +# endif +# ifdef HAS_vsprintf_void + flags += 1L << 26; +# endif +# else +# ifdef HAS_vsnprintf_void + flags += 1L << 26; +# endif +# endif #else flags += 1L << 24; -# ifdef NO_snprintf - flags += 1L << 25; -# ifdef HAS_sprintf_void - flags += 1L << 26; -# endif -# else -# ifdef HAS_snprintf_void - flags += 1L << 26; -# endif -# endif +# ifdef NO_snprintf +# ifdef ZLIB_INSECURE + flags += 1L << 25; +# else + flags += 1L << 27; +# endif +# ifdef HAS_sprintf_void + flags += 1L << 26; +# endif +# else +# ifdef HAS_snprintf_void + flags += 1L << 26; +# endif +# endif #endif return flags; } @@ -142,28 +150,34 @@ #ifndef HAVE_MEMCPY -void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len) { - if (len == 0) return; - do { - *dest++ = *source++; /* ??? to be unrolled */ - } while (--len != 0); +void ZLIB_INTERNAL zmemcpy(void FAR *dst, const void FAR *src, z_size_t n) { + uchf *p = dst; + const uchf *q = src; + while (n) { + *p++ = *q++; + n--; + } } -int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len) { - uInt j; - - for (j = 0; j < len; j++) { - if (s1[j] != s2[j]) return 2*(s1[j] > s2[j])-1; +int ZLIB_INTERNAL zmemcmp(const void FAR *s1, const void FAR *s2, z_size_t n) { + const uchf *p = s1, *q = s2; + while (n) { + if (*p++ != *q++) + return (int)p[-1] - (int)q[-1]; + n--; } return 0; } -void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len) { +void ZLIB_INTERNAL zmemzero(void FAR *b, z_size_t len) { + uchf *p = b; if (len == 0) return; - do { - *dest++ = 0; /* ??? to be unrolled */ - } while (--len != 0); + while (len) { + *p++ = 0; + len--; + } } + #endif #ifndef Z_SOLO diff -Nru mariadb-11.8.6/zlib/zutil.h mariadb-11.8.8/zlib/zutil.h --- mariadb-11.8.6/zlib/zutil.h 2026-01-31 13:27:49.000000000 +0000 +++ mariadb-11.8.8/zlib/zutil.h 2026-05-24 09:58:33.000000000 +0000 @@ -1,5 +1,5 @@ /* zutil.h -- internal interface and configuration of the compression library - * Copyright (C) 1995-2024 Jean-loup Gailly, Mark Adler + * Copyright (C) 1995-2026 Jean-loup Gailly, Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h */ @@ -36,6 +36,10 @@ define "local" for the non-static meaning of "static", for readability (compile with -Dlocal if your debugger can't find static symbols) */ +extern const char deflate_copyright[]; +extern const char inflate_copyright[]; +extern const char inflate9_copyright[]; + typedef unsigned char uch; typedef uch FAR uchf; typedef unsigned short ush; @@ -48,6 +52,8 @@ # define Z_U8 unsigned long # elif (ULLONG_MAX == 0xffffffffffffffff) # define Z_U8 unsigned long long +# elif (ULONG_LONG_MAX == 0xffffffffffffffff) +# define Z_U8 unsigned long long # elif (UINT_MAX == 0xffffffffffffffff) # define Z_U8 unsigned # endif @@ -63,7 +69,9 @@ /* To be used only when the state is known to be valid */ /* common constants */ - +#if MAX_WBITS < 9 || MAX_WBITS > 15 +# error MAX_WBITS must be in 9..15 +#endif #ifndef DEF_WBITS # define DEF_WBITS MAX_WBITS #endif @@ -141,7 +149,7 @@ # define OS_CODE 7 #endif -#ifdef __acorn +#if defined(__acorn) || defined(__riscos) # define OS_CODE 13 #endif @@ -168,11 +176,10 @@ #endif /* provide prototypes for these when building zlib without LFS */ -#if !defined(_WIN32) && \ - (!defined(_LARGEFILE64_SOURCE) || _LFS64_LARGEFILE-0 == 0) - ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off_t); - ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off_t); - ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off_t); +#ifndef Z_LARGE64 + ZEXTERN uLong ZEXPORT adler32_combine64(uLong, uLong, z_off64_t); + ZEXTERN uLong ZEXPORT crc32_combine64(uLong, uLong, z_off64_t); + ZEXTERN uLong ZEXPORT crc32_combine_gen64(z_off64_t); #endif /* common defaults */ @@ -211,9 +218,9 @@ # define zmemzero(dest, len) memset(dest, 0, len) # endif #else - void ZLIB_INTERNAL zmemcpy(Bytef* dest, const Bytef* source, uInt len); - int ZLIB_INTERNAL zmemcmp(const Bytef* s1, const Bytef* s2, uInt len); - void ZLIB_INTERNAL zmemzero(Bytef* dest, uInt len); + void ZLIB_INTERNAL zmemcpy(void FAR *, const void FAR *, z_size_t); + int ZLIB_INTERNAL zmemcmp(const void FAR *, const void FAR *, z_size_t); + void ZLIB_INTERNAL zmemzero(void FAR *, z_size_t); #endif /* Diagnostic functions */ @@ -251,4 +258,74 @@ #define ZSWAP32(q) ((((q) >> 24) & 0xff) + (((q) >> 8) & 0xff00) + \ (((q) & 0xff00) << 8) + (((q) & 0xff) << 24)) +#ifdef Z_ONCE +/* + Create a local z_once() function depending on the availability of atomics. + */ + +/* Check for the availability of atomics. */ +#if defined(__STDC__) && __STDC_VERSION__ >= 201112L && \ + !defined(__STDC_NO_ATOMICS__) + +#include +typedef struct { + atomic_flag begun; + atomic_int done; +} z_once_t; +#define Z_ONCE_INIT {ATOMIC_FLAG_INIT, 0} + +/* + Run the provided init() function exactly once, even if multiple threads + invoke once() at the same time. The state must be a once_t initialized with + Z_ONCE_INIT. + */ +local void z_once(z_once_t *state, void (*init)(void)) { + if (!atomic_load(&state->done)) { + if (atomic_flag_test_and_set(&state->begun)) + while (!atomic_load(&state->done)) + ; + else { + init(); + atomic_store(&state->done, 1); + } + } +} + +#else /* no atomics */ + +#warning zlib not thread-safe + +typedef struct z_once_s { + volatile int begun; + volatile int done; +} z_once_t; +#define Z_ONCE_INIT {0, 0} + +/* Test and set. Alas, not atomic, but tries to limit the period of + vulnerability. */ +local int test_and_set(int volatile *flag) { + int was; + + was = *flag; + *flag = 1; + return was; +} + +/* Run the provided init() function once. This is not thread-safe. */ +local void z_once(z_once_t *state, void (*init)(void)) { + if (!state->done) { + if (test_and_set(&state->begun)) + while (!state->done) + ; + else { + init(); + state->done = 1; + } + } +} + +#endif /* ?atomics */ + +#endif /* Z_ONCE */ + #endif /* ZUTIL_H */